From 2bc92b1befa95994105a301a462826989bf935ef Mon Sep 17 00:00:00 2001 From: bvenkateswarlu Date: Thu, 26 Nov 2020 00:10:31 +0000 Subject: [PATCH 001/169] Support for Amendment H --- .../javacard/keymaster/AndroidSEProvider.java | 31 +++++++-- .../keymaster/KMAttestationCertImpl.java | 4 +- .../javacard/keymaster/KMSEProviderImpl.java | 4 +- .../keymaster/KMAttestationCertImpl.java | 4 +- .../javacard/keymaster/KMJcardSimulator.java | 33 +++++++++ .../javacard/keymaster/KMSEProviderImpl.java | 3 +- .../javacard/keymaster/KMKeymasterApplet.java | 68 ++++++++++++++++--- .../javacard/keymaster/KMRepository.java | 42 ++++++++++-- .../javacard/keymaster/KMSEProvider.java | 4 +- .../javacard/keymaster/KMUpgradable.java | 14 ++++ 10 files changed, 179 insertions(+), 28 deletions(-) create mode 100644 Applet/Applet/src/com/android/javacard/keymaster/KMUpgradable.java diff --git a/Applet/Applet/AndroidSEProvider/com/android/javacard/keymaster/AndroidSEProvider.java b/Applet/Applet/AndroidSEProvider/com/android/javacard/keymaster/AndroidSEProvider.java index db8e86db..d85dd781 100644 --- a/Applet/Applet/AndroidSEProvider/com/android/javacard/keymaster/AndroidSEProvider.java +++ b/Applet/Applet/AndroidSEProvider/com/android/javacard/keymaster/AndroidSEProvider.java @@ -15,6 +15,7 @@ */ package com.android.javacard.keymaster; +import org.globalplatform.upgrade.Element; import javacard.framework.JCSystem; import javacard.framework.Util; import javacard.security.AESKey; @@ -159,12 +160,10 @@ public class AndroidSEProvider implements KMSEProvider { private static AndroidSEProvider androidSEProvider = null; public static AndroidSEProvider getInstance() { - if (androidSEProvider == null) - androidSEProvider = new AndroidSEProvider(); return androidSEProvider; } - private AndroidSEProvider() { + public AndroidSEProvider(boolean isUpgrading) { // Re-usable AES,DES and HMAC keys in persisted memory. aesKeys = new AESKey[2]; aesKeys[KEYSIZE_128_OFFSET] = (AESKey) KeyBuilder.buildKey( @@ -200,7 +199,9 @@ private AndroidSEProvider() { // Random number generator initialisation. rng = RandomData.getInstance(RandomData.ALG_KEYGENERATION); //Allocate buffer for certificate chain. - certificateChain = new byte[CERT_CHAIN_MAX_SIZE]; + if(!isUpgrading) + certificateChain = new byte[CERT_CHAIN_MAX_SIZE]; + androidSEProvider = this; } public void clean() { @@ -1182,4 +1183,26 @@ public boolean isDeviceRebooted() { public void clearDeviceBooted(boolean resetBootFlag) { // To be filled } + + @Override + public void onSave(Element element) { + element.write(certificateChain); + } + + @Override + public void onRestore(Element element) { + certificateChain = (byte[]) element.readObject(); + } + + @Override + public short getBackupPrimitiveByteCount() { + return (short) 0; + } + + @Override + public short getBackupObjectCount() { + return (short) 1; + } + + } diff --git a/Applet/Applet/AndroidSEProvider/com/android/javacard/keymaster/KMAttestationCertImpl.java b/Applet/Applet/AndroidSEProvider/com/android/javacard/keymaster/KMAttestationCertImpl.java index 9468522e..77a97b1e 100644 --- a/Applet/Applet/AndroidSEProvider/com/android/javacard/keymaster/KMAttestationCertImpl.java +++ b/Applet/Applet/AndroidSEProvider/com/android/javacard/keymaster/KMAttestationCertImpl.java @@ -889,7 +889,7 @@ public void build() { tbsLength = (short) (tbsLength - tbsOffset); pushSequenceHeader((short) (last - stackPtr)); certStart = stackPtr; - short sigLen = KMSEProviderImpl.instance() + short sigLen = AndroidSEProvider.getInstance() .ecSign256( KMByteBlob.cast(signPriv).getBuffer(), KMByteBlob.cast(signPriv).getStartOff(), @@ -933,7 +933,7 @@ public KMAttestationCert makeUniqueId(byte[] scratchPad, short scratchPadOff, scratchPadOff++; timeOffset = KMByteBlob.instance((short) 32); - appIdOff = KMSEProviderImpl.instance().hmacSign(key, keyOff, keyLen, + appIdOff = AndroidSEProvider.getInstance().hmacSign(key, keyOff, keyLen, scratchPad, /* data */ temp, /* data start */ scratchPadOff, /* data length */ diff --git a/Applet/Applet/AndroidSEProvider/com/android/javacard/keymaster/KMSEProviderImpl.java b/Applet/Applet/AndroidSEProvider/com/android/javacard/keymaster/KMSEProviderImpl.java index d9ff00eb..11778a7d 100644 --- a/Applet/Applet/AndroidSEProvider/com/android/javacard/keymaster/KMSEProviderImpl.java +++ b/Applet/Applet/AndroidSEProvider/com/android/javacard/keymaster/KMSEProviderImpl.java @@ -2,7 +2,7 @@ package com.android.javacard.keymaster; public class KMSEProviderImpl { - public static KMSEProvider instance(){ - return AndroidSEProvider.getInstance(); + public static KMSEProvider instance(boolean isUpgrading){ + return new AndroidSEProvider(isUpgrading); } } diff --git a/Applet/Applet/JCardSimProvider/com/android/javacard/keymaster/KMAttestationCertImpl.java b/Applet/Applet/JCardSimProvider/com/android/javacard/keymaster/KMAttestationCertImpl.java index 9468522e..401cfc18 100644 --- a/Applet/Applet/JCardSimProvider/com/android/javacard/keymaster/KMAttestationCertImpl.java +++ b/Applet/Applet/JCardSimProvider/com/android/javacard/keymaster/KMAttestationCertImpl.java @@ -889,7 +889,7 @@ public void build() { tbsLength = (short) (tbsLength - tbsOffset); pushSequenceHeader((short) (last - stackPtr)); certStart = stackPtr; - short sigLen = KMSEProviderImpl.instance() + short sigLen = KMJcardSimulator.getInstance() .ecSign256( KMByteBlob.cast(signPriv).getBuffer(), KMByteBlob.cast(signPriv).getStartOff(), @@ -933,7 +933,7 @@ public KMAttestationCert makeUniqueId(byte[] scratchPad, short scratchPadOff, scratchPadOff++; timeOffset = KMByteBlob.instance((short) 32); - appIdOff = KMSEProviderImpl.instance().hmacSign(key, keyOff, keyLen, + appIdOff = KMJcardSimulator.getInstance().hmacSign(key, keyOff, keyLen, scratchPad, /* data */ temp, /* data start */ scratchPadOff, /* data length */ diff --git a/Applet/Applet/JCardSimProvider/com/android/javacard/keymaster/KMJcardSimulator.java b/Applet/Applet/JCardSimProvider/com/android/javacard/keymaster/KMJcardSimulator.java index 82f41313..76ebb3e9 100644 --- a/Applet/Applet/JCardSimProvider/com/android/javacard/keymaster/KMJcardSimulator.java +++ b/Applet/Applet/JCardSimProvider/com/android/javacard/keymaster/KMJcardSimulator.java @@ -58,6 +58,8 @@ import javax.crypto.spec.PSource; import javax.crypto.spec.SecretKeySpec; +import org.globalplatform.upgrade.Element; + /** * Simulator only supports 512 bit RSA key pair, 128 AES Key, 128 bit 3Des key, less then 256 bit EC * Key, and upto 512 bit HMAC key. Also simulator does not support TRNG, so this implementation just @@ -83,6 +85,12 @@ public class KMJcardSimulator implements KMSEProvider { private static byte[] rndNum; private byte[] certificateChain; + private static KMJcardSimulator jCardSimulator = null; + + public static KMJcardSimulator getInstance() { + return jCardSimulator; + } + // Implements Oracle Simulator based restricted crypto provider public KMJcardSimulator() { // Various Keys @@ -102,6 +110,7 @@ public KMJcardSimulator() { // various ciphers //Allocate buffer for certificate chain. certificateChain = new byte[CERT_CHAIN_MAX_SIZE]; + jCardSimulator = this; } @@ -1279,4 +1288,28 @@ public boolean isDeviceRebooted() { public void clearDeviceBooted(boolean resetBootFlag) { // To be filled } + + @Override + public void onSave(Element ele) { + // TODO Auto-generated method stub + + } + + @Override + public void onRestore(Element ele) { + // TODO Auto-generated method stub + + } + + @Override + public short getBackupPrimitiveByteCount() { + // TODO Auto-generated method stub + return 0; + } + + @Override + public short getBackupObjectCount() { + // TODO Auto-generated method stub + return 0; + } } diff --git a/Applet/Applet/JCardSimProvider/com/android/javacard/keymaster/KMSEProviderImpl.java b/Applet/Applet/JCardSimProvider/com/android/javacard/keymaster/KMSEProviderImpl.java index 34628ba7..43eb2f94 100644 --- a/Applet/Applet/JCardSimProvider/com/android/javacard/keymaster/KMSEProviderImpl.java +++ b/Applet/Applet/JCardSimProvider/com/android/javacard/keymaster/KMSEProviderImpl.java @@ -2,7 +2,8 @@ package com.android.javacard.keymaster; public class KMSEProviderImpl { - public static KMSEProvider instance(){ + public static KMSEProvider instance(boolean isUpgrading) { + //Ignore isUpgrading flag as JCardSimulator does not support upgrade. return new KMJcardSimulator(); } } diff --git a/Applet/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java b/Applet/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java index 846e81e0..e6f0e55c 100644 --- a/Applet/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java +++ b/Applet/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java @@ -26,12 +26,13 @@ import javacard.security.CryptoException; import javacardx.apdu.ExtendedLength; +import org.globalplatform.upgrade.*; /** * KMKeymasterApplet implements the javacard applet. It creates repository and other install time * objects. It also implements the keymaster state machine and handles javacard applet life cycle * events. */ -public class KMKeymasterApplet extends Applet implements AppletEvent, ExtendedLength { +public class KMKeymasterApplet extends Applet implements AppletEvent, ExtendedLength, OnUpgradeListener { // Constants. public static final byte AES_BLOCK_SIZE = 16; public static final byte DES_BLOCK_SIZE = 8; @@ -182,20 +183,21 @@ public class KMKeymasterApplet extends Applet implements AppletEvent, ExtendedLe /** Registers this applet. */ protected KMKeymasterApplet() { - seProvider = KMSEProviderImpl.instance(); + boolean isUpgrading = UpgradeManager.isUpgrading(); + seProvider = KMSEProviderImpl.instance(isUpgrading); + repository = new KMRepository(isUpgrading); byte[] buf = JCSystem.makeTransientByteArray((short) 32, JCSystem.CLEAR_ON_DESELECT); - keymasterState = KMKeymasterApplet.INIT_STATE; data = JCSystem.makeTransientShortArray((short) DATA_ARRAY_SIZE, JCSystem.CLEAR_ON_RESET); - repository = new KMRepository(); tmpVariables = JCSystem.makeTransientShortArray((short) TMP_VARIABLE_ARRAY_SIZE, JCSystem.CLEAR_ON_RESET); - seProvider.getTrueRandomNumber(buf, (short) 0, KMRepository.MASTER_KEY_SIZE); - repository.initMasterKey(buf, (short) 0, KMRepository.MASTER_KEY_SIZE); - seProvider.newRandomNumber(buf, (short) 0, KMRepository.SHARED_SECRET_KEY_SIZE); + if(!isUpgrading) { + keymasterState = KMKeymasterApplet.INIT_STATE; + seProvider.getTrueRandomNumber(buf, (short) 0, KMRepository.MASTER_KEY_SIZE); + repository.initMasterKey(buf, (short)0, KMRepository.MASTER_KEY_SIZE); + } KMType.initialize(); encoder = new KMEncoder(); decoder = new KMDecoder(); - register(); } /** @@ -206,7 +208,7 @@ protected KMKeymasterApplet() { * @param bLength the length in bytes of the parameter data in bArray */ public static void install(byte[] bArray, short bOffset, byte bLength) { - new KMKeymasterApplet(); + new KMKeymasterApplet().register(bArray, (short) (bOffset + 1), bArray[bOffset]); } /** @@ -3965,4 +3967,52 @@ private void add(byte[] buf, short op1, short op2, short result) { index--; } } + + @Override + public void onCleanup() { + } + + @Override + public void onConsolidate() { + } + + @Override + public void onRestore(Element element) { + element.initRead(); + provisionStatus = element.readByte(); + keymasterState = element.readByte(); + repository.onRestore(element); + seProvider.onRestore(element); + } + + @Override + public Element onSave() { + // SEProvider count + short primitiveCount = seProvider.getBackupPrimitiveByteCount(); + short objectCount = seProvider.getBackupObjectCount(); + //Repository count + primitiveCount += repository.getBackupPrimitiveByteCount(); + objectCount += repository.getBackupObjectCount(); + //KMKeymasterApplet count + primitiveCount += computePrimitveDataSize(); + objectCount += computeObjectCount(); + + // Create element. + Element element = UpgradeManager.createElement(Element.TYPE_SIMPLE, + primitiveCount, objectCount); + element.write(provisionStatus); + element.write(keymasterState); + repository.onSave(element); + seProvider.onSave(element); + return element; + } + + private short computePrimitveDataSize() { + // provisionStatus + keymasterState + return (short) 2; + } + + private short computeObjectCount() { + return (short) 0; + } } diff --git a/Applet/Applet/src/com/android/javacard/keymaster/KMRepository.java b/Applet/Applet/src/com/android/javacard/keymaster/KMRepository.java index 168b6a2b..dcc34f43 100644 --- a/Applet/Applet/src/com/android/javacard/keymaster/KMRepository.java +++ b/Applet/Applet/src/com/android/javacard/keymaster/KMRepository.java @@ -16,6 +16,8 @@ package com.android.javacard.keymaster; +import org.globalplatform.upgrade.Element; + import javacard.framework.ISO7816; import javacard.framework.ISOException; import javacard.framework.JCSystem; @@ -25,7 +27,7 @@ * KMRepository class manages persistent and volatile memory usage by the applet. Note the repository * is only used by applet and it is not intended to be used by seProvider. */ -public class KMRepository { +public class KMRepository implements KMUpgradable { // Data table configuration public static final short DATA_INDEX_SIZE = 31; public static final short DATA_INDEX_ENTRY_SIZE = 4; @@ -99,8 +101,8 @@ public static KMRepository instance() { return repository; } - public KMRepository() { - newDataTable(); + public KMRepository(boolean isUpgrading) { + newDataTable(isUpgrading); heap = JCSystem.makeTransientByteArray(HEAP_SIZE, JCSystem.CLEAR_ON_RESET); heapIndex = 0; operationStateTable = new Object[MAX_OPS]; @@ -275,10 +277,12 @@ private short dataAlloc(short length) { } - private void newDataTable(){ - if(dataTable == null) { - dataTable = new byte[DATA_MEM_SIZE]; - dataIndex = (short)(DATA_INDEX_SIZE*DATA_INDEX_ENTRY_SIZE); + private void newDataTable(boolean isUpgrading){ + if (!isUpgrading) { + if (dataTable == null) { + dataTable = new byte[DATA_MEM_SIZE]; + dataIndex = (short) (DATA_INDEX_SIZE * DATA_INDEX_ENTRY_SIZE); + } } } @@ -649,4 +653,28 @@ public short getKeyBlobCount(){ } return count; } + + @Override + public void onSave(Element ele) { + ele.write(dataIndex); + ele.write(dataTable); + } + + @Override + public void onRestore(Element ele) { + dataIndex = ele.readShort(); + dataTable = (byte[]) ele.readObject(); + } + + @Override + public short getBackupPrimitiveByteCount() { + // dataIndex + return (short) 2; + } + + @Override + public short getBackupObjectCount() { + // dataTable + return (short) 1; + } } diff --git a/Applet/Applet/src/com/android/javacard/keymaster/KMSEProvider.java b/Applet/Applet/src/com/android/javacard/keymaster/KMSEProvider.java index 8202fe12..e0ee49dc 100644 --- a/Applet/Applet/src/com/android/javacard/keymaster/KMSEProvider.java +++ b/Applet/Applet/src/com/android/javacard/keymaster/KMSEProvider.java @@ -1,12 +1,14 @@ package com.android.javacard.keymaster; +import org.globalplatform.upgrade.Element; + /** * KMSEProvider is facade to use SE specific methods. The main intention of this interface is to * abstract the cipher, signature and backup and restore related functions. The instance of this * interface is created by the singleton KMSEProviderImpl class for each provider. At a time there * can be only one provider in the applet package. */ -public interface KMSEProvider { +public interface KMSEProvider extends KMUpgradable { /** * Create a symmetric key instance. If the algorithm and/or keysize are not supported then it * should throw a CryptoException. diff --git a/Applet/Applet/src/com/android/javacard/keymaster/KMUpgradable.java b/Applet/Applet/src/com/android/javacard/keymaster/KMUpgradable.java new file mode 100644 index 00000000..e3958a67 --- /dev/null +++ b/Applet/Applet/src/com/android/javacard/keymaster/KMUpgradable.java @@ -0,0 +1,14 @@ +package com.android.javacard.keymaster; + +import org.globalplatform.upgrade.Element; + +public interface KMUpgradable { + void onSave(Element ele); + + void onRestore(Element ele); + + short getBackupPrimitiveByteCount(); + + short getBackupObjectCount(); + +} From 0b3830e06fd19a06af2b51d9497999d4fadb6f64 Mon Sep 17 00:00:00 2001 From: bvenkateswarlu Date: Thu, 26 Nov 2020 01:00:37 +0000 Subject: [PATCH 002/169] made provision to send long bytes in getCertificateChain --- .../com/android/javacard/keymaster/KMKeymasterApplet.java | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/Applet/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java b/Applet/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java index e6f0e55c..b61c25f4 100644 --- a/Applet/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java +++ b/Applet/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java @@ -602,7 +602,10 @@ private void processGetCertChainCmd(APDU apdu) { seProvider.readCertificateChain(buffer, (short) (bufferStartOffset + 2)); // Encode cert chain. encoder.encodeCertChain(buffer, bufferStartOffset, bufferLength); - sendOutgoing(apdu); + // Send data + apdu.setOutgoing(); + apdu.setOutgoingLength(bufferLength); + apdu.sendBytesLong(buffer, bufferStartOffset, bufferLength); } From 360a10b1554d9226086b5a71c48172f843477ec5 Mon Sep 17 00:00:00 2001 From: bvenkateswarlu Date: Thu, 26 Nov 2020 01:01:50 +0000 Subject: [PATCH 003/169] Removed KMKeymasterStore.java file --- .../com/android/javacard/keymaster/KMKeymasterStore.java | 9 --------- 1 file changed, 9 deletions(-) delete mode 100644 Applet/Applet/src/com/android/javacard/keymaster/KMKeymasterStore.java diff --git a/Applet/Applet/src/com/android/javacard/keymaster/KMKeymasterStore.java b/Applet/Applet/src/com/android/javacard/keymaster/KMKeymasterStore.java deleted file mode 100644 index ed9286f6..00000000 --- a/Applet/Applet/src/com/android/javacard/keymaster/KMKeymasterStore.java +++ /dev/null @@ -1,9 +0,0 @@ -package com.android.javacard.keymaster; - -public interface KMKeymasterStore { - short getMasterKeySecret(byte[] buf, short start); - void createDocument(byte documentId, byte[]buf, short start, short len); - void updateData(byte documentId, short keyId, byte[]buf, short start, short len); - short getData(byte documentId, short keyId, byte[] buf, short start); - short getDocument(byte documentId, byte[] buf, short start); -} From 40a74020d6e3e7cc25bd57d82f1f63fa46863f51 Mon Sep 17 00:00:00 2001 From: BKSSM Venkateswarlu Date: Thu, 26 Nov 2020 18:44:31 +0000 Subject: [PATCH 004/169] Added vendorPatchLevel and BootPatchLevel to SetBootParams Included vendorPatchLevel and bootPatchLevel in KeyCharateristics. Added check for vendorPatchLevel and bootPatchLevel in upgradeKeyCmd --- .../keymaster/KMAttestationCertImpl.java | 13 +- .../javacard/keymaster/KMKeyParameters.java | 11 +- .../javacard/keymaster/KMKeymasterApplet.java | 124 +++++++++++------- .../javacard/keymaster/KMRepository.java | 64 +++++++-- 4 files changed, 137 insertions(+), 75 deletions(-) diff --git a/Applet/Applet/JCardSimProvider/com/android/javacard/keymaster/KMAttestationCertImpl.java b/Applet/Applet/JCardSimProvider/com/android/javacard/keymaster/KMAttestationCertImpl.java index 401cfc18..0e0335c9 100644 --- a/Applet/Applet/JCardSimProvider/com/android/javacard/keymaster/KMAttestationCertImpl.java +++ b/Applet/Applet/JCardSimProvider/com/android/javacard/keymaster/KMAttestationCertImpl.java @@ -478,6 +478,7 @@ private static void pushKeyDescription() { pushSequenceHeader((short) (last - stackPtr)); } + //TODO refactor following method private static void pushSWParams() { short last = stackPtr; // ATTESTATION_APPLICATION_ID 709 is softwareEnforced. @@ -487,27 +488,21 @@ private static void pushSWParams() { }; byte index = 0; do { - /* - if(tagIds[index] == KMType.ATTESTATION_APPLICATION_ID) { - pushAttIds(tagIds[index]); - continue; - } - */ pushParams(swParams, swParamsIndex, tagIds[index]); } while (++index < tagIds.length); pushSequenceHeader((short) (last - stackPtr)); } + //TODO refactor following method private static void pushHWParams() { short last = stackPtr; - // Attestation ids are not included. As per VTS attestation ids are not supported currenlty. + // Attestation IDs are not included. As per VTS Attestation IDs are not supported currently. short[] tagIds = { - 706, 705, 704, 703, 702, 701, 601, 600, 509, 508, 507, 506, 505, 504, 503, 402, 401, 400, 303, + 719, 718, 706, 705, 704, 703, 702, 701, 601, 600, 509, 508, 507, 506, 505, 504, 503, 402, 401, 400, 303, 200, 10, 6, 5, 3, 2, 1 }; byte index = 0; do { - // if(pushAttIds(tagIds[index])) continue; if (tagIds[index] == KMType.ROOT_OF_TRUST) { pushRoT(); continue; diff --git a/Applet/Applet/src/com/android/javacard/keymaster/KMKeyParameters.java b/Applet/Applet/src/com/android/javacard/keymaster/KMKeyParameters.java index 64fa3db2..ae759ffc 100644 --- a/Applet/Applet/src/com/android/javacard/keymaster/KMKeyParameters.java +++ b/Applet/Applet/src/com/android/javacard/keymaster/KMKeyParameters.java @@ -102,8 +102,9 @@ public short findTag(short tagType, short tagKey){ } // KDF, ECIES_SINGLE_HASH_MODE missing from types.hal - public static short makeHwEnforced( - short keyParamsPtr, byte origin, short osVersionObjPtr, short osPatchObjPtr, byte[] scratchPad) { + public static short makeHwEnforced(short keyParamsPtr, byte origin, + short osVersionObjPtr, short osPatchObjPtr, short vendorPatchObjPtr, + short bootPatchObjPtr, byte[] scratchPad) { final short[] hwEnforcedTagArr = { // HW Enforced KMType.ENUM_TAG, KMType.ORIGIN, @@ -166,6 +167,12 @@ public static short makeHwEnforced( short osPatchTag = KMIntegerTag.instance(KMType.UINT_TAG, KMType.OS_PATCH_LEVEL, osPatchObjPtr); Util.setShort(scratchPad, arrInd, osPatchTag); arrInd += 2; + short vendorPatchTag = KMIntegerTag.instance(KMType.UINT_TAG, KMType.VENDOR_PATCH_LEVEL, vendorPatchObjPtr); + Util.setShort(scratchPad, arrInd, vendorPatchTag); + arrInd += 2; + short bootPatchTag = KMIntegerTag.instance(KMType.UINT_TAG, KMType.BOOT_PATCH_LEVEL, bootPatchObjPtr); + Util.setShort(scratchPad, arrInd, bootPatchTag); + arrInd += 2; return createKeyParameters(scratchPad, (short) (arrInd / 2)); } diff --git a/Applet/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java b/Applet/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java index b61c25f4..2bfcef59 100644 --- a/Applet/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java +++ b/Applet/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java @@ -1052,7 +1052,6 @@ private void processUpgradeKeyCmd(APDU apdu) { // parse existing key blob parseEncryptedKeyBlob(scratchPad); // validate characteristics to be upgraded. - // TODO currently only os version and os patch level are upgraded. tmpVariables[0] = KMKeyParameters.findTag(KMType.UINT_TAG, KMType.OS_VERSION, data[HW_PARAMETERS]); tmpVariables[0] = KMIntegerTag.cast(tmpVariables[0]).getValue(); @@ -1079,6 +1078,33 @@ private void processUpgradeKeyCmd(APDU apdu) { tmpVariables[5] = KMError.INVALID_ARGUMENT; } } + //Compare vendor patch levels + tmpVariables[1] = + KMKeyParameters.findTag(KMType.UINT_TAG, KMType.VENDOR_PATCH_LEVEL, data[HW_PARAMETERS]); + tmpVariables[1] = KMIntegerTag.cast(tmpVariables[1]).getValue(); + tmpVariables[2] = repository.getVendorPatchLevel(); + if (tmpVariables[1] != KMType.INVALID_VALUE) { + // The key characteristics should have had vendor patch level < vendor patch level stored in javacard + // then only upgrade is allowed. + if (KMInteger.compare(tmpVariables[1], tmpVariables[2]) != -1) { + // Key Should not be upgraded, but error code should be OK, As per VTS. + tmpVariables[5] = KMError.INVALID_ARGUMENT; + } + } + //Compare boot patch levels + tmpVariables[1] = + KMKeyParameters.findTag(KMType.UINT_TAG, KMType.BOOT_PATCH_LEVEL, data[HW_PARAMETERS]); + tmpVariables[1] = KMIntegerTag.cast(tmpVariables[1]).getValue(); + tmpVariables[2] = repository.getBootPatchLevel(); + if (tmpVariables[1] != KMType.INVALID_VALUE) { + // The key characteristics should have had boot patch level < boot patch level stored in javacard + // then only upgrade is allowed. + if (KMInteger.compare(tmpVariables[1], tmpVariables[2]) != -1) { + // Key Should not be upgraded, but error code should be OK, As per VTS. + tmpVariables[5] = KMError.INVALID_ARGUMENT; + } + } + boolean blobPersisted = false; if (tmpVariables[5] != KMError.INVALID_ARGUMENT) { if (repository.validateAuthTag(data[AUTH_TAG])) { @@ -3195,26 +3221,32 @@ private void processSetBootParamsCmd(APDU apdu) { // Argument 2 OS Patch level // short osPatchExp = KMIntegerTag.exp(KMType.UINT_TAG); tmpVariables[1] = KMInteger.exp(); - // Argument 3 Verified Boot Key + // Argument 3 Vendor Patch level + tmpVariables[2] = KMInteger.exp(); + // Argument 4 Boot Patch level + tmpVariables[3] = KMInteger.exp(); + // Argument 5 Verified Boot Key // short bootKeyExp = KMByteBlob.exp(); - tmpVariables[2] = KMByteBlob.exp(); - // Argument 4 Verified Boot Hash + tmpVariables[4] = KMByteBlob.exp(); + // Argument 6 Verified Boot Hash // short bootHashExp = KMByteBlob.exp(); - tmpVariables[3] = KMByteBlob.exp(); - // Argument 5 Verified Boot State + tmpVariables[5] = KMByteBlob.exp(); + // Argument 7 Verified Boot State // short bootStateExp = KMEnum.instance(KMType.VERIFIED_BOOT_STATE); - tmpVariables[4] = KMEnum.instance(KMType.VERIFIED_BOOT_STATE); - // Argument 6 Device Locked + tmpVariables[6] = KMEnum.instance(KMType.VERIFIED_BOOT_STATE); + // Argument 8 Device Locked // short deviceLockedExp = KMEnum.instance(KMType.DEVICE_LOCKED); - tmpVariables[5] = KMEnum.instance(KMType.DEVICE_LOCKED); + tmpVariables[7] = KMEnum.instance(KMType.DEVICE_LOCKED); // Array of expected arguments - short argsProto = KMArray.instance((short) 6); + short argsProto = KMArray.instance((short) 8); KMArray.cast(argsProto).add((short) 0, tmpVariables[0]); KMArray.cast(argsProto).add((short) 1, tmpVariables[1]); KMArray.cast(argsProto).add((short) 2, tmpVariables[2]); KMArray.cast(argsProto).add((short) 3, tmpVariables[3]); KMArray.cast(argsProto).add((short) 4, tmpVariables[4]); KMArray.cast(argsProto).add((short) 5, tmpVariables[5]); + KMArray.cast(argsProto).add((short) 6, tmpVariables[6]); + KMArray.cast(argsProto).add((short) 7, tmpVariables[7]); // Decode the arguments // System.out.println("Process boot params buffer: "+byteArrayToHexString(buffer)); short args = decoder.decode(argsProto, buffer, bufferStartOffset, bufferLength); @@ -3222,22 +3254,25 @@ private void processSetBootParamsCmd(APDU apdu) { tmpVariables[0] = KMArray.cast(args).get((short) 0); // short osPatchTagPtr = KMArray.cast(args).get((short) 1); tmpVariables[1] = KMArray.cast(args).get((short) 1); - // short verifiedBootKeyPtr = KMArray.cast(args).get((short) 2); + // short vendorPatchTagPtr = KMArray.cast(args).get((short) 2); tmpVariables[2] = KMArray.cast(args).get((short) 2); - // short verifiedBootHashPtr = KMArray.cast(args).get((short) 3); + // short BootPatchTagPtr = KMArray.cast(args).get((short) 3); tmpVariables[3] = KMArray.cast(args).get((short) 3); - // short verifiedBootStatePtr = KMArray.cast(args).get((short) 4); + // short verifiedBootKeyPtr = KMArray.cast(args).get((short) 4); tmpVariables[4] = KMArray.cast(args).get((short) 4); - // short deviceLockedPtr = KMArray.cast(args).get((short) 5); + // short verifiedBootHashPtr = KMArray.cast(args).get((short) 5); tmpVariables[5] = KMArray.cast(args).get((short) 5); - if (KMByteBlob.cast(tmpVariables[2]).length() > KMRepository.BOOT_KEY_MAX_SIZE) { + // short verifiedBootStatePtr = KMArray.cast(args).get((short) 6); + tmpVariables[6] = KMArray.cast(args).get((short) 6); + // short deviceLockedPtr = KMArray.cast(args).get((short) 7); + tmpVariables[7] = KMArray.cast(args).get((short) 7); + if (KMByteBlob.cast(tmpVariables[4]).length() > KMRepository.BOOT_KEY_MAX_SIZE) { KMException.throwIt(KMError.INVALID_ARGUMENT); } - if (KMByteBlob.cast(tmpVariables[3]).length() > KMRepository.BOOT_HASH_MAX_SIZE) { + if (KMByteBlob.cast(tmpVariables[5]).length() > KMRepository.BOOT_HASH_MAX_SIZE) { KMException.throwIt(KMError.INVALID_ARGUMENT); } - // Begin transaction - // JCSystem.beginTransaction(); + repository.setOsVersion( KMInteger.cast(tmpVariables[0]).getBuffer(), KMInteger.cast(tmpVariables[0]).getStartOff(), @@ -3246,46 +3281,31 @@ private void processSetBootParamsCmd(APDU apdu) { KMInteger.cast(tmpVariables[1]).getBuffer(), KMInteger.cast(tmpVariables[1]).getStartOff(), KMInteger.cast(tmpVariables[1]).length()); - // KMInteger.cast(tmpVariables[0]).value(repository.osVersion, (short) 0); - // KMInteger.cast(tmpVariables[1]).value(repository.osPatch, (short) 0); - // KMInteger.cast(valPtr).getValue(repository.osVersion, (short) 0, (short) 4); - // valPtr = KMIntegerTag.cast(tmpVariables[1]).getValue(); - // KMInteger.cast(valPtr).getValue(repository.osPatch, (short) 0, (short) 4); + repository.setVendorPatchLevel( + KMInteger.cast(tmpVariables[2]).getBuffer(), + KMInteger.cast(tmpVariables[2]).getStartOff(), + KMInteger.cast(tmpVariables[2]).length()); + + repository.setBootPatchLevel( + KMInteger.cast(tmpVariables[3]).getBuffer(), + KMInteger.cast(tmpVariables[3]).getStartOff(), + KMInteger.cast(tmpVariables[3]).length()); - // repository.actualBootKeyLength = KMByteBlob.cast(tmpVariables[2]).length(); - // KMByteBlob.cast(tmpVariables[2]) - // .getValue(repository.verifiedBootKey, (short) 0, repository.actualBootKeyLength); repository.setVerifiedBootKey( - KMByteBlob.cast(tmpVariables[2]).getBuffer(), - KMByteBlob.cast(tmpVariables[2]).getStartOff(), - KMByteBlob.cast(tmpVariables[2]).length()); + KMByteBlob.cast(tmpVariables[4]).getBuffer(), + KMByteBlob.cast(tmpVariables[4]).getStartOff(), + KMByteBlob.cast(tmpVariables[4]).length()); - // repository.actualBootHashLength = KMByteBlob.cast(tmpVariables[3]).length(); - // KMByteBlob.cast(tmpVariables[3]) - // .getValue(repository.verifiedBootHash, (short) 0, repository.actualBootHashLength); repository.setVerifiedBootHash( - KMByteBlob.cast(tmpVariables[3]).getBuffer(), - KMByteBlob.cast(tmpVariables[3]).getStartOff(), - KMByteBlob.cast(tmpVariables[3]).length()); + KMByteBlob.cast(tmpVariables[5]).getBuffer(), + KMByteBlob.cast(tmpVariables[5]).getStartOff(), + KMByteBlob.cast(tmpVariables[5]).length()); - byte enumVal = KMEnum.cast(tmpVariables[4]).getVal(); + byte enumVal = KMEnum.cast(tmpVariables[6]).getVal(); repository.setBootState(enumVal); - /* - if (enumVal == KMTag.SELF_SIGNED_BOOT) { - repository.selfSignedBootFlag = true; - repository.verifiedBootFlag = false; - } else if(enumVal == KMType.VERIFIED_BOOT) { - repository.selfSignedBootFlag = false; - repository.verifiedBootFlag = true; - }else { - repository.selfSignedBootFlag = false; - repository.verifiedBootFlag = false; - } - */ - enumVal = KMEnum.cast(tmpVariables[5]).getVal(); - // repository.deviceLockedFlag = (enumVal == KMType.DEVICE_LOCKED_TRUE); + enumVal = KMEnum.cast(tmpVariables[7]).getVal(); repository.setDeviceLock(enumVal == KMType.DEVICE_LOCKED_TRUE); // Clear the Computed SharedHmac and Hmac nonce from persistent memory. @@ -3664,12 +3684,16 @@ private void checkVersionAndPatchLevel(byte[] scratchPad) { private static void makeKeyCharacteristics(byte[] scratchPad) { tmpVariables[0] = repository.getOsPatch(); tmpVariables[1] = repository.getOsVersion(); + tmpVariables[2] = repository.getVendorPatchLevel(); + tmpVariables[3] = repository.getBootPatchLevel(); data[HW_PARAMETERS] = KMKeyParameters.makeHwEnforced( data[KEY_PARAMETERS], (byte) data[ORIGIN], tmpVariables[1], tmpVariables[0], + tmpVariables[2], + tmpVariables[3], scratchPad); data[SW_PARAMETERS] = KMKeyParameters.makeSwEnforced(data[KEY_PARAMETERS], scratchPad); data[KEY_CHARACTERISTICS] = KMKeyCharacteristics.instance(); diff --git a/Applet/Applet/src/com/android/javacard/keymaster/KMRepository.java b/Applet/Applet/src/com/android/javacard/keymaster/KMRepository.java index dcc34f43..fb717985 100644 --- a/Applet/Applet/src/com/android/javacard/keymaster/KMRepository.java +++ b/Applet/Applet/src/com/android/javacard/keymaster/KMRepository.java @@ -29,7 +29,7 @@ */ public class KMRepository implements KMUpgradable { // Data table configuration - public static final short DATA_INDEX_SIZE = 31; + public static final short DATA_INDEX_SIZE = 33; public static final short DATA_INDEX_ENTRY_SIZE = 4; public static final short DATA_MEM_SIZE = 2048; public static final short HEAP_SIZE = 10000; @@ -55,19 +55,21 @@ public class KMRepository implements KMUpgradable { public static final byte CERT_EXPIRY_TIME = 15; public static final byte BOOT_OS_VERSION = 16; public static final byte BOOT_OS_PATCH = 17; - public static final byte BOOT_VERIFIED_BOOT_KEY = 18; - public static final byte BOOT_VERIFIED_BOOT_HASH = 19; - public static final byte BOOT_VERIFIED_BOOT_STATE = 20; - public static final byte BOOT_DEVICE_LOCKED_STATUS = 21; - public static final byte BOOT_DEVICE_LOCKED_TIME = 22; - public static final byte AUTH_TAG_1 = 23; - public static final byte AUTH_TAG_2 = 24; - public static final byte AUTH_TAG_3 = 25; - public static final byte AUTH_TAG_4 = 26; - public static final byte AUTH_TAG_5 = 27; - public static final byte AUTH_TAG_6 = 28; - public static final byte AUTH_TAG_7 = 29; - public static final byte AUTH_TAG_8 = 30; + public static final byte VENDOR_PATCH_LEVEL = 18; + public static final byte BOOT_PATCH_LEVEL = 19; + public static final byte BOOT_VERIFIED_BOOT_KEY = 20; + public static final byte BOOT_VERIFIED_BOOT_HASH = 21; + public static final byte BOOT_VERIFIED_BOOT_STATE = 22; + public static final byte BOOT_DEVICE_LOCKED_STATUS = 23; + public static final byte BOOT_DEVICE_LOCKED_TIME = 24; + public static final byte AUTH_TAG_1 = 25; + public static final byte AUTH_TAG_2 = 26; + public static final byte AUTH_TAG_3 = 27; + public static final byte AUTH_TAG_4 = 28; + public static final byte AUTH_TAG_5 = 29; + public static final byte AUTH_TAG_6 = 30; + public static final byte AUTH_TAG_7 = 31; + public static final byte AUTH_TAG_8 = 32; // Data Item sizes public static final short MASTER_KEY_SIZE = 16; @@ -76,6 +78,8 @@ public class KMRepository implements KMUpgradable { public static final short COMPUTED_HMAC_KEY_SIZE = 32; public static final short OS_VERSION_SIZE = 4; public static final short OS_PATCH_SIZE = 4; + public static final short VENDOR_PATCH_SIZE = 4; + public static final short BOOT_PATCH_SIZE = 4; public static final short DEVICE_LOCK_TS_SIZE = 8; public static final short DEVICE_LOCK_FLAG_SIZE = 1; public static final short BOOT_STATE_SIZE = 1; @@ -551,6 +555,26 @@ public short getOsVersion(){ } } + public short getVendorPatchLevel(){ + short blob = readData(VENDOR_PATCH_LEVEL); + if (blob != 0) { + return KMInteger.uint_32( + KMByteBlob.cast(blob).getBuffer(), KMByteBlob.cast(blob).getStartOff()); + }else{ + return KMInteger.uint_32(zero,(short)0); + } + } + + public short getBootPatchLevel(){ + short blob = readData(BOOT_PATCH_LEVEL); + if (blob != 0) { + return KMInteger.uint_32( + KMByteBlob.cast(blob).getBuffer(), KMByteBlob.cast(blob).getStartOff()); + }else{ + return KMInteger.uint_32(zero,(short)0); + } + } + public short getOsPatch(){ short blob = readData(BOOT_OS_PATCH); if (blob != 0) { @@ -599,6 +623,18 @@ public void setOsVersion(byte[] buf, short start, short len){ writeDataEntry(BOOT_OS_VERSION,buf,start,len); } + public void setVendorPatchLevel(byte[] buf, short start, short len) { + if (len != VENDOR_PATCH_SIZE) + KMException.throwIt(KMError.INVALID_INPUT_LENGTH); + writeDataEntry(VENDOR_PATCH_LEVEL, buf, start, len); + } + + public void setBootPatchLevel(byte[] buf, short start, short len) { + if (len != BOOT_PATCH_SIZE) + KMException.throwIt(KMError.INVALID_INPUT_LENGTH); + writeDataEntry(BOOT_PATCH_LEVEL, buf, start, len); + } + public void setDeviceLock(boolean flag){ short start = alloc(DEVICE_LOCK_FLAG_SIZE); if(flag) (getHeap())[start] = (byte)((getHeap())[start] | 0x01); From 94a0aab132a5b2792b88b165ca593aaf748f58aa Mon Sep 17 00:00:00 2001 From: BKSSM Venkateswarlu Date: Sat, 28 Nov 2020 18:24:30 +0000 Subject: [PATCH 005/169] Added reclaimable memory and getAvailable memroy functions in Repository class. Modified applet code to use these functions whereever necessary. --- .../javacard/keymaster/KMKeymasterApplet.java | 161 +++++++++++++----- .../javacard/keymaster/KMRepository.java | 35 +++- 2 files changed, 153 insertions(+), 43 deletions(-) diff --git a/Applet/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java b/Applet/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java index 2bfcef59..c286d4a2 100644 --- a/Applet/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java +++ b/Applet/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java @@ -40,7 +40,6 @@ public class KMKeymasterApplet extends Applet implements AppletEvent, ExtendedLe private static final byte CLA_ISO7816_NO_SM_NO_CHAN = (byte) 0x80; private static final short KM_HAL_VERSION = (short) 0x4000; private static final short MAX_AUTH_DATA_SIZE = (short) 512; - private static final short MAX_IO_LENGTH = 0x600; // "Keymaster HMAC Verification" - used for HMAC key verification. public static final byte[] sharingCheck = { @@ -209,6 +208,7 @@ protected KMKeymasterApplet() { */ public static void install(byte[] bArray, short bOffset, byte bLength) { new KMKeymasterApplet().register(bArray, (short) (bOffset + 1), bArray[bOffset]); + //new KMKeymasterApplet().register(); } /** @@ -266,40 +266,39 @@ private short mapISOErrorToKMError(short reason) { */ @Override public void process(APDU apdu) { - repository.onProcess(); - // Verify whether applet is in correct state. - if ((keymasterState == KMKeymasterApplet.INIT_STATE) - || (keymasterState == KMKeymasterApplet.ILLEGAL_STATE)) { - ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); - } - // If this is select applet apdu which is selecting this applet then return - if (apdu.isISOInterindustryCLA()) { - if (selectingApplet()) { - return; - } - } - // Read the apdu header and buffer. - byte[] apduBuffer = apdu.getBuffer(); - byte apduClass = apduBuffer[ISO7816.OFFSET_CLA]; - byte apduIns = apduBuffer[ISO7816.OFFSET_INS]; - short P1P2 = Util.getShort(apduBuffer, ISO7816.OFFSET_P1); - buffer = repository.getHeap(); - bufferStartOffset = repository.alloc(MAX_IO_LENGTH); - // Validate APDU Header. - if ((apduClass != CLA_ISO7816_NO_SM_NO_CHAN)) { - ISOException.throwIt(ISO7816.SW_CLA_NOT_SUPPORTED); - } - - if (P1P2 != KMKeymasterApplet.KM_HAL_VERSION) { - ISOException.throwIt(ISO7816.SW_INCORRECT_P1P2); - } - // Validate whether INS can be supported - if (!(apduIns > INS_BEGIN_KM_CMD && apduIns < INS_END_KM_CMD)) { - ISOException.throwIt(ISO7816.SW_INS_NOT_SUPPORTED); - } - // Process the apdu try { + repository.onProcess(); + // Verify whether applet is in correct state. + if ((keymasterState == KMKeymasterApplet.INIT_STATE) + || (keymasterState == KMKeymasterApplet.ILLEGAL_STATE)) { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } + // If this is select applet apdu which is selecting this applet then + // return + if (apdu.isISOInterindustryCLA()) { + if (selectingApplet()) { + return; + } + } + // Read the apdu header and buffer. + byte[] apduBuffer = apdu.getBuffer(); + byte apduClass = apduBuffer[ISO7816.OFFSET_CLA]; + byte apduIns = apduBuffer[ISO7816.OFFSET_INS]; + short P1P2 = Util.getShort(apduBuffer, ISO7816.OFFSET_P1); + buffer = repository.getHeap(); + // Validate APDU Header. + if ((apduClass != CLA_ISO7816_NO_SM_NO_CHAN)) { + ISOException.throwIt(ISO7816.SW_CLA_NOT_SUPPORTED); + } + if (P1P2 != KMKeymasterApplet.KM_HAL_VERSION) { + ISOException.throwIt(ISO7816.SW_INCORRECT_P1P2); + } + // Validate whether INS can be supported + if (!(apduIns > INS_BEGIN_KM_CMD && apduIns < INS_END_KM_CMD)) { + ISOException.throwIt(ISO7816.SW_INS_NOT_SUPPORTED); + } + // Process the apdu if (keymasterState == KMKeymasterApplet.IN_PROVISION_STATE) { switch (apduIns) { case INS_PROVISION_ATTESTATION_KEY_CMD: @@ -487,6 +486,9 @@ private void processDeviceLockedCmd(APDU apdu) { KMArray.cast(tmpVariables[0]).add((short) 1, tmpVariables[1]); // Decode the arguments tmpVariables[0] = decoder.decode(tmpVariables[0], buffer, bufferStartOffset, bufferLength); + //reclaim memory + repository.reclaimMemory(bufferLength); + tmpVariables[1] = KMArray.cast(tmpVariables[0]).get((short) 0); tmpVariables[1] = KMInteger.cast(tmpVariables[1]).getByte(); data[VERIFICATION_TOKEN] = KMArray.cast(tmpVariables[0]).get((short) 1); @@ -516,7 +518,8 @@ private void resetData() { } /** Sends a response, may be extended response, as requested by the command. */ public static void sendOutgoing(APDU apdu) { - if (bufferLength > MAX_IO_LENGTH) { + if (((short) (bufferLength + bufferStartOffset)) > ((short) repository + .getHeap().length)) { ISOException.throwIt(ISO7816.SW_WRONG_LENGTH); } // Send data @@ -532,11 +535,9 @@ public static void receiveIncoming(APDU apdu) { short recvLen = apdu.setIncomingAndReceive(); short srcOffset = apdu.getOffsetCdata(); bufferLength = apdu.getIncomingLength(); + bufferStartOffset = repository.allocReclaimableMemory(bufferLength); short index = bufferStartOffset; - // Receive data - if (bufferLength > MAX_IO_LENGTH) { - ISOException.throwIt(ISO7816.SW_WRONG_LENGTH); - } + while (recvLen > 0 && ((short) (index - bufferStartOffset) < bufferLength)) { Util.arrayCopyNonAtomic(srcBuffer, srcOffset, buffer, index, recvLen); index += recvLen; @@ -561,6 +562,8 @@ private void processGetHwInfoCmd(APDU apdu) { KMByteBlob.instance( JavacardKeymasterDevice, (short) 0, (short) JavacardKeymasterDevice.length)); resp.add((short) 2, KMByteBlob.instance(Google, (short) 0, (short) Google.length)); + + bufferStartOffset = repository.allocAvailableMemory(); // Encode the response - actual bufferLength is 86 bufferLength = encoder.encode(respPtr, buffer, bufferStartOffset); // send buffer to master @@ -578,6 +581,10 @@ private void processAddRngEntropyCmd(APDU apdu) { KMArray.cast(argsProto).add((short) 0, KMByteBlob.exp()); // Decode the argument short args = decoder.decode(argsProto, buffer, bufferStartOffset, bufferLength); + //reclaim memory + repository.reclaimMemory(bufferLength); + + // Process KMByteBlob blob = KMByteBlob.cast(KMArray.cast(args).get((short) 0)); // Maximum 2KiB of seed is allowed. @@ -602,10 +609,7 @@ private void processGetCertChainCmd(APDU apdu) { seProvider.readCertificateChain(buffer, (short) (bufferStartOffset + 2)); // Encode cert chain. encoder.encodeCertChain(buffer, bufferStartOffset, bufferLength); - // Send data - apdu.setOutgoing(); - apdu.setOutgoingLength(bufferLength); - apdu.sendBytesLong(buffer, bufferStartOffset, bufferLength); + sendOutgoing(apdu); } @@ -619,6 +623,9 @@ private void processProvisionAttestationCertParams(APDU apdu) { KMArray.cast(argsProto).add((short) 2, blob); // Cert - Auth Key Id // Decode the argument. short args = decoder.decode(argsProto, buffer, bufferStartOffset, bufferLength); + //reclaim memory + repository.reclaimMemory(bufferLength); + // save issuer - DER Encoded tmpVariables[0] = KMArray.cast(args).get((short) 0); @@ -647,6 +654,7 @@ private void processProvisionAttestationCertChainCmd(APDU apdu) { short recvLen = apdu.setIncomingAndReceive(); short srcOffset = apdu.getOffsetCdata(); bufferLength = apdu.getIncomingLength(); + bufferStartOffset = repository.alloc(bufferLength); short bytesRead = 0; Util.arrayCopyNonAtomic(srcBuffer, srcOffset, buffer, bufferStartOffset, recvLen); @@ -682,6 +690,9 @@ private void processProvisionAttestationKey(APDU apdu) { // Decode the argument short args = decoder.decode(argsProto, buffer, bufferStartOffset, bufferLength); + //reclaim memory + repository.reclaimMemory(bufferLength); + // key params should have os patch, os version and verified root of trust data[KEY_PARAMETERS] = KMArray.cast(args).get((short) 0); tmpVariables[0] = KMArray.cast(args).get((short) 1); @@ -735,6 +746,9 @@ private void processProvisionAttestIdsCmd(APDU apdu) { KMArray.cast(argsProto).add((short) 0, keyparams); // Decode the argument. short args = decoder.decode(argsProto, buffer, bufferStartOffset, bufferLength); + //reclaim memory + repository.reclaimMemory(bufferLength); + data[KEY_PARAMETERS] = KMArray.cast(args).get((short) 0); // persist attestation Ids - if any is missing then exception occurs saveAttId(KMType.ATTESTATION_ID_BRAND); @@ -755,6 +769,8 @@ private void processProvisionSharedSecretCmd(APDU apdu) { KMArray.cast(argsProto).add((short) 0, blob); // Decode the argument. short args = decoder.decode(argsProto, buffer, bufferStartOffset, bufferLength); + //reclaim memory + repository.reclaimMemory(bufferLength); tmpVariables[0] = KMArray.cast(args).get((short) 0); if (tmpVariables[0] != KMType.INVALID_VALUE @@ -772,6 +788,8 @@ private void processGetProvisionStatusCmd(APDU apdu) { tmpVariables[0] = KMArray.instance((short) 2); KMArray.cast(tmpVariables[0]).add((short) 0, KMInteger.uint_16(KMError.OK)); KMArray.cast(tmpVariables[0]).add((short) 1, KMInteger.uint_16(provisionStatus)); + + bufferStartOffset = repository.allocAvailableMemory(); bufferLength = encoder.encode(tmpVariables[0], buffer, bufferStartOffset); sendOutgoing(apdu); } @@ -825,6 +843,9 @@ private void processGetKeyCharacteristicsCmd(APDU apdu) { KMArray.cast(tmpVariables[0]).add((short) 2, KMByteBlob.exp()); // Decode the arguments tmpVariables[0] = decoder.decode(tmpVariables[0], buffer, bufferStartOffset, bufferLength); + //reclaim memory + repository.reclaimMemory(bufferLength); + data[KEY_BLOB] = KMArray.cast(tmpVariables[0]).get((short) 0); data[APP_ID] = KMArray.cast(tmpVariables[0]).get((short) 1); data[APP_DATA] = KMArray.cast(tmpVariables[0]).get((short) 2); @@ -842,6 +863,8 @@ private void processGetKeyCharacteristicsCmd(APDU apdu) { tmpVariables[0] = KMArray.instance((short) 2); KMArray.cast(tmpVariables[0]).add((short) 0, KMInteger.uint_16(KMError.OK)); KMArray.cast(tmpVariables[0]).add((short) 1, data[KEY_CHARACTERISTICS]); + + bufferStartOffset = repository.allocAvailableMemory(); // Encode the response bufferLength = encoder.encode(tmpVariables[0], buffer, bufferStartOffset); sendOutgoing(apdu); @@ -857,6 +880,8 @@ private void processGetHmacSharingParamCmd(APDU apdu) { tmpVariables[3] = KMArray.instance((short) 2); KMArray.cast(tmpVariables[3]).add((short) 0, KMInteger.uint_16(KMError.OK)); KMArray.cast(tmpVariables[3]).add((short) 1, tmpVariables[2]); + + bufferStartOffset = repository.allocAvailableMemory(); // Encode the response bufferLength = encoder.encode(tmpVariables[3], buffer, bufferStartOffset); sendOutgoing(apdu); @@ -880,6 +905,9 @@ private void processDeleteKeyCmd(APDU apdu) { KMArray.cast(argsProto).add((short) 0, KMByteBlob.exp()); // Decode the argument short args = decoder.decode(argsProto, buffer, bufferStartOffset, bufferLength); + //reclaim memory + repository.reclaimMemory(bufferLength); + // Process data[KEY_BLOB] = KMArray.cast(args).get((short) 0); tmpVariables[0] = KMByteBlob.cast(data[KEY_BLOB]).getStartOff(); @@ -920,6 +948,9 @@ private void processComputeSharedHmacCmd(APDU apdu) { KMArray.cast(tmpVariables[2]).add((short) 0, tmpVariables[0]); // Vector of hmac params // Decode the arguments tmpVariables[0] = decoder.decode(tmpVariables[2], buffer, bufferStartOffset, bufferLength); + //reclaim memory + repository.reclaimMemory(bufferLength); + data[HMAC_SHARING_PARAMS] = KMArray.cast(tmpVariables[0]).get((short) 0); // Concatenate HMAC Params tmpVariables[0] = KMArray.cast(data[HMAC_SHARING_PARAMS]).length(); // total number of params @@ -1022,6 +1053,8 @@ private void processComputeSharedHmacCmd(APDU apdu) { tmpVariables[0] = KMArray.instance((short) 2); KMArray.cast(tmpVariables[0]).add((short) 0, KMInteger.uint_16(KMError.OK)); KMArray.cast(tmpVariables[0]).add((short) 1, tmpVariables[1]); + + bufferStartOffset = repository.allocAvailableMemory(); // Encode the response bufferLength = encoder.encode(tmpVariables[0], buffer, bufferStartOffset); sendOutgoing(apdu); @@ -1037,6 +1070,9 @@ private void processUpgradeKeyCmd(APDU apdu) { KMArray.cast(tmpVariables[1]).add((short) 1, tmpVariables[2]); // Key Params // Decode the arguments tmpVariables[2] = decoder.decode(tmpVariables[1], buffer, bufferStartOffset, bufferLength); + //reclaim memory + repository.reclaimMemory(bufferLength); + data[KEY_BLOB] = KMArray.cast(tmpVariables[2]).get((short) 0); data[KEY_PARAMETERS] = KMArray.cast(tmpVariables[2]).get((short) 1); tmpVariables[0] = @@ -1125,6 +1161,8 @@ private void processUpgradeKeyCmd(APDU apdu) { tmpVariables[0] = KMArray.instance((short) 2); KMArray.cast(tmpVariables[0]).add((short) 0, KMInteger.uint_16(KMError.OK)); KMArray.cast(tmpVariables[0]).add((short) 1, data[KEY_BLOB]); + + bufferStartOffset = repository.allocAvailableMemory(); // Encode the response bufferLength = encoder.encode(tmpVariables[0], buffer, bufferStartOffset); sendOutgoing(apdu); @@ -1156,6 +1194,8 @@ private void processImportWrappedKeyCmd(APDU apdu) { KMArray.cast(tmpVariables[1]).add((short) 11, KMInteger.exp()); // Biometric Sid // Decode the arguments short args = decoder.decode(tmpVariables[1], buffer, bufferStartOffset, bufferLength); + //reclaim memory + repository.reclaimMemory(bufferLength); // Step -0 - check whether the key format and algorithm supported // read algorithm @@ -1307,6 +1347,9 @@ private void processAttestKeyCmd(APDU apdu) { // Decode the argument short args = decoder.decode(argsProto, buffer, bufferStartOffset, bufferLength); + //reclaim memory + repository.reclaimMemory(bufferLength); + data[KEY_BLOB] = KMArray.cast(args).get((short) 0); data[KEY_PARAMETERS] = KMArray.cast(args).get((short) 1); @@ -1512,6 +1555,9 @@ private void processAbortOperationCmd(APDU apdu) { tmpVariables[1] = KMArray.instance((short) 1); KMArray.cast(tmpVariables[1]).add((short) 0, KMInteger.exp()); tmpVariables[2] = decoder.decode(tmpVariables[1], buffer, bufferStartOffset, bufferLength); + //reclaim memory + repository.reclaimMemory(bufferLength); + data[OP_HANDLE] = KMArray.cast(tmpVariables[2]).get((short) 0); tmpVariables[1] = KMInteger.cast(data[OP_HANDLE]).getShort(); KMOperationState op = repository.findOperation(tmpVariables[1]); @@ -1538,6 +1584,9 @@ private void processFinishOperationCmd(APDU apdu) { KMArray.cast(tmpVariables[1]).add((short) 5, tmpVariables[4]); // Decode the arguments tmpVariables[2] = decoder.decode(tmpVariables[1], buffer, bufferStartOffset, bufferLength); + //reclaim memory + repository.reclaimMemory(bufferLength); + data[OP_HANDLE] = KMArray.cast(tmpVariables[2]).get((short) 0); data[KEY_PARAMETERS] = KMArray.cast(tmpVariables[2]).get((short) 1); data[INPUT_DATA] = KMArray.cast(tmpVariables[2]).get((short) 2); @@ -1579,6 +1628,8 @@ private void processFinishOperationCmd(APDU apdu) { KMArray.cast(tmpVariables[2]).add((short) 1, tmpVariables[1]); KMArray.cast(tmpVariables[2]).add((short) 2, data[OUTPUT_DATA]); + + bufferStartOffset = repository.allocAvailableMemory(); // Encode the response bufferLength = encoder.encode(tmpVariables[2], buffer, bufferStartOffset); sendOutgoing(apdu); @@ -2029,6 +2080,9 @@ private void processUpdateOperationCmd(APDU apdu) { KMArray.cast(tmpVariables[1]).add((short) 4, tmpVariables[4]); // Decode the arguments tmpVariables[2] = decoder.decode(tmpVariables[1], buffer, bufferStartOffset, bufferLength); + //reclaim memory + repository.reclaimMemory(bufferLength); + data[OP_HANDLE] = KMArray.cast(tmpVariables[2]).get((short) 0); data[KEY_PARAMETERS] = KMArray.cast(tmpVariables[2]).get((short) 1); data[INPUT_DATA] = KMArray.cast(tmpVariables[2]).get((short) 2); @@ -2136,6 +2190,8 @@ private void processUpdateOperationCmd(APDU apdu) { KMArray.cast(tmpVariables[2]).add((short) 1, KMInteger.uint_16(tmpVariables[3])); KMArray.cast(tmpVariables[2]).add((short) 2, tmpVariables[1]); KMArray.cast(tmpVariables[2]).add((short) 3, data[OUTPUT_DATA]); + + bufferStartOffset = repository.allocAvailableMemory(); // Encode the response bufferLength = encoder.encode(tmpVariables[2], buffer, bufferStartOffset); sendOutgoing(apdu); @@ -2166,6 +2222,9 @@ private void processBeginOperationCmd(APDU apdu) { KMArray.cast(tmpVariables[1]).add((short) 3, tmpVariables[3]); // Decode the arguments args = decoder.decode(tmpVariables[1], buffer, bufferStartOffset, bufferLength); + //reclaim memory + repository.reclaimMemory(bufferLength); + data[KEY_PARAMETERS] = KMArray.cast(args).get((short) 2); data[KEY_BLOB] = KMArray.cast(args).get((short) 1); // Check for app id and app data. @@ -2235,6 +2294,8 @@ private void processBeginOperationCmd(APDU apdu) { KMArray.cast(tmpVariables[0]).add((short) 0, KMInteger.uint_16(KMError.OK)); KMArray.cast(tmpVariables[0]).add((short) 1, tmpVariables[1]); KMArray.cast(tmpVariables[0]).add((short) 2, data[OP_HANDLE]); + + bufferStartOffset = repository.allocAvailableMemory(); // Encode the response bufferLength = encoder.encode(tmpVariables[0], buffer, bufferStartOffset); sendOutgoing(apdu); @@ -2832,6 +2893,9 @@ private void processImportKeyCmd(APDU apdu) { KMArray.cast(tmpVariables[1]).add((short) 2, KMByteBlob.exp()); // Decode the arguments tmpVariables[2] = decoder.decode(tmpVariables[1], buffer, bufferStartOffset, bufferLength); + //reclaim memory + repository.reclaimMemory(bufferLength); + data[KEY_PARAMETERS] = KMArray.cast(tmpVariables[2]).get((short) 0); tmpVariables[3] = KMArray.cast(tmpVariables[2]).get((short) 1); data[IMPORTED_KEY_BLOB] = KMArray.cast(tmpVariables[2]).get((short) 2); @@ -2901,6 +2965,8 @@ private void importKey(APDU apdu, byte[] scratchPad) { KMArray.cast(tmpVariables[0]).add((short) 0, KMInteger.uint_16(KMError.OK)); KMArray.cast(tmpVariables[0]).add((short) 1, data[KEY_BLOB]); KMArray.cast(tmpVariables[0]).add((short) 2, data[KEY_CHARACTERISTICS]); + + bufferStartOffset = repository.allocAvailableMemory(); // Encode the response bufferLength = encoder.encode(tmpVariables[0], buffer, bufferStartOffset); sendOutgoing(apdu); @@ -3250,6 +3316,9 @@ private void processSetBootParamsCmd(APDU apdu) { // Decode the arguments // System.out.println("Process boot params buffer: "+byteArrayToHexString(buffer)); short args = decoder.decode(argsProto, buffer, bufferStartOffset, bufferLength); + //reclaim memory + repository.reclaimMemory(bufferLength); + // short osVersionTagPtr = KMArray.cast(args).get((short) 0); tmpVariables[0] = KMArray.cast(args).get((short) 0); // short osPatchTagPtr = KMArray.cast(args).get((short) 1); @@ -3329,6 +3398,9 @@ private static void processGenerateKey(APDU apdu) { KMArray.cast(tmpVariables[1]).add((short) 0, tmpVariables[0]); // Decode the argument tmpVariables[2] = decoder.decode(tmpVariables[1], buffer, bufferStartOffset, bufferLength); + //reclaim memory + repository.reclaimMemory(bufferLength); + data[KEY_PARAMETERS] = KMArray.cast(tmpVariables[2]).get((short) 0); // Check if EarlyBootEnded tag is present. tmpVariables[0] = @@ -3400,6 +3472,8 @@ private static void processGenerateKey(APDU apdu) { KMArray.cast(tmpVariables[0]).add((short) 0, KMInteger.uint_16(KMError.OK)); KMArray.cast(tmpVariables[0]).add((short) 1, data[KEY_BLOB]); KMArray.cast(tmpVariables[0]).add((short) 2, data[KEY_CHARACTERISTICS]); + + bufferStartOffset = repository.allocAvailableMemory(); // Encode the response bufferLength = encoder.encode(tmpVariables[0], buffer, bufferStartOffset); @@ -3720,6 +3794,8 @@ private static void createEncryptedKeyBlob(byte[] scratchPad) { KMArray.cast(data[KEY_BLOB]).add(KEY_BLOB_AUTH_TAG, data[AUTH_TAG]); KMArray.cast(data[KEY_BLOB]).add(KEY_BLOB_NONCE, data[NONCE]); KMArray.cast(data[KEY_BLOB]).add(KEY_BLOB_KEYCHAR, data[KEY_CHARACTERISTICS]); + + // allocate reclaimable memory. tmpVariables[0] = repository.alloc((short) 1024); tmpVariables[1] = encoder.encode(data[KEY_BLOB], repository.getHeap(), tmpVariables[0]); data[KEY_BLOB] = KMByteBlob.instance(repository.getHeap(), tmpVariables[0], tmpVariables[1]); @@ -3957,6 +4033,7 @@ private static short deriveKey(byte[] scratchPad) { } private static void sendError(APDU apdu, short err) { + bufferStartOffset = repository.alloc((short) 2); bufferLength = encoder.encodeError(err, buffer, bufferStartOffset, (short) 5); sendOutgoing(apdu); } diff --git a/Applet/Applet/src/com/android/javacard/keymaster/KMRepository.java b/Applet/Applet/src/com/android/javacard/keymaster/KMRepository.java index fb717985..b8dc8b8d 100644 --- a/Applet/Applet/src/com/android/javacard/keymaster/KMRepository.java +++ b/Applet/Applet/src/com/android/javacard/keymaster/KMRepository.java @@ -97,6 +97,7 @@ public class KMRepository implements KMUpgradable { private short heapIndex; private byte[] dataTable; private short dataIndex; + private short reclaimIndex; // Singleton instance private static KMRepository repository; @@ -109,6 +110,7 @@ public KMRepository(boolean isUpgrading) { newDataTable(isUpgrading); heap = JCSystem.makeTransientByteArray(HEAP_SIZE, JCSystem.CLEAR_ON_RESET); heapIndex = 0; + reclaimIndex = HEAP_SIZE; operationStateTable = new Object[MAX_OPS]; // create and initialize operation state table. byte index = 0; @@ -252,6 +254,7 @@ public void onProcess() {} public void clean() { Util.arrayFillNonAtomic(heap, (short) 0, heapIndex, (byte) 0); heapIndex = 0; + reclaimIndex = HEAP_SIZE; } public void onDeselect() {} @@ -264,8 +267,38 @@ public short getMasterKeySecret() { return readData(MASTER_KEY); } + // This function uses memory from the back of the heap(transient memory). Call + // reclaimMemory function immediately after the use. + public short allocReclaimableMemory(short length) { + // TODO Verify the below condition (HEAP_SIZE/2) + if ((((short) (reclaimIndex - length)) <= heapIndex) + || (length >= HEAP_SIZE / 2)) { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } + reclaimIndex -= length; + return reclaimIndex; + } + + // Reclaims the memory back. + public void reclaimMemory(short length) { + if (reclaimIndex < heapIndex) { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } + reclaimIndex += length; + } + + public short allocAvailableMemory() { + if (heapIndex >= heap.length) { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } + short index = heapIndex; + heapIndex = (short) heap.length; + return index; + } + public short alloc(short length) { - if (((short) (heapIndex + length)) > heap.length) { + if ((((short) (heapIndex + length)) > heap.length) || + (((short) (heapIndex + length)) > reclaimIndex)) { ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); } heapIndex += length; From 1a9de21da2b077b77d810bc3f79980f3da8f9cf2 Mon Sep 17 00:00:00 2001 From: BKSSM Venkateswarlu Date: Sat, 28 Nov 2020 18:29:21 +0000 Subject: [PATCH 006/169] Modified KMFunctionalTest code as per latest provision changes. --- .../android/javacard/keymaster/KMEncoder.java | 2 +- .../javacard/test/KMFunctionalTest.java | 719 +++++++++++++----- 2 files changed, 548 insertions(+), 173 deletions(-) diff --git a/Applet/Applet/src/com/android/javacard/keymaster/KMEncoder.java b/Applet/Applet/src/com/android/javacard/keymaster/KMEncoder.java index 273149ee..72f906bf 100644 --- a/Applet/Applet/src/com/android/javacard/keymaster/KMEncoder.java +++ b/Applet/Applet/src/com/android/javacard/keymaster/KMEncoder.java @@ -343,7 +343,7 @@ private void writeMajorTypeWithLength(byte majorType, short len) { } private void writeBytes(byte[] buf, short start, short len){ - Util.arrayCopy(buf, start, buffer, startOff, len); + Util.arrayCopyNonAtomic(buf, start, buffer, startOff, len); incrementStartOff(len); } private void writeShort(short val){ diff --git a/Applet/Applet/test/com/android/javacard/test/KMFunctionalTest.java b/Applet/Applet/test/com/android/javacard/test/KMFunctionalTest.java index c9eb7c1f..450e7a60 100644 --- a/Applet/Applet/test/com/android/javacard/test/KMFunctionalTest.java +++ b/Applet/Applet/test/com/android/javacard/test/KMFunctionalTest.java @@ -17,7 +17,8 @@ package com.android.javacard.test; import com.android.javacard.keymaster.KMArray; -import com.android.javacard.keymaster.KMBackupStoreApplet; +import com.android.javacard.keymaster.KMAttestationCert; +import com.android.javacard.keymaster.KMAttestationCertImpl; import com.android.javacard.keymaster.KMBoolTag; import com.android.javacard.keymaster.KMByteBlob; import com.android.javacard.keymaster.KMByteTag; @@ -43,22 +44,359 @@ import com.licel.jcardsim.utils.AIDUtil; import javacard.framework.AID; import javacard.framework.Util; + +import java.security.spec.PKCS8EncodedKeySpec; + import javax.smartcardio.CommandAPDU; import javax.smartcardio.ResponseAPDU; import org.junit.Assert; import org.junit.Test; public class KMFunctionalTest { - private static final byte[] X509Issuer = { - 0x30, 0x76, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, - 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x0A, 0x43, 0x61, 0x6C, 0x69, 0x66, 0x6F, - 0x72, 0x6E, 0x69, 0x61, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0C, 0x47, - 0x6F, 0x6F, 0x67, 0x6C, 0x65, 0x2C, 0x20, 0x49, 0x6E, 0x63, 0x2E, 0x31, 0x10, 0x30, 0x0E, 0x06, - 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x07, 0x41, 0x6E, 0x64, 0x72, 0x6F, 0x69, 0x64, 0x31, 0x29, 0x30, - 0x27, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x20, 0x41, 0x6E, 0x64, 0x72, 0x6F, 0x69, 0x64, 0x20, - 0x53, 0x6F, 0x66, 0x74, 0x77, 0x61, 0x72, 0x65, 0x20, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, - 0x74, 0x69, 0x6F, 0x6E, 0x20, 0x4B, 0x65, 0x79 - }; + private static final byte INS_BEGIN_KM_CMD = 0x00; + private static final byte INS_PROVISION_ATTESTATION_KEY_CMD = INS_BEGIN_KM_CMD + 1; //0x01 + private static final byte INS_PROVISION_ATTESTATION_CERT_CHAIN_CMD = INS_BEGIN_KM_CMD + 2; //0x02 + private static final byte INS_PROVISION_ATTESTATION_CERT_PARAMS_CMD = INS_BEGIN_KM_CMD + 3; //0x03 + private static final byte INS_PROVISION_ATTEST_IDS_CMD = INS_BEGIN_KM_CMD + 4; //0x04 + private static final byte INS_PROVISION_SHARED_SECRET_CMD = INS_BEGIN_KM_CMD + 5; //0x05 + private static final byte INS_SET_BOOT_PARAMS_CMD = INS_BEGIN_KM_CMD + 6; //0x06 + private static final byte INS_LOCK_PROVISIONING_CMD = INS_BEGIN_KM_CMD + 7; //0x07 + private static final byte INS_GET_PROVISION_STATUS_CMD = INS_BEGIN_KM_CMD + 8; //0x08 + // Top 32 commands are reserved for provisioning. + private static final byte INS_END_KM_PROVISION_CMD = 0x20; + + private static final byte INS_GENERATE_KEY_CMD = INS_END_KM_PROVISION_CMD + 1; //0x21 + private static final byte INS_IMPORT_KEY_CMD = INS_END_KM_PROVISION_CMD + 2; //0x22 + private static final byte INS_IMPORT_WRAPPED_KEY_CMD = INS_END_KM_PROVISION_CMD + 3; //0x23 + private static final byte INS_EXPORT_KEY_CMD = INS_END_KM_PROVISION_CMD + 4; //0x24 + private static final byte INS_ATTEST_KEY_CMD = INS_END_KM_PROVISION_CMD + 5; //0x25 + private static final byte INS_UPGRADE_KEY_CMD = INS_END_KM_PROVISION_CMD + 6; //0x26 + private static final byte INS_DELETE_KEY_CMD = INS_END_KM_PROVISION_CMD + 7; //0x27 + private static final byte INS_DELETE_ALL_KEYS_CMD = INS_END_KM_PROVISION_CMD + 8; //0x28 + private static final byte INS_ADD_RNG_ENTROPY_CMD = INS_END_KM_PROVISION_CMD + 9; //0x29 + private static final byte INS_COMPUTE_SHARED_HMAC_CMD = INS_END_KM_PROVISION_CMD + 10; //0x2A + private static final byte INS_DESTROY_ATT_IDS_CMD = INS_END_KM_PROVISION_CMD + 11; //0x2B + private static final byte INS_VERIFY_AUTHORIZATION_CMD = INS_END_KM_PROVISION_CMD + 12; //0x2C + private static final byte INS_GET_HMAC_SHARING_PARAM_CMD = INS_END_KM_PROVISION_CMD + 13; //0x2D + private static final byte INS_GET_KEY_CHARACTERISTICS_CMD = INS_END_KM_PROVISION_CMD + 14; //0x2E + private static final byte INS_GET_HW_INFO_CMD = INS_END_KM_PROVISION_CMD + 15; //0x2F + private static final byte INS_BEGIN_OPERATION_CMD = INS_END_KM_PROVISION_CMD + 16; //0x30 + private static final byte INS_UPDATE_OPERATION_CMD = INS_END_KM_PROVISION_CMD + 17; //0x31 + private static final byte INS_FINISH_OPERATION_CMD = INS_END_KM_PROVISION_CMD + 18; //0x32 + private static final byte INS_ABORT_OPERATION_CMD = INS_END_KM_PROVISION_CMD + 19; //0x33 + private static final byte INS_DEVICE_LOCKED_CMD = INS_END_KM_PROVISION_CMD + 20;//0x34 + private static final byte INS_EARLY_BOOT_ENDED_CMD = INS_END_KM_PROVISION_CMD + 21; //0x35 + private static final byte INS_GET_CERT_CHAIN_CMD = INS_END_KM_PROVISION_CMD + 22; //0x36 + + private static final byte[] kEcPrivKey = { + (byte) 0x21, (byte) 0xe0, (byte) 0x86, (byte) 0x43, (byte) 0x2a, + (byte) 0x15, (byte) 0x19, (byte) 0x84, (byte) 0x59, (byte) 0xcf, + (byte) 0x36, (byte) 0x3a, (byte) 0x50, (byte) 0xfc, (byte) 0x14, + (byte) 0xc9, (byte) 0xda, (byte) 0xad, (byte) 0xf9, (byte) 0x35, + (byte) 0xf5, (byte) 0x27, (byte) 0xc2, (byte) 0xdf, (byte) 0xd7, + (byte) 0x1e, (byte) 0x4d, (byte) 0x6d, (byte) 0xbc, (byte) 0x42, + (byte) 0xe5, (byte) 0x44 }; + private static final byte[] kEcPubKey = { + (byte) 0x04, (byte) 0xeb, (byte) 0x9e, (byte) 0x79, (byte) 0xf8, + (byte) 0x42, (byte) 0x63, (byte) 0x59, (byte) 0xac, (byte) 0xcb, + (byte) 0x2a, (byte) 0x91, (byte) 0x4c, (byte) 0x89, (byte) 0x86, + (byte) 0xcc, (byte) 0x70, (byte) 0xad, (byte) 0x90, (byte) 0x66, + (byte) 0x93, (byte) 0x82, (byte) 0xa9, (byte) 0x73, (byte) 0x26, + (byte) 0x13, (byte) 0xfe, (byte) 0xac, (byte) 0xcb, (byte) 0xf8, + (byte) 0x21, (byte) 0x27, (byte) 0x4c, (byte) 0x21, (byte) 0x74, + (byte) 0x97, (byte) 0x4a, (byte) 0x2a, (byte) 0xfe, (byte) 0xa5, + (byte) 0xb9, (byte) 0x4d, (byte) 0x7f, (byte) 0x66, (byte) 0xd4, + (byte) 0xe0, (byte) 0x65, (byte) 0x10, (byte) 0x66, (byte) 0x35, + (byte) 0xbc, (byte) 0x53, (byte) 0xb7, (byte) 0xa0, (byte) 0xa3, + (byte) 0xa6, (byte) 0x71, (byte) 0x58, (byte) 0x3e, (byte) 0xdb, + (byte) 0x3e, (byte) 0x11, (byte) 0xae, (byte) 0x10, (byte) 0x14 }; + + private static final byte[] kEcAttestCert = { + 0x30, (byte) 0x82, (byte) 0x02, (byte) 0x78, (byte) 0x30, (byte) 0x82, + (byte) 0x02, (byte) 0x1e, (byte) 0xa0, (byte) 0x03, (byte) 0x02, + (byte) 0x01, (byte) 0x02, (byte) 0x02, (byte) 0x02, (byte) 0x10, 0x01, + (byte) 0x30, (byte) 0x0a, (byte) 0x06, (byte) 0x08, (byte) 0x2a, + (byte) 0x86, (byte) 0x48, (byte) 0xce, (byte) 0x3d, (byte) 0x04, + (byte) 0x03, (byte) 0x02, (byte) 0x30, (byte) 0x81, (byte) 0x98, 0x31, + (byte) 0x0b, (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, + (byte) 0x55, (byte) 0x04, (byte) 0x06, (byte) 0x13, (byte) 0x02, + (byte) 0x55, (byte) 0x53, (byte) 0x31, (byte) 0x13, (byte) 0x30, 0x11, + (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x08, + (byte) 0x0c, (byte) 0x0a, (byte) 0x43, (byte) 0x61, (byte) 0x6c, + (byte) 0x69, (byte) 0x66, (byte) 0x6f, (byte) 0x72, (byte) 0x6e, 0x69, + (byte) 0x61, (byte) 0x31, (byte) 0x16, (byte) 0x30, (byte) 0x14, + (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x07, + (byte) 0x0c, (byte) 0x0d, (byte) 0x4d, (byte) 0x6f, (byte) 0x75, 0x6e, + (byte) 0x74, (byte) 0x61, (byte) 0x69, (byte) 0x6e, (byte) 0x20, + (byte) 0x56, (byte) 0x69, (byte) 0x65, (byte) 0x77, (byte) 0x31, + (byte) 0x15, (byte) 0x30, (byte) 0x13, (byte) 0x06, (byte) 0x03, 0x55, + (byte) 0x04, (byte) 0x0a, (byte) 0x0c, (byte) 0x0c, (byte) 0x47, + (byte) 0x6f, (byte) 0x6f, (byte) 0x67, (byte) 0x6c, (byte) 0x65, + (byte) 0x2c, (byte) 0x20, (byte) 0x49, (byte) 0x6e, (byte) 0x63, 0x2e, + (byte) 0x31, (byte) 0x10, (byte) 0x30, (byte) 0x0e, (byte) 0x06, + (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x0b, (byte) 0x0c, + (byte) 0x07, (byte) 0x41, (byte) 0x6e, (byte) 0x64, (byte) 0x72, 0x6f, + (byte) 0x69, (byte) 0x64, (byte) 0x31, (byte) 0x33, (byte) 0x30, + (byte) 0x31, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, + (byte) 0x03, (byte) 0x0c, (byte) 0x2a, (byte) 0x41, (byte) 0x6e, 0x64, + (byte) 0x72, (byte) 0x6f, (byte) 0x69, (byte) 0x64, (byte) 0x20, + (byte) 0x4b, (byte) 0x65, (byte) 0x79, (byte) 0x73, (byte) 0x74, + (byte) 0x6f, (byte) 0x72, (byte) 0x65, (byte) 0x20, (byte) 0x53, 0x6f, + (byte) 0x66, (byte) 0x74, (byte) 0x77, (byte) 0x61, (byte) 0x72, + (byte) 0x65, (byte) 0x20, (byte) 0x41, (byte) 0x74, (byte) 0x74, + (byte) 0x65, (byte) 0x73, (byte) 0x74, (byte) 0x61, (byte) 0x74, 0x69, + (byte) 0x6f, (byte) 0x6e, (byte) 0x20, (byte) 0x52, (byte) 0x6f, + (byte) 0x6f, (byte) 0x74, (byte) 0x30, (byte) 0x1e, (byte) 0x17, + (byte) 0x0d, (byte) 0x31, (byte) 0x36, (byte) 0x30, (byte) 0x31, 0x31, + (byte) 0x31, (byte) 0x30, (byte) 0x30, (byte) 0x34, (byte) 0x36, + (byte) 0x30, (byte) 0x39, (byte) 0x5a, (byte) 0x17, (byte) 0x0d, + (byte) 0x32, (byte) 0x36, (byte) 0x30, (byte) 0x31, (byte) 0x30, 0x38, + (byte) 0x30, (byte) 0x30, (byte) 0x34, (byte) 0x36, (byte) 0x30, + (byte) 0x39, (byte) 0x5a, (byte) 0x30, (byte) 0x81, (byte) 0x88, + (byte) 0x31, (byte) 0x0b, (byte) 0x30, (byte) 0x09, (byte) 0x06, 0x03, + (byte) 0x55, (byte) 0x04, (byte) 0x06, (byte) 0x13, (byte) 0x02, + (byte) 0x55, (byte) 0x53, (byte) 0x31, (byte) 0x13, (byte) 0x30, + (byte) 0x11, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, 0x08, + (byte) 0x0c, (byte) 0x0a, (byte) 0x43, (byte) 0x61, (byte) 0x6c, + (byte) 0x69, (byte) 0x66, (byte) 0x6f, (byte) 0x72, (byte) 0x6e, + (byte) 0x69, (byte) 0x61, (byte) 0x31, (byte) 0x15, (byte) 0x30, 0x13, + (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x0a, + (byte) 0x0c, (byte) 0x0c, (byte) 0x47, (byte) 0x6f, (byte) 0x6f, + (byte) 0x67, (byte) 0x6c, (byte) 0x65, (byte) 0x2c, (byte) 0x20, 0x49, + (byte) 0x6e, (byte) 0x63, (byte) 0x2e, (byte) 0x31, (byte) 0x10, + (byte) 0x30, (byte) 0x0e, (byte) 0x06, (byte) 0x03, (byte) 0x55, + (byte) 0x04, (byte) 0x0b, (byte) 0x0c, (byte) 0x07, (byte) 0x41, 0x6e, + (byte) 0x64, (byte) 0x72, (byte) 0x6f, (byte) 0x69, (byte) 0x64, + (byte) 0x31, (byte) 0x3b, (byte) 0x30, (byte) 0x39, (byte) 0x06, + (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x03, (byte) 0x0c, 0x32, + (byte) 0x41, (byte) 0x6e, (byte) 0x64, (byte) 0x72, (byte) 0x6f, + (byte) 0x69, (byte) 0x64, (byte) 0x20, (byte) 0x4b, (byte) 0x65, + (byte) 0x79, (byte) 0x73, (byte) 0x74, (byte) 0x6f, (byte) 0x72, 0x65, + (byte) 0x20, (byte) 0x53, (byte) 0x6f, (byte) 0x66, (byte) 0x74, + (byte) 0x77, (byte) 0x61, (byte) 0x72, (byte) 0x65, (byte) 0x20, + (byte) 0x41, (byte) 0x74, (byte) 0x74, (byte) 0x65, (byte) 0x73, 0x74, + (byte) 0x61, (byte) 0x74, (byte) 0x69, (byte) 0x6f, (byte) 0x6e, + (byte) 0x20, (byte) 0x49, (byte) 0x6e, (byte) 0x74, (byte) 0x65, + (byte) 0x72, (byte) 0x6d, (byte) 0x65, (byte) 0x64, (byte) 0x69, 0x61, + (byte) 0x74, (byte) 0x65, (byte) 0x30, (byte) 0x59, (byte) 0x30, + (byte) 0x13, (byte) 0x06, (byte) 0x07, (byte) 0x2a, (byte) 0x86, + (byte) 0x48, (byte) 0xce, (byte) 0x3d, (byte) 0x02, (byte) 0x01, 0x06, + (byte) 0x08, (byte) 0x2a, (byte) 0x86, (byte) 0x48, (byte) 0xce, + (byte) 0x3d, (byte) 0x03, (byte) 0x01, (byte) 0x07, (byte) 0x03, + (byte) 0x42, (byte) 0x00, (byte) 0x04, (byte) 0xeb, (byte) 0x9e, 0x79, + (byte) 0xf8, (byte) 0x42, (byte) 0x63, (byte) 0x59, (byte) 0xac, + (byte) 0xcb, (byte) 0x2a, (byte) 0x91, (byte) 0x4c, (byte) 0x89, + (byte) 0x86, (byte) 0xcc, (byte) 0x70, (byte) 0xad, (byte) 0x90, 0x66, + (byte) 0x93, (byte) 0x82, (byte) 0xa9, (byte) 0x73, (byte) 0x26, + (byte) 0x13, (byte) 0xfe, (byte) 0xac, (byte) 0xcb, (byte) 0xf8, + (byte) 0x21, (byte) 0x27, (byte) 0x4c, (byte) 0x21, (byte) 0x74, + (byte) 0x97, (byte) 0x4a, (byte) 0x2a, (byte) 0xfe, (byte) 0xa5, + (byte) 0xb9, (byte) 0x4d, (byte) 0x7f, (byte) 0x66, (byte) 0xd4, + (byte) 0xe0, (byte) 0x65, (byte) 0x10, (byte) 0x66, (byte) 0x35, + (byte) 0xbc, 0x53, (byte) 0xb7, (byte) 0xa0, (byte) 0xa3, (byte) 0xa6, + (byte) 0x71, (byte) 0x58, (byte) 0x3e, (byte) 0xdb, (byte) 0x3e, + (byte) 0x11, (byte) 0xae, (byte) 0x10, (byte) 0x14, (byte) 0xa3, + (byte) 0x66, 0x30, (byte) 0x64, (byte) 0x30, (byte) 0x1d, (byte) 0x06, + (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x0e, (byte) 0x04, + (byte) 0x16, (byte) 0x04, (byte) 0x14, (byte) 0x3f, (byte) 0xfc, + (byte) 0xac, (byte) 0xd6, (byte) 0x1a, (byte) 0xb1, (byte) 0x3a, + (byte) 0x9e, (byte) 0x81, (byte) 0x20, (byte) 0xb8, (byte) 0xd5, + (byte) 0x25, (byte) 0x1c, (byte) 0xc5, (byte) 0x65, (byte) 0xbb, + (byte) 0x1e, (byte) 0x91, (byte) 0xa9, (byte) 0x30, (byte) 0x1f, + (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x23, + (byte) 0x04, (byte) 0x18, (byte) 0x30, (byte) 0x16, (byte) 0x80, + (byte) 0x14, (byte) 0xc8, (byte) 0xad, (byte) 0xe9, (byte) 0x77, + (byte) 0x4c, (byte) 0x45, (byte) 0xc3, (byte) 0xa3, (byte) 0xcf, + (byte) 0x0d, (byte) 0x16, (byte) 0x10, (byte) 0xe4, (byte) 0x79, + (byte) 0x43, (byte) 0x3a, (byte) 0x21, (byte) 0x5a, 0x30, (byte) 0xcf, + (byte) 0x30, (byte) 0x12, (byte) 0x06, (byte) 0x03, (byte) 0x55, + (byte) 0x1d, (byte) 0x13, (byte) 0x01, (byte) 0x01, (byte) 0xff, + (byte) 0x04, (byte) 0x08, (byte) 0x30, (byte) 0x06, 0x01, (byte) 0x01, + (byte) 0xff, (byte) 0x02, (byte) 0x01, (byte) 0x00, (byte) 0x30, + (byte) 0x0e, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, + (byte) 0x0f, (byte) 0x01, (byte) 0x01, (byte) 0xff, 0x04, (byte) 0x04, + (byte) 0x03, (byte) 0x02, (byte) 0x02, (byte) 0x84, (byte) 0x30, + (byte) 0x0a, (byte) 0x06, (byte) 0x08, (byte) 0x2a, (byte) 0x86, + (byte) 0x48, (byte) 0xce, (byte) 0x3d, (byte) 0x04, 0x03, (byte) 0x02, + (byte) 0x03, (byte) 0x48, (byte) 0x00, (byte) 0x30, (byte) 0x45, + (byte) 0x02, (byte) 0x20, (byte) 0x4b, (byte) 0x8a, (byte) 0x9b, + (byte) 0x7b, (byte) 0xee, (byte) 0x82, (byte) 0xbc, (byte) 0xc0, + (byte) 0x33, (byte) 0x87, (byte) 0xae, (byte) 0x2f, (byte) 0xc0, + (byte) 0x89, (byte) 0x98, (byte) 0xb4, (byte) 0xdd, (byte) 0xc3, + (byte) 0x8d, (byte) 0xab, (byte) 0x27, (byte) 0x2a, (byte) 0x45, + (byte) 0x9f, (byte) 0x69, (byte) 0x0c, (byte) 0xc7, (byte) 0xc3, + (byte) 0x92, (byte) 0xd4, (byte) 0x0f, (byte) 0x8e, (byte) 0x02, + (byte) 0x21, (byte) 0x00, (byte) 0xee, (byte) 0xda, (byte) 0x01, + (byte) 0x5d, (byte) 0xb6, (byte) 0xf4, (byte) 0x32, (byte) 0xe9, + (byte) 0xd4, (byte) 0x84, (byte) 0x3b, (byte) 0x62, (byte) 0x4c, + (byte) 0x94, (byte) 0x04, (byte) 0xef, (byte) 0x3a, (byte) 0x7c, + (byte) 0xcc, (byte) 0xbd, 0x5e, (byte) 0xfb, (byte) 0x22, (byte) 0xbb, + (byte) 0xe7, (byte) 0xfe, (byte) 0xb9, (byte) 0x77, (byte) 0x3f, + (byte) 0x59, (byte) 0x3f, (byte) 0xfb, }; + + private static final byte[] kEcAttestRootCert = { + 0x30, (byte) 0x82, (byte) 0x02, (byte) 0x8b, (byte) 0x30, + (byte) 0x82, (byte) 0x02, (byte) 0x32, (byte) 0xa0, (byte) 0x03, + (byte) 0x02, (byte) 0x01, (byte) 0x02, (byte) 0x02, (byte) 0x09, + (byte) 0x00, (byte) 0xa2, (byte) 0x05, (byte) 0x9e, (byte) 0xd1, + (byte) 0x0e, (byte) 0x43, (byte) 0x5b, (byte) 0x57, (byte) 0x30, + (byte) 0x0a, (byte) 0x06, (byte) 0x08, (byte) 0x2a, (byte) 0x86, + (byte) 0x48, (byte) 0xce, 0x3d, (byte) 0x04, (byte) 0x03, + (byte) 0x02, (byte) 0x30, (byte) 0x81, (byte) 0x98, (byte) 0x31, + (byte) 0x0b, (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, + (byte) 0x55, (byte) 0x04, (byte) 0x06, 0x13, (byte) 0x02, + (byte) 0x55, (byte) 0x53, (byte) 0x31, (byte) 0x13, (byte) 0x30, + (byte) 0x11, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, + (byte) 0x08, (byte) 0x0c, (byte) 0x0a, (byte) 0x43, 0x61, + (byte) 0x6c, (byte) 0x69, (byte) 0x66, (byte) 0x6f, (byte) 0x72, + (byte) 0x6e, (byte) 0x69, (byte) 0x61, (byte) 0x31, (byte) 0x16, + (byte) 0x30, (byte) 0x14, (byte) 0x06, (byte) 0x03, (byte) 0x55, + 0x04, (byte) 0x07, (byte) 0x0c, (byte) 0x0d, (byte) 0x4d, + (byte) 0x6f, (byte) 0x75, (byte) 0x6e, (byte) 0x74, (byte) 0x61, + (byte) 0x69, (byte) 0x6e, (byte) 0x20, (byte) 0x56, (byte) 0x69, + (byte) 0x65, 0x77, (byte) 0x31, (byte) 0x15, (byte) 0x30, + (byte) 0x13, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, + (byte) 0x0a, (byte) 0x0c, (byte) 0x0c, (byte) 0x47, (byte) 0x6f, + (byte) 0x6f, (byte) 0x67, 0x6c, (byte) 0x65, (byte) 0x2c, + (byte) 0x20, (byte) 0x49, (byte) 0x6e, (byte) 0x63, (byte) 0x2e, + (byte) 0x31, (byte) 0x10, (byte) 0x30, (byte) 0x0e, (byte) 0x06, + (byte) 0x03, (byte) 0x55, (byte) 0x04, 0x0b, (byte) 0x0c, + (byte) 0x07, (byte) 0x41, (byte) 0x6e, (byte) 0x64, (byte) 0x72, + (byte) 0x6f, (byte) 0x69, (byte) 0x64, (byte) 0x31, (byte) 0x33, + (byte) 0x30, (byte) 0x31, (byte) 0x06, (byte) 0x03, 0x55, + (byte) 0x04, (byte) 0x03, (byte) 0x0c, (byte) 0x2a, (byte) 0x41, + (byte) 0x6e, (byte) 0x64, (byte) 0x72, (byte) 0x6f, (byte) 0x69, + (byte) 0x64, (byte) 0x20, (byte) 0x4b, (byte) 0x65, (byte) 0x79, + 0x73, (byte) 0x74, (byte) 0x6f, (byte) 0x72, (byte) 0x65, + (byte) 0x20, (byte) 0x53, (byte) 0x6f, (byte) 0x66, (byte) 0x74, + (byte) 0x77, (byte) 0x61, (byte) 0x72, (byte) 0x65, (byte) 0x20, + (byte) 0x41, 0x74, (byte) 0x74, (byte) 0x65, (byte) 0x73, + (byte) 0x74, (byte) 0x61, (byte) 0x74, (byte) 0x69, (byte) 0x6f, + (byte) 0x6e, (byte) 0x20, (byte) 0x52, (byte) 0x6f, (byte) 0x6f, + (byte) 0x74, (byte) 0x30, 0x1e, (byte) 0x17, (byte) 0x0d, + (byte) 0x31, (byte) 0x36, (byte) 0x30, (byte) 0x31, (byte) 0x31, + (byte) 0x31, (byte) 0x30, (byte) 0x30, (byte) 0x34, (byte) 0x33, + (byte) 0x35, (byte) 0x30, (byte) 0x5a, 0x17, (byte) 0x0d, + (byte) 0x33, (byte) 0x36, (byte) 0x30, (byte) 0x31, (byte) 0x30, + (byte) 0x36, (byte) 0x30, (byte) 0x30, (byte) 0x34, (byte) 0x33, + (byte) 0x35, (byte) 0x30, (byte) 0x5a, (byte) 0x30, (byte) 0x81, + (byte) 0x98, (byte) 0x31, (byte) 0x0b, (byte) 0x30, (byte) 0x09, + (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x06, + (byte) 0x13, (byte) 0x02, (byte) 0x55, (byte) 0x53, (byte) 0x31, + 0x13, (byte) 0x30, (byte) 0x11, (byte) 0x06, (byte) 0x03, + (byte) 0x55, (byte) 0x04, (byte) 0x08, (byte) 0x0c, (byte) 0x0a, + (byte) 0x43, (byte) 0x61, (byte) 0x6c, (byte) 0x69, (byte) 0x66, + (byte) 0x6f, 0x72, (byte) 0x6e, (byte) 0x69, (byte) 0x61, + (byte) 0x31, (byte) 0x16, (byte) 0x30, (byte) 0x14, (byte) 0x06, + (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x07, (byte) 0x0c, + (byte) 0x0d, (byte) 0x4d, 0x6f, (byte) 0x75, (byte) 0x6e, + (byte) 0x74, (byte) 0x61, (byte) 0x69, (byte) 0x6e, (byte) 0x20, + (byte) 0x56, (byte) 0x69, (byte) 0x65, (byte) 0x77, (byte) 0x31, + (byte) 0x15, (byte) 0x30, (byte) 0x13, 0x06, (byte) 0x03, + (byte) 0x55, (byte) 0x04, (byte) 0x0a, (byte) 0x0c, (byte) 0x0c, + (byte) 0x47, (byte) 0x6f, (byte) 0x6f, (byte) 0x67, (byte) 0x6c, + (byte) 0x65, (byte) 0x2c, (byte) 0x20, (byte) 0x49, 0x6e, + (byte) 0x63, (byte) 0x2e, (byte) 0x31, (byte) 0x10, (byte) 0x30, + (byte) 0x0e, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, + (byte) 0x0b, (byte) 0x0c, (byte) 0x07, (byte) 0x41, (byte) 0x6e, + 0x64, (byte) 0x72, (byte) 0x6f, (byte) 0x69, (byte) 0x64, + (byte) 0x31, (byte) 0x33, (byte) 0x30, (byte) 0x31, (byte) 0x06, + (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x03, (byte) 0x0c, + (byte) 0x2a, 0x41, (byte) 0x6e, (byte) 0x64, (byte) 0x72, + (byte) 0x6f, (byte) 0x69, (byte) 0x64, (byte) 0x20, (byte) 0x4b, + (byte) 0x65, (byte) 0x79, (byte) 0x73, (byte) 0x74, (byte) 0x6f, + (byte) 0x72, (byte) 0x65, 0x20, (byte) 0x53, (byte) 0x6f, + (byte) 0x66, (byte) 0x74, (byte) 0x77, (byte) 0x61, (byte) 0x72, + (byte) 0x65, (byte) 0x20, (byte) 0x41, (byte) 0x74, (byte) 0x74, + (byte) 0x65, (byte) 0x73, (byte) 0x74, 0x61, (byte) 0x74, + (byte) 0x69, (byte) 0x6f, (byte) 0x6e, 0x77, (byte) 0x1f, + (byte) 0x44, (byte) 0x22, (byte) 0x6d, (byte) 0xbd, (byte) 0xb1, + (byte) 0xaf, (byte) 0xfa, (byte) 0x16, (byte) 0xcb, (byte) 0xc7, + (byte) 0xad, (byte) 0xc5, (byte) 0x77, (byte) 0xd2, (byte) 0x20, + (byte) 0x52, (byte) 0x6f, (byte) 0x6f, (byte) 0x74, (byte) 0x30, + (byte) 0x59, (byte) 0x30, (byte) 0x13, (byte) 0x06, (byte) 0x07, + 0x2a, (byte) 0x86, (byte) 0x48, (byte) 0xce, (byte) 0x3d, + (byte) 0x02, (byte) 0x01, (byte) 0x06, (byte) 0x08, (byte) 0x2a, + (byte) 0x86, (byte) 0x48, (byte) 0xce, (byte) 0x3d, (byte) 0x03, + (byte) 0x01, 0x07, (byte) 0x03, (byte) 0x42, (byte) 0x00, + (byte) 0x04, (byte) 0xee, (byte) 0x5d, (byte) 0x5e, (byte) 0xc7, + (byte) 0xe1, (byte) 0xc0, (byte) 0xdb, (byte) 0x6d, (byte) 0x03, + (byte) 0xa6, (byte) 0x7e, (byte) 0xe6, (byte) 0xb6, (byte) 0x1b, + (byte) 0xec, (byte) 0x4d, (byte) 0x6a, (byte) 0x5d, (byte) 0x6a, + (byte) 0x68, (byte) 0x2e, (byte) 0x0f, (byte) 0xff, (byte) 0x7f, + (byte) 0x49, (byte) 0x0e, (byte) 0x7d, 0x56, (byte) 0x9c, + (byte) 0xaa, (byte) 0xb7, (byte) 0xb0, (byte) 0x2d, (byte) 0x54, + (byte) 0x01, (byte) 0x5d, (byte) 0x3e, (byte) 0x43, (byte) 0x2b, + (byte) 0x2a, (byte) 0x8e, (byte) 0xd7, (byte) 0x4e, (byte) 0xec, + (byte) 0x48, (byte) 0x75, (byte) 0x41, (byte) 0xa4, (byte) 0xa3, + (byte) 0x63, (byte) 0x30, (byte) 0x61, (byte) 0x30, (byte) 0x1d, + (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x0e, + 0x04, (byte) 0x16, (byte) 0x04, (byte) 0x14, (byte) 0xc8, + (byte) 0xad, (byte) 0xe9, (byte) 0x77, (byte) 0x4c, (byte) 0x45, + (byte) 0xc3, (byte) 0xa3, (byte) 0xcf, (byte) 0x0d, (byte) 0x16, + (byte) 0x10, (byte) 0xe4, (byte) 0x79, (byte) 0x43, (byte) 0x3a, + (byte) 0x21, (byte) 0x5a, (byte) 0x30, (byte) 0xcf, (byte) 0x30, + (byte) 0x1f, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, + (byte) 0x23, (byte) 0x04, 0x18, (byte) 0x30, (byte) 0x16, + (byte) 0x80, (byte) 0x14, (byte) 0xc8, (byte) 0xad, (byte) 0xe9, + (byte) 0x77, (byte) 0x4c, (byte) 0x45, (byte) 0xc3, (byte) 0xa3, + (byte) 0xcf, (byte) 0x0d, (byte) 0x16, 0x10, (byte) 0xe4, + (byte) 0x79, (byte) 0x43, (byte) 0x3a, (byte) 0x21, (byte) 0x5a, + (byte) 0x30, (byte) 0xcf, (byte) 0x30, (byte) 0x0f, (byte) 0x06, + (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x13, 0x01, + (byte) 0x01, (byte) 0xff, (byte) 0x04, (byte) 0x05, (byte) 0x30, + (byte) 0x03, (byte) 0x01, (byte) 0x01, (byte) 0xff, (byte) 0x30, + (byte) 0x0e, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, + 0x0f, (byte) 0x01, (byte) 0x01, (byte) 0xff, (byte) 0x04, + (byte) 0x04, (byte) 0x03, (byte) 0x02, (byte) 0x02, (byte) 0x84, + (byte) 0x30, (byte) 0x0a, (byte) 0x06, (byte) 0x08, (byte) 0x2a, + (byte) 0x86, 0x48, (byte) 0xce, (byte) 0x3d, (byte) 0x04, + (byte) 0x03, (byte) 0x02, (byte) 0x03, (byte) 0x47, (byte) 0x00, + (byte) 0x30, (byte) 0x44, (byte) 0x02, (byte) 0x20, (byte) 0x35, + (byte) 0x21, (byte) 0xa3, (byte) 0xef, (byte) 0x8b, (byte) 0x34, + (byte) 0x46, (byte) 0x1e, (byte) 0x9c, (byte) 0xd5, (byte) 0x60, + (byte) 0xf3, (byte) 0x1d, (byte) 0x58, (byte) 0x89, (byte) 0x20, + (byte) 0x6a, (byte) 0xdc, (byte) 0xa3, 0x65, (byte) 0x41, + (byte) 0xf6, (byte) 0x0d, (byte) 0x9e, (byte) 0xce, (byte) 0x8a, + (byte) 0x19, (byte) 0x8c, (byte) 0x66, (byte) 0x48, (byte) 0x60, + (byte) 0x7b, (byte) 0x02, (byte) 0x20, (byte) 0x4d, 0x0b, + (byte) 0xf3, (byte) 0x51, (byte) 0xd9, (byte) 0x30, (byte) 0x7c, + (byte) 0x7d, (byte) 0x5b, (byte) 0xda, (byte) 0x35, (byte) 0x34, + (byte) 0x1d, (byte) 0xa8, (byte) 0x47, (byte) 0x1b, (byte) 0x63, + (byte) 0xa5, (byte) 0x85, (byte) 0x65, (byte) 0x3c, (byte) 0xad, + (byte) 0x4f, (byte) 0x24, (byte) 0xa7, (byte) 0xe7, (byte) 0x4d, + (byte) 0xaf, (byte) 0x41, (byte) 0x7d, (byte) 0xf1, + (byte) 0xbf, }; + + private static final byte[] X509Issuer = { + (byte) 0x30, (byte) 0x81, (byte) 0x88, (byte) 0x31, (byte) 0x0b, + (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, + (byte) 0x04, (byte) 0x06, (byte) 0x13, (byte) 0x02, (byte) 0x55, + (byte) 0x53, (byte) 0x31, (byte) 0x13, (byte) 0x30, (byte) 0x11, + (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x08, + (byte) 0x0c, (byte) 0x0a, (byte) 0x43, (byte) 0x61, (byte) 0x6c, + (byte) 0x69, (byte) 0x66, (byte) 0x6f, (byte) 0x72, (byte) 0x6e, + (byte) 0x69, (byte) 0x61, (byte) 0x31, (byte) 0x15, (byte) 0x30, + (byte) 0x13, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, + (byte) 0x0a, (byte) 0x0c, (byte) 0x0c, (byte) 0x47, (byte) 0x6f, + (byte) 0x6f, (byte) 0x67, (byte) 0x6c, (byte) 0x65, (byte) 0x2c, + (byte) 0x20, (byte) 0x49, (byte) 0x6e, (byte) 0x63, (byte) 0x2e, + (byte) 0x31, (byte) 0x10, (byte) 0x30, (byte) 0x0e, (byte) 0x06, + (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x0b, (byte) 0x0c, + (byte) 0x07, (byte) 0x41, (byte) 0x6e, (byte) 0x64, (byte) 0x72, + (byte) 0x6f, (byte) 0x69, (byte) 0x64, (byte) 0x31, (byte) 0x3b, + (byte) 0x30, (byte) 0x39, (byte) 0x06, (byte) 0x03, (byte) 0x55, + (byte) 0x04, (byte) 0x03, (byte) 0x0c, (byte) 0x32, (byte) 0x41, + (byte) 0x6e, (byte) 0x64, (byte) 0x72, (byte) 0x6f, (byte) 0x69, + (byte) 0x64, (byte) 0x20, (byte) 0x4b, (byte) 0x65, (byte) 0x79, + (byte) 0x73, (byte) 0x74, (byte) 0x6f, (byte) 0x72, (byte) 0x65, + (byte) 0x20, (byte) 0x53, (byte) 0x6f, (byte) 0x66, (byte) 0x74, + (byte) 0x77, (byte) 0x61, (byte) 0x72, (byte) 0x65, (byte) 0x20, + (byte) 0x41, (byte) 0x74, (byte) 0x74, (byte) 0x65, (byte) 0x73, + (byte) 0x74, (byte) 0x61, (byte) 0x74, (byte) 0x69, (byte) 0x6f, + (byte) 0x6e, (byte) 0x20, (byte) 0x49, (byte) 0x6e, (byte) 0x74, + (byte) 0x65, (byte) 0x72, (byte) 0x6d, (byte) 0x65, (byte) 0x64, + (byte) 0x69, (byte) 0x61, (byte) 0x74, (byte) 0x65 }; // AttestationApplicationId ::= SEQUENCE { // * packageInfoRecords SET OF PackageInfoRecord, // * signatureDigests SET OF OCTET_STRING, @@ -71,8 +409,8 @@ public class KMFunctionalTest { private static final byte[] attAppId = {0x30, 0x10, 0x31, 0x0B, 0x30, 0x04, 0x05, 'A', 'B', 'C', 'D', 'E', 0x02, 0x01, 0x01, 0x31, 0x02, 0x04, 0x00}; private static final byte[] attChallenge = {'c','h','a','l','l','e','n','g','e'}; - private static final byte[] expiryTime = {0x32,0x30,0x35,0x37,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5A}; - private static final byte[] authKeyId = {1,2,3,4,5,6,7,8,9,1,2,3,4,5,6,7,8,9,1,2}; + private static final byte[] expiryTime = {(byte)0x32, (byte)0x36, (byte)0x30, (byte)0x31, (byte)0x30, (byte)0x38, (byte)0x30, (byte)0x30, (byte)0x34, (byte)0x36, (byte)0x30, (byte)0x39, (byte)0x5a}; + private static final byte[] authKeyId = { (byte)0x80, (byte)0x14, (byte)0xc8, (byte)0xad, (byte)0xe9, (byte)0x77, (byte)0x4c, (byte)0x45, (byte)0xc3, (byte)0xa3, (byte)0xcf, (byte)0x0d, (byte)0x16, (byte)0x10, (byte)0xe4, (byte)0x79, (byte)0x43, (byte)0x3a, (byte)0x21, (byte)0x5a, (byte)0x30, (byte)0xcf}; private KMSEProvider sim; private CardSimulator simulator; @@ -81,8 +419,8 @@ public class KMFunctionalTest { private KMSEProvider cryptoProvider; public KMFunctionalTest(){ - cryptoProvider = KMSEProviderImpl.instance(); - sim = KMSEProviderImpl.instance(); + cryptoProvider = KMSEProviderImpl.instance(false); + sim = KMSEProviderImpl.instance(false); simulator = new CardSimulator(); encoder = new KMEncoder(); decoder = new KMDecoder(); @@ -96,153 +434,203 @@ private void init(){ simulator.selectApplet(appletAID); // provision attest key provisionCmd(simulator); - // set bootup parameters - setBootParams(simulator,(short)1,(short)1); - } - - private void initBackUpStore(){ - // Create simulator - AID appletAID2 = AIDUtil.create("A000000063"); - simulator.installApplet(appletAID2, KMBackupStoreApplet.class); - //simulator.selectApplet(appletAID2); } - private void setBootParams(CardSimulator simulator, short osVersion, short osPatchLevel){ + private void setBootParams(CardSimulator simulator, short osVersion, + short osPatchLevel, short vendorPatchLevel, short bootPatchLevel) { // Argument 1 OS Version short versionPtr = KMInteger.uint_16(osVersion); -// short versionTagPtr = KMIntegerTag.instance(KMType.UINT_TAG, KMType.OS_VERSION,versionPatchPtr); + // short versionTagPtr = KMIntegerTag.instance(KMType.UINT_TAG, + // KMType.OS_VERSION,versionPatchPtr); // Argument 2 OS Patch level short patchPtr = KMInteger.uint_16(osPatchLevel); + short vendorpatchPtr = KMInteger.uint_16((short) vendorPatchLevel); + short bootpatchPtr = KMInteger.uint_16((short) bootPatchLevel); // Argument 3 Verified Boot Key byte[] bootKeyHash = "00011122233344455566677788899900".getBytes(); - short bootKeyPtr = KMByteBlob.instance(bootKeyHash,(short)0, (short)bootKeyHash.length); + short bootKeyPtr = KMByteBlob.instance(bootKeyHash, (short) 0, + (short) bootKeyHash.length); // Argument 4 Verified Boot Hash - short bootHashPtr = KMByteBlob.instance(bootKeyHash,(short)0, (short)bootKeyHash.length); + short bootHashPtr = KMByteBlob.instance(bootKeyHash, (short) 0, + (short) bootKeyHash.length); // Argument 5 Verified Boot State - short bootStatePtr = KMEnum.instance(KMType.VERIFIED_BOOT_STATE,KMType.VERIFIED_BOOT); + short bootStatePtr = KMEnum.instance(KMType.VERIFIED_BOOT_STATE, + KMType.VERIFIED_BOOT); // Argument 6 Device Locked - short deviceLockedPtr = KMEnum.instance(KMType.DEVICE_LOCKED, KMType.DEVICE_LOCKED_FALSE); + short deviceLockedPtr = KMEnum.instance(KMType.DEVICE_LOCKED, + KMType.DEVICE_LOCKED_FALSE); // Arguments - short arrPtr = KMArray.instance((short) 6); + short arrPtr = KMArray.instance((short) 8); KMArray vals = KMArray.cast(arrPtr); - vals.add((short)0, versionPtr); + vals.add((short) 0, versionPtr); vals.add((short) 1, patchPtr); - vals.add((short) 2, bootKeyPtr); - vals.add((short) 3, bootHashPtr); - vals.add((short) 4, bootStatePtr); - vals.add((short) 5, deviceLockedPtr); - CommandAPDU apdu = encodeApdu((byte)0x24, arrPtr); + vals.add((short) 2, vendorpatchPtr); + vals.add((short) 3, bootpatchPtr); + vals.add((short) 4, bootKeyPtr); + vals.add((short) 5, bootHashPtr); + vals.add((short) 6, bootStatePtr); + vals.add((short) 7, deviceLockedPtr); + CommandAPDU apdu = encodeApdu((byte) INS_SET_BOOT_PARAMS_CMD, arrPtr); // print(commandAPDU.getBytes()); ResponseAPDU response = simulator.transmitCommand(apdu); Assert.assertEquals(0x9000, response.getSW()); } - //TODO change this - private void provisionCmd(CardSimulator simulator) { -/* // Argument 1 - short arrPtr = KMArray.instance((short) 1); - KMArray vals = KMArray.cast(arrPtr); - vals.add((short) 0, KMEnumTag.instance(KMType.ALGORITHM, KMType.RSA)); - short keyparamsPtr = KMKeyParameters.instance(arrPtr); - // Argument 2 - short keyFormatPtr = KMEnum.instance(KMType.KEY_FORMAT, KMType.X509); - // Argument 3 - byte[] byteBlob = new byte[48]; - for (short i = 0; i < 48; i++) { - byteBlob[i] = (byte) i; - } - short keyBlobPtr = KMByteBlob.instance(byteBlob, (short) 0, (short)byteBlob.length); - // Array of expected arguments - short argPtr = KMArray.instance((short) 3); - KMArray arg = KMArray.cast(argPtr); - arg.add((short) 0, keyparamsPtr); - arg.add((short) 1, keyFormatPtr); - arg.add((short) 2, keyBlobPtr); - CommandAPDU apdu = encodeApdu((byte)0x23, argPtr); + private void provisionSigningCertificate(CardSimulator simulator) { + short byteBlobPtr = KMByteBlob.instance( + (short) (kEcAttestCert.length + kEcAttestRootCert.length)); + Util.arrayCopyNonAtomic(kEcAttestCert, (short) 0, + KMByteBlob.cast(byteBlobPtr).getBuffer(), + KMByteBlob.cast(byteBlobPtr).getStartOff(), + (short) kEcAttestCert.length); + Util.arrayCopyNonAtomic(kEcAttestRootCert, (short) 0, + KMByteBlob.cast(byteBlobPtr).getBuffer(), + (short) (KMByteBlob.cast(byteBlobPtr).getStartOff() + + kEcAttestCert.length), + (short) kEcAttestRootCert.length); + CommandAPDU apdu = encodeApdu( + (byte) INS_PROVISION_ATTESTATION_CERT_CHAIN_CMD, byteBlobPtr); // print(commandAPDU.getBytes()); ResponseAPDU response = simulator.transmitCommand(apdu); Assert.assertEquals(0x9000, response.getSW()); -*/ -/* KeyPair rsaKeyPair = cryptoProvider.createRsaKeyPair(); - byte[] pub = new byte[4]; - short len = ((RSAPublicKey)rsaKeyPair.getPublic()).getExponent(pub,(short)1); - byte[] priv = new byte[256]; - byte[] mod = new byte[256]; - len = ((RSAPrivateKey)rsaKeyPair.getPrivate()).getModulus(mod,(short)0); - len = ((RSAPrivateKey)rsaKeyPair.getPrivate()).getExponent(priv,(short)0); -*/ - byte[] sharedKeySecret = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}; - byte[] pub = new byte[]{0x00,0x01,0x00,0x01}; - byte[] mod = new byte[256]; - byte[] priv = new byte[256]; - short[] lengths = new short[2]; - cryptoProvider.createAsymmetricKey(KMType.RSA,priv,(short)0,(short)256,mod,(short)0, (short)256,lengths); - short arrPtr = KMArray.instance((short)15); - short boolTag = KMBoolTag.instance(KMType.NO_AUTH_REQUIRED); - short keySize = KMIntegerTag.instance(KMType.UINT_TAG, KMType.KEYSIZE, KMInteger.uint_16((short)2048)); - short byteBlob = KMByteBlob.instance((short)1); - KMByteBlob.cast(byteBlob).add((short)0, KMType.SHA2_256); + } + + private void provisionSigningKey(CardSimulator simulator) { + // KeyParameters. + short arrPtr = KMArray.instance((short) 4); + short ecCurve = KMEnumTag.instance(KMType.ECCURVE, KMType.P_256); + short byteBlob = KMByteBlob.instance((short) 1); + KMByteBlob.cast(byteBlob).add((short) 0, KMType.SHA2_256); short digest = KMEnumArrayTag.instance(KMType.DIGEST, byteBlob); - short rsaPubExpTag = KMIntegerTag.instance(KMType.ULONG_TAG,KMType.RSA_PUBLIC_EXPONENT, KMInteger.uint_32(pub, (short)0)); - short byteBlob1 = KMByteBlob.instance((short)1); - KMByteBlob.cast(byteBlob1).add((short)0, KMType.RSA_PKCS1_1_5_SIGN); - short padding = KMEnumArrayTag.instance(KMType.PADDING, byteBlob1); - short byteBlob2 = KMByteBlob.instance((short)1); - KMByteBlob.cast(byteBlob2).add((short)0, KMType.ATTEST_KEY); + short byteBlob2 = KMByteBlob.instance((short) 1); + KMByteBlob.cast(byteBlob2).add((short) 0, KMType.ATTEST_KEY); short purpose = KMEnumArrayTag.instance(KMType.PURPOSE, byteBlob2); - KMArray.cast(arrPtr).add((short)0, boolTag); - KMArray.cast(arrPtr).add((short)1, keySize); - KMArray.cast(arrPtr).add((short)2, digest); - KMArray.cast(arrPtr).add((short)3, rsaPubExpTag); - KMArray.cast(arrPtr).add((short)4, KMEnumTag.instance(KMType.ALGORITHM, KMType.RSA)); - KMArray.cast(arrPtr).add((short)5, padding); - KMArray.cast(arrPtr).add((short)6, purpose); + KMArray.cast(arrPtr).add((short) 0, ecCurve); + KMArray.cast(arrPtr).add((short) 1, digest); + KMArray.cast(arrPtr).add((short) 2, + KMEnumTag.instance(KMType.ALGORITHM, KMType.EC)); + KMArray.cast(arrPtr).add((short) 3, purpose); + short keyParams = KMKeyParameters.instance(arrPtr); + // Note: VTS uses PKCS8 KeyFormat RAW + short keyFormatPtr = KMEnum.instance(KMType.KEY_FORMAT, KMType.RAW); + + // Key + short signKeyPtr = KMArray.instance((short) 2); + KMArray.cast(signKeyPtr).add((short) 0, KMByteBlob.instance(kEcPrivKey, + (short) 0, (short) kEcPrivKey.length)); + KMArray.cast(signKeyPtr).add((short) 1, KMByteBlob.instance(kEcPubKey, + (short) 0, (short) kEcPubKey.length)); + byte[] keyBuf = new byte[120]; + short len = encoder.encode(signKeyPtr, keyBuf, (short) 0); + short signKeyBstr = KMByteBlob.instance(keyBuf, (short) 0, len); + + short finalArrayPtr = KMArray.instance((short) 3); + KMArray.cast(finalArrayPtr).add((short) 0, keyParams); + KMArray.cast(finalArrayPtr).add((short) 1, keyFormatPtr); + KMArray.cast(finalArrayPtr).add((short) 2, signKeyBstr); + + CommandAPDU apdu = encodeApdu((byte) INS_PROVISION_ATTESTATION_KEY_CMD, + finalArrayPtr); + // print(commandAPDU.getBytes()); + ResponseAPDU response = simulator.transmitCommand(apdu); + Assert.assertEquals(0x9000, response.getSW()); + } + + private void provisionCertificateParams(CardSimulator simulator) { + + short arrPtr = KMArray.instance((short) 3); + short byteBlob1 = KMByteBlob.instance(X509Issuer, (short) 0, + (short) X509Issuer.length); + KMArray.cast(arrPtr).add((short) 0, byteBlob1); + short byteBlob2 = KMByteBlob.instance(expiryTime, (short) 0, + (short) expiryTime.length); + KMArray.cast(arrPtr).add((short) 1, byteBlob2); + short byteBlob3 = KMByteBlob.instance(authKeyId, (short) 0, + (short) authKeyId.length); + KMArray.cast(arrPtr).add((short) 2, byteBlob3); + + CommandAPDU apdu = encodeApdu( + (byte) INS_PROVISION_ATTESTATION_CERT_PARAMS_CMD, arrPtr); + // print(commandAPDU.getBytes()); + ResponseAPDU response = simulator.transmitCommand(apdu); + Assert.assertEquals(0x9000, response.getSW()); + } + + private void provisionSharedSecret(CardSimulator simulator) { + byte[] sharedKeySecret = { + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0 }; + short arrPtr = KMArray.instance((short) 1); + short byteBlob = KMByteBlob.instance(sharedKeySecret, (short) 0, + (short) sharedKeySecret.length); + KMArray.cast(arrPtr).add((short) 0, byteBlob); + + CommandAPDU apdu = encodeApdu((byte) INS_PROVISION_SHARED_SECRET_CMD, + arrPtr); + // print(commandAPDU.getBytes()); + ResponseAPDU response = simulator.transmitCommand(apdu); + Assert.assertEquals(0x9000, response.getSW()); + } + + private void provisionAttestIds(CardSimulator simulator) { + short arrPtr = KMArray.instance((short) 8); + byte[] buf = "Attestation Id".getBytes(); - //Attestatation Ids. - KMArray.cast(arrPtr).add((short)7, KMByteTag.instance(KMType.ATTESTATION_ID_BRAND, - KMByteBlob.instance(buf,(short)0, (short)buf.length))); - KMArray.cast(arrPtr).add((short)8, KMByteTag.instance(KMType.ATTESTATION_ID_PRODUCT, - KMByteBlob.instance(buf,(short)0, (short)buf.length))); - KMArray.cast(arrPtr).add((short)9, KMByteTag.instance(KMType.ATTESTATION_ID_DEVICE, - KMByteBlob.instance(buf,(short)0, (short)buf.length))); - KMArray.cast(arrPtr).add((short)10, KMByteTag.instance(KMType.ATTESTATION_ID_MODEL, - KMByteBlob.instance(buf,(short)0, (short)buf.length))); - KMArray.cast(arrPtr).add((short)11, KMByteTag.instance(KMType.ATTESTATION_ID_IMEI, - KMByteBlob.instance(buf,(short)0, (short)buf.length))); - KMArray.cast(arrPtr).add((short)12, KMByteTag.instance(KMType.ATTESTATION_ID_MEID, - KMByteBlob.instance(buf,(short)0, (short)buf.length))); - KMArray.cast(arrPtr).add((short)13, KMByteTag.instance(KMType.ATTESTATION_ID_MANUFACTURER, - KMByteBlob.instance(buf,(short)0, (short)buf.length))); - KMArray.cast(arrPtr).add((short)14, KMByteTag.instance(KMType.ATTESTATION_ID_SERIAL, - KMByteBlob.instance(buf,(short)0, (short)buf.length))); + + KMArray.cast(arrPtr).add((short) 0, + KMByteTag.instance(KMType.ATTESTATION_ID_BRAND, + KMByteBlob.instance(buf, (short) 0, (short) buf.length))); + KMArray.cast(arrPtr).add((short) 1, + KMByteTag.instance(KMType.ATTESTATION_ID_PRODUCT, + KMByteBlob.instance(buf, (short) 0, (short) buf.length))); + KMArray.cast(arrPtr).add((short) 2, + KMByteTag.instance(KMType.ATTESTATION_ID_DEVICE, + KMByteBlob.instance(buf, (short) 0, (short) buf.length))); + KMArray.cast(arrPtr).add((short) 3, + KMByteTag.instance(KMType.ATTESTATION_ID_MODEL, + KMByteBlob.instance(buf, (short) 0, (short) buf.length))); + KMArray.cast(arrPtr).add((short) 4, + KMByteTag.instance(KMType.ATTESTATION_ID_IMEI, + KMByteBlob.instance(buf, (short) 0, (short) buf.length))); + KMArray.cast(arrPtr).add((short) 5, + KMByteTag.instance(KMType.ATTESTATION_ID_MEID, + KMByteBlob.instance(buf, (short) 0, (short) buf.length))); + KMArray.cast(arrPtr).add((short) 6, + KMByteTag.instance(KMType.ATTESTATION_ID_MANUFACTURER, + KMByteBlob.instance(buf, (short) 0, (short) buf.length))); + KMArray.cast(arrPtr).add((short) 7, + KMByteTag.instance(KMType.ATTESTATION_ID_SERIAL, + KMByteBlob.instance(buf, (short) 0, (short) buf.length))); short keyParams = KMKeyParameters.instance(arrPtr); - short keyFormatPtr = KMEnum.instance(KMType.KEY_FORMAT, KMType.RAW);// Note: VTS uses PKCS8 - short keyBlob = KMArray.instance((short)2); - KMArray.cast(keyBlob).add((short)0, KMByteBlob.instance(priv,(short)0,(short)256)); - KMArray.cast(keyBlob).add((short)1, KMByteBlob.instance(mod,(short)0,(short)256)); - byte[] blob = new byte[620]; - short len = encoder.encode(keyBlob,blob,(short)0); - keyBlob = KMByteBlob.instance(blob, (short)0, len); - arrPtr = KMArray.instance((short)7); - KMArray arg = KMArray.cast(arrPtr); - arg.add((short) 0, keyParams); - arg.add((short)1, keyFormatPtr); - arg.add((short)2, keyBlob); - short byteBlob3 = KMByteBlob.instance(X509Issuer, (short)0, (short)X509Issuer.length); - arg.add((short)3, byteBlob3); - short byteBlob4 = KMByteBlob.instance(expiryTime, (short)0, (short)expiryTime.length); - arg.add((short)4, byteBlob4); - short byteBlob5 = KMByteBlob.instance(authKeyId, (short)0, (short)authKeyId.length); - arg.add((short)5, byteBlob5); - short byteBlob6 = KMByteBlob.instance(sharedKeySecret, (short)0, (short)sharedKeySecret.length); - arg.add((short)6, byteBlob6); - CommandAPDU apdu = encodeApdu((byte)0x23, arrPtr); + short outerArrPtr = KMArray.instance((short) 1); + KMArray.cast(outerArrPtr).add((short) 0, keyParams); + CommandAPDU apdu = encodeApdu((byte) INS_PROVISION_ATTEST_IDS_CMD, + outerArrPtr); // print(commandAPDU.getBytes()); ResponseAPDU response = simulator.transmitCommand(apdu); Assert.assertEquals(0x9000, response.getSW()); } + private void provisionLocked(CardSimulator simulator) { + CommandAPDU commandAPDU = new CommandAPDU(0x80, INS_LOCK_PROVISIONING_CMD, + 0x40, 0x00); + // print(commandAPDU.getBytes()); + ResponseAPDU response = simulator.transmitCommand(commandAPDU); + Assert.assertEquals(0x9000, response.getSW()); + } + + private void provisionCmd(CardSimulator simulator) { + provisionSigningKey(simulator); + provisionSigningCertificate(simulator); + provisionCertificateParams(simulator); + provisionSharedSecret(simulator); + provisionAttestIds(simulator); + // set bootup parameters + setBootParams(simulator,(short)1,(short)1, (short)0, (short)0); + provisionLocked(simulator); + } + private void cleanUp(){ AID appletAID = AIDUtil.create("A000000062"); // Delete i.e. uninstall applet @@ -255,7 +643,7 @@ private void cleanUpBkUpStore(){ simulator.deleteApplet(appletAID); } private CommandAPDU encodeApdu(byte ins, short cmd){ - byte[] buf = new byte[2048]; + byte[] buf = new byte[2500]; buf[0] = (byte)0x80; buf[1] = ins; buf[2] = (byte)0x40; @@ -269,19 +657,6 @@ private CommandAPDU encodeApdu(byte ins, short cmd){ return new CommandAPDU(apdu); } - @Test - public void testBackupRestore(){ - init(); - initBackUpStore(); - CommandAPDU commandAPDU = new CommandAPDU(0x80, 0x27, 0x40, 0x00); - ResponseAPDU response = simulator.transmitCommand(commandAPDU); - byte[] data = response.getBytes(); - Assert.assertEquals(data[0], KMError.OK); - commandAPDU = new CommandAPDU(0x80, 0x28, 0x40, 0x00); - response = simulator.transmitCommand(commandAPDU); - data = response.getBytes(); - Assert.assertEquals(data[0], KMError.OK); - } @Test public void testAesImportKeySuccess() { init(); @@ -312,7 +687,7 @@ public void testAesImportKeySuccess() { arg.add((short) 0, keyParams); arg.add((short)1, keyFormatPtr); arg.add((short)2, keyBlob); - CommandAPDU apdu = encodeApdu((byte)0x11, arrPtr); + CommandAPDU apdu = encodeApdu((byte)INS_IMPORT_KEY_CMD, arrPtr); // print(commandAPDU.getBytes()); ResponseAPDU response = simulator.transmitCommand(apdu); short ret = KMArray.instance((short) 3); @@ -373,7 +748,7 @@ public void testHmacImportKeySuccess() { arg.add((short) 0, keyParams); arg.add((short)1, keyFormatPtr); arg.add((short)2, keyBlob); - CommandAPDU apdu = encodeApdu((byte)0x11, arrPtr); + CommandAPDU apdu = encodeApdu((byte)INS_IMPORT_KEY_CMD, arrPtr); // print(commandAPDU.getBytes()); ResponseAPDU response = simulator.transmitCommand(apdu); short ret = KMArray.instance((short) 3); @@ -454,7 +829,7 @@ public void testRsaImportKeySuccess() { arg.add((short) 0, keyParams); arg.add((short)1, keyFormatPtr); arg.add((short)2, keyBlob); - CommandAPDU apdu = encodeApdu((byte)0x11, arrPtr); + CommandAPDU apdu = encodeApdu((byte)INS_IMPORT_KEY_CMD, arrPtr); // print(commandAPDU.getBytes()); ResponseAPDU response = simulator.transmitCommand(apdu); short ret = KMArray.instance((short) 3); @@ -602,7 +977,7 @@ private void deviceLock(short verToken) { short req = KMArray.instance((short)2); KMArray.cast(req).add((short)0, KMInteger.uint_8((byte)1)); KMArray.cast(req).add((short)1, verToken); - CommandAPDU apdu = encodeApdu((byte)0x25,req); + CommandAPDU apdu = encodeApdu((byte)INS_DEVICE_LOCKED_CMD,req); ResponseAPDU response = simulator.transmitCommand(apdu); short ret = KMArray.instance((short) 1); KMArray.cast(ret).add((short) 0, KMInteger.exp()); @@ -706,7 +1081,7 @@ public void testEcImportKeySuccess() { arg.add((short) 0, keyParams); arg.add((short)1, keyFormatPtr); arg.add((short)2, keyBlob); - CommandAPDU apdu = encodeApdu((byte)0x11, arrPtr); + CommandAPDU apdu = encodeApdu((byte)INS_IMPORT_KEY_CMD, arrPtr); // print(commandAPDU.getBytes()); ResponseAPDU response = simulator.transmitCommand(apdu); short ret = KMArray.instance((short) 3); @@ -837,7 +1212,7 @@ private short generateRsaKey(byte[] clientId, byte[] appData){ arrPtr = KMArray.instance((short)1); KMArray arg = KMArray.cast(arrPtr); arg.add((short) 0, keyParams); - CommandAPDU apdu = encodeApdu((byte)0x10, arrPtr); + CommandAPDU apdu = encodeApdu((byte)INS_GENERATE_KEY_CMD, arrPtr); // print(commandAPDU.getBytes()); ResponseAPDU response = simulator.transmitCommand(apdu); Assert.assertEquals(0x9000, response.getSW()); @@ -890,7 +1265,7 @@ private short generateAttestationKey(){ arrPtr = KMArray.instance((short)1); KMArray arg = KMArray.cast(arrPtr); arg.add((short) 0, keyParams); - CommandAPDU apdu = encodeApdu((byte)0x10, arrPtr); + CommandAPDU apdu = encodeApdu((byte)INS_GENERATE_KEY_CMD, arrPtr); // print(commandAPDU.getBytes()); ResponseAPDU response = simulator.transmitCommand(apdu); Assert.assertEquals(0x9000, response.getSW()); @@ -957,7 +1332,7 @@ public short generateEcKey(byte[] clientId, byte[] appData) { arrPtr = KMArray.instance((short)1); KMArray arg = KMArray.cast(arrPtr); arg.add((short) 0, keyParams); - CommandAPDU apdu = encodeApdu((byte)0x10, arrPtr); + CommandAPDU apdu = encodeApdu((byte)INS_GENERATE_KEY_CMD, arrPtr); // print(commandAPDU.getBytes()); ResponseAPDU response = simulator.transmitCommand(apdu); Assert.assertEquals(0x9000, response.getSW()); @@ -1024,7 +1399,7 @@ public short generateHmacKey(byte[] clientId, byte[] appData){ arrPtr = KMArray.instance((short)1); KMArray arg = KMArray.cast(arrPtr); arg.add((short) 0, keyParams); - CommandAPDU apdu = encodeApdu((byte)0x10, arrPtr); + CommandAPDU apdu = encodeApdu((byte)INS_GENERATE_KEY_CMD, arrPtr); // print(commandAPDU.getBytes()); ResponseAPDU response = simulator.transmitCommand(apdu); short ret = KMArray.instance((short) 3); @@ -1078,7 +1453,7 @@ public short generateAesDesKey(byte alg, short keysize, byte[] clientId, byte[] arrPtr = KMArray.instance((short)1); KMArray arg = KMArray.cast(arrPtr); arg.add((short) 0, keyParams); - CommandAPDU apdu = encodeApdu((byte)0x10, arrPtr); + CommandAPDU apdu = encodeApdu((byte)INS_GENERATE_KEY_CMD, arrPtr); // print(commandAPDU.getBytes()); ResponseAPDU response = simulator.transmitCommand(apdu); short ret = KMArray.instance((short) 3); @@ -1129,7 +1504,7 @@ public short generateAesGcmKey(short keysize, byte[] clientId, byte[] appData) { arrPtr = KMArray.instance((short)1); KMArray arg = KMArray.cast(arrPtr); arg.add((short) 0, keyParams); - CommandAPDU apdu = encodeApdu((byte)0x10, arrPtr); + CommandAPDU apdu = encodeApdu((byte)INS_GENERATE_KEY_CMD, arrPtr); // print(commandAPDU.getBytes()); ResponseAPDU response = simulator.transmitCommand(apdu); short ret = KMArray.instance((short) 3); @@ -1183,7 +1558,7 @@ public void testComputeHmacParams(){ KMArray.cast(arr).add((short)1,params2); short arrPtr = KMArray.instance((short)1); KMArray.cast(arrPtr).add((short)0,arr); - CommandAPDU apdu = encodeApdu((byte)0x19, arrPtr); + CommandAPDU apdu = encodeApdu((byte)INS_COMPUTE_SHARED_HMAC_CMD, arrPtr); // print(commandAPDU.getBytes()); ResponseAPDU response = simulator.transmitCommand(apdu); Assert.assertEquals(0x9000, response.getSW()); @@ -1202,7 +1577,7 @@ public void testComputeHmacParams(){ @Test public void testGetHmacSharingParams(){ init(); - CommandAPDU commandAPDU = new CommandAPDU(0x80, 0x1C, 0x40, 0x00); + CommandAPDU commandAPDU = new CommandAPDU(0x80, INS_GET_HMAC_SHARING_PARAM_CMD, 0x40, 0x00); //print(commandAPDU.getBytes()); ResponseAPDU response = simulator.transmitCommand(commandAPDU); KMDecoder dec = new KMDecoder(); @@ -1225,7 +1600,7 @@ public void testGetHmacSharingParams(){ cleanUp(); } public short getHmacSharingParams(){ - CommandAPDU commandAPDU = new CommandAPDU(0x80, 0x1C, 0x40, 0x00); + CommandAPDU commandAPDU = new CommandAPDU(0x80, INS_GET_HMAC_SHARING_PARAM_CMD, 0x40, 0x00); //print(commandAPDU.getBytes()); ResponseAPDU response = simulator.transmitCommand(commandAPDU); KMDecoder dec = new KMDecoder(); @@ -1319,7 +1694,7 @@ public void testImportWrappedKey(){ KMArray.cast(arr).add((short) 9, KMByteBlob.instance(authData,(short)0,(short)authData.length)); // Wrapped Key ASSOCIATED AUTH DATA KMArray.cast(arr).add((short) 10, KMInteger.uint_8((byte)0)); // Password Sid KMArray.cast(arr).add((short) 11, KMInteger.uint_8((byte)0)); // Biometric Sid - CommandAPDU apdu = encodeApdu((byte)0x12, arr); + CommandAPDU apdu = encodeApdu((byte)INS_IMPORT_WRAPPED_KEY_CMD, arr); // print(commandAPDU.getBytes()); ResponseAPDU response = simulator.transmitCommand(apdu); ret = KMArray.instance((short) 3); @@ -1366,7 +1741,7 @@ public void testGetKeyCharacteristicsWithIdDataSuccess() { KMArray.cast(arrPtr).add((short)0, keyBlob); KMArray.cast(arrPtr).add((short)1, KMByteBlob.instance(clientId,(short)0, (short)clientId.length)); KMArray.cast(arrPtr).add((short)2, KMByteBlob.instance(appData,(short)0, (short)appData.length)); - CommandAPDU apdu = encodeApdu((byte)0x1D, arrPtr); + CommandAPDU apdu = encodeApdu((byte)INS_GET_KEY_CHARACTERISTICS_CMD, arrPtr); // print(commandAPDU.getBytes()); ResponseAPDU response = simulator.transmitCommand(apdu); ret = KMArray.instance((short) 2); @@ -1393,7 +1768,7 @@ public void testGetKeyCharacteristicsSuccess() { KMArray.cast(arrPtr).add((short)0, keyBlob); KMArray.cast(arrPtr).add((short)1, KMByteBlob.instance((short)0)); KMArray.cast(arrPtr).add((short)2, KMByteBlob.instance((short)0)); - CommandAPDU apdu = encodeApdu((byte)0x1D, arrPtr); + CommandAPDU apdu = encodeApdu((byte)INS_GET_KEY_CHARACTERISTICS_CMD, arrPtr); // print(commandAPDU.getBytes()); ResponseAPDU response = simulator.transmitCommand(apdu); ret = KMArray.instance((short) 2); @@ -1439,7 +1814,7 @@ public void testDeleteAllKeySuccess() { keyBlobPtr = KMArray.cast(ret2).get((short)1); byte[] keyBlob2 = new byte[KMByteBlob.cast(keyBlobPtr).length()]; len = KMByteBlob.cast(keyBlobPtr).getValues(keyBlob2, (short)0); - CommandAPDU apdu = new CommandAPDU(0x80, 0x17, 0x40, 0x00); + CommandAPDU apdu = new CommandAPDU(0x80, INS_DELETE_ALL_KEYS_CMD, 0x40, 0x00); // print(commandAPDU.getBytes()); ResponseAPDU response = simulator.transmitCommand(apdu); byte[] respBuf = response.getBytes(); @@ -1458,7 +1833,7 @@ public void testDeleteAllKeySuccess() { private short deleteKey(short keyBlob) { short arrPtr = KMArray.instance((short)1); KMArray.cast(arrPtr).add((short)0, keyBlob); - CommandAPDU apdu = encodeApdu((byte)0x16, arrPtr); + CommandAPDU apdu = encodeApdu((byte)INS_DELETE_KEY_CMD, arrPtr); // print(commandAPDU.getBytes()); ResponseAPDU response = simulator.transmitCommand(apdu); byte[] respBuf = response.getBytes(); @@ -1468,7 +1843,7 @@ private short deleteKey(short keyBlob) { private short abort(short opHandle) { short arrPtr = KMArray.instance((short)1); KMArray.cast(arrPtr).add((short)0, opHandle); - CommandAPDU apdu = encodeApdu((byte)0x22, arrPtr); + CommandAPDU apdu = encodeApdu((byte)INS_ABORT_OPERATION_CMD, arrPtr); // print(commandAPDU.getBytes()); ResponseAPDU response = simulator.transmitCommand(apdu); byte[] respBuf = response.getBytes(); @@ -1480,7 +1855,7 @@ public short getKeyCharacteristics(short keyBlob){ KMArray.cast(arrPtr).add((short)0, keyBlob); KMArray.cast(arrPtr).add((short)1, KMByteBlob.instance((short)0)); KMArray.cast(arrPtr).add((short)2, KMByteBlob.instance((short)0)); - CommandAPDU apdu = encodeApdu((byte)0x1D, arrPtr); + CommandAPDU apdu = encodeApdu((byte)INS_GET_KEY_CHARACTERISTICS_CMD, arrPtr); // print(commandAPDU.getBytes()); ResponseAPDU response = simulator.transmitCommand(apdu); short ret = KMArray.instance((short) 2); @@ -1764,7 +2139,7 @@ public void testAttestKey(byte[] keyBlob){ short args = KMArray.instance((short)2); KMArray.cast(args).add((short)0, KMByteBlob.instance(keyBlob,(short)0,(short)keyBlob.length)); KMArray.cast(args).add((short)1, keyParams); - CommandAPDU apdu = encodeApdu((byte)0x14, args); + CommandAPDU apdu = encodeApdu((byte)INS_ATTEST_KEY_CMD, args); //print(apdu.getBytes(),(short)0,(short)apdu.getBytes().length); ResponseAPDU response = simulator.transmitCommand(apdu); short ret = KMArray.instance((short) 2); @@ -1800,7 +2175,7 @@ public void testUpgradeKey(){ osPatch = KMIntegerTag.cast(osPatch).getValue(); Assert.assertEquals(KMInteger.cast(osVersion).getShort(), 1); Assert.assertEquals(KMInteger.cast(osPatch).getShort(), 1); - setBootParams(simulator,(short) 2,(short)2); + setBootParams(simulator,(short) 2,(short)2, (short)1, (short)1); ret = upgradeKey(KMByteBlob.instance(keyBlob, (short)0, (short)keyBlob.length),null, null); keyBlobPtr = KMArray.cast(ret).get((short)1); ret = getKeyCharacteristics(keyBlobPtr); @@ -1818,7 +2193,7 @@ public void testUpgradeKey(){ @Test public void testDestroyAttIds(){ init(); - CommandAPDU commandAPDU = new CommandAPDU(0x80, 0x1A, 0x40, 0x00); + CommandAPDU commandAPDU = new CommandAPDU(0x80, INS_DESTROY_ATT_IDS_CMD, 0x40, 0x00); ResponseAPDU response = simulator.transmitCommand(commandAPDU); byte[] respBuf = response.getBytes(); Assert.assertEquals(respBuf[0], 0); @@ -1841,7 +2216,7 @@ private short upgradeKey(short keyBlobPtr, byte[] clientId, byte[] appData){ short arr = KMArray.instance((short)2); KMArray.cast(arr).add((short)0,keyBlobPtr); KMArray.cast(arr).add((short)1,keyParams); - CommandAPDU apdu = encodeApdu((byte)0x15, arr); + CommandAPDU apdu = encodeApdu((byte)INS_UPGRADE_KEY_CMD, arr); // print(commandAPDU.getBytes()); ResponseAPDU response = simulator.transmitCommand(apdu); short ret = KMArray.instance((short) 2); @@ -2216,7 +2591,7 @@ public short begin(byte keyPurpose, short keyBlob, short keyParmas, short hwToke hwToken = KMHardwareAuthToken.instance(); } KMArray.cast(arrPtr).add((short)3, hwToken); - CommandAPDU apdu = encodeApdu((byte)0x1F, arrPtr); + CommandAPDU apdu = encodeApdu((byte)INS_BEGIN_OPERATION_CMD, arrPtr); //print(apdu.getBytes(),(short)0,(short)apdu.getBytes().length); ResponseAPDU response = simulator.transmitCommand(apdu); short ret = KMArray.instance((short) 3); @@ -2261,7 +2636,7 @@ public short finish(short operationHandle, short data, byte[] signature, short i KMArray.cast(arrPtr).add((short)3, signatureTag); KMArray.cast(arrPtr).add((short)4, hwToken); KMArray.cast(arrPtr).add((short)5, verToken); - CommandAPDU apdu = encodeApdu((byte)0x21, arrPtr); + CommandAPDU apdu = encodeApdu((byte)INS_FINISH_OPERATION_CMD, arrPtr); // print(commandAPDU.getBytes()); ResponseAPDU response = simulator.transmitCommand(apdu); short ret = KMArray.instance((short) 3); @@ -2293,7 +2668,7 @@ public short update(short operationHandle, short data, short inParams, short hwT KMArray.cast(arrPtr).add((short)2, data); KMArray.cast(arrPtr).add((short)3, hwToken); KMArray.cast(arrPtr).add((short)4, verToken); - CommandAPDU apdu = encodeApdu((byte)0x20, arrPtr); + CommandAPDU apdu = encodeApdu((byte)INS_UPDATE_OPERATION_CMD, arrPtr); // print(commandAPDU.getBytes()); ResponseAPDU response = simulator.transmitCommand(apdu); short ret = KMArray.instance((short) 4); From 879a8e0bdc0c7a9d713665dc352768fe11de7293 Mon Sep 17 00:00:00 2001 From: BKSSM Venkateswarlu Date: Sat, 28 Nov 2020 20:03:27 +0000 Subject: [PATCH 007/169] 1. Corrected the spelling in the function documentation. 2. Used Proper Tag names in KMAttetationCert class instead of hard-coding. --- .../keymaster/KMAttestationCertImpl.java | 25 +++++++++++-------- .../javacard/keymaster/KMAttestationCert.java | 22 ++++++++-------- .../javacard/keymaster/KMKeymasterApplet.java | 3 --- 3 files changed, 26 insertions(+), 24 deletions(-) diff --git a/Applet/Applet/JCardSimProvider/com/android/javacard/keymaster/KMAttestationCertImpl.java b/Applet/Applet/JCardSimProvider/com/android/javacard/keymaster/KMAttestationCertImpl.java index 0e0335c9..9e046264 100644 --- a/Applet/Applet/JCardSimProvider/com/android/javacard/keymaster/KMAttestationCertImpl.java +++ b/Applet/Applet/JCardSimProvider/com/android/javacard/keymaster/KMAttestationCertImpl.java @@ -478,14 +478,13 @@ private static void pushKeyDescription() { pushSequenceHeader((short) (last - stackPtr)); } - //TODO refactor following method private static void pushSWParams() { short last = stackPtr; - // ATTESTATION_APPLICATION_ID 709 is softwareEnforced. + // Below are the allowed softwareEnforced Authorization tags inside the attestation certificate's extension. short[] tagIds = { - 709, 706, 705, 704, 703, 702, 701, 601, 600, 509, 508, 507, 506, 505, 504, 503, 402, 401, 400, - 303, 200, 10, 6, 5, 3, 2, 1 - }; + KMType.ATTESTATION_APPLICATION_ID, KMType.CREATION_DATETIME, + KMType.USAGE_EXPIRE_DATETIME, KMType.ORIGINATION_EXPIRE_DATETIME, + KMType.ACTIVE_DATETIME, KMType.UNLOCKED_DEVICE_REQUIRED }; byte index = 0; do { pushParams(swParams, swParamsIndex, tagIds[index]); @@ -493,14 +492,20 @@ private static void pushSWParams() { pushSequenceHeader((short) (last - stackPtr)); } - //TODO refactor following method private static void pushHWParams() { short last = stackPtr; - // Attestation IDs are not included. As per VTS Attestation IDs are not supported currently. + // Below are the allowed hardwareEnforced Authorization tags inside the attestation certificate's extension. short[] tagIds = { - 719, 718, 706, 705, 704, 703, 702, 701, 601, 600, 509, 508, 507, 506, 505, 504, 503, 402, 401, 400, 303, - 200, 10, 6, 5, 3, 2, 1 - }; + KMType.BOOT_PATCH_LEVEL, KMType.VENDOR_PATCH_LEVEL, + KMType.OS_PATCH_LEVEL, KMType.OS_VERSION, KMType.ROOT_OF_TRUST, + KMType.ORIGIN, KMType.APPLICATION_ID, + KMType.TRUSTED_CONFIRMATION_REQUIRED, + KMType.TRUSTED_USER_PRESENCE_REQUIRED, KMType.ALLOW_WHILE_ON_BODY, + KMType.AUTH_TIMEOUT, KMType.USER_AUTH_TYPE, KMType.NO_AUTH_REQUIRED, + KMType.ROLLBACK_RESISTANCE, KMType.RSA_PUBLIC_EXPONENT, + KMType.ECCURVE, KMType.PADDING, KMType.DIGEST, KMType.KEYSIZE, + KMType.ALGORITHM, KMType.PURPOSE }; + byte index = 0; do { if (tagIds[index] == KMType.ROOT_OF_TRUST) { diff --git a/Applet/Applet/src/com/android/javacard/keymaster/KMAttestationCert.java b/Applet/Applet/src/com/android/javacard/keymaster/KMAttestationCert.java index 67453706..f15fbfcb 100644 --- a/Applet/Applet/src/com/android/javacard/keymaster/KMAttestationCert.java +++ b/Applet/Applet/src/com/android/javacard/keymaster/KMAttestationCert.java @@ -11,7 +11,7 @@ public interface KMAttestationCert { /** * Set verified boot hash. * - * @param obj Ths is a KMByteBlob containing hash + * @param obj This is a KMByteBlob containing hash * @return instance of KMAttestationCert */ KMAttestationCert verifiedBootHash(short obj); @@ -19,7 +19,7 @@ public interface KMAttestationCert { /** * Set verified boot key received during booting up. * - * @param obj Ths is a KMByteBlob containing verified boot key. + * @param obj This is a KMByteBlob containing verified boot key. * @return instance of KMAttestationCert */ KMAttestationCert verifiedBootKey(short obj); @@ -27,7 +27,7 @@ public interface KMAttestationCert { /** * Set verified boot state received during booting up. * - * @param val Ths is a byte containing verified boot state value. + * @param val This is a byte containing verified boot state value. * @return instance of KMAttestationCert */ KMAttestationCert verifiedBootState(byte val); @@ -35,7 +35,7 @@ public interface KMAttestationCert { /** * Set authentication key Id from CA Certificate set during provisioning. * - * @param obj Ths is a KMByteBlob containing authentication Key Id. + * @param obj This is a KMByteBlob containing authentication Key Id. * @return instance of KMAttestationCert */ KMAttestationCert authKey(short obj); @@ -88,7 +88,7 @@ KMAttestationCert notAfter(short usageExpiryTimeObj, /** * Set device lock status received during booting time or due to device lock command. * - * @param val Ths is true if device is locked. + * @param val This is true if device is locked. * @return instance of KMAttestationCert */ KMAttestationCert deviceLocked(boolean val); @@ -96,7 +96,7 @@ KMAttestationCert notAfter(short usageExpiryTimeObj, /** * Set public key to be attested received from attestKey command. * - * @param obj Ths is KMByteBlob containing the public key. + * @param obj This is KMByteBlob containing the public key. * @return instance of KMAttestationCert */ KMAttestationCert publicKey(short obj); @@ -104,7 +104,7 @@ KMAttestationCert notAfter(short usageExpiryTimeObj, /** * Set attestation challenge received from attestKey command. * - * @param obj Ths is KMByteBlob containing the attestation challenge. + * @param obj This is KMByteBlob containing the attestation challenge. * @return instance of KMAttestationCert */ KMAttestationCert attestationChallenge(short obj); @@ -123,7 +123,7 @@ KMAttestationCert notAfter(short usageExpiryTimeObj, /** * Set ASN.1 encoded X509 issuer field received from attestation key CA cert. * - * @param obj Ths is KMByteBlob containing the issuer. + * @param obj This is KMByteBlob containing the issuer. * @return instance of KMAttestationCert */ KMAttestationCert issuer(short obj); @@ -131,9 +131,9 @@ KMAttestationCert notAfter(short usageExpiryTimeObj, /** * Set byte buffer to be used to generate certificate. * - * @param buf Ths is byte[] buffer. - * @param bufStart Ths is short start offset. - * @param maxLen Ths is short length of the buffer. + * @param buf This is byte[] buffer. + * @param bufStart This is short start offset. + * @param maxLen This is short length of the buffer. * @return instance of KMAttestationCert */ KMAttestationCert buffer(byte[] buf, short bufStart, short maxLen); diff --git a/Applet/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java b/Applet/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java index c286d4a2..cde5de0a 100644 --- a/Applet/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java +++ b/Applet/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java @@ -570,9 +570,6 @@ private void processGetHwInfoCmd(APDU apdu) { sendOutgoing(apdu); } - //TODO VTS 4.0 addLargeEntropy fails, as the input buffer is 2k - //TODO Need to fix this issue by introducing stackIndex which - //increase bottom to top on internal memory. private void processAddRngEntropyCmd(APDU apdu) { // Receive the incoming request fully from the master. receiveIncoming(apdu); From 2c8b767e3227c57d7c6c3f929124497626811755 Mon Sep 17 00:00:00 2001 From: cpathak Date: Sat, 28 Nov 2020 15:22:21 -0800 Subject: [PATCH 008/169] Resructured code and related changes --- .../AndroidSE_3_0_5.opt} | 4 +- Applet/AndroidSEProvider/AndroidSE_3_1_0.opt | 5 + .../java/io/javacard/io.exp | Bin 0 -> 212 bytes .../java/lang/javacard/lang.exp | Bin 0 -> 881 bytes .../java/rmi/javacard/rmi.exp | Bin 0 -> 280 bytes .../javacard/framework/javacard/framework.exp | Bin 8396 -> 8344 bytes .../framework/service/javacard/service.exp | Bin 3002 -> 2901 bytes .../javacard/security/javacard/security.exp | Bin 14493 -> 14393 bytes .../javacardx/apdu/javacard/apdu.exp | Bin 0 -> 113 bytes .../javacardx/apdu/util/javacard/util.exp | Bin 336 -> 306 bytes .../javacardx/biometry/javacard/biometry.exp | Bin 2325 -> 2254 bytes .../biometry1toN/javacard/biometry1toN.exp | Bin 3158 -> 3084 bytes .../javacardx/crypto/javacard/crypto.exp | Bin 3657 -> 3588 bytes .../javacardx/external/javacard/external.exp | Bin 926 -> 857 bytes .../framework/math/javacard/math.exp | Bin 844 -> 812 bytes .../framework/string/javacard/string.exp | Bin 1562 -> 1494 bytes .../javacardx/framework/tlv/javacard/tlv.exp | Bin 3084 -> 3011 bytes .../framework/util/intx/javacard/intx.exp | Bin 0 -> 309 bytes .../framework/util/javacard/util.exp | Bin 913 -> 845 bytes .../javacardx/security/javacard/security.exp | Bin 433 -> 403 bytes .../upgrade/javacard/upgrade.exp | Bin 0 -> 1705 bytes .../upgrade/javacard/upgrade.jca | 245 + .../java/io/javacard/io.exp | Bin .../java/lang/javacard/lang.exp | Bin .../java/rmi/javacard/rmi.exp | Bin .../javacard/framework/javacard/framework.exp | Bin .../framework/service/javacard/service.exp | Bin .../javacard/security/javacard/security.exp | Bin .../javacardx/apdu/javacard/apdu.exp | Bin .../javacardx/apdu/util/javacard/util.exp | Bin .../javacardx/biometry/javacard/biometry.exp | Bin .../biometry1toN/javacard/biometry1toN.exp | Bin .../javacardx/crypto/javacard/crypto.exp | Bin .../javacardx/external/javacard/external.exp | Bin .../framework/event/javacard/event.exp | Bin .../framework/math/javacard/math.exp | Bin .../javacardx/framework/nio/javacard/nio.exp | Bin .../framework/string/javacard/string.exp | Bin .../framework/time/javacard/time.exp | Bin .../javacardx/framework/tlv/javacard/tlv.exp | Bin .../framework/util/intx/javacard/intx.exp | Bin .../framework/util/javacard/util.exp | Bin .../javacardx/security/cert/javacard/cert.exp | Bin .../derivation/javacard/derivation.exp | Bin .../javacardx/security/javacard/security.exp | Bin .../javacardx/security/util/javacard/util.exp | Bin Applet/AndroidSEProvider/build.xml | 77 + .../javacard/keymaster/KMAndroidSEApplet.java | 71 + .../keymaster/KMAndroidSEProvider.java} | 8 +- .../keymaster/KMAttestationCertImpl.java | 4 +- .../KMEcdsa256NoDigestSignature.java | 16 +- .../javacard/keymaster/KMInstance.java | 0 .../javacard/keymaster/KMOperationImpl.java | 16 +- .../keymaster/KMRsa2048NoDigestSignature.java | 4 +- .../javacard/keymaster/KMRsaOAEPEncoding.java | 5 +- .../android/javacard/keymaster/KMUtils.java | 0 .../javacard/keymaster/KMSEProviderImpl.java | 8 - .../javacard/keymaster/KMSEProviderImpl.java | 9 - Applet/JCardSimProvider/build.xml | 56 + .../lib/hamcrest-core-1.3.jar | Bin .../lib/jcardsim-3.0.5-SNAPSHOT.jar | Bin .../{ => JCardSimProvider}/lib/junit-4.13.jar | Bin .../keymaster/KMAttestationCertImpl.java | 4 +- .../android/javacard/keymaster/KMCipher.java | 102 +- .../javacard/keymaster/KMCipherImpl.java | 440 +- .../KMEcdsa256NoDigestSignature.java | 0 .../javacard/keymaster/KMJCardSimApplet.java | 19 + .../javacard/keymaster/KMJCardSimulator.java} | 8 +- .../javacard/keymaster/KMOperationImpl.java | 0 .../keymaster/KMRsa2048NoDigestSignature.java | 240 +- .../android/javacard/keymaster/KMUtils.java | 0 .../javacard/test/KMFunctionalTest.java | 5475 ++++++++--------- Applet/JavaCardKeymaster.scr | 50 - Applet/README.md | 12 +- .../framework/util/intx/javacard/intx.exp | Bin 339 -> 0 bytes .../java/io/javacard/io.exp | Bin 242 -> 0 bytes .../java/lang/javacard/lang.exp | Bin 894 -> 0 bytes .../java/rmi/javacard/rmi.exp | Bin 337 -> 0 bytes .../javacardx/apdu/javacard/apdu.exp | Bin 143 -> 0 bytes Applet/build.xml | 196 +- Applet/default.output | 20 - Applet/powerdown.scr | 4 - Applet/powerup.scr | 9 - .../android/javacard/keymaster/KMArray.java | 0 .../javacard/keymaster/KMAttestationCert.java | 0 .../android/javacard/keymaster/KMBoolTag.java | 0 .../javacard/keymaster/KMByteBlob.java | 0 .../android/javacard/keymaster/KMByteTag.java | 0 .../android/javacard/keymaster/KMDecoder.java | 0 .../android/javacard/keymaster/KMEncoder.java | 0 .../android/javacard/keymaster/KMEnum.java | 0 .../javacard/keymaster/KMEnumArrayTag.java | 0 .../android/javacard/keymaster/KMEnumTag.java | 0 .../android/javacard/keymaster/KMError.java | 0 .../javacard/keymaster/KMException.java | 0 .../keymaster/KMHardwareAuthToken.java | 0 .../keymaster/KMHmacSharingParameters.java | 0 .../android/javacard/keymaster/KMInteger.java | 0 .../javacard/keymaster/KMIntegerArrayTag.java | 0 .../javacard/keymaster/KMIntegerTag.java | 0 .../keymaster/KMKeyCharacteristics.java | 0 .../javacard/keymaster/KMKeyParameters.java | 0 .../javacard/keymaster/KMKeymasterApplet.java | 58 +- .../javacard/keymaster/KMOperation.java | 0 .../javacard/keymaster/KMOperationState.java | 0 .../javacard/keymaster/KMRepository.java | 0 .../javacard/keymaster/KMSEProvider.java | 0 .../com/android/javacard/keymaster/KMTag.java | 0 .../android/javacard/keymaster/KMType.java | 0 .../javacard/keymaster/KMUpgradable.java | 0 .../keymaster/KMVerificationToken.java | 0 111 files changed, 3675 insertions(+), 3490 deletions(-) rename Applet/{JavaCardKeymaster.opt => AndroidSEProvider/AndroidSE_3_0_5.opt} (61%) create mode 100644 Applet/AndroidSEProvider/AndroidSE_3_1_0.opt create mode 100644 Applet/AndroidSEProvider/api_export_files_3.0.5/java/io/javacard/io.exp create mode 100644 Applet/AndroidSEProvider/api_export_files_3.0.5/java/lang/javacard/lang.exp create mode 100644 Applet/AndroidSEProvider/api_export_files_3.0.5/java/rmi/javacard/rmi.exp rename Applet/{ => AndroidSEProvider}/api_export_files_3.0.5/javacard/framework/javacard/framework.exp (76%) rename Applet/{ => AndroidSEProvider}/api_export_files_3.0.5/javacard/framework/service/javacard/service.exp (76%) rename Applet/{ => AndroidSEProvider}/api_export_files_3.0.5/javacard/security/javacard/security.exp (67%) create mode 100644 Applet/AndroidSEProvider/api_export_files_3.0.5/javacardx/apdu/javacard/apdu.exp rename Applet/{api_export_files_3.1.0 => AndroidSEProvider/api_export_files_3.0.5}/javacardx/apdu/util/javacard/util.exp (52%) rename Applet/{ => AndroidSEProvider}/api_export_files_3.0.5/javacardx/biometry/javacard/biometry.exp (60%) rename Applet/{ => AndroidSEProvider}/api_export_files_3.0.5/javacardx/biometry1toN/javacard/biometry1toN.exp (68%) rename Applet/{ => AndroidSEProvider}/api_export_files_3.0.5/javacardx/crypto/javacard/crypto.exp (92%) rename Applet/{ => AndroidSEProvider}/api_export_files_3.0.5/javacardx/external/javacard/external.exp (67%) rename Applet/{api_export_files_3.1.0 => AndroidSEProvider/api_export_files_3.0.5}/javacardx/framework/math/javacard/math.exp (63%) rename Applet/{ => AndroidSEProvider}/api_export_files_3.0.5/javacardx/framework/string/javacard/string.exp (67%) rename Applet/{ => AndroidSEProvider}/api_export_files_3.0.5/javacardx/framework/tlv/javacard/tlv.exp (72%) create mode 100644 Applet/AndroidSEProvider/api_export_files_3.0.5/javacardx/framework/util/intx/javacard/intx.exp rename Applet/{ => AndroidSEProvider}/api_export_files_3.0.5/javacardx/framework/util/javacard/util.exp (68%) rename Applet/{api_export_files_3.1.0 => AndroidSEProvider/api_export_files_3.0.5}/javacardx/security/javacard/security.exp (59%) create mode 100644 Applet/AndroidSEProvider/api_export_files_3.0.5/org/globalplatform/upgrade/javacard/upgrade.exp create mode 100644 Applet/AndroidSEProvider/api_export_files_3.0.5/org/globalplatform/upgrade/javacard/upgrade.jca rename Applet/{api_export_files_3.0.5 => AndroidSEProvider/api_export_files_3.1.0}/java/io/javacard/io.exp (100%) rename Applet/{api_export_files_3.0.5 => AndroidSEProvider/api_export_files_3.1.0}/java/lang/javacard/lang.exp (100%) rename Applet/{api_export_files_3.0.5 => AndroidSEProvider/api_export_files_3.1.0}/java/rmi/javacard/rmi.exp (100%) rename Applet/{ => AndroidSEProvider}/api_export_files_3.1.0/javacard/framework/javacard/framework.exp (100%) rename Applet/{ => AndroidSEProvider}/api_export_files_3.1.0/javacard/framework/service/javacard/service.exp (100%) rename Applet/{ => AndroidSEProvider}/api_export_files_3.1.0/javacard/security/javacard/security.exp (100%) rename Applet/{api_export_files_3.0.5 => AndroidSEProvider/api_export_files_3.1.0}/javacardx/apdu/javacard/apdu.exp (100%) rename Applet/{api_export_files_3.0.5 => AndroidSEProvider/api_export_files_3.1.0}/javacardx/apdu/util/javacard/util.exp (100%) rename Applet/{ => AndroidSEProvider}/api_export_files_3.1.0/javacardx/biometry/javacard/biometry.exp (100%) rename Applet/{ => AndroidSEProvider}/api_export_files_3.1.0/javacardx/biometry1toN/javacard/biometry1toN.exp (100%) rename Applet/{ => AndroidSEProvider}/api_export_files_3.1.0/javacardx/crypto/javacard/crypto.exp (100%) rename Applet/{ => AndroidSEProvider}/api_export_files_3.1.0/javacardx/external/javacard/external.exp (100%) rename Applet/{ => AndroidSEProvider}/api_export_files_3.1.0/javacardx/framework/event/javacard/event.exp (100%) rename Applet/{api_export_files_3.0.5 => AndroidSEProvider/api_export_files_3.1.0}/javacardx/framework/math/javacard/math.exp (100%) rename Applet/{ => AndroidSEProvider}/api_export_files_3.1.0/javacardx/framework/nio/javacard/nio.exp (100%) rename Applet/{ => AndroidSEProvider}/api_export_files_3.1.0/javacardx/framework/string/javacard/string.exp (100%) rename Applet/{ => AndroidSEProvider}/api_export_files_3.1.0/javacardx/framework/time/javacard/time.exp (100%) rename Applet/{ => AndroidSEProvider}/api_export_files_3.1.0/javacardx/framework/tlv/javacard/tlv.exp (100%) rename Applet/{ => AndroidSEProvider}/api_export_files_3.1.0/javacardx/framework/util/intx/javacard/intx.exp (100%) rename Applet/{ => AndroidSEProvider}/api_export_files_3.1.0/javacardx/framework/util/javacard/util.exp (100%) rename Applet/{ => AndroidSEProvider}/api_export_files_3.1.0/javacardx/security/cert/javacard/cert.exp (100%) rename Applet/{ => AndroidSEProvider}/api_export_files_3.1.0/javacardx/security/derivation/javacard/derivation.exp (100%) rename Applet/{api_export_files_3.0.5 => AndroidSEProvider/api_export_files_3.1.0}/javacardx/security/javacard/security.exp (100%) rename Applet/{ => AndroidSEProvider}/api_export_files_3.1.0/javacardx/security/util/javacard/util.exp (100%) create mode 100644 Applet/AndroidSEProvider/build.xml create mode 100644 Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEApplet.java rename Applet/{Applet/AndroidSEProvider/com/android/javacard/keymaster/AndroidSEProvider.java => AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java} (99%) rename Applet/{Applet/AndroidSEProvider => AndroidSEProvider/src}/com/android/javacard/keymaster/KMAttestationCertImpl.java (99%) rename Applet/{Applet/AndroidSEProvider => AndroidSEProvider/src}/com/android/javacard/keymaster/KMEcdsa256NoDigestSignature.java (86%) rename Applet/{Applet/AndroidSEProvider => AndroidSEProvider/src}/com/android/javacard/keymaster/KMInstance.java (100%) rename Applet/{Applet/AndroidSEProvider => AndroidSEProvider/src}/com/android/javacard/keymaster/KMOperationImpl.java (92%) rename Applet/{Applet/AndroidSEProvider => AndroidSEProvider/src}/com/android/javacard/keymaster/KMRsa2048NoDigestSignature.java (95%) rename Applet/{Applet/AndroidSEProvider => AndroidSEProvider/src}/com/android/javacard/keymaster/KMRsaOAEPEncoding.java (98%) rename Applet/{Applet/AndroidSEProvider => AndroidSEProvider/src}/com/android/javacard/keymaster/KMUtils.java (100%) delete mode 100644 Applet/Applet/AndroidSEProvider/com/android/javacard/keymaster/KMSEProviderImpl.java delete mode 100644 Applet/Applet/JCardSimProvider/com/android/javacard/keymaster/KMSEProviderImpl.java create mode 100644 Applet/JCardSimProvider/build.xml rename Applet/{ => JCardSimProvider}/lib/hamcrest-core-1.3.jar (100%) rename Applet/{ => JCardSimProvider}/lib/jcardsim-3.0.5-SNAPSHOT.jar (100%) rename Applet/{ => JCardSimProvider}/lib/junit-4.13.jar (100%) rename Applet/{Applet/JCardSimProvider => JCardSimProvider/src}/com/android/javacard/keymaster/KMAttestationCertImpl.java (99%) rename Applet/{Applet/JCardSimProvider => JCardSimProvider/src}/com/android/javacard/keymaster/KMCipher.java (97%) rename Applet/{Applet/JCardSimProvider => JCardSimProvider/src}/com/android/javacard/keymaster/KMCipherImpl.java (97%) rename Applet/{Applet/JCardSimProvider => JCardSimProvider/src}/com/android/javacard/keymaster/KMEcdsa256NoDigestSignature.java (100%) create mode 100644 Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimApplet.java rename Applet/{Applet/JCardSimProvider/com/android/javacard/keymaster/KMJcardSimulator.java => JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java} (99%) rename Applet/{Applet/JCardSimProvider => JCardSimProvider/src}/com/android/javacard/keymaster/KMOperationImpl.java (100%) rename Applet/{Applet/JCardSimProvider => JCardSimProvider/src}/com/android/javacard/keymaster/KMRsa2048NoDigestSignature.java (96%) rename Applet/{Applet/JCardSimProvider => JCardSimProvider/src}/com/android/javacard/keymaster/KMUtils.java (100%) rename Applet/{Applet => JCardSimProvider}/test/com/android/javacard/test/KMFunctionalTest.java (97%) delete mode 100644 Applet/JavaCardKeymaster.scr delete mode 100644 Applet/api_export_files_3.0.5/javacardx/framework/util/intx/javacard/intx.exp delete mode 100644 Applet/api_export_files_3.1.0/java/io/javacard/io.exp delete mode 100644 Applet/api_export_files_3.1.0/java/lang/javacard/lang.exp delete mode 100644 Applet/api_export_files_3.1.0/java/rmi/javacard/rmi.exp delete mode 100644 Applet/api_export_files_3.1.0/javacardx/apdu/javacard/apdu.exp delete mode 100644 Applet/default.output delete mode 100644 Applet/powerdown.scr delete mode 100644 Applet/powerup.scr rename Applet/{Applet => }/src/com/android/javacard/keymaster/KMArray.java (100%) rename Applet/{Applet => }/src/com/android/javacard/keymaster/KMAttestationCert.java (100%) rename Applet/{Applet => }/src/com/android/javacard/keymaster/KMBoolTag.java (100%) rename Applet/{Applet => }/src/com/android/javacard/keymaster/KMByteBlob.java (100%) rename Applet/{Applet => }/src/com/android/javacard/keymaster/KMByteTag.java (100%) rename Applet/{Applet => }/src/com/android/javacard/keymaster/KMDecoder.java (100%) rename Applet/{Applet => }/src/com/android/javacard/keymaster/KMEncoder.java (100%) rename Applet/{Applet => }/src/com/android/javacard/keymaster/KMEnum.java (100%) rename Applet/{Applet => }/src/com/android/javacard/keymaster/KMEnumArrayTag.java (100%) rename Applet/{Applet => }/src/com/android/javacard/keymaster/KMEnumTag.java (100%) rename Applet/{Applet => }/src/com/android/javacard/keymaster/KMError.java (100%) rename Applet/{Applet => }/src/com/android/javacard/keymaster/KMException.java (100%) rename Applet/{Applet => }/src/com/android/javacard/keymaster/KMHardwareAuthToken.java (100%) rename Applet/{Applet => }/src/com/android/javacard/keymaster/KMHmacSharingParameters.java (100%) rename Applet/{Applet => }/src/com/android/javacard/keymaster/KMInteger.java (100%) rename Applet/{Applet => }/src/com/android/javacard/keymaster/KMIntegerArrayTag.java (100%) rename Applet/{Applet => }/src/com/android/javacard/keymaster/KMIntegerTag.java (100%) rename Applet/{Applet => }/src/com/android/javacard/keymaster/KMKeyCharacteristics.java (100%) rename Applet/{Applet => }/src/com/android/javacard/keymaster/KMKeyParameters.java (100%) rename Applet/{Applet => }/src/com/android/javacard/keymaster/KMKeymasterApplet.java (99%) rename Applet/{Applet => }/src/com/android/javacard/keymaster/KMOperation.java (100%) rename Applet/{Applet => }/src/com/android/javacard/keymaster/KMOperationState.java (100%) rename Applet/{Applet => }/src/com/android/javacard/keymaster/KMRepository.java (100%) rename Applet/{Applet => }/src/com/android/javacard/keymaster/KMSEProvider.java (100%) rename Applet/{Applet => }/src/com/android/javacard/keymaster/KMTag.java (100%) rename Applet/{Applet => }/src/com/android/javacard/keymaster/KMType.java (100%) rename Applet/{Applet => }/src/com/android/javacard/keymaster/KMUpgradable.java (100%) rename Applet/{Applet => }/src/com/android/javacard/keymaster/KMVerificationToken.java (100%) diff --git a/Applet/JavaCardKeymaster.opt b/Applet/AndroidSEProvider/AndroidSE_3_0_5.opt similarity index 61% rename from Applet/JavaCardKeymaster.opt rename to Applet/AndroidSEProvider/AndroidSE_3_0_5.opt index 77c1931e..ba998254 100644 --- a/Applet/JavaCardKeymaster.opt +++ b/Applet/AndroidSEProvider/AndroidSE_3_0_5.opt @@ -1,5 +1,5 @@ -out EXP JCA CAP --exportpath api_export_files_3.1.0 --applet 0xa0:0x0:0x0:0x0:0x62:0x3:0x1:0xc:0x1:0x1 com.android.javacard.keymaster.KMKeymasterApplet +-exportpath ../../AndroidSEProvider/api_export_files_3.0.5 +-applet 0xa0:0x0:0x0:0x0:0x62:0x3:0x1:0xc:0x1:0x1 com.android.javacard.keymaster.KMAndroidSEApplet com.android.javacard.keymaster 0xa0:0x0:0x0:0x0:0x62:0x3:0x1:0xc:0x1 1.0 diff --git a/Applet/AndroidSEProvider/AndroidSE_3_1_0.opt b/Applet/AndroidSEProvider/AndroidSE_3_1_0.opt new file mode 100644 index 00000000..3de07eb5 --- /dev/null +++ b/Applet/AndroidSEProvider/AndroidSE_3_1_0.opt @@ -0,0 +1,5 @@ +-out EXP JCA CAP +-exportpath ../../AndroidSEProvider/api_export_files_3.1.0 +-applet 0xa0:0x0:0x0:0x0:0x62:0x3:0x1:0xc:0x1:0x1 com.android.javacard.keymaster.KMAndroidSEApplet +com.android.javacard.keymaster +0xa0:0x0:0x0:0x0:0x62:0x3:0x1:0xc:0x1 1.0 diff --git a/Applet/AndroidSEProvider/api_export_files_3.0.5/java/io/javacard/io.exp b/Applet/AndroidSEProvider/api_export_files_3.0.5/java/io/javacard/io.exp new file mode 100644 index 0000000000000000000000000000000000000000..931133af56f823aa1846e3a8dab5097b4202ae0a GIT binary patch literal 212 zcmZShb?P1?69XS31Dj1|US^3MBLlOBW*Cs0T3DKxQ_RR9s^OEBSeB@tlbDyT@1K;F znp|S78O6vT3>MAI*Z1^ytw>HSD9OyvV`pGtWDr1C&d$IFQw}yHB%>(5JTWOJm7ReD zMFPnjE=C4+s0F-?3_J{s>}W(IZ!P6lqEC{Pe60>+F$HZuU5 Cc`vd6 literal 0 HcmV?d00001 diff --git a/Applet/AndroidSEProvider/api_export_files_3.0.5/java/lang/javacard/lang.exp b/Applet/AndroidSEProvider/api_export_files_3.0.5/java/lang/javacard/lang.exp new file mode 100644 index 0000000000000000000000000000000000000000..f34981865d8e0cab8c21ed73c4bae3ff537d147d GIT binary patch literal 881 zcmaLS%}&BV5C`xX3Y7ApDB=ew7d*g;2hf-x@nB-ai1FZUDJv`~t+rbPpT_6$A$$-| z4n*A*$u?=TyZ_(JPT}+Y0~1g~NS_K{$TI}1(Y&WEe~y_KA(R_eV>V?ikNLw^w?F2t zJZU~46jx7eNFtQf>D?#{URdAbHl+Uq7c-YXNfG!qWDqK<;x_iBm~bu6BGgrW=@0m< z8_VwFc@X=9NP~HVhJx)dWOIYwKsZ+Vnh%*2Q@*U~iC2AqB0^1*vFF_c!k0YM?%qZ? zRHoyxDC)3CYGMcBNQrhRaBa5b`vP*tSI-I&x|1N$pI=ns1`2=!qr2+nVh0!;;I zzX3oWs5TGuP0@~?#A3aCk=7Q{&i+YPvILzwgi<8_S6Y?B+5qNkk~VdEQtf7$dRZT#TS56o4f!3 literal 0 HcmV?d00001 diff --git a/Applet/AndroidSEProvider/api_export_files_3.0.5/java/rmi/javacard/rmi.exp b/Applet/AndroidSEProvider/api_export_files_3.0.5/java/rmi/javacard/rmi.exp new file mode 100644 index 0000000000000000000000000000000000000000..209cdf37f8ca4652fe85fc78ee82d9a6d17d75f5 GIT binary patch literal 280 zcmZ8cNeaS15Uid=CoVBAC_X_?d4S^0gCGP%Jb0UgK}WK<$)wiHBe-eBNHG=aFa!qv* jzXAwhp~280^Nwk3nEWw93ARBMxbSj{<*bcDK8oN^-L^l| literal 0 HcmV?d00001 diff --git a/Applet/api_export_files_3.0.5/javacard/framework/javacard/framework.exp b/Applet/AndroidSEProvider/api_export_files_3.0.5/javacard/framework/javacard/framework.exp similarity index 76% rename from Applet/api_export_files_3.0.5/javacard/framework/javacard/framework.exp rename to Applet/AndroidSEProvider/api_export_files_3.0.5/javacard/framework/javacard/framework.exp index f604261ab9fed54e27ecb373befde7fb62496b03..fd14eac73b233cbc5bd7a78bfb20d2967abf1535 100644 GIT binary patch delta 120 zcmV-;0Ehp~L6|`Z0Q$<_0RjO=u?V>o0Y#JF6c@Ai6kr0ASQi|Vbr&j=pchD!=@(H6 z0uBKHYXAWN1(QV>M3agbH?zVRaRHMw8nBb)8dj4$8&8vr8(XvJ8zKUe3m!F-K^|L^ aogO%o)*d;N5FekDupf?-KOjDnejrVudnpe9 delta 208 zcmbQ?c*c=~;n%5q%uI|P8##80m@;r?C6*=X=OpH(^D;2HF)*?(U|?WKVqj!+Wn^?0 z7h+>%U}j)sUSDHcXBwfTlfBGY6Gaal%&$)Vy}K(b!k14teh59DTG;$vjU25XtD zDB;4$HaS(ooRN9+9En0kM#jm!QX3eVC-0RCW8|DHEbR{zNs^9cW)b@U delta 161 zcmcaAwo9CY;n%5q%uEbr8#$J;$1^f;W+j#->gOcprSmc{6fiKdFJNF`NMc}QWDo+$ zBqtW7=%*DW=BAeC7i9yL6tO{-FaniufHfE8W&$Nj;Ch)E@|hV58HyQ7C$DE$VPu$m snSCRWY~fG^k}EmpFbYq0<=nw2GWjp34kP1aO|BY7*2zn`HZU>+04SR%d;kCd diff --git a/Applet/api_export_files_3.0.5/javacard/security/javacard/security.exp b/Applet/AndroidSEProvider/api_export_files_3.0.5/javacard/security/javacard/security.exp similarity index 67% rename from Applet/api_export_files_3.0.5/javacard/security/javacard/security.exp rename to Applet/AndroidSEProvider/api_export_files_3.0.5/javacard/security/javacard/security.exp index 9b2b8d44e2be09edadc03b0339ef17ec75dbef8a..39e57627c07c2de27b3281817dd8f2969a05242a 100644 GIT binary patch delta 186 zcmV;r07d_uak+2^0Q$<_0RjQuu?X=W0o{{4AS(p~1_1yKk|8IPl^{5i&LAw4`yecn zC?PnLVIgRf${}czGa`4Bt0Je9QzNI7`y)IB3I+iHMv^2glWHUi1sDba07#M~F9<{h z1OWg*06~+oBxsWxC1{g`C3KVdB}$V-CQ6f!COnhOCO@+bC)5Fx;V4LxDk(^lb16}i o#VL-HR4UQ4CM$Uclb|uBlSVQ@lZY~&vnMl>1e3ZqfRj5oVGhqgTn=Vf5L$H2(GfPsM_iGh)kK?o$1 zoLH2ipH`HZn_8Y=(oo@tU|~tc44`Bqn0%>N4rC`NEeDe9${=!`vJH@YrEJ5-AOY0sG1*?t z94L^a0@8E}Od6?{0NKk_y@2EgFlnU*(p08q&&aTOtJ)PtMz+bF8Xk=7lP`ivNzFh; zj>%b?eT>YLe`sE0WZ8UDtCEe8ak7))(#g*Zoq)ZxQA&k=VnIr&zH3EEYFw26s>;n%5qj7$vt6FJ^9G4M?mW3&VSUEK!0 delta 53 zcmdnQbb*P3;n%5q%uEb|6FJ_?Gcs^yC6*=X=OpH(^D;2-Gcd9*U|?WKVqj$8V`LDR J_|uY+5de+Z40Zqj diff --git a/Applet/api_export_files_3.0.5/javacardx/biometry/javacard/biometry.exp b/Applet/AndroidSEProvider/api_export_files_3.0.5/javacardx/biometry/javacard/biometry.exp similarity index 60% rename from Applet/api_export_files_3.0.5/javacardx/biometry/javacard/biometry.exp rename to Applet/AndroidSEProvider/api_export_files_3.0.5/javacardx/biometry/javacard/biometry.exp index f1779d016da9735f899862ec80f917983670c7cb..fb46fa306f4a42a95473efc641b5ca5ed90ee7db 100644 GIT binary patch delta 51 zcmV-30L=fD63!6_0Q$<_0RjMQu?UF;3<3cMpa1{>VgdpHYm?svaFb95Ym>YNQIie_ JjnI8}&);n%5q%uEag8#y{z{g@fq7cej|Br!2DGH_-kmL=-vB<7{_GBD&YKxG&h z85x8?GRcWWDf($eiMgre`9;}4C3$R6B|sI~ObodU`IG0e7BDhQ=4HzUk`-)$K=LG8 OA0zYTaQ1RWMn(X~;vNYA diff --git a/Applet/api_export_files_3.0.5/javacardx/biometry1toN/javacard/biometry1toN.exp b/Applet/AndroidSEProvider/api_export_files_3.0.5/javacardx/biometry1toN/javacard/biometry1toN.exp similarity index 68% rename from Applet/api_export_files_3.0.5/javacardx/biometry1toN/javacard/biometry1toN.exp rename to Applet/AndroidSEProvider/api_export_files_3.0.5/javacardx/biometry1toN/javacard/biometry1toN.exp index 057adb00a009505e43ecffe6a3ad0e83edb0d7bf..88527985087cd014f537d679fa0cf756e3b2eabd 100644 GIT binary patch delta 53 zcmV-50LuT?7>pPQ0Q$<_0RjMiu?YGH0swuJMhJeB#Rwyl=?HR@TnRdpmkD2!_X#Jn L9}0y5lcfu=53m!W delta 145 zcmeB?xF*5D@axn)W+sNFjU2z&T^JcSvl7b^^>Y&Q(s>ye>KGW=7cej|Brz~DG6;cW zk`s$k^wWwGb5qOni?V@A8rYypfGTR480r}sC$n(WaWgQoF*3+AFfvFpOy0*S$;dEy lDMt~I6z8-8l7XD@Kym}8IwQm8>zu8OjEs|GxHm8|0|1MgB1r%M diff --git a/Applet/api_export_files_3.0.5/javacardx/crypto/javacard/crypto.exp b/Applet/AndroidSEProvider/api_export_files_3.0.5/javacardx/crypto/javacard/crypto.exp similarity index 92% rename from Applet/api_export_files_3.0.5/javacardx/crypto/javacard/crypto.exp rename to Applet/AndroidSEProvider/api_export_files_3.0.5/javacardx/crypto/javacard/crypto.exp index b6f6b2f83da87606ab49df7ed07dad9429f5c6dd..e1ff132d004f074ac6ad0191ce7627df1421b50c 100644 GIT binary patch delta 37 tcmX>p(;~yc@axn)Mka=yjU09YzzvGbI%)@EQGTDhYZ1POr^#Jo940iwk delta 110 zcmZpXIVr=z@axn)W+sLS8#xwpI5RSEW+j#->gOcprSmc{^e`~8FJNF`NMc}QWDo?& zBqtW7=ohCZmlkD~R037>u|ZWZGBI>BG4wL@PhQI*%gC_#6o)AbBgf?bJYkHSlS6se HGx7ice|#LZ diff --git a/Applet/api_export_files_3.0.5/javacardx/external/javacard/external.exp b/Applet/AndroidSEProvider/api_export_files_3.0.5/javacardx/external/javacard/external.exp similarity index 67% rename from Applet/api_export_files_3.0.5/javacardx/external/javacard/external.exp rename to Applet/AndroidSEProvider/api_export_files_3.0.5/javacardx/external/javacard/external.exp index cd85799e0e854dbdb1d3f7f99d920173d6799dd6..4af91e53addd3e0a22b689258f9ddfbd0055a81b 100644 GIT binary patch delta 57 zcmbQoev^%Z;n%5qj7$vL8#y|d8Q2&ZSQ!`@*cpI;iGhU?NHH=3DJBNy$)A|) JCL1#6001|+2@3!K delta 128 zcmcb~HjkZy;n%5q%uEdW8#y|dk{B5{vl7b^^>Y&Q(s>yev>6!L7cej|Brz~DG6;cW zk`s$k^wWwGb5qOni?V@AblIRvfGV_@7<3r)m>Jj@8CV$@8Q6h38JHMY7=aWcBamWZ TU}l)Sp2?1paq?TH97bjUKc^Rl diff --git a/Applet/api_export_files_3.1.0/javacardx/framework/math/javacard/math.exp b/Applet/AndroidSEProvider/api_export_files_3.0.5/javacardx/framework/math/javacard/math.exp similarity index 63% rename from Applet/api_export_files_3.1.0/javacardx/framework/math/javacard/math.exp rename to Applet/AndroidSEProvider/api_export_files_3.0.5/javacardx/framework/math/javacard/math.exp index af2f608c931da886a746ffe29acf78ff7bc25e44..89a1ac6c55c95a8554309066ac86f73d930477be 100644 GIT binary patch delta 32 ocmX@ZwuX&^;n%5qj7$vL8#%0*m>9GsCox$~p3BrVS%X;_0Ht9GO#lD@ delta 65 zcmZ3(c7~0E;n%5q%uEcr8#%0*Y&Q(s>yev>6!L7cej|Brz~DXfZPA VOm=0mnq0@!&B#5OlUbRO5dau%4i5kT diff --git a/Applet/api_export_files_3.0.5/javacardx/framework/string/javacard/string.exp b/Applet/AndroidSEProvider/api_export_files_3.0.5/javacardx/framework/string/javacard/string.exp similarity index 67% rename from Applet/api_export_files_3.0.5/javacardx/framework/string/javacard/string.exp rename to Applet/AndroidSEProvider/api_export_files_3.0.5/javacardx/framework/string/javacard/string.exp index ef6c5cb778fcd3a50544855adee50933e1eec24f..7a3b73c3781afdb18424e6ca199806ef0e3bff87 100644 GIT binary patch delta 29 lcmbQmbB&vW;n%5qj7$uH8#y#sm>2>km$2k+e#BzV2mp^22?hWF delta 99 zcmcb{J&T8f;n%5q%uEcS8#y#sTo@TRvl7b^^>Y&Q(s>ye0vQQEfO36 delta 128 zcmX>s-Xp=m@axn)W+sN>jU3O}T^JcSvl7b^^>Y&Q(s>ye@);P}7cej|Brz~DG6;cW zk`s$k^wWwGb5qOni?V@A3fZ7afGYBs7z!AQCVym)VPu=^%khMfW3nM<10&DmjhtbO WoRitPiWs>jS8{>a=efQxG6MjxDItRZ diff --git a/Applet/AndroidSEProvider/api_export_files_3.0.5/javacardx/framework/util/intx/javacard/intx.exp b/Applet/AndroidSEProvider/api_export_files_3.0.5/javacardx/framework/util/intx/javacard/intx.exp new file mode 100644 index 0000000000000000000000000000000000000000..881a9612d59a35ba904ff74d3d0e24d68bf58c35 GIT binary patch literal 309 zcmaKkJ5mBc5QhI=V26hf2nY;}NM@rsfRSsomQ@Bz1W|({wXh83?4WoX&*LFHh><;N zL_jBB*Z;!z=NBay5!9A9ws1i{oy%nfp`*((GF{p5Yo&Ug|0&JCqM}k{C1D%~rk-6> zSr_BC-t)VZb(v@LxME-STsM-`4{Ls9Q?px{$Hm$%!%a3LOrpAE|8y|Vp11aG=Qm~_ zs@ha89L)WlKw&@_9@iDl3D+m<61W8QJ^(C|F3AW1BbgOcprSmc{s53CKFJNF`NMc}QWDo+$ rBqtW7=%*DW=BAeC7i9yLXtF_-09B|lF=#MoP2R-hIQbJ(G$S(ruNN03 diff --git a/Applet/api_export_files_3.1.0/javacardx/security/javacard/security.exp b/Applet/AndroidSEProvider/api_export_files_3.0.5/javacardx/security/javacard/security.exp similarity index 59% rename from Applet/api_export_files_3.1.0/javacardx/security/javacard/security.exp rename to Applet/AndroidSEProvider/api_export_files_3.0.5/javacardx/security/javacard/security.exp index 30b3ed6eae5e8f897e6f7d6e10db414970c2e70c..5153a68de41361ac16c3e58ba895715a58a0dd5c 100644 GIT binary patch delta 24 ecmdnUJeiq;;n%5qj7$t78##1=lY&Q(s>yeL>L&^7cej|Brz~D2s1K> LPBv$ZVPpgVc$o_k diff --git a/Applet/AndroidSEProvider/api_export_files_3.0.5/org/globalplatform/upgrade/javacard/upgrade.exp b/Applet/AndroidSEProvider/api_export_files_3.0.5/org/globalplatform/upgrade/javacard/upgrade.exp new file mode 100644 index 0000000000000000000000000000000000000000..110117b209c2942b965fba795e5525112ff65f6f GIT binary patch literal 1705 zcmc&!+g8&+6y4KXD7^)wB8WFcNEEGiQM^&;TC!G4YlFDJ2i6dV5(r66Qe6Ix-{VL4 zA-?FDv{k5D>yxVwJF|Oc&pG>?8GQZxg+=g^A+^3)D{ULAm0G#Pz={l+W!Lco?gSg$ zZiy%W)(xvH)oP^`Nktga#_CpSyI8H3OG|6C)nG`rsm*ng8VcZb_en+JQYcT{LK8y?>kg_13fgcB^v$l}0}#(J;neNiqcfEii+g-O$V;Hg=E2s;;8wzZY zu^uf>if&O*$c2J*3biCDiH_v3{O-z)Y5K1vwU4cz)J;(yArXqoq~)rkD3g}UuITjN z8>HY0gW7ARf~yR&^2&vYnRK$&i6UD>bz->Z`tw#;RsJbff{T1ZQ61g z3=`x^%@fC#+wyDNJmd|rAw1u5X_CgxePJH<{JXTe!k}pHibheVk;s^yphP+)GU!^- z7QAxy35Me|D%IS!q zULtvdh+_mXdeo3&A*3TAWTGKtV+1*05wZ+5o(U$5>%DoGE_#DX_V=VED$6}^nXZWgpR$2sZoMiWFwT+ZJ88h zMAj0i()V + } + + .interface public abstract Element 0 { + + .fields { + public static final byte TYPE_SIMPLE = 1; // B + public static final byte TYPE_MAPPED = 2; // B + public static final short SIZE_BOOLEAN = 1; // S + public static final short SIZE_BYTE = 1; // S + public static final short SIZE_SHORT = 2; // S + } + + .method public abstract write(Z)Lorg/globalplatform/upgrade/Element; 0 { + } + + .method public abstract write(B)Lorg/globalplatform/upgrade/Element; 1 { + } + + .method public abstract write(S)Lorg/globalplatform/upgrade/Element; 2 { + } + + .method public abstract write(Ljava/lang/Object;)Lorg/globalplatform/upgrade/Element; 3 { + .descriptor Ljava/lang/Object; 0.0; + + } + + .method public abstract canWriteBoolean()S 4 { + } + + .method public abstract canWriteByte()S 5 { + } + + .method public abstract canWriteShort()S 6 { + } + + .method public abstract canWriteObject()S 7 { + } + + .method public abstract initRead()V 8 { + } + + .method public abstract readBoolean()Z 9 { + } + + .method public abstract readByte()B 10 { + } + + .method public abstract readShort()S 11 { + } + + .method public abstract readObject()Ljava/lang/Object; 12 { + .descriptor Ljava/lang/Object; 0.0; + + } + + .method public abstract canReadBoolean()S 13 { + } + + .method public abstract canReadByte()S 14 { + } + + .method public abstract canReadShort()S 15 { + } + + .method public abstract canReadObject()S 16 { + } + + } + + .interface public abstract MappedElement 1 { + + .superInterfaces { + Element; + } + + .method public abstract write(Z)Lorg/globalplatform/upgrade/Element; 0 { + } + + .method public abstract write(B)Lorg/globalplatform/upgrade/Element; 1 { + } + + .method public abstract write(S)Lorg/globalplatform/upgrade/Element; 2 { + } + + .method public abstract write(Ljava/lang/Object;)Lorg/globalplatform/upgrade/Element; 3 { + .descriptor Ljava/lang/Object; 0.0; + + } + + .method public abstract canWriteBoolean()S 4 { + } + + .method public abstract canWriteByte()S 5 { + } + + .method public abstract canWriteShort()S 6 { + } + + .method public abstract canWriteObject()S 7 { + } + + .method public abstract initRead()V 8 { + } + + .method public abstract readBoolean()Z 9 { + } + + .method public abstract readByte()B 10 { + } + + .method public abstract readShort()S 11 { + } + + .method public abstract readObject()Ljava/lang/Object; 12 { + .descriptor Ljava/lang/Object; 0.0; + + } + + .method public abstract canReadBoolean()S 13 { + } + + .method public abstract canReadByte()S 14 { + } + + .method public abstract canReadShort()S 15 { + } + + .method public abstract canReadObject()S 16 { + } + + .method public abstract getMappedObject()Ljava/lang/Object; 17 { + .descriptor Ljava/lang/Object; 0.0; + + } + + .method public abstract setMappedObject(Ljava/lang/Object;)Lorg/globalplatform/upgrade/Element; 18 { + .descriptor Ljava/lang/Object; 0.0; + + } + + } + + .interface public abstract OnUpgradeListener 2 { + + .method public abstract onSave()Lorg/globalplatform/upgrade/Element; 0 { + } + + .method public abstract onCleanup()V 1 { + } + + .method public abstract onRestore(Lorg/globalplatform/upgrade/Element;)V 2 { + } + + .method public abstract onConsolidate()V 3 { + } + + } + + .class public final UpgradeManager 3 extends 0.0 { // extends java/lang/Object + + .publicMethodTable 1 { + equals(Ljava/lang/Object;)Z; + } + + .packageMethodTable 0 { + } + + .method private ()V { + .stack 1; + .locals 0; + + L0: aload_0; + invokespecial 0; // java/lang/Object.()V + return; + } + + .method public static isUpgrading()Z 0 { + .stack 1; + .locals 0; + + L0: sconst_0; + sreturn; + } + + .method public static getPreviousPackageVersion()S 1 { + .stack 1; + .locals 0; + + L0: sconst_0; + sreturn; + } + + .method public static checkPreviousPackageAID([BSB)Z 2 { + .stack 1; + .locals 0; + + L0: sconst_0; + sreturn; + } + + .method public static createElement(BSS)Lorg/globalplatform/upgrade/Element; 3 { + .stack 1; + .locals 0; + + L0: aconst_null; + areturn; + } + + .method public static matchMappedElement(Ljava/lang/Object;)Lorg/globalplatform/upgrade/MappedElement; 4 { + .stack 1; + .locals 0; + + .descriptor Ljava/lang/Object; 0.0; + + L0: aconst_null; + areturn; + } + + .method public static nonNullReference()Ljava/lang/Object; 5 { + .stack 1; + .locals 0; + + .descriptor Ljava/lang/Object; 0.0; + + L0: aconst_null; + areturn; + } + + } + +} diff --git a/Applet/api_export_files_3.0.5/java/io/javacard/io.exp b/Applet/AndroidSEProvider/api_export_files_3.1.0/java/io/javacard/io.exp similarity index 100% rename from Applet/api_export_files_3.0.5/java/io/javacard/io.exp rename to Applet/AndroidSEProvider/api_export_files_3.1.0/java/io/javacard/io.exp diff --git a/Applet/api_export_files_3.0.5/java/lang/javacard/lang.exp b/Applet/AndroidSEProvider/api_export_files_3.1.0/java/lang/javacard/lang.exp similarity index 100% rename from Applet/api_export_files_3.0.5/java/lang/javacard/lang.exp rename to Applet/AndroidSEProvider/api_export_files_3.1.0/java/lang/javacard/lang.exp diff --git a/Applet/api_export_files_3.0.5/java/rmi/javacard/rmi.exp b/Applet/AndroidSEProvider/api_export_files_3.1.0/java/rmi/javacard/rmi.exp similarity index 100% rename from Applet/api_export_files_3.0.5/java/rmi/javacard/rmi.exp rename to Applet/AndroidSEProvider/api_export_files_3.1.0/java/rmi/javacard/rmi.exp diff --git a/Applet/api_export_files_3.1.0/javacard/framework/javacard/framework.exp b/Applet/AndroidSEProvider/api_export_files_3.1.0/javacard/framework/javacard/framework.exp similarity index 100% rename from Applet/api_export_files_3.1.0/javacard/framework/javacard/framework.exp rename to Applet/AndroidSEProvider/api_export_files_3.1.0/javacard/framework/javacard/framework.exp diff --git a/Applet/api_export_files_3.1.0/javacard/framework/service/javacard/service.exp b/Applet/AndroidSEProvider/api_export_files_3.1.0/javacard/framework/service/javacard/service.exp similarity index 100% rename from Applet/api_export_files_3.1.0/javacard/framework/service/javacard/service.exp rename to Applet/AndroidSEProvider/api_export_files_3.1.0/javacard/framework/service/javacard/service.exp diff --git a/Applet/api_export_files_3.1.0/javacard/security/javacard/security.exp b/Applet/AndroidSEProvider/api_export_files_3.1.0/javacard/security/javacard/security.exp similarity index 100% rename from Applet/api_export_files_3.1.0/javacard/security/javacard/security.exp rename to Applet/AndroidSEProvider/api_export_files_3.1.0/javacard/security/javacard/security.exp diff --git a/Applet/api_export_files_3.0.5/javacardx/apdu/javacard/apdu.exp b/Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/apdu/javacard/apdu.exp similarity index 100% rename from Applet/api_export_files_3.0.5/javacardx/apdu/javacard/apdu.exp rename to Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/apdu/javacard/apdu.exp diff --git a/Applet/api_export_files_3.0.5/javacardx/apdu/util/javacard/util.exp b/Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/apdu/util/javacard/util.exp similarity index 100% rename from Applet/api_export_files_3.0.5/javacardx/apdu/util/javacard/util.exp rename to Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/apdu/util/javacard/util.exp diff --git a/Applet/api_export_files_3.1.0/javacardx/biometry/javacard/biometry.exp b/Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/biometry/javacard/biometry.exp similarity index 100% rename from Applet/api_export_files_3.1.0/javacardx/biometry/javacard/biometry.exp rename to Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/biometry/javacard/biometry.exp diff --git a/Applet/api_export_files_3.1.0/javacardx/biometry1toN/javacard/biometry1toN.exp b/Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/biometry1toN/javacard/biometry1toN.exp similarity index 100% rename from Applet/api_export_files_3.1.0/javacardx/biometry1toN/javacard/biometry1toN.exp rename to Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/biometry1toN/javacard/biometry1toN.exp diff --git a/Applet/api_export_files_3.1.0/javacardx/crypto/javacard/crypto.exp b/Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/crypto/javacard/crypto.exp similarity index 100% rename from Applet/api_export_files_3.1.0/javacardx/crypto/javacard/crypto.exp rename to Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/crypto/javacard/crypto.exp diff --git a/Applet/api_export_files_3.1.0/javacardx/external/javacard/external.exp b/Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/external/javacard/external.exp similarity index 100% rename from Applet/api_export_files_3.1.0/javacardx/external/javacard/external.exp rename to Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/external/javacard/external.exp diff --git a/Applet/api_export_files_3.1.0/javacardx/framework/event/javacard/event.exp b/Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/framework/event/javacard/event.exp similarity index 100% rename from Applet/api_export_files_3.1.0/javacardx/framework/event/javacard/event.exp rename to Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/framework/event/javacard/event.exp diff --git a/Applet/api_export_files_3.0.5/javacardx/framework/math/javacard/math.exp b/Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/framework/math/javacard/math.exp similarity index 100% rename from Applet/api_export_files_3.0.5/javacardx/framework/math/javacard/math.exp rename to Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/framework/math/javacard/math.exp diff --git a/Applet/api_export_files_3.1.0/javacardx/framework/nio/javacard/nio.exp b/Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/framework/nio/javacard/nio.exp similarity index 100% rename from Applet/api_export_files_3.1.0/javacardx/framework/nio/javacard/nio.exp rename to Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/framework/nio/javacard/nio.exp diff --git a/Applet/api_export_files_3.1.0/javacardx/framework/string/javacard/string.exp b/Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/framework/string/javacard/string.exp similarity index 100% rename from Applet/api_export_files_3.1.0/javacardx/framework/string/javacard/string.exp rename to Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/framework/string/javacard/string.exp diff --git a/Applet/api_export_files_3.1.0/javacardx/framework/time/javacard/time.exp b/Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/framework/time/javacard/time.exp similarity index 100% rename from Applet/api_export_files_3.1.0/javacardx/framework/time/javacard/time.exp rename to Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/framework/time/javacard/time.exp diff --git a/Applet/api_export_files_3.1.0/javacardx/framework/tlv/javacard/tlv.exp b/Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/framework/tlv/javacard/tlv.exp similarity index 100% rename from Applet/api_export_files_3.1.0/javacardx/framework/tlv/javacard/tlv.exp rename to Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/framework/tlv/javacard/tlv.exp diff --git a/Applet/api_export_files_3.1.0/javacardx/framework/util/intx/javacard/intx.exp b/Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/framework/util/intx/javacard/intx.exp similarity index 100% rename from Applet/api_export_files_3.1.0/javacardx/framework/util/intx/javacard/intx.exp rename to Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/framework/util/intx/javacard/intx.exp diff --git a/Applet/api_export_files_3.1.0/javacardx/framework/util/javacard/util.exp b/Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/framework/util/javacard/util.exp similarity index 100% rename from Applet/api_export_files_3.1.0/javacardx/framework/util/javacard/util.exp rename to Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/framework/util/javacard/util.exp diff --git a/Applet/api_export_files_3.1.0/javacardx/security/cert/javacard/cert.exp b/Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/security/cert/javacard/cert.exp similarity index 100% rename from Applet/api_export_files_3.1.0/javacardx/security/cert/javacard/cert.exp rename to Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/security/cert/javacard/cert.exp diff --git a/Applet/api_export_files_3.1.0/javacardx/security/derivation/javacard/derivation.exp b/Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/security/derivation/javacard/derivation.exp similarity index 100% rename from Applet/api_export_files_3.1.0/javacardx/security/derivation/javacard/derivation.exp rename to Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/security/derivation/javacard/derivation.exp diff --git a/Applet/api_export_files_3.0.5/javacardx/security/javacard/security.exp b/Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/security/javacard/security.exp similarity index 100% rename from Applet/api_export_files_3.0.5/javacardx/security/javacard/security.exp rename to Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/security/javacard/security.exp diff --git a/Applet/api_export_files_3.1.0/javacardx/security/util/javacard/util.exp b/Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/security/util/javacard/util.exp similarity index 100% rename from Applet/api_export_files_3.1.0/javacardx/security/util/javacard/util.exp rename to Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/security/util/javacard/util.exp diff --git a/Applet/AndroidSEProvider/build.xml b/Applet/AndroidSEProvider/build.xml new file mode 100644 index 00000000..04b1dee6 --- /dev/null +++ b/Applet/AndroidSEProvider/build.xml @@ -0,0 +1,77 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEApplet.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEApplet.java new file mode 100644 index 00000000..1d24f580 --- /dev/null +++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEApplet.java @@ -0,0 +1,71 @@ +package com.android.javacard.keymaster; + +import org.globalplatform.upgrade.Element; +import org.globalplatform.upgrade.OnUpgradeListener; +import org.globalplatform.upgrade.UpgradeManager; + +public class KMAndroidSEApplet extends KMKeymasterApplet implements OnUpgradeListener { + + KMAndroidSEApplet(){ + super(new KMAndroidSEProvider(true)); + } + /** + * Installs this applet. + * + * @param bArray the array containing installation parameters + * @param bOffset the starting offset in bArray + * @param bLength the length in bytes of the parameter data in bArray + */ + public static void install(byte[] bArray, short bOffset, byte bLength) { + new KMAndroidSEApplet().register(bArray, (short) (bOffset + 1), bArray[bOffset]); + } + + @Override + public void onCleanup() { + } + + @Override + public void onConsolidate() { + } + + @Override + public void onRestore(Element element) { + element.initRead(); + provisionStatus = element.readByte(); + keymasterState = element.readByte(); + repository.onRestore(element); + seProvider.onRestore(element); + } + + @Override + public Element onSave() { + // SEProvider count + short primitiveCount = seProvider.getBackupPrimitiveByteCount(); + short objectCount = seProvider.getBackupObjectCount(); + //Repository count + primitiveCount += repository.getBackupPrimitiveByteCount(); + objectCount += repository.getBackupObjectCount(); + //KMKeymasterApplet count + primitiveCount += computePrimitveDataSize(); + objectCount += computeObjectCount(); + + // Create element. + Element element = UpgradeManager.createElement(Element.TYPE_SIMPLE, + primitiveCount, objectCount); + element.write(provisionStatus); + element.write(keymasterState); + repository.onSave(element); + seProvider.onSave(element); + return element; + } + + private short computePrimitveDataSize() { + // provisionStatus + keymasterState + return (short) 2; + } + + private short computeObjectCount() { + return (short) 0; + } +} + diff --git a/Applet/Applet/AndroidSEProvider/com/android/javacard/keymaster/AndroidSEProvider.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java similarity index 99% rename from Applet/Applet/AndroidSEProvider/com/android/javacard/keymaster/AndroidSEProvider.java rename to Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java index d85dd781..db1cd7f5 100644 --- a/Applet/Applet/AndroidSEProvider/com/android/javacard/keymaster/AndroidSEProvider.java +++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java @@ -35,7 +35,7 @@ import javacardx.crypto.AEADCipher; import javacardx.crypto.Cipher; -public class AndroidSEProvider implements KMSEProvider { +public class KMAndroidSEProvider implements KMSEProvider { // static final variables // -------------------------------------------------------------- // P-256 Curve Parameters @@ -157,13 +157,13 @@ public class AndroidSEProvider implements KMSEProvider { //For storing root certificate and intermediate certificates. private byte[] certificateChain; - private static AndroidSEProvider androidSEProvider = null; + private static KMAndroidSEProvider androidSEProvider = null; - public static AndroidSEProvider getInstance() { + public static KMAndroidSEProvider getInstance() { return androidSEProvider; } - public AndroidSEProvider(boolean isUpgrading) { + public KMAndroidSEProvider(boolean isUpgrading) { // Re-usable AES,DES and HMAC keys in persisted memory. aesKeys = new AESKey[2]; aesKeys[KEYSIZE_128_OFFSET] = (AESKey) KeyBuilder.buildKey( diff --git a/Applet/Applet/AndroidSEProvider/com/android/javacard/keymaster/KMAttestationCertImpl.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java similarity index 99% rename from Applet/Applet/AndroidSEProvider/com/android/javacard/keymaster/KMAttestationCertImpl.java rename to Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java index 77a97b1e..1e50f620 100644 --- a/Applet/Applet/AndroidSEProvider/com/android/javacard/keymaster/KMAttestationCertImpl.java +++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java @@ -889,7 +889,7 @@ public void build() { tbsLength = (short) (tbsLength - tbsOffset); pushSequenceHeader((short) (last - stackPtr)); certStart = stackPtr; - short sigLen = AndroidSEProvider.getInstance() + short sigLen = KMAndroidSEProvider.getInstance() .ecSign256( KMByteBlob.cast(signPriv).getBuffer(), KMByteBlob.cast(signPriv).getStartOff(), @@ -933,7 +933,7 @@ public KMAttestationCert makeUniqueId(byte[] scratchPad, short scratchPadOff, scratchPadOff++; timeOffset = KMByteBlob.instance((short) 32); - appIdOff = AndroidSEProvider.getInstance().hmacSign(key, keyOff, keyLen, + appIdOff = KMAndroidSEProvider.getInstance().hmacSign(key, keyOff, keyLen, scratchPad, /* data */ temp, /* data start */ scratchPadOff, /* data length */ diff --git a/Applet/Applet/AndroidSEProvider/com/android/javacard/keymaster/KMEcdsa256NoDigestSignature.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMEcdsa256NoDigestSignature.java similarity index 86% rename from Applet/Applet/AndroidSEProvider/com/android/javacard/keymaster/KMEcdsa256NoDigestSignature.java rename to Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMEcdsa256NoDigestSignature.java index 31abede5..727641c0 100644 --- a/Applet/Applet/AndroidSEProvider/com/android/javacard/keymaster/KMEcdsa256NoDigestSignature.java +++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMEcdsa256NoDigestSignature.java @@ -75,16 +75,16 @@ public short sign(byte[] bytes, short i, short i1, byte[] bytes1, short i2) CryptoException.throwIt(CryptoException.ILLEGAL_USE); // add zeros to the left if (i1 < MAX_NO_DIGEST_MSG_LEN) { - Util.arrayFillNonAtomic(AndroidSEProvider.getInstance().tmpArray, + Util.arrayFillNonAtomic(KMAndroidSEProvider.getInstance().tmpArray, (short) 0, (short) MAX_NO_DIGEST_MSG_LEN, (byte) 0); } Util.arrayCopyNonAtomic(bytes, i, - AndroidSEProvider.getInstance().tmpArray, + KMAndroidSEProvider.getInstance().tmpArray, (short) (MAX_NO_DIGEST_MSG_LEN - i1), i1); - return inst.signPreComputedHash(AndroidSEProvider.getInstance().tmpArray, + return inst.signPreComputedHash(KMAndroidSEProvider.getInstance().tmpArray, (short) 0, (short) MAX_NO_DIGEST_MSG_LEN, bytes1, i2); } finally { - AndroidSEProvider.getInstance().clean(); + KMAndroidSEProvider.getInstance().clean(); } } @@ -102,17 +102,17 @@ public boolean verify(byte[] bytes, short i, short i1, byte[] bytes1, CryptoException.throwIt(CryptoException.ILLEGAL_USE); // add zeros to the left if (i1 < MAX_NO_DIGEST_MSG_LEN) { - Util.arrayFillNonAtomic(AndroidSEProvider.getInstance().tmpArray, + Util.arrayFillNonAtomic(KMAndroidSEProvider.getInstance().tmpArray, (short) 0, (short) MAX_NO_DIGEST_MSG_LEN, (byte) 0); } Util.arrayCopyNonAtomic(bytes, i, - AndroidSEProvider.getInstance().tmpArray, + KMAndroidSEProvider.getInstance().tmpArray, (short) (MAX_NO_DIGEST_MSG_LEN - i1), i1); return inst.verifyPreComputedHash( - AndroidSEProvider.getInstance().tmpArray, (short) 0, + KMAndroidSEProvider.getInstance().tmpArray, (short) 0, (short) MAX_NO_DIGEST_MSG_LEN, bytes1, i2, i3); } finally { - AndroidSEProvider.getInstance().clean(); + KMAndroidSEProvider.getInstance().clean(); } } diff --git a/Applet/Applet/AndroidSEProvider/com/android/javacard/keymaster/KMInstance.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMInstance.java similarity index 100% rename from Applet/Applet/AndroidSEProvider/com/android/javacard/keymaster/KMInstance.java rename to Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMInstance.java diff --git a/Applet/Applet/AndroidSEProvider/com/android/javacard/keymaster/KMOperationImpl.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMOperationImpl.java similarity index 92% rename from Applet/Applet/AndroidSEProvider/com/android/javacard/keymaster/KMOperationImpl.java rename to Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMOperationImpl.java index 2469dd0c..b1f48827 100644 --- a/Applet/Applet/AndroidSEProvider/com/android/javacard/keymaster/KMOperationImpl.java +++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMOperationImpl.java @@ -103,7 +103,7 @@ public short update(byte[] inputDataBuf, short inputDataStart, @Override public short finish(byte[] inputDataBuf, short inputDataStart, short inputDataLen, byte[] outputDataBuf, short outputDataStart) { - byte[] tmpArray = AndroidSEProvider.getInstance().tmpArray; + byte[] tmpArray = KMAndroidSEProvider.getInstance().tmpArray; short len = 0; try { if (cipherAlg == KMType.AES && blockMode == KMType.GCM) { @@ -175,8 +175,8 @@ public short finish(byte[] inputDataBuf, short inputDataStart, } } } finally { - AndroidSEProvider.getInstance().clean(); - AndroidSEProvider.getInstance().releaseCipherInstance(cipher); + KMAndroidSEProvider.getInstance().clean(); + KMAndroidSEProvider.getInstance().releaseCipherInstance(cipher); resetCipher(); } return len; @@ -190,7 +190,7 @@ public short sign(byte[] inputDataBuf, short inputDataStart, len = signature.sign(inputDataBuf, inputDataStart, inputDataLength, signBuf, signStart); } finally { - AndroidSEProvider.getInstance().releaseSignatureInstance(signature); + KMAndroidSEProvider.getInstance().releaseSignatureInstance(signature); signature = null; } return len; @@ -204,7 +204,7 @@ public boolean verify(byte[] inputDataBuf, short inputDataStart, ret = signature.verify(inputDataBuf, inputDataStart, inputDataLength, signBuf, signStart, signLength); } finally { - AndroidSEProvider.getInstance().releaseSignatureInstance(signature); + KMAndroidSEProvider.getInstance().releaseSignatureInstance(signature); signature = null; } return ret; @@ -214,14 +214,14 @@ public boolean verify(byte[] inputDataBuf, short inputDataStart, public void abort() { // do nothing if (cipher != null) { - AndroidSEProvider.getInstance().releaseCipherInstance(cipher); + KMAndroidSEProvider.getInstance().releaseCipherInstance(cipher); resetCipher(); } if (signature != null) { - AndroidSEProvider.getInstance().releaseSignatureInstance(signature); + KMAndroidSEProvider.getInstance().releaseSignatureInstance(signature); signature = null; } - AndroidSEProvider.getInstance().releaseOperationInstance(this); + KMAndroidSEProvider.getInstance().releaseOperationInstance(this); } @Override diff --git a/Applet/Applet/AndroidSEProvider/com/android/javacard/keymaster/KMRsa2048NoDigestSignature.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMRsa2048NoDigestSignature.java similarity index 95% rename from Applet/Applet/AndroidSEProvider/com/android/javacard/keymaster/KMRsa2048NoDigestSignature.java rename to Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMRsa2048NoDigestSignature.java index eb799dfe..71c36a3d 100644 --- a/Applet/Applet/AndroidSEProvider/com/android/javacard/keymaster/KMRsa2048NoDigestSignature.java +++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMRsa2048NoDigestSignature.java @@ -68,8 +68,8 @@ public void update(byte[] bytes, short i, short i1) throws CryptoException { @Override public short sign(byte[] bytes, short i, short i1, byte[] bytes1, short i2) throws CryptoException { - padData(bytes, i, i1, AndroidSEProvider.getInstance().tmpArray, (short) 0); - return inst.doFinal(AndroidSEProvider.getInstance().tmpArray, (short) 0, + padData(bytes, i, i1, KMAndroidSEProvider.getInstance().tmpArray, (short) 0); + return inst.doFinal(KMAndroidSEProvider.getInstance().tmpArray, (short) 0, (short) 256, bytes1, i2); } diff --git a/Applet/Applet/AndroidSEProvider/com/android/javacard/keymaster/KMRsaOAEPEncoding.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMRsaOAEPEncoding.java similarity index 98% rename from Applet/Applet/AndroidSEProvider/com/android/javacard/keymaster/KMRsaOAEPEncoding.java rename to Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMRsaOAEPEncoding.java index aa35793f..d4f4cb83 100644 --- a/Applet/Applet/AndroidSEProvider/com/android/javacard/keymaster/KMRsaOAEPEncoding.java +++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMRsaOAEPEncoding.java @@ -5,7 +5,6 @@ import javacard.security.CryptoException; import javacard.security.Key; import javacard.security.MessageDigest; -import javacard.security.RSAPrivateKey; import javacardx.crypto.Cipher; public class KMRsaOAEPEncoding extends Cipher { @@ -165,7 +164,7 @@ private void I2OS(short i, byte[] out, short offset) { private short rsaOAEPDecode(byte[] encodedMsg, short encodedMsgOff, short encodedMsgLen, byte[] msg, short offset) { MessageDigest.OneShot md = null; - byte[] tmpArray = AndroidSEProvider.getInstance().tmpArray; + byte[] tmpArray = KMAndroidSEProvider.getInstance().tmpArray; try { short hLen = getDigestLength(); @@ -238,7 +237,7 @@ private short rsaOAEPDecode(byte[] encodedMsg, short encodedMsgOff, if (md != null) md.close(); Util.arrayFillNonAtomic(tmpArray, (short) 0, - AndroidSEProvider.TMP_ARRAY_SIZE, (byte) 0); + KMAndroidSEProvider.TMP_ARRAY_SIZE, (byte) 0); } } } \ No newline at end of file diff --git a/Applet/Applet/AndroidSEProvider/com/android/javacard/keymaster/KMUtils.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMUtils.java similarity index 100% rename from Applet/Applet/AndroidSEProvider/com/android/javacard/keymaster/KMUtils.java rename to Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMUtils.java diff --git a/Applet/Applet/AndroidSEProvider/com/android/javacard/keymaster/KMSEProviderImpl.java b/Applet/Applet/AndroidSEProvider/com/android/javacard/keymaster/KMSEProviderImpl.java deleted file mode 100644 index 11778a7d..00000000 --- a/Applet/Applet/AndroidSEProvider/com/android/javacard/keymaster/KMSEProviderImpl.java +++ /dev/null @@ -1,8 +0,0 @@ - -package com.android.javacard.keymaster; - -public class KMSEProviderImpl { - public static KMSEProvider instance(boolean isUpgrading){ - return new AndroidSEProvider(isUpgrading); - } -} diff --git a/Applet/Applet/JCardSimProvider/com/android/javacard/keymaster/KMSEProviderImpl.java b/Applet/Applet/JCardSimProvider/com/android/javacard/keymaster/KMSEProviderImpl.java deleted file mode 100644 index 43eb2f94..00000000 --- a/Applet/Applet/JCardSimProvider/com/android/javacard/keymaster/KMSEProviderImpl.java +++ /dev/null @@ -1,9 +0,0 @@ - -package com.android.javacard.keymaster; - -public class KMSEProviderImpl { - public static KMSEProvider instance(boolean isUpgrading) { - //Ignore isUpgrading flag as JCardSimulator does not support upgrade. - return new KMJcardSimulator(); - } -} diff --git a/Applet/JCardSimProvider/build.xml b/Applet/JCardSimProvider/build.xml new file mode 100644 index 00000000..58343402 --- /dev/null +++ b/Applet/JCardSimProvider/build.xml @@ -0,0 +1,56 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/Applet/lib/hamcrest-core-1.3.jar b/Applet/JCardSimProvider/lib/hamcrest-core-1.3.jar similarity index 100% rename from Applet/lib/hamcrest-core-1.3.jar rename to Applet/JCardSimProvider/lib/hamcrest-core-1.3.jar diff --git a/Applet/lib/jcardsim-3.0.5-SNAPSHOT.jar b/Applet/JCardSimProvider/lib/jcardsim-3.0.5-SNAPSHOT.jar similarity index 100% rename from Applet/lib/jcardsim-3.0.5-SNAPSHOT.jar rename to Applet/JCardSimProvider/lib/jcardsim-3.0.5-SNAPSHOT.jar diff --git a/Applet/lib/junit-4.13.jar b/Applet/JCardSimProvider/lib/junit-4.13.jar similarity index 100% rename from Applet/lib/junit-4.13.jar rename to Applet/JCardSimProvider/lib/junit-4.13.jar diff --git a/Applet/Applet/JCardSimProvider/com/android/javacard/keymaster/KMAttestationCertImpl.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java similarity index 99% rename from Applet/Applet/JCardSimProvider/com/android/javacard/keymaster/KMAttestationCertImpl.java rename to Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java index 9e046264..136ec4ba 100644 --- a/Applet/Applet/JCardSimProvider/com/android/javacard/keymaster/KMAttestationCertImpl.java +++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java @@ -889,7 +889,7 @@ public void build() { tbsLength = (short) (tbsLength - tbsOffset); pushSequenceHeader((short) (last - stackPtr)); certStart = stackPtr; - short sigLen = KMJcardSimulator.getInstance() + short sigLen = KMJCardSimulator.getInstance() .ecSign256( KMByteBlob.cast(signPriv).getBuffer(), KMByteBlob.cast(signPriv).getStartOff(), @@ -933,7 +933,7 @@ public KMAttestationCert makeUniqueId(byte[] scratchPad, short scratchPadOff, scratchPadOff++; timeOffset = KMByteBlob.instance((short) 32); - appIdOff = KMJcardSimulator.getInstance().hmacSign(key, keyOff, keyLen, + appIdOff = KMJCardSimulator.getInstance().hmacSign(key, keyOff, keyLen, scratchPad, /* data */ temp, /* data start */ scratchPadOff, /* data length */ diff --git a/Applet/Applet/JCardSimProvider/com/android/javacard/keymaster/KMCipher.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMCipher.java similarity index 97% rename from Applet/Applet/JCardSimProvider/com/android/javacard/keymaster/KMCipher.java rename to Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMCipher.java index b599c003..145fea9d 100644 --- a/Applet/Applet/JCardSimProvider/com/android/javacard/keymaster/KMCipher.java +++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMCipher.java @@ -1,51 +1,51 @@ -package com.android.javacard.keymaster; - -public abstract class KMCipher { - /* - public static final byte CIPHER_RSA = 7; - public static final short PAD_PKCS1_OAEP = 9; - public static final short PAD_PKCS1_OAEP_SHA224 = 13; - public static final byte PAD_PKCS1_OAEP_SHA256 = 14; - public static final short PAD_PKCS1_OAEP_SHA384 = 15; - public static final short PAD_PKCS1_OAEP_SHA512 = 16; - public static final short PAD_NOPAD = 1; - public static final short PAD_PKCS1_PSS = 8; - public static final short PAD_NULL = 0; - public static final short PAD_PKCS7 = 31; // Not supported in javacard - public static final short ALG_DES_CBC_NOPAD = 1; - public static final short ALG_DES_ECB_NOPAD = 5; - public static final short ALG_AES_BLOCK_128_CBC_NOPAD= 13; - public static final short ALG_AES_BLOCK_128_ECB_NOPAD = 14; - public static final short ALG_AES_GCM = -13; - public static final short MODE_ENCRYPT = 2; - public static final short MODE_DECRYPT = 1; - public static final short PAD_PKCS1 = 7; - public static final short AES_BLOCK_SIZE = 16; - public static final short DES_BLOCK_SIZE = 8; - public static final short ALG_AES_CTR = -16; - - */ - public static final short SUN_JCE = 0xE9; - - public abstract short doFinal(byte[] buffer, short startOff, short length, byte[] scratchPad, short i); - - public abstract short update(byte[] buffer, short startOff, short length, byte[] scratchPad, short i); - - public abstract void updateAAD(byte[] buffer, short startOff, short length); - - public abstract short getBlockMode(); - - public abstract void setBlockMode(short mode); - - public abstract short getPaddingAlgorithm(); - - public abstract short getCipherAlgorithm(); - - public abstract void setPaddingAlgorithm(short alg); - - public abstract void setCipherAlgorithm(short alg); - - public abstract short getCipherProvider(); - - public abstract short getAesGcmOutputSize(short len, short macLength); -} +package com.android.javacard.keymaster; + +public abstract class KMCipher { + /* + public static final byte CIPHER_RSA = 7; + public static final short PAD_PKCS1_OAEP = 9; + public static final short PAD_PKCS1_OAEP_SHA224 = 13; + public static final byte PAD_PKCS1_OAEP_SHA256 = 14; + public static final short PAD_PKCS1_OAEP_SHA384 = 15; + public static final short PAD_PKCS1_OAEP_SHA512 = 16; + public static final short PAD_NOPAD = 1; + public static final short PAD_PKCS1_PSS = 8; + public static final short PAD_NULL = 0; + public static final short PAD_PKCS7 = 31; // Not supported in javacard + public static final short ALG_DES_CBC_NOPAD = 1; + public static final short ALG_DES_ECB_NOPAD = 5; + public static final short ALG_AES_BLOCK_128_CBC_NOPAD= 13; + public static final short ALG_AES_BLOCK_128_ECB_NOPAD = 14; + public static final short ALG_AES_GCM = -13; + public static final short MODE_ENCRYPT = 2; + public static final short MODE_DECRYPT = 1; + public static final short PAD_PKCS1 = 7; + public static final short AES_BLOCK_SIZE = 16; + public static final short DES_BLOCK_SIZE = 8; + public static final short ALG_AES_CTR = -16; + + */ + public static final short SUN_JCE = 0xE9; + + public abstract short doFinal(byte[] buffer, short startOff, short length, byte[] scratchPad, short i); + + public abstract short update(byte[] buffer, short startOff, short length, byte[] scratchPad, short i); + + public abstract void updateAAD(byte[] buffer, short startOff, short length); + + public abstract short getBlockMode(); + + public abstract void setBlockMode(short mode); + + public abstract short getPaddingAlgorithm(); + + public abstract short getCipherAlgorithm(); + + public abstract void setPaddingAlgorithm(short alg); + + public abstract void setCipherAlgorithm(short alg); + + public abstract short getCipherProvider(); + + public abstract short getAesGcmOutputSize(short len, short macLength); +} diff --git a/Applet/Applet/JCardSimProvider/com/android/javacard/keymaster/KMCipherImpl.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMCipherImpl.java similarity index 97% rename from Applet/Applet/JCardSimProvider/com/android/javacard/keymaster/KMCipherImpl.java rename to Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMCipherImpl.java index 65ebfad0..ea65a94c 100644 --- a/Applet/Applet/JCardSimProvider/com/android/javacard/keymaster/KMCipherImpl.java +++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMCipherImpl.java @@ -1,220 +1,220 @@ -package com.android.javacard.keymaster; - -import javacard.framework.Util; -import javacard.security.CryptoException; -import javacardx.crypto.Cipher; -import javax.crypto.AEADBadTagException; -import javax.crypto.BadPaddingException; -import javax.crypto.IllegalBlockSizeException; -import javax.crypto.ShortBufferException; - - -public class KMCipherImpl extends KMCipher{ - private Cipher cipher; - private javax.crypto.Cipher sunCipher; - private short cipherAlg; - private short padding; - private short mode; - private boolean verificationFlag; - private short blockMode; - KMCipherImpl(Cipher c){ - cipher = c; - } - KMCipherImpl(javax.crypto.Cipher c){ - sunCipher = c; - } - - @Override - public short doFinal(byte[] buffer, short startOff, short length, byte[] scratchPad, short i){ - if(cipherAlg == KMType.RSA && padding == KMType.RSA_OAEP){ - try { - return (short)sunCipher.doFinal(buffer,startOff,length,scratchPad,i); - } catch (ShortBufferException e) { - e.printStackTrace(); - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - } catch (IllegalBlockSizeException e) { - e.printStackTrace(); - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - } catch (BadPaddingException e) { - e.printStackTrace(); - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - } - }else if(cipherAlg == KMType.AES && blockMode == KMType.GCM){ - try { - return (short)sunCipher.doFinal(buffer,startOff,length,scratchPad,i); - } catch (AEADBadTagException e) { - e.printStackTrace(); - verificationFlag = false; - KMException.throwIt(KMError.VERIFICATION_FAILED); - } catch (ShortBufferException e) { - e.printStackTrace(); - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - } catch (IllegalBlockSizeException e) { - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - } catch (BadPaddingException e) { - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - } - } else if(cipherAlg == KMType.AES && blockMode == KMType.CTR){ - try { - return (short)sunCipher.doFinal(buffer,startOff,length,scratchPad,i); - } catch (ShortBufferException e) { - e.printStackTrace(); - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - } catch (IllegalBlockSizeException e) { - e.printStackTrace(); - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - } catch (BadPaddingException e) { - e.printStackTrace(); - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - } - } else{ - if(cipherAlg == KMType.RSA && padding == KMType.PADDING_NONE && mode == KMType.ENCRYPT ){ - // Length cannot be greater then key size according to JcardSim - if(length >= 256) KMException.throwIt(KMError.INVALID_INPUT_LENGTH); - // make input equal to 255 bytes - byte[] tmp = new byte[255]; - Util.arrayFillNonAtomic(tmp,(short)0,(short)255, (byte)0); - Util.arrayCopyNonAtomic( - buffer, - startOff, - tmp, (short)(255 - length),length); - startOff = 0; - length = 255; - buffer = tmp; - - }else if((cipherAlg == KMType.DES || cipherAlg == KMType.AES) && padding ==KMType.PKCS7 && mode == KMType.ENCRYPT){ - byte blkSize = 16; - byte paddingBytes; - short len = length; - if (cipherAlg == KMType.DES) blkSize = 8; - // padding bytes - if (len % blkSize == 0) paddingBytes = blkSize; - else paddingBytes = (byte) (blkSize - (len % blkSize)); - // final len with padding - len = (short) (len + paddingBytes); - // intermediate buffer to copy input data+padding - byte[] tmp = new byte[len]; - // fill in the padding - Util.arrayFillNonAtomic(tmp, (short) 0, len, paddingBytes); - // copy the input data - Util.arrayCopyNonAtomic(buffer,startOff,tmp,(short)0,length); - buffer = tmp; - length = len; - startOff = 0; - } - short len = cipher.doFinal(buffer, startOff, length, scratchPad, i); - // JCard Sim removes leading zeros during decryption in case of no padding - so add that back. - if (cipherAlg == KMType.RSA && padding == KMType.PADDING_NONE && mode == KMType.DECRYPT && len < 256) { - byte[] tempBuf = new byte[256]; - Util.arrayFillNonAtomic(tempBuf, (short) 0, (short) 256, (byte) 0); - Util.arrayCopyNonAtomic(scratchPad, (short) 0, tempBuf, (short) (i + 256 - len), len); - Util.arrayCopyNonAtomic(tempBuf, (short) 0, scratchPad, i, (short) 256); - len = 256; - }else if((cipherAlg == KMType.AES || cipherAlg == KMType.DES) // PKCS7 - && padding == KMType.PKCS7 - && mode == KMType.DECRYPT){ - byte blkSize = 16; - if (cipherAlg == KMType.DES) blkSize = 8; - if(len >0) { - //verify if padding is corrupted. - byte paddingByte = scratchPad[i+len -1]; - //padding byte always should be <= block size - if((short)paddingByte > blkSize || - (short)paddingByte <= 0) KMException.throwIt(KMError.INVALID_ARGUMENT); - len = (short)(len - (short)paddingByte);// remove the padding bytes - } - } - return len; - } - return KMType.INVALID_VALUE; - } - - @Override - public short getCipherAlgorithm() { - return cipherAlg; - } - - @Override - public void setCipherAlgorithm(short alg) { - cipherAlg = alg; - } - - @Override - public short update(byte[] buffer, short startOff, short length, byte[] scratchPad, short i) { - if(cipherAlg == KMType.AES && (blockMode == KMType.GCM || blockMode == KMType.CTR)){ - try { - return (short)sunCipher.update(buffer,startOff,length,scratchPad,i); - } catch (ShortBufferException e) { - e.printStackTrace(); - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - } catch (IllegalStateException e) { - e.printStackTrace(); - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - } - } else{ - return cipher.update(buffer, startOff, length, scratchPad, i); - } - return KMType.INVALID_VALUE; - } - - @Override - public void updateAAD(byte[] buffer, short startOff, short length) { - try { - sunCipher.updateAAD(buffer,startOff,length); - } catch (IllegalArgumentException e) { - e.printStackTrace(); - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - } catch (IllegalStateException e) { - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - } catch (UnsupportedOperationException e) { - CryptoException.throwIt(CryptoException.ILLEGAL_USE); - } - } - - @Override - public short getPaddingAlgorithm() { - return padding; - } - - @Override - public void setPaddingAlgorithm(short alg) { - padding = alg; - } - - @Override - public void setBlockMode(short mode){ - blockMode = mode; - } - - @Override - public short getBlockMode(){ - return blockMode; - } - - public short getMode() { - return mode; - } - - public void setMode(short mode) { - this.mode = mode; - } - - @Override - public short getCipherProvider() { - return KMCipher.SUN_JCE; - } - - @Override - public short getAesGcmOutputSize(short len, short macLength) { - if (sunCipher != null) { - return (short) sunCipher.getOutputSize(len); - } else { - if (mode == KMType.ENCRYPT) { - return (short) (len + macLength); - } else { - return (short) (len - macLength); - } - } - } - -} +package com.android.javacard.keymaster; + +import javacard.framework.Util; +import javacard.security.CryptoException; +import javacardx.crypto.Cipher; +import javax.crypto.AEADBadTagException; +import javax.crypto.BadPaddingException; +import javax.crypto.IllegalBlockSizeException; +import javax.crypto.ShortBufferException; + + +public class KMCipherImpl extends KMCipher{ + private Cipher cipher; + private javax.crypto.Cipher sunCipher; + private short cipherAlg; + private short padding; + private short mode; + private boolean verificationFlag; + private short blockMode; + KMCipherImpl(Cipher c){ + cipher = c; + } + KMCipherImpl(javax.crypto.Cipher c){ + sunCipher = c; + } + + @Override + public short doFinal(byte[] buffer, short startOff, short length, byte[] scratchPad, short i){ + if(cipherAlg == KMType.RSA && padding == KMType.RSA_OAEP){ + try { + return (short)sunCipher.doFinal(buffer,startOff,length,scratchPad,i); + } catch (ShortBufferException e) { + e.printStackTrace(); + CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); + } catch (IllegalBlockSizeException e) { + e.printStackTrace(); + CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); + } catch (BadPaddingException e) { + e.printStackTrace(); + CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); + } + }else if(cipherAlg == KMType.AES && blockMode == KMType.GCM){ + try { + return (short)sunCipher.doFinal(buffer,startOff,length,scratchPad,i); + } catch (AEADBadTagException e) { + e.printStackTrace(); + verificationFlag = false; + KMException.throwIt(KMError.VERIFICATION_FAILED); + } catch (ShortBufferException e) { + e.printStackTrace(); + CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); + } catch (IllegalBlockSizeException e) { + CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); + } catch (BadPaddingException e) { + CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); + } + } else if(cipherAlg == KMType.AES && blockMode == KMType.CTR){ + try { + return (short)sunCipher.doFinal(buffer,startOff,length,scratchPad,i); + } catch (ShortBufferException e) { + e.printStackTrace(); + CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); + } catch (IllegalBlockSizeException e) { + e.printStackTrace(); + CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); + } catch (BadPaddingException e) { + e.printStackTrace(); + CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); + } + } else{ + if(cipherAlg == KMType.RSA && padding == KMType.PADDING_NONE && mode == KMType.ENCRYPT ){ + // Length cannot be greater then key size according to JcardSim + if(length >= 256) KMException.throwIt(KMError.INVALID_INPUT_LENGTH); + // make input equal to 255 bytes + byte[] tmp = new byte[255]; + Util.arrayFillNonAtomic(tmp,(short)0,(short)255, (byte)0); + Util.arrayCopyNonAtomic( + buffer, + startOff, + tmp, (short)(255 - length),length); + startOff = 0; + length = 255; + buffer = tmp; + + }else if((cipherAlg == KMType.DES || cipherAlg == KMType.AES) && padding ==KMType.PKCS7 && mode == KMType.ENCRYPT){ + byte blkSize = 16; + byte paddingBytes; + short len = length; + if (cipherAlg == KMType.DES) blkSize = 8; + // padding bytes + if (len % blkSize == 0) paddingBytes = blkSize; + else paddingBytes = (byte) (blkSize - (len % blkSize)); + // final len with padding + len = (short) (len + paddingBytes); + // intermediate buffer to copy input data+padding + byte[] tmp = new byte[len]; + // fill in the padding + Util.arrayFillNonAtomic(tmp, (short) 0, len, paddingBytes); + // copy the input data + Util.arrayCopyNonAtomic(buffer,startOff,tmp,(short)0,length); + buffer = tmp; + length = len; + startOff = 0; + } + short len = cipher.doFinal(buffer, startOff, length, scratchPad, i); + // JCard Sim removes leading zeros during decryption in case of no padding - so add that back. + if (cipherAlg == KMType.RSA && padding == KMType.PADDING_NONE && mode == KMType.DECRYPT && len < 256) { + byte[] tempBuf = new byte[256]; + Util.arrayFillNonAtomic(tempBuf, (short) 0, (short) 256, (byte) 0); + Util.arrayCopyNonAtomic(scratchPad, (short) 0, tempBuf, (short) (i + 256 - len), len); + Util.arrayCopyNonAtomic(tempBuf, (short) 0, scratchPad, i, (short) 256); + len = 256; + }else if((cipherAlg == KMType.AES || cipherAlg == KMType.DES) // PKCS7 + && padding == KMType.PKCS7 + && mode == KMType.DECRYPT){ + byte blkSize = 16; + if (cipherAlg == KMType.DES) blkSize = 8; + if(len >0) { + //verify if padding is corrupted. + byte paddingByte = scratchPad[i+len -1]; + //padding byte always should be <= block size + if((short)paddingByte > blkSize || + (short)paddingByte <= 0) KMException.throwIt(KMError.INVALID_ARGUMENT); + len = (short)(len - (short)paddingByte);// remove the padding bytes + } + } + return len; + } + return KMType.INVALID_VALUE; + } + + @Override + public short getCipherAlgorithm() { + return cipherAlg; + } + + @Override + public void setCipherAlgorithm(short alg) { + cipherAlg = alg; + } + + @Override + public short update(byte[] buffer, short startOff, short length, byte[] scratchPad, short i) { + if(cipherAlg == KMType.AES && (blockMode == KMType.GCM || blockMode == KMType.CTR)){ + try { + return (short)sunCipher.update(buffer,startOff,length,scratchPad,i); + } catch (ShortBufferException e) { + e.printStackTrace(); + CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); + } catch (IllegalStateException e) { + e.printStackTrace(); + CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); + } + } else{ + return cipher.update(buffer, startOff, length, scratchPad, i); + } + return KMType.INVALID_VALUE; + } + + @Override + public void updateAAD(byte[] buffer, short startOff, short length) { + try { + sunCipher.updateAAD(buffer,startOff,length); + } catch (IllegalArgumentException e) { + e.printStackTrace(); + CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); + } catch (IllegalStateException e) { + CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); + } catch (UnsupportedOperationException e) { + CryptoException.throwIt(CryptoException.ILLEGAL_USE); + } + } + + @Override + public short getPaddingAlgorithm() { + return padding; + } + + @Override + public void setPaddingAlgorithm(short alg) { + padding = alg; + } + + @Override + public void setBlockMode(short mode){ + blockMode = mode; + } + + @Override + public short getBlockMode(){ + return blockMode; + } + + public short getMode() { + return mode; + } + + public void setMode(short mode) { + this.mode = mode; + } + + @Override + public short getCipherProvider() { + return KMCipher.SUN_JCE; + } + + @Override + public short getAesGcmOutputSize(short len, short macLength) { + if (sunCipher != null) { + return (short) sunCipher.getOutputSize(len); + } else { + if (mode == KMType.ENCRYPT) { + return (short) (len + macLength); + } else { + return (short) (len - macLength); + } + } + } + +} diff --git a/Applet/Applet/JCardSimProvider/com/android/javacard/keymaster/KMEcdsa256NoDigestSignature.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMEcdsa256NoDigestSignature.java similarity index 100% rename from Applet/Applet/JCardSimProvider/com/android/javacard/keymaster/KMEcdsa256NoDigestSignature.java rename to Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMEcdsa256NoDigestSignature.java diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimApplet.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimApplet.java new file mode 100644 index 00000000..e1ec74f8 --- /dev/null +++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimApplet.java @@ -0,0 +1,19 @@ +package com.android.javacard.keymaster; + +public class KMJCardSimApplet extends KMKeymasterApplet { + + KMJCardSimApplet(){ + super(new KMJCardSimulator()); + } + /** + * Installs this applet. + * + * @param bArray the array containing installation parameters + * @param bOffset the starting offset in bArray + * @param bLength the length in bytes of the parameter data in bArray + */ + public static void install(byte[] bArray, short bOffset, byte bLength) { + new KMJCardSimApplet().register(); + } + +} diff --git a/Applet/Applet/JCardSimProvider/com/android/javacard/keymaster/KMJcardSimulator.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java similarity index 99% rename from Applet/Applet/JCardSimProvider/com/android/javacard/keymaster/KMJcardSimulator.java rename to Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java index 76ebb3e9..446f8bd2 100644 --- a/Applet/Applet/JCardSimProvider/com/android/javacard/keymaster/KMJcardSimulator.java +++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java @@ -65,7 +65,7 @@ * Key, and upto 512 bit HMAC key. Also simulator does not support TRNG, so this implementation just * creates its own RNG using PRNG. */ -public class KMJcardSimulator implements KMSEProvider { +public class KMJCardSimulator implements KMSEProvider { public static final short AES_GCM_TAG_LENGTH = 12; public static final short AES_GCM_NONCE_LENGTH = 12; public static final short MAX_RND_NUM_SIZE = 64; @@ -85,14 +85,14 @@ public class KMJcardSimulator implements KMSEProvider { private static byte[] rndNum; private byte[] certificateChain; - private static KMJcardSimulator jCardSimulator = null; + private static KMJCardSimulator jCardSimulator = null; - public static KMJcardSimulator getInstance() { + public static KMJCardSimulator getInstance() { return jCardSimulator; } // Implements Oracle Simulator based restricted crypto provider - public KMJcardSimulator() { + public KMJCardSimulator() { // Various Keys kdf = Signature.getInstance(Signature.ALG_AES_CMAC_128, false); hmacSignature = Signature.getInstance(Signature.ALG_HMAC_SHA_256, false); diff --git a/Applet/Applet/JCardSimProvider/com/android/javacard/keymaster/KMOperationImpl.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMOperationImpl.java similarity index 100% rename from Applet/Applet/JCardSimProvider/com/android/javacard/keymaster/KMOperationImpl.java rename to Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMOperationImpl.java diff --git a/Applet/Applet/JCardSimProvider/com/android/javacard/keymaster/KMRsa2048NoDigestSignature.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMRsa2048NoDigestSignature.java similarity index 96% rename from Applet/Applet/JCardSimProvider/com/android/javacard/keymaster/KMRsa2048NoDigestSignature.java rename to Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMRsa2048NoDigestSignature.java index 82793bfb..38e9a3bc 100644 --- a/Applet/Applet/JCardSimProvider/com/android/javacard/keymaster/KMRsa2048NoDigestSignature.java +++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMRsa2048NoDigestSignature.java @@ -1,120 +1,120 @@ -package com.android.javacard.keymaster; - -import javacard.framework.Util; -import javacard.security.CryptoException; -import javacard.security.Key; -import javacard.security.Signature; -import javacardx.crypto.Cipher; - -public class KMRsa2048NoDigestSignature extends Signature { - private Cipher inst; // ALG_RSA_NOPAD. - private byte padding; - private byte[] rsaModulus; // to compare with the data value - - public KMRsa2048NoDigestSignature(Cipher ciph, byte padding, byte[]mod, short start, short len){ - inst = ciph; - this.padding = padding; - if(len != 256) CryptoException.throwIt(CryptoException.INVALID_INIT); - rsaModulus = new byte[256]; - Util.arrayCopyNonAtomic(mod,start,rsaModulus,(short)0,len); - } - - @Override - public void init(Key key, byte b) throws CryptoException { - - } - - @Override - public void init(Key key, byte b, byte[] bytes, short i, short i1) throws CryptoException { - } - - @Override - public void setInitialDigest(byte[] bytes, short i, short i1, byte[] bytes1, short i2, short i3) throws CryptoException { - } - - @Override - public byte getAlgorithm() { - return 0; - } - - @Override - public byte getMessageDigestAlgorithm() { - return 0; - } - - @Override - public byte getCipherAlgorithm() { - return 0; - } - - @Override - public byte getPaddingAlgorithm() { - return 0; - } - - @Override - public short getLength() throws CryptoException { - return 0; - } - - @Override - public void update(byte[] bytes, short i, short i1) throws CryptoException { - } - - @Override - public short sign(byte[] bytes, short i, short i1, byte[] bytes1, short i2) throws CryptoException { - byte[] inputData = padData(bytes,i,i1); - return inst.doFinal(inputData,(short)0,(short)256,bytes1,i2); - } - - @Override - public short signPreComputedHash(byte[] bytes, short i, short i1, byte[] bytes1, short i2) throws CryptoException { - return 0; - } - - @Override - public boolean verify(byte[] bytes, short i, short i1, byte[] bytes1, short i2, short i3) throws CryptoException { - // Cannot support this method as javacard cipher api does not allow 256 byte for public key - // encryption without padding. It only allows 255 bytes data. - return false; - } - - @Override - public boolean verifyPreComputedHash(byte[] bytes, short i, short i1, byte[] bytes1, short i2, short i3) throws CryptoException { - return false; - } - - private byte[] padData(byte[] buf, short start, short len){ - byte[] inputData = new byte[256]; - if(!isValidData(buf, start,len)){ - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - } - Util.arrayFillNonAtomic(inputData, (short) 0, (short) 256, (byte) 0x00); - if (padding == KMType.PADDING_NONE) { // add zero to right - } else if (padding == KMType.RSA_PKCS1_1_5_SIGN) {// 0x00||0x01||PS||0x00 - inputData[0] = 0x00; - inputData[1] = 0x01; - Util.arrayFillNonAtomic(inputData,(short)2,(short)(256-len-3),(byte)0xFF); - inputData[(short)(256-len-1)] = 0x00; - }else{ - CryptoException.throwIt(CryptoException.ILLEGAL_USE); - } - Util.arrayCopyNonAtomic(buf,start,inputData,(short)(256 -len),len); - return inputData; - } - - private boolean isValidData(byte[] buf, short start, short len) { - if (padding == KMType.PADDING_NONE) { - if (len > 256) return false; - else if (len == 256) { - short v = Util.arrayCompare(buf, start, rsaModulus, (short) 0, len); - if (v > 0) return false; - } - } else {//pkcs1 no digest - if(len > 245){ - return false; - } - } - return true; - } -} +package com.android.javacard.keymaster; + +import javacard.framework.Util; +import javacard.security.CryptoException; +import javacard.security.Key; +import javacard.security.Signature; +import javacardx.crypto.Cipher; + +public class KMRsa2048NoDigestSignature extends Signature { + private Cipher inst; // ALG_RSA_NOPAD. + private byte padding; + private byte[] rsaModulus; // to compare with the data value + + public KMRsa2048NoDigestSignature(Cipher ciph, byte padding, byte[]mod, short start, short len){ + inst = ciph; + this.padding = padding; + if(len != 256) CryptoException.throwIt(CryptoException.INVALID_INIT); + rsaModulus = new byte[256]; + Util.arrayCopyNonAtomic(mod,start,rsaModulus,(short)0,len); + } + + @Override + public void init(Key key, byte b) throws CryptoException { + + } + + @Override + public void init(Key key, byte b, byte[] bytes, short i, short i1) throws CryptoException { + } + + @Override + public void setInitialDigest(byte[] bytes, short i, short i1, byte[] bytes1, short i2, short i3) throws CryptoException { + } + + @Override + public byte getAlgorithm() { + return 0; + } + + @Override + public byte getMessageDigestAlgorithm() { + return 0; + } + + @Override + public byte getCipherAlgorithm() { + return 0; + } + + @Override + public byte getPaddingAlgorithm() { + return 0; + } + + @Override + public short getLength() throws CryptoException { + return 0; + } + + @Override + public void update(byte[] bytes, short i, short i1) throws CryptoException { + } + + @Override + public short sign(byte[] bytes, short i, short i1, byte[] bytes1, short i2) throws CryptoException { + byte[] inputData = padData(bytes,i,i1); + return inst.doFinal(inputData,(short)0,(short)256,bytes1,i2); + } + + @Override + public short signPreComputedHash(byte[] bytes, short i, short i1, byte[] bytes1, short i2) throws CryptoException { + return 0; + } + + @Override + public boolean verify(byte[] bytes, short i, short i1, byte[] bytes1, short i2, short i3) throws CryptoException { + // Cannot support this method as javacard cipher api does not allow 256 byte for public key + // encryption without padding. It only allows 255 bytes data. + return false; + } + + @Override + public boolean verifyPreComputedHash(byte[] bytes, short i, short i1, byte[] bytes1, short i2, short i3) throws CryptoException { + return false; + } + + private byte[] padData(byte[] buf, short start, short len){ + byte[] inputData = new byte[256]; + if(!isValidData(buf, start,len)){ + CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); + } + Util.arrayFillNonAtomic(inputData, (short) 0, (short) 256, (byte) 0x00); + if (padding == KMType.PADDING_NONE) { // add zero to right + } else if (padding == KMType.RSA_PKCS1_1_5_SIGN) {// 0x00||0x01||PS||0x00 + inputData[0] = 0x00; + inputData[1] = 0x01; + Util.arrayFillNonAtomic(inputData,(short)2,(short)(256-len-3),(byte)0xFF); + inputData[(short)(256-len-1)] = 0x00; + }else{ + CryptoException.throwIt(CryptoException.ILLEGAL_USE); + } + Util.arrayCopyNonAtomic(buf,start,inputData,(short)(256 -len),len); + return inputData; + } + + private boolean isValidData(byte[] buf, short start, short len) { + if (padding == KMType.PADDING_NONE) { + if (len > 256) return false; + else if (len == 256) { + short v = Util.arrayCompare(buf, start, rsaModulus, (short) 0, len); + if (v > 0) return false; + } + } else {//pkcs1 no digest + if(len > 245){ + return false; + } + } + return true; + } +} diff --git a/Applet/Applet/JCardSimProvider/com/android/javacard/keymaster/KMUtils.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMUtils.java similarity index 100% rename from Applet/Applet/JCardSimProvider/com/android/javacard/keymaster/KMUtils.java rename to Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMUtils.java diff --git a/Applet/Applet/test/com/android/javacard/test/KMFunctionalTest.java b/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java similarity index 97% rename from Applet/Applet/test/com/android/javacard/test/KMFunctionalTest.java rename to Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java index 450e7a60..fb248f2d 100644 --- a/Applet/Applet/test/com/android/javacard/test/KMFunctionalTest.java +++ b/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java @@ -1,2740 +1,2735 @@ -/* - * Copyright(C) 2020 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package com.android.javacard.test; - -import com.android.javacard.keymaster.KMArray; -import com.android.javacard.keymaster.KMAttestationCert; -import com.android.javacard.keymaster.KMAttestationCertImpl; -import com.android.javacard.keymaster.KMBoolTag; -import com.android.javacard.keymaster.KMByteBlob; -import com.android.javacard.keymaster.KMByteTag; -import com.android.javacard.keymaster.KMSEProvider; -import com.android.javacard.keymaster.KMSEProviderImpl; -import com.android.javacard.keymaster.KMDecoder; -import com.android.javacard.keymaster.KMEncoder; -import com.android.javacard.keymaster.KMEnum; -import com.android.javacard.keymaster.KMEnumArrayTag; -import com.android.javacard.keymaster.KMEnumTag; -import com.android.javacard.keymaster.KMError; -import com.android.javacard.keymaster.KMHardwareAuthToken; -import com.android.javacard.keymaster.KMHmacSharingParameters; -import com.android.javacard.keymaster.KMInteger; -import com.android.javacard.keymaster.KMIntegerTag; -import com.android.javacard.keymaster.KMKeyCharacteristics; -import com.android.javacard.keymaster.KMKeyParameters; -import com.android.javacard.keymaster.KMKeymasterApplet; -import com.android.javacard.keymaster.KMRepository; -import com.android.javacard.keymaster.KMType; -import com.android.javacard.keymaster.KMVerificationToken; -import com.licel.jcardsim.smartcardio.CardSimulator; -import com.licel.jcardsim.utils.AIDUtil; -import javacard.framework.AID; -import javacard.framework.Util; - -import java.security.spec.PKCS8EncodedKeySpec; - -import javax.smartcardio.CommandAPDU; -import javax.smartcardio.ResponseAPDU; -import org.junit.Assert; -import org.junit.Test; - -public class KMFunctionalTest { - private static final byte INS_BEGIN_KM_CMD = 0x00; - private static final byte INS_PROVISION_ATTESTATION_KEY_CMD = INS_BEGIN_KM_CMD + 1; //0x01 - private static final byte INS_PROVISION_ATTESTATION_CERT_CHAIN_CMD = INS_BEGIN_KM_CMD + 2; //0x02 - private static final byte INS_PROVISION_ATTESTATION_CERT_PARAMS_CMD = INS_BEGIN_KM_CMD + 3; //0x03 - private static final byte INS_PROVISION_ATTEST_IDS_CMD = INS_BEGIN_KM_CMD + 4; //0x04 - private static final byte INS_PROVISION_SHARED_SECRET_CMD = INS_BEGIN_KM_CMD + 5; //0x05 - private static final byte INS_SET_BOOT_PARAMS_CMD = INS_BEGIN_KM_CMD + 6; //0x06 - private static final byte INS_LOCK_PROVISIONING_CMD = INS_BEGIN_KM_CMD + 7; //0x07 - private static final byte INS_GET_PROVISION_STATUS_CMD = INS_BEGIN_KM_CMD + 8; //0x08 - // Top 32 commands are reserved for provisioning. - private static final byte INS_END_KM_PROVISION_CMD = 0x20; - - private static final byte INS_GENERATE_KEY_CMD = INS_END_KM_PROVISION_CMD + 1; //0x21 - private static final byte INS_IMPORT_KEY_CMD = INS_END_KM_PROVISION_CMD + 2; //0x22 - private static final byte INS_IMPORT_WRAPPED_KEY_CMD = INS_END_KM_PROVISION_CMD + 3; //0x23 - private static final byte INS_EXPORT_KEY_CMD = INS_END_KM_PROVISION_CMD + 4; //0x24 - private static final byte INS_ATTEST_KEY_CMD = INS_END_KM_PROVISION_CMD + 5; //0x25 - private static final byte INS_UPGRADE_KEY_CMD = INS_END_KM_PROVISION_CMD + 6; //0x26 - private static final byte INS_DELETE_KEY_CMD = INS_END_KM_PROVISION_CMD + 7; //0x27 - private static final byte INS_DELETE_ALL_KEYS_CMD = INS_END_KM_PROVISION_CMD + 8; //0x28 - private static final byte INS_ADD_RNG_ENTROPY_CMD = INS_END_KM_PROVISION_CMD + 9; //0x29 - private static final byte INS_COMPUTE_SHARED_HMAC_CMD = INS_END_KM_PROVISION_CMD + 10; //0x2A - private static final byte INS_DESTROY_ATT_IDS_CMD = INS_END_KM_PROVISION_CMD + 11; //0x2B - private static final byte INS_VERIFY_AUTHORIZATION_CMD = INS_END_KM_PROVISION_CMD + 12; //0x2C - private static final byte INS_GET_HMAC_SHARING_PARAM_CMD = INS_END_KM_PROVISION_CMD + 13; //0x2D - private static final byte INS_GET_KEY_CHARACTERISTICS_CMD = INS_END_KM_PROVISION_CMD + 14; //0x2E - private static final byte INS_GET_HW_INFO_CMD = INS_END_KM_PROVISION_CMD + 15; //0x2F - private static final byte INS_BEGIN_OPERATION_CMD = INS_END_KM_PROVISION_CMD + 16; //0x30 - private static final byte INS_UPDATE_OPERATION_CMD = INS_END_KM_PROVISION_CMD + 17; //0x31 - private static final byte INS_FINISH_OPERATION_CMD = INS_END_KM_PROVISION_CMD + 18; //0x32 - private static final byte INS_ABORT_OPERATION_CMD = INS_END_KM_PROVISION_CMD + 19; //0x33 - private static final byte INS_DEVICE_LOCKED_CMD = INS_END_KM_PROVISION_CMD + 20;//0x34 - private static final byte INS_EARLY_BOOT_ENDED_CMD = INS_END_KM_PROVISION_CMD + 21; //0x35 - private static final byte INS_GET_CERT_CHAIN_CMD = INS_END_KM_PROVISION_CMD + 22; //0x36 - - private static final byte[] kEcPrivKey = { - (byte) 0x21, (byte) 0xe0, (byte) 0x86, (byte) 0x43, (byte) 0x2a, - (byte) 0x15, (byte) 0x19, (byte) 0x84, (byte) 0x59, (byte) 0xcf, - (byte) 0x36, (byte) 0x3a, (byte) 0x50, (byte) 0xfc, (byte) 0x14, - (byte) 0xc9, (byte) 0xda, (byte) 0xad, (byte) 0xf9, (byte) 0x35, - (byte) 0xf5, (byte) 0x27, (byte) 0xc2, (byte) 0xdf, (byte) 0xd7, - (byte) 0x1e, (byte) 0x4d, (byte) 0x6d, (byte) 0xbc, (byte) 0x42, - (byte) 0xe5, (byte) 0x44 }; - private static final byte[] kEcPubKey = { - (byte) 0x04, (byte) 0xeb, (byte) 0x9e, (byte) 0x79, (byte) 0xf8, - (byte) 0x42, (byte) 0x63, (byte) 0x59, (byte) 0xac, (byte) 0xcb, - (byte) 0x2a, (byte) 0x91, (byte) 0x4c, (byte) 0x89, (byte) 0x86, - (byte) 0xcc, (byte) 0x70, (byte) 0xad, (byte) 0x90, (byte) 0x66, - (byte) 0x93, (byte) 0x82, (byte) 0xa9, (byte) 0x73, (byte) 0x26, - (byte) 0x13, (byte) 0xfe, (byte) 0xac, (byte) 0xcb, (byte) 0xf8, - (byte) 0x21, (byte) 0x27, (byte) 0x4c, (byte) 0x21, (byte) 0x74, - (byte) 0x97, (byte) 0x4a, (byte) 0x2a, (byte) 0xfe, (byte) 0xa5, - (byte) 0xb9, (byte) 0x4d, (byte) 0x7f, (byte) 0x66, (byte) 0xd4, - (byte) 0xe0, (byte) 0x65, (byte) 0x10, (byte) 0x66, (byte) 0x35, - (byte) 0xbc, (byte) 0x53, (byte) 0xb7, (byte) 0xa0, (byte) 0xa3, - (byte) 0xa6, (byte) 0x71, (byte) 0x58, (byte) 0x3e, (byte) 0xdb, - (byte) 0x3e, (byte) 0x11, (byte) 0xae, (byte) 0x10, (byte) 0x14 }; - - private static final byte[] kEcAttestCert = { - 0x30, (byte) 0x82, (byte) 0x02, (byte) 0x78, (byte) 0x30, (byte) 0x82, - (byte) 0x02, (byte) 0x1e, (byte) 0xa0, (byte) 0x03, (byte) 0x02, - (byte) 0x01, (byte) 0x02, (byte) 0x02, (byte) 0x02, (byte) 0x10, 0x01, - (byte) 0x30, (byte) 0x0a, (byte) 0x06, (byte) 0x08, (byte) 0x2a, - (byte) 0x86, (byte) 0x48, (byte) 0xce, (byte) 0x3d, (byte) 0x04, - (byte) 0x03, (byte) 0x02, (byte) 0x30, (byte) 0x81, (byte) 0x98, 0x31, - (byte) 0x0b, (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, - (byte) 0x55, (byte) 0x04, (byte) 0x06, (byte) 0x13, (byte) 0x02, - (byte) 0x55, (byte) 0x53, (byte) 0x31, (byte) 0x13, (byte) 0x30, 0x11, - (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x08, - (byte) 0x0c, (byte) 0x0a, (byte) 0x43, (byte) 0x61, (byte) 0x6c, - (byte) 0x69, (byte) 0x66, (byte) 0x6f, (byte) 0x72, (byte) 0x6e, 0x69, - (byte) 0x61, (byte) 0x31, (byte) 0x16, (byte) 0x30, (byte) 0x14, - (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x07, - (byte) 0x0c, (byte) 0x0d, (byte) 0x4d, (byte) 0x6f, (byte) 0x75, 0x6e, - (byte) 0x74, (byte) 0x61, (byte) 0x69, (byte) 0x6e, (byte) 0x20, - (byte) 0x56, (byte) 0x69, (byte) 0x65, (byte) 0x77, (byte) 0x31, - (byte) 0x15, (byte) 0x30, (byte) 0x13, (byte) 0x06, (byte) 0x03, 0x55, - (byte) 0x04, (byte) 0x0a, (byte) 0x0c, (byte) 0x0c, (byte) 0x47, - (byte) 0x6f, (byte) 0x6f, (byte) 0x67, (byte) 0x6c, (byte) 0x65, - (byte) 0x2c, (byte) 0x20, (byte) 0x49, (byte) 0x6e, (byte) 0x63, 0x2e, - (byte) 0x31, (byte) 0x10, (byte) 0x30, (byte) 0x0e, (byte) 0x06, - (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x0b, (byte) 0x0c, - (byte) 0x07, (byte) 0x41, (byte) 0x6e, (byte) 0x64, (byte) 0x72, 0x6f, - (byte) 0x69, (byte) 0x64, (byte) 0x31, (byte) 0x33, (byte) 0x30, - (byte) 0x31, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, - (byte) 0x03, (byte) 0x0c, (byte) 0x2a, (byte) 0x41, (byte) 0x6e, 0x64, - (byte) 0x72, (byte) 0x6f, (byte) 0x69, (byte) 0x64, (byte) 0x20, - (byte) 0x4b, (byte) 0x65, (byte) 0x79, (byte) 0x73, (byte) 0x74, - (byte) 0x6f, (byte) 0x72, (byte) 0x65, (byte) 0x20, (byte) 0x53, 0x6f, - (byte) 0x66, (byte) 0x74, (byte) 0x77, (byte) 0x61, (byte) 0x72, - (byte) 0x65, (byte) 0x20, (byte) 0x41, (byte) 0x74, (byte) 0x74, - (byte) 0x65, (byte) 0x73, (byte) 0x74, (byte) 0x61, (byte) 0x74, 0x69, - (byte) 0x6f, (byte) 0x6e, (byte) 0x20, (byte) 0x52, (byte) 0x6f, - (byte) 0x6f, (byte) 0x74, (byte) 0x30, (byte) 0x1e, (byte) 0x17, - (byte) 0x0d, (byte) 0x31, (byte) 0x36, (byte) 0x30, (byte) 0x31, 0x31, - (byte) 0x31, (byte) 0x30, (byte) 0x30, (byte) 0x34, (byte) 0x36, - (byte) 0x30, (byte) 0x39, (byte) 0x5a, (byte) 0x17, (byte) 0x0d, - (byte) 0x32, (byte) 0x36, (byte) 0x30, (byte) 0x31, (byte) 0x30, 0x38, - (byte) 0x30, (byte) 0x30, (byte) 0x34, (byte) 0x36, (byte) 0x30, - (byte) 0x39, (byte) 0x5a, (byte) 0x30, (byte) 0x81, (byte) 0x88, - (byte) 0x31, (byte) 0x0b, (byte) 0x30, (byte) 0x09, (byte) 0x06, 0x03, - (byte) 0x55, (byte) 0x04, (byte) 0x06, (byte) 0x13, (byte) 0x02, - (byte) 0x55, (byte) 0x53, (byte) 0x31, (byte) 0x13, (byte) 0x30, - (byte) 0x11, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, 0x08, - (byte) 0x0c, (byte) 0x0a, (byte) 0x43, (byte) 0x61, (byte) 0x6c, - (byte) 0x69, (byte) 0x66, (byte) 0x6f, (byte) 0x72, (byte) 0x6e, - (byte) 0x69, (byte) 0x61, (byte) 0x31, (byte) 0x15, (byte) 0x30, 0x13, - (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x0a, - (byte) 0x0c, (byte) 0x0c, (byte) 0x47, (byte) 0x6f, (byte) 0x6f, - (byte) 0x67, (byte) 0x6c, (byte) 0x65, (byte) 0x2c, (byte) 0x20, 0x49, - (byte) 0x6e, (byte) 0x63, (byte) 0x2e, (byte) 0x31, (byte) 0x10, - (byte) 0x30, (byte) 0x0e, (byte) 0x06, (byte) 0x03, (byte) 0x55, - (byte) 0x04, (byte) 0x0b, (byte) 0x0c, (byte) 0x07, (byte) 0x41, 0x6e, - (byte) 0x64, (byte) 0x72, (byte) 0x6f, (byte) 0x69, (byte) 0x64, - (byte) 0x31, (byte) 0x3b, (byte) 0x30, (byte) 0x39, (byte) 0x06, - (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x03, (byte) 0x0c, 0x32, - (byte) 0x41, (byte) 0x6e, (byte) 0x64, (byte) 0x72, (byte) 0x6f, - (byte) 0x69, (byte) 0x64, (byte) 0x20, (byte) 0x4b, (byte) 0x65, - (byte) 0x79, (byte) 0x73, (byte) 0x74, (byte) 0x6f, (byte) 0x72, 0x65, - (byte) 0x20, (byte) 0x53, (byte) 0x6f, (byte) 0x66, (byte) 0x74, - (byte) 0x77, (byte) 0x61, (byte) 0x72, (byte) 0x65, (byte) 0x20, - (byte) 0x41, (byte) 0x74, (byte) 0x74, (byte) 0x65, (byte) 0x73, 0x74, - (byte) 0x61, (byte) 0x74, (byte) 0x69, (byte) 0x6f, (byte) 0x6e, - (byte) 0x20, (byte) 0x49, (byte) 0x6e, (byte) 0x74, (byte) 0x65, - (byte) 0x72, (byte) 0x6d, (byte) 0x65, (byte) 0x64, (byte) 0x69, 0x61, - (byte) 0x74, (byte) 0x65, (byte) 0x30, (byte) 0x59, (byte) 0x30, - (byte) 0x13, (byte) 0x06, (byte) 0x07, (byte) 0x2a, (byte) 0x86, - (byte) 0x48, (byte) 0xce, (byte) 0x3d, (byte) 0x02, (byte) 0x01, 0x06, - (byte) 0x08, (byte) 0x2a, (byte) 0x86, (byte) 0x48, (byte) 0xce, - (byte) 0x3d, (byte) 0x03, (byte) 0x01, (byte) 0x07, (byte) 0x03, - (byte) 0x42, (byte) 0x00, (byte) 0x04, (byte) 0xeb, (byte) 0x9e, 0x79, - (byte) 0xf8, (byte) 0x42, (byte) 0x63, (byte) 0x59, (byte) 0xac, - (byte) 0xcb, (byte) 0x2a, (byte) 0x91, (byte) 0x4c, (byte) 0x89, - (byte) 0x86, (byte) 0xcc, (byte) 0x70, (byte) 0xad, (byte) 0x90, 0x66, - (byte) 0x93, (byte) 0x82, (byte) 0xa9, (byte) 0x73, (byte) 0x26, - (byte) 0x13, (byte) 0xfe, (byte) 0xac, (byte) 0xcb, (byte) 0xf8, - (byte) 0x21, (byte) 0x27, (byte) 0x4c, (byte) 0x21, (byte) 0x74, - (byte) 0x97, (byte) 0x4a, (byte) 0x2a, (byte) 0xfe, (byte) 0xa5, - (byte) 0xb9, (byte) 0x4d, (byte) 0x7f, (byte) 0x66, (byte) 0xd4, - (byte) 0xe0, (byte) 0x65, (byte) 0x10, (byte) 0x66, (byte) 0x35, - (byte) 0xbc, 0x53, (byte) 0xb7, (byte) 0xa0, (byte) 0xa3, (byte) 0xa6, - (byte) 0x71, (byte) 0x58, (byte) 0x3e, (byte) 0xdb, (byte) 0x3e, - (byte) 0x11, (byte) 0xae, (byte) 0x10, (byte) 0x14, (byte) 0xa3, - (byte) 0x66, 0x30, (byte) 0x64, (byte) 0x30, (byte) 0x1d, (byte) 0x06, - (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x0e, (byte) 0x04, - (byte) 0x16, (byte) 0x04, (byte) 0x14, (byte) 0x3f, (byte) 0xfc, - (byte) 0xac, (byte) 0xd6, (byte) 0x1a, (byte) 0xb1, (byte) 0x3a, - (byte) 0x9e, (byte) 0x81, (byte) 0x20, (byte) 0xb8, (byte) 0xd5, - (byte) 0x25, (byte) 0x1c, (byte) 0xc5, (byte) 0x65, (byte) 0xbb, - (byte) 0x1e, (byte) 0x91, (byte) 0xa9, (byte) 0x30, (byte) 0x1f, - (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x23, - (byte) 0x04, (byte) 0x18, (byte) 0x30, (byte) 0x16, (byte) 0x80, - (byte) 0x14, (byte) 0xc8, (byte) 0xad, (byte) 0xe9, (byte) 0x77, - (byte) 0x4c, (byte) 0x45, (byte) 0xc3, (byte) 0xa3, (byte) 0xcf, - (byte) 0x0d, (byte) 0x16, (byte) 0x10, (byte) 0xe4, (byte) 0x79, - (byte) 0x43, (byte) 0x3a, (byte) 0x21, (byte) 0x5a, 0x30, (byte) 0xcf, - (byte) 0x30, (byte) 0x12, (byte) 0x06, (byte) 0x03, (byte) 0x55, - (byte) 0x1d, (byte) 0x13, (byte) 0x01, (byte) 0x01, (byte) 0xff, - (byte) 0x04, (byte) 0x08, (byte) 0x30, (byte) 0x06, 0x01, (byte) 0x01, - (byte) 0xff, (byte) 0x02, (byte) 0x01, (byte) 0x00, (byte) 0x30, - (byte) 0x0e, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, - (byte) 0x0f, (byte) 0x01, (byte) 0x01, (byte) 0xff, 0x04, (byte) 0x04, - (byte) 0x03, (byte) 0x02, (byte) 0x02, (byte) 0x84, (byte) 0x30, - (byte) 0x0a, (byte) 0x06, (byte) 0x08, (byte) 0x2a, (byte) 0x86, - (byte) 0x48, (byte) 0xce, (byte) 0x3d, (byte) 0x04, 0x03, (byte) 0x02, - (byte) 0x03, (byte) 0x48, (byte) 0x00, (byte) 0x30, (byte) 0x45, - (byte) 0x02, (byte) 0x20, (byte) 0x4b, (byte) 0x8a, (byte) 0x9b, - (byte) 0x7b, (byte) 0xee, (byte) 0x82, (byte) 0xbc, (byte) 0xc0, - (byte) 0x33, (byte) 0x87, (byte) 0xae, (byte) 0x2f, (byte) 0xc0, - (byte) 0x89, (byte) 0x98, (byte) 0xb4, (byte) 0xdd, (byte) 0xc3, - (byte) 0x8d, (byte) 0xab, (byte) 0x27, (byte) 0x2a, (byte) 0x45, - (byte) 0x9f, (byte) 0x69, (byte) 0x0c, (byte) 0xc7, (byte) 0xc3, - (byte) 0x92, (byte) 0xd4, (byte) 0x0f, (byte) 0x8e, (byte) 0x02, - (byte) 0x21, (byte) 0x00, (byte) 0xee, (byte) 0xda, (byte) 0x01, - (byte) 0x5d, (byte) 0xb6, (byte) 0xf4, (byte) 0x32, (byte) 0xe9, - (byte) 0xd4, (byte) 0x84, (byte) 0x3b, (byte) 0x62, (byte) 0x4c, - (byte) 0x94, (byte) 0x04, (byte) 0xef, (byte) 0x3a, (byte) 0x7c, - (byte) 0xcc, (byte) 0xbd, 0x5e, (byte) 0xfb, (byte) 0x22, (byte) 0xbb, - (byte) 0xe7, (byte) 0xfe, (byte) 0xb9, (byte) 0x77, (byte) 0x3f, - (byte) 0x59, (byte) 0x3f, (byte) 0xfb, }; - - private static final byte[] kEcAttestRootCert = { - 0x30, (byte) 0x82, (byte) 0x02, (byte) 0x8b, (byte) 0x30, - (byte) 0x82, (byte) 0x02, (byte) 0x32, (byte) 0xa0, (byte) 0x03, - (byte) 0x02, (byte) 0x01, (byte) 0x02, (byte) 0x02, (byte) 0x09, - (byte) 0x00, (byte) 0xa2, (byte) 0x05, (byte) 0x9e, (byte) 0xd1, - (byte) 0x0e, (byte) 0x43, (byte) 0x5b, (byte) 0x57, (byte) 0x30, - (byte) 0x0a, (byte) 0x06, (byte) 0x08, (byte) 0x2a, (byte) 0x86, - (byte) 0x48, (byte) 0xce, 0x3d, (byte) 0x04, (byte) 0x03, - (byte) 0x02, (byte) 0x30, (byte) 0x81, (byte) 0x98, (byte) 0x31, - (byte) 0x0b, (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, - (byte) 0x55, (byte) 0x04, (byte) 0x06, 0x13, (byte) 0x02, - (byte) 0x55, (byte) 0x53, (byte) 0x31, (byte) 0x13, (byte) 0x30, - (byte) 0x11, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, - (byte) 0x08, (byte) 0x0c, (byte) 0x0a, (byte) 0x43, 0x61, - (byte) 0x6c, (byte) 0x69, (byte) 0x66, (byte) 0x6f, (byte) 0x72, - (byte) 0x6e, (byte) 0x69, (byte) 0x61, (byte) 0x31, (byte) 0x16, - (byte) 0x30, (byte) 0x14, (byte) 0x06, (byte) 0x03, (byte) 0x55, - 0x04, (byte) 0x07, (byte) 0x0c, (byte) 0x0d, (byte) 0x4d, - (byte) 0x6f, (byte) 0x75, (byte) 0x6e, (byte) 0x74, (byte) 0x61, - (byte) 0x69, (byte) 0x6e, (byte) 0x20, (byte) 0x56, (byte) 0x69, - (byte) 0x65, 0x77, (byte) 0x31, (byte) 0x15, (byte) 0x30, - (byte) 0x13, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, - (byte) 0x0a, (byte) 0x0c, (byte) 0x0c, (byte) 0x47, (byte) 0x6f, - (byte) 0x6f, (byte) 0x67, 0x6c, (byte) 0x65, (byte) 0x2c, - (byte) 0x20, (byte) 0x49, (byte) 0x6e, (byte) 0x63, (byte) 0x2e, - (byte) 0x31, (byte) 0x10, (byte) 0x30, (byte) 0x0e, (byte) 0x06, - (byte) 0x03, (byte) 0x55, (byte) 0x04, 0x0b, (byte) 0x0c, - (byte) 0x07, (byte) 0x41, (byte) 0x6e, (byte) 0x64, (byte) 0x72, - (byte) 0x6f, (byte) 0x69, (byte) 0x64, (byte) 0x31, (byte) 0x33, - (byte) 0x30, (byte) 0x31, (byte) 0x06, (byte) 0x03, 0x55, - (byte) 0x04, (byte) 0x03, (byte) 0x0c, (byte) 0x2a, (byte) 0x41, - (byte) 0x6e, (byte) 0x64, (byte) 0x72, (byte) 0x6f, (byte) 0x69, - (byte) 0x64, (byte) 0x20, (byte) 0x4b, (byte) 0x65, (byte) 0x79, - 0x73, (byte) 0x74, (byte) 0x6f, (byte) 0x72, (byte) 0x65, - (byte) 0x20, (byte) 0x53, (byte) 0x6f, (byte) 0x66, (byte) 0x74, - (byte) 0x77, (byte) 0x61, (byte) 0x72, (byte) 0x65, (byte) 0x20, - (byte) 0x41, 0x74, (byte) 0x74, (byte) 0x65, (byte) 0x73, - (byte) 0x74, (byte) 0x61, (byte) 0x74, (byte) 0x69, (byte) 0x6f, - (byte) 0x6e, (byte) 0x20, (byte) 0x52, (byte) 0x6f, (byte) 0x6f, - (byte) 0x74, (byte) 0x30, 0x1e, (byte) 0x17, (byte) 0x0d, - (byte) 0x31, (byte) 0x36, (byte) 0x30, (byte) 0x31, (byte) 0x31, - (byte) 0x31, (byte) 0x30, (byte) 0x30, (byte) 0x34, (byte) 0x33, - (byte) 0x35, (byte) 0x30, (byte) 0x5a, 0x17, (byte) 0x0d, - (byte) 0x33, (byte) 0x36, (byte) 0x30, (byte) 0x31, (byte) 0x30, - (byte) 0x36, (byte) 0x30, (byte) 0x30, (byte) 0x34, (byte) 0x33, - (byte) 0x35, (byte) 0x30, (byte) 0x5a, (byte) 0x30, (byte) 0x81, - (byte) 0x98, (byte) 0x31, (byte) 0x0b, (byte) 0x30, (byte) 0x09, - (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x06, - (byte) 0x13, (byte) 0x02, (byte) 0x55, (byte) 0x53, (byte) 0x31, - 0x13, (byte) 0x30, (byte) 0x11, (byte) 0x06, (byte) 0x03, - (byte) 0x55, (byte) 0x04, (byte) 0x08, (byte) 0x0c, (byte) 0x0a, - (byte) 0x43, (byte) 0x61, (byte) 0x6c, (byte) 0x69, (byte) 0x66, - (byte) 0x6f, 0x72, (byte) 0x6e, (byte) 0x69, (byte) 0x61, - (byte) 0x31, (byte) 0x16, (byte) 0x30, (byte) 0x14, (byte) 0x06, - (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x07, (byte) 0x0c, - (byte) 0x0d, (byte) 0x4d, 0x6f, (byte) 0x75, (byte) 0x6e, - (byte) 0x74, (byte) 0x61, (byte) 0x69, (byte) 0x6e, (byte) 0x20, - (byte) 0x56, (byte) 0x69, (byte) 0x65, (byte) 0x77, (byte) 0x31, - (byte) 0x15, (byte) 0x30, (byte) 0x13, 0x06, (byte) 0x03, - (byte) 0x55, (byte) 0x04, (byte) 0x0a, (byte) 0x0c, (byte) 0x0c, - (byte) 0x47, (byte) 0x6f, (byte) 0x6f, (byte) 0x67, (byte) 0x6c, - (byte) 0x65, (byte) 0x2c, (byte) 0x20, (byte) 0x49, 0x6e, - (byte) 0x63, (byte) 0x2e, (byte) 0x31, (byte) 0x10, (byte) 0x30, - (byte) 0x0e, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, - (byte) 0x0b, (byte) 0x0c, (byte) 0x07, (byte) 0x41, (byte) 0x6e, - 0x64, (byte) 0x72, (byte) 0x6f, (byte) 0x69, (byte) 0x64, - (byte) 0x31, (byte) 0x33, (byte) 0x30, (byte) 0x31, (byte) 0x06, - (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x03, (byte) 0x0c, - (byte) 0x2a, 0x41, (byte) 0x6e, (byte) 0x64, (byte) 0x72, - (byte) 0x6f, (byte) 0x69, (byte) 0x64, (byte) 0x20, (byte) 0x4b, - (byte) 0x65, (byte) 0x79, (byte) 0x73, (byte) 0x74, (byte) 0x6f, - (byte) 0x72, (byte) 0x65, 0x20, (byte) 0x53, (byte) 0x6f, - (byte) 0x66, (byte) 0x74, (byte) 0x77, (byte) 0x61, (byte) 0x72, - (byte) 0x65, (byte) 0x20, (byte) 0x41, (byte) 0x74, (byte) 0x74, - (byte) 0x65, (byte) 0x73, (byte) 0x74, 0x61, (byte) 0x74, - (byte) 0x69, (byte) 0x6f, (byte) 0x6e, 0x77, (byte) 0x1f, - (byte) 0x44, (byte) 0x22, (byte) 0x6d, (byte) 0xbd, (byte) 0xb1, - (byte) 0xaf, (byte) 0xfa, (byte) 0x16, (byte) 0xcb, (byte) 0xc7, - (byte) 0xad, (byte) 0xc5, (byte) 0x77, (byte) 0xd2, (byte) 0x20, - (byte) 0x52, (byte) 0x6f, (byte) 0x6f, (byte) 0x74, (byte) 0x30, - (byte) 0x59, (byte) 0x30, (byte) 0x13, (byte) 0x06, (byte) 0x07, - 0x2a, (byte) 0x86, (byte) 0x48, (byte) 0xce, (byte) 0x3d, - (byte) 0x02, (byte) 0x01, (byte) 0x06, (byte) 0x08, (byte) 0x2a, - (byte) 0x86, (byte) 0x48, (byte) 0xce, (byte) 0x3d, (byte) 0x03, - (byte) 0x01, 0x07, (byte) 0x03, (byte) 0x42, (byte) 0x00, - (byte) 0x04, (byte) 0xee, (byte) 0x5d, (byte) 0x5e, (byte) 0xc7, - (byte) 0xe1, (byte) 0xc0, (byte) 0xdb, (byte) 0x6d, (byte) 0x03, - (byte) 0xa6, (byte) 0x7e, (byte) 0xe6, (byte) 0xb6, (byte) 0x1b, - (byte) 0xec, (byte) 0x4d, (byte) 0x6a, (byte) 0x5d, (byte) 0x6a, - (byte) 0x68, (byte) 0x2e, (byte) 0x0f, (byte) 0xff, (byte) 0x7f, - (byte) 0x49, (byte) 0x0e, (byte) 0x7d, 0x56, (byte) 0x9c, - (byte) 0xaa, (byte) 0xb7, (byte) 0xb0, (byte) 0x2d, (byte) 0x54, - (byte) 0x01, (byte) 0x5d, (byte) 0x3e, (byte) 0x43, (byte) 0x2b, - (byte) 0x2a, (byte) 0x8e, (byte) 0xd7, (byte) 0x4e, (byte) 0xec, - (byte) 0x48, (byte) 0x75, (byte) 0x41, (byte) 0xa4, (byte) 0xa3, - (byte) 0x63, (byte) 0x30, (byte) 0x61, (byte) 0x30, (byte) 0x1d, - (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x0e, - 0x04, (byte) 0x16, (byte) 0x04, (byte) 0x14, (byte) 0xc8, - (byte) 0xad, (byte) 0xe9, (byte) 0x77, (byte) 0x4c, (byte) 0x45, - (byte) 0xc3, (byte) 0xa3, (byte) 0xcf, (byte) 0x0d, (byte) 0x16, - (byte) 0x10, (byte) 0xe4, (byte) 0x79, (byte) 0x43, (byte) 0x3a, - (byte) 0x21, (byte) 0x5a, (byte) 0x30, (byte) 0xcf, (byte) 0x30, - (byte) 0x1f, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, - (byte) 0x23, (byte) 0x04, 0x18, (byte) 0x30, (byte) 0x16, - (byte) 0x80, (byte) 0x14, (byte) 0xc8, (byte) 0xad, (byte) 0xe9, - (byte) 0x77, (byte) 0x4c, (byte) 0x45, (byte) 0xc3, (byte) 0xa3, - (byte) 0xcf, (byte) 0x0d, (byte) 0x16, 0x10, (byte) 0xe4, - (byte) 0x79, (byte) 0x43, (byte) 0x3a, (byte) 0x21, (byte) 0x5a, - (byte) 0x30, (byte) 0xcf, (byte) 0x30, (byte) 0x0f, (byte) 0x06, - (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x13, 0x01, - (byte) 0x01, (byte) 0xff, (byte) 0x04, (byte) 0x05, (byte) 0x30, - (byte) 0x03, (byte) 0x01, (byte) 0x01, (byte) 0xff, (byte) 0x30, - (byte) 0x0e, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, - 0x0f, (byte) 0x01, (byte) 0x01, (byte) 0xff, (byte) 0x04, - (byte) 0x04, (byte) 0x03, (byte) 0x02, (byte) 0x02, (byte) 0x84, - (byte) 0x30, (byte) 0x0a, (byte) 0x06, (byte) 0x08, (byte) 0x2a, - (byte) 0x86, 0x48, (byte) 0xce, (byte) 0x3d, (byte) 0x04, - (byte) 0x03, (byte) 0x02, (byte) 0x03, (byte) 0x47, (byte) 0x00, - (byte) 0x30, (byte) 0x44, (byte) 0x02, (byte) 0x20, (byte) 0x35, - (byte) 0x21, (byte) 0xa3, (byte) 0xef, (byte) 0x8b, (byte) 0x34, - (byte) 0x46, (byte) 0x1e, (byte) 0x9c, (byte) 0xd5, (byte) 0x60, - (byte) 0xf3, (byte) 0x1d, (byte) 0x58, (byte) 0x89, (byte) 0x20, - (byte) 0x6a, (byte) 0xdc, (byte) 0xa3, 0x65, (byte) 0x41, - (byte) 0xf6, (byte) 0x0d, (byte) 0x9e, (byte) 0xce, (byte) 0x8a, - (byte) 0x19, (byte) 0x8c, (byte) 0x66, (byte) 0x48, (byte) 0x60, - (byte) 0x7b, (byte) 0x02, (byte) 0x20, (byte) 0x4d, 0x0b, - (byte) 0xf3, (byte) 0x51, (byte) 0xd9, (byte) 0x30, (byte) 0x7c, - (byte) 0x7d, (byte) 0x5b, (byte) 0xda, (byte) 0x35, (byte) 0x34, - (byte) 0x1d, (byte) 0xa8, (byte) 0x47, (byte) 0x1b, (byte) 0x63, - (byte) 0xa5, (byte) 0x85, (byte) 0x65, (byte) 0x3c, (byte) 0xad, - (byte) 0x4f, (byte) 0x24, (byte) 0xa7, (byte) 0xe7, (byte) 0x4d, - (byte) 0xaf, (byte) 0x41, (byte) 0x7d, (byte) 0xf1, - (byte) 0xbf, }; - - private static final byte[] X509Issuer = { - (byte) 0x30, (byte) 0x81, (byte) 0x88, (byte) 0x31, (byte) 0x0b, - (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, - (byte) 0x04, (byte) 0x06, (byte) 0x13, (byte) 0x02, (byte) 0x55, - (byte) 0x53, (byte) 0x31, (byte) 0x13, (byte) 0x30, (byte) 0x11, - (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x08, - (byte) 0x0c, (byte) 0x0a, (byte) 0x43, (byte) 0x61, (byte) 0x6c, - (byte) 0x69, (byte) 0x66, (byte) 0x6f, (byte) 0x72, (byte) 0x6e, - (byte) 0x69, (byte) 0x61, (byte) 0x31, (byte) 0x15, (byte) 0x30, - (byte) 0x13, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, - (byte) 0x0a, (byte) 0x0c, (byte) 0x0c, (byte) 0x47, (byte) 0x6f, - (byte) 0x6f, (byte) 0x67, (byte) 0x6c, (byte) 0x65, (byte) 0x2c, - (byte) 0x20, (byte) 0x49, (byte) 0x6e, (byte) 0x63, (byte) 0x2e, - (byte) 0x31, (byte) 0x10, (byte) 0x30, (byte) 0x0e, (byte) 0x06, - (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x0b, (byte) 0x0c, - (byte) 0x07, (byte) 0x41, (byte) 0x6e, (byte) 0x64, (byte) 0x72, - (byte) 0x6f, (byte) 0x69, (byte) 0x64, (byte) 0x31, (byte) 0x3b, - (byte) 0x30, (byte) 0x39, (byte) 0x06, (byte) 0x03, (byte) 0x55, - (byte) 0x04, (byte) 0x03, (byte) 0x0c, (byte) 0x32, (byte) 0x41, - (byte) 0x6e, (byte) 0x64, (byte) 0x72, (byte) 0x6f, (byte) 0x69, - (byte) 0x64, (byte) 0x20, (byte) 0x4b, (byte) 0x65, (byte) 0x79, - (byte) 0x73, (byte) 0x74, (byte) 0x6f, (byte) 0x72, (byte) 0x65, - (byte) 0x20, (byte) 0x53, (byte) 0x6f, (byte) 0x66, (byte) 0x74, - (byte) 0x77, (byte) 0x61, (byte) 0x72, (byte) 0x65, (byte) 0x20, - (byte) 0x41, (byte) 0x74, (byte) 0x74, (byte) 0x65, (byte) 0x73, - (byte) 0x74, (byte) 0x61, (byte) 0x74, (byte) 0x69, (byte) 0x6f, - (byte) 0x6e, (byte) 0x20, (byte) 0x49, (byte) 0x6e, (byte) 0x74, - (byte) 0x65, (byte) 0x72, (byte) 0x6d, (byte) 0x65, (byte) 0x64, - (byte) 0x69, (byte) 0x61, (byte) 0x74, (byte) 0x65 }; - // AttestationApplicationId ::= SEQUENCE { - // * packageInfoRecords SET OF PackageInfoRecord, - // * signatureDigests SET OF OCTET_STRING, - // * } - // * - // * PackageInfoRecord ::= SEQUENCE { - // * packageName OCTET_STRING, - // * version INTEGER, - // * } - private static final byte[] attAppId = {0x30, 0x10, 0x31, 0x0B, 0x30, 0x04, 0x05, 'A', 'B', 'C', - 'D', 'E', 0x02, 0x01, 0x01, 0x31, 0x02, 0x04, 0x00}; - private static final byte[] attChallenge = {'c','h','a','l','l','e','n','g','e'}; - private static final byte[] expiryTime = {(byte)0x32, (byte)0x36, (byte)0x30, (byte)0x31, (byte)0x30, (byte)0x38, (byte)0x30, (byte)0x30, (byte)0x34, (byte)0x36, (byte)0x30, (byte)0x39, (byte)0x5a}; - private static final byte[] authKeyId = { (byte)0x80, (byte)0x14, (byte)0xc8, (byte)0xad, (byte)0xe9, (byte)0x77, (byte)0x4c, (byte)0x45, (byte)0xc3, (byte)0xa3, (byte)0xcf, (byte)0x0d, (byte)0x16, (byte)0x10, (byte)0xe4, (byte)0x79, (byte)0x43, (byte)0x3a, (byte)0x21, (byte)0x5a, (byte)0x30, (byte)0xcf}; - - private KMSEProvider sim; - private CardSimulator simulator; - private KMEncoder encoder; - private KMDecoder decoder; - private KMSEProvider cryptoProvider; - - public KMFunctionalTest(){ - cryptoProvider = KMSEProviderImpl.instance(false); - sim = KMSEProviderImpl.instance(false); - simulator = new CardSimulator(); - encoder = new KMEncoder(); - decoder = new KMDecoder(); - } - - private void init(){ - // Create simulator - AID appletAID = AIDUtil.create("A000000062"); - simulator.installApplet(appletAID, KMKeymasterApplet.class); - // Select applet - simulator.selectApplet(appletAID); - // provision attest key - provisionCmd(simulator); - } - - private void setBootParams(CardSimulator simulator, short osVersion, - short osPatchLevel, short vendorPatchLevel, short bootPatchLevel) { - // Argument 1 OS Version - short versionPtr = KMInteger.uint_16(osVersion); - // short versionTagPtr = KMIntegerTag.instance(KMType.UINT_TAG, - // KMType.OS_VERSION,versionPatchPtr); - // Argument 2 OS Patch level - short patchPtr = KMInteger.uint_16(osPatchLevel); - short vendorpatchPtr = KMInteger.uint_16((short) vendorPatchLevel); - short bootpatchPtr = KMInteger.uint_16((short) bootPatchLevel); - // Argument 3 Verified Boot Key - byte[] bootKeyHash = "00011122233344455566677788899900".getBytes(); - short bootKeyPtr = KMByteBlob.instance(bootKeyHash, (short) 0, - (short) bootKeyHash.length); - // Argument 4 Verified Boot Hash - short bootHashPtr = KMByteBlob.instance(bootKeyHash, (short) 0, - (short) bootKeyHash.length); - // Argument 5 Verified Boot State - short bootStatePtr = KMEnum.instance(KMType.VERIFIED_BOOT_STATE, - KMType.VERIFIED_BOOT); - // Argument 6 Device Locked - short deviceLockedPtr = KMEnum.instance(KMType.DEVICE_LOCKED, - KMType.DEVICE_LOCKED_FALSE); - // Arguments - short arrPtr = KMArray.instance((short) 8); - KMArray vals = KMArray.cast(arrPtr); - vals.add((short) 0, versionPtr); - vals.add((short) 1, patchPtr); - vals.add((short) 2, vendorpatchPtr); - vals.add((short) 3, bootpatchPtr); - vals.add((short) 4, bootKeyPtr); - vals.add((short) 5, bootHashPtr); - vals.add((short) 6, bootStatePtr); - vals.add((short) 7, deviceLockedPtr); - CommandAPDU apdu = encodeApdu((byte) INS_SET_BOOT_PARAMS_CMD, arrPtr); - // print(commandAPDU.getBytes()); - ResponseAPDU response = simulator.transmitCommand(apdu); - Assert.assertEquals(0x9000, response.getSW()); - - } - - private void provisionSigningCertificate(CardSimulator simulator) { - short byteBlobPtr = KMByteBlob.instance( - (short) (kEcAttestCert.length + kEcAttestRootCert.length)); - Util.arrayCopyNonAtomic(kEcAttestCert, (short) 0, - KMByteBlob.cast(byteBlobPtr).getBuffer(), - KMByteBlob.cast(byteBlobPtr).getStartOff(), - (short) kEcAttestCert.length); - Util.arrayCopyNonAtomic(kEcAttestRootCert, (short) 0, - KMByteBlob.cast(byteBlobPtr).getBuffer(), - (short) (KMByteBlob.cast(byteBlobPtr).getStartOff() - + kEcAttestCert.length), - (short) kEcAttestRootCert.length); - CommandAPDU apdu = encodeApdu( - (byte) INS_PROVISION_ATTESTATION_CERT_CHAIN_CMD, byteBlobPtr); - // print(commandAPDU.getBytes()); - ResponseAPDU response = simulator.transmitCommand(apdu); - Assert.assertEquals(0x9000, response.getSW()); - } - - private void provisionSigningKey(CardSimulator simulator) { - // KeyParameters. - short arrPtr = KMArray.instance((short) 4); - short ecCurve = KMEnumTag.instance(KMType.ECCURVE, KMType.P_256); - short byteBlob = KMByteBlob.instance((short) 1); - KMByteBlob.cast(byteBlob).add((short) 0, KMType.SHA2_256); - short digest = KMEnumArrayTag.instance(KMType.DIGEST, byteBlob); - short byteBlob2 = KMByteBlob.instance((short) 1); - KMByteBlob.cast(byteBlob2).add((short) 0, KMType.ATTEST_KEY); - short purpose = KMEnumArrayTag.instance(KMType.PURPOSE, byteBlob2); - KMArray.cast(arrPtr).add((short) 0, ecCurve); - KMArray.cast(arrPtr).add((short) 1, digest); - KMArray.cast(arrPtr).add((short) 2, - KMEnumTag.instance(KMType.ALGORITHM, KMType.EC)); - KMArray.cast(arrPtr).add((short) 3, purpose); - short keyParams = KMKeyParameters.instance(arrPtr); - // Note: VTS uses PKCS8 KeyFormat RAW - short keyFormatPtr = KMEnum.instance(KMType.KEY_FORMAT, KMType.RAW); - - // Key - short signKeyPtr = KMArray.instance((short) 2); - KMArray.cast(signKeyPtr).add((short) 0, KMByteBlob.instance(kEcPrivKey, - (short) 0, (short) kEcPrivKey.length)); - KMArray.cast(signKeyPtr).add((short) 1, KMByteBlob.instance(kEcPubKey, - (short) 0, (short) kEcPubKey.length)); - byte[] keyBuf = new byte[120]; - short len = encoder.encode(signKeyPtr, keyBuf, (short) 0); - short signKeyBstr = KMByteBlob.instance(keyBuf, (short) 0, len); - - short finalArrayPtr = KMArray.instance((short) 3); - KMArray.cast(finalArrayPtr).add((short) 0, keyParams); - KMArray.cast(finalArrayPtr).add((short) 1, keyFormatPtr); - KMArray.cast(finalArrayPtr).add((short) 2, signKeyBstr); - - CommandAPDU apdu = encodeApdu((byte) INS_PROVISION_ATTESTATION_KEY_CMD, - finalArrayPtr); - // print(commandAPDU.getBytes()); - ResponseAPDU response = simulator.transmitCommand(apdu); - Assert.assertEquals(0x9000, response.getSW()); - } - - private void provisionCertificateParams(CardSimulator simulator) { - - short arrPtr = KMArray.instance((short) 3); - short byteBlob1 = KMByteBlob.instance(X509Issuer, (short) 0, - (short) X509Issuer.length); - KMArray.cast(arrPtr).add((short) 0, byteBlob1); - short byteBlob2 = KMByteBlob.instance(expiryTime, (short) 0, - (short) expiryTime.length); - KMArray.cast(arrPtr).add((short) 1, byteBlob2); - short byteBlob3 = KMByteBlob.instance(authKeyId, (short) 0, - (short) authKeyId.length); - KMArray.cast(arrPtr).add((short) 2, byteBlob3); - - CommandAPDU apdu = encodeApdu( - (byte) INS_PROVISION_ATTESTATION_CERT_PARAMS_CMD, arrPtr); - // print(commandAPDU.getBytes()); - ResponseAPDU response = simulator.transmitCommand(apdu); - Assert.assertEquals(0x9000, response.getSW()); - } - - private void provisionSharedSecret(CardSimulator simulator) { - byte[] sharedKeySecret = { - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0 }; - short arrPtr = KMArray.instance((short) 1); - short byteBlob = KMByteBlob.instance(sharedKeySecret, (short) 0, - (short) sharedKeySecret.length); - KMArray.cast(arrPtr).add((short) 0, byteBlob); - - CommandAPDU apdu = encodeApdu((byte) INS_PROVISION_SHARED_SECRET_CMD, - arrPtr); - // print(commandAPDU.getBytes()); - ResponseAPDU response = simulator.transmitCommand(apdu); - Assert.assertEquals(0x9000, response.getSW()); - } - - private void provisionAttestIds(CardSimulator simulator) { - short arrPtr = KMArray.instance((short) 8); - - byte[] buf = "Attestation Id".getBytes(); - - KMArray.cast(arrPtr).add((short) 0, - KMByteTag.instance(KMType.ATTESTATION_ID_BRAND, - KMByteBlob.instance(buf, (short) 0, (short) buf.length))); - KMArray.cast(arrPtr).add((short) 1, - KMByteTag.instance(KMType.ATTESTATION_ID_PRODUCT, - KMByteBlob.instance(buf, (short) 0, (short) buf.length))); - KMArray.cast(arrPtr).add((short) 2, - KMByteTag.instance(KMType.ATTESTATION_ID_DEVICE, - KMByteBlob.instance(buf, (short) 0, (short) buf.length))); - KMArray.cast(arrPtr).add((short) 3, - KMByteTag.instance(KMType.ATTESTATION_ID_MODEL, - KMByteBlob.instance(buf, (short) 0, (short) buf.length))); - KMArray.cast(arrPtr).add((short) 4, - KMByteTag.instance(KMType.ATTESTATION_ID_IMEI, - KMByteBlob.instance(buf, (short) 0, (short) buf.length))); - KMArray.cast(arrPtr).add((short) 5, - KMByteTag.instance(KMType.ATTESTATION_ID_MEID, - KMByteBlob.instance(buf, (short) 0, (short) buf.length))); - KMArray.cast(arrPtr).add((short) 6, - KMByteTag.instance(KMType.ATTESTATION_ID_MANUFACTURER, - KMByteBlob.instance(buf, (short) 0, (short) buf.length))); - KMArray.cast(arrPtr).add((short) 7, - KMByteTag.instance(KMType.ATTESTATION_ID_SERIAL, - KMByteBlob.instance(buf, (short) 0, (short) buf.length))); - short keyParams = KMKeyParameters.instance(arrPtr); - short outerArrPtr = KMArray.instance((short) 1); - KMArray.cast(outerArrPtr).add((short) 0, keyParams); - CommandAPDU apdu = encodeApdu((byte) INS_PROVISION_ATTEST_IDS_CMD, - outerArrPtr); - // print(commandAPDU.getBytes()); - ResponseAPDU response = simulator.transmitCommand(apdu); - Assert.assertEquals(0x9000, response.getSW()); - } - - private void provisionLocked(CardSimulator simulator) { - CommandAPDU commandAPDU = new CommandAPDU(0x80, INS_LOCK_PROVISIONING_CMD, - 0x40, 0x00); - // print(commandAPDU.getBytes()); - ResponseAPDU response = simulator.transmitCommand(commandAPDU); - Assert.assertEquals(0x9000, response.getSW()); - } - - private void provisionCmd(CardSimulator simulator) { - provisionSigningKey(simulator); - provisionSigningCertificate(simulator); - provisionCertificateParams(simulator); - provisionSharedSecret(simulator); - provisionAttestIds(simulator); - // set bootup parameters - setBootParams(simulator,(short)1,(short)1, (short)0, (short)0); - provisionLocked(simulator); - } - - private void cleanUp(){ - AID appletAID = AIDUtil.create("A000000062"); - // Delete i.e. uninstall applet - simulator.deleteApplet(appletAID); - } - - private void cleanUpBkUpStore(){ - AID appletAID = AIDUtil.create("A000000063"); - // Delete i.e. uninstall applet - simulator.deleteApplet(appletAID); - } - private CommandAPDU encodeApdu(byte ins, short cmd){ - byte[] buf = new byte[2500]; - buf[0] = (byte)0x80; - buf[1] = ins; - buf[2] = (byte)0x40; - buf[3] = (byte)0x00; - buf[4] = 0; - short len = encoder.encode(cmd, buf, (short) 7); - Util.setShort(buf, (short)5, len); - byte[] apdu = new byte[7+len]; - Util.arrayCopyNonAtomic(buf,(short)0,apdu,(short)0,(short)(7+len)); - //CommandAPDU commandAPDU = new CommandAPDU(0x80, 0x10, 0x40, 0x00, buf, 0, actualLen); - return new CommandAPDU(apdu); - } - - @Test - public void testAesImportKeySuccess() { - init(); - byte[] aesKeySecret = new byte[] {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}; - short arrPtr = KMArray.instance((short)5); - short boolTag = KMBoolTag.instance(KMType.NO_AUTH_REQUIRED); - short keySize = KMIntegerTag.instance(KMType.UINT_TAG, KMType.KEYSIZE, KMInteger.uint_16((short)128)); - short byteBlob = KMByteBlob.instance((short)1); - KMByteBlob.cast(byteBlob).add((short)0, KMType.ECB); - short blockMode = KMEnumArrayTag.instance(KMType.BLOCK_MODE, byteBlob); - byteBlob = KMByteBlob.instance((short)1); - KMByteBlob.cast(byteBlob).add((short)0, KMType.PKCS7); - short paddingMode = KMEnumArrayTag.instance(KMType.PADDING, byteBlob); - KMArray.cast(arrPtr).add((short)0, boolTag); - KMArray.cast(arrPtr).add((short)1, keySize); - KMArray.cast(arrPtr).add((short)2, blockMode); - KMArray.cast(arrPtr).add((short)3, paddingMode); - KMArray.cast(arrPtr).add((short)4, KMEnumTag.instance(KMType.ALGORITHM, KMType.AES)); - short keyParams = KMKeyParameters.instance(arrPtr); - short keyFormatPtr = KMEnum.instance(KMType.KEY_FORMAT, KMType.RAW); - short keyBlob = KMArray.instance((short)1); - KMArray.cast(keyBlob).add((short)0, KMByteBlob.instance(aesKeySecret,(short)0,(short)16)); - byte[] blob = new byte[256]; - short len = encoder.encode(keyBlob,blob,(short)0); - keyBlob = KMByteBlob.instance(blob, (short)0, len); - arrPtr = KMArray.instance((short)3); - KMArray arg = KMArray.cast(arrPtr); - arg.add((short) 0, keyParams); - arg.add((short)1, keyFormatPtr); - arg.add((short)2, keyBlob); - CommandAPDU apdu = encodeApdu((byte)INS_IMPORT_KEY_CMD, arrPtr); - // print(commandAPDU.getBytes()); - ResponseAPDU response = simulator.transmitCommand(apdu); - short ret = KMArray.instance((short) 3); - KMArray.cast(ret).add((short) 0, KMInteger.exp()); - KMArray.cast(ret).add((short)1, KMByteBlob.exp()); - short inst = KMKeyCharacteristics.exp(); - KMArray.cast(ret).add((short) 2, inst); - byte[] respBuf = response.getBytes(); - len = (short) respBuf.length; - ret = decoder.decode(ret, respBuf, (short) 0, len); - short error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); - short keyBlobLength = KMByteBlob.cast(KMArray.cast(ret).get((short)1)).length(); - short keyCharacteristics = KMArray.cast(ret).get((short)2); - short hwParams = KMKeyCharacteristics.cast(keyCharacteristics).getHardwareEnforced(); - short swParams = KMKeyCharacteristics.cast(keyCharacteristics).getSoftwareEnforced(); - Assert.assertEquals(0x9000, response.getSW()); - Assert.assertEquals(error, KMError.OK); - short tag = KMKeyParameters.findTag(KMType.BOOL_TAG, KMType.NO_AUTH_REQUIRED, hwParams); - Assert.assertEquals(KMBoolTag.cast(tag).getVal(),0x01); - tag = KMKeyParameters.findTag(KMType.UINT_TAG, KMType.KEYSIZE, hwParams); - Assert.assertEquals(KMInteger.cast(KMIntegerTag.cast(tag).getValue()).getShort(), 128); - tag = KMKeyParameters.findTag(KMType.ENUM_ARRAY_TAG, KMType.PADDING, hwParams); - Assert.assertTrue(KMEnumArrayTag.cast(tag).contains(KMType.PKCS7)); - tag = KMKeyParameters.findTag(KMType.ENUM_ARRAY_TAG, KMType.BLOCK_MODE, hwParams); - Assert.assertTrue(KMEnumArrayTag.cast(tag).contains(KMType.ECB)); - tag = KMKeyParameters.findTag(KMType.ENUM_TAG, KMType.ALGORITHM, hwParams); - Assert.assertEquals(KMEnumTag.cast(tag).getValue(), KMType.AES); - tag = KMKeyParameters.findTag(KMType.ENUM_TAG, KMType.ORIGIN, hwParams); - Assert.assertEquals(KMEnumTag.cast(tag).getValue(), KMType.IMPORTED); - cleanUp(); - } - - @Test - public void testHmacImportKeySuccess() { - init(); - byte[] hmacKeySecret = new byte[] {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}; - short arrPtr = KMArray.instance((short)5); - short boolTag = KMBoolTag.instance(KMType.NO_AUTH_REQUIRED); - short keySize = KMIntegerTag.instance(KMType.UINT_TAG, KMType.KEYSIZE, KMInteger.uint_16((short)128)); - short byteBlob = KMByteBlob.instance((short)1); - KMByteBlob.cast(byteBlob).add((short)0, KMType.SHA2_256); - short digest = KMEnumArrayTag.instance(KMType.DIGEST, byteBlob); - short minMacLength = KMIntegerTag.instance(KMType.UINT_TAG,KMType.MIN_MAC_LENGTH, KMInteger.uint_16((short)256)); - KMArray.cast(arrPtr).add((short)0, boolTag); - KMArray.cast(arrPtr).add((short)1, keySize); - KMArray.cast(arrPtr).add((short)2, digest); - KMArray.cast(arrPtr).add((short)3, minMacLength); - KMArray.cast(arrPtr).add((short)4, KMEnumTag.instance(KMType.ALGORITHM, KMType.HMAC)); - short keyParams = KMKeyParameters.instance(arrPtr); - short keyFormatPtr = KMEnum.instance(KMType.KEY_FORMAT, KMType.RAW); - short keyBlob = KMArray.instance((short)1); - KMArray.cast(keyBlob).add((short)0, KMByteBlob.instance(hmacKeySecret,(short)0,(short)16)); - byte[] blob = new byte[256]; - short len = encoder.encode(keyBlob,blob,(short)0); - keyBlob = KMByteBlob.instance(blob, (short)0, len); - arrPtr = KMArray.instance((short)3); - KMArray arg = KMArray.cast(arrPtr); - arg.add((short) 0, keyParams); - arg.add((short)1, keyFormatPtr); - arg.add((short)2, keyBlob); - CommandAPDU apdu = encodeApdu((byte)INS_IMPORT_KEY_CMD, arrPtr); - // print(commandAPDU.getBytes()); - ResponseAPDU response = simulator.transmitCommand(apdu); - short ret = KMArray.instance((short) 3); - KMArray.cast(ret).add((short) 0, KMInteger.exp()); - KMArray.cast(ret).add((short)1, KMByteBlob.exp()); - short inst = KMKeyCharacteristics.exp(); - KMArray.cast(ret).add((short) 2, inst); - byte[] respBuf = response.getBytes(); - len = (short) respBuf.length; - ret = decoder.decode(ret, respBuf, (short) 0, len); - short error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); - short keyBlobLength = KMByteBlob.cast(KMArray.cast(ret).get((short)1)).length(); - short keyCharacteristics = KMArray.cast(ret).get((short)2); - short hwParams = KMKeyCharacteristics.cast(keyCharacteristics).getHardwareEnforced(); - short swParams = KMKeyCharacteristics.cast(keyCharacteristics).getSoftwareEnforced(); - Assert.assertEquals(0x9000, response.getSW()); - Assert.assertEquals(error, KMError.OK); - short tag = KMKeyParameters.findTag(KMType.BOOL_TAG, KMType.NO_AUTH_REQUIRED, hwParams); - Assert.assertEquals(KMBoolTag.cast(tag).getVal(),0x01); - tag = KMKeyParameters.findTag(KMType.UINT_TAG, KMType.KEYSIZE, hwParams); - Assert.assertEquals(KMInteger.cast(KMIntegerTag.cast(tag).getValue()).getShort(), 128); - tag = KMKeyParameters.findTag(KMType.ENUM_ARRAY_TAG, KMType.DIGEST, hwParams); - Assert.assertTrue(KMEnumArrayTag.cast(tag).contains(KMType.SHA2_256)); - tag = KMKeyParameters.findTag(KMType.UINT_TAG, KMType.MIN_MAC_LENGTH, hwParams); - Assert.assertEquals(KMInteger.cast(KMIntegerTag.cast(tag).getValue()).getShort(), 256); - tag = KMKeyParameters.findTag(KMType.ENUM_TAG, KMType.ALGORITHM, hwParams); - Assert.assertEquals(KMEnumTag.cast(tag).getValue(), KMType.HMAC); - tag = KMKeyParameters.findTag(KMType.ENUM_TAG, KMType.ORIGIN, hwParams); - Assert.assertEquals(KMEnumTag.cast(tag).getValue(), KMType.IMPORTED); - cleanUp(); - } - - @Test - public void testRsaImportKeySuccess() { - init(); - /* - KeyPair rsaKeyPair = cryptoProvider.createRsaKeyPair(); - byte[] pub = new byte[4]; - short len = ((RSAPublicKey)rsaKeyPair.getPublic()).getExponent(pub,(short)1); - byte[] priv = new byte[256]; - byte[] mod = new byte[256]; - len = ((RSAPrivateKey)rsaKeyPair.getPrivate()).getModulus(mod,(short)0); - len = ((RSAPrivateKey)rsaKeyPair.getPrivate()).getExponent(priv,(short)0); - */ - - byte[] pub = new byte[]{0x00,0x01,0x00,0x01}; - byte[] mod = new byte[256]; - byte[] priv = new byte[256]; - short[] lengths = new short[2]; - cryptoProvider.createAsymmetricKey(KMType.RSA,priv,(short)0,(short)256,mod,(short)0, (short)256,lengths); - short arrPtr = KMArray.instance((short)6); - short boolTag = KMBoolTag.instance(KMType.NO_AUTH_REQUIRED); - short keySize = KMIntegerTag.instance(KMType.UINT_TAG, KMType.KEYSIZE, KMInteger.uint_16((short)2048)); - short byteBlob = KMByteBlob.instance((short)1); - KMByteBlob.cast(byteBlob).add((short)0, KMType.SHA2_256); - short digest = KMEnumArrayTag.instance(KMType.DIGEST, byteBlob); - short rsaPubExpTag = KMIntegerTag.instance(KMType.ULONG_TAG,KMType.RSA_PUBLIC_EXPONENT, - KMInteger.uint_32(pub, (short)0)); - byteBlob = KMByteBlob.instance((short)1); - KMByteBlob.cast(byteBlob).add((short)0, KMType.RSA_PSS); - short padding = KMEnumArrayTag.instance(KMType.PADDING, byteBlob); - KMArray.cast(arrPtr).add((short)0, boolTag); - KMArray.cast(arrPtr).add((short)1, keySize); - KMArray.cast(arrPtr).add((short)2, digest); - KMArray.cast(arrPtr).add((short)3, rsaPubExpTag); - KMArray.cast(arrPtr).add((short)4, KMEnumTag.instance(KMType.ALGORITHM, KMType.RSA)); - KMArray.cast(arrPtr).add((short)5, padding); - short keyParams = KMKeyParameters.instance(arrPtr); - short keyFormatPtr = KMEnum.instance(KMType.KEY_FORMAT, KMType.RAW);// Note: VTS uses PKCS8 - short keyBlob = KMArray.instance((short)2); - KMArray.cast(keyBlob).add((short)0, KMByteBlob.instance(priv,(short)0,(short)256)); - KMArray.cast(keyBlob).add((short)1, KMByteBlob.instance(mod,(short)0,(short)256)); - byte[] blob = new byte[620]; - short len = encoder.encode(keyBlob,blob,(short)0); - keyBlob = KMByteBlob.instance(blob, (short)0, len); - arrPtr = KMArray.instance((short)3); - KMArray arg = KMArray.cast(arrPtr); - arg.add((short) 0, keyParams); - arg.add((short)1, keyFormatPtr); - arg.add((short)2, keyBlob); - CommandAPDU apdu = encodeApdu((byte)INS_IMPORT_KEY_CMD, arrPtr); - // print(commandAPDU.getBytes()); - ResponseAPDU response = simulator.transmitCommand(apdu); - short ret = KMArray.instance((short) 3); - KMArray.cast(ret).add((short) 0, KMInteger.exp()); - KMArray.cast(ret).add((short)1, KMByteBlob.exp()); - short inst = KMKeyCharacteristics.exp(); - KMArray.cast(ret).add((short) 2, inst); - byte[] respBuf = response.getBytes(); - len = (short) respBuf.length; - ret = decoder.decode(ret, respBuf, (short) 0, len); - short error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); - short keyBlobLength = KMByteBlob.cast(KMArray.cast(ret).get((short)1)).length(); - short keyCharacteristics = KMArray.cast(ret).get((short)2); - short hwParams = KMKeyCharacteristics.cast(keyCharacteristics).getHardwareEnforced(); - short swParams = KMKeyCharacteristics.cast(keyCharacteristics).getSoftwareEnforced(); - Assert.assertEquals(0x9000, response.getSW()); - Assert.assertEquals(error, KMError.OK); - short tag = KMKeyParameters.findTag(KMType.BOOL_TAG, KMType.NO_AUTH_REQUIRED, hwParams); - Assert.assertEquals(KMBoolTag.cast(tag).getVal(),0x01); - tag = KMKeyParameters.findTag(KMType.UINT_TAG, KMType.KEYSIZE, hwParams); - Assert.assertEquals(KMInteger.cast(KMIntegerTag.cast(tag).getValue()).getShort(), 2048); - tag = KMKeyParameters.findTag(KMType.ENUM_ARRAY_TAG, KMType.DIGEST, hwParams); - Assert.assertTrue(KMEnumArrayTag.cast(tag).contains(KMType.SHA2_256)); - tag = KMKeyParameters.findTag(KMType.ENUM_ARRAY_TAG, KMType.PADDING, hwParams); - Assert.assertTrue(KMEnumArrayTag.cast(tag).contains(KMType.RSA_PSS)); - tag = KMKeyParameters.findTag(KMType.ULONG_TAG, KMType.RSA_PUBLIC_EXPONENT, hwParams); - Assert.assertEquals(KMInteger.cast(KMIntegerTag.cast(tag).getValue()).getSignificantShort(), 0x01); - Assert.assertEquals(KMInteger.cast(KMIntegerTag.cast(tag).getValue()).getShort(), 0x01); - tag = KMKeyParameters.findTag(KMType.ENUM_TAG, KMType.ALGORITHM, hwParams); - Assert.assertEquals(KMEnumTag.cast(tag).getValue(), KMType.RSA); - tag = KMKeyParameters.findTag(KMType.ENUM_TAG, KMType.ORIGIN, hwParams); - Assert.assertEquals(KMEnumTag.cast(tag).getValue(), KMType.IMPORTED); - cleanUp(); - } - - @Test - public void testDeviceLocked(){ - init(); - byte[] hmacKey = new byte[32]; - cryptoProvider.newRandomNumber(hmacKey,(short)0,(short)32); - KMRepository.instance().initComputedHmac(hmacKey,(short)0,(short)32); - // generate aes key with unlocked_device_required - short aesKey = generateAesDesKey(KMType.AES,(short)128,null,null, true); - short keyBlobPtr = KMArray.cast(aesKey).get((short)1); - byte[] keyBlob= new byte[KMByteBlob.cast(keyBlobPtr).length()]; - Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), - KMByteBlob.cast(keyBlobPtr).getStartOff(), - keyBlob,(short)0, (short)keyBlob.length); - // encrypt something - short inParams = getAesDesParams(KMType.AES, KMType.ECB, KMType.PKCS7, null); - byte[] plainData= "Hello World 123!".getBytes(); - short ret = processMessage(plainData, - KMByteBlob.instance(keyBlob,(short)0, (short)keyBlob.length), - KMType.ENCRYPT, - KMKeyParameters.instance(inParams), - (short)0,null,false, false - ); - keyBlobPtr = KMArray.cast(ret).get((short)2); - byte[] cipherData = new byte[KMByteBlob.cast(keyBlobPtr).length()]; - Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), KMByteBlob.cast(keyBlobPtr).getStartOff(), - cipherData,(short)0, (short)cipherData.length); - // create verification token - short verToken = KMVerificationToken.instance(); - KMVerificationToken.cast(verToken).setTimestamp(KMInteger.uint_16((short)1)); - verToken = signVerificationToken(verToken); - // device locked request - deviceLock(verToken); - // decrypt should fail - inParams = getAesDesParams(KMType.AES, KMType.ECB, KMType.PKCS7, null); - short beginResp = begin(KMType.DECRYPT, - KMByteBlob.instance(keyBlob,(short)0, (short)keyBlob.length), KMKeyParameters.instance(inParams), (short)0); - Assert.assertEquals(beginResp,KMError.DEVICE_LOCKED); - short hwToken = KMHardwareAuthToken.instance(); - KMHardwareAuthToken.cast(hwToken).setTimestamp(KMInteger.uint_16((byte)2)); - KMHardwareAuthToken.cast(hwToken).setHwAuthenticatorType(KMEnum.instance(KMType.USER_AUTH_TYPE, (byte)KMType.PASSWORD)); - inParams = getAesDesParams(KMType.AES, KMType.ECB, KMType.PKCS7, null); - hwToken = signHwToken(hwToken); - ret = processMessage(cipherData, - KMByteBlob.instance(keyBlob,(short)0, (short)keyBlob.length), - KMType.DECRYPT, - KMKeyParameters.instance(inParams),hwToken,null,false, false - ); - ret = KMArray.cast(ret).get((short)0); - Assert.assertEquals(KMInteger.cast(ret).getShort(), KMError.OK); - cleanUp(); - } - - private short signHwToken(short hwToken){ - short len = 0; - byte[] scratchPad = new byte[256]; - // add 0 - Util.arrayFillNonAtomic(scratchPad, (short) 0, (short) 256, (byte) 0); - len = 1; - // concatenate challenge - 8 bytes - short ptr = KMHardwareAuthToken.cast(hwToken).getChallenge(); - KMInteger.cast(ptr) - .value(scratchPad, (short) (len + (short) (8 - KMInteger.cast(ptr).length()))); - len += 8; - // concatenate user id - 8 bytes - ptr = KMHardwareAuthToken.cast(hwToken).getUserId(); - KMInteger.cast(ptr) - .value(scratchPad, (short) (len + (short) (8 - KMInteger.cast(ptr).length()))); - len += 8; - // concatenate authenticator id - 8 bytes - ptr = KMHardwareAuthToken.cast(hwToken).getAuthenticatorId(); - KMInteger.cast(ptr) - .value(scratchPad, (short) (len + (short) (8 - KMInteger.cast(ptr).length()))); - len += 8; - // concatenate authenticator type - 4 bytes - ptr = KMHardwareAuthToken.cast(hwToken).getHwAuthenticatorType(); - scratchPad[(short) (len + 3)] = KMEnum.cast(ptr).getVal(); - len += 4; - // concatenate timestamp -8 bytes - ptr = KMHardwareAuthToken.cast(hwToken).getTimestamp(); - KMInteger.cast(ptr) - .value(scratchPad, (short) (len + (short) (8 - KMInteger.cast(ptr).length()))); - len += 8; - // hmac the data -/* HMACKey key = - cryptoProvider.createHMACKey( - KMRepository.instance().getComputedHmacKey(), - (short) 0, - (short) KMRepository.instance().getComputedHmacKey().length); - - */ - byte[] mac = new byte[32]; - /* - len = - cryptoProvider.hmacSign(key, scratchPad, (short) 0, len, - mac, - (short)0); - */ - short key = KMRepository.instance().getComputedHmacKey(); - cryptoProvider.hmacSign( - KMByteBlob.cast(key).getBuffer(), - KMByteBlob.cast(key).getStartOff(), - KMByteBlob.cast(key).length(), - scratchPad, (short) 0, len, - mac, - (short)0); - KMHardwareAuthToken.cast(hwToken).setMac(KMByteBlob.instance(mac,(short)0,(short)mac.length)); - return hwToken; - } - private void deviceLock(short verToken) { - short req = KMArray.instance((short)2); - KMArray.cast(req).add((short)0, KMInteger.uint_8((byte)1)); - KMArray.cast(req).add((short)1, verToken); - CommandAPDU apdu = encodeApdu((byte)INS_DEVICE_LOCKED_CMD,req); - ResponseAPDU response = simulator.transmitCommand(apdu); - short ret = KMArray.instance((short) 1); - KMArray.cast(ret).add((short) 0, KMInteger.exp()); - byte[] respBuf = response.getBytes(); - Assert.assertEquals(respBuf[0],KMError.OK); - } - - private short signVerificationToken(short verToken) { - byte[] scratchPad = new byte[256]; - byte[] authVer = "Auth Verification".getBytes(); - //print(authVer,(short)0,(short)authVer.length); - // concatenation length will be 37 + length of verified parameters list - which is typically empty - Util.arrayFillNonAtomic(scratchPad, (short) 0, (short) 256, (byte) 0); - short params = KMVerificationToken.cast(verToken).getParametersVerified(); - // Add "Auth Verification" - 17 bytes. - Util.arrayCopy(authVer,(short)0, scratchPad, (short)0, (short)authVer.length); - short len = (short)authVer.length; - // concatenate challenge - 8 bytes - short ptr = KMVerificationToken.cast(verToken).getChallenge(); - KMInteger.cast(ptr) - .value(scratchPad, (short) (len + (short) (8 - KMInteger.cast(ptr).length()))); - len += 8; - // concatenate timestamp -8 bytes - ptr = KMVerificationToken.cast(verToken).getTimestamp(); - KMInteger.cast(ptr) - .value(scratchPad, (short) (len + (short) (8 - KMInteger.cast(ptr).length()))); - len += 8; - // concatenate security level - 4 bytes - ptr = KMVerificationToken.cast(verToken).getSecurityLevel(); - scratchPad[(short) (len + 3)] = KMEnum.cast(ptr).getVal(); - len += 4; - // concatenate Parameters verified - blob of encoded data. - ptr = KMVerificationToken.cast(verToken).getParametersVerified(); - if (KMByteBlob.cast(ptr).length() != 0) { - len += KMByteBlob.cast(ptr).getValues(scratchPad, (short) 0); - } - // hmac the data - /* HMACKey key = - cryptoProvider.createHMACKey( - KMRepository.instance().getComputedHmacKey(), - (short) 0, - (short) KMRepository.instance().getComputedHmacKey().length); - - */ - ptr = KMVerificationToken.cast(verToken).getMac(); - byte[] mac = new byte[32]; - /*len = - cryptoProvider.hmacSign(key, scratchPad, (short) 0, len, - mac, - (short)0); - */ - short key = KMRepository.instance().getComputedHmacKey(); - cryptoProvider.hmacSign(KMByteBlob.cast(key).getBuffer(), - KMByteBlob.cast(key).getStartOff(), - KMByteBlob.cast(key).length(), - scratchPad, (short) 0, len, - mac, - (short)0); - KMVerificationToken.cast(verToken).setMac(KMByteBlob.instance(mac,(short)0,(short)mac.length)); - return verToken; - } - - @Test - public void testEcImportKeySuccess() { - init(); - /* - KeyPair ecKeyPair = cryptoProvider.createECKeyPair(); - byte[] pub = new byte[128]; - short len = ((ECPublicKey)ecKeyPair.getPublic()).getW(pub,(short)0); - byte[] priv = new byte[128]; - len = ((ECPrivateKey)ecKeyPair.getPrivate()).getS(priv,(short)0); - */ - byte[] pub = new byte[128]; - byte[] priv = new byte[128]; - short[] lengths = new short[2]; - cryptoProvider.createAsymmetricKey(KMType.EC,priv,(short)0,(short)128,pub,(short)0, (short)128,lengths); - short pubBlob = KMByteBlob.instance(pub,(short)0,lengths[1]); - short privBlob = KMByteBlob.instance(priv,(short)0,lengths[0]); - short arrPtr = KMArray.instance((short)5); - short boolTag = KMBoolTag.instance(KMType.NO_AUTH_REQUIRED); - short keySize = KMIntegerTag.instance(KMType.UINT_TAG, KMType.KEYSIZE, KMInteger.uint_16((short)256)); - short byteBlob = KMByteBlob.instance((short)1); - KMByteBlob.cast(byteBlob).add((short)0, KMType.SHA2_256); - short digest = KMEnumArrayTag.instance(KMType.DIGEST, byteBlob); - short ecCurve = KMEnumTag.instance(KMType.ECCURVE, KMType.P_256); - KMArray.cast(arrPtr).add((short)0, boolTag); - KMArray.cast(arrPtr).add((short)1, keySize); - KMArray.cast(arrPtr).add((short)2, digest); - KMArray.cast(arrPtr).add((short)3, ecCurve); - KMArray.cast(arrPtr).add((short)4, KMEnumTag.instance(KMType.ALGORITHM, KMType.EC)); - short keyParams = KMKeyParameters.instance(arrPtr); - short keyFormatPtr = KMEnum.instance(KMType.KEY_FORMAT, KMType.RAW);// Note: VTS uses PKCS8 - short keyBlob = KMArray.instance((short)2); - KMArray.cast(keyBlob).add((short)0, privBlob); - KMArray.cast(keyBlob).add((short)1, pubBlob); - byte[] blob = new byte[128]; - short len = encoder.encode(keyBlob,blob,(short)0); - keyBlob = KMByteBlob.instance(blob, (short)0, len); - arrPtr = KMArray.instance((short)3); - KMArray arg = KMArray.cast(arrPtr); - arg.add((short) 0, keyParams); - arg.add((short)1, keyFormatPtr); - arg.add((short)2, keyBlob); - CommandAPDU apdu = encodeApdu((byte)INS_IMPORT_KEY_CMD, arrPtr); - // print(commandAPDU.getBytes()); - ResponseAPDU response = simulator.transmitCommand(apdu); - short ret = KMArray.instance((short) 3); - KMArray.cast(ret).add((short) 0, KMInteger.exp()); - KMArray.cast(ret).add((short)1, KMByteBlob.exp()); - short inst = KMKeyCharacteristics.exp(); - KMArray.cast(ret).add((short) 2, inst); - byte[] respBuf = response.getBytes(); - len = (short) respBuf.length; - ret = decoder.decode(ret, respBuf, (short) 0, len); - short error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); - short keyBlobLength = KMByteBlob.cast(KMArray.cast(ret).get((short)1)).length(); - short blobArr = extractKeyBlobArray(KMArray.cast(ret).get((short)1)); - short keyCharacteristics = KMArray.cast(ret).get((short)2); - short hwParams = KMKeyCharacteristics.cast(keyCharacteristics).getHardwareEnforced(); - short swParams = KMKeyCharacteristics.cast(keyCharacteristics).getSoftwareEnforced(); - Assert.assertEquals(0x9000, response.getSW()); - Assert.assertEquals(error, KMError.OK); - short tag = KMKeyParameters.findTag(KMType.BOOL_TAG, KMType.NO_AUTH_REQUIRED, hwParams); - Assert.assertEquals(KMBoolTag.cast(tag).getVal(),0x01); - tag = KMKeyParameters.findTag(KMType.UINT_TAG, KMType.KEYSIZE, hwParams); - Assert.assertEquals(KMInteger.cast(KMIntegerTag.cast(tag).getValue()).getShort(), 256); - tag = KMKeyParameters.findTag(KMType.ENUM_ARRAY_TAG, KMType.DIGEST, hwParams); - Assert.assertTrue(KMEnumArrayTag.cast(tag).contains(KMType.SHA2_256)); - tag = KMKeyParameters.findTag(KMType.ENUM_TAG, KMType.ECCURVE, hwParams); - Assert.assertEquals(KMEnumTag.cast(tag).getValue(), KMType.P_256); - tag = KMKeyParameters.findTag(KMType.ENUM_TAG, KMType.ALGORITHM, hwParams); - Assert.assertEquals(KMEnumTag.cast(tag).getValue(), KMType.EC); - tag = KMKeyParameters.findTag(KMType.ENUM_TAG, KMType.ORIGIN, hwParams); - Assert.assertEquals(KMEnumTag.cast(tag).getValue(), KMType.IMPORTED); - cleanUp(); - } - - private short extractKeyBlobArray(short keyBlob) { - short ret = KMArray.instance((short) 5); - KMArray.cast(ret).add(KMKeymasterApplet.KEY_BLOB_SECRET, KMByteBlob.exp()); - KMArray.cast(ret).add(KMKeymasterApplet.KEY_BLOB_AUTH_TAG, KMByteBlob.exp()); - KMArray.cast(ret).add(KMKeymasterApplet.KEY_BLOB_NONCE, KMByteBlob.exp()); - short ptr = KMKeyCharacteristics.exp(); - KMArray.cast(ret).add(KMKeymasterApplet.KEY_BLOB_KEYCHAR, ptr); - KMArray.cast(ret).add(KMKeymasterApplet.KEY_BLOB_PUB_KEY, KMByteBlob.exp()); - ret = - decoder.decodeArray( - ret, - KMByteBlob.cast(keyBlob).getBuffer(), - KMByteBlob.cast(keyBlob).getStartOff(), - KMByteBlob.cast(keyBlob).length()); - short len = KMArray.cast(ret).length(); - ptr = KMArray.cast(ret).get((short)4); -// print(KMByteBlob.cast(ptr).getBuffer(),KMByteBlob.cast(ptr).getStartOff(),KMByteBlob.cast(ptr).length()); - return ret; - } - - @Test - public void testRsaGenerateKeySuccess() { - init(); - short ret = generateRsaKey(null, null); - short error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); - short keyBlobLength = KMByteBlob.cast(KMArray.cast(ret).get((short)1)).length(); - short keyCharacteristics = KMArray.cast(ret).get((short)2); - short hwParams = KMKeyCharacteristics.cast(keyCharacteristics).getHardwareEnforced(); - short swParams = KMKeyCharacteristics.cast(keyCharacteristics).getSoftwareEnforced(); - Assert.assertEquals(error, KMError.OK); - short tag = KMKeyParameters.findTag(KMType.UINT_TAG, KMType.KEYSIZE, hwParams); - Assert.assertEquals(KMInteger.cast(KMIntegerTag.cast(tag).getValue()).getShort(), 2048); - tag = KMKeyParameters.findTag(KMType.ENUM_ARRAY_TAG, KMType.DIGEST, hwParams); - Assert.assertTrue(KMEnumArrayTag.cast(tag).contains(KMType.DIGEST_NONE)); - tag = KMKeyParameters.findTag(KMType.ENUM_ARRAY_TAG, KMType.PADDING, hwParams); - Assert.assertTrue(KMEnumArrayTag.cast(tag).contains(KMType.RSA_PKCS1_1_5_ENCRYPT)); - tag = KMKeyParameters.findTag(KMType.ULONG_TAG, KMType.RSA_PUBLIC_EXPONENT, hwParams); - Assert.assertEquals(KMInteger.cast(KMIntegerTag.cast(tag).getValue()).getSignificantShort(), 0x01); - Assert.assertEquals(KMInteger.cast(KMIntegerTag.cast(tag).getValue()).getShort(), 0x01); - tag = KMKeyParameters.findTag(KMType.ENUM_TAG, KMType.ALGORITHM, hwParams); - Assert.assertEquals(KMEnumTag.cast(tag).getValue(), KMType.RSA); - tag = KMKeyParameters.findTag(KMType.ENUM_TAG, KMType.ORIGIN, hwParams); - Assert.assertEquals(KMEnumTag.cast(tag).getValue(), KMType.GENERATED); - cleanUp(); - } - - private short generateRsaKey(byte[] clientId, byte[] appData){ - byte[] activeAndCreationDateTime = {0,0,0x01,0x73,0x51,0x7C,(byte)0xCC,0x00}; - short tagCount = 11; - if(clientId != null) tagCount++; - if(appData != null) tagCount++; - short arrPtr = KMArray.instance(tagCount); - short keySize = KMIntegerTag.instance(KMType.UINT_TAG, KMType.KEYSIZE, KMInteger.uint_16((short)2048)); - short byteBlob = KMByteBlob.instance((short)3); - KMByteBlob.cast(byteBlob).add((short)0, KMType.DIGEST_NONE); - KMByteBlob.cast(byteBlob).add((short)1, KMType.SHA2_256); - KMByteBlob.cast(byteBlob).add((short)2, KMType.SHA1); - short digest = KMEnumArrayTag.instance(KMType.DIGEST, byteBlob); - byteBlob = KMByteBlob.instance((short)5); - KMByteBlob.cast(byteBlob).add((short)0, KMType.RSA_PKCS1_1_5_ENCRYPT); - KMByteBlob.cast(byteBlob).add((short)1, KMType.RSA_PKCS1_1_5_SIGN); - KMByteBlob.cast(byteBlob).add((short)2, KMType.RSA_OAEP); - KMByteBlob.cast(byteBlob).add((short)3, KMType.RSA_PSS); - KMByteBlob.cast(byteBlob).add((short)4, KMType.PADDING_NONE); - short padding = KMEnumArrayTag.instance(KMType.PADDING, byteBlob); - byteBlob = KMByteBlob.instance((short)5); - KMByteBlob.cast(byteBlob).add((short)0, KMType.SIGN); - KMByteBlob.cast(byteBlob).add((short)1, KMType.VERIFY); - KMByteBlob.cast(byteBlob).add((short)2, KMType.ENCRYPT); - KMByteBlob.cast(byteBlob).add((short)3, KMType.DECRYPT); - KMByteBlob.cast(byteBlob).add((short)4, KMType.WRAP_KEY); - short purpose = KMEnumArrayTag.instance(KMType.PURPOSE, byteBlob); - byte[] pub = {0,1,0,1}; - short rsaPubExpTag = KMIntegerTag.instance(KMType.ULONG_TAG,KMType.RSA_PUBLIC_EXPONENT, KMInteger.uint_32(pub, (short)0)); - short boolTag = KMBoolTag.instance(KMType.NO_AUTH_REQUIRED); - short tagIndex = 0; - KMArray.cast(arrPtr).add(tagIndex++, purpose); - KMArray.cast(arrPtr).add(tagIndex++, KMBoolTag.instance(KMType.INCLUDE_UNIQUE_ID)); - KMArray.cast(arrPtr).add(tagIndex++, KMBoolTag.instance(KMType.RESET_SINCE_ID_ROTATION)); - KMArray.cast(arrPtr).add(tagIndex++, boolTag); - KMArray.cast(arrPtr).add(tagIndex++, keySize); - KMArray.cast(arrPtr).add(tagIndex++, digest); - KMArray.cast(arrPtr).add(tagIndex++, rsaPubExpTag); - KMArray.cast(arrPtr).add(tagIndex++, KMEnumTag.instance(KMType.ALGORITHM, KMType.RSA)); - KMArray.cast(arrPtr).add(tagIndex++, padding); - short dateTag = KMInteger.uint_64(activeAndCreationDateTime,(short)0); - KMArray.cast(arrPtr).add(tagIndex++, KMIntegerTag.instance(KMType.DATE_TAG,KMType.ACTIVE_DATETIME,dateTag)); - KMArray.cast(arrPtr).add(tagIndex++, KMIntegerTag.instance(KMType.DATE_TAG,KMType.CREATION_DATETIME,dateTag)); - - if(clientId != null)KMArray.cast(arrPtr).add(tagIndex++, - KMByteTag.instance(KMType.APPLICATION_ID, KMByteBlob.instance(clientId,(short)0,(short)clientId.length))); - if(appData != null)KMArray.cast(arrPtr).add(tagIndex++, - KMByteTag.instance(KMType.APPLICATION_DATA, KMByteBlob.instance(appData,(short)0,(short)appData.length))); - short keyParams = KMKeyParameters.instance(arrPtr); - arrPtr = KMArray.instance((short)1); - KMArray arg = KMArray.cast(arrPtr); - arg.add((short) 0, keyParams); - CommandAPDU apdu = encodeApdu((byte)INS_GENERATE_KEY_CMD, arrPtr); - // print(commandAPDU.getBytes()); - ResponseAPDU response = simulator.transmitCommand(apdu); - Assert.assertEquals(0x9000, response.getSW()); - short ret = KMArray.instance((short) 3); - KMArray.cast(ret).add((short) 0, KMInteger.exp()); - KMArray.cast(ret).add((short)1, KMByteBlob.exp()); - short inst = KMKeyCharacteristics.exp(); - KMArray.cast(ret).add((short) 2, inst); - byte[] respBuf = response.getBytes(); - short len = (short) respBuf.length; - ret = decoder.decode(ret, respBuf, (short) 0, len); - return ret; - } - - private short generateAttestationKey(){ - // 15th July 2020 00.00.00 - byte[] activeAndCreationDateTime = {0,0,0x01,0x73,0x51,0x7C,(byte)0xCC,0x00}; - short tagCount = 11; - short arrPtr = KMArray.instance(tagCount); - short keySize = KMIntegerTag.instance(KMType.UINT_TAG, KMType.KEYSIZE, KMInteger.uint_16((short)2048)); - short byteBlob = KMByteBlob.instance((short)3); - KMByteBlob.cast(byteBlob).add((short)0, KMType.DIGEST_NONE); - KMByteBlob.cast(byteBlob).add((short)1, KMType.SHA2_256); - KMByteBlob.cast(byteBlob).add((short)2, KMType.SHA1); - short digest = KMEnumArrayTag.instance(KMType.DIGEST, byteBlob); - byteBlob = KMByteBlob.instance((short)1); - KMByteBlob.cast(byteBlob).add((short)0, KMType.RSA_PKCS1_1_5_SIGN); - short padding = KMEnumArrayTag.instance(KMType.PADDING, byteBlob); - byteBlob = KMByteBlob.instance((short)1); - KMByteBlob.cast(byteBlob).add((short)0, KMType.ATTEST_KEY); - short purpose = KMEnumArrayTag.instance(KMType.PURPOSE, byteBlob); - byte[] pub = {0,1,0,1}; - short rsaPubExpTag = KMIntegerTag.instance(KMType.ULONG_TAG,KMType.RSA_PUBLIC_EXPONENT, KMInteger.uint_32(pub, (short)0)); - short boolTag = KMBoolTag.instance(KMType.NO_AUTH_REQUIRED); - short tagIndex = 0; - KMArray.cast(arrPtr).add(tagIndex++, purpose); - KMArray.cast(arrPtr).add(tagIndex++, boolTag); - KMArray.cast(arrPtr).add(tagIndex++, KMBoolTag.instance(KMType.INCLUDE_UNIQUE_ID)); - KMArray.cast(arrPtr).add(tagIndex++, KMBoolTag.instance(KMType.RESET_SINCE_ID_ROTATION)); - KMArray.cast(arrPtr).add(tagIndex++, boolTag); - KMArray.cast(arrPtr).add(tagIndex++, keySize); - KMArray.cast(arrPtr).add(tagIndex++, digest); - KMArray.cast(arrPtr).add(tagIndex++, rsaPubExpTag); - KMArray.cast(arrPtr).add(tagIndex++, KMEnumTag.instance(KMType.ALGORITHM, KMType.RSA)); - KMArray.cast(arrPtr).add(tagIndex++, padding); - short dateTag = KMInteger.uint_64(activeAndCreationDateTime,(short)0); - KMArray.cast(arrPtr).add(tagIndex++, KMIntegerTag.instance(KMType.ULONG_TAG,KMType.ACTIVE_DATETIME,dateTag)); - KMArray.cast(arrPtr).add(tagIndex++, KMIntegerTag.instance(KMType.ULONG_TAG,KMType.CREATION_DATETIME,dateTag)); - short keyParams = KMKeyParameters.instance(arrPtr); - arrPtr = KMArray.instance((short)1); - KMArray arg = KMArray.cast(arrPtr); - arg.add((short) 0, keyParams); - CommandAPDU apdu = encodeApdu((byte)INS_GENERATE_KEY_CMD, arrPtr); - // print(commandAPDU.getBytes()); - ResponseAPDU response = simulator.transmitCommand(apdu); - Assert.assertEquals(0x9000, response.getSW()); - short ret = KMArray.instance((short) 3); - KMArray.cast(ret).add((short) 0, KMInteger.exp()); - KMArray.cast(ret).add((short)1, KMByteBlob.exp()); - short inst = KMKeyCharacteristics.exp(); - KMArray.cast(ret).add((short) 2, inst); - byte[] respBuf = response.getBytes(); - short len = (short) respBuf.length; - ret = decoder.decode(ret, respBuf, (short) 0, len); - return ret; - } - - @Test - public void testEcGenerateKeySuccess() { - init(); - short ret = generateEcKey(null, null); - short error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); - short keyBlobLength = KMByteBlob.cast(KMArray.cast(ret).get((short)1)).length(); - short keyCharacteristics = KMArray.cast(ret).get((short)2); - short hwParams = KMKeyCharacteristics.cast(keyCharacteristics).getHardwareEnforced(); - short swParams = KMKeyCharacteristics.cast(keyCharacteristics).getSoftwareEnforced(); - Assert.assertEquals(error, KMError.OK); - short tag = KMKeyParameters.findTag(KMType.UINT_TAG, KMType.KEYSIZE, hwParams); - Assert.assertEquals(KMInteger.cast(KMIntegerTag.cast(tag).getValue()).getShort(), 256); - tag = KMKeyParameters.findTag(KMType.ENUM_ARRAY_TAG, KMType.DIGEST, hwParams); - Assert.assertTrue(KMEnumArrayTag.cast(tag).contains(KMType.DIGEST_NONE)); - tag = KMKeyParameters.findTag(KMType.ENUM_TAG, KMType.ALGORITHM, hwParams); - Assert.assertEquals(KMEnumTag.cast(tag).getValue(), KMType.EC); - tag = KMKeyParameters.findTag(KMType.ENUM_TAG, KMType.ORIGIN, hwParams); - Assert.assertEquals(KMEnumTag.cast(tag).getValue(), KMType.GENERATED); - cleanUp(); - } - public short generateEcKey(byte[] clientId, byte[] appData) { - byte[] activeAndCreationDateTime = {0,0,0x01,0x73,0x51,0x7C,(byte)0xCC,0x00}; - short tagCount = 6; - if(clientId != null) tagCount++; - if(appData != null) tagCount++; - short arrPtr = KMArray.instance(tagCount); - short keySize = KMIntegerTag.instance(KMType.UINT_TAG, KMType.KEYSIZE, KMInteger.uint_16((short)256)); - short byteBlob = KMByteBlob.instance((short)2); - KMByteBlob.cast(byteBlob).add((short)0, KMType.DIGEST_NONE); - KMByteBlob.cast(byteBlob).add((short)1, KMType.SHA2_256); - short digest = KMEnumArrayTag.instance(KMType.DIGEST, byteBlob); - byteBlob = KMByteBlob.instance((short)2); - KMByteBlob.cast(byteBlob).add((short)0, KMType.SIGN); - KMByteBlob.cast(byteBlob).add((short)1, KMType.VERIFY); - short purpose = KMEnumArrayTag.instance(KMType.PURPOSE, byteBlob); - short boolTag = KMBoolTag.instance(KMType.NO_AUTH_REQUIRED); - short tagIndex = 0; - KMArray.cast(arrPtr).add(tagIndex++, purpose); - KMArray.cast(arrPtr).add(tagIndex++, boolTag); - KMArray.cast(arrPtr).add(tagIndex++, keySize); - KMArray.cast(arrPtr).add(tagIndex++, digest); - KMArray.cast(arrPtr).add(tagIndex++, KMEnumTag.instance(KMType.ALGORITHM, KMType.EC)); - short dateTag = KMInteger.uint_64(activeAndCreationDateTime,(short)0); - KMArray.cast(arrPtr).add(tagIndex++, KMIntegerTag.instance(KMType.DATE_TAG,KMType.CREATION_DATETIME,dateTag)); - if(clientId != null)KMArray.cast(arrPtr).add(tagIndex++, - KMByteTag.instance(KMType.APPLICATION_ID, KMByteBlob.instance(clientId,(short)0,(short)clientId.length))); - if(appData != null)KMArray.cast(arrPtr).add(tagIndex++, - KMByteTag.instance(KMType.APPLICATION_DATA, KMByteBlob.instance(appData,(short)0,(short)appData.length))); - short keyParams = KMKeyParameters.instance(arrPtr); - arrPtr = KMArray.instance((short)1); - KMArray arg = KMArray.cast(arrPtr); - arg.add((short) 0, keyParams); - CommandAPDU apdu = encodeApdu((byte)INS_GENERATE_KEY_CMD, arrPtr); - // print(commandAPDU.getBytes()); - ResponseAPDU response = simulator.transmitCommand(apdu); - Assert.assertEquals(0x9000, response.getSW()); - short ret = KMArray.instance((short) 3); - KMArray.cast(ret).add((short) 0, KMInteger.exp()); - KMArray.cast(ret).add((short)1, KMByteBlob.exp()); - short inst = KMKeyCharacteristics.exp(); - KMArray.cast(ret).add((short) 2, inst); - byte[] respBuf = response.getBytes(); - short len = (short) respBuf.length; - ret = decoder.decode(ret, respBuf, (short) 0, len); - return ret; - } - - @Test - public void testHmacGenerateKeySuccess() { - init(); - short ret = generateHmacKey(null, null); - short error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); - short keyBlobLength = KMByteBlob.cast(KMArray.cast(ret).get((short)1)).length(); - short keyCharacteristics = KMArray.cast(ret).get((short)2); - short hwParams = KMKeyCharacteristics.cast(keyCharacteristics).getHardwareEnforced(); - short swParams = KMKeyCharacteristics.cast(keyCharacteristics).getSoftwareEnforced(); - Assert.assertEquals(error, KMError.OK); - short tag = KMKeyParameters.findTag(KMType.UINT_TAG, KMType.KEYSIZE, hwParams); - Assert.assertEquals(KMInteger.cast(KMIntegerTag.cast(tag).getValue()).getShort(), 128); - tag = KMKeyParameters.findTag(KMType.ENUM_ARRAY_TAG, KMType.DIGEST, hwParams); - Assert.assertTrue(KMEnumArrayTag.cast(tag).contains(KMType.SHA2_256)); - tag = KMKeyParameters.findTag(KMType.UINT_TAG, KMType.MIN_MAC_LENGTH, hwParams); - Assert.assertEquals(KMInteger.cast(KMIntegerTag.cast(tag).getValue()).getShort(), 160); - tag = KMKeyParameters.findTag(KMType.ENUM_TAG, KMType.ALGORITHM, hwParams); - Assert.assertEquals(KMEnumTag.cast(tag).getValue(), KMType.HMAC); - tag = KMKeyParameters.findTag(KMType.ENUM_TAG, KMType.ORIGIN, hwParams); - Assert.assertEquals(KMEnumTag.cast(tag).getValue(), KMType.GENERATED); - cleanUp(); - } - public short generateHmacKey(byte[] clientId, byte[] appData){ - short tagCount = 6; - if(clientId != null) tagCount++; - if(appData != null) tagCount++; - short arrPtr = KMArray.instance(tagCount); - short keySize = KMIntegerTag.instance(KMType.UINT_TAG, KMType.KEYSIZE, KMInteger.uint_16((short)128)); - short byteBlob = KMByteBlob.instance((short)1); - KMByteBlob.cast(byteBlob).add((short)0, KMType.SHA2_256); - short digest = KMEnumArrayTag.instance(KMType.DIGEST, byteBlob); - byteBlob = KMByteBlob.instance((short)2); - KMByteBlob.cast(byteBlob).add((short)0, KMType.SIGN); - KMByteBlob.cast(byteBlob).add((short)1, KMType.VERIFY); - short purpose = KMEnumArrayTag.instance(KMType.PURPOSE, byteBlob); - short boolTag = KMBoolTag.instance(KMType.NO_AUTH_REQUIRED); - short minMacLen = KMIntegerTag.instance(KMType.UINT_TAG, KMType.MIN_MAC_LENGTH, KMInteger.uint_16((short)/*256*/160)); - short tagIndex = 0; - KMArray.cast(arrPtr).add(tagIndex++, minMacLen); - KMArray.cast(arrPtr).add(tagIndex++, purpose); - KMArray.cast(arrPtr).add(tagIndex++, boolTag); - KMArray.cast(arrPtr).add(tagIndex++, keySize); - KMArray.cast(arrPtr).add(tagIndex++, digest); - KMArray.cast(arrPtr).add(tagIndex++, KMEnumTag.instance(KMType.ALGORITHM, KMType.HMAC)); - if(clientId != null)KMArray.cast(arrPtr).add(tagIndex++, - KMByteTag.instance(KMType.APPLICATION_ID, KMByteBlob.instance(clientId,(short)0,(short)clientId.length))); - if(appData != null)KMArray.cast(arrPtr).add(tagIndex++, - KMByteTag.instance(KMType.APPLICATION_DATA, KMByteBlob.instance(appData,(short)0,(short)appData.length))); - short keyParams = KMKeyParameters.instance(arrPtr); - arrPtr = KMArray.instance((short)1); - KMArray arg = KMArray.cast(arrPtr); - arg.add((short) 0, keyParams); - CommandAPDU apdu = encodeApdu((byte)INS_GENERATE_KEY_CMD, arrPtr); - // print(commandAPDU.getBytes()); - ResponseAPDU response = simulator.transmitCommand(apdu); - short ret = KMArray.instance((short) 3); - KMArray.cast(ret).add((short) 0, KMInteger.exp()); - KMArray.cast(ret).add((short)1, KMByteBlob.exp()); - short inst = KMKeyCharacteristics.exp(); - KMArray.cast(ret).add((short) 2, inst); - byte[] respBuf = response.getBytes(); - short len = (short) respBuf.length; - ret = decoder.decode(ret, respBuf, (short) 0, len); - short error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); - Assert.assertEquals(0x9000, response.getSW()); - Assert.assertEquals(error, KMError.OK); - return ret; - } - public short generateAesDesKey(byte alg, short keysize, byte[] clientId, byte[] appData, boolean unlockReqd) { - short tagCount = 7; - if(clientId != null) tagCount++; - if(appData != null) tagCount++; - if(unlockReqd)tagCount++; - short arrPtr = KMArray.instance(tagCount); - short boolTag = KMBoolTag.instance(KMType.NO_AUTH_REQUIRED); - short keySize = KMIntegerTag.instance(KMType.UINT_TAG, KMType.KEYSIZE, KMInteger.uint_16(keysize)); - short byteBlob = KMByteBlob.instance((short)3); - KMByteBlob.cast(byteBlob).add((short)0, KMType.ECB); - KMByteBlob.cast(byteBlob).add((short)1, KMType.CBC); - KMByteBlob.cast(byteBlob).add((short)2, KMType.CTR); - short blockModeTag = KMEnumArrayTag.instance(KMType.BLOCK_MODE, byteBlob); - byteBlob = KMByteBlob.instance((short)2); - KMByteBlob.cast(byteBlob).add((short)0, KMType.PKCS7); - KMByteBlob.cast(byteBlob).add((short)1, KMType.PADDING_NONE); - short paddingMode = KMEnumArrayTag.instance(KMType.PADDING, byteBlob); - byteBlob = KMByteBlob.instance((short)2); - KMByteBlob.cast(byteBlob).add((short)0, KMType.ENCRYPT); - KMByteBlob.cast(byteBlob).add((short)1, KMType.DECRYPT); - short purpose = KMEnumArrayTag.instance(KMType.PURPOSE, byteBlob); - short tagIndex = 0; - KMArray.cast(arrPtr).add(tagIndex++, boolTag); - KMArray.cast(arrPtr).add(tagIndex++, keySize); - KMArray.cast(arrPtr).add(tagIndex++, blockModeTag); - KMArray.cast(arrPtr).add(tagIndex++, paddingMode); - KMArray.cast(arrPtr).add(tagIndex++, KMEnumTag.instance(KMType.ALGORITHM, alg)); - KMArray.cast(arrPtr).add(tagIndex++, purpose); - KMArray.cast(arrPtr).add(tagIndex++, KMBoolTag.instance(KMType.CALLER_NONCE)); - if(unlockReqd)KMArray.cast(arrPtr).add(tagIndex++, KMBoolTag.instance(KMType.UNLOCKED_DEVICE_REQUIRED)); - if(clientId != null)KMArray.cast(arrPtr).add(tagIndex++, - KMByteTag.instance(KMType.APPLICATION_ID, KMByteBlob.instance(clientId,(short)0,(short)clientId.length))); - if(appData != null)KMArray.cast(arrPtr).add(tagIndex++, - KMByteTag.instance(KMType.APPLICATION_DATA, KMByteBlob.instance(appData,(short)0,(short)appData.length))); - short keyParams = KMKeyParameters.instance(arrPtr); - arrPtr = KMArray.instance((short)1); - KMArray arg = KMArray.cast(arrPtr); - arg.add((short) 0, keyParams); - CommandAPDU apdu = encodeApdu((byte)INS_GENERATE_KEY_CMD, arrPtr); - // print(commandAPDU.getBytes()); - ResponseAPDU response = simulator.transmitCommand(apdu); - short ret = KMArray.instance((short) 3); - KMArray.cast(ret).add((short) 0, KMInteger.exp()); - KMArray.cast(ret).add((short)1, KMByteBlob.exp()); - short inst = KMKeyCharacteristics.exp(); - KMArray.cast(ret).add((short) 2, inst); - byte[] respBuf = response.getBytes(); - short len = (short) respBuf.length; - ret = decoder.decode(ret, respBuf, (short) 0, len); - short error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); - Assert.assertEquals(0x9000, response.getSW()); - Assert.assertEquals(error, KMError.OK); - return ret; - } - public short generateAesGcmKey(short keysize, byte[] clientId, byte[] appData) { - short tagCount = 8; - if(clientId != null) tagCount++; - if(appData != null) tagCount++; - short arrPtr = KMArray.instance(tagCount); - short boolTag = KMBoolTag.instance(KMType.NO_AUTH_REQUIRED); - short keySize = KMIntegerTag.instance(KMType.UINT_TAG, KMType.KEYSIZE, KMInteger.uint_16(keysize)); - short macLength = KMIntegerTag.instance(KMType.UINT_TAG, KMType.MIN_MAC_LENGTH, KMInteger.uint_16((short)96)); - short byteBlob = KMByteBlob.instance((short)1); - KMByteBlob.cast(byteBlob).add((short)0, KMType.GCM); - short blockModeTag = KMEnumArrayTag.instance(KMType.BLOCK_MODE, byteBlob); - byteBlob = KMByteBlob.instance((short)1); - KMByteBlob.cast(byteBlob).add((short)0, KMType.PADDING_NONE); - short paddingMode = KMEnumArrayTag.instance(KMType.PADDING, byteBlob); - byteBlob = KMByteBlob.instance((short)2); - KMByteBlob.cast(byteBlob).add((short)0, KMType.ENCRYPT); - KMByteBlob.cast(byteBlob).add((short)1, KMType.DECRYPT); - short purpose = KMEnumArrayTag.instance(KMType.PURPOSE, byteBlob); - short tagIndex = 0; - KMArray.cast(arrPtr).add(tagIndex++, boolTag); - KMArray.cast(arrPtr).add(tagIndex++, macLength); - KMArray.cast(arrPtr).add(tagIndex++, keySize); - KMArray.cast(arrPtr).add(tagIndex++, blockModeTag); - KMArray.cast(arrPtr).add(tagIndex++, paddingMode); - KMArray.cast(arrPtr).add(tagIndex++, KMEnumTag.instance(KMType.ALGORITHM, KMType.AES)); - KMArray.cast(arrPtr).add(tagIndex++, purpose); - KMArray.cast(arrPtr).add(tagIndex++, KMBoolTag.instance(KMType.CALLER_NONCE)); - if(clientId != null)KMArray.cast(arrPtr).add(tagIndex++, - KMByteTag.instance(KMType.APPLICATION_ID, KMByteBlob.instance(clientId,(short)0,(short)clientId.length))); - if(appData != null)KMArray.cast(arrPtr).add(tagIndex++, - KMByteTag.instance(KMType.APPLICATION_DATA, KMByteBlob.instance(appData,(short)0,(short)appData.length))); - short keyParams = KMKeyParameters.instance(arrPtr); - arrPtr = KMArray.instance((short)1); - KMArray arg = KMArray.cast(arrPtr); - arg.add((short) 0, keyParams); - CommandAPDU apdu = encodeApdu((byte)INS_GENERATE_KEY_CMD, arrPtr); - // print(commandAPDU.getBytes()); - ResponseAPDU response = simulator.transmitCommand(apdu); - short ret = KMArray.instance((short) 3); - KMArray.cast(ret).add((short) 0, KMInteger.exp()); - KMArray.cast(ret).add((short)1, KMByteBlob.exp()); - short inst = KMKeyCharacteristics.exp(); - KMArray.cast(ret).add((short) 2, inst); - byte[] respBuf = response.getBytes(); - short len = (short) respBuf.length; - ret = decoder.decode(ret, respBuf, (short) 0, len); - short error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); - Assert.assertEquals(0x9000, response.getSW()); - Assert.assertEquals(error, KMError.OK); - return ret; - } - - @Test - public void testComputeHmacParams(){ - init(); - // Get Hmac parameters - short ret = getHmacSharingParams(); - short error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); - KMHmacSharingParameters params = KMHmacSharingParameters.cast(KMArray.cast(ret).get((short)1)); - short seed = params.getSeed(); - short nonce = params.getNonce(); - - short params1 = KMHmacSharingParameters.instance(); - KMHmacSharingParameters.cast(params1).setSeed(KMByteBlob.instance((short)0)); - short num = KMByteBlob.instance((short)32); - Util.arrayCopyNonAtomic( - KMByteBlob.cast(nonce).getBuffer(), - KMByteBlob.cast(nonce).getStartOff(), - KMByteBlob.cast(num).getBuffer(), - KMByteBlob.cast(num).getStartOff(), - KMByteBlob.cast(num).length()); - // cryptoProvider.newRandomNumber( -// KMByteBlob.cast(num).getBuffer(), -// KMByteBlob.cast(num).getStartOff(), -// KMByteBlob.cast(num).length()); - KMHmacSharingParameters.cast(params1).setNonce(num); - short params2 = KMHmacSharingParameters.instance(); - KMHmacSharingParameters.cast(params2).setSeed(KMByteBlob.instance((short)0)); - num = KMByteBlob.instance((short)32); - cryptoProvider.newRandomNumber( - KMByteBlob.cast(num).getBuffer(), - KMByteBlob.cast(num).getStartOff(), - KMByteBlob.cast(num).length()); - KMHmacSharingParameters.cast(params2).setNonce(num); - short arr = KMArray.instance((short)2); - KMArray.cast(arr).add((short)0, params1); - KMArray.cast(arr).add((short)1,params2); - short arrPtr = KMArray.instance((short)1); - KMArray.cast(arrPtr).add((short)0,arr); - CommandAPDU apdu = encodeApdu((byte)INS_COMPUTE_SHARED_HMAC_CMD, arrPtr); - // print(commandAPDU.getBytes()); - ResponseAPDU response = simulator.transmitCommand(apdu); - Assert.assertEquals(0x9000, response.getSW()); - ret = KMArray.instance((short) 2); - KMArray.cast(ret).add((short) 0, KMInteger.exp()); - KMArray.cast(ret).add((short)1, KMByteBlob.exp()); - byte[] respBuf = response.getBytes(); - short len = (short) respBuf.length; - ret = decoder.decode(ret, respBuf, (short) 0, len); - error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); - Assert.assertEquals(0x9000, response.getSW()); - Assert.assertEquals(error, KMError.OK); - - cleanUp(); - } - @Test - public void testGetHmacSharingParams(){ - init(); - CommandAPDU commandAPDU = new CommandAPDU(0x80, INS_GET_HMAC_SHARING_PARAM_CMD, 0x40, 0x00); - //print(commandAPDU.getBytes()); - ResponseAPDU response = simulator.transmitCommand(commandAPDU); - KMDecoder dec = new KMDecoder(); - short ret = KMArray.instance((short) 2); - KMArray.cast(ret).add((short) 0, KMInteger.exp()); - short inst = KMHmacSharingParameters.exp(); - KMArray.cast(ret).add((short) 1, inst); - byte[] respBuf = response.getBytes(); - short len = (short) respBuf.length; - ret = decoder.decode(ret, respBuf, (short) 0, len); - short error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); - KMHmacSharingParameters params = KMHmacSharingParameters.cast(KMArray.cast(ret).get((short)1)); - short seed = params.getSeed(); - short nonce = params.getNonce(); - Assert.assertTrue(KMByteBlob.cast(seed).length() == 0); - Assert.assertTrue(KMByteBlob.cast(nonce).length() == 32); - //print(seed); - //print(nonce); - Assert.assertEquals(error, KMError.OK); - cleanUp(); - } - public short getHmacSharingParams(){ - CommandAPDU commandAPDU = new CommandAPDU(0x80, INS_GET_HMAC_SHARING_PARAM_CMD, 0x40, 0x00); - //print(commandAPDU.getBytes()); - ResponseAPDU response = simulator.transmitCommand(commandAPDU); - KMDecoder dec = new KMDecoder(); - short ret = KMArray.instance((short) 2); - KMArray.cast(ret).add((short) 0, KMInteger.exp()); - short inst = KMHmacSharingParameters.exp(); - KMArray.cast(ret).add((short) 1, inst); - byte[] respBuf = response.getBytes(); - short len = (short) respBuf.length; - ret = decoder.decode(ret, respBuf, (short) 0, len); - return ret; - } - - @Test - public void testImportWrappedKey(){ - init(); - byte[] wrappedKey = new byte[16]; - cryptoProvider.newRandomNumber(wrappedKey,(short)0,(short)16); - byte[] encWrappedKey = new byte[16]; - //AESKey transportKey = cryptoProvider.createAESKey((short)256); - byte[] transportKeyMaterial = new byte[32]; - cryptoProvider.newRandomNumber(transportKeyMaterial,(short)0,(short)32); - //transportKey.setKey(transportKeyMaterial,(short)0); - byte[] nonce = new byte[12]; - cryptoProvider.newRandomNumber(nonce,(short)0,(short)12); - byte[] authData = "Auth Data".getBytes(); - byte[] authTag = new byte[12]; - cryptoProvider.aesGCMEncrypt(transportKeyMaterial,(short)0,(short)32,wrappedKey, - (short)0,(short)16,encWrappedKey,(short)0, - nonce,(short)0, (short)12,authData,(short)0,(short)authData.length, - authTag, (short)0, (short)12); - byte[] maskingKey = {1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0}; - byte[] maskedTransportKey = new byte[32]; - for(int i=0; i< maskingKey.length;i++){ - maskedTransportKey[i] = (byte)(transportKeyMaterial[i] ^ maskingKey[i]); - } - short rsaKeyArr = generateRsaKey(null,null); - short keyBlobPtr = KMArray.cast(rsaKeyArr).get((short)1); - byte[] wrappingKeyBlob= new byte[KMByteBlob.cast(keyBlobPtr).length()]; - Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), - KMByteBlob.cast(keyBlobPtr).getStartOff(), - wrappingKeyBlob,(short)0, (short)wrappingKeyBlob.length); - short inParams = getRsaParams(KMType.SHA2_256, KMType.RSA_OAEP); - short ret = processMessage(maskedTransportKey, - KMByteBlob.instance(wrappingKeyBlob,(short)0, (short)wrappingKeyBlob.length), - KMType.ENCRYPT, - KMKeyParameters.instance(inParams), - (short)0,null,false,false - ); - keyBlobPtr = KMArray.cast(ret).get((short)2); - byte[] encTransportKey = new byte[KMByteBlob.cast(keyBlobPtr).length()]; - Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), KMByteBlob.cast(keyBlobPtr).getStartOff(), - encTransportKey,(short)0, (short)encTransportKey.length); - short tagCount = 7; - short arrPtr = KMArray.instance(tagCount); - short boolTag = KMBoolTag.instance(KMType.NO_AUTH_REQUIRED); - short keySize = KMIntegerTag.instance(KMType.UINT_TAG, KMType.KEYSIZE, KMInteger.uint_16((short)128)); - short byteBlob = KMByteBlob.instance((short)2); - KMByteBlob.cast(byteBlob).add((short)0, KMType.ECB); - KMByteBlob.cast(byteBlob).add((short)1, KMType.CBC); - short blockModeTag = KMEnumArrayTag.instance(KMType.BLOCK_MODE, byteBlob); - byteBlob = KMByteBlob.instance((short)2); - KMByteBlob.cast(byteBlob).add((short)0, KMType.PKCS7); - KMByteBlob.cast(byteBlob).add((short)1, KMType.PADDING_NONE); - short paddingMode = KMEnumArrayTag.instance(KMType.PADDING, byteBlob); - byteBlob = KMByteBlob.instance((short)2); - KMByteBlob.cast(byteBlob).add((short)0, KMType.ENCRYPT); - KMByteBlob.cast(byteBlob).add((short)1, KMType.DECRYPT); - short purpose = KMEnumArrayTag.instance(KMType.PURPOSE, byteBlob); - short tagIndex = 0; - KMArray.cast(arrPtr).add(tagIndex++, boolTag); - KMArray.cast(arrPtr).add(tagIndex++, keySize); - KMArray.cast(arrPtr).add(tagIndex++, blockModeTag); - KMArray.cast(arrPtr).add(tagIndex++, paddingMode); - KMArray.cast(arrPtr).add(tagIndex++, KMEnumTag.instance(KMType.ALGORITHM, KMType.AES)); - KMArray.cast(arrPtr).add(tagIndex++, purpose); - KMArray.cast(arrPtr).add(tagIndex++, KMBoolTag.instance(KMType.CALLER_NONCE)); - short keyParams = KMKeyParameters.instance(arrPtr); - short nullParams = KMArray.instance((short)0); - nullParams = KMKeyParameters.instance(nullParams); - short arr = KMArray.instance((short)12); - KMArray.cast(arr).add((short) 0, keyParams); // Key Params of wrapped key - KMArray.cast(arr).add((short) 1, KMEnum.instance(KMType.KEY_FORMAT,KMType.RAW)); // Key Format - KMArray.cast(arr).add((short) 2, KMByteBlob.instance(encWrappedKey,(short)0,(short)encWrappedKey.length)); // Wrapped Import Key Blob - KMArray.cast(arr).add((short) 3, KMByteBlob.instance(authTag,(short)0,(short)authTag.length)); // Auth Tag - KMArray.cast(arr).add((short) 4, KMByteBlob.instance(nonce,(short)0,(short)nonce.length)); // IV - Nonce - KMArray.cast(arr).add((short) 5, KMByteBlob.instance(encTransportKey,(short)0,(short)encTransportKey.length)); // Encrypted Transport Key - KMArray.cast(arr).add((short) 6, KMByteBlob.instance(wrappingKeyBlob,(short)0, (short)wrappingKeyBlob.length)); // Wrapping Key KeyBlob - KMArray.cast(arr).add((short) 7, KMByteBlob.instance(maskingKey,(short)0,(short)maskingKey.length)); // Masking Key - KMArray.cast(arr).add((short) 8, nullParams); // Un-wrapping Params - KMArray.cast(arr).add((short) 9, KMByteBlob.instance(authData,(short)0,(short)authData.length)); // Wrapped Key ASSOCIATED AUTH DATA - KMArray.cast(arr).add((short) 10, KMInteger.uint_8((byte)0)); // Password Sid - KMArray.cast(arr).add((short) 11, KMInteger.uint_8((byte)0)); // Biometric Sid - CommandAPDU apdu = encodeApdu((byte)INS_IMPORT_WRAPPED_KEY_CMD, arr); - // print(commandAPDU.getBytes()); - ResponseAPDU response = simulator.transmitCommand(apdu); - ret = KMArray.instance((short) 3); - KMArray.cast(ret).add((short) 0, KMInteger.exp()); - KMArray.cast(ret).add((short)1, KMByteBlob.exp()); - short inst = KMKeyCharacteristics.exp(); - KMArray.cast(ret).add((short) 2, inst); - byte[] respBuf = response.getBytes(); - short len = (short) respBuf.length; - ret = decoder.decode(ret, respBuf, (short) 0, len); - short error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); - short keyBlobLength = KMByteBlob.cast(KMArray.cast(ret).get((short)1)).length(); - short keyCharacteristics = KMArray.cast(ret).get((short)2); - short hwParams = KMKeyCharacteristics.cast(keyCharacteristics).getHardwareEnforced(); - short swParams = KMKeyCharacteristics.cast(keyCharacteristics).getSoftwareEnforced(); - Assert.assertEquals(0x9000, response.getSW()); - Assert.assertEquals(error, KMError.OK); - short tag = KMKeyParameters.findTag(KMType.BOOL_TAG, KMType.NO_AUTH_REQUIRED, hwParams); - Assert.assertEquals(KMBoolTag.cast(tag).getVal(),0x01); - tag = KMKeyParameters.findTag(KMType.UINT_TAG, KMType.KEYSIZE, hwParams); - Assert.assertEquals(KMInteger.cast(KMIntegerTag.cast(tag).getValue()).getShort(), 128); - tag = KMKeyParameters.findTag(KMType.ENUM_ARRAY_TAG, KMType.PADDING, hwParams); - Assert.assertTrue(KMEnumArrayTag.cast(tag).contains(KMType.PKCS7)); - tag = KMKeyParameters.findTag(KMType.ENUM_ARRAY_TAG, KMType.BLOCK_MODE, hwParams); - Assert.assertTrue(KMEnumArrayTag.cast(tag).contains(KMType.ECB)); - tag = KMKeyParameters.findTag(KMType.ENUM_TAG, KMType.ALGORITHM, hwParams); - Assert.assertEquals(KMEnumTag.cast(tag).getValue(), KMType.AES); - tag = KMKeyParameters.findTag(KMType.ENUM_TAG, KMType.ORIGIN, hwParams); - Assert.assertEquals(KMEnumTag.cast(tag).getValue(), KMType.SECURELY_IMPORTED); - cleanUp(); - } - - @Test - public void testGetKeyCharacteristicsWithIdDataSuccess() { - init(); - byte[] clientId = "clientId".getBytes(); - byte[] appData = "appData".getBytes(); - short ret = generateRsaKey(clientId,appData); - short error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); - Assert.assertEquals(error, KMError.OK); - short keyBlob = KMArray.cast(ret).get((short)1); - - short arrPtr = KMArray.instance((short)3); - KMArray.cast(arrPtr).add((short)0, keyBlob); - KMArray.cast(arrPtr).add((short)1, KMByteBlob.instance(clientId,(short)0, (short)clientId.length)); - KMArray.cast(arrPtr).add((short)2, KMByteBlob.instance(appData,(short)0, (short)appData.length)); - CommandAPDU apdu = encodeApdu((byte)INS_GET_KEY_CHARACTERISTICS_CMD, arrPtr); - // print(commandAPDU.getBytes()); - ResponseAPDU response = simulator.transmitCommand(apdu); - ret = KMArray.instance((short) 2); - KMArray.cast(ret).add((short) 0, KMInteger.exp()); - short inst = KMKeyCharacteristics.exp(); - KMArray.cast(ret).add((short) 1, inst); - byte[] respBuf = response.getBytes(); - short len = (short) respBuf.length; - ret = decoder.decode(ret, respBuf, (short) 0, len); - error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); - Assert.assertEquals(error, KMError.OK); - cleanUp(); - } - - @Test - public void testGetKeyCharacteristicsSuccess() { - init(); - short ret = generateRsaKey(null, null); - short error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); - Assert.assertEquals(error, KMError.OK); - short keyBlob = KMArray.cast(ret).get((short)1); - - short arrPtr = KMArray.instance((short)3); - KMArray.cast(arrPtr).add((short)0, keyBlob); - KMArray.cast(arrPtr).add((short)1, KMByteBlob.instance((short)0)); - KMArray.cast(arrPtr).add((short)2, KMByteBlob.instance((short)0)); - CommandAPDU apdu = encodeApdu((byte)INS_GET_KEY_CHARACTERISTICS_CMD, arrPtr); - // print(commandAPDU.getBytes()); - ResponseAPDU response = simulator.transmitCommand(apdu); - ret = KMArray.instance((short) 2); - KMArray.cast(ret).add((short) 0, KMInteger.exp()); - short inst = KMKeyCharacteristics.exp(); - KMArray.cast(ret).add((short) 1, inst); - byte[] respBuf = response.getBytes(); - short len = (short) respBuf.length; - ret = decoder.decode(ret, respBuf, (short) 0, len); - error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); - Assert.assertEquals(error, KMError.OK); - cleanUp(); - } - - @Test - public void testDeleteKeySuccess() { - init(); - short ret = generateRsaKey(null, null); - short keyBlobPtr = KMArray.cast(ret).get((short)1); - byte[] keyBlob = new byte[KMByteBlob.cast(keyBlobPtr).length()]; - short len = KMByteBlob.cast(keyBlobPtr).getValues(keyBlob, (short)0); - ret = getKeyCharacteristics(keyBlobPtr); - short error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); - Assert.assertEquals(error, KMError.OK); - ret = deleteKey(KMByteBlob.instance(keyBlob,(short)0,(short)keyBlob.length)); - Assert.assertEquals(ret, KMError.OK); -/* ret = getKeyCharacteristics(KMByteBlob.instance(keyBlob,(short)0,(short)keyBlob.length)); - short err = KMByteBlob.cast(ret).get((short)1); - Assert.assertEquals(KMError.INVALID_KEY_BLOB,err); - - */ - cleanUp(); - } - - @Test - public void testDeleteAllKeySuccess() { - init(); - short ret1 = generateRsaKey(null, null); - short keyBlobPtr = KMArray.cast(ret1).get((short)1); - byte[] keyBlob1 = new byte[KMByteBlob.cast(keyBlobPtr).length()]; - short len = KMByteBlob.cast(keyBlobPtr).getValues(keyBlob1, (short)0); - short ret2 = generateRsaKey(null, null); - keyBlobPtr = KMArray.cast(ret2).get((short)1); - byte[] keyBlob2 = new byte[KMByteBlob.cast(keyBlobPtr).length()]; - len = KMByteBlob.cast(keyBlobPtr).getValues(keyBlob2, (short)0); - CommandAPDU apdu = new CommandAPDU(0x80, INS_DELETE_ALL_KEYS_CMD, 0x40, 0x00); - // print(commandAPDU.getBytes()); - ResponseAPDU response = simulator.transmitCommand(apdu); - byte[] respBuf = response.getBytes(); - Assert.assertEquals(respBuf[0], KMError.OK); -/* short ret = getKeyCharacteristics(KMByteBlob.instance(keyBlob1,(short)0,(short)keyBlob1.length)); - short err = KMByteBlob.cast(ret).get((short)1); - Assert.assertEquals(KMError.INVALID_KEY_BLOB,err); - ret = getKeyCharacteristics(KMByteBlob.instance(keyBlob2,(short)0,(short)keyBlob2.length)); - err = KMByteBlob.cast(ret).get((short)1); - Assert.assertEquals(KMError.INVALID_KEY_BLOB,err); - - */ - cleanUp(); - } - - private short deleteKey(short keyBlob) { - short arrPtr = KMArray.instance((short)1); - KMArray.cast(arrPtr).add((short)0, keyBlob); - CommandAPDU apdu = encodeApdu((byte)INS_DELETE_KEY_CMD, arrPtr); - // print(commandAPDU.getBytes()); - ResponseAPDU response = simulator.transmitCommand(apdu); - byte[] respBuf = response.getBytes(); - return respBuf[0]; - } - - private short abort(short opHandle) { - short arrPtr = KMArray.instance((short)1); - KMArray.cast(arrPtr).add((short)0, opHandle); - CommandAPDU apdu = encodeApdu((byte)INS_ABORT_OPERATION_CMD, arrPtr); - // print(commandAPDU.getBytes()); - ResponseAPDU response = simulator.transmitCommand(apdu); - byte[] respBuf = response.getBytes(); - return respBuf[0]; - } - - public short getKeyCharacteristics(short keyBlob){ - short arrPtr = KMArray.instance((short)3); - KMArray.cast(arrPtr).add((short)0, keyBlob); - KMArray.cast(arrPtr).add((short)1, KMByteBlob.instance((short)0)); - KMArray.cast(arrPtr).add((short)2, KMByteBlob.instance((short)0)); - CommandAPDU apdu = encodeApdu((byte)INS_GET_KEY_CHARACTERISTICS_CMD, arrPtr); - // print(commandAPDU.getBytes()); - ResponseAPDU response = simulator.transmitCommand(apdu); - short ret = KMArray.instance((short) 2); - KMArray.cast(ret).add((short) 0, KMInteger.exp()); - short inst = KMKeyCharacteristics.exp(); - KMArray.cast(ret).add((short) 1, inst); - byte[] respBuf = response.getBytes(); - short len = (short) respBuf.length; - if( len > 5) - ret = decoder.decode(ret, respBuf, (short) 0, len); - else - ret = KMByteBlob.instance(respBuf, (short)0, len); - return ret; - } - - @Test - public void testWithAesGcmWithUpdate(){ - init(); - testEncryptDecryptWithAesDes(KMType.AES, KMType.GCM, KMType.PADDING_NONE,true); - cleanUp(); - } - @Test - public void testWithAesEcbPkcs7WithUpdate(){ - init(); - testEncryptDecryptWithAesDes(KMType.AES, KMType.ECB, KMType.PKCS7,true); - cleanUp(); - } - - @Test - public void testWithAesCtrNoPadWithUpdate(){ - init(); - testEncryptDecryptWithAesDes(KMType.AES, KMType.CTR, KMType.PADDING_NONE,true); - cleanUp(); - } - - @Test - public void testWithAesCtrNoPad(){ - init(); - testEncryptDecryptWithAesDes(KMType.AES, KMType.CTR, KMType.PADDING_NONE,false); - cleanUp(); - } - - @Test - public void testWithAesEcbNoPadWithUpdate(){ - init(); - testEncryptDecryptWithAesDes(KMType.AES, KMType.ECB, KMType.PADDING_NONE,true); - cleanUp(); - } - @Test - public void testWithDesEcbPkcs7WithUpdate(){ - init(); - testEncryptDecryptWithAesDes(KMType.DES, KMType.ECB, KMType.PKCS7,true); - cleanUp(); - } - @Test - public void testWithDesEcbNoPadWithUpdate(){ - init(); - testEncryptDecryptWithAesDes(KMType.DES, KMType.ECB, KMType.PADDING_NONE,true); - cleanUp(); - } - @Test - public void testWithAesCbcPkcs7WithUpdate(){ - init(); - testEncryptDecryptWithAesDes(KMType.AES, KMType.CBC, KMType.PKCS7,true); - cleanUp(); - } - @Test - public void testWithAesCbcNoPadWithUpdate(){ - init(); - testEncryptDecryptWithAesDes(KMType.AES, KMType.CBC, KMType.PADDING_NONE,true); - cleanUp(); - } - @Test - public void testWithDesCbcPkcs7WithUpdate(){ - init(); - testEncryptDecryptWithAesDes(KMType.DES, KMType.CBC, KMType.PKCS7,true); - cleanUp(); - } - @Test - public void testWithDesCbcNoPadWithUpdate(){ - init(); - testEncryptDecryptWithAesDes(KMType.DES, KMType.CBC, KMType.PADDING_NONE,true); - cleanUp(); - } - - @Test - public void testWithAesEcbPkcs7(){ - init(); - testEncryptDecryptWithAesDes(KMType.AES, KMType.ECB, KMType.PKCS7,false); - cleanUp(); - } - @Test - public void testWithAesCbcPkcs7(){ - init(); - testEncryptDecryptWithAesDes(KMType.AES, KMType.CBC, KMType.PKCS7,false); - cleanUp(); - } - @Test - public void testWithAesEcbNoPad(){ - init(); - testEncryptDecryptWithAesDes(KMType.AES, KMType.ECB, KMType.PADDING_NONE,false); - cleanUp(); - } - - @Test - public void testWithAesCbcNoPad(){ - init(); - testEncryptDecryptWithAesDes(KMType.AES, KMType.CBC, KMType.PADDING_NONE,false); - cleanUp(); - } - - @Test - public void testWithDesCbcPkcs7(){ - init(); - testEncryptDecryptWithAesDes(KMType.DES, KMType.CBC, KMType.PKCS7,false); - cleanUp(); - } - - @Test - public void testWithDesCbcNoPad(){ - init(); - testEncryptDecryptWithAesDes(KMType.DES, KMType.CBC, KMType.PADDING_NONE,false); - cleanUp(); - } - @Test - public void testWithDesEcbNoPad(){ - init(); - testEncryptDecryptWithAesDes(KMType.DES, KMType.ECB, KMType.PADDING_NONE,false); - cleanUp(); - } - @Test - public void testWithDesEcbPkcs7(){ - init(); - testEncryptDecryptWithAesDes(KMType.DES, KMType.ECB, KMType.PKCS7,false); - cleanUp(); - } - - @Test - public void testWithRsa256Oaep(){ - init(); - testEncryptDecryptWithRsa(KMType.SHA2_256, KMType.RSA_OAEP); - cleanUp(); - } - @Test - public void testWithRsaSha1Oaep(){ - init(); - testEncryptDecryptWithRsa(KMType.SHA1, KMType.RSA_OAEP); - cleanUp(); - } - - @Test - public void testWithRsaNonePkcs1(){ - init(); - testEncryptDecryptWithRsa(KMType.DIGEST_NONE, KMType.RSA_PKCS1_1_5_ENCRYPT); - cleanUp(); - } - - @Test - public void testWithRsaNoneNoPad(){ - init(); - testEncryptDecryptWithRsa(KMType.DIGEST_NONE, KMType.PADDING_NONE); - cleanUp(); - } - - // TODO Signing with no digest is not supported by crypto provider or javacard - @Test - public void testSignWithRsaNoneNoPad(){ - init(); - testSignVerifyWithRsa(KMType.DIGEST_NONE, KMType.PADDING_NONE,false, false); - cleanUp(); - } - - @Test - public void testSignWithRsaNonePkcs1(){ - init(); - testSignVerifyWithRsa(KMType.DIGEST_NONE, KMType.RSA_PKCS1_1_5_SIGN,false, false); - cleanUp(); - } - - @Test - public void testSignVerifyWithHmacSHA256WithUpdate(){ - init(); - testSignVerifyWithHmac(KMType.SHA2_256, true); - cleanUp(); - } - - @Test - public void testSignVerifyWithHmacSHA256(){ - init(); - testSignVerifyWithHmac(KMType.SHA2_256, false); - cleanUp(); - } - - @Test - public void testSignVerifyWithEcdsaSHA256WithUpdate(){ - init(); - testSignVerifyWithEcdsa(KMType.SHA2_256, true); - cleanUp(); - } - @Test - public void testSignVerifyWithEcdsaSHA256(){ - init(); - testSignVerifyWithEcdsa(KMType.SHA2_256, false); - cleanUp(); - } - @Test - public void testSignVerifyWithRsaSHA256Pkcs1(){ - init(); - testSignVerifyWithRsa(KMType.SHA2_256, KMType.RSA_PKCS1_1_5_SIGN,false, true); - cleanUp(); - } - @Test - public void testSignVerifyWithRsaSHA256Pss(){ - init(); - testSignVerifyWithRsa(KMType.SHA2_256, KMType.RSA_PSS,false, true); - cleanUp(); - } - - @Test - public void testSignVerifyWithRsaSHA256Pkcs1WithUpdate(){ - init(); - testSignVerifyWithRsa(KMType.SHA2_256, KMType.RSA_PKCS1_1_5_SIGN,true, true); - cleanUp(); - } - - @Test - public void testProvisionSuccess(){ - AID appletAID1 = AIDUtil.create("A000000062"); - simulator.installApplet(appletAID1, KMKeymasterApplet.class); - // Select applet - simulator.selectApplet(appletAID1); - // provision attest key - provisionCmd(simulator); - cleanUp(); - } - - @Test - public void testAttestRsaKey(){ - init(); - short key = generateRsaKey(null,null); - short keyBlobPtr = KMArray.cast(key).get((short)1); - byte[] keyBlob= new byte[KMByteBlob.cast(keyBlobPtr).length()]; - Util.arrayCopyNonAtomic( - KMByteBlob.cast(keyBlobPtr).getBuffer(), - KMByteBlob.cast(keyBlobPtr).getStartOff(), - keyBlob,(short)0, (short)keyBlob.length); - testAttestKey(keyBlob); - cleanUp(); - } - - @Test - public void testAttestEcKey(){ - init(); - short key = generateEcKey(null,null); - short keyBlobPtr = KMArray.cast(key).get((short)1); - byte[] keyBlob= new byte[KMByteBlob.cast(keyBlobPtr).length()]; - Util.arrayCopyNonAtomic( - KMByteBlob.cast(keyBlobPtr).getBuffer(), - KMByteBlob.cast(keyBlobPtr).getStartOff(), - keyBlob,(short)0, (short)keyBlob.length); - testAttestKey(keyBlob); - cleanUp(); - } - - public void testAttestKey(byte[] keyBlob){ - /* - short key = generateRsaKey(null,null); - short keyBlobPtr = KMArray.cast(key).get((short)1); - byte[] keyBlob= new byte[KMByteBlob.cast(keyBlobPtr).length()]; - Util.arrayCopyNonAtomic( - KMByteBlob.cast(keyBlobPtr).getBuffer(), - KMByteBlob.cast(keyBlobPtr).getStartOff(), - keyBlob,(short)0, (short)keyBlob.length); - */ - short arrPtr = KMArray.instance((short)2); - KMArray.cast(arrPtr).add((short)0, KMByteTag.instance(KMType.ATTESTATION_APPLICATION_ID, - KMByteBlob.instance(attAppId,(short)0,(short)attAppId.length))); - KMArray.cast(arrPtr).add((short)1, KMByteTag.instance(KMType.ATTESTATION_CHALLENGE, - KMByteBlob.instance(attChallenge,(short)0,(short)attChallenge.length))); - short keyParams = KMKeyParameters.instance(arrPtr); - short args = KMArray.instance((short)2); - KMArray.cast(args).add((short)0, KMByteBlob.instance(keyBlob,(short)0,(short)keyBlob.length)); - KMArray.cast(args).add((short)1, keyParams); - CommandAPDU apdu = encodeApdu((byte)INS_ATTEST_KEY_CMD, args); - //print(apdu.getBytes(),(short)0,(short)apdu.getBytes().length); - ResponseAPDU response = simulator.transmitCommand(apdu); - short ret = KMArray.instance((short) 2); - short arrBlobs = KMArray.instance((short)1); - KMArray.cast(arrBlobs).add((short)0, KMByteBlob.exp()); - KMArray.cast(ret).add((short)0, KMInteger.exp()); - KMArray.cast(ret).add((short)1, arrBlobs); - byte[] respBuf = response.getBytes(); - short len = (short) respBuf.length; - //(respBuf,(short)0,(short)respBuf.length); - ret = decoder.decode(ret, respBuf, (short) 0, len); - short error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); - Assert.assertEquals(error, KMError.OK); - arrBlobs = KMArray.cast(ret).get((short)1); - short cert = KMArray.cast(arrBlobs).get((short)0); - //printCert(KMByteBlob.cast(cert).getBuffer(),KMByteBlob.cast(cert).getStartOff(),KMByteBlob.cast(cert).length()); - } - - @Test - public void testUpgradeKey(){ - init(); - short ret = generateHmacKey(null, null); - short keyBlobPtr = KMArray.cast(ret).get((short)1); - byte[] keyBlob= new byte[KMByteBlob.cast(keyBlobPtr).length()]; - Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), KMByteBlob.cast(keyBlobPtr).getStartOff(), - keyBlob,(short)0, (short)keyBlob.length); - short keyCharacteristics = KMArray.cast(ret).get((short)2); - short hwParams = KMKeyCharacteristics.cast(keyCharacteristics).getHardwareEnforced(); - short swParams = KMKeyCharacteristics.cast(keyCharacteristics).getSoftwareEnforced(); - short osVersion = KMKeyParameters.findTag(KMType.UINT_TAG,KMType.OS_VERSION,hwParams); - osVersion = KMIntegerTag.cast(osVersion).getValue(); - short osPatch = KMKeyParameters.findTag(KMType.UINT_TAG,KMType.OS_PATCH_LEVEL,hwParams); - osPatch = KMIntegerTag.cast(osPatch).getValue(); - Assert.assertEquals(KMInteger.cast(osVersion).getShort(), 1); - Assert.assertEquals(KMInteger.cast(osPatch).getShort(), 1); - setBootParams(simulator,(short) 2,(short)2, (short)1, (short)1); - ret = upgradeKey(KMByteBlob.instance(keyBlob, (short)0, (short)keyBlob.length),null, null); - keyBlobPtr = KMArray.cast(ret).get((short)1); - ret = getKeyCharacteristics(keyBlobPtr); - keyCharacteristics = KMArray.cast(ret).get((short)1); - hwParams = KMKeyCharacteristics.cast(keyCharacteristics).getHardwareEnforced(); - osVersion = KMKeyParameters.findTag(KMType.UINT_TAG,KMType.OS_VERSION,hwParams); - osVersion = KMIntegerTag.cast(osVersion).getValue(); - osPatch = KMKeyParameters.findTag(KMType.UINT_TAG,KMType.OS_PATCH_LEVEL,hwParams); - osPatch = KMIntegerTag.cast(osPatch).getValue(); - Assert.assertEquals(KMInteger.cast(osVersion).getShort(), 2); - Assert.assertEquals(KMInteger.cast(osPatch).getShort(), 2); - cleanUp(); - } - - @Test - public void testDestroyAttIds(){ - init(); - CommandAPDU commandAPDU = new CommandAPDU(0x80, INS_DESTROY_ATT_IDS_CMD, 0x40, 0x00); - ResponseAPDU response = simulator.transmitCommand(commandAPDU); - byte[] respBuf = response.getBytes(); - Assert.assertEquals(respBuf[0], 0); - cleanUp(); - } - - private short upgradeKey(short keyBlobPtr, byte[] clientId, byte[] appData){ - short tagCount = 0; - short clientIdTag = 0; - short appDataTag = 0; - if(clientId != null) tagCount++; - if(appData != null) tagCount++; - short keyParams = KMArray.instance(tagCount); - short tagIndex=0; - if(clientId != null)KMArray.cast(keyBlobPtr).add(tagIndex++, - KMByteTag.instance(KMType.APPLICATION_ID, KMByteBlob.instance(clientId,(short)0,(short)clientId.length))); - if(appData != null)KMArray.cast(keyParams).add(tagIndex++, - KMByteTag.instance(KMType.APPLICATION_DATA, KMByteBlob.instance(appData,(short)0,(short)appData.length))); - keyParams = KMKeyParameters.instance(keyParams); - short arr = KMArray.instance((short)2); - KMArray.cast(arr).add((short)0,keyBlobPtr); - KMArray.cast(arr).add((short)1,keyParams); - CommandAPDU apdu = encodeApdu((byte)INS_UPGRADE_KEY_CMD, arr); - // print(commandAPDU.getBytes()); - ResponseAPDU response = simulator.transmitCommand(apdu); - short ret = KMArray.instance((short) 2); - KMArray.cast(ret).add((short) 0, KMInteger.exp()); - KMArray.cast(ret).add((short)1, KMByteBlob.exp()); - byte[] respBuf = response.getBytes(); - short len = (short) respBuf.length; - ret = decoder.decode(ret, respBuf, (short) 0, len); - short error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); - Assert.assertEquals(error, KMError.OK); - return ret; - } - @Test - public void testSignVerifyWithRsaSHA256PssWithUpdate(){ - init(); - testSignVerifyWithRsa(KMType.SHA2_256, KMType.RSA_PSS,true, true); - cleanUp(); - } - @Test - public void testAbortOperation(){ - init(); - short aesDesKeyArr = generateAesDesKey(KMType.AES, (short)128,null, null, false);; - short keyBlobPtr = KMArray.cast(aesDesKeyArr).get((short)1); - byte[] keyBlob= new byte[KMByteBlob.cast(keyBlobPtr).length()]; - Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), KMByteBlob.cast(keyBlobPtr).getStartOff(), - keyBlob,(short)0, (short)keyBlob.length); - byte[] nonce = new byte[16]; - cryptoProvider.newRandomNumber(nonce,(short)0,(short)16); - short inParams = getAesDesParams(KMType.AES,KMType.ECB, KMType.PKCS7, nonce); - byte[] plainData= "Hello World 123!".getBytes(); - short ret = begin(KMType.ENCRYPT, KMByteBlob.instance(keyBlob,(short)0, (short)keyBlob.length), KMKeyParameters.instance(inParams), (short)0); - short opHandle = KMArray.cast(ret).get((short) 2); - opHandle = KMInteger.cast(opHandle).getShort(); - abort(KMInteger.uint_16(opHandle)); - short dataPtr = KMByteBlob.instance(plainData, (short) 0, (short) plainData.length); - ret = update(KMInteger.uint_16(opHandle), dataPtr, (short) 0, (short) 0, (short) 0); - Assert.assertEquals(KMError.INVALID_OPERATION_HANDLE,ret); - cleanUp(); - } - - public void testEncryptDecryptWithAesDes(byte alg, byte blockMode, byte padding, boolean update){ - short aesDesKeyArr; - boolean aesGcmFlag = false; - if(alg == KMType.AES){ - if(blockMode == KMType.GCM){ - aesDesKeyArr = generateAesGcmKey((short)128,null,null); - aesGcmFlag = true; - } else { - aesDesKeyArr = generateAesDesKey(alg, (short) 128, null, null, false); - } - } else{ - aesDesKeyArr = generateAesDesKey(alg, (short)168,null, null, false); - } - short keyBlobPtr = KMArray.cast(aesDesKeyArr).get((short)1); - byte[] keyBlob= new byte[KMByteBlob.cast(keyBlobPtr).length()]; - Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), KMByteBlob.cast(keyBlobPtr).getStartOff(), - keyBlob,(short)0, (short)keyBlob.length); - byte[] nonce = new byte[16]; - cryptoProvider.newRandomNumber(nonce,(short)0,(short)16); - short inParams = getAesDesParams(alg,blockMode, padding, nonce); - byte[] plainData= "Hello World 123!".getBytes(); - if(update) plainData= "Hello World 123! Hip Hip Hoorah!".getBytes(); - //Encrypt - short ret = processMessage(plainData, - KMByteBlob.instance(keyBlob,(short)0, (short)keyBlob.length), - KMType.ENCRYPT, - KMKeyParameters.instance(inParams), - (short)0,null,update, aesGcmFlag - ); - inParams = getAesDesParams(alg,blockMode, padding, nonce); - keyBlobPtr = KMArray.cast(ret).get((short)2); - //print(keyBlobPtr); - byte[] cipherData = new byte[KMByteBlob.cast(keyBlobPtr).length()]; - Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), KMByteBlob.cast(keyBlobPtr).getStartOff(), - cipherData,(short)0, (short)cipherData.length); - ret = processMessage(cipherData, - KMByteBlob.instance(keyBlob,(short)0, (short)keyBlob.length), - KMType.DECRYPT, - KMKeyParameters.instance(inParams), - (short)0,null,update, aesGcmFlag - ); - keyBlobPtr = KMArray.cast(ret).get((short)2); - //print(plainData,(short)0,(short)plainData.length); - //print(keyBlobPtr); - short equal = Util.arrayCompare(plainData,(short)0,KMByteBlob.cast(keyBlobPtr).getBuffer(), - KMByteBlob.cast(keyBlobPtr).getStartOff(),(short)plainData.length); - Assert.assertTrue(equal == 0); - } - - public void testEncryptDecryptWithRsa(byte digest, byte padding){ - short rsaKeyArr = generateRsaKey(null, null); - short keyBlobPtr = KMArray.cast(rsaKeyArr).get((short)1); - byte[] keyBlob= new byte[KMByteBlob.cast(keyBlobPtr).length()]; - Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), KMByteBlob.cast(keyBlobPtr).getStartOff(), - keyBlob,(short)0, (short)keyBlob.length); - short inParams = getRsaParams(digest, padding); - byte[] plainData = "Hello World 123!".getBytes(); - //Encrypt - short ret = processMessage(plainData, - KMByteBlob.instance(keyBlob,(short)0, (short)keyBlob.length), - KMType.ENCRYPT, - KMKeyParameters.instance(inParams), - (short)0,null,false, false - ); - inParams = getRsaParams(digest, padding); - keyBlobPtr = KMArray.cast(ret).get((short)2); - byte[] cipherData = new byte[KMByteBlob.cast(keyBlobPtr).length()]; - Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), KMByteBlob.cast(keyBlobPtr).getStartOff(), - cipherData,(short)0, (short)cipherData.length); - ret = processMessage(cipherData, - KMByteBlob.instance(keyBlob,(short)0, (short)keyBlob.length), - KMType.DECRYPT, - KMKeyParameters.instance(inParams), - (short)0,null,false,false - ); - keyBlobPtr = KMArray.cast(ret).get((short)2); - short len = KMByteBlob.cast(keyBlobPtr).length(); - short start = KMByteBlob.cast(keyBlobPtr).getStartOff(); - short equal = Util.arrayCompare(plainData,(short)0,KMByteBlob.cast(keyBlobPtr).getBuffer(), - (short)(start+len-plainData.length),(short)plainData.length); - Assert.assertTrue(equal == 0); - } - - public void testSignVerifyWithRsa(byte digest, byte padding, boolean update, boolean verifyFlag){ - short rsaKeyArr = generateRsaKey(null, null); - short keyBlobPtr = KMArray.cast(rsaKeyArr).get((short)1); - byte[] keyBlob= new byte[KMByteBlob.cast(keyBlobPtr).length()]; - Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), KMByteBlob.cast(keyBlobPtr).getStartOff(), - keyBlob,(short)0, (short)keyBlob.length); - short inParams = getRsaParams(digest, padding); - byte[] plainData = "Hello World 123!".getBytes(); - if(update) plainData= "Hello World 123! Hip Hip Hoorah!".getBytes(); - //Sign - short ret = processMessage(plainData, - KMByteBlob.instance(keyBlob,(short)0, (short)keyBlob.length), - KMType.SIGN, - KMKeyParameters.instance(inParams), - (short)0,null,update,false - ); - inParams = getRsaParams(digest, padding); - keyBlobPtr = KMArray.cast(ret).get((short)2); - byte[] signatureData = new byte[KMByteBlob.cast(keyBlobPtr).length()]; - Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), KMByteBlob.cast(keyBlobPtr).getStartOff(), - signatureData,(short)0, (short)signatureData.length); - if(verifyFlag == false) { - Assert.assertEquals(signatureData.length,256); - return; - } - ret = processMessage(plainData, - KMByteBlob.instance(keyBlob,(short)0, (short)keyBlob.length), - KMType.VERIFY, - KMKeyParameters.instance(inParams), - (short)0,signatureData,update,false - ); - short error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); - Assert.assertEquals(error, KMError.OK); - } - - public void testSignVerifyWithEcdsa(byte digest, boolean update){ - short ecKeyArr = generateEcKey(null, null); - short keyBlobPtr = KMArray.cast(ecKeyArr).get((short)1); - byte[] keyBlob= new byte[KMByteBlob.cast(keyBlobPtr).length()]; - Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), KMByteBlob.cast(keyBlobPtr).getStartOff(), - keyBlob,(short)0, (short)keyBlob.length); - short inParams = getEcParams(digest); - byte[] plainData = "Hello World 123!".getBytes(); - if(update) plainData= "Hello World 123! Hip Hip Hoorah!".getBytes(); - //Sign - short ret = processMessage(plainData, - KMByteBlob.instance(keyBlob,(short)0, (short)keyBlob.length), - KMType.SIGN, - KMKeyParameters.instance(inParams), - (short)0,null,update,false - ); - inParams = getEcParams(digest); - keyBlobPtr = KMArray.cast(ret).get((short)2); - byte[] signatureData = new byte[KMByteBlob.cast(keyBlobPtr).length()]; - Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), KMByteBlob.cast(keyBlobPtr).getStartOff(), - signatureData,(short)0, (short)signatureData.length); - ret = processMessage(plainData, - KMByteBlob.instance(keyBlob,(short)0, (short)keyBlob.length), - KMType.VERIFY, - KMKeyParameters.instance(inParams), - (short)0,signatureData,update,false - ); - short error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); - Assert.assertEquals(error, KMError.OK); - } - public void testSignVerifyWithHmac(byte digest, boolean update){ - short hmacKeyArr = generateHmacKey(null, null); - short keyBlobPtr = KMArray.cast(hmacKeyArr).get((short)1); - byte[] keyBlob= new byte[KMByteBlob.cast(keyBlobPtr).length()]; - Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), KMByteBlob.cast(keyBlobPtr).getStartOff(), - keyBlob,(short)0, (short)keyBlob.length); - short inParams = getHmacParams(digest,true); - byte[] plainData = "Hello World 123!".getBytes(); - if(update) plainData= "Hello World 123! Hip Hip Hoorah!".getBytes(); - //Sign - short ret = processMessage(plainData, - KMByteBlob.instance(keyBlob,(short)0, (short)keyBlob.length), - KMType.SIGN, - KMKeyParameters.instance(inParams), - (short)0,null,update,false - ); - inParams = getHmacParams(digest,false); - keyBlobPtr = KMArray.cast(ret).get((short)2); - byte[] signatureData = new byte[KMByteBlob.cast(keyBlobPtr).length()]; - Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), KMByteBlob.cast(keyBlobPtr).getStartOff(), - signatureData,(short)0, (short)signatureData.length); - ret = processMessage(plainData, - KMByteBlob.instance(keyBlob,(short)0, (short)keyBlob.length), - KMType.VERIFY, - KMKeyParameters.instance(inParams), - (short)0,signatureData,update,false - ); - short error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); - Assert.assertEquals(error, KMError.OK); - } - - private short getAesDesParams(byte alg, byte blockMode, byte padding, byte[] nonce) { - short inParams; - if(blockMode == KMType.GCM){ - inParams = KMArray.instance((short)5); - short byteBlob = KMByteBlob.instance((short)1); - KMByteBlob.cast(byteBlob).add((short)0, blockMode); - KMArray.cast(inParams).add((short)0, KMEnumArrayTag.instance(KMType.BLOCK_MODE, byteBlob)); - byteBlob = KMByteBlob.instance((short)1); - KMByteBlob.cast(byteBlob).add((short)0, padding); - KMArray.cast(inParams).add((short)1, KMEnumArrayTag.instance(KMType.PADDING, byteBlob)); - short nonceLen = 12; - byteBlob = KMByteBlob.instance(nonce,(short)0, nonceLen); - KMArray.cast(inParams).add((short)2, KMByteTag.instance(KMType.NONCE, byteBlob)); - short macLen = KMInteger.uint_16((short)128); - macLen = KMIntegerTag.instance(KMType.UINT_TAG,KMType.MAC_LENGTH,macLen); - KMArray.cast(inParams).add((short)3, macLen); - byte[] authData = "AuthData".getBytes(); - short associatedData = KMByteBlob.instance(authData,(short)0,(short)authData.length); - associatedData = KMByteTag.instance(KMType.ASSOCIATED_DATA,associatedData); - KMArray.cast(inParams).add((short)4, associatedData); - }else if(blockMode == KMType.ECB){ - inParams = KMArray.instance((short)2); - short byteBlob = KMByteBlob.instance((short)1); - KMByteBlob.cast(byteBlob).add((short)0, blockMode); - KMArray.cast(inParams).add((short)0, KMEnumArrayTag.instance(KMType.BLOCK_MODE, byteBlob)); - byteBlob = KMByteBlob.instance((short)1); - KMByteBlob.cast(byteBlob).add((short)0, padding); - KMArray.cast(inParams).add((short)1, KMEnumArrayTag.instance(KMType.PADDING, byteBlob)); - }else{ - inParams = KMArray.instance((short)3); - short byteBlob = KMByteBlob.instance((short)1); - KMByteBlob.cast(byteBlob).add((short)0, blockMode); - KMArray.cast(inParams).add((short)0, KMEnumArrayTag.instance(KMType.BLOCK_MODE, byteBlob)); - byteBlob = KMByteBlob.instance((short)1); - KMByteBlob.cast(byteBlob).add((short)0, padding); - KMArray.cast(inParams).add((short)1, KMEnumArrayTag.instance(KMType.PADDING, byteBlob)); - short nonceLen = 16; - if(alg == KMType.DES) nonceLen = 8; - byteBlob = KMByteBlob.instance(nonce,(short)0, nonceLen); - KMArray.cast(inParams).add((short)2, KMByteTag.instance(KMType.NONCE, byteBlob)); - } - return inParams; - } - - private short getRsaParams(byte digest, byte padding) { - short inParams = KMArray.instance((short)2); - short byteBlob = KMByteBlob.instance((short)1); - KMByteBlob.cast(byteBlob).add((short)0, digest); - KMArray.cast(inParams).add((short)0, KMEnumArrayTag.instance(KMType.DIGEST, byteBlob)); - byteBlob = KMByteBlob.instance((short)1); - KMByteBlob.cast(byteBlob).add((short)0, padding); - KMArray.cast(inParams).add((short)1, KMEnumArrayTag.instance(KMType.PADDING, byteBlob)); - return inParams; - } - - private short getEcParams(byte digest) { - short inParams = KMArray.instance((short)1); - short byteBlob = KMByteBlob.instance((short)1); - KMByteBlob.cast(byteBlob).add((short)0, digest); - KMArray.cast(inParams).add((short)0, KMEnumArrayTag.instance(KMType.DIGEST, byteBlob)); - return inParams; - } - private short getHmacParams(byte digest, boolean sign) { - short paramsize = (short) (sign ? 2 : 1); - short inParams = KMArray.instance((short)paramsize); - short byteBlob = KMByteBlob.instance((short)1); - KMByteBlob.cast(byteBlob).add((short)0, digest); - KMArray.cast(inParams).add((short)0, KMEnumArrayTag.instance(KMType.DIGEST, byteBlob)); - short macLength = KMIntegerTag.instance(KMType.UINT_TAG,KMType.MAC_LENGTH, KMInteger.uint_16((short)/*256*/160)); - if(sign) - KMArray.cast(inParams).add((short)1, macLength); - return inParams; - } - - public short processMessage( - byte[] data, - short keyBlob, - byte keyPurpose, - short inParams, - short hwToken, - byte[] signature, - boolean updateFlag, - boolean aesGcmFlag) { - short beginResp = begin(keyPurpose, keyBlob, inParams, hwToken); - short opHandle = KMArray.cast(beginResp).get((short) 2); - opHandle = KMInteger.cast(opHandle).getShort(); - short dataPtr = KMByteBlob.instance(data, (short) 0, (short) data.length); - short ret = KMType.INVALID_VALUE; - byte[] outputData = new byte[128]; - short len=0; - inParams = 0; - //Test - short firstDataLen =16; - if (keyPurpose == KMType.DECRYPT) { - firstDataLen = 32; - } - - //Test - - if (updateFlag) { - dataPtr = KMByteBlob.instance(data, (short) 0, (short) /*16*/firstDataLen); - if(aesGcmFlag){ - byte[] authData = "AuthData".getBytes(); - short associatedData = KMByteBlob.instance(authData,(short)0,(short)authData.length); - associatedData = KMByteTag.instance(KMType.ASSOCIATED_DATA,associatedData); - inParams = KMArray.instance((short)1); - KMArray.cast(inParams).add((short)0, associatedData); - inParams = KMKeyParameters.instance(inParams); - } - ret = update(KMInteger.uint_16(opHandle), dataPtr, inParams, (short) 0, (short) 0); - dataPtr = KMArray.cast(ret).get((short) 3); - if (KMByteBlob.cast(dataPtr).length() > 0) { - Util.arrayCopyNonAtomic( - KMByteBlob.cast(dataPtr).getBuffer(), - KMByteBlob.cast(dataPtr).getStartOff(), - outputData, - (short) 0, - KMByteBlob.cast(dataPtr).length()); - len = KMByteBlob.cast(dataPtr).length(); - dataPtr = KMByteBlob.instance(data, len, (short) (data.length - len)); - }else{ - dataPtr = KMByteBlob.instance(data, (short)/*16*/firstDataLen, (short) (data.length - /*16*/firstDataLen)); - } - } - - if (keyPurpose == KMType.VERIFY) { - ret = finish(KMInteger.uint_16(opHandle), dataPtr, signature, (short) 0, (short) 0, (short) 0); - } else { - ret = finish(KMInteger.uint_16(opHandle), dataPtr, null, (short) 0, (short) 0, (short) 0); - } - if(len >0){ - dataPtr = KMArray.cast(ret).get((short)2); - if(KMByteBlob.cast(dataPtr).length() >0){ - Util.arrayCopyNonAtomic( - KMByteBlob.cast(dataPtr).getBuffer(), - KMByteBlob.cast(dataPtr).getStartOff(), - outputData, - len, - KMByteBlob.cast(dataPtr).length()); - len = (short)(len + KMByteBlob.cast(dataPtr).length()); - } - KMArray.cast(ret).add((short)2, KMByteBlob.instance(outputData,(short)0,len)); - } - return ret; - } - - public short begin(byte keyPurpose, short keyBlob, short keyParmas, short hwToken) { - short arrPtr = KMArray.instance((short)4); - KMArray.cast(arrPtr).add((short)0, KMEnum.instance(KMType.PURPOSE, keyPurpose)); - KMArray.cast(arrPtr).add((short)1, keyBlob); - KMArray.cast(arrPtr).add((short)2, keyParmas); - if(hwToken == 0) { - hwToken = KMHardwareAuthToken.instance(); - } - KMArray.cast(arrPtr).add((short)3, hwToken); - CommandAPDU apdu = encodeApdu((byte)INS_BEGIN_OPERATION_CMD, arrPtr); - //print(apdu.getBytes(),(short)0,(short)apdu.getBytes().length); - ResponseAPDU response = simulator.transmitCommand(apdu); - short ret = KMArray.instance((short) 3); - short outParams = KMKeyParameters.exp(); - KMArray.cast(ret).add((short)0, KMInteger.exp()); - KMArray.cast(ret).add((short)1, outParams); - KMArray.cast(ret).add((short)2, KMInteger.exp()); - byte[] respBuf = response.getBytes(); - short len = (short) respBuf.length; - if(len > 5){ - ret = decoder.decode(ret, respBuf, (short) 0, len); - short error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); - Assert.assertEquals(error, KMError.OK); - return ret;}else{ - if(len == 3) return respBuf[0]; - if(len == 4) return respBuf[1]; - return Util.getShort(respBuf,(short)0); - } - } - - public short finish(short operationHandle, short data, byte[] signature, short inParams, short hwToken, short verToken) { - if(hwToken == 0) { - hwToken = KMHardwareAuthToken.instance(); - } - if(verToken == 0){ - verToken = KMVerificationToken.instance(); - } - short signatureTag; - if(signature == null){ - signatureTag = KMByteBlob.instance((short)0); - }else{ - signatureTag = KMByteBlob.instance(signature,(short)0,(short)signature.length); - } - if(inParams == 0){ - short arr = KMArray.instance((short)0); - inParams = KMKeyParameters.instance(arr); - } - short arrPtr = KMArray.instance((short)6); - KMArray.cast(arrPtr).add((short)0, operationHandle); - KMArray.cast(arrPtr).add((short)1, inParams); - KMArray.cast(arrPtr).add((short)2, data); - KMArray.cast(arrPtr).add((short)3, signatureTag); - KMArray.cast(arrPtr).add((short)4, hwToken); - KMArray.cast(arrPtr).add((short)5, verToken); - CommandAPDU apdu = encodeApdu((byte)INS_FINISH_OPERATION_CMD, arrPtr); - // print(commandAPDU.getBytes()); - ResponseAPDU response = simulator.transmitCommand(apdu); - short ret = KMArray.instance((short) 3); - short outParams = KMKeyParameters.exp(); - KMArray.cast(ret).add((short)0, KMInteger.exp()); - KMArray.cast(ret).add((short)1, outParams); - KMArray.cast(ret).add((short)2, KMByteBlob.exp()); - byte[] respBuf = response.getBytes(); - short len = (short) respBuf.length; - ret = decoder.decode(ret, respBuf, (short) 0, len); - short error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); - Assert.assertEquals(error, KMError.OK); - return ret; - } - public short update(short operationHandle, short data, short inParams, short hwToken, short verToken) { - if(hwToken == 0) { - hwToken = KMHardwareAuthToken.instance(); - } - if(verToken == 0){ - verToken = KMVerificationToken.instance(); - } - if(inParams == 0){ - short arr = KMArray.instance((short)0); - inParams = KMKeyParameters.instance(arr); - } - short arrPtr = KMArray.instance((short)5); - KMArray.cast(arrPtr).add((short)0, operationHandle); - KMArray.cast(arrPtr).add((short)1, inParams); - KMArray.cast(arrPtr).add((short)2, data); - KMArray.cast(arrPtr).add((short)3, hwToken); - KMArray.cast(arrPtr).add((short)4, verToken); - CommandAPDU apdu = encodeApdu((byte)INS_UPDATE_OPERATION_CMD, arrPtr); - // print(commandAPDU.getBytes()); - ResponseAPDU response = simulator.transmitCommand(apdu); - short ret = KMArray.instance((short) 4); - short outParams = KMKeyParameters.exp(); - KMArray.cast(ret).add((short)0, KMInteger.exp()); - KMArray.cast(ret).add((short)1, KMInteger.exp()); - KMArray.cast(ret).add((short)2, outParams); - KMArray.cast(ret).add((short)3, KMByteBlob.exp()); - byte[] respBuf = response.getBytes(); - short len = (short) respBuf.length; - if (len > 5) { - ret = decoder.decode(ret, respBuf, (short) 0, len); - short error = KMInteger.cast(KMArray.cast(ret).get((short) 0)).getShort(); - Assert.assertEquals(error, KMError.OK); - }else{ - ret = respBuf[1]; - } - return ret; - } - - private void print(short blob){ - print(KMByteBlob.cast(blob).getBuffer(),KMByteBlob.cast(blob).getStartOff(),KMByteBlob.cast(blob).length()); - } - private void print(byte[] buf, short start, short length){ - StringBuilder sb = new StringBuilder(); - for(int i = start; i < (start+length); i++){ - sb.append(String.format(" 0x%02X", buf[i])) ; - } - System.out.println(sb.toString()); - } - private void printCert(byte[] buf, short start, short length){ - StringBuilder sb = new StringBuilder(); - for(int i = start; i < (start+length); i++){ - sb.append(String.format("%02X", buf[i])) ; - } - System.out.println(sb.toString()); - } - - -/* - @Test - public void testApdu(){ - init(); - byte[] cmd = {(byte)0x80,0x11,0x40,0x00,0x00,0x00,0x4C,(byte)0x83,(byte)0xA5,0x1A,0x70,0x00,0x01,(byte)0xF7,0x01,0x1A,0x10, - 0x00,0x00,0x02,0x03,0x1A,0x30,0x00,0x00,0x03,0x19,0x01,0x00,0x1A,0x20,0x00,0x00,0x01,0x42,0x02, - 0x03,0x1A,0x20,0x00,0x00,0x05,0x41,0x04,0x03,0x58,0x24,(byte)0x82,0x58,0x20,0x73,0x7C,0x2E,(byte)0xCD, - 0x7B,(byte)0x8D,0x19,0x40,(byte)0xBF,0x29,0x30,(byte)0xAA,(byte)0x9B,0x4E, - (byte)0xD3,(byte)0xFF,(byte)0x94,0x1E,(byte)0xED,0x09,0x36,0x6B, - (byte)0xC0,0x32,(byte)0x99,(byte)0x98,0x64,(byte)0x81,(byte)0xF3,(byte)0xA4,(byte)0xD8,0x59,0x40}; - CommandAPDU cmdApdu = new CommandAPDU(cmd); - ResponseAPDU resp = simulator.transmitCommand(cmdApdu); - short ret = KMArray.instance((short) 3); - KMArray.cast(ret).add((short) 0, KMInteger.exp()); - KMArray.cast(ret).add((short)1, KMByteBlob.exp()); - short inst = KMKeyCharacteristics.exp(); - KMArray.cast(ret).add((short) 2, inst); - byte[] respBuf = resp.getBytes(); - short len = (short) respBuf.length; - ret = decoder.decode(ret, respBuf, (short) 0, len); - short error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); - short keyBlobLength = KMByteBlob.cast(KMArray.cast(ret).get((short)1)).length(); - short blobArr = extractKeyBlobArray(KMArray.cast(ret).get((short)1)); - short keyCharacteristics = KMArray.cast(ret).get((short)2); - short hwParams = KMKeyCharacteristics.cast(keyCharacteristics).getHardwareEnforced(); - short swParams = KMKeyCharacteristics.cast(keyCharacteristics).getSoftwareEnforced(); - cleanUp(); - } - */ -} +/* + * Copyright(C) 2020 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.javacard.test; + +import com.android.javacard.keymaster.KMArray; +import com.android.javacard.keymaster.KMAttestationCert; +import com.android.javacard.keymaster.KMAttestationCertImpl; +import com.android.javacard.keymaster.KMBoolTag; +import com.android.javacard.keymaster.KMByteBlob; +import com.android.javacard.keymaster.KMByteTag; +import com.android.javacard.keymaster.KMJCardSimApplet; +import com.android.javacard.keymaster.KMJCardSimulator; +import com.android.javacard.keymaster.KMSEProvider; +import com.android.javacard.keymaster.KMDecoder; +import com.android.javacard.keymaster.KMEncoder; +import com.android.javacard.keymaster.KMEnum; +import com.android.javacard.keymaster.KMEnumArrayTag; +import com.android.javacard.keymaster.KMEnumTag; +import com.android.javacard.keymaster.KMError; +import com.android.javacard.keymaster.KMHardwareAuthToken; +import com.android.javacard.keymaster.KMHmacSharingParameters; +import com.android.javacard.keymaster.KMInteger; +import com.android.javacard.keymaster.KMIntegerTag; +import com.android.javacard.keymaster.KMKeyCharacteristics; +import com.android.javacard.keymaster.KMKeyParameters; +import com.android.javacard.keymaster.KMKeymasterApplet; +import com.android.javacard.keymaster.KMRepository; +import com.android.javacard.keymaster.KMType; +import com.android.javacard.keymaster.KMVerificationToken; +import com.licel.jcardsim.smartcardio.CardSimulator; +import com.licel.jcardsim.utils.AIDUtil; +import javacard.framework.AID; +import javacard.framework.Util; + +import java.security.spec.PKCS8EncodedKeySpec; + +import javax.smartcardio.CommandAPDU; +import javax.smartcardio.ResponseAPDU; +import org.junit.Assert; +import org.junit.Test; + +public class KMFunctionalTest { + private static final byte INS_BEGIN_KM_CMD = 0x00; + private static final byte INS_PROVISION_ATTESTATION_KEY_CMD = INS_BEGIN_KM_CMD + 1; //0x01 + private static final byte INS_PROVISION_ATTESTATION_CERT_CHAIN_CMD = INS_BEGIN_KM_CMD + 2; //0x02 + private static final byte INS_PROVISION_ATTESTATION_CERT_PARAMS_CMD = INS_BEGIN_KM_CMD + 3; //0x03 + private static final byte INS_PROVISION_ATTEST_IDS_CMD = INS_BEGIN_KM_CMD + 4; //0x04 + private static final byte INS_PROVISION_SHARED_SECRET_CMD = INS_BEGIN_KM_CMD + 5; //0x05 + private static final byte INS_SET_BOOT_PARAMS_CMD = INS_BEGIN_KM_CMD + 6; //0x06 + private static final byte INS_LOCK_PROVISIONING_CMD = INS_BEGIN_KM_CMD + 7; //0x07 + private static final byte INS_GET_PROVISION_STATUS_CMD = INS_BEGIN_KM_CMD + 8; //0x08 + // Top 32 commands are reserved for provisioning. + private static final byte INS_END_KM_PROVISION_CMD = 0x20; + + private static final byte INS_GENERATE_KEY_CMD = INS_END_KM_PROVISION_CMD + 1; //0x21 + private static final byte INS_IMPORT_KEY_CMD = INS_END_KM_PROVISION_CMD + 2; //0x22 + private static final byte INS_IMPORT_WRAPPED_KEY_CMD = INS_END_KM_PROVISION_CMD + 3; //0x23 + private static final byte INS_EXPORT_KEY_CMD = INS_END_KM_PROVISION_CMD + 4; //0x24 + private static final byte INS_ATTEST_KEY_CMD = INS_END_KM_PROVISION_CMD + 5; //0x25 + private static final byte INS_UPGRADE_KEY_CMD = INS_END_KM_PROVISION_CMD + 6; //0x26 + private static final byte INS_DELETE_KEY_CMD = INS_END_KM_PROVISION_CMD + 7; //0x27 + private static final byte INS_DELETE_ALL_KEYS_CMD = INS_END_KM_PROVISION_CMD + 8; //0x28 + private static final byte INS_ADD_RNG_ENTROPY_CMD = INS_END_KM_PROVISION_CMD + 9; //0x29 + private static final byte INS_COMPUTE_SHARED_HMAC_CMD = INS_END_KM_PROVISION_CMD + 10; //0x2A + private static final byte INS_DESTROY_ATT_IDS_CMD = INS_END_KM_PROVISION_CMD + 11; //0x2B + private static final byte INS_VERIFY_AUTHORIZATION_CMD = INS_END_KM_PROVISION_CMD + 12; //0x2C + private static final byte INS_GET_HMAC_SHARING_PARAM_CMD = INS_END_KM_PROVISION_CMD + 13; //0x2D + private static final byte INS_GET_KEY_CHARACTERISTICS_CMD = INS_END_KM_PROVISION_CMD + 14; //0x2E + private static final byte INS_GET_HW_INFO_CMD = INS_END_KM_PROVISION_CMD + 15; //0x2F + private static final byte INS_BEGIN_OPERATION_CMD = INS_END_KM_PROVISION_CMD + 16; //0x30 + private static final byte INS_UPDATE_OPERATION_CMD = INS_END_KM_PROVISION_CMD + 17; //0x31 + private static final byte INS_FINISH_OPERATION_CMD = INS_END_KM_PROVISION_CMD + 18; //0x32 + private static final byte INS_ABORT_OPERATION_CMD = INS_END_KM_PROVISION_CMD + 19; //0x33 + private static final byte INS_DEVICE_LOCKED_CMD = INS_END_KM_PROVISION_CMD + 20;//0x34 + private static final byte INS_EARLY_BOOT_ENDED_CMD = INS_END_KM_PROVISION_CMD + 21; //0x35 + private static final byte INS_GET_CERT_CHAIN_CMD = INS_END_KM_PROVISION_CMD + 22; //0x36 + + private static final byte[] kEcPrivKey = { + (byte) 0x21, (byte) 0xe0, (byte) 0x86, (byte) 0x43, (byte) 0x2a, + (byte) 0x15, (byte) 0x19, (byte) 0x84, (byte) 0x59, (byte) 0xcf, + (byte) 0x36, (byte) 0x3a, (byte) 0x50, (byte) 0xfc, (byte) 0x14, + (byte) 0xc9, (byte) 0xda, (byte) 0xad, (byte) 0xf9, (byte) 0x35, + (byte) 0xf5, (byte) 0x27, (byte) 0xc2, (byte) 0xdf, (byte) 0xd7, + (byte) 0x1e, (byte) 0x4d, (byte) 0x6d, (byte) 0xbc, (byte) 0x42, + (byte) 0xe5, (byte) 0x44 }; + private static final byte[] kEcPubKey = { + (byte) 0x04, (byte) 0xeb, (byte) 0x9e, (byte) 0x79, (byte) 0xf8, + (byte) 0x42, (byte) 0x63, (byte) 0x59, (byte) 0xac, (byte) 0xcb, + (byte) 0x2a, (byte) 0x91, (byte) 0x4c, (byte) 0x89, (byte) 0x86, + (byte) 0xcc, (byte) 0x70, (byte) 0xad, (byte) 0x90, (byte) 0x66, + (byte) 0x93, (byte) 0x82, (byte) 0xa9, (byte) 0x73, (byte) 0x26, + (byte) 0x13, (byte) 0xfe, (byte) 0xac, (byte) 0xcb, (byte) 0xf8, + (byte) 0x21, (byte) 0x27, (byte) 0x4c, (byte) 0x21, (byte) 0x74, + (byte) 0x97, (byte) 0x4a, (byte) 0x2a, (byte) 0xfe, (byte) 0xa5, + (byte) 0xb9, (byte) 0x4d, (byte) 0x7f, (byte) 0x66, (byte) 0xd4, + (byte) 0xe0, (byte) 0x65, (byte) 0x10, (byte) 0x66, (byte) 0x35, + (byte) 0xbc, (byte) 0x53, (byte) 0xb7, (byte) 0xa0, (byte) 0xa3, + (byte) 0xa6, (byte) 0x71, (byte) 0x58, (byte) 0x3e, (byte) 0xdb, + (byte) 0x3e, (byte) 0x11, (byte) 0xae, (byte) 0x10, (byte) 0x14 }; + + private static final byte[] kEcAttestCert = { + 0x30, (byte) 0x82, (byte) 0x02, (byte) 0x78, (byte) 0x30, (byte) 0x82, + (byte) 0x02, (byte) 0x1e, (byte) 0xa0, (byte) 0x03, (byte) 0x02, + (byte) 0x01, (byte) 0x02, (byte) 0x02, (byte) 0x02, (byte) 0x10, 0x01, + (byte) 0x30, (byte) 0x0a, (byte) 0x06, (byte) 0x08, (byte) 0x2a, + (byte) 0x86, (byte) 0x48, (byte) 0xce, (byte) 0x3d, (byte) 0x04, + (byte) 0x03, (byte) 0x02, (byte) 0x30, (byte) 0x81, (byte) 0x98, 0x31, + (byte) 0x0b, (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, + (byte) 0x55, (byte) 0x04, (byte) 0x06, (byte) 0x13, (byte) 0x02, + (byte) 0x55, (byte) 0x53, (byte) 0x31, (byte) 0x13, (byte) 0x30, 0x11, + (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x08, + (byte) 0x0c, (byte) 0x0a, (byte) 0x43, (byte) 0x61, (byte) 0x6c, + (byte) 0x69, (byte) 0x66, (byte) 0x6f, (byte) 0x72, (byte) 0x6e, 0x69, + (byte) 0x61, (byte) 0x31, (byte) 0x16, (byte) 0x30, (byte) 0x14, + (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x07, + (byte) 0x0c, (byte) 0x0d, (byte) 0x4d, (byte) 0x6f, (byte) 0x75, 0x6e, + (byte) 0x74, (byte) 0x61, (byte) 0x69, (byte) 0x6e, (byte) 0x20, + (byte) 0x56, (byte) 0x69, (byte) 0x65, (byte) 0x77, (byte) 0x31, + (byte) 0x15, (byte) 0x30, (byte) 0x13, (byte) 0x06, (byte) 0x03, 0x55, + (byte) 0x04, (byte) 0x0a, (byte) 0x0c, (byte) 0x0c, (byte) 0x47, + (byte) 0x6f, (byte) 0x6f, (byte) 0x67, (byte) 0x6c, (byte) 0x65, + (byte) 0x2c, (byte) 0x20, (byte) 0x49, (byte) 0x6e, (byte) 0x63, 0x2e, + (byte) 0x31, (byte) 0x10, (byte) 0x30, (byte) 0x0e, (byte) 0x06, + (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x0b, (byte) 0x0c, + (byte) 0x07, (byte) 0x41, (byte) 0x6e, (byte) 0x64, (byte) 0x72, 0x6f, + (byte) 0x69, (byte) 0x64, (byte) 0x31, (byte) 0x33, (byte) 0x30, + (byte) 0x31, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, + (byte) 0x03, (byte) 0x0c, (byte) 0x2a, (byte) 0x41, (byte) 0x6e, 0x64, + (byte) 0x72, (byte) 0x6f, (byte) 0x69, (byte) 0x64, (byte) 0x20, + (byte) 0x4b, (byte) 0x65, (byte) 0x79, (byte) 0x73, (byte) 0x74, + (byte) 0x6f, (byte) 0x72, (byte) 0x65, (byte) 0x20, (byte) 0x53, 0x6f, + (byte) 0x66, (byte) 0x74, (byte) 0x77, (byte) 0x61, (byte) 0x72, + (byte) 0x65, (byte) 0x20, (byte) 0x41, (byte) 0x74, (byte) 0x74, + (byte) 0x65, (byte) 0x73, (byte) 0x74, (byte) 0x61, (byte) 0x74, 0x69, + (byte) 0x6f, (byte) 0x6e, (byte) 0x20, (byte) 0x52, (byte) 0x6f, + (byte) 0x6f, (byte) 0x74, (byte) 0x30, (byte) 0x1e, (byte) 0x17, + (byte) 0x0d, (byte) 0x31, (byte) 0x36, (byte) 0x30, (byte) 0x31, 0x31, + (byte) 0x31, (byte) 0x30, (byte) 0x30, (byte) 0x34, (byte) 0x36, + (byte) 0x30, (byte) 0x39, (byte) 0x5a, (byte) 0x17, (byte) 0x0d, + (byte) 0x32, (byte) 0x36, (byte) 0x30, (byte) 0x31, (byte) 0x30, 0x38, + (byte) 0x30, (byte) 0x30, (byte) 0x34, (byte) 0x36, (byte) 0x30, + (byte) 0x39, (byte) 0x5a, (byte) 0x30, (byte) 0x81, (byte) 0x88, + (byte) 0x31, (byte) 0x0b, (byte) 0x30, (byte) 0x09, (byte) 0x06, 0x03, + (byte) 0x55, (byte) 0x04, (byte) 0x06, (byte) 0x13, (byte) 0x02, + (byte) 0x55, (byte) 0x53, (byte) 0x31, (byte) 0x13, (byte) 0x30, + (byte) 0x11, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, 0x08, + (byte) 0x0c, (byte) 0x0a, (byte) 0x43, (byte) 0x61, (byte) 0x6c, + (byte) 0x69, (byte) 0x66, (byte) 0x6f, (byte) 0x72, (byte) 0x6e, + (byte) 0x69, (byte) 0x61, (byte) 0x31, (byte) 0x15, (byte) 0x30, 0x13, + (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x0a, + (byte) 0x0c, (byte) 0x0c, (byte) 0x47, (byte) 0x6f, (byte) 0x6f, + (byte) 0x67, (byte) 0x6c, (byte) 0x65, (byte) 0x2c, (byte) 0x20, 0x49, + (byte) 0x6e, (byte) 0x63, (byte) 0x2e, (byte) 0x31, (byte) 0x10, + (byte) 0x30, (byte) 0x0e, (byte) 0x06, (byte) 0x03, (byte) 0x55, + (byte) 0x04, (byte) 0x0b, (byte) 0x0c, (byte) 0x07, (byte) 0x41, 0x6e, + (byte) 0x64, (byte) 0x72, (byte) 0x6f, (byte) 0x69, (byte) 0x64, + (byte) 0x31, (byte) 0x3b, (byte) 0x30, (byte) 0x39, (byte) 0x06, + (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x03, (byte) 0x0c, 0x32, + (byte) 0x41, (byte) 0x6e, (byte) 0x64, (byte) 0x72, (byte) 0x6f, + (byte) 0x69, (byte) 0x64, (byte) 0x20, (byte) 0x4b, (byte) 0x65, + (byte) 0x79, (byte) 0x73, (byte) 0x74, (byte) 0x6f, (byte) 0x72, 0x65, + (byte) 0x20, (byte) 0x53, (byte) 0x6f, (byte) 0x66, (byte) 0x74, + (byte) 0x77, (byte) 0x61, (byte) 0x72, (byte) 0x65, (byte) 0x20, + (byte) 0x41, (byte) 0x74, (byte) 0x74, (byte) 0x65, (byte) 0x73, 0x74, + (byte) 0x61, (byte) 0x74, (byte) 0x69, (byte) 0x6f, (byte) 0x6e, + (byte) 0x20, (byte) 0x49, (byte) 0x6e, (byte) 0x74, (byte) 0x65, + (byte) 0x72, (byte) 0x6d, (byte) 0x65, (byte) 0x64, (byte) 0x69, 0x61, + (byte) 0x74, (byte) 0x65, (byte) 0x30, (byte) 0x59, (byte) 0x30, + (byte) 0x13, (byte) 0x06, (byte) 0x07, (byte) 0x2a, (byte) 0x86, + (byte) 0x48, (byte) 0xce, (byte) 0x3d, (byte) 0x02, (byte) 0x01, 0x06, + (byte) 0x08, (byte) 0x2a, (byte) 0x86, (byte) 0x48, (byte) 0xce, + (byte) 0x3d, (byte) 0x03, (byte) 0x01, (byte) 0x07, (byte) 0x03, + (byte) 0x42, (byte) 0x00, (byte) 0x04, (byte) 0xeb, (byte) 0x9e, 0x79, + (byte) 0xf8, (byte) 0x42, (byte) 0x63, (byte) 0x59, (byte) 0xac, + (byte) 0xcb, (byte) 0x2a, (byte) 0x91, (byte) 0x4c, (byte) 0x89, + (byte) 0x86, (byte) 0xcc, (byte) 0x70, (byte) 0xad, (byte) 0x90, 0x66, + (byte) 0x93, (byte) 0x82, (byte) 0xa9, (byte) 0x73, (byte) 0x26, + (byte) 0x13, (byte) 0xfe, (byte) 0xac, (byte) 0xcb, (byte) 0xf8, + (byte) 0x21, (byte) 0x27, (byte) 0x4c, (byte) 0x21, (byte) 0x74, + (byte) 0x97, (byte) 0x4a, (byte) 0x2a, (byte) 0xfe, (byte) 0xa5, + (byte) 0xb9, (byte) 0x4d, (byte) 0x7f, (byte) 0x66, (byte) 0xd4, + (byte) 0xe0, (byte) 0x65, (byte) 0x10, (byte) 0x66, (byte) 0x35, + (byte) 0xbc, 0x53, (byte) 0xb7, (byte) 0xa0, (byte) 0xa3, (byte) 0xa6, + (byte) 0x71, (byte) 0x58, (byte) 0x3e, (byte) 0xdb, (byte) 0x3e, + (byte) 0x11, (byte) 0xae, (byte) 0x10, (byte) 0x14, (byte) 0xa3, + (byte) 0x66, 0x30, (byte) 0x64, (byte) 0x30, (byte) 0x1d, (byte) 0x06, + (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x0e, (byte) 0x04, + (byte) 0x16, (byte) 0x04, (byte) 0x14, (byte) 0x3f, (byte) 0xfc, + (byte) 0xac, (byte) 0xd6, (byte) 0x1a, (byte) 0xb1, (byte) 0x3a, + (byte) 0x9e, (byte) 0x81, (byte) 0x20, (byte) 0xb8, (byte) 0xd5, + (byte) 0x25, (byte) 0x1c, (byte) 0xc5, (byte) 0x65, (byte) 0xbb, + (byte) 0x1e, (byte) 0x91, (byte) 0xa9, (byte) 0x30, (byte) 0x1f, + (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x23, + (byte) 0x04, (byte) 0x18, (byte) 0x30, (byte) 0x16, (byte) 0x80, + (byte) 0x14, (byte) 0xc8, (byte) 0xad, (byte) 0xe9, (byte) 0x77, + (byte) 0x4c, (byte) 0x45, (byte) 0xc3, (byte) 0xa3, (byte) 0xcf, + (byte) 0x0d, (byte) 0x16, (byte) 0x10, (byte) 0xe4, (byte) 0x79, + (byte) 0x43, (byte) 0x3a, (byte) 0x21, (byte) 0x5a, 0x30, (byte) 0xcf, + (byte) 0x30, (byte) 0x12, (byte) 0x06, (byte) 0x03, (byte) 0x55, + (byte) 0x1d, (byte) 0x13, (byte) 0x01, (byte) 0x01, (byte) 0xff, + (byte) 0x04, (byte) 0x08, (byte) 0x30, (byte) 0x06, 0x01, (byte) 0x01, + (byte) 0xff, (byte) 0x02, (byte) 0x01, (byte) 0x00, (byte) 0x30, + (byte) 0x0e, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, + (byte) 0x0f, (byte) 0x01, (byte) 0x01, (byte) 0xff, 0x04, (byte) 0x04, + (byte) 0x03, (byte) 0x02, (byte) 0x02, (byte) 0x84, (byte) 0x30, + (byte) 0x0a, (byte) 0x06, (byte) 0x08, (byte) 0x2a, (byte) 0x86, + (byte) 0x48, (byte) 0xce, (byte) 0x3d, (byte) 0x04, 0x03, (byte) 0x02, + (byte) 0x03, (byte) 0x48, (byte) 0x00, (byte) 0x30, (byte) 0x45, + (byte) 0x02, (byte) 0x20, (byte) 0x4b, (byte) 0x8a, (byte) 0x9b, + (byte) 0x7b, (byte) 0xee, (byte) 0x82, (byte) 0xbc, (byte) 0xc0, + (byte) 0x33, (byte) 0x87, (byte) 0xae, (byte) 0x2f, (byte) 0xc0, + (byte) 0x89, (byte) 0x98, (byte) 0xb4, (byte) 0xdd, (byte) 0xc3, + (byte) 0x8d, (byte) 0xab, (byte) 0x27, (byte) 0x2a, (byte) 0x45, + (byte) 0x9f, (byte) 0x69, (byte) 0x0c, (byte) 0xc7, (byte) 0xc3, + (byte) 0x92, (byte) 0xd4, (byte) 0x0f, (byte) 0x8e, (byte) 0x02, + (byte) 0x21, (byte) 0x00, (byte) 0xee, (byte) 0xda, (byte) 0x01, + (byte) 0x5d, (byte) 0xb6, (byte) 0xf4, (byte) 0x32, (byte) 0xe9, + (byte) 0xd4, (byte) 0x84, (byte) 0x3b, (byte) 0x62, (byte) 0x4c, + (byte) 0x94, (byte) 0x04, (byte) 0xef, (byte) 0x3a, (byte) 0x7c, + (byte) 0xcc, (byte) 0xbd, 0x5e, (byte) 0xfb, (byte) 0x22, (byte) 0xbb, + (byte) 0xe7, (byte) 0xfe, (byte) 0xb9, (byte) 0x77, (byte) 0x3f, + (byte) 0x59, (byte) 0x3f, (byte) 0xfb, }; + + private static final byte[] kEcAttestRootCert = { + 0x30, (byte) 0x82, (byte) 0x02, (byte) 0x8b, (byte) 0x30, + (byte) 0x82, (byte) 0x02, (byte) 0x32, (byte) 0xa0, (byte) 0x03, + (byte) 0x02, (byte) 0x01, (byte) 0x02, (byte) 0x02, (byte) 0x09, + (byte) 0x00, (byte) 0xa2, (byte) 0x05, (byte) 0x9e, (byte) 0xd1, + (byte) 0x0e, (byte) 0x43, (byte) 0x5b, (byte) 0x57, (byte) 0x30, + (byte) 0x0a, (byte) 0x06, (byte) 0x08, (byte) 0x2a, (byte) 0x86, + (byte) 0x48, (byte) 0xce, 0x3d, (byte) 0x04, (byte) 0x03, + (byte) 0x02, (byte) 0x30, (byte) 0x81, (byte) 0x98, (byte) 0x31, + (byte) 0x0b, (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, + (byte) 0x55, (byte) 0x04, (byte) 0x06, 0x13, (byte) 0x02, + (byte) 0x55, (byte) 0x53, (byte) 0x31, (byte) 0x13, (byte) 0x30, + (byte) 0x11, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, + (byte) 0x08, (byte) 0x0c, (byte) 0x0a, (byte) 0x43, 0x61, + (byte) 0x6c, (byte) 0x69, (byte) 0x66, (byte) 0x6f, (byte) 0x72, + (byte) 0x6e, (byte) 0x69, (byte) 0x61, (byte) 0x31, (byte) 0x16, + (byte) 0x30, (byte) 0x14, (byte) 0x06, (byte) 0x03, (byte) 0x55, + 0x04, (byte) 0x07, (byte) 0x0c, (byte) 0x0d, (byte) 0x4d, + (byte) 0x6f, (byte) 0x75, (byte) 0x6e, (byte) 0x74, (byte) 0x61, + (byte) 0x69, (byte) 0x6e, (byte) 0x20, (byte) 0x56, (byte) 0x69, + (byte) 0x65, 0x77, (byte) 0x31, (byte) 0x15, (byte) 0x30, + (byte) 0x13, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, + (byte) 0x0a, (byte) 0x0c, (byte) 0x0c, (byte) 0x47, (byte) 0x6f, + (byte) 0x6f, (byte) 0x67, 0x6c, (byte) 0x65, (byte) 0x2c, + (byte) 0x20, (byte) 0x49, (byte) 0x6e, (byte) 0x63, (byte) 0x2e, + (byte) 0x31, (byte) 0x10, (byte) 0x30, (byte) 0x0e, (byte) 0x06, + (byte) 0x03, (byte) 0x55, (byte) 0x04, 0x0b, (byte) 0x0c, + (byte) 0x07, (byte) 0x41, (byte) 0x6e, (byte) 0x64, (byte) 0x72, + (byte) 0x6f, (byte) 0x69, (byte) 0x64, (byte) 0x31, (byte) 0x33, + (byte) 0x30, (byte) 0x31, (byte) 0x06, (byte) 0x03, 0x55, + (byte) 0x04, (byte) 0x03, (byte) 0x0c, (byte) 0x2a, (byte) 0x41, + (byte) 0x6e, (byte) 0x64, (byte) 0x72, (byte) 0x6f, (byte) 0x69, + (byte) 0x64, (byte) 0x20, (byte) 0x4b, (byte) 0x65, (byte) 0x79, + 0x73, (byte) 0x74, (byte) 0x6f, (byte) 0x72, (byte) 0x65, + (byte) 0x20, (byte) 0x53, (byte) 0x6f, (byte) 0x66, (byte) 0x74, + (byte) 0x77, (byte) 0x61, (byte) 0x72, (byte) 0x65, (byte) 0x20, + (byte) 0x41, 0x74, (byte) 0x74, (byte) 0x65, (byte) 0x73, + (byte) 0x74, (byte) 0x61, (byte) 0x74, (byte) 0x69, (byte) 0x6f, + (byte) 0x6e, (byte) 0x20, (byte) 0x52, (byte) 0x6f, (byte) 0x6f, + (byte) 0x74, (byte) 0x30, 0x1e, (byte) 0x17, (byte) 0x0d, + (byte) 0x31, (byte) 0x36, (byte) 0x30, (byte) 0x31, (byte) 0x31, + (byte) 0x31, (byte) 0x30, (byte) 0x30, (byte) 0x34, (byte) 0x33, + (byte) 0x35, (byte) 0x30, (byte) 0x5a, 0x17, (byte) 0x0d, + (byte) 0x33, (byte) 0x36, (byte) 0x30, (byte) 0x31, (byte) 0x30, + (byte) 0x36, (byte) 0x30, (byte) 0x30, (byte) 0x34, (byte) 0x33, + (byte) 0x35, (byte) 0x30, (byte) 0x5a, (byte) 0x30, (byte) 0x81, + (byte) 0x98, (byte) 0x31, (byte) 0x0b, (byte) 0x30, (byte) 0x09, + (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x06, + (byte) 0x13, (byte) 0x02, (byte) 0x55, (byte) 0x53, (byte) 0x31, + 0x13, (byte) 0x30, (byte) 0x11, (byte) 0x06, (byte) 0x03, + (byte) 0x55, (byte) 0x04, (byte) 0x08, (byte) 0x0c, (byte) 0x0a, + (byte) 0x43, (byte) 0x61, (byte) 0x6c, (byte) 0x69, (byte) 0x66, + (byte) 0x6f, 0x72, (byte) 0x6e, (byte) 0x69, (byte) 0x61, + (byte) 0x31, (byte) 0x16, (byte) 0x30, (byte) 0x14, (byte) 0x06, + (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x07, (byte) 0x0c, + (byte) 0x0d, (byte) 0x4d, 0x6f, (byte) 0x75, (byte) 0x6e, + (byte) 0x74, (byte) 0x61, (byte) 0x69, (byte) 0x6e, (byte) 0x20, + (byte) 0x56, (byte) 0x69, (byte) 0x65, (byte) 0x77, (byte) 0x31, + (byte) 0x15, (byte) 0x30, (byte) 0x13, 0x06, (byte) 0x03, + (byte) 0x55, (byte) 0x04, (byte) 0x0a, (byte) 0x0c, (byte) 0x0c, + (byte) 0x47, (byte) 0x6f, (byte) 0x6f, (byte) 0x67, (byte) 0x6c, + (byte) 0x65, (byte) 0x2c, (byte) 0x20, (byte) 0x49, 0x6e, + (byte) 0x63, (byte) 0x2e, (byte) 0x31, (byte) 0x10, (byte) 0x30, + (byte) 0x0e, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, + (byte) 0x0b, (byte) 0x0c, (byte) 0x07, (byte) 0x41, (byte) 0x6e, + 0x64, (byte) 0x72, (byte) 0x6f, (byte) 0x69, (byte) 0x64, + (byte) 0x31, (byte) 0x33, (byte) 0x30, (byte) 0x31, (byte) 0x06, + (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x03, (byte) 0x0c, + (byte) 0x2a, 0x41, (byte) 0x6e, (byte) 0x64, (byte) 0x72, + (byte) 0x6f, (byte) 0x69, (byte) 0x64, (byte) 0x20, (byte) 0x4b, + (byte) 0x65, (byte) 0x79, (byte) 0x73, (byte) 0x74, (byte) 0x6f, + (byte) 0x72, (byte) 0x65, 0x20, (byte) 0x53, (byte) 0x6f, + (byte) 0x66, (byte) 0x74, (byte) 0x77, (byte) 0x61, (byte) 0x72, + (byte) 0x65, (byte) 0x20, (byte) 0x41, (byte) 0x74, (byte) 0x74, + (byte) 0x65, (byte) 0x73, (byte) 0x74, 0x61, (byte) 0x74, + (byte) 0x69, (byte) 0x6f, (byte) 0x6e, 0x77, (byte) 0x1f, + (byte) 0x44, (byte) 0x22, (byte) 0x6d, (byte) 0xbd, (byte) 0xb1, + (byte) 0xaf, (byte) 0xfa, (byte) 0x16, (byte) 0xcb, (byte) 0xc7, + (byte) 0xad, (byte) 0xc5, (byte) 0x77, (byte) 0xd2, (byte) 0x20, + (byte) 0x52, (byte) 0x6f, (byte) 0x6f, (byte) 0x74, (byte) 0x30, + (byte) 0x59, (byte) 0x30, (byte) 0x13, (byte) 0x06, (byte) 0x07, + 0x2a, (byte) 0x86, (byte) 0x48, (byte) 0xce, (byte) 0x3d, + (byte) 0x02, (byte) 0x01, (byte) 0x06, (byte) 0x08, (byte) 0x2a, + (byte) 0x86, (byte) 0x48, (byte) 0xce, (byte) 0x3d, (byte) 0x03, + (byte) 0x01, 0x07, (byte) 0x03, (byte) 0x42, (byte) 0x00, + (byte) 0x04, (byte) 0xee, (byte) 0x5d, (byte) 0x5e, (byte) 0xc7, + (byte) 0xe1, (byte) 0xc0, (byte) 0xdb, (byte) 0x6d, (byte) 0x03, + (byte) 0xa6, (byte) 0x7e, (byte) 0xe6, (byte) 0xb6, (byte) 0x1b, + (byte) 0xec, (byte) 0x4d, (byte) 0x6a, (byte) 0x5d, (byte) 0x6a, + (byte) 0x68, (byte) 0x2e, (byte) 0x0f, (byte) 0xff, (byte) 0x7f, + (byte) 0x49, (byte) 0x0e, (byte) 0x7d, 0x56, (byte) 0x9c, + (byte) 0xaa, (byte) 0xb7, (byte) 0xb0, (byte) 0x2d, (byte) 0x54, + (byte) 0x01, (byte) 0x5d, (byte) 0x3e, (byte) 0x43, (byte) 0x2b, + (byte) 0x2a, (byte) 0x8e, (byte) 0xd7, (byte) 0x4e, (byte) 0xec, + (byte) 0x48, (byte) 0x75, (byte) 0x41, (byte) 0xa4, (byte) 0xa3, + (byte) 0x63, (byte) 0x30, (byte) 0x61, (byte) 0x30, (byte) 0x1d, + (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x0e, + 0x04, (byte) 0x16, (byte) 0x04, (byte) 0x14, (byte) 0xc8, + (byte) 0xad, (byte) 0xe9, (byte) 0x77, (byte) 0x4c, (byte) 0x45, + (byte) 0xc3, (byte) 0xa3, (byte) 0xcf, (byte) 0x0d, (byte) 0x16, + (byte) 0x10, (byte) 0xe4, (byte) 0x79, (byte) 0x43, (byte) 0x3a, + (byte) 0x21, (byte) 0x5a, (byte) 0x30, (byte) 0xcf, (byte) 0x30, + (byte) 0x1f, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, + (byte) 0x23, (byte) 0x04, 0x18, (byte) 0x30, (byte) 0x16, + (byte) 0x80, (byte) 0x14, (byte) 0xc8, (byte) 0xad, (byte) 0xe9, + (byte) 0x77, (byte) 0x4c, (byte) 0x45, (byte) 0xc3, (byte) 0xa3, + (byte) 0xcf, (byte) 0x0d, (byte) 0x16, 0x10, (byte) 0xe4, + (byte) 0x79, (byte) 0x43, (byte) 0x3a, (byte) 0x21, (byte) 0x5a, + (byte) 0x30, (byte) 0xcf, (byte) 0x30, (byte) 0x0f, (byte) 0x06, + (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x13, 0x01, + (byte) 0x01, (byte) 0xff, (byte) 0x04, (byte) 0x05, (byte) 0x30, + (byte) 0x03, (byte) 0x01, (byte) 0x01, (byte) 0xff, (byte) 0x30, + (byte) 0x0e, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, + 0x0f, (byte) 0x01, (byte) 0x01, (byte) 0xff, (byte) 0x04, + (byte) 0x04, (byte) 0x03, (byte) 0x02, (byte) 0x02, (byte) 0x84, + (byte) 0x30, (byte) 0x0a, (byte) 0x06, (byte) 0x08, (byte) 0x2a, + (byte) 0x86, 0x48, (byte) 0xce, (byte) 0x3d, (byte) 0x04, + (byte) 0x03, (byte) 0x02, (byte) 0x03, (byte) 0x47, (byte) 0x00, + (byte) 0x30, (byte) 0x44, (byte) 0x02, (byte) 0x20, (byte) 0x35, + (byte) 0x21, (byte) 0xa3, (byte) 0xef, (byte) 0x8b, (byte) 0x34, + (byte) 0x46, (byte) 0x1e, (byte) 0x9c, (byte) 0xd5, (byte) 0x60, + (byte) 0xf3, (byte) 0x1d, (byte) 0x58, (byte) 0x89, (byte) 0x20, + (byte) 0x6a, (byte) 0xdc, (byte) 0xa3, 0x65, (byte) 0x41, + (byte) 0xf6, (byte) 0x0d, (byte) 0x9e, (byte) 0xce, (byte) 0x8a, + (byte) 0x19, (byte) 0x8c, (byte) 0x66, (byte) 0x48, (byte) 0x60, + (byte) 0x7b, (byte) 0x02, (byte) 0x20, (byte) 0x4d, 0x0b, + (byte) 0xf3, (byte) 0x51, (byte) 0xd9, (byte) 0x30, (byte) 0x7c, + (byte) 0x7d, (byte) 0x5b, (byte) 0xda, (byte) 0x35, (byte) 0x34, + (byte) 0x1d, (byte) 0xa8, (byte) 0x47, (byte) 0x1b, (byte) 0x63, + (byte) 0xa5, (byte) 0x85, (byte) 0x65, (byte) 0x3c, (byte) 0xad, + (byte) 0x4f, (byte) 0x24, (byte) 0xa7, (byte) 0xe7, (byte) 0x4d, + (byte) 0xaf, (byte) 0x41, (byte) 0x7d, (byte) 0xf1, + (byte) 0xbf, }; + + private static final byte[] X509Issuer = { + (byte) 0x30, (byte) 0x81, (byte) 0x88, (byte) 0x31, (byte) 0x0b, + (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, + (byte) 0x04, (byte) 0x06, (byte) 0x13, (byte) 0x02, (byte) 0x55, + (byte) 0x53, (byte) 0x31, (byte) 0x13, (byte) 0x30, (byte) 0x11, + (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x08, + (byte) 0x0c, (byte) 0x0a, (byte) 0x43, (byte) 0x61, (byte) 0x6c, + (byte) 0x69, (byte) 0x66, (byte) 0x6f, (byte) 0x72, (byte) 0x6e, + (byte) 0x69, (byte) 0x61, (byte) 0x31, (byte) 0x15, (byte) 0x30, + (byte) 0x13, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, + (byte) 0x0a, (byte) 0x0c, (byte) 0x0c, (byte) 0x47, (byte) 0x6f, + (byte) 0x6f, (byte) 0x67, (byte) 0x6c, (byte) 0x65, (byte) 0x2c, + (byte) 0x20, (byte) 0x49, (byte) 0x6e, (byte) 0x63, (byte) 0x2e, + (byte) 0x31, (byte) 0x10, (byte) 0x30, (byte) 0x0e, (byte) 0x06, + (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x0b, (byte) 0x0c, + (byte) 0x07, (byte) 0x41, (byte) 0x6e, (byte) 0x64, (byte) 0x72, + (byte) 0x6f, (byte) 0x69, (byte) 0x64, (byte) 0x31, (byte) 0x3b, + (byte) 0x30, (byte) 0x39, (byte) 0x06, (byte) 0x03, (byte) 0x55, + (byte) 0x04, (byte) 0x03, (byte) 0x0c, (byte) 0x32, (byte) 0x41, + (byte) 0x6e, (byte) 0x64, (byte) 0x72, (byte) 0x6f, (byte) 0x69, + (byte) 0x64, (byte) 0x20, (byte) 0x4b, (byte) 0x65, (byte) 0x79, + (byte) 0x73, (byte) 0x74, (byte) 0x6f, (byte) 0x72, (byte) 0x65, + (byte) 0x20, (byte) 0x53, (byte) 0x6f, (byte) 0x66, (byte) 0x74, + (byte) 0x77, (byte) 0x61, (byte) 0x72, (byte) 0x65, (byte) 0x20, + (byte) 0x41, (byte) 0x74, (byte) 0x74, (byte) 0x65, (byte) 0x73, + (byte) 0x74, (byte) 0x61, (byte) 0x74, (byte) 0x69, (byte) 0x6f, + (byte) 0x6e, (byte) 0x20, (byte) 0x49, (byte) 0x6e, (byte) 0x74, + (byte) 0x65, (byte) 0x72, (byte) 0x6d, (byte) 0x65, (byte) 0x64, + (byte) 0x69, (byte) 0x61, (byte) 0x74, (byte) 0x65 }; + // AttestationApplicationId ::= SEQUENCE { + // * packageInfoRecords SET OF PackageInfoRecord, + // * signatureDigests SET OF OCTET_STRING, + // * } + // * + // * PackageInfoRecord ::= SEQUENCE { + // * packageName OCTET_STRING, + // * version INTEGER, + // * } + private static final byte[] attAppId = {0x30, 0x10, 0x31, 0x0B, 0x30, 0x04, 0x05, 'A', 'B', 'C', + 'D', 'E', 0x02, 0x01, 0x01, 0x31, 0x02, 0x04, 0x00}; + private static final byte[] attChallenge = {'c','h','a','l','l','e','n','g','e'}; + private static final byte[] expiryTime = {(byte)0x32, (byte)0x36, (byte)0x30, (byte)0x31, (byte)0x30, (byte)0x38, (byte)0x30, (byte)0x30, (byte)0x34, (byte)0x36, (byte)0x30, (byte)0x39, (byte)0x5a}; + private static final byte[] authKeyId = { (byte)0x80, (byte)0x14, (byte)0xc8, (byte)0xad, (byte)0xe9, (byte)0x77, (byte)0x4c, (byte)0x45, (byte)0xc3, (byte)0xa3, (byte)0xcf, (byte)0x0d, (byte)0x16, (byte)0x10, (byte)0xe4, (byte)0x79, (byte)0x43, (byte)0x3a, (byte)0x21, (byte)0x5a, (byte)0x30, (byte)0xcf}; + + private CardSimulator simulator; + private KMEncoder encoder; + private KMDecoder decoder; + private KMSEProvider cryptoProvider; + + public KMFunctionalTest(){ + cryptoProvider = new KMJCardSimulator(); + simulator = new CardSimulator(); + encoder = new KMEncoder(); + decoder = new KMDecoder(); + } + + private void init(){ + // Create simulator + AID appletAID = AIDUtil.create("A000000062"); + simulator.installApplet(appletAID, KMJCardSimApplet.class); + // Select applet + simulator.selectApplet(appletAID); + // provision attest key + provisionCmd(simulator); + } + + private void setBootParams(CardSimulator simulator, short osVersion, + short osPatchLevel, short vendorPatchLevel, short bootPatchLevel) { + // Argument 1 OS Version + short versionPtr = KMInteger.uint_16(osVersion); + // short versionTagPtr = KMIntegerTag.instance(KMType.UINT_TAG, + // KMType.OS_VERSION,versionPatchPtr); + // Argument 2 OS Patch level + short patchPtr = KMInteger.uint_16(osPatchLevel); + short vendorpatchPtr = KMInteger.uint_16((short) vendorPatchLevel); + short bootpatchPtr = KMInteger.uint_16((short) bootPatchLevel); + // Argument 3 Verified Boot Key + byte[] bootKeyHash = "00011122233344455566677788899900".getBytes(); + short bootKeyPtr = KMByteBlob.instance(bootKeyHash, (short) 0, + (short) bootKeyHash.length); + // Argument 4 Verified Boot Hash + short bootHashPtr = KMByteBlob.instance(bootKeyHash, (short) 0, + (short) bootKeyHash.length); + // Argument 5 Verified Boot State + short bootStatePtr = KMEnum.instance(KMType.VERIFIED_BOOT_STATE, + KMType.VERIFIED_BOOT); + // Argument 6 Device Locked + short deviceLockedPtr = KMEnum.instance(KMType.DEVICE_LOCKED, + KMType.DEVICE_LOCKED_FALSE); + // Arguments + short arrPtr = KMArray.instance((short) 8); + KMArray vals = KMArray.cast(arrPtr); + vals.add((short) 0, versionPtr); + vals.add((short) 1, patchPtr); + vals.add((short) 2, vendorpatchPtr); + vals.add((short) 3, bootpatchPtr); + vals.add((short) 4, bootKeyPtr); + vals.add((short) 5, bootHashPtr); + vals.add((short) 6, bootStatePtr); + vals.add((short) 7, deviceLockedPtr); + CommandAPDU apdu = encodeApdu((byte) INS_SET_BOOT_PARAMS_CMD, arrPtr); + // print(commandAPDU.getBytes()); + ResponseAPDU response = simulator.transmitCommand(apdu); + Assert.assertEquals(0x9000, response.getSW()); + + } + + private void provisionSigningCertificate(CardSimulator simulator) { + short byteBlobPtr = KMByteBlob.instance( + (short) (kEcAttestCert.length + kEcAttestRootCert.length)); + Util.arrayCopyNonAtomic(kEcAttestCert, (short) 0, + KMByteBlob.cast(byteBlobPtr).getBuffer(), + KMByteBlob.cast(byteBlobPtr).getStartOff(), + (short) kEcAttestCert.length); + Util.arrayCopyNonAtomic(kEcAttestRootCert, (short) 0, + KMByteBlob.cast(byteBlobPtr).getBuffer(), + (short) (KMByteBlob.cast(byteBlobPtr).getStartOff() + + kEcAttestCert.length), + (short) kEcAttestRootCert.length); + CommandAPDU apdu = encodeApdu( + (byte) INS_PROVISION_ATTESTATION_CERT_CHAIN_CMD, byteBlobPtr); + // print(commandAPDU.getBytes()); + ResponseAPDU response = simulator.transmitCommand(apdu); + Assert.assertEquals(0x9000, response.getSW()); + } + + private void provisionSigningKey(CardSimulator simulator) { + // KeyParameters. + short arrPtr = KMArray.instance((short) 4); + short ecCurve = KMEnumTag.instance(KMType.ECCURVE, KMType.P_256); + short byteBlob = KMByteBlob.instance((short) 1); + KMByteBlob.cast(byteBlob).add((short) 0, KMType.SHA2_256); + short digest = KMEnumArrayTag.instance(KMType.DIGEST, byteBlob); + short byteBlob2 = KMByteBlob.instance((short) 1); + KMByteBlob.cast(byteBlob2).add((short) 0, KMType.ATTEST_KEY); + short purpose = KMEnumArrayTag.instance(KMType.PURPOSE, byteBlob2); + KMArray.cast(arrPtr).add((short) 0, ecCurve); + KMArray.cast(arrPtr).add((short) 1, digest); + KMArray.cast(arrPtr).add((short) 2, + KMEnumTag.instance(KMType.ALGORITHM, KMType.EC)); + KMArray.cast(arrPtr).add((short) 3, purpose); + short keyParams = KMKeyParameters.instance(arrPtr); + // Note: VTS uses PKCS8 KeyFormat RAW + short keyFormatPtr = KMEnum.instance(KMType.KEY_FORMAT, KMType.RAW); + + // Key + short signKeyPtr = KMArray.instance((short) 2); + KMArray.cast(signKeyPtr).add((short) 0, KMByteBlob.instance(kEcPrivKey, + (short) 0, (short) kEcPrivKey.length)); + KMArray.cast(signKeyPtr).add((short) 1, KMByteBlob.instance(kEcPubKey, + (short) 0, (short) kEcPubKey.length)); + byte[] keyBuf = new byte[120]; + short len = encoder.encode(signKeyPtr, keyBuf, (short) 0); + short signKeyBstr = KMByteBlob.instance(keyBuf, (short) 0, len); + + short finalArrayPtr = KMArray.instance((short) 3); + KMArray.cast(finalArrayPtr).add((short) 0, keyParams); + KMArray.cast(finalArrayPtr).add((short) 1, keyFormatPtr); + KMArray.cast(finalArrayPtr).add((short) 2, signKeyBstr); + + CommandAPDU apdu = encodeApdu((byte) INS_PROVISION_ATTESTATION_KEY_CMD, + finalArrayPtr); + // print(commandAPDU.getBytes()); + ResponseAPDU response = simulator.transmitCommand(apdu); + Assert.assertEquals(0x9000, response.getSW()); + } + + private void provisionCertificateParams(CardSimulator simulator) { + + short arrPtr = KMArray.instance((short) 3); + short byteBlob1 = KMByteBlob.instance(X509Issuer, (short) 0, + (short) X509Issuer.length); + KMArray.cast(arrPtr).add((short) 0, byteBlob1); + short byteBlob2 = KMByteBlob.instance(expiryTime, (short) 0, + (short) expiryTime.length); + KMArray.cast(arrPtr).add((short) 1, byteBlob2); + short byteBlob3 = KMByteBlob.instance(authKeyId, (short) 0, + (short) authKeyId.length); + KMArray.cast(arrPtr).add((short) 2, byteBlob3); + + CommandAPDU apdu = encodeApdu( + (byte) INS_PROVISION_ATTESTATION_CERT_PARAMS_CMD, arrPtr); + // print(commandAPDU.getBytes()); + ResponseAPDU response = simulator.transmitCommand(apdu); + Assert.assertEquals(0x9000, response.getSW()); + } + + private void provisionSharedSecret(CardSimulator simulator) { + byte[] sharedKeySecret = { + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0 }; + short arrPtr = KMArray.instance((short) 1); + short byteBlob = KMByteBlob.instance(sharedKeySecret, (short) 0, + (short) sharedKeySecret.length); + KMArray.cast(arrPtr).add((short) 0, byteBlob); + + CommandAPDU apdu = encodeApdu((byte) INS_PROVISION_SHARED_SECRET_CMD, + arrPtr); + // print(commandAPDU.getBytes()); + ResponseAPDU response = simulator.transmitCommand(apdu); + Assert.assertEquals(0x9000, response.getSW()); + } + + private void provisionAttestIds(CardSimulator simulator) { + short arrPtr = KMArray.instance((short) 8); + + byte[] buf = "Attestation Id".getBytes(); + + KMArray.cast(arrPtr).add((short) 0, + KMByteTag.instance(KMType.ATTESTATION_ID_BRAND, + KMByteBlob.instance(buf, (short) 0, (short) buf.length))); + KMArray.cast(arrPtr).add((short) 1, + KMByteTag.instance(KMType.ATTESTATION_ID_PRODUCT, + KMByteBlob.instance(buf, (short) 0, (short) buf.length))); + KMArray.cast(arrPtr).add((short) 2, + KMByteTag.instance(KMType.ATTESTATION_ID_DEVICE, + KMByteBlob.instance(buf, (short) 0, (short) buf.length))); + KMArray.cast(arrPtr).add((short) 3, + KMByteTag.instance(KMType.ATTESTATION_ID_MODEL, + KMByteBlob.instance(buf, (short) 0, (short) buf.length))); + KMArray.cast(arrPtr).add((short) 4, + KMByteTag.instance(KMType.ATTESTATION_ID_IMEI, + KMByteBlob.instance(buf, (short) 0, (short) buf.length))); + KMArray.cast(arrPtr).add((short) 5, + KMByteTag.instance(KMType.ATTESTATION_ID_MEID, + KMByteBlob.instance(buf, (short) 0, (short) buf.length))); + KMArray.cast(arrPtr).add((short) 6, + KMByteTag.instance(KMType.ATTESTATION_ID_MANUFACTURER, + KMByteBlob.instance(buf, (short) 0, (short) buf.length))); + KMArray.cast(arrPtr).add((short) 7, + KMByteTag.instance(KMType.ATTESTATION_ID_SERIAL, + KMByteBlob.instance(buf, (short) 0, (short) buf.length))); + short keyParams = KMKeyParameters.instance(arrPtr); + short outerArrPtr = KMArray.instance((short) 1); + KMArray.cast(outerArrPtr).add((short) 0, keyParams); + CommandAPDU apdu = encodeApdu((byte) INS_PROVISION_ATTEST_IDS_CMD, + outerArrPtr); + // print(commandAPDU.getBytes()); + ResponseAPDU response = simulator.transmitCommand(apdu); + Assert.assertEquals(0x9000, response.getSW()); + } + + private void provisionLocked(CardSimulator simulator) { + CommandAPDU commandAPDU = new CommandAPDU(0x80, INS_LOCK_PROVISIONING_CMD, + 0x40, 0x00); + // print(commandAPDU.getBytes()); + ResponseAPDU response = simulator.transmitCommand(commandAPDU); + Assert.assertEquals(0x9000, response.getSW()); + } + + private void provisionCmd(CardSimulator simulator) { + provisionSigningKey(simulator); + provisionSigningCertificate(simulator); + provisionCertificateParams(simulator); + provisionSharedSecret(simulator); + provisionAttestIds(simulator); + // set bootup parameters + setBootParams(simulator,(short)1,(short)1, (short)0, (short)0); + provisionLocked(simulator); + } + + private void cleanUp(){ + AID appletAID = AIDUtil.create("A000000062"); + // Delete i.e. uninstall applet + simulator.deleteApplet(appletAID); + } + + + private CommandAPDU encodeApdu(byte ins, short cmd){ + byte[] buf = new byte[2500]; + buf[0] = (byte)0x80; + buf[1] = ins; + buf[2] = (byte)0x40; + buf[3] = (byte)0x00; + buf[4] = 0; + short len = encoder.encode(cmd, buf, (short) 7); + Util.setShort(buf, (short)5, len); + byte[] apdu = new byte[7+len]; + Util.arrayCopyNonAtomic(buf,(short)0,apdu,(short)0,(short)(7+len)); + //CommandAPDU commandAPDU = new CommandAPDU(0x80, 0x10, 0x40, 0x00, buf, 0, actualLen); + return new CommandAPDU(apdu); + } + + @Test + public void testAesImportKeySuccess() { + init(); + byte[] aesKeySecret = new byte[] {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}; + short arrPtr = KMArray.instance((short)5); + short boolTag = KMBoolTag.instance(KMType.NO_AUTH_REQUIRED); + short keySize = KMIntegerTag.instance(KMType.UINT_TAG, KMType.KEYSIZE, KMInteger.uint_16((short)128)); + short byteBlob = KMByteBlob.instance((short)1); + KMByteBlob.cast(byteBlob).add((short)0, KMType.ECB); + short blockMode = KMEnumArrayTag.instance(KMType.BLOCK_MODE, byteBlob); + byteBlob = KMByteBlob.instance((short)1); + KMByteBlob.cast(byteBlob).add((short)0, KMType.PKCS7); + short paddingMode = KMEnumArrayTag.instance(KMType.PADDING, byteBlob); + KMArray.cast(arrPtr).add((short)0, boolTag); + KMArray.cast(arrPtr).add((short)1, keySize); + KMArray.cast(arrPtr).add((short)2, blockMode); + KMArray.cast(arrPtr).add((short)3, paddingMode); + KMArray.cast(arrPtr).add((short)4, KMEnumTag.instance(KMType.ALGORITHM, KMType.AES)); + short keyParams = KMKeyParameters.instance(arrPtr); + short keyFormatPtr = KMEnum.instance(KMType.KEY_FORMAT, KMType.RAW); + short keyBlob = KMArray.instance((short)1); + KMArray.cast(keyBlob).add((short)0, KMByteBlob.instance(aesKeySecret,(short)0,(short)16)); + byte[] blob = new byte[256]; + short len = encoder.encode(keyBlob,blob,(short)0); + keyBlob = KMByteBlob.instance(blob, (short)0, len); + arrPtr = KMArray.instance((short)3); + KMArray arg = KMArray.cast(arrPtr); + arg.add((short) 0, keyParams); + arg.add((short)1, keyFormatPtr); + arg.add((short)2, keyBlob); + CommandAPDU apdu = encodeApdu((byte)INS_IMPORT_KEY_CMD, arrPtr); + // print(commandAPDU.getBytes()); + ResponseAPDU response = simulator.transmitCommand(apdu); + short ret = KMArray.instance((short) 3); + KMArray.cast(ret).add((short) 0, KMInteger.exp()); + KMArray.cast(ret).add((short)1, KMByteBlob.exp()); + short inst = KMKeyCharacteristics.exp(); + KMArray.cast(ret).add((short) 2, inst); + byte[] respBuf = response.getBytes(); + len = (short) respBuf.length; + ret = decoder.decode(ret, respBuf, (short) 0, len); + short error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); + short keyBlobLength = KMByteBlob.cast(KMArray.cast(ret).get((short)1)).length(); + short keyCharacteristics = KMArray.cast(ret).get((short)2); + short hwParams = KMKeyCharacteristics.cast(keyCharacteristics).getHardwareEnforced(); + short swParams = KMKeyCharacteristics.cast(keyCharacteristics).getSoftwareEnforced(); + Assert.assertEquals(0x9000, response.getSW()); + Assert.assertEquals(error, KMError.OK); + short tag = KMKeyParameters.findTag(KMType.BOOL_TAG, KMType.NO_AUTH_REQUIRED, hwParams); + Assert.assertEquals(KMBoolTag.cast(tag).getVal(),0x01); + tag = KMKeyParameters.findTag(KMType.UINT_TAG, KMType.KEYSIZE, hwParams); + Assert.assertEquals(KMInteger.cast(KMIntegerTag.cast(tag).getValue()).getShort(), 128); + tag = KMKeyParameters.findTag(KMType.ENUM_ARRAY_TAG, KMType.PADDING, hwParams); + Assert.assertTrue(KMEnumArrayTag.cast(tag).contains(KMType.PKCS7)); + tag = KMKeyParameters.findTag(KMType.ENUM_ARRAY_TAG, KMType.BLOCK_MODE, hwParams); + Assert.assertTrue(KMEnumArrayTag.cast(tag).contains(KMType.ECB)); + tag = KMKeyParameters.findTag(KMType.ENUM_TAG, KMType.ALGORITHM, hwParams); + Assert.assertEquals(KMEnumTag.cast(tag).getValue(), KMType.AES); + tag = KMKeyParameters.findTag(KMType.ENUM_TAG, KMType.ORIGIN, hwParams); + Assert.assertEquals(KMEnumTag.cast(tag).getValue(), KMType.IMPORTED); + cleanUp(); + } + + @Test + public void testHmacImportKeySuccess() { + init(); + byte[] hmacKeySecret = new byte[] {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}; + short arrPtr = KMArray.instance((short)5); + short boolTag = KMBoolTag.instance(KMType.NO_AUTH_REQUIRED); + short keySize = KMIntegerTag.instance(KMType.UINT_TAG, KMType.KEYSIZE, KMInteger.uint_16((short)128)); + short byteBlob = KMByteBlob.instance((short)1); + KMByteBlob.cast(byteBlob).add((short)0, KMType.SHA2_256); + short digest = KMEnumArrayTag.instance(KMType.DIGEST, byteBlob); + short minMacLength = KMIntegerTag.instance(KMType.UINT_TAG,KMType.MIN_MAC_LENGTH, KMInteger.uint_16((short)256)); + KMArray.cast(arrPtr).add((short)0, boolTag); + KMArray.cast(arrPtr).add((short)1, keySize); + KMArray.cast(arrPtr).add((short)2, digest); + KMArray.cast(arrPtr).add((short)3, minMacLength); + KMArray.cast(arrPtr).add((short)4, KMEnumTag.instance(KMType.ALGORITHM, KMType.HMAC)); + short keyParams = KMKeyParameters.instance(arrPtr); + short keyFormatPtr = KMEnum.instance(KMType.KEY_FORMAT, KMType.RAW); + short keyBlob = KMArray.instance((short)1); + KMArray.cast(keyBlob).add((short)0, KMByteBlob.instance(hmacKeySecret,(short)0,(short)16)); + byte[] blob = new byte[256]; + short len = encoder.encode(keyBlob,blob,(short)0); + keyBlob = KMByteBlob.instance(blob, (short)0, len); + arrPtr = KMArray.instance((short)3); + KMArray arg = KMArray.cast(arrPtr); + arg.add((short) 0, keyParams); + arg.add((short)1, keyFormatPtr); + arg.add((short)2, keyBlob); + CommandAPDU apdu = encodeApdu((byte)INS_IMPORT_KEY_CMD, arrPtr); + // print(commandAPDU.getBytes()); + ResponseAPDU response = simulator.transmitCommand(apdu); + short ret = KMArray.instance((short) 3); + KMArray.cast(ret).add((short) 0, KMInteger.exp()); + KMArray.cast(ret).add((short)1, KMByteBlob.exp()); + short inst = KMKeyCharacteristics.exp(); + KMArray.cast(ret).add((short) 2, inst); + byte[] respBuf = response.getBytes(); + len = (short) respBuf.length; + ret = decoder.decode(ret, respBuf, (short) 0, len); + short error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); + short keyBlobLength = KMByteBlob.cast(KMArray.cast(ret).get((short)1)).length(); + short keyCharacteristics = KMArray.cast(ret).get((short)2); + short hwParams = KMKeyCharacteristics.cast(keyCharacteristics).getHardwareEnforced(); + short swParams = KMKeyCharacteristics.cast(keyCharacteristics).getSoftwareEnforced(); + Assert.assertEquals(0x9000, response.getSW()); + Assert.assertEquals(error, KMError.OK); + short tag = KMKeyParameters.findTag(KMType.BOOL_TAG, KMType.NO_AUTH_REQUIRED, hwParams); + Assert.assertEquals(KMBoolTag.cast(tag).getVal(),0x01); + tag = KMKeyParameters.findTag(KMType.UINT_TAG, KMType.KEYSIZE, hwParams); + Assert.assertEquals(KMInteger.cast(KMIntegerTag.cast(tag).getValue()).getShort(), 128); + tag = KMKeyParameters.findTag(KMType.ENUM_ARRAY_TAG, KMType.DIGEST, hwParams); + Assert.assertTrue(KMEnumArrayTag.cast(tag).contains(KMType.SHA2_256)); + tag = KMKeyParameters.findTag(KMType.UINT_TAG, KMType.MIN_MAC_LENGTH, hwParams); + Assert.assertEquals(KMInteger.cast(KMIntegerTag.cast(tag).getValue()).getShort(), 256); + tag = KMKeyParameters.findTag(KMType.ENUM_TAG, KMType.ALGORITHM, hwParams); + Assert.assertEquals(KMEnumTag.cast(tag).getValue(), KMType.HMAC); + tag = KMKeyParameters.findTag(KMType.ENUM_TAG, KMType.ORIGIN, hwParams); + Assert.assertEquals(KMEnumTag.cast(tag).getValue(), KMType.IMPORTED); + cleanUp(); + } + + @Test + public void testRsaImportKeySuccess() { + init(); + /* + KeyPair rsaKeyPair = cryptoProvider.createRsaKeyPair(); + byte[] pub = new byte[4]; + short len = ((RSAPublicKey)rsaKeyPair.getPublic()).getExponent(pub,(short)1); + byte[] priv = new byte[256]; + byte[] mod = new byte[256]; + len = ((RSAPrivateKey)rsaKeyPair.getPrivate()).getModulus(mod,(short)0); + len = ((RSAPrivateKey)rsaKeyPair.getPrivate()).getExponent(priv,(short)0); + */ + + byte[] pub = new byte[]{0x00,0x01,0x00,0x01}; + byte[] mod = new byte[256]; + byte[] priv = new byte[256]; + short[] lengths = new short[2]; + cryptoProvider.createAsymmetricKey(KMType.RSA,priv,(short)0,(short)256,mod,(short)0, (short)256,lengths); + short arrPtr = KMArray.instance((short)6); + short boolTag = KMBoolTag.instance(KMType.NO_AUTH_REQUIRED); + short keySize = KMIntegerTag.instance(KMType.UINT_TAG, KMType.KEYSIZE, KMInteger.uint_16((short)2048)); + short byteBlob = KMByteBlob.instance((short)1); + KMByteBlob.cast(byteBlob).add((short)0, KMType.SHA2_256); + short digest = KMEnumArrayTag.instance(KMType.DIGEST, byteBlob); + short rsaPubExpTag = KMIntegerTag.instance(KMType.ULONG_TAG,KMType.RSA_PUBLIC_EXPONENT, + KMInteger.uint_32(pub, (short)0)); + byteBlob = KMByteBlob.instance((short)1); + KMByteBlob.cast(byteBlob).add((short)0, KMType.RSA_PSS); + short padding = KMEnumArrayTag.instance(KMType.PADDING, byteBlob); + KMArray.cast(arrPtr).add((short)0, boolTag); + KMArray.cast(arrPtr).add((short)1, keySize); + KMArray.cast(arrPtr).add((short)2, digest); + KMArray.cast(arrPtr).add((short)3, rsaPubExpTag); + KMArray.cast(arrPtr).add((short)4, KMEnumTag.instance(KMType.ALGORITHM, KMType.RSA)); + KMArray.cast(arrPtr).add((short)5, padding); + short keyParams = KMKeyParameters.instance(arrPtr); + short keyFormatPtr = KMEnum.instance(KMType.KEY_FORMAT, KMType.RAW);// Note: VTS uses PKCS8 + short keyBlob = KMArray.instance((short)2); + KMArray.cast(keyBlob).add((short)0, KMByteBlob.instance(priv,(short)0,(short)256)); + KMArray.cast(keyBlob).add((short)1, KMByteBlob.instance(mod,(short)0,(short)256)); + byte[] blob = new byte[620]; + short len = encoder.encode(keyBlob,blob,(short)0); + keyBlob = KMByteBlob.instance(blob, (short)0, len); + arrPtr = KMArray.instance((short)3); + KMArray arg = KMArray.cast(arrPtr); + arg.add((short) 0, keyParams); + arg.add((short)1, keyFormatPtr); + arg.add((short)2, keyBlob); + CommandAPDU apdu = encodeApdu((byte)INS_IMPORT_KEY_CMD, arrPtr); + // print(commandAPDU.getBytes()); + ResponseAPDU response = simulator.transmitCommand(apdu); + short ret = KMArray.instance((short) 3); + KMArray.cast(ret).add((short) 0, KMInteger.exp()); + KMArray.cast(ret).add((short)1, KMByteBlob.exp()); + short inst = KMKeyCharacteristics.exp(); + KMArray.cast(ret).add((short) 2, inst); + byte[] respBuf = response.getBytes(); + len = (short) respBuf.length; + ret = decoder.decode(ret, respBuf, (short) 0, len); + short error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); + short keyBlobLength = KMByteBlob.cast(KMArray.cast(ret).get((short)1)).length(); + short keyCharacteristics = KMArray.cast(ret).get((short)2); + short hwParams = KMKeyCharacteristics.cast(keyCharacteristics).getHardwareEnforced(); + short swParams = KMKeyCharacteristics.cast(keyCharacteristics).getSoftwareEnforced(); + Assert.assertEquals(0x9000, response.getSW()); + Assert.assertEquals(error, KMError.OK); + short tag = KMKeyParameters.findTag(KMType.BOOL_TAG, KMType.NO_AUTH_REQUIRED, hwParams); + Assert.assertEquals(KMBoolTag.cast(tag).getVal(),0x01); + tag = KMKeyParameters.findTag(KMType.UINT_TAG, KMType.KEYSIZE, hwParams); + Assert.assertEquals(KMInteger.cast(KMIntegerTag.cast(tag).getValue()).getShort(), 2048); + tag = KMKeyParameters.findTag(KMType.ENUM_ARRAY_TAG, KMType.DIGEST, hwParams); + Assert.assertTrue(KMEnumArrayTag.cast(tag).contains(KMType.SHA2_256)); + tag = KMKeyParameters.findTag(KMType.ENUM_ARRAY_TAG, KMType.PADDING, hwParams); + Assert.assertTrue(KMEnumArrayTag.cast(tag).contains(KMType.RSA_PSS)); + tag = KMKeyParameters.findTag(KMType.ULONG_TAG, KMType.RSA_PUBLIC_EXPONENT, hwParams); + Assert.assertEquals(KMInteger.cast(KMIntegerTag.cast(tag).getValue()).getSignificantShort(), 0x01); + Assert.assertEquals(KMInteger.cast(KMIntegerTag.cast(tag).getValue()).getShort(), 0x01); + tag = KMKeyParameters.findTag(KMType.ENUM_TAG, KMType.ALGORITHM, hwParams); + Assert.assertEquals(KMEnumTag.cast(tag).getValue(), KMType.RSA); + tag = KMKeyParameters.findTag(KMType.ENUM_TAG, KMType.ORIGIN, hwParams); + Assert.assertEquals(KMEnumTag.cast(tag).getValue(), KMType.IMPORTED); + cleanUp(); + } + + @Test + public void testDeviceLocked(){ + init(); + byte[] hmacKey = new byte[32]; + cryptoProvider.newRandomNumber(hmacKey,(short)0,(short)32); + KMRepository.instance().initComputedHmac(hmacKey,(short)0,(short)32); + // generate aes key with unlocked_device_required + short aesKey = generateAesDesKey(KMType.AES,(short)128,null,null, true); + short keyBlobPtr = KMArray.cast(aesKey).get((short)1); + byte[] keyBlob= new byte[KMByteBlob.cast(keyBlobPtr).length()]; + Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), + KMByteBlob.cast(keyBlobPtr).getStartOff(), + keyBlob,(short)0, (short)keyBlob.length); + // encrypt something + short inParams = getAesDesParams(KMType.AES, KMType.ECB, KMType.PKCS7, null); + byte[] plainData= "Hello World 123!".getBytes(); + short ret = processMessage(plainData, + KMByteBlob.instance(keyBlob,(short)0, (short)keyBlob.length), + KMType.ENCRYPT, + KMKeyParameters.instance(inParams), + (short)0,null,false, false + ); + keyBlobPtr = KMArray.cast(ret).get((short)2); + byte[] cipherData = new byte[KMByteBlob.cast(keyBlobPtr).length()]; + Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), KMByteBlob.cast(keyBlobPtr).getStartOff(), + cipherData,(short)0, (short)cipherData.length); + // create verification token + short verToken = KMVerificationToken.instance(); + KMVerificationToken.cast(verToken).setTimestamp(KMInteger.uint_16((short)1)); + verToken = signVerificationToken(verToken); + // device locked request + deviceLock(verToken); + // decrypt should fail + inParams = getAesDesParams(KMType.AES, KMType.ECB, KMType.PKCS7, null); + short beginResp = begin(KMType.DECRYPT, + KMByteBlob.instance(keyBlob,(short)0, (short)keyBlob.length), KMKeyParameters.instance(inParams), (short)0); + Assert.assertEquals(beginResp,KMError.DEVICE_LOCKED); + short hwToken = KMHardwareAuthToken.instance(); + KMHardwareAuthToken.cast(hwToken).setTimestamp(KMInteger.uint_16((byte)2)); + KMHardwareAuthToken.cast(hwToken).setHwAuthenticatorType(KMEnum.instance(KMType.USER_AUTH_TYPE, (byte)KMType.PASSWORD)); + inParams = getAesDesParams(KMType.AES, KMType.ECB, KMType.PKCS7, null); + hwToken = signHwToken(hwToken); + ret = processMessage(cipherData, + KMByteBlob.instance(keyBlob,(short)0, (short)keyBlob.length), + KMType.DECRYPT, + KMKeyParameters.instance(inParams),hwToken,null,false, false + ); + ret = KMArray.cast(ret).get((short)0); + Assert.assertEquals(KMInteger.cast(ret).getShort(), KMError.OK); + cleanUp(); + } + + private short signHwToken(short hwToken){ + short len = 0; + byte[] scratchPad = new byte[256]; + // add 0 + Util.arrayFillNonAtomic(scratchPad, (short) 0, (short) 256, (byte) 0); + len = 1; + // concatenate challenge - 8 bytes + short ptr = KMHardwareAuthToken.cast(hwToken).getChallenge(); + KMInteger.cast(ptr) + .value(scratchPad, (short) (len + (short) (8 - KMInteger.cast(ptr).length()))); + len += 8; + // concatenate user id - 8 bytes + ptr = KMHardwareAuthToken.cast(hwToken).getUserId(); + KMInteger.cast(ptr) + .value(scratchPad, (short) (len + (short) (8 - KMInteger.cast(ptr).length()))); + len += 8; + // concatenate authenticator id - 8 bytes + ptr = KMHardwareAuthToken.cast(hwToken).getAuthenticatorId(); + KMInteger.cast(ptr) + .value(scratchPad, (short) (len + (short) (8 - KMInteger.cast(ptr).length()))); + len += 8; + // concatenate authenticator type - 4 bytes + ptr = KMHardwareAuthToken.cast(hwToken).getHwAuthenticatorType(); + scratchPad[(short) (len + 3)] = KMEnum.cast(ptr).getVal(); + len += 4; + // concatenate timestamp -8 bytes + ptr = KMHardwareAuthToken.cast(hwToken).getTimestamp(); + KMInteger.cast(ptr) + .value(scratchPad, (short) (len + (short) (8 - KMInteger.cast(ptr).length()))); + len += 8; + // hmac the data +/* HMACKey key = + cryptoProvider.createHMACKey( + KMRepository.instance().getComputedHmacKey(), + (short) 0, + (short) KMRepository.instance().getComputedHmacKey().length); + + */ + byte[] mac = new byte[32]; + /* + len = + cryptoProvider.hmacSign(key, scratchPad, (short) 0, len, + mac, + (short)0); + */ + short key = KMRepository.instance().getComputedHmacKey(); + cryptoProvider.hmacSign( + KMByteBlob.cast(key).getBuffer(), + KMByteBlob.cast(key).getStartOff(), + KMByteBlob.cast(key).length(), + scratchPad, (short) 0, len, + mac, + (short)0); + KMHardwareAuthToken.cast(hwToken).setMac(KMByteBlob.instance(mac,(short)0,(short)mac.length)); + return hwToken; + } + private void deviceLock(short verToken) { + short req = KMArray.instance((short)2); + KMArray.cast(req).add((short)0, KMInteger.uint_8((byte)1)); + KMArray.cast(req).add((short)1, verToken); + CommandAPDU apdu = encodeApdu((byte)INS_DEVICE_LOCKED_CMD,req); + ResponseAPDU response = simulator.transmitCommand(apdu); + short ret = KMArray.instance((short) 1); + KMArray.cast(ret).add((short) 0, KMInteger.exp()); + byte[] respBuf = response.getBytes(); + Assert.assertEquals(respBuf[0],KMError.OK); + } + + private short signVerificationToken(short verToken) { + byte[] scratchPad = new byte[256]; + byte[] authVer = "Auth Verification".getBytes(); + //print(authVer,(short)0,(short)authVer.length); + // concatenation length will be 37 + length of verified parameters list - which is typically empty + Util.arrayFillNonAtomic(scratchPad, (short) 0, (short) 256, (byte) 0); + short params = KMVerificationToken.cast(verToken).getParametersVerified(); + // Add "Auth Verification" - 17 bytes. + Util.arrayCopy(authVer,(short)0, scratchPad, (short)0, (short)authVer.length); + short len = (short)authVer.length; + // concatenate challenge - 8 bytes + short ptr = KMVerificationToken.cast(verToken).getChallenge(); + KMInteger.cast(ptr) + .value(scratchPad, (short) (len + (short) (8 - KMInteger.cast(ptr).length()))); + len += 8; + // concatenate timestamp -8 bytes + ptr = KMVerificationToken.cast(verToken).getTimestamp(); + KMInteger.cast(ptr) + .value(scratchPad, (short) (len + (short) (8 - KMInteger.cast(ptr).length()))); + len += 8; + // concatenate security level - 4 bytes + ptr = KMVerificationToken.cast(verToken).getSecurityLevel(); + scratchPad[(short) (len + 3)] = KMEnum.cast(ptr).getVal(); + len += 4; + // concatenate Parameters verified - blob of encoded data. + ptr = KMVerificationToken.cast(verToken).getParametersVerified(); + if (KMByteBlob.cast(ptr).length() != 0) { + len += KMByteBlob.cast(ptr).getValues(scratchPad, (short) 0); + } + // hmac the data + /* HMACKey key = + cryptoProvider.createHMACKey( + KMRepository.instance().getComputedHmacKey(), + (short) 0, + (short) KMRepository.instance().getComputedHmacKey().length); + + */ + ptr = KMVerificationToken.cast(verToken).getMac(); + byte[] mac = new byte[32]; + /*len = + cryptoProvider.hmacSign(key, scratchPad, (short) 0, len, + mac, + (short)0); + */ + short key = KMRepository.instance().getComputedHmacKey(); + cryptoProvider.hmacSign(KMByteBlob.cast(key).getBuffer(), + KMByteBlob.cast(key).getStartOff(), + KMByteBlob.cast(key).length(), + scratchPad, (short) 0, len, + mac, + (short)0); + KMVerificationToken.cast(verToken).setMac(KMByteBlob.instance(mac,(short)0,(short)mac.length)); + return verToken; + } + + @Test + public void testEcImportKeySuccess() { + init(); + /* + KeyPair ecKeyPair = cryptoProvider.createECKeyPair(); + byte[] pub = new byte[128]; + short len = ((ECPublicKey)ecKeyPair.getPublic()).getW(pub,(short)0); + byte[] priv = new byte[128]; + len = ((ECPrivateKey)ecKeyPair.getPrivate()).getS(priv,(short)0); + */ + byte[] pub = new byte[128]; + byte[] priv = new byte[128]; + short[] lengths = new short[2]; + cryptoProvider.createAsymmetricKey(KMType.EC,priv,(short)0,(short)128,pub,(short)0, (short)128,lengths); + short pubBlob = KMByteBlob.instance(pub,(short)0,lengths[1]); + short privBlob = KMByteBlob.instance(priv,(short)0,lengths[0]); + short arrPtr = KMArray.instance((short)5); + short boolTag = KMBoolTag.instance(KMType.NO_AUTH_REQUIRED); + short keySize = KMIntegerTag.instance(KMType.UINT_TAG, KMType.KEYSIZE, KMInteger.uint_16((short)256)); + short byteBlob = KMByteBlob.instance((short)1); + KMByteBlob.cast(byteBlob).add((short)0, KMType.SHA2_256); + short digest = KMEnumArrayTag.instance(KMType.DIGEST, byteBlob); + short ecCurve = KMEnumTag.instance(KMType.ECCURVE, KMType.P_256); + KMArray.cast(arrPtr).add((short)0, boolTag); + KMArray.cast(arrPtr).add((short)1, keySize); + KMArray.cast(arrPtr).add((short)2, digest); + KMArray.cast(arrPtr).add((short)3, ecCurve); + KMArray.cast(arrPtr).add((short)4, KMEnumTag.instance(KMType.ALGORITHM, KMType.EC)); + short keyParams = KMKeyParameters.instance(arrPtr); + short keyFormatPtr = KMEnum.instance(KMType.KEY_FORMAT, KMType.RAW);// Note: VTS uses PKCS8 + short keyBlob = KMArray.instance((short)2); + KMArray.cast(keyBlob).add((short)0, privBlob); + KMArray.cast(keyBlob).add((short)1, pubBlob); + byte[] blob = new byte[128]; + short len = encoder.encode(keyBlob,blob,(short)0); + keyBlob = KMByteBlob.instance(blob, (short)0, len); + arrPtr = KMArray.instance((short)3); + KMArray arg = KMArray.cast(arrPtr); + arg.add((short) 0, keyParams); + arg.add((short)1, keyFormatPtr); + arg.add((short)2, keyBlob); + CommandAPDU apdu = encodeApdu((byte)INS_IMPORT_KEY_CMD, arrPtr); + // print(commandAPDU.getBytes()); + ResponseAPDU response = simulator.transmitCommand(apdu); + short ret = KMArray.instance((short) 3); + KMArray.cast(ret).add((short) 0, KMInteger.exp()); + KMArray.cast(ret).add((short)1, KMByteBlob.exp()); + short inst = KMKeyCharacteristics.exp(); + KMArray.cast(ret).add((short) 2, inst); + byte[] respBuf = response.getBytes(); + len = (short) respBuf.length; + ret = decoder.decode(ret, respBuf, (short) 0, len); + short error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); + short keyBlobLength = KMByteBlob.cast(KMArray.cast(ret).get((short)1)).length(); + short blobArr = extractKeyBlobArray(KMArray.cast(ret).get((short)1)); + short keyCharacteristics = KMArray.cast(ret).get((short)2); + short hwParams = KMKeyCharacteristics.cast(keyCharacteristics).getHardwareEnforced(); + short swParams = KMKeyCharacteristics.cast(keyCharacteristics).getSoftwareEnforced(); + Assert.assertEquals(0x9000, response.getSW()); + Assert.assertEquals(error, KMError.OK); + short tag = KMKeyParameters.findTag(KMType.BOOL_TAG, KMType.NO_AUTH_REQUIRED, hwParams); + Assert.assertEquals(KMBoolTag.cast(tag).getVal(),0x01); + tag = KMKeyParameters.findTag(KMType.UINT_TAG, KMType.KEYSIZE, hwParams); + Assert.assertEquals(KMInteger.cast(KMIntegerTag.cast(tag).getValue()).getShort(), 256); + tag = KMKeyParameters.findTag(KMType.ENUM_ARRAY_TAG, KMType.DIGEST, hwParams); + Assert.assertTrue(KMEnumArrayTag.cast(tag).contains(KMType.SHA2_256)); + tag = KMKeyParameters.findTag(KMType.ENUM_TAG, KMType.ECCURVE, hwParams); + Assert.assertEquals(KMEnumTag.cast(tag).getValue(), KMType.P_256); + tag = KMKeyParameters.findTag(KMType.ENUM_TAG, KMType.ALGORITHM, hwParams); + Assert.assertEquals(KMEnumTag.cast(tag).getValue(), KMType.EC); + tag = KMKeyParameters.findTag(KMType.ENUM_TAG, KMType.ORIGIN, hwParams); + Assert.assertEquals(KMEnumTag.cast(tag).getValue(), KMType.IMPORTED); + cleanUp(); + } + + private short extractKeyBlobArray(short keyBlob) { + short ret = KMArray.instance((short) 5); + KMArray.cast(ret).add(KMKeymasterApplet.KEY_BLOB_SECRET, KMByteBlob.exp()); + KMArray.cast(ret).add(KMKeymasterApplet.KEY_BLOB_AUTH_TAG, KMByteBlob.exp()); + KMArray.cast(ret).add(KMKeymasterApplet.KEY_BLOB_NONCE, KMByteBlob.exp()); + short ptr = KMKeyCharacteristics.exp(); + KMArray.cast(ret).add(KMKeymasterApplet.KEY_BLOB_KEYCHAR, ptr); + KMArray.cast(ret).add(KMKeymasterApplet.KEY_BLOB_PUB_KEY, KMByteBlob.exp()); + ret = + decoder.decodeArray( + ret, + KMByteBlob.cast(keyBlob).getBuffer(), + KMByteBlob.cast(keyBlob).getStartOff(), + KMByteBlob.cast(keyBlob).length()); + short len = KMArray.cast(ret).length(); + ptr = KMArray.cast(ret).get((short)4); +// print(KMByteBlob.cast(ptr).getBuffer(),KMByteBlob.cast(ptr).getStartOff(),KMByteBlob.cast(ptr).length()); + return ret; + } + + @Test + public void testRsaGenerateKeySuccess() { + init(); + short ret = generateRsaKey(null, null); + short error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); + short keyBlobLength = KMByteBlob.cast(KMArray.cast(ret).get((short)1)).length(); + short keyCharacteristics = KMArray.cast(ret).get((short)2); + short hwParams = KMKeyCharacteristics.cast(keyCharacteristics).getHardwareEnforced(); + short swParams = KMKeyCharacteristics.cast(keyCharacteristics).getSoftwareEnforced(); + Assert.assertEquals(error, KMError.OK); + short tag = KMKeyParameters.findTag(KMType.UINT_TAG, KMType.KEYSIZE, hwParams); + Assert.assertEquals(KMInteger.cast(KMIntegerTag.cast(tag).getValue()).getShort(), 2048); + tag = KMKeyParameters.findTag(KMType.ENUM_ARRAY_TAG, KMType.DIGEST, hwParams); + Assert.assertTrue(KMEnumArrayTag.cast(tag).contains(KMType.DIGEST_NONE)); + tag = KMKeyParameters.findTag(KMType.ENUM_ARRAY_TAG, KMType.PADDING, hwParams); + Assert.assertTrue(KMEnumArrayTag.cast(tag).contains(KMType.RSA_PKCS1_1_5_ENCRYPT)); + tag = KMKeyParameters.findTag(KMType.ULONG_TAG, KMType.RSA_PUBLIC_EXPONENT, hwParams); + Assert.assertEquals(KMInteger.cast(KMIntegerTag.cast(tag).getValue()).getSignificantShort(), 0x01); + Assert.assertEquals(KMInteger.cast(KMIntegerTag.cast(tag).getValue()).getShort(), 0x01); + tag = KMKeyParameters.findTag(KMType.ENUM_TAG, KMType.ALGORITHM, hwParams); + Assert.assertEquals(KMEnumTag.cast(tag).getValue(), KMType.RSA); + tag = KMKeyParameters.findTag(KMType.ENUM_TAG, KMType.ORIGIN, hwParams); + Assert.assertEquals(KMEnumTag.cast(tag).getValue(), KMType.GENERATED); + cleanUp(); + } + + private short generateRsaKey(byte[] clientId, byte[] appData){ + byte[] activeAndCreationDateTime = {0,0,0x01,0x73,0x51,0x7C,(byte)0xCC,0x00}; + short tagCount = 11; + if(clientId != null) tagCount++; + if(appData != null) tagCount++; + short arrPtr = KMArray.instance(tagCount); + short keySize = KMIntegerTag.instance(KMType.UINT_TAG, KMType.KEYSIZE, KMInteger.uint_16((short)2048)); + short byteBlob = KMByteBlob.instance((short)3); + KMByteBlob.cast(byteBlob).add((short)0, KMType.DIGEST_NONE); + KMByteBlob.cast(byteBlob).add((short)1, KMType.SHA2_256); + KMByteBlob.cast(byteBlob).add((short)2, KMType.SHA1); + short digest = KMEnumArrayTag.instance(KMType.DIGEST, byteBlob); + byteBlob = KMByteBlob.instance((short)5); + KMByteBlob.cast(byteBlob).add((short)0, KMType.RSA_PKCS1_1_5_ENCRYPT); + KMByteBlob.cast(byteBlob).add((short)1, KMType.RSA_PKCS1_1_5_SIGN); + KMByteBlob.cast(byteBlob).add((short)2, KMType.RSA_OAEP); + KMByteBlob.cast(byteBlob).add((short)3, KMType.RSA_PSS); + KMByteBlob.cast(byteBlob).add((short)4, KMType.PADDING_NONE); + short padding = KMEnumArrayTag.instance(KMType.PADDING, byteBlob); + byteBlob = KMByteBlob.instance((short)5); + KMByteBlob.cast(byteBlob).add((short)0, KMType.SIGN); + KMByteBlob.cast(byteBlob).add((short)1, KMType.VERIFY); + KMByteBlob.cast(byteBlob).add((short)2, KMType.ENCRYPT); + KMByteBlob.cast(byteBlob).add((short)3, KMType.DECRYPT); + KMByteBlob.cast(byteBlob).add((short)4, KMType.WRAP_KEY); + short purpose = KMEnumArrayTag.instance(KMType.PURPOSE, byteBlob); + byte[] pub = {0,1,0,1}; + short rsaPubExpTag = KMIntegerTag.instance(KMType.ULONG_TAG,KMType.RSA_PUBLIC_EXPONENT, KMInteger.uint_32(pub, (short)0)); + short boolTag = KMBoolTag.instance(KMType.NO_AUTH_REQUIRED); + short tagIndex = 0; + KMArray.cast(arrPtr).add(tagIndex++, purpose); + KMArray.cast(arrPtr).add(tagIndex++, KMBoolTag.instance(KMType.INCLUDE_UNIQUE_ID)); + KMArray.cast(arrPtr).add(tagIndex++, KMBoolTag.instance(KMType.RESET_SINCE_ID_ROTATION)); + KMArray.cast(arrPtr).add(tagIndex++, boolTag); + KMArray.cast(arrPtr).add(tagIndex++, keySize); + KMArray.cast(arrPtr).add(tagIndex++, digest); + KMArray.cast(arrPtr).add(tagIndex++, rsaPubExpTag); + KMArray.cast(arrPtr).add(tagIndex++, KMEnumTag.instance(KMType.ALGORITHM, KMType.RSA)); + KMArray.cast(arrPtr).add(tagIndex++, padding); + short dateTag = KMInteger.uint_64(activeAndCreationDateTime,(short)0); + KMArray.cast(arrPtr).add(tagIndex++, KMIntegerTag.instance(KMType.DATE_TAG,KMType.ACTIVE_DATETIME,dateTag)); + KMArray.cast(arrPtr).add(tagIndex++, KMIntegerTag.instance(KMType.DATE_TAG,KMType.CREATION_DATETIME,dateTag)); + + if(clientId != null)KMArray.cast(arrPtr).add(tagIndex++, + KMByteTag.instance(KMType.APPLICATION_ID, KMByteBlob.instance(clientId,(short)0,(short)clientId.length))); + if(appData != null)KMArray.cast(arrPtr).add(tagIndex++, + KMByteTag.instance(KMType.APPLICATION_DATA, KMByteBlob.instance(appData,(short)0,(short)appData.length))); + short keyParams = KMKeyParameters.instance(arrPtr); + arrPtr = KMArray.instance((short)1); + KMArray arg = KMArray.cast(arrPtr); + arg.add((short) 0, keyParams); + CommandAPDU apdu = encodeApdu((byte)INS_GENERATE_KEY_CMD, arrPtr); + // print(commandAPDU.getBytes()); + ResponseAPDU response = simulator.transmitCommand(apdu); + Assert.assertEquals(0x9000, response.getSW()); + short ret = KMArray.instance((short) 3); + KMArray.cast(ret).add((short) 0, KMInteger.exp()); + KMArray.cast(ret).add((short)1, KMByteBlob.exp()); + short inst = KMKeyCharacteristics.exp(); + KMArray.cast(ret).add((short) 2, inst); + byte[] respBuf = response.getBytes(); + short len = (short) respBuf.length; + ret = decoder.decode(ret, respBuf, (short) 0, len); + return ret; + } + + private short generateAttestationKey(){ + // 15th July 2020 00.00.00 + byte[] activeAndCreationDateTime = {0,0,0x01,0x73,0x51,0x7C,(byte)0xCC,0x00}; + short tagCount = 11; + short arrPtr = KMArray.instance(tagCount); + short keySize = KMIntegerTag.instance(KMType.UINT_TAG, KMType.KEYSIZE, KMInteger.uint_16((short)2048)); + short byteBlob = KMByteBlob.instance((short)3); + KMByteBlob.cast(byteBlob).add((short)0, KMType.DIGEST_NONE); + KMByteBlob.cast(byteBlob).add((short)1, KMType.SHA2_256); + KMByteBlob.cast(byteBlob).add((short)2, KMType.SHA1); + short digest = KMEnumArrayTag.instance(KMType.DIGEST, byteBlob); + byteBlob = KMByteBlob.instance((short)1); + KMByteBlob.cast(byteBlob).add((short)0, KMType.RSA_PKCS1_1_5_SIGN); + short padding = KMEnumArrayTag.instance(KMType.PADDING, byteBlob); + byteBlob = KMByteBlob.instance((short)1); + KMByteBlob.cast(byteBlob).add((short)0, KMType.ATTEST_KEY); + short purpose = KMEnumArrayTag.instance(KMType.PURPOSE, byteBlob); + byte[] pub = {0,1,0,1}; + short rsaPubExpTag = KMIntegerTag.instance(KMType.ULONG_TAG,KMType.RSA_PUBLIC_EXPONENT, KMInteger.uint_32(pub, (short)0)); + short boolTag = KMBoolTag.instance(KMType.NO_AUTH_REQUIRED); + short tagIndex = 0; + KMArray.cast(arrPtr).add(tagIndex++, purpose); + KMArray.cast(arrPtr).add(tagIndex++, boolTag); + KMArray.cast(arrPtr).add(tagIndex++, KMBoolTag.instance(KMType.INCLUDE_UNIQUE_ID)); + KMArray.cast(arrPtr).add(tagIndex++, KMBoolTag.instance(KMType.RESET_SINCE_ID_ROTATION)); + KMArray.cast(arrPtr).add(tagIndex++, boolTag); + KMArray.cast(arrPtr).add(tagIndex++, keySize); + KMArray.cast(arrPtr).add(tagIndex++, digest); + KMArray.cast(arrPtr).add(tagIndex++, rsaPubExpTag); + KMArray.cast(arrPtr).add(tagIndex++, KMEnumTag.instance(KMType.ALGORITHM, KMType.RSA)); + KMArray.cast(arrPtr).add(tagIndex++, padding); + short dateTag = KMInteger.uint_64(activeAndCreationDateTime,(short)0); + KMArray.cast(arrPtr).add(tagIndex++, KMIntegerTag.instance(KMType.ULONG_TAG,KMType.ACTIVE_DATETIME,dateTag)); + KMArray.cast(arrPtr).add(tagIndex++, KMIntegerTag.instance(KMType.ULONG_TAG,KMType.CREATION_DATETIME,dateTag)); + short keyParams = KMKeyParameters.instance(arrPtr); + arrPtr = KMArray.instance((short)1); + KMArray arg = KMArray.cast(arrPtr); + arg.add((short) 0, keyParams); + CommandAPDU apdu = encodeApdu((byte)INS_GENERATE_KEY_CMD, arrPtr); + // print(commandAPDU.getBytes()); + ResponseAPDU response = simulator.transmitCommand(apdu); + Assert.assertEquals(0x9000, response.getSW()); + short ret = KMArray.instance((short) 3); + KMArray.cast(ret).add((short) 0, KMInteger.exp()); + KMArray.cast(ret).add((short)1, KMByteBlob.exp()); + short inst = KMKeyCharacteristics.exp(); + KMArray.cast(ret).add((short) 2, inst); + byte[] respBuf = response.getBytes(); + short len = (short) respBuf.length; + ret = decoder.decode(ret, respBuf, (short) 0, len); + return ret; + } + + @Test + public void testEcGenerateKeySuccess() { + init(); + short ret = generateEcKey(null, null); + short error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); + short keyBlobLength = KMByteBlob.cast(KMArray.cast(ret).get((short)1)).length(); + short keyCharacteristics = KMArray.cast(ret).get((short)2); + short hwParams = KMKeyCharacteristics.cast(keyCharacteristics).getHardwareEnforced(); + short swParams = KMKeyCharacteristics.cast(keyCharacteristics).getSoftwareEnforced(); + Assert.assertEquals(error, KMError.OK); + short tag = KMKeyParameters.findTag(KMType.UINT_TAG, KMType.KEYSIZE, hwParams); + Assert.assertEquals(KMInteger.cast(KMIntegerTag.cast(tag).getValue()).getShort(), 256); + tag = KMKeyParameters.findTag(KMType.ENUM_ARRAY_TAG, KMType.DIGEST, hwParams); + Assert.assertTrue(KMEnumArrayTag.cast(tag).contains(KMType.DIGEST_NONE)); + tag = KMKeyParameters.findTag(KMType.ENUM_TAG, KMType.ALGORITHM, hwParams); + Assert.assertEquals(KMEnumTag.cast(tag).getValue(), KMType.EC); + tag = KMKeyParameters.findTag(KMType.ENUM_TAG, KMType.ORIGIN, hwParams); + Assert.assertEquals(KMEnumTag.cast(tag).getValue(), KMType.GENERATED); + cleanUp(); + } + public short generateEcKey(byte[] clientId, byte[] appData) { + byte[] activeAndCreationDateTime = {0,0,0x01,0x73,0x51,0x7C,(byte)0xCC,0x00}; + short tagCount = 6; + if(clientId != null) tagCount++; + if(appData != null) tagCount++; + short arrPtr = KMArray.instance(tagCount); + short keySize = KMIntegerTag.instance(KMType.UINT_TAG, KMType.KEYSIZE, KMInteger.uint_16((short)256)); + short byteBlob = KMByteBlob.instance((short)2); + KMByteBlob.cast(byteBlob).add((short)0, KMType.DIGEST_NONE); + KMByteBlob.cast(byteBlob).add((short)1, KMType.SHA2_256); + short digest = KMEnumArrayTag.instance(KMType.DIGEST, byteBlob); + byteBlob = KMByteBlob.instance((short)2); + KMByteBlob.cast(byteBlob).add((short)0, KMType.SIGN); + KMByteBlob.cast(byteBlob).add((short)1, KMType.VERIFY); + short purpose = KMEnumArrayTag.instance(KMType.PURPOSE, byteBlob); + short boolTag = KMBoolTag.instance(KMType.NO_AUTH_REQUIRED); + short tagIndex = 0; + KMArray.cast(arrPtr).add(tagIndex++, purpose); + KMArray.cast(arrPtr).add(tagIndex++, boolTag); + KMArray.cast(arrPtr).add(tagIndex++, keySize); + KMArray.cast(arrPtr).add(tagIndex++, digest); + KMArray.cast(arrPtr).add(tagIndex++, KMEnumTag.instance(KMType.ALGORITHM, KMType.EC)); + short dateTag = KMInteger.uint_64(activeAndCreationDateTime,(short)0); + KMArray.cast(arrPtr).add(tagIndex++, KMIntegerTag.instance(KMType.DATE_TAG,KMType.CREATION_DATETIME,dateTag)); + if(clientId != null)KMArray.cast(arrPtr).add(tagIndex++, + KMByteTag.instance(KMType.APPLICATION_ID, KMByteBlob.instance(clientId,(short)0,(short)clientId.length))); + if(appData != null)KMArray.cast(arrPtr).add(tagIndex++, + KMByteTag.instance(KMType.APPLICATION_DATA, KMByteBlob.instance(appData,(short)0,(short)appData.length))); + short keyParams = KMKeyParameters.instance(arrPtr); + arrPtr = KMArray.instance((short)1); + KMArray arg = KMArray.cast(arrPtr); + arg.add((short) 0, keyParams); + CommandAPDU apdu = encodeApdu((byte)INS_GENERATE_KEY_CMD, arrPtr); + // print(commandAPDU.getBytes()); + ResponseAPDU response = simulator.transmitCommand(apdu); + Assert.assertEquals(0x9000, response.getSW()); + short ret = KMArray.instance((short) 3); + KMArray.cast(ret).add((short) 0, KMInteger.exp()); + KMArray.cast(ret).add((short)1, KMByteBlob.exp()); + short inst = KMKeyCharacteristics.exp(); + KMArray.cast(ret).add((short) 2, inst); + byte[] respBuf = response.getBytes(); + short len = (short) respBuf.length; + ret = decoder.decode(ret, respBuf, (short) 0, len); + return ret; + } + + @Test + public void testHmacGenerateKeySuccess() { + init(); + short ret = generateHmacKey(null, null); + short error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); + short keyBlobLength = KMByteBlob.cast(KMArray.cast(ret).get((short)1)).length(); + short keyCharacteristics = KMArray.cast(ret).get((short)2); + short hwParams = KMKeyCharacteristics.cast(keyCharacteristics).getHardwareEnforced(); + short swParams = KMKeyCharacteristics.cast(keyCharacteristics).getSoftwareEnforced(); + Assert.assertEquals(error, KMError.OK); + short tag = KMKeyParameters.findTag(KMType.UINT_TAG, KMType.KEYSIZE, hwParams); + Assert.assertEquals(KMInteger.cast(KMIntegerTag.cast(tag).getValue()).getShort(), 128); + tag = KMKeyParameters.findTag(KMType.ENUM_ARRAY_TAG, KMType.DIGEST, hwParams); + Assert.assertTrue(KMEnumArrayTag.cast(tag).contains(KMType.SHA2_256)); + tag = KMKeyParameters.findTag(KMType.UINT_TAG, KMType.MIN_MAC_LENGTH, hwParams); + Assert.assertEquals(KMInteger.cast(KMIntegerTag.cast(tag).getValue()).getShort(), 160); + tag = KMKeyParameters.findTag(KMType.ENUM_TAG, KMType.ALGORITHM, hwParams); + Assert.assertEquals(KMEnumTag.cast(tag).getValue(), KMType.HMAC); + tag = KMKeyParameters.findTag(KMType.ENUM_TAG, KMType.ORIGIN, hwParams); + Assert.assertEquals(KMEnumTag.cast(tag).getValue(), KMType.GENERATED); + cleanUp(); + } + public short generateHmacKey(byte[] clientId, byte[] appData){ + short tagCount = 6; + if(clientId != null) tagCount++; + if(appData != null) tagCount++; + short arrPtr = KMArray.instance(tagCount); + short keySize = KMIntegerTag.instance(KMType.UINT_TAG, KMType.KEYSIZE, KMInteger.uint_16((short)128)); + short byteBlob = KMByteBlob.instance((short)1); + KMByteBlob.cast(byteBlob).add((short)0, KMType.SHA2_256); + short digest = KMEnumArrayTag.instance(KMType.DIGEST, byteBlob); + byteBlob = KMByteBlob.instance((short)2); + KMByteBlob.cast(byteBlob).add((short)0, KMType.SIGN); + KMByteBlob.cast(byteBlob).add((short)1, KMType.VERIFY); + short purpose = KMEnumArrayTag.instance(KMType.PURPOSE, byteBlob); + short boolTag = KMBoolTag.instance(KMType.NO_AUTH_REQUIRED); + short minMacLen = KMIntegerTag.instance(KMType.UINT_TAG, KMType.MIN_MAC_LENGTH, KMInteger.uint_16((short)/*256*/160)); + short tagIndex = 0; + KMArray.cast(arrPtr).add(tagIndex++, minMacLen); + KMArray.cast(arrPtr).add(tagIndex++, purpose); + KMArray.cast(arrPtr).add(tagIndex++, boolTag); + KMArray.cast(arrPtr).add(tagIndex++, keySize); + KMArray.cast(arrPtr).add(tagIndex++, digest); + KMArray.cast(arrPtr).add(tagIndex++, KMEnumTag.instance(KMType.ALGORITHM, KMType.HMAC)); + if(clientId != null)KMArray.cast(arrPtr).add(tagIndex++, + KMByteTag.instance(KMType.APPLICATION_ID, KMByteBlob.instance(clientId,(short)0,(short)clientId.length))); + if(appData != null)KMArray.cast(arrPtr).add(tagIndex++, + KMByteTag.instance(KMType.APPLICATION_DATA, KMByteBlob.instance(appData,(short)0,(short)appData.length))); + short keyParams = KMKeyParameters.instance(arrPtr); + arrPtr = KMArray.instance((short)1); + KMArray arg = KMArray.cast(arrPtr); + arg.add((short) 0, keyParams); + CommandAPDU apdu = encodeApdu((byte)INS_GENERATE_KEY_CMD, arrPtr); + // print(commandAPDU.getBytes()); + ResponseAPDU response = simulator.transmitCommand(apdu); + short ret = KMArray.instance((short) 3); + KMArray.cast(ret).add((short) 0, KMInteger.exp()); + KMArray.cast(ret).add((short)1, KMByteBlob.exp()); + short inst = KMKeyCharacteristics.exp(); + KMArray.cast(ret).add((short) 2, inst); + byte[] respBuf = response.getBytes(); + short len = (short) respBuf.length; + ret = decoder.decode(ret, respBuf, (short) 0, len); + short error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); + Assert.assertEquals(0x9000, response.getSW()); + Assert.assertEquals(error, KMError.OK); + return ret; + } + public short generateAesDesKey(byte alg, short keysize, byte[] clientId, byte[] appData, boolean unlockReqd) { + short tagCount = 7; + if(clientId != null) tagCount++; + if(appData != null) tagCount++; + if(unlockReqd)tagCount++; + short arrPtr = KMArray.instance(tagCount); + short boolTag = KMBoolTag.instance(KMType.NO_AUTH_REQUIRED); + short keySize = KMIntegerTag.instance(KMType.UINT_TAG, KMType.KEYSIZE, KMInteger.uint_16(keysize)); + short byteBlob = KMByteBlob.instance((short)3); + KMByteBlob.cast(byteBlob).add((short)0, KMType.ECB); + KMByteBlob.cast(byteBlob).add((short)1, KMType.CBC); + KMByteBlob.cast(byteBlob).add((short)2, KMType.CTR); + short blockModeTag = KMEnumArrayTag.instance(KMType.BLOCK_MODE, byteBlob); + byteBlob = KMByteBlob.instance((short)2); + KMByteBlob.cast(byteBlob).add((short)0, KMType.PKCS7); + KMByteBlob.cast(byteBlob).add((short)1, KMType.PADDING_NONE); + short paddingMode = KMEnumArrayTag.instance(KMType.PADDING, byteBlob); + byteBlob = KMByteBlob.instance((short)2); + KMByteBlob.cast(byteBlob).add((short)0, KMType.ENCRYPT); + KMByteBlob.cast(byteBlob).add((short)1, KMType.DECRYPT); + short purpose = KMEnumArrayTag.instance(KMType.PURPOSE, byteBlob); + short tagIndex = 0; + KMArray.cast(arrPtr).add(tagIndex++, boolTag); + KMArray.cast(arrPtr).add(tagIndex++, keySize); + KMArray.cast(arrPtr).add(tagIndex++, blockModeTag); + KMArray.cast(arrPtr).add(tagIndex++, paddingMode); + KMArray.cast(arrPtr).add(tagIndex++, KMEnumTag.instance(KMType.ALGORITHM, alg)); + KMArray.cast(arrPtr).add(tagIndex++, purpose); + KMArray.cast(arrPtr).add(tagIndex++, KMBoolTag.instance(KMType.CALLER_NONCE)); + if(unlockReqd)KMArray.cast(arrPtr).add(tagIndex++, KMBoolTag.instance(KMType.UNLOCKED_DEVICE_REQUIRED)); + if(clientId != null)KMArray.cast(arrPtr).add(tagIndex++, + KMByteTag.instance(KMType.APPLICATION_ID, KMByteBlob.instance(clientId,(short)0,(short)clientId.length))); + if(appData != null)KMArray.cast(arrPtr).add(tagIndex++, + KMByteTag.instance(KMType.APPLICATION_DATA, KMByteBlob.instance(appData,(short)0,(short)appData.length))); + short keyParams = KMKeyParameters.instance(arrPtr); + arrPtr = KMArray.instance((short)1); + KMArray arg = KMArray.cast(arrPtr); + arg.add((short) 0, keyParams); + CommandAPDU apdu = encodeApdu((byte)INS_GENERATE_KEY_CMD, arrPtr); + // print(commandAPDU.getBytes()); + ResponseAPDU response = simulator.transmitCommand(apdu); + short ret = KMArray.instance((short) 3); + KMArray.cast(ret).add((short) 0, KMInteger.exp()); + KMArray.cast(ret).add((short)1, KMByteBlob.exp()); + short inst = KMKeyCharacteristics.exp(); + KMArray.cast(ret).add((short) 2, inst); + byte[] respBuf = response.getBytes(); + short len = (short) respBuf.length; + ret = decoder.decode(ret, respBuf, (short) 0, len); + short error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); + Assert.assertEquals(0x9000, response.getSW()); + Assert.assertEquals(error, KMError.OK); + return ret; + } + public short generateAesGcmKey(short keysize, byte[] clientId, byte[] appData) { + short tagCount = 8; + if(clientId != null) tagCount++; + if(appData != null) tagCount++; + short arrPtr = KMArray.instance(tagCount); + short boolTag = KMBoolTag.instance(KMType.NO_AUTH_REQUIRED); + short keySize = KMIntegerTag.instance(KMType.UINT_TAG, KMType.KEYSIZE, KMInteger.uint_16(keysize)); + short macLength = KMIntegerTag.instance(KMType.UINT_TAG, KMType.MIN_MAC_LENGTH, KMInteger.uint_16((short)96)); + short byteBlob = KMByteBlob.instance((short)1); + KMByteBlob.cast(byteBlob).add((short)0, KMType.GCM); + short blockModeTag = KMEnumArrayTag.instance(KMType.BLOCK_MODE, byteBlob); + byteBlob = KMByteBlob.instance((short)1); + KMByteBlob.cast(byteBlob).add((short)0, KMType.PADDING_NONE); + short paddingMode = KMEnumArrayTag.instance(KMType.PADDING, byteBlob); + byteBlob = KMByteBlob.instance((short)2); + KMByteBlob.cast(byteBlob).add((short)0, KMType.ENCRYPT); + KMByteBlob.cast(byteBlob).add((short)1, KMType.DECRYPT); + short purpose = KMEnumArrayTag.instance(KMType.PURPOSE, byteBlob); + short tagIndex = 0; + KMArray.cast(arrPtr).add(tagIndex++, boolTag); + KMArray.cast(arrPtr).add(tagIndex++, macLength); + KMArray.cast(arrPtr).add(tagIndex++, keySize); + KMArray.cast(arrPtr).add(tagIndex++, blockModeTag); + KMArray.cast(arrPtr).add(tagIndex++, paddingMode); + KMArray.cast(arrPtr).add(tagIndex++, KMEnumTag.instance(KMType.ALGORITHM, KMType.AES)); + KMArray.cast(arrPtr).add(tagIndex++, purpose); + KMArray.cast(arrPtr).add(tagIndex++, KMBoolTag.instance(KMType.CALLER_NONCE)); + if(clientId != null)KMArray.cast(arrPtr).add(tagIndex++, + KMByteTag.instance(KMType.APPLICATION_ID, KMByteBlob.instance(clientId,(short)0,(short)clientId.length))); + if(appData != null)KMArray.cast(arrPtr).add(tagIndex++, + KMByteTag.instance(KMType.APPLICATION_DATA, KMByteBlob.instance(appData,(short)0,(short)appData.length))); + short keyParams = KMKeyParameters.instance(arrPtr); + arrPtr = KMArray.instance((short)1); + KMArray arg = KMArray.cast(arrPtr); + arg.add((short) 0, keyParams); + CommandAPDU apdu = encodeApdu((byte)INS_GENERATE_KEY_CMD, arrPtr); + // print(commandAPDU.getBytes()); + ResponseAPDU response = simulator.transmitCommand(apdu); + short ret = KMArray.instance((short) 3); + KMArray.cast(ret).add((short) 0, KMInteger.exp()); + KMArray.cast(ret).add((short)1, KMByteBlob.exp()); + short inst = KMKeyCharacteristics.exp(); + KMArray.cast(ret).add((short) 2, inst); + byte[] respBuf = response.getBytes(); + short len = (short) respBuf.length; + ret = decoder.decode(ret, respBuf, (short) 0, len); + short error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); + Assert.assertEquals(0x9000, response.getSW()); + Assert.assertEquals(error, KMError.OK); + return ret; + } + + @Test + public void testComputeHmacParams(){ + init(); + // Get Hmac parameters + short ret = getHmacSharingParams(); + short error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); + KMHmacSharingParameters params = KMHmacSharingParameters.cast(KMArray.cast(ret).get((short)1)); + short seed = params.getSeed(); + short nonce = params.getNonce(); + + short params1 = KMHmacSharingParameters.instance(); + KMHmacSharingParameters.cast(params1).setSeed(KMByteBlob.instance((short)0)); + short num = KMByteBlob.instance((short)32); + Util.arrayCopyNonAtomic( + KMByteBlob.cast(nonce).getBuffer(), + KMByteBlob.cast(nonce).getStartOff(), + KMByteBlob.cast(num).getBuffer(), + KMByteBlob.cast(num).getStartOff(), + KMByteBlob.cast(num).length()); + // cryptoProvider.newRandomNumber( +// KMByteBlob.cast(num).getBuffer(), +// KMByteBlob.cast(num).getStartOff(), +// KMByteBlob.cast(num).length()); + KMHmacSharingParameters.cast(params1).setNonce(num); + short params2 = KMHmacSharingParameters.instance(); + KMHmacSharingParameters.cast(params2).setSeed(KMByteBlob.instance((short)0)); + num = KMByteBlob.instance((short)32); + cryptoProvider.newRandomNumber( + KMByteBlob.cast(num).getBuffer(), + KMByteBlob.cast(num).getStartOff(), + KMByteBlob.cast(num).length()); + KMHmacSharingParameters.cast(params2).setNonce(num); + short arr = KMArray.instance((short)2); + KMArray.cast(arr).add((short)0, params1); + KMArray.cast(arr).add((short)1,params2); + short arrPtr = KMArray.instance((short)1); + KMArray.cast(arrPtr).add((short)0,arr); + CommandAPDU apdu = encodeApdu((byte)INS_COMPUTE_SHARED_HMAC_CMD, arrPtr); + // print(commandAPDU.getBytes()); + ResponseAPDU response = simulator.transmitCommand(apdu); + Assert.assertEquals(0x9000, response.getSW()); + ret = KMArray.instance((short) 2); + KMArray.cast(ret).add((short) 0, KMInteger.exp()); + KMArray.cast(ret).add((short)1, KMByteBlob.exp()); + byte[] respBuf = response.getBytes(); + short len = (short) respBuf.length; + ret = decoder.decode(ret, respBuf, (short) 0, len); + error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); + Assert.assertEquals(0x9000, response.getSW()); + Assert.assertEquals(error, KMError.OK); + + cleanUp(); + } + @Test + public void testGetHmacSharingParams(){ + init(); + CommandAPDU commandAPDU = new CommandAPDU(0x80, INS_GET_HMAC_SHARING_PARAM_CMD, 0x40, 0x00); + //print(commandAPDU.getBytes()); + ResponseAPDU response = simulator.transmitCommand(commandAPDU); + KMDecoder dec = new KMDecoder(); + short ret = KMArray.instance((short) 2); + KMArray.cast(ret).add((short) 0, KMInteger.exp()); + short inst = KMHmacSharingParameters.exp(); + KMArray.cast(ret).add((short) 1, inst); + byte[] respBuf = response.getBytes(); + short len = (short) respBuf.length; + ret = decoder.decode(ret, respBuf, (short) 0, len); + short error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); + KMHmacSharingParameters params = KMHmacSharingParameters.cast(KMArray.cast(ret).get((short)1)); + short seed = params.getSeed(); + short nonce = params.getNonce(); + Assert.assertTrue(KMByteBlob.cast(seed).length() == 0); + Assert.assertTrue(KMByteBlob.cast(nonce).length() == 32); + //print(seed); + //print(nonce); + Assert.assertEquals(error, KMError.OK); + cleanUp(); + } + public short getHmacSharingParams(){ + CommandAPDU commandAPDU = new CommandAPDU(0x80, INS_GET_HMAC_SHARING_PARAM_CMD, 0x40, 0x00); + //print(commandAPDU.getBytes()); + ResponseAPDU response = simulator.transmitCommand(commandAPDU); + KMDecoder dec = new KMDecoder(); + short ret = KMArray.instance((short) 2); + KMArray.cast(ret).add((short) 0, KMInteger.exp()); + short inst = KMHmacSharingParameters.exp(); + KMArray.cast(ret).add((short) 1, inst); + byte[] respBuf = response.getBytes(); + short len = (short) respBuf.length; + ret = decoder.decode(ret, respBuf, (short) 0, len); + return ret; + } + + @Test + public void testImportWrappedKey(){ + init(); + byte[] wrappedKey = new byte[16]; + cryptoProvider.newRandomNumber(wrappedKey,(short)0,(short)16); + byte[] encWrappedKey = new byte[16]; + //AESKey transportKey = cryptoProvider.createAESKey((short)256); + byte[] transportKeyMaterial = new byte[32]; + cryptoProvider.newRandomNumber(transportKeyMaterial,(short)0,(short)32); + //transportKey.setKey(transportKeyMaterial,(short)0); + byte[] nonce = new byte[12]; + cryptoProvider.newRandomNumber(nonce,(short)0,(short)12); + byte[] authData = "Auth Data".getBytes(); + byte[] authTag = new byte[12]; + cryptoProvider.aesGCMEncrypt(transportKeyMaterial,(short)0,(short)32,wrappedKey, + (short)0,(short)16,encWrappedKey,(short)0, + nonce,(short)0, (short)12,authData,(short)0,(short)authData.length, + authTag, (short)0, (short)12); + byte[] maskingKey = {1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0}; + byte[] maskedTransportKey = new byte[32]; + for(int i=0; i< maskingKey.length;i++){ + maskedTransportKey[i] = (byte)(transportKeyMaterial[i] ^ maskingKey[i]); + } + short rsaKeyArr = generateRsaKey(null,null); + short keyBlobPtr = KMArray.cast(rsaKeyArr).get((short)1); + byte[] wrappingKeyBlob= new byte[KMByteBlob.cast(keyBlobPtr).length()]; + Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), + KMByteBlob.cast(keyBlobPtr).getStartOff(), + wrappingKeyBlob,(short)0, (short)wrappingKeyBlob.length); + short inParams = getRsaParams(KMType.SHA2_256, KMType.RSA_OAEP); + short ret = processMessage(maskedTransportKey, + KMByteBlob.instance(wrappingKeyBlob,(short)0, (short)wrappingKeyBlob.length), + KMType.ENCRYPT, + KMKeyParameters.instance(inParams), + (short)0,null,false,false + ); + keyBlobPtr = KMArray.cast(ret).get((short)2); + byte[] encTransportKey = new byte[KMByteBlob.cast(keyBlobPtr).length()]; + Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), KMByteBlob.cast(keyBlobPtr).getStartOff(), + encTransportKey,(short)0, (short)encTransportKey.length); + short tagCount = 7; + short arrPtr = KMArray.instance(tagCount); + short boolTag = KMBoolTag.instance(KMType.NO_AUTH_REQUIRED); + short keySize = KMIntegerTag.instance(KMType.UINT_TAG, KMType.KEYSIZE, KMInteger.uint_16((short)128)); + short byteBlob = KMByteBlob.instance((short)2); + KMByteBlob.cast(byteBlob).add((short)0, KMType.ECB); + KMByteBlob.cast(byteBlob).add((short)1, KMType.CBC); + short blockModeTag = KMEnumArrayTag.instance(KMType.BLOCK_MODE, byteBlob); + byteBlob = KMByteBlob.instance((short)2); + KMByteBlob.cast(byteBlob).add((short)0, KMType.PKCS7); + KMByteBlob.cast(byteBlob).add((short)1, KMType.PADDING_NONE); + short paddingMode = KMEnumArrayTag.instance(KMType.PADDING, byteBlob); + byteBlob = KMByteBlob.instance((short)2); + KMByteBlob.cast(byteBlob).add((short)0, KMType.ENCRYPT); + KMByteBlob.cast(byteBlob).add((short)1, KMType.DECRYPT); + short purpose = KMEnumArrayTag.instance(KMType.PURPOSE, byteBlob); + short tagIndex = 0; + KMArray.cast(arrPtr).add(tagIndex++, boolTag); + KMArray.cast(arrPtr).add(tagIndex++, keySize); + KMArray.cast(arrPtr).add(tagIndex++, blockModeTag); + KMArray.cast(arrPtr).add(tagIndex++, paddingMode); + KMArray.cast(arrPtr).add(tagIndex++, KMEnumTag.instance(KMType.ALGORITHM, KMType.AES)); + KMArray.cast(arrPtr).add(tagIndex++, purpose); + KMArray.cast(arrPtr).add(tagIndex++, KMBoolTag.instance(KMType.CALLER_NONCE)); + short keyParams = KMKeyParameters.instance(arrPtr); + short nullParams = KMArray.instance((short)0); + nullParams = KMKeyParameters.instance(nullParams); + short arr = KMArray.instance((short)12); + KMArray.cast(arr).add((short) 0, keyParams); // Key Params of wrapped key + KMArray.cast(arr).add((short) 1, KMEnum.instance(KMType.KEY_FORMAT,KMType.RAW)); // Key Format + KMArray.cast(arr).add((short) 2, KMByteBlob.instance(encWrappedKey,(short)0,(short)encWrappedKey.length)); // Wrapped Import Key Blob + KMArray.cast(arr).add((short) 3, KMByteBlob.instance(authTag,(short)0,(short)authTag.length)); // Auth Tag + KMArray.cast(arr).add((short) 4, KMByteBlob.instance(nonce,(short)0,(short)nonce.length)); // IV - Nonce + KMArray.cast(arr).add((short) 5, KMByteBlob.instance(encTransportKey,(short)0,(short)encTransportKey.length)); // Encrypted Transport Key + KMArray.cast(arr).add((short) 6, KMByteBlob.instance(wrappingKeyBlob,(short)0, (short)wrappingKeyBlob.length)); // Wrapping Key KeyBlob + KMArray.cast(arr).add((short) 7, KMByteBlob.instance(maskingKey,(short)0,(short)maskingKey.length)); // Masking Key + KMArray.cast(arr).add((short) 8, nullParams); // Un-wrapping Params + KMArray.cast(arr).add((short) 9, KMByteBlob.instance(authData,(short)0,(short)authData.length)); // Wrapped Key ASSOCIATED AUTH DATA + KMArray.cast(arr).add((short) 10, KMInteger.uint_8((byte)0)); // Password Sid + KMArray.cast(arr).add((short) 11, KMInteger.uint_8((byte)0)); // Biometric Sid + CommandAPDU apdu = encodeApdu((byte)INS_IMPORT_WRAPPED_KEY_CMD, arr); + // print(commandAPDU.getBytes()); + ResponseAPDU response = simulator.transmitCommand(apdu); + ret = KMArray.instance((short) 3); + KMArray.cast(ret).add((short) 0, KMInteger.exp()); + KMArray.cast(ret).add((short)1, KMByteBlob.exp()); + short inst = KMKeyCharacteristics.exp(); + KMArray.cast(ret).add((short) 2, inst); + byte[] respBuf = response.getBytes(); + short len = (short) respBuf.length; + ret = decoder.decode(ret, respBuf, (short) 0, len); + short error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); + short keyBlobLength = KMByteBlob.cast(KMArray.cast(ret).get((short)1)).length(); + short keyCharacteristics = KMArray.cast(ret).get((short)2); + short hwParams = KMKeyCharacteristics.cast(keyCharacteristics).getHardwareEnforced(); + short swParams = KMKeyCharacteristics.cast(keyCharacteristics).getSoftwareEnforced(); + Assert.assertEquals(0x9000, response.getSW()); + Assert.assertEquals(error, KMError.OK); + short tag = KMKeyParameters.findTag(KMType.BOOL_TAG, KMType.NO_AUTH_REQUIRED, hwParams); + Assert.assertEquals(KMBoolTag.cast(tag).getVal(),0x01); + tag = KMKeyParameters.findTag(KMType.UINT_TAG, KMType.KEYSIZE, hwParams); + Assert.assertEquals(KMInteger.cast(KMIntegerTag.cast(tag).getValue()).getShort(), 128); + tag = KMKeyParameters.findTag(KMType.ENUM_ARRAY_TAG, KMType.PADDING, hwParams); + Assert.assertTrue(KMEnumArrayTag.cast(tag).contains(KMType.PKCS7)); + tag = KMKeyParameters.findTag(KMType.ENUM_ARRAY_TAG, KMType.BLOCK_MODE, hwParams); + Assert.assertTrue(KMEnumArrayTag.cast(tag).contains(KMType.ECB)); + tag = KMKeyParameters.findTag(KMType.ENUM_TAG, KMType.ALGORITHM, hwParams); + Assert.assertEquals(KMEnumTag.cast(tag).getValue(), KMType.AES); + tag = KMKeyParameters.findTag(KMType.ENUM_TAG, KMType.ORIGIN, hwParams); + Assert.assertEquals(KMEnumTag.cast(tag).getValue(), KMType.SECURELY_IMPORTED); + cleanUp(); + } + + @Test + public void testGetKeyCharacteristicsWithIdDataSuccess() { + init(); + byte[] clientId = "clientId".getBytes(); + byte[] appData = "appData".getBytes(); + short ret = generateRsaKey(clientId,appData); + short error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); + Assert.assertEquals(error, KMError.OK); + short keyBlob = KMArray.cast(ret).get((short)1); + + short arrPtr = KMArray.instance((short)3); + KMArray.cast(arrPtr).add((short)0, keyBlob); + KMArray.cast(arrPtr).add((short)1, KMByteBlob.instance(clientId,(short)0, (short)clientId.length)); + KMArray.cast(arrPtr).add((short)2, KMByteBlob.instance(appData,(short)0, (short)appData.length)); + CommandAPDU apdu = encodeApdu((byte)INS_GET_KEY_CHARACTERISTICS_CMD, arrPtr); + // print(commandAPDU.getBytes()); + ResponseAPDU response = simulator.transmitCommand(apdu); + ret = KMArray.instance((short) 2); + KMArray.cast(ret).add((short) 0, KMInteger.exp()); + short inst = KMKeyCharacteristics.exp(); + KMArray.cast(ret).add((short) 1, inst); + byte[] respBuf = response.getBytes(); + short len = (short) respBuf.length; + ret = decoder.decode(ret, respBuf, (short) 0, len); + error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); + Assert.assertEquals(error, KMError.OK); + cleanUp(); + } + + @Test + public void testGetKeyCharacteristicsSuccess() { + init(); + short ret = generateRsaKey(null, null); + short error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); + Assert.assertEquals(error, KMError.OK); + short keyBlob = KMArray.cast(ret).get((short)1); + + short arrPtr = KMArray.instance((short)3); + KMArray.cast(arrPtr).add((short)0, keyBlob); + KMArray.cast(arrPtr).add((short)1, KMByteBlob.instance((short)0)); + KMArray.cast(arrPtr).add((short)2, KMByteBlob.instance((short)0)); + CommandAPDU apdu = encodeApdu((byte)INS_GET_KEY_CHARACTERISTICS_CMD, arrPtr); + // print(commandAPDU.getBytes()); + ResponseAPDU response = simulator.transmitCommand(apdu); + ret = KMArray.instance((short) 2); + KMArray.cast(ret).add((short) 0, KMInteger.exp()); + short inst = KMKeyCharacteristics.exp(); + KMArray.cast(ret).add((short) 1, inst); + byte[] respBuf = response.getBytes(); + short len = (short) respBuf.length; + ret = decoder.decode(ret, respBuf, (short) 0, len); + error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); + Assert.assertEquals(error, KMError.OK); + cleanUp(); + } + + @Test + public void testDeleteKeySuccess() { + init(); + short ret = generateRsaKey(null, null); + short keyBlobPtr = KMArray.cast(ret).get((short)1); + byte[] keyBlob = new byte[KMByteBlob.cast(keyBlobPtr).length()]; + short len = KMByteBlob.cast(keyBlobPtr).getValues(keyBlob, (short)0); + ret = getKeyCharacteristics(keyBlobPtr); + short error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); + Assert.assertEquals(error, KMError.OK); + ret = deleteKey(KMByteBlob.instance(keyBlob,(short)0,(short)keyBlob.length)); + Assert.assertEquals(ret, KMError.OK); +/* ret = getKeyCharacteristics(KMByteBlob.instance(keyBlob,(short)0,(short)keyBlob.length)); + short err = KMByteBlob.cast(ret).get((short)1); + Assert.assertEquals(KMError.INVALID_KEY_BLOB,err); + + */ + cleanUp(); + } + + @Test + public void testDeleteAllKeySuccess() { + init(); + short ret1 = generateRsaKey(null, null); + short keyBlobPtr = KMArray.cast(ret1).get((short)1); + byte[] keyBlob1 = new byte[KMByteBlob.cast(keyBlobPtr).length()]; + short len = KMByteBlob.cast(keyBlobPtr).getValues(keyBlob1, (short)0); + short ret2 = generateRsaKey(null, null); + keyBlobPtr = KMArray.cast(ret2).get((short)1); + byte[] keyBlob2 = new byte[KMByteBlob.cast(keyBlobPtr).length()]; + len = KMByteBlob.cast(keyBlobPtr).getValues(keyBlob2, (short)0); + CommandAPDU apdu = new CommandAPDU(0x80, INS_DELETE_ALL_KEYS_CMD, 0x40, 0x00); + // print(commandAPDU.getBytes()); + ResponseAPDU response = simulator.transmitCommand(apdu); + byte[] respBuf = response.getBytes(); + Assert.assertEquals(respBuf[0], KMError.OK); +/* short ret = getKeyCharacteristics(KMByteBlob.instance(keyBlob1,(short)0,(short)keyBlob1.length)); + short err = KMByteBlob.cast(ret).get((short)1); + Assert.assertEquals(KMError.INVALID_KEY_BLOB,err); + ret = getKeyCharacteristics(KMByteBlob.instance(keyBlob2,(short)0,(short)keyBlob2.length)); + err = KMByteBlob.cast(ret).get((short)1); + Assert.assertEquals(KMError.INVALID_KEY_BLOB,err); + + */ + cleanUp(); + } + + private short deleteKey(short keyBlob) { + short arrPtr = KMArray.instance((short)1); + KMArray.cast(arrPtr).add((short)0, keyBlob); + CommandAPDU apdu = encodeApdu((byte)INS_DELETE_KEY_CMD, arrPtr); + // print(commandAPDU.getBytes()); + ResponseAPDU response = simulator.transmitCommand(apdu); + byte[] respBuf = response.getBytes(); + return respBuf[0]; + } + + private short abort(short opHandle) { + short arrPtr = KMArray.instance((short)1); + KMArray.cast(arrPtr).add((short)0, opHandle); + CommandAPDU apdu = encodeApdu((byte)INS_ABORT_OPERATION_CMD, arrPtr); + // print(commandAPDU.getBytes()); + ResponseAPDU response = simulator.transmitCommand(apdu); + byte[] respBuf = response.getBytes(); + return respBuf[0]; + } + + public short getKeyCharacteristics(short keyBlob){ + short arrPtr = KMArray.instance((short)3); + KMArray.cast(arrPtr).add((short)0, keyBlob); + KMArray.cast(arrPtr).add((short)1, KMByteBlob.instance((short)0)); + KMArray.cast(arrPtr).add((short)2, KMByteBlob.instance((short)0)); + CommandAPDU apdu = encodeApdu((byte)INS_GET_KEY_CHARACTERISTICS_CMD, arrPtr); + // print(commandAPDU.getBytes()); + ResponseAPDU response = simulator.transmitCommand(apdu); + short ret = KMArray.instance((short) 2); + KMArray.cast(ret).add((short) 0, KMInteger.exp()); + short inst = KMKeyCharacteristics.exp(); + KMArray.cast(ret).add((short) 1, inst); + byte[] respBuf = response.getBytes(); + short len = (short) respBuf.length; + if( len > 5) + ret = decoder.decode(ret, respBuf, (short) 0, len); + else + ret = KMByteBlob.instance(respBuf, (short)0, len); + return ret; + } + + @Test + public void testWithAesGcmWithUpdate(){ + init(); + testEncryptDecryptWithAesDes(KMType.AES, KMType.GCM, KMType.PADDING_NONE,true); + cleanUp(); + } + @Test + public void testWithAesEcbPkcs7WithUpdate(){ + init(); + testEncryptDecryptWithAesDes(KMType.AES, KMType.ECB, KMType.PKCS7,true); + cleanUp(); + } + + @Test + public void testWithAesCtrNoPadWithUpdate(){ + init(); + testEncryptDecryptWithAesDes(KMType.AES, KMType.CTR, KMType.PADDING_NONE,true); + cleanUp(); + } + + @Test + public void testWithAesCtrNoPad(){ + init(); + testEncryptDecryptWithAesDes(KMType.AES, KMType.CTR, KMType.PADDING_NONE,false); + cleanUp(); + } + + @Test + public void testWithAesEcbNoPadWithUpdate(){ + init(); + testEncryptDecryptWithAesDes(KMType.AES, KMType.ECB, KMType.PADDING_NONE,true); + cleanUp(); + } + @Test + public void testWithDesEcbPkcs7WithUpdate(){ + init(); + testEncryptDecryptWithAesDes(KMType.DES, KMType.ECB, KMType.PKCS7,true); + cleanUp(); + } + @Test + public void testWithDesEcbNoPadWithUpdate(){ + init(); + testEncryptDecryptWithAesDes(KMType.DES, KMType.ECB, KMType.PADDING_NONE,true); + cleanUp(); + } + @Test + public void testWithAesCbcPkcs7WithUpdate(){ + init(); + testEncryptDecryptWithAesDes(KMType.AES, KMType.CBC, KMType.PKCS7,true); + cleanUp(); + } + @Test + public void testWithAesCbcNoPadWithUpdate(){ + init(); + testEncryptDecryptWithAesDes(KMType.AES, KMType.CBC, KMType.PADDING_NONE,true); + cleanUp(); + } + @Test + public void testWithDesCbcPkcs7WithUpdate(){ + init(); + testEncryptDecryptWithAesDes(KMType.DES, KMType.CBC, KMType.PKCS7,true); + cleanUp(); + } + @Test + public void testWithDesCbcNoPadWithUpdate(){ + init(); + testEncryptDecryptWithAesDes(KMType.DES, KMType.CBC, KMType.PADDING_NONE,true); + cleanUp(); + } + + @Test + public void testWithAesEcbPkcs7(){ + init(); + testEncryptDecryptWithAesDes(KMType.AES, KMType.ECB, KMType.PKCS7,false); + cleanUp(); + } + @Test + public void testWithAesCbcPkcs7(){ + init(); + testEncryptDecryptWithAesDes(KMType.AES, KMType.CBC, KMType.PKCS7,false); + cleanUp(); + } + @Test + public void testWithAesEcbNoPad(){ + init(); + testEncryptDecryptWithAesDes(KMType.AES, KMType.ECB, KMType.PADDING_NONE,false); + cleanUp(); + } + + @Test + public void testWithAesCbcNoPad(){ + init(); + testEncryptDecryptWithAesDes(KMType.AES, KMType.CBC, KMType.PADDING_NONE,false); + cleanUp(); + } + + @Test + public void testWithDesCbcPkcs7(){ + init(); + testEncryptDecryptWithAesDes(KMType.DES, KMType.CBC, KMType.PKCS7,false); + cleanUp(); + } + + @Test + public void testWithDesCbcNoPad(){ + init(); + testEncryptDecryptWithAesDes(KMType.DES, KMType.CBC, KMType.PADDING_NONE,false); + cleanUp(); + } + @Test + public void testWithDesEcbNoPad(){ + init(); + testEncryptDecryptWithAesDes(KMType.DES, KMType.ECB, KMType.PADDING_NONE,false); + cleanUp(); + } + @Test + public void testWithDesEcbPkcs7(){ + init(); + testEncryptDecryptWithAesDes(KMType.DES, KMType.ECB, KMType.PKCS7,false); + cleanUp(); + } + + @Test + public void testWithRsa256Oaep(){ + init(); + testEncryptDecryptWithRsa(KMType.SHA2_256, KMType.RSA_OAEP); + cleanUp(); + } + @Test + public void testWithRsaSha1Oaep(){ + init(); + testEncryptDecryptWithRsa(KMType.SHA1, KMType.RSA_OAEP); + cleanUp(); + } + + @Test + public void testWithRsaNonePkcs1(){ + init(); + testEncryptDecryptWithRsa(KMType.DIGEST_NONE, KMType.RSA_PKCS1_1_5_ENCRYPT); + cleanUp(); + } + + @Test + public void testWithRsaNoneNoPad(){ + init(); + testEncryptDecryptWithRsa(KMType.DIGEST_NONE, KMType.PADDING_NONE); + cleanUp(); + } + + // TODO Signing with no digest is not supported by crypto provider or javacard + @Test + public void testSignWithRsaNoneNoPad(){ + init(); + testSignVerifyWithRsa(KMType.DIGEST_NONE, KMType.PADDING_NONE,false, false); + cleanUp(); + } + + @Test + public void testSignWithRsaNonePkcs1(){ + init(); + testSignVerifyWithRsa(KMType.DIGEST_NONE, KMType.RSA_PKCS1_1_5_SIGN,false, false); + cleanUp(); + } + + @Test + public void testSignVerifyWithHmacSHA256WithUpdate(){ + init(); + testSignVerifyWithHmac(KMType.SHA2_256, true); + cleanUp(); + } + + @Test + public void testSignVerifyWithHmacSHA256(){ + init(); + testSignVerifyWithHmac(KMType.SHA2_256, false); + cleanUp(); + } + + @Test + public void testSignVerifyWithEcdsaSHA256WithUpdate(){ + init(); + testSignVerifyWithEcdsa(KMType.SHA2_256, true); + cleanUp(); + } + @Test + public void testSignVerifyWithEcdsaSHA256(){ + init(); + testSignVerifyWithEcdsa(KMType.SHA2_256, false); + cleanUp(); + } + @Test + public void testSignVerifyWithRsaSHA256Pkcs1(){ + init(); + testSignVerifyWithRsa(KMType.SHA2_256, KMType.RSA_PKCS1_1_5_SIGN,false, true); + cleanUp(); + } + @Test + public void testSignVerifyWithRsaSHA256Pss(){ + init(); + testSignVerifyWithRsa(KMType.SHA2_256, KMType.RSA_PSS,false, true); + cleanUp(); + } + + @Test + public void testSignVerifyWithRsaSHA256Pkcs1WithUpdate(){ + init(); + testSignVerifyWithRsa(KMType.SHA2_256, KMType.RSA_PKCS1_1_5_SIGN,true, true); + cleanUp(); + } + + @Test + public void testProvisionSuccess(){ + AID appletAID1 = AIDUtil.create("A000000062"); + simulator.installApplet(appletAID1, KMJCardSimApplet.class); + // Select applet + simulator.selectApplet(appletAID1); + // provision attest key + provisionCmd(simulator); + cleanUp(); + } + + @Test + public void testAttestRsaKey(){ + init(); + short key = generateRsaKey(null,null); + short keyBlobPtr = KMArray.cast(key).get((short)1); + byte[] keyBlob= new byte[KMByteBlob.cast(keyBlobPtr).length()]; + Util.arrayCopyNonAtomic( + KMByteBlob.cast(keyBlobPtr).getBuffer(), + KMByteBlob.cast(keyBlobPtr).getStartOff(), + keyBlob,(short)0, (short)keyBlob.length); + testAttestKey(keyBlob); + cleanUp(); + } + + @Test + public void testAttestEcKey(){ + init(); + short key = generateEcKey(null,null); + short keyBlobPtr = KMArray.cast(key).get((short)1); + byte[] keyBlob= new byte[KMByteBlob.cast(keyBlobPtr).length()]; + Util.arrayCopyNonAtomic( + KMByteBlob.cast(keyBlobPtr).getBuffer(), + KMByteBlob.cast(keyBlobPtr).getStartOff(), + keyBlob,(short)0, (short)keyBlob.length); + testAttestKey(keyBlob); + cleanUp(); + } + + public void testAttestKey(byte[] keyBlob){ + /* + short key = generateRsaKey(null,null); + short keyBlobPtr = KMArray.cast(key).get((short)1); + byte[] keyBlob= new byte[KMByteBlob.cast(keyBlobPtr).length()]; + Util.arrayCopyNonAtomic( + KMByteBlob.cast(keyBlobPtr).getBuffer(), + KMByteBlob.cast(keyBlobPtr).getStartOff(), + keyBlob,(short)0, (short)keyBlob.length); + */ + short arrPtr = KMArray.instance((short)2); + KMArray.cast(arrPtr).add((short)0, KMByteTag.instance(KMType.ATTESTATION_APPLICATION_ID, + KMByteBlob.instance(attAppId,(short)0,(short)attAppId.length))); + KMArray.cast(arrPtr).add((short)1, KMByteTag.instance(KMType.ATTESTATION_CHALLENGE, + KMByteBlob.instance(attChallenge,(short)0,(short)attChallenge.length))); + short keyParams = KMKeyParameters.instance(arrPtr); + short args = KMArray.instance((short)2); + KMArray.cast(args).add((short)0, KMByteBlob.instance(keyBlob,(short)0,(short)keyBlob.length)); + KMArray.cast(args).add((short)1, keyParams); + CommandAPDU apdu = encodeApdu((byte)INS_ATTEST_KEY_CMD, args); + //print(apdu.getBytes(),(short)0,(short)apdu.getBytes().length); + ResponseAPDU response = simulator.transmitCommand(apdu); + short ret = KMArray.instance((short) 2); + short arrBlobs = KMArray.instance((short)1); + KMArray.cast(arrBlobs).add((short)0, KMByteBlob.exp()); + KMArray.cast(ret).add((short)0, KMInteger.exp()); + KMArray.cast(ret).add((short)1, arrBlobs); + byte[] respBuf = response.getBytes(); + short len = (short) respBuf.length; + //(respBuf,(short)0,(short)respBuf.length); + ret = decoder.decode(ret, respBuf, (short) 0, len); + short error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); + Assert.assertEquals(error, KMError.OK); + arrBlobs = KMArray.cast(ret).get((short)1); + short cert = KMArray.cast(arrBlobs).get((short)0); + //printCert(KMByteBlob.cast(cert).getBuffer(),KMByteBlob.cast(cert).getStartOff(),KMByteBlob.cast(cert).length()); + } + + @Test + public void testUpgradeKey(){ + init(); + short ret = generateHmacKey(null, null); + short keyBlobPtr = KMArray.cast(ret).get((short)1); + byte[] keyBlob= new byte[KMByteBlob.cast(keyBlobPtr).length()]; + Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), KMByteBlob.cast(keyBlobPtr).getStartOff(), + keyBlob,(short)0, (short)keyBlob.length); + short keyCharacteristics = KMArray.cast(ret).get((short)2); + short hwParams = KMKeyCharacteristics.cast(keyCharacteristics).getHardwareEnforced(); + short swParams = KMKeyCharacteristics.cast(keyCharacteristics).getSoftwareEnforced(); + short osVersion = KMKeyParameters.findTag(KMType.UINT_TAG,KMType.OS_VERSION,hwParams); + osVersion = KMIntegerTag.cast(osVersion).getValue(); + short osPatch = KMKeyParameters.findTag(KMType.UINT_TAG,KMType.OS_PATCH_LEVEL,hwParams); + osPatch = KMIntegerTag.cast(osPatch).getValue(); + Assert.assertEquals(KMInteger.cast(osVersion).getShort(), 1); + Assert.assertEquals(KMInteger.cast(osPatch).getShort(), 1); + setBootParams(simulator,(short) 2,(short)2, (short)1, (short)1); + ret = upgradeKey(KMByteBlob.instance(keyBlob, (short)0, (short)keyBlob.length),null, null); + keyBlobPtr = KMArray.cast(ret).get((short)1); + ret = getKeyCharacteristics(keyBlobPtr); + keyCharacteristics = KMArray.cast(ret).get((short)1); + hwParams = KMKeyCharacteristics.cast(keyCharacteristics).getHardwareEnforced(); + osVersion = KMKeyParameters.findTag(KMType.UINT_TAG,KMType.OS_VERSION,hwParams); + osVersion = KMIntegerTag.cast(osVersion).getValue(); + osPatch = KMKeyParameters.findTag(KMType.UINT_TAG,KMType.OS_PATCH_LEVEL,hwParams); + osPatch = KMIntegerTag.cast(osPatch).getValue(); + Assert.assertEquals(KMInteger.cast(osVersion).getShort(), 2); + Assert.assertEquals(KMInteger.cast(osPatch).getShort(), 2); + cleanUp(); + } + + @Test + public void testDestroyAttIds(){ + init(); + CommandAPDU commandAPDU = new CommandAPDU(0x80, INS_DESTROY_ATT_IDS_CMD, 0x40, 0x00); + ResponseAPDU response = simulator.transmitCommand(commandAPDU); + byte[] respBuf = response.getBytes(); + Assert.assertEquals(respBuf[0], 0); + cleanUp(); + } + + private short upgradeKey(short keyBlobPtr, byte[] clientId, byte[] appData){ + short tagCount = 0; + short clientIdTag = 0; + short appDataTag = 0; + if(clientId != null) tagCount++; + if(appData != null) tagCount++; + short keyParams = KMArray.instance(tagCount); + short tagIndex=0; + if(clientId != null)KMArray.cast(keyBlobPtr).add(tagIndex++, + KMByteTag.instance(KMType.APPLICATION_ID, KMByteBlob.instance(clientId,(short)0,(short)clientId.length))); + if(appData != null)KMArray.cast(keyParams).add(tagIndex++, + KMByteTag.instance(KMType.APPLICATION_DATA, KMByteBlob.instance(appData,(short)0,(short)appData.length))); + keyParams = KMKeyParameters.instance(keyParams); + short arr = KMArray.instance((short)2); + KMArray.cast(arr).add((short)0,keyBlobPtr); + KMArray.cast(arr).add((short)1,keyParams); + CommandAPDU apdu = encodeApdu((byte)INS_UPGRADE_KEY_CMD, arr); + // print(commandAPDU.getBytes()); + ResponseAPDU response = simulator.transmitCommand(apdu); + short ret = KMArray.instance((short) 2); + KMArray.cast(ret).add((short) 0, KMInteger.exp()); + KMArray.cast(ret).add((short)1, KMByteBlob.exp()); + byte[] respBuf = response.getBytes(); + short len = (short) respBuf.length; + ret = decoder.decode(ret, respBuf, (short) 0, len); + short error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); + Assert.assertEquals(error, KMError.OK); + return ret; + } + @Test + public void testSignVerifyWithRsaSHA256PssWithUpdate(){ + init(); + testSignVerifyWithRsa(KMType.SHA2_256, KMType.RSA_PSS,true, true); + cleanUp(); + } + @Test + public void testAbortOperation(){ + init(); + short aesDesKeyArr = generateAesDesKey(KMType.AES, (short)128,null, null, false);; + short keyBlobPtr = KMArray.cast(aesDesKeyArr).get((short)1); + byte[] keyBlob= new byte[KMByteBlob.cast(keyBlobPtr).length()]; + Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), KMByteBlob.cast(keyBlobPtr).getStartOff(), + keyBlob,(short)0, (short)keyBlob.length); + byte[] nonce = new byte[16]; + cryptoProvider.newRandomNumber(nonce,(short)0,(short)16); + short inParams = getAesDesParams(KMType.AES,KMType.ECB, KMType.PKCS7, nonce); + byte[] plainData= "Hello World 123!".getBytes(); + short ret = begin(KMType.ENCRYPT, KMByteBlob.instance(keyBlob,(short)0, (short)keyBlob.length), KMKeyParameters.instance(inParams), (short)0); + short opHandle = KMArray.cast(ret).get((short) 2); + opHandle = KMInteger.cast(opHandle).getShort(); + abort(KMInteger.uint_16(opHandle)); + short dataPtr = KMByteBlob.instance(plainData, (short) 0, (short) plainData.length); + ret = update(KMInteger.uint_16(opHandle), dataPtr, (short) 0, (short) 0, (short) 0); + Assert.assertEquals(KMError.INVALID_OPERATION_HANDLE,ret); + cleanUp(); + } + + public void testEncryptDecryptWithAesDes(byte alg, byte blockMode, byte padding, boolean update){ + short aesDesKeyArr; + boolean aesGcmFlag = false; + if(alg == KMType.AES){ + if(blockMode == KMType.GCM){ + aesDesKeyArr = generateAesGcmKey((short)128,null,null); + aesGcmFlag = true; + } else { + aesDesKeyArr = generateAesDesKey(alg, (short) 128, null, null, false); + } + } else{ + aesDesKeyArr = generateAesDesKey(alg, (short)168,null, null, false); + } + short keyBlobPtr = KMArray.cast(aesDesKeyArr).get((short)1); + byte[] keyBlob= new byte[KMByteBlob.cast(keyBlobPtr).length()]; + Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), KMByteBlob.cast(keyBlobPtr).getStartOff(), + keyBlob,(short)0, (short)keyBlob.length); + byte[] nonce = new byte[16]; + cryptoProvider.newRandomNumber(nonce,(short)0,(short)16); + short inParams = getAesDesParams(alg,blockMode, padding, nonce); + byte[] plainData= "Hello World 123!".getBytes(); + if(update) plainData= "Hello World 123! Hip Hip Hoorah!".getBytes(); + //Encrypt + short ret = processMessage(plainData, + KMByteBlob.instance(keyBlob,(short)0, (short)keyBlob.length), + KMType.ENCRYPT, + KMKeyParameters.instance(inParams), + (short)0,null,update, aesGcmFlag + ); + inParams = getAesDesParams(alg,blockMode, padding, nonce); + keyBlobPtr = KMArray.cast(ret).get((short)2); + //print(keyBlobPtr); + byte[] cipherData = new byte[KMByteBlob.cast(keyBlobPtr).length()]; + Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), KMByteBlob.cast(keyBlobPtr).getStartOff(), + cipherData,(short)0, (short)cipherData.length); + ret = processMessage(cipherData, + KMByteBlob.instance(keyBlob,(short)0, (short)keyBlob.length), + KMType.DECRYPT, + KMKeyParameters.instance(inParams), + (short)0,null,update, aesGcmFlag + ); + keyBlobPtr = KMArray.cast(ret).get((short)2); + //print(plainData,(short)0,(short)plainData.length); + //print(keyBlobPtr); + short equal = Util.arrayCompare(plainData,(short)0,KMByteBlob.cast(keyBlobPtr).getBuffer(), + KMByteBlob.cast(keyBlobPtr).getStartOff(),(short)plainData.length); + Assert.assertTrue(equal == 0); + } + + public void testEncryptDecryptWithRsa(byte digest, byte padding){ + short rsaKeyArr = generateRsaKey(null, null); + short keyBlobPtr = KMArray.cast(rsaKeyArr).get((short)1); + byte[] keyBlob= new byte[KMByteBlob.cast(keyBlobPtr).length()]; + Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), KMByteBlob.cast(keyBlobPtr).getStartOff(), + keyBlob,(short)0, (short)keyBlob.length); + short inParams = getRsaParams(digest, padding); + byte[] plainData = "Hello World 123!".getBytes(); + //Encrypt + short ret = processMessage(plainData, + KMByteBlob.instance(keyBlob,(short)0, (short)keyBlob.length), + KMType.ENCRYPT, + KMKeyParameters.instance(inParams), + (short)0,null,false, false + ); + inParams = getRsaParams(digest, padding); + keyBlobPtr = KMArray.cast(ret).get((short)2); + byte[] cipherData = new byte[KMByteBlob.cast(keyBlobPtr).length()]; + Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), KMByteBlob.cast(keyBlobPtr).getStartOff(), + cipherData,(short)0, (short)cipherData.length); + ret = processMessage(cipherData, + KMByteBlob.instance(keyBlob,(short)0, (short)keyBlob.length), + KMType.DECRYPT, + KMKeyParameters.instance(inParams), + (short)0,null,false,false + ); + keyBlobPtr = KMArray.cast(ret).get((short)2); + short len = KMByteBlob.cast(keyBlobPtr).length(); + short start = KMByteBlob.cast(keyBlobPtr).getStartOff(); + short equal = Util.arrayCompare(plainData,(short)0,KMByteBlob.cast(keyBlobPtr).getBuffer(), + (short)(start+len-plainData.length),(short)plainData.length); + Assert.assertTrue(equal == 0); + } + + public void testSignVerifyWithRsa(byte digest, byte padding, boolean update, boolean verifyFlag){ + short rsaKeyArr = generateRsaKey(null, null); + short keyBlobPtr = KMArray.cast(rsaKeyArr).get((short)1); + byte[] keyBlob= new byte[KMByteBlob.cast(keyBlobPtr).length()]; + Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), KMByteBlob.cast(keyBlobPtr).getStartOff(), + keyBlob,(short)0, (short)keyBlob.length); + short inParams = getRsaParams(digest, padding); + byte[] plainData = "Hello World 123!".getBytes(); + if(update) plainData= "Hello World 123! Hip Hip Hoorah!".getBytes(); + //Sign + short ret = processMessage(plainData, + KMByteBlob.instance(keyBlob,(short)0, (short)keyBlob.length), + KMType.SIGN, + KMKeyParameters.instance(inParams), + (short)0,null,update,false + ); + inParams = getRsaParams(digest, padding); + keyBlobPtr = KMArray.cast(ret).get((short)2); + byte[] signatureData = new byte[KMByteBlob.cast(keyBlobPtr).length()]; + Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), KMByteBlob.cast(keyBlobPtr).getStartOff(), + signatureData,(short)0, (short)signatureData.length); + if(verifyFlag == false) { + Assert.assertEquals(signatureData.length,256); + return; + } + ret = processMessage(plainData, + KMByteBlob.instance(keyBlob,(short)0, (short)keyBlob.length), + KMType.VERIFY, + KMKeyParameters.instance(inParams), + (short)0,signatureData,update,false + ); + short error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); + Assert.assertEquals(error, KMError.OK); + } + + public void testSignVerifyWithEcdsa(byte digest, boolean update){ + short ecKeyArr = generateEcKey(null, null); + short keyBlobPtr = KMArray.cast(ecKeyArr).get((short)1); + byte[] keyBlob= new byte[KMByteBlob.cast(keyBlobPtr).length()]; + Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), KMByteBlob.cast(keyBlobPtr).getStartOff(), + keyBlob,(short)0, (short)keyBlob.length); + short inParams = getEcParams(digest); + byte[] plainData = "Hello World 123!".getBytes(); + if(update) plainData= "Hello World 123! Hip Hip Hoorah!".getBytes(); + //Sign + short ret = processMessage(plainData, + KMByteBlob.instance(keyBlob,(short)0, (short)keyBlob.length), + KMType.SIGN, + KMKeyParameters.instance(inParams), + (short)0,null,update,false + ); + inParams = getEcParams(digest); + keyBlobPtr = KMArray.cast(ret).get((short)2); + byte[] signatureData = new byte[KMByteBlob.cast(keyBlobPtr).length()]; + Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), KMByteBlob.cast(keyBlobPtr).getStartOff(), + signatureData,(short)0, (short)signatureData.length); + ret = processMessage(plainData, + KMByteBlob.instance(keyBlob,(short)0, (short)keyBlob.length), + KMType.VERIFY, + KMKeyParameters.instance(inParams), + (short)0,signatureData,update,false + ); + short error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); + Assert.assertEquals(error, KMError.OK); + } + public void testSignVerifyWithHmac(byte digest, boolean update){ + short hmacKeyArr = generateHmacKey(null, null); + short keyBlobPtr = KMArray.cast(hmacKeyArr).get((short)1); + byte[] keyBlob= new byte[KMByteBlob.cast(keyBlobPtr).length()]; + Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), KMByteBlob.cast(keyBlobPtr).getStartOff(), + keyBlob,(short)0, (short)keyBlob.length); + short inParams = getHmacParams(digest,true); + byte[] plainData = "Hello World 123!".getBytes(); + if(update) plainData= "Hello World 123! Hip Hip Hoorah!".getBytes(); + //Sign + short ret = processMessage(plainData, + KMByteBlob.instance(keyBlob,(short)0, (short)keyBlob.length), + KMType.SIGN, + KMKeyParameters.instance(inParams), + (short)0,null,update,false + ); + inParams = getHmacParams(digest,false); + keyBlobPtr = KMArray.cast(ret).get((short)2); + byte[] signatureData = new byte[KMByteBlob.cast(keyBlobPtr).length()]; + Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), KMByteBlob.cast(keyBlobPtr).getStartOff(), + signatureData,(short)0, (short)signatureData.length); + ret = processMessage(plainData, + KMByteBlob.instance(keyBlob,(short)0, (short)keyBlob.length), + KMType.VERIFY, + KMKeyParameters.instance(inParams), + (short)0,signatureData,update,false + ); + short error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); + Assert.assertEquals(error, KMError.OK); + } + + private short getAesDesParams(byte alg, byte blockMode, byte padding, byte[] nonce) { + short inParams; + if(blockMode == KMType.GCM){ + inParams = KMArray.instance((short)5); + short byteBlob = KMByteBlob.instance((short)1); + KMByteBlob.cast(byteBlob).add((short)0, blockMode); + KMArray.cast(inParams).add((short)0, KMEnumArrayTag.instance(KMType.BLOCK_MODE, byteBlob)); + byteBlob = KMByteBlob.instance((short)1); + KMByteBlob.cast(byteBlob).add((short)0, padding); + KMArray.cast(inParams).add((short)1, KMEnumArrayTag.instance(KMType.PADDING, byteBlob)); + short nonceLen = 12; + byteBlob = KMByteBlob.instance(nonce,(short)0, nonceLen); + KMArray.cast(inParams).add((short)2, KMByteTag.instance(KMType.NONCE, byteBlob)); + short macLen = KMInteger.uint_16((short)128); + macLen = KMIntegerTag.instance(KMType.UINT_TAG,KMType.MAC_LENGTH,macLen); + KMArray.cast(inParams).add((short)3, macLen); + byte[] authData = "AuthData".getBytes(); + short associatedData = KMByteBlob.instance(authData,(short)0,(short)authData.length); + associatedData = KMByteTag.instance(KMType.ASSOCIATED_DATA,associatedData); + KMArray.cast(inParams).add((short)4, associatedData); + }else if(blockMode == KMType.ECB){ + inParams = KMArray.instance((short)2); + short byteBlob = KMByteBlob.instance((short)1); + KMByteBlob.cast(byteBlob).add((short)0, blockMode); + KMArray.cast(inParams).add((short)0, KMEnumArrayTag.instance(KMType.BLOCK_MODE, byteBlob)); + byteBlob = KMByteBlob.instance((short)1); + KMByteBlob.cast(byteBlob).add((short)0, padding); + KMArray.cast(inParams).add((short)1, KMEnumArrayTag.instance(KMType.PADDING, byteBlob)); + }else{ + inParams = KMArray.instance((short)3); + short byteBlob = KMByteBlob.instance((short)1); + KMByteBlob.cast(byteBlob).add((short)0, blockMode); + KMArray.cast(inParams).add((short)0, KMEnumArrayTag.instance(KMType.BLOCK_MODE, byteBlob)); + byteBlob = KMByteBlob.instance((short)1); + KMByteBlob.cast(byteBlob).add((short)0, padding); + KMArray.cast(inParams).add((short)1, KMEnumArrayTag.instance(KMType.PADDING, byteBlob)); + short nonceLen = 16; + if(alg == KMType.DES) nonceLen = 8; + byteBlob = KMByteBlob.instance(nonce,(short)0, nonceLen); + KMArray.cast(inParams).add((short)2, KMByteTag.instance(KMType.NONCE, byteBlob)); + } + return inParams; + } + + private short getRsaParams(byte digest, byte padding) { + short inParams = KMArray.instance((short)2); + short byteBlob = KMByteBlob.instance((short)1); + KMByteBlob.cast(byteBlob).add((short)0, digest); + KMArray.cast(inParams).add((short)0, KMEnumArrayTag.instance(KMType.DIGEST, byteBlob)); + byteBlob = KMByteBlob.instance((short)1); + KMByteBlob.cast(byteBlob).add((short)0, padding); + KMArray.cast(inParams).add((short)1, KMEnumArrayTag.instance(KMType.PADDING, byteBlob)); + return inParams; + } + + private short getEcParams(byte digest) { + short inParams = KMArray.instance((short)1); + short byteBlob = KMByteBlob.instance((short)1); + KMByteBlob.cast(byteBlob).add((short)0, digest); + KMArray.cast(inParams).add((short)0, KMEnumArrayTag.instance(KMType.DIGEST, byteBlob)); + return inParams; + } + private short getHmacParams(byte digest, boolean sign) { + short paramsize = (short) (sign ? 2 : 1); + short inParams = KMArray.instance((short)paramsize); + short byteBlob = KMByteBlob.instance((short)1); + KMByteBlob.cast(byteBlob).add((short)0, digest); + KMArray.cast(inParams).add((short)0, KMEnumArrayTag.instance(KMType.DIGEST, byteBlob)); + short macLength = KMIntegerTag.instance(KMType.UINT_TAG,KMType.MAC_LENGTH, KMInteger.uint_16((short)/*256*/160)); + if(sign) + KMArray.cast(inParams).add((short)1, macLength); + return inParams; + } + + public short processMessage( + byte[] data, + short keyBlob, + byte keyPurpose, + short inParams, + short hwToken, + byte[] signature, + boolean updateFlag, + boolean aesGcmFlag) { + short beginResp = begin(keyPurpose, keyBlob, inParams, hwToken); + short opHandle = KMArray.cast(beginResp).get((short) 2); + opHandle = KMInteger.cast(opHandle).getShort(); + short dataPtr = KMByteBlob.instance(data, (short) 0, (short) data.length); + short ret = KMType.INVALID_VALUE; + byte[] outputData = new byte[128]; + short len=0; + inParams = 0; + //Test + short firstDataLen =16; + if (keyPurpose == KMType.DECRYPT) { + firstDataLen = 32; + } + + //Test + + if (updateFlag) { + dataPtr = KMByteBlob.instance(data, (short) 0, (short) /*16*/firstDataLen); + if(aesGcmFlag){ + byte[] authData = "AuthData".getBytes(); + short associatedData = KMByteBlob.instance(authData,(short)0,(short)authData.length); + associatedData = KMByteTag.instance(KMType.ASSOCIATED_DATA,associatedData); + inParams = KMArray.instance((short)1); + KMArray.cast(inParams).add((short)0, associatedData); + inParams = KMKeyParameters.instance(inParams); + } + ret = update(KMInteger.uint_16(opHandle), dataPtr, inParams, (short) 0, (short) 0); + dataPtr = KMArray.cast(ret).get((short) 3); + if (KMByteBlob.cast(dataPtr).length() > 0) { + Util.arrayCopyNonAtomic( + KMByteBlob.cast(dataPtr).getBuffer(), + KMByteBlob.cast(dataPtr).getStartOff(), + outputData, + (short) 0, + KMByteBlob.cast(dataPtr).length()); + len = KMByteBlob.cast(dataPtr).length(); + dataPtr = KMByteBlob.instance(data, len, (short) (data.length - len)); + }else{ + dataPtr = KMByteBlob.instance(data, (short)/*16*/firstDataLen, (short) (data.length - /*16*/firstDataLen)); + } + } + + if (keyPurpose == KMType.VERIFY) { + ret = finish(KMInteger.uint_16(opHandle), dataPtr, signature, (short) 0, (short) 0, (short) 0); + } else { + ret = finish(KMInteger.uint_16(opHandle), dataPtr, null, (short) 0, (short) 0, (short) 0); + } + if(len >0){ + dataPtr = KMArray.cast(ret).get((short)2); + if(KMByteBlob.cast(dataPtr).length() >0){ + Util.arrayCopyNonAtomic( + KMByteBlob.cast(dataPtr).getBuffer(), + KMByteBlob.cast(dataPtr).getStartOff(), + outputData, + len, + KMByteBlob.cast(dataPtr).length()); + len = (short)(len + KMByteBlob.cast(dataPtr).length()); + } + KMArray.cast(ret).add((short)2, KMByteBlob.instance(outputData,(short)0,len)); + } + return ret; + } + + public short begin(byte keyPurpose, short keyBlob, short keyParmas, short hwToken) { + short arrPtr = KMArray.instance((short)4); + KMArray.cast(arrPtr).add((short)0, KMEnum.instance(KMType.PURPOSE, keyPurpose)); + KMArray.cast(arrPtr).add((short)1, keyBlob); + KMArray.cast(arrPtr).add((short)2, keyParmas); + if(hwToken == 0) { + hwToken = KMHardwareAuthToken.instance(); + } + KMArray.cast(arrPtr).add((short)3, hwToken); + CommandAPDU apdu = encodeApdu((byte)INS_BEGIN_OPERATION_CMD, arrPtr); + //print(apdu.getBytes(),(short)0,(short)apdu.getBytes().length); + ResponseAPDU response = simulator.transmitCommand(apdu); + short ret = KMArray.instance((short) 3); + short outParams = KMKeyParameters.exp(); + KMArray.cast(ret).add((short)0, KMInteger.exp()); + KMArray.cast(ret).add((short)1, outParams); + KMArray.cast(ret).add((short)2, KMInteger.exp()); + byte[] respBuf = response.getBytes(); + short len = (short) respBuf.length; + if(len > 5){ + ret = decoder.decode(ret, respBuf, (short) 0, len); + short error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); + Assert.assertEquals(error, KMError.OK); + return ret;}else{ + if(len == 3) return respBuf[0]; + if(len == 4) return respBuf[1]; + return Util.getShort(respBuf,(short)0); + } + } + + public short finish(short operationHandle, short data, byte[] signature, short inParams, short hwToken, short verToken) { + if(hwToken == 0) { + hwToken = KMHardwareAuthToken.instance(); + } + if(verToken == 0){ + verToken = KMVerificationToken.instance(); + } + short signatureTag; + if(signature == null){ + signatureTag = KMByteBlob.instance((short)0); + }else{ + signatureTag = KMByteBlob.instance(signature,(short)0,(short)signature.length); + } + if(inParams == 0){ + short arr = KMArray.instance((short)0); + inParams = KMKeyParameters.instance(arr); + } + short arrPtr = KMArray.instance((short)6); + KMArray.cast(arrPtr).add((short)0, operationHandle); + KMArray.cast(arrPtr).add((short)1, inParams); + KMArray.cast(arrPtr).add((short)2, data); + KMArray.cast(arrPtr).add((short)3, signatureTag); + KMArray.cast(arrPtr).add((short)4, hwToken); + KMArray.cast(arrPtr).add((short)5, verToken); + CommandAPDU apdu = encodeApdu((byte)INS_FINISH_OPERATION_CMD, arrPtr); + // print(commandAPDU.getBytes()); + ResponseAPDU response = simulator.transmitCommand(apdu); + short ret = KMArray.instance((short) 3); + short outParams = KMKeyParameters.exp(); + KMArray.cast(ret).add((short)0, KMInteger.exp()); + KMArray.cast(ret).add((short)1, outParams); + KMArray.cast(ret).add((short)2, KMByteBlob.exp()); + byte[] respBuf = response.getBytes(); + short len = (short) respBuf.length; + ret = decoder.decode(ret, respBuf, (short) 0, len); + short error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); + Assert.assertEquals(error, KMError.OK); + return ret; + } + public short update(short operationHandle, short data, short inParams, short hwToken, short verToken) { + if(hwToken == 0) { + hwToken = KMHardwareAuthToken.instance(); + } + if(verToken == 0){ + verToken = KMVerificationToken.instance(); + } + if(inParams == 0){ + short arr = KMArray.instance((short)0); + inParams = KMKeyParameters.instance(arr); + } + short arrPtr = KMArray.instance((short)5); + KMArray.cast(arrPtr).add((short)0, operationHandle); + KMArray.cast(arrPtr).add((short)1, inParams); + KMArray.cast(arrPtr).add((short)2, data); + KMArray.cast(arrPtr).add((short)3, hwToken); + KMArray.cast(arrPtr).add((short)4, verToken); + CommandAPDU apdu = encodeApdu((byte)INS_UPDATE_OPERATION_CMD, arrPtr); + // print(commandAPDU.getBytes()); + ResponseAPDU response = simulator.transmitCommand(apdu); + short ret = KMArray.instance((short) 4); + short outParams = KMKeyParameters.exp(); + KMArray.cast(ret).add((short)0, KMInteger.exp()); + KMArray.cast(ret).add((short)1, KMInteger.exp()); + KMArray.cast(ret).add((short)2, outParams); + KMArray.cast(ret).add((short)3, KMByteBlob.exp()); + byte[] respBuf = response.getBytes(); + short len = (short) respBuf.length; + if (len > 5) { + ret = decoder.decode(ret, respBuf, (short) 0, len); + short error = KMInteger.cast(KMArray.cast(ret).get((short) 0)).getShort(); + Assert.assertEquals(error, KMError.OK); + }else{ + ret = respBuf[1]; + } + return ret; + } + + private void print(short blob){ + print(KMByteBlob.cast(blob).getBuffer(),KMByteBlob.cast(blob).getStartOff(),KMByteBlob.cast(blob).length()); + } + private void print(byte[] buf, short start, short length){ + StringBuilder sb = new StringBuilder(); + for(int i = start; i < (start+length); i++){ + sb.append(String.format(" 0x%02X", buf[i])) ; + } + System.out.println(sb.toString()); + } + private void printCert(byte[] buf, short start, short length){ + StringBuilder sb = new StringBuilder(); + for(int i = start; i < (start+length); i++){ + sb.append(String.format("%02X", buf[i])) ; + } + System.out.println(sb.toString()); + } + + +/* + @Test + public void testApdu(){ + init(); + byte[] cmd = {(byte)0x80,0x11,0x40,0x00,0x00,0x00,0x4C,(byte)0x83,(byte)0xA5,0x1A,0x70,0x00,0x01,(byte)0xF7,0x01,0x1A,0x10, + 0x00,0x00,0x02,0x03,0x1A,0x30,0x00,0x00,0x03,0x19,0x01,0x00,0x1A,0x20,0x00,0x00,0x01,0x42,0x02, + 0x03,0x1A,0x20,0x00,0x00,0x05,0x41,0x04,0x03,0x58,0x24,(byte)0x82,0x58,0x20,0x73,0x7C,0x2E,(byte)0xCD, + 0x7B,(byte)0x8D,0x19,0x40,(byte)0xBF,0x29,0x30,(byte)0xAA,(byte)0x9B,0x4E, + (byte)0xD3,(byte)0xFF,(byte)0x94,0x1E,(byte)0xED,0x09,0x36,0x6B, + (byte)0xC0,0x32,(byte)0x99,(byte)0x98,0x64,(byte)0x81,(byte)0xF3,(byte)0xA4,(byte)0xD8,0x59,0x40}; + CommandAPDU cmdApdu = new CommandAPDU(cmd); + ResponseAPDU resp = simulator.transmitCommand(cmdApdu); + short ret = KMArray.instance((short) 3); + KMArray.cast(ret).add((short) 0, KMInteger.exp()); + KMArray.cast(ret).add((short)1, KMByteBlob.exp()); + short inst = KMKeyCharacteristics.exp(); + KMArray.cast(ret).add((short) 2, inst); + byte[] respBuf = resp.getBytes(); + short len = (short) respBuf.length; + ret = decoder.decode(ret, respBuf, (short) 0, len); + short error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); + short keyBlobLength = KMByteBlob.cast(KMArray.cast(ret).get((short)1)).length(); + short blobArr = extractKeyBlobArray(KMArray.cast(ret).get((short)1)); + short keyCharacteristics = KMArray.cast(ret).get((short)2); + short hwParams = KMKeyCharacteristics.cast(keyCharacteristics).getHardwareEnforced(); + short swParams = KMKeyCharacteristics.cast(keyCharacteristics).getSoftwareEnforced(); + cleanUp(); + } + */ +} diff --git a/Applet/JavaCardKeymaster.scr b/Applet/JavaCardKeymaster.scr deleted file mode 100644 index 6380faa2..00000000 --- a/Applet/JavaCardKeymaster.scr +++ /dev/null @@ -1,50 +0,0 @@ -output on; - -//create applet instance -0x80 0xB8 0x00 0x00 0x0c 0x0a 0xa0 0x00 0x00 0x00 0x62 0x03 0x01 0xc 0x01 0x01 0x00 0x7F; - -// Select JavaCardKeymaster //aid/A000000062/03010C0101 - 0x00 0xa4 0x04 0x00 0x0a 0xa0 0x00 0x00 0x00 0x62 0x03 0x01 0xc 0x01 0x01 0x7F; - -// Send provision command - this will change in future - 0x80 0x23 0x40 0x00 0x3B 0x83 0xA1 0x1A 0x10 0x00 0x00 0x02 0x01 0x00 0x58 0x30 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 0x08 0x09 0x0A 0x0B 0x0C 0x0D 0x0E 0x0F 0x10 0x11 0x12 0x13 0x14 0x15 0x16 0x17 0x18 0x19 0x1A 0x1B 0x1C 0x1D 0x1E 0x1F 0x20 0x21 0x22 0x23 0x24 0x25 0x26 0x27 0x28 0x29 0x2A 0x2B 0x2C 0x2D 0x2E 0x2F 0x7F; - -// Send Set Boot Params command - 0x80 0x24 0x40 0x00 0x49 0x86 0x01 0x01 0x58 0x20 0x30 0x30 0x30 0x31 0x31 0x31 0x32 0x32 0x32 0x33 0x33 0x33 0x34 0x34 0x34 0x35 0x35 0x35 0x36 0x36 0x36 0x37 0x37 0x37 0x38 0x38 0x38 0x39 0x39 0x39 0x30 0x30 0x58 0x20 0x30 0x30 0x30 0x31 0x31 0x31 0x32 0x32 0x32 0x33 0x33 0x33 0x34 0x34 0x34 0x35 0x35 0x35 0x36 0x36 0x36 0x37 0x37 0x37 0x38 0x38 0x38 0x39 0x39 0x39 0x30 0x30 0x02 0x00 0x7F; - -// Send getHardwareInfo command - 0x80 0x1E 0x40 0x00 0x00 0x7F; - -// Send AddRngEntropy command - 0x80 0x18 0x40 0x00 0x23 0x81 0x58 0x20 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 0x08 0x09 0x0A 0x0B 0x0C 0x0D 0x0E 0x0F 0x10 0x11 0x12 0x13 0x14 0x15 0x16 0x17 0x18 0x19 0x1A 0x1B 0x1C 0x1D 0x1E 0x1F 0x7F; - -// Generate Key - RSA Key command - 0x80 0x10 0x40 0x00 0x22 0x81 0xA4 0x1A 0x10 0x00 0x00 0x02 0x01 0x1A 0x30 0x00 0x00 0x03 0x19 0x08 0x00 0x1A 0x50 0x00 0x00 0xC8 0x1A 0x00 0x01 0x00 0x01 0x1A 0x20 0x00 0x00 0x01 0x42 0x02 0x03 0x7F; - -// Generate Key - AES Key command - 0x80 0x10 0x40 0x00 0x23 0x81 0xA4 0x1A 0x10 0x00 0x00 0x02 0x18 0x20 0x1A 0x30 0x00 0x00 0x03 0x19 0x01 0x00 0x1A 0x50 0x00 0x00 0xC8 0x1A 0x00 0x01 0x00 0x01 0x1A 0x20 0x00 0x00 0x01 0x42 0x02 0x03 0x7F; - -// Generate Key - ECC Key command - 0x80 0x10 0x40 0x00 0x22 0x81 0xA4 0x1A 0x10 0x00 0x00 0x02 0x03 0x1A 0x30 0x00 0x00 0x03 0x19 0x01 0x00 0x1A 0x50 0x00 0x00 0xC8 0x1A 0x00 0x01 0x00 0x01 0x1A 0x20 0x00 0x00 0x01 0x42 0x02 0x03 0x7F; - -// Generate Key - DES Key command - 0x80 0x10 0x40 0x00 0x22 0x81 0xA4 0x1A 0x10 0x00 0x00 0x02 0x18 0x21 0x1A 0x30 0x00 0x00 0x03 0x18 0xA8 0x1A 0x50 0x00 0x00 0xC8 0x1A 0x00 0x01 0x00 0x01 0x1A 0x20 0x00 0x00 0x01 0x42 0x02 0x03 0x7F; - -// Generate Key - HMAC Key command - 0x80 0x10 0x40 0x00 0x32 0x81 0xA6 0x1A 0x10 0x00 0x00 0x02 0x18 0x80 0x1A 0x30 0x00 0x01 0xF5 0x1A 0x01 0x02 0x03 0x04 0x1A 0x90 0x00 0x02 0x59 0x44 0x54 0x65 0x73 0x74 0x1A 0x30 0x00 0x00 0x08 0x18 0x80 0x1A 0x30 0x00 0x00 0x03 0x18 0x80 0x1A 0x20 0x00 0x00 0x05 0x41 0x04 0x7F; - -// Import RSA Key - 0x80 0x11 0x40 0x00 0xB4 0x83 0xA5 0x1A 0x10 0x00 0x00 0x02 0x01 0x1A 0x30 0x00 0x01 0xF5 0x1A 0x01 0x02 0x03 0x04 0x1A 0x90 0x00 0x02 0x59 0x44 0x54 0x65 0x73 0x74 0x1A 0x50 0x00 0x00 0xC8 0x1A 0x00 0x01 0x00 0x01 0x1A 0x70 0x00 0x01 0xF7 0x01 0x03 0x58 0x85 0x82 0x58 0x40 0x80 0x9A 0x87 0x4C 0xE1 0xA0 0x71 0x44 0xAE 0x45 0xDD 0x8D 0x1C 0x05 0xB4 0xD0 0x44 0x23 0xDD 0x42 0xA7 0xC9 0x53 0x44 0xAC 0x31 0x4A 0x22 0x4A 0x02 0x65 0xA0 0xAA 0x21 0xA8 0x30 0x94 0x7D 0x13 0xA1 0xBC 0x89 0x81 0xB5 0x54 0xDE 0x75 0x82 0xB9 0x0B 0x1A 0x7A 0x81 0x0C 0x51 0xE0 0x2F 0x91 0x97 0xD4 0xE8 0x33 0x27 0x61 0x58 0x40 0x92 0x6C 0x79 0x17 0xBB 0x36 0x6F 0xB7 0x58 0x25 0x84 0x98 0xA9 0x56 0x07 0xE6 0x07 0xF6 0x26 0x92 0x15 0xF6 0x21 0x9F 0x6C 0xF0 0xB4 0xE7 0x20 0x42 0xAC 0xB6 0xD8 0x30 0x61 0x06 0xC9 0x3B 0x30 0x67 0x1E 0x8D 0x74 0x11 0x8B 0x06 0x98 0xAB 0x8D 0x6A 0x6C 0xCD 0xB7 0x2F 0xC3 0xA8 0x30 0xC7 0x68 0x03 0x4F 0x72 0xC7 0x5B 0x7F; - -// Import EC Key - 0x80 0x11 0x40 0x00 0x7D 0x83 0xA4 0x1A 0x10 0x00 0x00 0x02 0x03 0x1A 0x30 0x00 0x01 0xF5 0x1A 0x01 0x02 0x03 0x04 0x1A 0x90 0x00 0x02 0x59 0x44 0x54 0x65 0x73 0x74 0x1A 0x50 0x00 0x00 0xC8 0x1A 0x00 0x01 0x00 0x01 0x03 0x58 0x54 0x83 0x58 0x18 0xA6 0x68 0xDE 0xEC 0x65 0x6C 0xFB 0xEE 0xAA 0x43 0xEF 0x97 0x9D 0x10 0x82 0xF0 0x99 0x5F 0x10 0xF3 0xEE 0x9C 0x38 0x57 0x58 0x31 0x04 0x3A 0xF8 0xF4 0xFA 0x1F 0xE4 0x4D 0x62 0xA1 0xCD 0x26 0x8E 0x1A 0x5A 0xAA 0xF5 0xA8 0x94 0xE3 0x8B 0x4C 0xCE 0x49 0xA1 0x57 0x25 0x81 0x6D 0xBE 0x5C 0x3B 0x07 0x95 0xB6 0x89 0x24 0x6E 0x9D 0x25 0x22 0xE6 0x5F 0x41 0xCC 0x59 0xCE 0x25 0x0C 0x1A 0x10 0x00 0x00 0x0A 0x01 0x7F; - -// Import AES Key - 0x80 0x11 0x40 0x00 0x3F 0x83 0xA5 0x1A 0x10 0x00 0x00 0x02 0x18 0x20 0x1A 0x30 0x00 0x01 0xF5 0x1A 0x01 0x02 0x03 0x04 0x1A 0x90 0x00 0x02 0x59 0x44 0x54 0x65 0x73 0x74 0x1A 0x30 0x00 0x00 0x03 0x18 0x80 0x1A 0x20 0x00 0x00 0x05 0x41 0x04 0x03 0x52 0x81 0x50 0x95 0xE6 0x79 0x36 0x64 0xA5 0xEC 0x72 0xBF 0x01 0x4C 0x83 0x6C 0xCD 0xCF 0x51 0x7F; - -// Import Hmac Key - 0x80 0x11 0x40 0x00 0x46 0x83 0xA6 0x1A 0x10 0x00 0x00 0x02 0x18 0x80 0x1A 0x30 0x00 0x01 0xF5 0x1A 0x01 0x02 0x03 0x04 0x1A 0x90 0x00 0x02 0x59 0x44 0x54 0x65 0x73 0x74 0x1A 0x30 0x00 0x00 0x03 0x18 0x80 0x1A 0x20 0x00 0x00 0x05 0x41 0x04 0x1A 0x30 0x00 0x00 0x08 0x18 0x80 0x03 0x52 0x81 0x50 0xFC 0xA6 0x8F 0x58 0x68 0x93 0xDE 0xD0 0xC0 0x74 0x1C 0x6F 0x1D 0x39 0x2E 0x4A 0x7F; - -// Import Des Key - 0x80 0x11 0x40 0x00 0x3F 0x83 0xA5 0x1A 0x10 0x00 0x00 0x02 0x18 0x21 0x1A 0x30 0x00 0x01 0xF5 0x1A 0x01 0x02 0x03 0x04 0x1A 0x90 0x00 0x02 0x59 0x44 0x54 0x65 0x73 0x74 0x1A 0x30 0x00 0x00 0x03 0x18 0xA8 0x1A 0x20 0x00 0x00 0x05 0x41 0x04 0x03 0x52 0x81 0x50 0x8B 0xD4 0xD5 0x84 0x37 0x39 0xC0 0x1B 0xDB 0xED 0x3C 0x68 0x99 0x3A 0xDC 0x3D 0x7F; - diff --git a/Applet/README.md b/Applet/README.md index 5cc80048..9d592fd2 100644 --- a/Applet/README.md +++ b/Applet/README.md @@ -1,6 +1,6 @@ -# JavaCardKeymaster Applet - -This directory contains the implementation of the Keymaster 4.1 -interface, in the form of a JavaCard 3.1 applet which runs in a secure -element. It must be deployed in conjuction with the associated HAL, -which serves to intermediate between Android Keystore and this applet. +# JavaCardKeymaster Applet + +This directory contains the implementation of the Keymaster 4.1 +interface, in the form of a JavaCard 3.1 applet which runs in a secure +element. It must be deployed in conjuction with the associated HAL, +which serves to intermediate between Android Keystore and this applet. diff --git a/Applet/api_export_files_3.0.5/javacardx/framework/util/intx/javacard/intx.exp b/Applet/api_export_files_3.0.5/javacardx/framework/util/intx/javacard/intx.exp deleted file mode 100644 index ed00a3956fa9bdda80e435ec91f4b31a3efe62c6..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 339 zcmaKkJyOFk5QX2`i4_BZ07F4RMI%=_02QV(!wiL~NVN$fgo;&Q zQc$4gTfIMgeSD?~jtOeX3tPD$moDWM6``-|Ix?Htu(2{dE`OBnS5Z-^ikff|2ktz( zuCXr0FTLkCDeJl{#&N|yuej|bsc+`|!lq?6Gq;nuora6zo^T%3Df@@DdGx%ruTOqq zR-tK40g>NirZJC_UqA2ajXI~1) afK!2#B9cUqqL&K#$a=`3Fc4dg9r^|h>PuDt diff --git a/Applet/api_export_files_3.1.0/java/io/javacard/io.exp b/Applet/api_export_files_3.1.0/java/io/javacard/io.exp deleted file mode 100644 index 36b9d18b5de6cc36a93aec729d6767375ab34682..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 242 zcmZ9FOA5k35JampnlWlLAl@NatgSu$w zuBv{8$L-D>1O#`iv??bA7Dh{Z%H2^E2f{F%=i(&dLg;mzq`Az>QM4iqDpi?ymP{|1 z+?L8{js_w4k8`-6cm-K(_U0_oLUOczj4w``z~2Qvp$p=Qs} Sf`P+B$G*UMDbFnym*~@|T!-5kj?jJz+D}_Lx6v_XZR0 z%G1^(LV11HhBQJ&?cR^W;FS$LZbSB8a5;DRvlM}ELk^*)D(+%miYeFfJi@WculymO z_hQ+5x(H%_7-_JG&{VJ!hHPQb8we*#-|!KWV#ZfheetGWpp4MaWbApjf$${{wX?So z4wdP8EQ-1;lA72-I8ve$3OSx~DO`>0BGeV>b2lcn(7^s$4|-u=2BCi08iMoJqeQm? zwBG?>08|S_pkIcT^re>b)j*nCh_tkSZJGNl-%v4=9FeM-I7If$Bv0hPObSHmX7UYVIh)D= diff --git a/Applet/api_export_files_3.1.0/java/rmi/javacard/rmi.exp b/Applet/api_export_files_3.1.0/java/rmi/javacard/rmi.exp deleted file mode 100644 index 8c6952376e8ecb8638c21dc6ea152906f094fc24..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 337 zcmZ9IOAY}+5QhKiK^u(MAdbLl4nXWIBoc{;g*o(ld$i=uLI~ zUse5;!t?&H7+QqNMx2Fr*eY)-w>pv>AXF1E5aG(3_#3&5I2a+ZxQA&k=VnIr&zH3EEYFda80}n3~VqNplPg(4D5^y PY>YrABLg!~IS>E - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + - - - - - - - - - - - - + + + - - + + + + \ No newline at end of file diff --git a/Applet/default.output b/Applet/default.output deleted file mode 100644 index 6e4f103f..00000000 --- a/Applet/default.output +++ /dev/null @@ -1,20 +0,0 @@ -CLA: 00, INS: a4, P1: 04, P2: 00, Lc: 09, a0, 00, 00, 00, 62, 03, 01, 08, 01, Le: 00, SW1: 90, SW2: 00 -CAP file download section. Output suppressed. -OUTPUT OFF; -OUTPUT ON; -CLA: 80, INS: b8, P1: 00, P2: 00, Lc: 0c, 0a, a0, 00, 00, 00, 62, 03, 01, 0c, 01, 01, 00, Le: 0a, a0, 00, 00, 00, 62, 03, 01, 0c, 01, 01, SW1: 90, SW2: 00 -CLA: 00, INS: a4, P1: 04, P2: 00, Lc: 0a, a0, 00, 00, 00, 62, 03, 01, 0c, 01, 01, Le: 00, SW1: 90, SW2: 00 -CLA: 80, INS: 23, P1: 40, P2: 00, Lc: 3b, 83, a1, 1a, 10, 00, 00, 02, 01, 00, 58, 30, 00, 01, 02, 03, 04, 05, 06, 07, 08, 09, 0a, 0b, 0c, 0d, 0e, 0f, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 1a, 1b, 1c, 1d, 1e, 1f, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 2a, 2b, 2c, 2d, 2e, 2f, Le: 00, SW1: 69, SW2: 85 -CLA: 80, INS: 24, P1: 40, P2: 00, Lc: 49, 86, 01, 01, 58, 20, 30, 30, 30, 31, 31, 31, 32, 32, 32, 33, 33, 33, 34, 34, 34, 35, 35, 35, 36, 36, 36, 37, 37, 37, 38, 38, 38, 39, 39, 39, 30, 30, 58, 20, 30, 30, 30, 31, 31, 31, 32, 32, 32, 33, 33, 33, 34, 34, 34, 35, 35, 35, 36, 36, 36, 37, 37, 37, 38, 38, 38, 39, 39, 39, 30, 30, 02, 00, Le: 00, SW1: 90, SW2: 00 -CLA: 80, INS: 1e, P1: 40, P2: 00, Lc: 00, Le: 00, SW1: 69, SW2: 86 -CLA: 80, INS: 18, P1: 40, P2: 00, Lc: 23, 81, 58, 20, 00, 01, 02, 03, 04, 05, 06, 07, 08, 09, 0a, 0b, 0c, 0d, 0e, 0f, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 1a, 1b, 1c, 1d, 1e, 1f, Le: 00, SW1: 69, SW2: 86 -CLA: 80, INS: 10, P1: 40, P2: 00, Lc: 22, 81, a4, 1a, 10, 00, 00, 02, 01, 1a, 30, 00, 00, 03, 19, 08, 00, 1a, 50, 00, 00, c8, 1a, 00, 01, 00, 01, 1a, 20, 00, 00, 01, 42, 02, 03, Le: 00, SW1: 69, SW2: 86 -CLA: 80, INS: 10, P1: 40, P2: 00, Lc: 23, 81, a4, 1a, 10, 00, 00, 02, 18, 20, 1a, 30, 00, 00, 03, 19, 01, 00, 1a, 50, 00, 00, c8, 1a, 00, 01, 00, 01, 1a, 20, 00, 00, 01, 42, 02, 03, Le: 00, SW1: 69, SW2: 86 -CLA: 80, INS: 10, P1: 40, P2: 00, Lc: 22, 81, a4, 1a, 10, 00, 00, 02, 03, 1a, 30, 00, 00, 03, 19, 01, 00, 1a, 50, 00, 00, c8, 1a, 00, 01, 00, 01, 1a, 20, 00, 00, 01, 42, 02, 03, Le: 00, SW1: 69, SW2: 86 -CLA: 80, INS: 10, P1: 40, P2: 00, Lc: 22, 81, a4, 1a, 10, 00, 00, 02, 18, 21, 1a, 30, 00, 00, 03, 18, a8, 1a, 50, 00, 00, c8, 1a, 00, 01, 00, 01, 1a, 20, 00, 00, 01, 42, 02, 03, Le: 00, SW1: 69, SW2: 86 -CLA: 80, INS: 10, P1: 40, P2: 00, Lc: 32, 81, a6, 1a, 10, 00, 00, 02, 18, 80, 1a, 30, 00, 01, f5, 1a, 01, 02, 03, 04, 1a, 90, 00, 02, 59, 44, 54, 65, 73, 74, 1a, 30, 00, 00, 08, 18, 80, 1a, 30, 00, 00, 03, 18, 80, 1a, 20, 00, 00, 05, 41, 04, Le: 00, SW1: 69, SW2: 85 -CLA: 80, INS: 11, P1: 40, P2: 00, Lc: b4, 83, a5, 1a, 10, 00, 00, 02, 01, 1a, 30, 00, 01, f5, 1a, 01, 02, 03, 04, 1a, 90, 00, 02, 59, 44, 54, 65, 73, 74, 1a, 50, 00, 00, c8, 1a, 00, 01, 00, 01, 1a, 70, 00, 01, f7, 01, 03, 58, 85, 82, 58, 40, 80, 9a, 87, 4c, e1, a0, 71, 44, ae, 45, dd, 8d, 1c, 05, b4, d0, 44, 23, dd, 42, a7, c9, 53, 44, ac, 31, 4a, 22, 4a, 02, 65, a0, aa, 21, a8, 30, 94, 7d, 13, a1, bc, 89, 81, b5, 54, de, 75, 82, b9, 0b, 1a, 7a, 81, 0c, 51, e0, 2f, 91, 97, d4, e8, 33, 27, 61, 58, 40, 92, 6c, 79, 17, bb, 36, 6f, b7, 58, 25, 84, 98, a9, 56, 07, e6, 07, f6, 26, 92, 15, f6, 21, 9f, 6c, f0, b4, e7, 20, 42, ac, b6, d8, 30, 61, 06, c9, 3b, 30, 67, 1e, 8d, 74, 11, 8b, 06, 98, ab, 8d, 6a, 6c, cd, b7, 2f, c3, a8, 30, c7, 68, 03, 4f, 72, c7, 5b, Le: 00, SW1: 69, SW2: 85 -CLA: 80, INS: 11, P1: 40, P2: 00, Lc: 7d, 83, a4, 1a, 10, 00, 00, 02, 03, 1a, 30, 00, 01, f5, 1a, 01, 02, 03, 04, 1a, 90, 00, 02, 59, 44, 54, 65, 73, 74, 1a, 50, 00, 00, c8, 1a, 00, 01, 00, 01, 03, 58, 54, 83, 58, 18, a6, 68, de, ec, 65, 6c, fb, ee, aa, 43, ef, 97, 9d, 10, 82, f0, 99, 5f, 10, f3, ee, 9c, 38, 57, 58, 31, 04, 3a, f8, f4, fa, 1f, e4, 4d, 62, a1, cd, 26, 8e, 1a, 5a, aa, f5, a8, 94, e3, 8b, 4c, ce, 49, a1, 57, 25, 81, 6d, be, 5c, 3b, 07, 95, b6, 89, 24, 6e, 9d, 25, 22, e6, 5f, 41, cc, 59, ce, 25, 0c, 1a, 10, 00, 00, 0a, 01, Le: 00, SW1: 69, SW2: 85 -CLA: 80, INS: 11, P1: 40, P2: 00, Lc: 3f, 83, a5, 1a, 10, 00, 00, 02, 18, 20, 1a, 30, 00, 01, f5, 1a, 01, 02, 03, 04, 1a, 90, 00, 02, 59, 44, 54, 65, 73, 74, 1a, 30, 00, 00, 03, 18, 80, 1a, 20, 00, 00, 05, 41, 04, 03, 52, 81, 50, 95, e6, 79, 36, 64, a5, ec, 72, bf, 01, 4c, 83, 6c, cd, cf, 51, Le: 00, SW1: 69, SW2: 85 -CLA: 80, INS: 11, P1: 40, P2: 00, Lc: 46, 83, a6, 1a, 10, 00, 00, 02, 18, 80, 1a, 30, 00, 01, f5, 1a, 01, 02, 03, 04, 1a, 90, 00, 02, 59, 44, 54, 65, 73, 74, 1a, 30, 00, 00, 03, 18, 80, 1a, 20, 00, 00, 05, 41, 04, 1a, 30, 00, 00, 08, 18, 80, 03, 52, 81, 50, fc, a6, 8f, 58, 68, 93, de, d0, c0, 74, 1c, 6f, 1d, 39, 2e, 4a, Le: 00, SW1: 69, SW2: 85 -CLA: 80, INS: 11, P1: 40, P2: 00, Lc: 3f, 83, a5, 1a, 10, 00, 00, 02, 18, 21, 1a, 30, 00, 01, f5, 1a, 01, 02, 03, 04, 1a, 90, 00, 02, 59, 44, 54, 65, 73, 74, 1a, 30, 00, 00, 03, 18, a8, 1a, 20, 00, 00, 05, 41, 04, 03, 52, 81, 50, 8b, d4, d5, 84, 37, 39, c0, 1b, db, ed, 3c, 68, 99, 3a, dc, 3d, Le: 00, SW1: 69, SW2: 85 diff --git a/Applet/powerdown.scr b/Applet/powerdown.scr deleted file mode 100644 index 7dca615e..00000000 --- a/Applet/powerdown.scr +++ /dev/null @@ -1,4 +0,0 @@ - -// output on; - -powerdown; \ No newline at end of file diff --git a/Applet/powerup.scr b/Applet/powerup.scr deleted file mode 100644 index 79990dc4..00000000 --- a/Applet/powerup.scr +++ /dev/null @@ -1,9 +0,0 @@ -powerup; - -// Select the installer applet -0x00 0xA4 0x04 0x00 0x09 0xA0 0x00 0x00 0x00 0x62 0x03 0x01 0x08 0x01 0x7F; - -// Turn output off during CAP file download -echo "CAP file download section. Output suppressed."; - -output off; diff --git a/Applet/Applet/src/com/android/javacard/keymaster/KMArray.java b/Applet/src/com/android/javacard/keymaster/KMArray.java similarity index 100% rename from Applet/Applet/src/com/android/javacard/keymaster/KMArray.java rename to Applet/src/com/android/javacard/keymaster/KMArray.java diff --git a/Applet/Applet/src/com/android/javacard/keymaster/KMAttestationCert.java b/Applet/src/com/android/javacard/keymaster/KMAttestationCert.java similarity index 100% rename from Applet/Applet/src/com/android/javacard/keymaster/KMAttestationCert.java rename to Applet/src/com/android/javacard/keymaster/KMAttestationCert.java diff --git a/Applet/Applet/src/com/android/javacard/keymaster/KMBoolTag.java b/Applet/src/com/android/javacard/keymaster/KMBoolTag.java similarity index 100% rename from Applet/Applet/src/com/android/javacard/keymaster/KMBoolTag.java rename to Applet/src/com/android/javacard/keymaster/KMBoolTag.java diff --git a/Applet/Applet/src/com/android/javacard/keymaster/KMByteBlob.java b/Applet/src/com/android/javacard/keymaster/KMByteBlob.java similarity index 100% rename from Applet/Applet/src/com/android/javacard/keymaster/KMByteBlob.java rename to Applet/src/com/android/javacard/keymaster/KMByteBlob.java diff --git a/Applet/Applet/src/com/android/javacard/keymaster/KMByteTag.java b/Applet/src/com/android/javacard/keymaster/KMByteTag.java similarity index 100% rename from Applet/Applet/src/com/android/javacard/keymaster/KMByteTag.java rename to Applet/src/com/android/javacard/keymaster/KMByteTag.java diff --git a/Applet/Applet/src/com/android/javacard/keymaster/KMDecoder.java b/Applet/src/com/android/javacard/keymaster/KMDecoder.java similarity index 100% rename from Applet/Applet/src/com/android/javacard/keymaster/KMDecoder.java rename to Applet/src/com/android/javacard/keymaster/KMDecoder.java diff --git a/Applet/Applet/src/com/android/javacard/keymaster/KMEncoder.java b/Applet/src/com/android/javacard/keymaster/KMEncoder.java similarity index 100% rename from Applet/Applet/src/com/android/javacard/keymaster/KMEncoder.java rename to Applet/src/com/android/javacard/keymaster/KMEncoder.java diff --git a/Applet/Applet/src/com/android/javacard/keymaster/KMEnum.java b/Applet/src/com/android/javacard/keymaster/KMEnum.java similarity index 100% rename from Applet/Applet/src/com/android/javacard/keymaster/KMEnum.java rename to Applet/src/com/android/javacard/keymaster/KMEnum.java diff --git a/Applet/Applet/src/com/android/javacard/keymaster/KMEnumArrayTag.java b/Applet/src/com/android/javacard/keymaster/KMEnumArrayTag.java similarity index 100% rename from Applet/Applet/src/com/android/javacard/keymaster/KMEnumArrayTag.java rename to Applet/src/com/android/javacard/keymaster/KMEnumArrayTag.java diff --git a/Applet/Applet/src/com/android/javacard/keymaster/KMEnumTag.java b/Applet/src/com/android/javacard/keymaster/KMEnumTag.java similarity index 100% rename from Applet/Applet/src/com/android/javacard/keymaster/KMEnumTag.java rename to Applet/src/com/android/javacard/keymaster/KMEnumTag.java diff --git a/Applet/Applet/src/com/android/javacard/keymaster/KMError.java b/Applet/src/com/android/javacard/keymaster/KMError.java similarity index 100% rename from Applet/Applet/src/com/android/javacard/keymaster/KMError.java rename to Applet/src/com/android/javacard/keymaster/KMError.java diff --git a/Applet/Applet/src/com/android/javacard/keymaster/KMException.java b/Applet/src/com/android/javacard/keymaster/KMException.java similarity index 100% rename from Applet/Applet/src/com/android/javacard/keymaster/KMException.java rename to Applet/src/com/android/javacard/keymaster/KMException.java diff --git a/Applet/Applet/src/com/android/javacard/keymaster/KMHardwareAuthToken.java b/Applet/src/com/android/javacard/keymaster/KMHardwareAuthToken.java similarity index 100% rename from Applet/Applet/src/com/android/javacard/keymaster/KMHardwareAuthToken.java rename to Applet/src/com/android/javacard/keymaster/KMHardwareAuthToken.java diff --git a/Applet/Applet/src/com/android/javacard/keymaster/KMHmacSharingParameters.java b/Applet/src/com/android/javacard/keymaster/KMHmacSharingParameters.java similarity index 100% rename from Applet/Applet/src/com/android/javacard/keymaster/KMHmacSharingParameters.java rename to Applet/src/com/android/javacard/keymaster/KMHmacSharingParameters.java diff --git a/Applet/Applet/src/com/android/javacard/keymaster/KMInteger.java b/Applet/src/com/android/javacard/keymaster/KMInteger.java similarity index 100% rename from Applet/Applet/src/com/android/javacard/keymaster/KMInteger.java rename to Applet/src/com/android/javacard/keymaster/KMInteger.java diff --git a/Applet/Applet/src/com/android/javacard/keymaster/KMIntegerArrayTag.java b/Applet/src/com/android/javacard/keymaster/KMIntegerArrayTag.java similarity index 100% rename from Applet/Applet/src/com/android/javacard/keymaster/KMIntegerArrayTag.java rename to Applet/src/com/android/javacard/keymaster/KMIntegerArrayTag.java diff --git a/Applet/Applet/src/com/android/javacard/keymaster/KMIntegerTag.java b/Applet/src/com/android/javacard/keymaster/KMIntegerTag.java similarity index 100% rename from Applet/Applet/src/com/android/javacard/keymaster/KMIntegerTag.java rename to Applet/src/com/android/javacard/keymaster/KMIntegerTag.java diff --git a/Applet/Applet/src/com/android/javacard/keymaster/KMKeyCharacteristics.java b/Applet/src/com/android/javacard/keymaster/KMKeyCharacteristics.java similarity index 100% rename from Applet/Applet/src/com/android/javacard/keymaster/KMKeyCharacteristics.java rename to Applet/src/com/android/javacard/keymaster/KMKeyCharacteristics.java diff --git a/Applet/Applet/src/com/android/javacard/keymaster/KMKeyParameters.java b/Applet/src/com/android/javacard/keymaster/KMKeyParameters.java similarity index 100% rename from Applet/Applet/src/com/android/javacard/keymaster/KMKeyParameters.java rename to Applet/src/com/android/javacard/keymaster/KMKeyParameters.java diff --git a/Applet/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java similarity index 99% rename from Applet/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java rename to Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java index cde5de0a..76c97b0e 100644 --- a/Applet/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java +++ b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java @@ -32,7 +32,7 @@ * objects. It also implements the keymaster state machine and handles javacard applet life cycle * events. */ -public class KMKeymasterApplet extends Applet implements AppletEvent, ExtendedLength, OnUpgradeListener { +public class KMKeymasterApplet extends Applet implements AppletEvent, ExtendedLength { // Constants. public static final byte AES_BLOCK_SIZE = 16; public static final byte DES_BLOCK_SIZE = 8; @@ -150,10 +150,10 @@ public class KMKeymasterApplet extends Applet implements AppletEvent, ExtendedLe public static final byte OUTPUT_DATA = 25; public static final byte HW_TOKEN = 26; public static final byte VERIFICATION_TOKEN = 27; - private static final byte SIGNATURE = 28; + protected static final byte SIGNATURE = 28; // AddRngEntropy - private static final short MAX_SEED_SIZE = 2048; + protected static final short MAX_SEED_SIZE = 2048; // Keyblob constants public static final byte KEY_BLOB_SECRET = 0; public static final byte KEY_BLOB_NONCE = 1; @@ -167,23 +167,23 @@ public class KMKeymasterApplet extends Applet implements AppletEvent, ExtendedLe private static final short HMAC_SHARED_PARAM_MAX_SIZE = 64; // Keymaster Applet attributes - private static byte keymasterState = ILLEGAL_STATE; - private static KMEncoder encoder; - private static KMDecoder decoder; - private static KMRepository repository; - private static KMSEProvider seProvider; - private static byte[] buffer; - private static short bufferLength; - private static short bufferStartOffset; - private static short[] tmpVariables; - private static short[] data; - private byte provisionStatus = NOT_PROVISIONED; - private static final short MAX_CERT_SIZE = 2048; + protected static byte keymasterState = ILLEGAL_STATE; + protected static KMEncoder encoder; + protected static KMDecoder decoder; + protected static KMRepository repository; + protected static KMSEProvider seProvider; + protected static byte[] buffer; + protected static short bufferLength; + protected static short bufferStartOffset; + protected static short[] tmpVariables; + protected static short[] data; + protected byte provisionStatus = NOT_PROVISIONED; + protected static final short MAX_CERT_SIZE = 2048; /** Registers this applet. */ - protected KMKeymasterApplet() { + protected KMKeymasterApplet(KMSEProvider seImpl) { boolean isUpgrading = UpgradeManager.isUpgrading(); - seProvider = KMSEProviderImpl.instance(isUpgrading); + seProvider = seImpl; repository = new KMRepository(isUpgrading); byte[] buf = JCSystem.makeTransientByteArray((short) 32, JCSystem.CLEAR_ON_DESELECT); data = JCSystem.makeTransientShortArray((short) DATA_ARRAY_SIZE, JCSystem.CLEAR_ON_RESET); @@ -199,18 +199,6 @@ protected KMKeymasterApplet() { decoder = new KMDecoder(); } - /** - * Installs this applet. - * - * @param bArray the array containing installation parameters - * @param bOffset the starting offset in bArray - * @param bLength the length in bytes of the parameter data in bArray - */ - public static void install(byte[] bArray, short bOffset, byte bLength) { - new KMKeymasterApplet().register(bArray, (short) (bOffset + 1), bArray[bOffset]); - //new KMKeymasterApplet().register(); - } - /** * Selects this applet. * @@ -4068,7 +4056,7 @@ private void add(byte[] buf, short op1, short op2, short result) { index--; } } - +/* @Override public void onCleanup() { } @@ -4107,13 +4095,5 @@ public Element onSave() { seProvider.onSave(element); return element; } - - private short computePrimitveDataSize() { - // provisionStatus + keymasterState - return (short) 2; - } - - private short computeObjectCount() { - return (short) 0; - } +*/ } diff --git a/Applet/Applet/src/com/android/javacard/keymaster/KMOperation.java b/Applet/src/com/android/javacard/keymaster/KMOperation.java similarity index 100% rename from Applet/Applet/src/com/android/javacard/keymaster/KMOperation.java rename to Applet/src/com/android/javacard/keymaster/KMOperation.java diff --git a/Applet/Applet/src/com/android/javacard/keymaster/KMOperationState.java b/Applet/src/com/android/javacard/keymaster/KMOperationState.java similarity index 100% rename from Applet/Applet/src/com/android/javacard/keymaster/KMOperationState.java rename to Applet/src/com/android/javacard/keymaster/KMOperationState.java diff --git a/Applet/Applet/src/com/android/javacard/keymaster/KMRepository.java b/Applet/src/com/android/javacard/keymaster/KMRepository.java similarity index 100% rename from Applet/Applet/src/com/android/javacard/keymaster/KMRepository.java rename to Applet/src/com/android/javacard/keymaster/KMRepository.java diff --git a/Applet/Applet/src/com/android/javacard/keymaster/KMSEProvider.java b/Applet/src/com/android/javacard/keymaster/KMSEProvider.java similarity index 100% rename from Applet/Applet/src/com/android/javacard/keymaster/KMSEProvider.java rename to Applet/src/com/android/javacard/keymaster/KMSEProvider.java diff --git a/Applet/Applet/src/com/android/javacard/keymaster/KMTag.java b/Applet/src/com/android/javacard/keymaster/KMTag.java similarity index 100% rename from Applet/Applet/src/com/android/javacard/keymaster/KMTag.java rename to Applet/src/com/android/javacard/keymaster/KMTag.java diff --git a/Applet/Applet/src/com/android/javacard/keymaster/KMType.java b/Applet/src/com/android/javacard/keymaster/KMType.java similarity index 100% rename from Applet/Applet/src/com/android/javacard/keymaster/KMType.java rename to Applet/src/com/android/javacard/keymaster/KMType.java diff --git a/Applet/Applet/src/com/android/javacard/keymaster/KMUpgradable.java b/Applet/src/com/android/javacard/keymaster/KMUpgradable.java similarity index 100% rename from Applet/Applet/src/com/android/javacard/keymaster/KMUpgradable.java rename to Applet/src/com/android/javacard/keymaster/KMUpgradable.java diff --git a/Applet/Applet/src/com/android/javacard/keymaster/KMVerificationToken.java b/Applet/src/com/android/javacard/keymaster/KMVerificationToken.java similarity index 100% rename from Applet/Applet/src/com/android/javacard/keymaster/KMVerificationToken.java rename to Applet/src/com/android/javacard/keymaster/KMVerificationToken.java From 85b2787cdabe78478b4ebb562d4ce7ac260cb232 Mon Sep 17 00:00:00 2001 From: bvenkateswarlu Date: Sun, 29 Nov 2020 23:03:59 +0000 Subject: [PATCH 009/169] Added new function isUpgrading inside KMSEProvider Corrected the values of extended errorCodes. Removed the hard-coded tags in KMAttestationCertImpl --- .../javacard/keymaster/KMAndroidSEApplet.java | 2 +- .../keymaster/KMAndroidSEProvider.java | 11 ++++++++--- .../keymaster/KMAttestationCertImpl.java | 18 ++++++++++++------ .../javacard/keymaster/KMJCardSimulator.java | 6 ++++++ .../android/javacard/keymaster/KMError.java | 10 +++++----- .../javacard/keymaster/KMKeymasterApplet.java | 3 +-- .../javacard/keymaster/KMSEProvider.java | 7 +++++++ 7 files changed, 40 insertions(+), 17 deletions(-) diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEApplet.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEApplet.java index 1d24f580..99dd47ce 100644 --- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEApplet.java +++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEApplet.java @@ -7,7 +7,7 @@ public class KMAndroidSEApplet extends KMKeymasterApplet implements OnUpgradeListener { KMAndroidSEApplet(){ - super(new KMAndroidSEProvider(true)); + super(new KMAndroidSEProvider()); } /** * Installs this applet. diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java index db1cd7f5..9d9812c1 100644 --- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java +++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java @@ -16,6 +16,8 @@ package com.android.javacard.keymaster; import org.globalplatform.upgrade.Element; +import org.globalplatform.upgrade.UpgradeManager; + import javacard.framework.JCSystem; import javacard.framework.Util; import javacard.security.AESKey; @@ -163,7 +165,7 @@ public static KMAndroidSEProvider getInstance() { return androidSEProvider; } - public KMAndroidSEProvider(boolean isUpgrading) { + public KMAndroidSEProvider() { // Re-usable AES,DES and HMAC keys in persisted memory. aesKeys = new AESKey[2]; aesKeys[KEYSIZE_128_OFFSET] = (AESKey) KeyBuilder.buildKey( @@ -199,7 +201,7 @@ public KMAndroidSEProvider(boolean isUpgrading) { // Random number generator initialisation. rng = RandomData.getInstance(RandomData.ALG_KEYGENERATION); //Allocate buffer for certificate chain. - if(!isUpgrading) + if(!isUpgrading()) certificateChain = new byte[CERT_CHAIN_MAX_SIZE]; androidSEProvider = this; } @@ -1204,5 +1206,8 @@ public short getBackupObjectCount() { return (short) 1; } - + @Override + public boolean isUpgrading() { + return UpgradeManager.isUpgrading(); + } } diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java index 1e50f620..40bd751b 100644 --- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java +++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java @@ -482,9 +482,9 @@ private static void pushSWParams() { short last = stackPtr; // ATTESTATION_APPLICATION_ID 709 is softwareEnforced. short[] tagIds = { - 709, 706, 705, 704, 703, 702, 701, 601, 600, 509, 508, 507, 506, 505, 504, 503, 402, 401, 400, - 303, 200, 10, 6, 5, 3, 2, 1 - }; + KMType.ATTESTATION_APPLICATION_ID, KMType.CREATION_DATETIME, + KMType.USAGE_EXPIRE_DATETIME, KMType.ORIGINATION_EXPIRE_DATETIME, + KMType.ACTIVE_DATETIME, KMType.UNLOCKED_DEVICE_REQUIRED }; byte index = 0; do { /* @@ -502,9 +502,15 @@ private static void pushHWParams() { short last = stackPtr; // Attestation ids are not included. As per VTS attestation ids are not supported currenlty. short[] tagIds = { - 706, 705, 704, 703, 702, 701, 601, 600, 509, 508, 507, 506, 505, 504, 503, 402, 401, 400, 303, - 200, 10, 6, 5, 3, 2, 1 - }; + KMType.BOOT_PATCH_LEVEL, KMType.VENDOR_PATCH_LEVEL, + KMType.OS_PATCH_LEVEL, KMType.OS_VERSION, KMType.ROOT_OF_TRUST, + KMType.ORIGIN, KMType.APPLICATION_ID, + KMType.TRUSTED_CONFIRMATION_REQUIRED, + KMType.TRUSTED_USER_PRESENCE_REQUIRED, KMType.ALLOW_WHILE_ON_BODY, + KMType.AUTH_TIMEOUT, KMType.USER_AUTH_TYPE, KMType.NO_AUTH_REQUIRED, + KMType.ROLLBACK_RESISTANCE, KMType.RSA_PUBLIC_EXPONENT, + KMType.ECCURVE, KMType.PADDING, KMType.DIGEST, KMType.KEYSIZE, + KMType.ALGORITHM, KMType.PURPOSE }; byte index = 0; do { // if(pushAttIds(tagIds[index])) continue; diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java index 446f8bd2..70311e51 100644 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java +++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java @@ -1312,4 +1312,10 @@ public short getBackupObjectCount() { // TODO Auto-generated method stub return 0; } + + @Override + public boolean isUpgrading() { + // TODO Auto-generated method stub + return false; + } } diff --git a/Applet/src/com/android/javacard/keymaster/KMError.java b/Applet/src/com/android/javacard/keymaster/KMError.java index 043fae96..e70dc8c2 100644 --- a/Applet/src/com/android/javacard/keymaster/KMError.java +++ b/Applet/src/com/android/javacard/keymaster/KMError.java @@ -87,9 +87,9 @@ public class KMError { //Extended errors public static short SW_CONDITIONS_NOT_SATISFIED = 1001; public static short UNSUPPORTED_CLA = 1002; - public static short INVALID_P1P2 = 1002; - public static short UNSUPPORTED_INSTRUCTION = 1002; - public static short CMD_NOT_ALLOWED = 1002; - public static short SW_WRONG_LENGTH = 1002; - public static short INVALID_DATA = 1002; + public static short INVALID_P1P2 = 1003; + public static short UNSUPPORTED_INSTRUCTION = 1004; + public static short CMD_NOT_ALLOWED = 1005; + public static short SW_WRONG_LENGTH = 1006; + public static short INVALID_DATA = 1007; } diff --git a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java index 76c97b0e..9b78c56c 100644 --- a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java +++ b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java @@ -26,7 +26,6 @@ import javacard.security.CryptoException; import javacardx.apdu.ExtendedLength; -import org.globalplatform.upgrade.*; /** * KMKeymasterApplet implements the javacard applet. It creates repository and other install time * objects. It also implements the keymaster state machine and handles javacard applet life cycle @@ -182,8 +181,8 @@ public class KMKeymasterApplet extends Applet implements AppletEvent, ExtendedLe /** Registers this applet. */ protected KMKeymasterApplet(KMSEProvider seImpl) { - boolean isUpgrading = UpgradeManager.isUpgrading(); seProvider = seImpl; + boolean isUpgrading = seImpl.isUpgrading(); repository = new KMRepository(isUpgrading); byte[] buf = JCSystem.makeTransientByteArray((short) 32, JCSystem.CLEAR_ON_DESELECT); data = JCSystem.makeTransientShortArray((short) DATA_ARRAY_SIZE, JCSystem.CLEAR_ON_RESET); diff --git a/Applet/src/com/android/javacard/keymaster/KMSEProvider.java b/Applet/src/com/android/javacard/keymaster/KMSEProvider.java index e0ee49dc..b3e9c266 100644 --- a/Applet/src/com/android/javacard/keymaster/KMSEProvider.java +++ b/Applet/src/com/android/javacard/keymaster/KMSEProvider.java @@ -476,4 +476,11 @@ KMOperation initAsymmetricOperation( * @param resetBootFlag is false if event has been handled */ void clearDeviceBooted(boolean resetBootFlag); + + /** + * This function tells if applet is upgrading or not. + * + * @return true if upgrading, otherwise false. + */ + boolean isUpgrading(); } From 4fa7b5feacd2c1b21f7d4fd99623c3d606e0c6bd Mon Sep 17 00:00:00 2001 From: BKSSMVenkateswarlu <40534495+BKSSMVenkateswarlu@users.noreply.github.com> Date: Mon, 30 Nov 2020 20:43:14 +0000 Subject: [PATCH 010/169] Update README.md Updated README file. --- Applet/README.md | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/Applet/README.md b/Applet/README.md index 9d592fd2..76af5b05 100644 --- a/Applet/README.md +++ b/Applet/README.md @@ -1,6 +1,19 @@ # JavaCardKeymaster Applet This directory contains the implementation of the Keymaster 4.1 -interface, in the form of a JavaCard 3.1 applet which runs in a secure +interface, in the form of a JavaCard 3.0.5 applet which runs in a secure element. It must be deployed in conjuction with the associated HAL, which serves to intermediate between Android Keystore and this applet. + +# Supported Features! + + - Support for AndroidSEProvider, which is compliant to JavaCard platform, Classic Edition 3.0.5. + - Keymaster 4.1 supported functions for required VTS compliance. + - Support for SE Provisioning and bootup + - Support for Global platoform Amendment H in AndroidSEProvider. + - Unit test using JCardSim. + +#### Building for source +- Install Javacard 3.0.5 classic sdk. +- set JC_HOME_SIMULATOR environment variable to the installed sdk. +- Give ant build from Applet folder. From 5c0f549f3ce574b0443588eb622ba7a78b0a81bb Mon Sep 17 00:00:00 2001 From: BKSSMVenkateswarlu <40534495+BKSSMVenkateswarlu@users.noreply.github.com> Date: Mon, 30 Nov 2020 21:00:14 +0000 Subject: [PATCH 011/169] Update README.md Updated the links for Applet Design document and HAL design document. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index dd532000..670e94a1 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ # JavaCardKeymaster JavaCard implementation of the [Android Keymaster 4.1 HAL](https://android.googlesource.com/platform/hardware/interfaces/+/master/keymaster/4.1/IKeymasterDevice.hal) (most of the specification is in the [Android Keymaster 4.0 HAL](https://android.googlesource.com/platform/hardware/interfaces/+/master/keymaster/4.0/IKeymasterDevice.hal)), intended for creation of StrongBox Keymaster instances to support the [Android Hardware-backed Keystore](https://source.android.com/security/keystore). -Here is the [JavaCard Applet design doc](https://docs.google.com/document/d/1mIv895E3imKfzxS9weWQxP3jZIxS-7OPmh4fxdjOPm0/edit#heading=h.xgjl2srtytjt) and the [HAL design doc](https://docs.google.com/document/d/1ExaoEOU3mkjhoMIcAhD_Z6kPp5yyfjpnfBpUQHiSomw/edit#heading=h.gjdgxs) (the content will move here when it stablizes, for now these are a limited-access links). +Here is the [JavaCard Applet design doc](https://docs.google.com/document/d/1bTAmhDqCNq1HYzChNDv8kLJEi64cwTIZ2PfdMMz3o8U/edit#heading=h.gjdgxs) and the [HAL design doc](https://docs.google.com/document/d/1-1MLJ781wAPJ2YxCdCtHMepld8F8KVAxpPtCw9J3b3o/edit#heading=h.gjdgxs) (the content will move here when it stablizes, for now these are a limited-access links). From ac6745490a889facf4beaeb48f1736175b114d21 Mon Sep 17 00:00:00 2001 From: bvenkateswarlu Date: Mon, 30 Nov 2020 21:20:40 +0000 Subject: [PATCH 012/169] Added a protected function validateApduHeader so that subclass of KMKemasterApplet can override it. --- .../javacard/keymaster/KMKeymasterApplet.java | 32 ++++++++++++------- 1 file changed, 21 insertions(+), 11 deletions(-) diff --git a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java index 9b78c56c..43ada045 100644 --- a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java +++ b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java @@ -246,6 +246,23 @@ private short mapISOErrorToKMError(short reason) { } } + protected void validateApduHeader(APDU apdu) { + // Read the apdu header and buffer. + byte[] apduBuffer = apdu.getBuffer(); + byte apduClass = apduBuffer[ISO7816.OFFSET_CLA]; + short P1P2 = Util.getShort(apduBuffer, ISO7816.OFFSET_P1); + + // Validate APDU Header. + if ((apduClass != CLA_ISO7816_NO_SM_NO_CHAN)) { + ISOException.throwIt(ISO7816.SW_CLA_NOT_SUPPORTED); + } + + // Validate P1P2. + if (P1P2 != KMKeymasterApplet.KM_HAL_VERSION) { + ISOException.throwIt(ISO7816.SW_INCORRECT_P1P2); + } + } + /** * Processes an incoming APDU and handles it using command objects. * @@ -267,24 +284,17 @@ public void process(APDU apdu) { return; } } - // Read the apdu header and buffer. + // Validate APDU Header. + validateApduHeader(apdu); + byte[] apduBuffer = apdu.getBuffer(); - byte apduClass = apduBuffer[ISO7816.OFFSET_CLA]; byte apduIns = apduBuffer[ISO7816.OFFSET_INS]; - short P1P2 = Util.getShort(apduBuffer, ISO7816.OFFSET_P1); - buffer = repository.getHeap(); - // Validate APDU Header. - if ((apduClass != CLA_ISO7816_NO_SM_NO_CHAN)) { - ISOException.throwIt(ISO7816.SW_CLA_NOT_SUPPORTED); - } - if (P1P2 != KMKeymasterApplet.KM_HAL_VERSION) { - ISOException.throwIt(ISO7816.SW_INCORRECT_P1P2); - } // Validate whether INS can be supported if (!(apduIns > INS_BEGIN_KM_CMD && apduIns < INS_END_KM_CMD)) { ISOException.throwIt(ISO7816.SW_INS_NOT_SUPPORTED); } + buffer = repository.getHeap(); // Process the apdu if (keymasterState == KMKeymasterApplet.IN_PROVISION_STATE) { switch (apduIns) { From 70cbb3aaba597f2a2561e7fe6d8713ab3920f8cf Mon Sep 17 00:00:00 2001 From: BKSSM Venkateswarlu Date: Tue, 8 Dec 2020 11:01:05 +0000 Subject: [PATCH 013/169] Added provision_tool source --- HAL/keymaster/4.1/provision_tool.cpp | 449 +++++++++++++++++++++++++++ HAL/keymaster/Android.bp | 26 ++ 2 files changed, 475 insertions(+) create mode 100644 HAL/keymaster/4.1/provision_tool.cpp diff --git a/HAL/keymaster/4.1/provision_tool.cpp b/HAL/keymaster/4.1/provision_tool.cpp new file mode 100644 index 00000000..2c9fb180 --- /dev/null +++ b/HAL/keymaster/4.1/provision_tool.cpp @@ -0,0 +1,449 @@ +/* + ** + ** Copyright 2020, The Android Open Source Project + ** + ** Licensed under the Apache License, Version 2.0 (the "License"); + ** you may not use this file except in compliance with the License. + ** You may obtain a copy of the License at + ** + ** http://www.apache.org/licenses/LICENSE-2.0 + ** + ** Unless required by applicable law or agreed to in writing, software + ** distributed under the License is distributed on an "AS IS" BASIS, + ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + ** See the License for the specific language governing permissions and + ** limitations under the License. + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define BUFFER_MAX_LENGTH 256 +#define SB_KEYMASTER_SERVICE "javacard" +#define INS_BEGIN_KM_CMD 0x00 +#define APDU_CLS 0x80 +#define APDU_P1 0x40 +#define APDU_P2 0x00 +#define APDU_RESP_STATUS_OK 0x9000 + +enum class Instruction { + // Provisioning commands + INS_PROVISION_ATTESTATION_KEY_CMD = INS_BEGIN_KM_CMD+1, + INS_PROVISION_CERT_CHAIN_CMD = INS_BEGIN_KM_CMD+2, + INS_PROVISION_CERT_PARAMS_CMD = INS_BEGIN_KM_CMD+3, + INS_PROVISION_ATTEST_IDS_CMD = INS_BEGIN_KM_CMD+4, + INS_PROVISION_SHARED_SECRET_CMD = INS_BEGIN_KM_CMD+5, + INS_SET_BOOT_PARAMS_CMD = INS_BEGIN_KM_CMD+6, + INS_LOCK_PROVISIONING_CMD = INS_BEGIN_KM_CMD+7, + INS_GET_PROVISION_STATUS_CMD = INS_BEGIN_KM_CMD+8, +}; + +enum ProvisionStatus { + NOT_PROVISIONED = 0x00, + PROVISION_STATUS_ATTESTATION_KEY = 0x01, + PROVISION_STATUS_ATTESTATION_CERT_CHAIN = 0x02, + PROVISION_STATUS_ATTESTATION_CERT_PARAMS = 0x04, + PROVISION_STATUS_ATTEST_IDS = 0x08, + PROVISION_STATUS_SHARED_SECRET = 0x10, + PROVISION_STATUS_BOOT_PARAM = 0x20, + PROVISION_STATUS_PROVISIONING_LOCKED = 0x40, +}; + +using ::android::hardware::keymaster::V4_0::ErrorCode; +using ::android::hardware::keymaster::V4_0::HardwareAuthenticatorType; +using ::android::hardware::keymaster::V4_0::HardwareAuthToken; +using ::android::hardware::keymaster::V4_0::HmacSharingParameters; +using ::android::hardware::keymaster::V4_0::KeyCharacteristics; +using ::android::hardware::keymaster::V4_0::KeyFormat; +using ::android::hardware::keymaster::V4_0::KeyParameter; +using ::android::hardware::keymaster::V4_0::KeyPurpose; +using ::android::hardware::keymaster::V4_0::OperationHandle; +using ::android::hardware::keymaster::V4_0::SecurityLevel; +using ::android::hardware::keymaster::V4_0::VerificationToken; +using ::android::hardware::keymaster::V4_0::Tag; +using ::android::hardware::keymaster::V4_1::IKeymasterDevice; +using ::android::sp; +using se_transport::TransportFactory; + +static sp sbKeymaster; +static TransportFactory *pTransportFactory; + +constexpr char hex_value[256] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // + 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 0, 0, 0, 0, 0, // '0'..'9' + 0, 10, 11, 12, 13, 14, 15, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 'A'..'F' + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // + 0, 10, 11, 12, 13, 14, 15, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 'a'..'f' + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; + +std::string hex2str(const uint8_t* a, size_t len) { + std::string b; + size_t num = len / 2; + b.resize(num); + for (size_t i = 0; i < num; i++) { + b[i] = (hex_value[a[i * 2] & 0xFF] << 4) + (hex_value[a[i * 2 + 1] & 0xFF]); + } + return b; +} + +//static function declarations. +static ErrorCode constructApduMessage(Instruction& ins, std::vector& inputData, std::vector& apduOut, bool +extendedOutput); +static ErrorCode sendProvisionData(Instruction ins, std::vector& inData, std::vector& response, bool +extendedOutput); +static Tag mapAttestKeyToAttestTag(const char* key); + + + +static inline uint16_t getStatus(std::vector& inputData) { + //Last two bytes are the status SW0SW1 + return (inputData.at(inputData.size()-2) << 8) | (inputData.at(inputData.size()-1)); +} + +static inline TransportFactory* getTransportFactoryInstance() { + if(pTransportFactory == nullptr) { + pTransportFactory = new se_transport::TransportFactory( + android::base::GetBoolProperty("ro.kernel.qemu", false)); + pTransportFactory->openConnection(); + } + return pTransportFactory; +} + +static Tag mapAttestKeyToAttestTag(const char* key) { + //keymaster_tag_t tag = KM_TAG_INVALID; + Tag tag = Tag::INVALID; + std::string keyStr(key); + + if (0 == keyStr.compare("brand")) { + tag = Tag::ATTESTATION_ID_BRAND; + } else if(0 == keyStr.compare("device")) { + tag = Tag::ATTESTATION_ID_DEVICE; + } else if(0 == keyStr.compare("product")) { + tag = Tag::ATTESTATION_ID_PRODUCT; + } else if(0 == keyStr.compare("serial")) { + tag = Tag::ATTESTATION_ID_SERIAL; + } else if(0 == keyStr.compare("imei")) { + tag = Tag::ATTESTATION_ID_IMEI; + } else if(0 == keyStr.compare("meid")) { + tag = Tag::ATTESTATION_ID_MEID; + } else if(0 == keyStr.compare("manufacturer")) { + tag = Tag::ATTESTATION_ID_MANUFACTURER; + } else if(0 == keyStr.compare("model")) { + tag = Tag::ATTESTATION_ID_MODEL; + } + return tag; +} + +static ErrorCode constructApduMessage(Instruction& ins, std::vector& inputData, std::vector& apduOut, bool +extendedOutput) { + apduOut.push_back(static_cast(APDU_CLS)); //CLS + apduOut.push_back(static_cast(ins)); //INS + apduOut.push_back(static_cast(APDU_P1)); //P1 + apduOut.push_back(static_cast(APDU_P2)); //P2 + + if(UCHAR_MAX < inputData.size() && USHRT_MAX >= inputData.size()) { + //Extended length 3 bytes, starts with 0x00 + apduOut.push_back(static_cast(0x00)); + apduOut.push_back(static_cast(inputData.size() >> 8)); + apduOut.push_back(static_cast(inputData.size() & 0xFF)); + //Data + apduOut.insert(apduOut.end(), inputData.begin(), inputData.end()); + //Expected length of output + apduOut.push_back(static_cast(0x00)); + apduOut.push_back(static_cast(0x00)); + apduOut.push_back(static_cast(0x00));//Accepting complete length of output at a time + } else if(0 <= inputData.size() && UCHAR_MAX >= inputData.size()) { + //Short length + apduOut.push_back(static_cast(inputData.size())); + //Data + if(inputData.size() > 0) + apduOut.insert(apduOut.end(), inputData.begin(), inputData.end()); + //Expected length of output + apduOut.push_back(static_cast(0x00));//Accepting complete length of output at a time + if(extendedOutput) + apduOut.push_back(static_cast(0x00)); + + } else { + return (ErrorCode::INSUFFICIENT_BUFFER_SPACE); + } + + return (ErrorCode::OK);//success +} + +static ErrorCode sendProvisionData(Instruction ins, std::vector& inData, std::vector& response, bool +extendedOutput=false) { + ErrorCode ret = ErrorCode::OK; + std::vector apdu; + CborConverter cborConverter; + std::unique_ptr item; + ret = constructApduMessage(ins, inData, apdu, extendedOutput); + if(ret != ErrorCode::OK) return ret; + + if(!pTransportFactory->sendData(apdu.data(), apdu.size(), response)) { + return (ErrorCode::SECURE_HW_COMMUNICATION_FAILED); + } + + if((response.size() < 2) || (getStatus(response) != APDU_RESP_STATUS_OK)) { + return (ErrorCode::UNKNOWN_ERROR); + } + + if((response.size() > 2)) { + //Skip last 2 bytes in cborData, it contains status. + std::tie(item, ret) = cborConverter.decodeData(std::vector(response.begin(), response.end()-2), + true); + } else { + ret = ErrorCode::UNKNOWN_ERROR; + } + + return ret; +} + +void usage() { + printf("Usage:\n"); + printf("provision --attest_ids --shared_secret <32 bytes secret> --set_boot_params --lock_provision" + "--provision_status\n"); + printf("\n\n"); + printf("Options:\n"); + printf("-h, --help show this help message and exit.\n"); + printf("-a, --attest_ids FILE \n"); + printf("\t Syntax for attest_ids inside the file:\n"); + printf("\t brand=Google\n"); + printf("\t device=Pixel 3A\n"); + printf("\t product=Pixel\n"); + printf("\t serial=UGYJFDjFeRuBEH\n"); + printf("\t imei=987080543071019\n"); + printf("\t meid=27863510227963\n"); + printf("\t manufacturer=Foxconn\n"); + printf("\t model=HD1121\n"); + printf("-s, --shared_secret <32 bytes secret> \n"); + //TODO include set_boot_params + printf("\t The value of shared secret should be a 32 bytes in HEX\n"); + printf("-p, --provision_status Prints the provision status.\n"); + printf("-l, --lock_provision Locks the provision commands.\n"); +} + +bool provisionAttestationIds(const char* filename) { + CborConverter cborConverter; + cppbor::Array array; + Instruction ins = Instruction::INS_PROVISION_ATTEST_IDS_CMD; + ErrorCode errorCode = ErrorCode::OK; + std::vector response; + FILE *fp; + char tempChar; + int tempIndex = 0; + uint8_t buf[BUFFER_MAX_LENGTH]; + bool ret = true; + fp = fopen(filename, "rb"); + + if(fp == NULL) { + std::cout << "Failed to open file: " << filename; + return false; + } + std::vector params; + KeyParameter parameter; + Tag tag; + while((tempChar = fgetc(fp))) { + if (tempChar == '\n' || tempChar == EOF) { + buf[tempIndex] = '\0'; + tempIndex = 0; + if(0 != strlen((const char*)buf)) { + std::vector blob(buf, buf + strlen((const char*)buf)); + parameter.blob = std::move(blob); + params.push_back(parameter); + } + parameter = KeyParameter(); + // Decide to break or continue + if(tempChar == EOF) + break; + else + continue; + + } else if (tempChar == '=') { + buf[tempIndex] = '\0'; + tempIndex = 0; + if(Tag::INVALID == (tag = mapAttestKeyToAttestTag((const char*)buf))) { + ret = false; + printf("\n Invalid TAG \n"); + break; + } + parameter.tag = tag; + printf("Key: %s", buf); + continue; + } + buf[tempIndex++] = tempChar; + } + fclose(fp); + if(!ret) + return ret; + + hidl_vec attestParams(params); + + //Encode input data into CBOR. + cborConverter.addKeyparameters(array, attestParams); + std::vector cborData = array.encode(); + + if(ErrorCode::OK != (errorCode = sendProvisionData(ins, cborData, response))) { + ret = false; + printf("\n Failed to provision attestation ids error: %d\n", uint32_t(errorCode)); + } + return ret; +} + +bool lockProvision() { + bool ret = true; + cppbor::Array array; + Instruction ins = Instruction::INS_LOCK_PROVISIONING_CMD; + ErrorCode errorCode = ErrorCode::OK; + std::vector cborData; + std::vector response; + printf("\n lock provision\n"); + + + if(ErrorCode::OK != (errorCode = sendProvisionData(ins, cborData, response))) { + ret = false; + printf("\n Failed to lock provisioning error: %d\n", uint32_t(errorCode)); + } + return ret; +} + +bool getProvisionStatus() { + bool ret = true; + CborConverter cborConverter; + cppbor::Array array; + Instruction ins = Instruction::INS_GET_PROVISION_STATUS_CMD; + ErrorCode errorCode = ErrorCode::OK; + std::vector cborData; + std::vector response; + std::unique_ptr item; + printf("\nget provision sttus\n"); + + + if(ErrorCode::OK != (errorCode = sendProvisionData(ins, cborData, response))) { + ret = false; + printf("\n Failed to get provision status error: %d\n", uint32_t(errorCode)); + } + std::tie(item, errorCode) = cborConverter.decodeData(std::vector(response.begin(), response.end()-2), + true); + if(item != NULL) { + uint64_t status; + + if(!cborConverter.getUint64(item, 1, status)) { + ret = false; + printf("\n Failed to get the status value \n"); + } else { + printf("\n Current provision status: %ld", status); + } + } + return ret; +} + +bool provisionSharedSecret(const uint8_t* secret) { + bool ret = true; + cppbor::Array array; + Instruction ins = Instruction::INS_PROVISION_SHARED_SECRET_CMD; + ErrorCode errorCode = ErrorCode::OK; + std::vector response; + std::string str = hex2str(secret, strlen((const char*)secret)); + //Length of the secret should be 32 bytes. + if(32 != str.length()) { + return false; + } + std::vector input(str.data(), str.data() + str.length()); + + //Encode input data into CBOR. + array.add(input); + std::vector cborData = array.encode(); + + if(ErrorCode::OK != (errorCode = sendProvisionData(ins, cborData, response))) { + ret = false; + printf("\n Failed to provision shared secret error: %d\n", uint32_t(errorCode)); + } + return ret; +} + +int main(int argc, char* argv[]) +{ + int c; + struct option longOpts[] = { + {"attest_ids", required_argument, NULL, 'a'}, + {"shared_secret", required_argument, NULL, 's'}, + {"set_boot_params", required_argument, NULL, 'b'}, + {"provision_status", no_argument, NULL, 'p'}, + {"lock_provision", no_argument, NULL, 'l'}, + {"help", no_argument, NULL, 'h'}, + {0,0,0,0} + }; + sbKeymaster = IKeymasterDevice::getService(SB_KEYMASTER_SERVICE); + + if(NULL == sbKeymaster) { + printf("\n Failed to get StrongBox Keymaster service\n"); + exit(0); + } + pTransportFactory = getTransportFactoryInstance(); + if(NULL == pTransportFactory) { + printf("\n Failed to create transport factory\n"); + exit(0); + } + + if (argc <= 1) { + printf("\n Invalid command \n"); + usage(); + } + + /* getopt_long stores the option index here. */ + while ((c = getopt_long(argc, argv, ":plha:s:", longOpts, NULL)) != -1) { + switch(c) { + case 'a': + printf("\n attest_ids filename:%s\n", optarg); + provisionAttestationIds(optarg); + break; + case 's': + provisionSharedSecret((const uint8_t*)optarg); + break; + case 'p': + getProvisionStatus(); + break; + case 'l': + lockProvision(); + break; + case 'h': + usage(); + break; + case 0: + printf("\n set 0\n"); + break; + case ':': + printf("\n missing argument\n"); + usage(); + break; + case '?': + default: + printf("\n Invalid option\n"); + usage(); + break; + } + } + if(optind < argc) { + usage(); + } + return 0; +} diff --git a/HAL/keymaster/Android.bp b/HAL/keymaster/Android.bp index 8b34023d..0065f70c 100644 --- a/HAL/keymaster/Android.bp +++ b/HAL/keymaster/Android.bp @@ -14,6 +14,32 @@ // +cc_binary { + name: "provision_tool", + relative_install_path: "hw", + vendor: true, + srcs: [ + "4.1/provision_tool.cpp", + "4.1/CommonUtils.cpp", + "4.1/CborConverter.cpp", + ], + shared_libs: [ + "libdl", + "libcutils", + "libutils", + "libbase", + "libhardware", + "libhidlbase", + "libkeymaster_messages", + "libkeymaster_portable", + "android.hardware.keymaster@4.1", + "android.hardware.keymaster@4.0", + "libcppbor", + "libjc_transport", + "libcrypto", + ], +} + cc_binary { name: "android.hardware.keymaster@4.1-javacard.service", relative_install_path: "hw", From f5e4c1fc09f1329e27a6ffc76bd33954ac64feaa Mon Sep 17 00:00:00 2001 From: BKSSM Venkateswarlu Date: Tue, 8 Dec 2020 21:51:41 +0000 Subject: [PATCH 014/169] Fixed the VTS 4.1 EarlyBootEnded usecase with DeleteKey --- .../javacard/keymaster/KMKeymasterApplet.java | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java index 43ada045..c0a55751 100644 --- a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java +++ b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java @@ -912,12 +912,16 @@ private void processDeleteKeyCmd(APDU apdu) { tmpVariables[2] = KMKeyCharacteristics.exp(); KMArray.cast(tmpVariables[1]).add(KMKeymasterApplet.KEY_BLOB_KEYCHAR, tmpVariables[2]); KMArray.cast(tmpVariables[1]).add(KMKeymasterApplet.KEY_BLOB_PUB_KEY, KMByteBlob.exp()); - data[KEY_BLOB] = - decoder.decodeArray( - tmpVariables[1], - KMByteBlob.cast(data[KEY_BLOB]).getBuffer(), - KMByteBlob.cast(data[KEY_BLOB]).getStartOff(), - KMByteBlob.cast(data[KEY_BLOB]).length()); + try { + data[KEY_BLOB] = decoder.decodeArray(tmpVariables[1], + KMByteBlob.cast(data[KEY_BLOB]).getBuffer(), + KMByteBlob.cast(data[KEY_BLOB]).getStartOff(), + KMByteBlob.cast(data[KEY_BLOB]).length()); + } catch (ISOException e) { + // As per VTS, deleteKey should return KMError.OK but in case if + // input is empty then VTS accepts UNIMPLEMENTED errorCode as well. + KMException.throwIt(KMError.UNIMPLEMENTED); + } tmpVariables[0] = KMArray.cast(data[KEY_BLOB]).length(); if (tmpVariables[0] < 4) { KMException.throwIt(KMError.INVALID_KEY_BLOB); From 37239116db5409484cf4f8a409a8499545b2e17e Mon Sep 17 00:00:00 2001 From: BKSSM Venkateswarlu Date: Wed, 9 Dec 2020 23:00:52 +0000 Subject: [PATCH 015/169] 1. Used libjsoncpp for parsing json file 2. taking input from json file 3. Added all the provisiong flow. --- HAL/keymaster/4.1/provision_tool.cpp | 692 ++++++++++++++++++++++----- HAL/keymaster/Android.bp | 1 + HAL/keymaster/sample_json.txt | 25 + 3 files changed, 593 insertions(+), 125 deletions(-) create mode 100644 HAL/keymaster/sample_json.txt diff --git a/HAL/keymaster/4.1/provision_tool.cpp b/HAL/keymaster/4.1/provision_tool.cpp index 2c9fb180..ce698375 100644 --- a/HAL/keymaster/4.1/provision_tool.cpp +++ b/HAL/keymaster/4.1/provision_tool.cpp @@ -16,17 +16,25 @@ */ #include +#include #include #include #include +#include +#include +#include +#include #include #include #include +#include #include #include #include #include #include +#include +#include #define BUFFER_MAX_LENGTH 256 #define SB_KEYMASTER_SERVICE "javacard" @@ -35,6 +43,8 @@ #define APDU_P1 0x40 #define APDU_P2 0x00 #define APDU_RESP_STATUS_OK 0x9000 +#define MAX_ATTEST_IDS_SIZE 8 +#define SHARED_SECRET_SIZE 32 enum class Instruction { // Provisioning commands @@ -60,6 +70,7 @@ enum ProvisionStatus { }; using ::android::hardware::keymaster::V4_0::ErrorCode; +using ::android::hardware::keymaster::V4_0::EcCurve; using ::android::hardware::keymaster::V4_0::HardwareAuthenticatorType; using ::android::hardware::keymaster::V4_0::HardwareAuthToken; using ::android::hardware::keymaster::V4_0::HmacSharingParameters; @@ -77,6 +88,7 @@ using se_transport::TransportFactory; static sp sbKeymaster; static TransportFactory *pTransportFactory; +Json::Value root; constexpr char hex_value[256] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // @@ -95,9 +107,9 @@ constexpr char hex_value[256] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; -std::string hex2str(const uint8_t* a, size_t len) { +std::string hex2str(std::string a) { std::string b; - size_t num = len / 2; + size_t num = a.size() / 2; b.resize(num); for (size_t i = 0; i < num; i++) { b[i] = (hex_value[a[i * 2] & 0xFF] << 4) + (hex_value[a[i * 2 + 1] & 0xFF]); @@ -110,9 +122,103 @@ static ErrorCode constructApduMessage(Instruction& ins, std::vector& in extendedOutput); static ErrorCode sendProvisionData(Instruction ins, std::vector& inData, std::vector& response, bool extendedOutput); -static Tag mapAttestKeyToAttestTag(const char* key); +static Tag mapAttestKeyToAttestTag(std::string key); +bool parseJsonFile(const char* filename); +static bool readDataFromFile(const char *filename, std::vector& data) { + FILE *fp; + bool ret = true; + fp = fopen(filename, "rb"); + if(fp == NULL) { + printf("\nFailed to open file: \n"); + return false; + } + fseek(fp, 0L, SEEK_END); + long int filesize = ftell(fp); + rewind(fp); + std::unique_ptr buf(new uint8_t[filesize]); + if( 0 == fread(buf.get(), filesize, 1, fp)) { + printf("\n No content in the file \n"); + ret = false; + } + if(true == ret) { + data.insert(data.end(), buf.get(), buf.get() + filesize); + } + fclose(fp); + return ret; +} + +static inline X509* parseDerCertificate(std::vector& certData) { + X509 *x509 = NULL; + /* Create BIO instance from certificate data */ + BIO *bio = BIO_new_mem_buf(certData.data(), certData.size()); + if(bio == NULL) { + LOG(ERROR) << " Failed to create BIO from buffer."; + return NULL; + } + /* Create X509 instance from BIO */ + x509 = d2i_X509_bio(bio, NULL); + if(x509 == NULL) { + LOG(ERROR) << " Failed to get X509 instance from BIO."; + return NULL; + } + BIO_free(bio); + return x509; +} + +static inline void getDerSubjectName(X509* x509, std::vector& subject) { + uint8_t *subjectDer = NULL; + X509_NAME* asn1Subject = X509_get_subject_name(x509); + if(asn1Subject == NULL) { + LOG(ERROR) << " Failed to read the subject."; + return; + } + /* Convert X509_NAME to der encoded subject */ + int len = i2d_X509_NAME(asn1Subject, &subjectDer); + if (len < 0) { + LOG(ERROR) << " Failed to get readable name from X509_NAME."; + return; + } + subject.insert(subject.begin(), subjectDer, subjectDer+len); +} + +static inline void getAuthorityKeyIdentifier(X509* x509, std::vector& authKeyId) { + long xlen; + int tag, xclass; + + int loc = X509_get_ext_by_NID(x509, NID_authority_key_identifier, -1); + X509_EXTENSION *ext = X509_get_ext(x509, loc); + if(ext == NULL) { + LOG(ERROR) << " Failed to read authority key identifier."; + return; + } + + ASN1_OCTET_STRING *asn1AuthKeyId = X509_EXTENSION_get_data(ext); + const uint8_t *strAuthKeyId = ASN1_STRING_get0_data(asn1AuthKeyId); + int strAuthKeyIdLen = ASN1_STRING_length(asn1AuthKeyId); + int ret = ASN1_get_object(&strAuthKeyId, &xlen, &tag, &xclass, strAuthKeyIdLen); + if (ret == 0x80 || strAuthKeyId == NULL) { + LOG(ERROR) << "Failed to get the auth key identifier from ASN1 sequence."; + return; + } + authKeyId.insert(authKeyId.begin(), strAuthKeyId, strAuthKeyId + xlen); +} + +static inline void getNotAfter(X509* x509, std::vector& notAfterDate) { + const ASN1_TIME* notAfter = X509_get0_notAfter(x509); + if(notAfter == NULL) { + LOG(ERROR) << " Failed to read expiry time."; + return; + } + int strNotAfterLen = ASN1_STRING_length(notAfter); + const uint8_t *strNotAfter = ASN1_STRING_get0_data(notAfter); + if(strNotAfter == NULL) { + LOG(ERROR) << " Failed to read expiry time from ASN1 string."; + return; + } + notAfterDate.insert(notAfterDate.begin(), strNotAfter, strNotAfter + strNotAfterLen); +} static inline uint16_t getStatus(std::vector& inputData) { //Last two bytes are the status SW0SW1 @@ -128,10 +234,8 @@ static inline TransportFactory* getTransportFactoryInstance() { return pTransportFactory; } -static Tag mapAttestKeyToAttestTag(const char* key) { - //keymaster_tag_t tag = KM_TAG_INVALID; +static Tag mapAttestKeyToAttestTag(std::string keyStr) { Tag tag = Tag::INVALID; - std::string keyStr(key); if (0 == keyStr.compare("brand")) { tag = Tag::ATTESTATION_ID_BRAND; @@ -218,115 +322,205 @@ extendedOutput=false) { } void usage() { - printf("Usage:\n"); - printf("provision --attest_ids --shared_secret <32 bytes secret> --set_boot_params --lock_provision" - "--provision_status\n"); - printf("\n\n"); - printf("Options:\n"); + printf("Usage: provision_tool [options]\n"); + printf("Valid options are:\n"); printf("-h, --help show this help message and exit.\n"); - printf("-a, --attest_ids FILE \n"); - printf("\t Syntax for attest_ids inside the file:\n"); - printf("\t brand=Google\n"); - printf("\t device=Pixel 3A\n"); - printf("\t product=Pixel\n"); - printf("\t serial=UGYJFDjFeRuBEH\n"); - printf("\t imei=987080543071019\n"); - printf("\t meid=27863510227963\n"); - printf("\t manufacturer=Foxconn\n"); - printf("\t model=HD1121\n"); - printf("-s, --shared_secret <32 bytes secret> \n"); - //TODO include set_boot_params - printf("\t The value of shared secret should be a 32 bytes in HEX\n"); - printf("-p, --provision_status Prints the provision status.\n"); - printf("-l, --lock_provision Locks the provision commands.\n"); + printf("-a, --all jsonFile \t Executes all the provision commands \n"); + printf("-k, --attest_key jsonFile \t Provision attestation key \n"); + printf("-c, --cert_chain jsonFile \t Provision attestation certificate chain \n"); + printf("-p, --cert_params jsonFile \t Provision attestation certificate parameters \n"); + printf("-i, --attest_ids jsonFile \t Provision attestation IDs \n"); + printf("-r, --shared_secret jsonFile \t Provion shared secret \n"); + printf("-b, --set_boot_params jsonFile \t Provion boot parameters \n"); + printf("-s, --provision_status \t Prints the provision status.\n"); + printf("-l, --lock_provision \t Locks the provision commands.\n"); } -bool provisionAttestationIds(const char* filename) { - CborConverter cborConverter; - cppbor::Array array; - Instruction ins = Instruction::INS_PROVISION_ATTEST_IDS_CMD; - ErrorCode errorCode = ErrorCode::OK; - std::vector response; - FILE *fp; - char tempChar; - int tempIndex = 0; - uint8_t buf[BUFFER_MAX_LENGTH]; - bool ret = true; - fp = fopen(filename, "rb"); - - if(fp == NULL) { - std::cout << "Failed to open file: " << filename; - return false; - } - std::vector params; - KeyParameter parameter; - Tag tag; - while((tempChar = fgetc(fp))) { - if (tempChar == '\n' || tempChar == EOF) { - buf[tempIndex] = '\0'; - tempIndex = 0; - if(0 != strlen((const char*)buf)) { - std::vector blob(buf, buf + strlen((const char*)buf)); - parameter.blob = std::move(blob); - params.push_back(parameter); - } - parameter = KeyParameter(); - // Decide to break or continue - if(tempChar == EOF) +bool getBootParameterIntValue(Json::Value& bootParamsObj, const char* key, uint32_t *value) { + bool ret = false; + Json::Value val = bootParamsObj[key]; + if(val.empty()) + return ret; + + if(!val.isInt()) + return ret; + + *value = (uint32_t)val.asInt(); + + return true; +} + +bool getBootParameterBlobValue(Json::Value& bootParamsObj, const char* key, std::vector& blob) { + bool ret = false; + Json::Value val = bootParamsObj[key]; + if(val.empty()) + return ret; + + if(!val.isString()) + return ret; + + std::string blobStr = hex2str(val.asString()); + + for(char ch : blobStr) { + blob.push_back((uint8_t)ch); + } + + return true; +} + +bool setBootParameters(const char* filename) { + Json::Value bootParamsObj; + bool ret = false; + + if(!parseJsonFile(filename)) + return ret; + + bootParamsObj = root.get("set_boot_params", bootParamsObj); + if (!bootParamsObj.isNull()) { + cppbor::Array array; + ErrorCode errorCode = ErrorCode::OK; + std::vector apdu; + std::vector response; + Instruction ins = Instruction::INS_SET_BOOT_PARAMS_CMD; + uint32_t value; + std::vector blob; + + if(!getBootParameterIntValue(bootParamsObj, "os_version", &value)) { + printf("\n Invalid value for os_version or os_version tag missing\n"); + return ret; + } + array.add(value); + if(!getBootParameterIntValue(bootParamsObj, "os_patch_level", &value)) { + printf("\n Invalid value for os_patch_level or os_patch_level tag missing\n"); + return ret; + } + array.add(value); + if(!getBootParameterIntValue(bootParamsObj, "vendor_patch_level", &value)) { + printf("\n Invalid value for vendor_patch_level or vendor_patch_level tag missing\n"); + return ret; + } + array.add(value); + if(!getBootParameterIntValue(bootParamsObj, "boot_patch_level", &value)) { + printf("\n Invalid value for boot_patch_level or boot_patch_level tag missing\n"); + return ret; + } + array.add(value); + if(!getBootParameterBlobValue(bootParamsObj, "verified_boot_key", blob)) { + printf("\n Invalid value for verified_boot_key or verified_boot_key tag missing\n"); + return ret; + } + array.add(blob); + blob.clear(); + if(!getBootParameterBlobValue(bootParamsObj, "verified_boot_key_hash", blob)) { + printf("\n Invalid value for verified_boot_key_hash or verified_boot_key_hash tag missing\n"); + return ret; + } + array.add(blob); + blob.clear(); + if(!getBootParameterIntValue(bootParamsObj, "boot_state", &value)) { + printf("\n Invalid value for boot_state or boot_state tag missing\n"); + return ret; + } + array.add(value); + if(!getBootParameterIntValue(bootParamsObj, "device_locked", &value)) { + printf("\n Invalid value for device_locked or device_locked tag missing\n"); + return ret; + } + array.add(value); + + std::vector cborData = array.encode(); + + if(ErrorCode::OK != (errorCode = sendProvisionData(ins, cborData, response))) { + printf("\n Failed to set boot parameters errorCode:%d\n", errorCode); + return ret; + } + + } else { + return ret; + } + printf("\n SE successfully accepted boot paramters \n"); + return true; +} + +bool provisionAttestationIds(const char *filename) { + Json::Value attestIds; + bool ret = false; + + if(!parseJsonFile(filename)) + return ret; + + attestIds = root.get("attest_ids", attestIds); + if (!attestIds.isNull()) { + if (attestIds.size() != MAX_ATTEST_IDS_SIZE) { + return ret; + } + Json::Value value; + std::vector temp; + int i = 0; + std::vector params(attestIds.size()); + Json::Value::Members keys = attestIds.getMemberNames(); + Tag tag; + for(std::string key : keys) { + if(Tag::INVALID == (tag = mapAttestKeyToAttestTag(key))) { break; - else - continue; - - } else if (tempChar == '=') { - buf[tempIndex] = '\0'; - tempIndex = 0; - if(Tag::INVALID == (tag = mapAttestKeyToAttestTag((const char*)buf))) { - ret = false; - printf("\n Invalid TAG \n"); + } + value = attestIds[key]; + if(value.empty()) { break; } - parameter.tag = tag; - printf("Key: %s", buf); - continue; + params[i].tag = tag; + for(char ch : value.asString()) { + temp.push_back((uint8_t)ch); + } + params[i].blob.resize(temp.size()); + params[i].blob = temp; + temp.clear(); + i++; } - buf[tempIndex++] = tempChar; - } - fclose(fp); - if(!ret) - return ret; - hidl_vec attestParams(params); + if(i != MAX_ATTEST_IDS_SIZE) + return ret; - //Encode input data into CBOR. - cborConverter.addKeyparameters(array, attestParams); - std::vector cborData = array.encode(); + CborConverter cborConverter; + cppbor::Array array; + Instruction ins = Instruction::INS_PROVISION_ATTEST_IDS_CMD; + ErrorCode errorCode = ErrorCode::OK; + std::vector response; + hidl_vec attestParams(params); - if(ErrorCode::OK != (errorCode = sendProvisionData(ins, cborData, response))) { - ret = false; - printf("\n Failed to provision attestation ids error: %d\n", uint32_t(errorCode)); + //Encode input data into CBOR. + cborConverter.addKeyparameters(array, attestParams); + std::vector cborData = array.encode(); + + if(ErrorCode::OK != (errorCode = sendProvisionData(ins, cborData, response))) { + printf("\n Failed to provision attestation ids error: %d\n", uint32_t(errorCode)); + return ret; + } + } else { + return ret; } - return ret; + printf("\n provisioned attestation ids successfully \n"); + return true; } bool lockProvision() { - bool ret = true; + bool ret = false; cppbor::Array array; Instruction ins = Instruction::INS_LOCK_PROVISIONING_CMD; ErrorCode errorCode = ErrorCode::OK; std::vector cborData; std::vector response; - printf("\n lock provision\n"); - if(ErrorCode::OK != (errorCode = sendProvisionData(ins, cborData, response))) { - ret = false; printf("\n Failed to lock provisioning error: %d\n", uint32_t(errorCode)); + return ret; } - return ret; + printf("\n Successfully locked provisioning process. Now SE doesn't accept any further provision commands. \n"); + return true; } bool getProvisionStatus() { - bool ret = true; + bool ret = false; CborConverter cborConverter; cppbor::Array array; Instruction ins = Instruction::INS_GET_PROVISION_STATUS_CMD; @@ -334,12 +528,10 @@ bool getProvisionStatus() { std::vector cborData; std::vector response; std::unique_ptr item; - printf("\nget provision sttus\n"); - if(ErrorCode::OK != (errorCode = sendProvisionData(ins, cborData, response))) { - ret = false; printf("\n Failed to get provision status error: %d\n", uint32_t(errorCode)); + return ret; } std::tie(item, errorCode) = cborConverter.decodeData(std::vector(response.begin(), response.end()-2), true); @@ -347,53 +539,287 @@ bool getProvisionStatus() { uint64_t status; if(!cborConverter.getUint64(item, 1, status)) { - ret = false; printf("\n Failed to get the status value \n"); + return ret; } else { - printf("\n Current provision status: %ld", status); + printf("\nCurrent provision status: %ld\n", status); } + } else { + return ret; } - return ret; + return true; } -bool provisionSharedSecret(const uint8_t* secret) { - bool ret = true; - cppbor::Array array; - Instruction ins = Instruction::INS_PROVISION_SHARED_SECRET_CMD; - ErrorCode errorCode = ErrorCode::OK; - std::vector response; - std::string str = hex2str(secret, strlen((const char*)secret)); - //Length of the secret should be 32 bytes. - if(32 != str.length()) { +bool provisionSharedSecret(const char* filename) { + Json::Value sharedSecret; + bool ret = false; + + if(!parseJsonFile(filename)) + return ret; + + sharedSecret = root.get("shared_secret", sharedSecret); + if (!sharedSecret.isNull()) { + cppbor::Array array; + Instruction ins = Instruction::INS_PROVISION_SHARED_SECRET_CMD; + ErrorCode errorCode = ErrorCode::OK; + std::vector response; + std::string str = sharedSecret.asString(); + std::string secret = hex2str(str); + + //Length of the secret should be 32 bytes. + if(SHARED_SECRET_SIZE != secret.size()) { + return ret; + } + std::vector input(secret.data(), secret.data() + secret.length()); + + //Encode input data into CBOR. + array.add(input); + std::vector cborData = array.encode(); + + if(ErrorCode::OK != (errorCode = sendProvisionData(ins, cborData, response))) { + printf("\n Failed to provision shared secret error: %d\n", uint32_t(errorCode)); + return ret; + } + } else { + return ret; + } + printf("\n Provisioned shared secret successfully \n"); + return true; +} + +static bool provisionAttestationKey(const char* filename) { + Json::Value keyFile; + bool ret = false; + + if(!parseJsonFile(filename)) + return ret; + + keyFile = root.get("attest_key", keyFile); + if (!keyFile.isNull()) { + ErrorCode errorCode = ErrorCode::OK; + CborConverter cborConverter; + cppbor::Array array; + cppbor::Array subArray; + std::vector data; + std::vector privKey; + std::vector pubKey; + Instruction ins = Instruction::INS_PROVISION_ATTESTATION_KEY_CMD; + EcCurve curve; + std::vector response; + + std::string keyFileName = keyFile.asString(); + if(!readDataFromFile(keyFileName.data(), data)) { + printf("\n Failed to read the Root ec key\n"); + return ret; + } + keymaster::AuthorizationSet authSetKeyParams(keymaster::AuthorizationSetBuilder() + .Authorization(keymaster::TAG_ALGORITHM, KM_ALGORITHM_EC) + .Authorization(keymaster::TAG_DIGEST, KM_DIGEST_SHA_2_256) + .Authorization(keymaster::TAG_EC_CURVE, KM_EC_CURVE_P_256) + .Authorization(keymaster::TAG_PURPOSE, static_cast(0x7F))); /* The value 0x7F is not present in types.hal */ + // Read the ECKey from the file. + hidl_vec keyParams = keymaster::V4_1::javacard::kmParamSet2Hidl(authSetKeyParams); + + if(ErrorCode::OK != (errorCode = keymaster::V4_1::javacard::ecRawKeyFromPKCS8(data, privKey, pubKey, curve))) { + printf("\n Failed to convert PKCS8 to RAW key\n"); + return ret; + } + subArray.add(privKey); + subArray.add(pubKey); + std::vector encodedArray = subArray.encode(); + cppbor::Bstr bstr(encodedArray.begin(), encodedArray.end()); + + //Encode data. + cborConverter.addKeyparameters(array, keyParams); + array.add(static_cast(KeyFormat::RAW)); + array.add(bstr); + + std::vector cborData = array.encode(); + + if(ErrorCode::OK != (errorCode = sendProvisionData(ins, cborData, response))) { + printf("\n Failed to provision attestation key\n"); + return ret; + } + } else { + return ret; + } + printf("\n Provisioned attestation key successfully\n"); + return true; +} + +bool provisionAttestationCertificateChain(const char* filename) { + Json::Value certChainFile; + bool ret = false; + + if(!parseJsonFile(filename)) + return ret; + + certChainFile = root.get("attest_cert_chain", certChainFile); + if (!certChainFile.isNull()) { + ErrorCode errorCode = ErrorCode::OK; + cppbor::Array array; + Instruction ins = Instruction::INS_PROVISION_CERT_CHAIN_CMD; + std::vector response; + + std::vector certData; + std::string strCertChain = certChainFile.asString(); + /* Read the Root certificate */ + if(!readDataFromFile(strCertChain.data(), certData)) { + printf("\n Failed to read the Root certificate\n"); + return ret; + } + cppbor::Bstr certChain(certData.begin(), certData.end()); + std::vector cborData = certChain.encode(); + + if(ErrorCode::OK != (errorCode = sendProvisionData(ins, cborData, response))) { + printf("\n Failed to provision cert chain errorCode:%d\n", static_cast(errorCode)); + return ret; + } + } else { + return ret; + } + printf("\n Provisioned attestation certificate chain successfully\n"); + return true; +} + +bool provisionAttestationCertificateParams(const char* filename) { + Json::Value certChainFile; + bool ret = false; + + if(!parseJsonFile(filename)) + return ret; + + certChainFile = root.get("attest_cert_chain", certChainFile); + if (!certChainFile.isNull()) { + ErrorCode errorCode = ErrorCode::OK; + cppbor::Array array; + Instruction ins = Instruction::INS_PROVISION_CERT_PARAMS_CMD; + std::vector response; + X509 *x509 = NULL; + std::vector subject; + std::vector authorityKeyIdentifier; + std::vector notAfter; + std::vector certData; + std::vector> certChain; + + + std::string strCertChain = certChainFile.asString(); + /* Read the Root certificate */ + if(!readDataFromFile(strCertChain.data(), certData)) { + printf("\n Failed to read the Root certificate\n"); + return ret; + } + + // Get first certificate from chain of certificates. + if(ErrorCode::OK != (errorCode =keymaster::V4_1::javacard::getCertificateChain(certData, certChain))) { + printf("\n Failed to parse the certificate chain \n"); + return ret; + } + + if(certChain.size() == 0) { + printf("\n Length of the certificate chain is 0\n"); + return ret; + } + + + /* Subject, AuthorityKeyIdentifier and Expirty time of the root certificate are required by javacard. */ + /* Get X509 certificate instance for the root certificate.*/ + if(NULL == (x509 = parseDerCertificate(certChain[0]))) { + printf("\n Failed to parse the DER certificate \n"); + return ret; + } + + /* Get subject in DER */ + getDerSubjectName(x509, subject); + /* Get AuthorityKeyIdentifier */ + getAuthorityKeyIdentifier(x509, authorityKeyIdentifier); + /* Get Expirty Time */ + getNotAfter(x509, notAfter); + /*Free X509 */ + X509_free(x509); + + array.add(subject); + array.add(notAfter); + array.add(authorityKeyIdentifier); + std::vector cborData = array.encode(); + + if(ErrorCode::OK != (errorCode = sendProvisionData(ins, cborData, response))) { + printf("\n Failed to provision cert params errorCode:%d\n", static_cast(errorCode)); + return ret; + } + } else { + return ret; + } + printf("\n Provisioned attestation certificate parameters successfully\n"); + return true; +} + +bool provision(const char* filename) { + + if(!provisionAttestationKey(filename)) { + printf("\n Failed to provision attestation Key\n"); + return false; + } + if(!provisionAttestationCertificateChain(filename)) { + printf("\n Failed to provision certificate chain\n"); + return false; + } + if(!provisionAttestationCertificateParams(filename)) { + printf("\n Failed to provision certificate paramters\n"); return false; } - std::vector input(str.data(), str.data() + str.length()); + if(!provisionSharedSecret(filename)) { + printf("\n Failed to provision shared secret\n"); + return false; + } + if(!provisionAttestationIds(filename)) { + printf("\n Failed to provision attestation ids\n"); + return false; + } + if(!setBootParameters(filename)) { + printf("\n Failed to set boot parameters\n"); + return false; + } + return true; +} - //Encode input data into CBOR. - array.add(input); - std::vector cborData = array.encode(); +bool parseJsonFile(const char* filename) { + std::stringstream buffer; + Json::Reader jsonReader; - if(ErrorCode::OK != (errorCode = sendProvisionData(ins, cborData, response))) { - ret = false; - printf("\n Failed to provision shared secret error: %d\n", uint32_t(errorCode)); + if(!root.empty()) { + printf("\n Already parsed \n"); + return true; + } + std::ifstream stream(filename); + buffer << stream.rdbuf(); + if(jsonReader.parse(buffer.str(), root)) { + printf("\n Parsed json file successfully\n"); + return true; + } else { + printf("\n Failed to parse json file\n"); + return false; } - return ret; } int main(int argc, char* argv[]) { int c; struct option longOpts[] = { - {"attest_ids", required_argument, NULL, 'a'}, - {"shared_secret", required_argument, NULL, 's'}, + {"all", required_argument, NULL, 'a'}, + {"attest_key", required_argument, NULL, 'k'}, + {"cert_chain", required_argument, NULL, 'c'}, + {"cert_params", required_argument, NULL,'p'}, + {"attest_ids", required_argument, NULL, 'i'}, + {"shared_secret", required_argument, NULL, 'r'}, {"set_boot_params", required_argument, NULL, 'b'}, - {"provision_status", no_argument, NULL, 'p'}, + {"provision_status", no_argument, NULL, 's'}, {"lock_provision", no_argument, NULL, 'l'}, {"help", no_argument, NULL, 'h'}, {0,0,0,0} }; - sbKeymaster = IKeymasterDevice::getService(SB_KEYMASTER_SERVICE); + sbKeymaster = IKeymasterDevice::getService(SB_KEYMASTER_SERVICE); if(NULL == sbKeymaster) { printf("\n Failed to get StrongBox Keymaster service\n"); exit(0); @@ -410,16 +836,35 @@ int main(int argc, char* argv[]) } /* getopt_long stores the option index here. */ - while ((c = getopt_long(argc, argv, ":plha:s:", longOpts, NULL)) != -1) { + while ((c = getopt_long(argc, argv, ":slha:k:c:p:i:r:b:", longOpts, NULL)) != -1) { switch(c) { - case 'a': - printf("\n attest_ids filename:%s\n", optarg); + case 'a': + //all + provision(optarg); + break; + case 'k': + //attest key + provisionAttestationKey(optarg); + break; + case 'c': + //attest certchain + provisionAttestationCertificateChain(optarg); + break; + case 'p': + //attest cert params + provisionAttestationCertificateParams(optarg); + break; + case 'i': provisionAttestationIds(optarg); break; - case 's': - provisionSharedSecret((const uint8_t*)optarg); + case 'r': + provisionSharedSecret(optarg); break; - case 'p': + case 'b': + //set boot params + setBootParameters(optarg); + break; + case 's': getProvisionStatus(); break; case 'l': @@ -428,9 +873,6 @@ int main(int argc, char* argv[]) case 'h': usage(); break; - case 0: - printf("\n set 0\n"); - break; case ':': printf("\n missing argument\n"); usage(); diff --git a/HAL/keymaster/Android.bp b/HAL/keymaster/Android.bp index 0065f70c..c8ccb497 100644 --- a/HAL/keymaster/Android.bp +++ b/HAL/keymaster/Android.bp @@ -37,6 +37,7 @@ cc_binary { "libcppbor", "libjc_transport", "libcrypto", + "libjsoncpp", ], } diff --git a/HAL/keymaster/sample_json.txt b/HAL/keymaster/sample_json.txt new file mode 100644 index 00000000..b65164aa --- /dev/null +++ b/HAL/keymaster/sample_json.txt @@ -0,0 +1,25 @@ +{ + "attest_ids": { + "brand": "Google", + "device": "Pixel 3A", + "product": "Pixel", + "serial": "UGYJFDjFeRuBEH", + "imei": "987080543071019", + "meid": "27863510227963", + "manufacturer": "Foxconn", + "model": "HD1121" + }, + "shared_secret": "0000000000000000000000000000000000000000000000000000000000000000", + "set_boot_params": { + "os_version": 100, + "os_patch_level": 100, + "vendor_patch_level": 0, + "boot_patch_level": 0, + "verified_boot_key": "0000000000000000000000000000000000000000000000000000000000000000", + "verified_boot_key_hash": "0000000000000000000000000000000000000000000000000000000000000000", + "boot_state": 0, + "device_locked": 0 + }, + "attest_key": "/data/data/ec_key.der", + "attest_cert_chain": "/data/data/ec_cert_chain.der" +} From 4721737febbf89cd4f36ce45eb720644cfb20152 Mon Sep 17 00:00:00 2001 From: BKSSM Venkateswarlu Date: Wed, 9 Dec 2020 23:04:04 +0000 Subject: [PATCH 016/169] Clear the certificate chain persisted in memory whenever provisionCertificateChain command gets called multiple times. --- .../android/javacard/keymaster/KMAndroidSEProvider.java | 7 +++++++ .../com/android/javacard/keymaster/KMJCardSimulator.java | 7 +++++++ .../com/android/javacard/keymaster/KMKeymasterApplet.java | 5 +++++ .../src/com/android/javacard/keymaster/KMSEProvider.java | 5 +++++ 4 files changed, 24 insertions(+) diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java index 9d9812c1..aba38934 100644 --- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java +++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java @@ -1137,6 +1137,13 @@ public short cmacKdf(byte[] keyMaterial, short keyMaterialStart, return key.getKey(keyBuf, keyStart); } + @Override + public void clearCertificateChain() { + JCSystem.beginTransaction(); + Util.arrayFillNonAtomic(certificateChain, (short)0, CERT_CHAIN_MAX_SIZE, (byte) 0); + JCSystem.commitTransaction(); + } + //This function supports multi-part request data. @Override public void persistPartialCertificateChain(byte[] buf, short offset, short len, short totalLen) { diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java index 70311e51..9c9e71c6 100644 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java +++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java @@ -1252,6 +1252,13 @@ public short ecSign256(byte[] secret, short secretStart, short secretLength, outputDataBuf, outputDataStart); } + @Override + public void clearCertificateChain() { + JCSystem.beginTransaction(); + Util.arrayFillNonAtomic(certificateChain, (short)0, CERT_CHAIN_MAX_SIZE, (byte) 0); + JCSystem.commitTransaction(); + } + @Override public void persistPartialCertificateChain(byte[] buf, short offset, short len, short totalLen) { diff --git a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java index c0a55751..d9691a1e 100644 --- a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java +++ b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java @@ -644,6 +644,11 @@ private void processProvisionAttestationCertParams(APDU apdu) { } private void processProvisionAttestationCertChainCmd(APDU apdu) { + tmpVariables[0] = seProvider.getCertificateChainLength(); + if (tmpVariables[0] != 0) { + //Clear the previous certificate chain. + seProvider.clearCertificateChain(); + } byte[] srcBuffer = apdu.getBuffer(); short recvLen = apdu.setIncomingAndReceive(); short srcOffset = apdu.getOffsetCdata(); diff --git a/Applet/src/com/android/javacard/keymaster/KMSEProvider.java b/Applet/src/com/android/javacard/keymaster/KMSEProvider.java index b3e9c266..81b35db2 100644 --- a/Applet/src/com/android/javacard/keymaster/KMSEProvider.java +++ b/Applet/src/com/android/javacard/keymaster/KMSEProvider.java @@ -441,6 +441,11 @@ KMOperation initAsymmetricOperation( */ public void persistPartialCertificateChain(byte[] buf, short offset, short len, short totalLen); + /** + * This operation clears the certificate chain from persistent memory. + */ + public void clearCertificateChain(); + /** * The operation reads the certificate chain from persistent memory. * From 107807ae47a00f038a5ddd78f1882253386d3b0a Mon Sep 17 00:00:00 2001 From: BKSSM Venkateswarlu Date: Tue, 12 Jan 2021 22:42:34 +0530 Subject: [PATCH 017/169] HAL fixes shared by NXP team. --- .../4.1/JavacardKeymaster4Device.cpp | 104 +++++++++--------- .../4.1/JavacardOperationContext.cpp | 17 ++- HAL/keymaster/Android.bp | 5 + 3 files changed, 73 insertions(+), 53 deletions(-) diff --git a/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp b/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp index 23583024..71350e9b 100644 --- a/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp +++ b/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp @@ -304,14 +304,10 @@ Return JavacardKeymaster4Device::getHardwareInfo(getHardwareInfo_cb _hidl_ hidl_string jcKeymasterAuthor; ErrorCode ret = sendData(Instruction::INS_GET_HW_INFO_CMD, input, resp); - if(ret != ErrorCode::OK) { - //Socket not connected. - _hidl_cb(SecurityLevel::STRONGBOX, JAVACARD_KEYMASTER_NAME, JAVACARD_KEYMASTER_AUTHOR); - return Void(); - } else { + if (ret == ErrorCode::OK) { //Skip last 2 bytes in cborData, it contains status. std::tie(item, ret) = cborConverter_.decodeData(std::vector(resp.begin(), resp.end()-2), - true); + false); if (item != nullptr) { std::vector temp; if(!cborConverter_.getUint64(item, 0, securityLevel) || @@ -324,29 +320,23 @@ Return JavacardKeymaster4Device::getHardwareInfo(getHardwareInfo_cb _hidl_ _hidl_cb(static_cast(securityLevel), jcKeymasterName, jcKeymasterAuthor); return Void(); } +#ifdef TRANSCEIVE_VIA_SOCKET + else { + //TODO Should we throw fatal error here.? + _hidl_cb(SecurityLevel::STRONGBOX, JAVACARD_KEYMASTER_NAME, JAVACARD_KEYMASTER_AUTHOR); + return Void(); + } +#endif } Return JavacardKeymaster4Device::getHmacSharingParameters(getHmacSharingParameters_cb _hidl_cb) { - /* TODO temporary fix: vold daemon calls performHmacKeyAgreement. At that time when vold calls this API there is no - * network connectivity and socket cannot be connected. So as a hack we are calling softkeymaster to getHmacSharing - * parameters. - */ std::vector cborData; std::vector input; std::unique_ptr item; HmacSharingParameters hmacSharingParameters; ErrorCode errorCode = ErrorCode::UNKNOWN_ERROR; errorCode = sendData(Instruction::INS_GET_HMAC_SHARING_PARAM_CMD, input, cborData); - if(errorCode != ErrorCode::OK) { - auto response = softKm_->GetHmacSharingParameters(); - ::android::hardware::keymaster::V4_0::HmacSharingParameters params; - params.seed.setToExternal(const_cast(response.params.seed.data), - response.params.seed.data_length); - static_assert(sizeof(response.params.nonce) == params.nonce.size(), "Nonce sizes don't match"); - memcpy(params.nonce.data(), response.params.nonce, params.nonce.size()); - _hidl_cb(legacy_enum_conversion(response.error), params); - return Void(); - } else { + if (ErrorCode::OK == errorCode) { //Skip last 2 bytes in cborData, it contains status. std::tie(item, errorCode) = cborConverter_.decodeData(std::vector(cborData.begin(), cborData.end()-2), true); @@ -355,16 +345,26 @@ Return JavacardKeymaster4Device::getHmacSharingParameters(getHmacSharingPa errorCode = ErrorCode::UNKNOWN_ERROR; } } - _hidl_cb(errorCode, hmacSharingParameters); - return Void(); } +#ifdef TRANSCEIVE_VIA_SOCKET + /* TODO temporary fix: vold daemon calls performHmacKeyAgreement. At that time when vold calls this API there is no + * network connectivity and socket cannot be connected. So as a hack we are calling softkeymaster to getHmacSharing + * parameters. + */ + else { + auto response = softKm_->GetHmacSharingParameters(); + hmacSharingParameters.seed.setToExternal(const_cast(response.params.seed.data), + response.params.seed.data_length); + static_assert(sizeof(response.params.nonce) == hmacSharingParameters.nonce.size(), "Nonce sizes don't match"); + memcpy(hmacSharingParameters.nonce.data(), response.params.nonce, hmacSharingParameters.nonce.size()); + errorCode = legacy_enum_conversion(response.error); + } +#endif + _hidl_cb(errorCode, hmacSharingParameters); + return Void(); } Return JavacardKeymaster4Device::computeSharedHmac(const hidl_vec& params, computeSharedHmac_cb _hidl_cb) { - /* TODO temporary fix: vold daemon calls performHmacKeyAgreement. At that time when vold calls this API there is no - * network connectivity and socket cannot be connected. So as a hack we are calling softkeymaster to - * computeSharedHmac. - */ cppbor::Array array; std::unique_ptr item; std::vector cborOutData; @@ -387,7 +387,25 @@ Return JavacardKeymaster4Device::computeSharedHmac(const hidl_vec cborData = array.encode(); errorCode = sendData(Instruction::INS_COMPUTE_SHARED_HMAC_CMD, cborData, cborOutData); - if(errorCode != ErrorCode::OK) { + if (ErrorCode::OK == errorCode) { + //Skip last 2 bytes in cborData, it contains status. + std::tie(item, errorCode) = cborConverter_.decodeData(std::vector(cborOutData.begin(), cborOutData.end()-2), + true); + if (item != nullptr) { + std::vector bstr; + if(!cborConverter_.getBinaryArray(item, 1, bstr)) { + errorCode = ErrorCode::UNKNOWN_ERROR; + } else { + sharingCheck = bstr; + } + } + } +#ifdef TRANSCEIVE_VIA_SOCKET + /* TODO temporary fix: vold daemon calls performHmacKeyAgreement. At that time when vold calls this API there is no + * network connectivity and socket cannot be connected. So as a hack we are calling softkeymaster to + * computeSharedHmac. + */ + else { ComputeSharedHmacRequest request; request.params_array.params_array = new keymaster::HmacSharingParameters[params.size()]; request.params_array.num_params = params.size(); @@ -401,29 +419,13 @@ Return JavacardKeymaster4Device::computeSharedHmac(const hidl_vecComputeSharedHmac(request); - hidl_vec sharing_check; - if (response.error == KM_ERROR_OK) sharing_check = kmBlob2hidlVec(response.sharing_check); - - _hidl_cb(legacy_enum_conversion(response.error), sharing_check); - return Void(); - - } else { - //Skip last 2 bytes in cborData, it contains status. - std::tie(item, errorCode) = cborConverter_.decodeData(std::vector(cborOutData.begin(), cborOutData.end()-2), - true); - if (item != nullptr) { - std::vector bstr; - if(!cborConverter_.getBinaryArray(item, 1, bstr)) { - errorCode = ErrorCode::UNKNOWN_ERROR; - } else { - sharingCheck = bstr; - } - } - _hidl_cb(errorCode, sharingCheck); - return Void(); + if (response.error == KM_ERROR_OK) sharingCheck = kmBlob2hidlVec(response.sharing_check); + errorCode = legacy_enum_conversion(response.error); } - -} +#endif + _hidl_cb(errorCode, sharingCheck); + return Void(); + } Return JavacardKeymaster4Device::verifyAuthorization(uint64_t , const hidl_vec& , const HardwareAuthToken& , verifyAuthorization_cb _hidl_cb) { VerificationToken verificationToken; @@ -1061,8 +1063,10 @@ Return JavacardKeymaster4Device::finish(uint64_t operationHandle, const hi sendDataCallback))) { output = tempOut; } + if (ErrorCode::OK != errorCode) { + abort(operationHandle); + } } - abort(operationHandle); _hidl_cb(errorCode, outParams, output); return Void(); } diff --git a/HAL/keymaster/4.1/JavacardOperationContext.cpp b/HAL/keymaster/4.1/JavacardOperationContext.cpp index 457a6d87..1872f75b 100644 --- a/HAL/keymaster/4.1/JavacardOperationContext.cpp +++ b/HAL/keymaster/4.1/JavacardOperationContext.cpp @@ -183,9 +183,18 @@ ErrorCode OperationContext::finish(uint64_t operHandle, const std::vector newInput(first, end); - if(ErrorCode::OK != (errorCode = handleInternalUpdate(operHandle, newInput.data(), newInput.size(), - Operation::Update, cb))) { - return errorCode; + if(extraData == 0 && (i == noOfChunks - 1)) { + //Last chunk + if(ErrorCode::OK != (errorCode = handleInternalUpdate(operHandle, newInput.data(), newInput.size(), + Operation::Finish, cb, true))) { + return errorCode; + } + + } else { + if(ErrorCode::OK != (errorCode = handleInternalUpdate(operHandle, newInput.data(), newInput.size(), + Operation::Update, cb))) { + return errorCode; + } } } if(extraData > 0) { @@ -217,6 +226,8 @@ ErrorCode OperationContext::getBlockAlignedData(uint64_t operHandle, uint8_t* in blockSize = AES_BLOCK_SIZE; } else if(Algorithm::TRIPLE_DES == operationTable[operHandle].info.alg) { blockSize = DES_BLOCK_SIZE; + } else { + return ErrorCode::INCOMPATIBLE_ALGORITHM; } if(opr == Operation::Finish) { diff --git a/HAL/keymaster/Android.bp b/HAL/keymaster/Android.bp index 8b34023d..eb4fa49c 100644 --- a/HAL/keymaster/Android.bp +++ b/HAL/keymaster/Android.bp @@ -49,6 +49,11 @@ cc_binary { "libjc_transport", "libcrypto", ], + product_variables: { + debuggable: { + cflags: ["-DTRANSCEIVE_VIA_SOCKET"] + } + } } cc_library { From 61fbb90d7109e488f77cd11ed846fd355c871ca6 Mon Sep 17 00:00:00 2001 From: BKSSM Venkateswarlu Date: Wed, 13 Jan 2021 23:14:09 +0530 Subject: [PATCH 018/169] Create operation handle map in HAL to differentiate between public and strongbox operations in update, finish and abort operations. --- .../4.1/JavacardKeymaster4Device.cpp | 169 ++++++++++++++---- 1 file changed, 134 insertions(+), 35 deletions(-) diff --git a/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp b/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp index 71350e9b..ab8ee0ed 100644 --- a/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp +++ b/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp @@ -49,6 +49,9 @@ #define INS_BEGIN_KM_CMD 0x00 #define INS_END_KM_PROVISION_CMD 0x20 #define INS_END_KM_CMD 0x7F +#define MAX_COUNTER_VALUE 25 +#define SW_KM_OPR 0UL +#define SB_KM_OPR 1UL namespace keymaster { namespace V4_1 { @@ -56,6 +59,7 @@ namespace javacard { static std::unique_ptr pTransportFactory = nullptr; constexpr size_t kOperationTableSize = 4; +std::map operationTable; struct KM_AUTH_LIST_Delete { void operator()(KM_AUTH_LIST* p) { KM_AUTH_LIST_free(p); } @@ -116,6 +120,63 @@ static inline bool getTag(const hidl_vec& params, Tag tag, KeyPara return false; } +static ErrorCode generateOperationHandle(uint64_t& oprHandle) { + std::map::iterator it; + //Check if oprHandleCnt is present in operationTable + uint64_t cnt = 1; + uint64_t mask; + for(; cnt < MAX_COUNTER_VALUE; cnt++) { + mask = cnt | (SB_KM_OPR << 56); + it = operationTable.find(mask); + if (it == operationTable.end()) { + //NO HW Operation found with this operation handle. + //Check for SW. + mask = cnt | (SW_KM_OPR << 56); + it = operationTable.find(mask); + if (it != operationTable.end()) + continue; + else + break; + } else { + continue; + } + } + if (cnt == MAX_COUNTER_VALUE) { + LOG(ERROR) << "generateOperationHandle TOO_MANY_OPERATIONS"; + return ErrorCode::TOO_MANY_OPERATIONS; + } + oprHandle = cnt; + return ErrorCode::OK; +} + +static ErrorCode createOprHandleEntry(uint64_t origOprHandle, uint64_t mask/* SW or HW */, uint64_t& generatedOprHandle) { + ErrorCode errorCode = ErrorCode::OK; + if (ErrorCode::OK != (errorCode = generateOperationHandle(generatedOprHandle))) { + return errorCode; + } + //mask the operationhandle + generatedOprHandle |= (mask << 56); + operationTable[generatedOprHandle] = origOprHandle; + return errorCode; +} + +static ErrorCode getOrigOperationHandle(uint64_t generatedOprHandle, uint64_t& origOprHandle) { + std::map::iterator it = operationTable.find(generatedOprHandle); + if (it == operationTable.end()) { + return ErrorCode::INVALID_OPERATION_HANDLE; + } + origOprHandle = it->second; + return ErrorCode::OK; +} + +static bool isStrongboxOperation(uint64_t generatedOprHandle) { + return (SB_KM_OPR == (generatedOprHandle >> 56)); +} + +static void deleteOprHandleEntry(uint64_t generatedOprHandle) { + operationTable.erase(generatedOprHandle); +} + ErrorCode encodeParametersVerified(const VerificationToken& verificationToken, std::vector& asn1ParamsVerified) { if (verificationToken.parametersVerified.size() > 0) { AuthorizationSet paramSet; @@ -793,12 +854,13 @@ Return JavacardKeymaster4Device::begin(KeyPurpose purpose, const hidl_vec< hidl_vec outParams; uint64_t operationHandle = 0; hidl_vec resultParams; + uint64_t generatedOpHandle = 0; if(keyBlob.size() == 0) { _hidl_cb(ErrorCode::INVALID_ARGUMENT, resultParams, operationHandle); return Void(); } - + /* Asymmetric public key operations are handled by softkeymaster. */ if (KeyPurpose::ENCRYPT == purpose || KeyPurpose::VERIFY == purpose) { BeginOperationRequest request; request.purpose = legacy_enum_conversion(purpose); @@ -806,13 +868,17 @@ Return JavacardKeymaster4Device::begin(KeyPurpose purpose, const hidl_vec< request.additional_params.Reinitialize(KmParamSet(inParams)); BeginOperationResponse response; + /* For Symmetric key operation, the BeginOperation returns KM_ERROR_INCOMPATIBLE_ALGORITHM error. */ softKm_->BeginOperation(request, &response); if (response.error == KM_ERROR_OK) { resultParams = kmParamSet2Hidl(response.output_params); } if (response.error != KM_ERROR_INCOMPATIBLE_ALGORITHM) { /*Incompatible algorithm could be handled by JavaCard*/ - _hidl_cb(legacy_enum_conversion(response.error), resultParams, response.op_handle); + errorCode = legacy_enum_conversion(response.error); + if (errorCode == ErrorCode::OK) + errorCode = createOprHandleEntry(response.op_handle, SW_KM_OPR, generatedOpHandle); + _hidl_cb(errorCode, resultParams, generatedOpHandle); return Void(); } } @@ -871,29 +937,40 @@ Return JavacardKeymaster4Device::begin(KeyPurpose purpose, const hidl_vec< } } } - _hidl_cb(errorCode, outParams, operationHandle); + if (ErrorCode::OK == errorCode) + errorCode = createOprHandleEntry(operationHandle, SB_KM_OPR, generatedOpHandle); + _hidl_cb(errorCode, outParams, generatedOpHandle); return Void(); } -Return JavacardKeymaster4Device::update(uint64_t operationHandle, const hidl_vec& inParams, const hidl_vec& input, const HardwareAuthToken& authToken, const VerificationToken& verificationToken, update_cb _hidl_cb) { +Return JavacardKeymaster4Device::update(uint64_t halGeneratedOprHandle, const hidl_vec& inParams, const hidl_vec& input, const HardwareAuthToken& authToken, const VerificationToken& verificationToken, update_cb _hidl_cb) { ErrorCode errorCode = ErrorCode::UNKNOWN_ERROR; - UpdateOperationRequest request; - request.op_handle = operationHandle; - request.input.Reinitialize(input.data(), input.size()); - request.additional_params.Reinitialize(KmParamSet(inParams)); - - UpdateOperationResponse response; - softKm_->UpdateOperation(request, &response); - uint32_t inputConsumed = 0; hidl_vec outParams; hidl_vec output; - errorCode = legacy_enum_conversion(response.error); - if (response.error == KM_ERROR_OK) { - inputConsumed = response.input_consumed; - outParams = kmParamSet2Hidl(response.output_params); - output = kmBuffer2hidlVec(response.output); - } else if(response.error == KM_ERROR_INVALID_OPERATION_HANDLE) { + uint64_t operationHandle; + UpdateOperationResponse response; + if (ErrorCode::OK != (errorCode = getOrigOperationHandle(halGeneratedOprHandle, operationHandle))) { + _hidl_cb(errorCode, inputConsumed, outParams, output); + return Void(); + } + + if (!isStrongboxOperation(halGeneratedOprHandle)) { + /* SW keymaster (Public key operation) */ + UpdateOperationRequest request; + request.op_handle = operationHandle; + request.input.Reinitialize(input.data(), input.size()); + request.additional_params.Reinitialize(KmParamSet(inParams)); + + softKm_->UpdateOperation(request, &response); + errorCode = legacy_enum_conversion(response.error); + if (response.error == KM_ERROR_OK) { + inputConsumed = response.input_consumed; + outParams = kmParamSet2Hidl(response.output_params); + output = kmBuffer2hidlVec(response.output); + } + } else { + /* Strongbox Keymaster operation */ std::vector tempOut; /* OperationContext calls this below sendDataCallback callback function. This callback * may be called multiple times if the input data is larger than MAX_ALLOWED_INPUT_SIZE. @@ -954,32 +1031,48 @@ Return JavacardKeymaster4Device::update(uint64_t operationHandle, const hi inputConsumed = input.size(); output = tempOut; } + if(ErrorCode::OK != errorCode) { + abort(operationHandle); + } } if(ErrorCode::OK != errorCode) { - abort(operationHandle); + deleteOprHandleEntry(halGeneratedOprHandle); } + _hidl_cb(errorCode, inputConsumed, outParams, output); return Void(); } -Return JavacardKeymaster4Device::finish(uint64_t operationHandle, const hidl_vec& inParams, const hidl_vec& input, const hidl_vec& signature, const HardwareAuthToken& authToken, const VerificationToken& verificationToken, finish_cb _hidl_cb) { +Return JavacardKeymaster4Device::finish(uint64_t halGeneratedOprHandle, const hidl_vec& inParams, const hidl_vec& input, const hidl_vec& signature, const HardwareAuthToken& authToken, const VerificationToken& verificationToken, finish_cb _hidl_cb) { ErrorCode errorCode = ErrorCode::UNKNOWN_ERROR; - FinishOperationRequest request; - request.op_handle = operationHandle; - request.input.Reinitialize(input.data(), input.size()); - request.signature.Reinitialize(signature.data(), signature.size()); - request.additional_params.Reinitialize(KmParamSet(inParams)); - - FinishOperationResponse response; - softKm_->FinishOperation(request, &response); - + uint64_t operationHandle; hidl_vec outParams; hidl_vec output; - errorCode = legacy_enum_conversion(response.error); - if (response.error == KM_ERROR_OK) { - outParams = kmParamSet2Hidl(response.output_params); - output = kmBuffer2hidlVec(response.output); - } else if (response.error == KM_ERROR_INVALID_OPERATION_HANDLE) { + FinishOperationResponse response; + + if (ErrorCode::OK != (errorCode = getOrigOperationHandle(halGeneratedOprHandle, operationHandle))) { + _hidl_cb(errorCode, outParams, output); + return Void(); + } + + if (!isStrongboxOperation(halGeneratedOprHandle)) { + /* SW keymaster (Public key operation) */ + FinishOperationRequest request; + request.op_handle = operationHandle; + request.input.Reinitialize(input.data(), input.size()); + request.signature.Reinitialize(signature.data(), signature.size()); + request.additional_params.Reinitialize(KmParamSet(inParams)); + + //FinishOperationResponse response; + softKm_->FinishOperation(request, &response); + + errorCode = legacy_enum_conversion(response.error); + if (response.error == KM_ERROR_OK) { + outParams = kmParamSet2Hidl(response.output_params); + output = kmBuffer2hidlVec(response.output); + } + } else { + /* Strongbox Keymaster operation */ std::vector tempOut; bool aadTag = false; /* OperationContext calls this below sendDataCallback callback function. This callback @@ -1067,12 +1160,17 @@ Return JavacardKeymaster4Device::finish(uint64_t operationHandle, const hi abort(operationHandle); } } + deleteOprHandleEntry(halGeneratedOprHandle); _hidl_cb(errorCode, outParams, output); return Void(); } -Return JavacardKeymaster4Device::abort(uint64_t operationHandle) { +Return JavacardKeymaster4Device::abort(uint64_t halGeneratedOprHandle) { ErrorCode errorCode = ErrorCode::UNKNOWN_ERROR; + uint64_t operationHandle; + if (ErrorCode::OK != (errorCode = getOrigOperationHandle(halGeneratedOprHandle, operationHandle))) { + return errorCode; + } AbortOperationRequest request; request.op_handle = operationHandle; @@ -1099,6 +1197,7 @@ Return JavacardKeymaster4Device::abort(uint64_t operationHandle) { } /* Delete the entry on this operationHandle */ oprCtx_->clearOperationData(operationHandle); + deleteOprHandleEntry(halGeneratedOprHandle); return errorCode; } From 1d243d97b0d91a02d6607f288126e458647f6671 Mon Sep 17 00:00:00 2001 From: BKSSM Venkateswarlu Date: Thu, 14 Jan 2021 00:44:08 +0530 Subject: [PATCH 019/169] Pass hal generated operation handle to abort() call from update and finish. --- HAL/keymaster/4.1/JavacardKeymaster4Device.cpp | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp b/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp index ab8ee0ed..cbcbdfb7 100644 --- a/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp +++ b/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp @@ -142,7 +142,7 @@ static ErrorCode generateOperationHandle(uint64_t& oprHandle) { } } if (cnt == MAX_COUNTER_VALUE) { - LOG(ERROR) << "generateOperationHandle TOO_MANY_OPERATIONS"; + LOG(ERROR) << "generateOperationHandle TOO_MANY_OPERATIONS error."; return ErrorCode::TOO_MANY_OPERATIONS; } oprHandle = cnt; @@ -1032,7 +1032,7 @@ Return JavacardKeymaster4Device::update(uint64_t halGeneratedOprHandle, co output = tempOut; } if(ErrorCode::OK != errorCode) { - abort(operationHandle); + abort(halGeneratedOprHandle); } } if(ErrorCode::OK != errorCode) { @@ -1129,7 +1129,6 @@ Return JavacardKeymaster4Device::finish(uint64_t halGeneratedOprHandle, co cborConverter_.addHardwareAuthToken(array, authToken); cborConverter_.addVerificationToken(array, verificationToken, asn1ParamsVerified); std::vector cborData = array.encode(); - errorCode = sendData(ins, cborData, cborOutData); if(errorCode == ErrorCode::OK) { @@ -1157,7 +1156,7 @@ Return JavacardKeymaster4Device::finish(uint64_t halGeneratedOprHandle, co output = tempOut; } if (ErrorCode::OK != errorCode) { - abort(operationHandle); + abort(halGeneratedOprHandle); } } deleteOprHandleEntry(halGeneratedOprHandle); From 166c6b1fb3fad9e13844a3e65a67433904d0a32e Mon Sep 17 00:00:00 2001 From: BKSSM Venkateswarlu Date: Thu, 14 Jan 2021 12:11:49 +0530 Subject: [PATCH 020/169] Added comments for the newly added code. --- .../4.1/JavacardKeymaster4Device.cpp | 43 +++++++++++++------ 1 file changed, 29 insertions(+), 14 deletions(-) diff --git a/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp b/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp index cbcbdfb7..f36fcc67 100644 --- a/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp +++ b/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp @@ -120,17 +120,18 @@ static inline bool getTag(const hidl_vec& params, Tag tag, KeyPara return false; } +/* Generate new operation handle */ static ErrorCode generateOperationHandle(uint64_t& oprHandle) { std::map::iterator it; - //Check if oprHandleCnt is present in operationTable + //Check if operationHandle is present in operationTable uint64_t cnt = 1; uint64_t mask; for(; cnt < MAX_COUNTER_VALUE; cnt++) { mask = cnt | (SB_KM_OPR << 56); it = operationTable.find(mask); if (it == operationTable.end()) { - //NO HW Operation found with this operation handle. - //Check for SW. + //No Strongbox Operation found with this operation handle. + //Check for Software operation. mask = cnt | (SW_KM_OPR << 56); it = operationTable.find(mask); if (it != operationTable.end()) @@ -142,26 +143,28 @@ static ErrorCode generateOperationHandle(uint64_t& oprHandle) { } } if (cnt == MAX_COUNTER_VALUE) { - LOG(ERROR) << "generateOperationHandle TOO_MANY_OPERATIONS error."; + LOG(ERROR) << "operation handle count reached max operations"; return ErrorCode::TOO_MANY_OPERATIONS; } oprHandle = cnt; return ErrorCode::OK; } -static ErrorCode createOprHandleEntry(uint64_t origOprHandle, uint64_t mask/* SW or HW */, uint64_t& generatedOprHandle) { +/* Create a new operation handle entry in operation table.*/ +static ErrorCode createOprHandleEntry(uint64_t origOprHandle, uint64_t mask/* SW or HW */, uint64_t& newOperationHandle) { ErrorCode errorCode = ErrorCode::OK; - if (ErrorCode::OK != (errorCode = generateOperationHandle(generatedOprHandle))) { + if (ErrorCode::OK != (errorCode = generateOperationHandle(newOperationHandle))) { return errorCode; } //mask the operationhandle - generatedOprHandle |= (mask << 56); - operationTable[generatedOprHandle] = origOprHandle; + newOperationHandle |= (mask << 56); + operationTable[newOperationHandle] = origOprHandle; return errorCode; } -static ErrorCode getOrigOperationHandle(uint64_t generatedOprHandle, uint64_t& origOprHandle) { - std::map::iterator it = operationTable.find(generatedOprHandle); +/* Get original operation handle generated by softkeymaster/strongboxkeymaster. */ +static ErrorCode getOrigOperationHandle(uint64_t halGeneratedOperationHandle, uint64_t& origOprHandle) { + std::map::iterator it = operationTable.find(halGeneratedOperationHandle); if (it == operationTable.end()) { return ErrorCode::INVALID_OPERATION_HANDLE; } @@ -169,12 +172,14 @@ static ErrorCode getOrigOperationHandle(uint64_t generatedOprHandle, uint64_t& o return ErrorCode::OK; } -static bool isStrongboxOperation(uint64_t generatedOprHandle) { - return (SB_KM_OPR == (generatedOprHandle >> 56)); +/* Tells if the operation handle belongs to strongbox keymaster. */ +static bool isStrongboxOperation(uint64_t halGeneratedOperationHandle) { + return (SB_KM_OPR == (halGeneratedOperationHandle >> 56)); } -static void deleteOprHandleEntry(uint64_t generatedOprHandle) { - operationTable.erase(generatedOprHandle); +/* Delete the operation handle entry from operation table. */ +static void deleteOprHandleEntry(uint64_t halGeneratedOperationHandle) { + operationTable.erase(halGeneratedOperationHandle); } ErrorCode encodeParametersVerified(const VerificationToken& verificationToken, std::vector& asn1ParamsVerified) { @@ -876,6 +881,10 @@ Return JavacardKeymaster4Device::begin(KeyPurpose purpose, const hidl_vec< } if (response.error != KM_ERROR_INCOMPATIBLE_ALGORITHM) { /*Incompatible algorithm could be handled by JavaCard*/ errorCode = legacy_enum_conversion(response.error); + /* Create a new operation handle and add a entry inside the operation table map with + * key - new operation handle + * value - hal generated operation handle. + */ if (errorCode == ErrorCode::OK) errorCode = createOprHandleEntry(response.op_handle, SW_KM_OPR, generatedOpHandle); _hidl_cb(errorCode, resultParams, generatedOpHandle); @@ -937,6 +946,10 @@ Return JavacardKeymaster4Device::begin(KeyPurpose purpose, const hidl_vec< } } } + /* Create a new operation handle and add a entry inside the operation table map with + * key - new operation handle + * value - hal generated operation handle. + */ if (ErrorCode::OK == errorCode) errorCode = createOprHandleEntry(operationHandle, SB_KM_OPR, generatedOpHandle); _hidl_cb(errorCode, outParams, generatedOpHandle); @@ -1036,6 +1049,7 @@ Return JavacardKeymaster4Device::update(uint64_t halGeneratedOprHandle, co } } if(ErrorCode::OK != errorCode) { + /* Delete the entry from operation table. */ deleteOprHandleEntry(halGeneratedOprHandle); } @@ -1159,6 +1173,7 @@ Return JavacardKeymaster4Device::finish(uint64_t halGeneratedOprHandle, co abort(halGeneratedOprHandle); } } + /* Delete the entry from operation table. */ deleteOprHandleEntry(halGeneratedOprHandle); _hidl_cb(errorCode, outParams, output); return Void(); From 732a4edabf06499d076d1059141a355c040c6507 Mon Sep 17 00:00:00 2001 From: BKSSM Venkateswarlu Date: Thu, 14 Jan 2021 19:51:33 +0530 Subject: [PATCH 021/169] updated provisioning tool --- .../4.1/JavacardKeymaster4Device.cpp | 1 - HAL/keymaster/Android.bp | 62 ++++++++++--------- provisioning_tool/Android.bp | 41 ++++++++++++ provisioning_tool/README.md | 1 + .../provision_tool.cpp | 3 +- provisioning_tool/sample_json.txt | 25 ++++++++ 6 files changed, 102 insertions(+), 31 deletions(-) create mode 100644 provisioning_tool/Android.bp create mode 100644 provisioning_tool/README.md rename {HAL/keymaster/4.1 => provisioning_tool}/provision_tool.cpp (99%) create mode 100644 provisioning_tool/sample_json.txt diff --git a/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp b/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp index 23583024..08c634ca 100644 --- a/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp +++ b/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp @@ -266,7 +266,6 @@ ErrorCode sendData(Instruction ins, std::vector& inData, std::vector Date: Fri, 15 Jan 2021 20:44:40 +0530 Subject: [PATCH 022/169] Used Rand_bytes for hal generated operation handle. Updated comments --- .../4.1/JavacardKeymaster4Device.cpp | 70 ++++++++----------- .../4.1/JavacardOperationContext.cpp | 3 +- HAL/keymaster/Android.bp | 4 +- 3 files changed, 34 insertions(+), 43 deletions(-) diff --git a/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp b/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp index f36fcc67..5ac1a431 100644 --- a/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp +++ b/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp @@ -26,6 +26,7 @@ #include #include #include +#include #include #include @@ -49,7 +50,6 @@ #define INS_BEGIN_KM_CMD 0x00 #define INS_END_KM_PROVISION_CMD 0x20 #define INS_END_KM_CMD 0x7F -#define MAX_COUNTER_VALUE 25 #define SW_KM_OPR 0UL #define SB_KM_OPR 1UL @@ -59,7 +59,10 @@ namespace javacard { static std::unique_ptr pTransportFactory = nullptr; constexpr size_t kOperationTableSize = 4; -std::map operationTable; +/* Key is the newly generated operation handle. Value is a pair with first element having + * original operation handle and second element represents SW or SB operation. + */ +std::map> operationTable; struct KM_AUTH_LIST_Delete { void operator()(KM_AUTH_LIST* p) { KM_AUTH_LIST_free(p); } @@ -122,59 +125,44 @@ static inline bool getTag(const hidl_vec& params, Tag tag, KeyPara /* Generate new operation handle */ static ErrorCode generateOperationHandle(uint64_t& oprHandle) { - std::map::iterator it; - //Check if operationHandle is present in operationTable - uint64_t cnt = 1; - uint64_t mask; - for(; cnt < MAX_COUNTER_VALUE; cnt++) { - mask = cnt | (SB_KM_OPR << 56); - it = operationTable.find(mask); - if (it == operationTable.end()) { - //No Strongbox Operation found with this operation handle. - //Check for Software operation. - mask = cnt | (SW_KM_OPR << 56); - it = operationTable.find(mask); - if (it != operationTable.end()) - continue; - else - break; - } else { - continue; + std::map>::iterator it; + do { + keymaster_error_t err = GenerateRandom(reinterpret_cast(&oprHandle), (size_t)sizeof(oprHandle)); + if (err != KM_ERROR_OK) { + return legacy_enum_conversion(err); } - } - if (cnt == MAX_COUNTER_VALUE) { - LOG(ERROR) << "operation handle count reached max operations"; - return ErrorCode::TOO_MANY_OPERATIONS; - } - oprHandle = cnt; + it = operationTable.find(oprHandle); + } while (it != operationTable.end()); return ErrorCode::OK; } /* Create a new operation handle entry in operation table.*/ -static ErrorCode createOprHandleEntry(uint64_t origOprHandle, uint64_t mask/* SW or HW */, uint64_t& newOperationHandle) { +static ErrorCode createOprHandleEntry(uint64_t origOprHandle, uint64_t keymasterSrc, uint64_t& newOperationHandle) { ErrorCode errorCode = ErrorCode::OK; if (ErrorCode::OK != (errorCode = generateOperationHandle(newOperationHandle))) { return errorCode; } - //mask the operationhandle - newOperationHandle |= (mask << 56); - operationTable[newOperationHandle] = origOprHandle; + operationTable[newOperationHandle] = std::make_pair(origOprHandle, keymasterSrc); return errorCode; } /* Get original operation handle generated by softkeymaster/strongboxkeymaster. */ static ErrorCode getOrigOperationHandle(uint64_t halGeneratedOperationHandle, uint64_t& origOprHandle) { - std::map::iterator it = operationTable.find(halGeneratedOperationHandle); + std::map>::iterator it = operationTable.find(halGeneratedOperationHandle); if (it == operationTable.end()) { return ErrorCode::INVALID_OPERATION_HANDLE; } - origOprHandle = it->second; + origOprHandle = it->second.first; return ErrorCode::OK; } /* Tells if the operation handle belongs to strongbox keymaster. */ static bool isStrongboxOperation(uint64_t halGeneratedOperationHandle) { - return (SB_KM_OPR == (halGeneratedOperationHandle >> 56)); + std::map>::iterator it = operationTable.find(halGeneratedOperationHandle); + if (it == operationTable.end()) { + return false; + } + return (SB_KM_OPR == it->second.second); } /* Delete the operation handle entry from operation table. */ @@ -385,14 +373,12 @@ Return JavacardKeymaster4Device::getHardwareInfo(getHardwareInfo_cb _hidl_ } _hidl_cb(static_cast(securityLevel), jcKeymasterName, jcKeymasterAuthor); return Void(); - } -#ifdef TRANSCEIVE_VIA_SOCKET - else { - //TODO Should we throw fatal error here.? + } else { + // It should not come here, but incase if for any reason SB keymaster fails to getHardwareInfo + // return proper values from HAL. _hidl_cb(SecurityLevel::STRONGBOX, JAVACARD_KEYMASTER_NAME, JAVACARD_KEYMASTER_AUTHOR); return Void(); } -#endif } Return JavacardKeymaster4Device::getHmacSharingParameters(getHmacSharingParameters_cb _hidl_cb) { @@ -412,7 +398,7 @@ Return JavacardKeymaster4Device::getHmacSharingParameters(getHmacSharingPa } } } -#ifdef TRANSCEIVE_VIA_SOCKET +#ifdef VTS_EMULATOR /* TODO temporary fix: vold daemon calls performHmacKeyAgreement. At that time when vold calls this API there is no * network connectivity and socket cannot be connected. So as a hack we are calling softkeymaster to getHmacSharing * parameters. @@ -466,7 +452,7 @@ Return JavacardKeymaster4Device::computeSharedHmac(const hidl_vec JavacardKeymaster4Device::begin(KeyPurpose purpose, const hidl_vec< _hidl_cb(ErrorCode::INVALID_ARGUMENT, resultParams, operationHandle); return Void(); } - /* Asymmetric public key operations are handled by softkeymaster. */ + /* Asymmetric public key operations like RSA Verify, RSA Encrypt, ECDSA verify + * are handled by softkeymaster. + */ if (KeyPurpose::ENCRYPT == purpose || KeyPurpose::VERIFY == purpose) { BeginOperationRequest request; request.purpose = legacy_enum_conversion(purpose); diff --git a/HAL/keymaster/4.1/JavacardOperationContext.cpp b/HAL/keymaster/4.1/JavacardOperationContext.cpp index 1872f75b..e3f4c800 100644 --- a/HAL/keymaster/4.1/JavacardOperationContext.cpp +++ b/HAL/keymaster/4.1/JavacardOperationContext.cpp @@ -123,6 +123,7 @@ ErrorCode OperationContext::validateInputData(uint64_t operHandle, Operation opr memset(oprData.data.buf, 0x00, sizeof(oprData.data.buf)); oprData.data.buf_len = 0; } + return ErrorCode::OK; } } input = actualInput; @@ -342,7 +343,7 @@ ErrorCode OperationContext::handleInternalUpdate(uint64_t operHandle, uint8_t* d return errorCode; } } else { - //For strongbox keymaster, in NoDigest case the length of the input message for RSA should be more than + //For strongbox keymaster, in NoDigest case the length of the input message for RSA should not be more than //256 and for EC it should not be more than 32. This validation is already happening in //validateInputData function. Just for safety sake we are checking the length to MAX_BUF_SIZE. if(operationTable[operHandle].data.buf_len <= MAX_BUF_SIZE) { diff --git a/HAL/keymaster/Android.bp b/HAL/keymaster/Android.bp index eb4fa49c..d92809e8 100644 --- a/HAL/keymaster/Android.bp +++ b/HAL/keymaster/Android.bp @@ -51,7 +51,9 @@ cc_binary { ], product_variables: { debuggable: { - cflags: ["-DTRANSCEIVE_VIA_SOCKET"] + cflags: [ + "-DVTS_EMULATOR", + ] } } } From 775da648836dd124ba2f1a70f7827b21fa3d4701 Mon Sep 17 00:00:00 2001 From: BKSSM Venkateswarlu Date: Fri, 15 Jan 2021 21:53:46 +0530 Subject: [PATCH 023/169] Clearing the operation data inside the operation context --- HAL/keymaster/4.1/JavacardKeymaster4Device.cpp | 1 + 1 file changed, 1 insertion(+) diff --git a/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp b/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp index 5ac1a431..445f3737 100644 --- a/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp +++ b/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp @@ -1163,6 +1163,7 @@ Return JavacardKeymaster4Device::finish(uint64_t halGeneratedOprHandle, co } /* Delete the entry from operation table. */ deleteOprHandleEntry(halGeneratedOprHandle); + oprCtx_->clearOperationData(operationHandle); _hidl_cb(errorCode, outParams, output); return Void(); } From cd7a9a83bb00eec8a722d35d61e3eb464ab713f3 Mon Sep 17 00:00:00 2001 From: BKSSM Venkateswarlu Date: Sun, 17 Jan 2021 19:50:33 +0530 Subject: [PATCH 024/169] Added comments for getBlockAlignedData function --- .../4.1/JavacardOperationContext.cpp | 40 +++++++++++-------- 1 file changed, 23 insertions(+), 17 deletions(-) diff --git a/HAL/keymaster/4.1/JavacardOperationContext.cpp b/HAL/keymaster/4.1/JavacardOperationContext.cpp index e3f4c800..7319cb3c 100644 --- a/HAL/keymaster/4.1/JavacardOperationContext.cpp +++ b/HAL/keymaster/4.1/JavacardOperationContext.cpp @@ -23,7 +23,6 @@ #define DES_BLOCK_SIZE 8 #define RSA_INPUT_MSG_LEN 256 #define EC_INPUT_MSG_LEN 32 -#define MAX_RSA_BUFFER_SIZE 256 #define MAX_EC_BUFFER_SIZE 32 namespace keymaster { @@ -104,11 +103,10 @@ ErrorCode OperationContext::validateInputData(uint64_t operHandle, Operation opr } if(KeyPurpose::DECRYPT == oprData.info.purpose && Algorithm::RSA == oprData.info.alg) { - if((oprData.data.buf_len+actualInput.size()) > MAX_RSA_BUFFER_SIZE) { + if((oprData.data.buf_len+actualInput.size()) > RSA_INPUT_MSG_LEN) { return ErrorCode::INVALID_INPUT_LENGTH; } } - if(opr == Operation::Finish) { //If it is observed in finish operation that buffered data + input data exceeds the MAX_ALLOWED_INPUT_SIZE then //combine both the data in a single buffer. This helps in making sure that no data is left out in the buffer after @@ -171,7 +169,6 @@ ErrorCode OperationContext::update(uint64_t operHandle, const std::vector& actualInput, sendDataToSE_cb cb) { ErrorCode errorCode = ErrorCode::OK; std::vector input; - /* Validate the input data */ if(ErrorCode::OK != (errorCode = validateInputData(operHandle, Operation::Finish, actualInput, input))) { return errorCode; @@ -214,15 +211,25 @@ ErrorCode OperationContext::finish(uint64_t operHandle, const std::vector& out) { - size_t dataToSELen = 0; + size_t dataToSELen = 0;/*Length of the data to be send to the Applet.*/ size_t inputConsumed = 0;/*Length of the data consumed from input */ size_t blockSize = 0; BufferedData& data = operationTable[operHandle].data; int bufIndex = data.buf_len; - if(Algorithm::AES == operationTable[operHandle].info.alg) { blockSize = AES_BLOCK_SIZE; } else if(Algorithm::TRIPLE_DES == operationTable[operHandle].info.alg) { @@ -265,6 +272,8 @@ ErrorCode OperationContext::getBlockAlignedData(uint64_t operHandle, uint8_t* in if(dataToSELen > 0) { //If buffer length is greater than the data length to be send to SE, then input data consumed is 0. //That means all the data to be send to SE is consumed from the buffer. + //The buffer length might become greater than dataToSELen in the cases where we are saving the last block of + //data i.e. AES/TDES Decryption with PKC7Padding or AES GCM Decryption operations. inputConsumed = (data.buf_len > dataToSELen) ? 0 : (dataToSELen - data.buf_len); //Copy the buffer to be send to SE. @@ -301,7 +310,6 @@ ErrorCode OperationContext::handleInternalUpdate(uint64_t operHandle, uint8_t* d sendDataToSE_cb cb, bool finish) { ErrorCode errorCode = ErrorCode::OK; std::vector out; - if(Algorithm::AES == operationTable[operHandle].info.alg || Algorithm::TRIPLE_DES == operationTable[operHandle].info.alg) { /*Symmetric */ @@ -345,16 +353,14 @@ ErrorCode OperationContext::handleInternalUpdate(uint64_t operHandle, uint8_t* d } else { //For strongbox keymaster, in NoDigest case the length of the input message for RSA should not be more than //256 and for EC it should not be more than 32. This validation is already happening in - //validateInputData function. Just for safety sake we are checking the length to MAX_BUF_SIZE. - if(operationTable[operHandle].data.buf_len <= MAX_BUF_SIZE) { - size_t bufIndex = operationTable[operHandle].data.buf_len; - size_t pos = 0; - for(; (pos < len) && (pos < (MAX_BUF_SIZE-bufIndex)); pos++) - { - operationTable[operHandle].data.buf[bufIndex+pos] = data[pos]; - } - operationTable[operHandle].data.buf_len += pos; + //validateInputData function. + size_t bufIndex = operationTable[operHandle].data.buf_len; + size_t pos = 0; + for(; pos < len; ++pos) + { + operationTable[operHandle].data.buf[bufIndex+pos] = data[pos]; } + operationTable[operHandle].data.buf_len += pos; } } else { /* With Digest */ for(size_t j=0; j < len; ++j) From 751a1ce84fc3a11eabdcd22b8e72382458c3b74d Mon Sep 17 00:00:00 2001 From: BKSSM Venkateswarlu Date: Tue, 19 Jan 2021 21:22:57 +0530 Subject: [PATCH 025/169] Handle extended errorcodes in HAL --- .../4.1/JavacardKeymaster4Device.cpp | 103 ++++++++++++++---- 1 file changed, 81 insertions(+), 22 deletions(-) diff --git a/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp b/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp index 445f3737..20e5cd5a 100644 --- a/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp +++ b/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp @@ -94,6 +94,23 @@ enum class Instruction { INS_GET_CERT_CHAIN_CMD = INS_END_KM_PROVISION_CMD+22 }; +//Extended error codes +enum ExtendedErrors { + SW_CONDITIONS_NOT_SATISFIED = -1001, + UNSUPPORTED_CLA = -1002, + INVALID_P1P2 = -1003, + UNSUPPORTED_INSTRUCTION = -1004, + CMD_NOT_ALLOWED = -1005, + SW_WRONG_LENGTH = -1006, + INVALID_DATA = -1007, + CRYPTO_ILLEGAL_USE = -1008, + CRYPTO_ILLEGAL_VALUE = -1009, + CRYPTO_INVALID_INIT = -1010, + CRYPTO_NO_SUCH_ALGORITHM = -1011, + CRYPTO_UNINITIALIZED_KEY = -1012, + GENERIC_UNKNOWN_ERROR = -1013 +}; + static inline std::unique_ptr& getTransportFactoryInstance() { if(pTransportFactory == nullptr) { pTransportFactory = std::unique_ptr(new se_transport::TransportFactory( @@ -123,6 +140,47 @@ static inline bool getTag(const hidl_vec& params, Tag tag, KeyPara return false; } +template +static T translateExtendedErrorsToHalErrors(T& errorCode) { + T err; + switch(static_cast(errorCode)) { + case SW_CONDITIONS_NOT_SATISFIED: + case UNSUPPORTED_CLA: + case INVALID_P1P2: + case INVALID_DATA: + case CRYPTO_ILLEGAL_USE: + case CRYPTO_ILLEGAL_VALUE: + case CRYPTO_INVALID_INIT: + case CRYPTO_UNINITIALIZED_KEY: + case GENERIC_UNKNOWN_ERROR: + err = T::UNKNOWN_ERROR; + break; + case CRYPTO_NO_SUCH_ALGORITHM: + err = T::UNSUPPORTED_ALGORITHM; + break; + case UNSUPPORTED_INSTRUCTION: + case CMD_NOT_ALLOWED: + case SW_WRONG_LENGTH: + err = T::UNIMPLEMENTED; + break; + default: + err = static_cast(errorCode); + break; + } + return err; +} + +template +static std::tuple, T> decodeData(CborConverter& cb, const std::vector& response, bool + hasErrorCode) { + std::unique_ptr item(nullptr); + T errorCode = T::OK; + std::tie(item, errorCode) = cb.decodeData(response, hasErrorCode); + if (ErrorCode::OK != errorCode) + errorCode = translateExtendedErrorsToHalErrors(errorCode); + return {std::move(item), errorCode}; +} + /* Generate new operation handle */ static ErrorCode generateOperationHandle(uint64_t& oprHandle) { std::map>::iterator it; @@ -390,7 +448,7 @@ Return JavacardKeymaster4Device::getHmacSharingParameters(getHmacSharingPa errorCode = sendData(Instruction::INS_GET_HMAC_SHARING_PARAM_CMD, input, cborData); if (ErrorCode::OK == errorCode) { //Skip last 2 bytes in cborData, it contains status. - std::tie(item, errorCode) = cborConverter_.decodeData(std::vector(cborData.begin(), cborData.end()-2), + std::tie(item, errorCode) = decodeData(cborConverter_, std::vector(cborData.begin(), cborData.end()-2), true); if (item != nullptr) { if(!cborConverter_.getHmacSharingParameters(item, 1, hmacSharingParameters)) { @@ -441,7 +499,7 @@ Return JavacardKeymaster4Device::computeSharedHmac(const hidl_vec(cborOutData.begin(), cborOutData.end()-2), + std::tie(item, errorCode) = decodeData(cborConverter_, std::vector(cborOutData.begin(), cborOutData.end()-2), true); if (item != nullptr) { std::vector bstr; @@ -498,7 +556,7 @@ Return JavacardKeymaster4Device::addRngEntropy(const hidl_vec(cborOutData.begin(), cborOutData.end()-2), + std::tie(item, errorCode) = decodeData(cborConverter_, std::vector(cborOutData.begin(), cborOutData.end()-2), true); } return errorCode; @@ -530,7 +588,7 @@ Return JavacardKeymaster4Device::generateKey(const hidl_vec& if(errorCode == ErrorCode::OK) { //Skip last 2 bytes in cborData, it contains status. - std::tie(item, errorCode) = cborConverter_.decodeData(std::vector(cborOutData.begin(), cborOutData.end()-2), + std::tie(item, errorCode) = decodeData(cborConverter_, std::vector(cborOutData.begin(), cborOutData.end()-2), true); if (item != nullptr) { if(!cborConverter_.getBinaryArray(item, 1, keyBlob) || @@ -576,7 +634,7 @@ Return JavacardKeymaster4Device::importKey(const hidl_vec& k if(errorCode == ErrorCode::OK) { //Skip last 2 bytes in cborData, it contains status. - std::tie(item, errorCode) = cborConverter_.decodeData(std::vector(cborOutData.begin(), cborOutData.end()-2), + std::tie(item, errorCode) = decodeData(cborConverter_, std::vector(cborOutData.begin(), cborOutData.end()-2), true); if (item != nullptr) { if(!cborConverter_.getBinaryArray(item, 1, keyBlob) || @@ -631,7 +689,7 @@ Return JavacardKeymaster4Device::importWrappedKey(const hidl_vec& if(errorCode == ErrorCode::OK) { //Skip last 2 bytes in cborData, it contains status. - std::tie(item, errorCode) = cborConverter_.decodeData(std::vector(cborOutData.begin(), cborOutData.end()-2), + std::tie(item, errorCode) = decodeData(cborConverter_, std::vector(cborOutData.begin(), cborOutData.end()-2), true); if (item != nullptr) { if(!cborConverter_.getBinaryArray(item, 1, keyBlob) || @@ -664,7 +722,7 @@ Return JavacardKeymaster4Device::getKeyCharacteristics(const hidl_vec(cborOutData.begin(), cborOutData.end()-2), + std::tie(item, errorCode) = decodeData(cborConverter_, std::vector(cborOutData.begin(), cborOutData.end()-2), true); if (item != nullptr) { if(!cborConverter_.getKeyCharacteristics(item, 1, keyCharacteristics)) { @@ -730,7 +788,7 @@ Return JavacardKeymaster4Device::attestKey(const hidl_vec& keyToA std::vector> temp; std::vector rootCert; //Skip last 2 bytes in cborData, it contains status. - std::tie(item, errorCode) = cborConverter_.decodeData(std::vector(cborOutData.begin(), cborOutData.end()-2), + std::tie(item, errorCode) = decodeData(cborConverter_, std::vector(cborOutData.begin(), cborOutData.end()-2), true); if (item != nullptr) { if(!cborConverter_.getMultiBinaryArray(item, 1, temp)) { @@ -741,7 +799,8 @@ Return JavacardKeymaster4Device::attestKey(const hidl_vec& keyToA errorCode = sendData(Instruction::INS_GET_CERT_CHAIN_CMD, cborData, cborOutData, true); if(errorCode == ErrorCode::OK) { //Skip last 2 bytes in cborData, it contains status. - std::tie(item, errorCode) = cborConverter_.decodeData(std::vector(cborOutData.begin(), cborOutData.end()-2), + std::tie(item, errorCode) = decodeData(cborConverter_, std::vector(cborOutData.begin(), + cborOutData.end()-2), true); if (item != nullptr) { std::vector chain; @@ -779,7 +838,7 @@ Return JavacardKeymaster4Device::upgradeKey(const hidl_vec& keyBl if(errorCode == ErrorCode::OK) { //Skip last 2 bytes in cborData, it contains status. - std::tie(item, errorCode) = cborConverter_.decodeData(std::vector(cborOutData.begin(), cborOutData.end()-2), + std::tie(item, errorCode) = decodeData(cborConverter_, std::vector(cborOutData.begin(), cborOutData.end()-2), true); if (item != nullptr) { if(!cborConverter_.getBinaryArray(item, 1, upgradedKeyBlob)) @@ -802,7 +861,7 @@ Return JavacardKeymaster4Device::deleteKey(const hidl_vec& k if(errorCode == ErrorCode::OK) { //Skip last 2 bytes in cborData, it contains status. - std::tie(item, errorCode) = cborConverter_.decodeData(std::vector(cborOutData.begin(), cborOutData.end()-2), + std::tie(item, errorCode) = decodeData(cborConverter_, std::vector(cborOutData.begin(), cborOutData.end()-2), true); } return errorCode; @@ -818,7 +877,7 @@ Return JavacardKeymaster4Device::deleteAllKeys() { if(errorCode == ErrorCode::OK) { //Skip last 2 bytes in cborData, it contains status. - std::tie(item, errorCode) = cborConverter_.decodeData(std::vector(cborOutData.begin(), cborOutData.end()-2), + std::tie(item, errorCode) = decodeData(cborConverter_, std::vector(cborOutData.begin(), cborOutData.end()-2), true); } return errorCode; @@ -834,7 +893,7 @@ Return JavacardKeymaster4Device::destroyAttestationIds() { if(errorCode == ErrorCode::OK) { //Skip last 2 bytes in cborData, it contains status. - std::tie(item, errorCode) = cborConverter_.decodeData(std::vector(cborOutData.begin(), cborOutData.end()-2), + std::tie(item, errorCode) = decodeData(cborConverter_, std::vector(cborOutData.begin(), cborOutData.end()-2), true); } return errorCode; @@ -918,7 +977,7 @@ Return JavacardKeymaster4Device::begin(KeyPurpose purpose, const hidl_vec< errorCode = sendData(Instruction::INS_BEGIN_OPERATION_CMD, cborData, cborOutData); if(errorCode == ErrorCode::OK) { //Skip last 2 bytes in cborData, it contains status. - std::tie(item, errorCode) = cborConverter_.decodeData(std::vector(cborOutData.begin(), cborOutData.end()-2), + std::tie(item, errorCode) = decodeData(cborConverter_, std::vector(cborOutData.begin(), cborOutData.end()-2), true); if (item != nullptr) { if(!cborConverter_.getKeyParameters(item, 1, outParams) || @@ -1007,7 +1066,7 @@ Return JavacardKeymaster4Device::update(uint64_t halGeneratedOprHandle, co if(errorCode == ErrorCode::OK) { //Skip last 2 bytes in cborData, it contains status. - std::tie(item, errorCode) = cborConverter_.decodeData(std::vector(cborOutData.begin(), cborOutData.end()-2), + std::tie(item, errorCode) = decodeData(cborConverter_, std::vector(cborOutData.begin(), cborOutData.end()-2), true); if (item != nullptr) { /*Ignore inputConsumed from javacard SE since HAL consumes all the input */ @@ -1065,10 +1124,10 @@ Return JavacardKeymaster4Device::finish(uint64_t halGeneratedOprHandle, co request.signature.Reinitialize(signature.data(), signature.size()); request.additional_params.Reinitialize(KmParamSet(inParams)); - //FinishOperationResponse response; softKm_->FinishOperation(request, &response); errorCode = legacy_enum_conversion(response.error); + if (response.error == KM_ERROR_OK) { outParams = kmParamSet2Hidl(response.output_params); output = kmBuffer2hidlVec(response.output); @@ -1135,7 +1194,7 @@ Return JavacardKeymaster4Device::finish(uint64_t halGeneratedOprHandle, co if(errorCode == ErrorCode::OK) { //Skip last 2 bytes in cborData, it contains status. - std::tie(item, errorCode) = cborConverter_.decodeData(std::vector(cborOutData.begin(), cborOutData.end()-2), + std::tie(item, errorCode) = decodeData(cborConverter_, std::vector(cborOutData.begin(), cborOutData.end()-2), true); if (item != nullptr) { //There is a change that this finish callback may gets called multiple times if the input data size @@ -1194,7 +1253,7 @@ Return JavacardKeymaster4Device::abort(uint64_t halGeneratedOprHandle if(errorCode == ErrorCode::OK) { //Skip last 2 bytes in cborData, it contains status. - std::tie(item, errorCode) = cborConverter_.decodeData(std::vector(cborOutData.begin(), cborOutData.end()-2), + std::tie(item, errorCode) = decodeData(cborConverter_, std::vector(cborOutData.begin(), cborOutData.end()-2), true); } } @@ -1226,8 +1285,8 @@ Return<::android::hardware::keymaster::V4_1::ErrorCode> JavacardKeymaster4Device if(ret == ErrorCode::OK) { //Skip last 2 bytes in cborData, it contains status. - std::tie(item, errorCode) = cborConverter_.decodeData<::android::hardware::keymaster::V4_1::ErrorCode>(std::vector(cborOutData.begin(), cborOutData.end()-2), - true); + std::tie(item, errorCode) = cborConverter_.decodeData<::android::hardware::keymaster::V4_1::ErrorCode>( + std::vector(cborOutData.begin(), cborOutData.end()-2), true); } return errorCode; } @@ -1243,8 +1302,8 @@ Return<::android::hardware::keymaster::V4_1::ErrorCode> JavacardKeymaster4Device if(ret == ErrorCode::OK) { //Skip last 2 bytes in cborData, it contains status. - std::tie(item, errorCode) = cborConverter_.decodeData<::android::hardware::keymaster::V4_1::ErrorCode>(std::vector(cborOutData.begin(), cborOutData.end()-2), - true); + std::tie(item, errorCode) = cborConverter_.decodeData<::android::hardware::keymaster::V4_1::ErrorCode>( + std::vector(cborOutData.begin(), cborOutData.end()-2), true); } return errorCode; } From 43708f4be76140097c127d66c2b4300504a0462e Mon Sep 17 00:00:00 2001 From: BKSSM Venkateswarlu Date: Tue, 19 Jan 2021 20:49:17 +0530 Subject: [PATCH 026/169] 1. Exception handling for CryptoException and Generic exceptions 2. PKCS7 padding decrypt fix for AES/DES 3. Few tags were not supported. --- .../keymaster/KMAndroidSEProvider.java | 16 +-- .../javacard/keymaster/KMOperationImpl.java | 6 + .../javacard/keymaster/KMCipherImpl.java | 6 + .../javacard/keymaster/KMJCardSimulator.java | 28 +---- .../android/javacard/keymaster/KMUtils.java | 1 + .../android/javacard/keymaster/KMError.java | 9 ++ .../javacard/keymaster/KMKeyParameters.java | 32 +++++ .../javacard/keymaster/KMKeymasterApplet.java | 118 ++++++------------ .../javacard/keymaster/KMRepository.java | 2 +- .../javacard/keymaster/KMSEProvider.java | 72 +++++------ 10 files changed, 125 insertions(+), 165 deletions(-) diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java index aba38934..e18ae600 100644 --- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java +++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java @@ -100,7 +100,7 @@ public class KMAndroidSEProvider implements KMSEProvider { (byte) 0x25, (byte) 0x51 }; static final short secp256r1_H = 1; // -------------------------------------------------------------- - public static final short AES_GCM_TAG_LENGTH = 12; + public static final short AES_GCM_TAG_LENGTH = 16; public static final short AES_GCM_NONCE_LENGTH = 12; public static final byte KEYSIZE_128_OFFSET = 0x00; public static final byte KEYSIZE_256_OFFSET = 0x01; @@ -608,7 +608,7 @@ public short aesGCMEncrypt(byte[] aesKey, short aesKeyStart, short aesKeyLen, short authTagStart, short authTagLen) { if (authTagLen != AES_GCM_TAG_LENGTH) { - KMException.throwIt(KMError.UNKNOWN_ERROR); + CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); } if (nonceLen != AES_GCM_NONCE_LENGTH) { CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); @@ -1115,18 +1115,6 @@ public KMAttestationCert getAttestationCert(boolean rsaCert) { return KMAttestationCertImpl.instance(rsaCert); } - @Override - public short aesCCMSign(byte[] bufIn, short bufInStart, short buffInLength, - byte[] masterKeySecret, short masterKeyStart, short masterKeyLen, - byte[] bufOut, short bufStart) { - if (masterKeyLen > 16) { - return -1; - } - aesKeys[KEYSIZE_128_OFFSET].setKey(masterKeySecret, (short) masterKeyStart); - kdf.init(aesKeys[KEYSIZE_128_OFFSET], Signature.MODE_SIGN); - return kdf.sign(bufIn, bufInStart, buffInLength, bufOut, bufStart); - } - @Override public short cmacKdf(byte[] keyMaterial, short keyMaterialStart, short keyMaterialLen, byte[] label, short labelStart, short labelLen, diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMOperationImpl.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMOperationImpl.java index b1f48827..1c7ab32d 100644 --- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMOperationImpl.java +++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMOperationImpl.java @@ -161,6 +161,12 @@ public short finish(byte[] inputDataBuf, short inputDataStart, // padding byte always should be <= block size if ((short) paddingByte > blkSize || (short) paddingByte <= 0) KMException.throwIt(KMError.INVALID_ARGUMENT); + + for(short j = 1; j <= paddingByte; ++j) { + if (outputDataBuf[(short) (outputDataStart + len - j)] != paddingByte) { + KMException.throwIt(KMError.INVALID_ARGUMENT); + } + } len = (short) (len - (short) paddingByte);// remove the padding bytes } } else if (cipherAlg == KMType.AES && blockMode == KMType.GCM) { diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMCipherImpl.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMCipherImpl.java index ea65a94c..264b74e5 100644 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMCipherImpl.java +++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMCipherImpl.java @@ -121,6 +121,12 @@ public short doFinal(byte[] buffer, short startOff, short length, byte[] scratch //padding byte always should be <= block size if((short)paddingByte > blkSize || (short)paddingByte <= 0) KMException.throwIt(KMError.INVALID_ARGUMENT); + + for(short j = 1; j <= paddingByte; ++j) { + if (scratchPad[i+len -j] != paddingByte) { + KMException.throwIt(KMError.INVALID_ARGUMENT); + } + } len = (short)(len - (short)paddingByte);// remove the padding bytes } } diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java index 9c9e71c6..eb50fd6d 100644 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java +++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java @@ -66,7 +66,7 @@ * creates its own RNG using PRNG. */ public class KMJCardSimulator implements KMSEProvider { - public static final short AES_GCM_TAG_LENGTH = 12; + public static final short AES_GCM_TAG_LENGTH = 16; public static final short AES_GCM_NONCE_LENGTH = 12; public static final short MAX_RND_NUM_SIZE = 64; public static final short ENTROPY_POOL_SIZE = 16; // simulator does not support 256 bit aes keys @@ -483,31 +483,7 @@ public boolean aesGCMDecrypt( public void getTrueRandomNumber(byte[] buf, short start, short length) { Util.arrayCopy(entropyPool,(short)0,buf,start,length); } - - @Override - public short aesCCMSign( - byte[] bufIn, - short bufInStart, - short buffInLength, - byte[] masterKeySecret, - short masterKeyStart, - short masterKeyLen, - byte[] bufOut, - short bufStart) { - if (masterKeyLen > 16) { - return -1; - } - AESKey key = (AESKey) KeyBuilder.buildKey(KeyBuilder.TYPE_AES, KeyBuilder.LENGTH_AES_128, false); - key.setKey(masterKeySecret, masterKeyStart); - byte[] in = new byte[buffInLength]; - Util.arrayCopyNonAtomic(bufIn, bufInStart,in,(short)0,buffInLength); - kdf.init(key, Signature.MODE_SIGN); - short len = kdf.sign(bufIn, bufInStart, buffInLength, bufOut, bufStart); - byte[] out = new byte[len]; - Util.arrayCopyNonAtomic(bufOut, bufStart,out,(short)0,len); - return len; - } - + public HMACKey cmacKdf(byte[] keyMaterial, short keyMaterialStart, short keyMaterialLen, byte[] label, short labelStart, short labelLen, byte[] context, short contextStart, short contextLength) { // This is hardcoded to requirement - 32 byte output with two concatenated 16 bytes K1 and K2. diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMUtils.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMUtils.java index d9dce03b..756c3150 100644 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMUtils.java +++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMUtils.java @@ -102,6 +102,7 @@ public static short convertToDate(short time, byte[] scratchPad, Util.arrayCopyNonAtomic(oneMonthMsec, (short) 0, scratchPad, (short) 8, (short) 8); monthCount = divide(scratchPad, (short) 0, (short) 8, (short) 16); + monthCount =+ 1; Util.arrayCopyNonAtomic(scratchPad, (short) 16, scratchPad, (short) 0, (short) 8); } diff --git a/Applet/src/com/android/javacard/keymaster/KMError.java b/Applet/src/com/android/javacard/keymaster/KMError.java index e70dc8c2..abb0e6df 100644 --- a/Applet/src/com/android/javacard/keymaster/KMError.java +++ b/Applet/src/com/android/javacard/keymaster/KMError.java @@ -92,4 +92,13 @@ public class KMError { public static short CMD_NOT_ALLOWED = 1005; public static short SW_WRONG_LENGTH = 1006; public static short INVALID_DATA = 1007; + //Crypto errors + public static short CRYPTO_ILLEGAL_USE = 1008; + public static short CRYPTO_ILLEGAL_VALUE = 1009; + public static short CRYPTO_INVALID_INIT = 1010; + public static short CRYPTO_NO_SUCH_ALGORITHM = 1011; + public static short CRYPTO_UNINITIALIZED_KEY = 1012; + //Generic Unknown error. + public static short GENERIC_UNKNOWN_ERROR = 1013; + } diff --git a/Applet/src/com/android/javacard/keymaster/KMKeyParameters.java b/Applet/src/com/android/javacard/keymaster/KMKeyParameters.java index ae759ffc..8c8475ac 100644 --- a/Applet/src/com/android/javacard/keymaster/KMKeyParameters.java +++ b/Applet/src/com/android/javacard/keymaster/KMKeyParameters.java @@ -100,6 +100,38 @@ public short findTag(short tagType, short tagKey){ } return ret; } + + public static boolean hasUnsupportedTags(short keyParamsPtr) { + final short[] tagArr = { + // Unsupported tags. + KMType.BOOL_TAG, KMType.TRUSTED_CONFIRMATION_REQUIRED, + KMType.BOOL_TAG, KMType.TRUSTED_USER_PRESENCE_REQUIRED, + KMType.BOOL_TAG, KMType.ALLOW_WHILE_ON_BODY, + KMType.UINT_TAG, KMType.MIN_SEC_BETWEEN_OPS, + }; + byte index = 0; + short tagInd; + short tagPtr; + short tagKey; + short tagType; + short arrPtr = KMKeyParameters.cast(keyParamsPtr).getVals(); + short len = KMArray.cast(arrPtr).length(); + while (index < len) { + tagInd = 0; + tagPtr = KMArray.cast(arrPtr).get(index); + tagKey = KMTag.getKey(tagPtr); + tagType = KMTag.getTagType(tagPtr); + while (tagInd < (short) tagArr.length) { + if ((tagArr[tagInd] == tagType) + && (tagArr[(short) (tagInd + 1)] == tagKey)) { + return true; + } + tagInd += 2; + } + index++; + } + return false; + } // KDF, ECIES_SINGLE_HASH_MODE missing from types.hal public static short makeHwEnforced(short keyParamsPtr, byte origin, diff --git a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java index d9691a1e..febc7ec7 100644 --- a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java +++ b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java @@ -160,7 +160,7 @@ public class KMKeymasterApplet extends Applet implements AppletEvent, ExtendedLe public static final byte KEY_BLOB_KEYCHAR = 3; public static final byte KEY_BLOB_PUB_KEY = 4; // AES GCM constants - private static final byte AES_GCM_AUTH_TAG_LENGTH = 12; + private static final byte AES_GCM_AUTH_TAG_LENGTH = 16; private static final byte AES_GCM_NONCE_LENGTH = 12; // ComputeHMAC constants private static final short HMAC_SHARED_PARAM_MAX_SIZE = 64; @@ -245,6 +245,23 @@ private short mapISOErrorToKMError(short reason) { return KMError.UNKNOWN_ERROR; } } + + private short mapCryptoErrorToKMError(short reason) { + switch (reason) { + case CryptoException.ILLEGAL_USE: + return KMError.CRYPTO_ILLEGAL_USE; + case CryptoException.ILLEGAL_VALUE: + return KMError.CRYPTO_ILLEGAL_VALUE; + case CryptoException.INVALID_INIT: + return KMError.CRYPTO_INVALID_INIT; + case CryptoException.NO_SUCH_ALGORITHM: + return KMError.CRYPTO_NO_SUCH_ALGORITHM; + case CryptoException.UNINITIALIZED_KEY: + return KMError.CRYPTO_UNINITIALIZED_KEY; + default: + return KMError.UNKNOWN_ERROR; + } + } protected void validateApduHeader(APDU apdu) { // Read the apdu header and buffer. @@ -443,6 +460,12 @@ && isProvisioningComplete())) { } catch (ISOException exp) { sendError(apdu, mapISOErrorToKMError(exp.getReason())); freeOperations(); + } catch (CryptoException e) { + freeOperations(); + sendError(apdu, mapCryptoErrorToKMError(e.getReason())); + } catch (Exception e) { + freeOperations(); + sendError(apdu, KMError.GENERIC_UNKNOWN_ERROR); } finally { resetData(); repository.clean(); @@ -578,7 +601,6 @@ private void processAddRngEntropyCmd(APDU apdu) { //reclaim memory repository.reclaimMemory(bufferLength); - // Process KMByteBlob blob = KMByteBlob.cast(KMArray.cast(args).get((short) 0)); // Maximum 2KiB of seed is allowed. @@ -606,7 +628,6 @@ private void processGetCertChainCmd(APDU apdu) { sendOutgoing(apdu); } - private void processProvisionAttestationCertParams(APDU apdu) { receiveIncoming(apdu); // Arguments @@ -620,7 +641,6 @@ private void processProvisionAttestationCertParams(APDU apdu) { //reclaim memory repository.reclaimMemory(bufferLength); - // save issuer - DER Encoded tmpVariables[0] = KMArray.cast(args).get((short) 0); repository.setIssuer( @@ -1607,7 +1627,6 @@ private void processFinishOperationCmd(APDU apdu) { // Finish trusted Confirmation operation switch (op.getPurpose()) { case KMType.SIGN: - finishTrustedConfirmationOperation(op); case KMType.VERIFY: finishSigningVerifyingOperation(op, scratchPad); break; @@ -1631,7 +1650,6 @@ private void processFinishOperationCmd(APDU apdu) { KMArray.cast(tmpVariables[2]).add((short) 1, tmpVariables[1]); KMArray.cast(tmpVariables[2]).add((short) 2, data[OUTPUT_DATA]); - bufferStartOffset = repository.allocAvailableMemory(); // Encode the response bufferLength = encoder.encode(tmpVariables[2], buffer, bufferStartOffset); @@ -1905,31 +1923,6 @@ private void finishSigningVerifyingOperation(KMOperationState op, byte[] scratch } } - private void finishTrustedConfirmationOperation(KMOperationState op) { - // Perform trusted confirmation if required - if (op.isTrustedConfirmationRequired()) { - tmpVariables[0] = - KMKeyParameters.findTag( - KMType.BYTES_TAG, KMType.CONFIRMATION_TOKEN, data[KEY_PARAMETERS]); - if (tmpVariables[0] == KMType.INVALID_VALUE) { - KMException.throwIt(KMError.INVALID_ARGUMENT); - } - tmpVariables[0] = KMByteTag.cast(tmpVariables[0]).getValue(); - boolean verified = - op.getTrustedConfirmationSigner() - .verify( - KMByteBlob.cast(data[INPUT_DATA]).getBuffer(), - KMByteBlob.cast(data[INPUT_DATA]).getStartOff(), - KMByteBlob.cast(data[INPUT_DATA]).length(), - KMByteBlob.cast(tmpVariables[0]).getBuffer(), - KMByteBlob.cast(tmpVariables[0]).getStartOff(), - KMByteBlob.cast(tmpVariables[0]).length()); - if (!verified) { - KMException.throwIt(KMError.VERIFICATION_FAILED); - } - } - } - private void authorizeUpdateFinishOperation(KMOperationState op, byte[] scratchPad) { // If one time user Authentication is required if (op.isSecureUserIdReqd() && !op.isAuthTimeoutValidated()) { @@ -2111,8 +2104,6 @@ private void processUpdateOperationCmd(APDU apdu) { KMByteBlob.cast(data[INPUT_DATA]).getBuffer(), KMByteBlob.cast(data[INPUT_DATA]).getStartOff(), KMByteBlob.cast(data[INPUT_DATA]).length()); - // update trusted confirmation operation - updateTrustedConfirmationOperation(op); data[OUTPUT_DATA] = KMType.INVALID_VALUE; } else if (op.getPurpose() == KMType.ENCRYPT || op.getPurpose() == KMType.DECRYPT) { // Update for encrypt/decrypt using RSA will not be supported because to do this op state @@ -2200,16 +2191,6 @@ private void processUpdateOperationCmd(APDU apdu) { sendOutgoing(apdu); } - private void updateTrustedConfirmationOperation(KMOperationState op) { - if (op.isTrustedConfirmationRequired()) { - op.getTrustedConfirmationSigner() - .update( - KMByteBlob.cast(data[INPUT_DATA]).getBuffer(), - KMByteBlob.cast(data[INPUT_DATA]).getStartOff(), - KMByteBlob.cast(data[INPUT_DATA]).length()); - } - } - private void processBeginOperationCmd(APDU apdu) { // Receive the incoming request fully from the master into buffer. receiveIncoming(apdu); @@ -2257,7 +2238,6 @@ private void processBeginOperationCmd(APDU apdu) { authorizeAndBeginOperation(op, scratchPad); switch (op.getPurpose()) { case KMType.SIGN: - beginTrustedConfirmationOperation(op); case KMType.VERIFY: beginSignVerifyOperation(op); break; @@ -2304,42 +2284,6 @@ private void processBeginOperationCmd(APDU apdu) { sendOutgoing(apdu); } - private void beginTrustedConfirmationOperation(KMOperationState op) { - // Check for trusted confirmation - if required then set the signer in op state. - if (KMKeyParameters.findTag( - KMType.BOOL_TAG, KMType.TRUSTED_CONFIRMATION_REQUIRED, data[HW_PARAMETERS]) - != KMType.INVALID_VALUE) { - // get operation - // get the hmac key - short key = repository.getComputedHmacKey(); - if (key == 0) { - KMException.throwIt(KMError.OPERATION_CANCELLED); - } - /* - op.setTrustedConfirmationSigner(seProvider.initSymmetricOperation( - KMType.VERIFY,KMType.HMAC,KMType.SHA2_256,(byte)0,(byte)0,repository.getComputedHmacKey(), - (short) 0, (short) repository.getComputedHmacKey().length,null,(short)0,(short)0,(short)0)); - */ - op.setTrustedConfirmationSigner( - seProvider.initSymmetricOperation( - KMType.VERIFY, - KMType.HMAC, - KMType.SHA2_256, - (byte) 0, - (byte) 0, - KMByteBlob.cast(key).getBuffer(), - KMByteBlob.cast(key).getStartOff(), - KMByteBlob.cast(key).length(), - null, - (short) 0, - (short) 0, - (short) 0)); - - op.getTrustedConfirmationSigner() - .update(confirmationToken, (short) 0, (short) confirmationToken.length); - } - } - private void authorizeAlgorithm(KMOperationState op) { short alg = KMEnumTag.getValue(KMType.ALGORITHM, data[HW_PARAMETERS]); if (alg == KMType.INVALID_VALUE) { @@ -3435,6 +3379,20 @@ private static void processGenerateKey(APDU apdu) { KMException.throwIt(KMError.UNSUPPORTED_KEY_SIZE); } } + // Only STANDALONE is supported for BLOB_USAGE_REQ tag. + tmpVariables[0] = + KMKeyParameters.findTag(KMType.ENUM_TAG, KMType.BLOB_USAGE_REQ, data[KEY_PARAMETERS]); + if (tmpVariables[0] != KMType.INVALID_VALUE) { + tmpVariables[0] = KMEnumTag.getValue(KMType.BLOB_USAGE_REQ, data[KEY_PARAMETERS]); + if (tmpVariables[0] != KMType.STANDALONE) { + KMException.throwIt(KMError.UNSUPPORTED_TAG); + } + } + //Check if the tags are supported. + if(KMKeyParameters.hasUnsupportedTags(data[KEY_PARAMETERS])) { + KMException.throwIt(KMError.UNSUPPORTED_TAG); + } + // Check algorithm and dispatch to appropriate handler. switch (tmpVariables[3]) { case KMType.RSA: diff --git a/Applet/src/com/android/javacard/keymaster/KMRepository.java b/Applet/src/com/android/javacard/keymaster/KMRepository.java index b8dc8b8d..062e31b5 100644 --- a/Applet/src/com/android/javacard/keymaster/KMRepository.java +++ b/Applet/src/com/android/javacard/keymaster/KMRepository.java @@ -84,7 +84,7 @@ public class KMRepository implements KMUpgradable { public static final short DEVICE_LOCK_FLAG_SIZE = 1; public static final short BOOT_STATE_SIZE = 1; public static final short MAX_BLOB_STORAGE = 8; - public static final short AUTH_TAG_LENGTH = 12; + public static final short AUTH_TAG_LENGTH = 16; public static final short AUTH_TAG_ENTRY_SIZE = 15; public static final short MAX_OPS = 4; public static final byte BOOT_KEY_MAX_SIZE = 32; diff --git a/Applet/src/com/android/javacard/keymaster/KMSEProvider.java b/Applet/src/com/android/javacard/keymaster/KMSEProvider.java index 81b35db2..3e981c9a 100644 --- a/Applet/src/com/android/javacard/keymaster/KMSEProvider.java +++ b/Applet/src/com/android/javacard/keymaster/KMSEProvider.java @@ -49,11 +49,12 @@ void createAsymmetricKey( short[] lengths); /** - * Verify that the imported key is valid. + * Verify that the imported key is valid. If the algorithm and/or keysize are not supported then it + * should throw a CryptoException. * * @param alg will be KMType.AES, KMType.DES or KMType.HMAC. * @param keysize will be 128 or 256 for AES or DES. It can be 64 to 512 (multiple of 8) for HMAC. - * @param buf is the buffer in which key has to be returned + * @param buf is the buffer that contains the symmetric key. * @param startOff is the start offset. * @param length of the data in the buf. This should match the keysize (in bytes). * @return true if the symmetric key is supported and valid. @@ -63,14 +64,15 @@ void createAsymmetricKey( /** * Validate that the imported asymmetric key pair is valid. For RSA the public key exponent must * always be 0x010001. The key size of RSA key pair must be 2048 bits and key size of EC key pair - * must be for p256 curve. + * must be for p256 curve. If the algorithms are not supported then it should throw a + * CryptoException. * * @param alg will be KMType.RSA or KMType.EC. - * @param privKeyBuf is the buffer to return the private key exponent in case of RSA or private + * @param privKeyBuf is the buffer that contains the private key exponent in case of RSA or private * key in case of EC. * @param privKeyStart is the start offset. * @param privKeyLength is the length of this private key buffer. - * @param pubModBuf is the buffer to return the modulus in case of RSA or public key in case of + * @param pubModBuf is the buffer that contains the modulus in case of RSA or public key in case of * EC. * @param pubModStart is the start of offset. * @param pubModLength is the length of this public key buffer. @@ -88,14 +90,14 @@ boolean importAsymmetricKey( /** * This is a oneshot operation that generates random number of desired length. * - * @param num is the buffer in which random number is returned to applet. + * @param num is the buffer in which random number is returned to the applet. * @param offset is start of the buffer. * @param length indicates the size of buffer and desired length of random number in bytes. */ void newRandomNumber(byte[] num, short offset, short length); /** - * This is a oneshot operation that adds the entropy to the entroy pool. This operation + * This is a oneshot operation that adds the entropy to the entropy pool. This operation * corresponds to addRndEntropy command. This method may ignore the added entropy value if the SE * provider does not support it. * @@ -108,14 +110,16 @@ boolean importAsymmetricKey( /** * This is a oneshot operation that generates and returns back a true random number. * - * @param num is the buffer in which entropy value is given. + * @param num is the buffer in which entropy value is returned. * @param offset is start of the buffer. * @param length length of the buffer. */ void getTrueRandomNumber(byte[] num, short offset, short length); /** - * This is a oneshot operation that performs encryption operation using AES GCM algorithm. + * This is a oneshot operation that performs encryption operation using AES GCM algorithm. It throws + * CryptoException if algorithm is not supported or if tag length is not equal to 16 or + * nonce length is not equal to 12. * * @param aesKey is the buffer that contains 128 bit or 256 bit aes key used to encrypt. * @param aesKeyStart is the start in aes key buffer. @@ -156,7 +160,8 @@ short aesGCMEncrypt( short authTagLen); /** - * This is a oneshot operation that performs decryption operation using AES GCM algorithm. + * This is a oneshot operation that performs decryption operation using AES GCM algorithm. It throws + * CryptoException if algorithm is not supported. * * @param aesKey is the buffer that contains 128 bit or 256 bit aes key used to encrypt. * @param aesKeyStart is the start in aes key buffer. @@ -164,7 +169,7 @@ short aesGCMEncrypt( * @param encData is the buffer of the input encrypted data. * @param encDataStart is the start of the encrypted data buffer. * @param encDataLen is the length of the data buffer. - * @param data is the buffer that contains output data to encrypt. + * @param data is the buffer that contains output decrypted data. * @param dataStart is the start of the data buffer. * @param nonce is the buffer of nonce. * @param nonceStart is the start of the nonce buffer. @@ -196,30 +201,7 @@ boolean aesGCMDecrypt( short authTagStart, short authTagLen); - /** - * This is a oneshot operation that performs signing using AES CCM algorithm. - * - * @param data is the input data buffer. - * @param dataStart is the start of the buffer. - * @param dataLen is the length of the input data - * @param aesKey is the aesKey buffer either 128 bit or 256 bit aes key. - * @param aesKeyStart is the start of the aes key. - * @param aesKeyLen is the length of the aes key buffer in bytes. - * @param signature is the output signature buffer. - * @param signatureStart is the start of the signature buffer. - * @return length of the signature buffer. - */ - short aesCCMSign( - byte[] data, - short dataStart, - short dataLen, - byte[] aesKey, - short aesKeyStart, - short aesKeyLen, - byte[] signature, - short signatureStart); - - /** + /** * This is a oneshot operation that performs key derivation function using cmac kdf (CKDF) as * defined in android keymaster hal definition. * @@ -299,7 +281,8 @@ boolean hmacVerify( /** * This is a oneshot operation that decrypts the data using RSA algorithm with oaep256 padding. - * The public exponent is always 0x010001. + * The public exponent is always 0x010001. It throws CryptoException if OAEP encoding validation + * fails. * * @param privExp is the private exponent (2048 bit) buffer. * @param privExpStart is the start of the private exponent buffer. @@ -309,8 +292,8 @@ boolean hmacVerify( * @param modLength is the length of the modulus buffer in bytes. * @param inputDataBuf is the buffer of the input data. * @param inputDataStart is the start of the input data buffer. - * @param inputDataLength is the length of the inpur data buffer in bytes. - * @param outputDataBuf is the buffer of the decrypted data buffer. + * @param inputDataLength is the length of the input data buffer in bytes. + * @param outputDataBuf is the output buffer that contains the decrypted data. * @param outputDataStart is the start of the output data buffer. * @return length of the decrypted data. */ @@ -336,11 +319,11 @@ short rsaDecipherOAEP256( * @param inputDataBuf is the buffer of the input data. * @param inputDataStart is the start of the input data buffer. * @param inputDataLength is the length of the inpur data buffer in bytes. - * @param outputDataBuf is the buffer of the decrypted data buffer. + * @param outputDataBuf is the output buffer that contains the signature. * @param outputDataStart is the start of the output data buffer. * @return length of the decrypted data. */ - public short ecSign256( + short ecSign256( byte[] secret, short secretStart, short secretLength, @@ -354,7 +337,7 @@ public short ecSign256( * This creates a persistent operation for signing, verify, encryption and decryption using HMAC, * AES and DES algorithms when keymaster hal's beginOperation function is executed. The * KMOperation instance can be reclaimed by the seProvider when KMOperation is finished or - * aborted. + * aborted. It throws CryptoException if algorithm is not supported. * * @param purpose is KMType.ENCRYPT or KMType.DECRYPT for AES and DES algorithm. It will be * KMType.SIGN and KMType.VERIFY for HMAC algorithm @@ -391,7 +374,8 @@ KMOperation initSymmetricOperation( * This creates a persistent operation for signing, verify, encryption and decryption using RSA * and EC algorithms when keymaster hal's beginOperation function is executed. For RSA the public * exponent is always 0x0100101. For EC the curve is always p256. The KMOperation instance can be - * reclaimed by the seProvider when KMOperation is finished or aborted. + * reclaimed by the seProvider when KMOperation is finished or aborted. It throws CryptoException + * if algorithm is not supported. * * @param purpose is KMType.ENCRYPT or KMType.DECRYPT for RSA. It will be * KMType.SIGN and * KMType.VERIFY for RSA and EC algorithms. @@ -439,12 +423,12 @@ KMOperation initAsymmetricOperation( * @param len is the length of the buffer. * @param totalLen is the total length of cert chain. */ - public void persistPartialCertificateChain(byte[] buf, short offset, short len, short totalLen); + void persistPartialCertificateChain(byte[] buf, short offset, short len, short totalLen); /** * This operation clears the certificate chain from persistent memory. */ - public void clearCertificateChain(); + void clearCertificateChain(); /** * The operation reads the certificate chain from persistent memory. From c85f13997e4432aec7b2257fac8938f3275f1cbb Mon Sep 17 00:00:00 2001 From: BKSSM Venkateswarlu Date: Wed, 20 Jan 2021 20:41:07 +0530 Subject: [PATCH 027/169] Remove trusted confirmation related code --- .../android/javacard/keymaster/KMUtils.java | 13 +++++----- .../android/javacard/keymaster/KMUtils.java | 14 +++++----- .../android/javacard/keymaster/KMError.java | 26 +++++++++---------- .../javacard/keymaster/KMKeymasterApplet.java | 1 - .../javacard/keymaster/KMOperationState.java | 22 ++-------------- .../javacard/keymaster/KMRepository.java | 4 +-- 6 files changed, 30 insertions(+), 50 deletions(-) diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMUtils.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMUtils.java index d9dce03b..08309f86 100644 --- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMUtils.java +++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMUtils.java @@ -13,23 +13,23 @@ public class KMUtils { public static final byte[] oneDayMsec = { 0, 0, 0, 0, 0x05, 0x26, 0x5C, 0x00 }; // 86400000 msec public static final byte[] oneMonthMsec = { - 0, 0, 0, 0, (byte) 0x9A, 0x7E, (byte) 0xC8, 0x00 }; // 2592000000 msec + 0, 0, 0, 0, (byte) 0x9C,(byte) 0xBE, (byte) 0xBD, 0x50}; // 2629746000 msec public static final byte[] oneYearMsec = { - 0, 0, 0, 0x07, 0x57, (byte) 0xB1, 0x2C, 0x00 }; // 31536000000 msec + 0, 0, 0, 0x75, (byte) 0x8F, 0x0D, (byte) 0xFC, 0x00 }; // 31556952000 msec // Leap year + 3 yrs public static final byte[] fourYrsMsec = { - 0, 0, 0, 0x1D, 0x63, (byte) 0xEB, 0x0C, 0x00 }; // 126230400000 msec + 0, 0, 0, 0x1D, 0x63, (byte) 0xC3, 0x7F, 0x00 }; // 126227808000 msec public static final byte[] firstJan2020 = { - 0, 0, 0x01, 0x6F, 0x60, 0x1E, 0x5C, 0x00 }; // 1577865600000 msec + 0, 0, 0x01, 0x76, (byte) 0xBB, 0x3E, (byte) 0x70, 0x40 }; // 1609459200000 msec public static final byte[] firstJan2051 = { - 0, 0, 0x02, 0x53, 0x27, (byte) 0xC5, (byte) 0x90, 0x00 }; // 2556172800000 + 0, 0, 0x02, 0x53, 0x26, (byte) 0x0E, (byte) 0x1C, 0x00 }; // 2556144000000 // msec // -------------------------------------- public static short convertToDate(short time, byte[] scratchPad, boolean utcFlag) { short yrsCount = 0; - short monthCount = 0; + short monthCount = 1; short dayCount = 0; short hhCount = 0; short mmCount = 0; @@ -102,6 +102,7 @@ public static short convertToDate(short time, byte[] scratchPad, Util.arrayCopyNonAtomic(oneMonthMsec, (short) 0, scratchPad, (short) 8, (short) 8); monthCount = divide(scratchPad, (short) 0, (short) 8, (short) 16); + monthCount++; Util.arrayCopyNonAtomic(scratchPad, (short) 16, scratchPad, (short) 0, (short) 8); } diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMUtils.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMUtils.java index 756c3150..08309f86 100644 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMUtils.java +++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMUtils.java @@ -13,23 +13,23 @@ public class KMUtils { public static final byte[] oneDayMsec = { 0, 0, 0, 0, 0x05, 0x26, 0x5C, 0x00 }; // 86400000 msec public static final byte[] oneMonthMsec = { - 0, 0, 0, 0, (byte) 0x9A, 0x7E, (byte) 0xC8, 0x00 }; // 2592000000 msec + 0, 0, 0, 0, (byte) 0x9C,(byte) 0xBE, (byte) 0xBD, 0x50}; // 2629746000 msec public static final byte[] oneYearMsec = { - 0, 0, 0, 0x07, 0x57, (byte) 0xB1, 0x2C, 0x00 }; // 31536000000 msec + 0, 0, 0, 0x75, (byte) 0x8F, 0x0D, (byte) 0xFC, 0x00 }; // 31556952000 msec // Leap year + 3 yrs public static final byte[] fourYrsMsec = { - 0, 0, 0, 0x1D, 0x63, (byte) 0xEB, 0x0C, 0x00 }; // 126230400000 msec + 0, 0, 0, 0x1D, 0x63, (byte) 0xC3, 0x7F, 0x00 }; // 126227808000 msec public static final byte[] firstJan2020 = { - 0, 0, 0x01, 0x6F, 0x60, 0x1E, 0x5C, 0x00 }; // 1577865600000 msec + 0, 0, 0x01, 0x76, (byte) 0xBB, 0x3E, (byte) 0x70, 0x40 }; // 1609459200000 msec public static final byte[] firstJan2051 = { - 0, 0, 0x02, 0x53, 0x27, (byte) 0xC5, (byte) 0x90, 0x00 }; // 2556172800000 + 0, 0, 0x02, 0x53, 0x26, (byte) 0x0E, (byte) 0x1C, 0x00 }; // 2556144000000 // msec // -------------------------------------- public static short convertToDate(short time, byte[] scratchPad, boolean utcFlag) { short yrsCount = 0; - short monthCount = 0; + short monthCount = 1; short dayCount = 0; short hhCount = 0; short mmCount = 0; @@ -102,7 +102,7 @@ public static short convertToDate(short time, byte[] scratchPad, Util.arrayCopyNonAtomic(oneMonthMsec, (short) 0, scratchPad, (short) 8, (short) 8); monthCount = divide(scratchPad, (short) 0, (short) 8, (short) 16); - monthCount =+ 1; + monthCount++; Util.arrayCopyNonAtomic(scratchPad, (short) 16, scratchPad, (short) 0, (short) 8); } diff --git a/Applet/src/com/android/javacard/keymaster/KMError.java b/Applet/src/com/android/javacard/keymaster/KMError.java index abb0e6df..85c71654 100644 --- a/Applet/src/com/android/javacard/keymaster/KMError.java +++ b/Applet/src/com/android/javacard/keymaster/KMError.java @@ -85,20 +85,20 @@ public class KMError { public static short UNKNOWN_ERROR = 1000; //Extended errors - public static short SW_CONDITIONS_NOT_SATISFIED = 1001; - public static short UNSUPPORTED_CLA = 1002; - public static short INVALID_P1P2 = 1003; - public static short UNSUPPORTED_INSTRUCTION = 1004; - public static short CMD_NOT_ALLOWED = 1005; - public static short SW_WRONG_LENGTH = 1006; - public static short INVALID_DATA = 1007; + public static short SW_CONDITIONS_NOT_SATISFIED = 10001; + public static short UNSUPPORTED_CLA = 10002; + public static short INVALID_P1P2 = 10003; + public static short UNSUPPORTED_INSTRUCTION = 10004; + public static short CMD_NOT_ALLOWED = 10005; + public static short SW_WRONG_LENGTH = 10006; + public static short INVALID_DATA = 10007; //Crypto errors - public static short CRYPTO_ILLEGAL_USE = 1008; - public static short CRYPTO_ILLEGAL_VALUE = 1009; - public static short CRYPTO_INVALID_INIT = 1010; - public static short CRYPTO_NO_SUCH_ALGORITHM = 1011; - public static short CRYPTO_UNINITIALIZED_KEY = 1012; + public static short CRYPTO_ILLEGAL_USE = 10008; + public static short CRYPTO_ILLEGAL_VALUE = 10009; + public static short CRYPTO_INVALID_INIT = 10010; + public static short CRYPTO_NO_SUCH_ALGORITHM = 10011; + public static short CRYPTO_UNINITIALIZED_KEY = 10012; //Generic Unknown error. - public static short GENERIC_UNKNOWN_ERROR = 1013; + public static short GENERIC_UNKNOWN_ERROR = 10013; } diff --git a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java index febc7ec7..a37e6aa8 100644 --- a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java +++ b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java @@ -1624,7 +1624,6 @@ private void processFinishOperationCmd(APDU apdu) { } // Authorize the finish operation authorizeUpdateFinishOperation(op, scratchPad); - // Finish trusted Confirmation operation switch (op.getPurpose()) { case KMType.SIGN: case KMType.VERIFY: diff --git a/Applet/src/com/android/javacard/keymaster/KMOperationState.java b/Applet/src/com/android/javacard/keymaster/KMOperationState.java index 6647a6a8..347c9920 100644 --- a/Applet/src/com/android/javacard/keymaster/KMOperationState.java +++ b/Applet/src/com/android/javacard/keymaster/KMOperationState.java @@ -28,7 +28,7 @@ public class KMOperationState { public static final byte MAX_DATA = 20; - public static final byte MAX_REFS = 2; + public static final byte MAX_REFS = 1; private static final byte DATA = 0; private static final byte REFS = 1; // byte type @@ -53,9 +53,6 @@ public class KMOperationState { // Object References private static final byte OPERATION = 0; - private static final byte HMAC_SIGNER = 1; - - private static KMOperation hmacSigner; // used for trusted confirmation. private static KMOperation op; private static byte[] data; private static Object[] slot; @@ -85,14 +82,13 @@ public static KMOperationState read(Object[] slot) { Util.arrayCopy((byte[]) slot[DATA], (short) 0, data, (short) 0, (short) data.length); Object[] ops = ((Object[]) slot[REFS]); op = (KMOperation) ops[OPERATION]; - hmacSigner = (KMOperation) ops[HMAC_SIGNER]; KMOperationState.slot = slot; return opState; } public void persist() { if (!dFlag) return; - KMRepository.instance().persistOperation(data, Util.getShort(data, OP_HANDLE), op, hmacSigner); + KMRepository.instance().persistOperation(data, Util.getShort(data, OP_HANDLE), op); dFlag = false; } @@ -104,21 +100,8 @@ public short getKeySize() { return Util.getShort(data, KEY_SIZE); } - public void setTrustedConfirmationSigner(KMOperation hmacSigner) { - KMOperationState.hmacSigner = hmacSigner; - } - - public KMOperation getTrustedConfirmationSigner() { - return KMOperationState.hmacSigner; - } - - public boolean isTrustedConfirmationRequired() { - return KMOperationState.hmacSigner != null; - } - public void reset() { dFlag = false; - hmacSigner = null; op = null; slot = null; Util.arrayFillNonAtomic( @@ -135,7 +118,6 @@ public void release() { Util.arrayFillNonAtomic( (byte[]) slot[0], (short) 0, (short) ((byte[]) slot[0]).length, (byte) 0); ops[OPERATION] = null; - ops[HMAC_SIGNER] = null; JCSystem.commitTransaction(); reset(); } diff --git a/Applet/src/com/android/javacard/keymaster/KMRepository.java b/Applet/src/com/android/javacard/keymaster/KMRepository.java index 062e31b5..c2809c08 100644 --- a/Applet/src/com/android/javacard/keymaster/KMRepository.java +++ b/Applet/src/com/android/javacard/keymaster/KMRepository.java @@ -148,7 +148,7 @@ public KMOperationState reserveOperation(){ } //TODO refactor following method - public void persistOperation(byte[] data, short opHandle, KMOperation op, KMOperation hmacSigner) { + public void persistOperation(byte[] data, short opHandle, KMOperation op) { short index = 0; byte[] opId; //Update an existing operation state. @@ -160,7 +160,6 @@ public void persistOperation(byte[] data, short opHandle, KMOperation op, KMOper Util.arrayCopy(data, (short) 0, (byte[]) slot[0], (short) 0, (short) ((byte[]) slot[0]).length); Object[] ops = ((Object[]) slot[1]); ops[0] = op; - ops[1] = hmacSigner; JCSystem.commitTransaction(); return; } @@ -178,7 +177,6 @@ public void persistOperation(byte[] data, short opHandle, KMOperation op, KMOper Util.arrayCopy(data, (short) 0, (byte[]) slot[0], (short) 0, (short) ((byte[]) slot[0]).length); Object[] ops = ((Object[]) slot[1]); ops[0] = op; - ops[1] = hmacSigner; JCSystem.commitTransaction(); break; } From 36cdea02ecdac668e1674d2c84d1d24820eacf63 Mon Sep 17 00:00:00 2001 From: BKSSM Venkateswarlu Date: Wed, 20 Jan 2021 20:47:01 +0530 Subject: [PATCH 028/169] Corrected the extended error code values. --- .../4.1/JavacardKeymaster4Device.cpp | 37 ++++++++++--------- 1 file changed, 19 insertions(+), 18 deletions(-) diff --git a/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp b/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp index 20e5cd5a..f422bc26 100644 --- a/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp +++ b/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp @@ -96,19 +96,19 @@ enum class Instruction { //Extended error codes enum ExtendedErrors { - SW_CONDITIONS_NOT_SATISFIED = -1001, - UNSUPPORTED_CLA = -1002, - INVALID_P1P2 = -1003, - UNSUPPORTED_INSTRUCTION = -1004, - CMD_NOT_ALLOWED = -1005, - SW_WRONG_LENGTH = -1006, - INVALID_DATA = -1007, - CRYPTO_ILLEGAL_USE = -1008, - CRYPTO_ILLEGAL_VALUE = -1009, - CRYPTO_INVALID_INIT = -1010, - CRYPTO_NO_SUCH_ALGORITHM = -1011, - CRYPTO_UNINITIALIZED_KEY = -1012, - GENERIC_UNKNOWN_ERROR = -1013 + SW_CONDITIONS_NOT_SATISFIED = -10001, + UNSUPPORTED_CLA = -10002, + INVALID_P1P2 = -10003, + UNSUPPORTED_INSTRUCTION = -10004, + CMD_NOT_ALLOWED = -10005, + SW_WRONG_LENGTH = -10006, + INVALID_DATA = -10007, + CRYPTO_ILLEGAL_USE = -10008, + CRYPTO_ILLEGAL_VALUE = -10009, + CRYPTO_INVALID_INIT = -10010, + CRYPTO_NO_SUCH_ALGORITHM = -10011, + CRYPTO_UNINITIALIZED_KEY = -10012, + GENERIC_UNKNOWN_ERROR = -10013 }; static inline std::unique_ptr& getTransportFactoryInstance() { @@ -176,7 +176,8 @@ static std::tuple, T> decodeData(CborConverter& cb, const std::unique_ptr item(nullptr); T errorCode = T::OK; std::tie(item, errorCode) = cb.decodeData(response, hasErrorCode); - if (ErrorCode::OK != errorCode) + + if (T::OK != errorCode) errorCode = translateExtendedErrorsToHalErrors(errorCode); return {std::move(item), errorCode}; } @@ -1285,8 +1286,8 @@ Return<::android::hardware::keymaster::V4_1::ErrorCode> JavacardKeymaster4Device if(ret == ErrorCode::OK) { //Skip last 2 bytes in cborData, it contains status. - std::tie(item, errorCode) = cborConverter_.decodeData<::android::hardware::keymaster::V4_1::ErrorCode>( - std::vector(cborOutData.begin(), cborOutData.end()-2), true); + std::tie(item, errorCode) = decodeData<::android::hardware::keymaster::V4_1::ErrorCode>( + cborConverter_, std::vector(cborOutData.begin(), cborOutData.end()-2), true); } return errorCode; } @@ -1302,8 +1303,8 @@ Return<::android::hardware::keymaster::V4_1::ErrorCode> JavacardKeymaster4Device if(ret == ErrorCode::OK) { //Skip last 2 bytes in cborData, it contains status. - std::tie(item, errorCode) = cborConverter_.decodeData<::android::hardware::keymaster::V4_1::ErrorCode>( - std::vector(cborOutData.begin(), cborOutData.end()-2), true); + std::tie(item, errorCode) = decodeData<::android::hardware::keymaster::V4_1::ErrorCode>( + cborConverter_, std::vector(cborOutData.begin(), cborOutData.end()-2), true); } return errorCode; } From 14bec57967ca1081a10eda3b40a558b0751de995 Mon Sep 17 00:00:00 2001 From: BKSSM Venkateswarlu Date: Wed, 20 Jan 2021 22:17:20 +0530 Subject: [PATCH 029/169] certificate chain input validation --- .../com/android/javacard/keymaster/KMAndroidSEProvider.java | 3 +++ .../src/com/android/javacard/keymaster/KMJCardSimulator.java | 3 +++ 2 files changed, 6 insertions(+) diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java index e18ae600..b2833e8b 100644 --- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java +++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java @@ -1143,6 +1143,9 @@ public void persistPartialCertificateChain(byte[] buf, short offset, short len, // Next single byte holds the array header. // Next 3 bytes holds the Byte array header with the cert1 length. // Next 3 bytes holds the Byte array header with the cert2 length. + if (totalLen > CERT_CHAIN_MAX_SIZE) { + KMException.throwIt(KMError.INVALID_INPUT_LENGTH); + } short persistedLen = Util.getShort(certificateChain, (short) 0); if (persistedLen > totalLen) { KMException.throwIt(KMError.INVALID_INPUT_LENGTH); diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java index eb50fd6d..a9a6a937 100644 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java +++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java @@ -1246,6 +1246,9 @@ public void persistPartialCertificateChain(byte[] buf, short offset, // Next single byte holds the array header. // Next 3 bytes holds the Byte array header with the cert1 length. // Next 3 bytes holds the Byte array header with the cert2 length. + if (totalLen > CERT_CHAIN_MAX_SIZE) { + KMException.throwIt(KMError.INVALID_INPUT_LENGTH); + } short persistedLen = Util.getShort(certificateChain, (short) 0); if (persistedLen > totalLen) { KMException.throwIt(KMError.INVALID_INPUT_LENGTH); From 33cdd6c9e0c64b477ad268da25e140957a63c6ae Mon Sep 17 00:00:00 2001 From: BKSSM Venkateswarlu Date: Thu, 21 Jan 2021 12:18:38 +0530 Subject: [PATCH 030/169] 1. Renamed INS_SHARED_SECRET to INS_PRESHARED_SECRET. 2. Removed AuthorityKeyIdentifier. --- .../keymaster/KMAttestationCertImpl.java | 93 +------------------ .../keymaster/KMAttestationCertImpl.java | 81 ---------------- .../javacard/keymaster/KMAttestationCert.java | 8 -- .../javacard/keymaster/KMKeymasterApplet.java | 26 ++---- .../javacard/keymaster/KMRepository.java | 48 ++++------ 5 files changed, 32 insertions(+), 224 deletions(-) diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java index 40bd751b..5a36e3c3 100644 --- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java +++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java @@ -30,8 +30,6 @@ public class KMAttestationCertImpl implements KMAttestationCert { private static final byte[] androidExtn = { 0x06, 0x0A, 0X2B, 0X06, 0X01, 0X04, 0X01, (byte) 0XD6, 0X79, 0X02, 0X01, 0X11 }; - // Authority Key Identifier Extn - 2.5.29.35 - private static final byte[] authKeyIdExtn = {0x06, 0x03, 0X55, 0X1D, 0X23}; private static final short ECDSA_MAX_SIG_LEN = 72; //Signature algorithm identifier - always ecdsaWithSha256 - 1.2.840.10045.4.3.2 @@ -95,7 +93,6 @@ public class KMAttestationCertImpl implements KMAttestationCert { private static short verifiedBootKey; private static byte verifiedState; private static short verifiedHash; - private static short authKey; private static short issuer; private static short signPriv; @@ -138,7 +135,6 @@ private static void init() { verifiedState = 0; rsaCert = true; deviceLocked = 0; - authKey = 0; signPriv = 0; } @@ -148,12 +144,6 @@ public KMAttestationCert verifiedBootHash(short obj) { return this; } - @Override - public KMAttestationCert authKey(short obj) { - authKey = obj; - return this; - } - @Override public KMAttestationCert verifiedBootKey(short obj) { verifiedBootKey = obj; @@ -259,46 +249,6 @@ private void createKeyUsage(short tag) { } } - private static void encodeCert( - short buf, - short keyChar, - short uniqueId, - short notBefore, - short notAfter, - short pubKey, - short attChallenge, - short attAppId, - boolean rsaCert) { - init(); - stack = KMByteBlob.cast(buf).getBuffer(); - start = KMByteBlob.cast(buf).getStartOff(); - length = KMByteBlob.cast(buf).length(); - stackPtr = (short) (start + length); - /* KMAttestationCertImpl.attChallenge = attChallenge; - KMAttestationCertImpl.attAppId = attAppId; - KMAttestationCertImpl.hwParams = KMKeyCharacteristics.cast(keyChar).getHardwareEnforced(); - KMAttestationCertImpl.swParams = KMKeyCharacteristics.cast(keyChar).getSoftwareEnforced(); - KMAttestationCertImpl.notBefore = notBefore; - KMAttestationCertImpl.notAfter = notAfter; - KMAttestationCertImpl.pubKey = pubKey; - KMAttestationCertImpl.uniqueId = uniqueId; - - */ - short last = stackPtr; - decrementStackPtr((short) 256); - signatureOffset = stackPtr; - pushBitStringHeader((byte) 0, (short) (last - stackPtr)); - // signatureOffset = pushSignature(null, (short) 0, (short) 256); - pushAlgorithmId(X509SignAlgIdentifier); - tbsLength = stackPtr; - pushTbsCert(rsaCert); - tbsOffset = stackPtr; - tbsLength = (short) (tbsLength - tbsOffset); - pushSequenceHeader((short) (last - stackPtr)); - // print(stack, stackPtr, (short)(last - stackPtr)); - certStart = stackPtr; - } - private static void pushTbsCert(boolean rsaCert) { short last = stackPtr; pushExtensions(); @@ -335,7 +285,6 @@ private static void pushExtensions() { short last = stackPtr; // byte keyusage = 0; // byte unusedBits = 8; - pushAuthKeyId(); /* if (KMEnumArrayTag.contains(KMType.PURPOSE, KMType.SIGN, hwParams)) { keyusage = (byte) (keyusage | keyUsageSign); @@ -480,19 +429,13 @@ private static void pushKeyDescription() { private static void pushSWParams() { short last = stackPtr; - // ATTESTATION_APPLICATION_ID 709 is softwareEnforced. + // Below are the allowed softwareEnforced Authorization tags inside the attestation certificate's extension. short[] tagIds = { KMType.ATTESTATION_APPLICATION_ID, KMType.CREATION_DATETIME, KMType.USAGE_EXPIRE_DATETIME, KMType.ORIGINATION_EXPIRE_DATETIME, KMType.ACTIVE_DATETIME, KMType.UNLOCKED_DEVICE_REQUIRED }; byte index = 0; do { - /* - if(tagIds[index] == KMType.ATTESTATION_APPLICATION_ID) { - pushAttIds(tagIds[index]); - continue; - } - */ pushParams(swParams, swParamsIndex, tagIds[index]); } while (++index < tagIds.length); pushSequenceHeader((short) (last - stackPtr)); @@ -500,7 +443,7 @@ private static void pushSWParams() { private static void pushHWParams() { short last = stackPtr; - // Attestation ids are not included. As per VTS attestation ids are not supported currenlty. + // Below are the allowed hardwareEnforced Authorization tags inside the attestation certificate's extension. short[] tagIds = { KMType.BOOT_PATCH_LEVEL, KMType.VENDOR_PATCH_LEVEL, KMType.OS_PATCH_LEVEL, KMType.OS_VERSION, KMType.ROOT_OF_TRUST, @@ -511,9 +454,9 @@ private static void pushHWParams() { KMType.ROLLBACK_RESISTANCE, KMType.RSA_PUBLIC_EXPONENT, KMType.ECCURVE, KMType.PADDING, KMType.DIGEST, KMType.KEYSIZE, KMType.ALGORITHM, KMType.PURPOSE }; + byte index = 0; do { - // if(pushAttIds(tagIds[index])) continue; if (tagIds[index] == KMType.ROOT_OF_TRUST) { pushRoT(); continue; @@ -600,7 +543,6 @@ private static void pushTag(short tag) { // } private static void pushRoT() { short last = stackPtr; - byte val = 0x00; // verified boot hash // pushOctetString(repo.verifiedBootHash, (short) 0, (short) repo.verifiedBootHash.length); pushOctetString( @@ -764,39 +706,10 @@ private static void pushKeyUsage(byte keyUsage, byte unusedBits) { pushSequenceHeader((short) (last - stackPtr)); } - // SEQUENCE {ObjId, OCTET STRING{SEQUENCE{[0]keyIdentifier}}} - private static void pushAuthKeyId() { - short last = stackPtr; - // if (repo.getAuthKeyId() == 0) return; - if (authKey == 0) return; - - pushKeyIdentifier( - KMByteBlob.cast(authKey).getBuffer(), - KMByteBlob.cast(authKey).getStartOff(), - KMByteBlob.cast(authKey).length()); - pushSequenceHeader((short) (last - stackPtr)); - pushOctetStringHeader((short) (last - stackPtr)); - pushBytes(authKeyIdExtn, (short) 0, (short) authKeyIdExtn.length); // ObjId - pushSequenceHeader((short) (last - stackPtr)); - } - - private static void pushKeyIdentifier(byte[] buf, short start, short len) { - pushBytes(buf, start, len); // keyIdentifier - pushLength(len); // len - pushByte((byte) 0x80); // Context specific tag [0] - } - private static void pushAlgorithmId(byte[] algId) { pushBytes(algId, (short) 0, (short) algId.length); } - private static short pushSignature(byte[] buf, short start, short len) { - pushBytes(buf, start, len); - short signatureOff = stackPtr; - pushBitStringHeader((byte) 0, len); - return signatureOff; - } - private static void pushIntegerHeader(short len) { pushLength(len); pushByte((byte) 0x02); diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java index 136ec4ba..cd9567d3 100644 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java +++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java @@ -30,8 +30,6 @@ public class KMAttestationCertImpl implements KMAttestationCert { private static final byte[] androidExtn = { 0x06, 0x0A, 0X2B, 0X06, 0X01, 0X04, 0X01, (byte) 0XD6, 0X79, 0X02, 0X01, 0X11 }; - // Authority Key Identifier Extn - 2.5.29.35 - private static final byte[] authKeyIdExtn = {0x06, 0x03, 0X55, 0X1D, 0X23}; private static final short ECDSA_MAX_SIG_LEN = 72; //Signature algorithm identifier - always ecdsaWithSha256 - 1.2.840.10045.4.3.2 @@ -95,7 +93,6 @@ public class KMAttestationCertImpl implements KMAttestationCert { private static short verifiedBootKey; private static byte verifiedState; private static short verifiedHash; - private static short authKey; private static short issuer; private static short signPriv; @@ -138,7 +135,6 @@ private static void init() { verifiedState = 0; rsaCert = true; deviceLocked = 0; - authKey = 0; signPriv = 0; } @@ -148,12 +144,6 @@ public KMAttestationCert verifiedBootHash(short obj) { return this; } - @Override - public KMAttestationCert authKey(short obj) { - authKey = obj; - return this; - } - @Override public KMAttestationCert verifiedBootKey(short obj) { verifiedBootKey = obj; @@ -259,46 +249,6 @@ private void createKeyUsage(short tag) { } } - private static void encodeCert( - short buf, - short keyChar, - short uniqueId, - short notBefore, - short notAfter, - short pubKey, - short attChallenge, - short attAppId, - boolean rsaCert) { - init(); - stack = KMByteBlob.cast(buf).getBuffer(); - start = KMByteBlob.cast(buf).getStartOff(); - length = KMByteBlob.cast(buf).length(); - stackPtr = (short) (start + length); - /* KMAttestationCertImpl.attChallenge = attChallenge; - KMAttestationCertImpl.attAppId = attAppId; - KMAttestationCertImpl.hwParams = KMKeyCharacteristics.cast(keyChar).getHardwareEnforced(); - KMAttestationCertImpl.swParams = KMKeyCharacteristics.cast(keyChar).getSoftwareEnforced(); - KMAttestationCertImpl.notBefore = notBefore; - KMAttestationCertImpl.notAfter = notAfter; - KMAttestationCertImpl.pubKey = pubKey; - KMAttestationCertImpl.uniqueId = uniqueId; - - */ - short last = stackPtr; - decrementStackPtr((short) 256); - signatureOffset = stackPtr; - pushBitStringHeader((byte) 0, (short) (last - stackPtr)); - // signatureOffset = pushSignature(null, (short) 0, (short) 256); - pushAlgorithmId(X509SignAlgIdentifier); - tbsLength = stackPtr; - pushTbsCert(rsaCert); - tbsOffset = stackPtr; - tbsLength = (short) (tbsLength - tbsOffset); - pushSequenceHeader((short) (last - stackPtr)); - // print(stack, stackPtr, (short)(last - stackPtr)); - certStart = stackPtr; - } - private static void pushTbsCert(boolean rsaCert) { short last = stackPtr; pushExtensions(); @@ -335,7 +285,6 @@ private static void pushExtensions() { short last = stackPtr; // byte keyusage = 0; // byte unusedBits = 8; - pushAuthKeyId(); /* if (KMEnumArrayTag.contains(KMType.PURPOSE, KMType.SIGN, hwParams)) { keyusage = (byte) (keyusage | keyUsageSign); @@ -594,7 +543,6 @@ private static void pushTag(short tag) { // } private static void pushRoT() { short last = stackPtr; - byte val = 0x00; // verified boot hash // pushOctetString(repo.verifiedBootHash, (short) 0, (short) repo.verifiedBootHash.length); pushOctetString( @@ -758,39 +706,10 @@ private static void pushKeyUsage(byte keyUsage, byte unusedBits) { pushSequenceHeader((short) (last - stackPtr)); } - // SEQUENCE {ObjId, OCTET STRING{SEQUENCE{[0]keyIdentifier}}} - private static void pushAuthKeyId() { - short last = stackPtr; - // if (repo.getAuthKeyId() == 0) return; - if (authKey == 0) return; - - pushKeyIdentifier( - KMByteBlob.cast(authKey).getBuffer(), - KMByteBlob.cast(authKey).getStartOff(), - KMByteBlob.cast(authKey).length()); - pushSequenceHeader((short) (last - stackPtr)); - pushOctetStringHeader((short) (last - stackPtr)); - pushBytes(authKeyIdExtn, (short) 0, (short) authKeyIdExtn.length); // ObjId - pushSequenceHeader((short) (last - stackPtr)); - } - - private static void pushKeyIdentifier(byte[] buf, short start, short len) { - pushBytes(buf, start, len); // keyIdentifier - pushLength(len); // len - pushByte((byte) 0x80); // Context specific tag [0] - } - private static void pushAlgorithmId(byte[] algId) { pushBytes(algId, (short) 0, (short) algId.length); } - private static short pushSignature(byte[] buf, short start, short len) { - pushBytes(buf, start, len); - short signatureOff = stackPtr; - pushBitStringHeader((byte) 0, len); - return signatureOff; - } - private static void pushIntegerHeader(short len) { pushLength(len); pushByte((byte) 0x02); diff --git a/Applet/src/com/android/javacard/keymaster/KMAttestationCert.java b/Applet/src/com/android/javacard/keymaster/KMAttestationCert.java index f15fbfcb..d27f015a 100644 --- a/Applet/src/com/android/javacard/keymaster/KMAttestationCert.java +++ b/Applet/src/com/android/javacard/keymaster/KMAttestationCert.java @@ -32,14 +32,6 @@ public interface KMAttestationCert { */ KMAttestationCert verifiedBootState(byte val); - /** - * Set authentication key Id from CA Certificate set during provisioning. - * - * @param obj This is a KMByteBlob containing authentication Key Id. - * @return instance of KMAttestationCert - */ - KMAttestationCert authKey(short obj); - /** * Set uniqueId received from CA certificate during provisioning. * diff --git a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java index a37e6aa8..a1157f34 100644 --- a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java +++ b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java @@ -75,7 +75,7 @@ public class KMKeymasterApplet extends Applet implements AppletEvent, ExtendedLe private static final byte INS_PROVISION_ATTESTATION_CERT_CHAIN_CMD = INS_BEGIN_KM_CMD + 2; //0x02 private static final byte INS_PROVISION_ATTESTATION_CERT_PARAMS_CMD = INS_BEGIN_KM_CMD + 3; //0x03 private static final byte INS_PROVISION_ATTEST_IDS_CMD = INS_BEGIN_KM_CMD + 4; //0x04 - private static final byte INS_PROVISION_SHARED_SECRET_CMD = INS_BEGIN_KM_CMD + 5; //0x05 + private static final byte INS_PROVISION_PRESHARED_SECRET_CMD = INS_BEGIN_KM_CMD + 5; //0x05 private static final byte INS_SET_BOOT_PARAMS_CMD = INS_BEGIN_KM_CMD + 6; //0x06 private static final byte INS_LOCK_PROVISIONING_CMD = INS_BEGIN_KM_CMD + 7; //0x07 private static final byte INS_GET_PROVISION_STATUS_CMD = INS_BEGIN_KM_CMD + 8; //0x08 @@ -113,7 +113,7 @@ public class KMKeymasterApplet extends Applet implements AppletEvent, ExtendedLe private static final byte PROVISION_STATUS_ATTESTATION_CERT_CHAIN = 0x02; private static final byte PROVISION_STATUS_ATTESTATION_CERT_PARAMS = 0x04; private static final byte PROVISION_STATUS_ATTEST_IDS = 0x08; - private static final byte PROVISION_STATUS_SHARED_SECRET = 0x10; + private static final byte PROVISION_STATUS_PRESHARED_SECRET = 0x10; private static final byte PROVISION_STATUS_BOOT_PARAM = 0x20; private static final byte PROVISION_STATUS_PROVISIONING_LOCKED = 0x40; @@ -339,9 +339,9 @@ public void process(APDU apdu) { sendError(apdu, KMError.OK); return; - case INS_PROVISION_SHARED_SECRET_CMD: + case INS_PROVISION_PRESHARED_SECRET_CMD: processProvisionSharedSecretCmd(apdu); - provisionStatus |= KMKeymasterApplet.PROVISION_STATUS_SHARED_SECRET; + provisionStatus |= KMKeymasterApplet.PROVISION_STATUS_PRESHARED_SECRET; sendError(apdu, KMError.OK); return; @@ -461,9 +461,11 @@ && isProvisioningComplete())) { sendError(apdu, mapISOErrorToKMError(exp.getReason())); freeOperations(); } catch (CryptoException e) { + e.printStackTrace(); freeOperations(); sendError(apdu, mapCryptoErrorToKMError(e.getReason())); } catch (Exception e) { + e.printStackTrace(); freeOperations(); sendError(apdu, KMError.GENERIC_UNKNOWN_ERROR); } finally { @@ -476,7 +478,7 @@ private boolean isProvisioningComplete() { if((0 != (provisionStatus & PROVISION_STATUS_ATTESTATION_KEY)) && (0 != (provisionStatus & PROVISION_STATUS_ATTESTATION_CERT_CHAIN)) && (0 != (provisionStatus & PROVISION_STATUS_ATTESTATION_CERT_PARAMS)) - && (0 != (provisionStatus & PROVISION_STATUS_SHARED_SECRET)) + && (0 != (provisionStatus & PROVISION_STATUS_PRESHARED_SECRET)) && (0 != (provisionStatus & PROVISION_STATUS_BOOT_PARAM))) { return true; } else { @@ -632,10 +634,9 @@ private void processProvisionAttestationCertParams(APDU apdu) { receiveIncoming(apdu); // Arguments short blob = KMByteBlob.exp(); - short argsProto = KMArray.instance((short) 3); + short argsProto = KMArray.instance((short) 2); KMArray.cast(argsProto).add((short) 0, blob); // Cert - DER encoded issuer KMArray.cast(argsProto).add((short) 1, blob); // Cert - Expiry Time - KMArray.cast(argsProto).add((short) 2, blob); // Cert - Auth Key Id // Decode the argument. short args = decoder.decode(argsProto, buffer, bufferStartOffset, bufferLength); //reclaim memory @@ -654,13 +655,6 @@ private void processProvisionAttestationCertParams(APDU apdu) { KMByteBlob.cast(tmpVariables[0]).getBuffer(), KMByteBlob.cast(tmpVariables[0]).getStartOff(), KMByteBlob.cast(tmpVariables[0]).length()); - - // Auth Key Id - from cert associated with imported attestation key. - tmpVariables[0] = KMArray.cast(args).get((short) 2); - repository.setAuthKeyId( - KMByteBlob.cast(tmpVariables[0]).getBuffer(), - KMByteBlob.cast(tmpVariables[0]).getStartOff(), - KMByteBlob.cast(tmpVariables[0]).length()); } private void processProvisionAttestationCertChainCmd(APDU apdu) { @@ -1438,9 +1432,7 @@ private void processAttestKeyCmd(APDU apdu) { addTags(KMKeyCharacteristics.cast(data[KEY_CHARACTERISTICS]).getHardwareEnforced(), true, cert); addTags( KMKeyCharacteristics.cast(data[KEY_CHARACTERISTICS]).getSoftwareEnforced(), false, cert); - if (repository.getAuthKeyId() != 0) { - cert.authKey(repository.getAuthKeyId()); - } + cert.deviceLocked(repository.getDeviceLock()); cert.issuer(repository.getIssuer()); cert.publicKey(data[PUB_KEY]); diff --git a/Applet/src/com/android/javacard/keymaster/KMRepository.java b/Applet/src/com/android/javacard/keymaster/KMRepository.java index c2809c08..4bcdf28b 100644 --- a/Applet/src/com/android/javacard/keymaster/KMRepository.java +++ b/Applet/src/com/android/javacard/keymaster/KMRepository.java @@ -29,7 +29,7 @@ */ public class KMRepository implements KMUpgradable { // Data table configuration - public static final short DATA_INDEX_SIZE = 33; + public static final short DATA_INDEX_SIZE = 32; public static final short DATA_INDEX_ENTRY_SIZE = 4; public static final short DATA_MEM_SIZE = 2048; public static final short HEAP_SIZE = 10000; @@ -50,26 +50,25 @@ public class KMRepository implements KMUpgradable { public static final byte ATT_ID_MANUFACTURER = 6; public static final byte ATT_ID_MODEL = 7; public static final byte ATT_EC_KEY = 12; - public static final byte CERT_AUTH_KEY_ID = 13; - public static final byte CERT_ISSUER = 14; - public static final byte CERT_EXPIRY_TIME = 15; - public static final byte BOOT_OS_VERSION = 16; - public static final byte BOOT_OS_PATCH = 17; - public static final byte VENDOR_PATCH_LEVEL = 18; - public static final byte BOOT_PATCH_LEVEL = 19; - public static final byte BOOT_VERIFIED_BOOT_KEY = 20; - public static final byte BOOT_VERIFIED_BOOT_HASH = 21; - public static final byte BOOT_VERIFIED_BOOT_STATE = 22; - public static final byte BOOT_DEVICE_LOCKED_STATUS = 23; - public static final byte BOOT_DEVICE_LOCKED_TIME = 24; - public static final byte AUTH_TAG_1 = 25; - public static final byte AUTH_TAG_2 = 26; - public static final byte AUTH_TAG_3 = 27; - public static final byte AUTH_TAG_4 = 28; - public static final byte AUTH_TAG_5 = 29; - public static final byte AUTH_TAG_6 = 30; - public static final byte AUTH_TAG_7 = 31; - public static final byte AUTH_TAG_8 = 32; + public static final byte CERT_ISSUER = 13; + public static final byte CERT_EXPIRY_TIME = 14; + public static final byte BOOT_OS_VERSION = 15; + public static final byte BOOT_OS_PATCH = 16; + public static final byte VENDOR_PATCH_LEVEL = 17; + public static final byte BOOT_PATCH_LEVEL = 18; + public static final byte BOOT_VERIFIED_BOOT_KEY = 19; + public static final byte BOOT_VERIFIED_BOOT_HASH = 20; + public static final byte BOOT_VERIFIED_BOOT_STATE = 21; + public static final byte BOOT_DEVICE_LOCKED_STATUS = 22; + public static final byte BOOT_DEVICE_LOCKED_TIME = 23; + public static final byte AUTH_TAG_1 = 24; + public static final byte AUTH_TAG_2 = 25; + public static final byte AUTH_TAG_3 = 26; + public static final byte AUTH_TAG_4 = 27; + public static final byte AUTH_TAG_5 = 28; + public static final byte AUTH_TAG_6 = 29; + public static final byte AUTH_TAG_7 = 30; + public static final byte AUTH_TAG_8 = 31; // Data Item sizes public static final short MASTER_KEY_SIZE = 16; @@ -567,13 +566,6 @@ public void setCertExpiryTime(byte[] buf, short start, short len) { writeDataEntry(CERT_EXPIRY_TIME, buf,start,len); } - public short getAuthKeyId() { - return readData(CERT_AUTH_KEY_ID); - } - - public void setAuthKeyId(byte[] buf, short start, short len) { - writeDataEntry(CERT_AUTH_KEY_ID,buf,start,len); - } private static final byte[] zero = {0,0,0,0,0,0,0,0}; public short getOsVersion(){ From e4b998cc0cd4d49e079e5f1be932c6e8dbb08b5a Mon Sep 17 00:00:00 2001 From: bvenkateswarlu Date: Thu, 21 Jan 2021 14:19:13 +0530 Subject: [PATCH 031/169] Fixed the issue with KMFunctionalTest --- .../src/com/android/javacard/keymaster/KMUtils.java | 2 +- .../src/com/android/javacard/keymaster/KMUtils.java | 2 +- .../com/android/javacard/test/KMFunctionalTest.java | 13 +++++-------- .../javacard/keymaster/KMKeymasterApplet.java | 2 -- 4 files changed, 7 insertions(+), 12 deletions(-) diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMUtils.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMUtils.java index 08309f86..2e0f8d99 100644 --- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMUtils.java +++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMUtils.java @@ -20,7 +20,7 @@ public class KMUtils { public static final byte[] fourYrsMsec = { 0, 0, 0, 0x1D, 0x63, (byte) 0xC3, 0x7F, 0x00 }; // 126227808000 msec public static final byte[] firstJan2020 = { - 0, 0, 0x01, 0x76, (byte) 0xBB, 0x3E, (byte) 0x70, 0x40 }; // 1609459200000 msec + 0, 0, 0x01, 0x6F, 0x5E, 0x66, (byte)0xE8, 0x00 }; // 1577836800000 msec public static final byte[] firstJan2051 = { 0, 0, 0x02, 0x53, 0x26, (byte) 0x0E, (byte) 0x1C, 0x00 }; // 2556144000000 // msec diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMUtils.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMUtils.java index 08309f86..4569fb15 100644 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMUtils.java +++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMUtils.java @@ -20,7 +20,7 @@ public class KMUtils { public static final byte[] fourYrsMsec = { 0, 0, 0, 0x1D, 0x63, (byte) 0xC3, 0x7F, 0x00 }; // 126227808000 msec public static final byte[] firstJan2020 = { - 0, 0, 0x01, 0x76, (byte) 0xBB, 0x3E, (byte) 0x70, 0x40 }; // 1609459200000 msec + 0, 0, 0x01, 0x6F, 0x5E, 0x66, (byte)0xE8, 0x00 }; // 1577836800000 msec public static final byte[] firstJan2051 = { 0, 0, 0x02, 0x53, 0x26, (byte) 0x0E, (byte) 0x1C, 0x00 }; // 2556144000000 // msec diff --git a/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java b/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java index fb248f2d..0e6408d2 100644 --- a/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java +++ b/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java @@ -59,7 +59,7 @@ public class KMFunctionalTest { private static final byte INS_PROVISION_ATTESTATION_CERT_CHAIN_CMD = INS_BEGIN_KM_CMD + 2; //0x02 private static final byte INS_PROVISION_ATTESTATION_CERT_PARAMS_CMD = INS_BEGIN_KM_CMD + 3; //0x03 private static final byte INS_PROVISION_ATTEST_IDS_CMD = INS_BEGIN_KM_CMD + 4; //0x04 - private static final byte INS_PROVISION_SHARED_SECRET_CMD = INS_BEGIN_KM_CMD + 5; //0x05 + private static final byte INS_PROVISION_PRESHARED_SECRET_CMD = INS_BEGIN_KM_CMD + 5; //0x05 private static final byte INS_SET_BOOT_PARAMS_CMD = INS_BEGIN_KM_CMD + 6; //0x06 private static final byte INS_LOCK_PROVISIONING_CMD = INS_BEGIN_KM_CMD + 7; //0x07 private static final byte INS_GET_PROVISION_STATUS_CMD = INS_BEGIN_KM_CMD + 8; //0x08 @@ -538,16 +538,13 @@ private void provisionSigningKey(CardSimulator simulator) { private void provisionCertificateParams(CardSimulator simulator) { - short arrPtr = KMArray.instance((short) 3); + short arrPtr = KMArray.instance((short) 2); short byteBlob1 = KMByteBlob.instance(X509Issuer, (short) 0, (short) X509Issuer.length); KMArray.cast(arrPtr).add((short) 0, byteBlob1); short byteBlob2 = KMByteBlob.instance(expiryTime, (short) 0, (short) expiryTime.length); KMArray.cast(arrPtr).add((short) 1, byteBlob2); - short byteBlob3 = KMByteBlob.instance(authKeyId, (short) 0, - (short) authKeyId.length); - KMArray.cast(arrPtr).add((short) 2, byteBlob3); CommandAPDU apdu = encodeApdu( (byte) INS_PROVISION_ATTESTATION_CERT_PARAMS_CMD, arrPtr); @@ -565,7 +562,7 @@ private void provisionSharedSecret(CardSimulator simulator) { (short) sharedKeySecret.length); KMArray.cast(arrPtr).add((short) 0, byteBlob); - CommandAPDU apdu = encodeApdu((byte) INS_PROVISION_SHARED_SECRET_CMD, + CommandAPDU apdu = encodeApdu((byte) INS_PROVISION_PRESHARED_SECRET_CMD, arrPtr); // print(commandAPDU.getBytes()); ResponseAPDU response = simulator.transmitCommand(apdu); @@ -1622,11 +1619,11 @@ public void testImportWrappedKey(){ byte[] nonce = new byte[12]; cryptoProvider.newRandomNumber(nonce,(short)0,(short)12); byte[] authData = "Auth Data".getBytes(); - byte[] authTag = new byte[12]; + byte[] authTag = new byte[16]; cryptoProvider.aesGCMEncrypt(transportKeyMaterial,(short)0,(short)32,wrappedKey, (short)0,(short)16,encWrappedKey,(short)0, nonce,(short)0, (short)12,authData,(short)0,(short)authData.length, - authTag, (short)0, (short)12); + authTag, (short)0, (short)16); byte[] maskingKey = {1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0}; byte[] maskedTransportKey = new byte[32]; for(int i=0; i< maskingKey.length;i++){ diff --git a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java index a1157f34..b9ae5ce4 100644 --- a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java +++ b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java @@ -461,11 +461,9 @@ && isProvisioningComplete())) { sendError(apdu, mapISOErrorToKMError(exp.getReason())); freeOperations(); } catch (CryptoException e) { - e.printStackTrace(); freeOperations(); sendError(apdu, mapCryptoErrorToKMError(e.getReason())); } catch (Exception e) { - e.printStackTrace(); freeOperations(); sendError(apdu, KMError.GENERIC_UNKNOWN_ERROR); } finally { From 0e995bbd51a66f1f77af870262eadc77051b39c1 Mon Sep 17 00:00:00 2001 From: BKSSM Venkateswarlu Date: Thu, 21 Jan 2021 14:23:56 +0530 Subject: [PATCH 032/169] Renamed SHARED_SECRET to PRESHARED_SECRET --- HAL/keymaster/4.1/Provision.cpp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/HAL/keymaster/4.1/Provision.cpp b/HAL/keymaster/4.1/Provision.cpp index 34b6420d..e90cd7ef 100644 --- a/HAL/keymaster/4.1/Provision.cpp +++ b/HAL/keymaster/4.1/Provision.cpp @@ -49,7 +49,7 @@ enum class Instruction { INS_PROVISION_CERT_CHAIN_CMD = INS_BEGIN_KM_CMD+2, INS_PROVISION_CERT_PARAMS_CMD = INS_BEGIN_KM_CMD+3, INS_PROVISION_ATTEST_IDS_CMD = INS_BEGIN_KM_CMD+4, - INS_PROVISION_SHARED_SECRET_CMD = INS_BEGIN_KM_CMD+5, + INS_PROVISION_PRESHARED_SECRET_CMD = INS_BEGIN_KM_CMD+5, INS_SET_BOOT_PARAMS_CMD = INS_BEGIN_KM_CMD+6, INS_LOCK_PROVISIONING_CMD = INS_BEGIN_KM_CMD+7, INS_GET_PROVISION_STATUS_CMD = INS_BEGIN_KM_CMD+8, @@ -61,7 +61,7 @@ enum ProvisionStatus { PROVISION_STATUS_ATTESTATION_CERT_CHAIN = 0x02, PROVISION_STATUS_ATTESTATION_CERT_PARAMS = 0x04, PROVISION_STATUS_ATTEST_IDS = 0x08, - PROVISION_STATUS_SHARED_SECRET = 0x10, + PROVISION_STATUS_PRESHARED_SECRET = 0x10, PROVISION_STATUS_BOOT_PARAM = 0x20, PROVISION_STATUS_PROVISIONING_LOCKED = 0x40, }; @@ -406,7 +406,7 @@ static ErrorCode provisionAttestationIDs(std::unique_ptr& transport) { ErrorCode errorCode = ErrorCode::OK; cppbor::Array array; - Instruction ins = Instruction::INS_PROVISION_SHARED_SECRET_CMD; + Instruction ins = Instruction::INS_PROVISION_PRESHARED_SECRET_CMD; std::vector response; std::vector masterKey(kFakeKeyAgreementKey, kFakeKeyAgreementKey + sizeof(kFakeKeyAgreementKey)/sizeof(kFakeKeyAgreementKey[0])); @@ -484,7 +484,7 @@ static bool isSEProvisioned(uint64_t status) { if(status != (ProvisionStatus::PROVISION_STATUS_ATTESTATION_KEY | ProvisionStatus::PROVISION_STATUS_ATTESTATION_CERT_CHAIN | ProvisionStatus::PROVISION_STATUS_ATTESTATION_CERT_PARAMS | ProvisionStatus::PROVISION_STATUS_ATTEST_IDS | - ProvisionStatus::PROVISION_STATUS_SHARED_SECRET | ProvisionStatus::PROVISION_STATUS_BOOT_PARAM + ProvisionStatus::PROVISION_STATUS_PRESHARED_SECRET | ProvisionStatus::PROVISION_STATUS_BOOT_PARAM |ProvisionStatus::PROVISION_STATUS_PROVISIONING_LOCKED)) { ret = false; } From 7698426a8e535f56e1bf468f181cc0d1c6f1cc27 Mon Sep 17 00:00:00 2001 From: BKSSM Venkateswarlu Date: Thu, 21 Jan 2021 17:18:47 +0530 Subject: [PATCH 033/169] Corrected the month milliseconds hex value --- .../src/com/android/javacard/keymaster/KMUtils.java | 2 +- .../src/com/android/javacard/keymaster/KMUtils.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMUtils.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMUtils.java index 2e0f8d99..d9d7e111 100644 --- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMUtils.java +++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMUtils.java @@ -15,7 +15,7 @@ public class KMUtils { public static final byte[] oneMonthMsec = { 0, 0, 0, 0, (byte) 0x9C,(byte) 0xBE, (byte) 0xBD, 0x50}; // 2629746000 msec public static final byte[] oneYearMsec = { - 0, 0, 0, 0x75, (byte) 0x8F, 0x0D, (byte) 0xFC, 0x00 }; // 31556952000 msec + 0, 0, 0, 0x07, 0x58, (byte) 0xF0, (byte) 0xDF, (byte) 0xC0 }; // 31556952000 msec // Leap year + 3 yrs public static final byte[] fourYrsMsec = { 0, 0, 0, 0x1D, 0x63, (byte) 0xC3, 0x7F, 0x00 }; // 126227808000 msec diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMUtils.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMUtils.java index 4569fb15..41bbe1ff 100644 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMUtils.java +++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMUtils.java @@ -15,7 +15,7 @@ public class KMUtils { public static final byte[] oneMonthMsec = { 0, 0, 0, 0, (byte) 0x9C,(byte) 0xBE, (byte) 0xBD, 0x50}; // 2629746000 msec public static final byte[] oneYearMsec = { - 0, 0, 0, 0x75, (byte) 0x8F, 0x0D, (byte) 0xFC, 0x00 }; // 31556952000 msec + 0, 0, 0, 0x07, 0x58, (byte) 0xF0, (byte) 0xDF, (byte) 0xC0 }; // 31556952000 msec // Leap year + 3 yrs public static final byte[] fourYrsMsec = { 0, 0, 0, 0x1D, 0x63, (byte) 0xC3, 0x7F, 0x00 }; // 126227808000 msec From 523c01bd4b0732b046a5731ec930cd3c2b2c0b03 Mon Sep 17 00:00:00 2001 From: BKSSM Venkateswarlu Date: Thu, 21 Jan 2021 17:25:31 +0530 Subject: [PATCH 034/169] Removed authenticationIdentifier from cert params --- HAL/keymaster/4.1/Provision.cpp | 26 -------------------------- 1 file changed, 26 deletions(-) diff --git a/HAL/keymaster/4.1/Provision.cpp b/HAL/keymaster/4.1/Provision.cpp index e90cd7ef..6249e34d 100644 --- a/HAL/keymaster/4.1/Provision.cpp +++ b/HAL/keymaster/4.1/Provision.cpp @@ -125,28 +125,6 @@ static inline void getDerSubjectName(X509* x509, std::vector& subject) subject.insert(subject.begin(), subjectDer, subjectDer+len); } -static inline void getAuthorityKeyIdentifier(X509* x509, std::vector& authKeyId) { - long xlen; - int tag, xclass; - - int loc = X509_get_ext_by_NID(x509, NID_authority_key_identifier, -1); - X509_EXTENSION *ext = X509_get_ext(x509, loc); - if(ext == NULL) { - LOG(ERROR) << " Failed to read authority key identifier."; - return; - } - - ASN1_OCTET_STRING *asn1AuthKeyId = X509_EXTENSION_get_data(ext); - const uint8_t *strAuthKeyId = ASN1_STRING_get0_data(asn1AuthKeyId); - int strAuthKeyIdLen = ASN1_STRING_length(asn1AuthKeyId); - int ret = ASN1_get_object(&strAuthKeyId, &xlen, &tag, &xclass, strAuthKeyIdLen); - if (ret == 0x80 || strAuthKeyId == NULL) { - LOG(ERROR) << "Failed to get the auth key identifier from ASN1 sequence."; - return; - } - authKeyId.insert(authKeyId.begin(), strAuthKeyId, strAuthKeyId + xlen); -} - static inline void getNotAfter(X509* x509, std::vector& notAfterDate) { const ASN1_TIME* notAfter = X509_get0_notAfter(x509); if(notAfter == NULL) { @@ -334,7 +312,6 @@ static ErrorCode provisionAttestationCertificateParams(std::unique_ptr response; X509 *x509 = NULL; std::vector subject; - std::vector authorityKeyIdentifier; std::vector notAfter; /* Subject, AuthorityKeyIdentifier and Expirty time of the root certificate are required by javacard. */ @@ -345,8 +322,6 @@ static ErrorCode provisionAttestationCertificateParams(std::unique_ptr cborData = array.encode(); if(ErrorCode::OK != (errorCode = sendProvisionData(transport, ins, cborData, response))) { From 59e886fcb5db9a5c2d87cc20e084b9cd3baa4910 Mon Sep 17 00:00:00 2001 From: bvenkateswarlu Date: Thu, 21 Jan 2021 20:37:58 +0530 Subject: [PATCH 035/169] Fixed the issue with keyblob decryption with AndroidSEProvider --- .../com/android/javacard/keymaster/KMAndroidSEProvider.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java index b2833e8b..4b0994f4 100644 --- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java +++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java @@ -643,8 +643,8 @@ public boolean aesGCMDecrypt(byte[] aesKey, short aesKeyStart, // encrypt the secret aesGcmCipher.doFinal(encSecret, encSecretStart, encSecretLen, secret, secretStart); - verification = aesGcmCipher.verifyTag(authTag, authTagStart, (short) 12, - (short) 12); + verification = aesGcmCipher.verifyTag(authTag, authTagStart, (short) authTagLen, + (short) AES_GCM_TAG_LENGTH); return verification; } From 584884f0b259dd5a62a3f261f9ad2b9f992c6d99 Mon Sep 17 00:00:00 2001 From: bvenkateswarlu Date: Fri, 22 Jan 2021 16:34:29 +0530 Subject: [PATCH 036/169] Remove MAX_USES_PER_BOOT related code as it is not supported by strongbox --- .../javacard/keymaster/KMKeyParameters.java | 4 +- .../javacard/keymaster/KMKeymasterApplet.java | 59 +------- .../javacard/keymaster/KMRepository.java | 137 +----------------- 3 files changed, 7 insertions(+), 193 deletions(-) diff --git a/Applet/src/com/android/javacard/keymaster/KMKeyParameters.java b/Applet/src/com/android/javacard/keymaster/KMKeyParameters.java index 8c8475ac..f08ee388 100644 --- a/Applet/src/com/android/javacard/keymaster/KMKeyParameters.java +++ b/Applet/src/com/android/javacard/keymaster/KMKeyParameters.java @@ -108,6 +108,7 @@ public static boolean hasUnsupportedTags(short keyParamsPtr) { KMType.BOOL_TAG, KMType.TRUSTED_USER_PRESENCE_REQUIRED, KMType.BOOL_TAG, KMType.ALLOW_WHILE_ON_BODY, KMType.UINT_TAG, KMType.MIN_SEC_BETWEEN_OPS, + KMType.UINT_TAG, KMType.MAX_USES_PER_BOOT }; byte index = 0; short tagInd; @@ -148,15 +149,12 @@ public static short makeHwEnforced(short keyParamsPtr, byte origin, KMType.ENUM_ARRAY_TAG, KMType.DIGEST, KMType.ENUM_ARRAY_TAG, KMType.PADDING, KMType.ENUM_ARRAY_TAG, KMType.BLOCK_MODE, - KMType.UINT_TAG, KMType.MIN_SEC_BETWEEN_OPS, - KMType.UINT_TAG, KMType.MAX_USES_PER_BOOT, KMType.ULONG_ARRAY_TAG, KMType.USER_SECURE_ID, KMType.BOOL_TAG, KMType.NO_AUTH_REQUIRED, KMType.UINT_TAG, KMType.AUTH_TIMEOUT, KMType.BOOL_TAG, KMType.CALLER_NONCE, KMType.UINT_TAG, KMType.MIN_MAC_LENGTH, KMType.ENUM_TAG, KMType.ECCURVE, - KMType.BOOL_TAG, KMType.TRUSTED_CONFIRMATION_REQUIRED, KMType.BOOL_TAG, KMType.INCLUDE_UNIQUE_ID, KMType.BOOL_TAG, KMType.ROLLBACK_RESISTANCE, KMType.ENUM_TAG, KMType.USER_AUTH_TYPE, diff --git a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java index b9ae5ce4..467fe81a 100644 --- a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java +++ b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java @@ -901,7 +901,6 @@ private void processGetHmacSharingParamCmd(APDU apdu) { private void processDeleteAllKeysCmd(APDU apdu) { // No arguments - repository.removeAllAuthTags(); // Send ok sendError(apdu, KMError.OK); } @@ -943,12 +942,6 @@ private void processDeleteKeyCmd(APDU apdu) { if (tmpVariables[0] < 4) { KMException.throwIt(KMError.INVALID_KEY_BLOB); } - // Validate Auth Tag - data[AUTH_TAG] = KMArray.cast(data[KEY_BLOB]).get(KEY_BLOB_AUTH_TAG); - if (repository.validateAuthTag(data[AUTH_TAG])) { - // delete the auth tag - repository.removeAuthTag(data[AUTH_TAG]); - } // Send ok sendError(apdu, KMError.OK); } @@ -1156,19 +1149,11 @@ private void processUpgradeKeyCmd(APDU apdu) { } } - boolean blobPersisted = false; if (tmpVariables[5] != KMError.INVALID_ARGUMENT) { - if (repository.validateAuthTag(data[AUTH_TAG])) { - repository.removeAuthTag(data[AUTH_TAG]); - blobPersisted = true; - } // copy origin data[ORIGIN] = KMEnumTag.getValue(KMType.ORIGIN, data[HW_PARAMETERS]); // create new key blob with current os version etc. createEncryptedKeyBlob(scratchPad); - if (blobPersisted) { - repository.persistAuthTag(data[AUTH_TAG]); - } } else { data[KEY_BLOB] = KMByteBlob.instance((short) 0); } @@ -2452,7 +2437,6 @@ private void authorizeAndBeginOperation(KMOperationState op, byte[] scratchPad) authorizeDigest(op); authorizePadding(op); authorizeBlockModeAndMacLength(op); - authorizeKeyUsageForCount(); if (!validateHwToken(data[HW_TOKEN], scratchPad)) { data[HW_TOKEN] = KMType.INVALID_VALUE; } @@ -2798,25 +2782,6 @@ private boolean validateHwToken(short hwToken, byte[] scratchPad) { KMByteBlob.cast(ptr).length()); } - private void authorizeKeyUsageForCount() { - // TODO currently only short usageLimit supported - max count 32K. - short usageLimit = - KMIntegerTag.getShortValue(KMType.UINT_TAG, KMType.MAX_USES_PER_BOOT, data[HW_PARAMETERS]); - if (usageLimit == KMType.INVALID_VALUE) return; - // get current counter - short usage = repository.getRateLimitedKeyCount(data[AUTH_TAG]); - if (usage != KMType.INVALID_VALUE) { - if (usage < usageLimit) { - KMException.throwIt(KMError.KEY_MAX_OPS_EXCEEDED); - } - // increment the counter and store it back. - usage++; - repository.setRateLimitedKeyCount(data[AUTH_TAG], usage); - } else { - KMException.throwIt(KMError.UNKNOWN_ERROR); - } - } - private void processImportKeyCmd(APDU apdu) { // Receive the incoming request fully from the master into buffer. receiveIncoming(apdu); @@ -2863,6 +2828,11 @@ private void importKey(APDU apdu, byte[] scratchPad) { if (tmpVariables[3] == KMType.INVALID_VALUE) { KMException.throwIt(KMError.INVALID_ARGUMENT); } + + //Check if the tags are supported. + if(KMKeyParameters.hasUnsupportedTags(data[KEY_PARAMETERS])) { + KMException.throwIt(KMError.UNSUPPORTED_TAG); + } // Check algorithm and dispatch to appropriate handler. switch (tmpVariables[3]) { case KMType.RSA: @@ -2886,15 +2856,6 @@ private void importKey(APDU apdu, byte[] scratchPad) { } // create key blob createEncryptedKeyBlob(scratchPad); - tmpVariables[0] = - KMIntegerTag.getShortValue(KMType.UINT_TAG, KMType.MAX_USES_PER_BOOT, data[KEY_PARAMETERS]); - if (tmpVariables[0] != KMType.INVALID_VALUE) { - // before generating key, check whether max count reached - if (repository.getKeyBlobCount() > KMRepository.MAX_BLOB_STORAGE) { - KMException.throwIt(KMError.UNKNOWN_ERROR); - } - repository.persistAuthTag(data[AUTH_TAG]); - } // prepare the response tmpVariables[0] = KMArray.instance((short) 3); @@ -3407,16 +3368,6 @@ private static void processGenerateKey(APDU apdu) { data[ORIGIN] = KMType.GENERATED; createEncryptedKeyBlob(scratchPad); - tmpVariables[0] = - KMIntegerTag.getShortValue(KMType.UINT_TAG, KMType.MAX_USES_PER_BOOT, data[KEY_PARAMETERS]); - if (tmpVariables[0] != KMType.INVALID_VALUE) { - // before generating key, check whether max count reached - if (repository.getKeyBlobCount() > KMRepository.MAX_BLOB_STORAGE) { - KMException.throwIt(KMError.UNKNOWN_ERROR); - } - repository.persistAuthTag(data[AUTH_TAG]); - } - // prepare the response tmpVariables[0] = KMArray.instance((short) 3); KMArray.cast(tmpVariables[0]).add((short) 0, KMInteger.uint_16(KMError.OK)); diff --git a/Applet/src/com/android/javacard/keymaster/KMRepository.java b/Applet/src/com/android/javacard/keymaster/KMRepository.java index 4bcdf28b..2b95697a 100644 --- a/Applet/src/com/android/javacard/keymaster/KMRepository.java +++ b/Applet/src/com/android/javacard/keymaster/KMRepository.java @@ -29,7 +29,7 @@ */ public class KMRepository implements KMUpgradable { // Data table configuration - public static final short DATA_INDEX_SIZE = 32; + public static final short DATA_INDEX_SIZE = 24; public static final short DATA_INDEX_ENTRY_SIZE = 4; public static final short DATA_MEM_SIZE = 2048; public static final short HEAP_SIZE = 10000; @@ -61,14 +61,6 @@ public class KMRepository implements KMUpgradable { public static final byte BOOT_VERIFIED_BOOT_STATE = 21; public static final byte BOOT_DEVICE_LOCKED_STATUS = 22; public static final byte BOOT_DEVICE_LOCKED_TIME = 23; - public static final byte AUTH_TAG_1 = 24; - public static final byte AUTH_TAG_2 = 25; - public static final byte AUTH_TAG_3 = 26; - public static final byte AUTH_TAG_4 = 27; - public static final byte AUTH_TAG_5 = 28; - public static final byte AUTH_TAG_6 = 29; - public static final byte AUTH_TAG_7 = 30; - public static final byte AUTH_TAG_8 = 31; // Data Item sizes public static final short MASTER_KEY_SIZE = 16; @@ -82,9 +74,6 @@ public class KMRepository implements KMUpgradable { public static final short DEVICE_LOCK_TS_SIZE = 8; public static final short DEVICE_LOCK_FLAG_SIZE = 1; public static final short BOOT_STATE_SIZE = 1; - public static final short MAX_BLOB_STORAGE = 8; - public static final short AUTH_TAG_LENGTH = 16; - public static final short AUTH_TAG_ENTRY_SIZE = 15; public static final short MAX_OPS = 4; public static final byte BOOT_KEY_MAX_SIZE = 32; public static final byte BOOT_HASH_MAX_SIZE = 32; @@ -398,120 +387,6 @@ public short getComputedHmacKey() { return readData(COMPUTED_HMAC_KEY); } - private byte readAuthTagState(byte[] buf, short offset) { - return buf[offset]; - } - - private void writeAuthTagState(byte[] buf, short offset, byte state) { - buf[offset] = state; - } - - public void persistAuthTag(short authTag) { - if (KMByteBlob.cast(authTag).length() != AUTH_TAG_LENGTH) - KMException.throwIt(KMError.INVALID_INPUT_LENGTH); - short authTagEntry = alloc(AUTH_TAG_ENTRY_SIZE); - short offset = alloc(AUTH_TAG_ENTRY_SIZE); - writeAuthTagState( - KMByteBlob.cast(authTagEntry).getBuffer(), - KMByteBlob.cast(authTagEntry).getStartOff(), - (byte) 1); - Util.arrayCopyNonAtomic( - KMByteBlob.cast(authTag).getBuffer(), - KMByteBlob.cast(authTag).getStartOff(), - getHeap(), authTagEntry, AUTH_TAG_LENGTH); - Util.setShort(getHeap(), (short) (authTagEntry + AUTH_TAG_LENGTH +1), - (short) 0); - short index = 0; - while (index < MAX_BLOB_STORAGE) { - if (dataLength((short) (index + AUTH_TAG_1)) != 0) { - readDataEntry((short) (index + AUTH_TAG_1), getHeap(), offset); - if (0 == readAuthTagState(getHeap(), offset)) { - writeDataEntry((short) (index + AUTH_TAG_1), - KMByteBlob.cast(authTagEntry).getBuffer(), - KMByteBlob.cast(authTagEntry).getStartOff(), - AUTH_TAG_ENTRY_SIZE); - break; - } - } else { - writeDataEntry((short) (index + AUTH_TAG_1), - KMByteBlob.cast(authTagEntry).getBuffer(), - KMByteBlob.cast(authTagEntry).getStartOff(), - AUTH_TAG_ENTRY_SIZE); - break; - } - index++; - } - } - - public boolean validateAuthTag(short authTag) { - short tag = findTag(authTag); - return tag !=KMType.INVALID_VALUE; - } - - public void removeAuthTag(short authTag) { - short tag = findTag(authTag); - if(tag ==KMType.INVALID_VALUE) KMException.throwIt(KMError.UNKNOWN_ERROR); - clearDataEntry(tag); - } - - public void removeAllAuthTags() { - short index = 0; - while (index < MAX_BLOB_STORAGE) { - clearDataEntry((short)(index+AUTH_TAG_1)); - index++; - } - } - - private short findTag(short authTag) { - if(KMByteBlob.cast(authTag).length() != AUTH_TAG_LENGTH)KMException.throwIt(KMError.INVALID_INPUT_LENGTH); - short index = 0; - short found; - short offset = alloc(AUTH_TAG_ENTRY_SIZE); - while (index < MAX_BLOB_STORAGE) { - if (dataLength((short)(index+AUTH_TAG_1)) != 0) { - readDataEntry((short)(index+AUTH_TAG_1), - getHeap(), offset); - found = - Util.arrayCompare( - getHeap(), - (short)(offset+1), - KMByteBlob.cast(authTag).getBuffer(), - KMByteBlob.cast(authTag).getStartOff(), - AUTH_TAG_LENGTH); - if(found == 0)return (short)(index+AUTH_TAG_1); - } - index++; - } - return KMType.INVALID_VALUE; - } - - public short getRateLimitedKeyCount(short authTag) { - short tag = findTag(authTag); - short blob; - if (tag != KMType.INVALID_VALUE) { - blob = readData(tag); - return Util.getShort(KMByteBlob.cast(blob).getBuffer(), - (short)(KMByteBlob.cast(blob).getStartOff()+AUTH_TAG_LENGTH+1)); - } - return KMType.INVALID_VALUE; - } - - public void setRateLimitedKeyCount(short authTag, short val) { - short tag = findTag(authTag); - if (tag != KMType.INVALID_VALUE) { - short dataPtr = readData(tag); - Util.setShort( - KMByteBlob.cast(dataPtr).getBuffer(), - (short)(KMByteBlob.cast(dataPtr).getStartOff()+AUTH_TAG_LENGTH+1), - val); - writeDataEntry(tag, - KMByteBlob.cast(dataPtr).getBuffer(), - KMByteBlob.cast(dataPtr).getStartOff(), - KMByteBlob.cast(dataPtr).length()); - } - } - - public void persistAttestationKey(short secret) { writeDataEntry(ATT_EC_KEY, KMByteBlob.cast(secret).getBuffer(), @@ -703,16 +578,6 @@ public void setBootState(byte state){ writeDataEntry(BOOT_VERIFIED_BOOT_STATE,getHeap(),start,BOOT_STATE_SIZE); } - public short getKeyBlobCount(){ - byte index = 0; - byte count = 0; - while(index < MAX_BLOB_STORAGE){ - if(dataLength((short)(index+AUTH_TAG_1)) != 0) count++; - index++; - } - return count; - } - @Override public void onSave(Element ele) { ele.write(dataIndex); From f033908f392ab31dd804a3bbc08b06126ebc37b9 Mon Sep 17 00:00:00 2001 From: bvenkateswarlu Date: Sat, 23 Jan 2021 00:34:50 +0530 Subject: [PATCH 037/169] generate random number for operation handle --- .../javacard/test/KMFunctionalTest.java | 20 ++- .../javacard/keymaster/KMKeymasterApplet.java | 30 +++-- .../javacard/keymaster/KMOperationState.java | 11 +- .../javacard/keymaster/KMRepository.java | 127 ++++++++++++------ 4 files changed, 126 insertions(+), 62 deletions(-) diff --git a/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java b/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java index 0e6408d2..74892031 100644 --- a/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java +++ b/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java @@ -2241,10 +2241,13 @@ public void testAbortOperation(){ byte[] plainData= "Hello World 123!".getBytes(); short ret = begin(KMType.ENCRYPT, KMByteBlob.instance(keyBlob,(short)0, (short)keyBlob.length), KMKeyParameters.instance(inParams), (short)0); short opHandle = KMArray.cast(ret).get((short) 2); - opHandle = KMInteger.cast(opHandle).getShort(); - abort(KMInteger.uint_16(opHandle)); + byte[] opHandleBuf = new byte[KMRepository.OPERATION_HANDLE_SIZE]; + KMInteger.cast(opHandle).getValue(opHandleBuf, (short) 0, (short) opHandleBuf.length); + opHandle = KMInteger.uint_64(opHandleBuf, (short) 0); + abort(opHandle); short dataPtr = KMByteBlob.instance(plainData, (short) 0, (short) plainData.length); - ret = update(KMInteger.uint_16(opHandle), dataPtr, (short) 0, (short) 0, (short) 0); + opHandle = KMInteger.uint_64(opHandleBuf, (short) 0); + ret = update(opHandle, dataPtr, (short) 0, (short) 0, (short) 0); Assert.assertEquals(KMError.INVALID_OPERATION_HANDLE,ret); cleanUp(); } @@ -2513,7 +2516,8 @@ public short processMessage( boolean aesGcmFlag) { short beginResp = begin(keyPurpose, keyBlob, inParams, hwToken); short opHandle = KMArray.cast(beginResp).get((short) 2); - opHandle = KMInteger.cast(opHandle).getShort(); + byte[] opHandleBuf = new byte[KMRepository.OPERATION_HANDLE_SIZE]; + KMInteger.cast(opHandle).getValue(opHandleBuf, (short) 0, (short) opHandleBuf.length); short dataPtr = KMByteBlob.instance(data, (short) 0, (short) data.length); short ret = KMType.INVALID_VALUE; byte[] outputData = new byte[128]; @@ -2537,7 +2541,8 @@ public short processMessage( KMArray.cast(inParams).add((short)0, associatedData); inParams = KMKeyParameters.instance(inParams); } - ret = update(KMInteger.uint_16(opHandle), dataPtr, inParams, (short) 0, (short) 0); + opHandle = KMInteger.uint_64(opHandleBuf, (short) 0); + ret = update(opHandle, dataPtr, inParams, (short) 0, (short) 0); dataPtr = KMArray.cast(ret).get((short) 3); if (KMByteBlob.cast(dataPtr).length() > 0) { Util.arrayCopyNonAtomic( @@ -2553,10 +2558,11 @@ public short processMessage( } } + opHandle = KMInteger.uint_64(opHandleBuf, (short) 0); if (keyPurpose == KMType.VERIFY) { - ret = finish(KMInteger.uint_16(opHandle), dataPtr, signature, (short) 0, (short) 0, (short) 0); + ret = finish(opHandle, dataPtr, signature, (short) 0, (short) 0, (short) 0); } else { - ret = finish(KMInteger.uint_16(opHandle), dataPtr, null, (short) 0, (short) 0, (short) 0); + ret = finish(opHandle, dataPtr, null, (short) 0, (short) 0, (short) 0); } if(len >0){ dataPtr = KMArray.cast(ret).get((short)2); diff --git a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java index 467fe81a..a85a7243 100644 --- a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java +++ b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java @@ -472,6 +472,12 @@ && isProvisioningComplete())) { } } + private void generateUniqueOperationHandle(byte[] buf, short offset, short len) { + do { + seProvider.newRandomNumber(buf, offset, len); + } while (null != repository.findOperation(buf, offset, len)); + } + private boolean isProvisioningComplete() { if((0 != (provisionStatus & PROVISION_STATUS_ATTESTATION_KEY)) && (0 != (provisionStatus & PROVISION_STATUS_ATTESTATION_CERT_CHAIN)) @@ -486,7 +492,7 @@ private boolean isProvisioningComplete() { private void freeOperations() { if (data[OP_HANDLE] != KMType.INVALID_VALUE) { - KMOperationState op = repository.findOperation(KMInteger.cast(data[OP_HANDLE]).getShort()); + KMOperationState op = repository.findOperation(data[OP_HANDLE]); if (op != null) { repository.releaseOperation(op); } @@ -1557,8 +1563,7 @@ private void processAbortOperationCmd(APDU apdu) { repository.reclaimMemory(bufferLength); data[OP_HANDLE] = KMArray.cast(tmpVariables[2]).get((short) 0); - tmpVariables[1] = KMInteger.cast(data[OP_HANDLE]).getShort(); - KMOperationState op = repository.findOperation(tmpVariables[1]); + KMOperationState op = repository.findOperation(data[OP_HANDLE]); if (op == null) { KMException.throwIt(KMError.INVALID_OPERATION_HANDLE); } @@ -1592,8 +1597,7 @@ private void processFinishOperationCmd(APDU apdu) { data[HW_TOKEN] = KMArray.cast(tmpVariables[2]).get((short) 4); data[VERIFICATION_TOKEN] = KMArray.cast(tmpVariables[2]).get((short) 5); // Check Operation Handle - tmpVariables[1] = KMInteger.cast(data[OP_HANDLE]).getShort(); - KMOperationState op = repository.findOperation(tmpVariables[1]); + KMOperationState op = repository.findOperation(data[OP_HANDLE]); if (op == null) { KMException.throwIt(KMError.INVALID_OPERATION_HANDLE); } @@ -2064,8 +2068,7 @@ private void processUpdateOperationCmd(APDU apdu) { } // Check Operation Handle and get op state // Check Operation Handle - tmpVariables[1] = KMInteger.cast(data[OP_HANDLE]).getShort(); - KMOperationState op = repository.findOperation(tmpVariables[1]); + KMOperationState op = repository.findOperation(data[OP_HANDLE]); if (op == null) KMException.throwIt(KMError.INVALID_OPERATION_HANDLE); // authorize the update operation authorizeUpdateFinishOperation(op, scratchPad); @@ -2203,7 +2206,18 @@ private void processBeginOperationCmd(APDU apdu) { tmpVariables[0] = KMArray.cast(args).get((short) 0); tmpVariables[0] = KMEnum.cast(tmpVariables[0]).getVal(); data[HW_TOKEN] = KMArray.cast(args).get((short) 3); - KMOperationState op = repository.reserveOperation(); + /*Generate a random number for operation handle */ + short buf = KMByteBlob.instance(KMRepository.OPERATION_HANDLE_SIZE); + generateUniqueOperationHandle( + KMByteBlob.cast(buf).getBuffer(), + KMByteBlob.cast(buf).getStartOff(), + KMByteBlob.cast(buf).length()); + /* opHandle is a KMInteger and is encoded as KMInteger when it is returned back. */ + short opHandle = KMInteger.instance( + KMByteBlob.cast(buf).getBuffer(), + KMByteBlob.cast(buf).getStartOff(), + KMByteBlob.cast(buf).length()); + KMOperationState op = repository.reserveOperation(opHandle); if (op == null) KMException.throwIt(KMError.TOO_MANY_OPERATIONS); data[OP_HANDLE] = op.getHandle(); diff --git a/Applet/src/com/android/javacard/keymaster/KMOperationState.java b/Applet/src/com/android/javacard/keymaster/KMOperationState.java index 347c9920..6ea96941 100644 --- a/Applet/src/com/android/javacard/keymaster/KMOperationState.java +++ b/Applet/src/com/android/javacard/keymaster/KMOperationState.java @@ -68,20 +68,21 @@ private static KMOperationState proto() { return prototype; } - public static KMOperationState instance(short opId, Object[] slot) { + public static KMOperationState instance(short opHandle, Object[] slot) { KMOperationState opState = proto(); opState.reset(); - Util.setShort(data, OP_HANDLE, opId); + Util.setShort(data, OP_HANDLE, opHandle); KMOperationState.slot = slot; return opState; } - public static KMOperationState read(Object[] slot) { + public static KMOperationState read(byte[] oprHandle, short off, Object[] slot) { KMOperationState opState = proto(); opState.reset(); Util.arrayCopy((byte[]) slot[DATA], (short) 0, data, (short) 0, (short) data.length); Object[] ops = ((Object[]) slot[REFS]); op = (KMOperation) ops[OPERATION]; + Util.setShort(data, OP_HANDLE, KMInteger.uint_64(oprHandle, off)); KMOperationState.slot = slot; return opState; } @@ -123,10 +124,6 @@ public void release() { } public short getHandle() { - return KMInteger.uint_16(Util.getShort(KMOperationState.data, OP_HANDLE)); - } - - public short handle() { return Util.getShort(KMOperationState.data, OP_HANDLE); } diff --git a/Applet/src/com/android/javacard/keymaster/KMRepository.java b/Applet/src/com/android/javacard/keymaster/KMRepository.java index 2b95697a..4c30a613 100644 --- a/Applet/src/com/android/javacard/keymaster/KMRepository.java +++ b/Applet/src/com/android/javacard/keymaster/KMRepository.java @@ -35,6 +35,11 @@ public class KMRepository implements KMUpgradable { public static final short HEAP_SIZE = 10000; public static final short DATA_INDEX_ENTRY_LENGTH = 0; public static final short DATA_INDEX_ENTRY_OFFSET = 2; + public static final short OPERATION_HANDLE_SIZE = 8; /* 8 bytes */ + private static final short OPERATION_HANDLE_STATUS_OFFSET = 0; + private static final short OPERATION_HANDLE_STATUS_SIZE = 1; + private static final short OPERATION_HANDLE_OFFSET = 1; + private static final short OPERATION_HANDLE_ENTRY_SIZE = OPERATION_HANDLE_SIZE + OPERATION_HANDLE_STATUS_SIZE; // Data table offsets public static final byte MASTER_KEY = 8; @@ -80,7 +85,6 @@ public class KMRepository implements KMUpgradable { // Class Attributes private Object[] operationStateTable; - private static short opIdCounter; private byte[] heap; private short heapIndex; private byte[] dataTable; @@ -101,9 +105,11 @@ public KMRepository(boolean isUpgrading) { reclaimIndex = HEAP_SIZE; operationStateTable = new Object[MAX_OPS]; // create and initialize operation state table. + //First byte in the operation handle buffer denotes whether the operation is + //reserved or unreserved. byte index = 0; while(index < MAX_OPS){ - operationStateTable[index] = new Object[]{new byte[2], + operationStateTable[index] = new Object[]{new byte[OPERATION_HANDLE_ENTRY_SIZE], new Object[] {new byte[KMOperationState.MAX_DATA], new Object[KMOperationState.MAX_REFS]}}; index++; @@ -111,24 +117,51 @@ public KMRepository(boolean isUpgrading) { repository = this; } - public KMOperationState findOperation(short opHandle) { + public void getOperationHandle(short oprHandle, byte[] buf, short off, short len) { + if (KMInteger.cast(oprHandle).length() != OPERATION_HANDLE_SIZE) { + KMException.throwIt(KMError.INVALID_OPERATION_HANDLE); + } + KMInteger.cast(oprHandle).getValue(buf, off, len); + } + + public KMOperationState findOperation(byte[] buf, short off, short len) { short index = 0; byte[] opId; - while(index < MAX_OPS){ - opId = ((byte[])((Object[])operationStateTable[index])[0]); - if(Util.getShort(opId,(short)0) == opHandle)return KMOperationState.read((Object[])((Object[])operationStateTable[index])[1]); + while (index < MAX_OPS) { + opId = ((byte[]) ((Object[]) operationStateTable[index])[0]); + if (0 == Util.arrayCompare(buf, off, opId, OPERATION_HANDLE_OFFSET, len)) { + return KMOperationState + .read(opId, OPERATION_HANDLE_OFFSET, (Object[]) ((Object[]) operationStateTable[index])[1]); + } index++; } + return null; } - public KMOperationState reserveOperation(){ + /* operationHandle is a KMInteger */ + public KMOperationState findOperation(short operationHandle) { + short buf = KMByteBlob.instance(OPERATION_HANDLE_SIZE); + getOperationHandle( + operationHandle, + KMByteBlob.cast(buf).getBuffer(), + KMByteBlob.cast(buf).getStartOff(), + KMByteBlob.cast(buf).length()); + return findOperation( + KMByteBlob.cast(buf).getBuffer(), + KMByteBlob.cast(buf).getStartOff(), + KMByteBlob.cast(buf).length()); + } + + /* opHandle is a KMInteger */ + public KMOperationState reserveOperation(short opHandle){ short index = 0; byte[] opId; while(index < MAX_OPS){ opId = (byte[])((Object[])operationStateTable[index])[0]; - if(Util.getShort(opId,(short)0) == 0){ - return KMOperationState.instance(/*Util.getShort(opId,(short)0)*/getOpId(),(Object[])((Object[])operationStateTable[index])[1]); + /* Check for unreserved operation state */ + if (opId[OPERATION_HANDLE_STATUS_OFFSET] == 0) { + return KMOperationState.instance(opHandle, (Object[])((Object[])operationStateTable[index])[1]); } index++; } @@ -139,29 +172,48 @@ public KMOperationState reserveOperation(){ public void persistOperation(byte[] data, short opHandle, KMOperation op) { short index = 0; byte[] opId; + short buf = KMByteBlob.instance(OPERATION_HANDLE_SIZE); + getOperationHandle( + opHandle, + KMByteBlob.cast(buf).getBuffer(), + KMByteBlob.cast(buf).getStartOff(), + KMByteBlob.cast(buf).length()); //Update an existing operation state. - while(index < MAX_OPS){ - opId = (byte[])((Object[])operationStateTable[index])[0]; - if(Util.getShort(opId,(short)0) == opHandle){ - Object[] slot = (Object[])((Object[])operationStateTable[index])[1]; - JCSystem.beginTransaction(); - Util.arrayCopy(data, (short) 0, (byte[]) slot[0], (short) 0, (short) ((byte[]) slot[0]).length); + while (index < MAX_OPS) { + opId = (byte[]) ((Object[]) operationStateTable[index])[0]; + if ((1 == opId[OPERATION_HANDLE_STATUS_OFFSET]) + && (0 == Util.arrayCompare( + opId, + OPERATION_HANDLE_OFFSET, + KMByteBlob.cast(buf).getBuffer(), + KMByteBlob.cast(buf).getStartOff(), + KMByteBlob.cast(buf).length()))) { + Object[] slot = (Object[]) ((Object[]) operationStateTable[index])[1]; + JCSystem.beginTransaction(); + Util.arrayCopy(data, (short) 0, (byte[]) slot[0], (short) 0, + (short) ((byte[]) slot[0]).length); Object[] ops = ((Object[]) slot[1]); ops[0] = op; JCSystem.commitTransaction(); return; - } - index++; + } + index++; } index = 0; //Persist a new operation. while(index < MAX_OPS){ opId = (byte[])((Object[])operationStateTable[index])[0]; - if(Util.getShort(opId,(short)0) == 0){ - Util.setShort(opId, (short)0, opHandle); + if(0 == opId[OPERATION_HANDLE_STATUS_OFFSET]){ Object[] slot = (Object[])((Object[])operationStateTable[index])[1]; JCSystem.beginTransaction(); + opId[OPERATION_HANDLE_STATUS_OFFSET] = 1;/*reserved */ + Util.arrayCopy( + KMByteBlob.cast(buf).getBuffer(), + KMByteBlob.cast(buf).getStartOff(), + opId, + OPERATION_HANDLE_OFFSET, + OPERATION_HANDLE_SIZE); Util.arrayCopy(data, (short) 0, (byte[]) slot[0], (short) 0, (short) ((byte[]) slot[0]).length); Object[] ops = ((Object[]) slot[1]); ops[0] = op; @@ -172,28 +224,24 @@ public void persistOperation(byte[] data, short opHandle, KMOperation op) { } } - private short getOpId() { - byte index = 0; - opIdCounter++; - while (index < MAX_OPS) { - if (Util.getShort((byte[]) ((Object[]) operationStateTable[index])[0], (short) 0) - == opIdCounter) { - opIdCounter++; - index = 0; - continue; - } - index++; - } - return opIdCounter; - } - - public void releaseOperation(KMOperationState op){ + public void releaseOperation(KMOperationState op) { short index = 0; byte[] var; - while(index < MAX_OPS){ - var = ((byte[])((Object[])operationStateTable[index])[0]); - if(Util.getShort(var,(short)0) == op.handle()){ - Util.arrayFillNonAtomic(var,(short)0,(short)var.length,(byte)0); + short buf = KMByteBlob.instance(OPERATION_HANDLE_SIZE); + getOperationHandle( + op.getHandle(), + KMByteBlob.cast(buf).getBuffer(), + KMByteBlob.cast(buf).getStartOff(), + KMByteBlob.cast(buf).length()); + while (index < MAX_OPS) { + var = ((byte[]) ((Object[]) operationStateTable[index])[0]); + if ((var[OPERATION_HANDLE_STATUS_OFFSET] == 1) && + (0 == Util.arrayCompare(var, + OPERATION_HANDLE_OFFSET, + KMByteBlob.cast(buf).getBuffer(), + KMByteBlob.cast(buf).getStartOff(), + KMByteBlob.cast(buf).length()))) { + Util.arrayFillNonAtomic(var, (short) 0, (short) var.length, (byte) 0); op.release(); break; } @@ -211,7 +259,6 @@ public void initHmacSharedSecretKey(byte[] key, short start, short len) { writeDataEntry(SHARED_KEY,key,start,len); } - public void initComputedHmac(byte[] key, short start, short len) { if(len != COMPUTED_HMAC_KEY_SIZE) KMException.throwIt(KMError.INVALID_INPUT_LENGTH); writeDataEntry(COMPUTED_HMAC_KEY,key,start,len); From cbedb0e4410d8d3725ad9a566082e7f553672436 Mon Sep 17 00:00:00 2001 From: BKSSM Venkateswarlu Date: Sat, 23 Jan 2021 00:47:05 +0530 Subject: [PATCH 038/169] Corrected the condition for SE provisioned status --- HAL/keymaster/4.1/Provision.cpp | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/HAL/keymaster/4.1/Provision.cpp b/HAL/keymaster/4.1/Provision.cpp index 6249e34d..ebcf7e37 100644 --- a/HAL/keymaster/4.1/Provision.cpp +++ b/HAL/keymaster/4.1/Provision.cpp @@ -458,8 +458,7 @@ static bool isSEProvisioned(uint64_t status) { if(status != (ProvisionStatus::PROVISION_STATUS_ATTESTATION_KEY | ProvisionStatus::PROVISION_STATUS_ATTESTATION_CERT_CHAIN | ProvisionStatus::PROVISION_STATUS_ATTESTATION_CERT_PARAMS | ProvisionStatus::PROVISION_STATUS_ATTEST_IDS | - ProvisionStatus::PROVISION_STATUS_PRESHARED_SECRET | ProvisionStatus::PROVISION_STATUS_BOOT_PARAM - |ProvisionStatus::PROVISION_STATUS_PROVISIONING_LOCKED)) { + ProvisionStatus::PROVISION_STATUS_PRESHARED_SECRET | ProvisionStatus::PROVISION_STATUS_BOOT_PARAM)) { ret = false; } return ret; From 9c6732f90d6c50a87a79ed31376511a4198cb43f Mon Sep 17 00:00:00 2001 From: BKSSM Venkateswarlu Date: Sat, 23 Jan 2021 01:45:42 +0530 Subject: [PATCH 039/169] Corrected the condition for SE provisioned status --- HAL/keymaster/4.1/Provision.cpp | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/HAL/keymaster/4.1/Provision.cpp b/HAL/keymaster/4.1/Provision.cpp index ebcf7e37..24f65667 100644 --- a/HAL/keymaster/4.1/Provision.cpp +++ b/HAL/keymaster/4.1/Provision.cpp @@ -454,12 +454,13 @@ static ErrorCode setBootParameters(std::unique_ptr Date: Mon, 25 Jan 2021 13:59:38 +0530 Subject: [PATCH 040/169] make provision as separate library --- .../4.1/JavacardKeymaster4Device.cpp | 65 +- HAL/keymaster/4.1/Provision.cpp | 264 ++------ HAL/keymaster/Android.bp | 7 +- HAL/keymaster/include/Provision.h | 41 +- provisioning_tool/Android.bp | 2 +- provisioning_tool/provision_tool.cpp | 634 +++++------------- provisioning_tool/sample_json.txt | 7 +- 7 files changed, 339 insertions(+), 681 deletions(-) diff --git a/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp b/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp index 27f32150..3086e287 100644 --- a/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp +++ b/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp @@ -32,7 +32,6 @@ #include #include #include -#include #include #include #include @@ -91,7 +90,19 @@ enum class Instruction { INS_ABORT_OPERATION_CMD = INS_END_KM_PROVISION_CMD+19, INS_DEVICE_LOCKED_CMD = INS_END_KM_PROVISION_CMD+20, INS_EARLY_BOOT_ENDED_CMD = INS_END_KM_PROVISION_CMD+21, - INS_GET_CERT_CHAIN_CMD = INS_END_KM_PROVISION_CMD+22 + INS_GET_CERT_CHAIN_CMD = INS_END_KM_PROVISION_CMD+22, + INS_GET_PROVISION_STATUS_CMD = INS_BEGIN_KM_CMD+8, +}; + +enum ProvisionStatus { + NOT_PROVISIONED = 0x00, + PROVISION_STATUS_ATTESTATION_KEY = 0x01, + PROVISION_STATUS_ATTESTATION_CERT_CHAIN = 0x02, + PROVISION_STATUS_ATTESTATION_CERT_PARAMS = 0x04, + PROVISION_STATUS_ATTEST_IDS = 0x08, + PROVISION_STATUS_PRESHARED_SECRET = 0x10, + PROVISION_STATUS_BOOT_PARAM = 0x20, + PROVISION_STATUS_PROVISIONING_LOCKED = 0x40, }; //Extended error codes @@ -368,15 +379,57 @@ uint16_t getStatus(std::vector& inputData) { return (inputData.at(inputData.size()-2) << 8) | (inputData.at(inputData.size()-1)); } +static bool isSEProvisioned() { + ErrorCode errorCode = ErrorCode::OK; + Instruction ins = Instruction::INS_GET_PROVISION_STATUS_CMD; + std::vector cborData; + std::vector response; + std::unique_ptr item; + CborConverter cborConverter; + std::vector apdu; + bool ret = false; + + errorCode = constructApduMessage(ins, cborData, apdu); + if(errorCode != ErrorCode::OK) return ret; + + if(!getTransportFactoryInstance()->sendData(apdu.data(), apdu.size(), response)) { + LOG(ERROR) << " Failed to send GET_PROVISION_STATUS_CMD "; + return ret; + } + + if((response.size() <= 2) || (getStatus(response) != APDU_RESP_STATUS_OK)) { + return ret; + } + //Check if SE is provisioned. + std::tie(item, errorCode) = cborConverter.decodeData(std::vector(response.begin(), response.end()-2), + true); + if(item != NULL) { + uint64_t status; + + if(!cborConverter.getUint64(item, 1, status)) { + LOG(ERROR) << "Failed to parse the status from cbor data"; + return ret; + } + + if ( (0 != (status & ProvisionStatus::PROVISION_STATUS_ATTESTATION_KEY)) && + (0 != (status & ProvisionStatus::PROVISION_STATUS_ATTESTATION_CERT_CHAIN)) && + (0 != (status & ProvisionStatus::PROVISION_STATUS_ATTESTATION_CERT_PARAMS)) && + (0 != (status & ProvisionStatus::PROVISION_STATUS_PRESHARED_SECRET)) && + (0 != (status & ProvisionStatus::PROVISION_STATUS_BOOT_PARAM))) { + ret = true; + } + } + return ret; +} + + ErrorCode sendData(Instruction ins, std::vector& inData, std::vector& response, bool extendedOutput=false) { ErrorCode ret = ErrorCode::UNKNOWN_ERROR; std::vector apdu; - // TODO In real scenario the provision happens in the factory. In that case this - // below code is not required. This is just used for simulation. - if (ErrorCode::OK != (ret = provision(getTransportFactoryInstance()))) { - LOG(ERROR) << "Failed to provision the device"; + if (!isSEProvisioned()) { + LOG(ERROR) << "Javacard applet is not provisioned."; return ret; } ret = constructApduMessage(ins, inData, apdu, extendedOutput); diff --git a/HAL/keymaster/4.1/Provision.cpp b/HAL/keymaster/4.1/Provision.cpp index 24f65667..a896db88 100644 --- a/HAL/keymaster/4.1/Provision.cpp +++ b/HAL/keymaster/4.1/Provision.cpp @@ -28,10 +28,8 @@ #include #include #include + #include -#define ROOT_EC_KEY "/data/data/ec_key.der" -#define INTERMEDIATE_EC_CERT "/data/data/ec_cert.der" -#define ROOT_EC_CERT "/data/data/ec_root_cert.der" #define INS_BEGIN_KM_CMD 0x00 #define APDU_CLS 0x80 #define APDU_P1 0x40 @@ -42,7 +40,6 @@ namespace keymaster { namespace V4_1 { namespace javacard { -constexpr uint8_t kFakeKeyAgreementKey[32] = {}; enum class Instruction { // Provisioning commands INS_PROVISION_ATTESTATION_KEY_CMD = INS_BEGIN_KM_CMD+1, @@ -67,32 +64,15 @@ enum ProvisionStatus { }; // Static function declarations. -static bool readDataFromFile(const char *filename, std::vector& data); static ErrorCode constructApduMessage(Instruction& ins, std::vector& inputData, std::vector& apduOut, bool extendedOutput=false); static ErrorCode sendProvisionData(std::unique_ptr& transport, Instruction ins, std::vector& inData, std::vector& response, bool extendedOutput = false); -static ErrorCode provisionAttestationKey(std::unique_ptr& transport); -static ErrorCode provisionAttestationCertificateChain(std::unique_ptr& transport); -static ErrorCode provisionAttestationCertificateParams(std::unique_ptr& transport); -static ErrorCode provisionAttestationIDs(std::unique_ptr& transport); -static ErrorCode provisionSharedSecret(std::unique_ptr& transport); -static ErrorCode getProvisionStatus(std::unique_ptr& transport, std::vector& -response); -static ErrorCode lockProvision(std::unique_ptr& transport); -static ErrorCode setBootParameters(std::unique_ptr& transport); static uint16_t getStatus(std::vector& inputData); -static bool isSEProvisioned(uint64_t status); -static inline X509* parseDerCertificate(const char* filename) { +static inline X509* parseDerCertificate(std::vector& certData) { X509 *x509 = NULL; - std::vector certData; - /* Read the Root certificate */ - if(!readDataFromFile(filename, certData)) { - LOG(ERROR) << " Failed to read the Root certificate"; - return NULL; - } /* Create BIO instance from certificate data */ BIO *bio = BIO_new_mem_buf(certData.data(), certData.size()); if(bio == NULL) { @@ -145,30 +125,6 @@ static uint16_t getStatus(std::vector& inputData) { return (inputData.at(inputData.size()-2) << 8) | (inputData.at(inputData.size()-1)); } -static bool readDataFromFile(const char *filename, std::vector& data) { - FILE *fp; - bool ret = true; - fp = fopen(filename, "rb"); - if(fp == NULL) { - LOG(ERROR) << "Failed to open file: " << filename; - return false; - } - fseek(fp, 0L, SEEK_END); - long int filesize = ftell(fp); - rewind(fp); - std::unique_ptr buf(new uint8_t[filesize]); - if( 0 == fread(buf.get(), filesize, 1, fp)) { - LOG(ERROR) << "No Content in the file: " << filename; - ret = false; - } - if(true == ret) { - //data.insert(data.begin(), buf.get(), buf.get() + filesize); - data.insert(data.end(), buf.get(), buf.get() + filesize); - } - fclose(fp); - return ret; -} - static ErrorCode constructApduMessage(Instruction& ins, std::vector& inputData, std::vector& apduOut, bool extendedOutput) { apduOut.push_back(static_cast(APDU_CLS)); //CLS @@ -235,77 +191,73 @@ extendedOutput) { return ret; } -static ErrorCode provisionAttestationKey(std::unique_ptr& transport) { +// Class Provision Start + +ErrorCode Provision::initProvision() { + if(pTransportFactory == nullptr) { + pTransportFactory = std::unique_ptr(new se_transport::TransportFactory( + android::base::GetBoolProperty("ro.kernel.qemu", false))); + pTransportFactory->openConnection(); + } + return ErrorCode::OK; +} + +ErrorCode Provision::provisionAttestationKey(std::vector& batchKey) { ErrorCode errorCode = ErrorCode::OK; - CborConverter cborConverter; - cppbor::Array array; - cppbor::Array subArray; - std::vector data; std::vector privKey; std::vector pubKey; - Instruction ins = Instruction::INS_PROVISION_ATTESTATION_KEY_CMD; EcCurve curve; + CborConverter cborConverter; + cppbor::Array array; + cppbor::Array subArray; std::vector response; + Instruction ins = Instruction::INS_PROVISION_ATTESTATION_KEY_CMD; AuthorizationSet authSetKeyParams(AuthorizationSetBuilder() .Authorization(TAG_ALGORITHM, KM_ALGORITHM_EC) .Authorization(TAG_DIGEST, KM_DIGEST_SHA_2_256) .Authorization(TAG_EC_CURVE, KM_EC_CURVE_P_256) .Authorization(TAG_PURPOSE, static_cast(0x7F))); /* The value 0x7F is not present in types.hal */ - // Read the ECKey from the file. hidl_vec keyParams = kmParamSet2Hidl(authSetKeyParams); - - if(!readDataFromFile(ROOT_EC_KEY, data)) { - LOG(ERROR) << " Failed to read the Root rsa key"; - return ErrorCode::UNKNOWN_ERROR; - } - if(ErrorCode::OK != (errorCode = ecRawKeyFromPKCS8(data, privKey, pubKey, curve))) { + if(ErrorCode::OK != (errorCode = ecRawKeyFromPKCS8(batchKey, privKey, pubKey, curve))) { return errorCode; } subArray.add(privKey); subArray.add(pubKey); std::vector encodedArray = subArray.encode(); cppbor::Bstr bstr(encodedArray.begin(), encodedArray.end()); - //Encode data. cborConverter.addKeyparameters(array, keyParams); array.add(static_cast(KeyFormat::RAW)); array.add(bstr); std::vector cborData = array.encode(); - - if(ErrorCode::OK != (errorCode = sendProvisionData(transport, ins, cborData, response))) { + if(ErrorCode::OK != (errorCode = sendProvisionData(pTransportFactory, ins, cborData, response))) { return errorCode; } return errorCode; } -static ErrorCode provisionAttestationCertificateChain(std::unique_ptr& transport) { +ErrorCode Provision::provisionAtestationCertificateChain(std::vector>& certChain) { ErrorCode errorCode = ErrorCode::OK; cppbor::Array array; Instruction ins = Instruction::INS_PROVISION_CERT_CHAIN_CMD; std::vector response; std::vector certData; - /* Read the Root certificate */ - if(!readDataFromFile(INTERMEDIATE_EC_CERT, certData)) { - LOG(ERROR) << " Failed to read the Root certificate"; - return (ErrorCode::UNKNOWN_ERROR); + for (auto data : certChain) { + certData.insert(certData.end(), data.begin(), data.end()); } - if(!readDataFromFile(ROOT_EC_CERT, certData)) { - LOG(ERROR) << " Failed to read the Root certificate"; - return (ErrorCode::UNKNOWN_ERROR); - } - cppbor::Bstr certChain(certData.begin(), certData.end()); - std::vector cborData = certChain.encode(); + cppbor::Bstr bstrCertChain(certData.begin(), certData.end()); + std::vector cborData = bstrCertChain.encode(); - if(ErrorCode::OK != (errorCode = sendProvisionData(transport, ins, cborData, response))) { + if(ErrorCode::OK != (errorCode = sendProvisionData(pTransportFactory, ins, cborData, response))) { return errorCode; } return errorCode; } -static ErrorCode provisionAttestationCertificateParams(std::unique_ptr& transport) { +ErrorCode Provision::provisionAttestationCertificateParams(std::vector& batchCertificate) { ErrorCode errorCode = ErrorCode::OK; cppbor::Array array; Instruction ins = Instruction::INS_PROVISION_CERT_PARAMS_CMD; @@ -316,7 +268,7 @@ static ErrorCode provisionAttestationCertificateParams(std::unique_ptr cborData = array.encode(); - if(ErrorCode::OK != (errorCode = sendProvisionData(transport, ins, cborData, response))) { + if(ErrorCode::OK != (errorCode = sendProvisionData(pTransportFactory, ins, cborData, response))) { return errorCode; } return errorCode; } - -static ErrorCode provisionAttestationIDs(std::unique_ptr& transport) { +ErrorCode Provision::provisionAttestationID(AttestIDParams& attestParams) { ErrorCode errorCode = ErrorCode::OK; CborConverter cborConverter; cppbor::Array array; Instruction ins = Instruction::INS_PROVISION_ATTEST_IDS_CMD; std::vector response; - std::string brand("Google"); - std::string device("Pixel 3A"); - std::string product("Pixel"); - std::string serial("UGYJFDjFeRuBEH"); - std::string imei("987080543071019"); - std::string meid("27863510227963"); - std::string manufacturer("Foxconn"); - std::string model("HD1121"); - AuthorizationSet authSetAttestParams(AuthorizationSetBuilder() - .Authorization(TAG_ATTESTATION_ID_BRAND, brand.data(), brand.size()) - .Authorization(TAG_ATTESTATION_ID_DEVICE, device.data(), device.size()) - .Authorization(TAG_ATTESTATION_ID_PRODUCT, product.data(), product.size()) - .Authorization(TAG_ATTESTATION_ID_SERIAL, serial.data(), serial.size()) - .Authorization(TAG_ATTESTATION_ID_IMEI, imei.data(), imei.size()) - .Authorization(TAG_ATTESTATION_ID_MEID, meid.data(), meid.size()) - .Authorization(TAG_ATTESTATION_ID_MANUFACTURER, manufacturer.data(), manufacturer.size()) - .Authorization(TAG_ATTESTATION_ID_MODEL, model.data(), model.size())); + .Authorization(TAG_ATTESTATION_ID_BRAND, attestParams.brand.data(), attestParams.brand.size()) + .Authorization(TAG_ATTESTATION_ID_DEVICE, attestParams.device.data(), attestParams.device.size()) + .Authorization(TAG_ATTESTATION_ID_PRODUCT, attestParams.product.data(), attestParams.product.size()) + .Authorization(TAG_ATTESTATION_ID_SERIAL, attestParams.serial.data(), attestParams.serial.size()) + .Authorization(TAG_ATTESTATION_ID_IMEI, attestParams.imei.data(), attestParams.imei.size()) + .Authorization(TAG_ATTESTATION_ID_MEID, attestParams.meid.data(), attestParams.meid.size()) + .Authorization(TAG_ATTESTATION_ID_MANUFACTURER, attestParams.manufacturer.data(), attestParams.manufacturer.size()) + .Authorization(TAG_ATTESTATION_ID_MODEL, attestParams.model.data(), attestParams.model.size())); - hidl_vec attestParams = kmParamSet2Hidl(authSetAttestParams); + hidl_vec attestKeyParams = kmParamSet2Hidl(authSetAttestParams); array = cppbor::Array(); - cborConverter.addKeyparameters(array, attestParams); + cborConverter.addKeyparameters(array, attestKeyParams); std::vector cborData = array.encode(); - if(ErrorCode::OK != (errorCode = sendProvisionData(transport, ins, cborData, response))) { + if(ErrorCode::OK != (errorCode = sendProvisionData(pTransportFactory, ins, cborData, response))) { return errorCode; } return errorCode; } -static ErrorCode provisionSharedSecret(std::unique_ptr& transport) { +ErrorCode Provision::provisionPreSharedSecret(std::vector& preSharedSecret) { ErrorCode errorCode = ErrorCode::OK; cppbor::Array array; Instruction ins = Instruction::INS_PROVISION_PRESHARED_SECRET_CMD; std::vector response; - std::vector masterKey(kFakeKeyAgreementKey, kFakeKeyAgreementKey + - sizeof(kFakeKeyAgreementKey)/sizeof(kFakeKeyAgreementKey[0])); array = cppbor::Array(); - array.add(masterKey); + array.add(preSharedSecret); std::vector cborData = array.encode(); - if(ErrorCode::OK != (errorCode = sendProvisionData(transport, ins, cborData, response))) { - return errorCode; - } - return errorCode; -} - -static ErrorCode getProvisionStatus(std::unique_ptr& transport, std::vector& -response) { - ErrorCode errorCode = ErrorCode::OK; - Instruction ins = Instruction::INS_GET_PROVISION_STATUS_CMD; - std::vector cborData; - - if(ErrorCode::OK != (errorCode = sendProvisionData(transport, ins, cborData, response))) { + if(ErrorCode::OK != (errorCode = sendProvisionData(pTransportFactory, ins, cborData, response))) { return errorCode; } return errorCode; - } -static ErrorCode lockProvision(std::unique_ptr& transport) { +ErrorCode Provision::provisionBootParameters(BootParams& bootParams) { ErrorCode errorCode = ErrorCode::OK; - Instruction ins = Instruction::INS_LOCK_PROVISIONING_CMD; - std::vector cborData; - std::vector response; - - if(ErrorCode::OK != (errorCode = sendProvisionData(transport, ins, cborData, response))) { - return errorCode; - } - return errorCode; -} - -static ErrorCode setBootParameters(std::unique_ptr& transport) { - ErrorCode errorCode = ErrorCode::OK; - std::vector verifiedBootKey(32, 0); - std::vector verifiedBootKeyHash(32, 0); - uint32_t vendorPatchLevel = 0; - uint32_t bootPatchLevel = 0; cppbor::Array array; std::vector apdu; std::vector response; Instruction ins = Instruction::INS_SET_BOOT_PARAMS_CMD; - keymaster_verified_boot_t kmVerifiedBoot = KM_VERIFIED_BOOT_UNVERIFIED; array.add(GetOsVersion()). add(GetOsPatchlevel()). - add(vendorPatchLevel). - add(bootPatchLevel). + add(bootParams.vendorPatchLevel). + add(bootParams.bootPatchLevel). /* Verified Boot Key */ - add(verifiedBootKey). + add(bootParams.verifiedBootKey). /* Verified Boot Hash */ - add(verifiedBootKeyHash). + add(bootParams.verifiedBootKeyHash). /* boot state */ - add(static_cast(kmVerifiedBoot)). + add(bootParams.verifiedBootState). /* device locked */ - add(0); + add(bootParams.deviceLocked); std::vector cborData = array.encode(); - if(ErrorCode::OK != (errorCode = sendProvisionData(transport, ins, cborData, response))) { + if(ErrorCode::OK != (errorCode = sendProvisionData(pTransportFactory, ins, cborData, response))) { return errorCode; } return errorCode; } -static bool isSEProvisioned(uint64_t status) { - bool ret = false; - if ( (0 != (status & ProvisionStatus::PROVISION_STATUS_ATTESTATION_KEY)) && - (0 != (status & ProvisionStatus::PROVISION_STATUS_ATTESTATION_CERT_CHAIN)) && - (0 != (status & ProvisionStatus::PROVISION_STATUS_ATTESTATION_CERT_PARAMS)) && - (0 != (status & ProvisionStatus::PROVISION_STATUS_PRESHARED_SECRET)) && - (0 != (status & ProvisionStatus::PROVISION_STATUS_BOOT_PARAM))) { - ret = true; - } - return ret; -} - -ErrorCode provision(std::unique_ptr& transport) { +ErrorCode Provision::getProvisionStatus(uint64_t& status) { + ErrorCode errorCode = ErrorCode::OK; + Instruction ins = Instruction::INS_GET_PROVISION_STATUS_CMD; + std::vector cborData; std::vector response; std::unique_ptr item; CborConverter cborConverter; - ErrorCode errorCode = ErrorCode::OK; - //Get Provision status. - if(ErrorCode::OK != (errorCode = getProvisionStatus(transport, response))) { + if(ErrorCode::OK != (errorCode = sendProvisionData(pTransportFactory, ins, cborData, response))) { + LOG(ERROR) << "Failed to get provision status err: " << static_cast(errorCode); return errorCode; } - //Check if SE is provisioned. std::tie(item, errorCode) = cborConverter.decodeData(std::vector(response.begin(), response.end()-2), true); if(item != NULL) { - uint64_t status; - if(!cborConverter.getUint64(item, 1, status)) + if(!cborConverter.getUint64(item, 1, status)) { + LOG(ERROR) << "Failed to parse the status from cbor data"; return ErrorCode::UNKNOWN_ERROR; - - if(isSEProvisioned(status)) { - return ErrorCode::OK; //SE is Provisioned. } - - } else { - return ErrorCode::UNKNOWN_ERROR; } + return errorCode; +} - //SE not provisioned so Provision the SE. +ErrorCode Provision::lockProvision() { + ErrorCode errorCode = ErrorCode::OK; + Instruction ins = Instruction::INS_LOCK_PROVISIONING_CMD; + std::vector cborData; + std::vector response; - //Provision Attestation Key. - if(ErrorCode::OK != (errorCode = provisionAttestationKey(transport))) { - return errorCode; - } - //Provision Attestation certificate chain. - if(ErrorCode::OK != (errorCode = provisionAttestationCertificateChain(transport))) { - return errorCode; - } - //Provision certificate parameters. - if(ErrorCode::OK != (errorCode = provisionAttestationCertificateParams(transport))) { - return errorCode; - } - //Provision Attestation IDs. - if(ErrorCode::OK != (errorCode = provisionAttestationIDs(transport))) { - return errorCode; - } - //Provision Shared secret. - if(ErrorCode::OK != (errorCode = provisionSharedSecret(transport))) { - return errorCode; - } - //Set Boot parameters. - if(ErrorCode::OK != (errorCode = setBootParameters(transport))) { - return errorCode; - } - //Lock the provisioning. - if(ErrorCode::OK != (errorCode = lockProvision(transport))) { + if(ErrorCode::OK != (errorCode = sendProvisionData(pTransportFactory, ins, cborData, response))) { return errorCode; } - //return OK return errorCode; } +// Provision End } // namespace javacard } // namespace V4_1 diff --git a/HAL/keymaster/Android.bp b/HAL/keymaster/Android.bp index fdeaf9ce..9db148da 100644 --- a/HAL/keymaster/Android.bp +++ b/HAL/keymaster/Android.bp @@ -25,7 +25,8 @@ cc_binary { "4.1/JavacardKeymaster4Device.cpp", "4.1/JavacardSoftKeymasterContext.cpp", "4.1/JavacardOperationContext.cpp", - "4.1/Provision.cpp", + "4.1/CommonUtils.cpp", + "4.1/CborConverter.cpp", ], local_include_dirs: [ "include", @@ -46,7 +47,6 @@ cc_binary { "android.hardware.keymaster@4.0", "libjc_transport", "libcrypto", - "libjc_common", ], product_variables: { debuggable: { @@ -111,11 +111,12 @@ cc_library { } cc_library { - name: "libjc_common", + name: "libjc_provision", vendor_available: true, srcs: [ "4.1/CommonUtils.cpp", "4.1/CborConverter.cpp", + "4.1/Provision.cpp", ], local_include_dirs: [ "include", diff --git a/HAL/keymaster/include/Provision.h b/HAL/keymaster/include/Provision.h index a58c17c6..e6b670f2 100644 --- a/HAL/keymaster/include/Provision.h +++ b/HAL/keymaster/include/Provision.h @@ -25,10 +25,43 @@ namespace keymaster { namespace V4_1 { namespace javacard { -/** - * Provisions the SE. - */ -ErrorCode provision(std::unique_ptr& transport); +typedef struct BootParams_ { + uint32_t osVersion; + uint32_t osPatchLevel; + uint32_t vendorPatchLevel; + uint32_t bootPatchLevel; + std::vector verifiedBootKey; + std::vector verifiedBootKeyHash; + uint32_t verifiedBootState; + uint32_t deviceLocked; +} BootParams; + +typedef struct AttestIDParams_ { + std::string brand; + std::string device; + std::string product; + std::string serial; + std::string imei; + std::string meid; + std::string manufacturer; + std::string model; +} AttestIDParams; + +class Provision { +public: + ErrorCode initProvision(); + ErrorCode provisionAttestationKey(std::vector& batchKey); + ErrorCode provisionAtestationCertificateChain(std::vector>& CertChain); + ErrorCode provisionAttestationCertificateParams(std::vector& batchCertificate); + ErrorCode provisionAttestationID(AttestIDParams& attestParams); + ErrorCode provisionPreSharedSecret(std::vector& preSharedSecret); + ErrorCode provisionBootParameters(BootParams& bootParams ); + ErrorCode lockProvision(); + ErrorCode getProvisionStatus(uint64_t&); + +private: + std::unique_ptr pTransportFactory; +}; } // namespace javacard } // namespace V4_1 diff --git a/provisioning_tool/Android.bp b/provisioning_tool/Android.bp index 2f66b105..b9b39808 100644 --- a/provisioning_tool/Android.bp +++ b/provisioning_tool/Android.bp @@ -36,6 +36,6 @@ cc_binary { "libjc_transport", "libcrypto", "libjsoncpp", - "libjc_common", + "libjc_provision", ], } diff --git a/provisioning_tool/provision_tool.cpp b/provisioning_tool/provision_tool.cpp index 1cead86a..820384b1 100644 --- a/provisioning_tool/provision_tool.cpp +++ b/provisioning_tool/provision_tool.cpp @@ -35,6 +35,7 @@ #include #include #include +#include #define BUFFER_MAX_LENGTH 256 #define SB_KEYMASTER_SERVICE "javacard" @@ -64,30 +65,14 @@ enum ProvisionStatus { PROVISION_STATUS_ATTESTATION_CERT_CHAIN = 0x02, PROVISION_STATUS_ATTESTATION_CERT_PARAMS = 0x04, PROVISION_STATUS_ATTEST_IDS = 0x08, - PROVISION_STATUS_SHARED_SECRET = 0x10, + PROVISION_STATUS_PRESHARED_SECRET = 0x10, PROVISION_STATUS_BOOT_PARAM = 0x20, PROVISION_STATUS_PROVISIONING_LOCKED = 0x40, }; using ::android::hardware::keymaster::V4_0::ErrorCode; -using ::android::hardware::keymaster::V4_0::EcCurve; -using ::android::hardware::keymaster::V4_0::HardwareAuthenticatorType; -using ::android::hardware::keymaster::V4_0::HardwareAuthToken; -using ::android::hardware::keymaster::V4_0::HmacSharingParameters; -using ::android::hardware::keymaster::V4_0::KeyCharacteristics; -using ::android::hardware::keymaster::V4_0::KeyFormat; -using ::android::hardware::keymaster::V4_0::KeyParameter; -using ::android::hardware::keymaster::V4_0::KeyPurpose; -using ::android::hardware::keymaster::V4_0::OperationHandle; -using ::android::hardware::keymaster::V4_0::SecurityLevel; -using ::android::hardware::keymaster::V4_0::VerificationToken; -using ::android::hardware::keymaster::V4_0::Tag; -using ::android::hardware::keymaster::V4_1::IKeymasterDevice; -using ::android::sp; -using se_transport::TransportFactory; - -static sp sbKeymaster; -static TransportFactory *pTransportFactory; + +static keymaster::V4_1::javacard::Provision mProvision; Json::Value root; constexpr char hex_value[256] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // @@ -117,12 +102,6 @@ std::string hex2str(std::string a) { return b; } -//static function declarations. -static ErrorCode constructApduMessage(Instruction& ins, std::vector& inputData, std::vector& apduOut, bool -extendedOutput); -static ErrorCode sendProvisionData(Instruction ins, std::vector& inData, std::vector& response, bool -extendedOutput); -static Tag mapAttestKeyToAttestTag(std::string key); bool parseJsonFile(const char* filename); static bool readDataFromFile(const char *filename, std::vector& data) { @@ -148,179 +127,6 @@ static bool readDataFromFile(const char *filename, std::vector& data) { return ret; } -static inline X509* parseDerCertificate(std::vector& certData) { - X509 *x509 = NULL; - - /* Create BIO instance from certificate data */ - BIO *bio = BIO_new_mem_buf(certData.data(), certData.size()); - if(bio == NULL) { - LOG(ERROR) << " Failed to create BIO from buffer."; - return NULL; - } - /* Create X509 instance from BIO */ - x509 = d2i_X509_bio(bio, NULL); - if(x509 == NULL) { - LOG(ERROR) << " Failed to get X509 instance from BIO."; - return NULL; - } - BIO_free(bio); - return x509; -} - -static inline void getDerSubjectName(X509* x509, std::vector& subject) { - uint8_t *subjectDer = NULL; - X509_NAME* asn1Subject = X509_get_subject_name(x509); - if(asn1Subject == NULL) { - LOG(ERROR) << " Failed to read the subject."; - return; - } - /* Convert X509_NAME to der encoded subject */ - int len = i2d_X509_NAME(asn1Subject, &subjectDer); - if (len < 0) { - LOG(ERROR) << " Failed to get readable name from X509_NAME."; - return; - } - subject.insert(subject.begin(), subjectDer, subjectDer+len); -} - -static inline void getAuthorityKeyIdentifier(X509* x509, std::vector& authKeyId) { - long xlen; - int tag, xclass; - - int loc = X509_get_ext_by_NID(x509, NID_authority_key_identifier, -1); - X509_EXTENSION *ext = X509_get_ext(x509, loc); - if(ext == NULL) { - LOG(ERROR) << " Failed to read authority key identifier."; - return; - } - - ASN1_OCTET_STRING *asn1AuthKeyId = X509_EXTENSION_get_data(ext); - const uint8_t *strAuthKeyId = ASN1_STRING_get0_data(asn1AuthKeyId); - int strAuthKeyIdLen = ASN1_STRING_length(asn1AuthKeyId); - int ret = ASN1_get_object(&strAuthKeyId, &xlen, &tag, &xclass, strAuthKeyIdLen); - if (ret == 0x80 || strAuthKeyId == NULL) { - LOG(ERROR) << "Failed to get the auth key identifier from ASN1 sequence."; - return; - } - authKeyId.insert(authKeyId.begin(), strAuthKeyId, strAuthKeyId + xlen); -} - -static inline void getNotAfter(X509* x509, std::vector& notAfterDate) { - const ASN1_TIME* notAfter = X509_get0_notAfter(x509); - if(notAfter == NULL) { - LOG(ERROR) << " Failed to read expiry time."; - return; - } - int strNotAfterLen = ASN1_STRING_length(notAfter); - const uint8_t *strNotAfter = ASN1_STRING_get0_data(notAfter); - if(strNotAfter == NULL) { - LOG(ERROR) << " Failed to read expiry time from ASN1 string."; - return; - } - notAfterDate.insert(notAfterDate.begin(), strNotAfter, strNotAfter + strNotAfterLen); -} - -static inline uint16_t getStatus(std::vector& inputData) { - //Last two bytes are the status SW0SW1 - return (inputData.at(inputData.size()-2) << 8) | (inputData.at(inputData.size()-1)); -} - -static inline TransportFactory* getTransportFactoryInstance() { - if(pTransportFactory == nullptr) { - pTransportFactory = new se_transport::TransportFactory( - android::base::GetBoolProperty("ro.kernel.qemu", false)); - pTransportFactory->openConnection(); - } - return pTransportFactory; -} - -static Tag mapAttestKeyToAttestTag(std::string keyStr) { - Tag tag = Tag::INVALID; - - if (0 == keyStr.compare("brand")) { - tag = Tag::ATTESTATION_ID_BRAND; - } else if(0 == keyStr.compare("device")) { - tag = Tag::ATTESTATION_ID_DEVICE; - } else if(0 == keyStr.compare("product")) { - tag = Tag::ATTESTATION_ID_PRODUCT; - } else if(0 == keyStr.compare("serial")) { - tag = Tag::ATTESTATION_ID_SERIAL; - } else if(0 == keyStr.compare("imei")) { - tag = Tag::ATTESTATION_ID_IMEI; - } else if(0 == keyStr.compare("meid")) { - tag = Tag::ATTESTATION_ID_MEID; - } else if(0 == keyStr.compare("manufacturer")) { - tag = Tag::ATTESTATION_ID_MANUFACTURER; - } else if(0 == keyStr.compare("model")) { - tag = Tag::ATTESTATION_ID_MODEL; - } - return tag; -} - -static ErrorCode constructApduMessage(Instruction& ins, std::vector& inputData, std::vector& apduOut, bool -extendedOutput) { - apduOut.push_back(static_cast(APDU_CLS)); //CLS - apduOut.push_back(static_cast(ins)); //INS - apduOut.push_back(static_cast(APDU_P1)); //P1 - apduOut.push_back(static_cast(APDU_P2)); //P2 - - if(UCHAR_MAX < inputData.size() && USHRT_MAX >= inputData.size()) { - //Extended length 3 bytes, starts with 0x00 - apduOut.push_back(static_cast(0x00)); - apduOut.push_back(static_cast(inputData.size() >> 8)); - apduOut.push_back(static_cast(inputData.size() & 0xFF)); - //Data - apduOut.insert(apduOut.end(), inputData.begin(), inputData.end()); - //Expected length of output - apduOut.push_back(static_cast(0x00)); - apduOut.push_back(static_cast(0x00)); - apduOut.push_back(static_cast(0x00));//Accepting complete length of output at a time - } else if(0 <= inputData.size() && UCHAR_MAX >= inputData.size()) { - //Short length - apduOut.push_back(static_cast(inputData.size())); - //Data - if(inputData.size() > 0) - apduOut.insert(apduOut.end(), inputData.begin(), inputData.end()); - //Expected length of output - apduOut.push_back(static_cast(0x00));//Accepting complete length of output at a time - if(extendedOutput) - apduOut.push_back(static_cast(0x00)); - - } else { - return (ErrorCode::INSUFFICIENT_BUFFER_SPACE); - } - - return (ErrorCode::OK);//success -} - -static ErrorCode sendProvisionData(Instruction ins, std::vector& inData, std::vector& response, bool -extendedOutput=false) { - ErrorCode ret = ErrorCode::OK; - std::vector apdu; - CborConverter cborConverter; - std::unique_ptr item; - ret = constructApduMessage(ins, inData, apdu, extendedOutput); - if(ret != ErrorCode::OK) return ret; - - if(!pTransportFactory->sendData(apdu.data(), apdu.size(), response)) { - return (ErrorCode::SECURE_HW_COMMUNICATION_FAILED); - } - - if((response.size() < 2) || (getStatus(response) != APDU_RESP_STATUS_OK)) { - return (ErrorCode::UNKNOWN_ERROR); - } - - if((response.size() > 2)) { - //Skip last 2 bytes in cborData, it contains status. - std::tie(item, ret) = cborConverter.decodeData(std::vector(response.begin(), response.end()-2), - true); - } else { - ret = ErrorCode::UNKNOWN_ERROR; - } - - return ret; -} - void usage() { printf("Usage: provision_tool [options]\n"); printf("Valid options are:\n"); @@ -371,73 +177,55 @@ bool getBootParameterBlobValue(Json::Value& bootParamsObj, const char* key, std: bool setBootParameters(const char* filename) { Json::Value bootParamsObj; bool ret = false; + keymaster::V4_1::javacard::BootParams bootParams; if(!parseJsonFile(filename)) return ret; bootParamsObj = root.get("set_boot_params", bootParamsObj); if (!bootParamsObj.isNull()) { - cppbor::Array array; - ErrorCode errorCode = ErrorCode::OK; - std::vector apdu; - std::vector response; - Instruction ins = Instruction::INS_SET_BOOT_PARAMS_CMD; - uint32_t value; - std::vector blob; - - if(!getBootParameterIntValue(bootParamsObj, "os_version", &value)) { + + if(!getBootParameterIntValue(bootParamsObj, "os_version", &bootParams.osVersion)) { printf("\n Invalid value for os_version or os_version tag missing\n"); return ret; } - array.add(value); - if(!getBootParameterIntValue(bootParamsObj, "os_patch_level", &value)) { + if(!getBootParameterIntValue(bootParamsObj, "os_patch_level", &bootParams.osPatchLevel)) { printf("\n Invalid value for os_patch_level or os_patch_level tag missing\n"); return ret; } - array.add(value); - if(!getBootParameterIntValue(bootParamsObj, "vendor_patch_level", &value)) { + if(!getBootParameterIntValue(bootParamsObj, "vendor_patch_level", &bootParams.vendorPatchLevel)) { printf("\n Invalid value for vendor_patch_level or vendor_patch_level tag missing\n"); return ret; } - array.add(value); - if(!getBootParameterIntValue(bootParamsObj, "boot_patch_level", &value)) { + if(!getBootParameterIntValue(bootParamsObj, "boot_patch_level", &bootParams.bootPatchLevel)) { printf("\n Invalid value for boot_patch_level or boot_patch_level tag missing\n"); return ret; } - array.add(value); - if(!getBootParameterBlobValue(bootParamsObj, "verified_boot_key", blob)) { + if(!getBootParameterBlobValue(bootParamsObj, "verified_boot_key", bootParams.verifiedBootKey)) { printf("\n Invalid value for verified_boot_key or verified_boot_key tag missing\n"); return ret; } - array.add(blob); - blob.clear(); - if(!getBootParameterBlobValue(bootParamsObj, "verified_boot_key_hash", blob)) { + if(!getBootParameterBlobValue(bootParamsObj, "verified_boot_key_hash", bootParams.verifiedBootKeyHash)) { printf("\n Invalid value for verified_boot_key_hash or verified_boot_key_hash tag missing\n"); return ret; } - array.add(blob); - blob.clear(); - if(!getBootParameterIntValue(bootParamsObj, "boot_state", &value)) { + if(!getBootParameterIntValue(bootParamsObj, "boot_state", &bootParams.verifiedBootState)) { printf("\n Invalid value for boot_state or boot_state tag missing\n"); return ret; } - array.add(value); - if(!getBootParameterIntValue(bootParamsObj, "device_locked", &value)) { + if(!getBootParameterIntValue(bootParamsObj, "device_locked", &bootParams.deviceLocked)) { printf("\n Invalid value for device_locked or device_locked tag missing\n"); return ret; } - array.add(value); - - std::vector cborData = array.encode(); - - if(ErrorCode::OK != (errorCode = sendProvisionData(ins, cborData, response))) { - printf("\n Failed to set boot parameters errorCode:%d\n", errorCode); - return ret; - } } else { return ret; } + + if (ErrorCode::OK != mProvision.provisionBootParameters(bootParams)) { + return ret; + } + printf("\n SE successfully accepted boot paramters \n"); return true; } @@ -445,55 +233,47 @@ bool setBootParameters(const char* filename) { bool provisionAttestationIds(const char *filename) { Json::Value attestIds; bool ret = false; + keymaster::V4_1::javacard::AttestIDParams params; if(!parseJsonFile(filename)) return ret; attestIds = root.get("attest_ids", attestIds); if (!attestIds.isNull()) { - if (attestIds.size() != MAX_ATTEST_IDS_SIZE) { - return ret; - } Json::Value value; - std::vector temp; - int i = 0; - std::vector params(attestIds.size()); Json::Value::Members keys = attestIds.getMemberNames(); - Tag tag; for(std::string key : keys) { - if(Tag::INVALID == (tag = mapAttestKeyToAttestTag(key))) { - break; - } value = attestIds[key]; if(value.empty()) { - break; + continue; } - params[i].tag = tag; - for(char ch : value.asString()) { - temp.push_back((uint8_t)ch); + if (!value.isString()) { + return ret; } - params[i].blob.resize(temp.size()); - params[i].blob = temp; - temp.clear(); - i++; - } - - if(i != MAX_ATTEST_IDS_SIZE) - return ret; - - CborConverter cborConverter; - cppbor::Array array; - Instruction ins = Instruction::INS_PROVISION_ATTEST_IDS_CMD; - ErrorCode errorCode = ErrorCode::OK; - std::vector response; - hidl_vec attestParams(params); - //Encode input data into CBOR. - cborConverter.addKeyparameters(array, attestParams); - std::vector cborData = array.encode(); + if (0 == key.compare("brand")) { + params.brand = value.asString(); + } else if(0 == key.compare("device")) { + params.device = value.asString(); + } else if(0 == key.compare("product")) { + params.product = value.asString(); + } else if(0 == key.compare("serial")) { + params.serial = value.asString(); + } else if(0 == key.compare("imei")) { + params.imei = value.asString(); + } else if(0 == key.compare("meid")) { + params.meid = value.asString(); + } else if(0 == key.compare("manufacturer")) { + params.manufacturer = value.asString(); + } else if(0 == key.compare("model")) { + params.model = value.asString(); + } else { + printf("\n unknown attestation id key:%s \n", key.c_str()); + return ret; + } + } - if(ErrorCode::OK != (errorCode = sendProvisionData(ins, cborData, response))) { - printf("\n Failed to provision attestation ids error: %d\n", uint32_t(errorCode)); + if (ErrorCode::OK != mProvision.provisionAttestationID(params)) { return ret; } } else { @@ -504,14 +284,10 @@ bool provisionAttestationIds(const char *filename) { } bool lockProvision() { - bool ret = false; - cppbor::Array array; - Instruction ins = Instruction::INS_LOCK_PROVISIONING_CMD; - ErrorCode errorCode = ErrorCode::OK; - std::vector cborData; - std::vector response; + ErrorCode errorCode; + bool ret = false; - if(ErrorCode::OK != (errorCode = sendProvisionData(ins, cborData, response))) { + if(ErrorCode::OK != (errorCode = mProvision.lockProvision())) { printf("\n Failed to lock provisioning error: %d\n", uint32_t(errorCode)); return ret; } @@ -521,31 +297,32 @@ bool lockProvision() { bool getProvisionStatus() { bool ret = false; - CborConverter cborConverter; - cppbor::Array array; - Instruction ins = Instruction::INS_GET_PROVISION_STATUS_CMD; - ErrorCode errorCode = ErrorCode::OK; - std::vector cborData; - std::vector response; - std::unique_ptr item; - - if(ErrorCode::OK != (errorCode = sendProvisionData(ins, cborData, response))) { - printf("\n Failed to get provision status error: %d\n", uint32_t(errorCode)); + uint64_t status; + if (ErrorCode::OK != mProvision.getProvisionStatus(status)) { return ret; } - std::tie(item, errorCode) = cborConverter.decodeData(std::vector(response.begin(), response.end()-2), - true); - if(item != NULL) { - uint64_t status; - - if(!cborConverter.getUint64(item, 1, status)) { - printf("\n Failed to get the status value \n"); - return ret; - } else { - printf("\nCurrent provision status: %ld\n", status); + if ( (0 != (status & ProvisionStatus::PROVISION_STATUS_ATTESTATION_KEY)) && + (0 != (status & ProvisionStatus::PROVISION_STATUS_ATTESTATION_CERT_CHAIN)) && + (0 != (status & ProvisionStatus::PROVISION_STATUS_ATTESTATION_CERT_PARAMS)) && + (0 != (status & ProvisionStatus::PROVISION_STATUS_PRESHARED_SECRET)) && + (0 != (status & ProvisionStatus::PROVISION_STATUS_BOOT_PARAM))) { + printf("\n SE is provisioned \n"); + } else { + if (0 == (status & ProvisionStatus::PROVISION_STATUS_ATTESTATION_KEY)) { + printf("\n Attestation key is not provisioned \n"); + } + if (0 == (status & ProvisionStatus::PROVISION_STATUS_ATTESTATION_CERT_CHAIN)) { + printf("\n Attestation certificate chain is not provisioned \n"); + } + if (0 == (status & ProvisionStatus::PROVISION_STATUS_ATTESTATION_CERT_PARAMS)) { + printf("\n Attestation certificate params are not provisioned \n"); + } + if (0 == (status & ProvisionStatus::PROVISION_STATUS_PRESHARED_SECRET)) { + printf("\n Shared secret is not provisioned \n"); + } + if (0 == (status & ProvisionStatus::PROVISION_STATUS_BOOT_PARAM)) { + printf("\n Boot params are not provisioned \n"); } - } else { - return ret; } return true; } @@ -559,25 +336,13 @@ bool provisionSharedSecret(const char* filename) { sharedSecret = root.get("shared_secret", sharedSecret); if (!sharedSecret.isNull()) { - cppbor::Array array; - Instruction ins = Instruction::INS_PROVISION_SHARED_SECRET_CMD; - ErrorCode errorCode = ErrorCode::OK; - std::vector response; - std::string str = sharedSecret.asString(); - std::string secret = hex2str(str); - - //Length of the secret should be 32 bytes. - if(SHARED_SECRET_SIZE != secret.size()) { + + if (!sharedSecret.isString()) { return ret; } - std::vector input(secret.data(), secret.data() + secret.length()); - - //Encode input data into CBOR. - array.add(input); - std::vector cborData = array.encode(); - - if(ErrorCode::OK != (errorCode = sendProvisionData(ins, cborData, response))) { - printf("\n Failed to provision shared secret error: %d\n", uint32_t(errorCode)); + std::string secret = hex2str(sharedSecret.asString()); + std::vector data(secret.begin(), secret.end()); + if(ErrorCode::OK != mProvision.provisionPreSharedSecret(data)) { return ret; } } else { @@ -596,48 +361,14 @@ static bool provisionAttestationKey(const char* filename) { keyFile = root.get("attest_key", keyFile); if (!keyFile.isNull()) { - ErrorCode errorCode = ErrorCode::OK; - CborConverter cborConverter; - cppbor::Array array; - cppbor::Array subArray; std::vector data; - std::vector privKey; - std::vector pubKey; - Instruction ins = Instruction::INS_PROVISION_ATTESTATION_KEY_CMD; - EcCurve curve; - std::vector response; std::string keyFileName = keyFile.asString(); if(!readDataFromFile(keyFileName.data(), data)) { printf("\n Failed to read the Root ec key\n"); return ret; } - keymaster::AuthorizationSet authSetKeyParams(keymaster::AuthorizationSetBuilder() - .Authorization(keymaster::TAG_ALGORITHM, KM_ALGORITHM_EC) - .Authorization(keymaster::TAG_DIGEST, KM_DIGEST_SHA_2_256) - .Authorization(keymaster::TAG_EC_CURVE, KM_EC_CURVE_P_256) - .Authorization(keymaster::TAG_PURPOSE, static_cast(0x7F))); /* The value 0x7F is not present in types.hal */ - // Read the ECKey from the file. - hidl_vec keyParams = keymaster::V4_1::javacard::kmParamSet2Hidl(authSetKeyParams); - - if(ErrorCode::OK != (errorCode = keymaster::V4_1::javacard::ecRawKeyFromPKCS8(data, privKey, pubKey, curve))) { - printf("\n Failed to convert PKCS8 to RAW key\n"); - return ret; - } - subArray.add(privKey); - subArray.add(pubKey); - std::vector encodedArray = subArray.encode(); - cppbor::Bstr bstr(encodedArray.begin(), encodedArray.end()); - - //Encode data. - cborConverter.addKeyparameters(array, keyParams); - array.add(static_cast(KeyFormat::RAW)); - array.add(bstr); - - std::vector cborData = array.encode(); - - if(ErrorCode::OK != (errorCode = sendProvisionData(ins, cborData, response))) { - printf("\n Failed to provision attestation key\n"); + if(ErrorCode::OK != mProvision.provisionAttestationKey(data)) { return ret; } } else { @@ -656,23 +387,26 @@ bool provisionAttestationCertificateChain(const char* filename) { certChainFile = root.get("attest_cert_chain", certChainFile); if (!certChainFile.isNull()) { - ErrorCode errorCode = ErrorCode::OK; - cppbor::Array array; - Instruction ins = Instruction::INS_PROVISION_CERT_CHAIN_CMD; - std::vector response; - - std::vector certData; - std::string strCertChain = certChainFile.asString(); - /* Read the Root certificate */ - if(!readDataFromFile(strCertChain.data(), certData)) { - printf("\n Failed to read the Root certificate\n"); + std::vector> certData; + + if(certChainFile.isArray()) { + for (int i = 0; i < certChainFile.size(); i++) { + std::vector tmp; + if(certChainFile[i].isString()) { + /* Read the certificates. */ + if(!readDataFromFile(certChainFile[i].asString().data(), tmp)) { + printf("\n Failed to read the Root certificate\n"); + return ret; + } + certData.push_back(std::move(tmp)); + } else { + return ret; + } + } + } else { return ret; } - cppbor::Bstr certChain(certData.begin(), certData.end()); - std::vector cborData = certChain.encode(); - - if(ErrorCode::OK != (errorCode = sendProvisionData(ins, cborData, response))) { - printf("\n Failed to provision cert chain errorCode:%d\n", static_cast(errorCode)); + if (ErrorCode::OK != mProvision.provisionAtestationCertificateChain(certData)) { return ret; } } else { @@ -691,60 +425,21 @@ bool provisionAttestationCertificateParams(const char* filename) { certChainFile = root.get("attest_cert_chain", certChainFile); if (!certChainFile.isNull()) { - ErrorCode errorCode = ErrorCode::OK; - cppbor::Array array; - Instruction ins = Instruction::INS_PROVISION_CERT_PARAMS_CMD; - std::vector response; - X509 *x509 = NULL; - std::vector subject; - std::vector authorityKeyIdentifier; - std::vector notAfter; - std::vector certData; - std::vector> certChain; - - - std::string strCertChain = certChainFile.asString(); - /* Read the Root certificate */ - if(!readDataFromFile(strCertChain.data(), certData)) { - printf("\n Failed to read the Root certificate\n"); - return ret; - } - - // Get first certificate from chain of certificates. - if(ErrorCode::OK != (errorCode =keymaster::V4_1::javacard::getCertificateChain(certData, certChain))) { - printf("\n Failed to parse the certificate chain \n"); - return ret; - } - - if(certChain.size() == 0) { - printf("\n Length of the certificate chain is 0\n"); - return ret; - } + std::vector> certData; - - /* Subject, AuthorityKeyIdentifier and Expirty time of the root certificate are required by javacard. */ - /* Get X509 certificate instance for the root certificate.*/ - if(NULL == (x509 = parseDerCertificate(certChain[0]))) { - printf("\n Failed to parse the DER certificate \n"); - return ret; - } - - /* Get subject in DER */ - getDerSubjectName(x509, subject); - /* Get AuthorityKeyIdentifier */ - getAuthorityKeyIdentifier(x509, authorityKeyIdentifier); - /* Get Expirty Time */ - getNotAfter(x509, notAfter); - /*Free X509 */ - X509_free(x509); - - array.add(subject); - array.add(notAfter); - array.add(authorityKeyIdentifier); - std::vector cborData = array.encode(); - - if(ErrorCode::OK != (errorCode = sendProvisionData(ins, cborData, response))) { - printf("\n Failed to provision cert params errorCode:%d\n", static_cast(errorCode)); + if(certChainFile.isArray()) { + if (certChainFile.size() == 0) { + return ret; + } + std::vector tmp; + if(!readDataFromFile(certChainFile[0].asString().data(), tmp)) { + printf("\n Failed to read the Root certificate\n"); + return ret; + } + if (ErrorCode::OK != mProvision.provisionAttestationCertificateParams(tmp)) { + return ret; + } + } else { return ret; } } else { @@ -804,89 +499,88 @@ bool parseJsonFile(const char* filename) { int main(int argc, char* argv[]) { - int c; - struct option longOpts[] = { - {"all", required_argument, NULL, 'a'}, - {"attest_key", required_argument, NULL, 'k'}, - {"cert_chain", required_argument, NULL, 'c'}, - {"cert_params", required_argument, NULL,'p'}, - {"attest_ids", required_argument, NULL, 'i'}, - {"shared_secret", required_argument, NULL, 'r'}, - {"set_boot_params", required_argument, NULL, 'b'}, - {"provision_status", no_argument, NULL, 's'}, - {"lock_provision", no_argument, NULL, 'l'}, - {"help", no_argument, NULL, 'h'}, + int c; + struct option longOpts[] = { + {"all", required_argument, NULL, 'a'}, + {"attest_key", required_argument, NULL, 'k'}, + {"cert_chain", required_argument, NULL, 'c'}, + {"cert_params", required_argument, NULL,'p'}, + {"attest_ids", required_argument, NULL, 'i'}, + {"shared_secret", required_argument, NULL, 'r'}, + {"set_boot_params", required_argument, NULL, 'b'}, + {"provision_status", no_argument, NULL, 's'}, + {"lock_provision", no_argument, NULL, 'l'}, + {"help", no_argument, NULL, 'h'}, {0,0,0,0} - }; - -printf("\n main step0 \n"); - sbKeymaster = IKeymasterDevice::getService(SB_KEYMASTER_SERVICE); - if(NULL == sbKeymaster) { - printf("\n Failed to get StrongBox Keymaster service\n"); - exit(0); - } - pTransportFactory = getTransportFactoryInstance(); - if(NULL == pTransportFactory) { - printf("\n Failed to create transport factory\n"); - exit(0); - } + }; if (argc <= 1) { printf("\n Invalid command \n"); usage(); } -printf("\n main step1 \n"); - /* getopt_long stores the option index here. */ - while ((c = getopt_long(argc, argv, ":slha:k:c:p:i:r:b:", longOpts, NULL)) != -1) { - switch(c) { + /* Initialize provision */ + mProvision.initProvision(); + + /* getopt_long stores the option index here. */ + while ((c = getopt_long(argc, argv, ":slha:k:c:p:i:r:b:", longOpts, NULL)) != -1) { + switch(c) { case 'a': //all provision(optarg); break; case 'k': //attest key - provisionAttestationKey(optarg); + if(!provisionAttestationKey(optarg)) + printf("\n Failed to provision attestaion key\n"); break; case 'c': //attest certchain - provisionAttestationCertificateChain(optarg); + if(!provisionAttestationCertificateChain(optarg)) + printf("\n Failed to provision attestaion certificate chain\n"); break; case 'p': //attest cert params - provisionAttestationCertificateParams(optarg); + if(!provisionAttestationCertificateParams(optarg)) + printf("\n Failed to provision attestaion certificate paramaters\n"); + break; + case 'i': + //attestation ids. + if(!provisionAttestationIds(optarg)) + printf("\n Failed to provision attestaion ids\n"); + break; + //shared secret + case 'r': + if(!provisionSharedSecret(optarg)) + printf("\n Failed to provision shared secret\n"); break; - case 'i': - provisionAttestationIds(optarg); - break; - case 'r': - provisionSharedSecret(optarg); - break; case 'b': //set boot params - setBootParameters(optarg); + if(!setBootParameters(optarg)) + printf("\n Failed to set boot parameters.\n"); break; - case 's': - getProvisionStatus(); - break; - case 'l': + case 's': + if(!getProvisionStatus()) + printf("\n Failed to get provision status \n"); + break; + case 'l': lockProvision(); - break; - case 'h': + break; + case 'h': usage(); - break; - case ':': - printf("\n missing argument\n"); + break; + case ':': + printf("\n missing argument\n"); usage(); - break; - case '?': - default: - printf("\n Invalid option\n"); + break; + case '?': + default: + printf("\n Invalid option\n"); usage(); - break; - } - } + break; + } + } if(optind < argc) { usage(); } - return 0; + return 0; } diff --git a/provisioning_tool/sample_json.txt b/provisioning_tool/sample_json.txt index 1435e133..841c9843 100644 --- a/provisioning_tool/sample_json.txt +++ b/provisioning_tool/sample_json.txt @@ -17,9 +17,12 @@ "boot_patch_level": 0, "verified_boot_key": "0000000000000000000000000000000000000000000000000000000000000000", "verified_boot_key_hash": "0000000000000000000000000000000000000000000000000000000000000000", - "boot_state": 0, + "boot_state": 2, "device_locked": 0 }, "attest_key": "/data/vendor/ec_key.der", - "attest_cert_chain": "/data/vendor/ec_cert_chain.der" + "attest_cert_chain": [ + "/data/vendor/ec_cert.der", + "/data/vendor/ec_root_cert.der" + ] } From b5b0313a169090d693b69681ce807666d676668d Mon Sep 17 00:00:00 2001 From: BKSSM Venkateswarlu Date: Mon, 25 Jan 2021 15:35:50 +0530 Subject: [PATCH 041/169] Removed sample_json.txt --- HAL/keymaster/sample_json.txt | 25 ------------------------- 1 file changed, 25 deletions(-) delete mode 100644 HAL/keymaster/sample_json.txt diff --git a/HAL/keymaster/sample_json.txt b/HAL/keymaster/sample_json.txt deleted file mode 100644 index b65164aa..00000000 --- a/HAL/keymaster/sample_json.txt +++ /dev/null @@ -1,25 +0,0 @@ -{ - "attest_ids": { - "brand": "Google", - "device": "Pixel 3A", - "product": "Pixel", - "serial": "UGYJFDjFeRuBEH", - "imei": "987080543071019", - "meid": "27863510227963", - "manufacturer": "Foxconn", - "model": "HD1121" - }, - "shared_secret": "0000000000000000000000000000000000000000000000000000000000000000", - "set_boot_params": { - "os_version": 100, - "os_patch_level": 100, - "vendor_patch_level": 0, - "boot_patch_level": 0, - "verified_boot_key": "0000000000000000000000000000000000000000000000000000000000000000", - "verified_boot_key_hash": "0000000000000000000000000000000000000000000000000000000000000000", - "boot_state": 0, - "device_locked": 0 - }, - "attest_key": "/data/data/ec_key.der", - "attest_cert_chain": "/data/data/ec_cert_chain.der" -} From 73e209baa0b178d40c9be2efd60ec08a39a87c3a Mon Sep 17 00:00:00 2001 From: BKSSM Venkateswarlu Date: Mon, 25 Jan 2021 19:43:42 +0530 Subject: [PATCH 042/169] Added uninit function --- HAL/keymaster/4.1/Provision.cpp | 11 ++++++++++- HAL/keymaster/include/Provision.h | 1 + 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/HAL/keymaster/4.1/Provision.cpp b/HAL/keymaster/4.1/Provision.cpp index a896db88..c8f97660 100644 --- a/HAL/keymaster/4.1/Provision.cpp +++ b/HAL/keymaster/4.1/Provision.cpp @@ -197,7 +197,8 @@ ErrorCode Provision::initProvision() { if(pTransportFactory == nullptr) { pTransportFactory = std::unique_ptr(new se_transport::TransportFactory( android::base::GetBoolProperty("ro.kernel.qemu", false))); - pTransportFactory->openConnection(); + if(!pTransportFactory->openConnection()) + return ErrorCode::UNKNOWN_ERROR; } return ErrorCode::OK; } @@ -399,6 +400,14 @@ ErrorCode Provision::lockProvision() { } return errorCode; } + +ErrorCode Provision::uninit() { + if(pTransportFactory != nullptr) { + if(!pTransportFactory->closeConnection()) + return ErrorCode::UNKNOWN_ERROR; + } + return ErrorCode::OK; +} // Provision End } // namespace javacard diff --git a/HAL/keymaster/include/Provision.h b/HAL/keymaster/include/Provision.h index e6b670f2..64b56641 100644 --- a/HAL/keymaster/include/Provision.h +++ b/HAL/keymaster/include/Provision.h @@ -58,6 +58,7 @@ class Provision { ErrorCode provisionBootParameters(BootParams& bootParams ); ErrorCode lockProvision(); ErrorCode getProvisionStatus(uint64_t&); + ErrorCode uninit(); private: std::unique_ptr pTransportFactory; From 149cf0c214937ff5bedeffe42429ea170a71ce81 Mon Sep 17 00:00:00 2001 From: BKSSM Venkateswarlu Date: Tue, 26 Jan 2021 15:09:55 +0530 Subject: [PATCH 043/169] modified the function to init and uninit --- HAL/keymaster/4.1/Provision.cpp | 4 +--- HAL/keymaster/include/Provision.h | 32 +++++++++++++++++++++++++++- provisioning_tool/provision_tool.cpp | 4 +++- 3 files changed, 35 insertions(+), 5 deletions(-) diff --git a/HAL/keymaster/4.1/Provision.cpp b/HAL/keymaster/4.1/Provision.cpp index c8f97660..85bdd241 100644 --- a/HAL/keymaster/4.1/Provision.cpp +++ b/HAL/keymaster/4.1/Provision.cpp @@ -191,9 +191,7 @@ extendedOutput) { return ret; } -// Class Provision Start - -ErrorCode Provision::initProvision() { +ErrorCode Provision::init() { if(pTransportFactory == nullptr) { pTransportFactory = std::unique_ptr(new se_transport::TransportFactory( android::base::GetBoolProperty("ro.kernel.qemu", false))); diff --git a/HAL/keymaster/include/Provision.h b/HAL/keymaster/include/Provision.h index 64b56641..e541c496 100644 --- a/HAL/keymaster/include/Provision.h +++ b/HAL/keymaster/include/Provision.h @@ -49,15 +49,45 @@ typedef struct AttestIDParams_ { class Provision { public: - ErrorCode initProvision(); + /** + * Initalizes the transport layer. + */ + ErrorCode init(); + /** + * Provision the Attestation key. + */ ErrorCode provisionAttestationKey(std::vector& batchKey); + /** + * Provision the Attestation certificate chain. + */ ErrorCode provisionAtestationCertificateChain(std::vector>& CertChain); + /** + * Provision the Attestation certificate paramters. + */ ErrorCode provisionAttestationCertificateParams(std::vector& batchCertificate); + /** + * Provision the Attestation ID. + */ ErrorCode provisionAttestationID(AttestIDParams& attestParams); + /** + * Provision the pre-shared secret. + */ ErrorCode provisionPreSharedSecret(std::vector& preSharedSecret); + /** + * Provision the boot parameters. + */ ErrorCode provisionBootParameters(BootParams& bootParams ); + /** + * Locks the provision. After this no more provision commanands are allowed. + */ ErrorCode lockProvision(); + /** + * Get the provision status. + */ ErrorCode getProvisionStatus(uint64_t&); + /** + * Uninitialize the transport layer. + */ ErrorCode uninit(); private: diff --git a/provisioning_tool/provision_tool.cpp b/provisioning_tool/provision_tool.cpp index 820384b1..e3148fec 100644 --- a/provisioning_tool/provision_tool.cpp +++ b/provisioning_tool/provision_tool.cpp @@ -519,7 +519,7 @@ int main(int argc, char* argv[]) usage(); } /* Initialize provision */ - mProvision.initProvision(); + mProvision.init(); /* getopt_long stores the option index here. */ while ((c = getopt_long(argc, argv, ":slha:k:c:p:i:r:b:", longOpts, NULL)) != -1) { @@ -582,5 +582,7 @@ int main(int argc, char* argv[]) if(optind < argc) { usage(); } + /*Uninitalize */ + mProvision.uninit(); return 0; } From 5caf05e87d6ea51c32ab5a6b0850af16d04b1381 Mon Sep 17 00:00:00 2001 From: BKSSM Venkateswarlu Date: Wed, 27 Jan 2021 11:17:06 +0530 Subject: [PATCH 044/169] 1. Renamed the certiicate and key file names in sample_json.txt 2. Separated the Provision library from HAL and put it inside the provisioning_tool folder --- HAL/keymaster/Android.bp | 7 ++--- provisioning_tool/Android.bp | 27 +++++++++++++++++++ .../4.1 => provisioning_tool}/Provision.cpp | 0 .../include => provisioning_tool}/Provision.h | 0 provisioning_tool/sample_json.txt | 6 ++--- 5 files changed, 32 insertions(+), 8 deletions(-) rename {HAL/keymaster/4.1 => provisioning_tool}/Provision.cpp (100%) rename {HAL/keymaster/include => provisioning_tool}/Provision.h (100%) diff --git a/HAL/keymaster/Android.bp b/HAL/keymaster/Android.bp index 9db148da..1bcc6e2c 100644 --- a/HAL/keymaster/Android.bp +++ b/HAL/keymaster/Android.bp @@ -25,8 +25,6 @@ cc_binary { "4.1/JavacardKeymaster4Device.cpp", "4.1/JavacardSoftKeymasterContext.cpp", "4.1/JavacardOperationContext.cpp", - "4.1/CommonUtils.cpp", - "4.1/CborConverter.cpp", ], local_include_dirs: [ "include", @@ -46,6 +44,7 @@ cc_binary { "android.hardware.keymaster@4.1", "android.hardware.keymaster@4.0", "libjc_transport", + "libjc_common", "libcrypto", ], product_variables: { @@ -111,12 +110,11 @@ cc_library { } cc_library { - name: "libjc_provision", + name: "libjc_common", vendor_available: true, srcs: [ "4.1/CommonUtils.cpp", "4.1/CborConverter.cpp", - "4.1/Provision.cpp", ], local_include_dirs: [ "include", @@ -138,7 +136,6 @@ cc_library { "libcppbor", "android.hardware.keymaster@4.1", "android.hardware.keymaster@4.0", - "libjc_transport", "libcrypto", ], } diff --git a/provisioning_tool/Android.bp b/provisioning_tool/Android.bp index b9b39808..579d2ff4 100644 --- a/provisioning_tool/Android.bp +++ b/provisioning_tool/Android.bp @@ -36,6 +36,33 @@ cc_binary { "libjc_transport", "libcrypto", "libjsoncpp", + "libjc_common", "libjc_provision", ], } + +cc_library { + name: "libjc_provision", + vendor_available: true, + srcs: [ + "Provision.cpp", + ], + shared_libs: [ + "liblog", + "libcutils", + "libdl", + "libbase", + "libutils", + "libhardware", + "libhidlbase", + "libsoftkeymasterdevice", + "libkeymaster_messages", + "libkeymaster_portable", + "libcppbor", + "android.hardware.keymaster@4.1", + "android.hardware.keymaster@4.0", + "libjc_transport", + "libcrypto", + "libjc_common", + ], +} diff --git a/HAL/keymaster/4.1/Provision.cpp b/provisioning_tool/Provision.cpp similarity index 100% rename from HAL/keymaster/4.1/Provision.cpp rename to provisioning_tool/Provision.cpp diff --git a/HAL/keymaster/include/Provision.h b/provisioning_tool/Provision.h similarity index 100% rename from HAL/keymaster/include/Provision.h rename to provisioning_tool/Provision.h diff --git a/provisioning_tool/sample_json.txt b/provisioning_tool/sample_json.txt index 841c9843..8751c6b4 100644 --- a/provisioning_tool/sample_json.txt +++ b/provisioning_tool/sample_json.txt @@ -20,9 +20,9 @@ "boot_state": 2, "device_locked": 0 }, - "attest_key": "/data/vendor/ec_key.der", + "attest_key": "/data/vendor/batch_key.der", "attest_cert_chain": [ - "/data/vendor/ec_cert.der", - "/data/vendor/ec_root_cert.der" + "/data/vendor/batch_cert.der", + "/data/vendor/root_cert.der" ] } From 0f58d8c43dd5786e22c34451eae7894b6dac2799 Mon Sep 17 00:00:00 2001 From: BKSSM Venkateswarlu Date: Fri, 29 Jan 2021 10:34:08 +0530 Subject: [PATCH 045/169] Store master key as Key object rather than as a byte array --- .../keymaster/KMAndroidSEProvider.java | 4 +- .../javacard/keymaster/KMJCardSimulator.java | 4 +- .../javacard/keymaster/KMKeymasterApplet.java | 12 +++- .../javacard/keymaster/KMRepository.java | 62 ++++++++++++------- 4 files changed, 53 insertions(+), 29 deletions(-) diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java index 4b0994f4..20417d0f 100644 --- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java +++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java @@ -105,7 +105,7 @@ public class KMAndroidSEProvider implements KMSEProvider { public static final byte KEYSIZE_128_OFFSET = 0x00; public static final byte KEYSIZE_256_OFFSET = 0x01; public static final short TMP_ARRAY_SIZE = 256; - public static final short CERT_CHAIN_MAX_SIZE = 2050;//First 2 bytes for length. + public static final short CERT_CHAIN_MAX_SIZE = 2500;//First 2 bytes for length. final byte[] CIPHER_ALGS = { Cipher.ALG_AES_BLOCK_128_CBC_NOPAD, @@ -1143,7 +1143,7 @@ public void persistPartialCertificateChain(byte[] buf, short offset, short len, // Next single byte holds the array header. // Next 3 bytes holds the Byte array header with the cert1 length. // Next 3 bytes holds the Byte array header with the cert2 length. - if (totalLen > CERT_CHAIN_MAX_SIZE) { + if (totalLen > (short) (CERT_CHAIN_MAX_SIZE - 2)) { KMException.throwIt(KMError.INVALID_INPUT_LENGTH); } short persistedLen = Util.getShort(certificateChain, (short) 0); diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java index a9a6a937..08c3d0ea 100644 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java +++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java @@ -71,7 +71,7 @@ public class KMJCardSimulator implements KMSEProvider { public static final short MAX_RND_NUM_SIZE = 64; public static final short ENTROPY_POOL_SIZE = 16; // simulator does not support 256 bit aes keys public static final byte[] aesICV = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; - private static final short CERT_CHAIN_MAX_SIZE = 2050;//First 2 bytes for length. + private static final short CERT_CHAIN_MAX_SIZE = 2500;//First 2 bytes for length. public static boolean jcardSim = false; @@ -1246,7 +1246,7 @@ public void persistPartialCertificateChain(byte[] buf, short offset, // Next single byte holds the array header. // Next 3 bytes holds the Byte array header with the cert1 length. // Next 3 bytes holds the Byte array header with the cert2 length. - if (totalLen > CERT_CHAIN_MAX_SIZE) { + if (totalLen > (short) (CERT_CHAIN_MAX_SIZE - 2)) { KMException.throwIt(KMError.INVALID_INPUT_LENGTH); } short persistedLen = Util.getShort(certificateChain, (short) 0); diff --git a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java index a85a7243..6074038b 100644 --- a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java +++ b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java @@ -1530,7 +1530,11 @@ private void setUniqueId(KMAttestationCert cert, byte[] scratchPad) { } //master key. - tmpVariables[2] = repository.getMasterKeySecret(); + tmpVariables[2] = KMByteBlob.instance(KMRepository.MASTER_KEY_SIZE); + repository.getMasterKeySecret( + KMByteBlob.cast(tmpVariables[2]).getBuffer(), + KMByteBlob.cast(tmpVariables[2]).getStartOff(), + KMByteBlob.cast(tmpVariables[2]).length()); cert.makeUniqueId( scratchPad, (short) 0, @@ -3903,7 +3907,11 @@ private static short deriveKey(byte[] scratchPad) { // Input data - Encrypted output (Generated in step 2). // 4. HMAC Sign generates an output of 32 bytes length. // Consume only first 16 bytes as derived key. - tmpVariables[4] = repository.getMasterKeySecret(); + tmpVariables[4] = KMByteBlob.instance(KMRepository.MASTER_KEY_SIZE); + repository.getMasterKeySecret( + KMByteBlob.cast(tmpVariables[4]).getBuffer(), + KMByteBlob.cast(tmpVariables[4]).getStartOff(), + KMByteBlob.cast(tmpVariables[4]).length()); tmpVariables[5] = repository.alloc(AES_GCM_AUTH_TAG_LENGTH); tmpVariables[3] = seProvider.aesGCMEncrypt( diff --git a/Applet/src/com/android/javacard/keymaster/KMRepository.java b/Applet/src/com/android/javacard/keymaster/KMRepository.java index 4c30a613..94951348 100644 --- a/Applet/src/com/android/javacard/keymaster/KMRepository.java +++ b/Applet/src/com/android/javacard/keymaster/KMRepository.java @@ -22,6 +22,8 @@ import javacard.framework.ISOException; import javacard.framework.JCSystem; import javacard.framework.Util; +import javacard.security.AESKey; +import javacard.security.KeyBuilder; /** * KMRepository class manages persistent and volatile memory usage by the applet. Note the repository @@ -29,7 +31,7 @@ */ public class KMRepository implements KMUpgradable { // Data table configuration - public static final short DATA_INDEX_SIZE = 24; + public static final short DATA_INDEX_SIZE = 23; public static final short DATA_INDEX_ENTRY_SIZE = 4; public static final short DATA_MEM_SIZE = 2048; public static final short HEAP_SIZE = 10000; @@ -42,10 +44,9 @@ public class KMRepository implements KMUpgradable { private static final short OPERATION_HANDLE_ENTRY_SIZE = OPERATION_HANDLE_SIZE + OPERATION_HANDLE_STATUS_SIZE; // Data table offsets - public static final byte MASTER_KEY = 8; - public static final byte SHARED_KEY = 9; - public static final byte COMPUTED_HMAC_KEY = 10; - public static final byte HMAC_NONCE = 11; + public static final byte SHARED_KEY = 8; + public static final byte COMPUTED_HMAC_KEY = 9; + public static final byte HMAC_NONCE = 10; public static final byte ATT_ID_BRAND = 0; public static final byte ATT_ID_DEVICE = 1; public static final byte ATT_ID_PRODUCT = 2; @@ -54,18 +55,18 @@ public class KMRepository implements KMUpgradable { public static final byte ATT_ID_MEID = 5; public static final byte ATT_ID_MANUFACTURER = 6; public static final byte ATT_ID_MODEL = 7; - public static final byte ATT_EC_KEY = 12; - public static final byte CERT_ISSUER = 13; - public static final byte CERT_EXPIRY_TIME = 14; - public static final byte BOOT_OS_VERSION = 15; - public static final byte BOOT_OS_PATCH = 16; - public static final byte VENDOR_PATCH_LEVEL = 17; - public static final byte BOOT_PATCH_LEVEL = 18; - public static final byte BOOT_VERIFIED_BOOT_KEY = 19; - public static final byte BOOT_VERIFIED_BOOT_HASH = 20; - public static final byte BOOT_VERIFIED_BOOT_STATE = 21; - public static final byte BOOT_DEVICE_LOCKED_STATUS = 22; - public static final byte BOOT_DEVICE_LOCKED_TIME = 23; + public static final byte ATT_EC_KEY = 11; + public static final byte CERT_ISSUER = 12; + public static final byte CERT_EXPIRY_TIME = 13; + public static final byte BOOT_OS_VERSION = 14; + public static final byte BOOT_OS_PATCH = 15; + public static final byte VENDOR_PATCH_LEVEL = 16; + public static final byte BOOT_PATCH_LEVEL = 17; + public static final byte BOOT_VERIFIED_BOOT_KEY = 18; + public static final byte BOOT_VERIFIED_BOOT_HASH = 19; + public static final byte BOOT_VERIFIED_BOOT_STATE = 20; + public static final byte BOOT_DEVICE_LOCKED_STATUS = 21; + public static final byte BOOT_DEVICE_LOCKED_TIME = 22; // Data Item sizes public static final short MASTER_KEY_SIZE = 16; @@ -90,6 +91,7 @@ public class KMRepository implements KMUpgradable { private byte[] dataTable; private short dataIndex; private short reclaimIndex; + private AESKey masterKey; // Singleton instance private static KMRepository repository; @@ -249,9 +251,19 @@ public void releaseOperation(KMOperationState op) { } } - public void initMasterKey(byte[] key, short start, short len) { - if(len != MASTER_KEY_SIZE) ISOException.throwIt(ISO7816.SW_WRONG_LENGTH); - writeDataEntry(MASTER_KEY,key, start, len); + /** + * Masterkey is stored as a Javacard Key object instead of byte array. + * When master key is stored as a Key object, the Javacard OS internally + * provides appropriate security measures for the key to protect the key. + * The master key is maintained by Repository class so the Key object is + * created in this class itself rather than creating it in the SEProvider. + */ + public void initMasterKey(byte[] buf, short off, short len) { + if (len != MASTER_KEY_SIZE) + ISOException.throwIt(ISO7816.SW_WRONG_LENGTH); + masterKey = (AESKey) KeyBuilder.buildKey(KeyBuilder.TYPE_AES, + (short) (MASTER_KEY_SIZE * 8), false); + masterKey.setKey(buf, off); } public void initHmacSharedSecretKey(byte[] key, short start, short len) { @@ -296,8 +308,10 @@ public void onSelect() { // If write through caching is implemented then this method will restore the data into cache } - public short getMasterKeySecret() { - return readData(MASTER_KEY); + public void getMasterKeySecret(byte[] buffer, short offset, short length) { + if (length != MASTER_KEY_SIZE) + ISOException.throwIt(ISO7816.SW_WRONG_LENGTH); + masterKey.getKey(buffer, offset); } // This function uses memory from the back of the heap(transient memory). Call @@ -629,12 +643,14 @@ public void setBootState(byte state){ public void onSave(Element ele) { ele.write(dataIndex); ele.write(dataTable); + ele.write(masterKey); } @Override public void onRestore(Element ele) { dataIndex = ele.readShort(); dataTable = (byte[]) ele.readObject(); + masterKey = (AESKey) ele.readObject(); } @Override @@ -646,6 +662,6 @@ public short getBackupPrimitiveByteCount() { @Override public short getBackupObjectCount() { // dataTable - return (short) 1; + return (short) 2; } } From df36877779bdf0e9db5766e2fe0fd30d72f6cdda Mon Sep 17 00:00:00 2001 From: BKSSM Venkateswarlu Date: Sun, 31 Jan 2021 08:37:33 +0530 Subject: [PATCH 046/169] updated the sample_json.txt to use 3 certificates instead of 2 --- HAL/keymaster/4.1/SocketTransport.cpp | 2 +- provisioning_tool/sample_json.txt | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/HAL/keymaster/4.1/SocketTransport.cpp b/HAL/keymaster/4.1/SocketTransport.cpp index 51c28675..331a00b1 100644 --- a/HAL/keymaster/4.1/SocketTransport.cpp +++ b/HAL/keymaster/4.1/SocketTransport.cpp @@ -24,7 +24,7 @@ #define PORT 8080 #define IPADDR "10.9.40.24" //#define IPADDR "192.168.0.5" -#define MAX_RECV_BUFFER_SIZE 2048 +#define MAX_RECV_BUFFER_SIZE 2500 namespace se_transport { diff --git a/provisioning_tool/sample_json.txt b/provisioning_tool/sample_json.txt index 8751c6b4..fbfd71de 100644 --- a/provisioning_tool/sample_json.txt +++ b/provisioning_tool/sample_json.txt @@ -23,6 +23,7 @@ "attest_key": "/data/vendor/batch_key.der", "attest_cert_chain": [ "/data/vendor/batch_cert.der", - "/data/vendor/root_cert.der" + "/data/vendor/intermediate_cert.der", + "/data/vendor/ca_cert.der" ] } From 5b4f29ece78be66202d2c78730c3d7ab13e4228b Mon Sep 17 00:00:00 2001 From: BKSSM Venkateswarlu Date: Mon, 1 Feb 2021 10:10:40 +0530 Subject: [PATCH 047/169] Removed the changes relating to storing master key as Key object --- .../javacard/keymaster/KMKeymasterApplet.java | 12 +--- .../javacard/keymaster/KMRepository.java | 62 +++++++------------ 2 files changed, 25 insertions(+), 49 deletions(-) diff --git a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java index 6074038b..a85a7243 100644 --- a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java +++ b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java @@ -1530,11 +1530,7 @@ private void setUniqueId(KMAttestationCert cert, byte[] scratchPad) { } //master key. - tmpVariables[2] = KMByteBlob.instance(KMRepository.MASTER_KEY_SIZE); - repository.getMasterKeySecret( - KMByteBlob.cast(tmpVariables[2]).getBuffer(), - KMByteBlob.cast(tmpVariables[2]).getStartOff(), - KMByteBlob.cast(tmpVariables[2]).length()); + tmpVariables[2] = repository.getMasterKeySecret(); cert.makeUniqueId( scratchPad, (short) 0, @@ -3907,11 +3903,7 @@ private static short deriveKey(byte[] scratchPad) { // Input data - Encrypted output (Generated in step 2). // 4. HMAC Sign generates an output of 32 bytes length. // Consume only first 16 bytes as derived key. - tmpVariables[4] = KMByteBlob.instance(KMRepository.MASTER_KEY_SIZE); - repository.getMasterKeySecret( - KMByteBlob.cast(tmpVariables[4]).getBuffer(), - KMByteBlob.cast(tmpVariables[4]).getStartOff(), - KMByteBlob.cast(tmpVariables[4]).length()); + tmpVariables[4] = repository.getMasterKeySecret(); tmpVariables[5] = repository.alloc(AES_GCM_AUTH_TAG_LENGTH); tmpVariables[3] = seProvider.aesGCMEncrypt( diff --git a/Applet/src/com/android/javacard/keymaster/KMRepository.java b/Applet/src/com/android/javacard/keymaster/KMRepository.java index 94951348..4c30a613 100644 --- a/Applet/src/com/android/javacard/keymaster/KMRepository.java +++ b/Applet/src/com/android/javacard/keymaster/KMRepository.java @@ -22,8 +22,6 @@ import javacard.framework.ISOException; import javacard.framework.JCSystem; import javacard.framework.Util; -import javacard.security.AESKey; -import javacard.security.KeyBuilder; /** * KMRepository class manages persistent and volatile memory usage by the applet. Note the repository @@ -31,7 +29,7 @@ */ public class KMRepository implements KMUpgradable { // Data table configuration - public static final short DATA_INDEX_SIZE = 23; + public static final short DATA_INDEX_SIZE = 24; public static final short DATA_INDEX_ENTRY_SIZE = 4; public static final short DATA_MEM_SIZE = 2048; public static final short HEAP_SIZE = 10000; @@ -44,9 +42,10 @@ public class KMRepository implements KMUpgradable { private static final short OPERATION_HANDLE_ENTRY_SIZE = OPERATION_HANDLE_SIZE + OPERATION_HANDLE_STATUS_SIZE; // Data table offsets - public static final byte SHARED_KEY = 8; - public static final byte COMPUTED_HMAC_KEY = 9; - public static final byte HMAC_NONCE = 10; + public static final byte MASTER_KEY = 8; + public static final byte SHARED_KEY = 9; + public static final byte COMPUTED_HMAC_KEY = 10; + public static final byte HMAC_NONCE = 11; public static final byte ATT_ID_BRAND = 0; public static final byte ATT_ID_DEVICE = 1; public static final byte ATT_ID_PRODUCT = 2; @@ -55,18 +54,18 @@ public class KMRepository implements KMUpgradable { public static final byte ATT_ID_MEID = 5; public static final byte ATT_ID_MANUFACTURER = 6; public static final byte ATT_ID_MODEL = 7; - public static final byte ATT_EC_KEY = 11; - public static final byte CERT_ISSUER = 12; - public static final byte CERT_EXPIRY_TIME = 13; - public static final byte BOOT_OS_VERSION = 14; - public static final byte BOOT_OS_PATCH = 15; - public static final byte VENDOR_PATCH_LEVEL = 16; - public static final byte BOOT_PATCH_LEVEL = 17; - public static final byte BOOT_VERIFIED_BOOT_KEY = 18; - public static final byte BOOT_VERIFIED_BOOT_HASH = 19; - public static final byte BOOT_VERIFIED_BOOT_STATE = 20; - public static final byte BOOT_DEVICE_LOCKED_STATUS = 21; - public static final byte BOOT_DEVICE_LOCKED_TIME = 22; + public static final byte ATT_EC_KEY = 12; + public static final byte CERT_ISSUER = 13; + public static final byte CERT_EXPIRY_TIME = 14; + public static final byte BOOT_OS_VERSION = 15; + public static final byte BOOT_OS_PATCH = 16; + public static final byte VENDOR_PATCH_LEVEL = 17; + public static final byte BOOT_PATCH_LEVEL = 18; + public static final byte BOOT_VERIFIED_BOOT_KEY = 19; + public static final byte BOOT_VERIFIED_BOOT_HASH = 20; + public static final byte BOOT_VERIFIED_BOOT_STATE = 21; + public static final byte BOOT_DEVICE_LOCKED_STATUS = 22; + public static final byte BOOT_DEVICE_LOCKED_TIME = 23; // Data Item sizes public static final short MASTER_KEY_SIZE = 16; @@ -91,7 +90,6 @@ public class KMRepository implements KMUpgradable { private byte[] dataTable; private short dataIndex; private short reclaimIndex; - private AESKey masterKey; // Singleton instance private static KMRepository repository; @@ -251,19 +249,9 @@ public void releaseOperation(KMOperationState op) { } } - /** - * Masterkey is stored as a Javacard Key object instead of byte array. - * When master key is stored as a Key object, the Javacard OS internally - * provides appropriate security measures for the key to protect the key. - * The master key is maintained by Repository class so the Key object is - * created in this class itself rather than creating it in the SEProvider. - */ - public void initMasterKey(byte[] buf, short off, short len) { - if (len != MASTER_KEY_SIZE) - ISOException.throwIt(ISO7816.SW_WRONG_LENGTH); - masterKey = (AESKey) KeyBuilder.buildKey(KeyBuilder.TYPE_AES, - (short) (MASTER_KEY_SIZE * 8), false); - masterKey.setKey(buf, off); + public void initMasterKey(byte[] key, short start, short len) { + if(len != MASTER_KEY_SIZE) ISOException.throwIt(ISO7816.SW_WRONG_LENGTH); + writeDataEntry(MASTER_KEY,key, start, len); } public void initHmacSharedSecretKey(byte[] key, short start, short len) { @@ -308,10 +296,8 @@ public void onSelect() { // If write through caching is implemented then this method will restore the data into cache } - public void getMasterKeySecret(byte[] buffer, short offset, short length) { - if (length != MASTER_KEY_SIZE) - ISOException.throwIt(ISO7816.SW_WRONG_LENGTH); - masterKey.getKey(buffer, offset); + public short getMasterKeySecret() { + return readData(MASTER_KEY); } // This function uses memory from the back of the heap(transient memory). Call @@ -643,14 +629,12 @@ public void setBootState(byte state){ public void onSave(Element ele) { ele.write(dataIndex); ele.write(dataTable); - ele.write(masterKey); } @Override public void onRestore(Element ele) { dataIndex = ele.readShort(); dataTable = (byte[]) ele.readObject(); - masterKey = (AESKey) ele.readObject(); } @Override @@ -662,6 +646,6 @@ public short getBackupPrimitiveByteCount() { @Override public short getBackupObjectCount() { // dataTable - return (short) 2; + return (short) 1; } } From fc9428ddd96db3b3c9b2941a609d539ea0497a0d Mon Sep 17 00:00:00 2001 From: BKSSM Venkateswarlu Date: Tue, 2 Feb 2021 18:06:17 +0530 Subject: [PATCH 048/169] Added log statements --- provisioning_tool/provision_tool.cpp | 44 ++++++++++++++++++++-------- 1 file changed, 31 insertions(+), 13 deletions(-) diff --git a/provisioning_tool/provision_tool.cpp b/provisioning_tool/provision_tool.cpp index e3148fec..0f240b3c 100644 --- a/provisioning_tool/provision_tool.cpp +++ b/provisioning_tool/provision_tool.cpp @@ -177,6 +177,7 @@ bool getBootParameterBlobValue(Json::Value& bootParamsObj, const char* key, std: bool setBootParameters(const char* filename) { Json::Value bootParamsObj; bool ret = false; + ErrorCode err = ErrorCode::OK; keymaster::V4_1::javacard::BootParams bootParams; if(!parseJsonFile(filename)) @@ -219,10 +220,12 @@ bool setBootParameters(const char* filename) { } } else { + printf("\n Fail: Improper value found for set_boot_params key inside the json file\n"); return ret; } - if (ErrorCode::OK != mProvision.provisionBootParameters(bootParams)) { + if (ErrorCode::OK != (err = mProvision.provisionBootParameters(bootParams))) { + printf("\n set boot parameters failed with err:%d \n", (int32_t)err); return ret; } @@ -233,6 +236,7 @@ bool setBootParameters(const char* filename) { bool provisionAttestationIds(const char *filename) { Json::Value attestIds; bool ret = false; + ErrorCode err = ErrorCode::OK; keymaster::V4_1::javacard::AttestIDParams params; if(!parseJsonFile(filename)) @@ -248,6 +252,7 @@ bool provisionAttestationIds(const char *filename) { continue; } if (!value.isString()) { + printf("\n Fail: Value for each attest ids key should be a string in the json file \n"); return ret; } @@ -273,10 +278,12 @@ bool provisionAttestationIds(const char *filename) { } } - if (ErrorCode::OK != mProvision.provisionAttestationID(params)) { + if (ErrorCode::OK != (err = mProvision.provisionAttestationID(params))) { + printf("\n Provision attestationID parameters failed with err:%d \n", (int32_t)err); return ret; } } else { + printf("\n Fail: Improper value found for attest_ids key inside the json file \n"); return ret; } printf("\n provisioned attestation ids successfully \n"); @@ -330,6 +337,7 @@ bool getProvisionStatus() { bool provisionSharedSecret(const char* filename) { Json::Value sharedSecret; bool ret = false; + ErrorCode err = ErrorCode::OK; if(!parseJsonFile(filename)) return ret; @@ -338,14 +346,17 @@ bool provisionSharedSecret(const char* filename) { if (!sharedSecret.isNull()) { if (!sharedSecret.isString()) { + printf("\n Fail: Value for shared secret key should be string inside the json file\n"); return ret; } std::string secret = hex2str(sharedSecret.asString()); std::vector data(secret.begin(), secret.end()); - if(ErrorCode::OK != mProvision.provisionPreSharedSecret(data)) { + if(ErrorCode::OK != (err = mProvision.provisionPreSharedSecret(data))) { + printf("\n Provision pre-shared secret failed with err:%d \n", (int32_t)err); return ret; } } else { + printf("\n Fail: Improper value for shared_secret key inside the json file\n"); return ret; } printf("\n Provisioned shared secret successfully \n"); @@ -355,6 +366,7 @@ bool provisionSharedSecret(const char* filename) { static bool provisionAttestationKey(const char* filename) { Json::Value keyFile; bool ret = false; + ErrorCode err = ErrorCode::OK; if(!parseJsonFile(filename)) return ret; @@ -368,10 +380,12 @@ static bool provisionAttestationKey(const char* filename) { printf("\n Failed to read the Root ec key\n"); return ret; } - if(ErrorCode::OK != mProvision.provisionAttestationKey(data)) { + if(ErrorCode::OK != (err = mProvision.provisionAttestationKey(data))) { + printf("\n Provision attestation key failed with error: %d\n", (int32_t)err); return ret; } } else { + printf("\n Improper value for attest_key in json file \n"); return ret; } printf("\n Provisioned attestation key successfully\n"); @@ -381,6 +395,7 @@ static bool provisionAttestationKey(const char* filename) { bool provisionAttestationCertificateChain(const char* filename) { Json::Value certChainFile; bool ret = false; + ErrorCode err = ErrorCode::OK; if(!parseJsonFile(filename)) return ret; @@ -400,16 +415,20 @@ bool provisionAttestationCertificateChain(const char* filename) { } certData.push_back(std::move(tmp)); } else { + printf("\n Fail: Only proper certificate paths as a string is allowed inside the json file. \n"); return ret; } } } else { + printf("\n Fail: cert chain value should be an array inside the json file. \n"); return ret; } - if (ErrorCode::OK != mProvision.provisionAtestationCertificateChain(certData)) { + if (ErrorCode::OK != (err = mProvision.provisionAtestationCertificateChain(certData))) { + printf("\n Provision certificate chain failed with error: %d\n", (int32_t)err); return ret; } } else { + printf("\n Fail: Improper value found for attest_cert_chain key inside json file \n"); return ret; } printf("\n Provisioned attestation certificate chain successfully\n"); @@ -419,6 +438,7 @@ bool provisionAttestationCertificateChain(const char* filename) { bool provisionAttestationCertificateParams(const char* filename) { Json::Value certChainFile; bool ret = false; + ErrorCode err = ErrorCode::OK; if(!parseJsonFile(filename)) return ret; @@ -436,13 +456,16 @@ bool provisionAttestationCertificateParams(const char* filename) { printf("\n Failed to read the Root certificate\n"); return ret; } - if (ErrorCode::OK != mProvision.provisionAttestationCertificateParams(tmp)) { + if (ErrorCode::OK != (err = mProvision.provisionAttestationCertificateParams(tmp))) { + printf("\n Provision certificate params failed with error: %d\n", (int32_t)err); return ret; } } else { + printf("\n Fail: cert chain value should be an array inside the json file. \n"); return ret; } } else { + printf("\n Fail: Improper value found for attest_cert_chain key inside json file \n"); return ret; } printf("\n Provisioned attestation certificate parameters successfully\n"); @@ -452,27 +475,21 @@ bool provisionAttestationCertificateParams(const char* filename) { bool provision(const char* filename) { if(!provisionAttestationKey(filename)) { - printf("\n Failed to provision attestation Key\n"); return false; } if(!provisionAttestationCertificateChain(filename)) { - printf("\n Failed to provision certificate chain\n"); return false; } if(!provisionAttestationCertificateParams(filename)) { - printf("\n Failed to provision certificate paramters\n"); return false; } if(!provisionSharedSecret(filename)) { - printf("\n Failed to provision shared secret\n"); return false; } if(!provisionAttestationIds(filename)) { - printf("\n Failed to provision attestation ids\n"); return false; } if(!setBootParameters(filename)) { - printf("\n Failed to set boot parameters\n"); return false; } return true; @@ -526,7 +543,8 @@ int main(int argc, char* argv[]) switch(c) { case 'a': //all - provision(optarg); + if(!provision(optarg)) + printf("\n Failed to provision the device \n"); break; case 'k': //attest key From 55420da7a0067fcca4dda28d1a46be28d02e4993 Mon Sep 17 00:00:00 2001 From: bvenkateswarlu Date: Tue, 2 Feb 2021 18:11:17 +0530 Subject: [PATCH 049/169] 1. Corrected the convertToDate algorithm to generate correct time and date. 2. Added new method for UnsignedArrayCompare. --- .../android/javacard/keymaster/KMUtils.java | 172 ++++++++++++++---- .../keymaster/KMRsa2048NoDigestSignature.java | 2 +- .../android/javacard/keymaster/KMUtils.java | 170 +++++++++++++---- .../android/javacard/keymaster/KMInteger.java | 2 +- .../javacard/keymaster/KMKeymasterApplet.java | 4 +- 5 files changed, 281 insertions(+), 69 deletions(-) diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMUtils.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMUtils.java index d9d7e111..cb8df259 100644 --- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMUtils.java +++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMUtils.java @@ -14,23 +14,36 @@ public class KMUtils { 0, 0, 0, 0, 0x05, 0x26, 0x5C, 0x00 }; // 86400000 msec public static final byte[] oneMonthMsec = { 0, 0, 0, 0, (byte) 0x9C,(byte) 0xBE, (byte) 0xBD, 0x50}; // 2629746000 msec - public static final byte[] oneYearMsec = { - 0, 0, 0, 0x07, 0x58, (byte) 0xF0, (byte) 0xDF, (byte) 0xC0 }; // 31556952000 msec - // Leap year + 3 yrs + public static final byte[] leapYearMsec = { + 0, 0, 0, 0x07, (byte) 0x5C, (byte) 0xD7, (byte) 0x88, 0x00}; //31622400000; + public static final byte[] yearMsec = { + 0, 0, 0, 0x07, 0x57, (byte) 0xB1, 0x2C, 0x00}; //31536000000 + //Leap year(366) + 3 * 365 public static final byte[] fourYrsMsec = { - 0, 0, 0, 0x1D, 0x63, (byte) 0xC3, 0x7F, 0x00 }; // 126227808000 msec + 0, 0, 0, 0x1D, 0x63, (byte) 0xEB, 0x0C, 0x00};//126230400000 public static final byte[] firstJan2020 = { - 0, 0, 0x01, 0x6F, 0x5E, 0x66, (byte)0xE8, 0x00 }; // 1577836800000 msec + 0, 0, 0x01, 0x6F, 0x5E, 0x66, (byte)0xE8, 0x00 }; // 1577836800000 msec public static final byte[] firstJan2051 = { 0, 0, 0x02, 0x53, 0x26, (byte) 0x0E, (byte) 0x1C, 0x00 }; // 2556144000000 // msec + public static final byte[] febMonthLeapMSec = { + 0, 0, 0, 0, (byte) 0x95, 0x58, 0x6C, 0x00 }; //2505600000 + public static final byte[] febMonthMsec = { + 0, 0, 0, 0, (byte) 0x90, 0x32, 0x10, 0x00 }; //2419200000 + public static final byte[] ThirtyOneDaysMonthMsec = { + 0, 0, 0, 0, (byte) 0x9F, (byte) 0xA5, 0x24, 0x00 };//2678400000 + public static final byte[] ThirtDaysMonthMsec = { + 0, 0, 0, 0, (byte) 0x9A, 0x7E, (byte) 0xC8, 0x00 };//2592000000 + public static final short year2051 = 2051; + public static final short year2020 = 2020; // -------------------------------------- public static short convertToDate(short time, byte[] scratchPad, boolean utcFlag) { + short yrsCount = 0; short monthCount = 1; - short dayCount = 0; + short dayCount = 1; short hhCount = 0; short mmCount = 0; short ssCount = 0; @@ -42,17 +55,17 @@ public static short convertToDate(short time, byte[] scratchPad, (short) (8 - KMInteger.cast(time).length()), KMInteger.cast(time) .length()); // If the time is less then 1 Jan 2020 then it is an error - if (Util.arrayCompare(scratchPad, (short) 0, firstJan2020, (short) 0, + if (unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2020, (short) 0, (short) 8) < 0) { KMException.throwIt(KMError.INVALID_ARGUMENT); } if (utcFlag - && Util.arrayCompare(scratchPad, (short) 0, firstJan2051, + && unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, (short) 0, (short) 8) >= 0) { KMException.throwIt(KMError.INVALID_ARGUMENT); } - if (Util.arrayCompare(scratchPad, (short) 0, firstJan2051, (short) 0, + if (unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, (short) 0, (short) 8) < 0) { Util.arrayCopyNonAtomic(firstJan2020, (short) 0, scratchPad, (short) 8, (short) 8); @@ -68,7 +81,7 @@ public static short convertToDate(short time, byte[] scratchPad, (short) 8); } // divide the given time with four yrs msec count - if (Util.arrayCompare(scratchPad, (short) 0, fourYrsMsec, (short) 0, + if (unsignedByteArrayCompare(scratchPad, (short) 0, fourYrsMsec, (short) 0, (short) 8) >= 0) { Util.arrayCopyNonAtomic(fourYrsMsec, (short) 0, scratchPad, (short) 8, (short) 8); @@ -81,44 +94,97 @@ public static short convertToDate(short time, byte[] scratchPad, Util.arrayCopyNonAtomic(scratchPad, (short) 16, scratchPad, (short) 0, (short) 8); } - // divide the given time with one yr msec count - if (Util.arrayCompare(scratchPad, (short) 0, oneYearMsec, (short) 0, - (short) 8) >= 0) { - Util.arrayCopyNonAtomic(oneYearMsec, (short) 0, scratchPad, (short) 8, - (short) 8); - yrsCount += divide(scratchPad, (short) 0, (short) 8, (short) 16); - Util.arrayCopyNonAtomic(scratchPad, (short) 16, scratchPad, (short) 0, - (short) 8); + + //Get the leap year index starting from the (base Year + yrsCount) Year. + short leapYrIdx = getLeapYrIndex(from2020, yrsCount); + + // if leap year index is 0, then the number of days for the 1st year will be 366 days. + // if leap year index is not 0, then the number of days for the 1st year will be 365 days. + if (((leapYrIdx == 0) && + (unsignedByteArrayCompare(scratchPad, (short) 0, leapYearMsec, (short) 0,(short) 8) >= 0)) || + ((leapYrIdx != 0) && + (unsignedByteArrayCompare(scratchPad, (short) 0, yearMsec, (short) 0,(short) 8) >= 0))) { + for (short i = 0; i < 4; i++) { + yrsCount++; + if (i == leapYrIdx) { + Util.arrayCopyNonAtomic(leapYearMsec, (short) 0, scratchPad, + (short) 8, (short) 8); + } else { + Util.arrayCopyNonAtomic(yearMsec, (short) 0, scratchPad, (short) 8, + (short) 8); + } + subtract(scratchPad, (short) 0, (short) 8, (short) 16); + Util.arrayCopyNonAtomic(scratchPad, (short) 16, scratchPad, (short) 0, + (short) 8); + if (((short) (i + 1) == leapYrIdx)) { + if (unsignedByteArrayCompare(scratchPad, (short) 0, leapYearMsec, + (short) 0, (short) 8) < 0) { + break; + } + } else { + if (unsignedByteArrayCompare(scratchPad, (short) 0, yearMsec, + (short) 0, (short) 8) < 0) { + break; + } + } + } } + // total yrs from 1970 if (from2020) - yrsCount = (short) (2020 + yrsCount); + yrsCount = (short) (year2020 + yrsCount); else - yrsCount = (short) (2051 + yrsCount); + yrsCount = (short) (year2051 + yrsCount); // divide the given time with one month msec count - if (Util.arrayCompare(scratchPad, (short) 0, oneMonthMsec, (short) 0, + if (unsignedByteArrayCompare(scratchPad, (short) 0, oneMonthMsec, (short) 0, (short) 8) >= 0) { - Util.arrayCopyNonAtomic(oneMonthMsec, (short) 0, scratchPad, (short) 8, - (short) 8); - monthCount = divide(scratchPad, (short) 0, (short) 8, (short) 16); - monthCount++; - Util.arrayCopyNonAtomic(scratchPad, (short) 16, scratchPad, (short) 0, - (short) 8); + for (short i = 0; i < 12; i++) { + if (i == 1) { + // Feb month + if (isLeapYear(yrsCount)) { + // Leap year 29 days + Util.arrayCopyNonAtomic(febMonthLeapMSec, (short) 0, scratchPad, + (short) 8, (short) 8); + } else { + // 28 days + Util.arrayCopyNonAtomic(febMonthMsec, (short) 0, scratchPad, + (short) 8, (short) 8); + } + } else if (((i <= 6) && ((i % 2 == 0))) || ((i > 6) && ((i % 2 == 1)))) { + Util.arrayCopyNonAtomic(ThirtyOneDaysMonthMsec, (short) 0, + scratchPad, (short) 8, (short) 8); + } else { + // 30 Days + Util.arrayCopyNonAtomic(ThirtDaysMonthMsec, (short) 0, scratchPad, + (short) 8, (short) 8); + } + + if (unsignedByteArrayCompare(scratchPad, (short) 0, scratchPad, (short) 8, + (short) 8) >= 0) { + subtract(scratchPad, (short) 0, (short) 8, (short) 16); + Util.arrayCopyNonAtomic(scratchPad, (short) 16, scratchPad, (short) 0, + (short) 8); + } else { + break; + } + monthCount++; + } } // divide the given time with one day msec count - if (Util.arrayCompare(scratchPad, (short) 0, oneDayMsec, (short) 0, + if (unsignedByteArrayCompare(scratchPad, (short) 0, oneDayMsec, (short) 0, (short) 8) >= 0) { Util.arrayCopyNonAtomic(oneDayMsec, (short) 0, scratchPad, (short) 8, (short) 8); dayCount = divide(scratchPad, (short) 0, (short) 8, (short) 16); + dayCount++; Util.arrayCopyNonAtomic(scratchPad, (short) 16, scratchPad, (short) 0, (short) 8); } // divide the given time with one hour msec count - if (Util.arrayCompare(scratchPad, (short) 0, oneHourMsec, (short) 0, + if (unsignedByteArrayCompare(scratchPad, (short) 0, oneHourMsec, (short) 0, (short) 8) >= 0) { Util.arrayCopyNonAtomic(oneHourMsec, (short) 0, scratchPad, (short) 8, (short) 8); @@ -128,7 +194,7 @@ public static short convertToDate(short time, byte[] scratchPad, } // divide the given time with one minute msec count - if (Util.arrayCompare(scratchPad, (short) 0, oneMinMsec, (short) 0, + if (unsignedByteArrayCompare(scratchPad, (short) 0, oneMinMsec, (short) 0, (short) 8) >= 0) { Util.arrayCopyNonAtomic(oneMinMsec, (short) 0, scratchPad, (short) 8, (short) 8); @@ -138,7 +204,7 @@ public static short convertToDate(short time, byte[] scratchPad, } // divide the given time with one second msec count - if (Util.arrayCompare(scratchPad, (short) 0, oneSecMsec, (short) 0, + if (unsignedByteArrayCompare(scratchPad, (short) 0, oneSecMsec, (short) 0, (short) 8) >= 0) { Util.arrayCopyNonAtomic(oneSecMsec, (short) 0, scratchPad, (short) 8, (short) 8); @@ -163,6 +229,25 @@ public static short convertToDate(short time, byte[] scratchPad, return KMByteBlob.instance(scratchPad, (short) 0, len); // YYYY } + public static byte unsignedByteArrayCompare(byte[] a1, short offset1, byte[] a2, short offset2, short length) { + byte count = (byte) 0; + short val1 = (short)0; + short val2 = (short)0; + + for (; count < length; count++) { + val1 = (short) (a1[(short) (count + offset1)] & 0x00FF); + val2 = (short) (a2[(short) (count + offset2)] & 0x00FF); + + if (val1 < val2) { + return -1; + } + if (val1 > val2) { + return 1; + } + } + return 0; + } + public static short numberToString(short number, byte[] scratchPad, short offset) { byte zero = 0x30; @@ -211,7 +296,7 @@ public static void copy(byte[] buf, short from, short to) { } public static byte compare(byte[] buf, short lhs, short rhs) { - return Util.arrayCompare(buf, lhs, buf, rhs, (short) 8); + return unsignedByteArrayCompare(buf, lhs, buf, rhs, (short) 8); } public static void shiftLeft(byte[] buf, short start) { @@ -319,4 +404,25 @@ public static short countTemporalCount(byte[] bufTime, short timeOff, return divide(scratchPad, (short) 0, (short) 8, (short) 16); } -} + public static boolean isLeapYear(short year) { + if ((short)(year%4) == (short) 0) { + if (((short)(year % 100) == (short) 0) && + ((short) (year % 400)) != (short) 0) { + return false; + } + return true; + } + return false; + } + + public static short getLeapYrIndex(boolean from2020, short yrsCount) { + short newBaseYr = (short) (from2020 ? (year2020 + yrsCount) : (year2051 + yrsCount)); + for(short i = 0; i < 4; i++) { + if(isLeapYear((short)(newBaseYr + i))) { + return i; + } + } + return -1; + } + +} \ No newline at end of file diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMRsa2048NoDigestSignature.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMRsa2048NoDigestSignature.java index 38e9a3bc..3ebf5fe0 100644 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMRsa2048NoDigestSignature.java +++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMRsa2048NoDigestSignature.java @@ -107,7 +107,7 @@ private boolean isValidData(byte[] buf, short start, short len) { if (padding == KMType.PADDING_NONE) { if (len > 256) return false; else if (len == 256) { - short v = Util.arrayCompare(buf, start, rsaModulus, (short) 0, len); + short v = KMUtils.unsignedByteArrayCompare(buf, start, rsaModulus, (short) 0, len); if (v > 0) return false; } } else {//pkcs1 no digest diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMUtils.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMUtils.java index 41bbe1ff..cb8df259 100644 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMUtils.java +++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMUtils.java @@ -14,23 +14,36 @@ public class KMUtils { 0, 0, 0, 0, 0x05, 0x26, 0x5C, 0x00 }; // 86400000 msec public static final byte[] oneMonthMsec = { 0, 0, 0, 0, (byte) 0x9C,(byte) 0xBE, (byte) 0xBD, 0x50}; // 2629746000 msec - public static final byte[] oneYearMsec = { - 0, 0, 0, 0x07, 0x58, (byte) 0xF0, (byte) 0xDF, (byte) 0xC0 }; // 31556952000 msec - // Leap year + 3 yrs + public static final byte[] leapYearMsec = { + 0, 0, 0, 0x07, (byte) 0x5C, (byte) 0xD7, (byte) 0x88, 0x00}; //31622400000; + public static final byte[] yearMsec = { + 0, 0, 0, 0x07, 0x57, (byte) 0xB1, 0x2C, 0x00}; //31536000000 + //Leap year(366) + 3 * 365 public static final byte[] fourYrsMsec = { - 0, 0, 0, 0x1D, 0x63, (byte) 0xC3, 0x7F, 0x00 }; // 126227808000 msec + 0, 0, 0, 0x1D, 0x63, (byte) 0xEB, 0x0C, 0x00};//126230400000 public static final byte[] firstJan2020 = { 0, 0, 0x01, 0x6F, 0x5E, 0x66, (byte)0xE8, 0x00 }; // 1577836800000 msec public static final byte[] firstJan2051 = { 0, 0, 0x02, 0x53, 0x26, (byte) 0x0E, (byte) 0x1C, 0x00 }; // 2556144000000 // msec + public static final byte[] febMonthLeapMSec = { + 0, 0, 0, 0, (byte) 0x95, 0x58, 0x6C, 0x00 }; //2505600000 + public static final byte[] febMonthMsec = { + 0, 0, 0, 0, (byte) 0x90, 0x32, 0x10, 0x00 }; //2419200000 + public static final byte[] ThirtyOneDaysMonthMsec = { + 0, 0, 0, 0, (byte) 0x9F, (byte) 0xA5, 0x24, 0x00 };//2678400000 + public static final byte[] ThirtDaysMonthMsec = { + 0, 0, 0, 0, (byte) 0x9A, 0x7E, (byte) 0xC8, 0x00 };//2592000000 + public static final short year2051 = 2051; + public static final short year2020 = 2020; // -------------------------------------- public static short convertToDate(short time, byte[] scratchPad, boolean utcFlag) { + short yrsCount = 0; short monthCount = 1; - short dayCount = 0; + short dayCount = 1; short hhCount = 0; short mmCount = 0; short ssCount = 0; @@ -42,17 +55,17 @@ public static short convertToDate(short time, byte[] scratchPad, (short) (8 - KMInteger.cast(time).length()), KMInteger.cast(time) .length()); // If the time is less then 1 Jan 2020 then it is an error - if (Util.arrayCompare(scratchPad, (short) 0, firstJan2020, (short) 0, + if (unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2020, (short) 0, (short) 8) < 0) { KMException.throwIt(KMError.INVALID_ARGUMENT); } if (utcFlag - && Util.arrayCompare(scratchPad, (short) 0, firstJan2051, + && unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, (short) 0, (short) 8) >= 0) { KMException.throwIt(KMError.INVALID_ARGUMENT); } - if (Util.arrayCompare(scratchPad, (short) 0, firstJan2051, (short) 0, + if (unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, (short) 0, (short) 8) < 0) { Util.arrayCopyNonAtomic(firstJan2020, (short) 0, scratchPad, (short) 8, (short) 8); @@ -68,7 +81,7 @@ public static short convertToDate(short time, byte[] scratchPad, (short) 8); } // divide the given time with four yrs msec count - if (Util.arrayCompare(scratchPad, (short) 0, fourYrsMsec, (short) 0, + if (unsignedByteArrayCompare(scratchPad, (short) 0, fourYrsMsec, (short) 0, (short) 8) >= 0) { Util.arrayCopyNonAtomic(fourYrsMsec, (short) 0, scratchPad, (short) 8, (short) 8); @@ -81,44 +94,97 @@ public static short convertToDate(short time, byte[] scratchPad, Util.arrayCopyNonAtomic(scratchPad, (short) 16, scratchPad, (short) 0, (short) 8); } - // divide the given time with one yr msec count - if (Util.arrayCompare(scratchPad, (short) 0, oneYearMsec, (short) 0, - (short) 8) >= 0) { - Util.arrayCopyNonAtomic(oneYearMsec, (short) 0, scratchPad, (short) 8, - (short) 8); - yrsCount += divide(scratchPad, (short) 0, (short) 8, (short) 16); - Util.arrayCopyNonAtomic(scratchPad, (short) 16, scratchPad, (short) 0, - (short) 8); + + //Get the leap year index starting from the (base Year + yrsCount) Year. + short leapYrIdx = getLeapYrIndex(from2020, yrsCount); + + // if leap year index is 0, then the number of days for the 1st year will be 366 days. + // if leap year index is not 0, then the number of days for the 1st year will be 365 days. + if (((leapYrIdx == 0) && + (unsignedByteArrayCompare(scratchPad, (short) 0, leapYearMsec, (short) 0,(short) 8) >= 0)) || + ((leapYrIdx != 0) && + (unsignedByteArrayCompare(scratchPad, (short) 0, yearMsec, (short) 0,(short) 8) >= 0))) { + for (short i = 0; i < 4; i++) { + yrsCount++; + if (i == leapYrIdx) { + Util.arrayCopyNonAtomic(leapYearMsec, (short) 0, scratchPad, + (short) 8, (short) 8); + } else { + Util.arrayCopyNonAtomic(yearMsec, (short) 0, scratchPad, (short) 8, + (short) 8); + } + subtract(scratchPad, (short) 0, (short) 8, (short) 16); + Util.arrayCopyNonAtomic(scratchPad, (short) 16, scratchPad, (short) 0, + (short) 8); + if (((short) (i + 1) == leapYrIdx)) { + if (unsignedByteArrayCompare(scratchPad, (short) 0, leapYearMsec, + (short) 0, (short) 8) < 0) { + break; + } + } else { + if (unsignedByteArrayCompare(scratchPad, (short) 0, yearMsec, + (short) 0, (short) 8) < 0) { + break; + } + } + } } + // total yrs from 1970 if (from2020) - yrsCount = (short) (2020 + yrsCount); + yrsCount = (short) (year2020 + yrsCount); else - yrsCount = (short) (2051 + yrsCount); + yrsCount = (short) (year2051 + yrsCount); // divide the given time with one month msec count - if (Util.arrayCompare(scratchPad, (short) 0, oneMonthMsec, (short) 0, + if (unsignedByteArrayCompare(scratchPad, (short) 0, oneMonthMsec, (short) 0, (short) 8) >= 0) { - Util.arrayCopyNonAtomic(oneMonthMsec, (short) 0, scratchPad, (short) 8, - (short) 8); - monthCount = divide(scratchPad, (short) 0, (short) 8, (short) 16); - monthCount++; - Util.arrayCopyNonAtomic(scratchPad, (short) 16, scratchPad, (short) 0, - (short) 8); + for (short i = 0; i < 12; i++) { + if (i == 1) { + // Feb month + if (isLeapYear(yrsCount)) { + // Leap year 29 days + Util.arrayCopyNonAtomic(febMonthLeapMSec, (short) 0, scratchPad, + (short) 8, (short) 8); + } else { + // 28 days + Util.arrayCopyNonAtomic(febMonthMsec, (short) 0, scratchPad, + (short) 8, (short) 8); + } + } else if (((i <= 6) && ((i % 2 == 0))) || ((i > 6) && ((i % 2 == 1)))) { + Util.arrayCopyNonAtomic(ThirtyOneDaysMonthMsec, (short) 0, + scratchPad, (short) 8, (short) 8); + } else { + // 30 Days + Util.arrayCopyNonAtomic(ThirtDaysMonthMsec, (short) 0, scratchPad, + (short) 8, (short) 8); + } + + if (unsignedByteArrayCompare(scratchPad, (short) 0, scratchPad, (short) 8, + (short) 8) >= 0) { + subtract(scratchPad, (short) 0, (short) 8, (short) 16); + Util.arrayCopyNonAtomic(scratchPad, (short) 16, scratchPad, (short) 0, + (short) 8); + } else { + break; + } + monthCount++; + } } // divide the given time with one day msec count - if (Util.arrayCompare(scratchPad, (short) 0, oneDayMsec, (short) 0, + if (unsignedByteArrayCompare(scratchPad, (short) 0, oneDayMsec, (short) 0, (short) 8) >= 0) { Util.arrayCopyNonAtomic(oneDayMsec, (short) 0, scratchPad, (short) 8, (short) 8); dayCount = divide(scratchPad, (short) 0, (short) 8, (short) 16); + dayCount++; Util.arrayCopyNonAtomic(scratchPad, (short) 16, scratchPad, (short) 0, (short) 8); } // divide the given time with one hour msec count - if (Util.arrayCompare(scratchPad, (short) 0, oneHourMsec, (short) 0, + if (unsignedByteArrayCompare(scratchPad, (short) 0, oneHourMsec, (short) 0, (short) 8) >= 0) { Util.arrayCopyNonAtomic(oneHourMsec, (short) 0, scratchPad, (short) 8, (short) 8); @@ -128,7 +194,7 @@ public static short convertToDate(short time, byte[] scratchPad, } // divide the given time with one minute msec count - if (Util.arrayCompare(scratchPad, (short) 0, oneMinMsec, (short) 0, + if (unsignedByteArrayCompare(scratchPad, (short) 0, oneMinMsec, (short) 0, (short) 8) >= 0) { Util.arrayCopyNonAtomic(oneMinMsec, (short) 0, scratchPad, (short) 8, (short) 8); @@ -138,7 +204,7 @@ public static short convertToDate(short time, byte[] scratchPad, } // divide the given time with one second msec count - if (Util.arrayCompare(scratchPad, (short) 0, oneSecMsec, (short) 0, + if (unsignedByteArrayCompare(scratchPad, (short) 0, oneSecMsec, (short) 0, (short) 8) >= 0) { Util.arrayCopyNonAtomic(oneSecMsec, (short) 0, scratchPad, (short) 8, (short) 8); @@ -163,6 +229,25 @@ public static short convertToDate(short time, byte[] scratchPad, return KMByteBlob.instance(scratchPad, (short) 0, len); // YYYY } + public static byte unsignedByteArrayCompare(byte[] a1, short offset1, byte[] a2, short offset2, short length) { + byte count = (byte) 0; + short val1 = (short)0; + short val2 = (short)0; + + for (; count < length; count++) { + val1 = (short) (a1[(short) (count + offset1)] & 0x00FF); + val2 = (short) (a2[(short) (count + offset2)] & 0x00FF); + + if (val1 < val2) { + return -1; + } + if (val1 > val2) { + return 1; + } + } + return 0; + } + public static short numberToString(short number, byte[] scratchPad, short offset) { byte zero = 0x30; @@ -211,7 +296,7 @@ public static void copy(byte[] buf, short from, short to) { } public static byte compare(byte[] buf, short lhs, short rhs) { - return Util.arrayCompare(buf, lhs, buf, rhs, (short) 8); + return unsignedByteArrayCompare(buf, lhs, buf, rhs, (short) 8); } public static void shiftLeft(byte[] buf, short start) { @@ -319,4 +404,25 @@ public static short countTemporalCount(byte[] bufTime, short timeOff, return divide(scratchPad, (short) 0, (short) 8, (short) 16); } -} + public static boolean isLeapYear(short year) { + if ((short)(year%4) == (short) 0) { + if (((short)(year % 100) == (short) 0) && + ((short) (year % 400)) != (short) 0) { + return false; + } + return true; + } + return false; + } + + public static short getLeapYrIndex(boolean from2020, short yrsCount) { + short newBaseYr = (short) (from2020 ? (year2020 + yrsCount) : (year2051 + yrsCount)); + for(short i = 0; i < 4; i++) { + if(isLeapYear((short)(newBaseYr + i))) { + return i; + } + } + return -1; + } + +} \ No newline at end of file diff --git a/Applet/src/com/android/javacard/keymaster/KMInteger.java b/Applet/src/com/android/javacard/keymaster/KMInteger.java index 090f6e86..18944e4d 100644 --- a/Applet/src/com/android/javacard/keymaster/KMInteger.java +++ b/Applet/src/com/android/javacard/keymaster/KMInteger.java @@ -162,7 +162,7 @@ public static short compare(short num1, short num2){ KMInteger.cast(num1).getValue(repository.getHeap(),(short)(num1Buf+(short)(8-len)),len); len = KMInteger.cast(num2).length(); KMInteger.cast(num2).getValue(repository.getHeap(),(short)(num2Buf+(short)(8-len)),len); - return Util.arrayCompare( + return KMUtils.unsignedByteArrayCompare( repository.getHeap(), num1Buf, repository.getHeap(), num2Buf, (short)8); diff --git a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java index a85a7243..adedf6f5 100644 --- a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java +++ b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java @@ -3611,7 +3611,7 @@ private void checkVersionAndPatchLevel(byte[] scratchPad) { if (tmpVariables[0] != KMType.INVALID_VALUE) { tmpVariables[1] = repository.getOsVersion(); tmpVariables[1] = - Util.arrayCompare( + KMUtils.unsignedByteArrayCompare( KMInteger.cast(tmpVariables[1]).getBuffer(), KMInteger.cast(tmpVariables[1]).getStartOff(), scratchPad, @@ -3644,7 +3644,7 @@ private void checkVersionAndPatchLevel(byte[] scratchPad) { if (tmpVariables[0] != KMType.INVALID_VALUE) { tmpVariables[1] = repository.getOsPatch(); tmpVariables[1] = - Util.arrayCompare( + KMUtils.unsignedByteArrayCompare( KMInteger.cast(tmpVariables[1]).getBuffer(), KMInteger.cast(tmpVariables[1]).getStartOff(), scratchPad, From 038f03c63686acf0fef2eebca1ffecaa4db8371c Mon Sep 17 00:00:00 2001 From: BKSSMVenkateswarlu <40534495+BKSSMVenkateswarlu@users.noreply.github.com> Date: Tue, 2 Feb 2021 19:35:03 +0530 Subject: [PATCH 050/169] Update README.md --- provisioning_tool/README.md | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/provisioning_tool/README.md b/provisioning_tool/README.md index feb804cb..b2960204 100644 --- a/provisioning_tool/README.md +++ b/provisioning_tool/README.md @@ -1 +1,9 @@ -jlkjs +# Provisioning tool +This directory contains provisioning tool which helps in provisioning +the secure element by using the APIs exposed by Provision library. +This tool takes the input parameters from json file. A sample +json file is located in this directory with name sample_json.txt for +your reference. + +#### Build +This tool has dependency on [libjc_common](https://github.com/BKSSMVenkateswarlu/JavaCardKeymaster/blob/master/HAL/keymaster/Android.bp) From 112289755e1719fd0f8ecb628770083822810656 Mon Sep 17 00:00:00 2001 From: BKSSMVenkateswarlu <40534495+BKSSMVenkateswarlu@users.noreply.github.com> Date: Tue, 2 Feb 2021 19:39:44 +0530 Subject: [PATCH 051/169] Update README.md --- provisioning_tool/README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/provisioning_tool/README.md b/provisioning_tool/README.md index b2960204..295dba93 100644 --- a/provisioning_tool/README.md +++ b/provisioning_tool/README.md @@ -6,4 +6,6 @@ json file is located in this directory with name sample_json.txt for your reference. #### Build -This tool has dependency on [libjc_common](https://github.com/BKSSMVenkateswarlu/JavaCardKeymaster/blob/master/HAL/keymaster/Android.bp) +This tool can be built along with aosp build. It has dependency on +[libjc_common](https://github.com/BKSSMVenkateswarlu/JavaCardKeymaster/blob/master/HAL/keymaster/Android.bp) and +libjc_provision. From 922e031afdbb2ab7fb890de5f520ffea0162e8fc Mon Sep 17 00:00:00 2001 From: BKSSMVenkateswarlu <40534495+BKSSMVenkateswarlu@users.noreply.github.com> Date: Tue, 2 Feb 2021 19:49:13 +0530 Subject: [PATCH 052/169] Update README.md --- provisioning_tool/README.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/provisioning_tool/README.md b/provisioning_tool/README.md index 295dba93..2b9d5a23 100644 --- a/provisioning_tool/README.md +++ b/provisioning_tool/README.md @@ -9,3 +9,17 @@ your reference. This tool can be built along with aosp build. It has dependency on [libjc_common](https://github.com/BKSSMVenkateswarlu/JavaCardKeymaster/blob/master/HAL/keymaster/Android.bp) and libjc_provision. + +#### Usage +Usage: provision_tool *options* +Valid options are: +-h, --help show the help message and exit. +-a, --all jsonFile Executes all the provision commands. +-k, --attest_key jsonFile Provision attestation key. +-c, --cert_chain jsonFile Provision attestation certificate chain. +-p, --cert_params jsonFile Provision attestation certificate parameters. +-i, --attest_ids jsonFile Provision attestation IDs. +-r, --shared_secret jsonFile Provision pre-shared secret. +-b, --set_boot_params jsonFile Provision boot parameters. +-s, --provision_stautus Prints the current provision status. +-l, --lock_provision Locks the provision commands. From 713d385baf0e4040dbc9382d900c2b6179bab160 Mon Sep 17 00:00:00 2001 From: BKSSMVenkateswarlu <40534495+BKSSMVenkateswarlu@users.noreply.github.com> Date: Tue, 2 Feb 2021 19:52:15 +0530 Subject: [PATCH 053/169] Update README.md --- provisioning_tool/README.md | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/provisioning_tool/README.md b/provisioning_tool/README.md index 2b9d5a23..1d69731a 100644 --- a/provisioning_tool/README.md +++ b/provisioning_tool/README.md @@ -11,15 +11,15 @@ This tool can be built along with aosp build. It has dependency on libjc_provision. #### Usage -Usage: provision_tool *options* -Valid options are: --h, --help show the help message and exit. --a, --all jsonFile Executes all the provision commands. --k, --attest_key jsonFile Provision attestation key. --c, --cert_chain jsonFile Provision attestation certificate chain. --p, --cert_params jsonFile Provision attestation certificate parameters. --i, --attest_ids jsonFile Provision attestation IDs. --r, --shared_secret jsonFile Provision pre-shared secret. --b, --set_boot_params jsonFile Provision boot parameters. --s, --provision_stautus Prints the current provision status. +Usage: provision_tool *options*\ +Valid options are:\ +-h, --help show the help message and exit.\ +-a, --all jsonFile Executes all the provision commands.\ +-k, --attest_key jsonFile Provision attestation key.\ +-c, --cert_chain jsonFile Provision attestation certificate chain.\ +-p, --cert_params jsonFile Provision attestation certificate parameters.\ +-i, --attest_ids jsonFile Provision attestation IDs.\ +-r, --shared_secret jsonFile Provision pre-shared secret.\ +-b, --set_boot_params jsonFile Provision boot parameters.\ +-s, --provision_stautus Prints the current provision status.\ -l, --lock_provision Locks the provision commands. From 85ce135c2aebaebe6046eea37e1474add5d59251 Mon Sep 17 00:00:00 2001 From: BKSSMVenkateswarlu <40534495+BKSSMVenkateswarlu@users.noreply.github.com> Date: Tue, 2 Feb 2021 19:55:33 +0530 Subject: [PATCH 054/169] Update README.md --- provisioning_tool/README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/provisioning_tool/README.md b/provisioning_tool/README.md index 1d69731a..a6a15908 100644 --- a/provisioning_tool/README.md +++ b/provisioning_tool/README.md @@ -11,6 +11,7 @@ This tool can be built along with aosp build. It has dependency on libjc_provision. #### Usage +
 Usage: provision_tool *options*\
 Valid options are:\
 -h, --help                        show the help message and exit.\
@@ -23,3 +24,4 @@ Valid options are:\
 -b, --set_boot_params jsonFile    Provision boot parameters.\
 -s, --provision_stautus           Prints the current provision status.\
 -l, --lock_provision              Locks the provision commands.
+
From dec5ad0e7df1ed050ef12dd1c92990096708c9f2 Mon Sep 17 00:00:00 2001 From: BKSSMVenkateswarlu <40534495+BKSSMVenkateswarlu@users.noreply.github.com> Date: Tue, 2 Feb 2021 19:56:15 +0530 Subject: [PATCH 055/169] Update README.md --- provisioning_tool/README.md | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/provisioning_tool/README.md b/provisioning_tool/README.md index a6a15908..b2954495 100644 --- a/provisioning_tool/README.md +++ b/provisioning_tool/README.md @@ -12,16 +12,16 @@ libjc_provision. #### Usage 
-Usage: provision_tool *options*\
-Valid options are:\
--h, --help                        show the help message and exit.\
--a, --all jsonFile                Executes all the provision commands.\
--k, --attest_key jsonFile         Provision attestation key.\
--c, --cert_chain jsonFile         Provision attestation certificate chain.\
--p, --cert_params jsonFile        Provision attestation certificate parameters.\
--i, --attest_ids jsonFile         Provision attestation IDs.\
--r, --shared_secret jsonFile      Provision pre-shared secret.\
--b, --set_boot_params jsonFile    Provision boot parameters.\
--s, --provision_stautus           Prints the current provision status.\
+Usage: provision_tool options
+Valid options are:
+-h, --help                        show the help message and exit.
+-a, --all jsonFile                Executes all the provision commands.
+-k, --attest_key jsonFile         Provision attestation key.
+-c, --cert_chain jsonFile         Provision attestation certificate chain.
+-p, --cert_params jsonFile        Provision attestation certificate parameters.
+-i, --attest_ids jsonFile         Provision attestation IDs.
+-r, --shared_secret jsonFile      Provision pre-shared secret.
+-b, --set_boot_params jsonFile    Provision boot parameters.
+-s, --provision_stautus           Prints the current provision status.
 -l, --lock_provision              Locks the provision commands.
From f2758f797f916145356586994666318c058aace5 Mon Sep 17 00:00:00 2001 From: BKSSMVenkateswarlu <40534495+BKSSMVenkateswarlu@users.noreply.github.com> Date: Tue, 2 Feb 2021 19:57:23 +0530 Subject: [PATCH 056/169] Update README.md --- provisioning_tool/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/provisioning_tool/README.md b/provisioning_tool/README.md index b2954495..9f0dfbb4 100644 --- a/provisioning_tool/README.md +++ b/provisioning_tool/README.md @@ -2,7 +2,7 @@ This directory contains provisioning tool which helps in provisioning the secure element by using the APIs exposed by Provision library. This tool takes the input parameters from json file. A sample -json file is located in this directory with name sample_json.txt for +json file is located in this directory with name [sample_json.txt](https://github.com/BKSSMVenkateswarlu/JavaCardKeymaster/blob/master/provisioning_tool/sample_json.txt) for your reference. #### Build From 75aed8717273a689940c1c0c85527ffd256f84ac Mon Sep 17 00:00:00 2001 From: BKSSM Venkateswarlu Date: Wed, 3 Feb 2021 10:34:29 +0530 Subject: [PATCH 057/169] Corrected the tag EARLY_BOOT_ENDED to EARLY_BOOT_ONLY --- Applet/src/com/android/javacard/keymaster/KMBoolTag.java | 2 +- .../src/com/android/javacard/keymaster/KMKeymasterApplet.java | 2 +- Applet/src/com/android/javacard/keymaster/KMType.java | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Applet/src/com/android/javacard/keymaster/KMBoolTag.java b/Applet/src/com/android/javacard/keymaster/KMBoolTag.java index d3b916e9..4396470b 100644 --- a/Applet/src/com/android/javacard/keymaster/KMBoolTag.java +++ b/Applet/src/com/android/javacard/keymaster/KMBoolTag.java @@ -42,7 +42,7 @@ public class KMBoolTag extends KMTag { TRUSTED_CONFIRMATION_REQUIRED, UNLOCKED_DEVICE_REQUIRED, RESET_SINCE_ID_ROTATION, - EARLY_BOOT_ENDED, + EARLY_BOOT_ONLY, DEVICE_UNIQUE_ATTESTATION }; diff --git a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java index adedf6f5..1b156d53 100644 --- a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java +++ b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java @@ -3315,7 +3315,7 @@ private static void processGenerateKey(APDU apdu) { data[KEY_PARAMETERS] = KMArray.cast(tmpVariables[2]).get((short) 0); // Check if EarlyBootEnded tag is present. tmpVariables[0] = - KMKeyParameters.findTag(KMType.BOOL_TAG, KMType.EARLY_BOOT_ENDED, data[KEY_PARAMETERS]); + KMKeyParameters.findTag(KMType.BOOL_TAG, KMType.EARLY_BOOT_ONLY, data[KEY_PARAMETERS]); if (tmpVariables[0] != KMType.INVALID_VALUE) { KMException.throwIt(KMError.EARLY_BOOT_ENDED); } diff --git a/Applet/src/com/android/javacard/keymaster/KMType.java b/Applet/src/com/android/javacard/keymaster/KMType.java index bf6b12e5..4d81de45 100644 --- a/Applet/src/com/android/javacard/keymaster/KMType.java +++ b/Applet/src/com/android/javacard/keymaster/KMType.java @@ -231,7 +231,7 @@ public abstract class KMType { // Reset Since Id Rotation public static final short RESET_SINCE_ID_ROTATION = (short) 0x03EC; //Early boot ended. - public static final short EARLY_BOOT_ENDED = (short) 0x0131; + public static final short EARLY_BOOT_ONLY = (short) 0x0131; //Device unique attestation. public static final short DEVICE_UNIQUE_ATTESTATION = (short) 0x02D0; From a6029bff7b80986503ac778dfef16a52e1cc83b7 Mon Sep 17 00:00:00 2001 From: bvenkateswarlu Date: Fri, 5 Feb 2021 18:32:45 +0530 Subject: [PATCH 058/169] store secrets as keyobjects instead as byte arrays. --- .../android/javacard/keymaster/KMAESKey.java | 46 +++++ .../keymaster/KMAndroidSEProvider.java | 181 +++++++++++++++--- .../keymaster/KMAttestationCertImpl.java | 32 ++-- .../javacard/keymaster/KMECPrivateKey.java | 68 +++++++ .../android/javacard/keymaster/KMHmacKey.java | 59 ++++++ .../javacard/keymaster/KMRsaOAEPEncoding.java | 2 - .../android/javacard/keymaster/KMAESKey.java | 58 ++++++ .../keymaster/KMAttestationCertImpl.java | 26 +-- .../javacard/keymaster/KMECPrivateKey.java | 38 ++++ .../android/javacard/keymaster/KMHmacKey.java | 38 ++++ .../javacard/keymaster/KMJCardSimulator.java | 117 +++++++++-- .../javacard/keymaster/KMAttestationCert.java | 14 +- .../javacard/keymaster/KMAttestationKey.java | 28 +++ .../javacard/keymaster/KMKeymasterApplet.java | 31 ++- .../javacard/keymaster/KMMasterKey.java | 28 +++ .../javacard/keymaster/KMPreSharedKey.java | 28 +++ .../javacard/keymaster/KMRepository.java | 62 ++---- .../javacard/keymaster/KMSEProvider.java | 114 +++++++++-- 18 files changed, 809 insertions(+), 161 deletions(-) create mode 100644 Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAESKey.java create mode 100644 Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMECPrivateKey.java create mode 100644 Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMHmacKey.java create mode 100644 Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMAESKey.java create mode 100644 Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMECPrivateKey.java create mode 100644 Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMHmacKey.java create mode 100644 Applet/src/com/android/javacard/keymaster/KMAttestationKey.java create mode 100644 Applet/src/com/android/javacard/keymaster/KMMasterKey.java create mode 100644 Applet/src/com/android/javacard/keymaster/KMPreSharedKey.java diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAESKey.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAESKey.java new file mode 100644 index 00000000..95896b13 --- /dev/null +++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAESKey.java @@ -0,0 +1,46 @@ +package com.android.javacard.keymaster; + +import org.globalplatform.upgrade.Element; + +import com.android.javacard.keymaster.KMMasterKey; + +import javacard.security.AESKey; + +public class KMAESKey implements KMMasterKey { + private AESKey aesKey; + + public KMAESKey(AESKey key) { + aesKey = key; + } + + public void setKey(byte[] keyData, short kOff) { + aesKey.setKey(keyData, kOff); + } + + public AESKey getKey() { + return aesKey; + } + + public short getKeySizeBits() { + return aesKey.getSize(); + } + + public static void onSave(Element element, KMAESKey kmKey) { + element.write(kmKey.aesKey); + } + + public static KMAESKey onRestore(Element element) { + AESKey aesKey = (AESKey) element.readObject(); + KMAESKey kmKey = new KMAESKey(aesKey); + return kmKey; + } + + public static short getBackupPrimitiveByteCount() { + return (short) 0; + } + + public static short getBackupObjectCount() { + return (short) 1; + } + +} diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java index 20417d0f..d182ca02 100644 --- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java +++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java @@ -37,6 +37,13 @@ import javacardx.crypto.AEADCipher; import javacardx.crypto.Cipher; +import com.android.javacard.keymaster.KMAESKey; +import com.android.javacard.keymaster.KMAttestationKey; +import com.android.javacard.keymaster.KMECPrivateKey; +import com.android.javacard.keymaster.KMHmacKey; +import com.android.javacard.keymaster.KMMasterKey; +import com.android.javacard.keymaster.KMPreSharedKey; + public class KMAndroidSEProvider implements KMSEProvider { // static final variables // -------------------------------------------------------------- @@ -158,6 +165,9 @@ public class KMAndroidSEProvider implements KMSEProvider { private RandomData rng; //For storing root certificate and intermediate certificates. private byte[] certificateChain; + private KMAESKey masterKey; + private KMECPrivateKey attestationKey; + private KMHmacKey preSharedKey; private static KMAndroidSEProvider androidSEProvider = null; @@ -177,7 +187,8 @@ public KMAndroidSEProvider() { hmacKey = (HMACKey) KeyBuilder.buildKey(KeyBuilder.TYPE_HMAC, (short) 512, false); rsaKeyPair = new KeyPair(KeyPair.ALG_RSA, KeyBuilder.LENGTH_RSA_2048); - initECKey(); + ecKeyPair = new KeyPair(KeyPair.ALG_EC_FP, KeyBuilder.LENGTH_EC_FP_256); + initECKey(ecKeyPair); // Re-usable cipher and signature instances cipherPool = new Object[(short) (CIPHER_ALGS.length * 4)]; @@ -210,8 +221,7 @@ public void clean() { Util.arrayFillNonAtomic(tmpArray, (short) 0, (short) 256, (byte) 0); } - private void initECKey() { - ecKeyPair = new KeyPair(KeyPair.ALG_EC_FP, KeyBuilder.LENGTH_EC_FP_256); + private void initECKey(KeyPair ecKeyPair) { ECPrivateKey privKey = (ECPrivateKey) ecKeyPair.getPrivate(); ECPublicKey pubkey = (ECPublicKey) ecKeyPair.getPublic(); pubkey.setFieldFP(secp256r1_P, (short) 0, (short) secp256r1_P.length); @@ -600,13 +610,11 @@ public void addRngEntropy(byte[] num, short offset, short length) { rng.setSeed(num, offset, length); } - @Override - public short aesGCMEncrypt(byte[] aesKey, short aesKeyStart, short aesKeyLen, - byte[] secret, short secretStart, short secretLen, byte[] encSecret, - short encSecretStart, byte[] nonce, short nonceStart, short nonceLen, - byte[] authData, short authDataStart, short authDataLen, byte[] authTag, - short authTagStart, short authTagLen) { - + public short aesGCMEncrypt(AESKey key, + byte[] secret, short secretStart, short secretLen, byte[] encSecret, + short encSecretStart, byte[] nonce, short nonceStart, short nonceLen, + byte[] authData, short authDataStart, short authDataLen, byte[] authTag, + short authTagStart, short authTagLen) { if (authTagLen != AES_GCM_TAG_LENGTH) { CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); } @@ -617,7 +625,6 @@ public short aesGCMEncrypt(byte[] aesKey, short aesKeyStart, short aesKeyLen, aesGcmCipher = (AEADCipher) Cipher.getInstance(AEADCipher.ALG_AES_GCM, false); } - AESKey key = createAESKey(aesKey, aesKeyStart, aesKeyLen); aesGcmCipher.init(key, Cipher.MODE_ENCRYPT, nonce, nonceStart, nonceLen); aesGcmCipher.updateAAD(authData, authDataStart, authDataLen); short ciphLen = aesGcmCipher.doFinal(secret, secretStart, secretLen, @@ -626,6 +633,32 @@ public short aesGCMEncrypt(byte[] aesKey, short aesKeyStart, short aesKeyLen, return ciphLen; } + @Override + public short aesGCMEncrypt(byte[] aesKey, short aesKeyStart, short aesKeyLen, + byte[] secret, short secretStart, short secretLen, byte[] encSecret, + short encSecretStart, byte[] nonce, short nonceStart, short nonceLen, + byte[] authData, short authDataStart, short authDataLen, byte[] authTag, + short authTagStart, short authTagLen) { + + AESKey key = createAESKey(aesKey, aesKeyStart, aesKeyLen); + return aesGCMEncrypt( + key, + secret, + secretStart, + secretLen, + encSecret, + encSecretStart, + nonce, + nonceStart, + nonceLen, + authData, + authDataStart, + authDataLen, + authTag, + authTagStart, + authTagLen); + } + @Override public boolean aesGCMDecrypt(byte[] aesKey, short aesKeyStart, short aesKeyLen, byte[] encSecret, short encSecretStart, @@ -648,8 +681,7 @@ public boolean aesGCMDecrypt(byte[] aesKey, short aesKeyStart, return verification; } - public HMACKey cmacKdf(byte[] keyMaterial, short keyMaterialStart, - short keyMaterialLen, byte[] label, short labelStart, short labelLen, + public HMACKey cmacKdf(KMPreSharedKey preSharedKey, byte[] label, short labelStart, short labelLen, byte[] context, short contextStart, short contextLength) { try { // This is hardcoded to requirement - 32 byte output with two concatenated @@ -667,10 +699,18 @@ public HMACKey cmacKdf(byte[] keyMaterial, short keyMaterialStart, // [i] counter - 32 bits short iBufLen = 4; short keyOutLen = n * 16; + //Convert Hmackey to AES Key as the algorithm is ALG_AES_CMAC_128. + KMHmacKey hmacKey = ((KMHmacKey) preSharedKey); + hmacKey.getKey(tmpArray, (short) 0); + aesKeys[KEYSIZE_256_OFFSET].setKey(tmpArray, (short) 0); + //Initialize the key derivation function. + kdf.init(aesKeys[KEYSIZE_256_OFFSET], Signature.MODE_SIGN); + //Clear the tmpArray buffer. + Util.arrayFillNonAtomic(tmpArray, (short) 0, (short) 256, (byte) 0); + Util.arrayFillNonAtomic(tmpArray, (short) 0, iBufLen, (byte) 0); Util.arrayFillNonAtomic(tmpArray, (short) iBufLen, keyOutLen, (byte) 0); - aesKeys[KEYSIZE_256_OFFSET].setKey(keyMaterial, (short) keyMaterialStart); - kdf.init(aesKeys[KEYSIZE_256_OFFSET], Signature.MODE_SIGN); + byte i = 1; short pos = 0; while (i <= n) { @@ -733,17 +773,15 @@ public short rsaDecipherOAEP256(byte[] secret, short secretStart, outputDataBuf, (short) outputDataStart); } - public short ecSign256(byte[] secret, short secretStart, short secretLength, + public short ecSign256(KMAttestationKey attestationKey, byte[] inputDataBuf, short inputDataStart, short inputDataLength, byte[] outputDataBuf, short outputDataStart) { Signature.OneShot signer = null; try { - ECPrivateKey key = (ECPrivateKey) ecKeyPair.getPrivate(); - key.setS(secret, secretStart, secretLength); signer = Signature.OneShot.open(MessageDigest.ALG_SHA_256, Signature.SIG_CIPHER_ECDSA, Cipher.PAD_NULL); - signer.init(key, Signature.MODE_SIGN); + signer.init(((KMECPrivateKey)attestationKey).getPrivateKey(), Signature.MODE_SIGN); return signer.sign(inputDataBuf, inputDataStart, inputDataLength, outputDataBuf, outputDataStart); } finally { @@ -975,7 +1013,7 @@ public Cipher createRsaCipher(short padding, short digest, byte[] modBuffer, short modOff, short modLength) { try { byte cipherAlg = mapCipherAlg(KMType.RSA, (byte) padding, (byte) 0, (byte)digest); - // TODO Java Card does not support MGF1-SHA1 and digest as SHA256. + // Java Card does not support MGF1-SHA1 and digest as SHA256. // Both digest should be SHA256 as per Java Card, but as per Keymaster // MGF should use SHA1 and message digest should be SHA256. if (cipherAlg == Cipher.ALG_RSA_PKCS1_OAEP) { @@ -1116,12 +1154,11 @@ public KMAttestationCert getAttestationCert(boolean rsaCert) { } @Override - public short cmacKdf(byte[] keyMaterial, short keyMaterialStart, - short keyMaterialLen, byte[] label, short labelStart, short labelLen, - byte[] context, short contextStart, short contextLength, byte[] keyBuf, - short keyStart) { - HMACKey key = cmacKdf(keyMaterial, keyMaterialStart, keyMaterialLen, label, - labelStart, labelLen, context, contextStart, contextLength); + public short cmacKdf(KMPreSharedKey pSharedKey, byte[] label, + short labelStart, short labelLen, byte[] context, short contextStart, + short contextLength, byte[] keyBuf, short keyStart) { + HMACKey key = cmacKdf(pSharedKey, label, labelStart, labelLen, context, + contextStart, contextLength); return key.getKey(keyBuf, keyStart); } @@ -1187,25 +1224,113 @@ public void clearDeviceBooted(boolean resetBootFlag) { @Override public void onSave(Element element) { element.write(certificateChain); + KMAESKey.onSave(element, masterKey); + KMECPrivateKey.onSave(element, attestationKey); + KMHmacKey.onSave(element, preSharedKey); } @Override public void onRestore(Element element) { certificateChain = (byte[]) element.readObject(); + masterKey = KMAESKey.onRestore(element); + attestationKey = KMECPrivateKey.onRestore(element); + preSharedKey = KMHmacKey.onRestore(element); } @Override public short getBackupPrimitiveByteCount() { - return (short) 0; + short count = + (short) (KMAESKey.getBackupPrimitiveByteCount() + + KMECPrivateKey.getBackupPrimitiveByteCount() + + KMHmacKey.getBackupPrimitiveByteCount()); + return count; } @Override public short getBackupObjectCount() { - return (short) 1; + short count = + (short) (1 /*Certificate chain */ + + KMAESKey.getBackupObjectCount() + + KMECPrivateKey.getBackupObjectCount() + + KMHmacKey.getBackupObjectCount()); + return count; } @Override public boolean isUpgrading() { return UpgradeManager.isUpgrading(); } + + @Override + public KMMasterKey createMasterKey(short keySizeBits) { + try { + if (masterKey == null) { + AESKey key = (AESKey) KeyBuilder.buildKey(KeyBuilder.TYPE_AES, + keySizeBits, false); + masterKey = new KMAESKey(key); + short keyLen = (short) (keySizeBits / 8); + getTrueRandomNumber(tmpArray, (short) 0, keyLen); + masterKey.setKey(tmpArray, (short) 0); + } + return (KMMasterKey) masterKey; + } finally { + clean(); + } + } + + @Override + public KMAttestationKey createAttestationKey(byte[] keyData, short offset, + short length) { + if (attestationKey == null) { + // Strongbox supports only P-256 curve for EC key. + KeyPair ecKeyPair = new KeyPair(KeyPair.ALG_EC_FP, KeyBuilder.LENGTH_EC_FP_256); + initECKey(ecKeyPair); + attestationKey = new KMECPrivateKey(ecKeyPair); + } + attestationKey.setS(keyData, offset, length); + return (KMAttestationKey) attestationKey; + } + + @Override + public KMPreSharedKey createPresharedKey(byte[] keyData, short offset, short length) { + short lengthInBits = (short)(length * 8); + if ((lengthInBits % 8 != 0) || !(lengthInBits >= 64 && lengthInBits <= 512)) { + CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); + } + if (preSharedKey == null) { + HMACKey key = (HMACKey) KeyBuilder.buildKey(KeyBuilder.TYPE_HMAC, lengthInBits, + false); + preSharedKey = new KMHmacKey(key); + } + preSharedKey.setKey(keyData, offset, length); + return (KMPreSharedKey) preSharedKey; + } + + @Override + public KMMasterKey getMasterKey() { + return (KMMasterKey) masterKey; + } + + @Override + public KMAttestationKey getAttestationKey() { + return (KMAttestationKey) attestationKey; + } + + @Override + public KMPreSharedKey getPresharedKey() { + return (KMPreSharedKey) preSharedKey; + } + + @Override + public short aesGCMEncrypt(KMMasterKey key, byte[] secret, short secretStart, + short secretLen, byte[] encSecret, short encSecretStart, + byte[] nonce, short nonceStart, short nonceLen, byte[] authData, + short authDataStart, short authDataLen, byte[] authTag, + short authTagStart, short authTagLen) { + + return aesGCMEncrypt(((KMAESKey) key).getKey(), secret, secretStart, + secretLen, encSecret, encSecretStart, nonce, nonceStart, nonceLen, + authData, authDataStart, authDataLen, authTag, authTagStart, + authTagLen); + } } diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java index 5a36e3c3..bf6ae9b7 100644 --- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java +++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java @@ -1,7 +1,13 @@ package com.android.javacard.keymaster; +import com.android.javacard.keymaster.KMAESKey; +import com.android.javacard.keymaster.KMByteBlob; +import com.android.javacard.keymaster.KMECPrivateKey; +import com.android.javacard.keymaster.KMMasterKey; + import javacard.framework.JCSystem; import javacard.framework.Util; +import javacard.security.AESKey; // The class encodes strongbox generated amd signed attestation certificate. This only encodes // required fields of the certificates. It is not meant to be generic X509 cert encoder. @@ -774,12 +780,6 @@ public KMAttestationCert buffer(byte[] buf, short bufStart, short maxLen) { return this; } - @Override - public KMAttestationCert signingKey(short privKey) { - signPriv = privKey; - return this; - } - @Override public short getCertStart() { return certStart; @@ -808,11 +808,10 @@ public void build() { tbsLength = (short) (tbsLength - tbsOffset); pushSequenceHeader((short) (last - stackPtr)); certStart = stackPtr; - short sigLen = KMAndroidSEProvider.getInstance() + KMAndroidSEProvider androidSeProvider = KMAndroidSEProvider.getInstance(); + short sigLen = androidSeProvider .ecSign256( - KMByteBlob.cast(signPriv).getBuffer(), - KMByteBlob.cast(signPriv).getStartOff(), - KMByteBlob.cast(signPriv).length(), + androidSeProvider.getAttestationKey(), stack, tbsOffset, tbsLength, @@ -833,7 +832,7 @@ public void build() { public KMAttestationCert makeUniqueId(byte[] scratchPad, short scratchPadOff, byte[] creationTime, short timeOffset, short creationTimeLen, byte[] attestAppId, short appIdOff, short attestAppIdLen, - byte resetSinceIdRotation, byte[] key, short keyOff, short keyLen) { + byte resetSinceIdRotation, KMMasterKey masterKey) { // Concatenate T||C||R // temporal count T short temp = KMUtils.countTemporalCount(creationTime, timeOffset, @@ -852,7 +851,16 @@ public KMAttestationCert makeUniqueId(byte[] scratchPad, short scratchPadOff, scratchPadOff++; timeOffset = KMByteBlob.instance((short) 32); - appIdOff = KMAndroidSEProvider.getInstance().hmacSign(key, keyOff, keyLen, + //Get the key data from the master key and use it for HMAC Sign. + AESKey aesKey = ((KMAESKey) masterKey).getKey(); + short mKeyData = KMByteBlob.instance((short) (aesKey.getSize() / 8)); + aesKey.getKey( + KMByteBlob.cast(mKeyData).getBuffer(), + KMByteBlob.cast(mKeyData).getStartOff()); + appIdOff = KMAndroidSEProvider.getInstance().hmacSign( + KMByteBlob.cast(mKeyData).getBuffer(), /* Key */ + KMByteBlob.cast(mKeyData).getStartOff(), /* Key start*/ + KMByteBlob.cast(mKeyData).length(), /* Key length*/ scratchPad, /* data */ temp, /* data start */ scratchPadOff, /* data length */ diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMECPrivateKey.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMECPrivateKey.java new file mode 100644 index 00000000..fe6a636f --- /dev/null +++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMECPrivateKey.java @@ -0,0 +1,68 @@ +/* + * Copyright(C) 2020 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" (short)0IS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.android.javacard.keymaster; + +import org.globalplatform.upgrade.Element; + +import com.android.javacard.keymaster.KMAESKey; +import com.android.javacard.keymaster.KMAttestationCert; +import com.android.javacard.keymaster.KMAttestationKey; + +import javacard.security.AESKey; +import javacard.security.ECPrivateKey; +import javacard.security.KeyPair; + +public class KMECPrivateKey implements KMAttestationKey { + + private KeyPair ecKeyPair; + + public KMECPrivateKey(KeyPair ecPair) { + ecKeyPair = ecPair; + } + + public void setS(byte[] buffer, short offset, short length) { + ECPrivateKey ecPriv = (ECPrivateKey) ecKeyPair.getPrivate(); + ecPriv.setS(buffer, offset, length); + } + + public short getS(byte[] buffer, short offset) { + ECPrivateKey ecPriv = (ECPrivateKey) ecKeyPair.getPrivate(); + return ecPriv.getS(buffer, offset); + } + + public ECPrivateKey getPrivateKey() { + return (ECPrivateKey) ecKeyPair.getPrivate(); + } + + public static void onSave(Element element, KMECPrivateKey kmKey) { + element.write(kmKey.ecKeyPair); + } + + public static KMECPrivateKey onRestore(Element element) { + KeyPair ecKey = (KeyPair) element.readObject(); + KMECPrivateKey kmKey = new KMECPrivateKey(ecKey); + return kmKey; + } + + public static short getBackupPrimitiveByteCount() { + return (short) 0; + } + + public static short getBackupObjectCount() { + return (short) 1; + } + +} diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMHmacKey.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMHmacKey.java new file mode 100644 index 00000000..b4ca3af4 --- /dev/null +++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMHmacKey.java @@ -0,0 +1,59 @@ +/* + * Copyright(C) 2020 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" (short)0IS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.android.javacard.keymaster; + +import org.globalplatform.upgrade.Element; + +import com.android.javacard.keymaster.KMPreSharedKey; + +import javacard.security.HMACKey; + +public class KMHmacKey implements KMPreSharedKey { + private HMACKey hmacKey; + + public KMHmacKey(HMACKey key) { + hmacKey = key; + } + + public void setKey(byte[] keyData, short kOff, short length) { + hmacKey.setKey(keyData, kOff, length); + } + + public byte getKey(byte[] keyData, short kOff) { + return hmacKey.getKey(keyData, kOff); + } + + public short getKeySizeBits() { + return hmacKey.getSize(); + } + public static void onSave(Element element, KMHmacKey kmKey) { + element.write(kmKey.hmacKey); + } + + public static KMHmacKey onRestore(Element element) { + HMACKey hmacKey = (HMACKey) element.readObject(); + KMHmacKey kmKey = new KMHmacKey(hmacKey); + return kmKey; + } + + public static short getBackupPrimitiveByteCount() { + return (short) 0; + } + + public static short getBackupObjectCount() { + return (short) 1; + } +} diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMRsaOAEPEncoding.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMRsaOAEPEncoding.java index d4f4cb83..b8c7b30e 100644 --- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMRsaOAEPEncoding.java +++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMRsaOAEPEncoding.java @@ -80,13 +80,11 @@ public byte getAlgorithm() { @Override public byte getCipherAlgorithm() { - // TODO return 0; } @Override public byte getPaddingAlgorithm() { - // TODO return 0; } diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMAESKey.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMAESKey.java new file mode 100644 index 00000000..c16a8188 --- /dev/null +++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMAESKey.java @@ -0,0 +1,58 @@ +/* + * Copyright(C) 2020 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" (short)0IS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.android.javacard.keymaster; + +import org.globalplatform.upgrade.Element; + +import javacard.security.AESKey; + +public class KMAESKey implements KMMasterKey { + private AESKey aesKey; + + public KMAESKey(AESKey key) { + aesKey = key; + } + + public void setKey(byte[] keyData, short kOff) { + aesKey.setKey(keyData, kOff); + } + + public byte getKey(byte[] keyData, short kOff) { + return aesKey.getKey(keyData, kOff); + } + + public short getKeySizeBits() { + return aesKey.getSize(); + } + + public static void onSave(Element element, KMAESKey kmKey) { + element.write(kmKey.aesKey); + } + + public static KMAESKey onRestore(Element element) { + AESKey aesKey = (AESKey) element.readObject(); + KMAESKey kmKey = new KMAESKey(aesKey); + return kmKey; + } + + public static short getBackupPrimitiveByteCount() { + return (short) 0; + } + + public static short getBackupObjectCount() { + return (short) 1; + } +} diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java index cd9567d3..b89b50ca 100644 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java +++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java @@ -774,12 +774,6 @@ public KMAttestationCert buffer(byte[] buf, short bufStart, short maxLen) { return this; } - @Override - public KMAttestationCert signingKey(short privKey) { - signPriv = privKey; - return this; - } - @Override public short getCertStart() { return certStart; @@ -808,11 +802,10 @@ public void build() { tbsLength = (short) (tbsLength - tbsOffset); pushSequenceHeader((short) (last - stackPtr)); certStart = stackPtr; - short sigLen = KMJCardSimulator.getInstance() + KMJCardSimulator provider = KMJCardSimulator.getInstance(); + short sigLen = provider .ecSign256( - KMByteBlob.cast(signPriv).getBuffer(), - KMByteBlob.cast(signPriv).getStartOff(), - KMByteBlob.cast(signPriv).length(), + provider.getAttestationKey(), stack, tbsOffset, tbsLength, @@ -833,7 +826,7 @@ public void build() { public KMAttestationCert makeUniqueId(byte[] scratchPad, short scratchPadOff, byte[] creationTime, short timeOffset, short creationTimeLen, byte[] attestAppId, short appIdOff, short attestAppIdLen, - byte resetSinceIdRotation, byte[] key, short keyOff, short keyLen) { + byte resetSinceIdRotation, KMMasterKey masterKey) { // Concatenate T||C||R // temporal count T short temp = KMUtils.countTemporalCount(creationTime, timeOffset, @@ -851,8 +844,17 @@ public KMAttestationCert makeUniqueId(byte[] scratchPad, short scratchPadOff, scratchPad[scratchPadOff] = resetSinceIdRotation; scratchPadOff++; + //Get the key data from the master key + KMAESKey aesKey = (KMAESKey) masterKey; + short mKeyData = KMByteBlob.instance((short) (aesKey.getKeySizeBits() / 8)); + aesKey.getKey( + KMByteBlob.cast(mKeyData).getBuffer(), /* Key */ + KMByteBlob.cast(mKeyData).getStartOff()); /* Key start*/ timeOffset = KMByteBlob.instance((short) 32); - appIdOff = KMJCardSimulator.getInstance().hmacSign(key, keyOff, keyLen, + appIdOff = KMJCardSimulator.getInstance().hmacSign( + KMByteBlob.cast(mKeyData).getBuffer(), /* Key */ + KMByteBlob.cast(mKeyData).getStartOff(), /* Key start*/ + KMByteBlob.cast(mKeyData).length(), /* Key length*/ scratchPad, /* data */ temp, /* data start */ scratchPadOff, /* data length */ diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMECPrivateKey.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMECPrivateKey.java new file mode 100644 index 00000000..65c069d1 --- /dev/null +++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMECPrivateKey.java @@ -0,0 +1,38 @@ +/* + * Copyright(C) 2020 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" (short)0IS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.android.javacard.keymaster; + +import javacard.security.ECPrivateKey; +import javacard.security.KeyPair; + +public class KMECPrivateKey implements KMAttestationKey { + + private KeyPair ecKeyPair; + + public KMECPrivateKey(KeyPair ecPair) { + ecKeyPair = ecPair; + } + + public void setS(byte[] buffer, short offset, short length) { + ECPrivateKey ecPriv = (ECPrivateKey) ecKeyPair.getPrivate(); + ecPriv.setS(buffer, offset, length); + } + + public ECPrivateKey getPrivateKey() { + return (ECPrivateKey) ecKeyPair.getPrivate(); + } + +} diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMHmacKey.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMHmacKey.java new file mode 100644 index 00000000..8b75827a --- /dev/null +++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMHmacKey.java @@ -0,0 +1,38 @@ +/* + * Copyright(C) 2020 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" (short)0IS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.android.javacard.keymaster; + +import javacard.security.HMACKey; + +public class KMHmacKey implements KMPreSharedKey { + private HMACKey hmacKey; + + public KMHmacKey(HMACKey key) { + hmacKey = key; + } + + public void setKey(byte[] keyData, short kOff, short length) { + hmacKey.setKey(keyData, kOff, length); + } + + public byte getKey(byte[] keyData, short kOff) { + return hmacKey.getKey(keyData, kOff); + } + + public short getKeySizeBits() { + return hmacKey.getSize(); + } +} diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java index 08c3d0ea..2c7001b2 100644 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java +++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java @@ -84,6 +84,9 @@ public class KMJCardSimulator implements KMSEProvider { private static byte[] entropyPool; private static byte[] rndNum; private byte[] certificateChain; + private KMAESKey masterKey; + private KMECPrivateKey attestationKey; + private KMHmacKey preSharedKey; private static KMJCardSimulator jCardSimulator = null; @@ -320,6 +323,7 @@ public short aesGCMEncrypt( key.getKey(keyMaterial,(short)0); */ + //print("KeyMaterial Enc", keyMaterial); //print("Authdata Enc", authData, authDataStart, authDataLen); java.security.Key aesKey = new SecretKeySpec(keyBuf,keyStart,keyLen, "AES"); @@ -511,10 +515,16 @@ public HMACKey cmacKdf(byte[] keyMaterial, short keyMaterialStart, short keyMate } @Override - public short cmacKdf(byte[] keyMaterial, short keyMaterialStart, short keyMaterialLen, byte[] label, + public short cmacKdf(KMPreSharedKey pSharedKey, byte[] label, short labelStart, short labelLen, byte[] context, short contextStart, short contextLength, byte[] keyBuf, short keyStart) { - HMACKey key = cmacKdf(keyMaterial,keyMaterialStart, keyMaterialLen, label, labelStart, labelLen,context,contextStart,contextLength); - return key.getKey(keyBuf,keyStart); + KMHmacKey key = (KMHmacKey) pSharedKey; + short keyMaterialLen = key.getKeySizeBits(); + keyMaterialLen = (short) (keyMaterialLen / 8); + short keyMaterialStart = 0; + byte[] keyMaterial = new byte[keyMaterialLen]; + key.getKey(keyMaterial, keyMaterialStart); + HMACKey hmacKey = cmacKdf(keyMaterial,keyMaterialStart, keyMaterialLen, label, labelStart, labelLen,context,contextStart,contextLength); + return hmacKey.getKey(keyBuf,keyStart); } @@ -1213,13 +1223,11 @@ public short getCertificateChainLength() { } @Override - public short ecSign256(byte[] secret, short secretStart, short secretLength, + public short ecSign256(KMAttestationKey attestationKey, byte[] inputDataBuf, short inputDataStart, short inputDataLength, byte[] outputDataBuf, short outputDataStart) { - ECPrivateKey key = (ECPrivateKey) KeyBuilder.buildKey( - KeyBuilder.TYPE_EC_FP_PRIVATE, KeyBuilder.LENGTH_EC_FP_256, false); - key.setS(secret, secretStart, secretLength); + ECPrivateKey key = ((KMECPrivateKey)attestationKey).getPrivateKey(); Signature signer = Signature .getInstance(Signature.ALG_ECDSA_SHA_256, false); @@ -1272,36 +1280,115 @@ public boolean isDeviceRebooted() { @Override public void clearDeviceBooted(boolean resetBootFlag) { - // To be filled } @Override public void onSave(Element ele) { - // TODO Auto-generated method stub - } @Override public void onRestore(Element ele) { - // TODO Auto-generated method stub - } @Override public short getBackupPrimitiveByteCount() { - // TODO Auto-generated method stub return 0; } @Override public short getBackupObjectCount() { - // TODO Auto-generated method stub return 0; } @Override public boolean isUpgrading() { - // TODO Auto-generated method stub return false; } + + @Override + public KMMasterKey createMasterKey(short keySizeBits) { + if (masterKey == null) { + AESKey key = (AESKey) KeyBuilder.buildKey( + KeyBuilder.TYPE_AES, keySizeBits, false); + masterKey = new KMAESKey(key); + short keyLen = (short) (keySizeBits / 8); + byte[] keyData = new byte[keyLen]; + getTrueRandomNumber(keyData, (short) 0, keyLen); + masterKey.setKey(keyData, (short) 0); + } + return (KMMasterKey) masterKey; + } + + @Override + public KMAttestationKey createAttestationKey(byte[] keyData, short offset, + short length) { + if (attestationKey == null) { + // Strongbox supports only P-256 curve for EC key. + KeyPair ecKeyPair = new KeyPair(KeyPair.ALG_EC_FP, KeyBuilder.LENGTH_EC_FP_256); + attestationKey = new KMECPrivateKey(ecKeyPair); + } + attestationKey.setS(keyData, offset, length); + return (KMAttestationKey) attestationKey; + } + + @Override + public KMPreSharedKey createPresharedKey(byte[] keyData, short offset, short length) { + short lengthInBits = (short)(length * 8); + if ((lengthInBits % 8 != 0) || !(lengthInBits >= 64 && lengthInBits <= 512)) { + CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); + } + if (preSharedKey == null) { + HMACKey key = (HMACKey) KeyBuilder.buildKey(KeyBuilder.TYPE_HMAC, lengthInBits, + false); + preSharedKey = new KMHmacKey(key); + } + preSharedKey.setKey(keyData, offset, length); + return (KMPreSharedKey) preSharedKey; + } + + @Override + public KMMasterKey getMasterKey() { + return (KMMasterKey) masterKey; + } + + @Override + public KMAttestationKey getAttestationKey() { + return (KMAttestationKey) attestationKey; + } + + @Override + public KMPreSharedKey getPresharedKey() { + return (KMPreSharedKey) preSharedKey; + } + + @Override + public short aesGCMEncrypt(KMMasterKey masterKey, byte[] secret, short secretStart, + short secretLen, byte[] encSecret, short encSecretStart, byte[] nonce, + short nonceStart, short nonceLen, byte[] authData, + short authDataStart, short authDataLen, byte[] authTag, + short authTagStart, short authTagLen) { + KMAESKey aesKey = (KMAESKey) masterKey; + short keyLen = aesKey.getKeySizeBits(); + keyLen = (short) (keyLen / 8); + byte[] keyBuf = new byte[keyLen]; + aesKey.getKey(keyBuf, (short)0); + return aesGCMEncrypt( + keyBuf, + (short) 0, + keyLen, + secret, + secretStart, + secretLen, + encSecret, + encSecretStart, + nonce, + nonceStart, + nonceLen, + authData, + authDataStart, + authDataLen, + authTag, + authTagStart, + authTagLen); + } } diff --git a/Applet/src/com/android/javacard/keymaster/KMAttestationCert.java b/Applet/src/com/android/javacard/keymaster/KMAttestationCert.java index d27f015a..f3d36663 100644 --- a/Applet/src/com/android/javacard/keymaster/KMAttestationCert.java +++ b/Applet/src/com/android/javacard/keymaster/KMAttestationCert.java @@ -44,15 +44,13 @@ public interface KMAttestationCert { * @param attestAppIdOff Start offset of the attestAppId buffer. * @param attestAppIdLen Length of the attestAppId buffer. * @param resetSinceIdRotation This holds the information of RESET_SINCE_ID_ROTATION. - * @param key This buffer contains the master secret. - * @param keyOff Start offset of the master key. - * @param keyLen Length of the master key. + * @param instance of the master key. * @return instance of KMAttestationCert. */ KMAttestationCert makeUniqueId(byte[] scratchpad, short scratchPadOff, byte[] creationTime, short creationTimeOff, short creationTimeLen, byte[] attestAppId, short attestAppIdOff, short attestAppIdLen, byte resetSinceIdRotation, - byte[] key, short keyOff, short keyLen); + KMMasterKey masterKey); /** * Set start time received from creation/activation time tag. Used for certificate's valid period. @@ -130,14 +128,6 @@ KMAttestationCert notAfter(short usageExpiryTimeObj, */ KMAttestationCert buffer(byte[] buf, short bufStart, short maxLen); - /** - * Set signing key to be used to sign the cert. - * - * @param privateKey This is ECPrivateKey with curve P-256. - * @return instance of KMAttestationCert - */ - KMAttestationCert signingKey(short privateKey); - /** * Get the start of the certificate * diff --git a/Applet/src/com/android/javacard/keymaster/KMAttestationKey.java b/Applet/src/com/android/javacard/keymaster/KMAttestationKey.java new file mode 100644 index 00000000..4b6213ee --- /dev/null +++ b/Applet/src/com/android/javacard/keymaster/KMAttestationKey.java @@ -0,0 +1,28 @@ +/* + * Copyright(C) 2020 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" (short)0IS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.android.javacard.keymaster; + +/** + * KMAttestationKey is a marker interface and the SE Provider has to implement + * this interface. KMAttestationKey is stored as a Javacard KeyPair object instead + * of byte array. When the attestation key is stored as a KeyPair object, + * the Javacard OS internally provides appropriate security measures + * to protect the key. The attestation key is maintained by the + * SEProvider. + */ +public interface KMAttestationKey { + +} diff --git a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java index 1b156d53..4cf028e5 100644 --- a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java +++ b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java @@ -190,8 +190,7 @@ protected KMKeymasterApplet(KMSEProvider seImpl) { JCSystem.makeTransientShortArray((short) TMP_VARIABLE_ARRAY_SIZE, JCSystem.CLEAR_ON_RESET); if(!isUpgrading) { keymasterState = KMKeymasterApplet.INIT_STATE; - seProvider.getTrueRandomNumber(buf, (short) 0, KMRepository.MASTER_KEY_SIZE); - repository.initMasterKey(buf, (short)0, KMRepository.MASTER_KEY_SIZE); + seProvider.createMasterKey((short) (KMRepository.MASTER_KEY_SIZE * 8)); } KMType.initialize(); encoder = new KMEncoder(); @@ -752,7 +751,10 @@ private void processProvisionAttestationKey(APDU apdu) { importECKeys(scratchPad); // persist key - repository.persistAttestationKey(data[SECRET]); + seProvider.createAttestationKey( + KMByteBlob.cast(data[SECRET]).getBuffer(), + KMByteBlob.cast(data[SECRET]).getStartOff(), + KMByteBlob.cast(data[SECRET]).length()); } private void processProvisionAttestIdsCmd(APDU apdu) { @@ -795,7 +797,7 @@ private void processProvisionSharedSecretCmd(APDU apdu) { KMException.throwIt(KMError.INVALID_ARGUMENT); } // Persist shared Hmac. - repository.initHmacSharedSecretKey( + seProvider.createPresharedKey( KMByteBlob.cast(tmpVariables[0]).getBuffer(), KMByteBlob.cast(tmpVariables[0]).getStartOff(), KMByteBlob.cast(tmpVariables[0]).length()); @@ -1033,12 +1035,9 @@ private void processComputeSharedHmacCmd(APDU apdu) { } // generate the key and store it in scratch pad - 32 bytes - tmpVariables[8] = repository.getSharedKey(); tmpVariables[6] = seProvider.cmacKdf( - KMByteBlob.cast(tmpVariables[8]).getBuffer(), - KMByteBlob.cast(tmpVariables[8]).getStartOff(), - KMByteBlob.cast(tmpVariables[8]).length(), + seProvider.getPresharedKey(), ckdfLable, (short) 0, (short) ckdfLable.length, @@ -1397,7 +1396,7 @@ private void processAttestKeyCmd(APDU apdu) { // validity period // active time or creation time - byte blob - // TODO current assumption is that if active and creation time are missing from characteristics + // current assumption is that if active and creation time are missing from characteristics // then // then it is an error. tmpVariables[1] = @@ -1425,7 +1424,6 @@ private void processAttestKeyCmd(APDU apdu) { cert.deviceLocked(repository.getDeviceLock()); cert.issuer(repository.getIssuer()); cert.publicKey(data[PUB_KEY]); - cert.signingKey(repository.getAttKey()); cert.verifiedBootHash(repository.getVerifiedBootHash()); cert.verifiedBootKey(repository.getVerifiedBootKey()); @@ -1529,8 +1527,6 @@ private void setUniqueId(KMAttestationCert cert, byte[] scratchPad) { resetAfterRotation = 0x01; } - //master key. - tmpVariables[2] = repository.getMasterKeySecret(); cert.makeUniqueId( scratchPad, (short) 0, @@ -1540,9 +1536,7 @@ private void setUniqueId(KMAttestationCert cert, byte[] scratchPad) { KMByteBlob.cast(tmpVariables[1]).getBuffer(), KMByteBlob.cast(tmpVariables[1]).getStartOff(), KMByteBlob.cast(tmpVariables[1]).length(), resetAfterRotation, - KMByteBlob.cast(tmpVariables[2]).getBuffer(), - KMByteBlob.cast(tmpVariables[2]).getStartOff(), - KMByteBlob.cast(tmpVariables[2]).length()); + seProvider.getMasterKey()); } private void processDestroyAttIdsCmd(APDU apdu) { @@ -3893,7 +3887,7 @@ private static short deriveKey(byte[] scratchPad) { // 1. AesGCM Encryption, with below input parameters. // authData - HIDDEN_PARAMTERS // Key - Master Key - // InputData - AUTH_DATA + // InputData - KeyCharacteristics // IV - NONCE // 2. After encryption it generates two outputs // a. Encrypted output @@ -3903,13 +3897,10 @@ private static short deriveKey(byte[] scratchPad) { // Input data - Encrypted output (Generated in step 2). // 4. HMAC Sign generates an output of 32 bytes length. // Consume only first 16 bytes as derived key. - tmpVariables[4] = repository.getMasterKeySecret(); tmpVariables[5] = repository.alloc(AES_GCM_AUTH_TAG_LENGTH); tmpVariables[3] = seProvider.aesGCMEncrypt( - KMByteBlob.cast(tmpVariables[4]).getBuffer(), - KMByteBlob.cast(tmpVariables[4]).getStartOff(), - KMByteBlob.cast(tmpVariables[4]).length(), + seProvider.getMasterKey(), repository.getHeap(), data[AUTH_DATA], data[AUTH_DATA_LENGTH], diff --git a/Applet/src/com/android/javacard/keymaster/KMMasterKey.java b/Applet/src/com/android/javacard/keymaster/KMMasterKey.java new file mode 100644 index 00000000..0b7b1a6a --- /dev/null +++ b/Applet/src/com/android/javacard/keymaster/KMMasterKey.java @@ -0,0 +1,28 @@ +/* + * Copyright(C) 2020 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" (short)0IS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.android.javacard.keymaster; + +/** + * KMMasterKey is a marker interface and the SE Provider has to implement + * this interface. Masterkey is stored as a Javacard Key object instead + * of byte array. When master key is stored as a Key object, + * the Javacard OS internally provides appropriate security measures + * to protect the key. The master key is maintained by the + * SEProvider. + */ +public interface KMMasterKey { + +} diff --git a/Applet/src/com/android/javacard/keymaster/KMPreSharedKey.java b/Applet/src/com/android/javacard/keymaster/KMPreSharedKey.java new file mode 100644 index 00000000..7d02db4e --- /dev/null +++ b/Applet/src/com/android/javacard/keymaster/KMPreSharedKey.java @@ -0,0 +1,28 @@ +/* + * Copyright(C) 2020 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" (short)0IS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.android.javacard.keymaster; + +/** + * KMPreSharedKey is a marker interface and the SE Provider has to implement + * this interface. KMPreSharedKey is stored as a Javacard Key object instead + * of byte array. When the shared key is stored as a Key object, + * the Javacard OS internally provides appropriate security measures + * to protect the key. The pre shared key is maintained by the + * SEProvider. + */ +public interface KMPreSharedKey { + +} diff --git a/Applet/src/com/android/javacard/keymaster/KMRepository.java b/Applet/src/com/android/javacard/keymaster/KMRepository.java index 4c30a613..7785c5b6 100644 --- a/Applet/src/com/android/javacard/keymaster/KMRepository.java +++ b/Applet/src/com/android/javacard/keymaster/KMRepository.java @@ -29,7 +29,7 @@ */ public class KMRepository implements KMUpgradable { // Data table configuration - public static final short DATA_INDEX_SIZE = 24; + public static final short DATA_INDEX_SIZE = 21; public static final short DATA_INDEX_ENTRY_SIZE = 4; public static final short DATA_MEM_SIZE = 2048; public static final short HEAP_SIZE = 10000; @@ -42,10 +42,8 @@ public class KMRepository implements KMUpgradable { private static final short OPERATION_HANDLE_ENTRY_SIZE = OPERATION_HANDLE_SIZE + OPERATION_HANDLE_STATUS_SIZE; // Data table offsets - public static final byte MASTER_KEY = 8; - public static final byte SHARED_KEY = 9; - public static final byte COMPUTED_HMAC_KEY = 10; - public static final byte HMAC_NONCE = 11; + public static final byte COMPUTED_HMAC_KEY = 8; + public static final byte HMAC_NONCE = 9; public static final byte ATT_ID_BRAND = 0; public static final byte ATT_ID_DEVICE = 1; public static final byte ATT_ID_PRODUCT = 2; @@ -54,18 +52,17 @@ public class KMRepository implements KMUpgradable { public static final byte ATT_ID_MEID = 5; public static final byte ATT_ID_MANUFACTURER = 6; public static final byte ATT_ID_MODEL = 7; - public static final byte ATT_EC_KEY = 12; - public static final byte CERT_ISSUER = 13; - public static final byte CERT_EXPIRY_TIME = 14; - public static final byte BOOT_OS_VERSION = 15; - public static final byte BOOT_OS_PATCH = 16; - public static final byte VENDOR_PATCH_LEVEL = 17; - public static final byte BOOT_PATCH_LEVEL = 18; - public static final byte BOOT_VERIFIED_BOOT_KEY = 19; - public static final byte BOOT_VERIFIED_BOOT_HASH = 20; - public static final byte BOOT_VERIFIED_BOOT_STATE = 21; - public static final byte BOOT_DEVICE_LOCKED_STATUS = 22; - public static final byte BOOT_DEVICE_LOCKED_TIME = 23; + public static final byte CERT_ISSUER = 10; + public static final byte CERT_EXPIRY_TIME = 11; + public static final byte BOOT_OS_VERSION = 12; + public static final byte BOOT_OS_PATCH = 13; + public static final byte VENDOR_PATCH_LEVEL = 14; + public static final byte BOOT_PATCH_LEVEL = 15; + public static final byte BOOT_VERIFIED_BOOT_KEY = 16; + public static final byte BOOT_VERIFIED_BOOT_HASH = 17; + public static final byte BOOT_VERIFIED_BOOT_STATE = 18; + public static final byte BOOT_DEVICE_LOCKED_STATUS = 19; + public static final byte BOOT_DEVICE_LOCKED_TIME = 20; // Data Item sizes public static final short MASTER_KEY_SIZE = 16; @@ -249,16 +246,6 @@ public void releaseOperation(KMOperationState op) { } } - public void initMasterKey(byte[] key, short start, short len) { - if(len != MASTER_KEY_SIZE) ISOException.throwIt(ISO7816.SW_WRONG_LENGTH); - writeDataEntry(MASTER_KEY,key, start, len); - } - - public void initHmacSharedSecretKey(byte[] key, short start, short len) { - if(len != SHARED_SECRET_KEY_SIZE) KMException.throwIt(KMError.INVALID_INPUT_LENGTH); - writeDataEntry(SHARED_KEY,key,start,len); - } - public void initComputedHmac(byte[] key, short start, short len) { if(len != COMPUTED_HMAC_KEY_SIZE) KMException.throwIt(KMError.INVALID_INPUT_LENGTH); writeDataEntry(COMPUTED_HMAC_KEY,key,start,len); @@ -296,14 +283,9 @@ public void onSelect() { // If write through caching is implemented then this method will restore the data into cache } - public short getMasterKeySecret() { - return readData(MASTER_KEY); - } - // This function uses memory from the back of the heap(transient memory). Call // reclaimMemory function immediately after the use. public short allocReclaimableMemory(short length) { - // TODO Verify the below condition (HEAP_SIZE/2) if ((((short) (reclaimIndex - length)) <= heapIndex) || (length >= HEAP_SIZE / 2)) { ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); @@ -376,7 +358,6 @@ private void clearDataEntry(short id){ if (dataLen != 0) { short dataPtr = Util.getShort(dataTable,(short)(id+DATA_INDEX_ENTRY_OFFSET)); Util.arrayFillNonAtomic(dataTable, dataPtr,dataLen,(byte)0); - //Util.arrayFillNonAtomic(dataTable, id,DATA_INDEX_ENTRY_SIZE,(byte)0); } JCSystem.commitTransaction(); } @@ -422,10 +403,6 @@ public byte[] getHeap() { return heap; } - public short getSharedKey() { - return readData(SHARED_KEY); - } - public short getHmacNonce() { return readData(HMAC_NONCE); } @@ -434,17 +411,6 @@ public short getComputedHmacKey() { return readData(COMPUTED_HMAC_KEY); } - public void persistAttestationKey(short secret) { - writeDataEntry(ATT_EC_KEY, - KMByteBlob.cast(secret).getBuffer(), - KMByteBlob.cast(secret).getStartOff(), - KMByteBlob.cast(secret).length()); - } - - public short getAttKey() { - return readData(ATT_EC_KEY); - } - public void persistAttId(byte id, byte[] buf, short start, short len){ writeDataEntry(id, buf,start,len); } diff --git a/Applet/src/com/android/javacard/keymaster/KMSEProvider.java b/Applet/src/com/android/javacard/keymaster/KMSEProvider.java index 3e981c9a..3b7edcf4 100644 --- a/Applet/src/com/android/javacard/keymaster/KMSEProvider.java +++ b/Applet/src/com/android/javacard/keymaster/KMSEProvider.java @@ -159,6 +159,46 @@ short aesGCMEncrypt( short authTagStart, short authTagLen); + /** + * This function is used to derive a partial secret, which is used to encrypt the keyBlobs. + * This is a oneshot operation that performs encryption operation using AES GCM algorithm. It throws + * CryptoException if algorithm is not supported or if tag length is not equal to 16 or + * nonce length is not equal to 12. + * + * @param aesKey instance of KMMasterKey. + * @param data is the buffer that contains data to encrypt. + * @param dataStart is the start of the data buffer. + * @param dataLen is the length of the data buffer. + * @param encData is the buffer of the output encrypted data. + * @param encDataStart is the start of the encrypted data buffer. + * @param nonce is the buffer of nonce. + * @param nonceStart is the start of the nonce buffer. + * @param nonceLen is the length of the nonce buffer. + * @param authData is the authentication data buffer. + * @param authDataStart is the start of the authentication buffer. + * @param authDataLen is the length of the authentication buffer. + * @param authTag is the buffer to output authentication tag. + * @param authTagStart is the start of the buffer. + * @param authTagLen is the length of the buffer. + * @return length of the encrypted data. + */ + short aesGCMEncrypt( + KMMasterKey aesKey, + byte[] data, + short dataStart, + short dataLen, + byte[] encData, + short encDataStart, + byte[] nonce, + short nonceStart, + short nonceLen, + byte[] authData, + short authDataStart, + short authDataLen, + byte[] authTag, + short authTagStart, + short authTagLen); + /** * This is a oneshot operation that performs decryption operation using AES GCM algorithm. It throws * CryptoException if algorithm is not supported. @@ -205,9 +245,7 @@ boolean aesGCMDecrypt( * This is a oneshot operation that performs key derivation function using cmac kdf (CKDF) as * defined in android keymaster hal definition. * - * @param aesKey is the key to use for ckdf. - * @param aesKeyStart is the start of the aes key buffer. - * @param aesKeyLen is the length of the aes key buffer. + * @param instance of pre-shared key. * @param label is the label to be used for ckdf. * @param labelStart is the start of label. * @param labelLen is the length of the label. @@ -219,9 +257,7 @@ boolean aesGCMDecrypt( * @return length of the derived key buffer in bytes. */ short cmacKdf( - byte[] aesKey, - short aesKeyStart, - short aesKeyLen, + KMPreSharedKey hmacKey, byte[] label, short labelStart, short labelLen, @@ -313,9 +349,7 @@ short rsaDecipherOAEP256( /** * This is a oneshot operation that signs the data using EC private key. * - * @param secret is the private key of P-256 curve. - * @param secretStart is the start of the private key buffer. - * @param secretLength is the length of the private buffer in bytes. + * @param instance of KMAttestationKey. * @param inputDataBuf is the buffer of the input data. * @param inputDataStart is the start of the input data buffer. * @param inputDataLength is the length of the inpur data buffer in bytes. @@ -324,9 +358,7 @@ short rsaDecipherOAEP256( * @return length of the decrypted data. */ short ecSign256( - byte[] secret, - short secretStart, - short secretLength, + KMAttestationKey ecPrivKey, byte[] inputDataBuf, short inputDataStart, short inputDataLength, @@ -472,4 +504,62 @@ KMOperation initAsymmetricOperation( * @return true if upgrading, otherwise false. */ boolean isUpgrading(); + + /** + * This function generates an AES Key of keySizeBits, which is used as + * an master key. This generated key is maintained by the SEProvider. + * This function should be called only once at the time of installation. + * + * @param keySizeBits key size in bits. + * @return An instance of KMMasterKey. + */ + KMMasterKey createMasterKey(short keySizeBits); + + /** + * This function creates an ECKey and initializes the ECPrivateKey with + * the provided input key data. The initialized Key is maintained by the + * SEProvider. This function should be called only while provisioning the + * attestation key. + * + * @param keyData buffer containing the ec private key. + * @param offset start of the buffer. + * @param length length of the buffer. + * @return An instance of KMAttestationKey. + */ + KMAttestationKey createAttestationKey(byte[] keyData, short offset, short length); + + /** + * This function creates an HMACKey and initializes the key with the + * provided input key data. This created key is maintained by the + * SEProvider. This function should be called only while provisioing the + * pre-shared secret. + * + * @param keyData buffer containing the key data. + * @param offset start of the buffer. + * @param length length of the buffer. + * @return An instance of KMPreSharedKey. + */ + KMPreSharedKey createPresharedKey(byte[] keyData, short offset, short length); + + /** + * Returns the master key. + * + * @return Instance of the KMMasterKey + */ + KMMasterKey getMasterKey(); + + /** + * Returns the attestation key. + * + * @return Instance of the KMAttestationKey. + */ + KMAttestationKey getAttestationKey(); + + /** + * Returns the preshared key. + * + * @return Instance of the KMPreSharedKey. + */ + KMPreSharedKey getPresharedKey(); + } From c87b191e68e2323bd410468d28170d556fa5345f Mon Sep 17 00:00:00 2001 From: bvenkateswarlu Date: Sat, 6 Feb 2021 20:35:12 +0530 Subject: [PATCH 059/169] Updated the documentation comments --- .../com/android/javacard/keymaster/KMAttestationKey.java | 8 +++----- .../src/com/android/javacard/keymaster/KMMasterKey.java | 6 ++---- .../com/android/javacard/keymaster/KMPreSharedKey.java | 6 ++---- 3 files changed, 7 insertions(+), 13 deletions(-) diff --git a/Applet/src/com/android/javacard/keymaster/KMAttestationKey.java b/Applet/src/com/android/javacard/keymaster/KMAttestationKey.java index 4b6213ee..8582d2b2 100644 --- a/Applet/src/com/android/javacard/keymaster/KMAttestationKey.java +++ b/Applet/src/com/android/javacard/keymaster/KMAttestationKey.java @@ -17,11 +17,9 @@ /** * KMAttestationKey is a marker interface and the SE Provider has to implement - * this interface. KMAttestationKey is stored as a Javacard KeyPair object instead - * of byte array. When the attestation key is stored as a KeyPair object, - * the Javacard OS internally provides appropriate security measures - * to protect the key. The attestation key is maintained by the - * SEProvider. + * this interface. Internally attestation key is stored as a Javacard EC + * key pair object, which will provide additional security. + * The attestation key is maintained by the SEProvider. */ public interface KMAttestationKey { diff --git a/Applet/src/com/android/javacard/keymaster/KMMasterKey.java b/Applet/src/com/android/javacard/keymaster/KMMasterKey.java index 0b7b1a6a..0ceb6291 100644 --- a/Applet/src/com/android/javacard/keymaster/KMMasterKey.java +++ b/Applet/src/com/android/javacard/keymaster/KMMasterKey.java @@ -17,10 +17,8 @@ /** * KMMasterKey is a marker interface and the SE Provider has to implement - * this interface. Masterkey is stored as a Javacard Key object instead - * of byte array. When master key is stored as a Key object, - * the Javacard OS internally provides appropriate security measures - * to protect the key. The master key is maintained by the + * this interface. Internally Masterkey is stored as a Javacard AES key object, + * which will provide additional security. The master key is maintained by the * SEProvider. */ public interface KMMasterKey { diff --git a/Applet/src/com/android/javacard/keymaster/KMPreSharedKey.java b/Applet/src/com/android/javacard/keymaster/KMPreSharedKey.java index 7d02db4e..71dfcae6 100644 --- a/Applet/src/com/android/javacard/keymaster/KMPreSharedKey.java +++ b/Applet/src/com/android/javacard/keymaster/KMPreSharedKey.java @@ -17,10 +17,8 @@ /** * KMPreSharedKey is a marker interface and the SE Provider has to implement - * this interface. KMPreSharedKey is stored as a Javacard Key object instead - * of byte array. When the shared key is stored as a Key object, - * the Javacard OS internally provides appropriate security measures - * to protect the key. The pre shared key is maintained by the + * this interface. Internally Preshared key is stored as a Javacard HMac key object, + * which will provide additional security. The pre-shared key is maintained by the * SEProvider. */ public interface KMPreSharedKey { From d2f293e0cd502171ebdd804f745d923dd342b499 Mon Sep 17 00:00:00 2001 From: bvenkateswarlu Date: Sat, 6 Feb 2021 20:44:06 +0530 Subject: [PATCH 060/169] Changed the key derivation alogorithm to hmac sign Root of trust now contains VerifiedBootKey, VerifiedBootKeyHash, bootState, deviceLocked state. --- .../keymaster/KMAndroidSEProvider.java | 28 +-- .../javacard/keymaster/KMJCardSimulator.java | 42 +--- .../javacard/keymaster/KMKeymasterApplet.java | 210 +++--------------- .../javacard/keymaster/KMRepository.java | 70 +++++- .../javacard/keymaster/KMSEProvider.java | 60 ++--- 5 files changed, 131 insertions(+), 279 deletions(-) diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java index d182ca02..b04cb362 100644 --- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java +++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java @@ -751,6 +751,21 @@ public short hmacSign(byte[] keyBuf, short keyStart, short keyLength, return hmacSign(key, data, dataStart, dataLength, mac, macStart); } + @Override + public short hmacSign(KMMasterKey masterkey, byte[] data, short dataStart, + short dataLength, byte[] signature, short signatureStart) { + try { + AESKey aesKey = ((KMAESKey) masterkey).getKey(); + aesKey.getKey(tmpArray, (short) 0); + HMACKey key = createHMACKey(tmpArray, (short) 0, + (short) (aesKey.getSize() / 8)); + return hmacSign(key, data, dataStart, dataLength, signature, + signatureStart); + } finally { + clean(); + } + } + @Override public boolean hmacVerify(byte[] keyBuf, short keyStart, short keyLength, byte[] data, short dataStart, short dataLength, byte[] mac, @@ -1320,17 +1335,4 @@ public KMAttestationKey getAttestationKey() { public KMPreSharedKey getPresharedKey() { return (KMPreSharedKey) preSharedKey; } - - @Override - public short aesGCMEncrypt(KMMasterKey key, byte[] secret, short secretStart, - short secretLen, byte[] encSecret, short encSecretStart, - byte[] nonce, short nonceStart, short nonceLen, byte[] authData, - short authDataStart, short authDataLen, byte[] authTag, - short authTagStart, short authTagLen) { - - return aesGCMEncrypt(((KMAESKey) key).getKey(), secret, secretStart, - secretLen, encSecret, encSecretStart, nonce, nonceStart, nonceLen, - authData, authDataStart, authDataLen, authTag, authTagStart, - authTagLen); - } } diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java index 2c7001b2..2ef4f873 100644 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java +++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java @@ -539,6 +539,17 @@ public boolean hmacVerify(HMACKey key, byte[] data, short dataStart, short dataL return hmacSignature.verify(data, dataStart, dataLength, mac, macStart, macLength); } + @Override + public short hmacSignkdf(KMMasterKey masterkey, byte[] data, short dataStart, + short dataLength, byte[] signature, short signatureStart) { + KMAESKey aesKey = (KMAESKey) masterkey; + short keyLen = (short) (aesKey.getKeySizeBits() / 8); + byte[] keyData = new byte[keyLen]; + aesKey.getKey(keyData, (short) 0); + return hmacSign(keyData, (short) 0, keyLen, data, dataStart, dataLength, + signature, signatureStart); + } + @Override public short hmacSign(byte[] keyBuf, short keyStart, short keyLength, byte[] data, short dataStart, short dataLength, byte[] mac, short macStart) { HMACKey key = createHMACKey(keyBuf,keyStart,keyLength); @@ -1360,35 +1371,4 @@ public KMAttestationKey getAttestationKey() { public KMPreSharedKey getPresharedKey() { return (KMPreSharedKey) preSharedKey; } - - @Override - public short aesGCMEncrypt(KMMasterKey masterKey, byte[] secret, short secretStart, - short secretLen, byte[] encSecret, short encSecretStart, byte[] nonce, - short nonceStart, short nonceLen, byte[] authData, - short authDataStart, short authDataLen, byte[] authTag, - short authTagStart, short authTagLen) { - KMAESKey aesKey = (KMAESKey) masterKey; - short keyLen = aesKey.getKeySizeBits(); - keyLen = (short) (keyLen / 8); - byte[] keyBuf = new byte[keyLen]; - aesKey.getKey(keyBuf, (short)0); - return aesGCMEncrypt( - keyBuf, - (short) 0, - keyLen, - secret, - secretStart, - secretLen, - encSecret, - encSecretStart, - nonce, - nonceStart, - nonceLen, - authData, - authDataStart, - authDataLen, - authTag, - authTagStart, - authTagLen); - } } diff --git a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java index 4cf028e5..f7b34db5 100644 --- a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java +++ b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java @@ -39,6 +39,7 @@ public class KMKeymasterApplet extends Applet implements AppletEvent, ExtendedLe private static final byte CLA_ISO7816_NO_SM_NO_CHAN = (byte) 0x80; private static final short KM_HAL_VERSION = (short) 0x4000; private static final short MAX_AUTH_DATA_SIZE = (short) 512; + private static final short DERIVE_KEY_INPUT_SIZE = (short) 256; // "Keymaster HMAC Verification" - used for HMAC key verification. public static final byte[] sharingCheck = { @@ -524,11 +525,8 @@ private void processDeviceLockedCmd(APDU apdu) { if (KMInteger.compare(verTime, lastDeviceLockedTime) > 0) { Util.arrayFillNonAtomic(scratchPad, (short) 0, (short) 8, (byte) 0); KMInteger.cast(verTime).getValue(scratchPad, (short) 0, (short) 8); - // repository.deviceLockedFlag = true; repository.setDeviceLock(true); - // repository.deviceUnlockPasswordOnly = (tmpVariables[1] == 0x01); repository.setDeviceLockPasswordOnly(tmpVariables[1] == 0x01); - // Util.arrayCopy(scratchPad,(short)0,repository.deviceLockedTimestamp,(short)0,(short)repository.deviceLockedTimestamp.length); repository.setDeviceLockTimestamp(scratchPad, (short) 0, (short) 8); } sendError(apdu, KMError.OK); @@ -549,7 +547,6 @@ public static void sendOutgoing(APDU apdu) { } // Send data apdu.setOutgoing(); - // short currentBlockSize = apdu.getOutBlockSize(); apdu.setOutgoingLength(bufferLength); apdu.sendBytesLong(buffer, bufferStartOffset, bufferLength); } @@ -917,7 +914,6 @@ private void processDeleteKeyCmd(APDU apdu) { // Receive the incoming request fully from the master. receiveIncoming(apdu); - // Util.arrayFillNonAtomic(scratchPad, (short) 0, (short) apdu.getBuffer().length, (byte) 0); // Arguments short argsProto = KMArray.instance((short) 1); KMArray.cast(argsProto).add((short) 0, KMByteBlob.exp()); @@ -1421,7 +1417,7 @@ private void processAttestKeyCmd(APDU apdu) { addTags( KMKeyCharacteristics.cast(data[KEY_CHARACTERISTICS]).getSoftwareEnforced(), false, cert); - cert.deviceLocked(repository.getDeviceLock()); + cert.deviceLocked(repository.getBootLoaderLock()); cert.issuer(repository.getIssuer()); cert.publicKey(data[PUB_KEY]); cert.verifiedBootHash(repository.getVerifiedBootHash()); @@ -1429,7 +1425,7 @@ private void processAttestKeyCmd(APDU apdu) { cert.verifiedBootKey(repository.getVerifiedBootKey()); cert.verifiedBootState(repository.getBootState()); // buffer for cert - we allocate 2KBytes buffer - // TODO make this buffer size configurable + // make this buffer size configurable tmpVariables[3] = KMByteBlob.instance(MAX_CERT_SIZE); buffer = KMByteBlob.cast(tmpVariables[3]).getBuffer(); bufferStartOffset = KMByteBlob.cast(tmpVariables[3]).getStartOff(); @@ -1465,24 +1461,6 @@ private void addAttestationIds(KMAttestationCert cert) { } index++; } - /* - if(repository.isAttIdSupported()){ - short attTag; - short blob; - byte index = 0; - while (index < repository.ATT_ID_TABLE_SIZE) { - if (repository.getAttIdLen(index) != 0) { - blob = KMByteBlob.instance( - repository.getAttIdBuffer(index), - repository.getAttIdOffset(index), - repository.getAttIdLen(index)); - attTag = KMByteTag.instance(repository.getAttIdTag(index), blob); - cert.extensionTag(attTag,true); - index++; - } - } - } - */ } private void addTags(short params, boolean hwEnforced, KMAttestationCert cert) { @@ -1631,10 +1609,6 @@ private void processFinishOperationCmd(APDU apdu) { private void finishEncryptOperation(KMOperationState op, byte[] scratchPad) { short len = KMByteBlob.cast(data[INPUT_DATA]).length(); switch (op.getAlgorithm()) { - // - // RSA Encryption is only supported for testing purpose - // TODO remove this later on if not required - // case KMType.RSA: // Output size is always 256 bytes data[OUTPUT_DATA] = KMByteBlob.instance((short) 256); @@ -1693,8 +1667,6 @@ private void finishEncryptOperation(KMOperationState op, byte[] scratchPad) { private void finishDecryptOperation(KMOperationState op, byte[] scratchPad) { short len = KMByteBlob.cast(data[INPUT_DATA]).length(); switch (op.getAlgorithm()) { - // Only supported for testing purpose - // TODO remove this later on case KMType.RSA: // Fill the scratch pad with zero Util.arrayFillNonAtomic(scratchPad, (short) 0, (short) 256, (byte) 0); @@ -1907,7 +1879,6 @@ private void authorizeUpdateFinishOperation(KMOperationState op, byte[] scratchP if (KMInteger.compare(tmpVariables[0], tmpVariables[2]) < 0) { KMException.throwIt(KMError.KEY_USER_NOT_AUTHENTICATED); } - // TODO this is not needed op.setAuthTimeoutValidated(true); } else if (op.isAuthPerOperationReqd()) { // If Auth per operation is required tmpVariables[0] = KMHardwareAuthToken.cast(data[HW_TOKEN]).getChallenge(); @@ -1930,11 +1901,6 @@ private void authorizeDeviceUnlock(short hwToken) { ptr = KMHardwareAuthToken.cast(hwToken).getTimestamp(); // Check if the current auth time stamp is greater then device locked time stamp short ts = repository.getDeviceTimeStamp(); - /*if (KMInteger.compare(ptr, KMInteger.uint_64(repository.deviceLockedTimestamp, (short) 0)) - <= 0) { - KMException.throwIt(KMError.DEVICE_LOCKED); - } - */ if (KMInteger.compare(ptr, ts) <= 0) { KMException.throwIt(KMError.DEVICE_LOCKED); } @@ -1951,7 +1917,6 @@ private void authorizeDeviceUnlock(short hwToken) { // repository.deviceLockedFlag = false; repository.setDeviceLock(false); repository.clearDeviceLockTimeStamp(); - // Util.arrayFillNonAtomic(repository.deviceLockedTimestamp, (short) 0, (short) 8, (byte) 0); } } @@ -2006,16 +1971,6 @@ private void validateVerificationToken(short verToken, byte[] scratchPad) { // hmac the data ptr = KMVerificationToken.cast(verToken).getMac(); short key = repository.getComputedHmacKey(); - /*boolean verified = - seProvider.hmacVerify(repository.getComputedHmacKey(), - (short) 0, - (short) repository.getComputedHmacKey().length, - scratchPad, (short) 0, len, - KMByteBlob.cast(ptr).getBuffer(), - KMByteBlob.cast(ptr).getStartOff(), - KMByteBlob.cast(ptr).length()); - - */ boolean verified = seProvider.hmacVerify( KMByteBlob.cast(key).getBuffer(), @@ -2509,8 +2464,6 @@ private void authorizeAndBeginOperation(KMOperationState op, byte[] scratchPad) private void beginCipherOperation(KMOperationState op) { switch (op.getAlgorithm()) { - // Not required to be supported - supported for testing purpose - // TODO remove this later case KMType.RSA: try { if (op.getPurpose() == KMType.DECRYPT) { @@ -2550,7 +2503,6 @@ private void beginCipherOperation(KMOperationState op) { op.setAesGcmUpdateStart(); } try { - // if (data[IV] != KMType.INVALID_VALUE) { op.setOperation( seProvider.initSymmetricOperation( (byte) op.getPurpose(), @@ -2769,15 +2721,6 @@ private boolean validateHwToken(short hwToken, byte[] scratchPad) { // hmac the data ptr = KMHardwareAuthToken.cast(hwToken).getMac(); short key = repository.getComputedHmacKey(); - /*return seProvider.hmacVerify( - repository.getComputedHmacKey(), - (short) 0, - (short) repository.getComputedHmacKey().length, - scratchPad, (short) 0, len, - KMByteBlob.cast(ptr).getBuffer(), - KMByteBlob.cast(ptr).getStartOff(), - KMByteBlob.cast(ptr).length()); - */ return seProvider.hmacVerify( KMByteBlob.cast(key).getBuffer(), KMByteBlob.cast(key).getStartOff(), @@ -3219,7 +3162,6 @@ private void processSetBootParamsCmd(APDU apdu) { KMArray.cast(argsProto).add((short) 6, tmpVariables[6]); KMArray.cast(argsProto).add((short) 7, tmpVariables[7]); // Decode the arguments - // System.out.println("Process boot params buffer: "+byteArrayToHexString(buffer)); short args = decoder.decode(argsProto, buffer, bufferStartOffset, bufferLength); //reclaim memory repository.reclaimMemory(bufferLength); @@ -3280,7 +3222,7 @@ private void processSetBootParamsCmd(APDU apdu) { repository.setBootState(enumVal); enumVal = KMEnum.cast(tmpVariables[7]).getVal(); - repository.setDeviceLock(enumVal == KMType.DEVICE_LOCKED_TRUE); + repository.setBootloaderLocked(enumVal == KMType.DEVICE_LOCKED_TRUE); // Clear the Computed SharedHmac and Hmac nonce from persistent memory. repository.clearComputedHmac(); @@ -3422,7 +3364,6 @@ private static void generateRSAKey(byte[] scratchPad) { // Validate RSA Key validateRSAKey(scratchPad); // Now generate 2048 bit RSA keypair for the given exponent - // KeyPair rsaKey = seProvider.createRsaKeyPair(); short[] lengths = tmpVariables; data[PUB_KEY] = KMByteBlob.instance((short) 256); data[SECRET] = KMByteBlob.instance((short) 256); @@ -3480,8 +3421,6 @@ private static void generateAESKey(byte[] scratchPad) { validateAESKey(); tmpVariables[0] = KMIntegerTag.getShortValue(KMType.UINT_TAG, KMType.KEYSIZE, data[KEY_PARAMETERS]); - // AESKey aesKey = seProvider.createAESKey(tmpVariables[0]); - // tmpVariables[0] = aesKey.getKey(scratchPad, (short) 0); tmpVariables[0] = seProvider.createSymmetricKey(KMType.AES, tmpVariables[0], scratchPad, (short) 0); data[SECRET] = KMByteBlob.instance(scratchPad, (short) 0, tmpVariables[0]); @@ -3504,7 +3443,6 @@ private static void validateECKeys() { private static void generateECKeys(byte[] scratchPad) { validateECKeys(); - // KeyPair ecKey = seProvider.createECKeyPair(); short[] lengths = tmpVariables; seProvider.createAsymmetricKey( KMType.EC, @@ -3515,9 +3453,7 @@ private static void generateECKeys(byte[] scratchPad) { (short) 128, (short) 128, lengths); - // tmpVariables[5] = ((ECPublicKey) ecKey.getPublic()).getW(scratchPad, (short) 0); data[PUB_KEY] = KMByteBlob.instance(scratchPad, (short) 128, lengths[1]); - // tmpVariables[5] = ((ECPrivateKey) ecKey.getPrivate()).getS(scratchPad, (short) 0); data[SECRET] = KMByteBlob.instance(scratchPad, (short) 0, lengths[0]); data[KEY_BLOB] = KMArray.instance((short) 5); KMArray.cast(data[KEY_BLOB]).add(KEY_BLOB_PUB_KEY, data[PUB_KEY]); @@ -3543,8 +3479,6 @@ private static void validateTDESKey() { private static void generateTDESKey(byte[] scratchPad) { validateTDESKey(); - // DESKey desKey = seProvider.createTDESKey(); - // tmpVariables[0] = desKey.getKey(scratchPad, (short) 0); tmpVariables[0] = seProvider.createSymmetricKey(KMType.DES, (short) 168, scratchPad, (short) 0); data[SECRET] = KMByteBlob.instance(scratchPad, (short) 0, tmpVariables[0]); data[KEY_BLOB] = KMArray.instance((short) 4); @@ -3590,8 +3524,6 @@ private static void generateHmacKey(byte[] scratchPad) { tmpVariables[0] = KMIntegerTag.getShortValue(KMType.UINT_TAG, KMType.KEYSIZE, data[KEY_PARAMETERS]); // generate HMAC Key - // HMACKey hmacKey = seProvider.createHMACKey(tmpVariables[1]); - // tmpVariables[0] = hmacKey.getKey(scratchPad, (short) 0); tmpVariables[0] = seProvider.createSymmetricKey(KMType.HMAC, tmpVariables[0], scratchPad, (short) 0); data[SECRET] = KMByteBlob.instance(scratchPad, (short) 0, tmpVariables[0]); @@ -3618,20 +3550,6 @@ private void checkVersionAndPatchLevel(byte[] scratchPad) { KMException.throwIt(KMError.KEY_REQUIRES_UPGRADE); } } - /* - if ((tmpVariables[0] != KMType.INVALID_VALUE) - && (Util.arrayCompare( - repository.osVersion, (short) 0, scratchPad, (short) 0, tmpVariables[0]) - != 0)) { - if (Util.arrayCompare(repository.osVersion, (short) 0, scratchPad, (short) 0, tmpVariables[0]) - == -1) { - // If the key characteristics has os version > current os version - KMException.throwIt(KMError.INVALID_KEY_BLOB); - } else { - KMException.throwIt(KMError.KEY_REQUIRES_UPGRADE); - } - } - */ tmpVariables[0] = KMIntegerTag.getValue( scratchPad, (short) 0, KMType.UINT_TAG, KMType.OS_PATCH_LEVEL, data[HW_PARAMETERS]); @@ -3650,18 +3568,6 @@ private void checkVersionAndPatchLevel(byte[] scratchPad) { KMException.throwIt(KMError.KEY_REQUIRES_UPGRADE); } } - /*if ((tmpVariables[0] != KMType.INVALID_VALUE) - && (Util.arrayCompare(repository.osPatch, (short) 0, scratchPad, (short) 0, tmpVariables[0]) - != 0)) { - if (Util.arrayCompare(repository.osPatch, (short) 0, scratchPad, (short) 0, tmpVariables[0]) - == -1) { - // If the key characteristics has os patch level > current os patch - KMException.throwIt(KMError.INVALID_KEY_BLOB); - } else { - KMException.throwIt(KMError.KEY_REQUIRES_UPGRADE); - } - } - */ } private static void makeKeyCharacteristics(byte[] scratchPad) { @@ -3688,7 +3594,7 @@ private static void createEncryptedKeyBlob(byte[] scratchPad) { // make key characteristics - returns key characteristics in data[KEY_CHARACTERISTICS] makeKeyCharacteristics(scratchPad); // make root of trust blob - data[ROT] = repository.getVerifiedBootKey(); + data[ROT] = repository.readROT(); // make hidden key params list data[HIDDEN_PARAMETERS] = @@ -3747,11 +3653,7 @@ private static void parseEncryptedKeyBlob(byte[] scratchPad) { KMKeyCharacteristics.cast(data[KEY_CHARACTERISTICS]).getHardwareEnforced(); data[SW_PARAMETERS] = KMKeyCharacteristics.cast(data[KEY_CHARACTERISTICS]).getSoftwareEnforced(); - // make root of trust blob - // data[ROT] = - // KMByteBlob.instance( - // repository.verifiedBootKey, (short) 0, (short) repository.verifiedBootKey.length); - data[ROT] = repository.getVerifiedBootKey(); + data[ROT] = repository.readROT(); data[HIDDEN_PARAMETERS] = KMKeyParameters.makeHidden(data[APP_ID], data[APP_DATA], data[ROT], scratchPad); @@ -3880,59 +3782,37 @@ private static short addPtrToAAD(short dataArrPtr, byte[] aadBuf, short offset) private static short deriveKey(byte[] scratchPad) { tmpVariables[0] = KMKeyParameters.cast(data[HIDDEN_PARAMETERS]).getVals(); - tmpVariables[1] = repository.alloc((short) 256); + tmpVariables[1] = repository.alloc(DERIVE_KEY_INPUT_SIZE); // generate derivation material from hidden parameters tmpVariables[2] = encoder.encode(tmpVariables[0], repository.getHeap(), tmpVariables[1]); + if (DERIVE_KEY_INPUT_SIZE > tmpVariables[2]) { + // Copy KeyCharacteristics in the remaining space of DERIVE_KEY_INPUT_SIZE + Util.arrayCopyNonAtomic(repository.getHeap(), (short) (data[AUTH_DATA]), + repository.getHeap(), + (short) (tmpVariables[1] + tmpVariables[2]), + (short) (DERIVE_KEY_INPUT_SIZE - tmpVariables[2])); + } // KeyDerivation: - // 1. AesGCM Encryption, with below input parameters. - // authData - HIDDEN_PARAMTERS - // Key - Master Key - // InputData - KeyCharacteristics - // IV - NONCE - // 2. After encryption it generates two outputs - // a. Encrypted output - // b. Auth Tag - // 3. Do HMAC Sign, with below input parameters. - // Key - Auth Tag (Generated in step 2). - // Input data - Encrypted output (Generated in step 2). - // 4. HMAC Sign generates an output of 32 bytes length. + // 1. Do HMAC Sign, with below input parameters. + // Key - 128 bit master key + // Input data - HIDDEN_PARAMETERS + KeyCharacateristics + // - Truncate beyond 256 bytes. + // 2. HMAC Sign generates an output of 32 bytes length. // Consume only first 16 bytes as derived key. - tmpVariables[5] = repository.alloc(AES_GCM_AUTH_TAG_LENGTH); - tmpVariables[3] = - seProvider.aesGCMEncrypt( - seProvider.getMasterKey(), - repository.getHeap(), - data[AUTH_DATA], - data[AUTH_DATA_LENGTH], - scratchPad, - (short) 0, - KMByteBlob.cast(data[NONCE]).getBuffer(), - KMByteBlob.cast(data[NONCE]).getStartOff(), - KMByteBlob.cast(data[NONCE]).length(), - repository.getHeap(), - tmpVariables[1], - tmpVariables[2], - repository.getHeap(), - tmpVariables[5], - AES_GCM_AUTH_TAG_LENGTH); // Hmac sign. - tmpVariables[3] = seProvider.hmacSign( + tmpVariables[3] = seProvider.hmacSignkdf( + seProvider.getMasterKey(), repository.getHeap(), - tmpVariables[5], - AES_GCM_AUTH_TAG_LENGTH, + tmpVariables[1], + DERIVE_KEY_INPUT_SIZE, scratchPad, - (short) 0, - tmpVariables[3], - repository.getHeap(), - tmpVariables[1]); + (short) 0); if (tmpVariables[3] < 16) { KMException.throwIt(KMError.UNKNOWN_ERROR); } tmpVariables[3] = 16; - Util.arrayCopyNonAtomic(repository.getHeap(), tmpVariables[1], scratchPad, - (short) 0, tmpVariables[3]); // store the derived secret in data dictionary - data[DERIVED_KEY] = repository.alloc(tmpVariables[3]); + data[DERIVED_KEY] = tmpVariables[1]; Util.arrayCopyNonAtomic( scratchPad, (short) 0, repository.getHeap(), data[DERIVED_KEY], tmpVariables[3]); return tmpVariables[3]; @@ -3977,44 +3857,4 @@ private void add(byte[] buf, short op1, short op2, short result) { index--; } } -/* - @Override - public void onCleanup() { - } - - @Override - public void onConsolidate() { - } - - @Override - public void onRestore(Element element) { - element.initRead(); - provisionStatus = element.readByte(); - keymasterState = element.readByte(); - repository.onRestore(element); - seProvider.onRestore(element); - } - - @Override - public Element onSave() { - // SEProvider count - short primitiveCount = seProvider.getBackupPrimitiveByteCount(); - short objectCount = seProvider.getBackupObjectCount(); - //Repository count - primitiveCount += repository.getBackupPrimitiveByteCount(); - objectCount += repository.getBackupObjectCount(); - //KMKeymasterApplet count - primitiveCount += computePrimitveDataSize(); - objectCount += computeObjectCount(); - - // Create element. - Element element = UpgradeManager.createElement(Element.TYPE_SIMPLE, - primitiveCount, objectCount); - element.write(provisionStatus); - element.write(keymasterState); - repository.onSave(element); - seProvider.onSave(element); - return element; - } -*/ } diff --git a/Applet/src/com/android/javacard/keymaster/KMRepository.java b/Applet/src/com/android/javacard/keymaster/KMRepository.java index 7785c5b6..ee7cc6a8 100644 --- a/Applet/src/com/android/javacard/keymaster/KMRepository.java +++ b/Applet/src/com/android/javacard/keymaster/KMRepository.java @@ -29,7 +29,7 @@ */ public class KMRepository implements KMUpgradable { // Data table configuration - public static final short DATA_INDEX_SIZE = 21; + public static final short DATA_INDEX_SIZE = 22; public static final short DATA_INDEX_ENTRY_SIZE = 4; public static final short DATA_MEM_SIZE = 2048; public static final short HEAP_SIZE = 10000; @@ -62,7 +62,8 @@ public class KMRepository implements KMUpgradable { public static final byte BOOT_VERIFIED_BOOT_HASH = 17; public static final byte BOOT_VERIFIED_BOOT_STATE = 18; public static final byte BOOT_DEVICE_LOCKED_STATUS = 19; - public static final byte BOOT_DEVICE_LOCKED_TIME = 20; + public static final byte DEVICE_LOCKED_TIME = 20; + public static final byte DEVICE_LOCKED = 21; // Data Item sizes public static final short MASTER_KEY_SIZE = 16; @@ -111,6 +112,11 @@ public KMRepository(boolean isUpgrading) { new Object[KMOperationState.MAX_REFS]}}; index++; } + //Initialize the device locked status + if (!isUpgrading) { + setDeviceLock(false); + setDeviceLockPasswordOnly(false); + } repository = this; } @@ -165,7 +171,6 @@ public KMOperationState reserveOperation(short opHandle){ return null; } - //TODO refactor following method public void persistOperation(byte[] data, short opHandle, KMOperation op) { short index = 0; byte[] opId; @@ -496,6 +501,39 @@ public short getOsPatch(){ } } + public short readROT() { + short length = dataLength(BOOT_VERIFIED_BOOT_KEY); + length += dataLength(BOOT_VERIFIED_BOOT_HASH); + length += dataLength(BOOT_VERIFIED_BOOT_STATE); + length += dataLength(BOOT_DEVICE_LOCKED_STATUS); + short blob = KMByteBlob.instance(length); + if((length = readDataEntry( + BOOT_VERIFIED_BOOT_KEY, + KMByteBlob.cast(blob).getBuffer(), + KMByteBlob.cast(blob).getStartOff())) == 0){ + return 0; + } + if((length += readDataEntry( + BOOT_VERIFIED_BOOT_HASH, + KMByteBlob.cast(blob).getBuffer(), + (short) (KMByteBlob.cast(blob).getStartOff() + length))) == 0){ + return 0; + } + if((length += readDataEntry( + BOOT_VERIFIED_BOOT_STATE, + KMByteBlob.cast(blob).getBuffer(), + (short) (KMByteBlob.cast(blob).getStartOff() + length))) == 0){ + return 0; + } + if((length += readDataEntry( + BOOT_DEVICE_LOCKED_STATUS, + KMByteBlob.cast(blob).getBuffer(), + (short) (KMByteBlob.cast(blob).getStartOff() + length))) == 0){ + return 0; + } + return blob; + } + public short getVerifiedBootKey(){ return readData(BOOT_VERIFIED_BOOT_KEY); } @@ -504,7 +542,7 @@ public short getVerifiedBootHash(){ return readData(BOOT_VERIFIED_BOOT_HASH); } - public boolean getDeviceLock(){ + public boolean getBootLoaderLock() { short blob = readData(BOOT_DEVICE_LOCKED_STATUS); return (byte)((getHeap())[KMByteBlob.cast(blob).getStartOff()] & 0xFE) != 0; } @@ -514,13 +552,18 @@ public byte getBootState(){ return (getHeap())[KMByteBlob.cast(blob).getStartOff()]; } + public boolean getDeviceLock(){ + short blob = readData(DEVICE_LOCKED); + return (byte)((getHeap())[KMByteBlob.cast(blob).getStartOff()] & 0xFE) != 0; + } + public boolean getDeviceLockPasswordOnly(){ - short blob = readData(BOOT_DEVICE_LOCKED_STATUS); + short blob = readData(DEVICE_LOCKED); return (byte)((getHeap())[KMByteBlob.cast(blob).getStartOff()] & 0xFD) != 0; } public short getDeviceTimeStamp(){ - short blob = readData(BOOT_DEVICE_LOCKED_TIME); + short blob = readData(DEVICE_LOCKED_TIME); if(blob != 0){ return KMInteger.uint_64(KMByteBlob.cast(blob).getBuffer(), KMByteBlob.cast(blob).getStartOff()); @@ -546,27 +589,34 @@ public void setBootPatchLevel(byte[] buf, short start, short len) { writeDataEntry(BOOT_PATCH_LEVEL, buf, start, len); } - public void setDeviceLock(boolean flag){ + public void setBootloaderLocked(boolean flag) { short start = alloc(DEVICE_LOCK_FLAG_SIZE); if(flag) (getHeap())[start] = (byte)((getHeap())[start] | 0x01); else (getHeap())[start] = (byte)((getHeap())[start] & 0xFE); writeDataEntry(BOOT_DEVICE_LOCKED_STATUS,getHeap(),start,DEVICE_LOCK_FLAG_SIZE); } + public void setDeviceLock(boolean flag){ + short start = alloc(DEVICE_LOCK_FLAG_SIZE); + if(flag) (getHeap())[start] = (byte)((getHeap())[start] | 0x01); + else (getHeap())[start] = (byte)((getHeap())[start] & 0xFE); + writeDataEntry(DEVICE_LOCKED,getHeap(),start,DEVICE_LOCK_FLAG_SIZE); + } + public void setDeviceLockPasswordOnly(boolean flag){ short start = alloc(DEVICE_LOCK_FLAG_SIZE); if(flag) (getHeap())[start] = (byte)((getHeap())[start] | 0x02); else (getHeap())[start] = (byte)((getHeap())[start] & 0xFD); - writeDataEntry(BOOT_DEVICE_LOCKED_STATUS,getHeap(),start,DEVICE_LOCK_FLAG_SIZE); + writeDataEntry(DEVICE_LOCKED,getHeap(),start,DEVICE_LOCK_FLAG_SIZE); } public void setDeviceLockTimestamp(byte[] buf, short start, short len){ if(len != DEVICE_LOCK_TS_SIZE) KMException.throwIt(KMError.INVALID_INPUT_LENGTH); - writeDataEntry(BOOT_DEVICE_LOCKED_TIME, buf, start,len); + writeDataEntry(DEVICE_LOCKED_TIME, buf, start,len); } public void clearDeviceLockTimeStamp(){ - clearDataEntry(BOOT_DEVICE_LOCKED_TIME); + clearDataEntry(DEVICE_LOCKED_TIME); } public void setOsPatch(byte[] buf, short start, short len){ diff --git a/Applet/src/com/android/javacard/keymaster/KMSEProvider.java b/Applet/src/com/android/javacard/keymaster/KMSEProvider.java index 3b7edcf4..022eb6cd 100644 --- a/Applet/src/com/android/javacard/keymaster/KMSEProvider.java +++ b/Applet/src/com/android/javacard/keymaster/KMSEProvider.java @@ -159,46 +159,6 @@ short aesGCMEncrypt( short authTagStart, short authTagLen); - /** - * This function is used to derive a partial secret, which is used to encrypt the keyBlobs. - * This is a oneshot operation that performs encryption operation using AES GCM algorithm. It throws - * CryptoException if algorithm is not supported or if tag length is not equal to 16 or - * nonce length is not equal to 12. - * - * @param aesKey instance of KMMasterKey. - * @param data is the buffer that contains data to encrypt. - * @param dataStart is the start of the data buffer. - * @param dataLen is the length of the data buffer. - * @param encData is the buffer of the output encrypted data. - * @param encDataStart is the start of the encrypted data buffer. - * @param nonce is the buffer of nonce. - * @param nonceStart is the start of the nonce buffer. - * @param nonceLen is the length of the nonce buffer. - * @param authData is the authentication data buffer. - * @param authDataStart is the start of the authentication buffer. - * @param authDataLen is the length of the authentication buffer. - * @param authTag is the buffer to output authentication tag. - * @param authTagStart is the start of the buffer. - * @param authTagLen is the length of the buffer. - * @return length of the encrypted data. - */ - short aesGCMEncrypt( - KMMasterKey aesKey, - byte[] data, - short dataStart, - short dataLen, - byte[] encData, - short encDataStart, - byte[] nonce, - short nonceStart, - short nonceLen, - byte[] authData, - short authDataStart, - short authDataLen, - byte[] authTag, - short authTagStart, - short authTagLen); - /** * This is a oneshot operation that performs decryption operation using AES GCM algorithm. It throws * CryptoException if algorithm is not supported. @@ -290,6 +250,26 @@ short hmacSign( byte[] signature, short signatureStart); + /** + * This is a oneshot operation that signs the data using hmac algorithm. + * This is used to derive the key, which is used to encrypt the keyblob. + * + * @param instance of masterkey. + * @param data is the buffer containing data to be signed. + * @param dataStart is the start of the data. + * @param dataLength is the length of the data. + * @param signature is the output signature buffer + * @param signatureStart is the start of the signature + * @return length of the signature buffer in bytes. + */ + short hmacSignkdf( + KMMasterKey masterkey, + byte[] data, + short dataStart, + short dataLength, + byte[] signature, + short signatureStart); + /** * This is a oneshot operation that verifies the signature using hmac algorithm. * From eb81a270eaee3d873c23f2c7faea2c2209ba0b90 Mon Sep 17 00:00:00 2001 From: bvenkateswarlu Date: Sun, 7 Feb 2021 16:58:48 +0530 Subject: [PATCH 061/169] 1. Removed unused functions in KMAESKey.java 2. Renamed the KMSEProvider function names of hmacSign and cmacKdf --- .../keymaster/KMAndroidSEProvider.java | 4 ++-- .../android/javacard/keymaster/KMAESKey.java | 20 ------------------- .../javacard/keymaster/KMJCardSimulator.java | 4 ++-- .../javacard/keymaster/KMKeymasterApplet.java | 4 ++-- .../javacard/keymaster/KMSEProvider.java | 19 ++++++++++++++++-- 5 files changed, 23 insertions(+), 28 deletions(-) diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java index b04cb362..6a5a0671 100644 --- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java +++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java @@ -752,7 +752,7 @@ public short hmacSign(byte[] keyBuf, short keyStart, short keyLength, } @Override - public short hmacSign(KMMasterKey masterkey, byte[] data, short dataStart, + public short hmacKDF(KMMasterKey masterkey, byte[] data, short dataStart, short dataLength, byte[] signature, short signatureStart) { try { AESKey aesKey = ((KMAESKey) masterkey).getKey(); @@ -1169,7 +1169,7 @@ public KMAttestationCert getAttestationCert(boolean rsaCert) { } @Override - public short cmacKdf(KMPreSharedKey pSharedKey, byte[] label, + public short cmacKDF(KMPreSharedKey pSharedKey, byte[] label, short labelStart, short labelLen, byte[] context, short contextStart, short contextLength, byte[] keyBuf, short keyStart) { HMACKey key = cmacKdf(pSharedKey, label, labelStart, labelLen, context, diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMAESKey.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMAESKey.java index c16a8188..489d4f77 100644 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMAESKey.java +++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMAESKey.java @@ -15,8 +15,6 @@ */ package com.android.javacard.keymaster; -import org.globalplatform.upgrade.Element; - import javacard.security.AESKey; public class KMAESKey implements KMMasterKey { @@ -37,22 +35,4 @@ public byte getKey(byte[] keyData, short kOff) { public short getKeySizeBits() { return aesKey.getSize(); } - - public static void onSave(Element element, KMAESKey kmKey) { - element.write(kmKey.aesKey); - } - - public static KMAESKey onRestore(Element element) { - AESKey aesKey = (AESKey) element.readObject(); - KMAESKey kmKey = new KMAESKey(aesKey); - return kmKey; - } - - public static short getBackupPrimitiveByteCount() { - return (short) 0; - } - - public static short getBackupObjectCount() { - return (short) 1; - } } diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java index 2ef4f873..6b0596ae 100644 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java +++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java @@ -515,7 +515,7 @@ public HMACKey cmacKdf(byte[] keyMaterial, short keyMaterialStart, short keyMate } @Override - public short cmacKdf(KMPreSharedKey pSharedKey, byte[] label, + public short cmacKDF(KMPreSharedKey pSharedKey, byte[] label, short labelStart, short labelLen, byte[] context, short contextStart, short contextLength, byte[] keyBuf, short keyStart) { KMHmacKey key = (KMHmacKey) pSharedKey; short keyMaterialLen = key.getKeySizeBits(); @@ -540,7 +540,7 @@ public boolean hmacVerify(HMACKey key, byte[] data, short dataStart, short dataL } @Override - public short hmacSignkdf(KMMasterKey masterkey, byte[] data, short dataStart, + public short hmacKDF(KMMasterKey masterkey, byte[] data, short dataStart, short dataLength, byte[] signature, short signatureStart) { KMAESKey aesKey = (KMAESKey) masterkey; short keyLen = (short) (aesKey.getKeySizeBits() / 8); diff --git a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java index f7b34db5..b30e63c2 100644 --- a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java +++ b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java @@ -1032,7 +1032,7 @@ private void processComputeSharedHmacCmd(APDU apdu) { // generate the key and store it in scratch pad - 32 bytes tmpVariables[6] = - seProvider.cmacKdf( + seProvider.cmacKDF( seProvider.getPresharedKey(), ckdfLable, (short) 0, @@ -3800,7 +3800,7 @@ private static short deriveKey(byte[] scratchPad) { // 2. HMAC Sign generates an output of 32 bytes length. // Consume only first 16 bytes as derived key. // Hmac sign. - tmpVariables[3] = seProvider.hmacSignkdf( + tmpVariables[3] = seProvider.hmacKDF( seProvider.getMasterKey(), repository.getHeap(), tmpVariables[1], diff --git a/Applet/src/com/android/javacard/keymaster/KMSEProvider.java b/Applet/src/com/android/javacard/keymaster/KMSEProvider.java index 022eb6cd..a057eb9e 100644 --- a/Applet/src/com/android/javacard/keymaster/KMSEProvider.java +++ b/Applet/src/com/android/javacard/keymaster/KMSEProvider.java @@ -1,3 +1,18 @@ +/* + * Copyright(C) 2020 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" (short)0IS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package com.android.javacard.keymaster; import org.globalplatform.upgrade.Element; @@ -216,7 +231,7 @@ boolean aesGCMDecrypt( * @param keyStart is the start of the output buffer. * @return length of the derived key buffer in bytes. */ - short cmacKdf( + short cmacKDF( KMPreSharedKey hmacKey, byte[] label, short labelStart, @@ -262,7 +277,7 @@ short hmacSign( * @param signatureStart is the start of the signature * @return length of the signature buffer in bytes. */ - short hmacSignkdf( + short hmacKDF( KMMasterKey masterkey, byte[] data, short dataStart, From 56928b45ae2f4ad10aeff48fa59d49ff708aad64 Mon Sep 17 00:00:00 2001 From: BKSSMVenkateswarlu <40534495+BKSSMVenkateswarlu@users.noreply.github.com> Date: Sun, 7 Feb 2021 21:17:23 +0530 Subject: [PATCH 062/169] Update JavacardKeymaster4Device.cpp Changed the Javacard keymaster name to JavacardKeymaster4.1Device v1.0 --- HAL/keymaster/4.1/JavacardKeymaster4Device.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp b/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp index 3086e287..c9f3ab96 100644 --- a/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp +++ b/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp @@ -38,7 +38,7 @@ #include #include -#define JAVACARD_KEYMASTER_NAME "JavacardKeymaster4.1Device v0.1" +#define JAVACARD_KEYMASTER_NAME "JavacardKeymaster4.1Device v1.0" #define JAVACARD_KEYMASTER_AUTHOR "Android Open Source Project" #define APDU_CLS 0x80 From 2ee46b7557ee7909b2d399ea86ebff365af07e83 Mon Sep 17 00:00:00 2001 From: bvenkateswarlu Date: Sun, 7 Feb 2021 21:24:45 +0530 Subject: [PATCH 063/169] Added Copyright comment --- .../com/android/javacard/keymaster/KMAESKey.java | 15 +++++++++++++++ .../javacard/keymaster/KMAndroidSEApplet.java | 15 +++++++++++++++ .../javacard/keymaster/KMAttestationCertImpl.java | 15 +++++++++++++++ .../keymaster/KMEcdsa256NoDigestSignature.java | 15 +++++++++++++++ .../android/javacard/keymaster/KMInstance.java | 15 +++++++++++++++ .../javacard/keymaster/KMOperationImpl.java | 15 +++++++++++++++ .../keymaster/KMRsa2048NoDigestSignature.java | 15 +++++++++++++++ .../javacard/keymaster/KMRsaOAEPEncoding.java | 15 +++++++++++++++ .../com/android/javacard/keymaster/KMUtils.java | 15 +++++++++++++++ .../javacard/keymaster/KMAttestationCertImpl.java | 15 +++++++++++++++ .../com/android/javacard/keymaster/KMCipher.java | 15 +++++++++++++++ .../android/javacard/keymaster/KMCipherImpl.java | 15 +++++++++++++++ .../keymaster/KMEcdsa256NoDigestSignature.java | 15 +++++++++++++++ .../javacard/keymaster/KMJCardSimApplet.java | 15 +++++++++++++++ .../javacard/keymaster/KMOperationImpl.java | 15 +++++++++++++++ .../keymaster/KMRsa2048NoDigestSignature.java | 15 +++++++++++++++ .../com/android/javacard/keymaster/KMUtils.java | 15 +++++++++++++++ .../javacard/keymaster/KMAttestationCert.java | 15 +++++++++++++++ .../com/android/javacard/keymaster/KMError.java | 15 +++++++++++++++ .../android/javacard/keymaster/KMOperation.java | 15 +++++++++++++++ .../android/javacard/keymaster/KMUpgradable.java | 15 +++++++++++++++ 21 files changed, 315 insertions(+) diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAESKey.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAESKey.java index 95896b13..afdfb08e 100644 --- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAESKey.java +++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAESKey.java @@ -1,3 +1,18 @@ +/* + * Copyright(C) 2020 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" (short)0IS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package com.android.javacard.keymaster; import org.globalplatform.upgrade.Element; diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEApplet.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEApplet.java index 99dd47ce..bb6a2e86 100644 --- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEApplet.java +++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEApplet.java @@ -1,3 +1,18 @@ +/* + * Copyright(C) 2020 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" (short)0IS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package com.android.javacard.keymaster; import org.globalplatform.upgrade.Element; diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java index bf6ae9b7..6025feef 100644 --- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java +++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java @@ -1,3 +1,18 @@ +/* + * Copyright(C) 2020 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" (short)0IS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package com.android.javacard.keymaster; import com.android.javacard.keymaster.KMAESKey; diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMEcdsa256NoDigestSignature.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMEcdsa256NoDigestSignature.java index 727641c0..3f11a3b1 100644 --- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMEcdsa256NoDigestSignature.java +++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMEcdsa256NoDigestSignature.java @@ -1,3 +1,18 @@ +/* + * Copyright(C) 2020 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" (short)0IS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package com.android.javacard.keymaster; import javacard.security.CryptoException; diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMInstance.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMInstance.java index 3bf35e97..12655bc4 100644 --- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMInstance.java +++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMInstance.java @@ -1,3 +1,18 @@ +/* + * Copyright(C) 2020 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" (short)0IS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package com.android.javacard.keymaster; public class KMInstance { diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMOperationImpl.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMOperationImpl.java index 1c7ab32d..a38ee518 100644 --- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMOperationImpl.java +++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMOperationImpl.java @@ -1,3 +1,18 @@ +/* + * Copyright(C) 2020 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" (short)0IS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package com.android.javacard.keymaster; import javacard.framework.JCSystem; diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMRsa2048NoDigestSignature.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMRsa2048NoDigestSignature.java index 71c36a3d..991072e2 100644 --- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMRsa2048NoDigestSignature.java +++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMRsa2048NoDigestSignature.java @@ -1,3 +1,18 @@ +/* + * Copyright(C) 2020 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" (short)0IS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package com.android.javacard.keymaster; import javacard.framework.Util; diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMRsaOAEPEncoding.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMRsaOAEPEncoding.java index b8c7b30e..066d828f 100644 --- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMRsaOAEPEncoding.java +++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMRsaOAEPEncoding.java @@ -1,3 +1,18 @@ +/* + * Copyright(C) 2020 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" (short)0IS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package com.android.javacard.keymaster; import javacard.framework.JCSystem; diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMUtils.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMUtils.java index cb8df259..7b4352f8 100644 --- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMUtils.java +++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMUtils.java @@ -1,3 +1,18 @@ +/* + * Copyright(C) 2020 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" (short)0IS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package com.android.javacard.keymaster; import javacard.framework.Util; diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java index b89b50ca..5be20599 100644 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java +++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java @@ -1,3 +1,18 @@ +/* + * Copyright(C) 2020 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" (short)0IS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package com.android.javacard.keymaster; import javacard.framework.JCSystem; diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMCipher.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMCipher.java index 145fea9d..017a8398 100644 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMCipher.java +++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMCipher.java @@ -1,3 +1,18 @@ +/* + * Copyright(C) 2020 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" (short)0IS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package com.android.javacard.keymaster; public abstract class KMCipher { diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMCipherImpl.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMCipherImpl.java index 264b74e5..7a1df761 100644 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMCipherImpl.java +++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMCipherImpl.java @@ -1,3 +1,18 @@ +/* + * Copyright(C) 2020 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" (short)0IS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package com.android.javacard.keymaster; import javacard.framework.Util; diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMEcdsa256NoDigestSignature.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMEcdsa256NoDigestSignature.java index 242499ed..42468363 100644 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMEcdsa256NoDigestSignature.java +++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMEcdsa256NoDigestSignature.java @@ -1,3 +1,18 @@ +/* + * Copyright(C) 2020 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" (short)0IS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package com.android.javacard.keymaster; import java.math.BigInteger; diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimApplet.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimApplet.java index e1ec74f8..fd6dd910 100644 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimApplet.java +++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimApplet.java @@ -1,3 +1,18 @@ +/* + * Copyright(C) 2020 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" (short)0IS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package com.android.javacard.keymaster; public class KMJCardSimApplet extends KMKeymasterApplet { diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMOperationImpl.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMOperationImpl.java index dec071e6..78c01302 100644 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMOperationImpl.java +++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMOperationImpl.java @@ -1,3 +1,18 @@ +/* + * Copyright(C) 2020 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" (short)0IS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package com.android.javacard.keymaster; import javacard.security.Signature; diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMRsa2048NoDigestSignature.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMRsa2048NoDigestSignature.java index 3ebf5fe0..855a3104 100644 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMRsa2048NoDigestSignature.java +++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMRsa2048NoDigestSignature.java @@ -1,3 +1,18 @@ +/* + * Copyright(C) 2020 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" (short)0IS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package com.android.javacard.keymaster; import javacard.framework.Util; diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMUtils.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMUtils.java index cb8df259..7b4352f8 100644 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMUtils.java +++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMUtils.java @@ -1,3 +1,18 @@ +/* + * Copyright(C) 2020 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" (short)0IS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package com.android.javacard.keymaster; import javacard.framework.Util; diff --git a/Applet/src/com/android/javacard/keymaster/KMAttestationCert.java b/Applet/src/com/android/javacard/keymaster/KMAttestationCert.java index f3d36663..a472ff27 100644 --- a/Applet/src/com/android/javacard/keymaster/KMAttestationCert.java +++ b/Applet/src/com/android/javacard/keymaster/KMAttestationCert.java @@ -1,3 +1,18 @@ +/* + * Copyright(C) 2020 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package com.android.javacard.keymaster; /** diff --git a/Applet/src/com/android/javacard/keymaster/KMError.java b/Applet/src/com/android/javacard/keymaster/KMError.java index 85c71654..8f842236 100644 --- a/Applet/src/com/android/javacard/keymaster/KMError.java +++ b/Applet/src/com/android/javacard/keymaster/KMError.java @@ -1,3 +1,18 @@ +/* + * Copyright(C) 2020 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package com.android.javacard.keymaster; /** diff --git a/Applet/src/com/android/javacard/keymaster/KMOperation.java b/Applet/src/com/android/javacard/keymaster/KMOperation.java index 4011d7f5..8db3312b 100644 --- a/Applet/src/com/android/javacard/keymaster/KMOperation.java +++ b/Applet/src/com/android/javacard/keymaster/KMOperation.java @@ -1,3 +1,18 @@ +/* + * Copyright(C) 2020 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package com.android.javacard.keymaster; /** diff --git a/Applet/src/com/android/javacard/keymaster/KMUpgradable.java b/Applet/src/com/android/javacard/keymaster/KMUpgradable.java index e3958a67..6815374e 100644 --- a/Applet/src/com/android/javacard/keymaster/KMUpgradable.java +++ b/Applet/src/com/android/javacard/keymaster/KMUpgradable.java @@ -1,3 +1,18 @@ +/* + * Copyright(C) 2020 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" (short)0IS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package com.android.javacard.keymaster; import org.globalplatform.upgrade.Element; From 096edcb0950441494f416eda9057f09643e8e414 Mon Sep 17 00:00:00 2001 From: bvenkateswarlu Date: Sun, 7 Feb 2021 22:27:26 +0530 Subject: [PATCH 064/169] Removed commented code --- .../src/com/android/javacard/keymaster/KMEncoder.java | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/Applet/src/com/android/javacard/keymaster/KMEncoder.java b/Applet/src/com/android/javacard/keymaster/KMEncoder.java index 72f906bf..685ba468 100644 --- a/Applet/src/com/android/javacard/keymaster/KMEncoder.java +++ b/Applet/src/com/android/javacard/keymaster/KMEncoder.java @@ -363,15 +363,4 @@ private void incrementStartOff(short inc){ ISOException.throwIt(ISO7816.SW_DATA_INVALID); } } - /* - private static void print(byte[] buf, short start, short length){ - StringBuilder sb = new StringBuilder(); - for(int i = start; i < (start+length); i++){ - sb.append(String.format("%02X", buf[i])) ; - //if((i-start)%16 == 0 && (i-start) != 0) sb.append(String.format("\n")); - } - System.out.println(sb.toString()); - } - - */ } From eca6fea44e60f7f1b9b9f5b379b3b68395a934bb Mon Sep 17 00:00:00 2001 From: bvenkateswarlu Date: Mon, 8 Feb 2021 22:11:47 +0530 Subject: [PATCH 065/169] Added few debug statements Added rsaPkcs1Success test in KMFunctionalTest --- .../javacard/keymaster/KMOperationImpl.java | 12 + .../javacard/test/KMFunctionalTest.java | 222 +++++++++++++++++- .../android/javacard/keymaster/KMError.java | 176 +++++++------- .../javacard/keymaster/KMKeymasterApplet.java | 1 + 4 files changed, 313 insertions(+), 98 deletions(-) diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMOperationImpl.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMOperationImpl.java index 78c01302..8379bfae 100644 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMOperationImpl.java +++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMOperationImpl.java @@ -41,9 +41,21 @@ public short update(byte[] inputDataBuf, short inputDataStart, short inputDataLe signature.update(inputDataBuf,inputDataStart,inputDataLength); return 0; } + + + private static void print(byte[] buf, short start, short length){ + StringBuilder sb = new StringBuilder(); + for(int i = start; i < (start+length); i++){ + sb.append(String.format("%02X", buf[i])) ; + //if((i-start)%16 == 0 && (i-start) != 0) sb.append(String.format("\n")); + } + System.out.println(sb.toString()); + } + @Override public short finish(byte[] inputDataBuf, short inputDataStart, short inputDataLength, byte[] outputDataBuf, short outputDataStart) { + print(inputDataBuf, inputDataStart, inputDataLength); return cipher.doFinal(inputDataBuf,inputDataStart,inputDataLength,outputDataBuf,outputDataStart); } diff --git a/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java b/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java index 74892031..3b0797ea 100644 --- a/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java +++ b/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java @@ -41,15 +41,26 @@ import com.android.javacard.keymaster.KMRepository; import com.android.javacard.keymaster.KMType; import com.android.javacard.keymaster.KMVerificationToken; +//import com.licel.jcardsim.bouncycastle.crypto.Digest; import com.licel.jcardsim.smartcardio.CardSimulator; import com.licel.jcardsim.utils.AIDUtil; + import javacard.framework.AID; import javacard.framework.Util; +import javacard.security.KeyBuilder; +import javacard.security.KeyPair; +import javacard.security.RSAPrivateKey; +import javacard.security.RSAPublicKey; +import javacard.security.Signature; +import javacardx.crypto.Cipher; import java.security.spec.PKCS8EncodedKeySpec; +import java.util.Arrays; +import java.util.Random; import javax.smartcardio.CommandAPDU; import javax.smartcardio.ResponseAPDU; + import org.junit.Assert; import org.junit.Test; @@ -2027,6 +2038,159 @@ public void testSignWithRsaNonePkcs1(){ cleanUp(); } + public byte[] EncryptMessage(byte[] input, short params, byte[] keyBlob) { + short ret = begin(KMType.ENCRYPT, + KMByteBlob.instance(keyBlob, (short) 0, (short) keyBlob.length), + KMKeyParameters.instance(params), (short) 0); + // Get the operation handle. + short opHandle = KMArray.cast(ret).get((short) 2); + byte[] opHandleBuf = new byte[KMRepository.OPERATION_HANDLE_SIZE]; + KMInteger.cast(opHandle).getValue(opHandleBuf, (short) 0, + (short) opHandleBuf.length); + opHandle = KMInteger.uint_64(opHandleBuf, (short) 0); + + ret = finish(opHandle, + KMByteBlob.instance(input, (short) 0, (short) input.length), null, + (short) 0, (short) 0, (short) 0, KMError.OK); + short dataPtr = KMArray.cast(ret).get((short) 2); + byte[] output = new byte[KMByteBlob.cast(dataPtr).length()]; + if (KMByteBlob.cast(dataPtr).length() > 0) { + Util.arrayCopyNonAtomic(KMByteBlob.cast(dataPtr).getBuffer(), KMByteBlob + .cast(dataPtr).getStartOff(), output, (short) 0, + KMByteBlob.cast(dataPtr).length()); + } + return output; + } + + public byte[] DecryptMessage(byte[] input, short params, byte[] keyBlob) { + short ret = begin(KMType.DECRYPT, + KMByteBlob.instance(keyBlob, (short) 0, (short) keyBlob.length), + KMKeyParameters.instance(params), (short) 0); + // Get the operation handle. + short opHandle = KMArray.cast(ret).get((short) 2); + byte[] opHandleBuf = new byte[KMRepository.OPERATION_HANDLE_SIZE]; + KMInteger.cast(opHandle).getValue(opHandleBuf, (short) 0, + (short) opHandleBuf.length); + opHandle = KMInteger.uint_64(opHandleBuf, (short) 0); + + ret = finish(opHandle, + KMByteBlob.instance(input, (short) 0, (short) input.length), null, + (short) 0, (short) 0, (short) 0, KMError.OK); + short dataPtr = KMArray.cast(ret).get((short) 2); + byte[] output = new byte[KMByteBlob.cast(dataPtr).length()]; + if (KMByteBlob.cast(dataPtr).length() > 0) { + Util.arrayCopyNonAtomic(KMByteBlob.cast(dataPtr).getBuffer(), KMByteBlob + .cast(dataPtr).getStartOff(), output, (short) 0, + KMByteBlob.cast(dataPtr).length()); + } + return output; + } + + public short generateRandom(short upperBound) { + Random rand = new Random(); + short int_random = (short) rand.nextInt(upperBound); + return int_random; + } + + @Test + public void JCardTestRsaPkcs1() { + //Testing with Only Javacard APIs + byte[] message = { + 0x48, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x57, 0x6f, 0x72, 0x6c, 0x64, + 0x21 }; + for (int i = 0; i < 500; i++) { + byte[] out = new byte[256]; + byte[] dplain = new byte[256]; + KeyPair rsaKey = new KeyPair(KeyPair.ALG_RSA, KeyBuilder.LENGTH_RSA_2048); + rsaKey.genKeyPair(); + Cipher rsaCipher = Cipher.getInstance(Cipher.ALG_RSA_PKCS1, false); + RSAPublicKey key = (RSAPublicKey) rsaKey.getPublic(); + rsaCipher.init(key, Cipher.MODE_ENCRYPT); + + short outlen = rsaCipher.doFinal(message, (short) 0, + (short) message.length, out, (short) 0); + Assert.assertEquals(outlen, 256); + + RSAPrivateKey privKey = (RSAPrivateKey) rsaKey.getPrivate(); + rsaCipher.init(privKey, Cipher.MODE_DECRYPT); + short d_outlen = rsaCipher.doFinal(out, (short) 0, outlen, dplain, + (short) 0); + Assert.assertEquals(d_outlen, message.length); + byte[] plain = new byte[d_outlen]; + Util.arrayCopyNonAtomic(dplain, (short) 0, plain, (short) 0, d_outlen); + + Assert.assertTrue(Arrays.equals(message, plain)); + } + } + + @Test + public void testVtsRsaPkcs1Success() { + init(); + byte[] message = { + 0x48, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x57, 0x6f, 0x72, 0x6c, 0x64, + 0x21 }; // "Hello World!"; + for (int i = 0; i < 250; i++) { + short key = generateRsaKey(null, null); + short rsaKeyPtr = KMArray.cast(key).get((short) 1); + byte[] keyBlob = new byte[KMByteBlob.cast(rsaKeyPtr).length()]; + Util.arrayCopyNonAtomic(KMByteBlob.cast(rsaKeyPtr).getBuffer(), + KMByteBlob.cast(rsaKeyPtr).getStartOff(), keyBlob, (short) 0, + (short) keyBlob.length); + short pkcs1Params = getRsaParams(KMType.DIGEST_NONE, + KMType.RSA_PKCS1_1_5_ENCRYPT); + + byte[] cipherText1 = EncryptMessage(message, pkcs1Params, keyBlob); + Assert.assertEquals((2048 / 8), cipherText1.length); + + pkcs1Params = getRsaParams(KMType.DIGEST_NONE, + KMType.RSA_PKCS1_1_5_ENCRYPT); + byte[] cipherText2 = EncryptMessage(message, pkcs1Params, keyBlob); + Assert.assertEquals((2048 / 8), cipherText2.length); + System.out.println("stage-2"); + // PKCS1 v1.5 randomizes padding so every result should be different. + Assert.assertFalse(Arrays.equals(cipherText1, cipherText2)); + + print(cipherText1, (short) 0, (short) cipherText1.length); + pkcs1Params = getRsaParams(KMType.DIGEST_NONE, + KMType.RSA_PKCS1_1_5_ENCRYPT); + byte[] plainText = DecryptMessage(cipherText1, pkcs1Params, keyBlob); + Assert.assertTrue(Arrays.equals(message, plainText)); + + // Decrypting corrupted ciphertext should fail. + short offset_to_corrupt = generateRandom((short) cipherText1.length); + + byte corrupt_byte; + do { + corrupt_byte = (byte) generateRandom((short) 256); + } while (corrupt_byte == cipherText1[offset_to_corrupt]); + cipherText1[offset_to_corrupt] = corrupt_byte; + + pkcs1Params = getRsaParams(KMType.DIGEST_NONE, + KMType.RSA_PKCS1_1_5_ENCRYPT); + // Do Begin operation. + short ret = begin(KMType.DECRYPT, + KMByteBlob.instance(keyBlob, (short) 0, (short) keyBlob.length), + KMKeyParameters.instance(pkcs1Params), (short) 0); + System.out.println("stage-4"); + + // Get the operation handle. + short opHandle = KMArray.cast(ret).get((short) 2); + byte[] opHandleBuf = new byte[KMRepository.OPERATION_HANDLE_SIZE]; + KMInteger.cast(opHandle).getValue(opHandleBuf, (short) 0, + (short) opHandleBuf.length); + opHandle = KMInteger.uint_64(opHandleBuf, (short) 0); + System.out.println("stage-5"); + short dataPtr = KMByteBlob.instance(cipherText1, (short) 0, + (short) cipherText1.length); + // Finish should return UNKNOWN_ERROR. + ret = finish(opHandle, dataPtr, null, (short) 0, (short) 0, (short) 0, + KMError.UNKNOWN_ERROR); + System.out.println("stage-6"); + System.out.println("Count of i:" + i); + } + cleanUp(); + } + @Test public void testSignVerifyWithHmacSHA256WithUpdate(){ init(); @@ -2560,9 +2724,9 @@ public short processMessage( opHandle = KMInteger.uint_64(opHandleBuf, (short) 0); if (keyPurpose == KMType.VERIFY) { - ret = finish(opHandle, dataPtr, signature, (short) 0, (short) 0, (short) 0); + ret = finish(opHandle, dataPtr, signature, (short) 0, (short) 0, (short) 0, KMError.OK); } else { - ret = finish(opHandle, dataPtr, null, (short) 0, (short) 0, (short) 0); + ret = finish(opHandle, dataPtr, null, (short) 0, (short) 0, (short) 0, KMError.OK); } if(len >0){ dataPtr = KMArray.cast(ret).get((short)2); @@ -2610,7 +2774,34 @@ public short begin(byte keyPurpose, short keyBlob, short keyParmas, short hwToke } } - public short finish(short operationHandle, short data, byte[] signature, short inParams, short hwToken, short verToken) { + public short translateExtendedErrorCodes(short err) { + switch (err) { + case KMError.SW_CONDITIONS_NOT_SATISFIED: + case KMError.UNSUPPORTED_CLA: + case KMError.INVALID_P1P2: + case KMError.INVALID_DATA: + case KMError.CRYPTO_ILLEGAL_USE: + case KMError.CRYPTO_ILLEGAL_VALUE: + case KMError.CRYPTO_INVALID_INIT: + case KMError.CRYPTO_UNINITIALIZED_KEY: + case KMError.GENERIC_UNKNOWN_ERROR: + err = KMError.UNKNOWN_ERROR; + break; + case KMError.CRYPTO_NO_SUCH_ALGORITHM: + err = KMError.UNSUPPORTED_ALGORITHM; + break; + case KMError.UNSUPPORTED_INSTRUCTION: + case KMError.CMD_NOT_ALLOWED: + case KMError.SW_WRONG_LENGTH: + err = KMError.UNIMPLEMENTED; + break; + default: + break; + } + return err; + } + + public short finish(short operationHandle, short data, byte[] signature, short inParams, short hwToken, short verToken, short expectedErr) { if(hwToken == 0) { hwToken = KMHardwareAuthToken.instance(); } @@ -2637,16 +2828,27 @@ public short finish(short operationHandle, short data, byte[] signature, short i CommandAPDU apdu = encodeApdu((byte)INS_FINISH_OPERATION_CMD, arrPtr); // print(commandAPDU.getBytes()); ResponseAPDU response = simulator.transmitCommand(apdu); - short ret = KMArray.instance((short) 3); - short outParams = KMKeyParameters.exp(); - KMArray.cast(ret).add((short)0, KMInteger.exp()); - KMArray.cast(ret).add((short)1, outParams); - KMArray.cast(ret).add((short)2, KMByteBlob.exp()); byte[] respBuf = response.getBytes(); short len = (short) respBuf.length; + short ret; + short error; + if (expectedErr == KMError.OK) { + ret = KMArray.instance((short) 3); + short outParams = KMKeyParameters.exp(); + KMArray.cast(ret).add((short)0, KMInteger.exp()); + KMArray.cast(ret).add((short)1, outParams); + KMArray.cast(ret).add((short)2, KMByteBlob.exp()); + } else { + ret = KMInteger.exp(); + } ret = decoder.decode(ret, respBuf, (short) 0, len); - short error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); - Assert.assertEquals(error, KMError.OK); + if (expectedErr == KMError.OK) { + error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); + } else { + error = KMInteger.cast(ret).getShort(); + error = translateExtendedErrorCodes(error); + } + Assert.assertEquals(error, expectedErr); return ret; } public short update(short operationHandle, short data, short inParams, short hwToken, short verToken) { diff --git a/Applet/src/com/android/javacard/keymaster/KMError.java b/Applet/src/com/android/javacard/keymaster/KMError.java index 8f842236..83eb8c7c 100644 --- a/Applet/src/com/android/javacard/keymaster/KMError.java +++ b/Applet/src/com/android/javacard/keymaster/KMError.java @@ -20,100 +20,100 @@ * positive unlike negative values in keymaster hal. */ public class KMError { - public static short OK = 0; - public static short ROOT_OF_TRUST_ALREADY_SET = 1; - public static short UNSUPPORTED_PURPOSE = 2; - public static short INCOMPATIBLE_PURPOSE = 3; - public static short UNSUPPORTED_ALGORITHM = 4; - public static short INCOMPATIBLE_ALGORITHM = 5; - public static short UNSUPPORTED_KEY_SIZE = 6; - public static short UNSUPPORTED_BLOCK_MODE = 7; - public static short INCOMPATIBLE_BLOCK_MODE = 8; - public static short UNSUPPORTED_MAC_LENGTH = 9; - public static short UNSUPPORTED_PADDING_MODE = 10; - public static short INCOMPATIBLE_PADDING_MODE = 11; - public static short UNSUPPORTED_DIGEST = 12; - public static short INCOMPATIBLE_DIGEST = 13; - public static short INVALID_EXPIRATION_TIME = 14; - public static short INVALID_USER_ID = 15; - public static short INVALID_AUTHORIZATION_TIMEOUT = 16; - public static short UNSUPPORTED_KEY_FORMAT = 17; - public static short INCOMPATIBLE_KEY_FORMAT = 18; - public static short UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM = 19; + public static final short OK = 0; + public static final short ROOT_OF_TRUST_ALREADY_SET = 1; + public static final short UNSUPPORTED_PURPOSE = 2; + public static final short INCOMPATIBLE_PURPOSE = 3; + public static final short UNSUPPORTED_ALGORITHM = 4; + public static final short INCOMPATIBLE_ALGORITHM = 5; + public static final short UNSUPPORTED_KEY_SIZE = 6; + public static final short UNSUPPORTED_BLOCK_MODE = 7; + public static final short INCOMPATIBLE_BLOCK_MODE = 8; + public static final short UNSUPPORTED_MAC_LENGTH = 9; + public static final short UNSUPPORTED_PADDING_MODE = 10; + public static final short INCOMPATIBLE_PADDING_MODE = 11; + public static final short UNSUPPORTED_DIGEST = 12; + public static final short INCOMPATIBLE_DIGEST = 13; + public static final short INVALID_EXPIRATION_TIME = 14; + public static final short INVALID_USER_ID = 15; + public static final short INVALID_AUTHORIZATION_TIMEOUT = 16; + public static final short UNSUPPORTED_KEY_FORMAT = 17; + public static final short INCOMPATIBLE_KEY_FORMAT = 18; + public static final short UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM = 19; /** For PKCS8 & PKCS12 */ - public static short UNSUPPORTED_KEY_VERIFICATION_ALGORITHM = 20; + public static final short UNSUPPORTED_KEY_VERIFICATION_ALGORITHM = 20; /** For PKCS8 & PKCS12 */ - public static short INVALID_INPUT_LENGTH = 21; + public static final short INVALID_INPUT_LENGTH = 21; - public static short KEY_EXPORT_OPTIONS_INVALID = 22; - public static short DELEGATION_NOT_ALLOWED = 23; - public static short KEY_NOT_YET_VALID = 24; - public static short KEY_EXPIRED = 25; - public static short KEY_USER_NOT_AUTHENTICATED = 26; - public static short OUTPUT_PARAMETER_NULL = 27; - public static short INVALID_OPERATION_HANDLE = 28; - public static short INSUFFICIENT_BUFFER_SPACE = 29; - public static short VERIFICATION_FAILED = 30; - public static short TOO_MANY_OPERATIONS = 31; - public static short UNEXPECTED_NULL_POINTER = 32; - public static short INVALID_KEY_BLOB = 33; - public static short IMPORTED_KEY_NOT_ENCRYPTED = 34; - public static short IMPORTED_KEY_DECRYPTION_FAILED = 35; - public static short IMPORTED_KEY_NOT_SIGNED = 36; - public static short IMPORTED_KEY_VERIFICATION_FAILED = 37; - public static short INVALID_ARGUMENT = 38; - public static short UNSUPPORTED_TAG = 39; - public static short INVALID_TAG = 40; - public static short MEMORY_ALLOCATION_FAILED = 41; - public static short IMPORT_PARAMETER_MISMATCH = 44; - public static short SECURE_HW_ACCESS_DENIED = 45; - public static short OPERATION_CANCELLED = 46; - public static short CONCURRENT_ACCESS_CONFLICT = 47; - public static short SECURE_HW_BUSY = 48; - public static short SECURE_HW_COMMUNICATION_FAILED = 49; - public static short UNSUPPORTED_EC_FIELD = 50; - public static short MISSING_NONCE = 51; - public static short INVALID_NONCE = 52; - public static short MISSING_MAC_LENGTH = 53; - public static short KEY_RATE_LIMIT_EXCEEDED = 54; - public static short CALLER_NONCE_PROHIBITED = 55; - public static short KEY_MAX_OPS_EXCEEDED = 56; - public static short INVALID_MAC_LENGTH = 57; - public static short MISSING_MIN_MAC_LENGTH = 58; - public static short UNSUPPORTED_MIN_MAC_LENGTH = 59; - public static short UNSUPPORTED_KDF = 60; - public static short UNSUPPORTED_EC_CURVE = 61; - public static short KEY_REQUIRES_UPGRADE = 62; - public static short ATTESTATION_CHALLENGE_MISSING = 63; - public static short KEYMASTER_NOT_CONFIGURED = 64; - public static short ATTESTATION_APPLICATION_ID_MISSING = 65; - public static short CANNOT_ATTEST_IDS = 66; - public static short ROLLBACK_RESISTANCE_UNAVAILABLE = 67; - public static short HARDWARE_TYPE_UNAVAILABLE = 68; - public static short PROOF_OF_PRESENCE_REQUIRED = 69; - public static short CONCURRENT_PROOF_OF_PRESENCE_REQUESTED = 70; - public static short NO_USER_CONFIRMATION = 71; - public static short DEVICE_LOCKED = 72; - public static short EARLY_BOOT_ENDED = 73; - public static short UNIMPLEMENTED = 100; - public static short VERSION_MISMATCH = 101; - public static short UNKNOWN_ERROR = 1000; + public static final short KEY_EXPORT_OPTIONS_INVALID = 22; + public static final short DELEGATION_NOT_ALLOWED = 23; + public static final short KEY_NOT_YET_VALID = 24; + public static final short KEY_EXPIRED = 25; + public static final short KEY_USER_NOT_AUTHENTICATED = 26; + public static final short OUTPUT_PARAMETER_NULL = 27; + public static final short INVALID_OPERATION_HANDLE = 28; + public static final short INSUFFICIENT_BUFFER_SPACE = 29; + public static final short VERIFICATION_FAILED = 30; + public static final short TOO_MANY_OPERATIONS = 31; + public static final short UNEXPECTED_NULL_POINTER = 32; + public static final short INVALID_KEY_BLOB = 33; + public static final short IMPORTED_KEY_NOT_ENCRYPTED = 34; + public static final short IMPORTED_KEY_DECRYPTION_FAILED = 35; + public static final short IMPORTED_KEY_NOT_SIGNED = 36; + public static final short IMPORTED_KEY_VERIFICATION_FAILED = 37; + public static final short INVALID_ARGUMENT = 38; + public static final short UNSUPPORTED_TAG = 39; + public static final short INVALID_TAG = 40; + public static final short MEMORY_ALLOCATION_FAILED = 41; + public static final short IMPORT_PARAMETER_MISMATCH = 44; + public static final short SECURE_HW_ACCESS_DENIED = 45; + public static final short OPERATION_CANCELLED = 46; + public static final short CONCURRENT_ACCESS_CONFLICT = 47; + public static final short SECURE_HW_BUSY = 48; + public static final short SECURE_HW_COMMUNICATION_FAILED = 49; + public static final short UNSUPPORTED_EC_FIELD = 50; + public static final short MISSING_NONCE = 51; + public static final short INVALID_NONCE = 52; + public static final short MISSING_MAC_LENGTH = 53; + public static final short KEY_RATE_LIMIT_EXCEEDED = 54; + public static final short CALLER_NONCE_PROHIBITED = 55; + public static final short KEY_MAX_OPS_EXCEEDED = 56; + public static final short INVALID_MAC_LENGTH = 57; + public static final short MISSING_MIN_MAC_LENGTH = 58; + public static final short UNSUPPORTED_MIN_MAC_LENGTH = 59; + public static final short UNSUPPORTED_KDF = 60; + public static final short UNSUPPORTED_EC_CURVE = 61; + public static final short KEY_REQUIRES_UPGRADE = 62; + public static final short ATTESTATION_CHALLENGE_MISSING = 63; + public static final short KEYMASTER_NOT_CONFIGURED = 64; + public static final short ATTESTATION_APPLICATION_ID_MISSING = 65; + public static final short CANNOT_ATTEST_IDS = 66; + public static final short ROLLBACK_RESISTANCE_UNAVAILABLE = 67; + public static final short HARDWARE_TYPE_UNAVAILABLE = 68; + public static final short PROOF_OF_PRESENCE_REQUIRED = 69; + public static final short CONCURRENT_PROOF_OF_PRESENCE_REQUESTED = 70; + public static final short NO_USER_CONFIRMATION = 71; + public static final short DEVICE_LOCKED = 72; + public static final short EARLY_BOOT_ENDED = 73; + public static final short UNIMPLEMENTED = 100; + public static final short VERSION_MISMATCH = 101; + public static final short UNKNOWN_ERROR = 1000; //Extended errors - public static short SW_CONDITIONS_NOT_SATISFIED = 10001; - public static short UNSUPPORTED_CLA = 10002; - public static short INVALID_P1P2 = 10003; - public static short UNSUPPORTED_INSTRUCTION = 10004; - public static short CMD_NOT_ALLOWED = 10005; - public static short SW_WRONG_LENGTH = 10006; - public static short INVALID_DATA = 10007; + public static final short SW_CONDITIONS_NOT_SATISFIED = 10001; + public static final short UNSUPPORTED_CLA = 10002; + public static final short INVALID_P1P2 = 10003; + public static final short UNSUPPORTED_INSTRUCTION = 10004; + public static final short CMD_NOT_ALLOWED = 10005; + public static final short SW_WRONG_LENGTH = 10006; + public static final short INVALID_DATA = 10007; //Crypto errors - public static short CRYPTO_ILLEGAL_USE = 10008; - public static short CRYPTO_ILLEGAL_VALUE = 10009; - public static short CRYPTO_INVALID_INIT = 10010; - public static short CRYPTO_NO_SUCH_ALGORITHM = 10011; - public static short CRYPTO_UNINITIALIZED_KEY = 10012; + public static final short CRYPTO_ILLEGAL_USE = 10008; + public static final short CRYPTO_ILLEGAL_VALUE = 10009; + public static final short CRYPTO_INVALID_INIT = 10010; + public static final short CRYPTO_NO_SUCH_ALGORITHM = 10011; + public static final short CRYPTO_UNINITIALIZED_KEY = 10012; //Generic Unknown error. - public static short GENERIC_UNKNOWN_ERROR = 10013; + public static final short GENERIC_UNKNOWN_ERROR = 10013; } diff --git a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java index b30e63c2..284a10c2 100644 --- a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java +++ b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java @@ -1672,6 +1672,7 @@ private void finishDecryptOperation(KMOperationState op, byte[] scratchPad) { Util.arrayFillNonAtomic(scratchPad, (short) 0, (short) 256, (byte) 0); if (op.getPadding() == KMType.PADDING_NONE && len != 256) KMException.throwIt(KMError.INVALID_INPUT_LENGTH); + System.out.println("Heap Index:"+repository.alloc((short)0)); len = op.getOperation() .finish( From c7225b11b47cc01d301fffa26a491c13b15bf606 Mon Sep 17 00:00:00 2001 From: bvenkateswarlu Date: Tue, 9 Feb 2021 18:27:03 +0530 Subject: [PATCH 066/169] Fixed the issue with RSA private and public key buffer while copying --- .../keymaster/KMAndroidSEProvider.java | 23 +- .../javacard/keymaster/KMJCardSimulator.java | 208 +++++++----------- .../javacard/keymaster/KMOperationImpl.java | 12 - .../javacard/test/KMFunctionalTest.java | 39 +--- .../javacard/keymaster/KMKeymasterApplet.java | 6 +- 5 files changed, 102 insertions(+), 186 deletions(-) diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java index 6a5a0671..78b90b57 100644 --- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java +++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java @@ -112,6 +112,7 @@ public class KMAndroidSEProvider implements KMSEProvider { public static final byte KEYSIZE_128_OFFSET = 0x00; public static final byte KEYSIZE_256_OFFSET = 0x01; public static final short TMP_ARRAY_SIZE = 256; + private static final short RSA_KEY_SIZE = 256; public static final short CERT_CHAIN_MAX_SIZE = 2500;//First 2 bytes for length. final byte[] CIPHER_ALGS = { @@ -532,13 +533,27 @@ public void createAsymmetricKey(byte alg, byte[] privKeyBuf, short pubModStart, short pubModLength, short[] lengths) { switch (alg) { case KMType.RSA: + if (RSA_KEY_SIZE != privKeyLength || RSA_KEY_SIZE != pubModLength) { + CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); + } KeyPair rsaKey = createRsaKeyPair(); RSAPrivateKey privKey = (RSAPrivateKey) rsaKey.getPrivate(); - lengths[0] = privKey.getExponent(privKeyBuf, privKeyStart); - lengths[1] = privKey.getModulus(pubModBuf, pubModStart); - if (lengths[0] > privKeyLength || lengths[1] > pubModLength) { + //Copy exponent. + Util.arrayFillNonAtomic(tmpArray, (short) 0, RSA_KEY_SIZE, (byte) 0); + lengths[0] = privKey.getExponent(tmpArray, (short)0); + if (lengths[0] > privKeyLength) CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - } + Util.arrayFillNonAtomic(privKeyBuf, privKeyStart, privKeyLength, (byte)0); + Util.arrayCopyNonAtomic(tmpArray, (short)0, + privKeyBuf, (short)(privKeyStart + privKeyLength - lengths[0]), lengths[0]); + //Copy modulus + Util.arrayFillNonAtomic(tmpArray, (short) 0, RSA_KEY_SIZE, (byte) 0); + lengths[1] = privKey.getModulus(tmpArray, (short)0); + if (lengths[1] > pubModLength) + CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); + Util.arrayFillNonAtomic(pubModBuf, pubModStart, pubModLength, (byte)0); + Util.arrayCopyNonAtomic(tmpArray, (short)0, + pubModBuf, (short)(pubModStart + pubModLength - lengths[1]), lengths[1]); break; case KMType.EC: KeyPair ecKey = createECKeyPair(); diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java index 6b0596ae..d97acc6d 100644 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java +++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java @@ -72,6 +72,7 @@ public class KMJCardSimulator implements KMSEProvider { public static final short ENTROPY_POOL_SIZE = 16; // simulator does not support 256 bit aes keys public static final byte[] aesICV = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; private static final short CERT_CHAIN_MAX_SIZE = 2500;//First 2 bytes for length. + private static final short RSA_KEY_SIZE = 256; public static boolean jcardSim = false; @@ -166,9 +167,6 @@ public AESKey createAESKey(byte[] buf, short startOff, short length) { key = (AESKey) KeyBuilder.buildKey(KeyBuilder.TYPE_AES, KeyBuilder.LENGTH_AES_256, false); key.setKey(buf, (short) startOff); } - // byte[] buffer = new byte[length]; - // Util.arrayCopyNonAtomic(buf, startOff, buffer, (short)0,length); - // print("AES Key", buffer); return key; } @@ -221,13 +219,27 @@ public void createAsymmetricKey(byte alg, byte[] privKeyBuf, short privKeyStart, byte[] pubModBuf, short pubModStart, short pubModLength, short[] lengths){ switch (alg){ case KMType.RSA: + if (RSA_KEY_SIZE != privKeyLength || RSA_KEY_SIZE != pubModLength) { + CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); + } KeyPair rsaKey = createRsaKeyPair(); RSAPrivateKey privKey = (RSAPrivateKey) rsaKey.getPrivate(); - lengths[0] = privKey.getExponent(privKeyBuf,privKeyStart); - lengths[1] = privKey.getModulus(pubModBuf,pubModStart); - if(lengths[0] > privKeyLength || lengths[1] > pubModLength){ + //Copy exponent. + byte[] exp = new byte[RSA_KEY_SIZE]; + lengths[0] = privKey.getExponent(exp, (short)0); + if (lengths[0] > privKeyLength) CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - } + Util.arrayFillNonAtomic(privKeyBuf, privKeyStart, privKeyLength, (byte)0); + Util.arrayCopyNonAtomic(exp, (short)0, + privKeyBuf, (short)(privKeyStart + privKeyLength - lengths[0]), lengths[0]); + //Copy modulus + byte[] mod = new byte[RSA_KEY_SIZE]; + lengths[1] = privKey.getModulus(mod, (short)0); + if (lengths[1] > pubModLength) + CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); + Util.arrayFillNonAtomic(pubModBuf, pubModStart, pubModLength, (byte)0); + Util.arrayCopyNonAtomic(mod, (short)0, + pubModBuf, (short)(pubModStart + pubModLength - lengths[1]), lengths[1]); break; case KMType.EC: KeyPair ecKey = createECKeyPair(); @@ -312,20 +324,6 @@ public short aesGCMEncrypt( if(keyLen != 32 && keyLen != 16){ CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); } - /*byte[] keyMaterial = new byte[key]; - short keySize = 16; - if(key.getSize() == 128){ - keyMaterial = new byte[16]; - }else if(key.getSize() == 256){ - keyMaterial = new byte[32]; - keySize = 32; - } - key.getKey(keyMaterial,(short)0); - - */ - - //print("KeyMaterial Enc", keyMaterial); - //print("Authdata Enc", authData, authDataStart, authDataLen); java.security.Key aesKey = new SecretKeySpec(keyBuf,keyStart,keyLen, "AES"); // Create the cipher javax.crypto.Cipher cipher = null; @@ -402,73 +400,67 @@ public boolean aesGCMDecrypt( short authDataLen, byte[] authTag, short authTagStart, - short authTagLen) { - //Create the sun jce compliant aes key - if(keyLen != 32 && keyLen != 16){ + short authTagLen) { + // Create the sun jce compliant aes key + if (keyLen != 32 && keyLen != 16) { CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); } - /*byte[] keyMaterial = new byte[16]; - short keySize = 16; - if(key.getSize() == 128){ - keyMaterial = new byte[16]; - }else if(key.getSize() == 256){ - keyMaterial = new byte[32]; - keySize = 32; - } - key.getKey(keyMaterial,(short)0); - - */ - //print("KeyMaterial Dec", keyMaterial); - //print("Authdata Dec", authData, authDataStart, authDataLen); - java.security.Key aesKey = new SecretKeySpec(keyBuf,keyStart,keyLen, "AES"); + java.security.Key aesKey = new SecretKeySpec(keyBuf, keyStart, keyLen, + "AES"); // Create the cipher - javax.crypto.Cipher cipher = null; - try { - cipher = javax.crypto.Cipher.getInstance("AES/GCM/NoPadding", "SunJCE"); - } catch (NoSuchAlgorithmException e) { - e.printStackTrace(); - CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM); - } catch (NoSuchProviderException e) { - e.printStackTrace(); - CryptoException.throwIt(CryptoException.INVALID_INIT); - } catch (NoSuchPaddingException e) { - e.printStackTrace(); - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - } - // Copy nonce - if(nonceLen != AES_GCM_NONCE_LENGTH){ - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - } - byte[] iv = new byte[AES_GCM_NONCE_LENGTH]; - Util.arrayCopyNonAtomic(nonce,nonceStart,iv,(short)0,AES_GCM_NONCE_LENGTH); - // Init Cipher - GCMParameterSpec spec = new GCMParameterSpec(authTagLen * 8, nonce,nonceStart,AES_GCM_NONCE_LENGTH); - try { - cipher.init(javax.crypto.Cipher.DECRYPT_MODE, aesKey, spec); - } catch (InvalidKeyException e) { - e.printStackTrace(); - CryptoException.throwIt(CryptoException.INVALID_INIT); - } catch (InvalidAlgorithmParameterException e) { - e.printStackTrace(); - CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM); - } - // Create auth data - byte[] aad = new byte[authDataLen]; - Util.arrayCopyNonAtomic(authData,authDataStart,aad,(short)0,authDataLen); - cipher.updateAAD(aad); - // Append the auth tag at the end of data - byte[] inputBuf = new byte[(short)(encSecretLen + authTagLen)]; - Util.arrayCopyNonAtomic(encSecret,encSecretStart,inputBuf,(short)0,encSecretLen); - Util.arrayCopyNonAtomic(authTag,authTagStart,inputBuf,encSecretLen,authTagLen); - // Decrypt + javax.crypto.Cipher cipher = null; + try { + cipher = javax.crypto.Cipher.getInstance("AES/GCM/NoPadding", "SunJCE"); + } catch (NoSuchAlgorithmException e) { + e.printStackTrace(); + CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM); + } catch (NoSuchProviderException e) { + e.printStackTrace(); + CryptoException.throwIt(CryptoException.INVALID_INIT); + } catch (NoSuchPaddingException e) { + e.printStackTrace(); + CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); + } + // Copy nonce + if (nonceLen != AES_GCM_NONCE_LENGTH) { + CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); + } + byte[] iv = new byte[AES_GCM_NONCE_LENGTH]; + Util.arrayCopyNonAtomic(nonce, nonceStart, iv, (short) 0, + AES_GCM_NONCE_LENGTH); + // Init Cipher + GCMParameterSpec spec = new GCMParameterSpec(authTagLen * 8, nonce, + nonceStart, AES_GCM_NONCE_LENGTH); + try { + cipher.init(javax.crypto.Cipher.DECRYPT_MODE, aesKey, spec); + } catch (InvalidKeyException e) { + e.printStackTrace(); + CryptoException.throwIt(CryptoException.INVALID_INIT); + } catch (InvalidAlgorithmParameterException e) { + e.printStackTrace(); + CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM); + } + // Create auth data + byte[] aad = new byte[authDataLen]; + Util.arrayCopyNonAtomic(authData, authDataStart, aad, (short) 0, + authDataLen); + cipher.updateAAD(aad); + // Append the auth tag at the end of data + byte[] inputBuf = new byte[(short) (encSecretLen + authTagLen)]; + Util.arrayCopyNonAtomic(encSecret, encSecretStart, inputBuf, (short) 0, + encSecretLen); + Util.arrayCopyNonAtomic(authTag, authTagStart, inputBuf, encSecretLen, + authTagLen); + // Decrypt short len = 0; - byte[] outputBuf = new byte[cipher.getOutputSize((short)inputBuf.length)]; + byte[] outputBuf = new byte[cipher.getOutputSize((short) inputBuf.length)]; try { - len = (short)(cipher.doFinal(inputBuf,(short)0,(short)inputBuf.length,outputBuf,(short)0)); - }catch(AEADBadTagException e){ + len = (short) (cipher.doFinal(inputBuf, (short) 0, + (short) inputBuf.length, outputBuf, (short) 0)); + } catch (AEADBadTagException e) { e.printStackTrace(); return false; - }catch (ShortBufferException e) { + } catch (ShortBufferException e) { e.printStackTrace(); CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); } catch (IllegalBlockSizeException e) { @@ -478,8 +470,8 @@ public boolean aesGCMDecrypt( e.printStackTrace(); CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); } - //Copy the decrypted data - Util.arrayCopyNonAtomic(outputBuf, (short)0,secret,secretStart,len); + // Copy the decrypted data + Util.arrayCopyNonAtomic(outputBuf, (short) 0, secret, secretStart, len); return true; } @@ -641,50 +633,7 @@ public KMOperation initAsymmetricOperation(byte purpose, byte alg, byte padding, CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM); return null; } -/* - @Override - public short updateOperation(short opHandle, byte[] inputDataBuf, short inputDataStart, short inputDataLength, byte[] outputDataBuf, short outputDataStart) { - Object op = findOperation(opHandle); - if(op instanceof Signature ){ - ((Signature)op).update(inputDataBuf,inputDataStart,inputDataLength); - return 0; - }else{ - return ((KMCipher)op).update(inputDataBuf,inputDataStart,inputDataLength,outputDataBuf,outputDataStart); - } - } - @Override - public short finishOperation(short opHandle, byte[] inputDataBuf, short inputDataStart, short inputDataLength, byte[] outputDataBuf, short outputDataStart) { - Object op = findOperation(opHandle); - short ret = 0; - if(op instanceof Signature ){ - ret = ((Signature)op).sign(inputDataBuf,inputDataStart,inputDataLength,outputDataBuf,outputDataStart); - }else{ - ret = ((KMCipher)op).doFinal(inputDataBuf,inputDataStart,inputDataLength,outputDataBuf,outputDataStart); - } - removeOperation(opHandle); - return ret; - } - - @Override - public void abortOperation(short opHandle) { - removeOperation(opHandle); - } - - @Override - public void updateAAD(short opHandle, byte[] dataBuf, short dataStart, short dataLength) { - KMCipher aesGcm = (KMCipher) findOperation(opHandle); - aesGcm.updateAAD(dataBuf, dataStart, dataLength); - } - - @Override - public void getAESGCMOutputSize(short opHandle, short dataSize, short macLength) { - KMCipher aesGcm = (KMCipher) findOperation(opHandle); - aesGcm.getAesGcmOutputSize(dataSize, macLength); - } - */ - - public KMCipher createRsaDecipher(short padding, short digest, byte[] secret, short secretStart, short secretLength, byte[] modBuffer, short modOff, short modLength) { byte cipherAlg = mapCipherAlg(KMType.RSA, (byte)padding, (byte)0); @@ -783,12 +732,7 @@ public Signature createRsaSigner(short digest, short padding, byte[] secret, (padding == KMType.RSA_PKCS1_1_5_SIGN && digest == KMType.DIGEST_NONE)) { return createNoDigestSigner(padding,secret, secretStart, secretLength, modBuffer, modOff, modLength); - }/* - else if (padding == KMCipher.PAD_PKCS1_PSS) alg = Signature.ALG_RSA_SHA_256_PKCS1_PSS; - else if (padding == KMCipher.PAD_PKCS1) { - alg = Signature.ALG_RSA_SHA_256_PKCS1; - }else CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM); - */ + } Signature rsaSigner = Signature.getInstance((byte)alg, false); RSAPrivateKey key = (RSAPrivateKey) KeyBuilder.buildKey(KeyBuilder.TYPE_RSA_PRIVATE, KeyBuilder.LENGTH_RSA_2048, false); key.setExponent(secret,secretStart,secretLength); diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMOperationImpl.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMOperationImpl.java index 8379bfae..78c01302 100644 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMOperationImpl.java +++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMOperationImpl.java @@ -41,21 +41,9 @@ public short update(byte[] inputDataBuf, short inputDataStart, short inputDataLe signature.update(inputDataBuf,inputDataStart,inputDataLength); return 0; } - - - private static void print(byte[] buf, short start, short length){ - StringBuilder sb = new StringBuilder(); - for(int i = start; i < (start+length); i++){ - sb.append(String.format("%02X", buf[i])) ; - //if((i-start)%16 == 0 && (i-start) != 0) sb.append(String.format("\n")); - } - System.out.println(sb.toString()); - } - @Override public short finish(byte[] inputDataBuf, short inputDataStart, short inputDataLength, byte[] outputDataBuf, short outputDataStart) { - print(inputDataBuf, inputDataStart, inputDataLength); return cipher.doFinal(inputDataBuf,inputDataStart,inputDataLength,outputDataBuf,outputDataStart); } diff --git a/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java b/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java index 3b0797ea..1e946df7 100644 --- a/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java +++ b/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java @@ -2092,37 +2092,6 @@ public short generateRandom(short upperBound) { return int_random; } - @Test - public void JCardTestRsaPkcs1() { - //Testing with Only Javacard APIs - byte[] message = { - 0x48, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x57, 0x6f, 0x72, 0x6c, 0x64, - 0x21 }; - for (int i = 0; i < 500; i++) { - byte[] out = new byte[256]; - byte[] dplain = new byte[256]; - KeyPair rsaKey = new KeyPair(KeyPair.ALG_RSA, KeyBuilder.LENGTH_RSA_2048); - rsaKey.genKeyPair(); - Cipher rsaCipher = Cipher.getInstance(Cipher.ALG_RSA_PKCS1, false); - RSAPublicKey key = (RSAPublicKey) rsaKey.getPublic(); - rsaCipher.init(key, Cipher.MODE_ENCRYPT); - - short outlen = rsaCipher.doFinal(message, (short) 0, - (short) message.length, out, (short) 0); - Assert.assertEquals(outlen, 256); - - RSAPrivateKey privKey = (RSAPrivateKey) rsaKey.getPrivate(); - rsaCipher.init(privKey, Cipher.MODE_DECRYPT); - short d_outlen = rsaCipher.doFinal(out, (short) 0, outlen, dplain, - (short) 0); - Assert.assertEquals(d_outlen, message.length); - byte[] plain = new byte[d_outlen]; - Util.arrayCopyNonAtomic(dplain, (short) 0, plain, (short) 0, d_outlen); - - Assert.assertTrue(Arrays.equals(message, plain)); - } - } - @Test public void testVtsRsaPkcs1Success() { init(); @@ -2146,11 +2115,10 @@ public void testVtsRsaPkcs1Success() { KMType.RSA_PKCS1_1_5_ENCRYPT); byte[] cipherText2 = EncryptMessage(message, pkcs1Params, keyBlob); Assert.assertEquals((2048 / 8), cipherText2.length); - System.out.println("stage-2"); + // PKCS1 v1.5 randomizes padding so every result should be different. Assert.assertFalse(Arrays.equals(cipherText1, cipherText2)); - print(cipherText1, (short) 0, (short) cipherText1.length); pkcs1Params = getRsaParams(KMType.DIGEST_NONE, KMType.RSA_PKCS1_1_5_ENCRYPT); byte[] plainText = DecryptMessage(cipherText1, pkcs1Params, keyBlob); @@ -2171,7 +2139,6 @@ public void testVtsRsaPkcs1Success() { short ret = begin(KMType.DECRYPT, KMByteBlob.instance(keyBlob, (short) 0, (short) keyBlob.length), KMKeyParameters.instance(pkcs1Params), (short) 0); - System.out.println("stage-4"); // Get the operation handle. short opHandle = KMArray.cast(ret).get((short) 2); @@ -2179,14 +2146,12 @@ public void testVtsRsaPkcs1Success() { KMInteger.cast(opHandle).getValue(opHandleBuf, (short) 0, (short) opHandleBuf.length); opHandle = KMInteger.uint_64(opHandleBuf, (short) 0); - System.out.println("stage-5"); + short dataPtr = KMByteBlob.instance(cipherText1, (short) 0, (short) cipherText1.length); // Finish should return UNKNOWN_ERROR. ret = finish(opHandle, dataPtr, null, (short) 0, (short) 0, (short) 0, KMError.UNKNOWN_ERROR); - System.out.println("stage-6"); - System.out.println("Count of i:" + i); } cleanUp(); } diff --git a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java index 284a10c2..61bcf931 100644 --- a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java +++ b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java @@ -538,6 +538,11 @@ private void resetData() { data[index] = KMType.INVALID_VALUE; index++; } + index = 0; + while (index < tmpVariables.length) { + tmpVariables[index] = KMType.INVALID_VALUE; + index++; + } } /** Sends a response, may be extended response, as requested by the command. */ public static void sendOutgoing(APDU apdu) { @@ -1672,7 +1677,6 @@ private void finishDecryptOperation(KMOperationState op, byte[] scratchPad) { Util.arrayFillNonAtomic(scratchPad, (short) 0, (short) 256, (byte) 0); if (op.getPadding() == KMType.PADDING_NONE && len != 256) KMException.throwIt(KMError.INVALID_INPUT_LENGTH); - System.out.println("Heap Index:"+repository.alloc((short)0)); len = op.getOperation() .finish( From 3089115db643066155f918f7a63f912a440c644a Mon Sep 17 00:00:00 2001 From: bvenkateswarlu Date: Tue, 9 Feb 2021 20:41:30 +0530 Subject: [PATCH 067/169] Added testDesEcbPkcs7PaddingCorrupted test function --- .../javacard/test/KMFunctionalTest.java | 44 +++++++++++++++++++ 1 file changed, 44 insertions(+) diff --git a/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java b/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java index 1e946df7..2f6a9ba6 100644 --- a/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java +++ b/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java @@ -2092,6 +2092,50 @@ public short generateRandom(short upperBound) { return int_random; } + @Test + public void testDesEcbPkcs7PaddingCorrupted() { + init(); + short desKey = generateAesDesKey(KMType.DES, (short) 168, null, null, false); + short desKeyPtr = KMArray.cast(desKey).get((short) 1); + byte[] keyBlob = new byte[KMByteBlob.cast(desKeyPtr).length()]; + Util.arrayCopyNonAtomic(KMByteBlob.cast(desKeyPtr).getBuffer(), KMByteBlob + .cast(desKeyPtr).getStartOff(), keyBlob, (short) 0, + (short) keyBlob.length); + + byte[] message = { + 0x61 }; + short desPkcs7Params = getAesDesParams(KMType.DES, KMType.ECB, + KMType.PKCS7, null); + byte[] cipherText1 = EncryptMessage(message, desPkcs7Params, keyBlob); + Assert.assertEquals(8, cipherText1.length); + Assert.assertFalse(Arrays.equals(message, cipherText1)); + + // Corrupt the cipher text. + ++cipherText1[(cipherText1.length / 2)]; + + // Decrypt operation + // Begin + desPkcs7Params = getAesDesParams(KMType.DES, KMType.ECB, KMType.PKCS7, null); + + short ret = begin(KMType.DECRYPT, + KMByteBlob.instance(keyBlob, (short) 0, (short) keyBlob.length), + KMKeyParameters.instance(desPkcs7Params), (short) 0); + // Get the operation handle. + short opHandle = KMArray.cast(ret).get((short) 2); + byte[] opHandleBuf = new byte[KMRepository.OPERATION_HANDLE_SIZE]; + KMInteger.cast(opHandle).getValue(opHandleBuf, (short) 0, + (short) opHandleBuf.length); + opHandle = KMInteger.uint_64(opHandleBuf, (short) 0); + + // Finish + short dataPtr = KMByteBlob.instance(cipherText1, (short) 0, + (short) cipherText1.length); + opHandle = KMInteger.uint_64(opHandleBuf, (short) 0); + ret = finish(opHandle, dataPtr, null, (short) 0, (short) 0, (short) 0, + KMError.INVALID_ARGUMENT); + cleanUp(); + } + @Test public void testVtsRsaPkcs1Success() { init(); From 967da4d20bc91ac2a1cb6906ed74ab4fcf1cbfa2 Mon Sep 17 00:00:00 2001 From: bvenkateswarlu Date: Tue, 9 Feb 2021 23:30:58 +0530 Subject: [PATCH 068/169] Removed unused imports --- .../com/android/javacard/test/KMFunctionalTest.java | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java b/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java index 2f6a9ba6..a6308513 100644 --- a/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java +++ b/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java @@ -17,8 +17,6 @@ package com.android.javacard.test; import com.android.javacard.keymaster.KMArray; -import com.android.javacard.keymaster.KMAttestationCert; -import com.android.javacard.keymaster.KMAttestationCertImpl; import com.android.javacard.keymaster.KMBoolTag; import com.android.javacard.keymaster.KMByteBlob; import com.android.javacard.keymaster.KMByteTag; @@ -41,20 +39,11 @@ import com.android.javacard.keymaster.KMRepository; import com.android.javacard.keymaster.KMType; import com.android.javacard.keymaster.KMVerificationToken; -//import com.licel.jcardsim.bouncycastle.crypto.Digest; import com.licel.jcardsim.smartcardio.CardSimulator; import com.licel.jcardsim.utils.AIDUtil; import javacard.framework.AID; import javacard.framework.Util; -import javacard.security.KeyBuilder; -import javacard.security.KeyPair; -import javacard.security.RSAPrivateKey; -import javacard.security.RSAPublicKey; -import javacard.security.Signature; -import javacardx.crypto.Cipher; - -import java.security.spec.PKCS8EncodedKeySpec; import java.util.Arrays; import java.util.Random; From 4fe050bac88bb2a79375e7793ec8386efb734c44 Mon Sep 17 00:00:00 2001 From: bvenkateswarlu Date: Wed, 10 Feb 2021 01:11:05 +0530 Subject: [PATCH 069/169] Removed unused/commented code. --- .../keymaster/KMAttestationCertImpl.java | 21 ---------------- .../android/javacard/keymaster/KMUtils.java | 23 ------------------ .../keymaster/KMAttestationCertImpl.java | 20 ---------------- .../android/javacard/keymaster/KMCipher.java | 24 ------------------- .../javacard/keymaster/KMCipherImpl.java | 2 -- .../javacard/keymaster/KMJCardSimulator.java | 5 ---- .../android/javacard/keymaster/KMUtils.java | 23 ------------------ .../javacard/keymaster/KMKeymasterApplet.java | 16 ------------- 8 files changed, 134 deletions(-) diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java index 6025feef..637a2fba 100644 --- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java +++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java @@ -127,7 +127,6 @@ public static KMAttestationCert instance(boolean rsaCert) { } private static void init() { - // if (repo == null) repo = KMRepository.instance(); stack = null; stackPtr = 0; certStart = 0; @@ -283,7 +282,6 @@ private static void pushTbsCert(boolean rsaCert) { pushBytes(X509Subject, (short) 0, (short) X509Subject.length); pushValidity(); // issuer - der encoded - // pushBytes(repo.getCertDataBuffer(), repo.getIssuer(), repo.getIssuerLen()); pushBytes( KMByteBlob.cast(issuer).getBuffer(), KMByteBlob.cast(issuer).getStartOff(), @@ -304,23 +302,6 @@ private static void pushTbsCert(boolean rsaCert) { private static void pushExtensions() { short last = stackPtr; - // byte keyusage = 0; - // byte unusedBits = 8; - /* - if (KMEnumArrayTag.contains(KMType.PURPOSE, KMType.SIGN, hwParams)) { - keyusage = (byte) (keyusage | keyUsageSign); - unusedBits = 7; - } - if (KMEnumArrayTag.contains(KMType.PURPOSE, KMType.WRAP_KEY, hwParams)) { - keyusage = (byte) (keyusage | keyUsageKeyEncipher); - unusedBits = 5; - } - if (KMEnumArrayTag.contains(KMType.PURPOSE, KMType.DECRYPT, hwParams)) { - keyusage = (byte) (keyusage | keyUsageDataEncipher); - unusedBits = 4; - } - - */ if (keyUsage != 0) pushKeyUsage(keyUsage, unusedBits); pushKeyDescription(); pushSequenceHeader((short) (last - stackPtr)); @@ -565,7 +546,6 @@ private static void pushTag(short tag) { private static void pushRoT() { short last = stackPtr; // verified boot hash - // pushOctetString(repo.verifiedBootHash, (short) 0, (short) repo.verifiedBootHash.length); pushOctetString( KMByteBlob.cast(verifiedHash).getBuffer(), KMByteBlob.cast(verifiedHash).getStartOff(), @@ -670,7 +650,6 @@ private static void pushEnumTag(short tagId, byte val) { private static void pushIntegerTag(short tagId, byte[] buf, short start, short len) { short last = stackPtr; pushInteger(buf, start, len); - // pushIntegerHeader((short) (last - stackPtr)); pushTagIdHeader(tagId, (short) (last - stackPtr)); } // Ignore leading zeros. Only Unsigned Integers are required hence if MSB is set then add 0x00 diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMUtils.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMUtils.java index 7b4352f8..65e83415 100644 --- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMUtils.java +++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMUtils.java @@ -347,29 +347,6 @@ public static void shiftRight(byte[] buf, short start) { } } - - // num1 must be greater then or equal to num2 and both must be positive - /*private short subtractIntegers(short num1, short num2) { - short buf = - repository.alloc((short)24); byte[] scratchPad = repository.getHeap(); - Util.arrayFillNonAtomic(scratchPad, buf, (short) 24, (byte) 0); - Util.arrayCopyNonAtomic(KMInteger.cast(num1).getBuffer(), - KMInteger.cast(num1).getStartOff(), scratchPad, - (short) (buf + 8 - KMInteger.cast(num1).length()), - KMInteger.cast(num1).length()); - Util.arrayCopyNonAtomic(KMInteger.cast(num2).getBuffer(), - KMInteger.cast(num2).getStartOff(), scratchPad, - (short) (buf + 16 - KMInteger.cast(num2).length()), - KMInteger.cast(num2).length()); - if (scratchPad[buf] < 0 || scratchPad[(short) (buf + 8)] < 0) - return KMType.INVALID_VALUE; - if (Util.arrayCompare(scratchPad, buf, scratchPad, (short) (buf + 8), - (short) 8) < 1) - return KMType.INVALID_VALUE; - subtract(scratchPad, buf, (short) (buf + 8), (short) (buf + 16)); - return KMInteger.uint_64(scratchPad, (short) (buf + 16)); - }*/ - public static void add(byte[] buf, short op1, short op2, short result) { byte index = 7; byte carry = 0; diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java index 5be20599..18e67e72 100644 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java +++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java @@ -121,7 +121,6 @@ public static KMAttestationCert instance(boolean rsaCert) { } private static void init() { - // if (repo == null) repo = KMRepository.instance(); stack = null; stackPtr = 0; certStart = 0; @@ -277,7 +276,6 @@ private static void pushTbsCert(boolean rsaCert) { pushBytes(X509Subject, (short) 0, (short) X509Subject.length); pushValidity(); // issuer - der encoded - // pushBytes(repo.getCertDataBuffer(), repo.getIssuer(), repo.getIssuerLen()); pushBytes( KMByteBlob.cast(issuer).getBuffer(), KMByteBlob.cast(issuer).getStartOff(), @@ -298,23 +296,6 @@ private static void pushTbsCert(boolean rsaCert) { private static void pushExtensions() { short last = stackPtr; - // byte keyusage = 0; - // byte unusedBits = 8; - /* - if (KMEnumArrayTag.contains(KMType.PURPOSE, KMType.SIGN, hwParams)) { - keyusage = (byte) (keyusage | keyUsageSign); - unusedBits = 7; - } - if (KMEnumArrayTag.contains(KMType.PURPOSE, KMType.WRAP_KEY, hwParams)) { - keyusage = (byte) (keyusage | keyUsageKeyEncipher); - unusedBits = 5; - } - if (KMEnumArrayTag.contains(KMType.PURPOSE, KMType.DECRYPT, hwParams)) { - keyusage = (byte) (keyusage | keyUsageDataEncipher); - unusedBits = 4; - } - - */ if (keyUsage != 0) pushKeyUsage(keyUsage, unusedBits); pushKeyDescription(); pushSequenceHeader((short) (last - stackPtr)); @@ -559,7 +540,6 @@ private static void pushTag(short tag) { private static void pushRoT() { short last = stackPtr; // verified boot hash - // pushOctetString(repo.verifiedBootHash, (short) 0, (short) repo.verifiedBootHash.length); pushOctetString( KMByteBlob.cast(verifiedHash).getBuffer(), KMByteBlob.cast(verifiedHash).getStartOff(), diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMCipher.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMCipher.java index 017a8398..3e67ed5e 100644 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMCipher.java +++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMCipher.java @@ -16,30 +16,6 @@ package com.android.javacard.keymaster; public abstract class KMCipher { - /* - public static final byte CIPHER_RSA = 7; - public static final short PAD_PKCS1_OAEP = 9; - public static final short PAD_PKCS1_OAEP_SHA224 = 13; - public static final byte PAD_PKCS1_OAEP_SHA256 = 14; - public static final short PAD_PKCS1_OAEP_SHA384 = 15; - public static final short PAD_PKCS1_OAEP_SHA512 = 16; - public static final short PAD_NOPAD = 1; - public static final short PAD_PKCS1_PSS = 8; - public static final short PAD_NULL = 0; - public static final short PAD_PKCS7 = 31; // Not supported in javacard - public static final short ALG_DES_CBC_NOPAD = 1; - public static final short ALG_DES_ECB_NOPAD = 5; - public static final short ALG_AES_BLOCK_128_CBC_NOPAD= 13; - public static final short ALG_AES_BLOCK_128_ECB_NOPAD = 14; - public static final short ALG_AES_GCM = -13; - public static final short MODE_ENCRYPT = 2; - public static final short MODE_DECRYPT = 1; - public static final short PAD_PKCS1 = 7; - public static final short AES_BLOCK_SIZE = 16; - public static final short DES_BLOCK_SIZE = 8; - public static final short ALG_AES_CTR = -16; - - */ public static final short SUN_JCE = 0xE9; public abstract short doFinal(byte[] buffer, short startOff, short length, byte[] scratchPad, short i); diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMCipherImpl.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMCipherImpl.java index 7a1df761..bc07be8d 100644 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMCipherImpl.java +++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMCipherImpl.java @@ -30,7 +30,6 @@ public class KMCipherImpl extends KMCipher{ private short cipherAlg; private short padding; private short mode; - private boolean verificationFlag; private short blockMode; KMCipherImpl(Cipher c){ cipher = c; @@ -59,7 +58,6 @@ public short doFinal(byte[] buffer, short startOff, short length, byte[] scratch return (short)sunCipher.doFinal(buffer,startOff,length,scratchPad,i); } catch (AEADBadTagException e) { e.printStackTrace(); - verificationFlag = false; KMException.throwIt(KMError.VERIFICATION_FAILED); } catch (ShortBufferException e) { e.printStackTrace(); diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java index d97acc6d..664ade77 100644 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java +++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java @@ -156,7 +156,6 @@ public AESKey createAESKey(short keysize) { return createAESKey(rndNum, (short)0, (short)rndNum.length); } - // @Override public AESKey createAESKey(byte[] buf, short startOff, short length) { AESKey key = null; short keysize = (short)(length * 8); @@ -359,7 +358,6 @@ public short aesGCMEncrypt( // Create auth data byte[] aad = new byte[authDataLen]; Util.arrayCopyNonAtomic(authData,authDataStart,aad,(short)0,authDataLen); - // print("AAD", aad); cipher.updateAAD(aad); // Encrypt secret short len = 0; @@ -982,8 +980,6 @@ public KMCipher createAesGcmCipher(short mode, short tagLen, byte[] secret, shor //Create the sun jce compliant aes key byte[] keyMaterial = new byte[secretLength]; Util.arrayCopyNonAtomic(secret,secretStart,keyMaterial,(short)0,secretLength); - //print("KeyMaterial Enc", keyMaterial); - //print("Authdata Enc", authData, authDataStart, authDataLen); java.security.Key aesKey = new SecretKeySpec(keyMaterial,(short)0,keyMaterial.length, "AES"); // Create the cipher javax.crypto.Cipher cipher = null; @@ -1162,7 +1158,6 @@ public Signature createEcVerifier(short digest, byte[] pubKey, short pubKeyStart @Override public KMAttestationCert getAttestationCert(boolean rsaCert) { - //certBuilder.reset(); return KMAttestationCertImpl.instance(rsaCert); } diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMUtils.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMUtils.java index 7b4352f8..65e83415 100644 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMUtils.java +++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMUtils.java @@ -347,29 +347,6 @@ public static void shiftRight(byte[] buf, short start) { } } - - // num1 must be greater then or equal to num2 and both must be positive - /*private short subtractIntegers(short num1, short num2) { - short buf = - repository.alloc((short)24); byte[] scratchPad = repository.getHeap(); - Util.arrayFillNonAtomic(scratchPad, buf, (short) 24, (byte) 0); - Util.arrayCopyNonAtomic(KMInteger.cast(num1).getBuffer(), - KMInteger.cast(num1).getStartOff(), scratchPad, - (short) (buf + 8 - KMInteger.cast(num1).length()), - KMInteger.cast(num1).length()); - Util.arrayCopyNonAtomic(KMInteger.cast(num2).getBuffer(), - KMInteger.cast(num2).getStartOff(), scratchPad, - (short) (buf + 16 - KMInteger.cast(num2).length()), - KMInteger.cast(num2).length()); - if (scratchPad[buf] < 0 || scratchPad[(short) (buf + 8)] < 0) - return KMType.INVALID_VALUE; - if (Util.arrayCompare(scratchPad, buf, scratchPad, (short) (buf + 8), - (short) 8) < 1) - return KMType.INVALID_VALUE; - subtract(scratchPad, buf, (short) (buf + 8), (short) (buf + 16)); - return KMInteger.uint_64(scratchPad, (short) (buf + 16)); - }*/ - public static void add(byte[] buf, short op1, short op2, short result) { byte index = 7; byte carry = 0; diff --git a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java index 61bcf931..abf6e670 100644 --- a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java +++ b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java @@ -520,7 +520,6 @@ private void processDeviceLockedCmd(APDU apdu) { data[VERIFICATION_TOKEN] = KMArray.cast(tmpVariables[0]).get((short) 1); validateVerificationToken(data[VERIFICATION_TOKEN], scratchPad); short verTime = KMVerificationToken.cast(data[VERIFICATION_TOKEN]).getTimestamp(); - // short lastDeviceLockedTime = KMInteger.uint_64(repository.deviceLockedTimestamp, (short)0); short lastDeviceLockedTime = repository.getDeviceTimeStamp(); if (KMInteger.compare(verTime, lastDeviceLockedTime) > 0) { Util.arrayFillNonAtomic(scratchPad, (short) 0, (short) 8, (byte) 0); @@ -3006,7 +3005,6 @@ private void importAESKey(byte[] scratchPad) { KMException.throwIt(KMError.IMPORT_PARAMETER_MISMATCH); } } else { - // add the key size to scratch pad // add the key size to scratchPad tmpVariables[5] = KMInteger.uint_16(KMByteBlob.cast(data[SECRET]).length()); tmpVariables[6] = KMIntegerTag.instance(KMType.UINT_TAG, KMType.KEYSIZE, tmpVariables[5]); @@ -3135,26 +3133,20 @@ private void processSetBootParamsCmd(APDU apdu) { receiveIncoming(apdu); byte[] scratchPad = apdu.getBuffer(); // Argument 1 OS Version - // short osVersionExp = KMIntegerTag.exp(KMType.UINT_TAG); tmpVariables[0] = KMInteger.exp(); // Argument 2 OS Patch level - // short osPatchExp = KMIntegerTag.exp(KMType.UINT_TAG); tmpVariables[1] = KMInteger.exp(); // Argument 3 Vendor Patch level tmpVariables[2] = KMInteger.exp(); // Argument 4 Boot Patch level tmpVariables[3] = KMInteger.exp(); // Argument 5 Verified Boot Key - // short bootKeyExp = KMByteBlob.exp(); tmpVariables[4] = KMByteBlob.exp(); // Argument 6 Verified Boot Hash - // short bootHashExp = KMByteBlob.exp(); tmpVariables[5] = KMByteBlob.exp(); // Argument 7 Verified Boot State - // short bootStateExp = KMEnum.instance(KMType.VERIFIED_BOOT_STATE); tmpVariables[6] = KMEnum.instance(KMType.VERIFIED_BOOT_STATE); // Argument 8 Device Locked - // short deviceLockedExp = KMEnum.instance(KMType.DEVICE_LOCKED); tmpVariables[7] = KMEnum.instance(KMType.DEVICE_LOCKED); // Array of expected arguments short argsProto = KMArray.instance((short) 8); @@ -3171,21 +3163,13 @@ private void processSetBootParamsCmd(APDU apdu) { //reclaim memory repository.reclaimMemory(bufferLength); - // short osVersionTagPtr = KMArray.cast(args).get((short) 0); tmpVariables[0] = KMArray.cast(args).get((short) 0); - // short osPatchTagPtr = KMArray.cast(args).get((short) 1); tmpVariables[1] = KMArray.cast(args).get((short) 1); - // short vendorPatchTagPtr = KMArray.cast(args).get((short) 2); tmpVariables[2] = KMArray.cast(args).get((short) 2); - // short BootPatchTagPtr = KMArray.cast(args).get((short) 3); tmpVariables[3] = KMArray.cast(args).get((short) 3); - // short verifiedBootKeyPtr = KMArray.cast(args).get((short) 4); tmpVariables[4] = KMArray.cast(args).get((short) 4); - // short verifiedBootHashPtr = KMArray.cast(args).get((short) 5); tmpVariables[5] = KMArray.cast(args).get((short) 5); - // short verifiedBootStatePtr = KMArray.cast(args).get((short) 6); tmpVariables[6] = KMArray.cast(args).get((short) 6); - // short deviceLockedPtr = KMArray.cast(args).get((short) 7); tmpVariables[7] = KMArray.cast(args).get((short) 7); if (KMByteBlob.cast(tmpVariables[4]).length() > KMRepository.BOOT_KEY_MAX_SIZE) { KMException.throwIt(KMError.INVALID_ARGUMENT); From d4d41c607d43feabd6cdc3cae73222967c775d0c Mon Sep 17 00:00:00 2001 From: mdwivedi Date: Tue, 9 Feb 2021 13:38:57 -0800 Subject: [PATCH 070/169] Update KMInteger.java adding unsigned compare to KMInteger to remove the dependency --- .../android/javacard/keymaster/KMInteger.java | 21 ++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/Applet/src/com/android/javacard/keymaster/KMInteger.java b/Applet/src/com/android/javacard/keymaster/KMInteger.java index 18944e4d..3cc747dd 100644 --- a/Applet/src/com/android/javacard/keymaster/KMInteger.java +++ b/Applet/src/com/android/javacard/keymaster/KMInteger.java @@ -162,10 +162,29 @@ public static short compare(short num1, short num2){ KMInteger.cast(num1).getValue(repository.getHeap(),(short)(num1Buf+(short)(8-len)),len); len = KMInteger.cast(num2).length(); KMInteger.cast(num2).getValue(repository.getHeap(),(short)(num2Buf+(short)(8-len)),len); - return KMUtils.unsignedByteArrayCompare( + return KMInteger.unsignedByteArrayCompare( repository.getHeap(), num1Buf, repository.getHeap(), num2Buf, (short)8); } + + public static byte unsignedByteArrayCompare(byte[] a1, short offset1, byte[] a2, short offset2, short length) { + byte count = (byte) 0; + short val1 = (short)0; + short val2 = (short)0; + + for (; count < length; count++) { + val1 = (short) (a1[(short) (count + offset1)] & 0x00FF); + val2 = (short) (a2[(short) (count + offset2)] & 0x00FF); + + if (val1 < val2) { + return -1; + } + if (val1 > val2) { + return 1; + } + } + return 0; + } } From 8a87c80eceb365713f7b316301fd0e2b7868e850 Mon Sep 17 00:00:00 2001 From: Manish Dwivedi Date: Tue, 9 Feb 2021 23:09:53 +0000 Subject: [PATCH 071/169] move_unsigned_compare to common code --- .../android/javacard/keymaster/KMUtils.java | 47 ++++++------------- 1 file changed, 15 insertions(+), 32 deletions(-) diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMUtils.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMUtils.java index 65e83415..cdd86665 100644 --- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMUtils.java +++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMUtils.java @@ -70,17 +70,17 @@ public static short convertToDate(short time, byte[] scratchPad, (short) (8 - KMInteger.cast(time).length()), KMInteger.cast(time) .length()); // If the time is less then 1 Jan 2020 then it is an error - if (unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2020, (short) 0, + if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2020, (short) 0, (short) 8) < 0) { KMException.throwIt(KMError.INVALID_ARGUMENT); } if (utcFlag - && unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, + && KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, (short) 0, (short) 8) >= 0) { KMException.throwIt(KMError.INVALID_ARGUMENT); } - if (unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, (short) 0, + if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, (short) 0, (short) 8) < 0) { Util.arrayCopyNonAtomic(firstJan2020, (short) 0, scratchPad, (short) 8, (short) 8); @@ -96,7 +96,7 @@ && unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, (short) 8); } // divide the given time with four yrs msec count - if (unsignedByteArrayCompare(scratchPad, (short) 0, fourYrsMsec, (short) 0, + if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, fourYrsMsec, (short) 0, (short) 8) >= 0) { Util.arrayCopyNonAtomic(fourYrsMsec, (short) 0, scratchPad, (short) 8, (short) 8); @@ -116,9 +116,9 @@ && unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, // if leap year index is 0, then the number of days for the 1st year will be 366 days. // if leap year index is not 0, then the number of days for the 1st year will be 365 days. if (((leapYrIdx == 0) && - (unsignedByteArrayCompare(scratchPad, (short) 0, leapYearMsec, (short) 0,(short) 8) >= 0)) || + (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, leapYearMsec, (short) 0,(short) 8) >= 0)) || ((leapYrIdx != 0) && - (unsignedByteArrayCompare(scratchPad, (short) 0, yearMsec, (short) 0,(short) 8) >= 0))) { + (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, yearMsec, (short) 0,(short) 8) >= 0))) { for (short i = 0; i < 4; i++) { yrsCount++; if (i == leapYrIdx) { @@ -132,12 +132,12 @@ && unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, Util.arrayCopyNonAtomic(scratchPad, (short) 16, scratchPad, (short) 0, (short) 8); if (((short) (i + 1) == leapYrIdx)) { - if (unsignedByteArrayCompare(scratchPad, (short) 0, leapYearMsec, + if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, leapYearMsec, (short) 0, (short) 8) < 0) { break; } } else { - if (unsignedByteArrayCompare(scratchPad, (short) 0, yearMsec, + if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, yearMsec, (short) 0, (short) 8) < 0) { break; } @@ -152,7 +152,7 @@ && unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, yrsCount = (short) (year2051 + yrsCount); // divide the given time with one month msec count - if (unsignedByteArrayCompare(scratchPad, (short) 0, oneMonthMsec, (short) 0, + if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, oneMonthMsec, (short) 0, (short) 8) >= 0) { for (short i = 0; i < 12; i++) { if (i == 1) { @@ -175,7 +175,7 @@ && unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, (short) 8, (short) 8); } - if (unsignedByteArrayCompare(scratchPad, (short) 0, scratchPad, (short) 8, + if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, scratchPad, (short) 8, (short) 8) >= 0) { subtract(scratchPad, (short) 0, (short) 8, (short) 16); Util.arrayCopyNonAtomic(scratchPad, (short) 16, scratchPad, (short) 0, @@ -188,7 +188,7 @@ && unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, } // divide the given time with one day msec count - if (unsignedByteArrayCompare(scratchPad, (short) 0, oneDayMsec, (short) 0, + if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, oneDayMsec, (short) 0, (short) 8) >= 0) { Util.arrayCopyNonAtomic(oneDayMsec, (short) 0, scratchPad, (short) 8, (short) 8); @@ -199,7 +199,7 @@ && unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, } // divide the given time with one hour msec count - if (unsignedByteArrayCompare(scratchPad, (short) 0, oneHourMsec, (short) 0, + if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, oneHourMsec, (short) 0, (short) 8) >= 0) { Util.arrayCopyNonAtomic(oneHourMsec, (short) 0, scratchPad, (short) 8, (short) 8); @@ -209,7 +209,7 @@ && unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, } // divide the given time with one minute msec count - if (unsignedByteArrayCompare(scratchPad, (short) 0, oneMinMsec, (short) 0, + if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, oneMinMsec, (short) 0, (short) 8) >= 0) { Util.arrayCopyNonAtomic(oneMinMsec, (short) 0, scratchPad, (short) 8, (short) 8); @@ -219,7 +219,7 @@ && unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, } // divide the given time with one second msec count - if (unsignedByteArrayCompare(scratchPad, (short) 0, oneSecMsec, (short) 0, + if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, oneSecMsec, (short) 0, (short) 8) >= 0) { Util.arrayCopyNonAtomic(oneSecMsec, (short) 0, scratchPad, (short) 8, (short) 8); @@ -244,24 +244,7 @@ && unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, return KMByteBlob.instance(scratchPad, (short) 0, len); // YYYY } - public static byte unsignedByteArrayCompare(byte[] a1, short offset1, byte[] a2, short offset2, short length) { - byte count = (byte) 0; - short val1 = (short)0; - short val2 = (short)0; - for (; count < length; count++) { - val1 = (short) (a1[(short) (count + offset1)] & 0x00FF); - val2 = (short) (a2[(short) (count + offset2)] & 0x00FF); - - if (val1 < val2) { - return -1; - } - if (val1 > val2) { - return 1; - } - } - return 0; - } public static short numberToString(short number, byte[] scratchPad, short offset) { @@ -311,7 +294,7 @@ public static void copy(byte[] buf, short from, short to) { } public static byte compare(byte[] buf, short lhs, short rhs) { - return unsignedByteArrayCompare(buf, lhs, buf, rhs, (short) 8); + return KMInteger.unsignedByteArrayCompare(buf, lhs, buf, rhs, (short) 8); } public static void shiftLeft(byte[] buf, short start) { From 31abc35037cfa72187af3722ff11d422be9adb79 Mon Sep 17 00:00:00 2001 From: Manish Dwivedi Date: Tue, 9 Feb 2021 23:10:44 +0000 Subject: [PATCH 072/169] move_unsigned_compare to common code --- .../android/javacard/keymaster/KMUtils.java | 49 ++++++------------- .../android/javacard/keymaster/KMInteger.java | 1 + .../javacard/keymaster/KMKeymasterApplet.java | 4 +- 3 files changed, 18 insertions(+), 36 deletions(-) diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMUtils.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMUtils.java index 65e83415..2e72ae6d 100644 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMUtils.java +++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMUtils.java @@ -70,17 +70,17 @@ public static short convertToDate(short time, byte[] scratchPad, (short) (8 - KMInteger.cast(time).length()), KMInteger.cast(time) .length()); // If the time is less then 1 Jan 2020 then it is an error - if (unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2020, (short) 0, + if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2020, (short) 0, (short) 8) < 0) { KMException.throwIt(KMError.INVALID_ARGUMENT); } if (utcFlag - && unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, + && KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, (short) 0, (short) 8) >= 0) { KMException.throwIt(KMError.INVALID_ARGUMENT); } - if (unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, (short) 0, + if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, (short) 0, (short) 8) < 0) { Util.arrayCopyNonAtomic(firstJan2020, (short) 0, scratchPad, (short) 8, (short) 8); @@ -96,7 +96,7 @@ && unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, (short) 8); } // divide the given time with four yrs msec count - if (unsignedByteArrayCompare(scratchPad, (short) 0, fourYrsMsec, (short) 0, + if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, fourYrsMsec, (short) 0, (short) 8) >= 0) { Util.arrayCopyNonAtomic(fourYrsMsec, (short) 0, scratchPad, (short) 8, (short) 8); @@ -116,9 +116,9 @@ && unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, // if leap year index is 0, then the number of days for the 1st year will be 366 days. // if leap year index is not 0, then the number of days for the 1st year will be 365 days. if (((leapYrIdx == 0) && - (unsignedByteArrayCompare(scratchPad, (short) 0, leapYearMsec, (short) 0,(short) 8) >= 0)) || + (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, leapYearMsec, (short) 0,(short) 8) >= 0)) || ((leapYrIdx != 0) && - (unsignedByteArrayCompare(scratchPad, (short) 0, yearMsec, (short) 0,(short) 8) >= 0))) { + (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, yearMsec, (short) 0,(short) 8) >= 0))) { for (short i = 0; i < 4; i++) { yrsCount++; if (i == leapYrIdx) { @@ -132,12 +132,12 @@ && unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, Util.arrayCopyNonAtomic(scratchPad, (short) 16, scratchPad, (short) 0, (short) 8); if (((short) (i + 1) == leapYrIdx)) { - if (unsignedByteArrayCompare(scratchPad, (short) 0, leapYearMsec, + if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, leapYearMsec, (short) 0, (short) 8) < 0) { break; } } else { - if (unsignedByteArrayCompare(scratchPad, (short) 0, yearMsec, + if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, yearMsec, (short) 0, (short) 8) < 0) { break; } @@ -152,7 +152,7 @@ && unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, yrsCount = (short) (year2051 + yrsCount); // divide the given time with one month msec count - if (unsignedByteArrayCompare(scratchPad, (short) 0, oneMonthMsec, (short) 0, + if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, oneMonthMsec, (short) 0, (short) 8) >= 0) { for (short i = 0; i < 12; i++) { if (i == 1) { @@ -175,7 +175,7 @@ && unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, (short) 8, (short) 8); } - if (unsignedByteArrayCompare(scratchPad, (short) 0, scratchPad, (short) 8, + if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, scratchPad, (short) 8, (short) 8) >= 0) { subtract(scratchPad, (short) 0, (short) 8, (short) 16); Util.arrayCopyNonAtomic(scratchPad, (short) 16, scratchPad, (short) 0, @@ -188,7 +188,7 @@ && unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, } // divide the given time with one day msec count - if (unsignedByteArrayCompare(scratchPad, (short) 0, oneDayMsec, (short) 0, + if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, oneDayMsec, (short) 0, (short) 8) >= 0) { Util.arrayCopyNonAtomic(oneDayMsec, (short) 0, scratchPad, (short) 8, (short) 8); @@ -199,7 +199,7 @@ && unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, } // divide the given time with one hour msec count - if (unsignedByteArrayCompare(scratchPad, (short) 0, oneHourMsec, (short) 0, + if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, oneHourMsec, (short) 0, (short) 8) >= 0) { Util.arrayCopyNonAtomic(oneHourMsec, (short) 0, scratchPad, (short) 8, (short) 8); @@ -209,7 +209,7 @@ && unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, } // divide the given time with one minute msec count - if (unsignedByteArrayCompare(scratchPad, (short) 0, oneMinMsec, (short) 0, + if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, oneMinMsec, (short) 0, (short) 8) >= 0) { Util.arrayCopyNonAtomic(oneMinMsec, (short) 0, scratchPad, (short) 8, (short) 8); @@ -219,7 +219,7 @@ && unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, } // divide the given time with one second msec count - if (unsignedByteArrayCompare(scratchPad, (short) 0, oneSecMsec, (short) 0, + if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, oneSecMsec, (short) 0, (short) 8) >= 0) { Util.arrayCopyNonAtomic(oneSecMsec, (short) 0, scratchPad, (short) 8, (short) 8); @@ -244,25 +244,6 @@ && unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, return KMByteBlob.instance(scratchPad, (short) 0, len); // YYYY } - public static byte unsignedByteArrayCompare(byte[] a1, short offset1, byte[] a2, short offset2, short length) { - byte count = (byte) 0; - short val1 = (short)0; - short val2 = (short)0; - - for (; count < length; count++) { - val1 = (short) (a1[(short) (count + offset1)] & 0x00FF); - val2 = (short) (a2[(short) (count + offset2)] & 0x00FF); - - if (val1 < val2) { - return -1; - } - if (val1 > val2) { - return 1; - } - } - return 0; - } - public static short numberToString(short number, byte[] scratchPad, short offset) { byte zero = 0x30; @@ -311,7 +292,7 @@ public static void copy(byte[] buf, short from, short to) { } public static byte compare(byte[] buf, short lhs, short rhs) { - return unsignedByteArrayCompare(buf, lhs, buf, rhs, (short) 8); + return KMInteger.unsignedByteArrayCompare(buf, lhs, buf, rhs, (short) 8); } public static void shiftLeft(byte[] buf, short start) { diff --git a/Applet/src/com/android/javacard/keymaster/KMInteger.java b/Applet/src/com/android/javacard/keymaster/KMInteger.java index 3cc747dd..44a0779a 100644 --- a/Applet/src/com/android/javacard/keymaster/KMInteger.java +++ b/Applet/src/com/android/javacard/keymaster/KMInteger.java @@ -187,4 +187,5 @@ public static byte unsignedByteArrayCompare(byte[] a1, short offset1, byte[] a2, return 0; } + } diff --git a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java index abf6e670..0e27cdc3 100644 --- a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java +++ b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java @@ -3526,7 +3526,7 @@ private void checkVersionAndPatchLevel(byte[] scratchPad) { if (tmpVariables[0] != KMType.INVALID_VALUE) { tmpVariables[1] = repository.getOsVersion(); tmpVariables[1] = - KMUtils.unsignedByteArrayCompare( + KMInteger.unsignedByteArrayCompare( KMInteger.cast(tmpVariables[1]).getBuffer(), KMInteger.cast(tmpVariables[1]).getStartOff(), scratchPad, @@ -3545,7 +3545,7 @@ private void checkVersionAndPatchLevel(byte[] scratchPad) { if (tmpVariables[0] != KMType.INVALID_VALUE) { tmpVariables[1] = repository.getOsPatch(); tmpVariables[1] = - KMUtils.unsignedByteArrayCompare( + KMInteger.unsignedByteArrayCompare( KMInteger.cast(tmpVariables[1]).getBuffer(), KMInteger.cast(tmpVariables[1]).getStartOff(), scratchPad, From 05ffe43bf73a3c3395a6899a77327bc6bda83d82 Mon Sep 17 00:00:00 2001 From: Manish Dwivedi Date: Wed, 10 Feb 2021 04:27:50 +0000 Subject: [PATCH 073/169] code cleanup --- .../keymaster/KMAttestationCertImpl.java | 1 - .../android/javacard/keymaster/KMCipher.java | 8 --- .../KMEcdsa256NoDigestSignature.java | 12 +--- .../javacard/keymaster/KMJCardSimulator.java | 66 ++++--------------- .../keymaster/KMRsa2048NoDigestSignature.java | 2 +- .../android/javacard/keymaster/KMUtils.java | 1 - .../javacard/keymaster/KMByteBlob.java | 6 -- .../android/javacard/keymaster/KMEncoder.java | 2 - .../javacard/keymaster/KMEnumArrayTag.java | 8 --- .../android/javacard/keymaster/KMError.java | 55 +++++----------- .../javacard/keymaster/KMOperationState.java | 2 +- .../javacard/keymaster/KMSEProvider.java | 6 +- .../android/javacard/keymaster/KMType.java | 3 - 13 files changed, 37 insertions(+), 135 deletions(-) diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java index 18e67e72..23e7a067 100644 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java +++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java @@ -90,7 +90,6 @@ public class KMAttestationCertImpl implements KMAttestationCert { private static byte[] stack; private static short start; private static short length; - // private static KMRepository repo; private static short uniqueId; private static short attChallenge; private static short notBefore; diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMCipher.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMCipher.java index 3e67ed5e..a5d06a39 100644 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMCipher.java +++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMCipher.java @@ -24,19 +24,11 @@ public abstract class KMCipher { public abstract void updateAAD(byte[] buffer, short startOff, short length); - public abstract short getBlockMode(); - public abstract void setBlockMode(short mode); - public abstract short getPaddingAlgorithm(); - - public abstract short getCipherAlgorithm(); - public abstract void setPaddingAlgorithm(short alg); public abstract void setCipherAlgorithm(short alg); - public abstract short getCipherProvider(); - public abstract short getAesGcmOutputSize(short len, short macLength); } diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMEcdsa256NoDigestSignature.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMEcdsa256NoDigestSignature.java index 42468363..56b8120f 100644 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMEcdsa256NoDigestSignature.java +++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMEcdsa256NoDigestSignature.java @@ -85,18 +85,12 @@ public KMEcdsa256NoDigestSignature(byte mode, byte[] key, short keyStart, short ECPublicKey pubkey = (ECPublicKey) kf.generatePublic(pubkeyspec); sunSigner.initVerify(pubkey); } - } catch (NoSuchAlgorithmException e) { + } catch (NoSuchAlgorithmException | NoSuchProviderException e) { CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM); - } catch (NoSuchProviderException e) { - CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM); - } catch(InvalidParameterSpecException e) { - CryptoException.throwIt(CryptoException.INVALID_INIT); - } catch(InvalidKeySpecException e) { - CryptoException.throwIt(CryptoException.INVALID_INIT); - } catch(InvalidKeyException e) { + } catch(InvalidParameterSpecException | InvalidKeySpecException | InvalidKeyException e) { CryptoException.throwIt(CryptoException.INVALID_INIT); } - } + } @Override public void init(Key key, byte b) throws CryptoException { diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java index 664ade77..de5389b2 100644 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java +++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java @@ -73,9 +73,6 @@ public class KMJCardSimulator implements KMSEProvider { public static final byte[] aesICV = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; private static final short CERT_CHAIN_MAX_SIZE = 2500;//First 2 bytes for length. private static final short RSA_KEY_SIZE = 256; - - - public static boolean jcardSim = false; private static Signature kdf; private static Signature hmacSignature; @@ -117,13 +114,11 @@ public KMJCardSimulator() { jCardSimulator = this; } - public KeyPair createRsaKeyPair() { KeyPair rsaKeyPair = new KeyPair(KeyPair.ALG_RSA, KeyBuilder.LENGTH_RSA_2048); rsaKeyPair.genKeyPair(); return rsaKeyPair; } - public RSAPrivateKey createRsaKey(byte[] modBuffer, short modOff, short modLength, byte[] privBuffer, short privOff, short privLength) { @@ -132,16 +127,13 @@ public RSAPrivateKey createRsaKey(byte[] modBuffer, short modOff, short modLengt privKey.setExponent(privBuffer, privOff, privLength); privKey.setModulus(modBuffer, modOff, modLength); return privKey; - } - public KeyPair createECKeyPair() { KeyPair ecKeyPair = new KeyPair(KeyPair.ALG_EC_FP, KeyBuilder.LENGTH_EC_FP_256); ecKeyPair.genKeyPair(); return ecKeyPair; } - public ECPrivateKey createEcKey(byte[] privBuffer, short privOff, short privLength) { KeyPair ecKeyPair = new KeyPair(KeyPair.ALG_EC_FP, KeyBuilder.LENGTH_EC_FP_256); @@ -149,7 +141,6 @@ public ECPrivateKey createEcKey(byte[] privBuffer, short privOff, short privLeng privKey.setS(privBuffer,privOff, privLength); return privKey; } - public AESKey createAESKey(short keysize) { byte[] rndNum = new byte[(short) (keysize/8)]; @@ -169,13 +160,11 @@ public AESKey createAESKey(byte[] buf, short startOff, short length) { return key; } - public DESKey createTDESKey() { byte[] rndNum = new byte[24]; newRandomNumber(rndNum, (short) 0, (short)rndNum.length); return createTDESKey(rndNum, (short)0, (short)rndNum.length); } - public DESKey createTDESKey(byte[] secretBuffer, short secretOff, short secretLength) { DESKey triDesKey = @@ -183,7 +172,6 @@ public DESKey createTDESKey(byte[] secretBuffer, short secretOff, short secretLe triDesKey.setKey(secretBuffer, secretOff); return triDesKey; } - public HMACKey createHMACKey(short keysize) { if((keysize % 8 != 0) || !(keysize >= 64 && keysize <= 512)){ @@ -260,13 +248,13 @@ public void createAsymmetricKey(byte alg, byte[] privKeyBuf, short privKeyStart, public boolean importSymmetricKey(byte alg, short keysize, byte[] buf, short startOff, short length) { switch(alg){ case KMType.AES: - AESKey aesKey = createAESKey(buf,startOff,length); + createAESKey(buf,startOff,length); break; case KMType.DES: - DESKey desKey = createTDESKey(buf,startOff,length); + createTDESKey(buf,startOff,length); break; case KMType.HMAC: - HMACKey hmacKey = createHMACKey(buf,startOff,length); + createHMACKey(buf,startOff,length); break; default: CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM); @@ -279,10 +267,10 @@ public boolean importSymmetricKey(byte alg, short keysize, byte[] buf, short sta public boolean importAsymmetricKey(byte alg, byte[] privKeyBuf, short privKeyStart, short privKeyLength, byte[] pubModBuf, short pubModStart, short pubModLength) { switch (alg){ case KMType.RSA: - RSAPrivateKey rsaKey = createRsaKey(pubModBuf,pubModStart,pubModLength,privKeyBuf,privKeyStart,privKeyLength); + createRsaKey(pubModBuf,pubModStart,pubModLength,privKeyBuf,privKeyStart,privKeyLength); break; case KMType.EC: - ECPrivateKey ecPrivKey = createEcKey(privKeyBuf,privKeyStart,privKeyLength); + createEcKey(privKeyBuf,privKeyStart,privKeyLength); break; default: CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM); @@ -364,13 +352,7 @@ public short aesGCMEncrypt( byte[] outputBuf = new byte[cipher.getOutputSize(secretLen)]; try { len = (short)(cipher.doFinal(secret,secretStart,secretLen,outputBuf,(short)0)); - } catch (ShortBufferException e) { - e.printStackTrace(); - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - } catch (IllegalBlockSizeException e) { - e.printStackTrace(); - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - } catch (BadPaddingException e) { + } catch (ShortBufferException | IllegalBlockSizeException | BadPaddingException e) { e.printStackTrace(); CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); } @@ -458,13 +440,7 @@ public boolean aesGCMDecrypt( } catch (AEADBadTagException e) { e.printStackTrace(); return false; - } catch (ShortBufferException e) { - e.printStackTrace(); - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - } catch (IllegalBlockSizeException e) { - e.printStackTrace(); - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - } catch (BadPaddingException e) { + } catch (ShortBufferException | IllegalBlockSizeException | BadPaddingException e) { e.printStackTrace(); CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); } @@ -692,19 +668,10 @@ private KMCipher createRsaOAEP256Cipher(byte mode,byte digest, } catch (NoSuchAlgorithmException e) { e.printStackTrace(); CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM); - } catch (InvalidKeySpecException e) { + } catch (InvalidKeySpecException | InvalidAlgorithmParameterException | NoSuchPaddingException e) { e.printStackTrace(); CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - } catch (InvalidKeyException e) { - e.printStackTrace(); - CryptoException.throwIt(CryptoException.INVALID_INIT); - } catch (InvalidAlgorithmParameterException e) { - e.printStackTrace(); - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - } catch (NoSuchPaddingException e) { - e.printStackTrace(); - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - } catch (NoSuchProviderException e) { + } catch (InvalidKeyException | NoSuchProviderException e) { e.printStackTrace(); CryptoException.throwIt(CryptoException.INVALID_INIT); } @@ -768,13 +735,7 @@ public Signature createEcSigner(short digest, byte[] secret, short secretStart, return ecSigner; } - - public KMCipher createSymmetricCipher( - short cipherAlg, short mode, short blockMode, short padding, byte[] secret, short secretStart, short secretLength) { - return createSymmetricCipher(cipherAlg, mode, blockMode, padding, secret,secretStart,secretLength,null,(short)0,(short)0); - } - public KMCipher createSymmetricCipher(short alg, short purpose, short blockMode, short padding, byte[] secret, short secretStart, short secretLength, byte[] ivBuffer, short ivStart, short ivLength) { @@ -954,7 +915,6 @@ private KMCipher createAesCtrCipherNoPad(short mode, byte[] secret, short secret return ret; } - public Signature createHmacSignerVerifier(short purpose, short digest, byte[] secret, short secretStart, short secretLength) { short alg = Signature.ALG_HMAC_SHA_256; if(digest != KMType.SHA2_256) CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); @@ -964,7 +924,6 @@ public Signature createHmacSignerVerifier(short purpose, short digest, byte[] se hmacSignerVerifier.init(key,(byte)purpose); return hmacSignerVerifier; } - public KMCipher createAesGcmCipher(short mode, short tagLen, byte[] secret, short secretStart, short secretLength, byte[] ivBuffer, short ivStart, short ivLength) { @@ -1144,7 +1103,6 @@ public Signature createRsaVerifier(short digest, short padding, byte[] modBuffer public Signature createEcVerifier(short digest, byte[] pubKey, short pubKeyStart, short pubKeyLength) { short alg = mapSignature256Alg(KMType.EC, (byte)0); Signature ecVerifier; - //if(msgDigestAlg == MessageDigest.ALG_NULL) CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM); if(digest == KMType.DIGEST_NONE) { ecVerifier = new KMEcdsa256NoDigestSignature(Signature.MODE_VERIFY, pubKey, pubKeyStart, pubKeyLength); } else { @@ -1266,7 +1224,7 @@ public KMMasterKey createMasterKey(short keySizeBits) { getTrueRandomNumber(keyData, (short) 0, keyLen); masterKey.setKey(keyData, (short) 0); } - return (KMMasterKey) masterKey; + return masterKey; } @Override @@ -1278,7 +1236,7 @@ public KMAttestationKey createAttestationKey(byte[] keyData, short offset, attestationKey = new KMECPrivateKey(ecKeyPair); } attestationKey.setS(keyData, offset, length); - return (KMAttestationKey) attestationKey; + return attestationKey; } @Override @@ -1293,7 +1251,7 @@ public KMPreSharedKey createPresharedKey(byte[] keyData, short offset, short len preSharedKey = new KMHmacKey(key); } preSharedKey.setKey(keyData, offset, length); - return (KMPreSharedKey) preSharedKey; + return preSharedKey; } @Override diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMRsa2048NoDigestSignature.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMRsa2048NoDigestSignature.java index 855a3104..b79cfb72 100644 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMRsa2048NoDigestSignature.java +++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMRsa2048NoDigestSignature.java @@ -122,7 +122,7 @@ private boolean isValidData(byte[] buf, short start, short len) { if (padding == KMType.PADDING_NONE) { if (len > 256) return false; else if (len == 256) { - short v = KMUtils.unsignedByteArrayCompare(buf, start, rsaModulus, (short) 0, len); + short v = KMInteger.unsignedByteArrayCompare(buf, start, rsaModulus, (short) 0, len); if (v > 0) return false; } } else {//pkcs1 no digest diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMUtils.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMUtils.java index 2e72ae6d..c494bb34 100644 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMUtils.java +++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMUtils.java @@ -52,7 +52,6 @@ public class KMUtils { public static final short year2051 = 2051; public static final short year2020 = 2020; - // -------------------------------------- public static short convertToDate(short time, byte[] scratchPad, boolean utcFlag) { diff --git a/Applet/src/com/android/javacard/keymaster/KMByteBlob.java b/Applet/src/com/android/javacard/keymaster/KMByteBlob.java index 28b916db..eb065e10 100644 --- a/Applet/src/com/android/javacard/keymaster/KMByteBlob.java +++ b/Applet/src/com/android/javacard/keymaster/KMByteBlob.java @@ -115,10 +115,4 @@ public boolean isValid() { } return true; } - - public void decrementLength(short len) { - short length = Util.getShort(heap, (short) (instPtr + 1)); - length = (short) (length - len); - Util.setShort(heap, (short) (instPtr + 1), length); - } } diff --git a/Applet/src/com/android/javacard/keymaster/KMEncoder.java b/Applet/src/com/android/javacard/keymaster/KMEncoder.java index 685ba468..b4055f04 100644 --- a/Applet/src/com/android/javacard/keymaster/KMEncoder.java +++ b/Applet/src/com/android/javacard/keymaster/KMEncoder.java @@ -38,7 +38,6 @@ public class KMEncoder { private static final byte UINT64_LENGTH = (byte) 0x1B; private static final short TINY_PAYLOAD = 0x17; private static final short SHORT_PAYLOAD = 0x100; - //TODO make this static. private byte[] buffer; private short startOff; private short length; @@ -73,7 +72,6 @@ public short encode(short object, byte[] buffer, short startOff) { }else{ this.length = (short)buffer.length; } - //this.length = (short)(startOff + length); push(object); encode(); return (short)(this.startOff - startOff); diff --git a/Applet/src/com/android/javacard/keymaster/KMEnumArrayTag.java b/Applet/src/com/android/javacard/keymaster/KMEnumArrayTag.java index 37e23286..98ec05f7 100644 --- a/Applet/src/com/android/javacard/keymaster/KMEnumArrayTag.java +++ b/Applet/src/com/android/javacard/keymaster/KMEnumArrayTag.java @@ -279,12 +279,4 @@ public boolean isValidPurpose(byte alg) { } return true; } - - public boolean isValidBlockMode(byte alg) { - if (alg == KMType.AES || alg == KMType.DES) { - return true; - } else { - return false; - } - } } diff --git a/Applet/src/com/android/javacard/keymaster/KMError.java b/Applet/src/com/android/javacard/keymaster/KMError.java index 83eb8c7c..0a52da0a 100644 --- a/Applet/src/com/android/javacard/keymaster/KMError.java +++ b/Applet/src/com/android/javacard/keymaster/KMError.java @@ -21,82 +21,61 @@ */ public class KMError { public static final short OK = 0; - public static final short ROOT_OF_TRUST_ALREADY_SET = 1; + public static final short UNSUPPORTED_PURPOSE = 2; public static final short INCOMPATIBLE_PURPOSE = 3; public static final short UNSUPPORTED_ALGORITHM = 4; public static final short INCOMPATIBLE_ALGORITHM = 5; public static final short UNSUPPORTED_KEY_SIZE = 6; - public static final short UNSUPPORTED_BLOCK_MODE = 7; + public static final short INCOMPATIBLE_BLOCK_MODE = 8; public static final short UNSUPPORTED_MAC_LENGTH = 9; public static final short UNSUPPORTED_PADDING_MODE = 10; public static final short INCOMPATIBLE_PADDING_MODE = 11; public static final short UNSUPPORTED_DIGEST = 12; public static final short INCOMPATIBLE_DIGEST = 13; - public static final short INVALID_EXPIRATION_TIME = 14; - public static final short INVALID_USER_ID = 15; - public static final short INVALID_AUTHORIZATION_TIMEOUT = 16; - public static final short UNSUPPORTED_KEY_FORMAT = 17; - public static final short INCOMPATIBLE_KEY_FORMAT = 18; + public static final short UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM = 19; - /** For PKCS8 & PKCS12 */ - public static final short UNSUPPORTED_KEY_VERIFICATION_ALGORITHM = 20; - /** For PKCS8 & PKCS12 */ + + /** For PKCS8 & PKCS12 */ public static final short INVALID_INPUT_LENGTH = 21; - public static final short KEY_EXPORT_OPTIONS_INVALID = 22; - public static final short DELEGATION_NOT_ALLOWED = 23; - public static final short KEY_NOT_YET_VALID = 24; - public static final short KEY_EXPIRED = 25; + public static final short KEY_USER_NOT_AUTHENTICATED = 26; - public static final short OUTPUT_PARAMETER_NULL = 27; + public static final short INVALID_OPERATION_HANDLE = 28; - public static final short INSUFFICIENT_BUFFER_SPACE = 29; + public static final short VERIFICATION_FAILED = 30; public static final short TOO_MANY_OPERATIONS = 31; - public static final short UNEXPECTED_NULL_POINTER = 32; public static final short INVALID_KEY_BLOB = 33; - public static final short IMPORTED_KEY_NOT_ENCRYPTED = 34; - public static final short IMPORTED_KEY_DECRYPTION_FAILED = 35; - public static final short IMPORTED_KEY_NOT_SIGNED = 36; - public static final short IMPORTED_KEY_VERIFICATION_FAILED = 37; + public static final short INVALID_ARGUMENT = 38; public static final short UNSUPPORTED_TAG = 39; public static final short INVALID_TAG = 40; - public static final short MEMORY_ALLOCATION_FAILED = 41; + public static final short IMPORT_PARAMETER_MISMATCH = 44; - public static final short SECURE_HW_ACCESS_DENIED = 45; public static final short OPERATION_CANCELLED = 46; - public static final short CONCURRENT_ACCESS_CONFLICT = 47; - public static final short SECURE_HW_BUSY = 48; - public static final short SECURE_HW_COMMUNICATION_FAILED = 49; - public static final short UNSUPPORTED_EC_FIELD = 50; + public static final short MISSING_NONCE = 51; public static final short INVALID_NONCE = 52; public static final short MISSING_MAC_LENGTH = 53; - public static final short KEY_RATE_LIMIT_EXCEEDED = 54; + public static final short CALLER_NONCE_PROHIBITED = 55; - public static final short KEY_MAX_OPS_EXCEEDED = 56; + public static final short INVALID_MAC_LENGTH = 57; public static final short MISSING_MIN_MAC_LENGTH = 58; public static final short UNSUPPORTED_MIN_MAC_LENGTH = 59; - public static final short UNSUPPORTED_KDF = 60; + public static final short UNSUPPORTED_EC_CURVE = 61; public static final short KEY_REQUIRES_UPGRADE = 62; - public static final short ATTESTATION_CHALLENGE_MISSING = 63; - public static final short KEYMASTER_NOT_CONFIGURED = 64; + public static final short ATTESTATION_APPLICATION_ID_MISSING = 65; - public static final short CANNOT_ATTEST_IDS = 66; public static final short ROLLBACK_RESISTANCE_UNAVAILABLE = 67; - public static final short HARDWARE_TYPE_UNAVAILABLE = 68; - public static final short PROOF_OF_PRESENCE_REQUIRED = 69; - public static final short CONCURRENT_PROOF_OF_PRESENCE_REQUESTED = 70; - public static final short NO_USER_CONFIRMATION = 71; + public static final short DEVICE_LOCKED = 72; public static final short EARLY_BOOT_ENDED = 73; + public static final short UNIMPLEMENTED = 100; - public static final short VERSION_MISMATCH = 101; public static final short UNKNOWN_ERROR = 1000; //Extended errors diff --git a/Applet/src/com/android/javacard/keymaster/KMOperationState.java b/Applet/src/com/android/javacard/keymaster/KMOperationState.java index 6ea96941..6d033443 100644 --- a/Applet/src/com/android/javacard/keymaster/KMOperationState.java +++ b/Applet/src/com/android/javacard/keymaster/KMOperationState.java @@ -41,7 +41,7 @@ public class KMOperationState { // short type private static final byte KEY_SIZE = 6; private static final byte MAC_LENGTH = 8; - // Handle - currently this is short + private static final byte OP_HANDLE = 10; // Auth time 64 bits private static final byte AUTH_TIME = 12; diff --git a/Applet/src/com/android/javacard/keymaster/KMSEProvider.java b/Applet/src/com/android/javacard/keymaster/KMSEProvider.java index a057eb9e..0719d04b 100644 --- a/Applet/src/com/android/javacard/keymaster/KMSEProvider.java +++ b/Applet/src/com/android/javacard/keymaster/KMSEProvider.java @@ -220,7 +220,7 @@ boolean aesGCMDecrypt( * This is a oneshot operation that performs key derivation function using cmac kdf (CKDF) as * defined in android keymaster hal definition. * - * @param instance of pre-shared key. + * @param hmacKey instance of pre-shared key. * @param label is the label to be used for ckdf. * @param labelStart is the start of label. * @param labelLen is the length of the label. @@ -269,7 +269,7 @@ short hmacSign( * This is a oneshot operation that signs the data using hmac algorithm. * This is used to derive the key, which is used to encrypt the keyblob. * - * @param instance of masterkey. + * @param masterkey instance of masterkey. * @param data is the buffer containing data to be signed. * @param dataStart is the start of the data. * @param dataLength is the length of the data. @@ -344,7 +344,7 @@ short rsaDecipherOAEP256( /** * This is a oneshot operation that signs the data using EC private key. * - * @param instance of KMAttestationKey. + * @param ecPrivKey instance of KMAttestationKey. * @param inputDataBuf is the buffer of the input data. * @param inputDataStart is the start of the input data buffer. * @param inputDataLength is the length of the inpur data buffer in bytes. diff --git a/Applet/src/com/android/javacard/keymaster/KMType.java b/Applet/src/com/android/javacard/keymaster/KMType.java index 4d81de45..53442440 100644 --- a/Applet/src/com/android/javacard/keymaster/KMType.java +++ b/Applet/src/com/android/javacard/keymaster/KMType.java @@ -41,7 +41,6 @@ public abstract class KMType { public static final byte HW_AUTH_TOKEN_TYPE = 0x08; public static final byte VERIFICATION_TOKEN_TYPE = 0x09; public static final byte HMAC_SHARING_PARAM_TYPE = 0x0A; - public static final byte X509_CERT = 0x0B; // Tag Types public static final short INVALID_TAG = 0x0000; public static final short ENUM_TAG = 0x1000; @@ -51,7 +50,6 @@ public abstract class KMType { public static final short ULONG_TAG = 0x5000; public static final short DATE_TAG = 0x6000; public static final short BOOL_TAG = 0x7000; - public static final short BIGNUM_TAG = (short) 0x8000; public static final short BYTES_TAG = (short) 0x9000; public static final short ULONG_ARRAY_TAG = (short) 0xA000; public static final short TAG_TYPE_MASK = (short) 0xF000; @@ -271,7 +269,6 @@ public abstract class KMType { // Confirmation Token public static final short CONFIRMATION_TOKEN = (short) 0x03ED; - public static final short LENGTH_FROM_PDU = (short) 0xFFFF; public static final byte NO_VALUE = (byte) 0xff; From 3364e3181dd5cbab81b07c783fdec9097a1da6d4 Mon Sep 17 00:00:00 2001 From: bvenkateswarlu Date: Wed, 10 Feb 2021 20:49:57 +0530 Subject: [PATCH 074/169] Removed public key operations from Applet and provider code --- .../keymaster/KMAndroidSEProvider.java | 90 +--- .../KMEcdsa256NoDigestSignature.java | 22 +- .../javacard/keymaster/KMOperationImpl.java | 13 - .../javacard/keymaster/KMCipherImpl.java | 16 +- .../KMEcdsa256NoDigestSignature.java | 9 +- .../javacard/keymaster/KMJCardSimulator.java | 59 +-- .../keymaster/KMRsa2048NoDigestSignature.java | 3 +- .../javacard/test/KMFunctionalTest.java | 395 ++++++++++++++---- .../javacard/keymaster/KMKeymasterApplet.java | 77 +--- 9 files changed, 326 insertions(+), 358 deletions(-) diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java index 78b90b57..ac4ae426 100644 --- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java +++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java @@ -40,6 +40,8 @@ import com.android.javacard.keymaster.KMAESKey; import com.android.javacard.keymaster.KMAttestationKey; import com.android.javacard.keymaster.KMECPrivateKey; +import com.android.javacard.keymaster.KMError; +import com.android.javacard.keymaster.KMException; import com.android.javacard.keymaster.KMHmacKey; import com.android.javacard.keymaster.KMMasterKey; import com.android.javacard.keymaster.KMPreSharedKey; @@ -1018,51 +1020,6 @@ public Signature createRsaSigner(short digest, short padding, byte[] secret, return rsaSigner; } - public Signature createRsaVerifier(short digest, short padding, - byte[] modBuffer, short modOff, short modLength) { - try { - byte alg = mapSignature256Alg(KMType.RSA, (byte) padding, (byte) digest); - if (digest == KMType.DIGEST_NONE || padding == KMType.PADDING_NONE) - CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM); - - Signature rsaVerifier = getSignatureInstanceFromPool(alg); - RSAPublicKey key = (RSAPublicKey) rsaKeyPair.getPublic(); - // setExponent - Util.setShort(tmpArray, (short) 0, (short) 0x0001); - Util.setShort(tmpArray, (short) 2, (short) 0x0001); - key.setExponent(tmpArray, (short) 0, (short) 4); - key.setModulus(modBuffer, modOff, modLength); - rsaVerifier.init(key, Signature.MODE_VERIFY); - return rsaVerifier; - } finally { - clean(); - } - } - - public Cipher createRsaCipher(short padding, short digest, byte[] modBuffer, - short modOff, short modLength) { - try { - byte cipherAlg = mapCipherAlg(KMType.RSA, (byte) padding, (byte) 0, (byte)digest); - // Java Card does not support MGF1-SHA1 and digest as SHA256. - // Both digest should be SHA256 as per Java Card, but as per Keymaster - // MGF should use SHA1 and message digest should be SHA256. - if (cipherAlg == Cipher.ALG_RSA_PKCS1_OAEP) { - KMException.throwIt(KMError.UNIMPLEMENTED); - } - Cipher rsaCipher = getCipherInstanceFromPool(cipherAlg); - RSAPublicKey key = (RSAPublicKey) rsaKeyPair.getPublic(); - // setExponent - Util.setShort(tmpArray, (short) 0, (short) 0x0001); - Util.setShort(tmpArray, (short) 2, (short) 0x0001); - key.setExponent(tmpArray, (short) 0, (short) 4); - key.setModulus(modBuffer, modOff, modLength); - rsaCipher.init(key, Cipher.MODE_ENCRYPT); - return rsaCipher; - } finally { - clean(); - } - } - public Cipher createRsaDecipher(short padding, short digest, byte[] secret, short secretStart, short secretLength, byte[] modBuffer, short modOff, short modLength) { @@ -1086,17 +1043,6 @@ public Signature createEcSigner(short digest, byte[] secret, return ecSigner; } - public Signature createEcVerifier(short digest, byte[] pubKey, - short pubKeyStart, short pubKeyLength) { - byte alg = mapSignature256Alg(KMType.EC, (byte) 0, (byte) digest); - Signature ecVerifier = null; - ECPublicKey key = (ECPublicKey) ecKeyPair.getPublic(); - key.setW(pubKey, pubKeyStart, pubKeyLength); - ecVerifier = getSignatureInstanceFromPool(alg); - ecVerifier.init(key, Signature.MODE_VERIFY); - return ecVerifier; - } - @Override public KMOperation initAsymmetricOperation(byte purpose, byte alg, byte padding, byte digest, byte[] privKeyBuf, short privKeyStart, @@ -1116,28 +1062,6 @@ public KMOperation initAsymmetricOperation(byte purpose, byte alg, opr.setMode(purpose); JCSystem.commitTransaction(); break; - case KMType.VERIFY: - Signature verifier = createRsaVerifier(digest, padding, pubModBuf, - pubModStart, pubModLength); - opr = getOperationInstanceFromPool(); - JCSystem.beginTransaction(); - opr.setSignature(verifier); - opr.setCipherAlgorithm(alg); - opr.setPaddingAlgorithm(padding); - opr.setMode(purpose); - JCSystem.commitTransaction(); - break; - case KMType.ENCRYPT: - Cipher cipher = createRsaCipher(padding, digest, pubModBuf, - pubModStart, pubModLength); - opr = getOperationInstanceFromPool(); - JCSystem.beginTransaction(); - opr.setCipher(cipher); - opr.setCipherAlgorithm(alg); - opr.setPaddingAlgorithm(padding); - opr.setMode(purpose); - JCSystem.commitTransaction(); - break; case KMType.DECRYPT: Cipher decipher = createRsaDecipher(padding, digest, privKeyBuf, privKeyStart, privKeyLength, pubModBuf, pubModStart, pubModLength); @@ -1150,6 +1074,7 @@ public KMOperation initAsymmetricOperation(byte purpose, byte alg, JCSystem.commitTransaction(); break; default: + KMException.throwIt(KMError.UNSUPPORTED_PURPOSE); break; } } else if (alg == KMType.EC) { @@ -1162,13 +1087,8 @@ public KMOperation initAsymmetricOperation(byte purpose, byte alg, opr.setSignature(signer); JCSystem.commitTransaction(); break; - case KMType.VERIFY: - Signature verifier = createEcVerifier(digest, pubModBuf, pubModStart, - pubModLength); - opr = getOperationInstanceFromPool(); - JCSystem.beginTransaction(); - opr.setSignature(verifier); - JCSystem.commitTransaction(); + default: + KMException.throwIt(KMError.UNSUPPORTED_PURPOSE); break; } } else { diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMEcdsa256NoDigestSignature.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMEcdsa256NoDigestSignature.java index 3f11a3b1..51ac435b 100644 --- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMEcdsa256NoDigestSignature.java +++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMEcdsa256NoDigestSignature.java @@ -112,28 +112,14 @@ public short signPreComputedHash(byte[] bytes, short i, short i1, @Override public boolean verify(byte[] bytes, short i, short i1, byte[] bytes1, short i2, short i3) throws CryptoException { - try { - if (i1 > MAX_NO_DIGEST_MSG_LEN) - CryptoException.throwIt(CryptoException.ILLEGAL_USE); - // add zeros to the left - if (i1 < MAX_NO_DIGEST_MSG_LEN) { - Util.arrayFillNonAtomic(KMAndroidSEProvider.getInstance().tmpArray, - (short) 0, (short) MAX_NO_DIGEST_MSG_LEN, (byte) 0); - } - Util.arrayCopyNonAtomic(bytes, i, - KMAndroidSEProvider.getInstance().tmpArray, - (short) (MAX_NO_DIGEST_MSG_LEN - i1), i1); - return inst.verifyPreComputedHash( - KMAndroidSEProvider.getInstance().tmpArray, (short) 0, - (short) MAX_NO_DIGEST_MSG_LEN, bytes1, i2, i3); - } finally { - KMAndroidSEProvider.getInstance().clean(); - } + //Verification is handled inside HAL + return false; } @Override public boolean verifyPreComputedHash(byte[] bytes, short i, short i1, byte[] bytes1, short i2, short i3) throws CryptoException { - return inst.verify(bytes, i, i1, bytes1, i2, i3); + //Verification is handled inside HAL + return false; } } \ No newline at end of file diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMOperationImpl.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMOperationImpl.java index a38ee518..0eb7c4e7 100644 --- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMOperationImpl.java +++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMOperationImpl.java @@ -125,19 +125,6 @@ public short finish(byte[] inputDataBuf, short inputDataStart, if (mode == KMType.DECRYPT) { inputDataLen = (short) (inputDataLen - macLength); } - } else if (cipherAlg == KMType.RSA && padding == KMType.PADDING_NONE && - mode == KMType.ENCRYPT) { - // Length cannot be greater then key size according to Java Card - if (inputDataLen > 256) - KMException.throwIt(KMError.INVALID_INPUT_LENGTH); - // make input equal to 255 bytes - Util.arrayFillNonAtomic(tmpArray, (short) 0, (short) 256, (byte) 0); - Util.arrayCopyNonAtomic(inputDataBuf, inputDataStart, tmpArray, - (short) (256 - inputDataLen), inputDataLen); - inputDataStart = 0; - inputDataLen = 256; - inputDataBuf = tmpArray; - } else if ((cipherAlg == KMType.DES || cipherAlg == KMType.AES) && padding == KMType.PKCS7 && mode == KMType.ENCRYPT) { byte blkSize = 16; diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMCipherImpl.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMCipherImpl.java index bc07be8d..95e5cb83 100644 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMCipherImpl.java +++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMCipherImpl.java @@ -81,21 +81,7 @@ public short doFinal(byte[] buffer, short startOff, short length, byte[] scratch CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); } } else{ - if(cipherAlg == KMType.RSA && padding == KMType.PADDING_NONE && mode == KMType.ENCRYPT ){ - // Length cannot be greater then key size according to JcardSim - if(length >= 256) KMException.throwIt(KMError.INVALID_INPUT_LENGTH); - // make input equal to 255 bytes - byte[] tmp = new byte[255]; - Util.arrayFillNonAtomic(tmp,(short)0,(short)255, (byte)0); - Util.arrayCopyNonAtomic( - buffer, - startOff, - tmp, (short)(255 - length),length); - startOff = 0; - length = 255; - buffer = tmp; - - }else if((cipherAlg == KMType.DES || cipherAlg == KMType.AES) && padding ==KMType.PKCS7 && mode == KMType.ENCRYPT){ + if((cipherAlg == KMType.DES || cipherAlg == KMType.AES) && padding ==KMType.PKCS7 && mode == KMType.ENCRYPT){ byte blkSize = 16; byte paddingBytes; short len = length; diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMEcdsa256NoDigestSignature.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMEcdsa256NoDigestSignature.java index 42468363..904353b1 100644 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMEcdsa256NoDigestSignature.java +++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMEcdsa256NoDigestSignature.java @@ -173,14 +173,7 @@ public short signPreComputedHash(byte[] bytes, short i, short i1, byte[] bytes1, @Override public boolean verify(byte[] bytes, short i, short i1, byte[] bytes1, short i2, short i3) throws CryptoException { - // Cannot support this method as javacard cipher api does not allow 256 byte for public key - // encryption without padding. It only allows 255 bytes data. - try { - update(bytes, i , i1); - return sunSigner.verify(bytes1, i2, i3); - } catch (SignatureException e) { - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - } + // Public key operations not handled here. return false; } diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java index 664ade77..0dad8f77 100644 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java +++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java @@ -605,17 +605,13 @@ public KMOperation initAsymmetricOperation(byte purpose, byte alg, byte padding, pubModStart, pubModLength); return new KMOperationImpl(signer); - case KMType.VERIFY: - Signature verifier = createRsaVerifier(digest, padding, pubModBuf, pubModStart, pubModLength); - return new KMOperationImpl(verifier); - case KMType.ENCRYPT: - KMCipher cipher = createRsaCipher(padding, digest, pubModBuf, pubModStart, pubModLength); - return new KMOperationImpl(cipher); case KMType.DECRYPT: KMCipher decipher = createRsaDecipher( padding, digest, privKeyBuf, privKeyStart, privKeyLength, pubModBuf, pubModStart, pubModLength); return new KMOperationImpl(decipher); + default: + KMException.throwIt(KMError.UNSUPPORTED_PURPOSE); } }else if(alg == KMType.EC){ switch(purpose){ @@ -623,9 +619,8 @@ public KMOperation initAsymmetricOperation(byte purpose, byte alg, byte padding, Signature signer = createEcSigner(digest,privKeyBuf,privKeyStart,privKeyLength); return new KMOperationImpl(signer); - case KMType.VERIFY: - Signature verifier = createEcVerifier(digest,pubModBuf,pubModStart,pubModLength); - return new KMOperationImpl(verifier); + default: + KMException.throwIt(KMError.UNSUPPORTED_PURPOSE); } } CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM); @@ -1110,52 +1105,6 @@ public void addRngEntropy(byte[] num, short offset, short length) { } } - - public KMCipher createRsaCipher(short padding, short digest, byte[] modBuffer, short modOff, short modLength) { - byte cipherAlg = mapCipherAlg(KMType.RSA, (byte)padding, (byte)0); - if (cipherAlg == Cipher.ALG_RSA_PKCS1_OAEP) { - return createRsaOAEP256Cipher(KMType.ENCRYPT, (byte)digest, null,(short)0,(short)0,modBuffer,modOff,modLength); - } - Cipher rsaCipher = Cipher.getInstance(cipherAlg,false); - RSAPublicKey key = (RSAPublicKey) KeyBuilder.buildKey(KeyBuilder.TYPE_RSA_PUBLIC, KeyBuilder.LENGTH_RSA_2048, false); - byte[] exponent = new byte[]{0x01,0x00,0x01}; - key.setExponent(exponent,(short)0,(short)3); - key.setModulus(modBuffer, modOff, modLength); - rsaCipher.init(key,Cipher.MODE_ENCRYPT); - KMCipherImpl inst = new KMCipherImpl(rsaCipher); - inst.setCipherAlgorithm(KMType.RSA); - inst.setMode(KMType.ENCRYPT); - inst.setPaddingAlgorithm(padding); - return inst; - } - - public Signature createRsaVerifier(short digest, short padding, byte[] modBuffer, short modOff, short modLength) { - short alg = mapSignature256Alg(KMType.RSA,(byte)padding); - if(digest == KMType.DIGEST_NONE || padding == KMType.PADDING_NONE) CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM); - Signature rsaVerifier = Signature.getInstance((byte)alg, false); - RSAPublicKey key = (RSAPublicKey) KeyBuilder.buildKey(KeyBuilder.TYPE_RSA_PUBLIC, KeyBuilder.LENGTH_RSA_2048, false); - byte[] exponent = new byte[]{0x01,0x00,0x01}; - key.setExponent(exponent,(short)0,(short)3); - key.setModulus(modBuffer, modOff, modLength); - rsaVerifier.init(key,Signature.MODE_VERIFY); - return rsaVerifier; - } - - public Signature createEcVerifier(short digest, byte[] pubKey, short pubKeyStart, short pubKeyLength) { - short alg = mapSignature256Alg(KMType.EC, (byte)0); - Signature ecVerifier; - //if(msgDigestAlg == MessageDigest.ALG_NULL) CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM); - if(digest == KMType.DIGEST_NONE) { - ecVerifier = new KMEcdsa256NoDigestSignature(Signature.MODE_VERIFY, pubKey, pubKeyStart, pubKeyLength); - } else { - ECPublicKey key = (ECPublicKey) KeyBuilder.buildKey(KeyBuilder.TYPE_EC_FP_PUBLIC, KeyBuilder.LENGTH_EC_FP_256, false); - key.setW(pubKey,pubKeyStart,pubKeyLength); - ecVerifier = Signature.getInstance((byte)alg,false); - ecVerifier.init(key,Signature.MODE_VERIFY); - } - return ecVerifier; - } - @Override public KMAttestationCert getAttestationCert(boolean rsaCert) { return KMAttestationCertImpl.instance(rsaCert); diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMRsa2048NoDigestSignature.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMRsa2048NoDigestSignature.java index 855a3104..fc953d73 100644 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMRsa2048NoDigestSignature.java +++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMRsa2048NoDigestSignature.java @@ -89,8 +89,7 @@ public short signPreComputedHash(byte[] bytes, short i, short i1, byte[] bytes1, @Override public boolean verify(byte[] bytes, short i, short i1, byte[] bytes1, short i2, short i3) throws CryptoException { - // Cannot support this method as javacard cipher api does not allow 256 byte for public key - // encryption without padding. It only allows 255 bytes data. + // Public key operations not handled here. return false; } diff --git a/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java b/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java index a6308513..ec5a1b54 100644 --- a/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java +++ b/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java @@ -20,6 +20,8 @@ import com.android.javacard.keymaster.KMBoolTag; import com.android.javacard.keymaster.KMByteBlob; import com.android.javacard.keymaster.KMByteTag; +import com.android.javacard.keymaster.KMEcdsa256NoDigestSignature; +import com.android.javacard.keymaster.KMException; import com.android.javacard.keymaster.KMJCardSimApplet; import com.android.javacard.keymaster.KMJCardSimulator; import com.android.javacard.keymaster.KMSEProvider; @@ -43,10 +45,44 @@ import com.licel.jcardsim.utils.AIDUtil; import javacard.framework.AID; +import javacard.framework.ISOException; import javacard.framework.Util; +import javacard.security.CryptoException; +import javacard.security.ECPrivateKey; +import javacard.security.ECPublicKey; +import javacard.security.KeyBuilder; +import javacard.security.KeyPair; +import javacard.security.RSAPrivateKey; +import javacard.security.RSAPublicKey; +import javacard.security.Signature; +import javacardx.crypto.Cipher; + +import java.math.BigInteger; +import java.security.AlgorithmParameters; +import java.security.InvalidAlgorithmParameterException; +import java.security.InvalidKeyException; +import java.security.KeyFactory; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.SignatureException; +import java.security.spec.ECGenParameterSpec; +import java.security.spec.ECParameterSpec; +import java.security.spec.ECPoint; +import java.security.spec.ECPrivateKeySpec; +import java.security.spec.ECPublicKeySpec; +import java.security.spec.InvalidKeySpecException; +import java.security.spec.InvalidParameterSpecException; +import java.security.spec.MGF1ParameterSpec; +import java.security.spec.RSAPrivateKeySpec; +import java.security.spec.RSAPublicKeySpec; import java.util.Arrays; import java.util.Random; +import javax.crypto.BadPaddingException; +import javax.crypto.IllegalBlockSizeException; +import javax.crypto.NoSuchPaddingException; +import javax.crypto.spec.OAEPParameterSpec; +import javax.crypto.spec.PSource; import javax.smartcardio.CommandAPDU; import javax.smartcardio.ResponseAPDU; @@ -776,16 +812,6 @@ public void testHmacImportKeySuccess() { @Test public void testRsaImportKeySuccess() { init(); - /* - KeyPair rsaKeyPair = cryptoProvider.createRsaKeyPair(); - byte[] pub = new byte[4]; - short len = ((RSAPublicKey)rsaKeyPair.getPublic()).getExponent(pub,(short)1); - byte[] priv = new byte[256]; - byte[] mod = new byte[256]; - len = ((RSAPrivateKey)rsaKeyPair.getPrivate()).getModulus(mod,(short)0); - len = ((RSAPrivateKey)rsaKeyPair.getPrivate()).getExponent(priv,(short)0); - */ - byte[] pub = new byte[]{0x00,0x01,0x00,0x01}; byte[] mod = new byte[256]; byte[] priv = new byte[256]; @@ -1035,13 +1061,6 @@ private short signVerificationToken(short verToken) { @Test public void testEcImportKeySuccess() { init(); - /* - KeyPair ecKeyPair = cryptoProvider.createECKeyPair(); - byte[] pub = new byte[128]; - short len = ((ECPublicKey)ecKeyPair.getPublic()).getW(pub,(short)0); - byte[] priv = new byte[128]; - len = ((ECPrivateKey)ecKeyPair.getPrivate()).getS(priv,(short)0); - */ byte[] pub = new byte[128]; byte[] priv = new byte[128]; short[] lengths = new short[2]; @@ -1107,7 +1126,7 @@ public void testEcImportKeySuccess() { cleanUp(); } - private short extractKeyBlobArray(short keyBlob) { + private short extractKeyBlobArray(byte[] buf, short off, short buflen) { short ret = KMArray.instance((short) 5); KMArray.cast(ret).add(KMKeymasterApplet.KEY_BLOB_SECRET, KMByteBlob.exp()); KMArray.cast(ret).add(KMKeymasterApplet.KEY_BLOB_AUTH_TAG, KMByteBlob.exp()); @@ -1118,15 +1137,18 @@ private short extractKeyBlobArray(short keyBlob) { ret = decoder.decodeArray( ret, - KMByteBlob.cast(keyBlob).getBuffer(), - KMByteBlob.cast(keyBlob).getStartOff(), - KMByteBlob.cast(keyBlob).length()); + buf, off, buflen); short len = KMArray.cast(ret).length(); ptr = KMArray.cast(ret).get((short)4); // print(KMByteBlob.cast(ptr).getBuffer(),KMByteBlob.cast(ptr).getStartOff(),KMByteBlob.cast(ptr).length()); return ret; } + private short extractKeyBlobArray(short keyBlob) { + return extractKeyBlobArray(KMByteBlob.cast(keyBlob).getBuffer(), KMByteBlob + .cast(keyBlob).getStartOff(), KMByteBlob.cast(keyBlob).length()); + } + @Test public void testRsaGenerateKeySuccess() { init(); @@ -1532,10 +1554,7 @@ public void testComputeHmacParams(){ KMByteBlob.cast(num).getBuffer(), KMByteBlob.cast(num).getStartOff(), KMByteBlob.cast(num).length()); - // cryptoProvider.newRandomNumber( -// KMByteBlob.cast(num).getBuffer(), -// KMByteBlob.cast(num).getStartOff(), -// KMByteBlob.cast(num).length()); + KMHmacSharingParameters.cast(params1).setNonce(num); short params2 = KMHmacSharingParameters.instance(); KMHmacSharingParameters.cast(params2).setSeed(KMByteBlob.instance((short)0)); @@ -1612,10 +1631,8 @@ public void testImportWrappedKey(){ byte[] wrappedKey = new byte[16]; cryptoProvider.newRandomNumber(wrappedKey,(short)0,(short)16); byte[] encWrappedKey = new byte[16]; - //AESKey transportKey = cryptoProvider.createAESKey((short)256); byte[] transportKeyMaterial = new byte[32]; cryptoProvider.newRandomNumber(transportKeyMaterial,(short)0,(short)32); - //transportKey.setKey(transportKeyMaterial,(short)0); byte[] nonce = new byte[12]; cryptoProvider.newRandomNumber(nonce,(short)0,(short)12); byte[] authData = "Auth Data".getBytes(); @@ -1635,17 +1652,16 @@ public void testImportWrappedKey(){ Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), KMByteBlob.cast(keyBlobPtr).getStartOff(), wrappingKeyBlob,(short)0, (short)wrappingKeyBlob.length); - short inParams = getRsaParams(KMType.SHA2_256, KMType.RSA_OAEP); - short ret = processMessage(maskedTransportKey, - KMByteBlob.instance(wrappingKeyBlob,(short)0, (short)wrappingKeyBlob.length), - KMType.ENCRYPT, - KMKeyParameters.instance(inParams), - (short)0,null,false,false - ); - keyBlobPtr = KMArray.cast(ret).get((short)2); - byte[] encTransportKey = new byte[KMByteBlob.cast(keyBlobPtr).length()]; - Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), KMByteBlob.cast(keyBlobPtr).getStartOff(), - encTransportKey,(short)0, (short)encTransportKey.length); + + byte[] output = new byte[256]; + short outlen = rsaOaepEncryptMessage(wrappingKeyBlob, KMType.SHA2_256, + maskedTransportKey, (short)0, (short)maskedTransportKey.length, + output, (short)0); + byte[] encTransportKey = new byte[outlen]; + Util.arrayCopyNonAtomic(output, (short)0, encTransportKey, (short)0, + outlen); + //Clean the heap. + KMRepository.instance().clean(); short tagCount = 7; short arrPtr = KMArray.instance(tagCount); short boolTag = KMBoolTag.instance(KMType.NO_AUTH_REQUIRED); @@ -1689,7 +1705,7 @@ public void testImportWrappedKey(){ CommandAPDU apdu = encodeApdu((byte)INS_IMPORT_WRAPPED_KEY_CMD, arr); // print(commandAPDU.getBytes()); ResponseAPDU response = simulator.transmitCommand(apdu); - ret = KMArray.instance((short) 3); + short ret = KMArray.instance((short) 3); KMArray.cast(ret).add((short) 0, KMInteger.exp()); KMArray.cast(ret).add((short)1, KMByteBlob.exp()); short inst = KMKeyCharacteristics.exp(); @@ -1787,11 +1803,6 @@ public void testDeleteKeySuccess() { Assert.assertEquals(error, KMError.OK); ret = deleteKey(KMByteBlob.instance(keyBlob,(short)0,(short)keyBlob.length)); Assert.assertEquals(ret, KMError.OK); -/* ret = getKeyCharacteristics(KMByteBlob.instance(keyBlob,(short)0,(short)keyBlob.length)); - short err = KMByteBlob.cast(ret).get((short)1); - Assert.assertEquals(KMError.INVALID_KEY_BLOB,err); - - */ cleanUp(); } @@ -1811,14 +1822,6 @@ public void testDeleteAllKeySuccess() { ResponseAPDU response = simulator.transmitCommand(apdu); byte[] respBuf = response.getBytes(); Assert.assertEquals(respBuf[0], KMError.OK); -/* short ret = getKeyCharacteristics(KMByteBlob.instance(keyBlob1,(short)0,(short)keyBlob1.length)); - short err = KMByteBlob.cast(ret).get((short)1); - Assert.assertEquals(KMError.INVALID_KEY_BLOB,err); - ret = getKeyCharacteristics(KMByteBlob.instance(keyBlob2,(short)0,(short)keyBlob2.length)); - err = KMByteBlob.cast(ret).get((short)1); - Assert.assertEquals(KMError.INVALID_KEY_BLOB,err); - - */ cleanUp(); } @@ -2027,6 +2030,218 @@ public void testSignWithRsaNonePkcs1(){ cleanUp(); } + public short getPublicKey(byte[] keyBlob, short off, short len, + byte[] pubKey, short pubKeyOff) { + short keyBlobPtr = extractKeyBlobArray(keyBlob, off, len); + short arrayLen = KMArray.cast(keyBlobPtr).length(); + if (arrayLen < 5) { + KMException.throwIt(KMError.INVALID_KEY_BLOB); + } + short pubKeyPtr = KMArray.cast(keyBlobPtr).get( + KMKeymasterApplet.KEY_BLOB_PUB_KEY); + Util.arrayCopy(KMByteBlob.cast(pubKeyPtr).getBuffer(), + KMByteBlob.cast(pubKeyPtr).getStartOff(), pubKey, pubKeyOff, + KMByteBlob.cast(pubKeyPtr).length()); + return KMByteBlob.cast(pubKeyPtr).length(); + } + + private String toHexString(byte[] num){ + StringBuilder sb = new StringBuilder(); + for(int i = 0; i < num.length; i++){ + sb.append(String.format("%02X", num[i])) ; + } + return sb.toString(); + } + + public short rsaEncryptMessage(byte[] keyBlob, short padding, short digest, byte[] input, short inputOff, short inputlen, + byte[] output, short outputOff) { + byte alg = Cipher.ALG_RSA_PKCS1; + byte[] tmp = null; + short inLen = inputlen; + if (padding == KMType.PADDING_NONE) { + alg = Cipher.ALG_RSA_NOPAD; + // Length cannot be greater then key size according to JcardSim + if(inLen >= 256) KMException.throwIt(KMError.INVALID_INPUT_LENGTH); + // make input equal to 255 bytes + tmp = new byte[255]; + Util.arrayFillNonAtomic(tmp,(short)0,(short)255, (byte)0); + Util.arrayCopyNonAtomic( + input, + inputOff, + tmp, (short)(255 - inLen),inLen); + inLen = 255; + inputOff = 0; + } else if(padding == KMType.RSA_PKCS1_1_5_ENCRYPT) { + tmp = input; + } else { + /*Fail */ + Assert.assertTrue(false); + } + byte[] pubKey = new byte[256]; + KeyPair rsaKeyPair = new KeyPair(KeyPair.ALG_RSA, KeyBuilder.LENGTH_RSA_2048); + RSAPublicKey rsaPubKey = (RSAPublicKey) rsaKeyPair.getPublic(); + getPublicKey(keyBlob, (short)0, (short)keyBlob.length, pubKey, (short)0); + byte[] exponent = new byte[]{0x01,0x00,0x01}; + rsaPubKey.setModulus(pubKey, (short) 0, (short) pubKey.length); + rsaPubKey.setExponent(exponent, (short) 0, (short) exponent.length); + + Cipher rsaCipher = Cipher.getInstance(alg, false); + rsaCipher.init(rsaPubKey, Cipher.MODE_ENCRYPT); + return rsaCipher.doFinal(tmp, inputOff, inLen, output, outputOff); + } + + public short rsaOaepEncryptMessage(byte[] keyBlob, short digest, byte[] input, short inputOff, short inputlen, + byte[] output, short outputOff) { + byte[] mod = new byte[256]; + getPublicKey(keyBlob, (short)0, (short)keyBlob.length, mod, (short)0); + byte[] exponent = new byte[]{0x01,0x00,0x01}; + + // Convert byte arrays into keys + String modString = toHexString(mod); + String expString = toHexString(exponent); + BigInteger modInt = new BigInteger(modString,16); + BigInteger expInt = new BigInteger(expString,16); + javax.crypto.Cipher rsaCipher = null; + try{ + KeyFactory kf = KeyFactory.getInstance("RSA"); + // Create cipher with oaep padding + OAEPParameterSpec oaepSpec = null; + if(digest == KMType.SHA2_256){ + oaepSpec= new OAEPParameterSpec("SHA-256", "MGF1", + MGF1ParameterSpec.SHA1, PSource.PSpecified.DEFAULT); + }else{ + oaepSpec= new OAEPParameterSpec("SHA1", "MGF1", + MGF1ParameterSpec.SHA1, PSource.PSpecified.DEFAULT); + } + rsaCipher = javax.crypto.Cipher.getInstance("RSA/ECB/OAEPPadding", "SunJCE"); + + RSAPublicKeySpec pubSpec = new RSAPublicKeySpec(modInt, expInt); + java.security.interfaces.RSAPublicKey pubKey = (java.security.interfaces.RSAPublicKey) kf.generatePublic(pubSpec); + rsaCipher.init(javax.crypto.Cipher.ENCRYPT_MODE, pubKey, oaepSpec); + byte[] cipherOut = rsaCipher.doFinal(input, inputOff, inputlen); + + if(cipherOut != null) { + Util.arrayCopyNonAtomic(cipherOut, (short) 0, output, outputOff, (short) cipherOut.length); + } + return (short) cipherOut.length; + } catch (NoSuchAlgorithmException e) { + e.printStackTrace(); + CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM); + } catch (InvalidKeySpecException e) { + e.printStackTrace(); + CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); + } catch (InvalidKeyException e) { + e.printStackTrace(); + CryptoException.throwIt(CryptoException.INVALID_INIT); + } catch (InvalidAlgorithmParameterException e) { + e.printStackTrace(); + CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); + } catch (NoSuchPaddingException e) { + e.printStackTrace(); + CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); + } catch (NoSuchProviderException e) { + e.printStackTrace(); + CryptoException.throwIt(CryptoException.INVALID_INIT); + } catch (IllegalBlockSizeException e) { + e.printStackTrace(); + } catch (BadPaddingException e) { + e.printStackTrace(); + } + return 0; + } + + public boolean ecNoDigestVerifyMessage(byte[] input, short inputOff, + short inputlen, byte[] sign, short signOff, short signLen, + byte[] keyBlob) { + KeyFactory kf; + byte[] pubKey = new byte[128]; + short keyStart = 0; + short keyLength = getPublicKey(keyBlob, (short) 0, (short) keyBlob.length, + pubKey, (short) 0); + try { + java.security.Signature sunSigner = java.security.Signature.getInstance( + "NONEwithECDSA", "SunEC"); + kf = KeyFactory.getInstance("EC"); + AlgorithmParameters parameters = AlgorithmParameters.getInstance("EC", + "SunEC"); + // Supported curve secp256r1 + parameters.init(new ECGenParameterSpec("secp256r1")); + ECParameterSpec ecParameters = parameters + .getParameterSpec(ECParameterSpec.class); + + // Check if the first byte is 04 and remove it. + if (pubKey[keyStart] == 0x04) { + // uncompressed format. + keyStart++; + keyLength--; + } + short i = 0; + byte[] pubx = new byte[keyLength / 2]; + for (; i < keyLength / 2; i++) { + pubx[i] = pubKey[keyStart + i]; + } + byte[] puby = new byte[keyLength / 2]; + for (i = 0; i < keyLength / 2; i++) { + puby[i] = pubKey[keyStart + keyLength / 2 + i]; + } + BigInteger bIX = new BigInteger(pubx); + BigInteger bIY = new BigInteger(puby); + ECPoint point = new ECPoint(bIX, bIY); + ECPublicKeySpec pubkeyspec = new ECPublicKeySpec(point, ecParameters); + java.security.interfaces.ECPublicKey ecPubkey = (java.security.interfaces.ECPublicKey) kf + .generatePublic(pubkeyspec); + sunSigner.initVerify(ecPubkey); + sunSigner.update(input, inputOff, inputlen); + return sunSigner.verify(sign, signOff, signLen); + } catch (NoSuchAlgorithmException e) { + e.printStackTrace(); + } catch (NoSuchProviderException e) { + e.printStackTrace(); + } catch (InvalidParameterSpecException e) { + e.printStackTrace(); + } catch (InvalidKeySpecException e) { + e.printStackTrace(); + } catch (InvalidKeyException e) { + e.printStackTrace(); + } catch (SignatureException e) { + e.printStackTrace(); + } + return false; + } + + public boolean ecVerifyMessage(byte[] input, short inputOff, short inputlen, + byte[] sign, short signOff, short signLen, byte[] keyBlob) { + Signature ecVerifier; + byte[] pubKey = new byte[128]; + short len = getPublicKey(keyBlob, (short) 0, (short) keyBlob.length, + pubKey, (short) 0); + ECPublicKey key = (ECPublicKey) KeyBuilder.buildKey( + KeyBuilder.TYPE_EC_FP_PUBLIC, KeyBuilder.LENGTH_EC_FP_256, false); + key.setW(pubKey, (short) 0, len); + ecVerifier = Signature.getInstance(Signature.ALG_ECDSA_SHA_256, false); + ecVerifier.init(key, Signature.MODE_VERIFY); + return ecVerifier.verify(input, inputOff, inputlen, sign, signOff, signLen); + } + + public boolean rsaVerifyMessage(byte[] input, short inputOff, short inputlen, byte[] sign, short signOff, short signLen, + short digest,short padding, byte[] keyBlob) { + if(digest == KMType.DIGEST_NONE || padding == KMType.PADDING_NONE) CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM); + byte[] pubKey = new byte[256]; + getPublicKey(keyBlob, (short)0, (short)keyBlob.length, pubKey, (short)0); + short alg = Signature.ALG_RSA_SHA_256_PKCS1_PSS; + + if (padding == KMType.RSA_PKCS1_1_5_SIGN) + alg = Signature.ALG_RSA_SHA_256_PKCS1; + + Signature rsaVerifier = Signature.getInstance((byte)alg, false); + RSAPublicKey key = (RSAPublicKey) KeyBuilder.buildKey(KeyBuilder.TYPE_RSA_PUBLIC, KeyBuilder.LENGTH_RSA_2048, false); + byte[] exponent = new byte[]{0x01,0x00,0x01}; + key.setExponent(exponent,(short)0,(short)exponent.length); + key.setModulus(pubKey, (short)0, (short)pubKey.length); + rsaVerifier.init(key,Signature.MODE_VERIFY); + return rsaVerifier.verify(input, inputOff, inputlen, sign, signOff, signLen); + } + public byte[] EncryptMessage(byte[] input, short params, byte[] keyBlob) { short ret = begin(KMType.ENCRYPT, KMByteBlob.instance(keyBlob, (short) 0, (short) keyBlob.length), @@ -2141,13 +2356,19 @@ public void testVtsRsaPkcs1Success() { short pkcs1Params = getRsaParams(KMType.DIGEST_NONE, KMType.RSA_PKCS1_1_5_ENCRYPT); - byte[] cipherText1 = EncryptMessage(message, pkcs1Params, keyBlob); - Assert.assertEquals((2048 / 8), cipherText1.length); + byte[] cipherText1 = new byte[256]; + short cipherText1Len = rsaEncryptMessage(keyBlob, KMType.RSA_PKCS1_1_5_ENCRYPT, KMType.DIGEST_NONE, + message, (short)0, (short)message.length, + cipherText1, (short)0); + Assert.assertEquals((2048 / 8), cipherText1Len); pkcs1Params = getRsaParams(KMType.DIGEST_NONE, KMType.RSA_PKCS1_1_5_ENCRYPT); - byte[] cipherText2 = EncryptMessage(message, pkcs1Params, keyBlob); - Assert.assertEquals((2048 / 8), cipherText2.length); + byte[] cipherText2 = new byte[256]; + short cipherText2Len = rsaEncryptMessage(keyBlob, KMType.RSA_PKCS1_1_5_ENCRYPT, KMType.DIGEST_NONE, + message, (short)0, (short)message.length, + cipherText2, (short)0); + Assert.assertEquals((2048 / 8), cipherText2Len); // PKCS1 v1.5 randomizes padding so every result should be different. Assert.assertFalse(Arrays.equals(cipherText1, cipherText2)); @@ -2275,15 +2496,6 @@ public void testAttestEcKey(){ } public void testAttestKey(byte[] keyBlob){ - /* - short key = generateRsaKey(null,null); - short keyBlobPtr = KMArray.cast(key).get((short)1); - byte[] keyBlob= new byte[KMByteBlob.cast(keyBlobPtr).length()]; - Util.arrayCopyNonAtomic( - KMByteBlob.cast(keyBlobPtr).getBuffer(), - KMByteBlob.cast(keyBlobPtr).getStartOff(), - keyBlob,(short)0, (short)keyBlob.length); - */ short arrPtr = KMArray.instance((short)2); KMArray.cast(arrPtr).add((short)0, KMByteTag.instance(KMType.ATTESTATION_APPLICATION_ID, KMByteBlob.instance(attAppId,(short)0,(short)attAppId.length))); @@ -2471,19 +2683,19 @@ public void testEncryptDecryptWithRsa(byte digest, byte padding){ keyBlob,(short)0, (short)keyBlob.length); short inParams = getRsaParams(digest, padding); byte[] plainData = "Hello World 123!".getBytes(); + byte[] cipherData = new byte[256]; + short cipherDataLen = 0; //Encrypt - short ret = processMessage(plainData, - KMByteBlob.instance(keyBlob,(short)0, (short)keyBlob.length), - KMType.ENCRYPT, - KMKeyParameters.instance(inParams), - (short)0,null,false, false - ); + if (padding == KMType.RSA_OAEP) { + cipherDataLen = rsaOaepEncryptMessage(keyBlob, digest, plainData, + (short) 0, (short) plainData.length, cipherData, (short) 0); + } else { + cipherDataLen = rsaEncryptMessage(keyBlob, padding, digest, plainData, + (short) 0, (short) plainData.length, cipherData, (short) 0); + } + Assert.assertTrue((cipherDataLen == 256)); inParams = getRsaParams(digest, padding); - keyBlobPtr = KMArray.cast(ret).get((short)2); - byte[] cipherData = new byte[KMByteBlob.cast(keyBlobPtr).length()]; - Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), KMByteBlob.cast(keyBlobPtr).getStartOff(), - cipherData,(short)0, (short)cipherData.length); - ret = processMessage(cipherData, + short ret = processMessage(cipherData, KMByteBlob.instance(keyBlob,(short)0, (short)keyBlob.length), KMType.DECRYPT, KMKeyParameters.instance(inParams), @@ -2522,14 +2734,10 @@ public void testSignVerifyWithRsa(byte digest, byte padding, boolean update, boo Assert.assertEquals(signatureData.length,256); return; } - ret = processMessage(plainData, - KMByteBlob.instance(keyBlob,(short)0, (short)keyBlob.length), - KMType.VERIFY, - KMKeyParameters.instance(inParams), - (short)0,signatureData,update,false - ); - short error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); - Assert.assertEquals(error, KMError.OK); + boolean verify = rsaVerifyMessage(plainData, (short)0, (short)plainData.length, + signatureData, (short)0, (short)signatureData.length, + digest, padding, keyBlob); + Assert.assertTrue(verify); } public void testSignVerifyWithEcdsa(byte digest, boolean update){ @@ -2553,14 +2761,17 @@ public void testSignVerifyWithEcdsa(byte digest, boolean update){ byte[] signatureData = new byte[KMByteBlob.cast(keyBlobPtr).length()]; Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), KMByteBlob.cast(keyBlobPtr).getStartOff(), signatureData,(short)0, (short)signatureData.length); - ret = processMessage(plainData, - KMByteBlob.instance(keyBlob,(short)0, (short)keyBlob.length), - KMType.VERIFY, - KMKeyParameters.instance(inParams), - (short)0,signatureData,update,false - ); - short error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); - Assert.assertEquals(error, KMError.OK); + boolean verify = false; + if (digest == KMType.DIGEST_NONE) { + verify = ecNoDigestVerifyMessage(plainData, (short)0, (short)plainData.length, + signatureData, (short)0, (short)signatureData.length, + keyBlob); + } else { + verify = ecVerifyMessage(plainData, (short)0, (short)plainData.length, + signatureData, (short)0, (short)signatureData.length, + keyBlob); + } + Assert.assertTrue(verify); } public void testSignVerifyWithHmac(byte digest, boolean update){ short hmacKeyArr = generateHmacKey(null, null); diff --git a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java index abf6e670..a6fce8bc 100644 --- a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java +++ b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java @@ -1613,18 +1613,6 @@ private void processFinishOperationCmd(APDU apdu) { private void finishEncryptOperation(KMOperationState op, byte[] scratchPad) { short len = KMByteBlob.cast(data[INPUT_DATA]).length(); switch (op.getAlgorithm()) { - case KMType.RSA: - // Output size is always 256 bytes - data[OUTPUT_DATA] = KMByteBlob.instance((short) 256); - Util.arrayFillNonAtomic(scratchPad, (short) 0, (short) 256, (byte) 0); - op.getOperation() - .finish( - KMByteBlob.cast(data[INPUT_DATA]).getBuffer(), - KMByteBlob.cast(data[INPUT_DATA]).getStartOff(), - KMByteBlob.cast(data[INPUT_DATA]).length(), - KMByteBlob.cast(data[OUTPUT_DATA]).getBuffer(), - KMByteBlob.cast(data[OUTPUT_DATA]).getStartOff()); - break; case KMType.AES: case KMType.DES: if (op.getAlgorithm() == KMType.AES) { @@ -1785,17 +1773,8 @@ private void finishSigningVerifyingOperation(KMOperationState op, byte[] scratch KMByteBlob.cast(data[OUTPUT_DATA]).getBuffer(), KMByteBlob.cast(data[OUTPUT_DATA]).getStartOff()); } else { - if (!op.getOperation() - .verify( - KMByteBlob.cast(data[INPUT_DATA]).getBuffer(), - KMByteBlob.cast(data[INPUT_DATA]).getStartOff(), - KMByteBlob.cast(data[INPUT_DATA]).length(), - KMByteBlob.cast(data[SIGNATURE]).getBuffer(), - KMByteBlob.cast(data[SIGNATURE]).getStartOff(), - KMByteBlob.cast(data[SIGNATURE]).length())) { - KMException.throwIt(KMError.VERIFICATION_FAILED); - } - } + KMException.throwIt(KMError.UNSUPPORTED_PURPOSE); + } } catch (CryptoException e) { KMException.throwIt(KMError.INVALID_ARGUMENT); } @@ -1818,17 +1797,8 @@ private void finishSigningVerifyingOperation(KMOperationState op, byte[] scratch (short) 0); data[OUTPUT_DATA] = KMByteBlob.instance(scratchPad, (short) 0, len); } else { - if (!op.getOperation() - .verify( - KMByteBlob.cast(data[INPUT_DATA]).getBuffer(), - KMByteBlob.cast(data[INPUT_DATA]).getStartOff(), - len, - KMByteBlob.cast(data[SIGNATURE]).getBuffer(), - KMByteBlob.cast(data[SIGNATURE]).getStartOff(), - KMByteBlob.cast(data[SIGNATURE]).length())) { - KMException.throwIt(KMError.VERIFICATION_FAILED); - } - } + KMException.throwIt(KMError.UNSUPPORTED_PURPOSE); + } break; case KMType.HMAC: // As per Keymaster HAL documentation, the length of the Hmac output can @@ -2484,18 +2454,7 @@ private void beginCipherOperation(KMOperationState op) { KMByteBlob.cast(data[PUB_KEY]).getStartOff(), KMByteBlob.cast(data[PUB_KEY]).length())); } else { - op.setOperation( - seProvider.initAsymmetricOperation( - (byte) op.getPurpose(), - op.getAlgorithm(), - op.getPadding(), - op.getDigest(), - null, - (short) 0, - (short) 0, - KMByteBlob.cast(data[PUB_KEY]).getBuffer(), - KMByteBlob.cast(data[PUB_KEY]).getStartOff(), - KMByteBlob.cast(data[PUB_KEY]).length())); + KMException.throwIt(KMError.UNSUPPORTED_PURPOSE); } } catch (CryptoException exp) { KMException.throwIt(KMError.UNSUPPORTED_ALGORITHM); @@ -2548,18 +2507,7 @@ private void beginSignVerifyOperation(KMOperationState op) { KMByteBlob.cast(data[PUB_KEY]).getStartOff(), KMByteBlob.cast(data[PUB_KEY]).length())); } else { - op.setOperation( - seProvider.initAsymmetricOperation( - (byte) op.getPurpose(), - op.getAlgorithm(), - op.getPadding(), - op.getDigest(), - null, - (short) 0, - (short) 0, - KMByteBlob.cast(data[PUB_KEY]).getBuffer(), - KMByteBlob.cast(data[PUB_KEY]).getStartOff(), - KMByteBlob.cast(data[PUB_KEY]).length())); + KMException.throwIt(KMError.UNSUPPORTED_PURPOSE); } } catch (CryptoException exp) { KMException.throwIt(KMError.UNSUPPORTED_ALGORITHM); @@ -2581,18 +2529,7 @@ private void beginSignVerifyOperation(KMOperationState op) { (short) 0, (short) 0)); } else { - op.setOperation( - seProvider.initAsymmetricOperation( - (byte) op.getPurpose(), - op.getAlgorithm(), - op.getPadding(), - op.getDigest(), - null, - (short) 0, - (short) 0, - KMByteBlob.cast(data[PUB_KEY]).getBuffer(), - KMByteBlob.cast(data[PUB_KEY]).getStartOff(), - KMByteBlob.cast(data[PUB_KEY]).length())); + KMException.throwIt(KMError.UNSUPPORTED_PURPOSE); } } catch (CryptoException exp) { // Javacard does not support NO digest based signing. From f909c4c064a0edbf4415b4148e0e894e7f34fde1 Mon Sep 17 00:00:00 2001 From: bvenkateswarlu Date: Wed, 10 Feb 2021 21:47:39 +0530 Subject: [PATCH 075/169] updated readROT function --- .../javacard/keymaster/KMKeymasterApplet.java | 6 +++ .../javacard/keymaster/KMRepository.java | 53 ++++++++++--------- 2 files changed, 35 insertions(+), 24 deletions(-) diff --git a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java index a6fce8bc..cb76aee4 100644 --- a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java +++ b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java @@ -3521,6 +3521,9 @@ private static void createEncryptedKeyBlob(byte[] scratchPad) { makeKeyCharacteristics(scratchPad); // make root of trust blob data[ROT] = repository.readROT(); + if (data[ROT] == KMType.INVALID_VALUE) { + KMException.throwIt(KMError.UNKNOWN_ERROR); + } // make hidden key params list data[HIDDEN_PARAMETERS] = @@ -3580,6 +3583,9 @@ private static void parseEncryptedKeyBlob(byte[] scratchPad) { data[SW_PARAMETERS] = KMKeyCharacteristics.cast(data[KEY_CHARACTERISTICS]).getSoftwareEnforced(); data[ROT] = repository.readROT(); + if (data[ROT] == KMType.INVALID_VALUE) { + KMException.throwIt(KMError.UNKNOWN_ERROR); + } data[HIDDEN_PARAMETERS] = KMKeyParameters.makeHidden(data[APP_ID], data[APP_DATA], data[ROT], scratchPad); diff --git a/Applet/src/com/android/javacard/keymaster/KMRepository.java b/Applet/src/com/android/javacard/keymaster/KMRepository.java index ee7cc6a8..47ad740a 100644 --- a/Applet/src/com/android/javacard/keymaster/KMRepository.java +++ b/Applet/src/com/android/javacard/keymaster/KMRepository.java @@ -502,35 +502,40 @@ public short getOsPatch(){ } public short readROT() { + short totalLength = 0; short length = dataLength(BOOT_VERIFIED_BOOT_KEY); - length += dataLength(BOOT_VERIFIED_BOOT_HASH); - length += dataLength(BOOT_VERIFIED_BOOT_STATE); - length += dataLength(BOOT_DEVICE_LOCKED_STATUS); - short blob = KMByteBlob.instance(length); - if((length = readDataEntry( - BOOT_VERIFIED_BOOT_KEY, - KMByteBlob.cast(blob).getBuffer(), - KMByteBlob.cast(blob).getStartOff())) == 0){ - return 0; + if (length == 0) { + return KMType.INVALID_VALUE; } - if((length += readDataEntry( - BOOT_VERIFIED_BOOT_HASH, - KMByteBlob.cast(blob).getBuffer(), - (short) (KMByteBlob.cast(blob).getStartOff() + length))) == 0){ - return 0; + totalLength += length; + if ((length = dataLength(BOOT_VERIFIED_BOOT_HASH)) == 0) { + return KMType.INVALID_VALUE; } - if((length += readDataEntry( - BOOT_VERIFIED_BOOT_STATE, - KMByteBlob.cast(blob).getBuffer(), - (short) (KMByteBlob.cast(blob).getStartOff() + length))) == 0){ - return 0; + totalLength += length; + if ((length = dataLength(BOOT_VERIFIED_BOOT_STATE)) == 0) { + return KMType.INVALID_VALUE; } - if((length += readDataEntry( - BOOT_DEVICE_LOCKED_STATUS, - KMByteBlob.cast(blob).getBuffer(), - (short) (KMByteBlob.cast(blob).getStartOff() + length))) == 0){ - return 0; + totalLength += length; + if ((length = dataLength(BOOT_DEVICE_LOCKED_STATUS)) == 0) { + return KMType.INVALID_VALUE; } + totalLength += length; + + short blob = KMByteBlob.instance(totalLength); + length = readDataEntry(BOOT_VERIFIED_BOOT_KEY, KMByteBlob.cast(blob) + .getBuffer(), KMByteBlob.cast(blob).getStartOff()); + + length += readDataEntry(BOOT_VERIFIED_BOOT_HASH, KMByteBlob.cast(blob) + .getBuffer(), + (short) (KMByteBlob.cast(blob).getStartOff() + length)); + + length += readDataEntry(BOOT_VERIFIED_BOOT_STATE, KMByteBlob.cast(blob) + .getBuffer(), + (short) (KMByteBlob.cast(blob).getStartOff() + length)); + + readDataEntry(BOOT_DEVICE_LOCKED_STATUS, KMByteBlob.cast(blob) + .getBuffer(), + (short) (KMByteBlob.cast(blob).getStartOff() + length)); return blob; } From b3eeb3d4b676a1832d0eb9d6f902c59f0e119986 Mon Sep 17 00:00:00 2001 From: bvenkateswarlu Date: Wed, 10 Feb 2021 22:15:31 +0530 Subject: [PATCH 076/169] Added validation for block mode --- .../javacard/keymaster/KMKeymasterApplet.java | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java index cb76aee4..e1e8214d 100644 --- a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java +++ b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java @@ -2319,6 +2319,16 @@ private void authorizeBlockModeAndMacLength(KMOperationState op) { KMIntegerTag.getShortValue(KMType.UINT_TAG, KMType.MAC_LENGTH, data[KEY_PARAMETERS]); switch (op.getAlgorithm()) { case KMType.AES: + //Validate the block mode. + switch(param) { + case KMType.ECB: + case KMType.CBC: + case KMType.CTR: + case KMType.GCM: + break; + default: + KMException.throwIt(KMError.UNSUPPORTED_BLOCK_MODE); + } if (param == KMType.INVALID_VALUE) KMException.throwIt(KMError.INVALID_ARGUMENT); if (param == KMType.GCM) { if (op.getPadding() != KMType.PADDING_NONE) { @@ -2338,6 +2348,14 @@ private void authorizeBlockModeAndMacLength(KMOperationState op) { } break; case KMType.DES: + //Validate the block mode. + switch(param) { + case KMType.ECB: + case KMType.CBC: + break; + default: + KMException.throwIt(KMError.UNSUPPORTED_BLOCK_MODE); + } if (param == KMType.INVALID_VALUE) KMException.throwIt(KMError.INVALID_ARGUMENT); break; case KMType.HMAC: From 5809a2d813442d939d53458849e8c56a113d515c Mon Sep 17 00:00:00 2001 From: bvenkateswarlu Date: Wed, 10 Feb 2021 22:57:52 +0530 Subject: [PATCH 077/169] Removed unwanted exceptions from KMFunctionTest --- .../javacard/test/KMFunctionalTest.java | 38 +++++++++---------- 1 file changed, 18 insertions(+), 20 deletions(-) diff --git a/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java b/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java index ec5a1b54..3e0653eb 100644 --- a/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java +++ b/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java @@ -20,8 +20,6 @@ import com.android.javacard.keymaster.KMBoolTag; import com.android.javacard.keymaster.KMByteBlob; import com.android.javacard.keymaster.KMByteTag; -import com.android.javacard.keymaster.KMEcdsa256NoDigestSignature; -import com.android.javacard.keymaster.KMException; import com.android.javacard.keymaster.KMJCardSimApplet; import com.android.javacard.keymaster.KMJCardSimulator; import com.android.javacard.keymaster.KMSEProvider; @@ -45,14 +43,10 @@ import com.licel.jcardsim.utils.AIDUtil; import javacard.framework.AID; -import javacard.framework.ISOException; import javacard.framework.Util; -import javacard.security.CryptoException; -import javacard.security.ECPrivateKey; import javacard.security.ECPublicKey; import javacard.security.KeyBuilder; import javacard.security.KeyPair; -import javacard.security.RSAPrivateKey; import javacard.security.RSAPublicKey; import javacard.security.Signature; import javacardx.crypto.Cipher; @@ -68,12 +62,10 @@ import java.security.spec.ECGenParameterSpec; import java.security.spec.ECParameterSpec; import java.security.spec.ECPoint; -import java.security.spec.ECPrivateKeySpec; import java.security.spec.ECPublicKeySpec; import java.security.spec.InvalidKeySpecException; import java.security.spec.InvalidParameterSpecException; import java.security.spec.MGF1ParameterSpec; -import java.security.spec.RSAPrivateKeySpec; import java.security.spec.RSAPublicKeySpec; import java.util.Arrays; import java.util.Random; @@ -1657,6 +1649,7 @@ public void testImportWrappedKey(){ short outlen = rsaOaepEncryptMessage(wrappingKeyBlob, KMType.SHA2_256, maskedTransportKey, (short)0, (short)maskedTransportKey.length, output, (short)0); + Assert.assertTrue((outlen == 256)); byte[] encTransportKey = new byte[outlen]; Util.arrayCopyNonAtomic(output, (short)0, encTransportKey, (short)0, outlen); @@ -2035,7 +2028,7 @@ public short getPublicKey(byte[] keyBlob, short off, short len, short keyBlobPtr = extractKeyBlobArray(keyBlob, off, len); short arrayLen = KMArray.cast(keyBlobPtr).length(); if (arrayLen < 5) { - KMException.throwIt(KMError.INVALID_KEY_BLOB); + return 0; } short pubKeyPtr = KMArray.cast(keyBlobPtr).get( KMKeymasterApplet.KEY_BLOB_PUB_KEY); @@ -2061,7 +2054,8 @@ public short rsaEncryptMessage(byte[] keyBlob, short padding, short digest, byte if (padding == KMType.PADDING_NONE) { alg = Cipher.ALG_RSA_NOPAD; // Length cannot be greater then key size according to JcardSim - if(inLen >= 256) KMException.throwIt(KMError.INVALID_INPUT_LENGTH); + if(inLen >= 256) + return 0; // make input equal to 255 bytes tmp = new byte[255]; Util.arrayFillNonAtomic(tmp,(short)0,(short)255, (byte)0); @@ -2080,7 +2074,9 @@ public short rsaEncryptMessage(byte[] keyBlob, short padding, short digest, byte byte[] pubKey = new byte[256]; KeyPair rsaKeyPair = new KeyPair(KeyPair.ALG_RSA, KeyBuilder.LENGTH_RSA_2048); RSAPublicKey rsaPubKey = (RSAPublicKey) rsaKeyPair.getPublic(); - getPublicKey(keyBlob, (short)0, (short)keyBlob.length, pubKey, (short)0); + if (0 == getPublicKey(keyBlob, (short)0, (short)keyBlob.length, pubKey, (short)0)) + return 0; + byte[] exponent = new byte[]{0x01,0x00,0x01}; rsaPubKey.setModulus(pubKey, (short) 0, (short) pubKey.length); rsaPubKey.setExponent(exponent, (short) 0, (short) exponent.length); @@ -2093,7 +2089,8 @@ public short rsaEncryptMessage(byte[] keyBlob, short padding, short digest, byte public short rsaOaepEncryptMessage(byte[] keyBlob, short digest, byte[] input, short inputOff, short inputlen, byte[] output, short outputOff) { byte[] mod = new byte[256]; - getPublicKey(keyBlob, (short)0, (short)keyBlob.length, mod, (short)0); + if (0 == getPublicKey(keyBlob, (short)0, (short)keyBlob.length, mod, (short)0)) + return 0; byte[] exponent = new byte[]{0x01,0x00,0x01}; // Convert byte arrays into keys @@ -2126,22 +2123,16 @@ public short rsaOaepEncryptMessage(byte[] keyBlob, short digest, byte[] input, s return (short) cipherOut.length; } catch (NoSuchAlgorithmException e) { e.printStackTrace(); - CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM); } catch (InvalidKeySpecException e) { e.printStackTrace(); - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); } catch (InvalidKeyException e) { e.printStackTrace(); - CryptoException.throwIt(CryptoException.INVALID_INIT); } catch (InvalidAlgorithmParameterException e) { e.printStackTrace(); - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); } catch (NoSuchPaddingException e) { e.printStackTrace(); - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); } catch (NoSuchProviderException e) { e.printStackTrace(); - CryptoException.throwIt(CryptoException.INVALID_INIT); } catch (IllegalBlockSizeException e) { e.printStackTrace(); } catch (BadPaddingException e) { @@ -2158,6 +2149,8 @@ public boolean ecNoDigestVerifyMessage(byte[] input, short inputOff, short keyStart = 0; short keyLength = getPublicKey(keyBlob, (short) 0, (short) keyBlob.length, pubKey, (short) 0); + if (keyLength == 0) + return false; try { java.security.Signature sunSigner = java.security.Signature.getInstance( "NONEwithECDSA", "SunEC"); @@ -2215,6 +2208,9 @@ public boolean ecVerifyMessage(byte[] input, short inputOff, short inputlen, byte[] pubKey = new byte[128]; short len = getPublicKey(keyBlob, (short) 0, (short) keyBlob.length, pubKey, (short) 0); + if (len == 0) { + return false; + } ECPublicKey key = (ECPublicKey) KeyBuilder.buildKey( KeyBuilder.TYPE_EC_FP_PUBLIC, KeyBuilder.LENGTH_EC_FP_256, false); key.setW(pubKey, (short) 0, len); @@ -2225,9 +2221,11 @@ public boolean ecVerifyMessage(byte[] input, short inputOff, short inputlen, public boolean rsaVerifyMessage(byte[] input, short inputOff, short inputlen, byte[] sign, short signOff, short signLen, short digest,short padding, byte[] keyBlob) { - if(digest == KMType.DIGEST_NONE || padding == KMType.PADDING_NONE) CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM); + if(digest == KMType.DIGEST_NONE || padding == KMType.PADDING_NONE) + return false; byte[] pubKey = new byte[256]; - getPublicKey(keyBlob, (short)0, (short)keyBlob.length, pubKey, (short)0); + if (0 == getPublicKey(keyBlob, (short)0, (short)keyBlob.length, pubKey, (short)0)) + return false; short alg = Signature.ALG_RSA_SHA_256_PKCS1_PSS; if (padding == KMType.RSA_PKCS1_1_5_SIGN) From a4e14bf3f8f0f3612b375add65e88430a4061dcf Mon Sep 17 00:00:00 2001 From: mdwivedi Date: Wed, 10 Feb 2021 13:24:19 -0800 Subject: [PATCH 078/169] Revert "Move unsigned compare" --- .../android/javacard/keymaster/KMUtils.java | 47 +++++++++----- .../keymaster/KMAttestationCertImpl.java | 1 + .../android/javacard/keymaster/KMCipher.java | 8 +++ .../KMEcdsa256NoDigestSignature.java | 12 +++- .../javacard/keymaster/KMJCardSimulator.java | 65 +++++++++++++++---- .../keymaster/KMRsa2048NoDigestSignature.java | 2 +- .../android/javacard/keymaster/KMUtils.java | 50 +++++++++----- .../javacard/keymaster/KMByteBlob.java | 6 ++ .../android/javacard/keymaster/KMEncoder.java | 2 + .../javacard/keymaster/KMEnumArrayTag.java | 8 +++ .../android/javacard/keymaster/KMError.java | 55 +++++++++++----- .../android/javacard/keymaster/KMInteger.java | 22 +------ .../javacard/keymaster/KMKeymasterApplet.java | 4 +- .../javacard/keymaster/KMOperationState.java | 2 +- .../javacard/keymaster/KMSEProvider.java | 6 +- .../android/javacard/keymaster/KMType.java | 3 + 16 files changed, 203 insertions(+), 90 deletions(-) diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMUtils.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMUtils.java index cdd86665..65e83415 100644 --- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMUtils.java +++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMUtils.java @@ -70,17 +70,17 @@ public static short convertToDate(short time, byte[] scratchPad, (short) (8 - KMInteger.cast(time).length()), KMInteger.cast(time) .length()); // If the time is less then 1 Jan 2020 then it is an error - if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2020, (short) 0, + if (unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2020, (short) 0, (short) 8) < 0) { KMException.throwIt(KMError.INVALID_ARGUMENT); } if (utcFlag - && KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, + && unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, (short) 0, (short) 8) >= 0) { KMException.throwIt(KMError.INVALID_ARGUMENT); } - if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, (short) 0, + if (unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, (short) 0, (short) 8) < 0) { Util.arrayCopyNonAtomic(firstJan2020, (short) 0, scratchPad, (short) 8, (short) 8); @@ -96,7 +96,7 @@ public static short convertToDate(short time, byte[] scratchPad, (short) 8); } // divide the given time with four yrs msec count - if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, fourYrsMsec, (short) 0, + if (unsignedByteArrayCompare(scratchPad, (short) 0, fourYrsMsec, (short) 0, (short) 8) >= 0) { Util.arrayCopyNonAtomic(fourYrsMsec, (short) 0, scratchPad, (short) 8, (short) 8); @@ -116,9 +116,9 @@ public static short convertToDate(short time, byte[] scratchPad, // if leap year index is 0, then the number of days for the 1st year will be 366 days. // if leap year index is not 0, then the number of days for the 1st year will be 365 days. if (((leapYrIdx == 0) && - (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, leapYearMsec, (short) 0,(short) 8) >= 0)) || + (unsignedByteArrayCompare(scratchPad, (short) 0, leapYearMsec, (short) 0,(short) 8) >= 0)) || ((leapYrIdx != 0) && - (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, yearMsec, (short) 0,(short) 8) >= 0))) { + (unsignedByteArrayCompare(scratchPad, (short) 0, yearMsec, (short) 0,(short) 8) >= 0))) { for (short i = 0; i < 4; i++) { yrsCount++; if (i == leapYrIdx) { @@ -132,12 +132,12 @@ public static short convertToDate(short time, byte[] scratchPad, Util.arrayCopyNonAtomic(scratchPad, (short) 16, scratchPad, (short) 0, (short) 8); if (((short) (i + 1) == leapYrIdx)) { - if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, leapYearMsec, + if (unsignedByteArrayCompare(scratchPad, (short) 0, leapYearMsec, (short) 0, (short) 8) < 0) { break; } } else { - if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, yearMsec, + if (unsignedByteArrayCompare(scratchPad, (short) 0, yearMsec, (short) 0, (short) 8) < 0) { break; } @@ -152,7 +152,7 @@ public static short convertToDate(short time, byte[] scratchPad, yrsCount = (short) (year2051 + yrsCount); // divide the given time with one month msec count - if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, oneMonthMsec, (short) 0, + if (unsignedByteArrayCompare(scratchPad, (short) 0, oneMonthMsec, (short) 0, (short) 8) >= 0) { for (short i = 0; i < 12; i++) { if (i == 1) { @@ -175,7 +175,7 @@ public static short convertToDate(short time, byte[] scratchPad, (short) 8, (short) 8); } - if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, scratchPad, (short) 8, + if (unsignedByteArrayCompare(scratchPad, (short) 0, scratchPad, (short) 8, (short) 8) >= 0) { subtract(scratchPad, (short) 0, (short) 8, (short) 16); Util.arrayCopyNonAtomic(scratchPad, (short) 16, scratchPad, (short) 0, @@ -188,7 +188,7 @@ public static short convertToDate(short time, byte[] scratchPad, } // divide the given time with one day msec count - if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, oneDayMsec, (short) 0, + if (unsignedByteArrayCompare(scratchPad, (short) 0, oneDayMsec, (short) 0, (short) 8) >= 0) { Util.arrayCopyNonAtomic(oneDayMsec, (short) 0, scratchPad, (short) 8, (short) 8); @@ -199,7 +199,7 @@ public static short convertToDate(short time, byte[] scratchPad, } // divide the given time with one hour msec count - if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, oneHourMsec, (short) 0, + if (unsignedByteArrayCompare(scratchPad, (short) 0, oneHourMsec, (short) 0, (short) 8) >= 0) { Util.arrayCopyNonAtomic(oneHourMsec, (short) 0, scratchPad, (short) 8, (short) 8); @@ -209,7 +209,7 @@ public static short convertToDate(short time, byte[] scratchPad, } // divide the given time with one minute msec count - if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, oneMinMsec, (short) 0, + if (unsignedByteArrayCompare(scratchPad, (short) 0, oneMinMsec, (short) 0, (short) 8) >= 0) { Util.arrayCopyNonAtomic(oneMinMsec, (short) 0, scratchPad, (short) 8, (short) 8); @@ -219,7 +219,7 @@ public static short convertToDate(short time, byte[] scratchPad, } // divide the given time with one second msec count - if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, oneSecMsec, (short) 0, + if (unsignedByteArrayCompare(scratchPad, (short) 0, oneSecMsec, (short) 0, (short) 8) >= 0) { Util.arrayCopyNonAtomic(oneSecMsec, (short) 0, scratchPad, (short) 8, (short) 8); @@ -244,7 +244,24 @@ public static short convertToDate(short time, byte[] scratchPad, return KMByteBlob.instance(scratchPad, (short) 0, len); // YYYY } + public static byte unsignedByteArrayCompare(byte[] a1, short offset1, byte[] a2, short offset2, short length) { + byte count = (byte) 0; + short val1 = (short)0; + short val2 = (short)0; + for (; count < length; count++) { + val1 = (short) (a1[(short) (count + offset1)] & 0x00FF); + val2 = (short) (a2[(short) (count + offset2)] & 0x00FF); + + if (val1 < val2) { + return -1; + } + if (val1 > val2) { + return 1; + } + } + return 0; + } public static short numberToString(short number, byte[] scratchPad, short offset) { @@ -294,7 +311,7 @@ public static void copy(byte[] buf, short from, short to) { } public static byte compare(byte[] buf, short lhs, short rhs) { - return KMInteger.unsignedByteArrayCompare(buf, lhs, buf, rhs, (short) 8); + return unsignedByteArrayCompare(buf, lhs, buf, rhs, (short) 8); } public static void shiftLeft(byte[] buf, short start) { diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java index 23e7a067..18e67e72 100644 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java +++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java @@ -90,6 +90,7 @@ public class KMAttestationCertImpl implements KMAttestationCert { private static byte[] stack; private static short start; private static short length; + // private static KMRepository repo; private static short uniqueId; private static short attChallenge; private static short notBefore; diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMCipher.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMCipher.java index a5d06a39..3e67ed5e 100644 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMCipher.java +++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMCipher.java @@ -24,11 +24,19 @@ public abstract class KMCipher { public abstract void updateAAD(byte[] buffer, short startOff, short length); + public abstract short getBlockMode(); + public abstract void setBlockMode(short mode); + public abstract short getPaddingAlgorithm(); + + public abstract short getCipherAlgorithm(); + public abstract void setPaddingAlgorithm(short alg); public abstract void setCipherAlgorithm(short alg); + public abstract short getCipherProvider(); + public abstract short getAesGcmOutputSize(short len, short macLength); } diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMEcdsa256NoDigestSignature.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMEcdsa256NoDigestSignature.java index 56eaba5a..904353b1 100644 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMEcdsa256NoDigestSignature.java +++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMEcdsa256NoDigestSignature.java @@ -85,12 +85,18 @@ public KMEcdsa256NoDigestSignature(byte mode, byte[] key, short keyStart, short ECPublicKey pubkey = (ECPublicKey) kf.generatePublic(pubkeyspec); sunSigner.initVerify(pubkey); } - } catch (NoSuchAlgorithmException | NoSuchProviderException e) { + } catch (NoSuchAlgorithmException e) { CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM); - } catch(InvalidParameterSpecException | InvalidKeySpecException | InvalidKeyException e) { + } catch (NoSuchProviderException e) { + CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM); + } catch(InvalidParameterSpecException e) { + CryptoException.throwIt(CryptoException.INVALID_INIT); + } catch(InvalidKeySpecException e) { + CryptoException.throwIt(CryptoException.INVALID_INIT); + } catch(InvalidKeyException e) { CryptoException.throwIt(CryptoException.INVALID_INIT); } - } + } @Override public void init(Key key, byte b) throws CryptoException { diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java index 7e2f0760..0dad8f77 100644 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java +++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java @@ -73,6 +73,9 @@ public class KMJCardSimulator implements KMSEProvider { public static final byte[] aesICV = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; private static final short CERT_CHAIN_MAX_SIZE = 2500;//First 2 bytes for length. private static final short RSA_KEY_SIZE = 256; + + + public static boolean jcardSim = false; private static Signature kdf; private static Signature hmacSignature; @@ -114,11 +117,13 @@ public KMJCardSimulator() { jCardSimulator = this; } + public KeyPair createRsaKeyPair() { KeyPair rsaKeyPair = new KeyPair(KeyPair.ALG_RSA, KeyBuilder.LENGTH_RSA_2048); rsaKeyPair.genKeyPair(); return rsaKeyPair; } + public RSAPrivateKey createRsaKey(byte[] modBuffer, short modOff, short modLength, byte[] privBuffer, short privOff, short privLength) { @@ -127,13 +132,16 @@ public RSAPrivateKey createRsaKey(byte[] modBuffer, short modOff, short modLengt privKey.setExponent(privBuffer, privOff, privLength); privKey.setModulus(modBuffer, modOff, modLength); return privKey; + } + public KeyPair createECKeyPair() { KeyPair ecKeyPair = new KeyPair(KeyPair.ALG_EC_FP, KeyBuilder.LENGTH_EC_FP_256); ecKeyPair.genKeyPair(); return ecKeyPair; } + public ECPrivateKey createEcKey(byte[] privBuffer, short privOff, short privLength) { KeyPair ecKeyPair = new KeyPair(KeyPair.ALG_EC_FP, KeyBuilder.LENGTH_EC_FP_256); @@ -141,6 +149,7 @@ public ECPrivateKey createEcKey(byte[] privBuffer, short privOff, short privLeng privKey.setS(privBuffer,privOff, privLength); return privKey; } + public AESKey createAESKey(short keysize) { byte[] rndNum = new byte[(short) (keysize/8)]; @@ -160,11 +169,13 @@ public AESKey createAESKey(byte[] buf, short startOff, short length) { return key; } + public DESKey createTDESKey() { byte[] rndNum = new byte[24]; newRandomNumber(rndNum, (short) 0, (short)rndNum.length); return createTDESKey(rndNum, (short)0, (short)rndNum.length); } + public DESKey createTDESKey(byte[] secretBuffer, short secretOff, short secretLength) { DESKey triDesKey = @@ -172,6 +183,7 @@ public DESKey createTDESKey(byte[] secretBuffer, short secretOff, short secretLe triDesKey.setKey(secretBuffer, secretOff); return triDesKey; } + public HMACKey createHMACKey(short keysize) { if((keysize % 8 != 0) || !(keysize >= 64 && keysize <= 512)){ @@ -248,13 +260,13 @@ public void createAsymmetricKey(byte alg, byte[] privKeyBuf, short privKeyStart, public boolean importSymmetricKey(byte alg, short keysize, byte[] buf, short startOff, short length) { switch(alg){ case KMType.AES: - createAESKey(buf,startOff,length); + AESKey aesKey = createAESKey(buf,startOff,length); break; case KMType.DES: - createTDESKey(buf,startOff,length); + DESKey desKey = createTDESKey(buf,startOff,length); break; case KMType.HMAC: - createHMACKey(buf,startOff,length); + HMACKey hmacKey = createHMACKey(buf,startOff,length); break; default: CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM); @@ -267,10 +279,10 @@ public boolean importSymmetricKey(byte alg, short keysize, byte[] buf, short sta public boolean importAsymmetricKey(byte alg, byte[] privKeyBuf, short privKeyStart, short privKeyLength, byte[] pubModBuf, short pubModStart, short pubModLength) { switch (alg){ case KMType.RSA: - createRsaKey(pubModBuf,pubModStart,pubModLength,privKeyBuf,privKeyStart,privKeyLength); + RSAPrivateKey rsaKey = createRsaKey(pubModBuf,pubModStart,pubModLength,privKeyBuf,privKeyStart,privKeyLength); break; case KMType.EC: - createEcKey(privKeyBuf,privKeyStart,privKeyLength); + ECPrivateKey ecPrivKey = createEcKey(privKeyBuf,privKeyStart,privKeyLength); break; default: CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM); @@ -352,7 +364,13 @@ public short aesGCMEncrypt( byte[] outputBuf = new byte[cipher.getOutputSize(secretLen)]; try { len = (short)(cipher.doFinal(secret,secretStart,secretLen,outputBuf,(short)0)); - } catch (ShortBufferException | IllegalBlockSizeException | BadPaddingException e) { + } catch (ShortBufferException e) { + e.printStackTrace(); + CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); + } catch (IllegalBlockSizeException e) { + e.printStackTrace(); + CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); + } catch (BadPaddingException e) { e.printStackTrace(); CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); } @@ -440,7 +458,13 @@ public boolean aesGCMDecrypt( } catch (AEADBadTagException e) { e.printStackTrace(); return false; - } catch (ShortBufferException | IllegalBlockSizeException | BadPaddingException e) { + } catch (ShortBufferException e) { + e.printStackTrace(); + CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); + } catch (IllegalBlockSizeException e) { + e.printStackTrace(); + CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); + } catch (BadPaddingException e) { e.printStackTrace(); CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); } @@ -663,10 +687,19 @@ private KMCipher createRsaOAEP256Cipher(byte mode,byte digest, } catch (NoSuchAlgorithmException e) { e.printStackTrace(); CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM); - } catch (InvalidKeySpecException | InvalidAlgorithmParameterException | NoSuchPaddingException e) { + } catch (InvalidKeySpecException e) { e.printStackTrace(); CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - } catch (InvalidKeyException | NoSuchProviderException e) { + } catch (InvalidKeyException e) { + e.printStackTrace(); + CryptoException.throwIt(CryptoException.INVALID_INIT); + } catch (InvalidAlgorithmParameterException e) { + e.printStackTrace(); + CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); + } catch (NoSuchPaddingException e) { + e.printStackTrace(); + CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); + } catch (NoSuchProviderException e) { e.printStackTrace(); CryptoException.throwIt(CryptoException.INVALID_INIT); } @@ -730,7 +763,13 @@ public Signature createEcSigner(short digest, byte[] secret, short secretStart, return ecSigner; } + + public KMCipher createSymmetricCipher( + short cipherAlg, short mode, short blockMode, short padding, byte[] secret, short secretStart, short secretLength) { + return createSymmetricCipher(cipherAlg, mode, blockMode, padding, secret,secretStart,secretLength,null,(short)0,(short)0); + } + public KMCipher createSymmetricCipher(short alg, short purpose, short blockMode, short padding, byte[] secret, short secretStart, short secretLength, byte[] ivBuffer, short ivStart, short ivLength) { @@ -910,6 +949,7 @@ private KMCipher createAesCtrCipherNoPad(short mode, byte[] secret, short secret return ret; } + public Signature createHmacSignerVerifier(short purpose, short digest, byte[] secret, short secretStart, short secretLength) { short alg = Signature.ALG_HMAC_SHA_256; if(digest != KMType.SHA2_256) CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); @@ -919,6 +959,7 @@ public Signature createHmacSignerVerifier(short purpose, short digest, byte[] se hmacSignerVerifier.init(key,(byte)purpose); return hmacSignerVerifier; } + public KMCipher createAesGcmCipher(short mode, short tagLen, byte[] secret, short secretStart, short secretLength, byte[] ivBuffer, short ivStart, short ivLength) { @@ -1174,7 +1215,7 @@ public KMMasterKey createMasterKey(short keySizeBits) { getTrueRandomNumber(keyData, (short) 0, keyLen); masterKey.setKey(keyData, (short) 0); } - return masterKey; + return (KMMasterKey) masterKey; } @Override @@ -1186,7 +1227,7 @@ public KMAttestationKey createAttestationKey(byte[] keyData, short offset, attestationKey = new KMECPrivateKey(ecKeyPair); } attestationKey.setS(keyData, offset, length); - return attestationKey; + return (KMAttestationKey) attestationKey; } @Override @@ -1201,7 +1242,7 @@ public KMPreSharedKey createPresharedKey(byte[] keyData, short offset, short len preSharedKey = new KMHmacKey(key); } preSharedKey.setKey(keyData, offset, length); - return preSharedKey; + return (KMPreSharedKey) preSharedKey; } @Override diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMRsa2048NoDigestSignature.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMRsa2048NoDigestSignature.java index de97d02c..fc953d73 100644 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMRsa2048NoDigestSignature.java +++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMRsa2048NoDigestSignature.java @@ -121,7 +121,7 @@ private boolean isValidData(byte[] buf, short start, short len) { if (padding == KMType.PADDING_NONE) { if (len > 256) return false; else if (len == 256) { - short v = KMInteger.unsignedByteArrayCompare(buf, start, rsaModulus, (short) 0, len); + short v = KMUtils.unsignedByteArrayCompare(buf, start, rsaModulus, (short) 0, len); if (v > 0) return false; } } else {//pkcs1 no digest diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMUtils.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMUtils.java index c494bb34..65e83415 100644 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMUtils.java +++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMUtils.java @@ -52,6 +52,7 @@ public class KMUtils { public static final short year2051 = 2051; public static final short year2020 = 2020; + // -------------------------------------- public static short convertToDate(short time, byte[] scratchPad, boolean utcFlag) { @@ -69,17 +70,17 @@ public static short convertToDate(short time, byte[] scratchPad, (short) (8 - KMInteger.cast(time).length()), KMInteger.cast(time) .length()); // If the time is less then 1 Jan 2020 then it is an error - if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2020, (short) 0, + if (unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2020, (short) 0, (short) 8) < 0) { KMException.throwIt(KMError.INVALID_ARGUMENT); } if (utcFlag - && KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, + && unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, (short) 0, (short) 8) >= 0) { KMException.throwIt(KMError.INVALID_ARGUMENT); } - if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, (short) 0, + if (unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, (short) 0, (short) 8) < 0) { Util.arrayCopyNonAtomic(firstJan2020, (short) 0, scratchPad, (short) 8, (short) 8); @@ -95,7 +96,7 @@ public static short convertToDate(short time, byte[] scratchPad, (short) 8); } // divide the given time with four yrs msec count - if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, fourYrsMsec, (short) 0, + if (unsignedByteArrayCompare(scratchPad, (short) 0, fourYrsMsec, (short) 0, (short) 8) >= 0) { Util.arrayCopyNonAtomic(fourYrsMsec, (short) 0, scratchPad, (short) 8, (short) 8); @@ -115,9 +116,9 @@ public static short convertToDate(short time, byte[] scratchPad, // if leap year index is 0, then the number of days for the 1st year will be 366 days. // if leap year index is not 0, then the number of days for the 1st year will be 365 days. if (((leapYrIdx == 0) && - (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, leapYearMsec, (short) 0,(short) 8) >= 0)) || + (unsignedByteArrayCompare(scratchPad, (short) 0, leapYearMsec, (short) 0,(short) 8) >= 0)) || ((leapYrIdx != 0) && - (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, yearMsec, (short) 0,(short) 8) >= 0))) { + (unsignedByteArrayCompare(scratchPad, (short) 0, yearMsec, (short) 0,(short) 8) >= 0))) { for (short i = 0; i < 4; i++) { yrsCount++; if (i == leapYrIdx) { @@ -131,12 +132,12 @@ public static short convertToDate(short time, byte[] scratchPad, Util.arrayCopyNonAtomic(scratchPad, (short) 16, scratchPad, (short) 0, (short) 8); if (((short) (i + 1) == leapYrIdx)) { - if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, leapYearMsec, + if (unsignedByteArrayCompare(scratchPad, (short) 0, leapYearMsec, (short) 0, (short) 8) < 0) { break; } } else { - if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, yearMsec, + if (unsignedByteArrayCompare(scratchPad, (short) 0, yearMsec, (short) 0, (short) 8) < 0) { break; } @@ -151,7 +152,7 @@ public static short convertToDate(short time, byte[] scratchPad, yrsCount = (short) (year2051 + yrsCount); // divide the given time with one month msec count - if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, oneMonthMsec, (short) 0, + if (unsignedByteArrayCompare(scratchPad, (short) 0, oneMonthMsec, (short) 0, (short) 8) >= 0) { for (short i = 0; i < 12; i++) { if (i == 1) { @@ -174,7 +175,7 @@ public static short convertToDate(short time, byte[] scratchPad, (short) 8, (short) 8); } - if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, scratchPad, (short) 8, + if (unsignedByteArrayCompare(scratchPad, (short) 0, scratchPad, (short) 8, (short) 8) >= 0) { subtract(scratchPad, (short) 0, (short) 8, (short) 16); Util.arrayCopyNonAtomic(scratchPad, (short) 16, scratchPad, (short) 0, @@ -187,7 +188,7 @@ public static short convertToDate(short time, byte[] scratchPad, } // divide the given time with one day msec count - if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, oneDayMsec, (short) 0, + if (unsignedByteArrayCompare(scratchPad, (short) 0, oneDayMsec, (short) 0, (short) 8) >= 0) { Util.arrayCopyNonAtomic(oneDayMsec, (short) 0, scratchPad, (short) 8, (short) 8); @@ -198,7 +199,7 @@ public static short convertToDate(short time, byte[] scratchPad, } // divide the given time with one hour msec count - if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, oneHourMsec, (short) 0, + if (unsignedByteArrayCompare(scratchPad, (short) 0, oneHourMsec, (short) 0, (short) 8) >= 0) { Util.arrayCopyNonAtomic(oneHourMsec, (short) 0, scratchPad, (short) 8, (short) 8); @@ -208,7 +209,7 @@ public static short convertToDate(short time, byte[] scratchPad, } // divide the given time with one minute msec count - if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, oneMinMsec, (short) 0, + if (unsignedByteArrayCompare(scratchPad, (short) 0, oneMinMsec, (short) 0, (short) 8) >= 0) { Util.arrayCopyNonAtomic(oneMinMsec, (short) 0, scratchPad, (short) 8, (short) 8); @@ -218,7 +219,7 @@ public static short convertToDate(short time, byte[] scratchPad, } // divide the given time with one second msec count - if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, oneSecMsec, (short) 0, + if (unsignedByteArrayCompare(scratchPad, (short) 0, oneSecMsec, (short) 0, (short) 8) >= 0) { Util.arrayCopyNonAtomic(oneSecMsec, (short) 0, scratchPad, (short) 8, (short) 8); @@ -243,6 +244,25 @@ public static short convertToDate(short time, byte[] scratchPad, return KMByteBlob.instance(scratchPad, (short) 0, len); // YYYY } + public static byte unsignedByteArrayCompare(byte[] a1, short offset1, byte[] a2, short offset2, short length) { + byte count = (byte) 0; + short val1 = (short)0; + short val2 = (short)0; + + for (; count < length; count++) { + val1 = (short) (a1[(short) (count + offset1)] & 0x00FF); + val2 = (short) (a2[(short) (count + offset2)] & 0x00FF); + + if (val1 < val2) { + return -1; + } + if (val1 > val2) { + return 1; + } + } + return 0; + } + public static short numberToString(short number, byte[] scratchPad, short offset) { byte zero = 0x30; @@ -291,7 +311,7 @@ public static void copy(byte[] buf, short from, short to) { } public static byte compare(byte[] buf, short lhs, short rhs) { - return KMInteger.unsignedByteArrayCompare(buf, lhs, buf, rhs, (short) 8); + return unsignedByteArrayCompare(buf, lhs, buf, rhs, (short) 8); } public static void shiftLeft(byte[] buf, short start) { diff --git a/Applet/src/com/android/javacard/keymaster/KMByteBlob.java b/Applet/src/com/android/javacard/keymaster/KMByteBlob.java index eb065e10..28b916db 100644 --- a/Applet/src/com/android/javacard/keymaster/KMByteBlob.java +++ b/Applet/src/com/android/javacard/keymaster/KMByteBlob.java @@ -115,4 +115,10 @@ public boolean isValid() { } return true; } + + public void decrementLength(short len) { + short length = Util.getShort(heap, (short) (instPtr + 1)); + length = (short) (length - len); + Util.setShort(heap, (short) (instPtr + 1), length); + } } diff --git a/Applet/src/com/android/javacard/keymaster/KMEncoder.java b/Applet/src/com/android/javacard/keymaster/KMEncoder.java index b4055f04..685ba468 100644 --- a/Applet/src/com/android/javacard/keymaster/KMEncoder.java +++ b/Applet/src/com/android/javacard/keymaster/KMEncoder.java @@ -38,6 +38,7 @@ public class KMEncoder { private static final byte UINT64_LENGTH = (byte) 0x1B; private static final short TINY_PAYLOAD = 0x17; private static final short SHORT_PAYLOAD = 0x100; + //TODO make this static. private byte[] buffer; private short startOff; private short length; @@ -72,6 +73,7 @@ public short encode(short object, byte[] buffer, short startOff) { }else{ this.length = (short)buffer.length; } + //this.length = (short)(startOff + length); push(object); encode(); return (short)(this.startOff - startOff); diff --git a/Applet/src/com/android/javacard/keymaster/KMEnumArrayTag.java b/Applet/src/com/android/javacard/keymaster/KMEnumArrayTag.java index 98ec05f7..37e23286 100644 --- a/Applet/src/com/android/javacard/keymaster/KMEnumArrayTag.java +++ b/Applet/src/com/android/javacard/keymaster/KMEnumArrayTag.java @@ -279,4 +279,12 @@ public boolean isValidPurpose(byte alg) { } return true; } + + public boolean isValidBlockMode(byte alg) { + if (alg == KMType.AES || alg == KMType.DES) { + return true; + } else { + return false; + } + } } diff --git a/Applet/src/com/android/javacard/keymaster/KMError.java b/Applet/src/com/android/javacard/keymaster/KMError.java index 0a52da0a..83eb8c7c 100644 --- a/Applet/src/com/android/javacard/keymaster/KMError.java +++ b/Applet/src/com/android/javacard/keymaster/KMError.java @@ -21,61 +21,82 @@ */ public class KMError { public static final short OK = 0; - + public static final short ROOT_OF_TRUST_ALREADY_SET = 1; public static final short UNSUPPORTED_PURPOSE = 2; public static final short INCOMPATIBLE_PURPOSE = 3; public static final short UNSUPPORTED_ALGORITHM = 4; public static final short INCOMPATIBLE_ALGORITHM = 5; public static final short UNSUPPORTED_KEY_SIZE = 6; - + public static final short UNSUPPORTED_BLOCK_MODE = 7; public static final short INCOMPATIBLE_BLOCK_MODE = 8; public static final short UNSUPPORTED_MAC_LENGTH = 9; public static final short UNSUPPORTED_PADDING_MODE = 10; public static final short INCOMPATIBLE_PADDING_MODE = 11; public static final short UNSUPPORTED_DIGEST = 12; public static final short INCOMPATIBLE_DIGEST = 13; - + public static final short INVALID_EXPIRATION_TIME = 14; + public static final short INVALID_USER_ID = 15; + public static final short INVALID_AUTHORIZATION_TIMEOUT = 16; + public static final short UNSUPPORTED_KEY_FORMAT = 17; + public static final short INCOMPATIBLE_KEY_FORMAT = 18; public static final short UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM = 19; - - /** For PKCS8 & PKCS12 */ + /** For PKCS8 & PKCS12 */ + public static final short UNSUPPORTED_KEY_VERIFICATION_ALGORITHM = 20; + /** For PKCS8 & PKCS12 */ public static final short INVALID_INPUT_LENGTH = 21; - + public static final short KEY_EXPORT_OPTIONS_INVALID = 22; + public static final short DELEGATION_NOT_ALLOWED = 23; + public static final short KEY_NOT_YET_VALID = 24; + public static final short KEY_EXPIRED = 25; public static final short KEY_USER_NOT_AUTHENTICATED = 26; - + public static final short OUTPUT_PARAMETER_NULL = 27; public static final short INVALID_OPERATION_HANDLE = 28; - + public static final short INSUFFICIENT_BUFFER_SPACE = 29; public static final short VERIFICATION_FAILED = 30; public static final short TOO_MANY_OPERATIONS = 31; + public static final short UNEXPECTED_NULL_POINTER = 32; public static final short INVALID_KEY_BLOB = 33; - + public static final short IMPORTED_KEY_NOT_ENCRYPTED = 34; + public static final short IMPORTED_KEY_DECRYPTION_FAILED = 35; + public static final short IMPORTED_KEY_NOT_SIGNED = 36; + public static final short IMPORTED_KEY_VERIFICATION_FAILED = 37; public static final short INVALID_ARGUMENT = 38; public static final short UNSUPPORTED_TAG = 39; public static final short INVALID_TAG = 40; - + public static final short MEMORY_ALLOCATION_FAILED = 41; public static final short IMPORT_PARAMETER_MISMATCH = 44; + public static final short SECURE_HW_ACCESS_DENIED = 45; public static final short OPERATION_CANCELLED = 46; - + public static final short CONCURRENT_ACCESS_CONFLICT = 47; + public static final short SECURE_HW_BUSY = 48; + public static final short SECURE_HW_COMMUNICATION_FAILED = 49; + public static final short UNSUPPORTED_EC_FIELD = 50; public static final short MISSING_NONCE = 51; public static final short INVALID_NONCE = 52; public static final short MISSING_MAC_LENGTH = 53; - + public static final short KEY_RATE_LIMIT_EXCEEDED = 54; public static final short CALLER_NONCE_PROHIBITED = 55; - + public static final short KEY_MAX_OPS_EXCEEDED = 56; public static final short INVALID_MAC_LENGTH = 57; public static final short MISSING_MIN_MAC_LENGTH = 58; public static final short UNSUPPORTED_MIN_MAC_LENGTH = 59; - + public static final short UNSUPPORTED_KDF = 60; public static final short UNSUPPORTED_EC_CURVE = 61; public static final short KEY_REQUIRES_UPGRADE = 62; - + public static final short ATTESTATION_CHALLENGE_MISSING = 63; + public static final short KEYMASTER_NOT_CONFIGURED = 64; public static final short ATTESTATION_APPLICATION_ID_MISSING = 65; + public static final short CANNOT_ATTEST_IDS = 66; public static final short ROLLBACK_RESISTANCE_UNAVAILABLE = 67; - + public static final short HARDWARE_TYPE_UNAVAILABLE = 68; + public static final short PROOF_OF_PRESENCE_REQUIRED = 69; + public static final short CONCURRENT_PROOF_OF_PRESENCE_REQUESTED = 70; + public static final short NO_USER_CONFIRMATION = 71; public static final short DEVICE_LOCKED = 72; public static final short EARLY_BOOT_ENDED = 73; - public static final short UNIMPLEMENTED = 100; + public static final short VERSION_MISMATCH = 101; public static final short UNKNOWN_ERROR = 1000; //Extended errors diff --git a/Applet/src/com/android/javacard/keymaster/KMInteger.java b/Applet/src/com/android/javacard/keymaster/KMInteger.java index 44a0779a..18944e4d 100644 --- a/Applet/src/com/android/javacard/keymaster/KMInteger.java +++ b/Applet/src/com/android/javacard/keymaster/KMInteger.java @@ -162,30 +162,10 @@ public static short compare(short num1, short num2){ KMInteger.cast(num1).getValue(repository.getHeap(),(short)(num1Buf+(short)(8-len)),len); len = KMInteger.cast(num2).length(); KMInteger.cast(num2).getValue(repository.getHeap(),(short)(num2Buf+(short)(8-len)),len); - return KMInteger.unsignedByteArrayCompare( + return KMUtils.unsignedByteArrayCompare( repository.getHeap(), num1Buf, repository.getHeap(), num2Buf, (short)8); } - - public static byte unsignedByteArrayCompare(byte[] a1, short offset1, byte[] a2, short offset2, short length) { - byte count = (byte) 0; - short val1 = (short)0; - short val2 = (short)0; - - for (; count < length; count++) { - val1 = (short) (a1[(short) (count + offset1)] & 0x00FF); - val2 = (short) (a2[(short) (count + offset2)] & 0x00FF); - - if (val1 < val2) { - return -1; - } - if (val1 > val2) { - return 1; - } - } - return 0; - } - } diff --git a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java index 3942a891..e1e8214d 100644 --- a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java +++ b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java @@ -3481,7 +3481,7 @@ private void checkVersionAndPatchLevel(byte[] scratchPad) { if (tmpVariables[0] != KMType.INVALID_VALUE) { tmpVariables[1] = repository.getOsVersion(); tmpVariables[1] = - KMInteger.unsignedByteArrayCompare( + KMUtils.unsignedByteArrayCompare( KMInteger.cast(tmpVariables[1]).getBuffer(), KMInteger.cast(tmpVariables[1]).getStartOff(), scratchPad, @@ -3500,7 +3500,7 @@ private void checkVersionAndPatchLevel(byte[] scratchPad) { if (tmpVariables[0] != KMType.INVALID_VALUE) { tmpVariables[1] = repository.getOsPatch(); tmpVariables[1] = - KMInteger.unsignedByteArrayCompare( + KMUtils.unsignedByteArrayCompare( KMInteger.cast(tmpVariables[1]).getBuffer(), KMInteger.cast(tmpVariables[1]).getStartOff(), scratchPad, diff --git a/Applet/src/com/android/javacard/keymaster/KMOperationState.java b/Applet/src/com/android/javacard/keymaster/KMOperationState.java index 6d033443..6ea96941 100644 --- a/Applet/src/com/android/javacard/keymaster/KMOperationState.java +++ b/Applet/src/com/android/javacard/keymaster/KMOperationState.java @@ -41,7 +41,7 @@ public class KMOperationState { // short type private static final byte KEY_SIZE = 6; private static final byte MAC_LENGTH = 8; - + // Handle - currently this is short private static final byte OP_HANDLE = 10; // Auth time 64 bits private static final byte AUTH_TIME = 12; diff --git a/Applet/src/com/android/javacard/keymaster/KMSEProvider.java b/Applet/src/com/android/javacard/keymaster/KMSEProvider.java index 0719d04b..a057eb9e 100644 --- a/Applet/src/com/android/javacard/keymaster/KMSEProvider.java +++ b/Applet/src/com/android/javacard/keymaster/KMSEProvider.java @@ -220,7 +220,7 @@ boolean aesGCMDecrypt( * This is a oneshot operation that performs key derivation function using cmac kdf (CKDF) as * defined in android keymaster hal definition. * - * @param hmacKey instance of pre-shared key. + * @param instance of pre-shared key. * @param label is the label to be used for ckdf. * @param labelStart is the start of label. * @param labelLen is the length of the label. @@ -269,7 +269,7 @@ short hmacSign( * This is a oneshot operation that signs the data using hmac algorithm. * This is used to derive the key, which is used to encrypt the keyblob. * - * @param masterkey instance of masterkey. + * @param instance of masterkey. * @param data is the buffer containing data to be signed. * @param dataStart is the start of the data. * @param dataLength is the length of the data. @@ -344,7 +344,7 @@ short rsaDecipherOAEP256( /** * This is a oneshot operation that signs the data using EC private key. * - * @param ecPrivKey instance of KMAttestationKey. + * @param instance of KMAttestationKey. * @param inputDataBuf is the buffer of the input data. * @param inputDataStart is the start of the input data buffer. * @param inputDataLength is the length of the inpur data buffer in bytes. diff --git a/Applet/src/com/android/javacard/keymaster/KMType.java b/Applet/src/com/android/javacard/keymaster/KMType.java index 53442440..4d81de45 100644 --- a/Applet/src/com/android/javacard/keymaster/KMType.java +++ b/Applet/src/com/android/javacard/keymaster/KMType.java @@ -41,6 +41,7 @@ public abstract class KMType { public static final byte HW_AUTH_TOKEN_TYPE = 0x08; public static final byte VERIFICATION_TOKEN_TYPE = 0x09; public static final byte HMAC_SHARING_PARAM_TYPE = 0x0A; + public static final byte X509_CERT = 0x0B; // Tag Types public static final short INVALID_TAG = 0x0000; public static final short ENUM_TAG = 0x1000; @@ -50,6 +51,7 @@ public abstract class KMType { public static final short ULONG_TAG = 0x5000; public static final short DATE_TAG = 0x6000; public static final short BOOL_TAG = 0x7000; + public static final short BIGNUM_TAG = (short) 0x8000; public static final short BYTES_TAG = (short) 0x9000; public static final short ULONG_ARRAY_TAG = (short) 0xA000; public static final short TAG_TYPE_MASK = (short) 0xF000; @@ -269,6 +271,7 @@ public abstract class KMType { // Confirmation Token public static final short CONFIRMATION_TOKEN = (short) 0x03ED; + public static final short LENGTH_FROM_PDU = (short) 0xFFFF; public static final byte NO_VALUE = (byte) 0xff; From 5e18231e9bbd2742492da9de0e57842c809e68ea Mon Sep 17 00:00:00 2001 From: Manish Dwivedi Date: Wed, 10 Feb 2021 22:42:48 +0000 Subject: [PATCH 079/169] Moving unsigned compare to KMInteger --- .../android/javacard/keymaster/KMUtils.java | 49 ++++++------------- .../keymaster/KMRsa2048NoDigestSignature.java | 2 +- .../android/javacard/keymaster/KMUtils.java | 49 ++++++------------- .../android/javacard/keymaster/KMInteger.java | 20 +++++++- .../javacard/keymaster/KMKeymasterApplet.java | 4 +- 5 files changed, 52 insertions(+), 72 deletions(-) diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMUtils.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMUtils.java index 65e83415..2e72ae6d 100644 --- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMUtils.java +++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMUtils.java @@ -70,17 +70,17 @@ public static short convertToDate(short time, byte[] scratchPad, (short) (8 - KMInteger.cast(time).length()), KMInteger.cast(time) .length()); // If the time is less then 1 Jan 2020 then it is an error - if (unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2020, (short) 0, + if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2020, (short) 0, (short) 8) < 0) { KMException.throwIt(KMError.INVALID_ARGUMENT); } if (utcFlag - && unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, + && KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, (short) 0, (short) 8) >= 0) { KMException.throwIt(KMError.INVALID_ARGUMENT); } - if (unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, (short) 0, + if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, (short) 0, (short) 8) < 0) { Util.arrayCopyNonAtomic(firstJan2020, (short) 0, scratchPad, (short) 8, (short) 8); @@ -96,7 +96,7 @@ && unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, (short) 8); } // divide the given time with four yrs msec count - if (unsignedByteArrayCompare(scratchPad, (short) 0, fourYrsMsec, (short) 0, + if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, fourYrsMsec, (short) 0, (short) 8) >= 0) { Util.arrayCopyNonAtomic(fourYrsMsec, (short) 0, scratchPad, (short) 8, (short) 8); @@ -116,9 +116,9 @@ && unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, // if leap year index is 0, then the number of days for the 1st year will be 366 days. // if leap year index is not 0, then the number of days for the 1st year will be 365 days. if (((leapYrIdx == 0) && - (unsignedByteArrayCompare(scratchPad, (short) 0, leapYearMsec, (short) 0,(short) 8) >= 0)) || + (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, leapYearMsec, (short) 0,(short) 8) >= 0)) || ((leapYrIdx != 0) && - (unsignedByteArrayCompare(scratchPad, (short) 0, yearMsec, (short) 0,(short) 8) >= 0))) { + (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, yearMsec, (short) 0,(short) 8) >= 0))) { for (short i = 0; i < 4; i++) { yrsCount++; if (i == leapYrIdx) { @@ -132,12 +132,12 @@ && unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, Util.arrayCopyNonAtomic(scratchPad, (short) 16, scratchPad, (short) 0, (short) 8); if (((short) (i + 1) == leapYrIdx)) { - if (unsignedByteArrayCompare(scratchPad, (short) 0, leapYearMsec, + if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, leapYearMsec, (short) 0, (short) 8) < 0) { break; } } else { - if (unsignedByteArrayCompare(scratchPad, (short) 0, yearMsec, + if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, yearMsec, (short) 0, (short) 8) < 0) { break; } @@ -152,7 +152,7 @@ && unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, yrsCount = (short) (year2051 + yrsCount); // divide the given time with one month msec count - if (unsignedByteArrayCompare(scratchPad, (short) 0, oneMonthMsec, (short) 0, + if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, oneMonthMsec, (short) 0, (short) 8) >= 0) { for (short i = 0; i < 12; i++) { if (i == 1) { @@ -175,7 +175,7 @@ && unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, (short) 8, (short) 8); } - if (unsignedByteArrayCompare(scratchPad, (short) 0, scratchPad, (short) 8, + if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, scratchPad, (short) 8, (short) 8) >= 0) { subtract(scratchPad, (short) 0, (short) 8, (short) 16); Util.arrayCopyNonAtomic(scratchPad, (short) 16, scratchPad, (short) 0, @@ -188,7 +188,7 @@ && unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, } // divide the given time with one day msec count - if (unsignedByteArrayCompare(scratchPad, (short) 0, oneDayMsec, (short) 0, + if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, oneDayMsec, (short) 0, (short) 8) >= 0) { Util.arrayCopyNonAtomic(oneDayMsec, (short) 0, scratchPad, (short) 8, (short) 8); @@ -199,7 +199,7 @@ && unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, } // divide the given time with one hour msec count - if (unsignedByteArrayCompare(scratchPad, (short) 0, oneHourMsec, (short) 0, + if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, oneHourMsec, (short) 0, (short) 8) >= 0) { Util.arrayCopyNonAtomic(oneHourMsec, (short) 0, scratchPad, (short) 8, (short) 8); @@ -209,7 +209,7 @@ && unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, } // divide the given time with one minute msec count - if (unsignedByteArrayCompare(scratchPad, (short) 0, oneMinMsec, (short) 0, + if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, oneMinMsec, (short) 0, (short) 8) >= 0) { Util.arrayCopyNonAtomic(oneMinMsec, (short) 0, scratchPad, (short) 8, (short) 8); @@ -219,7 +219,7 @@ && unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, } // divide the given time with one second msec count - if (unsignedByteArrayCompare(scratchPad, (short) 0, oneSecMsec, (short) 0, + if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, oneSecMsec, (short) 0, (short) 8) >= 0) { Util.arrayCopyNonAtomic(oneSecMsec, (short) 0, scratchPad, (short) 8, (short) 8); @@ -244,25 +244,6 @@ && unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, return KMByteBlob.instance(scratchPad, (short) 0, len); // YYYY } - public static byte unsignedByteArrayCompare(byte[] a1, short offset1, byte[] a2, short offset2, short length) { - byte count = (byte) 0; - short val1 = (short)0; - short val2 = (short)0; - - for (; count < length; count++) { - val1 = (short) (a1[(short) (count + offset1)] & 0x00FF); - val2 = (short) (a2[(short) (count + offset2)] & 0x00FF); - - if (val1 < val2) { - return -1; - } - if (val1 > val2) { - return 1; - } - } - return 0; - } - public static short numberToString(short number, byte[] scratchPad, short offset) { byte zero = 0x30; @@ -311,7 +292,7 @@ public static void copy(byte[] buf, short from, short to) { } public static byte compare(byte[] buf, short lhs, short rhs) { - return unsignedByteArrayCompare(buf, lhs, buf, rhs, (short) 8); + return KMInteger.unsignedByteArrayCompare(buf, lhs, buf, rhs, (short) 8); } public static void shiftLeft(byte[] buf, short start) { diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMRsa2048NoDigestSignature.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMRsa2048NoDigestSignature.java index fc953d73..de97d02c 100644 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMRsa2048NoDigestSignature.java +++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMRsa2048NoDigestSignature.java @@ -121,7 +121,7 @@ private boolean isValidData(byte[] buf, short start, short len) { if (padding == KMType.PADDING_NONE) { if (len > 256) return false; else if (len == 256) { - short v = KMUtils.unsignedByteArrayCompare(buf, start, rsaModulus, (short) 0, len); + short v = KMInteger.unsignedByteArrayCompare(buf, start, rsaModulus, (short) 0, len); if (v > 0) return false; } } else {//pkcs1 no digest diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMUtils.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMUtils.java index 65e83415..2e72ae6d 100644 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMUtils.java +++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMUtils.java @@ -70,17 +70,17 @@ public static short convertToDate(short time, byte[] scratchPad, (short) (8 - KMInteger.cast(time).length()), KMInteger.cast(time) .length()); // If the time is less then 1 Jan 2020 then it is an error - if (unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2020, (short) 0, + if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2020, (short) 0, (short) 8) < 0) { KMException.throwIt(KMError.INVALID_ARGUMENT); } if (utcFlag - && unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, + && KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, (short) 0, (short) 8) >= 0) { KMException.throwIt(KMError.INVALID_ARGUMENT); } - if (unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, (short) 0, + if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, (short) 0, (short) 8) < 0) { Util.arrayCopyNonAtomic(firstJan2020, (short) 0, scratchPad, (short) 8, (short) 8); @@ -96,7 +96,7 @@ && unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, (short) 8); } // divide the given time with four yrs msec count - if (unsignedByteArrayCompare(scratchPad, (short) 0, fourYrsMsec, (short) 0, + if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, fourYrsMsec, (short) 0, (short) 8) >= 0) { Util.arrayCopyNonAtomic(fourYrsMsec, (short) 0, scratchPad, (short) 8, (short) 8); @@ -116,9 +116,9 @@ && unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, // if leap year index is 0, then the number of days for the 1st year will be 366 days. // if leap year index is not 0, then the number of days for the 1st year will be 365 days. if (((leapYrIdx == 0) && - (unsignedByteArrayCompare(scratchPad, (short) 0, leapYearMsec, (short) 0,(short) 8) >= 0)) || + (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, leapYearMsec, (short) 0,(short) 8) >= 0)) || ((leapYrIdx != 0) && - (unsignedByteArrayCompare(scratchPad, (short) 0, yearMsec, (short) 0,(short) 8) >= 0))) { + (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, yearMsec, (short) 0,(short) 8) >= 0))) { for (short i = 0; i < 4; i++) { yrsCount++; if (i == leapYrIdx) { @@ -132,12 +132,12 @@ && unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, Util.arrayCopyNonAtomic(scratchPad, (short) 16, scratchPad, (short) 0, (short) 8); if (((short) (i + 1) == leapYrIdx)) { - if (unsignedByteArrayCompare(scratchPad, (short) 0, leapYearMsec, + if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, leapYearMsec, (short) 0, (short) 8) < 0) { break; } } else { - if (unsignedByteArrayCompare(scratchPad, (short) 0, yearMsec, + if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, yearMsec, (short) 0, (short) 8) < 0) { break; } @@ -152,7 +152,7 @@ && unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, yrsCount = (short) (year2051 + yrsCount); // divide the given time with one month msec count - if (unsignedByteArrayCompare(scratchPad, (short) 0, oneMonthMsec, (short) 0, + if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, oneMonthMsec, (short) 0, (short) 8) >= 0) { for (short i = 0; i < 12; i++) { if (i == 1) { @@ -175,7 +175,7 @@ && unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, (short) 8, (short) 8); } - if (unsignedByteArrayCompare(scratchPad, (short) 0, scratchPad, (short) 8, + if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, scratchPad, (short) 8, (short) 8) >= 0) { subtract(scratchPad, (short) 0, (short) 8, (short) 16); Util.arrayCopyNonAtomic(scratchPad, (short) 16, scratchPad, (short) 0, @@ -188,7 +188,7 @@ && unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, } // divide the given time with one day msec count - if (unsignedByteArrayCompare(scratchPad, (short) 0, oneDayMsec, (short) 0, + if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, oneDayMsec, (short) 0, (short) 8) >= 0) { Util.arrayCopyNonAtomic(oneDayMsec, (short) 0, scratchPad, (short) 8, (short) 8); @@ -199,7 +199,7 @@ && unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, } // divide the given time with one hour msec count - if (unsignedByteArrayCompare(scratchPad, (short) 0, oneHourMsec, (short) 0, + if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, oneHourMsec, (short) 0, (short) 8) >= 0) { Util.arrayCopyNonAtomic(oneHourMsec, (short) 0, scratchPad, (short) 8, (short) 8); @@ -209,7 +209,7 @@ && unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, } // divide the given time with one minute msec count - if (unsignedByteArrayCompare(scratchPad, (short) 0, oneMinMsec, (short) 0, + if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, oneMinMsec, (short) 0, (short) 8) >= 0) { Util.arrayCopyNonAtomic(oneMinMsec, (short) 0, scratchPad, (short) 8, (short) 8); @@ -219,7 +219,7 @@ && unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, } // divide the given time with one second msec count - if (unsignedByteArrayCompare(scratchPad, (short) 0, oneSecMsec, (short) 0, + if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, oneSecMsec, (short) 0, (short) 8) >= 0) { Util.arrayCopyNonAtomic(oneSecMsec, (short) 0, scratchPad, (short) 8, (short) 8); @@ -244,25 +244,6 @@ && unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, return KMByteBlob.instance(scratchPad, (short) 0, len); // YYYY } - public static byte unsignedByteArrayCompare(byte[] a1, short offset1, byte[] a2, short offset2, short length) { - byte count = (byte) 0; - short val1 = (short)0; - short val2 = (short)0; - - for (; count < length; count++) { - val1 = (short) (a1[(short) (count + offset1)] & 0x00FF); - val2 = (short) (a2[(short) (count + offset2)] & 0x00FF); - - if (val1 < val2) { - return -1; - } - if (val1 > val2) { - return 1; - } - } - return 0; - } - public static short numberToString(short number, byte[] scratchPad, short offset) { byte zero = 0x30; @@ -311,7 +292,7 @@ public static void copy(byte[] buf, short from, short to) { } public static byte compare(byte[] buf, short lhs, short rhs) { - return unsignedByteArrayCompare(buf, lhs, buf, rhs, (short) 8); + return KMInteger.unsignedByteArrayCompare(buf, lhs, buf, rhs, (short) 8); } public static void shiftLeft(byte[] buf, short start) { diff --git a/Applet/src/com/android/javacard/keymaster/KMInteger.java b/Applet/src/com/android/javacard/keymaster/KMInteger.java index 18944e4d..541eae8b 100644 --- a/Applet/src/com/android/javacard/keymaster/KMInteger.java +++ b/Applet/src/com/android/javacard/keymaster/KMInteger.java @@ -162,10 +162,28 @@ public static short compare(short num1, short num2){ KMInteger.cast(num1).getValue(repository.getHeap(),(short)(num1Buf+(short)(8-len)),len); len = KMInteger.cast(num2).length(); KMInteger.cast(num2).getValue(repository.getHeap(),(short)(num2Buf+(short)(8-len)),len); - return KMUtils.unsignedByteArrayCompare( + return KMInteger.unsignedByteArrayCompare( repository.getHeap(), num1Buf, repository.getHeap(), num2Buf, (short)8); } + public static byte unsignedByteArrayCompare(byte[] a1, short offset1, byte[] a2, short offset2, short length) { + byte count = (byte) 0; + short val1 = (short)0; + short val2 = (short)0; + + for (; count < length; count++) { + val1 = (short) (a1[(short) (count + offset1)] & 0x00FF); + val2 = (short) (a2[(short) (count + offset2)] & 0x00FF); + + if (val1 < val2) { + return -1; + } + if (val1 > val2) { + return 1; + } + } + return 0; + } } diff --git a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java index e1e8214d..3942a891 100644 --- a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java +++ b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java @@ -3481,7 +3481,7 @@ private void checkVersionAndPatchLevel(byte[] scratchPad) { if (tmpVariables[0] != KMType.INVALID_VALUE) { tmpVariables[1] = repository.getOsVersion(); tmpVariables[1] = - KMUtils.unsignedByteArrayCompare( + KMInteger.unsignedByteArrayCompare( KMInteger.cast(tmpVariables[1]).getBuffer(), KMInteger.cast(tmpVariables[1]).getStartOff(), scratchPad, @@ -3500,7 +3500,7 @@ private void checkVersionAndPatchLevel(byte[] scratchPad) { if (tmpVariables[0] != KMType.INVALID_VALUE) { tmpVariables[1] = repository.getOsPatch(); tmpVariables[1] = - KMUtils.unsignedByteArrayCompare( + KMInteger.unsignedByteArrayCompare( KMInteger.cast(tmpVariables[1]).getBuffer(), KMInteger.cast(tmpVariables[1]).getStartOff(), scratchPad, From cc1735f74690e6eb08c30093775a0f2dce49b34c Mon Sep 17 00:00:00 2001 From: Manish Dwivedi Date: Wed, 10 Feb 2021 23:00:35 +0000 Subject: [PATCH 080/169] Removing error code --- .../android/javacard/keymaster/KMEncoder.java | 1 - .../android/javacard/keymaster/KMError.java | 43 +++---------------- 2 files changed, 7 insertions(+), 37 deletions(-) diff --git a/Applet/src/com/android/javacard/keymaster/KMEncoder.java b/Applet/src/com/android/javacard/keymaster/KMEncoder.java index 685ba468..431d84e3 100644 --- a/Applet/src/com/android/javacard/keymaster/KMEncoder.java +++ b/Applet/src/com/android/javacard/keymaster/KMEncoder.java @@ -38,7 +38,6 @@ public class KMEncoder { private static final byte UINT64_LENGTH = (byte) 0x1B; private static final short TINY_PAYLOAD = 0x17; private static final short SHORT_PAYLOAD = 0x100; - //TODO make this static. private byte[] buffer; private short startOff; private short length; diff --git a/Applet/src/com/android/javacard/keymaster/KMError.java b/Applet/src/com/android/javacard/keymaster/KMError.java index 83eb8c7c..76ec8560 100644 --- a/Applet/src/com/android/javacard/keymaster/KMError.java +++ b/Applet/src/com/android/javacard/keymaster/KMError.java @@ -21,7 +21,6 @@ */ public class KMError { public static final short OK = 0; - public static final short ROOT_OF_TRUST_ALREADY_SET = 1; public static final short UNSUPPORTED_PURPOSE = 2; public static final short INCOMPATIBLE_PURPOSE = 3; public static final short UNSUPPORTED_ALGORITHM = 4; @@ -34,69 +33,41 @@ public class KMError { public static final short INCOMPATIBLE_PADDING_MODE = 11; public static final short UNSUPPORTED_DIGEST = 12; public static final short INCOMPATIBLE_DIGEST = 13; - public static final short INVALID_EXPIRATION_TIME = 14; - public static final short INVALID_USER_ID = 15; - public static final short INVALID_AUTHORIZATION_TIMEOUT = 16; - public static final short UNSUPPORTED_KEY_FORMAT = 17; - public static final short INCOMPATIBLE_KEY_FORMAT = 18; + public static final short UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM = 19; - /** For PKCS8 & PKCS12 */ - public static final short UNSUPPORTED_KEY_VERIFICATION_ALGORITHM = 20; + /** For PKCS8 & PKCS12 */ public static final short INVALID_INPUT_LENGTH = 21; - public static final short KEY_EXPORT_OPTIONS_INVALID = 22; - public static final short DELEGATION_NOT_ALLOWED = 23; - public static final short KEY_NOT_YET_VALID = 24; - public static final short KEY_EXPIRED = 25; + public static final short KEY_USER_NOT_AUTHENTICATED = 26; - public static final short OUTPUT_PARAMETER_NULL = 27; public static final short INVALID_OPERATION_HANDLE = 28; - public static final short INSUFFICIENT_BUFFER_SPACE = 29; public static final short VERIFICATION_FAILED = 30; public static final short TOO_MANY_OPERATIONS = 31; - public static final short UNEXPECTED_NULL_POINTER = 32; public static final short INVALID_KEY_BLOB = 33; - public static final short IMPORTED_KEY_NOT_ENCRYPTED = 34; - public static final short IMPORTED_KEY_DECRYPTION_FAILED = 35; - public static final short IMPORTED_KEY_NOT_SIGNED = 36; - public static final short IMPORTED_KEY_VERIFICATION_FAILED = 37; + public static final short INVALID_ARGUMENT = 38; public static final short UNSUPPORTED_TAG = 39; public static final short INVALID_TAG = 40; - public static final short MEMORY_ALLOCATION_FAILED = 41; public static final short IMPORT_PARAMETER_MISMATCH = 44; - public static final short SECURE_HW_ACCESS_DENIED = 45; public static final short OPERATION_CANCELLED = 46; - public static final short CONCURRENT_ACCESS_CONFLICT = 47; - public static final short SECURE_HW_BUSY = 48; - public static final short SECURE_HW_COMMUNICATION_FAILED = 49; - public static final short UNSUPPORTED_EC_FIELD = 50; + public static final short MISSING_NONCE = 51; public static final short INVALID_NONCE = 52; public static final short MISSING_MAC_LENGTH = 53; - public static final short KEY_RATE_LIMIT_EXCEEDED = 54; public static final short CALLER_NONCE_PROHIBITED = 55; - public static final short KEY_MAX_OPS_EXCEEDED = 56; public static final short INVALID_MAC_LENGTH = 57; public static final short MISSING_MIN_MAC_LENGTH = 58; public static final short UNSUPPORTED_MIN_MAC_LENGTH = 59; - public static final short UNSUPPORTED_KDF = 60; public static final short UNSUPPORTED_EC_CURVE = 61; public static final short KEY_REQUIRES_UPGRADE = 62; - public static final short ATTESTATION_CHALLENGE_MISSING = 63; - public static final short KEYMASTER_NOT_CONFIGURED = 64; + public static final short ATTESTATION_APPLICATION_ID_MISSING = 65; - public static final short CANNOT_ATTEST_IDS = 66; public static final short ROLLBACK_RESISTANCE_UNAVAILABLE = 67; - public static final short HARDWARE_TYPE_UNAVAILABLE = 68; - public static final short PROOF_OF_PRESENCE_REQUIRED = 69; - public static final short CONCURRENT_PROOF_OF_PRESENCE_REQUESTED = 70; - public static final short NO_USER_CONFIRMATION = 71; + public static final short DEVICE_LOCKED = 72; public static final short EARLY_BOOT_ENDED = 73; public static final short UNIMPLEMENTED = 100; - public static final short VERSION_MISMATCH = 101; public static final short UNKNOWN_ERROR = 1000; //Extended errors From 5f7d2c4c59752f2fee648397bed2b16dc038eabf Mon Sep 17 00:00:00 2001 From: Manish Dwivedi Date: Wed, 10 Feb 2021 23:24:57 +0000 Subject: [PATCH 081/169] code reformatting --- Applet/AndroidSEProvider/build.xml | 106 +- .../android/javacard/keymaster/KMAESKey.java | 3 +- .../javacard/keymaster/KMAndroidSEApplet.java | 29 +- .../keymaster/KMAndroidSEProvider.java | 698 ++--- .../keymaster/KMAttestationCertImpl.java | 169 +- .../javacard/keymaster/KMECPrivateKey.java | 2 +- .../KMEcdsa256NoDigestSignature.java | 13 +- .../android/javacard/keymaster/KMHmacKey.java | 2 + .../javacard/keymaster/KMInstance.java | 1 + .../javacard/keymaster/KMOperationImpl.java | 16 +- .../keymaster/KMRsa2048NoDigestSignature.java | 6 +- .../javacard/keymaster/KMRsaOAEPEncoding.java | 92 +- .../android/javacard/keymaster/KMUtils.java | 183 +- Applet/JCardSimProvider/build.xml | 46 +- .../android/javacard/keymaster/KMAESKey.java | 3 +- .../keymaster/KMAttestationCertImpl.java | 169 +- .../android/javacard/keymaster/KMCipher.java | 7 +- .../javacard/keymaster/KMCipherImpl.java | 136 +- .../javacard/keymaster/KMECPrivateKey.java | 2 +- .../KMEcdsa256NoDigestSignature.java | 155 +- .../android/javacard/keymaster/KMHmacKey.java | 1 + .../javacard/keymaster/KMJCardSimApplet.java | 5 +- .../javacard/keymaster/KMJCardSimulator.java | 583 ++-- .../javacard/keymaster/KMOperationImpl.java | 32 +- .../keymaster/KMRsa2048NoDigestSignature.java | 51 +- .../android/javacard/keymaster/KMUtils.java | 183 +- .../javacard/test/KMFunctionalTest.java | 2685 +++++++++-------- Applet/build.xml | 26 +- .../android/javacard/keymaster/KMArray.java | 27 +- .../javacard/keymaster/KMAttestationCert.java | 28 +- .../javacard/keymaster/KMAttestationKey.java | 7 +- .../android/javacard/keymaster/KMBoolTag.java | 61 +- .../javacard/keymaster/KMByteBlob.java | 24 +- .../android/javacard/keymaster/KMByteTag.java | 80 +- .../android/javacard/keymaster/KMDecoder.java | 61 +- .../android/javacard/keymaster/KMEncoder.java | 176 +- .../android/javacard/keymaster/KMEnum.java | 60 +- .../javacard/keymaster/KMEnumArrayTag.java | 40 +- .../android/javacard/keymaster/KMEnumTag.java | 66 +- .../android/javacard/keymaster/KMError.java | 7 +- .../javacard/keymaster/KMException.java | 16 +- .../keymaster/KMHardwareAuthToken.java | 49 +- .../keymaster/KMHmacSharingParameters.java | 36 +- .../android/javacard/keymaster/KMInteger.java | 71 +- .../javacard/keymaster/KMIntegerArrayTag.java | 44 +- .../javacard/keymaster/KMIntegerTag.java | 74 +- .../keymaster/KMKeyCharacteristics.java | 38 +- .../javacard/keymaster/KMKeyParameters.java | 123 +- .../javacard/keymaster/KMKeymasterApplet.java | 368 ++- .../javacard/keymaster/KMMasterKey.java | 7 +- .../javacard/keymaster/KMOperation.java | 10 +- .../javacard/keymaster/KMOperationState.java | 42 +- .../javacard/keymaster/KMPreSharedKey.java | 7 +- .../javacard/keymaster/KMRepository.java | 333 +- .../javacard/keymaster/KMSEProvider.java | 104 +- .../com/android/javacard/keymaster/KMTag.java | 23 +- .../android/javacard/keymaster/KMType.java | 23 +- .../javacard/keymaster/KMUpgradable.java | 7 +- .../keymaster/KMVerificationToken.java | 50 +- ...ardware.keymaster@4.1-javacard.service.xml | 10 +- 60 files changed, 4093 insertions(+), 3383 deletions(-) diff --git a/Applet/AndroidSEProvider/build.xml b/Applet/AndroidSEProvider/build.xml index 04b1dee6..137c169a 100644 --- a/Applet/AndroidSEProvider/build.xml +++ b/Applet/AndroidSEProvider/build.xml @@ -1,58 +1,60 @@ - - + + - - - - - - - - - - - - - - + + + + + + + + + + + + + + - - - - - - - - - - - - - - + + + + + + + + + + + + + + - + - + - + - + @@ -60,18 +62,20 @@ + to="AndroidSE.\2" + casesensitive="yes"/> - - + + - - + + \ No newline at end of file diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAESKey.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAESKey.java index afdfb08e..cec6388e 100644 --- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAESKey.java +++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAESKey.java @@ -22,6 +22,7 @@ import javacard.security.AESKey; public class KMAESKey implements KMMasterKey { + private AESKey aesKey; public KMAESKey(AESKey key) { @@ -35,7 +36,7 @@ public void setKey(byte[] keyData, short kOff) { public AESKey getKey() { return aesKey; } - + public short getKeySizeBits() { return aesKey.getSize(); } diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEApplet.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEApplet.java index bb6a2e86..7c6f31fe 100644 --- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEApplet.java +++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEApplet.java @@ -21,19 +21,20 @@ public class KMAndroidSEApplet extends KMKeymasterApplet implements OnUpgradeListener { - KMAndroidSEApplet(){ - super(new KMAndroidSEProvider()); - } - /** - * Installs this applet. - * - * @param bArray the array containing installation parameters - * @param bOffset the starting offset in bArray - * @param bLength the length in bytes of the parameter data in bArray - */ - public static void install(byte[] bArray, short bOffset, byte bLength) { - new KMAndroidSEApplet().register(bArray, (short) (bOffset + 1), bArray[bOffset]); - } + KMAndroidSEApplet() { + super(new KMAndroidSEProvider()); + } + + /** + * Installs this applet. + * + * @param bArray the array containing installation parameters + * @param bOffset the starting offset in bArray + * @param bLength the length in bytes of the parameter data in bArray + */ + public static void install(byte[] bArray, short bOffset, byte bLength) { + new KMAndroidSEApplet().register(bArray, (short) (bOffset + 1), bArray[bOffset]); + } @Override public void onCleanup() { @@ -66,7 +67,7 @@ public Element onSave() { // Create element. Element element = UpgradeManager.createElement(Element.TYPE_SIMPLE, - primitiveCount, objectCount); + primitiveCount, objectCount); element.write(provisionStatus); element.write(keymasterState); repository.onSave(element); diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java index ac4ae426..369276c7 100644 --- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java +++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java @@ -47,66 +47,67 @@ import com.android.javacard.keymaster.KMPreSharedKey; public class KMAndroidSEProvider implements KMSEProvider { + // static final variables // -------------------------------------------------------------- // P-256 Curve Parameters static final byte[] secp256r1_P = { - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0x00, - (byte) 0x00, (byte) 0x00, (byte) 0x01, (byte) 0x00, (byte) 0x00, - (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, - (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF }; + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0x00, + (byte) 0x00, (byte) 0x00, (byte) 0x01, (byte) 0x00, (byte) 0x00, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF}; static final byte[] secp256r1_A = { - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0x00, - (byte) 0x00, (byte) 0x00, (byte) 0x01, (byte) 0x00, (byte) 0x00, - (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, - (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFC }; + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0x00, + (byte) 0x00, (byte) 0x00, (byte) 0x01, (byte) 0x00, (byte) 0x00, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFC}; static final byte[] secp256r1_B = { - (byte) 0x5A, (byte) 0xC6, (byte) 0x35, (byte) 0xD8, (byte) 0xAA, - (byte) 0x3A, (byte) 0x93, (byte) 0xE7, (byte) 0xB3, (byte) 0xEB, - (byte) 0xBD, (byte) 0x55, (byte) 0x76, (byte) 0x98, (byte) 0x86, - (byte) 0xBC, (byte) 0x65, (byte) 0x1D, (byte) 0x06, (byte) 0xB0, - (byte) 0xCC, (byte) 0x53, (byte) 0xB0, (byte) 0xF6, (byte) 0x3B, - (byte) 0xCE, (byte) 0x3C, (byte) 0x3E, (byte) 0x27, (byte) 0xD2, - (byte) 0x60, (byte) 0x4B }; + (byte) 0x5A, (byte) 0xC6, (byte) 0x35, (byte) 0xD8, (byte) 0xAA, + (byte) 0x3A, (byte) 0x93, (byte) 0xE7, (byte) 0xB3, (byte) 0xEB, + (byte) 0xBD, (byte) 0x55, (byte) 0x76, (byte) 0x98, (byte) 0x86, + (byte) 0xBC, (byte) 0x65, (byte) 0x1D, (byte) 0x06, (byte) 0xB0, + (byte) 0xCC, (byte) 0x53, (byte) 0xB0, (byte) 0xF6, (byte) 0x3B, + (byte) 0xCE, (byte) 0x3C, (byte) 0x3E, (byte) 0x27, (byte) 0xD2, + (byte) 0x60, (byte) 0x4B}; static final byte[] secp256r1_S = { - (byte) 0xC4, (byte) 0x9D, (byte) 0x36, (byte) 0x08, (byte) 0x86, - (byte) 0xE7, (byte) 0x04, (byte) 0x93, (byte) 0x6A, (byte) 0x66, - (byte) 0x78, (byte) 0xE1, (byte) 0x13, (byte) 0x9D, (byte) 0x26, - (byte) 0xB7, (byte) 0x81, (byte) 0x9F, (byte) 0x7E, (byte) 0x90 }; + (byte) 0xC4, (byte) 0x9D, (byte) 0x36, (byte) 0x08, (byte) 0x86, + (byte) 0xE7, (byte) 0x04, (byte) 0x93, (byte) 0x6A, (byte) 0x66, + (byte) 0x78, (byte) 0xE1, (byte) 0x13, (byte) 0x9D, (byte) 0x26, + (byte) 0xB7, (byte) 0x81, (byte) 0x9F, (byte) 0x7E, (byte) 0x90}; // Uncompressed form static final byte[] secp256r1_UCG = { - (byte) 0x04, (byte) 0x6B, (byte) 0x17, (byte) 0xD1, (byte) 0xF2, - (byte) 0xE1, (byte) 0x2C, (byte) 0x42, (byte) 0x47, (byte) 0xF8, - (byte) 0xBC, (byte) 0xE6, (byte) 0xE5, (byte) 0x63, (byte) 0xA4, - (byte) 0x40, (byte) 0xF2, (byte) 0x77, (byte) 0x03, (byte) 0x7D, - (byte) 0x81, (byte) 0x2D, (byte) 0xEB, (byte) 0x33, (byte) 0xA0, - (byte) 0xF4, (byte) 0xA1, (byte) 0x39, (byte) 0x45, (byte) 0xD8, - (byte) 0x98, (byte) 0xC2, (byte) 0x96, (byte) 0x4F, (byte) 0xE3, - (byte) 0x42, (byte) 0xE2, (byte) 0xFE, (byte) 0x1A, (byte) 0x7F, - (byte) 0x9B, (byte) 0x8E, (byte) 0xE7, (byte) 0xEB, (byte) 0x4A, - (byte) 0x7C, (byte) 0x0F, (byte) 0x9E, (byte) 0x16, (byte) 0x2B, - (byte) 0xCE, (byte) 0x33, (byte) 0x57, (byte) 0x6B, (byte) 0x31, - (byte) 0x5E, (byte) 0xCE, (byte) 0xCB, (byte) 0xB6, (byte) 0x40, - (byte) 0x68, (byte) 0x37, (byte) 0xBF, (byte) 0x51, (byte) 0xF5 }; + (byte) 0x04, (byte) 0x6B, (byte) 0x17, (byte) 0xD1, (byte) 0xF2, + (byte) 0xE1, (byte) 0x2C, (byte) 0x42, (byte) 0x47, (byte) 0xF8, + (byte) 0xBC, (byte) 0xE6, (byte) 0xE5, (byte) 0x63, (byte) 0xA4, + (byte) 0x40, (byte) 0xF2, (byte) 0x77, (byte) 0x03, (byte) 0x7D, + (byte) 0x81, (byte) 0x2D, (byte) 0xEB, (byte) 0x33, (byte) 0xA0, + (byte) 0xF4, (byte) 0xA1, (byte) 0x39, (byte) 0x45, (byte) 0xD8, + (byte) 0x98, (byte) 0xC2, (byte) 0x96, (byte) 0x4F, (byte) 0xE3, + (byte) 0x42, (byte) 0xE2, (byte) 0xFE, (byte) 0x1A, (byte) 0x7F, + (byte) 0x9B, (byte) 0x8E, (byte) 0xE7, (byte) 0xEB, (byte) 0x4A, + (byte) 0x7C, (byte) 0x0F, (byte) 0x9E, (byte) 0x16, (byte) 0x2B, + (byte) 0xCE, (byte) 0x33, (byte) 0x57, (byte) 0x6B, (byte) 0x31, + (byte) 0x5E, (byte) 0xCE, (byte) 0xCB, (byte) 0xB6, (byte) 0x40, + (byte) 0x68, (byte) 0x37, (byte) 0xBF, (byte) 0x51, (byte) 0xF5}; static final byte[] secp256r1_N = { - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0x00, - (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xBC, (byte) 0xE6, (byte) 0xFA, (byte) 0xAD, - (byte) 0xA7, (byte) 0x17, (byte) 0x9E, (byte) 0x84, (byte) 0xF3, - (byte) 0xB9, (byte) 0xCA, (byte) 0xC2, (byte) 0xFC, (byte) 0x63, - (byte) 0x25, (byte) 0x51 }; + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0x00, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xBC, (byte) 0xE6, (byte) 0xFA, (byte) 0xAD, + (byte) 0xA7, (byte) 0x17, (byte) 0x9E, (byte) 0x84, (byte) 0xF3, + (byte) 0xB9, (byte) 0xCA, (byte) 0xC2, (byte) 0xFC, (byte) 0x63, + (byte) 0x25, (byte) 0x51}; static final short secp256r1_H = 1; // -------------------------------------------------------------- public static final short AES_GCM_TAG_LENGTH = 16; @@ -118,24 +119,24 @@ public class KMAndroidSEProvider implements KMSEProvider { public static final short CERT_CHAIN_MAX_SIZE = 2500;//First 2 bytes for length. final byte[] CIPHER_ALGS = { - Cipher.ALG_AES_BLOCK_128_CBC_NOPAD, - Cipher.ALG_AES_BLOCK_128_ECB_NOPAD, - Cipher.ALG_DES_CBC_NOPAD, - Cipher.ALG_DES_ECB_NOPAD, - Cipher.ALG_AES_CTR, - Cipher.ALG_RSA_PKCS1, - KMRsaOAEPEncoding.ALG_RSA_PKCS1_OAEP_SHA256_MGF1_SHA1, - Cipher.ALG_RSA_NOPAD, - AEADCipher.ALG_AES_GCM }; + Cipher.ALG_AES_BLOCK_128_CBC_NOPAD, + Cipher.ALG_AES_BLOCK_128_ECB_NOPAD, + Cipher.ALG_DES_CBC_NOPAD, + Cipher.ALG_DES_ECB_NOPAD, + Cipher.ALG_AES_CTR, + Cipher.ALG_RSA_PKCS1, + KMRsaOAEPEncoding.ALG_RSA_PKCS1_OAEP_SHA256_MGF1_SHA1, + Cipher.ALG_RSA_NOPAD, + AEADCipher.ALG_AES_GCM}; final byte[] SIG_ALGS = { - Signature.ALG_RSA_SHA_256_PKCS1, - Signature.ALG_RSA_SHA_256_PKCS1_PSS, - Signature.ALG_ECDSA_SHA_256, - Signature.ALG_HMAC_SHA_256, - KMRsa2048NoDigestSignature.ALG_RSA_SIGN_NOPAD, - KMRsa2048NoDigestSignature.ALG_RSA_PKCS1_NODIGEST, - KMEcdsa256NoDigestSignature.ALG_ECDSA_NODIGEST}; + Signature.ALG_RSA_SHA_256_PKCS1, + Signature.ALG_RSA_SHA_256_PKCS1_PSS, + Signature.ALG_ECDSA_SHA_256, + Signature.ALG_HMAC_SHA_256, + KMRsa2048NoDigestSignature.ALG_RSA_SIGN_NOPAD, + KMRsa2048NoDigestSignature.ALG_RSA_PKCS1_NODIGEST, + KMEcdsa256NoDigestSignature.ALG_ECDSA_NODIGEST}; // AESKey private AESKey aesKeys[]; @@ -215,8 +216,9 @@ public KMAndroidSEProvider() { // Random number generator initialisation. rng = RandomData.getInstance(RandomData.ALG_KEYGENERATION); //Allocate buffer for certificate chain. - if(!isUpgrading()) + if (!isUpgrading()) { certificateChain = new byte[CERT_CHAIN_MAX_SIZE]; + } androidSEProvider = this; } @@ -305,7 +307,7 @@ private Cipher getCipherInstance(byte alg) { } private byte getCipherAlgorithm(Cipher c) { - return c.getAlgorithm(); + return c.getAlgorithm(); } // Create a cipher instance of each algorithm once. @@ -513,18 +515,18 @@ public ECPrivateKey createEcKey(byte[] privBuffer, short privOff, public short createSymmetricKey(byte alg, short keysize, byte[] buf, short startOff) { switch (alg) { - case KMType.AES: - AESKey aesKey = createAESKey(keysize); - return aesKey.getKey(buf, startOff); - case KMType.DES: - DESKey desKey = createTDESKey(); - return desKey.getKey(buf, startOff); - case KMType.HMAC: - HMACKey hmacKey = createHMACKey(keysize); - return hmacKey.getKey(buf, startOff); - default: - CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM); - break; + case KMType.AES: + AESKey aesKey = createAESKey(keysize); + return aesKey.getKey(buf, startOff); + case KMType.DES: + DESKey desKey = createTDESKey(); + return desKey.getKey(buf, startOff); + case KMType.HMAC: + HMACKey hmacKey = createHMACKey(keysize); + return hmacKey.getKey(buf, startOff); + default: + CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM); + break; } return 0; } @@ -534,42 +536,44 @@ public void createAsymmetricKey(byte alg, byte[] privKeyBuf, short privKeyStart, short privKeyLength, byte[] pubModBuf, short pubModStart, short pubModLength, short[] lengths) { switch (alg) { - case KMType.RSA: - if (RSA_KEY_SIZE != privKeyLength || RSA_KEY_SIZE != pubModLength) { - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - } - KeyPair rsaKey = createRsaKeyPair(); - RSAPrivateKey privKey = (RSAPrivateKey) rsaKey.getPrivate(); - //Copy exponent. - Util.arrayFillNonAtomic(tmpArray, (short) 0, RSA_KEY_SIZE, (byte) 0); - lengths[0] = privKey.getExponent(tmpArray, (short)0); - if (lengths[0] > privKeyLength) - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - Util.arrayFillNonAtomic(privKeyBuf, privKeyStart, privKeyLength, (byte)0); - Util.arrayCopyNonAtomic(tmpArray, (short)0, - privKeyBuf, (short)(privKeyStart + privKeyLength - lengths[0]), lengths[0]); - //Copy modulus - Util.arrayFillNonAtomic(tmpArray, (short) 0, RSA_KEY_SIZE, (byte) 0); - lengths[1] = privKey.getModulus(tmpArray, (short)0); - if (lengths[1] > pubModLength) - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - Util.arrayFillNonAtomic(pubModBuf, pubModStart, pubModLength, (byte)0); - Util.arrayCopyNonAtomic(tmpArray, (short)0, - pubModBuf, (short)(pubModStart + pubModLength - lengths[1]), lengths[1]); - break; - case KMType.EC: - KeyPair ecKey = createECKeyPair(); - ECPublicKey ecPubKey = (ECPublicKey) ecKey.getPublic(); - ECPrivateKey ecPrivKey = (ECPrivateKey) ecKey.getPrivate(); - lengths[0] = ecPrivKey.getS(privKeyBuf, privKeyStart); - lengths[1] = ecPubKey.getW(pubModBuf, pubModStart); - if (lengths[0] > privKeyLength || lengths[1] > pubModLength) { - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - } - break; - default: - CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM); - break; + case KMType.RSA: + if (RSA_KEY_SIZE != privKeyLength || RSA_KEY_SIZE != pubModLength) { + CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); + } + KeyPair rsaKey = createRsaKeyPair(); + RSAPrivateKey privKey = (RSAPrivateKey) rsaKey.getPrivate(); + //Copy exponent. + Util.arrayFillNonAtomic(tmpArray, (short) 0, RSA_KEY_SIZE, (byte) 0); + lengths[0] = privKey.getExponent(tmpArray, (short) 0); + if (lengths[0] > privKeyLength) { + CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); + } + Util.arrayFillNonAtomic(privKeyBuf, privKeyStart, privKeyLength, (byte) 0); + Util.arrayCopyNonAtomic(tmpArray, (short) 0, + privKeyBuf, (short) (privKeyStart + privKeyLength - lengths[0]), lengths[0]); + //Copy modulus + Util.arrayFillNonAtomic(tmpArray, (short) 0, RSA_KEY_SIZE, (byte) 0); + lengths[1] = privKey.getModulus(tmpArray, (short) 0); + if (lengths[1] > pubModLength) { + CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); + } + Util.arrayFillNonAtomic(pubModBuf, pubModStart, pubModLength, (byte) 0); + Util.arrayCopyNonAtomic(tmpArray, (short) 0, + pubModBuf, (short) (pubModStart + pubModLength - lengths[1]), lengths[1]); + break; + case KMType.EC: + KeyPair ecKey = createECKeyPair(); + ECPublicKey ecPubKey = (ECPublicKey) ecKey.getPublic(); + ECPrivateKey ecPrivKey = (ECPrivateKey) ecKey.getPrivate(); + lengths[0] = ecPrivKey.getS(privKeyBuf, privKeyStart); + lengths[1] = ecPubKey.getW(pubModBuf, pubModStart); + if (lengths[0] > privKeyLength || lengths[1] > pubModLength) { + CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); + } + break; + default: + CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM); + break; } } @@ -577,18 +581,18 @@ public void createAsymmetricKey(byte alg, byte[] privKeyBuf, public boolean importSymmetricKey(byte alg, short keysize, byte[] buf, short startOff, short length) { switch (alg) { - case KMType.AES: - createAESKey(buf, startOff, length); - break; - case KMType.DES: - createTDESKey(buf, startOff, length); - break; - case KMType.HMAC: - createHMACKey(buf, startOff, length); - break; - default: - CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM); - break; + case KMType.AES: + createAESKey(buf, startOff, length); + break; + case KMType.DES: + createTDESKey(buf, startOff, length); + break; + case KMType.HMAC: + createHMACKey(buf, startOff, length); + break; + default: + CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM); + break; } return true; } @@ -598,16 +602,16 @@ public boolean importAsymmetricKey(byte alg, byte[] privKeyBuf, short privKeyStart, short privKeyLength, byte[] pubModBuf, short pubModStart, short pubModLength) { switch (alg) { - case KMType.RSA: - createRsaKey(pubModBuf, pubModStart, pubModLength, privKeyBuf, - privKeyStart, privKeyLength); - break; - case KMType.EC: - createEcKey(privKeyBuf, privKeyStart, privKeyLength); - break; - default: - CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM); - break; + case KMType.RSA: + createRsaKey(pubModBuf, pubModStart, pubModLength, privKeyBuf, + privKeyStart, privKeyLength); + break; + case KMType.EC: + createEcKey(privKeyBuf, privKeyStart, privKeyLength); + break; + default: + CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM); + break; } return true; } @@ -628,10 +632,10 @@ public void addRngEntropy(byte[] num, short offset, short length) { } public short aesGCMEncrypt(AESKey key, - byte[] secret, short secretStart, short secretLen, byte[] encSecret, - short encSecretStart, byte[] nonce, short nonceStart, short nonceLen, - byte[] authData, short authDataStart, short authDataLen, byte[] authTag, - short authTagStart, short authTagLen) { + byte[] secret, short secretStart, short secretLen, byte[] encSecret, + short encSecretStart, byte[] nonce, short nonceStart, short nonceLen, + byte[] authData, short authDataStart, short authDataLen, byte[] authTag, + short authTagStart, short authTagLen) { if (authTagLen != AES_GCM_TAG_LENGTH) { CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); } @@ -659,21 +663,21 @@ public short aesGCMEncrypt(byte[] aesKey, short aesKeyStart, short aesKeyLen, AESKey key = createAESKey(aesKey, aesKeyStart, aesKeyLen); return aesGCMEncrypt( - key, - secret, - secretStart, - secretLen, - encSecret, - encSecretStart, - nonce, - nonceStart, - nonceLen, - authData, - authDataStart, - authDataLen, - authTag, - authTagStart, - authTagLen); + key, + secret, + secretStart, + secretLen, + encSecret, + encSecretStart, + nonce, + nonceStart, + nonceLen, + authData, + authDataStart, + authDataLen, + authTag, + authTagStart, + authTagLen); } @Override @@ -698,7 +702,8 @@ public boolean aesGCMDecrypt(byte[] aesKey, short aesKeyStart, return verification; } - public HMACKey cmacKdf(KMPreSharedKey preSharedKey, byte[] label, short labelStart, short labelLen, + public HMACKey cmacKdf(KMPreSharedKey preSharedKey, byte[] label, short labelStart, + short labelLen, byte[] context, short contextStart, short contextLength) { try { // This is hardcoded to requirement - 32 byte output with two concatenated @@ -711,7 +716,7 @@ public HMACKey cmacKdf(KMPreSharedKey preSharedKey, byte[] label, short labelSta }; // byte final byte[] zero = { - 0 + 0 }; // [i] counter - 32 bits short iBufLen = 4; @@ -770,14 +775,14 @@ public short hmacSign(byte[] keyBuf, short keyStart, short keyLength, @Override public short hmacKDF(KMMasterKey masterkey, byte[] data, short dataStart, - short dataLength, byte[] signature, short signatureStart) { + short dataLength, byte[] signature, short signatureStart) { try { AESKey aesKey = ((KMAESKey) masterkey).getKey(); aesKey.getKey(tmpArray, (short) 0); HMACKey key = createHMACKey(tmpArray, (short) 0, - (short) (aesKey.getSize() / 8)); + (short) (aesKey.getSize() / 8)); return hmacSign(key, data, dataStart, dataLength, signature, - signatureStart); + signatureStart); } finally { clean(); } @@ -798,107 +803,111 @@ public short rsaDecipherOAEP256(byte[] secret, short secretStart, byte[] inputDataBuf, short inputDataStart, short inputDataLength, byte[] outputDataBuf, short outputDataStart) { RSAPrivateKey key = (RSAPrivateKey) rsaKeyPair.getPrivate(); - key.setExponent(secret, (short)secretStart, (short)secretLength); - key.setModulus(modBuffer, (short)modOff, (short)modLength); + key.setExponent(secret, (short) secretStart, (short) secretLength); + key.setModulus(modBuffer, (short) modOff, (short) modLength); rsaOaepDecipher.init(key, Cipher.MODE_DECRYPT); - return rsaOaepDecipher.doFinal(inputDataBuf, (short)inputDataStart, (short)inputDataLength, + return rsaOaepDecipher.doFinal(inputDataBuf, (short) inputDataStart, (short) inputDataLength, outputDataBuf, (short) outputDataStart); } public short ecSign256(KMAttestationKey attestationKey, - byte[] inputDataBuf, short inputDataStart, short inputDataLength, - byte[] outputDataBuf, short outputDataStart) { + byte[] inputDataBuf, short inputDataStart, short inputDataLength, + byte[] outputDataBuf, short outputDataStart) { Signature.OneShot signer = null; try { signer = Signature.OneShot.open(MessageDigest.ALG_SHA_256, Signature.SIG_CIPHER_ECDSA, Cipher.PAD_NULL); - signer.init(((KMECPrivateKey)attestationKey).getPrivateKey(), Signature.MODE_SIGN); + signer.init(((KMECPrivateKey) attestationKey).getPrivateKey(), Signature.MODE_SIGN); return signer.sign(inputDataBuf, inputDataStart, inputDataLength, outputDataBuf, outputDataStart); } finally { - if (signer != null) + if (signer != null) { signer.close(); + } } } private byte mapPurpose(short purpose) { switch (purpose) { - case KMType.ENCRYPT: - return Cipher.MODE_ENCRYPT; - case KMType.DECRYPT: - return Cipher.MODE_DECRYPT; - case KMType.SIGN: - return Signature.MODE_SIGN; - case KMType.VERIFY: - return Signature.MODE_VERIFY; + case KMType.ENCRYPT: + return Cipher.MODE_ENCRYPT; + case KMType.DECRYPT: + return Cipher.MODE_DECRYPT; + case KMType.SIGN: + return Signature.MODE_SIGN; + case KMType.VERIFY: + return Signature.MODE_VERIFY; } return -1; } private byte mapSignature256Alg(byte alg, byte padding, byte digest) { switch (alg) { - case KMType.RSA: - switch (padding) { - case KMType.RSA_PKCS1_1_5_SIGN: { - if (digest == KMType.DIGEST_NONE) - return KMRsa2048NoDigestSignature.ALG_RSA_PKCS1_NODIGEST; - else - return Signature.ALG_RSA_SHA_256_PKCS1; - } - case KMType.RSA_PSS: - return Signature.ALG_RSA_SHA_256_PKCS1_PSS; - case KMType.PADDING_NONE: - return KMRsa2048NoDigestSignature.ALG_RSA_SIGN_NOPAD; - } - break; - case KMType.EC: - if (digest == KMType.DIGEST_NONE) - return KMEcdsa256NoDigestSignature.ALG_ECDSA_NODIGEST; - else - return Signature.ALG_ECDSA_SHA_256; - case KMType.HMAC: - return Signature.ALG_HMAC_SHA_256; + case KMType.RSA: + switch (padding) { + case KMType.RSA_PKCS1_1_5_SIGN: { + if (digest == KMType.DIGEST_NONE) { + return KMRsa2048NoDigestSignature.ALG_RSA_PKCS1_NODIGEST; + } else { + return Signature.ALG_RSA_SHA_256_PKCS1; + } + } + case KMType.RSA_PSS: + return Signature.ALG_RSA_SHA_256_PKCS1_PSS; + case KMType.PADDING_NONE: + return KMRsa2048NoDigestSignature.ALG_RSA_SIGN_NOPAD; + } + break; + case KMType.EC: + if (digest == KMType.DIGEST_NONE) { + return KMEcdsa256NoDigestSignature.ALG_ECDSA_NODIGEST; + } else { + return Signature.ALG_ECDSA_SHA_256; + } + case KMType.HMAC: + return Signature.ALG_HMAC_SHA_256; } return -1; } private byte mapCipherAlg(byte alg, byte padding, byte blockmode, byte digest) { switch (alg) { - case KMType.AES: - switch (blockmode) { - case KMType.ECB: - return Cipher.ALG_AES_BLOCK_128_ECB_NOPAD; - case KMType.CBC: - return Cipher.ALG_AES_BLOCK_128_CBC_NOPAD; - case KMType.CTR: - return Cipher.ALG_AES_CTR; - case KMType.GCM: - return AEADCipher.ALG_AES_GCM; - } - break; - case KMType.DES: - switch (blockmode) { - case KMType.ECB: - return Cipher.ALG_DES_ECB_NOPAD; - case KMType.CBC: - return Cipher.ALG_DES_CBC_NOPAD; - } - break; - case KMType.RSA: - switch (padding) { - case KMType.PADDING_NONE: - return Cipher.ALG_RSA_NOPAD; - case KMType.RSA_PKCS1_1_5_ENCRYPT: - return Cipher.ALG_RSA_PKCS1; - case KMType.RSA_OAEP: { - if (digest == KMType.SHA2_256) - return KMRsaOAEPEncoding.ALG_RSA_PKCS1_OAEP_SHA256_MGF1_SHA1; - else - KMException.throwIt(KMError.UNSUPPORTED_ALGORITHM); - } - } - break; + case KMType.AES: + switch (blockmode) { + case KMType.ECB: + return Cipher.ALG_AES_BLOCK_128_ECB_NOPAD; + case KMType.CBC: + return Cipher.ALG_AES_BLOCK_128_CBC_NOPAD; + case KMType.CTR: + return Cipher.ALG_AES_CTR; + case KMType.GCM: + return AEADCipher.ALG_AES_GCM; + } + break; + case KMType.DES: + switch (blockmode) { + case KMType.ECB: + return Cipher.ALG_DES_ECB_NOPAD; + case KMType.CBC: + return Cipher.ALG_DES_CBC_NOPAD; + } + break; + case KMType.RSA: + switch (padding) { + case KMType.PADDING_NONE: + return Cipher.ALG_RSA_NOPAD; + case KMType.RSA_PKCS1_1_5_ENCRYPT: + return Cipher.ALG_RSA_PKCS1; + case KMType.RSA_OAEP: { + if (digest == KMType.SHA2_256) { + return KMRsaOAEPEncoding.ALG_RSA_PKCS1_OAEP_SHA256_MGF1_SHA1; + } else { + KMException.throwIt(KMError.UNSUPPORTED_ALGORITHM); + } + } + } + break; } return -1; } @@ -909,45 +918,45 @@ public Cipher createSymmetricCipher(short alg, short purpose, Key key = null; Cipher symmCipher = null; switch (secretLength) { - case 32: - key = aesKeys[KEYSIZE_256_OFFSET]; - ((AESKey) key).setKey(secret, secretStart); - break; - case 16: - key = aesKeys[KEYSIZE_128_OFFSET]; - ((AESKey) key).setKey(secret, secretStart); - break; - case 24: - key = triDesKey; - ((DESKey) key).setKey(secret, secretStart); - break; - default: - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - break; + case 32: + key = aesKeys[KEYSIZE_256_OFFSET]; + ((AESKey) key).setKey(secret, secretStart); + break; + case 16: + key = aesKeys[KEYSIZE_128_OFFSET]; + ((AESKey) key).setKey(secret, secretStart); + break; + case 24: + key = triDesKey; + ((DESKey) key).setKey(secret, secretStart); + break; + default: + CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); + break; } - short cipherAlg = mapCipherAlg((byte) alg, (byte) padding, (byte) blockMode, (byte)0); + short cipherAlg = mapCipherAlg((byte) alg, (byte) padding, (byte) blockMode, (byte) 0); symmCipher = getCipherInstanceFromPool((byte) cipherAlg); switch (cipherAlg) { - case Cipher.ALG_AES_BLOCK_128_CBC_NOPAD: - case Cipher.ALG_AES_CTR: - symmCipher.init(key, mapPurpose(purpose), ivBuffer, ivStart, ivLength); - break; - case Cipher.ALG_AES_BLOCK_128_ECB_NOPAD: - case Cipher.ALG_DES_ECB_NOPAD: - symmCipher.init(key, mapPurpose(purpose)); - break; - case Cipher.ALG_DES_CBC_NOPAD: - // Consume only 8 bytes of iv. the random number for iv is of 16 bytes. - // While sending back the iv, send only 8 bytes. - symmCipher.init(key, mapPurpose(purpose), ivBuffer, ivStart, (short) 8); - break; - case AEADCipher.ALG_AES_GCM: - ((AEADCipher) symmCipher).init(key, mapPurpose(purpose), ivBuffer, - ivStart, ivLength); - break; - default:// This should never happen - CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM); - break; + case Cipher.ALG_AES_BLOCK_128_CBC_NOPAD: + case Cipher.ALG_AES_CTR: + symmCipher.init(key, mapPurpose(purpose), ivBuffer, ivStart, ivLength); + break; + case Cipher.ALG_AES_BLOCK_128_ECB_NOPAD: + case Cipher.ALG_DES_ECB_NOPAD: + symmCipher.init(key, mapPurpose(purpose)); + break; + case Cipher.ALG_DES_CBC_NOPAD: + // Consume only 8 bytes of iv. the random number for iv is of 16 bytes. + // While sending back the iv, send only 8 bytes. + symmCipher.init(key, mapPurpose(purpose), ivBuffer, ivStart, (short) 8); + break; + case AEADCipher.ALG_AES_GCM: + ((AEADCipher) symmCipher).init(key, mapPurpose(purpose), ivBuffer, + ivStart, ivLength); + break; + default:// This should never happen + CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM); + break; } return symmCipher; } @@ -955,8 +964,9 @@ public Cipher createSymmetricCipher(short alg, short purpose, public Signature createHmacSignerVerifier(short purpose, short digest, byte[] secret, short secretStart, short secretLength) { byte alg = Signature.ALG_HMAC_SHA_256; - if (digest != KMType.SHA2_256) + if (digest != KMType.SHA2_256) { CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); + } Signature hmacSignerVerifier = getSignatureInstanceFromPool(alg); HMACKey key = createHMACKey(secret, secretStart, secretLength); hmacSignerVerifier.init(key, (byte) mapPurpose(purpose)); @@ -970,33 +980,33 @@ public KMOperation initSymmetricOperation(byte purpose, byte alg, short macLength) { KMOperationImpl opr = null; switch (alg) { - case KMType.AES: - case KMType.DES: - Cipher cipher = createSymmetricCipher(alg, purpose, blockMode, padding, - keyBuf, keyStart, keyLength, ivBuf, ivStart, ivLength); - opr = getOperationInstanceFromPool(); - // Convert macLength to bytes - macLength = (short) (macLength / 8); - JCSystem.beginTransaction(); - opr.setCipher(cipher); - opr.setCipherAlgorithm(alg); - opr.setBlockMode(blockMode); - opr.setPaddingAlgorithm(padding); - opr.setMode(purpose); - opr.setMacLength(macLength); - JCSystem.commitTransaction(); - break; - case KMType.HMAC: - Signature signerVerifier = createHmacSignerVerifier(purpose, digest, - keyBuf, keyStart, keyLength); - opr = getOperationInstanceFromPool(); - JCSystem.beginTransaction(); - opr.setSignature(signerVerifier); - JCSystem.commitTransaction(); - break; - default: - CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM); - break; + case KMType.AES: + case KMType.DES: + Cipher cipher = createSymmetricCipher(alg, purpose, blockMode, padding, + keyBuf, keyStart, keyLength, ivBuf, ivStart, ivLength); + opr = getOperationInstanceFromPool(); + // Convert macLength to bytes + macLength = (short) (macLength / 8); + JCSystem.beginTransaction(); + opr.setCipher(cipher); + opr.setCipherAlgorithm(alg); + opr.setBlockMode(blockMode); + opr.setPaddingAlgorithm(padding); + opr.setMode(purpose); + opr.setMacLength(macLength); + JCSystem.commitTransaction(); + break; + case KMType.HMAC: + Signature signerVerifier = createHmacSignerVerifier(purpose, digest, + keyBuf, keyStart, keyLength); + opr = getOperationInstanceFromPool(); + JCSystem.beginTransaction(); + opr.setSignature(signerVerifier); + JCSystem.commitTransaction(); + break; + default: + CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM); + break; } return opr; } @@ -1023,7 +1033,7 @@ public Signature createRsaSigner(short digest, short padding, byte[] secret, public Cipher createRsaDecipher(short padding, short digest, byte[] secret, short secretStart, short secretLength, byte[] modBuffer, short modOff, short modLength) { - byte cipherAlg = mapCipherAlg(KMType.RSA, (byte) padding, (byte) 0, (byte)digest); + byte cipherAlg = mapCipherAlg(KMType.RSA, (byte) padding, (byte) 0, (byte) digest); Cipher rsaCipher = getCipherInstanceFromPool(cipherAlg); RSAPrivateKey key = (RSAPrivateKey) rsaKeyPair.getPrivate(); key.setExponent(secret, secretStart, secretLength); @@ -1051,45 +1061,45 @@ public KMOperation initAsymmetricOperation(byte purpose, byte alg, KMOperationImpl opr = null; if (alg == KMType.RSA) { switch (purpose) { - case KMType.SIGN: - Signature signer = createRsaSigner(digest, padding, privKeyBuf, - privKeyStart, privKeyLength, pubModBuf, pubModStart, pubModLength); - opr = getOperationInstanceFromPool(); - JCSystem.beginTransaction(); - opr.setSignature(signer); - opr.setCipherAlgorithm(alg); - opr.setPaddingAlgorithm(padding); - opr.setMode(purpose); - JCSystem.commitTransaction(); - break; - case KMType.DECRYPT: - Cipher decipher = createRsaDecipher(padding, digest, privKeyBuf, - privKeyStart, privKeyLength, pubModBuf, pubModStart, pubModLength); - opr = getOperationInstanceFromPool(); - JCSystem.beginTransaction(); - opr.setCipher(decipher); - opr.setCipherAlgorithm(alg); - opr.setPaddingAlgorithm(padding); - opr.setMode(purpose); - JCSystem.commitTransaction(); - break; - default: - KMException.throwIt(KMError.UNSUPPORTED_PURPOSE); - break; + case KMType.SIGN: + Signature signer = createRsaSigner(digest, padding, privKeyBuf, + privKeyStart, privKeyLength, pubModBuf, pubModStart, pubModLength); + opr = getOperationInstanceFromPool(); + JCSystem.beginTransaction(); + opr.setSignature(signer); + opr.setCipherAlgorithm(alg); + opr.setPaddingAlgorithm(padding); + opr.setMode(purpose); + JCSystem.commitTransaction(); + break; + case KMType.DECRYPT: + Cipher decipher = createRsaDecipher(padding, digest, privKeyBuf, + privKeyStart, privKeyLength, pubModBuf, pubModStart, pubModLength); + opr = getOperationInstanceFromPool(); + JCSystem.beginTransaction(); + opr.setCipher(decipher); + opr.setCipherAlgorithm(alg); + opr.setPaddingAlgorithm(padding); + opr.setMode(purpose); + JCSystem.commitTransaction(); + break; + default: + KMException.throwIt(KMError.UNSUPPORTED_PURPOSE); + break; } } else if (alg == KMType.EC) { switch (purpose) { - case KMType.SIGN: - Signature signer = createEcSigner(digest, privKeyBuf, privKeyStart, - privKeyLength); - opr = getOperationInstanceFromPool(); - JCSystem.beginTransaction(); - opr.setSignature(signer); - JCSystem.commitTransaction(); - break; - default: - KMException.throwIt(KMError.UNSUPPORTED_PURPOSE); - break; + case KMType.SIGN: + Signature signer = createEcSigner(digest, privKeyBuf, privKeyStart, + privKeyLength); + opr = getOperationInstanceFromPool(); + JCSystem.beginTransaction(); + opr.setSignature(signer); + JCSystem.commitTransaction(); + break; + default: + KMException.throwIt(KMError.UNSUPPORTED_PURPOSE); + break; } } else { CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM); @@ -1105,17 +1115,17 @@ public KMAttestationCert getAttestationCert(boolean rsaCert) { @Override public short cmacKDF(KMPreSharedKey pSharedKey, byte[] label, - short labelStart, short labelLen, byte[] context, short contextStart, - short contextLength, byte[] keyBuf, short keyStart) { + short labelStart, short labelLen, byte[] context, short contextStart, + short contextLength, byte[] keyBuf, short keyStart) { HMACKey key = cmacKdf(pSharedKey, label, labelStart, labelLen, context, - contextStart, contextLength); + contextStart, contextLength); return key.getKey(keyBuf, keyStart); } @Override public void clearCertificateChain() { JCSystem.beginTransaction(); - Util.arrayFillNonAtomic(certificateChain, (short)0, CERT_CHAIN_MAX_SIZE, (byte) 0); + Util.arrayFillNonAtomic(certificateChain, (short) 0, CERT_CHAIN_MAX_SIZE, (byte) 0); JCSystem.commitTransaction(); } @@ -1140,20 +1150,20 @@ public void persistPartialCertificateChain(byte[] buf, short offset, short len, JCSystem.beginTransaction(); Util.setShort(certificateChain, (short) 0, (short) (len + persistedLen)); Util.arrayCopyNonAtomic(buf, offset, certificateChain, - (short) (persistedLen+2), len); + (short) (persistedLen + 2), len); JCSystem.commitTransaction(); } @Override public short readCertificateChain(byte[] buf, short offset) { - short len = Util.getShort(certificateChain, (short)0); - Util.arrayCopyNonAtomic(certificateChain, (short)2, buf, offset, len); + short len = Util.getShort(certificateChain, (short) 0); + Util.arrayCopyNonAtomic(certificateChain, (short) 2, buf, offset, len); return len; } @Override public short getCertificateChainLength() { - return Util.getShort(certificateChain, (short)0); + return Util.getShort(certificateChain, (short) 0); } @Override @@ -1162,7 +1172,7 @@ public boolean isBootSignalEventSupported() { } @Override - public boolean isDeviceRebooted() { + public boolean isDeviceRebooted() { return false; } @@ -1190,7 +1200,7 @@ public void onRestore(Element element) { @Override public short getBackupPrimitiveByteCount() { short count = - (short) (KMAESKey.getBackupPrimitiveByteCount() + + (short) (KMAESKey.getBackupPrimitiveByteCount() + KMECPrivateKey.getBackupPrimitiveByteCount() + KMHmacKey.getBackupPrimitiveByteCount()); return count; @@ -1199,7 +1209,7 @@ public short getBackupPrimitiveByteCount() { @Override public short getBackupObjectCount() { short count = - (short) (1 /*Certificate chain */ + + (short) (1 /*Certificate chain */ + KMAESKey.getBackupObjectCount() + KMECPrivateKey.getBackupObjectCount() + KMHmacKey.getBackupObjectCount()); @@ -1207,7 +1217,7 @@ public short getBackupObjectCount() { } @Override - public boolean isUpgrading() { + public boolean isUpgrading() { return UpgradeManager.isUpgrading(); } @@ -1216,7 +1226,7 @@ public KMMasterKey createMasterKey(short keySizeBits) { try { if (masterKey == null) { AESKey key = (AESKey) KeyBuilder.buildKey(KeyBuilder.TYPE_AES, - keySizeBits, false); + keySizeBits, false); masterKey = new KMAESKey(key); short keyLen = (short) (keySizeBits / 8); getTrueRandomNumber(tmpArray, (short) 0, keyLen); @@ -1230,7 +1240,7 @@ public KMMasterKey createMasterKey(short keySizeBits) { @Override public KMAttestationKey createAttestationKey(byte[] keyData, short offset, - short length) { + short length) { if (attestationKey == null) { // Strongbox supports only P-256 curve for EC key. KeyPair ecKeyPair = new KeyPair(KeyPair.ALG_EC_FP, KeyBuilder.LENGTH_EC_FP_256); @@ -1243,13 +1253,13 @@ public KMAttestationKey createAttestationKey(byte[] keyData, short offset, @Override public KMPreSharedKey createPresharedKey(byte[] keyData, short offset, short length) { - short lengthInBits = (short)(length * 8); + short lengthInBits = (short) (length * 8); if ((lengthInBits % 8 != 0) || !(lengthInBits >= 64 && lengthInBits <= 512)) { CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); } if (preSharedKey == null) { HMACKey key = (HMACKey) KeyBuilder.buildKey(KeyBuilder.TYPE_HMAC, lengthInBits, - false); + false); preSharedKey = new KMHmacKey(key); } preSharedKey.setKey(keyData, offset, length); diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java index 637a2fba..1e3eae79 100644 --- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java +++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java @@ -31,50 +31,53 @@ // The certificate is assembled with leafs first and then the sequences. public class KMAttestationCertImpl implements KMAttestationCert { + private static final byte MAX_PARAMS = 30; // DER encoded object identifiers required by the cert. // rsaEncryption - 1.2.840.113549.1.1.1 private static final byte[] rsaEncryption = { - 0x06, 0x09, 0x2A, (byte) 0x86, 0x48, (byte) 0x86, (byte) 0xF7, 0x0D, 0x01, 0x01, 0x01 + 0x06, 0x09, 0x2A, (byte) 0x86, 0x48, (byte) 0x86, (byte) 0xF7, 0x0D, 0x01, 0x01, 0x01 }; // ecPublicKey - 1.2.840.10045.2.1 private static final byte[] eccPubKey = { - 0x06, 0x07, 0x2A, (byte) 0x86, 0x48, (byte) 0xCE, 0x3D, 0x02, 0x01 + 0x06, 0x07, 0x2A, (byte) 0x86, 0x48, (byte) 0xCE, 0x3D, 0x02, 0x01 }; // prime256v1 curve - 1.2.840.10045.3.1.7 private static final byte[] prime256v1 = { - 0x06, 0x08, 0x2A, (byte) 0x86, 0x48, (byte) 0xCE, 0x3D, 0x03, 0x01, 0x07 + 0x06, 0x08, 0x2A, (byte) 0x86, 0x48, (byte) 0xCE, 0x3D, 0x03, 0x01, 0x07 }; // Key Usage Extn - 2.5.29.15 private static final byte[] keyUsageExtn = {0x06, 0x03, 0x55, 0x1D, 0x0F}; // Android Extn - 1.3.6.1.4.1.11129.2.1.17 private static final byte[] androidExtn = { - 0x06, 0x0A, 0X2B, 0X06, 0X01, 0X04, 0X01, (byte) 0XD6, 0X79, 0X02, 0X01, 0X11 + 0x06, 0x0A, 0X2B, 0X06, 0X01, 0X04, 0X01, (byte) 0XD6, 0X79, 0X02, 0X01, 0X11 }; private static final short ECDSA_MAX_SIG_LEN = 72; //Signature algorithm identifier - always ecdsaWithSha256 - 1.2.840.10045.4.3.2 //SEQUENCE of alg OBJ ID and parameters = NULL. private static final byte[] X509SignAlgIdentifier = { - 0x30, - 0x0A, - 0x06, - 0x08, - 0x2A, - (byte) 0x86, - 0x48, - (byte) 0xCE, - (byte) 0x3D, - 0x04, - 0x03, - 0x02 + 0x30, + 0x0A, + 0x06, + 0x08, + 0x2A, + (byte) 0x86, + 0x48, + (byte) 0xCE, + (byte) 0x3D, + 0x04, + 0x03, + 0x02 }; // Validity is not fixed field // Subject is a fixed field with only CN= Android Keystore Key - same for all the keys private static final byte[] X509Subject = { - 0x30, 0x1F, 0x31, 0x1D, 0x30, 0x1B, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x14, 0x41, 0x6e, 0x64, - 0x72, 0x6f, 0x69, 0x64, 0x20, 0x4B, 0x65, 0x79, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x20, 0x4B, 0x65, - 0x79 + 0x30, 0x1F, 0x31, 0x1D, 0x30, 0x1B, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x14, 0x41, 0x6e, + 0x64, + 0x72, 0x6f, 0x69, 0x64, 0x20, 0x4B, 0x65, 0x79, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x20, 0x4B, + 0x65, + 0x79 }; private static final byte keyUsageSign = (byte) 0x80; // 0 bit @@ -117,10 +120,13 @@ public class KMAttestationCertImpl implements KMAttestationCert { private static short issuer; private static short signPriv; - private KMAttestationCertImpl() {} + private KMAttestationCertImpl() { + } public static KMAttestationCert instance(boolean rsaCert) { - if (inst == null) inst = new KMAttestationCertImpl(); + if (inst == null) { + inst = new KMAttestationCertImpl(); + } init(); KMAttestationCertImpl.rsaCert = rsaCert; return inst; @@ -190,18 +196,19 @@ public KMAttestationCert notBefore(short obj, byte[] scratchpad) { @Override public KMAttestationCert notAfter(short usageExpiryTimeObj, - short certExpirtyTimeObj, byte[] scratchPad, short tmpVar) { + short certExpirtyTimeObj, byte[] scratchPad, short tmpVar) { if (usageExpiryTimeObj != KMType.INVALID_VALUE) { // compare if the expiry time is greater then 2051 then use generalized // time format else use utc time format. usageExpiryTimeObj = KMIntegerTag.cast(usageExpiryTimeObj).getValue(); tmpVar = KMInteger.uint_64(KMUtils.firstJan2051, (short) 0); - if (KMInteger.compare(usageExpiryTimeObj, tmpVar) >= 0) + if (KMInteger.compare(usageExpiryTimeObj, tmpVar) >= 0) { usageExpiryTimeObj = KMUtils.convertToDate(usageExpiryTimeObj, scratchPad, - false); - else + false); + } else { usageExpiryTimeObj = KMUtils - .convertToDate(usageExpiryTimeObj, scratchPad, true); + .convertToDate(usageExpiryTimeObj, scratchPad, true); + } notAfter = usageExpiryTimeObj; } else { notAfter = certExpirtyTimeObj; @@ -211,8 +218,11 @@ public KMAttestationCert notAfter(short usageExpiryTimeObj, @Override public KMAttestationCert deviceLocked(boolean val) { - if (val) deviceLocked = (byte) 0xFF; - else deviceLocked = 0; + if (val) { + deviceLocked = (byte) 0xFF; + } else { + deviceLocked = 0; + } return this; } @@ -302,7 +312,9 @@ private static void pushTbsCert(boolean rsaCert) { private static void pushExtensions() { short last = stackPtr; - if (keyUsage != 0) pushKeyUsage(keyUsage, unusedBits); + if (keyUsage != 0) { + pushKeyUsage(keyUsage, unusedBits); + } pushKeyDescription(); pushSequenceHeader((short) (last - stackPtr)); // Extensions have explicit tag of [3] @@ -366,6 +378,7 @@ private static void pushRsaSubjectKeyInfo() { pushRsaEncryption(); pushSequenceHeader((short) (last - stackPtr)); } + // SEQUENCE{SEQUENCE{ecPubKey, prime256v1}, bitString{pubKey}} private static void pushEccSubjectKeyInfo() { short last = stackPtr; @@ -391,6 +404,7 @@ private static void pushRsaEncryption() { pushBytes(rsaEncryption, (short) 0, (short) rsaEncryption.length); pushSequenceHeader((short) (last - stackPtr)); } + // KeyDescription ::= SEQUENCE { // attestationVersion INTEGER, # Value 3 // attestationSecurityLevel SecurityLevel, # See below @@ -433,9 +447,9 @@ private static void pushSWParams() { short last = stackPtr; // Below are the allowed softwareEnforced Authorization tags inside the attestation certificate's extension. short[] tagIds = { - KMType.ATTESTATION_APPLICATION_ID, KMType.CREATION_DATETIME, - KMType.USAGE_EXPIRE_DATETIME, KMType.ORIGINATION_EXPIRE_DATETIME, - KMType.ACTIVE_DATETIME, KMType.UNLOCKED_DEVICE_REQUIRED }; + KMType.ATTESTATION_APPLICATION_ID, KMType.CREATION_DATETIME, + KMType.USAGE_EXPIRE_DATETIME, KMType.ORIGINATION_EXPIRE_DATETIME, + KMType.ACTIVE_DATETIME, KMType.UNLOCKED_DEVICE_REQUIRED}; byte index = 0; do { pushParams(swParams, swParamsIndex, tagIds[index]); @@ -447,15 +461,15 @@ private static void pushHWParams() { short last = stackPtr; // Below are the allowed hardwareEnforced Authorization tags inside the attestation certificate's extension. short[] tagIds = { - KMType.BOOT_PATCH_LEVEL, KMType.VENDOR_PATCH_LEVEL, - KMType.OS_PATCH_LEVEL, KMType.OS_VERSION, KMType.ROOT_OF_TRUST, - KMType.ORIGIN, KMType.APPLICATION_ID, - KMType.TRUSTED_CONFIRMATION_REQUIRED, - KMType.TRUSTED_USER_PRESENCE_REQUIRED, KMType.ALLOW_WHILE_ON_BODY, - KMType.AUTH_TIMEOUT, KMType.USER_AUTH_TYPE, KMType.NO_AUTH_REQUIRED, - KMType.ROLLBACK_RESISTANCE, KMType.RSA_PUBLIC_EXPONENT, - KMType.ECCURVE, KMType.PADDING, KMType.DIGEST, KMType.KEYSIZE, - KMType.ALGORITHM, KMType.PURPOSE }; + KMType.BOOT_PATCH_LEVEL, KMType.VENDOR_PATCH_LEVEL, + KMType.OS_PATCH_LEVEL, KMType.OS_VERSION, KMType.ROOT_OF_TRUST, + KMType.ORIGIN, KMType.APPLICATION_ID, + KMType.TRUSTED_CONFIRMATION_REQUIRED, + KMType.TRUSTED_USER_PRESENCE_REQUIRED, KMType.ALLOW_WHILE_ON_BODY, + KMType.AUTH_TIMEOUT, KMType.USER_AUTH_TYPE, KMType.NO_AUTH_REQUIRED, + KMType.ROLLBACK_RESISTANCE, KMType.RSA_PUBLIC_EXPONENT, + KMType.ECCURVE, KMType.PADDING, KMType.DIGEST, KMType.KEYSIZE, + KMType.ALGORITHM, KMType.PURPOSE}; byte index = 0; do { @@ -463,7 +477,9 @@ private static void pushHWParams() { pushRoT(); continue; } - if (pushParams(hwParams, hwParamsIndex, tagIds[index])) continue; + if (pushParams(hwParams, hwParamsIndex, tagIds[index])) { + continue; + } } while (++index < tagIds.length); pushSequenceHeader((short) (last - stackPtr)); } @@ -531,6 +547,7 @@ private static void pushTag(short tag) { break; } } + // RootOfTrust ::= SEQUENCE { // verifiedBootKey OCTET_STRING, // deviceLocked BOOLEAN, @@ -594,6 +611,7 @@ private static void pushEnumArrayTag(short tagId, byte[] buf, short start, short pushSetHeader((short) (last - stackPtr)); pushTagIdHeader(tagId, (short) (last - stackPtr)); } + // Only SET of INTEGERS supported are padding, digest, purpose and blockmode // All of these are enum array tags i.e. byte long values private static void pushIntegerArrayTag(short tagId, short arr) { @@ -652,13 +670,16 @@ private static void pushIntegerTag(short tagId, byte[] buf, short start, short l pushInteger(buf, start, len); pushTagIdHeader(tagId, (short) (last - stackPtr)); } + // Ignore leading zeros. Only Unsigned Integers are required hence if MSB is set then add 0x00 // as most significant byte. private static void pushInteger(byte[] buf, short start, short len) { short last = stackPtr; byte index = 0; while (index < (byte) len) { - if (buf[(short) (start + index)] != 0) break; + if (buf[(short) (start + index)] != 0) { + break; + } index++; } if (index == (byte) len) { @@ -671,6 +692,7 @@ private static void pushInteger(byte[] buf, short start, short len) { } pushIntegerHeader((short) (last - stackPtr)); } + // Bytes Tag is a octet string and tag id is added explicitly private static void pushBytesTag(short tagId, byte[] buf, short start, short len) { short last = stackPtr; @@ -696,6 +718,7 @@ private static void pushTagIdHeader(short tagId, short len) { pushByte((byte) (0xA0 | (byte) tagId)); } } + // SEQUENCE {ObjId, OCTET STRING{BIT STRING{keyUsage}}} private static void pushKeyUsage(byte keyUsage, byte unusedBits) { short last = stackPtr; @@ -762,7 +785,9 @@ private static void pushBytes(byte[] buf, short start, short len) { private static void decrementStackPtr(short cnt) { stackPtr = (short) (stackPtr - cnt); - if (start > stackPtr) KMException.throwIt(KMError.UNKNOWN_ERROR); + if (start > stackPtr) { + KMException.throwIt(KMError.UNKNOWN_ERROR); + } } @Override @@ -805,39 +830,39 @@ public void build() { KMAndroidSEProvider androidSeProvider = KMAndroidSEProvider.getInstance(); short sigLen = androidSeProvider .ecSign256( - androidSeProvider.getAttestationKey(), - stack, - tbsOffset, - tbsLength, - stack, - signatureOffset); - if(sigLen != ECDSA_MAX_SIG_LEN) { + androidSeProvider.getAttestationKey(), + stack, + tbsOffset, + tbsLength, + stack, + signatureOffset); + if (sigLen != ECDSA_MAX_SIG_LEN) { // Update the lengths appropriately. - stackPtr = (short)(signatureOffset - 1); - pushLength((short)(sigLen + 1)); + stackPtr = (short) (signatureOffset - 1); + pushLength((short) (sigLen + 1)); stackPtr = tbsOffset; - last -= (short)(ECDSA_MAX_SIG_LEN - sigLen); - pushLength((short)(last - stackPtr)); - length -= (short)(ECDSA_MAX_SIG_LEN - sigLen); + last -= (short) (ECDSA_MAX_SIG_LEN - sigLen); + pushLength((short) (last - stackPtr)); + length -= (short) (ECDSA_MAX_SIG_LEN - sigLen); } } @Override public KMAttestationCert makeUniqueId(byte[] scratchPad, short scratchPadOff, - byte[] creationTime, short timeOffset, short creationTimeLen, - byte[] attestAppId, short appIdOff, short attestAppIdLen, - byte resetSinceIdRotation, KMMasterKey masterKey) { + byte[] creationTime, short timeOffset, short creationTimeLen, + byte[] attestAppId, short appIdOff, short attestAppIdLen, + byte resetSinceIdRotation, KMMasterKey masterKey) { // Concatenate T||C||R // temporal count T short temp = KMUtils.countTemporalCount(creationTime, timeOffset, - creationTimeLen, scratchPad, scratchPadOff); + creationTimeLen, scratchPad, scratchPadOff); Util.setShort(scratchPad, (short) scratchPadOff, temp); temp = scratchPadOff; scratchPadOff += 2; // Application Id C Util.arrayCopyNonAtomic(attestAppId, appIdOff, scratchPad, scratchPadOff, - attestAppIdLen); + attestAppIdLen); scratchPadOff += attestAppIdLen; // Reset After Rotation R @@ -847,19 +872,19 @@ public KMAttestationCert makeUniqueId(byte[] scratchPad, short scratchPadOff, timeOffset = KMByteBlob.instance((short) 32); //Get the key data from the master key and use it for HMAC Sign. AESKey aesKey = ((KMAESKey) masterKey).getKey(); - short mKeyData = KMByteBlob.instance((short) (aesKey.getSize() / 8)); + short mKeyData = KMByteBlob.instance((short) (aesKey.getSize() / 8)); aesKey.getKey( - KMByteBlob.cast(mKeyData).getBuffer(), - KMByteBlob.cast(mKeyData).getStartOff()); + KMByteBlob.cast(mKeyData).getBuffer(), + KMByteBlob.cast(mKeyData).getStartOff()); appIdOff = KMAndroidSEProvider.getInstance().hmacSign( - KMByteBlob.cast(mKeyData).getBuffer(), /* Key */ - KMByteBlob.cast(mKeyData).getStartOff(), /* Key start*/ - KMByteBlob.cast(mKeyData).length(), /* Key length*/ - scratchPad, /* data */ - temp, /* data start */ - scratchPadOff, /* data length */ - KMByteBlob.cast(timeOffset).getBuffer(), /* signature buffer */ - KMByteBlob.cast(timeOffset).getStartOff()); /* signature start */ + KMByteBlob.cast(mKeyData).getBuffer(), /* Key */ + KMByteBlob.cast(mKeyData).getStartOff(), /* Key start*/ + KMByteBlob.cast(mKeyData).length(), /* Key length*/ + scratchPad, /* data */ + temp, /* data start */ + scratchPadOff, /* data length */ + KMByteBlob.cast(timeOffset).getBuffer(), /* signature buffer */ + KMByteBlob.cast(timeOffset).getStartOff()); /* signature start */ if (appIdOff != 32) { KMException.throwIt(KMError.UNKNOWN_ERROR); } diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMECPrivateKey.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMECPrivateKey.java index fe6a636f..3188ad19 100644 --- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMECPrivateKey.java +++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMECPrivateKey.java @@ -42,7 +42,7 @@ public short getS(byte[] buffer, short offset) { ECPrivateKey ecPriv = (ECPrivateKey) ecKeyPair.getPrivate(); return ecPriv.getS(buffer, offset); } - + public ECPrivateKey getPrivateKey() { return (ECPrivateKey) ecKeyPair.getPrivate(); } diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMEcdsa256NoDigestSignature.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMEcdsa256NoDigestSignature.java index 51ac435b..f90b834f 100644 --- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMEcdsa256NoDigestSignature.java +++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMEcdsa256NoDigestSignature.java @@ -41,13 +41,13 @@ public void init(Key key, byte b) throws CryptoException { @Override public void init(Key key, byte b, byte[] bytes, short i, short i1) - throws CryptoException { + throws CryptoException { inst.init(key, b, bytes, i, i1); } @Override public void setInitialDigest(byte[] bytes, short i, short i1, byte[] bytes1, - short i2, short i3) throws CryptoException { + short i2, short i3) throws CryptoException { } @@ -78,7 +78,7 @@ public short getLength() throws CryptoException { @Override public void update(byte[] message, short msgStart, short messageLength) - throws CryptoException { + throws CryptoException { // HAL accumulates the data and send it at finish operation. } @@ -86,8 +86,9 @@ public void update(byte[] message, short msgStart, short messageLength) public short sign(byte[] bytes, short i, short i1, byte[] bytes1, short i2) throws CryptoException { try { - if (i1 > MAX_NO_DIGEST_MSG_LEN) + if (i1 > MAX_NO_DIGEST_MSG_LEN) { CryptoException.throwIt(CryptoException.ILLEGAL_USE); + } // add zeros to the left if (i1 < MAX_NO_DIGEST_MSG_LEN) { Util.arrayFillNonAtomic(KMAndroidSEProvider.getInstance().tmpArray, @@ -105,7 +106,7 @@ public short sign(byte[] bytes, short i, short i1, byte[] bytes1, short i2) @Override public short signPreComputedHash(byte[] bytes, short i, short i1, - byte[] bytes1, short i2) throws CryptoException { + byte[] bytes1, short i2) throws CryptoException { return inst.sign(bytes, i, i1, bytes1, i2); } @@ -118,7 +119,7 @@ public boolean verify(byte[] bytes, short i, short i1, byte[] bytes1, @Override public boolean verifyPreComputedHash(byte[] bytes, short i, short i1, - byte[] bytes1, short i2, short i3) throws CryptoException { + byte[] bytes1, short i2, short i3) throws CryptoException { //Verification is handled inside HAL return false; } diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMHmacKey.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMHmacKey.java index b4ca3af4..b2a38b24 100644 --- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMHmacKey.java +++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMHmacKey.java @@ -22,6 +22,7 @@ import javacard.security.HMACKey; public class KMHmacKey implements KMPreSharedKey { + private HMACKey hmacKey; public KMHmacKey(HMACKey key) { @@ -39,6 +40,7 @@ public byte getKey(byte[] keyData, short kOff) { public short getKeySizeBits() { return hmacKey.getSize(); } + public static void onSave(Element element, KMHmacKey kmKey) { element.write(kmKey.hmacKey); } diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMInstance.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMInstance.java index 12655bc4..5178d4e2 100644 --- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMInstance.java +++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMInstance.java @@ -16,6 +16,7 @@ package com.android.javacard.keymaster; public class KMInstance { + public byte reserved; public Object object; public byte instanceCount; diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMOperationImpl.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMOperationImpl.java index 0eb7c4e7..502f3fb5 100644 --- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMOperationImpl.java +++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMOperationImpl.java @@ -130,8 +130,9 @@ public short finish(byte[] inputDataBuf, short inputDataStart, byte blkSize = 16; byte paddingBytes; short inputlen = inputDataLen; - if (cipherAlg == KMType.DES) + if (cipherAlg == KMType.DES) { blkSize = 8; + } // padding bytes if (inputlen % blkSize == 0) { paddingBytes = blkSize; @@ -155,20 +156,22 @@ public short finish(byte[] inputDataBuf, short inputDataStart, if ((cipherAlg == KMType.AES || cipherAlg == KMType.DES) && padding == KMType.PKCS7 && mode == KMType.DECRYPT) { byte blkSize = 16; - if (cipherAlg == KMType.DES) + if (cipherAlg == KMType.DES) { blkSize = 8; + } if (len > 0) { // verify if padding is corrupted. byte paddingByte = outputDataBuf[(short) (outputDataStart + len - 1)]; // padding byte always should be <= block size - if ((short) paddingByte > blkSize || (short) paddingByte <= 0) + if ((short) paddingByte > blkSize || (short) paddingByte <= 0) { KMException.throwIt(KMError.INVALID_ARGUMENT); + } - for(short j = 1; j <= paddingByte; ++j) { + for (short j = 1; j <= paddingByte; ++j) { if (outputDataBuf[(short) (outputDataStart + len - j)] != paddingByte) { KMException.throwIt(KMError.INVALID_ARGUMENT); } - } + } len = (short) (len - (short) paddingByte);// remove the padding bytes } } else if (cipherAlg == KMType.AES && blockMode == KMType.GCM) { @@ -178,8 +181,9 @@ public short finish(byte[] inputDataBuf, short inputDataStart, } else { boolean verified = ((AEADCipher) cipher).verifyTag(inputDataBuf, (short) (inputDataStart + inputDataLen), macLength, macLength); - if (!verified) + if (!verified) { KMException.throwIt(KMError.VERIFICATION_FAILED); + } } } } finally { diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMRsa2048NoDigestSignature.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMRsa2048NoDigestSignature.java index 991072e2..08e11436 100644 --- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMRsa2048NoDigestSignature.java +++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMRsa2048NoDigestSignature.java @@ -130,11 +130,13 @@ private void padData(byte[] buf, short start, short len, byte[] outBuf, private boolean isValidData(byte[] buf, short start, short len) { if (algorithm == ALG_RSA_SIGN_NOPAD) { - if (len > 256) + if (len > 256) { return false; + } } else { // ALG_RSA_PKCS1_NODIGEST - if (len > 245) + if (len > 245) { return false; + } } return true; } diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMRsaOAEPEncoding.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMRsaOAEPEncoding.java index 066d828f..ac099bc5 100644 --- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMRsaOAEPEncoding.java +++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMRsaOAEPEncoding.java @@ -38,40 +38,41 @@ public KMRsaOAEPEncoding(byte alg) { setDigests(alg); cipher = Cipher.getInstance(Cipher.ALG_RSA_NOPAD, false); algorithm = alg; - if (null == mgf1Buf) + if (null == mgf1Buf) { mgf1Buf = JCSystem.makeTransientByteArray(MGF1_BUF_SIZE, - JCSystem.MEMORY_TYPE_TRANSIENT_DESELECT); + JCSystem.MEMORY_TYPE_TRANSIENT_DESELECT); + } } private void setDigests(byte alg) { switch (alg) { - case ALG_RSA_PKCS1_OAEP_SHA256_MGF1_SHA1: - hash = MessageDigest.ALG_SHA_256; - mgf1Hash = MessageDigest.ALG_SHA; - break; - case ALG_RSA_PKCS1_OAEP_SHA256_MGF1_SHA256: - hash = MessageDigest.ALG_SHA_256; - mgf1Hash = MessageDigest.ALG_SHA_256; - break; - default: - CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM); + case ALG_RSA_PKCS1_OAEP_SHA256_MGF1_SHA1: + hash = MessageDigest.ALG_SHA_256; + mgf1Hash = MessageDigest.ALG_SHA; + break; + case ALG_RSA_PKCS1_OAEP_SHA256_MGF1_SHA256: + hash = MessageDigest.ALG_SHA_256; + mgf1Hash = MessageDigest.ALG_SHA_256; + break; + default: + CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM); } } - + private short getDigestLength() { - switch(hash) { - case MessageDigest.ALG_SHA: - return MessageDigest.LENGTH_SHA; - case MessageDigest.ALG_SHA_224: - return MessageDigest.LENGTH_SHA_224; - case MessageDigest.ALG_SHA_256: - return MessageDigest.LENGTH_SHA_256; - case MessageDigest.ALG_SHA_384: - return MessageDigest.LENGTH_SHA_384; - case MessageDigest.ALG_SHA3_512: - return MessageDigest.LENGTH_SHA_512; - default: - CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM); + switch (hash) { + case MessageDigest.ALG_SHA: + return MessageDigest.LENGTH_SHA; + case MessageDigest.ALG_SHA_224: + return MessageDigest.LENGTH_SHA_224; + case MessageDigest.ALG_SHA_256: + return MessageDigest.LENGTH_SHA_256; + case MessageDigest.ALG_SHA_384: + return MessageDigest.LENGTH_SHA_384; + case MessageDigest.ALG_SHA3_512: + return MessageDigest.LENGTH_SHA_512; + default: + CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM); } return 0; } @@ -84,7 +85,7 @@ public void init(Key theKey, byte theMode) throws CryptoException { @Override public void init(Key theKey, byte theMode, byte[] bArray, short bOff, - short bLen) throws CryptoException { + short bLen) throws CryptoException { cipher.init(theKey, theMode, bArray, bOff, bLen); } @@ -105,7 +106,7 @@ public byte getPaddingAlgorithm() { @Override public short doFinal(byte[] inBuff, short inOffset, short inLength, - byte[] outBuff, short outOffset) throws CryptoException { + byte[] outBuff, short outOffset) throws CryptoException { short len = cipher.doFinal(inBuff, inOffset, inLength, outBuff, outOffset); // https://tools.ietf.org/html/rfc8017#section-7.1 @@ -127,18 +128,18 @@ public short doFinal(byte[] inBuff, short inOffset, short inLength, inBuff = outBuff; inOffset = (short) (outOffset + 1); return rsaOAEPDecode(inBuff, inOffset, (short) (len - 1), outBuff, - outOffset); + outOffset); } @Override public short update(byte[] inBuff, short inOffset, short inLength, - byte[] outBuff, short outOffset) throws CryptoException { + byte[] outBuff, short outOffset) throws CryptoException { return cipher.update(inBuff, inOffset, inLength, outBuff, outOffset); } private void maskGenerationFunction1(byte[] input, short inputOffset, - short inputLen, short expectedOutLen, byte[] outBuf, short outOffset) { + short inputLen, short expectedOutLen, byte[] outBuf, short outOffset) { short counter = 0; MessageDigest.OneShot md = null; try { @@ -149,21 +150,22 @@ private void maskGenerationFunction1(byte[] input, short inputOffset, while (counter < (short) (expectedOutLen / digestLen)) { I2OS(counter, mgf1Buf, (short) inputLen); md.doFinal(mgf1Buf, (short) 0, (short) (4 + inputLen), outBuf, - (short) (outOffset + (counter * digestLen))); + (short) (outOffset + (counter * digestLen))); counter++; } if ((short) (counter * digestLen) < expectedOutLen) { I2OS(counter, mgf1Buf, (short) inputLen); md.doFinal(mgf1Buf, (short) 0, (short) (4 + inputLen), outBuf, - (short) (outOffset + (counter * digestLen))); + (short) (outOffset + (counter * digestLen))); } } finally { - if (md != null) + if (md != null) { md.close(); + } Util.arrayFillNonAtomic(mgf1Buf, (short) 0, (short) MGF1_BUF_SIZE, - (byte) 0); + (byte) 0); } } @@ -175,14 +177,14 @@ private void I2OS(short i, byte[] out, short offset) { } private short rsaOAEPDecode(byte[] encodedMsg, short encodedMsgOff, - short encodedMsgLen, byte[] msg, short offset) { + short encodedMsgLen, byte[] msg, short offset) { MessageDigest.OneShot md = null; byte[] tmpArray = KMAndroidSEProvider.getInstance().tmpArray; try { short hLen = getDigestLength(); - if (encodedMsgLen < (short)(2 * hLen + 1)) { + if (encodedMsgLen < (short) (2 * hLen + 1)) { CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); } // encodedMsg will be in the format of maskedSeed||maskedDB. @@ -191,7 +193,7 @@ private short rsaOAEPDecode(byte[] encodedMsg, short encodedMsgOff, // of the seedMask is hLen. // seedMask = MGF(maskedDB, hLen) maskGenerationFunction1(encodedMsg, (short) (encodedMsgOff + hLen), - (short) (encodedMsgLen - hLen), hLen, tmpArray, (short) 0); + (short) (encodedMsgLen - hLen), hLen, tmpArray, (short) 0); // Get the seed by doing XOR of (maskedSeed ^ seedMask). // seed = (maskedSeed ^ seedMask) @@ -203,7 +205,7 @@ private short rsaOAEPDecode(byte[] encodedMsg, short encodedMsgOff, // Now get the dbMask by calling MGF(seed , (emLen-hLen)). // dbMask = MGF(seed , (emLen-hLen)). maskGenerationFunction1(encodedMsg, (short) encodedMsgOff, hLen, - (short) (encodedMsgLen - hLen), tmpArray, (short) 0); + (short) (encodedMsgLen - hLen), tmpArray, (short) 0); // Get the DB value. DB = (maskedDB ^ dbMask) // DB = Hash(P)||00||01||Msg, where P is encoding parameters. (P = NULL) @@ -217,7 +219,7 @@ private short rsaOAEPDecode(byte[] encodedMsg, short encodedMsgOff, Util.arrayFillNonAtomic(tmpArray, (short) 0, (short) 256, (byte) 0); md.doFinal(tmpArray, (short) 0, (short) 0, tmpArray, (short) 0); if (0 != Util.arrayCompare(encodedMsg, (short) (encodedMsgOff + hLen), - tmpArray, (short) 0, hLen)) { + tmpArray, (short) 0, hLen)) { // Verification failed. CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); } @@ -231,7 +233,8 @@ private short rsaOAEPDecode(byte[] encodedMsg, short encodedMsgOff, // starting of the block and a variable length of 0's are // appended to the end of the hash till the 0x01 byte. short start = 0; - for (short i = (short) (encodedMsgOff + 2 * hLen); i < (short) (encodedMsgOff + encodedMsgLen); i++) { + for (short i = (short) (encodedMsgOff + 2 * hLen); + i < (short) (encodedMsgOff + encodedMsgLen); i++) { if (i == (short) ((encodedMsgOff + encodedMsgLen) - 1)) { // Bad Padding. CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); @@ -243,14 +246,15 @@ private short rsaOAEPDecode(byte[] encodedMsg, short encodedMsgOff, } // Copy the message Util.arrayCopyNonAtomic(encodedMsg, (short) (start + 1), msg, offset, - (short) (encodedMsgLen - ((start - encodedMsgOff) + 1))); + (short) (encodedMsgLen - ((start - encodedMsgOff) + 1))); return (short) (encodedMsgLen - ((start - encodedMsgOff) + 1)); } finally { - if (md != null) + if (md != null) { md.close(); + } Util.arrayFillNonAtomic(tmpArray, (short) 0, - KMAndroidSEProvider.TMP_ARRAY_SIZE, (byte) 0); + KMAndroidSEProvider.TMP_ARRAY_SIZE, (byte) 0); } } } \ No newline at end of file diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMUtils.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMUtils.java index 2e72ae6d..c2b5c7f3 100644 --- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMUtils.java +++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMUtils.java @@ -18,43 +18,44 @@ import javacard.framework.Util; public class KMUtils { + // 64 bit unsigned calculations for time public static final byte[] oneSecMsec = { - 0, 0, 0, 0, 0, 0, 0x03, (byte) 0xE8 }; // 1000 msec + 0, 0, 0, 0, 0, 0, 0x03, (byte) 0xE8}; // 1000 msec public static final byte[] oneMinMsec = { - 0, 0, 0, 0, 0, 0, (byte) 0xEA, 0x60 }; // 60000 msec + 0, 0, 0, 0, 0, 0, (byte) 0xEA, 0x60}; // 60000 msec public static final byte[] oneHourMsec = { - 0, 0, 0, 0, 0, 0x36, (byte) 0xEE, (byte) 0x80 }; // 3600000 msec + 0, 0, 0, 0, 0, 0x36, (byte) 0xEE, (byte) 0x80}; // 3600000 msec public static final byte[] oneDayMsec = { - 0, 0, 0, 0, 0x05, 0x26, 0x5C, 0x00 }; // 86400000 msec + 0, 0, 0, 0, 0x05, 0x26, 0x5C, 0x00}; // 86400000 msec public static final byte[] oneMonthMsec = { - 0, 0, 0, 0, (byte) 0x9C,(byte) 0xBE, (byte) 0xBD, 0x50}; // 2629746000 msec - public static final byte[] leapYearMsec = { - 0, 0, 0, 0x07, (byte) 0x5C, (byte) 0xD7, (byte) 0x88, 0x00}; //31622400000; + 0, 0, 0, 0, (byte) 0x9C, (byte) 0xBE, (byte) 0xBD, 0x50}; // 2629746000 msec + public static final byte[] leapYearMsec = { + 0, 0, 0, 0x07, (byte) 0x5C, (byte) 0xD7, (byte) 0x88, 0x00}; //31622400000; public static final byte[] yearMsec = { - 0, 0, 0, 0x07, 0x57, (byte) 0xB1, 0x2C, 0x00}; //31536000000 + 0, 0, 0, 0x07, 0x57, (byte) 0xB1, 0x2C, 0x00}; //31536000000 //Leap year(366) + 3 * 365 public static final byte[] fourYrsMsec = { - 0, 0, 0, 0x1D, 0x63, (byte) 0xEB, 0x0C, 0x00};//126230400000 + 0, 0, 0, 0x1D, 0x63, (byte) 0xEB, 0x0C, 0x00};//126230400000 public static final byte[] firstJan2020 = { - 0, 0, 0x01, 0x6F, 0x5E, 0x66, (byte)0xE8, 0x00 }; // 1577836800000 msec + 0, 0, 0x01, 0x6F, 0x5E, 0x66, (byte) 0xE8, 0x00}; // 1577836800000 msec public static final byte[] firstJan2051 = { - 0, 0, 0x02, 0x53, 0x26, (byte) 0x0E, (byte) 0x1C, 0x00 }; // 2556144000000 - // msec + 0, 0, 0x02, 0x53, 0x26, (byte) 0x0E, (byte) 0x1C, 0x00}; // 2556144000000 + // msec public static final byte[] febMonthLeapMSec = { - 0, 0, 0, 0, (byte) 0x95, 0x58, 0x6C, 0x00 }; //2505600000 + 0, 0, 0, 0, (byte) 0x95, 0x58, 0x6C, 0x00}; //2505600000 public static final byte[] febMonthMsec = { - 0, 0, 0, 0, (byte) 0x90, 0x32, 0x10, 0x00 }; //2419200000 + 0, 0, 0, 0, (byte) 0x90, 0x32, 0x10, 0x00}; //2419200000 public static final byte[] ThirtyOneDaysMonthMsec = { - 0, 0, 0, 0, (byte) 0x9F, (byte) 0xA5, 0x24, 0x00 };//2678400000 + 0, 0, 0, 0, (byte) 0x9F, (byte) 0xA5, 0x24, 0x00};//2678400000 public static final byte[] ThirtDaysMonthMsec = { - 0, 0, 0, 0, (byte) 0x9A, 0x7E, (byte) 0xC8, 0x00 };//2592000000 + 0, 0, 0, 0, (byte) 0x9A, 0x7E, (byte) 0xC8, 0x00};//2592000000 public static final short year2051 = 2051; public static final short year2020 = 2020; // -------------------------------------- public static short convertToDate(short time, byte[] scratchPad, - boolean utcFlag) { + boolean utcFlag) { short yrsCount = 0; short monthCount = 1; @@ -66,48 +67,48 @@ public static short convertToDate(short time, byte[] scratchPad, boolean from2020 = true; Util.arrayFillNonAtomic(scratchPad, (short) 0, (short) 256, (byte) 0); Util.arrayCopyNonAtomic(KMInteger.cast(time).getBuffer(), - KMInteger.cast(time).getStartOff(), scratchPad, - (short) (8 - KMInteger.cast(time).length()), KMInteger.cast(time) - .length()); + KMInteger.cast(time).getStartOff(), scratchPad, + (short) (8 - KMInteger.cast(time).length()), KMInteger.cast(time) + .length()); // If the time is less then 1 Jan 2020 then it is an error if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2020, (short) 0, - (short) 8) < 0) { + (short) 8) < 0) { KMException.throwIt(KMError.INVALID_ARGUMENT); } if (utcFlag - && KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, - (short) 0, (short) 8) >= 0) { + && KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, + (short) 0, (short) 8) >= 0) { KMException.throwIt(KMError.INVALID_ARGUMENT); } if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, (short) 0, - (short) 8) < 0) { + (short) 8) < 0) { Util.arrayCopyNonAtomic(firstJan2020, (short) 0, scratchPad, (short) 8, - (short) 8); + (short) 8); subtract(scratchPad, (short) 0, (short) 8, (short) 16); Util.arrayCopyNonAtomic(scratchPad, (short) 16, scratchPad, (short) 0, - (short) 8); + (short) 8); } else { from2020 = false; Util.arrayCopyNonAtomic(firstJan2051, (short) 0, scratchPad, (short) 8, - (short) 8); + (short) 8); subtract(scratchPad, (short) 0, (short) 8, (short) 16); Util.arrayCopyNonAtomic(scratchPad, (short) 16, scratchPad, (short) 0, - (short) 8); + (short) 8); } // divide the given time with four yrs msec count if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, fourYrsMsec, (short) 0, - (short) 8) >= 0) { + (short) 8) >= 0) { Util.arrayCopyNonAtomic(fourYrsMsec, (short) 0, scratchPad, (short) 8, - (short) 8); + (short) 8); yrsCount = divide(scratchPad, (short) 0, (short) 8, (short) 16); // quotient - // is - // multiple - // of 4 + // is + // multiple + // of 4 yrsCount = (short) (yrsCount * 4); // number of yrs. // copy reminder as new dividend Util.arrayCopyNonAtomic(scratchPad, (short) 16, scratchPad, (short) 0, - (short) 8); + (short) 8); } //Get the leap year index starting from the (base Year + yrsCount) Year. @@ -116,29 +117,33 @@ public static short convertToDate(short time, byte[] scratchPad, // if leap year index is 0, then the number of days for the 1st year will be 366 days. // if leap year index is not 0, then the number of days for the 1st year will be 365 days. if (((leapYrIdx == 0) && - (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, leapYearMsec, (short) 0,(short) 8) >= 0)) || - ((leapYrIdx != 0) && - (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, yearMsec, (short) 0,(short) 8) >= 0))) { + (KMInteger + .unsignedByteArrayCompare(scratchPad, (short) 0, leapYearMsec, (short) 0, (short) 8) + >= 0)) || + ((leapYrIdx != 0) && + (KMInteger + .unsignedByteArrayCompare(scratchPad, (short) 0, yearMsec, (short) 0, (short) 8) + >= 0))) { for (short i = 0; i < 4; i++) { yrsCount++; if (i == leapYrIdx) { Util.arrayCopyNonAtomic(leapYearMsec, (short) 0, scratchPad, - (short) 8, (short) 8); + (short) 8, (short) 8); } else { Util.arrayCopyNonAtomic(yearMsec, (short) 0, scratchPad, (short) 8, - (short) 8); + (short) 8); } subtract(scratchPad, (short) 0, (short) 8, (short) 16); Util.arrayCopyNonAtomic(scratchPad, (short) 16, scratchPad, (short) 0, - (short) 8); + (short) 8); if (((short) (i + 1) == leapYrIdx)) { if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, leapYearMsec, - (short) 0, (short) 8) < 0) { + (short) 0, (short) 8) < 0) { break; } } else { if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, yearMsec, - (short) 0, (short) 8) < 0) { + (short) 0, (short) 8) < 0) { break; } } @@ -146,40 +151,41 @@ public static short convertToDate(short time, byte[] scratchPad, } // total yrs from 1970 - if (from2020) + if (from2020) { yrsCount = (short) (year2020 + yrsCount); - else + } else { yrsCount = (short) (year2051 + yrsCount); + } // divide the given time with one month msec count if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, oneMonthMsec, (short) 0, - (short) 8) >= 0) { + (short) 8) >= 0) { for (short i = 0; i < 12; i++) { if (i == 1) { // Feb month if (isLeapYear(yrsCount)) { // Leap year 29 days Util.arrayCopyNonAtomic(febMonthLeapMSec, (short) 0, scratchPad, - (short) 8, (short) 8); + (short) 8, (short) 8); } else { // 28 days Util.arrayCopyNonAtomic(febMonthMsec, (short) 0, scratchPad, - (short) 8, (short) 8); + (short) 8, (short) 8); } } else if (((i <= 6) && ((i % 2 == 0))) || ((i > 6) && ((i % 2 == 1)))) { Util.arrayCopyNonAtomic(ThirtyOneDaysMonthMsec, (short) 0, - scratchPad, (short) 8, (short) 8); + scratchPad, (short) 8, (short) 8); } else { // 30 Days Util.arrayCopyNonAtomic(ThirtDaysMonthMsec, (short) 0, scratchPad, - (short) 8, (short) 8); + (short) 8, (short) 8); } if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, scratchPad, (short) 8, - (short) 8) >= 0) { + (short) 8) >= 0) { subtract(scratchPad, (short) 0, (short) 8, (short) 16); Util.arrayCopyNonAtomic(scratchPad, (short) 16, scratchPad, (short) 0, - (short) 8); + (short) 8); } else { break; } @@ -189,43 +195,43 @@ public static short convertToDate(short time, byte[] scratchPad, // divide the given time with one day msec count if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, oneDayMsec, (short) 0, - (short) 8) >= 0) { + (short) 8) >= 0) { Util.arrayCopyNonAtomic(oneDayMsec, (short) 0, scratchPad, (short) 8, - (short) 8); + (short) 8); dayCount = divide(scratchPad, (short) 0, (short) 8, (short) 16); dayCount++; Util.arrayCopyNonAtomic(scratchPad, (short) 16, scratchPad, (short) 0, - (short) 8); + (short) 8); } // divide the given time with one hour msec count if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, oneHourMsec, (short) 0, - (short) 8) >= 0) { + (short) 8) >= 0) { Util.arrayCopyNonAtomic(oneHourMsec, (short) 0, scratchPad, (short) 8, - (short) 8); + (short) 8); hhCount = divide(scratchPad, (short) 0, (short) 8, (short) 16); Util.arrayCopyNonAtomic(scratchPad, (short) 16, scratchPad, (short) 0, - (short) 8); + (short) 8); } // divide the given time with one minute msec count if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, oneMinMsec, (short) 0, - (short) 8) >= 0) { + (short) 8) >= 0) { Util.arrayCopyNonAtomic(oneMinMsec, (short) 0, scratchPad, (short) 8, - (short) 8); + (short) 8); mmCount = divide(scratchPad, (short) 0, (short) 8, (short) 16); Util.arrayCopyNonAtomic(scratchPad, (short) 16, scratchPad, (short) 0, - (short) 8); + (short) 8); } // divide the given time with one second msec count if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, oneSecMsec, (short) 0, - (short) 8) >= 0) { + (short) 8) >= 0) { Util.arrayCopyNonAtomic(oneSecMsec, (short) 0, scratchPad, (short) 8, - (short) 8); + (short) 8); ssCount = divide(scratchPad, (short) 0, (short) 8, (short) 16); Util.arrayCopyNonAtomic(scratchPad, (short) 16, scratchPad, (short) 0, - (short) 8); + (short) 8); } // Now convert to ascii string YYMMDDhhmmssZ or YYYYMMDDhhmmssZ @@ -238,19 +244,21 @@ public static short convertToDate(short time, byte[] scratchPad, len += numberToString(ssCount, scratchPad, len); scratchPad[len] = Z; len++; - if (utcFlag) + if (utcFlag) { return KMByteBlob.instance(scratchPad, (short) 2, (short) (len - 2)); // YY - else + } else { return KMByteBlob.instance(scratchPad, (short) 0, len); // YYYY + } } public static short numberToString(short number, byte[] scratchPad, - short offset) { + short offset) { byte zero = 0x30; byte len = 2; byte digit; - if (number > 999) + if (number > 999) { len = 4; + } byte index = len; while (index > 0) { digit = (byte) (number % 10); @@ -265,7 +273,7 @@ public static short numberToString(short number, byte[] scratchPad, // i.e. dividend - quotient*divisor = remainder where remainder < divisor. // so this is division by subtraction until remainder remains. public static short divide(byte[] buf, short dividend, short divisor, - short remainder) { + short remainder) { short expCnt = 1; short q = 0; // first increase divisor so that it becomes greater then dividend. @@ -303,10 +311,11 @@ public static void shiftLeft(byte[] buf, short start) { tmp = buf[(short) (start + index)]; buf[(short) (start + index)] = (byte) (buf[(short) (start + index)] << 1); buf[(short) (start + index)] = (byte) (buf[(short) (start + index)] + carry); - if (tmp < 0) + if (tmp < 0) { carry = 1; - else + } else { carry = 0; + } index--; } } @@ -320,10 +329,11 @@ public static void shiftRight(byte[] buf, short start) { buf[(short) (start + index)] = (byte) (buf[(short) (start + index)] >> 1); buf[(short) (start + index)] = (byte) (buf[(short) (start + index)] & 0x7F); buf[(short) (start + index)] = (byte) (buf[(short) (start + index)] | carry); - if (tmp == 1) + if (tmp == 1) { carry = (byte) 0x80; - else + } else { carry = 0; + } index++; } } @@ -335,8 +345,9 @@ public static void add(byte[] buf, short op1, short op2, short result) { while (index >= 0) { tmp = (short) (buf[(short) (op1 + index)] + buf[(short) (op2 + index)] + carry); carry = 0; - if (tmp > 255) + if (tmp > 255) { carry = 1; // max unsigned byte value is 255 + } buf[(short) (result + index)] = (byte) (tmp & (byte) 0xFF); index--; } @@ -362,25 +373,25 @@ public static void subtract(byte[] buf, short op1, short op2, short result) { index--; } } - + public static short countTemporalCount(byte[] bufTime, short timeOff, - short timeLen, byte[] scratchPad, short offset) { + short timeLen, byte[] scratchPad, short offset) { Util.arrayFillNonAtomic(scratchPad, (short) offset, (short) 24, (byte) 0); Util.arrayCopyNonAtomic( - bufTime, - timeOff, - scratchPad, - (short) (offset + 8 - timeLen), - timeLen); + bufTime, + timeOff, + scratchPad, + (short) (offset + 8 - timeLen), + timeLen); Util.arrayCopyNonAtomic(oneMonthMsec, (short) 0, scratchPad, (short) (offset + 8), - (short) 8); + (short) 8); return divide(scratchPad, (short) 0, (short) 8, (short) 16); } public static boolean isLeapYear(short year) { - if ((short)(year%4) == (short) 0) { - if (((short)(year % 100) == (short) 0) && - ((short) (year % 400)) != (short) 0) { + if ((short) (year % 4) == (short) 0) { + if (((short) (year % 100) == (short) 0) && + ((short) (year % 400)) != (short) 0) { return false; } return true; @@ -390,8 +401,8 @@ public static boolean isLeapYear(short year) { public static short getLeapYrIndex(boolean from2020, short yrsCount) { short newBaseYr = (short) (from2020 ? (year2020 + yrsCount) : (year2051 + yrsCount)); - for(short i = 0; i < 4; i++) { - if(isLeapYear((short)(newBaseYr + i))) { + for (short i = 0; i < 4; i++) { + if (isLeapYear((short) (newBaseYr + i))) { return i; } } diff --git a/Applet/JCardSimProvider/build.xml b/Applet/JCardSimProvider/build.xml index 58343402..3d06a8fd 100644 --- a/Applet/JCardSimProvider/build.xml +++ b/Applet/JCardSimProvider/build.xml @@ -1,21 +1,23 @@ - - + + - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + @@ -23,9 +25,10 @@ - + - + @@ -34,7 +37,8 @@ - + @@ -52,5 +56,5 @@ - + \ No newline at end of file diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMAESKey.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMAESKey.java index 489d4f77..258dc461 100644 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMAESKey.java +++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMAESKey.java @@ -18,6 +18,7 @@ import javacard.security.AESKey; public class KMAESKey implements KMMasterKey { + private AESKey aesKey; public KMAESKey(AESKey key) { @@ -31,7 +32,7 @@ public void setKey(byte[] keyData, short kOff) { public byte getKey(byte[] keyData, short kOff) { return aesKey.getKey(keyData, kOff); } - + public short getKeySizeBits() { return aesKey.getSize(); } diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java index 18e67e72..37e67d1c 100644 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java +++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java @@ -25,50 +25,53 @@ // The certificate is assembled with leafs first and then the sequences. public class KMAttestationCertImpl implements KMAttestationCert { + private static final byte MAX_PARAMS = 30; // DER encoded object identifiers required by the cert. // rsaEncryption - 1.2.840.113549.1.1.1 private static final byte[] rsaEncryption = { - 0x06, 0x09, 0x2A, (byte) 0x86, 0x48, (byte) 0x86, (byte) 0xF7, 0x0D, 0x01, 0x01, 0x01 + 0x06, 0x09, 0x2A, (byte) 0x86, 0x48, (byte) 0x86, (byte) 0xF7, 0x0D, 0x01, 0x01, 0x01 }; // ecPublicKey - 1.2.840.10045.2.1 private static final byte[] eccPubKey = { - 0x06, 0x07, 0x2A, (byte) 0x86, 0x48, (byte) 0xCE, 0x3D, 0x02, 0x01 + 0x06, 0x07, 0x2A, (byte) 0x86, 0x48, (byte) 0xCE, 0x3D, 0x02, 0x01 }; // prime256v1 curve - 1.2.840.10045.3.1.7 private static final byte[] prime256v1 = { - 0x06, 0x08, 0x2A, (byte) 0x86, 0x48, (byte) 0xCE, 0x3D, 0x03, 0x01, 0x07 + 0x06, 0x08, 0x2A, (byte) 0x86, 0x48, (byte) 0xCE, 0x3D, 0x03, 0x01, 0x07 }; // Key Usage Extn - 2.5.29.15 private static final byte[] keyUsageExtn = {0x06, 0x03, 0x55, 0x1D, 0x0F}; // Android Extn - 1.3.6.1.4.1.11129.2.1.17 private static final byte[] androidExtn = { - 0x06, 0x0A, 0X2B, 0X06, 0X01, 0X04, 0X01, (byte) 0XD6, 0X79, 0X02, 0X01, 0X11 + 0x06, 0x0A, 0X2B, 0X06, 0X01, 0X04, 0X01, (byte) 0XD6, 0X79, 0X02, 0X01, 0X11 }; private static final short ECDSA_MAX_SIG_LEN = 72; //Signature algorithm identifier - always ecdsaWithSha256 - 1.2.840.10045.4.3.2 //SEQUENCE of alg OBJ ID and parameters = NULL. private static final byte[] X509SignAlgIdentifier = { - 0x30, - 0x0A, - 0x06, - 0x08, - 0x2A, - (byte) 0x86, - 0x48, - (byte) 0xCE, - (byte) 0x3D, - 0x04, - 0x03, - 0x02 + 0x30, + 0x0A, + 0x06, + 0x08, + 0x2A, + (byte) 0x86, + 0x48, + (byte) 0xCE, + (byte) 0x3D, + 0x04, + 0x03, + 0x02 }; // Validity is not fixed field // Subject is a fixed field with only CN= Android Keystore Key - same for all the keys private static final byte[] X509Subject = { - 0x30, 0x1F, 0x31, 0x1D, 0x30, 0x1B, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x14, 0x41, 0x6e, 0x64, - 0x72, 0x6f, 0x69, 0x64, 0x20, 0x4B, 0x65, 0x79, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x20, 0x4B, 0x65, - 0x79 + 0x30, 0x1F, 0x31, 0x1D, 0x30, 0x1B, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x14, 0x41, 0x6e, + 0x64, + 0x72, 0x6f, 0x69, 0x64, 0x20, 0x4B, 0x65, 0x79, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x20, 0x4B, + 0x65, + 0x79 }; private static final byte keyUsageSign = (byte) 0x80; // 0 bit @@ -111,10 +114,13 @@ public class KMAttestationCertImpl implements KMAttestationCert { private static short issuer; private static short signPriv; - private KMAttestationCertImpl() {} + private KMAttestationCertImpl() { + } public static KMAttestationCert instance(boolean rsaCert) { - if (inst == null) inst = new KMAttestationCertImpl(); + if (inst == null) { + inst = new KMAttestationCertImpl(); + } init(); KMAttestationCertImpl.rsaCert = rsaCert; return inst; @@ -184,18 +190,19 @@ public KMAttestationCert notBefore(short obj, byte[] scratchpad) { @Override public KMAttestationCert notAfter(short usageExpiryTimeObj, - short certExpirtyTimeObj, byte[] scratchPad, short tmpVar) { + short certExpirtyTimeObj, byte[] scratchPad, short tmpVar) { if (usageExpiryTimeObj != KMType.INVALID_VALUE) { // compare if the expiry time is greater then 2051 then use generalized // time format else use utc time format. usageExpiryTimeObj = KMIntegerTag.cast(usageExpiryTimeObj).getValue(); tmpVar = KMInteger.uint_64(KMUtils.firstJan2051, (short) 0); - if (KMInteger.compare(usageExpiryTimeObj, tmpVar) >= 0) + if (KMInteger.compare(usageExpiryTimeObj, tmpVar) >= 0) { usageExpiryTimeObj = KMUtils.convertToDate(usageExpiryTimeObj, scratchPad, - false); - else + false); + } else { usageExpiryTimeObj = KMUtils - .convertToDate(usageExpiryTimeObj, scratchPad, true); + .convertToDate(usageExpiryTimeObj, scratchPad, true); + } notAfter = usageExpiryTimeObj; } else { notAfter = certExpirtyTimeObj; @@ -205,8 +212,11 @@ public KMAttestationCert notAfter(short usageExpiryTimeObj, @Override public KMAttestationCert deviceLocked(boolean val) { - if (val) deviceLocked = (byte) 0xFF; - else deviceLocked = 0; + if (val) { + deviceLocked = (byte) 0xFF; + } else { + deviceLocked = 0; + } return this; } @@ -296,7 +306,9 @@ private static void pushTbsCert(boolean rsaCert) { private static void pushExtensions() { short last = stackPtr; - if (keyUsage != 0) pushKeyUsage(keyUsage, unusedBits); + if (keyUsage != 0) { + pushKeyUsage(keyUsage, unusedBits); + } pushKeyDescription(); pushSequenceHeader((short) (last - stackPtr)); // Extensions have explicit tag of [3] @@ -360,6 +372,7 @@ private static void pushRsaSubjectKeyInfo() { pushRsaEncryption(); pushSequenceHeader((short) (last - stackPtr)); } + // SEQUENCE{SEQUENCE{ecPubKey, prime256v1}, bitString{pubKey}} private static void pushEccSubjectKeyInfo() { short last = stackPtr; @@ -385,6 +398,7 @@ private static void pushRsaEncryption() { pushBytes(rsaEncryption, (short) 0, (short) rsaEncryption.length); pushSequenceHeader((short) (last - stackPtr)); } + // KeyDescription ::= SEQUENCE { // attestationVersion INTEGER, # Value 3 // attestationSecurityLevel SecurityLevel, # See below @@ -427,9 +441,9 @@ private static void pushSWParams() { short last = stackPtr; // Below are the allowed softwareEnforced Authorization tags inside the attestation certificate's extension. short[] tagIds = { - KMType.ATTESTATION_APPLICATION_ID, KMType.CREATION_DATETIME, - KMType.USAGE_EXPIRE_DATETIME, KMType.ORIGINATION_EXPIRE_DATETIME, - KMType.ACTIVE_DATETIME, KMType.UNLOCKED_DEVICE_REQUIRED }; + KMType.ATTESTATION_APPLICATION_ID, KMType.CREATION_DATETIME, + KMType.USAGE_EXPIRE_DATETIME, KMType.ORIGINATION_EXPIRE_DATETIME, + KMType.ACTIVE_DATETIME, KMType.UNLOCKED_DEVICE_REQUIRED}; byte index = 0; do { pushParams(swParams, swParamsIndex, tagIds[index]); @@ -441,15 +455,15 @@ private static void pushHWParams() { short last = stackPtr; // Below are the allowed hardwareEnforced Authorization tags inside the attestation certificate's extension. short[] tagIds = { - KMType.BOOT_PATCH_LEVEL, KMType.VENDOR_PATCH_LEVEL, - KMType.OS_PATCH_LEVEL, KMType.OS_VERSION, KMType.ROOT_OF_TRUST, - KMType.ORIGIN, KMType.APPLICATION_ID, - KMType.TRUSTED_CONFIRMATION_REQUIRED, - KMType.TRUSTED_USER_PRESENCE_REQUIRED, KMType.ALLOW_WHILE_ON_BODY, - KMType.AUTH_TIMEOUT, KMType.USER_AUTH_TYPE, KMType.NO_AUTH_REQUIRED, - KMType.ROLLBACK_RESISTANCE, KMType.RSA_PUBLIC_EXPONENT, - KMType.ECCURVE, KMType.PADDING, KMType.DIGEST, KMType.KEYSIZE, - KMType.ALGORITHM, KMType.PURPOSE }; + KMType.BOOT_PATCH_LEVEL, KMType.VENDOR_PATCH_LEVEL, + KMType.OS_PATCH_LEVEL, KMType.OS_VERSION, KMType.ROOT_OF_TRUST, + KMType.ORIGIN, KMType.APPLICATION_ID, + KMType.TRUSTED_CONFIRMATION_REQUIRED, + KMType.TRUSTED_USER_PRESENCE_REQUIRED, KMType.ALLOW_WHILE_ON_BODY, + KMType.AUTH_TIMEOUT, KMType.USER_AUTH_TYPE, KMType.NO_AUTH_REQUIRED, + KMType.ROLLBACK_RESISTANCE, KMType.RSA_PUBLIC_EXPONENT, + KMType.ECCURVE, KMType.PADDING, KMType.DIGEST, KMType.KEYSIZE, + KMType.ALGORITHM, KMType.PURPOSE}; byte index = 0; do { @@ -457,7 +471,9 @@ private static void pushHWParams() { pushRoT(); continue; } - if (pushParams(hwParams, hwParamsIndex, tagIds[index])) continue; + if (pushParams(hwParams, hwParamsIndex, tagIds[index])) { + continue; + } } while (++index < tagIds.length); pushSequenceHeader((short) (last - stackPtr)); } @@ -525,6 +541,7 @@ private static void pushTag(short tag) { break; } } + // RootOfTrust ::= SEQUENCE { // verifiedBootKey OCTET_STRING, // deviceLocked BOOLEAN, @@ -588,6 +605,7 @@ private static void pushEnumArrayTag(short tagId, byte[] buf, short start, short pushSetHeader((short) (last - stackPtr)); pushTagIdHeader(tagId, (short) (last - stackPtr)); } + // Only SET of INTEGERS supported are padding, digest, purpose and blockmode // All of these are enum array tags i.e. byte long values private static void pushIntegerArrayTag(short tagId, short arr) { @@ -647,13 +665,16 @@ private static void pushIntegerTag(short tagId, byte[] buf, short start, short l // pushIntegerHeader((short) (last - stackPtr)); pushTagIdHeader(tagId, (short) (last - stackPtr)); } + // Ignore leading zeros. Only Unsigned Integers are required hence if MSB is set then add 0x00 // as most significant byte. private static void pushInteger(byte[] buf, short start, short len) { short last = stackPtr; byte index = 0; while (index < (byte) len) { - if (buf[(short) (start + index)] != 0) break; + if (buf[(short) (start + index)] != 0) { + break; + } index++; } if (index == (byte) len) { @@ -666,6 +687,7 @@ private static void pushInteger(byte[] buf, short start, short len) { } pushIntegerHeader((short) (last - stackPtr)); } + // Bytes Tag is a octet string and tag id is added explicitly private static void pushBytesTag(short tagId, byte[] buf, short start, short len) { short last = stackPtr; @@ -691,6 +713,7 @@ private static void pushTagIdHeader(short tagId, short len) { pushByte((byte) (0xA0 | (byte) tagId)); } } + // SEQUENCE {ObjId, OCTET STRING{BIT STRING{keyUsage}}} private static void pushKeyUsage(byte keyUsage, byte unusedBits) { short last = stackPtr; @@ -757,7 +780,9 @@ private static void pushBytes(byte[] buf, short start, short len) { private static void decrementStackPtr(short cnt) { stackPtr = (short) (stackPtr - cnt); - if (start > stackPtr) KMException.throwIt(KMError.UNKNOWN_ERROR); + if (start > stackPtr) { + KMException.throwIt(KMError.UNKNOWN_ERROR); + } } @Override @@ -800,39 +825,39 @@ public void build() { KMJCardSimulator provider = KMJCardSimulator.getInstance(); short sigLen = provider .ecSign256( - provider.getAttestationKey(), - stack, - tbsOffset, - tbsLength, - stack, - signatureOffset); - if(sigLen != ECDSA_MAX_SIG_LEN) { + provider.getAttestationKey(), + stack, + tbsOffset, + tbsLength, + stack, + signatureOffset); + if (sigLen != ECDSA_MAX_SIG_LEN) { // Update the lengths appropriately. - stackPtr = (short)(signatureOffset - 1); - pushLength((short)(sigLen + 1)); + stackPtr = (short) (signatureOffset - 1); + pushLength((short) (sigLen + 1)); stackPtr = tbsOffset; - last -= (short)(ECDSA_MAX_SIG_LEN - sigLen); - pushLength((short)(last - stackPtr)); - length -= (short)(ECDSA_MAX_SIG_LEN - sigLen); + last -= (short) (ECDSA_MAX_SIG_LEN - sigLen); + pushLength((short) (last - stackPtr)); + length -= (short) (ECDSA_MAX_SIG_LEN - sigLen); } } @Override public KMAttestationCert makeUniqueId(byte[] scratchPad, short scratchPadOff, - byte[] creationTime, short timeOffset, short creationTimeLen, - byte[] attestAppId, short appIdOff, short attestAppIdLen, - byte resetSinceIdRotation, KMMasterKey masterKey) { + byte[] creationTime, short timeOffset, short creationTimeLen, + byte[] attestAppId, short appIdOff, short attestAppIdLen, + byte resetSinceIdRotation, KMMasterKey masterKey) { // Concatenate T||C||R // temporal count T short temp = KMUtils.countTemporalCount(creationTime, timeOffset, - creationTimeLen, scratchPad, scratchPadOff); + creationTimeLen, scratchPad, scratchPadOff); Util.setShort(scratchPad, (short) scratchPadOff, temp); temp = scratchPadOff; scratchPadOff += 2; // Application Id C Util.arrayCopyNonAtomic(attestAppId, appIdOff, scratchPad, scratchPadOff, - attestAppIdLen); + attestAppIdLen); scratchPadOff += attestAppIdLen; // Reset After Rotation R @@ -841,20 +866,20 @@ public KMAttestationCert makeUniqueId(byte[] scratchPad, short scratchPadOff, //Get the key data from the master key KMAESKey aesKey = (KMAESKey) masterKey; - short mKeyData = KMByteBlob.instance((short) (aesKey.getKeySizeBits() / 8)); + short mKeyData = KMByteBlob.instance((short) (aesKey.getKeySizeBits() / 8)); aesKey.getKey( - KMByteBlob.cast(mKeyData).getBuffer(), /* Key */ - KMByteBlob.cast(mKeyData).getStartOff()); /* Key start*/ + KMByteBlob.cast(mKeyData).getBuffer(), /* Key */ + KMByteBlob.cast(mKeyData).getStartOff()); /* Key start*/ timeOffset = KMByteBlob.instance((short) 32); appIdOff = KMJCardSimulator.getInstance().hmacSign( - KMByteBlob.cast(mKeyData).getBuffer(), /* Key */ - KMByteBlob.cast(mKeyData).getStartOff(), /* Key start*/ - KMByteBlob.cast(mKeyData).length(), /* Key length*/ - scratchPad, /* data */ - temp, /* data start */ - scratchPadOff, /* data length */ - KMByteBlob.cast(timeOffset).getBuffer(), /* signature buffer */ - KMByteBlob.cast(timeOffset).getStartOff()); /* signature start */ + KMByteBlob.cast(mKeyData).getBuffer(), /* Key */ + KMByteBlob.cast(mKeyData).getStartOff(), /* Key start*/ + KMByteBlob.cast(mKeyData).length(), /* Key length*/ + scratchPad, /* data */ + temp, /* data start */ + scratchPadOff, /* data length */ + KMByteBlob.cast(timeOffset).getBuffer(), /* signature buffer */ + KMByteBlob.cast(timeOffset).getStartOff()); /* signature start */ if (appIdOff != 32) { KMException.throwIt(KMError.UNKNOWN_ERROR); } diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMCipher.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMCipher.java index 3e67ed5e..420a775c 100644 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMCipher.java +++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMCipher.java @@ -16,11 +16,14 @@ package com.android.javacard.keymaster; public abstract class KMCipher { + public static final short SUN_JCE = 0xE9; - public abstract short doFinal(byte[] buffer, short startOff, short length, byte[] scratchPad, short i); + public abstract short doFinal(byte[] buffer, short startOff, short length, byte[] scratchPad, + short i); - public abstract short update(byte[] buffer, short startOff, short length, byte[] scratchPad, short i); + public abstract short update(byte[] buffer, short startOff, short length, byte[] scratchPad, + short i); public abstract void updateAAD(byte[] buffer, short startOff, short length); diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMCipherImpl.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMCipherImpl.java index 95e5cb83..c4162b12 100644 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMCipherImpl.java +++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMCipherImpl.java @@ -24,25 +24,28 @@ import javax.crypto.ShortBufferException; -public class KMCipherImpl extends KMCipher{ +public class KMCipherImpl extends KMCipher { + private Cipher cipher; private javax.crypto.Cipher sunCipher; private short cipherAlg; private short padding; private short mode; private short blockMode; - KMCipherImpl(Cipher c){ + + KMCipherImpl(Cipher c) { cipher = c; } - KMCipherImpl(javax.crypto.Cipher c){ + + KMCipherImpl(javax.crypto.Cipher c) { sunCipher = c; } @Override - public short doFinal(byte[] buffer, short startOff, short length, byte[] scratchPad, short i){ - if(cipherAlg == KMType.RSA && padding == KMType.RSA_OAEP){ + public short doFinal(byte[] buffer, short startOff, short length, byte[] scratchPad, short i) { + if (cipherAlg == KMType.RSA && padding == KMType.RSA_OAEP) { try { - return (short)sunCipher.doFinal(buffer,startOff,length,scratchPad,i); + return (short) sunCipher.doFinal(buffer, startOff, length, scratchPad, i); } catch (ShortBufferException e) { e.printStackTrace(); CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); @@ -53,9 +56,9 @@ public short doFinal(byte[] buffer, short startOff, short length, byte[] scratch e.printStackTrace(); CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); } - }else if(cipherAlg == KMType.AES && blockMode == KMType.GCM){ + } else if (cipherAlg == KMType.AES && blockMode == KMType.GCM) { try { - return (short)sunCipher.doFinal(buffer,startOff,length,scratchPad,i); + return (short) sunCipher.doFinal(buffer, startOff, length, scratchPad, i); } catch (AEADBadTagException e) { e.printStackTrace(); KMException.throwIt(KMError.VERIFICATION_FAILED); @@ -67,9 +70,9 @@ public short doFinal(byte[] buffer, short startOff, short length, byte[] scratch } catch (BadPaddingException e) { CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); } - } else if(cipherAlg == KMType.AES && blockMode == KMType.CTR){ + } else if (cipherAlg == KMType.AES && blockMode == KMType.CTR) { try { - return (short)sunCipher.doFinal(buffer,startOff,length,scratchPad,i); + return (short) sunCipher.doFinal(buffer, startOff, length, scratchPad, i); } catch (ShortBufferException e) { e.printStackTrace(); CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); @@ -80,53 +83,64 @@ public short doFinal(byte[] buffer, short startOff, short length, byte[] scratch e.printStackTrace(); CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); } - } else{ - if((cipherAlg == KMType.DES || cipherAlg == KMType.AES) && padding ==KMType.PKCS7 && mode == KMType.ENCRYPT){ - byte blkSize = 16; - byte paddingBytes; - short len = length; - if (cipherAlg == KMType.DES) blkSize = 8; - // padding bytes - if (len % blkSize == 0) paddingBytes = blkSize; - else paddingBytes = (byte) (blkSize - (len % blkSize)); - // final len with padding - len = (short) (len + paddingBytes); - // intermediate buffer to copy input data+padding - byte[] tmp = new byte[len]; - // fill in the padding - Util.arrayFillNonAtomic(tmp, (short) 0, len, paddingBytes); - // copy the input data - Util.arrayCopyNonAtomic(buffer,startOff,tmp,(short)0,length); - buffer = tmp; - length = len; - startOff = 0; + } else { + if ((cipherAlg == KMType.DES || cipherAlg == KMType.AES) && padding == KMType.PKCS7 + && mode == KMType.ENCRYPT) { + byte blkSize = 16; + byte paddingBytes; + short len = length; + if (cipherAlg == KMType.DES) { + blkSize = 8; + } + // padding bytes + if (len % blkSize == 0) { + paddingBytes = blkSize; + } else { + paddingBytes = (byte) (blkSize - (len % blkSize)); + } + // final len with padding + len = (short) (len + paddingBytes); + // intermediate buffer to copy input data+padding + byte[] tmp = new byte[len]; + // fill in the padding + Util.arrayFillNonAtomic(tmp, (short) 0, len, paddingBytes); + // copy the input data + Util.arrayCopyNonAtomic(buffer, startOff, tmp, (short) 0, length); + buffer = tmp; + length = len; + startOff = 0; } short len = cipher.doFinal(buffer, startOff, length, scratchPad, i); // JCard Sim removes leading zeros during decryption in case of no padding - so add that back. - if (cipherAlg == KMType.RSA && padding == KMType.PADDING_NONE && mode == KMType.DECRYPT && len < 256) { + if (cipherAlg == KMType.RSA && padding == KMType.PADDING_NONE && mode == KMType.DECRYPT + && len < 256) { byte[] tempBuf = new byte[256]; Util.arrayFillNonAtomic(tempBuf, (short) 0, (short) 256, (byte) 0); Util.arrayCopyNonAtomic(scratchPad, (short) 0, tempBuf, (short) (i + 256 - len), len); Util.arrayCopyNonAtomic(tempBuf, (short) 0, scratchPad, i, (short) 256); len = 256; - }else if((cipherAlg == KMType.AES || cipherAlg == KMType.DES) // PKCS7 - && padding == KMType.PKCS7 - && mode == KMType.DECRYPT){ + } else if ((cipherAlg == KMType.AES || cipherAlg == KMType.DES) // PKCS7 + && padding == KMType.PKCS7 + && mode == KMType.DECRYPT) { byte blkSize = 16; - if (cipherAlg == KMType.DES) blkSize = 8; - if(len >0) { + if (cipherAlg == KMType.DES) { + blkSize = 8; + } + if (len > 0) { //verify if padding is corrupted. - byte paddingByte = scratchPad[i+len -1]; + byte paddingByte = scratchPad[i + len - 1]; //padding byte always should be <= block size - if((short)paddingByte > blkSize || - (short)paddingByte <= 0) KMException.throwIt(KMError.INVALID_ARGUMENT); + if ((short) paddingByte > blkSize || + (short) paddingByte <= 0) { + KMException.throwIt(KMError.INVALID_ARGUMENT); + } - for(short j = 1; j <= paddingByte; ++j) { - if (scratchPad[i+len -j] != paddingByte) { + for (short j = 1; j <= paddingByte; ++j) { + if (scratchPad[i + len - j] != paddingByte) { KMException.throwIt(KMError.INVALID_ARGUMENT); } } - len = (short)(len - (short)paddingByte);// remove the padding bytes + len = (short) (len - (short) paddingByte);// remove the padding bytes } } return len; @@ -146,17 +160,17 @@ public void setCipherAlgorithm(short alg) { @Override public short update(byte[] buffer, short startOff, short length, byte[] scratchPad, short i) { - if(cipherAlg == KMType.AES && (blockMode == KMType.GCM || blockMode == KMType.CTR)){ + if (cipherAlg == KMType.AES && (blockMode == KMType.GCM || blockMode == KMType.CTR)) { try { - return (short)sunCipher.update(buffer,startOff,length,scratchPad,i); + return (short) sunCipher.update(buffer, startOff, length, scratchPad, i); } catch (ShortBufferException e) { e.printStackTrace(); CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); } catch (IllegalStateException e) { - e.printStackTrace(); - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); + e.printStackTrace(); + CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); } - } else{ + } else { return cipher.update(buffer, startOff, length, scratchPad, i); } return KMType.INVALID_VALUE; @@ -164,16 +178,16 @@ public short update(byte[] buffer, short startOff, short length, byte[] scratchP @Override public void updateAAD(byte[] buffer, short startOff, short length) { - try { - sunCipher.updateAAD(buffer,startOff,length); - } catch (IllegalArgumentException e) { - e.printStackTrace(); - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - } catch (IllegalStateException e) { - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - } catch (UnsupportedOperationException e) { - CryptoException.throwIt(CryptoException.ILLEGAL_USE); - } + try { + sunCipher.updateAAD(buffer, startOff, length); + } catch (IllegalArgumentException e) { + e.printStackTrace(); + CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); + } catch (IllegalStateException e) { + CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); + } catch (UnsupportedOperationException e) { + CryptoException.throwIt(CryptoException.ILLEGAL_USE); + } } @Override @@ -187,12 +201,12 @@ public void setPaddingAlgorithm(short alg) { } @Override - public void setBlockMode(short mode){ - blockMode = mode; + public void setBlockMode(short mode) { + blockMode = mode; } @Override - public short getBlockMode(){ + public short getBlockMode() { return blockMode; } @@ -206,7 +220,7 @@ public void setMode(short mode) { @Override public short getCipherProvider() { - return KMCipher.SUN_JCE; + return KMCipher.SUN_JCE; } @Override diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMECPrivateKey.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMECPrivateKey.java index 65c069d1..62b26cce 100644 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMECPrivateKey.java +++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMECPrivateKey.java @@ -30,7 +30,7 @@ public void setS(byte[] buffer, short offset, short length) { ECPrivateKey ecPriv = (ECPrivateKey) ecKeyPair.getPrivate(); ecPriv.setS(buffer, offset, length); } - + public ECPrivateKey getPrivateKey() { return (ECPrivateKey) ecKeyPair.getPrivate(); } diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMEcdsa256NoDigestSignature.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMEcdsa256NoDigestSignature.java index 904353b1..c382f3cb 100644 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMEcdsa256NoDigestSignature.java +++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMEcdsa256NoDigestSignature.java @@ -42,60 +42,61 @@ public class KMEcdsa256NoDigestSignature extends Signature { + private java.security.Signature sunSigner; - public KMEcdsa256NoDigestSignature(byte mode, byte[] key, short keyStart, short keyLength){ - KeyFactory kf; - try { - sunSigner = java.security.Signature.getInstance("NONEwithECDSA", "SunEC"); - kf = KeyFactory.getInstance("EC"); - AlgorithmParameters parameters = AlgorithmParameters.getInstance("EC", "SunEC"); - //Supported curve secp256r1 - parameters.init(new ECGenParameterSpec("secp256r1")); - ECParameterSpec ecParameters = parameters.getParameterSpec(ECParameterSpec.class); - if(mode == Signature.MODE_SIGN) { - byte[] privKey = new byte[keyLength]; - for(short i =0; i< keyLength; i++) { - privKey[i] = key[keyStart+i]; - } - BigInteger bI = new BigInteger(privKey); - ECPrivateKeySpec prikeyspec = new ECPrivateKeySpec(bI, ecParameters); - ECPrivateKey privkey = (ECPrivateKey) kf.generatePrivate(prikeyspec); - sunSigner.initSign(privkey); - } else { - //Check if the first byte is 04 and remove it. - if(key[keyStart] == 0x04) { - //uncompressed format. - keyStart++; - keyLength--; - } - short i = 0; - byte[] pubx = new byte[keyLength/2]; - for(;i < keyLength/2; i++ ) { - pubx[i] = key[keyStart+i]; - } - byte[] puby = new byte[keyLength/2]; - for(i = 0;i < keyLength/2; i++ ) { - puby[i] = key[keyStart+keyLength/2+i]; - } - BigInteger bIX = new BigInteger(pubx); - BigInteger bIY = new BigInteger(puby); - ECPoint point = new ECPoint(bIX, bIY); - ECPublicKeySpec pubkeyspec = new ECPublicKeySpec(point, ecParameters); - ECPublicKey pubkey = (ECPublicKey) kf.generatePublic(pubkeyspec); - sunSigner.initVerify(pubkey); - } - } catch (NoSuchAlgorithmException e) { - CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM); - } catch (NoSuchProviderException e) { - CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM); - } catch(InvalidParameterSpecException e) { - CryptoException.throwIt(CryptoException.INVALID_INIT); - } catch(InvalidKeySpecException e) { - CryptoException.throwIt(CryptoException.INVALID_INIT); - } catch(InvalidKeyException e) { - CryptoException.throwIt(CryptoException.INVALID_INIT); - } + public KMEcdsa256NoDigestSignature(byte mode, byte[] key, short keyStart, short keyLength) { + KeyFactory kf; + try { + sunSigner = java.security.Signature.getInstance("NONEwithECDSA", "SunEC"); + kf = KeyFactory.getInstance("EC"); + AlgorithmParameters parameters = AlgorithmParameters.getInstance("EC", "SunEC"); + //Supported curve secp256r1 + parameters.init(new ECGenParameterSpec("secp256r1")); + ECParameterSpec ecParameters = parameters.getParameterSpec(ECParameterSpec.class); + if (mode == Signature.MODE_SIGN) { + byte[] privKey = new byte[keyLength]; + for (short i = 0; i < keyLength; i++) { + privKey[i] = key[keyStart + i]; + } + BigInteger bI = new BigInteger(privKey); + ECPrivateKeySpec prikeyspec = new ECPrivateKeySpec(bI, ecParameters); + ECPrivateKey privkey = (ECPrivateKey) kf.generatePrivate(prikeyspec); + sunSigner.initSign(privkey); + } else { + //Check if the first byte is 04 and remove it. + if (key[keyStart] == 0x04) { + //uncompressed format. + keyStart++; + keyLength--; + } + short i = 0; + byte[] pubx = new byte[keyLength / 2]; + for (; i < keyLength / 2; i++) { + pubx[i] = key[keyStart + i]; + } + byte[] puby = new byte[keyLength / 2]; + for (i = 0; i < keyLength / 2; i++) { + puby[i] = key[keyStart + keyLength / 2 + i]; + } + BigInteger bIX = new BigInteger(pubx); + BigInteger bIY = new BigInteger(puby); + ECPoint point = new ECPoint(bIX, bIY); + ECPublicKeySpec pubkeyspec = new ECPublicKeySpec(point, ecParameters); + ECPublicKey pubkey = (ECPublicKey) kf.generatePublic(pubkeyspec); + sunSigner.initVerify(pubkey); + } + } catch (NoSuchAlgorithmException e) { + CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM); + } catch (NoSuchProviderException e) { + CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM); + } catch (InvalidParameterSpecException e) { + CryptoException.throwIt(CryptoException.INVALID_INIT); + } catch (InvalidKeySpecException e) { + CryptoException.throwIt(CryptoException.INVALID_INIT); + } catch (InvalidKeyException e) { + CryptoException.throwIt(CryptoException.INVALID_INIT); + } } @Override @@ -109,7 +110,8 @@ public void init(Key key, byte b, byte[] bytes, short i, short i1) throws Crypto } @Override - public void setInitialDigest(byte[] bytes, short i, short i1, byte[] bytes1, short i2, short i3) throws CryptoException { + public void setInitialDigest(byte[] bytes, short i, short i1, byte[] bytes1, short i2, short i3) + throws CryptoException { } @@ -140,45 +142,50 @@ public short getLength() throws CryptoException { @Override public void update(byte[] message, short msgStart, short messageLength) throws CryptoException { - byte[] msgBytes = new byte[messageLength]; - for(int i =0; i< messageLength; i++) { - msgBytes[i] = message[msgStart+i]; - } - try { - if(messageLength > 0) - sunSigner.update(msgBytes); - } catch (SignatureException e) { - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - } + byte[] msgBytes = new byte[messageLength]; + for (int i = 0; i < messageLength; i++) { + msgBytes[i] = message[msgStart + i]; + } + try { + if (messageLength > 0) { + sunSigner.update(msgBytes); + } + } catch (SignatureException e) { + CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); + } } @Override - public short sign(byte[] bytes, short i, short i1, byte[] bytes1, short i2) throws CryptoException { + public short sign(byte[] bytes, short i, short i1, byte[] bytes1, short i2) + throws CryptoException { short len = 0; try { - update(bytes, i , i1); - byte[] sig = sunSigner.sign(); - Util.arrayCopyNonAtomic(sig, (short)0, bytes1, i2, (short)sig.length); - return (short)sig.length; - } catch (SignatureException e) { - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - } + update(bytes, i, i1); + byte[] sig = sunSigner.sign(); + Util.arrayCopyNonAtomic(sig, (short) 0, bytes1, i2, (short) sig.length); + return (short) sig.length; + } catch (SignatureException e) { + CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); + } return len; } @Override - public short signPreComputedHash(byte[] bytes, short i, short i1, byte[] bytes1, short i2) throws CryptoException { + public short signPreComputedHash(byte[] bytes, short i, short i1, byte[] bytes1, short i2) + throws CryptoException { return 0; } @Override - public boolean verify(byte[] bytes, short i, short i1, byte[] bytes1, short i2, short i3) throws CryptoException { + public boolean verify(byte[] bytes, short i, short i1, byte[] bytes1, short i2, short i3) + throws CryptoException { // Public key operations not handled here. return false; } @Override - public boolean verifyPreComputedHash(byte[] bytes, short i, short i1, byte[] bytes1, short i2, short i3) throws CryptoException { + public boolean verifyPreComputedHash(byte[] bytes, short i, short i1, byte[] bytes1, short i2, + short i3) throws CryptoException { return false; } } diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMHmacKey.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMHmacKey.java index 8b75827a..65f1d02a 100644 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMHmacKey.java +++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMHmacKey.java @@ -18,6 +18,7 @@ import javacard.security.HMACKey; public class KMHmacKey implements KMPreSharedKey { + private HMACKey hmacKey; public KMHmacKey(HMACKey key) { diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimApplet.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimApplet.java index fd6dd910..a97377ea 100644 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimApplet.java +++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimApplet.java @@ -17,9 +17,10 @@ public class KMJCardSimApplet extends KMKeymasterApplet { - KMJCardSimApplet(){ + KMJCardSimApplet() { super(new KMJCardSimulator()); } + /** * Installs this applet. * @@ -28,7 +29,7 @@ public class KMJCardSimApplet extends KMKeymasterApplet { * @param bLength the length in bytes of the parameter data in bArray */ public static void install(byte[] bArray, short bOffset, byte bLength) { - new KMJCardSimApplet().register(); + new KMJCardSimApplet().register(); } } diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java index 0dad8f77..20de91c8 100644 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java +++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java @@ -66,6 +66,7 @@ * creates its own RNG using PRNG. */ public class KMJCardSimulator implements KMSEProvider { + public static final short AES_GCM_TAG_LENGTH = 16; public static final short AES_GCM_NONCE_LENGTH = 12; public static final short MAX_RND_NUM_SIZE = 64; @@ -117,16 +118,16 @@ public KMJCardSimulator() { jCardSimulator = this; } - + public KeyPair createRsaKeyPair() { KeyPair rsaKeyPair = new KeyPair(KeyPair.ALG_RSA, KeyBuilder.LENGTH_RSA_2048); rsaKeyPair.genKeyPair(); return rsaKeyPair; } - + public RSAPrivateKey createRsaKey(byte[] modBuffer, short modOff, short modLength, - byte[] privBuffer, short privOff, short privLength) { + byte[] privBuffer, short privOff, short privLength) { KeyPair rsaKeyPair = new KeyPair(KeyPair.ALG_RSA, KeyBuilder.LENGTH_RSA_2048); RSAPrivateKey privKey = (RSAPrivateKey) rsaKeyPair.getPrivate(); privKey.setExponent(privBuffer, privOff, privLength); @@ -135,88 +136,89 @@ public RSAPrivateKey createRsaKey(byte[] modBuffer, short modOff, short modLengt } - + public KeyPair createECKeyPair() { KeyPair ecKeyPair = new KeyPair(KeyPair.ALG_EC_FP, KeyBuilder.LENGTH_EC_FP_256); ecKeyPair.genKeyPair(); return ecKeyPair; } - + public ECPrivateKey createEcKey(byte[] privBuffer, short privOff, short privLength) { KeyPair ecKeyPair = new KeyPair(KeyPair.ALG_EC_FP, KeyBuilder.LENGTH_EC_FP_256); ECPrivateKey privKey = (ECPrivateKey) ecKeyPair.getPrivate(); - privKey.setS(privBuffer,privOff, privLength); + privKey.setS(privBuffer, privOff, privLength); return privKey; } - + public AESKey createAESKey(short keysize) { - byte[] rndNum = new byte[(short) (keysize/8)]; - return createAESKey(rndNum, (short)0, (short)rndNum.length); + byte[] rndNum = new byte[(short) (keysize / 8)]; + return createAESKey(rndNum, (short) 0, (short) rndNum.length); } public AESKey createAESKey(byte[] buf, short startOff, short length) { AESKey key = null; - short keysize = (short)(length * 8); + short keysize = (short) (length * 8); if (keysize == 128) { key = (AESKey) KeyBuilder.buildKey(KeyBuilder.TYPE_AES, KeyBuilder.LENGTH_AES_128, false); key.setKey(buf, (short) startOff); - }else if (keysize == 256){ + } else if (keysize == 256) { key = (AESKey) KeyBuilder.buildKey(KeyBuilder.TYPE_AES, KeyBuilder.LENGTH_AES_256, false); key.setKey(buf, (short) startOff); } return key; } - + public DESKey createTDESKey() { byte[] rndNum = new byte[24]; - newRandomNumber(rndNum, (short) 0, (short)rndNum.length); - return createTDESKey(rndNum, (short)0, (short)rndNum.length); + newRandomNumber(rndNum, (short) 0, (short) rndNum.length); + return createTDESKey(rndNum, (short) 0, (short) rndNum.length); } - + public DESKey createTDESKey(byte[] secretBuffer, short secretOff, short secretLength) { DESKey triDesKey = - (DESKey) KeyBuilder.buildKey(KeyBuilder.TYPE_DES, KeyBuilder.LENGTH_DES3_3KEY, false); + (DESKey) KeyBuilder.buildKey(KeyBuilder.TYPE_DES, KeyBuilder.LENGTH_DES3_3KEY, false); triDesKey.setKey(secretBuffer, secretOff); return triDesKey; } - + public HMACKey createHMACKey(short keysize) { - if((keysize % 8 != 0) || !(keysize >= 64 && keysize <= 512)){ + if ((keysize % 8 != 0) || !(keysize >= 64 && keysize <= 512)) { CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); } - byte[] rndNum = new byte[(short) (keysize/8)]; - newRandomNumber(rndNum, (short) 0, (short)(keysize/8)); - return createHMACKey(rndNum, (short)0, (short)rndNum.length); + byte[] rndNum = new byte[(short) (keysize / 8)]; + newRandomNumber(rndNum, (short) 0, (short) (keysize / 8)); + return createHMACKey(rndNum, (short) 0, (short) rndNum.length); } @Override public short createSymmetricKey(byte alg, short keysize, byte[] buf, short startOff) { - switch(alg){ + switch (alg) { case KMType.AES: AESKey aesKey = createAESKey(keysize); - return aesKey.getKey(buf,startOff); + return aesKey.getKey(buf, startOff); case KMType.DES: DESKey desKey = createTDESKey(); - return desKey.getKey(buf,startOff); + return desKey.getKey(buf, startOff); case KMType.HMAC: HMACKey hmacKey = createHMACKey(keysize); - return hmacKey.getKey(buf,startOff); - default: - CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM); - break; + return hmacKey.getKey(buf, startOff); + default: + CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM); + break; } return 0; } @Override - public void createAsymmetricKey(byte alg, byte[] privKeyBuf, short privKeyStart, short privKeyLength, - byte[] pubModBuf, short pubModStart, short pubModLength, short[] lengths){ - switch (alg){ + public void createAsymmetricKey(byte alg, byte[] privKeyBuf, short privKeyStart, + short privKeyLength, + byte[] pubModBuf, short pubModStart, short pubModLength, short[] lengths) { + switch (alg) { case KMType.RSA: if (RSA_KEY_SIZE != privKeyLength || RSA_KEY_SIZE != pubModLength) { CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); @@ -225,48 +227,51 @@ public void createAsymmetricKey(byte alg, byte[] privKeyBuf, short privKeyStart, RSAPrivateKey privKey = (RSAPrivateKey) rsaKey.getPrivate(); //Copy exponent. byte[] exp = new byte[RSA_KEY_SIZE]; - lengths[0] = privKey.getExponent(exp, (short)0); - if (lengths[0] > privKeyLength) + lengths[0] = privKey.getExponent(exp, (short) 0); + if (lengths[0] > privKeyLength) { CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - Util.arrayFillNonAtomic(privKeyBuf, privKeyStart, privKeyLength, (byte)0); - Util.arrayCopyNonAtomic(exp, (short)0, - privKeyBuf, (short)(privKeyStart + privKeyLength - lengths[0]), lengths[0]); + } + Util.arrayFillNonAtomic(privKeyBuf, privKeyStart, privKeyLength, (byte) 0); + Util.arrayCopyNonAtomic(exp, (short) 0, + privKeyBuf, (short) (privKeyStart + privKeyLength - lengths[0]), lengths[0]); //Copy modulus byte[] mod = new byte[RSA_KEY_SIZE]; - lengths[1] = privKey.getModulus(mod, (short)0); - if (lengths[1] > pubModLength) + lengths[1] = privKey.getModulus(mod, (short) 0); + if (lengths[1] > pubModLength) { CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - Util.arrayFillNonAtomic(pubModBuf, pubModStart, pubModLength, (byte)0); - Util.arrayCopyNonAtomic(mod, (short)0, - pubModBuf, (short)(pubModStart + pubModLength - lengths[1]), lengths[1]); + } + Util.arrayFillNonAtomic(pubModBuf, pubModStart, pubModLength, (byte) 0); + Util.arrayCopyNonAtomic(mod, (short) 0, + pubModBuf, (short) (pubModStart + pubModLength - lengths[1]), lengths[1]); break; case KMType.EC: KeyPair ecKey = createECKeyPair(); ECPublicKey ecPubKey = (ECPublicKey) ecKey.getPublic(); ECPrivateKey ecPrivKey = (ECPrivateKey) ecKey.getPrivate(); - lengths[0] = ecPrivKey.getS(privKeyBuf,privKeyStart); - lengths[1] = ecPubKey.getW(pubModBuf,pubModStart); - if(lengths[0] > privKeyLength || lengths[1] > pubModLength){ + lengths[0] = ecPrivKey.getS(privKeyBuf, privKeyStart); + lengths[1] = ecPubKey.getW(pubModBuf, pubModStart); + if (lengths[0] > privKeyLength || lengths[1] > pubModLength) { CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); } break; - default: - CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM); - break; + default: + CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM); + break; } } @Override - public boolean importSymmetricKey(byte alg, short keysize, byte[] buf, short startOff, short length) { - switch(alg){ + public boolean importSymmetricKey(byte alg, short keysize, byte[] buf, short startOff, + short length) { + switch (alg) { case KMType.AES: - AESKey aesKey = createAESKey(buf,startOff,length); + AESKey aesKey = createAESKey(buf, startOff, length); break; case KMType.DES: - DESKey desKey = createTDESKey(buf,startOff,length); + DESKey desKey = createTDESKey(buf, startOff, length); break; case KMType.HMAC: - HMACKey hmacKey = createHMACKey(buf,startOff,length); + HMACKey hmacKey = createHMACKey(buf, startOff, length); break; default: CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM); @@ -276,13 +281,15 @@ public boolean importSymmetricKey(byte alg, short keysize, byte[] buf, short sta } @Override - public boolean importAsymmetricKey(byte alg, byte[] privKeyBuf, short privKeyStart, short privKeyLength, byte[] pubModBuf, short pubModStart, short pubModLength) { - switch (alg){ + public boolean importAsymmetricKey(byte alg, byte[] privKeyBuf, short privKeyStart, + short privKeyLength, byte[] pubModBuf, short pubModStart, short pubModLength) { + switch (alg) { case KMType.RSA: - RSAPrivateKey rsaKey = createRsaKey(pubModBuf,pubModStart,pubModLength,privKeyBuf,privKeyStart,privKeyLength); + RSAPrivateKey rsaKey = createRsaKey(pubModBuf, pubModStart, pubModLength, privKeyBuf, + privKeyStart, privKeyLength); break; case KMType.EC: - ECPrivateKey ecPrivKey = createEcKey(privKeyBuf,privKeyStart,privKeyLength); + ECPrivateKey ecPrivKey = createEcKey(privKeyBuf, privKeyStart, privKeyLength); break; default: CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM); @@ -291,12 +298,12 @@ public boolean importAsymmetricKey(byte alg, byte[] privKeyBuf, short privKeySta return true; } - + public HMACKey createHMACKey(byte[] secretBuffer, short secretOff, short secretLength) { HMACKey key = null; key = (HMACKey) KeyBuilder.buildKey(KeyBuilder.TYPE_HMAC, - KeyBuilder.LENGTH_HMAC_SHA_256_BLOCK_64, false); - key.setKey(secretBuffer,secretOff,secretLength); + KeyBuilder.LENGTH_HMAC_SHA_256_BLOCK_64, false); + key.setKey(secretBuffer, secretOff, secretLength); return key; } @@ -320,10 +327,10 @@ public short aesGCMEncrypt( short authTagStart, short authTagLen) { //Create the sun jce compliant aes key - if(keyLen != 32 && keyLen != 16){ + if (keyLen != 32 && keyLen != 16) { CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); } - java.security.Key aesKey = new SecretKeySpec(keyBuf,keyStart,keyLen, "AES"); + java.security.Key aesKey = new SecretKeySpec(keyBuf, keyStart, keyLen, "AES"); // Create the cipher javax.crypto.Cipher cipher = null; try { @@ -339,13 +346,14 @@ public short aesGCMEncrypt( CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); } // Copy nonce - if(nonceLen != AES_GCM_NONCE_LENGTH){ + if (nonceLen != AES_GCM_NONCE_LENGTH) { CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); } byte[] iv = new byte[AES_GCM_NONCE_LENGTH]; - Util.arrayCopyNonAtomic(nonce,nonceStart,iv,(short)0,AES_GCM_NONCE_LENGTH); + Util.arrayCopyNonAtomic(nonce, nonceStart, iv, (short) 0, AES_GCM_NONCE_LENGTH); // Init Cipher - GCMParameterSpec spec = new GCMParameterSpec(AES_GCM_TAG_LENGTH * 8, nonce,nonceStart,AES_GCM_NONCE_LENGTH); + GCMParameterSpec spec = new GCMParameterSpec(AES_GCM_TAG_LENGTH * 8, nonce, nonceStart, + AES_GCM_NONCE_LENGTH); try { cipher.init(javax.crypto.Cipher.ENCRYPT_MODE, aesKey, spec); } catch (InvalidKeyException e) { @@ -357,13 +365,13 @@ public short aesGCMEncrypt( } // Create auth data byte[] aad = new byte[authDataLen]; - Util.arrayCopyNonAtomic(authData,authDataStart,aad,(short)0,authDataLen); + Util.arrayCopyNonAtomic(authData, authDataStart, aad, (short) 0, authDataLen); cipher.updateAAD(aad); // Encrypt secret short len = 0; byte[] outputBuf = new byte[cipher.getOutputSize(secretLen)]; try { - len = (short)(cipher.doFinal(secret,secretStart,secretLen,outputBuf,(short)0)); + len = (short) (cipher.doFinal(secret, secretStart, secretLen, outputBuf, (short) 0)); } catch (ShortBufferException e) { e.printStackTrace(); CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); @@ -375,10 +383,12 @@ public short aesGCMEncrypt( CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); } // Extract Tag appended at the end. - Util.arrayCopyNonAtomic(outputBuf, (short)(len - AES_GCM_TAG_LENGTH),authTag,authTagStart,AES_GCM_TAG_LENGTH); + Util.arrayCopyNonAtomic(outputBuf, (short) (len - AES_GCM_TAG_LENGTH), authTag, authTagStart, + AES_GCM_TAG_LENGTH); //Copy the encrypted data - Util.arrayCopyNonAtomic(outputBuf, (short)0,encSecret,encSecretStart,(short)(len - AES_GCM_TAG_LENGTH)); - return (short)(len - AES_GCM_TAG_LENGTH); + Util.arrayCopyNonAtomic(outputBuf, (short) 0, encSecret, encSecretStart, + (short) (len - AES_GCM_TAG_LENGTH)); + return (short) (len - AES_GCM_TAG_LENGTH); } public boolean aesGCMDecrypt( @@ -398,13 +408,13 @@ public boolean aesGCMDecrypt( short authDataLen, byte[] authTag, short authTagStart, - short authTagLen) { + short authTagLen) { // Create the sun jce compliant aes key if (keyLen != 32 && keyLen != 16) { CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); } java.security.Key aesKey = new SecretKeySpec(keyBuf, keyStart, keyLen, - "AES"); + "AES"); // Create the cipher javax.crypto.Cipher cipher = null; try { @@ -425,10 +435,10 @@ public boolean aesGCMDecrypt( } byte[] iv = new byte[AES_GCM_NONCE_LENGTH]; Util.arrayCopyNonAtomic(nonce, nonceStart, iv, (short) 0, - AES_GCM_NONCE_LENGTH); + AES_GCM_NONCE_LENGTH); // Init Cipher GCMParameterSpec spec = new GCMParameterSpec(authTagLen * 8, nonce, - nonceStart, AES_GCM_NONCE_LENGTH); + nonceStart, AES_GCM_NONCE_LENGTH); try { cipher.init(javax.crypto.Cipher.DECRYPT_MODE, aesKey, spec); } catch (InvalidKeyException e) { @@ -441,20 +451,20 @@ public boolean aesGCMDecrypt( // Create auth data byte[] aad = new byte[authDataLen]; Util.arrayCopyNonAtomic(authData, authDataStart, aad, (short) 0, - authDataLen); + authDataLen); cipher.updateAAD(aad); // Append the auth tag at the end of data byte[] inputBuf = new byte[(short) (encSecretLen + authTagLen)]; Util.arrayCopyNonAtomic(encSecret, encSecretStart, inputBuf, (short) 0, - encSecretLen); + encSecretLen); Util.arrayCopyNonAtomic(authTag, authTagStart, inputBuf, encSecretLen, - authTagLen); + authTagLen); // Decrypt short len = 0; byte[] outputBuf = new byte[cipher.getOutputSize((short) inputBuf.length)]; try { len = (short) (cipher.doFinal(inputBuf, (short) 0, - (short) inputBuf.length, outputBuf, (short) 0)); + (short) inputBuf.length, outputBuf, (short) 0)); } catch (AEADBadTagException e) { e.printStackTrace(); return false; @@ -475,22 +485,25 @@ public boolean aesGCMDecrypt( @Override public void getTrueRandomNumber(byte[] buf, short start, short length) { - Util.arrayCopy(entropyPool,(short)0,buf,start,length); + Util.arrayCopy(entropyPool, (short) 0, buf, start, length); } - - public HMACKey cmacKdf(byte[] keyMaterial, short keyMaterialStart, short keyMaterialLen, byte[] label, - short labelStart, short labelLen, byte[] context, short contextStart, short contextLength) { + + public HMACKey cmacKdf(byte[] keyMaterial, short keyMaterialStart, short keyMaterialLen, + byte[] label, + short labelStart, short labelLen, byte[] context, short contextStart, short contextLength) { // This is hardcoded to requirement - 32 byte output with two concatenated 16 bytes K1 and K2. final byte n = 2; // hardcoded - final byte[] L = {0,0,1,0}; // [L] 256 bits - hardcoded 32 bits as per reference impl in keymaster. + final byte[] L = {0, 0, 1, + 0}; // [L] 256 bits - hardcoded 32 bits as per reference impl in keymaster. final byte[] zero = {0}; // byte - byte[] iBuf = new byte[]{0,0,0,0}; // [i] counter - 32 bits - byte[] keyOut = new byte[(short)(n*16)]; + byte[] iBuf = new byte[]{0, 0, 0, 0}; // [i] counter - 32 bits + byte[] keyOut = new byte[(short) (n * 16)]; Signature prf = Signature.getInstance(Signature.ALG_AES_CMAC_128, false); - AESKey key = (AESKey) KeyBuilder.buildKey(KeyBuilder.TYPE_AES, KeyBuilder.LENGTH_AES_256, false); + AESKey key = (AESKey) KeyBuilder + .buildKey(KeyBuilder.TYPE_AES, KeyBuilder.LENGTH_AES_256, false); key.setKey(keyMaterial, keyMaterialStart); prf.init(key, Signature.MODE_SIGN); - byte i =1; + byte i = 1; short pos = 0; while (i <= n) { iBuf[3] = i; @@ -501,85 +514,95 @@ public HMACKey cmacKdf(byte[] keyMaterial, short keyMaterialStart, short keyMate pos = prf.sign(L, (short) 0, (short) 4, keyOut, pos); // 4 bytes of L - signature of 16 bytes i++; } - return createHMACKey(keyOut, (short)0, (short)keyOut.length); + return createHMACKey(keyOut, (short) 0, (short) keyOut.length); } @Override public short cmacKDF(KMPreSharedKey pSharedKey, byte[] label, - short labelStart, short labelLen, byte[] context, short contextStart, short contextLength, byte[] keyBuf, short keyStart) { + short labelStart, short labelLen, byte[] context, short contextStart, short contextLength, + byte[] keyBuf, short keyStart) { KMHmacKey key = (KMHmacKey) pSharedKey; short keyMaterialLen = key.getKeySizeBits(); keyMaterialLen = (short) (keyMaterialLen / 8); short keyMaterialStart = 0; byte[] keyMaterial = new byte[keyMaterialLen]; key.getKey(keyMaterial, keyMaterialStart); - HMACKey hmacKey = cmacKdf(keyMaterial,keyMaterialStart, keyMaterialLen, label, labelStart, labelLen,context,contextStart,contextLength); - return hmacKey.getKey(keyBuf,keyStart); + HMACKey hmacKey = cmacKdf(keyMaterial, keyMaterialStart, keyMaterialLen, label, labelStart, + labelLen, context, contextStart, contextLength); + return hmacKey.getKey(keyBuf, keyStart); } - - public short hmacSign(HMACKey key, byte[] data, short dataStart, short dataLength, byte[] mac, short macStart) { + + public short hmacSign(HMACKey key, byte[] data, short dataStart, short dataLength, byte[] mac, + short macStart) { hmacSignature.init(key, Signature.MODE_SIGN); return hmacSignature.sign(data, dataStart, dataLength, mac, macStart); } public boolean hmacVerify(HMACKey key, byte[] data, short dataStart, short dataLength, - byte[] mac, short macStart, short macLength) { + byte[] mac, short macStart, short macLength) { hmacSignature.init(key, Signature.MODE_VERIFY); return hmacSignature.verify(data, dataStart, dataLength, mac, macStart, macLength); } @Override public short hmacKDF(KMMasterKey masterkey, byte[] data, short dataStart, - short dataLength, byte[] signature, short signatureStart) { + short dataLength, byte[] signature, short signatureStart) { KMAESKey aesKey = (KMAESKey) masterkey; short keyLen = (short) (aesKey.getKeySizeBits() / 8); byte[] keyData = new byte[keyLen]; aesKey.getKey(keyData, (short) 0); return hmacSign(keyData, (short) 0, keyLen, data, dataStart, dataLength, - signature, signatureStart); + signature, signatureStart); } @Override - public short hmacSign(byte[] keyBuf, short keyStart, short keyLength, byte[] data, short dataStart, short dataLength, byte[] mac, short macStart) { - HMACKey key = createHMACKey(keyBuf,keyStart,keyLength); - return hmacSign(key,data,dataStart,dataLength,mac,macStart); + public short hmacSign(byte[] keyBuf, short keyStart, short keyLength, byte[] data, + short dataStart, short dataLength, byte[] mac, short macStart) { + HMACKey key = createHMACKey(keyBuf, keyStart, keyLength); + return hmacSign(key, data, dataStart, dataLength, mac, macStart); } @Override - public boolean hmacVerify(byte[] keyBuf, short keyStart, short keyLength, byte[] data, short dataStart, short dataLength, byte[] mac, short macStart, short macLength) { - HMACKey key = createHMACKey(keyBuf,keyStart,keyLength); - return hmacVerify(key,data,dataStart,dataLength,mac,macStart,macLength); + public boolean hmacVerify(byte[] keyBuf, short keyStart, short keyLength, byte[] data, + short dataStart, short dataLength, byte[] mac, short macStart, short macLength) { + HMACKey key = createHMACKey(keyBuf, keyStart, keyLength); + return hmacVerify(key, data, dataStart, dataLength, mac, macStart, macLength); } @Override public short rsaDecipherOAEP256(byte[] secret, short secretStart, short secretLength, - byte[] modBuffer, short modOff, short modLength, - byte[] inputDataBuf, short inputDataStart, short inputDataLength, - byte[] outputDataBuf, short outputDataStart) { + byte[] modBuffer, short modOff, short modLength, + byte[] inputDataBuf, short inputDataStart, short inputDataLength, + byte[] outputDataBuf, short outputDataStart) { KMCipher cipher = createRsaDecipher( - KMType.RSA_OAEP, KMType.SHA2_256, secret, secretStart, secretLength, modBuffer, modOff, modLength); + KMType.RSA_OAEP, KMType.SHA2_256, secret, secretStart, secretLength, modBuffer, modOff, + modLength); return cipher.doFinal( inputDataBuf, inputDataStart, inputDataLength, outputDataBuf, outputDataStart); } @Override - public KMOperation initSymmetricOperation(byte purpose, byte alg, byte digest, byte padding, byte blockMode, - byte[] keyBuf, short keyStart, short keyLength, - byte[] ivBuf, short ivStart, short ivLength, short macLength) { - switch (alg){ + public KMOperation initSymmetricOperation(byte purpose, byte alg, byte digest, byte padding, + byte blockMode, + byte[] keyBuf, short keyStart, short keyLength, + byte[] ivBuf, short ivStart, short ivLength, short macLength) { + switch (alg) { case KMType.AES: case KMType.DES: - if(blockMode != KMType.GCM){ - KMCipher cipher = createSymmetricCipher(alg,purpose, blockMode, padding,keyBuf,keyStart,keyLength, - ivBuf,ivStart,ivLength); - return new KMOperationImpl(cipher); - }else { - KMCipher aesGcm = createAesGcmCipher(purpose,macLength,keyBuf,keyStart,keyLength,ivBuf,ivStart,ivLength); + if (blockMode != KMType.GCM) { + KMCipher cipher = createSymmetricCipher(alg, purpose, blockMode, padding, keyBuf, + keyStart, keyLength, + ivBuf, ivStart, ivLength); + return new KMOperationImpl(cipher); + } else { + KMCipher aesGcm = createAesGcmCipher(purpose, macLength, keyBuf, keyStart, keyLength, + ivBuf, ivStart, ivLength); return new KMOperationImpl(aesGcm); } case KMType.HMAC: - Signature signerVerifier = createHmacSignerVerifier(purpose,digest,keyBuf,keyStart,keyLength); + Signature signerVerifier = createHmacSignerVerifier(purpose, digest, keyBuf, keyStart, + keyLength); return new KMOperationImpl(signerVerifier); default: CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM); @@ -589,8 +612,8 @@ public KMOperation initSymmetricOperation(byte purpose, byte alg, byte digest, b @Override public KMOperation initAsymmetricOperation(byte purpose, byte alg, byte padding, byte digest, - byte[] privKeyBuf, short privKeyStart, short privKeyLength, - byte[] pubModBuf, short pubModStart, short pubModLength) { + byte[] privKeyBuf, short privKeyStart, short privKeyLength, + byte[] pubModBuf, short pubModStart, short pubModLength) { if (alg == KMType.RSA) { switch (purpose) { case KMType.SIGN: @@ -608,16 +631,17 @@ public KMOperation initAsymmetricOperation(byte purpose, byte alg, byte padding, case KMType.DECRYPT: KMCipher decipher = createRsaDecipher( - padding, digest, privKeyBuf, privKeyStart, privKeyLength, pubModBuf, pubModStart, pubModLength); + padding, digest, privKeyBuf, privKeyStart, privKeyLength, pubModBuf, pubModStart, + pubModLength); return new KMOperationImpl(decipher); default: KMException.throwIt(KMError.UNSUPPORTED_PURPOSE); } - }else if(alg == KMType.EC){ - switch(purpose){ + } else if (alg == KMType.EC) { + switch (purpose) { case KMType.SIGN: Signature signer = - createEcSigner(digest,privKeyBuf,privKeyStart,privKeyLength); + createEcSigner(digest, privKeyBuf, privKeyStart, privKeyLength); return new KMOperationImpl(signer); default: KMException.throwIt(KMError.UNSUPPORTED_PURPOSE); @@ -628,16 +652,18 @@ public KMOperation initAsymmetricOperation(byte purpose, byte alg, byte padding, } public KMCipher createRsaDecipher(short padding, short digest, byte[] secret, short secretStart, - short secretLength, byte[] modBuffer, short modOff, short modLength) { - byte cipherAlg = mapCipherAlg(KMType.RSA, (byte)padding, (byte)0); + short secretLength, byte[] modBuffer, short modOff, short modLength) { + byte cipherAlg = mapCipherAlg(KMType.RSA, (byte) padding, (byte) 0); if (cipherAlg == Cipher.ALG_RSA_PKCS1_OAEP) { - return createRsaOAEP256Cipher(KMType.DECRYPT,(byte)digest,secret,secretStart,secretLength,modBuffer,modOff,modLength); + return createRsaOAEP256Cipher(KMType.DECRYPT, (byte) digest, secret, secretStart, + secretLength, modBuffer, modOff, modLength); } - Cipher rsaCipher = Cipher.getInstance(cipherAlg,false); - RSAPrivateKey key = (RSAPrivateKey) KeyBuilder.buildKey(KeyBuilder.TYPE_RSA_PRIVATE, KeyBuilder.LENGTH_RSA_2048, false); - key.setExponent(secret,secretStart,secretLength); + Cipher rsaCipher = Cipher.getInstance(cipherAlg, false); + RSAPrivateKey key = (RSAPrivateKey) KeyBuilder + .buildKey(KeyBuilder.TYPE_RSA_PRIVATE, KeyBuilder.LENGTH_RSA_2048, false); + key.setExponent(secret, secretStart, secretLength); key.setModulus(modBuffer, modOff, modLength); - rsaCipher.init(key,Cipher.MODE_DECRYPT); + rsaCipher.init(key, Cipher.MODE_DECRYPT); KMCipherImpl inst = new KMCipherImpl(rsaCipher); inst.setCipherAlgorithm(KMType.RSA); inst.setMode(KMType.DECRYPT); @@ -645,43 +671,45 @@ public KMCipher createRsaDecipher(short padding, short digest, byte[] secret, sh return inst; } - private KMCipher createRsaOAEP256Cipher(byte mode,byte digest, - byte[] secret, short secretStart, short secretLen, - byte[] modBuffer, short modOff, short modLength) { + private KMCipher createRsaOAEP256Cipher(byte mode, byte digest, + byte[] secret, short secretStart, short secretLen, + byte[] modBuffer, short modOff, short modLength) { // Convert byte arrays into keys byte[] exp = null; byte[] mod = new byte[modLength]; if (secret != null) { exp = new byte[secretLen]; Util.arrayCopyNonAtomic(secret, secretStart, exp, (short) 0, secretLen); - }else{ - exp = new byte[]{0x01,0x00,0x01}; + } else { + exp = new byte[]{0x01, 0x00, 0x01}; } - Util.arrayCopyNonAtomic(modBuffer,modOff,mod,(short)0,modLength); + Util.arrayCopyNonAtomic(modBuffer, modOff, mod, (short) 0, modLength); String modString = toHexString(mod); String expString = toHexString(exp); - BigInteger modInt = new BigInteger(modString,16); - BigInteger expInt = new BigInteger(expString,16); + BigInteger modInt = new BigInteger(modString, 16); + BigInteger expInt = new BigInteger(expString, 16); javax.crypto.Cipher rsaCipher = null; - try{ + try { KeyFactory kf = KeyFactory.getInstance("RSA"); // Create cipher with oaep padding OAEPParameterSpec oaepSpec = null; - if(digest == KMType.SHA2_256){ - oaepSpec= new OAEPParameterSpec("SHA-256", "MGF1", - MGF1ParameterSpec.SHA1, PSource.PSpecified.DEFAULT); - }else{ - oaepSpec= new OAEPParameterSpec("SHA1", "MGF1", - MGF1ParameterSpec.SHA1, PSource.PSpecified.DEFAULT); + if (digest == KMType.SHA2_256) { + oaepSpec = new OAEPParameterSpec("SHA-256", "MGF1", + MGF1ParameterSpec.SHA1, PSource.PSpecified.DEFAULT); + } else { + oaepSpec = new OAEPParameterSpec("SHA1", "MGF1", + MGF1ParameterSpec.SHA1, PSource.PSpecified.DEFAULT); } rsaCipher = javax.crypto.Cipher.getInstance("RSA/ECB/OAEPPadding", "SunJCE"); - if (mode == KMType.ENCRYPT){ + if (mode == KMType.ENCRYPT) { RSAPublicKeySpec pubSpec = new RSAPublicKeySpec(modInt, expInt); - java.security.interfaces.RSAPublicKey pubKey = (java.security.interfaces.RSAPublicKey) kf.generatePublic(pubSpec); + java.security.interfaces.RSAPublicKey pubKey = (java.security.interfaces.RSAPublicKey) kf + .generatePublic(pubSpec); rsaCipher.init(javax.crypto.Cipher.ENCRYPT_MODE, pubKey, oaepSpec); } else { RSAPrivateKeySpec privSpec = new RSAPrivateKeySpec(modInt, expInt); - java.security.interfaces.RSAPrivateKey privKey = (java.security.interfaces.RSAPrivateKey) kf.generatePrivate(privSpec); + java.security.interfaces.RSAPrivateKey privKey = (java.security.interfaces.RSAPrivateKey) kf + .generatePrivate(privSpec); rsaCipher.init(javax.crypto.Cipher.DECRYPT_MODE, privKey, oaepSpec); } } catch (NoSuchAlgorithmException e) { @@ -709,70 +737,78 @@ private KMCipher createRsaOAEP256Cipher(byte mode,byte digest, ret.setMode(mode); return ret; } - private String toHexString(byte[] num){ + + private String toHexString(byte[] num) { StringBuilder sb = new StringBuilder(); - for(int i = 0; i < num.length; i++){ - sb.append(String.format("%02X", num[i])) ; - } + for (int i = 0; i < num.length; i++) { + sb.append(String.format("%02X", num[i])); + } return sb.toString(); } - + public Signature createRsaSigner(short digest, short padding, byte[] secret, - short secretStart, short secretLength, byte[] modBuffer, - short modOff, short modLength) { - short alg = mapSignature256Alg(KMType.RSA, (byte)padding); + short secretStart, short secretLength, byte[] modBuffer, + short modOff, short modLength) { + short alg = mapSignature256Alg(KMType.RSA, (byte) padding); if (padding == KMType.PADDING_NONE || - (padding == KMType.RSA_PKCS1_1_5_SIGN && digest == KMType.DIGEST_NONE)) { - return createNoDigestSigner(padding,secret, secretStart, secretLength, - modBuffer, modOff, modLength); + (padding == KMType.RSA_PKCS1_1_5_SIGN && digest == KMType.DIGEST_NONE)) { + return createNoDigestSigner(padding, secret, secretStart, secretLength, + modBuffer, modOff, modLength); } - Signature rsaSigner = Signature.getInstance((byte)alg, false); - RSAPrivateKey key = (RSAPrivateKey) KeyBuilder.buildKey(KeyBuilder.TYPE_RSA_PRIVATE, KeyBuilder.LENGTH_RSA_2048, false); - key.setExponent(secret,secretStart,secretLength); + Signature rsaSigner = Signature.getInstance((byte) alg, false); + RSAPrivateKey key = (RSAPrivateKey) KeyBuilder + .buildKey(KeyBuilder.TYPE_RSA_PRIVATE, KeyBuilder.LENGTH_RSA_2048, false); + key.setExponent(secret, secretStart, secretLength); key.setModulus(modBuffer, modOff, modLength); - rsaSigner.init(key,Signature.MODE_SIGN); + rsaSigner.init(key, Signature.MODE_SIGN); return rsaSigner; } private Signature createNoDigestSigner(short padding, - byte[] secret, short secretStart, short secretLength, - byte[] modBuffer, short modOff, short modLength) { - Cipher rsaCipher = Cipher.getInstance(Cipher.ALG_RSA_NOPAD,false); + byte[] secret, short secretStart, short secretLength, + byte[] modBuffer, short modOff, short modLength) { + Cipher rsaCipher = Cipher.getInstance(Cipher.ALG_RSA_NOPAD, false); RSAPrivateKey key = (RSAPrivateKey) KeyBuilder.buildKey(KeyBuilder.TYPE_RSA_PRIVATE, - KeyBuilder.LENGTH_RSA_2048, false); - key.setExponent(secret,secretStart,secretLength); + KeyBuilder.LENGTH_RSA_2048, false); + key.setExponent(secret, secretStart, secretLength); key.setModulus(modBuffer, modOff, modLength); - rsaCipher.init(key,Cipher.MODE_DECRYPT); - KMRsa2048NoDigestSignature inst = new KMRsa2048NoDigestSignature(rsaCipher,(byte)padding, - modBuffer,modOff,modLength); + rsaCipher.init(key, Cipher.MODE_DECRYPT); + KMRsa2048NoDigestSignature inst = new KMRsa2048NoDigestSignature(rsaCipher, (byte) padding, + modBuffer, modOff, modLength); return inst; } - - public Signature createEcSigner(short digest, byte[] secret, short secretStart, short secretLength) { - short alg = mapSignature256Alg(KMType.EC,(byte)0); - Signature ecSigner; - if(digest == KMType.DIGEST_NONE) { - ecSigner = new KMEcdsa256NoDigestSignature(Signature.MODE_SIGN, secret, secretStart, secretLength); - } else { - ECPrivateKey key = (ECPrivateKey) KeyBuilder.buildKey(KeyBuilder.TYPE_EC_FP_PRIVATE, KeyBuilder.LENGTH_EC_FP_256, false); - key.setS(secret,secretStart,secretLength); - ecSigner = Signature.getInstance((byte)alg,false); - ecSigner.init(key,Signature.MODE_SIGN); - } + + public Signature createEcSigner(short digest, byte[] secret, short secretStart, + short secretLength) { + short alg = mapSignature256Alg(KMType.EC, (byte) 0); + Signature ecSigner; + if (digest == KMType.DIGEST_NONE) { + ecSigner = new KMEcdsa256NoDigestSignature(Signature.MODE_SIGN, secret, secretStart, + secretLength); + } else { + ECPrivateKey key = (ECPrivateKey) KeyBuilder + .buildKey(KeyBuilder.TYPE_EC_FP_PRIVATE, KeyBuilder.LENGTH_EC_FP_256, false); + key.setS(secret, secretStart, secretLength); + ecSigner = Signature.getInstance((byte) alg, false); + ecSigner.init(key, Signature.MODE_SIGN); + } return ecSigner; } - + public KMCipher createSymmetricCipher( - short cipherAlg, short mode, short blockMode, short padding, byte[] secret, short secretStart, short secretLength) { - return createSymmetricCipher(cipherAlg, mode, blockMode, padding, secret,secretStart,secretLength,null,(short)0,(short)0); + short cipherAlg, short mode, short blockMode, short padding, byte[] secret, short secretStart, + short secretLength) { + return createSymmetricCipher(cipherAlg, mode, blockMode, padding, secret, secretStart, + secretLength, null, (short) 0, (short) 0); } - - public KMCipher createSymmetricCipher(short alg, short purpose, short blockMode, short padding, byte[] secret, - short secretStart, short secretLength, - byte[] ivBuffer, short ivStart, short ivLength) { + + public KMCipher createSymmetricCipher(short alg, short purpose, short blockMode, short padding, + byte[] secret, + short secretStart, short secretLength, + byte[] ivBuffer, short ivStart, short ivLength) { Key key = null; Cipher symmCipher = null; short len = 0; @@ -790,35 +826,36 @@ public KMCipher createSymmetricCipher(short alg, short purpose, short blockMode, CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); break; } - short cipherAlg = mapCipherAlg((byte)alg,(byte)padding,(byte)blockMode); - switch(cipherAlg){ + short cipherAlg = mapCipherAlg((byte) alg, (byte) padding, (byte) blockMode); + switch (cipherAlg) { case Cipher.ALG_AES_BLOCK_128_CBC_NOPAD: - key = KeyBuilder.buildKey(KeyBuilder.TYPE_AES,len,false); - ((AESKey) key).setKey(secret,secretStart); - symmCipher = Cipher.getInstance((byte)cipherAlg, false); + key = KeyBuilder.buildKey(KeyBuilder.TYPE_AES, len, false); + ((AESKey) key).setKey(secret, secretStart); + symmCipher = Cipher.getInstance((byte) cipherAlg, false); symmCipher.init(key, mapPurpose(purpose), ivBuffer, ivStart, ivLength); break; case Cipher.ALG_AES_BLOCK_128_ECB_NOPAD: - key = KeyBuilder.buildKey(KeyBuilder.TYPE_AES,len,false); - ((AESKey) key).setKey(secret,secretStart); - symmCipher = Cipher.getInstance((byte)cipherAlg, false); + key = KeyBuilder.buildKey(KeyBuilder.TYPE_AES, len, false); + ((AESKey) key).setKey(secret, secretStart); + symmCipher = Cipher.getInstance((byte) cipherAlg, false); symmCipher.init(key, mapPurpose(purpose)); break; case Cipher.ALG_DES_CBC_NOPAD: - key = KeyBuilder.buildKey(KeyBuilder.TYPE_DES,len,false); - ((DESKey) key).setKey(secret,secretStart); - symmCipher = Cipher.getInstance((byte)cipherAlg, false); + key = KeyBuilder.buildKey(KeyBuilder.TYPE_DES, len, false); + ((DESKey) key).setKey(secret, secretStart); + symmCipher = Cipher.getInstance((byte) cipherAlg, false); //While sending back the iv send only 8 bytes. - symmCipher.init(key, mapPurpose(purpose), ivBuffer, ivStart, (short)8); + symmCipher.init(key, mapPurpose(purpose), ivBuffer, ivStart, (short) 8); break; case Cipher.ALG_DES_ECB_NOPAD: - key = KeyBuilder.buildKey(KeyBuilder.TYPE_DES,len,false); - ((DESKey) key).setKey(secret,secretStart); - symmCipher = Cipher.getInstance((byte)cipherAlg, false); + key = KeyBuilder.buildKey(KeyBuilder.TYPE_DES, len, false); + ((DESKey) key).setKey(secret, secretStart); + symmCipher = Cipher.getInstance((byte) cipherAlg, false); symmCipher.init(key, mapPurpose(purpose)); break; case Cipher.ALG_AES_CTR: // uses SUNJCE - return createAesCtrCipherNoPad(purpose, secret,secretStart,secretLength,ivBuffer,ivStart,ivLength); + return createAesCtrCipherNoPad(purpose, secret, secretStart, secretLength, ivBuffer, + ivStart, ivLength); default://This should never happen CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM); break; @@ -830,26 +867,27 @@ public KMCipher createSymmetricCipher(short alg, short purpose, short blockMode, cipher.setBlockMode(blockMode); return cipher; } - private byte mapPurpose(short purpose){ - switch(purpose){ + + private byte mapPurpose(short purpose) { + switch (purpose) { case KMType.ENCRYPT: return Cipher.MODE_ENCRYPT; case KMType.DECRYPT: return Cipher.MODE_DECRYPT; case KMType.SIGN: - return Signature.MODE_SIGN; + return Signature.MODE_SIGN; case KMType.VERIFY: return Signature.MODE_VERIFY; } return -1; } - private byte mapSignature256Alg(byte alg, byte padding){ - switch(alg){ + private byte mapSignature256Alg(byte alg, byte padding) { + switch (alg) { case KMType.RSA: - switch(padding){ + switch (padding) { case KMType.RSA_PKCS1_1_5_SIGN: - return Signature.ALG_RSA_SHA_256_PKCS1; + return Signature.ALG_RSA_SHA_256_PKCS1; case KMType.RSA_PSS: return Signature.ALG_RSA_SHA_256_PKCS1_PSS; } @@ -862,12 +900,12 @@ private byte mapSignature256Alg(byte alg, byte padding){ return -1; } - private byte mapCipherAlg(byte alg, byte padding, byte blockmode){ - switch(alg){ + private byte mapCipherAlg(byte alg, byte padding, byte blockmode) { + switch (alg) { case KMType.AES: - switch(blockmode){ + switch (blockmode) { case KMType.ECB: - return Cipher.ALG_AES_BLOCK_128_ECB_NOPAD; + return Cipher.ALG_AES_BLOCK_128_ECB_NOPAD; case KMType.CBC: return Cipher.ALG_AES_BLOCK_128_CBC_NOPAD; case KMType.CTR: @@ -877,7 +915,7 @@ private byte mapCipherAlg(byte alg, byte padding, byte blockmode){ } break; case KMType.DES: - switch(blockmode){ + switch (blockmode) { case KMType.ECB: return Cipher.ALG_DES_ECB_NOPAD; case KMType.CBC: @@ -885,7 +923,7 @@ private byte mapCipherAlg(byte alg, byte padding, byte blockmode){ } break; case KMType.RSA: - switch(padding){ + switch (padding) { case KMType.PADDING_NONE: return Cipher.ALG_RSA_NOPAD; case KMType.RSA_PKCS1_1_5_ENCRYPT: @@ -898,20 +936,21 @@ private byte mapCipherAlg(byte alg, byte padding, byte blockmode){ return -1; } - private KMCipher createAesCtrCipherNoPad(short mode, byte[] secret, short secretStart, short secretLength, byte[] ivBuffer, short ivStart, short ivLength) { - if(secretLength != 16 && secretLength != 32){ + private KMCipher createAesCtrCipherNoPad(short mode, byte[] secret, short secretStart, + short secretLength, byte[] ivBuffer, short ivStart, short ivLength) { + if (secretLength != 16 && secretLength != 32) { CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); } - if(ivLength != 16){ + if (ivLength != 16) { CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); } - if(mode != KMType.ENCRYPT && mode != KMType.DECRYPT){ + if (mode != KMType.ENCRYPT && mode != KMType.DECRYPT) { CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); } //Create the sun jce compliant aes key byte[] keyMaterial = new byte[secretLength]; - Util.arrayCopyNonAtomic(secret,secretStart,keyMaterial,(short)0,secretLength); - java.security.Key aesKey = new SecretKeySpec(keyMaterial,(short)0,keyMaterial.length, "AES"); + Util.arrayCopyNonAtomic(secret, secretStart, keyMaterial, (short) 0, secretLength); + java.security.Key aesKey = new SecretKeySpec(keyMaterial, (short) 0, keyMaterial.length, "AES"); // Create the cipher javax.crypto.Cipher cipher = null; try { @@ -928,12 +967,15 @@ private KMCipher createAesCtrCipherNoPad(short mode, byte[] secret, short secret } // Copy nonce byte[] iv = new byte[ivLength]; - Util.arrayCopyNonAtomic(ivBuffer,ivStart,iv,(short)0,ivLength); + Util.arrayCopyNonAtomic(ivBuffer, ivStart, iv, (short) 0, ivLength); // Init Cipher IvParameterSpec ivSpec = new IvParameterSpec(iv); try { - if(mode == KMType.ENCRYPT) cipher.init(javax.crypto.Cipher.ENCRYPT_MODE, aesKey, ivSpec); - else cipher.init(javax.crypto.Cipher.DECRYPT_MODE, aesKey, ivSpec); + if (mode == KMType.ENCRYPT) { + cipher.init(javax.crypto.Cipher.ENCRYPT_MODE, aesKey, ivSpec); + } else { + cipher.init(javax.crypto.Cipher.DECRYPT_MODE, aesKey, ivSpec); + } } catch (InvalidKeyException e) { e.printStackTrace(); CryptoException.throwIt(CryptoException.INVALID_INIT); @@ -944,38 +986,43 @@ private KMCipher createAesCtrCipherNoPad(short mode, byte[] secret, short secret KMCipherImpl ret = new KMCipherImpl(cipher); ret.setCipherAlgorithm(KMType.AES); ret.setMode(mode); - ret.setPaddingAlgorithm((short)0); + ret.setPaddingAlgorithm((short) 0); ret.setBlockMode(KMType.CTR); return ret; } - - public Signature createHmacSignerVerifier(short purpose, short digest, byte[] secret, short secretStart, short secretLength) { + + public Signature createHmacSignerVerifier(short purpose, short digest, byte[] secret, + short secretStart, short secretLength) { short alg = Signature.ALG_HMAC_SHA_256; - if(digest != KMType.SHA2_256) CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - Signature hmacSignerVerifier = Signature.getInstance((byte)alg,false); - HMACKey key = (HMACKey) KeyBuilder.buildKey(KeyBuilder.TYPE_HMAC, (short)(secretLength*8), false); - key.setKey(secret,secretStart,secretLength); - hmacSignerVerifier.init(key,(byte)purpose); + if (digest != KMType.SHA2_256) { + CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); + } + Signature hmacSignerVerifier = Signature.getInstance((byte) alg, false); + HMACKey key = (HMACKey) KeyBuilder + .buildKey(KeyBuilder.TYPE_HMAC, (short) (secretLength * 8), false); + key.setKey(secret, secretStart, secretLength); + hmacSignerVerifier.init(key, (byte) purpose); return hmacSignerVerifier; } - - public KMCipher createAesGcmCipher(short mode, short tagLen, byte[] secret, short secretStart, short secretLength, - byte[] ivBuffer, short ivStart, short ivLength) { - if(secretLength != 16 && secretLength != 32){ + + public KMCipher createAesGcmCipher(short mode, short tagLen, byte[] secret, short secretStart, + short secretLength, + byte[] ivBuffer, short ivStart, short ivLength) { + if (secretLength != 16 && secretLength != 32) { CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); } - if(ivLength != AES_GCM_NONCE_LENGTH){ + if (ivLength != AES_GCM_NONCE_LENGTH) { CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); } - if(mode != KMType.ENCRYPT && mode != KMType.DECRYPT){ + if (mode != KMType.ENCRYPT && mode != KMType.DECRYPT) { CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); } //Create the sun jce compliant aes key byte[] keyMaterial = new byte[secretLength]; - Util.arrayCopyNonAtomic(secret,secretStart,keyMaterial,(short)0,secretLength); - java.security.Key aesKey = new SecretKeySpec(keyMaterial,(short)0,keyMaterial.length, "AES"); + Util.arrayCopyNonAtomic(secret, secretStart, keyMaterial, (short) 0, secretLength); + java.security.Key aesKey = new SecretKeySpec(keyMaterial, (short) 0, keyMaterial.length, "AES"); // Create the cipher javax.crypto.Cipher cipher = null; try { @@ -992,12 +1039,15 @@ public KMCipher createAesGcmCipher(short mode, short tagLen, byte[] secret, shor } // Copy nonce byte[] iv = new byte[AES_GCM_NONCE_LENGTH]; - Util.arrayCopyNonAtomic(ivBuffer,ivStart,iv,(short)0,AES_GCM_NONCE_LENGTH); + Util.arrayCopyNonAtomic(ivBuffer, ivStart, iv, (short) 0, AES_GCM_NONCE_LENGTH); // Init Cipher - GCMParameterSpec spec = new GCMParameterSpec(tagLen, iv,(short)0,AES_GCM_NONCE_LENGTH); + GCMParameterSpec spec = new GCMParameterSpec(tagLen, iv, (short) 0, AES_GCM_NONCE_LENGTH); try { - if(mode == KMType.ENCRYPT)mode = javax.crypto.Cipher.ENCRYPT_MODE; - else mode = javax.crypto.Cipher.DECRYPT_MODE; + if (mode == KMType.ENCRYPT) { + mode = javax.crypto.Cipher.ENCRYPT_MODE; + } else { + mode = javax.crypto.Cipher.DECRYPT_MODE; + } cipher.init(mode, aesKey, spec); } catch (InvalidKeyException e) { e.printStackTrace(); @@ -1009,7 +1059,7 @@ public KMCipher createAesGcmCipher(short mode, short tagLen, byte[] secret, shor KMCipherImpl ret = new KMCipherImpl(cipher); ret.setCipherAlgorithm(KMType.AES); ret.setMode(mode); - ret.setPaddingAlgorithm((short)0); + ret.setPaddingAlgorithm((short) 0); ret.setBlockMode(KMType.GCM); return ret; } @@ -1046,7 +1096,9 @@ public void newRandomNumber(byte[] num, short startOff, short length) { aesRngKey.setKey(entropyPool, (short) 0); aesRngCipher.init(aesRngKey, Cipher.MODE_ENCRYPT, aesICV, (short) 0, (short) 16); while (length > 0) { - if (length < len) len = length; + if (length < len) { + len = length; + } // increment rngCounter by one incrementCounter(); // copy the 8 byte rngCounter into the 16 byte rngCounter buffer. @@ -1071,8 +1123,11 @@ private void incrementCounter() { // then increment the rngCounter rngCounter[index]++; // is the msb still set? i.e. no carry over - if (rngCounter[index] < 0) break; // then break - else index--; // else go to the higher order byte + if (rngCounter[index] < 0) { + break; // then break + } else { + index--; // else go to the higher order byte + } } else { // if msb is not set then increment the rngCounter rngCounter[index]++; @@ -1085,7 +1140,9 @@ private void incrementCounter() { public void addRngEntropy(byte[] num, short offset, short length) { // Maximum length can be 256 bytes. But currently we support max 32 bytes seed. // Get existing entropy pool. - if (length > 32) length = 32; + if (length > 32) { + length = 32; + } // Create new temporary pool. // Populate the new pool with the entropy which is derived from current entropy pool. newRandomNumber(rndNum, (short) 0, (short) entropyPool.length); @@ -1111,14 +1168,14 @@ public KMAttestationCert getAttestationCert(boolean rsaCert) { } public short readCertificateChain(byte[] buf, short offset) { - short len = Util.getShort(certificateChain, (short)0); - Util.arrayCopyNonAtomic(certificateChain, (short)2, buf, offset, len); + short len = Util.getShort(certificateChain, (short) 0); + Util.arrayCopyNonAtomic(certificateChain, (short) 2, buf, offset, len); return len; } @Override public short getCertificateChainLength() { - return Util.getShort(certificateChain, (short)0); + return Util.getShort(certificateChain, (short) 0); } @Override @@ -1126,7 +1183,7 @@ public short ecSign256(KMAttestationKey attestationKey, byte[] inputDataBuf, short inputDataStart, short inputDataLength, byte[] outputDataBuf, short outputDataStart) { - ECPrivateKey key = ((KMECPrivateKey)attestationKey).getPrivateKey(); + ECPrivateKey key = ((KMECPrivateKey) attestationKey).getPrivateKey(); Signature signer = Signature .getInstance(Signature.ALG_ECDSA_SHA_256, false); @@ -1138,7 +1195,7 @@ public short ecSign256(KMAttestationKey attestationKey, @Override public void clearCertificateChain() { JCSystem.beginTransaction(); - Util.arrayFillNonAtomic(certificateChain, (short)0, CERT_CHAIN_MAX_SIZE, (byte) 0); + Util.arrayFillNonAtomic(certificateChain, (short) 0, CERT_CHAIN_MAX_SIZE, (byte) 0); JCSystem.commitTransaction(); } @@ -1163,7 +1220,7 @@ public void persistPartialCertificateChain(byte[] buf, short offset, JCSystem.beginTransaction(); Util.setShort(certificateChain, (short) 0, (short) (len + persistedLen)); Util.arrayCopyNonAtomic(buf, offset, certificateChain, - (short) (persistedLen+2), len); + (short) (persistedLen + 2), len); JCSystem.commitTransaction(); } @@ -1208,10 +1265,10 @@ public boolean isUpgrading() { public KMMasterKey createMasterKey(short keySizeBits) { if (masterKey == null) { AESKey key = (AESKey) KeyBuilder.buildKey( - KeyBuilder.TYPE_AES, keySizeBits, false); + KeyBuilder.TYPE_AES, keySizeBits, false); masterKey = new KMAESKey(key); short keyLen = (short) (keySizeBits / 8); - byte[] keyData = new byte[keyLen]; + byte[] keyData = new byte[keyLen]; getTrueRandomNumber(keyData, (short) 0, keyLen); masterKey.setKey(keyData, (short) 0); } @@ -1220,7 +1277,7 @@ public KMMasterKey createMasterKey(short keySizeBits) { @Override public KMAttestationKey createAttestationKey(byte[] keyData, short offset, - short length) { + short length) { if (attestationKey == null) { // Strongbox supports only P-256 curve for EC key. KeyPair ecKeyPair = new KeyPair(KeyPair.ALG_EC_FP, KeyBuilder.LENGTH_EC_FP_256); @@ -1232,13 +1289,13 @@ public KMAttestationKey createAttestationKey(byte[] keyData, short offset, @Override public KMPreSharedKey createPresharedKey(byte[] keyData, short offset, short length) { - short lengthInBits = (short)(length * 8); + short lengthInBits = (short) (length * 8); if ((lengthInBits % 8 != 0) || !(lengthInBits >= 64 && lengthInBits <= 512)) { CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); } if (preSharedKey == null) { HMACKey key = (HMACKey) KeyBuilder.buildKey(KeyBuilder.TYPE_HMAC, lengthInBits, - false); + false); preSharedKey = new KMHmacKey(key); } preSharedKey.setKey(keyData, offset, length); diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMOperationImpl.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMOperationImpl.java index 78c01302..761b388a 100644 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMOperationImpl.java +++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMOperationImpl.java @@ -18,43 +18,51 @@ import javacard.security.Signature; public class KMOperationImpl implements KMOperation { + private KMCipher cipher; private Signature signature; - public KMOperationImpl(KMCipher cipher){ + public KMOperationImpl(KMCipher cipher) { this.cipher = cipher; this.signature = null; } - public KMOperationImpl(Signature sign){ + public KMOperationImpl(Signature sign) { this.cipher = null; this.signature = sign; } @Override public short update(byte[] inputDataBuf, short inputDataStart, short inputDataLength, - byte[] outputDataBuf, short outputDataStart) { - return cipher.update(inputDataBuf,inputDataStart,inputDataLength,outputDataBuf,outputDataStart); + byte[] outputDataBuf, short outputDataStart) { + return cipher + .update(inputDataBuf, inputDataStart, inputDataLength, outputDataBuf, outputDataStart); } + @Override public short update(byte[] inputDataBuf, short inputDataStart, short inputDataLength) { - signature.update(inputDataBuf,inputDataStart,inputDataLength); - return 0; + signature.update(inputDataBuf, inputDataStart, inputDataLength); + return 0; } @Override - public short finish(byte[] inputDataBuf, short inputDataStart, short inputDataLength, byte[] outputDataBuf, short outputDataStart) { - return cipher.doFinal(inputDataBuf,inputDataStart,inputDataLength,outputDataBuf,outputDataStart); + public short finish(byte[] inputDataBuf, short inputDataStart, short inputDataLength, + byte[] outputDataBuf, short outputDataStart) { + return cipher + .doFinal(inputDataBuf, inputDataStart, inputDataLength, outputDataBuf, outputDataStart); } @Override - public short sign(byte[] inputDataBuf, short inputDataStart, short inputDataLength, byte[] signBuf, short signStart) { - return signature.sign(inputDataBuf,inputDataStart,inputDataLength,signBuf,signStart); + public short sign(byte[] inputDataBuf, short inputDataStart, short inputDataLength, + byte[] signBuf, short signStart) { + return signature.sign(inputDataBuf, inputDataStart, inputDataLength, signBuf, signStart); } @Override - public boolean verify(byte[] inputDataBuf, short inputDataStart, short inputDataLength, byte[] signBuf, short signStart, short signLength) { - return signature.verify(inputDataBuf,inputDataStart,inputDataLength,signBuf,signStart,signLength); + public boolean verify(byte[] inputDataBuf, short inputDataStart, short inputDataLength, + byte[] signBuf, short signStart, short signLength) { + return signature + .verify(inputDataBuf, inputDataStart, inputDataLength, signBuf, signStart, signLength); } @Override diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMRsa2048NoDigestSignature.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMRsa2048NoDigestSignature.java index de97d02c..573be574 100644 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMRsa2048NoDigestSignature.java +++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMRsa2048NoDigestSignature.java @@ -22,16 +22,19 @@ import javacardx.crypto.Cipher; public class KMRsa2048NoDigestSignature extends Signature { + private Cipher inst; // ALG_RSA_NOPAD. private byte padding; private byte[] rsaModulus; // to compare with the data value - public KMRsa2048NoDigestSignature(Cipher ciph, byte padding, byte[]mod, short start, short len){ + public KMRsa2048NoDigestSignature(Cipher ciph, byte padding, byte[] mod, short start, short len) { inst = ciph; this.padding = padding; - if(len != 256) CryptoException.throwIt(CryptoException.INVALID_INIT); + if (len != 256) { + CryptoException.throwIt(CryptoException.INVALID_INIT); + } rsaModulus = new byte[256]; - Util.arrayCopyNonAtomic(mod,start,rsaModulus,(short)0,len); + Util.arrayCopyNonAtomic(mod, start, rsaModulus, (short) 0, len); } @Override @@ -44,7 +47,8 @@ public void init(Key key, byte b, byte[] bytes, short i, short i1) throws Crypto } @Override - public void setInitialDigest(byte[] bytes, short i, short i1, byte[] bytes1, short i2, short i3) throws CryptoException { + public void setInitialDigest(byte[] bytes, short i, short i1, byte[] bytes1, short i2, short i3) + throws CryptoException { } @Override @@ -77,30 +81,34 @@ public void update(byte[] bytes, short i, short i1) throws CryptoException { } @Override - public short sign(byte[] bytes, short i, short i1, byte[] bytes1, short i2) throws CryptoException { - byte[] inputData = padData(bytes,i,i1); - return inst.doFinal(inputData,(short)0,(short)256,bytes1,i2); + public short sign(byte[] bytes, short i, short i1, byte[] bytes1, short i2) + throws CryptoException { + byte[] inputData = padData(bytes, i, i1); + return inst.doFinal(inputData, (short) 0, (short) 256, bytes1, i2); } @Override - public short signPreComputedHash(byte[] bytes, short i, short i1, byte[] bytes1, short i2) throws CryptoException { + public short signPreComputedHash(byte[] bytes, short i, short i1, byte[] bytes1, short i2) + throws CryptoException { return 0; } @Override - public boolean verify(byte[] bytes, short i, short i1, byte[] bytes1, short i2, short i3) throws CryptoException { + public boolean verify(byte[] bytes, short i, short i1, byte[] bytes1, short i2, short i3) + throws CryptoException { // Public key operations not handled here. return false; } @Override - public boolean verifyPreComputedHash(byte[] bytes, short i, short i1, byte[] bytes1, short i2, short i3) throws CryptoException { + public boolean verifyPreComputedHash(byte[] bytes, short i, short i1, byte[] bytes1, short i2, + short i3) throws CryptoException { return false; } - private byte[] padData(byte[] buf, short start, short len){ + private byte[] padData(byte[] buf, short start, short len) { byte[] inputData = new byte[256]; - if(!isValidData(buf, start,len)){ + if (!isValidData(buf, start, len)) { CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); } Util.arrayFillNonAtomic(inputData, (short) 0, (short) 256, (byte) 0x00); @@ -108,24 +116,27 @@ private byte[] padData(byte[] buf, short start, short len){ } else if (padding == KMType.RSA_PKCS1_1_5_SIGN) {// 0x00||0x01||PS||0x00 inputData[0] = 0x00; inputData[1] = 0x01; - Util.arrayFillNonAtomic(inputData,(short)2,(short)(256-len-3),(byte)0xFF); - inputData[(short)(256-len-1)] = 0x00; - }else{ + Util.arrayFillNonAtomic(inputData, (short) 2, (short) (256 - len - 3), (byte) 0xFF); + inputData[(short) (256 - len - 1)] = 0x00; + } else { CryptoException.throwIt(CryptoException.ILLEGAL_USE); } - Util.arrayCopyNonAtomic(buf,start,inputData,(short)(256 -len),len); + Util.arrayCopyNonAtomic(buf, start, inputData, (short) (256 - len), len); return inputData; } private boolean isValidData(byte[] buf, short start, short len) { if (padding == KMType.PADDING_NONE) { - if (len > 256) return false; - else if (len == 256) { + if (len > 256) { + return false; + } else if (len == 256) { short v = KMInteger.unsignedByteArrayCompare(buf, start, rsaModulus, (short) 0, len); - if (v > 0) return false; + if (v > 0) { + return false; + } } } else {//pkcs1 no digest - if(len > 245){ + if (len > 245) { return false; } } diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMUtils.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMUtils.java index 2e72ae6d..c2b5c7f3 100644 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMUtils.java +++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMUtils.java @@ -18,43 +18,44 @@ import javacard.framework.Util; public class KMUtils { + // 64 bit unsigned calculations for time public static final byte[] oneSecMsec = { - 0, 0, 0, 0, 0, 0, 0x03, (byte) 0xE8 }; // 1000 msec + 0, 0, 0, 0, 0, 0, 0x03, (byte) 0xE8}; // 1000 msec public static final byte[] oneMinMsec = { - 0, 0, 0, 0, 0, 0, (byte) 0xEA, 0x60 }; // 60000 msec + 0, 0, 0, 0, 0, 0, (byte) 0xEA, 0x60}; // 60000 msec public static final byte[] oneHourMsec = { - 0, 0, 0, 0, 0, 0x36, (byte) 0xEE, (byte) 0x80 }; // 3600000 msec + 0, 0, 0, 0, 0, 0x36, (byte) 0xEE, (byte) 0x80}; // 3600000 msec public static final byte[] oneDayMsec = { - 0, 0, 0, 0, 0x05, 0x26, 0x5C, 0x00 }; // 86400000 msec + 0, 0, 0, 0, 0x05, 0x26, 0x5C, 0x00}; // 86400000 msec public static final byte[] oneMonthMsec = { - 0, 0, 0, 0, (byte) 0x9C,(byte) 0xBE, (byte) 0xBD, 0x50}; // 2629746000 msec - public static final byte[] leapYearMsec = { - 0, 0, 0, 0x07, (byte) 0x5C, (byte) 0xD7, (byte) 0x88, 0x00}; //31622400000; + 0, 0, 0, 0, (byte) 0x9C, (byte) 0xBE, (byte) 0xBD, 0x50}; // 2629746000 msec + public static final byte[] leapYearMsec = { + 0, 0, 0, 0x07, (byte) 0x5C, (byte) 0xD7, (byte) 0x88, 0x00}; //31622400000; public static final byte[] yearMsec = { - 0, 0, 0, 0x07, 0x57, (byte) 0xB1, 0x2C, 0x00}; //31536000000 + 0, 0, 0, 0x07, 0x57, (byte) 0xB1, 0x2C, 0x00}; //31536000000 //Leap year(366) + 3 * 365 public static final byte[] fourYrsMsec = { - 0, 0, 0, 0x1D, 0x63, (byte) 0xEB, 0x0C, 0x00};//126230400000 + 0, 0, 0, 0x1D, 0x63, (byte) 0xEB, 0x0C, 0x00};//126230400000 public static final byte[] firstJan2020 = { - 0, 0, 0x01, 0x6F, 0x5E, 0x66, (byte)0xE8, 0x00 }; // 1577836800000 msec + 0, 0, 0x01, 0x6F, 0x5E, 0x66, (byte) 0xE8, 0x00}; // 1577836800000 msec public static final byte[] firstJan2051 = { - 0, 0, 0x02, 0x53, 0x26, (byte) 0x0E, (byte) 0x1C, 0x00 }; // 2556144000000 - // msec + 0, 0, 0x02, 0x53, 0x26, (byte) 0x0E, (byte) 0x1C, 0x00}; // 2556144000000 + // msec public static final byte[] febMonthLeapMSec = { - 0, 0, 0, 0, (byte) 0x95, 0x58, 0x6C, 0x00 }; //2505600000 + 0, 0, 0, 0, (byte) 0x95, 0x58, 0x6C, 0x00}; //2505600000 public static final byte[] febMonthMsec = { - 0, 0, 0, 0, (byte) 0x90, 0x32, 0x10, 0x00 }; //2419200000 + 0, 0, 0, 0, (byte) 0x90, 0x32, 0x10, 0x00}; //2419200000 public static final byte[] ThirtyOneDaysMonthMsec = { - 0, 0, 0, 0, (byte) 0x9F, (byte) 0xA5, 0x24, 0x00 };//2678400000 + 0, 0, 0, 0, (byte) 0x9F, (byte) 0xA5, 0x24, 0x00};//2678400000 public static final byte[] ThirtDaysMonthMsec = { - 0, 0, 0, 0, (byte) 0x9A, 0x7E, (byte) 0xC8, 0x00 };//2592000000 + 0, 0, 0, 0, (byte) 0x9A, 0x7E, (byte) 0xC8, 0x00};//2592000000 public static final short year2051 = 2051; public static final short year2020 = 2020; // -------------------------------------- public static short convertToDate(short time, byte[] scratchPad, - boolean utcFlag) { + boolean utcFlag) { short yrsCount = 0; short monthCount = 1; @@ -66,48 +67,48 @@ public static short convertToDate(short time, byte[] scratchPad, boolean from2020 = true; Util.arrayFillNonAtomic(scratchPad, (short) 0, (short) 256, (byte) 0); Util.arrayCopyNonAtomic(KMInteger.cast(time).getBuffer(), - KMInteger.cast(time).getStartOff(), scratchPad, - (short) (8 - KMInteger.cast(time).length()), KMInteger.cast(time) - .length()); + KMInteger.cast(time).getStartOff(), scratchPad, + (short) (8 - KMInteger.cast(time).length()), KMInteger.cast(time) + .length()); // If the time is less then 1 Jan 2020 then it is an error if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2020, (short) 0, - (short) 8) < 0) { + (short) 8) < 0) { KMException.throwIt(KMError.INVALID_ARGUMENT); } if (utcFlag - && KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, - (short) 0, (short) 8) >= 0) { + && KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, + (short) 0, (short) 8) >= 0) { KMException.throwIt(KMError.INVALID_ARGUMENT); } if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, (short) 0, - (short) 8) < 0) { + (short) 8) < 0) { Util.arrayCopyNonAtomic(firstJan2020, (short) 0, scratchPad, (short) 8, - (short) 8); + (short) 8); subtract(scratchPad, (short) 0, (short) 8, (short) 16); Util.arrayCopyNonAtomic(scratchPad, (short) 16, scratchPad, (short) 0, - (short) 8); + (short) 8); } else { from2020 = false; Util.arrayCopyNonAtomic(firstJan2051, (short) 0, scratchPad, (short) 8, - (short) 8); + (short) 8); subtract(scratchPad, (short) 0, (short) 8, (short) 16); Util.arrayCopyNonAtomic(scratchPad, (short) 16, scratchPad, (short) 0, - (short) 8); + (short) 8); } // divide the given time with four yrs msec count if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, fourYrsMsec, (short) 0, - (short) 8) >= 0) { + (short) 8) >= 0) { Util.arrayCopyNonAtomic(fourYrsMsec, (short) 0, scratchPad, (short) 8, - (short) 8); + (short) 8); yrsCount = divide(scratchPad, (short) 0, (short) 8, (short) 16); // quotient - // is - // multiple - // of 4 + // is + // multiple + // of 4 yrsCount = (short) (yrsCount * 4); // number of yrs. // copy reminder as new dividend Util.arrayCopyNonAtomic(scratchPad, (short) 16, scratchPad, (short) 0, - (short) 8); + (short) 8); } //Get the leap year index starting from the (base Year + yrsCount) Year. @@ -116,29 +117,33 @@ public static short convertToDate(short time, byte[] scratchPad, // if leap year index is 0, then the number of days for the 1st year will be 366 days. // if leap year index is not 0, then the number of days for the 1st year will be 365 days. if (((leapYrIdx == 0) && - (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, leapYearMsec, (short) 0,(short) 8) >= 0)) || - ((leapYrIdx != 0) && - (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, yearMsec, (short) 0,(short) 8) >= 0))) { + (KMInteger + .unsignedByteArrayCompare(scratchPad, (short) 0, leapYearMsec, (short) 0, (short) 8) + >= 0)) || + ((leapYrIdx != 0) && + (KMInteger + .unsignedByteArrayCompare(scratchPad, (short) 0, yearMsec, (short) 0, (short) 8) + >= 0))) { for (short i = 0; i < 4; i++) { yrsCount++; if (i == leapYrIdx) { Util.arrayCopyNonAtomic(leapYearMsec, (short) 0, scratchPad, - (short) 8, (short) 8); + (short) 8, (short) 8); } else { Util.arrayCopyNonAtomic(yearMsec, (short) 0, scratchPad, (short) 8, - (short) 8); + (short) 8); } subtract(scratchPad, (short) 0, (short) 8, (short) 16); Util.arrayCopyNonAtomic(scratchPad, (short) 16, scratchPad, (short) 0, - (short) 8); + (short) 8); if (((short) (i + 1) == leapYrIdx)) { if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, leapYearMsec, - (short) 0, (short) 8) < 0) { + (short) 0, (short) 8) < 0) { break; } } else { if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, yearMsec, - (short) 0, (short) 8) < 0) { + (short) 0, (short) 8) < 0) { break; } } @@ -146,40 +151,41 @@ public static short convertToDate(short time, byte[] scratchPad, } // total yrs from 1970 - if (from2020) + if (from2020) { yrsCount = (short) (year2020 + yrsCount); - else + } else { yrsCount = (short) (year2051 + yrsCount); + } // divide the given time with one month msec count if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, oneMonthMsec, (short) 0, - (short) 8) >= 0) { + (short) 8) >= 0) { for (short i = 0; i < 12; i++) { if (i == 1) { // Feb month if (isLeapYear(yrsCount)) { // Leap year 29 days Util.arrayCopyNonAtomic(febMonthLeapMSec, (short) 0, scratchPad, - (short) 8, (short) 8); + (short) 8, (short) 8); } else { // 28 days Util.arrayCopyNonAtomic(febMonthMsec, (short) 0, scratchPad, - (short) 8, (short) 8); + (short) 8, (short) 8); } } else if (((i <= 6) && ((i % 2 == 0))) || ((i > 6) && ((i % 2 == 1)))) { Util.arrayCopyNonAtomic(ThirtyOneDaysMonthMsec, (short) 0, - scratchPad, (short) 8, (short) 8); + scratchPad, (short) 8, (short) 8); } else { // 30 Days Util.arrayCopyNonAtomic(ThirtDaysMonthMsec, (short) 0, scratchPad, - (short) 8, (short) 8); + (short) 8, (short) 8); } if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, scratchPad, (short) 8, - (short) 8) >= 0) { + (short) 8) >= 0) { subtract(scratchPad, (short) 0, (short) 8, (short) 16); Util.arrayCopyNonAtomic(scratchPad, (short) 16, scratchPad, (short) 0, - (short) 8); + (short) 8); } else { break; } @@ -189,43 +195,43 @@ public static short convertToDate(short time, byte[] scratchPad, // divide the given time with one day msec count if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, oneDayMsec, (short) 0, - (short) 8) >= 0) { + (short) 8) >= 0) { Util.arrayCopyNonAtomic(oneDayMsec, (short) 0, scratchPad, (short) 8, - (short) 8); + (short) 8); dayCount = divide(scratchPad, (short) 0, (short) 8, (short) 16); dayCount++; Util.arrayCopyNonAtomic(scratchPad, (short) 16, scratchPad, (short) 0, - (short) 8); + (short) 8); } // divide the given time with one hour msec count if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, oneHourMsec, (short) 0, - (short) 8) >= 0) { + (short) 8) >= 0) { Util.arrayCopyNonAtomic(oneHourMsec, (short) 0, scratchPad, (short) 8, - (short) 8); + (short) 8); hhCount = divide(scratchPad, (short) 0, (short) 8, (short) 16); Util.arrayCopyNonAtomic(scratchPad, (short) 16, scratchPad, (short) 0, - (short) 8); + (short) 8); } // divide the given time with one minute msec count if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, oneMinMsec, (short) 0, - (short) 8) >= 0) { + (short) 8) >= 0) { Util.arrayCopyNonAtomic(oneMinMsec, (short) 0, scratchPad, (short) 8, - (short) 8); + (short) 8); mmCount = divide(scratchPad, (short) 0, (short) 8, (short) 16); Util.arrayCopyNonAtomic(scratchPad, (short) 16, scratchPad, (short) 0, - (short) 8); + (short) 8); } // divide the given time with one second msec count if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, oneSecMsec, (short) 0, - (short) 8) >= 0) { + (short) 8) >= 0) { Util.arrayCopyNonAtomic(oneSecMsec, (short) 0, scratchPad, (short) 8, - (short) 8); + (short) 8); ssCount = divide(scratchPad, (short) 0, (short) 8, (short) 16); Util.arrayCopyNonAtomic(scratchPad, (short) 16, scratchPad, (short) 0, - (short) 8); + (short) 8); } // Now convert to ascii string YYMMDDhhmmssZ or YYYYMMDDhhmmssZ @@ -238,19 +244,21 @@ public static short convertToDate(short time, byte[] scratchPad, len += numberToString(ssCount, scratchPad, len); scratchPad[len] = Z; len++; - if (utcFlag) + if (utcFlag) { return KMByteBlob.instance(scratchPad, (short) 2, (short) (len - 2)); // YY - else + } else { return KMByteBlob.instance(scratchPad, (short) 0, len); // YYYY + } } public static short numberToString(short number, byte[] scratchPad, - short offset) { + short offset) { byte zero = 0x30; byte len = 2; byte digit; - if (number > 999) + if (number > 999) { len = 4; + } byte index = len; while (index > 0) { digit = (byte) (number % 10); @@ -265,7 +273,7 @@ public static short numberToString(short number, byte[] scratchPad, // i.e. dividend - quotient*divisor = remainder where remainder < divisor. // so this is division by subtraction until remainder remains. public static short divide(byte[] buf, short dividend, short divisor, - short remainder) { + short remainder) { short expCnt = 1; short q = 0; // first increase divisor so that it becomes greater then dividend. @@ -303,10 +311,11 @@ public static void shiftLeft(byte[] buf, short start) { tmp = buf[(short) (start + index)]; buf[(short) (start + index)] = (byte) (buf[(short) (start + index)] << 1); buf[(short) (start + index)] = (byte) (buf[(short) (start + index)] + carry); - if (tmp < 0) + if (tmp < 0) { carry = 1; - else + } else { carry = 0; + } index--; } } @@ -320,10 +329,11 @@ public static void shiftRight(byte[] buf, short start) { buf[(short) (start + index)] = (byte) (buf[(short) (start + index)] >> 1); buf[(short) (start + index)] = (byte) (buf[(short) (start + index)] & 0x7F); buf[(short) (start + index)] = (byte) (buf[(short) (start + index)] | carry); - if (tmp == 1) + if (tmp == 1) { carry = (byte) 0x80; - else + } else { carry = 0; + } index++; } } @@ -335,8 +345,9 @@ public static void add(byte[] buf, short op1, short op2, short result) { while (index >= 0) { tmp = (short) (buf[(short) (op1 + index)] + buf[(short) (op2 + index)] + carry); carry = 0; - if (tmp > 255) + if (tmp > 255) { carry = 1; // max unsigned byte value is 255 + } buf[(short) (result + index)] = (byte) (tmp & (byte) 0xFF); index--; } @@ -362,25 +373,25 @@ public static void subtract(byte[] buf, short op1, short op2, short result) { index--; } } - + public static short countTemporalCount(byte[] bufTime, short timeOff, - short timeLen, byte[] scratchPad, short offset) { + short timeLen, byte[] scratchPad, short offset) { Util.arrayFillNonAtomic(scratchPad, (short) offset, (short) 24, (byte) 0); Util.arrayCopyNonAtomic( - bufTime, - timeOff, - scratchPad, - (short) (offset + 8 - timeLen), - timeLen); + bufTime, + timeOff, + scratchPad, + (short) (offset + 8 - timeLen), + timeLen); Util.arrayCopyNonAtomic(oneMonthMsec, (short) 0, scratchPad, (short) (offset + 8), - (short) 8); + (short) 8); return divide(scratchPad, (short) 0, (short) 8, (short) 16); } public static boolean isLeapYear(short year) { - if ((short)(year%4) == (short) 0) { - if (((short)(year % 100) == (short) 0) && - ((short) (year % 400)) != (short) 0) { + if ((short) (year % 4) == (short) 0) { + if (((short) (year % 100) == (short) 0) && + ((short) (year % 400)) != (short) 0) { return false; } return true; @@ -390,8 +401,8 @@ public static boolean isLeapYear(short year) { public static short getLeapYrIndex(boolean from2020, short yrsCount) { short newBaseYr = (short) (from2020 ? (year2020 + yrsCount) : (year2051 + yrsCount)); - for(short i = 0; i < 4; i++) { - if(isLeapYear((short)(newBaseYr + i))) { + for (short i = 0; i < 4; i++) { + if (isLeapYear((short) (newBaseYr + i))) { return i; } } diff --git a/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java b/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java index 3e0653eb..2a17d5fa 100644 --- a/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java +++ b/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java @@ -82,6 +82,7 @@ import org.junit.Test; public class KMFunctionalTest { + private static final byte INS_BEGIN_KM_CMD = 0x00; private static final byte INS_PROVISION_ATTESTATION_KEY_CMD = INS_BEGIN_KM_CMD + 1; //0x01 private static final byte INS_PROVISION_ATTESTATION_CERT_CHAIN_CMD = INS_BEGIN_KM_CMD + 2; //0x02 @@ -118,314 +119,314 @@ public class KMFunctionalTest { private static final byte INS_GET_CERT_CHAIN_CMD = INS_END_KM_PROVISION_CMD + 22; //0x36 private static final byte[] kEcPrivKey = { - (byte) 0x21, (byte) 0xe0, (byte) 0x86, (byte) 0x43, (byte) 0x2a, - (byte) 0x15, (byte) 0x19, (byte) 0x84, (byte) 0x59, (byte) 0xcf, - (byte) 0x36, (byte) 0x3a, (byte) 0x50, (byte) 0xfc, (byte) 0x14, - (byte) 0xc9, (byte) 0xda, (byte) 0xad, (byte) 0xf9, (byte) 0x35, - (byte) 0xf5, (byte) 0x27, (byte) 0xc2, (byte) 0xdf, (byte) 0xd7, - (byte) 0x1e, (byte) 0x4d, (byte) 0x6d, (byte) 0xbc, (byte) 0x42, - (byte) 0xe5, (byte) 0x44 }; + (byte) 0x21, (byte) 0xe0, (byte) 0x86, (byte) 0x43, (byte) 0x2a, + (byte) 0x15, (byte) 0x19, (byte) 0x84, (byte) 0x59, (byte) 0xcf, + (byte) 0x36, (byte) 0x3a, (byte) 0x50, (byte) 0xfc, (byte) 0x14, + (byte) 0xc9, (byte) 0xda, (byte) 0xad, (byte) 0xf9, (byte) 0x35, + (byte) 0xf5, (byte) 0x27, (byte) 0xc2, (byte) 0xdf, (byte) 0xd7, + (byte) 0x1e, (byte) 0x4d, (byte) 0x6d, (byte) 0xbc, (byte) 0x42, + (byte) 0xe5, (byte) 0x44}; private static final byte[] kEcPubKey = { - (byte) 0x04, (byte) 0xeb, (byte) 0x9e, (byte) 0x79, (byte) 0xf8, - (byte) 0x42, (byte) 0x63, (byte) 0x59, (byte) 0xac, (byte) 0xcb, - (byte) 0x2a, (byte) 0x91, (byte) 0x4c, (byte) 0x89, (byte) 0x86, - (byte) 0xcc, (byte) 0x70, (byte) 0xad, (byte) 0x90, (byte) 0x66, - (byte) 0x93, (byte) 0x82, (byte) 0xa9, (byte) 0x73, (byte) 0x26, - (byte) 0x13, (byte) 0xfe, (byte) 0xac, (byte) 0xcb, (byte) 0xf8, - (byte) 0x21, (byte) 0x27, (byte) 0x4c, (byte) 0x21, (byte) 0x74, - (byte) 0x97, (byte) 0x4a, (byte) 0x2a, (byte) 0xfe, (byte) 0xa5, - (byte) 0xb9, (byte) 0x4d, (byte) 0x7f, (byte) 0x66, (byte) 0xd4, - (byte) 0xe0, (byte) 0x65, (byte) 0x10, (byte) 0x66, (byte) 0x35, - (byte) 0xbc, (byte) 0x53, (byte) 0xb7, (byte) 0xa0, (byte) 0xa3, - (byte) 0xa6, (byte) 0x71, (byte) 0x58, (byte) 0x3e, (byte) 0xdb, - (byte) 0x3e, (byte) 0x11, (byte) 0xae, (byte) 0x10, (byte) 0x14 }; + (byte) 0x04, (byte) 0xeb, (byte) 0x9e, (byte) 0x79, (byte) 0xf8, + (byte) 0x42, (byte) 0x63, (byte) 0x59, (byte) 0xac, (byte) 0xcb, + (byte) 0x2a, (byte) 0x91, (byte) 0x4c, (byte) 0x89, (byte) 0x86, + (byte) 0xcc, (byte) 0x70, (byte) 0xad, (byte) 0x90, (byte) 0x66, + (byte) 0x93, (byte) 0x82, (byte) 0xa9, (byte) 0x73, (byte) 0x26, + (byte) 0x13, (byte) 0xfe, (byte) 0xac, (byte) 0xcb, (byte) 0xf8, + (byte) 0x21, (byte) 0x27, (byte) 0x4c, (byte) 0x21, (byte) 0x74, + (byte) 0x97, (byte) 0x4a, (byte) 0x2a, (byte) 0xfe, (byte) 0xa5, + (byte) 0xb9, (byte) 0x4d, (byte) 0x7f, (byte) 0x66, (byte) 0xd4, + (byte) 0xe0, (byte) 0x65, (byte) 0x10, (byte) 0x66, (byte) 0x35, + (byte) 0xbc, (byte) 0x53, (byte) 0xb7, (byte) 0xa0, (byte) 0xa3, + (byte) 0xa6, (byte) 0x71, (byte) 0x58, (byte) 0x3e, (byte) 0xdb, + (byte) 0x3e, (byte) 0x11, (byte) 0xae, (byte) 0x10, (byte) 0x14}; private static final byte[] kEcAttestCert = { - 0x30, (byte) 0x82, (byte) 0x02, (byte) 0x78, (byte) 0x30, (byte) 0x82, - (byte) 0x02, (byte) 0x1e, (byte) 0xa0, (byte) 0x03, (byte) 0x02, - (byte) 0x01, (byte) 0x02, (byte) 0x02, (byte) 0x02, (byte) 0x10, 0x01, - (byte) 0x30, (byte) 0x0a, (byte) 0x06, (byte) 0x08, (byte) 0x2a, - (byte) 0x86, (byte) 0x48, (byte) 0xce, (byte) 0x3d, (byte) 0x04, - (byte) 0x03, (byte) 0x02, (byte) 0x30, (byte) 0x81, (byte) 0x98, 0x31, - (byte) 0x0b, (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, - (byte) 0x55, (byte) 0x04, (byte) 0x06, (byte) 0x13, (byte) 0x02, - (byte) 0x55, (byte) 0x53, (byte) 0x31, (byte) 0x13, (byte) 0x30, 0x11, - (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x08, - (byte) 0x0c, (byte) 0x0a, (byte) 0x43, (byte) 0x61, (byte) 0x6c, - (byte) 0x69, (byte) 0x66, (byte) 0x6f, (byte) 0x72, (byte) 0x6e, 0x69, - (byte) 0x61, (byte) 0x31, (byte) 0x16, (byte) 0x30, (byte) 0x14, - (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x07, - (byte) 0x0c, (byte) 0x0d, (byte) 0x4d, (byte) 0x6f, (byte) 0x75, 0x6e, - (byte) 0x74, (byte) 0x61, (byte) 0x69, (byte) 0x6e, (byte) 0x20, - (byte) 0x56, (byte) 0x69, (byte) 0x65, (byte) 0x77, (byte) 0x31, - (byte) 0x15, (byte) 0x30, (byte) 0x13, (byte) 0x06, (byte) 0x03, 0x55, - (byte) 0x04, (byte) 0x0a, (byte) 0x0c, (byte) 0x0c, (byte) 0x47, - (byte) 0x6f, (byte) 0x6f, (byte) 0x67, (byte) 0x6c, (byte) 0x65, - (byte) 0x2c, (byte) 0x20, (byte) 0x49, (byte) 0x6e, (byte) 0x63, 0x2e, - (byte) 0x31, (byte) 0x10, (byte) 0x30, (byte) 0x0e, (byte) 0x06, - (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x0b, (byte) 0x0c, - (byte) 0x07, (byte) 0x41, (byte) 0x6e, (byte) 0x64, (byte) 0x72, 0x6f, - (byte) 0x69, (byte) 0x64, (byte) 0x31, (byte) 0x33, (byte) 0x30, - (byte) 0x31, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, - (byte) 0x03, (byte) 0x0c, (byte) 0x2a, (byte) 0x41, (byte) 0x6e, 0x64, - (byte) 0x72, (byte) 0x6f, (byte) 0x69, (byte) 0x64, (byte) 0x20, - (byte) 0x4b, (byte) 0x65, (byte) 0x79, (byte) 0x73, (byte) 0x74, - (byte) 0x6f, (byte) 0x72, (byte) 0x65, (byte) 0x20, (byte) 0x53, 0x6f, - (byte) 0x66, (byte) 0x74, (byte) 0x77, (byte) 0x61, (byte) 0x72, - (byte) 0x65, (byte) 0x20, (byte) 0x41, (byte) 0x74, (byte) 0x74, - (byte) 0x65, (byte) 0x73, (byte) 0x74, (byte) 0x61, (byte) 0x74, 0x69, - (byte) 0x6f, (byte) 0x6e, (byte) 0x20, (byte) 0x52, (byte) 0x6f, - (byte) 0x6f, (byte) 0x74, (byte) 0x30, (byte) 0x1e, (byte) 0x17, - (byte) 0x0d, (byte) 0x31, (byte) 0x36, (byte) 0x30, (byte) 0x31, 0x31, - (byte) 0x31, (byte) 0x30, (byte) 0x30, (byte) 0x34, (byte) 0x36, - (byte) 0x30, (byte) 0x39, (byte) 0x5a, (byte) 0x17, (byte) 0x0d, - (byte) 0x32, (byte) 0x36, (byte) 0x30, (byte) 0x31, (byte) 0x30, 0x38, - (byte) 0x30, (byte) 0x30, (byte) 0x34, (byte) 0x36, (byte) 0x30, - (byte) 0x39, (byte) 0x5a, (byte) 0x30, (byte) 0x81, (byte) 0x88, - (byte) 0x31, (byte) 0x0b, (byte) 0x30, (byte) 0x09, (byte) 0x06, 0x03, - (byte) 0x55, (byte) 0x04, (byte) 0x06, (byte) 0x13, (byte) 0x02, - (byte) 0x55, (byte) 0x53, (byte) 0x31, (byte) 0x13, (byte) 0x30, - (byte) 0x11, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, 0x08, - (byte) 0x0c, (byte) 0x0a, (byte) 0x43, (byte) 0x61, (byte) 0x6c, - (byte) 0x69, (byte) 0x66, (byte) 0x6f, (byte) 0x72, (byte) 0x6e, - (byte) 0x69, (byte) 0x61, (byte) 0x31, (byte) 0x15, (byte) 0x30, 0x13, - (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x0a, - (byte) 0x0c, (byte) 0x0c, (byte) 0x47, (byte) 0x6f, (byte) 0x6f, - (byte) 0x67, (byte) 0x6c, (byte) 0x65, (byte) 0x2c, (byte) 0x20, 0x49, - (byte) 0x6e, (byte) 0x63, (byte) 0x2e, (byte) 0x31, (byte) 0x10, - (byte) 0x30, (byte) 0x0e, (byte) 0x06, (byte) 0x03, (byte) 0x55, - (byte) 0x04, (byte) 0x0b, (byte) 0x0c, (byte) 0x07, (byte) 0x41, 0x6e, - (byte) 0x64, (byte) 0x72, (byte) 0x6f, (byte) 0x69, (byte) 0x64, - (byte) 0x31, (byte) 0x3b, (byte) 0x30, (byte) 0x39, (byte) 0x06, - (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x03, (byte) 0x0c, 0x32, - (byte) 0x41, (byte) 0x6e, (byte) 0x64, (byte) 0x72, (byte) 0x6f, - (byte) 0x69, (byte) 0x64, (byte) 0x20, (byte) 0x4b, (byte) 0x65, - (byte) 0x79, (byte) 0x73, (byte) 0x74, (byte) 0x6f, (byte) 0x72, 0x65, - (byte) 0x20, (byte) 0x53, (byte) 0x6f, (byte) 0x66, (byte) 0x74, - (byte) 0x77, (byte) 0x61, (byte) 0x72, (byte) 0x65, (byte) 0x20, - (byte) 0x41, (byte) 0x74, (byte) 0x74, (byte) 0x65, (byte) 0x73, 0x74, - (byte) 0x61, (byte) 0x74, (byte) 0x69, (byte) 0x6f, (byte) 0x6e, - (byte) 0x20, (byte) 0x49, (byte) 0x6e, (byte) 0x74, (byte) 0x65, - (byte) 0x72, (byte) 0x6d, (byte) 0x65, (byte) 0x64, (byte) 0x69, 0x61, - (byte) 0x74, (byte) 0x65, (byte) 0x30, (byte) 0x59, (byte) 0x30, - (byte) 0x13, (byte) 0x06, (byte) 0x07, (byte) 0x2a, (byte) 0x86, - (byte) 0x48, (byte) 0xce, (byte) 0x3d, (byte) 0x02, (byte) 0x01, 0x06, - (byte) 0x08, (byte) 0x2a, (byte) 0x86, (byte) 0x48, (byte) 0xce, - (byte) 0x3d, (byte) 0x03, (byte) 0x01, (byte) 0x07, (byte) 0x03, - (byte) 0x42, (byte) 0x00, (byte) 0x04, (byte) 0xeb, (byte) 0x9e, 0x79, - (byte) 0xf8, (byte) 0x42, (byte) 0x63, (byte) 0x59, (byte) 0xac, - (byte) 0xcb, (byte) 0x2a, (byte) 0x91, (byte) 0x4c, (byte) 0x89, - (byte) 0x86, (byte) 0xcc, (byte) 0x70, (byte) 0xad, (byte) 0x90, 0x66, - (byte) 0x93, (byte) 0x82, (byte) 0xa9, (byte) 0x73, (byte) 0x26, - (byte) 0x13, (byte) 0xfe, (byte) 0xac, (byte) 0xcb, (byte) 0xf8, - (byte) 0x21, (byte) 0x27, (byte) 0x4c, (byte) 0x21, (byte) 0x74, - (byte) 0x97, (byte) 0x4a, (byte) 0x2a, (byte) 0xfe, (byte) 0xa5, - (byte) 0xb9, (byte) 0x4d, (byte) 0x7f, (byte) 0x66, (byte) 0xd4, - (byte) 0xe0, (byte) 0x65, (byte) 0x10, (byte) 0x66, (byte) 0x35, - (byte) 0xbc, 0x53, (byte) 0xb7, (byte) 0xa0, (byte) 0xa3, (byte) 0xa6, - (byte) 0x71, (byte) 0x58, (byte) 0x3e, (byte) 0xdb, (byte) 0x3e, - (byte) 0x11, (byte) 0xae, (byte) 0x10, (byte) 0x14, (byte) 0xa3, - (byte) 0x66, 0x30, (byte) 0x64, (byte) 0x30, (byte) 0x1d, (byte) 0x06, - (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x0e, (byte) 0x04, - (byte) 0x16, (byte) 0x04, (byte) 0x14, (byte) 0x3f, (byte) 0xfc, - (byte) 0xac, (byte) 0xd6, (byte) 0x1a, (byte) 0xb1, (byte) 0x3a, - (byte) 0x9e, (byte) 0x81, (byte) 0x20, (byte) 0xb8, (byte) 0xd5, - (byte) 0x25, (byte) 0x1c, (byte) 0xc5, (byte) 0x65, (byte) 0xbb, - (byte) 0x1e, (byte) 0x91, (byte) 0xa9, (byte) 0x30, (byte) 0x1f, - (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x23, - (byte) 0x04, (byte) 0x18, (byte) 0x30, (byte) 0x16, (byte) 0x80, - (byte) 0x14, (byte) 0xc8, (byte) 0xad, (byte) 0xe9, (byte) 0x77, - (byte) 0x4c, (byte) 0x45, (byte) 0xc3, (byte) 0xa3, (byte) 0xcf, - (byte) 0x0d, (byte) 0x16, (byte) 0x10, (byte) 0xe4, (byte) 0x79, - (byte) 0x43, (byte) 0x3a, (byte) 0x21, (byte) 0x5a, 0x30, (byte) 0xcf, - (byte) 0x30, (byte) 0x12, (byte) 0x06, (byte) 0x03, (byte) 0x55, - (byte) 0x1d, (byte) 0x13, (byte) 0x01, (byte) 0x01, (byte) 0xff, - (byte) 0x04, (byte) 0x08, (byte) 0x30, (byte) 0x06, 0x01, (byte) 0x01, - (byte) 0xff, (byte) 0x02, (byte) 0x01, (byte) 0x00, (byte) 0x30, - (byte) 0x0e, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, - (byte) 0x0f, (byte) 0x01, (byte) 0x01, (byte) 0xff, 0x04, (byte) 0x04, - (byte) 0x03, (byte) 0x02, (byte) 0x02, (byte) 0x84, (byte) 0x30, - (byte) 0x0a, (byte) 0x06, (byte) 0x08, (byte) 0x2a, (byte) 0x86, - (byte) 0x48, (byte) 0xce, (byte) 0x3d, (byte) 0x04, 0x03, (byte) 0x02, - (byte) 0x03, (byte) 0x48, (byte) 0x00, (byte) 0x30, (byte) 0x45, - (byte) 0x02, (byte) 0x20, (byte) 0x4b, (byte) 0x8a, (byte) 0x9b, - (byte) 0x7b, (byte) 0xee, (byte) 0x82, (byte) 0xbc, (byte) 0xc0, - (byte) 0x33, (byte) 0x87, (byte) 0xae, (byte) 0x2f, (byte) 0xc0, - (byte) 0x89, (byte) 0x98, (byte) 0xb4, (byte) 0xdd, (byte) 0xc3, - (byte) 0x8d, (byte) 0xab, (byte) 0x27, (byte) 0x2a, (byte) 0x45, - (byte) 0x9f, (byte) 0x69, (byte) 0x0c, (byte) 0xc7, (byte) 0xc3, - (byte) 0x92, (byte) 0xd4, (byte) 0x0f, (byte) 0x8e, (byte) 0x02, - (byte) 0x21, (byte) 0x00, (byte) 0xee, (byte) 0xda, (byte) 0x01, - (byte) 0x5d, (byte) 0xb6, (byte) 0xf4, (byte) 0x32, (byte) 0xe9, - (byte) 0xd4, (byte) 0x84, (byte) 0x3b, (byte) 0x62, (byte) 0x4c, - (byte) 0x94, (byte) 0x04, (byte) 0xef, (byte) 0x3a, (byte) 0x7c, - (byte) 0xcc, (byte) 0xbd, 0x5e, (byte) 0xfb, (byte) 0x22, (byte) 0xbb, - (byte) 0xe7, (byte) 0xfe, (byte) 0xb9, (byte) 0x77, (byte) 0x3f, - (byte) 0x59, (byte) 0x3f, (byte) 0xfb, }; - - private static final byte[] kEcAttestRootCert = { - 0x30, (byte) 0x82, (byte) 0x02, (byte) 0x8b, (byte) 0x30, - (byte) 0x82, (byte) 0x02, (byte) 0x32, (byte) 0xa0, (byte) 0x03, - (byte) 0x02, (byte) 0x01, (byte) 0x02, (byte) 0x02, (byte) 0x09, - (byte) 0x00, (byte) 0xa2, (byte) 0x05, (byte) 0x9e, (byte) 0xd1, - (byte) 0x0e, (byte) 0x43, (byte) 0x5b, (byte) 0x57, (byte) 0x30, - (byte) 0x0a, (byte) 0x06, (byte) 0x08, (byte) 0x2a, (byte) 0x86, - (byte) 0x48, (byte) 0xce, 0x3d, (byte) 0x04, (byte) 0x03, - (byte) 0x02, (byte) 0x30, (byte) 0x81, (byte) 0x98, (byte) 0x31, - (byte) 0x0b, (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, - (byte) 0x55, (byte) 0x04, (byte) 0x06, 0x13, (byte) 0x02, - (byte) 0x55, (byte) 0x53, (byte) 0x31, (byte) 0x13, (byte) 0x30, - (byte) 0x11, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, - (byte) 0x08, (byte) 0x0c, (byte) 0x0a, (byte) 0x43, 0x61, - (byte) 0x6c, (byte) 0x69, (byte) 0x66, (byte) 0x6f, (byte) 0x72, - (byte) 0x6e, (byte) 0x69, (byte) 0x61, (byte) 0x31, (byte) 0x16, - (byte) 0x30, (byte) 0x14, (byte) 0x06, (byte) 0x03, (byte) 0x55, - 0x04, (byte) 0x07, (byte) 0x0c, (byte) 0x0d, (byte) 0x4d, - (byte) 0x6f, (byte) 0x75, (byte) 0x6e, (byte) 0x74, (byte) 0x61, - (byte) 0x69, (byte) 0x6e, (byte) 0x20, (byte) 0x56, (byte) 0x69, - (byte) 0x65, 0x77, (byte) 0x31, (byte) 0x15, (byte) 0x30, - (byte) 0x13, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, - (byte) 0x0a, (byte) 0x0c, (byte) 0x0c, (byte) 0x47, (byte) 0x6f, - (byte) 0x6f, (byte) 0x67, 0x6c, (byte) 0x65, (byte) 0x2c, - (byte) 0x20, (byte) 0x49, (byte) 0x6e, (byte) 0x63, (byte) 0x2e, - (byte) 0x31, (byte) 0x10, (byte) 0x30, (byte) 0x0e, (byte) 0x06, - (byte) 0x03, (byte) 0x55, (byte) 0x04, 0x0b, (byte) 0x0c, - (byte) 0x07, (byte) 0x41, (byte) 0x6e, (byte) 0x64, (byte) 0x72, - (byte) 0x6f, (byte) 0x69, (byte) 0x64, (byte) 0x31, (byte) 0x33, - (byte) 0x30, (byte) 0x31, (byte) 0x06, (byte) 0x03, 0x55, - (byte) 0x04, (byte) 0x03, (byte) 0x0c, (byte) 0x2a, (byte) 0x41, - (byte) 0x6e, (byte) 0x64, (byte) 0x72, (byte) 0x6f, (byte) 0x69, - (byte) 0x64, (byte) 0x20, (byte) 0x4b, (byte) 0x65, (byte) 0x79, - 0x73, (byte) 0x74, (byte) 0x6f, (byte) 0x72, (byte) 0x65, - (byte) 0x20, (byte) 0x53, (byte) 0x6f, (byte) 0x66, (byte) 0x74, - (byte) 0x77, (byte) 0x61, (byte) 0x72, (byte) 0x65, (byte) 0x20, - (byte) 0x41, 0x74, (byte) 0x74, (byte) 0x65, (byte) 0x73, - (byte) 0x74, (byte) 0x61, (byte) 0x74, (byte) 0x69, (byte) 0x6f, - (byte) 0x6e, (byte) 0x20, (byte) 0x52, (byte) 0x6f, (byte) 0x6f, - (byte) 0x74, (byte) 0x30, 0x1e, (byte) 0x17, (byte) 0x0d, - (byte) 0x31, (byte) 0x36, (byte) 0x30, (byte) 0x31, (byte) 0x31, - (byte) 0x31, (byte) 0x30, (byte) 0x30, (byte) 0x34, (byte) 0x33, - (byte) 0x35, (byte) 0x30, (byte) 0x5a, 0x17, (byte) 0x0d, - (byte) 0x33, (byte) 0x36, (byte) 0x30, (byte) 0x31, (byte) 0x30, - (byte) 0x36, (byte) 0x30, (byte) 0x30, (byte) 0x34, (byte) 0x33, - (byte) 0x35, (byte) 0x30, (byte) 0x5a, (byte) 0x30, (byte) 0x81, - (byte) 0x98, (byte) 0x31, (byte) 0x0b, (byte) 0x30, (byte) 0x09, - (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x06, - (byte) 0x13, (byte) 0x02, (byte) 0x55, (byte) 0x53, (byte) 0x31, - 0x13, (byte) 0x30, (byte) 0x11, (byte) 0x06, (byte) 0x03, - (byte) 0x55, (byte) 0x04, (byte) 0x08, (byte) 0x0c, (byte) 0x0a, - (byte) 0x43, (byte) 0x61, (byte) 0x6c, (byte) 0x69, (byte) 0x66, - (byte) 0x6f, 0x72, (byte) 0x6e, (byte) 0x69, (byte) 0x61, - (byte) 0x31, (byte) 0x16, (byte) 0x30, (byte) 0x14, (byte) 0x06, - (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x07, (byte) 0x0c, - (byte) 0x0d, (byte) 0x4d, 0x6f, (byte) 0x75, (byte) 0x6e, - (byte) 0x74, (byte) 0x61, (byte) 0x69, (byte) 0x6e, (byte) 0x20, - (byte) 0x56, (byte) 0x69, (byte) 0x65, (byte) 0x77, (byte) 0x31, - (byte) 0x15, (byte) 0x30, (byte) 0x13, 0x06, (byte) 0x03, - (byte) 0x55, (byte) 0x04, (byte) 0x0a, (byte) 0x0c, (byte) 0x0c, - (byte) 0x47, (byte) 0x6f, (byte) 0x6f, (byte) 0x67, (byte) 0x6c, - (byte) 0x65, (byte) 0x2c, (byte) 0x20, (byte) 0x49, 0x6e, - (byte) 0x63, (byte) 0x2e, (byte) 0x31, (byte) 0x10, (byte) 0x30, - (byte) 0x0e, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, - (byte) 0x0b, (byte) 0x0c, (byte) 0x07, (byte) 0x41, (byte) 0x6e, - 0x64, (byte) 0x72, (byte) 0x6f, (byte) 0x69, (byte) 0x64, - (byte) 0x31, (byte) 0x33, (byte) 0x30, (byte) 0x31, (byte) 0x06, - (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x03, (byte) 0x0c, - (byte) 0x2a, 0x41, (byte) 0x6e, (byte) 0x64, (byte) 0x72, - (byte) 0x6f, (byte) 0x69, (byte) 0x64, (byte) 0x20, (byte) 0x4b, - (byte) 0x65, (byte) 0x79, (byte) 0x73, (byte) 0x74, (byte) 0x6f, - (byte) 0x72, (byte) 0x65, 0x20, (byte) 0x53, (byte) 0x6f, - (byte) 0x66, (byte) 0x74, (byte) 0x77, (byte) 0x61, (byte) 0x72, - (byte) 0x65, (byte) 0x20, (byte) 0x41, (byte) 0x74, (byte) 0x74, - (byte) 0x65, (byte) 0x73, (byte) 0x74, 0x61, (byte) 0x74, - (byte) 0x69, (byte) 0x6f, (byte) 0x6e, 0x77, (byte) 0x1f, - (byte) 0x44, (byte) 0x22, (byte) 0x6d, (byte) 0xbd, (byte) 0xb1, - (byte) 0xaf, (byte) 0xfa, (byte) 0x16, (byte) 0xcb, (byte) 0xc7, - (byte) 0xad, (byte) 0xc5, (byte) 0x77, (byte) 0xd2, (byte) 0x20, - (byte) 0x52, (byte) 0x6f, (byte) 0x6f, (byte) 0x74, (byte) 0x30, - (byte) 0x59, (byte) 0x30, (byte) 0x13, (byte) 0x06, (byte) 0x07, - 0x2a, (byte) 0x86, (byte) 0x48, (byte) 0xce, (byte) 0x3d, - (byte) 0x02, (byte) 0x01, (byte) 0x06, (byte) 0x08, (byte) 0x2a, - (byte) 0x86, (byte) 0x48, (byte) 0xce, (byte) 0x3d, (byte) 0x03, - (byte) 0x01, 0x07, (byte) 0x03, (byte) 0x42, (byte) 0x00, - (byte) 0x04, (byte) 0xee, (byte) 0x5d, (byte) 0x5e, (byte) 0xc7, - (byte) 0xe1, (byte) 0xc0, (byte) 0xdb, (byte) 0x6d, (byte) 0x03, - (byte) 0xa6, (byte) 0x7e, (byte) 0xe6, (byte) 0xb6, (byte) 0x1b, - (byte) 0xec, (byte) 0x4d, (byte) 0x6a, (byte) 0x5d, (byte) 0x6a, - (byte) 0x68, (byte) 0x2e, (byte) 0x0f, (byte) 0xff, (byte) 0x7f, - (byte) 0x49, (byte) 0x0e, (byte) 0x7d, 0x56, (byte) 0x9c, - (byte) 0xaa, (byte) 0xb7, (byte) 0xb0, (byte) 0x2d, (byte) 0x54, - (byte) 0x01, (byte) 0x5d, (byte) 0x3e, (byte) 0x43, (byte) 0x2b, - (byte) 0x2a, (byte) 0x8e, (byte) 0xd7, (byte) 0x4e, (byte) 0xec, - (byte) 0x48, (byte) 0x75, (byte) 0x41, (byte) 0xa4, (byte) 0xa3, - (byte) 0x63, (byte) 0x30, (byte) 0x61, (byte) 0x30, (byte) 0x1d, - (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x0e, - 0x04, (byte) 0x16, (byte) 0x04, (byte) 0x14, (byte) 0xc8, - (byte) 0xad, (byte) 0xe9, (byte) 0x77, (byte) 0x4c, (byte) 0x45, - (byte) 0xc3, (byte) 0xa3, (byte) 0xcf, (byte) 0x0d, (byte) 0x16, - (byte) 0x10, (byte) 0xe4, (byte) 0x79, (byte) 0x43, (byte) 0x3a, - (byte) 0x21, (byte) 0x5a, (byte) 0x30, (byte) 0xcf, (byte) 0x30, - (byte) 0x1f, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, - (byte) 0x23, (byte) 0x04, 0x18, (byte) 0x30, (byte) 0x16, - (byte) 0x80, (byte) 0x14, (byte) 0xc8, (byte) 0xad, (byte) 0xe9, - (byte) 0x77, (byte) 0x4c, (byte) 0x45, (byte) 0xc3, (byte) 0xa3, - (byte) 0xcf, (byte) 0x0d, (byte) 0x16, 0x10, (byte) 0xe4, - (byte) 0x79, (byte) 0x43, (byte) 0x3a, (byte) 0x21, (byte) 0x5a, - (byte) 0x30, (byte) 0xcf, (byte) 0x30, (byte) 0x0f, (byte) 0x06, - (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x13, 0x01, - (byte) 0x01, (byte) 0xff, (byte) 0x04, (byte) 0x05, (byte) 0x30, - (byte) 0x03, (byte) 0x01, (byte) 0x01, (byte) 0xff, (byte) 0x30, - (byte) 0x0e, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, - 0x0f, (byte) 0x01, (byte) 0x01, (byte) 0xff, (byte) 0x04, - (byte) 0x04, (byte) 0x03, (byte) 0x02, (byte) 0x02, (byte) 0x84, - (byte) 0x30, (byte) 0x0a, (byte) 0x06, (byte) 0x08, (byte) 0x2a, - (byte) 0x86, 0x48, (byte) 0xce, (byte) 0x3d, (byte) 0x04, - (byte) 0x03, (byte) 0x02, (byte) 0x03, (byte) 0x47, (byte) 0x00, - (byte) 0x30, (byte) 0x44, (byte) 0x02, (byte) 0x20, (byte) 0x35, - (byte) 0x21, (byte) 0xa3, (byte) 0xef, (byte) 0x8b, (byte) 0x34, - (byte) 0x46, (byte) 0x1e, (byte) 0x9c, (byte) 0xd5, (byte) 0x60, - (byte) 0xf3, (byte) 0x1d, (byte) 0x58, (byte) 0x89, (byte) 0x20, - (byte) 0x6a, (byte) 0xdc, (byte) 0xa3, 0x65, (byte) 0x41, - (byte) 0xf6, (byte) 0x0d, (byte) 0x9e, (byte) 0xce, (byte) 0x8a, - (byte) 0x19, (byte) 0x8c, (byte) 0x66, (byte) 0x48, (byte) 0x60, - (byte) 0x7b, (byte) 0x02, (byte) 0x20, (byte) 0x4d, 0x0b, - (byte) 0xf3, (byte) 0x51, (byte) 0xd9, (byte) 0x30, (byte) 0x7c, - (byte) 0x7d, (byte) 0x5b, (byte) 0xda, (byte) 0x35, (byte) 0x34, - (byte) 0x1d, (byte) 0xa8, (byte) 0x47, (byte) 0x1b, (byte) 0x63, - (byte) 0xa5, (byte) 0x85, (byte) 0x65, (byte) 0x3c, (byte) 0xad, - (byte) 0x4f, (byte) 0x24, (byte) 0xa7, (byte) 0xe7, (byte) 0x4d, - (byte) 0xaf, (byte) 0x41, (byte) 0x7d, (byte) 0xf1, - (byte) 0xbf, }; - - private static final byte[] X509Issuer = { - (byte) 0x30, (byte) 0x81, (byte) 0x88, (byte) 0x31, (byte) 0x0b, - (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, - (byte) 0x04, (byte) 0x06, (byte) 0x13, (byte) 0x02, (byte) 0x55, - (byte) 0x53, (byte) 0x31, (byte) 0x13, (byte) 0x30, (byte) 0x11, - (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x08, - (byte) 0x0c, (byte) 0x0a, (byte) 0x43, (byte) 0x61, (byte) 0x6c, - (byte) 0x69, (byte) 0x66, (byte) 0x6f, (byte) 0x72, (byte) 0x6e, - (byte) 0x69, (byte) 0x61, (byte) 0x31, (byte) 0x15, (byte) 0x30, - (byte) 0x13, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, - (byte) 0x0a, (byte) 0x0c, (byte) 0x0c, (byte) 0x47, (byte) 0x6f, - (byte) 0x6f, (byte) 0x67, (byte) 0x6c, (byte) 0x65, (byte) 0x2c, - (byte) 0x20, (byte) 0x49, (byte) 0x6e, (byte) 0x63, (byte) 0x2e, - (byte) 0x31, (byte) 0x10, (byte) 0x30, (byte) 0x0e, (byte) 0x06, - (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x0b, (byte) 0x0c, - (byte) 0x07, (byte) 0x41, (byte) 0x6e, (byte) 0x64, (byte) 0x72, - (byte) 0x6f, (byte) 0x69, (byte) 0x64, (byte) 0x31, (byte) 0x3b, - (byte) 0x30, (byte) 0x39, (byte) 0x06, (byte) 0x03, (byte) 0x55, - (byte) 0x04, (byte) 0x03, (byte) 0x0c, (byte) 0x32, (byte) 0x41, - (byte) 0x6e, (byte) 0x64, (byte) 0x72, (byte) 0x6f, (byte) 0x69, - (byte) 0x64, (byte) 0x20, (byte) 0x4b, (byte) 0x65, (byte) 0x79, - (byte) 0x73, (byte) 0x74, (byte) 0x6f, (byte) 0x72, (byte) 0x65, - (byte) 0x20, (byte) 0x53, (byte) 0x6f, (byte) 0x66, (byte) 0x74, - (byte) 0x77, (byte) 0x61, (byte) 0x72, (byte) 0x65, (byte) 0x20, - (byte) 0x41, (byte) 0x74, (byte) 0x74, (byte) 0x65, (byte) 0x73, - (byte) 0x74, (byte) 0x61, (byte) 0x74, (byte) 0x69, (byte) 0x6f, - (byte) 0x6e, (byte) 0x20, (byte) 0x49, (byte) 0x6e, (byte) 0x74, - (byte) 0x65, (byte) 0x72, (byte) 0x6d, (byte) 0x65, (byte) 0x64, - (byte) 0x69, (byte) 0x61, (byte) 0x74, (byte) 0x65 }; + 0x30, (byte) 0x82, (byte) 0x02, (byte) 0x78, (byte) 0x30, (byte) 0x82, + (byte) 0x02, (byte) 0x1e, (byte) 0xa0, (byte) 0x03, (byte) 0x02, + (byte) 0x01, (byte) 0x02, (byte) 0x02, (byte) 0x02, (byte) 0x10, 0x01, + (byte) 0x30, (byte) 0x0a, (byte) 0x06, (byte) 0x08, (byte) 0x2a, + (byte) 0x86, (byte) 0x48, (byte) 0xce, (byte) 0x3d, (byte) 0x04, + (byte) 0x03, (byte) 0x02, (byte) 0x30, (byte) 0x81, (byte) 0x98, 0x31, + (byte) 0x0b, (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, + (byte) 0x55, (byte) 0x04, (byte) 0x06, (byte) 0x13, (byte) 0x02, + (byte) 0x55, (byte) 0x53, (byte) 0x31, (byte) 0x13, (byte) 0x30, 0x11, + (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x08, + (byte) 0x0c, (byte) 0x0a, (byte) 0x43, (byte) 0x61, (byte) 0x6c, + (byte) 0x69, (byte) 0x66, (byte) 0x6f, (byte) 0x72, (byte) 0x6e, 0x69, + (byte) 0x61, (byte) 0x31, (byte) 0x16, (byte) 0x30, (byte) 0x14, + (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x07, + (byte) 0x0c, (byte) 0x0d, (byte) 0x4d, (byte) 0x6f, (byte) 0x75, 0x6e, + (byte) 0x74, (byte) 0x61, (byte) 0x69, (byte) 0x6e, (byte) 0x20, + (byte) 0x56, (byte) 0x69, (byte) 0x65, (byte) 0x77, (byte) 0x31, + (byte) 0x15, (byte) 0x30, (byte) 0x13, (byte) 0x06, (byte) 0x03, 0x55, + (byte) 0x04, (byte) 0x0a, (byte) 0x0c, (byte) 0x0c, (byte) 0x47, + (byte) 0x6f, (byte) 0x6f, (byte) 0x67, (byte) 0x6c, (byte) 0x65, + (byte) 0x2c, (byte) 0x20, (byte) 0x49, (byte) 0x6e, (byte) 0x63, 0x2e, + (byte) 0x31, (byte) 0x10, (byte) 0x30, (byte) 0x0e, (byte) 0x06, + (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x0b, (byte) 0x0c, + (byte) 0x07, (byte) 0x41, (byte) 0x6e, (byte) 0x64, (byte) 0x72, 0x6f, + (byte) 0x69, (byte) 0x64, (byte) 0x31, (byte) 0x33, (byte) 0x30, + (byte) 0x31, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, + (byte) 0x03, (byte) 0x0c, (byte) 0x2a, (byte) 0x41, (byte) 0x6e, 0x64, + (byte) 0x72, (byte) 0x6f, (byte) 0x69, (byte) 0x64, (byte) 0x20, + (byte) 0x4b, (byte) 0x65, (byte) 0x79, (byte) 0x73, (byte) 0x74, + (byte) 0x6f, (byte) 0x72, (byte) 0x65, (byte) 0x20, (byte) 0x53, 0x6f, + (byte) 0x66, (byte) 0x74, (byte) 0x77, (byte) 0x61, (byte) 0x72, + (byte) 0x65, (byte) 0x20, (byte) 0x41, (byte) 0x74, (byte) 0x74, + (byte) 0x65, (byte) 0x73, (byte) 0x74, (byte) 0x61, (byte) 0x74, 0x69, + (byte) 0x6f, (byte) 0x6e, (byte) 0x20, (byte) 0x52, (byte) 0x6f, + (byte) 0x6f, (byte) 0x74, (byte) 0x30, (byte) 0x1e, (byte) 0x17, + (byte) 0x0d, (byte) 0x31, (byte) 0x36, (byte) 0x30, (byte) 0x31, 0x31, + (byte) 0x31, (byte) 0x30, (byte) 0x30, (byte) 0x34, (byte) 0x36, + (byte) 0x30, (byte) 0x39, (byte) 0x5a, (byte) 0x17, (byte) 0x0d, + (byte) 0x32, (byte) 0x36, (byte) 0x30, (byte) 0x31, (byte) 0x30, 0x38, + (byte) 0x30, (byte) 0x30, (byte) 0x34, (byte) 0x36, (byte) 0x30, + (byte) 0x39, (byte) 0x5a, (byte) 0x30, (byte) 0x81, (byte) 0x88, + (byte) 0x31, (byte) 0x0b, (byte) 0x30, (byte) 0x09, (byte) 0x06, 0x03, + (byte) 0x55, (byte) 0x04, (byte) 0x06, (byte) 0x13, (byte) 0x02, + (byte) 0x55, (byte) 0x53, (byte) 0x31, (byte) 0x13, (byte) 0x30, + (byte) 0x11, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, 0x08, + (byte) 0x0c, (byte) 0x0a, (byte) 0x43, (byte) 0x61, (byte) 0x6c, + (byte) 0x69, (byte) 0x66, (byte) 0x6f, (byte) 0x72, (byte) 0x6e, + (byte) 0x69, (byte) 0x61, (byte) 0x31, (byte) 0x15, (byte) 0x30, 0x13, + (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x0a, + (byte) 0x0c, (byte) 0x0c, (byte) 0x47, (byte) 0x6f, (byte) 0x6f, + (byte) 0x67, (byte) 0x6c, (byte) 0x65, (byte) 0x2c, (byte) 0x20, 0x49, + (byte) 0x6e, (byte) 0x63, (byte) 0x2e, (byte) 0x31, (byte) 0x10, + (byte) 0x30, (byte) 0x0e, (byte) 0x06, (byte) 0x03, (byte) 0x55, + (byte) 0x04, (byte) 0x0b, (byte) 0x0c, (byte) 0x07, (byte) 0x41, 0x6e, + (byte) 0x64, (byte) 0x72, (byte) 0x6f, (byte) 0x69, (byte) 0x64, + (byte) 0x31, (byte) 0x3b, (byte) 0x30, (byte) 0x39, (byte) 0x06, + (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x03, (byte) 0x0c, 0x32, + (byte) 0x41, (byte) 0x6e, (byte) 0x64, (byte) 0x72, (byte) 0x6f, + (byte) 0x69, (byte) 0x64, (byte) 0x20, (byte) 0x4b, (byte) 0x65, + (byte) 0x79, (byte) 0x73, (byte) 0x74, (byte) 0x6f, (byte) 0x72, 0x65, + (byte) 0x20, (byte) 0x53, (byte) 0x6f, (byte) 0x66, (byte) 0x74, + (byte) 0x77, (byte) 0x61, (byte) 0x72, (byte) 0x65, (byte) 0x20, + (byte) 0x41, (byte) 0x74, (byte) 0x74, (byte) 0x65, (byte) 0x73, 0x74, + (byte) 0x61, (byte) 0x74, (byte) 0x69, (byte) 0x6f, (byte) 0x6e, + (byte) 0x20, (byte) 0x49, (byte) 0x6e, (byte) 0x74, (byte) 0x65, + (byte) 0x72, (byte) 0x6d, (byte) 0x65, (byte) 0x64, (byte) 0x69, 0x61, + (byte) 0x74, (byte) 0x65, (byte) 0x30, (byte) 0x59, (byte) 0x30, + (byte) 0x13, (byte) 0x06, (byte) 0x07, (byte) 0x2a, (byte) 0x86, + (byte) 0x48, (byte) 0xce, (byte) 0x3d, (byte) 0x02, (byte) 0x01, 0x06, + (byte) 0x08, (byte) 0x2a, (byte) 0x86, (byte) 0x48, (byte) 0xce, + (byte) 0x3d, (byte) 0x03, (byte) 0x01, (byte) 0x07, (byte) 0x03, + (byte) 0x42, (byte) 0x00, (byte) 0x04, (byte) 0xeb, (byte) 0x9e, 0x79, + (byte) 0xf8, (byte) 0x42, (byte) 0x63, (byte) 0x59, (byte) 0xac, + (byte) 0xcb, (byte) 0x2a, (byte) 0x91, (byte) 0x4c, (byte) 0x89, + (byte) 0x86, (byte) 0xcc, (byte) 0x70, (byte) 0xad, (byte) 0x90, 0x66, + (byte) 0x93, (byte) 0x82, (byte) 0xa9, (byte) 0x73, (byte) 0x26, + (byte) 0x13, (byte) 0xfe, (byte) 0xac, (byte) 0xcb, (byte) 0xf8, + (byte) 0x21, (byte) 0x27, (byte) 0x4c, (byte) 0x21, (byte) 0x74, + (byte) 0x97, (byte) 0x4a, (byte) 0x2a, (byte) 0xfe, (byte) 0xa5, + (byte) 0xb9, (byte) 0x4d, (byte) 0x7f, (byte) 0x66, (byte) 0xd4, + (byte) 0xe0, (byte) 0x65, (byte) 0x10, (byte) 0x66, (byte) 0x35, + (byte) 0xbc, 0x53, (byte) 0xb7, (byte) 0xa0, (byte) 0xa3, (byte) 0xa6, + (byte) 0x71, (byte) 0x58, (byte) 0x3e, (byte) 0xdb, (byte) 0x3e, + (byte) 0x11, (byte) 0xae, (byte) 0x10, (byte) 0x14, (byte) 0xa3, + (byte) 0x66, 0x30, (byte) 0x64, (byte) 0x30, (byte) 0x1d, (byte) 0x06, + (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x0e, (byte) 0x04, + (byte) 0x16, (byte) 0x04, (byte) 0x14, (byte) 0x3f, (byte) 0xfc, + (byte) 0xac, (byte) 0xd6, (byte) 0x1a, (byte) 0xb1, (byte) 0x3a, + (byte) 0x9e, (byte) 0x81, (byte) 0x20, (byte) 0xb8, (byte) 0xd5, + (byte) 0x25, (byte) 0x1c, (byte) 0xc5, (byte) 0x65, (byte) 0xbb, + (byte) 0x1e, (byte) 0x91, (byte) 0xa9, (byte) 0x30, (byte) 0x1f, + (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x23, + (byte) 0x04, (byte) 0x18, (byte) 0x30, (byte) 0x16, (byte) 0x80, + (byte) 0x14, (byte) 0xc8, (byte) 0xad, (byte) 0xe9, (byte) 0x77, + (byte) 0x4c, (byte) 0x45, (byte) 0xc3, (byte) 0xa3, (byte) 0xcf, + (byte) 0x0d, (byte) 0x16, (byte) 0x10, (byte) 0xe4, (byte) 0x79, + (byte) 0x43, (byte) 0x3a, (byte) 0x21, (byte) 0x5a, 0x30, (byte) 0xcf, + (byte) 0x30, (byte) 0x12, (byte) 0x06, (byte) 0x03, (byte) 0x55, + (byte) 0x1d, (byte) 0x13, (byte) 0x01, (byte) 0x01, (byte) 0xff, + (byte) 0x04, (byte) 0x08, (byte) 0x30, (byte) 0x06, 0x01, (byte) 0x01, + (byte) 0xff, (byte) 0x02, (byte) 0x01, (byte) 0x00, (byte) 0x30, + (byte) 0x0e, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, + (byte) 0x0f, (byte) 0x01, (byte) 0x01, (byte) 0xff, 0x04, (byte) 0x04, + (byte) 0x03, (byte) 0x02, (byte) 0x02, (byte) 0x84, (byte) 0x30, + (byte) 0x0a, (byte) 0x06, (byte) 0x08, (byte) 0x2a, (byte) 0x86, + (byte) 0x48, (byte) 0xce, (byte) 0x3d, (byte) 0x04, 0x03, (byte) 0x02, + (byte) 0x03, (byte) 0x48, (byte) 0x00, (byte) 0x30, (byte) 0x45, + (byte) 0x02, (byte) 0x20, (byte) 0x4b, (byte) 0x8a, (byte) 0x9b, + (byte) 0x7b, (byte) 0xee, (byte) 0x82, (byte) 0xbc, (byte) 0xc0, + (byte) 0x33, (byte) 0x87, (byte) 0xae, (byte) 0x2f, (byte) 0xc0, + (byte) 0x89, (byte) 0x98, (byte) 0xb4, (byte) 0xdd, (byte) 0xc3, + (byte) 0x8d, (byte) 0xab, (byte) 0x27, (byte) 0x2a, (byte) 0x45, + (byte) 0x9f, (byte) 0x69, (byte) 0x0c, (byte) 0xc7, (byte) 0xc3, + (byte) 0x92, (byte) 0xd4, (byte) 0x0f, (byte) 0x8e, (byte) 0x02, + (byte) 0x21, (byte) 0x00, (byte) 0xee, (byte) 0xda, (byte) 0x01, + (byte) 0x5d, (byte) 0xb6, (byte) 0xf4, (byte) 0x32, (byte) 0xe9, + (byte) 0xd4, (byte) 0x84, (byte) 0x3b, (byte) 0x62, (byte) 0x4c, + (byte) 0x94, (byte) 0x04, (byte) 0xef, (byte) 0x3a, (byte) 0x7c, + (byte) 0xcc, (byte) 0xbd, 0x5e, (byte) 0xfb, (byte) 0x22, (byte) 0xbb, + (byte) 0xe7, (byte) 0xfe, (byte) 0xb9, (byte) 0x77, (byte) 0x3f, + (byte) 0x59, (byte) 0x3f, (byte) 0xfb,}; + + private static final byte[] kEcAttestRootCert = { + 0x30, (byte) 0x82, (byte) 0x02, (byte) 0x8b, (byte) 0x30, + (byte) 0x82, (byte) 0x02, (byte) 0x32, (byte) 0xa0, (byte) 0x03, + (byte) 0x02, (byte) 0x01, (byte) 0x02, (byte) 0x02, (byte) 0x09, + (byte) 0x00, (byte) 0xa2, (byte) 0x05, (byte) 0x9e, (byte) 0xd1, + (byte) 0x0e, (byte) 0x43, (byte) 0x5b, (byte) 0x57, (byte) 0x30, + (byte) 0x0a, (byte) 0x06, (byte) 0x08, (byte) 0x2a, (byte) 0x86, + (byte) 0x48, (byte) 0xce, 0x3d, (byte) 0x04, (byte) 0x03, + (byte) 0x02, (byte) 0x30, (byte) 0x81, (byte) 0x98, (byte) 0x31, + (byte) 0x0b, (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, + (byte) 0x55, (byte) 0x04, (byte) 0x06, 0x13, (byte) 0x02, + (byte) 0x55, (byte) 0x53, (byte) 0x31, (byte) 0x13, (byte) 0x30, + (byte) 0x11, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, + (byte) 0x08, (byte) 0x0c, (byte) 0x0a, (byte) 0x43, 0x61, + (byte) 0x6c, (byte) 0x69, (byte) 0x66, (byte) 0x6f, (byte) 0x72, + (byte) 0x6e, (byte) 0x69, (byte) 0x61, (byte) 0x31, (byte) 0x16, + (byte) 0x30, (byte) 0x14, (byte) 0x06, (byte) 0x03, (byte) 0x55, + 0x04, (byte) 0x07, (byte) 0x0c, (byte) 0x0d, (byte) 0x4d, + (byte) 0x6f, (byte) 0x75, (byte) 0x6e, (byte) 0x74, (byte) 0x61, + (byte) 0x69, (byte) 0x6e, (byte) 0x20, (byte) 0x56, (byte) 0x69, + (byte) 0x65, 0x77, (byte) 0x31, (byte) 0x15, (byte) 0x30, + (byte) 0x13, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, + (byte) 0x0a, (byte) 0x0c, (byte) 0x0c, (byte) 0x47, (byte) 0x6f, + (byte) 0x6f, (byte) 0x67, 0x6c, (byte) 0x65, (byte) 0x2c, + (byte) 0x20, (byte) 0x49, (byte) 0x6e, (byte) 0x63, (byte) 0x2e, + (byte) 0x31, (byte) 0x10, (byte) 0x30, (byte) 0x0e, (byte) 0x06, + (byte) 0x03, (byte) 0x55, (byte) 0x04, 0x0b, (byte) 0x0c, + (byte) 0x07, (byte) 0x41, (byte) 0x6e, (byte) 0x64, (byte) 0x72, + (byte) 0x6f, (byte) 0x69, (byte) 0x64, (byte) 0x31, (byte) 0x33, + (byte) 0x30, (byte) 0x31, (byte) 0x06, (byte) 0x03, 0x55, + (byte) 0x04, (byte) 0x03, (byte) 0x0c, (byte) 0x2a, (byte) 0x41, + (byte) 0x6e, (byte) 0x64, (byte) 0x72, (byte) 0x6f, (byte) 0x69, + (byte) 0x64, (byte) 0x20, (byte) 0x4b, (byte) 0x65, (byte) 0x79, + 0x73, (byte) 0x74, (byte) 0x6f, (byte) 0x72, (byte) 0x65, + (byte) 0x20, (byte) 0x53, (byte) 0x6f, (byte) 0x66, (byte) 0x74, + (byte) 0x77, (byte) 0x61, (byte) 0x72, (byte) 0x65, (byte) 0x20, + (byte) 0x41, 0x74, (byte) 0x74, (byte) 0x65, (byte) 0x73, + (byte) 0x74, (byte) 0x61, (byte) 0x74, (byte) 0x69, (byte) 0x6f, + (byte) 0x6e, (byte) 0x20, (byte) 0x52, (byte) 0x6f, (byte) 0x6f, + (byte) 0x74, (byte) 0x30, 0x1e, (byte) 0x17, (byte) 0x0d, + (byte) 0x31, (byte) 0x36, (byte) 0x30, (byte) 0x31, (byte) 0x31, + (byte) 0x31, (byte) 0x30, (byte) 0x30, (byte) 0x34, (byte) 0x33, + (byte) 0x35, (byte) 0x30, (byte) 0x5a, 0x17, (byte) 0x0d, + (byte) 0x33, (byte) 0x36, (byte) 0x30, (byte) 0x31, (byte) 0x30, + (byte) 0x36, (byte) 0x30, (byte) 0x30, (byte) 0x34, (byte) 0x33, + (byte) 0x35, (byte) 0x30, (byte) 0x5a, (byte) 0x30, (byte) 0x81, + (byte) 0x98, (byte) 0x31, (byte) 0x0b, (byte) 0x30, (byte) 0x09, + (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x06, + (byte) 0x13, (byte) 0x02, (byte) 0x55, (byte) 0x53, (byte) 0x31, + 0x13, (byte) 0x30, (byte) 0x11, (byte) 0x06, (byte) 0x03, + (byte) 0x55, (byte) 0x04, (byte) 0x08, (byte) 0x0c, (byte) 0x0a, + (byte) 0x43, (byte) 0x61, (byte) 0x6c, (byte) 0x69, (byte) 0x66, + (byte) 0x6f, 0x72, (byte) 0x6e, (byte) 0x69, (byte) 0x61, + (byte) 0x31, (byte) 0x16, (byte) 0x30, (byte) 0x14, (byte) 0x06, + (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x07, (byte) 0x0c, + (byte) 0x0d, (byte) 0x4d, 0x6f, (byte) 0x75, (byte) 0x6e, + (byte) 0x74, (byte) 0x61, (byte) 0x69, (byte) 0x6e, (byte) 0x20, + (byte) 0x56, (byte) 0x69, (byte) 0x65, (byte) 0x77, (byte) 0x31, + (byte) 0x15, (byte) 0x30, (byte) 0x13, 0x06, (byte) 0x03, + (byte) 0x55, (byte) 0x04, (byte) 0x0a, (byte) 0x0c, (byte) 0x0c, + (byte) 0x47, (byte) 0x6f, (byte) 0x6f, (byte) 0x67, (byte) 0x6c, + (byte) 0x65, (byte) 0x2c, (byte) 0x20, (byte) 0x49, 0x6e, + (byte) 0x63, (byte) 0x2e, (byte) 0x31, (byte) 0x10, (byte) 0x30, + (byte) 0x0e, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, + (byte) 0x0b, (byte) 0x0c, (byte) 0x07, (byte) 0x41, (byte) 0x6e, + 0x64, (byte) 0x72, (byte) 0x6f, (byte) 0x69, (byte) 0x64, + (byte) 0x31, (byte) 0x33, (byte) 0x30, (byte) 0x31, (byte) 0x06, + (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x03, (byte) 0x0c, + (byte) 0x2a, 0x41, (byte) 0x6e, (byte) 0x64, (byte) 0x72, + (byte) 0x6f, (byte) 0x69, (byte) 0x64, (byte) 0x20, (byte) 0x4b, + (byte) 0x65, (byte) 0x79, (byte) 0x73, (byte) 0x74, (byte) 0x6f, + (byte) 0x72, (byte) 0x65, 0x20, (byte) 0x53, (byte) 0x6f, + (byte) 0x66, (byte) 0x74, (byte) 0x77, (byte) 0x61, (byte) 0x72, + (byte) 0x65, (byte) 0x20, (byte) 0x41, (byte) 0x74, (byte) 0x74, + (byte) 0x65, (byte) 0x73, (byte) 0x74, 0x61, (byte) 0x74, + (byte) 0x69, (byte) 0x6f, (byte) 0x6e, 0x77, (byte) 0x1f, + (byte) 0x44, (byte) 0x22, (byte) 0x6d, (byte) 0xbd, (byte) 0xb1, + (byte) 0xaf, (byte) 0xfa, (byte) 0x16, (byte) 0xcb, (byte) 0xc7, + (byte) 0xad, (byte) 0xc5, (byte) 0x77, (byte) 0xd2, (byte) 0x20, + (byte) 0x52, (byte) 0x6f, (byte) 0x6f, (byte) 0x74, (byte) 0x30, + (byte) 0x59, (byte) 0x30, (byte) 0x13, (byte) 0x06, (byte) 0x07, + 0x2a, (byte) 0x86, (byte) 0x48, (byte) 0xce, (byte) 0x3d, + (byte) 0x02, (byte) 0x01, (byte) 0x06, (byte) 0x08, (byte) 0x2a, + (byte) 0x86, (byte) 0x48, (byte) 0xce, (byte) 0x3d, (byte) 0x03, + (byte) 0x01, 0x07, (byte) 0x03, (byte) 0x42, (byte) 0x00, + (byte) 0x04, (byte) 0xee, (byte) 0x5d, (byte) 0x5e, (byte) 0xc7, + (byte) 0xe1, (byte) 0xc0, (byte) 0xdb, (byte) 0x6d, (byte) 0x03, + (byte) 0xa6, (byte) 0x7e, (byte) 0xe6, (byte) 0xb6, (byte) 0x1b, + (byte) 0xec, (byte) 0x4d, (byte) 0x6a, (byte) 0x5d, (byte) 0x6a, + (byte) 0x68, (byte) 0x2e, (byte) 0x0f, (byte) 0xff, (byte) 0x7f, + (byte) 0x49, (byte) 0x0e, (byte) 0x7d, 0x56, (byte) 0x9c, + (byte) 0xaa, (byte) 0xb7, (byte) 0xb0, (byte) 0x2d, (byte) 0x54, + (byte) 0x01, (byte) 0x5d, (byte) 0x3e, (byte) 0x43, (byte) 0x2b, + (byte) 0x2a, (byte) 0x8e, (byte) 0xd7, (byte) 0x4e, (byte) 0xec, + (byte) 0x48, (byte) 0x75, (byte) 0x41, (byte) 0xa4, (byte) 0xa3, + (byte) 0x63, (byte) 0x30, (byte) 0x61, (byte) 0x30, (byte) 0x1d, + (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x0e, + 0x04, (byte) 0x16, (byte) 0x04, (byte) 0x14, (byte) 0xc8, + (byte) 0xad, (byte) 0xe9, (byte) 0x77, (byte) 0x4c, (byte) 0x45, + (byte) 0xc3, (byte) 0xa3, (byte) 0xcf, (byte) 0x0d, (byte) 0x16, + (byte) 0x10, (byte) 0xe4, (byte) 0x79, (byte) 0x43, (byte) 0x3a, + (byte) 0x21, (byte) 0x5a, (byte) 0x30, (byte) 0xcf, (byte) 0x30, + (byte) 0x1f, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, + (byte) 0x23, (byte) 0x04, 0x18, (byte) 0x30, (byte) 0x16, + (byte) 0x80, (byte) 0x14, (byte) 0xc8, (byte) 0xad, (byte) 0xe9, + (byte) 0x77, (byte) 0x4c, (byte) 0x45, (byte) 0xc3, (byte) 0xa3, + (byte) 0xcf, (byte) 0x0d, (byte) 0x16, 0x10, (byte) 0xe4, + (byte) 0x79, (byte) 0x43, (byte) 0x3a, (byte) 0x21, (byte) 0x5a, + (byte) 0x30, (byte) 0xcf, (byte) 0x30, (byte) 0x0f, (byte) 0x06, + (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x13, 0x01, + (byte) 0x01, (byte) 0xff, (byte) 0x04, (byte) 0x05, (byte) 0x30, + (byte) 0x03, (byte) 0x01, (byte) 0x01, (byte) 0xff, (byte) 0x30, + (byte) 0x0e, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, + 0x0f, (byte) 0x01, (byte) 0x01, (byte) 0xff, (byte) 0x04, + (byte) 0x04, (byte) 0x03, (byte) 0x02, (byte) 0x02, (byte) 0x84, + (byte) 0x30, (byte) 0x0a, (byte) 0x06, (byte) 0x08, (byte) 0x2a, + (byte) 0x86, 0x48, (byte) 0xce, (byte) 0x3d, (byte) 0x04, + (byte) 0x03, (byte) 0x02, (byte) 0x03, (byte) 0x47, (byte) 0x00, + (byte) 0x30, (byte) 0x44, (byte) 0x02, (byte) 0x20, (byte) 0x35, + (byte) 0x21, (byte) 0xa3, (byte) 0xef, (byte) 0x8b, (byte) 0x34, + (byte) 0x46, (byte) 0x1e, (byte) 0x9c, (byte) 0xd5, (byte) 0x60, + (byte) 0xf3, (byte) 0x1d, (byte) 0x58, (byte) 0x89, (byte) 0x20, + (byte) 0x6a, (byte) 0xdc, (byte) 0xa3, 0x65, (byte) 0x41, + (byte) 0xf6, (byte) 0x0d, (byte) 0x9e, (byte) 0xce, (byte) 0x8a, + (byte) 0x19, (byte) 0x8c, (byte) 0x66, (byte) 0x48, (byte) 0x60, + (byte) 0x7b, (byte) 0x02, (byte) 0x20, (byte) 0x4d, 0x0b, + (byte) 0xf3, (byte) 0x51, (byte) 0xd9, (byte) 0x30, (byte) 0x7c, + (byte) 0x7d, (byte) 0x5b, (byte) 0xda, (byte) 0x35, (byte) 0x34, + (byte) 0x1d, (byte) 0xa8, (byte) 0x47, (byte) 0x1b, (byte) 0x63, + (byte) 0xa5, (byte) 0x85, (byte) 0x65, (byte) 0x3c, (byte) 0xad, + (byte) 0x4f, (byte) 0x24, (byte) 0xa7, (byte) 0xe7, (byte) 0x4d, + (byte) 0xaf, (byte) 0x41, (byte) 0x7d, (byte) 0xf1, + (byte) 0xbf,}; + + private static final byte[] X509Issuer = { + (byte) 0x30, (byte) 0x81, (byte) 0x88, (byte) 0x31, (byte) 0x0b, + (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, + (byte) 0x04, (byte) 0x06, (byte) 0x13, (byte) 0x02, (byte) 0x55, + (byte) 0x53, (byte) 0x31, (byte) 0x13, (byte) 0x30, (byte) 0x11, + (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x08, + (byte) 0x0c, (byte) 0x0a, (byte) 0x43, (byte) 0x61, (byte) 0x6c, + (byte) 0x69, (byte) 0x66, (byte) 0x6f, (byte) 0x72, (byte) 0x6e, + (byte) 0x69, (byte) 0x61, (byte) 0x31, (byte) 0x15, (byte) 0x30, + (byte) 0x13, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, + (byte) 0x0a, (byte) 0x0c, (byte) 0x0c, (byte) 0x47, (byte) 0x6f, + (byte) 0x6f, (byte) 0x67, (byte) 0x6c, (byte) 0x65, (byte) 0x2c, + (byte) 0x20, (byte) 0x49, (byte) 0x6e, (byte) 0x63, (byte) 0x2e, + (byte) 0x31, (byte) 0x10, (byte) 0x30, (byte) 0x0e, (byte) 0x06, + (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x0b, (byte) 0x0c, + (byte) 0x07, (byte) 0x41, (byte) 0x6e, (byte) 0x64, (byte) 0x72, + (byte) 0x6f, (byte) 0x69, (byte) 0x64, (byte) 0x31, (byte) 0x3b, + (byte) 0x30, (byte) 0x39, (byte) 0x06, (byte) 0x03, (byte) 0x55, + (byte) 0x04, (byte) 0x03, (byte) 0x0c, (byte) 0x32, (byte) 0x41, + (byte) 0x6e, (byte) 0x64, (byte) 0x72, (byte) 0x6f, (byte) 0x69, + (byte) 0x64, (byte) 0x20, (byte) 0x4b, (byte) 0x65, (byte) 0x79, + (byte) 0x73, (byte) 0x74, (byte) 0x6f, (byte) 0x72, (byte) 0x65, + (byte) 0x20, (byte) 0x53, (byte) 0x6f, (byte) 0x66, (byte) 0x74, + (byte) 0x77, (byte) 0x61, (byte) 0x72, (byte) 0x65, (byte) 0x20, + (byte) 0x41, (byte) 0x74, (byte) 0x74, (byte) 0x65, (byte) 0x73, + (byte) 0x74, (byte) 0x61, (byte) 0x74, (byte) 0x69, (byte) 0x6f, + (byte) 0x6e, (byte) 0x20, (byte) 0x49, (byte) 0x6e, (byte) 0x74, + (byte) 0x65, (byte) 0x72, (byte) 0x6d, (byte) 0x65, (byte) 0x64, + (byte) 0x69, (byte) 0x61, (byte) 0x74, (byte) 0x65}; // AttestationApplicationId ::= SEQUENCE { // * packageInfoRecords SET OF PackageInfoRecord, // * signatureDigests SET OF OCTET_STRING, @@ -436,24 +437,29 @@ public class KMFunctionalTest { // * version INTEGER, // * } private static final byte[] attAppId = {0x30, 0x10, 0x31, 0x0B, 0x30, 0x04, 0x05, 'A', 'B', 'C', - 'D', 'E', 0x02, 0x01, 0x01, 0x31, 0x02, 0x04, 0x00}; - private static final byte[] attChallenge = {'c','h','a','l','l','e','n','g','e'}; - private static final byte[] expiryTime = {(byte)0x32, (byte)0x36, (byte)0x30, (byte)0x31, (byte)0x30, (byte)0x38, (byte)0x30, (byte)0x30, (byte)0x34, (byte)0x36, (byte)0x30, (byte)0x39, (byte)0x5a}; - private static final byte[] authKeyId = { (byte)0x80, (byte)0x14, (byte)0xc8, (byte)0xad, (byte)0xe9, (byte)0x77, (byte)0x4c, (byte)0x45, (byte)0xc3, (byte)0xa3, (byte)0xcf, (byte)0x0d, (byte)0x16, (byte)0x10, (byte)0xe4, (byte)0x79, (byte)0x43, (byte)0x3a, (byte)0x21, (byte)0x5a, (byte)0x30, (byte)0xcf}; + 'D', 'E', 0x02, 0x01, 0x01, 0x31, 0x02, 0x04, 0x00}; + private static final byte[] attChallenge = {'c', 'h', 'a', 'l', 'l', 'e', 'n', 'g', 'e'}; + private static final byte[] expiryTime = {(byte) 0x32, (byte) 0x36, (byte) 0x30, (byte) 0x31, + (byte) 0x30, (byte) 0x38, (byte) 0x30, (byte) 0x30, (byte) 0x34, (byte) 0x36, (byte) 0x30, + (byte) 0x39, (byte) 0x5a}; + private static final byte[] authKeyId = {(byte) 0x80, (byte) 0x14, (byte) 0xc8, (byte) 0xad, + (byte) 0xe9, (byte) 0x77, (byte) 0x4c, (byte) 0x45, (byte) 0xc3, (byte) 0xa3, (byte) 0xcf, + (byte) 0x0d, (byte) 0x16, (byte) 0x10, (byte) 0xe4, (byte) 0x79, (byte) 0x43, (byte) 0x3a, + (byte) 0x21, (byte) 0x5a, (byte) 0x30, (byte) 0xcf}; private CardSimulator simulator; private KMEncoder encoder; private KMDecoder decoder; private KMSEProvider cryptoProvider; - public KMFunctionalTest(){ + public KMFunctionalTest() { cryptoProvider = new KMJCardSimulator(); simulator = new CardSimulator(); encoder = new KMEncoder(); decoder = new KMDecoder(); } - private void init(){ + private void init() { // Create simulator AID appletAID = AIDUtil.create("A000000062"); simulator.installApplet(appletAID, KMJCardSimApplet.class); @@ -464,7 +470,7 @@ private void init(){ } private void setBootParams(CardSimulator simulator, short osVersion, - short osPatchLevel, short vendorPatchLevel, short bootPatchLevel) { + short osPatchLevel, short vendorPatchLevel, short bootPatchLevel) { // Argument 1 OS Version short versionPtr = KMInteger.uint_16(osVersion); // short versionTagPtr = KMIntegerTag.instance(KMType.UINT_TAG, @@ -476,16 +482,16 @@ private void setBootParams(CardSimulator simulator, short osVersion, // Argument 3 Verified Boot Key byte[] bootKeyHash = "00011122233344455566677788899900".getBytes(); short bootKeyPtr = KMByteBlob.instance(bootKeyHash, (short) 0, - (short) bootKeyHash.length); + (short) bootKeyHash.length); // Argument 4 Verified Boot Hash short bootHashPtr = KMByteBlob.instance(bootKeyHash, (short) 0, - (short) bootKeyHash.length); + (short) bootKeyHash.length); // Argument 5 Verified Boot State short bootStatePtr = KMEnum.instance(KMType.VERIFIED_BOOT_STATE, - KMType.VERIFIED_BOOT); + KMType.VERIFIED_BOOT); // Argument 6 Device Locked short deviceLockedPtr = KMEnum.instance(KMType.DEVICE_LOCKED, - KMType.DEVICE_LOCKED_FALSE); + KMType.DEVICE_LOCKED_FALSE); // Arguments short arrPtr = KMArray.instance((short) 8); KMArray vals = KMArray.cast(arrPtr); @@ -506,18 +512,18 @@ private void setBootParams(CardSimulator simulator, short osVersion, private void provisionSigningCertificate(CardSimulator simulator) { short byteBlobPtr = KMByteBlob.instance( - (short) (kEcAttestCert.length + kEcAttestRootCert.length)); + (short) (kEcAttestCert.length + kEcAttestRootCert.length)); Util.arrayCopyNonAtomic(kEcAttestCert, (short) 0, - KMByteBlob.cast(byteBlobPtr).getBuffer(), - KMByteBlob.cast(byteBlobPtr).getStartOff(), - (short) kEcAttestCert.length); + KMByteBlob.cast(byteBlobPtr).getBuffer(), + KMByteBlob.cast(byteBlobPtr).getStartOff(), + (short) kEcAttestCert.length); Util.arrayCopyNonAtomic(kEcAttestRootCert, (short) 0, - KMByteBlob.cast(byteBlobPtr).getBuffer(), - (short) (KMByteBlob.cast(byteBlobPtr).getStartOff() - + kEcAttestCert.length), - (short) kEcAttestRootCert.length); + KMByteBlob.cast(byteBlobPtr).getBuffer(), + (short) (KMByteBlob.cast(byteBlobPtr).getStartOff() + + kEcAttestCert.length), + (short) kEcAttestRootCert.length); CommandAPDU apdu = encodeApdu( - (byte) INS_PROVISION_ATTESTATION_CERT_CHAIN_CMD, byteBlobPtr); + (byte) INS_PROVISION_ATTESTATION_CERT_CHAIN_CMD, byteBlobPtr); // print(commandAPDU.getBytes()); ResponseAPDU response = simulator.transmitCommand(apdu); Assert.assertEquals(0x9000, response.getSW()); @@ -536,7 +542,7 @@ private void provisionSigningKey(CardSimulator simulator) { KMArray.cast(arrPtr).add((short) 0, ecCurve); KMArray.cast(arrPtr).add((short) 1, digest); KMArray.cast(arrPtr).add((short) 2, - KMEnumTag.instance(KMType.ALGORITHM, KMType.EC)); + KMEnumTag.instance(KMType.ALGORITHM, KMType.EC)); KMArray.cast(arrPtr).add((short) 3, purpose); short keyParams = KMKeyParameters.instance(arrPtr); // Note: VTS uses PKCS8 KeyFormat RAW @@ -545,9 +551,9 @@ private void provisionSigningKey(CardSimulator simulator) { // Key short signKeyPtr = KMArray.instance((short) 2); KMArray.cast(signKeyPtr).add((short) 0, KMByteBlob.instance(kEcPrivKey, - (short) 0, (short) kEcPrivKey.length)); + (short) 0, (short) kEcPrivKey.length)); KMArray.cast(signKeyPtr).add((short) 1, KMByteBlob.instance(kEcPubKey, - (short) 0, (short) kEcPubKey.length)); + (short) 0, (short) kEcPubKey.length)); byte[] keyBuf = new byte[120]; short len = encoder.encode(signKeyPtr, keyBuf, (short) 0); short signKeyBstr = KMByteBlob.instance(keyBuf, (short) 0, len); @@ -558,7 +564,7 @@ private void provisionSigningKey(CardSimulator simulator) { KMArray.cast(finalArrayPtr).add((short) 2, signKeyBstr); CommandAPDU apdu = encodeApdu((byte) INS_PROVISION_ATTESTATION_KEY_CMD, - finalArrayPtr); + finalArrayPtr); // print(commandAPDU.getBytes()); ResponseAPDU response = simulator.transmitCommand(apdu); Assert.assertEquals(0x9000, response.getSW()); @@ -568,14 +574,14 @@ private void provisionCertificateParams(CardSimulator simulator) { short arrPtr = KMArray.instance((short) 2); short byteBlob1 = KMByteBlob.instance(X509Issuer, (short) 0, - (short) X509Issuer.length); + (short) X509Issuer.length); KMArray.cast(arrPtr).add((short) 0, byteBlob1); short byteBlob2 = KMByteBlob.instance(expiryTime, (short) 0, - (short) expiryTime.length); + (short) expiryTime.length); KMArray.cast(arrPtr).add((short) 1, byteBlob2); CommandAPDU apdu = encodeApdu( - (byte) INS_PROVISION_ATTESTATION_CERT_PARAMS_CMD, arrPtr); + (byte) INS_PROVISION_ATTESTATION_CERT_PARAMS_CMD, arrPtr); // print(commandAPDU.getBytes()); ResponseAPDU response = simulator.transmitCommand(apdu); Assert.assertEquals(0x9000, response.getSW()); @@ -583,15 +589,15 @@ private void provisionCertificateParams(CardSimulator simulator) { private void provisionSharedSecret(CardSimulator simulator) { byte[] sharedKeySecret = { - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0 }; + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0}; short arrPtr = KMArray.instance((short) 1); short byteBlob = KMByteBlob.instance(sharedKeySecret, (short) 0, - (short) sharedKeySecret.length); + (short) sharedKeySecret.length); KMArray.cast(arrPtr).add((short) 0, byteBlob); CommandAPDU apdu = encodeApdu((byte) INS_PROVISION_PRESHARED_SECRET_CMD, - arrPtr); + arrPtr); // print(commandAPDU.getBytes()); ResponseAPDU response = simulator.transmitCommand(apdu); Assert.assertEquals(0x9000, response.getSW()); @@ -603,34 +609,34 @@ private void provisionAttestIds(CardSimulator simulator) { byte[] buf = "Attestation Id".getBytes(); KMArray.cast(arrPtr).add((short) 0, - KMByteTag.instance(KMType.ATTESTATION_ID_BRAND, - KMByteBlob.instance(buf, (short) 0, (short) buf.length))); + KMByteTag.instance(KMType.ATTESTATION_ID_BRAND, + KMByteBlob.instance(buf, (short) 0, (short) buf.length))); KMArray.cast(arrPtr).add((short) 1, - KMByteTag.instance(KMType.ATTESTATION_ID_PRODUCT, - KMByteBlob.instance(buf, (short) 0, (short) buf.length))); + KMByteTag.instance(KMType.ATTESTATION_ID_PRODUCT, + KMByteBlob.instance(buf, (short) 0, (short) buf.length))); KMArray.cast(arrPtr).add((short) 2, - KMByteTag.instance(KMType.ATTESTATION_ID_DEVICE, - KMByteBlob.instance(buf, (short) 0, (short) buf.length))); + KMByteTag.instance(KMType.ATTESTATION_ID_DEVICE, + KMByteBlob.instance(buf, (short) 0, (short) buf.length))); KMArray.cast(arrPtr).add((short) 3, - KMByteTag.instance(KMType.ATTESTATION_ID_MODEL, - KMByteBlob.instance(buf, (short) 0, (short) buf.length))); + KMByteTag.instance(KMType.ATTESTATION_ID_MODEL, + KMByteBlob.instance(buf, (short) 0, (short) buf.length))); KMArray.cast(arrPtr).add((short) 4, - KMByteTag.instance(KMType.ATTESTATION_ID_IMEI, - KMByteBlob.instance(buf, (short) 0, (short) buf.length))); + KMByteTag.instance(KMType.ATTESTATION_ID_IMEI, + KMByteBlob.instance(buf, (short) 0, (short) buf.length))); KMArray.cast(arrPtr).add((short) 5, - KMByteTag.instance(KMType.ATTESTATION_ID_MEID, - KMByteBlob.instance(buf, (short) 0, (short) buf.length))); + KMByteTag.instance(KMType.ATTESTATION_ID_MEID, + KMByteBlob.instance(buf, (short) 0, (short) buf.length))); KMArray.cast(arrPtr).add((short) 6, - KMByteTag.instance(KMType.ATTESTATION_ID_MANUFACTURER, - KMByteBlob.instance(buf, (short) 0, (short) buf.length))); + KMByteTag.instance(KMType.ATTESTATION_ID_MANUFACTURER, + KMByteBlob.instance(buf, (short) 0, (short) buf.length))); KMArray.cast(arrPtr).add((short) 7, - KMByteTag.instance(KMType.ATTESTATION_ID_SERIAL, - KMByteBlob.instance(buf, (short) 0, (short) buf.length))); + KMByteTag.instance(KMType.ATTESTATION_ID_SERIAL, + KMByteBlob.instance(buf, (short) 0, (short) buf.length))); short keyParams = KMKeyParameters.instance(arrPtr); short outerArrPtr = KMArray.instance((short) 1); KMArray.cast(outerArrPtr).add((short) 0, keyParams); CommandAPDU apdu = encodeApdu((byte) INS_PROVISION_ATTEST_IDS_CMD, - outerArrPtr); + outerArrPtr); // print(commandAPDU.getBytes()); ResponseAPDU response = simulator.transmitCommand(apdu); Assert.assertEquals(0x9000, response.getSW()); @@ -638,7 +644,7 @@ private void provisionAttestIds(CardSimulator simulator) { private void provisionLocked(CardSimulator simulator) { CommandAPDU commandAPDU = new CommandAPDU(0x80, INS_LOCK_PROVISIONING_CMD, - 0x40, 0x00); + 0x40, 0x00); // print(commandAPDU.getBytes()); ResponseAPDU response = simulator.transmitCommand(commandAPDU); Assert.assertEquals(0x9000, response.getSW()); @@ -651,28 +657,28 @@ private void provisionCmd(CardSimulator simulator) { provisionSharedSecret(simulator); provisionAttestIds(simulator); // set bootup parameters - setBootParams(simulator,(short)1,(short)1, (short)0, (short)0); + setBootParams(simulator, (short) 1, (short) 1, (short) 0, (short) 0); provisionLocked(simulator); } - private void cleanUp(){ + private void cleanUp() { AID appletAID = AIDUtil.create("A000000062"); // Delete i.e. uninstall applet simulator.deleteApplet(appletAID); } - private CommandAPDU encodeApdu(byte ins, short cmd){ + private CommandAPDU encodeApdu(byte ins, short cmd) { byte[] buf = new byte[2500]; - buf[0] = (byte)0x80; + buf[0] = (byte) 0x80; buf[1] = ins; - buf[2] = (byte)0x40; - buf[3] = (byte)0x00; + buf[2] = (byte) 0x40; + buf[3] = (byte) 0x00; buf[4] = 0; short len = encoder.encode(cmd, buf, (short) 7); - Util.setShort(buf, (short)5, len); - byte[] apdu = new byte[7+len]; - Util.arrayCopyNonAtomic(buf,(short)0,apdu,(short)0,(short)(7+len)); + Util.setShort(buf, (short) 5, len); + byte[] apdu = new byte[7 + len]; + Util.arrayCopyNonAtomic(buf, (short) 0, apdu, (short) 0, (short) (7 + len)); //CommandAPDU commandAPDU = new CommandAPDU(0x80, 0x10, 0x40, 0x00, buf, 0, actualLen); return new CommandAPDU(apdu); } @@ -680,53 +686,54 @@ private CommandAPDU encodeApdu(byte ins, short cmd){ @Test public void testAesImportKeySuccess() { init(); - byte[] aesKeySecret = new byte[] {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}; - short arrPtr = KMArray.instance((short)5); + byte[] aesKeySecret = new byte[]{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; + short arrPtr = KMArray.instance((short) 5); short boolTag = KMBoolTag.instance(KMType.NO_AUTH_REQUIRED); - short keySize = KMIntegerTag.instance(KMType.UINT_TAG, KMType.KEYSIZE, KMInteger.uint_16((short)128)); - short byteBlob = KMByteBlob.instance((short)1); - KMByteBlob.cast(byteBlob).add((short)0, KMType.ECB); + short keySize = KMIntegerTag + .instance(KMType.UINT_TAG, KMType.KEYSIZE, KMInteger.uint_16((short) 128)); + short byteBlob = KMByteBlob.instance((short) 1); + KMByteBlob.cast(byteBlob).add((short) 0, KMType.ECB); short blockMode = KMEnumArrayTag.instance(KMType.BLOCK_MODE, byteBlob); - byteBlob = KMByteBlob.instance((short)1); - KMByteBlob.cast(byteBlob).add((short)0, KMType.PKCS7); + byteBlob = KMByteBlob.instance((short) 1); + KMByteBlob.cast(byteBlob).add((short) 0, KMType.PKCS7); short paddingMode = KMEnumArrayTag.instance(KMType.PADDING, byteBlob); - KMArray.cast(arrPtr).add((short)0, boolTag); - KMArray.cast(arrPtr).add((short)1, keySize); - KMArray.cast(arrPtr).add((short)2, blockMode); - KMArray.cast(arrPtr).add((short)3, paddingMode); - KMArray.cast(arrPtr).add((short)4, KMEnumTag.instance(KMType.ALGORITHM, KMType.AES)); + KMArray.cast(arrPtr).add((short) 0, boolTag); + KMArray.cast(arrPtr).add((short) 1, keySize); + KMArray.cast(arrPtr).add((short) 2, blockMode); + KMArray.cast(arrPtr).add((short) 3, paddingMode); + KMArray.cast(arrPtr).add((short) 4, KMEnumTag.instance(KMType.ALGORITHM, KMType.AES)); short keyParams = KMKeyParameters.instance(arrPtr); short keyFormatPtr = KMEnum.instance(KMType.KEY_FORMAT, KMType.RAW); - short keyBlob = KMArray.instance((short)1); - KMArray.cast(keyBlob).add((short)0, KMByteBlob.instance(aesKeySecret,(short)0,(short)16)); + short keyBlob = KMArray.instance((short) 1); + KMArray.cast(keyBlob).add((short) 0, KMByteBlob.instance(aesKeySecret, (short) 0, (short) 16)); byte[] blob = new byte[256]; - short len = encoder.encode(keyBlob,blob,(short)0); - keyBlob = KMByteBlob.instance(blob, (short)0, len); - arrPtr = KMArray.instance((short)3); + short len = encoder.encode(keyBlob, blob, (short) 0); + keyBlob = KMByteBlob.instance(blob, (short) 0, len); + arrPtr = KMArray.instance((short) 3); KMArray arg = KMArray.cast(arrPtr); arg.add((short) 0, keyParams); - arg.add((short)1, keyFormatPtr); - arg.add((short)2, keyBlob); - CommandAPDU apdu = encodeApdu((byte)INS_IMPORT_KEY_CMD, arrPtr); + arg.add((short) 1, keyFormatPtr); + arg.add((short) 2, keyBlob); + CommandAPDU apdu = encodeApdu((byte) INS_IMPORT_KEY_CMD, arrPtr); // print(commandAPDU.getBytes()); ResponseAPDU response = simulator.transmitCommand(apdu); short ret = KMArray.instance((short) 3); KMArray.cast(ret).add((short) 0, KMInteger.exp()); - KMArray.cast(ret).add((short)1, KMByteBlob.exp()); + KMArray.cast(ret).add((short) 1, KMByteBlob.exp()); short inst = KMKeyCharacteristics.exp(); KMArray.cast(ret).add((short) 2, inst); byte[] respBuf = response.getBytes(); len = (short) respBuf.length; ret = decoder.decode(ret, respBuf, (short) 0, len); - short error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); - short keyBlobLength = KMByteBlob.cast(KMArray.cast(ret).get((short)1)).length(); - short keyCharacteristics = KMArray.cast(ret).get((short)2); + short error = KMInteger.cast(KMArray.cast(ret).get((short) 0)).getShort(); + short keyBlobLength = KMByteBlob.cast(KMArray.cast(ret).get((short) 1)).length(); + short keyCharacteristics = KMArray.cast(ret).get((short) 2); short hwParams = KMKeyCharacteristics.cast(keyCharacteristics).getHardwareEnforced(); short swParams = KMKeyCharacteristics.cast(keyCharacteristics).getSoftwareEnforced(); Assert.assertEquals(0x9000, response.getSW()); Assert.assertEquals(error, KMError.OK); short tag = KMKeyParameters.findTag(KMType.BOOL_TAG, KMType.NO_AUTH_REQUIRED, hwParams); - Assert.assertEquals(KMBoolTag.cast(tag).getVal(),0x01); + Assert.assertEquals(KMBoolTag.cast(tag).getVal(), 0x01); tag = KMKeyParameters.findTag(KMType.UINT_TAG, KMType.KEYSIZE, hwParams); Assert.assertEquals(KMInteger.cast(KMIntegerTag.cast(tag).getValue()).getShort(), 128); tag = KMKeyParameters.findTag(KMType.ENUM_ARRAY_TAG, KMType.PADDING, hwParams); @@ -743,51 +750,53 @@ public void testAesImportKeySuccess() { @Test public void testHmacImportKeySuccess() { init(); - byte[] hmacKeySecret = new byte[] {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}; - short arrPtr = KMArray.instance((short)5); + byte[] hmacKeySecret = new byte[]{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; + short arrPtr = KMArray.instance((short) 5); short boolTag = KMBoolTag.instance(KMType.NO_AUTH_REQUIRED); - short keySize = KMIntegerTag.instance(KMType.UINT_TAG, KMType.KEYSIZE, KMInteger.uint_16((short)128)); - short byteBlob = KMByteBlob.instance((short)1); - KMByteBlob.cast(byteBlob).add((short)0, KMType.SHA2_256); + short keySize = KMIntegerTag + .instance(KMType.UINT_TAG, KMType.KEYSIZE, KMInteger.uint_16((short) 128)); + short byteBlob = KMByteBlob.instance((short) 1); + KMByteBlob.cast(byteBlob).add((short) 0, KMType.SHA2_256); short digest = KMEnumArrayTag.instance(KMType.DIGEST, byteBlob); - short minMacLength = KMIntegerTag.instance(KMType.UINT_TAG,KMType.MIN_MAC_LENGTH, KMInteger.uint_16((short)256)); - KMArray.cast(arrPtr).add((short)0, boolTag); - KMArray.cast(arrPtr).add((short)1, keySize); - KMArray.cast(arrPtr).add((short)2, digest); - KMArray.cast(arrPtr).add((short)3, minMacLength); - KMArray.cast(arrPtr).add((short)4, KMEnumTag.instance(KMType.ALGORITHM, KMType.HMAC)); + short minMacLength = KMIntegerTag + .instance(KMType.UINT_TAG, KMType.MIN_MAC_LENGTH, KMInteger.uint_16((short) 256)); + KMArray.cast(arrPtr).add((short) 0, boolTag); + KMArray.cast(arrPtr).add((short) 1, keySize); + KMArray.cast(arrPtr).add((short) 2, digest); + KMArray.cast(arrPtr).add((short) 3, minMacLength); + KMArray.cast(arrPtr).add((short) 4, KMEnumTag.instance(KMType.ALGORITHM, KMType.HMAC)); short keyParams = KMKeyParameters.instance(arrPtr); short keyFormatPtr = KMEnum.instance(KMType.KEY_FORMAT, KMType.RAW); - short keyBlob = KMArray.instance((short)1); - KMArray.cast(keyBlob).add((short)0, KMByteBlob.instance(hmacKeySecret,(short)0,(short)16)); + short keyBlob = KMArray.instance((short) 1); + KMArray.cast(keyBlob).add((short) 0, KMByteBlob.instance(hmacKeySecret, (short) 0, (short) 16)); byte[] blob = new byte[256]; - short len = encoder.encode(keyBlob,blob,(short)0); - keyBlob = KMByteBlob.instance(blob, (short)0, len); - arrPtr = KMArray.instance((short)3); + short len = encoder.encode(keyBlob, blob, (short) 0); + keyBlob = KMByteBlob.instance(blob, (short) 0, len); + arrPtr = KMArray.instance((short) 3); KMArray arg = KMArray.cast(arrPtr); arg.add((short) 0, keyParams); - arg.add((short)1, keyFormatPtr); - arg.add((short)2, keyBlob); - CommandAPDU apdu = encodeApdu((byte)INS_IMPORT_KEY_CMD, arrPtr); + arg.add((short) 1, keyFormatPtr); + arg.add((short) 2, keyBlob); + CommandAPDU apdu = encodeApdu((byte) INS_IMPORT_KEY_CMD, arrPtr); // print(commandAPDU.getBytes()); ResponseAPDU response = simulator.transmitCommand(apdu); short ret = KMArray.instance((short) 3); KMArray.cast(ret).add((short) 0, KMInteger.exp()); - KMArray.cast(ret).add((short)1, KMByteBlob.exp()); + KMArray.cast(ret).add((short) 1, KMByteBlob.exp()); short inst = KMKeyCharacteristics.exp(); KMArray.cast(ret).add((short) 2, inst); byte[] respBuf = response.getBytes(); len = (short) respBuf.length; ret = decoder.decode(ret, respBuf, (short) 0, len); - short error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); - short keyBlobLength = KMByteBlob.cast(KMArray.cast(ret).get((short)1)).length(); - short keyCharacteristics = KMArray.cast(ret).get((short)2); + short error = KMInteger.cast(KMArray.cast(ret).get((short) 0)).getShort(); + short keyBlobLength = KMByteBlob.cast(KMArray.cast(ret).get((short) 1)).length(); + short keyCharacteristics = KMArray.cast(ret).get((short) 2); short hwParams = KMKeyCharacteristics.cast(keyCharacteristics).getHardwareEnforced(); short swParams = KMKeyCharacteristics.cast(keyCharacteristics).getSoftwareEnforced(); Assert.assertEquals(0x9000, response.getSW()); Assert.assertEquals(error, KMError.OK); short tag = KMKeyParameters.findTag(KMType.BOOL_TAG, KMType.NO_AUTH_REQUIRED, hwParams); - Assert.assertEquals(KMBoolTag.cast(tag).getVal(),0x01); + Assert.assertEquals(KMBoolTag.cast(tag).getVal(), 0x01); tag = KMKeyParameters.findTag(KMType.UINT_TAG, KMType.KEYSIZE, hwParams); Assert.assertEquals(KMInteger.cast(KMIntegerTag.cast(tag).getValue()).getShort(), 128); tag = KMKeyParameters.findTag(KMType.ENUM_ARRAY_TAG, KMType.DIGEST, hwParams); @@ -804,61 +813,64 @@ public void testHmacImportKeySuccess() { @Test public void testRsaImportKeySuccess() { init(); - byte[] pub = new byte[]{0x00,0x01,0x00,0x01}; + byte[] pub = new byte[]{0x00, 0x01, 0x00, 0x01}; byte[] mod = new byte[256]; byte[] priv = new byte[256]; short[] lengths = new short[2]; - cryptoProvider.createAsymmetricKey(KMType.RSA,priv,(short)0,(short)256,mod,(short)0, (short)256,lengths); - short arrPtr = KMArray.instance((short)6); + cryptoProvider + .createAsymmetricKey(KMType.RSA, priv, (short) 0, (short) 256, mod, (short) 0, (short) 256, + lengths); + short arrPtr = KMArray.instance((short) 6); short boolTag = KMBoolTag.instance(KMType.NO_AUTH_REQUIRED); - short keySize = KMIntegerTag.instance(KMType.UINT_TAG, KMType.KEYSIZE, KMInteger.uint_16((short)2048)); - short byteBlob = KMByteBlob.instance((short)1); - KMByteBlob.cast(byteBlob).add((short)0, KMType.SHA2_256); + short keySize = KMIntegerTag + .instance(KMType.UINT_TAG, KMType.KEYSIZE, KMInteger.uint_16((short) 2048)); + short byteBlob = KMByteBlob.instance((short) 1); + KMByteBlob.cast(byteBlob).add((short) 0, KMType.SHA2_256); short digest = KMEnumArrayTag.instance(KMType.DIGEST, byteBlob); - short rsaPubExpTag = KMIntegerTag.instance(KMType.ULONG_TAG,KMType.RSA_PUBLIC_EXPONENT, - KMInteger.uint_32(pub, (short)0)); - byteBlob = KMByteBlob.instance((short)1); - KMByteBlob.cast(byteBlob).add((short)0, KMType.RSA_PSS); + short rsaPubExpTag = KMIntegerTag.instance(KMType.ULONG_TAG, KMType.RSA_PUBLIC_EXPONENT, + KMInteger.uint_32(pub, (short) 0)); + byteBlob = KMByteBlob.instance((short) 1); + KMByteBlob.cast(byteBlob).add((short) 0, KMType.RSA_PSS); short padding = KMEnumArrayTag.instance(KMType.PADDING, byteBlob); - KMArray.cast(arrPtr).add((short)0, boolTag); - KMArray.cast(arrPtr).add((short)1, keySize); - KMArray.cast(arrPtr).add((short)2, digest); - KMArray.cast(arrPtr).add((short)3, rsaPubExpTag); - KMArray.cast(arrPtr).add((short)4, KMEnumTag.instance(KMType.ALGORITHM, KMType.RSA)); - KMArray.cast(arrPtr).add((short)5, padding); + KMArray.cast(arrPtr).add((short) 0, boolTag); + KMArray.cast(arrPtr).add((short) 1, keySize); + KMArray.cast(arrPtr).add((short) 2, digest); + KMArray.cast(arrPtr).add((short) 3, rsaPubExpTag); + KMArray.cast(arrPtr).add((short) 4, KMEnumTag.instance(KMType.ALGORITHM, KMType.RSA)); + KMArray.cast(arrPtr).add((short) 5, padding); short keyParams = KMKeyParameters.instance(arrPtr); short keyFormatPtr = KMEnum.instance(KMType.KEY_FORMAT, KMType.RAW);// Note: VTS uses PKCS8 - short keyBlob = KMArray.instance((short)2); - KMArray.cast(keyBlob).add((short)0, KMByteBlob.instance(priv,(short)0,(short)256)); - KMArray.cast(keyBlob).add((short)1, KMByteBlob.instance(mod,(short)0,(short)256)); + short keyBlob = KMArray.instance((short) 2); + KMArray.cast(keyBlob).add((short) 0, KMByteBlob.instance(priv, (short) 0, (short) 256)); + KMArray.cast(keyBlob).add((short) 1, KMByteBlob.instance(mod, (short) 0, (short) 256)); byte[] blob = new byte[620]; - short len = encoder.encode(keyBlob,blob,(short)0); - keyBlob = KMByteBlob.instance(blob, (short)0, len); - arrPtr = KMArray.instance((short)3); + short len = encoder.encode(keyBlob, blob, (short) 0); + keyBlob = KMByteBlob.instance(blob, (short) 0, len); + arrPtr = KMArray.instance((short) 3); KMArray arg = KMArray.cast(arrPtr); arg.add((short) 0, keyParams); - arg.add((short)1, keyFormatPtr); - arg.add((short)2, keyBlob); - CommandAPDU apdu = encodeApdu((byte)INS_IMPORT_KEY_CMD, arrPtr); + arg.add((short) 1, keyFormatPtr); + arg.add((short) 2, keyBlob); + CommandAPDU apdu = encodeApdu((byte) INS_IMPORT_KEY_CMD, arrPtr); // print(commandAPDU.getBytes()); ResponseAPDU response = simulator.transmitCommand(apdu); short ret = KMArray.instance((short) 3); KMArray.cast(ret).add((short) 0, KMInteger.exp()); - KMArray.cast(ret).add((short)1, KMByteBlob.exp()); + KMArray.cast(ret).add((short) 1, KMByteBlob.exp()); short inst = KMKeyCharacteristics.exp(); KMArray.cast(ret).add((short) 2, inst); byte[] respBuf = response.getBytes(); len = (short) respBuf.length; ret = decoder.decode(ret, respBuf, (short) 0, len); - short error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); - short keyBlobLength = KMByteBlob.cast(KMArray.cast(ret).get((short)1)).length(); - short keyCharacteristics = KMArray.cast(ret).get((short)2); + short error = KMInteger.cast(KMArray.cast(ret).get((short) 0)).getShort(); + short keyBlobLength = KMByteBlob.cast(KMArray.cast(ret).get((short) 1)).length(); + short keyCharacteristics = KMArray.cast(ret).get((short) 2); short hwParams = KMKeyCharacteristics.cast(keyCharacteristics).getHardwareEnforced(); short swParams = KMKeyCharacteristics.cast(keyCharacteristics).getSoftwareEnforced(); Assert.assertEquals(0x9000, response.getSW()); Assert.assertEquals(error, KMError.OK); short tag = KMKeyParameters.findTag(KMType.BOOL_TAG, KMType.NO_AUTH_REQUIRED, hwParams); - Assert.assertEquals(KMBoolTag.cast(tag).getVal(),0x01); + Assert.assertEquals(KMBoolTag.cast(tag).getVal(), 0x01); tag = KMKeyParameters.findTag(KMType.UINT_TAG, KMType.KEYSIZE, hwParams); Assert.assertEquals(KMInteger.cast(KMIntegerTag.cast(tag).getValue()).getShort(), 2048); tag = KMKeyParameters.findTag(KMType.ENUM_ARRAY_TAG, KMType.DIGEST, hwParams); @@ -866,7 +878,8 @@ public void testRsaImportKeySuccess() { tag = KMKeyParameters.findTag(KMType.ENUM_ARRAY_TAG, KMType.PADDING, hwParams); Assert.assertTrue(KMEnumArrayTag.cast(tag).contains(KMType.RSA_PSS)); tag = KMKeyParameters.findTag(KMType.ULONG_TAG, KMType.RSA_PUBLIC_EXPONENT, hwParams); - Assert.assertEquals(KMInteger.cast(KMIntegerTag.cast(tag).getValue()).getSignificantShort(), 0x01); + Assert.assertEquals(KMInteger.cast(KMIntegerTag.cast(tag).getValue()).getSignificantShort(), + 0x01); Assert.assertEquals(KMInteger.cast(KMIntegerTag.cast(tag).getValue()).getShort(), 0x01); tag = KMKeyParameters.findTag(KMType.ENUM_TAG, KMType.ALGORITHM, hwParams); Assert.assertEquals(KMEnumTag.cast(tag).getValue(), KMType.RSA); @@ -876,58 +889,61 @@ public void testRsaImportKeySuccess() { } @Test - public void testDeviceLocked(){ + public void testDeviceLocked() { init(); byte[] hmacKey = new byte[32]; - cryptoProvider.newRandomNumber(hmacKey,(short)0,(short)32); - KMRepository.instance().initComputedHmac(hmacKey,(short)0,(short)32); + cryptoProvider.newRandomNumber(hmacKey, (short) 0, (short) 32); + KMRepository.instance().initComputedHmac(hmacKey, (short) 0, (short) 32); // generate aes key with unlocked_device_required - short aesKey = generateAesDesKey(KMType.AES,(short)128,null,null, true); - short keyBlobPtr = KMArray.cast(aesKey).get((short)1); - byte[] keyBlob= new byte[KMByteBlob.cast(keyBlobPtr).length()]; + short aesKey = generateAesDesKey(KMType.AES, (short) 128, null, null, true); + short keyBlobPtr = KMArray.cast(aesKey).get((short) 1); + byte[] keyBlob = new byte[KMByteBlob.cast(keyBlobPtr).length()]; Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), - KMByteBlob.cast(keyBlobPtr).getStartOff(), - keyBlob,(short)0, (short)keyBlob.length); + KMByteBlob.cast(keyBlobPtr).getStartOff(), + keyBlob, (short) 0, (short) keyBlob.length); // encrypt something short inParams = getAesDesParams(KMType.AES, KMType.ECB, KMType.PKCS7, null); - byte[] plainData= "Hello World 123!".getBytes(); + byte[] plainData = "Hello World 123!".getBytes(); short ret = processMessage(plainData, - KMByteBlob.instance(keyBlob,(short)0, (short)keyBlob.length), - KMType.ENCRYPT, - KMKeyParameters.instance(inParams), - (short)0,null,false, false + KMByteBlob.instance(keyBlob, (short) 0, (short) keyBlob.length), + KMType.ENCRYPT, + KMKeyParameters.instance(inParams), + (short) 0, null, false, false ); - keyBlobPtr = KMArray.cast(ret).get((short)2); + keyBlobPtr = KMArray.cast(ret).get((short) 2); byte[] cipherData = new byte[KMByteBlob.cast(keyBlobPtr).length()]; - Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), KMByteBlob.cast(keyBlobPtr).getStartOff(), - cipherData,(short)0, (short)cipherData.length); + Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), + KMByteBlob.cast(keyBlobPtr).getStartOff(), + cipherData, (short) 0, (short) cipherData.length); // create verification token short verToken = KMVerificationToken.instance(); - KMVerificationToken.cast(verToken).setTimestamp(KMInteger.uint_16((short)1)); + KMVerificationToken.cast(verToken).setTimestamp(KMInteger.uint_16((short) 1)); verToken = signVerificationToken(verToken); // device locked request deviceLock(verToken); // decrypt should fail inParams = getAesDesParams(KMType.AES, KMType.ECB, KMType.PKCS7, null); short beginResp = begin(KMType.DECRYPT, - KMByteBlob.instance(keyBlob,(short)0, (short)keyBlob.length), KMKeyParameters.instance(inParams), (short)0); - Assert.assertEquals(beginResp,KMError.DEVICE_LOCKED); + KMByteBlob.instance(keyBlob, (short) 0, (short) keyBlob.length), + KMKeyParameters.instance(inParams), (short) 0); + Assert.assertEquals(beginResp, KMError.DEVICE_LOCKED); short hwToken = KMHardwareAuthToken.instance(); - KMHardwareAuthToken.cast(hwToken).setTimestamp(KMInteger.uint_16((byte)2)); - KMHardwareAuthToken.cast(hwToken).setHwAuthenticatorType(KMEnum.instance(KMType.USER_AUTH_TYPE, (byte)KMType.PASSWORD)); + KMHardwareAuthToken.cast(hwToken).setTimestamp(KMInteger.uint_16((byte) 2)); + KMHardwareAuthToken.cast(hwToken) + .setHwAuthenticatorType(KMEnum.instance(KMType.USER_AUTH_TYPE, (byte) KMType.PASSWORD)); inParams = getAesDesParams(KMType.AES, KMType.ECB, KMType.PKCS7, null); hwToken = signHwToken(hwToken); - ret = processMessage(cipherData, - KMByteBlob.instance(keyBlob,(short)0, (short)keyBlob.length), - KMType.DECRYPT, - KMKeyParameters.instance(inParams),hwToken,null,false, false + ret = processMessage(cipherData, + KMByteBlob.instance(keyBlob, (short) 0, (short) keyBlob.length), + KMType.DECRYPT, + KMKeyParameters.instance(inParams), hwToken, null, false, false ); - ret = KMArray.cast(ret).get((short)0); + ret = KMArray.cast(ret).get((short) 0); Assert.assertEquals(KMInteger.cast(ret).getShort(), KMError.OK); - cleanUp(); + cleanUp(); } - private short signHwToken(short hwToken){ + private short signHwToken(short hwToken) { short len = 0; byte[] scratchPad = new byte[256]; // add 0 @@ -936,17 +952,17 @@ private short signHwToken(short hwToken){ // concatenate challenge - 8 bytes short ptr = KMHardwareAuthToken.cast(hwToken).getChallenge(); KMInteger.cast(ptr) - .value(scratchPad, (short) (len + (short) (8 - KMInteger.cast(ptr).length()))); + .value(scratchPad, (short) (len + (short) (8 - KMInteger.cast(ptr).length()))); len += 8; // concatenate user id - 8 bytes ptr = KMHardwareAuthToken.cast(hwToken).getUserId(); KMInteger.cast(ptr) - .value(scratchPad, (short) (len + (short) (8 - KMInteger.cast(ptr).length()))); + .value(scratchPad, (short) (len + (short) (8 - KMInteger.cast(ptr).length()))); len += 8; // concatenate authenticator id - 8 bytes ptr = KMHardwareAuthToken.cast(hwToken).getAuthenticatorId(); KMInteger.cast(ptr) - .value(scratchPad, (short) (len + (short) (8 - KMInteger.cast(ptr).length()))); + .value(scratchPad, (short) (len + (short) (8 - KMInteger.cast(ptr).length()))); len += 8; // concatenate authenticator type - 4 bytes ptr = KMHardwareAuthToken.cast(hwToken).getHwAuthenticatorType(); @@ -955,7 +971,7 @@ private short signHwToken(short hwToken){ // concatenate timestamp -8 bytes ptr = KMHardwareAuthToken.cast(hwToken).getTimestamp(); KMInteger.cast(ptr) - .value(scratchPad, (short) (len + (short) (8 - KMInteger.cast(ptr).length()))); + .value(scratchPad, (short) (len + (short) (8 - KMInteger.cast(ptr).length()))); len += 8; // hmac the data /* HMACKey key = @@ -973,26 +989,28 @@ private short signHwToken(short hwToken){ (short)0); */ short key = KMRepository.instance().getComputedHmacKey(); - cryptoProvider.hmacSign( + cryptoProvider.hmacSign( KMByteBlob.cast(key).getBuffer(), KMByteBlob.cast(key).getStartOff(), KMByteBlob.cast(key).length(), scratchPad, (short) 0, len, mac, - (short)0); - KMHardwareAuthToken.cast(hwToken).setMac(KMByteBlob.instance(mac,(short)0,(short)mac.length)); + (short) 0); + KMHardwareAuthToken.cast(hwToken) + .setMac(KMByteBlob.instance(mac, (short) 0, (short) mac.length)); return hwToken; } + private void deviceLock(short verToken) { - short req = KMArray.instance((short)2); - KMArray.cast(req).add((short)0, KMInteger.uint_8((byte)1)); - KMArray.cast(req).add((short)1, verToken); - CommandAPDU apdu = encodeApdu((byte)INS_DEVICE_LOCKED_CMD,req); + short req = KMArray.instance((short) 2); + KMArray.cast(req).add((short) 0, KMInteger.uint_8((byte) 1)); + KMArray.cast(req).add((short) 1, verToken); + CommandAPDU apdu = encodeApdu((byte) INS_DEVICE_LOCKED_CMD, req); ResponseAPDU response = simulator.transmitCommand(apdu); short ret = KMArray.instance((short) 1); KMArray.cast(ret).add((short) 0, KMInteger.exp()); byte[] respBuf = response.getBytes(); - Assert.assertEquals(respBuf[0],KMError.OK); + Assert.assertEquals(respBuf[0], KMError.OK); } private short signVerificationToken(short verToken) { @@ -1003,17 +1021,17 @@ private short signVerificationToken(short verToken) { Util.arrayFillNonAtomic(scratchPad, (short) 0, (short) 256, (byte) 0); short params = KMVerificationToken.cast(verToken).getParametersVerified(); // Add "Auth Verification" - 17 bytes. - Util.arrayCopy(authVer,(short)0, scratchPad, (short)0, (short)authVer.length); - short len = (short)authVer.length; + Util.arrayCopy(authVer, (short) 0, scratchPad, (short) 0, (short) authVer.length); + short len = (short) authVer.length; // concatenate challenge - 8 bytes short ptr = KMVerificationToken.cast(verToken).getChallenge(); KMInteger.cast(ptr) - .value(scratchPad, (short) (len + (short) (8 - KMInteger.cast(ptr).length()))); + .value(scratchPad, (short) (len + (short) (8 - KMInteger.cast(ptr).length()))); len += 8; // concatenate timestamp -8 bytes ptr = KMVerificationToken.cast(verToken).getTimestamp(); KMInteger.cast(ptr) - .value(scratchPad, (short) (len + (short) (8 - KMInteger.cast(ptr).length()))); + .value(scratchPad, (short) (len + (short) (8 - KMInteger.cast(ptr).length()))); len += 8; // concatenate security level - 4 bytes ptr = KMVerificationToken.cast(verToken).getSecurityLevel(); @@ -1040,13 +1058,14 @@ private short signVerificationToken(short verToken) { (short)0); */ short key = KMRepository.instance().getComputedHmacKey(); - cryptoProvider.hmacSign(KMByteBlob.cast(key).getBuffer(), + cryptoProvider.hmacSign(KMByteBlob.cast(key).getBuffer(), KMByteBlob.cast(key).getStartOff(), KMByteBlob.cast(key).length(), scratchPad, (short) 0, len, mac, - (short)0); - KMVerificationToken.cast(verToken).setMac(KMByteBlob.instance(mac,(short)0,(short)mac.length)); + (short) 0); + KMVerificationToken.cast(verToken) + .setMac(KMByteBlob.instance(mac, (short) 0, (short) mac.length)); return verToken; } @@ -1056,55 +1075,58 @@ public void testEcImportKeySuccess() { byte[] pub = new byte[128]; byte[] priv = new byte[128]; short[] lengths = new short[2]; - cryptoProvider.createAsymmetricKey(KMType.EC,priv,(short)0,(short)128,pub,(short)0, (short)128,lengths); - short pubBlob = KMByteBlob.instance(pub,(short)0,lengths[1]); - short privBlob = KMByteBlob.instance(priv,(short)0,lengths[0]); - short arrPtr = KMArray.instance((short)5); + cryptoProvider + .createAsymmetricKey(KMType.EC, priv, (short) 0, (short) 128, pub, (short) 0, (short) 128, + lengths); + short pubBlob = KMByteBlob.instance(pub, (short) 0, lengths[1]); + short privBlob = KMByteBlob.instance(priv, (short) 0, lengths[0]); + short arrPtr = KMArray.instance((short) 5); short boolTag = KMBoolTag.instance(KMType.NO_AUTH_REQUIRED); - short keySize = KMIntegerTag.instance(KMType.UINT_TAG, KMType.KEYSIZE, KMInteger.uint_16((short)256)); - short byteBlob = KMByteBlob.instance((short)1); - KMByteBlob.cast(byteBlob).add((short)0, KMType.SHA2_256); + short keySize = KMIntegerTag + .instance(KMType.UINT_TAG, KMType.KEYSIZE, KMInteger.uint_16((short) 256)); + short byteBlob = KMByteBlob.instance((short) 1); + KMByteBlob.cast(byteBlob).add((short) 0, KMType.SHA2_256); short digest = KMEnumArrayTag.instance(KMType.DIGEST, byteBlob); short ecCurve = KMEnumTag.instance(KMType.ECCURVE, KMType.P_256); - KMArray.cast(arrPtr).add((short)0, boolTag); - KMArray.cast(arrPtr).add((short)1, keySize); - KMArray.cast(arrPtr).add((short)2, digest); - KMArray.cast(arrPtr).add((short)3, ecCurve); - KMArray.cast(arrPtr).add((short)4, KMEnumTag.instance(KMType.ALGORITHM, KMType.EC)); + KMArray.cast(arrPtr).add((short) 0, boolTag); + KMArray.cast(arrPtr).add((short) 1, keySize); + KMArray.cast(arrPtr).add((short) 2, digest); + KMArray.cast(arrPtr).add((short) 3, ecCurve); + KMArray.cast(arrPtr).add((short) 4, KMEnumTag.instance(KMType.ALGORITHM, KMType.EC)); short keyParams = KMKeyParameters.instance(arrPtr); short keyFormatPtr = KMEnum.instance(KMType.KEY_FORMAT, KMType.RAW);// Note: VTS uses PKCS8 - short keyBlob = KMArray.instance((short)2); - KMArray.cast(keyBlob).add((short)0, privBlob); - KMArray.cast(keyBlob).add((short)1, pubBlob); + short keyBlob = KMArray.instance((short) 2); + KMArray.cast(keyBlob).add((short) 0, privBlob); + KMArray.cast(keyBlob).add((short) 1, pubBlob); byte[] blob = new byte[128]; - short len = encoder.encode(keyBlob,blob,(short)0); - keyBlob = KMByteBlob.instance(blob, (short)0, len); - arrPtr = KMArray.instance((short)3); + short len = encoder.encode(keyBlob, blob, (short) 0); + keyBlob = KMByteBlob.instance(blob, (short) 0, len); + arrPtr = KMArray.instance((short) 3); KMArray arg = KMArray.cast(arrPtr); arg.add((short) 0, keyParams); - arg.add((short)1, keyFormatPtr); - arg.add((short)2, keyBlob); - CommandAPDU apdu = encodeApdu((byte)INS_IMPORT_KEY_CMD, arrPtr); + arg.add((short) 1, keyFormatPtr); + arg.add((short) 2, keyBlob); + CommandAPDU apdu = encodeApdu((byte) INS_IMPORT_KEY_CMD, arrPtr); // print(commandAPDU.getBytes()); ResponseAPDU response = simulator.transmitCommand(apdu); short ret = KMArray.instance((short) 3); KMArray.cast(ret).add((short) 0, KMInteger.exp()); - KMArray.cast(ret).add((short)1, KMByteBlob.exp()); + KMArray.cast(ret).add((short) 1, KMByteBlob.exp()); short inst = KMKeyCharacteristics.exp(); KMArray.cast(ret).add((short) 2, inst); byte[] respBuf = response.getBytes(); len = (short) respBuf.length; ret = decoder.decode(ret, respBuf, (short) 0, len); - short error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); - short keyBlobLength = KMByteBlob.cast(KMArray.cast(ret).get((short)1)).length(); - short blobArr = extractKeyBlobArray(KMArray.cast(ret).get((short)1)); - short keyCharacteristics = KMArray.cast(ret).get((short)2); + short error = KMInteger.cast(KMArray.cast(ret).get((short) 0)).getShort(); + short keyBlobLength = KMByteBlob.cast(KMArray.cast(ret).get((short) 1)).length(); + short blobArr = extractKeyBlobArray(KMArray.cast(ret).get((short) 1)); + short keyCharacteristics = KMArray.cast(ret).get((short) 2); short hwParams = KMKeyCharacteristics.cast(keyCharacteristics).getHardwareEnforced(); short swParams = KMKeyCharacteristics.cast(keyCharacteristics).getSoftwareEnforced(); Assert.assertEquals(0x9000, response.getSW()); Assert.assertEquals(error, KMError.OK); short tag = KMKeyParameters.findTag(KMType.BOOL_TAG, KMType.NO_AUTH_REQUIRED, hwParams); - Assert.assertEquals(KMBoolTag.cast(tag).getVal(),0x01); + Assert.assertEquals(KMBoolTag.cast(tag).getVal(), 0x01); tag = KMKeyParameters.findTag(KMType.UINT_TAG, KMType.KEYSIZE, hwParams); Assert.assertEquals(KMInteger.cast(KMIntegerTag.cast(tag).getValue()).getShort(), 256); tag = KMKeyParameters.findTag(KMType.ENUM_ARRAY_TAG, KMType.DIGEST, hwParams); @@ -1127,27 +1149,27 @@ private short extractKeyBlobArray(byte[] buf, short off, short buflen) { KMArray.cast(ret).add(KMKeymasterApplet.KEY_BLOB_KEYCHAR, ptr); KMArray.cast(ret).add(KMKeymasterApplet.KEY_BLOB_PUB_KEY, KMByteBlob.exp()); ret = - decoder.decodeArray( - ret, - buf, off, buflen); + decoder.decodeArray( + ret, + buf, off, buflen); short len = KMArray.cast(ret).length(); - ptr = KMArray.cast(ret).get((short)4); + ptr = KMArray.cast(ret).get((short) 4); // print(KMByteBlob.cast(ptr).getBuffer(),KMByteBlob.cast(ptr).getStartOff(),KMByteBlob.cast(ptr).length()); return ret; } private short extractKeyBlobArray(short keyBlob) { return extractKeyBlobArray(KMByteBlob.cast(keyBlob).getBuffer(), KMByteBlob - .cast(keyBlob).getStartOff(), KMByteBlob.cast(keyBlob).length()); + .cast(keyBlob).getStartOff(), KMByteBlob.cast(keyBlob).length()); } @Test public void testRsaGenerateKeySuccess() { init(); short ret = generateRsaKey(null, null); - short error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); - short keyBlobLength = KMByteBlob.cast(KMArray.cast(ret).get((short)1)).length(); - short keyCharacteristics = KMArray.cast(ret).get((short)2); + short error = KMInteger.cast(KMArray.cast(ret).get((short) 0)).getShort(); + short keyBlobLength = KMByteBlob.cast(KMArray.cast(ret).get((short) 1)).length(); + short keyCharacteristics = KMArray.cast(ret).get((short) 2); short hwParams = KMKeyCharacteristics.cast(keyCharacteristics).getHardwareEnforced(); short swParams = KMKeyCharacteristics.cast(keyCharacteristics).getSoftwareEnforced(); Assert.assertEquals(error, KMError.OK); @@ -1158,7 +1180,8 @@ public void testRsaGenerateKeySuccess() { tag = KMKeyParameters.findTag(KMType.ENUM_ARRAY_TAG, KMType.PADDING, hwParams); Assert.assertTrue(KMEnumArrayTag.cast(tag).contains(KMType.RSA_PKCS1_1_5_ENCRYPT)); tag = KMKeyParameters.findTag(KMType.ULONG_TAG, KMType.RSA_PUBLIC_EXPONENT, hwParams); - Assert.assertEquals(KMInteger.cast(KMIntegerTag.cast(tag).getValue()).getSignificantShort(), 0x01); + Assert.assertEquals(KMInteger.cast(KMIntegerTag.cast(tag).getValue()).getSignificantShort(), + 0x01); Assert.assertEquals(KMInteger.cast(KMIntegerTag.cast(tag).getValue()).getShort(), 0x01); tag = KMKeyParameters.findTag(KMType.ENUM_TAG, KMType.ALGORITHM, hwParams); Assert.assertEquals(KMEnumTag.cast(tag).getValue(), KMType.RSA); @@ -1167,34 +1190,40 @@ public void testRsaGenerateKeySuccess() { cleanUp(); } - private short generateRsaKey(byte[] clientId, byte[] appData){ - byte[] activeAndCreationDateTime = {0,0,0x01,0x73,0x51,0x7C,(byte)0xCC,0x00}; + private short generateRsaKey(byte[] clientId, byte[] appData) { + byte[] activeAndCreationDateTime = {0, 0, 0x01, 0x73, 0x51, 0x7C, (byte) 0xCC, 0x00}; short tagCount = 11; - if(clientId != null) tagCount++; - if(appData != null) tagCount++; + if (clientId != null) { + tagCount++; + } + if (appData != null) { + tagCount++; + } short arrPtr = KMArray.instance(tagCount); - short keySize = KMIntegerTag.instance(KMType.UINT_TAG, KMType.KEYSIZE, KMInteger.uint_16((short)2048)); - short byteBlob = KMByteBlob.instance((short)3); - KMByteBlob.cast(byteBlob).add((short)0, KMType.DIGEST_NONE); - KMByteBlob.cast(byteBlob).add((short)1, KMType.SHA2_256); - KMByteBlob.cast(byteBlob).add((short)2, KMType.SHA1); + short keySize = KMIntegerTag + .instance(KMType.UINT_TAG, KMType.KEYSIZE, KMInteger.uint_16((short) 2048)); + short byteBlob = KMByteBlob.instance((short) 3); + KMByteBlob.cast(byteBlob).add((short) 0, KMType.DIGEST_NONE); + KMByteBlob.cast(byteBlob).add((short) 1, KMType.SHA2_256); + KMByteBlob.cast(byteBlob).add((short) 2, KMType.SHA1); short digest = KMEnumArrayTag.instance(KMType.DIGEST, byteBlob); - byteBlob = KMByteBlob.instance((short)5); - KMByteBlob.cast(byteBlob).add((short)0, KMType.RSA_PKCS1_1_5_ENCRYPT); - KMByteBlob.cast(byteBlob).add((short)1, KMType.RSA_PKCS1_1_5_SIGN); - KMByteBlob.cast(byteBlob).add((short)2, KMType.RSA_OAEP); - KMByteBlob.cast(byteBlob).add((short)3, KMType.RSA_PSS); - KMByteBlob.cast(byteBlob).add((short)4, KMType.PADDING_NONE); + byteBlob = KMByteBlob.instance((short) 5); + KMByteBlob.cast(byteBlob).add((short) 0, KMType.RSA_PKCS1_1_5_ENCRYPT); + KMByteBlob.cast(byteBlob).add((short) 1, KMType.RSA_PKCS1_1_5_SIGN); + KMByteBlob.cast(byteBlob).add((short) 2, KMType.RSA_OAEP); + KMByteBlob.cast(byteBlob).add((short) 3, KMType.RSA_PSS); + KMByteBlob.cast(byteBlob).add((short) 4, KMType.PADDING_NONE); short padding = KMEnumArrayTag.instance(KMType.PADDING, byteBlob); - byteBlob = KMByteBlob.instance((short)5); - KMByteBlob.cast(byteBlob).add((short)0, KMType.SIGN); - KMByteBlob.cast(byteBlob).add((short)1, KMType.VERIFY); - KMByteBlob.cast(byteBlob).add((short)2, KMType.ENCRYPT); - KMByteBlob.cast(byteBlob).add((short)3, KMType.DECRYPT); - KMByteBlob.cast(byteBlob).add((short)4, KMType.WRAP_KEY); + byteBlob = KMByteBlob.instance((short) 5); + KMByteBlob.cast(byteBlob).add((short) 0, KMType.SIGN); + KMByteBlob.cast(byteBlob).add((short) 1, KMType.VERIFY); + KMByteBlob.cast(byteBlob).add((short) 2, KMType.ENCRYPT); + KMByteBlob.cast(byteBlob).add((short) 3, KMType.DECRYPT); + KMByteBlob.cast(byteBlob).add((short) 4, KMType.WRAP_KEY); short purpose = KMEnumArrayTag.instance(KMType.PURPOSE, byteBlob); - byte[] pub = {0,1,0,1}; - short rsaPubExpTag = KMIntegerTag.instance(KMType.ULONG_TAG,KMType.RSA_PUBLIC_EXPONENT, KMInteger.uint_32(pub, (short)0)); + byte[] pub = {0, 1, 0, 1}; + short rsaPubExpTag = KMIntegerTag + .instance(KMType.ULONG_TAG, KMType.RSA_PUBLIC_EXPONENT, KMInteger.uint_32(pub, (short) 0)); short boolTag = KMBoolTag.instance(KMType.NO_AUTH_REQUIRED); short tagIndex = 0; KMArray.cast(arrPtr).add(tagIndex++, purpose); @@ -1206,25 +1235,33 @@ private short generateRsaKey(byte[] clientId, byte[] appData){ KMArray.cast(arrPtr).add(tagIndex++, rsaPubExpTag); KMArray.cast(arrPtr).add(tagIndex++, KMEnumTag.instance(KMType.ALGORITHM, KMType.RSA)); KMArray.cast(arrPtr).add(tagIndex++, padding); - short dateTag = KMInteger.uint_64(activeAndCreationDateTime,(short)0); - KMArray.cast(arrPtr).add(tagIndex++, KMIntegerTag.instance(KMType.DATE_TAG,KMType.ACTIVE_DATETIME,dateTag)); - KMArray.cast(arrPtr).add(tagIndex++, KMIntegerTag.instance(KMType.DATE_TAG,KMType.CREATION_DATETIME,dateTag)); - - if(clientId != null)KMArray.cast(arrPtr).add(tagIndex++, - KMByteTag.instance(KMType.APPLICATION_ID, KMByteBlob.instance(clientId,(short)0,(short)clientId.length))); - if(appData != null)KMArray.cast(arrPtr).add(tagIndex++, - KMByteTag.instance(KMType.APPLICATION_DATA, KMByteBlob.instance(appData,(short)0,(short)appData.length))); + short dateTag = KMInteger.uint_64(activeAndCreationDateTime, (short) 0); + KMArray.cast(arrPtr) + .add(tagIndex++, KMIntegerTag.instance(KMType.DATE_TAG, KMType.ACTIVE_DATETIME, dateTag)); + KMArray.cast(arrPtr) + .add(tagIndex++, KMIntegerTag.instance(KMType.DATE_TAG, KMType.CREATION_DATETIME, dateTag)); + + if (clientId != null) { + KMArray.cast(arrPtr).add(tagIndex++, + KMByteTag.instance(KMType.APPLICATION_ID, + KMByteBlob.instance(clientId, (short) 0, (short) clientId.length))); + } + if (appData != null) { + KMArray.cast(arrPtr).add(tagIndex++, + KMByteTag.instance(KMType.APPLICATION_DATA, + KMByteBlob.instance(appData, (short) 0, (short) appData.length))); + } short keyParams = KMKeyParameters.instance(arrPtr); - arrPtr = KMArray.instance((short)1); + arrPtr = KMArray.instance((short) 1); KMArray arg = KMArray.cast(arrPtr); arg.add((short) 0, keyParams); - CommandAPDU apdu = encodeApdu((byte)INS_GENERATE_KEY_CMD, arrPtr); + CommandAPDU apdu = encodeApdu((byte) INS_GENERATE_KEY_CMD, arrPtr); // print(commandAPDU.getBytes()); ResponseAPDU response = simulator.transmitCommand(apdu); Assert.assertEquals(0x9000, response.getSW()); short ret = KMArray.instance((short) 3); KMArray.cast(ret).add((short) 0, KMInteger.exp()); - KMArray.cast(ret).add((short)1, KMByteBlob.exp()); + KMArray.cast(ret).add((short) 1, KMByteBlob.exp()); short inst = KMKeyCharacteristics.exp(); KMArray.cast(ret).add((short) 2, inst); byte[] respBuf = response.getBytes(); @@ -1233,25 +1270,27 @@ private short generateRsaKey(byte[] clientId, byte[] appData){ return ret; } - private short generateAttestationKey(){ + private short generateAttestationKey() { // 15th July 2020 00.00.00 - byte[] activeAndCreationDateTime = {0,0,0x01,0x73,0x51,0x7C,(byte)0xCC,0x00}; + byte[] activeAndCreationDateTime = {0, 0, 0x01, 0x73, 0x51, 0x7C, (byte) 0xCC, 0x00}; short tagCount = 11; short arrPtr = KMArray.instance(tagCount); - short keySize = KMIntegerTag.instance(KMType.UINT_TAG, KMType.KEYSIZE, KMInteger.uint_16((short)2048)); - short byteBlob = KMByteBlob.instance((short)3); - KMByteBlob.cast(byteBlob).add((short)0, KMType.DIGEST_NONE); - KMByteBlob.cast(byteBlob).add((short)1, KMType.SHA2_256); - KMByteBlob.cast(byteBlob).add((short)2, KMType.SHA1); + short keySize = KMIntegerTag + .instance(KMType.UINT_TAG, KMType.KEYSIZE, KMInteger.uint_16((short) 2048)); + short byteBlob = KMByteBlob.instance((short) 3); + KMByteBlob.cast(byteBlob).add((short) 0, KMType.DIGEST_NONE); + KMByteBlob.cast(byteBlob).add((short) 1, KMType.SHA2_256); + KMByteBlob.cast(byteBlob).add((short) 2, KMType.SHA1); short digest = KMEnumArrayTag.instance(KMType.DIGEST, byteBlob); - byteBlob = KMByteBlob.instance((short)1); - KMByteBlob.cast(byteBlob).add((short)0, KMType.RSA_PKCS1_1_5_SIGN); + byteBlob = KMByteBlob.instance((short) 1); + KMByteBlob.cast(byteBlob).add((short) 0, KMType.RSA_PKCS1_1_5_SIGN); short padding = KMEnumArrayTag.instance(KMType.PADDING, byteBlob); - byteBlob = KMByteBlob.instance((short)1); - KMByteBlob.cast(byteBlob).add((short)0, KMType.ATTEST_KEY); + byteBlob = KMByteBlob.instance((short) 1); + KMByteBlob.cast(byteBlob).add((short) 0, KMType.ATTEST_KEY); short purpose = KMEnumArrayTag.instance(KMType.PURPOSE, byteBlob); - byte[] pub = {0,1,0,1}; - short rsaPubExpTag = KMIntegerTag.instance(KMType.ULONG_TAG,KMType.RSA_PUBLIC_EXPONENT, KMInteger.uint_32(pub, (short)0)); + byte[] pub = {0, 1, 0, 1}; + short rsaPubExpTag = KMIntegerTag + .instance(KMType.ULONG_TAG, KMType.RSA_PUBLIC_EXPONENT, KMInteger.uint_32(pub, (short) 0)); short boolTag = KMBoolTag.instance(KMType.NO_AUTH_REQUIRED); short tagIndex = 0; KMArray.cast(arrPtr).add(tagIndex++, purpose); @@ -1264,20 +1303,22 @@ private short generateAttestationKey(){ KMArray.cast(arrPtr).add(tagIndex++, rsaPubExpTag); KMArray.cast(arrPtr).add(tagIndex++, KMEnumTag.instance(KMType.ALGORITHM, KMType.RSA)); KMArray.cast(arrPtr).add(tagIndex++, padding); - short dateTag = KMInteger.uint_64(activeAndCreationDateTime,(short)0); - KMArray.cast(arrPtr).add(tagIndex++, KMIntegerTag.instance(KMType.ULONG_TAG,KMType.ACTIVE_DATETIME,dateTag)); - KMArray.cast(arrPtr).add(tagIndex++, KMIntegerTag.instance(KMType.ULONG_TAG,KMType.CREATION_DATETIME,dateTag)); + short dateTag = KMInteger.uint_64(activeAndCreationDateTime, (short) 0); + KMArray.cast(arrPtr) + .add(tagIndex++, KMIntegerTag.instance(KMType.ULONG_TAG, KMType.ACTIVE_DATETIME, dateTag)); + KMArray.cast(arrPtr).add(tagIndex++, + KMIntegerTag.instance(KMType.ULONG_TAG, KMType.CREATION_DATETIME, dateTag)); short keyParams = KMKeyParameters.instance(arrPtr); - arrPtr = KMArray.instance((short)1); + arrPtr = KMArray.instance((short) 1); KMArray arg = KMArray.cast(arrPtr); arg.add((short) 0, keyParams); - CommandAPDU apdu = encodeApdu((byte)INS_GENERATE_KEY_CMD, arrPtr); + CommandAPDU apdu = encodeApdu((byte) INS_GENERATE_KEY_CMD, arrPtr); // print(commandAPDU.getBytes()); ResponseAPDU response = simulator.transmitCommand(apdu); Assert.assertEquals(0x9000, response.getSW()); short ret = KMArray.instance((short) 3); KMArray.cast(ret).add((short) 0, KMInteger.exp()); - KMArray.cast(ret).add((short)1, KMByteBlob.exp()); + KMArray.cast(ret).add((short) 1, KMByteBlob.exp()); short inst = KMKeyCharacteristics.exp(); KMArray.cast(ret).add((short) 2, inst); byte[] respBuf = response.getBytes(); @@ -1290,9 +1331,9 @@ private short generateAttestationKey(){ public void testEcGenerateKeySuccess() { init(); short ret = generateEcKey(null, null); - short error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); - short keyBlobLength = KMByteBlob.cast(KMArray.cast(ret).get((short)1)).length(); - short keyCharacteristics = KMArray.cast(ret).get((short)2); + short error = KMInteger.cast(KMArray.cast(ret).get((short) 0)).getShort(); + short keyBlobLength = KMByteBlob.cast(KMArray.cast(ret).get((short) 1)).length(); + short keyCharacteristics = KMArray.cast(ret).get((short) 2); short hwParams = KMKeyCharacteristics.cast(keyCharacteristics).getHardwareEnforced(); short swParams = KMKeyCharacteristics.cast(keyCharacteristics).getSoftwareEnforced(); Assert.assertEquals(error, KMError.OK); @@ -1306,20 +1347,26 @@ public void testEcGenerateKeySuccess() { Assert.assertEquals(KMEnumTag.cast(tag).getValue(), KMType.GENERATED); cleanUp(); } + public short generateEcKey(byte[] clientId, byte[] appData) { - byte[] activeAndCreationDateTime = {0,0,0x01,0x73,0x51,0x7C,(byte)0xCC,0x00}; + byte[] activeAndCreationDateTime = {0, 0, 0x01, 0x73, 0x51, 0x7C, (byte) 0xCC, 0x00}; short tagCount = 6; - if(clientId != null) tagCount++; - if(appData != null) tagCount++; + if (clientId != null) { + tagCount++; + } + if (appData != null) { + tagCount++; + } short arrPtr = KMArray.instance(tagCount); - short keySize = KMIntegerTag.instance(KMType.UINT_TAG, KMType.KEYSIZE, KMInteger.uint_16((short)256)); - short byteBlob = KMByteBlob.instance((short)2); - KMByteBlob.cast(byteBlob).add((short)0, KMType.DIGEST_NONE); - KMByteBlob.cast(byteBlob).add((short)1, KMType.SHA2_256); + short keySize = KMIntegerTag + .instance(KMType.UINT_TAG, KMType.KEYSIZE, KMInteger.uint_16((short) 256)); + short byteBlob = KMByteBlob.instance((short) 2); + KMByteBlob.cast(byteBlob).add((short) 0, KMType.DIGEST_NONE); + KMByteBlob.cast(byteBlob).add((short) 1, KMType.SHA2_256); short digest = KMEnumArrayTag.instance(KMType.DIGEST, byteBlob); - byteBlob = KMByteBlob.instance((short)2); - KMByteBlob.cast(byteBlob).add((short)0, KMType.SIGN); - KMByteBlob.cast(byteBlob).add((short)1, KMType.VERIFY); + byteBlob = KMByteBlob.instance((short) 2); + KMByteBlob.cast(byteBlob).add((short) 0, KMType.SIGN); + KMByteBlob.cast(byteBlob).add((short) 1, KMType.VERIFY); short purpose = KMEnumArrayTag.instance(KMType.PURPOSE, byteBlob); short boolTag = KMBoolTag.instance(KMType.NO_AUTH_REQUIRED); short tagIndex = 0; @@ -1328,23 +1375,30 @@ public short generateEcKey(byte[] clientId, byte[] appData) { KMArray.cast(arrPtr).add(tagIndex++, keySize); KMArray.cast(arrPtr).add(tagIndex++, digest); KMArray.cast(arrPtr).add(tagIndex++, KMEnumTag.instance(KMType.ALGORITHM, KMType.EC)); - short dateTag = KMInteger.uint_64(activeAndCreationDateTime,(short)0); - KMArray.cast(arrPtr).add(tagIndex++, KMIntegerTag.instance(KMType.DATE_TAG,KMType.CREATION_DATETIME,dateTag)); - if(clientId != null)KMArray.cast(arrPtr).add(tagIndex++, - KMByteTag.instance(KMType.APPLICATION_ID, KMByteBlob.instance(clientId,(short)0,(short)clientId.length))); - if(appData != null)KMArray.cast(arrPtr).add(tagIndex++, - KMByteTag.instance(KMType.APPLICATION_DATA, KMByteBlob.instance(appData,(short)0,(short)appData.length))); + short dateTag = KMInteger.uint_64(activeAndCreationDateTime, (short) 0); + KMArray.cast(arrPtr) + .add(tagIndex++, KMIntegerTag.instance(KMType.DATE_TAG, KMType.CREATION_DATETIME, dateTag)); + if (clientId != null) { + KMArray.cast(arrPtr).add(tagIndex++, + KMByteTag.instance(KMType.APPLICATION_ID, + KMByteBlob.instance(clientId, (short) 0, (short) clientId.length))); + } + if (appData != null) { + KMArray.cast(arrPtr).add(tagIndex++, + KMByteTag.instance(KMType.APPLICATION_DATA, + KMByteBlob.instance(appData, (short) 0, (short) appData.length))); + } short keyParams = KMKeyParameters.instance(arrPtr); - arrPtr = KMArray.instance((short)1); + arrPtr = KMArray.instance((short) 1); KMArray arg = KMArray.cast(arrPtr); arg.add((short) 0, keyParams); - CommandAPDU apdu = encodeApdu((byte)INS_GENERATE_KEY_CMD, arrPtr); + CommandAPDU apdu = encodeApdu((byte) INS_GENERATE_KEY_CMD, arrPtr); // print(commandAPDU.getBytes()); ResponseAPDU response = simulator.transmitCommand(apdu); Assert.assertEquals(0x9000, response.getSW()); short ret = KMArray.instance((short) 3); KMArray.cast(ret).add((short) 0, KMInteger.exp()); - KMArray.cast(ret).add((short)1, KMByteBlob.exp()); + KMArray.cast(ret).add((short) 1, KMByteBlob.exp()); short inst = KMKeyCharacteristics.exp(); KMArray.cast(ret).add((short) 2, inst); byte[] respBuf = response.getBytes(); @@ -1357,9 +1411,9 @@ public short generateEcKey(byte[] clientId, byte[] appData) { public void testHmacGenerateKeySuccess() { init(); short ret = generateHmacKey(null, null); - short error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); - short keyBlobLength = KMByteBlob.cast(KMArray.cast(ret).get((short)1)).length(); - short keyCharacteristics = KMArray.cast(ret).get((short)2); + short error = KMInteger.cast(KMArray.cast(ret).get((short) 0)).getShort(); + short keyBlobLength = KMByteBlob.cast(KMArray.cast(ret).get((short) 1)).length(); + short keyCharacteristics = KMArray.cast(ret).get((short) 2); short hwParams = KMKeyCharacteristics.cast(keyCharacteristics).getHardwareEnforced(); short swParams = KMKeyCharacteristics.cast(keyCharacteristics).getSoftwareEnforced(); Assert.assertEquals(error, KMError.OK); @@ -1375,21 +1429,28 @@ public void testHmacGenerateKeySuccess() { Assert.assertEquals(KMEnumTag.cast(tag).getValue(), KMType.GENERATED); cleanUp(); } - public short generateHmacKey(byte[] clientId, byte[] appData){ + + public short generateHmacKey(byte[] clientId, byte[] appData) { short tagCount = 6; - if(clientId != null) tagCount++; - if(appData != null) tagCount++; + if (clientId != null) { + tagCount++; + } + if (appData != null) { + tagCount++; + } short arrPtr = KMArray.instance(tagCount); - short keySize = KMIntegerTag.instance(KMType.UINT_TAG, KMType.KEYSIZE, KMInteger.uint_16((short)128)); - short byteBlob = KMByteBlob.instance((short)1); - KMByteBlob.cast(byteBlob).add((short)0, KMType.SHA2_256); + short keySize = KMIntegerTag + .instance(KMType.UINT_TAG, KMType.KEYSIZE, KMInteger.uint_16((short) 128)); + short byteBlob = KMByteBlob.instance((short) 1); + KMByteBlob.cast(byteBlob).add((short) 0, KMType.SHA2_256); short digest = KMEnumArrayTag.instance(KMType.DIGEST, byteBlob); - byteBlob = KMByteBlob.instance((short)2); - KMByteBlob.cast(byteBlob).add((short)0, KMType.SIGN); - KMByteBlob.cast(byteBlob).add((short)1, KMType.VERIFY); + byteBlob = KMByteBlob.instance((short) 2); + KMByteBlob.cast(byteBlob).add((short) 0, KMType.SIGN); + KMByteBlob.cast(byteBlob).add((short) 1, KMType.VERIFY); short purpose = KMEnumArrayTag.instance(KMType.PURPOSE, byteBlob); short boolTag = KMBoolTag.instance(KMType.NO_AUTH_REQUIRED); - short minMacLen = KMIntegerTag.instance(KMType.UINT_TAG, KMType.MIN_MAC_LENGTH, KMInteger.uint_16((short)/*256*/160)); + short minMacLen = KMIntegerTag + .instance(KMType.UINT_TAG, KMType.MIN_MAC_LENGTH, KMInteger.uint_16((short)/*256*/160)); short tagIndex = 0; KMArray.cast(arrPtr).add(tagIndex++, minMacLen); KMArray.cast(arrPtr).add(tagIndex++, purpose); @@ -1397,50 +1458,65 @@ public short generateHmacKey(byte[] clientId, byte[] appData){ KMArray.cast(arrPtr).add(tagIndex++, keySize); KMArray.cast(arrPtr).add(tagIndex++, digest); KMArray.cast(arrPtr).add(tagIndex++, KMEnumTag.instance(KMType.ALGORITHM, KMType.HMAC)); - if(clientId != null)KMArray.cast(arrPtr).add(tagIndex++, - KMByteTag.instance(KMType.APPLICATION_ID, KMByteBlob.instance(clientId,(short)0,(short)clientId.length))); - if(appData != null)KMArray.cast(arrPtr).add(tagIndex++, - KMByteTag.instance(KMType.APPLICATION_DATA, KMByteBlob.instance(appData,(short)0,(short)appData.length))); + if (clientId != null) { + KMArray.cast(arrPtr).add(tagIndex++, + KMByteTag.instance(KMType.APPLICATION_ID, + KMByteBlob.instance(clientId, (short) 0, (short) clientId.length))); + } + if (appData != null) { + KMArray.cast(arrPtr).add(tagIndex++, + KMByteTag.instance(KMType.APPLICATION_DATA, + KMByteBlob.instance(appData, (short) 0, (short) appData.length))); + } short keyParams = KMKeyParameters.instance(arrPtr); - arrPtr = KMArray.instance((short)1); + arrPtr = KMArray.instance((short) 1); KMArray arg = KMArray.cast(arrPtr); arg.add((short) 0, keyParams); - CommandAPDU apdu = encodeApdu((byte)INS_GENERATE_KEY_CMD, arrPtr); + CommandAPDU apdu = encodeApdu((byte) INS_GENERATE_KEY_CMD, arrPtr); // print(commandAPDU.getBytes()); ResponseAPDU response = simulator.transmitCommand(apdu); short ret = KMArray.instance((short) 3); KMArray.cast(ret).add((short) 0, KMInteger.exp()); - KMArray.cast(ret).add((short)1, KMByteBlob.exp()); + KMArray.cast(ret).add((short) 1, KMByteBlob.exp()); short inst = KMKeyCharacteristics.exp(); KMArray.cast(ret).add((short) 2, inst); byte[] respBuf = response.getBytes(); short len = (short) respBuf.length; ret = decoder.decode(ret, respBuf, (short) 0, len); - short error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); + short error = KMInteger.cast(KMArray.cast(ret).get((short) 0)).getShort(); Assert.assertEquals(0x9000, response.getSW()); Assert.assertEquals(error, KMError.OK); return ret; } - public short generateAesDesKey(byte alg, short keysize, byte[] clientId, byte[] appData, boolean unlockReqd) { + + public short generateAesDesKey(byte alg, short keysize, byte[] clientId, byte[] appData, + boolean unlockReqd) { short tagCount = 7; - if(clientId != null) tagCount++; - if(appData != null) tagCount++; - if(unlockReqd)tagCount++; + if (clientId != null) { + tagCount++; + } + if (appData != null) { + tagCount++; + } + if (unlockReqd) { + tagCount++; + } short arrPtr = KMArray.instance(tagCount); short boolTag = KMBoolTag.instance(KMType.NO_AUTH_REQUIRED); - short keySize = KMIntegerTag.instance(KMType.UINT_TAG, KMType.KEYSIZE, KMInteger.uint_16(keysize)); - short byteBlob = KMByteBlob.instance((short)3); - KMByteBlob.cast(byteBlob).add((short)0, KMType.ECB); - KMByteBlob.cast(byteBlob).add((short)1, KMType.CBC); - KMByteBlob.cast(byteBlob).add((short)2, KMType.CTR); + short keySize = KMIntegerTag + .instance(KMType.UINT_TAG, KMType.KEYSIZE, KMInteger.uint_16(keysize)); + short byteBlob = KMByteBlob.instance((short) 3); + KMByteBlob.cast(byteBlob).add((short) 0, KMType.ECB); + KMByteBlob.cast(byteBlob).add((short) 1, KMType.CBC); + KMByteBlob.cast(byteBlob).add((short) 2, KMType.CTR); short blockModeTag = KMEnumArrayTag.instance(KMType.BLOCK_MODE, byteBlob); - byteBlob = KMByteBlob.instance((short)2); - KMByteBlob.cast(byteBlob).add((short)0, KMType.PKCS7); - KMByteBlob.cast(byteBlob).add((short)1, KMType.PADDING_NONE); + byteBlob = KMByteBlob.instance((short) 2); + KMByteBlob.cast(byteBlob).add((short) 0, KMType.PKCS7); + KMByteBlob.cast(byteBlob).add((short) 1, KMType.PADDING_NONE); short paddingMode = KMEnumArrayTag.instance(KMType.PADDING, byteBlob); - byteBlob = KMByteBlob.instance((short)2); - KMByteBlob.cast(byteBlob).add((short)0, KMType.ENCRYPT); - KMByteBlob.cast(byteBlob).add((short)1, KMType.DECRYPT); + byteBlob = KMByteBlob.instance((short) 2); + KMByteBlob.cast(byteBlob).add((short) 0, KMType.ENCRYPT); + KMByteBlob.cast(byteBlob).add((short) 1, KMType.DECRYPT); short purpose = KMEnumArrayTag.instance(KMType.PURPOSE, byteBlob); short tagIndex = 0; KMArray.cast(arrPtr).add(tagIndex++, boolTag); @@ -1450,48 +1526,63 @@ public short generateAesDesKey(byte alg, short keysize, byte[] clientId, byte[] KMArray.cast(arrPtr).add(tagIndex++, KMEnumTag.instance(KMType.ALGORITHM, alg)); KMArray.cast(arrPtr).add(tagIndex++, purpose); KMArray.cast(arrPtr).add(tagIndex++, KMBoolTag.instance(KMType.CALLER_NONCE)); - if(unlockReqd)KMArray.cast(arrPtr).add(tagIndex++, KMBoolTag.instance(KMType.UNLOCKED_DEVICE_REQUIRED)); - if(clientId != null)KMArray.cast(arrPtr).add(tagIndex++, - KMByteTag.instance(KMType.APPLICATION_ID, KMByteBlob.instance(clientId,(short)0,(short)clientId.length))); - if(appData != null)KMArray.cast(arrPtr).add(tagIndex++, - KMByteTag.instance(KMType.APPLICATION_DATA, KMByteBlob.instance(appData,(short)0,(short)appData.length))); + if (unlockReqd) { + KMArray.cast(arrPtr).add(tagIndex++, KMBoolTag.instance(KMType.UNLOCKED_DEVICE_REQUIRED)); + } + if (clientId != null) { + KMArray.cast(arrPtr).add(tagIndex++, + KMByteTag.instance(KMType.APPLICATION_ID, + KMByteBlob.instance(clientId, (short) 0, (short) clientId.length))); + } + if (appData != null) { + KMArray.cast(arrPtr).add(tagIndex++, + KMByteTag.instance(KMType.APPLICATION_DATA, + KMByteBlob.instance(appData, (short) 0, (short) appData.length))); + } short keyParams = KMKeyParameters.instance(arrPtr); - arrPtr = KMArray.instance((short)1); + arrPtr = KMArray.instance((short) 1); KMArray arg = KMArray.cast(arrPtr); arg.add((short) 0, keyParams); - CommandAPDU apdu = encodeApdu((byte)INS_GENERATE_KEY_CMD, arrPtr); + CommandAPDU apdu = encodeApdu((byte) INS_GENERATE_KEY_CMD, arrPtr); // print(commandAPDU.getBytes()); ResponseAPDU response = simulator.transmitCommand(apdu); short ret = KMArray.instance((short) 3); KMArray.cast(ret).add((short) 0, KMInteger.exp()); - KMArray.cast(ret).add((short)1, KMByteBlob.exp()); + KMArray.cast(ret).add((short) 1, KMByteBlob.exp()); short inst = KMKeyCharacteristics.exp(); KMArray.cast(ret).add((short) 2, inst); byte[] respBuf = response.getBytes(); short len = (short) respBuf.length; ret = decoder.decode(ret, respBuf, (short) 0, len); - short error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); + short error = KMInteger.cast(KMArray.cast(ret).get((short) 0)).getShort(); Assert.assertEquals(0x9000, response.getSW()); Assert.assertEquals(error, KMError.OK); return ret; } + public short generateAesGcmKey(short keysize, byte[] clientId, byte[] appData) { short tagCount = 8; - if(clientId != null) tagCount++; - if(appData != null) tagCount++; + if (clientId != null) { + tagCount++; + } + if (appData != null) { + tagCount++; + } short arrPtr = KMArray.instance(tagCount); short boolTag = KMBoolTag.instance(KMType.NO_AUTH_REQUIRED); - short keySize = KMIntegerTag.instance(KMType.UINT_TAG, KMType.KEYSIZE, KMInteger.uint_16(keysize)); - short macLength = KMIntegerTag.instance(KMType.UINT_TAG, KMType.MIN_MAC_LENGTH, KMInteger.uint_16((short)96)); - short byteBlob = KMByteBlob.instance((short)1); - KMByteBlob.cast(byteBlob).add((short)0, KMType.GCM); + short keySize = KMIntegerTag + .instance(KMType.UINT_TAG, KMType.KEYSIZE, KMInteger.uint_16(keysize)); + short macLength = KMIntegerTag + .instance(KMType.UINT_TAG, KMType.MIN_MAC_LENGTH, KMInteger.uint_16((short) 96)); + short byteBlob = KMByteBlob.instance((short) 1); + KMByteBlob.cast(byteBlob).add((short) 0, KMType.GCM); short blockModeTag = KMEnumArrayTag.instance(KMType.BLOCK_MODE, byteBlob); - byteBlob = KMByteBlob.instance((short)1); - KMByteBlob.cast(byteBlob).add((short)0, KMType.PADDING_NONE); + byteBlob = KMByteBlob.instance((short) 1); + KMByteBlob.cast(byteBlob).add((short) 0, KMType.PADDING_NONE); short paddingMode = KMEnumArrayTag.instance(KMType.PADDING, byteBlob); - byteBlob = KMByteBlob.instance((short)2); - KMByteBlob.cast(byteBlob).add((short)0, KMType.ENCRYPT); - KMByteBlob.cast(byteBlob).add((short)1, KMType.DECRYPT); + byteBlob = KMByteBlob.instance((short) 2); + KMByteBlob.cast(byteBlob).add((short) 0, KMType.ENCRYPT); + KMByteBlob.cast(byteBlob).add((short) 1, KMType.DECRYPT); short purpose = KMEnumArrayTag.instance(KMType.PURPOSE, byteBlob); short tagIndex = 0; KMArray.cast(arrPtr).add(tagIndex++, boolTag); @@ -1502,83 +1593,90 @@ public short generateAesGcmKey(short keysize, byte[] clientId, byte[] appData) { KMArray.cast(arrPtr).add(tagIndex++, KMEnumTag.instance(KMType.ALGORITHM, KMType.AES)); KMArray.cast(arrPtr).add(tagIndex++, purpose); KMArray.cast(arrPtr).add(tagIndex++, KMBoolTag.instance(KMType.CALLER_NONCE)); - if(clientId != null)KMArray.cast(arrPtr).add(tagIndex++, - KMByteTag.instance(KMType.APPLICATION_ID, KMByteBlob.instance(clientId,(short)0,(short)clientId.length))); - if(appData != null)KMArray.cast(arrPtr).add(tagIndex++, - KMByteTag.instance(KMType.APPLICATION_DATA, KMByteBlob.instance(appData,(short)0,(short)appData.length))); + if (clientId != null) { + KMArray.cast(arrPtr).add(tagIndex++, + KMByteTag.instance(KMType.APPLICATION_ID, + KMByteBlob.instance(clientId, (short) 0, (short) clientId.length))); + } + if (appData != null) { + KMArray.cast(arrPtr).add(tagIndex++, + KMByteTag.instance(KMType.APPLICATION_DATA, + KMByteBlob.instance(appData, (short) 0, (short) appData.length))); + } short keyParams = KMKeyParameters.instance(arrPtr); - arrPtr = KMArray.instance((short)1); + arrPtr = KMArray.instance((short) 1); KMArray arg = KMArray.cast(arrPtr); arg.add((short) 0, keyParams); - CommandAPDU apdu = encodeApdu((byte)INS_GENERATE_KEY_CMD, arrPtr); + CommandAPDU apdu = encodeApdu((byte) INS_GENERATE_KEY_CMD, arrPtr); // print(commandAPDU.getBytes()); ResponseAPDU response = simulator.transmitCommand(apdu); short ret = KMArray.instance((short) 3); KMArray.cast(ret).add((short) 0, KMInteger.exp()); - KMArray.cast(ret).add((short)1, KMByteBlob.exp()); + KMArray.cast(ret).add((short) 1, KMByteBlob.exp()); short inst = KMKeyCharacteristics.exp(); KMArray.cast(ret).add((short) 2, inst); byte[] respBuf = response.getBytes(); short len = (short) respBuf.length; ret = decoder.decode(ret, respBuf, (short) 0, len); - short error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); + short error = KMInteger.cast(KMArray.cast(ret).get((short) 0)).getShort(); Assert.assertEquals(0x9000, response.getSW()); Assert.assertEquals(error, KMError.OK); return ret; } @Test - public void testComputeHmacParams(){ + public void testComputeHmacParams() { init(); // Get Hmac parameters short ret = getHmacSharingParams(); - short error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); - KMHmacSharingParameters params = KMHmacSharingParameters.cast(KMArray.cast(ret).get((short)1)); + short error = KMInteger.cast(KMArray.cast(ret).get((short) 0)).getShort(); + KMHmacSharingParameters params = KMHmacSharingParameters.cast(KMArray.cast(ret).get((short) 1)); short seed = params.getSeed(); short nonce = params.getNonce(); short params1 = KMHmacSharingParameters.instance(); - KMHmacSharingParameters.cast(params1).setSeed(KMByteBlob.instance((short)0)); - short num = KMByteBlob.instance((short)32); + KMHmacSharingParameters.cast(params1).setSeed(KMByteBlob.instance((short) 0)); + short num = KMByteBlob.instance((short) 32); Util.arrayCopyNonAtomic( - KMByteBlob.cast(nonce).getBuffer(), - KMByteBlob.cast(nonce).getStartOff(), - KMByteBlob.cast(num).getBuffer(), - KMByteBlob.cast(num).getStartOff(), - KMByteBlob.cast(num).length()); + KMByteBlob.cast(nonce).getBuffer(), + KMByteBlob.cast(nonce).getStartOff(), + KMByteBlob.cast(num).getBuffer(), + KMByteBlob.cast(num).getStartOff(), + KMByteBlob.cast(num).length()); KMHmacSharingParameters.cast(params1).setNonce(num); short params2 = KMHmacSharingParameters.instance(); - KMHmacSharingParameters.cast(params2).setSeed(KMByteBlob.instance((short)0)); - num = KMByteBlob.instance((short)32); + KMHmacSharingParameters.cast(params2).setSeed(KMByteBlob.instance((short) 0)); + num = KMByteBlob.instance((short) 32); cryptoProvider.newRandomNumber( - KMByteBlob.cast(num).getBuffer(), - KMByteBlob.cast(num).getStartOff(), - KMByteBlob.cast(num).length()); + KMByteBlob.cast(num).getBuffer(), + KMByteBlob.cast(num).getStartOff(), + KMByteBlob.cast(num).length()); KMHmacSharingParameters.cast(params2).setNonce(num); - short arr = KMArray.instance((short)2); - KMArray.cast(arr).add((short)0, params1); - KMArray.cast(arr).add((short)1,params2); - short arrPtr = KMArray.instance((short)1); - KMArray.cast(arrPtr).add((short)0,arr); - CommandAPDU apdu = encodeApdu((byte)INS_COMPUTE_SHARED_HMAC_CMD, arrPtr); + short arr = KMArray.instance((short) 2); + KMArray.cast(arr).add((short) 0, params1); + KMArray.cast(arr).add((short) 1, params2); + short arrPtr = KMArray.instance((short) 1); + KMArray.cast(arrPtr).add((short) 0, arr); + CommandAPDU apdu = encodeApdu((byte) INS_COMPUTE_SHARED_HMAC_CMD, arrPtr); // print(commandAPDU.getBytes()); ResponseAPDU response = simulator.transmitCommand(apdu); Assert.assertEquals(0x9000, response.getSW()); - ret = KMArray.instance((short) 2); + ret = KMArray.instance((short) 2); KMArray.cast(ret).add((short) 0, KMInteger.exp()); - KMArray.cast(ret).add((short)1, KMByteBlob.exp()); + KMArray.cast(ret).add((short) 1, KMByteBlob.exp()); byte[] respBuf = response.getBytes(); short len = (short) respBuf.length; ret = decoder.decode(ret, respBuf, (short) 0, len); - error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); + error = KMInteger.cast(KMArray.cast(ret).get((short) 0)).getShort(); Assert.assertEquals(0x9000, response.getSW()); Assert.assertEquals(error, KMError.OK); cleanUp(); } + @Test - public void testGetHmacSharingParams(){ + public void testGetHmacSharingParams() { init(); CommandAPDU commandAPDU = new CommandAPDU(0x80, INS_GET_HMAC_SHARING_PARAM_CMD, 0x40, 0x00); //print(commandAPDU.getBytes()); @@ -1591,8 +1689,8 @@ public void testGetHmacSharingParams(){ byte[] respBuf = response.getBytes(); short len = (short) respBuf.length; ret = decoder.decode(ret, respBuf, (short) 0, len); - short error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); - KMHmacSharingParameters params = KMHmacSharingParameters.cast(KMArray.cast(ret).get((short)1)); + short error = KMInteger.cast(KMArray.cast(ret).get((short) 0)).getShort(); + KMHmacSharingParameters params = KMHmacSharingParameters.cast(KMArray.cast(ret).get((short) 1)); short seed = params.getSeed(); short nonce = params.getNonce(); Assert.assertTrue(KMByteBlob.cast(seed).length() == 0); @@ -1602,7 +1700,8 @@ public void testGetHmacSharingParams(){ Assert.assertEquals(error, KMError.OK); cleanUp(); } - public short getHmacSharingParams(){ + + public short getHmacSharingParams() { CommandAPDU commandAPDU = new CommandAPDU(0x80, INS_GET_HMAC_SHARING_PARAM_CMD, 0x40, 0x00); //print(commandAPDU.getBytes()); ResponseAPDU response = simulator.transmitCommand(commandAPDU); @@ -1618,58 +1717,60 @@ public short getHmacSharingParams(){ } @Test - public void testImportWrappedKey(){ + public void testImportWrappedKey() { init(); byte[] wrappedKey = new byte[16]; - cryptoProvider.newRandomNumber(wrappedKey,(short)0,(short)16); + cryptoProvider.newRandomNumber(wrappedKey, (short) 0, (short) 16); byte[] encWrappedKey = new byte[16]; byte[] transportKeyMaterial = new byte[32]; - cryptoProvider.newRandomNumber(transportKeyMaterial,(short)0,(short)32); + cryptoProvider.newRandomNumber(transportKeyMaterial, (short) 0, (short) 32); byte[] nonce = new byte[12]; - cryptoProvider.newRandomNumber(nonce,(short)0,(short)12); + cryptoProvider.newRandomNumber(nonce, (short) 0, (short) 12); byte[] authData = "Auth Data".getBytes(); byte[] authTag = new byte[16]; - cryptoProvider.aesGCMEncrypt(transportKeyMaterial,(short)0,(short)32,wrappedKey, - (short)0,(short)16,encWrappedKey,(short)0, - nonce,(short)0, (short)12,authData,(short)0,(short)authData.length, - authTag, (short)0, (short)16); - byte[] maskingKey = {1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0}; + cryptoProvider.aesGCMEncrypt(transportKeyMaterial, (short) 0, (short) 32, wrappedKey, + (short) 0, (short) 16, encWrappedKey, (short) 0, + nonce, (short) 0, (short) 12, authData, (short) 0, (short) authData.length, + authTag, (short) 0, (short) 16); + byte[] maskingKey = {1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, + 0, 1, 0, 1, 0, 1, 0}; byte[] maskedTransportKey = new byte[32]; - for(int i=0; i< maskingKey.length;i++){ - maskedTransportKey[i] = (byte)(transportKeyMaterial[i] ^ maskingKey[i]); + for (int i = 0; i < maskingKey.length; i++) { + maskedTransportKey[i] = (byte) (transportKeyMaterial[i] ^ maskingKey[i]); } - short rsaKeyArr = generateRsaKey(null,null); - short keyBlobPtr = KMArray.cast(rsaKeyArr).get((short)1); - byte[] wrappingKeyBlob= new byte[KMByteBlob.cast(keyBlobPtr).length()]; + short rsaKeyArr = generateRsaKey(null, null); + short keyBlobPtr = KMArray.cast(rsaKeyArr).get((short) 1); + byte[] wrappingKeyBlob = new byte[KMByteBlob.cast(keyBlobPtr).length()]; Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), - KMByteBlob.cast(keyBlobPtr).getStartOff(), - wrappingKeyBlob,(short)0, (short)wrappingKeyBlob.length); + KMByteBlob.cast(keyBlobPtr).getStartOff(), + wrappingKeyBlob, (short) 0, (short) wrappingKeyBlob.length); byte[] output = new byte[256]; short outlen = rsaOaepEncryptMessage(wrappingKeyBlob, KMType.SHA2_256, - maskedTransportKey, (short)0, (short)maskedTransportKey.length, - output, (short)0); + maskedTransportKey, (short) 0, (short) maskedTransportKey.length, + output, (short) 0); Assert.assertTrue((outlen == 256)); byte[] encTransportKey = new byte[outlen]; - Util.arrayCopyNonAtomic(output, (short)0, encTransportKey, (short)0, - outlen); + Util.arrayCopyNonAtomic(output, (short) 0, encTransportKey, (short) 0, + outlen); //Clean the heap. KMRepository.instance().clean(); short tagCount = 7; short arrPtr = KMArray.instance(tagCount); short boolTag = KMBoolTag.instance(KMType.NO_AUTH_REQUIRED); - short keySize = KMIntegerTag.instance(KMType.UINT_TAG, KMType.KEYSIZE, KMInteger.uint_16((short)128)); - short byteBlob = KMByteBlob.instance((short)2); - KMByteBlob.cast(byteBlob).add((short)0, KMType.ECB); - KMByteBlob.cast(byteBlob).add((short)1, KMType.CBC); + short keySize = KMIntegerTag + .instance(KMType.UINT_TAG, KMType.KEYSIZE, KMInteger.uint_16((short) 128)); + short byteBlob = KMByteBlob.instance((short) 2); + KMByteBlob.cast(byteBlob).add((short) 0, KMType.ECB); + KMByteBlob.cast(byteBlob).add((short) 1, KMType.CBC); short blockModeTag = KMEnumArrayTag.instance(KMType.BLOCK_MODE, byteBlob); - byteBlob = KMByteBlob.instance((short)2); - KMByteBlob.cast(byteBlob).add((short)0, KMType.PKCS7); - KMByteBlob.cast(byteBlob).add((short)1, KMType.PADDING_NONE); + byteBlob = KMByteBlob.instance((short) 2); + KMByteBlob.cast(byteBlob).add((short) 0, KMType.PKCS7); + KMByteBlob.cast(byteBlob).add((short) 1, KMType.PADDING_NONE); short paddingMode = KMEnumArrayTag.instance(KMType.PADDING, byteBlob); - byteBlob = KMByteBlob.instance((short)2); - KMByteBlob.cast(byteBlob).add((short)0, KMType.ENCRYPT); - KMByteBlob.cast(byteBlob).add((short)1, KMType.DECRYPT); + byteBlob = KMByteBlob.instance((short) 2); + KMByteBlob.cast(byteBlob).add((short) 0, KMType.ENCRYPT); + KMByteBlob.cast(byteBlob).add((short) 1, KMType.DECRYPT); short purpose = KMEnumArrayTag.instance(KMType.PURPOSE, byteBlob); short tagIndex = 0; KMArray.cast(arrPtr).add(tagIndex++, boolTag); @@ -1680,41 +1781,48 @@ public void testImportWrappedKey(){ KMArray.cast(arrPtr).add(tagIndex++, purpose); KMArray.cast(arrPtr).add(tagIndex++, KMBoolTag.instance(KMType.CALLER_NONCE)); short keyParams = KMKeyParameters.instance(arrPtr); - short nullParams = KMArray.instance((short)0); + short nullParams = KMArray.instance((short) 0); nullParams = KMKeyParameters.instance(nullParams); - short arr = KMArray.instance((short)12); + short arr = KMArray.instance((short) 12); KMArray.cast(arr).add((short) 0, keyParams); // Key Params of wrapped key - KMArray.cast(arr).add((short) 1, KMEnum.instance(KMType.KEY_FORMAT,KMType.RAW)); // Key Format - KMArray.cast(arr).add((short) 2, KMByteBlob.instance(encWrappedKey,(short)0,(short)encWrappedKey.length)); // Wrapped Import Key Blob - KMArray.cast(arr).add((short) 3, KMByteBlob.instance(authTag,(short)0,(short)authTag.length)); // Auth Tag - KMArray.cast(arr).add((short) 4, KMByteBlob.instance(nonce,(short)0,(short)nonce.length)); // IV - Nonce - KMArray.cast(arr).add((short) 5, KMByteBlob.instance(encTransportKey,(short)0,(short)encTransportKey.length)); // Encrypted Transport Key - KMArray.cast(arr).add((short) 6, KMByteBlob.instance(wrappingKeyBlob,(short)0, (short)wrappingKeyBlob.length)); // Wrapping Key KeyBlob - KMArray.cast(arr).add((short) 7, KMByteBlob.instance(maskingKey,(short)0,(short)maskingKey.length)); // Masking Key + KMArray.cast(arr).add((short) 1, KMEnum.instance(KMType.KEY_FORMAT, KMType.RAW)); // Key Format + KMArray.cast(arr).add((short) 2, KMByteBlob.instance(encWrappedKey, (short) 0, + (short) encWrappedKey.length)); // Wrapped Import Key Blob + KMArray.cast(arr).add((short) 3, + KMByteBlob.instance(authTag, (short) 0, (short) authTag.length)); // Auth Tag + KMArray.cast(arr) + .add((short) 4, KMByteBlob.instance(nonce, (short) 0, (short) nonce.length)); // IV - Nonce + KMArray.cast(arr).add((short) 5, KMByteBlob.instance(encTransportKey, (short) 0, + (short) encTransportKey.length)); // Encrypted Transport Key + KMArray.cast(arr).add((short) 6, KMByteBlob.instance(wrappingKeyBlob, (short) 0, + (short) wrappingKeyBlob.length)); // Wrapping Key KeyBlob + KMArray.cast(arr).add((short) 7, + KMByteBlob.instance(maskingKey, (short) 0, (short) maskingKey.length)); // Masking Key KMArray.cast(arr).add((short) 8, nullParams); // Un-wrapping Params - KMArray.cast(arr).add((short) 9, KMByteBlob.instance(authData,(short)0,(short)authData.length)); // Wrapped Key ASSOCIATED AUTH DATA - KMArray.cast(arr).add((short) 10, KMInteger.uint_8((byte)0)); // Password Sid - KMArray.cast(arr).add((short) 11, KMInteger.uint_8((byte)0)); // Biometric Sid - CommandAPDU apdu = encodeApdu((byte)INS_IMPORT_WRAPPED_KEY_CMD, arr); + KMArray.cast(arr).add((short) 9, KMByteBlob.instance(authData, (short) 0, + (short) authData.length)); // Wrapped Key ASSOCIATED AUTH DATA + KMArray.cast(arr).add((short) 10, KMInteger.uint_8((byte) 0)); // Password Sid + KMArray.cast(arr).add((short) 11, KMInteger.uint_8((byte) 0)); // Biometric Sid + CommandAPDU apdu = encodeApdu((byte) INS_IMPORT_WRAPPED_KEY_CMD, arr); // print(commandAPDU.getBytes()); ResponseAPDU response = simulator.transmitCommand(apdu); short ret = KMArray.instance((short) 3); KMArray.cast(ret).add((short) 0, KMInteger.exp()); - KMArray.cast(ret).add((short)1, KMByteBlob.exp()); + KMArray.cast(ret).add((short) 1, KMByteBlob.exp()); short inst = KMKeyCharacteristics.exp(); KMArray.cast(ret).add((short) 2, inst); byte[] respBuf = response.getBytes(); short len = (short) respBuf.length; ret = decoder.decode(ret, respBuf, (short) 0, len); - short error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); - short keyBlobLength = KMByteBlob.cast(KMArray.cast(ret).get((short)1)).length(); - short keyCharacteristics = KMArray.cast(ret).get((short)2); + short error = KMInteger.cast(KMArray.cast(ret).get((short) 0)).getShort(); + short keyBlobLength = KMByteBlob.cast(KMArray.cast(ret).get((short) 1)).length(); + short keyCharacteristics = KMArray.cast(ret).get((short) 2); short hwParams = KMKeyCharacteristics.cast(keyCharacteristics).getHardwareEnforced(); short swParams = KMKeyCharacteristics.cast(keyCharacteristics).getSoftwareEnforced(); Assert.assertEquals(0x9000, response.getSW()); Assert.assertEquals(error, KMError.OK); short tag = KMKeyParameters.findTag(KMType.BOOL_TAG, KMType.NO_AUTH_REQUIRED, hwParams); - Assert.assertEquals(KMBoolTag.cast(tag).getVal(),0x01); + Assert.assertEquals(KMBoolTag.cast(tag).getVal(), 0x01); tag = KMKeyParameters.findTag(KMType.UINT_TAG, KMType.KEYSIZE, hwParams); Assert.assertEquals(KMInteger.cast(KMIntegerTag.cast(tag).getValue()).getShort(), 128); tag = KMKeyParameters.findTag(KMType.ENUM_ARRAY_TAG, KMType.PADDING, hwParams); @@ -1733,16 +1841,18 @@ public void testGetKeyCharacteristicsWithIdDataSuccess() { init(); byte[] clientId = "clientId".getBytes(); byte[] appData = "appData".getBytes(); - short ret = generateRsaKey(clientId,appData); - short error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); + short ret = generateRsaKey(clientId, appData); + short error = KMInteger.cast(KMArray.cast(ret).get((short) 0)).getShort(); Assert.assertEquals(error, KMError.OK); - short keyBlob = KMArray.cast(ret).get((short)1); - - short arrPtr = KMArray.instance((short)3); - KMArray.cast(arrPtr).add((short)0, keyBlob); - KMArray.cast(arrPtr).add((short)1, KMByteBlob.instance(clientId,(short)0, (short)clientId.length)); - KMArray.cast(arrPtr).add((short)2, KMByteBlob.instance(appData,(short)0, (short)appData.length)); - CommandAPDU apdu = encodeApdu((byte)INS_GET_KEY_CHARACTERISTICS_CMD, arrPtr); + short keyBlob = KMArray.cast(ret).get((short) 1); + + short arrPtr = KMArray.instance((short) 3); + KMArray.cast(arrPtr).add((short) 0, keyBlob); + KMArray.cast(arrPtr) + .add((short) 1, KMByteBlob.instance(clientId, (short) 0, (short) clientId.length)); + KMArray.cast(arrPtr) + .add((short) 2, KMByteBlob.instance(appData, (short) 0, (short) appData.length)); + CommandAPDU apdu = encodeApdu((byte) INS_GET_KEY_CHARACTERISTICS_CMD, arrPtr); // print(commandAPDU.getBytes()); ResponseAPDU response = simulator.transmitCommand(apdu); ret = KMArray.instance((short) 2); @@ -1752,7 +1862,7 @@ public void testGetKeyCharacteristicsWithIdDataSuccess() { byte[] respBuf = response.getBytes(); short len = (short) respBuf.length; ret = decoder.decode(ret, respBuf, (short) 0, len); - error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); + error = KMInteger.cast(KMArray.cast(ret).get((short) 0)).getShort(); Assert.assertEquals(error, KMError.OK); cleanUp(); } @@ -1761,15 +1871,15 @@ public void testGetKeyCharacteristicsWithIdDataSuccess() { public void testGetKeyCharacteristicsSuccess() { init(); short ret = generateRsaKey(null, null); - short error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); + short error = KMInteger.cast(KMArray.cast(ret).get((short) 0)).getShort(); Assert.assertEquals(error, KMError.OK); - short keyBlob = KMArray.cast(ret).get((short)1); + short keyBlob = KMArray.cast(ret).get((short) 1); - short arrPtr = KMArray.instance((short)3); - KMArray.cast(arrPtr).add((short)0, keyBlob); - KMArray.cast(arrPtr).add((short)1, KMByteBlob.instance((short)0)); - KMArray.cast(arrPtr).add((short)2, KMByteBlob.instance((short)0)); - CommandAPDU apdu = encodeApdu((byte)INS_GET_KEY_CHARACTERISTICS_CMD, arrPtr); + short arrPtr = KMArray.instance((short) 3); + KMArray.cast(arrPtr).add((short) 0, keyBlob); + KMArray.cast(arrPtr).add((short) 1, KMByteBlob.instance((short) 0)); + KMArray.cast(arrPtr).add((short) 2, KMByteBlob.instance((short) 0)); + CommandAPDU apdu = encodeApdu((byte) INS_GET_KEY_CHARACTERISTICS_CMD, arrPtr); // print(commandAPDU.getBytes()); ResponseAPDU response = simulator.transmitCommand(apdu); ret = KMArray.instance((short) 2); @@ -1779,7 +1889,7 @@ public void testGetKeyCharacteristicsSuccess() { byte[] respBuf = response.getBytes(); short len = (short) respBuf.length; ret = decoder.decode(ret, respBuf, (short) 0, len); - error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); + error = KMInteger.cast(KMArray.cast(ret).get((short) 0)).getShort(); Assert.assertEquals(error, KMError.OK); cleanUp(); } @@ -1788,13 +1898,13 @@ public void testGetKeyCharacteristicsSuccess() { public void testDeleteKeySuccess() { init(); short ret = generateRsaKey(null, null); - short keyBlobPtr = KMArray.cast(ret).get((short)1); + short keyBlobPtr = KMArray.cast(ret).get((short) 1); byte[] keyBlob = new byte[KMByteBlob.cast(keyBlobPtr).length()]; - short len = KMByteBlob.cast(keyBlobPtr).getValues(keyBlob, (short)0); + short len = KMByteBlob.cast(keyBlobPtr).getValues(keyBlob, (short) 0); ret = getKeyCharacteristics(keyBlobPtr); - short error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); + short error = KMInteger.cast(KMArray.cast(ret).get((short) 0)).getShort(); Assert.assertEquals(error, KMError.OK); - ret = deleteKey(KMByteBlob.instance(keyBlob,(short)0,(short)keyBlob.length)); + ret = deleteKey(KMByteBlob.instance(keyBlob, (short) 0, (short) keyBlob.length)); Assert.assertEquals(ret, KMError.OK); cleanUp(); } @@ -1803,13 +1913,13 @@ public void testDeleteKeySuccess() { public void testDeleteAllKeySuccess() { init(); short ret1 = generateRsaKey(null, null); - short keyBlobPtr = KMArray.cast(ret1).get((short)1); + short keyBlobPtr = KMArray.cast(ret1).get((short) 1); byte[] keyBlob1 = new byte[KMByteBlob.cast(keyBlobPtr).length()]; - short len = KMByteBlob.cast(keyBlobPtr).getValues(keyBlob1, (short)0); + short len = KMByteBlob.cast(keyBlobPtr).getValues(keyBlob1, (short) 0); short ret2 = generateRsaKey(null, null); - keyBlobPtr = KMArray.cast(ret2).get((short)1); + keyBlobPtr = KMArray.cast(ret2).get((short) 1); byte[] keyBlob2 = new byte[KMByteBlob.cast(keyBlobPtr).length()]; - len = KMByteBlob.cast(keyBlobPtr).getValues(keyBlob2, (short)0); + len = KMByteBlob.cast(keyBlobPtr).getValues(keyBlob2, (short) 0); CommandAPDU apdu = new CommandAPDU(0x80, INS_DELETE_ALL_KEYS_CMD, 0x40, 0x00); // print(commandAPDU.getBytes()); ResponseAPDU response = simulator.transmitCommand(apdu); @@ -1819,9 +1929,9 @@ public void testDeleteAllKeySuccess() { } private short deleteKey(short keyBlob) { - short arrPtr = KMArray.instance((short)1); - KMArray.cast(arrPtr).add((short)0, keyBlob); - CommandAPDU apdu = encodeApdu((byte)INS_DELETE_KEY_CMD, arrPtr); + short arrPtr = KMArray.instance((short) 1); + KMArray.cast(arrPtr).add((short) 0, keyBlob); + CommandAPDU apdu = encodeApdu((byte) INS_DELETE_KEY_CMD, arrPtr); // print(commandAPDU.getBytes()); ResponseAPDU response = simulator.transmitCommand(apdu); byte[] respBuf = response.getBytes(); @@ -1829,21 +1939,21 @@ private short deleteKey(short keyBlob) { } private short abort(short opHandle) { - short arrPtr = KMArray.instance((short)1); - KMArray.cast(arrPtr).add((short)0, opHandle); - CommandAPDU apdu = encodeApdu((byte)INS_ABORT_OPERATION_CMD, arrPtr); + short arrPtr = KMArray.instance((short) 1); + KMArray.cast(arrPtr).add((short) 0, opHandle); + CommandAPDU apdu = encodeApdu((byte) INS_ABORT_OPERATION_CMD, arrPtr); // print(commandAPDU.getBytes()); ResponseAPDU response = simulator.transmitCommand(apdu); byte[] respBuf = response.getBytes(); return respBuf[0]; } - public short getKeyCharacteristics(short keyBlob){ - short arrPtr = KMArray.instance((short)3); - KMArray.cast(arrPtr).add((short)0, keyBlob); - KMArray.cast(arrPtr).add((short)1, KMByteBlob.instance((short)0)); - KMArray.cast(arrPtr).add((short)2, KMByteBlob.instance((short)0)); - CommandAPDU apdu = encodeApdu((byte)INS_GET_KEY_CHARACTERISTICS_CMD, arrPtr); + public short getKeyCharacteristics(short keyBlob) { + short arrPtr = KMArray.instance((short) 3); + KMArray.cast(arrPtr).add((short) 0, keyBlob); + KMArray.cast(arrPtr).add((short) 1, KMByteBlob.instance((short) 0)); + KMArray.cast(arrPtr).add((short) 2, KMByteBlob.instance((short) 0)); + CommandAPDU apdu = encodeApdu((byte) INS_GET_KEY_CHARACTERISTICS_CMD, arrPtr); // print(commandAPDU.getBytes()); ResponseAPDU response = simulator.transmitCommand(apdu); short ret = KMArray.instance((short) 2); @@ -1852,157 +1962,170 @@ public short getKeyCharacteristics(short keyBlob){ KMArray.cast(ret).add((short) 1, inst); byte[] respBuf = response.getBytes(); short len = (short) respBuf.length; - if( len > 5) + if (len > 5) { ret = decoder.decode(ret, respBuf, (short) 0, len); - else - ret = KMByteBlob.instance(respBuf, (short)0, len); + } else { + ret = KMByteBlob.instance(respBuf, (short) 0, len); + } return ret; } @Test - public void testWithAesGcmWithUpdate(){ + public void testWithAesGcmWithUpdate() { init(); - testEncryptDecryptWithAesDes(KMType.AES, KMType.GCM, KMType.PADDING_NONE,true); + testEncryptDecryptWithAesDes(KMType.AES, KMType.GCM, KMType.PADDING_NONE, true); cleanUp(); } + @Test - public void testWithAesEcbPkcs7WithUpdate(){ + public void testWithAesEcbPkcs7WithUpdate() { init(); - testEncryptDecryptWithAesDes(KMType.AES, KMType.ECB, KMType.PKCS7,true); + testEncryptDecryptWithAesDes(KMType.AES, KMType.ECB, KMType.PKCS7, true); cleanUp(); } @Test - public void testWithAesCtrNoPadWithUpdate(){ + public void testWithAesCtrNoPadWithUpdate() { init(); - testEncryptDecryptWithAesDes(KMType.AES, KMType.CTR, KMType.PADDING_NONE,true); + testEncryptDecryptWithAesDes(KMType.AES, KMType.CTR, KMType.PADDING_NONE, true); cleanUp(); } @Test - public void testWithAesCtrNoPad(){ + public void testWithAesCtrNoPad() { init(); - testEncryptDecryptWithAesDes(KMType.AES, KMType.CTR, KMType.PADDING_NONE,false); + testEncryptDecryptWithAesDes(KMType.AES, KMType.CTR, KMType.PADDING_NONE, false); cleanUp(); } @Test - public void testWithAesEcbNoPadWithUpdate(){ + public void testWithAesEcbNoPadWithUpdate() { init(); - testEncryptDecryptWithAesDes(KMType.AES, KMType.ECB, KMType.PADDING_NONE,true); + testEncryptDecryptWithAesDes(KMType.AES, KMType.ECB, KMType.PADDING_NONE, true); cleanUp(); } + @Test - public void testWithDesEcbPkcs7WithUpdate(){ + public void testWithDesEcbPkcs7WithUpdate() { init(); - testEncryptDecryptWithAesDes(KMType.DES, KMType.ECB, KMType.PKCS7,true); + testEncryptDecryptWithAesDes(KMType.DES, KMType.ECB, KMType.PKCS7, true); cleanUp(); } + @Test - public void testWithDesEcbNoPadWithUpdate(){ + public void testWithDesEcbNoPadWithUpdate() { init(); - testEncryptDecryptWithAesDes(KMType.DES, KMType.ECB, KMType.PADDING_NONE,true); + testEncryptDecryptWithAesDes(KMType.DES, KMType.ECB, KMType.PADDING_NONE, true); cleanUp(); } + @Test - public void testWithAesCbcPkcs7WithUpdate(){ + public void testWithAesCbcPkcs7WithUpdate() { init(); - testEncryptDecryptWithAesDes(KMType.AES, KMType.CBC, KMType.PKCS7,true); + testEncryptDecryptWithAesDes(KMType.AES, KMType.CBC, KMType.PKCS7, true); cleanUp(); } + @Test - public void testWithAesCbcNoPadWithUpdate(){ + public void testWithAesCbcNoPadWithUpdate() { init(); - testEncryptDecryptWithAesDes(KMType.AES, KMType.CBC, KMType.PADDING_NONE,true); + testEncryptDecryptWithAesDes(KMType.AES, KMType.CBC, KMType.PADDING_NONE, true); cleanUp(); } + @Test - public void testWithDesCbcPkcs7WithUpdate(){ + public void testWithDesCbcPkcs7WithUpdate() { init(); - testEncryptDecryptWithAesDes(KMType.DES, KMType.CBC, KMType.PKCS7,true); + testEncryptDecryptWithAesDes(KMType.DES, KMType.CBC, KMType.PKCS7, true); cleanUp(); } + @Test - public void testWithDesCbcNoPadWithUpdate(){ + public void testWithDesCbcNoPadWithUpdate() { init(); - testEncryptDecryptWithAesDes(KMType.DES, KMType.CBC, KMType.PADDING_NONE,true); + testEncryptDecryptWithAesDes(KMType.DES, KMType.CBC, KMType.PADDING_NONE, true); cleanUp(); } @Test - public void testWithAesEcbPkcs7(){ + public void testWithAesEcbPkcs7() { init(); - testEncryptDecryptWithAesDes(KMType.AES, KMType.ECB, KMType.PKCS7,false); + testEncryptDecryptWithAesDes(KMType.AES, KMType.ECB, KMType.PKCS7, false); cleanUp(); } + @Test - public void testWithAesCbcPkcs7(){ + public void testWithAesCbcPkcs7() { init(); - testEncryptDecryptWithAesDes(KMType.AES, KMType.CBC, KMType.PKCS7,false); + testEncryptDecryptWithAesDes(KMType.AES, KMType.CBC, KMType.PKCS7, false); cleanUp(); } + @Test - public void testWithAesEcbNoPad(){ + public void testWithAesEcbNoPad() { init(); - testEncryptDecryptWithAesDes(KMType.AES, KMType.ECB, KMType.PADDING_NONE,false); + testEncryptDecryptWithAesDes(KMType.AES, KMType.ECB, KMType.PADDING_NONE, false); cleanUp(); } @Test - public void testWithAesCbcNoPad(){ + public void testWithAesCbcNoPad() { init(); - testEncryptDecryptWithAesDes(KMType.AES, KMType.CBC, KMType.PADDING_NONE,false); + testEncryptDecryptWithAesDes(KMType.AES, KMType.CBC, KMType.PADDING_NONE, false); cleanUp(); } @Test - public void testWithDesCbcPkcs7(){ + public void testWithDesCbcPkcs7() { init(); - testEncryptDecryptWithAesDes(KMType.DES, KMType.CBC, KMType.PKCS7,false); + testEncryptDecryptWithAesDes(KMType.DES, KMType.CBC, KMType.PKCS7, false); cleanUp(); } @Test - public void testWithDesCbcNoPad(){ + public void testWithDesCbcNoPad() { init(); - testEncryptDecryptWithAesDes(KMType.DES, KMType.CBC, KMType.PADDING_NONE,false); + testEncryptDecryptWithAesDes(KMType.DES, KMType.CBC, KMType.PADDING_NONE, false); cleanUp(); } + @Test - public void testWithDesEcbNoPad(){ + public void testWithDesEcbNoPad() { init(); - testEncryptDecryptWithAesDes(KMType.DES, KMType.ECB, KMType.PADDING_NONE,false); + testEncryptDecryptWithAesDes(KMType.DES, KMType.ECB, KMType.PADDING_NONE, false); cleanUp(); } + @Test - public void testWithDesEcbPkcs7(){ + public void testWithDesEcbPkcs7() { init(); - testEncryptDecryptWithAesDes(KMType.DES, KMType.ECB, KMType.PKCS7,false); + testEncryptDecryptWithAesDes(KMType.DES, KMType.ECB, KMType.PKCS7, false); cleanUp(); } @Test - public void testWithRsa256Oaep(){ + public void testWithRsa256Oaep() { init(); testEncryptDecryptWithRsa(KMType.SHA2_256, KMType.RSA_OAEP); cleanUp(); } + @Test - public void testWithRsaSha1Oaep(){ + public void testWithRsaSha1Oaep() { init(); testEncryptDecryptWithRsa(KMType.SHA1, KMType.RSA_OAEP); cleanUp(); } @Test - public void testWithRsaNonePkcs1(){ + public void testWithRsaNonePkcs1() { init(); testEncryptDecryptWithRsa(KMType.DIGEST_NONE, KMType.RSA_PKCS1_1_5_ENCRYPT); cleanUp(); } @Test - public void testWithRsaNoneNoPad(){ + public void testWithRsaNoneNoPad() { init(); testEncryptDecryptWithRsa(KMType.DIGEST_NONE, KMType.PADDING_NONE); cleanUp(); @@ -2010,62 +2133,64 @@ public void testWithRsaNoneNoPad(){ // TODO Signing with no digest is not supported by crypto provider or javacard @Test - public void testSignWithRsaNoneNoPad(){ + public void testSignWithRsaNoneNoPad() { init(); - testSignVerifyWithRsa(KMType.DIGEST_NONE, KMType.PADDING_NONE,false, false); + testSignVerifyWithRsa(KMType.DIGEST_NONE, KMType.PADDING_NONE, false, false); cleanUp(); } @Test - public void testSignWithRsaNonePkcs1(){ + public void testSignWithRsaNonePkcs1() { init(); - testSignVerifyWithRsa(KMType.DIGEST_NONE, KMType.RSA_PKCS1_1_5_SIGN,false, false); + testSignVerifyWithRsa(KMType.DIGEST_NONE, KMType.RSA_PKCS1_1_5_SIGN, false, false); cleanUp(); } public short getPublicKey(byte[] keyBlob, short off, short len, - byte[] pubKey, short pubKeyOff) { + byte[] pubKey, short pubKeyOff) { short keyBlobPtr = extractKeyBlobArray(keyBlob, off, len); short arrayLen = KMArray.cast(keyBlobPtr).length(); if (arrayLen < 5) { return 0; } short pubKeyPtr = KMArray.cast(keyBlobPtr).get( - KMKeymasterApplet.KEY_BLOB_PUB_KEY); + KMKeymasterApplet.KEY_BLOB_PUB_KEY); Util.arrayCopy(KMByteBlob.cast(pubKeyPtr).getBuffer(), - KMByteBlob.cast(pubKeyPtr).getStartOff(), pubKey, pubKeyOff, - KMByteBlob.cast(pubKeyPtr).length()); + KMByteBlob.cast(pubKeyPtr).getStartOff(), pubKey, pubKeyOff, + KMByteBlob.cast(pubKeyPtr).length()); return KMByteBlob.cast(pubKeyPtr).length(); } - private String toHexString(byte[] num){ + private String toHexString(byte[] num) { StringBuilder sb = new StringBuilder(); - for(int i = 0; i < num.length; i++){ - sb.append(String.format("%02X", num[i])) ; - } + for (int i = 0; i < num.length; i++) { + sb.append(String.format("%02X", num[i])); + } return sb.toString(); } - public short rsaEncryptMessage(byte[] keyBlob, short padding, short digest, byte[] input, short inputOff, short inputlen, - byte[] output, short outputOff) { + public short rsaEncryptMessage(byte[] keyBlob, short padding, short digest, byte[] input, + short inputOff, short inputlen, + byte[] output, short outputOff) { byte alg = Cipher.ALG_RSA_PKCS1; byte[] tmp = null; short inLen = inputlen; if (padding == KMType.PADDING_NONE) { alg = Cipher.ALG_RSA_NOPAD; // Length cannot be greater then key size according to JcardSim - if(inLen >= 256) + if (inLen >= 256) { return 0; + } // make input equal to 255 bytes tmp = new byte[255]; - Util.arrayFillNonAtomic(tmp,(short)0,(short)255, (byte)0); + Util.arrayFillNonAtomic(tmp, (short) 0, (short) 255, (byte) 0); Util.arrayCopyNonAtomic( - input, - inputOff, - tmp, (short)(255 - inLen),inLen); + input, + inputOff, + tmp, (short) (255 - inLen), inLen); inLen = 255; inputOff = 0; - } else if(padding == KMType.RSA_PKCS1_1_5_ENCRYPT) { + } else if (padding == KMType.RSA_PKCS1_1_5_ENCRYPT) { tmp = input; } else { /*Fail */ @@ -2074,10 +2199,11 @@ public short rsaEncryptMessage(byte[] keyBlob, short padding, short digest, byte byte[] pubKey = new byte[256]; KeyPair rsaKeyPair = new KeyPair(KeyPair.ALG_RSA, KeyBuilder.LENGTH_RSA_2048); RSAPublicKey rsaPubKey = (RSAPublicKey) rsaKeyPair.getPublic(); - if (0 == getPublicKey(keyBlob, (short)0, (short)keyBlob.length, pubKey, (short)0)) + if (0 == getPublicKey(keyBlob, (short) 0, (short) keyBlob.length, pubKey, (short) 0)) { return 0; + } - byte[] exponent = new byte[]{0x01,0x00,0x01}; + byte[] exponent = new byte[]{0x01, 0x00, 0x01}; rsaPubKey.setModulus(pubKey, (short) 0, (short) pubKey.length); rsaPubKey.setExponent(exponent, (short) 0, (short) exponent.length); @@ -2086,38 +2212,41 @@ public short rsaEncryptMessage(byte[] keyBlob, short padding, short digest, byte return rsaCipher.doFinal(tmp, inputOff, inLen, output, outputOff); } - public short rsaOaepEncryptMessage(byte[] keyBlob, short digest, byte[] input, short inputOff, short inputlen, - byte[] output, short outputOff) { + public short rsaOaepEncryptMessage(byte[] keyBlob, short digest, byte[] input, short inputOff, + short inputlen, + byte[] output, short outputOff) { byte[] mod = new byte[256]; - if (0 == getPublicKey(keyBlob, (short)0, (short)keyBlob.length, mod, (short)0)) + if (0 == getPublicKey(keyBlob, (short) 0, (short) keyBlob.length, mod, (short) 0)) { return 0; - byte[] exponent = new byte[]{0x01,0x00,0x01}; + } + byte[] exponent = new byte[]{0x01, 0x00, 0x01}; // Convert byte arrays into keys String modString = toHexString(mod); String expString = toHexString(exponent); - BigInteger modInt = new BigInteger(modString,16); - BigInteger expInt = new BigInteger(expString,16); + BigInteger modInt = new BigInteger(modString, 16); + BigInteger expInt = new BigInteger(expString, 16); javax.crypto.Cipher rsaCipher = null; - try{ + try { KeyFactory kf = KeyFactory.getInstance("RSA"); // Create cipher with oaep padding OAEPParameterSpec oaepSpec = null; - if(digest == KMType.SHA2_256){ - oaepSpec= new OAEPParameterSpec("SHA-256", "MGF1", - MGF1ParameterSpec.SHA1, PSource.PSpecified.DEFAULT); - }else{ - oaepSpec= new OAEPParameterSpec("SHA1", "MGF1", - MGF1ParameterSpec.SHA1, PSource.PSpecified.DEFAULT); + if (digest == KMType.SHA2_256) { + oaepSpec = new OAEPParameterSpec("SHA-256", "MGF1", + MGF1ParameterSpec.SHA1, PSource.PSpecified.DEFAULT); + } else { + oaepSpec = new OAEPParameterSpec("SHA1", "MGF1", + MGF1ParameterSpec.SHA1, PSource.PSpecified.DEFAULT); } rsaCipher = javax.crypto.Cipher.getInstance("RSA/ECB/OAEPPadding", "SunJCE"); RSAPublicKeySpec pubSpec = new RSAPublicKeySpec(modInt, expInt); - java.security.interfaces.RSAPublicKey pubKey = (java.security.interfaces.RSAPublicKey) kf.generatePublic(pubSpec); + java.security.interfaces.RSAPublicKey pubKey = (java.security.interfaces.RSAPublicKey) kf + .generatePublic(pubSpec); rsaCipher.init(javax.crypto.Cipher.ENCRYPT_MODE, pubKey, oaepSpec); byte[] cipherOut = rsaCipher.doFinal(input, inputOff, inputlen); - if(cipherOut != null) { + if (cipherOut != null) { Util.arrayCopyNonAtomic(cipherOut, (short) 0, output, outputOff, (short) cipherOut.length); } return (short) cipherOut.length; @@ -2142,25 +2271,26 @@ public short rsaOaepEncryptMessage(byte[] keyBlob, short digest, byte[] input, s } public boolean ecNoDigestVerifyMessage(byte[] input, short inputOff, - short inputlen, byte[] sign, short signOff, short signLen, - byte[] keyBlob) { + short inputlen, byte[] sign, short signOff, short signLen, + byte[] keyBlob) { KeyFactory kf; byte[] pubKey = new byte[128]; short keyStart = 0; short keyLength = getPublicKey(keyBlob, (short) 0, (short) keyBlob.length, - pubKey, (short) 0); - if (keyLength == 0) + pubKey, (short) 0); + if (keyLength == 0) { return false; + } try { java.security.Signature sunSigner = java.security.Signature.getInstance( - "NONEwithECDSA", "SunEC"); + "NONEwithECDSA", "SunEC"); kf = KeyFactory.getInstance("EC"); AlgorithmParameters parameters = AlgorithmParameters.getInstance("EC", - "SunEC"); + "SunEC"); // Supported curve secp256r1 parameters.init(new ECGenParameterSpec("secp256r1")); ECParameterSpec ecParameters = parameters - .getParameterSpec(ECParameterSpec.class); + .getParameterSpec(ECParameterSpec.class); // Check if the first byte is 04 and remove it. if (pubKey[keyStart] == 0x04) { @@ -2182,7 +2312,7 @@ public boolean ecNoDigestVerifyMessage(byte[] input, short inputOff, ECPoint point = new ECPoint(bIX, bIY); ECPublicKeySpec pubkeyspec = new ECPublicKeySpec(point, ecParameters); java.security.interfaces.ECPublicKey ecPubkey = (java.security.interfaces.ECPublicKey) kf - .generatePublic(pubkeyspec); + .generatePublic(pubkeyspec); sunSigner.initVerify(ecPubkey); sunSigner.update(input, inputOff, inputlen); return sunSigner.verify(sign, signOff, signLen); @@ -2203,87 +2333,92 @@ public boolean ecNoDigestVerifyMessage(byte[] input, short inputOff, } public boolean ecVerifyMessage(byte[] input, short inputOff, short inputlen, - byte[] sign, short signOff, short signLen, byte[] keyBlob) { + byte[] sign, short signOff, short signLen, byte[] keyBlob) { Signature ecVerifier; byte[] pubKey = new byte[128]; short len = getPublicKey(keyBlob, (short) 0, (short) keyBlob.length, - pubKey, (short) 0); + pubKey, (short) 0); if (len == 0) { return false; } ECPublicKey key = (ECPublicKey) KeyBuilder.buildKey( - KeyBuilder.TYPE_EC_FP_PUBLIC, KeyBuilder.LENGTH_EC_FP_256, false); + KeyBuilder.TYPE_EC_FP_PUBLIC, KeyBuilder.LENGTH_EC_FP_256, false); key.setW(pubKey, (short) 0, len); ecVerifier = Signature.getInstance(Signature.ALG_ECDSA_SHA_256, false); ecVerifier.init(key, Signature.MODE_VERIFY); return ecVerifier.verify(input, inputOff, inputlen, sign, signOff, signLen); } - public boolean rsaVerifyMessage(byte[] input, short inputOff, short inputlen, byte[] sign, short signOff, short signLen, - short digest,short padding, byte[] keyBlob) { - if(digest == KMType.DIGEST_NONE || padding == KMType.PADDING_NONE) + public boolean rsaVerifyMessage(byte[] input, short inputOff, short inputlen, byte[] sign, + short signOff, short signLen, + short digest, short padding, byte[] keyBlob) { + if (digest == KMType.DIGEST_NONE || padding == KMType.PADDING_NONE) { return false; + } byte[] pubKey = new byte[256]; - if (0 == getPublicKey(keyBlob, (short)0, (short)keyBlob.length, pubKey, (short)0)) + if (0 == getPublicKey(keyBlob, (short) 0, (short) keyBlob.length, pubKey, (short) 0)) { return false; + } short alg = Signature.ALG_RSA_SHA_256_PKCS1_PSS; - if (padding == KMType.RSA_PKCS1_1_5_SIGN) + if (padding == KMType.RSA_PKCS1_1_5_SIGN) { alg = Signature.ALG_RSA_SHA_256_PKCS1; + } - Signature rsaVerifier = Signature.getInstance((byte)alg, false); - RSAPublicKey key = (RSAPublicKey) KeyBuilder.buildKey(KeyBuilder.TYPE_RSA_PUBLIC, KeyBuilder.LENGTH_RSA_2048, false); - byte[] exponent = new byte[]{0x01,0x00,0x01}; - key.setExponent(exponent,(short)0,(short)exponent.length); - key.setModulus(pubKey, (short)0, (short)pubKey.length); - rsaVerifier.init(key,Signature.MODE_VERIFY); + Signature rsaVerifier = Signature.getInstance((byte) alg, false); + RSAPublicKey key = (RSAPublicKey) KeyBuilder + .buildKey(KeyBuilder.TYPE_RSA_PUBLIC, KeyBuilder.LENGTH_RSA_2048, false); + byte[] exponent = new byte[]{0x01, 0x00, 0x01}; + key.setExponent(exponent, (short) 0, (short) exponent.length); + key.setModulus(pubKey, (short) 0, (short) pubKey.length); + rsaVerifier.init(key, Signature.MODE_VERIFY); return rsaVerifier.verify(input, inputOff, inputlen, sign, signOff, signLen); } public byte[] EncryptMessage(byte[] input, short params, byte[] keyBlob) { short ret = begin(KMType.ENCRYPT, - KMByteBlob.instance(keyBlob, (short) 0, (short) keyBlob.length), - KMKeyParameters.instance(params), (short) 0); + KMByteBlob.instance(keyBlob, (short) 0, (short) keyBlob.length), + KMKeyParameters.instance(params), (short) 0); // Get the operation handle. short opHandle = KMArray.cast(ret).get((short) 2); byte[] opHandleBuf = new byte[KMRepository.OPERATION_HANDLE_SIZE]; KMInteger.cast(opHandle).getValue(opHandleBuf, (short) 0, - (short) opHandleBuf.length); + (short) opHandleBuf.length); opHandle = KMInteger.uint_64(opHandleBuf, (short) 0); ret = finish(opHandle, - KMByteBlob.instance(input, (short) 0, (short) input.length), null, - (short) 0, (short) 0, (short) 0, KMError.OK); + KMByteBlob.instance(input, (short) 0, (short) input.length), null, + (short) 0, (short) 0, (short) 0, KMError.OK); short dataPtr = KMArray.cast(ret).get((short) 2); byte[] output = new byte[KMByteBlob.cast(dataPtr).length()]; if (KMByteBlob.cast(dataPtr).length() > 0) { Util.arrayCopyNonAtomic(KMByteBlob.cast(dataPtr).getBuffer(), KMByteBlob .cast(dataPtr).getStartOff(), output, (short) 0, - KMByteBlob.cast(dataPtr).length()); + KMByteBlob.cast(dataPtr).length()); } return output; } public byte[] DecryptMessage(byte[] input, short params, byte[] keyBlob) { short ret = begin(KMType.DECRYPT, - KMByteBlob.instance(keyBlob, (short) 0, (short) keyBlob.length), - KMKeyParameters.instance(params), (short) 0); + KMByteBlob.instance(keyBlob, (short) 0, (short) keyBlob.length), + KMKeyParameters.instance(params), (short) 0); // Get the operation handle. short opHandle = KMArray.cast(ret).get((short) 2); byte[] opHandleBuf = new byte[KMRepository.OPERATION_HANDLE_SIZE]; KMInteger.cast(opHandle).getValue(opHandleBuf, (short) 0, - (short) opHandleBuf.length); + (short) opHandleBuf.length); opHandle = KMInteger.uint_64(opHandleBuf, (short) 0); ret = finish(opHandle, - KMByteBlob.instance(input, (short) 0, (short) input.length), null, - (short) 0, (short) 0, (short) 0, KMError.OK); + KMByteBlob.instance(input, (short) 0, (short) input.length), null, + (short) 0, (short) 0, (short) 0, KMError.OK); short dataPtr = KMArray.cast(ret).get((short) 2); byte[] output = new byte[KMByteBlob.cast(dataPtr).length()]; if (KMByteBlob.cast(dataPtr).length() > 0) { Util.arrayCopyNonAtomic(KMByteBlob.cast(dataPtr).getBuffer(), KMByteBlob .cast(dataPtr).getStartOff(), output, (short) 0, - KMByteBlob.cast(dataPtr).length()); + KMByteBlob.cast(dataPtr).length()); } return output; } @@ -2302,12 +2437,12 @@ public void testDesEcbPkcs7PaddingCorrupted() { byte[] keyBlob = new byte[KMByteBlob.cast(desKeyPtr).length()]; Util.arrayCopyNonAtomic(KMByteBlob.cast(desKeyPtr).getBuffer(), KMByteBlob .cast(desKeyPtr).getStartOff(), keyBlob, (short) 0, - (short) keyBlob.length); + (short) keyBlob.length); byte[] message = { - 0x61 }; + 0x61}; short desPkcs7Params = getAesDesParams(KMType.DES, KMType.ECB, - KMType.PKCS7, null); + KMType.PKCS7, null); byte[] cipherText1 = EncryptMessage(message, desPkcs7Params, keyBlob); Assert.assertEquals(8, cipherText1.length); Assert.assertFalse(Arrays.equals(message, cipherText1)); @@ -2320,21 +2455,21 @@ public void testDesEcbPkcs7PaddingCorrupted() { desPkcs7Params = getAesDesParams(KMType.DES, KMType.ECB, KMType.PKCS7, null); short ret = begin(KMType.DECRYPT, - KMByteBlob.instance(keyBlob, (short) 0, (short) keyBlob.length), - KMKeyParameters.instance(desPkcs7Params), (short) 0); + KMByteBlob.instance(keyBlob, (short) 0, (short) keyBlob.length), + KMKeyParameters.instance(desPkcs7Params), (short) 0); // Get the operation handle. short opHandle = KMArray.cast(ret).get((short) 2); byte[] opHandleBuf = new byte[KMRepository.OPERATION_HANDLE_SIZE]; KMInteger.cast(opHandle).getValue(opHandleBuf, (short) 0, - (short) opHandleBuf.length); + (short) opHandleBuf.length); opHandle = KMInteger.uint_64(opHandleBuf, (short) 0); // Finish short dataPtr = KMByteBlob.instance(cipherText1, (short) 0, - (short) cipherText1.length); + (short) cipherText1.length); opHandle = KMInteger.uint_64(opHandleBuf, (short) 0); ret = finish(opHandle, dataPtr, null, (short) 0, (short) 0, (short) 0, - KMError.INVALID_ARGUMENT); + KMError.INVALID_ARGUMENT); cleanUp(); } @@ -2342,37 +2477,39 @@ public void testDesEcbPkcs7PaddingCorrupted() { public void testVtsRsaPkcs1Success() { init(); byte[] message = { - 0x48, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x57, 0x6f, 0x72, 0x6c, 0x64, - 0x21 }; // "Hello World!"; + 0x48, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x57, 0x6f, 0x72, 0x6c, 0x64, + 0x21}; // "Hello World!"; for (int i = 0; i < 250; i++) { short key = generateRsaKey(null, null); short rsaKeyPtr = KMArray.cast(key).get((short) 1); byte[] keyBlob = new byte[KMByteBlob.cast(rsaKeyPtr).length()]; Util.arrayCopyNonAtomic(KMByteBlob.cast(rsaKeyPtr).getBuffer(), - KMByteBlob.cast(rsaKeyPtr).getStartOff(), keyBlob, (short) 0, - (short) keyBlob.length); + KMByteBlob.cast(rsaKeyPtr).getStartOff(), keyBlob, (short) 0, + (short) keyBlob.length); short pkcs1Params = getRsaParams(KMType.DIGEST_NONE, - KMType.RSA_PKCS1_1_5_ENCRYPT); + KMType.RSA_PKCS1_1_5_ENCRYPT); byte[] cipherText1 = new byte[256]; - short cipherText1Len = rsaEncryptMessage(keyBlob, KMType.RSA_PKCS1_1_5_ENCRYPT, KMType.DIGEST_NONE, - message, (short)0, (short)message.length, - cipherText1, (short)0); + short cipherText1Len = rsaEncryptMessage(keyBlob, KMType.RSA_PKCS1_1_5_ENCRYPT, + KMType.DIGEST_NONE, + message, (short) 0, (short) message.length, + cipherText1, (short) 0); Assert.assertEquals((2048 / 8), cipherText1Len); pkcs1Params = getRsaParams(KMType.DIGEST_NONE, - KMType.RSA_PKCS1_1_5_ENCRYPT); + KMType.RSA_PKCS1_1_5_ENCRYPT); byte[] cipherText2 = new byte[256]; - short cipherText2Len = rsaEncryptMessage(keyBlob, KMType.RSA_PKCS1_1_5_ENCRYPT, KMType.DIGEST_NONE, - message, (short)0, (short)message.length, - cipherText2, (short)0); + short cipherText2Len = rsaEncryptMessage(keyBlob, KMType.RSA_PKCS1_1_5_ENCRYPT, + KMType.DIGEST_NONE, + message, (short) 0, (short) message.length, + cipherText2, (short) 0); Assert.assertEquals((2048 / 8), cipherText2Len); // PKCS1 v1.5 randomizes padding so every result should be different. Assert.assertFalse(Arrays.equals(cipherText1, cipherText2)); pkcs1Params = getRsaParams(KMType.DIGEST_NONE, - KMType.RSA_PKCS1_1_5_ENCRYPT); + KMType.RSA_PKCS1_1_5_ENCRYPT); byte[] plainText = DecryptMessage(cipherText1, pkcs1Params, keyBlob); Assert.assertTrue(Arrays.equals(message, plainText)); @@ -2386,76 +2523,79 @@ public void testVtsRsaPkcs1Success() { cipherText1[offset_to_corrupt] = corrupt_byte; pkcs1Params = getRsaParams(KMType.DIGEST_NONE, - KMType.RSA_PKCS1_1_5_ENCRYPT); + KMType.RSA_PKCS1_1_5_ENCRYPT); // Do Begin operation. short ret = begin(KMType.DECRYPT, - KMByteBlob.instance(keyBlob, (short) 0, (short) keyBlob.length), - KMKeyParameters.instance(pkcs1Params), (short) 0); + KMByteBlob.instance(keyBlob, (short) 0, (short) keyBlob.length), + KMKeyParameters.instance(pkcs1Params), (short) 0); // Get the operation handle. short opHandle = KMArray.cast(ret).get((short) 2); byte[] opHandleBuf = new byte[KMRepository.OPERATION_HANDLE_SIZE]; KMInteger.cast(opHandle).getValue(opHandleBuf, (short) 0, - (short) opHandleBuf.length); + (short) opHandleBuf.length); opHandle = KMInteger.uint_64(opHandleBuf, (short) 0); short dataPtr = KMByteBlob.instance(cipherText1, (short) 0, - (short) cipherText1.length); + (short) cipherText1.length); // Finish should return UNKNOWN_ERROR. ret = finish(opHandle, dataPtr, null, (short) 0, (short) 0, (short) 0, - KMError.UNKNOWN_ERROR); + KMError.UNKNOWN_ERROR); } cleanUp(); } @Test - public void testSignVerifyWithHmacSHA256WithUpdate(){ + public void testSignVerifyWithHmacSHA256WithUpdate() { init(); testSignVerifyWithHmac(KMType.SHA2_256, true); cleanUp(); } @Test - public void testSignVerifyWithHmacSHA256(){ + public void testSignVerifyWithHmacSHA256() { init(); testSignVerifyWithHmac(KMType.SHA2_256, false); cleanUp(); } @Test - public void testSignVerifyWithEcdsaSHA256WithUpdate(){ + public void testSignVerifyWithEcdsaSHA256WithUpdate() { init(); testSignVerifyWithEcdsa(KMType.SHA2_256, true); cleanUp(); } + @Test - public void testSignVerifyWithEcdsaSHA256(){ + public void testSignVerifyWithEcdsaSHA256() { init(); testSignVerifyWithEcdsa(KMType.SHA2_256, false); cleanUp(); } + @Test - public void testSignVerifyWithRsaSHA256Pkcs1(){ + public void testSignVerifyWithRsaSHA256Pkcs1() { init(); - testSignVerifyWithRsa(KMType.SHA2_256, KMType.RSA_PKCS1_1_5_SIGN,false, true); + testSignVerifyWithRsa(KMType.SHA2_256, KMType.RSA_PKCS1_1_5_SIGN, false, true); cleanUp(); } + @Test - public void testSignVerifyWithRsaSHA256Pss(){ + public void testSignVerifyWithRsaSHA256Pss() { init(); - testSignVerifyWithRsa(KMType.SHA2_256, KMType.RSA_PSS,false, true); + testSignVerifyWithRsa(KMType.SHA2_256, KMType.RSA_PSS, false, true); cleanUp(); } @Test - public void testSignVerifyWithRsaSHA256Pkcs1WithUpdate(){ + public void testSignVerifyWithRsaSHA256Pkcs1WithUpdate() { init(); - testSignVerifyWithRsa(KMType.SHA2_256, KMType.RSA_PKCS1_1_5_SIGN,true, true); + testSignVerifyWithRsa(KMType.SHA2_256, KMType.RSA_PKCS1_1_5_SIGN, true, true); cleanUp(); } @Test - public void testProvisionSuccess(){ + public void testProvisionSuccess() { AID appletAID1 = AIDUtil.create("A000000062"); simulator.installApplet(appletAID1, KMJCardSimApplet.class); // Select applet @@ -2466,88 +2606,90 @@ public void testProvisionSuccess(){ } @Test - public void testAttestRsaKey(){ + public void testAttestRsaKey() { init(); - short key = generateRsaKey(null,null); - short keyBlobPtr = KMArray.cast(key).get((short)1); - byte[] keyBlob= new byte[KMByteBlob.cast(keyBlobPtr).length()]; + short key = generateRsaKey(null, null); + short keyBlobPtr = KMArray.cast(key).get((short) 1); + byte[] keyBlob = new byte[KMByteBlob.cast(keyBlobPtr).length()]; Util.arrayCopyNonAtomic( - KMByteBlob.cast(keyBlobPtr).getBuffer(), - KMByteBlob.cast(keyBlobPtr).getStartOff(), - keyBlob,(short)0, (short)keyBlob.length); + KMByteBlob.cast(keyBlobPtr).getBuffer(), + KMByteBlob.cast(keyBlobPtr).getStartOff(), + keyBlob, (short) 0, (short) keyBlob.length); testAttestKey(keyBlob); cleanUp(); } @Test - public void testAttestEcKey(){ + public void testAttestEcKey() { init(); - short key = generateEcKey(null,null); - short keyBlobPtr = KMArray.cast(key).get((short)1); - byte[] keyBlob= new byte[KMByteBlob.cast(keyBlobPtr).length()]; + short key = generateEcKey(null, null); + short keyBlobPtr = KMArray.cast(key).get((short) 1); + byte[] keyBlob = new byte[KMByteBlob.cast(keyBlobPtr).length()]; Util.arrayCopyNonAtomic( - KMByteBlob.cast(keyBlobPtr).getBuffer(), - KMByteBlob.cast(keyBlobPtr).getStartOff(), - keyBlob,(short)0, (short)keyBlob.length); + KMByteBlob.cast(keyBlobPtr).getBuffer(), + KMByteBlob.cast(keyBlobPtr).getStartOff(), + keyBlob, (short) 0, (short) keyBlob.length); testAttestKey(keyBlob); cleanUp(); } - public void testAttestKey(byte[] keyBlob){ - short arrPtr = KMArray.instance((short)2); - KMArray.cast(arrPtr).add((short)0, KMByteTag.instance(KMType.ATTESTATION_APPLICATION_ID, - KMByteBlob.instance(attAppId,(short)0,(short)attAppId.length))); - KMArray.cast(arrPtr).add((short)1, KMByteTag.instance(KMType.ATTESTATION_CHALLENGE, - KMByteBlob.instance(attChallenge,(short)0,(short)attChallenge.length))); + public void testAttestKey(byte[] keyBlob) { + short arrPtr = KMArray.instance((short) 2); + KMArray.cast(arrPtr).add((short) 0, KMByteTag.instance(KMType.ATTESTATION_APPLICATION_ID, + KMByteBlob.instance(attAppId, (short) 0, (short) attAppId.length))); + KMArray.cast(arrPtr).add((short) 1, KMByteTag.instance(KMType.ATTESTATION_CHALLENGE, + KMByteBlob.instance(attChallenge, (short) 0, (short) attChallenge.length))); short keyParams = KMKeyParameters.instance(arrPtr); - short args = KMArray.instance((short)2); - KMArray.cast(args).add((short)0, KMByteBlob.instance(keyBlob,(short)0,(short)keyBlob.length)); - KMArray.cast(args).add((short)1, keyParams); - CommandAPDU apdu = encodeApdu((byte)INS_ATTEST_KEY_CMD, args); + short args = KMArray.instance((short) 2); + KMArray.cast(args) + .add((short) 0, KMByteBlob.instance(keyBlob, (short) 0, (short) keyBlob.length)); + KMArray.cast(args).add((short) 1, keyParams); + CommandAPDU apdu = encodeApdu((byte) INS_ATTEST_KEY_CMD, args); //print(apdu.getBytes(),(short)0,(short)apdu.getBytes().length); ResponseAPDU response = simulator.transmitCommand(apdu); short ret = KMArray.instance((short) 2); - short arrBlobs = KMArray.instance((short)1); - KMArray.cast(arrBlobs).add((short)0, KMByteBlob.exp()); - KMArray.cast(ret).add((short)0, KMInteger.exp()); - KMArray.cast(ret).add((short)1, arrBlobs); + short arrBlobs = KMArray.instance((short) 1); + KMArray.cast(arrBlobs).add((short) 0, KMByteBlob.exp()); + KMArray.cast(ret).add((short) 0, KMInteger.exp()); + KMArray.cast(ret).add((short) 1, arrBlobs); byte[] respBuf = response.getBytes(); short len = (short) respBuf.length; - //(respBuf,(short)0,(short)respBuf.length); + //(respBuf,(short)0,(short)respBuf.length); ret = decoder.decode(ret, respBuf, (short) 0, len); - short error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); + short error = KMInteger.cast(KMArray.cast(ret).get((short) 0)).getShort(); Assert.assertEquals(error, KMError.OK); - arrBlobs = KMArray.cast(ret).get((short)1); - short cert = KMArray.cast(arrBlobs).get((short)0); + arrBlobs = KMArray.cast(ret).get((short) 1); + short cert = KMArray.cast(arrBlobs).get((short) 0); //printCert(KMByteBlob.cast(cert).getBuffer(),KMByteBlob.cast(cert).getStartOff(),KMByteBlob.cast(cert).length()); } @Test - public void testUpgradeKey(){ + public void testUpgradeKey() { init(); short ret = generateHmacKey(null, null); - short keyBlobPtr = KMArray.cast(ret).get((short)1); - byte[] keyBlob= new byte[KMByteBlob.cast(keyBlobPtr).length()]; - Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), KMByteBlob.cast(keyBlobPtr).getStartOff(), - keyBlob,(short)0, (short)keyBlob.length); - short keyCharacteristics = KMArray.cast(ret).get((short)2); + short keyBlobPtr = KMArray.cast(ret).get((short) 1); + byte[] keyBlob = new byte[KMByteBlob.cast(keyBlobPtr).length()]; + Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), + KMByteBlob.cast(keyBlobPtr).getStartOff(), + keyBlob, (short) 0, (short) keyBlob.length); + short keyCharacteristics = KMArray.cast(ret).get((short) 2); short hwParams = KMKeyCharacteristics.cast(keyCharacteristics).getHardwareEnforced(); short swParams = KMKeyCharacteristics.cast(keyCharacteristics).getSoftwareEnforced(); - short osVersion = KMKeyParameters.findTag(KMType.UINT_TAG,KMType.OS_VERSION,hwParams); + short osVersion = KMKeyParameters.findTag(KMType.UINT_TAG, KMType.OS_VERSION, hwParams); osVersion = KMIntegerTag.cast(osVersion).getValue(); - short osPatch = KMKeyParameters.findTag(KMType.UINT_TAG,KMType.OS_PATCH_LEVEL,hwParams); + short osPatch = KMKeyParameters.findTag(KMType.UINT_TAG, KMType.OS_PATCH_LEVEL, hwParams); osPatch = KMIntegerTag.cast(osPatch).getValue(); Assert.assertEquals(KMInteger.cast(osVersion).getShort(), 1); Assert.assertEquals(KMInteger.cast(osPatch).getShort(), 1); - setBootParams(simulator,(short) 2,(short)2, (short)1, (short)1); - ret = upgradeKey(KMByteBlob.instance(keyBlob, (short)0, (short)keyBlob.length),null, null); - keyBlobPtr = KMArray.cast(ret).get((short)1); + setBootParams(simulator, (short) 2, (short) 2, (short) 1, (short) 1); + ret = upgradeKey(KMByteBlob.instance(keyBlob, (short) 0, (short) keyBlob.length), null, null); + keyBlobPtr = KMArray.cast(ret).get((short) 1); ret = getKeyCharacteristics(keyBlobPtr); - keyCharacteristics = KMArray.cast(ret).get((short)1); + keyCharacteristics = KMArray.cast(ret).get((short) 1); hwParams = KMKeyCharacteristics.cast(keyCharacteristics).getHardwareEnforced(); - osVersion = KMKeyParameters.findTag(KMType.UINT_TAG,KMType.OS_VERSION,hwParams); + osVersion = KMKeyParameters.findTag(KMType.UINT_TAG, KMType.OS_VERSION, hwParams); osVersion = KMIntegerTag.cast(osVersion).getValue(); - osPatch = KMKeyParameters.findTag(KMType.UINT_TAG,KMType.OS_PATCH_LEVEL,hwParams); + osPatch = KMKeyParameters.findTag(KMType.UINT_TAG, KMType.OS_PATCH_LEVEL, hwParams); osPatch = KMIntegerTag.cast(osPatch).getValue(); Assert.assertEquals(KMInteger.cast(osVersion).getShort(), 2); Assert.assertEquals(KMInteger.cast(osPatch).getShort(), 2); @@ -2555,7 +2697,7 @@ public void testUpgradeKey(){ } @Test - public void testDestroyAttIds(){ + public void testDestroyAttIds() { init(); CommandAPDU commandAPDU = new CommandAPDU(0x80, INS_DESTROY_ATT_IDS_CMD, 0x40, 0x00); ResponseAPDU response = simulator.transmitCommand(commandAPDU); @@ -2564,54 +2706,70 @@ public void testDestroyAttIds(){ cleanUp(); } - private short upgradeKey(short keyBlobPtr, byte[] clientId, byte[] appData){ + private short upgradeKey(short keyBlobPtr, byte[] clientId, byte[] appData) { short tagCount = 0; short clientIdTag = 0; short appDataTag = 0; - if(clientId != null) tagCount++; - if(appData != null) tagCount++; + if (clientId != null) { + tagCount++; + } + if (appData != null) { + tagCount++; + } short keyParams = KMArray.instance(tagCount); - short tagIndex=0; - if(clientId != null)KMArray.cast(keyBlobPtr).add(tagIndex++, - KMByteTag.instance(KMType.APPLICATION_ID, KMByteBlob.instance(clientId,(short)0,(short)clientId.length))); - if(appData != null)KMArray.cast(keyParams).add(tagIndex++, - KMByteTag.instance(KMType.APPLICATION_DATA, KMByteBlob.instance(appData,(short)0,(short)appData.length))); + short tagIndex = 0; + if (clientId != null) { + KMArray.cast(keyBlobPtr).add(tagIndex++, + KMByteTag.instance(KMType.APPLICATION_ID, + KMByteBlob.instance(clientId, (short) 0, (short) clientId.length))); + } + if (appData != null) { + KMArray.cast(keyParams).add(tagIndex++, + KMByteTag.instance(KMType.APPLICATION_DATA, + KMByteBlob.instance(appData, (short) 0, (short) appData.length))); + } keyParams = KMKeyParameters.instance(keyParams); - short arr = KMArray.instance((short)2); - KMArray.cast(arr).add((short)0,keyBlobPtr); - KMArray.cast(arr).add((short)1,keyParams); - CommandAPDU apdu = encodeApdu((byte)INS_UPGRADE_KEY_CMD, arr); + short arr = KMArray.instance((short) 2); + KMArray.cast(arr).add((short) 0, keyBlobPtr); + KMArray.cast(arr).add((short) 1, keyParams); + CommandAPDU apdu = encodeApdu((byte) INS_UPGRADE_KEY_CMD, arr); // print(commandAPDU.getBytes()); ResponseAPDU response = simulator.transmitCommand(apdu); short ret = KMArray.instance((short) 2); KMArray.cast(ret).add((short) 0, KMInteger.exp()); - KMArray.cast(ret).add((short)1, KMByteBlob.exp()); + KMArray.cast(ret).add((short) 1, KMByteBlob.exp()); byte[] respBuf = response.getBytes(); short len = (short) respBuf.length; ret = decoder.decode(ret, respBuf, (short) 0, len); - short error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); + short error = KMInteger.cast(KMArray.cast(ret).get((short) 0)).getShort(); Assert.assertEquals(error, KMError.OK); return ret; } + @Test - public void testSignVerifyWithRsaSHA256PssWithUpdate(){ + public void testSignVerifyWithRsaSHA256PssWithUpdate() { init(); - testSignVerifyWithRsa(KMType.SHA2_256, KMType.RSA_PSS,true, true); + testSignVerifyWithRsa(KMType.SHA2_256, KMType.RSA_PSS, true, true); cleanUp(); } + @Test - public void testAbortOperation(){ + public void testAbortOperation() { init(); - short aesDesKeyArr = generateAesDesKey(KMType.AES, (short)128,null, null, false);; - short keyBlobPtr = KMArray.cast(aesDesKeyArr).get((short)1); - byte[] keyBlob= new byte[KMByteBlob.cast(keyBlobPtr).length()]; - Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), KMByteBlob.cast(keyBlobPtr).getStartOff(), - keyBlob,(short)0, (short)keyBlob.length); + short aesDesKeyArr = generateAesDesKey(KMType.AES, (short) 128, null, null, false); + ; + short keyBlobPtr = KMArray.cast(aesDesKeyArr).get((short) 1); + byte[] keyBlob = new byte[KMByteBlob.cast(keyBlobPtr).length()]; + Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), + KMByteBlob.cast(keyBlobPtr).getStartOff(), + keyBlob, (short) 0, (short) keyBlob.length); byte[] nonce = new byte[16]; - cryptoProvider.newRandomNumber(nonce,(short)0,(short)16); - short inParams = getAesDesParams(KMType.AES,KMType.ECB, KMType.PKCS7, nonce); - byte[] plainData= "Hello World 123!".getBytes(); - short ret = begin(KMType.ENCRYPT, KMByteBlob.instance(keyBlob,(short)0, (short)keyBlob.length), KMKeyParameters.instance(inParams), (short)0); + cryptoProvider.newRandomNumber(nonce, (short) 0, (short) 16); + short inParams = getAesDesParams(KMType.AES, KMType.ECB, KMType.PKCS7, nonce); + byte[] plainData = "Hello World 123!".getBytes(); + short ret = begin(KMType.ENCRYPT, + KMByteBlob.instance(keyBlob, (short) 0, (short) keyBlob.length), + KMKeyParameters.instance(inParams), (short) 0); short opHandle = KMArray.cast(ret).get((short) 2); byte[] opHandleBuf = new byte[KMRepository.OPERATION_HANDLE_SIZE]; KMInteger.cast(opHandle).getValue(opHandleBuf, (short) 0, (short) opHandleBuf.length); @@ -2620,65 +2778,70 @@ public void testAbortOperation(){ short dataPtr = KMByteBlob.instance(plainData, (short) 0, (short) plainData.length); opHandle = KMInteger.uint_64(opHandleBuf, (short) 0); ret = update(opHandle, dataPtr, (short) 0, (short) 0, (short) 0); - Assert.assertEquals(KMError.INVALID_OPERATION_HANDLE,ret); + Assert.assertEquals(KMError.INVALID_OPERATION_HANDLE, ret); cleanUp(); } - public void testEncryptDecryptWithAesDes(byte alg, byte blockMode, byte padding, boolean update){ + public void testEncryptDecryptWithAesDes(byte alg, byte blockMode, byte padding, boolean update) { short aesDesKeyArr; boolean aesGcmFlag = false; - if(alg == KMType.AES){ - if(blockMode == KMType.GCM){ - aesDesKeyArr = generateAesGcmKey((short)128,null,null); + if (alg == KMType.AES) { + if (blockMode == KMType.GCM) { + aesDesKeyArr = generateAesGcmKey((short) 128, null, null); aesGcmFlag = true; } else { aesDesKeyArr = generateAesDesKey(alg, (short) 128, null, null, false); } - } else{ - aesDesKeyArr = generateAesDesKey(alg, (short)168,null, null, false); + } else { + aesDesKeyArr = generateAesDesKey(alg, (short) 168, null, null, false); } - short keyBlobPtr = KMArray.cast(aesDesKeyArr).get((short)1); - byte[] keyBlob= new byte[KMByteBlob.cast(keyBlobPtr).length()]; - Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), KMByteBlob.cast(keyBlobPtr).getStartOff(), - keyBlob,(short)0, (short)keyBlob.length); + short keyBlobPtr = KMArray.cast(aesDesKeyArr).get((short) 1); + byte[] keyBlob = new byte[KMByteBlob.cast(keyBlobPtr).length()]; + Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), + KMByteBlob.cast(keyBlobPtr).getStartOff(), + keyBlob, (short) 0, (short) keyBlob.length); byte[] nonce = new byte[16]; - cryptoProvider.newRandomNumber(nonce,(short)0,(short)16); - short inParams = getAesDesParams(alg,blockMode, padding, nonce); - byte[] plainData= "Hello World 123!".getBytes(); - if(update) plainData= "Hello World 123! Hip Hip Hoorah!".getBytes(); + cryptoProvider.newRandomNumber(nonce, (short) 0, (short) 16); + short inParams = getAesDesParams(alg, blockMode, padding, nonce); + byte[] plainData = "Hello World 123!".getBytes(); + if (update) { + plainData = "Hello World 123! Hip Hip Hoorah!".getBytes(); + } //Encrypt short ret = processMessage(plainData, - KMByteBlob.instance(keyBlob,(short)0, (short)keyBlob.length), - KMType.ENCRYPT, - KMKeyParameters.instance(inParams), - (short)0,null,update, aesGcmFlag - ); - inParams = getAesDesParams(alg,blockMode, padding, nonce); - keyBlobPtr = KMArray.cast(ret).get((short)2); + KMByteBlob.instance(keyBlob, (short) 0, (short) keyBlob.length), + KMType.ENCRYPT, + KMKeyParameters.instance(inParams), + (short) 0, null, update, aesGcmFlag + ); + inParams = getAesDesParams(alg, blockMode, padding, nonce); + keyBlobPtr = KMArray.cast(ret).get((short) 2); //print(keyBlobPtr); byte[] cipherData = new byte[KMByteBlob.cast(keyBlobPtr).length()]; - Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), KMByteBlob.cast(keyBlobPtr).getStartOff(), - cipherData,(short)0, (short)cipherData.length); + Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), + KMByteBlob.cast(keyBlobPtr).getStartOff(), + cipherData, (short) 0, (short) cipherData.length); ret = processMessage(cipherData, - KMByteBlob.instance(keyBlob,(short)0, (short)keyBlob.length), - KMType.DECRYPT, - KMKeyParameters.instance(inParams), - (short)0,null,update, aesGcmFlag + KMByteBlob.instance(keyBlob, (short) 0, (short) keyBlob.length), + KMType.DECRYPT, + KMKeyParameters.instance(inParams), + (short) 0, null, update, aesGcmFlag ); - keyBlobPtr = KMArray.cast(ret).get((short)2); + keyBlobPtr = KMArray.cast(ret).get((short) 2); //print(plainData,(short)0,(short)plainData.length); //print(keyBlobPtr); - short equal = Util.arrayCompare(plainData,(short)0,KMByteBlob.cast(keyBlobPtr).getBuffer(), - KMByteBlob.cast(keyBlobPtr).getStartOff(),(short)plainData.length); + short equal = Util.arrayCompare(plainData, (short) 0, KMByteBlob.cast(keyBlobPtr).getBuffer(), + KMByteBlob.cast(keyBlobPtr).getStartOff(), (short) plainData.length); Assert.assertTrue(equal == 0); } - public void testEncryptDecryptWithRsa(byte digest, byte padding){ + public void testEncryptDecryptWithRsa(byte digest, byte padding) { short rsaKeyArr = generateRsaKey(null, null); - short keyBlobPtr = KMArray.cast(rsaKeyArr).get((short)1); - byte[] keyBlob= new byte[KMByteBlob.cast(keyBlobPtr).length()]; - Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), KMByteBlob.cast(keyBlobPtr).getStartOff(), - keyBlob,(short)0, (short)keyBlob.length); + short keyBlobPtr = KMArray.cast(rsaKeyArr).get((short) 1); + byte[] keyBlob = new byte[KMByteBlob.cast(keyBlobPtr).length()]; + Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), + KMByteBlob.cast(keyBlobPtr).getStartOff(), + keyBlob, (short) 0, (short) keyBlob.length); short inParams = getRsaParams(digest, padding); byte[] plainData = "Hello World 123!".getBytes(); byte[] cipherData = new byte[256]; @@ -2686,193 +2849,211 @@ public void testEncryptDecryptWithRsa(byte digest, byte padding){ //Encrypt if (padding == KMType.RSA_OAEP) { cipherDataLen = rsaOaepEncryptMessage(keyBlob, digest, plainData, - (short) 0, (short) plainData.length, cipherData, (short) 0); + (short) 0, (short) plainData.length, cipherData, (short) 0); } else { cipherDataLen = rsaEncryptMessage(keyBlob, padding, digest, plainData, - (short) 0, (short) plainData.length, cipherData, (short) 0); + (short) 0, (short) plainData.length, cipherData, (short) 0); } Assert.assertTrue((cipherDataLen == 256)); inParams = getRsaParams(digest, padding); short ret = processMessage(cipherData, - KMByteBlob.instance(keyBlob,(short)0, (short)keyBlob.length), - KMType.DECRYPT, - KMKeyParameters.instance(inParams), - (short)0,null,false,false + KMByteBlob.instance(keyBlob, (short) 0, (short) keyBlob.length), + KMType.DECRYPT, + KMKeyParameters.instance(inParams), + (short) 0, null, false, false ); - keyBlobPtr = KMArray.cast(ret).get((short)2); + keyBlobPtr = KMArray.cast(ret).get((short) 2); short len = KMByteBlob.cast(keyBlobPtr).length(); short start = KMByteBlob.cast(keyBlobPtr).getStartOff(); - short equal = Util.arrayCompare(plainData,(short)0,KMByteBlob.cast(keyBlobPtr).getBuffer(), - (short)(start+len-plainData.length),(short)plainData.length); + short equal = Util.arrayCompare(plainData, (short) 0, KMByteBlob.cast(keyBlobPtr).getBuffer(), + (short) (start + len - plainData.length), (short) plainData.length); Assert.assertTrue(equal == 0); } - public void testSignVerifyWithRsa(byte digest, byte padding, boolean update, boolean verifyFlag){ + public void testSignVerifyWithRsa(byte digest, byte padding, boolean update, boolean verifyFlag) { short rsaKeyArr = generateRsaKey(null, null); - short keyBlobPtr = KMArray.cast(rsaKeyArr).get((short)1); - byte[] keyBlob= new byte[KMByteBlob.cast(keyBlobPtr).length()]; - Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), KMByteBlob.cast(keyBlobPtr).getStartOff(), - keyBlob,(short)0, (short)keyBlob.length); + short keyBlobPtr = KMArray.cast(rsaKeyArr).get((short) 1); + byte[] keyBlob = new byte[KMByteBlob.cast(keyBlobPtr).length()]; + Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), + KMByteBlob.cast(keyBlobPtr).getStartOff(), + keyBlob, (short) 0, (short) keyBlob.length); short inParams = getRsaParams(digest, padding); byte[] plainData = "Hello World 123!".getBytes(); - if(update) plainData= "Hello World 123! Hip Hip Hoorah!".getBytes(); + if (update) { + plainData = "Hello World 123! Hip Hip Hoorah!".getBytes(); + } //Sign short ret = processMessage(plainData, - KMByteBlob.instance(keyBlob,(short)0, (short)keyBlob.length), - KMType.SIGN, - KMKeyParameters.instance(inParams), - (short)0,null,update,false + KMByteBlob.instance(keyBlob, (short) 0, (short) keyBlob.length), + KMType.SIGN, + KMKeyParameters.instance(inParams), + (short) 0, null, update, false ); inParams = getRsaParams(digest, padding); - keyBlobPtr = KMArray.cast(ret).get((short)2); + keyBlobPtr = KMArray.cast(ret).get((short) 2); byte[] signatureData = new byte[KMByteBlob.cast(keyBlobPtr).length()]; - Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), KMByteBlob.cast(keyBlobPtr).getStartOff(), - signatureData,(short)0, (short)signatureData.length); - if(verifyFlag == false) { - Assert.assertEquals(signatureData.length,256); + Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), + KMByteBlob.cast(keyBlobPtr).getStartOff(), + signatureData, (short) 0, (short) signatureData.length); + if (verifyFlag == false) { + Assert.assertEquals(signatureData.length, 256); return; } - boolean verify = rsaVerifyMessage(plainData, (short)0, (short)plainData.length, - signatureData, (short)0, (short)signatureData.length, - digest, padding, keyBlob); + boolean verify = rsaVerifyMessage(plainData, (short) 0, (short) plainData.length, + signatureData, (short) 0, (short) signatureData.length, + digest, padding, keyBlob); Assert.assertTrue(verify); } - public void testSignVerifyWithEcdsa(byte digest, boolean update){ + public void testSignVerifyWithEcdsa(byte digest, boolean update) { short ecKeyArr = generateEcKey(null, null); - short keyBlobPtr = KMArray.cast(ecKeyArr).get((short)1); - byte[] keyBlob= new byte[KMByteBlob.cast(keyBlobPtr).length()]; - Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), KMByteBlob.cast(keyBlobPtr).getStartOff(), - keyBlob,(short)0, (short)keyBlob.length); + short keyBlobPtr = KMArray.cast(ecKeyArr).get((short) 1); + byte[] keyBlob = new byte[KMByteBlob.cast(keyBlobPtr).length()]; + Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), + KMByteBlob.cast(keyBlobPtr).getStartOff(), + keyBlob, (short) 0, (short) keyBlob.length); short inParams = getEcParams(digest); byte[] plainData = "Hello World 123!".getBytes(); - if(update) plainData= "Hello World 123! Hip Hip Hoorah!".getBytes(); + if (update) { + plainData = "Hello World 123! Hip Hip Hoorah!".getBytes(); + } //Sign short ret = processMessage(plainData, - KMByteBlob.instance(keyBlob,(short)0, (short)keyBlob.length), - KMType.SIGN, - KMKeyParameters.instance(inParams), - (short)0,null,update,false + KMByteBlob.instance(keyBlob, (short) 0, (short) keyBlob.length), + KMType.SIGN, + KMKeyParameters.instance(inParams), + (short) 0, null, update, false ); inParams = getEcParams(digest); - keyBlobPtr = KMArray.cast(ret).get((short)2); + keyBlobPtr = KMArray.cast(ret).get((short) 2); byte[] signatureData = new byte[KMByteBlob.cast(keyBlobPtr).length()]; - Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), KMByteBlob.cast(keyBlobPtr).getStartOff(), - signatureData,(short)0, (short)signatureData.length); + Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), + KMByteBlob.cast(keyBlobPtr).getStartOff(), + signatureData, (short) 0, (short) signatureData.length); boolean verify = false; if (digest == KMType.DIGEST_NONE) { - verify = ecNoDigestVerifyMessage(plainData, (short)0, (short)plainData.length, - signatureData, (short)0, (short)signatureData.length, - keyBlob); + verify = ecNoDigestVerifyMessage(plainData, (short) 0, (short) plainData.length, + signatureData, (short) 0, (short) signatureData.length, + keyBlob); } else { - verify = ecVerifyMessage(plainData, (short)0, (short)plainData.length, - signatureData, (short)0, (short)signatureData.length, - keyBlob); + verify = ecVerifyMessage(plainData, (short) 0, (short) plainData.length, + signatureData, (short) 0, (short) signatureData.length, + keyBlob); } Assert.assertTrue(verify); } - public void testSignVerifyWithHmac(byte digest, boolean update){ + + public void testSignVerifyWithHmac(byte digest, boolean update) { short hmacKeyArr = generateHmacKey(null, null); - short keyBlobPtr = KMArray.cast(hmacKeyArr).get((short)1); - byte[] keyBlob= new byte[KMByteBlob.cast(keyBlobPtr).length()]; - Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), KMByteBlob.cast(keyBlobPtr).getStartOff(), - keyBlob,(short)0, (short)keyBlob.length); - short inParams = getHmacParams(digest,true); + short keyBlobPtr = KMArray.cast(hmacKeyArr).get((short) 1); + byte[] keyBlob = new byte[KMByteBlob.cast(keyBlobPtr).length()]; + Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), + KMByteBlob.cast(keyBlobPtr).getStartOff(), + keyBlob, (short) 0, (short) keyBlob.length); + short inParams = getHmacParams(digest, true); byte[] plainData = "Hello World 123!".getBytes(); - if(update) plainData= "Hello World 123! Hip Hip Hoorah!".getBytes(); + if (update) { + plainData = "Hello World 123! Hip Hip Hoorah!".getBytes(); + } //Sign short ret = processMessage(plainData, - KMByteBlob.instance(keyBlob,(short)0, (short)keyBlob.length), - KMType.SIGN, - KMKeyParameters.instance(inParams), - (short)0,null,update,false + KMByteBlob.instance(keyBlob, (short) 0, (short) keyBlob.length), + KMType.SIGN, + KMKeyParameters.instance(inParams), + (short) 0, null, update, false ); - inParams = getHmacParams(digest,false); - keyBlobPtr = KMArray.cast(ret).get((short)2); + inParams = getHmacParams(digest, false); + keyBlobPtr = KMArray.cast(ret).get((short) 2); byte[] signatureData = new byte[KMByteBlob.cast(keyBlobPtr).length()]; - Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), KMByteBlob.cast(keyBlobPtr).getStartOff(), - signatureData,(short)0, (short)signatureData.length); + Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), + KMByteBlob.cast(keyBlobPtr).getStartOff(), + signatureData, (short) 0, (short) signatureData.length); ret = processMessage(plainData, - KMByteBlob.instance(keyBlob,(short)0, (short)keyBlob.length), - KMType.VERIFY, - KMKeyParameters.instance(inParams), - (short)0,signatureData,update,false + KMByteBlob.instance(keyBlob, (short) 0, (short) keyBlob.length), + KMType.VERIFY, + KMKeyParameters.instance(inParams), + (short) 0, signatureData, update, false ); - short error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); + short error = KMInteger.cast(KMArray.cast(ret).get((short) 0)).getShort(); Assert.assertEquals(error, KMError.OK); } private short getAesDesParams(byte alg, byte blockMode, byte padding, byte[] nonce) { short inParams; - if(blockMode == KMType.GCM){ - inParams = KMArray.instance((short)5); - short byteBlob = KMByteBlob.instance((short)1); - KMByteBlob.cast(byteBlob).add((short)0, blockMode); - KMArray.cast(inParams).add((short)0, KMEnumArrayTag.instance(KMType.BLOCK_MODE, byteBlob)); - byteBlob = KMByteBlob.instance((short)1); - KMByteBlob.cast(byteBlob).add((short)0, padding); - KMArray.cast(inParams).add((short)1, KMEnumArrayTag.instance(KMType.PADDING, byteBlob)); + if (blockMode == KMType.GCM) { + inParams = KMArray.instance((short) 5); + short byteBlob = KMByteBlob.instance((short) 1); + KMByteBlob.cast(byteBlob).add((short) 0, blockMode); + KMArray.cast(inParams).add((short) 0, KMEnumArrayTag.instance(KMType.BLOCK_MODE, byteBlob)); + byteBlob = KMByteBlob.instance((short) 1); + KMByteBlob.cast(byteBlob).add((short) 0, padding); + KMArray.cast(inParams).add((short) 1, KMEnumArrayTag.instance(KMType.PADDING, byteBlob)); short nonceLen = 12; - byteBlob = KMByteBlob.instance(nonce,(short)0, nonceLen); - KMArray.cast(inParams).add((short)2, KMByteTag.instance(KMType.NONCE, byteBlob)); - short macLen = KMInteger.uint_16((short)128); - macLen = KMIntegerTag.instance(KMType.UINT_TAG,KMType.MAC_LENGTH,macLen); - KMArray.cast(inParams).add((short)3, macLen); + byteBlob = KMByteBlob.instance(nonce, (short) 0, nonceLen); + KMArray.cast(inParams).add((short) 2, KMByteTag.instance(KMType.NONCE, byteBlob)); + short macLen = KMInteger.uint_16((short) 128); + macLen = KMIntegerTag.instance(KMType.UINT_TAG, KMType.MAC_LENGTH, macLen); + KMArray.cast(inParams).add((short) 3, macLen); byte[] authData = "AuthData".getBytes(); - short associatedData = KMByteBlob.instance(authData,(short)0,(short)authData.length); - associatedData = KMByteTag.instance(KMType.ASSOCIATED_DATA,associatedData); - KMArray.cast(inParams).add((short)4, associatedData); - }else if(blockMode == KMType.ECB){ - inParams = KMArray.instance((short)2); - short byteBlob = KMByteBlob.instance((short)1); - KMByteBlob.cast(byteBlob).add((short)0, blockMode); - KMArray.cast(inParams).add((short)0, KMEnumArrayTag.instance(KMType.BLOCK_MODE, byteBlob)); - byteBlob = KMByteBlob.instance((short)1); - KMByteBlob.cast(byteBlob).add((short)0, padding); - KMArray.cast(inParams).add((short)1, KMEnumArrayTag.instance(KMType.PADDING, byteBlob)); - }else{ - inParams = KMArray.instance((short)3); - short byteBlob = KMByteBlob.instance((short)1); - KMByteBlob.cast(byteBlob).add((short)0, blockMode); - KMArray.cast(inParams).add((short)0, KMEnumArrayTag.instance(KMType.BLOCK_MODE, byteBlob)); - byteBlob = KMByteBlob.instance((short)1); - KMByteBlob.cast(byteBlob).add((short)0, padding); - KMArray.cast(inParams).add((short)1, KMEnumArrayTag.instance(KMType.PADDING, byteBlob)); + short associatedData = KMByteBlob.instance(authData, (short) 0, (short) authData.length); + associatedData = KMByteTag.instance(KMType.ASSOCIATED_DATA, associatedData); + KMArray.cast(inParams).add((short) 4, associatedData); + } else if (blockMode == KMType.ECB) { + inParams = KMArray.instance((short) 2); + short byteBlob = KMByteBlob.instance((short) 1); + KMByteBlob.cast(byteBlob).add((short) 0, blockMode); + KMArray.cast(inParams).add((short) 0, KMEnumArrayTag.instance(KMType.BLOCK_MODE, byteBlob)); + byteBlob = KMByteBlob.instance((short) 1); + KMByteBlob.cast(byteBlob).add((short) 0, padding); + KMArray.cast(inParams).add((short) 1, KMEnumArrayTag.instance(KMType.PADDING, byteBlob)); + } else { + inParams = KMArray.instance((short) 3); + short byteBlob = KMByteBlob.instance((short) 1); + KMByteBlob.cast(byteBlob).add((short) 0, blockMode); + KMArray.cast(inParams).add((short) 0, KMEnumArrayTag.instance(KMType.BLOCK_MODE, byteBlob)); + byteBlob = KMByteBlob.instance((short) 1); + KMByteBlob.cast(byteBlob).add((short) 0, padding); + KMArray.cast(inParams).add((short) 1, KMEnumArrayTag.instance(KMType.PADDING, byteBlob)); short nonceLen = 16; - if(alg == KMType.DES) nonceLen = 8; - byteBlob = KMByteBlob.instance(nonce,(short)0, nonceLen); - KMArray.cast(inParams).add((short)2, KMByteTag.instance(KMType.NONCE, byteBlob)); + if (alg == KMType.DES) { + nonceLen = 8; + } + byteBlob = KMByteBlob.instance(nonce, (short) 0, nonceLen); + KMArray.cast(inParams).add((short) 2, KMByteTag.instance(KMType.NONCE, byteBlob)); } return inParams; } private short getRsaParams(byte digest, byte padding) { - short inParams = KMArray.instance((short)2); - short byteBlob = KMByteBlob.instance((short)1); - KMByteBlob.cast(byteBlob).add((short)0, digest); - KMArray.cast(inParams).add((short)0, KMEnumArrayTag.instance(KMType.DIGEST, byteBlob)); - byteBlob = KMByteBlob.instance((short)1); - KMByteBlob.cast(byteBlob).add((short)0, padding); - KMArray.cast(inParams).add((short)1, KMEnumArrayTag.instance(KMType.PADDING, byteBlob)); + short inParams = KMArray.instance((short) 2); + short byteBlob = KMByteBlob.instance((short) 1); + KMByteBlob.cast(byteBlob).add((short) 0, digest); + KMArray.cast(inParams).add((short) 0, KMEnumArrayTag.instance(KMType.DIGEST, byteBlob)); + byteBlob = KMByteBlob.instance((short) 1); + KMByteBlob.cast(byteBlob).add((short) 0, padding); + KMArray.cast(inParams).add((short) 1, KMEnumArrayTag.instance(KMType.PADDING, byteBlob)); return inParams; } private short getEcParams(byte digest) { - short inParams = KMArray.instance((short)1); - short byteBlob = KMByteBlob.instance((short)1); - KMByteBlob.cast(byteBlob).add((short)0, digest); - KMArray.cast(inParams).add((short)0, KMEnumArrayTag.instance(KMType.DIGEST, byteBlob)); + short inParams = KMArray.instance((short) 1); + short byteBlob = KMByteBlob.instance((short) 1); + KMByteBlob.cast(byteBlob).add((short) 0, digest); + KMArray.cast(inParams).add((short) 0, KMEnumArrayTag.instance(KMType.DIGEST, byteBlob)); return inParams; } + private short getHmacParams(byte digest, boolean sign) { - short paramsize = (short) (sign ? 2 : 1); - short inParams = KMArray.instance((short)paramsize); - short byteBlob = KMByteBlob.instance((short)1); - KMByteBlob.cast(byteBlob).add((short)0, digest); - KMArray.cast(inParams).add((short)0, KMEnumArrayTag.instance(KMType.DIGEST, byteBlob)); - short macLength = KMIntegerTag.instance(KMType.UINT_TAG,KMType.MAC_LENGTH, KMInteger.uint_16((short)/*256*/160)); - if(sign) - KMArray.cast(inParams).add((short)1, macLength); + short paramsize = (short) (sign ? 2 : 1); + short inParams = KMArray.instance((short) paramsize); + short byteBlob = KMByteBlob.instance((short) 1); + KMByteBlob.cast(byteBlob).add((short) 0, digest); + KMArray.cast(inParams).add((short) 0, KMEnumArrayTag.instance(KMType.DIGEST, byteBlob)); + short macLength = KMIntegerTag + .instance(KMType.UINT_TAG, KMType.MAC_LENGTH, KMInteger.uint_16((short)/*256*/160)); + if (sign) { + KMArray.cast(inParams).add((short) 1, macLength); + } return inParams; } @@ -2892,24 +3073,24 @@ public short processMessage( short dataPtr = KMByteBlob.instance(data, (short) 0, (short) data.length); short ret = KMType.INVALID_VALUE; byte[] outputData = new byte[128]; - short len=0; + short len = 0; inParams = 0; //Test - short firstDataLen =16; + short firstDataLen = 16; if (keyPurpose == KMType.DECRYPT) { - firstDataLen = 32; + firstDataLen = 32; } //Test if (updateFlag) { dataPtr = KMByteBlob.instance(data, (short) 0, (short) /*16*/firstDataLen); - if(aesGcmFlag){ + if (aesGcmFlag) { byte[] authData = "AuthData".getBytes(); - short associatedData = KMByteBlob.instance(authData,(short)0,(short)authData.length); - associatedData = KMByteTag.instance(KMType.ASSOCIATED_DATA,associatedData); - inParams = KMArray.instance((short)1); - KMArray.cast(inParams).add((short)0, associatedData); + short associatedData = KMByteBlob.instance(authData, (short) 0, (short) authData.length); + associatedData = KMByteTag.instance(KMType.ASSOCIATED_DATA, associatedData); + inParams = KMArray.instance((short) 1); + KMArray.cast(inParams).add((short) 0, associatedData); inParams = KMKeyParameters.instance(inParams); } opHandle = KMInteger.uint_64(opHandleBuf, (short) 0); @@ -2924,8 +3105,9 @@ public short processMessage( KMByteBlob.cast(dataPtr).length()); len = KMByteBlob.cast(dataPtr).length(); dataPtr = KMByteBlob.instance(data, len, (short) (data.length - len)); - }else{ - dataPtr = KMByteBlob.instance(data, (short)/*16*/firstDataLen, (short) (data.length - /*16*/firstDataLen)); + } else { + dataPtr = KMByteBlob + .instance(data, (short)/*16*/firstDataLen, (short) (data.length - /*16*/firstDataLen)); } } @@ -2935,49 +3117,54 @@ public short processMessage( } else { ret = finish(opHandle, dataPtr, null, (short) 0, (short) 0, (short) 0, KMError.OK); } - if(len >0){ - dataPtr = KMArray.cast(ret).get((short)2); - if(KMByteBlob.cast(dataPtr).length() >0){ + if (len > 0) { + dataPtr = KMArray.cast(ret).get((short) 2); + if (KMByteBlob.cast(dataPtr).length() > 0) { Util.arrayCopyNonAtomic( - KMByteBlob.cast(dataPtr).getBuffer(), - KMByteBlob.cast(dataPtr).getStartOff(), - outputData, - len, - KMByteBlob.cast(dataPtr).length()); - len = (short)(len + KMByteBlob.cast(dataPtr).length()); + KMByteBlob.cast(dataPtr).getBuffer(), + KMByteBlob.cast(dataPtr).getStartOff(), + outputData, + len, + KMByteBlob.cast(dataPtr).length()); + len = (short) (len + KMByteBlob.cast(dataPtr).length()); } - KMArray.cast(ret).add((short)2, KMByteBlob.instance(outputData,(short)0,len)); + KMArray.cast(ret).add((short) 2, KMByteBlob.instance(outputData, (short) 0, len)); } return ret; } public short begin(byte keyPurpose, short keyBlob, short keyParmas, short hwToken) { - short arrPtr = KMArray.instance((short)4); - KMArray.cast(arrPtr).add((short)0, KMEnum.instance(KMType.PURPOSE, keyPurpose)); - KMArray.cast(arrPtr).add((short)1, keyBlob); - KMArray.cast(arrPtr).add((short)2, keyParmas); - if(hwToken == 0) { + short arrPtr = KMArray.instance((short) 4); + KMArray.cast(arrPtr).add((short) 0, KMEnum.instance(KMType.PURPOSE, keyPurpose)); + KMArray.cast(arrPtr).add((short) 1, keyBlob); + KMArray.cast(arrPtr).add((short) 2, keyParmas); + if (hwToken == 0) { hwToken = KMHardwareAuthToken.instance(); } - KMArray.cast(arrPtr).add((short)3, hwToken); - CommandAPDU apdu = encodeApdu((byte)INS_BEGIN_OPERATION_CMD, arrPtr); + KMArray.cast(arrPtr).add((short) 3, hwToken); + CommandAPDU apdu = encodeApdu((byte) INS_BEGIN_OPERATION_CMD, arrPtr); //print(apdu.getBytes(),(short)0,(short)apdu.getBytes().length); ResponseAPDU response = simulator.transmitCommand(apdu); short ret = KMArray.instance((short) 3); short outParams = KMKeyParameters.exp(); - KMArray.cast(ret).add((short)0, KMInteger.exp()); - KMArray.cast(ret).add((short)1, outParams); - KMArray.cast(ret).add((short)2, KMInteger.exp()); + KMArray.cast(ret).add((short) 0, KMInteger.exp()); + KMArray.cast(ret).add((short) 1, outParams); + KMArray.cast(ret).add((short) 2, KMInteger.exp()); byte[] respBuf = response.getBytes(); short len = (short) respBuf.length; - if(len > 5){ - ret = decoder.decode(ret, respBuf, (short) 0, len); - short error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); - Assert.assertEquals(error, KMError.OK); - return ret;}else{ - if(len == 3) return respBuf[0]; - if(len == 4) return respBuf[1]; - return Util.getShort(respBuf,(short)0); + if (len > 5) { + ret = decoder.decode(ret, respBuf, (short) 0, len); + short error = KMInteger.cast(KMArray.cast(ret).get((short) 0)).getShort(); + Assert.assertEquals(error, KMError.OK); + return ret; + } else { + if (len == 3) { + return respBuf[0]; + } + if (len == 4) { + return respBuf[1]; + } + return Util.getShort(respBuf, (short) 0); } } @@ -3008,31 +3195,32 @@ public short translateExtendedErrorCodes(short err) { return err; } - public short finish(short operationHandle, short data, byte[] signature, short inParams, short hwToken, short verToken, short expectedErr) { - if(hwToken == 0) { + public short finish(short operationHandle, short data, byte[] signature, short inParams, + short hwToken, short verToken, short expectedErr) { + if (hwToken == 0) { hwToken = KMHardwareAuthToken.instance(); } - if(verToken == 0){ + if (verToken == 0) { verToken = KMVerificationToken.instance(); } short signatureTag; - if(signature == null){ - signatureTag = KMByteBlob.instance((short)0); - }else{ - signatureTag = KMByteBlob.instance(signature,(short)0,(short)signature.length); + if (signature == null) { + signatureTag = KMByteBlob.instance((short) 0); + } else { + signatureTag = KMByteBlob.instance(signature, (short) 0, (short) signature.length); } - if(inParams == 0){ - short arr = KMArray.instance((short)0); + if (inParams == 0) { + short arr = KMArray.instance((short) 0); inParams = KMKeyParameters.instance(arr); } - short arrPtr = KMArray.instance((short)6); - KMArray.cast(arrPtr).add((short)0, operationHandle); - KMArray.cast(arrPtr).add((short)1, inParams); - KMArray.cast(arrPtr).add((short)2, data); - KMArray.cast(arrPtr).add((short)3, signatureTag); - KMArray.cast(arrPtr).add((short)4, hwToken); - KMArray.cast(arrPtr).add((short)5, verToken); - CommandAPDU apdu = encodeApdu((byte)INS_FINISH_OPERATION_CMD, arrPtr); + short arrPtr = KMArray.instance((short) 6); + KMArray.cast(arrPtr).add((short) 0, operationHandle); + KMArray.cast(arrPtr).add((short) 1, inParams); + KMArray.cast(arrPtr).add((short) 2, data); + KMArray.cast(arrPtr).add((short) 3, signatureTag); + KMArray.cast(arrPtr).add((short) 4, hwToken); + KMArray.cast(arrPtr).add((short) 5, verToken); + CommandAPDU apdu = encodeApdu((byte) INS_FINISH_OPERATION_CMD, arrPtr); // print(commandAPDU.getBytes()); ResponseAPDU response = simulator.transmitCommand(apdu); byte[] respBuf = response.getBytes(); @@ -3042,15 +3230,15 @@ public short finish(short operationHandle, short data, byte[] signature, short i if (expectedErr == KMError.OK) { ret = KMArray.instance((short) 3); short outParams = KMKeyParameters.exp(); - KMArray.cast(ret).add((short)0, KMInteger.exp()); - KMArray.cast(ret).add((short)1, outParams); - KMArray.cast(ret).add((short)2, KMByteBlob.exp()); + KMArray.cast(ret).add((short) 0, KMInteger.exp()); + KMArray.cast(ret).add((short) 1, outParams); + KMArray.cast(ret).add((short) 2, KMByteBlob.exp()); } else { ret = KMInteger.exp(); } ret = decoder.decode(ret, respBuf, (short) 0, len); if (expectedErr == KMError.OK) { - error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); + error = KMInteger.cast(KMArray.cast(ret).get((short) 0)).getShort(); } else { error = KMInteger.cast(ret).getShort(); error = translateExtendedErrorCodes(error); @@ -3058,58 +3246,63 @@ public short finish(short operationHandle, short data, byte[] signature, short i Assert.assertEquals(error, expectedErr); return ret; } - public short update(short operationHandle, short data, short inParams, short hwToken, short verToken) { - if(hwToken == 0) { + + public short update(short operationHandle, short data, short inParams, short hwToken, + short verToken) { + if (hwToken == 0) { hwToken = KMHardwareAuthToken.instance(); } - if(verToken == 0){ + if (verToken == 0) { verToken = KMVerificationToken.instance(); } - if(inParams == 0){ - short arr = KMArray.instance((short)0); + if (inParams == 0) { + short arr = KMArray.instance((short) 0); inParams = KMKeyParameters.instance(arr); } - short arrPtr = KMArray.instance((short)5); - KMArray.cast(arrPtr).add((short)0, operationHandle); - KMArray.cast(arrPtr).add((short)1, inParams); - KMArray.cast(arrPtr).add((short)2, data); - KMArray.cast(arrPtr).add((short)3, hwToken); - KMArray.cast(arrPtr).add((short)4, verToken); - CommandAPDU apdu = encodeApdu((byte)INS_UPDATE_OPERATION_CMD, arrPtr); + short arrPtr = KMArray.instance((short) 5); + KMArray.cast(arrPtr).add((short) 0, operationHandle); + KMArray.cast(arrPtr).add((short) 1, inParams); + KMArray.cast(arrPtr).add((short) 2, data); + KMArray.cast(arrPtr).add((short) 3, hwToken); + KMArray.cast(arrPtr).add((short) 4, verToken); + CommandAPDU apdu = encodeApdu((byte) INS_UPDATE_OPERATION_CMD, arrPtr); // print(commandAPDU.getBytes()); ResponseAPDU response = simulator.transmitCommand(apdu); short ret = KMArray.instance((short) 4); short outParams = KMKeyParameters.exp(); - KMArray.cast(ret).add((short)0, KMInteger.exp()); - KMArray.cast(ret).add((short)1, KMInteger.exp()); - KMArray.cast(ret).add((short)2, outParams); - KMArray.cast(ret).add((short)3, KMByteBlob.exp()); + KMArray.cast(ret).add((short) 0, KMInteger.exp()); + KMArray.cast(ret).add((short) 1, KMInteger.exp()); + KMArray.cast(ret).add((short) 2, outParams); + KMArray.cast(ret).add((short) 3, KMByteBlob.exp()); byte[] respBuf = response.getBytes(); short len = (short) respBuf.length; if (len > 5) { ret = decoder.decode(ret, respBuf, (short) 0, len); short error = KMInteger.cast(KMArray.cast(ret).get((short) 0)).getShort(); Assert.assertEquals(error, KMError.OK); - }else{ + } else { ret = respBuf[1]; } return ret; } - private void print(short blob){ - print(KMByteBlob.cast(blob).getBuffer(),KMByteBlob.cast(blob).getStartOff(),KMByteBlob.cast(blob).length()); + private void print(short blob) { + print(KMByteBlob.cast(blob).getBuffer(), KMByteBlob.cast(blob).getStartOff(), + KMByteBlob.cast(blob).length()); } - private void print(byte[] buf, short start, short length){ + + private void print(byte[] buf, short start, short length) { StringBuilder sb = new StringBuilder(); - for(int i = start; i < (start+length); i++){ - sb.append(String.format(" 0x%02X", buf[i])) ; + for (int i = start; i < (start + length); i++) { + sb.append(String.format(" 0x%02X", buf[i])); } System.out.println(sb.toString()); } - private void printCert(byte[] buf, short start, short length){ + + private void printCert(byte[] buf, short start, short length) { StringBuilder sb = new StringBuilder(); - for(int i = start; i < (start+length); i++){ - sb.append(String.format("%02X", buf[i])) ; + for (int i = start; i < (start + length); i++) { + sb.append(String.format("%02X", buf[i])); } System.out.println(sb.toString()); } diff --git a/Applet/build.xml b/Applet/build.xml index c08e095f..4a14664e 100644 --- a/Applet/build.xml +++ b/Applet/build.xml @@ -1,26 +1,26 @@ - + - - - - - - - + + + + + + + - + - + - + - + - + \ No newline at end of file diff --git a/Applet/src/com/android/javacard/keymaster/KMArray.java b/Applet/src/com/android/javacard/keymaster/KMArray.java index 61139e23..f2206474 100644 --- a/Applet/src/com/android/javacard/keymaster/KMArray.java +++ b/Applet/src/com/android/javacard/keymaster/KMArray.java @@ -22,24 +22,29 @@ /** * KMArray represents an array of KMTypes. Array is the sequence of elements of one or more sub - * types of KMType. It also acts as a vector of one subtype of KMTypes on the lines of class KMArray + * types of KMType. It also acts as a vector of one subtype of KMTypes on the lines of class + * KMArray * , where subType is subclass of KMType. Vector is the sequence of elements of one sub * type e.g. KMType.BYTE_BLOB_TYPE. The KMArray instance maps to the CBOR type array. KMArray is a * KMType and it further extends the value field in TLV_HEADER as ARRAY_HEADER struct{short subType; - * short length;} followed by sequence of short pointers to KMType instances. The subType can be - * 0 if this is an array or subType is short KMType value e.g. KMType.BYTE_BLOB_TYPE if this is a + * short length;} followed by sequence of short pointers to KMType instances. The subType can be 0 + * if this is an array or subType is short KMType value e.g. KMType.BYTE_BLOB_TYPE if this is a * vector of that sub type. */ public class KMArray extends KMType { + public static final short ANY_ARRAY_LENGTH = 0x1000; private static final short ARRAY_HEADER_SIZE = 4; private static KMArray prototype; private static short instPtr; - private KMArray() {} + private KMArray() { + } private static KMArray proto(short ptr) { - if (prototype == null) prototype = new KMArray(); + if (prototype == null) { + prototype = new KMArray(); + } instPtr = ptr; return prototype; } @@ -72,13 +77,17 @@ public static short instance(short length, byte type) { } public static KMArray cast(short ptr) { - if (heap[ptr] != ARRAY_TYPE) ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + if (heap[ptr] != ARRAY_TYPE) { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } return proto(ptr); } public void add(short index, short objPtr) { short len = length(); - if (index >= len) ISOException.throwIt(ISO7816.SW_WRONG_LENGTH); + if (index >= len) { + ISOException.throwIt(ISO7816.SW_WRONG_LENGTH); + } Util.setShort( heap, (short) (instPtr + TLV_HEADER_SIZE + ARRAY_HEADER_SIZE + (short) (index * 2)), @@ -87,7 +96,9 @@ public void add(short index, short objPtr) { public short get(short index) { short len = length(); - if (index >= len) ISOException.throwIt(ISO7816.SW_WRONG_LENGTH); + if (index >= len) { + ISOException.throwIt(ISO7816.SW_WRONG_LENGTH); + } return Util.getShort( heap, (short) (instPtr + TLV_HEADER_SIZE + ARRAY_HEADER_SIZE + (short) (index * 2))); } diff --git a/Applet/src/com/android/javacard/keymaster/KMAttestationCert.java b/Applet/src/com/android/javacard/keymaster/KMAttestationCert.java index a472ff27..487dccc7 100644 --- a/Applet/src/com/android/javacard/keymaster/KMAttestationCert.java +++ b/Applet/src/com/android/javacard/keymaster/KMAttestationCert.java @@ -23,6 +23,7 @@ * instance of cert. */ public interface KMAttestationCert { + /** * Set verified boot hash. * @@ -63,12 +64,13 @@ public interface KMAttestationCert { * @return instance of KMAttestationCert. */ KMAttestationCert makeUniqueId(byte[] scratchpad, short scratchPadOff, byte[] creationTime, - short creationTimeOff, short creationTimeLen, byte[] attestAppId, - short attestAppIdOff, short attestAppIdLen, byte resetSinceIdRotation, - KMMasterKey masterKey); + short creationTimeOff, short creationTimeLen, byte[] attestAppId, + short attestAppIdOff, short attestAppIdLen, byte resetSinceIdRotation, + KMMasterKey masterKey); /** - * Set start time received from creation/activation time tag. Used for certificate's valid period. + * Set start time received from creation/activation time tag. Used for certificate's valid + * period. * * @param obj This is a KMByteBlob object containing start time. * @param scratchpad Buffer to store intermediate results. @@ -78,17 +80,18 @@ KMAttestationCert makeUniqueId(byte[] scratchpad, short scratchPadOff, byte[] cr /** - * Set expiry time received from expiry time tag or ca certificates expiry time. - * Used for certificate's valid period. + * Set expiry time received from expiry time tag or ca certificates expiry time. Used for + * certificate's valid period. * * @param usageExpiryTimeObj This is a KMByteBlob containing expiry time. - * @param certExpirtyTimeObj This is a KMByteblob containing expirty time extracted from certificate. + * @param certExpirtyTimeObj This is a KMByteblob containing expirty time extracted from + * certificate. * @param scratchpad Buffer to store intermediate results. * @param offset Variable used to store intermediate results. * @return instance of KMAttestationCert */ KMAttestationCert notAfter(short usageExpiryTimeObj, - short certExpirtyTimeObj, byte[] scratchPad, short offset); + short certExpirtyTimeObj, byte[] scratchPad, short offset); /** * Set device lock status received during booting time or due to device lock command. @@ -115,12 +118,12 @@ KMAttestationCert notAfter(short usageExpiryTimeObj, KMAttestationCert attestationChallenge(short obj); /** - * Set extension tag received from key characteristics which needs to be added to android extension. - * This method will called once for each tag. + * Set extension tag received from key characteristics which needs to be added to android + * extension. This method will called once for each tag. * * @param tag is the KMByteBlob containing KMTag. - * @param hwEnforced is true if the tag has to be added to hw enforced list or - * else added to sw enforced list. + * @param hwEnforced is true if the tag has to be added to hw enforced list or else added to sw + * enforced list. * @return instance of KMAttestationCert */ KMAttestationCert extensionTag(short tag, boolean hwEnforced); @@ -166,7 +169,6 @@ KMAttestationCert notAfter(short usageExpiryTimeObj, /** * Build the certificate. After this method the certificate is ready. - * */ void build(); } diff --git a/Applet/src/com/android/javacard/keymaster/KMAttestationKey.java b/Applet/src/com/android/javacard/keymaster/KMAttestationKey.java index 8582d2b2..3d626bbf 100644 --- a/Applet/src/com/android/javacard/keymaster/KMAttestationKey.java +++ b/Applet/src/com/android/javacard/keymaster/KMAttestationKey.java @@ -16,10 +16,9 @@ package com.android.javacard.keymaster; /** - * KMAttestationKey is a marker interface and the SE Provider has to implement - * this interface. Internally attestation key is stored as a Javacard EC - * key pair object, which will provide additional security. - * The attestation key is maintained by the SEProvider. + * KMAttestationKey is a marker interface and the SE Provider has to implement this interface. + * Internally attestation key is stored as a Javacard EC key pair object, which will provide + * additional security. The attestation key is maintained by the SEProvider. */ public interface KMAttestationKey { diff --git a/Applet/src/com/android/javacard/keymaster/KMBoolTag.java b/Applet/src/com/android/javacard/keymaster/KMBoolTag.java index 4396470b..173e6269 100644 --- a/Applet/src/com/android/javacard/keymaster/KMBoolTag.java +++ b/Applet/src/com/android/javacard/keymaster/KMBoolTag.java @@ -21,43 +21,48 @@ import javacard.framework.Util; /** - * KMBoolTag represents BOOL TAG type from the android keymaster hal specifications. If it is present in the key parameter list then its value is always true. A KMTag always requires - * a value because it is a key value pair. The bool tag always has 0x01 as its value. - * struct{byte TAG_TYPE; short length; struct{short BOOL_TAG; short tagKey; byte value 1}} + * KMBoolTag represents BOOL TAG type from the android keymaster hal specifications. If it is + * present in the key parameter list then its value is always true. A KMTag always requires a value + * because it is a key value pair. The bool tag always has 0x01 as its value. struct{byte TAG_TYPE; + * short length; struct{short BOOL_TAG; short tagKey; byte value 1}} */ public class KMBoolTag extends KMTag { + private static KMBoolTag prototype; private static short instPtr; // The allowed tag keys of type bool tag. private static final short[] tags = { - CALLER_NONCE, - INCLUDE_UNIQUE_ID, - BOOTLOADER_ONLY, - ROLLBACK_RESISTANCE, - NO_AUTH_REQUIRED, - ALLOW_WHILE_ON_BODY, - TRUSTED_USER_PRESENCE_REQUIRED, - TRUSTED_CONFIRMATION_REQUIRED, - UNLOCKED_DEVICE_REQUIRED, - RESET_SINCE_ID_ROTATION, - EARLY_BOOT_ONLY, - DEVICE_UNIQUE_ATTESTATION + CALLER_NONCE, + INCLUDE_UNIQUE_ID, + BOOTLOADER_ONLY, + ROLLBACK_RESISTANCE, + NO_AUTH_REQUIRED, + ALLOW_WHILE_ON_BODY, + TRUSTED_USER_PRESENCE_REQUIRED, + TRUSTED_CONFIRMATION_REQUIRED, + UNLOCKED_DEVICE_REQUIRED, + RESET_SINCE_ID_ROTATION, + EARLY_BOOT_ONLY, + DEVICE_UNIQUE_ATTESTATION }; - private KMBoolTag() {} + private KMBoolTag() { + } private static KMBoolTag proto(short ptr) { - if (prototype == null) prototype = new KMBoolTag(); + if (prototype == null) { + prototype = new KMBoolTag(); + } instPtr = ptr; return prototype; } // pointer to an empty instance used as expression public static short exp() { - short ptr = instance(TAG_TYPE, (short)2); - Util.setShort(heap, (short)(ptr+TLV_HEADER_SIZE), BOOL_TAG); + short ptr = instance(TAG_TYPE, (short) 2); + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE), BOOL_TAG); return ptr; } @@ -65,16 +70,18 @@ public static short instance(short key) { if (!validateKey(key)) { ISOException.throwIt(ISO7816.SW_DATA_INVALID); } - short ptr = KMType.instance(TAG_TYPE, (short)5); - Util.setShort(heap, (short)(ptr+TLV_HEADER_SIZE), BOOL_TAG); - Util.setShort(heap, (short)(ptr+TLV_HEADER_SIZE+2), key); + short ptr = KMType.instance(TAG_TYPE, (short) 5); + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE), BOOL_TAG); + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE + 2), key); // Value is always 1. - heap[(short)(ptr+TLV_HEADER_SIZE+4)] = 0x01; + heap[(short) (ptr + TLV_HEADER_SIZE + 4)] = 0x01; return ptr; } public static KMBoolTag cast(short ptr) { - if (heap[ptr] != TAG_TYPE) ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + if (heap[ptr] != TAG_TYPE) { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } if (Util.getShort(heap, (short) (ptr + TLV_HEADER_SIZE)) != BOOL_TAG) { ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); } @@ -82,7 +89,7 @@ public static KMBoolTag cast(short ptr) { } public short getKey() { - return Util.getShort(heap, (short)(instPtr+TLV_HEADER_SIZE+2)); + return Util.getShort(heap, (short) (instPtr + TLV_HEADER_SIZE + 2)); } public short getTagType() { @@ -90,7 +97,7 @@ public short getTagType() { } public byte getVal() { - return heap[(short)(instPtr+TLV_HEADER_SIZE+4)]; + return heap[(short) (instPtr + TLV_HEADER_SIZE + 4)]; } // validate the tag key. @@ -104,7 +111,7 @@ private static boolean validateKey(short key) { return false; } - public static short[] getTags(){ + public static short[] getTags() { return tags; } } diff --git a/Applet/src/com/android/javacard/keymaster/KMByteBlob.java b/Applet/src/com/android/javacard/keymaster/KMByteBlob.java index 28b916db..001bab01 100644 --- a/Applet/src/com/android/javacard/keymaster/KMByteBlob.java +++ b/Applet/src/com/android/javacard/keymaster/KMByteBlob.java @@ -22,17 +22,21 @@ /** * KMByteBlob represents contiguous block of bytes. It corresponds to CBOR type of Byte String. It - * extends KMType by specifying value field as zero or more sequence of bytes. - * struct{byte BYTE_BLOB_TYPE; short length; sequence of bytes} + * extends KMType by specifying value field as zero or more sequence of bytes. struct{byte + * BYTE_BLOB_TYPE; short length; sequence of bytes} */ public class KMByteBlob extends KMType { + private static KMByteBlob prototype; private static short instPtr; - private KMByteBlob() {} + private KMByteBlob() { + } private static KMByteBlob proto(short ptr) { - if (prototype == null) prototype = new KMByteBlob(); + if (prototype == null) { + prototype = new KMByteBlob(); + } instPtr = ptr; return prototype; } @@ -56,7 +60,9 @@ public static short instance(byte[] buf, short startOff, short length) { // cast the ptr to KMByteBlob public static KMByteBlob cast(short ptr) { - if (heap[ptr] != BYTE_BLOB_TYPE) ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + if (heap[ptr] != BYTE_BLOB_TYPE) { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } if (Util.getShort(heap, (short) (ptr + 1)) == INVALID_VALUE) { ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); } @@ -66,14 +72,18 @@ public static KMByteBlob cast(short ptr) { // Add the byte public void add(short index, byte val) { short len = length(); - if (index >= len) ISOException.throwIt(ISO7816.SW_WRONG_LENGTH); + if (index >= len) { + ISOException.throwIt(ISO7816.SW_WRONG_LENGTH); + } heap[(short) (instPtr + TLV_HEADER_SIZE + index)] = val; } // Get the byte public byte get(short index) { short len = length(); - if (index >= len) ISOException.throwIt(ISO7816.SW_WRONG_LENGTH); + if (index >= len) { + ISOException.throwIt(ISO7816.SW_WRONG_LENGTH); + } return heap[(short) (instPtr + TLV_HEADER_SIZE + index)]; } diff --git a/Applet/src/com/android/javacard/keymaster/KMByteTag.java b/Applet/src/com/android/javacard/keymaster/KMByteTag.java index 7310bb8a..4384891d 100644 --- a/Applet/src/com/android/javacard/keymaster/KMByteTag.java +++ b/Applet/src/com/android/javacard/keymaster/KMByteTag.java @@ -21,42 +21,46 @@ import javacard.framework.Util; /** - * KMByteTag represents BYTES Tag Type from android keymaster hal specifications. The tag value of this tag - * is the KMByteBlob pointer i.e. offset of KMByteBlob in memory heap. - * struct{byte TAG_TYPE; short length; struct{short BYTES_TAG; short tagKey; short blobPtr}} + * KMByteTag represents BYTES Tag Type from android keymaster hal specifications. The tag value of + * this tag is the KMByteBlob pointer i.e. offset of KMByteBlob in memory heap. struct{byte + * TAG_TYPE; short length; struct{short BYTES_TAG; short tagKey; short blobPtr}} */ public class KMByteTag extends KMTag { + private static KMByteTag prototype; private static short instPtr; // The allowed tag keys of type bool tag private static final short[] tags = { - APPLICATION_ID, - APPLICATION_DATA, - ROOT_OF_TRUST, - UNIQUE_ID, - ATTESTATION_CHALLENGE, - ATTESTATION_APPLICATION_ID, - ATTESTATION_ID_BRAND, - ATTESTATION_ID_DEVICE, - ATTESTATION_ID_PRODUCT, - ATTESTATION_ID_SERIAL, - ATTESTATION_ID_IMEI, - ATTESTATION_ID_MEID, - ATTESTATION_ID_MANUFACTURER, - ATTESTATION_ID_MODEL, - ASSOCIATED_DATA, - NONCE, - CONFIRMATION_TOKEN, - VERIFIED_BOOT_KEY, - VERIFIED_BOOT_HASH + APPLICATION_ID, + APPLICATION_DATA, + ROOT_OF_TRUST, + UNIQUE_ID, + ATTESTATION_CHALLENGE, + ATTESTATION_APPLICATION_ID, + ATTESTATION_ID_BRAND, + ATTESTATION_ID_DEVICE, + ATTESTATION_ID_PRODUCT, + ATTESTATION_ID_SERIAL, + ATTESTATION_ID_IMEI, + ATTESTATION_ID_MEID, + ATTESTATION_ID_MANUFACTURER, + ATTESTATION_ID_MODEL, + ASSOCIATED_DATA, + NONCE, + CONFIRMATION_TOKEN, + VERIFIED_BOOT_KEY, + VERIFIED_BOOT_HASH }; - private KMByteTag() {} + private KMByteTag() { + } private static KMByteTag proto(short ptr) { - if (prototype == null) prototype = new KMByteTag(); + if (prototype == null) { + prototype = new KMByteTag(); + } instPtr = ptr; return prototype; } @@ -64,10 +68,10 @@ private static KMByteTag proto(short ptr) { // pointer to an empty instance used as expression public static short exp() { short blobPtr = KMByteBlob.exp(); - short ptr = instance(TAG_TYPE, (short)6); - Util.setShort(heap, (short)(ptr+TLV_HEADER_SIZE), BYTES_TAG); - Util.setShort(heap, (short)(ptr+TLV_HEADER_SIZE+2), INVALID_TAG); - Util.setShort(heap, (short)(ptr+TLV_HEADER_SIZE+4), blobPtr); + short ptr = instance(TAG_TYPE, (short) 6); + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE), BYTES_TAG); + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE + 2), INVALID_TAG); + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE + 4), blobPtr); return ptr; } @@ -82,18 +86,20 @@ public static short instance(short key, short byteBlob) { if (!validateKey(key)) { ISOException.throwIt(ISO7816.SW_DATA_INVALID); } - if(heap[byteBlob] != BYTE_BLOB_TYPE) { + if (heap[byteBlob] != BYTE_BLOB_TYPE) { ISOException.throwIt(ISO7816.SW_DATA_INVALID); } - short ptr = instance(TAG_TYPE, (short)6); - Util.setShort(heap, (short)(ptr+TLV_HEADER_SIZE), BYTES_TAG); - Util.setShort(heap, (short)(ptr+TLV_HEADER_SIZE+2), key); - Util.setShort(heap, (short)(ptr+TLV_HEADER_SIZE+4), byteBlob); + short ptr = instance(TAG_TYPE, (short) 6); + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE), BYTES_TAG); + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE + 2), key); + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE + 4), byteBlob); return ptr; } public static KMByteTag cast(short ptr) { - if (heap[ptr] != TAG_TYPE) ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + if (heap[ptr] != TAG_TYPE) { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } if (Util.getShort(heap, (short) (ptr + TLV_HEADER_SIZE)) != BYTES_TAG) { ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); } @@ -101,7 +107,7 @@ public static KMByteTag cast(short ptr) { } public short getKey() { - return Util.getShort(heap, (short)(instPtr+TLV_HEADER_SIZE+2)); + return Util.getShort(heap, (short) (instPtr + TLV_HEADER_SIZE + 2)); } public short getTagType() { @@ -109,11 +115,11 @@ public short getTagType() { } public short getValue() { - return Util.getShort(heap, (short)(instPtr+TLV_HEADER_SIZE+4)); + return Util.getShort(heap, (short) (instPtr + TLV_HEADER_SIZE + 4)); } public short length() { - short blobPtr = Util.getShort(heap, (short)(instPtr+TLV_HEADER_SIZE+4)); + short blobPtr = Util.getShort(heap, (short) (instPtr + TLV_HEADER_SIZE + 4)); return KMByteBlob.cast(blobPtr).length(); } diff --git a/Applet/src/com/android/javacard/keymaster/KMDecoder.java b/Applet/src/com/android/javacard/keymaster/KMDecoder.java index d74e35d0..520ffb7c 100644 --- a/Applet/src/com/android/javacard/keymaster/KMDecoder.java +++ b/Applet/src/com/android/javacard/keymaster/KMDecoder.java @@ -21,21 +21,22 @@ import javacard.framework.Util; public class KMDecoder { + // major types private static final short UINT_TYPE = 0x00; private static final short BYTES_TYPE = 0x40; private static final short ARRAY_TYPE = 0x80; - private static final short MAP_TYPE = 0xA0; + private static final short MAP_TYPE = 0xA0; // masks private static final short ADDITIONAL_MASK = 0x1F; private static final short MAJOR_TYPE_MASK = 0xE0; // value length - private static final short UINT8_LENGTH = 0x18; - private static final short UINT16_LENGTH = 0x19; + private static final short UINT8_LENGTH = 0x18; + private static final short UINT16_LENGTH = 0x19; private static final short UINT32_LENGTH = 0x1A; - private static final short UINT64_LENGTH = 0x1B; + private static final short UINT64_LENGTH = 0x1B; private byte[] buffer; private short startOff; @@ -52,16 +53,17 @@ public KMDecoder() { public short decode(short expression, byte[] buffer, short startOff, short length) { this.buffer = buffer; this.startOff = startOff; - this.length = (short)(startOff+length); + this.length = (short) (startOff + length); return decode(expression); } - public short decodeArray(short exp, byte[] buffer, short startOff, short length){ + + public short decodeArray(short exp, byte[] buffer, short startOff, short length) { this.buffer = buffer; this.startOff = startOff; - this.length = (short)(startOff+length); + this.length = (short) (startOff + length); short payloadLength = readMajorTypeWithPayloadLength(ARRAY_TYPE); short expLength = KMArray.cast(exp).length(); - if(payloadLength > expLength){ + if (payloadLength > expLength) { ISOException.throwIt(ISO7816.SW_WRONG_LENGTH); } short index = 0; @@ -76,9 +78,10 @@ public short decodeArray(short exp, byte[] buffer, short startOff, short length) } return arrPtr; } - private short decode(short exp){ + + private short decode(short exp) { byte type = KMType.getType(exp); - switch(type){ + switch (type) { case KMType.BYTE_BLOB_TYPE: return decodeByteBlob(exp); case KMType.INTEGER_TYPE: @@ -105,8 +108,9 @@ private short decode(short exp){ return 0; } } - private short decodeTag(short tagType, short exp){ - switch(tagType){ + + private short decodeTag(short tagType, short exp) { + switch (tagType) { case KMType.BYTES_TAG: return decodeBytesTag(exp); case KMType.BOOL_TAG: @@ -174,16 +178,15 @@ private short decodeKeyParam(short exp) { if (tagType == allowedType) { // then decodeByteBlob and add that to the array. obj = decode(tagClass); - KMArray.cast(vals).add(index,obj); + KMArray.cast(vals).add(index, obj); tagFound = true; break; } tagInd++; } - if(!tagFound){ + if (!tagFound) { ISOException.throwIt(ISO7816.SW_DATA_INVALID); - } - else { + } else { index++; } } @@ -199,14 +202,14 @@ private short decodeIntegerArrayTag(short exp) { readTagKey(KMIntegerArrayTag.cast(exp).getTagType()); // the values are array of integers. return KMIntegerArrayTag.instance(KMIntegerArrayTag.cast(exp).getTagType(), - this.tagKey, decode(KMIntegerArrayTag.cast(exp).getValues())); + this.tagKey, decode(KMIntegerArrayTag.cast(exp).getValues())); } private short decodeIntegerTag(short exp) { readTagKey(KMIntegerTag.cast(exp).getTagType()); // the value is an integer return KMIntegerTag.instance(KMIntegerTag.cast(exp).getTagType(), - this.tagKey, decode(KMIntegerTag.cast(exp).getValue())); + this.tagKey, decode(KMIntegerTag.cast(exp).getValue())); } private short decodeBytesTag(short exp) { @@ -222,7 +225,7 @@ private short decodeArray(short exp) { short type; short obj; // check whether array contains one type of objects or multiple types - if( KMArray.cast(exp).containedType() == 0){// multiple types specified by expression. + if (KMArray.cast(exp).containedType() == 0) {// multiple types specified by expression. if (KMArray.cast(exp).length() != KMArray.ANY_ARRAY_LENGTH) { if (KMArray.cast(exp).length() != payloadLength) { ISOException.throwIt(ISO7816.SW_WRONG_LENGTH); @@ -234,9 +237,9 @@ private short decodeArray(short exp) { KMArray.cast(arrPtr).add(index, obj); index++; } - }else{ // Array is a Vector containing objects of one type + } else { // Array is a Vector containing objects of one type type = KMArray.cast(exp).containedType(); - while(index < payloadLength){ + while (index < payloadLength) { obj = decode(type); KMArray.cast(arrPtr).add(index, obj); index++; @@ -257,7 +260,7 @@ private short decodeEnumTag(short exp) { ISOException.throwIt(ISO7816.SW_WRONG_LENGTH); } if (len < UINT8_LENGTH) { - enumVal = (byte)(len & ADDITIONAL_MASK); + enumVal = (byte) (len & ADDITIONAL_MASK); incrementStartOff((short) 1); } else if (len == UINT8_LENGTH) { incrementStartOff((short) 1); @@ -291,7 +294,7 @@ private short decodeEnum(short exp) { ISOException.throwIt(ISO7816.SW_WRONG_LENGTH); } if (len < UINT8_LENGTH) { - enumVal = (byte)(len & ADDITIONAL_MASK); + enumVal = (byte) (len & ADDITIONAL_MASK); incrementStartOff((short) 1); } else { incrementStartOff((short) 1); @@ -307,12 +310,12 @@ private short decodeInteger(short exp) { ISOException.throwIt(ISO7816.SW_DATA_INVALID); } short len = (short) (buffer[startOff] & ADDITIONAL_MASK); - if(len > UINT64_LENGTH){ + if (len > UINT64_LENGTH) { ISOException.throwIt(ISO7816.SW_WRONG_LENGTH); } incrementStartOff((short) 1); if (len < UINT8_LENGTH) { - inst = KMInteger.uint_8((byte)(len & ADDITIONAL_MASK)); + inst = KMInteger.uint_8((byte) (len & ADDITIONAL_MASK)); } else if (len == UINT8_LENGTH) { inst = KMInteger.instance(buffer, startOff, (short) 1); incrementStartOff((short) 1); @@ -377,8 +380,8 @@ private short readMajorTypeWithPayloadLength(short majorType) { } if (lenType < UINT8_LENGTH) { payloadLength = lenType; - }else if (lenType == UINT8_LENGTH) { - payloadLength = (short)(readByte() & 0xFF); + } else if (lenType == UINT8_LENGTH) { + payloadLength = (short) (readByte() & 0xFF); } else { payloadLength = readShort(); } @@ -405,12 +408,12 @@ private void incrementStartOff(short inc) { } public short readCertificateChainLengthAndHeaderLen(byte[] buf, short bufOffset, - short bufLen) { + short bufLen) { this.buffer = buf; this.startOff = bufOffset; this.length = (short) (bufOffset + bufLen); short totalLen = readMajorTypeWithPayloadLength(BYTES_TYPE); - totalLen += (short)( startOff - bufOffset); + totalLen += (short) (startOff - bufOffset); return totalLen; } } diff --git a/Applet/src/com/android/javacard/keymaster/KMEncoder.java b/Applet/src/com/android/javacard/keymaster/KMEncoder.java index 431d84e3..61163c00 100644 --- a/Applet/src/com/android/javacard/keymaster/KMEncoder.java +++ b/Applet/src/com/android/javacard/keymaster/KMEncoder.java @@ -22,6 +22,7 @@ import javacard.framework.Util; public class KMEncoder { + // major types private static final byte UINT_TYPE = 0x00; private static final byte BYTES_TYPE = 0x40; @@ -37,7 +38,7 @@ public class KMEncoder { private static final byte UINT32_LENGTH = (byte) 0x1A; private static final byte UINT64_LENGTH = (byte) 0x1B; private static final short TINY_PAYLOAD = 0x17; - private static final short SHORT_PAYLOAD = 0x100; + private static final short SHORT_PAYLOAD = 0x100; private byte[] buffer; private short startOff; private short length; @@ -48,41 +49,44 @@ public KMEncoder() { buffer = null; startOff = 0; length = 0; - stack = JCSystem.makeTransientShortArray((short)50, JCSystem.CLEAR_ON_RESET); + stack = JCSystem.makeTransientShortArray((short) 50, JCSystem.CLEAR_ON_RESET); } - private static void push (short objPtr){ + private static void push(short objPtr) { stack[stackPtr] = objPtr; stackPtr++; } - private static short pop(){ + + private static short pop() { stackPtr--; return stack[stackPtr]; } - private void encode(short obj){ + + private void encode(short obj) { push(obj); } + public short encode(short object, byte[] buffer, short startOff) { stackPtr = 0; this.buffer = buffer; this.startOff = startOff; short len = (short) buffer.length; - if((len <0) || (len > KMKeymasterApplet.MAX_LENGTH)){ + if ((len < 0) || (len > KMKeymasterApplet.MAX_LENGTH)) { this.length = KMKeymasterApplet.MAX_LENGTH; - }else{ - this.length = (short)buffer.length; + } else { + this.length = (short) buffer.length; } //this.length = (short)(startOff + length); push(object); encode(); - return (short)(this.startOff - startOff); + return (short) (this.startOff - startOff); } // array{KMError.OK,Array{KMByteBlobs}} public void encodeCertChain(byte[] buffer, short offset, short length) { this.buffer = buffer; this.startOff = offset; - this.length = (short)(offset+3); + this.length = (short) (offset + 3); writeMajorTypeWithLength(ARRAY_TYPE, (short) 2); // Array of 2 elements writeByte(UINT_TYPE); // Error.OK @@ -92,7 +96,7 @@ public void encodeCertChain(byte[] buffer, short offset, short length) { public short encodeCert(byte[] certBuffer, short bufferStart, short certStart, short certLength) { this.buffer = certBuffer; this.startOff = certStart; - this.length = (short)(certStart+1); + this.length = (short) (certStart + 1); //Array header - 2 elements i.e. 1 byte this.startOff--; // Error.Ok - 1 byte @@ -101,14 +105,16 @@ public short encodeCert(byte[] certBuffer, short bufferStart, short certStart, s this.startOff--; // Cert Byte blob - typically 2 bytes length i.e. 3 bytes header this.startOff -= 2; - if(certLength >= SHORT_PAYLOAD) { - this.startOff--; + if (certLength >= SHORT_PAYLOAD) { + this.startOff--; } bufferStart = startOff; - if(this.startOff < bufferStart) ISOException.throwIt(ISO7816.SW_WRONG_LENGTH); - writeMajorTypeWithLength(ARRAY_TYPE,(short)2); // Array of 2 elements + if (this.startOff < bufferStart) { + ISOException.throwIt(ISO7816.SW_WRONG_LENGTH); + } + writeMajorTypeWithLength(ARRAY_TYPE, (short) 2); // Array of 2 elements writeByte(UINT_TYPE); // Error.OK - writeMajorTypeWithLength(ARRAY_TYPE,(short)1); // Array of 1 element + writeMajorTypeWithLength(ARRAY_TYPE, (short) 1); // Array of 1 element writeMajorTypeWithLength(BYTES_TYPE, certLength); // Cert Byte Blob of length return bufferStart; } @@ -116,21 +122,21 @@ public short encodeCert(byte[] certBuffer, short bufferStart, short certStart, s public short encodeError(short err, byte[] buffer, short startOff, short length) { this.buffer = buffer; this.startOff = startOff; - this.length = (short)(startOff + length); + this.length = (short) (startOff + length); // encode the err as UINT with value in err - should not be greater then 5 bytes. - if(err < UINT8_LENGTH){ - writeByte((byte)(UINT_TYPE | err )); - }else if(err < 0x100){ - writeByte((byte)(UINT_TYPE | UINT8_LENGTH)); - writeByte((byte)err); - }else { - writeByte((byte)(UINT_TYPE | UINT16_LENGTH)); + if (err < UINT8_LENGTH) { + writeByte((byte) (UINT_TYPE | err)); + } else if (err < 0x100) { + writeByte((byte) (UINT_TYPE | UINT8_LENGTH)); + writeByte((byte) err); + } else { + writeByte((byte) (UINT_TYPE | UINT16_LENGTH)); writeShort(err); } - return (short)(this.startOff - startOff); + return (short) (this.startOff - startOff); } - private void encode(){ + private void encode() { while (stackPtr > 0) { short exp = pop(); byte type = KMType.getType(exp); @@ -171,8 +177,9 @@ private void encode(){ } } } - private void encodeTag(short tagType, short exp){ - switch(tagType){ + + private void encodeTag(short tagType, short exp) { + switch (tagType) { case KMType.BYTES_TAG: encodeBytesTag(exp); return; @@ -202,6 +209,7 @@ private void encodeTag(short tagType, short exp){ private void encodeKeyParam(short obj) { encodeAsMap(KMKeyParameters.cast(obj).getVals()); } + private void encodeKeyChar(short obj) { encode(KMKeyCharacteristics.cast(obj).getVals()); } @@ -221,19 +229,19 @@ private void encodeHmacSharingParam(short obj) { private void encodeArray(short obj) { writeMajorTypeWithLength(ARRAY_TYPE, KMArray.cast(obj).length()); short len = KMArray.cast(obj).length(); - short index = (short)(len-1); - while(index >= 0){ + short index = (short) (len - 1); + while (index >= 0) { encode(KMArray.cast(obj).get(index)); index--; } } - private void encodeAsMap(short obj){ + private void encodeAsMap(short obj) { writeMajorTypeWithLength(MAP_TYPE, KMArray.cast(obj).length()); short len = KMArray.cast(obj).length(); - short index = (short)(len-1); + short index = (short) (len - 1); short inst; - while(index >= 0){ + while (index >= 0) { inst = KMArray.cast(obj).get(index); encode(inst); index--; @@ -251,8 +259,8 @@ private void encodeEnumArrayTag(short obj) { } private void encodeIntegerTag(short obj) { - writeTag(KMIntegerTag .cast(obj).getTagType(), KMIntegerTag .cast(obj).getKey()); - encode(KMIntegerTag .cast(obj).getValue()); + writeTag(KMIntegerTag.cast(obj).getTagType(), KMIntegerTag.cast(obj).getKey()); + encode(KMIntegerTag.cast(obj).getValue()); } private void encodeBytesTag(short obj) { @@ -269,6 +277,7 @@ private void encodeEnumTag(short obj) { writeTag(KMEnumTag.cast(obj).getTagType(), KMEnumTag.cast(obj).getKey()); writeByteValue(KMEnumTag.cast(obj).getValue()); } + private void encodeEnum(short obj) { writeByteValue(KMEnum.cast(obj).getVal()); } @@ -277,86 +286,89 @@ private void encodeInteger(short obj) { byte[] val = KMInteger.cast(obj).getBuffer(); short len = KMInteger.cast(obj).length(); short startOff = KMInteger.cast(obj).getStartOff(); - byte index =0; + byte index = 0; // find out the most significant byte - while(index < len){ - if(val[(short)(startOff + index)] > 0){ + while (index < len) { + if (val[(short) (startOff + index)] > 0) { break; - }else if(val[(short)(startOff + index)] < 0){ + } else if (val[(short) (startOff + index)] < 0) { break; } index++; // index will be equal to len if value is 0. } // find the difference between most significant byte and len - short diff = (short)(len - index); - if(diff == 0){ - writeByte((byte)(UINT_TYPE | 0)); - }else if((diff == 1) && (val[(short)(startOff + index)] < UINT8_LENGTH) - &&(val[(short)(startOff + index)] >= 0)){ - writeByte((byte)(UINT_TYPE | val[(short)(startOff + index)])); - }else if (diff == 1){ - writeByte((byte)(UINT_TYPE | UINT8_LENGTH)); - writeByte(val[(short)(startOff + index)]); - }else if(diff == 2){ - writeByte((byte)(UINT_TYPE | UINT16_LENGTH)); - writeBytes(val, (short)(startOff + index), (short)2); - }else if(diff <= 4){ - writeByte((byte)(UINT_TYPE | UINT32_LENGTH)); - writeBytes(val, (short)(startOff + len - 4), (short)4); - }else { - writeByte((byte)(UINT_TYPE | UINT64_LENGTH)); - writeBytes(val, startOff, (short)8); + short diff = (short) (len - index); + if (diff == 0) { + writeByte((byte) (UINT_TYPE | 0)); + } else if ((diff == 1) && (val[(short) (startOff + index)] < UINT8_LENGTH) + && (val[(short) (startOff + index)] >= 0)) { + writeByte((byte) (UINT_TYPE | val[(short) (startOff + index)])); + } else if (diff == 1) { + writeByte((byte) (UINT_TYPE | UINT8_LENGTH)); + writeByte(val[(short) (startOff + index)]); + } else if (diff == 2) { + writeByte((byte) (UINT_TYPE | UINT16_LENGTH)); + writeBytes(val, (short) (startOff + index), (short) 2); + } else if (diff <= 4) { + writeByte((byte) (UINT_TYPE | UINT32_LENGTH)); + writeBytes(val, (short) (startOff + len - 4), (short) 4); + } else { + writeByte((byte) (UINT_TYPE | UINT64_LENGTH)); + writeBytes(val, startOff, (short) 8); } } private void encodeByteBlob(short obj) { writeMajorTypeWithLength(BYTES_TYPE, KMByteBlob.cast(obj).length()); writeBytes(KMByteBlob.cast(obj).getBuffer(), KMByteBlob.cast(obj).getStartOff(), - KMByteBlob.cast(obj).length()); + KMByteBlob.cast(obj).length()); } - private void writeByteValue(byte val){ - if((val < UINT8_LENGTH) && (val >=0)){ - writeByte((byte)(UINT_TYPE | val)); - }else{ - writeByte((byte)(UINT_TYPE | UINT8_LENGTH)); - writeByte((byte)val); + private void writeByteValue(byte val) { + if ((val < UINT8_LENGTH) && (val >= 0)) { + writeByte((byte) (UINT_TYPE | val)); + } else { + writeByte((byte) (UINT_TYPE | UINT8_LENGTH)); + writeByte((byte) val); } } - private void writeTag(short tagType, short tagKey){ - writeByte((byte)(UINT_TYPE | UINT32_LENGTH)); + private void writeTag(short tagType, short tagKey) { + writeByte((byte) (UINT_TYPE | UINT32_LENGTH)); writeShort(tagType); writeShort(tagKey); } + private void writeMajorTypeWithLength(byte majorType, short len) { - if(len <= TINY_PAYLOAD){ - writeByte((byte)(majorType | (byte) (len & ADDITIONAL_MASK))); - }else if(len < SHORT_PAYLOAD){ - writeByte((byte)(majorType | UINT8_LENGTH )); - writeByte((byte)(len & 0xFF)); - }else { - writeByte((byte)(majorType | UINT16_LENGTH )); + if (len <= TINY_PAYLOAD) { + writeByte((byte) (majorType | (byte) (len & ADDITIONAL_MASK))); + } else if (len < SHORT_PAYLOAD) { + writeByte((byte) (majorType | UINT8_LENGTH)); + writeByte((byte) (len & 0xFF)); + } else { + writeByte((byte) (majorType | UINT16_LENGTH)); writeShort(len); } } - private void writeBytes(byte[] buf, short start, short len){ + private void writeBytes(byte[] buf, short start, short len) { Util.arrayCopyNonAtomic(buf, start, buffer, startOff, len); incrementStartOff(len); } - private void writeShort(short val){ - buffer[startOff] = (byte)((val >> 8) & 0xFF); - incrementStartOff((short)1); - buffer[startOff] = (byte)((val & 0xFF)); - incrementStartOff((short)1); + + private void writeShort(short val) { + buffer[startOff] = (byte) ((val >> 8) & 0xFF); + incrementStartOff((short) 1); + buffer[startOff] = (byte) ((val & 0xFF)); + incrementStartOff((short) 1); } - private void writeByte(byte val){ + + private void writeByte(byte val) { buffer[startOff] = val; - incrementStartOff((short)1); + incrementStartOff((short) 1); } - private void incrementStartOff(short inc){ + private void incrementStartOff(short inc) { startOff += inc; if (startOff >= this.length) { ISOException.throwIt(ISO7816.SW_DATA_INVALID); diff --git a/Applet/src/com/android/javacard/keymaster/KMEnum.java b/Applet/src/com/android/javacard/keymaster/KMEnum.java index d25c5f8e..6dbdf7ce 100644 --- a/Applet/src/com/android/javacard/keymaster/KMEnum.java +++ b/Applet/src/com/android/javacard/keymaster/KMEnum.java @@ -26,27 +26,31 @@ * struct{short enumType; byte val}} */ public class KMEnum extends KMType { + private static KMEnum prototype; private static short instPtr; // The allowed enum types. private static short[] types = { - HARDWARE_TYPE, - KEY_FORMAT, - KEY_DERIVATION_FUNCTION, - VERIFIED_BOOT_STATE, - DEVICE_LOCKED, - USER_AUTH_TYPE, - PURPOSE, - ECCURVE + HARDWARE_TYPE, + KEY_FORMAT, + KEY_DERIVATION_FUNCTION, + VERIFIED_BOOT_STATE, + DEVICE_LOCKED, + USER_AUTH_TYPE, + PURPOSE, + ECCURVE }; private static Object[] enums = null; - private KMEnum() {} + private KMEnum() { + } private static KMEnum proto(short ptr) { - if (prototype == null) prototype = new KMEnum(); + if (prototype == null) { + prototype = new KMEnum(); + } instPtr = ptr; return prototype; } @@ -61,7 +65,9 @@ public short length() { } public static KMEnum cast(short ptr) { - if (heap[ptr] != ENUM_TYPE) ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + if (heap[ptr] != ENUM_TYPE) { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } if (Util.getShort(heap, (short) (ptr + 1)) == INVALID_VALUE) { ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); } @@ -91,22 +97,22 @@ private static void create() { // The allowed enum values to corresponding enum types in the types array. if (enums == null) { enums = - new Object[] { - new byte[] {SOFTWARE, TRUSTED_ENVIRONMENT, STRONGBOX}, - new byte[] {X509, PKCS8, RAW}, - new byte[] { - DERIVATION_NONE, - RFC5869_SHA256, - ISO18033_2_KDF1_SHA1, - ISO18033_2_KDF1_SHA256, - ISO18033_2_KDF2_SHA1, - ISO18033_2_KDF2_SHA256 - }, - new byte[] {SELF_SIGNED_BOOT, VERIFIED_BOOT, UNVERIFIED_BOOT, FAILED_BOOT}, - new byte[] {DEVICE_LOCKED_TRUE, DEVICE_LOCKED_FALSE}, - new byte[] {USER_AUTH_NONE, PASSWORD, FINGERPRINT, BOTH}, - new byte[] {ENCRYPT, DECRYPT, SIGN, VERIFY, WRAP_KEY, ATTEST_KEY}, - new byte[] {P_224, P_256, P_384, P_521} + new Object[]{ + new byte[]{SOFTWARE, TRUSTED_ENVIRONMENT, STRONGBOX}, + new byte[]{X509, PKCS8, RAW}, + new byte[]{ + DERIVATION_NONE, + RFC5869_SHA256, + ISO18033_2_KDF1_SHA1, + ISO18033_2_KDF1_SHA256, + ISO18033_2_KDF2_SHA1, + ISO18033_2_KDF2_SHA256 + }, + new byte[]{SELF_SIGNED_BOOT, VERIFIED_BOOT, UNVERIFIED_BOOT, FAILED_BOOT}, + new byte[]{DEVICE_LOCKED_TRUE, DEVICE_LOCKED_FALSE}, + new byte[]{USER_AUTH_NONE, PASSWORD, FINGERPRINT, BOTH}, + new byte[]{ENCRYPT, DECRYPT, SIGN, VERIFY, WRAP_KEY, ATTEST_KEY}, + new byte[]{P_224, P_256, P_384, P_521} }; } } diff --git a/Applet/src/com/android/javacard/keymaster/KMEnumArrayTag.java b/Applet/src/com/android/javacard/keymaster/KMEnumArrayTag.java index 37e23286..1cc5730d 100644 --- a/Applet/src/com/android/javacard/keymaster/KMEnumArrayTag.java +++ b/Applet/src/com/android/javacard/keymaster/KMEnumArrayTag.java @@ -35,10 +35,13 @@ public class KMEnumArrayTag extends KMTag { // Tag Values. private static Object[] enums = null; - private KMEnumArrayTag() {} + private KMEnumArrayTag() { + } private static KMEnumArrayTag proto(short ptr) { - if (prototype == null) prototype = new KMEnumArrayTag(); + if (prototype == null) { + prototype = new KMEnumArrayTag(); + } instPtr = ptr; return prototype; } @@ -94,7 +97,9 @@ public static short instance(short key, short byteBlob) { } public static KMEnumArrayTag cast(short ptr) { - if (heap[ptr] != TAG_TYPE) ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + if (heap[ptr] != TAG_TYPE) { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } if (Util.getShort(heap, (short) (ptr + TLV_HEADER_SIZE)) != ENUM_ARRAY_TAG) { ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); } @@ -122,13 +127,13 @@ public static void create() { if (enums == null) { // allowed tag values. enums = - new Object[] { - new byte[] {ENCRYPT, DECRYPT, SIGN, VERIFY, WRAP_KEY, ATTEST_KEY}, - new byte[] {ECB, CBC, CTR, GCM}, - new byte[] {DIGEST_NONE, MD5, SHA1, SHA2_224, SHA2_256, SHA2_384, SHA2_512}, - new byte[] { - PADDING_NONE, RSA_OAEP, RSA_PSS, RSA_PKCS1_1_5_ENCRYPT, RSA_PKCS1_1_5_SIGN, PKCS7 - } + new Object[]{ + new byte[]{ENCRYPT, DECRYPT, SIGN, VERIFY, WRAP_KEY, ATTEST_KEY}, + new byte[]{ECB, CBC, CTR, GCM}, + new byte[]{DIGEST_NONE, MD5, SHA1, SHA2_224, SHA2_256, SHA2_384, SHA2_512}, + new byte[]{ + PADDING_NONE, RSA_OAEP, RSA_PSS, RSA_PKCS1_1_5_ENCRYPT, RSA_PKCS1_1_5_SIGN, PKCS7 + } }; } } @@ -198,15 +203,20 @@ public boolean isValidDigests(byte alg) { switch (alg) { case KMType.EC: case KMType.RSA: - if (digest != KMType.DIGEST_NONE && digest != KMType.SHA2_256 && digest != KMType.SHA1) + if (digest != KMType.DIGEST_NONE && digest != KMType.SHA2_256 && digest != KMType.SHA1) { return false; + } break; case KMType.HMAC: - if (digest != KMType.SHA2_256) return false; + if (digest != KMType.SHA2_256) { + return false; + } break; case KMType.AES: case KMType.DES: - if (digest != KMType.DIGEST_NONE) return false; + if (digest != KMType.DIGEST_NONE) { + return false; + } break; default: return false; @@ -270,7 +280,9 @@ public boolean isValidPurpose(byte alg) { } break; case KMType.WRAP_KEY: - if (alg != KMType.RSA) return false; + if (alg != KMType.RSA) { + return false; + } break; default: return false; diff --git a/Applet/src/com/android/javacard/keymaster/KMEnumTag.java b/Applet/src/com/android/javacard/keymaster/KMEnumTag.java index 2c87bb96..485572ed 100644 --- a/Applet/src/com/android/javacard/keymaster/KMEnumTag.java +++ b/Applet/src/com/android/javacard/keymaster/KMEnumTag.java @@ -19,61 +19,68 @@ import javacard.framework.ISO7816; import javacard.framework.ISOException; import javacard.framework.Util; + /** - * KMEnumTag represents ENUM Tag type specified in android keymaster hal specifications. - * struct{byte TAG_TYPE; short length; struct{short ENUM_TAG; short tagKey; byte value}} + * KMEnumTag represents ENUM Tag type specified in android keymaster hal specifications. struct{byte + * TAG_TYPE; short length; struct{short ENUM_TAG; short tagKey; byte value}} */ public class KMEnumTag extends KMTag { + private static KMEnumTag prototype; private static short instPtr; // The allowed tag keys of type enum tag. private static short[] tags = { - ALGORITHM, ECCURVE, BLOB_USAGE_REQ, USER_AUTH_TYPE, ORIGIN, HARDWARE_TYPE + ALGORITHM, ECCURVE, BLOB_USAGE_REQ, USER_AUTH_TYPE, ORIGIN, HARDWARE_TYPE }; private static Object[] enums = null; - private KMEnumTag() {} + private KMEnumTag() { + } private static KMEnumTag proto(short ptr) { - if (prototype == null) prototype = new KMEnumTag(); + if (prototype == null) { + prototype = new KMEnumTag(); + } instPtr = ptr; return prototype; } // pointer to an empty instance used as expression public static short exp() { - short ptr = instance(TAG_TYPE, (short)2); - Util.setShort(heap, (short)(ptr+TLV_HEADER_SIZE), ENUM_TAG); + short ptr = instance(TAG_TYPE, (short) 2); + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE), ENUM_TAG); return ptr; } public static short instance(short key) { - if(!validateEnum(key, NO_VALUE)){ + if (!validateEnum(key, NO_VALUE)) { ISOException.throwIt(ISO7816.SW_DATA_INVALID); } - short ptr = KMType.instance(TAG_TYPE, (short)4); - Util.setShort(heap, (short)(ptr+TLV_HEADER_SIZE), ENUM_TAG); - Util.setShort(heap, (short)(ptr+TLV_HEADER_SIZE+2), key); + short ptr = KMType.instance(TAG_TYPE, (short) 4); + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE), ENUM_TAG); + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE + 2), key); return ptr; } public static short instance(short key, byte val) { - if(!validateEnum(key, val)){ + if (!validateEnum(key, val)) { ISOException.throwIt(ISO7816.SW_DATA_INVALID); } - short ptr = instance(TAG_TYPE, (short)5); - Util.setShort(heap, (short)(ptr+TLV_HEADER_SIZE), ENUM_TAG); - Util.setShort(heap, (short)(ptr+TLV_HEADER_SIZE+2), key); - heap[(short)(ptr+TLV_HEADER_SIZE+4)]= val; + short ptr = instance(TAG_TYPE, (short) 5); + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE), ENUM_TAG); + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE + 2), key); + heap[(short) (ptr + TLV_HEADER_SIZE + 4)] = val; return ptr; } public static KMEnumTag cast(short ptr) { - if (heap[ptr] != TAG_TYPE) ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + if (heap[ptr] != TAG_TYPE) { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } if (Util.getShort(heap, (short) (ptr + TLV_HEADER_SIZE)) != ENUM_TAG) { ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); } @@ -81,7 +88,7 @@ public static KMEnumTag cast(short ptr) { } public short getKey() { - return Util.getShort(heap, (short)(instPtr+TLV_HEADER_SIZE+2)); + return Util.getShort(heap, (short) (instPtr + TLV_HEADER_SIZE + 2)); } public short getTagType() { @@ -89,20 +96,21 @@ public short getTagType() { } public byte getValue() { - return heap[(short)(instPtr+TLV_HEADER_SIZE+4)]; + return heap[(short) (instPtr + TLV_HEADER_SIZE + 4)]; } public static void create() { if (enums == null) { // enum tag values. enums = - new Object[] { - new byte[] {RSA, DES, EC, AES, HMAC}, - new byte[] {P_224, P_256, P_384, P_521}, - new byte[] {STANDALONE, REQUIRES_FILE_SYSTEM}, - new byte[] {USER_AUTH_NONE, PASSWORD, FINGERPRINT, (byte)(PASSWORD & FINGERPRINT),ANY}, - new byte[] {GENERATED, DERIVED, IMPORTED, UNKNOWN, SECURELY_IMPORTED}, - new byte[] {SOFTWARE, TRUSTED_ENVIRONMENT, STRONGBOX} + new Object[]{ + new byte[]{RSA, DES, EC, AES, HMAC}, + new byte[]{P_224, P_256, P_384, P_521}, + new byte[]{STANDALONE, REQUIRES_FILE_SYSTEM}, + new byte[]{USER_AUTH_NONE, PASSWORD, FINGERPRINT, (byte) (PASSWORD & FINGERPRINT), + ANY}, + new byte[]{GENERATED, DERIVED, IMPORTED, UNKNOWN, SECURELY_IMPORTED}, + new byte[]{SOFTWARE, TRUSTED_ENVIRONMENT, STRONGBOX} }; } } @@ -138,10 +146,10 @@ private static boolean validateEnum(short key, byte value) { return false; } - public static short getValue(short tagType, short keyParameters){ + public static short getValue(short tagType, short keyParameters) { short tagPtr = KMKeyParameters.findTag(KMType.ENUM_TAG, tagType, keyParameters); - if(tagPtr != KMType.INVALID_VALUE){ - return heap[(short)(tagPtr+TLV_HEADER_SIZE+4)]; + if (tagPtr != KMType.INVALID_VALUE) { + return heap[(short) (tagPtr + TLV_HEADER_SIZE + 4)]; } return KMType.INVALID_VALUE; } diff --git a/Applet/src/com/android/javacard/keymaster/KMError.java b/Applet/src/com/android/javacard/keymaster/KMError.java index 76ec8560..bac8cf20 100644 --- a/Applet/src/com/android/javacard/keymaster/KMError.java +++ b/Applet/src/com/android/javacard/keymaster/KMError.java @@ -20,6 +20,7 @@ * positive unlike negative values in keymaster hal. */ public class KMError { + public static final short OK = 0; public static final short UNSUPPORTED_PURPOSE = 2; public static final short INCOMPATIBLE_PURPOSE = 3; @@ -36,7 +37,9 @@ public class KMError { public static final short UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM = 19; - /** For PKCS8 & PKCS12 */ + /** + * For PKCS8 & PKCS12 + */ public static final short INVALID_INPUT_LENGTH = 21; @@ -86,5 +89,5 @@ public class KMError { public static final short CRYPTO_UNINITIALIZED_KEY = 10012; //Generic Unknown error. public static final short GENERIC_UNKNOWN_ERROR = 10013; - + } diff --git a/Applet/src/com/android/javacard/keymaster/KMException.java b/Applet/src/com/android/javacard/keymaster/KMException.java index 08bbd6ed..0f4f6740 100644 --- a/Applet/src/com/android/javacard/keymaster/KMException.java +++ b/Applet/src/com/android/javacard/keymaster/KMException.java @@ -21,20 +21,26 @@ * throw EMError errors. */ public class KMException extends RuntimeException { + public static short reason; public static KMException exception; - private KMException(){ + + private KMException() { } - public static void throwIt(short reason){ + + public static void throwIt(short reason) { KMException.reason = reason; throw instance(); } - public static KMException instance(){ - if(exception == null ) exception = new KMException(); + + public static KMException instance() { + if (exception == null) { + exception = new KMException(); + } return exception; } - public void clear(){ + public void clear() { reason = KMError.UNKNOWN_ERROR; } } diff --git a/Applet/src/com/android/javacard/keymaster/KMHardwareAuthToken.java b/Applet/src/com/android/javacard/keymaster/KMHardwareAuthToken.java index 6136563b..71e2e8bb 100644 --- a/Applet/src/com/android/javacard/keymaster/KMHardwareAuthToken.java +++ b/Applet/src/com/android/javacard/keymaster/KMHardwareAuthToken.java @@ -21,14 +21,14 @@ import javacard.framework.Util; /** - * KMHardwareAuthToken represents HardwareAuthToken structure from android keymaster hal specifications. - * It corresponds to CBOR array type. - * struct{byte HW_AUTH_TOKEN_TYPE; short length=2; short arrayPtr} where arrayPtr is a pointer to - * ordered array with following elements: - * {KMInteger Challenge; KMInteger UserId; KMInteger AuthenticatorId; UserAuthType HwAuthenticatorId; - * KMInteger TimeStamp; KMByteBlob Mac} + * KMHardwareAuthToken represents HardwareAuthToken structure from android keymaster hal + * specifications. It corresponds to CBOR array type. struct{byte HW_AUTH_TOKEN_TYPE; short + * length=2; short arrayPtr} where arrayPtr is a pointer to ordered array with following elements: + * {KMInteger Challenge; KMInteger UserId; KMInteger AuthenticatorId; UserAuthType + * HwAuthenticatorId; KMInteger TimeStamp; KMByteBlob Mac} */ public class KMHardwareAuthToken extends KMType { + public static final byte CHALLENGE = 0x00; public static final byte USER_ID = 0x01; public static final byte AUTHENTICATOR_ID = 0x02; @@ -39,10 +39,11 @@ public class KMHardwareAuthToken extends KMType { private static KMHardwareAuthToken prototype; private static short instPtr; - private KMHardwareAuthToken() {} + private KMHardwareAuthToken() { + } public static short exp() { - short arrPtr = KMArray.instance((short)6); + short arrPtr = KMArray.instance((short) 6); KMArray arr = KMArray.cast(arrPtr); arr.add(CHALLENGE, KMInteger.exp()); arr.add(USER_ID, KMInteger.exp()); @@ -54,35 +55,43 @@ public static short exp() { } private static KMHardwareAuthToken proto(short ptr) { - if (prototype == null) prototype = new KMHardwareAuthToken(); + if (prototype == null) { + prototype = new KMHardwareAuthToken(); + } instPtr = ptr; return prototype; } public static short instance() { - short arrPtr = KMArray.instance((short)6); + short arrPtr = KMArray.instance((short) 6); KMArray arr = KMArray.cast(arrPtr); - arr.add(CHALLENGE, KMInteger.uint_16((short)0)); - arr.add(USER_ID, KMInteger.uint_16((short)0)); - arr.add(AUTHENTICATOR_ID, KMInteger.uint_16((short)0)); + arr.add(CHALLENGE, KMInteger.uint_16((short) 0)); + arr.add(USER_ID, KMInteger.uint_16((short) 0)); + arr.add(AUTHENTICATOR_ID, KMInteger.uint_16((short) 0)); arr.add(HW_AUTHENTICATOR_TYPE, KMEnum.instance(KMType.USER_AUTH_TYPE, KMType.USER_AUTH_NONE)); - arr.add(TIMESTAMP, KMInteger.uint_16((short)0)); - arr.add(MAC, KMByteBlob.instance((short)0)); + arr.add(TIMESTAMP, KMInteger.uint_16((short) 0)); + arr.add(MAC, KMByteBlob.instance((short) 0)); return instance(arrPtr); } public static short instance(short vals) { KMArray arr = KMArray.cast(vals); - if(arr.length() != 6)ISOException.throwIt(ISO7816.SW_WRONG_LENGTH); - short ptr = KMType.instance(HW_AUTH_TOKEN_TYPE, (short)2); - Util.setShort(heap, (short)(ptr + TLV_HEADER_SIZE), vals); + if (arr.length() != 6) { + ISOException.throwIt(ISO7816.SW_WRONG_LENGTH); + } + short ptr = KMType.instance(HW_AUTH_TOKEN_TYPE, (short) 2); + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE), vals); return ptr; } public static KMHardwareAuthToken cast(short ptr) { - if (heap[ptr] != HW_AUTH_TOKEN_TYPE) ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + if (heap[ptr] != HW_AUTH_TOKEN_TYPE) { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } short arrPtr = Util.getShort(heap, (short) (ptr + TLV_HEADER_SIZE)); - if(heap[arrPtr] != ARRAY_TYPE) ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + if (heap[arrPtr] != ARRAY_TYPE) { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } return proto(ptr); } diff --git a/Applet/src/com/android/javacard/keymaster/KMHmacSharingParameters.java b/Applet/src/com/android/javacard/keymaster/KMHmacSharingParameters.java index c05ee29f..81a19bd3 100644 --- a/Applet/src/com/android/javacard/keymaster/KMHmacSharingParameters.java +++ b/Applet/src/com/android/javacard/keymaster/KMHmacSharingParameters.java @@ -19,24 +19,26 @@ import javacard.framework.ISO7816; import javacard.framework.ISOException; import javacard.framework.Util; + /** - * KMHmacSharingParameters represents HmacSharingParameters structure from android keymaster hal specifications. - * It corresponds to CBOR array type. - * struct{byte HMAC_SHARING_PARAM_TYPE; short length=2; short arrayPtr} where arrayPtr is a pointer to - * ordered array with following elements: + * KMHmacSharingParameters represents HmacSharingParameters structure from android keymaster hal + * specifications. It corresponds to CBOR array type. struct{byte HMAC_SHARING_PARAM_TYPE; short + * length=2; short arrayPtr} where arrayPtr is a pointer to ordered array with following elements: * {KMByteBlob Seed; KMByteBlob Nonce} */ public class KMHmacSharingParameters extends KMType { + public static final byte SEED = 0x00; public static final byte NONCE = 0x01; private static KMHmacSharingParameters prototype; private static short instPtr; - private KMHmacSharingParameters() {} + private KMHmacSharingParameters() { + } public static short exp() { - short arrPtr = KMArray.instance((short)2); + short arrPtr = KMArray.instance((short) 2); KMArray arr = KMArray.cast(arrPtr); arr.add(SEED, KMByteBlob.exp()); arr.add(NONCE, KMByteBlob.exp()); @@ -44,27 +46,35 @@ public static short exp() { } private static KMHmacSharingParameters proto(short ptr) { - if (prototype == null) prototype = new KMHmacSharingParameters(); + if (prototype == null) { + prototype = new KMHmacSharingParameters(); + } instPtr = ptr; return prototype; } public static short instance() { - short arrPtr = KMArray.instance((short)2); + short arrPtr = KMArray.instance((short) 2); return instance(arrPtr); } public static short instance(short vals) { - short ptr = KMType.instance(HMAC_SHARING_PARAM_TYPE, (short)2); - if(KMArray.cast(vals).length() != 2) ISOException.throwIt(ISO7816.SW_WRONG_LENGTH); - Util.setShort(heap, (short)(ptr + TLV_HEADER_SIZE), vals); + short ptr = KMType.instance(HMAC_SHARING_PARAM_TYPE, (short) 2); + if (KMArray.cast(vals).length() != 2) { + ISOException.throwIt(ISO7816.SW_WRONG_LENGTH); + } + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE), vals); return ptr; } public static KMHmacSharingParameters cast(short ptr) { - if (heap[ptr] != HMAC_SHARING_PARAM_TYPE) ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + if (heap[ptr] != HMAC_SHARING_PARAM_TYPE) { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } short arrPtr = Util.getShort(heap, (short) (ptr + TLV_HEADER_SIZE)); - if(heap[arrPtr] != ARRAY_TYPE) ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + if (heap[arrPtr] != ARRAY_TYPE) { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } return proto(ptr); } diff --git a/Applet/src/com/android/javacard/keymaster/KMInteger.java b/Applet/src/com/android/javacard/keymaster/KMInteger.java index 541eae8b..1330f85f 100644 --- a/Applet/src/com/android/javacard/keymaster/KMInteger.java +++ b/Applet/src/com/android/javacard/keymaster/KMInteger.java @@ -25,15 +25,19 @@ * struct{byte INTEGER_TYPE; short length; 4 or 8 bytes of value} */ public class KMInteger extends KMType { + public static final short UINT_32 = 4; public static final short UINT_64 = 8; private static KMInteger prototype; private static short instPtr; - private KMInteger() {} + private KMInteger() { + } private static KMInteger proto(short ptr) { - if (prototype == null) prototype = new KMInteger(); + if (prototype == null) { + prototype = new KMInteger(); + } instPtr = ptr; return prototype; } @@ -44,7 +48,9 @@ public static short exp() { // return an empty integer instance public static short instance(short length) { - if ((length <= 0) || (length > 8)) ISOException.throwIt(ISO7816.SW_WRONG_LENGTH); + if ((length <= 0) || (length > 8)) { + ISOException.throwIt(ISO7816.SW_WRONG_LENGTH); + } if (length > 4) { length = UINT_64; } else { @@ -70,7 +76,9 @@ public static short instance(byte[] num, short srcOff, short length) { public static KMInteger cast(short ptr) { byte[] heap = repository.getHeap(); - if (heap[ptr] != INTEGER_TYPE) ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + if (heap[ptr] != INTEGER_TYPE) { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } if (Util.getShort(heap, (short) (ptr + 1)) == INVALID_VALUE) { ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); } @@ -120,58 +128,65 @@ public short getStartOff() { return (short) (instPtr + TLV_HEADER_SIZE); } - public void getValue(byte[] dest, short destOff, short length){ - if(length < length()) KMException.throwIt(KMError.UNKNOWN_ERROR); - if(length > length()) { + public void getValue(byte[] dest, short destOff, short length) { + if (length < length()) { + KMException.throwIt(KMError.UNKNOWN_ERROR); + } + if (length > length()) { length = length(); - destOff +=length; + destOff += length; } - Util.arrayCopyNonAtomic(heap, (short)(instPtr+TLV_HEADER_SIZE), dest, destOff, length); + Util.arrayCopyNonAtomic(heap, (short) (instPtr + TLV_HEADER_SIZE), dest, destOff, length); } - public void setValue(byte[] src, short srcOff){ - Util.arrayCopyNonAtomic(src, srcOff, heap, (short)(instPtr+TLV_HEADER_SIZE), length()); + + public void setValue(byte[] src, short srcOff) { + Util.arrayCopyNonAtomic(src, srcOff, heap, (short) (instPtr + TLV_HEADER_SIZE), length()); } - public short value(byte[] dest, short destOff){ - Util.arrayCopyNonAtomic(heap, (short)(instPtr+TLV_HEADER_SIZE), dest, destOff, length()); + + public short value(byte[] dest, short destOff) { + Util.arrayCopyNonAtomic(heap, (short) (instPtr + TLV_HEADER_SIZE), dest, destOff, length()); return length(); } public short getShort() { return Util.getShort(heap, (short) (instPtr + TLV_HEADER_SIZE + 2)); } - public short getSignificantShort(){ + + public short getSignificantShort() { return Util.getShort(heap, (short) (instPtr + TLV_HEADER_SIZE)); } + public byte getByte() { return heap[(short) (instPtr + TLV_HEADER_SIZE + 3)]; } public boolean isZero() { - if(getShort() == 0 && getSignificantShort() == 0){ + if (getShort() == 0 && getSignificantShort() == 0) { return true; } return false; } - public static short compare(short num1, short num2){ - short num1Buf = repository.alloc((short)8); - short num2Buf = repository.alloc((short)8); - Util.arrayFillNonAtomic(repository.getHeap(),num1Buf,(short)8,(byte)0); - Util.arrayFillNonAtomic(repository.getHeap(),num2Buf,(short)8,(byte)0); + public static short compare(short num1, short num2) { + short num1Buf = repository.alloc((short) 8); + short num2Buf = repository.alloc((short) 8); + Util.arrayFillNonAtomic(repository.getHeap(), num1Buf, (short) 8, (byte) 0); + Util.arrayFillNonAtomic(repository.getHeap(), num2Buf, (short) 8, (byte) 0); short len = KMInteger.cast(num1).length(); - KMInteger.cast(num1).getValue(repository.getHeap(),(short)(num1Buf+(short)(8-len)),len); + KMInteger.cast(num1).getValue(repository.getHeap(), (short) (num1Buf + (short) (8 - len)), len); len = KMInteger.cast(num2).length(); - KMInteger.cast(num2).getValue(repository.getHeap(),(short)(num2Buf+(short)(8-len)),len); + KMInteger.cast(num2).getValue(repository.getHeap(), (short) (num2Buf + (short) (8 - len)), len); return KMInteger.unsignedByteArrayCompare( - repository.getHeap(), num1Buf, - repository.getHeap(), num2Buf, - (short)8); + repository.getHeap(), num1Buf, + repository.getHeap(), num2Buf, + (short) 8); } - public static byte unsignedByteArrayCompare(byte[] a1, short offset1, byte[] a2, short offset2, short length) { + public static byte unsignedByteArrayCompare(byte[] a1, short offset1, byte[] a2, short offset2, + short length) { byte count = (byte) 0; - short val1 = (short)0; - short val2 = (short)0; + short val1 = (short) 0; + short val2 = (short) 0; for (; count < length; count++) { val1 = (short) (a1[(short) (count + offset1)] & 0x00FF); diff --git a/Applet/src/com/android/javacard/keymaster/KMIntegerArrayTag.java b/Applet/src/com/android/javacard/keymaster/KMIntegerArrayTag.java index 7faa4c00..b97f5fa6 100644 --- a/Applet/src/com/android/javacard/keymaster/KMIntegerArrayTag.java +++ b/Applet/src/com/android/javacard/keymaster/KMIntegerArrayTag.java @@ -21,20 +21,24 @@ import javacard.framework.Util; /** - * KMIntegerArrayTag represents UINT_REP and ULONG_REP tags specified in keymaster hal specs. struct{byte - * TAG_TYPE; short length; struct{short UINT_TAG/ULONG_TAG; short tagKey; short arrPtr}, where arrPtr - * is the pointer to KMArray of KMInteger instances. + * KMIntegerArrayTag represents UINT_REP and ULONG_REP tags specified in keymaster hal specs. + * struct{byte TAG_TYPE; short length; struct{short UINT_TAG/ULONG_TAG; short tagKey; short arrPtr}, + * where arrPtr is the pointer to KMArray of KMInteger instances. */ public class KMIntegerArrayTag extends KMTag { + private static KMIntegerArrayTag prototype; private static short instPtr; private static final short[] tags = {USER_SECURE_ID}; - private KMIntegerArrayTag() {} + private KMIntegerArrayTag() { + } private static KMIntegerArrayTag proto(short ptr) { - if (prototype == null) prototype = new KMIntegerArrayTag(); + if (prototype == null) { + prototype = new KMIntegerArrayTag(); + } instPtr = ptr; return prototype; } @@ -44,10 +48,10 @@ public static short exp(short tagType) { ISOException.throwIt(ISO7816.SW_DATA_INVALID); } short arrPtr = KMArray.exp(KMType.INTEGER_TYPE); - short ptr = instance(TAG_TYPE, (short)6); - Util.setShort(heap, (short)(ptr+TLV_HEADER_SIZE), tagType); - Util.setShort(heap, (short)(ptr+TLV_HEADER_SIZE+2), INVALID_TAG); - Util.setShort(heap, (short)(ptr+TLV_HEADER_SIZE+4), arrPtr); + short ptr = instance(TAG_TYPE, (short) 6); + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE), tagType); + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE + 2), INVALID_TAG); + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE + 4), arrPtr); return ptr; } @@ -69,18 +73,20 @@ public static short instance(short tagType, short key, short arrObj) { if (!validateKey(key)) { ISOException.throwIt(ISO7816.SW_DATA_INVALID); } - if(heap[arrObj] != ARRAY_TYPE) { + if (heap[arrObj] != ARRAY_TYPE) { ISOException.throwIt(ISO7816.SW_DATA_INVALID); } - short ptr = instance(TAG_TYPE, (short)6); - Util.setShort(heap, (short)(ptr+TLV_HEADER_SIZE), tagType); - Util.setShort(heap, (short)(ptr+TLV_HEADER_SIZE+2), key); - Util.setShort(heap, (short)(ptr+TLV_HEADER_SIZE+4), arrObj); + short ptr = instance(TAG_TYPE, (short) 6); + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE), tagType); + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE + 2), key); + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE + 4), arrObj); return ptr; } public static KMIntegerArrayTag cast(short ptr) { - if (heap[ptr] != TAG_TYPE) ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + if (heap[ptr] != TAG_TYPE) { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } short tagType = Util.getShort(heap, (short) (ptr + TLV_HEADER_SIZE)); if (!validateTagType(tagType)) { ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); @@ -89,15 +95,15 @@ public static KMIntegerArrayTag cast(short ptr) { } public short getTagType() { - return Util.getShort(heap, (short)(instPtr+TLV_HEADER_SIZE)); + return Util.getShort(heap, (short) (instPtr + TLV_HEADER_SIZE)); } public short getKey() { - return Util.getShort(heap, (short)(instPtr+TLV_HEADER_SIZE+2)); + return Util.getShort(heap, (short) (instPtr + TLV_HEADER_SIZE + 2)); } public short getValues() { - return Util.getShort(heap, (short)(instPtr+TLV_HEADER_SIZE+4)); + return Util.getShort(heap, (short) (instPtr + TLV_HEADER_SIZE + 4)); } public short length() { @@ -131,7 +137,7 @@ private static boolean validateTagType(short tagType) { public static boolean contains(short tagId, short tagValue, short params) { short tag = - KMKeyParameters.findTag(KMType.UINT_ARRAY_TAG, tagId, params); + KMKeyParameters.findTag(KMType.UINT_ARRAY_TAG, tagId, params); if (tag != KMType.INVALID_VALUE) { short index = 0; tag = KMIntegerArrayTag.cast(tag).getValues(); diff --git a/Applet/src/com/android/javacard/keymaster/KMIntegerTag.java b/Applet/src/com/android/javacard/keymaster/KMIntegerTag.java index 2700580f..44136ec4 100644 --- a/Applet/src/com/android/javacard/keymaster/KMIntegerTag.java +++ b/Applet/src/com/android/javacard/keymaster/KMIntegerTag.java @@ -19,40 +19,46 @@ import javacard.framework.ISO7816; import javacard.framework.ISOException; import javacard.framework.Util; + /** * KMIntegerTag represents UINT, ULONG and DATE tags specified in keymaster hal specs. struct{byte - * TAG_TYPE; short length; struct{short UINT_TAG/ULONG_TAG/DATE_TAG; short tagKey; 4 or 8 byte value}} + * TAG_TYPE; short length; struct{short UINT_TAG/ULONG_TAG/DATE_TAG; short tagKey; 4 or 8 byte + * value}} */ public class KMIntegerTag extends KMTag { + private static KMIntegerTag prototype; private static short instPtr; // Allowed tag keys. private static final short[] tags = { - // UINT - KEYSIZE, - MIN_MAC_LENGTH, - MIN_SEC_BETWEEN_OPS, - MAX_USES_PER_BOOT, - USERID, - AUTH_TIMEOUT, - OS_VERSION, - OS_PATCH_LEVEL, - VENDOR_PATCH_LEVEL, - BOOT_PATCH_LEVEL, - MAC_LENGTH, - // ULONG - RSA_PUBLIC_EXPONENT, - // DATE - ACTIVE_DATETIME, - ORIGINATION_EXPIRE_DATETIME, - USAGE_EXPIRE_DATETIME, - CREATION_DATETIME + // UINT + KEYSIZE, + MIN_MAC_LENGTH, + MIN_SEC_BETWEEN_OPS, + MAX_USES_PER_BOOT, + USERID, + AUTH_TIMEOUT, + OS_VERSION, + OS_PATCH_LEVEL, + VENDOR_PATCH_LEVEL, + BOOT_PATCH_LEVEL, + MAC_LENGTH, + // ULONG + RSA_PUBLIC_EXPONENT, + // DATE + ACTIVE_DATETIME, + ORIGINATION_EXPIRE_DATETIME, + USAGE_EXPIRE_DATETIME, + CREATION_DATETIME }; - private KMIntegerTag() {} + private KMIntegerTag() { + } private static KMIntegerTag proto(short ptr) { - if (prototype == null) prototype = new KMIntegerTag(); + if (prototype == null) { + prototype = new KMIntegerTag(); + } instPtr = ptr; return prototype; } @@ -98,7 +104,9 @@ public static short instance(short tagType, short key, short intObj) { } public static KMIntegerTag cast(short ptr) { - if (heap[ptr] != TAG_TYPE) ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + if (heap[ptr] != TAG_TYPE) { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } short tagType = Util.getShort(heap, (short) (ptr + TLV_HEADER_SIZE)); if (!validateTagType(tagType)) { ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); @@ -172,19 +180,29 @@ public boolean isValidKeySize(byte alg) { val = KMInteger.cast(val).getShort(); switch (alg) { case KMType.RSA: - if (val == 2048) return true; + if (val == 2048) { + return true; + } break; case KMType.AES: - if (val == 128 || val == 256) return true; + if (val == 128 || val == 256) { + return true; + } break; case KMType.DES: - if (val == 192 || val == 168) return true; + if (val == 192 || val == 168) { + return true; + } break; case KMType.EC: - if (val == 256) return true; + if (val == 256) { + return true; + } break; case KMType.HMAC: - if (val % 8 == 0 && val >= 64 && val <= 512) return true; + if (val % 8 == 0 && val >= 64 && val <= 512) { + return true; + } break; default: break; diff --git a/Applet/src/com/android/javacard/keymaster/KMKeyCharacteristics.java b/Applet/src/com/android/javacard/keymaster/KMKeyCharacteristics.java index 2b482b01..2ad16117 100644 --- a/Applet/src/com/android/javacard/keymaster/KMKeyCharacteristics.java +++ b/Applet/src/com/android/javacard/keymaster/KMKeyCharacteristics.java @@ -19,25 +19,27 @@ import javacard.framework.ISO7816; import javacard.framework.ISOException; import javacard.framework.Util; + /** - * KMKeyCharacteristics represents KeyCharacteristics structure from android keymaster hal specifications. - * It corresponds to CBOR array type. - * struct{byte KEY_CHAR_TYPE; short length=2; short arrayPtr} where arrayPtr is a pointer to - * ordered array with following elements: + * KMKeyCharacteristics represents KeyCharacteristics structure from android keymaster hal + * specifications. It corresponds to CBOR array type. struct{byte KEY_CHAR_TYPE; short length=2; + * short arrayPtr} where arrayPtr is a pointer to ordered array with following elements: * {KMKeyParameters sofEnf; KMKeyParameters hwEnf} */ public class KMKeyCharacteristics extends KMType { + public static final byte SOFTWARE_ENFORCED = 0x00; public static final byte HARDWARE_ENFORCED = 0x01; private static KMKeyCharacteristics prototype; private static short instPtr; - private KMKeyCharacteristics() {} + private KMKeyCharacteristics() { + } public static short exp() { short softEnf = KMKeyParameters.exp(); short hwEnf = KMKeyParameters.exp(); - short arrPtr = KMArray.instance((short)2); + short arrPtr = KMArray.instance((short) 2); KMArray arr = KMArray.cast(arrPtr); arr.add(SOFTWARE_ENFORCED, softEnf); arr.add(HARDWARE_ENFORCED, hwEnf); @@ -45,27 +47,35 @@ public static short exp() { } private static KMKeyCharacteristics proto(short ptr) { - if (prototype == null) prototype = new KMKeyCharacteristics(); + if (prototype == null) { + prototype = new KMKeyCharacteristics(); + } instPtr = ptr; return prototype; } public static short instance() { - short arrPtr = KMArray.instance((short)2); + short arrPtr = KMArray.instance((short) 2); return instance(arrPtr); } public static short instance(short vals) { - short ptr = KMType.instance(KEY_CHAR_TYPE, (short)2); - if(KMArray.cast(vals).length() != 2) ISOException.throwIt(ISO7816.SW_WRONG_LENGTH); - Util.setShort(heap, (short)(ptr + TLV_HEADER_SIZE), vals); + short ptr = KMType.instance(KEY_CHAR_TYPE, (short) 2); + if (KMArray.cast(vals).length() != 2) { + ISOException.throwIt(ISO7816.SW_WRONG_LENGTH); + } + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE), vals); return ptr; } public static KMKeyCharacteristics cast(short ptr) { - if (heap[ptr] != KEY_CHAR_TYPE) ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + if (heap[ptr] != KEY_CHAR_TYPE) { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } short arrPtr = Util.getShort(heap, (short) (ptr + TLV_HEADER_SIZE)); - if(heap[arrPtr] != ARRAY_TYPE) ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + if (heap[arrPtr] != ARRAY_TYPE) { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } return proto(ptr); } @@ -80,7 +90,7 @@ public short length() { public short getSoftwareEnforced() { short arrPtr = getVals(); - return KMArray.cast(arrPtr).get(SOFTWARE_ENFORCED); + return KMArray.cast(arrPtr).get(SOFTWARE_ENFORCED); } public short getHardwareEnforced() { diff --git a/Applet/src/com/android/javacard/keymaster/KMKeyParameters.java b/Applet/src/com/android/javacard/keymaster/KMKeyParameters.java index f08ee388..cfdd9c30 100644 --- a/Applet/src/com/android/javacard/keymaster/KMKeyParameters.java +++ b/Applet/src/com/android/javacard/keymaster/KMKeyParameters.java @@ -21,19 +21,22 @@ import javacard.framework.Util; /** - * KMKeyParameters represents KeyParameters structure from android keymaster hal specifications. - * It corresponds to CBOR map type. - * struct{byte KEY_PARAM_TYPE; short length=2; short arrayPtr} where arrayPtr is a pointer to - * array with any KMTag subtype instances. + * KMKeyParameters represents KeyParameters structure from android keymaster hal specifications. It + * corresponds to CBOR map type. struct{byte KEY_PARAM_TYPE; short length=2; short arrayPtr} where + * arrayPtr is a pointer to array with any KMTag subtype instances. */ public class KMKeyParameters extends KMType { + private static KMKeyParameters prototype; private static short instPtr; - private KMKeyParameters() {} + private KMKeyParameters() { + } private static KMKeyParameters proto(short ptr) { - if (prototype == null) prototype = new KMKeyParameters(); + if (prototype == null) { + prototype = new KMKeyParameters(); + } instPtr = ptr; return prototype; } @@ -60,9 +63,13 @@ public static short instance(short vals) { } public static KMKeyParameters cast(short ptr) { - if (heap[ptr] != KEY_PARAM_TYPE) ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + if (heap[ptr] != KEY_PARAM_TYPE) { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } short arrPtr = Util.getShort(heap, (short) (ptr + TLV_HEADER_SIZE)); - if (heap[arrPtr] != ARRAY_TYPE) ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + if (heap[arrPtr] != ARRAY_TYPE) { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } return proto(ptr); } @@ -80,7 +87,7 @@ public static short findTag(short tagType, short tagKey, short keyParam) { return instParam.findTag(tagType, tagKey); } - public short findTag(short tagType, short tagKey){ + public short findTag(short tagType, short tagKey) { KMArray vals = KMArray.cast(getVals()); short index = 0; short length = vals.length(); @@ -100,16 +107,16 @@ public short findTag(short tagType, short tagKey){ } return ret; } - + public static boolean hasUnsupportedTags(short keyParamsPtr) { final short[] tagArr = { - // Unsupported tags. - KMType.BOOL_TAG, KMType.TRUSTED_CONFIRMATION_REQUIRED, - KMType.BOOL_TAG, KMType.TRUSTED_USER_PRESENCE_REQUIRED, - KMType.BOOL_TAG, KMType.ALLOW_WHILE_ON_BODY, - KMType.UINT_TAG, KMType.MIN_SEC_BETWEEN_OPS, - KMType.UINT_TAG, KMType.MAX_USES_PER_BOOT - }; + // Unsupported tags. + KMType.BOOL_TAG, KMType.TRUSTED_CONFIRMATION_REQUIRED, + KMType.BOOL_TAG, KMType.TRUSTED_USER_PRESENCE_REQUIRED, + KMType.BOOL_TAG, KMType.ALLOW_WHILE_ON_BODY, + KMType.UINT_TAG, KMType.MIN_SEC_BETWEEN_OPS, + KMType.UINT_TAG, KMType.MAX_USES_PER_BOOT + }; byte index = 0; short tagInd; short tagPtr; @@ -136,30 +143,30 @@ public static boolean hasUnsupportedTags(short keyParamsPtr) { // KDF, ECIES_SINGLE_HASH_MODE missing from types.hal public static short makeHwEnforced(short keyParamsPtr, byte origin, - short osVersionObjPtr, short osPatchObjPtr, short vendorPatchObjPtr, - short bootPatchObjPtr, byte[] scratchPad) { + short osVersionObjPtr, short osPatchObjPtr, short vendorPatchObjPtr, + short bootPatchObjPtr, byte[] scratchPad) { final short[] hwEnforcedTagArr = { - // HW Enforced - KMType.ENUM_TAG, KMType.ORIGIN, - KMType.ENUM_ARRAY_TAG, KMType.PURPOSE, - KMType.ENUM_TAG, KMType.ALGORITHM, - KMType.UINT_TAG, KMType.KEYSIZE, - KMType.ULONG_TAG, KMType.RSA_PUBLIC_EXPONENT, - KMType.ENUM_TAG, KMType.BLOB_USAGE_REQ, - KMType.ENUM_ARRAY_TAG, KMType.DIGEST, - KMType.ENUM_ARRAY_TAG, KMType.PADDING, - KMType.ENUM_ARRAY_TAG, KMType.BLOCK_MODE, - KMType.ULONG_ARRAY_TAG, KMType.USER_SECURE_ID, - KMType.BOOL_TAG, KMType.NO_AUTH_REQUIRED, - KMType.UINT_TAG, KMType.AUTH_TIMEOUT, - KMType.BOOL_TAG, KMType.CALLER_NONCE, - KMType.UINT_TAG, KMType.MIN_MAC_LENGTH, - KMType.ENUM_TAG, KMType.ECCURVE, - KMType.BOOL_TAG, KMType.INCLUDE_UNIQUE_ID, - KMType.BOOL_TAG, KMType.ROLLBACK_RESISTANCE, - KMType.ENUM_TAG, KMType.USER_AUTH_TYPE, - KMType.BOOL_TAG, KMType.UNLOCKED_DEVICE_REQUIRED, - KMType.BOOL_TAG, KMType.RESET_SINCE_ID_ROTATION + // HW Enforced + KMType.ENUM_TAG, KMType.ORIGIN, + KMType.ENUM_ARRAY_TAG, KMType.PURPOSE, + KMType.ENUM_TAG, KMType.ALGORITHM, + KMType.UINT_TAG, KMType.KEYSIZE, + KMType.ULONG_TAG, KMType.RSA_PUBLIC_EXPONENT, + KMType.ENUM_TAG, KMType.BLOB_USAGE_REQ, + KMType.ENUM_ARRAY_TAG, KMType.DIGEST, + KMType.ENUM_ARRAY_TAG, KMType.PADDING, + KMType.ENUM_ARRAY_TAG, KMType.BLOCK_MODE, + KMType.ULONG_ARRAY_TAG, KMType.USER_SECURE_ID, + KMType.BOOL_TAG, KMType.NO_AUTH_REQUIRED, + KMType.UINT_TAG, KMType.AUTH_TIMEOUT, + KMType.BOOL_TAG, KMType.CALLER_NONCE, + KMType.UINT_TAG, KMType.MIN_MAC_LENGTH, + KMType.ENUM_TAG, KMType.ECCURVE, + KMType.BOOL_TAG, KMType.INCLUDE_UNIQUE_ID, + KMType.BOOL_TAG, KMType.ROLLBACK_RESISTANCE, + KMType.ENUM_TAG, KMType.USER_AUTH_TYPE, + KMType.BOOL_TAG, KMType.UNLOCKED_DEVICE_REQUIRED, + KMType.BOOL_TAG, KMType.RESET_SINCE_ID_ROTATION }; byte index = 0; short tagInd; @@ -197,10 +204,12 @@ public static short makeHwEnforced(short keyParamsPtr, byte origin, short osPatchTag = KMIntegerTag.instance(KMType.UINT_TAG, KMType.OS_PATCH_LEVEL, osPatchObjPtr); Util.setShort(scratchPad, arrInd, osPatchTag); arrInd += 2; - short vendorPatchTag = KMIntegerTag.instance(KMType.UINT_TAG, KMType.VENDOR_PATCH_LEVEL, vendorPatchObjPtr); + short vendorPatchTag = KMIntegerTag + .instance(KMType.UINT_TAG, KMType.VENDOR_PATCH_LEVEL, vendorPatchObjPtr); Util.setShort(scratchPad, arrInd, vendorPatchTag); arrInd += 2; - short bootPatchTag = KMIntegerTag.instance(KMType.UINT_TAG, KMType.BOOT_PATCH_LEVEL, bootPatchObjPtr); + short bootPatchTag = KMIntegerTag + .instance(KMType.UINT_TAG, KMType.BOOT_PATCH_LEVEL, bootPatchObjPtr); Util.setShort(scratchPad, arrInd, bootPatchTag); arrInd += 2; return createKeyParameters(scratchPad, (short) (arrInd / 2)); @@ -209,11 +218,11 @@ public static short makeHwEnforced(short keyParamsPtr, byte origin, // ALL_USERS, EXPORTABLE missing from types.hal public static short makeSwEnforced(short keyParamsPtr, byte[] scratchPad) { final short[] swEnforcedTagsArr = { - KMType.DATE_TAG, KMType.ACTIVE_DATETIME, - KMType.DATE_TAG, KMType.ORIGINATION_EXPIRE_DATETIME, - KMType.DATE_TAG, KMType.USAGE_EXPIRE_DATETIME, - KMType.UINT_TAG, KMType.USERID, - KMType.DATE_TAG, KMType.CREATION_DATETIME + KMType.DATE_TAG, KMType.ACTIVE_DATETIME, + KMType.DATE_TAG, KMType.ORIGINATION_EXPIRE_DATETIME, + KMType.DATE_TAG, KMType.USAGE_EXPIRE_DATETIME, + KMType.UINT_TAG, KMType.USERID, + KMType.DATE_TAG, KMType.CREATION_DATETIME }; byte index = 0; short tagInd; @@ -228,7 +237,7 @@ public static short makeSwEnforced(short keyParamsPtr, byte[] scratchPad) { tagPtr = KMArray.cast(arrPtr).get(index); tagKey = KMTag.getKey(tagPtr); tagType = KMTag.getTagType(tagPtr); - if (!isValidTag(tagType, tagKey)){ + if (!isValidTag(tagType, tagKey)) { KMException.throwIt(KMError.INVALID_KEY_BLOB); } while (tagInd < (short) swEnforcedTagsArr.length) { @@ -250,7 +259,7 @@ public static short makeHidden(short keyParamsPtr, short rootOfTrustBlob, byte[] if (appId != KMTag.INVALID_VALUE) { appId = KMByteTag.cast(appId).getValue(); } - short appData = + short appData = KMKeyParameters.findTag(KMType.BYTES_TAG, KMType.APPLICATION_DATA, keyParamsPtr); if (appData != KMTag.INVALID_VALUE) { appData = KMByteTag.cast(appData).getValue(); @@ -258,7 +267,8 @@ public static short makeHidden(short keyParamsPtr, short rootOfTrustBlob, byte[] return makeHidden(appId, appData, rootOfTrustBlob, scratchPad); } - public static short makeHidden(short appIdBlob, short appDataBlob, short rootOfTrustBlob, byte[] scratchPad){ + public static short makeHidden(short appIdBlob, short appDataBlob, short rootOfTrustBlob, + byte[] scratchPad) { // Order in which the hidden array is created should not change. short index = 0; KMByteBlob.cast(rootOfTrustBlob); @@ -273,16 +283,17 @@ public static short makeHidden(short appIdBlob, short appDataBlob, short rootOfT Util.setShort(scratchPad, index, appDataBlob); index += 2; } - return createKeyParameters(scratchPad, (short)(index/2)); + return createKeyParameters(scratchPad, (short) (index / 2)); } + public static boolean isValidTag(short tagType, short tagKey) { short[] invalidTagsArr = { - KMType.BYTES_TAG, KMType.NONCE, - KMType.BYTES_TAG, KMType.ASSOCIATED_DATA, - KMType.BYTES_TAG, KMType.UNIQUE_ID, - KMType.UINT_TAG, KMType.MAC_LENGTH, - KMType.BOOL_TAG, KMType.BOOTLOADER_ONLY + KMType.BYTES_TAG, KMType.NONCE, + KMType.BYTES_TAG, KMType.ASSOCIATED_DATA, + KMType.BYTES_TAG, KMType.UNIQUE_ID, + KMType.UINT_TAG, KMType.MAC_LENGTH, + KMType.BOOL_TAG, KMType.BOOTLOADER_ONLY }; short index = 0; if (tagKey == KMType.INVALID_TAG) { diff --git a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java index 3942a891..b4914308 100644 --- a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java +++ b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java @@ -32,6 +32,7 @@ * events. */ public class KMKeymasterApplet extends Applet implements AppletEvent, ExtendedLength { + // Constants. public static final byte AES_BLOCK_SIZE = 16; public static final byte DES_BLOCK_SIZE = 8; @@ -43,23 +44,27 @@ public class KMKeymasterApplet extends Applet implements AppletEvent, ExtendedLe // "Keymaster HMAC Verification" - used for HMAC key verification. public static final byte[] sharingCheck = { - 0x4B, 0x65, 0x79, 0x6D, 0x61, 0x73, 0x74, 0x65, 0x72, 0x20, 0x48, 0x4D, 0x41, 0x43, 0x20, 0x56, - 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6F, 0x6E + 0x4B, 0x65, 0x79, 0x6D, 0x61, 0x73, 0x74, 0x65, 0x72, 0x20, 0x48, 0x4D, 0x41, 0x43, 0x20, + 0x56, + 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6F, 0x6E }; // "KeymasterSharedMac" public static final byte[] ckdfLable = { - 0x4B, 0x65, 0x79, 0x6D, 0x61, 0x73, 0x74, 0x65, 0x72, 0x53, 0x68, 0x61, 0x72, 0x65, 0x64, 0x4D, - 0x61, 0x63 + 0x4B, 0x65, 0x79, 0x6D, 0x61, 0x73, 0x74, 0x65, 0x72, 0x53, 0x68, 0x61, 0x72, 0x65, 0x64, + 0x4D, + 0x61, 0x63 }; // "Auth Verification" public static final byte[] authVerification = { - 0x41, 0x75, 0x74, 0x68, 0x20, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6F, - 0x6E + 0x41, 0x75, 0x74, 0x68, 0x20, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, + 0x6F, + 0x6E }; // "confirmation token" public static final byte[] confirmationToken = { - 0x63, 0x6F, 0x6E, 0x66, 0x69, 0x72, 0x6D, 0x61, 0x74, 0x69, 0x6F, 0x6E, 0x20, 0x74, 0x6F, 0x6B, - 0x65, 0x6E + 0x63, 0x6F, 0x6E, 0x66, 0x69, 0x72, 0x6D, 0x61, 0x74, 0x69, 0x6F, 0x6E, 0x20, 0x74, 0x6F, + 0x6B, + 0x65, 0x6E }; // Possible states of the applet. @@ -180,7 +185,9 @@ public class KMKeymasterApplet extends Applet implements AppletEvent, ExtendedLe protected byte provisionStatus = NOT_PROVISIONED; protected static final short MAX_CERT_SIZE = 2048; - /** Registers this applet. */ + /** + * Registers this applet. + */ protected KMKeymasterApplet(KMSEProvider seImpl) { seProvider = seImpl; boolean isUpgrading = seImpl.isUpgrading(); @@ -189,7 +196,7 @@ protected KMKeymasterApplet(KMSEProvider seImpl) { data = JCSystem.makeTransientShortArray((short) DATA_ARRAY_SIZE, JCSystem.CLEAR_ON_RESET); tmpVariables = JCSystem.makeTransientShortArray((short) TMP_VARIABLE_ARRAY_SIZE, JCSystem.CLEAR_ON_RESET); - if(!isUpgrading) { + if (!isUpgrading) { keymasterState = KMKeymasterApplet.INIT_STATE; seProvider.createMasterKey((short) (KMRepository.MASTER_KEY_SIZE * 8)); } @@ -212,13 +219,17 @@ public boolean select() { return true; } - /** De-selects this applet. */ + /** + * De-selects this applet. + */ @Override public void deselect() { repository.onDeselect(); } - /** Uninstalls the applet after cleaning the repository. */ + /** + * Uninstalls the applet after cleaning the repository. + */ @Override public void uninstall() { repository.onUninstall(); @@ -245,7 +256,7 @@ private short mapISOErrorToKMError(short reason) { return KMError.UNKNOWN_ERROR; } } - + private short mapCryptoErrorToKMError(short reason) { switch (reason) { case CryptoException.ILLEGAL_USE: @@ -261,7 +272,7 @@ private short mapCryptoErrorToKMError(short reason) { default: return KMError.UNKNOWN_ERROR; } - } + } protected void validateApduHeader(APDU apdu) { // Read the apdu header and buffer. @@ -291,7 +302,7 @@ public void process(APDU apdu) { repository.onProcess(); // Verify whether applet is in correct state. if ((keymasterState == KMKeymasterApplet.INIT_STATE) - || (keymasterState == KMKeymasterApplet.ILLEGAL_STATE)) { + || (keymasterState == KMKeymasterApplet.ILLEGAL_STATE)) { ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); } // If this is select applet apdu which is selecting this applet then @@ -358,11 +369,11 @@ public void process(APDU apdu) { } if ((keymasterState == KMKeymasterApplet.ACTIVE_STATE) - || (keymasterState == KMKeymasterApplet.IN_PROVISION_STATE)) { + || (keymasterState == KMKeymasterApplet.IN_PROVISION_STATE)) { switch (apduIns) { case INS_SET_BOOT_PARAMS_CMD: if (seProvider.isBootSignalEventSupported() - && (!seProvider.isDeviceRebooted())) { + && (!seProvider.isDeviceRebooted())) { ISOException.throwIt(ISO7816.SW_COMMAND_NOT_ALLOWED); } processSetBootParamsCmd(apdu); @@ -378,8 +389,8 @@ public void process(APDU apdu) { } if ((keymasterState == KMKeymasterApplet.ACTIVE_STATE) - || ((keymasterState == KMKeymasterApplet.IN_PROVISION_STATE) - && isProvisioningComplete())) { + || ((keymasterState == KMKeymasterApplet.IN_PROVISION_STATE) + && isProvisioningComplete())) { switch (apduIns) { case INS_GENERATE_KEY_CMD: processGenerateKey(apdu); @@ -479,11 +490,11 @@ private void generateUniqueOperationHandle(byte[] buf, short offset, short len) } private boolean isProvisioningComplete() { - if((0 != (provisionStatus & PROVISION_STATUS_ATTESTATION_KEY)) - && (0 != (provisionStatus & PROVISION_STATUS_ATTESTATION_CERT_CHAIN)) - && (0 != (provisionStatus & PROVISION_STATUS_ATTESTATION_CERT_PARAMS)) - && (0 != (provisionStatus & PROVISION_STATUS_PRESHARED_SECRET)) - && (0 != (provisionStatus & PROVISION_STATUS_BOOT_PARAM))) { + if ((0 != (provisionStatus & PROVISION_STATUS_ATTESTATION_KEY)) + && (0 != (provisionStatus & PROVISION_STATUS_ATTESTATION_CERT_CHAIN)) + && (0 != (provisionStatus & PROVISION_STATUS_ATTESTATION_CERT_PARAMS)) + && (0 != (provisionStatus & PROVISION_STATUS_PRESHARED_SECRET)) + && (0 != (provisionStatus & PROVISION_STATUS_BOOT_PARAM))) { return true; } else { return false; @@ -543,10 +554,13 @@ private void resetData() { index++; } } - /** Sends a response, may be extended response, as requested by the command. */ + + /** + * Sends a response, may be extended response, as requested by the command. + */ public static void sendOutgoing(APDU apdu) { if (((short) (bufferLength + bufferStartOffset)) > ((short) repository - .getHeap().length)) { + .getHeap().length)) { ISOException.throwIt(ISO7816.SW_WRONG_LENGTH); } // Send data @@ -555,7 +569,9 @@ public static void sendOutgoing(APDU apdu) { apdu.sendBytesLong(buffer, bufferStartOffset, bufferLength); } - /** Receives data, which can be extended data, as requested by the command instance. */ + /** + * Receives data, which can be extended data, as requested by the command instance. + */ public static void receiveIncoming(APDU apdu) { byte[] srcBuffer = apdu.getBuffer(); short recvLen = apdu.setIncomingAndReceive(); @@ -574,8 +590,8 @@ public static void receiveIncoming(APDU apdu) { private void processGetHwInfoCmd(APDU apdu) { // No arguments expected final byte[] JavacardKeymasterDevice = { - 0x4A, 0x61, 0x76, 0x61, 0x63, 0x61, 0x72, 0x64, 0x4B, 0x65, 0x79, 0x6D, 0x61, 0x73, 0x74, - 0x65, 0x72, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, + 0x4A, 0x61, 0x76, 0x61, 0x63, 0x61, 0x72, 0x64, 0x4B, 0x65, 0x79, 0x6D, 0x61, 0x73, 0x74, + 0x65, 0x72, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, }; final byte[] Google = {0x47, 0x6F, 0x6F, 0x67, 0x6C, 0x65}; @@ -674,18 +690,19 @@ private void processProvisionAttestationCertChainCmd(APDU apdu) { bufferStartOffset = repository.alloc(bufferLength); short bytesRead = 0; Util.arrayCopyNonAtomic(srcBuffer, srcOffset, buffer, bufferStartOffset, - recvLen); + recvLen); // tmpVariables[1] holds the total length + Header length. tmpVariables[1] = decoder.readCertificateChainLengthAndHeaderLen(buffer, - bufferStartOffset, recvLen); + bufferStartOffset, recvLen); while (recvLen > 0 && ((short) bytesRead <= bufferLength)) { seProvider.persistPartialCertificateChain(buffer, bufferStartOffset, - recvLen, bufferLength); + recvLen, bufferLength); bytesRead += recvLen; recvLen = apdu.receiveBytes(srcOffset); - if (recvLen > 0) + if (recvLen > 0) { Util.arrayCopyNonAtomic(srcBuffer, srcOffset, buffer, bufferStartOffset, - recvLen); + recvLen); + } } if (tmpVariables[1] != bytesRead) { ISOException.throwIt(ISO7816.SW_WRONG_LENGTH); @@ -730,10 +747,13 @@ private void processProvisionAttestationKey(APDU apdu) { tmpVariables[0] = KMKeyParameters.findTag(KMType.ENUM_ARRAY_TAG, KMType.DIGEST, data[KEY_PARAMETERS]); if (tmpVariables[0] != KMType.INVALID_VALUE) { - if (KMEnumArrayTag.cast(tmpVariables[0]).length() != 1) + if (KMEnumArrayTag.cast(tmpVariables[0]).length() != 1) { KMException.throwIt(KMError.INVALID_ARGUMENT); + } tmpVariables[0] = KMEnumArrayTag.cast(tmpVariables[0]).get((short) 0); - if (tmpVariables[0] != KMType.SHA2_256) KMException.throwIt(KMError.INCOMPATIBLE_DIGEST); + if (tmpVariables[0] != KMType.SHA2_256) { + KMException.throwIt(KMError.INCOMPATIBLE_DIGEST); + } } else { KMException.throwIt(KMError.INVALID_ARGUMENT); } @@ -741,10 +761,13 @@ private void processProvisionAttestationKey(APDU apdu) { tmpVariables[0] = KMKeyParameters.findTag(KMType.ENUM_ARRAY_TAG, KMType.PURPOSE, data[KEY_PARAMETERS]); if (tmpVariables[0] != KMType.INVALID_VALUE) { - if (KMEnumArrayTag.cast(tmpVariables[0]).length() != 1) + if (KMEnumArrayTag.cast(tmpVariables[0]).length() != 1) { KMException.throwIt(KMError.INVALID_ARGUMENT); + } tmpVariables[0] = KMEnumArrayTag.cast(tmpVariables[0]).get((short) 0); - if (tmpVariables[0] != KMType.ATTEST_KEY) KMException.throwIt(KMError.INCOMPATIBLE_PURPOSE); + if (tmpVariables[0] != KMType.ATTEST_KEY) { + KMException.throwIt(KMError.INCOMPATIBLE_PURPOSE); + } } else { KMException.throwIt(KMError.INVALID_ARGUMENT); } @@ -753,9 +776,9 @@ private void processProvisionAttestationKey(APDU apdu) { // persist key seProvider.createAttestationKey( - KMByteBlob.cast(data[SECRET]).getBuffer(), - KMByteBlob.cast(data[SECRET]).getStartOff(), - KMByteBlob.cast(data[SECRET]).length()); + KMByteBlob.cast(data[SECRET]).getBuffer(), + KMByteBlob.cast(data[SECRET]).getStartOff(), + KMByteBlob.cast(data[SECRET]).length()); } private void processProvisionAttestIdsCmd(APDU apdu) { @@ -938,9 +961,9 @@ private void processDeleteKeyCmd(APDU apdu) { KMArray.cast(tmpVariables[1]).add(KMKeymasterApplet.KEY_BLOB_PUB_KEY, KMByteBlob.exp()); try { data[KEY_BLOB] = decoder.decodeArray(tmpVariables[1], - KMByteBlob.cast(data[KEY_BLOB]).getBuffer(), - KMByteBlob.cast(data[KEY_BLOB]).getStartOff(), - KMByteBlob.cast(data[KEY_BLOB]).length()); + KMByteBlob.cast(data[KEY_BLOB]).getBuffer(), + KMByteBlob.cast(data[KEY_BLOB]).getStartOff(), + KMByteBlob.cast(data[KEY_BLOB]).length()); } catch (ISOException e) { // As per VTS, deleteKey should return KMError.OK but in case if // input is empty then VTS accepts UNIMPLEMENTED errorCode as well. @@ -1017,11 +1040,11 @@ private void processComputeSharedHmacCmd(APDU apdu) { if (tmpVariables[7] == 1) { if (0 == Util.arrayCompare( - repository.getHeap(), - (short) (tmpVariables[1] + tmpVariables[3]), - KMByteBlob.cast(tmpVariables[9]).getBuffer(), - KMByteBlob.cast(tmpVariables[9]).getStartOff(), - tmpVariables[6])) { + repository.getHeap(), + (short) (tmpVariables[1] + tmpVariables[3]), + KMByteBlob.cast(tmpVariables[9]).getBuffer(), + KMByteBlob.cast(tmpVariables[9]).getStartOff(), + tmpVariables[6])) { tmpVariables[7] = 2; // hmac nonce for this keymaster found. } else { tmpVariables[7] = 0; @@ -1129,7 +1152,7 @@ private void processUpgradeKeyCmd(APDU apdu) { } //Compare vendor patch levels tmpVariables[1] = - KMKeyParameters.findTag(KMType.UINT_TAG, KMType.VENDOR_PATCH_LEVEL, data[HW_PARAMETERS]); + KMKeyParameters.findTag(KMType.UINT_TAG, KMType.VENDOR_PATCH_LEVEL, data[HW_PARAMETERS]); tmpVariables[1] = KMIntegerTag.cast(tmpVariables[1]).getValue(); tmpVariables[2] = repository.getVendorPatchLevel(); if (tmpVariables[1] != KMType.INVALID_VALUE) { @@ -1142,7 +1165,7 @@ private void processUpgradeKeyCmd(APDU apdu) { } //Compare boot patch levels tmpVariables[1] = - KMKeyParameters.findTag(KMType.UINT_TAG, KMType.BOOT_PATCH_LEVEL, data[HW_PARAMETERS]); + KMKeyParameters.findTag(KMType.UINT_TAG, KMType.BOOT_PATCH_LEVEL, data[HW_PARAMETERS]); tmpVariables[1] = KMIntegerTag.cast(tmpVariables[1]).getValue(); tmpVariables[2] = repository.getBootPatchLevel(); if (tmpVariables[1] != KMType.INVALID_VALUE) { @@ -1373,7 +1396,9 @@ private void processAttestKeyCmd(APDU apdu) { KMException.throwIt(KMError.INCOMPATIBLE_ALGORITHM); } boolean rsaCert = true; - if (tmpVariables[0] == KMType.EC) rsaCert = false; + if (tmpVariables[0] == KMType.EC) { + rsaCert = false; + } KMAttestationCert cert = seProvider.getAttestationCert(rsaCert); // Save attestation application id - must be present. tmpVariables[0] = @@ -1401,12 +1426,14 @@ private void processAttestKeyCmd(APDU apdu) { // then it is an error. tmpVariables[1] = KMKeyParameters.findTag(KMType.DATE_TAG, KMType.ACTIVE_DATETIME, data[SW_PARAMETERS]); - if (tmpVariables[1] != KMType.INVALID_VALUE) + if (tmpVariables[1] != KMType.INVALID_VALUE) { tmpVariables[1] = KMIntegerTag.cast(tmpVariables[1]).getValue(); - else { + } else { tmpVariables[1] = KMKeyParameters.findTag(KMType.DATE_TAG, KMType.CREATION_DATETIME, data[SW_PARAMETERS]); - if (tmpVariables[1] == KMType.INVALID_VALUE) KMException.throwIt(KMError.INVALID_KEY_BLOB); + if (tmpVariables[1] == KMType.INVALID_VALUE) { + KMException.throwIt(KMError.INVALID_KEY_BLOB); + } tmpVariables[1] = KMIntegerTag.cast(tmpVariables[1]).getValue(); } // convert milliseconds to UTC date. Start of validity period has to be UTC. @@ -1445,15 +1472,15 @@ private void processAttestKeyCmd(APDU apdu) { // -------------------------------- private void addAttestationIds(KMAttestationCert cert) { final short[] attTags = - new short[] { - KMType.ATTESTATION_ID_BRAND, - KMType.ATTESTATION_ID_DEVICE, - KMType.ATTESTATION_ID_IMEI, - KMType.ATTESTATION_ID_MANUFACTURER, - KMType.ATTESTATION_ID_MEID, - KMType.ATTESTATION_ID_MODEL, - KMType.ATTESTATION_ID_PRODUCT, - KMType.ATTESTATION_ID_SERIAL + new short[]{ + KMType.ATTESTATION_ID_BRAND, + KMType.ATTESTATION_ID_DEVICE, + KMType.ATTESTATION_ID_IMEI, + KMType.ATTESTATION_ID_MANUFACTURER, + KMType.ATTESTATION_ID_MEID, + KMType.ATTESTATION_ID_MODEL, + KMType.ATTESTATION_ID_PRODUCT, + KMType.ATTESTATION_ID_SERIAL }; byte index = 0; short attIdTag; @@ -1481,44 +1508,46 @@ private void addTags(short params, boolean hwEnforced, KMAttestationCert cert) { private void setUniqueId(KMAttestationCert cert, byte[] scratchPad) { tmpVariables[0] = KMKeyParameters.findTag(KMType.BOOL_TAG, - KMType.INCLUDE_UNIQUE_ID, data[HW_PARAMETERS]); + KMType.INCLUDE_UNIQUE_ID, data[HW_PARAMETERS]); if (tmpVariables[0] == KMType.INVALID_VALUE) { return; } // temporal count T tmpVariables[0] = KMKeyParameters.findTag(KMType.DATE_TAG, - KMType.CREATION_DATETIME, data[SW_PARAMETERS]); - if (tmpVariables[0] == KMType.INVALID_VALUE) + KMType.CREATION_DATETIME, data[SW_PARAMETERS]); + if (tmpVariables[0] == KMType.INVALID_VALUE) { KMException.throwIt(KMError.INVALID_TAG); + } tmpVariables[0] = KMIntegerTag.cast(tmpVariables[0]).getValue(); // Application Id C tmpVariables[1] = KMKeyParameters.findTag(KMType.BYTES_TAG, - KMType.ATTESTATION_APPLICATION_ID, data[KEY_PARAMETERS]); - if (tmpVariables[1] == KMType.INVALID_VALUE) + KMType.ATTESTATION_APPLICATION_ID, data[KEY_PARAMETERS]); + if (tmpVariables[1] == KMType.INVALID_VALUE) { KMException.throwIt(KMError.ATTESTATION_APPLICATION_ID_MISSING); + } tmpVariables[1] = KMByteTag.cast(tmpVariables[1]).getValue(); // Reset After Rotation R - it will be part of HW Enforced key // characteristics byte resetAfterRotation = 0; tmpVariables[2] = KMKeyParameters.findTag(KMType.BOOL_TAG, - KMType.RESET_SINCE_ID_ROTATION, data[HW_PARAMETERS]); + KMType.RESET_SINCE_ID_ROTATION, data[HW_PARAMETERS]); if (tmpVariables[2] != KMType.INVALID_VALUE) { resetAfterRotation = 0x01; } cert.makeUniqueId( - scratchPad, - (short) 0, - KMInteger.cast(tmpVariables[0]).getBuffer(), - KMInteger.cast(tmpVariables[0]).getStartOff(), - KMInteger.cast(tmpVariables[0]).length(), - KMByteBlob.cast(tmpVariables[1]).getBuffer(), - KMByteBlob.cast(tmpVariables[1]).getStartOff(), - KMByteBlob.cast(tmpVariables[1]).length(), resetAfterRotation, - seProvider.getMasterKey()); + scratchPad, + (short) 0, + KMInteger.cast(tmpVariables[0]).getBuffer(), + KMInteger.cast(tmpVariables[0]).getStartOff(), + KMInteger.cast(tmpVariables[0]).length(), + KMByteBlob.cast(tmpVariables[1]).getBuffer(), + KMByteBlob.cast(tmpVariables[1]).getStartOff(), + KMByteBlob.cast(tmpVariables[1]).length(), resetAfterRotation, + seProvider.getMasterKey()); } private void processDestroyAttIdsCmd(APDU apdu) { @@ -1662,8 +1691,9 @@ private void finishDecryptOperation(KMOperationState op, byte[] scratchPad) { case KMType.RSA: // Fill the scratch pad with zero Util.arrayFillNonAtomic(scratchPad, (short) 0, (short) 256, (byte) 0); - if (op.getPadding() == KMType.PADDING_NONE && len != 256) + if (op.getPadding() == KMType.PADDING_NONE && len != 256) { KMException.throwIt(KMError.INVALID_INPUT_LENGTH); + } len = op.getOperation() .finish( @@ -1773,8 +1803,8 @@ private void finishSigningVerifyingOperation(KMOperationState op, byte[] scratch KMByteBlob.cast(data[OUTPUT_DATA]).getBuffer(), KMByteBlob.cast(data[OUTPUT_DATA]).getStartOff()); } else { - KMException.throwIt(KMError.UNSUPPORTED_PURPOSE); - } + KMException.throwIt(KMError.UNSUPPORTED_PURPOSE); + } } catch (CryptoException e) { KMException.throwIt(KMError.INVALID_ARGUMENT); } @@ -1797,8 +1827,8 @@ private void finishSigningVerifyingOperation(KMOperationState op, byte[] scratch (short) 0); data[OUTPUT_DATA] = KMByteBlob.instance(scratchPad, (short) 0, len); } else { - KMException.throwIt(KMError.UNSUPPORTED_PURPOSE); - } + KMException.throwIt(KMError.UNSUPPORTED_PURPOSE); + } break; case KMType.HMAC: // As per Keymaster HAL documentation, the length of the Hmac output can @@ -1826,11 +1856,11 @@ private void finishSigningVerifyingOperation(KMOperationState op, byte[] scratch if (op.getPurpose() == KMType.VERIFY) { if (0 != Util.arrayCompare( - KMByteBlob.cast(data[OUTPUT_DATA]).getBuffer(), - KMByteBlob.cast(data[OUTPUT_DATA]).getStartOff(), - KMByteBlob.cast(data[SIGNATURE]).getBuffer(), - KMByteBlob.cast(data[SIGNATURE]).getStartOff(), - (short) (op.getMacLength() / 8))) { + KMByteBlob.cast(data[OUTPUT_DATA]).getBuffer(), + KMByteBlob.cast(data[OUTPUT_DATA]).getStartOff(), + KMByteBlob.cast(data[SIGNATURE]).getBuffer(), + KMByteBlob.cast(data[SIGNATURE]).getStartOff(), + (short) (op.getMacLength() / 8))) { KMException.throwIt(KMError.VERIFICATION_FAILED); } } @@ -1871,7 +1901,9 @@ private void authorizeDeviceUnlock(short hwToken) { KMType.BOOL_TAG, KMType.UNLOCKED_DEVICE_REQUIRED, data[HW_PARAMETERS]); if (ptr != KMType.INVALID_VALUE && repository.getDeviceLock()) { - if (hwToken == KMType.INVALID_VALUE) KMException.throwIt(KMError.DEVICE_LOCKED); + if (hwToken == KMType.INVALID_VALUE) { + KMException.throwIt(KMError.DEVICE_LOCKED); + } ptr = KMHardwareAuthToken.cast(hwToken).getTimestamp(); // Check if the current auth time stamp is greater then device locked time stamp short ts = repository.getDeviceTimeStamp(); @@ -1992,7 +2024,9 @@ private void processUpdateOperationCmd(APDU apdu) { // Check Operation Handle and get op state // Check Operation Handle KMOperationState op = repository.findOperation(data[OP_HANDLE]); - if (op == null) KMException.throwIt(KMError.INVALID_OPERATION_HANDLE); + if (op == null) { + KMException.throwIt(KMError.INVALID_OPERATION_HANDLE); + } // authorize the update operation authorizeUpdateFinishOperation(op, scratchPad); // If signing without digest then do length validation checks @@ -2132,17 +2166,18 @@ private void processBeginOperationCmd(APDU apdu) { /*Generate a random number for operation handle */ short buf = KMByteBlob.instance(KMRepository.OPERATION_HANDLE_SIZE); generateUniqueOperationHandle( - KMByteBlob.cast(buf).getBuffer(), - KMByteBlob.cast(buf).getStartOff(), - KMByteBlob.cast(buf).length()); + KMByteBlob.cast(buf).getBuffer(), + KMByteBlob.cast(buf).getStartOff(), + KMByteBlob.cast(buf).length()); /* opHandle is a KMInteger and is encoded as KMInteger when it is returned back. */ short opHandle = KMInteger.instance( - KMByteBlob.cast(buf).getBuffer(), - KMByteBlob.cast(buf).getStartOff(), - KMByteBlob.cast(buf).length()); + KMByteBlob.cast(buf).getBuffer(), + KMByteBlob.cast(buf).getStartOff(), + KMByteBlob.cast(buf).length()); KMOperationState op = repository.reserveOperation(opHandle); - if (op == null) + if (op == null) { KMException.throwIt(KMError.TOO_MANY_OPERATIONS); + } data[OP_HANDLE] = op.getHandle(); op.setPurpose((byte) tmpVariables[0]); op.setKeySize(KMByteBlob.cast(data[SECRET]).length()); @@ -2207,13 +2242,15 @@ private void authorizePurpose(KMOperationState op) { switch (op.getAlgorithm()) { case KMType.AES: case KMType.DES: - if (op.getPurpose() == KMType.SIGN || op.getPurpose() == KMType.VERIFY) + if (op.getPurpose() == KMType.SIGN || op.getPurpose() == KMType.VERIFY) { KMException.throwIt(KMError.UNSUPPORTED_PURPOSE); + } break; case KMType.EC: case KMType.HMAC: - if (op.getPurpose() == KMType.ENCRYPT || op.getPurpose() == KMType.DECRYPT) + if (op.getPurpose() == KMType.ENCRYPT || op.getPurpose() == KMType.DECRYPT) { KMException.throwIt(KMError.UNSUPPORTED_PURPOSE); + } break; default: break; @@ -2230,17 +2267,21 @@ private void authorizeDigest(KMOperationState op) { short param = KMKeyParameters.findTag(KMType.ENUM_ARRAY_TAG, KMType.DIGEST, data[KEY_PARAMETERS]); if (param != KMType.INVALID_VALUE) { - if (KMEnumArrayTag.cast(param).length() != 1) KMException.throwIt(KMError.INVALID_ARGUMENT); + if (KMEnumArrayTag.cast(param).length() != 1) { + KMException.throwIt(KMError.INVALID_ARGUMENT); + } param = KMEnumArrayTag.cast(param).get((short) 0); - if (!KMEnumArrayTag.cast(digests).contains(param)) + if (!KMEnumArrayTag.cast(digests).contains(param)) { KMException.throwIt(KMError.INCOMPATIBLE_DIGEST); + } op.setDigest((byte) param); } short paramPadding = KMKeyParameters.findTag(KMType.ENUM_ARRAY_TAG, KMType.PADDING, data[KEY_PARAMETERS]); if (paramPadding != KMType.INVALID_VALUE) { - if (KMEnumArrayTag.cast(paramPadding).length() != 1) + if (KMEnumArrayTag.cast(paramPadding).length() != 1) { KMException.throwIt(KMError.INVALID_ARGUMENT); + } paramPadding = KMEnumArrayTag.cast(paramPadding).get((short) 0); } switch (op.getAlgorithm()) { @@ -2252,7 +2293,9 @@ private void authorizeDigest(KMOperationState op) { break; case KMType.EC: case KMType.HMAC: - if (param == KMType.INVALID_VALUE) KMException.throwIt(KMError.UNSUPPORTED_DIGEST); + if (param == KMType.INVALID_VALUE) { + KMException.throwIt(KMError.UNSUPPORTED_DIGEST); + } break; default: break; @@ -2266,24 +2309,31 @@ private void authorizePadding(KMOperationState op) { short param = KMKeyParameters.findTag(KMType.ENUM_ARRAY_TAG, KMType.PADDING, data[KEY_PARAMETERS]); if (param != KMType.INVALID_VALUE) { - if (KMEnumArrayTag.cast(param).length() != 1) KMException.throwIt(KMError.INVALID_ARGUMENT); + if (KMEnumArrayTag.cast(param).length() != 1) { + KMException.throwIt(KMError.INVALID_ARGUMENT); + } param = KMEnumArrayTag.cast(param).get((short) 0); - if (!KMEnumArrayTag.cast(paddings).contains(param)) + if (!KMEnumArrayTag.cast(paddings).contains(param)) { KMException.throwIt(KMError.INCOMPATIBLE_PADDING_MODE); + } } switch (op.getAlgorithm()) { case KMType.RSA: - if (param == KMType.INVALID_VALUE) KMException.throwIt(KMError.UNSUPPORTED_PADDING_MODE); + if (param == KMType.INVALID_VALUE) { + KMException.throwIt(KMError.UNSUPPORTED_PADDING_MODE); + } if ((op.getPurpose() == KMType.SIGN || op.getPurpose() == KMType.VERIFY) && param != KMType.PADDING_NONE && param != KMType.RSA_PSS - && param != KMType.RSA_PKCS1_1_5_SIGN) + && param != KMType.RSA_PKCS1_1_5_SIGN) { KMException.throwIt(KMError.UNSUPPORTED_PADDING_MODE); + } if ((op.getPurpose() == KMType.ENCRYPT || op.getPurpose() == KMType.DECRYPT) && param != KMType.PADDING_NONE && param != KMType.RSA_OAEP - && param != KMType.RSA_PKCS1_1_5_ENCRYPT) + && param != KMType.RSA_PKCS1_1_5_ENCRYPT) { KMException.throwIt(KMError.UNSUPPORTED_PADDING_MODE); + } if (param == KMType.PADDING_NONE && op.getDigest() != KMType.DIGEST_NONE) { KMException.throwIt(KMError.INCOMPATIBLE_DIGEST); } @@ -2295,7 +2345,9 @@ private void authorizePadding(KMOperationState op) { break; case KMType.DES: case KMType.AES: - if (param == KMType.INVALID_VALUE) KMException.throwIt(KMError.UNSUPPORTED_PADDING_MODE); + if (param == KMType.INVALID_VALUE) { + KMException.throwIt(KMError.UNSUPPORTED_PADDING_MODE); + } op.setPadding((byte) param); break; default: @@ -2307,7 +2359,9 @@ private void authorizeBlockModeAndMacLength(KMOperationState op) { short param = KMKeyParameters.findTag(KMType.ENUM_ARRAY_TAG, KMType.BLOCK_MODE, data[KEY_PARAMETERS]); if (param != KMType.INVALID_VALUE) { - if (KMEnumArrayTag.cast(param).length() != 1) KMException.throwIt(KMError.INVALID_ARGUMENT); + if (KMEnumArrayTag.cast(param).length() != 1) { + KMException.throwIt(KMError.INVALID_ARGUMENT); + } param = KMEnumArrayTag.cast(param).get((short) 0); } if (KMType.AES == op.getAlgorithm() || KMType.DES == op.getAlgorithm()) { @@ -2320,7 +2374,7 @@ private void authorizeBlockModeAndMacLength(KMOperationState op) { switch (op.getAlgorithm()) { case KMType.AES: //Validate the block mode. - switch(param) { + switch (param) { case KMType.ECB: case KMType.CBC: case KMType.CTR: @@ -2329,7 +2383,9 @@ private void authorizeBlockModeAndMacLength(KMOperationState op) { default: KMException.throwIt(KMError.UNSUPPORTED_BLOCK_MODE); } - if (param == KMType.INVALID_VALUE) KMException.throwIt(KMError.INVALID_ARGUMENT); + if (param == KMType.INVALID_VALUE) { + KMException.throwIt(KMError.INVALID_ARGUMENT); + } if (param == KMType.GCM) { if (op.getPadding() != KMType.PADDING_NONE) { KMException.throwIt(KMError.INCOMPATIBLE_PADDING_MODE); @@ -2340,8 +2396,8 @@ private void authorizeBlockModeAndMacLength(KMOperationState op) { if (macLen % 8 != 0 || macLen > 128 || macLen - < KMIntegerTag.getShortValue( - KMType.UINT_TAG, KMType.MIN_MAC_LENGTH, data[HW_PARAMETERS])) { + < KMIntegerTag.getShortValue( + KMType.UINT_TAG, KMType.MIN_MAC_LENGTH, data[HW_PARAMETERS])) { KMException.throwIt(KMError.INVALID_MAC_LENGTH); } op.setMacLength(macLen); @@ -2349,14 +2405,16 @@ private void authorizeBlockModeAndMacLength(KMOperationState op) { break; case KMType.DES: //Validate the block mode. - switch(param) { + switch (param) { case KMType.ECB: case KMType.CBC: break; default: KMException.throwIt(KMError.UNSUPPORTED_BLOCK_MODE); } - if (param == KMType.INVALID_VALUE) KMException.throwIt(KMError.INVALID_ARGUMENT); + if (param == KMType.INVALID_VALUE) { + KMException.throwIt(KMError.INVALID_ARGUMENT); + } break; case KMType.HMAC: if (macLen == KMType.INVALID_VALUE) { @@ -2370,11 +2428,11 @@ private void authorizeBlockModeAndMacLength(KMOperationState op) { } if (macLen < KMIntegerTag.getShortValue( - KMType.UINT_TAG, KMType.MIN_MAC_LENGTH, data[HW_PARAMETERS])) { + KMType.UINT_TAG, KMType.MIN_MAC_LENGTH, data[HW_PARAMETERS])) { KMException.throwIt(KMError.INVALID_MAC_LENGTH); } else if (macLen > KMIntegerTag.getShortValue( - KMType.UINT_TAG, KMType.MIN_MAC_LENGTH, data[HW_PARAMETERS])) { + KMType.UINT_TAG, KMType.MIN_MAC_LENGTH, data[HW_PARAMETERS])) { KMException.throwIt(KMError.UNSUPPORTED_MAC_LENGTH); } op.setMacLength(macLen); @@ -2431,8 +2489,8 @@ private void authorizeAndBeginOperation(KMOperationState op, byte[] scratchPad) // For symmetric decryption iv is required if (op.getPurpose() == KMType.DECRYPT && (op.getBlockMode() == KMType.CBC - || op.getBlockMode() == KMType.GCM - || op.getBlockMode() == KMType.CTR)) { + || op.getBlockMode() == KMType.GCM + || op.getBlockMode() == KMType.CTR)) { KMException.throwIt(KMError.MISSING_NONCE); } else if (op.getBlockMode() == KMType.ECB) { // For ECB we create zero length nonce @@ -2499,10 +2557,11 @@ private void beginCipherOperation(KMOperationState op) { KMByteBlob.cast(data[IV]).length(), op.getMacLength())); } catch (CryptoException exception) { - if (exception.getReason() == CryptoException.ILLEGAL_VALUE) + if (exception.getReason() == CryptoException.ILLEGAL_VALUE) { KMException.throwIt(KMError.INVALID_ARGUMENT); - else if (exception.getReason() == CryptoException.NO_SUCH_ALGORITHM) + } else if (exception.getReason() == CryptoException.NO_SUCH_ALGORITHM) { KMException.throwIt(KMError.UNSUPPORTED_ALGORITHM); + } } } } @@ -2555,17 +2614,17 @@ private void beginSignVerifyOperation(KMOperationState op) { } break; case KMType.HMAC: - // As per Keymaster HAL documentation, the length of the Hmac output can - // be decided by using TAG_MAC_LENGTH in Keyparameters. But there is no - // such provision to control the length of the Hmac output using JavaCard - // crypto APIs and the current implementation always returns 32 bytes - // length of Hmac output. So to provide support to TAG_MAC_LENGTH - // feature, we truncate the output signature to TAG_MAC_LENGTH and return - // the truncated signature back to the caller. At the time of verfication - // we again compute the signature of the plain text input, truncate it to - // TAG_MAC_LENGTH and compare it with the input signature for - // verification. So this is the reason we are using KMType.SIGN directly - // instead of using op.getPurpose(). + // As per Keymaster HAL documentation, the length of the Hmac output can + // be decided by using TAG_MAC_LENGTH in Keyparameters. But there is no + // such provision to control the length of the Hmac output using JavaCard + // crypto APIs and the current implementation always returns 32 bytes + // length of Hmac output. So to provide support to TAG_MAC_LENGTH + // feature, we truncate the output signature to TAG_MAC_LENGTH and return + // the truncated signature back to the caller. At the time of verfication + // we again compute the signature of the plain text input, truncate it to + // TAG_MAC_LENGTH and compare it with the input signature for + // verification. So this is the reason we are using KMType.SIGN directly + // instead of using op.getPurpose(). try { op.setOperation( seProvider.initSymmetricOperation( @@ -2601,7 +2660,9 @@ private void authorizeUserSecureIdAuthTimeout(KMOperationState op) { KMKeyParameters.findTag(KMType.UINT_TAG, KMType.AUTH_TIMEOUT, data[HW_PARAMETERS]); if (tmpVariables[0] != KMType.INVALID_VALUE) { // check if hw token is empty - mac should not be empty. - if (data[HW_TOKEN] == KMType.INVALID_VALUE) KMException.throwIt(KMError.INVALID_MAC_LENGTH); + if (data[HW_TOKEN] == KMType.INVALID_VALUE) { + KMException.throwIt(KMError.INVALID_MAC_LENGTH); + } authTime = KMIntegerTag.cast(tmpVariables[0]).getValue(); // authenticate user authenticateUser(); @@ -2740,7 +2801,7 @@ private void importKey(APDU apdu, byte[] scratchPad) { } //Check if the tags are supported. - if(KMKeyParameters.hasUnsupportedTags(data[KEY_PARAMETERS])) { + if (KMKeyParameters.hasUnsupportedTags(data[KEY_PARAMETERS])) { KMException.throwIt(KMError.UNSUPPORTED_TAG); } // Check algorithm and dispatch to appropriate handler. @@ -2802,7 +2863,7 @@ private void importECKeys(byte[] scratchPad) { // As per NIST.SP.800-186 page 9, secret for 256 curve should be between // 256-383 if (((256 <= (short) (KMByteBlob.cast(data[SECRET]).length() * 8)) - && (383 >= (short) (KMByteBlob.cast(data[SECRET]).length() * 8))) + && (383 >= (short) (KMByteBlob.cast(data[SECRET]).length() * 8))) ^ tmpVariables[2] == 256) { KMException.throwIt(KMError.IMPORT_PARAMETER_MISMATCH); } @@ -2822,7 +2883,7 @@ private void importECKeys(byte[] scratchPad) { // As per NIST.SP.800-186 page 9, secret length for 256 curve should be between // 256-383 if (((256 <= (short) (KMByteBlob.cast(data[SECRET]).length() * 8)) - && (383 >= (short) (KMByteBlob.cast(data[SECRET]).length() * 8))) + && (383 >= (short) (KMByteBlob.cast(data[SECRET]).length() * 8))) ^ tmpVariables[3] == KMType.P_256) { KMException.throwIt(KMError.IMPORT_PARAMETER_MISMATCH); } @@ -3148,9 +3209,9 @@ private void processSetBootParamsCmd(APDU apdu) { KMInteger.cast(tmpVariables[2]).length()); repository.setBootPatchLevel( - KMInteger.cast(tmpVariables[3]).getBuffer(), - KMInteger.cast(tmpVariables[3]).getStartOff(), - KMInteger.cast(tmpVariables[3]).length()); + KMInteger.cast(tmpVariables[3]).getBuffer(), + KMInteger.cast(tmpVariables[3]).getStartOff(), + KMInteger.cast(tmpVariables[3]).length()); repository.setVerifiedBootKey( KMByteBlob.cast(tmpVariables[4]).getBuffer(), @@ -3233,10 +3294,10 @@ private static void processGenerateKey(APDU apdu) { } } //Check if the tags are supported. - if(KMKeyParameters.hasUnsupportedTags(data[KEY_PARAMETERS])) { + if (KMKeyParameters.hasUnsupportedTags(data[KEY_PARAMETERS])) { KMException.throwIt(KMError.UNSUPPORTED_TAG); } - + // Check algorithm and dispatch to appropriate handler. switch (tmpVariables[3]) { case KMType.RSA: @@ -3738,9 +3799,9 @@ private static short deriveKey(byte[] scratchPad) { if (DERIVE_KEY_INPUT_SIZE > tmpVariables[2]) { // Copy KeyCharacteristics in the remaining space of DERIVE_KEY_INPUT_SIZE Util.arrayCopyNonAtomic(repository.getHeap(), (short) (data[AUTH_DATA]), - repository.getHeap(), - (short) (tmpVariables[1] + tmpVariables[2]), - (short) (DERIVE_KEY_INPUT_SIZE - tmpVariables[2])); + repository.getHeap(), + (short) (tmpVariables[1] + tmpVariables[2]), + (short) (DERIVE_KEY_INPUT_SIZE - tmpVariables[2])); } // KeyDerivation: // 1. Do HMAC Sign, with below input parameters. @@ -3751,12 +3812,12 @@ private static short deriveKey(byte[] scratchPad) { // Consume only first 16 bytes as derived key. // Hmac sign. tmpVariables[3] = seProvider.hmacKDF( - seProvider.getMasterKey(), - repository.getHeap(), - tmpVariables[1], - DERIVE_KEY_INPUT_SIZE, - scratchPad, - (short) 0); + seProvider.getMasterKey(), + repository.getHeap(), + tmpVariables[1], + DERIVE_KEY_INPUT_SIZE, + scratchPad, + (short) 0); if (tmpVariables[3] < 16) { KMException.throwIt(KMError.UNKNOWN_ERROR); } @@ -3801,8 +3862,9 @@ private void add(byte[] buf, short op1, short op2, short result) { while (index >= 0) { tmp = (short) (buf[(short) (op1 + index)] + buf[(short) (op2 + index)] + carry); carry = 0; - if (tmp > 255) + if (tmp > 255) { carry = 1; // max unsigned byte value is 255 + } buf[(short) (result + index)] = (byte) (tmp & (byte) 0xFF); index--; } diff --git a/Applet/src/com/android/javacard/keymaster/KMMasterKey.java b/Applet/src/com/android/javacard/keymaster/KMMasterKey.java index 0ceb6291..7a88778e 100644 --- a/Applet/src/com/android/javacard/keymaster/KMMasterKey.java +++ b/Applet/src/com/android/javacard/keymaster/KMMasterKey.java @@ -16,10 +16,9 @@ package com.android.javacard.keymaster; /** - * KMMasterKey is a marker interface and the SE Provider has to implement - * this interface. Internally Masterkey is stored as a Javacard AES key object, - * which will provide additional security. The master key is maintained by the - * SEProvider. + * KMMasterKey is a marker interface and the SE Provider has to implement this interface. Internally + * Masterkey is stored as a Javacard AES key object, which will provide additional security. The + * master key is maintained by the SEProvider. */ public interface KMMasterKey { diff --git a/Applet/src/com/android/javacard/keymaster/KMOperation.java b/Applet/src/com/android/javacard/keymaster/KMOperation.java index 8db3312b..3132e4b3 100644 --- a/Applet/src/com/android/javacard/keymaster/KMOperation.java +++ b/Applet/src/com/android/javacard/keymaster/KMOperation.java @@ -21,23 +21,25 @@ * returned back to KMSEProvider for the reuse when the operation is finished. */ public interface KMOperation { + // Used for cipher operations short update(byte[] inputDataBuf, short inputDataStart, short inputDataLength, - byte[] outputDataBuf, short outputDataStart); + byte[] outputDataBuf, short outputDataStart); + // Used for signature operations short update(byte[] inputDataBuf, short inputDataStart, short inputDataLength); // Used for finishing cipher operations. short finish(byte[] inputDataBuf, short inputDataStart, short inputDataLength, - byte[] outputDataBuf, short outputDataStart); + byte[] outputDataBuf, short outputDataStart); // Used for finishing signing operations. short sign(byte[] inputDataBuf, short inputDataStart, short inputDataLength, - byte[] signBuf, short signStart); + byte[] signBuf, short signStart); // Used for finishing verifying operations. boolean verify(byte[] inputDataBuf, short inputDataStart, short inputDataLength, - byte[] signBuf, short signStart, short signLength); + byte[] signBuf, short signStart, short signLength); // Used for aborting the ongoing operations. void abort(); diff --git a/Applet/src/com/android/javacard/keymaster/KMOperationState.java b/Applet/src/com/android/javacard/keymaster/KMOperationState.java index 6ea96941..f1c65ea4 100644 --- a/Applet/src/com/android/javacard/keymaster/KMOperationState.java +++ b/Applet/src/com/android/javacard/keymaster/KMOperationState.java @@ -20,10 +20,10 @@ import javacard.framework.Util; /** - * KMOperationState is the container of an active operation started by beginOperation function. - * This operation state is persisted by the applet in non volatile memory. However, this state is not - * retained if applet is upgraded. There will be four operation state records maintained i.e. only four - * active operations are supported at any given time. + * KMOperationState is the container of an active operation started by beginOperation function. This + * operation state is persisted by the applet in non volatile memory. However, this state is not + * retained if applet is upgraded. There will be four operation state records maintained i.e. only + * four active operations are supported at any given time. */ public class KMOperationState { @@ -64,7 +64,9 @@ private KMOperationState() { } private static KMOperationState proto() { - if (prototype == null) prototype = new KMOperationState(); + if (prototype == null) { + prototype = new KMOperationState(); + } return prototype; } @@ -88,7 +90,9 @@ public static KMOperationState read(byte[] oprHandle, short off, Object[] slot) } public void persist() { - if (!dFlag) return; + if (!dFlag) { + return; + } KMRepository.instance().persistOperation(data, Util.getShort(data, OP_HANDLE), op); dFlag = false; } @@ -108,13 +112,14 @@ public void reset() { Util.arrayFillNonAtomic( data, (short) 0, (short) data.length, (byte) 0); } - private void dataUpdated(){ + + private void dataUpdated() { dFlag = true; } public void release() { Object[] ops = ((Object[]) slot[REFS]); - ((KMOperation)ops[OPERATION]).abort(); + ((KMOperation) ops[OPERATION]).abort(); JCSystem.beginTransaction(); Util.arrayFillNonAtomic( (byte[]) slot[0], (short) 0, (short) ((byte[]) slot[0]).length, (byte) 0); @@ -168,20 +173,29 @@ public void setAuthTime(byte[] timeBuf, short start) { } public void setOneTimeAuthReqd(boolean flag) { - if (flag) data[FLAGS] = (byte) (data[FLAGS] | SECURE_USER_ID_REQD); - else data[FLAGS] = (byte) (data[FLAGS] & (~SECURE_USER_ID_REQD)); + if (flag) { + data[FLAGS] = (byte) (data[FLAGS] | SECURE_USER_ID_REQD); + } else { + data[FLAGS] = (byte) (data[FLAGS] & (~SECURE_USER_ID_REQD)); + } dataUpdated(); } public void setAuthTimeoutValidated(boolean flag) { - if (flag) data[FLAGS] = (byte) (data[FLAGS] | AUTH_TIMEOUT_VALIDATED); - else data[FLAGS] = (byte) (data[FLAGS] & (~AUTH_TIMEOUT_VALIDATED)); + if (flag) { + data[FLAGS] = (byte) (data[FLAGS] | AUTH_TIMEOUT_VALIDATED); + } else { + data[FLAGS] = (byte) (data[FLAGS] & (~AUTH_TIMEOUT_VALIDATED)); + } dataUpdated(); } public void setAuthPerOperationReqd(boolean flag) { - if (flag) data[FLAGS] = (byte) (data[FLAGS] | AUTH_PER_OP_REQD); - else data[FLAGS] = (byte) (data[FLAGS] & (~AUTH_PER_OP_REQD)); + if (flag) { + data[FLAGS] = (byte) (data[FLAGS] | AUTH_PER_OP_REQD); + } else { + data[FLAGS] = (byte) (data[FLAGS] & (~AUTH_PER_OP_REQD)); + } dataUpdated(); } diff --git a/Applet/src/com/android/javacard/keymaster/KMPreSharedKey.java b/Applet/src/com/android/javacard/keymaster/KMPreSharedKey.java index 71dfcae6..273aeb4a 100644 --- a/Applet/src/com/android/javacard/keymaster/KMPreSharedKey.java +++ b/Applet/src/com/android/javacard/keymaster/KMPreSharedKey.java @@ -16,10 +16,9 @@ package com.android.javacard.keymaster; /** - * KMPreSharedKey is a marker interface and the SE Provider has to implement - * this interface. Internally Preshared key is stored as a Javacard HMac key object, - * which will provide additional security. The pre-shared key is maintained by the - * SEProvider. + * KMPreSharedKey is a marker interface and the SE Provider has to implement this interface. + * Internally Preshared key is stored as a Javacard HMac key object, which will provide additional + * security. The pre-shared key is maintained by the SEProvider. */ public interface KMPreSharedKey { diff --git a/Applet/src/com/android/javacard/keymaster/KMRepository.java b/Applet/src/com/android/javacard/keymaster/KMRepository.java index 47ad740a..204fe312 100644 --- a/Applet/src/com/android/javacard/keymaster/KMRepository.java +++ b/Applet/src/com/android/javacard/keymaster/KMRepository.java @@ -24,10 +24,11 @@ import javacard.framework.Util; /** - * KMRepository class manages persistent and volatile memory usage by the applet. Note the repository - * is only used by applet and it is not intended to be used by seProvider. + * KMRepository class manages persistent and volatile memory usage by the applet. Note the + * repository is only used by applet and it is not intended to be used by seProvider. */ public class KMRepository implements KMUpgradable { + // Data table configuration public static final short DATA_INDEX_SIZE = 22; public static final short DATA_INDEX_ENTRY_SIZE = 4; @@ -39,7 +40,8 @@ public class KMRepository implements KMUpgradable { private static final short OPERATION_HANDLE_STATUS_OFFSET = 0; private static final short OPERATION_HANDLE_STATUS_SIZE = 1; private static final short OPERATION_HANDLE_OFFSET = 1; - private static final short OPERATION_HANDLE_ENTRY_SIZE = OPERATION_HANDLE_SIZE + OPERATION_HANDLE_STATUS_SIZE; + private static final short OPERATION_HANDLE_ENTRY_SIZE = + OPERATION_HANDLE_SIZE + OPERATION_HANDLE_STATUS_SIZE; // Data table offsets public static final byte COMPUTED_HMAC_KEY = 8; @@ -106,10 +108,10 @@ public KMRepository(boolean isUpgrading) { //First byte in the operation handle buffer denotes whether the operation is //reserved or unreserved. byte index = 0; - while(index < MAX_OPS){ + while (index < MAX_OPS) { operationStateTable[index] = new Object[]{new byte[OPERATION_HANDLE_ENTRY_SIZE], - new Object[] {new byte[KMOperationState.MAX_DATA], - new Object[KMOperationState.MAX_REFS]}}; + new Object[]{new byte[KMOperationState.MAX_DATA], + new Object[KMOperationState.MAX_REFS]}}; index++; } //Initialize the device locked status @@ -134,7 +136,8 @@ public KMOperationState findOperation(byte[] buf, short off, short len) { opId = ((byte[]) ((Object[]) operationStateTable[index])[0]); if (0 == Util.arrayCompare(buf, off, opId, OPERATION_HANDLE_OFFSET, len)) { return KMOperationState - .read(opId, OPERATION_HANDLE_OFFSET, (Object[]) ((Object[]) operationStateTable[index])[1]); + .read(opId, OPERATION_HANDLE_OFFSET, + (Object[]) ((Object[]) operationStateTable[index])[1]); } index++; } @@ -146,25 +149,26 @@ public KMOperationState findOperation(byte[] buf, short off, short len) { public KMOperationState findOperation(short operationHandle) { short buf = KMByteBlob.instance(OPERATION_HANDLE_SIZE); getOperationHandle( - operationHandle, - KMByteBlob.cast(buf).getBuffer(), - KMByteBlob.cast(buf).getStartOff(), - KMByteBlob.cast(buf).length()); + operationHandle, + KMByteBlob.cast(buf).getBuffer(), + KMByteBlob.cast(buf).getStartOff(), + KMByteBlob.cast(buf).length()); return findOperation( - KMByteBlob.cast(buf).getBuffer(), - KMByteBlob.cast(buf).getStartOff(), - KMByteBlob.cast(buf).length()); + KMByteBlob.cast(buf).getBuffer(), + KMByteBlob.cast(buf).getStartOff(), + KMByteBlob.cast(buf).length()); } /* opHandle is a KMInteger */ - public KMOperationState reserveOperation(short opHandle){ + public KMOperationState reserveOperation(short opHandle) { short index = 0; byte[] opId; - while(index < MAX_OPS){ - opId = (byte[])((Object[])operationStateTable[index])[0]; + while (index < MAX_OPS) { + opId = (byte[]) ((Object[]) operationStateTable[index])[0]; /* Check for unreserved operation state */ if (opId[OPERATION_HANDLE_STATUS_OFFSET] == 0) { - return KMOperationState.instance(opHandle, (Object[])((Object[])operationStateTable[index])[1]); + return KMOperationState + .instance(opHandle, (Object[]) ((Object[]) operationStateTable[index])[1]); } index++; } @@ -172,28 +176,28 @@ public KMOperationState reserveOperation(short opHandle){ } public void persistOperation(byte[] data, short opHandle, KMOperation op) { - short index = 0; + short index = 0; byte[] opId; short buf = KMByteBlob.instance(OPERATION_HANDLE_SIZE); getOperationHandle( - opHandle, - KMByteBlob.cast(buf).getBuffer(), - KMByteBlob.cast(buf).getStartOff(), - KMByteBlob.cast(buf).length()); + opHandle, + KMByteBlob.cast(buf).getBuffer(), + KMByteBlob.cast(buf).getStartOff(), + KMByteBlob.cast(buf).length()); //Update an existing operation state. while (index < MAX_OPS) { opId = (byte[]) ((Object[]) operationStateTable[index])[0]; if ((1 == opId[OPERATION_HANDLE_STATUS_OFFSET]) - && (0 == Util.arrayCompare( - opId, - OPERATION_HANDLE_OFFSET, - KMByteBlob.cast(buf).getBuffer(), - KMByteBlob.cast(buf).getStartOff(), - KMByteBlob.cast(buf).length()))) { + && (0 == Util.arrayCompare( + opId, + OPERATION_HANDLE_OFFSET, + KMByteBlob.cast(buf).getBuffer(), + KMByteBlob.cast(buf).getStartOff(), + KMByteBlob.cast(buf).length()))) { Object[] slot = (Object[]) ((Object[]) operationStateTable[index])[1]; JCSystem.beginTransaction(); Util.arrayCopy(data, (short) 0, (byte[]) slot[0], (short) 0, - (short) ((byte[]) slot[0]).length); + (short) ((byte[]) slot[0]).length); Object[] ops = ((Object[]) slot[1]); ops[0] = op; JCSystem.commitTransaction(); @@ -204,11 +208,11 @@ public void persistOperation(byte[] data, short opHandle, KMOperation op) { index = 0; //Persist a new operation. - while(index < MAX_OPS){ - opId = (byte[])((Object[])operationStateTable[index])[0]; - if(0 == opId[OPERATION_HANDLE_STATUS_OFFSET]){ - Object[] slot = (Object[])((Object[])operationStateTable[index])[1]; - JCSystem.beginTransaction(); + while (index < MAX_OPS) { + opId = (byte[]) ((Object[]) operationStateTable[index])[0]; + if (0 == opId[OPERATION_HANDLE_STATUS_OFFSET]) { + Object[] slot = (Object[]) ((Object[]) operationStateTable[index])[1]; + JCSystem.beginTransaction(); opId[OPERATION_HANDLE_STATUS_OFFSET] = 1;/*reserved */ Util.arrayCopy( KMByteBlob.cast(buf).getBuffer(), @@ -216,11 +220,12 @@ public void persistOperation(byte[] data, short opHandle, KMOperation op) { opId, OPERATION_HANDLE_OFFSET, OPERATION_HANDLE_SIZE); - Util.arrayCopy(data, (short) 0, (byte[]) slot[0], (short) 0, (short) ((byte[]) slot[0]).length); + Util.arrayCopy(data, (short) 0, (byte[]) slot[0], (short) 0, + (short) ((byte[]) slot[0]).length); Object[] ops = ((Object[]) slot[1]); ops[0] = op; JCSystem.commitTransaction(); - break; + break; } index++; } @@ -231,18 +236,18 @@ public void releaseOperation(KMOperationState op) { byte[] var; short buf = KMByteBlob.instance(OPERATION_HANDLE_SIZE); getOperationHandle( - op.getHandle(), - KMByteBlob.cast(buf).getBuffer(), - KMByteBlob.cast(buf).getStartOff(), - KMByteBlob.cast(buf).length()); + op.getHandle(), + KMByteBlob.cast(buf).getBuffer(), + KMByteBlob.cast(buf).getStartOff(), + KMByteBlob.cast(buf).length()); while (index < MAX_OPS) { var = ((byte[]) ((Object[]) operationStateTable[index])[0]); if ((var[OPERATION_HANDLE_STATUS_OFFSET] == 1) && - (0 == Util.arrayCompare(var, - OPERATION_HANDLE_OFFSET, - KMByteBlob.cast(buf).getBuffer(), - KMByteBlob.cast(buf).getStartOff(), - KMByteBlob.cast(buf).length()))) { + (0 == Util.arrayCompare(var, + OPERATION_HANDLE_OFFSET, + KMByteBlob.cast(buf).getBuffer(), + KMByteBlob.cast(buf).getStartOff(), + KMByteBlob.cast(buf).length()))) { Util.arrayFillNonAtomic(var, (short) 0, (short) var.length, (byte) 0); op.release(); break; @@ -252,13 +257,17 @@ public void releaseOperation(KMOperationState op) { } public void initComputedHmac(byte[] key, short start, short len) { - if(len != COMPUTED_HMAC_KEY_SIZE) KMException.throwIt(KMError.INVALID_INPUT_LENGTH); - writeDataEntry(COMPUTED_HMAC_KEY,key,start,len); + if (len != COMPUTED_HMAC_KEY_SIZE) { + KMException.throwIt(KMError.INVALID_INPUT_LENGTH); + } + writeDataEntry(COMPUTED_HMAC_KEY, key, start, len); } public void initHmacNonce(byte[] nonce, short offset, short len) { - if (len != HMAC_SEED_NONCE_SIZE) { KMException.throwIt(KMError.INVALID_INPUT_LENGTH);} - writeDataEntry(HMAC_NONCE,nonce,offset,len); + if (len != HMAC_SEED_NONCE_SIZE) { + KMException.throwIt(KMError.INVALID_INPUT_LENGTH); + } + writeDataEntry(HMAC_NONCE, nonce, offset, len); } public void clearHmacNonce() { @@ -274,7 +283,8 @@ public void onUninstall() { } - public void onProcess() {} + public void onProcess() { + } public void clean() { Util.arrayFillNonAtomic(heap, (short) 0, heapIndex, (byte) 0); @@ -282,7 +292,8 @@ public void clean() { reclaimIndex = HEAP_SIZE; } - public void onDeselect() {} + public void onDeselect() { + } public void onSelect() { // If write through caching is implemented then this method will restore the data into cache @@ -292,7 +303,7 @@ public void onSelect() { // reclaimMemory function immediately after the use. public short allocReclaimableMemory(short length) { if ((((short) (reclaimIndex - length)) <= heapIndex) - || (length >= HEAP_SIZE / 2)) { + || (length >= HEAP_SIZE / 2)) { ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); } reclaimIndex -= length; @@ -318,7 +329,7 @@ public short allocAvailableMemory() { public short alloc(short length) { if ((((short) (heapIndex + length)) > heap.length) || - (((short) (heapIndex + length)) > reclaimIndex)) { + (((short) (heapIndex + length)) > reclaimIndex)) { ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); } heapIndex += length; @@ -334,7 +345,7 @@ private short dataAlloc(short length) { } - private void newDataTable(boolean isUpgrading){ + private void newDataTable(boolean isUpgrading) { if (!isUpgrading) { if (dataTable == null) { dataTable = new byte[DATA_MEM_SIZE]; @@ -343,26 +354,27 @@ private void newDataTable(boolean isUpgrading){ } } - public void restoreData(short blob){ + public void restoreData(short blob) { JCSystem.beginTransaction(); Util.arrayCopy( - KMByteBlob.cast(blob).getBuffer(),KMByteBlob.cast(blob).getStartOff(),dataTable,(short)0, - KMByteBlob.cast(blob).length() + KMByteBlob.cast(blob).getBuffer(), KMByteBlob.cast(blob).getStartOff(), dataTable, + (short) 0, + KMByteBlob.cast(blob).length() ); JCSystem.commitTransaction(); } - public byte[] getDataTable(){ + public byte[] getDataTable() { return dataTable; } - private void clearDataEntry(short id){ + private void clearDataEntry(short id) { JCSystem.beginTransaction(); - id = (short)(id * DATA_INDEX_ENTRY_SIZE); - short dataLen = Util.getShort(dataTable,(short)(id+DATA_INDEX_ENTRY_LENGTH)); + id = (short) (id * DATA_INDEX_ENTRY_SIZE); + short dataLen = Util.getShort(dataTable, (short) (id + DATA_INDEX_ENTRY_LENGTH)); if (dataLen != 0) { - short dataPtr = Util.getShort(dataTable,(short)(id+DATA_INDEX_ENTRY_OFFSET)); - Util.arrayFillNonAtomic(dataTable, dataPtr,dataLen,(byte)0); + short dataPtr = Util.getShort(dataTable, (short) (id + DATA_INDEX_ENTRY_OFFSET)); + Util.arrayFillNonAtomic(dataTable, dataPtr, dataLen, (byte) 0); } JCSystem.commitTransaction(); } @@ -370,24 +382,26 @@ private void clearDataEntry(short id){ private void writeDataEntry(short id, byte[] buf, short offset, short len) { JCSystem.beginTransaction(); short dataPtr; - id = (short)(id * DATA_INDEX_ENTRY_SIZE); - short dataLen = Util.getShort(dataTable,(short)(id+DATA_INDEX_ENTRY_LENGTH)); + id = (short) (id * DATA_INDEX_ENTRY_SIZE); + short dataLen = Util.getShort(dataTable, (short) (id + DATA_INDEX_ENTRY_LENGTH)); if (dataLen == 0) { dataPtr = dataAlloc(len); - Util.setShort(dataTable,(short)(id+DATA_INDEX_ENTRY_OFFSET),dataPtr); - Util.setShort(dataTable,(short)(id+DATA_INDEX_ENTRY_LENGTH),len); - Util.arrayCopyNonAtomic(buf, offset,dataTable,dataPtr, len); + Util.setShort(dataTable, (short) (id + DATA_INDEX_ENTRY_OFFSET), dataPtr); + Util.setShort(dataTable, (short) (id + DATA_INDEX_ENTRY_LENGTH), len); + Util.arrayCopyNonAtomic(buf, offset, dataTable, dataPtr, len); } else { - if(len != dataLen) KMException.throwIt(KMError.UNKNOWN_ERROR); - dataPtr = Util.getShort(dataTable,(short)(id+DATA_INDEX_ENTRY_OFFSET)); - Util.arrayCopyNonAtomic(buf, offset,dataTable,dataPtr, len); + if (len != dataLen) { + KMException.throwIt(KMError.UNKNOWN_ERROR); + } + dataPtr = Util.getShort(dataTable, (short) (id + DATA_INDEX_ENTRY_OFFSET)); + Util.arrayCopyNonAtomic(buf, offset, dataTable, dataPtr, len); } JCSystem.commitTransaction(); } - private short readDataEntry(short id, byte[] buf, short offset){ - id = (short)(id * DATA_INDEX_ENTRY_SIZE); - short len = Util.getShort(dataTable,(short)(id+DATA_INDEX_ENTRY_LENGTH)); + private short readDataEntry(short id, byte[] buf, short offset) { + id = (short) (id * DATA_INDEX_ENTRY_SIZE); + short len = Util.getShort(dataTable, (short) (id + DATA_INDEX_ENTRY_LENGTH)); if (len != 0) { Util.arrayCopyNonAtomic( dataTable, @@ -399,9 +413,9 @@ private short readDataEntry(short id, byte[] buf, short offset){ return len; } - private short dataLength(short id){ - id = (short)(id * DATA_INDEX_ENTRY_SIZE); - return Util.getShort(dataTable,(short)(id+DATA_INDEX_ENTRY_LENGTH)); + private short dataLength(short id) { + id = (short) (id * DATA_INDEX_ENTRY_SIZE); + return Util.getShort(dataTable, (short) (id + DATA_INDEX_ENTRY_LENGTH)); } public byte[] getHeap() { @@ -416,15 +430,15 @@ public short getComputedHmacKey() { return readData(COMPUTED_HMAC_KEY); } - public void persistAttId(byte id, byte[] buf, short start, short len){ - writeDataEntry(id, buf,start,len); + public void persistAttId(byte id, byte[] buf, short start, short len) { + writeDataEntry(id, buf, start, len); } - public short getAttId(byte id){ + public short getAttId(byte id) { return readData(id); } - public void deleteAttIds(){ + public void deleteAttIds() { clearDataEntry(ATT_ID_BRAND); clearDataEntry(ATT_ID_MEID); clearDataEntry(ATT_ID_DEVICE); @@ -439,15 +453,17 @@ public short getIssuer() { return readData(CERT_ISSUER); } - public short readData(short id){ + public short readData(short id) { short blob = KMByteBlob.instance(dataLength(id)); - if(readDataEntry(id,KMByteBlob.cast(blob).getBuffer(),KMByteBlob.cast(blob).getStartOff())== 0){ + if (readDataEntry(id, KMByteBlob.cast(blob).getBuffer(), KMByteBlob.cast(blob).getStartOff()) + == 0) { return 0; } return blob; } + public void setIssuer(byte[] buf, short start, short len) { - writeDataEntry(CERT_ISSUER,buf,start,len); + writeDataEntry(CERT_ISSUER, buf, start, len); } @@ -456,48 +472,48 @@ public short getCertExpiryTime() { } public void setCertExpiryTime(byte[] buf, short start, short len) { - writeDataEntry(CERT_EXPIRY_TIME, buf,start,len); + writeDataEntry(CERT_EXPIRY_TIME, buf, start, len); } - private static final byte[] zero = {0,0,0,0,0,0,0,0}; + private static final byte[] zero = {0, 0, 0, 0, 0, 0, 0, 0}; - public short getOsVersion(){ + public short getOsVersion() { short blob = readData(BOOT_OS_VERSION); if (blob != 0) { return KMInteger.uint_32( KMByteBlob.cast(blob).getBuffer(), KMByteBlob.cast(blob).getStartOff()); - }else{ - return KMInteger.uint_32(zero,(short)0); + } else { + return KMInteger.uint_32(zero, (short) 0); } } - public short getVendorPatchLevel(){ + public short getVendorPatchLevel() { short blob = readData(VENDOR_PATCH_LEVEL); if (blob != 0) { return KMInteger.uint_32( KMByteBlob.cast(blob).getBuffer(), KMByteBlob.cast(blob).getStartOff()); - }else{ - return KMInteger.uint_32(zero,(short)0); + } else { + return KMInteger.uint_32(zero, (short) 0); } } - public short getBootPatchLevel(){ + public short getBootPatchLevel() { short blob = readData(BOOT_PATCH_LEVEL); if (blob != 0) { return KMInteger.uint_32( KMByteBlob.cast(blob).getBuffer(), KMByteBlob.cast(blob).getStartOff()); - }else{ - return KMInteger.uint_32(zero,(short)0); + } else { + return KMInteger.uint_32(zero, (short) 0); } } - public short getOsPatch(){ + public short getOsPatch() { short blob = readData(BOOT_OS_PATCH); if (blob != 0) { return KMInteger.uint_32( KMByteBlob.cast(blob).getBuffer(), KMByteBlob.cast(blob).getStartOff()); - }else{ - return KMInteger.uint_32(zero,(short)0); + } else { + return KMInteger.uint_32(zero, (short) 0); } } @@ -523,127 +539,148 @@ public short readROT() { short blob = KMByteBlob.instance(totalLength); length = readDataEntry(BOOT_VERIFIED_BOOT_KEY, KMByteBlob.cast(blob) - .getBuffer(), KMByteBlob.cast(blob).getStartOff()); + .getBuffer(), KMByteBlob.cast(blob).getStartOff()); length += readDataEntry(BOOT_VERIFIED_BOOT_HASH, KMByteBlob.cast(blob) .getBuffer(), - (short) (KMByteBlob.cast(blob).getStartOff() + length)); + (short) (KMByteBlob.cast(blob).getStartOff() + length)); length += readDataEntry(BOOT_VERIFIED_BOOT_STATE, KMByteBlob.cast(blob) .getBuffer(), - (short) (KMByteBlob.cast(blob).getStartOff() + length)); + (short) (KMByteBlob.cast(blob).getStartOff() + length)); readDataEntry(BOOT_DEVICE_LOCKED_STATUS, KMByteBlob.cast(blob) .getBuffer(), - (short) (KMByteBlob.cast(blob).getStartOff() + length)); + (short) (KMByteBlob.cast(blob).getStartOff() + length)); return blob; } - public short getVerifiedBootKey(){ + public short getVerifiedBootKey() { return readData(BOOT_VERIFIED_BOOT_KEY); } - public short getVerifiedBootHash(){ + public short getVerifiedBootHash() { return readData(BOOT_VERIFIED_BOOT_HASH); } public boolean getBootLoaderLock() { short blob = readData(BOOT_DEVICE_LOCKED_STATUS); - return (byte)((getHeap())[KMByteBlob.cast(blob).getStartOff()] & 0xFE) != 0; + return (byte) ((getHeap())[KMByteBlob.cast(blob).getStartOff()] & 0xFE) != 0; } - public byte getBootState(){ + public byte getBootState() { short blob = readData(BOOT_VERIFIED_BOOT_STATE); return (getHeap())[KMByteBlob.cast(blob).getStartOff()]; } - public boolean getDeviceLock(){ + public boolean getDeviceLock() { short blob = readData(DEVICE_LOCKED); - return (byte)((getHeap())[KMByteBlob.cast(blob).getStartOff()] & 0xFE) != 0; + return (byte) ((getHeap())[KMByteBlob.cast(blob).getStartOff()] & 0xFE) != 0; } - public boolean getDeviceLockPasswordOnly(){ + public boolean getDeviceLockPasswordOnly() { short blob = readData(DEVICE_LOCKED); - return (byte)((getHeap())[KMByteBlob.cast(blob).getStartOff()] & 0xFD) != 0; + return (byte) ((getHeap())[KMByteBlob.cast(blob).getStartOff()] & 0xFD) != 0; } - public short getDeviceTimeStamp(){ + public short getDeviceTimeStamp() { short blob = readData(DEVICE_LOCKED_TIME); - if(blob != 0){ - return KMInteger.uint_64(KMByteBlob.cast(blob).getBuffer(), - KMByteBlob.cast(blob).getStartOff()); - }else{ - return KMInteger.uint_64(zero,(short)0); + if (blob != 0) { + return KMInteger.uint_64(KMByteBlob.cast(blob).getBuffer(), + KMByteBlob.cast(blob).getStartOff()); + } else { + return KMInteger.uint_64(zero, (short) 0); } } - public void setOsVersion(byte[] buf, short start, short len){ - if(len != OS_VERSION_SIZE) KMException.throwIt(KMError.INVALID_INPUT_LENGTH); - writeDataEntry(BOOT_OS_VERSION,buf,start,len); + public void setOsVersion(byte[] buf, short start, short len) { + if (len != OS_VERSION_SIZE) { + KMException.throwIt(KMError.INVALID_INPUT_LENGTH); + } + writeDataEntry(BOOT_OS_VERSION, buf, start, len); } public void setVendorPatchLevel(byte[] buf, short start, short len) { - if (len != VENDOR_PATCH_SIZE) + if (len != VENDOR_PATCH_SIZE) { KMException.throwIt(KMError.INVALID_INPUT_LENGTH); + } writeDataEntry(VENDOR_PATCH_LEVEL, buf, start, len); } public void setBootPatchLevel(byte[] buf, short start, short len) { - if (len != BOOT_PATCH_SIZE) + if (len != BOOT_PATCH_SIZE) { KMException.throwIt(KMError.INVALID_INPUT_LENGTH); + } writeDataEntry(BOOT_PATCH_LEVEL, buf, start, len); } public void setBootloaderLocked(boolean flag) { short start = alloc(DEVICE_LOCK_FLAG_SIZE); - if(flag) (getHeap())[start] = (byte)((getHeap())[start] | 0x01); - else (getHeap())[start] = (byte)((getHeap())[start] & 0xFE); - writeDataEntry(BOOT_DEVICE_LOCKED_STATUS,getHeap(),start,DEVICE_LOCK_FLAG_SIZE); + if (flag) { + (getHeap())[start] = (byte) ((getHeap())[start] | 0x01); + } else { + (getHeap())[start] = (byte) ((getHeap())[start] & 0xFE); + } + writeDataEntry(BOOT_DEVICE_LOCKED_STATUS, getHeap(), start, DEVICE_LOCK_FLAG_SIZE); } - public void setDeviceLock(boolean flag){ + public void setDeviceLock(boolean flag) { short start = alloc(DEVICE_LOCK_FLAG_SIZE); - if(flag) (getHeap())[start] = (byte)((getHeap())[start] | 0x01); - else (getHeap())[start] = (byte)((getHeap())[start] & 0xFE); - writeDataEntry(DEVICE_LOCKED,getHeap(),start,DEVICE_LOCK_FLAG_SIZE); + if (flag) { + (getHeap())[start] = (byte) ((getHeap())[start] | 0x01); + } else { + (getHeap())[start] = (byte) ((getHeap())[start] & 0xFE); + } + writeDataEntry(DEVICE_LOCKED, getHeap(), start, DEVICE_LOCK_FLAG_SIZE); } - public void setDeviceLockPasswordOnly(boolean flag){ + public void setDeviceLockPasswordOnly(boolean flag) { short start = alloc(DEVICE_LOCK_FLAG_SIZE); - if(flag) (getHeap())[start] = (byte)((getHeap())[start] | 0x02); - else (getHeap())[start] = (byte)((getHeap())[start] & 0xFD); - writeDataEntry(DEVICE_LOCKED,getHeap(),start,DEVICE_LOCK_FLAG_SIZE); + if (flag) { + (getHeap())[start] = (byte) ((getHeap())[start] | 0x02); + } else { + (getHeap())[start] = (byte) ((getHeap())[start] & 0xFD); + } + writeDataEntry(DEVICE_LOCKED, getHeap(), start, DEVICE_LOCK_FLAG_SIZE); } - public void setDeviceLockTimestamp(byte[] buf, short start, short len){ - if(len != DEVICE_LOCK_TS_SIZE) KMException.throwIt(KMError.INVALID_INPUT_LENGTH); - writeDataEntry(DEVICE_LOCKED_TIME, buf, start,len); + public void setDeviceLockTimestamp(byte[] buf, short start, short len) { + if (len != DEVICE_LOCK_TS_SIZE) { + KMException.throwIt(KMError.INVALID_INPUT_LENGTH); + } + writeDataEntry(DEVICE_LOCKED_TIME, buf, start, len); } - public void clearDeviceLockTimeStamp(){ + public void clearDeviceLockTimeStamp() { clearDataEntry(DEVICE_LOCKED_TIME); } - public void setOsPatch(byte[] buf, short start, short len){ - if(len != OS_PATCH_SIZE) KMException.throwIt(KMError.INVALID_INPUT_LENGTH); - writeDataEntry(BOOT_OS_PATCH,buf,start,len); + public void setOsPatch(byte[] buf, short start, short len) { + if (len != OS_PATCH_SIZE) { + KMException.throwIt(KMError.INVALID_INPUT_LENGTH); + } + writeDataEntry(BOOT_OS_PATCH, buf, start, len); } - public void setVerifiedBootKey(byte[] buf, short start, short len){ - if(len > BOOT_KEY_MAX_SIZE) KMException.throwIt(KMError.INVALID_INPUT_LENGTH); - writeDataEntry(BOOT_VERIFIED_BOOT_KEY,buf,start,len); + public void setVerifiedBootKey(byte[] buf, short start, short len) { + if (len > BOOT_KEY_MAX_SIZE) { + KMException.throwIt(KMError.INVALID_INPUT_LENGTH); + } + writeDataEntry(BOOT_VERIFIED_BOOT_KEY, buf, start, len); } - public void setVerifiedBootHash(byte[] buf, short start, short len){ - if(len > BOOT_HASH_MAX_SIZE) KMException.throwIt(KMError.INVALID_INPUT_LENGTH); - writeDataEntry(BOOT_VERIFIED_BOOT_HASH,buf,start,len); + public void setVerifiedBootHash(byte[] buf, short start, short len) { + if (len > BOOT_HASH_MAX_SIZE) { + KMException.throwIt(KMError.INVALID_INPUT_LENGTH); + } + writeDataEntry(BOOT_VERIFIED_BOOT_HASH, buf, start, len); } - public void setBootState(byte state){ + public void setBootState(byte state) { short start = alloc(BOOT_STATE_SIZE); (getHeap())[start] = state; - writeDataEntry(BOOT_VERIFIED_BOOT_STATE,getHeap(),start,BOOT_STATE_SIZE); + writeDataEntry(BOOT_VERIFIED_BOOT_STATE, getHeap(), start, BOOT_STATE_SIZE); } @Override diff --git a/Applet/src/com/android/javacard/keymaster/KMSEProvider.java b/Applet/src/com/android/javacard/keymaster/KMSEProvider.java index a057eb9e..65ae8fb3 100644 --- a/Applet/src/com/android/javacard/keymaster/KMSEProvider.java +++ b/Applet/src/com/android/javacard/keymaster/KMSEProvider.java @@ -24,12 +24,14 @@ * can be only one provider in the applet package. */ public interface KMSEProvider extends KMUpgradable { + /** * Create a symmetric key instance. If the algorithm and/or keysize are not supported then it * should throw a CryptoException. * * @param alg will be KMType.AES, KMType.DES or KMType.HMAC. - * @param keysize will be 128 or 256 for AES or DES. It can be 64 to 512 (multiple of 8) for HMAC. + * @param keysize will be 128 or 256 for AES or DES. It can be 64 to 512 (multiple of 8) for + * HMAC. * @param buf is the buffer in which key has to be returned * @param startOff is the start offset. * @return length of the data in the buf. This should match the keysize (in bytes). @@ -43,15 +45,15 @@ public interface KMSEProvider extends KMUpgradable { * * @param alg will be KMType.RSA or KMType.EC. * @param privKeyBuf is the buffer to return the private key exponent in case of RSA or private - * key in case of EC. + * key in case of EC. * @param privKeyStart is the start offset. * @param privKeyMaxLength is the maximum length of this private key buffer. * @param pubModBuf is the buffer to return the modulus in case of RSA or public key in case of - * EC. + * EC. * @param pubModStart is the start of offset. * @param pubModMaxLength is the maximum length of this public key buffer. * @param lengths is the actual length of the key pair - lengths[0] should be private key and - * lengths[1] should be public key. + * lengths[1] should be public key. */ void createAsymmetricKey( byte alg, @@ -64,11 +66,12 @@ void createAsymmetricKey( short[] lengths); /** - * Verify that the imported key is valid. If the algorithm and/or keysize are not supported then it - * should throw a CryptoException. + * Verify that the imported key is valid. If the algorithm and/or keysize are not supported then + * it should throw a CryptoException. * * @param alg will be KMType.AES, KMType.DES or KMType.HMAC. - * @param keysize will be 128 or 256 for AES or DES. It can be 64 to 512 (multiple of 8) for HMAC. + * @param keysize will be 128 or 256 for AES or DES. It can be 64 to 512 (multiple of 8) for + * HMAC. * @param buf is the buffer that contains the symmetric key. * @param startOff is the start offset. * @param length of the data in the buf. This should match the keysize (in bytes). @@ -83,12 +86,12 @@ void createAsymmetricKey( * CryptoException. * * @param alg will be KMType.RSA or KMType.EC. - * @param privKeyBuf is the buffer that contains the private key exponent in case of RSA or private - * key in case of EC. + * @param privKeyBuf is the buffer that contains the private key exponent in case of RSA or + * private key in case of EC. * @param privKeyStart is the start offset. * @param privKeyLength is the length of this private key buffer. - * @param pubModBuf is the buffer that contains the modulus in case of RSA or public key in case of - * EC. + * @param pubModBuf is the buffer that contains the modulus in case of RSA or public key in case + * of EC. * @param pubModStart is the start of offset. * @param pubModLength is the length of this public key buffer. * @return true if the key pair is supported and valid. @@ -132,8 +135,8 @@ boolean importAsymmetricKey( void getTrueRandomNumber(byte[] num, short offset, short length); /** - * This is a oneshot operation that performs encryption operation using AES GCM algorithm. It throws - * CryptoException if algorithm is not supported or if tag length is not equal to 16 or + * This is a oneshot operation that performs encryption operation using AES GCM algorithm. It + * throws CryptoException if algorithm is not supported or if tag length is not equal to 16 or * nonce length is not equal to 12. * * @param aesKey is the buffer that contains 128 bit or 256 bit aes key used to encrypt. @@ -175,8 +178,8 @@ short aesGCMEncrypt( short authTagLen); /** - * This is a oneshot operation that performs decryption operation using AES GCM algorithm. It throws - * CryptoException if algorithm is not supported. + * This is a oneshot operation that performs decryption operation using AES GCM algorithm. It + * throws CryptoException if algorithm is not supported. * * @param aesKey is the buffer that contains 128 bit or 256 bit aes key used to encrypt. * @param aesKeyStart is the start in aes key buffer. @@ -216,7 +219,7 @@ boolean aesGCMDecrypt( short authTagStart, short authTagLen); - /** + /** * This is a oneshot operation that performs key derivation function using cmac kdf (CKDF) as * defined in android keymaster hal definition. * @@ -266,8 +269,8 @@ short hmacSign( short signatureStart); /** - * This is a oneshot operation that signs the data using hmac algorithm. - * This is used to derive the key, which is used to encrypt the keyblob. + * This is a oneshot operation that signs the data using hmac algorithm. This is used to derive + * the key, which is used to encrypt the keyblob. * * @param instance of masterkey. * @param data is the buffer containing data to be signed. @@ -278,12 +281,12 @@ short hmacSign( * @return length of the signature buffer in bytes. */ short hmacKDF( - KMMasterKey masterkey, - byte[] data, - short dataStart, - short dataLength, - byte[] signature, - short signatureStart); + KMMasterKey masterkey, + byte[] data, + short dataStart, + short dataLength, + byte[] signature, + short signatureStart); /** * This is a oneshot operation that verifies the signature using hmac algorithm. @@ -353,12 +356,12 @@ short rsaDecipherOAEP256( * @return length of the decrypted data. */ short ecSign256( - KMAttestationKey ecPrivKey, - byte[] inputDataBuf, - short inputDataStart, - short inputDataLength, - byte[] outputDataBuf, - short outputDataStart); + KMAttestationKey ecPrivKey, + byte[] inputDataBuf, + short inputDataStart, + short inputDataLength, + byte[] outputDataBuf, + short outputDataStart); /** * This creates a persistent operation for signing, verify, encryption and decryption using HMAC, @@ -367,19 +370,19 @@ short ecSign256( * aborted. It throws CryptoException if algorithm is not supported. * * @param purpose is KMType.ENCRYPT or KMType.DECRYPT for AES and DES algorithm. It will be - * KMType.SIGN and KMType.VERIFY for HMAC algorithm + * KMType.SIGN and KMType.VERIFY for HMAC algorithm * @param alg is KMType.HMAC, KMType.AES or KMType.DES. * @param digest is KMType.SHA2_256 in case of HMAC else it will be KMType.DIGEST_NONE. * @param padding is KMType.PADDING_NONE or KMType.PKCS7 (in case of AES and DES). * @param blockMode is KMType.CTR, KMType.GCM. KMType.CBC or KMType.ECB for AES or DES else it is - * 0. + * 0. * @param keyBuf is aes, des or hmac key buffer. * @param keyStart is the start of the key buffer. * @param keyLength is the length of the key buffer. * @param ivBuf is the iv buffer (in case on AES and DES algorithm without ECB mode) * @param ivStart is the start of the iv buffer. * @param ivLength is the length of the iv buffer. It will be zero in case of HMAC and AES/DES - * with ECB mode. + * with ECB mode. * @param macLength is the mac length in case of signing operation for hmac algorithm. * @return KMOperation instance. */ @@ -401,14 +404,14 @@ KMOperation initSymmetricOperation( * This creates a persistent operation for signing, verify, encryption and decryption using RSA * and EC algorithms when keymaster hal's beginOperation function is executed. For RSA the public * exponent is always 0x0100101. For EC the curve is always p256. The KMOperation instance can be - * reclaimed by the seProvider when KMOperation is finished or aborted. It throws CryptoException + * reclaimed by the seProvider when KMOperation is finished or aborted. It throws CryptoException * if algorithm is not supported. * * @param purpose is KMType.ENCRYPT or KMType.DECRYPT for RSA. It will be * KMType.SIGN and - * KMType.VERIFY for RSA and EC algorithms. + * KMType.VERIFY for RSA and EC algorithms. * @param alg is KMType.RSA or KMType.EC algorithms. * @param padding is KMType.PADDING_NONE or KMType.RSA_OAEP, KMType.RSA_PKCS1_1_5_ENCRYPT, - * KMType.RSA_PKCS1_1_5_SIGN or KMType.RSA_PSS. + * KMType.RSA_PKCS1_1_5_SIGN or KMType.RSA_PSS. * @param digest is KMType.DIGEST_NONE or KMType.SHA2_256. * @param privKeyBuf is the private key in case of EC or private key exponent is case of RSA. * @param privKeyStart is the start of the private key. @@ -436,14 +439,13 @@ KMOperation initAsymmetricOperation( * The attestation certificate implementation will comply keymaster hal specifications. * * @param rsaCert if true indicates that certificate will attest a rsa public key else if false it - * is for ec public key. + * is for ec public key. * @return An empty instance of KMAttestationCert implementation. */ KMAttestationCert getAttestationCert(boolean rsaCert); /** - * This operation persists the certificate chain in the persistent memory - * in multiple requests. + * This operation persists the certificate chain in the persistent memory in multiple requests. * * @param buf buffer containing certificate chain. * @param offset is the start of the buffer. @@ -488,7 +490,9 @@ KMOperation initAsymmetricOperation( boolean isDeviceRebooted(); /** - * This function is supposed to be used to reset the device booted stated after set boot param is handled + * This function is supposed to be used to reset the device booted stated after set boot param is + * handled + * * @param resetBootFlag is false if event has been handled */ void clearDeviceBooted(boolean resetBootFlag); @@ -501,9 +505,9 @@ KMOperation initAsymmetricOperation( boolean isUpgrading(); /** - * This function generates an AES Key of keySizeBits, which is used as - * an master key. This generated key is maintained by the SEProvider. - * This function should be called only once at the time of installation. + * This function generates an AES Key of keySizeBits, which is used as an master key. This + * generated key is maintained by the SEProvider. This function should be called only once at the + * time of installation. * * @param keySizeBits key size in bits. * @return An instance of KMMasterKey. @@ -511,10 +515,9 @@ KMOperation initAsymmetricOperation( KMMasterKey createMasterKey(short keySizeBits); /** - * This function creates an ECKey and initializes the ECPrivateKey with - * the provided input key data. The initialized Key is maintained by the - * SEProvider. This function should be called only while provisioning the - * attestation key. + * This function creates an ECKey and initializes the ECPrivateKey with the provided input key + * data. The initialized Key is maintained by the SEProvider. This function should be called only + * while provisioning the attestation key. * * @param keyData buffer containing the ec private key. * @param offset start of the buffer. @@ -524,10 +527,9 @@ KMOperation initAsymmetricOperation( KMAttestationKey createAttestationKey(byte[] keyData, short offset, short length); /** - * This function creates an HMACKey and initializes the key with the - * provided input key data. This created key is maintained by the - * SEProvider. This function should be called only while provisioing the - * pre-shared secret. + * This function creates an HMACKey and initializes the key with the provided input key data. This + * created key is maintained by the SEProvider. This function should be called only while + * provisioing the pre-shared secret. * * @param keyData buffer containing the key data. * @param offset start of the buffer. diff --git a/Applet/src/com/android/javacard/keymaster/KMTag.java b/Applet/src/com/android/javacard/keymaster/KMTag.java index 6cc251a6..fa9bb38e 100644 --- a/Applet/src/com/android/javacard/keymaster/KMTag.java +++ b/Applet/src/com/android/javacard/keymaster/KMTag.java @@ -19,14 +19,21 @@ import javacard.framework.Util; /** - * This class represents a tag as defined by keymaster hal specifications. It is composed of key value pair. - * The key consists of short tag type e.g. KMType.ENUM and short tag key e.g. KMType.ALGORITHM. The key is encoded as - * uint CBOR type with 4 bytes. This is followed by value which can be any CBOR type based on key. - * struct{byte tag=KMType.TAG_TYPE, short length, value) where value is subtype of KMTag i.e. - * struct{short tagType=one of tag types declared in KMType , short tagKey=one of the tag keys declared in KMType, - * value} where value is one of the sub-types of KMType. + * This class represents a tag as defined by keymaster hal specifications. It is composed of key + * value pair. The key consists of short tag type e.g. KMType.ENUM and short tag key e.g. + * KMType.ALGORITHM. The key is encoded as uint CBOR type with 4 bytes. This is followed by value + * which can be any CBOR type based on key. struct{byte tag=KMType.TAG_TYPE, short length, value) + * where value is subtype of KMTag i.e. struct{short tagType=one of tag types declared in KMType , + * short tagKey=one of the tag keys declared in KMType, value} where value is one of the sub-types + * of KMType. */ public class KMTag extends KMType { - public static short getTagType(short ptr){return Util.getShort(heap, (short)(ptr+TLV_HEADER_SIZE));} - public static short getKey(short ptr){return Util.getShort(heap, (short)(ptr+TLV_HEADER_SIZE+2));} + + public static short getTagType(short ptr) { + return Util.getShort(heap, (short) (ptr + TLV_HEADER_SIZE)); + } + + public static short getKey(short ptr) { + return Util.getShort(heap, (short) (ptr + TLV_HEADER_SIZE + 2)); + } } diff --git a/Applet/src/com/android/javacard/keymaster/KMType.java b/Applet/src/com/android/javacard/keymaster/KMType.java index 4d81de45..59a4b172 100644 --- a/Applet/src/com/android/javacard/keymaster/KMType.java +++ b/Applet/src/com/android/javacard/keymaster/KMType.java @@ -27,7 +27,8 @@ * prototype objects which just cast the structure over contiguous memory buffer. */ public abstract class KMType { - public static final short INVALID_VALUE = (short)0x8000; + + public static final short INVALID_VALUE = (short) 0x8000; protected static final byte TLV_HEADER_SIZE = 3; // Types @@ -283,12 +284,22 @@ public static void initialize() { KMType.heap = repository.getHeap(); } - public static byte getType(short ptr){return heap[ptr];} - public static short length(short ptr){return Util.getShort(heap, (short)(ptr+1));} - public static short getValue(short ptr){return Util.getShort(heap, (short)(ptr+TLV_HEADER_SIZE));} + public static byte getType(short ptr) { + return heap[ptr]; + } + + public static short length(short ptr) { + return Util.getShort(heap, (short) (ptr + 1)); + } + + public static short getValue(short ptr) { + return Util.getShort(heap, (short) (ptr + TLV_HEADER_SIZE)); + } - protected static short instance(byte type, short length){ - if (length < 0) ISOException.throwIt(ISO7816.SW_WRONG_LENGTH); + protected static short instance(byte type, short length) { + if (length < 0) { + ISOException.throwIt(ISO7816.SW_WRONG_LENGTH); + } short ptr = repository.alloc((short) (length + TLV_HEADER_SIZE)); heap[ptr] = type; Util.setShort(heap, (short) (ptr + 1), length); diff --git a/Applet/src/com/android/javacard/keymaster/KMUpgradable.java b/Applet/src/com/android/javacard/keymaster/KMUpgradable.java index 6815374e..0a241652 100644 --- a/Applet/src/com/android/javacard/keymaster/KMUpgradable.java +++ b/Applet/src/com/android/javacard/keymaster/KMUpgradable.java @@ -18,12 +18,13 @@ import org.globalplatform.upgrade.Element; public interface KMUpgradable { + void onSave(Element ele); - + void onRestore(Element ele); - + short getBackupPrimitiveByteCount(); - + short getBackupObjectCount(); } diff --git a/Applet/src/com/android/javacard/keymaster/KMVerificationToken.java b/Applet/src/com/android/javacard/keymaster/KMVerificationToken.java index c9c2f412..1a03b33c 100644 --- a/Applet/src/com/android/javacard/keymaster/KMVerificationToken.java +++ b/Applet/src/com/android/javacard/keymaster/KMVerificationToken.java @@ -19,15 +19,16 @@ import javacard.framework.ISO7816; import javacard.framework.ISOException; import javacard.framework.Util; + /** - * KMVerificationToken represents VerificationToken structure from android keymaster hal specifications. - * It corresponds to CBOR array type. - * struct{byte type=VERIFICATION_TOKEN_TYPE; short length=2; short arrayPtr} where arrayPtr is a pointer to - * ordered array with following elements: - * {KMInteger Challenge; KMInteger Timestamp; KMByteBlob PARAMETERS_VERIFIED; SecurityLevel level; - * KMByteBlob Mac}. + * KMVerificationToken represents VerificationToken structure from android keymaster hal + * specifications. It corresponds to CBOR array type. struct{byte type=VERIFICATION_TOKEN_TYPE; + * short length=2; short arrayPtr} where arrayPtr is a pointer to ordered array with following + * elements: {KMInteger Challenge; KMInteger Timestamp; KMByteBlob PARAMETERS_VERIFIED; + * SecurityLevel level; KMByteBlob Mac}. */ public class KMVerificationToken extends KMType { + public static final byte CHALLENGE = 0x00; public static final byte TIMESTAMP = 0x01; public static final byte PARAMETERS_VERIFIED = 0x02; @@ -37,10 +38,11 @@ public class KMVerificationToken extends KMType { private static KMVerificationToken prototype; private static short instPtr; - private KMVerificationToken() {} + private KMVerificationToken() { + } public static short exp() { - short arrPtr = KMArray.instance((short)5); + short arrPtr = KMArray.instance((short) 5); KMArray arr = KMArray.cast(arrPtr); arr.add(CHALLENGE, KMInteger.exp()); arr.add(TIMESTAMP, KMInteger.exp()); @@ -52,34 +54,42 @@ public static short exp() { } private static KMVerificationToken proto(short ptr) { - if (prototype == null) prototype = new KMVerificationToken(); + if (prototype == null) { + prototype = new KMVerificationToken(); + } instPtr = ptr; return prototype; } public static short instance() { - short arrPtr = KMArray.instance((short)5); + short arrPtr = KMArray.instance((short) 5); KMArray arr = KMArray.cast(arrPtr); - arr.add(CHALLENGE, KMInteger.uint_16((short)0)); - arr.add(TIMESTAMP, KMInteger.uint_16((short)0)); - arr.add(PARAMETERS_VERIFIED, KMByteBlob.instance((short)0)); + arr.add(CHALLENGE, KMInteger.uint_16((short) 0)); + arr.add(TIMESTAMP, KMInteger.uint_16((short) 0)); + arr.add(PARAMETERS_VERIFIED, KMByteBlob.instance((short) 0)); arr.add(SECURITY_LEVEL, KMEnum.instance(KMType.HARDWARE_TYPE, KMType.STRONGBOX)); - arr.add(MAC, KMByteBlob.instance((short)0)); + arr.add(MAC, KMByteBlob.instance((short) 0)); return instance(arrPtr); } public static short instance(short vals) { KMArray arr = KMArray.cast(vals); - if(arr.length() != 5)ISOException.throwIt(ISO7816.SW_WRONG_LENGTH); - short ptr = KMType.instance(VERIFICATION_TOKEN_TYPE, (short)2); - Util.setShort(heap, (short)(ptr + TLV_HEADER_SIZE), vals); + if (arr.length() != 5) { + ISOException.throwIt(ISO7816.SW_WRONG_LENGTH); + } + short ptr = KMType.instance(VERIFICATION_TOKEN_TYPE, (short) 2); + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE), vals); return ptr; } public static KMVerificationToken cast(short ptr) { - if (heap[ptr] != VERIFICATION_TOKEN_TYPE) ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + if (heap[ptr] != VERIFICATION_TOKEN_TYPE) { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } short arrPtr = Util.getShort(heap, (short) (ptr + TLV_HEADER_SIZE)); - if(heap[arrPtr] != ARRAY_TYPE) ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + if (heap[arrPtr] != ARRAY_TYPE) { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } return proto(ptr); } @@ -131,7 +141,7 @@ public short getParametersVerified() { } public void setParametersVerified(short vals) { - // KMKeyParameters.cast(vals); + // KMKeyParameters.cast(vals); KMByteBlob.cast(vals); short arrPtr = getVals(); KMArray.cast(arrPtr).add(PARAMETERS_VERIFIED, vals); diff --git a/HAL/keymaster/4.1/android.hardware.keymaster@4.1-javacard.service.xml b/HAL/keymaster/4.1/android.hardware.keymaster@4.1-javacard.service.xml index 5e365def..83fccabe 100644 --- a/HAL/keymaster/4.1/android.hardware.keymaster@4.1-javacard.service.xml +++ b/HAL/keymaster/4.1/android.hardware.keymaster@4.1-javacard.service.xml @@ -1,7 +1,7 @@ - - android.hardware.keymaster - hwbinder - @4.1::IKeymasterDevice/javacard - + + android.hardware.keymaster + hwbinder + @4.1::IKeymasterDevice/javacard + From 797074d505916d7064712dfe3a9e3adcec663a04 Mon Sep 17 00:00:00 2001 From: bvenkateswarlu Date: Thu, 11 Feb 2021 12:44:09 +0530 Subject: [PATCH 082/169] Added test unsupported block mode --- .../javacard/test/KMFunctionalTest.java | 69 +++++++++++++------ 1 file changed, 49 insertions(+), 20 deletions(-) diff --git a/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java b/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java index 3e0653eb..787b9f97 100644 --- a/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java +++ b/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java @@ -2294,6 +2294,25 @@ public short generateRandom(short upperBound) { return int_random; } + @Test + public void testUnsupportedBlockMode() { + init(); + short desKey = generateAesDesKey(KMType.DES, (short) 168, null, null, false); + short desKeyPtr = KMArray.cast(desKey).get((short) 1); + byte[] keyBlob = new byte[KMByteBlob.cast(desKeyPtr).length()]; + Util.arrayCopyNonAtomic(KMByteBlob.cast(desKeyPtr).getBuffer(), KMByteBlob + .cast(desKeyPtr).getStartOff(), keyBlob, (short) 0, + (short) keyBlob.length); + short desPkcs7Params = getAesDesParams(KMType.DES, (byte) KMType.CTR, + KMType.PKCS7, new byte[12]); + short ret = begin(KMType.ENCRYPT, + KMByteBlob.instance(keyBlob, (short) 0, (short) keyBlob.length), + KMKeyParameters.instance(desPkcs7Params), (short) 0, + KMError.UNSUPPORTED_BLOCK_MODE); + + cleanUp(); + } + @Test public void testDesEcbPkcs7PaddingCorrupted() { init(); @@ -2951,36 +2970,46 @@ public short processMessage( return ret; } - public short begin(byte keyPurpose, short keyBlob, short keyParmas, short hwToken) { - short arrPtr = KMArray.instance((short)4); - KMArray.cast(arrPtr).add((short)0, KMEnum.instance(KMType.PURPOSE, keyPurpose)); - KMArray.cast(arrPtr).add((short)1, keyBlob); - KMArray.cast(arrPtr).add((short)2, keyParmas); - if(hwToken == 0) { + public short begin(byte keyPurpose, short keyBlob, short keyParmas, + short hwToken, short expectedErr) { + short arrPtr = KMArray.instance((short) 4); + KMArray.cast(arrPtr).add((short) 0, + KMEnum.instance(KMType.PURPOSE, keyPurpose)); + KMArray.cast(arrPtr).add((short) 1, keyBlob); + KMArray.cast(arrPtr).add((short) 2, keyParmas); + if (hwToken == 0) { hwToken = KMHardwareAuthToken.instance(); } - KMArray.cast(arrPtr).add((short)3, hwToken); - CommandAPDU apdu = encodeApdu((byte)INS_BEGIN_OPERATION_CMD, arrPtr); - //print(apdu.getBytes(),(short)0,(short)apdu.getBytes().length); + KMArray.cast(arrPtr).add((short) 3, hwToken); + CommandAPDU apdu = encodeApdu((byte) INS_BEGIN_OPERATION_CMD, arrPtr); + // print(apdu.getBytes(),(short)0,(short)apdu.getBytes().length); ResponseAPDU response = simulator.transmitCommand(apdu); short ret = KMArray.instance((short) 3); short outParams = KMKeyParameters.exp(); - KMArray.cast(ret).add((short)0, KMInteger.exp()); - KMArray.cast(ret).add((short)1, outParams); - KMArray.cast(ret).add((short)2, KMInteger.exp()); + KMArray.cast(ret).add((short) 0, KMInteger.exp()); + KMArray.cast(ret).add((short) 1, outParams); + KMArray.cast(ret).add((short) 2, KMInteger.exp()); byte[] respBuf = response.getBytes(); short len = (short) respBuf.length; - if(len > 5){ - ret = decoder.decode(ret, respBuf, (short) 0, len); - short error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); - Assert.assertEquals(error, KMError.OK); - return ret;}else{ - if(len == 3) return respBuf[0]; - if(len == 4) return respBuf[1]; - return Util.getShort(respBuf,(short)0); + if (len > 5) { + ret = decoder.decode(ret, respBuf, (short) 0, len); + short error = KMInteger.cast(KMArray.cast(ret).get((short) 0)).getShort(); + Assert.assertEquals(error, expectedErr); + return ret; + } else { + if (len == 3) + return respBuf[0]; + if (len == 4) + return respBuf[1]; + return Util.getShort(respBuf, (short) 0); } } + public short begin(byte keyPurpose, short keyBlob, short keyParmas, + short hwToken) { + return begin(keyPurpose, keyBlob, keyParmas, hwToken, KMError.OK); + } + public short translateExtendedErrorCodes(short err) { switch (err) { case KMError.SW_CONDITIONS_NOT_SATISFIED: From 22226d564155066316abfc6fac871ade4831a3bc Mon Sep 17 00:00:00 2001 From: bvenkateswarlu Date: Thu, 11 Feb 2021 20:37:07 +0530 Subject: [PATCH 083/169] Updated KMFunctionalTest --- .../android/javacard/test/KMFunctionalTest.java | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java b/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java index 787b9f97..a96e34f8 100644 --- a/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java +++ b/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java @@ -2307,9 +2307,8 @@ public void testUnsupportedBlockMode() { KMType.PKCS7, new byte[12]); short ret = begin(KMType.ENCRYPT, KMByteBlob.instance(keyBlob, (short) 0, (short) keyBlob.length), - KMKeyParameters.instance(desPkcs7Params), (short) 0, - KMError.UNSUPPORTED_BLOCK_MODE); - + KMKeyParameters.instance(desPkcs7Params), (short) 0); + Assert.assertTrue(ret == KMError.UNSUPPORTED_BLOCK_MODE); cleanUp(); } @@ -2971,7 +2970,7 @@ public short processMessage( } public short begin(byte keyPurpose, short keyBlob, short keyParmas, - short hwToken, short expectedErr) { + short hwToken) { short arrPtr = KMArray.instance((short) 4); KMArray.cast(arrPtr).add((short) 0, KMEnum.instance(KMType.PURPOSE, keyPurpose)); @@ -2994,7 +2993,7 @@ public short begin(byte keyPurpose, short keyBlob, short keyParmas, if (len > 5) { ret = decoder.decode(ret, respBuf, (short) 0, len); short error = KMInteger.cast(KMArray.cast(ret).get((short) 0)).getShort(); - Assert.assertEquals(error, expectedErr); + Assert.assertEquals(error, KMError.OK); return ret; } else { if (len == 3) @@ -3005,11 +3004,6 @@ public short begin(byte keyPurpose, short keyBlob, short keyParmas, } } - public short begin(byte keyPurpose, short keyBlob, short keyParmas, - short hwToken) { - return begin(keyPurpose, keyBlob, keyParmas, hwToken, KMError.OK); - } - public short translateExtendedErrorCodes(short err) { switch (err) { case KMError.SW_CONDITIONS_NOT_SATISFIED: From bcb224ce529e54e0de8043b3283715000551fdfc Mon Sep 17 00:00:00 2001 From: bvenkateswarlu Date: Fri, 12 Feb 2021 23:00:07 +0530 Subject: [PATCH 084/169] 1. return INVALID_KEY_BLOB incase if parEncryptedKeyblob fails for any reason. 2. Incase of NOPAD sign if signature length is less than 256 add zero to the front and make length equal to 256. --- .../javacard/keymaster/KMKeymasterApplet.java | 109 +++++++++--------- 1 file changed, 55 insertions(+), 54 deletions(-) diff --git a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java index b4914308..07cc134b 100644 --- a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java +++ b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java @@ -1782,26 +1782,23 @@ private void finishSigningVerifyingOperation(KMOperationState op, byte[] scratch Util.arrayFillNonAtomic(scratchPad, (short) 0, (short) 256, (byte) 0); switch (op.getAlgorithm()) { case KMType.RSA: - // Output for signature is always 256 bytes. - data[OUTPUT_DATA] = KMByteBlob.instance((short) 256); // If there is no padding we can treat signing as a RSA decryption operation. - if (op.getDigest() == KMType.DIGEST_NONE && op.getPadding() == KMType.PADDING_NONE) { - // Input data of Verify operation must be 256 bytes - if (op.getPurpose() == KMType.VERIFY - && KMByteBlob.cast(data[INPUT_DATA]).length() != 256) { - KMException.throwIt(KMError.INVALID_INPUT_LENGTH); - } - } try { if (op.getPurpose() == KMType.SIGN) { // len of signature will be 256 bytes - op.getOperation() - .sign( + short len = op.getOperation().sign( KMByteBlob.cast(data[INPUT_DATA]).getBuffer(), KMByteBlob.cast(data[INPUT_DATA]).getStartOff(), - KMByteBlob.cast(data[INPUT_DATA]).length(), + KMByteBlob.cast(data[INPUT_DATA]).length(), scratchPad, + (short) 0); + // Maximum output size of signature is 256 bytes. + data[OUTPUT_DATA] = KMByteBlob.instance((short) 256); + Util.arrayCopyNonAtomic( + scratchPad, + (short) 0, KMByteBlob.cast(data[OUTPUT_DATA]).getBuffer(), - KMByteBlob.cast(data[OUTPUT_DATA]).getStartOff()); + (short) (KMByteBlob.cast(data[OUTPUT_DATA]).getStartOff() + 256 - len), + len); } else { KMException.throwIt(KMError.UNSUPPORTED_PURPOSE); } @@ -3625,53 +3622,57 @@ private static void createEncryptedKeyBlob(byte[] scratchPad) { } private static void parseEncryptedKeyBlob(byte[] scratchPad) { - tmpVariables[0] = KMByteBlob.cast(data[KEY_BLOB]).getStartOff(); - tmpVariables[1] = KMArray.instance((short) 5); - KMArray.cast(tmpVariables[1]).add(KMKeymasterApplet.KEY_BLOB_SECRET, KMByteBlob.exp()); - KMArray.cast(tmpVariables[1]).add(KMKeymasterApplet.KEY_BLOB_AUTH_TAG, KMByteBlob.exp()); - KMArray.cast(tmpVariables[1]).add(KMKeymasterApplet.KEY_BLOB_NONCE, KMByteBlob.exp()); - tmpVariables[2] = KMKeyCharacteristics.exp(); - KMArray.cast(tmpVariables[1]).add(KMKeymasterApplet.KEY_BLOB_KEYCHAR, tmpVariables[2]); - KMArray.cast(tmpVariables[1]).add(KMKeymasterApplet.KEY_BLOB_PUB_KEY, KMByteBlob.exp()); + data[ROT] = repository.readROT(); + if (data[ROT] == KMType.INVALID_VALUE) { + KMException.throwIt(KMError.UNKNOWN_ERROR); + } try { - data[KEY_BLOB] = - decoder.decodeArray( - tmpVariables[1], + tmpVariables[0] = KMByteBlob.cast(data[KEY_BLOB]).getStartOff(); + tmpVariables[1] = KMArray.instance((short) 5); + KMArray.cast(tmpVariables[1]).add(KMKeymasterApplet.KEY_BLOB_SECRET, + KMByteBlob.exp()); + KMArray.cast(tmpVariables[1]).add(KMKeymasterApplet.KEY_BLOB_AUTH_TAG, + KMByteBlob.exp()); + KMArray.cast(tmpVariables[1]).add(KMKeymasterApplet.KEY_BLOB_NONCE, + KMByteBlob.exp()); + tmpVariables[2] = KMKeyCharacteristics.exp(); + KMArray.cast(tmpVariables[1]).add(KMKeymasterApplet.KEY_BLOB_KEYCHAR, + tmpVariables[2]); + KMArray.cast(tmpVariables[1]).add(KMKeymasterApplet.KEY_BLOB_PUB_KEY, + KMByteBlob.exp()); + data[KEY_BLOB] = decoder.decodeArray(tmpVariables[1], KMByteBlob.cast(data[KEY_BLOB]).getBuffer(), KMByteBlob.cast(data[KEY_BLOB]).getStartOff(), KMByteBlob.cast(data[KEY_BLOB]).length()); - } catch (ISOException e) { - KMException.throwIt(KMError.INVALID_KEY_BLOB); - } - tmpVariables[0] = KMArray.cast(data[KEY_BLOB]).length(); - if (tmpVariables[0] < 4) { + tmpVariables[0] = KMArray.cast(data[KEY_BLOB]).length(); + if (tmpVariables[0] < 4) { + KMException.throwIt(KMError.INVALID_KEY_BLOB); + } + data[AUTH_TAG] = KMArray.cast(data[KEY_BLOB]).get(KEY_BLOB_AUTH_TAG); + + // initialize data + data[NONCE] = KMArray.cast(data[KEY_BLOB]).get(KEY_BLOB_NONCE); + data[SECRET] = KMArray.cast(data[KEY_BLOB]).get(KEY_BLOB_SECRET); + data[KEY_CHARACTERISTICS] = KMArray.cast(data[KEY_BLOB]).get( + KEY_BLOB_KEYCHAR); + data[PUB_KEY] = KMType.INVALID_VALUE; + if (tmpVariables[0] == 5) { + data[PUB_KEY] = KMArray.cast(data[KEY_BLOB]).get(KEY_BLOB_PUB_KEY); + } + data[HW_PARAMETERS] = KMKeyCharacteristics + .cast(data[KEY_CHARACTERISTICS]).getHardwareEnforced(); + data[SW_PARAMETERS] = KMKeyCharacteristics + .cast(data[KEY_CHARACTERISTICS]).getSoftwareEnforced(); + + data[HIDDEN_PARAMETERS] = KMKeyParameters.makeHidden(data[APP_ID], + data[APP_DATA], data[ROT], scratchPad); + // make auth data + makeAuthData(scratchPad); + // Decrypt Secret and verify auth tag + decryptSecret(scratchPad); + } catch (Exception e) { KMException.throwIt(KMError.INVALID_KEY_BLOB); } - data[AUTH_TAG] = KMArray.cast(data[KEY_BLOB]).get(KEY_BLOB_AUTH_TAG); - - // initialize data - data[NONCE] = KMArray.cast(data[KEY_BLOB]).get(KEY_BLOB_NONCE); - data[SECRET] = KMArray.cast(data[KEY_BLOB]).get(KEY_BLOB_SECRET); - data[KEY_CHARACTERISTICS] = KMArray.cast(data[KEY_BLOB]).get(KEY_BLOB_KEYCHAR); - data[PUB_KEY] = KMType.INVALID_VALUE; - if (tmpVariables[0] == 5) { - data[PUB_KEY] = KMArray.cast(data[KEY_BLOB]).get(KEY_BLOB_PUB_KEY); - } - data[HW_PARAMETERS] = - KMKeyCharacteristics.cast(data[KEY_CHARACTERISTICS]).getHardwareEnforced(); - data[SW_PARAMETERS] = - KMKeyCharacteristics.cast(data[KEY_CHARACTERISTICS]).getSoftwareEnforced(); - data[ROT] = repository.readROT(); - if (data[ROT] == KMType.INVALID_VALUE) { - KMException.throwIt(KMError.UNKNOWN_ERROR); - } - - data[HIDDEN_PARAMETERS] = - KMKeyParameters.makeHidden(data[APP_ID], data[APP_DATA], data[ROT], scratchPad); - // make auth data - makeAuthData(scratchPad); - // Decrypt Secret and verify auth tag - decryptSecret(scratchPad); } private static void decryptSecret(byte[] scratchPad) { From 3b20c9d376280ca8664553004d78244dd11edb94 Mon Sep 17 00:00:00 2001 From: BKSSM Venkateswarlu Date: Tue, 16 Feb 2021 22:39:13 +0000 Subject: [PATCH 085/169] Sending extending length APDU always --- .../4.1/JavacardKeymaster4Device.cpp | 40 +++++++---------- provisioning_tool/Provision.cpp | 45 ++++++++----------- 2 files changed, 34 insertions(+), 51 deletions(-) diff --git a/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp b/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp index c9f3ab96..eb8ccdd8 100644 --- a/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp +++ b/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp @@ -338,35 +338,28 @@ keyFormat, std::vector& wrappedKeyDescription) { return ErrorCode::OK; } -ErrorCode constructApduMessage(Instruction& ins, std::vector& inputData, std::vector& apduOut, bool -extendedOutput=false) { +ErrorCode constructApduMessage(Instruction& ins, std::vector& inputData, std::vector& apduOut) { apduOut.push_back(static_cast(APDU_CLS)); //CLS apduOut.push_back(static_cast(ins)); //INS apduOut.push_back(static_cast(APDU_P1)); //P1 apduOut.push_back(static_cast(APDU_P2)); //P2 - if(UCHAR_MAX < inputData.size() && USHRT_MAX >= inputData.size()) { + if(USHRT_MAX >= inputData.size()) { + // Send extended length APDU always as response size is not known to HAL. + // Case 1: Lc > 0 CLS | INS | P1 | P2 | 00 | 2 bytes of Lc | CommandData | 2 bytes of Le all set to 00. + // Case 2: Lc = 0 CLS | INS | P1 | P2 | 3 bytes of Le all set to 00. //Extended length 3 bytes, starts with 0x00 apduOut.push_back(static_cast(0x00)); - apduOut.push_back(static_cast(inputData.size() >> 8)); - apduOut.push_back(static_cast(inputData.size() & 0xFF)); - //Data - apduOut.insert(apduOut.end(), inputData.begin(), inputData.end()); - //Expected length of output + if (inputData.size() > 0) { + apduOut.push_back(static_cast(inputData.size() >> 8)); + apduOut.push_back(static_cast(inputData.size() & 0xFF)); + //Data + apduOut.insert(apduOut.end(), inputData.begin(), inputData.end()); + } + //Expected length of output. + //Accepting complete length of output every time. apduOut.push_back(static_cast(0x00)); apduOut.push_back(static_cast(0x00)); - apduOut.push_back(static_cast(0x00));//Accepting complete length of output at a time - } else if(0 <= inputData.size() && UCHAR_MAX >= inputData.size()) { - //Short length - apduOut.push_back(static_cast(inputData.size())); - //Data - if(inputData.size() > 0) - apduOut.insert(apduOut.end(), inputData.begin(), inputData.end()); - //Expected length of output - apduOut.push_back(static_cast(0x00));//Accepting complete length of output at a time - if(extendedOutput) - apduOut.push_back(static_cast(0x00)); - } else { return (ErrorCode::INSUFFICIENT_BUFFER_SPACE); } @@ -423,8 +416,7 @@ static bool isSEProvisioned() { } -ErrorCode sendData(Instruction ins, std::vector& inData, std::vector& response, bool - extendedOutput=false) { +ErrorCode sendData(Instruction ins, std::vector& inData, std::vector& response) { ErrorCode ret = ErrorCode::UNKNOWN_ERROR; std::vector apdu; @@ -432,7 +424,7 @@ ErrorCode sendData(Instruction ins, std::vector& inData, std::vectorsendData(apdu.data(), apdu.size(), response)) { @@ -849,7 +841,7 @@ Return JavacardKeymaster4Device::attestKey(const hidl_vec& keyToA } else { cborData.clear(); cborOutData.clear(); - errorCode = sendData(Instruction::INS_GET_CERT_CHAIN_CMD, cborData, cborOutData, true); + errorCode = sendData(Instruction::INS_GET_CERT_CHAIN_CMD, cborData, cborOutData); if(errorCode == ErrorCode::OK) { //Skip last 2 bytes in cborData, it contains status. std::tie(item, errorCode) = decodeData(cborConverter_, std::vector(cborOutData.begin(), diff --git a/provisioning_tool/Provision.cpp b/provisioning_tool/Provision.cpp index 85bdd241..45425975 100644 --- a/provisioning_tool/Provision.cpp +++ b/provisioning_tool/Provision.cpp @@ -64,10 +64,8 @@ enum ProvisionStatus { }; // Static function declarations. -static ErrorCode constructApduMessage(Instruction& ins, std::vector& inputData, std::vector& apduOut, bool -extendedOutput=false); -static ErrorCode sendProvisionData(std::unique_ptr& transport, Instruction ins, std::vector& inData, std::vector& response, bool -extendedOutput = false); +static ErrorCode constructApduMessage(Instruction& ins, std::vector& inputData, std::vector& apduOut); +static ErrorCode sendProvisionData(std::unique_ptr& transport, Instruction ins, std::vector& inData, std::vector& response); static uint16_t getStatus(std::vector& inputData); static inline X509* parseDerCertificate(std::vector& certData) { @@ -125,35 +123,29 @@ static uint16_t getStatus(std::vector& inputData) { return (inputData.at(inputData.size()-2) << 8) | (inputData.at(inputData.size()-1)); } -static ErrorCode constructApduMessage(Instruction& ins, std::vector& inputData, std::vector& apduOut, bool -extendedOutput) { +static ErrorCode constructApduMessage(Instruction& ins, std::vector& inputData, std::vector& apduOut) { + apduOut.push_back(static_cast(APDU_CLS)); //CLS apduOut.push_back(static_cast(ins)); //INS apduOut.push_back(static_cast(APDU_P1)); //P1 apduOut.push_back(static_cast(APDU_P2)); //P2 - if(UCHAR_MAX < inputData.size() && USHRT_MAX >= inputData.size()) { + if(USHRT_MAX >= inputData.size()) { + // Send extended length APDU always as response size is not known to HAL. + // Case 1: Lc > 0 CLS | INS | P1 | P2 | 00 | 2 bytes of Lc | CommandData | 2 bytes of Le all set to 00. + // Case 2: Lc = 0 CLS | INS | P1 | P2 | 3 bytes of Le all set to 00. //Extended length 3 bytes, starts with 0x00 apduOut.push_back(static_cast(0x00)); - apduOut.push_back(static_cast(inputData.size() >> 8)); - apduOut.push_back(static_cast(inputData.size() & 0xFF)); - //Data - apduOut.insert(apduOut.end(), inputData.begin(), inputData.end()); - //Expected length of output + if (inputData.size() > 0) { + apduOut.push_back(static_cast(inputData.size() >> 8)); + apduOut.push_back(static_cast(inputData.size() & 0xFF)); + //Data + apduOut.insert(apduOut.end(), inputData.begin(), inputData.end()); + } + //Expected length of output. + //Accepting complete length of output every time. apduOut.push_back(static_cast(0x00)); apduOut.push_back(static_cast(0x00)); - apduOut.push_back(static_cast(0x00));//Accepting complete length of output at a time - } else if(0 <= inputData.size() && UCHAR_MAX >= inputData.size()) { - //Short length - apduOut.push_back(static_cast(inputData.size())); - //Data - if(inputData.size() > 0) - apduOut.insert(apduOut.end(), inputData.begin(), inputData.end()); - //Expected length of output - apduOut.push_back(static_cast(0x00));//Accepting complete length of output at a time - if(extendedOutput) - apduOut.push_back(static_cast(0x00)); - } else { return (ErrorCode::INSUFFICIENT_BUFFER_SPACE); } @@ -163,13 +155,12 @@ extendedOutput) { -static ErrorCode sendProvisionData(std::unique_ptr& transport, Instruction ins, std::vector& inData, std::vector& response, bool -extendedOutput) { +static ErrorCode sendProvisionData(std::unique_ptr& transport, Instruction ins, std::vector& inData, std::vector& response) { ErrorCode ret = ErrorCode::OK; std::vector apdu; CborConverter cborConverter; std::unique_ptr item; - ret = constructApduMessage(ins, inData, apdu, extendedOutput); + ret = constructApduMessage(ins, inData, apdu); if(ret != ErrorCode::OK) return ret; if(!transport->sendData(apdu.data(), apdu.size(), response)) { From 6e61b90edcf1df22ad4b77eb4d8ffca6c514b23e Mon Sep 17 00:00:00 2001 From: BKSSM Venkateswarlu Date: Fri, 26 Feb 2021 11:20:26 +0000 Subject: [PATCH 086/169] A Strongbox implementation need not support support DEVICE_UNIQUE_ATTESTATION, and return ErrorCode::CANNOT_ATTEST_IDS if they don't support it. --- Applet/src/com/android/javacard/keymaster/KMError.java | 1 + .../src/com/android/javacard/keymaster/KMKeymasterApplet.java | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/Applet/src/com/android/javacard/keymaster/KMError.java b/Applet/src/com/android/javacard/keymaster/KMError.java index bac8cf20..0b4373d3 100644 --- a/Applet/src/com/android/javacard/keymaster/KMError.java +++ b/Applet/src/com/android/javacard/keymaster/KMError.java @@ -66,6 +66,7 @@ public class KMError { public static final short KEY_REQUIRES_UPGRADE = 62; public static final short ATTESTATION_APPLICATION_ID_MISSING = 65; + public static final short CANNOT_ATTEST_IDS = 66; public static final short ROLLBACK_RESISTANCE_UNAVAILABLE = 67; public static final short DEVICE_LOCKED = 72; diff --git a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java index 07cc134b..6d5acb36 100644 --- a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java +++ b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java @@ -1388,7 +1388,7 @@ private void processAttestKeyCmd(APDU apdu) { KMKeyParameters.findTag( KMType.BOOL_TAG, KMType.DEVICE_UNIQUE_ATTESTATION, data[KEY_PARAMETERS]); if (tmpVariables[0] != KMType.INVALID_VALUE) { - KMException.throwIt(KMError.UNIMPLEMENTED); + KMException.throwIt(KMError.CANNOT_ATTEST_IDS); } // The key which is being attested should be asymmetric i.e. RSA or EC tmpVariables[0] = KMEnumTag.getValue(KMType.ALGORITHM, data[HW_PARAMETERS]); From 8144c2d4d01e060affe2bfd0db05e6b7bf78064f Mon Sep 17 00:00:00 2001 From: bvenkateswarlu Date: Wed, 3 Mar 2021 22:55:33 +0000 Subject: [PATCH 087/169] Clear all the operation state in setBootParams --- .../javacard/keymaster/KMKeymasterApplet.java | 7 +++++++ .../javacard/keymaster/KMRepository.java | 20 +++++++++++++++++++ 2 files changed, 27 insertions(+) diff --git a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java index 6d5acb36..b79cabaa 100644 --- a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java +++ b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java @@ -3142,6 +3142,10 @@ private void updateKeyParameters(byte[] ptrArr, short len) { } // This command is executed to set the boot parameters. + // releaseAllOperations has to be called on every boot, so + // it is called from inside setBootParams. Later in future if + // setBootParams is removed, then make sure that releaseAllOperations + // is moved to a place where it is called on every boot. private void processSetBootParamsCmd(APDU apdu) { receiveIncoming(apdu); byte[] scratchPad = apdu.getBuffer(); @@ -3230,6 +3234,9 @@ private void processSetBootParamsCmd(APDU apdu) { repository.clearComputedHmac(); repository.clearHmacNonce(); + //Clear all the operation state. + repository.releaseAllOperations(); + // Hmac is cleared, so generate a new Hmac nonce. seProvider.newRandomNumber(scratchPad, (short) 0, KMRepository.HMAC_SEED_NONCE_SIZE); repository.initHmacNonce(scratchPad, (short) 0, KMRepository.HMAC_SEED_NONCE_SIZE); diff --git a/Applet/src/com/android/javacard/keymaster/KMRepository.java b/Applet/src/com/android/javacard/keymaster/KMRepository.java index 204fe312..5c3ed151 100644 --- a/Applet/src/com/android/javacard/keymaster/KMRepository.java +++ b/Applet/src/com/android/javacard/keymaster/KMRepository.java @@ -256,6 +256,26 @@ public void releaseOperation(KMOperationState op) { } } + public void releaseAllOperations() { + short index = 0; + byte[] var; + while (index < MAX_OPS) { + var = ((byte[]) ((Object[]) operationStateTable[index])[0]); + if (var[OPERATION_HANDLE_STATUS_OFFSET] == 1) { + Object[] slot = (Object[]) ((Object[]) operationStateTable[index])[1]; + Object[] ops = ((Object[]) slot[1]); + ((KMOperation) ops[0]).abort(); + JCSystem.beginTransaction(); + Util.arrayFillNonAtomic((byte[]) slot[0], (short) 0, + (short) ((byte[]) slot[0]).length, (byte) 0); + Util.arrayFillNonAtomic(var, (short) 0, (short) var.length, (byte) 0); + ops[0] = null; + JCSystem.commitTransaction(); + } + index++; + } + } + public void initComputedHmac(byte[] key, short start, short len) { if (len != COMPUTED_HMAC_KEY_SIZE) { KMException.throwIt(KMError.INVALID_INPUT_LENGTH); From b1327a1ff1646a1ca08dbfc13882c2ea60badb96 Mon Sep 17 00:00:00 2001 From: BKSSM Venkateswarlu Date: Thu, 4 Mar 2021 14:11:39 +0000 Subject: [PATCH 088/169] update the variable name from var to oprHandleBuf --- .../src/com/android/javacard/keymaster/KMRepository.java | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Applet/src/com/android/javacard/keymaster/KMRepository.java b/Applet/src/com/android/javacard/keymaster/KMRepository.java index 5c3ed151..a5df9ce2 100644 --- a/Applet/src/com/android/javacard/keymaster/KMRepository.java +++ b/Applet/src/com/android/javacard/keymaster/KMRepository.java @@ -258,17 +258,17 @@ public void releaseOperation(KMOperationState op) { public void releaseAllOperations() { short index = 0; - byte[] var; + byte[] oprHandleBuf; while (index < MAX_OPS) { - var = ((byte[]) ((Object[]) operationStateTable[index])[0]); - if (var[OPERATION_HANDLE_STATUS_OFFSET] == 1) { + oprHandleBuf = ((byte[]) ((Object[]) operationStateTable[index])[0]); + if (oprHandleBuf[OPERATION_HANDLE_STATUS_OFFSET] == 1) { Object[] slot = (Object[]) ((Object[]) operationStateTable[index])[1]; Object[] ops = ((Object[]) slot[1]); ((KMOperation) ops[0]).abort(); JCSystem.beginTransaction(); Util.arrayFillNonAtomic((byte[]) slot[0], (short) 0, (short) ((byte[]) slot[0]).length, (byte) 0); - Util.arrayFillNonAtomic(var, (short) 0, (short) var.length, (byte) 0); + Util.arrayFillNonAtomic(oprHandleBuf, (short) 0, (short) oprHandleBuf.length, (byte) 0); ops[0] = null; JCSystem.commitTransaction(); } From 6d799940f008c2b9d3af35f150037dba21d8dce9 Mon Sep 17 00:00:00 2001 From: BKSSM Venkateswarlu Date: Thu, 4 Mar 2021 18:21:15 +0000 Subject: [PATCH 089/169] 1. In releaseOperation, renamed the variable name 'var' 2. clearing the operation handle is moved under begin/commit transaction. --- .../com/android/javacard/keymaster/KMRepository.java | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/Applet/src/com/android/javacard/keymaster/KMRepository.java b/Applet/src/com/android/javacard/keymaster/KMRepository.java index a5df9ce2..94bde080 100644 --- a/Applet/src/com/android/javacard/keymaster/KMRepository.java +++ b/Applet/src/com/android/javacard/keymaster/KMRepository.java @@ -233,7 +233,7 @@ public void persistOperation(byte[] data, short opHandle, KMOperation op) { public void releaseOperation(KMOperationState op) { short index = 0; - byte[] var; + byte[] oprHandleBuf; short buf = KMByteBlob.instance(OPERATION_HANDLE_SIZE); getOperationHandle( op.getHandle(), @@ -241,14 +241,16 @@ public void releaseOperation(KMOperationState op) { KMByteBlob.cast(buf).getStartOff(), KMByteBlob.cast(buf).length()); while (index < MAX_OPS) { - var = ((byte[]) ((Object[]) operationStateTable[index])[0]); - if ((var[OPERATION_HANDLE_STATUS_OFFSET] == 1) && - (0 == Util.arrayCompare(var, + oprHandleBuf = ((byte[]) ((Object[]) operationStateTable[index])[0]); + if ((oprHandleBuf[OPERATION_HANDLE_STATUS_OFFSET] == 1) && + (0 == Util.arrayCompare(oprHandleBuf, OPERATION_HANDLE_OFFSET, KMByteBlob.cast(buf).getBuffer(), KMByteBlob.cast(buf).getStartOff(), KMByteBlob.cast(buf).length()))) { - Util.arrayFillNonAtomic(var, (short) 0, (short) var.length, (byte) 0); + JCSystem.beginTransaction(); + Util.arrayFillNonAtomic(oprHandleBuf, (short) 0, (short) oprHandleBuf.length, (byte) 0); + JCSystem.commitTransaction(); op.release(); break; } From 7256f98148bf39bc9ca917176205540ec0111db4 Mon Sep 17 00:00:00 2001 From: BKSSM Venkateswarlu Date: Tue, 9 Mar 2021 11:14:37 +0000 Subject: [PATCH 090/169] Added sample certificates and keys required while using provisioning tool --- provisioning_tool/test_certs/batch_cert.der | Bin 0 -> 694 bytes provisioning_tool/test_certs/batch_key.der | Bin 0 -> 121 bytes provisioning_tool/test_certs/ca_cert.der | Bin 0 -> 689 bytes provisioning_tool/test_certs/ca_key.der | Bin 0 -> 121 bytes .../test_certs/intermediate_cert.der | Bin 0 -> 664 bytes provisioning_tool/test_certs/intermediate_key.der | Bin 0 -> 121 bytes 6 files changed, 0 insertions(+), 0 deletions(-) create mode 100644 provisioning_tool/test_certs/batch_cert.der create mode 100644 provisioning_tool/test_certs/batch_key.der create mode 100644 provisioning_tool/test_certs/ca_cert.der create mode 100644 provisioning_tool/test_certs/ca_key.der create mode 100644 provisioning_tool/test_certs/intermediate_cert.der create mode 100644 provisioning_tool/test_certs/intermediate_key.der diff --git a/provisioning_tool/test_certs/batch_cert.der b/provisioning_tool/test_certs/batch_cert.der new file mode 100644 index 0000000000000000000000000000000000000000..355bc9846c283fa9ac484caf7d98e9d6a743d060 GIT binary patch literal 694 zcmXqLV%lWT#1y%JnTe5!iAjLLfQyYotIgw_EekV~LE|h#ZUas>=1>+kVW!YvLtz6! z5Ql?@%Q-P8GcCU;FEi1Q-+&h+$i>6vo}ZtdlWHhwAPy4X<`HnrODW3FOi>6jmZT~;J1P{H6y@ioC*@Zd${WbCaROb^_MMlJ zlTl2dI3uw<&mkRbgmAG!SNE z2S*1JBQ#!^8QGbg7+Aiyd|CIY;nag?7Rk+)sn>mMONFbf&q|$I=q{_`v9ozMt(#xfW*`reR%Vef5NitE9@{o1g}{Q9kuq=B&hJ*2+bE9U**%PG|~wRvKpWY1_&yK zNX|V20SBQ(13~}<_k{GW@_@?V<~U=6Ic3*OJ#`a$JIxx(p-Ua1YN8YM_3n_8>yKx# b(4uYv8iNvBXpT^2HD;mihGHV-0AW;yW#cm- literal 0 HcmV?d00001 diff --git a/provisioning_tool/test_certs/ca_cert.der b/provisioning_tool/test_certs/ca_cert.der new file mode 100644 index 0000000000000000000000000000000000000000..f574a4c588d9acf8d388f0b97f91c14d1ef57e77 GIT binary patch literal 689 zcmXqLVp?m^#1y=MnTe5!Nu<2YqPX7T*}R*jap|l1`D`C=nX=h{i;Y98&EuRc3p0~J z<6=W@15P&PP!={}rqEzRVFN)Bhl7X9IWZ?QEx#x)Gtp4QKnNtr&chv?n3qr4V&<*u6*tu`D!ST(DbpM=b;X1j0r(x9go&`mUch%SYJ8L4? zv^d!y5g3Ndp|X4|Vk{z!InSaDemq)V|DHuT;EvxCk4LOY2J#?jWflnou?Fl4_(2MU z85#exuo^G}DFZ%`06$0om{J(qkkbvb2ZMntlOn_VlxK@`)?Kz>S}4aiW8uUVlb-#k zl$zgsakFyCW!tU(N0<~!cD&yR9XjpJ@Q;yI4H|84@Ng|vN-(*;t1!p2 bqAmQ)gbK;OxiMO|jG%HM-6yR6%`_2$PMkJ# literal 0 HcmV?d00001 diff --git a/provisioning_tool/test_certs/intermediate_cert.der b/provisioning_tool/test_certs/intermediate_cert.der new file mode 100644 index 0000000000000000000000000000000000000000..615f423e0773b2979152ec847ec0be46813d66d6 GIT binary patch literal 664 zcmXqLVwz&m#ALmInTe5!iAjLLfQyYotIgw_EekV~LE~aWZUas>=1>+kVW!YvLtz6! z5Ql?@%Q-P8GcCU;FEi0l#6Son$j-wZoS2tZl$ckXnVfIPZ@>!@<>Fy;&(BZKNi~!- z5C;ix^9VTRr4;37rYHobCYKgvmQ)(b7)XJnn0bUDY88?b6^cuW^7GP@@+%DG4P@Ck zflg}s&dbQjC?-&xkyxJRkPbFgFF8NgKu(<3$k4#h$il$f(7?blN}Sgi#5IF*4H{<= z;R{mSt7)JPajyc@y`Fg`sYSV|DVd2SsS3`Hq&Pm(K$wjk9NN0GsC`TLXGRt`19_0N zGK++PSc6Do&a)_kACK18zh_YnxZ}6P;}L5TIBI2u85#exa2T)wDJDh+13r)@evlY2 zjWD($rx<2;1_Ku+1-;#FR~%M{Zr-*{I^>z%+Yp28+lvIkOmw+#$JDk}x^q{?yLQ0ZBJ1d6-z=${7OeEkK?r1ao literal 0 HcmV?d00001 From 626522e2a250f8b44e4ac3c50e8aa9ff7b696642 Mon Sep 17 00:00:00 2001 From: BKSSMVenkateswarlu <40534495+BKSSMVenkateswarlu@users.noreply.github.com> Date: Tue, 9 Mar 2021 11:24:58 +0000 Subject: [PATCH 091/169] Update README.md --- provisioning_tool/README.md | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/provisioning_tool/README.md b/provisioning_tool/README.md index 9f0dfbb4..580d034b 100644 --- a/provisioning_tool/README.md +++ b/provisioning_tool/README.md @@ -1,14 +1,19 @@ # Provisioning tool This directory contains provisioning tool which helps in provisioning the secure element by using the APIs exposed by Provision library. -This tool takes the input parameters from json file. A sample -json file is located in this directory with name [sample_json.txt](https://github.com/BKSSMVenkateswarlu/JavaCardKeymaster/blob/master/provisioning_tool/sample_json.txt) for -your reference. +This tool takes the input parameters from json file. #### Build This tool can be built along with aosp build. It has dependency on -[libjc_common](https://github.com/BKSSMVenkateswarlu/JavaCardKeymaster/blob/master/HAL/keymaster/Android.bp) and -libjc_provision. +[libjc_common](../HAL/keymaster/Android.bp) and +[libjc_provision](Android.bp). + +#### Sample resources for quick testing +A sample json file is located in this directory with name [sample_json.txt](sample_json.txt) +for your reference. Also the required certificates and keys can be found +in test_certs directory. Copy the certificates and the key into the +emulator/device filesystem in their respective paths mentioned in the +sample_json.txt. #### Usage 

From d442d7051c9b71d53891144d2c59c92284cd7339 Mon Sep 17 00:00:00 2001
From: BKSSMVenkateswarlu
 <40534495+BKSSMVenkateswarlu@users.noreply.github.com>
Date: Tue, 9 Mar 2021 11:26:26 +0000
Subject: [PATCH 092/169] Update README.md

---
 provisioning_tool/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/provisioning_tool/README.md b/provisioning_tool/README.md
index 580d034b..4e30c3f8 100644
--- a/provisioning_tool/README.md
+++ b/provisioning_tool/README.md
@@ -11,7 +11,7 @@ This tool can be built along with aosp build. It has dependency on
 #### Sample resources for quick testing
 A sample json file is located in this directory with name [sample_json.txt](sample_json.txt)
 for your reference. Also the required certificates and keys can be found
-in test_certs directory. Copy the certificates and the key into the 
+in [test_certs](test_certs) directory. Copy the certificates and the key into the 
 emulator/device filesystem in their respective paths mentioned in the 
 sample_json.txt.
 

From 4d21da991e4e5a641119b20411a2c2066139c415 Mon Sep 17 00:00:00 2001
From: BKSSM Venkateswarlu 
Date: Tue, 9 Mar 2021 11:35:00 +0000
Subject: [PATCH 093/169] Renamed source file names

---
 {provisioning_tool => ProvisioningTool}/Android.bp  |   2 +-
 .../Provision.cpp                                   |   0
 {provisioning_tool => ProvisioningTool}/Provision.h |   0
 .../ProvisionTool.cpp                               |   0
 {provisioning_tool => ProvisioningTool}/README.md   |   2 +-
 .../sample_json.txt                                 |   0
 .../test_resources}/batch_cert.der                  | Bin
 .../test_resources}/batch_key.der                   | Bin
 .../test_resources}/ca_cert.der                     | Bin
 .../test_resources}/ca_key.der                      | Bin
 .../test_resources}/intermediate_cert.der           | Bin
 .../test_resources}/intermediate_key.der            | Bin
 12 files changed, 2 insertions(+), 2 deletions(-)
 rename {provisioning_tool => ProvisioningTool}/Android.bp (98%)
 rename {provisioning_tool => ProvisioningTool}/Provision.cpp (100%)
 rename {provisioning_tool => ProvisioningTool}/Provision.h (100%)
 rename provisioning_tool/provision_tool.cpp => ProvisioningTool/ProvisionTool.cpp (100%)
 rename {provisioning_tool => ProvisioningTool}/README.md (93%)
 rename {provisioning_tool => ProvisioningTool}/sample_json.txt (100%)
 rename {provisioning_tool/test_certs => ProvisioningTool/test_resources}/batch_cert.der (100%)
 rename {provisioning_tool/test_certs => ProvisioningTool/test_resources}/batch_key.der (100%)
 rename {provisioning_tool/test_certs => ProvisioningTool/test_resources}/ca_cert.der (100%)
 rename {provisioning_tool/test_certs => ProvisioningTool/test_resources}/ca_key.der (100%)
 rename {provisioning_tool/test_certs => ProvisioningTool/test_resources}/intermediate_cert.der (100%)
 rename {provisioning_tool/test_certs => ProvisioningTool/test_resources}/intermediate_key.der (100%)

diff --git a/provisioning_tool/Android.bp b/ProvisioningTool/Android.bp
similarity index 98%
rename from provisioning_tool/Android.bp
rename to ProvisioningTool/Android.bp
index 579d2ff4..ad1ee2d1 100644
--- a/provisioning_tool/Android.bp
+++ b/ProvisioningTool/Android.bp
@@ -19,7 +19,7 @@ cc_binary {
     vendor: true,
     relative_install_path: "hw",
     srcs: [
-        "provision_tool.cpp",
+        "ProvisionTool.cpp",
     ],
     shared_libs: [
         "libdl",
diff --git a/provisioning_tool/Provision.cpp b/ProvisioningTool/Provision.cpp
similarity index 100%
rename from provisioning_tool/Provision.cpp
rename to ProvisioningTool/Provision.cpp
diff --git a/provisioning_tool/Provision.h b/ProvisioningTool/Provision.h
similarity index 100%
rename from provisioning_tool/Provision.h
rename to ProvisioningTool/Provision.h
diff --git a/provisioning_tool/provision_tool.cpp b/ProvisioningTool/ProvisionTool.cpp
similarity index 100%
rename from provisioning_tool/provision_tool.cpp
rename to ProvisioningTool/ProvisionTool.cpp
diff --git a/provisioning_tool/README.md b/ProvisioningTool/README.md
similarity index 93%
rename from provisioning_tool/README.md
rename to ProvisioningTool/README.md
index 4e30c3f8..0eeb4f8d 100644
--- a/provisioning_tool/README.md
+++ b/ProvisioningTool/README.md
@@ -11,7 +11,7 @@ This tool can be built along with aosp build. It has dependency on
 #### Sample resources for quick testing
 A sample json file is located in this directory with name [sample_json.txt](sample_json.txt)
 for your reference. Also the required certificates and keys can be found
-in [test_certs](test_certs) directory. Copy the certificates and the key into the 
+in [test_resources](test_resources) directory. Copy the certificates and the key into the 
 emulator/device filesystem in their respective paths mentioned in the 
 sample_json.txt.
 
diff --git a/provisioning_tool/sample_json.txt b/ProvisioningTool/sample_json.txt
similarity index 100%
rename from provisioning_tool/sample_json.txt
rename to ProvisioningTool/sample_json.txt
diff --git a/provisioning_tool/test_certs/batch_cert.der b/ProvisioningTool/test_resources/batch_cert.der
similarity index 100%
rename from provisioning_tool/test_certs/batch_cert.der
rename to ProvisioningTool/test_resources/batch_cert.der
diff --git a/provisioning_tool/test_certs/batch_key.der b/ProvisioningTool/test_resources/batch_key.der
similarity index 100%
rename from provisioning_tool/test_certs/batch_key.der
rename to ProvisioningTool/test_resources/batch_key.der
diff --git a/provisioning_tool/test_certs/ca_cert.der b/ProvisioningTool/test_resources/ca_cert.der
similarity index 100%
rename from provisioning_tool/test_certs/ca_cert.der
rename to ProvisioningTool/test_resources/ca_cert.der
diff --git a/provisioning_tool/test_certs/ca_key.der b/ProvisioningTool/test_resources/ca_key.der
similarity index 100%
rename from provisioning_tool/test_certs/ca_key.der
rename to ProvisioningTool/test_resources/ca_key.der
diff --git a/provisioning_tool/test_certs/intermediate_cert.der b/ProvisioningTool/test_resources/intermediate_cert.der
similarity index 100%
rename from provisioning_tool/test_certs/intermediate_cert.der
rename to ProvisioningTool/test_resources/intermediate_cert.der
diff --git a/provisioning_tool/test_certs/intermediate_key.der b/ProvisioningTool/test_resources/intermediate_key.der
similarity index 100%
rename from provisioning_tool/test_certs/intermediate_key.der
rename to ProvisioningTool/test_resources/intermediate_key.der

From a7063e0dbef1231d0115b4661728b9882db998f8 Mon Sep 17 00:00:00 2001
From: BKSSM Venkateswarlu 
Date: Tue, 9 Mar 2021 12:07:04 +0000
Subject: [PATCH 094/169] Added JCProxy souce.

---
 TestingTools/JCProxy/.project                 |  17 +++
 TestingTools/JCProxy/lib/apduio-RELEASE71.jar | Bin 0 -> 125083 bytes
 .../JCProxy/lib/jcardsim-3.0.5-SNAPSHOT.jar   | Bin 0 -> 492079 bytes
 .../android/javacard/jcproxy/JCProxyMain.java | 107 ++++++++++++++++++
 .../javacard/jcproxy/JCardSimulator.java      |  61 ++++++++++
 .../android/javacard/jcproxy/Simulator.java   |  15 +++
 .../com/android/javacard/jcproxy/Utils.java   |  28 +++++
 7 files changed, 228 insertions(+)
 create mode 100644 TestingTools/JCProxy/.project
 create mode 100644 TestingTools/JCProxy/lib/apduio-RELEASE71.jar
 create mode 100644 TestingTools/JCProxy/lib/jcardsim-3.0.5-SNAPSHOT.jar
 create mode 100644 TestingTools/JCProxy/src/com/android/javacard/jcproxy/JCProxyMain.java
 create mode 100644 TestingTools/JCProxy/src/com/android/javacard/jcproxy/JCardSimulator.java
 create mode 100644 TestingTools/JCProxy/src/com/android/javacard/jcproxy/Simulator.java
 create mode 100644 TestingTools/JCProxy/src/com/android/javacard/jcproxy/Utils.java

diff --git a/TestingTools/JCProxy/.project b/TestingTools/JCProxy/.project
new file mode 100644
index 00000000..dbfe8daa
--- /dev/null
+++ b/TestingTools/JCProxy/.project
@@ -0,0 +1,17 @@
+
+
+	JCProxy
+	
+	
+	
+	
+		
+			org.eclipse.jdt.core.javabuilder
+			
+			
+		
+	
+	
+		org.eclipse.jdt.core.javanature
+	
+
diff --git a/TestingTools/JCProxy/lib/apduio-RELEASE71.jar b/TestingTools/JCProxy/lib/apduio-RELEASE71.jar
new file mode 100644
index 0000000000000000000000000000000000000000..6560f6e8e58742de07eb899f561a326811f42b70
GIT binary patch
literal 125083
zcmdpf31Ah~_4m0m^WMDoG6^pU4+ta>Kp45&C3R8|NZ{o7kD#sXYO+D
zx!bvCyYo-hjR5gq+PZrR?6R81`W4}p)|`dm=9c=V#)9l+%gvLE={0SwO>1ge>uYNo8qQ8%j{j}-
z4R!H>_&~HyovUx4PPI*I#`YY;XUAx1YwRUfqAS*!HS20>YntnNi9Vpa=rwEW+UlEn
zNj0duRA;WOZK-XjZw+@!cC&RP-!b
zEWwwl^^Ntd(*=1lPMbM;p&+BEsSauTl-4(f%iGp04>woWEN{S@q|zpgp@lWg^&GZe
z8m+79TLcX*<>A7EA=1rV9cc=RS`L`%>Vf7AE+nur+*;&-Z)A+-3Rrf1W}e*|MwWg=
znPu0;-x7WH;F+sxWR!4DUVyD08p4e$TUVhXNXQXT5}G|=CzWWBX;Bp!1$PF6%a9+r
zz^e7RRg5P2+*;Gx20%=_FRE!l^aOrdRnyoQZYXJ7(Ikri;QiOstPYn{Rg^TghMP+o
z>)Kjco6knaVi;$RMg$W9t`*RLP$0a)$wg2yXQ>duL(Zu?BhP;Bix`#RmbK`;VOJEh
zF}$9Gf_$w_RjtkSjVlH9%@|$E4KTK$rg7z1^_GzjylXAX1r6x(b!OX&72#&YiC+!?
z=Y}^pS%rY!F0m2M;68;)R5i6V*M?`;bI=@#8ZyDi#4X9FSG2)0lwzq=a|F#HSBQNQ`Q
z>NZ~9N^8|E%r|d#dZ~Ocv(u{<$$0WfMit{sy2qk+&O5cY(SRWz1+!xLnc-RtP}i#}
zxyAvjHOy
zS2z#h39j%&g!5ftPCv;N=Jb5GhM+zr%)wAfQG8@6Nnq4
zYCLHY<^?v)jWSG>0hqm+LGP2keWYdT`^d}``^d*netrsMdiYaZ6s}>!MAkKc>spWx
z*I}{09>X{V7{2NN$ivYX-#khOR}#UIMdItWbRE#a*%)7VD|Q3Q=7KQh^i
zN~24E4?s}e
zLABq<-L_v%r2SfLL}hUM1)TQtw^K^D?dOkHU@(~|>-Rw0AJAlfsA#PX~UdEtFNhATfWIz`Jbp0q@^rs9l
zfW`^T-eMq47lUZFNTZX*U{`~eMjE`-#uH)2bQ-+2+XnY{YH%^K+Xk=ecC-gNjdn4%
z+r;5+6UTKg}56+BG*(tfuF6MqJpH+>9hY
zlUCcw>+LZxWKeL%#%*L8?PTcFQn!&cDA;FXaK@%Bdj@$oZi!}_gmnefH^qz9lqec#
zplFmusJUuLr0Wi$23mtc;wgz5vGDU;)#P*_ZKGPo#C@3^6ub|e0eMd13w~bwGVo*W
z&1Lxg6TfQw9_zH^wTm^rPKzKT!M~-tT~q}-Mb0wy>MS3B4*JgFF1MvRE9jL?B?Iju
zoxhsPy2;Vp!UTy=m+5)2ZKpp4xu~wO?Ly2>g>ZL5i7FSBRA#eBm1!JPsjB#8$b_p%
zYi$rbT@oJ`5LtFMoUIFL1sK1ykrf@~_b_=U&ZcZ}E+(?`(0|XzM0Nqq6q~3_T!?;r
z5uGY7p)%i5xp4!D0+9z(H$Hh(bthkxp5Vz0|
z#5OuCw$o?gHu{&iosNi|A|UP*A#s;T6L*U&(Jm&7d&Ly7N6Zlqh)VI0SSTJAVeyD)
z7LSSx#XfPf=s=7oWUrKTkGRk7mE*)YwANmD&T{&qc+2jK`KWEeHcE-$m21CDqPLww
zPD@2!;)$tM?hq>F$Veyaq5az_E=%?s*%eS0Pl4t(%ES%b%hfRks1J$igDg8z%-9~9
zO!Y`Zb`aHQ?G%jZG{_Bwo`756;5Isu?@p!X-6t7dUc!R3N_oz<1iT>~-Y5~^I5pUDg;-|D#
zyhC@2pV7VI1A0pQoZb>2(ud+#^ojU2ctoEFzxY%niro5^&sK&uS?k2(DE>QeQC&)f8
z-#ktuWFV%ZlG@g=gVlypl6C^6Xd`K)HYz&Jf(LRAFAdn^4z~*zbS}agofj*0s6XSi
zf~{EU`8N&`dSWdV)zlR=)PrRv*^n!0YQvrQ_sJ&pF+og`72Z$_F6K(fP82jWqj%=5
z{a4jab)071E)Y_)?;pSOQ>%na{GL~>G#oIOIhXrf-wPftZ@Cy5P11Iy5z#BUD
zn#J(T92Q!#WJf_%Qc@9t7Cf+Ca;Tf#0~Nwt2-YA%UcB{!
z;sd)C8@I0S0$tw4foTyF4iz50(zJlxS{_Lp>FK+`Ao23$Q^D8T=D~c*gmsXF%8*t6Lif@2V
zS2QWH!QR%2rYtJOI!31|{cA4Yokd4YaVhrJ_%=?53n*7I$WomRi_$LoBkKYAww7>4Jv$0(bQ|1-S*LEU?vU
z)La!+(1>0#j3SS-44bsV0_S>$Nh>W{MKc7A>?v`XJ>b>QHmTksY=kZF@&{na=qXhM
zLB}yecPB<*!CXY9kkO4;B1Sl6$3!#x>TUV1Y+8(tF?QNclTj~2S&0>+i%E0}gM7_d
zV%#$Tdee%AwiZYp2guLe%#4^pQ6YuOC`@i4oh_E>ChZhsD5m0mn92NDQGk9t8QkCG
z9bHb|(Ft)+0rxc>^WsoEYmo1!fVhZ;L59!>S9m1Cqg>$(
z;x#Z=iXFhP*D|yBVIP;XkBlS_$Zl^3nfXS@Fg6-H6_;Ae1i#p36z3qRVpW&Q0{q~k
zCP1E%3~GqkwId-%$igBtjuwDSBe1MxVPIb~xx<N>O|}z5RD*v+l^`i4l4}?4
z)A$AchT|vj8+U;Gi?g!#Q=q(^1|Og}8L$vYJV5b__5GB9XODO|M-k)EHra@(Z2}}0
zq9Pa56v%w0L*6q7%%pjA1vsf!Nhm=?qm*(;&C+q_CvFKYxm>n{hFIw!t)~F*e#p+I
z*>%W6m}B`Fih+P4TD(HS%`PPPQFI<63!b8YN$z{!k{Bh)In+DAFNCOwIS2+=Vd|F1
zuMEZL=4uTDdWr5tAKr!WvKy^Gj%fj%9zp3xt2oHS
z=xiyItK2bnsllr{HZlXMxkabrJr8|vW)`HMs=Zm55|D4>5idas43+fGi*CqbO>Qtn
ziT6N#ue_=7o&@B>zbr)W1@7o#+Nsq*G54iOess0Td^ypi0=`f2(bNEj!t?-eauVx6
z&EQKRYc|a^sfYu!_)=`rY#+_>(OiyRV$wX5PBy6&>zPAG^-4O)Z68DDkbY>uVgro+o1oLfY8brt
z=wTP@t7&bvRdS@h71*fGPDc)oNJ&hF^guu+VW>o_ZWEEIRBmC08f0OS?+@Xe92T+L
zSPQFu3fhI0`o@gMPR_#Gd5VQ4u+qXBaDoL9d=Ar>nZ0eJyL1!I0LifbbBc|viBn?k
zG1G|_?<0?uBt14d^0?Rn$G6*$Y@UunxH&peBi++*kNPxd|CssOiHJ>_Uv4{!paqIP
z(gYc3$r^CqfJnr&nT$yYMPmUmxF=yQlidb)jk}ke3Za^W{R##SLUZj2)yfRs
z&-x^w*fce*4#8KY7%>RbXDTMpG)l)iHMLqOYZyYDKj({4!+j9BajwfyI#1Kg7uR2+
zF!!2R@cUzl9)hJg9q(0X>5?VZ38XJ~4z6
zv5T63I~I7XMW91$l@+dvT8pM&Et)FxRm7dw&NmkDF{q|O*(MuhnVGiQhaz#9%+We1
zp)~8^QU{Ac8;i1Z%n8t0(SR^U78A`gP^&^9aVEYLp>bwOD41sLk9gxi;(>pIT8{^v
z#qei#1DOxF$-!4{%qSg{_&6m!srGtik@!QtF;{*T3;@8Wv
zS`}_y7j7=Chh}$UxVh8PYMJCWDPTe~fTE1W5k0dk9b#k((?@O|Wz0^#AEI?Cm#1BH
zr(*`R+a0b_K$N>UNz*vBviXWwTo_pfCLV4t+`Y2hP&a;0zE~vAIQRQ~o{T5rA5;3h
zz*ar36XJFS(7IKAjE`!Q`FlDoWX(bWxHQ}Yr;o5NhI;giUU4Hh`
z7TH(SIvt@>j(?B;byS>(^hVEAkHf70O_-m3RW-xarSr#+pI|dzu$cGU(PLuD-p&+B
zri)xJWc^X-BZoJDT~V=OW)rxy(Ehd+YMD$~RbO7eTq<`n+2?O)TJMAtY=&=jQ&VXZ
zs}}n=tf_A;ZfeInkue7E~oKHR&=7YLZu2bS1?1U^CX#
zjmd+Bg9SatYfZY&f)3*r3kr<$Eod-;AdPU8iYsQvWIkU|hNJ`~N!EK)TF`{dw!n3`
z!Y(q`qMNvg3PLs#i1DnM4S;XvLVH$|Hm2s}q+9fDx`i*>EZR=DT5MhcEa&7*$EQ2!
zQZ8u{j4dqM$+`8&e~f8FM%bOK?tP-5w4RVG+vM2D!tTgq=%8jCFYBJQ`&D1IrB%_4
z-JCyz`Nwi^fPvDDvbG*>#=wY5KITIqKPve+=FQlDnh=dt#sv>AqzqjHi)y-~Xt8iQ
z{Ba|^p&nz~5zRP^PPWG=waqQOUsu~aMmybMYPhB^MK?#a(~oZF5J10zL@8WaS)^tK
zp48C34ycjA)`@+)z8Qv6sHL=k0nx)WC9@w`Q=OSm%!0@PWy(6vgsqlTkbriZ&Kx(v
zTDdmi%nVCKIFG@KJ`4o%SkPPqDva0tcu9BR0Z*7SkR3l^ETN#GVEdhjI||TeqX6(O
z#9j#Qp+n%?P1XU@7aRM@IHXV4^9|6?o&t}a&nj7x_sZHV+BV7vnZf)Wl)9IEd%?R3
zfHv)rdU=QxZ#+&3tY)l*Oz%$C0JtG!YCBmYvk$a8f`>MnZz8#WH+eUkUxrL5!1c6a
z1(P~xK>JrOXN6Gf6cuwAz8#=}sOO+0=$@njfza)MCWf7efimjyki@9#p!6*}ppGs}
zyC}tD6px-4T(*Nk^5O6fU^wWPWmZ3eHhqgere8y`m+5U1382FX^f(xW
zXw%u)q|L(??PTodOF?0mq21@BvsI#(RHFwhK#YZWy9jLYC3rdm3cue1Www;Uvy?|6N
zBh?R}WbhUg{XfRi^=mMGe?u42r(pd49*o~VA;*8vWx@yTvjn07F^O&*enkrAz@5)HkBo$I^UnZA$F@iXjRKfvhtIkx(T(e@t#
z?vEtwN(?bR0_S*$A6V27hnNhph8%`Th;`Ze3Sw66pKn8a86ehCha83&#wdWeRJLul
z9z0x~ZRpk6FrksaX36;jA6>vIo0Lyb;BQdWrvUbM0QNH!`g?%z2LSuI1XNAzb>gZx||Ccv_BYNE0NU~Ld_YJp!|1DPdQj_f{-Ru#y
zMY0vSI&JW}u*jpF7@KI;!5jwxRo~LY#>W8=Qn1Q}JuwKdsF`xaIN9r%>PlgQW18$m
zY7k}^%`*9Ec6uF=kqeuh%CDwMjGd!)8nTaJ>jYgb5#g?<9s3p~l~pxTXn>TnOYY|J
z>dcd{ClblObZuTRKubU__QjkIB|0o(2AH~zGKjh>F29NI
zQ7->k_JTJmQ*BlbkhVBcXuR@aGhl$_><)X>x*TQ8D*-@1EL$V7BBx^=QcK$?fHDjr
zR#{}`KksEmNd`T0#xVl0OfUy|2>@lL{6Nq*-j^u;0GW$}AzKjO#o}rkfkjKq#;TNq
zl|~r>rz5Qr1PqLnI8biT1gIfJ-(@2{v}%w-l^MgGw@u)p-1$7vKNDn4V!893a~o&p
z_E#W~sl~OZfw8#kS-xSz;U;l{Wgv0*JtziCnkyI}bmG}k0Z|k94w8axop3`+Pu@04
zVoczPm5Lc1+0V68puos}F2y*+QVZ`RC?B&l=zXmHm_PWgc>UACl;u4IM96q5Mwgh4
zjxYypG#8jD0ReI{Xx&l}8f6HTV}Y;0F5(pEZ&hLfsfx5>AH2^6iNf^I+6Z>nLN>sP
zG_m+#ofe5**qtbz^#`Jq>(><{CWyXZBQT;@=fIFC$A_P^9x{Sa`~;7JpzYK@$Cn5D
zA|%by@%T6evF8NBf`8jdQ#+#;@4HViv=f>;1!J(zir(1vB?0-c)X=auc@Z=<;rE8T
zE9^I8a1l7*8g^rTv`Qi-_n!ZdPQ)xf6Fakc*ojqQC$@yv
zp+(mt_6CH`q4V%>Go26md?R*07ho5+37RSw(LU_No(CWCP3-U92P-ihCGxmSgr%?3
zVjtKorXj{8v|?WLR_o}gw;(2aQfr)F1c?dX8f!5Bwfc;*2K;BgwsJ+n+jDVfM$u7jY
z3$xMPn04*}e%gVLd$DW$4#vcN7z_7fU;O}D=0UW=!`S~mg8lAZ;QUeSa~=b8b01=Z
z;zudd(YJ>I_l#rKIe9oTDjvp;iE+&Drr?R^w1?%sl}FFRNI4$!M0CuUc&oISxCNd^
z3$QlI;T(NTz9;1Az8$=gb}&;+*$yU#Om&Ls3BJdTV5&wigJ#Hswt+|cG+L$+i`5Z&9Xr~Ekc1jL<>+*g0o~?&`+`2My$hSF4oBMbaHLHSW0a~kJq!qD$r38Vn)m_{SM};KDIFZ+nWYs)Cr1_PD;5=3E`XFl%w*lf&mmmsCc>^36uN5{z$WP4zucM{gEM{C$(%bDG#W|9@uJ9jgg+PkJ^gM5e&+ZISN9mZ16Byn}F
zj5DQ2n%Rjk8me37a)zTCo|%RoH9oe#GWP7|CTzsivl0aPFNWB-nt=
zXQL~&tpaY@PKHZzzgq}3$H+TnoE5WYGTB{L2|J}?r%>MI()|-2npUj9HVWCIWCRMr#u*D@wU>w*t$ry?sq&NvIqTCDNZ>
zZ5RtG>z={42!6^`fqg!)$wDeCE@IZ^#b1N2*g$({s=|X29)fL)^F1Bmp|0>SgonG*
zpMdZPS9m1Cqg>$(ghzJ@XS%{!V5GBxx7sce2zbQ|9*}9M&2cb8xhGP0TXBqKeoAp{
zG6>GW*m4a)?M{@|32HMuKoS>-hT5vl6F;dfQ#$uu)SWFGPCA`>1p=7yr2wJ~fS-a;B{rLE*FgYH0%L=p0K%MoXt5?)J}Q`k3b-pW
z6vTTW-Z9Sp0G#vodkuI6*g7AS!bnXIZc=`)Abx?dw0!o242T+})|@v4X{QC?wUFUm
z#+yY==O?&Ss?H1du9%?mX>N+bC*vb{FoGBVZ)U!ZGK_
zR_ly=7L?7ii`)s^bCI*N4o;Iebg-TpMS3cHgD9M*+9*$TFpdX_@KlL!7gANPc>sAo
zggN73Am9;Qg3HN
z8z;3rt|Z4o*MSP4WE)3FebQIXX}vi*W6n0r;Xze^h9T^c60k=~!X9ZL_D3VIKN^MI
z&1AV7c^|{)=YaS_Nc}#7boiIpAp8nF^b=V(B_&&H*DV3loEmJCk-9>ntrop{zU+6g
z!;W3Lsor+I-P@)+_2^;#a6U(>sV0oickrNcHMz3N`8(?LB?kS!G0%O4dLE&vpx2`l
z#PkTv<02EpkZvako>&y5XJV$~rsffhdEs+4FX(DYP&cod0lcy|g7IYgP-9$6xI_>h
z2@9X`wf28lH6g8;of%4WI~gOr5qwQ;t#0Yk0
z-?l*K&FQ6B7HitD9({xJe?hQkvk8t_px1ee8oP~+-4Y)~T;}xY(F-vNS(qB2AdES|
z0GS@d1Z02=Qg<{g!mP^Yh|t)imZvP(J1gOsBEi{mhP51+hWBDtW7(RbUrmGtB7_9e
z>Xnxr6SLi5#AaGH9e3XKxP@Mt6ng24gBP;;9t)6^bzFG1pf&j31F55qCl0&hbgkDheX-RNxkjp-u|UW;Fhp~Ks61CW36Yv5
z01o#3*twicyPOHQbG@bMiy5tl!q_Arc(Tmb5w0otV{>DzN(J>Iz{61Y2h=|N{G|{`
z23QIc2TeuWUse?SDTqE5wDL4;GpD=2X9vUFFn+YXQq+tskXL%>BavV((CvwCB&H?LgshG;aY5X*upI`!8DrWFg
zAwSLJtc&;pBiK?=%$M2xbq-(P#wJOW@Vj}YIGOK2Ns@p=nP(XR9
zR6u!Yp@8zzLQ!RkYE!_V(KD-f<^oKrY|}u
z;uENk9kBu4NK{niM96uM4A>e3eAJOWGJKVtS9LD)UqSjLy0f$s_pfbhZiY4fQmDl%
zmoZMZE=Z+{lT)w+NWSSGtxG*K?Uu4{Eu0Y0t1XOTYFA31G=M3^4O6FFLQ&Xaa*wah
zU0S>lXP+!BuP84Dk1rCA^rxiQS5gXt9;m_EH}*?qG2|=|-L!-ONL@`ctcGknNGmpc
zSzlA%3LC81P0iJ-;PoHYSvFbhZ?Fybppa$z3XtY+3t>;)#0LxbtLj%a!eFNvjdYSy
z?{`I*+GDd}+Ksi)n=&1_^#PZ<$mu*$7CR>5uVtj(s}Cl08O-|JWuk?0yUSt+f{$O-
z6S_c^72J0LelmNwtJ4570%i)r>^76EkeiyRRoQI-0zQ
z>3htyUUZly?k-WuQ6GgT7dkqNkY*oUG}B{Ob3{l>{u?r+UTjxm;W!QABt<+_JO3y~UP*I(RGb_0HoY@1~
zD?K((mx8!QH#W7_uQ*$ZzLc0ttmAd0$$dl(+@;ya)bwR14=}sOxlv7PFpte)qo7{R
zDurR}uyXbmWQnFU!EAN%
zho*t^iV=qn=51MS$8OE7f?fj4Z7XZn71plCiXml`OJrGb%PU<;%@$`$^~hBcnbo5i
zqh@z5^;C3{KpiU$+jx}$;9Q;&6j$F8>D7n_bU+h=VNj(@M53l~HnT{9s)g%eAbyOf
z;;F>fnv0HBUI+@(FCQWGg=HE>EAo!K!Pi9FWoBU`);wEu>{ib1$)89CyP!4hjkqa~W?fF;(7vyRV`
zKzdKuLHkMy42VGy@bcYki57aq60M@n5^Y@AI)>+u^t>h3^M?)eZA+ZZPv;1T;vb}k
zEEog^Euu|2KfTMY~ss>;-aHVlr30wA?{{I>0x-B?!isXKI*W5
zt}=M33c`LgP-ET>#pCEcMWWAcs9A|A4hwd1Lzs`$!hGqr`gJUC0XJLyHZrChw7MDu
zC^cH7#)?0z@+p)##W-TL^Mb)e&$Fb{r6tiCXvAS?B{qiR(7sryY$r=zgyce-%yDEC
zUKE|_JbpP(*Uoy53M0B&Zq#J0zN1sDY?4Q#vB|Qt9GMw2SqTO;wvb9@tr9T=RpGPR
z!qP*kAB#IeSQ;>utLN$sSi00BW^iN~fgM>cSt507kS%NLtaI;@;<0YQm1)G+EGMnB
ztL^2al6}d-9G0mMgw$m*I222Gvj)k^K*&^L!)L^V13YabZh+@-+*v(&xx8ck#yu6n
z<)xAQ!pLt0^a!2&S0P;Q3bU%_YF8M?RzP4KP0#Q&y24EeuXTmbLb$n8xWyH21w>ew
zBz#zc73TY!7Y?U}L|#S%`ji_v)5wlfdgnX^^{Jl2oIO{&G*LxVW`
zfL$DT!m>CkrZ_3ZM2}2@aRc|nVNlV?1aZT-S4C#oMG9V(>>`<8&h=rJ_?{P`RiTOu
z+{3o>@mu!nr3CvRmnhcGM;RNT`?JZFcWNYWkS=!Ke*&ADS$$`LkKHFzDH8?ldmBp4-XgH8D0&3^=c^V
zT!YExTBP5C9Ik`y!u3Gs4YIN<0BJxjJ7_0zM%CaM7exYkb{8rHUiRIkXsU9
zoR{SWmX8na9|2Y=3ET!iZ^!$c_;Lq24;&hx2yRUVVt@;Xv4?d
z%iE8<=tO`gGfsHqi+1VvG*PK$v3r6M?MJq9)_C*zPU)~KO>LUO?SmL|=Isf}mHRp!EhcHNJcS`vJZRmf{ZVMVj*t*lX~D7mIJuvI^hGnUxcuqk}Opy1+;=4(6*C
zRtic%Bjj;3l!DNNfU$(ZI!Zxr$n&^7KqeUSKud}H1V21ZSx^h}ux?IvX4-zrVf6_u
zq8FBkWUOd4##Wu+aV7P_pr_##qv4t?3qs>;9H*9pbE?MDL@|!$L6xFXOu&|C5-k;z
zsYXnrMlnNTfK@Bl;>zh=YoP+gBbVRp#S`OVt;B$im}jC-vZ7)fX41!iDNhVmhC*Gc
z!^TP-zHu+?o0*C_Oy|io(VNy8a@pTSH6ULIQOe>-oA6L{AnGgOV2JukIQZ;?1X;Qs
zQ@X|!zFqqLh{Ka!nNk)D+A4ZMBcd!8^f=05K`&IEcqR+7vKTi5?y?o6f)uOrn4Wz!
z)`f8CCO|YmSEUgMZ-SD{TIi~rMWaPCl!#iX2pgf3vHNl62>=qQP8nQaEC+&hbXrEC
z7E=iU2MY)AmFJ8udSl$yQol%CD6>`zif(5e;2ol!^a9}CgV<@(MN7!QX?MwKnS(+G
zYu`-YY(V+uvoxiQ#+fSJo6EtBzY_Ji3c|E2A!-Fp}VM2N_S?MMJaT
zC?@}Dnsk6BFIGrA@d+x>NS^BRGcH+|E39hBC((#cp%D*K4(@s4X$b`{Sn&|jb3-!V
z6YNUGVP<_@l9q4aE%zz)<{CWtG1q=yK`7u_9bux67yzE<9-}E8G_}BEKTYHN^tybQ
zNQS&y7us)6!hv)!tJ_E8+sTia4-aV}@3O7aQ`73U=9_xHFJ#_Eo2C1obeRLb8u;YP
zGT;fvC#|}+E^Mcokk@l3E_#w@}X;`yy8dj-f_L$$Y@5>+
zW}#!L$nuY%Y57Co9oWVS_m*t0kLYbY@htp4Y}3v`e+eSaPcRrgl#XHdQ?#p>NAi226<>=&tk-d5#BzU4*x^4ji*H;nku5n5oIZ|FL<23AQPl`B-;7eh4y)%
zZAttQX#WCe{}a&uXUwgC!NFvI#es`|!~FVpp!-X>3jPNUtotXe5dXsAWd8=rzoJd(
z+m~t@U9IVKgXW2#cPzU8&wwHyS3ZL1tsoe9Hs*JXavm64F|RSA`3Z-b0nuI%ql|J7
zP=2vQxfdvJktjEj223biF=wO6m3ixDS&z|-4l10Ub|3PA0U~V5p2qJvJhS;X|Jc3!
z=mP}0=;Hm9aY#OG<|iZH8}e?W`;f;>T@QW)va2YQ1DvV8pJp*h0J;uzSFtK*Hn-Py
znxsN=Sd|=)b9d07tPt=$H;X@@e`o7@HC%PIQ=u#k8uS^5;8|!0S}D
zZonf}|0rD1H0?)fqObMn)G6(ewKyC#)rT@PoI;@WrKwtfI!PNqv$PbNuMMQ7+90aa
zQfZYon9kCM&^j%hF3^V2<=Sw%Ry%=i)<)2FZ6xi~vgkf7haS)TYv>+H~2#?8WHhq)>9AjSoalY$enzEO0kbBE09|!j*;REdALP+88K6^nVJ#8DW$S$Rnqcp
z(nJHA!WH}i0|kdCu+uTt2S*O`_ECu|gtP{q1iFvrsqg58v-1O?!2PJCNXJE*H{yOJ
zcS+p&lurH|7BaT8Wd-`9?1ho!bGSRI5PDPwKZUT_p34t*By=r3Uj|SxW_s2wbKrA9
z1njiaU3Qud;*5=LG||Z&olcc6`(-a#EOVvsqu_R8?e(4t9B({n6vU;(=^?XPk{~H@
z`)Pi@g*SO9cJIr7ieS>Pl#9O6!Bg0GT-rr>858{J6Su8bnSF>
z`7#do#G#PeE*
zcuCuj-dY@w6gAaFcD||{lg3et4ijaqZpKihC
zf`=58ov|?f67Nj$8bY68yJhkaa0VBim{P>x!qXp+g0c8Ed{QmtxfM@;L|Rakc;XF~
z2lMJza=>{dMeGoNU%(Zd8f2FsHmthDFI5Mcf@Qf~yrCvb@q&7Z(eie5jHUQ6bylj5
zsm2y2N!QqtW5XZv^Vs0oJ~}uqum{H#@(b*zRrW|QNAB)0@K96|zjY1F5O4hODKbp3
zZ|F2kI0D89JSSon9tGgrX=t>kb@$Xxzf!qkEwHn9hExYt$qtQqM14`KgIo(bR}=0M
zRW)UcJCndlyPj+8da~;`R6y19c&jsAR%f!j%0cH(@q-q$2c4e>T>x+LFzf?7=mIf=
zZYl($D?I&1oeoDF8I~aWL
zV!e3}1MmZ?&<<0p_Dc{2zosj-PiTww8``FQMt5t!rw6q^U;utj&uf3gy7DJ_L;DN8
zsr`-K)&5N%Ye(q!x<-H04PohCF;s^=gzguadYs7DxaIA2c|SLuDl
zRy`!P>HWoRdWzVg4-&idRB^XHO5CSsh==vj;z>PIJgaAkm-KA$sy(^h^DyD9;g|F|F!-5EUcH1u`pGmJBtec|PPzJgnx*>2D)
z>;~N@8}x3FhfIq;CtH&POfNDm8fiyGK+a~`lN)grew`b!6z}-Y)rcw;Ce@G!k52RD
zMbWMzsJ8n>Oxwja))`$JYdd(Nr_imEH|jLj60kBzKO2p84jSuRO484xbp3ofLElIj
zIu4%FFQ#h!68e@7@r!;Xt<|rhHvJm9K);DD*Kellbhx6{x6!Tot#r43JKd|_LHFr9
z=ze`?q=8mK9HScOa|N%~tzf<*FD^!xGU@AM_EpiO&WBcUysLlw(L5^%eE3`w8qCaDHma=Yq2pqMoY
z-z*+}yhL_THDnn(!PLYXZ9gqoguCv6)89-GlX|-pe(2sE;22`Zg0RIA!9iKDD7qh)
zj5qxSETJ!g*ZdL<)L*7y`YV*FzeeNr*Qr2%lZx~ox?r1SW0Pks=9V+%uCX?Tjhz}B
zPPxEG;7r(QlL=VB<)VwpVQdr(DI3t=1{gmE7(c~`e;1&<2T+D?h;hM-@h?y(n54d@wkI!-p$
zVt}Aq@2A0j%qP&%_ffi!h6ccEAI@)1;L8Y;Mw-yhKlam`ysW|8)&jm76ekm^stc+C
zJ$h&o5v^a-aj<&F%XIYpD;w&(@
z|`wBh?QKvYnLTpRz}y5JD`}R<>2_da%Ep=UCi%XfXw@DTV}R
zCnrSg(l{G6&w1=@fDNqM3ZQ7>4$>b+RE-%>cH)9=68pem;KPQvHf*58fAL8M93($V
zUhPpb)v)GF)UXa=Kn+GjcGsp+TI{fX{twGm)dh+8Hx3bc9M)Y9&FVC!e;vTe0|!j-
z%*l31@V%74N1wDv$4mTXosZVbbHxLw9L_vxqI3PY;J}mfTA<>vbpe7TY@SNYj@oR6*vuv$U@OV1W~(FW%{09A!^d~~Bp
zHw7TbL#YXLGe3Qs3%bQe+xWiSN4N6J+c*LvN+bW
zr6ZG>njOBDzJD+04|i#3zy`a-*21>dru^IusF!Vi>ftFjjIIw2PgWR;MgU-V_djSK
ztJki9wwZL^r9-0#Q)EOh5`k_`6f?ZX|8h>B1&590f?6kt)-?@l*pW{H}kjQ
zr*&NdqAe;l&VVdkn!{+#D6g9%CcDP(?Et-W7rYA^TWVVCTUOME>q_ezSIZ+^P@LP=
z0eW~%>uYe34c>P;&(QBaaxJ>T#H=m-ZHKe26BO-*1JFv>Vt!CEWPrqKKL{0kZO&jOnTaa
z(C-WjJh1012-RMI-<+t1Y-L*`pO+Nr5Do}9Z^fm0s2abwBVaIRzeq3fR#kQ)3(|leSzv>`ZGj9w
z!>K{O1wK_IG|_?#0Il&3W8z)DyvLXK>1P)9(m!XQ4&wx=C}O(nKTg&YV!)4dBjBJft5Y$m`Mu@n~Yz<&4#r(6r=p_s{-lZupcb$(&1Q`%an
z>`GZ3Iyf9ko?SAEHV8+;XzJ=|DmDsc9Z8kpa40+~=VE*&)PMRQn;4Z9i#$!?qWsG)DV~YahUqigUBNlzTkq?I>H!
zsP%>GkRfy(b;=aid8|!$!+LN{4Y$(@`{6{lBC=f}cOC7eswzq3~sT)KnRs8h?b`w9G-+*=fv$G9z#A=fPK$%0Qh@iFeV&
zYKtRZ`Uk+$
zGjK0~R*6=|>=zvCo~>se?BG*U4tk&@bb!1#A=ONRA7Ak61BbG5@E+=BaakVrMrX+&
zSaO!`d0a6s6b6(Rt(hpG2>YvIY>#GRH(LUP&4a?;$pEHI0;k+Tl|(A2{IaqCuUUkn
ze*tJ;u=f|@Nryt8QUT)1u@1VdgmyP7>jh@cf;wjcWT|}=heqEEMmKbB>;qSm%ChBo
zugS7DIJyb73E{x1wCsbsXu9Vq>bF=wK>d+^KvD{HS0S5)LS|~!Vk0|kd{u$5m(myw
zIG71aE06Q(OzHB7oM*ESZf7hFmH7^n`3^sneGrNg>4wZTd(il*ay$76_@1Lu^rz7{hG-fZ2-Am&(bx^Kkv!R_kXgsUxJX{9YkS;I#kn`l!W}=;2=l7HB_fl+^
zFD79>Mo*3@FIWM9sqB=xQj5
zpH`vn=!{N>##24Y5RuM16whZy=8sK?jrdZC4)&$NCob_I+)I-?=tLDLXs5VRG?LOO
z10e&Z!4TlwJHZ1|Hqk0(h-ZH<{2x)hR_E*JF^+X
z#((~#DUZ|C2-hMyp|Cg121L+kO)STvP9Zj;%;6wb+SU0jD84
z^))GELV*(7bv9n=WlvmFr*ezfU1Rn5Pi(_`u?|w(aNAG@#eI$4v};prQhyUJQDRw%
z$(>NdTLlXfoOv8HxQnoKwp0;<#ASqfybMKy`y6xQz-_=k$O;h#&gGiuLnz8Ni>!vs
z22_ht0#-$5G4fzaurQf}o&l$ZS%Dmj56DVHh`D4MCCB!#7aAVB_}g%{!#{SS*n1C)
zo=wxKkL_me6AlYbr+U7eiPLTZsEd5lz;D)=%rG<9W4XaxGlL@Cb`?l!nT@g^|1+UrmJP#7w5hh&zfaEceMVUyD1I*&{a8
zh>12iFry}qV?7kBS5Df0h>NDNNxzS+1y$pkYy(-u9J7GE7mx=8o7}=x?CiQ*eVJqWqo5!Ls4lVZ@bx|
zvZk&Tlzxwn3C6pMP%cw?_J|_8Bs)QwErl+ffi_Kn))mZ{&k8x>LZ-E}Uh8c?^Eb#wP&UJi&
z5CFT~p62c@$5`jl4bt!rq5?i08b;f
zYP3MQEtJPZn{z}V@2+M`Bk!l<0Nqsm`SF*
zIF&T6z-a==WhO?u|1~wM!zEP}lAOZ9>}@Tr
z&1Yk-V9~-%F2O}rd}DT1_PuI)2Op(0EATX(09n%GDv0ETa(4aD_)BoaqW@
zA*>v{kCY_N7^J}%#Is>Lu=QXaR!-WPF|Zoc7Vi#*OSx#`1xJ(v_$=Px9>D2V`w8j@
z@O22wQ^h{WM`UHE$h?OEpsq%Oni>T%BLe`BhC!vnQWy?1%M%gelVJF$TP6VbAQ^#e
zk=uHBP)y#6uQ3s%A0G_u5%$q@)dZn6Y|T0rUOu>_tqdcfuD)rX!XPHj|7afHE4C~
zuL8YSW!cz^%h8!zQIW#hMe+E><=~Rg0k7pyQyZ9?NWaE@8@FHL=;Q+wTnuZqL~uQf
zF<^FJKW1+8e8~x5*I2XD^Lsp695kfe$g)J(nR?zqG%qsOp=#ejN$hT!gGTUa=g}iQ
zKl4i*LuP+ARW{Yp+*mtpJNb}jKHPAJynxw`i<@>VU<2yy(24cT;RIaoIQ%TUeVmfB
zV5-57u+^~Ik7Pvf(HBud3`7U@14=w`5+xo(qQv-j1SLHs=oyDj3$S9HLZ$H_7bH<>
z+{K`A(1l9lTD!vkYf!2G>*%QDilDA{QGlPMXLiX~I^^nu`Zwr+`UXam#G1Z_i{PMx
zHI%EL`o9fp8XF8Br2}TN2|1tf2Id=%STmo1!68(0ujZ#z0XC3P;M4Q{_6Kxp0|8Hp
z4}*v=efbjNi`{X1?1v%$HcFQml(F?ZHRNQ#$b*4PzWqLU{Z5rPklT9_@hhAi&n+RF
zeGr~P@+pzu;jnpr(Op02zRtAg|AjhZUO}B*^CEqSYN~EYKjw;a(A6#Jng3L`gyyd_35j$bd~^fK@0?I
zGn?APMA)rOp$%d>odff{bKyqnJh2RH&2?aFUJjP#7P?Bb)74P1zE(U7g8DVu3iHF8
z#NRMpyfBqYq+7K?belGUZr3Kz4s8ZZr;6!LZ658`Dxm5frhByYbg#Av=2Vx`{je>0
zK)Vg<@AuL}+WoXody+b|=jjRU4SGuZ0UgvnrbF6aVV81*UedkLLe7B(@>FOb&!IQ<
zQ|Jf!Y4k(=OnOUSM{h%c_Q(1rdIt)#??NH=J^cat8Tgq$*Po=r`XTxVs+hmfKcJ8G
z59w3=6Z%a51N}k&l0G*)^hd)-Ul>XBCnH3EF~-tgjY9gnF^~RjRM1z(>2$o>=J#9=S9$XT_hQAi+;xYqQCJAkz#x%1{zdtRJbp36
zGhC#5CW>L6>0*?pNMv~Ci_xBCBFD2%jPYD7#(J(7<2+kMp66yU*>k%n@H{V0^8855
z@O&T&J)ek~o-ag^SBPS7yqN8UBVccTG0&SSPWFx$rQTVh+*>B*d#l7LUikU-){AOy
zn^@r8AeMM95~oWtXAihre?cF>o(M`|Gn^;j&3*?gYzH%TI8@esQ0pxQE#)`9jJ*4o
z^Nwmgd61`!Ak7#D&5(|CWS$TcGk>A=g=
zhBJjW?Es~LL>*ktlffMn2!dv7Cmaw7(hUYdM&SiH`W`|2=RO_onME0%$V;|4wx
zH=ilTkbFvzpM9Zt&J{`E#vx%#b;uVqVI+&X2H@?%tPA<-^5a8s+o&HB0vUZmeotK}
zP?w*;mGR4`P{M6Ma()759g43DCG3)OC_l@WeM9lGgis)q0I>MB4B5x?Ek5K6C7{4i
z02taq+f^xBVf_pRYc6+`dUK(j!{&hC7hD4d)yv0@#K
z6YFV;*g(_8xj1v-JSr9&;lbh}DudUz`C>B+elNj!@t08@CdZX9OIr(v1?P#YA@{ik
z{ynb6#CRR;5ZBW^m^k-{8=xAs6?WG*(o^DQ=nie8w_xh_Aq?9-6}Qn}#O>G#-62e|
zL&S+)A|!UhL;2kzN3@Fx;ydC*ai5qf9uRZIgW?qN2psb56=#Y^;Zkp(*dRK@Ch@qq
z3`T)Bhy!AqcoH$6!rMdQ8Syl1mYxwGif6^I#B<``FuO|>FKGQ?ayMAKt__79Id7<5
zg}8G7mYGEu+=i4*or)(v6n!!w@En2VhEEV(f~N$LiFl{+6KeilEI%BtO#A?g&j{?9
z<|9X*K;nRp2ayvz?4UM&EKA4*lC0m_X)#!xDFRP&ion@ggXMIf!KSJoEEDFUq#>GN
zLzN-^Nz0In2QBj_EOD63&@LZgp&O5>p;&x?1rX=O$O(jZb}ElkkVhSAs6hfHupsi&
z%2*cvQ;VAW?)3tw9K(#97s>)}_DpElq)K<3iR
zSYX;`(YYooy=F1feh_VpV@H&HxzHrIdH1pAD^C1_<|`{5L-*B3m-6K@zCiEQ$9k_m
zy3(YpI6YKseRMTn9Oc(RbUg>R@Z|>S_#puK9Q0qe(#;%%>g!gzg)dNk-Add2uu{3r
zq}#!=0s{wpMYwuH#{|FKpg^f;^+dgl7BkO?K(i4Bg^&uGl(Oki=gEv>^6!*yZSI+$K
zy=TV1i32%RS+)q^s1hU=0kG3
zRZPHsDi7nh)u^0EK1ptQ0?RA7e@TP@_#R~q{aj)LTh?&eOqM4Ma(!^i6V%rjnZXV)
zDc3fK!L|=q=SJ|Aca*kv^vqnGU=*v)T(yM)wN21pRaG|SFp(~cSogy9Rrg4
zFGJ`>b!dE*O*}ukB>^ltU`LU_ON=*Qw^w>7U-iT;mr{>zpr2}^raL)6WCYoAfJwB|
z0^v7?g#oyXD0EEhPRo)j4q?9SeN;*Y_(;{Gi3jZY!NN*WYte4H+hpgp
zI6_@{u!YmDJr;D59_&TR5aSYe61$IucPa}Gp^(R;`~=Nsi#nK%uh`YDMzvL)pP;);
z`mTi?*^?IhBOSD0y@}LM(=#SL%g%F4r1~=J7~f^lOB{Tepx65fUtXmWlU}o6ND0Io
z^9f4-cLW8U5A#)Wf&VyL9oe$2!Lcyc-9AYJ8E`DhK1rokqcc0(gXTYVJQ+ME$vdVc
zd4~v6-Z9tUuJQaN@A>l1UdH%5TOlPISApPU;mIT^Ji$g!lXj$hF)|@S@vzHB=_B+2
z`LIvLhA;rBiv1X;1S$o{K-!o>&SQYl;|KYd03EAjP`Cr|C7nhA>gY91i?z?2oFJ}EuBR?UOu#L`CIZDS$DZQggf+kV2?O5u2(c()B<*O1DvH5_@pNsJPuyQT$Lw%1?UU9bh`n)(-bqs56x9p0Y#Ld+u1)+K!Jj5
zq?tP4`v<+|{9{9f%8Z+fy9tS@xH$b}k=;)=;2rbY-rv1n!o^gCSgO$bk
zcF+lmosRhxyoSrrGBdF=E&|`87(9+SV3f{<7Hc`U78RK4=VKN<1y7aWEGz);U?C*q
zi|B0dJaAe7T@LQX_26slgyrXVz<7Th?v;N4!_W7i@B1;1mG}$nQ2z-HVF4C;2<-C#
z(6$>&my7XGe3=Y3dMRBeD&UdtRJbzQK(~Ukv=bbqJHbiX1rE_}0YX)L2i&7a={xYO
za-VpH?gz{L0eJd*2tH6AhR41~#2@J~@n>+B{ze^eL$_c23m(c6;7ukG?DIkNH0t=Q
zmO(FQS@beIm%XCp!Mn_4`kqz*4>RyxtIdEHvm$z1D}~#q1@u#`hThRu!t+csy{DZ+
zKZ84{546kZ=U~$x*6xI-vxnds>M?kwIY__KUZP)XZ_+2)pTSc1(C_p(u+jnRZy*Gicv#Rs|&-2`Sb8l{L+B9vtrsb9{wCR$rR9Xt8X-WgxOwyKu(x%C6
z8%UFqq(EH|5L{5fj;MeNh-h6H7gS(G0ma=>W=5USaYk_)7o5>?M#mXP`M*EsJomZJ
zO>feI==giR{)IgEIp;a+_iW$q_k0)gtJqfaU$OJeZ(^5&w>}}rU*m18q_CarI?4#ba*rVR`*yp{Ov2S{_V&Cy*$A0M5#(wV2k9*#Nc-&hQ
zpX4o#&-9kX=XfjP3%!-`RbG93lea2u&x_ycHN@ZIZHd3v+Zz9f*A)Mhw=MovZ+rYnuQ~o>@51;~UQ7HJUTgeUUVHp^
zUWd+AZy_QKKkzDHNKBL9)Edhi>6U7acdSb+R?bWO1CrdK8j!{YAQ~t+gqzn7-%5MMN3>GbcVHZJu7Z|
z9vNSMi6BvxEHS`D2GG)+D2A2=mG`p~Ky~5}uOe?a^CAse5^azjbm05!2mK1$jq+06
zD9?AJ{Df}g2i-gUgr1Zf^k>!?O@kgy%lO{AP5lj-r>Q?W(&J3&Mjf%
z7nf_X1kIp?ok0PhpXr49{f~tN-EW}SY90-4h=d_rAR{{7#aJ=hhdIJN9J=nu?CSy3
z%#Bfp*KfMK%ee&_;2z|V!O@W!^@g}Yzk;)V*xU-;@@8(5?((jLD|8j-_|=>cM>)4&
zjDGk_%%{9-%xAr8%@@4u%oCjbU*lHkNp6*X!YT7J?-l0f-m5&%do{N~H*tUR8n4!S
zt#_LDI&ZOev$xbc=564vXS??X??Ug5UbhDp;k_B>Pq*Rm33H6z9k^wBE4M>$!{O0g
z-ZkFcI5fJ)yTN-0rQPe@!p+iKym#?-od4d<-O_u#4|wn6p6EXBOWYlOgV4{s4|>1x
zKIHotZOnKd@uzwp^{0Ce_;WGfn8kqOV((#pjrVbXgZBx)(R;*i^&a)Ry~q4r-lzPW
z_qcy0H%&*q&-&M6=<&7Q7yUPI>-1Ld%NU1z!hetVw-|@~JO6&~s~Cd(
zn*X@>b^r6;-}_(l{=xsY_YMEM-Z%Xpc;E7W?fnxp_CLqc-nX%J_Z@89J&9er@5bhN
zKfs3F4`Z9Xe~F#v{W#X_{Up}v{WR9$Jq5P$v)E4WUt=%yejeNJ{USEx{W3P<{YUId
z?^m&--mhaX^ZqM#gZG=*>%ISuz0v!h*xS9|#@^@sZ|wcv?_wYFz1RbOEcU1$kA2Ed
z#J=X2#lGz)V^8_zvETXWc+#(kPxB|oXZuz0m40=6vp+T7>`#k#`8Dwu`ZMBv{>=CR
ze^z|ZpB=x#pBsOPf10Jze+ljWC}&-t#S%WtIq2TLzzLcou9A5Yd}Vgr<-Rf}Zg*e(
zd-7j7p@-d9Ow0_quQANPySUg0c&9BH`(nRxUv;X6xWP36ZlJjR)Qh#*_?5wx{AR=-
znBj08-i1M_gM3Yx_h4eGAAF(A>xs>^xJJ_475fet$a-*`cVKYpa^A|#4YB`0yktE%
zPDOkKArr6!iyP=R&ed=!ZQRSr9VccQA}A~}+V7!_r?)GL@8$kx^yi%&E1<`Y^BPT7kM9NbrpJH{HFn&|@^%TmX_6f=fzMiz4z`tk7)&$>9S_VFp
z@e;ckH`UEMoAQ9P7Ek&%H@38QHEqpDGEoLMqj}U;nXXK`Y;OF<>B&krcn%`j-X28%
z`xrns*qR`{D1v8KXNQKfYZ$_@CF1I;SC?%idRJ7k=Hrz;1O0uPJH5F++yrN(&Jitg
zd~mC%5Zn_ta&3tcPtwS+odIWpMa>!4A*mz2n`di7>>
zDZ(a7`v?fwou^dlHJgLYlP%4)sZ^@9hYk!P>(FOY*}2s#um;m;=gL8uC2KF{X?5>Gr%G0;KuvBt(@r(R
zhRq$_UE@}tJEd;qPTGxJ&<#!w*6AQ4G|sj<7T~${o3-}s_^3<$a{WGhgCz4U2E*_faAoT0U->lu0Ctks#PU&?B7sa*S=hC5bWd7kV8JkHf{gD
z&22-jWlXqX3-%JF2K#Ne?~c)N(}9N!1{?F)D^_F=A%f9!AV+DvIkxA%V54;oi`jdJ
z=(3O(muHR56Q<2)&hH>D(b~<{)nk7BF&#o
zUL`2l-PS6<19fJgmdlE4(?!kQ&28t?>B_V-z_qz4f6`>HI@r%a!FA{;T8~<3L7Fw2
zI~wb|8Vi*L%MR_x(SFWa)@6`#EilUko~vEA?LMHod#tbuxZl3vp5dcGdd;!HGe$Wm
z@=YvG#)p9%X-9fTRt7sMb@y`+XtgiT?mNOs#W@1P$??!fvxCHE1_cKOaWshpftA^2
zvX6!(oEs$Hpn2iu0|(2I!F+$7x4F5#-F0MRVT7gIs=e_=xnVYbD{K>#!2lrg0o+8X>LOI
zEBb&^qY&?#{-n7~zn3S?K++saqrf&;!G*w3(j3+=Ml5|v*!j}LA2mmk=E|g0@JG$n
zdLY*~Dw~p{(!(FMdiY70|9G^vs8H+30TfWj6{&HnGdPPwA+yuQO|QG{Riv|)ZgYDk
zEP9m#oQMdS0xZvammg2$D=GzaZbS&`WSZEt$<@@t#K{fjhBrx!D%8_o8CY|YVZg!A
zUGXMY0g=v50QRnOJ%_9t+~-)7Z|wA;ZGQh?Xfkn3vyk&c#!PZ!R?l;6`w)NNIK+mQ
zg(^1f#+R1rE`qy5lGCA
zM54AtpV0vdBY!~b&=8y7>N^KiXwX@P)0y~;2m~TkS0n;AcIE{la4WDJR7zTGsj2hK
z+zE!Z8&z~GI=2WPU}n*HDU0@$3|E>9GZ+E6E`#XE5;?nnc?MHMH%=fUmY=ze14ARZ
zz6{2UURlaC=XevxD`DHRkk%TLQ$Jpn!Ljg7o>@3f5b#yWU6JjR6Ca8E(^8)o$m3543}WHP9SVIc2x6Y8F3HJ+^{ygQyliA
zJ=T48T`6mH`E?O=)WMtSe`>DBoqXM?I3OR-#$CCk?6yMIow}3qq|LMAFq1v%MIE2s
zLR>?2_mWj2w>SQ*jc%8osULrn8#@4-*n1ElU-gV~bScXO7CuT;qJ4x+tDjjtwxVa)
zo1Gvi^TBGwFO|alLY@W*u*E#3^)IO+9|^EJIH=3)`*L`%m{$Ui0(8V&2l^A^x84e)
zJ#2iWb`VL6BXE}3y=?h|CkUcFWbh}QaYAS^5a6`>=hJ{0piHMD9I=3k7gE6@%ahHz
z;t`fuOKO>7l5CtVYU>eB+d%V-k$Syr&OcF(y0TA#aMH!*cDC{{Yyiq29x@~MSZ86G
zPnyZMn>ov|g;#~hnOsBD{HcFsruj(iN`#3NHMg6YC#IN=E6Ny7ML*)iJk$dxMz(@R~ETI=wT&iy-osVdU
zvnu6cmJ{P~&3<0cQwiOv@46U{bB8^n08*il2HAlW)vHpJ-IOq_s@%v90cQ}h2KnM-
zmq4j>C#~XU2EHiNL04V}B|JY;UOFr<9hN5v12+&y>7F_$D}~kv^{iv}wZ`?os|LnB
z7wZ%~3AGa6nu>59#rN=KFIV_IeA&m0=ndhPA>B3v7JOp$CXee>5H@29mkJlyZe7S#
zgKNeO!F-VaDw=^BUG1^^+T!}(=9aZCwWESEi`#L8FIOUdaTQ;#W>k*acF0F;rLFyZ
zx+fh$wL=}n1z<3e)j>NH*NXUs#;qMu3fH2yA%ajw`WZos=E|1B++%ozirYWitVvX=
zW=%pKv$$EWgJ2|SAHw9V367jJ65
ztQcYmkncMuZtA>KZt6Q}>bq#xahm#W8ugw(LQ{7IP(8-DsJk_JsG^NWL*u}dKMPZN
zQV>itG^rS-ALGlzH1^|s`2>x9#5Pp^qTNJ0AGk~nV5-ffCWL8C2-BJnrZoXf^QJtt
zOKt(i`PF4tLw4+H{W7cTE4E&@TBED$Vmoe^P>y6;=Fkfdxft!tFDxc>|7zCDe!Ywq
z>aUIj;~_l3nX_7`>lh+;vk2FEd9zrh$7(&+=&@Fhb$YDV<4ip^B+c{EtYMq}EX8b0
znoUVOL!XjrS6ZU=PMhV_G`prMgO#LL%i9C&T1s6`=L-t&z>u{?<-%grA9CSPJ89cM
z4}@|-*#+ymy;oXJQXryV)4jT@sdHyj=N@Nk*j?yQ1@?D^WR33Z890*Dnqe5Gj!CSm
z9)0qlCB}Smw?+EsL)?w%>Tft8&O#E_VRP|kqhhvrTv{zU+TeU3P!J_t!q_{*F{H$l
zXySm303FD%)lJE;pYfQg$23!u;ar)a-IHLg9t+KkQ_-oJsjRbb+B`l&9&JPktQV9;
z8>F^JqlWR+Uh95oo(wc{hb1Dt)QjV%ZeQN;_pB9
z2&Jwzzf6NTNhwsg22N41?x4rrdc0kad-QmR9{1|;PCeeG$MK}RqEwpqDDYlA-lxZX
zct#P2&6f3k#e6_Te^8GP>2bdvAJ*d|N%K)0Mj$t79;{${eMtHKN{^4FrA(!_Pw4ST
z(ma}Gz#miKldAMnX$pQ^!B6Y)89hF$xX&fc=k@yqrTU_xzofUnRvc=)mF6o+>&yWH
zu2Wj^*z#HMVZGV8c|
zR#VQo1hQ&z{v|L3Lx!KYgDE9+dE&YsrV#z0cFY+(y1FxWc;IMPfOEjsym+bdjO4Be
zqNel*$cqijYZE77L9aTWvq;t2zeILxNA|hYMGD+S+{3ET)i54y!7wlzdM|hU%jRa=
zh>CrkxlwmB2hTD&0={r$fH%LNCXB~O4Vj)r`o1=hSF|qH=Su^E-YbL7hM)!p73hmg
zci45p&-K%W(ba)=I>V_hj;`L-V_lz&u0B6E+SY(BKVK|MRS{0vpBRcOw@HX0&D7D=
zEf}YD9S?3I)x+FiANP1;8LkBeRFr*HlJgoatpH`}LSnNN=M_dp20DMURFQd{s|WgX
z84l~l45TE%3-stT>|qmfXjf+-GrBWkfn=aJ$-P~9PIMfTXZ@|Vy%sZ*>YDVx@omO@
z)qE{uzHa_r&VIfj_dfsloO58iRL>peTcNk0ZzSa~=t=Y43@R=+%g@iTQ`L;_axQ^>
zn8APdk1{X^;2PuXID^?K3i_#eD#O(nW)Mo5CCwmg*q<>!Gyj^wA@I*LIOrzN?JD9;
z=HE}whz$ohKeR=R*diunNv0&*$f+_fpKHGCqVZXY+__jzxxK*o)2aTBRZ9*OnoDaZ
zSLVebg6-nD(xM)tK3%Lh9o6ZsSQ6-TTcvJ%omnY{pfwA}2X0_UV3Rhjk_ybiQzQ@(
zNG$|gkPNaq4d809V`q`n54fBgEf&5BGC)>M#kgfFvA^sl_E!qIif2!;zpQxs%c8fx
zY%}~CIBEJW_bKj|UBrgjf%u)xjYT8WK#PrQCEOMXw-fG&gyndJO^dX$bI;Dia|faC
z!j*~fdtfYk7>Xw$+Q%7rt%E2Es31P1^`SyUktm@`%SN8`QM3=MvL7{7_Bn+Q)lf@Q
zv2Im(t#O3RPAc32l_bV+913YNlC!^s$~OA+O4o;FMuiA
z0az~q0Q=dOcTs|4KOf+#W;Y=^f|k-HbWU&bu_5N(rC1Vj-5tx6onB~=C=DFaz?8kf
z7My3w<_j)2a>^m5?7pzLu}s++0aI2TbmetJ3hs!Mmkt}64$AYjNe0b31~@bttKpKt
zb)5N_@mpe>Yhm}!x(EFsxTCWlGjkp`wPJ_Q{VOvMX15Qs`$=^p24_&bWU<*UhGBXM
zbmt2o4ljXudua%(N}!u#BB-;ggT_=qaqhP)`UAv@9(6G?&WmgWlHV43o>=H9Qd~##
zaLaSrMwvh4CCg8FpR|7G?yZU6YwBy_bNkLrTI-1A%jVW3A2Rco$7+&q*jb0|*YcVq
zreDi7ebAuY5T+_~sme%YOFjK|<`@%=M0V<>3zM)gYTGPVAP1E9Gl32;9S+i&emK3C
z(IGh)8DLBgu}TJ+AVZAYVZL6$epzV@)M_G+zvOE(1JLGP^DutLrFf
z03ayt5G4tC*HPMGJ6hLK+F?enoN|Uqm!Kt=QGTOk2Xfqzp0$RhMCX|Pr}VGp0kdFp
zt<@GcUoW9DtUHIL51WO%t56qT^r(HiL2qbs*CcK?$0=i4phUcw_sI&oa?gsfOkbv(AO;&Y8=PZx~~u&yN_P@c3KWYyc?8eF=)l2zL919N*3}>U|6qVj9$yK
zejTgpW=8QAV0R4Y{RPl`17m};bB_PlVS(_C*kHe%|L!t(!mGX;11xVh51Dshl;B>h
zrJ#&$-izw(eYiXP0652o?3liQQMndw$(3vwF;dS8-bR=wSJ@Fdm$I(rtCr1A!x8@}
z_X#gz#8V(YFGiKur{u{&-X5;2UrLTR{c$Ycg=|%xEO)t)_CH9z3Pyad6a>p|_vGP<
z(c+n?i7%_=T1)m8ipDG{1u8dYN~Vohzj+e`+Kuh3St{kj_fhY^@t0S2zamg}|1xp<
zH(wI~UG@CF&B&IFVX@W}47iAcyIJs+#nDk=gb8kHqfVi0uJ7
zW~&9>#@p(3n-yLYG#$UhXd8UL<%vDcn17nF_zZ{2=ZN_{Tj3YP;bHE5g+1Y0tjm99
z^uNP+KFN&y9#=L$V21sWIrcBis2?$-evFNur|>QMGfMe4O85oy?3eiA{10;dCur?|
z;iLXHSW^A1mooqBO)^h=^Ef2tdogdJSB|1q+N(!}YlD~ZHhYzje3NKtwb$-V^Ey%M
z>h`94JG~ipuHq!hTgnb}9W$@o+rVLXJ^Ko_;k<=*z9nhx|JYfZ!a3CQnW39e$k|DX
zmm|l)ot3vYKYw|<(d}5gy~1txyuFe)&KKTZW#{kfQDWB0NZ6UI%cX_tr@1y*e}1TaH_+6_~cHH>Z26Og#trI&TfijO$QlTyM59*9N?^Aj>u(uXr}fi<>b{
za1KP@xhOC;m^-{i^ER)^97hTLLtd+S*y}Klc%9~}UKgtI-6$;XF#qc9GQakAqojC=
zx5#^;w-PnPb>1FKR_^s0P)9r;gOwK`6xQk;@H$XU?4s2d(dJ9NBi?>w-v&I?CNX3=
z>b(SI#h0P1cpZw0H=y!(BkGQ?u~&H?YXa2?&2KlzCZPJZ5klb<(t^6MPP
zuO5Vw-0JaOMp?Q^{%HK{Ik%g4x>;EDDJI|86MJ)Qe(!fv@0_{X;Zbf6XWg=3l?dC{
zzsRI_%d0N1c*FUeil2SltSw9umtcVwRMq#2cI|j{Z+-fOvHMyIxiqx^*n62$Z{dj4
zubWyIgJT*jnfh2VE%V-JshUM}9(_#7kb2TiVV^}`VuzZ1G
z`69#eC5Gj%8I~s)mcM0KzRIxtJ;U-1hUJ?K%eNSo?=vhvU|4?0u>6Q&`3b}F6vOf}
zhUH%wmVf&r4hwF1IB`UYF6UQ+=SQ$cd)tLs6Jh7>n#>P|)&oC$Ly&V-kh6@5UiF3o
z&S`V|G9H`HT^8oPwPfxoC*+=7GWQ#qOs>`SLEXZL(qpTh7s;FmtHzs<+aOrrPNqln
z(_|cE-v0D|gS4+XjzKIUp!(MCssl|6gt4@(TVX688zO$andGlBQ~Y&iw!a=5xo6tC
z9MPH$>N1c+w^=kGkEpKTfcHUg@&xBPLIS#_@+0+F;?>`XeUMF&KIFmYvoD-jg4h8C
z!pxO$4keshq6CjUMWn%7i!Uob`G#9t{%(pf`ddzd@#G`&a;Xhg&vT4~1hO%0kqmYq`7pj!
z-ar5$)C2)E1xfKD8SvOCT;EEM;@N3wBoB=okf;kC8Q}6Ia*2Z%#z6a{AcOv_q)dam
zsqpG*jEs7$N4G;U+QE}KMN1B^Rd))a>(53`H8ncq9FLFnR~5J;A0w7Bbg(-hb4${^KEqjJ
zy|(eVRWWarborYy?6
zSU2vum9ETF7p5+C?ea`S=f^cXJ9a@%)Fi9?5okKGZqd|pODM2pdRnM(6An^z09dOP
zqeJ1RqPw2w&O6+^6B`kkDcUcXNc{sn=%m}LO*XDHa~!RvTuUeSe7Y_nPIn6V>($@}
zWx`v-Ri2rm+s-1*jfs_uqR_N=MAL#Ri!o(PLN-n|Bmx!mQ`Y)W?GtG7jMZ2u){5#L
z|7;sOV>XQ|AD7=-tT3MKqO9TO!79a^W_#@uLqj!s0p2l;(r%zm#!&1D)Ku9bXS>n0
zCYk}r(2?QZ+!pjD2c#Z1)2{y#-zbB6^V{O$K%328G6uV1;0QDt6}jq+w1;VbSgjk7
z`dO)hxQmQSkCKG0e@v#tRcLJI!0BRO8jxV1#7+|+2__|70B(kfU(2s>x`eKD96}~p
zQ+FS68YETL^2QuKodC~T%-0km!P!*BDsK|a
zkZgS!Rae=3awsTe1cRTQBz#xncVet5VePS%;qg83fJw@}Y^-W;_pGvbnLM7%N?6WP
ztNq1w3)W>*k2nTWW>#6E>W46zSInLAdf2@cgkuED75^iZ@Pf5mCE)!8Goxi?x@F+1
zphYEBeAd+4-v{LKBrIrEaY6H4K^TuLjt?uK%)N7+MX55_Lwn~^S6PaeSqVMSTp%KW
z-xa-2niW?MC(lYi*H+kP%0*R$Jx^F?eWL9R{1~Uy(aLWVe}nujqht$bELl<`oJ2-uJ!$H2-JirCo$IV{2zCCb#_rV|Tg%8{Z@Am*)
z--B>{`@J%AnO6z_>^w8*Z8t;kWv_r2HsW1uu7uBem3I(-T9@G#=0*
zZC>sjhtKw241#_bow`S%z`q3r{%d${zcYWq@_Un?HgEQ;%x(Tud}`I=Q|kwXy{jBn}^j6lYQ{-4oXdP>tl^CpZy{!jAY!JL{
zARU$QCJmjKj6e$gVvor9+wA>y!c3($`PM8m^Qrq>%1fH_s7s>mQd2>SmKz+q?!8x&
zvx1n%P|HA2j6>=o}q0U~J3Y5B$!CK{cWD6_6~?&p>o=adG&faYWD!5;@Kp8z0_0kTgr
zy*|ZM`ZSkPKj8A|$JqJ$39(PvfjR8Jk{<+Y{Re}|J6<#GcvWk>Qf|EF7l!Nfe8VEc}UzYN#!0oK!SzI~iJ#c&rC$An+P>|h07?3LsEVJVK8R+uk&E6tbTl50J=VS6GR
zwkN`2dm@h8Krm*ghN%+pXcS-4qU+{GpW^Hfbm6OnxiFCSI~E
zZQ8RGaFiM#9j5`9A~3ORBe?u!-t#bByAijRo6J18{B>~o)laF?h~wgL0lnp?=klzQ78ZmSTut(~#KFz+kA+4=YkBwpLtj^fVMx@u6iE#(x{m@->sH+oyroG%3PnXq(172p2@mQGlAL9+6h>ZLw=
zK8;hBcaph(BHm09TV{I_>z(G=@;8E6<@g&`zh;^=WlqZ9aQTwv0;%CF%CK_INSX^X
ztoqiZX_Ml4M}~RdiHF0CLDNrK=)0tV-kAXx=}4N3rNnbdMlwwq2{eKIi=fLf!KIs@
zG<&6zxo;x6yI8OK{{>dS$!O(qNZpBSahyOdpFkG}boz7YN9AO!fl@U8DOp26DE1VH
zbJ(G0mEXmYT07c;^TA!EY8#Bj2QD8{@K0p4^zQ
zmc3K65{b1{gAhwAs*t0=y7yDF5|;j}SONJ*_*=6QmUvFYmp@`D--MiuCd#Uo@JuFn
zq?SK&tb2J(RO#|ZM9n3ZKY}IjS!Cen0aF3Rs&`SW8Cz?mXh^xCcdP<+!rt(5$R=P4
zRKOOfhM<@U@-!bPo&lOt$9cF0;z2HNHi8122NKW>643^E&`oGJguz}&gUcZet^xCW
z6=&qlphRy1DH4z!y7A@!$Oiswma>H?yqR0x1%NBT^&a~qV_LzbJews0RE622xZ
zLL~A-if_`Flkk-r;}G4bs)ppPcIbw>n3S-X1JZbNI1sD$tZdu7Y#j0voFKK?9IUP$YtOz97vjj8Kk!^JLyfz9K)^D
z$!=2SsEPqqaVP`-YX}~?!)bi-ba(rGJ9i+zVTVOnfM
z#LOjB0@IpDw8OOKk@z(JD_~k#TSSUY;Pjw?lVe&c&tY0}0lk=`aS1UpkL0Tf{#w{$
za5TINi!d$t^2u3oo_GTX?JCzJt$T?GTi(FSE%4>H@-Du-_znNaUl)Jk%YQ72m*HjV
zT`S{t3SuO`vgC|c@COMuwUtr1e<@q3XmL<=X
z0!i*PSI&w*Y^rt>0#hXBK{JIO9XFSrLNylAq=vhU#U(3_|NfVS;wiRT#i~dYc3`_#
ztbiFyqA#m2)96dUOcLOQnaP$w0_J-Kn4t{(%m6E#3)4tul`evdxfi_fAeiAHFq*?)
zgGWGWUJ5oS|44U$E8YzY>>aSL0c2K-k5@xQ>1!+wgFG%xhhrpKEG
zRXfY{dbK9!Ey9b^nTW5Q#SwH4M@$2UMl&^NLJ6x}=*_ivVhIgCSfysC-rVh&-XvfR
ze(7z~At?OPJI`W}af=2DtJF0X#=YoOem;j-Wli<;2h0qIRSFait2`2!&*ed-9?L*j
z<+@_5@|K5Q`K#}NQR+{Ox07L&_R4b%T8UxOa!=KPe|o-)lSFTqw&
zf|hbVw5EZtLlDb>ZdY2Yg_PN;=v_%Xmz?@0@?4;a6Iefu@+SUNr0TQ97b8|X|8NwR
z86b=Efh1HBintrD57)z^r5r#!D=T*rjOw~-4cEg~@A^3wObVsA#z-jrp`u8C2$Rw=
z8&lSFwKc$7^0J+SKX!TUXy^dF`2IeQ>i}d1re5NN1|mwuOjIX$l{&k3KxU-R86y@|
zoyWZ0I(A&c8Z+IZ+O_O)rrIIAQ6s7u(TI2-&woMoN7+QzWAX%ie_R|U5abzg@)H?|{((PBlzk$mVA1X)
za}pH~;w8ydzII?|E&h_Ekbl@JsuF)2$5p+v?$FC;awxJ*b)
zJwvG#iO9IAVC@szUPaea(7F=hHJjpDjx5ARICt%&4fX>v~62wSUnXUxAiGwHRR2gTx
z4AY@~0j}!XCN%}6ChMwW2+24J@Is?bixim*i%f<^CIh5(kuBc0oG#grS{fAJ&adu)
zDLzr6_=UE3*{qaX#C(fSEM8w7x>H<{SZA&uz5MD9kc!GmRJ7DqDpMY?6{79>3?s
z{neGKtMUSVHOW$S)d;%81Eul8WZVGko@eWIlQ9+6n+j)63QSw%PPC4^2?BLX_B{pr
z`SDMf^48_CI%u7)`;EM5W|lu>D%jZ9gmI=+dnp3MT>414h$X8yUhA#RS%
z4;wPy%84M8#;VaBusGc1q?gsy6nXMX*0FWD0j{ok$V~aLvEI!cx7ID&nJlgIXeYuX
z#i;WA@BX{F=K_2EsgvWP%Fb}g7$o_}X=Wd0#p-2NtloSuDWhU>bH8Fftj9<6_-Gn=
zjt7&nC{}O&N-ZSwKba~BSE}(G`e4F%Sh-OaRn1c1gz9)rnTXsJw)&6
zYQDG$G!Mk)M5~BdaG5PF?Tr`iX~&4-_NIodHn}EboSnCAM@!3|hOJvWo4UFb$M|Hr
z_7K|L*2vHEr3d*~aa@<;o`jg_+JhaRe4?Zere)4>!nvma)6o7_sK^mR>jg{`7Z5>V
zQ^JCq2SMGfwfF)PG2MGG*L!)8ly(F3Q#5Ro!ii3hZ;U}5*DVL3V$(uGv?FJN|C)i_P>TaJX~?A^EWeh13)`$q=3%SIfj7*avAm
zas>l4GCFKkhN>fUSRi-J{G+r^+eurRf^I(8psxuV!RgDe(`G*u84Jq<)_{VG6*RsA
z^Ie08aGC|}X%bn&g07CN;u;8)y^p+$21Ne8#nD3*CZDOmIXEUhk-oq;%sK~T>DUVfp
zbdufg;*kvY=;Pp(du+7*o;b$H03=~>FLGar+Dd+dE&BeYAz9Fx1X|}
z!(2JRg;^2J70j*^39104Dz!j6Jt%RwvqiqNGz#@}MZa9kzYd+ZDVi
z^dlUL8V_E_Gg^4!~LIV#S{s`C_?l$3Z7k+l(Z*oxvFq9%DKx(taL
zDR%qVk9r6h7&CceDpD|HjdNGwF&p=2*Y}y1KOpZ<$o(V6@W+7pr}XnF3pp7O%2BG!0U>!xkKJ(SEf2%1Lm0{c
zl!M{bAq=k$VR$vl27;mT3YvHii$L=w+>p58y*Z%WRz~1fbuEA@0Itfx37zXyT?hm1
z3+nqkJKFz4tAESY*#APH{LW;Ve2Y9ELm@HSFGtX=412RO?9IxsH!FkQL|b_ccR03{
zUNx;uP}{B1Rz5~6?a&zRxWfne;;=eV7&#fVRZVlmctGSj@jM27R&2_xRBjai0Ux_uM
z<$8=XO0^+&_8i(@cKtE?n+$$a$9Tca8=q45n5jzQ*RCbb+ID+tj$&<#^lWn}%26NevZlFp@Kmr$mAnY$7T=bqPu
z0i*MQ_jXLqH=EPE3z>JVaJAcP^PH7}O+lmN_vBSH5iBDxJtUZo0!{5ewO-o_b~&yf
z;Z{ttR;}1oF#eQybVZ?7%ewIP0+@Z&+(*qhBw`NQ+T2X9#R$v>%A-Ui%5;wE?R6GF
zK5UJf0Z=S5exA@VH`7rZaLy}6m(?crT8)&s$v$hbBi|G}m&Eq2)&91uHm;W>FQnBj
zwyd^HQ1S&+0gf*=BBgX0ZD`!Th6Ro7r}s*3_g=-#>1$9?dM)Zmw^&$cR$mnCW`gc$IKM|Nd<2zI
z3m;90Q4619sGwpUOq&8X_8~L5Fh?z02Qx5*6D$!9G0`2)d{XdY)tNZ02i%R)0x
zE9ee`XO`f8S~GAZx6;OYH*?{=ERy%JNbX|>zTYgx{>)l_&+_g!4c)e3*cq$6lS^u@86UFuV>BUxgBRc?bBGw_Ld*B
zQ?}45SHw3XMN|YW@wlA7J?LbpyP;{T;TT)M_aX(9hXp{e1O*J!2JL#a?8#NKfW$Ca
zfMu^aCWA-Cqh`-6%+4e*Ia7|wnF{aU%{1?qW~TQatmI$Wx*RvOHmFNx7T;>YHjQoZ
zZM><^&`Lr5_XqX2xcc8mQ$Vg@q;TF`%kNr#ALCbX`X{$iU?ggsZEMW6wki^F!Yq3l
z`zAPM@Z)B+pD^qFGPA)?nX~)~v&F|=v|nkq`;*NDDDi1Ixc0Y%?LR+g|7xxk?h4wE
zYGBa*PTH?oR_)qf_1IlhX4_O42|L03xqO&sD*V$-rGL7u$xX28u%^nOCSSx^Q2sY5
zU3LXm<4_#W8M@Q-?PFd;tRtzF$IOEhG{$@i5>jCzjO`r7F5q|(bSt_
zzOSif=jqclIFB!Vjd}V>!WZ!SDSqF@@8kSl&F_=^KE>~M`R(ENd;ETa-|zE#OE8RZ
z{HIsXa|6(F+`K&+jlQGCh3K22(J1@{(Ie65`C;@6qS0vK1*w~&(dc^x(JQ0T3&Us(
zh}sEd8@MQlj>atx;v(opC&;YvFElaqUMu}JbCKU+2K?unA-~JK-0wE8@OPR!{9WkE
z?lvFtFE$_XUtm7(ztDWi-($Yx?=|1^_nBY&z2?9DoLA`|^yd5hg`x8n1Vb0|vUb4W
zT7fdYCs>;BRf47SWjn{9!>Z4)yNkx`O#bp)%Tk8mF~Y0))4%z$#R`zC_+83xir+eH
ztrfa&VW4@(OhA3|>1!S`cKNMzQFa4%Q5voYK&*2+e-waR$?lhD-_LnX;FHrD>Npq?EGVf7fuiko;XsTfRd
zz*xlAd&sJn&*b)y{i&;i{r$ruquu?7;P}qj*4)XZ$ClmQO+au@NBgd(&K(`xPwnYm
zt)BiOa-%UV;JXdxM(ev^wdY2yp^s3`TI62yj&
zsN2?$YsFv=uVBE*dP>bk*oor)4G$kVj6?S@Gc`E*peT?7rXqdEWr>BT2dpXt`GEh-
zC$1GPmOOG<|AE1wVZO(3@LH7vaIcERm64J4K?$M*`H$pAnrEGu`joNhBMGH
z3o;-<^Wp!ZXt8o_(!3%AzWb_VV9hCMUTdBDhOBUE2<1>B^DJP?V*zji&C9WJNw=Ce
zP9&EUg;Y`Z^IYfZLRUMF3=TTWKa*`_VeW8Xa1+(td$?_AYi^*2brxT8v2M;L>9(Wb
z^c+q;dV4nW32w({L|M@Js_be=a4R&-nvGv&ovTc?CSjURjCY(Uu%cC+U`Xb<
zmR%~riT~pW7sYc|%d1S@7lm^s)G)xU-LvNW{{iw!Oy#+pI^1HwXSEZXO>H(zngzry
z9k%@UrG)FogqKCa%PB*Kc~q9WFYtrg0$O*fV7H2(Swr<}Y4kcUqxG=A^KNc87*yy9i7O=!
z7@j4-)I5oTpiIw`CPJ(yEqU_wy4@|GqF(=Ysz-R`_|v}vfocU;nnY~;cC*v+8+nh#
zX!c}zpwRo;s$bk?X54S4RLek4E4DkxQWJj&6pQakrHLnk^mrwxitklUKoLKVCH;Jo
zSXrUS_}Z$})ykJxd+la~q_ZUeKc9BaSoS#0Y+LsDibsz>eQt}~9nY%s
zRfQ6Kh^|Sau?7Sujy;i&1CEblF+{({d=e`nGZ`NNco0w;#w`vAD*#y77v0^eG>l0r%~zp
z3>?ZYf+jryhWIsdXrRO;nof-}Vj)kp72E_}z}uUs?LvmtCs!5qiDzfb*Mk8S2VUkX
zGK{pQl(D{q&cDLC96qDZ#;Kumzr+={m0HJ=d;_+GVZSDA;%}>=^EsuBBqd~4%
z%rYa99-6JMXT~)|7Qi*}6^~;Kp8RExLYODGte8r(D?uRVG8+wl3+?YYW{=rRcrRVo
zuLEowsl|wo+uIb_X;}H5in{7_PQjV{&N0`bHgG+Q@8!&2aZ+EwfV`4!zY6fa8qnT^
z9ii7y;%m9}y(I*k#JJi4T%1&sP|aMxn=GE^XMI1zv(5sppA@o~wUzH~{-
zXlv|lZg1Pu*519RYez>1f<-Rp%Rx{{5aRDUo7-C&lvKHIa4p+{+*9NBrp61qcC;$`
zM$oIX10n9cr@%hAhYQGDXY}|$>jw&9Sd;Fk9%Iu`dOGIWP5RrdCR!Bm!DcBaO_@ELwI^5
z?7T7+zR%+O?8x^ygli+=xrFCM!ZLo~u?=fGJDnQNA?)*8RyQXU;$A>ln~P!NPLNx;
zljBvCfk7=MB)MT`7iD1af=$hq@k!<8`RAlRaVU}4fM((o+SL2yROEKy*o4uZNg&04PD
ziZsoyPnlKlII61OtxcD(3(>t*2Tnxp>rcGDP8$ncEn#`-
zo;r~vSG7DwS{0zG(SgHj)~w52-J3f++CMb7GBA$J3dD!IM6}PzfTz@Q@>(~Q&wQVq
zF}8-{z4nY#oHhUdep??su}jN)FHrS?NvuW|dK?zLyI7Z&!z86cGs0~?1#(Q4;Qi1oxy&%jQwya`(GXV;R@UN{C+5M+wF&^@#gkJ
z2N3Ot?vQcE4Et^Ie%PNHS@403G5VX3nH@C{HD))wRaX38R8Es#tj9~R@t$UD{$4%4+`N4FyW
zkt~X6-_ae!e2bWX!QI%>PzW@)S^57sB?O;4EZa5_iCCi|%OVkL6_JGB6=d1k(A_}g
zicJyQ)!op&qYGrcv9X|Da9R-C+}7CMiKIP}@jF_#!10D@+|YS`muIF2DH_{bTN~Q8
zLMmL?Mu)-jgAXC5?`Q;SD+i&;mrHjWTek-E1K*~w{RZCx#`~V`_Vzt3kSc0ub)-T`
z@OSU%Y-`%8O8|Yv+FL$z(2S7I(B~N-uaSCN8Vl9V#_)9T$!Z3i*yy(x%C;$58(Q*2
zj>^7=>w{=kY-5Zoj^-fgV^Q~;#3CXopooH;@x}&qnGVE2<
z4`AVkiMoO8jt8DHJI=h?)fta#{|#!2_cQ1w?6boC0bz
zvJcWDa?jzeFWlV_T_~a_tBXv|2NWf?3PT%1v-0GhJuRCD266{_1{#JB966L5j8bFM
zEv*wdQeAy8L;%{^Y<}Q9_+widx(%Xqvw3||PN?mTfk$TRgF3c6i@kkc
za`NMw7>W*A$$Np26kHzV+XuHiCt?C2qudH%
z>8@rY-{?G_9VJBf<2s;V;Lb!vvpC75ellQJjxSRJKk?>B&99v&@
z>~|BdfAW>AfAW;f3C$nN6^QQTt(o+!I5XAW5lr!XE3z*3YanRe!$&KCgvpjTqSKX#
zPFEvFy^nZj(swEh=RQIzHWw5tO=Dqhb5!iI&zTAdKU&#cSmgeg;;qCDhMeQ(SG4Ze
zket7P`~Ba{;Qz7JI4;4Qu$noxhiWy(%7O|@2-2zLmWk@cBdtw@#Wnaf}0@vKs~N!)nSvW;m==0k34wvhk~Ak
za)?%B_>p@fu$*(^D8ZC3_mHvjR^tD#K2phyuo7HZ*$IQp2jb3d8e9p+4G+Q0i*1gb
zGk4BCrdoo^{@k_KZ@wXh@9Ce{7K8)UAt#E9+_ATb`pyQM+Jq3_IkrCG@pAZm1-0nB
zpBL6V51e09+hL8uzVD`eA&Y$L*`0xcjT%xkc)iCR1ucBNLV>s6{UB@ttfWv9xD)yB)0lj
zHTfN?V5%!Cy{sCeNaSk@yku0JQx#25weZ=k<$z}UTvLi>V{gUkHPst>a9QMDn5JP
zP~TBS96kr%NmuswK{Fr9XZ5Z
zd$zY{xKG7WfPFNNs{SKbT+ZUYB{xi`2aaa<9nFqNFr;T73w#d`4O09_c4&VV&CBcs
zFnzL(l#}fv&A`xMAv@X2`$tu5eZGP90mzC+@7UI-)_<3KD*Y`gHF}pF?j4~!qq%xD
zeGI*dT6>*&MLDPLEA@Dl9a+B%^T8O
zj=dsjAb+QrSES4v^^0KFQuF4NxlMuFmEw++c}vQ?6;a%jxie+%N}0P;=I#1&d&=CC
zMqKmWlzFGJy(?voEB@VSWb1fLHt$WE_a)7J;H8!XEpbmo=b7TMfGG9YDI7HlZQyrU
zG87uw@38bIBx_k?Ls!$D)#x+Ymo*TP?rm-Owk~{IV+F6EYl9><2vzHX>ueC3wyLH5
z{N~1n7U-?EKrwuhpuWc{qvtitk!q?GwYhz3r=_G+3zH&ZYCKAgx|
z?bgtFU9~NG%Z_c^poGHv&MD2E81X0ay%%0};!dvf}i0|A|q5G4e-(m^T);bRDUlUHq|=R_s+_Lz4Tt-V
z$obd^g9f#wAe;uib1B2ZAIU`$oSeK8P3E73#H!p!bthFQ1@xLjuojivy0(ktnJ!B6
z1S(D=X*FhLM*Na3Cw?!PC7Bz@X$zx9GB4zZ!Q#j7=TY958|Xj8esoF~kmYvMa$IqQ
z7OXjZ*}`wNmyEhqT%O_b18K8ny|3`afEupiCHDoH8j=;DP~k{m4|i}kE!qe9a5nbNAy
zkQ6?-5_Pm!qc~1GP=fto=5w^vaZHHFazm+vzl3teNTvi
zKC=MYX$iF33Xt7(=uYn-eTM1{lsyhH_*H{M2dP0_G)TyBK%qt(RH)8TsD~oe4ccNI
zfi*QKmO>DelI)FViDFkll=@3MgkC*x@;4)q)+NH$iIR4iqi(6wk2u<~ko&4g?y@lV
zrNHCFs^ep;esLsoq3S&)Gnb9c{IZgn_l8h?K>*d6l36Pg>8im@;CQcY*(1CZKx;`o
zrbPnrsB)ytrXU_Q1JNjrngj355WF+Bk6ZBWW$axapHEF9>ndzbb+tu>JB|3)Quyn*
z47=GDDk_NNVWAa4p^DqbOxOJE4F@1PdWo^{KUNY7eWjt0%0nTUheC2J6y8Wf-vkui
zEOZzsyk#6HXd!Bn^@UK7KDD~FR8UY&lWXr3C0_xtnt62DBenMwLV{7GYNzOZCsm`3
zYVL+L@^;vI_ppraWf{FQ0<)zd%$DjHr2&!+%fl>J5@yM-F+o9
zA1Il*d~D_qmdt!GZ1y%Fs4j^$QSS5|ovdbg+>-CtR#yi4i-i^Vkw}@f;R@^z%as10
z$~;J!i94)jPVz05bCBc$=^m3vNEweWVkRi+UXw`KDEnTi*gH&FRhf;u)5y!a+~U2X
zL{Z86sv^*KLbZ>v&3_V3*QYql9%o1VG>nALz;XO6Q~Y!6lV6Cm|6tgDG-GJBc1Kwg
z(7dXr-gs-%sp~OUK-{WmznVk&0y!
zqD@!@^Th3D3W2iNGMiK%T^=Hn$MTBi8bmkuf6B`L8Jo?&5&i|O_;*;s{|TSuSGJXI
z6WS8AvVv3maIpNY2;27eLEEm$w@o$eO^j_KvGGTEjN43`ATCYsgdQ}OXX=sL%}o6U
z{h{mnMz{DWk1bpFNTM&HP8KG-J0Aa+WAXQJiCCr3x~n{7R=tFIzLzq)y>f1KGca^2
zBYnIk=%Z9V^L>;l3Og12tmB_~uYcG~W>=|dffqJ~mufMzrqLAU$3q66Gt*??8rBwC
zpEGxbiBR^miQ*F_LXFZUN=%dprAnKqY@$Rc`zsM}QHz4cIQs~Rd(6_XS!ycj%4&nc
zf|Qm8_w_Ka*rtS7`DcvtAoV>XEmbvg0RKkSbNd7s3iqtyDAEc8aP9
zzoTPmzvrQshwcL=TNrgKjqFv!Bb
zbG^ylJa3kFns>UF^%n7LB77llmwSu7*LY{xnIUfL$H9I_buxNWz)9^JIMnNd*^f{kN{Z9}V-9=O>u+j2mw?lJH^(E(*<*qDb5nx6!UI^x*B%jn1o7@eTr
z-YT=$TOFCI%MiF;PVp&@DOY(p^v{cf%2(U10~vz4>IDy(g#`#%q{~}x3vwu75{YeL
zsmlJ+Ap1Ykb_t$e6tumy?sKq-7k#j{I<9JaS<+x)K4AtGIaJOY%9Sy5
zMY$;7WT01BVf8B0NVs2?X5t*x<3&pLVm)4>2eL6Sa}6>v`n@(~uG8=JDM`h|%nd1X
zBkEsiBtEI{l`s*+X$3L50J2(=(eP_dKT(ppKmeomG%9c1m7}X7%ohqkuknx01``~q
z+nUS^P4%rWdH)ORuYTmnV7=H6>SBGN3;9x{`j;EtGuR`g$&ymr9vm=y#Em-NA8@iq
zhkA$5dJ5#!BZln7Ih_JP#-?;q1XXFC9S@&
zl)t$`pYp?!u+|FMS3TPGN?mnoa<{H>SI8s^j+04oP#+^j2$@u
zQPp=v6C7A7xFc2RCs0XgoZP3s@$h&69UnZN$yJl%xPPyn6>1~xUcyc
zGVu_&38HM%UA8SJbZVOW&@`rNMWQCdbFELo~TUt6Rt+jeANpkv5hA%%I6
z0<>Z+84M300^BU^iA&52#1-Vt`uwa2$4!MoNdx`Dcqwkb*&rV97@+FQ0i~`go-j+6
z(x(Dv)Xtmc!M@zpu+-c4Zy7o=*f$ckkKBc%d9~P*4i%VflQl(It9D)6&FVzOjl#kd
z>{{R&GhYMQK;}n@{nTC#oHoHA1Um~GR$gT2gc}JnpYul!V}#{MW>nf&jJG{o<#bTY
z3lxiyMU}FF%rENfMI_hqz2a7VPv@|7tDKmw+!M+zVxC!L#o`H-LocliO6eqxu&U_~
zn;58fTsU|_dX;66^a1{_5*^=T1L)E7xG6u&mg?x3>2NVuks?JJ$G?oD`nNVHzk$+K
zemS^klI#DJ<4_bDxtWaTM2ai7Oj2^tOj(>1S3)|ZuG7vO5tXSpaAQXnsx*s;!GJ7u
zHx-oR(d4s&{88qMKQ?nqBy%FnEYI_<@`zA$321kLl5|HpQWkck3`NOBlpzgLm7&qw
z8^AqlbvjXFJ$ugmCViKgBo0e;1}&6IsUIdCrl}4(j^QrAauEV2yTRQqiPV-2YAc7y
zbFKy3dE}A)UIl**aB5v2F5|b1FKIZWA5Y26RG|hpYX-p#hiu8tuzr5lXjV1alJ&L~
z-mba!o6ue><=Gu$M
z@nYDlFOBqab_mniwBSN&P#rBi1=9g?2wSaQRy+40*suINXr{@VX`zp99={S8yow9n
z*VwYxxm;n{cqpR%T3gk~Z?Cug6fau+oXlSbUjrJ92j3m&g3%_E@xkJ;upc8a^Upd|R=7un{N
z!IoCleo@uC*_vF{7g4n)$4vH-Sw$0jww>5x0r4dU;L8m4SD3ti8yRj%;)y0p1oe4E
z^<7-Lt87E>{&
zc5j`Nf11mDpBI?`j)~<2)G`RC)neOoAuJ>9UJmMu;P^EW67{4>s7bKMPD0=FtvnnO
z$ZR7$5YE2N;^4Q}{^A+a{&McxUrt%_d)!^YgC8;)lWDUtqB!u8wAayXzH9BGmVbzjwklh?B%n%TElfh%0v6}OT
zhmITuov&H4H0tsvG$v#1$3R5V8@f^Ct13(*aS2x%1##hDqF*KA=)wV2&Imblc8qE5
zp!ntzfV0?IzGaTQO&x|ha^!sluLV*zad=;Yw3f>c_v*z;v0D%KM@A%=aR5l40lhfU
z0NZk{p_Ggxsci&(U2qE77{gwf+#hhA%-4zNPC(ynD20w<+Iylk9Iy!jg3!@})5g++
zAjhK97#v5UESQ+W4i?TN2lxK{N1KL+hX7n@JL4gl)im;K=X!y{YqS7@lC-{312V01
z%sigrsJ9j-VmR5(C;_|D^Ee<13%SFI?}|M?&xyzn&?!y|I#KCL2(|%m)d^Vz7R)EE
z5J-HA3Ml0+w_@$S7*NXNnPQq6RGZ(=MM!0!ITmIhMY1T8Wnd5zuu?ED!|Ls+lbR~#
z+6=f#Hw`P^RYdk#7jGAdDvVHXZt`TnEg&>^8aBg-C8tufsr3-euEi{Z4dj5Y(z{ga
zv=dj(5|sb13!EEphO@4Ng(Qk|=|pR$=-ex6be`m#Q=me-a=k}}`$vyPXw*|9GjS;r
z@L&FLn$s=Y=YkmsF)FQ2;bG3BF0Y`hwfX@ub-&CPLOy9v=T}B^ADBxmH2z(5{@noTJy3M-ivUTMqSSav
zBb{y824z7v1SHY#t|BR>l=0^kpzb&jpRk2F(phAwE6jr^7t2M{_&f`7y*2Qr0rVix
zS2D5m)<~R4XGdVGPuKHB-xkvwNQ^2-i7AiP%~{Sx={a-nH{m3k3gsD{WKK)v3*`MG
zlkCe(rmwJyp8!sOYul)cIGM`Iw{dYWD-^d4V%{f*n}D&R3AnxFgr6olFKkOq$qD~Y
z^z5H$%eR^EPe#U68d+|}l$!9)%99|0CE}bw{^Qk45Fs;fwWl1{;)a_=rxJrIucV{7(f&JQRs|s?2x*
zS}^Gm-A{<_doD<{x``0xqK<%+jK^G_z^dlBTw`5gfsoqHI0RPoP+%nz9HzACC0PiK
zh;bL)K~xttH@J+LVyZLjXfrcxcU2iC|7qhZr&<%7Tz75EuEIVocMTj3R>&Clj~TW^
zaI^W!{|s&&O8J;#;QrL^jh-2fH-?s>)0NCptrK5RoyrtD@AQUOAiR6v2h%;AMGJ}tjO2{Ty$vup_tODGFUP&4vIH>R+K
zyRsrejFcq-y+A!u1v)0^X%v{HdGl?d4o9d63#|wWl@OzP>(fx@wpLAz?q-1kq6&6L
z;29IF~l{6f*3vuf)%`B
zug`6v1@P2se~5r*bI_9nI7pUrPk?6H{xO@dktS@Kun9;H(C-thfDATV`S;IbZsKi?S
z@pC4aLy!N|<5zn8T95zI<2QQzw;una$8YucUp;=O$M5xcng`??4-U#6
z&(|ZSM_iAD9%XtY^+@Sau18vr3OzDDUSp1Yu*`pEJ=msJ|j<9*wG)>cb%_>XJCe*ZQ9e_+}eamA=_TfDY?}R
zt!`R~(3Gy$hR$v`RRB@G6c<6)?F`<7IhbGs0IDo|sutQ`-L%IoizuYYr6k>*4Q*Ww
zjWiTQuF2*=X_CoP82##9ghL~t!GxWvNG51Udz)585L>0#V1@=!nOziGSOk+4v<7X0
z?*PA}vDre2*0-=$qs<7bwY}K7qXTtn&F(z>=$e2KZ6M>NuI*u)*xB63U{0a??tM>J
zcY8;Nx>_N31YHd4jy7xC37xq47tm+g($&ajMimW>GPGnjHarD%VFDF=6PXOy`Li8&
z(^}#zwkQea{am2>B`l$yDDgpEMZCB~FPBOn-TozPmeRY-vy=Dj%ngrNQK@lI^?)fG
z3RdMjQ^d1x9OxMt*%V>vjuWv|HJ5i`c^_7%Z12A>%DuLk&i?;8yAmiViZfib9J}n!
zLb)h-fD9lAg)F9$&veiB^ho->`oEd!?!RlQtN*J0>p#L?V*Hxk
zDJOQhWcb-!GdRd|xMUH>NmBFj*7n%SOrt@lwze!^+7V;WpAzoE647$J&f$L@=4p$J
z0+sgzt)6LY-y2UkJC;m}9R2l9^&pxmb5o0TRYX_ov1ymdr|9DNn0g#5NY#~9l~u)h
zTttu86N>f3h@Pa6&;Mei)#8P*1k*{^MBPim(|>tQbWIEV@;g_Y6I~wf+z^kqIo|cy
z6@~jfyGL|{Tx(=B*0wT=I|v&jo|)Yp(UakEsi&yNixC<~Pt}MXbTA6(FzX{n6C4eh
zRm!c3VC8>r1WUv%5vU_UR+F@ntRZP5X(#C*IhQ0svX-QiWF5(Rk_{vqNj8z3M{+*N
z1tb@e{E*}#l8Z@_B$tp}N^%*=xrt;8$ySn^Nw$&vjN}%QTS;ysxt-+aBzKV9NpcrSisWvR?Iib*>>&9C
z$-N}MB)LzuIK91+y*;9*=~@gtXScM*E7!(5Vu@I1dm^IibZrC<-nGTLKB60RBTTp1
z1A^Y0BYGzL_xD>+@GP#l>l6hd_PWt~E4|_+y_%YKybhMlo=Z80LtMwtT^HjrqEBPu
zRAdTMg?rDDKpR-agGp*e2p|i^T=>;8D|S4#h6BL=t1|FtOES4TJghPKle87B&?)&U
z>;7{rtvmL{j+^iB{H^1O4~7bJ{RPX(9q~lxCfxTmv5w}J<%w8g(;Ts@_V^ehrv}X#
z96^`)f|YfTJWT%#zTGJ_F}=!3wgE+L3~z!+%Z1l>Mmf?n1d;b`*kX9TFT(y+p6^9?
zmtuS&n%&{y7sT@~2oWF%DIf?zAP89?2yq|?i697}APBhtETw3W?~o3H5DDS{9yf{-kN
z5H5m{FM<#;f{-$T5Hy02HG&W~f{-|Z5ITa8JAx2Bf{;Ff5I};EL4puNf{;Xl5JrNK
zM}iPZf{;pr5KMxQO@a_lf{;*x5K@AWQ-Tmxf{<2%5LkkcS%MH-f{wITkPliB$k6SThnZ)fx*p(V9_!Y1SMEsI_J^
zpw5~~z;tWI0P3x&0yJ1t4QRAxEMSH;;{Y?Q84ozgnhAhe)=UJPY|SJ$YQ{t*T{y-K~R+teTQIw*!NP=C~ysz2$g)oc1X^=G|Ry{>OZpxo{14Sm1*
zD^kV&P47`}>ZjCO`g!%X-ml)#uc>$So9aD%KpoH@tM`$l^dI_b^+AzV9~PCUkBa)J
zkBjJ)>OOYk^n3Uxd(eWVoDu^|I0?i<_XOIr2>+%8j=t`*e3OhLP*d(y-76ODQj43?
zk00`mF6oghQ4wX)qrpWAArJh>JWtSg~R~shIACrKzWJ#}tk#hRZR>wQKZCo$5$ieB-H|uce{<_r
zA*Rz>E+cAb=n1vjhh0VLdHKndKmQMd$FXrk=by{fZm_Bb86MX2eYPV>hG
zl17plBr}T@^s^=KGgh;RC)19xiJzKF)NFp4Q_97@5_KxS%tOAF61AWdwlk-dFhL>A
zZh7$HVzs1LosQY$+VdP6raTJ4(vJ0rNS0s>BL5NTnHT0ED>u}ygX<4xR^rq~9Uwe}
z8rNrk>aoHxed}sS*)y@q*(I(}nRoJh^QP|gjzMN~OIv)-x;4w=i3PB4#6+i}xqU^f
z^|V-`h2PUZcJDl=1vAF)sas9X83*wN9JR
z%+Y_Kvp~mOYTkw_L;SStS*(S3F9S)r?d3++?G_W8LLBMtNxOr1W~qhZFZtepOXW6Z
z9FJhwRM2n=79e8e#l^g6+EFQQG@??s$1(7bm~J7h0zWOqUG(=Qt{Tb;VzF8l;bauE
zd~e5c_D@pd(T|;fUlYZvcpE&AN|9SrJe#0ba{P3nuAdICJCyaD3K>z@UCQ@n;lB9b
z?qL?6d4o8}Xh27esQ1pqo%e!F*j&#%o+%esG0;?5XS*lXRX#(=uorj7ZRlV^XW?c#
zrdq|2V>I&N#`yHy91|_Y8!q362zF<~%6G@hh+;D9WwazM^ZRj8(=oe{R3`AmgJh
zSdj_A73rBKtyK|-(&8&hg%tpLcUxQa_dT2NudUM)4
z1sM~tbU#g6trmNWRGoi*F}VL%vrobf7A{z4G?SH7c|$YM5??#CymV-^72_d2Xc?n3
zbC5?}NWB4$W8_jO4@IFgwXsH=xEXMhzt3&bMTd4P#Z~a!uisuHAJU{3o=#^o>XSNt
z!n#e}=vi}SjQREj*!_7<9e`6;Z@d1JJ8=*TtL<*7Br{cHPDSd2Su+~vFQ}Y7!^AV4abvtLK9DSOC>*BR)B2-blJgmy}9?ks~MY^
zWt__qm`e7$E}UtXoPWU=_}!<=&RJ=cV(~x1pWF~~0eODeeW8Jt*c`#!XT4RQI=l!*
z`zUm`bhlLU_PYym59Rz!>qD1rff!@KvyjG=LJ>awSN5af$ug$#IX2zzqhv_
z@9J>g`#V3~x3x?umg-Ecc|$LFBR_9{Zg0=vo-2`~lgl5t6%PuFzv?UA&(Gcw7loST
z(IYPUd=v&-7S2`NEtPEkyddvt>I{NA$yvYt;F}oUCs_P--urc7zTwUNcjV#Q$zO@}8)q^>=f2jub
z#ypF~-_Bpa?x|3nPw9xa1@paj_m%&C2RvE)!_@2(3iEaJ04r!yklX2Y?s#?JGz|DG
z7(_E025QWb@>bZ%K%b|s(f{sh$0Nexuj|*#3bJ%mHNlK?a|OGVO(l1>hB40A3k0*x
z%|4lB`v~6G^EQD$kz+9H+(d3!*3WGy#5yfEf*I##O2{(ads%+Q-n>maC-BvTc4Plx>Je$bB)*^1SbL9r&6$x2Xr_W0a-Gsihdb
KhW`aKboD<3o{yFQ

literal 0
HcmV?d00001

diff --git a/TestingTools/JCProxy/lib/jcardsim-3.0.5-SNAPSHOT.jar b/TestingTools/JCProxy/lib/jcardsim-3.0.5-SNAPSHOT.jar
new file mode 100644
index 0000000000000000000000000000000000000000..d756d67b5252cfb5e2d688e340e5d200f15e372a
GIT binary patch
literal 492079
zcmb5UV~}XgvMt(NZQHhO+qP}nwr$(CZQFMDYP(nWUEjI;ym&9-?H%XLnDuK`W@T2)
z9GNw;QtSH_0Bme*~fV>nK_&+m%{xwbh
z-wGrDo$>z&%LvFyh>9pF)5?fG%1lp5OVQ9Sz(~^p
z+0gxOT!s9XjJ1W4iS_?V66yaVX=!BOXzXP1zgryr|6hfnfs@Jq$`sQ7phv*o*hT2C
zLRuqh11F~#l_@18H|!s4-7XC_bfp2bO&Us4ga}D*0b%%pe1v#V>;ARIjo^`)(GBZr
zvN0n#o;If3Y}q)T{ML~QrOO(o8@=Tqo4&q1TDmFa#Ed_^e0yi4eqVp4DE+yq0V@^i
zPOPWsZ?+Q)x=un>rfAM#nAqORx3LLDgYoh8v={NNIJDd`NdtNY0+Ii5u|CJln3#e#+n7yEQ?f@MQ45s??ua)Y6jP+NnJ*}tR5dhI+H(%E
zDzoscCi>4leXZcM_!<-4x-YeoU8Npn{JujP@;=sZ5fhHphbSxMGJ$XosM&(aP}?Lr
zVm^=NWW6?OwNZ8Pny+ECDm}6ZlPw9<=BYpgp$U3Z?fZ)o^?;HHH^Q*5F?^h-GzG-cv@(}
z3@X%4dPEtDLe4vW2C3<7E6u-_E~I9XveLrFkHa}4d8HB+s_C{;SfL5C@{mKkEnhzs
z*HeLi;Dofik2(4CYY!2=5yo?b+^$-;f?2wfiPJn|Nl9
zzQCjN{;u?!+&-bjbBSddVTu)OR(_TI5AG-!Y`qSE@DX4Na3@v1BtH_MjR7)+>k$6~
zzSn|8til)BIusxju?xHj-aE>s?`VPBdYg12K#&*XmhXez*g-#^+%tVmHl)cOzfTza
zBV2*B+(_F#li&zyFgzAM55^$*U^xBl^~4KG_Bif0L`K>bx{WY~V(Qu~yQ)umQ42gM
zE#f7~Wd|B*T%~+$(mCYi6oLsy(FR_^`$5oRA>g&B1@Q7Vh4be?pcI69U3#%2(_Jnq-9()w#(7RCt}d`fROa_7xee#H6t5wZ|+n@KiQePRg!+aXc~|
zo~2*B&Pi|4)UeoE@zoS|+qlC>F3;PUg}~-9&ull5)nf52&q#O0Ed4EwoR7>t2(z>j
zo)Ysp#-X5l7+57#$A#NT%TJb1UUVrC)_2@T*N~r<$Dy1zR(c6`rtF;nun1|ny#b!W3P`#
zctk&fZ`_*Ud0tzj&c1HG_X^;>UXk)-%8((dbiWv&wBN$s6?sx_MF_Mo_7}R-Z81(4
zz2{q^9Z&oZHc8rxNep}LJQUxOk@PkSR3hdk+EgSGE;?Q@
zt!Y7fJW*LweCGjN$0p2@$czxg+>
z{rj{)@gLAp=r3x^7}y$^nK=GmfJ{-gQ9@Ef_O)%C2!)SlTOjWxPzEBX&{qhslvs}Z
zRUMkf>3uPCDu~L~m9bND-u4|l`vmt^qt}olP#(K9_ea4dZ>M;W-63@Ldbj5_*D3cg
z`*FL=@6VqxFaWl@o_>{~iZhxec~#%7c-s}GtM|w!<=*j;#O9M!M;GvbT$}fzX|2WG
zNxlkes-ZOml<{1A?}e9?E((|uBGGK4RBeBX{EX*Nl6a~=c=a3sZ`~GI-#7v1>ZUXy
z#GFa<@r3z$OgsS#NdSmsDl9#rPcfT*U6)kQBu83jyFC
z>N^hQBB?2Z0G?b3V-}0VvHYjQ=RgcXp~-|;paBQ@S_1sOODQfbSM78UCu+HMm#=!5
zl?Pd|HAmh3`dED-BVL@e;O9nIA&vzbHBu7V!zKY%WXDBD={=0vBt9+k=IWDZ=@?Wk
zbF65m@7W9?2+^*Gl)doc))akrlWNG+xb;)@1xDi_$D^RL%>wGrGE!ox1-TDXEMw1F
zAt_8J$d2P=3=woL*+}R3Z%iaSW3X}%GfV9W!|=U`>?d7|FPEiy&X+D0YFY0>0(OV0
z{l8g*iY10N=1>G-YacLUZzuo<+=_F~$S6SvKUh?B&7QgqT3{W17C^NsI%aFD)vY;P
z@CtZ4Wlj>+Ml-@jI#TARGmQ-nv2ga-1}$eT{5KI@iGlra3*`LHnp5G
z7ReZvPYFVMgJiab9h|LCp*}v(xkO$ZkMShZEl=Xd@Q=v6Ju66HC$b_g?Q*`La3%o12XSr
zezC>-G1FwbIZ`{NoT=SmVfjVXvSka`4>GK53$w}IcTKY4{>~;6hV#@Ka6>5Jn}5gp
z7$bvaKp)u^3m+(jFtbMmH?s(hGSVl)2Kxp^D%y^5T8r$Fqc$sA;^FHV6;;jp&EX#N
zz@_b-dlO-Xv}EUCqM9XcwIQsU$2;7DzS@EHdEjHnn!38!aL!A*y42u&EmZv>bvwu2
z??U@(+A?9TxiuzTpSztkj%&y&*a{eg;)rQT0eBTQ?@?MtALij|iF$U=qQL~wX&(k^
z1vsRt6{sPf18yeZBG6{_7TRR4euj(%p{opoahgH!Afr7-bGR#-aKv<~VN&X1S^?h|
z3ABoyAbO04$&7=rxWF(1CO9U~CZhdDo;wmO@BroW3U}v@C-*J<<@WRw`FrdZ-s2l}
z&*7QW`NA|WsseThP{dfp=?j<=XMl)_?)eqD^
zaPp^djrt83000Z@Kfwv({|rtfY@JOUO%06xRe0IRaKQ%hBWH(!Tbf+KFf-U1nURo^
zqQ``gtQcuHOgu~g;m!^MyOR?!t4cFuNSr>t_wE9;rX#L4PKPWgVkAhkO4K+ZIMoan
zFrm@1tFTgIn%q*Sz!6R}`8LvP7awApNwV^a29L=5E{S!C7G6bSy|1fDV4bEAgr9iq
ztEU|YYgz*yA6`d@yRs9OESQ*>WhAX|0BWpV_If$)|YQ0*3dEg=;U8w+4vdE|z)
zBx9JUtey5Qg$A@Oz4^HpxVMy9<$+DhK9^Fyg1ir|?A8|^vMhXvfLZ5s4vsUP+t2K?
z9@@U2$0a6!p|?<4JGln+{w^Ik!o^t_8`ePq?VB;Ht0DK6c$2hL%&(V%BV^`
zc3G+A+-A3Du1x0YX+XKqIc4^IJV}Ddh1^nvR;)*zpsUg=27jwIAniam#Bflq57qlg
z6+*s*!W*KidzmaUKNGTzWgC_hYwc2j=$Wlwg>mUtw(D*;_PEQ&U6nMpAq)0J@;Zk#
zz(|4tt?NxSK>ws4-I1sb07BBci7=wWlAbojsKiUKmNG;Kxhsuexkn8)xU$(I&2{68
zmP>e686vP9g$_8C>W<)vGaK3f<;nNS-h*G)l6j
zsQKWsbzDtaUhHuzK!#%cV)L`)DK1Yiq7=Q0T@O)txaJ9swfr6xR&#l9+*szZ=+9>{
zj4oyKmf0K^-Pm}dJZUZWLhNQsu-<8=w2)c(V9hk2guJh|qQ|zoaCNMDFg@3VtJ#MZ
z8qXg+%Ds_)t@iR>OjFYE_J`wgKusF1d)FNpWA;F8=c?IzHZIeHGJ;&n89&5Mi6a^5
zvRbc8bwfw9S2&*uc0eo>4y09Df6_v+?S%QGdj$^E7g$BnF^!nRU9c%pw9o;s928$4}f#Efu1);&8B&q41*WT=M3
z#L;JzTywjM9r?Z0p^Kkyp*rX6l-lihyn`4u^hRT7v5cxD`}bSoc=XsKTbcU?-`Hvv
zO^Q`%#}AK0tGNb)S!h=04WAG43P#uAu}gv%c7ej8DBdSPq2cNhEu|?L`fu?H$wj-7
zX@Uuz#II=lKY(S5RO`9lFbQSr9B4Z&f$NV0n-?q|o-aM@FEb*qHTd7$DZar0%lnjw
zRqRjTVSf10_^IYGYWLw23jDtdhl3_`z`Y`dcs9$zA>xT^DH2O1%)lA239p8pBshR#
zzI8B49oZv{-U6B3h~5&D10jJRJ&~V)5@-c)hPQ&rx$noN4m_w+Y(GJXoCeC8p$$l#QiF7vCe`8oV
zS6go`^BwMQR93G9Zux|R%C}K;3|(aigk;9R+ud|uG`nNT8D%(NdYi2SlJVyr5QA0<
zlC#e}0Q@j_ia1bCLFe;7*hYdmq0xE2C=Y^PnSSQ#ogK*Ff?VkEz5
zmQ6TiMr0Q&=;62MCPzXQy`w9KZ2Z)P#~|J8(sfjEY?2!|Q;nZ0EeaV^hab=siEvfO
zN~M}vhO1VP6SGTz<=9_+#_RnG%D!Lyj321&glp=BBQVq&u-OaKg(Nl)4zox3lTH+6
z<;*9StDWZSOmN4B2+7{@5ZG468dQ3}trya=jin{Dqr8tpIzP5jt=cYR1-zx*^Vayyx<
zZOpi-la&PaKzJm(q6D-6#wb86X+nQ}@?vs2&)7;oGamckONZCz8mHa+U;~OYJ+zhq
zB)Ke*5_Hl=thve_ifhv{th4qAu`IpxvsuMHRp~E
zj7t(-N9+iF!cEU}6Y;FRrpPZdjM-}(x-3#VOw$dUU#M+=Vn1_?*jIgWvI6L_wpHR)
z5`-cNHts7mfj~Wx7VWbv4+Q(HpUMe`6%o3_{jX}2C
zAQTrXo8U%Y7uIirm9bQ_?whZp)1>mHu|MR&y$w7OKNuh&QTf)u!L(mnBem2E83|3J
zLT}a!ZPTlc(}#63qM%b>VfHd64<;J5|>#K->zE)&ZHirM{
zKS_QSDHG^(9wA`03Z*i3;7f#hp7%YmtJw)!h^&9N)UR=3TZ~rrDf)ICF&Fvt(&HwD
z#o%!apMK`uDFBwL;SA6^lNvluFXBKdV~}1Fg~d-?bo}x^IFqL`LyD0hmhctNjBAct
z_)+l1DtaHZiav>|W6*VvOTdv{T^wt5c+hchbJP62xQE80hlIVjNYV9GzBsIT{M&)2nbq+T*(w|T$IH}@PyaEU)9|v>xW@O
z|ARLA4GvS8M-DA2OcGKc&m?x`vK^kddcp16{+JRzptQL_9*(|EBIS`Ov4{NycCRVT
z=n=%VqNzP-d!YLagX>&m<~d)tpb1s;>j&(g@MhZ=1&H}uQwIIVnv&x`gtwA~jf=H`
zvz;TcfW5u7iL=l@Jl;P=)_)&aW0bEHm*nBUVUZODLllK+Ap`SUOW=|3RD}Trq5>#G
zDwXUk9Ea&G7A2GpFubw+)Uk8!0lmq`cr4mo(X*wOn7a1b((GQ3=l1gY0H^WC=xex0
zMi^aeDY!aMF;SX|ky{|u98D`MEpm@yX_BW{#=evr07Lc>NCRal}
z2REkY9maE!=|dBomc-3X&Mn7B<}ZC%sf?7Mi!M6^7D4iuY?iXj(qn$Wdh>DZh;qio
z=6`j-$h7y*Uwl%}?5ci65<4qeZIxYK#gQ#5^>A+#_3}Q4KfO$?l@8!cMu&?wM(JSZETLy3&WM_pfL%t?2Z8|2!HU0^%ET!
z@GD`NQ!d~hG(>w)gB!pMiQy!Bc;lqq375KPqY6Df>#b}T6|kV7S{Q~lS!o%b56D9Z
z60vVEO1w-EjQV?~DjFK3Vh4qyDBaSKGlslZzcf`Rced*C;#7YsMXc0uK?`dJ|-p;-jL5MSSt<
zQY-ZLP?K59ytZ|6(QEWv3PU}_8E2O2)dnZzUX8Qd)49V++(p;TpX2%|@;p!6VUire
zI70E|u|R{@G=$eUp6g!F^>EH%yo3Xh?gHuX_jQPmC3z*FSWk4EmV~zGZ~qloL$#_0
z4}V)3MSpYWzdxvu{Z9hx|1v){8c^=aV=mufU7KB+s0D4!`UD#IQq{z$1OW}hLy7VH
z>fi&A_5H2g;%E)^n<}nq=wIOsB%`)V!?Qy%I&Csvgbq3A_S6POSXheLr8e88aAynM
z*`*%M5?W*yIBTsRbK6~RYKxEpT7Kegzqd1-X8mR}{ALsSUIwD-0L+ouz_oecF2UtrTDpE-28>p^CX^DyodUn$whmUj;1_#8m4`f+1I!?8dqvo*UmFV|^~{;007ExR?d)tXydSesv~H&hoC
z6!?xzhMsuS_SvQ&Ie|VRfL+~DM}K_<^MljO@&yAbAWwmR3`=CwX&GHV$P1(<91f)GhSh$wF_cJ%J;Ey;O#
zb!vKUfpUi;9exzF+cn`vfrdWCiaWEzm(fXTdU|$ldVOwnYJPoBY%%^41fuHvMjI&5
zrs2el1q*WlyuC(j#jxs_;XsTTCIUvVbghOB4Z3duYP}@kS}a>PruZIeXy>gi2;>zf
z9%#MU>B-63+EI@V(NGVbl)%VdS0JHx6OVfpCL;1=#$7ggl6poQvMRdQA5Z&QydFh#
z*C`i`;n#XTF_NOQnSf=RR5%m-l?u6j^clF^WA0kvtg?eb&bF+56Nm!?WNRX+9{1U5
zcePj_sL%_oG1Jwh_?p33=RyEgwXN=7)d*e~ad4^AG##;Gn>;{MhCUD?k>(Z`D#(+N
zPaOOr1pFb+jSgYez8j$!FnD=UwlcqXDhRduc&tln2!jIzdZArwP=r;&h{aeR(Hnlr
zz+?N{u}F&30+{s?pH${z2Q6kBbsed2nWnfdz$bgzYg*XFsEU~m*cgij-3kvk0#B8r
zYbr+9+N}U-diSuRUsEiIK*WfxbDk{da35oJD2TFlsfXTXa(m8sJ0`0*JZpzMK&NieeqX9c4OXH&qA2y5k~T9Op6H?(wjS%qd4tLAzKb;
z9?ou6p0e_F+#{NuE14sb9DMR>WWS91h51A=(9rm4dWDSFt=x
z?d)+JX!PZ@{F(3>gnSiA!=P}8he
zB|Kg%`FmgVUS`ig|%HzJ4~}ES}5UX
zIyaBXTmd^UZe%AXquj}~*ty7P4p_=PYEt-M5(Yd_DD5P;gJtN`lkm(wFkf-QqA0b=
zX-RpssO`_jlAC1sOS%!5Oo(>aWO+0q$p(JGo>
z9_9?Z_1bt^GY{LS&2-D?itmlQ7H{my?OjTU#=aBZ+MJ0G!AV#V3;xI^?S9#Qf&Uy2
zYP~UJ1c@wx!%as!mM_CUDw!r4)M4?Z{rZCb5j2bx13p-{kI%)zg&i*xW2|X>Kzl23
zp6p{-`Gttbq!M#Fx+UuHLPc9kgR_0f<;$BLfUkkAd{l;G(lZzB*ZPtTkV|1TcZKbGI
z#-zF)yb}@>DAP>t1}WpOW1ni>`jh~_WmP3jFSpyvzdTnJyb`s`z2vRQ;}ooQY4Ccr
z-^owTI)WAy4k?QLCMML4|d}
zDoVRh@CEUAf&nW`J3S%8Io-K;?Gix|z6+DZV(p+>~6zTfd35XF*gStIA
zbyjGsxv{!x=aNL;t`_N~j=LsxnoC}Hs7TQ@$h1|B{$|T*id&k~Gyk}CObb`)PD^sw
z3`K3y2#bQr1V+m`h3X?DKHEJk_?X-HWM2EG@=9h|qO}-4W-{u_q~7#Tt-ks#F3xU|
z*i1&px4Zs+|7m~tyDqcG)NnIt`!EqDX!zBMa%dfG$o
z)U5}_EvPr0v?YTYMBc#*$A+iHB8b6h&ii`rz_}X0hV%
zEg&+_^DxI{j6=rUz)?H+HP5kybDpSb-ntu;YV0wWxuT7%wo{MlDi0i|xxx~8TqhGga4nlgb9`EQvZaX1J_ADD$wC>ku-Pu}fzxr%!EN1tO+^bxnx$p+u9w0NX
z%@)?!Vs$(~joMF`ZCm=Fz4B_FpkF@5;19RaMKc+Zq9W-U#uct6u!XuM9?k2D@>h@O
z^=JjBsB9aj2J~wv#*NehVM~yR+c?mQcH9eiP<-o__9fMSuz
z3$$WiJQ}UDJ?*ja?%Buee`bwX9SjW*C^}mZtnhdIcvh>*WI&DRv~D0lzg$XCEvCAu9)htn_w3fphyeHaqB!YeNqgNc)d7g7Xi=#@f)(7;Bdby7uMq`+Kh
zJ2~z?wr*T=ziwsV?o?tnVSLZL8okrV2$_-YAsfAaFP%mjw{%>e+n36nj^g%ZVf2#C
zNk%#(20bf;)b;-5iqaN?tRvMVcf>IoBw2m5EXv1IH*1jM(f*?MeG>Nid}^AD*vir`2}9&PG_<^_UPO9
z;KE^zq`fa6%VFs*`NvDs^NlIPwjsBQc!Z}o+hyAxRky$;!#g$Nw{o4cRM~n7TsMo$
zBF=WQ0PggVR4EZ=M@&Hf6tY1Y5VcscMl3lKPQpNQa=s0!xzQ=;toZz63Kiez23Yw~
z(((hoiC-Y}2LrcytJI-QBEz%w-P%I6_uT
zw4(H@BwAWUS#wL`hIReCCTDLXA7fTYpEs&zUdU=#9U~ai^7)*{i;d+I+MCpe#Gy{P
zv{z_muXwj!;n&i#eWIgWf=;f|I+cE2yn?JgAE7W}&*~(|3aQ8gl`64ap^IYCmX?y0
z*M!B9g6~oBNTF!-cIt}ll;vwPdWVwXu{={Uy;QgQY#XZTW+kNOaO#pT#N~WsFfwt1-=pW@k(lA71Tz`ub_x(NrUF9gyHlGQN$u5&?C9>tFmfDKT#e&
zwux-?sp&3yiBqP2?<5R;WWU!6%G5BOfo<#gVf0=dsZe{@HQjP9H^~JZTDZz;vA@bw
z6>(5pVPu~~R>Gn1PS|K31hruZD;d1i9Q2+@
z7c(v{ldAph_d{zT_WCmt>(NXU=34KBn3M!HGXaK3g~g$f
zo6W46nuCJkV=9+ShuQ>K$&i`vpx{x<>>;|*TK~`#VKr{Rn%WkzFk_!tRL;U_8-v>-
z`V^Yda;Abu{r2ggP}2UW@}X9v#JfWDBSI0D1VWk`9ih2#T$?3X`8X3*&wWD340}lk^*{*R7^p^E
z2VA+>&X~tU!dxxbOcK$u%v}#gc0xW7B7@`uPl;fn*JNwyYAQQ5D~tI^oXe=eVEkQ>
zPp|g|UUh)bK6hBa``NBeP<1GLZ-`Ic43E4RL8s`~NPYm_HKY7+VQSYElHN*5%^L3A
zw7x#ht!{$zY^B0mPtP0WZWj3i_z(SPuh0TLd@{5i!v%ZPDm=qKRYs;
zEEl7ri>Zp5)$k;GCKQDE6)Vih;ib(+*__dGZCO?wCa<>JaPxhmVtL;Bp^FNp$z-@+
zMc8vY!EpgFNQ_B5WM{ihv$t-%tUuqcYkL5+Mrj3?Z@D*;V(l*lLqWRaJYIQWgTE!|
zTs@A#_C_cZbIEHm^r3Cf;`h#4r&a=bn*7MK%NHad5X2T?Ze%tdRM5Q$)#bLID*h<-
z^W68t{oa`I-9tIfb6xJ;T{ovk)|)dWoU*r#jwU6=IMp?C5EwHekDJ;QjxE4fL3dcg
z**96IhztCxeZgbv%1YsZQmRK^9kUJjMTmndq1VE~d;&lJiXmH!4gdAIO~Vn~cap>>
zWHT?QL%(&Of&>;IpCALleX%|x+^j+jD?E?x`54SWV5*Kj5@NvENj0=6f?3&|AYM|~
zvs#k4@JpzVyLXFA9z8^D%?I|81D)OE0C?K`ra1&DePxqTsI>YvdpOKPT0exK>YZVE
zEL1~t>8t%HoOk7q?v6#}t_)ATaIsB6v?T7Cf(d(8
zV)dsLI)vR7T1?95m~akwT2~OH_P7xWYY+!I2<6~570&sG0I}y*_g;N{s1(QX{e^gE
zQLBM`s6gl3L;5I6=2zcv-jp953YFcZRG89Q07j8
zf(gVyVa0Ev~^MmVdydR#u3z
zD{zmB!i?GGOV79^I)j?n!H6?sNA6%Ql86n&JrVyHEc1<5K3=Qh8C)<}ZtUsv3|!(o
zqNDv(@C`9;py3@j{(&gHUA7u){~+s~-VfVrVB{un5XG~6fA}&8)FaZw81@S=N5guP
zBqF%68Z;wbM}+``MpFt6(>OAtMhB$DU~r8FdrO@qi_g%}rDTQhbOQfF3A$PUwX&(y
zd@0xPjLxQ~Iwj
zzWd*%!s>r)DhU2>qWYiSf`yTRvxS|lgsqdaf$e`^Tq#kqu|g7n_kD4kA-T7<)Mai}
zRkC?b9Nk4j7)As~A%I7Y{uPTHC}thqE;~kyKTIZXc8N+mrFJJOHaXHVFTT
zedl+s3*#RTyZek1w2i?TAXbN{(_Xab^M+*4fT0~gI1;?h!wN*`k=&<|q6#)-gF}j^
zAdB}j-xpYigG85}XO0$Z0
z&=onq@tF=L0ySZclLg**?GeqyZPMUD70Ig)xARX7LJGVi&mZ(vLbVf+HL=Jx({hq+
z(wfXQef+R5yMGdmZMEtc(O)`V`R{eie^1BL{x5#Xf3fnOQ2NR%Eiam0xMUgF55xlp
zCdU}05D4<~{^sEM3&i+HxPVo%q+|xhj7hW7@SBvYmNd#Wt(Gu8Z#*3$tryIhxwj|p%%;fjG7)i#4f<3}FmJR~DQ3Wx
zdU;llK=G`rUUeZ6sW5~e3$$(U=+lpgb3I?gSzb0=T2zk)DrCR
zKc8U9`{dW35xEH-siT;T8x_j2B2s{2*7@#pa%~DyIHJ34HAG!DbSW)sKr_?%`aO%O
zRw<2AushrP95F77-8dkrS%FH`!m~TU%px@cQAGu*Rok>yUqx>~;#DALrJ|>nmZGn?
zrOJRZ5NJ3Njsl#R>u$)l6zH&FjRis3C~XTy26LrmXZ&zRj3MRERHH*dwQAwAncr)#
zM+nHRAAS*iuWmwlE~Cyxbl+S2iyCKwpZ)=`9R@4}Qc68$xbwaj#otFFdd(OI;vS8|
ztX6JV>E50jQodfVdIK(GL{e3&r{c!Gdb%Ke$6|v3P&`X43?|5@ix(1vwsc9c#rfZVgMtG_KAeVP}9$rl8sQl?iE%NR#oh;i7dW
zQIQMjOp91r7IWO`6uG%#3eTo_VqWQ_IaA;nJF2xj7qq#$eawP9qs2Vy^?9peRgFD!
zay=)BdMToh0X;y;bfsoJO&FIcpa9}+5tWZKsLlxUQF8t-f=B7VGPd9$RYr`9@WH1Y
z6)h22gUcrcFb#_n3+$@H`*M^(!vn<8S^4HU&9#vJ0Gt^ke}1vx+WQ4p!Ef?#jWt-Z
zl6RG@(ab-A4N9cX^3vtuS^A)`cFRSWCxeBJ7}6A_kUKY|XdiC(Al}O&En$vt2c~iXug7wL2J)!g76d9tM=PiJ
ztSELE*iGA#t>D%z9Hm)6<9Qt3P9<>11NKr66(r@mvUA!EcQ!=rSt($QH>7io|@euzl(?PMc-e-?F9ExIy1=
zi*R413$yw|=&Uh$?4!cp_e&q>@=3S_Vm?nOA85wx>JhWON;&SiL<(8VNwdg3e5F-Y
zZ?V0)Jtn3rttta5N48RDg$XDL0>JDpVJ%$bry7ieQTmW!I0Z$Z%;I`t>KF~i^GMPj
z3CSnM`H=`-S=k==?vb%*^GVJ?ia1@i^K9^pZDENub0dzOoB=NUjBq&!eiQ5P2z
zDjYe-TTeIvpR}-ZGtB~fU~a3QpMna(B15R~uy25W=Edfg;_UUwfyQ24*+nwhc2`o6
zCESZttFN0V-cS#q0HLv79?VKUeApc?w%X|{Q)9Sg8V=qRbXd;^(E
z@Tubs6-#XJe_+iS$irToy(XOUXV`e!!2DZMR^-m`lD~$HKaW@Glekv
zU@mRn16!7k0Rz1_07A#hEK9liRXH%N#PHgRJX1_7xfNyDA`Baka(Z9RV_h(JB*Q{<
zn2c)-oo5v)RB<80lmhTsQ)$yuOcAsono|lXNGx
z8GFW$d1a4>#@#rXqGWbW=J4Y&?m}~Smu-{y$W8X}{lLduMGz;JO;Abe(lG7fU-Q4N
zVMr7cGP)B0SaS>JAJ&Fy3q{nu$&G+K&u(wQNPp8eds>=<-r`C
zQL`uT+J;VQ9AiRKc^Y87mQcOAdc_Xq&cAS-Y}d2DVjG8c8fu|@qM=TR(pOS5dmmO^
z?1Ii|E$(;#ZX$(?TSo)2Rz3}OTQwy9Jl`jVVnz!O)R64qGG^skc5r<`v3y)8BY8tJsF
zs&;2mtTa|C5!~3jlosnn-ooQt?-k7H5VtV)0ClqSim0>pZD8?^$h@7Q_#(nFcVkhk
z-d2}m9!oNBW~RZFU?z-OffW{%I_W}XSh!L3w)^kN>
zrsnRP#&Z!t2`do9Pk?NVq$9ILd)Cn}VM2%~!d)0uH3hpw<>b&T-9iZ!A{eg>ROh8r
z87Z6owxHc?H*DfJI0P19GeRjZQw_C#J1(+~pT%h*oYb~H+mfNmN*N`&`M4~iKytY)
zk^ZFn5hI+EeNb{YEJ>b!FzDGTdC4ah#4zW0lu6!;CBE#gC^iYi5A^Qp?gR|EBALt8
z7+VtiPtZx4Dt|%6P`gl^>$urS+t1~x|A8xV7~zTs;&$-Do7}Nx4w~nDIMrx9J?$Zxk%!sZ#6JGH;vW#kgZ2M*Daby!O_jjPbcLfrZFx!NVRn*x#1+AIgw)=K6X@MhsUsQd
z4Fz+$TX|cTTg8hH6~!K%5>BUK63>S%8B`uWES=X^ER&jIK=UxiXVGM(FN_P@i|!7!
z!q7Ra5~S2-E(QSxb1b7w)TrEX3lOWZYoie%nw{<5GLmzsj51jdl4J|&VYwM0PwWXN
zsKE5ND#OvBj$qu1*DayN%Y0*N3lby=zDVCch%VNNu5oXM2
z)~&lUo|gIQ+EYo;kPTX7CIxz>_)~*ruk5sfvUJzYL1vTtplQ@a{`1a1&btz`K!}o5
zWvcG|T(?EOnuvXnTUa%*e`SN0MTwyQ_(HZ;j&hrV2$^0RE6Xy1b8PHK{%o@6OD|-`
zWN~DKFhg#@j3sY$?WD?@7-O!xtS!6nC_$Bvdgu4_f+@q`37~4$(W>`0KH;;f^P3U}
zbg39t36HB`RxkX8!&k|Jvu=Qo0lESaHUMD#hYmRkS5UdJU`21Rx1m+Eo94rfTCcq|
zBnctsN!Zg_Tj8nrwB^m!MLpuI^oV%s2iqi*zTV)d(HcbZ9$
z+-RO-Wxso)x9f@=pUldf1+xyH*?E~(FVwkN$s>1^>BX6KW>KC~&KY-RU7pG;QUvy#
zrQy3|Y!cmo7Ei~Wtnshdg~1mAPOtb>Y{W?Ar0Gp7XV{#m3MqzEEW^U7eygU@rt#4s
zxrBm~J4OBYS>W1_7b52cd=}hN7NT8R-1}8z@}8%N?xAIDdz@0$cMUo|tm85nUsljc
zxTVy^8er!ZD+j3}+ChmytTI-AUt0v2mZxO(IkQEqC-
z&V>eC-7cO7T;(os`Mr_yTMZi&5zhjoSe7?!?DiCKFw=-x@9&RxmKfN6Ph+c6R!6KdzKiIjHraIlm
z;S!MoMb#Ac!X_79V7*8)j^@o(bD<=`retMF2>hL*ro_|*;g^Ppl{t%!q!nNbZn8B%
zD1L}Jk&aZ>IqRlioIDqg>=yq7$`f-BT(d5WWgQ5Q+Cm+9ai)VHMnzJ(a_E9vGF~Qws2D>j_
z+0g8%7y%$%?wQeJW|4FB1vyWQ^Y53gI7G};-^%2L*L2zW$7kHWGS81_zz+vLk3YFV
zV6xwlC;V!nJdgWfd;w+dASR+HXG?MfwyQ;cAwT3io`AWBi@_@9Z*YdMVfleq^>%Q{
zzCoz@614=Btmj!xdxN~GaAdF-c}|4`phOaO6%OEeYDuMCEv=sZ-!*xXAdN5Ne-sT?
z0p96M6Z9aYGC>uCz0>k%;{5=dJxF13NL}dgUk3*GWX}c=Q&R@p?8#+>A(x`;`SDPT&VX>
z_aE60d9hysRPlnrxQjXXuMThufq?HrE?%GV)(Mfj0r@wUVIH!Yi>u-m^N@|Laf{Zr
zVgx>>?z_nzHgzg%c4GW+zaBd`H(}JYtZLSFgB!n;#LUf|ZV(!1Gpa%j8n#5TfXCLi
zeus^$Ks$Z|$RU!Uzqm8JGmGuOilI9Y_y7cI2%gz9L{EvxFegdXU(ULBhaM7!-D)I<
z?TPhY6@fp1H9W$zEE=u9vVXnPyDa#p0t!AcbIFyX8otXOo*z7_BLcE1!`&UD+S@mv
zio~Ff_)^ZL8^jQ04;pDN=#H8}KQtc!=_=VgdYLDWVlsZQ+&Sk0PVzJdlH40xT}yoN
zhM2ox&&v_<`ViGL5NPVpKk_WGCX7qi}H6J(hrTwFCxKX
zxhHJkV)ulhJ0*$jsuQLp{eX4#L8IRj8h_)peh!D?UxTTZxr~9WW%o?9DBq5=pYKDfe!$|^m73aREO-vEfutH
z@6CgL1$6AfohUCD{54I#e`cZ|*~IL$EYTEyQu)UjBX#X%>5`vimo7#9gL(#TJ^zVv80XFlc4@8grL*A`Amx2$
zPQjq2ig>XO=Uo5vPti+P{%zU+;p`oQJo&b5(eAQs+qSE^Y}@*kZC96V+qP}nwrzLm
z_1SyJJ@3Oi|99_=SQ)W0KjepuwQ|li$CzWJ`MfM_ZpwkyTLU-$%+Ih2mCm*Wy?=Vb
z(}HRExc&)8_k@?*=`ql>sCB(X&(=|gOAdQqe2`lL*4&L+eTKP9?RNtgHA9E{foDR4
zms@e(r5=7k+Vf)G-JV0X(*CiH?Dh1+b^P+@{e)o3YP{|#*6uY<>iETj=;Z4|^h$d&
zO2~D=+Wlo~Oz{}AR}Mo<;cGPbskZy}3&N6rf$GeX+~LxR(cc&vwdKLobaqRSN(Qy4pH50sU#dRw{di2i4An$Bu{6)$&-+`&&*h;Wc;s?@L^zSKTWX8;?ZP68RX9Mv?B|O^HYJ$!}D7Utk^Ee(&x6KM0l2xbkmucFyrw
z2CXuaD8?cit1@a0Aw-u&xR(XG!cALN`7N~h*oXozgib#30hkXF_RDUQ}=KnU1=uqikwWyG
z5Kv`JJh)T(T-=#**6gFkTJy3SZ3f?&bjQBjigc!6x8hgm4gXyyVb85P$__}V$!aNb
zo-pmY-`7H&#CF=s%6pDE!Yue5-6|=XLJ;9UF4)}O5T=H2w3NHyV&dPRWd+Z>aW){*
zHv@Kes3ah`Ja8%Kj-@ikJt>{&?VEaz8M~h&4hIf^;gyQuKE1M(als0rn|5qxherD1
zjwCFrl(I8bGAJuz|CB$JN0G`J93}Uk>s;=~7`sGKjcCq6Nzk|qcr6ek?G%DUdGwnx$QgEGfJv`Z&SKwaP>FfFmi-By6@-t_q^|=|?pk4qR+)NT#rww=
zcz5b68#y64hPX)_)BqUe^N=Ian?G?=xqqM+^EB@o=_vOjrcZ7uPjj1bd9@+wa^)PP
z2k|&G^_kR0yvcqQ3SFt(nj&gygD#%nJgo*=6A
zoG;(-#I6C4h2h#uVR;n8WQz
zLcg&oC$|)ozJgSpaGN3TNLtRk4*g
z+jjEI8GHlqQ-c`-x{b@_Ap>i2pywqITe8(uq&?U5Vu9mJig000~FHSox
zXWdr7z+WjzI^#WBwp8A?&YIH+S~W0jk@}|l>f(olGb5NxI>k+Kmx;OM#>!J&RCk8;
za+whyOzzMLTSLyQzT(k-2wH-7nj@*(?5T#FOW`I@2%HD|-0#J4{V?^-L>lm$KoeNQ
z_~}I&)l#c4;>tHoj?=02s}+Hrl|km32_%P(z<fz`(XHqN@y(tmJ;7lZ0&X*r1!woCk*|fB$WMu*|w=G5T8%|~@
zJER(+Ru0*svTtChw=ME|JP9@mvx%eRPui<5344f_)sP0?c(uOxtG+)j`6q|Jvc6$2
z>3_V>{Qf-Y{fe-0046p=Sd2z2Uv~
z2KMav#(U`w>ze6l>53zx5808QL{jOMWQmfruqtK^6&H=1*R++0v>Z*wHv8It#P|ETFIyiw*>F1emwu4Y)
zgN_QPYKPi*X+h_{n{&t{n6)mGY+M>~lT8e$5;cXUh=ry~keUdr14sovrM{8^{s{6y
zD!_+8cCemAqNM7@XUoTY;Swi_n6e)G$hdNjCL78MMwa8jox98`U|Nk2CkFwiAEmsp
z7uXw1oIP@&0gq6dRgQ3=eLpw8iR_7g!TU_Dbs~X}*>4Lx8GK!xo}Nu1>@A^h@n|oV
zdNfi_NPO2g!&Rd*#CQbKQQ&DRe4K;+Y_t+u*=b|i)vaH|y`|AOhjdFp>GAl?lImi9
zPUzXx`3QP1Yuq&2lq+s5Ea-TWvN9f(F*R#idblC^9gqmPwX2&EEI-(pxFV_-|NV_j
z%&vcOkI!&Ft3eU)6&mN-s;o%u_bxceBA=%z0w|B0majOYXwyu!#!L8GJpGZ88z%v?$_--?)>+))Jkh
zexr|uuRi<+qnC{Nq5>_#`;>W52kAb7nqGnsd_+pw*|S=}JTHX~o|0+4TO2$Du!U;Z%@5QSbckXm
zRxuY`rH6H$0E=JVKSwuwBfYME`u@7g?Qe7T!QTjq-GLQ8$|km8luz<3B8%4)cVXCt
zn{9h4-ocTVlDi%LBk?6MazPG2QRJ`8_|yLg$3IGoA%D_#GoiRe2yub6F4c0sbH)()
z0r&#%^7pxO_R;F;34(%_OJ=$Pustr&0l*RRo&^_9gv9vTb@=ppt)Wh1Qnjj8b6eh+
zk1C+`lM;U4!Bpx(wBY(L7m6~A{7UNxY&$2~U}CU{r557V1n3z)Xj{|T@FH2>oyMt0
zpdZBqT?s#kSrEHz
zfQZ-zpIGGqEU0x#o98T?L4%f5oTAQiyUL+CxX)Yw3O(zx@MRFVs`!QIi@F{XR|P3c
z&X3{iLcYrEvlr(BkEYJVT}3vNG}ExzrE?J@9env$W*qRXigBAc1~`eqp|u!W?N%T;jcuw;SYy
zHDS3$fE29GO`2cIIwb+^;M0_0Qba}mME6DRN#FlQ`l%TZ1mAIf{6H1>Cs>vCe+O1o
za(8qBSpP4T8`}jF6ka(b@%`dnK}=W#v}NbQpYhhUeP)!#(G&H>=1GOPNyRGB2cWLe
zI&0IbK9hVm7Z{2Ws^%Ll67Mo*>+YE>uti8Zg{$4RC)u9YM&A!NH@-hw16chof;Xtw
zk`302tc6~|F*uVn
zQ8a)sP1UrFTUxSKH5IWnI#jf4?r2h}S!#+1uoMV{z@w)Y@+venF?5!fUql6~#`VF2
z6ptY4f~R^k$hOa5c+W6r<<7YRRhU9)SK=z#@IFa*DLKM!Wuwc-#Lz5mQ;i~c`NUC}
zQm-qzcP+15RIX?(p~~diIsEWjfKE07jR2ba*c62_&s0MgNED!Pvv>n?v<1gDldTLq
zdiA@;$oymS1rh{KqnJ9FMncp&=!{b#fulBBYYDdax0Mn8Ct~$JFQ~>L$UXTL_Q?C@
zEure#iwu3Ow%7yDN<_f>%<|TzT^{FmE{`jN2@rm~-Ioj(FzEx73F8R!1->~=?DLcW
z?yjm>y7i$P-P*T&N`IXel!ydH1ky{R{^~$gj<1Z(OWJmG*#tRLoaruD2Fd{0Q1w-_
zvuDWYPMdDctJ{fL4hY|o0Z*Wk_14QlD>Z_th)#;pOtj?^49~>bbc`)?z&pL?M`m=a~?0Qdbzse@_-IRc~ap^3!^jM${a5-ef>
z?ACQck|Luk&%!Kl197aCrj8i=A3R{jrK?dukeHp&3k~FKJi4rA15U&CO_Pl6X_^&S
z``u@FH*;fB@x}{`<5<0nHgOvUzgtP%UXC7wBufEwnkBZtgvgadsc-Cf;=X0q;N$8r!4;rIg!bB@g+$
zC`omF7m9kHw+X-gCyyg~>Qk&EFO;dwU%4Bc7Ci&OY3kD7IOmK1l3z)Y>heqa%j^OA
zM`q7I?RRAd0~<$kfQ^$3z}nWq{ongNOV#o(S?{k3OT!r(yN6W7tp8}0M6U3mEFuYL
z;W~7@CIu)U!zSH2!D`D2+Ibk7Il4ve{L~E8bdmm(0N+>?+Rfmx!gshPI$+;XwmC0_
zVSuAy&3ndk`+;Z1edp!!IL6nv9bBK@1cZypg)ps!$%KzHjxn&CL#P4igiJx0??$k6W`u
zr`m?b%A}bI8%&9^>CRB8Uy-}0xb{afB@?z@#>jHeMaqQj96^p#<4fLSE$lI
z7lITP?s(!FEse?EBPne++r8E<7x(9*ld=?4bi6{v_^jo)F&`3>*zZs>gbt*d!4%$_
z{R9-E&N<*{utUtim$r&a;Q2HKwD#GE!g3V&y|7{V^Uv}yyNb|c@9^kC@QoG92FH?uh6Ub=hnJ^KTqFKtB2iZhLBdl4kC5)KqKejLYuTSJ$sbnahK{ixw&MNob|T3vv|fAR$02|;3;O=ugR<;9P?n;pdA?79Y_ND9+I3sv#LdgF-^mD^2I
zKdC_=l?B>)V~0f$-Xc|hT53CYZhzNI|KK!)bf80OIl=IKJJcZW1i
zIL~x-_l=Rias2pc?c?6+U%L-MX^ClXJ)-jn{dmY8)c?$_YT4L2X;|9e)V(#Tf=rtDHC3}b+`5i9O>BoM{>i8XX9s@gj
zBeY_F%-4KAn?L6}TS!d)CHSy2ssBcM5pSib@%8@V8(6^RMdc|4fp@
z`v1=6j2ztUoNWJ(bYWTk@lC%R-L0(wP7dZqLgsd600#+cJF9<(iz3w&}#5i|sdvLEd6{$ahVa6lc+Lj4|1&FE4cxDfJ0X~OH?}TH8
zR}8qX^J%SvQ!v*2MGO4pkDV>|L_o$oprReFI~_OOp3`kNeBUQMzCF;p3_j!xChbq!
zQ*2e5*Y)OZDm&FD(ltvEo7#Q0OBbrUYbIkhm72P3+ok3RKr^~*)fn^c-V>}&vk2&?
zzKivYZGyQQrB$ujxRuMG!U_ZcPU>bO$VfRpqA1dqvsBuJ+ko^ZJK3Rh%jzI*9OTtG
zhH{k+4bC;V*I^gn=9Ra$XgB7)R2a*5zzCdGfr(y2xwMC$1U+j?3auPLvpB@o-b&Bi5pv#u9uz|khghZt}}74DX8v-Nid<9&$V_DLjJ;RjZq8C
za*z$C6#*9wJh=-uE#%NzR9E#ZrI5&L?nFy<6FcY!`n5B!<
zJXGPW4p{ud7xN_ophVFrfW(UGmSk?7^2U$ea!U%x%W`bXW%n67uMG!(L+VYevh4^0|Xs`_F@sjEk1sfCG&dscH!Aag~P)*X;BB+pP)XL75NQpi)x
zw(K5*=Jkx7?zVO)b5{`bxcj9om~Ytu@COx55Q5amc33GtyH<>Yk>xzK%>r{3WQR%J(}>%F
zAA0tOdF;2FUKzVB_0w^hify*()3Ld#?j+dE?VFa*C$@wrkV%7UEp>+}@XS>kskhu6
zx>8-QDv8n0js`uWmk-=oO9pDT+84554i=UjyzT(>>lw4Mn%GZjwV^x0oQ{4S2LBWl
zx&|sszZkQaGB2^v695s$5cKHX_s=g-=UA0LP~(lot13JDE1-vWb^YciAPzGlB((W7Uj#UFAwn36t`0)WS6I319~UQfx?
zy)!Ukh^bB4`tTeAF19y&&#b(F6V?X7im!zxg0)0u(HNsJi;1gRAejF4bE2Ne=k)}7
zipRP8R}51QU!WBI=1XMgz3zZVe&icUW5+CzZY`<%%?x#q5wBzZiT8<|4&ozVMiLZL
z@WQddDSA-aOYV^9-dS48iLW@YOrShRf^6+=2sP-&f#D}EN)T_2FyG!Q8BT4fTAWwO
zsVM;}t){DlljEcRkfYzNW6jyEB8~LEd1dzCMOGx?#-S%C*Izu1#%Z^;1dyj
zW5^*oUQdi4h$*cEvRR7-xJ*Qj!tS9sk}3^x)!4PA^(+E^_EgKEo(}e?ts3uOmHFY@{F5h
zP-=G{m4B$s9%+)C&21HXiJ9%gG)AlR$leHU(j7|
zFMPc!7@k6)9?W
z@6g%x9~Bu>*CtozCPC^wP~)%?YZ?-PW72>?$apt#0!R($d?5ZtO`SrK`RdLNAZYHG
zc(P_CcI$kSY6&BPDk(wKk~~p@1AVhnNEa()cKgi2Fzo$Bdy5h{i7YZ%neQ~um+Nys
z#OW6mFV~yRG-lK3k8e)X>D8Ie_d$stQbRy~B6((V=B^yZPAS(gphj1Bc5>zv%R3pN
z$*RNeo*t3HG&oR!+(doCdXuGBXIIMvAW$w~uAoI;=9>^tL;Yc2idy0UO1ZDRAm>qT
zJgWvQn0cpk#LG2=LbcJP^T=P4VgZ;v{Uzk(AU!J^wZJ#4o8=pfGWsZLt58`Ivd$)
z&4;F_$Jfy_GUnweYQ6lqq<8m=Wcek|AJJqIV^R84w&vv3oLgHGKBS$R+iZfuuAaDx55VYoMiWD~-JU{`V3mxJ=G+f1
zYKv7URhA@Gj3TpV7dBED*4c-oNu%mcx10`;{DzQ&jRu3!PE%uoxWen?bNA29H9FnQ
z<5NYr(4-8vW0C;?30f&<8qXZfWSSQ1HjR<{momUw{*VOi5f@cqa+rr#{K2pQ!Pqq|
zkn86+mqnGtCAd>%|9RL(ws5Y`RQ=&|g_H8cmE7V`0#&*N_R4aNhO+!V#MYX5`
z(g_z2VJc(59y8f=3SuO
z7|aZF%_);<==giXNVE#|kmU^=W>=UUOTIzF@8r`+5!V&6LwCejHa4S*XxdlgpWm(P
ztX4`P<81U~d(AXfBUeDADLY^#R!0WQ7?GfD*oHNGvVNdy&K4HCaT!|%B#N3CgCY-P
zl75&>Wn-wifwS2`s<$9LMP?iC%fvq|1;xLDQf59PL*lw1dQZ<7x|%g
z)JfgjxBO1=PAX&a_pfIaBjvwFg$}rR)SI*Z~PL8v8Zcm(-
zJ|?2W6sYb;f$LQW2|ymQZ3Oo5+K=lXONB^hE1c@lBWM}O4YAX6NfcMhZs{72klUR(
z%EmKp0swalIka$NT~KYsLo~R26bk6d`|IFdUD<|;QX$V}+l{X0_*3o<>Fp_TeIezb
zjfP@^3`WfK(yREY>enmltm8&HCE6tCp;%p*NIW3?im6DSB*2{@ztkuGX;@j4X_t-}
z0bgRt(r?V1P(_kugBHDq`&d&+65;0_d5+V-4Lb@GJt58?NSzU+dqegHo#4
z=>r;bhB2ttH7b%F*-#_X>B52>J}F-2@SOuv&1ytkwPV&&4T=U88CQTY-haR`yv5ip
zI^oVp^Lb^@)3>O>KK(2qMmJXx+2~kaI6)$6dq6!V?Ghh*MHbnem@Q+?9fc4xr352J
zr?-V0$qX%Pf+jsyDr?f>JIwBsIgCkl$ymkA`LJs~&m*Zjz}|+SQq3s1^~=UgXZ7@0
z#ORko`tc9=d~q?6KZcA(V(he3D*M`xm^>8+INgAt4Gux9>=KbpGXRBfLq7~EX5|J+
z>&cxpF8!{^y|j`AF~~rU&F{9)aQ7x%FYukDe0uZIgp};x!8Z#}ZdK(_Hc=U?Yw!L=q*_$KpWS!Id;1Ha!e?-$r`rO
zgiYAsyN721qekV+c%w*gINXTC6~niNz-yugc3YUG<)}O|3{!#`8FL#Zd&nE6;f9+Y2|Wrd2?mC#
zDvw*O>IIu7U-o_j8DiGX0qs>n!VGS_9HWlTSG`VZ$ZnFWqr9Bw`{wzvuLFSoR58^q@BDqRD@Z~EblbDm|Vlb*{6s}KQ
z6Qjf-lyt`?ReEYA+_BCaoyTdoz1=1s
zqgjxi^xP1uVL7^QaLk!qs23NEPOqhd+4vmv$TVR6tguC0LW(URFPASq#D9lJSoAFw
z{oP)Gj(tQrJF4&5MKDXX;BYLn_`ITV+G{8=+<0MUepq{{Jbk<(BG`Xxs!v@#yE7wz
zs^oAnh*(rePc8$o!J{5HOuw{(Z`IQKqFIeu^HHFY9*t=^r~`KL*nJ;p?wEfRoA(f3
ziu>uANUKX@x2$Ex?*Q*;3qIHMgRv3&nNeFr%s1Zcfz6!sndXC~#v8HMWr_znXPt?XNIB%3pL`>4
zAE8Xq`^c%=4nWLW(FV(qlY1BKMyZ}CA|W_?6Va$0tvy1~SWqZR`aTi7njSFhWn&Ku
z!)T6H66>k-)>fD!}flxml9{U%YDC)&-a@
z9BTkSch)#mCVyhD>9MEh$VeXc)e%vqOUK=+$DwEykGB84o0pEe7!EINO(4=Mh~N@I
z^ess>2o&9KU`7(qb0b>$Rt0R=A4^wa1=x?KlofLsRu|ZH-rC83_-R#45M~E_nw?V}h7PveadW|qcGp$w06p3)lQrl*?%P>N+
zaXs9Z9YJd38lOF04U8>-3@(7?#zA!Ax)xf!gLLAAE7-V06~>t%Jm-k%z_BGfeq}|P
z9y@iE?Xxk(d=53#FR?1Ku|1_boD^NG@YE9U@n?E9-fA_jIv@u7p>P6z_i%;%0BmzoXc@+!*RAonT
zdbg9MTgrZ(-({UwXuFQu9|~R>FV#8wj3Rb_k5mrZeJP!7#0Xmfo|C``MIVYZ602a=
zTwQ3+WvE-_ClJ0jMFDBuvtmKNk$LQsc?rU{qQ5nmpMI!97LKeH*b!x7dS2r#j-1{jl*r%2)EuCTJ{M-VsO!@w7&G
zStqz|`nCBN7SPnI)!&Q|yTq_G;rr1oD?<)>Nhz6Wa{UE%<(W>M0|oK(hi9|Xlk%wjbe+@GE@+S%{
z8x(_TA|YZ5-49-B2|3ODPq_CUDU2SmuoTDxc!&dd&Xb*582%|2yLAhsKvx&T!xLbG^iyP0w)-%PfuBU*d?n#sYmq=vt80|}u
zVxU|x1ibgr59TNDb8p3>P+*!6xC-_gEFA9qZSu6Gqjw%%#T#hjUH_{KA!9>cxg-4f
z3#PCeRgdkMvn+16QU0lJn#)4+?*8Nt_)+$~owae3(diMn)%3yK@7jAic)W&r8L|cc
zG#jS7{3B|nY`XPshq>sI2p1lm#)GqbTsibBw|4P}o*K!(h{rq*mLsK{L1!v#vsc=y
z4_wpFY`!OOB0EUvQlBEbS`;V42)jC(F@3+oVcEPr-M)QM<9#C2}OGQ
zZ>a_4c_~4${8&EvU3v)j{MNI*UT&gN0)_EAdv{2?6{@2-Mmd2+CWQz1oSs7%48*#{
zd}`yAI%SJ3i;I>@Dn|bv3QhBp=GDrQ$e@MA2pWc9_kkbyUk!{plYLh9ypU~vfs+7l
zp8_B%A+VRx%xC6fP{)8SWqNq(PY|E&_?HMHw+G6O=2Av6D`aOA*ahLNwgDD}5v^qQ
zvre?s?ZO3DY1{cb%d{*d=P(LPgAv=ye1b`P4a%z&{VdTtzU_OJ3K#tPspayJIa^Y=
zj)8<1{*c(X7tb^?b)r(9eN{ne0nKjFwXy!aFRtk(jt5=1#@1*Exm;4AFE~is?%}uv
z+G!*>6g+fyoHRN;A;a}$!#(9SOL1-PQPT0Pc-xcQ^{*dzh774ZY;%`T+m=umlQv{a
zSPB%y)Vt3cy;mtTWohqYNsya9j1xdMJ-ET|3)8*{M@6ZG&{vku)x1e>Jb=n{=k+fLTI`IJC_MVAjPFPWHANvyGAaU&lEoD}cNM;IAK_owF0bSk6J%
z+!WyGB=2DB_8(9>NlC{RTLgvIsHQ8dAq;uM+&o<#i()mScq3*uxfQl)0Ysx!hO~fS
zv1H8S+)DjM^MbMb4Y%{I7k?C3JP}FY2(hdOlJI)c#;PS8#62y>({!5iWjbx;`{Nm^
zm&*l%ZL9X+HJjS&WcEm*;=~z;9m@%Dy4dft3)k!>_h(;%Qy5ViY+YV@fzU@57g(hLR1eVuBcPl%sE#
zWm;IxfMW$0aj=i~`UO?@Unp0YaD2Njp
zIaRsB9ZU$%jW-y)q%UU=v^0LLIaZ|yS2UaFl;;??JWrj9U9@ICF%G?v8g2R@i_+NM
z&mjGJkV580D-U&rR(mjhoL=ek(jCH{xwx}#UFCi`SNC(UV|qX~3NA9-07(oHpWVRq?>;)#
zZ5Op7A4&0xR=*6+|MKF2dp8cJiPD_*k{hi9I}e$jW0udOCa!G1iC}xFQ0Ukpw6x}T
z6;bmr(BDtMVT(0Qz4Z@GxPo<|ONKP4Z-C5PUN2W>tz{5_6eN1;;2R@`xAQWD
zZlOQQ-YLLy?fNW|C|sNo-=W99zh#_b8T>hl%AHMbm*#|(YiLGC@jbgDLn$`L^UEH3
zfkoB4Md}V^%Ke?x#QGTs)bj~6oc|1(6>Db5oMslvqi7eS*-VE3X%{H!gt9pllL=TU
zSfY2u+=S)iGDm@Dm}nqINSk_^q!o&`f;h#DL@F!#mTq9qm&i+iScCr8D-&g{07Os^
zL)C9OJR?$26(f(z;r`lTpzRe3D97OGAArTpI0-MC6R
zTKofIqsZat85r|$Vdf%IbOoaDMBTMU$ruGa@^kFekt*bK_jbV@!n`jyOxTOgU*3_H
z<~U{Y9?lXnH9kY_+3Zim^!QyxPe@7pSD*(mkVq&M()1XGj*E3qulw>^
z?yGh8wMKw_)%E(s4moNgX+Y927A7F#PrFR#u(~CAk#|^|kz^sWANC&{X~dWD2@F0fcOA
zoD9ru{#(g@=f5qu7
zcz=Hwnf5>|kIG_ge~HQmCFnkIqR1Sln9Esw;1NL_;aCh56kKbK2K~jtU;n{jiAwuT
z3Tn}58OcAaq+_HYT&E-i>oT`1r$q{?6Y!m2p7YxFO9;X>PY
zE{lVJ0G>8>__2tB>{3$fR;hpE!hndACpAWea)MhXK^ATlYRM5!2O7dg9b0GJpuY;N
zYp~52@%85FaGYt|HU!a*$^!Q=*@8AX4ZH4qs!&TWt^;K3Jwt`|XWW9EmBdc_SJw^H
zHgL8nO}L?xOkuto7`e!Yk`@<1hx)w?x&H~uB}1U+bk+gAhjXYy$|Ine5g@#YZl^i$
zz)_H!JP#>FJ`L5R8%dB)AQ>EObPUYa#3YSkAS_I|CVmB^#vg@>Pqt8>R8juQ^*)yKys3q$heAZXh}l;fOfwAf
zJt@pUp(bKoU3UWYYX*{4#GyZe1#|*(6Q#bpkJ!;q@^+M2>Y@4fbOtG16XyoYXuAZN
zM_>JwK?}!jM|2W#qt#`i!1w^lTYU_6rDAY`C1$hp#^l7`gJ5f8#z`tWY&+)w9y8BG
zYU32*onozJEHD?(jdZ%MzWL}MQ5%=hROs%eO75E@>0owy|3IP666IMV{^KwCk6`mL1Vz!ECSeLm;;>%%{HAN0p%e4lC?|gO1Gy$q{%^{5ek`B-nt>mL7ANXjxGF7
zEqAi?i+SF67bj);=G9v;U(mvbWVPk2Zk^Q_kDzNX-TIo9_qjB>;~MT~{_wJ$yLL=n
zwbqegEL78+YjE+k(>?c~f}jhxqTsWw9x&~hMnxwlrvDoO+W$#?uh9_bZQ
zl9P{{V-2ul*1tu}0yVQm4Y+=a?tJYG5igads2U$=;5f-^+TfY5RI5Uai5
zv}AjpulAWtSRQ8T`?5be7A4Ia^Zg|!f0ca}(KfUtUo-;KZ_XrHR5vVGuMDX2Ak^=EM>w8M<_(_L~>VJnm(o#4{wE
z`jO@avDT0>D1YJSxq>Ke*l=j=JX6*#%Y%%mB{+fZ6JHETl6FWIvZvLAs6A1>ijNNB^`L8ry%;~mqPE^iqZ#4?B2jMW0!M2md
z=AKJV!3&xfY9{wPOOGKfOg6W#jRF-vv{Ej#fW+%GQ+loLIiIKx_^Z|Q6cgq(qaS^B
zP>d$w*X6I!G?P9Bt`vfxDG`!dg|H?+ZWxf~7&~s6y44*>9i?tu!(mf`Bm{2!n?3L@-b_`O#WqcG)bQ`UxUG+AwpWCRo0F{jEF6h{>
zvuzTjpH&4mH$2R4M-7|2Y(iSAez@$mCSDtc9%HVai+!04(5^C)ZV}N
zA$V&DF)WUu-l0bsh+Ug=skc9Y|Fnc!ina12V}2rj*7*@fR!Zl
z6krgiM-F2SDOWXW^2jIXGw0o_D+kPAVz2fs}3OG~4
zoqj%KF1!IV`+;|T)lstM{R$q(2n`2Go4j+an(b)OMUJ
zR|=oVT@8a!g5RWSh1>15iKb$bbh=(~0D!zsy%9w%Hw+1D1J3yMeqz$4zz{hMbIC{N
zZ5;}u@J=OCqM5l?cdYJSpSV@2O8yY~)EzQa0TlO^>0Y-ne)PL|Ur@u*S7>kF1tvdM
zK+o5|{MAC)Y93_&iqb*-W2*Z9`-5U;`cLPCijEb^-xSrv)x^}5D@ZZzegVG{s!{9G
zFamnr-z6m(s0h@>yh_BNJ!?L%gL~>)xs*)QeSus;B2+H5n}u-@q+jmuLE%+@KVXg>
zc}LofrCZZ~`DPopc`z1(JCezW>_w{|E=I7-=qdzWZP3&j~CwWe5YJ-##
zpe1%R3GLX6K8`Qz`g%T(V%2BPX9TSztUe)wzU@npi1*;oWa0r7*8nt_68kgX^!!@6EhId$~1c-y0{7Z7wQ3#p*puv8fk(jZuofhgPhlrz7-$
zZr#ialufh<`Wor)$S}4>?A0iaFgY+(d2+GhHGNXzLBf*JN2TrGT8$5WHFh>9=EgoY
zjveF|6ZxO{M
z;_8J9JM`rcV%ToiWR6g%zzD~XfGl&2_nVq@#?yOH#-(#a`o!rAg!Ik*`GHe)AIXio
zm;g3nr`-xa*QM}0F#z8oisDWgQkuINZ!gqqLKkh>8Q*l`{f9)-PlV^
zM5ZwuE2s;@MLjrAjZ?kes7CYdGKb&v@BoKc+(l{gB&0h%9kWill0C_-QAe@Lafp_+
z_tsyi1jW*XxidYLU3=p1TEHa^V{P2|rZ{ati~}bZngRx4L`}47J;d1^gm5(ASE5aS
zjqGYa%su?Xv$Gv63TYOxGcw%zrQ*a>X*#mhZrgC6spIIvqv*=-iJr0F-t157T6dKk
zY2nC9?Xwy!dY!-&AW)lNNv&BMfx0b|LB;~!_H2jFM|gGIlOLEJiuCtmte{=)hTYO2
z7lm%kR_^?+uGTjdQ~H2w4$4rQWpt6cZ!St{gvy6Bhv%eL^gzstBr60dx2jkaxI>O|zCLpkQ+nXNgeE6e71k3h=rt0VcCqbWPpZ(M
z&d=797ENBk6VKdGmReA&^_A{E+e3YfJY%nD1;?Bx*wH152;EfyGsl6!D72^0j~%v*
z_lwmHA>=Ha6U!pgXcGS|QT?tkva#CV1{>hNJuXTPL|sxV2Q@
z760tXMNJaB3MfL=Po$zZ|0l!G{@8RrfAKLy7^cAOgEz43%5llcU2#R!crucxd9tzy
z2#NDYJErx-NR7JUJU31;~Zqa_IIsrz)(
zp+FQZUF^6{ntBcu^Nu1YdvDE@RosjM=X4R~y#`cF$)?sm8x^M(&N$R918pNmF87dk
zJ6ux=Ot0(Fu&^)(RqTfFxm?By3}~!|aCT!Om=8aDNvdx+{9PGNM%q_YWQXhZTjpuS
z`8hxQJG7TltD}(*U!Xr{yaGMMj~Inl3YxeF#<=A9gw^D!uBmfkqh}=AnS$A?-uXT$
zZu}(4F`@fZwAG9c&c~g7RuhvCoINTnoH*2vAHfT6xHa1^sbs-~AN@Ez253FZ>p2vo
zYrH>Q69US|*@J>aQ{EehD{{SLY=
zatedP+co90@W*7is(dq#Te;?S-~T0)YaGa^RQ@+R6^8t$g698V5dWX-R9IXJ;QrqP
zuOoFW*T3B8Z6j!Csy=C^H+{q*Lku+`d9J`I?
zqfHW0W(jQ83A$=}e`a}R8=Eu?s;c>(@_fs5bUvpesi3ur5$2adMx`8|FCC}1ce=BQ
zzd!YIK7&Gy|GVctt!e(wYYNXK)H!S!3H@yt24??Hqs{}Isu%;R2u%q>iMM*
z^{xs(G7ZCCJCX10otNE22_0{U(
zU|Hb>oXzLszX`a&Sj=Qao7^UxQU4#p&M~_3F3Qst+jhmaZQHhOS5g(*wr$&$8{4*R
zCzH2()~wYt-S2$7_xpMN`#gJ}-(CaGQKxml6`xfdYeH3Khh0*U8FCQSL}bx!23=A#
z6`ogBMZ#TEM3cl|TkA-`Upc4ds0qSwpXG~=k3zwPV~rTF@hnQzp731AJ^mu67}Fcn
zE+^VXiM$5sQNoLymk2KnCKQusJ<}(;8Ve^iwTU}oU7M8!iq+L)ypNF!+kB`d*
z^afg=+KDCFsyi|UK_TJDj*Me!l!Vj$i0G`Q$T!836Z4a2iDFj~4#LB>mkvK4E;hyC
zqVMo0t6-~HE2glFFSU*O^qVjo5m&5X#y%9)TSRJ3rdOVM&lw;)CQ^{pfF)L)iBnmN
zqY-Dql|``?Ji^mGNJC)NWfC1aWL2Iw!~{9KWmr}dSsUiaH`T7Tq6nw6@TbEHCc;U-
zNDaB`(E>3>gkT!JU;V-A)9=}T27NJ#2F4;j`PA}10ZzC9(5nK>NRFE{V12vE3-f
z+mi260)*O7OBj1$(5Vh83V_DtP16DZCvBivMNo%D=ET!DbTUfGo=2d%+ruk>F@*jo
zDuei!H_zx<1QNzo?!iYrV6WtE269$g(*_zK_xeJC4V8p@B3-jobBZ17MC#0)`uS=>V48Kxuj=GX|AFDGZO}|RIWoD_m#-UHODQcylOx>>aUgPH_
zV;G-n$W9DIx{?bEkRHJ6@4|c1gVKhpUZgxNfhE~8R=vJ9N89X$)3+F&SgCV4x(4E|
zxAv<+gN#<`4@R94lkjh922Z^I@E2LHB+VQ*q7A-=KzXHX
zidSO1TcgbUz;I!!u}@r9sK&%kmh{T#9_znWW+A~1T1XeE(@Kv0!CoC0FxUI>nPE>jVawq`b&OKHEf;y(3}!64jZ4~z8Ig~
z&6XQ|tL?&Y?*ktE^_Ckm4jX#c4l%uV#+_XPRk@+jPt|h?UGB$!=edeLWx8-ozQ8%J
zLlhRLZe+wdC}ep6`rB(jW1;v%cTmS1;2#?r#IYK4E-2hL&WYf!pHjCgoBT5ZU)U$s
zETHum`;^}sb$e#;9bU1Z;OCaHt$2_xsx3_tWwC}g1$p;->yr^hF^mLUpx5VWHv?;E
zw(Cwv7T=MXxx?Pbvm*B}d#BW}s|`E+9>%ldHd(pu7zf?gi=AQrVrPAYMz0fkhWqIh
zM8LYS7+mgh`Ft!cj<}|GtBT{jSQhrlXH9>91+YcUG6hWl+XW4T?U+rC1Vhmn$4uvj
z!`ToqFHKn|$J`zkQQdV&ftwcPm+@}57HlfZa-2rCfr`$#TEYuqvCi;&p0BE<(E&!$
z@5QIDJ(#W-jB=YrcHL#|e)M7+r~qmAGVk=;CWaUTQt5n={c%>U_rhvgsTvVo?fhz5
z#W{dWV^HRpN46bR(-&c(mj{(>5j;O
z6YWyq@8EXRKHW-~9u*8eMf&-9ymFa`jS8(L%Y#L>2!$pabo-@OySWy2s#fM%9rs6~
zE}<=;>L{)1Sw86L7qw~gY9iE%JS^M!TZDQ9AWl0lR&L)hD%?Gfr7L00fxP7D21v!_
z_FM?hdZoMUz@JmG>}HeK>OO-TAUCEpS4GTmXF(3o_mQ=SIY^+*?r&2brHQ6mU;F$zvh`|RM46%zYs)m
z?5m>(@`YH6T?xW~GL0X}Ypq(VcfU)w-^&w&Gs@vtVRmhaP(&!ayNe5tSBCGSc>Csz
zYJuJrhfcw!N!l1I1FEjG~U}ODCzbPJ>*B1l3K59{;CMqe+Tl7L=lFW>zde)Mtgpy522e
z;+$^rJMD~rn*L*YGI6?$8IS)-+|_IHGF?I-_%viaGt+zWE^{g4_vgo%{g0(u(%8jH
zF8~Y6#yHP{iuV}fDb|D?t1fjzW4js7l!|&!K@0RlF{L16B!Sr$BP>+r?{Yrn6{5Z4
z)n?n)D&9ZHM8G$C;aG0Sh*MxngDuPlTGiPt*wt1nF5J`(Hk%fhm;M4Ano>z%LL(}g
zez2lqm>|Fj;(_rD6vV+mU>_X5xIUOf5<}0DC9zV_d;*zCC6eE{HkIR)905pbWEz^x
zxPB+Xz*iF~MpL8+^)(u6a8*TR(blImSsCS3i+DZb)--3;cHEkB9=$Ug)lvqZ!?~UX
znsXPt4$ySl`7)eQil#nFers1)MZL3MV8_Yj5yU&fqs{H?YeD;d15O+s>?~jj5~HaC
z;X^_3@F<_ce$1d_cd2C+cC-o1XzH6GJDY6(TT+yiViUB9I>2!5<#rMJ{g==
z%@6xfSaAlYQRUjiev(S0PStLi`~yVX2|hh$r{%IAinaS!t4xGmQeZg^WWlObaXY9M
zyl@MJva7evcX9so4k5hZHY%vY_+24yR{af9i1FGDRRl2A{xyh6jwt$X1+y3a{%`B8
zn2T*k`b=LSer@hKcu+XNXZDsaZ{vkuzP7iqyv4~!RkU7q!Qsip>81;8^WkM%N5TfR
z67)-57ha+*AW`cl+^lZ7`{k<$?hA)!WARP4*014)r>RBlL4vx)@~JsIugb^dnqrBQ
z_9sj3ka2Jf>6?RL_tJma+#H=CN@feVG3AB;?hLQox=(S04&S5unwcOxVfZq@ubUka
z)0|=~7!0A(F3i!OblxUMAoUM_Xf~zU763(h=^i0uatbLR>4Zc-7RF1`NYY6*rk&9h
z5=T-FUPpSXLez%>Q}U7x_@ULBtF1fakC9YP1-x`4Rf!7B+?iKtw}rZMzQNLJT>yws^9
zq*u7$Sn~^qzlY6A%h)`_n(lf(Lw^VCPT2F}8ovqY2M3}-`z-813tmH8=mBQ`Bc~uu
z34R&m+p01A>&1%xU$wu8go3NlcSqp=;)|{_iaDyUUVLk-CP_XLl#(DViJ)YiRgyws
zn1WJ4QPf|eN8^Udk=2QzbGy~zufLyuoA>$u$(Ne90xn*2_YH$@zKCviauQ5A^KHG~
zUFrV@X$`jZOI)lpml2+u7+02UYPK!No~e`@voyP`tZJbyY_D*Ken|eNiw@5?4+AWe
z43Fw>g%u*>Gp#kI%t<{SC?vl*A5iCWqMux-sy7onZP5is8F1pP*zHMZ9L*Liu;!9K
zGii!Of%8ntD+Pjyh$9L8(ujp5F_V!7V*Lei`J;g%5eseKE0rZk!Ag+Kcd(GTve03i
zp(l+ZgP_nCVYLk&V|(9bi>94N0>-H)+=S08$}du1skf4?%3RkfZn(Bw#aqs4j<`+E
z#+#@Wf_zT_`hk5^I`vxTlKB@E>dKhj-T7@uu>t+wbGk
zSwLWz8gNzJUetCE8JdZbld?OIx~!DH*sAY5>$*)SZow^BiM@{N{V6WhU`O2=go8Wm
zFHqQz?B`d7`_TUKO_!O$c^uUeF$^-vq~SJfj^F;KZe(wQ6Z5JOuLaxDEtb@Q$IxiM
zM&mITOGScpa}QWl5*{tqHYUWO`37_!De4s!e|q2JUsgcHPzg%NO;~+uIH3OWD~-%}
zp2bPh!$9TP1`O8r@qT5#5J1y(ew<6>%Gq@09b7RbY@Rg@3O}Z5W!u}$88a){Se0w4
z(F#|kzJl<921nf6ZP+hSw;xFF=U&Y(=fxLTZEY!Q*CZC1t-F%$AfKg2Tw5O;!ON72xiVnE%UJJwc2+`&C3FBV4|2-<
zxQxn{27aAf5IxQ$O25MdfX(WN0H^5GKmDqQ%c0qnXImQ#@=f;;Kp`)c=9_>-`eSuC
zGma=5&vKvsf@*qedL`oZNLt+Svv}p6faBm})aAyIU!G`N5^;((=Lj?i+6yed)t_-Z
z?w-pome-kw#4VcW6gVg2m}m_|*1P-%OStGSnaf|=`6}S+Yqsq{Iz%f;<8x1{r7nAJ
z8--J*G;fquaikE$-Y&ZPzhRcicx8LZAZ+TV0JuXsBd%PQ5kB*zuV!UJXj-QGbkJQi
zsPad9kI?l3H>MkzpjRz1s`qtbP-mOWnfKe5`~j$+Xgi1@IIAGs?GTGFwpeIf#F(M<
z%*eLYG4IP&5EH8H5fA!5ML$JOz>3*hgdCux?9
zqsjt61kwtD7O$*h3#RT}-iqo87USHEd<9Ts*inke`h66YQdFmPfes
z!+j5H8;61E)wA{eWS>1^G-zNgxA(LxOJ`uNBY4-A+a3ftj)tBU3)yBg)l%|Y=8`16
zOLB13NQg$Gvm4i%44bwG;{w_ROxKBp)ZZAN2oNq>#=F60dv*&>&)uxKo76Z3QH!cT
z5BD`VT6N61oFCL~izl$B6^iT=FvqhAjf#0S^AJlBL>wWN+-`|cQ)({Y~y&Q4u`Xzv0rUi-SD!v4^4`lZY@_709_**S^l4M__J
zr9FH!R4p36iBA+NqEsP0g_S!lsJxM_V%uL6R3D_HRPd6kXQf9&S5bI$HOaYZX%+x!
zp-rC*RI~Du=2pC!!ySc9jQ47mj9E^f!Gmb|K!;QP73_itDFh|Uu?u)pvA)`F2V5u5
zB;$zjEhvKJiy@H$(Wcsp1u^ZX+ch?~&+II2_J7d2w)?9sNz5kk^-We1j!SgTkw=s6
zjwZmbyaJx}mUzh2T(yL)yLMeAE@r#_EM{84C;lwyg0WEiI{)hdx-?Cu50xQ}ZC^Rp
zM5?}&1d?&uScSWcAN$_l4X(mUEXV4HI;b7$+CGwU0gMg24fuLwhO3vZLveTZTY
zba4-+@wa)l$9qFT@n(!~&1(@ujD6F3-J^n$O^eVayu9QG8oy!*Z{ryC8yCmo+ub_K
zY||PuU-D5Zm|-EFoBcW9wh3xr^AI|>;=9KG-UUn7SiC^450qm#5Q1B+qUD`o{A2^<
zfB8vB5W#I(DAr+_Q`0%;qmM;RZO>)m+CC<34Ad7EH57Jwghkt7J~rh3Tfq9wp0}u+
zu4!ZM>~-@GItb@(*GS$L6+vp6tFt!FFY-`fJqPwOMeb(%2T5gb+>haw3H`!wvpLl~
zd+^4iK!+aC*>2qe`xy`k``G5b1FNs$o3@Uw-^X84dRg7V2rsxFbXg=#(5|_bzCycc+loqGXSO%@uAVg>tuIn;*c8F>r;)>T;d=L6iR4XEKSg)O;aWC
z9EVIv;wfCluNijYLTxPsL#1TKk;#QFl(2Bn)K3@<78R_Ss)-GiD`#k?NCiykq|nwG
z7eyR#rF4tPfnR$iQ~v5mSP~Q7Qm`^jI1fvXdXzE`1;qjUc}JA-DANiJtFw^U5(p#G
z_SczN@uW~pawf3J3ES#e&9O9v(gsLba)67b
zlN(|O^Tb4sHAwisV46T5<&%uT8biB~OEK5N#@|wXtPhQ7*fuN=XHo_3+FlE62%I{fzMGGyftCcdKwwcvAu1i_lBon2s7NQqo#Zd?1LLC(~&JqmH2@1xsd%!)hW^nxscL^^sz9O7#Rz<-*GWN7c)4z)>D~nk6KX
z=T46Pg{~r|thk4jyB#jm5y3KMLyL5-HM+y}9L-{;bIZ+Q%!0nO43W+YOO5EwlVji&
zL=3ET9Bvb+42-lf6Ad0d+?KRJ3-UB-oEIVi6k|oWp!@&f7;&bNi=7WkRtkhJqjyg0
zfF+!UeT9v2u1W&sDN#;fh$WRr{!Ws^v04w#m#3w&Xf_h8>8%+cf1)ig2rsIf+8G_xE#+Xo$opYC2
z6isN;|H{MA%%WD##7vP6U~ANrL*v5jp9QNE~1eW^$`!
z?w3nV1u%=GL&c3?Y8nSgGo4KT(M7J8xuI}9-nJkFsGYQM1pd0LvL}c4d}Q`MzXDEQ
z!@eu2Y?>%ezZcI(>u~JzN`rshe1E&;ShQQJnLj4=V$BWd2}GGb+UhWO&h3imxkOO1
zH>gP4P;+c_S(c{;N7wo!S?%&2-#ujieU_?7%&ppxcOSa8L(nR2Kd9>Z_UW_Ax<*`r
z(3IHboPllsdx1UL<#~?X8FBMLA%Tv$*Z}%=C^D
zyQ~0}KdK@q$?JpZpFUZ}fdTzak`MsVMn5*8ot=JDgd3_qZRvD>
zNzWm>4;7c1H)9y{Dq4V1b-P-3-rh8EgkerQ`#rX8xx5b`Sgyk^XfZYBv6i*qX-;5u
zV*D)aq!b(>RA3d@8wDpIFhtIPOh5!|K@pa=Q*g>^q710Pz#?FH{fQd~)@b#muhW|q
z>CKyLWvn-W0X0EqOEa25bUO8`>F!Oe^z^J-zkc}9CJLvkpN6QM@JVbq>zyI$tZMQN
z$k{VG`3RaLxazh7D!RZE0I
zh0~Rn%h8C1J+5-gh%!KQvVfTy(zWjoQaiA&w4)i#%~@Oa#~531u6T!1BSxBxo7;3t
zn&QWa8=sowRSl|)s}}3jthFpu5^Q5M@S-cX#-TH=~6~o<Zbi}nD9SERsIvI4D#+r@@vY}@dlbnXi1A@W
zX-5hS7${c-Z)?q00k#B$JGKP5p9S|-y43PE_kF_8T)z*v@4GC|Ot}&9j=+2f;5^J?
zynb-t7pmS*lXIx`F;$zBMsEvq{NclP0bBFG=tJA+L*sRh-yE#*GW|`Dj*31l4{bY~
zM}%}z*8P^SSwP}G@g=Fhh5BKmO~|h`yaw}fBh;PW@$6Cme#|NHGyy|(kt9E%@e+YW
zjWDkBQZYHo>f^l%lap0<&CZP8&EUKfkrkA5NmOg=uddq+iK4gKRC)yYu~WH8>17-K
zdAxEF+umkUxNKb-E2Y$dctV9oa{~Kl9f6%I=l&DR?!*e=>DXANiia*GqZ-K{S7)I5ote07Z3Q06j8E
zkU4A;ERyRUj$Qta@Xr7sSklIwD$I``Cm8>x8X5n8#rl8e8mp3Yo#(_*gSQ?an8N*K
zEnrb83T1lHK3G
z)sUTbLCHXLG_)=*J-^osXE%I4_4IrJIbg8{SDLXo2Uj~1KWQje$!gmlvQ(_OjjurAec!Wt*CDpO=%YeJkh80Xi7)BlJau}c-gB?bh`Dlp!
z7{M5Ec|sBSh`Q&dZG-RZZ*0|N_H*t7-Kk%vGKne}Xo?=0YSOZj7Z+647@w`xw43IO
zyHMK54qFFky~P5xenBiVi2n5wA~_`)D4odaBN{mGei7~3*j_|@M#)U3bTvPYMDi~t9>U&sQ73zSMfWl=+@G1m%uZeYN#ri^d5l_^h1di136}
zZeLpVgnZ5AqnmgmOjVxWCdodlu`;hxP_EUk#r&*$V-T8h!lZM;V!eKAzMorvoGV5h
zUC!H9)vQmiHXdDclhNMCC
z_vj7c%s%7%LxwW9}n~Sop{#T)dyZQwh~VJGTw(
z;coYK5^XtZ#H3JPkWJ0f7Ry$A7KzyjdQFN$4!%{uSO2KAOqKUCccFr3kT);SvGLv$
zVG6msWu*dMbvyuX>471&)Oo>G_Lbltz!bP5Bm#fi0K0#+0so&~hO*#);~J}yY`^(}
zIP`S{fr=WGssKTOKxzxzEW}te%|?>?R}Pqr42m^1xUs0-sSfORVAx6fDPx*`n%!q+
zveB(%+{I%9VX&4Oiks1IZ_Ifkv?SmnCV_)#~v@>uSS=LS||QgUNDDJFTDb6eQo7#UjC**eVuOM3_h%E%K@U
zihd6L?0l6(!HjUi93F^-zXX1@7_ov)_Vl&%#SZfx)Y)KE>XU$}Ar6y1*3&I$vo_db
z%Pu9;E5Z#hmQU#ZbEYGjzB`=X9uoOCGRhVb9Pb3ssN)P1GSPwfvh}KHLoyb~gJbIsk*Nt{i+p^V}4_r}8
z>KGSRwxX4MDo-xN4%LQBw_c3h$A}JK=a|5rVLP=BPWsTs`nI4eIjC>Her{|j#(p3!
z=j4Zbx6&*8l9laB__K9{qXR%FEvsv$4;ctiH
zE6ce!O8gFA7Q+z#6nmFXhu`7$ihk2R_CdWC8*<3}u{HOM2=s>p6&a@h-S{~Ks1vhy
z=;4G;?n2;f4o?R5cF6nP@mHig@Fyncr3gyjqiNp4xftp0;k`|xM0{Jo8{RrQ5LCrBo-oOXq#EWGm
zqJLS=_;`Qju!WeciNh83jbLgJI-5TSI?GEzFi^TOI8djU`Ca>ps*J<;2v3Qcy`u-Q
zsR*aAa2UA%^r}H^6E2_tdUzVOK=hXcOXgnOf6Lx4lgbjM95%t8X{rn
z92kY}!S-=vi`uxjhZ#H6-I5311ZJO9aWZ}gw4C|p2IeK~OUHY+29JfB+w<;4QgIH)
zDOW+pM8X*{{63@#{9QH(9gwzWyO1gH@;wveAkF9xiRVe|Dk7;wQPtb?_mKyyiR
zn+=@jbz&8xLbxQIiD7+jq_N3gzXYAs@DcEJ%(FnaIoN$`i(o%sxFjshk~}AnJysUw
zpVVT(uqsCW>l{HiH`Sq%;MQ;|#?9-6IA|?tH>742HO!bXv{3G`r&Rj$ONM|63z=NK
z+nn#zvGf*>nBfS<)89X{u|Z09Tri*}(I`UWwtosq^AeX3sr~}DBFSPdYPBmX)3=QhRaY!R;5Y}20F5_xY#tO5kYB0sd_zeKn$plXVs4&tUqW=i0JOD8-
z=SPVIv0z#NtT3D$v;R=f%HzO@TL_3b{8ZDY1-pij)lckklJ)~%9COGHhk?t?H9j{2
zL1A?X^Am!zWl<<3JPe-g&Bc@+!z%#!SOQ-yOe@LX5MY!diI%3+A4l%-Me|u`=x)|D
zO{EN&bI(GyJwflm3WMk;gb+ggp5hJ;!wSt6ChCbiu`)KduAoHOc-5-zud3n^{b>=r
zx_bfKCK<1UqKPl+kXWLr#OA=+ZZfRfH*PdqX$-(PD^rsnyLYM1K2|gedV~m4BFcv~
zo$#94z0k5r>C_$Kw#C-Z04x>XG+F+#g(l$r(}H*NXz_d--0BzeJw0!@4$zrn<5s=jWI<
z$>BgAw0aKXmTukxjp{Xt9p56qXNPgw&kKyh1NUyf|Be@RHq{y%GF85+*4(YOdg`pi
zoKuq1nEL4u(ME*}IpZT&q#J^Aa*ADa(uZM6u|@Cj_I9-87iP44A58xhz=Uv-Y$Vv8%7soW5^NYyfo=!#F7(Go;DCYURDFo-qU0Lka68Qf97Y{6na_@BF{k06rU1Y_|!BETZDUe<}n&X
zegk(>?lQ>Abihlz;-gj)O$IV0U6$b>VNb(;E!%aIKi+V$WAQ60k{@IXP{q{WZM;p)
z)V6%h>$8Uo!XL|?`Ak?g?4n}2O{y7jdtKk8Y`cxtb%$bY-t3oil9huJb&_&%kh$Z9
z#BHUS?V;V=QUd?w`Mn^~z3yp?#S^BRzr4F!d0m)sM$I
zv|b78mouN@^9MNxDhZ?pr&afnm+f7y*BzH@wm_;neuO}WBa&TXAfJ%SZe)h87Et2#
zK)B!o#r^nI*PqpGpq-k!cH%zVw*|HyZZM5uRbdk?4wA`&j9h3GCUi7=#t?>5
zu7%xUT|Yo%JU+@J?H$$9r19(7Qe6ZOBY;#4=7~`yXq*F=Xp0ouAsQEccqbM&6$;O!
zeZ_>Iij1is99WT}_U@~ayg|+7(|~vGS^My$6)p8mFljP)h9KGn
z4)*QUqE)!vcn|R_KR-K&S&1hLBivPth=$EQrBMq4)XfGilgv>qdMw8R1
zz4uv$uJC@_G0ZYwW+6oOc0!4Rg!%r0D_ORzxONLeXDhtm?m)ZBm>!8jq}Zz9Uyc9*<1$V76NGAE(--&LLNRi#+B{b
z{Hi^mWa|aXm?0kBYlpifZV^QwiV}FTS@k>%e5D@9jAlP%G
z;bZ=38S7umM~2x>-Z@S1J9|nlPE#D)mD_c%a3Mlfu^8D^qZA#BubG61lT~d)%s&dA
zv-r(X09`^rfF{N{G&`)D6qkAQ9J@CDa?9eRZccK<%eP;>{mT@)&6+8`g5&$g?k`tt
z&hD+sSRDY$Y4Uvr+-9ZEGRrjSTf$npizJ?*_6h!4s4sV%-Cn7whTQ^wN^}`$^;Xoq
z|BlqI3#q7sB@*hRqSetWOR@cM=#fY-FF@ooFLCd0ZS2nsrroFLA77I!@9gG(
z^%;TRJ7%x9{IzM{sVjLdlV4uoIqIK`L&nEJnCrb2#JUqG&*@%gHmHc#2%Y96u6Hb7
z4zzhlvg{$O`{g16EgGQ(*^3|h+T?27PK@fM)#JZCZb2P{^II(W@0#7Cy`v-ZVuE>9
zF*%&-jTmolM}1?0^u?qU=>ikd>mX2kOqatvUP&ZZhx1xg&h*PKhHewE5W3hW5K%MJ?npYHHUZr~lj8(+hj)%`M@?WdC6
znF98}KBLSFfTehxdS%Yk-Z?0q64;zxm|KX+EvfAes9!xgO#+j4s8Yv2GpUQ9DR*K#
zsv*cvH#(E_>^?lmLvluU7P8c`q+I!}DHrIkrLBJcEq+jcZkiojEL65N#rB?<4Z8G&
zuTA0&O}HlM$S$GSnxk2oGC<2Ftv=cwy0bxnM_PlKAB&J8FEH?is1m&o-`Z|TR(H`@
zm?Q4W$GPOg)f2ydI_P@d!*7ykDzmcx)5IeQ&-;w>nVCGQm*1pkcJ?vqUCkLy`b_^^
zAAgaGIBGZ3CNN7wOV$+5V#Otov1e~1kefTGRz<7kVtXITvq1SYHCN;O
zRGXg-mtoDAV}AREsa1UqzCx^|821&EG>AY|*>yk+`sx8okwv}sm#)wKAe
zc^0tv3T6FK-o#hA6ffU~KDfBrPu~8pdN^;b9i@ZOru(FUrx~~Qg71-ZK8xAl
z+;h7n3yDe|*d<_sA_aLgia(Fm7B#=HPFRf|x(@5U5ElMnWRn29ng+!fz2)Icex1=<
zQ>vZ_&k$OwKo#QOD0u!0KbwM#v8GLth%ACKS@3jW>`b=3PkWpj7=Zzm0A15V&15fj
zc);2SR+d%GB<$A?;$A9%46-Ga0uUkei3Zi(C(5}ro7xcfMCZnFUF;lZfhdkDf4;v(
zqPRmb(x@qQg+d-yrq-@2!KOlZi88l{7K+u?@BKq~(PFl$7FXNUaWqA$j!lu)zMrrV
z{}zhVb7?zu$P+g63+x}WGPK9pRRsIvhc4m2soQ@yE26^xt+`dT{b%0{Z;NERX#;8F
zG;k5EN+Ss+GLm3jk~(OW3M#LfhwO=iI?aek09ebDwlz%<3c@l5g(Q}%S6xpgq3@?wT-P!%LP;A2=hK1k9Ptz}fsf!r^LJ_mNU(7E@`?QjK|nZM
zAbmKf5Fe=6vbesmOT3Kp^jD2nv}{>Ph)2O2@;|!L(ZFs;K5C^V-8QT=&E_gbF?!+V
zSgj{`pQ)`Ry=HAEix)xbzwj$CM1pv$o!AH&mJ{{dl?^U?uQ@vup<+I?6Z^#V|ID0|hSlX@a>yYj_|U3BgheHI69
z3xFwd@>97JTiX?yV{RZ7!EmJ~+R_W#)N+C3*QQ3FITzi|-JdFLNs#Z@4ya#*4k}PZ
zXIfhv(=Ok2+14W?gBz71c0GF(fe2zrR&<3*Wb49mX@#
zrfN7lVjzF_I=s$5!-LOF#c6EyUDt3tMppPd2T%R;l$rthxnPf@@6O5v*|^bb_{MOH
zO0;?oQ)tzk6Rp0|u_oqf=6)QW%ssBqeAT03j0Ic6HC4!KZS9ZpwDzw
zX9vEfDRz%+s(dc&o}Pp4j=XqHqQx-}gJ%Xv9+3yd|Lk*975s)#eRDu`6785bo@%uf
zfs1bjkVI#|wS4*ma6`y_A>HlW7$($Vdf^qz=i6VtK0W`7Nu)N9OL>OWuP3860>qksDr
z-+%Qj|2{bS&7A*taI{LzR{c9o%$E#`W`pLSD6t%jHlKxlwbUm8oKiM72$_nNg?6xI
z!b}LAZNb9{1g-7}l}iSLQ-_t)J}
z&JVgBM&b3^3d%8-)}&QNmy-STg~T0}v+OLb(Q5Ya#-`B>>V@{AKa4UxTMWzCh7Q7tE}?u*6WhY_fu)Ca~bBx5vI2{
z{@`eeXh;^YM+jm0+a$sqhXnX)jDbjSARLasgqcR69%yr>65W5xvMXY>N9pYCSk5x(
z5^uI{51)2vr)qJ%@l|H*<|B*qIfQ1i_6}o=z&Y}<*
zCBO#IJ#l5gI)?;Lr9VKsd;Qt!<4iK*5Y@ar!AjN}TfnNX0TSzbOWd%%+%Rp$^sYXJ
z7f^GpiQf(W(J+yovgm-%h{hbsTo~=4As8=6dRdfinBozJ8#dU&gw6LC42|IDAcMdN
zBA07Wa|;tuF2NoO;Zy`{Lro^85z+P=i4^d}QBZjCr*@U5r`HL0z!L9VHRZEPtv=fM
z5=GXaSlc*W@HBc^#}-`*R6H4ajjcBtf9c<8dd%IzXTOVWDr}}!LVfteCprUg#`y`j&DmstDeYUBSMaBq+2k80$ajD
z`U7Z#gZA<%pGV~tns?4`3e^00MBse_>{Wlk={_1#?!&?&J;C`#IBLc75
zH9iMpVg@_i%XZ9_qPL+`mR>NC0l^>gZY=B0olUXbxeYKr%g*hl5=n{*xJvhgJ_FD8
zK!LE7$Wukd9A5zS-$O)_P0F1cGu)sGXS`v4z!~>UTS3A{9sPpI1aSN`H@^nY!f0T>
zLDy_!;is%Z{>vJKL_#{Y@~23^o6swoJpRq2BZ4H(W@iI_uGN0Q410)WlNeUrNz|e<
zlCPftfL7lo#eFXd&0#mU65BaagDL$Pl!lH>`)j_xNbmhJLk1;3re?Iudfz);ts2ow
zVt12VuMan=6(xbTkoynR?+Q4~L0rCsyf7oZV6pM)Ihu7*r>tz4YYVb?X6YWVb;#r7
zfWT5dU6=^|2NEIMhB8|=Rs$5=4<}OZA30jqh{d?PgP&N?lcOk+km=}ZIRattp%NOg
zL8NJi8DJ)O+u9b>%OTSzV16PWoC4Vhu}y#ZE}v`Nx#Mnk8tFLn87lUTqm3HH-t>PG
z81N#4-bcoz;P4Bayx}2OyqaE8nz2bTi~12*`nA+b$CrPsyRFGP(rjaq<*k+y#7^^4
zkPK5u{!U%B6V5it$A2tr814C|luBPH(e(Ppn*4Vs{C`eP6#7?<{4J3M&7Dk5ZNHcI
z{qx?KL{wNrLd@01=KuWrpAi&QD%SESiio@z;kHXjDSw`Y%1hU7HINjLL@X)m>WD;y
zjh-8I?M4TE+7RMD31nFm3&N5`Q1;A!CptFM1_?ybz8bn;POf`TrloPe-7PI${V2Zq
zW2o06yMV~WK5wh*%+70A-mdNROWWtKbcAS%bAq<-q)TL+joHbLlL4lyJ!)j0xAxkM
zif}{tX+l5S(#YB*!`zP+1Bhh3S=K4`XM9PmyFlL`wE=lw3^yXfy|Gq$R;Y}@*~DI0
ztNPc-15VwNuF;29#U*CU71hf#zvOr-@*>{W9}Y3)#$lwNVFD{imP|8+N&+Fh45R)8>*8UoM3I-1ukv&b}>
z4L9=@ioc;vmX7h3gAACAwZ-4V774hs*w4}GF6rc~iJqrx=by=kySq=W
zkh{-KIp_5v3I9<8dC58`S5O09EAh#IEFbmR`>o$E17KA^SYsVr(T|Ro`POm%UMKS$
zIp%>s#X}OApainrdsIe_l}%yN>}g>cQ*SZc@G$8CCUnPtRn8TbL!7cet(Q-`ARgPU
z=jr++UejDEof5i|Yi{EWZYl4B3}R4eD6ZE)!bqc$JrvhmhSQjo>~C(DR?6zJ4UUYBq}jxlJ3vS{M?G4MNRNy
zwcK3ZC+9R$M(NF#&h|Lg^j7qeUJbG*q_P?eg?x|7Z}-yt_a`~i_8$ndtDlqOPEh$^
zD@UBplW*B~oAgKL`u4v)P}NW#zbU@%QE5`Bqy*bG1DYwv8UGBh7El>c}-8e
z#HLnnWHwcPf;ML_09ZU3l%^9z$7+Z89p(JgbKMvZf3v>vq_&3j>1>=J(Q@Ii}|Q&%F!bCaYNYrwnO7)Vcg8q6xW=v+Dw8Z
z@;kcP1~d~i1(=mNxyZ7R5EX$~?Xis0tL8-7YmVf;9wsglR$Hcqu^)Z?!W|m(^m}pa
zjuDLT*h)(UWD%`v*?u6fLH|uID`c~_5aGH?Xr^ASBqDhM&z0(S1;%?CWN%KrK}XY8
zED#cm5_k*u+$=j`Lqm|(Tf4kB7|*-xjGe!0jvJ%$P!Xt`Q@i}No}4WsLBJP%L4_}@
zVQ}RWqApkvPIgj51zOa@C;RBON&$JUL1lRvzY*yi1j`%+wZ%
zn|;LHj*+uPTT527=96Az>Z09ZA*tPJ*an8kd~3OpPHqQdgpjSYqV))U-d*FQB5-vM
zv(*C5G(X|d4*gck9}1yBJK&-q8lgfdp}cl9mM}O7teY|0&@Ng+a$i`)Okw3gkuKrD
zLIT>nwUII7s2y`q-wdcWr1S`uJW^;!!%?4!60Y_x5TnX&dPuZ`vMKg99Vf<`kP|<2
zKkmTCjS~?E%hoG?@wD{tb2Jq=%F4}^H~6|8;21JhB#Eiu2>yGkJ;9T+%Me39``t4i
zxt=Yq5mQ`R1EG3#lrr#9VonfEn9*?%#nl$&+Mrd-8H^pTn}Q0wG)k;kw#1sDhkQ20
zW-!z+=&nuB7PP=j?vV78b=Ead3Fpgcm=u*;1&2v|n(>;bZ@kf<h}<7#=gHprgQG1nXpQ(dgv714y(>4VGjv~UZE(bFp&9KFJuIU0a`A0Z(=8MHHO6`>du@=t=Lak
zfIPL!iMH2D!SMK%@Qd-~bYS=JIYlMaLonB@j7#Af4cq$2m@|mu4_wj;Gm|Ywh(9k~DvM1OXyi{~zUmL*fBukqSj+^HIwzZ!Y
z8HZL1JG6Iup3z#ktNr|F!{~}t+?JdAF1Hmus`LuqO)Y)m4V;}<>Q7CxWaJwdcH!n;
zUof(C4e|p2Oz245Mn_zcW~a(s?;F{&f4C-c5HT>>V81tu=N~g@Se47ob~mdni%}Tk
z;ZA$(={Mu~JB&ki9G$u0V`vseR9Vl(vMQEO4;=VqMNZ)8L~>E{DE!Vi%uHya6P0$W
zZ_+Hp?5;*&8q7;v9Of2)7RIT9kaOpjE`>hY;yA54j$aj8XMqXG#^wHgMTxaqTb2_`
z;0NL5fkHrQ7VKIPshLpQwBJUo)eT$W93%27D7zo7resd%K#n>pC8}b(te*70@neQ|_&vjdzHM3oTAO
zqzq%$wlwIN?+BjPN6Etx_IhSP)|fP1f_sc41f3UxTbevQ5Qy*ibC5j>+$cSCg)uDa
zDlP>>`Q6UNRS-1Ck)`|in2uq>wZeGN?sQ8C=Baj4%khV8s1bj(!$OD~?Ej+dor7h0
zw{Fe77xuDk+qP}nw(Y%a+qP}nwr$(J&N&f%Zg=$eySFPc>W|8Ztf;Jre8)TI9M6Db
zkAy}&G4$o}=Y-y6!yJN=uL{2ICcGoPnWLMS3QK~z6t7r|<6#GG2YELTV-Nv@^yQ>saihnU6KywO+JdnFYJ%1w
zZr)(#2N9jmJ0p~Yl;XT1I$`F`fhIQ$lhu6-bT6zKGq50OLR@lV1cSRc7IG>u-St#8%GqpedWU&^di`^
zi-A#YXp}#OU9p?p*gS6XR(zAq1}T21TS&n-X{ZC|dyHF%XqxcI)IU9W-0@uKu4uap
zW@1E5r5=%!#cx>&X{bpIDxqu`A&$ksy+i5rR_UHyxB1s&n#nRK$-gZgg~X
zw>vO5B4{QMERmQ;lNaf3HuUe0pSNH;kRFguaDS?*10FVgciJ#Ydyv@C26H_q;?s2x
z)^#BZfBWoJO$T#5cQM4^H^u6e{J0=DM8j&8?eqni>mW(K-?+(0Ln(QV#;|dkbExvy{(>N4m{)=8=W{q>JBD+olnxl?m2!v5(6YrI-<+NzprWyXK2tL6e|De;?*{$?}$a*P1=?``<`{5-1OF+26l@N&iT||5^S~{O|rG
zSv|A=C8)Mh#luoV1?wy7@__is>8wFwj!`V0@^Wuwb)!+LIj+DW(@;%x$;i%ZIm)Wj
z&KiLw%F2>Nqv=+4_zy<36X%~&UJL+aMxX}2ipip?bRY--!Wdp$yh|8Zcu-hSApW(6
zK9{M^S}E=EHmccMw&Ser&(5yx*Qr*X){j1kU(WjxJx`|g_=wR$lddO*3!>46`UttE
z?(B(DL2r|%d<02X>7s*7pue}p48}kQBL_@Rns(!j8OwV|i-Gl*#lU>!3AocFhwBUw
z0PrVXTiCdCiG}M8GDLvFe%d3FzFodZ6)+?u2(zapv75|P5EefYA39(GAgf&jQ?)XeW^u~^HU6R3n9L^J{rKF(etKh3N#9ZxC
z>!uv_1#^_e4vFyXb)nHhV-J7=%TV(#r72TU8R!0dGR>p;ex5_s`4~abH_0*R1xvbo
zPz3{{C%5p%i!3%fF=8fgSjFom7>vP;C
z_N6Mn=7Iv*0Np3X;!YSJX>&pph|f=VO2|=+vc{YFVrqU}3&3;9NWzjJxxO5y7w|sR
z=J~Tx(pL$3^j^Ma^xQtS{@cn>@J6(0A4H_{t?%X&AmQW=GBxJiCrW_VVtyrJbaC7C=i|hgK)U#ZW=yv-g!jPfoBka|!$kslpKI`ewkGI%;
zsno(T)_}oTP$I;oFEU_*!@@AH9T$O&h1)Uks9l9V+m3)@lBLqRtC+&XOMHjb<gFnWc^806a8z?vlPs5$^`j|3bof#b0(Fc`Ak;3V{M9Yo!MI^H=L
zs7YU{=;hSjYidb43{=c4Z>6?oMry%9-cHz?Ff
z-XwiduO;3)>Z41sxr*Zox0`=F%M_f&JBjHI*ywN)?|oFsqB_^)#1nDCNaIwl)X{vBMfz~2xU}#gWe9mzIC<3$qB-I3ro6Rc+^;&U
zMMwhHevCU6Td1zEUs=MS(>HYwOpd$ftRXfx3tmYkHzl=jPGcn7$Jf|>ogary&EBv0%WeiW
z+Q{vf@|}wJ8Dk?thd46>PXRxs^6mQddFS-T^+A`~Od3oOP09(i2B0v-ZPXb>9V}8g
zFSi`k$HL#)m`jHhVXbTr$hdB0#K=Iz5O1qrfJEYYY0l6S4)rsZESD+Jl@|i$`i!@K5nRkr*3s@d?s!9C%o6hK~OJ0(n%a48euEbtJfOUYmZIs
zBOr&f-7Aqk_>p58U;W*NOW2O5`1))85zF?1ka{sqdyBI5_bW)`)`c_5hnD19P`a`MZ21hPnSqO|80_M9Dyawt<8HBvUX$st?vAOS@
z(3FX7rU*2xz|Ua{+QbAKN8St@w|h;47iZnO31cOwVJa?4?P8AIYw*IKTc%j%c*k7F
ztay5ouQ6Iee&E>RR_ZDt#Q;}_tx&OAh+;tu
zYy=Nl0_y<=eVVB-=Rn>c!0TKN>5}-%@rJyb*t2m$z0fz{ze+^}w#D!BKZ4Hp9|he%
zdy0NaMJi^Frm}kWdOsoeM)nT>sTE~LPm2T6!47qsS*VmlWN|)#HGv-OS#^TB*W{?y
zu;57rGfOa&i7BtB-0uLs$m%!YDk;Jq(=tqCU$fl5J$(S|V6yEhwyL96u7rq-bwjrO
z?EBJB2B4Z9u$Eos#?uJiV|+n}6FuYlMBCw;!^4y&W=JwTF}Tl-l|(t*aa7{f6L|#f=8=IR5CD
z>_!CY?M!b-R+RC?mn=&O)FGsexdf**rRA
zAVQJRncY1e0lQHoc(UIe8Z8BoA3$_$NGg~BUx`%`s(ak3pdoFZNkz*pkfDI3;?Dej
zEn)N3xk?V>eLG231m>CHua7H5*(C;3G%CTGrc`0hwcKZiyb7rcjIi@i)slJf^ib5;
zusryBqAC-5aB-4WQ3S3qG)?kUTKJ?$AB`^!>mDHl=%lQszF7j!b>jF8Ml#!F=H*MJ
zowCaH^I=UO#uhnh0B3-QygnG7FfY=cOK;a*gnVFcQ&RZ+>K8fV^()z$F9>)e9CC!S
zjjqD2*ga{eaJj2skTPD4yd1;58V(O=bU1b@rJYDLXe_{W%%DdAq49IgYv6dZDMogsjY&v?{mj*b*eK9=932E87QOpq@Vs2_L_6qiZ9AXG(W-52hI3=bED+s$i??NxQ+vSed?or{>yL+l=!HTHJO6u!v
zf^lf}h{-7h9waZFNGYt%T{L@rJ*bZ>?alU9O;d0JsYszdtvXo$b
z+n~T9Nne{CKX~m?@k(QSd_=m;iMakWq;@g_Lv;ZA{HStzoaOo#CQ`_Hkmr3B-gZau
z2+McvxQm!|7vnQ^ybVqX$Io(E`lV6(d4ZXSW?IK(S>JUeU>S*ZODZ;da
zJ`>53WF}}^%OUMthSkBv+UfX{ojw-{b4aK>CW2g&6};YYhj6VBdsTq}1lErawZy$j
zKbV%9a@7;Mj6I?c{(1&xIZ?+-mK{=>qs*grf8_1&4$z
zxh1E))^CqdHcA+%2D#Y)i`fA1YEZapEx@aQZVW;oZiz8%RYT(jNPRW9sjhp&U!@ky
zh9JVF#SdxG5jm4*my*xQI2nw06o=7mDI7IBSr
z7eWzHwmU5BENo3(g`;~2t-`9&2Z{QtC=&^kFV-C8Zf6n2=q`le-OAu<0%zP2HVNdV
zou<15uepU(W_!jlBo7T1?(1sU7jvM$K-y3}@vmxA&Ko+mEd-o7`KE85#fjbS0+3<+
zX0CDFVYSw7t^QaEo2)8@<_TH$k=9mpu
z1IfJx%5gLGl#N!#y1Rb5w{?6DiVa+=)zTs9yyckdV(Lo2v1Ix{N~C?tY0{AO@ixoUALEol1e_!4utE}{*-;=00(IZ)JvO6vi`>j
zm{%qGO>4Uh(_7Fm51ERPSqAHc$8AKXYE?nyIp>~dWlI#}IHf`o)?iMC>H=4oP4wOh
zDfV`blKGV!CmFaXS1@p5npDAq#rb(x*s-vkIcg#UiFEXy65L=+h`y-hfZt)cc+VTT
z7eJG|>vBT5BUX@&|Md6`b!`0mt;`2Rsb(p+G*nXFpXyjF9FF%*SFCN4aQ0V^NMxL^
zF>EqR?vLQGE?1Dc(REbi$j>Mn0580vw)XvFR5SQKQl3(c&
zidDe|JD~e$2T{>E=pw7+QM2c)8iNLu-}{ue2o(YGoc-|=F~zUXklMP@T;azzzk_Z#
z*1iLhQSZlJIHd0jOx%`KP+!qJhm!EZyy-p)g{r1yPn4~7#YT%Ou4QU921hYKH~!M(
z;VXsc%+F2=Sna=yT+q=YC32uPu=e~dFI_`sW7ax2Ged8u*o0F$6~>t=CmHiV!zh{=mO9#(XFzGJPlN}DJV-?E31%z&
zvqJ47?9=-Wu7+}4^6IAF8R|~nl%;-IMBmv!VjIh$jeFGI0ohH$mH`tzsS$i&wFOl&
zc_20N;o!+Ak+11`FZ{~w<3rF1{+|jXj2#5i=?_nH2=1SB6!kwAujKWt4Q;Fh^&Iv7
zE20V&&gJKMe*({>zyk0aa6zqen|Nro6Y=w%J}^&(~po&AX2LU^MNQW|*uEpP3e^S>4&n
zR~y4DjIzs(d&#RytJ<`yQ0Y+x>~*}V!)hw}8_O!&8-sqrID@9@tBD5ygOC?V)eyT>
zjCI+9h^>e~Q<0W*
z0rLbJa-<>TF*C?Q2nWakGgCEpG=diHp&VB_j`aGF4#@#zuAtJ)-;PFeBJs1OIS^Km
z3a8`Bm))8-7H7(^A~J}Rrf^J;^0QZ2SG0!Ie(g1(1*#1P%l(0oeA3qkcW!uE->+L$
z?x@kwjM{ci;|X^Ddb>R6#QE9Ay$2xHRY&&2COSGOhfw+@NPwtCNmt6@Le>lc&I1Li
zgL(a0=;@qVkZBk$(Oa=(({8@GBqMF6H%K}rPq`9bEb7F;Kg0~XNf!4
ziBWV2<~i9<0)TIVyxE{92u^RHr?e8v;@2IB)9bo-cRaMp+EQT|9fAdYxix|2n_k{{CeP$wP}db0NO=1Fn_ao>weBKu>HqS}4!T%p#A7Jb&~o
zG#A%}d}rQ9vks@fXf57Sd3|pvw_qB+Im0xaqq{24lExrvpoL`KR-}OMS|OlwWPFLf
zxrDTO>o2o9O&X5LSlLLo+?;o4IxGz;H|wYGV1T3w
zUFEk=!%GvDra0+=Mx%42gS3hj>XSy>JdwxE_rkzGQObE)q6S{SMQ(Ox7|`5@JEkT@
z?ZMUA5D3@q97CxGf7-?BYRRUdMm@OART)^F3HF;HO1q?7W0EMhC_7JmTQgBwl%ue|
zc_hp}$+~LE=lo)@3Btp}W6U_DD>fvgo4`$Wy1rBY^9DZ(mNnrh^oTsCmY>ng*(qrz
zZ;LAOf?^hwIq58lnhS&sWy9Y*w&k}oO5qAKY=}8%m(?hp+Q2bdv$@zAqySmmTp=}8
zLVYszM-DNg4+Jws(E4%TnDxC#|6Q6n&tN6dlp6ARhaltdkZEW}T0aY>jhAmK`2w@Q
zbU7*}Pkh1%Vie#J#rM9>8A-EGXey<+d2sE6(}k8kxiFQBMC`sz*i}99Vo_H~Kl9ay*
zlnuT=caG@BKnaEv6rYaxQtmf$?8Rk?hFtbDxjf9~rCphtK5kDU_oCw@x6^Zo#ODO-
zQ~@vWUH(#HE<&F=A&P-b{{V!ZQl=!0!Z}rdWBFtKKh*=z(d%)%+R$
zP2p2wC4KD^RepUsL`;J9hQbSJaQR{5oL~nR`gh-+q@=1NTAavs3>TfS6}kqgen<-)nBqD;a*&%t}1E_E7u7IOYC;
z425gPnkIIQI4EF$9-;Q-BQ3ehHU){nIn|h%JUQc%J^-D5f={79R7lK%C
zOrcsf4~I-WirF9jwBLEHHNHmxktnk=!L*y_hOdmtewZTwEk0;CJWzCAR)??(L#)IB
zP4v{kYfWK^cJA2LVdy@93*`?T{L>-4ozk!2vnyBc>@^V7M@gnsLSF6n23?gXU}MWU
z__QAN!D1OY5`s`ifKWf!4=G`0o|d^dSM7xFw#dBl<2=Dn<>;Pi4IhNR5pZ>*yf=UT
zJ43eGC08=>=RwZ^^-m9b#(&mSKU|OhK*|N|9e*l*|5a9#DjF(3obsPs@IU=Kf$|ji
z`W-&+bH7Z3ZCN=E=GJ&jcEI
z^D$J?A(3I#e3!Zs$q0o07|kVF7e#7w$eEUIickmzNfO{`S|FN8v^?y8<3#>%{7+WjKRaRSPG96pX&6QT;
zDD5XVh6;-`T?yQrYZYN9ne6DnY)hK_^kN4ZBujY+mKhV(kbq(F}GQJUB
z`gF;VRi8M|Y+SSkl`+6>C7QVg(j3jsj5=Km;|IfWKIRiK3LVt~((bX?nSHa5D-G`0
zDVUdBtg@FGC*-Q0Lv5p)DCNsQ6R~Y%OcJ?4zr(u}tReOJSjcR-tm_$SWX7
zR4;K_O&EUdWP3=d-DmXrzmef=nY
zw-$xcviRnXz{c}FASdjLQ{c>ZwF*;Mv|*vo1i;x?ME&aWv(cXWT~QXpV{L(*05kx`
z`%7kL?
zWV1mdF19NkIRW_}KAyiXAx=~iw_xq2Xi&Hmk+}k-HEjj2>lIwW2C;b|gn~)mScP2V
z9ciQuV6j?8zo-mhTmpQgI73&k-k>5uzW6o3P$W)v%fu?(7t7QttICwZ)uGCicq^@K
z8#PT`)J$27I(9)fhb(^|r*=ylKLG>^&rD@#A7O!tW9nZJyzh2=fGn)-HL)b$7zg4O
zG>ri@xoX(7r09S{1L6)xVBg
zdIw9{SJZRmW9CkiB`I5cO2-xUkN|6PEktkf!#t;~1r&lCU23oA4hxhsIhcL&b!~LA$pwsm|jq?SXgVhbsn$QS7+L6k1H+ouO
zeLQB2m)b}{G%RjR9_Y8bV%#)LDTU_TCOc*U3&2tINYR$i*+h5>Zdw9os=B|R=f;~O
zJuRc&bSjAiBq)w+iAXY;hi9AT14S}axvJk3w>U1nrCJxCmYG6pNsv6Iv5KbRliXum
zpFy1#ReC&mE*#Y+Qu-bsHYet*i@!)uDI0H!7KI;11qW2i6h_;?4pb8fFqNQ&ELwHg
z|HeCGDXR_}Lh_b;BbpR>K?ztvD1(tmZRB!ot{pAE=0RnVfH_ZYzJe#K!+a;aWcT>&
zUUQ)?Qx9oG;w*&9%NeG=Fe>W|;mFMufu07WZ;>`%qmttUcp|$r8SB*%FV@dizRu1T
zB<0!;PleHGxSV^~uO-JBjU!xx0|KNi9l_m*4Wl`6hU
z2aX;E#;Gx55^>+8O_?q{E2e~*zux53hAeF;Pi0U_8nrJ1=a^Gp23ek{ctbA@1~ep(t{P3k0%|G7uP#kZ;1SD|iM@1V
za3;$6_!v>R0e=~ugHla@U`O+`^O710mgFQ%{T_+W#as<4n5w@yjunVBh1!s@XoCFM
zfl?9C6nNYuQ4#0X$(mY0-hoF>wyL~DnoP7{^eoFhIU5(X$4Nb+iI#NYQBdzH5GQ=%
zXBP=P-yNh~B(Xv{hK^9e6#md@$!adPO_E8*ZZ^qI-5pg<w6o=m
z=SPM}RMN5h5X3;6%n%+=58}YK*Qm_%-r7SUQ)azTLk0GwmYkD|>FZw!V8g8xfWfuD
zUd?{dx|8cj1c0FeEX`FqlM#MXfU~^mOnj#u`-TAJR(zx4()Bv`?c>;>HYf4t_m<6mf4|e
zPz&b}FmAc+uZj9TjO;g*%Wuz#SG8pS%NJjlA2UnKAipbBf>ThVTe9gq6v`vDpS})cJ!o{&g2u2K9
z<8viju>jHaNP-J#nmq)0bXe56nGeyj{EDFCfQ)otZXz;KE~v3Vf~s)+5kQlutwo!fXKj>i!(@^FkqJ;3;kT1SuZ=IoA48?
z+g~ea+C3KKa;}q)VOofTPrx8e=;qvwQ8=Ds@98~w~Nai
z+V$SI!hzHMoCn#a$f=55DD!sV&~vE-z8hxllkEXq_g_XBQ7A5cX;|#Oa@6uz>;W{I
z-h$`3?-;?iu51mt<(e-D2C-P7hBSMmzg(=Px_W-A=s2Y8FG
zfH8`#)NQxMWViHJy2MAd^8GgPH;TkZ`dH1l1J&ADKmn(*c|llh-%u&}5cna;SFnS6
ziYd>M;$UWB#?F`($#l3`M}M75dfB8SFtKZIJS7amI_;!#DoG)2L<|VmT4c9UBdL9-9#uKxA*Z)Y{~%DT00eY56K?#
zRfx>3MWPy=Woe}FS7cq#CzO-07DCH?2Ye0>N8!Q(Z}PCpOV5Z8a|FZ$;|6bq!ADg{QWepny5yY>d
zWXnBPY0wyZFtSsqVNFS2dkNFfOjvnHJXWZHhJ;D?cuF;o&Bvm_kg~!&no7k-d?h7U
zQXA0{7)5fiMNy>bPbsB!2V>@@cvy2;#(D;asf_FQsR^{>YM-wcgdR9o0I>d16033A
z%L6C@7Y8DWY{m`yS%
z>f1}{W(vx)xOT0<EuX)^s>T-Yk6d#0i
zE0C>J)6opvcdOWBlEFXVF_a&YOXUa43>F~1M5VxMn7lM}uf*QA{yrk&D!86Kr{
zBiTH3{Fk@mZ2r2<-K`~t!6s_LgJ7P_q$`GE(G`axB;UaruOhsyT;WSHS@UgAX8azp
zmT@dd`_9sV=+vy7)uL^&vooVU-pQK!t_glwgy`=dWQ6O~0u4uaK)3?Bk!M@_!UGt(
z{dz+FOC;9YK1s2s3G>y?+hS$0&e@7N+Qi7hb;oJ@I@2m)yWa$oulSiMEa&XmkRBB>
z*hfT$1S`>WY9{h_I76$i^vgZ47TK_-_;KJ;JEosN3QYzRrCtM`FKV23`fMAyVdf(R
z$KuEIm7VO%duVE#i6Z#pfcJ6QBW$l*Z8BE=F9Fz&5RS#{*@65h6qg4lp%&AuLDtdd
zRfRIEN2o3Um1tu_fv+D4r*9NgYBDTGQ|CfH*rlAjgrsp!M_T=y2CKwvr%=#%A%7V0
z0sMA@Q@u&uFa;brH^FA{=$hpCJy)_3eE}o^(paJwIY?j%a=J3
z53`U)fRWf+;2GaNMVfamw9F}6TJDIM_p^P*Hp&w0qL6JERX|nV<`~t3qx9O;qQOUX
zKx5HVT+>5HlLHSY9`sVsQz(NUm1r(`NBjY|Q&=o+%r)4nW1Ns%aN9Vr*#b$HKb4$!
z5-GBF-26V2tTZX8yLMM!?YE
zMH%f0Y%ZL&K4iBn4ce$Gz`F3k;jVn5_~Z|2LtL*L4;Mnh@1Qez5%#uUR398$8p7^=
zD*WLsbphqkMrjw+LU!v(nMuy>5k2VCI%1BQOAFW%})QYe3-O!dvl5!Y$hlxGE7}OU|M!g&<`*Ag>@BeNVnX$&N
zY9N)vx9x;m^{b==9+D^~DyP0_5WX|3@f2={a~OX6$=jmn%xyO->hj3_q&Tb3z`kST
zqgORrMVXez3Gmc@!QrTD>EOr<{tCvys)0qq9U42-x7Mv{U0Vl)Ouv;xznRYdV1Y`M
z!i1VuZhiD+0CX9!;JfaQnu@il>kX=t>_jH41>8|&N9jjoZyR#<9pQoxpIZej?d
zLNEf!p$pR;P5S#$wBWK>8vkIK=XSf>{-yyH!ltRMz6!})Fb}0!&Z_v>RSgbValo_C
zvoU1K*9z{Gjr%>Y4C~9k(<_=Tyizn!vsl`S>y8>dftF~_C1NvLj)~)3jfm;2u&U?<
z2H9&;$ujR-BT-ldZ(;@oSxDS4Rlt{!_i$~TZ$ye?%lC~mrljii!5o^-e
zdilx{xN~AynOTq4C&QKNr}u0EpU3+EvV(6X%z}VSD&nViw-4_!u{B-H)L>2O1>}tN
z*dVPiYh0v5QEYN1F=*-{aWGx*lVx&g6hy6L1xYbI`a5we1_xmfD(+iqN~KIfrDHe~
zB4AkZxPV)d+jhsh*Uv6BsisSnoh;RW6r#8FWV9JI5kFp7hcdk!T`a=JA5AE#Q2RJo
z5L8rKsw^@q>
zSR~$^9BwmtEXtVPjKT!+Y7{kz8e^nG`i=x3_R7&Zu-kMnC00Wvf@SrR4XX$c!Jz*L
zWw@CsV@T$-_4hEGpTOwSNI5wg(_N)9H!~<@-0-Xc+T4uXUh}!yn%q~u>-^R}@{
zV8^)}9t|8KpG|ix@YMIEPwSn~2CC$nitd
zE*{h24^`=CoU=KGEkjB!^TEhWp4m1W
zt=h2;O8cs+jSrOgCND+2-XdD36S{E7?e9c!J-`@3;wz$Rj|WUK8phShDVYgB`HR|4n2DInC_!o`uqfrkwVl=cS}pt$`G=Hi(qR?DYghHqZ$BTG+hAU94N&`B
z5+R)5IdAlYZf*&xZAE>6c@BkEb%|Zz)sxsf341(MySdUyZyZ>?D`9Ungw9_LAhm4Q
z15U>;pWh74n$%+xmuKt4*j`ue&sZ4`84ZnMKBRn7JA_OG3~!v$OVQgrr!Y}7h#iFt
zYaY?h8ya&Kq3=2EPnws5O6e-{Dcw*)XV>m43y*3aTYJdyk43`EODBk)feslm#b2UU^3=$6ra#+K+|F|-0bvDAdV-5V>P@6+Y?07l-*9Xooo}~47
zHF-5XfdoE)1@>%Ek-r1TxCikH5ygo766)a1jF7Hm&-BRBV-=j|K{i<{FbCj>qS_PW
zFqNWqun+Av$~i;d6Zc(t-GE`puXpf_Fr!K1T_szn|yrDN&|>yq*Pe$q=Ft3Iive0(91j+5nNSwR?NO-`=-dB
zWsBl=6dbSSB`dd^l)!isBoQ7!yH1bRN+?Q1ixTF&#T{+K?`#E_kJ-3!1`Vo`@_`aU
zJ3rv5%9E+Gdz$@H+BlV_*m(w%_QkXj^%P`o-AS1r8B70CQR!Fv_$qgZQfT+Vf9M)Z
zWaWlN(fbg~EG1o?jtPcEQi5IqDo#+GVuvY}+04-j9DxYZ5Sq
zah)-vU$+RGD)!Uy=hH{Qp)1`%FN8)v7oXZ~b!P|+fNBXxS58f2Jf_5X+oe5#U1xo4
zcixPfxp$nCq_d-SC(jaGjCC;Xdrll5B=f%nOh0!a_FcbxjA$!8{9F4C*~T-b{9wAK
z|1sGG>;GH(8UM?6;bLQNK?C?B96^3&=YIYAaen^$^*;+qqM!2yHdZu0sjxOtQM&lGU5iM-R+!h%uOvcvnLqlzqR!+^MYVW)8*B^9JU|
z#vaqhV7`L&%{xnd73Wn
z?d>=pk&sQ&8=UTLeY|b(#PQ7s4pVPIlRmu6SS>!RvH()}w#yN)&wwG`f#6fcw>Y8B
zNLY)*TE9U=FoP5sJS=uIZ3i}aoS9ZiYVkpd%IKzala3+ckF%X@NUN>LqIi=wqoKR+
zY!_DE=t6G^QSmB*(fk4=hXF;?kt;iPq4XK}JolL~;rh6-9TjliR~KY6hcuU7m>kX3
z@Z3eh?`kIk7GuNe7WNF-R8p)00nPzEVX1HztI4)JvY2UHyf6obDhPFFm)`pb{1vEt
zd!Zb`(&@;xXt&KW@VUJ!^2Eyq@_*YXep+SP=aJC$VdiIXt*&xD3U
z<8J}BYsr}GU6H9dHtz$@5^6H{FR-&J;Zss9i1=vYya)QuJ`t2WQf(7QFwKg(GV_h*
z6jZ8{Cwrz)T$zZ6m8)ikt1AhqeR)9C3CPf|00%rbsYW;R1aY@X=Q#kT`fL%2BP4=g
zN2T#1>+Q<1WeU=m%7g<_*4gE5fp!rI{^%Xb*1Jgj~&9nyuC6X
z#hIu+=`-5H%e3x6+%YfyY1jrk`5318SA>CNeqY4it$*^YfmWj%Ntwcb70=uwWj9=9
zUfG%qm~pQOP^}E_17(hY%rtSEL=c#+XE6x#taa8591pnu)#m46t>Js`E=Jx0_QqG+
zDgc~%!2>REiqPiNPy^Q|n}Q<(xy|v|62L?Z37*BtO@_@jz$qkd7$y@GtAGaZ0jOS_}yBOq&f-11De*Yhp;
z`@5|{8)WOsw^_ya+DYC4z6XWY1+Lk>6kx4y9>FG1HeH1A=O=$~2ku)%V8>p#Ai<2@
zR+}^rw6V;d?mB^UatF975c>^Q&oO85J5kFNg|+5
zjOINwkbMR6-~mpY=Ka1OQrs$P7-@xzMWvVdW7hIzl*nc1wm$v_yjD8o`!S7pBGE7p
zdXSbM#=9AreUjUAGrt*~Uj3{)!jkfiTzI2381aPue^K_9L2<8J_HaTVxVs0phT!h*
z*0?tWcXxMpcXtgA!6mr6ySoN`x#!;hhnaWIshO(o4_(#ORsDOmu4nDFndtaf94=FH
zF1|c{-uL=+8y%Tze25R)uq)(8O|P#JxM<*Y3vs@1zLq*MZLeJ|V(lAK%Dq|ckX*=U
zP@CJh;*lNa?m5@3Jz#@u2`!jcV5KJcBm{rc2K@s0ujJxmq`8y*fl_GvBbA8%f13w{
zKGKe&p{2Ehp`5;%p@D<0uSMU!{WkpGm2|
z4G>fl+TJ;x)c?*jQ&4QI-Z5ak2@yj6bk2rtFm~={C=(Kj2%OWND}HjwOqPWeUF)YXiDl4T<13X-)#0j+$qiS5FkN
zH|(uMTS$R_yK>m`iO76?IHgAU?SUc@YKD(c3E3;Jki&icvOhGIx{h8@?MS}kxWA|J
zH$60WzQZ1XmAIZ>^e|SzqWw2!z?@bG>d%ebXNey_C?yfd=}isrnxI?K^8nJw86+T`
zOH?O0l3eJKv#QrTc`9$7-Ay_p3u%KS`pK%AN@5b6)jwCVEYt|+Al^U#5;=BVv50mV
zsn;>Cx-}b%a^;R?xSC|{2&*VCmZ?mG1Wp$ocz#MrRSu
zZl4OX?jdi1-h$o&C-a`;X2{oQx7S6SIoMIUQMeMcYDr8MTJx@zZeEpa@FFNCAdFi1X?LS=RN(%gxj>1q~09WE{X75WITCG90-F$+EPY#
z&O`ZLbH$4j&>+~oQro_}WAlyXLfsLg;(885;g`_fh2a2Of3eNY*z5_xL%QF79-*0L
zYVPX#E>zI%=fk&@8o7ym8x%WW>&x@=sU0-G)IuImh)7W&(aE1sm>lt>hRm%x$2+ll
zdgd3!Ls0yMu5byJw4T11ZPc%0m_M-29lS6eOeRT(y84i%9tVb?9_&{enDbN5Bw3!a
z^B~Ld&E&jxANBZU##u9FnK~H(Mn;XtmtGK~L4f)+=e^I45_GB&1~>vYJ>JUF^qJ(;
zmVVnvdQv50sy?D=6zgbt2p@a;_z)Bw@j{471T3?Al>eMPNlHnX4*KG|4-~ZyrU{Y6
zSDK{4blLGKJRUzPiAV{p^-!vK?D7~7)iQ=+j*-Kp%F(eQSzufyupl8w{V172cQLd+
z`#bLbONrGu7cBB&TvL2XetBhj;3^e(-cau0>VdWZULrd#=62RN(Agj5q
zvOkPYQ=QEa#u;__BXEO>ZzDre>(8#V(?*7>2PDz1*1;S8c~x6d7nAmxF7fi*n|uAb
zpatxicBg2?32T%?!+X^hMplL7$IB|$U?%dBmiIyV^-7r=qPd)O0{xM70dftF6Dg-L
z^ogQ`D?rxa>igK%ExsB0a^t10AUVJ~Vay+$Yzq)j
zD^P2r54RiiZAL!r=UQ
z+5gc5evF5O*&o;B_VOjz+zFNEPM(^<5OO%cCRX}!kjE51#*^DKf;6^9d^(Lqd<>_+
z2!5IhQ4v}f!~GGD#G@LiBLmOOWRNV*3~ca<+SfgkHNHM2Z=aFO+6GU1ODlDN*cSkr
z4=jhzC4bj`3*agdEmwODN1D&?x4PHZyC9%t5-ukqco9LTvgM_NC3msZE={>68y`S3
z+@J9>+*#*io3vrH`DXKWq{}d=!`PnA*4Ud%P$gzN{>x9g@)mBK$#ScztgvYli*9m!
z0!vKo@>6{Lx7+4d?!ogc3MANiCX?DeI-0r>N$v}oEVZIFMs=eW2r*>1Si-Qd^F1Rc?ofL#X!n9xtsx-|2ysurcd`ri=oN6f
z+bmWd9{1d`i#-t$I^;$WP5uz&zJ|0RE(Y;+QFwTTO{gtLYyD2oT@REaU0!~Zp&OcN
z?wKje&@dqI>TqvU1UxRcob&Z|_^Lf*>un6IOv%}x!rR>po^wHoNPPpJs`EHU^KQn;
zQL(F5ts7=dKD}-UB-m5^1kg6r7~^il=gU2i8>;wj;v64uvL=(nXK=Ai?}}V@)wBQJ
zcHWHm?}fEY{W=JrK4=KE|5z-t{BP5&qKw3UAcKEbh>1!Ya*7Ig?|A%3VCaIvB1|Iz
zQm#KeY<{i=I2aId3N*Tb21kaXbj}SQbSmZvfrva$+es~RD$$m&GL=v3u)SlWm67ff
z92ch@O461T9ZR9Lc_y3Z>J6nlL03sGh8n?Tv=t=7rCjNSX3n@^
z1}S`-Vyl%M1@&E)rFY@4a7#2{&cY)O!kunDpvMfeZp$AjUUeO{jha;~lrxmd$C`2r
zrls>vPT>vHDuKS}FS|ymL~}6%v96SoL1$|CW3fdFE;~>`YQ5JXjrRxv`}BPyboFKp
zKjgY$gf3&5Kg5q?M&A<0<|KkJXIpBkRXAHaEG2u9=by}F>b3KbM6q6$w0OdZNQt2~
z-Ov`05PE|Z6gT~(s+`f`^dms^gF6B$_)<8}G;8-)P}?av>ROY?g5+V8`gHruLS3#@
zmO=g3-a167GAlh)+PvlbjhoANQvNl;%SolsD|Bg<7;I^9sa1!t3oVVWKb*-PGJ=}r
zniG%b90Mu$VCB<;Glmb84w
zQCG*wn>IazF2@X2#;?M+x^}w2JJQAe6RtECRTv6i3cE@w@HqzZks(STz|=dsLyfmt
z@re2tPh_?V-(C>C^Z^9tufm_v^QL=n5{5tipq0Kj_jP=G1H|(7?y`}2hv8D_WJ_Ks
zHQ_MzL0hwlmcTuj@(H|j0jN^R*ERd>a7{-+FwQmNsi2w-w9CNN2{Z_T$(`Y-873+C
z(fE2vG&%|SR8kg-tXunIy==~p9W?}weItAHp8|>Pg%|r7sm|YerX}A{69%#ONE9!S
z#v?pjqJ6t+-xfNDK0O>
zohiT36+>6G+$1dPp&YQ2Xfl)CBrqDw;>^*xU+2l`GdKbl6`D+a@3DIsSKFjXq1v_m;4C^W4ZY0e{xC@NY|bk)LNA+a4*u~-%H{jy+Mdt9?fT1eycOIUR$v{`Fzi8?$}
z4geAn-_CJ_h59-KtP>4Ozd9f~l(PaHKPk$9>oX}t-UWsLXsnj)4jm}V1~y?TuBW4y
z=lWivrL#xVxBRB`MCisn8&OwHg!~j?LV_w25g~Umj*#TvWCz-CJtxA)>D%)RmW2_7x(?fPT9}Lp`H1$OUdRuwmJLDW!XV$
zv@}(8?HIlFj*ZY1W&k&BEd!%;$KE~w+Iw;LRB}mWY>u|6B;7H~LT0I4(a<>A;b#d~
z5Q?(EFYs|AI4Pr(MD!y(wbtt@on^Jza!7Mp>xIm?cH@+|vy~oOn0nBsvrQhqFq|hS
zn>E`Xm9}fHKk#?c=TwqI(rB|HCART4FskE;kylLCqR#WY0S?_w!BSk!jlsW9C#&nL
z^R7&{n7WJu_4(p&j$u9$PKaMh~%S
z2!-TMwiobh7dJM`D=qcWkR#7(1w^=R&Hg=;2pvn^@!H((sQ7M?n4R$lXjz-sZkzsN
zht8?qep(&=vQk0nl{tOO+{WwWG4jbMlYhW`#v%3(4vJ@jY+2TNwJB3Ce0#{(AaKD1C(;OK1H
z{f`L=1%b?N?3e^yLZMTcKU1(DI~Ja=z-#(K=z$IBqBN{|O4FIRmVs3w1m{K9r*w+8
zV8qgruE{;WkEt7r;}YeNkc+&xw@;9kqj2v7C^HG6GijdZKw=>?uCd4i>qBL=%Lfe&
zb)1kSv~`5X7boe!_W2;L01SN()P4a0uz<6?hZWwhzDPm2nkL?VMfX`1*u{#EKREsI
z{`*Hj`?rrk666H>7c}POH(kzb3a+YPgD6|EYHO&u0Pe245eJ~5sfUvLz`Ix9nF
zloIIKaN3PKiTdIc|7t~^8OeMVE18j|hPpMc79edP1S-2u&5YLrGpDLGp4f6y6$CU`
z13C;HRq{4W>c9{KonUFEnY;Q*dgF;Hc^|mLuW3(!2%DlZ0k%2CvmdRMezI-azt
zcX+RwyG?{&we+Tem-VuV{Aq~NaxUcsNm?*qE!%#%tEl4l3Uc{%{nH*PuEw4I4-qCK
zwcBb<5Cc%c-(bM?_nSh*pe^`UON8=0*s$5DNJbsL@%;P=k;-B0KCtAw_Kgd+MQ^NE
zr{=uZH#q~EH;Pd*{*dxY{g{#e`xE?|37L=l{I3&q0a}9W9R8Pf1y+oS^S;$+V)T#+?NHsm@cWcVZb)29z{Db&T^GFI4?dkK2
z{C28E4W;=U|9I-lM8-x-jP*um#wV8m_kd>*4rDBhAsSwQAR-ewBsIKF2;z1LA*^L9
zfLAVJ)>?!T9|>eBIL!Zp@vxjdIzXbq9|m-U7y$`cfqE>bls8JAyUq5%J-gLhqMs(u
za-l2=<@P?Oo-TGpQTVdFWR-=5K62k&U@VnI!R`h?)p(EkHi|E)I~+n5cI>)?q9Y?Dj}z2V)ya!KTVUOrW~pO7S9Y=
zVBM-USlG7`%hC!c9f1T4akDU_Z`{9U9GnBXosv(jVvVg4MNwJOTwE_>``Azvu0BEv
z-_>_460e_@2IBNR>@
zoi_W=sI#S@OhYVj!ho^>LJ$;+Pp&gx6P$A(?|1t@fCr1<8s+KC5zVCfB{FUJ(rKf<@vf5qL)vsC>9coU&YHA|E4oWhk0*Wg&R8M8|;KQO#Jo-br7F
z`&+5R?jg$--eUsHX+p`&MQMY~I4<=c|BvR1It)CAi
zF9Bl_Fk(Dr?7?1+9Kzb~s%T}LGppMpe%tI5IjPgyJ6W}i9Y*`ux1KAsmaktE<^B`_
zLR!I5;KI1HU&u
zgd5>~Naf{DSU3$2D{97SCrrZbtnd7n5d*C60HCy$s|o-;<95+pzE
z{AkL{n0GJm&bA_qSr%g6Lf(qX%Po2EPeDtL@DzT=O{s4<`&h+Qf8(#8C9nlMxuNh9
z3_W`dtq@3?V(dhZ)kWS4bKVO#Q#kmDsYTU(-XUjw-myZwg~TrH5Nkt~st#iUo=-Z%
zf3F@@*or37Dt?mFI78fwQAoJ&Iii_oajWsSNG8PjBhFy
zDwjrlRe~?pPI{7nJn&Pka^Ce{E^4u;qksF+a9Ms_Uj2PQ{~H3se_ZsxITp~w(LvbS
z*-G5n+Wg1g0I!R~QnCPAs7;DDl1BZb?>8&pBxH
z9K+>PcE35C$z>1ZWp0G=32Tq`mHv3f#)Zeh=*!dV4uua#yMBsuf^kdFR#n5nV(Ss?
z#PllgbCXVZ{s4JXx|S*xz0L-_KijcTU7SfrC-sWN&c0T&m$Nj4)lx*PVUinIVwBhAR!LN5dq6|shp4@s^5hl!`
z110$dyRx&Bat7@}dv>M1gKz@^yEdU`^0iL6uKeejlJz;nJPezOJ=
zPFU%G{`32nxU2HqE?i)mokbJK9Aw?*L4yM4$wKt!d2(f+^Zs`J%gU0sF=3xmW0m09
zB?~h4K4-xJ?fLvF%rE
zeniug^TgmmFh?Au5^e#svA)C?GP?$&6AVTz4q@H9*g>7!psgu3Y0-PCid~L<)JH!h
zTBnR1j$UZx0|w~`Yt(zibnCuWyoc!4sL7R2IHr#YxQh2gdrkB~B+@%rBWNr!k3W#U
zD!42W?BS>!(#04d%>mFU4$lRi{xWgmxyC2A4-=pJM@->wq_h4<6aSA@tDfk7EdB99
z0Kfst4{`dGLtF+Sh;Y!p%qu|$MXpi{h80N!uk|vva{WwA6)CBdSShfaE>cZr{Z;6^
zQZG|R?n5+pYqWgp^*W7sR_t}eH~HpeI(;x&QzOi5?%ir{b>Uh)@tl>cs_T8l=!5a1
zoWpBXm<|-xDoT^Ix^BMqE%%jWF`-a66Ya0Lm)6g0;7>V+;Ov)WQ!m3B%%1R
zIwudPF=H@{Cq`LRr#u*|?Z`J^O~#Rg7`CJFU4yX4!WwCHRxci<8{sU?)%upuNg_X5
z4wl}UtjC_mRp;6zZVYTSUpfOTe1@B`d4L5!HdqNZ$u#~6Vi|nmq}XQM!AU9wL8Q)G
z6T*NvdIZ30By(Dj91ULaUmN!{Y-tK}sYB+Di!hp`yC!-GYW`2CI7AtmAIvLK}U#FWxnpKB~
z-GiJM8_d8zk_43)B=DrR>;(1j)Zt+)o6cS5uTCP8Y|4(&XIp4}mQ%W|a-iWTNyfQ~
z#}cQmsS2v1>1|VEzm*nEn{^sgTyHfpmjyR?`m|nIP-B#|KvpLyipwz&x>VrcUXZ^n
z9Xzi);-5?=>c1FCN>gn9r;P~9?B-*-4KVUJo_#tu6UXu`Zf9GhXlAsi(E5vdVT?+Z
z(v?n}u#jkuowTzXK+~z{M;i2=i{qsl6l(?yHQ(yOy)OJP&LEWtZ!J44
z_Z>@nu(Zh&o)tMnBgU>mo#*%UVrlmLV`EYC)|I{o7_m_sMU?)bnc!#4L)w}SN+g*#@^)@oq1(iR^Tg@mGKX8YAy
zhplGr7Nh`o`FaIXQsT@!Aq<}OwS+g2%kHN7%}xtSuvf&FC-4p~T%(2q<2yKV-z>2Q
z-cVXq?0zrH&O%{JgP^$A@~9<~wN9S}Qt~B=R8W?9i5GxjBbruFIcxU=a64}w)jx0G
zBYF`=w}j+3Kb40+~vl%!2|D&W=KvoUotm6&c3-N!#BIV
z{D{sP!beb3=b}SjPSs#&%ytr!bjCZ<`*MZ7xdG|N*OR#M=|EcX{5^_hs5ZsG(E+Dv
zRR8Xhxy&7BK?Y=5Z;R8Eb)bOkHDR487j&1=oo?ABS_hL0mR^&pvLv-uT(pNkux5x=*%7nB=+#e&`Nyi_DIcJKg
z;wx8)R4kkMc122%iek9YweF-Dm#RV*b57X9{MERh%3d=(muF>|4zVK#&pggAJQtiq
z%t->T6*SH;BO4P8?OBF-S~nwG7j}(ya~vKX_(-6O*pBk89k&~T^Mg*;B_JyPvg7g<
zh((0mxdqP0RYX4kf}uFTy4Gm$wiMCyft8^p_N9Rb*0?!q394*T&D!-$KQhX?kB5R6
zT~5OBx?Hrdy&-!!d?i$DQ{4*Sn^r-gQaG6wKcZ3N3m-hVd&DXfmGqdJaoLu9MCH(+
z&HDv$1_%ox@fAOUE0fK*v{v47YikHWHr2%{
zc5CeQNkpJR8khNkw|eZR0r`X@~J4lYt;i%?Xu
z3s<&Lo)K^lCfyOYmU@4$%0cutAbfU)n+y|pffW+$ttshds3jOQo$%C0JRi(1nft61
zu%UO1X8tj`UKk5+>KuLZpsOF(>n(qa1BOGe`pBull5zju8T8fbJ@R<&CZ!{jZj&(5
zKGiA7y$r5i*!T*N|FR0p&IfDB{=_}bCcWdj&A~nzko_?q9vw1Gh#Jgi4yD!eJ-jBy
zS0Q`Q<7*@RpiW^0OTrD!OPUgH4NPaZ^^wEgv1Tbl4wD{9LFf&$uUk@vXoOEV4>a)LAIFjZ<{t3>SC~l1e=I_`cCa?E
zw)js=`~NO4B*g1P;k&8H9tA5|zVp|cl|$%4A<4jtLr)Vw)>)`%OV_22iGqsG9&^2O
zI`ed2a+qk3lm-bW3Fq!x+D_s=aVDmowzyBUOxTaxk86KuPgOU48qX(>nHklnGBa^w
zX{st!DKwq6OVVMoT977=a
zMt|*{(`YLQ=I^c;A>rUFF48dPnxD&5wTpyfWF=6kI=Wm?bTnqvU2?nw7WSr8y&}U_
z=iF0*dynqRPyGw6m$wfMyp}HrDo^2dQx7hz?HCnmIXbeaYiU}{jDNbuX#NC{@vT(f
zO=9z~4bD)-zDS#1^KN)FsEEy?w<6e9SZ~u)B;cyFE7nqGq|tDea8FY-u^mK;4hQ0+
zQc)dL!3EeiaQ6d7L@Sk*EoagiBZ^zmyBU(IS#jKc5!0tppY`F&T`XTy4j8cef`+bB
zyO2))=xrV_UZOo4q*nnq<;@;rBlu_SxRjTWkVIrf`%Rua!_1U_mbL-ynD5?v<5n>*6MK;VXy|1JWH6euD3=ZA
z5?j2t{p{DohbMS=gsn7l1b$1<7?LU(X(k?Nrbe1EOY}3GzfNylzXc0pkS6}#QnbkZ
zbypJ+!cFCRcN^DwnQ5fv&U77|FEr)nUMImbKdnfr0P=>UUpkoQxP%z}yNmEX;A)Sw
zSoNAgtA~xzD@%yZT2G?dora>RBpd0@Ff6=CS8j^K3s>s;@j+WR^x9}<-W&u#1FM_SnKSN#GE@fTW1GB@R-t86
z(bI&7W@nG%%&?C&lywsjef`Put0o%E%v<-)D7`e*7vAbB&E$;c2DpruEY#EJ?)vFr
z;r%l617G_1->9M@ZN0N^Jo=g>M4^`bQ&|yy^bv-Ph;5@cxm_;87URCM3!7g$fBMWD
z9lOc?S#I(j8i7fp=QSWkh$GcCvU_gP8menq0pEp_O+@*=D}$Svl;^lXUW|1J>{9e$$H?bHuzj+H#~s
zhkz?P(B>%(B&qlm#o?kX*D+9pr|hh@WukZ(711So;WB^=
zbgPvN1y|0=5&Z8p9|isQ!h|2lhZoF0p&yL@OIY#0hF?SZ5!oJoG#-*Y+OWLs6ofor_U@2vy*!Y!&>9IK{&G8s~+J}M5l(KdXgmTd^R6Apltz+a#N
zf>mjdcC^C_s)H7N1XL4k17HqyZPTNb?b$zMJ{l^E$Ecwym|2=~Bzs;gbLh}Fh
z7!y@rRq<4@y@E2=e20RnYfK-_#Ldp?+J?w;MFPQTz~d^BruoI8F|eE<>wY*x1}~wR
zX_(@go1ciizLhAKvnc12H-Pd>uf!&<2q&{&xVQ;ecpt{;0Y7$XGk)4%tUj+lxbkH^
z{OZ+xy9ws{M9_bMPCBE)n>tc7re()qxtO|V!E2iCI>HeDx|A5oR20i_cI7)$Y&lXp
zts?86m*X|n{Dah96hy?q*<@0L5C0h=^j&POC@aS=DGUiR&s@d;|
zbZ}R(+7Ex9?B`~LD+&vCFN0!WA@RXjmBYLw!G;>1y~WJ$n*_RD(eNlVizVX2s;9WB
zH~6W^DGQ>LTPi4FE{dKKF@FT~NEoF9K_~U@tt~`s5n>b5a(TT&G;SpP^#}^u-xwHf
zz|wJOh&EP$bR2JDnF7$C`V=@xClW5pDwc#cEwW-H9k;X8?wYhUd5QE33l|TI$I(N&dwuJjY7KXw
z_k)hd>nG-C^DdscX*bTCj5ToX$>uxvhG%@ywAA`?2m)Nn<=@B4tuw6V0%0PhKyC8F=g$>;aB)e)Fe;hjb
zf+$8h38NASIZ?+m4D=^ndsFa~edMyrWL6a(V?s$htTX?q9}M8KWg^4V;+|88Oja{ZKM(=1c=-Bu{@4xMr~J}M(+VLV9&@hSN5iQzP%eGmK3lzM68OgC
zXid)*Op_uSS-s^5T1%FIAGC{xg;Bkvi>Tf<7rcj`|8kTUqtwlj48d}PON}l}O{}1z
zB7wDm{;LCj!yvBDQ)xYZ#C=h2@yoU2?_IMy?9FuArX-4hPXJNTkgtoT70a|{%V1RD38vIY9D3IK{>k{@Fe
z-$xXy`^e!t?=7>CEM6<4Ha0ocfvFz1_Fcm%d7sryN!UP(>IQViQQ?qnTQ-e)S#fW!
zG+cvtB%Zc?YS-(I?{WIXw+!Vb#bdb^<9)n!>JVchF-$sw?L=jLJm16`4LIsZhHGV`
z8WIi+M-MI@lXgpN;07cY9fiVvO&Bj~3!@U_Szlwu(cpWW4}3{L34Rxawq+RWvm
zTvrhslsWZAoFaFq+SybFcUN*Q*S5mn9*G@Vd|vE~I!EEPMg674v0v#?7O=y{P+x0j
zVz9Rh?{`jW!K8s4v)_Nn0^+&p0|ZhO_%b~*2bpH2MA~4)3|tsn_)s?Vl~M@sK>kS*
zMnq89r!R8#t^^7S%@qWxK#+BWbg|wz47*JsP~l;^<<2WnbF%k^)QdF-pLu;`iw)9g|ym%f>%jn-|yML4K_
zVj0f4y>$K1fV6$MqV*c>xzsD>Su9%QoEFpMD0>O-
z$Gc;HfNZh%yC|hCxly~6ua+16E!yyysqTy23GC?yLV|_*IKgH|LZYm01|-3e&2L$J
zos)5%m2*ZDIqDn$v!N{&fvrrxpI#Ge^gCKeY17Cs8qV(1$>=75^K7w9zKk%|p80z1HorgMJq+Pw^#olh(u30$-QISwy*N{ngzA
zUl+3l;jzVv#Gu31dN}O7y9rAsre5sQ(qr(aY13-@{xP5s9%B*^ni*Tzn`M*yf?(#N
z(2JA(k_`F28El&PNOvvGJE0I$7Ie7L3FEjM1i(y8HMKqTgOIpVA(vsu~kO6o1-zm%HgU!VBVE|sHo6hNs5;x?2P9~
zy}w)|P|E@D4CF5PS$7Batkx6nJI^*iF*pBoJc8$6d3UD|*D!yv<>HCk$4jWMtG=ua
zm5%ZPcT0I|%n3kQLr*@k^oG3>&XCX@HUGEXYxd5LCH8%
zsb2rs2g=v$sWjC$;G8H=9Inmlfw`VY5VrLFQp)e^B8E3vx-k@_O(c^t4kpQaR~dB7
z8d1gdnYvla=pkQl@Z%CvKkRN_`0l6_BiragC$eIK_f=kuDCl<7d4`Q8zIfWZnBFz4>gf4Xt_gFKG+Xv>L9tvv
z30Lfo4u1R}1w;QvLHa)({Qo1hDE@WdEo5P8Xyx$l2EH(9<%4~QH`qx*Dl8;_4igsU
z;_CxmKG�ovhL2lc?6Nro%i#6rp}7bVGL;~Zt6EgngyW7D3Sb+*PSVp@*<
z4njsZxl$d3ckfag9!IONMlCr!%!nZNOM~(&L0>!=NjKB@X>p^%4Jts>%)I37Ex|02
zEO)XJ+%%D>?~6~eqb|-f5e9<8e+YuIeJ7DKOC=a4SH3ASvl6f;`h)reI@LFF=v7nG
zKx0?y@$_|Oqj6XY<56CW`~^g)s#6RAFPeFz`pHD4SZs&xyxga9Gi|&
zi?OD7A!-{+Rtdx>Ti39-o?(FKWRa3isnaKg60dHS0jy(c)u?|5*We0UnbdUv^ThT<
zW}T&}U`7l{iVSR#L$?fa_uP@RRLvMhJPtFAw3pblz^0{VsgXcEoKS%IDfHMSYDU63P1nZeL=w^0f
zoRPRd_0gV?9Gvj=mP43`!`3vFTQ8?#q^4Rlf$vt=g5O6M
z$;PtMMk57s~xK#ciwxm|B&_BGqG1P>N
z4B;I$?RPh2@F&x|N1|5@ys>H7jN1YRqKV0P-h7AgFx^m&3cP9+0ZGb($&52)M`OY-
zeYWwc6qaNS^hJPujQD}LRK*Fi)-YBlYorRgccP0QyiK-v0_dvemnUDTDL>Z_5ad;v
zKaiZ_MdO#6tM_(%dh7Fgdky>YK!wzG;4z>D!s{dI!p0X3HfTrB)PkRM;Ax$d`RUA|
zdGNdG#?^-g@=yFWQpct=8CiL4X4+|@v~@ND&Es?)asFF2c^C*CyzIQ`$T8~&<8*pzxWW2GaapyU5eVKNA$|GmS~{AGMA_THJhI;pXSS
z>2Gm7;u6&yG~IGN?H|HBF4R{dP$4*$yH%x{=|E^`U}z3n5Tdi7oW~pPJukSzvmjJ<
zcC8^QcH&rcB5cIR48gJyMHS~%w;mK}7f9j0H`VY=ZG6I-PQ|-V)IXKbx~_3VY$L}w
zIrj3Q5ySD1%!N$RxNEDP(0&Lt^T@;D^JGEL3}lM45HKcP5=2OELk|kWs&a)JNr1W0
zK4D-+&8@Y=@2jEN6qTFt>C!$wi3oBTy?K2s`V9>tqMCuWj&gT
z9lYeHhXMUHfL=e(gng!Nm#4>q`-(ta{bKU`s{(3(rWH9J4zwQHx49o$G3|cg
z+KFx&TR8f6T=e5zffOxvkkTmf#O8Xa&K+l6
zr>lyW^bO3hAwj#la?JhW*S6rx#=3j-#RJvrXZH&yg^Mf6JIbVAye5}Vn@;>HJrK#iam$CK=d*;{JEEkG52rRr5gP1L85gaVY*G_c5KJ&Ua!e7D{b{390
zpEh2Evv#SDGoZd<{)7SzH`R4LL{1BlLh
zFdeKisV?w&d%l0(MAw08S5im8s{9RJ8|RdELRypXBg&8MS_=UyaL*}$vre~w7*SA<
zX}`DYw*y8ySEK|7;t1GT+_EsFH#30>ID*yX5k@kE#@5P|1T)-V@8!p8iyB7{Q+$r{
znI)p$X8I6^X~Ub4Q;sDTW{5QM_?dMNtKZOlZ&zc{px7i)@A%>%xBUEG?{WvT5{P?h
zIeaf=W@k<*9t)_H_i)Ce1z3Ac^|&ZHoU0buI|;rIS^BdI=^NoTfh1DKOqhzN443JH
zZyeYJLE+!lI0ZPf!JVp)`OKU#6g%io(Pr(a^D5Ma!{J7}j7Oo3cijjDeS>tftV)>9
z*?u*pjwl&{JH42b`vsl=+S?n>oU3pr=D$hVQvlhLj0Cuoyo-qrWD;mA@)njS%eqi-
zHrd_TppJIgD$b~hb~1@{mi#C&t$^rA0Eb$ZHGZt1jp=06V#S71F>&UL2*mgH
znh;9MKvFWb8ftX;s}7NZEN{PT#IOl2rnV(Z=lK0z#5SgjJMN8(o7awwhs@-+hf(ZL
z3!57##0(_ZGA0Zx$oP>|`!R)N`9*2W7A&n&92NCH%NI=VOZP!@2}BajW(gz;Or;{U
z#Z0ZL3;JP(ZK%$OQDqF8qNM?j$uR4=D`gxNeM;DdC}uDWV&J6#iu#j&<6yu2!wN;8
z>wj?OE(R?DKswQazbbL(n48V$T-9nVm6w$7fQ&nA^6ZB^M45*l2Xf2(}Be
za0c5I9q9E~Bi<9HE@7xePQ-muzg}-;F2U*ELYN5F!ob}ow4P_QP(>fs1Q){n;@71K%2w%
zn+Co10B%FsClAA^IFcBpqa^TAhQ}%}8knHFMI=OKL=+Lxpb+Apu8-C;JgmlX7n$^N
z#1gu}?JwQPTVspRmFY5!gxy07Q5BTq(B3i^6}uN3B@Y+PscajDplw40h4F}pv5APQ
zkYWV|12pP>>i1ra?U_t0#!pZfq=R#iaiTcXmGKt{>pAHa6RrrXc^oT54m_vuoqA((
ziV!$SlsL>6TGArlF=_#6vD;n`k-4fkdw*$5)w~o;tH0^g{t8(S<_VC&fSpcIzb*o3M&bx>$3v=6Fom9tg!fi08CYy(I>XHo(>8FneqC@`XnrrJ*Ua&
zlp5zhI@$p=KX8daD02(J4KB+{!VW@v@~P{R)P-TURshmv5p4p9FL;9?dQ+rI0YTG#
z`Jo}fq>npgYlRxbhiJ@NHU|{B&$ZZJnHE`B*FUY(a2n8)0mNPR3eyuqa7)Pjw}p+;
zvt-Mv5CiIBF%$`m7GY&$ZIycRko%7rr5!Z|Wy)GDISilpKQ(R6|H10D1emqD&E5xn
zXI|mS_w)P8BNkGNn~;IcqvCEn2|bpr$fC&q@QX~Y@N8Af5`APC19jz4{6X<
z>&L~H(Xa%4jcuRrb*WrnkE8^*JE)Hdi!L{>++)1GaqQYL*RU8TYTww3o5j$X=%#%f
z1C?ukPIesRO@kCV%{jwQ-4#?3OARs~HGx+*?7ZqJ%kIH_sA?eMSxE&~a2mvz4~amYrf;Gv@tBBu2)
zVLu4_|6}bPqbv)zCDE!xrFPn`th8<0wr$(CD{b4hZQHi(%+7O9_q(@8zjM0#jrVi!
zA8U-g_FD6sF=IwVf0jzS9p`G*3Vugvg4A@=ak>ZMiLClMtL{yii=@qG0#!XGe`#~(
zZEWUp5nLFJdp~a8Ov#CvGaGAhs#Y|&d!7Lf)p1?Iat;+?0{S`qtdRtA0y4SEpl7zi
zyJA=sl9$b|=Sj$^m^+J&NV>@%i}TVtwjW4-AM(ZLSv(6MiCmF}J*z>YKzye{saqNsro@j4v
zoNhJJ!dAD5U)&0#G%z3FG|6+kFxV37yx8CHC9Xk4Jnly7LYT~rTXft(cCdfi^jSJt
z;l{2a_p`nwuTvOoGrS*e9}=fy!acm|8i(Qf^p9oUj-ze7g;p42Is7!XFAnSyzHy`;
zazD``%}S7WDew9urO@Ze(y_=&?=C@H(ST{OuWiu?z1k)vP9ncyASAOTNIkk=PmZhb
zGhNqb8@7cHD&-&|T0P+)b6!(0EGey3P{c`aaSy^sIQ+YrF8oT-c@|@alpis5$}xMO
zI6i)KXHsQbWN2DeSHJL#Ga{DWRQKGOC&1|CgBxqL>a)WE?1JF(OJk}?MSUlxi$$`f
zAA49%X`2v1lr?*VV>;iM>_VW)4Ph4eF5C-dVj~{=3%11Ie*Y1EvkspAtt_Gj1Htn~T2Y7rs8YF4ILEN)ieNLK6OC9wWciZrW!@V)WZ`Ktv$Hwu
z+Yjrg38To%i{xbE2b+tL(;DRRiz;GNd}ZpV>DFw@c^0$0DGr0}O2Xl+K+>}V4!rd-
zD&_YoLk1(I7hzK^>q_>1q1YAc#9$QCqLC>h7h#DJN9yKSX<-|tQ@c*x1&noUOk=|Y
z;Bva1h3tv^>I^~-O3_>?bM1A`>sy_avLp{z409+hO$+#)u
z;keKuYVHAd55ix9%(8xFqlQL#7Kk7)7u)H=gykT}^0>bS?;MqRyH}H84%RmfA6-CP
z&F4JgBUFHUY9JF0BSa_Z#YQ~xOI4c0Z$`UTD7gkQ(0WB4sp6j0h&zTkke%Rx0LVVM
z$Qyr=o}i2%>DvJkzM*MJD>Zyvbu-wKW}|KFcQdtFN#3q$+=E5#A{zrWPCpQ9nK
z&G%LR`$RWVic=bx7T{@BrR;`tbltqTHekXByZ23>$!`iPh02X(kcK3#dzG{GSmLD<>=cF^JtU%
z^YzB~$B>Pt&ai`WU8A8GyZZ)1yI7yv1XIL9D<$SiO`$F-wzivMUwjLjr5Av2d)qsG
z1T(UzGPS#sQV*cXY=r@&mJ^Q%=W401zZb>hZd=>VK%a>@r-A{pE2f=HIvGXIuRfN;
z;%X&!!seK%ojROAUHn5DWHk|{>>y;-C?+Q8$}Ki=fWs5GfB>6_0;->)Xa}=VlC&e4
z`snQlG`EOi=vG)&xz(F1l+%UKm+AhtoY-8+A3WBDk>PR1o%P6d(DIi`W~mb9tTMvh
z(t84k!#&XrozvinJ56ZPU%6RKpw=!uMi7{!Puvq?^!Ce^LW^q~>(=~d`Jr0HDV2mK
zjVmE0W=_SRL7hhaVWWgDKjMXq6FxNBH-?xA
z803&pAipzRFvi=79*>->>I+jQYlFQ-*Qux3=Z4a2dzlw5ffSm3+l*N2b)K-eR4#~|)
zxWsVo+E*80s6JU5s7az4m2Oc}uMnTV6OLqD$aQss!q6Z7FB?Vjp%V=CinCI2dWunc*)-QrYMr&DuT5?0jG
z&*=fh;XR;H9Ja<8`|T2JQnB)_mlCB4h~$JZ2+r5RM|4#tuiOn3>%cj==Y^o257kt;
zlbsIs#!blGhd;&2g2T$&=e`bUWE%8i_`0n30fYnlDAlk4e_ndp_=mr)iY+dD;V&;-
zm7y63D*QZ+O`MsQOpMTT?9jqo(hu|d{9NFYV>Y`bF5J*c%l8!3p=ZwHC$NT{N@85+
zjTeL)E3jxAT^ZcZpc{_>?gUS7aqflJ(Q#N2bAJr(V4R(gKwloUp>+(q2=^NtH+s?x
za4`9p?g!i<#`CL2F2h*HbBuYM9siY|lCYBlZOV#v0|6*Bwp;=WdVHeFHVMi2&&c8y
zKBpJ@8v4KtPM+Am2s1c8aK_^QoF6;WkO~5$l+E`T6Y>Ed(hoyrUo&$aDArQ(oAmdc
z($_PO+GO|D{3gQR;0v!I3UAOyo5NK-d|AtP{^)BP6_Ss;Cn!?vpc;Kd(l_=}c#2ri
z*hB!s_sIZ?K)rd$79Dk@wci@Sd9TH|xseI>a1b;es^I39vdy=+4tBTX;h`xSerqGC
z6%9JebVDAJ{BuKT2L95h_Iof@_C3P<*ENy$-ybC+h87mq%GP!k2LDq*R8qH5S4P%U
zZgo>h#2m?<7d41wfVO=PF-=cqFqI$_E5YbT|Q`N`nmxUM1~jkRY*;7bo}Y=lPhoMbyJ(>
z+)EniBBTNR2%+-=94U+0f*B0Lb3yWU-t1vC3Iqiq
z+41GE
zO|4XF)Z=djjR`eqN-u9O{vI(5%Fr2!k`?i43;Xzb&2|4=GeBqC^~-uCeL_}vCHg6x
z8U|}R`v}1(Mt(6BU|u?T5Tc>H`!zhp-|jie)JLC?no^Ris4BZ-;TTn>Q6tBA>k6%I
zy{E;I5tcEQdbglaa?IP6-62U4akK5w5^vbf7_f%W#EOB=MrS9|Tc4wMIAOu4oZdho
z=gYn$j5Q>%0A`I#zTnN?3Xq@h+i9AUm%|1T@EJ9mYO)5iqQ#zR-ZoH>>!<$0yuZkO`Bjv}=-I1+3$DT?JU;h)F
z*6rp`AGHZeQSd~03cEg;KuQHD5@=E^uCv<8LkNqGl04MH3WD^rYz={l(DxxQ3d%hh
zA}N|~I9HN9V5(RgDrdV$#b)^Q2M0N2NF@wl-&}O%V+?nKKyXwTmY#)oY5L$)f%M(v4?HUNHw!xWGub^eO$s6*y
z39MQ3p(irCI`tlpaC4C|Z1BCPr`=06TxIo|R?8Z{Rm|D~{Grhs`SJmvC8;XcT!P_P
zx#mjozOia&Q_&UXhA;}a-4I{>jCYdF>G}#znaW}2^sU)09GWG9i>HE%XN|F;HEWT5
zo{W!`SgHAvFsS=CBVmged<~wN_uoxud3y}YVVOJd$Gdr1tfNVm62xaZY0#Vw(ZWmL
zK7YxU!Gu$FFse*cs!%=0un_(jh{{bN3-04Quw}yF|<*
zOzuKNNzV>NZ*!!L&$)zkY;$B5EFN705?gA44(>L2Qh9G%pQp|c(4Hlh;jC)to#nE{
z?UJt+Qo=gGG&L)6J_G~!+^X8f+C~llC$Xv2x_8bpot^7vhx-KTvbBA6Q2N+-PZ*Pq
zAuOokJBLGEK+?~YHh{SS8uCYoAPt|aa$tH>VEi&-#m-hV9N*y)0<@msk+~C@Fsde-
zD;$S4HIQ!qd5FcLa0Pr#*jSu7pNmaG4F(t2S=g{=48NDey6qU+gNgUlVx@~
z^9TM_*geohNn2
zi#sN=rVKo75k-#D*QNuyA%oR>(h3~Q&>uhGY0_ns@*w#?8$2kt|upPwbR7<<;3H5ebobN
z;E$$TXF*+}nor=Tui*@CS~c&(vOCmK$wlifi>?q$C35?x@@za8QV|d~PEOAXU-nKR
zHzf>-Yq>l1)6v>*5x%54b`rJ|QQ-40t#W5?sH85tFYEE}uDMiincXaptIq-Fmo0%i
zZZhL{n{^(Uh5lckLfuC#<|}MPRv!%wHoF_g
zUAnPZ#$;)MHhEI?{Y5}Ld`+Vw#RhSgGhe7i%SsKaiU%n+wrPgMAsv^zfBu8oMU4>Z
z@A%%J>Vf%pz0v;$FG@OEIGBoB**oZ3>Hkl7J3&G78!w`HHLe(}F$BtiYahsi%rU{`
zqs1ih#d^V|HVzXBl1y7MuQ{9;HCZwJ)?(3m21|F#V;*JrARi5h2ljdpabxJA|DArQ;$)UjrGnH?
z3()LkNl3v;qn1pXmuRFR!m15$@|(?(f}B4>a7v9VvzOX<1SFxBBK%3rt3op*Ya%4^
z3Ne%w8#i3A*rEUql3cqNN;b%~W(opkK@-Gu3%$ZXt`o{eg8>`FkI))#u6z{XThmA+
z38xnqXY50i>!~K+v_qnE(+|V>HtT1LC#lC6f0&v5OJcbto(?I8z(y97R6$J{Dl`(>*r?lA$_>E2{{=moz$hKA%VMJ`XQRP4
z4lPp`&5=iBCj7KS1H7uN;x!X-
zALNKO1Q??WwDOJwXk5D
zD!LZ?w06%8TJJ3*eTWa~se7tQ(?OeY>*$A}WrIeN&2~XMJd$;FZXaWP?H6s#Wg=D1
z97GVS7z-Z+bKdFWI7qh;223*U>sF)
zBdul?6^2#cY=K*9CtX1W(|z&jyygZPGbQkl=+BfYK@dooTx{(4vfT=vcsJuXoV?A2
zZ*?If
z>@q>p!ACNZB*oMIvn(Fe+jnk#sv4Y&3Hq4h;*XQ_mwfvw?ki4F=5IXea?kMoaB@9f
z@Ym@n&F%*{ko{H(aj>o}oOJ#1AFT86l<7(
z-unA7iwic}G9YLDZ^nJO6HiLwsB)Y3D9_$4jHF=(8!th(8eaE3j4&%m_B{Y{k1u~#
zo!zRa`$^RbtvM;fn*p
zIr3_dppJZ-DqLgGakuyxgz%6hoZ1FadzUFwC+c8bpXu%yH2gU-B@6sS({Jr>DF4w^j@CO|B#dgo}o5Q=%xiIp#q%uIOa|#t%8f
z3Iq*JT!oka5T+_yaevW&%c9!93-iAQtpA(Yr@VA0#-?jM5(td>q#H4KJ
zPkeYtz9gXz9{9m50i}$Hx`8-({2CLhWD-%Et+Tuub%;xkvxjZ^%nTU1r){$DtZXoG
zR`Lz5jgYp7oe;LrRz+7GrUed&crT@*oD
z>hW0if2eA(q2o=Boju|77taR`0?ka-L_~KpgZFR?ZSrT-c-XBH5hN+E;4!S)e&N+y5N$5qrxEEX@+Dv!WBxf6UZ^bywot0VTsa0
z@Wjav=8bn8x+udn!I+vY(PgXDqLLSjFmA9IB9XjgmgwUgMnb^Oqb=`yB}tu@+G-?0
zk0L)uV|oow3&|W_ZsZaMM(m4=i^?_>j7y#R4u)`b*hBP_uaWGjjkN(Y;4tE?<_SGd
zi6SOK<_BZT6ZwtKk5%>ua0&_vuXg+4u4RZE5=(uA_dX2$jyLLiQ7ni0FQgl!qQG|8GyGVn8eEzrnQgMk1a|9OgAn!
zNRf#IsyhxIjX)XXg_YQh52+?D&XU!L_UnB^A5zI?iQ2NVxXlgV>TNDFfB{Oo)?>1}^lRyuu
zBe~A3u>JD@h`;f@^|7Xsfv^dgVoG(B&_VdYPSR~yRZz;(wJbYH*l}%|cvMdSrrc_i
zWN;GelSrFepoH3dT7N!?
z`Ix-8%3@l*xQXf5az4v!I_q%gs5{P8m=&zKEs+HDN(OVk)k8MPGrVxlxkeW!&DwR_
znbqpH>AKumMoj%03s%gOeBaYMy7pX42kayr3Ie
z?H*|x1ns~5)U=~$LpEvBi_RWxoyPA^wlLh=f4qVwi;1o=K|Tc_uIA2!1W->z6ld~t
zl?SSOap9EJW3gu_G5I7;TbFoGx&P5wo1MK^SbP`puYX&_|Ah&%{XZ-k^}lWM{x3b1
z`ToTa^S@l~ALe`Vrk0Ktx(?QM1poNNZ=!2uWoYrAfoB;CqVoS>ezg$L=pu4?V+c(&
zrU`s_K~Q<(`zbMOd22|d`mO_VjB<>KP?TD*+K&gq-ENp&rpbKCN@m-*M{BpnlYdK?
z?i6gzYI}b;KDEEx+?_H1;BOwHDO@q?nP#*?N@Q3_adxcRPA%OF^|wM5tCu)2T9Dyf
zVOHq^kO$i|L)pi`wrGKmWn
z1{M|c)f^ohC%2yhb9fcM_aCy%UGSHOd`x*ATvM=N#H6W;_p*D_0HA}k@4f-ini|7^e&|}(~H&XrwTQ4_yqb#nJ|3W*fja3%l-Z>Iq@$H0RL;5_+Q`a|9qi4
zl+7Km4AH%em`4cKMCDNtj-i?IlP8Ey3a9U*2u0OJMCC13&D3Ox<4%l5FDKd9*TNV4
zoCT4fR6woQYkcG&TSNl%%GMPHWM1-c924s=~q@ZEPA$CKbK#OHm^E3
zt{&bVPnK}Jkh}Re2b21TFN()kv((OV9;lAG*j%67K>x8s;Oe
zD;GYtJwZLoH3f{8pN)ofGNTHbRn!Vcoae$ogd6Aci&WCi27NF=i09HHTCP-XQ>1J9
z|2Px}7aDldpaA3m9bLPh31TmVkhnng`WYs`8PqeV<0@S%G0gJ_)%m&I
zpzwqTEYSPMR&6YFP=zeQnavbt!`KH54j_;Tco0x{$GNGZyRoI!-E-Iw*=58mcyLoW
ze5j0K+|+HRNt{A3o*0;Za7j)r2c;y|Nbq$`W3QAM;rD@>mDc#F&zv~!y*7{q9Q;Oe
z{ji!k6|7V&w3gD!DJc2|jY|U&^@q-4ihNCNjaD%<%&T&R5iNoX4~EPJ<;H+KO7=G7
z`|VgbGaJ$~rq;SO&_>z-=w^vtiqvKf?Jr|DCo#6{D2WY0%>@+{8C&hZiHOWgdc>eY
zq7NquYDGA+*0$-mFq29Z0?XAH3#vF;O5%NWel$4Q495ooYSov?O}1eN8O_%k6rDOc^#u7WnAKlBTRV`f@t9S*=R2q8JW-K+l^FggO>&Pr!8^
ziyV#xDC;?V_ERESvfY^@^f~IU%_-nPrVU9@T%NAqUezStm2~LJqAYnNs)t&RBqP<{
zA$8$WiKO>XY-~s#^A!WpHz+#lW^8G67E+vRba9+U-+R5s!!ue=pHeuQ6P=UoN&(r
zfzBhTmZ#(=XX{!kwxM>xOM6gDA}saL&6@>D
zx*ABxFFPaFLKU_&158qQ9FoG1t+LuR{zfHi~%=e6wNpWo%dVOKK)MRXcWoIRKSq&wP>p1SmJm=v}#<<`s
zKcf$G#y7ezTc_Con6XeF@R#!xQoEWe2yz(9o4=Jv>{55*8=Nkus1T#Bn(v8*6SQCH!oy>NR}N9Dk{$t=>}{Vt2_Edq1ewapgQ0T
z>V1MAIm?;Gp$Trhg25Z}a8F7=bpr0-2)zT6cgTd{5l+vuVrbeG)r`2tgQndM%RDNs
z+9_RM&Jpfc%jKFVBS6CLTmOaZ@@Ym{b^6|^7`-z62oBFo@CnJ
z5hpo8ffB1Etv`qtNR1|F)Ak;l@}{n`dx|Xh_IH*AhO}gQS+;YDC*+^F0>vSXsqK`>t!l`dww79wkXK9Q2y7{C0KM
zDHTCwO|x8^a534%GNap4kE0=s_h7PEu0K3PSSO6t9B=oLW7o-84&~1$C84))=N7%Y
zcem>^{^~U`*v$%fdTwcUgii!}2v#f@HkOUNza)Wde(?zCyJOYsdUqw^_-t*euGi=cF{dp!^q|c?Bmsjx>BktUChKNNx
zly3(Cxibh>nAZIHKA%FA@SGxl&pXV4%8xpQU-7GM8KyzQSby`M0SBh!gQWZ4c#8$;
z-wn<<{=a}Ec?VsG{~r60A#eWeRgT0tx72vXSMytJK)GTzamWwIObk4K5oB&Sc!4PL
zrq4muc9<*H^SUjcK#u`~>n$(Bxe;0YAbf+!{^&g2{qoxbh}+BS1x5#38jVSEYQ|Dm
ztA^6g=i#!AI3ByQne4DKS
z4t2|WYPu9a8##@7soTNkrHt8U2b~7S`$6|H1M6Epu~QhvaELBP?oFx=mp2Hah_-j8ylNo#tx-eV4J{D-24Yjd4g{)`=Lh;1rdYj
zm4`So$eBm$mU2g}>d&|7X_f0z)P^fj)7m;J0<6{{!1nl-=GL?dLu)^65eg5sp7S;A
z-33Fbx=w7>^wql1=`bI{CzmM%kxmNvphE1IU2?A?O*uT7Y<%=;-#zg<%h0$mA0XOf
zqTd+r=12zXdZ{GJqYMS1VXE0NDqx@ZI$5d0+i$Iz-&O?=PgtZ(L4`lo%STQryxWA+uC-4IWbX-kt^g
zTQBf`;fD1up};>SbQMaf_H#<#o1098jex-bPf>6N7AL=qztw~V1X3nBzC2ibh>1!u
zf`9PED+&0Ig`N_rxU;Q2Pvvn(B}9!zC4z}@UenkzGRa38Z9w~*VHY*0o-*z-?5`fQ
zzus?%eRSW4r>QXm;|oW_5=X~kQ|jjVM#)49C%{T$MrGm@p$H{wq2+(*qk&gvM;;Zh
z&zdEw+r`7OIrWbZR%jSd*BU9?%6D??VZgQR4_gvFf++
zcuknkxfh4&Lrxecnm8MVa<}>d$7-E5Y?8NU=@KeTT3o2do&F?blKwI=iuoe9Fdbl
z9x)Pctw1TJdJJ9m@4!13Mjb(fo#mXitGCWn#{tiQ;EZQ>7i>U_nonq&fm3U~(fNIG
zH=%LbhX)=Ke%#*(WA~@$Z#lon&ksC6ws^nO`Sv3zeB1iwZ-1RuSvmryN^t2)(i0`#
z26~~K-zN&gdpFs+Hp)ZPl3M5&P%2r9<+(ZPVRgQ`U*XQ+ER)q&ffPVevlI2@%ZN`F
zfwS`nS8YsqdPw?s>AhzP+&AWklk?!4+vuEq)1yULImCP{z5sreN4W471pXy)pu9aw
z)x_5FDf9#2ZW|gIm@o95gEijFsI!)GJ^K4WPh{@8cx8jNx$_iK_#>N4;`r{
zU=flGLJ3GygDi)C4Zyu!X$6U_q?EM#qvb%7i51F8UGDho|H^ll?Wa?6@gZ9%h;>G=
zUy}sL28*7SCgX`FB9F1fOBJD`oOP%&d94a!4bXH^Z5o@XNh*hevED?shMu`6j~eis
z;@-)A=`3@j?f6S%aDf_l`$0yWUdJXmd1Y`ENgY$Yz~SDs?dw-g=`1Aadksasff2v^
z$9ce2nw{dZA~+kIkcc{s5TL5j2}$h;nheJ>QKyvF=absM^TSA&wc6DvsK`lJ6Y+Wb
z?XRKc=Q6_>M#hqo8!K|bP07Bbp+{1I5A^Us$?r5gJJUk
z^J-A(bS_+M%i81+NtMoQpkM!7TSfSZ4Tj6X$!pAbgAuFOe4Z;C7Zq?UoE(<1hjnek
zaO+pqk2vCZkC0sbS4DUWpP+=Br&|~YPxAssk+reS2?y*-b_3xQ*tjC0llWvUlCr-6
z70fo-qtLsX<&aj|ZG2{krRJ|l<<33E;1cbNIy8TMFWdmqq#M9eDj+W4gJ|;>&b#nq
zVjhOjOE~pMQP%cupurcliRnmb2KSWRv;qxHJnO32tPH{XZMIh%M1O}Y&m)qpcV;~xsv!M<
zI~WuWYvJMp+JKfO^Jd;jC4Of_v`4~e=x3Br8^kL&IQjZCaipCc84fyY^M`N+z0lua
z19MXq!5ph6o#6-;s(qkgSyc{f7_k~JS#Wj>WD1IQG3?~S8PnJaEVo3$y#9P7aucah
zzZA;U^DY=v?@i>it}8$+7lSq+%ZSdY=o)1qX>eAPZ!(0EubA}OS3_<%J!Dv~tV-9O
zMPK%pQn8v`7u%h?V)w`JX{KravZ@g@7)Ax~3_-}1${|}oQ1w%VaQ!8DI|C|8R
z{_}vykkgc&lR@*E>}-wfEzAYT@RC;N$noq8>8Ixrguneh>xZHmS9R{4JXf1@I_AFp
z#&5JixZAMTM`&A4sjjs6c&1xN97nEQYggP|nZU~f{6U;!*vF0a0ToY_myVvS(;q*d
z{Qin4SHaZ>GXI5Xl4M0&<*?zjRR5_z{PaS)WOJRzm6;_JuK*W3ShVme9piS7U?
zA5Ezb+}x-eIOq37^*ydKsA`bG{#12A%9Vl6!|8hk%7Cf&fGMIFO@CAw;Dk7l
z5*wYvFa%XxnBmC<6M6|ttpk|!ymH5N=Z7+yT+uoXWR`B83R|V7N$L<;r7lxApt3A^
zP~sQuxNL`A#bCA94%VH@uuPQTuK_~l+1$)BGOHb@WY19DQaP)OE-G&3NFnus4B39o
zUyQBX7U=lAm=I+E`WP9@WT7%mOD2W#==|NRH(}NBH}7D&*qtEMYRHC(oUuBvW#T
z*DTdeI4V*OyhyCu0N9WWJSpPs1Jrevuf>-lFRk*PsJ|J75IrKdpQWtcB(R^7?9j
zN+V7@b5BCN1Y(WS2Cyn~eUQuHEA_#m!JlLXxpI8@lLKfi`Xv5i
zg84tb{mR_&rklO(t>wu;x#kJ$_
zWWl`$Yf>YiuFK7dNPC?0R~8y_J$St}K%rY*L&C;Y66`9Asj*Ogjw1Y>Zs9
zQbMEJ{wrvlyj_vDmmo?;G}VjjPcx;q(iAm3ei@-MzA>~wiIsgnH2W&2C1WyH!nsc$#5nWKV^Fm`wLZwgfokU-rsk_
z5^IQfyUhP4IG8_#je@fZ-H<%z$j(g^
zf2)pymKWjTTOQl7(8LN+H9B(BI%A!Iv_h3O@+N|p7JJSuS42Bs5sW~g3Tv36n8aCw
z+{W`cO<7EojY
z(#pIzb5ff*W=3&~`+SqwZpx;lk=OH}BMp*vjgKLX8m@+CK4%|3s5nGp`w8JiX89#C
zkQO3x@-4?Ayn-yVm{ql&A6|vU@%Pl_vOJ~hXMO2Q;WEi+Uwr=xx0&il|MQDRgYfove0EnZYvWBi})*Ql!qBi3A@`
zOOoT+Y=e7dJ^1AXx_@Cl<=m>D#C|(jdHj$ay7!ZV?}e$Lt4Dv06SFm(KgS)MYJDKD
z?AZM`j0}gEtqpR{^fj3fAAT7cRAl9@$}udOO5YxS&ek53cfUN2#(PL1hf8!9-VlY<
zZnzJnXj34i=n$rbXzO_oHAz`Q!;huSCd%iZGe4_L_|r^=e%7D@>*4a{#!*L5MTA>P
zgncBVa9Y`P*3jaQW~-0WA#+AY=PWZ-;1b@NX8UzJDc<**<`vPnO+DRSonbzxT-tkYPZZpaZIg{)^8*xZ
z-W%@FmLYs-8#OvlGh)qZx&S?}vGjvv@j-u^{$4-UOJXLv=y+&^^8H8WuQ|M^;o02Y
z6!m+33%ncUP}VrlNGuUIqV`OPtz*yn2s&8pCn=ZUtGpHVoxJ&zj!65A&NUVa=2{Xh
zyD+}qQ99ewg9CP^qWxR*g)!>3f&QK3@)GH*Ztq;%{khCRX|6w9kkk=r_a{VJ4Z>i7
zwnUA%RMU}3xq1(6M923^n?u^0LBur
zW)$luqQs(>PfYc(;H}kfO(A2ScWH2Jn9}(d?mtLH$>~5inr}ie5^0lICz{
z3Q%iURaoDmlrGzBOtym^dG4iP)lNy?tku8e)oW5au?HgN0S8sUsFm~=EQYDzR
znDlCT`sBKL%Je*WK%M-#>|^R{X-f{z6xnPQ1l!N(&SFT=TM}TzZl|lV10Kw^A%!M7
z5rH0BU&5NG8P}C|Di)Cf8PFXDyxPoUEBF`>RMma!hp;53w3P2_eMcXj1_eSh=Ajq_{{ev|*j
zi9AM9R0pRH42afI$X$n1QAT7pVX=kyz)+T!%*;#$8bP`S(78DG-0MRiI86T`ol;bx
z%O-QNO~4=>`ER7XV{oMnw=LQ+J2pG!if!ArZQHhObZk56*iJgOJGPUP_e0&gPu=gm
z`|MM-s#ewdvHm>snRCoJ<{YDaoU}VJ1{(Vnco|+mG}`HI)5X-*bb9IouGnf481W}z
zv^{SyK8o5|#BszBhv#d%i-5c
zwF-K&D#rbwU{~LZ*e~>IcAfbsV}aE|6Qbw`7{2L*={mEyZGyiS
z^l_km#ZJ?8aLHY-NLfCwS85nHI$5jr&Nnix6*6c#O42oq=iv{c1G|CiqFiCKk1OM(
zdS7B@As~3rG^)D9+Echj1=$p3NpC7WuPh*$!`9zviey%GttMk1e=ek>zQ}y>#}aAa-!&(1~cf
zJGI323W#_Hih41xEai>N1n-@N$?
zbJU^=&w&crVQ)`y)P;ld47&sLA-ytVa*od3{EK}FJ-$bIu6byo%*Nm1cQm+qvspC24yi4X)y6Jpw
z!Xxcvb5wZkUM}unz2Xf_b}+ymP{>~|i_;&Uo+!GW*zYEn(|Lq(kfHeT-n=D?Xc^X0K*>2=+vQgl6-
z=a8dTj)E-=lWm1)?O+s<IS+eqyp;OM|MsAXd%RoN5s&@@X)5@_*Dj`>Ibsz
zhGAO=r4GXg^mrM{YN&5sm}DCkwmB4)CSG7A^}))q-}WyZddP}dw&otw;oN%7Bvy&^7F0H#^+6L31J{vmVV
zsX0LRcbhVuD0-X3VLtE>UB({#(-6LJQ-Fm=dntt-!yTSD3&AO-$%k+lFl(R!cSyc6
zcao9;h6J+(=Y*mJUF#9EU_%0IZ*4a2Qd@lVmc}&HqJ)qNX4cL~IXuAZzAu<1Bqp%3
z(bz&ng&!i2mn>X-Stxov@E86lssxxeY__YyJuwv625djXRYG+n^-@jxih~Zu@96K!
zD1a(Ga<*QCa@ro9-*-`YK6f6oWXdiorx20r`|kQsjy5xaiFe(dYA7Nh`dsVegmd4N
z!;yKi`ttVi$}1|J|I{QC)jK5h8lqBW!fNjfA&qedHZZVivBqZbcp}NudLS5@HN%N;
zWAhZ0#2X%6_Op?8${{@FV{V$T(GAWR$&H6C7;nsv5G#J(#*c8C!272GM@Ji)p^K<6
z4&-}sBJt?3muZq41?^LpYUv&n4=p*@5u)!(A?{5&_-Lmo|75ndzyDyMRWY<}mt#?`
zD;@pSVuaDBHRE1JERj|~(|QcSzg|zV&pu-7AN!j<;=yc5JVn%X2JbZnZi(z^Da(KA
z?gkCbaBF)@C@)~JyN`BOT;QwiDP$9ZCjjX_n(MZ$gc
z8+}akkql*v&tryS4Y%LLX&0Ar+sa&f6oY%8odRiQjf5e7U>U7Bn?lBF(mg;7_l1Se
z`4RTjNH7ju;mo`FkGqMZYPLqI?t>7t`p72;#>*l=zW5fX#?#U4Dm0Bd-#C-^%nWkFFgGInuw+REoCSDKLy%~
z#)i%g=1%TkmMAXfM#c`r{~Fd-DV@uFIkj{5)3}r=r$qcJ*j*|ZFVIwxr$<0)2
z1NXO)lo>Tn#8pgKsngl#=zmaOfz!-9=2Z69I+0datQT2t@x}L!;1FV;kJNIBN?SY#
z`wNGpCiC!<{L$_^MgXTXA%u@4$el4(JCzM~$UZ)Fs>BeXVw_A&6b_y5;b-Wz;P!`U
z9in?9>)N@dW3tO`UqX}*tl$$*^*miiC!=a21Sp%%_DQcZ*n_lSLN`^a0nP6x$98pm
zN`1-~`(s*^pn2lCLcO^k(4Gy!Edj1s(8f?BKO-NB86!PO%UfmtoDCxO3mi1El@M{G
zG;Zrn4Iunk=n$D9jc{T70cdVb@mfR992MAQEj5~S(QEQoYS&TD@1Y)e@Qdy1
zgqx9>F{)WgKxIP%1m>*$4g-rZE7hb-LVUPE?lM}XW4Z3tX?-Aj$C)w^A
z!}T2`Qov=&Kj^p!GZDP2`t^2nT{Xd@Z{_hd}FLqjf(gv9x;e*sX)2V~Wm;eYmNzOscLr=M^<;PFTH>v=M
zvH&&?9V)h)YLXh{a8W<(*uFAI;=eS2Cqjf!j-duqOu25OhZ%3ZKd%q4{fHVNV~eB>
z3yT=8g`iXSIihcs*mN;ghqzTr#)>$QP4ec;z7$G-^Np6xe{6&|FlLjh0wH1{(<9q=
z`|WP2rPq4u=e!QW^v!-Q$n}EjA6*JS%Bs%Eoz@0O_YHw$n}5d1*|>%Ty#&WrvN3TAYr!Nx
z=PJ1V%f|1tRb1`X)_ID$s+2%xxgnfT$eSt{6S`z@q;y^Y!NNPcEOp-L=XxJ9?Ae0&
zy%4&{6W4gsDQ5f;jn;2n0}2sN&i~5X6-iRN~61u`>89c9G6mq>Aa-
z(#1{r%dF20&^xkt8fhQy%4of>`MJ6CiWY}+=6OqHxr?^4K?Q%L6lL{yIrcpN-g@lV
z+Mo9I@rKQV*rK}=^B}0EOsE_xA)Xz{lpwG{6YAfE5RQePNlA_lCAV*OK;u-sr^3Z?s
z^<#pJgHXG4dk`9{aDQi{^YaMsvYjl^cfp+VD6v8spMaMW(?&
zrgownw4k-9lRj=UecN@UsEHnF>tatj;JM0Z3{j%LcYhjWRmuSjF(X)J*G|H!c^T;j
zEo(5MSIaYgqee4ew9||VOU^O_ah8!vQ;+a8GBSx;fZG3of1M3E!o>Pn#Qt2{@dr9d
z3iQmlRF^ub5VfuTV}Ek<+XK;VC`>jiZUs5avB5GEf#yod)58L#3G)Cjo1YD@K^Wt}
z?|D2R2q@@Trer8Ug=+mWt~!7i;)%}VjV*`>cH@)?Owi0Y85YP~95m$WkC1pxVzlM9
z&b-pf7d3w@sQZoc3dfdGn}(Jw=cHe}dOWfgARL{GIyo986?n%a&zL}dZ95YS1WRvK
z)=Laz8kU9%5n~^4k@3?qrPS<@!5|gf+4kt*n-0GNvPhi4va)-woU*%sk}M{&3;*v*
zl2qd;{k5B`5^G^+($NZ^tUaOv`xzRfr~;Bucki8d9wYODu)%`L157xs#1!UEBz)R!
zLRYVF|M-$|ub^WR+>omHnU=oaU{5DJxMv&#N8BNb
zlZZ^4hB7cICw!Jk%VE)-Uc*5~y<1lD|6-!o+()=tcBB-vL8H)4p#
z#KOSFodCVkp?G;sYA}~futG}4BtSu_5MXes#@vB+q7YU_RV@B_vwjY_(G0{*dmCOL
zS>VCXgkrCi+~BpNt-|EKKod1CqCOW_Cv;*VL7g%USTtcA6juD4|1FQ>E7I~^98cvb
zlTTpY$dIq7jv|vyOtBZ_ZtY?|5GHpPiyW#Bx2n-s=F_Y4
zoA>@c=%42-3eKk(Vw;Q7Q+TF{LIC=owEk+c*}-`{pPRRsFPB=?LxKYB1~&rK=*eBP
zGraV+Y`dKVn6n{zvf+NS;YgGp;6SuHY{7>Vjq^}!l0e9ib8b)s;n^4@RrKYw(X_`^
z5Y>8tiF&r|{5tHkB4HsiTm$2eDU0Mufj8frWA>qKZetBcv%p4;am6ELsW=9yGKTqR
zUfkgNN6jc7TDQCx=FiMup#tknrt|kUt5q(EqT1~sJP+fiCik>#;L>NF)%P{J8iT55
z7$RAZu6`qnsygiK0^ncWcUs&*9Tp;6F4+gE1CaX>A&_XNLCNex9?o08sMVySa|dRU
zQDW|Eiw8v5A0eK{1z`HKnwf7>icL#mwjm)Y(yOdE%Y;{;=rf=-eht7PW<^_DPuRnt
zXPQ4ORmEj8c%*hH2}bhYQ@k7%oLv`uKZ!)ivSCg-NjX0K~n4w|My<90LB|t7{VfI%E0Y5pS}Bw&h=lx1}S)I_lhI&Eow}XmxEz@W3Ds
zWJ&-v8g&I)^TN@J(ehM+(HOD%agV|kh}RXwQ{h0SIf}XW3g5-V*UlxotIf^r(j)%2
zhpVI+cxR*m$|QTb@4?{=$)M_lQaX4^a53PWF-i_rcT&Q0jjwQFGg%SokOuKG0groS
zu#OPSeZ|6zm}nvg=)HCFjHu(`Q98kGb7g_pLH89AKI%e{hgJjpfp(6%MU=ch7C1H(
z;c0B>Q*z5H-=k_+vJ`Jf^lKPh<;}gYB_q}N=7n+b@^zZ|+<0nKI;H^&Qt?Q?IW~3{
zF&!QDgffJR2zgNSt0#kbtBA2$C6DWKZQtK`eLlWEvwBL4%yzNaQ;}I$1&$lX95=Z(
zTwK2d(IedkSn-aT)DKC1If8nT!^+hN|?)l8fsT_L=h#cUs8R6Mq3UX0k+
za4wbBl`DZRNT-mD`FBL5DnImcLc?^r1X4^keGx3l2bh$4XG*8ae2IqQ@
zq<%HU0_J;>bxygk;jPCB#&?hYp%&UHVh%s^1suHp7C8I|=g7Ycntx)3WI0XCe@q?B
zJ5JkKu&g_ml)S_UoyzV2gh^qgpn#u3URe`x*Fh_|Y3ZOZ4PF*yU)wCA;iiTG8o3Pp
zS*NZvx9?Bx&$z!3AHW!lBPZhKNHZx<9At$LVNL`N;wCpA)#1z7>|JEqTo8l!94U_&
zZZ#%xf*a0ct4V7;n|AYnVQ{M1k5}}Ato_eZl@#1a$dyY;dS-p*m`aI+D^grEBSnBijVsg(AH!T^s2M
zoVf$zPU?BS*w$$42$;c8BbgNANH8pvr6Q2Smn-9)h^TWJ7h`B-EV;uj&$`oAw^(AG
z^E|JM{ccjr5nvl-NsV9kh^A=;G-7-3P*D
z)HQ4i!JMLfahKKe9AGbtb_{4#Ba4bfyS@6y*y)9g3OfGlnXi7e82?$?fcpO*EJ_F}
z{*@~J`KYs%EEU&8P`E7(rGo4<1b^7(ng5CfedJ$bl9^wf8V@G`1*x*1Hv!m2E2!Uy
zIgmb6yrUZzFNmj`_dJR^d#EZzf0q!r<#%oBc+6>d+-!J#0u%_8&O?yZ`H{3g
zd7;jHUNcFFva3iySfCeDrW~U`964;;J47+xeTaUv)=eseO=fmfqpyfBBwndqM~Oag
zelKkZGeoUi=Wb=1BCXFIwJ=QbAre;gQx#}8%~Si3fd9FE`o%xMT}vTfPpe+1n5dnz
zz2DC2M+jrtoh2B(OnS{qilsT)y%XgZE3AH4$ePmSQuPG3$J1O01@wHtB!TXz4g_erhwy
zpuNT*q0%uqNh-*tTs*WGNgNay#3Eg?cB0lyl>yJ$cbH(}cL~FBQhqRXpM9tU>1qzE
zn=qpwdb-O>UbBs5Lr0h0&G4lY*@wE28@8{K(O#&YRC6d{Z7s<>Y_$WaItU;(lDAb{
zWgs!$$x7w+T<>#cAJ(S}_q9L`bCVL)acqe=uwPfV@6NqIRlzncAQ^
z7?s~6%R(rnPJIS(g3%!1jBF+s4J<6^b*X6!yVm85QzQg3ACR7>8Pt0~`1
zJFFR9p>FX_vBxA4up}1J5u5o5z9<(zrQ*;>h81pN#@DoR
zW8EEUL3s2BI!Tz@CaK0y_{ZAXQ-Z}&nOA$YpYWTx`}$9tYmxC?Qe^6RO~P6CZ*z^D
zd+MWEh4Hf(<8L7=y05k6Js7_vYUOQ(+vm0615yL^f&&t3?2>or0vteh9P1_Vru1Ke
zTjq7iUJ=2BH%VIkhK)pzKapQ}gbDpd=g1ycE(jo9KzBD025vg|D&hFOMDDK$F5=Y+
z>J467RU~yTcPe^b)Eqx#dPbpbc2D!Vx8!u%l|+dc^>z6r(Z<_<4gAZKPM5!|8^4j*8%)Lb4j$4
z_17XKiqFL{dBuS>IYSUoH(v`7*Z?ayId+;JngJhukgT@qPb2HpYR0&y#J9ZgC?RAY
zKi)An8_gDKmU?Q=$92zX_bEpm8{hX2`|o&C8r69l5*d
zaqp$C^Taf+l^U!IDFf)Ga?EoZZ{aH767fRfWm<$UdVknif)_1lPjCg6LVSa@O3ioO
zXq2{1)bF+o+n68_j7?xqBH&N?k*6y{I{<2cku)0$x)c(g>1y#CbAiUce}HW;HbnLA
z7E6_(=y)z}1%VYN>j6t;#m-wJNh$Zp!exVjI|M*7wpB+xS#8y|;gcKNx5fI0dAJ(8
z8>nB2DKOh{qtw0FF!Jkee@#1qkQ5XA^9Ck-B(1MCi0SK~zFnn)iTwC`r};#{f>Ndp
zGnNo`ZWjTPp!o
z$VuiJw;YT0WY@Co^FRztC#`a*ZBT(?K8d=6Q+qzFA%yoR8_
zvm}H}|6=r#$>J|qWw|_fktm-#7q4g?xT>xnlIw)e5iX)mn}Vl$56~bh>m(ud$f;sJ
zx46w>G7w7`z1F{$*l=!{;V=aK?|$N2B^YH)71QzgC^1Kc=qqWo$#T8o3hHWZJJ?|a
zpbNPC0!eVCN88DIb11yU5zio~-<`ttf${^5&9XEo#`R`uH7iQ_<<0AWO&Llk?tce`
zf2R-ml0LQDSlqx%@0rvgP#nI#DS$j~+2bLxGzW2}j
zsHpjHg5|HuYXJUtFV24prvIb*{+su4{P$owSz+zV$P0lxF*9+Sg`$xOkc#$)MZ7JI
z5CQ&&5UK(NiMngF^f1c9F=d1h2Kk;3ZTfBO7E^nL-21*q1HKE9#}4|_
zY44n8ZuF{g#D_5H@5nw(risvf&I<{~)Z$rgWo>73h2w^cS&Sg7eDE*I5gQ@%?4;=T
zsKhh=2~!m*VDy>C^sW2x^Fbr%4P;n3Cjt*?uIYub@8%kgdMk&c5SL^_pAqtnuOElN
z^~ZV{EL3LGi_WW3OIytz&S50E9{(_`35=M2{Co47wZQ!XV@j>oHYPe`#x&CfiK)#=
zYtZ=h9csYl@&&igb>mWFri$)xGSR4VpVge1x=X{7tup|3NZv9#&iqMGN3^Vp%Uqfa
z1oLk2*8wf#*;(g)^v8hkS}u6Zx;#BOGxzYl;K8}85z|fR*~SeQCX*Io2m^J^4GH5L
zuR6+^|czL~As~(HCJ{K*^;X{5B6lJQ)n;!`l~`_RIWQWdi->IsXn}BBFr0F=%ypSVU0&>m`G8$9
zIi{e0(~r=(*cWC5aa>?xq!1c*D&$Y+ZBmRMY^K~hI1bkpdbx0iBd*&HBZ!=|_OQcMrBrOm1fX&f7w93ZgOi3b-rimA80c36U
zb_wB9_7YvM3u9#}FZO+uWZE&HV7z|@>O_pGo%kl)f0R>jkEx0}19K8!7<&BlB_oZA
zmFSF+eXP)flBZ1Y&ZHyAN)q3DX%;i9#U}7_PheB&HFSPWi;?D5lSU^(tC+-4e|;E3
zCpC4bYQ)qz=1ojp%?5GWhLtrprT`wovWq_qqVQ0fUm3Fx89&yptluA$5oCOoG^8$o
zG~+{9Vn`l591*m`kyDCvG?J6I%B(y@T}9l4_G!27$22)-6ERB{PI1F&J~&ZUi4`xA
zi?*NqBie?DTicqL5N=O>%l5D72eL%~N!C|d{c8g9pYh0luwePGjjZB-AJ{A=#7?wLBL9
zX(MB2f7~a&#HY3WCQ~=1*OqVVIft6F;n?;E_NOhpS2bZ*e7?7`t(F5T^kN~;<
zmKfoQeKXG#GQr70P^YA>pt$u<6G#a2RmezNTgL
zNfj~8P26}+=b0|Dt@4u=vjFevR#}-Nn@fNIzQRg;8sWq|2}ymNpp;{A%RXr={y
ztyKXEZ#AAvkPLGBx}`md`x>&eHhHw5dUdFeW@!*T_KsZJu7U?Jr`YW0aXk3^maucO
z3t3PUohM!2IwL@VToDi@o|Z;dIm2`Uy8I(?ayc&!BMZ6Md^@iG!HH_tTP#~!+DcJ7T19>CUr$Z~Dy~fXD{+PWZ97W$-$IiA
zE{6Y_J}7Itt_dN0sJIXbC(kd~tR~GRH8v(^Gs&EwW}yY_@kQ@p;q-}bv5Y0y#1;Lh
z$$vxf0ixwf(gfMZ*{(YJlAM^3u&^MT%I7juX<)oPXH8B1@{NAv{kA?}3QIzJmgIc`
z)zf)?ZPq}=d0-PNDnZ3Sy;O0ojOc9i%NsdL-y+j@Fc-E}$=v-UQ6J+HCS(2scI9wa
zBAQ@p#$x5DSEa3r5YtK-L&nB3sQGN73$k91-iWJv)UKL7D38a<+A;wc~He3YxiN}Q81l7axK$DYBqE`m@mTj;?<|{@DW@R?HQa<|Jy0&Q=
zhDu;70jt%-9w`WwdMh^@WL;)>2b0R~INoCigdLuZm7+h@peWoX|KQM?T3)Ya7ptv5
zsojL9luSYLoZS_k4bCtQ8fNvIYlZV1X}SHQj`Le$kOfOhtyDi%$Le~7kSZu;H)8B@
zz0YKk23#SK;_oU;?Aw#F`Hk~i^>s0=O0a3!nlFqBu006SH1v+w#Hsn6HTVNI2=8&p
zjrci)R;5XgZ8px|?12NDP{P&0da#RDS|?bW*QX7#)l-Q7U_1$drGSN)~Hm@XV~
z#uXYc2OE{}b4_q=&QPqPc~+Y2nckc^!k`gNqJvF+RZ#z3HEUz=v`6nxD8@E&g3N9J
zj9cJu7H&f)1iSEnEg`(rQJ&~XihX8{CSOwCm%DF5#qb8ioA%;5ga|}%?=f7k8oV!v
z7miV>K0^zP6Cc5Cx!Y4*qBiiir_U`e_NUY7Z`r1;kAR_3#?K2|x2-(A(4_PyZ+OYm
zpJ%&)CD(NseJ7wCMR{A*!(V$RGz#u~h1>$3U@w5IUclHfoJ6Z+y}-O1eg*xB6#=XM
zj-tm>aEHKjs9W4zt~4WS{T9C1I$M&P^|wM9E2OBkpT=-{#1qlphu~Oh;^|~&(Ljxd
z`i&Ex{FaaT>Ta#P)JKL?c2V-YcW!qO(urD;J2CJ7m_02^p%TY_Arzgzm0H65|9;t>
zoy@Hq|Bt+h$p7w-zFfAHzy9&xxH(u++V%@KduOsa|6w!7TAfMp2|_aK)473JVHKgYF2HkfF>yJZ%v{;f_3ieC
zxPtvlSHRYct=XJ?=-0jvZ*Axhd1Ll3vu52ck|H(LUJM-<@HcK&oQoU`TMv+NSZu>s
zNEVIFtE^Y9yEp9T=**Z9ADBrEYI&DXU?#w(EWYHIH-)U9s~NKLUbrLd*ucx
z`X);*=XS9KI+XaQV*E>SUpnYevgdyJ%WYl8yX6@Pk%L!_OjRZ39}bxWm>wH5EgQ%o
zt4e-1$z?Hx*c=yn{DC3D;KcTiJ!R2`O4N)KB5yHVA%k<$Sq_@R+?5t;y;%2C=RVo`
z=2-Fepk1MAeEMyfcDq3_EfVvay~?r2yu57*5uzN2@$(3R;pNSp-6YT+q^>b-wzoNk
zxKO=xOLf|(c1&mLKKtUXf;Kt0SGOZM=c{Bi@S?jZjn%9-(w18(Wi{IK*T956dch?+
zxj71J&VZhSs~@$%T*ZH&W=Q5)!{!S_1yq8W0$s4UkdkRfyhuqxD8;?c25{;dm&_)`
zrYXh$kV<@z>-!trlQsTP-RC8U*W^G^InTWpSkY0Tsq-O_R6XELVn=MAVUdeF7G5U<
zguvb`4}e7I5{(JZp^Op`jn>R}^OJ#DB{IX4EGpIAU{fRrjI)eB(-k~rDF`XFE4=$x
zVO2>c(N^E5=ggD@;9{bdAck{`3xc{cCpc?h4Gt22?*C(jW2u{TQ~ax->HV!4FX?|H
zJpWnBf|IQkkyTNKKP7>&4g640%Vw~8Dfj*Tpn3e%fO&)v@dMzKcv@Gq`gTnOSu+W}
zmt@w`yN{)^eFCPQfEu%birKD>OWrBpp|fQ^U0uNj@{C3{Jio5)K6)Idx}INqcrCuk
z^s6Auj~6wXANNVoo@8j3ViY+o(oaZu5OO-F!c(Gv&61o`0jw=l=)Dfg9>j+S#p*5Ha>C|Zemd%Gr6#0g$_cYS;Yo~?K;HTXfj;h9fcL7z&0}?Af
z#6(dsj*^PPX-Oq{9k#R$AJ0(%@Gbr(<;Ct5R%$V|wA{Z3>kX3tr~qi-1xx|#>=?|H
zohT}{WA^)p1Dv(mh{E?rLO1wx{YC>`^*<2G_Hz8CJ8S`%CxjKlwp@q7s>ienx+&~B;J1T{l`OyVA-A|0v@c;>3{kH
z^iZ*kG%}?0QL}}?pvfk6XvieN92SXEIb$x=ox=Yx%i((;uxG|mBM#UTM)?pg)35O~
z6jMZGuQpPLTnYo@xEz-gCsl=P4zjPwO2GfTnLdPTmRLWJd(v)2c+z}a>
zJIK${8cNmc^5fH#6xi`$c9`6o4vh8VX_aFyqe*zr%s`3Qi2AchRtntCx{}p1raRjr
z50B_6@chKxc}X
zlo)scI#KAk-FGS>^#?-?GnDO+m7EQzG=ee5BraE4j&|BnIIH-Q0om6Q^hBO7r259b
z?zp+@jJ?jv@QdaZUTqd9740haQajqveRJar^5VLvvC8{tNda+Gi0jGREHLG5LF4*N
z+r2449;yOepsq;dnh=|SqfY9h64($x;siq|K=AO9(N2d4L@7621x$AgB?m+ZHVnO+E)aAiS%+dT=m9_wH2
zM9xT2BBV)!70Q|_M*p!Y4@YkDWI+@QZf8Z1EVAeYPR*HB{YKiem!sRbLq7bDAp-BA
z%?-j95?fjXG5mZ|wNH@{9VwwBn)AzU%<#W=BuI5lqcmeD?lQ7*0*qPRMjucubqy4;|0?7|k^?#Az~;dxxYOP7H_{iXOga
zm}7x>WqK`hDR0Z4i|Xc*avjC+@AFAD<;wBX8LZp>viU389}03jl216_UH5x
zS9{9_E0X6HTV%>e^S7A3TW$Fc^ZK)P>w#39el6t<>HN=s_%Y!Awiz+|Y9phe|E`q;
z{B7=*6H-<*bTGGbQnIzR`d2ri2IG~qnEaV*M7m|f07Xx~4GJ8H2<3i@;2a>2#8*fl
zgv5u}EJdo@x80c*ig2xdZS9@cWZEQLkb^6Q0&-3Cl%W=B%^?)k$8+8I1sN;LQoFd&eYoN5|d$*b|
z7lMTZDR8gb{M?1HrN>(xAJZ&$IOzAVJg16F30=h*bUZ7K#g@f8GT42XF){}hN>YEK
z1Sz4!aAkdeD+Cm3s34GV6@H(|&L$c*x#OVkGX8)%5(M;#Q!a5qjaK4)7`d~BjOgq=
z@Oxqd|0})m&ZYoLZtO6oDoD`DYB2+0V$2KO?tWVlWPh<`J__rpTBph}!X&7vg`n0G
z*&*QY{Nidc*|{ELb33}eX+S>prXpAa%4JNk+X%WOc_Kx1b`5oL8K(5=z$Tz>#6?$k
zhRJRf)bs&%5ZPpek7Prz1&Z>^%)r@E73yO0E?7e=&A(hgYFMgwh}nKC@8q7G2VQ%r
zRC_7SUc1mmdrxS|JtZps9VD*REM^hPcP3|s~sL!KFN
zA4q9o|E34VR4)d3ku8zT_yW?7vpEBfSvSyKMnjj1O}R#qMZt^MVh9O{(I#&*96UJO
zd<9||ku-|oB@@MoybJS|f(7IH9!91D^Hv3|rrC%9jUwI@>g+?0*rwgC8CZvLY6sjg
zZ`dzYRByj?h4%)UJCF1aRPJnr!~B
zJwEK~%Se$)x+?3DgGR&RIZC(v@mei&bprCcJF;XrS`r;%JGhMSWD~7kKe#G(6>xOj
zD9J3l!o;1lFtr96r?OF)T8V7LF1EpS{zkHi2Ql(}m`6smwRut*j@*b@PP$fc5Btbfu#f8^@mzUGVI8+@c?84e8A)`m
z#2M}0b*<^B`I%sY@{+4^skBCv;+VP?%H#c`apu{?xT_F7z$nvogk+KaKpsw!wA~Cy
zjHwWlahNg#&U0(qeQ2N&bYWEi1$5TpiDdXW$?9cPVQ~iVvQnro2;YS$g1(7y8ia+P
z{aC0Lv)sCofk6dqQ}pf)G|n=fZPX*dCq}=bPT<@82bf)
z-48#mE#JVhqHacMX0<}KKxa6hRGul=*{|kI7=W~J+J{P@3wM8f*n<==;mEFa!l8GE
zcO-RpFhaQ(K)|k3rFmOn{$V!E=UYbC+PNhoq_=tHv0TI5aqB~WVAOZYdTN~i(THO&
zuyQxra^;8oxVI)HAI=n?R#QFNq`^)?L@?Flc@?Men!TqoPj3PeTbeYj&6q9)Im?8G
z*S{yj6+u>C;puYzRGnwEO9pg%$MY{;b@M0O3^bE2RO&gn38
z>G+hh>zPB6=tbGqdQ~viC9B`Fodm0c&6t7ng!~)IQB$GAR=|D|2O?1n8X{{s1kvJ>
zyJp2-l|1L3RO%)Cm)9A%`A)@Ccm1Iphfd4^{S}8`^6!@CT_E3AH2ize@YX#%>x|%f
zUq5_~YjB_a0h@#Ja^xFqH_dDA+{|f8DN0ogH`V0&G+G?^vdF=?3@w+a+oSb23r4)?
zpsIaA!A}(5!vW5x@LvZlDi7rf6l!h`ePjoHkJtWVV!Vdh;YFxL2Y@jW+W>lYFrTp4
zq+h!GLKY7WAillaM(B*-V|7R;zmC;z(sNH&y$h&^4v@BWLqoD3zyu$uaDkzL4V)fSO@x2*yUT3k*X27AvAS|(%ps4n|JKEh!S~}ENNTf7}#HIp=xcU>IK|
z&TJEyT)|(#bAi-s6+nvul{bIj+=ne7e#bOo-HBt2Ei+SpSR(hoEww&-`JE#U3?tk8
zU^JL4`6ozPH-~A4q!YF6r+9M9#$2V%JAp)#ZR~*3@?lww?+cVon3Q*UHtwat&5Hph
z3Vvh?#3055YW
z6$gqAO|(#^qu0IKFHuv@*B26RL96DB=Q0Rl78aIbUXC^F
z!xkNxp@S*_UT7s(&N(GsFm9o2yY^gxTrOD!ShD5vh>&zJF?@%ntkEw+%n>|gkCXan
z>yS!gDF#9g4wmL3Fzv$u&-$E96_#Ug+T%S&1eIYlYZZ8wVt4)?kF;{UCnTd<$3zLb
z5*RnKom5FFuBtD^;C%tGDK7n)qs7E?F3x3Xzzro`5H4$fJW*T$&y;5WmV)RgLOrf$)*V2?Y%=FVI9$E
zHLd3p0`4s3GBd2?y!HfPFH
z;EN~=I
zON@nQoa4z%OrJ!T!l?wzVTH+3y=-X+UeLSMx@HlN(haAmuvACavLrz=RGyEsy-`I|
z!?GXpw^54OhgrWSq{85;ewvPE3Ti3^m6f4Nt2O%s20CM`!J(RgiN`sz*cSwf*l+H6
zAbjTrxo5++d54>iH|?+4(iggaMf6Jj9-`SrlDk#2t9YN{Rd;&nv5MGBS1Mp$J0+JExbSGwPu6
zgG*y6qG$N|DXGzy1zW+@LaYwkuCdxd9~hEzRQCBIES1-U3#aeO@%xA{P~Y>RY$
zhfI}p@0kT#7*&w8Gb+S{eT`w}(qZ#rxuR^0p4rCLtgJ|#qxS}o7GnT*XLCKasNLEc
zIrbo~(0H~^#~M$7=kMeVaw0c5@1m>PmS5U&eL6J+I-(!DeGvjJ_6XC^4+h<9rQ}>;
z=r^UuWhgq7p6tPao^}=wjZ5@VecHhcUU$PbqAO<5HSRDQ!4#b*&Xg6K9w?bN=;+EQ
zC$U{>2hGYTMOS-E*EvfEF74VBZws1P;0ovwlHks9~JMalFrrh)oKi=&gvvHrfPwdZr&s!oT#$*S8d9Ff6)6JHi
z*|BbLx>t3`!#bawm?@a#>wSHzxs8#3nbK~QmlU#-!
zZfRSd^nBRh6uvMz`2br(sxAkxcf_A$0zn>X3-GankYel!Seq3)T)-Xvz4NhotG_M^
z)8I;mo_PeNVI8J^y@TU1U;XqiIj#r})&E3F2H&K+it!4E1G&U}D)P6^?Uh-@SRFUd
z73ffW9~+iaHKRR}`JVhLT9+C2ROyHky2Lo^TUXCRaxAeoU};$W(n>(`to{AKKvsN5
z(C%iw2|_r-_UYJGj9grNrJvkoEp3rTi#5s{=b+?BkwICSQpu%)jXZT;fgv#e*X%^n
zgb$=?seTh)`=VV8UP|eX7TlxWMH+KbCYt41R)PizoAnU5Yj6Hs02y6Pj6Yd4MS9N#
zu}Zf5V;@F6Z2@mzt1=owiA!;vr7=N#r3Hpje3mdA1W)3i5TR}LQ&$$?2tigcJ!<+O
z!fS%?kQb4*h&!P=0qwJdx&&IEo)A0f^cTXC?qD)!+o6Th9#+AbM)AaH8d{C1L?=+{
zHuk^(u4NM%G3O~{URN47^wtZ#w|4ol=9mNw+(=Q);sGs2e9rA3t3Qhx
zrm8iA&F#SN%}bas+H$I{Bfo1xMTGgydk@lUs7y;S%m?c$*agL(XzFE!-G#d?VSRo^uM>m&)lU
z)Cq49*(TXNh{2WVzyXBRK7Kub;HF2*)a#ER}V
zhW{GN#7%y!OQ8f$6U%7hlmIA_a&HvPNai3HvDNr0ROA;WQh<@@{}gnLx-CeZE*o=I
zD{Th3j)Z&{qjvj-2W>yx9MBFT$@n*|U>RDXA7rQ6q5{MG?m79DdK6{8JW?vr9gZW`rr#XWG?m{jca>C-qq-ToH2B##S~Rj
z;aX79Y+jGQoC&Mv2Xm=BY=@dt-s|_>Y8@`;+2btNh)4QhVdTg)i#m(Up8AGv+4}U4
zsd6x1CAst{*kNl&U^k{nJYo}ekqprcDzBG`6U||vaC(Q*J@(`sOkg$C=Lc6Q8+>nA
z0pTJ()ji`OfS(!qHZ6f}iR_CTYw-aDMBR5@GoLhN#bYAua%6-adt_9z5Hr(9Z#*q2
z3zJ#YNA6k&c?thl>@@x_*4{bBwr}eeE!(zjyLQ>OZQIzpcGI0qQ^UqW<|b@BfIM{|=k@bJ?HChT(4^
zEwrV=1)>rPbkIWDWYlUB45Yv2Yb>O-A+hwPE3*0{u4rav3R|P}WKf}Gzy83R@YE}J
zfH9^|WSrYgaWcOjo)1q0Tp9WqP=&1dQUD{qwF53!syBTOj4(VUBO~*o)-sg83u1yt
zKDI{apTO*mp9DtbI58d349zXp@R?Jus{UoDzX-D^
z0qzyq_?WzXxda9kJ%7{s_KnjpGV>`eIC#9rU1!cX>
z@-QtJyXDjnNeRYZ6rTpX8mW}K(GAF{&~nmMUUblv!Dd)Uye$taG_;O4;xiu@Yh1Fx
zus?Bi$3Sp&HL*lQs}>KGXJbe6u2Q~YJutVMF43Iik~Wtc?YTgKYQ#n~6mG!Cf>&3C
zGFMFyZAW&INy!`+-5F`B7Ro41jiuf
z4st4-So`HquA9XYu4bnZ-;XH48@^wOP6HgWMSyp*oI12|bFJ+mZ%|z@hQ}B8;HN*6
zfQnq4-NSXl#3}`9o^-q&%zlBEByOuS-D^YAYOPQL9OL~{01Mo^*&#Ox^`s$P;qmT1
zng?wscjHF>wY%*y<-70L$gY4V7caw{=gz;S4T$YmDGh#5MDu?{5h?%aBwEly$j;Wu
z#m2<(-*Iab*$LIhj}Tz?DZv8u28T8@WK|KNPN5EoM)q{<5dfVme7E1P@dEHG!96rk
zUt8Vv$tcC6>k1wK8U_+Mc1W6@V_gfV-9w1r*u4S=$pSKm5!Yg?xpZ#i
zHM&>mB@v=bs4~g71Fk$KrFS>epeP`d&ZByXUq+>p>*R`#L!oGrxw*>8ygk8={{8xu
z+zc?JV0NMqc^FYusy$6p8m3X(a2R1^)s{HQ+x!Y7VZabHMS55oH=8I*%dDomSB5JZ
zlWVhXDy+>ceCEw+l{V%S#7{Xrqgdpn7mJZ%VTfX_WVJvCpX3NLoPMSuwtS7L*?)9&
zP&TG!J!u|*7)daI(3Z!_@{T36?8^^tXfEW1QhB0}u^FtiYL9j1q*800*$%?ok&A_D
ztC>pKg*5~iCci6)+%M1|j5th4#2?Us0CW2tgjyll+WSdoEU+22L(z{|mzuRTOcewY
zrvNfTdzJ`Ij3WfGi#Au_nz&I9pPy_GF6j|{IZE+nALhqf$Sh+P8YRjSVY#@+2FYc&
zaM8A$sam3elrs|3X6u}nJ!S|lDYgdCbX1cvQ@)p-h&y0OqYoW&)9gO?pijX
z6qY&1naJY8_P1UkB5Y4gIH1iS3}0{WCjS7IY#!^sW>Q6j#HWVwS2HO=vFF8}Q&lLfzEypntBBsMU>zS?h$1-n?oJ>f@-6$>4Vs
z8qBcrE3M2iiwNKtzCH(8lV1Vao5%@6$pdRRfkaR5!?n4W|B@k3li!rvsf_a{{}}<*
zLxcxegMRSo^{f`qd!z07;22-al$U0
z0W1=A;)BNo14H?4jHbywU4)
zPGzF+UJXGGe`~uPVtFhoKZ$s5tv0%ghwKiM_q-Y~@Yj1@+F2;6(pzpU|(-t
z56Ft3L`t)S|7u9P$nZwlEo>nrfdTnGE{3N7fahu1A4xC
z5uA|QuE`Tf2mYj7JIBqf4s<}E+53}rglFp0qFDQF2#1t-nJGY|KRj%o^~*p`J^V_L
zjjD7LRh^fxaIn^ancaIU=N-{4+>z8>Z%roQT^{-SCE~3-%a)rsk4?db{E$Yt&z$gK
z>OQqCubF+#@!Y~C$@eulP4OL&wR~mBJ~_Czs4f5cU)&TnZ`$LhpNx|9XA*^Zrva)bK!lOJZiqhdDzBN5wunfla(rB;B~gIRZt2
zq5`c`+(#C+Us7zij2rJMA=B(biMdJ9XThRp-J!y|s1&Cuq?&)8e(ri?Rs)Ru{cj#|
zn3MCJsL3g|Dz+Vct#4MYZk!KO`7Wc!2#+T4rnkr!)17g3=so$Z4COn@^ihRZDwMn>
z3tf$G;BhzQYXw8Gbm)il0hq`KksY&;=YpeV?lWOU^d9cN%H!+3R@CgDoVxyx>|3$_
z>tGOZH!`tzwy?APuc-J568HZRB2&?ES{MFF0OPk}i37C?e<2$vLF_Mz_VT@pP!!`)
zz{x3H>@B$aBl0ddByC2;9n-p;!A#xv0Jr>@`jKJiArZhe&36;=2kqSoIVc^-3tt4<
zy`Im00Pn5D@3;3QT!3QxK!Y{sG|zq}45i0e0I`Nb
z;3>@FPXuA2{9e4nkWBpc2~&0%&^F_66_14}V<{fei3Y$>PnAA+1^^qv)j&6yaQeNd
zVPJlQKa%AiOU=u3k;}NV>Jk+-$skf|980@Mv0zG;Sz)$l({I;~BI%-{q}c=xUpRtg
zO1qVVRQ1am@|`GL(Rmt*WZV{zDoaEc=L1B@degk&d$EiVPDqd{qgFzXg-^i>i{=B;o$qXyj#xk0~)I$H8rv^cHpoO2etD5|u(gV`V^%TVP`u6nup`hZu
zOnzyNLF1fvouHQPGp^+^U!Z%KPbQC3&v0<_{!SFA50MP?>u#~+Vu|GA7hskmA{^x4
z(-cvE@4ARXFg+yryCTC?@7zu8BU_Bq>bD>dmo4+abLB;gcCzfo0YTbz*B8cpyrC0u
z)VG?4S%}-lKQE8t3IpH_;?vI-kBE68vnjO3bAz~8j$>>MeFto!O%yl+GGE*yC_G^q
zAY+Q_5lDYhc%#TkB+$ele^HtJmG2cvGaCSh(<6$i4*9au+%9-7X%~EhFBIQ1NY`m%
z7AP1;>vh=EcYGot6g#*mjiLSPFiK`Bw~whv<^FE`)%;Miyn$^--GmC@Cd~Sw?muKl|e=NI1jf&L)t0~BdA75B5fqsK6FV7H-mb}5O+es
zQ-q)(J~hybAjm#_j~G{*qKH29p#g0Z7<(1mRqf)5l5l0K6(0OekQ(fku}q!lF>ipA
zOG-aJPs@3aPf_ecSTq*SdY<+qCX$;YT+be`8)=Caqa~8d*FSRG0od(^@@kLy!*BYQ
zyjD9d!$G@J9Y+n*ce-x8
zhp82Skdm+z`{-Y9?$5VZ`|$Xm28Wbg#}_plNpq^%KBhYMmj?wvs1B637zzrEVRoqMdzLs4>gNy
z#sxgol>!|XkCzVpE>7prAXN7W()l
zCZ2AZ{*3)H104+}g9{s52QiIO1jbyVeMl7NNmT=TLCiSk_j66m6VZc3^F|(G@j_Mn
z9u%Xm*)
zbh(T?CHjcLK%lg&ho4-borUj86c8TQt0rH^(^C5#a=P^N&%?sb-d&XSg)juPN#)x}
zgkiBkp@>#3()&sT8>1H0l_CJDmK4$wn@%9|g(bCI5{xnvnjjY{4hn}?>cdR>6h^>CnJt4(KV
z7jt)6o$pF^pEUEcfQYr3tH_9qz-sl=eJlG+vHEQ=*I%La?
zZqLp8%M2R~Ue7(#d#b*@J})Qs^_W-C!%;jBgbbgM=x9IZ7!rTDa@xjXqe
z7v*^yk=2;&(9>*`m{n4&{%jZaHRVwIjjo@Hqgcr(lYx^A;+4sb$C9}_KBCO1UrT+-
z{qf;0@QXgi_3-C{SG!g1+oi!e+90p@U7;4V|9h`U!)Gx1^a!z+}5V&{R_
zn8IgFT;h?DAYbX>%sL#{j9CY$;=+elhG~8H^Our?5Y-G5=(Zd;SImr~j
zjp{pE`D_`*CkEmO+W!-`A~YZ-iS+Y@#1phdx;5M!i0}9fANe>t=G(Wo;{$2^hFbHL
zHSHFA?UNR6&kdvJ+5zb|!T4wF(pNz6joI2a^y3FA-@x{bk7XDEOMf6CEFdhqc?d+L
z8JTpxuF!dRtq+y~98Wab+W;+DI;Z8r3-DOJN;(#`e`4-fpTq{D4NkC^ZlShd4Ldg}
zx+W)&v9kGL9Ny1z*DyF!Ae<+!pJ0@rC@x{d(Tf!8SFKwA)l2_P0`i@Q7gu^cwaqDp
zHh0qD%+A0Xx%wczb2U#>m-;dKrC6f4$ddsr9gm?dksb
zch%lIa#aI&&>^%}vw~B~$nK;DjqQMBadY2~Xt$4RRvTH@HU0p%)tXv82b@}p`~c66
z(nl=-a!5^fyXzp9_hC5Y-H%tp{}S!pM_l+~t+`9cokGkI}Rd8aI-g9O289BvwLZSR_^W^w?oD`&fv|
zrq@q);gyer#9`$VaP_4{K0se-L}&l)rosL+j(Hpz_kM8k46_7At9{G!){m#j#kRL7}82%(3Lg#1-Y94mY5r*cOd8yc@YT
z+q^(2f88O<0|JVGh#bl(suzYRBYqJ2A}R{{
zeeQaHYW?QDCHZ4CDCifs>(26H|0hb)z+0iUDZz{-Sv>J0DI~dF${s(Lz`$MMz9LSx
zpM)=%0Jz--d~tqS@JMLxGS7Pmy`mP!q;?;|$s`N{CM|$5MP}
z&6&nTG!lpS2oi@&dpE2B^EAnilj)D;Y07A2ZKmhIMb=_w;x>a+FVI>ZIg)5addee{
z7sx2;28J*$n&j$Zzbe-buGyi2Jz~vypCgq{kv1jL73v+0FRMmC{tSdCEAGLtmH1T2(*_)8Z
zm033lfsCj|CdEvkMeyUeRxxVzX)KN~6-Uo}ehH4Ok)ZNJp@4E52*rT-%u<~d68~lm
z{UwSv@OimjG_qva)DKBg`+=4raUHW=>ryHFW$IAj0r6IO$ml)PbTPnML@cEgnm_(W
zZA@MrZt25iJ;t&T)Sm8NsN}F9?Fv1jF2r)rE
z-v)QCph?n&&NSwTAjdD$m~5
zvv}e9fR{gb!5FuSyB!z)B9Q8l0cDFlKh@}2!Hs7#tJFq)?<&U~yn?cEs&l37muV^|
zEmug}pZMIWeFHm&eV};bF|-PtIgy#EEWdr);dFNb4OGtyU|v3L(4HKbYx`J3CH-^)
zz1nS^7-cs8<2RyrVPb?Ddc%*X9_Q58A~Qbc&-r6+H*yebgQBYC2GvCBO0O!VObP$dd`H4!*B3$kr|I9Rv;=DTa7G@jenDt8c#IFY%A^
zntedyaQmt;A99cH>MiQIL93Tv>!MA*`L;fpOj~}f3e_uHR-$BAf5}itEJ0TC)k^d=
z6w1htQ+0&_@gYL-tUFEWri?P%#Ktr{76+wn_UhzxEh)i=3-j$H=1n4
zdF+4<#ygRxameZ7*pKd}Ft?9sYz@X0NP}xHYWh(3h@#Mk`${StLD95U(ijQSl7FG-
zA#AY*&BE=GXeBr%%U=A-e%1mvL9q>=S5dLa&lTSKF2~&nlK=^j2OYa}T%?DiL{&Q2
zBxP^Aq#-JRk+RYyjK6I_Wy_d(bHh@N1LdM9yTL1uOd&gWPLqup_csjE@gLYVQUO@T
zt^{|o=2%ZbMHm|LkEx4)P5tKNYU*POVU1#H{|nexpK)1Qf-C+3(6<&@~xy~|o!n;Il
zRW}0jYlRRcnxGJG)S$uv2Nt;z;#3bKgLvpJM?nn+`i{GH5VAdP(vB(14jjv#t>bnu
z@-0D9Elh2L1=SSbe
zQCr6)J$Rqs_y~FT185(~-oJ22myi&^Qx45SUX6eCP|frs(Fg;khk{W1Yk@cJgd}%)9AVXI4+g22#Vwe0TwiQHgwA(wIeCR=YsxYg&
zU+MEXTc}SYS73j{Ug(gaIr7DtrB3QE__{PCcMZ8mKt(4u?e|55f}06E1nI&re<8n6
z82a)Wi~d|C|4y0_x;A>%_vI1(?K}%tth&`xtvJQQcl$A7*u?>D)U8_aimTl{r@}%&
z#!dmv%4eW)yfisHxFBfVa9bkIL+8A!-e*iXnr8#V4~1c;3=
z?j8krET1Q$At5Q@;DcqeGPu}Yi|eE9MfbGhtvxzxR8jD5kC@d<>JFED1bRl3aS3+D
z;!By~q3>>hMXC-nXNj556;#5DO}H&MnT$>lR2yNi;2j-y>RoeZ&*H>CVL`Fv&2+6-
zbq_IGLbXi-_Q4e9D*gd8D$lUQbp#K#56BJDabOgk*$>J?H&uV%7!&;0($IJxipkiMnRJNZ@z?(q9x=a&OC!nnK8007W9|I|TH{}X;9
zZ)fxWfN1|sE>eed*H%IOvNQFFA1$ybk{PwKN~O!SNHfjhr;dkm4&;vu`TBjzr}(P)PYLfhMcUU{Qf8gCK&42=fo14!{ngN{4>?*fEWg5Ldq5
z9d7>U@E&J~U@s2H{Z#q&Fxb(cXB>FFL|fPFUxl>6*(A$-XN*%jgMv9e>L
z@oTLVbGBlJR7^8~k}l<|b~$*G<+e)UoxERyl*aO_+CW=oZi;0?l}1Qmb)1QlKI7GN
zv}htvo|ExH*%J1%7>AShEHMsS>p
zbaqaRT|mV_6|Mw%f3yiQ(TYM`3T8l^Kj?M#gX-60^wxo3)_$1%B9gH%TI^&11)U81RrCzh0DdeC%Fz{
zOsM*X7h0vDM27&mXz-$7X!YfRbjasW-NQp4ps{Ezh18KOPruy)brzzlB1bcxD=o4q
zHU6UzzUrZHM`rh>2d7B_+ulN9&+SF4B}d5-YCBu6(bn8k=AXcJ>Ow0Ln^s$Z!|2VQ
zQ)c9%H6Xnnd*wVOE$*Kss2^=hziD0=Tib0I@WlgPDTxN0wr=A>LB$UiF1KL=xw
z2$Pk_A(Nv^WEZa3Xf8Ug>A4hEB|eIuqYkS#5xj0y){Bc7jQkpsAOp=-CNr`~%kv5x=0wP*yaQBIB}3(xLqI2QTU1YJx<%>hBy2FBXFvUTJ$SeO%|D
z+7O;e#i9B9M
zwW~ltXP+gR$BEU&-4{hoDr;Fj-gydcSF^dwTU+0=t3bptHNf;dG$b*6ylXjAip&eR
zC2LnT@07AdfnWr{mbh%G-@RP}EsJWSFE7CXItr~jBq$a&uc^z}BmS=sPlki_3}ey_cex3yTaJ49(C;P--?Dk5|_=F-_M^
zfUc3fA&3!l0xOMc&B|gOsnfc!1j}n9=H^5v$nc)z8xxJ?E~X-7I3tP`DGLv|a@(hs
z^bF1-(tzsSbJUe!JNp5wEVc=4%lxd!f_7pLL}E|f27osUTz^`%q?n}JJoyMf9tuo6
z{cJq1vK_)9c#)X&#!k#l#60GJpEd;)ZcpLquK{6DHCrfFZ76n6GiN%gD5TI*?69#(
zQQy31DBU65kf&fyT(YaV#u-7iD|j+e9bf3R6lWGv%IxmeHcQ&#$O=Lae25apbeIDa
z5a0L$UaAk!3nHk6oRqUw%49Ss(Iu!CI^)6Ra>p4fX-8NN@Fl^Rk$F|JA0fQIZduCz&c2o8*)0Ud
zVW%G-6SvQw-6nIfHHs~)Uq$QVz6VD3R3uh
z3GyhD_z5;FxLe*GKv{cV{2SvBoKSLUc|&s%yvEfHf4%NUz!#gD;s8+J2B$Bp#&_1|
z^v;mIQ}her);-wN_hrDhqq{Peg&T1-I6l}xj+8EU{FTrXUv|44|MC+0t%mGKrIUw~
z{Yc5@{Z?R+{ZHiI#5B2RazK!6^
zvOKVbyI+oZ$$h8aB`
zZj6-a9@|Kg9!zF!g)Ok-6uXXF-GA#U3zW-O3T69|IWp546`GkT7E>#{DrpQa_b9el
z(7(zA7N|-xxkAW%gK7YELD?zcWt+ujce8$d+|o@bce45hp8{l=zOF_(UK4HOCD=WO^9s=~y|}i)WW~ZjwJ?gP
zgbBaoI#tLAsq@1IWIGj7sEvmgxa%5@zIgP$BXsCwecbwX%(dcoALW`U)R3hFU-fZY
zddSSQ%KgxUsr$NJUV~b^H+59QRzMKT6@}m?GdW~oJ)lUC7ej$xI{7O!D_sX3w<9H6
zKjQU!+$G9X(N3to;oGQ62hxA3g_cdxRdW$m3%pdH1^oIj0=Fa`>o(Q}SqKCCD26${
zz$}BtS1cEe3Le6FZw9w;9zohSor+JP(LDSee!zDzuv&s@(&ukko5@fO+@1@dv})iJ
zpc2CAuJM9tMTmHafV5MlNHZ{RJ$#r#AWO2m+)@_Tdvrh|Pq&3Aum?GTSnWvk$dH~C
zGAsi6>QN)f6EN(4cIf2Q3=t}Mv;gK%okCEC(a=8lYDh$h0%t!i%t{G_lZzJ4Ksm-J
z%t?+&e{yi3HNm(;)3?k}%*_aE#hB^w3;dXgxm_J|i5YvEdsIdhhiJHq-6h372_T`zP?g3dS7(ZwOg
z0kJKFS_qW3M7xeixJ_|oRZ(J9u1^(e@r}fC*tz-bxd;?{Xk|+(TX*16m&(Sp+LFKq
zT~-g=EsbkfvVE{Ss9Wf=L$f>bb4YWo6wID4W5A|~$;$ph&^v<#!aV8)_JA@dIJ`m9
zUy$Zt1O&sTYDWZS9Q#b@qojj$L{)phW*)~~!3dho===Aw`|(SG9p$R+AdUcJZE@dj
z_aTH#)myv|iozUP43wKs^naD_c_vIhim?CyN@)L7zW-=k16cl0-i&@IZ~s^NW61yS
zADTKE*qFH4Ia>W+UE-&&_}};b-T4&i)5W^%eb?saR45`L1>Yh3Zb%OK*lzPKLH3)oA5Rr
z;b!W>)20xR&|}!_D1-Bw`FP^vb~zpxz^s-grpvF*4nBei0E30$Wvzz&W1|f!EH3#!Z2reyfE2tkA_zN$kMtp}nfr=~Q-p
z!-cjzpO`KN|EO!js=0bab(l3XHigk|kHK`*A>vE2*knuNywxh*rG44LMJ#U^w66ao
zX!U|KX&oOjg}}YGAuAwiAJRN!4w1CE{c@#QO&hRsC1wj{4wA&4C=?>kA>byWCzLqq
zq06e##Taxih(xQ&?HveG1M~~4P!x&t06C>!qR6$mvWnmI@kEinCJOt^o8@A1vPuGH
zcBjC`wQ0jfR{d-x>2&G6YE)Q(QfV)3iK#szGR=!OUq-B~#k0i-y6_xGBHO`i*?vM{
z!V`&p*CbS<@bB#H6NEHxCiw~DeI#?V73QT>m+ePqVmL6j)&UBlKURUf#f{jFZn3N25xM*S^4wHKH9eU$tf(~RBnOZO>ez80N-
z&@uJ$dCM25H(aogFJ@TEw7G@8snzq$pmMuUXPg6^CvI{b^)k=zbjf1|7^U|(n3KHk
z&Pm|!`SMSAMt}!PD%#&40#Ph_!=c5Qji1Gte_6;_AI>sO`<6Kk$Hu^3>u*wVkxbMAEY>N9zq@B&;Qw&o5JygcdM6ARy#
z`t!j*EjnITqNx}GAQ|JYHm(Mxz<;Fxg+Gj?n*RPn3BnKvP=wHfBB~!%3idmK<5w@n
zFBN%(fZ?L7JWt$XZ>o7a<0-2Gx6lKG_vl}TKm|BkIi#Wo_y})=gd2lARJ|D+7Be+1Nxoh8g^?x3qK
zd8mr#D+6BJqhYox^ErC=QGX+w-ay~uzRc{&{pu82#{c&OoPTHw+TPCuljc9_CgT5x
zz2ZlW=zmlWBb9XQ=HxMa;q*Xh@Xt`#y6vg4Idn{FHqE6Wj36BtkcxCKhUW0ZG%O^b
z*FQvb%R?E5F2LPS>2J|7wuMq31^45gc#b``kA2>>q_COyBXC(W4rHGtS)|9C!R#u&lJ+akhz+00
zJoZ+N(&nGGMNtcwQv66ZGpo`^s2Eh}Vn~TI56H4ujqwH1B5FtrhZLlrnkl$2*ybSiQys4{UQ7V=%>t&7e7ie!8AIPDuGZF
zWZ)PNBWt=h5g?{Apn9n}-h}lA(4creW{d77AQcjwXlrvT;IeM%^1jlf)voDQuJU6S
zgO$6@`8+k5DWM2CG4cBCH1+Mf`Mwc2oJEp%Xib-&+D_C?JS$#ST+5D%DgR8Ow9MMZ
z-t0^@fRT7JIpj_Vny@qoF;X#XjJ8YixD(|k*T-{i>zKH`7^!f!V
zWNovJzOxdIF_|UKb@CV}nECetV_*#jCIC3=Pj~y~`ks?pbGuOb%hGy8#*nJ}xoLG1
zuwOW)4EDB08ZfOt>K#OryVhpr7el^>2X+>}*vcj3duMLUP|xHmUQ2-gOa3htfFJyDb3Om^@5A=jFh%gXxf
zp3Ughd(H2hm{?TPC)VHwksJ+eA!F2Do5`;~X7L=;HXZ`pbGx<%1q27}M5Qdm7Ti^m
zzVzQvcl7Z2dy@k6+Q+uD#PAC|nY}s9#2d8QFdCnJY}w#`$Ez!T_ws|wf#wT|2OB6k
z{#&l>aiEAB9jq6Jaj}v4o0pq9SNh_`Q?oPqIqZ0+$Urv0e8f*$pI2<6bWU{6!5s#;
zdVd-2trt?wOY*G4PVG6P2>ROV39ItQH}K$_yVkGat^HJ3EBwC$U>YmAgFU?#QP9g$
zV`Vne6_9x?;Va-VFKeCENbt^YUp6CX9-;l}bWx=Sn9eaqAJ@@bA+3}Bxh%pnjoa1)
zvh(x_B^o9L0M{nemN`x&H3!v}xk?h(UM#`$)65-n81cf(ZijR_gbR&;Be{t!8fSS|
zm=Agdb2Do&^a!CXKk?nXBmF(aX$vSG`}k{xMP*2dZgbL9nIq25)A_P`o=mGG_y#Xx
z?9ovs9)@=+R=+6APOwA+eJqPKnzOaLW3=qKmHBf9_xx_zA4s`zNfsoML$$@`=J5qY
z?fVMJI`m{7Ox|`+The--`HktB=nF*`S8N+S^h9N>oDne#iS+e-_LKa(WS5<6;Pz*x
z`00T>Jtc8xR!)*>{V7%ANxYUbParKHSf6+BTzPq8r3VC_EkL3HqUL$Z7VPZcASdw)_BXtK4@;2)b&j+g%Q-eu%it;I3ze#yW{)P2li>?-
zG1s;TenU_al`0!&lXJGf9|qNTtGstgs~
zb7(9E%b2glYb0CM+Q-9*C{LAxDT-5I&8*Th&%f?NeT)|_D~Z^ypBH*S$z!mTO}W!f
z(nQ@g+}g_lA$>i=TuIBmYezH+4G0saTtf~u>F5wGHqf!<74|G&QW-O{kaN^0h&ve#
zDxg^Bhi)#pL|~gs7HK!M(4!zwWJo&k>nio>aq-8ShHTBn;je
z7iD)d(#*{!GW9ZY7_kgw7m@G@{F;=dpPvSigf3M(LC1L<&tPQHn)OYL3@Zr<3wjHM
zyiNx>+z*Lb#uxO$M
zY!~$lyi>FqeeU<%wFgd-r(vFBZk*9^_euBV3D55y6c!20!zT&$yNKDmFWLjl53Dn}
zBBr!dZ=Rj)BDaeNF;DbLb}(n{1<0Bxu~&4}CV_mv6`~;XdBf0N!hGn&$o0X50DPi{
zVRoKdajdL2aq2-@OBOtdQrSv~GKD~fiJ=yLgD=qFHzUYKBXj-Yv^hqR5{ub$gc&Yt
zcK2cnOeEDIlr{1C(mxgMrs%Q))C#I1~WQxd?{jG-YF+mL+uFw){r`AiJrt
zr)HLd#^xJ3bMF{dGsdIh8xuz5R%GXku_d9hDR^WyVM&+B59U!UYIvl5E?{)rBs-c*
z2A*LeAqFk@8Pq933@V_`IT--_a;3F$-WDOYDwA6YA~+MOiYAb3dvyKxPm
zf=O`a9J~Q$Ol%h(Da~KteBKJ&^ZQKf&BbNFdRM6!80~Qj&L79A0}6x-^I1r)lcN<3
zD0Mhw>%0XKu)1C25i0%^?7@~OHmv8&6ev-Q7Xmm*ys~sz&zK*v+}P*On}fpo{&2Q7
zIRvve7j`~2D15%!AC_PA@+vycg`-rVw0(nf6LoI*pe}e<-v0_XIYgyTvc;0E90+(D
zVGL0EDv^fwEcN9ej^FhcjO05f0~|2;w%IJveHm$Z^xd?Gwk`>KfT56bf%9gILhywn
zJ>z)$=%xTXgs?Kw5~ddr)2*+U)0{*8_`$dv%oB@5m1gSi$A`VNG-76^JK
zJkBOd26n2U8|JjWb3?-2srzKe@Vpn9EVW|ojf#LKGb^m9ctfL1e2y`kygI3)5>#!i
zv*Ho4WH}QJbDkm8-QQVjd_b*eXlcb+{6io|d8G`%3_hnjbTmiA7Oh&N$wR#~>&cd_
zxe8=ymJC@q6CRefih;@)JQqWZ
zL3zEi`gj0bfO7IaHm2Ct^4neK(IAanUrKEekqYSz%^8=xU42w%k-Q8}$*3O!*CMW5
z+j06vGtzVMU|8o464wm#`2q?eoqvCqY>)O$x8M4i=&p73Xb12O&z3FW;IfCVSH`x-
zCPc_Ed}I`D9>$duW<^}Brf^~4$I`P2CrAshKlfKH+1gZ9L8dk9V@-KUc4Z-mmKbJJ
zmaQ@N34qf)`p=Q2p)S|J+6l!vMFemBh3q(n3X}Jufhu%<#ig>}O@`^P^ZQd(K#1lbTQfhK-ifp9XPDS@;K-fs8q5i@;%Yd&f
zQng1I_EEZ52pRM&+FGouCJT?gB1ONC5OI@ss%o8BN-_@`hOq+f58nh5))C6Fh9Sz00PQ(YDq4u-l`s`F`!jP=uJ8H=ZB&+yh)tdquh)1oZ_3Nm-u
z0ufY?Q8tomy<%XCs1w;ssH)06KpnNozTuZCF&bD@uIR2c79Wz2Z>KN2u{IW@f$suRZuED4-Sy_V$^ZCW9dabA~CqIF%806uy
z#U6T^g*?8Kq+F$i@X^&cul+Nx@9vG+(6)<1xp%0qcj|ul7lv5<84pisiD4?dV(CM@
z9#}w|qv4po>rs2Zf*N^CHei`z&se8N7m=Qo53w4&+9AuC{&5}
z35aO|BedlF?T$@I$z-iy1UZlUJ%QIMsT^p{(6M=4%=NH5q2wAp&zt1Oj;*=^hB(D9
zn-_K`mK@a#+MLu@C)N&>`{4_sDCvnJt9P!Q)JhJT=IRzmq+*1YAn7t|YsKTU^yOs)
zU83~$#niHs>djyHWqHpH)%=y5=*cblKZ%lesS5w@7!%VV9YlK|cgrB6bzEM+G~uWW0IfDQh^NS-2z*vRKu0XRdhmBLoI?N
zy&HPrlf`jloB`Rh@}>HisFvp{l=hV`?>rS9wxRNakw-996pr{pebQ-MT|tHEhc}m4
zd%Wcw78EguXSUs9U??J3G#KabxMKtLL$@uSB;AqYCUs8OJz>M6Oip=cJjF1oRVl#hq$W=P0(&l%?@e%B9^
zllnjxQ2fa6bf=kI%dRpy3q;(==JFP~`5!+g^cliK2GAvaf-Qs0cshSOHpit&q6n3C
zHsasLdZMF9q$z1ov1U=4P=!o{p#z#Lf=!yh0t_}lTq1WJoP|8x=EMn|ZU)NiIusxD
z^1<2Vv^HT+c_&ZQfB`+{1p31u65VDt%AG`6@Q;G8eHH{?^a3qMA`O2JLtc
z{3>Qf+qk!MBu9~Ml&b-Ke$^&yVcq0gz8^5|09%jA8eGWSCNfyG!@>(mnc|zF1CDy<
zSHN6M18&nGZ@>cJQYu$-EYOSLIW5Edvem=WE^LlYTa%jAGHP;IRh+(DyJ44&>yI1S
zeQ3_1)x1mY{@N?dIoKn9IF+qQMP6T6=8?L}#WczI#m-!Ej_`8MI0q$8T-nmOCp}#k
zY7ax!o{j$2hak+2_dQhrah$y6FrPPFRxio5Utw=1H~YZI)d@@#F}AE@iiB?II$8!5
zeLLs0RpP}XW`Mxq=F-4ojS~6>x=HurR~8FALcwt%{wZKo6x}d5!i!gR%srpFkUw!+Pt>ZHF|uBYu|ob6@(C3~)9?skv^&@BMKq16#gJ{N$SGyUys
zpzj+-{;FL4TlENl!@pkW{{cqZ2^oc6K~%5}7DW$KMIohE7_C<|LffCyP`M3Igh%Sh
z9OqaSNvJD&h@Z(_wLc$-+Ui{90F}av#rm2aNZ;tJ~?g0
zJiX>@DYNEV-HZcyp~nsp!j3jP&s9&NED>VGeyDLuBrjp+V(iIdXI(wLuv_MT3-y%EB>NV|5ZW>%e}PT+Vc6DL+o9atjgB5d0oLPT
zflaHmoK4nn^d$Z39UY9FW@;T}Cu5PkL=PpmvEtW?AYc4r%5uf(p7_{G^3AbuRZ>!z
zamMDjcETgCCY9W8;|>SLZ$qIg0Ly@7Bm?rPCp#U;_h?_oa7j!I=@2puwF~RTv`Eqq
zw2N~jg%z8}BqDPOozEKD#*S+Y(?nHtd0D>%W6h&sYenG^&2@vwPm?kP?dFj(OX
z@cH%AqF*ug4h}Y^E`KPd0k8}gR}HWX_pH17q%q`UxggEJ$4*5J86T=BRP^_ib~2~H
z&@tq7eWqC4JZ1v}L6;
z*g6CiDTUI9y_K7HcA5OJRM%>n;<8OHVsE(aX}G%i%_`sOKs~hwZeA8W+KS9L9lVJd
z2RPVTo!ND=enoa7t76Hnqc?k`mxRbnMD4!i1oa7PHbaH2`Is4&T$rwEoX#vs2DVfr
z`F`thcNx4Y0#(fdHXEM7DN5R4$y9(>gf&6O&?1}Fb|y1%xtKF{I~W`c4>q#NPWdLl
zZ^U0Qqw!b?&N8Jrfo2bsa8BF(ebW`HkQ89JAO4M1cz#@9iW#oNx=HxTaDt(wukARR
zqNdUb^a{P#aXpD{In5?>eZ^JBu3);?fNM6lV(pu?ug!HOI4kyaeFGQFNt}zgZ%a*Ba?Q1So)@;kW0pTo-Qc05p;kEk5pxnXg*gc=TqF&
zd&$IY)+l{aPl<`hH^JDgju|11WDPMBbcYTBgUt;6QoQ2V#6H-Tf*%y)3lwz^N;(|k
zDMl&Bt@a1Kcn;RxFM}D#>p_^`M+(78HBrlNvc5iT^U1vO*az|yFTMQ~$A&1L%p-R}
z46)H5Jz|R;7PK;5t98S+KLC&S=s(DUX^ER8@rMXcqF4ol2A}Y+
z`LVHai0fibuNMbp^uZh`l6`kOs}w^D^rcR>rky+;EO1!lHW==n1DWMUpIKUvpW=p7
z4*Zfk4bwA_i}qy5C2J{V@}}=tE;liRpJ*)o3JYH3o6ZqD-#jN%S%nWS;pfFAdQ%SR
zbmv~9s`T40_mr1;H7|`7G>VwqMVVZ`iV`O^BW#Rv9$jw!iZ!jBDDnUy?(YY1P7shw
z%U!eIS5>k9cAGcpFM`PrXZ2&Q<{uu5=ZpP3KR7tJF}RyJc*}?W+WwvX0@SDag8r4+
ztH%NxpP|6OtXbsw+SztwH*j%r@K^EJPg(u#EO##haY#T=Kwv;18EYAttC_0<(tiAI7D6^hGr+I10epV#WPcF^zYj3_M-U8&my-cj
z!VH&fXl^OlWek8pLyIUJC2n}qRKvds;RHVXvItzvP*^J<~t%zN1t84-AK<1JUR{JM^3
zIFv;W*-#}3p_Wc8V4T7+uvLqiB~1Uv6gOn318`MLss8*!#rPcvKZ7_h>G78p1hAXV
zUHxEs(rF0-hU8#@i=rqZr?U;6Cb#z5sg`P1oOKX?8I$W_x3+r@WGf0-L`4L34+5sxOna7uT4h9Vy{QP(+?Jw9^3uL=8aV@@sv4AIABU
zq~*K5lwIvyENxByp|+U6)aGhKK3-c}E7vIXm)i2bt4*%dg?y0dLCH2ynDU*E05x}E
zka&Z|wQrV}$HeB-owo;wqOiKbxz^f9>dn&U6p9C{9ZwGR5Nq3mJ2(C8m8RJW`!;!8
zVL}}5M$hR(&8~G4;MUTeZdXvz?9qhN1>e_%8C4kAzzN>@34*wx5tL(~MxWp;Brk&2
z8z6u~js)s(p)v7x=Y?4UEzM!~q*u;8&kn{APS9mDK1>yDHKqu*9yOX&5%FoWdmRx|
z0++o%eRplxRo1S^WNrqs0~vm$7nq&TCB~IBma*w3t!vB?WlW3Sl$+qaQ(_pz#^Te1
ztlVt^4GEl?^%l`^m52@kq)qj04Kg#GTMs@BKhZs7A6bb}I1J%8QL5?^^MH?rgin)<
z-)N(s>7uzjmP?(w8Ou#9QPd-dKp?i!mQ3BEzuXcSMqiL$GY&04+l%h}XqJ*b>cut&
zXwT-i+9UkA_M}u4I5?Tu|4cTMM$~5oQA25%>t%tNgFrYZ<${1G&<~~ENp(l0s98Ta
z0TVCD?h_uVgS~EZJy&VIc;!ubSydFIv8+;l{!)Gf?|QsnbuNHuJoCY*dP?h&UN6R7
ze@FjpP}}<4-HqeQZDV2r&CF?xQ8VuAb>`()&o$k$ii)#c&7>agKr7N!$-B;DoH59Z
z*w{|SAUMGseRbk+Z>7z~dQ+;5EE^-*&_%eqqqcZlBEYa*54um$q@m)-wf`0U7ohqKl^$PrdE4r`)gd3)H_P{%@4r2)Cy2hu4XoJ+CH1D
z*42r}k2Tgh!`ojpZZ`D6>;}4&BY%WXp7;Py1euX3PI9#Jl;h=DNV6dY>?E?p;hIDpoo5Yn$IOh!Bv47w@`C)^%2*E
zc~;RykrAETlsLqA=f@j74`^M*>-;>$5fozq78cAfWrF{{HXa&IL)cz$v~?`|l*8-t
z>zYyfy<5ec0fi<@W#=&9ORUADV&yY;yD6ZW0+ylN{du6=0~CV)kSzN5aw-aOvG3AP99MDB#^
z6yZe3A=Lp=K*|AMC-X+&6?ucsJ9I{H4RRsU8`m8NCGbjs>=AYhYBET!SFD=QCP3z;
zp9ZC|XA+9x;Qj^fdkB@$^;DPy7zPpe?_3+%FOB0LF759aiZ2d+|C1OxY2Y^>xicG>
zIQGcjeUqg^ea05KP1wMghJ`_h-#ay>SDNjWIyW5`;{`
zFf{3#vbEtH%N_J}$PS*=NZq$P4>TcX6(V7ZLDMyzgL
zalMXo3rBpT4m23H7Az@US}%kz5W*wk9l`~mrBO@Ewpj3r_jqp1W0J>w!q)7%>E&^^
zO7w>DDPgK#%~p=aa?h#V#!Ah%!me^~a`HV+>UcSkQM5QHp`As8G_OYcM;W*9Z&)!C
zrF+izGBP1DFlEIds(NzeA*zkt;bad&a)e)rq3=c2CI0$p$_V}U(w%D{-Iqn>glAt*sMBwx)oC710;Y+N#}q%i=k
zK#DE(((4N=yVjHr8<-B6`m3PnWvT|FG6uHa>)B#w=yEhUA21fa>M&c>s_4hUiy35oQDIyEu;`hRt4=9C
zgA_T9BtG?`K_fbZtKaBWb2>`muDJ{`IPK`kC=B4ec~0g^Q47M*zG3?C3demagbeQJ
z-DJX?p<6O0X3_#3@m$@|8kb8jKqcyON}mF;9iXkUXzUy$6P?T5&UqJPC;G|bHL7Qp
zJd{j4lu*z-^;hUZJa0L1*LvqmxJ>sC(Rc7t{8fZ>pwQz=($)MU7WNPkt;!sy@aQHl
z)&BKl(AlN+pE|oO^urpr(KURkRL}QVU(4Zt5a#*_-3um;6zrXliOx&xtgmLla0;VB
zkk1%Y&^YZJJy=*{caMN2+$ouhMC2E#wD4|TBNMKS8LcBRSg2!;eg-Z7>uXvSo7B-2
zlUWLH%nxrz(Zkv#BHIh*cgz|R>EL)*LdHQZK%3shlUvm?K0-p0JAc)??97sm`_xE`M5a9V&7ZS1qPZM-ETR0FZ{%2
zSLT^3wLEC3t!G7(2rDxqwKvjmWi4}^8uiKW{&ddCBnU~hLYTuMu60dJvuhiB<=g!bn^N0$dl-lpnPCWNdN1(*P
zep+_0$h7>cyt3JMfVDpC}(&f1Zzk2l`ggv%o3hR8c~N9CocjHzH0kh(9X?ZkA^Wb#R#
zQY`3fDsK`Y`&_#0neN2L(3gJ?ZIGQ3hZ7
zo8u00Zebx9eYo2Z;lHmo_eK~b$+?t|cJ~-;V_MtRe$gX%v4D7Kw%ESoBRAcSU+J~L
zJm>ciLL~{b2_$DC5f|Coqo_=4DwceN1L6;XXd-$`7|Vg;-gzi6)wAqWaa-)SLyA`b
zaq$eKpg4is4b8cvyDJfZUKd0#Jw?aO)FGC;aH9k}E%nU=VgM!YO|*QAcuqis5lEy6
z6Mv1E!itq+G&ghJ*AYI--MZJ9@8xR!hkLx&3`Jy~~%^tNRA%;LTIeViXHEK@zVT
zJ^eF%FOdA_J%jC5F}U5N8^hq-+Zb9?{G1;7%5Dg`UV<~pFL3)&l0@|vlB+PX=HGIF
z5KL=4gpfVu2n$H*_c6=o$3^L%P-U3BJw)`%C|P8=^QYXh&J*>E-vcEN>d7l53pqT#
ziEN7+S|x@Y%~~q3|3*V7yIx=~quqCtJppYXH@3-peiT3dxaNhwam=^%BI5UGPxxHr
zp5|RB@wk3bbxq%GKOLvz@bNT*WJW%uLnOaj4%)lFkmSa=Wt@F7xA@jgas2{o1>=CC
zg5DP|xtGPb&A0OyL;L0|B>RcgISHKpol%@J7k-+^gB7rs!mInktBxo~fqLF|^i6@((l7L7^Q`buV%_Y?Q;1ZY^
zfh^s?;o}j1Bs21gTNo~Y-x>b@lFTT$+nG8kO3D9mgcvnjXA}T)%id-=U0vLstZt#K
z7s6^mA_^lcl$dHnWSdY_Q4(mAB-h5eIBwG@_=FP4NgQ3kIdNC4pH|}!yB)3nl()U?
z{>7X#`fg>FtiN%aGkeYJY|(4NW5Ri&<^K6RY#mrKpFIB|(d{*jl^fOT#)kL41GW1}
z+ZwW~{5;I)fux2(&G8>B_H3NI_Y(D7gyYFvDh>CvK*{RmOX^5O4j)H|pp?bUNF^cT
z;dIYJ$Zq*~HzCc|$(KLuL4|v>~rYcf>YSJ%-3lHhj4zg@*Tr9vDm;YdF2G
zf`;U#wBLD4g`)t;g{Z`cZ%G@e+YJo|5q(-7%{HfAJLE`evV7rWb(zAju43Mmf`Kt-
zrX2e+y^h*btQrW}y3W^=u}RbY#tM=_azSfu?@N0{x~m9Bb~IqR|G4aOW8<**c8lz}
zi;x&WB2s(!TUDEWa-@60(ShcjNlMFDJ#2Dg;@rUDeSl*wxK-H%4F6zGeTrKmC@x=A
ztCYkZLD2gOO{#RJ)i)GutSW3E#BK?ES*=tS{n~7)=Dm0VTC9S((->jt7U(omJ9uhK
zc@c(f$48wPxs2eLI+_R?Mkh-@fJ?D0<`e_d}hA^@&od&fSWxkZa
zVNxSlZ*NcxuzRqoO;XHbUf>2ML}lWL{_kC37geoYbJq$ct=lDBnc-qaOb$_s+}^^
zspVS2r!%W*Gt1trGR*-Gv=Eeosw_udU>fL0CjY6Xzcrp&}
z`buH7$m}v})s@O+ts3*kRd3ogG5M_1zAXs5iZ}VlX-`Z=UKeVO3rJwoey&NXM(qTm
zgEYnw)*;i`B0&_SnM^3T=6-h0&}kW8=khx1>=CG&S@o$a*Oyp^x7qZ_DLp3?;blng
z_pv!vKO@9d>lBpq@XrywQF?>LgFIz=f;^fdddvKk95p}Y`rC7GuQfz!g7omM!vTHA
z@H>aqO^<%Vc4~ZP>Gx5ZlEB75Y9ArWz`mvL6A|;vMoUzqNlXR3IvHf@cf^%K&NdoF
zARO<4mDQ>zxd;Y#f_&8(0c)y6HGH)75j>9+nWvkP*o5+uP1(t6#8fa(g|8t_p3u^f
z&D>(b<91x(lcT@a0vlk)pY4LX=QnXT!vY?0noX)L-^{#QDQWLEZ~Gw~|9*LU$Jd*!
zx39oU&nkiD)<8cxyXK_p<+08>qzHZLSe|k~d#fUSxTN*Wt$shV2x{uP9bMU@^7wLL
z;>Z^=|Mcu3%t^NbP(jTzW
zu0*R_yPcxdE3)>T|L`Ux6xdqfS0CRF@p1%C7=qeseqmUSgBN4B9=Wf(6qp00oMFp1
zPgp){mu(DpnA)WGOpQ{0LQ98k`Y<3l;;BF-I8SeP=z+kbhVN58fNRvW_J0vB94_@X
zP8r0oPaN{1F(3pwpZAm4v$mtw_;vfY(~Lb@eZ<&#n&)Fh
zesiS)8yjZ}5~Ug0cONLW(n&RAO!`M(x0Y}Q^nf+vz$b{{2kZL4+YI8+GIxCgP-M}MgtrfK3IDq5eietfI?Vq
z88ohy4MU+qbs+FnLMB7*uFr^biy=N!XNC2V8D4PlcZweE0EU9ALVeL}3F(k`DZtA=
zKoBuI2ndBcEHWB*nz-n53j4-LX_{M2Gk`8OJ6UQ5aMR9u>&ab6>XdbuFnS
z`U*AGI1v->nY)m+T<>^DTZWxE&vPi!JHXCo8%bOq?Mlm&Zrtlo_t{4nLKpGdvwn6Z
zL)fd0ef-dzoHyKp{vf!9ppQRNvy^9ltRsM&G=D3}Up$!oD=U+W>re+^E96{K67f+8
zTIN`>_yTH-3!OE%5FffCb(M%dIL6$)@XiXI*B@cmF-bVfYH!W{xzn!`9>|V~NXNdv
zExz}?jqO0JfK}T#dYuO_akMr=c`#L-QG?+j$_=Cj*#kxSA|GIOVWFJVLGeu1r?*wK
zO~Ir-BLvrnEJS?r&2{SD6VY2fQ+Gz$^D#$M}LX*OTGdiAAtnhtfArv`882Sq_qgntr81%r2#?DfGUd_qA3jEszpt@B}Ai7LHqS{-OY5CcI2
zQB^=HO)Mm$m#`vKj@O;ks`I@3lHZiVjP$}>-%W63Jv?1sLT$kE_4Wk4K|@hefN*a}
z8wsf-fG9j+_Q@PJSFuF%hm?2;MjkA0VV;v^@1-aDc*WZhe!a{*QKbTmM$b?fsuaEL
zXeAc5k*o2ZStQV1Co9=DcmaAdUk-B2rvf7#YEv^Bxk4{mu>@7YdE{PHfee1}#sV51q}+y-)L_u`SrXnSI2>Ja^!aM{nYl
zOx1?~+41~VcE1Q6DyDYMmM)fVrb13mh91s;SgC7#mwX>1Vwj)AOmL{MHl>RJFnA(8
z7N(FSDia|Q6R4{JOGMdW$p0aa4r!B@jElMBw^ZoGqQ1pnv_8%ZgO=*w&{WNW`T(F?Q1K6U5!#~
z2+g`e>QrkI9(77nu&n5FF6p$Dxt}h_H*=88ix
zb!?pbTt=5a!!oi>&xsHf(OI!QajWg|!e|jX)U6J8ZEb4Kdn#1WPD$*GS?TMoH!3(6
z03I6*`B+x^@fXvx7v`8yuHUE`qkv&U7)@EwCl%l4-O`_?4l~yl2ia5V_wdiEsVcjt
z*aX=0+-H1i$JJ*W(&!`3mc2TisvTG@Zir4%-F+Pr)Ba7NJ|k%l|I8d{!lXN>#mYmH
zk{xQ`!h*ir_=BnH1nM03su}z7h|UK%-t49HaolzEd$aiq8~QnRH)an_@sRcJz*~p0
z2ActZ4iAtd{yJM>`aSS|RHRL9?OjY2jI03c#UF?XQQ%V$Wu+7!f6Br{KwdCe_s`!2fDxBg=trhQ_u&
z_g&dMR~Oey0s4u?=W1+7zO5B7eE#u;U{q0y0e{cAfjaJLsQeaVAG%MCP-Gl=9ceGJ`k<;CB
zY4K0k=*|5RH=@+{KtcoSV+Rv3U3<<0QG^bUv;`@A
zJAdPK#lP$*wt&!zNsrBQXk#$WMR=3gE=D)bD*MR%lk6n-kRE5y?xcO+*WiuuhJO
zw}|F>XB7*jo!!Tcrf7X>Pb=S34R$5>ObB%J%%H(Y;SoClg%jjVXMZlYfii3=Z
zPOm_5^Rrw!S(q*)%goD)`T~FT-eKu2Tou_v
z8Ht;_XmE$Unp28VjEX|1_`Lmze;%99WTKFu<`b9p-0B_q8yoBdiApDDut_-K%}`fI
z_sMZG=$vu#MRTwP;b;gTei_VOM!%U>Y<|{35+vS_oLD`^(JDw;dw^Zw@)tfqd@9jK
zHeqghj1M2sfih2-XW_>UJ7r|c5!9?1CAIDlEE8}J;|H-^+4n8|0j3qMYNKcccL)02
zHmFCjr~?4D0ruNx-}JxNtnv@L_zze5cTE$}7Zmf~l-|?UY(eeVj_On1?8;-}tN~

zD5P(FnGz&s9foPiMi;BX>=#nuk)M&E?IuZ6XL%)U+WiH2PT-OkNt{>6b$koelhDPU
z$IGY{O}2X0jKaclNx@F04Scpf{J8a4-V+VENYk$j$(Ad-ue%^fl4NLd`Fu=WGzl5v9w^4v@9y4_t2v*vA(1@ZsCcY0m!z{e
zgI+dUKkiuB(OUXLlTDq2=9^nbOW_X`EZ|hDyRz(}YF-k3(qcmxT@P@Js!1LDSoDfZU6@E^DL9oG!m85Ea4_IxXO3-pjn5u{aPR(4vSTFbYZ^r3WH+~p}=w>?GHAB
zw;YEfk95F}!J?lltjJf_n&fSnSJ`gYsIOoz)4^|WMejZk(2!VuY~vW6;BVh#6==Zh
zpn#y9AwZ$0t-~*|grq}j?&;?FbhGzqX2%bjyR|F7tzLEw9C$kPs_E8?Wg(D(P?Mjz
zk;9yNpXuF%$6~5&s`+lNyWj|~^kSf#QJl!B*_p|)KcVU^&CO1^eVK4Wx?q&Cv=E2`
zAD;#u{g?c|9J&#Q2n}+J4i|qg%f&11i3P=k%Z?)<5yZLV#3VBb(Hh@|s~ct*EQzz}
zlG&?uh+w&?qhV9uMjCGK$D5>tF*5LIE%2H
zg*Q>B#nc37BfZJ(V`6zGEzFz|8aFRJGk)t6PdQ+rYGz|EE3H6Zb*{7Gfx#lRxqK0v
zWv0hb;9fA-nqV4a1z=CjaWE#$Y&2b8p5({2{NQp0p#h^(Lw+_S`<(#m%~aN_qnIGhN0
zpJ~)i`dIv%>)O_O-t83`iV04q9;-M-Ufo`|^)$S*A5&F9)*rd_uyDhyq-g7pENLpjm9=;1_<4SP
z(!I1#y?Z42v5h~z+2gkW5yg1;(e_>5Am@TjAxBQX(gjMC;}7Lc7V_g<6?2Fd@*88C6C$yns)8uwhz+4j1{7*d
zGIvfehTT>n-oTE^To|(#&Xat&0%E^_T*Fvz>+QgCAJ}fsBY5oi#!Vng>E$a7URtqS
zerK`v848=lX&w<9uo_1!IM8HAE6gS+AS?Ra2dADVleQkwDbLgv@_jKQLa=PLcyjGadO9Cz{%pJ^q5Ex8iXZ3>6vq0d>JA%2DWA0rQ!Xho45sgRN72
zPHF_{dqGL@usu$mvipTXKG=KazL5bXU05qW5)8OJF((QZ*ZnnT43E2AXN}Lr%FXXcFyCD>hKztpZHNid9pixo
zYxAEapPK2;+==6>{ph*IibEIhNaMCxdw}KAk2CjeZ*H*iGVOKc?xRq5%$Mq(sPxll
zK2`z=*=8@R^W5J4JW^rM?F9Ryc8df2?{M0`Gd=6CwB%n{`M(x#QT6n|`O(4xP2(W7
ztc^eFWKx9NflZle^1}@vH6#m0{d-jaO=(
zFD7i1W}2Im!D+~hh*NHu?PXj0K_eM6#NsF*TS7Id5`;kg^tGkp3pU_75F8qPMIrOA
z>wgBG|IPvGfBc|7vp69aeM1`uQ){b#QQ%Tx6VN@pUvR3Tu~;1!yL)mGH%!^iCZ75dL$Sn-tH_lK*qhdmidAK2%J=P~Na5w(
zKmYMq+UV7$FX3GLt$=91Uj08cZu})6K?S~l2_+(;L;8mtqW|IW=!-&e15Nj=Mny<~
zi9UZW7#NUZ(CM`uOPlk^GQdb@YQP^uYkf!kdQFK_p6PGjZ=Zp-pp*P_tj$z}Xc8#6
zPTeugn=F_|oHKux^}C+`{@r|dtPhQ^k<@OeVheuZs219U$;FSXz}VZT!~J}?p`cME
zxT)HLj9@7;5N?A&7*adJ7}(z^hqnfeysJmYw)WeCf+cdBCC~HOs~i(*2&km+Yl`(moyQ4HM<{1mzD^LJr$k8~>66)Bi2VBlvavENN(E>|pX=
z)F~po?F*fw226FSKKk_o9BG8gwJ{wv;?G3UsS&g>)COLul85vHxRBC?@gLKC#Kqla
z+`4RBd~+*?f9dU~l;;<=pm3?(C`+yw=L@Uba>o!Oj=h~kXWmZ)kq>fW-~el>8$IF-
zrhTd7;V~)GV{>iG3W4mwA+I<~jy7#bLfYF(iWbV8{%Uvi+N0cIH-JbZ#e(J*q$3jd
zKkF|iO1(;#ngS^Be59CMNROSWIga1-5p>QdyURqdTo}}pbu3kR@LI{J0a^7P3{8Gy3rE2=feRey&
zJyb$gbreh=0X)nm_%BXlvpwZ?_Yqhp609dYE!1ovppeM8(L_-Q=0Ncl!Z>2i&(58V
zU0_i>bdU%aFfKL&ZJ|8T!JZW8(R8RtzPTWAko-}>vrZgVa_;PO-zr0?K?63t{rSc``>5v
zXq!kTyEkZByUiY*^NS{y?fTR5gZCP+7Q{#Evcq=%X;^CMUg2Lqy8Y|=pVdU<-&Yec
zD<@qGQ-goS9z{bJhyR~_b%cIpdI3{dL)TrhOCZ(u4Z#T!_`^DQOXqqx3_TGBvAW@Z
zcx=_DZ?Cd?!cEm{Ki8uAo-f`zw5`7dn!p+L7D`g!F|C4Ul5ix{HmqaV!h0On8{qR8
zPSysn*;K@;8uHM8CW^4|fTyq-N&yL?zTZl{^{-lnz)Ho-S&5V0bE`
zHNADG92oU=YE+IJz0sQm$dUNhND;PzdQcL7LwfXL@icRfHE!|dyMIFrZGBL2ZpU^J
ze(wQ_P>BNhLwtQsOCY0P!ufkE`v*+d7qj&jkMb4Z{%h#={Hs21@!VNu^~JS1cw^-r
z_EMY%JD-%4>MpY|$7*>(oSEv(`zBilj`NSgv7J+SPBDaGN&3qUw3|O&JN%G;r??(m
zfVhZWWqwAXE+z3uZ?WXaypTF+8dsa(+VPn(hGhW+!Yye6WQ`#j*e>O=4m5+@KaWq2j_xGX{GZKy;f`M-%=~`?@MgRWz+GYkr
zQ&-WLQGwF_-o4hu(@|UeLu5HGbO0V7oPg#K*oyfAt;&n*Yv;%=Z|<&d*-*xi)P{+6
z=J~ZA_yIUb#QS{~Cwr2iKPq-+r|ia`enrF40!M_nAgqBGJ-e!=f5T_c*R;
z!#V5U)Z9$G;Zs|=*mn*3+RW8mcvbDP>k&DE&fa0HIBRN$}w)fb+hynsn
zG%sXzVP~^QJEP8zh)sYT{NikAPM`%XdKSg4;9H{*m`dUY5q*RRafi%(YDgk1csCn>
z*#JlM+-HnL5d{%MH+&oflMoU&S~giP94fp1U^{5_rod>90embHK?yM=F*
zc-~aE8fbN4&37G0Bv1a~Gd@~1DB-t%9??0f^l0**y$KIB!=mh8{|Wlv@{s?|#E!qv
zj=ba7OfpMDf&U&A{zbBBmVf#Q=FL%s&b*om7X1;%m&4B{htYfWO9;VXwsO8=>e^0b
zy2qv~r?vApfO#-|T|HznJc33f&gCzg+L^NEqm3w=Qu)YKuQqGF(P?
z^^Fs;Hxl+lm1d~(G5u8L@%8W)qML~tt;S~>c+-s0a`DDjt8{!7p*Ut?tC4fU=7
zK8ZfwFG!wJKU3PUHK84iY0%+TpSzU7*H0?%Ha|z}
z(U-RE>CxE%(A*tvQ?jOxTCo%?K0^HHMx|WYP^vNu(#Ox_iIwg$AFzKQ6m;X8aN2x~
z0IRD!A`MPpiFcubR2GekpZXzF7CaGUZ-~7@7Z*K5
z1o$(6U)VY~c|ok`M87(r^tRrlU*!hx&DMQMVLN7pvV`sFv&dJtxxPJRO^_ca|YL`qv-Pv-2-ci?-g8k91
z)6`tTYGy`){SiRIq*a9+uyPPe2J|PZZ(_!z&F1{vs~_OtbaSsti;?Znv=(IrXvREf
z-xb;Rkgp?T%wujpEt9)Azpwk+16h;nl*YcV3$gfZ4&jgOXR<&O>Mo84G~qI1Y@!Sd
zCM*WjJjjK9zwp~={bC^i0n1_pEiNkWUdp`yXTVHVonghKwe3agaoo>P4z|U_>HcY*
z;4Pb2yaM9M^rUd3`hHju3W3Jfw^^?d;!xug5eocmyM_GGf&`m@oYQF!hD0Jrs{*b(
zRCQB3O_YFc2P`lZG`G6BxJX@gez;Sho8l_PKw;a69Hk7d{?0-yR^d{OD-1dZ-WWVQ
z^(b@)y6}t-8;TTi&doHs`aBU~EZB)m#{2^#hIwVnwbmuH*{^2?zEKCQ9j!Egjn
z0hhg_kWvL2YPC<~_>*ZA0UkG0;Ylx8c;I8N5Evn==OJ)eEAoqg
zgQBGM1WL#UhMdqqQ1gK5aRvVfGS!D^{ifUYRWst;rq689RlFe+s(sp80
zM?8q;{50|+Rbb}=bo}g0#BMS(#Uc24s!40T0ac(lfng?VX_@>sr}Bcz+3jW&EsPK8=Djo
z`0tITLUHwv#Zz2y_4#1Hv%C_%c3o_yWB7P3xJd9)>T(TtH}co5%jIiOoq`XA@*m)Y
zwD2&&#@yg^PCrA*VNH8txgO4z8H|mL-_BnTX})0#z^apj`&-992+52zrzP_`3%I4D1XyjIM62SUM9cTfDQOus1E+%@<>>GvU|Q{%WhWO={%~LJC;C=`-5vLiafbape?}?Ah0Y^-^c0oUhX|Y%OYTk3z}ng
zHU{~@Sq6IBJW#y;r1uIj5b)Q&Tznef-=&V?|67$3`0pL@&p#SyhCb)QBo>tE`=CH7kz6&GVIJQU67;(LbZtj=@F+SBZge7Y?zNHt(O~2!<2p9)R4=Ji
zQ5O8kRs~}Lj4IGb_5kP{u(@?Us)IZkVl#eZm2C7e0k<{`wy>_LS=pa0d>h`d=6^GbIf2YHAt
zkCRGD;pDaVq68pA`Wb8ikwj~$2hN~K30^%>%?jAmBzfF#2C#45tI@N7Y9Fz^U@C;x
zJcCjZ>Y;?A=S`C=fD@`6D!{Vwc#n(p{%vwDNZ%KPoZ$e!D`Hl%mp0y!{Bo}f&B)f5-Y~OI0Rq}+}G+hC;fWqKUZ`qPD#f8d-
zSHG1Eb>sYzlMm~M_2GWGx~4BK{ePx3{+$V?e<3=9KbbH4e*`}G|9!RpkGKC<-f!`r
z*`fjkDH#O0uOGoY(T^}DFpgNdyKk5<{7{Og7
zki#{{D2>-WW|r*88j@>G22rbo^As*-HzTv?xGi9X+_te`D
zp8T$?CoKh&e9ybs$s{>1A8!O)1>`TeAK!^f7yyw-dHsQ3Ay;wxNKS>G9{q9{?Sc>RIx00ar>TM!N9iP1#}&@A(LEV+)CqX
z3rS1?LlBD~6GkJ6G#_IWCTA`62nvdm=->%^kZIGe^?qGi>KPFNV}1tyG!^AXA~a!>9=K?x|(A)%O0LUXvQ3S69QV=oa_;pBMwEI2gVE@@&_=w&NC9I#%qB7sCvMuvXTTd
zGbsicZIUPbPhz@UH1Iq7t1G63e8tn|QgS_2PLs@O49gQFu_>9~1}_qj{aQIHGSE`L
zW0oF6JS*hPJ)+2#n?z@UOrcA54>Iy>oTNu6K7kI4nL0D@Z|V}<&RqNurn|j!<#q;F
z%WmEF*x({hK#vtYbALY-44pRTEYfZ4Y_cC<^dHEDA7#WVJC;reE8$tg>S8R=zw*zc
z^QiBENivVD8@PI^8+>G}BxT{0*52*K7oZHXc>ftB+TY};|G*tde;XwJL3;Hc)*@+b
zW&EE_B_k0^RZ$6jXme~l1ubaI#+Cja2eg9>aF5u>NhM(P3_-ynJDOLUN?Mh>7aqtJO04TwrRhjuYna
zal?M&(RS>`^BRVUzKX8pEBU9*vW8p~vlr+Z!IqUFqK(1j1wsBqG
zF(@cJv>#RDO09e8s8PbAvQ4*?$`*f;ZT4AxJ=G4bNoN26Q(YO#cAk@N(vVtcZ>Hp3
zMSBYYLC*Cr6-Y=kmppW3i?(Z{kx`{V1&K-_|WwOPY74h_CBRIcfxz8R$Tb!)HfdS;Lmt
z`pThI_v5DyaQkUA_bn=Kvl+z7$_?0=WXCwI4t*ZoRnavch&aa+1TMR$*^3C#K?mlt
zCVTR=UHmLFUxee7>S^TqGBEwA%d05No#w+P8mOHLeKnPDY*^Ov0@`%Ghv3A1+LRY|
zR*H=qJeL?yL)+9cQGthV(NQI~oy-&!R*=O75!s0lbaobmrFa+?Ag)4E|K98s2!CsA
z9K|c%juBX~F=rS6#%4EIl%{8FhnMp0kaK$u+5bMb@;IA`Ba)a}R3V1x&?(ejrS1J1
zmhwz&*W-Rrvj3R1EOK*zne5%rnO5g3tAg}wehT>7B(glORw@`l(E^6x;E+DWovd+;2o{JshL@I(XlC%=-GZ7C`ctDzqMEp;}$Krf;@k<-tJA4^r%2Iak==UpJ*$5R5$XZ6h|%_d*`Zd
z<1=z~NSB#g;gtZaBs66*uHz!;L$){yKNeoYmyAG#xV+7*8;2;IR%+gV
z?FX9O$o4GA)?Z|wHwbL0a
zO?3XaT|&2OwtYZWs<4Jlh5XRL$wNswdOw}Re?~9{St4d#z
z$ZfhnjfcLmJ^VtU@x8g*xq5Me;)AMkXcl*AaJdDyZ9w?xI9w+*rbw4
z;kw0|(zUJX81$Z=Mwxlk>gKk%LDhe|6*}e&bki>o+k+*x)~$gdOU_zVQ{~V
zJAo>)fwC9XnR5w$Zfj~#)^NQuM4{Ee>#^AA(RM1ULdaHMe_Li>!GyM_YBr{5=<3^XKKveDW>T37*np#agpK1daNs7JyR6Hd9o@ZKJ>ezg%7j@UkPOM
z9*d^-46iZs4vHnci!RnZvdwAD?xl@JbhrL!Az|NHaQmLxk*SSKug*AfX=%_*u4HUm
z5&h~1>Gw;R#4fsQU?{Jp!5w1~(53YrdYWa`JtDp3cvNz^5%I!)TAsf5@T<5NwBw?U
zDbg-zFImFKm^+a=iZDnKn75-X@tv!Y;9X4mN!D-I!ac1tOAx?$*~>-O{JC=50S3F+
zqN`xIWJCO|JXRR6;ebn5an0dLxHBXH^b)!T5%Wzbk`}Zn$9N1K(Id&{0TzRpG<&qE
z9XdwixBS@pohUbG5FN6^s%HUugYY!*w25vxh`KrqXiJiT-I9h{q;V<}HRPAt4Fg>#
zWEO_P7}O@2cHb+>3XwTt)ru~~KpDhOHvky+-t&GID)%FO7OU(pn)7oJ$s25+;+mZa
z2h$q$8(sRUdGcvw=@ok))z!qFDGzslpAS#KMnN21kHi<#s#U3FdkK<`#HB|~ZgqRw
z0=F^i^)lQ3z7}|$Qd(IOY!N1>8W?lq=NHi&q4qAIjj;>mt^=xUqJYuM()a$V^ih>$
zk2ufj?G<6(X$y{7K2sw-Lta+4xKW+D`cA%l==OB4BCZy$uK>|naU*F#UM|{SCJ`e?`RXSNOQ2}oqY`h}OWM${i|)fdf;bNyNBRh!Q{KiGj{|s?H1`1P
zv=^_V&rDG>!BAE`!D3!b#b{nb#eBPznC!Tem8v7PC!knmT;dX){R}YQ$GH1Cfh{q2K$h9s}V{yu<8UYd&6vTvZGqqvYNp
zp@Un37D=koxTX%e+jk`csEkY&daij{x`eE`En9UhMv9a+>DlR=(DI(s2I0aWbn(I)
zd-N5+4rNN+$@cti1}HWDvc>9iCZI-^+Hb^sRWb7T1(lwxj+(RC;wxGTI_?DKI>>kA
zWF+zzD?#>)L{Q`f|9Tks>zl>f;qQMv>?|pef_q+N>f%jcrh^WzDxBZn07C)|B>sZm
z{Bg;nhk{GOXMluE#V|P(N}1}~?4fKtGd^TdEgxo-ley5!Z-l(dSK}9E1opKWqs1ig
zYaoiDO68AP2~vx})R9C)U!`w{n5~%2rBC)V-ZQz^rKK@=*MXTX;9VyRahV&3Z&p}+
zR{C#N><5DykSwp;GUMCsWr?H08tu{ZNHqOUG*Ku!)2NFb?JQcs!W2jqylb&BJGIkd
zLp#K|aMS}rISF10YdhP`gx+gME;-E
z0A0}Y@!9w#@O-k!uc<4Dh^-aOL;=`k5wfaQ4JD*^>Xv5U6cx-+0h{WUKb+R1x;vFX
z&)&H75CcHq)WOYRdl0dOuMn|?{AFDrbMmU8;ly>h__MEA@xyx&f^ERlVBruOaY+M;
zU}F$p;M~BcaC1q|c*6^?F!57+A%f`;o$&QY&xHHsukZ)uQF;62o)~_>d>{$_2vC6o
z2Cu>!lv|1t&A$T159#F-qz~u|Mg$juD?yATm?dow5G}f5?iJkz#Q)X13A;;{&M%pL
zg{_Al&_y7LIEhOv_XO&z?OPX237&;tOO`GmS$HKQ2p!-}P$=8%L#xmnJX~M{79*ky
zYYP!T5$pl30tbZH$%iQage)hxjh>s_>)5XdzDXcX3W-MZ^J5$?#+ynhP(3G_#P
z912TENeuDrnq{@gTTv~&AMxu6GKRPO>%8B5
z{ZVg5_z4@t2;gU$EVOz9C#;qOo|j<3y`ol
z-jgHiM^%m35wXhh57#`?G*K>aoETgmAKeevZrdKy>zpsED$~&beBfCrdSZF=$1uQw
z@1mO+wxSxpHb!kg#ZYbYT6g1w1vyybuB>83xvctOxlv-@Zm8FNjbp_Sg^%|hS-y8u
zjd~Fn0hROlq0>mk_ch)3aHGr?A>%^MwWab?&H_Bh9DHyB
zQ=NNz-m}`Z`OcTpC-3KqNlnO_vi0M_d^`Hp$adJ%o^`Ji2vDM>Dn;NTZ9?fQ7=gQ9Q1|HY$%w~rNu1D$Xuc(
zPknrA+wx+3u*24|LmG8sI4hL6#nUa?E5U_+q#2lqE9Rr+p#}nTt-);uM;xgs&Fi7D
zaKp1U`nSFNN`=@kM@eU2!nw=1xb<+{-I6s-V
zG{6#hZuC0!b_}k7%xFFEG$Xo(vxsr`z{(sxG$bJAh`4AR?en6>+=JRepQ|F#TTVdHoY~AtfwsnXI8FT3q+CBSV
z7s0}#{hn~u^RR`k@i?Yk?d%+-JW7Bd0kMzoj*&>ohf8@tI
z0L1IrPL7PKNdFzRyR2oic3`F8-q7+>kwn?j=C>hhq#?DzBica={r+3uD7JK&Uu*Tx;5Y4znNe@8j9NbJ
zv=K7G+(Z#FLLUi?+)$tCrfUIf8G}_K+*}b;yxa^CQ~cbo5U**#_Onk=!`70!_A&0W
zE^u~C5hw&%NrPRXZAnLG{fB5CyMxZ~8Fwe7<0?q|hC`t7rA4~eV%ab)8y3yX`a4pr
zm5N~^y3797*JPwPzINyo!r6X
zvzH9%g8BQ+qD!~{B3RuMaxuSQ7;RyYKqVkIugj7#DIVB$rT2mH#46eqqI9pgJ2TnE
za%iU1SgPpb`-DIf5%7Wq=22%dOr5XIaZXwOP7m#fiUx}5jX|1G6dbu*13QgazE}Mg
zOCz8pB~);uw@7M%t0;F?YYJRR=|uKGSi+BQ@5dx%B%O;RN??K&m|sfW2Mk*LY^gZv
zkpZ5vDQ!4@*^OTcX+JWWQQuZ$%$qYaf*wS8Jp3dwV!5+y(x2{^w%7F}trDe>vTb&X
z!D_|2?P|s|oC>`Dj=-J6h*P({d*R$7^@}X45-iJO*PxnR^VdaBJ{PAh
z4XxgirgS(hZL&pXp#iuBN_Dvl{n7_N8C8)5brGYo>_1FGUXhv%U3gf&M?PAKj
zd##)s!g}c71pDcB&GPiHgPyX4AmY$wfjZ+O=z>_+tU?3B6X=4*dIbeLddDDQH{+y2
zL=A;R`i`H35-IK4loGG5yrdFHACaPoi&uOx)cetJ@(fcc&SrLbXF5ELZftF#Mw3Q-jFQnd_g%RqFFU1LQ
zEb$@nZ=GkQ0d+K0A_>4Kl>AVolst8lBOU*F7%!S)$A*tsXgzA0Lz`fuST50VD=&^>
zZND!aaX}PJu7SQT1*_D`)S87`N}k`AX)C5?K~|5t7|)3gLFFP-v&FT~zmxgn^UoS*
z3so||A78t~+Wr=8{DTU){~!S6#bkw~1nHP*|1;(&P?NI27(((IBTAC6BdS!QbCQ}>
z#$1R|uH5UQwJa#Uj?!aDpc;}#8f%O%NE*ZWi4PRZT#oAqga;~rCtF|i5Z_1&i#U<<
zy|fhchqfEVw17KBv;+-MXts%OCdT8$B&Bg_G6N(zZ#vq=(BpyoW_wdzo%hpO-q1H2
z_zP3oQzn+e-=~>f+>VPB4Ws8TgYy{&?}1JG2`d?n-lOK0mQJY(`)&)?&MOLwVT%Wq
z8k|b3u5?fM(5b)-+S7wXUE59Kr#V2HzkI_6B<#Z^tjDJ`JL(k9Sfl+(A=PNV{Q?Vy{aKT^
z`M`n9DNrf2l?{wCc<{;dGPgU1p8nda{6X?<&Y?4C$T}Wa|Q3VujArz%9d#jEWiv^B`h_V7G?O)q9wmrRiMM~C+MKhKx{KVO2
z08awq_B9`cIK{tG3z&aOO<6Z-TQ`o9t}j*G3c-tpd3t(v9Iw}H36;(*PJ_46Ub2*C
zpqp_&oIKf`fxXV*x^~s5-CW4oU)SK*q0q2sm#}bKqd8Z-(eTVvRbah=HZ@
z@Je|)5e|)N^|!^~W$T|dK$Wo@r^u8um&$kMJf9z%lr9m_)~77ajb3^^_*k7eo1HgB
zauAhs+gKgfNiyDr))tc=KR@{%c4h8ZSg_wTKlgXMEA=#}88ObKOJ>xlD>jFYglQPZ
zxH-eRLiJvfZBX@ee1IJ>g>WN3n_K<7{2Ii57pj`qAlDI_%=Ih@VTGa2i_*lC{iTW<|hW8$3;Q-?=CEKy?;
zoF7q#$38q!V-6ALaqRuN!~TSpj;4rfqeXK|?Zp@7DySifn+=lwOx5HBFn-jo58?r(
z7TyLTtqx;}#xG&M?T@STgSHaZyrYZZu>Y3HnK~@Ao~@q-(?nuN$6P(qt@BF&rU~V0
zF|P4lAy}WV^8@ep1}fP|Ym$~`3Z%J5TNcyS6b2hBFy(9W11#jM$a&0VdmAs5;P8$C
zuyih4?#WSz$3u_=$&DO~d75>M7Non=G()vBsJpI($U6Vy#1y7P}l{D-EsS!MbLIu}z
zR6-gBHt|QHC-N#IBexffYyGcwAG?Vym9<@d&TV+#L`Ab1LDhM{y2iB>)wTqwxf7~*
znZE)6_Y&%7<24>dSXhyCA!vD5xWA(@@>P=5wTLVaOMl2M4&GB6CF_n`P}kN?R8WE|
z=Z=ei$Wh}gZ!0GPQp`+)<2O3@B0cJ%miF=VHt6WSLeJ_MY;n*gHKL-7rUkOR)8^b2kEr7??GavWZxAAv>9aopFcat
zh#pp0c*Gz&KzM-g-9f5Wnj2v(yDTloPM`^uc6*XF1r=y8U9xuspAitg3lOas-WdXn
z1P9kRLlU!Q*#iX?#fPp5*17h3^pY?ozd*jUuV8mOhD(0uOufKCvY3MRwfDlIqWlq`t#
zKd$>=MP2Fgj=fBP&}qxSwb+H!J*UM%8DyvF13*R92K{%1a){S
zXg@WmEyUEZG%q^)*B(WAo65{W2J4MKS~%6jXWe$3kf`Xmxkf|A7z+C7g@lI?O(d29
z#pLA?-IKzWVKQ(9P-T0D5R)bLYXIZq`6&;CaXjEP#K^LWs~Phh^f(h=mmK0IPAhZh
z0Ukt|qsA1BI^B)ahJeTwF1YF@PK8UxdzUGeIk5|B&7w|ix5sYqcWk#`_mK*g>Qj{^
zlgs>&!+e%Os5Fzy(i3`sWXqUfeG1xKq81Blb9da=+iA+Irm$tmPP}o-Xzu~#JYA`_
zCp`zG!zfN97@`hCrf%{@4#4bQW_wBZf~N>$Yipn)6{o@M`ioAbM@eL7lT_UB_&geq
z^8L%dk*&1!PVKx%8Dy0++22uK@cqoi0BUdL+4S@HX`Yv=G?rkM6p
zXXldQ_D0m@uKc`ybvJ1c`3`pxgtVV1*G!^}2$S(vs49mE1j-Q}YDO~d%>O=<`+@Z8
zu6rvhx7P0uCFWf(X{9(Y%KT(dP_E~p<{7EP^5~Ccu2f_C#rKr@zGAlwWmT5mh{%3)
zD<*LJ-V`O2zJVz&m8c*k2)Zbj&NfRdANkpnVZ>p?*Mi07k$0J2AEuBe$PF0ztbW}g
zmsZj`2skt?ZA_PrrNIqg|K*{3wo9;w&LdDl1`f&tUrP7bK_7vmv7qtXD9*}RI^x{Z
zJEJ7kQUx!~V8-|jT$wI3p4$$*h`IqgD*e?J>IPQSR0t@ITp2j4)GuBNDSETdzpqjD
zI}*jOAf+7T)LWHMrtXCGp)lht8$AlLus0VaWrToTgAoDa$8b$`o+pTJrq@T<17#%E
z(xc|tHsCZRKD{}e7C(nKB_NB7a4`KPMp=0PRYbJ2;xjLASnz85P`BTG@6PyLXrfnm
zJO!g!_z0+NeKYiv0a+by#Gyp;lDX89+SU4cuG7<;M_!rEaC!_Q=I}3<>1}V2sa;l;
zMGfWq7j_@FzL_$Rd2XM_KYYZ=97C`?{nfA
z(QqHdg-$-!KRXvlw|?_n;ZOTrbPLL3G8B5nG0Qkjt#Hg;F^Qjf0#}G~$b&ae5%2Z>ZqM)88+6kV;7g)KiZl)g
zfH%)X)&uP_34?zYuS3De;tPQYd=VYcby
z)>IHcd?r)v5;7dNZF=a7(7=y7jb-~yt>aiT9Gu5MUo!C%P
zwknXY{WBr3$fa|(Q1VFqank*XTNgrpl2+n%nRFZg>q?Jy+1ao$_2vL$_dyw8CXB=*1m&<;n?V&91SBR(^N}xnZbzi#htbHO@pdzwL26)NkBTKMCO9yBM
zZ1SYiLM?id`yIpbG*-n)v}%wHd@mOGGe8y>AKyp@6qoBB2K{Z~p%<*SftpzTYldoz
zFs4l~j|6FoNr1A0Rhx}QGwlB72c=slMZ>$0ZPs7biXKDLjb=@Jzn`ACys;F|IhH&j
zjzs3UpzkS(xA-|K1FZWXDAul;rqzO^YjfEBhs_+Phn*I4(k$|!;TTJ^XLyf3uvkSi
zRk8HOI65G!SUDQ93$p#Y%Qjgjy@EeiM^>%WrQx6jdTlcSddQvG%kQqS8vN0N})+18Y$ZcT*YH@uAu=pZ2xRW;913Umws|
zVwYSUKzF`&oRUE_In?*mJXRGY-f}_{MDl{~i|T+bX7E}WtG4{wAK(u}vK|anSKa0Y
zaVAK_#N->N3ZGD?2Fin&g~JgrHCvQBJHt@lk~)#YmBIp-l=c2$E$93rZV5xGTQHzm
za(m+wkyTAil#1?QA&%#)TGQbLYyVt2=DpTV%89CU5!s48y#z_Ro9z)>O-&Ic>3xpk
z11mC65WP6Nyg1k)Y>D!kpu8I9+;MW39;fTOa+HA#wVv9=m=Ln%e7hfOZXdE@e`+sB
zCG}Fs8!u3#g6&9IjJ&gCzWCr8|2RQ^J73i!FeiAcp|;e)%>s~=+^-!=)-=3^Y~ztW
z{1jeuVg!2%4;3j}ZB158#9vn0R7Z_RwYil;$c6@E!;yKIu|i?ttE8vZ2*nK$KrxZ4
z#hs~Ub+$OJSnR;O4lzf$H@I}f?;6WsbsFR+r&KPH=_&JIPsfwjxmJFNZ}$|XPi
z+gvBaw)G!ef3aq;x7=49T=5s*|3BBl@%?kI|I2&R(=+~O|6QPDZiBFh#9daFwBOLt
zsj5>4UxoTJF~UF}mYDefixw4d$yQd9mtV^QO^tq*|13UeH`$-q6trGUY~)u^30Mx5
zfAM5J8c8&oXv(C+%P;7;!iph5<;SmFz|HVPDQp41ZKw+!pY%*(agW@pFu
zH0|*3yi5jw#ZkoWZ`Z1dA+KK?w4w<6@7>MJwT$2g5du@D%BQ@N4=twS%V0-xQ>Jrk
zwGM}iHCKvy5)9BEj2>g(%HsWFL;LIClE1l9q$*cfn6CeBw|g)Bz3>B63bM`~Oh;W)
zfHo;RQ3t!n!|z+q4?lK93*p%fLZ23zW_=LuDx~feSc(35;qS>sxl;c4HtgMyaYE7A
zv>=kQls-fS`AACsCG|!>)O?6C4?gp-?vX5iP`>}hyD$^&$UI{dcWMQ7s+O;15E`CY
z2Eb=^VE*Z^k&zIFds5Et&zYeV8eLWQ#l{?s)A-C|EhAhH5rjy4OL(g*xmoy7O@`#l
z$9$O7HfevWDthMO?m1rDcR3{_gpznq9C)ZF7?{uJ*jtPRu<#hUTj9KLar|z!Md0{p-w>p!vyW5rC;(Df
zQ|3MSp1zLCRvW5TCBjmh8yYID%zeT->~S;B-dI_Bs9jz_Z4Ix0d92)6w0bS^u$Q3y
zyfmY@z~^-GE+buAr{G*}sPdb8ajbHHCDW*j>qQLgb)Dk3{KM4SGf2w3XKqpgq;}?b
zAyx3I+Vja!+HyO@rQs5Pl1oTMm#Y<&x%a(WwBvJZ7Q_A3mT~!|B;!aR_X&mGls3ci
za+vE0SJzqr-;^a|2CuUt0)y`q
zpf+Gxk~)3f?XT!lbme{3ErCc-X~s()eaNWDJPxV*EB15~SQY;6TSKtdSRQt}tv-#@
z9N-G=v$2nuXr$L4m>MX)AHxfl&85lNV3tWuc8ErjPs*JDb@a4h7N)@BBZ-FD;pHR%
z*tHvwE?dfNf}2R8z~Rm>Y^Q>XRtyG##ff1@HAbLj)pw}oT;
zc+A~nucAuTrK6-nZu%<3T9ZF6O$dEOUr+ejwx;wGboZ60#CogJ_;q~>AR->?W3lDe
z1}wV$liav;th5glM#Ecf%`&*EsfBXbdm+x(1~akezE&Ken42OAh6gNgvvwUfI8KKx
zS=yh6W+wDM9Q0Vhrz2a9?lP2)-B6hE$SNF`d)cYV9K@V{xkrZqKjJ4rY6Y|pZ*lJp
zpbu>u{Un^0$*MV4UW*-U1C!woOKO^xeC}hE+Yr9pi<)M9HcBOenIU}6V-(qlRJfzJ
z05gv+sjgw+#iyv-ipC8O|D;;YDOm21)ZTrb6mpk{MK>_LHdW0BYe!dS_sFZ3%8RY&
zL;1Za4s_?{uIe3q)q(vka3TY6AE*~UQ_cCEfeBwH2N|$j(W5(16|1_A7aD>!9eTuT
z)WB(_LwbyqG+4T9jv2h>YPEVUWp|Dl4+DBB;|Li#x{4DVtm@1zs+U?Fbrde0xoWN)
zh*lx^6}Y-3qtS-Ibw%v5evF#SC*p@{ht+HwS-0oDa?%{SmcLg#&Zs3S@8VA}>+4q0
zOFISZ$C#f6MMP^pR`FP)6^LK2h*}qxB6gI%4%b)|shRuzF6kF6BK1K7Xl|%Q%qw>%
z(Al;+@%>%YFPJ5}5p0&EoDf@aqQ!=Mk&7*x1iwt3;{q3ISV3%ugC4pz~<4qN_IXW!5Y5t;pT1W0f93p25L}Gz*Uu%v$p<3v`D|od1Wmw+yN)
z*tUfO!Cit|a0u=W!GpWo#@*e?#@*fBHtrDI-Q6L$yM(~o=bZc1SNF#~_0Fw&{GryA
z(R20MU2FF0o}>BgpDCz)B9KYqeP;SyLvh~S2=uXzMR8UbbRNg%8oMC0#za}m?E#7@
zROHTI$HxjVS!+l$sbth$GNjveDdgoefD>+^jQsg@94>>$0rHeZ`#->kL2UBnudwE)
z+0tCUV;2}h&{C0(&bv98P`dpv75dVLsJ;0WX|6^t?8b%Jx$BRqfTx~vbl+5T8^^=l3E&Nq$$>33cuEdS4r
zC_+Dv_o>nUzI`#`5Q^694@Ez^WeaP18xFgBhTHS;!)EE(7SrvSCSAH|LBqMd3q!rl
z{kn9QOU8MfOUk&1gGTToJ}~%pu|v61o~!%J^^Z&_jHj3*6TA+=`)|2K|CgB%2j{=Z
zgqp*mDfC&I=?O-Mz9M1&S0+@D77+AngtgwJD0qbyb$A6{&H}?CF(HASUzYT{3Y=25
zC96CsTO8|!%PV;{nEvdxa9*lp-i7AEWsW`n=)78&=FOrc=f=Hj)4R)gdVg#2p~jCD
z<&$e1RvvA}=>z4S63^~gxWt@Zx<`$@wUs$5FIu!oQqXy13G8c9QVkt(BAfKka@-wd*}_iDGei+^9&3
zQ~|UM<|g7nqm5>tLO(@rR((kFWmND%Y2G%8Zp_9}F|5)iovWgQ03{}+k#VJUf5dAo
zZA#!?@GCKd7c`sTpz$lw^A(L7#AxQy6h4(x*VFCEh$XNXtbdn?_htZRLXk!D@jopp
z?7x4C?RWrZLRA7zs+Lx5!FZ&`0nDz4_+vLj5LO;@j_R6<%zho#Xtf7LcxIc{pBDir5Sd*K_H6Wz
zaa1Rfw{H-10@wVx>h%@kN=RSypA{vQCt*(45BsUQsaSudnDQp~ap|I*u^v_N6{uL{
zkW6PfSF)fc4fK1<^;I1v5moP>o2>L_C9FEysu!GLv)-Tvv5rpy8BoR)>{3jezP3e@
zK}m;e)Bzl5a%Ib548CjbK^JK)Z)oH1_mKwm3Ju+SgNN?ACnos>gIp`S;-ZD;S}zcxUapl~Q+k
zNv;Hm@V`5Ap3Sd)(WyepHO*xF^@zUy@bYuJo_vykv!3li!+RB4{Xx*1tMLlIholrH_n%jGj&Rdq~V1q=8CByR~Dp>F@%s9CIGxa4egDZC
zy4&8SLQDf&VoQ~w#uESha5W`omPt47n-tHV2bn{J$Ckb}a@kX!rQtD2CIusvLrM_H
zYSFmLW-8dd-lj|C*T9mmha1P4&kHyc@>bzWzulNI2Yslr4~A@CF`2^F;DOFxZgf6O
z3ePb8jrMbM-(Wl13qNW+SW}A=@F){hdC9`FJ-VXDmGxL@*$Q>xq6GtE<;u353U=ar3qs0;~nuPi8WcBeIRCo8$v+OtHU>wm0lhos9xR
zZEUfvzzknIlsc)wyzB=PqTg-a7_R4~jj{2a@g_o{yaRGB-`ya!kRLgSuDM*lf_UkOv*CYbYL2w{C1Y?>uYM>-#?>G-fbGjFE(Z
zt5S0;wSdADy#+2E6uSFK{MzmN&+6i2uElF9Rk9yYnLXUSU^jUGDwpa$WAh@)uJz75nH*|S@rIs3do>X5h1(no
zO{n_&x$*TxXV}`yn><*qgrdAGWO8COic7
zTC{kbm$1a4Uzl~6BJJ&R0XhVxEA2!$&s)}J8P2HXd$C5Ak8$by5&h&e#*u;Bz
zoC8PHwoyZ_;LpbrtN9zUU`_bFM1}NHMSCdWcr(EwRav&Qyh{WmE=zz6gUr%+J0Ijf
zGM_SEY59BjgUK?t3boO;ipvz^UHMZ8SK9P5j0l{9mHZ_Ng$0)u{4+O2#4<^#PDvV+
zJdYKstoK{Q_BA#_L*A2-Z&`-C7bD;F40&%xHZ%o^yo)rw)20OHw6oy#J{9R_F>XQ@
zxq2v4RRg_7iZGv}i*0N?upEYUaxFD_zY9&gHf0w17u%p5>4zGQG`S!Dx=hTtrk(c{
zyA?(~vekd)tM*naMAZYN_BXDR%AJt7{DA%;{R$gOI7eZ^X~LuBB62uuszR86mra$(
zND{8Mm`vWVQG%#&{LMuVk2g<+=Y%^!WG>xZfre9##_SZ~SNGttrdR|91@x(WbJhUD
z$wsJ%hk6x35b5gyJWCFINR%#oh^&t}I5Fw~k|O%k1{o!Vjgx;1Se2HM#c
z&l-*Ws(zb_R{8vdw)sY5#Nm%O+ixHY+TE4}9n_Fb?G2-KzHt}C=6(l(^P;mCnmrpo
zgu0&}pTMb7G?>9x`2KDg?dYZDNV3Z)Jy0uEPz1a)>`FpbQPYCgDW!)nOfx*R`qENHr1IS
zX)0K47TANq3z{~}f?CRc%pv)rf^jS^rv4k_iX7?k@(lD_BeIiJI4Vf=7fn?x&mn4h
z9Fn-d@~<&sKaJ5Th9HE@Djo{)Q}@Xrk%#*2^|ZS0@t$I*wUjd=mP14qr{?x)dd0c|slf-?jBHkg~Ut(MaRQu%OK
zn(i&NM+ekqv&$NNyRrkpyG^yWE7aU|85j>)KA8mFIq9a$_cU*_Wmr#Lms336m!Nzc
zIVrAG3fn+=eNMyQCSxb0n4d)1xS!$7r95|-9A6h_j|kPQ;PFVQ&+~4v6!GB$+}B;%
z_ek&Iyw75Oxnw?AJa^zlbva~8&K`5t#54S1Vqvl=)LIeIDLUYo
zLOY3Sg!;@y#E6F4{wvZWalCL~U5}WY_}h)`J&8@k2e@8Xpg9`xi{tmQ;k;l@;2kzE
zdfAENaEek^!IhDY198*sbQF%;Z4@hy?4KU`Dhb>_%A(Fk$3m=~>DSMS3;L85
zt}K{sr-BLD4&rFNC`%RSGRl-+du~0(cyDzJIg)Pq@j=k7Gb20FZu2>2o>?N!ltfL;
zV(%HPu*Xc-Alm-YJLgwOo1Hmmld!o;7O2~Bn)l%-fbkk+M)mqLs;
ztPWy+{drG}^``D_^|${c6-6-X7U_-ZAJR5_ClsQgU9jCI!;xw)wB2?W>^*Qm60~nc
zuQXINdJ_DgAbdrwGPPP+KQ!AW6{x!DM)7iUIrdo~b+NSHUKJTCx;YY`@
z0>5(vwZj}OzRCD2?a>sC)$$X-?^r_
z3F{9HLrr<1l0YFu`UuY{cuDD0iV(!FklYZX6YdkE?gcZI^%jLQ0xdDofkol^KrKuq
zU}HF`H{~<(Ki(Fp$hzoN;IZNTZ^y=eK9B5FqZbG8QZ01+8_AH29Sum*Fz?k4~TCL500DVkj~rMDaJ$pPNgCq<*QvmeXMH{bD7
znF(LF8#5L%Gu|@40g%r;K}Lb3%d(AU(xp(M&DbrJqPyDGmR3p@RgEj97xj7mg)}8+
z7wxvR;JG;_oGO2
zEusnL2Zsm*sb7G4yUkK9uG{`4O!Qy73wL|3a4wg%DemkW5px8Ki@eU0V2#dGS%1+F
z(e=AaMhGQ7m)0Lsm)?T8&Qo_(s2}g1cs+hTlMb3JW_vtx;BAMN;+$+LoS3=n2<^(M
zCgW4(j)U}vw&c~P5%IJ4AS{y0E24`ZUNvO6qKl3Ebi>Z|Ink(c@|6(`eZvkGf$^B?
zj%E@~a&jl5cw>Y53_`^jWN%24oEkdLp>Xl}j_d*nr*aBN6tJ-+v2ql!m;zwR-tgV{
z{N3L_yrS~G08Q^o6{6E_Y>i5nZq)97q%R+v+Sc!Iuqq2T_gvS7Rhdme_`nL_0G_l#_wwtAo!p{)&=>48=%gUh4B|8KXUB+LH0#m~g3Fe-c=R
z$QMU-nD>`((yfDObxc;2YZsJCUm?b<6_nmZGpbiZ@i1m5v1XhidU0%dC=FrVLcZq7
zi*Q(tDTTm<+$tLlTj};OvIqZY(Gg+j+puC1y$Z4R7`yKP(|w1a4LCPK$2JS*(^Qx~
z;J4f2w-Ii)&;%y2c!V})WvHJh5ly9bD_FIv!uVN?u;}1x7CEsVej&q$I4*qXwH4eZ
zH+?>W&dU~IK1b=N%2~X2uC0RM0I6ePrsIk%Zt|8e9!xVd(aJ2HN
zsW;NlkjJGl7AcZC@b(S`goAlO7mP|Fls3+}61dG6_enWSD^o#|O_dd*wMjwj^0yZ3
zrB?NL-&U-nDY6_FU9hA*=XVAil8}0jS94S=4s1|2;RyzE=gbeXQXIY0)oWHp=^{>b
zMai~I${bcIcyB0WcL=H9bzE|kma`Pvj}Sfz3Z6g-xD0ger1~a6l5NshWz(
z{28mw3VnbBvWUR$ik-;_Ef*vIIHA!-t3_e74bnDgM#k9)E?HXvIZ?U2I-`?kwO$pm
zqudU{rBhf8>Hu!`?&w}c69%47DcoH8O6OQ~!8PXuwlBVMI%eZ?R9iA7aT+CJ=o-3{
zW6l$A^mGN|)VK=KB5HO%2bz5whLGu1>c(b$*V*Q2L)0M(l+zvPi;6~K@fTUy+I5&r
zKP!-CBVecFQe
zw#fPW;fNfGBQ#JYf~nn7m8$QdCGkEbs{f|k@bF!p06E`fUFsoa9LV+Jn^DyRvP_(P
z8|yyVM}nXa=xEfk;CK6XBDlD>I?`si2UyiDQ8$pbj>x57`Hle)We?MNg#g`0MEm$Q
z^e?($8!5TTp(8(8&|lLNYd^RB-0l(jUV;Q_(GTAK&5hbSUaQvMA(6FRQi+NCujXRc
z^u8xcURTAtC=tJqA|$TdZ<+&!du3C4-h=@_3KA!hzDsVx-}!JGeA|u=N5d7{I(>hh
zXpN|A*;}lKo|esCvStU6uYwdx)QwkkH73~ZMLwo
zqmJsQ*sDKR4|Cg{Pg$MI=>q0vm(DpyBe4v8>~eJZ3TE1Ec_VhjyN1G~yTss%zQRD`
zzIIQSsHjM|Q=%`pm;}Uo=wCMZzH!cxQ;@OKlTi#6dR3VMCHMdAa!HN
zHryjd9{*hENFK2E1)#m>vnk+)`5%{k*)ir}o~$Uhzmwpo%dj0EIj%ND&wmj0VnbdV
zQQlJR>!1jx7N;#SJ^g~GMi)xVN5{n~I9bd0oMw3}0
z#JX;}Sx|^rkQnSxNYPbkv`i*`Rpi*z;fFw%;O;JI{?FaTLec&9V6lOvQ>-s!-quxZ
zY?FBQE-1s(G|dgpVkRJGsc9!-%5iTmkCYpyOI&P%eY?V46&*E%NVv$VK6dX^m~KR_
z$mk*WYR$&r?8EZp`bGZ6Ik$|?l;HMb)2f5o`G|^ATKm#fE4=cyf^2ogCbc0$SEUy9
zrbYTjD>rR723Wm7l0xWCqWNzfjds^US?E@*>?lzv=hzqo7({`cM%uw2yOT;TI#IAF
z;@S|_Rh)uu7C%6Qnuw_dwpJ^at{fyfRWa(*@^mFwrJ)vpQXVV$g%b(c@%N{Zg|M@Q
z@NXQ=iy0P+Y3fiyhdtM|fTJ>lE1)C`3u*6EUHnulf7VHPb|l}r1vf+$WMP2_88BUa
zVk7QjzGw?Ew54qcxK&L#1#{l%&fNtuA0+e2XF{%jTGLb#Z{OcY@84-r)zohp`oz`e
z$I6g7-fbWDoF(>2skv=tPwGT#ga{4Xl&c4
zslyPm^;ObD7xY5s#mZo;E2auiTwb7VETAspn9(^CoiAsK5e{3E^D~&0(4RFR_^z>I
zmP}d|kj<&Ni4*$-9s1TaEl*IvND|^L@A5C^c1FpAvh^qk|3}ulj@y15Ff=|M%4wST5k*6)@1{EA+jD%igc=
zv09I*Cu3xUV5i0Z!^1+i0Gu@&^U@F9e8vyc_hqkEffXqus^$J=9_O{5&=NVE@BI;2-rskE5osNaHrwB4S}bNu6b~*p&t^9J3k76}c~yJ<
zm`!2}AI+C?iPjxWyNd=iICG5rxmefZZZwm#_t+|#lvtT99_K0Zy|*CK-Kr!1a+=CS
zg3NWgm-3}rU7Ud112A?bEGY6g8DYTB+G$WLIDt$SseI|Q4
ztkB`KJ#0sX8Ua*cVgkM4U=X~T;rc}SOP*bulM>+O{jYUvo2?Go`BrNk^?+VmJp%Cd
zpb~00p+hv3h}r)3H>(54
zY%*R^P!h%6qRl=Rev4jzgK!TP=^4iLo5tnm@xVaT-hQ`><^Y{)-JCc=%)3vAP*CSU
z+CbPN;CxqC17N4g`YvDP{f)ygpt6$Wjmu6~9GBI}M1otn;}MtUb#G9ZyTejNqb!Lb
z6Y;*w(U@h!a@&u9+jJt0$V<1g9rD{&yDOHqhZl@!Ap({WX>64(XY1)c8-z_2==|$1
zKySN4jqSSJjNNq3Dw^Ztxtm9uPa7Bg>53x>J)Te(Km8ARMtIY!O+G~UPVa7r=}^?^
zz^8ms_#K008>k|eGdJiV3My7OL4QBwEXxH8m<{dr1=yv~Py-+ngEl?vnfuk2NItcK
zd|yRe9658dLazI@$H5qH-26~T{|kc-nW0IIe$Cf<#e6Tci_0x+1YX{hz~xBnrl7#H
z<>Bv%pJAy)e@e#2h;*MVAN578tVqT&*>8Pw==A$5D=cpk?L4$#i%lDbyzLet
z%s%*@AgbK1auCF`vcB~kYBfZBZ(DC+3Vgmlp#_0wILOkblNlt5e=G*n14OO6aLfjCxoy_up&b4m)?N)z`J67~gNB;2*CW6d;
zzmU}L6J|}~tRqB(Y~KFN2t|nvW-NRh5U$xW-WFc|R#npXaG4p|BeA{C_jNcTz9w(p
z>8QW9t1tXLu3>BPYZz1dA3>-jD^@%!WSb>)y9Xrw&!QS`n+P$^FdqTocAUBSYDeu#
zacACD6u9Vq#$-i4r|Vx3vZ7y5FOMGz^G%hvI(A+S?&JX%w=N7lImpD!Rafu3wKFB>
zS{`hD#ZVx<)`m|uCy>02(bMmQ8-xlmA@FD3Od%TfpzXd5KEqa)t_}>yBX>=0;jNfr
zh5lob$j9CZv&&*b`MZ|8p1Vg2nK18HLx?1QP6~2*Z#+e0keRzZs+`Aw+cQ6}0alrf
zt1kwq5#&T;x1i$PAL@J>zKZqDl4FYHZb3K&c
z3l8F{ka+k)P`+-aF6!=Sq-bY;jBR(@HMdN(p9A;wi~_UCa~_i7Q(GoAee75UEWUUP
zN@$G`n|~o*tJ>&a>GL2JNf&E}f|u^gIRp1Rs-a_=w)z8Ec35ht916z8KcW
z_On2Q7j;k5XXqG_Bl~GCk(o2^%$<>@1e~9!h!qfvw+h%hSr0vm#|E`q%+IQxXLuv0
zFP@YxnL77h7oO4%pzLKpoiNiGDAQ1-mzS6DyQ|A>y$h2{GP^RH;aa5r*ZaJ+_7g3X
zaUG|XJPzfWAK2GUy5(;Uweiz%E57X;rq3)_Be>UN9(D*>gl~T6tsBP;Xb7=#ZIFm=
z)ny1zX6iIB=~VYtNb|9-$B;zUsMmo4WH+Dr*IXH?UcSpQv3gNDU%7h+}6
zQXh||qe_XMo)_Z-Sv?ou9r2urff4$lMDtfjtVWJn=tOiZDpV}$zVr9J;1Gel-P6>q
zon?nrmR3ua6XK0c2QO^ysPnl`oCgfe1TdWN<;d6yYtun)rbEnO;Y2sk8X|v$sr_-)r1*nz#8YwtSVKRn?7a96uPa*0
zfs29s?|=>Kd%)QhWk!S~lJokIt1SMx%uJ-QCr
zLl+~a1fnb+Uj01olwa+wp2@b2+ff;XuAnx5h2LCFxOFhj&PJYSZF$FtTHhqYg$yOW
zKvW_Sm=?8JziwA7JSb6l4qWDAC8OeGCTkW4co6zIw_L{{q0HXywumAkcUM~xcB}5y
zsJ?AxW_EE(@7W7Ub*P$2o0>614&9sZFCF-5&1VyMFwSM0_xnH3D--WuiH&BJAGIl`
z^ChE{59FHN`rZ~*CgN;Mm2NMsu)^z{bIcrTc)`F9`=P|tb;2+#vwM=hqbYP!pz7z5
zBg6LN0%pg1cRshe3SG|dye~IF&sSH)_5*@Jr>AiRSk>pJVOoQW@blw+y<22k<8!mL
z#3!c~_IT5_%Iv8g8q~bMZ)dg=j*0>ef+I_?>>`58F`JgH>`=6taz9He&A_*uB)U!6
zdLbv+^6L>O*p8R4c}#7ih6@?1`5wk@P6gN;H}~`Yib#C0VTi8iZkTmn-&;
zP#52HaxX(ZJkiCjJYZ&fRUj-UF=ixm37PnvQK05-+R^Alz<$M1p1QbTRjjX$DrB3H
ztQK*xbSk^()Ygu@Uc9(kwm7V{h<4@Rx{~)&osVif(<~mRq
ztqtcZQSQoT2~qCqNHo#{TXO>Z?iYV|P|oDG*r#G}9{IOUOk$75gQO@NZP#9`
z*kaS2*NJ$i*%*Rj@R`7oRy#KP5qm|Qzp4tSY1g+)g#%WDOBds>Zn<;>=SWj)r+5UX
zNnOfa?Bj0vMK}28YzxIU>ipJ1<%+Uzf3(1(izPV;sWny?QJFcf2yn8qosnpJtyz}%
zYnR_>Y(2^7eMjV~`N=rM}VHB&R$}^ifl!G$KT}z~`vhT$)!6#(0>bNWjiQlCEqE|*NuE{WIKBZ|;!+bA~
zFy1#!*QW7ZR5GiiN~_9vc3;frEi`cuUE<8S}e?R@vK
zzv1F6{c%8V>-D~txL-bdTT^3RKl^R-sX?fuG&3W|l9FLExsg?6?xZHdl5Ih5a;7mt
z-Rv80`dQ(i0oFWKd1gjY_dhNRg4-fe{MA$w@0Snx*=?P3QrdZ9)iT*G8vM_v>q-A&
zGZ4&O&D9GhYjn7nN=8DzZZu`k{xxDw&o-oLi0n0S3n?E2NO$APno*~Xo`dC?fNt!-
ze_H6Z{L5mqgb_yNbr8VX;UH&*6F9oj_b?nUr-NM5n7w9VM#rAMS}tey*wyU|)7xSb37eBAPov1$Qz@pX9iIcYfCGz{1C{e0D-Iw=;DYfT{Hsftr
zFxzH|a`ce%)TFfgTgi5*ZKG7TUpCL{_%>38aX(0Q-E1F~e`I}5VTa|}_
zkiYf&(DZhQ`@`LlIzPsI#?^4+E+sRYCSc`OaUyC1c|PW&XJUZK$n5aL&}>(LnMVki
zo;+-f|HfRh^OvRJhAHiFgM^K*CNMp)yKiDt18}%^#O!?MnTFznRYIQo^JD-AaJW00
z=J~=XYn}s4kM$p(n3hX}_As0PZXhgAc5K5s}sKBbkrx9-<%W
zFvdPgW#06Zl0~(P)#}49q!0=_8ASx7?0K`u+-0SiK2yjt5k%Gd;G6M)mne>4%%BC~
z8pyf>wZer4K@*Vx^<8V0%3JOUEB?=Bu7XevFiasQlg`FVzfsbfJfO^Mx9}TKas#ze
zxd!idu~^P-5YrxBcqd?f(U^();WVH>_1qtbvJl*vrO7>8PLu@9MhOky?@y&ozHm)o
z`yiXiY{4{OT>(#~V~v^*`Iy(QZ_{i&1t#2nL6~`OAvAmz3dieFFod~HO(S|?o%s5W
z#g^u69C96!mhC}1p(u#dz*ZBCHzZ{2RyS}w25S^@Hwh_v2
z^S8GKtH5W+K7gHM*b$I9NQfNifC#St*`&`wKam-D^fl`DAGpG2qdp74fVdty%%N+5
z2${Vk?zl60f(MczA?nwtqd<7fR;J#88g#1Lw;+>C>9m1ibgH}fAlhG?hTr^!(}uXv
zOYUrf@ZMkysq7Wf2H7yo?kaej_%-x{}kJB*9p^77c3pMQ=!SC80Tu2~Y6s*(b3T
z7T1@G!Fl7*XSM~b1+x&^94Nr8d%zj;U5T#rYGAlI5%e*31=nUik)7`b!+E#y8IrhD
zoF7HP!9IKS3Ht>&gb9%m9xlU6deHCEOv`W&ongk@T?AqB|8z)*rOMh<3Y!0gu#2?)
zoqL=Qed?w?=+23o=^8aClAmoC1C>Je&=gL?L#9uyE8QU)m0I_x1D>lDbC)VtyminX
z)9y|oh|dRMmvLIUb+{ky>BY3~vtY_~oB{>^-aLG)CvhL9An-a#h>Cxo8gAOtxexJD
z#ADPRL;r>)XxRt6Oim*1G0uj*b(0~)|$<=gMoze|>O-3#+c3yD7$=7SfUa~4#93;UFd4T=?|S*p|W%CQ^pHV4&l
z@e&A|Y?|#yRW8%wCpk590)LCVFQuQ7QZK_(FVh(}MgN$%=~b8qsVZ2O=hP_+Y$*$H
z6ni~NJ#56CdeSdCt5ysvRFu}JPK%WjE0pJmD+_oRc_I9GP)#}YBwd{UUO}x@L0zb-
zfLxx#1lARM;m3Pfq!fB@6nh^^Ke;4aI>ukN$zJ9MN8W1D9n6c4l}0B`^V5=$(B|4H
z3&JZ4mKOUUNWF;3y!a&CzI;8vq(5NO9V=}}n*KtYd#)^aROEyGp+`JlYq*A+NfY`nR_)SI9=?^Df34+{?U@@!kFnoMQ5$FxN+LZGFQwp
zH+@b}wAgn@>W^;1V}1>x@Ye%2i81rcq-iZ$5*^yySY^SdAA-t8dbUMAoKi2K#M^Sp
z17peqXX&xhv?PTbms=jP0~NI~YQ)iD<#zKHm+5aOITyc)E9PRms2`{s^1LKu9$eH;
z%kvi4^vkI$l@(lzi4BT#6pM4Lr3Dm{yr}3Nekq;ulrK1olpiH4PkR;T!1|Y&Cn!%l
z73XLc=e$V^peB2%(>x?8o#K@&I7^lvH7F}+73WAw3&cnZI7$m}C3}%2d7aWc{8B$1
zty-AZD<76BFD+A^_AAa&k`{=U7NC_DAWHUPrF)=PIUOxuXb>$Q7A`-^R8~MN&iN)S
z@R00yp76Z;qEkVy*!CVA!1KDa2J!YiIy7A&wSmYbI=$G#;v
z>c1RA`f89rnJ8bP1_t0Cpt|V9^~MS2{0vlAJRN+C|{PBZOkjSnHM|7
zRys|4ALJ~K34|tj=X`szQM)WJ+F%oFD@}KrRz1l1evm^rCSW%wup}+;ImxS;=HXuT
zv@LHzMYH^@XS%I@S=WB7!p|rqDlGk~X*K46yf@h9x^E+Vo%--k$z)5Dw!@V)^
zZ@Fiyhfjq6<*JPfW`WM_NsEXD?5yh$%-^6#;oZXx$$CKkToZVX3MREXX~!RYY3==Zpf>{YKRjqR9{(%
z(HdC!d17=vKyP*4=fdG;+>YnX9Es=65=rofc@r6*3^fp@EyxkAp~w+#ex5r@Ym6JH
zwZc!T>?0nFO4|aFAX_a
zFO6UEQJDz{P+2l@V|`BC2_)F|SxRzmpc>k4zBB~iAT<=<5H=*=K+bRHmCvnt1g{Qx
zM6WJ+1g=hbM6Pamgs%2_#Nq*bdXU%!jojD;4Po$dSptzWoJof?Cgg{>CKUJi%*^*;
z&C+f#8zKSt1(g6KbjGxpV=CMSRuN`h6@F!AU3GqGW;!wVUWcDI7QGJPH@Lm5UyYy}
z#0TJ0&}T)N`NR}@SxLR%Q}AYWYU#rSfx8vIeWAxAj;Ygr9y6tVM?#|~FvX4=&_WRpe-M(UVLBE8Ji`j1#$^Z@(%4vpYkdY-
zfCto62b1ZDie3ctVR-d4Zv9%a0eD~=nj8>|QvSdIdXQ(@}DJ&4ZV-DaT><*evLHDaB
z^qxrXHw+wj_3&2B+OYvjpc*M77U-K}I$$yE171D5Rks#@01N1esez!L*eYGCJ+KH|
zq^d>-p*U6nT*J?x?ntX~K*WxLfQN7bXzTB?=pa(ZL_l;{CiESp9Xg1`u@WE`whm=2
zy}_u-wujRD7RCo{Ex$pjiMVIitBvslw-nK;!R)^$*sG2Cgt!#q@x8WrAQ0F@PK*H(
zxTysYg-JpoekI1DkMoeNjTzVnLZd6dVaxKns%^qK`1m-qk%J;XgE4X`-y%^!SPy{k>
z^qLqqk%0X$184$;H>wq=J@;PO0TQ4b#rqd}ye4izwMd|x2opkxTjLj`2MbEv*I8}m
zFGbOSd8rs+Jb7I-MR>HyC=xK9$`+bj!R$+vm?brCI%^`JXlw!)PuBn^QU4nl&(MG%
z(asJZHR@lY2DGJ^S*=Zbe^jYKk+-OW!_byvuD5pW{ZYdKMc(a&
zC;_aZ#l>q*0TivQ0ppF&;3N{N=y0``B$?-I1bRmr9-zr*InknI*ATsbvHzQ@XUqDu8keP-+{2Dwr;fy&9n029!ENpehDyz!x1r
zsVfAkL9nIpcg6QbqGW$pYOp94EYbjr)ZZ8H
zXg^M0z}AppYvBWf&bZqeea#mQrh>Q14w{csaj=KRfx)I6SOmt#(Rg3n1dC9?mO)@k
zH*FxWac!V9np1?&}YTSHv-R_P87JP_Ol
z0Nf#BFB(^1>`*XvHrR?8j2j6C00)W+#_a$*qk|obz>dXWN3f_6Y=sMU1m9__%KM@>
zxMcybNFQuv4|WE3@D{j(ufTylfvsV|>d#=c@L2cjKbq5j(I5eLFe*5(P%w5sSOvy^
z{c&L6n{-;VRg1%pw8#Z+KRve)IJcdo+6e;p%anr708
zKn~_C2XCzTpSO|zFLvFC{r6orRT_WXbr)T?G@hn9HTLUV52ZEiwU)hNz;v`Z#;XaY
zq@wsZIJ25qM6v{*R8vGMmyoX@6johdw-yNUj>2eF^j#IHY&$BtF5B{!dx#&ig2}KHA@Wp&m
zpfIOCEJ-AXy&9K2BxFTCZ68hRZ&)4e_cl93HN_@G!23eH#Z`awsBpRM{bUP+=Pg$~
zYkE@JfEa3iSYkg-$W^w}qaT?r7oooPEE-*jlLpWF^v;T8DbINBs^HS!^r)r
zWAyH{a0`4#jueUG^z@G{QFx7aRM|&^wk)H1t=K*JUezwViK5mZ&GDbRa2(1iY4~NU
zdF`%Fk5f}-CDdm2T4{n_6l|#-7b_-af?SE&&SisnFo*2iSvsJAsd|X70u#utl
zlIEqr!1O$(xGl!^1+zGk^%i1hf4iSrC(9R>s48@nNVg^6o(m4wJ*-A9;;HLEMQR~j
zA=sr`#yh-ZfiLEQ!58$p>U1i~VSZ4K7M^5teo~m2l7+t0h#jvS9Gv))iuYr1&aZlb
zl4>$1Eq8iC4)4o{IF_GSk@JJ31?)wV%U_tbjUj=Cte(8R6$w`+;{0l1n!rlCFmK}vz^54vpKFQBH
z1u$lc@|m~pZWyLMhMr)G98Ky^=}#I|GqfBh!USWpMyBfqMf@05C5}=I
z;vBd7CZfd9!6lNTPZTkOEztRte%~!dmHr`WhW>Grc{qmEkoh6oE}}7E{>&tTwdTPh
zV(R6}F4Cp%%PTVI<;pLT?DfEh{%yH(J6f?^|F3?K^!=&up)bG*+a4=Xo#Id2_pf%F{C2b-Wjx-*2oPh{Tq>H=3ciSvVaLXx;)5vvX%h8
zDZq`j=ywyvS_13dP>Wt9d#rL&6)ni3lXwR82(h17jgWD(al)BTCP&!Ln9gl=;j4xG
z^-DSDsv*ses0@NJlTS?2x@vN;``6L4EnCKoRfYntZ64NgOpmJFcv*e<#G#?mRlq~-*Dh-
z7slRLML$MJ3eMNeRlUfHzYQEbJ__V&yyI^=7Am(*A10H#nCtV5bt2!~?N>1=URNYN
zgg0_|#rW+jH#rTjGZxHs%n{=_KT&QQY5n0?6(F<58g4#y+tx0;c|gKk=550Bey<@g
z8I{aX$76DEva7mjL|_cMQuM_EWn(j&l-O*m`)D7xD3b(Q)@J!^iomCKF`zkE-C
z$$)I|-`Wa6xlX@ldO7Eeo234Ht%7eNerYPan}y~}Toqmw-uL;;M_zhr{cTs|Q@&ig
zAk5Uag3ed^?fb|%OKEG76YGHQ*3!wDOe!mj2LXKZe$SzR@&m|;@A
zv@{mEgbLl^9N)CLL(CRE^w<*{6OiFy7bJc9O~1)Rn`+Ws06kpv8V!WiRP>YE`I_{9
zID6;d$OCO#cw*ajCU(cRZCexDPRE?swr$(ClZi9&Bolr)=e~FAy{dOledknlb#?#K
zzv`;J_u5)(hbk86E%e{DOmc|pv@>r+TokPPX}Tx;Xy#bKeKA|ICQEvksaQ_X&JKf(
zVHNlcav0ohPEr35up1h|#N*13^1ds_`yEkfuLM2u_ad3ZH|z+w{ui%hKZnX!0iWum
zMq^?-DOG#y=qPe#EEP7fq#Vy))_>89O{@_4QjWbw7HU{i)ZN1S>qpe7
z3nv&u7E7MyBscB|38liiev(;jzD`MQ+!EqQb?y|B+5F}kIrYdjbLk$%fh!aligRF#
zA1x_MlpsH!FmYZ=98IwdF0sbeNt#`&U}tR^
zA3v}TsMmXBqEyXdF2}{@Q3aTk(imMTqm0;vG#RU#rcYlSNdt7@Xw
z)!!UQ>$ySCS0d{qqVp2Fd&qW7n+sCWEL+11j?eG9|Jee8d65jkQy-sv@Qu;#@4VLj1CZ3d}U~br+E${GoX)Wr;XoQL%=}_
zVx3r#qQhDUWYY5Q`)M{|=&KHSfn-+qAqjaAXI7W>*uJ2mLiLA+&W%?cS*&YzTs0zf
zKRavzOkMLV}zVWF*<
zR`VEYUX3kPu{_HPnI;&GO^6g)oz^OjNGSb{wHSi!80zY|8%%;Ag_P-;;F0{&Tudj#^9#X5dC^nhBRkcVU>ffP3W#wx$rr^-M6~Ku@^@&a0K-njJz~_~
z=7Vb7`I$uY4#lqq2fs5H-b#!98XO;Ip1$Ked`zCcFP^?@%)Qp;J;mie&E`ER9Nzh>
zdBvq|y;&6heSWwh52RTk;-uJFo%^UQcvr}OxA^){_--)x=nwynB?S;(BA!(zD8Q@-
z6Ws>762O+NmgDVhL%X6?*ryy0H95n{>Y&sjY;evj)-1!Iq4Pq(_8`I%f}A
ziFKE8hkCV=2@}mUf$8(OQokc3^toVdL85qZbXG6azk&0P;)@1DrGw|i%o>k+>+6f`
zenYVc4YxFeMxzYZgg~hzK7b%0l}3X7`ua=>6zoFR7k=>$_-;VIv;{
z`^K*iO0+wotBWq&C9@~O^r_qd&#phB+7(^SiNwHQNF$o*Pu)$bD(N^iB*t_LYkok1
zdx#zy|?t@|g+IPXm!pgVc|U>j{dT-Cz)u
zWKy~GCnQ6`I^iywgyM-;5+KOD^iMc9na2bSM
zHS~PRvSZoieyU(}(L(^W2L`(23a;yC7h9Fkp$P15>ZxS}EGKI#|0YQ%0*;Hz$B-@+9cZ1#WznchlRTWX~WZ
zkO&U!xf&9L^#+aUruOTpLjAo)upb2YKE(K^27zJ@Doin6L_xv1#_)Mmfw^%W#XGZt
zK|@rl)_hPeVh^lLHzXx{rFnZ`iZ@hL&)?8_VPVMyyXAKSm|`6477EPQMvx03&ecV2
zMPeM&S`O1-hGY(&3BLXn5&9cAx(_t$P&rn=GSe0V(3fc|aPSKJ&jlF5=_o@8wrI+>
z?llel+3wAQ|3ApbpRLlR2}s|*l@k7|;{V?u=KpWX%~$bnW@`3-vTl;qe%NoSV*ANE
zJL{!}HfdpP)a*b=E&!wL`Yc=PDX)l|nt}ye+53*UOUrdeV{I&uKVW{wKL@Ci+=7s&
z5CgT5iQ=D?!k^a8x+N(Zd}lnbXPtMP@16vDe}8L(oMEcoeC)D1-I}sL&rorV@$#Ft
z)Ao{C)tx=^+_nPn^2}Ce7&&qX@Ms*X@t@Qh8^UvZ`Umh`BM0khYSPRI(4?xLU~5u~
znn}U?8m!Hv7%d-rUbq5tq|d@F@5au#MLs*OrnLMB2V1CSXha@TjBs`cfQsCWReKOw
zKT*VW14DN7ABgh>5zT{PUxL;>fps^=ZQ1&IoMbfx^J{xEzSHyPTZgec*;?jl+=b2}
zZS9^x^+d$LRBQ%&YlWt+a;;{caW+pmR*Nj{#u+OeWYyoc@LyfAC3*=5!6P
zm>DLpMY2eKXezKRmQ}=bKeIXO>8tVSApB9rh+od4*+-o(0pM;`u*eo+#g698WFbSG
zm0;-ht0ml;0iOe>7d9wYyRr4n;;px6Gm_GchK*n3@$a&p7-}V*%oS9n{5w
z`8H_yVv2K=I|{(54crjByA-V0>p+g(hZMPEpWxEeQB`e
z+-@!QyOG$4NP^**omZ)jkF=t#XqM3d%k}zo2JkUBQYU@85q#&ab6EgAFP;K5~g`}dV>Bo?@+=a~
zZM)|Cr?(?^nYTu&hqvV42Ha1v{zUKyClL4nI~~tBtZ1^}iU%Gp--5i?FCA#MMqX8c
zwNXb0$~36bVjUBu;h|p|+9NLGg!+&u_@C=5b%z!l&2(S#E4$*5Iw!6p#;9U;!`J*_EPo{reJ7y1jvXo=ov
z2&0WyMx^N+XBu~UZI}(A`zE>L-YdRS>);bo*ODJ0wh-3cid$gCAT?#VnRWy5Y0Fb*
z@2&V}g?QgBLm5r~WhdAOvCW#qhI^-2VE>2J0ZY6Z5``rPSR!2F--oX(JV?-cJ4
zzPJ4{FnSFs3s`!SM8EEMSgnlOB_XB{JpO=@Pl9i1{h7;(Ev?!wwT%J
z7a1YkhN-;re=O6nA|rCp^{Qj!^lvv@-SuhG%bwtG(%&xVHWdaiyVz#vlMTVEW!)^Fs&2@w)zDL({d$L*I_4>|Dp
zUYG3*-w`>;u<*j^3Fn%O5hxV-X7RMFg+nNQ5xBLEjX&d!c=;Z3ajdcXATZvsi%g&W
zg;Z}kfQXjLJsdb25x=a-O2CG0FqD>WFn3bO7jU^9l|fChX8^tVhN8n|(Ow+giSCv8
z;di};{*#4MV?UUfC|&)-^22OWL>%WN2a~^);32Eey)lu3PUA_^^=E(Gi(GI4;a;25
z-SPF=vxAr*a=lG&E9&?(`olzjx?o5Dw4Qq$%A3O7bh!*jO&nv%l4raeL@!g_zVpax
zN296P=SHdHb&qqRvZftr;x+X+yAk$m*
zQTI1$a^qPE+wo08q?XTA-omh0EjqVR9tn~C?m`|hHCTIJJU6^>KdKc$h}eE6CZ8*p
z@3V{?Ow}G5#-yeh_A3X0un`Xw!_VGamaGOJdF>&XWOpk%mET+T!iQ>|Vc%U<4q6>0
zhArA;x~mS7)w}Gm&Ep=eRgSzhQxkpU2h@cn*3?Q%_9rzK1iL1w7=}(x63rI4X?I;KwW(7bI{)#Mqij_=7$?S}liRW`O9W6Fiu@
zC1`KgLf=Uja#8Xl9
zlL`b7EO>svW*cRNbK4H(Q7o^5*jFcWvrUSo9et?T3Kw~AymdsqWgdNPONBWs9Eu{8
zYI#CUF_mh>ld!Q&avH|q!~#Px?{ik4cUDZ3>6?Elp7On|3($YXCz-G79sl#pMEF07
zPa^hC|5x7hCH}7R6`cGK*W)(}KtQw@Y^$1qy3oy!m{cj?Ns4x%(hyyBHi$-64R{=Q
zHgCsBH&B8Cr<~bmseXMpc=($UR~r6Fhu#e``G`{ils}z!?sM+>ubp=$#|`{H=f5#U
z+vA7>8k1!2gLUe7@)f3PnnOrX9cyyrKK_=^j
z8jlKFv$xF4Qy0zwzDT^A`Ls{7X7P`QIY5RKWBDI-nnElm;56J8X)IV9vM2`wi%X8n
zKv*j_C|(Dj$fK$KxCh?5knVsP5b=)5pxMBc;YUgRAbl9Rh`$T{&&llbE`@+*!*~+k
zk#BNkE$52qUA4F7p?{Gr+REU2C(NdtZ?qg#^*4yxoF-gHWy+B
z!c}6+iBYlriUBFs7?~<+T@p_k^fJ{}=IOZPZuo;%xd~e^6T$fHL`z?-DM#uyqv-zoms@0Xz1(|T|4?+3uflLGnTc1B&M0^8PlT>uIG(Z
z)Mn9SWOWTJHJtgmMM=r@Du>C^tWoeHrGYtBUkRwYEu-d3to41B*=OZMxgEuPAd6i@
zL)J)iVH>^4%$M$)hZM7rgdIh!-5_dLJ|mEXQKmSfMb25?9A*l)?_K-=;RdJ)$x+xP}m`VFsk&7TSGNd+bm
z!O=mDI|a=drH?I*B}pNt>_49-OZpK&X}Jhw7%P(i_xLE%g`%H`^bf@x1=RC!LXB~L
z4@*J$vdTQu(dPD--|lLWiD;<1j_nNGjS3>Lpsx#fZt?fqH5+1QPEP%TawMRKQDd<$
zyn}W`z|W1ajM}6?+VEcy_*_NLJuH%jcJ!JaLwzrd{FNpI+=@qQ9+O!$!w_v_6?HG%
zQCzG29cuLn!k1Bgt`HSmQKQllh(NWylvcjtWP>_fKdXNdf`Z+SD4gPZ94pA&`ib4a
zzr`XEbVDC+B>MoG}Gdt^?~wp`9MMJ2$US@lPUs+?nN2Apk?
zuuu_<@6SYBC~%cO()}4oDEP)9zcv(kbb9wH(uPvLr`wR@{tfA*zf@r1dHBRB(f#ba
z5iI#D(f=2s#9awx!C7{e@;oiO(1?V7zAfp`LR*$yu_MJ*luA#pY8TtrU0X*n)Jk>c
z>Qb;s1DK`!;$UgT+vR#{aPBe=j6}tdq4))$C!Z~wd}Ss-(RZ~hh4
zroXfc|L3UoA54P3vabI#-AY!`vtMLF=hNp|a6Pk}9FbUUh@EW;HoFOk=ccS)CM1=^
zEkIp3RXNs9mpNCB;8F5JLn0QUWriV4cvgb$lmZZ{Tai0m>gGCMw?A$4e)@cZ7(&g$
z=r82izh<%Q{#N3+6z{Un1s4&LSc)l{wZV;rWT{KPX){cCFX{GY(!(VN|C{4|ywO9;
z`+8b5TE-Sny4GDV`);{(&5Gl+@c{PHGYnNq$5tm9Um`RH{Ri>WKu?C*Bora&N2jhs
zyF`40wY?l2Nv0U?BuzjIT35r49ze9}cQamxGz(lI(9M##F$6-l*J~z~2B0`r5N?LX
zRdu>dBh+uQfD)XawNf%I&|rlb8WmDTBsTBzli0*H
zBUa^t4ThcJ<@lNZUbmNCZyb?dkv*Ol8Im1ZTG|A#qJt4wb)M+BdV+FcUME#&PN3gr
zRml!pi=y$@4^xd-5!8}+Micu)NHG>-sH%rn;fnGJpCo;B02m?RQ5C8KzPa)%t$hjh
zJflM_UPgGtOi60WdD$w%Bhpr`aoN)nLJugnJju3HuVf;`p|PDP)~tRa?wecQ8*{GUQo)wpMBwGQd
zfDK70hlHjrlUSc>-U_gKIM(j08W;6M>G7`U7U;maidXLDrv{|~YjW_D&yMlSYF|DNE8?0@tGQArsyPl^BiL`gFn2Q#Ptk{_v7
z)l*p%MCX%PEU6X}q*A^C!zd0FzJY5do(P*0wyI>}?n*C_k@{|H-7$Qoux~&-g)VOH
z^UzQ9%VQDUGoJ?WHNLa+>38=@4qqmbK(8MdQz+YDgI%)f;#_+KMoeNxqqSLg
z%?~vrC$-iK45M-g{o@u&y3Ps)iWLvvUoP2u=AoM`*dp#qo6D*yv{*~BHDj(MgM)ht
zB^>N0i&6I2sO6L8?1OvbMbt+A6st$c3}1m4=m^n)Lfu9Lz*kZlO8q_`dAI^0CL%H
z>`l_)*3cm4r&CU=GVMtioyGDM)1x38{wkRx
z8D-(|35)7kco{6?eB096n~nBH&yK%Z+cx|M#AhN(d!e&Ru-(3%8mvEf8?VOfn{7)l
z$g^an7`NtyPO++aN14nLEC+)@zEe*_65z1g=2=lh<{3a@uUIXMq$E7X66D{@&~B=^
zG;ifn@d~EIaUe@Ce&?kRE#eE2XKKPoG?r+?NG$RJbALi&LVZ#mI&ES++7wv@DIm!`
zj2!MpJF+pPVfgv!xJC5GU&3O|zXRtF@Yfo%{$=aLDDxr>Q3*eX1X
zN72a2>AyYbfBBA@l>(X)I$v#6u}N}J!9mc$MzWA&SiGRpMtCy{#o6fUnM}HQia9sM
zS+8=Ttufl6g@4lR3@C-58Tj|~cK02p-|5cRo%a_{Pek92Z-b2Fm|eA0F!IOcLUkTn
zDkcGqCRBQ%t+sMwk;}I0C0oeAx;9&FThHoeaTi+M<`wtRug>8(jv=EKT*&I{%B($iNJ$*4Dy?e>5!t}5UH~ZYz7$npevDz+AH^cJ|iMSHq(i#6-}@=V_x&5Pm9?1p06T3i{^WkX#VO
z@uiMHlo1oyijQ4FaYRyL4+YTNd)Gs;2@7}!N0;V96bhqP1x;a`(~x$w!zA_F@%LUN
z2ZF#>VY1j1n%{AF&cv^Sb0o+1sa=PHw6M~OSI|HJ@*N`bj0FZ#X+Gy!4?gntXr?&p
zmL+jR7MxhwDp^mZrItG3HoQOIBaS#^e>1cPM13TZ?u(Bz`1UWyOlipeVY+9}yzkoN
z+hVkE{!7ThNCtLP0XC&pO4iO#h*+mM{qw#p&LUS=_3fX=?3kLHp!Q|VSO3zOW&Sf`
zRuTHbg8#QQt1KEK`{~1i8^>1?haFV&1>}(u8rGwOOXov0MdrfqH-|{!QOY^K)ba)<
z;Ec|GP>ss{6t*D8?wcukHE$ek9PNDlr!9-$0FA@}cMUb=x~Z+I!&_9=o}SxO7)uQm
z==9l>6R2f`4X0V3vwmK8Bq!-d8-%D3p+pJ-rnWkP`
zkQr0%J?+vnGUi%1+W)pjK>`K6tbqAEYPU%mRdSxvlhasqIfuubB7-f)G@d}yiPFVL
z9{}lUvN<{nd#277UE=%*Om&_XvlAh#1%++^c>y6k{3ClV3Ci8Y^rQsmB-2wbGMr`V
z9DF^F>#3=wE8OU|4~uN*fFFqWQb^)L;^9hy0#NExJdU(XDlkOm6lFe8A9(AGjXI|g
zO5!jH&lhsGCZ6B`0Y=JjNF%~JUPBd%5WHcYSD|=hJ-$@c&}B{3cAvdea|n#Nr4*3>
zRO6^@IyT7IVsY>6N{RE4?2Hg3NPDcpd?zEhG>rYC7{CN0nuO1lMb@Oa;K^HMvuFt2
z{}E;TXv;Y@jb1zb%{(--Dg#Q$B%9lFu*~^G<};q;0^`9mW3l~DoM`lZ{bz)h$$6cG
z^*lcYv)v}`-y998|!&v6`$X?RYRu3D$0V4)B1&se=h
zqpXRzC@3Sg_yE^MOXKJXr4&@gR>|2?);+Ca~l1PidsuV@@NEkk@DC-C_>~L
z7ORQs-r3zC;q0inn3(UqC9Q4+(Uu~nNLT{>AM-(inXm0pOXuP25(NVDw+Q_el2{#j
z3FPaw-*KaS#2m1E%TF0x|(%%zH@x$oeQKIo^@MzJ0s@mqo~bhALtr|C1kHD1T*SAL_7ynh?K8iAgC{x9$c>m?YF<>*YT>vC?hey`ci
zJ&mvLtEsi$ylx_mrX1+#ZE?Sd;W!vkKTdNbou?fdF9zn7w~lKV@K+Z{
zOn&laF3GtUaFzrxFIAu6b)>9ZC9yYljUeRb1sN5{zM(Mw(9&%yL1A6hXn%deOos0c
z3)Je+Ty7IWH;KK1*~ZKP4b8XKb9bFI!In!JA2kpZG>I+FbW{Ft>es8yozvaccccTh
zi0)X#;o+>JYuU>C-K@V=HQ_PYs=za=h77<7W%X-efGn|qA90G%sWRY2ij$z0G^WaU
zuR={Ip^7|KjfQqBe4Z8by
z@kLwy0j?bj8@_2iv8l}_zNwcuEPqWoRQJ5rM
z%AS;=pE5r9;
z2It1XOZTV=pd^xYSsG=JJ;U{u`ApV0-*nfnC&w!nS9OJl$x9}B)!lp@r(=v!uDL}T
zeDz2TKBI1(F{GwgOegrG->0rXxc>;}_IE{c>MI5gWnsk1(+q#>Rx2yPyekU!ISnsv
z0hQe$Tk0w5bzWjUrzO)VdrjjoVe{x=@(uk)Q)Yku0tA*zx+6|!S|RN
z>;>6wSYj08FC+_7ET9e33Em8+Ynhk4z_e445ZKp8jN7?-i(WX|d(9^5xsqfHi|FZN
zKZx2))3t#a+ozYcCu_%k>^*6zyCLcQ?)T3wfcZ3|8_bsj2L4M2{Lhf^s}b=3_P}X1
zz5i-*lCPUK3YO3PLD#
z>NIC?vK)F;9x6DzQLj9iVnI=-kE=3HiOq0bd+wfi3e0}IoWu!$q>UgB7NDuh&ANts
zHMHC`YdX~$(b;@T&(>VeU>0FA0XS(G`%!Z#LYf?_D<`$#=JRfY#lHEFBMvsBJI!*l
ze`t@btt2>=MFa+wGbo;RPJ@D&z*uldY*gu)_}Rya
zl^7GJ;Qc%QU-dvEFq~7IhkX=aewzd7%=bZIy9SN0&M$aOtcGr95ZTu_a{JB-0ruTd
zdeqSYXw*T^E|hK8cZZCDT@BV_+`1ibsL75zBUCeH1EYq?*+bxPIyrG2>Qlw+Bexgz1vU
zp=)<4R$&5zi?jvx460z~JzL>*GGb=&RWTdtG1+r+VTh-GgahQX5i;G_c@`kH1!0)o
zVg}1|(LZ-C#SQdXgR7F~DXLQMH9#X&i7mJS+x=H#ad&+oh6fNz!2k@~R90SuC
zg_K@eYmCJb*xIPM0t}toE_Y4pooMZ~oR7jz>+n;-d5ON9W|yXyJT_%GzL@?gPfb>*
zC`AH!?{vW}NuJNhvNpNFD5B4HahvM7`55oYUSJ=aLy%lefl8c
z#h~t58=%dl9=GQmS0RW=$2>M(ey#32)$p)DJh0L|ERWssfwPaM>{0&H`|}2QoKcrY
zbb%7}3M7#+B1CsdTeD$-S1!#l+#ntSSWsyebtw?}M?*kEnRXBmNiXs-6sz;X-;w-_
zdzPjTUddd$%^YWI&kJs~8f3$C*_qa2`~RPS+Zvht
zdwm{}fAhCRghhmH>`i`%SUFglImsEB{O=NV_bZg4f7rP#hSW8qOEo7N=FyCov=ui6
zU@9iI;D#!PetdHQnl*+DPurQhFQPooTNn@!5M^!P==)e&hz@Z-&f|Q-82CIIAkTKM
z3nCLFu!rzjT)+Qz@9~~#=ji?Tdr0=}M)~t7YU6oB)l_d)oGFC*AqSGvZ
zM-?*+r^6i6tEpweFFcuo<*E{81VWEH7@fy=(F-#&4_SM)+i+n3C&MV9HJ+@r`c=q0U5BU6x+UFFgQd_h%Sh6^^v{|(m_4H{BjsG!
z*Io_5ADa%d`|B`PAYJLXEHRW?V9=qhYE&a^&H&8s?y5Ynt1X^VVj$v9kBjaJ;(OM9Cb!cij>%&be?zaHGTkLs
zUsgq?emLa*A1-=kScJh!{n(W4!X2ilO_gWcth%+yj{*2xI(vc187H_U*HIxXO=ehd
z6fbv&kB~b@@GjqnpUW(NvWjh=A+c1x5U>_n;GakJk*+#fKN6c{%2Q}w#h6&{s&RGx
zhB5~Le~8w4=k(aMHM@4O>vR@4W-mnWa;hG5w#T}oruBCg6<_K%<8PN#n}#X^2M&pH
zu`Qip?grf_`tNlflT)Q_%tP>IjUx
zvR9Nc7w-AIE=Y2q*X04ZyCaQBbUQ1Nb_TG7;YF7b;gRg51JVr-bh}Kc?{NsKWEQHj*jnj#_Wv+3D!bNP=|Jg@;0E~ReaDy
z=s(2NHijfwVF{v`Ca4>tZG_(u!8Y@D6JANo;SWhD#iTtExtFeQxktx`bdu&wJLxnz
z?@Y%qDVFwH_a88H5lW-NVGB?)jz6)8d}GkRAN7dFkyzo`i#f`K{|Y|mCBZtP@Vd(J
zu9JColYB-%AtZbCe5qvOS|sH%W^B4Q;-bFS{Ize%jnf_W*GIZ;L6PMJ%={C;op9(g-K^Y0;64b}tUHfYr2bh*>KYmb_={Rv9Lw}=yITm}j(KrD2++aLK
ztGqVu7$={GA*_Fl$=)4)@HdtDQL{Y~Bs%yB{-uDyGnUML-mXL4u`HY|Vl@6*TyLjT
z)~V{-u)VNV8f|;|HXkjOscCBTeea+9FU@^nS%P0}@6mr54B7wPfc4)os#tAX1x*9}
zQ?EhBSQDTfOa$XLuP#g~9tirYG7%b(f<#M=`DVOMXXN-ZW?X!@#cjlKq;=+b=}gwb
zbO}eFTP2%XG3sZ}lfkJ7(aV;9{=?Qbf^jo}HICD4`_~Prnd_Xm&fd4bDiD2+KI0C$
z0B1)L4FDN`EzPj3)a2}oeR^Xl>=G}4RqnabP2!>Bdy4oDkb1=-
zy#PK{XWX$iXSLc7I5U>%VV7fQ`F?%U#VM#YVVy$n9N;ZfuUR3v|_btBlS`Ppxg
z9vf?Z+a0sKx>v0&GPLqO6
z$Ix)e4PbY8&Sn>HT1?$V=ilCz#pp`1-KV2J2QWR@wG$AGStOHkwKf@#6Qb6aC9}y4
zfZGq_W?7s@$-X1Sp)RBym6ei%XaCSIN}xfPOXePvCm3Y!5Q+TwYp6GZVaHFuk3Yf{
zf&=q7(;pqujVMtYlY7Ui>`P}o85(VjLMDp(hN=IXX}En*ielGv+jfkl?6cr*6Mp(|Mx`&Pz@?05Hp6J
zVKm9)%^bFS3Yl>ov`D4naVh1=f`q&80dskXPw})yU1(3Wg&13F
zBMA+2Cm{*jK3>}SJAglb)~k`HIMPVZN1MTm5lo)+m}Tt@<*pAQN$^c#R|l2ixc0B2
znZ5m!t_~oXdVaOZm<)
z#m4VQqD%R$3;U#i_Blxe3sMzNu|5xG(4m!$7p{~Cb#yJaH=Bf>U
z=eP)f!r9Wn
z%b<{BM=c2zuQ(Y;)2w>64uOh(t;!{5nIM5
z2{Xzx0Kc-D+x!-YBF-g#*OE`M-IoLB-HjZ3ceK7a982>r
z0^M%A-wDsj(NnL#KImL@El$Rv7fl(BqZY!<5CvI+l5#&aU*)i~Beh9|6O-N1LJ6U)
z)UB+8gJfi9KQ@g;5v#Ida+9fphqZWYrd=Dh&&7k8C$$L`Lfpe2*1GtphBIQnG!JaqwOU+m?3ngKmO1iQHyj{Q1THcz8gA5>
z1Go=p6J{M$M63Uu4!{6#Qkj*=SxF~T3yUeUi*TvTblN=HF^!8)RQP67f}O}}$&A5l
zF2#6b>+X!yh1;$v#cE%o*JA)OmA=|zB?!OvN4g(UT+;Oc<#>@?+1!-HWtKYKF$ur0
zVl#jR6rEyQVcWkf`v`&bKbD4Lpr}}#M(S4a+8c#B@S;dikOnUL_1Rcd>175psK1*H
zA_xrr#;B{9kdnFrB(5h_rGuRuIBlr9Ovg|HZQV=oCUUrkeZk9Dk+jY5(B^~G
zkskf<2LDvKX)n%NBe)H+6&1^h%ew%eEx*%JXP0!af_Du!Q!&I5#ML|?bGN^OEm@Y>
zO^Ujha6oyN6|dZxo4L*f`+5wWD>%z4H#UUpU)~T0%zd8KG4Bv>@-1P4!Q0{ikT$sp
z_WuMECKbqqgv0KbNnCwgGs35blk7wwa8e#HY)!k0i>huc!Jw#>9WRxI)3XCc6vaD>
zS{3?CmSm1D$pLNo$7R^>Gi$AiaCR;?GJknkAF5s(e5Jj#*~Q6&J9d&{;MHQ3S&yP^
zB0W&6-;@=YU8)!LGI%Dy<0jgJWH`vJDLP03lk!>}Ny$lLL!eahgf^4pzLWoiZgnR`
zZ;8wqVneD#PMJfZ%_vI5O}$GHKuCsDsbqIxOJ)9*gvWiwGR{<_tE-^Gw2Lc(tq;~v
zzz;SU%w~DwNu{Md_va7YBk(e7=BCcVlS7d&B&W?f20d3VgKU4y!KKO8UnVNxq%CHV
zm+@w&ThK&eGdbTm#$~0QLVt*Y@QlI6}@lPt6HG
zQym^qeNhoGYlZ&eLT@5HGq!N``Vbyzt+H&`Ijfni6x*6L4POof~*
zu=1#CT;Q^DsB(^S^?J@IRUwb0%;fbE+rl2E&c9dMtu5=0gx#fIV#tf#-#}XXrPKEg
z?@Y{ueESLHi(2F82|vE|ysZ75CZeIA{{s~jvhU^k*3fq@n{dh)c}
zx9=HJtHVv$AO)
zHDW0cRE9Uzz8skxrVUgEE{z((;?#Sg`P+0TcETvqinHMvUekT!4!~=Dxaal6t&;rxr41L(^sT
z(Ea0-@=pwnV~-Crt1N%_o4>iH*h!SzBerKO_%t*Dv%kfxNP;|uTD;Ao
zLUZPFm@v@N?$wH27N>aqk+>|FFZ1(53A~*Edg^8k{=$~fuaBR=82f?gWC?L6j&i4t
zawm^+r;l>yhjM3xa>p!D;ou1IV8#5Pm9ULfiQGy2Uk7?vsdY2^zA)ke?q6Yq;J;Zn
zNU11rad2@6*;ugtH(FGy+y0}=;m5EZZ@ae9M4?T-l++W7kOm4+gr$N}B`a1HLbgn%
z&>C2nrlf>RY3X_WzHuv3x`@-m8JmrQ>{#LFB<>%;`m%hR>EG}5dm2)B(o%Y|kMCs1
z`?quMz0>U7q`>Yrlml!ovkOIIdbkz2D=SOx(p`B_Ld29QR@ITRGVNLkq117zlN)>D
zd}64ivFWqyXnHI^>o$K81)m{&kEg9tR9Z%IEd1=$h14b(Ra#v11Gv
z>Nd(@#td<$i;bdzwaIA>K2NO~EDE=4!jBGm$&~nw@m;$?mP>tL?3^9G9j=L`_nR{z
z?_^$)t4;ClIfbG|2;3$sSilF)9E{&C;-~hn7?!3`*qW_ds8q
zvS=uoL|6RW*j(GAA8JW?DWH)tSAXm@h0g&{e)2U%@^pyazfm;c)yyjbXN7~{;T$Zs
z!sAjwGPelMW|3!l7CC916Tf^@UlZ2Hmq0_Qjc>6l{;EAhU!cSxL(YZL_BC$_>{ytp
zf~vKo`VAMA#o-3mr8}kB#af37<;Qu&YQ9$r7IaG@T
zLb0sQP_3yf&CuLnx_g&#DFIX(Cyo)k8Jq)ia7Ap(&gO}kmy(*P_;>!&^BKW_=TB
zhFrPx&>#IM){3?F583!f~K1j$3A-fnwE1i4DH^$?qqTR;B6oexZ{iptR51*_6GlOc8I$=eG&7_SL%{if
zYd>2}kirvET`X$$xNBDSaP2(iqs95B?nnj?1!ol^RYv|HujYMxvGS%{vqG`{
z26Y6gpzQ;is`r{U8iLBCEv7JBD#R#vCuvV<7CY5eVZYdSJ<%FjKb{gy$@QR&4R|sg
zA9ynTm0Y&T{WUahX_O?lgy|#tQGb$zX&+Ep4+xMlH$_`WBGw!r@c+;s*1^*L{p!;?
z-xN3`8a4U7cK?b&3WGJ5u7oyC^`ZzvS6f^Fho~dw&nG*>jPFcVEXH`(VLVP(MBWR6
zybK<8R@u);pC&-jN`jja&g+nQHhD>Lz*PRst!FP9GDo_r-GWqylMQn15FZ14+0Varh8t5iS<2(okoUuouelW`9
zj5O^9cD+NjGGdi@Z_DoapZs`h;beA|nAslN|A<~50J
zv=%Tq5=*>Oh~DZ$cLeu>{03dLZoA?t5ubLcu)FyEwoNDbVn3qA9bXWE(vmewfn)`B
zZ+i;$?*f5QDKj;PU|96mh8=;&5dfbxvGt?LpOw#L@~E%In!}@quBZlWO@pzDA+_0C
zauqjs(Tl4)jt$v_471Nt8t&ba&jeoA`nj8%WnS$&D8dvKmLDr;Qy=rp8dZjiSmhZ!X0bEc=4#@Nfm#;
z1s6kvwn!^iDHW+{GeOX1PLpVLtWRIsamz6hdDvDAhEV#3*6v!&tGVXW%RF>#^mN(#-Q%W1xrS|9}<
zctFaRat}|^T%{}^JgUaXN5@EzC()h*s-L96$)!K9T*#52CG^bj$rBPaNIIA}@#u
zhsHu09=U_Z!ri5>EIxISZNe#MWQT`gcSb*;cY~28S!^H|9B(+~K;e4Q_S#*|fgw}w
z9H!GE^Sado6WK9S8Od*=mg#E8*@&bnkD4hCPL1<5d%PKA(&aPn07{yk{JE#MlCN&V
z?uQN*)rRg3Q9k?C7404$WrS{GYTYlb;xer+dVb{FP;5nUA-5@&;<-?MTO_xi$jwn9
zPhY+!wW=+Z8A}-n2YL1lV)^QPO?)j@NAI>e3~xFOo_fPSIgrYxS{6Av{y
zqGCou@C=0Bvq;0Lx0`E^^g>2ON9>(d+XYxLKLVAp9sBNMdIj<#-NJ;dyS-|dD|OW-5H`0`O|9%
zAds7#hDKUPNs=1Y&;56Wo^49@WJP*0Z$YP_mCVn!ZvsrGV$H}d*&tSyC?ZnHb*W(`#
zNYjRm(Q;45*^g`mR`zM+7sk6M5-Megi}bH8da3**oL0zXVu+KPhwiAsfny36&!&^*
znTeJbG1ajHx@F;BtJk!|1V`p8UEQ)DwZX|rI5+^I-mZQM#Y#U
z+WXBn{Hv`}XLDe4(5o;HPew3wWFsh9P(TNruuIqwIeV59RhWHk5?PrbUr!zDt-3u4
z9+D^Aodqj_o-U4SELb5)o!1&KEe@py>_y4!Tr@~*K`Iq&Ll4p|Z5=sHRJG4fI;0pgwiD7HeG0?9&>G-%J|W}U^WZ@O|G8y1R9I8LvbjW1@Yr{&)hc9{$#3)EYoztl{vPoyRrqZP%EO3Te~
zq8i!iOEVxqaG&xMLJoL?HZspz+dHx1;BV2p!Dk6B=pPEHIhLm6vPV%ro!Ey~q58&7
zA-Y|4iRmod@&q&Uy%Xp8&Jw3b$O2Za9&1IW;cn^1+Z$mMgzHy7VO!>?n*2UQwBR7E
z6MrvWe=v#qpC&{>T3DIme~1>J-IM}4AA_7dqwHcH9dxCI005C7a@s$eTnUXyL?xd@
zmAw1>^xhcno_w+RV{oyrU&6~UL|T0P5@@BbH~9BZE`!cSb)vLC^6oOewH>E<9>sos
zx@CU(1DOu|8s%mE@vGfM(hfArix-~QQNm0pydz!~5yq%yvG`7XCqf)`t{ImwF)pSY
z7?B1J-B(SAXXAC5uf>&&f#~3)r&E^)iPj_c6PlE?8g=Y)Yq#tqXKeJEHV#+})z>CE
zCRE$*U{$C6Prkq&&XejezW%oxP6XVFl`AVojjq`h$9I#PkEZLp8h^WQc-(mqlaSgTKvbEFY63qzH1nwfem~^`Eo}W5K<-~8B=BtLMnPnJ0k9gT9
z)RE2lCKDb^PK(uZrvUeYwXFE4^>AnQ9Lh4$_JAPqYu{96uYWy<>&D@U4j6GBoUOgZRR40|YAoX0pD%O`sy=E2M{OqzT#8UvtiS*J~L^
z5a~ktt#rx%1LO5muuP1FoJ~zl93kKTtB>YCnrL*L&>%z4a@D&OyJ}RG0v1A0R2v8Z
z7!mcgQcA#BsaVX)o)~M_hLOZW+a+u4oX^mG4vqQ+9K)QW8kRlO9-EOYdIR={NDk9i
zY1RvoSyRk<#$%9{z_Byl<36sN&9P&SXKB5K0Fz~1`mc$$3&G^NXOYcyI?1lM(JRw+
z&336Tm#t>K8Wg4gU5=Rh!8EK)QHDka9p~n?x({jtC91OWFh!j5yC=g#=D)tYr_#mN?BQy
zU}QZdWI?RVLsRS}uDD1(z+lcU!eZ@33Uyv0#zEjhRNGhi{hQtw!aJsl9fIc$<-&QH
zk;(|hW*eyjaj8fwY2MjnXVB@34upC@+055UwBIH0#8I|!qI)F=hXAM*JYD7fB
zs%Nz(Qygv0Pwqj}Ihf-9(IOS_zubY#3{)dLI9UxZ?C
zC@p~2k(a?89BMWz`>um}#@_+U<-aG?Yn8ViZvO$KsRs7^QVP5=22!q-cv;E)xAUOd=v+x3^hrywgY42
z`z0*8r~oJI&8kQTFj}kXH(MqdwtKBEySnOldb2@*=YUt4sd@W+)4cAP&hn?Z2-!?E
z$7Z)0s@8_PpeU<$b_?zZpSoPMmF#%lDW)lYMORLgut|z-i+o@~n9dKH#vn<8QBQoi
zy!WRV+j5%%n^kdJX+M-z59?DVl@KScF=gpO)}`l#W@D*V%oGCQUkOgN&w0dN%cew=
z2I8#5++jrKcAIfvBQ}yq7Q3H_6nf3c&XksKi!h0
zQb!?N{{dv_Gcf%Sd+H=(Qodp2h1w@xq<{i&?Q~>KT}c8VZ{OIcUjvcsSi*rt>8W$v?nAvtnJqOccQVyf&r!D^Cx*n$__gPb3sK%(WLNJ17h
zw~J{VEp#OZY=Ws%@cK|4O&Tv9_GpCjuoGNh7r#|~-CR33<&)g2;_`ZVehKJea#p%C
zvNh}Aw-&MkyscSN1$aThq2m;<8WXO8%?}2)2-bEE-b9zJCDh~UzFgR_orB9jpfbBt
zcVNClE_TAN!R*X3MR`#Vq$|NL4_fSCWm*W^kLRVs560
z2+l2rB0TGB*oln2LMW(&3Fy}kxOG(oOPo8T-?=~sClG)oRoqSA6QDx
z^;uf!J6l6tU-`nTzqtQa^vvOnubfX^e9EUYou>2y9l{E0Y|th?@bF53+0P-3bsppR<`EiI(a2hA)DY)hbGV$
zZ0Vw^L35?mrM|F4Px=n;8T0(Z43(BfGj$WtW<{YkK#~Ocgu=bi^4z^+R2V7XAuwPQ
z|Bj~+`GIp*ie}~{(XS<>LxfDTY(qkd;kc|!gCn<}{4w@qrT(L{N>^jH6n=ThG@{_T
zJq_cFjOl_8*C3&CkOG5)r9YL%>{^gM+z1_r;PV$%Fsauhmiw?YLFe2xhCJ0Qr5mtU
zO)UrH?xrTQYWEWjq@pjRut1VHw7<>&i~a+9t!3h9C*%$?`FB8|$Y+Npi0r*zW7OAu
z(}~PaFXZ2wM8l41LPS+hMJwtj5&xoOWMxmI#?@@OEVpqiGb=mG;lm3c8T`{TAHZuq
zQ%u5FAp6OsgZ8GYt&ycU!gmGFT5PK`RkqZNGV|(v!1_UIvL;A)a-tCqTY%FFFv@71^dqf$m
z#mdz!8~xz!I6>VrXI1PW5uRBCTyevGzQvM?cC_icAIG1Tjuq3a#>Hb<`g}UaA=cA*
zuzfS@({`CY^w-@b+!;q_R+bvRlJ4x
zdAn=_+u(5aV&=p>^cAB{7b=QQlc=J@*H%zS=Ps@CC;hr<4QjU5i;I~2PUqU8btpHH
z=j@%ugoih4=TKVN$N1^$UyU!l&vM9?zKm3x2tdc2nsRy{d=}?9FP-Re)kxMqX=P3w
zZilRb{d}+*AxNdXC|Qkn5vGFZ}}B@I^#t~5%ZG00XBD!OiU2vQGw9&q+*X8xjHoY7n^xV
zZZgf^3rL`QJtGX(fE5{$y30tJ@$qT%eb)Hp)tVTanu^%2RJ>Gk9f#Vdk9}IsQnv~g
z**bGzvD!(={hn#p*}c`s=9%Tz%-t;A7bJLzj-;aG`<@OBz&iL>FhN7Udt)+pS<9I@
z@{DB0Wh}Tjtlvn+<0_p@EYZqeow#vnBEx(iAQ2C512CQ9y>d|&;UvoI9rNwiMtAzI
zSu@MI?F>*e6pz`)c1S1r?l!zkeTB09$*s%B;WB)J#p64Y!+FH6(-~m^Uz1Kx{Wp=u?
zs@QXC=qlreSUIb`GpzWQd6Hx)@DJ#pzeFLteAoB`>YnO^0<&3Bu_eVRb33Dn#qOA)
z;@NDa%-0%k^=W+VnVu%PK+B!RoOKS~7KDX^U_c&j`0@kP%#v~je4dNf
zF=IHeEMWW@3cIi5C7pP{_!(DNrQ&00ExU58J3HRkL~78K&W(wl@RnHu
zskD-X*h|tWBE3`%^b_Bgb2j5KeCzb;<_mebwQ^DlkI?#_?8(V+Y@mbfqJFD?iH04s|EE;;m5N
z#^%0Y*ZYKg{lW8E$}{=_Enm<8`%OG!{FM*S?3E1pdVG2TnhN%8)Sj=z7D}L{$_Od`
z8$*Yp(EU(DDli-f++7UUUWx+*-;6c&%yYSh#j{`T-3MsX+hu6M_Bk8ClGl_Np&L2u
z@r_pAUWvV-a3+flCyk;8uf4glN-aa{$im)26dpc7;@b{@g$h|1B_>@Q-B0fL6iGMP
z)(_`sTzbyHq|}V9ReWxaO+hK$VsVNw8SAwbtJecdcH~#_%v)L`p2Q??;+_w+Va?%m
zD6y}U*r@48ct2Z?RKt&e{&w0UQq2Q{93WfVa{3vmbqBA4j8h(yf|0cLp?
zHM-&u^C?(F%o0gDX>*t;O#Y_@SY(iA`2djtir>nBz(246|5E_!RJEO^#Lyqv6W6;{
zm0*#H=`CJbM9}eIw2iX{Nei!&<+#AT59$Pg71Mgu#1f;(r?wJ&1vC8ke{>3`6n~K8
znHrKNyv^n2qZxQ*EK)e!n4#%ycICBQZ|3?i_wDTy{3`7cV_F649@t2|(a2i$(`sKgc=wdCC}o+)*v_E7AtyRlA^7iWyl)LpQcZB`6d5{8+u<*pDT9z
zv1r_u)mOetiofKA^gm
z`p{J}W26bP2P4HAaeCX=$o8$N4yD+rE;=9G_8bFSsn;oD&5|GMdv!-9cEanLw%FWz
z+Re^J0!;6;+753PVCL|S+&{jn(TRG&E%?Qng~Lx0hHYV-Xk7NQNy|);yBPe-wEVt}
zZ!a_!KQ3~j=MpHv{s;>|UwM$H^X^T*pV1Ey&!*yp}(z|VHF2vS;^m#=xWZ-#R(qyf>O
z(?}3rq2ogJ6G^@USM25=1%Bn<6Ck2NK@{c0BfcQ|0t%|#53;Dvy#n(t7tBMKv2;!h
zBgT=s-SY}(7D||AWWSRk_EBMp7KZ^EhrW#v=VUTKyqK~#kLd{K(*nK8H2
z5fJgEC-)I2Qv}LX6OtBF~sH&&>k+i@kbo#7n&q>#rNsVt=m7%+Y!F490zqiP&
zc|<2%_1!^TNfhAjBQ`>cbeaNPBS@ySpr5_G(6aH
zybRDojzmky+JfQY3KsQ1Ad;!%E>4~ZM{L~#Z`4k_-1{lqmPXM^sUM60wmet^+gFPr
z*-VeWTuTl;e#9=sq=f&rI`QWyPDDb%(Za<5Wb)rZ+<&49Sq7+|`#o6LRF%VX+KuMq
z$j1f?LiGia*+mXAPA2789vIISc4j{pz124o44}a5oQ*-fVyZ&MBw=vBf(%IUU6CGN
z9G<-T^1>8{eaR!?E`!Ef&q37wjfbj_lHKf5J&n+&^byPbduv$pnp0`jc8hRC(QZS@R-wgZj
zMQRz1NuxT*z_Amm%(ZClv*|U5|^@2I&YCV
z=kFUtGk$1)K`M>^!7R>>SP(MhU(LAltlntUbz&R+D7N_}KeGh4;p;dP}=bbv^xs=ciAh;)+}dhWM1R-v$Vh|HP*_8(RN6fd5b4x5&K^MCa?GFJE0pL+=qk
z&}YJ-!JWpg8ZU|!LpubUypYBmU+xK-{X9-sSv4*~Ud6a@tJuraSjDJ;%rdaVa|KB#
zlb)U2oWkp4NCQM$W>(9Mq?6`s)>OR;JBG?!rjEXLBIyj+R5%gTUN`*^>DuOL$#+TF
zxvN%ILcx(3{oNfU2JP};bq~*gaXaQ38T
zx|j{PAE3n&xhdo+zkOj`jyRVR&V@=&te@-&P4E?3f4*b#9@PJlXsBPTOq}dU*sT>y
z?FVfb4QKYMS>7l5f{G&{2=6CnLklc5Z(K!ek!Oxh?LzU&d5w;E93I~oskKK0TVdbQ
zfey8y-u>kLa!{GhPu`FImiPZe@zo5hEsPC7|4TR#tN;lo6p;Bo@aM2;?cY7=aD<66Lh{j>9U*8ZViwoYVJ@em#k(mM
zKk{KTcKpx8ymN{fMLf(!!M4J9H)RD=F2>mIQk;T!tfxK20Ao`0)J2TlCN`WVAE$Ro
zDtQ6p&?p}Jr#kTR>@htnin?5}VbH`lKvh!g8PpC?a`N3P6^cCdM?^?kOl
zlxQxAv#&FE)iyi~`QVIG+oF)UjkD@msY_4lXX3og4FKP9A`Ju9&~P%Wuh~Q;n5>iN
zWDK+dSz6;^7>D*LZzf*zAMCRjspBaVU8b!);eG3E%2-XNQgpy@cpox1C^F4s)kwlHR4!ymPIt}0g81>o+K5+AQfNKhfp5PMn&^Dl5sd;5
zjUKdLnNqae-Co|mSbf$KB+c_f<6E6*=7lwZ3(1_(q5jSyX{vZNLoz;OEucOWfg^+A
z_Q(esre@@JxF!(PXC^L8rJz_u5|yW-%UrRv_i36a(R)v$m*ghY*}`+KCJFY+pRTUy
z%wj7;vT4LWaS^Y7yi5O5v*k!#2RDoNf?ElC1f^QAA49q(jUY+aWsjTf9lUr@Vwh+$
z3?T2-{4qC(7EQ@UeKz>GpPpEcc1Fgy(o+AWRZwRIhXPHV%#H>}mO+=uive`Qew4`%
z`k9)q`haU*b~))U@%{P8D~bsv;1f~}nR=XQi=4#|;Y;4AC(|9P_iDT$Ep^VQ)GX&E
z@kNrMY^Z#gNLQ4AN85zmI4&@0{l(1TMBWWW2s6L`mYE{|keUB8SjbnbvU~x_4(1kO
zU5s`EMN2@gB-Xbgo8$DD{(iyBCc2$q9(fmzo(I(z;rg*i{o=uqVvJ>9hg17n-Ou#f
zee2&nI~pej7{^A)NGF7Gqy}p!K#igc1}T^jF(mqHL;vr3O{i=EgCGuSCqrq
z4}|+Z#fz%F)oN3FZ?~B%RrDkY_b@Qf6rFuEzaz*{i;Em*?vkj=OYSy7n*sAcW{jN(eHM`tbZkna(N>6GmVxOCUJ>d|xX(LJGRrfuGSw+zMS
z#a%EvJyH%LDbs8-O%UN7(_ahGb|Rir972e94k~ZOfGZs`BrXakA0Z
zvRX_E42esJrK7{r;{^Z(1yvPjv{VQE7iTreqtiH@m!#Spw~)RNu1-QpkV)Vn>)a@Y
zYA*UqVTVao9eDHju-KWJ9Y9tIdc9QW5(YOPUeL}}1zS1W95sOD#<H2iiC0#Af4t14RLSayY#h<8KHUZq7Zy8by
z^liXB=?V>ffzcP!796+!<_MqVHc(ab
zs#TX}9B^G(KYh=L-t1o-uR=Wp0_G73UFusC;l$_1tNiaKmveFl=g`Z?jf*k0Fu3$?
z>(IF-k?XLFKLlx>ruJZH5x#e(iG+6CG8<0CC8bSHKshya4(b%|m-fIiI(9xCMNUL*
z9mzk3%a;V;b4RC88VBK=p`8*MdT_dtXz6e^Yn#=YZS<2AxBcmXc}&(
zysaP~$Q1rp+ljeHO)5S_%{PC$Jo68>xY+-df)!B~{0(|n9Fl?(ME)elu8GEBNgr3*
zFanIck|5$oG(>z(9NOT({0Z$6#kBAJ15Ge=M9DodM4DZm6;ot)t6&EZW$iZU4l2OmCcO_n6Nce{?~np1L%
zov*202{wm^9unecSh3W->rt
zc~mC#ixER3`1stih(ke8;D_O%EnIr#-JH#eCjSJdesf<1u~^1dQD;>Q-KA%mvw{g!
zKtGR1uM4PAX#bUl{DJ;e#EdCfuU4(dzQb}a>`&y>@?Hz!0ixgMzqJ7W069UZ{zbng!>8#1j$7G!11o9MIrsG$WY%Fsc6E~z7qwv92B4Jb$NL=~VBeEr@^;RR}h
zVhX}+jr65*0M0HSPvKY5@jE3jQY4}#i#4b$w(|$NKWS{1C{=@sF$dKkb~eA3nWksQ
zgHv-P**Cv*z)X_IX6Ts+wsqOLa2KfpBm`&JXhTl{xvnpfB{fZj)q4wlAKvJF4L7yp
zI_P$%-9C5asocrf{7@(s`fLQ#t5#@w!aN83ewA`z8M#^UxMJ}>!m!+-8o&zM#{Z1pO&aXV~y|!NWL6=aKDPOxDu}ZrnA}_8{4lfF#kbaV!ZNBdI4np#?
z-;(?v3HtBQs;o4m&CUBmy_i+W?D6qfpe)U&RYjCq4=O5nA*74if{22=D2n3o(zjg^
zzFz_Za@>&HZgacm**%auXpK$Hw%Xk7-txcGd;ZBVtaAU_d95k>RAeMpkPWoI-fhR8
zmPp#wuiW`cYde-<)P!h1`zzN1PS%#q`80uBZwlDQQdrSO*f!C4wA@qRnTpYVwfj4$t%aiUB!Goau
zk2lMs=CuUwz0)%sL#(FjRdpI8j%)b6Y)WB^ow$(?35ZmlxioLuCQUVVkXL^-v15~5
zbpJ%F2EPS3f7EREtMDW$EMjM4VDbMIK}J+`t)?MGkOtZ2#W#nuG0qJ>*6O7c^Rram
zDk3g)s#G@F<4OGa^9HFVAL5O*s2<@@Vv4Y#3GbgjQk}?EBLthqUgx;?w{@jB9pN}q
zy!G{ddcKO2fvV@JxEkptADNcD-TTmul$N{0dOpg>5lgz}c5)LInTE#U64*U|&=&S$
z4(V!INdkou138-=G^S&=0fsWWGN*6sW0hX-g93J
zSC%;#V_wdbA@kqYoXNc1?0XuXGEi?SK@2+BWLjn{`}_)sV4XlNk6O~t69n_2uv_KO
zO}fZ_e#|z=RBKPpysd~~d~2-CKM;`q1f7Ok6yo$=RZd=wi$_y;*fQa2uCn{sS+C3l
z{!947YmP&?@aDF}9D|BNjrz~4df|z()C-v`FMGTgO0tE3iQ#Ot{QxFMA{N?e!}*k+{$opJVp3
zNRP@7qWzyrvH-W^NIT-9xiEq%=)GT-oQ{_~M{!K`^fEJ^;~B*$H1LJI&ZC3*Waso5
zO(LYOE!HZ=hM>q_zy2)&Fy?jBSh`=j>R3-Bz0R5wIp39|7KYTd|8tV~Ulq1weHY%4
zA$K++m5;t`8h6Q=Rf%v_XuDFX6!umQ&8C^(>@ndyH>BB2=ah-c8%w>DPU$*#bKqgt
zgCx|85QJt2$1d>7JwB1NyjBk@{~=A0Xh8A)3q0|eYKT9ZP%E9Pa-;4HX;7J0mk4Sx
z^lU5zp2pkdyjZ&w#>!X$=v0cF&>j?_#P_qk{5%xXwPU_+MG`anaCnyap^sU4xtOz5
zc~$=8ZO41oga&PXDr-fY9edCz;?@}9Nd3#tYnp5hTCX6r9Q@p1&kb9%KDS?y&`!0(
zr3!?d&wg7n`SY^bzcx(%d#SWckx#yh5!qW@SXlZ6$WY%<8c0@iMl6Vc0Fc3N#+efm
zbI_SL?f?AZRZ#aAq*Za^^5?~$FaYf>u0B^sqmS2Kp0M_z&(}n_Xn?sO@}q?F8vRd=
z&Pa8Z@qnsHp&L_z^kiuU8)U3pn&l;0L;N}<>QF{K*>zgh#L_m!&-qFqxMe%|wR?}5
zs@_p4Wd=$f!#X47R5z(c+5+D>8p@!&Ifnswblm
z;|mw|_&3k^QrhgrIU)9$8
zYoC|l3UK)ZLSXpcn&Ll)LZZTdk3Y*4|8mPyhR&K9fYefsB=VcIUxanvxhCFuGY5CtuHvg_`R1<{-GnCaMpy*UIyy0
z8`h<^q6Q|>(A%`xgBgM_M0?~ZSxS>SixE`E_@xJ_wOJxUgfJwC$Y2QkLWFck$@1t`QL2x;>W`n!_wR2m9-ps1
z^A;*d!)Q|E#zK-x{4l7&!4qv$>o=7g!8*UFtn)zu!w`V*HaHIwL{M?(T}J4GGu
z2(z$JxOIbedNqVw0x=DR+zR>Rx2SOL4cHB~DBiTlz~2mo1$Lxq>xgS?w~iFzL$~^I
zzP|ic8GF>0a|K`xm$iNXUAWu9?IL){kFd1=@(uh-{c1mnF7sPa7l8bQk(~_#B>8P(
z&0uL{;Are*VZ&f(=WJ`_Ze-vDvNmBba&)%`*)jYp*81=Dk$;U>DE!QdA$u<(Nh1KW
zLJ92|^`y9_Q^VdM*^?xj8+HayRa;j|SWKyXc%+eK#WuQz;EeC+6C&R`WL>@uw{x)A
zT^&A{Ag&^_fsIhEkGjzu*P~y?fUCA!0#{vtN*&*gNpw;24Nx12V;TutbW`+9V`Yqu
z{g}}E?xS1K`0<;t0;|x&o+qsBWa=*JxzXhwM^`;h7i^2A4xF@O`jqCO%)n(de&|y=
zVZ;c>lP*^A49y(@9zL((?HL=wn^^?L_bg%54~(t}y$rcu~
zZ?k;jC(=$K`y7uaK#8K@Y)Zv_F}H*^IP&o4`dn!UHdKSuGlS7jzrrV
z;lp>0G9<*bt_lSac5<_V<2ka59s2d5j{#jrCxoI_05ng%ZxL4m)i-7dy#`IA_CE-p
z_fgN)B#Vp+z$*j7Z?wj+6_`?kqe0;08(L<@jglYat2JcdqVjz&gux-i@;YxNuxZb(
z??|W92w?X0AkYF2P-p5NQ%v>)|+4O}jC%B>Wm#xkUSf`YcbUi;)
zn#9ds$`nc5k}U}z&q98qmS3VmD3;s~#;c~}II1cVC)KGDORj<6^Y#dBRmI8Cpwr~&
zr+ImSS!%Z}rGcB7N^TtV(YpD~)c)6NfBN=Gw_mMMJ7P@dt`H{wzA@sD=AV9r1OLuw
zB?DVyJDb0lovx(&3$J~j+iFfU)%=Llc7q~gha!b^10;h{i`nPi3E!u0v0D8Mln4s&
z5qJx1&b>TQKy6|4G~LSZ9NlEJJ07ceCg;#?Z}AnAFa?Z#lAYbcH&*L5mk}9NobCB2
zVc(U`-9Cc9JVO`LKnC}&aV2UOY2mifOdB3s*s|!`zE@t%-F*oUI=F&p*#1)f0=x?d
zx}z&68bo%&It2u82`!=ZcC$TDe@?`$Vy$2*8dWFka%agRf7P?M_4S+q+g93Nbv8=t
zh%rcdGa3vX2PFAAouyA2jjZ%$U18HUHJe~bPiy0eK(M1c{L{ItfbxJ%Ch-cEk7oj?
zN<}ZzIj+Bq&|$8K*ljfyyo|rCoM{r
zJenCC=9u@HWJjMuxhw%F6f`qf#>ZPQqmCz>u&zFgR9{Ob=QZgB!^N4ErScZDL+v{u}i+cF8s@Q+4Mi)nrHVwpodPfjHPOQNIseEa`k|r@
z#YUNv&bNo~TWwmO&b@)b1upjXT9>iP`30V?Sx@x9HN+!1n*E?i`|^wDsmBGoo~u}S
z4HOplza(b4Z4tQzA~CVQm6$)TWc{_%`tL)yC?)NmV)Ixq5Bkv9md9SFhdO6z!htah
z+YusBMJI~oP4yc6+@_k#x?wq8*OW5b`py0O$#dT{`WHJmh{ZZ$3yHT#Q
zv$?tBX9VAgyM~BlTRGvWF6Ca(hq%YP1%k)|NLHJ|2M~;7i>HSgHzbenFJ1K%PXeGN
z%X3ul;%$}4oX{c-?%qz6cNa0zn&$e0zrGz)5)@+k)W*MNwj|xied&@rjukEx#|QQh
zP&$z)3h=)HoQ;v76x)CcM-OPw?BqHm#7chL<_m@B0H*S`?~YIc5ARv}_^K89>R$r0mc-;;$1j{EK7cf^k~VdE3(QZ%MtrYRY0OU1#>RFzFmkD?LuvC*>B76ci^
zx5vf8d7>pIz$DtI8#t>`Q)mGSa&!*Gnnl6iTkPnTzIZ@cH4coYuuc?MU>*7)!~#79
z*wbT+*6M?STl>kviveL;#mgq<;5@{~y{G2ydTh_73y&XggnAqf^P2RYZtoWIocD+cw$t#anQZOeizyq#TJqqySfb`z
zE<*q{(|vz&Nf{quQ65FDr7T@wQU^H$7c=$4n>QJy{%vH}_3NLuNbn^?-wH&s5PvIK
ze~u^qV_W*aN0SLZE9H=!(^P?MYVX3W(0Eh}8P!yqQc+BB5fQvDh(ivX9EUX^GW?EO
z0~*W6kC0q$k&1r36DQf}IL!&kZ0q~kA^w+VsnEg%A*?@|;CA9`rbq7Iuk^TgBaAZR
zzzt53#4^ch40cAYEJf3cIPlp8p<5ILBBwo$8O38{f0XlnT$B<|7eF%NKst@o-*+4&
zzFdZC}O7Eq7##=PuZW&dYY?*mKs5Q-$?LPTG(b!OhQ??@mKtv)W?N;o2L_YM^kSRJ$z>RrDvl^wYyD`E@?%c-stoR-A>P*6z73wfz3
z>8|17|HMdZL{1w=&TOdT-8Jk~q)zH=TQo=F>{ApG+srt+A0YOdRt2|7*9Fw|{!h>0b)y%3ny+
zq)u|{Nu$$rZc)r&A)L)nkwzddT~le)EMXYtVRLHNOJ@=vWNBSnsw{D_IbyCjZQh*T
zgTPMEtcPU^MudPel9~H}BC>vCCEBU4xiBDBsLI~v+{a*Vc0(41y(5bQZ)oi$iGy4E
zv)7|GPt(>z&vAyWp62IOLH@*K?l>Qhwr~Oh5_Vt)XR2BH$CDO_-yPe41xl{!qp2><
z;S4LH;m#R9A{+G|h01h12PfhjHTLbEI?)gGId@NBb_n84PK4_Qv0eS*uF8?b+%@mbR=ce{7)6|Bmg!3Y1i|;$Tw3rBN>nN9-EO
z8z`6#DvE6OGw^gm;f^MyVWbdl9L(gpc^Sfijc&=tPp`uj#vl8ZJa{1Z%tHK*sWb0~csGvbF`N=e82Dmu)P)^o-LfcL4OQ=LN
za}iX2xQ;#CkvM6&(8w0241Pcs$*pA$7kO$>1hb`HUhtp<|Ik;UQP5t_SJ}^KAnuT7
zCVr7s0p4OBICoL!zy+N4k|7D~1?J|*<{eC|0dg)tm*Tk_t*|2jkp+511@11!`I}x!
zvU)>`niGOOV^h*Q8%aYXV!>-@YRPMB%@{g)mRAFOVh)bWJ31Xf72lm6!mW@&n-#NGrOD1x2ng^`BzjRZSLvG`_-JOt+)4OcWwLe
zI>1_q;3{hD{fS|eu75{#(JiKpO3ml9%~Dms1R;A#JGK_!eSc|t2)y~RKa&LVh1s3+3e@UWGgQ%H%q)kL2u@Kpm;kOM?oHC_->>F_D6QNTI*)Z
z_oJ1}ZGsa#*Nohp&8cgUIj!abxi(Z5CPj%7KtXta#Ni`4m=(I1<(_)CB
zF)@}U-|X#o8Lq3n-B
z0tnA}^tZ5s>3vJ_ltzS4@v9r~JGaTR0?5DI3wi$D(lPwsiQ;5o2D!ueXR~5|0G|Hi
z^^i`5zs#xfuh08ee6D7t4q02c%<&2atgn6BUCUk;Lt!xaytXc(p7nW2)q6F=4nMV!
z0dfEZ3&=D;wyyo#Q`Q5N&u&O_qO8dDI^>l0kdqmOUqU%zHD=QXp6#QW)X$HP
z7f8>buKm{nOlRXu%1=tF^NQ8xXRQWXH92a*1q*TsG#_U)Tx5D?X#Pth#7
zgdd5ZM;ctkHRk|TXNsuQw~`vSL{Loop+#(=oEdplU9xfF!~7!n=(_;ACfXP8u{XYy
zMrdjQ>5>yQN^mh?*ri!Vcfm(G`i&V&uO<<>3JY*L2c|&)zOUrO0n1Dx6Z65y9!5I>
zWEq!CBG5SCvw``nS7H~NqPDuKbalP>+_eU=dALl^-9m}6kWDq8eI2A2jXa{2D;Aso
zBzgi6mJjAhWxxS{D1I7Y1b1+YE*c88a7C;zQ){zoM6q_XI
zIT&RBB+7)|^&Ib@SK2K_M&})U3vLXVQ>Ufi(1ep2x|tzolzOuRW(Bjz2d5@4y@OrW
z(Xgg7fG04mBuWX+U!~BtsY%I+3!M8jQNN?GifK>-Fe9`ef7Jy-?c8tHnz7N7Q_!S1
zV0Y;p6DyT0ReZ&jU0SJ+`#sUM{|1|WjjiLvd0m&CVHd1L&ee_BJ;Y(J*_x&wI;CPc
z%G3ODj~2+)7RQ07w}yG+0R1w117kv~kTwV=)|BcUa;#c?aw!^l%n3GDq*1c4V4iP?!TY$wP`;TVHXSTr
zD0TYp+36+V^Tgea&EK_+YWp1lEcYT!t<;%$jJP?8KzZZcn$=pm
zU6E5%^97wve5UN2NT{ueB|coPy3WXXYO%V`Fe|v*TgnKl?YLv={084UV#+JIS9cfl
zGH(<1YwD4&-@{wMd!~uB2LU+)lsD45*HGsJz9c@do*T~HshrKxM!|#=)Df`-S0*3b
z*62NE?Q^D6Ed_nBKkv(~oKVV#4}j1DcQdQr(pRjjU?0X$cRs|!hG~cP+J-OSzU#3!
zmmcSOTNI=5N{^4E=;=qSs!phNP}FJ;p-W0YH@`U5r?JgMnv3W<#z%!u+M*e24WqBH
zNL#}P7)_z;9#wT-8!*#_glzOHAlNNm`BxY$z-9=Br248n`*z}QM)*7feasQJ@pG^%
z!VA68pb+NRY}Ho6jy9od0>J{EQM(q&9l47Scv-O%RPM>ZGgoZXvV|C~?+C;df;4ps
z^v1K53OPC+Xlz%Sml<>ViOh5wveUpV#^3oPXNX8SE}Y`Mu~Bd!Ie}nU%74%Q)`hz
zA=hYDo-B`UHMPAYIJYVapDMEMyOW>A3&=zIJN
zs6rf<9;N4?fg0;Jt@{pQeo`3^$x)D_S3Iqi;!d9*Rg>Tz)V<|E?XFI(TJWcRzh(R>
z;OKhVGw&!)#XRcp`<$VynfG+b?a^nQMpU7DT$VY`8(w8G(M^fpQTk9K!~J5Ic2Yr!
zOryvHN!DXpmBpn6ma)q(N+aBaJD@3`9Flfd=HnY{FdJATQ@7n;9x@j|FR*qElo|B9
zeGt4@Vp9dKU?$vRu4E4mwBUeA**52j5YcK#{C5SuXTj4WBk4z5W+E$(lHlW(lVE+-
zBmpK&U@S}y8>?&tHg#2|TbDJRHe)(PY7O`D%wfY6IMK6%ZQEv-
zZQHhO+f`k*?dq~^+t_7WQ|Fxj#N3F9IdOk?UhKCkcEnoW%v{fU@{>Q=`t9Qo@n?O}
z5j+I6bl`oRcITLYNqr<{?x4~ya@mk7Zj70~lo$#$!MG}N=yLsY{SLM=05aS{d^#`hTdG#x>Ou?woPp9?{Q*KDz$
zYJ;u0!QNVogc<|GQL(PkrKltsQ3U355$g%Hq#?ZZM&$TM?TuliFSXvS_m%8HjWZGb
z4>L9N14A(B%z42iG(yws%EC~s8p`)X6c+hUEtV0`6xHGai3k$Zy+rl8g3@7CX7CoR
zi%o4SO*Zn-$L8H}@P?7o0Nc+!O?iUt^YyR_9$)U&YWeDqUaU?(-40sD>!
zTlo0TSpSj*-F;F@cE9bn5C1is{vTAf|KV}78ZrK_A+=M@+zDwJ<#UKBVaNcyk6%3K
zVka(TC84wy#K5%{2ARbrw;9Po5DPB7j+$G85%Z^vq6CF?8=I5(FZJA{C2g~eNf&HI
zLAJT#lda;Du6F>($0FW`uE%ypJogHzv&O$MY`Tyb=V3Pco5W*8pS#xcm1UX_2ukDVIOB_GeXT73)!EKhbp
z@qmB&2c8nJn3Vo?vU>6l^ccJ4N3ON^r&@=)m{b$o^q}+=V-xkdp2_drv>u(p*?b~t
ze{>?{O6UX%DimAqBG)tjTf_C&RCM|AXaMun%*WkEbR6{5EDyG5W4589D$UBiesib3
zsZuh|`GWea?FhBLI>R{HR!wp#Xnk`_d-QUOr`^?6Vc6sJTC+Hv!Kp!#1{~bQ!AnAA
zDC|NZQZU7%XNC>x+9It{rxAF76AgUPh1XwN+89!>O?+1qu+Y3G##*6iLb_;kpxBS&
z#angY=pxai?_J1ahyvmUTT1{`{@4T+SAS8&|1+||qpr00L53%_IRuy*lNv)L)w*Eh
zUa?1t%d1U=!4s-jW)}rtv1n6gp`9dgT&)V|($>q+(>E*kfo+rOx0O|!DnAmTk60LG
zsh~GY`86xZxcs<itB3~%6eEHQ|D-A
zQHlDHg506hRGTV`1ZOC5nI4zR^Q?askV=~gdPufPG%J(#*eQqQaD0+ZE#pfjTs!c>
z(Jf4<5>WvQJG2G*L`ZfnVkazhXbYE5!8
zj_G~?FAVl!BTo_uFLXGDVZ6Kz8>z0N*4R3GJTjxoj?I#t#Fde#oZEf$Upq?*G1_1!
z*xUE;;TTzc(F@`~B~9=T&|;#dDczv9#`?b8K`N|{ymr%{gr~)3=Nfo330=yI%VG*|
zgAso2x+gJk#8Qkh?=Wy*4x4l5?ZB=NVt_=uTto(COVej0JOIiZf%bTlbSQ
zc_n+-Lq^o17j*MGWGqqWF?W`DDX^A=Zx)0HmqXKONxiUI3y)t-94H0446_abznOFQ
zckoHlE5I6oifZAySKp`BAi?@sc0&A&|7t<=0cm3J63-*0m?ge;c3-UoSv
zT(|pBvJxv3@~k4rAxdFfn|auc`DEt7m&!W*n^i7P+}j#u54!7$a4RQEMF~4~_Brl=;lM{LobvC=Z?Sdpzn2R}w?C0I%)H
zGgG*^D6eYc!WayV^8pLxdontzJr)76KfuozycaC()VHX`9;LkO!nFxaUemq_P4Nv>
z)f1xWSM{TU#d7N!n}TOr1y13kboJxpLG+e*hm0+`&Rj)A>V3lAA!JG6TRG11F;}&Iv@akH8$;_LvA&mS9!YaT)ls>z;Xq@5rEK-vEPu{BtI*KfaXR
z-!(;ahU6@YUFridxqo)N_4xAIF>J9qTPP>&`qaL|6B}$OH+ZxX#Ov43)mHLY{kU}d
zwH@_^hU{MRS7up4qThFBRz26`DbtrXYdpL52j|jCb@z6x@^*1Eg(~U#bGB};+`YYH
z-=ozGD*nU;AhKohTN0BG7Tk07d&r3O0TzAh-DgjjlJhEk<~QuW%DZ>m$ch|0YVfbV
z*)W4u&Iswv>Y@Gyr(1BDV~qxR>K+@29lM@`WsxuJ6*
zMF>LR)^l?ncW{K8V92}+<{#Fi-Vw8N$;i!R*+ZYP`LfXAn6Y`HmG#Y`V}o9PpdN}A
za4W?|oHKoJXJZdu=-)Jj(tqX{zw-@yO*u*LQ6ctqaDvXq3~!$d6YtZ106rc1RwVc<
z^Xr3YIGCb%jd%${dr_mFiurZChg@&2#H1HP1R4mhgqs5bATPP|7M=Tzgg9
z=bJP#`_+75^?fiMd+L@`I)RJ)#c;g$IKK^}cESOK~vB|r2{
z>Kou>cYp$SAW`kf)fDmJIZ6+cyTWZbuxaMDyp@WncGn4QP&BE`+ez_l4^Px9#5F1c
zpYU;RIS@S6lU*e=b_}k_o56q%d$Z5r9_h;me%%I=d1^z^uaD{gm8BFQ#f6@NdO;IM
z-<^mj@PH-^FQL-x!ax%jzUHRBVW9pk$W28u6V}6WuG_toSt`Et5cfn}2V`7>c9zKX
zzXojeC|yBZEzVYa9SM?H`)YC8*vdjv*N=bPpd8FvbEk9^ixfWR2wk^(PIP!@Wh=1!|q*i0W?BBH6>PG7Z37ORA3H
zBs8i0j@r~qrmM%9nkMD_vk+caeNBk_=n%K7uL?9Ih4Mz#RP@>Iz(ZKKjQ%%49m@#l
z(;Yzl2ZKcQ;9QXVe^vCkwe-0Kg0s;MrMCdg;({YwRU}^gx-)_jioCf6jIpbf{owtt
z)2VN!bHS7ckxwZ|%^U|P*5wiq>QYKz6{CX~l@W8Lr~V%|acpWhWGXA)C)#Z=$SXgc
z_1Qv>SKGdK*~w{~NpcNZb8QP)_x!v>PSqE)B?u>&fa1A#Vu6vR%$dLKH?omzF(>yl
zUB|ew!rXju1l3`}SP;1P08~ueJG^S9zhs$F!a(zl*xxtdxwOBVv1{u1`=TiPo|%&5
z*Vo9+h{ite)Jq7%7Cwx@FVU?fBfJ={cp-L??2ZYYEs2G
ziFNBiQ6z}vAZxLDvG=Zj)9c8ucVHd&;d5^jqfu(KjgZCQPUg1>4$rH*EZdyUr}vi}
z-<2PB=-ml+m1fFJ#qtZ26NmXGsn`YSX$`2BgC6pZT8h)i7q0=9#@Gc~^VVcc>g31+
z^uXc*_w_Ey<9{@&GC8(a~yzY00Lz{+)wZQCOmM>k&Pbm5Ej<8Un-tYXZ
z%><#nE~O%n>!ILCNqp?aSMOjwNsr-p-73$tfdDa0dIk5vRY#Uajed2>
zS=cfmxL4duapp6J8gkaQ`lA@%yUX(oA5*##3by*<7xA$LAfkkID~K&;4-0j>XF$o?
zGE*Du2fqUVA3~7@1R;%&K|Mqz*w@i7eWVzXt58bU?%DFK}5n
z%Jk}qL^L-XCMrFA{b|9CtY8!YX;Hd_5$Ok
z+P(YOSc4~0^2W%X_mnwhBu*@aSV~f$van3n%K1i#*Cme&|#Ik&x=YEjL%q*uumuze1+Pg28074jB+?JM$e@P=sWEPEsHvO>`-yRr>VGsRZG5J486Ma^NlKu>{t^(Bx0yma
zx!8f;xZ)drol-e3BF%In6_pvel3F+Lr(3|k;$(TlYI6|>MK^F9I%YyLNeHT0c>!lQR(i!S+qo+i&u-{bF1WvR{n`-1v*xs!LDyDa7dWx{^^>#~
z)y796>OkwvNOx*n;VmgK3p~No+pQm+VOJq4p-~Clepex@Kz-ojsQ?>~
zFTX7q0zUC?;>Fa<@GZ^$g6>~mbuxX+C&ZaQ6DUvahmn^&bQLRxmpw+7*90|Avj5ae
zpTyPNBO59Fx-Dbz!e49&Frw@XP%8HYIZ^V!!Aq$PC@AysW&RUELB%dI?YWBrU6jB3
zhcTlqvY_GJhZ_Z|Qm?QM3dPVjRd+rfeQf-MEnZuM`vbHd>7#<3r?61W%K_wtE37Cq
zsoI!3&I1PtZP_k`bkwn)s=BfOpQySc+;MybOLeQ~ud-HVYoH76v{Y@RsfxUU1l1q1
z#22$a1j<3|DrwQp(_13LXQf(R*SDDEzETibGgi!2j22W)kn8;$L#Z>v@8k?bi5qk|
zfXnsP?>u4S?olS)*6ux-h{3P!r9tp=G4mAw(Ca$$M1A!eFF
z(?V&m+2)6LVI=JD;QBFaABGozivzaUQFV^P;5?)7h9NlDl|Il&d
z+4g|ZJY}!I;EnIU1Ng$-)?fGB_3F=&TZ0D&(QqFx804E)q6o)HPGH=$+o(USVR?TV
z^~Q=8&erXJ8aj;6W|sGiJNBf7Df9%j*~rvM2;c9%OY$<;!($DWXV%&+O|Itib!@X;
z7x}~$?PPMBH!um}Cke)5_#1;q@n>gV-BRuHs|x=i^&SebOm_f=@Y(o%04m^~jn2K0
z?}IHM(TjH1gL`uzd5gS=4SW^{c=&Kx!w!a?zD)`Sy|Hy(|C3E9UU@#=4~KkHpv8`{
zb^}tN^>y5ZxU1K%9_Mm>z-<_-XbI+blkASX~W&%qf0d8*(wy=TJ^0MGJ!upUl2LjIR>m_KjaE@_&ZZ
z6?Ap%MS}hKk&f`+(*FN}F81x0`+vXq7OB4cJNajmxEmP@V6n;AWidOj8EHmXk+I5T
zwkD?{B51P2i(8Pz#jqHXcVHDY`Lt3wnDL^LeA)A3qssS}xSns#7Q*aq?yOM)U
zo#6FM_jofAsSmrzmM|X+T}^pDdAoK$y{vw5Hv#41d>H`74;<~KC&@LuNQp4&%Z~OE
zU-GllCdG=2C~l${G;43|6(>(4^oL>#kpeAL7^)gO3H%teIEb=R_RE?_S}B;co{;zx
zD_(`=oLFq5$(pTpe_mF~9)r=7-
z_~+@bJZj7;G(8iHW;Pd!OYiocpHPak|2
zj8U<;xMHr*e{+DEYZ3Z(s|2C1VR&%6>)Qds99!0YW
zv?vNoBh{u7{E;deMlACu2-(~!pX`*@aNTcm1_;0j?iMxd58husc+F2)wJ&5Et>N`K
zD;x
z``6q{50!a55P3ALp&L?hob@!1}ezWlsC3slz9#
zaw_vJ)e|nC7un@*=##?QXoNl++8_sMOSl`_)?~peE@++J0aJweT3vp=>&CSER_L31
znQX
zK;o%ew<0AT+%5t4Ip@~JWCXPVEGZv{qz`A@?D-RXj@5$aSq!mgs0b(*r)R)3v*27J
zZc4s<7P2%IugC(ryrCsn7{v~@uWvaB2^kV63#%0DWi^Ss!AyH_)8PVX^!IHYj7
ze>O}=>u}vCh}O=Kul?flo!f8L+kqn|9#X_Mx_^GewVOk(A2sxlC^zCPOc}=x^v}-YK16;(R-2I7t*Wq
zTX9DXLMepQ)=U&F+VR~ZAIs$6j5nOn!*<&7Y+QxIHx$%YL-$EojV5E
z(Ajne_=&>2x~b#T=EU{n5{OhhXnT6TU416KwqmmIQPDGg1Ig94$(ZGCV+7mI1NL1UXj!mOYv^sn%e!4Q
z%XPvnu0E8g*L*6;XFt3c+fVT?ONiz$F7W}d8v@lt-$ZcSqvO^v4%GqCrLY~p$=P~v
zAlthpj-9e4a)^zq?jQQTJ+2JRa{yhAP!nC(TmpDaj@UOt7=NBlM*-Ae>sn*xFGB(+(g)UN-ewD(%w+Vw-B7k9=3u_?3+0y+i7&K4?4ngfHp(nDJv7@pH<2
znEd_Uh6P;+4#So2N@DE4Ruccf;Op#UZuO50zW-p{`oGtf(>JvIj}y&1ZrbL1PSa4g
zbpj{we6^&x^hF_m`N9IfLy=gf87%)dax_420SXP9EP}O_)j~T->@Y`(xY`?z-Hvdt
z=hwAd(y9>*tJ;8qiwM)*#=jbH;vu?ZPpzi>wQHH
z8&d7d>5UB@5Ma*^ud@=_rZ1HhZJKqdlS)Y#AlE_U3JbLsm-dpUk{j&v@{CM&}NrhSx;^JarA+c6-~3n$i0i2r=VZU
zs*DjCPdHHj2A4$GJno#)9r|^^n%zWD;~jDG9(wUHBU%U30^rLG#()l3RDokhp@?yQg)3AWVOmbnG!C(8kn;WCczw70
zw9(aX=Xu0`b)J*_Zzx;V`c7v5=tPqL?=EU=_>b1*{0Hj_3x3avwsrV!g0=pizKAL%
zam8;?%BKb+L=bsE6y|a(T)&={yy=FXP_%&mp+ZrMR547nI{k_K&CV#F|L2by4-D!m
zhrh1{3#s(ghrM+Z1U2p3x1EP)pZ715Tt7nXf_ML*g}UH#(BwLk*^%XvL|=n|T{=bKn?`)Mlpg9i9+W7l=eA5U_Q
zbzw%T;+J=Yk2!r&PB^%&rD=n6_gBoN(Hji42pRPlRwgSSf>*#lpEmUfZ!`&F4;F}G=_C+DF`MbFavC;D
z&9xi)R4A)JTlPjIHsdsPLbf8UyZyCO!^7U!PJ3JdD-l`H-h`c)Y(NBf$40qAF8VF7
zD4wP7cFDk!&@v~!(S1F<=hNv9em^!%67yDhIzK^NfDfTvk}mVW(E`uzY{(PtMF=}Q
zL5Jvb4Pjsz(NAO{Lw5O+t9I#~s|gO6W4$E`%(Y!F*u$RgYn;5L{KDJFekZs^~TYtPMdzl_&l5{!tU4pAz-ldjwGmNSeoW`t?DA5#X
zD;P)lSS#tIh*BBW=y#w0#(ssBCkUfvq6&OgeAeZDuqwrwCR0+R8x8Usf-rq&k%^@;
zj*$Q6UAY(DDL0jpPuf?N@(iOWS{LXji$-c-rKZ%GRyLs1FH(PlPrUuJiZw2&L%UDj
zq*>s~c^A7np6d)qo`nCjZZ5*BS
zZJhq+)3TQRhF;L4`_wnNRLPetiKC$K!Dgg_2cQiG7UUD64k=xy7~8uz(NwPXCJ0Gy>A{jlGB?aDUi|s0kN4dV69VJ`bv4DT{`)EbeDsl!vp+b
z)n_U7{85@}VXQ3%R}(lHDt^GclGa(rmK)*u&V*f!&~AtuV-%2#U%Jh5)Gb^WP#$Vr
zsj#AEC*Q{ztXKF(Ae+_A=TeCjV=HPFpe=;IMk5Qvek6}~G
zDC`=M&Ho`t9bmz|a4PjAd%E(`w?^hQ{d;n_m_U=a8D{mN&UB<#v~Ha5Ut1z)5f?-K
z9h*D9fB)Zp_J6n~&JHfd#3GFU(*-`M`sS->it*JoIa+k$&oAoto2#Kp%p-x?n#dUH
zmv(!-@l4+jI+~1qW)7Orqd5|?4d$Ao({kD%;k@tpOJrTHF;SO;+z>8Z;&n9<;n#
zQzQu)|GG9W^a2TA4FzE-r^1@IW`57@c;DMb@_b(^x62uG(u-B6J-<
zw0o#xUA{|MZ7GxAy?L2OrH@cfbg|n|>c8WB;t|cz&kkhKd=Z_J(A3)B!Z`CZCU{=I
z)daHwjqlfOIH>3Q_pt2cXmNj<_EZEW#Q8X?#7bO^Bqx7ouvCTPzd0xu@Bru%g{E+e
zoMvCC9f-ZM*a}`4Mh&}AJeX&{o_*&v)f&3+HgA1e)s^~N8$RO3QMFh-qSZHk46NFC
zRecO9d#oB{jEYKSr6CJT=h!F{%SD2Hm&#q`)F{8E*SH?-;-kuRyy%j8b!(+bUO8+U
zNB;*LY0Lc(oe|Gjnp%fSrX;G=sF_;SHH6daT^;}5Zci|mA0qP8v1<&{-|m;BcW1+J
z_v)B9UPR0@NbBvX^K}rLf=QTo!z^B}KX6D;aP3}heo3*&P=B%f5mvBt2o0Q(@A}3Y
zrA6p)4+H=O`6?in+FiM!*Yv|FHbv+ub>nLnsO&h^g2k(I%{0qlhqvmZSl9i5Jd8^Q
zI2oU%e%$34q`N*Je@vE$-Irf+AFLo=OYx+0F>NH!SQcj{E(z?+!Z#LqamvYxia{yc
zQ$N21d5nV1!VJCR1d?Xwf}@b~X?6p7#&10Pqt9AvGTH7kn|BcT_?ZZjbL1L4NSUXg
z320uUqgF?jQfqOHp?MJZyI5Tai4h$N*03X-wtEQ%6v>TDv^EI5{qKsuF?Avj`6KAwSO;-+^=z`F)Cx}-+uB-EqblwO~K}7WR$#ky7)V%DCy>OwvaPuMpHmQlVLFlRBP@{g@Y8VmW79+_k)+
zrsX#p$;K_38_gb9jOTcX_qm>FO8}lmm)ZWj7<{#ACBPd>>mSDRFdj`p+cn}~x2Iuf
ze8ur{u8Iu05*Iv-K4EAdZa?u~pYeN|uvhc(Arhj+j7Bol`$r`>OmdcP|IkJO#R@HoDu(6g8U82l3vYiBjvX
zYBe}FBpdjLoUwQM`QkmQjV+cvPJU>w3dpE7s90Z|HtMIsAfev)f#8z%)B`X}Zr!U^
zGL$7rs)D#iy~96^_uXY{#5Gv1HRpmVtXHfAJ%rQg^#nag|HSDOlNP#C^g6>I=u&xq
z$+W`|uS(k$)z=LkMu3nIm>_t7ybn9Mt~t>N9h0<<2cQ+`X8L5st9!k7Ox{93uTc}+
zW;3-9EmR7Pz>-MhEU9xJ$??U=YAobO*IyB|>fDQJg*T9X^3{H_ui1NkeS=NcJVORY
zj8B-sc4qYMuBqo#lPE>rrgyA4r?qZjgbM#qxx5fM5U=tCqDV}zM3RN?WFjV3E{c;n
zo6@}`%)O7{#0Ml$k*8$>7Yg#XPyvprP86!-Ci0lYv>N{8{-KuMX$BvO8WwvYZT5l{
z1v6z>eLtb(6?LiBa7NHAG)B?YkIk1E07NSi8NOlPtKP6+b*A190>B`$T0?Mvo3;8?
zfMS(y&MVxyBCcfjA74J0FG^}-9zUQSbxxp(QUQ8*&Xf)!CtkrpA@*dJ~B4pYbajy4W>HAkqHxBdnbZ|QSSllBP6K67FD2r;}m
zeY~adSW+IeE!l~0>-=du9%%;UVSynQPc*NVO*UkOmXM%M!%!X38Pl@xY;C(uX!`+N
zvw-@@4RIDrZ8wL*LkF5qeGj=fzF6p4Mt+0Ab?=!FcP|7+C|<4p1TPkplM3d*vH@f%D<p~wkneIJ^&i6bmyWXw_>Uh#DF3avVgG0K=6{MCyZ`7GlggWl8%oGu+N^O_VpPJVR!tEp
zrwN-bmfh4dDj<2)0UvXe3$Y>R#t%K%`sExjv}QjW+-GFk=1iGtWJb18
zRU0`qKVc}W6e-sBlh^`xXNGXBhZBJw6%Wi5`sa6-nV{L`7`#A}a8}5}qSu07uHafZfKW8Tl>FgRcJ`_m2%XO8*wZu?9nwE#cQ>7?trBn*Mt5=yHPDce|LGht
zRZ8vuV7^V_t~8XYgxxzH6z`U#dm{BVcY|Po-bb}Z49C>CiDtcZ=Po|PK$x@JHq@bB
zEeHJJBQ#8A+Ij+aund0)GQq8*ctfdEvXwfe_y}}h7|>xGHNo(KDhYA2oABMU(1kVm)Pt~wsnOx5G=T2C{#$w
z*i+FyaT^2$Je9FMA9{vL_j3UHV$v(mzbE50hD9lGZgb`J3h^5yCX~7@if^+>X{>kJ
z)aWW!=7pK>4ieJxjx_h4E+m=px^w2ox794Gi_~rwiGEMkC
zdVi3AWjO1|_S!|2J%Mu);^%18@iE8=>bq=-j-hGbeIVZEmZSpJP4S^1A|W20})tPA2nz$&yf{chqJ|yGsgYoEwQ}pNngL_z7b-{XMuF+3spt>sJ
zT>4Veo91Mg1}o6$mGB&wYtLTb8*6f6awN;_9e6Y_Ie}+}i6mD4GmTf1*h9ggfj@wb
zE?<$D9gFzIfhZKFPg_0D2<|W1Y2*n<+0u@5*)tnYj
zE3NQ?K~=nEDj6B(VfuY>Uhu4MGJH@B5~a-3;Dr!ep}gFYilLoiEfM`KNN#X$ESvUqiR;#HG@Xyxh2o+Ta0mBImob=VZBv5hHQto)^?Pm
zGcud@_ot`G5mVm0}m3eHd@dSNpv@90?SGAa%AH7Kx-buv7+S;tahn{f{
zRp-SZ;&yHyp!3^frGE5*>amV)r}nr|xH`-mwdao5;%pZPB_s>?dj*RS$V8DLN4
zl}rjdVH5DmNy8X|53v6d8C1_&+WrNip8c-^@b7=L?IPyJRz|{B#@5C*PXCYAkfmbj
zh-Hf6qvA@1HEdtdSWlFXiFA;xMF#6!s~kEs1d(5#NlLO4B)L?vJhxVn+|bS#4n+f#
z+PFb?h$xFO0WH{d@M}WPJ%ql|>yYmH*E3oVho^i}u7JVhdA95H1IIDXvG>E1@5jqG
zm(D=5FKWq33cZaqDx5{Ssl0jXkD7V2)J011S_}axX1QVx{Mta@ySp~}B8VV!&`DHw
zj@1Bx_@A{LZ)|-CeFuRnsALWZ1q!LS5&h?;NXHK7+1vaU;zb`xE44mS$;H_W(vw7E
zv+tRqq%Y3tYHTD@DLKfpqfS%mDIOJKAu&NKl5J&NrX)rVB(KTK3(|}8S@V{KR2F@d
zG1>%jf9t3i72H_E!Lt+Xfp2(&=!tg^=0jrk{{-b}U8#}KO^7Cp?6gMlbNB0Kr`pdz
zJ!TiNC9J);M!dXT^mLn$e1)}&R1Xf`EC
z;kZ(UL(GK0Y);sei%1%=EHYn0-F-Al*!kQv>3ipz|$A5`&D81`sRjclq)7>(f3)0hT
z8zvXe3x?=sl*r^#uJ=OO0rVpaWr~st;q?{O)s`CZcKV~p{%#LnZeIr~#z`9VRO8urx6jz(I2#wI?&f1*=%0a!yc5KZ17o*q~jlq%?1
zBEtbBkt
zu=~1Z^L_GFCNJoUuxim+C(VeD@m6R|tmROWeL%wu(im({MF
zA-t*D6j4nk%f{Ujr$?Z>__Z>y@~KruN3H2**eK$>10xylYqMyZq(p7Qs+qpH5MhPj$&wA_-j)?9JRW+fA7@kTTs
z`0Y!3E%}M%2kiai?A`GGd$~mlZZrI{ZM!7Yi*skbpSMVJp-6P&s^Ea=u*+9i*A>2~
zwdZUMcW&&u=jJTDN*kIAE>2xWG?`D|4Q^FC%BYzkF2ZWx4{>u4z>_&rNZ38t3&vi@
z{byb9^JAjsqsIPI!JsfXrrG|LC+8!79CvFF<8XzxIC+9LLV~hBa+NQ@7y7gk?v$M0
zAu=Bt4=QwYcRX7rjBI0>g6JH`_l04{ypL^;X=SSya-scq0}S~N^T2r2193=7Kl
znq_J~pvHb=863`s6h6gn3=Q`&SgV8SN!uQeH&WH>26gvnL+a2Ld{dZF)@Z$EHea&<
z4qjtozCr;XZ2$gTFDYfdF>{MQJw;dp)pbU8TwP=8bErkvz|$ZG(UDoNYit5vk`vk+
z+q4V=eYi07@R;xSP^`od(JpH>&u_Cd$6V9&Y(k!fU>+|Dv6pci-M~gBf_w&&?V*R?
z)h-9BA8IJDwIe?v4#3}R3N$c|h0p0m59viUG-B*(i;Szc&lRv9bl8X5?EqQq(}<9t
zXI_4K%&5r%Sd+iaf1PzHba(R+ki=~QMs!GWGe-jEzD13@x1Q9izLq8XFIk5i;@8+v
z7P`A!cf-fU!2mRe3iu%~DCNns6fugkTFOd#L{a{);q5;WXbLy1T`Y+sB}irH5B!{a
z46j4;-n9E$-QSS!W2Zu@6I<5=UJ1><2N~X;tixW{$Lq}}@2snb%(U6JuIINe%R=J!
z+!8lV_^;ZMR`f961x0SGuoJVV!H{jm<-4&fgy@Z@BNogqy!+d<0IvLFcDG)fSqfMs
zJ5lB1m+F@#LDhB__p0fw7LIuZfyZfq7?Z!Nb;9hk_~Ib2EOq^it7`?s@sWEv6#uHRwh^`ZRt^x
z@0stFO=5a;^M?T-H&~zTDf=$dbILK>v47sz=L4t5-fMJ5vs7iSSboREqds>zqFG)%
zR`pCpzdCn4W^^89lcL0(fMR-fIkut^rztzCzt!y-~
Lj>xRnB_wN-
zo^cJGP-!MfXTLxh)H)G~tAWyG2LVX)2wR?&Ro2ql~s3`wz`E#c-(x
zqf7j@m6r(H8TX}9g}q`;vfD=O9#TLu`;!@jA)Md@-(vJ1SBntk)4S7^3O%;RGH_4l
zjj%Uc+78$B{P$3C*{7DClDTc|!sE}|GibT%a4F8-U
zY*MOFF+zhR%AL$f8aZNBeP(6=Y3r|;EQQx_8~0TKJ$SqZi@6c>+1L!Jp(q-l0|;%3
z%%_!Y6FY9T$fbfWHi3yFdjJpmC`>xrrP{moHmPqF!s-4T(hAn@fLKq^j-6dg)(|?!veF#7tixGD
zeB=`^#x2+c^=B@Vvt&i5hlic
z#?6v0aAgJ}j=!B02i{!cOqpdQ)e=HXa(^O>@nn#t*_{NfHl=E1n%?(l2{`k_b#*~;
z4Ol^ICBm}D1!NUpJF;K($IjIS1b3e8Mgn|s9qmyP?-`~GPj}NZS!yG=4)$Gad%~HQ
ze}ZED7%F2;-l}%gL%7;TD<6%%K-cKIMyjKjJ>vFY1BIp~`~t_TZayV~%pp?X6{pQ-
zhvR7a5zd3mx_l-@E9`%p3eqty+6wBE)1{7AEYzB3<3Qob&y;XI0o;VIKISu;Hp56d
zoN}!$q9gM5r-n;fCmtNVcLKBV+dDl&O^}XbA`1!{J;m&zQ6@M
zyS88PZ#w~FePaM7bsI4os@_9WATgbf?Skddw~=B9c*gpO4m4vZDqj#^qB7t{IUlLH
z1201$0M!^?noqj5y=S%ziSKVYkGNMPn!?eZzy&-r1dj`V!@7({*xys?~+u-?vP#kTm>@+
zk~X8UpZ5oz#Tpi!8P_>Iitx=<^ab~H#_-s7WP{_6tJ?l+hN%XzQMFPt>^njR#z>JD
zrQu-)HkEMl{YO*cJ+p4UI02G32_pebyeNI=2~%zbt&-WNS+xP?_L1w|%ZLvxtnnrm
zUJK~`x15)24Ae5cXXcu*0ntc(eR};;-xQ5CI${hLUtqPNPE_tndSKQs%K5xz
zLKKjGlNBC24ED*hWS+G&$g}(I8!39L_w|!G&c@({lS%E++f+LjK}`1qdgR?+FWvg(
ztS8}+khB=9UPDP^R%I2L1%|=+ku<5&?lx447Nzr$FMS0zQAM332Zd=New}O%%Guf%
zWyYUNwOf5aItmUgAm@e|c{s4P5G=pJY&G1XTME~w$D0H5mhu5qHc|9Cp-wz;TpvK=
zLY&%|?e~o$MgtmG$Q8b&e#2uj*jI-Abpj2wzh1ZhnT1K(
z*~-b>&dS{Q{|0bI^S}oDMi(+g8JsgTYeIE#LWDw$($ZJwvmgD8GiKOTdPK$T5ybeV
z^P?nPN@uHsZyL=H#~`HBDa4XQ{7wVX*F1T*=&bU*$Sjc5MyS<3;r&lGCyr79$_sjw
zzIJ5$j>bwv&Um^}7=x)=8r~ukH|vX&`)(49I4|e$LvHy5X!!_PB1>?|LKDv*~wTK_<&#$dsJ(8
zgBEFxr}-PsL?n6&@*var;mSB!UyHErjx>hkx&mCNT9GCZt(8NfBY)L!J%v;~Mb*qlu={KS2A==xPmh&BOq5
zw@Hjj0YTCcL@}3F-K;
z$#$%lVfxUE?gz^x`2p~m!5+Yd!{$p7-cSH{U;s~0EsG@1WUWpuwBaD@v~&VbC>~TW
zvFeSj2e;yG6uyz5HCdf5AO?nG4cI|2{(&?Q9v;>T%{}XsgH7y_U#REQuPZTmqVlng{L2f34}SI5YQK
zuWxq~R
zU3AoS1M&lUmgNMnC$~^Q8_A}YuhUdnoMr>@qcgzeg{wp4YD0@1-2g`ei=_U;sGKSF
zi$&XS^mCB!0}huSOoUC1l@UNMT7PYTv^5$UC+zq<-M{dv&eUvn_V$N0sbuUNt!+Z}
z0Bvcfqeth0$?>E&y3S4KQfM`>vUcT0CAWB?#7QI;3i
z9ShuL&RW`KZim?{u_+xL3ySQy-gPy+|F8GsFQ86l{M{;6B83ylW2QqammpQcB-&dz
za6!}Y`VlkDbRJl82b`#rE&BAK6BGJom&uMf)6Xd9-O>1#u&f{xTZvOH)R$
zKIFF&!G+x4ClHr4g|77MRR^VQE@mhcSHYF!i0V^iwPZLFz*)2TPSBFvja^=i*ZL+V
z+CAfEfooOS67WU1CL-JIL{iP(TTlrFTL9=G%;<4hW*0W0lxTCrYSzL1jXZOr(;=Z%|u?lD~TxOS1j0+g{J)t1c
z-&L10S>p~F_jT9Hd+t8xH*g-5gv;4_NC;|0kwIT<<^#N#_M}=JnG90fR0E&%ovK#L
zFGn8Vtxl+l9_oZEXh`g0OES&FIv=Ngbg0F9d;t7_^lU9sq&_2>*z7{1-4)Y$$J-gC
zzIVL!Z%G&K3V(t{M8E;qYka(Cfpv{_iQ5S%m6$u=k;v)+Rq|Xv2=j@Ph9}FGKlL8k
zQ6D-{eU1x+)e5B&iUr58DFb(~kZw3W77DlX44(2DWI3f#?ua6a{)h%T%Mvg^-in;*
z<%qa)m)Q$ZU~`VF;fkDC+P!5dO$o-wqZIVE87Jg;cK)J=59z!bWBBYhI~THC>`u+hXm^ndMNwmxxrAFXe(
zH~V}(yaD*)Xc{c%rW7_*k(Xs<$s3mIS`^;5sL>~s5v)a56-m@FrYa{o(s<0zLls-(
zQ2EmrU^XDa>zZPaF*02(K~1oaTq{^!?_?TME;gi@_2}{{JbcS|B+7OwmT9~*c8rK;J
zZl7(FSPmX`6V`(Aq68({6$@5UjQuRjhba@DNi`f{;%`4Fn2-p?#~E@aDrwnwN!aEV
z9K}g7LLm2smZ3jaONE7Zw1_i!v=~&sg~9}n9VVDEyb0XB=$WK*uZ__A_+Sz|*Mq}e
zaDHVDnIoNQtwVk5bH(uT{zFQ9{v?O1YdYuI4#j)0Hq)^A?w0K}?3=TL$2ve|K
z@NX@27pk;KsKq~Pb_ZT6zJK0y{i{lHq%44y`U<)WXOg6vjb|1yGmbi^!EH+OIMvmP
ziJ)|*_6MyF{;1ECBy_Zj@AdjmcnpH~eOcsrrzJgvy9eqE>4)Ghr!tn<_p_E3lTg(+
zG-Su{dkh;NhV$YB;7{iN%;L#|DJ-tbnN6%f^qb60sfruy$WW<
zXY#27LQB^)*(%-Gnuc>)hpZ$
zwvQ-nupPRJX_C=NRKZFrE0jCEBh1#2ayXtVGPvK(QI>ag+`L~-^H$ukbkTSF@pVXU
zmnbV`gi3yGKh*Mvt6(2Hw3O3SYI9IsU1fuR&GaqJt>TSv27kRLxGf|qbe`*7{BgZM
z1{^hJf*;8`zT9i#W*ApjwZjUD3F7l2&q;IHGE&U(DA7
zff&!_%-5)%*S(jm)~K|zBKpy!(_YvCG}>8%#&O#CCoQBwqHjnlYiEEB3}bFOfe2N<>B>kOwP#6kQQY>c~KW7&k`}jVX;y#
zo#k4C7dha%s)p~SIu3R_`Mz`gl7l_b3JY)_$DKU)cM)mHSMe+QOEHvnNMy-rgaQv_
z1Ds0W@e%e_Bnry*sMpI+jdu+YD=#7j3#z9yJ>{0TeQ296643J->n~G79{Rmnsd$le
zcJwDqApx>xIA&WMQLVx>TDUl3u57mDGjrr4u`XR|(>r!Jc*zh0JTy8(_v
z#&lJ`;}(`tTq2prD)zbBO)I`5zZ=a`vus=Bn1p(_ljsvuX;-Rbd(l>x#+~MDC0T98
zD=X|GHd*MQf&x!daj42d8JK4L_2?Sh)Py4O8MKT;)ffJ7n4qPwbBhb7Mbg(m2k*c+
z&#}1JE5Oj&tBBr71veEpkr|2)+6Q@LY2|g)4MW}NFTgvm)Vc-jID^5~gE|Lp@#i3L
zoK+>ES!ZGxe@;irrd7tZPg3#+GkkWV6&=B#VG<6_iY_8^O;M({G4o}jH*0A~(s^b=
zWnKu+t(Rz-#~%OdKF|`HyeDg`CIC9gO6ae`?3gD}Rb_7KN20RClp$2E*;$lZ+0-@(
zH|7vq3U5i4YVNBK@so-^GMIs9h%u~IvY?KeqO_u?$cJe+)!4)7@+KqLIV0WFzdUo_^r;=aPeN3G
zu}O~{$Dgu+6E=k^A#Z!fCd1QFq8CPo``?fPls-t2L1GpY{*xz4DuROzKnJ4-ZVG`_
z*4X3}S+m~3F!2zw@FH)?JCkNNMPsnz3jz|zb9U>)Mi5MBgo;;|vLai?vy-43E7LEW
zGW_y4IEDT7ch-$1ddkY)Ah2j{uqW|OSbvfns^hA~jis$rJE%+#OH)ja-4wUOUYF}7
z<;sYt=A0x5YWonqlP;Wa`rn4hTJb2F(s9clPV(7sb^~OyNxG*LJw@l@OqH%+p~prB
zYJv1$6D+^Lc=TIVMzEA`!24Zx!rbgzF)Y%iCz%az)F63+#4e20Q6@sNK0m#K!xX09
zfARdp(C!0f*AKm`wHpKH0nLvRC?gxtlc=L?9G&Z^ISB_qZ4%m}K5J`OirqLMUmB_A
z|I$`$Gc_0ZG&O#!n@A4N@a-xPyOKz|BiduIjKjV^B%txzad4jn?4W$b(Vkg>p*~KU
zp5r`Td~=@8-&*Fodg9^fKNAIUJ`!b!llvfbv;jRu>iy8zP*5qBQG8llV2T2CB9L_v
zKSMQ5Y}e*h>I#}|KtA{0(|wYw`D{xAanH%hM`Vc|FL1cETIkmuRU1zhO
zQ?bvzwa%4wIirw3qS$4wJ>?C;Q~Z;d)j4K
zc5PmcatRvMKA2=*(;K|3?=RiPA}4?DmjE`}=jgD?w;J-UM%-HUm}<0wJt!@TH2idm
z=)?cn5xoGt|LO1@_?r8-fv?>EU|1<^E3Iez{~knT%1haNJ4e0NmetnKX855}rf#iR
z3xxrYNBOWY{E!l6v)F9cmN8ujeFR5~N?bmHP}v^AG@*8TVgY}J*GaS4g30%ZmuIGC
zy1hM4yuUwOaQcES6S!g_tNjiSE$+qB&v&J&%TbZMJtosPNWH}~xW(I+yY_sJdvGBw
zMe0|)h6l!1#jX)RDWH<^@7(kiiOUndHkBJOx#+%e^nXQ+g?vfKIee+Mltn{fN&ymP
zk>DbDK6XMK-l7$x(byoLFmn_k%GA6Kj8TW|KaX*39|_Lv&}n!t#9gA-5KkH6!a*_t
zJI0qF^{kfJcBg%R@wBSgsR&ZaAY8sZJbJIcN6IL>=i;l`2PLB^8`|g6i$mnPPg3a_
zBGzo$-i7d6L983Q6U32BU$3=;UZONU18Vckm$h2YFxrx@6Xi+b=?gSk{5
zeNv>4Fz|PM(R;@IE2<*HssNuslMxs>==o#*>qyg
z*l#a6{Q6_KF!}|i!3}DoGI<&5L}PFNc|Szr*F@1J>%UMD2gz(?;d^v<_P0~a|Hg9s
zmuvLf;3;P9$Y*b_=k{+{RFSa75<&kInY&w_8NnH|7P>uGjllM2T1`AB!wIzAj8p-|a%eZ=M-dK~8xE<&
zYZtg1$2hjdU4JGb7|LGKUi|jWgMRo_d%s;}Z-M%LTvz>gt1oQz^G|ky1VpV%wXfQp
zfR;=~312C+EZRj~_iK&(#kp+^N)rBQ+M1yz&kNVn^1C$woy;)&#c%%}nDvYj4+3wh
z^91=L{0FrH;;Tj`ka!Q0c41Xnd+RhV
z?1u+4h3PJ1A4DcZ+OXJ
z{Jj$<5cvo1eHj|}!>IL_9ao9r5RTwAq-s=DgNG8xQ%^LlwbRbTN#sc4$r~9EML(D#
z<1{!Ak~{T3W#MuPd##rVd$vsmJ>HLJCV)GzIg8bk@)UWCs+}
zD?IJ;7s!7pg#kQb&B{ZcQZBZx4-MJ2t7zgo#+bSaz^J9SKCigC$kwJ
z0hx}qf2M|~b6%p{eO5#Ro$A)$!r?Joy!2M7Rs)7UgPL}pD|b*@Tl>fJ^JCCya}8uF
zNFZ-zDr`%b;`i&1BpuSjcto_2HZAYE`~nJLa>apx%rRh)5(GLvKiR;b94|M~H>YYz
zMpZ4#KkjBYo6v<}?1F*uj6HbB`vFRSxF@5If1I;thZ0FWK2AsAEfipogP)pq>F#d8
zSZHraQ;&wp1t)+-S?ekpRIQ(o`r_7{f{53JT+UOA+`>zO6(V+c5cq=x@=IY~+t|KZ
zcPDoZEr#q+Nq;bI%2fNN2(k*I7)bU*J}3NP;Z7{T^b{(?s7Tu=)Y@RV5NMjAb)DRJ
zZV)LWi!>zmDGS^1cH1jx$B*$Kvhd`7)P`0b>|DfEZLXOi>Ey{
zwl*vT{_w2Iin(wIIop)7Dv5~Nn1vrCn$gMxwc&=ZZ$_t0Px^U9i2%oRhDodLN0OX)
z=7gegOp<*|LS2yjj2G5d4II$%n+_lCv$mdZNW{iI0;F!ZQa%h1mANfC9F1N#gbt$a
zu)syl3{N*r4~w$qprl)AFHjqDGhBpCPdJFmPI@G)2Tr9kO&%}u25KM5tyS=P^ERhz
zA(dPxK2RWQ49X+#_9?k0VHsOjfKF!1mVdpq4S%`S=A1W#RrAjl5P8~!Q?NoNnuVv(
z@kd!>(ojv|+P48IQy)BCAb>s^s2pgMMD&w#K9e!fX=haD;??~0>F*W6xcx^K)9nyz
zR`xOyVft~ce60gv170Da(Ft&%)dB_LrvtHMv2)_Rv87mAAuODK0JnO!OU9EGN!Uel
z1yhUVSLK9A`H4mH5tNp8z!sJb=R$L7IAVboKr)qAUvaj5WwbGV5i~drhAA@Z<$sF2
zk(x@2*?GhgDJ^cJr6Hz<*TIB=D$9CK&y-F=ovid+4cfd>|(NSIa=yn7|RY_kpxHsuy5vF9zcacJlT0je@cH|B12RxO3
z@k0zbxMy=sF~NN&E;r+r3?VtGn?7MuD@=G0S_;h0%Ak<=WsmKpiKpVzn
zqwqe&>=}we-}75YqQ@zCY`nNJmU_TuNv^z`^9!i!=&X}$slT9L7BN{bU8#K=#a`wI
zc<-MHc}a}K%Tj^x;}XTfP#2G6{skZ`fNAw!C>ic+Wh4sYwc})cW^TClV3&E5R!~Z(JC|>A(c=eqN*8
za-$5`BAw`NF$ByUcl~@*rQZrND3wYv^(h4rs|O)nliAAysjfwciM!{%2!v;JfDsG*
z`Dl_y>w8)?5X
zYxu_A3Or>vRw28Z*jBzEFm>^R7uB=4NNmp_^i7lBHn$%Qy$6RHoTT
zFvpfi6xgJVNYrJ6yHOyiKiP4U6>tlk?i(COvI7`A4uK^lhLl5;)CjEDK&%iI@?dCX
z|6K>fw4jTqHHATzd-A+ci8^46%79KSAuWeJYH6>A5-=;zc^n3-if=1j3o9MIvjeFV
zBlW@WmS6q?O-cc?6hu_Qm>nG$nuZ#vdr#P<6bq#dAe`rHn;474)&@69LR7`DR%=ju
z*gnU-6s*fsSb{p0Y)=@%*P8`kVnsy6sc{R2;`EV*;>^xO3c;4=eRA|<(PcLP(eMUH
zA``Cg!^#F&A{(yg!z_EqSk36gcI(y|V$x~Z!L>$(=t%{={jdXYik`|avgmIGgdq>U
z9`$2GkLA%ACKLIHxL6c(BjJP&R6bimEm&Pniqhdy%$8l!)A`eeTufmyzcJJ!2FwCA
z=BCqzDr(DLkNueY&TrI3U1EovcDgwy_z~H^gx|cOso$NB-;f(5>mKP4hI`$!FTyI`
z)0~7~_j(7WY6$f+V};oj(}EUbidJBgJ3Dq_Ya--`E-a@f+#y0=cWN|*&Eb)MVfB=Fh3xn+KziWPEjPK85eN^lZeJa0W4E
z0RbTaK>_&=`1n_|n6N_iX83)TF!}!cXB+!}6Q29O&7y*tm93=_znO`kk%5_&p5?!_
z5lR{gh$d*>EJQ@x`ai>neVJ8Z@xz464
zGAHM6@-~;zoy=3nGjXinaNRdfl)m`Zo;E%Z@OX#ejr*G4I;ZY%vaU9s-afK%eL!k3
zb;Q_m4(q@LRG10rD=C5!3QZ8>Tk}dM%fgK?)d|X%Qv-`ghVCslr$O%T;iVSp!*@c6
za_!Vp3V-1Kva`R>in8nXJGuL$JFL
z^?O$4X4P|5{HNrR1qjvU``Q|eNu|b=B@>;82q+!mwEAPz!3QnWMvHM{#7gQJUK6-0
zq~zLi!GzT4+agJrmh#~-OWJrg<}U;gR+XikG=$IHX?N<2@+Tnco3bd7pf>=tOrDyFl-))0WU_H4Z0S48qO&wB$HM+8?MMX8|&T#`g3ttRl~7c-%YY*Zc{
z=NCraiSuzLY8Z%+zU1o&Z5BilMLP`WVW=ty)2QTpx(p4LWKGJ_6JAQX`i%pJi)1!E
z=_#ONV2!ggPBp!wexZqDIXD|ld1{BPR4PxnZ-~F%Q+ZB6h1L%
z?>tw>;R#Pl(k@4jvcU#f#S7-YQ1DdvW;&1pOAXxiQfJ{ZFiFx!{b)?eVu?^gZ^JZF
z_kTK{J`RQIpJ0$cyU>@TuPD>o-$d%vGBMi!ZE`6jOr!#CO5dk#ztp1q%a|-MH`R=j
zaF3zb4!pjh&^Uqr7k$URgX|EdYdp2h487nabQ|L}_NH61b&h#4;9w~^&WFmW9df24
z;046C*KO(k9Y(gUXJKud<=6xNiBD+E^33pij3A^T5+!5Go^|KtpU2d|;9I!}z*~kN
zdK`+h8_CS30kDm~uYo(=wnZ3atlg~-Tcs>QH!*9n;B;m+Fl)IQsq
zui9K_bvOZ*gt9D5H;^&~Jce0KQ-+Je4ksLzZzY%>e`w@m!`6Ic3EW)|AT>z48$9t9
z2^sv-r8F?x=mNtj?P->U3bu(v@R!>P=aqwTlra?Apt}B0q}+RIrX4NGJYmJ>WS-Dl
z(mL|<=L}X{_(dzRqqS14LT!e`g^a$#ag{aFAyc7S;qCgh5
z2yG+}-l??RC9chvtFOhR+?R_0L(7Xp5avhG9e~`;30&$B(+;1lBmC8^yKr12u0SR5-Nxm{vyn`v2R2D1&aYca
zub1-1K$?aePYxBnD*tBE0Io~4^=!N4FQrWqh*6eJblwxZ+KWs^z>0<#Msyq}&Y-L}
zWrI|PtUTw0BX$6Zi)(jn)s$sn$=SN{xs57+uA%?WJQy34+6
zVS*>X-#P;y-#ZlyzKdJL+9J8CMSf7%>U*LO&gnCYBIkQk8x*Fl>BN}pO_
zUKEf+6UD~?iDLwIjCYVIn1D0J^V$MKUYZI`(=5yPw&XOC7sSr`x9>VDYQn9{0=aNs
zT6}!HZ4x2M9A+51b2X7(ZMfrNdnHbPud(BD`Z33K-d3K$#V=eN~(3Y;{-15b-
z!A53Sp_N%fBaR^yDlOSn79`aVP=;2__|4V0ufeb_nJ6ANflqJy^fFR&&c#5cAfPv#
z<`Srj8VmPC@?adEv0l$w;VT*k1jnPJvKcTYl#`?R-o~J(59YqpcWlkWd41WQkQ8xr
zn3n;;Ab&_5B)7M!Udhg+n|?EvF5Z|TZM#X;M9&Wk}&h6Vtk^
zyj$5%UG)Iu=cEZ}nuDvifWqea6bnbCqUtE9Ee6`5BeFH+IAH
z%h+_LFjY~H1eG`bJOw9D#u(a62EZBht^|5TRyTiUSRlJT5sQiN(CBWoM&6++O_ubi
zFHgC6G-%x3il*)|R0U)Kqu(|Msil6->Z2WuSF0o!b6s!v?$~+_y!PbwGD6=Hs!TMo
zWP?crdK78YK=7>0VzPHa@2mXOpXo{6yvwgVmILV!%%&b?kaRMENxwOcW#J4Cav!#-
zax$~$63m}O0hanuI2@n?62H)SJjPH6;v5FXAB3U;M{_}}+A-Wm^LRj@!3o*17#Bez
z6{&QimVot7cquX=BQX$-@hpgL_(C#mp#u_~glKhP&+&?u=#Q!0pQi8`&h$uYaW&N^
z#ER?K2@}WuTthJ7K!yOYA~dZ35CEedF&!UC`7rZOBH+kx55^bIgIDZuY=Qz?uI(bD
zGrtL^+^$#F9_7uVL)bH(qS|Tf@~u*
zu?~|Ns0Y*783hYiOB!&rGjF-myhK3Zj9%}&iIo%F1c%JB5&qgAx1_-mVMD#HyHwOg
zur4fAp)aAyb1F7^upon|78+tV@N}TUiIPQLkf@9c&;zFNU9gT^y-0!Vx1(Yxja@GR
z@Hlp#@5e6LnT*zky2Grb>jt-Ia+_<39r;B4)R0;RVK}6|R_1tP;c9O@O4A0uteflt
zR3J$mLRz&*%yHRi98f-0|AP#?X(iSH8a5MXW;o3a(J^el;vr`a0jUV{bWzNy3=4|V
z;OiB?k`bo0;AI*VJBk)RbC0IH9W2Cjt{FIx=>Z1QzT;*4%RFq-=r@~3AmuShvTZ-4
zjGo}$%H%wac?b!+a4sQkAZ!btKe;1O-;xv3aiQ%N1}kE%X9e;zoM%dl*T61IPLBw6
z-!PTqJ~au!Se)Rsz{ndJ7NPRoGGkIvHWaKuWPOSndgKk1*&|qnZq7jcMW`$~V>&av
z1CO5Dz8nZF4KYVjT47t&yaQ(?~bcRbg_9MCLDI>v9#=}ttmlp34kB^nV@SXM1k(E
z@Qx2~nhgQ8*Ia3BPg~+;ic50rfGVrDAwR?8r+|8oSJM)l?Oh|Lea)}dNcm;UxpG|t
z1fb7;Sv}swB=pS{sh(XCKR#u_vg5ZMoA!zUM><=*G(dkc87Go3HC!vE67$gGTgoTCEAx*qj9XGE+LJCq0b3=2z+iG|zw6_?I
z2w&cqf!V~_P|^25(iSgPU6mnT_JeQRc}l?aYUVbOucc%U-g&KG($}*#lZ~q6R6xGg
z$iJ%rvy3D;*D(?NJd5osb0Zu!M=IIxWM~^
z+l>z9ytdcK7CpU&1IcLHN}~uFl3Pa323U!KpzdS`K~q9gZ}y5+`A%esRbtNhGaYwn
zAm72hziFK>fpV|CxYiD&DwK(3M*%hMI0&n1UI?L{O7y&q2_CnN3AkJ=S}1ZH9uip0
zjSp-;32!lMvufa}C>Z_NMnLbQG31uC%>8=fKi&5s)C?+sfVr#DBB
zv*4AH(p33~;9bL`s7!p+-3BN_WR}QjCGK~KTVkq=IZCEoh`%S=ktqwYyTu$W*t_D(
zwy_Wp%h-_OFckR`_4O;9O+l<@4utDCLoaR10N^#H42@)6^7Ge;dh^{B#gGjeN|p_N
znpAIs9uySur6ywqnvue8lUAtW*JgkagR_s)<;@ARxkEm
z>0#;qESD!{Ap-8%F(>OqieEsRMa)3aB-B-GD#b5h6QPhp=aO40teJJUVO{vzy}9t{
zT-+8+`s80Nur^t15|w?T483WcLJSW^2Rh60SbQ7^d>f$8;)9^|KL53q%QQ
zxjF?XTirM9)g&SI7j18s?U}pg*64{at;gJ&%KPf--eP$UVd>*)o_VA&hVh%bvwC)g
zC&kYd#<(5k*RQ0A^VBL6T2RhqWfC*pNxH2Kh@sc=Z!`)zs{}sd%7nm@(w@;O!@~(y
zpE#H{6tCtPH>O0MDfAkVLEe9FV{4|Ftkih-?uB1UY{p2JT01p3R;2C1RRo@IXE-(m
zS2x#N?s!S9k|>iU{OuN+#2;~K*+V>WQY|;A_8fI--eYyAz`6<69KPmL?12GC%&lC=
z&oj33ghnyRD7xQ>qNZ}((HX^tN|oqfsL*f=VE6|3KBMe|Stb)EzQg_rsr|#OI(@AJM|WYG78X)!F;!($ShZeD35i
zz+#HpA=wE2DZ^1*1Jtp@e)vm(q&Gl;=$;wAFt78Ei*%zZ(R>QHd$QhO^di9;7Py~?
z{X&7^BRD(b^Qp!DZa;aH%><4YTp>$%osoiMGm|?w1?ngeBPq(LU|--?`&PQkEjj61OD)|-ruYZO57Q-vy-x2kyf^G(K2T=eAOYhYQw1fvL>QO8P$=BW;kpkh6Umi7PeNR4r
zjs1o`i&Uk)FKWe8~Cx$4M|C_`>Ny7$H3GNf7{jAgVf}=r#9Xi3b8L`+p-Bp97
zFrft)%iaP}epdE)Xp;@|1!3h3=ofy$J*eO{f>N2R_B&Vy8*&1ecFDlkwhi3jvR{!r
z!C<4|R4O~;)_Tm>>rt}SkE7ZV-6M)Z#hEF$!Fln?%0mlp@4ajiqvVD*-
za@yoJ?h_iR`3S#m_502;h#@!)yQOu-8ERB{g$PP*8d-dLC|uMV;X}NvKDf5s=H?Xdqn_Lz69BK8tyuR?i%@nb*R&w
zfQ!S?jQDQ|+
zac$3kfeDb)cue-!@YZ98Yc-4kiXp_8e9bo7mCQ$RB}Nu2OVX%pi_$b|?49n$een~H
zF@%LT5}KRDH`0YWBJYteZV$XR@O*z3px4TE6oG+#U#6Q=qE#TTG#-;cF0*Z(M5l48
zM*+jDe{5Wu;Rp!WsDZ?k{ufcuL-Yu#aPhB
zq$rL^*!C?pj7}1eb{i3cu1u^*TkEckT5K(p
zclf&W2liDNk(B{*Je1z83^%Hca{oXB**KDQxRd2D2jSvP4^+Y4MvU)r$rK$ahD&;I
z&Z8q(aCZJB5K9avfTbV)D-#QS3siDU%=5T2{Hc~FIm2f-PPZiSRc;IhQNX6yYjW(d
z1TDKAO{RM&L!S5-Ok_4bk7R@6*DEO5beMOx<&MzHrh%3G<;N?hM$`UV%ynG8sIzFD
zQrkYP9V>a`^(jgfY3pp?S@ck&Hv1MzCRPK#ro|4m#H7t63;avWR)*B9ov3f)^<^M(
z-2w>{f>^y+Ymi@96r9DSl}*XGJg!AF3z?l%-MmOkPh<9DerIT|bc1C)0vF%?=XUn~
zEo?!vF3e|i10k#4XZZa)jHL)l>2i4C0Kpm^GA9vaHv2B(K*;%Tf@kzy%z<)eQDn~{
zdH3ZBD?uhsq`AO-0I>p_X85RBDJl{{6R`qDe1dw_Y`7qUzHLm6M5`zT;pluw`vv-z
zPaygiR?YNe5M!*&*~3>Fa&(y-*oNPBP!jd?R*|+F;2IRL@Yqha-Vh#-|R(d4x&kh_GXIYjeL*Rr57Fe0~ruh@khAYr!1O`(GJH
z`|9_`6yLh1^>1e7KT{F^MECTsn)Lr+Rx;(s#QS-XxaW$Z!e)3pHBf2dThJPjQNz=B
z`Qaw`Py3Y8q%HVy3d6#E3Uk0{-hccO@0dYCZYx1gX-#f@%J4X(yTYxu`O#F{TXQA&
z^GQqOdEMb$j@B7)Gs>F(XtQ>20F|pI-hu|p+s*i?GS*b2_nPQjUkV&Z9gD89~B*}
zW=cUcZuXl#KgTy51lT-n0d3w-w4!z~$$DR|e5jl4@%~Ez4I3mVP}8v5`cxPOUHrX&
zde$NA_o|$XZhS>7udqB-LDdW_WkHr4)eMP9>1s{|-&3Uipl5H#XqKE*%q!t6vEI)J
zHG?SqRaJ&;S+9{l5~`Db9;(H7SJnxl={W)&7};dQuEJvV)VD7x
z=G*i8cv_bC_YRSo3lgJ-0}C{5(YoAtQLe87l;2sARht147lKy8Oau=&&pl%(aW#@t
zunvI&cAuCGGv>^^@won^b5!0=!J0GU5!#Ag?{Sx2*r__s+FA%_$s9+{^f@Lul&?dMksN^Q@oyzvlM6g
z3#F@yz&SRN1xgI-`jPo5QBtrpVKelpZ8dO$EQ9OV@)KhpdxorGH*oxp?b2a%d2F|A
zCg^fHJ@gI)qb#DwH@X2ufaQ!`UI$)x7KzB|{
zs`C|TGXoj1^pWskMg3#}*~xh%dk{;3zwepuNCGgzs<2QWD5`F%6`*dM~}9FoM!1&H8I_*uPhhJ4k}0O1@FIiFtA!PoZhYUsGtCfL&Y-5oclaZ(-Yr
z@sO-;`G(vbn=d&7yng=}h7oZ#KUPx~Gi4*KcENMalRDpcS4L4_&+pybHIbNEr&ckX
zkj-e5!VIkj&5s39u10i|ZY?2_K}VB(LU^<%EU$5T6rZU{>v+lwCeflbn=V
zIy8{jN{}J$j7#;=8LaIpL)SW98#~TS+uFPDQ=9MEu@6`5{U$ltP1b_r8yn0QN(dy8
z9{q$-qp)#txsUUkX-~o=glBQrdgHrUju5a*W!1-s8BXv^p?Q2;f~L7Mv@ca$uJ5k`
zJm3^~7M6HjVRI979$0Ph(YFa^dj>&hNP$0Z#pU-2G9iW%eF;kVgw7M4>9gYW%VZLR
zk@(N!Q397Nipfgtxe$5BpJ
z`hp3E_N;?u?+RG}u~f%<1Hpp%Md!MuA_@_H%{}D$E;UQmckB{scS8uGSO)5YWtKBJ
zceSO`Qt(26{4DI+@^KBzY+J1KTz%Y~U4|!r${olfh(+{5`!Cu&=wgc~>Km(;{?>WG
z`wz&De^BifWR-dND-MW}0d{6=_J1z?3I5o43Q<>SIxHE%i#zwCp+LyNsBVI-T}
znh;lN!1ej_q6qM(Ed9CPS@@RQ*|YUO;q?yL==hxZ*-B(cXH4tU-SaQ<0>c3zl~8F8
zBS!RMx9^=6UzuBVY$Pq_ZuhE4TBHmdcS9JYoWh~A^!&DZVliP4s$=)aa>o;qH!JVl
zG|4?^Rj-fHnQbEG2#3b{5R!aol+nX#x4Cm4uNO!v?48j}*r#%z!Tw8k6%!H>2}^LF
zwHnKj_TwYMGT}}=RVets-UoU}y-~Q^)kH_?`1|{1_s{j6IJz07(Mj{YmTB`w&9yjG
zrHcpUawpqh31psSQ*R%Ihxydm=josDAVI5S&VP>H+sGo5%ms7O=seBTC${4!On6e(
zD=rIL@f&a}ns;J*^7oqd7H%@&qK58(ijN=Q_NaQnSG5{!vvTgHUIU+7)iE?9LJ#^;
zW&nv3tDdct!$B-oQ|zP>!S1(s+Rk{sT6CVVSpC7W|O80!rOGI6B!5o2@FJ
zuXlS$Jz7X$isf5#n!|Nkl@_T1T3aV(oFBO+QB-rVni`lO(d9~@fDZc-ctB%XcR{7C
zMNf(zEpv^Py#Bm3H7BmpviNY};*>#bC~Q&AKNd}j^G7(Gc2p(oPtjIIJs$Z
zdt??5+`s5Lb=OW-7UBsurrG&CcUvlIdytq5k^O}U0VYU5!=g`IPCvBL@g`NnC(8~V
zx!+U^(Ha$Q(g}ancpy~4Q>A(GmVa3a@T#U(ULnvnaY5bZMOu%u!FAV^|7!iX_&b2a0E58XKn3
zmcGnxj@_#2dT$-5{2uTM?aNL{ol9q(IQ9`C<`Jr+azaIwEDg7|mI
z{?7;czmdfMb)dh+P2ZAuBNHS0e;+_E1qm5MIi%03%-IlNL0;-`WjT%2Kih9|o=AQA
zP~rfho>ceF?%2WO>-db#Lsd>!+WC+MyG`Z4)Quaxh|r>VIVB=c(H-~Qh3megVL
z<8^Ni#Me%eAu>IyoU@4>%WGxdo4ZD<^N_h|9bnAUHQ0wAoNsLw=q#U0l&Cn-x76Vhu2AlTa9NEfryTutvd6
zgSP>o)uaaV!|Yyf8(02rf)||Cj~j{{r!9RGA_!^Ctr@NwZLK8o_W+OK+;Rjyf!?b>
zCH=6`h6A+NECLiP$M5HC7C7VnW+jDeSXirpKc>Y^MW!v3>!^@80!<22kx($ZvdaNj
z{juGKP{Z&jE@fQ{wn2(>F;ca8mNF!^fqFz&s|?u=Zj7YdiRED#$aeP*=3!%+n+Gv>
zVpv9K>#KEc2WzusmeJ3y7=$AVvCJA1U}mL-rtgZAWZ`=3g-~&#g*AYrXmNb`MV{6a
z!L`zoO)4fi23!N2sl7j;iovg#jCLQ~K}=Ywk4%{%FZhJtKHF>Ma#8t{BNY1rPa2k(
zZbCVs>EGxq&mN-PNNw4nh`%n$WkA9u8qtPkE~VU@{NfeEg<+403!Dt-XlQM_uiZH?H8k$?tQTt!UuEI$5zOya%==$(>)>K_oEMKOAm_#VCjW
zU|KBeSSPAq@SX~BUZWqJ5WEzqzJ~Uz1ncDZJR`R)(c7Cm{U6faDah6+=@u>9wzbQ)
zZQHhOo4ab4ZQHhO+qQXjcmLD>_Nsp}aGciDah5@T5_oithP~W&Gl_1DP{f&EZUu8=L%N5B+p%Sm-q6bbMG#
zj^+9Jq-B&rn9!^WuU$-D!9ha#`!`;0sBrrtR<&>MDw*BC+{nmaZ$|h2Ceh%(O``wg
zg2z9TNXgmJ!q)765-3Jl#$M^K9*pgd9v0p+=_4QuBnpbOo-U+#3FF>2$$F}EcTldnbuZe^w9Wv$Y1qu%&hp3SZs9bE#~YGT|rGv
zKgK_sUe`P)Tsv>mZEwC`87u%|cZ5M{za~kXWQV6oOPEv{v>Z(nQlOpQCS#&i9GzSp
zr(GP!5L-?UOC+H%f>>>I8WK3D_>yqCxoym}L4krcuMTn9rU(YPhLy#C2O;Fq2Unv&
zGZmyvXPW6&wL>pE*^7{S@Qe#}kN!O8#XQN?^_JB2xPd`?WlcA#0g&Y4+l
zs8$-Ka!)d-`O{;1lxfYSvfx3zl>N*2YAx`O8!-E1uASPS5+Uwzq0?MxKD90=Hi$l|
zLPu$5M^>@Ui@7z8j#aay@XNg``W8G7gP@R$CwdOElakE}-4<|V95M8j8`$)R6axncWfSR
zM3>e!X1BIOfm;R)jMZWs)SKL#jvNyR%{6Pk>Fm0PYiOj8g)0efIAHEOug!xT0C0|7
z1Vl;>=;la+Y6+|xWWtTG8;6$Q6~)q50OHLLq>vYd1&3%;IglUb1+Lr`;U1&EMmI%b
zKx66xyBFy~Oo87l9ijqLjk3^N{b%8IuJ9+x8L5aIc>N6`@7n>A&y2_uOFNwlCC=}U
zaOo*&^3~s`xIFmTT}?@AB>PVaDU4opEEo(VK2N5fRDbtjy3@TztpE
z#lLlrz1BA9iiCAwZbpj>Ys;lH?G4UMCE;!si+;=N6n4#Hl3KQNms6Din1#=fJPN5m9;N97#9si5;@yrBRW96j}@
z&M|Jc1>UMP;av(^Rf$wJp@Bw2J@fJx?#-!Q%mbb)`m6e&*4?3AVl#&ZJ5Q2Wq+wp{
zbB5G9!&?fXQ?aWL-#8=m@-&i%SJPVF_akNfsS^f^f66>1s@xtbY3y{w&lwz)aJr&(
zt=^w?e{Dj=*f}$lWK01)HWMFfN0Iez8|$+QLCah*sUhFP{qrlNo_hh6W>dV({9KU6
zYARW;_9BsU%vTa+DaMLB+2w_
z-{*1(&H0X2(69xQSemNhNqQUSD0eA`s3rH_Hmy@j6!-h-2Xg0Nz^@Upo4i8f2heUg
zBZj?ifsZMFczvKZ*Pb(-z@7$?C0{2;C*OfmEr%3K;fat_km2(SpG2}uRJ#JPYS)+(
zF=ol|#~aTJYO6{8n>=@xvn!H0W+jb~0kY`4$Mj%1utvG()-1LkN9n
z42m|BPAvz*;*aC}HF!f{)K30UA;oO%s14E4&H~waec1$RG_T;qXuUMbw>h#8+$;7!
zI+3BlB>0)XrBeOhjx%ZhQ@m?pYh-8q7jXPnZi`(1_30x2`k8-qIxaB`cK!4SAv*%%
z1XuDAZC;e2Mh1pLhT*}9c}C<1>Z9>SVi7^7dKa_*(1KrLwlwh9y1w4>+VS!6^9EAi
zkFQOrHZ3S()Rve_&Z_pf@ub=*I_*^0^s-UcIFnp*?ZgcQ5q2*hRH#LK?j7n@oF~UX
z-tUugpWbHm=>A}_7!kS2*zS2(jqv0He&wCr?c6+nV0!h(phcJn|?SjSs_
z@i^lvih?8-W?x|^l12!+MQEmYw2(JtOMKJ>^!*F?z#+VH>n(==27~n9b~J4Nb-2V$
z-2WA-EG3=42oQlM#nz^S1_CAWZ?DDo0Z3blVofC(KR7IjEW;dJV$$)O^s3pS1aLL2U&w1V{kLadxxqIBNUj~KtyH0sT$_EYcPuS?QXD9y
z@LDP^!?m&;puCV=U>uLMwOmTjwWFYWB8JBpIL&((P#G`x$VGX9bD6sD9oluUhp7mu
zxU*do2;I|MriZo4>O+m{f$jyafq~?eT-Ap%>}Y$njqQ^X;FU7~@P(Pc=!X!Jr(i0V
z>~3`_JY$(CO~;F7oOD5IGm_dVU0FIXTqtL$YEjiuqr!`xfapi}$6oOkW*Mu!*K@no
zk4%TO2$7xmmQ8cdzJUF30A7Gu;33~(mYFC$^{F?*6zt+&!af$LZtI!p*i1y+>lS{5
zqG$Nj*ts3KUW^Lp{eT~m+7Ya58{JGSxj3ND^X%h?2hH0uDT`RcK`mb
zWMA6m+t=XI&QubyVVrwZ#i_BjV?s_b_Fuomp_b(Y2ch4^l{v^L`(;H^DPMiUK1^WH
z3ftK>i-FLyEX4fsRxD+-3GUnV{L&xk9uLVo?u8cDlXC=z_k2aZ*k3I9*br+vs`+t9
z&fy%E+m2A?9Q8hV`XAgL_ch!`m4KvgSy@XpuBil{OYgw{kta-YLh=KDF&@yrHJbcS
z=pg^Zc>hn)`kN>JM`cM;)UrYrK>2R=N+YqoRPI=6k9d(vFV)hCi4>`AGUPuEibC*l
zXwcZ8u^<{#r3!z}^W(=y5vc^pqw9vy6e#5D1@{Zh=j-=0O;DwVYOmc%b4p{{c{Anx
zdaVW0#~4A$gu`NzrGe^CXTp7*vZP9Ppp04bv}e23a-eZGJt#d6e#%vV&7e6^WM|vf
zV4{F}ZS>o4v-I_uPb-xU6PV1UWPkJHS;0PsnrFmXBIoH*ghqYT#xK%m`J`#3DHn4%
zT*+5;-+PHp$8NU_B#ak^mqz|O&uIWM61L_v3p7%K!g`l394rUd`n9%~Pms~Ut4XPo
ztRw&$5`t;Jj*ZYQ4$;2*lTFr^(t&TFrT{07nRUgH~+?SK31~Qxr-q}V5Nhg
zZvAPPG*ss%e=wu^1#Dkw5Y=sLQm6zK;bg~1D*GWWqJBKAtA04n!z2s;WgN_{i}8TG
z(=jmTaeQ-EL~vLRk?hr?pM*~+b)R>SOqY<^gFp3HrGJW>r0}52P5k78{)gc%HdIIS
z2MZe-m?T`^DWcH8Sd39*Yo2Kh+Xe=mdh2T7{41ZK6f%N3Xv-<3&S~nP>m{Tk_m6o_
z!~3GunoFv$1MWr{6Hm%@qsM*lBbQCKX0XY_Bax>~wzly6afe=@h1BfgijJ<=vPai%
zbO>(6s6dsu+UQBD%TaV{p^EmnZKE9~3@LG1j0&j=Jw_2zh6!`xQ;ewd)JjiD(r9;I
zbaX)hN9~r>*OvOjTvO83%%n^`?3cD8yG+&E?H!Y?;#7CvxFx3$lf$U=qAq`#5_3%#
zOfkQ@We_VBaa#);X_rX=)blLHKC#S~ssShbq%usCut(IctTTGmo>6Hf#yyh#zt$rndm~&R!P>zy38Ud>`xx)ox88^
z^<2Zz;Q|L(va!9K1;HD!|WTIm7=)G5PFA9`b;WnB!bX$9``0r`}{BO%Ew%e#fGXg8VA
z_P}9pm;g)~Rtkou%}A7{DwA@%s+>_-;Zf(3tMWxMwi_L@L-X!{iZ)YL2xe#TqqoKi
zm5j;?5~Am6x9QONE9s#0Fk)!6XgRlWp9~?_Gm5ZaS(zGazL{~>0v2gYv
z77(ehO|JRJqb6J&{d=>3)1)n43pvAnv=b4!XOO|Kb#liG!uW~VqkY=Br$}0ep3#Wv
zC-xSJWS=&K;SWcmE_Fg}aCvOf4(KexB&c}Hy
zd$-Rll72!Hg%N)--iVr~GhxA-XW
zq?hnI7CbHe?c8>e*ULk1{{=B@{GG4rgTrynJuiPuA|h%~NK
zFO0?Gk*qJbUT>dRFPB|SiMCnC$tDpKyNz73sh8MLNnnH2vRnTs;NWieC&yp4nZ8!{
z>Bp}qA-CB^qkdyifZwO8r=wZyc>UPNcO6@i=rA-I{DWY;P_<&=(_^+sYPHa5-Ymic
zB$0BKF5yt(vBo-9T+O)5?BVgJw!Qki82$Z>W0|IcbxaDb&ESdCPODjZJ)ME#dB#ky
zPI;Xq#U=*AXgKdZq};_6b>ICo0I;RA$CpOEx_P}~!d#K`6M3K1$O1s`1%@!w_wbF8GzOKqj
z-1$xg3^HAmf4mOWr`I^*yOj46L(|MSN9&rgR)C=)zHbsPBzZrNtjJ^!g*d#)=&`Jfz}40y`r9_hF-u~GQZ)l0>Z>m0?vl%%`Zw_#+94ZKo%L)G)%g^p+GwkJ2_br=@LZG2D42X8GxlXEU
zTeIl{;42h>?q3^~&OQh2xRjjjnLb^2QnPq0}CxFks_gtPgr5Sm7_jFp$F7P#vVx$3B0
zlm?g#MtXT-Ivf}f#4Z~@thFC;Zw>;xfl}G+(&6fAmgt4r&90A903>^Yhp1kqQ7>Tk
z*`1|$Z&gVU^tYA#4u+hJSyKVQn%HO@6#(Kz3T}l&(rgMV%unJ>lH?;?q}Iu|G=Uu8
zZB4G3Cz}C-`|V};+h~d_mU)D7K-b&A9_g}AmL9Xg#b_ux=-O1_0N+Fh?ir4Os?{7*
zVJ|FkxV2!wQmAu~fHz%LtI2|a0%$Sil9Mj4BCtkN&unZ0{pU$q7S213k-C#Y%XQ$q
zj-LH7qId<771IVOthf-?
z5Ua>YN(O&>x-C7{3$69MfzvKeFmI}mVfek=SVGO0wxT0}qD)Y_E5Ktp0m+0`K>zWg
z>1#}e07}$qyKT|2r7sUQFjloIV{hfoUg%494~ND-#iNHk2`gl+t=uOGOUsN1fIu}>
z&~0$sXVMoruS-4m_xE)_N4z#84MN|{tO15ho`rIlTOL$F1Q3sesW!bz
zvWtsMy9pd69=Lu_aO0OWapL4cwLx>!A*nJ5`2A0koqy=q3Bt8nZTs6Y88QAOD3?%B
z8r4qNIVr8&AJIgq5c=KTzWpl9QTi*kV^ZECgGgW_Qp5q_RC^K~Bbz#tgNf8-Y*X?s
zNbmSuwuEL}{$Fy2gEl%US37H8`ES7J>~`(Xot9?!7u6PKCe4hMyTB;YybWFqwD(89
z1N=bYE_2apZnLU(!)&BZc-V^@nD5^u0UZdW
zur_pL?#{M%)rtj*rX37K-?4fcIID(IfACKdCW7{v0gKr)o!OI1
zU|Zc(g$l}dg3$qOhfocGs|9(%8C-CVhIe1_*n%O|r|xWpmuve0$yw*`_EK#U@sU!c
z@$ybLwutC3V>~CFEp;iq#)j54W=HOtlEPEPWR^~4M3k`)fGl{>?jJ&sAZ$T@?lWsS!&vFo(9xQPP)`>T`&%Cr|ZeLzEKlTF&
zl0$qi3wUU>cq0PqC{5rCTL$i0ePiz8CjdtA1uFU!wk?fYXU)XzX*d>X(r2IWHKVzu
z6c5hCIgQ}IL2q8QIc^x4LXP*7PgyaF8lMsB_?
zN6%pcmCU+JoC4ckzu6Pg;)4ZX$1OjIz{D>v1q;5@e(||cSN$>h(%*ihRO+m?o#Y%^
zbt#PRA~9m^;Yqtyye%tYBLtP%i&dNiOI!EHbb#^HQ?_M|e{msTC;@*J^{jq3jQCy^
zrGIyz&k^WjEdL9hL9qO3f=~AQ`4SVKTQ)&z*d65ajjpG&pC0G?V<@Vpi(A4P)apTE
ze!nE4oNxh|Gf+gYu46$+#SMtP0?2gx@262kp0K*y0So=2d1tB)t33V=O&N2g9&
z8Xj?C5-KlY2mFh0CSY5j<9*35Dxs;)7&sBYGz_v$z~J
z+4q+@(#l)}g*;|Pl|)C$K?h|5bw6Zg3SwsGs`t3{nac2l4Bk6TK5^(VfYSj=yY?|7PzugY%8$
zI%YWi9?+b-VZQ^I&=dAYco08taTt+@{%k1zW7$As{H;klSr;XS-eCU8M9XO&#G1+N
z94X5A5{wiTe)xL*t{f^F1LU!(b>!OkkkiV^vQ8Nx#6Y{>=nv1-wsp34OUJ=@p
zIy!0EStK>J)VzzxeLU+WHjmu#iujLl~&F?SB08Xtv}V(_vVsicgUjIJ}733*Tc0XGVL1pZDz=Yg=r
z@#j$f7?sdKigJn+v2d_9V=L0c=&)Q~fhoBR;|6K$0EhaJugigr3tge_jx_h>@8~JY
zz;)r`U;Se$cFAR8s~ER%#(c?R`A6S>-dMN#z5+)l;^VZ=jqv=kbPjR6TJwoz=$B7M
zl)vkXpb@_2Gt<1)d-()(HqEOVI1~5F7PhGHE6CtY`7Etxlfb8C(<(EJdvBdmGaAc*
zXI~g0#VLyKv(r3+X%n8hv>OJL2M>QSUxHW*v7^qJA49D;^e)oNRc3XVH3Ec
zTA6z80A{$#eSjEK^%tNo>~Ba0G&f^Odf*L>DxwW&m+Cn63H1tF_yLJ!gqdZ^b#5D*
z$ga)pbjCYQIX*@xeJ
z;b90%31jmzb@D2mo^>g@p;=BP<`p0j-eeNzy#h%f>bCP0hS7B%+gj)k=5ay~b9>LK
zb|F61ug^AUm;tpYJR(|j%f`R~xJ=(+he%z7u)sf
z*x8MTHnjKp6Mr{NW;9RtJv#E%9hz{h-8(-UfcM^m2Jj)Ns-Ss{brzsRg0m0z6ceMfWkvT!9Jih7VdY%c9iz
z9YuaeID?@SeiO$4MLN=8C+OQcQ)hNB7Psh5!ji}tEtz$BEtkW
zx^QJ_3^2(wcFfdu1eO`)EbE(r
zFK-^anxq>SIc}H_UbI3}u@os{3zKthV`+xe4rrXoQ>wAPYXbQx%I7X&Z5OjaVPHBs
zhX0;PUc?$iIreu2v?0=0wMl^3O>?o@`_)@?yFPb?Gx=I&jP9GSajUiZEer%kJnVaB
z_gu$8%#t5))Yv(h6gOp94Zya7JO)g^Cp`I{n!rIO6-@(p7=v9@zKuUQc!U_QV^U9{
zg_sk~TWq&kcvq!PZ#&8k0-eevBzwnBh&}MT<2Tzz7p-jGJZLhmy3nLBcV*?ZZr^(9
ziW_M61S(k2q4Y6lG$%iUo#-0mXlDxvK=9x0Wh#`8V9BD^EObT*OG3O;f8czB+X!mG
zp$Ztyhn%n}jHjp5KQDhx*&Rma56mK3y^FHzm=Qo8Xa{s;aydR|SZxBfn-(dXG_}tl
zD8V<2{OHu8Q<=-R94-Md{L>tro~_G1yia|bfx&W?>Hat}bs_HNs_&scn&i*oM0`*Q
zPbW7n&jIXR=2yYoR0a~fAb-YqGRQl!za#A+6QMcJK7?EuG50a4TmOcwv0PV>KvI!Q
zGg6uHyd{+WZ+x9H=%#c2Ew+6$xK5kglDtetnUfHY0Z;;FVTOJl&^GFE5By7J+XzgM
zTF-tT`8AiKAq>UTh?r8lc?CU;_?ER*lGDX=Lf8Y!N1+4;TY(&DvbP=LQtrwE(}Pgd
zXurwXRv1uJ=puYJxnU?&)&QQg9R>z*3Sp@CjPQGB&%r9O!$#5@bw&H22=>+i$)yx7
zse^N_O-PYh2G%q#4v-6790MyD!NC4v(S$FKJl=Q2atJ3NE%v%u}}15K>^>Sp)W06eJdI`st*(j
z8T$QfSZvn9oU>8FJFfVt#=h-57qTva9K7vx430yMB%XO(rUTi&3qWAUtYFOF6d{oH
z+$UxcY2KRTQmT!=vWj})shOP6=@e6aSb8vEc@ycjoDMkorb0jLy~5z2m*8!(gqVPy
z;87MvQo6s;|0MP}3P<}|l57_uWBTq8joRjmi7p=;oE#v7(F^SE2nR1Z&HJZxW8^S|
zpBog6XZxbXTjI|FP`b?=6FD~$gi5DM<_2AtwZ+bu$pebs?9rjJXP27izsr`xHTNQa
z#Hv2}hF?~mK(K1-4M}&nhM4vDtx(lekWAg0@J}(7Hu%psP-hgMGW7oaLSw*kUwD{*
z`HPUTnF{z?E(#5q4PM<}Ranwqs~!KCp%ZRNdXquCrEQ6}t^t8N+1Mr4FMq=?5TaYR
zWeb1cs=0F35i?AQmzSl73eS6Y?$VAwNOkE`)kX|fvoI94Sf|tL`D5*53TLaPOYCFq6F<(yP0AaOzjEeXeG#;9fGTE9m3Cule#x|*|^BT+#QGA71UR8V0a?(PawbCvH$V~vq3WL4v$}c4J~1ZB4|~8Bd-z&Wr_iuFxrd9Cy&G9;av91
z&f@lZKCK`ox0?(_%xQ{%AbS=YhgojNrg2?6)Y%Gz|F$5Q%Jk^S2q8wMT58#Mzm9#U
z5KpMCfP-%>)KFd8=dYu1Og|XWxiz|)(d+VjdZNIT-byM3EDOf-qEN%$*)0U)($*>x=mqpQ6l|507e7i9s(6nS0_aw4n8HQFJU#@^h#CBzwsfkl$(ZQANW~EvX_in>U
z@_VO>%h7+pRdn)GDS^L^TNOX&Z3cbDZ?6|vU@xp8koqR?057l#KkIX+>yKP56fcRk
z?zG&mkKPj>cvQYW+o1Mp2t4-;-|qcdMfFaR%z6`xTIX7EZr&18*tYB**z$HXRuRmz
zpQ@zB0cLt89DJ+`ewJI(5QKc#fD@0ZICy^}NDSrpM6e_-Kree=Jw3a*xpTD2?
zimJdz@#nX58s8wCmj$X|<((=ICSN>-6IN1brnn>RZNdhAznIy)8H)vCD<%;gCA`5M
zdCrzmQW!D09EPRBlbObiJPS?U#ja3rAGI-JA&#*_a9EWZ7RaDEw(QqP&%kcSU?Zi?
z?LgiFEHG_BaMX^}W4E4U0P5N+r%6A5y@e)uV^S@#=2s*Hx?I-u+zBE)DJvN8RDfYB
zC?!qG>oAitJ&Ph7>@dt~HNt*gOWIthOZjP`eFEc1D
zyQxrDWr}+{laLk`B#5zSskL0v*he#*>ivQLbn^pvfY>VS)MvYtv(HR+8K=@K4U_nJ
zq`;LlWc>{iiSr%gSHLmu>=a*3krOkI_A$Y!TqQ+6+32s?1-%kZZiwra_%ABybf*G$
z8ae=gbIHHk*-8EXT?gnHoBSUe0X?Tp)&#$m68<4N*QET_X`7?{a&Bo+S5;IoRqCHL
zsVitRu!6k^p=qE(X8!MM30cXaEK?3W2QVLy=LkL
zUCxX*Yl{((L?kpYXV*9)FhxXaY|ltNxdBut6|^VdvR3uYFNnd(1qEKM+V;)w8b&7%
zTe*%omDiB&{z^ODL`{}p{N=GeWe!8K`1TfBVZaUs
z1J-D#20_5JBz?M)7^RXpncFQ)A@2I8D3+d<C)G_VVEq(xT{6)?JQCYG6bog@1tWLeW!CzU
zq2p-Gd#Gblrb{)_=2pLI0LUWs2|KTE))5PZQxtq)yn<^nxyU?D;a2PkhcK!-rd432C4Hd|zSbOO3)
z<7fSfQF!67C#)w-VNg+{S?Xkt-)IhT5)>Eu{sfZxYX&G?@~ktdrt?uouXTdw8+SO-
zWNLzr2$R~#O=~#F=V+dyNR&*KD=&J>ZTfQEVWcK)#f%^ZM^(rxzk*wQofetZl`sC{
z3K*-#BIas6%1Vy7+Eryc+0@znIVp^
z_b%<{fmFiCZeA|czCoC-LQGK!6E`(10^HaVzdm*Kk~Fz{BY#7#*MhsU^{;xC3=zic
z4LL4TZXSzn5=rKhW-Mr8t(*{Z(sg=d8)mJMfE|RE=_j4g)vy(`J}sV)Dw4asl90NU
zSZ|pkmMWM^v%Mqkd|ZY>^Xwx9MJk|+7*M@Hd1!5=$fHc3pT{2ji?L`T)Te$ki|HC~
zFMZ*6!8jHx@+(;07Ew8V8Bh`JkRw@>S1oUDy=X>)>519fGi8RC~g{s5*Bb;&ktEGpGU8z=X4
z7=opbDx`Ax*xxFR7$h2v#JRt+0bhKQ
zW_urJk$~3cE5TZ|0O&LfU;Pv~%8M98!jFRVKP3V4MYlTOYje`1Z7E`d6nRX}D^G-n8vn|W
zb%qn1{zJl-2Un!SMgmLcVEF~+{2jygR!nHMRk7O9D!{nJ6IoLx=otd!Z3XiB>^Lyj
z8b#>>0?3ucofxMKrI1Y9_r6d}Mwn<3eqOiBuhp}7aGD4A&0C*r{ScmPf@im5|M#+9
zpk$A!AWBAO0VJ?FrF2i6aCtpBskATwee-DgT_vR5o5<`n9K|EH`8Zpu$U^yehIFMp
zkc{~0_!(kY{uQG$~
z=hNfaPB)(cZ7}N)%q;BTb?;gCxNv68GUfE_d~cK?7}e(OU%#sLngdzXC6(-!}rmkWu}ygfIc#2^0WX0ZjvJ>n5zCmDdbRmT;ivu3TXn^R-XpMW>1%(c(qUzRV)$CX&+EIsV&o94OHwFeuE1p99Li=dz
zRPih))iRi~tL?^Bc9go+@|W21;mNT8CP9>>N~c;yvFS=?{bhijf0w99P^-m>?$DN!
zaL?SkY1Z0)maCSJ5hUuuo7*H1cJS+x0YX&XL6TtmXWQOcIXr_m4YB;xMu>odT$X|I
zx~g5Yr;hNd7iCunW_K?T>eTuv)LC!LIh45%T*ibV9kGb}MF;xz`yJk;ULdcKbY}ZZxnj-ndU&>$RQhjfZsT1aKH=te@K4)@kjps{Z0X
z{ki?r*~+kOCY$mPYqp{RZjLc$2cQ=%9}ALgKF7*%B8R$c?tK@%p0vTh=ucng57K2y
zk{vqpNGhz~bBfMYp{oQTF*#GY?0ebX=zk%Ss#ydv|1>#TTM3K;Y=Q;2%q{%mdQvX2
zDN1zG#+k1qdR$A`T_~Dj(seS>_N-L>a!+y9#~Ztl8O5SExH>kCA_;%mP=Y|2qWX3HYpFH0@tA9#@d71M{bCWP!OGnRD7V2(nbmf}
z-4=o#pST=&Z>D*H89zQd4s|SE)T*R&3ZK0
zZ>%bx{sXqH_TSz0Ay_ccHken~NV;v__TdXE+);BnUC`NN)5=+M`g6H0=;r3M)<874
z`g=Ni{e+B216=||a@|n04Mei1w1Ix8yMS|s5{_~>Dq}xh8s<3mt%rhj26`0&WhWB(
zLCo!fA{cRv&Cj6&+g`6{xkxYp1M-l{*A46XbHe~Ng$6tO&rqKrwWlM2KNY!Os&Xiy
zo5n-Cu#4M(fOwjDTR&DbQnVW`UQ)O2j*qv$Wg$=VX31O_+#Fn~k0
z{j)=&*yvEH#+C4tfc}qBr(nkY?j__16?=uPH~t7I@)X>U2iTny3|*Y8BaQA)<&)o!
zy5njGoFGsIjCk``K^XXF7kt!W0$I!hI<8AyGJB89l^Z3p%z<0?6$U<+vr9VMzbnPk
zT-sI1V`bLQi~9;KtQt+@n@+X|l)3zum!LgI)tY;p5rrU|Hrs!vq{ufmoGQs{RJs(<
zMoXDXaoVaw=sQV=t=V6^^N2oDpGc_j)%7zktk7k+os@D1lMGCtDbEPjQPz8Bpr+(i0d-D!y
z253!cXw9%^fuo%$C`Dt`Q=H)3fd7N0tAC{7$Q-U}7T>0-L2mFtkD9tc^pkqIpLzz9bjVFe!ZLoK)>i@1ZFN5w3*UOp|--&=l=11gWk0Ki4|Ln`}Fr{$*5klE+%6Vkl0ocd~L6_B$6t4
zgGxTK;_9sLeN45#-=KKHp4m+iebCfJ$N@flAItH7&RRL_M9~>IfwA79JPqktqVY_6{Y)LJQoGYQXNJ=AdB2zQ`p^A`z)ATZYE5YxZjWk*i@?M-
zN=P10L1lXQ3#=AiV&y>9I$~DBlbWySEa-K(@r^c58hlAQ!~0`%lRp#c|-X~wwQdkE88uV_*P*Ys1v*}t-&5&SHZe|N4;Ct
zX1i^~4zmc6+AMTXypB
zUd85jg*S0|HzPvZJ7w>&@M#Z#1*9Ct^BE;nWAD4JPr3J&QN#gaw!@1xiQBDYCRd$b
z|51#r4Cl(M4+2ceav3%lco^jhDY2kRfjJ9j}v0*x0
zd)zj)>hQQlw{O(fd#N;klUfrDT@2+md+Kh4n6@fZkL9-;AH3t(8L
zsuNHryL?kVL3G}ze@I(B`P3lx+Z}t*Zt7VHUuA^Lpl;c_MI{rar~;;oSm{vvhXTtv9dI-3dfQ10s~I
zYOo{2UG02eop!0v>)%8UqQp8;AABHSHAVzkJE_I$SI435l0(7t2p`s?TibZJzMJ+y%d
zfIEaOm;{$2SM&QV`K6L@@6AKX9p`Y332LTH!W88^de1`BRMdT;(E(YOk0~CdwaH3?=@>rt1GGn-~%lHei00t<=JsIBHSsCy3JC;*n0z2r!)8Pod-{Hy8w;u3LoCFrTje0+j*);^b1g4jIRZX
z1nTBPHlUBsJVwOHP&%|Wn_pHP#HAZ{gmA7I&hsw4ai;!B_fKcO29V0btar_OPd4vc
zKE!Zkg9?LZ+3;uPNQ|S1={-^37!<&*_V2rs
z_n%k#i_1NV4OwmcIjQWt53`!&Sv76^p|`!}u4x!lev4b$i;rn>tGZlr^+=6Td~w|z
z{Jcrgf&(_p=>M(G@^gb{&8;@!X04=t!S$8~d+aH@uG`%Av(D98e*Zwfbz@)uxA}Yf
zuZ70;`$@I?+dTE`WgTi=+dD9>WStj^;^i}D
zQ1A26?E*h_TV^=;xNd<@4$uBPU#4FF|2EVw-Rkn!LbWHRU)qp5q}|8JZ;ejBZ&>{C
zw9ZGLF6&gKbDgNV-M62bw`7j<+B1C@zA4ard(e;)k-xpy7wyqasjqOf*TInw9BaPs
zdMEMpq{KT#hejTc{I_$3;H7=0M!(^**s8&4g&);iT
zf9u=##n-^+7cM=Va_9MrQTu-X)XDqT55IvIZwOYUs|xyZ+#uo9t@hl&dJ54
z?2r=oj(`0;cF2h$x))w~yxuNdwRYVft$JLE`nP3`p=klX9{c{sp8d5(-h0%_@y%>y
zQs1~v&x`$Ap=#K3rz$Q3t6nU=rCPJkL&%mt|MFKyg_gzMv;AZqE0;qFMF~aTym=Lk
zJF3Dkd8NQM8uOD+frAF9C)hvSr*=?Cfcy7j+@J36`s76t{`ok(C8(c~(^a#78tfAi
z6yUE4uM->~L{3w`0|ME9DD;c`6lV?W$+zrS6#89p>UX`U-(~M~6apws0W4<&^imr&
zoZ{yVp3wXlB)x{y9I8<$F9lG15~GupfXmqVXj`&x8!x+k!iLUrc@zp)3eyq)$D)#K
z(aa@NVn=7NT8HgO1~#ng)+%|I0gjyDMo#0gJe_f)xCB^owv{199mP}Z5lPP)SHR}2
z2%yob=#JA6`S9E7)zJakcpl7#cLEd>po-xTyo#m3_;$J|KW4B#I*AYQ;M$10|Dk>?
zMM=qVf0k!$Nq$6JUYHcGHt7vjd=hbsp-CC9HX2FM`IOzK@9VK=aSdc7Hmp^*aNt{>
zG7@Om7Az4zvS)v2;}Wz{mjbO_QvzuFB%Mi{psC`)M%SfA9H|V=gu|VEDfFLk8VR5M
zvNe;1P86h#Qj?9nK{}&Jt>g2TTDX<>OL>K&q_;vrjythDGa;N*KDI2g+UyxR1DbMx
zrfOS&@$F@>1Z-7`(WFUWLmNx`rw@nod_%ONp>MY1hYmNWbw;g5XA0IN=na`SrrTD0
zQqZi>jp%Om?22SUM;THQO?pmHirw#b@e)pIs9Q*(sBeX$P~`3?gyUmONl4J({H-XZ
zHZe|P2*Qn>Y$a6K_xaBqaPJAI=;U-1%hSAvGzOJ6R;M;488rMP{g*5EZ-Wu*!iatr
z27K$1C`96G-qViwiaqT(Hx-_gm}JsKhZ_8_rO0RsGwA#C7@+&QiGk~2+XRknN0A!ucLrAGs{5u!(UsQyA}{qosDx(^Y7
z^sL8*9PeGO`(iX@s}Kw6rpIlh5TsvV8%+woCFis+bmb=qUl%2%16P%a!mwcmZL->=
z5kwz$Vv;%0sReX*E5#}lBd3a>C-p+C5(LjZnaYCU7a|+#hyD+R2mCU`kveN*dhr*h)o9x{!f-bI+58JkTZ9?qch_FjH
zo-_6ffkPiYu?CGM0Zjv`KUMsdet`i=@$uRJmt9dKPyPDzD?*97m~D;Pen<`<8+}#5
zf%(IbzlK1f>K4z$w_+zn(D{Qv<;0a=&ZEdfQRG?_=(bZLpkZpQKx5S6QtGB>0Q?6f
zrmNEZOCrFLT2ow@+Mq_OmwjlfZL3_kucOyf#KbgYoHV@K6(RV{!vQiH9e%Z#jwT#+
zL@Re2k(^G0Om~Ig+pBfa`UF3?x{}p0TNzGt>oN>4t0TFx=
z#^@$#$0tbyg2hiuoK}A}qS$G)8szw3%aib361s%+h+v|Anx6`ppBW$8yt!CLh#`L7
zPjBeMNf^n`vY@I`P+P^Ij2c5SjuhfR{vOi>GjIw;XSg0YZqV{L<`XGh7NoD*sEtx(
z;Pd;q?^UlI9Z~p$2<_e$7JMsSSRxVWI=4q&ZqkJI>aB?q$`CydcQ2%XU)F|LbocRU
zQHgART4SQx6eXBn4;?$;&+QOuHH0EZ2w5KQG7@Rp2M1;9jveC(WR}gHEcp1=r96`Y
z2SeG0#^g1>9}h$kBM=^cr7#xrVkmw5*af-};dmt#Am{M9QeX|7`3giVCo(KyjF}uB
zi+wy_HzY-@G0S_1UOX)(J`0(u0X=^*u`vJiBCRf5`Jl0ZO;n`I-qL+DzK
zNnkL0F~?5vSGxCl2cQI0NV>ab6vXk>_K#?-(^Y;;N=OH;2bPM%zHQnCsl66S1+E9sc0=E3`Bi
zJwUqR1$s%t4hmDEhiTGB>3RCjx32y(FdAOd8oH`SIpnb>(kO)S7Y_?cDFgMKLgP$}
zFtM35{BUKMFvVEEv_rWO1y>;@q6ZlA`wLNI)vJtPtBfZDB5XUvjySVq50uma&P01`
z-?q{jL_)(S)6#Wi&`Re)Z%{cApt81D`{Z$*Tl`y7Qj3NZjvtB%(W
zQ1^=0_yq9;OzY@Sj&h{AotfZ9HF_8tBPTrcc#?Z385M2;h0~e&Lt!Aa(3*?^QMMJ&
z7JU`75f=O#zCtUwd{@B|`X#C3vyCUjP-=X@p*?W+{e^6k^SWw5hCoexygpKIh>sS6
zkJPpN;fZjt8x*tvZF>vC2Pegwv{~byLJYm1e_cb4Jo^C#TK9MLf()uSwTBR}wRg~M
z^NJ)kFlm&c5a$^Uz2<*6Z^glfhry7(l&ifL2P17q_Aqf3@|QABtKkAzFzP0m+wX>vmiA
z|3uAp;4;e+!{$TYUFeZFp=6%4!aia)&+Y(i;WH3$5Co)Ci)pE%JgqZ>ipR!Hg?2h~OweSzRD!HGg@TaMQGCa>-W
zImUp7PVc55d1Z`)8Lisb)=HIN47k#^WR*!!Pdb5qC5d#l|F0!~k4c{Qv+Fw83igPgVl@c2wu;gT*r4rZHxUKnN=t)5D0
z0)@*&Wea?;c!jME(O-G)Y&#BcPFs&o1x!IC_X*t
z5_3-g+E)KLWBhnp%uk;^qE|??4!=j
zv?vAN1hm%(&*Mcv*b4h*jnmO3|1Rri
z#jSp%P~<9N^)vo~^5K7Mce;mK-Wf3&O0#8i{gVo
z#1}7z>OMC)iln#~VjDdb@W_c5jIG(;&m0#wM!7U_eV|!ApR4miDfJ0Ft7WcT{5A;#
zHi}nx=}11TCNErebzv9r+Vy=GNPE)&mZw$c;>N}_ui0XQc~HX^}^JFcC>2CL(g{X9vng0W%($bPLeXlNU2{MV1J3n{ER_
zPXpHZ7qkMD0^ZkWLIjM*&|J*FEN%0xBt%)j1t?34REibhuC(h*~tFp%}EE896EhTV0&k8%>T
zdyoQWKl|GWmXQQH>v>i-e9hx!Y7PZ7?pd)(8h%m?L8e`90h(w{0*4Pw!b_Zc>k!jkd9^($^0K62ybT2Rv4U9mc
zv&MS_i+$P0C14WNu@5gDXG(MuK^IU)Z;zuhwJ0+pzKw(YPZFv~&AVLxH%~G$6^54%
zWBa=>3yq<2Ok48C?inLSUnY0MU&Ko*p=(z*p1FAuDdoNI$(1p|tk{5;u7EeYF;UG+
zgfS?Hh0`L?yN8SjT?pYXq@k^L-;wt_Nd4oGsc^b+q^p1{H_g%31WG5fdV%U$O0ef(8ejKi*%yJH)jXaYB!
zh+tBQ!ulzORTgEOCaMoQwrsRARTJ-eWZJYkg*GmZiDq7(Eu#5j>G!7}2UtUnxJ7%j
zK>Y;7o%8R1ZmGb^4=mb>HTp2I$huv&tOtg6Xt4oMKLd(RjDJNInjLtut>_nMS%k?(
zbb6h;!FnJ%0I@PYEsskA4`SBBOE%!)M;G@HX&pJ5tE^)JnwPb)v0nEZvS1^yegPJp
zA(YeeV2R0FHfBL#wgxLD@<9p<{M+q>Hlx**F;kbIje-~G^#i~&$5M)8&>yt31}0T=+=5nKRGOH
z83wM5o;?-lq!Q7|;rae7bY5kg4tBm&35vLbs7M=sZ3+*N$a>^rwI2rk4^78ujP$rz
zbc=75e&azD?5Y%lrB+S-Zg&WU9Nn1(QH_&z4eKZqHk90w&
z^7r@S)u5~6lN7Q-IvHi8TlY?w4B$pb89ub=quU@K7>4Y5qf7hqSW#%U0&Z*=y(JO~
zNWe>5XZ8dZq*zt&99#WO1hB}Ui8Efy({dscPq?D*d|03qQ6`cXn>`i}m~fV*&%(9w
z+vE$|<^Z!B@)}y~@snA_wBWMUIKj*L@g2xI4P~Vh#iVIWJe%dtY}73+=BMrjD%tN!
z+xze7!l=C7*?4k^-FpCu#eFvQd-n`JNMRE>)lL}1w)pXxEJXA^3>vb;n=Ny-s1ASL
zLE(nLGOj471B_9|<3DaZ72YDbcl
zm3ZlBK6kMoTxM-=kG*GD8pfjoQa(7R`N2Gw)$@6Y1-(BfJtqG!>vve*zWgz*nmmY|Ku$OeyCD>Hfh>*YG~8m?Z+BNT(t7tKV`m^IR0=q+9T}tN9?q
zHCX<~yFMxD@P_d7P#qR<+EmFUe=`xygM%okFl@tS-!}FG>=L{+@mih}sZ3aNXFXaJ
zm*8Ysxs(MI-{!4h;d+?#AskEhGTrHfR9w*@x9zCSJ$?`rjerSSe9_yJX=Kqk2K;T(
zgTL4FmM#-m#PUO2>Z~DEWjvtiK4`*5A?VT}c%8KfE+@)D~XkEY}h&^P`eGcWy&js}ns_Wj?o66j{9B$=jYy9|+i0
zcEei{44*&Z-=mp?Xkan6NiA0X6&y@d?Nu@vW(tWD_hncuSXBDg+R^;Gv
z=FX5Zgwu5ho~fKRp8Jlt85yFh01*k4V;j
znG8u$I8;NZxVtY-a_<4)@=yQ`p7*k3aK4gjMx8F3hLV#>0=juVbcG)r0~-nEIar}`
zFYa2gESV@qV`l^X@Tx>;zEZn|IxidxXf*RSp?x4$wORUZmJmlg3+5B43dBJHX@2Oy
z*9`-nEL>(+?9C_jb0doP4On!ye1#BDsn96tO3#hmSqZc9Q#J
zEQ79tQ&u$GM8_J&h5V8II6dT)!2*+g?wPHoyj9E2ZYqE-Y)4!7jgy3zh?4eCh_{8U
z9Uec$h@z2ILv$-PFp
z|H%*}nfRGF0y(Yqfv}KC`2UPhSHb51AaJYXvI08
zbwVw3&xk46!GNk3+4dI*&V*&!FAwrw1`AobLn|)ky9}0A8Z73^m@Ev(343gBJAF3Q
z>lOxjZzH9q_cyIZ*I2SdK{}jfhWuEgW-L-5GMzvFYc7)0VY9bQ&3T>wCpkPO4f8BX
z!m+#O-7tb*77pi0IYHS1GB`qT&=Ff%`PT1rDhTkG=q}M!b6Y_f1R3XfuqmQOuO83_
zGQ@$VB_%`kBC;uhqOpn*F^w;rHJf>T{0_u`#*Vhezg<)g8FFr7d~~+hLKW_LAz&wj
zDG$NCDWMdl?Bfv%($~r@t~MD=2xT@$KGY~Jhb_q@;?qAD+PW0S#wf7O)5ccLWn~Z%
zS)e+RppZ6u-v&=elpp;{I>OB=Cxc9->6@g%>6ffU`=kyjKU_b&1r)y(wB3j3QPB<>
zwm%ef+@d-KKOjRH%_)CqQ^gJvA!o?zHf9k~+Z(ufeTr&CRasOfK8=lf^2fklnBIF`
z#CF`YObvMqY-M#y?%3uSO5PpHqT8J7?(*=3^tAiPuYZ-xi;dbC<7!Ij$}gbxvlOHuH?@L{_qOCkO~ebj!1f6
zi5wWkAV)yhq}6N<#*K{HT^`l*A*yF9N`qsSIieHNqoLuOVQTn?H<~>^inLsSbW*GF
zrckj4(6!={xFgW$O^8W5{i`<88F@G6lE59ZU`fPCXp+nt(uqUq5a|?Fk_c&VVp>X{
zKOoOL5Yky={&q6RL|fR6UvHv6+`1yRv`Y#PsJbeRNl1o8
zfsc&j+@Qi}D`?9P?kb%`JhcA2#XlGg8f-(SkC%tYkwfm!Gr^)DQ+A=S+?hj@hQ<KwgjEzgaBX6VoOyVImV5597*#j
zeiPX%-5t(GuY^fmE}epZ7-@Zfya4#Q9`=f^3m{vthRN6
zAav)qL8^2jp&n4p*n!t$;ljl+TSE_3?p-67L2R@t--_HTN!Mouq@hPZrfiYHC6=o@
zMU?c61jQ{_h)$$iqQXkGj>JTI!LT}B7}rx=LQJF6sh@VrAQMfbJMVk;eL4iHf}vhI
z3JlyMod*-uxK09F7KNN{a^HE8lb}DcNrG+)1{{!1C7iRLNSavtBV2)-vnL#u&mq(l
z{O#5+av!AG32Eq@{nQaTOguUJZB1a;|3MIL&i>+cTQ_>m28+ZsgR+ooyA=qo8@Zi)HFJ!k;E2enYqek45VR^vg
zh5AB=|LPZI@i11Dk$&2;N(&!VL#{+7h3O=A;$`Xhf}=Q1`aSj84|^J5gsgG~y7jut5Ju^g&C
zI()knAMd$H7ze%JD4e|@u_tEIkVc?muCl&&}`Kg)tneh?uLn4VzYcz2dh8*zj=}1lq
zt%}g+PvI_-g&Pv23eU)VEqN(VKqoA0QBrZglq45O>=Q*FV@O=9ajqv9&Y_XmRnb~bLwSsU{(Ig5Zo3LtxUq<=FB5D
ziQ4WstJ1NiUEzh`>P^XTw1f;9Y{}}fL)|Ceb*(>vEt$jixl|6=7^fT)+0IuTl#XS@
z3KfT~XSp1()nm(6N|DmP1nSZX4%_^SIbic-vrX_T;NA^vF=%~hyH#|_0b6}G+x918
zn~-s_7Kjrx+taE!VDnNa;p!okTPo6T{O?oDz)#uK;-J+ADHwQ&kJj@i04&jA}x;QF)0;OAHht@y%`?XY(a
z*myK~&N;Ff8CGehT1w8`V@DU7<-MhplPH9I){Ot{SIucO(mMA94cMxi0pz@l=3Uu0Ovl
z3DK5wMElS^2V^{fYj|QpAxx7h9&y-G(D$>~Y@R%UYv`0t56C4WwK!Qxa7+%^cmh|K
z+U@Ec0^3v$Tjkz4VB@jdh`JqSpNEtD%W;wp7+JMflRRcDtYbWIRD@s88uV8$ec!BU#CT_LK3%
ztj^aSeYgQKe-4@FVEf5~t8)4In`W~5^*S1}IBzfxiS
zd>$*0%8q`uyEUJ}dy+At^u{zk@-#}w75rv^x~06`;^0$(T}JRCIPpvn2*$HZw8
zCF}21w=rkPVD|DYMUyd<*9QY2w27X`!u5%d)ni|AT!Lj7hwT%e!iG-R4K1F63(`|@
zr)SF%B=c%rU5uX1({4!DRVMH}K%MfZto3%j9G;HQnjPL(gQC2)NGc`QLIWJ?_R}Jm
zpTvqEdLEAQ;#3gF>p-l+ic@P+A
z^|f9vha^C&iI4V==Q$LcFimJ$ZV(yZD+4B4oY+mWnOIi~5|W*p2j|)ioz+3@@uqAv
zVyhgI%*7uV=EuYn^QsNP)_wh_m+MeRSHkyvD7LlR<*?aNN2^nGC-#ZcF%C^3GR%8l
z;L#g^4d!@t<$olD`WUmWul9}CNA=-5RfX{Nm^`oq+2rF7SMZ~R7_r|Dz6>gyZo)oA
zkuYwa^-uZrU~&g*FvVC5cQ1>ju$gMJNJueetghnSbJ*@t=RRveNsh>)m+>?|B$?WL
zu(`l7mPAHXx0a<{LGltWJ^2}aSUQoI?L5_c^O11g6iY)Sx{3NIZ6$DNc;C3a{sF_hD|hn-GFU$uoMeKm!vHgqF1FqdCSS>OEK_f-@M(G6&r2o>(j{Xn
zZFGjmh2xMT5%t}UeAC|rs@sm2j)b}kl1UNyGGh>?pT*q#!-n+0CSW7GUuoxaxFne|
zSj{*sgShtfz_LliQeW}X>G<5slF>8oeo;!POM^N%oXHDuj^U;K@5mL&gybkqz6t2U
zB@bMC1Znz$fF2^Kdrc+*xj2OXSWTin;&ZTz`JtDQ4Zkj#OdV^`m~${rXK8z@;D>vG
z|2Og#+QlE(1Me3orCC~0uDHt$C~qE8SbD)lsoQqQ(uB~mIsnU#(
z-goV!RZ0<;aAcW~?!r4fkjxux4v5^T{@q{O)gcC)1zq}5LaF70XRZntiiu;3c(_%=
z_P0SrZJmG8W7)#A)$3w~$l^P?4s*ar%Px@7i-cX?$|ei;^Ah5!Q1|H25cJ?ny4c3u
z$zNo1wGRsO5BBqDP*;d?Rktxi+QAoBL7j9Q3Co>ZY6cpe=@+U%9}gk2F^!jd&4VhN
za5^Q09PJ^iSFgShU6-w=<}3zX0EezLHrPtcuB~LN=hZ-n&iCTh&r4AYqEHKbs9I11
zHwMY4^K2w2-K>ILi{eC8#Xt^SlS=l`d3n?mlFmAS&}~3OWyy5dyRVPN&S!22Dg1fz
z;An*76i5_6DQ}y7@Jf}3c^ebh`1ZcfRuBK50&PwK4AS{goRg~BC6W~4Tj@5x^oQ4vv!4pcqmgX01ie;wgr3-V)I>y=XqV|W3JyJ)UUp|S-^fE6A6k%#S{;ObJ1$#AORYeA`D(El?R1tsppQ>)lDP
zhfj#h+U4o>==wy-T(RcEfH0Q9_4>2JSAQi73dp2;TS|9l?ZWpX*Y{+Podjy)amEHJaJmf8!wly*WL{|DLt%j?3d%&CXcTZlAJnwma+kH*FN6QmM$;;vC
z+I8MP;CP2zlHNNtc!E5RKwggevr4ZZ>u?w0bQEt&aZ9Gj>)lc4iekpcXuUZq=I1l?hF|06S=qQfEm*kFT^_D48x%
z9nH?(YFE?yl3TA9;SHqpw80K^D}N5lU}Vd*@Ki+Tb1>#bY@l;Suf_6Z%DjU&y1pQ1
z_fK~hyaH!oaQae`PG2gYGpvnL)liUcUWsdSJmK$ds8jUp_I)Mbo=GH
zRxY+>(#71AWKPer{nYzz_$G4ZBAGX*XL)9>lgn$Jo=6y0z3v|BNv>9^25Kdx&gmQM
zq81y+T~epQIP5l4j73=UrU++ml20hcR-^IwYa=1vX*eit(bpJYlbARslF4o7bFtWhPz{xSx#6RqZ7>zk=V7;@-c{K5j8-;|6S+R{@feQ@wmB
z#!CC`U=*X=^8OIO9%l_d_^1
z6`a`r^_YB4OV?CF&FOWk=FK-?&JR7)vH$o9yQsxHIVQD0v+p1zRh4$A+Nb0bS}sf!
z<89GCJ%aGIg`jjaUV7RNUa5ZEZSRo0z7X{uUT@G_p3-OK(ppznc5QtU;PH;!AVgYn
zIu53vlgnmND4F{UieNJqowB)>28_+XXp_`m$QfhCrI2jan|rPo*#*`qV5N;Y9>82Oxn@L
zhqK5Dh&T|)M%uq`*uj`tRh0&EJEa&msV1nX=7%0sS$|79x54IW95PKkE$~S<9It0y
z$xhEB7q~4CIb$Lu!%aoTi0(JhC{{q2G`v0;Qf2=4?mc;=lIRF_miFiwgb(*6(;3YR
z3%DJmxtf)(WzabOjm{?Rh#elt2FFUE3^fWZV@Mf1b0y}z74O05ovF8sk2_CgGonpa
z`3SMSD6#3(y8KwM<76wJ`)k>38RJI{qU#AUF5SEP-Z;!#%;iiThkcgK7^YGQarMa8
zIO+UJ^!`fo2_$NriHGLIkM2pym_qO?X-kua
zZ9!s9ty%9GG~^tGDgpI)?riWFwECA?2xc`gQcSNqU0Ti#nnbn}MLyrQlXPaz!cpmM
z1ofR|v#=@d{#;=Cewh9RmN9r!PF1V29181o@ce3X*kf3c3bh#u*e(d^T+@Cw9__j0
z*5@MLwh!8)7q=Sg+Dpb(;=9WGwl0M7YJ-igLv!oNVG73WPg)!g&NnHzI9F?wyQjO>fxw^Efik6gRMN)KQq+POzHv4e)kJQoW-_-;h&ycn%B?cA-sWwWsD
zQn7?K{UU7g93DWgq^^W*ds2fzKw^kGM$9xP_Fk{>9dV}tOhZpk^~6qlsZ`j0VZNJ<
zEzb0-ZeOC|X0dqb5PBd?I!Bm6qtquP2J!B~YSuhG3dyoUh1f<<;7>p!AypKW7ME9R
za2=)}?v6@O^IRK~_I*XiVDJ>IWP708d<@|tP|U#H_@Lj|_a*u)njj#rXYV${XV?Oi+^hY!st
zjO`MNj;Jj3YMSjS5;-ysD&)Z@8qU%>J^l6=t(qhm%xnB`BqC>-_rOIPwWOC^6^=u1
zneZPX7u&qFkFO2(3{{4aBec-#vDwaN`duzjpr$`NY&jHKTBj}oNfN>^9fIc%w}V7b
zAZx4CAb(^(jYdo4(&{<(*z)OQu~ZJy;+gQf
z=_M=^52euw#kw)l1<9b4;K6j<_%TkLg1MRd)b4i8=9I$x?MmB$(D3mRA(hyw8HRhY
z+iQ}wntmEXFmCKtV|S6jC6@l>uZ{{W3-j!^ohFG|mP6Ja(He?4H!2Dq2Zh6{16Yx=
HkNo+6GuF>m

literal 0
HcmV?d00001

diff --git a/TestingTools/JCProxy/src/com/android/javacard/jcproxy/JCProxyMain.java b/TestingTools/JCProxy/src/com/android/javacard/jcproxy/JCProxyMain.java
new file mode 100644
index 00000000..2de1feba
--- /dev/null
+++ b/TestingTools/JCProxy/src/com/android/javacard/jcproxy/JCProxyMain.java
@@ -0,0 +1,107 @@
+package com.android.javacard.jcproxy;
+
+import java.io.*;
+import java.net.*;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Date;
+
+import com.sun.javacard.apduio.CadTransportException;
+
+/**
+ * This program demonstrates a simple TCP/IP socket server.
+ *
+ * @author www.codejava.net
+ */
+public class JCProxyMain {
+
+  public static void main(String[] args) {
+    if (args.length < 1) {
+      System.out.println("Port no is expected as argument.");
+      return;
+    }
+
+    int port = Integer.parseInt(args[0]);
+    Simulator simulator = new JCardSimulator();
+
+    try (ServerSocket serverSocket = new ServerSocket(port)) {
+      simulator.initaliseSimulator();
+      if (!simulator.setupKeymasterOnSimulator()) {
+        System.out.println("Failed to setup Java card keymaster simulator.");
+        System.exit(-1);
+      }
+      byte[] outData;
+
+      while (true) {
+        try {
+          Socket socket = serverSocket.accept();
+          System.out.println("\n\n\n\n\n");
+          System.out.println("------------------------New client connected on "
+                  + socket.getPort() + "--------------------");
+          OutputStream output = null;
+          InputStream isReader = null;
+          try {
+            socket.setReceiveBufferSize(1024 * 5);
+            output = socket.getOutputStream();
+            isReader = socket.getInputStream();
+
+            byte[] inBytes = new byte[65536];
+            int readLen = 0, index = 0;
+            System.out.println("Socket input buffer size: "
+                    + socket.getReceiveBufferSize());
+            while ((readLen = isReader.read(inBytes, index, 1024 * 5)) > 0) {
+              if (readLen > 0) {
+                System.out.println("Bytes read from index (" + index
+                        + ") socket: " + readLen + " Estimate read: "
+                        + isReader.available());
+                byte[] outBytes;
+
+                try {
+                  outBytes = simulator.executeApdu(
+                          Arrays.copyOfRange(inBytes, 0, index + readLen));
+                  outData = simulator.decodeDataOut();
+                  System.out.println(
+                          "Return Data " + Utils.byteArrayToHexString(outData));
+                  byte[] finalOutData = new byte[outData.length
+                          + outBytes.length];
+                  System.arraycopy(outData, 0, finalOutData, 0, outData.length);
+                  System.arraycopy(outBytes, 0, finalOutData, outData.length,
+                          outBytes.length);
+                  output.write(finalOutData);
+                  output.flush();
+                  index = 0;
+                } catch (IllegalArgumentException e) {
+                  e.printStackTrace();
+                  index = readLen;
+                }
+              }
+            }
+          } catch (IOException e) {
+            e.printStackTrace();
+          } catch (Exception e) {
+            e.printStackTrace();
+          } finally {
+            if (output != null)
+              output.close();
+            if (isReader != null)
+              isReader.close();
+            socket.close();
+          }
+        } catch (IOException e) {
+          break;
+        } catch (Exception e) {
+          break;
+        }
+        System.out.println("Client disconnected.");
+      }
+      simulator.disconnectSimulator();
+    } catch (IOException ex) {
+      System.out.println("Server exception: " + ex.getMessage());
+      ex.printStackTrace();
+    } catch (CadTransportException e1) {
+      e1.printStackTrace();
+    } catch (Exception e1) {
+      e1.printStackTrace();
+    }
+  }
+}
diff --git a/TestingTools/JCProxy/src/com/android/javacard/jcproxy/JCardSimulator.java b/TestingTools/JCProxy/src/com/android/javacard/jcproxy/JCardSimulator.java
new file mode 100644
index 00000000..7af495f3
--- /dev/null
+++ b/TestingTools/JCProxy/src/com/android/javacard/jcproxy/JCardSimulator.java
@@ -0,0 +1,61 @@
+package com.android.javacard.jcproxy;
+
+import javax.smartcardio.CommandAPDU;
+import javax.smartcardio.ResponseAPDU;
+
+import com.android.javacard.keymaster.KMJCardSimApplet;
+import com.licel.jcardsim.smartcardio.CardSimulator;
+import com.licel.jcardsim.utils.AIDUtil;
+
+import javacard.framework.AID;
+
+public class JCardSimulator implements Simulator {
+
+  private CardSimulator simulator;
+  ResponseAPDU response;
+
+  public JCardSimulator() {
+    simulator = new CardSimulator();
+  }
+
+  @Override
+  public void initaliseSimulator() throws Exception {
+  }
+
+  @Override
+  public void disconnectSimulator() throws Exception {
+    AID appletAID1 = AIDUtil.create("A000000062");
+    // Delete i.e. uninstall applet
+    simulator.deleteApplet(appletAID1);
+  }
+
+  @Override
+  public boolean setupKeymasterOnSimulator() throws Exception {
+    AID appletAID1 = AIDUtil.create("A000000062");
+    simulator.installApplet(appletAID1, KMJCardSimApplet.class);
+    // Select applet
+    simulator.selectApplet(appletAID1);
+    return true;
+  }
+
+  private final byte[] intToByteArray(int value) {
+    return new byte[] {
+            (byte) (value >>> 8), (byte) value };
+  }
+
+  @Override
+  public byte[] executeApdu(byte[] apdu) throws Exception {
+    System.out.println("Executing APDU = " + Utils.byteArrayToHexString(apdu));
+    CommandAPDU apduCmd = new CommandAPDU(apdu);
+    response = simulator.transmitCommand(apduCmd);
+    System.out.println("Status = "
+            + Utils.byteArrayToHexString(intToByteArray(response.getSW())));
+    return intToByteArray(response.getSW());
+  }
+
+  @Override
+  public byte[] decodeDataOut() {
+    return response.getData();
+  }
+
+}
diff --git a/TestingTools/JCProxy/src/com/android/javacard/jcproxy/Simulator.java b/TestingTools/JCProxy/src/com/android/javacard/jcproxy/Simulator.java
new file mode 100644
index 00000000..6c4f9bbc
--- /dev/null
+++ b/TestingTools/JCProxy/src/com/android/javacard/jcproxy/Simulator.java
@@ -0,0 +1,15 @@
+package com.android.javacard.jcproxy;
+
+public interface Simulator {
+  byte[] STATUS_OK = Utils.hexStringToByteArray("9000");
+
+  void initaliseSimulator() throws Exception;
+
+  void disconnectSimulator() throws Exception;
+
+  public boolean setupKeymasterOnSimulator() throws Exception;
+
+  byte[] executeApdu(byte[] apdu) throws Exception;
+
+  byte[] decodeDataOut();
+}
diff --git a/TestingTools/JCProxy/src/com/android/javacard/jcproxy/Utils.java b/TestingTools/JCProxy/src/com/android/javacard/jcproxy/Utils.java
new file mode 100644
index 00000000..50470f6b
--- /dev/null
+++ b/TestingTools/JCProxy/src/com/android/javacard/jcproxy/Utils.java
@@ -0,0 +1,28 @@
+package com.android.javacard.jcproxy;
+
+public class Utils {
+
+  public static byte[] hexStringToByteArray(String s) {
+    int len = s.length();
+    if (len % 2 != 0)
+      throw new IllegalArgumentException("Expecting each byte of 2 char.");
+    byte[] data = new byte[len / 2];
+    for (int i = 0; i < len; i += 2) {
+      data[i / 2] = (byte) ((Character.digit(s.charAt(i), 16) << 4)
+              + Character.digit(s.charAt(i + 1), 16));
+    }
+    return data;
+  }
+
+  private static final char[] HEX_ARRAY = "0123456789ABCDEF".toCharArray();
+
+  public static String byteArrayToHexString(byte[] bytes) {
+    char[] hexChars = new char[bytes.length * 2];
+    for (int j = 0; j < bytes.length; j++) {
+      int v = bytes[j] & 0xFF;
+      hexChars[j * 2] = HEX_ARRAY[v >>> 4];
+      hexChars[j * 2 + 1] = HEX_ARRAY[v & 0x0F];
+    }
+    return new String(hexChars);
+  }
+}

From 474eb97774d050b47c9600d835279ba52f546152 Mon Sep 17 00:00:00 2001
From: BKSSMVenkateswarlu
 <40534495+BKSSMVenkateswarlu@users.noreply.github.com>
Date: Tue, 9 Mar 2021 12:41:55 +0000
Subject: [PATCH 095/169] Create README.md

---
 TestingTools/README.md | 5 +++++
 1 file changed, 5 insertions(+)
 create mode 100644 TestingTools/README.md

diff --git a/TestingTools/README.md b/TestingTools/README.md
new file mode 100644
index 00000000..7182b434
--- /dev/null
+++ b/TestingTools/README.md
@@ -0,0 +1,5 @@
+# TestingTools
+JCProxy is a testing tool, which provides a way to communicate with JCardSimulator.
+It opens a socket connection on the port (port mentioned in program arguments) and
+listens for the incomming data on this port. This tool uses apduio and JCarsim to 
+validate and transmit the APDUs to the Keymaster Applet.

From 6ee72bc1c4e21db4f5963e5ea29757dfd1ac218a Mon Sep 17 00:00:00 2001
From: BKSSMVenkateswarlu
 <40534495+BKSSMVenkateswarlu@users.noreply.github.com>
Date: Tue, 9 Mar 2021 12:44:04 +0000
Subject: [PATCH 096/169] Update README.md

---
 TestingTools/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/TestingTools/README.md b/TestingTools/README.md
index 7182b434..76a95c9e 100644
--- a/TestingTools/README.md
+++ b/TestingTools/README.md
@@ -1,5 +1,5 @@
 # TestingTools
-JCProxy is a testing tool, which provides a way to communicate with JCardSimulator.
+[JCProxy](JCProxy) is a testing tool, which provides a way to communicate with JCardSimulator.
 It opens a socket connection on the port (port mentioned in program arguments) and
 listens for the incomming data on this port. This tool uses apduio and JCarsim to 
 validate and transmit the APDUs to the Keymaster Applet.

From 2a209003c62233a2230395cfa3f75466f549ca06 Mon Sep 17 00:00:00 2001
From: BKSSMVenkateswarlu
 <40534495+BKSSMVenkateswarlu@users.noreply.github.com>
Date: Tue, 9 Mar 2021 12:47:26 +0000
Subject: [PATCH 097/169] Update README.md

---
 TestingTools/README.md | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/TestingTools/README.md b/TestingTools/README.md
index 76a95c9e..c944f394 100644
--- a/TestingTools/README.md
+++ b/TestingTools/README.md
@@ -1,5 +1,6 @@
 # TestingTools
-[JCProxy](JCProxy) is a testing tool, which provides a way to communicate with JCardSimulator.
-It opens a socket connection on the port (port mentioned in program arguments) and
-listens for the incomming data on this port. This tool uses apduio and JCarsim to 
-validate and transmit the APDUs to the Keymaster Applet.
+[JCProxy](JCProxy) is a testing tool, which provides a way to communicate with 
+JCardSimulator from android emulator/device.
+It basically opens a socket connection on the port (port mentioned in program arguments)
+and listens for the incomming data on this port. This tool uses apduio and JCarsim jars
+to validate and transmit the APDUs to the Keymaster Applet.

From b6515bfc001f40e7c85598d92a0d9e1960ad40b5 Mon Sep 17 00:00:00 2001
From: BKSSMVenkateswarlu
 <40534495+BKSSMVenkateswarlu@users.noreply.github.com>
Date: Tue, 9 Mar 2021 13:51:36 +0000
Subject: [PATCH 098/169] Update README.md

---
 TestingTools/README.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/TestingTools/README.md b/TestingTools/README.md
index c944f394..adc3da27 100644
--- a/TestingTools/README.md
+++ b/TestingTools/README.md
@@ -4,3 +4,8 @@ JCardSimulator from android emulator/device.
 It basically opens a socket connection on the port (port mentioned in program arguments)
 and listens for the incomming data on this port. This tool uses apduio and JCarsim jars
 to validate and transmit the APDUs to the Keymaster Applet.
+
+###Build
+Import JCProxy server application either in Eclipse or IntelliJ. Add the provided jars inside
+[lib](JCProxy/lib) directory to the project and also add [Keymaster Applet](../Applet) as
+dependent project. Add port number (Ex: 8080) as program arguments.

From 2262e726fa4b02bc17c59595955fd4832ae6aa8e Mon Sep 17 00:00:00 2001
From: BKSSM Venkateswarlu 
Date: Thu, 18 Mar 2021 20:46:36 +0000
Subject: [PATCH 099/169]  Fix the issue in the upgrade key command.

Allow upgrade if any of the boot parameters gets changed.

Signed-off-by: BKSSM Venkateswarlu 
---
 .../javacard/test/KMFunctionalTest.java       | 76 ++++++++++++++----
 .../javacard/keymaster/KMKeymasterApplet.java | 80 ++++++++++++-------
 2 files changed, 110 insertions(+), 46 deletions(-)

diff --git a/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java b/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java
index bc599510..7616bc58 100644
--- a/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java
+++ b/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java
@@ -446,6 +446,10 @@ public class KMFunctionalTest {
       (byte) 0xe9, (byte) 0x77, (byte) 0x4c, (byte) 0x45, (byte) 0xc3, (byte) 0xa3, (byte) 0xcf,
       (byte) 0x0d, (byte) 0x16, (byte) 0x10, (byte) 0xe4, (byte) 0x79, (byte) 0x43, (byte) 0x3a,
       (byte) 0x21, (byte) 0x5a, (byte) 0x30, (byte) 0xcf};
+  private static final int OS_VERSION = 1;
+  private static final int OS_PATCH_LEVEL = 1;
+  private static final int VENDOR_PATCH_LEVEL = 1;
+  private static final int BOOT_PATCH_LEVEL = 1;
 
   private CardSimulator simulator;
   private KMEncoder encoder;
@@ -657,7 +661,8 @@ private void provisionCmd(CardSimulator simulator) {
     provisionSharedSecret(simulator);
     provisionAttestIds(simulator);
     // set bootup parameters
-    setBootParams(simulator, (short) 1, (short) 1, (short) 0, (short) 0);
+    setBootParams(simulator, (short) OS_VERSION, (short) OS_PATCH_LEVEL,
+            (short) VENDOR_PATCH_LEVEL, (short) BOOT_PATCH_LEVEL);
     provisionLocked(simulator);
   }
 
@@ -2699,18 +2704,61 @@ public void testUpgradeKey() {
     osPatch = KMIntegerTag.cast(osPatch).getValue();
     Assert.assertEquals(KMInteger.cast(osVersion).getShort(), 1);
     Assert.assertEquals(KMInteger.cast(osPatch).getShort(), 1);
-    setBootParams(simulator, (short) 2, (short) 2, (short) 1, (short) 1);
-    ret = upgradeKey(KMByteBlob.instance(keyBlob, (short) 0, (short) keyBlob.length), null, null);
-    keyBlobPtr = KMArray.cast(ret).get((short) 1);
-    ret = getKeyCharacteristics(keyBlobPtr);
-    keyCharacteristics = KMArray.cast(ret).get((short) 1);
-    hwParams = KMKeyCharacteristics.cast(keyCharacteristics).getHardwareEnforced();
-    osVersion = KMKeyParameters.findTag(KMType.UINT_TAG, KMType.OS_VERSION, hwParams);
-    osVersion = KMIntegerTag.cast(osVersion).getValue();
-    osPatch = KMKeyParameters.findTag(KMType.UINT_TAG, KMType.OS_PATCH_LEVEL, hwParams);
-    osPatch = KMIntegerTag.cast(osPatch).getValue();
-    Assert.assertEquals(KMInteger.cast(osVersion).getShort(), 2);
-    Assert.assertEquals(KMInteger.cast(osPatch).getShort(), 2);
+    short NO_UPGRADE = 0x01;
+    short UPGRADE = 0x02;
+    short[][] test_data = {
+            {OS_VERSION, OS_PATCH_LEVEL, VENDOR_PATCH_LEVEL, BOOT_PATCH_LEVEL, NO_UPGRADE, KMError.OK },
+            {OS_VERSION+1, OS_PATCH_LEVEL, VENDOR_PATCH_LEVEL, BOOT_PATCH_LEVEL, UPGRADE,  KMError.OK },
+            {OS_VERSION, OS_PATCH_LEVEL+1, VENDOR_PATCH_LEVEL, BOOT_PATCH_LEVEL, UPGRADE,  KMError.OK },
+            {OS_VERSION, OS_PATCH_LEVEL, VENDOR_PATCH_LEVEL+1, BOOT_PATCH_LEVEL, UPGRADE,  KMError.OK },
+            {OS_VERSION, OS_PATCH_LEVEL, VENDOR_PATCH_LEVEL, BOOT_PATCH_LEVEL+1, UPGRADE,  KMError.OK },
+            {OS_VERSION+1, OS_PATCH_LEVEL+1, VENDOR_PATCH_LEVEL+1, BOOT_PATCH_LEVEL+1, UPGRADE,  KMError.OK },
+            {OS_VERSION+1, OS_PATCH_LEVEL, VENDOR_PATCH_LEVEL+1, BOOT_PATCH_LEVEL, UPGRADE,  KMError.OK },
+            {OS_VERSION+1, OS_PATCH_LEVEL+1, VENDOR_PATCH_LEVEL, BOOT_PATCH_LEVEL, UPGRADE,  KMError.OK },
+            {OS_VERSION, OS_PATCH_LEVEL, VENDOR_PATCH_LEVEL, BOOT_PATCH_LEVEL-1, NO_UPGRADE,  KMError.INVALID_ARGUMENT },
+            {OS_VERSION-1/*0*/, OS_PATCH_LEVEL, VENDOR_PATCH_LEVEL, BOOT_PATCH_LEVEL, UPGRADE,  KMError.OK },
+            {OS_VERSION, OS_PATCH_LEVEL, VENDOR_PATCH_LEVEL-1, BOOT_PATCH_LEVEL, NO_UPGRADE,  KMError.INVALID_ARGUMENT },
+            {OS_VERSION, OS_PATCH_LEVEL+1, VENDOR_PATCH_LEVEL-1, BOOT_PATCH_LEVEL, NO_UPGRADE,  KMError.INVALID_ARGUMENT },
+            {0, OS_PATCH_LEVEL+1, VENDOR_PATCH_LEVEL-1, BOOT_PATCH_LEVEL+1, NO_UPGRADE,  KMError.INVALID_ARGUMENT },
+    };
+    for (int i = 0; i < test_data.length; i++) {
+      setBootParams(simulator, (short) test_data[i][0], (short) test_data[i][1],
+              (short) test_data[i][2], (short) test_data[i][3]);
+      ret = upgradeKey(
+              KMByteBlob.instance(keyBlob, (short) 0, (short) keyBlob.length),
+              null, null);
+      Assert.assertEquals(test_data[i][5],
+              KMInteger.cast(KMArray.cast(ret).get((short) 0)).getShort());
+      keyBlobPtr = KMArray.cast(ret).get((short) 1);
+      if (test_data[i][4] == UPGRADE) Assert.assertNotEquals(KMByteBlob.cast(keyBlobPtr).length(), 0);
+      else Assert.assertEquals(KMByteBlob.cast(keyBlobPtr).length(), 0);
+      if (KMByteBlob.cast(keyBlobPtr).length() != 0) {
+        ret = getKeyCharacteristics(keyBlobPtr);
+        keyCharacteristics = KMArray.cast(ret).get((short) 1);
+        hwParams = KMKeyCharacteristics.cast(keyCharacteristics)
+                .getHardwareEnforced();
+        osVersion = KMKeyParameters.findTag(KMType.UINT_TAG, KMType.OS_VERSION,
+                hwParams);
+        osVersion = KMIntegerTag.cast(osVersion).getValue();
+        osPatch = KMKeyParameters.findTag(KMType.UINT_TAG,
+                KMType.OS_PATCH_LEVEL, hwParams);
+        osPatch = KMIntegerTag.cast(osPatch).getValue();
+        short ptr = KMKeyParameters.findTag(KMType.UINT_TAG,
+                KMType.VENDOR_PATCH_LEVEL, hwParams);
+        short vendorPatchLevel = KMIntegerTag.cast(ptr).getValue();
+        ptr = KMKeyParameters.findTag(KMType.UINT_TAG, KMType.BOOT_PATCH_LEVEL,
+                hwParams);
+        short bootPatchLevel = KMIntegerTag.cast(ptr).getValue();
+        Assert.assertEquals(KMInteger.cast(osVersion).getShort(),
+                test_data[i][0]);
+        Assert.assertEquals(KMInteger.cast(osPatch).getShort(),
+                test_data[i][1]);
+        Assert.assertEquals(KMInteger.cast(vendorPatchLevel).getShort(),
+                test_data[i][2]);
+        Assert.assertEquals(KMInteger.cast(bootPatchLevel).getShort(),
+                test_data[i][3]);
+      }
+    }
     cleanUp();
   }
 
@@ -2759,8 +2807,6 @@ private short upgradeKey(short keyBlobPtr, byte[] clientId, byte[] appData) {
     byte[] respBuf = response.getBytes();
     short len = (short) respBuf.length;
     ret = decoder.decode(ret, respBuf, (short) 0, len);
-    short error = KMInteger.cast(KMArray.cast(ret).get((short) 0)).getShort();
-    Assert.assertEquals(error, KMError.OK);
     return ret;
   }
 
diff --git a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
index b79cabaa..a14bdce5 100644
--- a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
+++ b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
@@ -1123,6 +1123,9 @@ private void processUpgradeKeyCmd(APDU apdu) {
     }
     // parse existing key blob
     parseEncryptedKeyBlob(scratchPad);
+    // Use tmpVariables[5] to carry the error code and tmpVariables[6] to check if key needs upgrade.
+    tmpVariables[5] = KMError.OK;
+    tmpVariables[6] = 0;
     // validate characteristics to be upgraded.
     tmpVariables[0] =
         KMKeyParameters.findTag(KMType.UINT_TAG, KMType.OS_VERSION, data[HW_PARAMETERS]);
@@ -1134,50 +1137,65 @@ private void processUpgradeKeyCmd(APDU apdu) {
     tmpVariables[3] = repository.getOsPatch();
     tmpVariables[4] = KMInteger.uint_8((byte) 0);
     if (tmpVariables[0] != KMType.INVALID_VALUE) {
-      // os version in key characteristics must be less the os version stored in javacard or the
+      // OS version in key characteristics must be less the os version stored in javacard or the
       // stored version must be zero. Then only upgrade is allowed else it is invalid argument.
-      if (KMInteger.compare(tmpVariables[0], tmpVariables[2]) != -1
-          && KMInteger.compare(tmpVariables[2], tmpVariables[4]) != 0) {
-        // Key Should not be upgraded, but error code should be OK, As per VTS.
+      if ((KMInteger.compare(tmpVariables[0], tmpVariables[2]) == 1
+          && KMInteger.compare(tmpVariables[2], tmpVariables[4]) == 0) ||
+              (KMInteger.compare(tmpVariables[0], tmpVariables[2]) == -1)) {
+        // Key requires upgrade.
+        tmpVariables[6] = 1;
+      } else if (KMInteger.compare(tmpVariables[1], tmpVariables[3]) == 1) {
         tmpVariables[5] = KMError.INVALID_ARGUMENT;
       }
     }
-    if (tmpVariables[1] != KMType.INVALID_VALUE) {
+    if (tmpVariables[5] != KMError.INVALID_ARGUMENT && tmpVariables[1] != KMType.INVALID_VALUE) {
       // The key characteristics should have had os patch level < os patch level stored in javacard
       // then only upgrade is allowed.
-      if (KMInteger.compare(tmpVariables[1], tmpVariables[3]) != -1) {
-        // Key Should not be upgraded, but error code should be OK, As per VTS.
+      if (KMInteger.compare(tmpVariables[1], tmpVariables[3]) == 1) {
         tmpVariables[5] = KMError.INVALID_ARGUMENT;
+      } else if (KMInteger.compare(tmpVariables[1], tmpVariables[3]) == -1) {
+        // Key requires upgrade.
+        tmpVariables[6] = 1;
       }
     }
-    //Compare vendor patch levels
-    tmpVariables[1] =
-        KMKeyParameters.findTag(KMType.UINT_TAG, KMType.VENDOR_PATCH_LEVEL, data[HW_PARAMETERS]);
-    tmpVariables[1] = KMIntegerTag.cast(tmpVariables[1]).getValue();
-    tmpVariables[2] = repository.getVendorPatchLevel();
-    if (tmpVariables[1] != KMType.INVALID_VALUE) {
-      // The key characteristics should have had vendor patch level < vendor patch level stored in javacard
-      // then only upgrade is allowed.
-      if (KMInteger.compare(tmpVariables[1], tmpVariables[2]) != -1) {
-        // Key Should not be upgraded, but error code should be OK, As per VTS.
-        tmpVariables[5] = KMError.INVALID_ARGUMENT;
+    if (tmpVariables[5] != KMError.INVALID_ARGUMENT) {
+      // Compare vendor patch levels
+      tmpVariables[1] = KMKeyParameters.findTag(KMType.UINT_TAG,
+              KMType.VENDOR_PATCH_LEVEL, data[HW_PARAMETERS]);
+      tmpVariables[1] = KMIntegerTag.cast(tmpVariables[1]).getValue();
+      tmpVariables[2] = repository.getVendorPatchLevel();
+      if (tmpVariables[1] != KMType.INVALID_VALUE) {
+        // The key characteristics should have had vendor patch level < vendor
+        // patch level stored in javacard
+        // then only upgrade is allowed.
+        if (KMInteger.compare(tmpVariables[1], tmpVariables[2]) == 1) {
+          tmpVariables[5] = KMError.INVALID_ARGUMENT;
+        } else if (KMInteger.compare(tmpVariables[1], tmpVariables[2]) == -1) {
+          // Key requires upgrade.
+          tmpVariables[6] = 1;
+        }
       }
     }
-    //Compare boot patch levels
-    tmpVariables[1] =
-        KMKeyParameters.findTag(KMType.UINT_TAG, KMType.BOOT_PATCH_LEVEL, data[HW_PARAMETERS]);
-    tmpVariables[1] = KMIntegerTag.cast(tmpVariables[1]).getValue();
-    tmpVariables[2] = repository.getBootPatchLevel();
-    if (tmpVariables[1] != KMType.INVALID_VALUE) {
-      // The key characteristics should have had boot patch level < boot patch level stored in javacard
-      // then only upgrade is allowed.
-      if (KMInteger.compare(tmpVariables[1], tmpVariables[2]) != -1) {
-        // Key Should not be upgraded, but error code should be OK, As per VTS.
-        tmpVariables[5] = KMError.INVALID_ARGUMENT;
+    if (tmpVariables[5] != KMError.INVALID_ARGUMENT) {
+      // Compare boot patch levels
+      tmpVariables[1] = KMKeyParameters.findTag(KMType.UINT_TAG,
+              KMType.BOOT_PATCH_LEVEL, data[HW_PARAMETERS]);
+      tmpVariables[1] = KMIntegerTag.cast(tmpVariables[1]).getValue();
+      tmpVariables[2] = repository.getBootPatchLevel();
+      if (tmpVariables[1] != KMType.INVALID_VALUE) {
+        // The key characteristics should have had boot patch level < boot patch
+        // level stored in javacard
+        // then only upgrade is allowed.
+        if (KMInteger.compare(tmpVariables[1], tmpVariables[2]) == 1) {
+          tmpVariables[5] = KMError.INVALID_ARGUMENT;
+        } else if (KMInteger.compare(tmpVariables[1], tmpVariables[2]) == -1) {
+          // Key requires upgrade.
+          tmpVariables[6] = 1;
+        }
       }
     }
 
-    if (tmpVariables[5] != KMError.INVALID_ARGUMENT) {
+    if (tmpVariables[5] != KMError.INVALID_ARGUMENT && tmpVariables[6] == 1) {
       // copy origin
       data[ORIGIN] = KMEnumTag.getValue(KMType.ORIGIN, data[HW_PARAMETERS]);
       // create new key blob with current os version etc.
@@ -1187,7 +1205,7 @@ private void processUpgradeKeyCmd(APDU apdu) {
     }
     // prepare the response
     tmpVariables[0] = KMArray.instance((short) 2);
-    KMArray.cast(tmpVariables[0]).add((short) 0, KMInteger.uint_16(KMError.OK));
+    KMArray.cast(tmpVariables[0]).add((short) 0, KMInteger.uint_16(tmpVariables[5]));
     KMArray.cast(tmpVariables[0]).add((short) 1, data[KEY_BLOB]);
 
     bufferStartOffset = repository.allocAvailableMemory();

From 4f51a1bded83654d6d3aa0dbd28505af20ed55f1 Mon Sep 17 00:00:00 2001
From: BKSSM Venkateswarlu 
Date: Fri, 19 Mar 2021 20:35:13 +0000
Subject: [PATCH 100/169] Optimized the upgradeKey command flow

---
 .../javacard/test/KMFunctionalTest.java       |   6 +-
 .../javacard/keymaster/KMKeymasterApplet.java | 109 ++++++------------
 2 files changed, 41 insertions(+), 74 deletions(-)

diff --git a/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java b/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java
index 7616bc58..17db4c8e 100644
--- a/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java
+++ b/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java
@@ -2730,8 +2730,10 @@ public void testUpgradeKey() {
       Assert.assertEquals(test_data[i][5],
               KMInteger.cast(KMArray.cast(ret).get((short) 0)).getShort());
       keyBlobPtr = KMArray.cast(ret).get((short) 1);
-      if (test_data[i][4] == UPGRADE) Assert.assertNotEquals(KMByteBlob.cast(keyBlobPtr).length(), 0);
-      else Assert.assertEquals(KMByteBlob.cast(keyBlobPtr).length(), 0);
+      if (test_data[i][4] == UPGRADE)
+        Assert.assertNotEquals(KMByteBlob.cast(keyBlobPtr).length(), 0);
+      else
+        Assert.assertEquals(KMByteBlob.cast(keyBlobPtr).length(), 0);
       if (KMByteBlob.cast(keyBlobPtr).length() != 0) {
         ret = getKeyCharacteristics(keyBlobPtr);
         keyCharacteristics = KMArray.cast(ret).get((short) 1);
diff --git a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
index a14bdce5..bff2f166 100644
--- a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
+++ b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
@@ -1096,6 +1096,25 @@ private void processComputeSharedHmacCmd(APDU apdu) {
     sendOutgoing(apdu);
   }
 
+  private byte validateUpgradeKeyForTag(short tag, short systemParam) {
+    // validate characteristics to be upgraded.
+    tmpVariables[0] = KMKeyParameters.findTag(KMType.UINT_TAG, tag, data[HW_PARAMETERS]);
+    tmpVariables[0] = KMIntegerTag.cast(tmpVariables[0]).getValue();
+    tmpVariables[1] = KMInteger.uint_8((byte) 0);
+    if (tmpVariables[0] != KMType.INVALID_VALUE) {
+      if ((tag == KMType.OS_VERSION
+              && KMInteger.compare(tmpVariables[0], systemParam) == 1
+              && KMInteger.compare(systemParam, tmpVariables[1]) == 0)
+              || (KMInteger.compare(tmpVariables[0], systemParam) == -1)) {
+        // Key needs upgrade.
+        return (byte) 1;
+      } else if (KMInteger.compare(tmpVariables[0], systemParam) == 1) {
+        KMException.throwIt(KMError.INVALID_ARGUMENT);
+      }
+    }
+    return (byte) 0;
+  }
+
   private void processUpgradeKeyCmd(APDU apdu) {
     // Receive the incoming request fully from the master into buffer.
     receiveIncoming(apdu);
@@ -1123,79 +1142,25 @@ private void processUpgradeKeyCmd(APDU apdu) {
     }
     // parse existing key blob
     parseEncryptedKeyBlob(scratchPad);
-    // Use tmpVariables[5] to carry the error code and tmpVariables[6] to check if key needs upgrade.
-    tmpVariables[5] = KMError.OK;
-    tmpVariables[6] = 0;
-    // validate characteristics to be upgraded.
-    tmpVariables[0] =
-        KMKeyParameters.findTag(KMType.UINT_TAG, KMType.OS_VERSION, data[HW_PARAMETERS]);
-    tmpVariables[0] = KMIntegerTag.cast(tmpVariables[0]).getValue();
-    tmpVariables[1] =
-        KMKeyParameters.findTag(KMType.UINT_TAG, KMType.OS_PATCH_LEVEL, data[HW_PARAMETERS]);
-    tmpVariables[1] = KMIntegerTag.cast(tmpVariables[1]).getValue();
-    tmpVariables[2] = repository.getOsVersion();
-    tmpVariables[3] = repository.getOsPatch();
-    tmpVariables[4] = KMInteger.uint_8((byte) 0);
-    if (tmpVariables[0] != KMType.INVALID_VALUE) {
-      // OS version in key characteristics must be less the os version stored in javacard or the
-      // stored version must be zero. Then only upgrade is allowed else it is invalid argument.
-      if ((KMInteger.compare(tmpVariables[0], tmpVariables[2]) == 1
-          && KMInteger.compare(tmpVariables[2], tmpVariables[4]) == 0) ||
-              (KMInteger.compare(tmpVariables[0], tmpVariables[2]) == -1)) {
-        // Key requires upgrade.
-        tmpVariables[6] = 1;
-      } else if (KMInteger.compare(tmpVariables[1], tmpVariables[3]) == 1) {
-        tmpVariables[5] = KMError.INVALID_ARGUMENT;
-      }
-    }
-    if (tmpVariables[5] != KMError.INVALID_ARGUMENT && tmpVariables[1] != KMType.INVALID_VALUE) {
-      // The key characteristics should have had os patch level < os patch level stored in javacard
-      // then only upgrade is allowed.
-      if (KMInteger.compare(tmpVariables[1], tmpVariables[3]) == 1) {
-        tmpVariables[5] = KMError.INVALID_ARGUMENT;
-      } else if (KMInteger.compare(tmpVariables[1], tmpVariables[3]) == -1) {
-        // Key requires upgrade.
-        tmpVariables[6] = 1;
-      }
-    }
-    if (tmpVariables[5] != KMError.INVALID_ARGUMENT) {
-      // Compare vendor patch levels
-      tmpVariables[1] = KMKeyParameters.findTag(KMType.UINT_TAG,
-              KMType.VENDOR_PATCH_LEVEL, data[HW_PARAMETERS]);
-      tmpVariables[1] = KMIntegerTag.cast(tmpVariables[1]).getValue();
-      tmpVariables[2] = repository.getVendorPatchLevel();
-      if (tmpVariables[1] != KMType.INVALID_VALUE) {
-        // The key characteristics should have had vendor patch level < vendor
-        // patch level stored in javacard
-        // then only upgrade is allowed.
-        if (KMInteger.compare(tmpVariables[1], tmpVariables[2]) == 1) {
-          tmpVariables[5] = KMError.INVALID_ARGUMENT;
-        } else if (KMInteger.compare(tmpVariables[1], tmpVariables[2]) == -1) {
-          // Key requires upgrade.
-          tmpVariables[6] = 1;
-        }
-      }
-    }
-    if (tmpVariables[5] != KMError.INVALID_ARGUMENT) {
-      // Compare boot patch levels
-      tmpVariables[1] = KMKeyParameters.findTag(KMType.UINT_TAG,
-              KMType.BOOT_PATCH_LEVEL, data[HW_PARAMETERS]);
-      tmpVariables[1] = KMIntegerTag.cast(tmpVariables[1]).getValue();
-      tmpVariables[2] = repository.getBootPatchLevel();
-      if (tmpVariables[1] != KMType.INVALID_VALUE) {
-        // The key characteristics should have had boot patch level < boot patch
-        // level stored in javacard
-        // then only upgrade is allowed.
-        if (KMInteger.compare(tmpVariables[1], tmpVariables[2]) == 1) {
-          tmpVariables[5] = KMError.INVALID_ARGUMENT;
-        } else if (KMInteger.compare(tmpVariables[1], tmpVariables[2]) == -1) {
-          // Key requires upgrade.
-          tmpVariables[6] = 1;
-        }
-      }
+    // Use tmpVariables[4] to store the error code.
+    tmpVariables[4] = KMError.OK;
+    // Use tmpVariables[3] to check if key needs upgrade.
+    tmpVariables[3] = 0;
+    try {
+      tmpVariables[3] |= validateUpgradeKeyForTag(KMType.OS_VERSION, repository.getOsVersion());
+      tmpVariables[3] |= validateUpgradeKeyForTag(KMType.OS_PATCH_LEVEL, repository.getOsPatch());
+      tmpVariables[3] |= validateUpgradeKeyForTag(KMType.VENDOR_PATCH_LEVEL, repository.getVendorPatchLevel());
+      tmpVariables[3] |= validateUpgradeKeyForTag(KMType.BOOT_PATCH_LEVEL, repository.getBootPatchLevel());
+    } catch (KMException e) {
+
+      if (KMException.reason != KMError.INVALID_ARGUMENT)
+        KMException.throwIt(KMException.reason);
+      // Key should not be upgraded and return error.
+      tmpVariables[3] = 0;
+      tmpVariables[4] = KMException.reason;
     }
 
-    if (tmpVariables[5] != KMError.INVALID_ARGUMENT && tmpVariables[6] == 1) {
+    if (tmpVariables[3] == 1) {
       // copy origin
       data[ORIGIN] = KMEnumTag.getValue(KMType.ORIGIN, data[HW_PARAMETERS]);
       // create new key blob with current os version etc.
@@ -1205,7 +1170,7 @@ private void processUpgradeKeyCmd(APDU apdu) {
     }
     // prepare the response
     tmpVariables[0] = KMArray.instance((short) 2);
-    KMArray.cast(tmpVariables[0]).add((short) 0, KMInteger.uint_16(tmpVariables[5]));
+    KMArray.cast(tmpVariables[0]).add((short) 0, KMInteger.uint_16(tmpVariables[4]));
     KMArray.cast(tmpVariables[0]).add((short) 1, data[KEY_BLOB]);
 
     bufferStartOffset = repository.allocAvailableMemory();

From 739b128c4bf0003125339eaefb20ae82c26ecb14 Mon Sep 17 00:00:00 2001
From: BKSSM Venkateswarlu 
Date: Sun, 21 Mar 2021 11:16:52 +0000
Subject: [PATCH 101/169] Incorporated review comments

---
 .../javacard/test/KMFunctionalTest.java       | 26 ++++++----
 .../javacard/keymaster/KMKeymasterApplet.java | 47 +++++++++----------
 2 files changed, 38 insertions(+), 35 deletions(-)

diff --git a/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java b/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java
index 17db4c8e..9e9c2c6c 100644
--- a/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java
+++ b/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java
@@ -2726,9 +2726,9 @@ public void testUpgradeKey() {
               (short) test_data[i][2], (short) test_data[i][3]);
       ret = upgradeKey(
               KMByteBlob.instance(keyBlob, (short) 0, (short) keyBlob.length),
-              null, null);
-      Assert.assertEquals(test_data[i][5],
-              KMInteger.cast(KMArray.cast(ret).get((short) 0)).getShort());
+              null, null, test_data[i][5]);
+      if (test_data[i][5] != KMError.OK)
+        continue;
       keyBlobPtr = KMArray.cast(ret).get((short) 1);
       if (test_data[i][4] == UPGRADE)
         Assert.assertNotEquals(KMByteBlob.cast(keyBlobPtr).length(), 0);
@@ -2774,7 +2774,7 @@ public void testDestroyAttIds() {
     cleanUp();
   }
 
-  private short upgradeKey(short keyBlobPtr, byte[] clientId, byte[] appData) {
+  private short upgradeKey(short keyBlobPtr, byte[] clientId, byte[] appData, short expectedErr) {
     short tagCount = 0;
     short clientIdTag = 0;
     short appDataTag = 0;
@@ -2803,13 +2803,21 @@ private short upgradeKey(short keyBlobPtr, byte[] clientId, byte[] appData) {
     CommandAPDU apdu = encodeApdu((byte) INS_UPGRADE_KEY_CMD, arr);
     // print(commandAPDU.getBytes());
     ResponseAPDU response = simulator.transmitCommand(apdu);
-    short ret = KMArray.instance((short) 2);
-    KMArray.cast(ret).add((short) 0, KMInteger.exp());
-    KMArray.cast(ret).add((short) 1, KMByteBlob.exp());
     byte[] respBuf = response.getBytes();
     short len = (short) respBuf.length;
-    ret = decoder.decode(ret, respBuf, (short) 0, len);
-    return ret;
+    if (KMError.OK == expectedErr) {
+      short ret = KMArray.instance((short) 2);
+      KMArray.cast(ret).add((short) 0, KMInteger.exp());
+      KMArray.cast(ret).add((short) 1, KMByteBlob.exp());
+      ret = decoder.decode(ret, respBuf, (short) 0, len);
+      Assert.assertEquals(expectedErr, KMInteger.cast(KMArray.cast(ret).get((short) 0)).getShort());
+      return ret;
+    } else {
+      short ret = KMInteger.exp();
+      ret = decoder.decode(ret, respBuf, (short) 0, len);
+      Assert.assertEquals(expectedErr, KMInteger.cast(ret).getShort());
+      return ret;
+    }
   }
 
   @Test
diff --git a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
index bff2f166..3d2a2a9a 100644
--- a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
+++ b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
@@ -1096,23 +1096,29 @@ private void processComputeSharedHmacCmd(APDU apdu) {
     sendOutgoing(apdu);
   }
 
-  private byte validateUpgradeKeyForTag(short tag, short systemParam) {
-    // validate characteristics to be upgraded.
+  private boolean keyRequiresUpgrade(short tag, short systemParam) {
+    // validate the tag to be upgraded.
     tmpVariables[0] = KMKeyParameters.findTag(KMType.UINT_TAG, tag, data[HW_PARAMETERS]);
     tmpVariables[0] = KMIntegerTag.cast(tmpVariables[0]).getValue();
     tmpVariables[1] = KMInteger.uint_8((byte) 0);
     if (tmpVariables[0] != KMType.INVALID_VALUE) {
+      // OS version in key characteristics must be less the OS version stored in Javacard or the
+      // stored version must be zero. Then only upgrade is allowed else it is invalid argument.
       if ((tag == KMType.OS_VERSION
               && KMInteger.compare(tmpVariables[0], systemParam) == 1
-              && KMInteger.compare(systemParam, tmpVariables[1]) == 0)
-              || (KMInteger.compare(tmpVariables[0], systemParam) == -1)) {
+              && KMInteger.compare(systemParam, tmpVariables[1]) == 0)) {
         // Key needs upgrade.
-        return (byte) 1;
+        return true;
+      } else if ((KMInteger.compare(tmpVariables[0], systemParam) == -1)) {
+        // Each os version or patch level associated with the key must be less than it's
+        // corresponding value stored in Javacard, then only upgrade is allowed otherwise it
+        // is invalid argument.
+        return true;
       } else if (KMInteger.compare(tmpVariables[0], systemParam) == 1) {
         KMException.throwIt(KMError.INVALID_ARGUMENT);
       }
     }
-    return (byte) 0;
+    return false;
   }
 
   private void processUpgradeKeyCmd(APDU apdu) {
@@ -1142,25 +1148,14 @@ private void processUpgradeKeyCmd(APDU apdu) {
     }
     // parse existing key blob
     parseEncryptedKeyBlob(scratchPad);
-    // Use tmpVariables[4] to store the error code.
-    tmpVariables[4] = KMError.OK;
-    // Use tmpVariables[3] to check if key needs upgrade.
-    tmpVariables[3] = 0;
-    try {
-      tmpVariables[3] |= validateUpgradeKeyForTag(KMType.OS_VERSION, repository.getOsVersion());
-      tmpVariables[3] |= validateUpgradeKeyForTag(KMType.OS_PATCH_LEVEL, repository.getOsPatch());
-      tmpVariables[3] |= validateUpgradeKeyForTag(KMType.VENDOR_PATCH_LEVEL, repository.getVendorPatchLevel());
-      tmpVariables[3] |= validateUpgradeKeyForTag(KMType.BOOT_PATCH_LEVEL, repository.getBootPatchLevel());
-    } catch (KMException e) {
-
-      if (KMException.reason != KMError.INVALID_ARGUMENT)
-        KMException.throwIt(KMException.reason);
-      // Key should not be upgraded and return error.
-      tmpVariables[3] = 0;
-      tmpVariables[4] = KMException.reason;
-    }
-
-    if (tmpVariables[3] == 1) {
+    boolean keyRequiresUpgrade = false;
+    // Check if key requires upgrade.
+    keyRequiresUpgrade |= keyRequiresUpgrade(KMType.OS_VERSION, repository.getOsVersion());
+    keyRequiresUpgrade |= keyRequiresUpgrade(KMType.OS_PATCH_LEVEL, repository.getOsPatch());
+    keyRequiresUpgrade |= keyRequiresUpgrade(KMType.VENDOR_PATCH_LEVEL, repository.getVendorPatchLevel());
+    keyRequiresUpgrade |= keyRequiresUpgrade(KMType.BOOT_PATCH_LEVEL, repository.getBootPatchLevel());
+
+    if (keyRequiresUpgrade) {
       // copy origin
       data[ORIGIN] = KMEnumTag.getValue(KMType.ORIGIN, data[HW_PARAMETERS]);
       // create new key blob with current os version etc.
@@ -1170,7 +1165,7 @@ private void processUpgradeKeyCmd(APDU apdu) {
     }
     // prepare the response
     tmpVariables[0] = KMArray.instance((short) 2);
-    KMArray.cast(tmpVariables[0]).add((short) 0, KMInteger.uint_16(tmpVariables[4]));
+    KMArray.cast(tmpVariables[0]).add((short) 0, KMInteger.uint_16(KMError.OK));
     KMArray.cast(tmpVariables[0]).add((short) 1, data[KEY_BLOB]);
 
     bufferStartOffset = repository.allocAvailableMemory();

From 99a656232c23df181e6fe7cd5dab8cfc0e9b888f Mon Sep 17 00:00:00 2001
From: BKSSMVenkateswarlu
 <40534495+BKSSMVenkateswarlu@users.noreply.github.com>
Date: Sun, 21 Mar 2021 13:37:53 +0000
Subject: [PATCH 102/169] Updated the comment

---
 .../src/com/android/javacard/keymaster/KMKeymasterApplet.java   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
index 3d2a2a9a..e8c1a8cc 100644
--- a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
+++ b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
@@ -1097,7 +1097,7 @@ private void processComputeSharedHmacCmd(APDU apdu) {
   }
 
   private boolean keyRequiresUpgrade(short tag, short systemParam) {
-    // validate the tag to be upgraded.
+    // validate the tag and check if key needs upgrade.
     tmpVariables[0] = KMKeyParameters.findTag(KMType.UINT_TAG, tag, data[HW_PARAMETERS]);
     tmpVariables[0] = KMIntegerTag.cast(tmpVariables[0]).getValue();
     tmpVariables[1] = KMInteger.uint_8((byte) 0);

From a44c6adb20e1a5a4863f09370c0e85196b2444a9 Mon Sep 17 00:00:00 2001
From: bvenkateswarlu 
Date: Sun, 21 Mar 2021 20:32:45 +0000
Subject: [PATCH 103/169] Performance fix: Reduced NVM writes

---
 .../android/javacard/keymaster/KMArray.java   |  16 +--
 .../android/javacard/keymaster/KMBoolTag.java |  10 +-
 .../javacard/keymaster/KMByteBlob.java        |  18 ++--
 .../android/javacard/keymaster/KMByteTag.java |  12 ++-
 .../android/javacard/keymaster/KMDecoder.java |  93 ++++++++++------
 .../android/javacard/keymaster/KMEncoder.java | 100 ++++++++++--------
 .../android/javacard/keymaster/KMEnum.java    |  16 +--
 .../javacard/keymaster/KMEnumArrayTag.java    |  14 +--
 .../android/javacard/keymaster/KMEnumTag.java |  10 +-
 .../javacard/keymaster/KMException.java       |  16 ++-
 .../keymaster/KMHardwareAuthToken.java        |   8 +-
 .../keymaster/KMHmacSharingParameters.java    |   8 +-
 .../android/javacard/keymaster/KMInteger.java |  22 ++--
 .../javacard/keymaster/KMIntegerArrayTag.java |  12 ++-
 .../javacard/keymaster/KMIntegerTag.java      |  14 +--
 .../keymaster/KMKeyCharacteristics.java       |   8 +-
 .../javacard/keymaster/KMKeyParameters.java   |   8 +-
 .../javacard/keymaster/KMKeymasterApplet.java |   3 +-
 .../javacard/keymaster/KMOperationState.java  |  52 +++++----
 .../javacard/keymaster/KMRepository.java      |  56 +++++-----
 .../keymaster/KMVerificationToken.java        |   8 +-
 21 files changed, 295 insertions(+), 209 deletions(-)

diff --git a/Applet/src/com/android/javacard/keymaster/KMArray.java b/Applet/src/com/android/javacard/keymaster/KMArray.java
index f2206474..a2de179d 100644
--- a/Applet/src/com/android/javacard/keymaster/KMArray.java
+++ b/Applet/src/com/android/javacard/keymaster/KMArray.java
@@ -18,6 +18,7 @@
 
 import javacard.framework.ISO7816;
 import javacard.framework.ISOException;
+import javacard.framework.JCSystem;
 import javacard.framework.Util;
 
 /**
@@ -36,16 +37,17 @@ public class KMArray extends KMType {
   public static final short ANY_ARRAY_LENGTH = 0x1000;
   private static final short ARRAY_HEADER_SIZE = 4;
   private static KMArray prototype;
-  private static short instPtr;
+  private short[] instPtr;
 
   private KMArray() {
+    instPtr = JCSystem.makeTransientShortArray((short) 1, JCSystem.CLEAR_ON_RESET);
   }
 
   private static KMArray proto(short ptr) {
     if (prototype == null) {
       prototype = new KMArray();
     }
-    instPtr = ptr;
+    prototype.instPtr[0] = ptr;
     return prototype;
   }
 
@@ -90,7 +92,7 @@ public void add(short index, short objPtr) {
     }
     Util.setShort(
         heap,
-        (short) (instPtr + TLV_HEADER_SIZE + ARRAY_HEADER_SIZE + (short) (index * 2)),
+        (short) (instPtr[0] + TLV_HEADER_SIZE + ARRAY_HEADER_SIZE + (short) (index * 2)),
         objPtr);
   }
 
@@ -100,19 +102,19 @@ public short get(short index) {
       ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
     }
     return Util.getShort(
-        heap, (short) (instPtr + TLV_HEADER_SIZE + ARRAY_HEADER_SIZE + (short) (index * 2)));
+        heap, (short) (instPtr[0] + TLV_HEADER_SIZE + ARRAY_HEADER_SIZE + (short) (index * 2)));
   }
 
   public short containedType() {
-    return Util.getShort(heap, (short) (instPtr + TLV_HEADER_SIZE));
+    return Util.getShort(heap, (short) (instPtr[0] + TLV_HEADER_SIZE));
   }
 
   public short getStartOff() {
-    return (short) (instPtr + TLV_HEADER_SIZE + ARRAY_HEADER_SIZE);
+    return (short) (instPtr[0] + TLV_HEADER_SIZE + ARRAY_HEADER_SIZE);
   }
 
   public short length() {
-    return Util.getShort(heap, (short) (instPtr + TLV_HEADER_SIZE + 2));
+    return Util.getShort(heap, (short) (instPtr[0] + TLV_HEADER_SIZE + 2));
   }
 
   public byte[] getBuffer() {
diff --git a/Applet/src/com/android/javacard/keymaster/KMBoolTag.java b/Applet/src/com/android/javacard/keymaster/KMBoolTag.java
index 173e6269..f0b642c7 100644
--- a/Applet/src/com/android/javacard/keymaster/KMBoolTag.java
+++ b/Applet/src/com/android/javacard/keymaster/KMBoolTag.java
@@ -18,6 +18,7 @@
 
 import javacard.framework.ISO7816;
 import javacard.framework.ISOException;
+import javacard.framework.JCSystem;
 import javacard.framework.Util;
 
 /**
@@ -30,7 +31,7 @@
 public class KMBoolTag extends KMTag {
 
   private static KMBoolTag prototype;
-  private static short instPtr;
+  private short[] instPtr;
 
   // The allowed tag keys of type bool tag.
   private static final short[] tags = {
@@ -49,13 +50,14 @@ public class KMBoolTag extends KMTag {
   };
 
   private KMBoolTag() {
+    instPtr = (short[]) JCSystem.makeTransientShortArray((short) 1, JCSystem.CLEAR_ON_RESET);
   }
 
   private static KMBoolTag proto(short ptr) {
     if (prototype == null) {
       prototype = new KMBoolTag();
     }
-    instPtr = ptr;
+    prototype.instPtr[0] = ptr;
     return prototype;
   }
 
@@ -89,7 +91,7 @@ public static KMBoolTag cast(short ptr) {
   }
 
   public short getKey() {
-    return Util.getShort(heap, (short) (instPtr + TLV_HEADER_SIZE + 2));
+    return Util.getShort(heap, (short) (instPtr[0] + TLV_HEADER_SIZE + 2));
   }
 
   public short getTagType() {
@@ -97,7 +99,7 @@ public short getTagType() {
   }
 
   public byte getVal() {
-    return heap[(short) (instPtr + TLV_HEADER_SIZE + 4)];
+    return heap[(short) (instPtr[0] + TLV_HEADER_SIZE + 4)];
   }
 
   // validate the tag key.
diff --git a/Applet/src/com/android/javacard/keymaster/KMByteBlob.java b/Applet/src/com/android/javacard/keymaster/KMByteBlob.java
index 001bab01..2c91ac6b 100644
--- a/Applet/src/com/android/javacard/keymaster/KMByteBlob.java
+++ b/Applet/src/com/android/javacard/keymaster/KMByteBlob.java
@@ -18,6 +18,7 @@
 
 import javacard.framework.ISO7816;
 import javacard.framework.ISOException;
+import javacard.framework.JCSystem;
 import javacard.framework.Util;
 
 /**
@@ -28,16 +29,17 @@
 public class KMByteBlob extends KMType {
 
   private static KMByteBlob prototype;
-  private static short instPtr;
+  private short[] instPtr;
 
   private KMByteBlob() {
+    instPtr = (short[]) JCSystem.makeTransientShortArray((short) 1, JCSystem.CLEAR_ON_RESET);
   }
 
   private static KMByteBlob proto(short ptr) {
     if (prototype == null) {
       prototype = new KMByteBlob();
     }
-    instPtr = ptr;
+    prototype.instPtr[0] = ptr;
     return prototype;
   }
 
@@ -75,7 +77,7 @@ public void add(short index, byte val) {
     if (index >= len) {
       ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
     }
-    heap[(short) (instPtr + TLV_HEADER_SIZE + index)] = val;
+    heap[(short) (instPtr[0] + TLV_HEADER_SIZE + index)] = val;
   }
 
   // Get the byte
@@ -84,17 +86,17 @@ public byte get(short index) {
     if (index >= len) {
       ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
     }
-    return heap[(short) (instPtr + TLV_HEADER_SIZE + index)];
+    return heap[(short) (instPtr[0] + TLV_HEADER_SIZE + index)];
   }
 
   // Get the start of blob
   public short getStartOff() {
-    return (short) (instPtr + TLV_HEADER_SIZE);
+    return (short) (instPtr[0] + TLV_HEADER_SIZE);
   }
 
   // Get the length of the blob
   public short length() {
-    return Util.getShort(heap, (short) (instPtr + 1));
+    return Util.getShort(heap, (short) (instPtr[0] + 1));
   }
 
   // Get the buffer pointer in which blob is contained.
@@ -127,8 +129,8 @@ public boolean isValid() {
   }
 
   public void decrementLength(short len) {
-    short length = Util.getShort(heap, (short) (instPtr + 1));
+    short length = Util.getShort(heap, (short) (instPtr[0] + 1));
     length = (short) (length - len);
-    Util.setShort(heap, (short) (instPtr + 1), length);
+    Util.setShort(heap, (short) (instPtr[0] + 1), length);
   }
 }
diff --git a/Applet/src/com/android/javacard/keymaster/KMByteTag.java b/Applet/src/com/android/javacard/keymaster/KMByteTag.java
index 4384891d..0ae6f881 100644
--- a/Applet/src/com/android/javacard/keymaster/KMByteTag.java
+++ b/Applet/src/com/android/javacard/keymaster/KMByteTag.java
@@ -18,6 +18,7 @@
 
 import javacard.framework.ISO7816;
 import javacard.framework.ISOException;
+import javacard.framework.JCSystem;
 import javacard.framework.Util;
 
 /**
@@ -29,7 +30,7 @@
 public class KMByteTag extends KMTag {
 
   private static KMByteTag prototype;
-  private static short instPtr;
+  private short[] instPtr;
 
   // The allowed tag keys of type bool tag
   private static final short[] tags = {
@@ -55,13 +56,14 @@ public class KMByteTag extends KMTag {
   };
 
   private KMByteTag() {
+    instPtr = (short[]) JCSystem.makeTransientShortArray((short) 1, JCSystem.CLEAR_ON_RESET);
   }
 
   private static KMByteTag proto(short ptr) {
     if (prototype == null) {
       prototype = new KMByteTag();
     }
-    instPtr = ptr;
+    prototype.instPtr[0] = ptr;
     return prototype;
   }
 
@@ -107,7 +109,7 @@ public static KMByteTag cast(short ptr) {
   }
 
   public short getKey() {
-    return Util.getShort(heap, (short) (instPtr + TLV_HEADER_SIZE + 2));
+    return Util.getShort(heap, (short) (instPtr[0] + TLV_HEADER_SIZE + 2));
   }
 
   public short getTagType() {
@@ -115,11 +117,11 @@ public short getTagType() {
   }
 
   public short getValue() {
-    return Util.getShort(heap, (short) (instPtr + TLV_HEADER_SIZE + 4));
+    return Util.getShort(heap, (short) (instPtr[0] + TLV_HEADER_SIZE + 4));
   }
 
   public short length() {
-    short blobPtr = Util.getShort(heap, (short) (instPtr + TLV_HEADER_SIZE + 4));
+    short blobPtr = Util.getShort(heap, (short) (instPtr[0] + TLV_HEADER_SIZE + 4));
     return KMByteBlob.cast(blobPtr).length();
   }
 
diff --git a/Applet/src/com/android/javacard/keymaster/KMDecoder.java b/Applet/src/com/android/javacard/keymaster/KMDecoder.java
index 520ffb7c..c2579372 100644
--- a/Applet/src/com/android/javacard/keymaster/KMDecoder.java
+++ b/Applet/src/com/android/javacard/keymaster/KMDecoder.java
@@ -18,6 +18,7 @@
 
 import javacard.framework.ISO7816;
 import javacard.framework.ISOException;
+import javacard.framework.JCSystem;
 import javacard.framework.Util;
 
 public class KMDecoder {
@@ -38,29 +39,33 @@ public class KMDecoder {
   private static final short UINT32_LENGTH = 0x1A;
   private static final short UINT64_LENGTH = 0x1B;
 
-  private byte[] buffer;
-  private short startOff;
-  private short length;
-  private short tagType;
-  private short tagKey;
+  private static final short SCRATCH_BUF_SIZE = 6;
+  private static final short START_OFFSET = 0;
+  private static final short LEN_OFFSET = 2;
+  private static final short TAG_KEY_OFFSET = 4;
+  private Object[] bufferRef;
+  private short[] scratchBuf;
 
   public KMDecoder() {
-    buffer = null;
-    startOff = 0;
-    length = 0;
+    bufferRef = JCSystem.makeTransientObjectArray((short) 1, JCSystem.CLEAR_ON_RESET);
+    scratchBuf = (short[]) JCSystem.makeTransientShortArray(SCRATCH_BUF_SIZE, JCSystem.CLEAR_ON_RESET);
+    bufferRef[0] = null;
+    scratchBuf[START_OFFSET] = (short) 0;
+    scratchBuf[LEN_OFFSET] = (short) 0;
+    scratchBuf[TAG_KEY_OFFSET] = (short) 0;
   }
 
   public short decode(short expression, byte[] buffer, short startOff, short length) {
-    this.buffer = buffer;
-    this.startOff = startOff;
-    this.length = (short) (startOff + length);
+    bufferRef[0] = buffer;
+    scratchBuf[START_OFFSET] = startOff;
+    scratchBuf[LEN_OFFSET] = (short) (startOff + length);
     return decode(expression);
   }
 
   public short decodeArray(short exp, byte[] buffer, short startOff, short length) {
-    this.buffer = buffer;
-    this.startOff = startOff;
-    this.length = (short) (startOff + length);
+    bufferRef[0] = buffer;
+    scratchBuf[START_OFFSET] = startOff;
+    scratchBuf[LEN_OFFSET] = (short) (startOff + length);
     short payloadLength = readMajorTypeWithPayloadLength(ARRAY_TYPE);
     short expLength = KMArray.cast(exp).length();
     if (payloadLength > expLength) {
@@ -139,7 +144,7 @@ private short decodeVerificationToken(short exp) {
 
   private short decodeHwAuthToken(short exp) {
     short vals = decode(KMHardwareAuthToken.cast(exp).getVals());
-    return KMHardwareAuthToken.cast(exp).instance(vals);
+    return KMHardwareAuthToken.instance(vals);
   }
 
   private short decodeHmacSharingParam(short exp) {
@@ -195,32 +200,32 @@ private short decodeKeyParam(short exp) {
 
   private short decodeEnumArrayTag(short exp) {
     readTagKey(KMEnumArrayTag.cast(exp).getTagType());
-    return KMEnumArrayTag.instance(this.tagKey, decode(KMEnumArrayTag.cast(exp).getValues()));
+    return KMEnumArrayTag.instance(scratchBuf[TAG_KEY_OFFSET], decode(KMEnumArrayTag.cast(exp).getValues()));
   }
 
   private short decodeIntegerArrayTag(short exp) {
     readTagKey(KMIntegerArrayTag.cast(exp).getTagType());
     // the values are array of integers.
     return KMIntegerArrayTag.instance(KMIntegerArrayTag.cast(exp).getTagType(),
-        this.tagKey, decode(KMIntegerArrayTag.cast(exp).getValues()));
+        scratchBuf[TAG_KEY_OFFSET], decode(KMIntegerArrayTag.cast(exp).getValues()));
   }
 
   private short decodeIntegerTag(short exp) {
     readTagKey(KMIntegerTag.cast(exp).getTagType());
     // the value is an integer
     return KMIntegerTag.instance(KMIntegerTag.cast(exp).getTagType(),
-        this.tagKey, decode(KMIntegerTag.cast(exp).getValue()));
+        scratchBuf[TAG_KEY_OFFSET], decode(KMIntegerTag.cast(exp).getValue()));
   }
 
   private short decodeBytesTag(short exp) {
     readTagKey(KMByteTag.cast(exp).getTagType());
     // The value must be byte blob
-    return KMByteTag.instance(this.tagKey, decode(KMByteTag.cast(exp).getValue()));
+    return KMByteTag.instance(scratchBuf[TAG_KEY_OFFSET], decode(KMByteTag.cast(exp).getValue()));
   }
 
   private short decodeArray(short exp) {
     short payloadLength = readMajorTypeWithPayloadLength(ARRAY_TYPE);
-    short arrPtr = KMArray.cast(exp).instance(payloadLength);
+    short arrPtr = KMArray.instance(payloadLength);
     short index = 0;
     short type;
     short obj;
@@ -250,6 +255,8 @@ private short decodeArray(short exp) {
 
   private short decodeEnumTag(short exp) {
     readTagKey(KMEnumTag.cast(exp).getTagType());
+    byte[] buffer = (byte[])bufferRef[0];
+    short startOff = scratchBuf[START_OFFSET];
     // Enum Tag value will always be integer with max 1 byte length.
     if ((buffer[startOff] & MAJOR_TYPE_MASK) != UINT_TYPE) {
       ISOException.throwIt(ISO7816.SW_DATA_INVALID);
@@ -264,14 +271,19 @@ private short decodeEnumTag(short exp) {
       incrementStartOff((short) 1);
     } else if (len == UINT8_LENGTH) {
       incrementStartOff((short) 1);
+      // startOff  is incremented so update the startOff
+      // with latest value before using it.
+      startOff = scratchBuf[START_OFFSET];
       enumVal = buffer[startOff];
       incrementStartOff((short) 1);
     }
-    return KMEnumTag.instance(tagKey, enumVal);
+    return KMEnumTag.instance(scratchBuf[TAG_KEY_OFFSET], enumVal);
   }
 
   private short decodeBoolTag(short exp) {
     readTagKey(KMBoolTag.cast(exp).getTagType());
+    byte[] buffer = (byte[])bufferRef[0];
+    short startOff = scratchBuf[START_OFFSET];
     // BOOL Tag is a leaf node and it must always have tiny encoded uint value = 1.
     if ((buffer[startOff] & MAJOR_TYPE_MASK) != UINT_TYPE) {
       ISOException.throwIt(ISO7816.SW_DATA_INVALID);
@@ -280,10 +292,12 @@ private short decodeBoolTag(short exp) {
       ISOException.throwIt(ISO7816.SW_DATA_INVALID);
     }
     incrementStartOff((short) 1);
-    return KMBoolTag.instance(tagKey);
+    return KMBoolTag.instance(scratchBuf[TAG_KEY_OFFSET]);
   }
 
   private short decodeEnum(short exp) {
+    byte[] buffer = (byte[])bufferRef[0];
+    short startOff = scratchBuf[START_OFFSET];
     // Enum value will always be integer with max 1 byte length.
     if ((buffer[startOff] & MAJOR_TYPE_MASK) != UINT_TYPE) {
       ISOException.throwIt(ISO7816.SW_DATA_INVALID);
@@ -298,6 +312,9 @@ private short decodeEnum(short exp) {
       incrementStartOff((short) 1);
     } else {
       incrementStartOff((short) 1);
+      // startOff  is incremented so update the startOff
+      // with latest value before using it.
+      startOff = scratchBuf[START_OFFSET];
       enumVal = buffer[startOff];
       incrementStartOff((short) 1);
     }
@@ -306,6 +323,8 @@ private short decodeEnum(short exp) {
 
   private short decodeInteger(short exp) {
     short inst;
+    short startOff = scratchBuf[START_OFFSET];
+    byte[] buffer = (byte[])bufferRef[0];
     if ((buffer[startOff] & MAJOR_TYPE_MASK) != UINT_TYPE) {
       ISOException.throwIt(ISO7816.SW_DATA_INVALID);
     }
@@ -314,6 +333,9 @@ private short decodeInteger(short exp) {
       ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
     }
     incrementStartOff((short) 1);
+    // startOff  is incremented so update the startOff
+    // with latest value before using it.
+    startOff = scratchBuf[START_OFFSET];
     if (len < UINT8_LENGTH) {
       inst = KMInteger.uint_8((byte) (len & ADDITIONAL_MASK));
     } else if (len == UINT8_LENGTH) {
@@ -334,12 +356,14 @@ private short decodeInteger(short exp) {
 
   private short decodeByteBlob(short exp) {
     short payloadLength = readMajorTypeWithPayloadLength(BYTES_TYPE);
-    short inst = KMByteBlob.instance(buffer, startOff, payloadLength);
+    short inst = KMByteBlob.instance((byte[])bufferRef[0], scratchBuf[START_OFFSET], payloadLength);
     incrementStartOff(payloadLength);
     return inst;
   }
 
   private short peekTagType() {
+    byte[] buffer = (byte[])bufferRef[0];
+    short startOff = scratchBuf[START_OFFSET];
     if ((buffer[startOff] & MAJOR_TYPE_MASK) != UINT_TYPE) {
       ISOException.throwIt(ISO7816.SW_DATA_INVALID);
     }
@@ -353,6 +377,8 @@ private short peekTagType() {
   }
 
   private void readTagKey(short expectedTagType) {
+    byte[] buffer = (byte[])bufferRef[0];
+    short startOff = scratchBuf[START_OFFSET];
     if ((buffer[startOff] & MAJOR_TYPE_MASK) != UINT_TYPE) {
       ISOException.throwIt(ISO7816.SW_DATA_INVALID);
     }
@@ -360,8 +386,8 @@ private void readTagKey(short expectedTagType) {
       ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
     }
     incrementStartOff((short) 1);
-    this.tagType = readShort();
-    this.tagKey = readShort();
+    short tagType = readShort();
+    scratchBuf[TAG_KEY_OFFSET] = readShort();
     if (tagType != expectedTagType) {
       ISOException.throwIt(ISO7816.SW_DATA_INVALID);
     }
@@ -389,31 +415,34 @@ private short readMajorTypeWithPayloadLength(short majorType) {
   }
 
   private short readShort() {
+    byte[] buffer = (byte[])bufferRef[0];
+    short startOff = scratchBuf[START_OFFSET];
     short val = Util.makeShort(buffer[startOff], buffer[(short) (startOff + 1)]);
     incrementStartOff((short) 2);
     return val;
   }
 
   private byte readByte() {
-    byte val = buffer[startOff];
+    short startOff = scratchBuf[START_OFFSET];
+    byte val = ((byte[])bufferRef[0])[startOff];
     incrementStartOff((short) 1);
     return val;
   }
 
   private void incrementStartOff(short inc) {
-    startOff += inc;
-    if (startOff > this.length) {
+    scratchBuf[START_OFFSET] += inc;
+    if (scratchBuf[START_OFFSET] > scratchBuf[LEN_OFFSET]) {
       ISOException.throwIt(ISO7816.SW_DATA_INVALID);
     }
   }
 
   public short readCertificateChainLengthAndHeaderLen(byte[] buf, short bufOffset,
       short bufLen) {
-    this.buffer = buf;
-    this.startOff = bufOffset;
-    this.length = (short) (bufOffset + bufLen);
+    bufferRef[0] = buf;
+    scratchBuf[START_OFFSET] = bufOffset;
+    scratchBuf[LEN_OFFSET] = (short) (bufOffset + bufLen);
     short totalLen = readMajorTypeWithPayloadLength(BYTES_TYPE);
-    totalLen += (short) (startOff - bufOffset);
+    totalLen += (short) (scratchBuf[START_OFFSET] - bufOffset);
     return totalLen;
   }
 }
diff --git a/Applet/src/com/android/javacard/keymaster/KMEncoder.java b/Applet/src/com/android/javacard/keymaster/KMEncoder.java
index 61163c00..47e6d305 100644
--- a/Applet/src/com/android/javacard/keymaster/KMEncoder.java
+++ b/Applet/src/com/android/javacard/keymaster/KMEncoder.java
@@ -39,27 +39,34 @@ public class KMEncoder {
   private static final byte UINT64_LENGTH = (byte) 0x1B;
   private static final short TINY_PAYLOAD = 0x17;
   private static final short SHORT_PAYLOAD = 0x100;
-  private byte[] buffer;
-  private short startOff;
-  private short length;
-  private static short[] stack;
-  private static byte stackPtr;
+  private static final short STACK_SIZE = (short) 50;
+  private static final short SCRATCH_BUF_SIZE = (short) 6;
+  private static final short START_OFFSET = (short) 0;
+  private static final short LEN_OFFSET = (short) 2;
+  private static final short STACK_PTR_OFFSET = (short) 4;
+
+  private Object[] bufferRef;
+  private short[] scratchBuf;
+  private short[] stack;
 
   public KMEncoder() {
-    buffer = null;
-    startOff = 0;
-    length = 0;
-    stack = JCSystem.makeTransientShortArray((short) 50, JCSystem.CLEAR_ON_RESET);
+    bufferRef = JCSystem.makeTransientObjectArray((short) 1, JCSystem.CLEAR_ON_RESET);
+    scratchBuf = JCSystem.makeTransientShortArray((short) SCRATCH_BUF_SIZE, JCSystem.CLEAR_ON_RESET);
+    stack = JCSystem.makeTransientShortArray(STACK_SIZE, JCSystem.CLEAR_ON_RESET);
+    bufferRef[0] = null;
+    scratchBuf[START_OFFSET] = (short) 0;
+    scratchBuf[LEN_OFFSET] = (short) 0;
+    scratchBuf[STACK_PTR_OFFSET] = (short) 0;    
   }
 
-  private static void push(short objPtr) {
-    stack[stackPtr] = objPtr;
-    stackPtr++;
+  private void push(short objPtr) {
+    stack[scratchBuf[STACK_PTR_OFFSET]] = objPtr;
+    scratchBuf[STACK_PTR_OFFSET]++;
   }
 
-  private static short pop() {
-    stackPtr--;
-    return stack[stackPtr];
+  private short pop() {
+    scratchBuf[STACK_PTR_OFFSET]--;
+    return stack[scratchBuf[STACK_PTR_OFFSET]];
   }
 
   private void encode(short obj) {
@@ -67,26 +74,26 @@ private void encode(short obj) {
   }
 
   public short encode(short object, byte[] buffer, short startOff) {
-    stackPtr = 0;
-    this.buffer = buffer;
-    this.startOff = startOff;
+    scratchBuf[STACK_PTR_OFFSET] = 0;
+    bufferRef[0] = buffer;
+    scratchBuf[START_OFFSET] = startOff;
     short len = (short) buffer.length;
     if ((len < 0) || (len > KMKeymasterApplet.MAX_LENGTH)) {
-      this.length = KMKeymasterApplet.MAX_LENGTH;
+      scratchBuf[LEN_OFFSET] = KMKeymasterApplet.MAX_LENGTH;
     } else {
-      this.length = (short) buffer.length;
+      scratchBuf[LEN_OFFSET] = (short) buffer.length;
     }
     //this.length = (short)(startOff + length);
     push(object);
     encode();
-    return (short) (this.startOff - startOff);
+    return (short) (scratchBuf[START_OFFSET] - startOff);
   }
 
   // array{KMError.OK,Array{KMByteBlobs}}
   public void encodeCertChain(byte[] buffer, short offset, short length) {
-    this.buffer = buffer;
-    this.startOff = offset;
-    this.length = (short) (offset + 3);
+    bufferRef[0] = buffer;
+    scratchBuf[START_OFFSET] = offset;
+    scratchBuf[LEN_OFFSET] = (short) (offset + 3);
 
     writeMajorTypeWithLength(ARRAY_TYPE, (short) 2); // Array of 2 elements
     writeByte(UINT_TYPE); // Error.OK
@@ -94,22 +101,22 @@ public void encodeCertChain(byte[] buffer, short offset, short length) {
 
   //array{KMError.OK,Array{KMByteBlobs}}
   public short encodeCert(byte[] certBuffer, short bufferStart, short certStart, short certLength) {
-    this.buffer = certBuffer;
-    this.startOff = certStart;
-    this.length = (short) (certStart + 1);
+    bufferRef[0] = certBuffer;
+    scratchBuf[START_OFFSET] = certStart;
+    scratchBuf[LEN_OFFSET] = (short) (certStart + 1);
     //Array header - 2 elements i.e. 1 byte
-    this.startOff--;
+    scratchBuf[START_OFFSET]--;
     // Error.Ok - 1 byte
-    this.startOff--;
+    scratchBuf[START_OFFSET]--;
     //Array header - 2 elements i.e. 1 byte
-    this.startOff--;
+    scratchBuf[START_OFFSET]--;
     // Cert Byte blob - typically 2 bytes length i.e. 3 bytes header
-    this.startOff -= 2;
+    scratchBuf[START_OFFSET] -= 2;
     if (certLength >= SHORT_PAYLOAD) {
-      this.startOff--;
+      scratchBuf[START_OFFSET]--;
     }
-    bufferStart = startOff;
-    if (this.startOff < bufferStart) {
+    bufferStart = scratchBuf[START_OFFSET];
+    if (scratchBuf[START_OFFSET] < bufferStart) {
       ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
     }
     writeMajorTypeWithLength(ARRAY_TYPE, (short) 2); // Array of 2 elements
@@ -120,9 +127,9 @@ public short encodeCert(byte[] certBuffer, short bufferStart, short certStart, s
   }
 
   public short encodeError(short err, byte[] buffer, short startOff, short length) {
-    this.buffer = buffer;
-    this.startOff = startOff;
-    this.length = (short) (startOff + length);
+    bufferRef[0] = buffer;
+    scratchBuf[START_OFFSET] = startOff;
+    scratchBuf[LEN_OFFSET] = (short) (startOff + length);
     // encode the err as UINT with value in err - should not be greater then 5 bytes.
     if (err < UINT8_LENGTH) {
       writeByte((byte) (UINT_TYPE | err));
@@ -133,11 +140,11 @@ public short encodeError(short err, byte[] buffer, short startOff, short length)
       writeByte((byte) (UINT_TYPE | UINT16_LENGTH));
       writeShort(err);
     }
-    return (short) (this.startOff - startOff);
+    return (short) (scratchBuf[START_OFFSET] - startOff);
   }
 
   private void encode() {
-    while (stackPtr > 0) {
+    while (scratchBuf[STACK_PTR_OFFSET] > 0) {
       short exp = pop();
       byte type = KMType.getType(exp);
       switch (type) {
@@ -352,25 +359,28 @@ private void writeMajorTypeWithLength(byte majorType, short len) {
   }
 
   private void writeBytes(byte[] buf, short start, short len) {
-    Util.arrayCopyNonAtomic(buf, start, buffer, startOff, len);
+    byte[] buffer = (byte[]) bufferRef[0];
+    Util.arrayCopyNonAtomic(buf, start, buffer, scratchBuf[START_OFFSET], len);
     incrementStartOff(len);
   }
 
   private void writeShort(short val) {
-    buffer[startOff] = (byte) ((val >> 8) & 0xFF);
+    byte[] buffer = (byte[]) bufferRef[0];
+    buffer[scratchBuf[START_OFFSET]] = (byte) ((val >> 8) & 0xFF);
     incrementStartOff((short) 1);
-    buffer[startOff] = (byte) ((val & 0xFF));
+    buffer[scratchBuf[START_OFFSET]] = (byte) ((val & 0xFF));
     incrementStartOff((short) 1);
   }
 
   private void writeByte(byte val) {
-    buffer[startOff] = val;
+    byte[] buffer = (byte[]) bufferRef[0];
+    buffer[scratchBuf[START_OFFSET]] = val;
     incrementStartOff((short) 1);
   }
 
   private void incrementStartOff(short inc) {
-    startOff += inc;
-    if (startOff >= this.length) {
+    scratchBuf[START_OFFSET] += inc;
+    if (scratchBuf[START_OFFSET] >= scratchBuf[LEN_OFFSET]) {
       ISOException.throwIt(ISO7816.SW_DATA_INVALID);
     }
   }
diff --git a/Applet/src/com/android/javacard/keymaster/KMEnum.java b/Applet/src/com/android/javacard/keymaster/KMEnum.java
index 6dbdf7ce..3c5e753f 100644
--- a/Applet/src/com/android/javacard/keymaster/KMEnum.java
+++ b/Applet/src/com/android/javacard/keymaster/KMEnum.java
@@ -18,6 +18,7 @@
 
 import javacard.framework.ISO7816;
 import javacard.framework.ISOException;
+import javacard.framework.JCSystem;
 import javacard.framework.Util;
 
 /**
@@ -28,7 +29,7 @@
 public class KMEnum extends KMType {
 
   private static KMEnum prototype;
-  private static short instPtr;
+  private short[] instPtr;
 
   // The allowed enum types.
   private static short[] types = {
@@ -45,13 +46,14 @@ public class KMEnum extends KMType {
   private static Object[] enums = null;
 
   private KMEnum() {
+    instPtr = (short[]) JCSystem.makeTransientShortArray((short) 1, JCSystem.CLEAR_ON_RESET);
   }
 
   private static KMEnum proto(short ptr) {
     if (prototype == null) {
       prototype = new KMEnum();
     }
-    instPtr = ptr;
+    prototype.instPtr[0] = ptr;
     return prototype;
   }
 
@@ -61,7 +63,7 @@ public static short exp() {
   }
 
   public short length() {
-    return Util.getShort(heap, (short) (instPtr + 1));
+    return Util.getShort(heap, (short) (instPtr[0] + 1));
   }
 
   public static KMEnum cast(short ptr) {
@@ -118,19 +120,19 @@ private static void create() {
   }
 
   public void setVal(byte val) {
-    heap[(short) (instPtr + TLV_HEADER_SIZE + 2)] = val;
+    heap[(short) (instPtr[0] + TLV_HEADER_SIZE + 2)] = val;
   }
 
   public byte getVal() {
-    return heap[(short) (instPtr + TLV_HEADER_SIZE + 2)];
+    return heap[(short) (instPtr[0] + TLV_HEADER_SIZE + 2)];
   }
 
   public void setEnumType(short type) {
-    Util.setShort(heap, (short) (instPtr + TLV_HEADER_SIZE), type);
+    Util.setShort(heap, (short) (instPtr[0] + TLV_HEADER_SIZE), type);
   }
 
   public short getEnumType() {
-    return Util.getShort(heap, (short) (instPtr + TLV_HEADER_SIZE));
+    return Util.getShort(heap, (short) (instPtr[0] + TLV_HEADER_SIZE));
   }
 
   // isValidTag enumeration keys and values.
diff --git a/Applet/src/com/android/javacard/keymaster/KMEnumArrayTag.java b/Applet/src/com/android/javacard/keymaster/KMEnumArrayTag.java
index 1cc5730d..43578509 100644
--- a/Applet/src/com/android/javacard/keymaster/KMEnumArrayTag.java
+++ b/Applet/src/com/android/javacard/keymaster/KMEnumArrayTag.java
@@ -18,6 +18,7 @@
 
 import javacard.framework.ISO7816;
 import javacard.framework.ISOException;
+import javacard.framework.JCSystem;
 import javacard.framework.Util;
 
 /**
@@ -27,22 +28,23 @@
 public class KMEnumArrayTag extends KMTag {
 
   private static KMEnumArrayTag prototype;
-  private static short instPtr;
+  private short[] instPtr;
 
   // The allowed tag keys of enum array type.
-  private static short[] tags = {PURPOSE, BLOCK_MODE, DIGEST, PADDING};
+  private static final short[] tags = {PURPOSE, BLOCK_MODE, DIGEST, PADDING};
 
   // Tag Values.
   private static Object[] enums = null;
 
   private KMEnumArrayTag() {
+    instPtr = (short[]) JCSystem.makeTransientShortArray((short) 1, JCSystem.CLEAR_ON_RESET);
   }
 
   private static KMEnumArrayTag proto(short ptr) {
     if (prototype == null) {
       prototype = new KMEnumArrayTag();
     }
-    instPtr = ptr;
+    prototype.instPtr[0] = ptr;
     return prototype;
   }
 
@@ -107,7 +109,7 @@ public static KMEnumArrayTag cast(short ptr) {
   }
 
   public short getKey() {
-    return Util.getShort(heap, (short) (instPtr + TLV_HEADER_SIZE + 2));
+    return Util.getShort(heap, (short) (instPtr[0] + TLV_HEADER_SIZE + 2));
   }
 
   public short getTagType() {
@@ -115,11 +117,11 @@ public short getTagType() {
   }
 
   public short getValues() {
-    return Util.getShort(heap, (short) (instPtr + TLV_HEADER_SIZE + 4));
+    return Util.getShort(heap, (short) (instPtr[0] + TLV_HEADER_SIZE + 4));
   }
 
   public short length() {
-    short blobPtr = Util.getShort(heap, (short) (instPtr + TLV_HEADER_SIZE + 4));
+    short blobPtr = Util.getShort(heap, (short) (instPtr[0] + TLV_HEADER_SIZE + 4));
     return KMByteBlob.cast(blobPtr).length();
   }
 
diff --git a/Applet/src/com/android/javacard/keymaster/KMEnumTag.java b/Applet/src/com/android/javacard/keymaster/KMEnumTag.java
index 485572ed..a8ff3f36 100644
--- a/Applet/src/com/android/javacard/keymaster/KMEnumTag.java
+++ b/Applet/src/com/android/javacard/keymaster/KMEnumTag.java
@@ -18,6 +18,7 @@
 
 import javacard.framework.ISO7816;
 import javacard.framework.ISOException;
+import javacard.framework.JCSystem;
 import javacard.framework.Util;
 
 /**
@@ -28,7 +29,7 @@
 public class KMEnumTag extends KMTag {
 
   private static KMEnumTag prototype;
-  private static short instPtr;
+  private short[] instPtr;
 
 
   // The allowed tag keys of type enum tag.
@@ -39,13 +40,14 @@ public class KMEnumTag extends KMTag {
   private static Object[] enums = null;
 
   private KMEnumTag() {
+    instPtr = (short[]) JCSystem.makeTransientShortArray((short) 1, JCSystem.CLEAR_ON_RESET);
   }
 
   private static KMEnumTag proto(short ptr) {
     if (prototype == null) {
       prototype = new KMEnumTag();
     }
-    instPtr = ptr;
+    prototype.instPtr[0] = ptr;
     return prototype;
   }
 
@@ -88,7 +90,7 @@ public static KMEnumTag cast(short ptr) {
   }
 
   public short getKey() {
-    return Util.getShort(heap, (short) (instPtr + TLV_HEADER_SIZE + 2));
+    return Util.getShort(heap, (short) (instPtr[0] + TLV_HEADER_SIZE + 2));
   }
 
   public short getTagType() {
@@ -96,7 +98,7 @@ public short getTagType() {
   }
 
   public byte getValue() {
-    return heap[(short) (instPtr + TLV_HEADER_SIZE + 4)];
+    return heap[(short) (instPtr[0] + TLV_HEADER_SIZE + 4)];
   }
 
   public static void create() {
diff --git a/Applet/src/com/android/javacard/keymaster/KMException.java b/Applet/src/com/android/javacard/keymaster/KMException.java
index 0f4f6740..bf588aba 100644
--- a/Applet/src/com/android/javacard/keymaster/KMException.java
+++ b/Applet/src/com/android/javacard/keymaster/KMException.java
@@ -16,21 +16,25 @@
 
 package com.android.javacard.keymaster;
 
+import javacard.framework.JCSystem;
+
 /**
  * KMException is shared instance of exception used for all exceptions in the applet. It is used to
  * throw EMError errors.
  */
 public class KMException extends RuntimeException {
 
-  public static short reason;
+  public short[] reason;
   public static KMException exception;
 
   private KMException() {
+    reason = JCSystem.makeTransientShortArray((short) 1, JCSystem.CLEAR_ON_RESET);
   }
 
   public static void throwIt(short reason) {
-    KMException.reason = reason;
-    throw instance();
+    instance();
+    exception.reason[(short) 0] = reason;
+    throw exception;
   }
 
   public static KMException instance() {
@@ -41,7 +45,11 @@ public static KMException instance() {
   }
 
   public void clear() {
-    reason = KMError.UNKNOWN_ERROR;
+    exception.reason[(short) 0] = KMError.UNKNOWN_ERROR;
+  }
+
+  public static short getReason() {
+    return exception.reason[0];
   }
 }
 
diff --git a/Applet/src/com/android/javacard/keymaster/KMHardwareAuthToken.java b/Applet/src/com/android/javacard/keymaster/KMHardwareAuthToken.java
index 71e2e8bb..8a68be77 100644
--- a/Applet/src/com/android/javacard/keymaster/KMHardwareAuthToken.java
+++ b/Applet/src/com/android/javacard/keymaster/KMHardwareAuthToken.java
@@ -18,6 +18,7 @@
 
 import javacard.framework.ISO7816;
 import javacard.framework.ISOException;
+import javacard.framework.JCSystem;
 import javacard.framework.Util;
 
 /**
@@ -37,9 +38,10 @@ public class KMHardwareAuthToken extends KMType {
   public static final byte MAC = 0x05;
 
   private static KMHardwareAuthToken prototype;
-  private static short instPtr;
+  private short[] instPtr;
 
   private KMHardwareAuthToken() {
+    instPtr = (short[]) JCSystem.makeTransientShortArray((short) 1, JCSystem.CLEAR_ON_RESET);
   }
 
   public static short exp() {
@@ -58,7 +60,7 @@ private static KMHardwareAuthToken proto(short ptr) {
     if (prototype == null) {
       prototype = new KMHardwareAuthToken();
     }
-    instPtr = ptr;
+    prototype.instPtr[0] = ptr;
     return prototype;
   }
 
@@ -96,7 +98,7 @@ public static KMHardwareAuthToken cast(short ptr) {
   }
 
   public short getVals() {
-    return Util.getShort(heap, (short) (instPtr + TLV_HEADER_SIZE));
+    return Util.getShort(heap, (short) (instPtr[0] + TLV_HEADER_SIZE));
   }
 
   public short length() {
diff --git a/Applet/src/com/android/javacard/keymaster/KMHmacSharingParameters.java b/Applet/src/com/android/javacard/keymaster/KMHmacSharingParameters.java
index 81a19bd3..b149b8bd 100644
--- a/Applet/src/com/android/javacard/keymaster/KMHmacSharingParameters.java
+++ b/Applet/src/com/android/javacard/keymaster/KMHmacSharingParameters.java
@@ -18,6 +18,7 @@
 
 import javacard.framework.ISO7816;
 import javacard.framework.ISOException;
+import javacard.framework.JCSystem;
 import javacard.framework.Util;
 
 /**
@@ -32,9 +33,10 @@ public class KMHmacSharingParameters extends KMType {
   public static final byte NONCE = 0x01;
 
   private static KMHmacSharingParameters prototype;
-  private static short instPtr;
+  private short[] instPtr;
 
   private KMHmacSharingParameters() {
+    instPtr = (short[]) JCSystem.makeTransientShortArray((short) 1, JCSystem.CLEAR_ON_RESET);
   }
 
   public static short exp() {
@@ -49,7 +51,7 @@ private static KMHmacSharingParameters proto(short ptr) {
     if (prototype == null) {
       prototype = new KMHmacSharingParameters();
     }
-    instPtr = ptr;
+    prototype.instPtr[0] = ptr;
     return prototype;
   }
 
@@ -79,7 +81,7 @@ public static KMHmacSharingParameters cast(short ptr) {
   }
 
   public short getVals() {
-    return Util.getShort(heap, (short) (instPtr + TLV_HEADER_SIZE));
+    return Util.getShort(heap, (short) (instPtr[0] + TLV_HEADER_SIZE));
   }
 
   public short length() {
diff --git a/Applet/src/com/android/javacard/keymaster/KMInteger.java b/Applet/src/com/android/javacard/keymaster/KMInteger.java
index 1330f85f..997eb637 100644
--- a/Applet/src/com/android/javacard/keymaster/KMInteger.java
+++ b/Applet/src/com/android/javacard/keymaster/KMInteger.java
@@ -18,6 +18,7 @@
 
 import javacard.framework.ISO7816;
 import javacard.framework.ISOException;
+import javacard.framework.JCSystem;
 import javacard.framework.Util;
 
 /**
@@ -29,16 +30,17 @@ public class KMInteger extends KMType {
   public static final short UINT_32 = 4;
   public static final short UINT_64 = 8;
   private static KMInteger prototype;
-  private static short instPtr;
+  private short[] instPtr;
 
   private KMInteger() {
+    instPtr = (short[]) JCSystem.makeTransientShortArray((short) 1, JCSystem.CLEAR_ON_RESET);
   }
 
   private static KMInteger proto(short ptr) {
     if (prototype == null) {
       prototype = new KMInteger();
     }
-    instPtr = ptr;
+    prototype.instPtr[0] = ptr;
     return prototype;
   }
 
@@ -115,7 +117,7 @@ public static short uint_64(byte[] num, short offset) {
 
   // Get the length of the integer
   public short length() {
-    return Util.getShort(heap, (short) (instPtr + 1));
+    return Util.getShort(heap, (short) (instPtr[0] + 1));
   }
 
   // Get the buffer pointer in which blob is contained.
@@ -125,7 +127,7 @@ public byte[] getBuffer() {
 
   // Get the start of value
   public short getStartOff() {
-    return (short) (instPtr + TLV_HEADER_SIZE);
+    return (short) (instPtr[0] + TLV_HEADER_SIZE);
   }
 
   public void getValue(byte[] dest, short destOff, short length) {
@@ -136,28 +138,28 @@ public void getValue(byte[] dest, short destOff, short length) {
       length = length();
       destOff += length;
     }
-    Util.arrayCopyNonAtomic(heap, (short) (instPtr + TLV_HEADER_SIZE), dest, destOff, length);
+    Util.arrayCopyNonAtomic(heap, (short) (instPtr[0] + TLV_HEADER_SIZE), dest, destOff, length);
   }
 
   public void setValue(byte[] src, short srcOff) {
-    Util.arrayCopyNonAtomic(src, srcOff, heap, (short) (instPtr + TLV_HEADER_SIZE), length());
+    Util.arrayCopyNonAtomic(src, srcOff, heap, (short) (instPtr[0] + TLV_HEADER_SIZE), length());
   }
 
   public short value(byte[] dest, short destOff) {
-    Util.arrayCopyNonAtomic(heap, (short) (instPtr + TLV_HEADER_SIZE), dest, destOff, length());
+    Util.arrayCopyNonAtomic(heap, (short) (instPtr[0] + TLV_HEADER_SIZE), dest, destOff, length());
     return length();
   }
 
   public short getShort() {
-    return Util.getShort(heap, (short) (instPtr + TLV_HEADER_SIZE + 2));
+    return Util.getShort(heap, (short) (instPtr[0] + TLV_HEADER_SIZE + 2));
   }
 
   public short getSignificantShort() {
-    return Util.getShort(heap, (short) (instPtr + TLV_HEADER_SIZE));
+    return Util.getShort(heap, (short) (instPtr[0] + TLV_HEADER_SIZE));
   }
 
   public byte getByte() {
-    return heap[(short) (instPtr + TLV_HEADER_SIZE + 3)];
+    return heap[(short) (instPtr[0] + TLV_HEADER_SIZE + 3)];
   }
 
   public boolean isZero() {
diff --git a/Applet/src/com/android/javacard/keymaster/KMIntegerArrayTag.java b/Applet/src/com/android/javacard/keymaster/KMIntegerArrayTag.java
index b97f5fa6..b9e3b3af 100644
--- a/Applet/src/com/android/javacard/keymaster/KMIntegerArrayTag.java
+++ b/Applet/src/com/android/javacard/keymaster/KMIntegerArrayTag.java
@@ -18,6 +18,7 @@
 
 import javacard.framework.ISO7816;
 import javacard.framework.ISOException;
+import javacard.framework.JCSystem;
 import javacard.framework.Util;
 
 /**
@@ -28,18 +29,19 @@
 public class KMIntegerArrayTag extends KMTag {
 
   private static KMIntegerArrayTag prototype;
-  private static short instPtr;
+  private short[] instPtr;
 
   private static final short[] tags = {USER_SECURE_ID};
 
   private KMIntegerArrayTag() {
+    instPtr = (short[]) JCSystem.makeTransientShortArray((short) 1, JCSystem.CLEAR_ON_RESET);
   }
 
   private static KMIntegerArrayTag proto(short ptr) {
     if (prototype == null) {
       prototype = new KMIntegerArrayTag();
     }
-    instPtr = ptr;
+    prototype.instPtr[0] = ptr;
     return prototype;
   }
 
@@ -95,15 +97,15 @@ public static KMIntegerArrayTag cast(short ptr) {
   }
 
   public short getTagType() {
-    return Util.getShort(heap, (short) (instPtr + TLV_HEADER_SIZE));
+    return Util.getShort(heap, (short) (instPtr[0] + TLV_HEADER_SIZE));
   }
 
   public short getKey() {
-    return Util.getShort(heap, (short) (instPtr + TLV_HEADER_SIZE + 2));
+    return Util.getShort(heap, (short) (instPtr[0] + TLV_HEADER_SIZE + 2));
   }
 
   public short getValues() {
-    return Util.getShort(heap, (short) (instPtr + TLV_HEADER_SIZE + 4));
+    return Util.getShort(heap, (short) (instPtr[0] + TLV_HEADER_SIZE + 4));
   }
 
   public short length() {
diff --git a/Applet/src/com/android/javacard/keymaster/KMIntegerTag.java b/Applet/src/com/android/javacard/keymaster/KMIntegerTag.java
index 44136ec4..5c79635f 100644
--- a/Applet/src/com/android/javacard/keymaster/KMIntegerTag.java
+++ b/Applet/src/com/android/javacard/keymaster/KMIntegerTag.java
@@ -18,6 +18,7 @@
 
 import javacard.framework.ISO7816;
 import javacard.framework.ISOException;
+import javacard.framework.JCSystem;
 import javacard.framework.Util;
 
 /**
@@ -28,7 +29,7 @@
 public class KMIntegerTag extends KMTag {
 
   private static KMIntegerTag prototype;
-  private static short instPtr;
+  private short[] instPtr;
   // Allowed tag keys.
   private static final short[] tags = {
       // UINT
@@ -53,13 +54,14 @@ public class KMIntegerTag extends KMTag {
   };
 
   private KMIntegerTag() {
+    instPtr = (short[]) JCSystem.makeTransientShortArray((short) 1, JCSystem.CLEAR_ON_RESET);
   }
 
   private static KMIntegerTag proto(short ptr) {
     if (prototype == null) {
       prototype = new KMIntegerTag();
     }
-    instPtr = ptr;
+    prototype.instPtr[0] = ptr;
     return prototype;
   }
 
@@ -115,15 +117,15 @@ public static KMIntegerTag cast(short ptr) {
   }
 
   public short getTagType() {
-    return Util.getShort(heap, (short) (instPtr + TLV_HEADER_SIZE));
+    return Util.getShort(heap, (short) (instPtr[0] + TLV_HEADER_SIZE));
   }
 
   public short getKey() {
-    return Util.getShort(heap, (short) (instPtr + TLV_HEADER_SIZE + 2));
+    return Util.getShort(heap, (short) (instPtr[0] + TLV_HEADER_SIZE + 2));
   }
 
   public short getValue() {
-    return Util.getShort(heap, (short) (instPtr + TLV_HEADER_SIZE + 4));
+    return Util.getShort(heap, (short) (instPtr[0] + TLV_HEADER_SIZE + 4));
   }
 
   public short length() {
@@ -173,7 +175,7 @@ public static short getValue(
   }
 
   public boolean isValidKeySize(byte alg) {
-    short val = KMIntegerTag.cast(instPtr).getValue();
+    short val = KMIntegerTag.cast(instPtr[0]).getValue();
     if (KMInteger.cast(val).getSignificantShort() != 0) {
       return false;
     }
diff --git a/Applet/src/com/android/javacard/keymaster/KMKeyCharacteristics.java b/Applet/src/com/android/javacard/keymaster/KMKeyCharacteristics.java
index 2ad16117..5ac2ef4d 100644
--- a/Applet/src/com/android/javacard/keymaster/KMKeyCharacteristics.java
+++ b/Applet/src/com/android/javacard/keymaster/KMKeyCharacteristics.java
@@ -18,6 +18,7 @@
 
 import javacard.framework.ISO7816;
 import javacard.framework.ISOException;
+import javacard.framework.JCSystem;
 import javacard.framework.Util;
 
 /**
@@ -31,9 +32,10 @@ public class KMKeyCharacteristics extends KMType {
   public static final byte SOFTWARE_ENFORCED = 0x00;
   public static final byte HARDWARE_ENFORCED = 0x01;
   private static KMKeyCharacteristics prototype;
-  private static short instPtr;
+  private short[] instPtr;
 
   private KMKeyCharacteristics() {
+    instPtr = (short[]) JCSystem.makeTransientShortArray((short) 1, JCSystem.CLEAR_ON_RESET);
   }
 
   public static short exp() {
@@ -50,7 +52,7 @@ private static KMKeyCharacteristics proto(short ptr) {
     if (prototype == null) {
       prototype = new KMKeyCharacteristics();
     }
-    instPtr = ptr;
+    prototype.instPtr[0] = ptr;
     return prototype;
   }
 
@@ -80,7 +82,7 @@ public static KMKeyCharacteristics cast(short ptr) {
   }
 
   public short getVals() {
-    return Util.getShort(heap, (short) (instPtr + TLV_HEADER_SIZE));
+    return Util.getShort(heap, (short) (instPtr[0] + TLV_HEADER_SIZE));
   }
 
   public short length() {
diff --git a/Applet/src/com/android/javacard/keymaster/KMKeyParameters.java b/Applet/src/com/android/javacard/keymaster/KMKeyParameters.java
index cfdd9c30..3c53bb35 100644
--- a/Applet/src/com/android/javacard/keymaster/KMKeyParameters.java
+++ b/Applet/src/com/android/javacard/keymaster/KMKeyParameters.java
@@ -18,6 +18,7 @@
 
 import javacard.framework.ISO7816;
 import javacard.framework.ISOException;
+import javacard.framework.JCSystem;
 import javacard.framework.Util;
 
 /**
@@ -28,16 +29,17 @@
 public class KMKeyParameters extends KMType {
 
   private static KMKeyParameters prototype;
-  private static short instPtr;
+  private short[] instPtr;
 
   private KMKeyParameters() {
+    instPtr = (short[]) JCSystem.makeTransientShortArray((short) 1, JCSystem.CLEAR_ON_RESET);
   }
 
   private static KMKeyParameters proto(short ptr) {
     if (prototype == null) {
       prototype = new KMKeyParameters();
     }
-    instPtr = ptr;
+    prototype.instPtr[0] = ptr;
     return prototype;
   }
 
@@ -74,7 +76,7 @@ public static KMKeyParameters cast(short ptr) {
   }
 
   public short getVals() {
-    return Util.getShort(heap, (short) (instPtr + TLV_HEADER_SIZE));
+    return Util.getShort(heap, (short) (instPtr[0] + TLV_HEADER_SIZE));
   }
 
   public short length() {
diff --git a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
index e8c1a8cc..59af95b6 100644
--- a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
+++ b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
@@ -192,7 +192,6 @@ protected KMKeymasterApplet(KMSEProvider seImpl) {
     seProvider = seImpl;
     boolean isUpgrading = seImpl.isUpgrading();
     repository = new KMRepository(isUpgrading);
-    byte[] buf = JCSystem.makeTransientByteArray((short) 32, JCSystem.CLEAR_ON_DESELECT);
     data = JCSystem.makeTransientShortArray((short) DATA_ARRAY_SIZE, JCSystem.CLEAR_ON_RESET);
     tmpVariables =
         JCSystem.makeTransientShortArray((short) TMP_VARIABLE_ARRAY_SIZE, JCSystem.CLEAR_ON_RESET);
@@ -466,7 +465,7 @@ && isProvisioningComplete())) {
       }
     } catch (KMException exception) {
       freeOperations();
-      sendError(apdu, KMException.reason);
+      sendError(apdu, KMException.getReason());
       exception.clear();
     } catch (ISOException exp) {
       sendError(apdu, mapISOErrorToKMError(exp.getReason()));
diff --git a/Applet/src/com/android/javacard/keymaster/KMOperationState.java b/Applet/src/com/android/javacard/keymaster/KMOperationState.java
index f1c65ea4..333962aa 100644
--- a/Applet/src/com/android/javacard/keymaster/KMOperationState.java
+++ b/Applet/src/com/android/javacard/keymaster/KMOperationState.java
@@ -31,6 +31,8 @@ public class KMOperationState {
   public static final byte MAX_REFS = 1;
   private static final byte DATA = 0;
   private static final byte REFS = 1;
+  private static final byte KMOPERATION = 0;
+  private static final byte SLOT = 1;
   // byte type
   private static final byte ALG = 0;
   private static final byte PURPOSE = 1;
@@ -53,14 +55,15 @@ public class KMOperationState {
 
   // Object References
   private static final byte OPERATION = 0;
-  private static KMOperation op;
-  private static byte[] data;
-  private static Object[] slot;
+  private byte[] data;
+  private Object[] objRefs;
   private static KMOperationState prototype;
-  private static boolean dFlag;
+  private byte[] dFlag;
 
   private KMOperationState() {
     data = JCSystem.makeTransientByteArray(MAX_DATA, JCSystem.CLEAR_ON_RESET);
+    objRefs = JCSystem.makeTransientObjectArray((short) 2, JCSystem.CLEAR_ON_RESET);
+    dFlag = JCSystem.makeTransientByteArray((short) 1, JCSystem.CLEAR_ON_RESET);
   }
 
   private static KMOperationState proto() {
@@ -73,28 +76,30 @@ private static KMOperationState proto() {
   public static KMOperationState instance(short opHandle, Object[] slot) {
     KMOperationState opState = proto();
     opState.reset();
-    Util.setShort(data, OP_HANDLE, opHandle);
-    KMOperationState.slot = slot;
+    Util.setShort(prototype.data, OP_HANDLE, opHandle);
+    prototype.objRefs[SLOT] = slot;
     return opState;
   }
 
   public static KMOperationState read(byte[] oprHandle, short off, Object[] slot) {
     KMOperationState opState = proto();
     opState.reset();
-    Util.arrayCopy((byte[]) slot[DATA], (short) 0, data, (short) 0, (short) data.length);
+    Util.arrayCopy((byte[]) slot[DATA], (short) 0, prototype.data, (short) 0, (short) prototype.data.length);
     Object[] ops = ((Object[]) slot[REFS]);
-    op = (KMOperation) ops[OPERATION];
-    Util.setShort(data, OP_HANDLE, KMInteger.uint_64(oprHandle, off));
-    KMOperationState.slot = slot;
+    prototype.objRefs[KMOPERATION] = ops[OPERATION];
+    Util.setShort(prototype.data, OP_HANDLE, KMInteger.uint_64(oprHandle, off));
+    prototype.objRefs[SLOT] = slot;
     return opState;
   }
 
   public void persist() {
-    if (!dFlag) {
+    if (0 == dFlag[0]) {
       return;
     }
-    KMRepository.instance().persistOperation(data, Util.getShort(data, OP_HANDLE), op);
-    dFlag = false;
+    KMRepository.instance().persistOperation(data,
+        Util.getShort(data, OP_HANDLE),
+        (KMOperation) objRefs[KMOPERATION]);
+    dFlag[0] = 0;
   }
 
   public void setKeySize(short keySize) {
@@ -106,30 +111,31 @@ public short getKeySize() {
   }
 
   public void reset() {
-    dFlag = false;
-    op = null;
-    slot = null;
+    dFlag[0] = 0;
+    objRefs[KMOPERATION] = null;
+    objRefs[SLOT] = null;
     Util.arrayFillNonAtomic(
         data, (short) 0, (short) data.length, (byte) 0);
   }
 
   private void dataUpdated() {
-    dFlag = true;
+    dFlag[0] = 1;
   }
 
   public void release() {
-    Object[] ops = ((Object[]) slot[REFS]);
+    Object[] slots = (Object[]) objRefs[SLOT];
+    Object[] ops = ((Object[]) slots[REFS]);
     ((KMOperation) ops[OPERATION]).abort();
     JCSystem.beginTransaction();
     Util.arrayFillNonAtomic(
-        (byte[]) slot[0], (short) 0, (short) ((byte[]) slot[0]).length, (byte) 0);
+        (byte[]) slots[0], (short) 0, (short) ((byte[]) slots[0]).length, (byte) 0);
     ops[OPERATION] = null;
     JCSystem.commitTransaction();
     reset();
   }
 
   public short getHandle() {
-    return Util.getShort(KMOperationState.data, OP_HANDLE);
+    return Util.getShort(data, OP_HANDLE);
   }
 
   public short getPurpose() {
@@ -141,14 +147,14 @@ public void setPurpose(byte purpose) {
     dataUpdated();
   }
 
-  public void setOperation(KMOperation operation) {
-    op = operation;
+  public void setOperation(KMOperation opr) {
+    objRefs[KMOPERATION] = opr;
     dataUpdated();
     persist();
   }
 
   public KMOperation getOperation() {
-    return op;
+    return (KMOperation) objRefs[KMOPERATION];
   }
 
   public boolean isAuthPerOperationReqd() {
diff --git a/Applet/src/com/android/javacard/keymaster/KMRepository.java b/Applet/src/com/android/javacard/keymaster/KMRepository.java
index 94bde080..b88173e4 100644
--- a/Applet/src/com/android/javacard/keymaster/KMRepository.java
+++ b/Applet/src/com/android/javacard/keymaster/KMRepository.java
@@ -86,10 +86,10 @@ public class KMRepository implements KMUpgradable {
   // Class Attributes
   private Object[] operationStateTable;
   private byte[] heap;
-  private short heapIndex;
+  private short[] heapIndex;
   private byte[] dataTable;
-  private short dataIndex;
-  private short reclaimIndex;
+  private short[] dataIndex;
+  private short[] reclaimIndex;
 
   // Singleton instance
   private static KMRepository repository;
@@ -99,10 +99,14 @@ public static KMRepository instance() {
   }
 
   public KMRepository(boolean isUpgrading) {
-    newDataTable(isUpgrading);
     heap = JCSystem.makeTransientByteArray(HEAP_SIZE, JCSystem.CLEAR_ON_RESET);
-    heapIndex = 0;
-    reclaimIndex = HEAP_SIZE;
+    heapIndex = JCSystem.makeTransientShortArray((short) 1, JCSystem.CLEAR_ON_RESET);
+    reclaimIndex = JCSystem.makeTransientShortArray((short) 1, JCSystem.CLEAR_ON_RESET);
+    dataIndex = JCSystem.makeTransientShortArray((short) 1, JCSystem.CLEAR_ON_RESET);
+    heapIndex[0] = (short) 0;
+    reclaimIndex[0] = HEAP_SIZE;
+    dataIndex[0] = (short) 0;
+    newDataTable(isUpgrading);
     operationStateTable = new Object[MAX_OPS];
     // create and initialize operation state table.
     //First byte in the operation handle buffer denotes whether the operation is
@@ -309,9 +313,9 @@ public void onProcess() {
   }
 
   public void clean() {
-    Util.arrayFillNonAtomic(heap, (short) 0, heapIndex, (byte) 0);
-    heapIndex = 0;
-    reclaimIndex = HEAP_SIZE;
+    Util.arrayFillNonAtomic(heap, (short) 0, heapIndex[0], (byte) 0);
+    heapIndex[0] = (short) 0;
+    reclaimIndex[0] = HEAP_SIZE;
   }
 
   public void onDeselect() {
@@ -324,46 +328,46 @@ public void onSelect() {
   // This function uses memory from the back of the heap(transient memory). Call
   // reclaimMemory function immediately after the use.
   public short allocReclaimableMemory(short length) {
-    if ((((short) (reclaimIndex - length)) <= heapIndex)
+    if ((((short) (reclaimIndex[0] - length)) <= heapIndex[0])
         || (length >= HEAP_SIZE / 2)) {
       ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED);
     }
-    reclaimIndex -= length;
-    return reclaimIndex;
+    reclaimIndex[0] -= length;
+    return reclaimIndex[0];
   }
 
   // Reclaims the memory back.
   public void reclaimMemory(short length) {
-    if (reclaimIndex < heapIndex) {
+    if (reclaimIndex[0] < heapIndex[0]) {
       ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED);
     }
-    reclaimIndex += length;
+    reclaimIndex[0] += length;
   }
 
   public short allocAvailableMemory() {
-    if (heapIndex >= heap.length) {
+    if (heapIndex[0] >= heap.length) {
       ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED);
     }
-    short index = heapIndex;
-    heapIndex = (short) heap.length;
+    short index = heapIndex[0];
+    heapIndex[0] = (short) heap.length;
     return index;
   }
 
   public short alloc(short length) {
-    if ((((short) (heapIndex + length)) > heap.length) ||
-        (((short) (heapIndex + length)) > reclaimIndex)) {
+    if ((((short) (heapIndex[0] + length)) > heap.length) ||
+        (((short) (heapIndex[0] + length)) > reclaimIndex[0])) {
       ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED);
     }
-    heapIndex += length;
-    return (short) (heapIndex - length);
+    heapIndex[0] += length;
+    return (short) (heapIndex[0] - length);
   }
 
   private short dataAlloc(short length) {
-    if (((short) (dataIndex + length)) > dataTable.length) {
+    if (((short) (dataIndex[0] + length)) > dataTable.length) {
       ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED);
     }
-    dataIndex += length;
-    return (short) (dataIndex - length);
+    dataIndex[0] += length;
+    return (short) (dataIndex[0] - length);
   }
 
 
@@ -371,7 +375,7 @@ private void newDataTable(boolean isUpgrading) {
     if (!isUpgrading) {
       if (dataTable == null) {
         dataTable = new byte[DATA_MEM_SIZE];
-        dataIndex = (short) (DATA_INDEX_SIZE * DATA_INDEX_ENTRY_SIZE);
+        dataIndex[0] = (short) (DATA_INDEX_SIZE * DATA_INDEX_ENTRY_SIZE);
       }
     }
   }
@@ -713,7 +717,7 @@ public void onSave(Element ele) {
 
   @Override
   public void onRestore(Element ele) {
-    dataIndex = ele.readShort();
+    dataIndex[0] = ele.readShort();
     dataTable = (byte[]) ele.readObject();
   }
 
diff --git a/Applet/src/com/android/javacard/keymaster/KMVerificationToken.java b/Applet/src/com/android/javacard/keymaster/KMVerificationToken.java
index 1a03b33c..a57ac803 100644
--- a/Applet/src/com/android/javacard/keymaster/KMVerificationToken.java
+++ b/Applet/src/com/android/javacard/keymaster/KMVerificationToken.java
@@ -18,6 +18,7 @@
 
 import javacard.framework.ISO7816;
 import javacard.framework.ISOException;
+import javacard.framework.JCSystem;
 import javacard.framework.Util;
 
 /**
@@ -36,9 +37,10 @@ public class KMVerificationToken extends KMType {
   public static final byte MAC = 0x04;
 
   private static KMVerificationToken prototype;
-  private static short instPtr;
+  private short[] instPtr;
 
   private KMVerificationToken() {
+    instPtr = (short[]) JCSystem.makeTransientShortArray((short) 1, JCSystem.CLEAR_ON_DESELECT);
   }
 
   public static short exp() {
@@ -57,7 +59,7 @@ private static KMVerificationToken proto(short ptr) {
     if (prototype == null) {
       prototype = new KMVerificationToken();
     }
-    instPtr = ptr;
+    prototype.instPtr[0] = ptr;
     return prototype;
   }
 
@@ -94,7 +96,7 @@ public static KMVerificationToken cast(short ptr) {
   }
 
   public short getVals() {
-    return Util.getShort(heap, (short) (instPtr + TLV_HEADER_SIZE));
+    return Util.getShort(heap, (short) (instPtr[0] + TLV_HEADER_SIZE));
   }
 
   public short length() {

From a7eb86c071379ee025afead579210205d8aa077a Mon Sep 17 00:00:00 2001
From: bvenkateswarlu 
Date: Mon, 22 Mar 2021 21:22:24 +0000
Subject: [PATCH 104/169] Renamed the keyRequiresUpgrade function with a
 meaningful name

---
 .../javacard/keymaster/KMKeymasterApplet.java      | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
index e8c1a8cc..8f40f775 100644
--- a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
+++ b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
@@ -1096,7 +1096,7 @@ private void processComputeSharedHmacCmd(APDU apdu) {
     sendOutgoing(apdu);
   }
 
-  private boolean keyRequiresUpgrade(short tag, short systemParam) {
+  private boolean isKeyUpgradeRequired(short tag, short systemParam) {
     // validate the tag and check if key needs upgrade.
     tmpVariables[0] = KMKeyParameters.findTag(KMType.UINT_TAG, tag, data[HW_PARAMETERS]);
     tmpVariables[0] = KMIntegerTag.cast(tmpVariables[0]).getValue();
@@ -1148,14 +1148,14 @@ private void processUpgradeKeyCmd(APDU apdu) {
     }
     // parse existing key blob
     parseEncryptedKeyBlob(scratchPad);
-    boolean keyRequiresUpgrade = false;
+    boolean isKeyUpgradeRequired = false;
     // Check if key requires upgrade.
-    keyRequiresUpgrade |= keyRequiresUpgrade(KMType.OS_VERSION, repository.getOsVersion());
-    keyRequiresUpgrade |= keyRequiresUpgrade(KMType.OS_PATCH_LEVEL, repository.getOsPatch());
-    keyRequiresUpgrade |= keyRequiresUpgrade(KMType.VENDOR_PATCH_LEVEL, repository.getVendorPatchLevel());
-    keyRequiresUpgrade |= keyRequiresUpgrade(KMType.BOOT_PATCH_LEVEL, repository.getBootPatchLevel());
+    isKeyUpgradeRequired |= isKeyUpgradeRequired(KMType.OS_VERSION, repository.getOsVersion());
+    isKeyUpgradeRequired |= isKeyUpgradeRequired(KMType.OS_PATCH_LEVEL, repository.getOsPatch());
+    isKeyUpgradeRequired |= isKeyUpgradeRequired(KMType.VENDOR_PATCH_LEVEL, repository.getVendorPatchLevel());
+    isKeyUpgradeRequired |= isKeyUpgradeRequired(KMType.BOOT_PATCH_LEVEL, repository.getBootPatchLevel());
 
-    if (keyRequiresUpgrade) {
+    if (isKeyUpgradeRequired) {
       // copy origin
       data[ORIGIN] = KMEnumTag.getValue(KMType.ORIGIN, data[HW_PARAMETERS]);
       // create new key blob with current os version etc.

From c7958487d1518dc7820b62d131f6e8ef6ce1bc8f Mon Sep 17 00:00:00 2001
From: bvenkateswarlu 
Date: Tue, 23 Mar 2021 13:27:02 +0000
Subject: [PATCH 105/169] Modified KMKeymasterApplet code to reduce NVM writes

---
 .../keymaster/KMAndroidSEProvider.java        |   9 +-
 .../javacard/keymaster/KMJCardSimulator.java  |   9 +-
 .../javacard/keymaster/KMKeymasterApplet.java | 240 +++++++++---------
 3 files changed, 134 insertions(+), 124 deletions(-)

diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java
index 369276c7..5e247259 100644
--- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java
+++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java
@@ -1133,13 +1133,12 @@ public void clearCertificateChain() {
   @Override
   public void persistPartialCertificateChain(byte[] buf, short offset, short len, short totalLen) {
     //  _____________________________________________________
-    // | 2 Bytes | 1 Byte | 3 Bytes | Cert1 | 3 Bytes | Cert2|...
-    // |_________|________|_________|_______|_________|______|
+    // | 2 Bytes | 1 Byte | 3 Bytes | Cert1 |  Cert2 |...
+    // |_________|________|_________|_______|________|_______
     // First two bytes holds the length of the total buffer.
     // CBOR format:
-    // Next single byte holds the array header.
-    // Next 3 bytes holds the Byte array header with the cert1 length.
-    // Next 3 bytes holds the Byte array header with the cert2 length.
+    // Next single byte holds the byte string header.
+    // Next 3 bytes holds the total length of the certificate chain.
     if (totalLen > (short) (CERT_CHAIN_MAX_SIZE - 2)) {
       KMException.throwIt(KMError.INVALID_INPUT_LENGTH);
     }
diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java
index 20de91c8..c6948e63 100644
--- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java
+++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java
@@ -1203,13 +1203,12 @@ public void clearCertificateChain() {
   public void persistPartialCertificateChain(byte[] buf, short offset,
       short len, short totalLen) {
     //  _____________________________________________________
-    // | 2 Bytes | 1 Byte | 3 Bytes | Cert1 | 3 Bytes | Cert2|...
-    // |_________|________|_________|_______|_________|______|
+    // | 2 Bytes | 1 Byte | 3 Bytes | Cert1 |  Cert2 |...
+    // |_________|________|_________|_______|________|_______
     // First two bytes holds the length of the total buffer.
     // CBOR format:
-    // Next single byte holds the array header.
-    // Next 3 bytes holds the Byte array header with the cert1 length.
-    // Next 3 bytes holds the Byte array header with the cert2 length.
+    // Next single byte holds the byte string header.
+    // Next 3 bytes holds the total length of the certificate chain.
     if (totalLen > (short) (CERT_CHAIN_MAX_SIZE - 2)) {
       KMException.throwIt(KMError.INVALID_INPUT_LENGTH);
     }
diff --git a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
index 59af95b6..d6ace193 100644
--- a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
+++ b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
@@ -170,6 +170,11 @@ public class KMKeymasterApplet extends Applet implements AppletEvent, ExtendedLe
   private static final byte AES_GCM_NONCE_LENGTH = 12;
   // ComputeHMAC constants
   private static final short HMAC_SHARED_PARAM_MAX_SIZE = 64;
+  // Maximum certificate size.
+  private static final short MAX_CERT_SIZE = 2048;
+  // Buffer constants.
+  private static final short BUF_START_OFFSET = 0;
+  private static final short BUF_LEN_OFFSET = 2;
 
   // Keymaster Applet attributes
   protected static byte keymasterState = ILLEGAL_STATE;
@@ -177,13 +182,11 @@ public class KMKeymasterApplet extends Applet implements AppletEvent, ExtendedLe
   protected static KMDecoder decoder;
   protected static KMRepository repository;
   protected static KMSEProvider seProvider;
-  protected static byte[] buffer;
-  protected static short bufferLength;
-  protected static short bufferStartOffset;
+  protected static Object[] bufferRef;
+  protected static short[] bufferProp;
   protected static short[] tmpVariables;
   protected static short[] data;
-  protected byte provisionStatus = NOT_PROVISIONED;
-  protected static final short MAX_CERT_SIZE = 2048;
+  protected static byte[] provisionStatus;
 
   /**
    * Registers this applet.
@@ -192,9 +195,7 @@ protected KMKeymasterApplet(KMSEProvider seImpl) {
     seProvider = seImpl;
     boolean isUpgrading = seImpl.isUpgrading();
     repository = new KMRepository(isUpgrading);
-    data = JCSystem.makeTransientShortArray((short) DATA_ARRAY_SIZE, JCSystem.CLEAR_ON_RESET);
-    tmpVariables =
-        JCSystem.makeTransientShortArray((short) TMP_VARIABLE_ARRAY_SIZE, JCSystem.CLEAR_ON_RESET);
+    initializeTransientArrays();
     if (!isUpgrading) {
       keymasterState = KMKeymasterApplet.INIT_STATE;
       seProvider.createMasterKey((short) (KMRepository.MASTER_KEY_SIZE * 8));
@@ -204,6 +205,17 @@ protected KMKeymasterApplet(KMSEProvider seImpl) {
     decoder = new KMDecoder();
   }
 
+  private void initializeTransientArrays() {
+    data = JCSystem.makeTransientShortArray((short) DATA_ARRAY_SIZE, JCSystem.CLEAR_ON_RESET);
+    bufferRef = JCSystem.makeTransientObjectArray((short) 1, JCSystem.CLEAR_ON_RESET);
+    bufferProp = JCSystem.makeTransientShortArray((short) 4, JCSystem.CLEAR_ON_RESET);
+    provisionStatus = JCSystem.makeTransientByteArray((short) 1, JCSystem.CLEAR_ON_RESET);
+    tmpVariables =
+        JCSystem.makeTransientShortArray((short) TMP_VARIABLE_ARRAY_SIZE, JCSystem.CLEAR_ON_RESET);
+    bufferProp[BUF_START_OFFSET] = 0;
+    bufferProp[BUF_LEN_OFFSET] = 0;
+    provisionStatus[0] = NOT_PROVISIONED;
+  }
   /**
    * Selects this applet.
    *
@@ -321,43 +333,43 @@ public void process(APDU apdu) {
       if (!(apduIns > INS_BEGIN_KM_CMD && apduIns < INS_END_KM_CMD)) {
         ISOException.throwIt(ISO7816.SW_INS_NOT_SUPPORTED);
       }
-      buffer = repository.getHeap();
+      bufferRef[0] = repository.getHeap();
       // Process the apdu
       if (keymasterState == KMKeymasterApplet.IN_PROVISION_STATE) {
         switch (apduIns) {
           case INS_PROVISION_ATTESTATION_KEY_CMD:
             processProvisionAttestationKey(apdu);
-            provisionStatus |= KMKeymasterApplet.PROVISION_STATUS_ATTESTATION_KEY;
+            provisionStatus[0] |= KMKeymasterApplet.PROVISION_STATUS_ATTESTATION_KEY;
             sendError(apdu, KMError.OK);
             return;
 
           case INS_PROVISION_ATTESTATION_CERT_CHAIN_CMD:
             processProvisionAttestationCertChainCmd(apdu);
-            provisionStatus |= KMKeymasterApplet.PROVISION_STATUS_ATTESTATION_CERT_CHAIN;
+            provisionStatus[0] |= KMKeymasterApplet.PROVISION_STATUS_ATTESTATION_CERT_CHAIN;
             sendError(apdu, KMError.OK);
             return;
 
           case INS_PROVISION_ATTESTATION_CERT_PARAMS_CMD:
             processProvisionAttestationCertParams(apdu);
-            provisionStatus |= KMKeymasterApplet.PROVISION_STATUS_ATTESTATION_CERT_PARAMS;
+            provisionStatus[0] |= KMKeymasterApplet.PROVISION_STATUS_ATTESTATION_CERT_PARAMS;
             sendError(apdu, KMError.OK);
             return;
 
           case INS_PROVISION_ATTEST_IDS_CMD:
             processProvisionAttestIdsCmd(apdu);
-            provisionStatus |= KMKeymasterApplet.PROVISION_STATUS_ATTEST_IDS;
+            provisionStatus[0] |= KMKeymasterApplet.PROVISION_STATUS_ATTEST_IDS;
             sendError(apdu, KMError.OK);
             return;
 
           case INS_PROVISION_PRESHARED_SECRET_CMD:
             processProvisionSharedSecretCmd(apdu);
-            provisionStatus |= KMKeymasterApplet.PROVISION_STATUS_PRESHARED_SECRET;
+            provisionStatus[0] |= KMKeymasterApplet.PROVISION_STATUS_PRESHARED_SECRET;
             sendError(apdu, KMError.OK);
             return;
 
           case INS_LOCK_PROVISIONING_CMD:
             if (isProvisioningComplete()) {
-              provisionStatus |= KMKeymasterApplet.PROVISION_STATUS_PROVISIONING_LOCKED;
+              provisionStatus[0] |= KMKeymasterApplet.PROVISION_STATUS_PROVISIONING_LOCKED;
               keymasterState = KMKeymasterApplet.ACTIVE_STATE;
               sendError(apdu, KMError.OK);
             } else {
@@ -376,7 +388,7 @@ public void process(APDU apdu) {
               ISOException.throwIt(ISO7816.SW_COMMAND_NOT_ALLOWED);
             }
             processSetBootParamsCmd(apdu);
-            provisionStatus |= KMKeymasterApplet.PROVISION_STATUS_BOOT_PARAM;
+            provisionStatus[0] |= KMKeymasterApplet.PROVISION_STATUS_BOOT_PARAM;
             seProvider.clearDeviceBooted(false);
             sendError(apdu, KMError.OK);
             return;
@@ -489,11 +501,11 @@ private void generateUniqueOperationHandle(byte[] buf, short offset, short len)
   }
 
   private boolean isProvisioningComplete() {
-    if ((0 != (provisionStatus & PROVISION_STATUS_ATTESTATION_KEY))
-        && (0 != (provisionStatus & PROVISION_STATUS_ATTESTATION_CERT_CHAIN))
-        && (0 != (provisionStatus & PROVISION_STATUS_ATTESTATION_CERT_PARAMS))
-        && (0 != (provisionStatus & PROVISION_STATUS_PRESHARED_SECRET))
-        && (0 != (provisionStatus & PROVISION_STATUS_BOOT_PARAM))) {
+    if ((0 != (provisionStatus[0] & PROVISION_STATUS_ATTESTATION_KEY))
+        && (0 != (provisionStatus[0] & PROVISION_STATUS_ATTESTATION_CERT_CHAIN))
+        && (0 != (provisionStatus[0] & PROVISION_STATUS_ATTESTATION_CERT_PARAMS))
+        && (0 != (provisionStatus[0] & PROVISION_STATUS_PRESHARED_SECRET))
+        && (0 != (provisionStatus[0] & PROVISION_STATUS_BOOT_PARAM))) {
       return true;
     } else {
       return false;
@@ -521,9 +533,9 @@ private void processDeviceLockedCmd(APDU apdu) {
     tmpVariables[1] = KMVerificationToken.exp();
     KMArray.cast(tmpVariables[0]).add((short) 1, tmpVariables[1]);
     // Decode the arguments
-    tmpVariables[0] = decoder.decode(tmpVariables[0], buffer, bufferStartOffset, bufferLength);
+    tmpVariables[0] = decoder.decode(tmpVariables[0], (byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET], bufferProp[BUF_LEN_OFFSET]);
     //reclaim memory
-    repository.reclaimMemory(bufferLength);
+    repository.reclaimMemory(bufferProp[BUF_LEN_OFFSET]);
 
     tmpVariables[1] = KMArray.cast(tmpVariables[0]).get((short) 0);
     tmpVariables[1] = KMInteger.cast(tmpVariables[1]).getByte();
@@ -558,14 +570,14 @@ private void resetData() {
    * Sends a response, may be extended response, as requested by the command.
    */
   public static void sendOutgoing(APDU apdu) {
-    if (((short) (bufferLength + bufferStartOffset)) > ((short) repository
+    if (((short) (bufferProp[BUF_LEN_OFFSET] + bufferProp[BUF_START_OFFSET])) > ((short) repository
         .getHeap().length)) {
       ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
     }
     // Send data
     apdu.setOutgoing();
-    apdu.setOutgoingLength(bufferLength);
-    apdu.sendBytesLong(buffer, bufferStartOffset, bufferLength);
+    apdu.setOutgoingLength(bufferProp[BUF_LEN_OFFSET]);
+    apdu.sendBytesLong((byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET], bufferProp[BUF_LEN_OFFSET]);
   }
 
   /**
@@ -575,12 +587,12 @@ public static void receiveIncoming(APDU apdu) {
     byte[] srcBuffer = apdu.getBuffer();
     short recvLen = apdu.setIncomingAndReceive();
     short srcOffset = apdu.getOffsetCdata();
-    bufferLength = apdu.getIncomingLength();
-    bufferStartOffset = repository.allocReclaimableMemory(bufferLength);
-    short index = bufferStartOffset;
+    bufferProp[BUF_LEN_OFFSET] = apdu.getIncomingLength();
+    bufferProp[BUF_START_OFFSET] = repository.allocReclaimableMemory(bufferProp[BUF_LEN_OFFSET]);
+    short index = bufferProp[BUF_START_OFFSET];
 
-    while (recvLen > 0 && ((short) (index - bufferStartOffset) < bufferLength)) {
-      Util.arrayCopyNonAtomic(srcBuffer, srcOffset, buffer, index, recvLen);
+    while (recvLen > 0 && ((short) (index - bufferProp[BUF_START_OFFSET]) < bufferProp[BUF_LEN_OFFSET])) {
+      Util.arrayCopyNonAtomic(srcBuffer, srcOffset, (byte[]) bufferRef[0], index, recvLen);
       index += recvLen;
       recvLen = apdu.receiveBytes(srcOffset);
     }
@@ -604,9 +616,9 @@ private void processGetHwInfoCmd(APDU apdu) {
             JavacardKeymasterDevice, (short) 0, (short) JavacardKeymasterDevice.length));
     resp.add((short) 2, KMByteBlob.instance(Google, (short) 0, (short) Google.length));
 
-    bufferStartOffset = repository.allocAvailableMemory();
-    // Encode the response - actual bufferLength is 86
-    bufferLength = encoder.encode(respPtr, buffer, bufferStartOffset);
+    bufferProp[BUF_START_OFFSET] = repository.allocAvailableMemory();
+    // Encode the response - actual bufferProp[BUF_LEN_OFFSET] is 86
+    bufferProp[BUF_LEN_OFFSET] = encoder.encode(respPtr, (byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET]);
     // send buffer to master
     sendOutgoing(apdu);
   }
@@ -618,9 +630,9 @@ private void processAddRngEntropyCmd(APDU apdu) {
     short argsProto = KMArray.instance((short) 1);
     KMArray.cast(argsProto).add((short) 0, KMByteBlob.exp());
     // Decode the argument
-    short args = decoder.decode(argsProto, buffer, bufferStartOffset, bufferLength);
+    short args = decoder.decode(argsProto, (byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET], bufferProp[BUF_LEN_OFFSET]);
     //reclaim memory
-    repository.reclaimMemory(bufferLength);
+    repository.reclaimMemory(bufferProp[BUF_LEN_OFFSET]);
 
     // Process
     KMByteBlob blob = KMByteBlob.cast(KMArray.cast(args).get((short) 0));
@@ -638,14 +650,14 @@ private void processGetCertChainCmd(APDU apdu) {
     // Add arrayHeader and KMError.OK
     tmpVariables[0] += 2;
     tmpVariables[1] = KMByteBlob.instance(tmpVariables[0]);
-    buffer = KMByteBlob.cast(tmpVariables[1]).getBuffer();
-    bufferStartOffset = KMByteBlob.cast(tmpVariables[1]).getStartOff();
-    bufferLength = KMByteBlob.cast(tmpVariables[1]).length();
+    bufferRef[0] = KMByteBlob.cast(tmpVariables[1]).getBuffer();
+    bufferProp[BUF_START_OFFSET] = KMByteBlob.cast(tmpVariables[1]).getStartOff();
+    bufferProp[BUF_LEN_OFFSET] = KMByteBlob.cast(tmpVariables[1]).length();
     // read the cert chain from non-volatile memory. Cert chain is already in
     // CBOR format.
-    seProvider.readCertificateChain(buffer, (short) (bufferStartOffset + 2));
+    seProvider.readCertificateChain((byte[]) bufferRef[0], (short) (bufferProp[BUF_START_OFFSET] + 2));
     // Encode cert chain.
-    encoder.encodeCertChain(buffer, bufferStartOffset, bufferLength);
+    encoder.encodeCertChain((byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET], bufferProp[BUF_LEN_OFFSET]);
     sendOutgoing(apdu);
   }
 
@@ -657,9 +669,9 @@ private void processProvisionAttestationCertParams(APDU apdu) {
     KMArray.cast(argsProto).add((short) 0, blob); // Cert - DER encoded issuer
     KMArray.cast(argsProto).add((short) 1, blob); // Cert - Expiry Time
     // Decode the argument.
-    short args = decoder.decode(argsProto, buffer, bufferStartOffset, bufferLength);
+    short args = decoder.decode(argsProto, (byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET], bufferProp[BUF_LEN_OFFSET]);
     //reclaim memory
-    repository.reclaimMemory(bufferLength);
+    repository.reclaimMemory(bufferProp[BUF_LEN_OFFSET]);
 
     // save issuer - DER Encoded
     tmpVariables[0] = KMArray.cast(args).get((short) 0);
@@ -685,21 +697,21 @@ private void processProvisionAttestationCertChainCmd(APDU apdu) {
     byte[] srcBuffer = apdu.getBuffer();
     short recvLen = apdu.setIncomingAndReceive();
     short srcOffset = apdu.getOffsetCdata();
-    bufferLength = apdu.getIncomingLength();
-    bufferStartOffset = repository.alloc(bufferLength);
+    bufferProp[BUF_LEN_OFFSET] = apdu.getIncomingLength();
+    bufferProp[BUF_START_OFFSET] = repository.alloc(bufferProp[BUF_LEN_OFFSET]);
     short bytesRead = 0;
-    Util.arrayCopyNonAtomic(srcBuffer, srcOffset, buffer, bufferStartOffset,
+    Util.arrayCopyNonAtomic(srcBuffer, srcOffset, (byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET],
         recvLen);
     // tmpVariables[1] holds the total length + Header length.
-    tmpVariables[1] = decoder.readCertificateChainLengthAndHeaderLen(buffer,
-        bufferStartOffset, recvLen);
-    while (recvLen > 0 && ((short) bytesRead <= bufferLength)) {
-      seProvider.persistPartialCertificateChain(buffer, bufferStartOffset,
-          recvLen, bufferLength);
+    tmpVariables[1] = decoder.readCertificateChainLengthAndHeaderLen((byte[]) bufferRef[0],
+        bufferProp[BUF_START_OFFSET], recvLen);
+    while (recvLen > 0 && ((short) bytesRead <= bufferProp[BUF_LEN_OFFSET])) {
+      seProvider.persistPartialCertificateChain((byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET],
+          recvLen, bufferProp[BUF_LEN_OFFSET]);
       bytesRead += recvLen;
       recvLen = apdu.receiveBytes(srcOffset);
       if (recvLen > 0) {
-        Util.arrayCopyNonAtomic(srcBuffer, srcOffset, buffer, bufferStartOffset,
+        Util.arrayCopyNonAtomic(srcBuffer, srcOffset, (byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET],
             recvLen);
       }
     }
@@ -722,9 +734,9 @@ private void processProvisionAttestationKey(APDU apdu) {
     KMArray.cast(argsProto).add((short) 2, blob);
 
     // Decode the argument
-    short args = decoder.decode(argsProto, buffer, bufferStartOffset, bufferLength);
+    short args = decoder.decode(argsProto, (byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET], bufferProp[BUF_LEN_OFFSET]);
     //reclaim memory
-    repository.reclaimMemory(bufferLength);
+    repository.reclaimMemory(bufferProp[BUF_LEN_OFFSET]);
 
     // key params should have os patch, os version and verified root of trust
     data[KEY_PARAMETERS] = KMArray.cast(args).get((short) 0);
@@ -787,9 +799,9 @@ private void processProvisionAttestIdsCmd(APDU apdu) {
     short argsProto = KMArray.instance((short) 1);
     KMArray.cast(argsProto).add((short) 0, keyparams);
     // Decode the argument.
-    short args = decoder.decode(argsProto, buffer, bufferStartOffset, bufferLength);
+    short args = decoder.decode(argsProto, (byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET], bufferProp[BUF_LEN_OFFSET]);
     //reclaim memory
-    repository.reclaimMemory(bufferLength);
+    repository.reclaimMemory(bufferProp[BUF_LEN_OFFSET]);
 
     data[KEY_PARAMETERS] = KMArray.cast(args).get((short) 0);
     // persist attestation Ids - if any is missing then exception occurs
@@ -810,9 +822,9 @@ private void processProvisionSharedSecretCmd(APDU apdu) {
     short argsProto = KMArray.instance((short) 1);
     KMArray.cast(argsProto).add((short) 0, blob);
     // Decode the argument.
-    short args = decoder.decode(argsProto, buffer, bufferStartOffset, bufferLength);
+    short args = decoder.decode(argsProto, (byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET], bufferProp[BUF_LEN_OFFSET]);
     //reclaim memory
-    repository.reclaimMemory(bufferLength);
+    repository.reclaimMemory(bufferProp[BUF_LEN_OFFSET]);
 
     tmpVariables[0] = KMArray.cast(args).get((short) 0);
     if (tmpVariables[0] != KMType.INVALID_VALUE
@@ -829,10 +841,10 @@ private void processProvisionSharedSecretCmd(APDU apdu) {
   private void processGetProvisionStatusCmd(APDU apdu) {
     tmpVariables[0] = KMArray.instance((short) 2);
     KMArray.cast(tmpVariables[0]).add((short) 0, KMInteger.uint_16(KMError.OK));
-    KMArray.cast(tmpVariables[0]).add((short) 1, KMInteger.uint_16(provisionStatus));
+    KMArray.cast(tmpVariables[0]).add((short) 1, KMInteger.uint_16(provisionStatus[0]));
 
-    bufferStartOffset = repository.allocAvailableMemory();
-    bufferLength = encoder.encode(tmpVariables[0], buffer, bufferStartOffset);
+    bufferProp[BUF_START_OFFSET] = repository.allocAvailableMemory();
+    bufferProp[BUF_LEN_OFFSET] = encoder.encode(tmpVariables[0], (byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET]);
     sendOutgoing(apdu);
   }
 
@@ -884,9 +896,9 @@ private void processGetKeyCharacteristicsCmd(APDU apdu) {
     KMArray.cast(tmpVariables[0]).add((short) 1, KMByteBlob.exp());
     KMArray.cast(tmpVariables[0]).add((short) 2, KMByteBlob.exp());
     // Decode the arguments
-    tmpVariables[0] = decoder.decode(tmpVariables[0], buffer, bufferStartOffset, bufferLength);
+    tmpVariables[0] = decoder.decode(tmpVariables[0], (byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET], bufferProp[BUF_LEN_OFFSET]);
     //reclaim memory
-    repository.reclaimMemory(bufferLength);
+    repository.reclaimMemory(bufferProp[BUF_LEN_OFFSET]);
 
     data[KEY_BLOB] = KMArray.cast(tmpVariables[0]).get((short) 0);
     data[APP_ID] = KMArray.cast(tmpVariables[0]).get((short) 1);
@@ -906,9 +918,9 @@ private void processGetKeyCharacteristicsCmd(APDU apdu) {
     KMArray.cast(tmpVariables[0]).add((short) 0, KMInteger.uint_16(KMError.OK));
     KMArray.cast(tmpVariables[0]).add((short) 1, data[KEY_CHARACTERISTICS]);
 
-    bufferStartOffset = repository.allocAvailableMemory();
+    bufferProp[BUF_START_OFFSET] = repository.allocAvailableMemory();
     // Encode the response
-    bufferLength = encoder.encode(tmpVariables[0], buffer, bufferStartOffset);
+    bufferProp[BUF_LEN_OFFSET] = encoder.encode(tmpVariables[0], (byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET]);
     sendOutgoing(apdu);
   }
 
@@ -923,9 +935,9 @@ private void processGetHmacSharingParamCmd(APDU apdu) {
     KMArray.cast(tmpVariables[3]).add((short) 0, KMInteger.uint_16(KMError.OK));
     KMArray.cast(tmpVariables[3]).add((short) 1, tmpVariables[2]);
 
-    bufferStartOffset = repository.allocAvailableMemory();
+    bufferProp[BUF_START_OFFSET] = repository.allocAvailableMemory();
     // Encode the response
-    bufferLength = encoder.encode(tmpVariables[3], buffer, bufferStartOffset);
+    bufferProp[BUF_LEN_OFFSET] = encoder.encode(tmpVariables[3], (byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET]);
     sendOutgoing(apdu);
   }
 
@@ -944,9 +956,9 @@ private void processDeleteKeyCmd(APDU apdu) {
     short argsProto = KMArray.instance((short) 1);
     KMArray.cast(argsProto).add((short) 0, KMByteBlob.exp());
     // Decode the argument
-    short args = decoder.decode(argsProto, buffer, bufferStartOffset, bufferLength);
+    short args = decoder.decode(argsProto, (byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET], bufferProp[BUF_LEN_OFFSET]);
     //reclaim memory
-    repository.reclaimMemory(bufferLength);
+    repository.reclaimMemory(bufferProp[BUF_LEN_OFFSET]);
 
     // Process
     data[KEY_BLOB] = KMArray.cast(args).get((short) 0);
@@ -985,9 +997,9 @@ private void processComputeSharedHmacCmd(APDU apdu) {
     tmpVariables[2] = KMArray.instance((short) 1);
     KMArray.cast(tmpVariables[2]).add((short) 0, tmpVariables[0]); // Vector of hmac params
     // Decode the arguments
-    tmpVariables[0] = decoder.decode(tmpVariables[2], buffer, bufferStartOffset, bufferLength);
+    tmpVariables[0] = decoder.decode(tmpVariables[2], (byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET], bufferProp[BUF_LEN_OFFSET]);
     //reclaim memory
-    repository.reclaimMemory(bufferLength);
+    repository.reclaimMemory(bufferProp[BUF_LEN_OFFSET]);
 
     data[HMAC_SHARING_PARAMS] = KMArray.cast(tmpVariables[0]).get((short) 0);
     // Concatenate HMAC Params
@@ -1089,9 +1101,9 @@ private void processComputeSharedHmacCmd(APDU apdu) {
     KMArray.cast(tmpVariables[0]).add((short) 0, KMInteger.uint_16(KMError.OK));
     KMArray.cast(tmpVariables[0]).add((short) 1, tmpVariables[1]);
 
-    bufferStartOffset = repository.allocAvailableMemory();
+    bufferProp[BUF_START_OFFSET] = repository.allocAvailableMemory();
     // Encode the response
-    bufferLength = encoder.encode(tmpVariables[0], buffer, bufferStartOffset);
+    bufferProp[BUF_LEN_OFFSET] = encoder.encode(tmpVariables[0], (byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET]);
     sendOutgoing(apdu);
   }
 
@@ -1129,9 +1141,9 @@ private void processUpgradeKeyCmd(APDU apdu) {
     KMArray.cast(tmpVariables[1]).add((short) 0, KMByteBlob.exp()); // Key Blob
     KMArray.cast(tmpVariables[1]).add((short) 1, tmpVariables[2]); // Key Params
     // Decode the arguments
-    tmpVariables[2] = decoder.decode(tmpVariables[1], buffer, bufferStartOffset, bufferLength);
+    tmpVariables[2] = decoder.decode(tmpVariables[1], (byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET], bufferProp[BUF_LEN_OFFSET]);
     //reclaim memory
-    repository.reclaimMemory(bufferLength);
+    repository.reclaimMemory(bufferProp[BUF_LEN_OFFSET]);
 
     data[KEY_BLOB] = KMArray.cast(tmpVariables[2]).get((short) 0);
     data[KEY_PARAMETERS] = KMArray.cast(tmpVariables[2]).get((short) 1);
@@ -1167,9 +1179,9 @@ private void processUpgradeKeyCmd(APDU apdu) {
     KMArray.cast(tmpVariables[0]).add((short) 0, KMInteger.uint_16(KMError.OK));
     KMArray.cast(tmpVariables[0]).add((short) 1, data[KEY_BLOB]);
 
-    bufferStartOffset = repository.allocAvailableMemory();
+    bufferProp[BUF_START_OFFSET] = repository.allocAvailableMemory();
     // Encode the response
-    bufferLength = encoder.encode(tmpVariables[0], buffer, bufferStartOffset);
+    bufferProp[BUF_LEN_OFFSET] = encoder.encode(tmpVariables[0], (byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET]);
     sendOutgoing(apdu);
   }
 
@@ -1198,9 +1210,9 @@ private void processImportWrappedKeyCmd(APDU apdu) {
     KMArray.cast(tmpVariables[1]).add((short) 10, KMInteger.exp()); // Password Sid
     KMArray.cast(tmpVariables[1]).add((short) 11, KMInteger.exp()); // Biometric Sid
     // Decode the arguments
-    short args = decoder.decode(tmpVariables[1], buffer, bufferStartOffset, bufferLength);
+    short args = decoder.decode(tmpVariables[1], (byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET], bufferProp[BUF_LEN_OFFSET]);
     //reclaim memory
-    repository.reclaimMemory(bufferLength);
+    repository.reclaimMemory(bufferProp[BUF_LEN_OFFSET]);
 
     // Step -0 - check whether the key format and algorithm supported
     // read algorithm
@@ -1351,9 +1363,9 @@ private void processAttestKeyCmd(APDU apdu) {
     KMArray.cast(argsProto).add((short) 1, keyParams);
 
     // Decode the argument
-    short args = decoder.decode(argsProto, buffer, bufferStartOffset, bufferLength);
+    short args = decoder.decode(argsProto, (byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET], bufferProp[BUF_LEN_OFFSET]);
     //reclaim memory
-    repository.reclaimMemory(bufferLength);
+    repository.reclaimMemory(bufferProp[BUF_LEN_OFFSET]);
 
     data[KEY_BLOB] = KMArray.cast(args).get((short) 0);
     data[KEY_PARAMETERS] = KMArray.cast(args).get((short) 1);
@@ -1435,14 +1447,14 @@ private void processAttestKeyCmd(APDU apdu) {
     // buffer for cert - we allocate 2KBytes buffer
     // make this buffer size configurable
     tmpVariables[3] = KMByteBlob.instance(MAX_CERT_SIZE);
-    buffer = KMByteBlob.cast(tmpVariables[3]).getBuffer();
-    bufferStartOffset = KMByteBlob.cast(tmpVariables[3]).getStartOff();
-    bufferLength = KMByteBlob.cast(tmpVariables[3]).length();
-    cert.buffer(buffer, bufferStartOffset, bufferLength);
+    bufferRef[0] = KMByteBlob.cast(tmpVariables[3]).getBuffer();
+    bufferProp[BUF_START_OFFSET] = KMByteBlob.cast(tmpVariables[3]).getStartOff();
+    bufferProp[BUF_LEN_OFFSET] = KMByteBlob.cast(tmpVariables[3]).length();
+    cert.buffer((byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET], bufferProp[BUF_LEN_OFFSET]);
     cert.build();
-    bufferStartOffset =
-        encoder.encodeCert(buffer, bufferStartOffset, cert.getCertStart(), cert.getCertLength());
-    bufferLength = (short) (cert.getCertLength() + (cert.getCertStart() - bufferStartOffset));
+    bufferProp[BUF_START_OFFSET] =
+        encoder.encodeCert((byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET], cert.getCertStart(), cert.getCertLength());
+    bufferProp[BUF_LEN_OFFSET] = (short) (cert.getCertLength() + (cert.getCertStart() - bufferProp[BUF_START_OFFSET]));
     sendOutgoing(apdu);
   }
 
@@ -1540,9 +1552,9 @@ private void processAbortOperationCmd(APDU apdu) {
     receiveIncoming(apdu);
     tmpVariables[1] = KMArray.instance((short) 1);
     KMArray.cast(tmpVariables[1]).add((short) 0, KMInteger.exp());
-    tmpVariables[2] = decoder.decode(tmpVariables[1], buffer, bufferStartOffset, bufferLength);
+    tmpVariables[2] = decoder.decode(tmpVariables[1], (byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET], bufferProp[BUF_LEN_OFFSET]);
     //reclaim memory
-    repository.reclaimMemory(bufferLength);
+    repository.reclaimMemory(bufferProp[BUF_LEN_OFFSET]);
 
     data[OP_HANDLE] = KMArray.cast(tmpVariables[2]).get((short) 0);
     KMOperationState op = repository.findOperation(data[OP_HANDLE]);
@@ -1568,9 +1580,9 @@ private void processFinishOperationCmd(APDU apdu) {
     tmpVariables[4] = KMVerificationToken.exp();
     KMArray.cast(tmpVariables[1]).add((short) 5, tmpVariables[4]);
     // Decode the arguments
-    tmpVariables[2] = decoder.decode(tmpVariables[1], buffer, bufferStartOffset, bufferLength);
+    tmpVariables[2] = decoder.decode(tmpVariables[1], (byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET], bufferProp[BUF_LEN_OFFSET]);
     //reclaim memory
-    repository.reclaimMemory(bufferLength);
+    repository.reclaimMemory(bufferProp[BUF_LEN_OFFSET]);
 
     data[OP_HANDLE] = KMArray.cast(tmpVariables[2]).get((short) 0);
     data[KEY_PARAMETERS] = KMArray.cast(tmpVariables[2]).get((short) 1);
@@ -1610,9 +1622,9 @@ private void processFinishOperationCmd(APDU apdu) {
     KMArray.cast(tmpVariables[2]).add((short) 1, tmpVariables[1]);
     KMArray.cast(tmpVariables[2]).add((short) 2, data[OUTPUT_DATA]);
 
-    bufferStartOffset = repository.allocAvailableMemory();
+    bufferProp[BUF_START_OFFSET] = repository.allocAvailableMemory();
     // Encode the response
-    bufferLength = encoder.encode(tmpVariables[2], buffer, bufferStartOffset);
+    bufferProp[BUF_LEN_OFFSET] = encoder.encode(tmpVariables[2], (byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET]);
     sendOutgoing(apdu);
   }
 
@@ -1982,9 +1994,9 @@ private void processUpdateOperationCmd(APDU apdu) {
     tmpVariables[4] = KMVerificationToken.exp();
     KMArray.cast(tmpVariables[1]).add((short) 4, tmpVariables[4]);
     // Decode the arguments
-    tmpVariables[2] = decoder.decode(tmpVariables[1], buffer, bufferStartOffset, bufferLength);
+    tmpVariables[2] = decoder.decode(tmpVariables[1], (byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET], bufferProp[BUF_LEN_OFFSET]);
     //reclaim memory
-    repository.reclaimMemory(bufferLength);
+    repository.reclaimMemory(bufferProp[BUF_LEN_OFFSET]);
 
     data[OP_HANDLE] = KMArray.cast(tmpVariables[2]).get((short) 0);
     data[KEY_PARAMETERS] = KMArray.cast(tmpVariables[2]).get((short) 1);
@@ -2093,9 +2105,9 @@ private void processUpdateOperationCmd(APDU apdu) {
     KMArray.cast(tmpVariables[2]).add((short) 2, tmpVariables[1]);
     KMArray.cast(tmpVariables[2]).add((short) 3, data[OUTPUT_DATA]);
 
-    bufferStartOffset = repository.allocAvailableMemory();
+    bufferProp[BUF_START_OFFSET] = repository.allocAvailableMemory();
     // Encode the response
-    bufferLength = encoder.encode(tmpVariables[2], buffer, bufferStartOffset);
+    bufferProp[BUF_LEN_OFFSET] = encoder.encode(tmpVariables[2], (byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET]);
     sendOutgoing(apdu);
   }
 
@@ -2113,9 +2125,9 @@ private void processBeginOperationCmd(APDU apdu) {
     tmpVariables[3] = KMHardwareAuthToken.exp();
     KMArray.cast(tmpVariables[1]).add((short) 3, tmpVariables[3]);
     // Decode the arguments
-    args = decoder.decode(tmpVariables[1], buffer, bufferStartOffset, bufferLength);
+    args = decoder.decode(tmpVariables[1], (byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET], bufferProp[BUF_LEN_OFFSET]);
     //reclaim memory
-    repository.reclaimMemory(bufferLength);
+    repository.reclaimMemory(bufferProp[BUF_LEN_OFFSET]);
 
     data[KEY_PARAMETERS] = KMArray.cast(args).get((short) 2);
     data[KEY_BLOB] = KMArray.cast(args).get((short) 1);
@@ -2198,9 +2210,9 @@ private void processBeginOperationCmd(APDU apdu) {
     KMArray.cast(tmpVariables[0]).add((short) 1, tmpVariables[1]);
     KMArray.cast(tmpVariables[0]).add((short) 2, data[OP_HANDLE]);
 
-    bufferStartOffset = repository.allocAvailableMemory();
+    bufferProp[BUF_START_OFFSET] = repository.allocAvailableMemory();
     // Encode the response
-    bufferLength = encoder.encode(tmpVariables[0], buffer, bufferStartOffset);
+    bufferProp[BUF_LEN_OFFSET] = encoder.encode(tmpVariables[0], (byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET]);
     sendOutgoing(apdu);
   }
 
@@ -2738,9 +2750,9 @@ private void processImportKeyCmd(APDU apdu) {
     KMArray.cast(tmpVariables[1]).add((short) 1, KMEnum.instance(KMType.KEY_FORMAT));
     KMArray.cast(tmpVariables[1]).add((short) 2, KMByteBlob.exp());
     // Decode the arguments
-    tmpVariables[2] = decoder.decode(tmpVariables[1], buffer, bufferStartOffset, bufferLength);
+    tmpVariables[2] = decoder.decode(tmpVariables[1], (byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET], bufferProp[BUF_LEN_OFFSET]);
     //reclaim memory
-    repository.reclaimMemory(bufferLength);
+    repository.reclaimMemory(bufferProp[BUF_LEN_OFFSET]);
 
     data[KEY_PARAMETERS] = KMArray.cast(tmpVariables[2]).get((short) 0);
     tmpVariables[3] = KMArray.cast(tmpVariables[2]).get((short) 1);
@@ -2808,9 +2820,9 @@ private void importKey(APDU apdu, byte[] scratchPad) {
     KMArray.cast(tmpVariables[0]).add((short) 1, data[KEY_BLOB]);
     KMArray.cast(tmpVariables[0]).add((short) 2, data[KEY_CHARACTERISTICS]);
 
-    bufferStartOffset = repository.allocAvailableMemory();
+    bufferProp[BUF_START_OFFSET] = repository.allocAvailableMemory();
     // Encode the response
-    bufferLength = encoder.encode(tmpVariables[0], buffer, bufferStartOffset);
+    bufferProp[BUF_LEN_OFFSET] = encoder.encode(tmpVariables[0], (byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET]);
     sendOutgoing(apdu);
   }
 
@@ -3153,9 +3165,9 @@ private void processSetBootParamsCmd(APDU apdu) {
     KMArray.cast(argsProto).add((short) 6, tmpVariables[6]);
     KMArray.cast(argsProto).add((short) 7, tmpVariables[7]);
     // Decode the arguments
-    short args = decoder.decode(argsProto, buffer, bufferStartOffset, bufferLength);
+    short args = decoder.decode(argsProto, (byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET], bufferProp[BUF_LEN_OFFSET]);
     //reclaim memory
-    repository.reclaimMemory(bufferLength);
+    repository.reclaimMemory(bufferProp[BUF_LEN_OFFSET]);
 
     tmpVariables[0] = KMArray.cast(args).get((short) 0);
     tmpVariables[1] = KMArray.cast(args).get((short) 1);
@@ -3230,9 +3242,9 @@ private static void processGenerateKey(APDU apdu) {
     tmpVariables[1] = KMArray.instance((short) 1);
     KMArray.cast(tmpVariables[1]).add((short) 0, tmpVariables[0]);
     // Decode the argument
-    tmpVariables[2] = decoder.decode(tmpVariables[1], buffer, bufferStartOffset, bufferLength);
+    tmpVariables[2] = decoder.decode(tmpVariables[1], (byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET], bufferProp[BUF_LEN_OFFSET]);
     //reclaim memory
-    repository.reclaimMemory(bufferLength);
+    repository.reclaimMemory(bufferProp[BUF_LEN_OFFSET]);
 
     data[KEY_PARAMETERS] = KMArray.cast(tmpVariables[2]).get((short) 0);
     // Check if EarlyBootEnded tag is present.
@@ -3310,9 +3322,9 @@ private static void processGenerateKey(APDU apdu) {
     KMArray.cast(tmpVariables[0]).add((short) 1, data[KEY_BLOB]);
     KMArray.cast(tmpVariables[0]).add((short) 2, data[KEY_CHARACTERISTICS]);
 
-    bufferStartOffset = repository.allocAvailableMemory();
+    bufferProp[BUF_START_OFFSET] = repository.allocAvailableMemory();
     // Encode the response
-    bufferLength = encoder.encode(tmpVariables[0], buffer, bufferStartOffset);
+    bufferProp[BUF_LEN_OFFSET] = encoder.encode(tmpVariables[0], (byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET]);
 
     sendOutgoing(apdu);
   }
@@ -3815,8 +3827,8 @@ private static short deriveKey(byte[] scratchPad) {
   }
 
   private static void sendError(APDU apdu, short err) {
-    bufferStartOffset = repository.alloc((short) 2);
-    bufferLength = encoder.encodeError(err, buffer, bufferStartOffset, (short) 5);
+    bufferProp[BUF_START_OFFSET] = repository.alloc((short) 2);
+    bufferProp[BUF_LEN_OFFSET] = encoder.encodeError(err, (byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET], (short) 5);
     sendOutgoing(apdu);
   }
 

From 03be142d74ffde5de076522d01a78f9720131996 Mon Sep 17 00:00:00 2001
From: bvenkateswarlu 
Date: Tue, 23 Mar 2021 21:16:08 +0000
Subject: [PATCH 106/169] Fix issue with Applet upgrade after NVM write
 optimization

---
 .../src/com/android/javacard/keymaster/KMAndroidSEApplet.java | 4 ++--
 .../src/com/android/javacard/keymaster/KMOperationImpl.java   | 2 ++
 Applet/src/com/android/javacard/keymaster/KMRepository.java   | 2 +-
 3 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEApplet.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEApplet.java
index 7c6f31fe..cd9d8caa 100644
--- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEApplet.java
+++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEApplet.java
@@ -47,7 +47,7 @@ public void onConsolidate() {
   @Override
   public void onRestore(Element element) {
     element.initRead();
-    provisionStatus = element.readByte();
+    provisionStatus[0] = element.readByte();
     keymasterState = element.readByte();
     repository.onRestore(element);
     seProvider.onRestore(element);
@@ -68,7 +68,7 @@ public Element onSave() {
     // Create element.
     Element element = UpgradeManager.createElement(Element.TYPE_SIMPLE,
         primitiveCount, objectCount);
-    element.write(provisionStatus);
+    element.write(provisionStatus[0]);
     element.write(keymasterState);
     repository.onSave(element);
     seProvider.onSave(element);
diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMOperationImpl.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMOperationImpl.java
index 502f3fb5..b5ef9026 100644
--- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMOperationImpl.java
+++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMOperationImpl.java
@@ -103,7 +103,9 @@ public short update(byte[] inputDataBuf, short inputDataStart,
         outputDataBuf, outputDataStart);
     if (cipherAlg == KMType.AES && blockMode == KMType.GCM) {
       // Every time Block size data is stored as intermediate result.
+      JCSystem.beginTransaction();
       aesGcmUpdatedLen += (short) (inputDataLength - len);
+      JCSystem.commitTransaction();
     }
     return len;
   }
diff --git a/Applet/src/com/android/javacard/keymaster/KMRepository.java b/Applet/src/com/android/javacard/keymaster/KMRepository.java
index b88173e4..a387b9ab 100644
--- a/Applet/src/com/android/javacard/keymaster/KMRepository.java
+++ b/Applet/src/com/android/javacard/keymaster/KMRepository.java
@@ -711,7 +711,7 @@ public void setBootState(byte state) {
 
   @Override
   public void onSave(Element ele) {
-    ele.write(dataIndex);
+    ele.write(dataIndex[0]);
     ele.write(dataTable);
   }
 

From c6c656bb71c6fdaf98fcdbeff1899450efc58bc9 Mon Sep 17 00:00:00 2001
From: bvenkateswarlu 
Date: Wed, 24 Mar 2021 16:32:18 +0000
Subject: [PATCH 107/169] Fixed the issue with Applet upgrade

---
 .../javacard/keymaster/KMAndroidSEApplet.java |  4 +--
 .../javacard/keymaster/KMKeymasterApplet.java | 30 +++++++++----------
 .../javacard/keymaster/KMRepository.java      | 16 +++++-----
 3 files changed, 23 insertions(+), 27 deletions(-)

diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEApplet.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEApplet.java
index cd9d8caa..7c6f31fe 100644
--- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEApplet.java
+++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEApplet.java
@@ -47,7 +47,7 @@ public void onConsolidate() {
   @Override
   public void onRestore(Element element) {
     element.initRead();
-    provisionStatus[0] = element.readByte();
+    provisionStatus = element.readByte();
     keymasterState = element.readByte();
     repository.onRestore(element);
     seProvider.onRestore(element);
@@ -68,7 +68,7 @@ public Element onSave() {
     // Create element.
     Element element = UpgradeManager.createElement(Element.TYPE_SIMPLE,
         primitiveCount, objectCount);
-    element.write(provisionStatus[0]);
+    element.write(provisionStatus);
     element.write(keymasterState);
     repository.onSave(element);
     seProvider.onSave(element);
diff --git a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
index d6ace193..643a29a4 100644
--- a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
+++ b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
@@ -186,7 +186,7 @@ public class KMKeymasterApplet extends Applet implements AppletEvent, ExtendedLe
   protected static short[] bufferProp;
   protected static short[] tmpVariables;
   protected static short[] data;
-  protected static byte[] provisionStatus;
+  protected static byte provisionStatus = NOT_PROVISIONED;
 
   /**
    * Registers this applet.
@@ -209,12 +209,10 @@ private void initializeTransientArrays() {
     data = JCSystem.makeTransientShortArray((short) DATA_ARRAY_SIZE, JCSystem.CLEAR_ON_RESET);
     bufferRef = JCSystem.makeTransientObjectArray((short) 1, JCSystem.CLEAR_ON_RESET);
     bufferProp = JCSystem.makeTransientShortArray((short) 4, JCSystem.CLEAR_ON_RESET);
-    provisionStatus = JCSystem.makeTransientByteArray((short) 1, JCSystem.CLEAR_ON_RESET);
     tmpVariables =
         JCSystem.makeTransientShortArray((short) TMP_VARIABLE_ARRAY_SIZE, JCSystem.CLEAR_ON_RESET);
     bufferProp[BUF_START_OFFSET] = 0;
     bufferProp[BUF_LEN_OFFSET] = 0;
-    provisionStatus[0] = NOT_PROVISIONED;
   }
   /**
    * Selects this applet.
@@ -339,37 +337,37 @@ public void process(APDU apdu) {
         switch (apduIns) {
           case INS_PROVISION_ATTESTATION_KEY_CMD:
             processProvisionAttestationKey(apdu);
-            provisionStatus[0] |= KMKeymasterApplet.PROVISION_STATUS_ATTESTATION_KEY;
+            provisionStatus |= KMKeymasterApplet.PROVISION_STATUS_ATTESTATION_KEY;
             sendError(apdu, KMError.OK);
             return;
 
           case INS_PROVISION_ATTESTATION_CERT_CHAIN_CMD:
             processProvisionAttestationCertChainCmd(apdu);
-            provisionStatus[0] |= KMKeymasterApplet.PROVISION_STATUS_ATTESTATION_CERT_CHAIN;
+            provisionStatus |= KMKeymasterApplet.PROVISION_STATUS_ATTESTATION_CERT_CHAIN;
             sendError(apdu, KMError.OK);
             return;
 
           case INS_PROVISION_ATTESTATION_CERT_PARAMS_CMD:
             processProvisionAttestationCertParams(apdu);
-            provisionStatus[0] |= KMKeymasterApplet.PROVISION_STATUS_ATTESTATION_CERT_PARAMS;
+            provisionStatus |= KMKeymasterApplet.PROVISION_STATUS_ATTESTATION_CERT_PARAMS;
             sendError(apdu, KMError.OK);
             return;
 
           case INS_PROVISION_ATTEST_IDS_CMD:
             processProvisionAttestIdsCmd(apdu);
-            provisionStatus[0] |= KMKeymasterApplet.PROVISION_STATUS_ATTEST_IDS;
+            provisionStatus |= KMKeymasterApplet.PROVISION_STATUS_ATTEST_IDS;
             sendError(apdu, KMError.OK);
             return;
 
           case INS_PROVISION_PRESHARED_SECRET_CMD:
             processProvisionSharedSecretCmd(apdu);
-            provisionStatus[0] |= KMKeymasterApplet.PROVISION_STATUS_PRESHARED_SECRET;
+            provisionStatus |= KMKeymasterApplet.PROVISION_STATUS_PRESHARED_SECRET;
             sendError(apdu, KMError.OK);
             return;
 
           case INS_LOCK_PROVISIONING_CMD:
             if (isProvisioningComplete()) {
-              provisionStatus[0] |= KMKeymasterApplet.PROVISION_STATUS_PROVISIONING_LOCKED;
+              provisionStatus |= KMKeymasterApplet.PROVISION_STATUS_PROVISIONING_LOCKED;
               keymasterState = KMKeymasterApplet.ACTIVE_STATE;
               sendError(apdu, KMError.OK);
             } else {
@@ -388,7 +386,7 @@ public void process(APDU apdu) {
               ISOException.throwIt(ISO7816.SW_COMMAND_NOT_ALLOWED);
             }
             processSetBootParamsCmd(apdu);
-            provisionStatus[0] |= KMKeymasterApplet.PROVISION_STATUS_BOOT_PARAM;
+            provisionStatus |= KMKeymasterApplet.PROVISION_STATUS_BOOT_PARAM;
             seProvider.clearDeviceBooted(false);
             sendError(apdu, KMError.OK);
             return;
@@ -501,11 +499,11 @@ private void generateUniqueOperationHandle(byte[] buf, short offset, short len)
   }
 
   private boolean isProvisioningComplete() {
-    if ((0 != (provisionStatus[0] & PROVISION_STATUS_ATTESTATION_KEY))
-        && (0 != (provisionStatus[0] & PROVISION_STATUS_ATTESTATION_CERT_CHAIN))
-        && (0 != (provisionStatus[0] & PROVISION_STATUS_ATTESTATION_CERT_PARAMS))
-        && (0 != (provisionStatus[0] & PROVISION_STATUS_PRESHARED_SECRET))
-        && (0 != (provisionStatus[0] & PROVISION_STATUS_BOOT_PARAM))) {
+    if ((0 != (provisionStatus & PROVISION_STATUS_ATTESTATION_KEY))
+        && (0 != (provisionStatus & PROVISION_STATUS_ATTESTATION_CERT_CHAIN))
+        && (0 != (provisionStatus & PROVISION_STATUS_ATTESTATION_CERT_PARAMS))
+        && (0 != (provisionStatus & PROVISION_STATUS_PRESHARED_SECRET))
+        && (0 != (provisionStatus & PROVISION_STATUS_BOOT_PARAM))) {
       return true;
     } else {
       return false;
@@ -841,7 +839,7 @@ private void processProvisionSharedSecretCmd(APDU apdu) {
   private void processGetProvisionStatusCmd(APDU apdu) {
     tmpVariables[0] = KMArray.instance((short) 2);
     KMArray.cast(tmpVariables[0]).add((short) 0, KMInteger.uint_16(KMError.OK));
-    KMArray.cast(tmpVariables[0]).add((short) 1, KMInteger.uint_16(provisionStatus[0]));
+    KMArray.cast(tmpVariables[0]).add((short) 1, KMInteger.uint_16(provisionStatus));
 
     bufferProp[BUF_START_OFFSET] = repository.allocAvailableMemory();
     bufferProp[BUF_LEN_OFFSET] = encoder.encode(tmpVariables[0], (byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET]);
diff --git a/Applet/src/com/android/javacard/keymaster/KMRepository.java b/Applet/src/com/android/javacard/keymaster/KMRepository.java
index a387b9ab..07caec72 100644
--- a/Applet/src/com/android/javacard/keymaster/KMRepository.java
+++ b/Applet/src/com/android/javacard/keymaster/KMRepository.java
@@ -88,7 +88,7 @@ public class KMRepository implements KMUpgradable {
   private byte[] heap;
   private short[] heapIndex;
   private byte[] dataTable;
-  private short[] dataIndex;
+  private short dataIndex;
   private short[] reclaimIndex;
 
   // Singleton instance
@@ -102,10 +102,8 @@ public KMRepository(boolean isUpgrading) {
     heap = JCSystem.makeTransientByteArray(HEAP_SIZE, JCSystem.CLEAR_ON_RESET);
     heapIndex = JCSystem.makeTransientShortArray((short) 1, JCSystem.CLEAR_ON_RESET);
     reclaimIndex = JCSystem.makeTransientShortArray((short) 1, JCSystem.CLEAR_ON_RESET);
-    dataIndex = JCSystem.makeTransientShortArray((short) 1, JCSystem.CLEAR_ON_RESET);
     heapIndex[0] = (short) 0;
     reclaimIndex[0] = HEAP_SIZE;
-    dataIndex[0] = (short) 0;
     newDataTable(isUpgrading);
     operationStateTable = new Object[MAX_OPS];
     // create and initialize operation state table.
@@ -363,11 +361,11 @@ public short alloc(short length) {
   }
 
   private short dataAlloc(short length) {
-    if (((short) (dataIndex[0] + length)) > dataTable.length) {
+    if (((short) (dataIndex + length)) > dataTable.length) {
       ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED);
     }
-    dataIndex[0] += length;
-    return (short) (dataIndex[0] - length);
+    dataIndex += length;
+    return (short) (dataIndex - length);
   }
 
 
@@ -375,7 +373,7 @@ private void newDataTable(boolean isUpgrading) {
     if (!isUpgrading) {
       if (dataTable == null) {
         dataTable = new byte[DATA_MEM_SIZE];
-        dataIndex[0] = (short) (DATA_INDEX_SIZE * DATA_INDEX_ENTRY_SIZE);
+        dataIndex = (short) (DATA_INDEX_SIZE * DATA_INDEX_ENTRY_SIZE);
       }
     }
   }
@@ -711,13 +709,13 @@ public void setBootState(byte state) {
 
   @Override
   public void onSave(Element ele) {
-    ele.write(dataIndex[0]);
+    ele.write(dataIndex);
     ele.write(dataTable);
   }
 
   @Override
   public void onRestore(Element ele) {
-    dataIndex[0] = ele.readShort();
+    dataIndex = ele.readShort();
     dataTable = (byte[]) ele.readObject();
   }
 

From 1d118f7bbf786aabe7b1116a2a7c621d6b456a42 Mon Sep 17 00:00:00 2001
From: BKSSM Venkateswarlu 
Date: Thu, 25 Mar 2021 11:54:20 +0000
Subject: [PATCH 108/169] created an instanceTable inside KMType and remvoved
 instPtr from each type file.

---
 .../android/javacard/keymaster/KMArray.java   | 18 +++---
 .../android/javacard/keymaster/KMBoolTag.java | 32 +++++-----
 .../javacard/keymaster/KMByteBlob.java        | 16 ++---
 .../android/javacard/keymaster/KMByteTag.java | 48 +++++++-------
 .../android/javacard/keymaster/KMEnum.java    | 64 +++++++++----------
 .../javacard/keymaster/KMEnumArrayTag.java    | 34 +++++-----
 .../android/javacard/keymaster/KMEnumTag.java | 28 ++++----
 .../keymaster/KMHardwareAuthToken.java        |  6 +-
 .../keymaster/KMHmacSharingParameters.java    |  6 +-
 .../android/javacard/keymaster/KMInteger.java | 28 ++++----
 .../javacard/keymaster/KMIntegerArrayTag.java | 12 ++--
 .../javacard/keymaster/KMIntegerTag.java      | 52 ++++++++-------
 .../keymaster/KMKeyCharacteristics.java       |  6 +-
 .../javacard/keymaster/KMKeyParameters.java   |  6 +-
 .../android/javacard/keymaster/KMType.java    | 22 +++++++
 .../keymaster/KMVerificationToken.java        |  6 +-
 16 files changed, 188 insertions(+), 196 deletions(-)

diff --git a/Applet/src/com/android/javacard/keymaster/KMArray.java b/Applet/src/com/android/javacard/keymaster/KMArray.java
index a2de179d..b719af9a 100644
--- a/Applet/src/com/android/javacard/keymaster/KMArray.java
+++ b/Applet/src/com/android/javacard/keymaster/KMArray.java
@@ -37,17 +37,15 @@ public class KMArray extends KMType {
   public static final short ANY_ARRAY_LENGTH = 0x1000;
   private static final short ARRAY_HEADER_SIZE = 4;
   private static KMArray prototype;
-  private short[] instPtr;
 
   private KMArray() {
-    instPtr = JCSystem.makeTransientShortArray((short) 1, JCSystem.CLEAR_ON_RESET);
   }
 
   private static KMArray proto(short ptr) {
     if (prototype == null) {
       prototype = new KMArray();
     }
-    prototype.instPtr[0] = ptr;
+    instanceTable[KM_ARRAY_OFFSET] = ptr;
     return prototype;
   }
 
@@ -91,9 +89,9 @@ public void add(short index, short objPtr) {
       ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
     }
     Util.setShort(
-        heap,
-        (short) (instPtr[0] + TLV_HEADER_SIZE + ARRAY_HEADER_SIZE + (short) (index * 2)),
-        objPtr);
+      heap,
+      (short) (instanceTable[KM_ARRAY_OFFSET] + TLV_HEADER_SIZE + ARRAY_HEADER_SIZE + (short) (index * 2)),
+      objPtr);
   }
 
   public short get(short index) {
@@ -102,19 +100,19 @@ public short get(short index) {
       ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
     }
     return Util.getShort(
-        heap, (short) (instPtr[0] + TLV_HEADER_SIZE + ARRAY_HEADER_SIZE + (short) (index * 2)));
+      heap, (short) (instanceTable[KM_ARRAY_OFFSET] + TLV_HEADER_SIZE + ARRAY_HEADER_SIZE + (short) (index * 2)));
   }
 
   public short containedType() {
-    return Util.getShort(heap, (short) (instPtr[0] + TLV_HEADER_SIZE));
+    return Util.getShort(heap, (short) (instanceTable[KM_ARRAY_OFFSET] + TLV_HEADER_SIZE));
   }
 
   public short getStartOff() {
-    return (short) (instPtr[0] + TLV_HEADER_SIZE + ARRAY_HEADER_SIZE);
+    return (short) (instanceTable[KM_ARRAY_OFFSET] + TLV_HEADER_SIZE + ARRAY_HEADER_SIZE);
   }
 
   public short length() {
-    return Util.getShort(heap, (short) (instPtr[0] + TLV_HEADER_SIZE + 2));
+    return Util.getShort(heap, (short) (instanceTable[KM_ARRAY_OFFSET] + TLV_HEADER_SIZE + 2));
   }
 
   public byte[] getBuffer() {
diff --git a/Applet/src/com/android/javacard/keymaster/KMBoolTag.java b/Applet/src/com/android/javacard/keymaster/KMBoolTag.java
index f0b642c7..04938e39 100644
--- a/Applet/src/com/android/javacard/keymaster/KMBoolTag.java
+++ b/Applet/src/com/android/javacard/keymaster/KMBoolTag.java
@@ -31,33 +31,31 @@
 public class KMBoolTag extends KMTag {
 
   private static KMBoolTag prototype;
-  private short[] instPtr;
 
   // The allowed tag keys of type bool tag.
   private static final short[] tags = {
-      CALLER_NONCE,
-      INCLUDE_UNIQUE_ID,
-      BOOTLOADER_ONLY,
-      ROLLBACK_RESISTANCE,
-      NO_AUTH_REQUIRED,
-      ALLOW_WHILE_ON_BODY,
-      TRUSTED_USER_PRESENCE_REQUIRED,
-      TRUSTED_CONFIRMATION_REQUIRED,
-      UNLOCKED_DEVICE_REQUIRED,
-      RESET_SINCE_ID_ROTATION,
-      EARLY_BOOT_ONLY,
-      DEVICE_UNIQUE_ATTESTATION
+    CALLER_NONCE,
+    INCLUDE_UNIQUE_ID,
+    BOOTLOADER_ONLY,
+    ROLLBACK_RESISTANCE,
+    NO_AUTH_REQUIRED,
+    ALLOW_WHILE_ON_BODY,
+    TRUSTED_USER_PRESENCE_REQUIRED,
+    TRUSTED_CONFIRMATION_REQUIRED,
+    UNLOCKED_DEVICE_REQUIRED,
+    RESET_SINCE_ID_ROTATION,
+    EARLY_BOOT_ONLY,
+    DEVICE_UNIQUE_ATTESTATION
   };
 
   private KMBoolTag() {
-    instPtr = (short[]) JCSystem.makeTransientShortArray((short) 1, JCSystem.CLEAR_ON_RESET);
   }
 
   private static KMBoolTag proto(short ptr) {
     if (prototype == null) {
       prototype = new KMBoolTag();
     }
-    prototype.instPtr[0] = ptr;
+    instanceTable[KM_BOOL_TAG_OFFSET] = ptr;
     return prototype;
   }
 
@@ -91,7 +89,7 @@ public static KMBoolTag cast(short ptr) {
   }
 
   public short getKey() {
-    return Util.getShort(heap, (short) (instPtr[0] + TLV_HEADER_SIZE + 2));
+    return Util.getShort(heap, (short) (instanceTable[KM_BOOL_TAG_OFFSET] + TLV_HEADER_SIZE + 2));
   }
 
   public short getTagType() {
@@ -99,7 +97,7 @@ public short getTagType() {
   }
 
   public byte getVal() {
-    return heap[(short) (instPtr[0] + TLV_HEADER_SIZE + 4)];
+    return heap[(short) (instanceTable[KM_BOOL_TAG_OFFSET] + TLV_HEADER_SIZE + 4)];
   }
 
   // validate the tag key.
diff --git a/Applet/src/com/android/javacard/keymaster/KMByteBlob.java b/Applet/src/com/android/javacard/keymaster/KMByteBlob.java
index 2c91ac6b..2207e978 100644
--- a/Applet/src/com/android/javacard/keymaster/KMByteBlob.java
+++ b/Applet/src/com/android/javacard/keymaster/KMByteBlob.java
@@ -29,17 +29,15 @@
 public class KMByteBlob extends KMType {
 
   private static KMByteBlob prototype;
-  private short[] instPtr;
 
   private KMByteBlob() {
-    instPtr = (short[]) JCSystem.makeTransientShortArray((short) 1, JCSystem.CLEAR_ON_RESET);
   }
 
   private static KMByteBlob proto(short ptr) {
     if (prototype == null) {
       prototype = new KMByteBlob();
     }
-    prototype.instPtr[0] = ptr;
+    instanceTable[KM_BYTE_BLOB_OFFSET] = ptr;
     return prototype;
   }
 
@@ -77,7 +75,7 @@ public void add(short index, byte val) {
     if (index >= len) {
       ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
     }
-    heap[(short) (instPtr[0] + TLV_HEADER_SIZE + index)] = val;
+    heap[(short) (instanceTable[KM_BYTE_BLOB_OFFSET] + TLV_HEADER_SIZE + index)] = val;
   }
 
   // Get the byte
@@ -86,17 +84,17 @@ public byte get(short index) {
     if (index >= len) {
       ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
     }
-    return heap[(short) (instPtr[0] + TLV_HEADER_SIZE + index)];
+    return heap[(short) (instanceTable[KM_BYTE_BLOB_OFFSET] + TLV_HEADER_SIZE + index)];
   }
 
   // Get the start of blob
   public short getStartOff() {
-    return (short) (instPtr[0] + TLV_HEADER_SIZE);
+    return (short) (instanceTable[KM_BYTE_BLOB_OFFSET] + TLV_HEADER_SIZE);
   }
 
   // Get the length of the blob
   public short length() {
-    return Util.getShort(heap, (short) (instPtr[0] + 1));
+    return Util.getShort(heap, (short) (instanceTable[KM_BYTE_BLOB_OFFSET] + 1));
   }
 
   // Get the buffer pointer in which blob is contained.
@@ -129,8 +127,8 @@ public boolean isValid() {
   }
 
   public void decrementLength(short len) {
-    short length = Util.getShort(heap, (short) (instPtr[0] + 1));
+    short length = Util.getShort(heap, (short) (instanceTable[KM_BYTE_BLOB_OFFSET] + 1));
     length = (short) (length - len);
-    Util.setShort(heap, (short) (instPtr[0] + 1), length);
+    Util.setShort(heap, (short) (instanceTable[KM_BYTE_BLOB_OFFSET] + 1), length);
   }
 }
diff --git a/Applet/src/com/android/javacard/keymaster/KMByteTag.java b/Applet/src/com/android/javacard/keymaster/KMByteTag.java
index 0ae6f881..dea36dd1 100644
--- a/Applet/src/com/android/javacard/keymaster/KMByteTag.java
+++ b/Applet/src/com/android/javacard/keymaster/KMByteTag.java
@@ -30,40 +30,38 @@
 public class KMByteTag extends KMTag {
 
   private static KMByteTag prototype;
-  private short[] instPtr;
 
   // The allowed tag keys of type bool tag
   private static final short[] tags = {
-      APPLICATION_ID,
-      APPLICATION_DATA,
-      ROOT_OF_TRUST,
-      UNIQUE_ID,
-      ATTESTATION_CHALLENGE,
-      ATTESTATION_APPLICATION_ID,
-      ATTESTATION_ID_BRAND,
-      ATTESTATION_ID_DEVICE,
-      ATTESTATION_ID_PRODUCT,
-      ATTESTATION_ID_SERIAL,
-      ATTESTATION_ID_IMEI,
-      ATTESTATION_ID_MEID,
-      ATTESTATION_ID_MANUFACTURER,
-      ATTESTATION_ID_MODEL,
-      ASSOCIATED_DATA,
-      NONCE,
-      CONFIRMATION_TOKEN,
-      VERIFIED_BOOT_KEY,
-      VERIFIED_BOOT_HASH
+    APPLICATION_ID,
+    APPLICATION_DATA,
+    ROOT_OF_TRUST,
+    UNIQUE_ID,
+    ATTESTATION_CHALLENGE,
+    ATTESTATION_APPLICATION_ID,
+    ATTESTATION_ID_BRAND,
+    ATTESTATION_ID_DEVICE,
+    ATTESTATION_ID_PRODUCT,
+    ATTESTATION_ID_SERIAL,
+    ATTESTATION_ID_IMEI,
+    ATTESTATION_ID_MEID,
+    ATTESTATION_ID_MANUFACTURER,
+    ATTESTATION_ID_MODEL,
+    ASSOCIATED_DATA,
+    NONCE,
+    CONFIRMATION_TOKEN,
+    VERIFIED_BOOT_KEY,
+    VERIFIED_BOOT_HASH
   };
 
   private KMByteTag() {
-    instPtr = (short[]) JCSystem.makeTransientShortArray((short) 1, JCSystem.CLEAR_ON_RESET);
   }
 
   private static KMByteTag proto(short ptr) {
     if (prototype == null) {
       prototype = new KMByteTag();
     }
-    prototype.instPtr[0] = ptr;
+    instanceTable[KM_BYTE_TAG_OFFSET] = ptr;
     return prototype;
   }
 
@@ -109,7 +107,7 @@ public static KMByteTag cast(short ptr) {
   }
 
   public short getKey() {
-    return Util.getShort(heap, (short) (instPtr[0] + TLV_HEADER_SIZE + 2));
+    return Util.getShort(heap, (short) (instanceTable[KM_BYTE_TAG_OFFSET] + TLV_HEADER_SIZE + 2));
   }
 
   public short getTagType() {
@@ -117,11 +115,11 @@ public short getTagType() {
   }
 
   public short getValue() {
-    return Util.getShort(heap, (short) (instPtr[0] + TLV_HEADER_SIZE + 4));
+    return Util.getShort(heap, (short) (instanceTable[KM_BYTE_TAG_OFFSET] + TLV_HEADER_SIZE + 4));
   }
 
   public short length() {
-    short blobPtr = Util.getShort(heap, (short) (instPtr[0] + TLV_HEADER_SIZE + 4));
+    short blobPtr = Util.getShort(heap, (short) (instanceTable[KM_BYTE_TAG_OFFSET] + TLV_HEADER_SIZE + 4));
     return KMByteBlob.cast(blobPtr).length();
   }
 
diff --git a/Applet/src/com/android/javacard/keymaster/KMEnum.java b/Applet/src/com/android/javacard/keymaster/KMEnum.java
index 3c5e753f..7ea816a5 100644
--- a/Applet/src/com/android/javacard/keymaster/KMEnum.java
+++ b/Applet/src/com/android/javacard/keymaster/KMEnum.java
@@ -29,31 +29,29 @@
 public class KMEnum extends KMType {
 
   private static KMEnum prototype;
-  private short[] instPtr;
 
   // The allowed enum types.
   private static short[] types = {
-      HARDWARE_TYPE,
-      KEY_FORMAT,
-      KEY_DERIVATION_FUNCTION,
-      VERIFIED_BOOT_STATE,
-      DEVICE_LOCKED,
-      USER_AUTH_TYPE,
-      PURPOSE,
-      ECCURVE
+    HARDWARE_TYPE,
+    KEY_FORMAT,
+    KEY_DERIVATION_FUNCTION,
+    VERIFIED_BOOT_STATE,
+    DEVICE_LOCKED,
+    USER_AUTH_TYPE,
+    PURPOSE,
+    ECCURVE
   };
 
   private static Object[] enums = null;
 
   private KMEnum() {
-    instPtr = (short[]) JCSystem.makeTransientShortArray((short) 1, JCSystem.CLEAR_ON_RESET);
   }
 
   private static KMEnum proto(short ptr) {
     if (prototype == null) {
       prototype = new KMEnum();
     }
-    prototype.instPtr[0] = ptr;
+    instanceTable[KM_ENUM_OFFSET] = ptr;
     return prototype;
   }
 
@@ -63,7 +61,7 @@ public static short exp() {
   }
 
   public short length() {
-    return Util.getShort(heap, (short) (instPtr[0] + 1));
+    return Util.getShort(heap, (short) (instanceTable[KM_ENUM_OFFSET] + 1));
   }
 
   public static KMEnum cast(short ptr) {
@@ -99,40 +97,40 @@ private static void create() {
     // The allowed enum values to corresponding enum types in the types array.
     if (enums == null) {
       enums =
-          new Object[]{
-              new byte[]{SOFTWARE, TRUSTED_ENVIRONMENT, STRONGBOX},
-              new byte[]{X509, PKCS8, RAW},
-              new byte[]{
-                  DERIVATION_NONE,
-                  RFC5869_SHA256,
-                  ISO18033_2_KDF1_SHA1,
-                  ISO18033_2_KDF1_SHA256,
-                  ISO18033_2_KDF2_SHA1,
-                  ISO18033_2_KDF2_SHA256
-              },
-              new byte[]{SELF_SIGNED_BOOT, VERIFIED_BOOT, UNVERIFIED_BOOT, FAILED_BOOT},
-              new byte[]{DEVICE_LOCKED_TRUE, DEVICE_LOCKED_FALSE},
-              new byte[]{USER_AUTH_NONE, PASSWORD, FINGERPRINT, BOTH},
-              new byte[]{ENCRYPT, DECRYPT, SIGN, VERIFY, WRAP_KEY, ATTEST_KEY},
-              new byte[]{P_224, P_256, P_384, P_521}
-          };
+        new Object[]{
+          new byte[]{SOFTWARE, TRUSTED_ENVIRONMENT, STRONGBOX},
+          new byte[]{X509, PKCS8, RAW},
+          new byte[]{
+            DERIVATION_NONE,
+            RFC5869_SHA256,
+            ISO18033_2_KDF1_SHA1,
+            ISO18033_2_KDF1_SHA256,
+            ISO18033_2_KDF2_SHA1,
+            ISO18033_2_KDF2_SHA256
+          },
+          new byte[]{SELF_SIGNED_BOOT, VERIFIED_BOOT, UNVERIFIED_BOOT, FAILED_BOOT},
+          new byte[]{DEVICE_LOCKED_TRUE, DEVICE_LOCKED_FALSE},
+          new byte[]{USER_AUTH_NONE, PASSWORD, FINGERPRINT, BOTH},
+          new byte[]{ENCRYPT, DECRYPT, SIGN, VERIFY, WRAP_KEY, ATTEST_KEY},
+          new byte[]{P_224, P_256, P_384, P_521}
+        };
     }
   }
 
   public void setVal(byte val) {
-    heap[(short) (instPtr[0] + TLV_HEADER_SIZE + 2)] = val;
+    heap[(short) (instanceTable[KM_ENUM_OFFSET] + TLV_HEADER_SIZE + 2)] = val;
   }
 
   public byte getVal() {
-    return heap[(short) (instPtr[0] + TLV_HEADER_SIZE + 2)];
+    return heap[(short) (instanceTable[KM_ENUM_OFFSET] + TLV_HEADER_SIZE + 2)];
   }
 
   public void setEnumType(short type) {
-    Util.setShort(heap, (short) (instPtr[0] + TLV_HEADER_SIZE), type);
+    Util.setShort(heap, (short) (instanceTable[KM_ENUM_OFFSET] + TLV_HEADER_SIZE), type);
   }
 
   public short getEnumType() {
-    return Util.getShort(heap, (short) (instPtr[0] + TLV_HEADER_SIZE));
+    return Util.getShort(heap, (short) (instanceTable[KM_ENUM_OFFSET] + TLV_HEADER_SIZE));
   }
 
   // isValidTag enumeration keys and values.
diff --git a/Applet/src/com/android/javacard/keymaster/KMEnumArrayTag.java b/Applet/src/com/android/javacard/keymaster/KMEnumArrayTag.java
index 43578509..9d1fb559 100644
--- a/Applet/src/com/android/javacard/keymaster/KMEnumArrayTag.java
+++ b/Applet/src/com/android/javacard/keymaster/KMEnumArrayTag.java
@@ -28,7 +28,6 @@
 public class KMEnumArrayTag extends KMTag {
 
   private static KMEnumArrayTag prototype;
-  private short[] instPtr;
 
   // The allowed tag keys of enum array type.
   private static final short[] tags = {PURPOSE, BLOCK_MODE, DIGEST, PADDING};
@@ -37,14 +36,13 @@ public class KMEnumArrayTag extends KMTag {
   private static Object[] enums = null;
 
   private KMEnumArrayTag() {
-    instPtr = (short[]) JCSystem.makeTransientShortArray((short) 1, JCSystem.CLEAR_ON_RESET);
   }
 
   private static KMEnumArrayTag proto(short ptr) {
     if (prototype == null) {
       prototype = new KMEnumArrayTag();
     }
-    prototype.instPtr[0] = ptr;
+    instanceTable[KM_ENUM_ARRAY_TAG_OFFSET] = ptr;
     return prototype;
   }
 
@@ -109,7 +107,7 @@ public static KMEnumArrayTag cast(short ptr) {
   }
 
   public short getKey() {
-    return Util.getShort(heap, (short) (instPtr[0] + TLV_HEADER_SIZE + 2));
+    return Util.getShort(heap, (short) (instanceTable[KM_ENUM_ARRAY_TAG_OFFSET] + TLV_HEADER_SIZE + 2));
   }
 
   public short getTagType() {
@@ -117,11 +115,11 @@ public short getTagType() {
   }
 
   public short getValues() {
-    return Util.getShort(heap, (short) (instPtr[0] + TLV_HEADER_SIZE + 4));
+    return Util.getShort(heap, (short) (instanceTable[KM_ENUM_ARRAY_TAG_OFFSET] + TLV_HEADER_SIZE + 4));
   }
 
   public short length() {
-    short blobPtr = Util.getShort(heap, (short) (instPtr[0] + TLV_HEADER_SIZE + 4));
+    short blobPtr = Util.getShort(heap, (short) (instanceTable[KM_ENUM_ARRAY_TAG_OFFSET] + TLV_HEADER_SIZE + 4));
     return KMByteBlob.cast(blobPtr).length();
   }
 
@@ -129,14 +127,14 @@ public static void create() {
     if (enums == null) {
       // allowed tag values.
       enums =
-          new Object[]{
-              new byte[]{ENCRYPT, DECRYPT, SIGN, VERIFY, WRAP_KEY, ATTEST_KEY},
-              new byte[]{ECB, CBC, CTR, GCM},
-              new byte[]{DIGEST_NONE, MD5, SHA1, SHA2_224, SHA2_256, SHA2_384, SHA2_512},
-              new byte[]{
-                  PADDING_NONE, RSA_OAEP, RSA_PSS, RSA_PKCS1_1_5_ENCRYPT, RSA_PKCS1_1_5_SIGN, PKCS7
-              }
-          };
+        new Object[]{
+          new byte[]{ENCRYPT, DECRYPT, SIGN, VERIFY, WRAP_KEY, ATTEST_KEY},
+          new byte[]{ECB, CBC, CTR, GCM},
+          new byte[]{DIGEST_NONE, MD5, SHA1, SHA2_224, SHA2_256, SHA2_384, SHA2_512},
+          new byte[]{
+            PADDING_NONE, RSA_OAEP, RSA_PSS, RSA_PKCS1_1_5_ENCRYPT, RSA_PKCS1_1_5_SIGN, PKCS7
+          }
+        };
     }
   }
 
@@ -236,10 +234,10 @@ public boolean isValidPaddingModes(byte alg) {
       switch (alg) {
         case KMType.RSA:
           if (padding != KMType.RSA_OAEP
-              && padding != KMType.PADDING_NONE
-              && padding != KMType.RSA_PKCS1_1_5_SIGN
-              && padding != KMType.RSA_PKCS1_1_5_ENCRYPT
-              && padding != KMType.RSA_PSS) {
+            && padding != KMType.PADDING_NONE
+            && padding != KMType.RSA_PKCS1_1_5_SIGN
+            && padding != KMType.RSA_PKCS1_1_5_ENCRYPT
+            && padding != KMType.RSA_PSS) {
             return false;
           }
           break;
diff --git a/Applet/src/com/android/javacard/keymaster/KMEnumTag.java b/Applet/src/com/android/javacard/keymaster/KMEnumTag.java
index a8ff3f36..aa5d673f 100644
--- a/Applet/src/com/android/javacard/keymaster/KMEnumTag.java
+++ b/Applet/src/com/android/javacard/keymaster/KMEnumTag.java
@@ -29,25 +29,23 @@
 public class KMEnumTag extends KMTag {
 
   private static KMEnumTag prototype;
-  private short[] instPtr;
 
 
   // The allowed tag keys of type enum tag.
   private static short[] tags = {
-      ALGORITHM, ECCURVE, BLOB_USAGE_REQ, USER_AUTH_TYPE, ORIGIN, HARDWARE_TYPE
+    ALGORITHM, ECCURVE, BLOB_USAGE_REQ, USER_AUTH_TYPE, ORIGIN, HARDWARE_TYPE
   };
 
   private static Object[] enums = null;
 
   private KMEnumTag() {
-    instPtr = (short[]) JCSystem.makeTransientShortArray((short) 1, JCSystem.CLEAR_ON_RESET);
   }
 
   private static KMEnumTag proto(short ptr) {
     if (prototype == null) {
       prototype = new KMEnumTag();
     }
-    prototype.instPtr[0] = ptr;
+    instanceTable[KM_ENUM_TAG_OFFSET] = ptr;
     return prototype;
   }
 
@@ -90,7 +88,7 @@ public static KMEnumTag cast(short ptr) {
   }
 
   public short getKey() {
-    return Util.getShort(heap, (short) (instPtr[0] + TLV_HEADER_SIZE + 2));
+    return Util.getShort(heap, (short) (instanceTable[KM_ENUM_TAG_OFFSET] + TLV_HEADER_SIZE + 2));
   }
 
   public short getTagType() {
@@ -98,22 +96,22 @@ public short getTagType() {
   }
 
   public byte getValue() {
-    return heap[(short) (instPtr[0] + TLV_HEADER_SIZE + 4)];
+    return heap[(short) (instanceTable[KM_ENUM_TAG_OFFSET] + TLV_HEADER_SIZE + 4)];
   }
 
   public static void create() {
     if (enums == null) {
       // enum tag values.
       enums =
-          new Object[]{
-              new byte[]{RSA, DES, EC, AES, HMAC},
-              new byte[]{P_224, P_256, P_384, P_521},
-              new byte[]{STANDALONE, REQUIRES_FILE_SYSTEM},
-              new byte[]{USER_AUTH_NONE, PASSWORD, FINGERPRINT, (byte) (PASSWORD & FINGERPRINT),
-                  ANY},
-              new byte[]{GENERATED, DERIVED, IMPORTED, UNKNOWN, SECURELY_IMPORTED},
-              new byte[]{SOFTWARE, TRUSTED_ENVIRONMENT, STRONGBOX}
-          };
+        new Object[]{
+          new byte[]{RSA, DES, EC, AES, HMAC},
+          new byte[]{P_224, P_256, P_384, P_521},
+          new byte[]{STANDALONE, REQUIRES_FILE_SYSTEM},
+          new byte[]{USER_AUTH_NONE, PASSWORD, FINGERPRINT, (byte) (PASSWORD & FINGERPRINT),
+            ANY},
+          new byte[]{GENERATED, DERIVED, IMPORTED, UNKNOWN, SECURELY_IMPORTED},
+          new byte[]{SOFTWARE, TRUSTED_ENVIRONMENT, STRONGBOX}
+        };
     }
   }
 
diff --git a/Applet/src/com/android/javacard/keymaster/KMHardwareAuthToken.java b/Applet/src/com/android/javacard/keymaster/KMHardwareAuthToken.java
index 8a68be77..d05ccea4 100644
--- a/Applet/src/com/android/javacard/keymaster/KMHardwareAuthToken.java
+++ b/Applet/src/com/android/javacard/keymaster/KMHardwareAuthToken.java
@@ -38,10 +38,8 @@ public class KMHardwareAuthToken extends KMType {
   public static final byte MAC = 0x05;
 
   private static KMHardwareAuthToken prototype;
-  private short[] instPtr;
 
   private KMHardwareAuthToken() {
-    instPtr = (short[]) JCSystem.makeTransientShortArray((short) 1, JCSystem.CLEAR_ON_RESET);
   }
 
   public static short exp() {
@@ -60,7 +58,7 @@ private static KMHardwareAuthToken proto(short ptr) {
     if (prototype == null) {
       prototype = new KMHardwareAuthToken();
     }
-    prototype.instPtr[0] = ptr;
+    instanceTable[KM_HARDWARE_AUTH_TOKEN_OFFSET] = ptr;
     return prototype;
   }
 
@@ -98,7 +96,7 @@ public static KMHardwareAuthToken cast(short ptr) {
   }
 
   public short getVals() {
-    return Util.getShort(heap, (short) (instPtr[0] + TLV_HEADER_SIZE));
+    return Util.getShort(heap, (short) (instanceTable[KM_HARDWARE_AUTH_TOKEN_OFFSET] + TLV_HEADER_SIZE));
   }
 
   public short length() {
diff --git a/Applet/src/com/android/javacard/keymaster/KMHmacSharingParameters.java b/Applet/src/com/android/javacard/keymaster/KMHmacSharingParameters.java
index b149b8bd..c5ec91ef 100644
--- a/Applet/src/com/android/javacard/keymaster/KMHmacSharingParameters.java
+++ b/Applet/src/com/android/javacard/keymaster/KMHmacSharingParameters.java
@@ -33,10 +33,8 @@ public class KMHmacSharingParameters extends KMType {
   public static final byte NONCE = 0x01;
 
   private static KMHmacSharingParameters prototype;
-  private short[] instPtr;
 
   private KMHmacSharingParameters() {
-    instPtr = (short[]) JCSystem.makeTransientShortArray((short) 1, JCSystem.CLEAR_ON_RESET);
   }
 
   public static short exp() {
@@ -51,7 +49,7 @@ private static KMHmacSharingParameters proto(short ptr) {
     if (prototype == null) {
       prototype = new KMHmacSharingParameters();
     }
-    prototype.instPtr[0] = ptr;
+    instanceTable[KM_HMAC_SHARING_PARAMETERS_OFFSET] = ptr;
     return prototype;
   }
 
@@ -81,7 +79,7 @@ public static KMHmacSharingParameters cast(short ptr) {
   }
 
   public short getVals() {
-    return Util.getShort(heap, (short) (instPtr[0] + TLV_HEADER_SIZE));
+    return Util.getShort(heap, (short) (instanceTable[KM_HMAC_SHARING_PARAMETERS_OFFSET] + TLV_HEADER_SIZE));
   }
 
   public short length() {
diff --git a/Applet/src/com/android/javacard/keymaster/KMInteger.java b/Applet/src/com/android/javacard/keymaster/KMInteger.java
index 997eb637..c120c22a 100644
--- a/Applet/src/com/android/javacard/keymaster/KMInteger.java
+++ b/Applet/src/com/android/javacard/keymaster/KMInteger.java
@@ -30,17 +30,15 @@ public class KMInteger extends KMType {
   public static final short UINT_32 = 4;
   public static final short UINT_64 = 8;
   private static KMInteger prototype;
-  private short[] instPtr;
 
   private KMInteger() {
-    instPtr = (short[]) JCSystem.makeTransientShortArray((short) 1, JCSystem.CLEAR_ON_RESET);
   }
 
   private static KMInteger proto(short ptr) {
     if (prototype == null) {
       prototype = new KMInteger();
     }
-    prototype.instPtr[0] = ptr;
+    instanceTable[KM_INTEGER_OFFSET] = ptr;
     return prototype;
   }
 
@@ -117,7 +115,7 @@ public static short uint_64(byte[] num, short offset) {
 
   // Get the length of the integer
   public short length() {
-    return Util.getShort(heap, (short) (instPtr[0] + 1));
+    return Util.getShort(heap, (short) (instanceTable[KM_INTEGER_OFFSET] + 1));
   }
 
   // Get the buffer pointer in which blob is contained.
@@ -127,7 +125,7 @@ public byte[] getBuffer() {
 
   // Get the start of value
   public short getStartOff() {
-    return (short) (instPtr[0] + TLV_HEADER_SIZE);
+    return (short) (instanceTable[KM_INTEGER_OFFSET] + TLV_HEADER_SIZE);
   }
 
   public void getValue(byte[] dest, short destOff, short length) {
@@ -138,28 +136,28 @@ public void getValue(byte[] dest, short destOff, short length) {
       length = length();
       destOff += length;
     }
-    Util.arrayCopyNonAtomic(heap, (short) (instPtr[0] + TLV_HEADER_SIZE), dest, destOff, length);
+    Util.arrayCopyNonAtomic(heap, (short) (instanceTable[KM_INTEGER_OFFSET] + TLV_HEADER_SIZE), dest, destOff, length);
   }
 
   public void setValue(byte[] src, short srcOff) {
-    Util.arrayCopyNonAtomic(src, srcOff, heap, (short) (instPtr[0] + TLV_HEADER_SIZE), length());
+    Util.arrayCopyNonAtomic(src, srcOff, heap, (short) (instanceTable[KM_INTEGER_OFFSET] + TLV_HEADER_SIZE), length());
   }
 
   public short value(byte[] dest, short destOff) {
-    Util.arrayCopyNonAtomic(heap, (short) (instPtr[0] + TLV_HEADER_SIZE), dest, destOff, length());
+    Util.arrayCopyNonAtomic(heap, (short) (instanceTable[KM_INTEGER_OFFSET] + TLV_HEADER_SIZE), dest, destOff, length());
     return length();
   }
 
   public short getShort() {
-    return Util.getShort(heap, (short) (instPtr[0] + TLV_HEADER_SIZE + 2));
+    return Util.getShort(heap, (short) (instanceTable[KM_INTEGER_OFFSET] + TLV_HEADER_SIZE + 2));
   }
 
   public short getSignificantShort() {
-    return Util.getShort(heap, (short) (instPtr[0] + TLV_HEADER_SIZE));
+    return Util.getShort(heap, (short) (instanceTable[KM_INTEGER_OFFSET] + TLV_HEADER_SIZE));
   }
 
   public byte getByte() {
-    return heap[(short) (instPtr[0] + TLV_HEADER_SIZE + 3)];
+    return heap[(short) (instanceTable[KM_INTEGER_OFFSET] + TLV_HEADER_SIZE + 3)];
   }
 
   public boolean isZero() {
@@ -179,13 +177,13 @@ public static short compare(short num1, short num2) {
     len = KMInteger.cast(num2).length();
     KMInteger.cast(num2).getValue(repository.getHeap(), (short) (num2Buf + (short) (8 - len)), len);
     return KMInteger.unsignedByteArrayCompare(
-        repository.getHeap(), num1Buf,
-        repository.getHeap(), num2Buf,
-        (short) 8);
+      repository.getHeap(), num1Buf,
+      repository.getHeap(), num2Buf,
+      (short) 8);
   }
 
   public static byte unsignedByteArrayCompare(byte[] a1, short offset1, byte[] a2, short offset2,
-      short length) {
+                                              short length) {
     byte count = (byte) 0;
     short val1 = (short) 0;
     short val2 = (short) 0;
diff --git a/Applet/src/com/android/javacard/keymaster/KMIntegerArrayTag.java b/Applet/src/com/android/javacard/keymaster/KMIntegerArrayTag.java
index b9e3b3af..c4d01045 100644
--- a/Applet/src/com/android/javacard/keymaster/KMIntegerArrayTag.java
+++ b/Applet/src/com/android/javacard/keymaster/KMIntegerArrayTag.java
@@ -29,19 +29,17 @@
 public class KMIntegerArrayTag extends KMTag {
 
   private static KMIntegerArrayTag prototype;
-  private short[] instPtr;
 
   private static final short[] tags = {USER_SECURE_ID};
 
   private KMIntegerArrayTag() {
-    instPtr = (short[]) JCSystem.makeTransientShortArray((short) 1, JCSystem.CLEAR_ON_RESET);
   }
 
   private static KMIntegerArrayTag proto(short ptr) {
     if (prototype == null) {
       prototype = new KMIntegerArrayTag();
     }
-    prototype.instPtr[0] = ptr;
+    instanceTable[KM_INTEGER_ARRAY_TAG_OFFSET] = ptr;
     return prototype;
   }
 
@@ -97,15 +95,15 @@ public static KMIntegerArrayTag cast(short ptr) {
   }
 
   public short getTagType() {
-    return Util.getShort(heap, (short) (instPtr[0] + TLV_HEADER_SIZE));
+    return Util.getShort(heap, (short) (instanceTable[KM_INTEGER_ARRAY_TAG_OFFSET] + TLV_HEADER_SIZE));
   }
 
   public short getKey() {
-    return Util.getShort(heap, (short) (instPtr[0] + TLV_HEADER_SIZE + 2));
+    return Util.getShort(heap, (short) (instanceTable[KM_INTEGER_ARRAY_TAG_OFFSET] + TLV_HEADER_SIZE + 2));
   }
 
   public short getValues() {
-    return Util.getShort(heap, (short) (instPtr[0] + TLV_HEADER_SIZE + 4));
+    return Util.getShort(heap, (short) (instanceTable[KM_INTEGER_ARRAY_TAG_OFFSET] + TLV_HEADER_SIZE + 4));
   }
 
   public short length() {
@@ -139,7 +137,7 @@ private static boolean validateTagType(short tagType) {
 
   public static boolean contains(short tagId, short tagValue, short params) {
     short tag =
-        KMKeyParameters.findTag(KMType.UINT_ARRAY_TAG, tagId, params);
+      KMKeyParameters.findTag(KMType.UINT_ARRAY_TAG, tagId, params);
     if (tag != KMType.INVALID_VALUE) {
       short index = 0;
       tag = KMIntegerArrayTag.cast(tag).getValues();
diff --git a/Applet/src/com/android/javacard/keymaster/KMIntegerTag.java b/Applet/src/com/android/javacard/keymaster/KMIntegerTag.java
index 5c79635f..67a46d6d 100644
--- a/Applet/src/com/android/javacard/keymaster/KMIntegerTag.java
+++ b/Applet/src/com/android/javacard/keymaster/KMIntegerTag.java
@@ -29,39 +29,37 @@
 public class KMIntegerTag extends KMTag {
 
   private static KMIntegerTag prototype;
-  private short[] instPtr;
   // Allowed tag keys.
   private static final short[] tags = {
-      // UINT
-      KEYSIZE,
-      MIN_MAC_LENGTH,
-      MIN_SEC_BETWEEN_OPS,
-      MAX_USES_PER_BOOT,
-      USERID,
-      AUTH_TIMEOUT,
-      OS_VERSION,
-      OS_PATCH_LEVEL,
-      VENDOR_PATCH_LEVEL,
-      BOOT_PATCH_LEVEL,
-      MAC_LENGTH,
-      // ULONG
-      RSA_PUBLIC_EXPONENT,
-      // DATE
-      ACTIVE_DATETIME,
-      ORIGINATION_EXPIRE_DATETIME,
-      USAGE_EXPIRE_DATETIME,
-      CREATION_DATETIME
+    // UINT
+    KEYSIZE,
+    MIN_MAC_LENGTH,
+    MIN_SEC_BETWEEN_OPS,
+    MAX_USES_PER_BOOT,
+    USERID,
+    AUTH_TIMEOUT,
+    OS_VERSION,
+    OS_PATCH_LEVEL,
+    VENDOR_PATCH_LEVEL,
+    BOOT_PATCH_LEVEL,
+    MAC_LENGTH,
+    // ULONG
+    RSA_PUBLIC_EXPONENT,
+    // DATE
+    ACTIVE_DATETIME,
+    ORIGINATION_EXPIRE_DATETIME,
+    USAGE_EXPIRE_DATETIME,
+    CREATION_DATETIME
   };
 
   private KMIntegerTag() {
-    instPtr = (short[]) JCSystem.makeTransientShortArray((short) 1, JCSystem.CLEAR_ON_RESET);
   }
 
   private static KMIntegerTag proto(short ptr) {
     if (prototype == null) {
       prototype = new KMIntegerTag();
     }
-    prototype.instPtr[0] = ptr;
+    instanceTable[KM_INTEGER_TAG_OFFSET] = ptr;
     return prototype;
   }
 
@@ -117,15 +115,15 @@ public static KMIntegerTag cast(short ptr) {
   }
 
   public short getTagType() {
-    return Util.getShort(heap, (short) (instPtr[0] + TLV_HEADER_SIZE));
+    return Util.getShort(heap, (short) (instanceTable[KM_INTEGER_TAG_OFFSET] + TLV_HEADER_SIZE));
   }
 
   public short getKey() {
-    return Util.getShort(heap, (short) (instPtr[0] + TLV_HEADER_SIZE + 2));
+    return Util.getShort(heap, (short) (instanceTable[KM_INTEGER_TAG_OFFSET] + TLV_HEADER_SIZE + 2));
   }
 
   public short getValue() {
-    return Util.getShort(heap, (short) (instPtr[0] + TLV_HEADER_SIZE + 4));
+    return Util.getShort(heap, (short) (instanceTable[KM_INTEGER_TAG_OFFSET] + TLV_HEADER_SIZE + 4));
   }
 
   public short length() {
@@ -162,7 +160,7 @@ public static short getShortValue(short tagType, short tagKey, short keyParamete
   }
 
   public static short getValue(
-      byte[] buf, short offset, short tagType, short tagKey, short keyParameters) {
+    byte[] buf, short offset, short tagType, short tagKey, short keyParameters) {
     short ptr;
     if ((tagType == UINT_TAG) || (tagType == ULONG_TAG) || (tagType == DATE_TAG)) {
       ptr = KMKeyParameters.findTag(tagType, tagKey, keyParameters);
@@ -175,7 +173,7 @@ public static short getValue(
   }
 
   public boolean isValidKeySize(byte alg) {
-    short val = KMIntegerTag.cast(instPtr[0]).getValue();
+    short val = KMIntegerTag.cast(instanceTable[KM_INTEGER_TAG_OFFSET]).getValue();
     if (KMInteger.cast(val).getSignificantShort() != 0) {
       return false;
     }
diff --git a/Applet/src/com/android/javacard/keymaster/KMKeyCharacteristics.java b/Applet/src/com/android/javacard/keymaster/KMKeyCharacteristics.java
index 5ac2ef4d..13bf86bb 100644
--- a/Applet/src/com/android/javacard/keymaster/KMKeyCharacteristics.java
+++ b/Applet/src/com/android/javacard/keymaster/KMKeyCharacteristics.java
@@ -32,10 +32,8 @@ public class KMKeyCharacteristics extends KMType {
   public static final byte SOFTWARE_ENFORCED = 0x00;
   public static final byte HARDWARE_ENFORCED = 0x01;
   private static KMKeyCharacteristics prototype;
-  private short[] instPtr;
 
   private KMKeyCharacteristics() {
-    instPtr = (short[]) JCSystem.makeTransientShortArray((short) 1, JCSystem.CLEAR_ON_RESET);
   }
 
   public static short exp() {
@@ -52,7 +50,7 @@ private static KMKeyCharacteristics proto(short ptr) {
     if (prototype == null) {
       prototype = new KMKeyCharacteristics();
     }
-    prototype.instPtr[0] = ptr;
+    instanceTable[KM_KEY_CHARACTERISTICS_OFFSET] = ptr;
     return prototype;
   }
 
@@ -82,7 +80,7 @@ public static KMKeyCharacteristics cast(short ptr) {
   }
 
   public short getVals() {
-    return Util.getShort(heap, (short) (instPtr[0] + TLV_HEADER_SIZE));
+    return Util.getShort(heap, (short) (instanceTable[KM_KEY_CHARACTERISTICS_OFFSET] + TLV_HEADER_SIZE));
   }
 
   public short length() {
diff --git a/Applet/src/com/android/javacard/keymaster/KMKeyParameters.java b/Applet/src/com/android/javacard/keymaster/KMKeyParameters.java
index 3c53bb35..5cea10e2 100644
--- a/Applet/src/com/android/javacard/keymaster/KMKeyParameters.java
+++ b/Applet/src/com/android/javacard/keymaster/KMKeyParameters.java
@@ -29,17 +29,15 @@
 public class KMKeyParameters extends KMType {
 
   private static KMKeyParameters prototype;
-  private short[] instPtr;
 
   private KMKeyParameters() {
-    instPtr = (short[]) JCSystem.makeTransientShortArray((short) 1, JCSystem.CLEAR_ON_RESET);
   }
 
   private static KMKeyParameters proto(short ptr) {
     if (prototype == null) {
       prototype = new KMKeyParameters();
     }
-    prototype.instPtr[0] = ptr;
+    instanceTable[KM_KEY_PARAMETERS_OFFSET] = ptr;
     return prototype;
   }
 
@@ -76,7 +74,7 @@ public static KMKeyParameters cast(short ptr) {
   }
 
   public short getVals() {
-    return Util.getShort(heap, (short) (instPtr[0] + TLV_HEADER_SIZE));
+    return Util.getShort(heap, (short) (instanceTable[KM_KEY_PARAMETERS_OFFSET] + TLV_HEADER_SIZE));
   }
 
   public short length() {
diff --git a/Applet/src/com/android/javacard/keymaster/KMType.java b/Applet/src/com/android/javacard/keymaster/KMType.java
index 59a4b172..f571275c 100644
--- a/Applet/src/com/android/javacard/keymaster/KMType.java
+++ b/Applet/src/com/android/javacard/keymaster/KMType.java
@@ -18,6 +18,7 @@
 
 import javacard.framework.ISO7816;
 import javacard.framework.ISOException;
+import javacard.framework.JCSystem;
 import javacard.framework.Util;
 
 /**
@@ -275,11 +276,32 @@ public abstract class KMType {
   public static final short LENGTH_FROM_PDU = (short) 0xFFFF;
 
   public static final byte NO_VALUE = (byte) 0xff;
+  // Type offsets.
+  public static final byte KM_TYPE_BASE_OFFSET = 0;
+  public static final byte KM_ARRAY_OFFSET = KM_TYPE_BASE_OFFSET;
+  public static final byte KM_BOOL_TAG_OFFSET = KM_TYPE_BASE_OFFSET + 1;
+  public static final byte KM_BYTE_BLOB_OFFSET = KM_TYPE_BASE_OFFSET + 2;
+  public static final byte KM_BYTE_TAG_OFFSET = KM_TYPE_BASE_OFFSET + 3;
+  public static final byte KM_ENUM_OFFSET = KM_TYPE_BASE_OFFSET + 4;
+  public static final byte KM_ENUM_ARRAY_TAG_OFFSET = KM_TYPE_BASE_OFFSET + 5;
+  public static final byte KM_ENUM_TAG_OFFSET = KM_TYPE_BASE_OFFSET + 6;
+  public static final byte KM_HARDWARE_AUTH_TOKEN_OFFSET = KM_TYPE_BASE_OFFSET + 7;
+  public static final byte KM_HMAC_SHARING_PARAMETERS_OFFSET = KM_TYPE_BASE_OFFSET + 8;
+  public static final byte KM_INTEGER_OFFSET = KM_TYPE_BASE_OFFSET + 9;
+  public static final byte KM_INTEGER_ARRAY_TAG_OFFSET = KM_TYPE_BASE_OFFSET + 10;
+  public static final byte KM_INTEGER_TAG_OFFSET = KM_TYPE_BASE_OFFSET + 11;
+  public static final byte KM_KEY_CHARACTERISTICS_OFFSET = KM_TYPE_BASE_OFFSET + 12;
+  public static final byte KM_KEY_PARAMETERS_OFFSET = KM_TYPE_BASE_OFFSET + 13;
+  public static final byte KM_VERIFICATION_TOKEN_OFFSET = KM_TYPE_BASE_OFFSET + 14;
 
   protected static KMRepository repository;
   protected static byte[] heap;
+  // Instance table
+  public static final byte INSTANCE_TABLE_SIZE = 15;
+  protected static short[] instanceTable;
 
   public static void initialize() {
+    instanceTable = JCSystem.makeTransientShortArray(INSTANCE_TABLE_SIZE, JCSystem.CLEAR_ON_RESET);
     KMType.repository = KMRepository.instance();
     KMType.heap = repository.getHeap();
   }
diff --git a/Applet/src/com/android/javacard/keymaster/KMVerificationToken.java b/Applet/src/com/android/javacard/keymaster/KMVerificationToken.java
index a57ac803..345dc26c 100644
--- a/Applet/src/com/android/javacard/keymaster/KMVerificationToken.java
+++ b/Applet/src/com/android/javacard/keymaster/KMVerificationToken.java
@@ -37,10 +37,8 @@ public class KMVerificationToken extends KMType {
   public static final byte MAC = 0x04;
 
   private static KMVerificationToken prototype;
-  private short[] instPtr;
 
   private KMVerificationToken() {
-    instPtr = (short[]) JCSystem.makeTransientShortArray((short) 1, JCSystem.CLEAR_ON_DESELECT);
   }
 
   public static short exp() {
@@ -59,7 +57,7 @@ private static KMVerificationToken proto(short ptr) {
     if (prototype == null) {
       prototype = new KMVerificationToken();
     }
-    prototype.instPtr[0] = ptr;
+    instanceTable[KM_VERIFICATION_TOKEN_OFFSET] = ptr;
     return prototype;
   }
 
@@ -96,7 +94,7 @@ public static KMVerificationToken cast(short ptr) {
   }
 
   public short getVals() {
-    return Util.getShort(heap, (short) (instPtr[0] + TLV_HEADER_SIZE));
+    return Util.getShort(heap, (short) (instanceTable[KM_VERIFICATION_TOKEN_OFFSET] + TLV_HEADER_SIZE));
   }
 
   public short length() {

From 44c41b56d4db0e8a9e65a2380dc76551751a1932 Mon Sep 17 00:00:00 2001
From: BKSSM Venkateswarlu 
Date: Thu, 25 Mar 2021 11:58:19 +0000
Subject: [PATCH 109/169] Removed unused imports

---
 Applet/src/com/android/javacard/keymaster/KMArray.java           | 1 -
 Applet/src/com/android/javacard/keymaster/KMBoolTag.java         | 1 -
 Applet/src/com/android/javacard/keymaster/KMByteBlob.java        | 1 -
 Applet/src/com/android/javacard/keymaster/KMByteTag.java         | 1 -
 Applet/src/com/android/javacard/keymaster/KMEnum.java            | 1 -
 Applet/src/com/android/javacard/keymaster/KMEnumArrayTag.java    | 1 -
 Applet/src/com/android/javacard/keymaster/KMEnumTag.java         | 1 -
 .../src/com/android/javacard/keymaster/KMHardwareAuthToken.java  | 1 -
 .../com/android/javacard/keymaster/KMHmacSharingParameters.java  | 1 -
 Applet/src/com/android/javacard/keymaster/KMInteger.java         | 1 -
 Applet/src/com/android/javacard/keymaster/KMIntegerArrayTag.java | 1 -
 Applet/src/com/android/javacard/keymaster/KMIntegerTag.java      | 1 -
 .../src/com/android/javacard/keymaster/KMKeyCharacteristics.java | 1 -
 Applet/src/com/android/javacard/keymaster/KMKeyParameters.java   | 1 -
 .../src/com/android/javacard/keymaster/KMVerificationToken.java  | 1 -
 15 files changed, 15 deletions(-)

diff --git a/Applet/src/com/android/javacard/keymaster/KMArray.java b/Applet/src/com/android/javacard/keymaster/KMArray.java
index b719af9a..bfa09269 100644
--- a/Applet/src/com/android/javacard/keymaster/KMArray.java
+++ b/Applet/src/com/android/javacard/keymaster/KMArray.java
@@ -18,7 +18,6 @@
 
 import javacard.framework.ISO7816;
 import javacard.framework.ISOException;
-import javacard.framework.JCSystem;
 import javacard.framework.Util;
 
 /**
diff --git a/Applet/src/com/android/javacard/keymaster/KMBoolTag.java b/Applet/src/com/android/javacard/keymaster/KMBoolTag.java
index 04938e39..69619c0d 100644
--- a/Applet/src/com/android/javacard/keymaster/KMBoolTag.java
+++ b/Applet/src/com/android/javacard/keymaster/KMBoolTag.java
@@ -18,7 +18,6 @@
 
 import javacard.framework.ISO7816;
 import javacard.framework.ISOException;
-import javacard.framework.JCSystem;
 import javacard.framework.Util;
 
 /**
diff --git a/Applet/src/com/android/javacard/keymaster/KMByteBlob.java b/Applet/src/com/android/javacard/keymaster/KMByteBlob.java
index 2207e978..a6f4c529 100644
--- a/Applet/src/com/android/javacard/keymaster/KMByteBlob.java
+++ b/Applet/src/com/android/javacard/keymaster/KMByteBlob.java
@@ -18,7 +18,6 @@
 
 import javacard.framework.ISO7816;
 import javacard.framework.ISOException;
-import javacard.framework.JCSystem;
 import javacard.framework.Util;
 
 /**
diff --git a/Applet/src/com/android/javacard/keymaster/KMByteTag.java b/Applet/src/com/android/javacard/keymaster/KMByteTag.java
index dea36dd1..89401e4f 100644
--- a/Applet/src/com/android/javacard/keymaster/KMByteTag.java
+++ b/Applet/src/com/android/javacard/keymaster/KMByteTag.java
@@ -18,7 +18,6 @@
 
 import javacard.framework.ISO7816;
 import javacard.framework.ISOException;
-import javacard.framework.JCSystem;
 import javacard.framework.Util;
 
 /**
diff --git a/Applet/src/com/android/javacard/keymaster/KMEnum.java b/Applet/src/com/android/javacard/keymaster/KMEnum.java
index 7ea816a5..2b55a6ce 100644
--- a/Applet/src/com/android/javacard/keymaster/KMEnum.java
+++ b/Applet/src/com/android/javacard/keymaster/KMEnum.java
@@ -18,7 +18,6 @@
 
 import javacard.framework.ISO7816;
 import javacard.framework.ISOException;
-import javacard.framework.JCSystem;
 import javacard.framework.Util;
 
 /**
diff --git a/Applet/src/com/android/javacard/keymaster/KMEnumArrayTag.java b/Applet/src/com/android/javacard/keymaster/KMEnumArrayTag.java
index 9d1fb559..cd3981c4 100644
--- a/Applet/src/com/android/javacard/keymaster/KMEnumArrayTag.java
+++ b/Applet/src/com/android/javacard/keymaster/KMEnumArrayTag.java
@@ -18,7 +18,6 @@
 
 import javacard.framework.ISO7816;
 import javacard.framework.ISOException;
-import javacard.framework.JCSystem;
 import javacard.framework.Util;
 
 /**
diff --git a/Applet/src/com/android/javacard/keymaster/KMEnumTag.java b/Applet/src/com/android/javacard/keymaster/KMEnumTag.java
index aa5d673f..7493aa3d 100644
--- a/Applet/src/com/android/javacard/keymaster/KMEnumTag.java
+++ b/Applet/src/com/android/javacard/keymaster/KMEnumTag.java
@@ -18,7 +18,6 @@
 
 import javacard.framework.ISO7816;
 import javacard.framework.ISOException;
-import javacard.framework.JCSystem;
 import javacard.framework.Util;
 
 /**
diff --git a/Applet/src/com/android/javacard/keymaster/KMHardwareAuthToken.java b/Applet/src/com/android/javacard/keymaster/KMHardwareAuthToken.java
index d05ccea4..900e9069 100644
--- a/Applet/src/com/android/javacard/keymaster/KMHardwareAuthToken.java
+++ b/Applet/src/com/android/javacard/keymaster/KMHardwareAuthToken.java
@@ -18,7 +18,6 @@
 
 import javacard.framework.ISO7816;
 import javacard.framework.ISOException;
-import javacard.framework.JCSystem;
 import javacard.framework.Util;
 
 /**
diff --git a/Applet/src/com/android/javacard/keymaster/KMHmacSharingParameters.java b/Applet/src/com/android/javacard/keymaster/KMHmacSharingParameters.java
index c5ec91ef..f89ac608 100644
--- a/Applet/src/com/android/javacard/keymaster/KMHmacSharingParameters.java
+++ b/Applet/src/com/android/javacard/keymaster/KMHmacSharingParameters.java
@@ -18,7 +18,6 @@
 
 import javacard.framework.ISO7816;
 import javacard.framework.ISOException;
-import javacard.framework.JCSystem;
 import javacard.framework.Util;
 
 /**
diff --git a/Applet/src/com/android/javacard/keymaster/KMInteger.java b/Applet/src/com/android/javacard/keymaster/KMInteger.java
index c120c22a..aee6f9d5 100644
--- a/Applet/src/com/android/javacard/keymaster/KMInteger.java
+++ b/Applet/src/com/android/javacard/keymaster/KMInteger.java
@@ -18,7 +18,6 @@
 
 import javacard.framework.ISO7816;
 import javacard.framework.ISOException;
-import javacard.framework.JCSystem;
 import javacard.framework.Util;
 
 /**
diff --git a/Applet/src/com/android/javacard/keymaster/KMIntegerArrayTag.java b/Applet/src/com/android/javacard/keymaster/KMIntegerArrayTag.java
index c4d01045..e292c5e6 100644
--- a/Applet/src/com/android/javacard/keymaster/KMIntegerArrayTag.java
+++ b/Applet/src/com/android/javacard/keymaster/KMIntegerArrayTag.java
@@ -18,7 +18,6 @@
 
 import javacard.framework.ISO7816;
 import javacard.framework.ISOException;
-import javacard.framework.JCSystem;
 import javacard.framework.Util;
 
 /**
diff --git a/Applet/src/com/android/javacard/keymaster/KMIntegerTag.java b/Applet/src/com/android/javacard/keymaster/KMIntegerTag.java
index 67a46d6d..6ddec4bd 100644
--- a/Applet/src/com/android/javacard/keymaster/KMIntegerTag.java
+++ b/Applet/src/com/android/javacard/keymaster/KMIntegerTag.java
@@ -18,7 +18,6 @@
 
 import javacard.framework.ISO7816;
 import javacard.framework.ISOException;
-import javacard.framework.JCSystem;
 import javacard.framework.Util;
 
 /**
diff --git a/Applet/src/com/android/javacard/keymaster/KMKeyCharacteristics.java b/Applet/src/com/android/javacard/keymaster/KMKeyCharacteristics.java
index 13bf86bb..7913f6ff 100644
--- a/Applet/src/com/android/javacard/keymaster/KMKeyCharacteristics.java
+++ b/Applet/src/com/android/javacard/keymaster/KMKeyCharacteristics.java
@@ -18,7 +18,6 @@
 
 import javacard.framework.ISO7816;
 import javacard.framework.ISOException;
-import javacard.framework.JCSystem;
 import javacard.framework.Util;
 
 /**
diff --git a/Applet/src/com/android/javacard/keymaster/KMKeyParameters.java b/Applet/src/com/android/javacard/keymaster/KMKeyParameters.java
index 5cea10e2..0ef85ae4 100644
--- a/Applet/src/com/android/javacard/keymaster/KMKeyParameters.java
+++ b/Applet/src/com/android/javacard/keymaster/KMKeyParameters.java
@@ -18,7 +18,6 @@
 
 import javacard.framework.ISO7816;
 import javacard.framework.ISOException;
-import javacard.framework.JCSystem;
 import javacard.framework.Util;
 
 /**
diff --git a/Applet/src/com/android/javacard/keymaster/KMVerificationToken.java b/Applet/src/com/android/javacard/keymaster/KMVerificationToken.java
index 345dc26c..1be88ded 100644
--- a/Applet/src/com/android/javacard/keymaster/KMVerificationToken.java
+++ b/Applet/src/com/android/javacard/keymaster/KMVerificationToken.java
@@ -18,7 +18,6 @@
 
 import javacard.framework.ISO7816;
 import javacard.framework.ISOException;
-import javacard.framework.JCSystem;
 import javacard.framework.Util;
 
 /**

From 21d563b2e8d4cc96ed0abca441c5828a70ce34eb Mon Sep 17 00:00:00 2001
From: bvenkateswarlu 
Date: Thu, 25 Mar 2021 20:10:27 +0000
Subject: [PATCH 110/169] Applet should be able to upgrade even if provision is
 not done.

---
 .../com/android/javacard/keymaster/KMAndroidSEProvider.java | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java
index 369276c7..b1cfae86 100644
--- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java
+++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java
@@ -218,6 +218,12 @@ public KMAndroidSEProvider() {
     //Allocate buffer for certificate chain.
     if (!isUpgrading()) {
       certificateChain = new byte[CERT_CHAIN_MAX_SIZE];
+      // Initialize attestationKey and preShared key with zeros.
+      Util.arrayFillNonAtomic(tmpArray, (short) 0, TMP_ARRAY_SIZE, (byte) 0);
+      // Assuming secret key length of P-256 curve is 32 bytes.
+      createAttestationKey(tmpArray, (short)0, (short) 32);
+      // Pre-shared secret key length is 32 bytes.
+      createPresharedKey(tmpArray, (short)0, (short) KMRepository.SHARED_SECRET_KEY_SIZE);
     }
     androidSEProvider = this;
   }

From c68ddd72f917bf4af1b0c35f58a69a644159df95 Mon Sep 17 00:00:00 2001
From: BKSSMVenkateswarlu
 <40534495+BKSSMVenkateswarlu@users.noreply.github.com>
Date: Sun, 28 Mar 2021 16:45:53 +0100
Subject: [PATCH 111/169] Updated comment

---
 .../src/com/android/javacard/keymaster/KMAndroidSEProvider.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java
index b1cfae86..2cd42182 100644
--- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java
+++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java
@@ -220,7 +220,7 @@ public KMAndroidSEProvider() {
       certificateChain = new byte[CERT_CHAIN_MAX_SIZE];
       // Initialize attestationKey and preShared key with zeros.
       Util.arrayFillNonAtomic(tmpArray, (short) 0, TMP_ARRAY_SIZE, (byte) 0);
-      // Assuming secret key length of P-256 curve is 32 bytes.
+      // Create attestation key of P-256 curve.
       createAttestationKey(tmpArray, (short)0, (short) 32);
       // Pre-shared secret key length is 32 bytes.
       createPresharedKey(tmpArray, (short)0, (short) KMRepository.SHARED_SECRET_KEY_SIZE);

From beeeb9a46a8cfa1e4ce95acb00849551336e17cf Mon Sep 17 00:00:00 2001
From: bvenkateswarlu 
Date: Thu, 25 Mar 2021 20:10:27 +0000
Subject: [PATCH 112/169] Applet should be able to upgrade even if provision is
 not done.

---
 .../com/android/javacard/keymaster/KMAndroidSEProvider.java | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java
index 5e247259..bec1234c 100644
--- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java
+++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java
@@ -218,6 +218,12 @@ public KMAndroidSEProvider() {
     //Allocate buffer for certificate chain.
     if (!isUpgrading()) {
       certificateChain = new byte[CERT_CHAIN_MAX_SIZE];
+      // Initialize attestationKey and preShared key with zeros.
+      Util.arrayFillNonAtomic(tmpArray, (short) 0, TMP_ARRAY_SIZE, (byte) 0);
+      // Assuming secret key length of P-256 curve is 32 bytes.
+      createAttestationKey(tmpArray, (short)0, (short) 32);
+      // Pre-shared secret key length is 32 bytes.
+      createPresharedKey(tmpArray, (short)0, (short) KMRepository.SHARED_SECRET_KEY_SIZE);
     }
     androidSEProvider = this;
   }

From 7eb0ab20de826884884ef7d195c96a49568eaa75 Mon Sep 17 00:00:00 2001
From: BKSSMVenkateswarlu
 <40534495+BKSSMVenkateswarlu@users.noreply.github.com>
Date: Sun, 28 Mar 2021 16:45:53 +0100
Subject: [PATCH 113/169] Updated comment

---
 .../src/com/android/javacard/keymaster/KMAndroidSEProvider.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java
index bec1234c..ecec4e5f 100644
--- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java
+++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java
@@ -220,7 +220,7 @@ public KMAndroidSEProvider() {
       certificateChain = new byte[CERT_CHAIN_MAX_SIZE];
       // Initialize attestationKey and preShared key with zeros.
       Util.arrayFillNonAtomic(tmpArray, (short) 0, TMP_ARRAY_SIZE, (byte) 0);
-      // Assuming secret key length of P-256 curve is 32 bytes.
+      // Create attestation key of P-256 curve.
       createAttestationKey(tmpArray, (short)0, (short) 32);
       // Pre-shared secret key length is 32 bytes.
       createPresharedKey(tmpArray, (short)0, (short) KMRepository.SHARED_SECRET_KEY_SIZE);

From 4cb4f1667206d003d31c1d4b9c9af58814d577ce Mon Sep 17 00:00:00 2001
From: bvenkateswarlu 
Date: Thu, 8 Apr 2021 17:33:38 +0100
Subject: [PATCH 114/169] Reduced NVM writes inside KMOperationImpl of
 AndroidSEProvider

---
 .../keymaster/KMAndroidSEProvider.java        |  10 --
 .../javacard/keymaster/KMOperationImpl.java   | 102 ++++++++++--------
 2 files changed, 55 insertions(+), 57 deletions(-)

diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java
index ecec4e5f..49929346 100644
--- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java
+++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java
@@ -993,22 +993,18 @@ public KMOperation initSymmetricOperation(byte purpose, byte alg,
         opr = getOperationInstanceFromPool();
         // Convert macLength to bytes
         macLength = (short) (macLength / 8);
-        JCSystem.beginTransaction();
         opr.setCipher(cipher);
         opr.setCipherAlgorithm(alg);
         opr.setBlockMode(blockMode);
         opr.setPaddingAlgorithm(padding);
         opr.setMode(purpose);
         opr.setMacLength(macLength);
-        JCSystem.commitTransaction();
         break;
       case KMType.HMAC:
         Signature signerVerifier = createHmacSignerVerifier(purpose, digest,
             keyBuf, keyStart, keyLength);
         opr = getOperationInstanceFromPool();
-        JCSystem.beginTransaction();
         opr.setSignature(signerVerifier);
-        JCSystem.commitTransaction();
         break;
       default:
         CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM);
@@ -1071,23 +1067,19 @@ public KMOperation initAsymmetricOperation(byte purpose, byte alg,
           Signature signer = createRsaSigner(digest, padding, privKeyBuf,
               privKeyStart, privKeyLength, pubModBuf, pubModStart, pubModLength);
           opr = getOperationInstanceFromPool();
-          JCSystem.beginTransaction();
           opr.setSignature(signer);
           opr.setCipherAlgorithm(alg);
           opr.setPaddingAlgorithm(padding);
           opr.setMode(purpose);
-          JCSystem.commitTransaction();
           break;
         case KMType.DECRYPT:
           Cipher decipher = createRsaDecipher(padding, digest, privKeyBuf,
               privKeyStart, privKeyLength, pubModBuf, pubModStart, pubModLength);
           opr = getOperationInstanceFromPool();
-          JCSystem.beginTransaction();
           opr.setCipher(decipher);
           opr.setCipherAlgorithm(alg);
           opr.setPaddingAlgorithm(padding);
           opr.setMode(purpose);
-          JCSystem.commitTransaction();
           break;
         default:
           KMException.throwIt(KMError.UNSUPPORTED_PURPOSE);
@@ -1099,9 +1091,7 @@ public KMOperation initAsymmetricOperation(byte purpose, byte alg,
           Signature signer = createEcSigner(digest, privKeyBuf, privKeyStart,
               privKeyLength);
           opr = getOperationInstanceFromPool();
-          JCSystem.beginTransaction();
           opr.setSignature(signer);
-          JCSystem.commitTransaction();
           break;
         default:
           KMException.throwIt(KMError.UNSUPPORTED_PURPOSE);
diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMOperationImpl.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMOperationImpl.java
index b5ef9026..a0865d97 100644
--- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMOperationImpl.java
+++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMOperationImpl.java
@@ -23,89 +23,89 @@
 
 public class KMOperationImpl implements KMOperation {
 
-  private Cipher cipher;
-  private Signature signature;
-  private short cipherAlg;
-  private short padding;
-  private short mode;
-  private short blockMode;
-  private short macLength;
+  private static final short CIPHER_ALG_OFFSET = 0x00;
+  private static final short PADDING_OFFSET = 0x01;
+  private static final short OPER_MODE_OFFSET = 0x02;
+  private static final short BLOCK_MODE_OFFSET = 0x03;
+  private static final short MAC_LENGTH_OFFSET = 0x04;
   //This will hold the length of the buffer stored inside the
   //Java Card after the GCM update operation.
-  private short aesGcmUpdatedLen;
+  private static final short AES_GCM_UPDATE_LEN_OFFSET = 0x05;
+  private short[] parameters;
+  // Either one of Cipher/Signature instance is stored.
+  private Object[] operationInst;
 
   public KMOperationImpl() {
+	  parameters = JCSystem.makeTransientShortArray((short) 6, JCSystem.CLEAR_ON_RESET);
+	  operationInst = JCSystem.makeTransientObjectArray((short) 1, JCSystem.CLEAR_ON_RESET);
   }
 
   public short getMode() {
-    return mode;
+    return parameters[OPER_MODE_OFFSET];
   }
 
   public void setMode(short mode) {
-    this.mode = mode;
+	  parameters[OPER_MODE_OFFSET] = mode; 
   }
 
   public short getMacLength() {
-    return macLength;
+    return parameters[MAC_LENGTH_OFFSET];
   }
 
   public void setMacLength(short macLength) {
-    this.macLength = macLength;
+	  parameters[MAC_LENGTH_OFFSET] = macLength;
   }
 
   public short getPaddingAlgorithm() {
-    return padding;
+    return parameters[PADDING_OFFSET];
   }
 
   public void setPaddingAlgorithm(short alg) {
-    padding = alg;
+	  parameters[PADDING_OFFSET] = alg;
   }
 
   public void setBlockMode(short mode) {
-    blockMode = mode;
+    parameters[BLOCK_MODE_OFFSET] = mode;
   }
 
   public short getBlockMode() {
-    return blockMode;
+    return parameters[BLOCK_MODE_OFFSET];
   }
 
   public short getCipherAlgorithm() {
-    return cipherAlg;
+	  return parameters[CIPHER_ALG_OFFSET];
   }
 
   public void setCipherAlgorithm(short cipherAlg) {
-    this.cipherAlg = cipherAlg;
+    parameters[CIPHER_ALG_OFFSET] = cipherAlg;
   }
 
   public void setCipher(Cipher cipher) {
-    this.cipher = cipher;
+    operationInst[0] = cipher;
   }
 
   public void setSignature(Signature signer) {
-    this.signature = signer;
+	  operationInst[0] = signer;
   }
 
   private void resetCipher() {
-    JCSystem.beginTransaction();
-    cipher = null;
-    macLength = 0;
-    aesGcmUpdatedLen = 0;
-    blockMode = 0;
-    mode = 0;
-    cipherAlg = 0;
-    JCSystem.commitTransaction();
+    operationInst[0] =  null;
+    parameters[MAC_LENGTH_OFFSET] = 0;
+    parameters[AES_GCM_UPDATE_LEN_OFFSET] = 0;
+    parameters[BLOCK_MODE_OFFSET] = 0;
+    parameters[OPER_MODE_OFFSET] = 0;
+    parameters[CIPHER_ALG_OFFSET] = 0;
+    parameters[PADDING_OFFSET] = 0;
   }
 
   @Override
   public short update(byte[] inputDataBuf, short inputDataStart,
       short inputDataLength, byte[] outputDataBuf, short outputDataStart) {
-    short len = cipher.update(inputDataBuf, inputDataStart, inputDataLength,
+    short len = ((Cipher) operationInst[0]).update(inputDataBuf, inputDataStart, inputDataLength,
         outputDataBuf, outputDataStart);
-    if (cipherAlg == KMType.AES && blockMode == KMType.GCM) {
+    if (parameters[CIPHER_ALG_OFFSET] == KMType.AES && parameters[BLOCK_MODE_OFFSET] == KMType.GCM) {
       // Every time Block size data is stored as intermediate result.
-      JCSystem.beginTransaction();
-      aesGcmUpdatedLen += (short) (inputDataLength - len);
-      JCSystem.commitTransaction();
+      parameters[AES_GCM_UPDATE_LEN_OFFSET] += (short) (inputDataLength - len); 
     }
     return len;
   }
@@ -113,7 +113,7 @@ public short update(byte[] inputDataBuf, short inputDataStart,
   @Override
   public short update(byte[] inputDataBuf, short inputDataStart,
       short inputDataLength) {
-    signature.update(inputDataBuf, inputDataStart, inputDataLength);
+	  ((Signature) operationInst[0]).update(inputDataBuf, inputDataStart, inputDataLength);
     return 0;
   }
 
@@ -121,6 +121,12 @@ public short update(byte[] inputDataBuf, short inputDataStart,
   public short finish(byte[] inputDataBuf, short inputDataStart,
       short inputDataLen, byte[] outputDataBuf, short outputDataStart) {
     byte[] tmpArray = KMAndroidSEProvider.getInstance().tmpArray;
+    Cipher cipher = (Cipher) operationInst[0];
+    short cipherAlg = parameters[CIPHER_ALG_OFFSET];
+    short blockMode = parameters[BLOCK_MODE_OFFSET];
+    short mode = parameters[OPER_MODE_OFFSET];
+    short macLength = parameters[MAC_LENGTH_OFFSET];
+    short padding = parameters[PADDING_OFFSET];
     short len = 0;
     try {
       if (cipherAlg == KMType.AES && blockMode == KMType.GCM) {
@@ -201,11 +207,11 @@ public short sign(byte[] inputDataBuf, short inputDataStart,
       short inputDataLength, byte[] signBuf, short signStart) {
     short len = 0;
     try {
-      len = signature.sign(inputDataBuf, inputDataStart, inputDataLength,
+      len = ((Signature) operationInst[0]).sign(inputDataBuf, inputDataStart, inputDataLength,
           signBuf, signStart);
     } finally {
-      KMAndroidSEProvider.getInstance().releaseSignatureInstance(signature);
-      signature = null;
+      KMAndroidSEProvider.getInstance().releaseSignatureInstance((Signature) operationInst[0]);
+      operationInst[0] = null;
     }
     return len;
   }
@@ -215,11 +221,11 @@ public boolean verify(byte[] inputDataBuf, short inputDataStart,
       short inputDataLength, byte[] signBuf, short signStart, short signLength) {
     boolean ret = false;
     try {
-      ret = signature.verify(inputDataBuf, inputDataStart, inputDataLength,
+      ret = ((Signature) operationInst[0]).verify(inputDataBuf, inputDataStart, inputDataLength,
           signBuf, signStart, signLength);
     } finally {
-      KMAndroidSEProvider.getInstance().releaseSignatureInstance(signature);
-      signature = null;
+      KMAndroidSEProvider.getInstance().releaseSignatureInstance((Signature) operationInst[0]);
+      operationInst[0] = null;
     }
     return ret;
   }
@@ -227,13 +233,15 @@ public boolean verify(byte[] inputDataBuf, short inputDataStart,
   @Override
   public void abort() {
     // do nothing
-    if (cipher != null) {
-      KMAndroidSEProvider.getInstance().releaseCipherInstance(cipher);
-      resetCipher();
-    }
-    if (signature != null) {
-      KMAndroidSEProvider.getInstance().releaseSignatureInstance(signature);
-      signature = null;
+    if (operationInst[0] != null) {
+    	if (parameters[OPER_MODE_OFFSET] == KMType.ENCRYPT ||
+    			parameters[OPER_MODE_OFFSET] == KMType.DECRYPT) {
+          KMAndroidSEProvider.getInstance().releaseCipherInstance((Cipher) operationInst[0]);
+          resetCipher();
+    	} else {
+    	  KMAndroidSEProvider.getInstance().releaseSignatureInstance((Signature) operationInst[0]);
+    	}
+    	operationInst[0] = null;
     }
     KMAndroidSEProvider.getInstance().releaseOperationInstance(this);
   }

From 294eddf29fd71d2504404356489e645b7a667bc3 Mon Sep 17 00:00:00 2001
From: bvenkatswarlu 
Date: Fri, 9 Apr 2021 03:02:29 +0530
Subject: [PATCH 115/169] Fixed compilation errors

---
 .../com/android/javacard/keymaster/KMOperationImpl.java   | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMOperationImpl.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMOperationImpl.java
index a0865d97..831d3ab0 100644
--- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMOperationImpl.java
+++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMOperationImpl.java
@@ -248,15 +248,15 @@ public void abort() {
 
   @Override
   public void updateAAD(byte[] dataBuf, short dataStart, short dataLength) {
-    ((AEADCipher) cipher).updateAAD(dataBuf, dataStart, dataLength);
+    ((AEADCipher) operationInst[0]).updateAAD(dataBuf, dataStart, dataLength);
   }
 
   @Override
   public short getAESGCMOutputSize(short dataSize, short macLength) {
-    if (mode == KMType.ENCRYPT) {
-      return (short) (aesGcmUpdatedLen + dataSize + macLength);
+    if (parameters[OPER_MODE_OFFSET] == KMType.ENCRYPT) {
+      return (short) (parameters[AES_GCM_UPDATE_LEN_OFFSET] + dataSize + macLength);
     } else {
-      return (short) (aesGcmUpdatedLen + dataSize - macLength);
+      return (short) (parameters[AES_GCM_UPDATE_LEN_OFFSET] + dataSize - macLength);
     }
   }
 }

From 4bae71f0c0835e9133b8c61464b38faf02fbf806 Mon Sep 17 00:00:00 2001
From: BKSSM Venkateswarlu 
Date: Thu, 8 Apr 2021 22:36:40 +0100
Subject: [PATCH 116/169] Proper indentation for KMOPerationImpl.java source
 file

---
 .../javacard/keymaster/KMOperationImpl.java   | 65 +++++++++----------
 1 file changed, 32 insertions(+), 33 deletions(-)

diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMOperationImpl.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMOperationImpl.java
index 831d3ab0..2a20541c 100644
--- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMOperationImpl.java
+++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMOperationImpl.java
@@ -36,8 +36,8 @@ public class KMOperationImpl implements KMOperation {
   private Object[] operationInst;
 
   public KMOperationImpl() {
-	  parameters = JCSystem.makeTransientShortArray((short) 6, JCSystem.CLEAR_ON_RESET);
-	  operationInst = JCSystem.makeTransientObjectArray((short) 1, JCSystem.CLEAR_ON_RESET);
+    parameters = JCSystem.makeTransientShortArray((short) 6, JCSystem.CLEAR_ON_RESET);
+    operationInst = JCSystem.makeTransientObjectArray((short) 1, JCSystem.CLEAR_ON_RESET);
   }
 
   public short getMode() {
@@ -45,7 +45,7 @@ public short getMode() {
   }
 
   public void setMode(short mode) {
-	  parameters[OPER_MODE_OFFSET] = mode; 
+    parameters[OPER_MODE_OFFSET] = mode;
   }
 
   public short getMacLength() {
@@ -53,7 +53,7 @@ public short getMacLength() {
   }
 
   public void setMacLength(short macLength) {
-	  parameters[MAC_LENGTH_OFFSET] = macLength;
+    parameters[MAC_LENGTH_OFFSET] = macLength;
   }
 
   public short getPaddingAlgorithm() {
@@ -61,7 +61,7 @@ public short getPaddingAlgorithm() {
   }
 
   public void setPaddingAlgorithm(short alg) {
-	  parameters[PADDING_OFFSET] = alg;
+    parameters[PADDING_OFFSET] = alg;
   }
 
   public void setBlockMode(short mode) {
@@ -73,7 +73,7 @@ public short getBlockMode() {
   }
 
   public short getCipherAlgorithm() {
-	  return parameters[CIPHER_ALG_OFFSET];
+    return parameters[CIPHER_ALG_OFFSET];
   }
 
   public void setCipherAlgorithm(short cipherAlg) {
@@ -85,11 +85,11 @@ public void setCipher(Cipher cipher) {
   }
 
   public void setSignature(Signature signer) {
-	  operationInst[0] = signer;
+    operationInst[0] = signer;
   }
 
   private void resetCipher() {
-    operationInst[0] =  null;
+    operationInst[0] = null;
     parameters[MAC_LENGTH_OFFSET] = 0;
     parameters[AES_GCM_UPDATE_LEN_OFFSET] = 0;
     parameters[BLOCK_MODE_OFFSET] = 0;
@@ -100,26 +100,26 @@ private void resetCipher() {
 
   @Override
   public short update(byte[] inputDataBuf, short inputDataStart,
-      short inputDataLength, byte[] outputDataBuf, short outputDataStart) {
+                      short inputDataLength, byte[] outputDataBuf, short outputDataStart) {
     short len = ((Cipher) operationInst[0]).update(inputDataBuf, inputDataStart, inputDataLength,
-        outputDataBuf, outputDataStart);
+      outputDataBuf, outputDataStart);
     if (parameters[CIPHER_ALG_OFFSET] == KMType.AES && parameters[BLOCK_MODE_OFFSET] == KMType.GCM) {
       // Every time Block size data is stored as intermediate result.
-      parameters[AES_GCM_UPDATE_LEN_OFFSET] += (short) (inputDataLength - len); 
+      parameters[AES_GCM_UPDATE_LEN_OFFSET] += (short) (inputDataLength - len);
     }
     return len;
   }
 
   @Override
   public short update(byte[] inputDataBuf, short inputDataStart,
-      short inputDataLength) {
-	  ((Signature) operationInst[0]).update(inputDataBuf, inputDataStart, inputDataLength);
+                      short inputDataLength) {
+    ((Signature) operationInst[0]).update(inputDataBuf, inputDataStart, inputDataLength);
     return 0;
   }
 
   @Override
   public short finish(byte[] inputDataBuf, short inputDataStart,
-      short inputDataLen, byte[] outputDataBuf, short outputDataStart) {
+                      short inputDataLen, byte[] outputDataBuf, short outputDataStart) {
     byte[] tmpArray = KMAndroidSEProvider.getInstance().tmpArray;
     Cipher cipher = (Cipher) operationInst[0];
     short cipherAlg = parameters[CIPHER_ALG_OFFSET];
@@ -134,7 +134,7 @@ public short finish(byte[] inputDataBuf, short inputDataStart,
           inputDataLen = (short) (inputDataLen - macLength);
         }
       } else if ((cipherAlg == KMType.DES || cipherAlg == KMType.AES) &&
-          padding == KMType.PKCS7 && mode == KMType.ENCRYPT) {
+        padding == KMType.PKCS7 && mode == KMType.ENCRYPT) {
         byte blkSize = 16;
         byte paddingBytes;
         short inputlen = inputDataLen;
@@ -154,15 +154,15 @@ public short finish(byte[] inputDataBuf, short inputDataStart,
         Util.arrayFillNonAtomic(tmpArray, (short) 0, inputlen, paddingBytes);
         // copy the input data
         Util.arrayCopyNonAtomic(inputDataBuf, inputDataStart, tmpArray,
-            (short) 0, inputDataLen);
+          (short) 0, inputDataLen);
         inputDataBuf = tmpArray;
         inputDataLen = inputlen;
         inputDataStart = 0;
       }
       len = cipher.doFinal(inputDataBuf, inputDataStart, inputDataLen,
-          outputDataBuf, outputDataStart);
+        outputDataBuf, outputDataStart);
       if ((cipherAlg == KMType.AES || cipherAlg == KMType.DES) &&
-          padding == KMType.PKCS7 && mode == KMType.DECRYPT) {
+        padding == KMType.PKCS7 && mode == KMType.DECRYPT) {
         byte blkSize = 16;
         if (cipherAlg == KMType.DES) {
           blkSize = 8;
@@ -185,10 +185,10 @@ public short finish(byte[] inputDataBuf, short inputDataStart,
       } else if (cipherAlg == KMType.AES && blockMode == KMType.GCM) {
         if (mode == KMType.ENCRYPT) {
           len += ((AEADCipher) cipher).retrieveTag(outputDataBuf,
-              (short) (outputDataStart + len), macLength);
+            (short) (outputDataStart + len), macLength);
         } else {
           boolean verified = ((AEADCipher) cipher).verifyTag(inputDataBuf,
-              (short) (inputDataStart + inputDataLen), macLength, macLength);
+            (short) (inputDataStart + inputDataLen), macLength, macLength);
           if (!verified) {
             KMException.throwIt(KMError.VERIFICATION_FAILED);
           }
@@ -204,11 +204,11 @@ public short finish(byte[] inputDataBuf, short inputDataStart,
 
   @Override
   public short sign(byte[] inputDataBuf, short inputDataStart,
-      short inputDataLength, byte[] signBuf, short signStart) {
+                    short inputDataLength, byte[] signBuf, short signStart) {
     short len = 0;
     try {
       len = ((Signature) operationInst[0]).sign(inputDataBuf, inputDataStart, inputDataLength,
-          signBuf, signStart);
+        signBuf, signStart);
     } finally {
       KMAndroidSEProvider.getInstance().releaseSignatureInstance((Signature) operationInst[0]);
       operationInst[0] = null;
@@ -218,11 +218,11 @@ public short sign(byte[] inputDataBuf, short inputDataStart,
 
   @Override
   public boolean verify(byte[] inputDataBuf, short inputDataStart,
-      short inputDataLength, byte[] signBuf, short signStart, short signLength) {
+                        short inputDataLength, byte[] signBuf, short signStart, short signLength) {
     boolean ret = false;
     try {
       ret = ((Signature) operationInst[0]).verify(inputDataBuf, inputDataStart, inputDataLength,
-          signBuf, signStart, signLength);
+        signBuf, signStart, signLength);
     } finally {
       KMAndroidSEProvider.getInstance().releaseSignatureInstance((Signature) operationInst[0]);
       operationInst[0] = null;
@@ -232,16 +232,15 @@ public boolean verify(byte[] inputDataBuf, short inputDataStart,
 
   @Override
   public void abort() {
-    // do nothing
     if (operationInst[0] != null) {
-    	if (parameters[OPER_MODE_OFFSET] == KMType.ENCRYPT ||
-    			parameters[OPER_MODE_OFFSET] == KMType.DECRYPT) {
-          KMAndroidSEProvider.getInstance().releaseCipherInstance((Cipher) operationInst[0]);
-          resetCipher();
-    	} else {
-    	  KMAndroidSEProvider.getInstance().releaseSignatureInstance((Signature) operationInst[0]);
-    	}
-    	operationInst[0] = null;
+      if (parameters[OPER_MODE_OFFSET] == KMType.ENCRYPT ||
+        parameters[OPER_MODE_OFFSET] == KMType.DECRYPT) {
+        KMAndroidSEProvider.getInstance().releaseCipherInstance((Cipher) operationInst[0]);
+        resetCipher();
+      } else {
+        KMAndroidSEProvider.getInstance().releaseSignatureInstance((Signature) operationInst[0]);
+      }
+      operationInst[0] = null;
     }
     KMAndroidSEProvider.getInstance().releaseOperationInstance(this);
   }

From 3dae03853a6616f10a0ba5281274026075a80222 Mon Sep 17 00:00:00 2001
From: bvenkateswarlu 
Date: Fri, 9 Apr 2021 16:20:27 +0100
Subject: [PATCH 117/169] Changed the variable name from dFlag to
 isDataUpdated.

---
 .../javacard/keymaster/KMOperationState.java       | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/Applet/src/com/android/javacard/keymaster/KMOperationState.java b/Applet/src/com/android/javacard/keymaster/KMOperationState.java
index 333962aa..3fbe47f2 100644
--- a/Applet/src/com/android/javacard/keymaster/KMOperationState.java
+++ b/Applet/src/com/android/javacard/keymaster/KMOperationState.java
@@ -33,6 +33,8 @@ public class KMOperationState {
   private static final byte REFS = 1;
   private static final byte KMOPERATION = 0;
   private static final byte SLOT = 1;
+  private static final byte TRUE = 1;
+  private static final byte FALSE = 0;
   // byte type
   private static final byte ALG = 0;
   private static final byte PURPOSE = 1;
@@ -58,12 +60,12 @@ public class KMOperationState {
   private byte[] data;
   private Object[] objRefs;
   private static KMOperationState prototype;
-  private byte[] dFlag;
+  private byte[] isDataUpdated;
 
   private KMOperationState() {
     data = JCSystem.makeTransientByteArray(MAX_DATA, JCSystem.CLEAR_ON_RESET);
     objRefs = JCSystem.makeTransientObjectArray((short) 2, JCSystem.CLEAR_ON_RESET);
-    dFlag = JCSystem.makeTransientByteArray((short) 1, JCSystem.CLEAR_ON_RESET);
+    isDataUpdated = JCSystem.makeTransientByteArray((short) 1, JCSystem.CLEAR_ON_RESET);
   }
 
   private static KMOperationState proto() {
@@ -93,13 +95,13 @@ public static KMOperationState read(byte[] oprHandle, short off, Object[] slot)
   }
 
   public void persist() {
-    if (0 == dFlag[0]) {
+    if (FALSE == isDataUpdated[0]) {
       return;
     }
     KMRepository.instance().persistOperation(data,
         Util.getShort(data, OP_HANDLE),
         (KMOperation) objRefs[KMOPERATION]);
-    dFlag[0] = 0;
+    isDataUpdated[0] = FALSE;
   }
 
   public void setKeySize(short keySize) {
@@ -111,7 +113,7 @@ public short getKeySize() {
   }
 
   public void reset() {
-    dFlag[0] = 0;
+    isDataUpdated[0] = FALSE;
     objRefs[KMOPERATION] = null;
     objRefs[SLOT] = null;
     Util.arrayFillNonAtomic(
@@ -119,7 +121,7 @@ public void reset() {
   }
 
   private void dataUpdated() {
-    dFlag[0] = 1;
+    isDataUpdated[0] = TRUE;
   }
 
   public void release() {

From 38f6113a6625f2f6727578ad0b30057f102be65a Mon Sep 17 00:00:00 2001
From: BKSSM Venkateswarlu 
Date: Mon, 12 Apr 2021 11:12:15 +0100
Subject: [PATCH 118/169] Memory optimization in operation table.

Picked these changes from 43ae1785ac30350519620ee9781bcd5493a5d24f of AvinashHedage master branch.
---
 .../javacard/keymaster/KMRepository.java      | 146 +++++++++---------
 1 file changed, 77 insertions(+), 69 deletions(-)

diff --git a/Applet/src/com/android/javacard/keymaster/KMRepository.java b/Applet/src/com/android/javacard/keymaster/KMRepository.java
index 07caec72..90350ab1 100644
--- a/Applet/src/com/android/javacard/keymaster/KMRepository.java
+++ b/Applet/src/com/android/javacard/keymaster/KMRepository.java
@@ -41,7 +41,7 @@ public class KMRepository implements KMUpgradable {
   private static final short OPERATION_HANDLE_STATUS_SIZE = 1;
   private static final short OPERATION_HANDLE_OFFSET = 1;
   private static final short OPERATION_HANDLE_ENTRY_SIZE =
-      OPERATION_HANDLE_SIZE + OPERATION_HANDLE_STATUS_SIZE;
+    OPERATION_HANDLE_SIZE + OPERATION_HANDLE_STATUS_SIZE;
 
   // Data table offsets
   public static final byte COMPUTED_HMAC_KEY = 8;
@@ -105,15 +105,27 @@ public KMRepository(boolean isUpgrading) {
     heapIndex[0] = (short) 0;
     reclaimIndex[0] = HEAP_SIZE;
     newDataTable(isUpgrading);
-    operationStateTable = new Object[MAX_OPS];
+    operationStateTable = JCSystem.makeTransientObjectArray(MAX_OPS, JCSystem.CLEAR_ON_RESET);
     // create and initialize operation state table.
     //First byte in the operation handle buffer denotes whether the operation is
     //reserved or unreserved.
     byte index = 0;
+    Object[] operationStateObj;
+    Object[] tempObj1;
+    Object[] tempObj2;
+
     while (index < MAX_OPS) {
-      operationStateTable[index] = new Object[]{new byte[OPERATION_HANDLE_ENTRY_SIZE],
-          new Object[]{new byte[KMOperationState.MAX_DATA],
-              new Object[KMOperationState.MAX_REFS]}};
+      operationStateObj = JCSystem.makeTransientObjectArray((short) 2, JCSystem.CLEAR_ON_RESET);
+      operationStateObj[0] = JCSystem.makeTransientByteArray(OPERATION_HANDLE_ENTRY_SIZE, JCSystem.CLEAR_ON_RESET);
+
+      tempObj1 = JCSystem.makeTransientObjectArray((short) 2, JCSystem.CLEAR_ON_RESET);
+      tempObj1[0] = JCSystem.makeTransientByteArray(KMOperationState.MAX_DATA, JCSystem.CLEAR_ON_RESET);
+
+      tempObj2 = JCSystem.makeTransientObjectArray(KMOperationState.MAX_REFS, JCSystem.CLEAR_ON_RESET);
+      tempObj1[1] = tempObj2;
+
+      operationStateObj[1] = tempObj1;
+      operationStateTable[index] = operationStateObj;
       index++;
     }
     //Initialize the device locked status
@@ -138,8 +150,8 @@ public KMOperationState findOperation(byte[] buf, short off, short len) {
       opId = ((byte[]) ((Object[]) operationStateTable[index])[0]);
       if (0 == Util.arrayCompare(buf, off, opId, OPERATION_HANDLE_OFFSET, len)) {
         return KMOperationState
-            .read(opId, OPERATION_HANDLE_OFFSET,
-                (Object[]) ((Object[]) operationStateTable[index])[1]);
+          .read(opId, OPERATION_HANDLE_OFFSET,
+            (Object[]) ((Object[]) operationStateTable[index])[1]);
       }
       index++;
     }
@@ -151,14 +163,14 @@ public KMOperationState findOperation(byte[] buf, short off, short len) {
   public KMOperationState findOperation(short operationHandle) {
     short buf = KMByteBlob.instance(OPERATION_HANDLE_SIZE);
     getOperationHandle(
-        operationHandle,
-        KMByteBlob.cast(buf).getBuffer(),
-        KMByteBlob.cast(buf).getStartOff(),
-        KMByteBlob.cast(buf).length());
+      operationHandle,
+      KMByteBlob.cast(buf).getBuffer(),
+      KMByteBlob.cast(buf).getStartOff(),
+      KMByteBlob.cast(buf).length());
     return findOperation(
-        KMByteBlob.cast(buf).getBuffer(),
-        KMByteBlob.cast(buf).getStartOff(),
-        KMByteBlob.cast(buf).length());
+      KMByteBlob.cast(buf).getBuffer(),
+      KMByteBlob.cast(buf).getStartOff(),
+      KMByteBlob.cast(buf).length());
   }
 
   /* opHandle is a KMInteger */
@@ -170,7 +182,7 @@ public KMOperationState reserveOperation(short opHandle) {
       /* Check for unreserved operation state */
       if (opId[OPERATION_HANDLE_STATUS_OFFSET] == 0) {
         return KMOperationState
-            .instance(opHandle, (Object[]) ((Object[]) operationStateTable[index])[1]);
+          .instance(opHandle, (Object[]) ((Object[]) operationStateTable[index])[1]);
       }
       index++;
     }
@@ -182,27 +194,25 @@ public void persistOperation(byte[] data, short opHandle, KMOperation op) {
     byte[] opId;
     short buf = KMByteBlob.instance(OPERATION_HANDLE_SIZE);
     getOperationHandle(
-        opHandle,
-        KMByteBlob.cast(buf).getBuffer(),
-        KMByteBlob.cast(buf).getStartOff(),
-        KMByteBlob.cast(buf).length());
+      opHandle,
+      KMByteBlob.cast(buf).getBuffer(),
+      KMByteBlob.cast(buf).getStartOff(),
+      KMByteBlob.cast(buf).length());
     //Update an existing operation state.
     while (index < MAX_OPS) {
       opId = (byte[]) ((Object[]) operationStateTable[index])[0];
       if ((1 == opId[OPERATION_HANDLE_STATUS_OFFSET])
-          && (0 == Util.arrayCompare(
-          opId,
-          OPERATION_HANDLE_OFFSET,
-          KMByteBlob.cast(buf).getBuffer(),
-          KMByteBlob.cast(buf).getStartOff(),
-          KMByteBlob.cast(buf).length()))) {
+        && (0 == Util.arrayCompare(
+        opId,
+        OPERATION_HANDLE_OFFSET,
+        KMByteBlob.cast(buf).getBuffer(),
+        KMByteBlob.cast(buf).getStartOff(),
+        KMByteBlob.cast(buf).length()))) {
         Object[] slot = (Object[]) ((Object[]) operationStateTable[index])[1];
-        JCSystem.beginTransaction();
         Util.arrayCopy(data, (short) 0, (byte[]) slot[0], (short) 0,
-            (short) ((byte[]) slot[0]).length);
+          (short) ((byte[]) slot[0]).length);
         Object[] ops = ((Object[]) slot[1]);
         ops[0] = op;
-        JCSystem.commitTransaction();
         return;
       }
       index++;
@@ -214,19 +224,17 @@ public void persistOperation(byte[] data, short opHandle, KMOperation op) {
       opId = (byte[]) ((Object[]) operationStateTable[index])[0];
       if (0 == opId[OPERATION_HANDLE_STATUS_OFFSET]) {
         Object[] slot = (Object[]) ((Object[]) operationStateTable[index])[1];
-        JCSystem.beginTransaction();
         opId[OPERATION_HANDLE_STATUS_OFFSET] = 1;/*reserved */
         Util.arrayCopy(
-            KMByteBlob.cast(buf).getBuffer(),
-            KMByteBlob.cast(buf).getStartOff(),
-            opId,
-            OPERATION_HANDLE_OFFSET,
-            OPERATION_HANDLE_SIZE);
+          KMByteBlob.cast(buf).getBuffer(),
+          KMByteBlob.cast(buf).getStartOff(),
+          opId,
+          OPERATION_HANDLE_OFFSET,
+          OPERATION_HANDLE_SIZE);
         Util.arrayCopy(data, (short) 0, (byte[]) slot[0], (short) 0,
-            (short) ((byte[]) slot[0]).length);
+          (short) ((byte[]) slot[0]).length);
         Object[] ops = ((Object[]) slot[1]);
         ops[0] = op;
-        JCSystem.commitTransaction();
         break;
       }
       index++;
@@ -238,18 +246,18 @@ public void releaseOperation(KMOperationState op) {
     byte[] oprHandleBuf;
     short buf = KMByteBlob.instance(OPERATION_HANDLE_SIZE);
     getOperationHandle(
-        op.getHandle(),
-        KMByteBlob.cast(buf).getBuffer(),
-        KMByteBlob.cast(buf).getStartOff(),
-        KMByteBlob.cast(buf).length());
+      op.getHandle(),
+      KMByteBlob.cast(buf).getBuffer(),
+      KMByteBlob.cast(buf).getStartOff(),
+      KMByteBlob.cast(buf).length());
     while (index < MAX_OPS) {
       oprHandleBuf = ((byte[]) ((Object[]) operationStateTable[index])[0]);
       if ((oprHandleBuf[OPERATION_HANDLE_STATUS_OFFSET] == 1) &&
-          (0 == Util.arrayCompare(oprHandleBuf,
-              OPERATION_HANDLE_OFFSET,
-              KMByteBlob.cast(buf).getBuffer(),
-              KMByteBlob.cast(buf).getStartOff(),
-              KMByteBlob.cast(buf).length()))) {
+        (0 == Util.arrayCompare(oprHandleBuf,
+          OPERATION_HANDLE_OFFSET,
+          KMByteBlob.cast(buf).getBuffer(),
+          KMByteBlob.cast(buf).getStartOff(),
+          KMByteBlob.cast(buf).length()))) {
         JCSystem.beginTransaction();
         Util.arrayFillNonAtomic(oprHandleBuf, (short) 0, (short) oprHandleBuf.length, (byte) 0);
         JCSystem.commitTransaction();
@@ -271,7 +279,7 @@ public void releaseAllOperations() {
         ((KMOperation) ops[0]).abort();
         JCSystem.beginTransaction();
         Util.arrayFillNonAtomic((byte[]) slot[0], (short) 0,
-                (short) ((byte[]) slot[0]).length, (byte) 0);
+          (short) ((byte[]) slot[0]).length, (byte) 0);
         Util.arrayFillNonAtomic(oprHandleBuf, (short) 0, (short) oprHandleBuf.length, (byte) 0);
         ops[0] = null;
         JCSystem.commitTransaction();
@@ -327,7 +335,7 @@ public void onSelect() {
   // reclaimMemory function immediately after the use.
   public short allocReclaimableMemory(short length) {
     if ((((short) (reclaimIndex[0] - length)) <= heapIndex[0])
-        || (length >= HEAP_SIZE / 2)) {
+      || (length >= HEAP_SIZE / 2)) {
       ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED);
     }
     reclaimIndex[0] -= length;
@@ -353,7 +361,7 @@ public short allocAvailableMemory() {
 
   public short alloc(short length) {
     if ((((short) (heapIndex[0] + length)) > heap.length) ||
-        (((short) (heapIndex[0] + length)) > reclaimIndex[0])) {
+      (((short) (heapIndex[0] + length)) > reclaimIndex[0])) {
       ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED);
     }
     heapIndex[0] += length;
@@ -381,9 +389,9 @@ private void newDataTable(boolean isUpgrading) {
   public void restoreData(short blob) {
     JCSystem.beginTransaction();
     Util.arrayCopy(
-        KMByteBlob.cast(blob).getBuffer(), KMByteBlob.cast(blob).getStartOff(), dataTable,
-        (short) 0,
-        KMByteBlob.cast(blob).length()
+      KMByteBlob.cast(blob).getBuffer(), KMByteBlob.cast(blob).getStartOff(), dataTable,
+      (short) 0,
+      KMByteBlob.cast(blob).length()
     );
     JCSystem.commitTransaction();
   }
@@ -428,11 +436,11 @@ private short readDataEntry(short id, byte[] buf, short offset) {
     short len = Util.getShort(dataTable, (short) (id + DATA_INDEX_ENTRY_LENGTH));
     if (len != 0) {
       Util.arrayCopyNonAtomic(
-          dataTable,
-          Util.getShort(dataTable, (short) (id + DATA_INDEX_ENTRY_OFFSET)),
-          buf,
-          offset,
-          len);
+        dataTable,
+        Util.getShort(dataTable, (short) (id + DATA_INDEX_ENTRY_OFFSET)),
+        buf,
+        offset,
+        len);
     }
     return len;
   }
@@ -480,7 +488,7 @@ public short getIssuer() {
   public short readData(short id) {
     short blob = KMByteBlob.instance(dataLength(id));
     if (readDataEntry(id, KMByteBlob.cast(blob).getBuffer(), KMByteBlob.cast(blob).getStartOff())
-        == 0) {
+      == 0) {
       return 0;
     }
     return blob;
@@ -505,7 +513,7 @@ public short getOsVersion() {
     short blob = readData(BOOT_OS_VERSION);
     if (blob != 0) {
       return KMInteger.uint_32(
-          KMByteBlob.cast(blob).getBuffer(), KMByteBlob.cast(blob).getStartOff());
+        KMByteBlob.cast(blob).getBuffer(), KMByteBlob.cast(blob).getStartOff());
     } else {
       return KMInteger.uint_32(zero, (short) 0);
     }
@@ -515,7 +523,7 @@ public short getVendorPatchLevel() {
     short blob = readData(VENDOR_PATCH_LEVEL);
     if (blob != 0) {
       return KMInteger.uint_32(
-          KMByteBlob.cast(blob).getBuffer(), KMByteBlob.cast(blob).getStartOff());
+        KMByteBlob.cast(blob).getBuffer(), KMByteBlob.cast(blob).getStartOff());
     } else {
       return KMInteger.uint_32(zero, (short) 0);
     }
@@ -525,7 +533,7 @@ public short getBootPatchLevel() {
     short blob = readData(BOOT_PATCH_LEVEL);
     if (blob != 0) {
       return KMInteger.uint_32(
-          KMByteBlob.cast(blob).getBuffer(), KMByteBlob.cast(blob).getStartOff());
+        KMByteBlob.cast(blob).getBuffer(), KMByteBlob.cast(blob).getStartOff());
     } else {
       return KMInteger.uint_32(zero, (short) 0);
     }
@@ -535,7 +543,7 @@ public short getOsPatch() {
     short blob = readData(BOOT_OS_PATCH);
     if (blob != 0) {
       return KMInteger.uint_32(
-          KMByteBlob.cast(blob).getBuffer(), KMByteBlob.cast(blob).getStartOff());
+        KMByteBlob.cast(blob).getBuffer(), KMByteBlob.cast(blob).getStartOff());
     } else {
       return KMInteger.uint_32(zero, (short) 0);
     }
@@ -563,19 +571,19 @@ public short readROT() {
 
     short blob = KMByteBlob.instance(totalLength);
     length = readDataEntry(BOOT_VERIFIED_BOOT_KEY, KMByteBlob.cast(blob)
-        .getBuffer(), KMByteBlob.cast(blob).getStartOff());
+      .getBuffer(), KMByteBlob.cast(blob).getStartOff());
 
     length += readDataEntry(BOOT_VERIFIED_BOOT_HASH, KMByteBlob.cast(blob)
-            .getBuffer(),
-        (short) (KMByteBlob.cast(blob).getStartOff() + length));
+        .getBuffer(),
+      (short) (KMByteBlob.cast(blob).getStartOff() + length));
 
     length += readDataEntry(BOOT_VERIFIED_BOOT_STATE, KMByteBlob.cast(blob)
-            .getBuffer(),
-        (short) (KMByteBlob.cast(blob).getStartOff() + length));
+        .getBuffer(),
+      (short) (KMByteBlob.cast(blob).getStartOff() + length));
 
     readDataEntry(BOOT_DEVICE_LOCKED_STATUS, KMByteBlob.cast(blob)
-            .getBuffer(),
-        (short) (KMByteBlob.cast(blob).getStartOff() + length));
+        .getBuffer(),
+      (short) (KMByteBlob.cast(blob).getStartOff() + length));
     return blob;
   }
 
@@ -611,7 +619,7 @@ public short getDeviceTimeStamp() {
     short blob = readData(DEVICE_LOCKED_TIME);
     if (blob != 0) {
       return KMInteger.uint_64(KMByteBlob.cast(blob).getBuffer(),
-          KMByteBlob.cast(blob).getStartOff());
+        KMByteBlob.cast(blob).getStartOff());
     } else {
       return KMInteger.uint_64(zero, (short) 0);
     }

From 07795420550ac458a5c3bce80b176106801c7ce2 Mon Sep 17 00:00:00 2001
From: BKSSM Venkateswarlu 
Date: Mon, 12 Apr 2021 11:16:54 +0100
Subject: [PATCH 119/169] Removed begin/commit transaction from not required
 places

---
 Applet/src/com/android/javacard/keymaster/KMRepository.java | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/Applet/src/com/android/javacard/keymaster/KMRepository.java b/Applet/src/com/android/javacard/keymaster/KMRepository.java
index 90350ab1..8dab3df2 100644
--- a/Applet/src/com/android/javacard/keymaster/KMRepository.java
+++ b/Applet/src/com/android/javacard/keymaster/KMRepository.java
@@ -258,9 +258,7 @@ public void releaseOperation(KMOperationState op) {
           KMByteBlob.cast(buf).getBuffer(),
           KMByteBlob.cast(buf).getStartOff(),
           KMByteBlob.cast(buf).length()))) {
-        JCSystem.beginTransaction();
         Util.arrayFillNonAtomic(oprHandleBuf, (short) 0, (short) oprHandleBuf.length, (byte) 0);
-        JCSystem.commitTransaction();
         op.release();
         break;
       }
@@ -277,12 +275,10 @@ public void releaseAllOperations() {
         Object[] slot = (Object[]) ((Object[]) operationStateTable[index])[1];
         Object[] ops = ((Object[]) slot[1]);
         ((KMOperation) ops[0]).abort();
-        JCSystem.beginTransaction();
         Util.arrayFillNonAtomic((byte[]) slot[0], (short) 0,
           (short) ((byte[]) slot[0]).length, (byte) 0);
         Util.arrayFillNonAtomic(oprHandleBuf, (short) 0, (short) oprHandleBuf.length, (byte) 0);
         ops[0] = null;
-        JCSystem.commitTransaction();
       }
       index++;
     }

From db03f57367ccdabecb0f7e3e8cffd9941f3bd9f6 Mon Sep 17 00:00:00 2001
From: BKSSM Venkateswarlu 
Date: Mon, 12 Apr 2021 11:32:28 +0100
Subject: [PATCH 120/169] Lock provision should not depend on setBoot
 parameters

---
 .../com/android/javacard/keymaster/KMKeymasterApplet.java  | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
index 6db348b3..fb1f3947 100644
--- a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
+++ b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
@@ -500,10 +500,9 @@ private void generateUniqueOperationHandle(byte[] buf, short offset, short len)
 
   private boolean isProvisioningComplete() {
     if ((0 != (provisionStatus & PROVISION_STATUS_ATTESTATION_KEY))
-        && (0 != (provisionStatus & PROVISION_STATUS_ATTESTATION_CERT_CHAIN))
-        && (0 != (provisionStatus & PROVISION_STATUS_ATTESTATION_CERT_PARAMS))
-        && (0 != (provisionStatus & PROVISION_STATUS_PRESHARED_SECRET))
-        && (0 != (provisionStatus & PROVISION_STATUS_BOOT_PARAM))) {
+      && (0 != (provisionStatus & PROVISION_STATUS_ATTESTATION_CERT_CHAIN))
+      && (0 != (provisionStatus & PROVISION_STATUS_ATTESTATION_CERT_PARAMS))
+      && (0 != (provisionStatus & PROVISION_STATUS_PRESHARED_SECRET))) {
       return true;
     } else {
       return false;

From 4e2b3662c3cf66930fe4a405ac645d6cc66d9cc0 Mon Sep 17 00:00:00 2001
From: BKSSM Venkateswarlu 
Date: Tue, 13 Apr 2021 19:51:57 +0100
Subject: [PATCH 121/169] Reverted operationStateTable NVM changes

---
 .../javacard/keymaster/KMKeymasterApplet.java |   7 +-
 .../javacard/keymaster/KMRepository.java      | 150 +++++++++---------
 2 files changed, 77 insertions(+), 80 deletions(-)

diff --git a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
index fb1f3947..6db348b3 100644
--- a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
+++ b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
@@ -500,9 +500,10 @@ private void generateUniqueOperationHandle(byte[] buf, short offset, short len)
 
   private boolean isProvisioningComplete() {
     if ((0 != (provisionStatus & PROVISION_STATUS_ATTESTATION_KEY))
-      && (0 != (provisionStatus & PROVISION_STATUS_ATTESTATION_CERT_CHAIN))
-      && (0 != (provisionStatus & PROVISION_STATUS_ATTESTATION_CERT_PARAMS))
-      && (0 != (provisionStatus & PROVISION_STATUS_PRESHARED_SECRET))) {
+        && (0 != (provisionStatus & PROVISION_STATUS_ATTESTATION_CERT_CHAIN))
+        && (0 != (provisionStatus & PROVISION_STATUS_ATTESTATION_CERT_PARAMS))
+        && (0 != (provisionStatus & PROVISION_STATUS_PRESHARED_SECRET))
+        && (0 != (provisionStatus & PROVISION_STATUS_BOOT_PARAM))) {
       return true;
     } else {
       return false;
diff --git a/Applet/src/com/android/javacard/keymaster/KMRepository.java b/Applet/src/com/android/javacard/keymaster/KMRepository.java
index 8dab3df2..07caec72 100644
--- a/Applet/src/com/android/javacard/keymaster/KMRepository.java
+++ b/Applet/src/com/android/javacard/keymaster/KMRepository.java
@@ -41,7 +41,7 @@ public class KMRepository implements KMUpgradable {
   private static final short OPERATION_HANDLE_STATUS_SIZE = 1;
   private static final short OPERATION_HANDLE_OFFSET = 1;
   private static final short OPERATION_HANDLE_ENTRY_SIZE =
-    OPERATION_HANDLE_SIZE + OPERATION_HANDLE_STATUS_SIZE;
+      OPERATION_HANDLE_SIZE + OPERATION_HANDLE_STATUS_SIZE;
 
   // Data table offsets
   public static final byte COMPUTED_HMAC_KEY = 8;
@@ -105,27 +105,15 @@ public KMRepository(boolean isUpgrading) {
     heapIndex[0] = (short) 0;
     reclaimIndex[0] = HEAP_SIZE;
     newDataTable(isUpgrading);
-    operationStateTable = JCSystem.makeTransientObjectArray(MAX_OPS, JCSystem.CLEAR_ON_RESET);
+    operationStateTable = new Object[MAX_OPS];
     // create and initialize operation state table.
     //First byte in the operation handle buffer denotes whether the operation is
     //reserved or unreserved.
     byte index = 0;
-    Object[] operationStateObj;
-    Object[] tempObj1;
-    Object[] tempObj2;
-
     while (index < MAX_OPS) {
-      operationStateObj = JCSystem.makeTransientObjectArray((short) 2, JCSystem.CLEAR_ON_RESET);
-      operationStateObj[0] = JCSystem.makeTransientByteArray(OPERATION_HANDLE_ENTRY_SIZE, JCSystem.CLEAR_ON_RESET);
-
-      tempObj1 = JCSystem.makeTransientObjectArray((short) 2, JCSystem.CLEAR_ON_RESET);
-      tempObj1[0] = JCSystem.makeTransientByteArray(KMOperationState.MAX_DATA, JCSystem.CLEAR_ON_RESET);
-
-      tempObj2 = JCSystem.makeTransientObjectArray(KMOperationState.MAX_REFS, JCSystem.CLEAR_ON_RESET);
-      tempObj1[1] = tempObj2;
-
-      operationStateObj[1] = tempObj1;
-      operationStateTable[index] = operationStateObj;
+      operationStateTable[index] = new Object[]{new byte[OPERATION_HANDLE_ENTRY_SIZE],
+          new Object[]{new byte[KMOperationState.MAX_DATA],
+              new Object[KMOperationState.MAX_REFS]}};
       index++;
     }
     //Initialize the device locked status
@@ -150,8 +138,8 @@ public KMOperationState findOperation(byte[] buf, short off, short len) {
       opId = ((byte[]) ((Object[]) operationStateTable[index])[0]);
       if (0 == Util.arrayCompare(buf, off, opId, OPERATION_HANDLE_OFFSET, len)) {
         return KMOperationState
-          .read(opId, OPERATION_HANDLE_OFFSET,
-            (Object[]) ((Object[]) operationStateTable[index])[1]);
+            .read(opId, OPERATION_HANDLE_OFFSET,
+                (Object[]) ((Object[]) operationStateTable[index])[1]);
       }
       index++;
     }
@@ -163,14 +151,14 @@ public KMOperationState findOperation(byte[] buf, short off, short len) {
   public KMOperationState findOperation(short operationHandle) {
     short buf = KMByteBlob.instance(OPERATION_HANDLE_SIZE);
     getOperationHandle(
-      operationHandle,
-      KMByteBlob.cast(buf).getBuffer(),
-      KMByteBlob.cast(buf).getStartOff(),
-      KMByteBlob.cast(buf).length());
+        operationHandle,
+        KMByteBlob.cast(buf).getBuffer(),
+        KMByteBlob.cast(buf).getStartOff(),
+        KMByteBlob.cast(buf).length());
     return findOperation(
-      KMByteBlob.cast(buf).getBuffer(),
-      KMByteBlob.cast(buf).getStartOff(),
-      KMByteBlob.cast(buf).length());
+        KMByteBlob.cast(buf).getBuffer(),
+        KMByteBlob.cast(buf).getStartOff(),
+        KMByteBlob.cast(buf).length());
   }
 
   /* opHandle is a KMInteger */
@@ -182,7 +170,7 @@ public KMOperationState reserveOperation(short opHandle) {
       /* Check for unreserved operation state */
       if (opId[OPERATION_HANDLE_STATUS_OFFSET] == 0) {
         return KMOperationState
-          .instance(opHandle, (Object[]) ((Object[]) operationStateTable[index])[1]);
+            .instance(opHandle, (Object[]) ((Object[]) operationStateTable[index])[1]);
       }
       index++;
     }
@@ -194,25 +182,27 @@ public void persistOperation(byte[] data, short opHandle, KMOperation op) {
     byte[] opId;
     short buf = KMByteBlob.instance(OPERATION_HANDLE_SIZE);
     getOperationHandle(
-      opHandle,
-      KMByteBlob.cast(buf).getBuffer(),
-      KMByteBlob.cast(buf).getStartOff(),
-      KMByteBlob.cast(buf).length());
+        opHandle,
+        KMByteBlob.cast(buf).getBuffer(),
+        KMByteBlob.cast(buf).getStartOff(),
+        KMByteBlob.cast(buf).length());
     //Update an existing operation state.
     while (index < MAX_OPS) {
       opId = (byte[]) ((Object[]) operationStateTable[index])[0];
       if ((1 == opId[OPERATION_HANDLE_STATUS_OFFSET])
-        && (0 == Util.arrayCompare(
-        opId,
-        OPERATION_HANDLE_OFFSET,
-        KMByteBlob.cast(buf).getBuffer(),
-        KMByteBlob.cast(buf).getStartOff(),
-        KMByteBlob.cast(buf).length()))) {
+          && (0 == Util.arrayCompare(
+          opId,
+          OPERATION_HANDLE_OFFSET,
+          KMByteBlob.cast(buf).getBuffer(),
+          KMByteBlob.cast(buf).getStartOff(),
+          KMByteBlob.cast(buf).length()))) {
         Object[] slot = (Object[]) ((Object[]) operationStateTable[index])[1];
+        JCSystem.beginTransaction();
         Util.arrayCopy(data, (short) 0, (byte[]) slot[0], (short) 0,
-          (short) ((byte[]) slot[0]).length);
+            (short) ((byte[]) slot[0]).length);
         Object[] ops = ((Object[]) slot[1]);
         ops[0] = op;
+        JCSystem.commitTransaction();
         return;
       }
       index++;
@@ -224,17 +214,19 @@ public void persistOperation(byte[] data, short opHandle, KMOperation op) {
       opId = (byte[]) ((Object[]) operationStateTable[index])[0];
       if (0 == opId[OPERATION_HANDLE_STATUS_OFFSET]) {
         Object[] slot = (Object[]) ((Object[]) operationStateTable[index])[1];
+        JCSystem.beginTransaction();
         opId[OPERATION_HANDLE_STATUS_OFFSET] = 1;/*reserved */
         Util.arrayCopy(
-          KMByteBlob.cast(buf).getBuffer(),
-          KMByteBlob.cast(buf).getStartOff(),
-          opId,
-          OPERATION_HANDLE_OFFSET,
-          OPERATION_HANDLE_SIZE);
+            KMByteBlob.cast(buf).getBuffer(),
+            KMByteBlob.cast(buf).getStartOff(),
+            opId,
+            OPERATION_HANDLE_OFFSET,
+            OPERATION_HANDLE_SIZE);
         Util.arrayCopy(data, (short) 0, (byte[]) slot[0], (short) 0,
-          (short) ((byte[]) slot[0]).length);
+            (short) ((byte[]) slot[0]).length);
         Object[] ops = ((Object[]) slot[1]);
         ops[0] = op;
+        JCSystem.commitTransaction();
         break;
       }
       index++;
@@ -246,19 +238,21 @@ public void releaseOperation(KMOperationState op) {
     byte[] oprHandleBuf;
     short buf = KMByteBlob.instance(OPERATION_HANDLE_SIZE);
     getOperationHandle(
-      op.getHandle(),
-      KMByteBlob.cast(buf).getBuffer(),
-      KMByteBlob.cast(buf).getStartOff(),
-      KMByteBlob.cast(buf).length());
+        op.getHandle(),
+        KMByteBlob.cast(buf).getBuffer(),
+        KMByteBlob.cast(buf).getStartOff(),
+        KMByteBlob.cast(buf).length());
     while (index < MAX_OPS) {
       oprHandleBuf = ((byte[]) ((Object[]) operationStateTable[index])[0]);
       if ((oprHandleBuf[OPERATION_HANDLE_STATUS_OFFSET] == 1) &&
-        (0 == Util.arrayCompare(oprHandleBuf,
-          OPERATION_HANDLE_OFFSET,
-          KMByteBlob.cast(buf).getBuffer(),
-          KMByteBlob.cast(buf).getStartOff(),
-          KMByteBlob.cast(buf).length()))) {
+          (0 == Util.arrayCompare(oprHandleBuf,
+              OPERATION_HANDLE_OFFSET,
+              KMByteBlob.cast(buf).getBuffer(),
+              KMByteBlob.cast(buf).getStartOff(),
+              KMByteBlob.cast(buf).length()))) {
+        JCSystem.beginTransaction();
         Util.arrayFillNonAtomic(oprHandleBuf, (short) 0, (short) oprHandleBuf.length, (byte) 0);
+        JCSystem.commitTransaction();
         op.release();
         break;
       }
@@ -275,10 +269,12 @@ public void releaseAllOperations() {
         Object[] slot = (Object[]) ((Object[]) operationStateTable[index])[1];
         Object[] ops = ((Object[]) slot[1]);
         ((KMOperation) ops[0]).abort();
+        JCSystem.beginTransaction();
         Util.arrayFillNonAtomic((byte[]) slot[0], (short) 0,
-          (short) ((byte[]) slot[0]).length, (byte) 0);
+                (short) ((byte[]) slot[0]).length, (byte) 0);
         Util.arrayFillNonAtomic(oprHandleBuf, (short) 0, (short) oprHandleBuf.length, (byte) 0);
         ops[0] = null;
+        JCSystem.commitTransaction();
       }
       index++;
     }
@@ -331,7 +327,7 @@ public void onSelect() {
   // reclaimMemory function immediately after the use.
   public short allocReclaimableMemory(short length) {
     if ((((short) (reclaimIndex[0] - length)) <= heapIndex[0])
-      || (length >= HEAP_SIZE / 2)) {
+        || (length >= HEAP_SIZE / 2)) {
       ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED);
     }
     reclaimIndex[0] -= length;
@@ -357,7 +353,7 @@ public short allocAvailableMemory() {
 
   public short alloc(short length) {
     if ((((short) (heapIndex[0] + length)) > heap.length) ||
-      (((short) (heapIndex[0] + length)) > reclaimIndex[0])) {
+        (((short) (heapIndex[0] + length)) > reclaimIndex[0])) {
       ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED);
     }
     heapIndex[0] += length;
@@ -385,9 +381,9 @@ private void newDataTable(boolean isUpgrading) {
   public void restoreData(short blob) {
     JCSystem.beginTransaction();
     Util.arrayCopy(
-      KMByteBlob.cast(blob).getBuffer(), KMByteBlob.cast(blob).getStartOff(), dataTable,
-      (short) 0,
-      KMByteBlob.cast(blob).length()
+        KMByteBlob.cast(blob).getBuffer(), KMByteBlob.cast(blob).getStartOff(), dataTable,
+        (short) 0,
+        KMByteBlob.cast(blob).length()
     );
     JCSystem.commitTransaction();
   }
@@ -432,11 +428,11 @@ private short readDataEntry(short id, byte[] buf, short offset) {
     short len = Util.getShort(dataTable, (short) (id + DATA_INDEX_ENTRY_LENGTH));
     if (len != 0) {
       Util.arrayCopyNonAtomic(
-        dataTable,
-        Util.getShort(dataTable, (short) (id + DATA_INDEX_ENTRY_OFFSET)),
-        buf,
-        offset,
-        len);
+          dataTable,
+          Util.getShort(dataTable, (short) (id + DATA_INDEX_ENTRY_OFFSET)),
+          buf,
+          offset,
+          len);
     }
     return len;
   }
@@ -484,7 +480,7 @@ public short getIssuer() {
   public short readData(short id) {
     short blob = KMByteBlob.instance(dataLength(id));
     if (readDataEntry(id, KMByteBlob.cast(blob).getBuffer(), KMByteBlob.cast(blob).getStartOff())
-      == 0) {
+        == 0) {
       return 0;
     }
     return blob;
@@ -509,7 +505,7 @@ public short getOsVersion() {
     short blob = readData(BOOT_OS_VERSION);
     if (blob != 0) {
       return KMInteger.uint_32(
-        KMByteBlob.cast(blob).getBuffer(), KMByteBlob.cast(blob).getStartOff());
+          KMByteBlob.cast(blob).getBuffer(), KMByteBlob.cast(blob).getStartOff());
     } else {
       return KMInteger.uint_32(zero, (short) 0);
     }
@@ -519,7 +515,7 @@ public short getVendorPatchLevel() {
     short blob = readData(VENDOR_PATCH_LEVEL);
     if (blob != 0) {
       return KMInteger.uint_32(
-        KMByteBlob.cast(blob).getBuffer(), KMByteBlob.cast(blob).getStartOff());
+          KMByteBlob.cast(blob).getBuffer(), KMByteBlob.cast(blob).getStartOff());
     } else {
       return KMInteger.uint_32(zero, (short) 0);
     }
@@ -529,7 +525,7 @@ public short getBootPatchLevel() {
     short blob = readData(BOOT_PATCH_LEVEL);
     if (blob != 0) {
       return KMInteger.uint_32(
-        KMByteBlob.cast(blob).getBuffer(), KMByteBlob.cast(blob).getStartOff());
+          KMByteBlob.cast(blob).getBuffer(), KMByteBlob.cast(blob).getStartOff());
     } else {
       return KMInteger.uint_32(zero, (short) 0);
     }
@@ -539,7 +535,7 @@ public short getOsPatch() {
     short blob = readData(BOOT_OS_PATCH);
     if (blob != 0) {
       return KMInteger.uint_32(
-        KMByteBlob.cast(blob).getBuffer(), KMByteBlob.cast(blob).getStartOff());
+          KMByteBlob.cast(blob).getBuffer(), KMByteBlob.cast(blob).getStartOff());
     } else {
       return KMInteger.uint_32(zero, (short) 0);
     }
@@ -567,19 +563,19 @@ public short readROT() {
 
     short blob = KMByteBlob.instance(totalLength);
     length = readDataEntry(BOOT_VERIFIED_BOOT_KEY, KMByteBlob.cast(blob)
-      .getBuffer(), KMByteBlob.cast(blob).getStartOff());
+        .getBuffer(), KMByteBlob.cast(blob).getStartOff());
 
     length += readDataEntry(BOOT_VERIFIED_BOOT_HASH, KMByteBlob.cast(blob)
-        .getBuffer(),
-      (short) (KMByteBlob.cast(blob).getStartOff() + length));
+            .getBuffer(),
+        (short) (KMByteBlob.cast(blob).getStartOff() + length));
 
     length += readDataEntry(BOOT_VERIFIED_BOOT_STATE, KMByteBlob.cast(blob)
-        .getBuffer(),
-      (short) (KMByteBlob.cast(blob).getStartOff() + length));
+            .getBuffer(),
+        (short) (KMByteBlob.cast(blob).getStartOff() + length));
 
     readDataEntry(BOOT_DEVICE_LOCKED_STATUS, KMByteBlob.cast(blob)
-        .getBuffer(),
-      (short) (KMByteBlob.cast(blob).getStartOff() + length));
+            .getBuffer(),
+        (short) (KMByteBlob.cast(blob).getStartOff() + length));
     return blob;
   }
 
@@ -615,7 +611,7 @@ public short getDeviceTimeStamp() {
     short blob = readData(DEVICE_LOCKED_TIME);
     if (blob != 0) {
       return KMInteger.uint_64(KMByteBlob.cast(blob).getBuffer(),
-        KMByteBlob.cast(blob).getStartOff());
+          KMByteBlob.cast(blob).getStartOff());
     } else {
       return KMInteger.uint_64(zero, (short) 0);
     }

From e27fd89d13fe2a81c080bbaac5fd4aaa1750f830 Mon Sep 17 00:00:00 2001
From: bvenkateswarlu 
Date: Tue, 13 Apr 2021 21:48:09 +0100
Subject: [PATCH 122/169] Removed set boot params from lock provision

---
 .../src/com/android/javacard/keymaster/KMKeymasterApplet.java  | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
index 8f40f775..03ad874f 100644
--- a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
+++ b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
@@ -493,8 +493,7 @@ private boolean isProvisioningComplete() {
     if ((0 != (provisionStatus & PROVISION_STATUS_ATTESTATION_KEY))
         && (0 != (provisionStatus & PROVISION_STATUS_ATTESTATION_CERT_CHAIN))
         && (0 != (provisionStatus & PROVISION_STATUS_ATTESTATION_CERT_PARAMS))
-        && (0 != (provisionStatus & PROVISION_STATUS_PRESHARED_SECRET))
-        && (0 != (provisionStatus & PROVISION_STATUS_BOOT_PARAM))) {
+        && (0 != (provisionStatus & PROVISION_STATUS_PRESHARED_SECRET))) {
       return true;
     } else {
       return false;

From 8efa44fb5b06561412b7013f08df430513ed3c14 Mon Sep 17 00:00:00 2001
From: BKSSM Venkateswarlu 
Date: Tue, 13 Apr 2021 22:59:53 +0100
Subject: [PATCH 123/169] Fix for the issue instance gets cleared when device
 resets

---
 .../javacard/keymaster/KMOperationImpl.java   | 51 ++++++++++---------
 1 file changed, 26 insertions(+), 25 deletions(-)

diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMOperationImpl.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMOperationImpl.java
index 2a20541c..0a2b5943 100644
--- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMOperationImpl.java
+++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMOperationImpl.java
@@ -23,6 +23,8 @@
 
 public class KMOperationImpl implements KMOperation {
 
+  private Cipher cipher;
+  private Signature signature;
   private static final short CIPHER_ALG_OFFSET = 0x00;
   private static final short PADDING_OFFSET = 0x01;
   private static final short OPER_MODE_OFFSET = 0x02;
@@ -32,12 +34,9 @@ public class KMOperationImpl implements KMOperation {
   //Java Card after the GCM update operation.
   private static final short AES_GCM_UPDATE_LEN_OFFSET = 0x05;
   private short[] parameters;
-  // Either one of Cipher/Signature instance is stored.
-  private Object[] operationInst;
 
   public KMOperationImpl() {
     parameters = JCSystem.makeTransientShortArray((short) 6, JCSystem.CLEAR_ON_RESET);
-    operationInst = JCSystem.makeTransientObjectArray((short) 1, JCSystem.CLEAR_ON_RESET);
   }
 
   public short getMode() {
@@ -81,15 +80,19 @@ public void setCipherAlgorithm(short cipherAlg) {
   }
 
   public void setCipher(Cipher cipher) {
-    operationInst[0] = cipher;
+    JCSystem.beginTransaction();
+    this.cipher = cipher;
+    JCSystem.commitTransaction();
   }
 
   public void setSignature(Signature signer) {
-    operationInst[0] = signer;
+    JCSystem.beginTransaction();
+    this.signature = signer;
+    JCSystem.commitTransaction();
   }
 
   private void resetCipher() {
-    operationInst[0] = null;
+    setCipher(null);
     parameters[MAC_LENGTH_OFFSET] = 0;
     parameters[AES_GCM_UPDATE_LEN_OFFSET] = 0;
     parameters[BLOCK_MODE_OFFSET] = 0;
@@ -101,7 +104,7 @@ private void resetCipher() {
   @Override
   public short update(byte[] inputDataBuf, short inputDataStart,
                       short inputDataLength, byte[] outputDataBuf, short outputDataStart) {
-    short len = ((Cipher) operationInst[0]).update(inputDataBuf, inputDataStart, inputDataLength,
+    short len = cipher.update(inputDataBuf, inputDataStart, inputDataLength,
       outputDataBuf, outputDataStart);
     if (parameters[CIPHER_ALG_OFFSET] == KMType.AES && parameters[BLOCK_MODE_OFFSET] == KMType.GCM) {
       // Every time Block size data is stored as intermediate result.
@@ -113,7 +116,7 @@ public short update(byte[] inputDataBuf, short inputDataStart,
   @Override
   public short update(byte[] inputDataBuf, short inputDataStart,
                       short inputDataLength) {
-    ((Signature) operationInst[0]).update(inputDataBuf, inputDataStart, inputDataLength);
+    signature.update(inputDataBuf, inputDataStart, inputDataLength);
     return 0;
   }
 
@@ -121,7 +124,6 @@ public short update(byte[] inputDataBuf, short inputDataStart,
   public short finish(byte[] inputDataBuf, short inputDataStart,
                       short inputDataLen, byte[] outputDataBuf, short outputDataStart) {
     byte[] tmpArray = KMAndroidSEProvider.getInstance().tmpArray;
-    Cipher cipher = (Cipher) operationInst[0];
     short cipherAlg = parameters[CIPHER_ALG_OFFSET];
     short blockMode = parameters[BLOCK_MODE_OFFSET];
     short mode = parameters[OPER_MODE_OFFSET];
@@ -207,11 +209,11 @@ public short sign(byte[] inputDataBuf, short inputDataStart,
                     short inputDataLength, byte[] signBuf, short signStart) {
     short len = 0;
     try {
-      len = ((Signature) operationInst[0]).sign(inputDataBuf, inputDataStart, inputDataLength,
+      len = signature.sign(inputDataBuf, inputDataStart, inputDataLength,
         signBuf, signStart);
     } finally {
-      KMAndroidSEProvider.getInstance().releaseSignatureInstance((Signature) operationInst[0]);
-      operationInst[0] = null;
+      KMAndroidSEProvider.getInstance().releaseSignatureInstance(signature);
+      setSigner(null);
     }
     return len;
   }
@@ -221,33 +223,32 @@ public boolean verify(byte[] inputDataBuf, short inputDataStart,
                         short inputDataLength, byte[] signBuf, short signStart, short signLength) {
     boolean ret = false;
     try {
-      ret = ((Signature) operationInst[0]).verify(inputDataBuf, inputDataStart, inputDataLength,
+      ret = signature.verify(inputDataBuf, inputDataStart, inputDataLength,
         signBuf, signStart, signLength);
     } finally {
-      KMAndroidSEProvider.getInstance().releaseSignatureInstance((Signature) operationInst[0]);
-      operationInst[0] = null;
+      KMAndroidSEProvider.getInstance().releaseSignatureInstance(signature);
+      setSigner(null);
     }
     return ret;
   }
 
   @Override
   public void abort() {
-    if (operationInst[0] != null) {
-      if (parameters[OPER_MODE_OFFSET] == KMType.ENCRYPT ||
-        parameters[OPER_MODE_OFFSET] == KMType.DECRYPT) {
-        KMAndroidSEProvider.getInstance().releaseCipherInstance((Cipher) operationInst[0]);
-        resetCipher();
-      } else {
-        KMAndroidSEProvider.getInstance().releaseSignatureInstance((Signature) operationInst[0]);
-      }
-      operationInst[0] = null;
+    // do nothing
+    if (cipher != null) {
+      KMAndroidSEProvider.getInstance().releaseCipherInstance(cipher);
+      resetCipher();
+    }
+    if (signature != null) {
+      KMAndroidSEProvider.getInstance().releaseSignatureInstance(signature);
+      setSigner(null);
     }
     KMAndroidSEProvider.getInstance().releaseOperationInstance(this);
   }
 
   @Override
   public void updateAAD(byte[] dataBuf, short dataStart, short dataLength) {
-    ((AEADCipher) operationInst[0]).updateAAD(dataBuf, dataStart, dataLength);
+    ((AEADCipher) cipher).updateAAD(dataBuf, dataStart, dataLength);
   }
 
   @Override

From ffc0aa902b84bfecec60fdfc4680764369133490 Mon Sep 17 00:00:00 2001
From: bvenkatswarlu 
Date: Wed, 14 Apr 2021 20:05:22 +0530
Subject: [PATCH 124/169] Fixed compilation error

---
 .../src/com/android/javacard/keymaster/KMOperationImpl.java | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMOperationImpl.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMOperationImpl.java
index 0a2b5943..3d06cd99 100644
--- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMOperationImpl.java
+++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMOperationImpl.java
@@ -213,7 +213,7 @@ public short sign(byte[] inputDataBuf, short inputDataStart,
         signBuf, signStart);
     } finally {
       KMAndroidSEProvider.getInstance().releaseSignatureInstance(signature);
-      setSigner(null);
+      setSignature(null);
     }
     return len;
   }
@@ -227,7 +227,7 @@ public boolean verify(byte[] inputDataBuf, short inputDataStart,
         signBuf, signStart, signLength);
     } finally {
       KMAndroidSEProvider.getInstance().releaseSignatureInstance(signature);
-      setSigner(null);
+      setSignature(null);
     }
     return ret;
   }
@@ -241,7 +241,7 @@ public void abort() {
     }
     if (signature != null) {
       KMAndroidSEProvider.getInstance().releaseSignatureInstance(signature);
-      setSigner(null);
+      setSignature(null);
     }
     KMAndroidSEProvider.getInstance().releaseOperationInstance(this);
   }

From 7b9eee4f9733922b198d0307f9f5070e0fab274e Mon Sep 17 00:00:00 2001
From: BKSSMVenkateswarlu
 <40534495+BKSSMVenkateswarlu@users.noreply.github.com>
Date: Wed, 14 Apr 2021 18:09:31 +0100
Subject: [PATCH 125/169] Update KMOperationImpl.java

Removed comment.
---
 .../src/com/android/javacard/keymaster/KMOperationImpl.java      | 1 -
 1 file changed, 1 deletion(-)

diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMOperationImpl.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMOperationImpl.java
index 3d06cd99..32741eed 100644
--- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMOperationImpl.java
+++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMOperationImpl.java
@@ -234,7 +234,6 @@ public boolean verify(byte[] inputDataBuf, short inputDataStart,
 
   @Override
   public void abort() {
-    // do nothing
     if (cipher != null) {
       KMAndroidSEProvider.getInstance().releaseCipherInstance(cipher);
       resetCipher();

From d8d2a776b7851c38db2a7e6cb4727d7a1c34ab30 Mon Sep 17 00:00:00 2001
From: bvenkateswarlu 
Date: Fri, 16 Apr 2021 19:48:16 +0100
Subject: [PATCH 126/169] Move operationtable to RAM and notifiy back to HAL
 about se reset

---
 .../android/javacard/keymaster/KMEncoder.java |  17 +--
 .../javacard/keymaster/KMKeymasterApplet.java | 101 +++++++++++-------
 .../javacard/keymaster/KMOperationState.java  |  39 +++----
 3 files changed, 84 insertions(+), 73 deletions(-)

diff --git a/Applet/src/com/android/javacard/keymaster/KMEncoder.java b/Applet/src/com/android/javacard/keymaster/KMEncoder.java
index 47e6d305..0dc31b56 100644
--- a/Applet/src/com/android/javacard/keymaster/KMEncoder.java
+++ b/Applet/src/com/android/javacard/keymaster/KMEncoder.java
@@ -90,24 +90,27 @@ public short encode(short object, byte[] buffer, short startOff) {
   }
 
   // array{KMError.OK,Array{KMByteBlobs}}
-  public void encodeCertChain(byte[] buffer, short offset, short length) {
+  public void encodeCertChain(byte[] buffer, short offset, short length, short errInt32Ptr) {
     bufferRef[0] = buffer;
     scratchBuf[START_OFFSET] = offset;
-    scratchBuf[LEN_OFFSET] = (short) (offset + 3);
+    scratchBuf[LEN_OFFSET] += (offset + 1);
+    //Total length is ArrayHeader + UIntHeader + length(errInt32Ptr)
+    scratchBuf[LEN_OFFSET] += (short) (2 + KMInteger.cast(errInt32Ptr).length());
 
     writeMajorTypeWithLength(ARRAY_TYPE, (short) 2); // Array of 2 elements
-    writeByte(UINT_TYPE); // Error.OK
+    encodeInteger(errInt32Ptr);
   }
 
   //array{KMError.OK,Array{KMByteBlobs}}
-  public short encodeCert(byte[] certBuffer, short bufferStart, short certStart, short certLength) {
+  public short encodeCert(byte[] certBuffer, short bufferStart, short certStart, short certLength, short errInt32Ptr) {
     bufferRef[0] = certBuffer;
     scratchBuf[START_OFFSET] = certStart;
     scratchBuf[LEN_OFFSET] = (short) (certStart + 1);
     //Array header - 2 elements i.e. 1 byte
     scratchBuf[START_OFFSET]--;
-    // Error.Ok - 1 byte
-    scratchBuf[START_OFFSET]--;
+    // errInt32Ptr - CanaryBit + ErrorCode - 4 bytes
+    // Integer header - 1 byte
+    scratchBuf[START_OFFSET] -= (KMInteger.cast(errInt32Ptr).length() + 1);
     //Array header - 2 elements i.e. 1 byte
     scratchBuf[START_OFFSET]--;
     // Cert Byte blob - typically 2 bytes length i.e. 3 bytes header
@@ -120,7 +123,7 @@ public short encodeCert(byte[] certBuffer, short bufferStart, short certStart, s
       ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
     }
     writeMajorTypeWithLength(ARRAY_TYPE, (short) 2); // Array of 2 elements
-    writeByte(UINT_TYPE); // Error.OK
+    encodeInteger(errInt32Ptr); //CanaryBit + ErrorCode
     writeMajorTypeWithLength(ARRAY_TYPE, (short) 1); // Array of 1 element
     writeMajorTypeWithLength(BYTES_TYPE, certLength); // Cert Byte Blob of length
     return bufferStart;
diff --git a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
index b1a78178..459a678a 100644
--- a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
+++ b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
@@ -41,6 +41,7 @@ public class KMKeymasterApplet extends Applet implements AppletEvent, ExtendedLe
   private static final short KM_HAL_VERSION = (short) 0x4000;
   private static final short MAX_AUTH_DATA_SIZE = (short) 512;
   private static final short DERIVE_KEY_INPUT_SIZE = (short) 256;
+  private static final short CANARY_BIT_FLAG = (short) 0x40;
 
   // "Keymaster HMAC Verification" - used for HMAC key verification.
   public static final byte[] sharingCheck = {
@@ -214,6 +215,7 @@ private void initializeTransientArrays() {
     bufferProp[BUF_START_OFFSET] = 0;
     bufferProp[BUF_LEN_OFFSET] = 0;
   }
+
   /**
    * Selects this applet.
    *
@@ -644,17 +646,20 @@ private void processAddRngEntropyCmd(APDU apdu) {
   private void processGetCertChainCmd(APDU apdu) {
     // Make the response
     tmpVariables[0] = seProvider.getCertificateChainLength();
-    // Add arrayHeader and KMError.OK
-    tmpVariables[0] += 2;
+    short int32Ptr = getErrorStatusWithCanaryBitSet(KMError.OK);
+    //Total Extra length
+    // Add arrayHeader and (CanaryBitSet + KMError.OK)
+    tmpVariables[2] = (short) (2 + KMInteger.cast(int32Ptr).length());
+    tmpVariables[0] += tmpVariables[2];
     tmpVariables[1] = KMByteBlob.instance(tmpVariables[0]);
     bufferRef[0] = KMByteBlob.cast(tmpVariables[1]).getBuffer();
     bufferProp[BUF_START_OFFSET] = KMByteBlob.cast(tmpVariables[1]).getStartOff();
     bufferProp[BUF_LEN_OFFSET] = KMByteBlob.cast(tmpVariables[1]).length();
     // read the cert chain from non-volatile memory. Cert chain is already in
     // CBOR format.
-    seProvider.readCertificateChain((byte[]) bufferRef[0], (short) (bufferProp[BUF_START_OFFSET] + 2));
+    seProvider.readCertificateChain((byte[]) bufferRef[0], (short) (bufferProp[BUF_START_OFFSET] + tmpVariables[2]));
     // Encode cert chain.
-    encoder.encodeCertChain((byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET], bufferProp[BUF_LEN_OFFSET]);
+    encoder.encodeCertChain((byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET], bufferProp[BUF_LEN_OFFSET], int32Ptr);
     sendOutgoing(apdu);
   }
 
@@ -837,7 +842,7 @@ private void processProvisionSharedSecretCmd(APDU apdu) {
 
   private void processGetProvisionStatusCmd(APDU apdu) {
     tmpVariables[0] = KMArray.instance((short) 2);
-    KMArray.cast(tmpVariables[0]).add((short) 0, KMInteger.uint_16(KMError.OK));
+    KMArray.cast(tmpVariables[0]).add((short) 0, getErrorStatusWithCanaryBitSet(KMError.OK));
     KMArray.cast(tmpVariables[0]).add((short) 1, KMInteger.uint_16(provisionStatus));
 
     bufferProp[BUF_START_OFFSET] = repository.allocAvailableMemory();
@@ -912,7 +917,7 @@ private void processGetKeyCharacteristicsCmd(APDU apdu) {
     checkVersionAndPatchLevel(scratchPad);
     // make response.
     tmpVariables[0] = KMArray.instance((short) 2);
-    KMArray.cast(tmpVariables[0]).add((short) 0, KMInteger.uint_16(KMError.OK));
+    KMArray.cast(tmpVariables[0]).add((short) 0, getErrorStatusWithCanaryBitSet(KMError.OK));
     KMArray.cast(tmpVariables[0]).add((short) 1, data[KEY_CHARACTERISTICS]);
 
     bufferProp[BUF_START_OFFSET] = repository.allocAvailableMemory();
@@ -929,7 +934,7 @@ private void processGetHmacSharingParamCmd(APDU apdu) {
     KMHmacSharingParameters.cast(tmpVariables[2]).setSeed(KMByteBlob.instance((short) 0));
     // prepare the response
     tmpVariables[3] = KMArray.instance((short) 2);
-    KMArray.cast(tmpVariables[3]).add((short) 0, KMInteger.uint_16(KMError.OK));
+    KMArray.cast(tmpVariables[3]).add((short) 0, getErrorStatusWithCanaryBitSet(KMError.OK));
     KMArray.cast(tmpVariables[3]).add((short) 1, tmpVariables[2]);
 
     bufferProp[BUF_START_OFFSET] = repository.allocAvailableMemory();
@@ -1095,7 +1100,7 @@ private void processComputeSharedHmacCmd(APDU apdu) {
     tmpVariables[1] = KMByteBlob.instance(scratchPad, tmpVariables[6], tmpVariables[5]);
     // prepare the response
     tmpVariables[0] = KMArray.instance((short) 2);
-    KMArray.cast(tmpVariables[0]).add((short) 0, KMInteger.uint_16(KMError.OK));
+    KMArray.cast(tmpVariables[0]).add((short) 0, getErrorStatusWithCanaryBitSet(KMError.OK));
     KMArray.cast(tmpVariables[0]).add((short) 1, tmpVariables[1]);
 
     bufferProp[BUF_START_OFFSET] = repository.allocAvailableMemory();
@@ -1113,8 +1118,8 @@ private boolean isKeyUpgradeRequired(short tag, short systemParam) {
       // OS version in key characteristics must be less the OS version stored in Javacard or the
       // stored version must be zero. Then only upgrade is allowed else it is invalid argument.
       if ((tag == KMType.OS_VERSION
-              && KMInteger.compare(tmpVariables[0], systemParam) == 1
-              && KMInteger.compare(systemParam, tmpVariables[1]) == 0)) {
+          && KMInteger.compare(tmpVariables[0], systemParam) == 1
+          && KMInteger.compare(systemParam, tmpVariables[1]) == 0)) {
         // Key needs upgrade.
         return true;
       } else if ((KMInteger.compare(tmpVariables[0], systemParam) == -1)) {
@@ -1173,7 +1178,7 @@ private void processUpgradeKeyCmd(APDU apdu) {
     }
     // prepare the response
     tmpVariables[0] = KMArray.instance((short) 2);
-    KMArray.cast(tmpVariables[0]).add((short) 0, KMInteger.uint_16(KMError.OK));
+    KMArray.cast(tmpVariables[0]).add((short) 0, getErrorStatusWithCanaryBitSet(KMError.OK));
     KMArray.cast(tmpVariables[0]).add((short) 1, data[KEY_BLOB]);
 
     bufferProp[BUF_START_OFFSET] = repository.allocAvailableMemory();
@@ -1450,7 +1455,8 @@ private void processAttestKeyCmd(APDU apdu) {
     cert.buffer((byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET], bufferProp[BUF_LEN_OFFSET]);
     cert.build();
     bufferProp[BUF_START_OFFSET] =
-        encoder.encodeCert((byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET], cert.getCertStart(), cert.getCertLength());
+        encoder.encodeCert((byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET], cert.getCertStart(), cert.getCertLength(),
+            getErrorStatusWithCanaryBitSet(KMError.OK));
     bufferProp[BUF_LEN_OFFSET] = (short) (cert.getCertLength() + (cert.getCertStart() - bufferProp[BUF_START_OFFSET]));
     sendOutgoing(apdu);
   }
@@ -1615,7 +1621,7 @@ private void processFinishOperationCmd(APDU apdu) {
     if (data[OUTPUT_DATA] == KMType.INVALID_VALUE) {
       data[OUTPUT_DATA] = KMByteBlob.instance((short) 0);
     }
-    KMArray.cast(tmpVariables[2]).add((short) 0, KMInteger.uint_16(KMError.OK));
+    KMArray.cast(tmpVariables[2]).add((short) 0, getErrorStatusWithCanaryBitSet(KMError.OK));
     KMArray.cast(tmpVariables[2]).add((short) 1, tmpVariables[1]);
     KMArray.cast(tmpVariables[2]).add((short) 2, data[OUTPUT_DATA]);
 
@@ -1773,18 +1779,18 @@ private void finishSigningVerifyingOperation(KMOperationState op, byte[] scratch
           if (op.getPurpose() == KMType.SIGN) {
             // len of signature will be 256 bytes
             short len = op.getOperation().sign(
-                    KMByteBlob.cast(data[INPUT_DATA]).getBuffer(),
-                    KMByteBlob.cast(data[INPUT_DATA]).getStartOff(),
-                    KMByteBlob.cast(data[INPUT_DATA]).length(), scratchPad,
-                    (short) 0);
+                KMByteBlob.cast(data[INPUT_DATA]).getBuffer(),
+                KMByteBlob.cast(data[INPUT_DATA]).getStartOff(),
+                KMByteBlob.cast(data[INPUT_DATA]).length(), scratchPad,
+                (short) 0);
             // Maximum output size of signature is 256 bytes.
             data[OUTPUT_DATA] = KMByteBlob.instance((short) 256);
             Util.arrayCopyNonAtomic(
-                    scratchPad,
-                    (short) 0,
-                    KMByteBlob.cast(data[OUTPUT_DATA]).getBuffer(),
-                    (short) (KMByteBlob.cast(data[OUTPUT_DATA]).getStartOff() + 256 - len),
-                    len);
+                scratchPad,
+                (short) 0,
+                KMByteBlob.cast(data[OUTPUT_DATA]).getBuffer(),
+                (short) (KMByteBlob.cast(data[OUTPUT_DATA]).getStartOff() + 256 - len),
+                len);
           } else {
             KMException.throwIt(KMError.UNSUPPORTED_PURPOSE);
           }
@@ -2097,7 +2103,7 @@ private void processUpdateOperationCmd(APDU apdu) {
     if (data[OUTPUT_DATA] == KMType.INVALID_VALUE) {
       data[OUTPUT_DATA] = KMByteBlob.instance((short) 0);
     }
-    KMArray.cast(tmpVariables[2]).add((short) 0, KMInteger.uint_16(KMError.OK));
+    KMArray.cast(tmpVariables[2]).add((short) 0, getErrorStatusWithCanaryBitSet(KMError.OK));
     KMArray.cast(tmpVariables[2]).add((short) 1, KMInteger.uint_16(tmpVariables[3]));
     KMArray.cast(tmpVariables[2]).add((short) 2, tmpVariables[1]);
     KMArray.cast(tmpVariables[2]).add((short) 3, data[OUTPUT_DATA]);
@@ -2203,7 +2209,7 @@ private void processBeginOperationCmd(APDU apdu) {
     }
     tmpVariables[1] = KMKeyParameters.instance(tmpVariables[2]);
     tmpVariables[0] = KMArray.instance((short) 3);
-    KMArray.cast(tmpVariables[0]).add((short) 0, KMInteger.uint_16(KMError.OK));
+    KMArray.cast(tmpVariables[0]).add((short) 0, getErrorStatusWithCanaryBitSet(KMError.OK));
     KMArray.cast(tmpVariables[0]).add((short) 1, tmpVariables[1]);
     KMArray.cast(tmpVariables[0]).add((short) 2, data[OP_HANDLE]);
 
@@ -2813,7 +2819,7 @@ private void importKey(APDU apdu, byte[] scratchPad) {
 
     // prepare the response
     tmpVariables[0] = KMArray.instance((short) 3);
-    KMArray.cast(tmpVariables[0]).add((short) 0, KMInteger.uint_16(KMError.OK));
+    KMArray.cast(tmpVariables[0]).add((short) 0, getErrorStatusWithCanaryBitSet(KMError.OK));
     KMArray.cast(tmpVariables[0]).add((short) 1, data[KEY_BLOB]);
     KMArray.cast(tmpVariables[0]).add((short) 2, data[KEY_CHARACTERISTICS]);
 
@@ -3315,7 +3321,7 @@ private static void processGenerateKey(APDU apdu) {
 
     // prepare the response
     tmpVariables[0] = KMArray.instance((short) 3);
-    KMArray.cast(tmpVariables[0]).add((short) 0, KMInteger.uint_16(KMError.OK));
+    KMArray.cast(tmpVariables[0]).add((short) 0, getErrorStatusWithCanaryBitSet(KMError.OK));
     KMArray.cast(tmpVariables[0]).add((short) 1, data[KEY_BLOB]);
     KMArray.cast(tmpVariables[0]).add((short) 2, data[KEY_CHARACTERISTICS]);
 
@@ -3623,20 +3629,20 @@ private static void parseEncryptedKeyBlob(byte[] scratchPad) {
       tmpVariables[0] = KMByteBlob.cast(data[KEY_BLOB]).getStartOff();
       tmpVariables[1] = KMArray.instance((short) 5);
       KMArray.cast(tmpVariables[1]).add(KMKeymasterApplet.KEY_BLOB_SECRET,
-              KMByteBlob.exp());
+          KMByteBlob.exp());
       KMArray.cast(tmpVariables[1]).add(KMKeymasterApplet.KEY_BLOB_AUTH_TAG,
-              KMByteBlob.exp());
+          KMByteBlob.exp());
       KMArray.cast(tmpVariables[1]).add(KMKeymasterApplet.KEY_BLOB_NONCE,
-              KMByteBlob.exp());
+          KMByteBlob.exp());
       tmpVariables[2] = KMKeyCharacteristics.exp();
       KMArray.cast(tmpVariables[1]).add(KMKeymasterApplet.KEY_BLOB_KEYCHAR,
-              tmpVariables[2]);
+          tmpVariables[2]);
       KMArray.cast(tmpVariables[1]).add(KMKeymasterApplet.KEY_BLOB_PUB_KEY,
-              KMByteBlob.exp());
+          KMByteBlob.exp());
       data[KEY_BLOB] = decoder.decodeArray(tmpVariables[1],
-              KMByteBlob.cast(data[KEY_BLOB]).getBuffer(),
-              KMByteBlob.cast(data[KEY_BLOB]).getStartOff(),
-              KMByteBlob.cast(data[KEY_BLOB]).length());
+          KMByteBlob.cast(data[KEY_BLOB]).getBuffer(),
+          KMByteBlob.cast(data[KEY_BLOB]).getStartOff(),
+          KMByteBlob.cast(data[KEY_BLOB]).length());
       tmpVariables[0] = KMArray.cast(data[KEY_BLOB]).length();
       if (tmpVariables[0] < 4) {
         KMException.throwIt(KMError.INVALID_KEY_BLOB);
@@ -3647,18 +3653,18 @@ private static void parseEncryptedKeyBlob(byte[] scratchPad) {
       data[NONCE] = KMArray.cast(data[KEY_BLOB]).get(KEY_BLOB_NONCE);
       data[SECRET] = KMArray.cast(data[KEY_BLOB]).get(KEY_BLOB_SECRET);
       data[KEY_CHARACTERISTICS] = KMArray.cast(data[KEY_BLOB]).get(
-              KEY_BLOB_KEYCHAR);
+          KEY_BLOB_KEYCHAR);
       data[PUB_KEY] = KMType.INVALID_VALUE;
       if (tmpVariables[0] == 5) {
         data[PUB_KEY] = KMArray.cast(data[KEY_BLOB]).get(KEY_BLOB_PUB_KEY);
       }
       data[HW_PARAMETERS] = KMKeyCharacteristics
-              .cast(data[KEY_CHARACTERISTICS]).getHardwareEnforced();
+          .cast(data[KEY_CHARACTERISTICS]).getHardwareEnforced();
       data[SW_PARAMETERS] = KMKeyCharacteristics
-              .cast(data[KEY_CHARACTERISTICS]).getSoftwareEnforced();
+          .cast(data[KEY_CHARACTERISTICS]).getSoftwareEnforced();
 
       data[HIDDEN_PARAMETERS] = KMKeyParameters.makeHidden(data[APP_ID],
-              data[APP_DATA], data[ROT], scratchPad);
+          data[APP_DATA], data[ROT], scratchPad);
       // make auth data
       makeAuthData(scratchPad);
       // Decrypt Secret and verify auth tag
@@ -3823,9 +3829,26 @@ private static short deriveKey(byte[] scratchPad) {
     return tmpVariables[3];
   }
 
+  private static short getErrorStatusWithCanaryBitSet(short err) {
+    short int32Ptr = KMInteger.instance((short) 4);
+    if (repository.isResetEventOccurred()) {
+      repository.resetSeStatusFlag();
+      //Set the canary bit
+      Util.setShort(KMInteger.cast(int32Ptr).getBuffer(),
+          KMInteger.cast(int32Ptr).getStartOff(),
+          CANARY_BIT_FLAG);
+    }
+    Util.setShort(KMInteger.cast(int32Ptr).getBuffer(),
+        (short) (KMInteger.cast(int32Ptr).getStartOff() + 2),
+        err);
+    return int32Ptr;
+  }
+
   private static void sendError(APDU apdu, short err) {
     bufferProp[BUF_START_OFFSET] = repository.alloc((short) 2);
-    bufferProp[BUF_LEN_OFFSET] = encoder.encodeError(err, (byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET], (short) 5);
+    short int32Ptr = getErrorStatusWithCanaryBitSet(err);
+    bufferProp[BUF_LEN_OFFSET] = encoder.encode(int32Ptr, (byte[]) bufferRef[0],
+        bufferProp[BUF_START_OFFSET]);
     sendOutgoing(apdu);
   }
 
diff --git a/Applet/src/com/android/javacard/keymaster/KMOperationState.java b/Applet/src/com/android/javacard/keymaster/KMOperationState.java
index 3fbe47f2..d8705de4 100644
--- a/Applet/src/com/android/javacard/keymaster/KMOperationState.java
+++ b/Applet/src/com/android/javacard/keymaster/KMOperationState.java
@@ -28,11 +28,7 @@
 public class KMOperationState {
 
   public static final byte MAX_DATA = 20;
-  public static final byte MAX_REFS = 1;
-  private static final byte DATA = 0;
-  private static final byte REFS = 1;
-  private static final byte KMOPERATION = 0;
-  private static final byte SLOT = 1;
+  private static final byte OPERATION = 0;
   private static final byte TRUE = 1;
   private static final byte FALSE = 0;
   // byte type
@@ -56,7 +52,6 @@ public class KMOperationState {
   private static final byte AES_GCM_UPDATE_ALLOWED = 8;
 
   // Object References
-  private static final byte OPERATION = 0;
   private byte[] data;
   private Object[] objRefs;
   private static KMOperationState prototype;
@@ -64,7 +59,7 @@ public class KMOperationState {
 
   private KMOperationState() {
     data = JCSystem.makeTransientByteArray(MAX_DATA, JCSystem.CLEAR_ON_RESET);
-    objRefs = JCSystem.makeTransientObjectArray((short) 2, JCSystem.CLEAR_ON_RESET);
+    objRefs = JCSystem.makeTransientObjectArray((short) 1, JCSystem.CLEAR_ON_RESET);
     isDataUpdated = JCSystem.makeTransientByteArray((short) 1, JCSystem.CLEAR_ON_RESET);
   }
 
@@ -75,22 +70,19 @@ private static KMOperationState proto() {
     return prototype;
   }
 
-  public static KMOperationState instance(short opHandle, Object[] slot) {
+  public static KMOperationState instance(short opHandle) {
     KMOperationState opState = proto();
     opState.reset();
     Util.setShort(prototype.data, OP_HANDLE, opHandle);
-    prototype.objRefs[SLOT] = slot;
     return opState;
   }
 
-  public static KMOperationState read(byte[] oprHandle, short off, Object[] slot) {
+  public static KMOperationState read(byte[] oprHandle, short off, byte[] data, short dataOff, Object opr) {
     KMOperationState opState = proto();
     opState.reset();
-    Util.arrayCopy((byte[]) slot[DATA], (short) 0, prototype.data, (short) 0, (short) prototype.data.length);
-    Object[] ops = ((Object[]) slot[REFS]);
-    prototype.objRefs[KMOPERATION] = ops[OPERATION];
+    Util.arrayCopy(data, dataOff, prototype.data, (short) 0, (short) prototype.data.length);
+    prototype.objRefs[OPERATION] = opr;
     Util.setShort(prototype.data, OP_HANDLE, KMInteger.uint_64(oprHandle, off));
-    prototype.objRefs[SLOT] = slot;
     return opState;
   }
 
@@ -100,7 +92,7 @@ public void persist() {
     }
     KMRepository.instance().persistOperation(data,
         Util.getShort(data, OP_HANDLE),
-        (KMOperation) objRefs[KMOPERATION]);
+        (KMOperation) objRefs[OPERATION]);
     isDataUpdated[0] = FALSE;
   }
 
@@ -114,8 +106,7 @@ public short getKeySize() {
 
   public void reset() {
     isDataUpdated[0] = FALSE;
-    objRefs[KMOPERATION] = null;
-    objRefs[SLOT] = null;
+    objRefs[OPERATION] = null;
     Util.arrayFillNonAtomic(
         data, (short) 0, (short) data.length, (byte) 0);
   }
@@ -125,14 +116,8 @@ private void dataUpdated() {
   }
 
   public void release() {
-    Object[] slots = (Object[]) objRefs[SLOT];
-    Object[] ops = ((Object[]) slots[REFS]);
-    ((KMOperation) ops[OPERATION]).abort();
-    JCSystem.beginTransaction();
-    Util.arrayFillNonAtomic(
-        (byte[]) slots[0], (short) 0, (short) ((byte[]) slots[0]).length, (byte) 0);
-    ops[OPERATION] = null;
-    JCSystem.commitTransaction();
+    if (objRefs[OPERATION] != null)
+      ((KMOperation) objRefs[OPERATION]).abort();
     reset();
   }
 
@@ -150,13 +135,13 @@ public void setPurpose(byte purpose) {
   }
 
   public void setOperation(KMOperation opr) {
-    objRefs[KMOPERATION] = opr;
+    objRefs[OPERATION] = opr;
     dataUpdated();
     persist();
   }
 
   public KMOperation getOperation() {
-    return (KMOperation) objRefs[KMOPERATION];
+    return (KMOperation) objRefs[OPERATION];
   }
 
   public boolean isAuthPerOperationReqd() {

From de63559e8560e0584462e4efb585f424fe852670 Mon Sep 17 00:00:00 2001
From: BKSSM Venkateswarlu
 
Date: Sat, 17 Apr 2021 00:23:16 +0530
Subject: [PATCH 127/169] Handle the reset event from Applet

---
 .../4.1/JavacardKeymaster4Device.cpp          | 57 ++++++++++++++-----
 HAL/keymaster/include/CborConverter.h         |  9 +--
 2 files changed, 44 insertions(+), 22 deletions(-)

diff --git a/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp b/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp
index eb8ccdd8..2e3f97b3 100644
--- a/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp
+++ b/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp
@@ -51,6 +51,9 @@
 #define INS_END_KM_CMD 0x7F
 #define SW_KM_OPR 0UL
 #define SB_KM_OPR 1UL
+#define CANARY_BIT_FLAG ( 1 << 30)
+#define UNSET_CANARY_BIT(a) (a &= ~CANARY_BIT_FLAG)
+#define TWOS_COMPLIMENT(a) (a = ~a + 1)
 
 namespace keymaster {
 namespace V4_1 {
@@ -181,18 +184,6 @@ static T translateExtendedErrorsToHalErrors(T& errorCode) {
     return err;
 }
 
-template
-static std::tuple, T> decodeData(CborConverter& cb, const std::vector& response, bool
-        hasErrorCode) {
-    std::unique_ptr item(nullptr);
-    T errorCode = T::OK;
-    std::tie(item, errorCode) = cb.decodeData(response, hasErrorCode);
-
-    if (T::OK != errorCode)
-        errorCode = translateExtendedErrorsToHalErrors(errorCode);
-    return {std::move(item), errorCode};
-}
-
 /* Generate new operation handle */
 static ErrorCode generateOperationHandle(uint64_t& oprHandle) {
     std::map>::iterator it;
@@ -240,6 +231,43 @@ static void deleteOprHandleEntry(uint64_t halGeneratedOperationHandle) {
     operationTable.erase(halGeneratedOperationHandle);
 }
 
+/* Clears all the strongbox operation handle entries from operation table */
+static void clearStrongboxOprHandleEntries() {
+    std::map>::iterator it = operationTable.begin();
+    for(; it != operationTable.end(); ++it) {
+        if (isStrongboxOperation(it->first))
+            operationTable.erase(it);
+    }
+}
+
+template
+static std::tuple, T> decodeData(CborConverter& cb, const std::vector& response, bool
+        hasErrorCode) {
+    std::unique_ptr item(nullptr);
+    T errorCode = T::OK;
+    std::tie(item, errorCode) = cb.decodeData(response, hasErrorCode);
+    int32_t temp = static_cast(errorCode);
+
+    //Check if secure element is reset
+    bool canaryBitSet = (0 != (temp & CANARY_BIT_FLAG));
+
+    if (canaryBitSet) {
+        //Clear the operation table for Strongbox operations entries.
+        clearStrongboxOprHandleEntries();
+        UNSET_CANARY_BIT(temp);
+    }
+    // SE sends errocode as unsigned value so convert the unsigned value
+    // into a signed value of same magnitude.
+    TWOS_COMPLIMENT(temp);
+
+    //Write back temp to errorCode
+    errorCode = static_cast(temp);
+
+    if (T::OK != errorCode)
+        errorCode = translateExtendedErrorsToHalErrors(errorCode);
+    return {std::move(item), errorCode};
+}
+
 ErrorCode encodeParametersVerified(const VerificationToken& verificationToken, std::vector& asn1ParamsVerified) {
     if (verificationToken.parametersVerified.size() > 0) {
         AuthorizationSet paramSet;
@@ -394,7 +422,7 @@ static bool isSEProvisioned() {
         return ret;
     }
     //Check if SE is provisioned.
-    std::tie(item, errorCode) = cborConverter.decodeData(std::vector(response.begin(), response.end()-2),
+    std::tie(item, errorCode) = decodeData(cborConverter, std::vector(response.begin(), response.end()-2),
             true);
     if(item != NULL) {
         uint64_t status;
@@ -463,7 +491,7 @@ Return JavacardKeymaster4Device::getHardwareInfo(getHardwareInfo_cb _hidl_
     ErrorCode ret = sendData(Instruction::INS_GET_HW_INFO_CMD, input, resp);
     if (ret == ErrorCode::OK) {
         //Skip last 2 bytes in cborData, it contains status.
-        std::tie(item, ret) = cborConverter_.decodeData(std::vector(resp.begin(), resp.end()-2),
+        std::tie(item, ret) = decodeData(cborConverter_, std::vector(resp.begin(), resp.end()-2),
                 false);
         if (item != nullptr) {
             std::vector temp;
@@ -630,7 +658,6 @@ Return JavacardKeymaster4Device::generateKey(const hidl_vec&
     std::vector cborData = array.encode();
 
     errorCode = sendData(Instruction::INS_GENERATE_KEY_CMD, cborData, cborOutData);
-
     if(errorCode == ErrorCode::OK) {
         //Skip last 2 bytes in cborData, it contains status.
         std::tie(item, errorCode) = decodeData(cborConverter_, std::vector(cborOutData.begin(), cborOutData.end()-2),
diff --git a/HAL/keymaster/include/CborConverter.h b/HAL/keymaster/include/CborConverter.h
index ecbe2783..45855244 100644
--- a/HAL/keymaster/include/CborConverter.h
+++ b/HAL/keymaster/include/CborConverter.h
@@ -65,7 +65,7 @@ class CborConverter
                 } else if (MajorType::UINT == getType(item)) {
                     uint64_t err;
                     if(getUint64(item, err)) {
-                        errorCode = static_cast(get2sCompliment(static_cast(err)));
+                        errorCode = static_cast(err);
                     }
                     item = nullptr; /*Already read the errorCode. So no need of sending item to client */
                 }
@@ -162,18 +162,13 @@ class CborConverter
                 if (!getUint64(item, pos, errorVal)) {
                     return ret;
                 }
-                errorCode = static_cast(get2sCompliment(static_cast(errorVal)));
+                errorCode = static_cast(errorVal);
 
                 ret = true;
                 return ret;
             }
 
     private:
-        /**
-         * Returns the negative value of the same number.
-         */
-        inline int32_t get2sCompliment(uint32_t value) { return static_cast(~value+1); }
-
         /**
          * Get the type of the Item pointer.
          */

From 76935ac261e1a7d84225b98a855f50833808c40b Mon Sep 17 00:00:00 2001
From: bvenkateswarlu 
Date: Fri, 16 Apr 2021 19:58:00 +0100
Subject: [PATCH 128/169] Move operationtable to RAM

---
 .../android/javacard/keymaster/KMEncoder.java |   2 +-
 .../javacard/keymaster/KMRepository.java      | 146 ++++++++++--------
 2 files changed, 80 insertions(+), 68 deletions(-)

diff --git a/Applet/src/com/android/javacard/keymaster/KMEncoder.java b/Applet/src/com/android/javacard/keymaster/KMEncoder.java
index 0dc31b56..b79349ff 100644
--- a/Applet/src/com/android/javacard/keymaster/KMEncoder.java
+++ b/Applet/src/com/android/javacard/keymaster/KMEncoder.java
@@ -56,7 +56,7 @@ public KMEncoder() {
     bufferRef[0] = null;
     scratchBuf[START_OFFSET] = (short) 0;
     scratchBuf[LEN_OFFSET] = (short) 0;
-    scratchBuf[STACK_PTR_OFFSET] = (short) 0;    
+    scratchBuf[STACK_PTR_OFFSET] = (short) 0;
   }
 
   private void push(short objPtr) {
diff --git a/Applet/src/com/android/javacard/keymaster/KMRepository.java b/Applet/src/com/android/javacard/keymaster/KMRepository.java
index 07caec72..9e365ada 100644
--- a/Applet/src/com/android/javacard/keymaster/KMRepository.java
+++ b/Applet/src/com/android/javacard/keymaster/KMRepository.java
@@ -91,6 +91,16 @@ public class KMRepository implements KMUpgradable {
   private short dataIndex;
   private short[] reclaimIndex;
 
+  // Operation table.
+  private static final short OPER_TABLE_DATA_OFFSET = 0;
+  private static final short OPER_TABLE_OPR_OFFSET = 1;
+  private static final short OPER_DATA_LEN = OPERATION_HANDLE_ENTRY_SIZE + KMOperationState.MAX_DATA + 1;
+  private static final short DATA_ARRAY_LENGTH = MAX_OPS * OPER_DATA_LEN;
+  // Last byte in the operation data table represents the SE Reset flag.
+  private static final short SE_RESET_FLAG_OFFSET = DATA_ARRAY_LENGTH - 1;
+  public static final byte SE_RESET_STATUS_FLAG = 0x7F;
+
+
   // Singleton instance
   private static KMRepository repository;
 
@@ -105,17 +115,13 @@ public KMRepository(boolean isUpgrading) {
     heapIndex[0] = (short) 0;
     reclaimIndex[0] = HEAP_SIZE;
     newDataTable(isUpgrading);
-    operationStateTable = new Object[MAX_OPS];
-    // create and initialize operation state table.
-    //First byte in the operation handle buffer denotes whether the operation is
-    //reserved or unreserved.
-    byte index = 0;
-    while (index < MAX_OPS) {
-      operationStateTable[index] = new Object[]{new byte[OPERATION_HANDLE_ENTRY_SIZE],
-          new Object[]{new byte[KMOperationState.MAX_DATA],
-              new Object[KMOperationState.MAX_REFS]}};
-      index++;
-    }
+
+    operationStateTable = new Object[2];
+    operationStateTable[0] = JCSystem.makeTransientByteArray(DATA_ARRAY_LENGTH, JCSystem.CLEAR_ON_RESET);
+    operationStateTable[1] = JCSystem.makeTransientObjectArray(MAX_OPS, JCSystem.CLEAR_ON_RESET);
+    //Set the reset flag
+    resetSeStatusFlag();
+
     //Initialize the device locked status
     if (!isUpgrading) {
       setDeviceLock(false);
@@ -124,6 +130,17 @@ public KMRepository(boolean isUpgrading) {
     repository = this;
   }
 
+  public void resetSeStatusFlag() {
+    ((byte[]) operationStateTable[0])[SE_RESET_FLAG_OFFSET] = SE_RESET_STATUS_FLAG;
+  }
+
+  public boolean isResetEventOccurred() {
+    if (((byte[]) operationStateTable[0])[SE_RESET_FLAG_OFFSET] == SE_RESET_STATUS_FLAG) {
+      return false;
+    }
+    return true;
+  }
+
   public void getOperationHandle(short oprHandle, byte[] buf, short off, short len) {
     if (KMInteger.cast(oprHandle).length() != OPERATION_HANDLE_SIZE) {
       KMException.throwIt(KMError.INVALID_OPERATION_HANDLE);
@@ -133,17 +150,19 @@ public void getOperationHandle(short oprHandle, byte[] buf, short off, short len
 
   public KMOperationState findOperation(byte[] buf, short off, short len) {
     short index = 0;
-    byte[] opId;
+    byte[] oprTableData;
+    short offset = 0;
+    oprTableData = (byte[]) operationStateTable[OPER_TABLE_DATA_OFFSET];
+    Object[] operations = (Object[]) operationStateTable[OPER_TABLE_OPR_OFFSET];
     while (index < MAX_OPS) {
-      opId = ((byte[]) ((Object[]) operationStateTable[index])[0]);
-      if (0 == Util.arrayCompare(buf, off, opId, OPERATION_HANDLE_OFFSET, len)) {
-        return KMOperationState
-            .read(opId, OPERATION_HANDLE_OFFSET,
-                (Object[]) ((Object[]) operationStateTable[index])[1]);
+      offset = (short) (index * OPER_DATA_LEN);
+      if (0 == Util.arrayCompare(buf, off, oprTableData, (short) (offset + OPERATION_HANDLE_OFFSET), len)) {
+        return KMOperationState.read(oprTableData, (short) (offset + OPERATION_HANDLE_OFFSET), oprTableData,
+            (short) (offset + OPERATION_HANDLE_ENTRY_SIZE),
+            operations[index]);
       }
       index++;
     }
-
     return null;
   }
 
@@ -164,13 +183,13 @@ public KMOperationState findOperation(short operationHandle) {
   /* opHandle is a KMInteger */
   public KMOperationState reserveOperation(short opHandle) {
     short index = 0;
-    byte[] opId;
+    byte[] oprTableData = (byte[]) operationStateTable[OPER_TABLE_DATA_OFFSET];
+    short offset = 0;
     while (index < MAX_OPS) {
-      opId = (byte[]) ((Object[]) operationStateTable[index])[0];
+      offset = (short) (index * OPER_DATA_LEN);
       /* Check for unreserved operation state */
-      if (opId[OPERATION_HANDLE_STATUS_OFFSET] == 0) {
-        return KMOperationState
-            .instance(opHandle, (Object[]) ((Object[]) operationStateTable[index])[1]);
+      if (oprTableData[(short) (offset + OPERATION_HANDLE_STATUS_OFFSET)] == 0) {
+        return KMOperationState.instance(opHandle);
       }
       index++;
     }
@@ -179,7 +198,9 @@ public KMOperationState reserveOperation(short opHandle) {
 
   public void persistOperation(byte[] data, short opHandle, KMOperation op) {
     short index = 0;
-    byte[] opId;
+    byte[] oprTableData = (byte[]) operationStateTable[OPER_TABLE_DATA_OFFSET];
+    Object[] operations = (Object[]) operationStateTable[OPER_TABLE_OPR_OFFSET];
+    short offset = 0;
     short buf = KMByteBlob.instance(OPERATION_HANDLE_SIZE);
     getOperationHandle(
         opHandle,
@@ -188,21 +209,17 @@ public void persistOperation(byte[] data, short opHandle, KMOperation op) {
         KMByteBlob.cast(buf).length());
     //Update an existing operation state.
     while (index < MAX_OPS) {
-      opId = (byte[]) ((Object[]) operationStateTable[index])[0];
-      if ((1 == opId[OPERATION_HANDLE_STATUS_OFFSET])
+      offset = (short) (index * OPER_DATA_LEN);
+      if ((1 == oprTableData[(short) (offset + OPERATION_HANDLE_STATUS_OFFSET)])
           && (0 == Util.arrayCompare(
-          opId,
-          OPERATION_HANDLE_OFFSET,
+          oprTableData,
+          (short) (offset + OPERATION_HANDLE_OFFSET),
           KMByteBlob.cast(buf).getBuffer(),
           KMByteBlob.cast(buf).getStartOff(),
           KMByteBlob.cast(buf).length()))) {
-        Object[] slot = (Object[]) ((Object[]) operationStateTable[index])[1];
-        JCSystem.beginTransaction();
-        Util.arrayCopy(data, (short) 0, (byte[]) slot[0], (short) 0,
-            (short) ((byte[]) slot[0]).length);
-        Object[] ops = ((Object[]) slot[1]);
-        ops[0] = op;
-        JCSystem.commitTransaction();
+        Util.arrayCopy(data, (short) 0, oprTableData, (short) (offset + OPERATION_HANDLE_ENTRY_SIZE),
+            KMOperationState.MAX_DATA);
+        operations[index] = op;
         return;
       }
       index++;
@@ -211,22 +228,18 @@ public void persistOperation(byte[] data, short opHandle, KMOperation op) {
     index = 0;
     //Persist a new operation.
     while (index < MAX_OPS) {
-      opId = (byte[]) ((Object[]) operationStateTable[index])[0];
-      if (0 == opId[OPERATION_HANDLE_STATUS_OFFSET]) {
-        Object[] slot = (Object[]) ((Object[]) operationStateTable[index])[1];
-        JCSystem.beginTransaction();
-        opId[OPERATION_HANDLE_STATUS_OFFSET] = 1;/*reserved */
+      offset = (short) (index * OPER_DATA_LEN);
+      if (0 == oprTableData[(short) (offset + OPERATION_HANDLE_STATUS_OFFSET)]) {
+        oprTableData[(short) (offset + OPERATION_HANDLE_STATUS_OFFSET)] = 1;/*reserved */
         Util.arrayCopy(
             KMByteBlob.cast(buf).getBuffer(),
             KMByteBlob.cast(buf).getStartOff(),
-            opId,
-            OPERATION_HANDLE_OFFSET,
+            oprTableData,
+            (short) (offset + OPERATION_HANDLE_OFFSET),
             OPERATION_HANDLE_SIZE);
-        Util.arrayCopy(data, (short) 0, (byte[]) slot[0], (short) 0,
-            (short) ((byte[]) slot[0]).length);
-        Object[] ops = ((Object[]) slot[1]);
-        ops[0] = op;
-        JCSystem.commitTransaction();
+        Util.arrayCopy(data, (short) 0, oprTableData, (short) (offset + OPERATION_HANDLE_ENTRY_SIZE),
+            KMOperationState.MAX_DATA);
+        operations[index] = op;
         break;
       }
       index++;
@@ -235,7 +248,9 @@ public void persistOperation(byte[] data, short opHandle, KMOperation op) {
 
   public void releaseOperation(KMOperationState op) {
     short index = 0;
-    byte[] oprHandleBuf;
+    byte[] oprTableData = (byte[]) operationStateTable[OPER_TABLE_DATA_OFFSET];
+    Object[] operations = (Object[]) operationStateTable[OPER_TABLE_OPR_OFFSET];
+    short offset = 0;
     short buf = KMByteBlob.instance(OPERATION_HANDLE_SIZE);
     getOperationHandle(
         op.getHandle(),
@@ -243,17 +258,16 @@ public void releaseOperation(KMOperationState op) {
         KMByteBlob.cast(buf).getStartOff(),
         KMByteBlob.cast(buf).length());
     while (index < MAX_OPS) {
-      oprHandleBuf = ((byte[]) ((Object[]) operationStateTable[index])[0]);
-      if ((oprHandleBuf[OPERATION_HANDLE_STATUS_OFFSET] == 1) &&
-          (0 == Util.arrayCompare(oprHandleBuf,
-              OPERATION_HANDLE_OFFSET,
+      offset = (short) (index * OPER_DATA_LEN);
+      if ((oprTableData[(short) (offset + OPERATION_HANDLE_STATUS_OFFSET)] == 1) &&
+          (0 == Util.arrayCompare(oprTableData,
+              (short) (offset + OPERATION_HANDLE_OFFSET),
               KMByteBlob.cast(buf).getBuffer(),
               KMByteBlob.cast(buf).getStartOff(),
               KMByteBlob.cast(buf).length()))) {
-        JCSystem.beginTransaction();
-        Util.arrayFillNonAtomic(oprHandleBuf, (short) 0, (short) oprHandleBuf.length, (byte) 0);
-        JCSystem.commitTransaction();
+        Util.arrayFillNonAtomic(oprTableData, offset, OPER_DATA_LEN, (byte) 0);
         op.release();
+        operations[index] = null;
         break;
       }
       index++;
@@ -262,19 +276,17 @@ public void releaseOperation(KMOperationState op) {
 
   public void releaseAllOperations() {
     short index = 0;
-    byte[] oprHandleBuf;
+    byte[] oprTableData = (byte[]) operationStateTable[OPER_TABLE_DATA_OFFSET];
+    Object[] operations = (Object[]) operationStateTable[OPER_TABLE_OPR_OFFSET];
+    short offset = 0;
     while (index < MAX_OPS) {
-      oprHandleBuf = ((byte[]) ((Object[]) operationStateTable[index])[0]);
-      if (oprHandleBuf[OPERATION_HANDLE_STATUS_OFFSET] == 1) {
-        Object[] slot = (Object[]) ((Object[]) operationStateTable[index])[1];
-        Object[] ops = ((Object[]) slot[1]);
-        ((KMOperation) ops[0]).abort();
-        JCSystem.beginTransaction();
-        Util.arrayFillNonAtomic((byte[]) slot[0], (short) 0,
-                (short) ((byte[]) slot[0]).length, (byte) 0);
-        Util.arrayFillNonAtomic(oprHandleBuf, (short) 0, (short) oprHandleBuf.length, (byte) 0);
-        ops[0] = null;
-        JCSystem.commitTransaction();
+      offset = (short) (index * OPER_DATA_LEN);
+      if (oprTableData[(short) (offset + OPERATION_HANDLE_STATUS_OFFSET)] == 1) {
+        Util.arrayFillNonAtomic(oprTableData, offset, OPER_DATA_LEN, (byte) 0);
+        if (operations[index] != null) {
+          ((KMOperation) operations[index]).abort();
+          operations[index] = null;
+        }
       }
       index++;
     }

From 2aecff659f59bdf658f90efaacab8f0d69691f41 Mon Sep 17 00:00:00 2001
From: bvenkatswarlu 
Date: Mon, 19 Apr 2021 14:48:51 +0530
Subject: [PATCH 129/169] Card Reset change

---
 .../javacard/keymaster/KMKeymasterApplet.java | 36 ++++++++++++++-----
 .../javacard/keymaster/KMRepository.java      | 24 +++++++------
 2 files changed, 40 insertions(+), 20 deletions(-)

diff --git a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
index 459a678a..b374824a 100644
--- a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
+++ b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
@@ -41,7 +41,7 @@ public class KMKeymasterApplet extends Applet implements AppletEvent, ExtendedLe
   private static final short KM_HAL_VERSION = (short) 0x4000;
   private static final short MAX_AUTH_DATA_SIZE = (short) 512;
   private static final short DERIVE_KEY_INPUT_SIZE = (short) 256;
-  private static final short CANARY_BIT_FLAG = (short) 0x40;
+  private static final short CANARY_BIT_FLAG = (short) 0x4000;
 
   // "Keymaster HMAC Verification" - used for HMAC key verification.
   public static final byte[] sharingCheck = {
@@ -156,7 +156,7 @@ public class KMKeymasterApplet extends Applet implements AppletEvent, ExtendedLe
   public static final byte OUTPUT_DATA = 25;
   public static final byte HW_TOKEN = 26;
   public static final byte VERIFICATION_TOKEN = 27;
-  protected static final byte SIGNATURE = 28;
+  public static final byte SIGNATURE = 28;
 
   // AddRngEntropy
   protected static final short MAX_SEED_SIZE = 2048;
@@ -188,6 +188,7 @@ public class KMKeymasterApplet extends Applet implements AppletEvent, ExtendedLe
   protected static short[] tmpVariables;
   protected static short[] data;
   protected static byte provisionStatus = NOT_PROVISIONED;
+  protected static short cardResetStatus = 0x00;
 
   /**
    * Registers this applet.
@@ -200,6 +201,8 @@ protected KMKeymasterApplet(KMSEProvider seImpl) {
     if (!isUpgrading) {
       keymasterState = KMKeymasterApplet.INIT_STATE;
       seProvider.createMasterKey((short) (KMRepository.MASTER_KEY_SIZE * 8));
+    } else {
+      cardResetStatus = CANARY_BIT_FLAG;
     }
     KMType.initialize();
     encoder = new KMEncoder();
@@ -301,6 +304,15 @@ protected void validateApduHeader(APDU apdu) {
       ISOException.throwIt(ISO7816.SW_INCORRECT_P1P2);
     }
   }
+  
+  // Call this fucntion before processing the apdu.
+  private void updateCardResetFlag() {
+    if (repository.isResetEventOccurred()) {
+      JCSystem.beginTransaction();
+      cardResetStatus = CANARY_BIT_FLAG;
+      JCSystem.commitTransaction();
+    }
+  }
 
   /**
    * Processes an incoming APDU and handles it using command objects.
@@ -310,6 +322,8 @@ protected void validateApduHeader(APDU apdu) {
   @Override
   public void process(APDU apdu) {
     try {
+      // Get and udpate the card reset status before processing apdu.
+      updateCardResetFlag();
       repository.onProcess();
       // Verify whether applet is in correct state.
       if ((keymasterState == KMKeymasterApplet.INIT_STATE)
@@ -3831,16 +3845,20 @@ private static short deriveKey(byte[] scratchPad) {
 
   private static short getErrorStatusWithCanaryBitSet(short err) {
     short int32Ptr = KMInteger.instance((short) 4);
-    if (repository.isResetEventOccurred()) {
-      repository.resetSeStatusFlag();
-      //Set the canary bit
-      Util.setShort(KMInteger.cast(int32Ptr).getBuffer(),
-          KMInteger.cast(int32Ptr).getStartOff(),
-          CANARY_BIT_FLAG);
-    }
+
+    Util.setShort(KMInteger.cast(int32Ptr).getBuffer(),
+        KMInteger.cast(int32Ptr).getStartOff(),
+        cardResetStatus);
+
     Util.setShort(KMInteger.cast(int32Ptr).getBuffer(),
         (short) (KMInteger.cast(int32Ptr).getStartOff() + 2),
         err);
+
+    if (cardResetStatus != 0x00) {
+      JCSystem.beginTransaction();
+      cardResetStatus = 0x00;
+      JCSystem.commitTransaction();
+    }
     return int32Ptr;
   }
 
diff --git a/Applet/src/com/android/javacard/keymaster/KMRepository.java b/Applet/src/com/android/javacard/keymaster/KMRepository.java
index 9e365ada..d4a6278f 100644
--- a/Applet/src/com/android/javacard/keymaster/KMRepository.java
+++ b/Applet/src/com/android/javacard/keymaster/KMRepository.java
@@ -94,11 +94,8 @@ public class KMRepository implements KMUpgradable {
   // Operation table.
   private static final short OPER_TABLE_DATA_OFFSET = 0;
   private static final short OPER_TABLE_OPR_OFFSET = 1;
-  private static final short OPER_DATA_LEN = OPERATION_HANDLE_ENTRY_SIZE + KMOperationState.MAX_DATA + 1;
+  private static final short OPER_DATA_LEN = OPERATION_HANDLE_ENTRY_SIZE + KMOperationState.MAX_DATA;
   private static final short DATA_ARRAY_LENGTH = MAX_OPS * OPER_DATA_LEN;
-  // Last byte in the operation data table represents the SE Reset flag.
-  private static final short SE_RESET_FLAG_OFFSET = DATA_ARRAY_LENGTH - 1;
-  public static final byte SE_RESET_STATUS_FLAG = 0x7F;
 
 
   // Singleton instance
@@ -113,14 +110,13 @@ public KMRepository(boolean isUpgrading) {
     heapIndex = JCSystem.makeTransientShortArray((short) 1, JCSystem.CLEAR_ON_RESET);
     reclaimIndex = JCSystem.makeTransientShortArray((short) 1, JCSystem.CLEAR_ON_RESET);
     heapIndex[0] = (short) 0;
-    reclaimIndex[0] = HEAP_SIZE;
     newDataTable(isUpgrading);
 
     operationStateTable = new Object[2];
     operationStateTable[0] = JCSystem.makeTransientByteArray(DATA_ARRAY_LENGTH, JCSystem.CLEAR_ON_RESET);
     operationStateTable[1] = JCSystem.makeTransientObjectArray(MAX_OPS, JCSystem.CLEAR_ON_RESET);
-    //Set the reset flag
-    resetSeStatusFlag();
+    //Set the reset flags
+    resetHeapEndIndex();
 
     //Initialize the device locked status
     if (!isUpgrading) {
@@ -130,12 +126,15 @@ public KMRepository(boolean isUpgrading) {
     repository = this;
   }
 
-  public void resetSeStatusFlag() {
-    ((byte[]) operationStateTable[0])[SE_RESET_FLAG_OFFSET] = SE_RESET_STATUS_FLAG;
+  public void resetHeapEndIndex() {
+    reclaimIndex[0] = HEAP_SIZE;
   }
 
+  // This function should only be called before processing any of the APUs.
+  // Once we start processing the APDU the reclainIndex[0] will change to 
+  // a lesser value than HEAP_SIZE
   public boolean isResetEventOccurred() {
-    if (((byte[]) operationStateTable[0])[SE_RESET_FLAG_OFFSET] == SE_RESET_STATUS_FLAG) {
+    if (reclaimIndex[0] == HEAP_SIZE) {
       return false;
     }
     return true;
@@ -320,12 +319,15 @@ public void onUninstall() {
   }
 
   public void onProcess() {
+    // When card reset happens reclaimIndex[0] will be equal to 0.
+    // So make sure the reclaimIndex[0] is always equal to HEAP_SIZE
+    resetHeapEndIndex();
   }
 
   public void clean() {
     Util.arrayFillNonAtomic(heap, (short) 0, heapIndex[0], (byte) 0);
     heapIndex[0] = (short) 0;
-    reclaimIndex[0] = HEAP_SIZE;
+    resetHeapEndIndex();
   }
 
   public void onDeselect() {

From 4653b23827e8e2596e4142fbd647f8081238a075 Mon Sep 17 00:00:00 2001
From: bvenkatswarlu 
Date: Mon, 19 Apr 2021 20:15:03 +0530
Subject: [PATCH 130/169] Added a new test case to test the card reset
 functionality

---
 .../javacard/test/KMFunctionalTest.java       | 204 +++++++++++++++---
 1 file changed, 179 insertions(+), 25 deletions(-)

diff --git a/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java b/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java
index 9e9c2c6c..32a3a066 100644
--- a/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java
+++ b/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java
@@ -450,6 +450,10 @@ public class KMFunctionalTest {
   private static final int OS_PATCH_LEVEL = 1;
   private static final int VENDOR_PATCH_LEVEL = 1;
   private static final int BOOT_PATCH_LEVEL = 1;
+  private static final short MAJOR_TYPE_MASK = 0xE0;
+  private static final byte CBOR_ARRAY_MAJOR_TYPE = (byte) 0x80;
+  private static final byte CBOR_UINT_MAJOR_TYPE = 0x00;
+  private static final short CANARY_BIT_FLAG = (short) 0x4000;
 
   private CardSimulator simulator;
   private KMEncoder encoder;
@@ -930,7 +934,7 @@ public void testDeviceLocked() {
     inParams = getAesDesParams(KMType.AES, KMType.ECB, KMType.PKCS7, null);
     short beginResp = begin(KMType.DECRYPT,
         KMByteBlob.instance(keyBlob, (short) 0, (short) keyBlob.length),
-        KMKeyParameters.instance(inParams), (short) 0);
+        KMKeyParameters.instance(inParams), (short) 0, false);
     Assert.assertEquals(beginResp, KMError.DEVICE_LOCKED);
     short hwToken = KMHardwareAuthToken.instance();
     KMHardwareAuthToken.cast(hwToken).setTimestamp(KMInteger.uint_16((byte) 2));
@@ -2383,7 +2387,7 @@ public boolean rsaVerifyMessage(byte[] input, short inputOff, short inputlen, by
   public byte[] EncryptMessage(byte[] input, short params, byte[] keyBlob) {
     short ret = begin(KMType.ENCRYPT,
         KMByteBlob.instance(keyBlob, (short) 0, (short) keyBlob.length),
-        KMKeyParameters.instance(params), (short) 0);
+        KMKeyParameters.instance(params), (short) 0, false);
     // Get the operation handle.
     short opHandle = KMArray.cast(ret).get((short) 2);
     byte[] opHandleBuf = new byte[KMRepository.OPERATION_HANDLE_SIZE];
@@ -2393,7 +2397,7 @@ public byte[] EncryptMessage(byte[] input, short params, byte[] keyBlob) {
 
     ret = finish(opHandle,
         KMByteBlob.instance(input, (short) 0, (short) input.length), null,
-        (short) 0, (short) 0, (short) 0, KMError.OK);
+        (short) 0, (short) 0, (short) 0, KMError.OK, false);
     short dataPtr = KMArray.cast(ret).get((short) 2);
     byte[] output = new byte[KMByteBlob.cast(dataPtr).length()];
     if (KMByteBlob.cast(dataPtr).length() > 0) {
@@ -2407,7 +2411,7 @@ public byte[] EncryptMessage(byte[] input, short params, byte[] keyBlob) {
   public byte[] DecryptMessage(byte[] input, short params, byte[] keyBlob) {
     short ret = begin(KMType.DECRYPT,
         KMByteBlob.instance(keyBlob, (short) 0, (short) keyBlob.length),
-        KMKeyParameters.instance(params), (short) 0);
+        KMKeyParameters.instance(params), (short) 0, false);
     // Get the operation handle.
     short opHandle = KMArray.cast(ret).get((short) 2);
     byte[] opHandleBuf = new byte[KMRepository.OPERATION_HANDLE_SIZE];
@@ -2417,7 +2421,7 @@ public byte[] DecryptMessage(byte[] input, short params, byte[] keyBlob) {
 
     ret = finish(opHandle,
         KMByteBlob.instance(input, (short) 0, (short) input.length), null,
-        (short) 0, (short) 0, (short) 0, KMError.OK);
+        (short) 0, (short) 0, (short) 0, KMError.OK, false);
     short dataPtr = KMArray.cast(ret).get((short) 2);
     byte[] output = new byte[KMByteBlob.cast(dataPtr).length()];
     if (KMByteBlob.cast(dataPtr).length() > 0) {
@@ -2447,7 +2451,7 @@ public void testUnsupportedBlockMode() {
             KMType.PKCS7, new byte[12]);
     short ret = begin(KMType.ENCRYPT,
             KMByteBlob.instance(keyBlob, (short) 0, (short) keyBlob.length),
-            KMKeyParameters.instance(desPkcs7Params), (short) 0);
+            KMKeyParameters.instance(desPkcs7Params), (short) 0, false);
     Assert.assertTrue(ret == KMError.UNSUPPORTED_BLOCK_MODE);
     cleanUp();
   }
@@ -2479,7 +2483,7 @@ public void testDesEcbPkcs7PaddingCorrupted() {
 
     short ret = begin(KMType.DECRYPT,
         KMByteBlob.instance(keyBlob, (short) 0, (short) keyBlob.length),
-        KMKeyParameters.instance(desPkcs7Params), (short) 0);
+        KMKeyParameters.instance(desPkcs7Params), (short) 0, false);
     // Get the operation handle.
     short opHandle = KMArray.cast(ret).get((short) 2);
     byte[] opHandleBuf = new byte[KMRepository.OPERATION_HANDLE_SIZE];
@@ -2492,7 +2496,7 @@ public void testDesEcbPkcs7PaddingCorrupted() {
         (short) cipherText1.length);
     opHandle = KMInteger.uint_64(opHandleBuf, (short) 0);
     ret = finish(opHandle, dataPtr, null, (short) 0, (short) 0, (short) 0,
-        KMError.INVALID_ARGUMENT);
+        KMError.INVALID_ARGUMENT, false);
     cleanUp();
   }
 
@@ -2550,7 +2554,7 @@ public void testVtsRsaPkcs1Success() {
       // Do Begin operation.
       short ret = begin(KMType.DECRYPT,
           KMByteBlob.instance(keyBlob, (short) 0, (short) keyBlob.length),
-          KMKeyParameters.instance(pkcs1Params), (short) 0);
+          KMKeyParameters.instance(pkcs1Params), (short) 0, false);
 
       // Get the operation handle.
       short opHandle = KMArray.cast(ret).get((short) 2);
@@ -2563,7 +2567,7 @@ public void testVtsRsaPkcs1Success() {
           (short) cipherText1.length);
       // Finish should return UNKNOWN_ERROR.
       ret = finish(opHandle, dataPtr, null, (short) 0, (short) 0, (short) 0,
-          KMError.UNKNOWN_ERROR);
+          KMError.UNKNOWN_ERROR, false);
     }
     cleanUp();
   }
@@ -2763,6 +2767,106 @@ public void testUpgradeKey() {
     }
     cleanUp();
   }
+  
+  /*public void testBeginResetUpdate() {
+    byte[] input = new byte[] {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08};
+    // Generate Key
+    short ret = generateHmacKey(null, null);
+    // Store the generated key in a new byte blob.
+    short keyBlobPtr = KMArray.cast(ret).get((short) 1);
+    byte[] keyBlob = new byte[KMByteBlob.cast(keyBlobPtr).length()];
+    Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(),
+        KMByteBlob.cast(keyBlobPtr).getStartOff(), keyBlob,
+        (short) 0, (short) keyBlob.length);
+    short inParams = getHmacParams(KMType.SHA2_256, true);
+
+    //Call begin operation.
+    ret = begin(KMType.SIGN, keyBlobPtr, KMKeyParameters.instance(inParams), (short) 0);
+    // Get the operation handle.
+    short opHandle = KMArray.cast(ret).get((short) 2);
+    byte[] opHandleBuf = new byte[KMRepository.OPERATION_HANDLE_SIZE];
+    KMInteger.cast(opHandle).getValue(opHandleBuf, (short) 0, (short) opHandleBuf.length);
+    //Get the keyblobptr again.
+    keyBlobPtr = KMByteBlob.instance(keyBlob, (short) 0, (short) keyBlob.length);
+        
+    // Call update operation and check if the canary bit is set or not.
+    short dataPtr = KMByteBlob.instance(input, (short) 0, (short) input.length);
+    // update with trigger reset.
+    ret = update(opHandle, dataPtr, (short) 0, (short) 0, (short) 0, true);
+    short canaryBitFlag = KMInteger.cast(ret).getSignificantShort();
+    short err = KMInteger.cast(ret).getShort();
+    Assert.assertEquals(CANARY_BIT_FLAG , canaryBitFlag);
+    Assert.assertEquals(KMError.INVALID_OPERATION_HANDLE , err);
+    
+   // Call finish operation and check if the canary bit is set or not.
+    dataPtr = KMByteBlob.instance(input, (short) 0, (short) input.length);
+    // finish with trigger reset.
+    ret = finish(opHandle, dataPtr, null, (short) 0, (short) 0, (short) 0, KMError.OK, true);
+    short canaryBitFlag = KMInteger.cast(ret).getSignificantShort();
+    short err = KMInteger.cast(ret).getShort();
+    Assert.assertEquals(CANARY_BIT_FLAG , canaryBitFlag);
+    Assert.assertEquals(KMError.INVALID_OPERATION_HANDLE , err);
+  }*/
+  
+  public void testBeginResetUpdate() {
+    byte[] input = new byte[] {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08};
+    
+    //begin, begin1, update, update1, finish, begin2, abort
+    boolean[][] resetEvents = {
+        {false, true, false, false, false, false, false},  
+    };
+    for(int i = 0; i < resetEvents.length; i++) {
+      // Generate Key----------------
+      short ret = generateHmacKey(null, null);
+      // Store the generated key in a new byte blob.
+      short keyBlobPtr = KMArray.cast(ret).get((short) 1);
+      byte[] keyBlob = new byte[KMByteBlob.cast(keyBlobPtr).length()];
+      Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(),
+          KMByteBlob.cast(keyBlobPtr).getStartOff(), keyBlob,
+          (short) 0, (short) keyBlob.length);
+      short inParams = getHmacParams(KMType.SHA2_256, true);
+      // Generate Key----------------
+      
+      //Call begin operation----------------
+      ret = begin(KMType.SIGN, keyBlobPtr, KMKeyParameters.instance(inParams), (short) 0, resetEvents[i][0]);
+      // Get the operation handle.
+      short opHandle = KMArray.cast(ret).get((short) 2);
+      byte[] opHandleBuf = new byte[KMRepository.OPERATION_HANDLE_SIZE];
+      KMInteger.cast(opHandle).getValue(opHandleBuf, (short) 0, (short) opHandleBuf.length);
+      //Get the keyblobptr again.
+      keyBlobPtr = KMByteBlob.instance(keyBlob, (short) 0, (short) keyBlob.length);
+      //Call begin operation----------------
+      
+      //Call begin1 operation----------------
+      inParams = getHmacParams(KMType.SHA2_256, true);
+      ret = begin(KMType.SIGN, keyBlobPtr, KMKeyParameters.instance(inParams), (short) 0, resetEvents[i][1]);
+      // Get the operation handle.
+      short opHandle1 = KMArray.cast(ret).get((short) 2);
+      byte[] opHandleBuf1 = new byte[KMRepository.OPERATION_HANDLE_SIZE];
+      KMInteger.cast(opHandle1).getValue(opHandleBuf1, (short) 0, (short) opHandleBuf1.length);
+      //Get the keyblobptr again.
+      keyBlobPtr = KMByteBlob.instance(keyBlob, (short) 0, (short) keyBlob.length);
+      //Call begin1 operation----------------
+      
+      //Call update operation----------------
+      // Call update operation and check if the canary bit is set or not.
+      short dataPtr = KMByteBlob.instance(input, (short) 0, (short) input.length);
+      // update with trigger reset.
+      ret = update(opHandle, dataPtr, (short) 0, (short) 0, (short) 0, resetEvents[i][2]);
+      if (resetEvents[i][1] || resetEvents[i][2]) {
+        short err = KMInteger.cast(ret).getShort();
+        Assert.assertEquals(KMError.INVALID_OPERATION_HANDLE, err);
+      }
+      //Call update operation----------------
+    }
+  }
+
+  @Test
+  public void testCardResetFunctionality() {
+    init();
+    testBeginResetUpdate();
+    cleanUp();
+  }
 
   @Test
   public void testDestroyAttIds() {
@@ -2843,7 +2947,7 @@ public void testAbortOperation() {
     byte[] plainData = "Hello World 123!".getBytes();
     short ret = begin(KMType.ENCRYPT,
         KMByteBlob.instance(keyBlob, (short) 0, (short) keyBlob.length),
-        KMKeyParameters.instance(inParams), (short) 0);
+        KMKeyParameters.instance(inParams), (short) 0, false);
     short opHandle = KMArray.cast(ret).get((short) 2);
     byte[] opHandleBuf = new byte[KMRepository.OPERATION_HANDLE_SIZE];
     KMInteger.cast(opHandle).getValue(opHandleBuf, (short) 0, (short) opHandleBuf.length);
@@ -2851,7 +2955,8 @@ public void testAbortOperation() {
     abort(opHandle);
     short dataPtr = KMByteBlob.instance(plainData, (short) 0, (short) plainData.length);
     opHandle = KMInteger.uint_64(opHandleBuf, (short) 0);
-    ret = update(opHandle, dataPtr, (short) 0, (short) 0, (short) 0);
+    ret = update(opHandle, dataPtr, (short) 0, (short) 0, (short) 0, false);
+    ret = KMInteger.cast(ret).getShort();
     Assert.assertEquals(KMError.INVALID_OPERATION_HANDLE, ret);
     cleanUp();
   }
@@ -3140,7 +3245,7 @@ public short processMessage(
       byte[] signature,
       boolean updateFlag,
       boolean aesGcmFlag) {
-    short beginResp = begin(keyPurpose, keyBlob, inParams, hwToken);
+    short beginResp = begin(keyPurpose, keyBlob, inParams, hwToken, false);
     short opHandle = KMArray.cast(beginResp).get((short) 2);
     byte[] opHandleBuf = new byte[KMRepository.OPERATION_HANDLE_SIZE];
     KMInteger.cast(opHandle).getValue(opHandleBuf, (short) 0, (short) opHandleBuf.length);
@@ -3168,7 +3273,7 @@ public short processMessage(
         inParams = KMKeyParameters.instance(inParams);
       }
       opHandle = KMInteger.uint_64(opHandleBuf, (short) 0);
-      ret = update(opHandle, dataPtr, inParams, (short) 0, (short) 0);
+      ret = update(opHandle, dataPtr, inParams, (short) 0, (short) 0, false);
       dataPtr = KMArray.cast(ret).get((short) 3);
       if (KMByteBlob.cast(dataPtr).length() > 0) {
         Util.arrayCopyNonAtomic(
@@ -3187,9 +3292,9 @@ public short processMessage(
 
     opHandle = KMInteger.uint_64(opHandleBuf, (short) 0);
     if (keyPurpose == KMType.VERIFY) {
-      ret = finish(opHandle, dataPtr, signature, (short) 0, (short) 0, (short) 0, KMError.OK);
+      ret = finish(opHandle, dataPtr, signature, (short) 0, (short) 0, (short) 0, KMError.OK, false);
     } else {
-      ret = finish(opHandle, dataPtr, null, (short) 0, (short) 0, (short) 0, KMError.OK);
+      ret = finish(opHandle, dataPtr, null, (short) 0, (short) 0, (short) 0, KMError.OK, false);
     }
     if (len > 0) {
       dataPtr = KMArray.cast(ret).get((short) 2);
@@ -3207,7 +3312,7 @@ public short processMessage(
     return ret;
   }
 
-  public short begin(byte keyPurpose, short keyBlob, short keyParmas, short hwToken) {
+  public short begin(byte keyPurpose, short keyBlob, short keyParmas, short hwToken, boolean triggerReset) {
     short arrPtr = KMArray.instance((short) 4);
     KMArray.cast(arrPtr).add((short) 0, KMEnum.instance(KMType.PURPOSE, keyPurpose));
     KMArray.cast(arrPtr).add((short) 1, keyBlob);
@@ -3217,6 +3322,11 @@ public short begin(byte keyPurpose, short keyBlob, short keyParmas, short hwToke
     }
     KMArray.cast(arrPtr).add((short) 3, hwToken);
     CommandAPDU apdu = encodeApdu((byte) INS_BEGIN_OPERATION_CMD, arrPtr);
+    if (triggerReset) {
+      simulator.reset();
+      AID appletAID = AIDUtil.create("A000000062");
+      simulator.selectApplet(appletAID);
+    }
     //print(apdu.getBytes(),(short)0,(short)apdu.getBytes().length);
     ResponseAPDU response = simulator.transmitCommand(apdu);
     short ret = KMArray.instance((short) 3);
@@ -3226,19 +3336,31 @@ public short begin(byte keyPurpose, short keyBlob, short keyParmas, short hwToke
     KMArray.cast(ret).add((short) 2, KMInteger.exp());
     byte[] respBuf = response.getBytes();
     short len = (short) respBuf.length;
-    if (len > 5) {
+    byte majorType = readMajorType(respBuf);
+    //if (len > 5) {
+    if (majorType == CBOR_ARRAY_MAJOR_TYPE) {
       ret = decoder.decode(ret, respBuf, (short) 0, len);
       short error = KMInteger.cast(KMArray.cast(ret).get((short) 0)).getShort();
       Assert.assertEquals(error, KMError.OK);
+      if (triggerReset) {
+        error = KMInteger.cast(KMArray.cast(ret).get((short) 0)).getSignificantShort();
+        Assert.assertEquals(error, CANARY_BIT_FLAG);
+      }
       return ret;
-    } else {
-      if (len == 3) {
+    } else {//Major type UINT.
+      ret = decoder.decode(KMInteger.exp(), respBuf, (short) 0, len);
+      if (triggerReset) {
+        short error = KMInteger.cast(ret).getSignificantShort();
+        Assert.assertEquals(error, CANARY_BIT_FLAG);
+      }
+      return KMInteger.cast(ret).getShort();
+      /*if (len == 3) {
         return respBuf[0];
       }
       if (len == 4) {
         return respBuf[1];
       }
-      return Util.getShort(respBuf, (short) 0);
+      return Util.getShort(respBuf, (short) 0);*/
     }
   }
 
@@ -3270,7 +3392,7 @@ public short translateExtendedErrorCodes(short err) {
   }
 
   public short finish(short operationHandle, short data, byte[] signature, short inParams,
-      short hwToken, short verToken, short expectedErr) {
+      short hwToken, short verToken, short expectedErr, boolean triggerReset) {
     if (hwToken == 0) {
       hwToken = KMHardwareAuthToken.instance();
     }
@@ -3296,6 +3418,11 @@ public short finish(short operationHandle, short data, byte[] signature, short i
     KMArray.cast(arrPtr).add((short) 5, verToken);
     CommandAPDU apdu = encodeApdu((byte) INS_FINISH_OPERATION_CMD, arrPtr);
     // print(commandAPDU.getBytes());
+    if (triggerReset) {
+      simulator.reset();
+      AID appletAID = AIDUtil.create("A000000062");
+      simulator.selectApplet(appletAID);
+    }
     ResponseAPDU response = simulator.transmitCommand(apdu);
     byte[] respBuf = response.getBytes();
     short len = (short) respBuf.length;
@@ -3313,16 +3440,24 @@ public short finish(short operationHandle, short data, byte[] signature, short i
     ret = decoder.decode(ret, respBuf, (short) 0, len);
     if (expectedErr == KMError.OK) {
       error = KMInteger.cast(KMArray.cast(ret).get((short) 0)).getShort();
+      if (triggerReset) {
+        short canaryBit = KMInteger.cast(KMArray.cast(ret).get((short) 0)).getSignificantShort();
+        Assert.assertEquals(canaryBit, CANARY_BIT_FLAG);
+      }
     } else {
       error = KMInteger.cast(ret).getShort();
       error = translateExtendedErrorCodes(error);
+      if (triggerReset) {
+        short canaryBit = KMInteger.cast(ret).getSignificantShort();
+        Assert.assertEquals(canaryBit, CANARY_BIT_FLAG);
+      }
     }
     Assert.assertEquals(error, expectedErr);
     return ret;
   }
 
   public short update(short operationHandle, short data, short inParams, short hwToken,
-      short verToken) {
+      short verToken, boolean triggerReset) {
     if (hwToken == 0) {
       hwToken = KMHardwareAuthToken.instance();
     }
@@ -3340,6 +3475,11 @@ public short update(short operationHandle, short data, short inParams, short hwT
     KMArray.cast(arrPtr).add((short) 3, hwToken);
     KMArray.cast(arrPtr).add((short) 4, verToken);
     CommandAPDU apdu = encodeApdu((byte) INS_UPDATE_OPERATION_CMD, arrPtr);
+    if (triggerReset) {
+      simulator.reset();
+      AID appletAID = AIDUtil.create("A000000062");
+      simulator.selectApplet(appletAID);
+    }
     // print(commandAPDU.getBytes());
     ResponseAPDU response = simulator.transmitCommand(apdu);
     short ret = KMArray.instance((short) 4);
@@ -3350,15 +3490,29 @@ public short update(short operationHandle, short data, short inParams, short hwT
     KMArray.cast(ret).add((short) 3, KMByteBlob.exp());
     byte[] respBuf = response.getBytes();
     short len = (short) respBuf.length;
-    if (len > 5) {
+    byte majorType = readMajorType(respBuf);
+    if (majorType == CBOR_ARRAY_MAJOR_TYPE) {
       ret = decoder.decode(ret, respBuf, (short) 0, len);
       short error = KMInteger.cast(KMArray.cast(ret).get((short) 0)).getShort();
       Assert.assertEquals(error, KMError.OK);
+      if (triggerReset) {
+        error = KMInteger.cast(KMArray.cast(ret).get((short) 0)).getSignificantShort();
+        Assert.assertEquals(error, CANARY_BIT_FLAG);
+      }
     } else {
-      ret = respBuf[1];
+      ret = decoder.decode(KMInteger.exp(), respBuf, (short)0, len);
+      if (triggerReset) {
+        short canaryBit = KMInteger.cast(ret).getSignificantShort();
+        Assert.assertEquals(canaryBit, CANARY_BIT_FLAG);
+      }
     }
     return ret;
   }
+  
+  private byte readMajorType(byte[] resp) {
+    byte val = resp[0];
+    return (byte) (val & MAJOR_TYPE_MASK);
+  }
 
   private void print(short blob) {
     print(KMByteBlob.cast(blob).getBuffer(), KMByteBlob.cast(blob).getStartOff(),

From cc65979b6466f5fb6e9dbf904beb1645b3e78c47 Mon Sep 17 00:00:00 2001
From: BKSSM Venkateswarlu 
Date: Mon, 19 Apr 2021 20:38:05 +0100
Subject: [PATCH 131/169] Added a new test case to test reset events Moved
 KmoperationImpl to RAM

---
 .../keymaster/KMAndroidSEProvider.java        |  33 ++++-
 .../javacard/keymaster/KMOperationImpl.java   |  52 +++----
 .../javacard/keymaster/KMJCardSimulator.java  |   5 +
 .../javacard/test/KMFunctionalTest.java       | 128 +++++++++++-------
 .../javacard/keymaster/KMKeymasterApplet.java |   4 +-
 .../javacard/keymaster/KMSEProvider.java      |   6 +
 6 files changed, 145 insertions(+), 83 deletions(-)

diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java
index 49929346..f64858f5 100644
--- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java
+++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java
@@ -416,20 +416,23 @@ private Object getInstanceFromPool(Object[] pool, byte alg) {
     return object;
   }
 
+  private void releaseInstance(Object[] pool, short index) {
+    if (((KMInstance) pool[index]).reserved != 0) {
+      JCSystem.beginTransaction();
+      ((KMInstance) pool[index]).reserved = 0;
+      JCSystem.commitTransaction();
+    }
+  }
+
   private void releaseInstance(Object[] pool, Object object) {
     short index = 0;
     short len = (short) pool.length;
     while (index < len) {
       if (pool[index] != null) {
         if (object == ((KMInstance) pool[index]).object) {
-          JCSystem.beginTransaction();
-          ((KMInstance) pool[index]).reserved = 0;
-          JCSystem.commitTransaction();
+          releaseInstance(pool, index);
           break;
         }
-      } else {
-        // Reached end.
-        break;
       }
       index++;
     }
@@ -1275,4 +1278,22 @@ public KMAttestationKey getAttestationKey() {
   public KMPreSharedKey getPresharedKey() {
     return (KMPreSharedKey) preSharedKey;
   }
+
+  private void releasePool(Object[] pool) {
+    short index = 0;
+    short len = (short) pool.length;
+    while (index < len) {
+      if (pool[index] != null) {
+        releaseInstance(pool, index);
+      }
+      index++;
+    }
+  }
+
+  @Override
+  public void releaseAllOperations() {
+    releasePool(cipherPool);
+    releasePool(sigPool);
+    releasePool(operationPool);
+  }
 }
diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMOperationImpl.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMOperationImpl.java
index 32741eed..aa133bda 100644
--- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMOperationImpl.java
+++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMOperationImpl.java
@@ -23,8 +23,6 @@
 
 public class KMOperationImpl implements KMOperation {
 
-  private Cipher cipher;
-  private Signature signature;
   private static final short CIPHER_ALG_OFFSET = 0x00;
   private static final short PADDING_OFFSET = 0x01;
   private static final short OPER_MODE_OFFSET = 0x02;
@@ -34,9 +32,12 @@ public class KMOperationImpl implements KMOperation {
   //Java Card after the GCM update operation.
   private static final short AES_GCM_UPDATE_LEN_OFFSET = 0x05;
   private short[] parameters;
+  // Either one of Cipher/Signature instance is stored.
+  private Object[] operationInst;
 
   public KMOperationImpl() {
     parameters = JCSystem.makeTransientShortArray((short) 6, JCSystem.CLEAR_ON_RESET);
+    operationInst = JCSystem.makeTransientObjectArray((short) 1, JCSystem.CLEAR_ON_RESET);
   }
 
   public short getMode() {
@@ -80,19 +81,15 @@ public void setCipherAlgorithm(short cipherAlg) {
   }
 
   public void setCipher(Cipher cipher) {
-    JCSystem.beginTransaction();
-    this.cipher = cipher;
-    JCSystem.commitTransaction();
+    operationInst[0] = cipher;
   }
 
   public void setSignature(Signature signer) {
-    JCSystem.beginTransaction();
-    this.signature = signer;
-    JCSystem.commitTransaction();
+    operationInst[0] = signer;
   }
 
   private void resetCipher() {
-    setCipher(null);
+    operationInst[0] = null;
     parameters[MAC_LENGTH_OFFSET] = 0;
     parameters[AES_GCM_UPDATE_LEN_OFFSET] = 0;
     parameters[BLOCK_MODE_OFFSET] = 0;
@@ -104,7 +101,7 @@ private void resetCipher() {
   @Override
   public short update(byte[] inputDataBuf, short inputDataStart,
                       short inputDataLength, byte[] outputDataBuf, short outputDataStart) {
-    short len = cipher.update(inputDataBuf, inputDataStart, inputDataLength,
+    short len = ((Cipher) operationInst[0]).update(inputDataBuf, inputDataStart, inputDataLength,
       outputDataBuf, outputDataStart);
     if (parameters[CIPHER_ALG_OFFSET] == KMType.AES && parameters[BLOCK_MODE_OFFSET] == KMType.GCM) {
       // Every time Block size data is stored as intermediate result.
@@ -116,7 +113,7 @@ public short update(byte[] inputDataBuf, short inputDataStart,
   @Override
   public short update(byte[] inputDataBuf, short inputDataStart,
                       short inputDataLength) {
-    signature.update(inputDataBuf, inputDataStart, inputDataLength);
+    ((Signature) operationInst[0]).update(inputDataBuf, inputDataStart, inputDataLength);
     return 0;
   }
 
@@ -124,6 +121,7 @@ public short update(byte[] inputDataBuf, short inputDataStart,
   public short finish(byte[] inputDataBuf, short inputDataStart,
                       short inputDataLen, byte[] outputDataBuf, short outputDataStart) {
     byte[] tmpArray = KMAndroidSEProvider.getInstance().tmpArray;
+    Cipher cipher = (Cipher) operationInst[0];
     short cipherAlg = parameters[CIPHER_ALG_OFFSET];
     short blockMode = parameters[BLOCK_MODE_OFFSET];
     short mode = parameters[OPER_MODE_OFFSET];
@@ -209,11 +207,11 @@ public short sign(byte[] inputDataBuf, short inputDataStart,
                     short inputDataLength, byte[] signBuf, short signStart) {
     short len = 0;
     try {
-      len = signature.sign(inputDataBuf, inputDataStart, inputDataLength,
+      len = ((Signature) operationInst[0]).sign(inputDataBuf, inputDataStart, inputDataLength,
         signBuf, signStart);
     } finally {
-      KMAndroidSEProvider.getInstance().releaseSignatureInstance(signature);
-      setSignature(null);
+      KMAndroidSEProvider.getInstance().releaseSignatureInstance((Signature) operationInst[0]);
+      operationInst[0] = null;
     }
     return len;
   }
@@ -223,31 +221,33 @@ public boolean verify(byte[] inputDataBuf, short inputDataStart,
                         short inputDataLength, byte[] signBuf, short signStart, short signLength) {
     boolean ret = false;
     try {
-      ret = signature.verify(inputDataBuf, inputDataStart, inputDataLength,
+      ret = ((Signature) operationInst[0]).verify(inputDataBuf, inputDataStart, inputDataLength,
         signBuf, signStart, signLength);
     } finally {
-      KMAndroidSEProvider.getInstance().releaseSignatureInstance(signature);
-      setSignature(null);
+      KMAndroidSEProvider.getInstance().releaseSignatureInstance((Signature) operationInst[0]);
+      operationInst[0] = null;
     }
     return ret;
   }
 
   @Override
   public void abort() {
-    if (cipher != null) {
-      KMAndroidSEProvider.getInstance().releaseCipherInstance(cipher);
-      resetCipher();
-    }
-    if (signature != null) {
-      KMAndroidSEProvider.getInstance().releaseSignatureInstance(signature);
-      setSignature(null);
+    if (operationInst[0] != null) {
+      if (parameters[OPER_MODE_OFFSET] == KMType.ENCRYPT ||
+        parameters[OPER_MODE_OFFSET] == KMType.DECRYPT) {
+        KMAndroidSEProvider.getInstance().releaseCipherInstance((Cipher) operationInst[0]);
+        resetCipher();
+      } else {
+        KMAndroidSEProvider.getInstance().releaseSignatureInstance((Signature) operationInst[0]);
+      }
+      operationInst[0] = null;
     }
     KMAndroidSEProvider.getInstance().releaseOperationInstance(this);
   }
 
   @Override
   public void updateAAD(byte[] dataBuf, short dataStart, short dataLength) {
-    ((AEADCipher) cipher).updateAAD(dataBuf, dataStart, dataLength);
+    ((AEADCipher) operationInst[0]).updateAAD(dataBuf, dataStart, dataLength);
   }
 
   @Override
@@ -258,4 +258,4 @@ public short getAESGCMOutputSize(short dataSize, short macLength) {
       return (short) (parameters[AES_GCM_UPDATE_LEN_OFFSET] + dataSize - macLength);
     }
   }
-}
+}
\ No newline at end of file
diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java
index c6948e63..46bd03aa 100644
--- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java
+++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java
@@ -1315,4 +1315,9 @@ public KMAttestationKey getAttestationKey() {
   public KMPreSharedKey getPresharedKey() {
     return (KMPreSharedKey) preSharedKey;
   }
+
+  @Override
+  public void releaseAllOperations() {
+    //Do nothing.
+  }
 }
diff --git a/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java b/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java
index 32a3a066..bcde9f5b 100644
--- a/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java
+++ b/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java
@@ -454,6 +454,8 @@ public class KMFunctionalTest {
   private static final byte CBOR_ARRAY_MAJOR_TYPE = (byte) 0x80;
   private static final byte CBOR_UINT_MAJOR_TYPE = 0x00;
   private static final short CANARY_BIT_FLAG = (short) 0x4000;
+  private static final boolean RESET = true;
+  private static final boolean NO_RESET = false;
 
   private CardSimulator simulator;
   private KMEncoder encoder;
@@ -1947,14 +1949,20 @@ private short deleteKey(short keyBlob) {
     return respBuf[0];
   }
 
-  private short abort(short opHandle) {
+  private short abort(short opHandle, boolean triggerReset) {
     short arrPtr = KMArray.instance((short) 1);
     KMArray.cast(arrPtr).add((short) 0, opHandle);
     CommandAPDU apdu = encodeApdu((byte) INS_ABORT_OPERATION_CMD, arrPtr);
     // print(commandAPDU.getBytes());
+    if (triggerReset) {
+      simulator.reset();
+      AID appletAID1 = AIDUtil.create("A000000062");
+      simulator.selectApplet(appletAID1);
+    }
     ResponseAPDU response = simulator.transmitCommand(apdu);
     byte[] respBuf = response.getBytes();
-    return respBuf[0];
+    short ret = decoder.decode(KMInteger.exp(), respBuf, (short) 0, (short) respBuf.length);
+    return ret;
   }
 
   public short getKeyCharacteristics(short keyBlob) {
@@ -2767,53 +2775,24 @@ public void testUpgradeKey() {
     }
     cleanUp();
   }
-  
-  /*public void testBeginResetUpdate() {
-    byte[] input = new byte[] {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08};
-    // Generate Key
-    short ret = generateHmacKey(null, null);
-    // Store the generated key in a new byte blob.
-    short keyBlobPtr = KMArray.cast(ret).get((short) 1);
-    byte[] keyBlob = new byte[KMByteBlob.cast(keyBlobPtr).length()];
-    Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(),
-        KMByteBlob.cast(keyBlobPtr).getStartOff(), keyBlob,
-        (short) 0, (short) keyBlob.length);
-    short inParams = getHmacParams(KMType.SHA2_256, true);
 
-    //Call begin operation.
-    ret = begin(KMType.SIGN, keyBlobPtr, KMKeyParameters.instance(inParams), (short) 0);
-    // Get the operation handle.
-    short opHandle = KMArray.cast(ret).get((short) 2);
-    byte[] opHandleBuf = new byte[KMRepository.OPERATION_HANDLE_SIZE];
-    KMInteger.cast(opHandle).getValue(opHandleBuf, (short) 0, (short) opHandleBuf.length);
-    //Get the keyblobptr again.
-    keyBlobPtr = KMByteBlob.instance(keyBlob, (short) 0, (short) keyBlob.length);
-        
-    // Call update operation and check if the canary bit is set or not.
-    short dataPtr = KMByteBlob.instance(input, (short) 0, (short) input.length);
-    // update with trigger reset.
-    ret = update(opHandle, dataPtr, (short) 0, (short) 0, (short) 0, true);
-    short canaryBitFlag = KMInteger.cast(ret).getSignificantShort();
-    short err = KMInteger.cast(ret).getShort();
-    Assert.assertEquals(CANARY_BIT_FLAG , canaryBitFlag);
-    Assert.assertEquals(KMError.INVALID_OPERATION_HANDLE , err);
-    
-   // Call finish operation and check if the canary bit is set or not.
-    dataPtr = KMByteBlob.instance(input, (short) 0, (short) input.length);
-    // finish with trigger reset.
-    ret = finish(opHandle, dataPtr, null, (short) 0, (short) 0, (short) 0, KMError.OK, true);
-    short canaryBitFlag = KMInteger.cast(ret).getSignificantShort();
-    short err = KMInteger.cast(ret).getShort();
-    Assert.assertEquals(CANARY_BIT_FLAG , canaryBitFlag);
-    Assert.assertEquals(KMError.INVALID_OPERATION_HANDLE , err);
-  }*/
-  
   public void testBeginResetUpdate() {
     byte[] input = new byte[] {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08};
-    
-    //begin, begin1, update, update1, finish, begin2, abort
+    // Test different combinations of reset events happening in the ordered flow of
+    // begin - begin1 - update - update1 - finish - finish1 - abort
     boolean[][] resetEvents = {
-        {false, true, false, false, false, false, false},  
+        //begin, begin1, update, update1, finish, finish1, abort
+        {NO_RESET, NO_RESET, NO_RESET, NO_RESET, NO_RESET, NO_RESET, NO_RESET},
+        {RESET, NO_RESET, NO_RESET, NO_RESET, NO_RESET, NO_RESET, NO_RESET},
+        {NO_RESET, RESET, NO_RESET, NO_RESET, NO_RESET, NO_RESET, NO_RESET},
+        {NO_RESET, NO_RESET, RESET, NO_RESET, NO_RESET, NO_RESET, NO_RESET},
+        {NO_RESET, NO_RESET, NO_RESET, RESET, NO_RESET, NO_RESET, NO_RESET},
+        {NO_RESET, NO_RESET, NO_RESET, NO_RESET, RESET, NO_RESET, NO_RESET},
+        {NO_RESET, NO_RESET, NO_RESET, NO_RESET, NO_RESET, RESET, NO_RESET},
+        {NO_RESET, NO_RESET, NO_RESET, NO_RESET, NO_RESET, NO_RESET, RESET},
+        {NO_RESET, NO_RESET, NO_RESET, RESET, RESET, NO_RESET, NO_RESET},
+        {NO_RESET, RESET, RESET, NO_RESET, NO_RESET, NO_RESET, NO_RESET},
+        {RESET, RESET, RESET, RESET, RESET, RESET, RESET},
     };
     for(int i = 0; i < resetEvents.length; i++) {
       // Generate Key----------------
@@ -2835,7 +2814,7 @@ public void testBeginResetUpdate() {
       KMInteger.cast(opHandle).getValue(opHandleBuf, (short) 0, (short) opHandleBuf.length);
       //Get the keyblobptr again.
       keyBlobPtr = KMByteBlob.instance(keyBlob, (short) 0, (short) keyBlob.length);
-      //Call begin operation----------------
+      //Call begin end----------------
       
       //Call begin1 operation----------------
       inParams = getHmacParams(KMType.SHA2_256, true);
@@ -2846,18 +2825,66 @@ public void testBeginResetUpdate() {
       KMInteger.cast(opHandle1).getValue(opHandleBuf1, (short) 0, (short) opHandleBuf1.length);
       //Get the keyblobptr again.
       keyBlobPtr = KMByteBlob.instance(keyBlob, (short) 0, (short) keyBlob.length);
-      //Call begin1 operation----------------
-      
+      //Call begin1 end----------------
+
       //Call update operation----------------
       // Call update operation and check if the canary bit is set or not.
       short dataPtr = KMByteBlob.instance(input, (short) 0, (short) input.length);
+      opHandle = KMInteger.instance(opHandleBuf, (short) 0, (short) opHandleBuf.length);
       // update with trigger reset.
       ret = update(opHandle, dataPtr, (short) 0, (short) 0, (short) 0, resetEvents[i][2]);
+      // If a reset event occurred then expect INVALID_OPERATION_HANDLE.
       if (resetEvents[i][1] || resetEvents[i][2]) {
         short err = KMInteger.cast(ret).getShort();
         Assert.assertEquals(KMError.INVALID_OPERATION_HANDLE, err);
       }
-      //Call update operation----------------
+      //Call update end----------------
+
+      //Call update1 operation----------------
+      // Call update1 operation and check if the canary bit is set or not.
+      dataPtr = KMByteBlob.instance(input, (short) 0, (short) input.length);
+      opHandle1 = KMInteger.instance(opHandleBuf1, (short) 0, (short) opHandleBuf1.length);
+      // update with trigger reset.
+      ret = update(opHandle1, dataPtr, (short) 0, (short) 0, (short) 0, resetEvents[i][3]);
+      // If a reset event occurred then expect INVALID_OPERATION_HANDLE.
+      if (resetEvents[i][2] || resetEvents[i][3]) {
+        short err = KMInteger.cast(ret).getShort();
+        Assert.assertEquals(KMError.INVALID_OPERATION_HANDLE, err);
+      }
+      //Call update end----------------
+
+      //Call finish operation----------------
+      // Call finish operation and check if the canary bit is set or not.
+      dataPtr = KMByteBlob.instance((short) 0);
+      opHandle = KMInteger.uint_64(opHandleBuf, (short) 0);
+      short expectedErr = KMError.OK;
+      // If a reset event occurred then expect INVALID_OPERATION_HANDLE.
+      if (resetEvents[i][1] | resetEvents[i][2] | resetEvents[i][3] | resetEvents[i][4])
+        expectedErr = KMError.INVALID_OPERATION_HANDLE;
+      ret = finish(opHandle, dataPtr, null, (short) 0, (short) 0, (short) 0, expectedErr, resetEvents[i][4]);
+      //Call finish end----------------
+
+      //Call finish1 operation----------------
+      // Call finish1 operation and check if the canary bit is set or not.
+      dataPtr = KMByteBlob.instance((short) 0);
+      opHandle1 = KMInteger.instance(opHandleBuf1, (short) 0, (short) opHandleBuf1.length);
+      expectedErr = KMError.OK;
+      // If a reset event occurred then expect INVALID_OPERATION_HANDLE.
+      if (resetEvents[i][2] | resetEvents[i][3] | resetEvents[i][4] | resetEvents[i][5])
+        expectedErr = KMError.INVALID_OPERATION_HANDLE;
+      ret = finish(opHandle1, dataPtr, null, (short) 0, (short) 0, (short) 0, expectedErr, resetEvents[i][5]);
+      //Call finish end----------------
+
+      //Call abort operation----------------
+      // Call abort operation and check if the canary bit is set or not.
+      opHandle = KMInteger.uint_64(opHandleBuf, (short) 0);
+      ret = abort(opHandle, resetEvents[i][6]);
+      if (resetEvents[i][2] | resetEvents[i][3] | resetEvents[i][4] | resetEvents[i][5] | resetEvents[i][6]) {
+        short err = KMInteger.cast(ret).getShort();
+        Assert.assertEquals(KMError.INVALID_OPERATION_HANDLE, err);
+      }
+      //Call finish end----------------
+      KMRepository.instance().clean();
     }
   }
 
@@ -2952,7 +2979,8 @@ public void testAbortOperation() {
     byte[] opHandleBuf = new byte[KMRepository.OPERATION_HANDLE_SIZE];
     KMInteger.cast(opHandle).getValue(opHandleBuf, (short) 0, (short) opHandleBuf.length);
     opHandle = KMInteger.uint_64(opHandleBuf, (short) 0);
-    abort(opHandle);
+    ret = abort(opHandle, false);
+    Assert.assertEquals(KMError.OK, KMInteger.cast(ret).getShort());
     short dataPtr = KMByteBlob.instance(plainData, (short) 0, (short) plainData.length);
     opHandle = KMInteger.uint_64(opHandleBuf, (short) 0);
     ret = update(opHandle, dataPtr, (short) 0, (short) 0, (short) 0, false);
diff --git a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
index b374824a..5e59f43c 100644
--- a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
+++ b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
@@ -308,6 +308,8 @@ protected void validateApduHeader(APDU apdu) {
   // Call this fucntion before processing the apdu.
   private void updateCardResetFlag() {
     if (repository.isResetEventOccurred()) {
+      // Release all the operation instances.
+      seProvider.releaseAllOperations();
       JCSystem.beginTransaction();
       cardResetStatus = CANARY_BIT_FLAG;
       JCSystem.commitTransaction();
@@ -322,7 +324,7 @@ private void updateCardResetFlag() {
   @Override
   public void process(APDU apdu) {
     try {
-      // Get and udpate the card reset status before processing apdu.
+      // Get and update the card reset status before processing apdu.
       updateCardResetFlag();
       repository.onProcess();
       // Verify whether applet is in correct state.
diff --git a/Applet/src/com/android/javacard/keymaster/KMSEProvider.java b/Applet/src/com/android/javacard/keymaster/KMSEProvider.java
index 65ae8fb3..167aa5b2 100644
--- a/Applet/src/com/android/javacard/keymaster/KMSEProvider.java
+++ b/Applet/src/com/android/javacard/keymaster/KMSEProvider.java
@@ -559,4 +559,10 @@ KMOperation initAsymmetricOperation(
    */
   KMPreSharedKey getPresharedKey();
 
+  /**
+   * Releases all the instance back to pool.
+   * Generally this is used when card is reset.
+   */
+  void releaseAllOperations();
+
 }

From cb0826afa74d6f610b934f32180ef7651b1c6803 Mon Sep 17 00:00:00 2001
From: BKSSM Venkateswarlu 
Date: Mon, 19 Apr 2021 21:04:37 +0100
Subject: [PATCH 132/169] Updated the unit test

---
 .../javacard/test/KMFunctionalTest.java       | 27 +++++++++----------
 1 file changed, 13 insertions(+), 14 deletions(-)

diff --git a/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java b/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java
index bcde9f5b..67ff19ac 100644
--- a/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java
+++ b/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java
@@ -678,6 +678,13 @@ private void cleanUp() {
     simulator.deleteApplet(appletAID);
   }
 
+  private void resetAndSelect() {
+    simulator.reset();
+    AID appletAID = AIDUtil.create("A000000062");
+    // Select applet
+    simulator.selectApplet(appletAID);
+  }
+
 
   private CommandAPDU encodeApdu(byte ins, short cmd) {
     byte[] buf = new byte[2500];
@@ -1955,9 +1962,7 @@ private short abort(short opHandle, boolean triggerReset) {
     CommandAPDU apdu = encodeApdu((byte) INS_ABORT_OPERATION_CMD, arrPtr);
     // print(commandAPDU.getBytes());
     if (triggerReset) {
-      simulator.reset();
-      AID appletAID1 = AIDUtil.create("A000000062");
-      simulator.selectApplet(appletAID1);
+      resetAndSelect();
     }
     ResponseAPDU response = simulator.transmitCommand(apdu);
     byte[] respBuf = response.getBytes();
@@ -2776,7 +2781,7 @@ public void testUpgradeKey() {
     cleanUp();
   }
 
-  public void testBeginResetUpdate() {
+  public void testCardRest() {
     byte[] input = new byte[] {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08};
     // Test different combinations of reset events happening in the ordered flow of
     // begin - begin1 - update - update1 - finish - finish1 - abort
@@ -2891,7 +2896,7 @@ public void testBeginResetUpdate() {
   @Test
   public void testCardResetFunctionality() {
     init();
-    testBeginResetUpdate();
+    testCardRest();
     cleanUp();
   }
 
@@ -3351,9 +3356,7 @@ public short begin(byte keyPurpose, short keyBlob, short keyParmas, short hwToke
     KMArray.cast(arrPtr).add((short) 3, hwToken);
     CommandAPDU apdu = encodeApdu((byte) INS_BEGIN_OPERATION_CMD, arrPtr);
     if (triggerReset) {
-      simulator.reset();
-      AID appletAID = AIDUtil.create("A000000062");
-      simulator.selectApplet(appletAID);
+      resetAndSelect();
     }
     //print(apdu.getBytes(),(short)0,(short)apdu.getBytes().length);
     ResponseAPDU response = simulator.transmitCommand(apdu);
@@ -3447,9 +3450,7 @@ public short finish(short operationHandle, short data, byte[] signature, short i
     CommandAPDU apdu = encodeApdu((byte) INS_FINISH_OPERATION_CMD, arrPtr);
     // print(commandAPDU.getBytes());
     if (triggerReset) {
-      simulator.reset();
-      AID appletAID = AIDUtil.create("A000000062");
-      simulator.selectApplet(appletAID);
+      resetAndSelect();
     }
     ResponseAPDU response = simulator.transmitCommand(apdu);
     byte[] respBuf = response.getBytes();
@@ -3504,9 +3505,7 @@ public short update(short operationHandle, short data, short inParams, short hwT
     KMArray.cast(arrPtr).add((short) 4, verToken);
     CommandAPDU apdu = encodeApdu((byte) INS_UPDATE_OPERATION_CMD, arrPtr);
     if (triggerReset) {
-      simulator.reset();
-      AID appletAID = AIDUtil.create("A000000062");
-      simulator.selectApplet(appletAID);
+      resetAndSelect();
     }
     // print(commandAPDU.getBytes());
     ResponseAPDU response = simulator.transmitCommand(apdu);

From 95668a24fc471f8333cf9d7be2220d090cd3f58d Mon Sep 17 00:00:00 2001
From: bvenkatswarlu 
Date: Tue, 20 Apr 2021 01:44:54 +0530
Subject: [PATCH 133/169] updated the unittest

---
 .../test/com/android/javacard/test/KMFunctionalTest.java      | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java b/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java
index 67ff19ac..83a37087 100644
--- a/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java
+++ b/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java
@@ -1967,6 +1967,10 @@ private short abort(short opHandle, boolean triggerReset) {
     ResponseAPDU response = simulator.transmitCommand(apdu);
     byte[] respBuf = response.getBytes();
     short ret = decoder.decode(KMInteger.exp(), respBuf, (short) 0, (short) respBuf.length);
+    if (triggerReset) {
+      short error = KMInteger.cast(ret).getSignificantShort();
+      Assert.assertEquals(error, CANARY_BIT_FLAG);
+    }
     return ret;
   }
 

From b96c735c6775f8cac08e6efd06db22efc073b908 Mon Sep 17 00:00:00 2001
From: bvenkatswarlu 
Date: Tue, 20 Apr 2021 23:18:24 +0530
Subject: [PATCH 134/169] Fixed the issue observed while executing vts

---
 .../android/javacard/keymaster/KMEncoder.java | 64 ++++++++++++++-----
 .../javacard/keymaster/KMKeymasterApplet.java |  8 +--
 2 files changed, 51 insertions(+), 21 deletions(-)

diff --git a/Applet/src/com/android/javacard/keymaster/KMEncoder.java b/Applet/src/com/android/javacard/keymaster/KMEncoder.java
index b79349ff..53c30793 100644
--- a/Applet/src/com/android/javacard/keymaster/KMEncoder.java
+++ b/Applet/src/com/android/javacard/keymaster/KMEncoder.java
@@ -93,9 +93,9 @@ public short encode(short object, byte[] buffer, short startOff) {
   public void encodeCertChain(byte[] buffer, short offset, short length, short errInt32Ptr) {
     bufferRef[0] = buffer;
     scratchBuf[START_OFFSET] = offset;
-    scratchBuf[LEN_OFFSET] += (offset + 1);
-    //Total length is ArrayHeader + UIntHeader + length(errInt32Ptr)
-    scratchBuf[LEN_OFFSET] += (short) (2 + KMInteger.cast(errInt32Ptr).length());
+    scratchBuf[LEN_OFFSET] = (short) (offset + 1);
+    //Total length is ArrayHeader + [UIntHeader + length(errInt32Ptr)]
+    scratchBuf[LEN_OFFSET] += (short) (1 + getEncodedIntegerLength(errInt32Ptr));
 
     writeMajorTypeWithLength(ARRAY_TYPE, (short) 2); // Array of 2 elements
     encodeInteger(errInt32Ptr);
@@ -110,7 +110,7 @@ public short encodeCert(byte[] certBuffer, short bufferStart, short certStart, s
     scratchBuf[START_OFFSET]--;
     // errInt32Ptr - CanaryBit + ErrorCode - 4 bytes
     // Integer header - 1 byte
-    scratchBuf[START_OFFSET] -= (KMInteger.cast(errInt32Ptr).length() + 1);
+    scratchBuf[START_OFFSET] -= getEncodedIntegerLength(errInt32Ptr);
     //Array header - 2 elements i.e. 1 byte
     scratchBuf[START_OFFSET]--;
     // Cert Byte blob - typically 2 bytes length i.e. 3 bytes header
@@ -118,10 +118,10 @@ public short encodeCert(byte[] certBuffer, short bufferStart, short certStart, s
     if (certLength >= SHORT_PAYLOAD) {
       scratchBuf[START_OFFSET]--;
     }
-    bufferStart = scratchBuf[START_OFFSET];
     if (scratchBuf[START_OFFSET] < bufferStart) {
       ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
     }
+    bufferStart = scratchBuf[START_OFFSET];
     writeMajorTypeWithLength(ARRAY_TYPE, (short) 2); // Array of 2 elements
     encodeInteger(errInt32Ptr); //CanaryBit + ErrorCode
     writeMajorTypeWithLength(ARRAY_TYPE, (short) 1); // Array of 1 element
@@ -129,20 +129,11 @@ public short encodeCert(byte[] certBuffer, short bufferStart, short certStart, s
     return bufferStart;
   }
 
-  public short encodeError(short err, byte[] buffer, short startOff, short length) {
+  public short encodeError(short errInt32Ptr, byte[] buffer, short startOff, short length) {
     bufferRef[0] = buffer;
     scratchBuf[START_OFFSET] = startOff;
-    scratchBuf[LEN_OFFSET] = (short) (startOff + length);
-    // encode the err as UINT with value in err - should not be greater then 5 bytes.
-    if (err < UINT8_LENGTH) {
-      writeByte((byte) (UINT_TYPE | err));
-    } else if (err < 0x100) {
-      writeByte((byte) (UINT_TYPE | UINT8_LENGTH));
-      writeByte((byte) err);
-    } else {
-      writeByte((byte) (UINT_TYPE | UINT16_LENGTH));
-      writeShort(err);
-    }
+    scratchBuf[LEN_OFFSET] = (short) (startOff + length + 1);
+    encodeInteger(errInt32Ptr);
     return (short) (scratchBuf[START_OFFSET] - startOff);
   }
 
@@ -292,6 +283,45 @@ private void encodeEnum(short obj) {
     writeByteValue(KMEnum.cast(obj).getVal());
   }
 
+  /* The total length of UINT Major type along with actual length of
+   * integer is returned.
+   */
+  public short getEncodedIntegerLength(short obj) {
+    byte[] val = KMInteger.cast(obj).getBuffer();
+    short len = KMInteger.cast(obj).length();
+    short startOff = KMInteger.cast(obj).getStartOff();
+    byte index = 0;
+    // find out the most significant byte
+    while (index < len) {
+      if (val[(short) (startOff + index)] > 0) {
+        break;
+      } else if (val[(short) (startOff + index)] < 0) {
+        break;
+      }
+      index++; // index will be equal to len if value is 0.
+    }
+    // find the difference between most significant byte and len
+    short diff = (short) (len - index);
+    switch (diff) {
+    case 0: case 1: //Byte | Short
+      if ((val[(short) (startOff + index)] < UINT8_LENGTH) &&
+          (val[(short) (startOff + index)] >= 0)) {
+        return (short) 1;
+      } else {
+        return (short) 2;
+      }
+    case 2: //Short
+      return (short) 3;
+    case 3: case 4: //Uint32
+      return (short) 5;
+    case 5: case 6: case 7: case 8: //Uint64
+      return (short) 5;
+    default:
+      ISOException.throwIt(ISO7816.SW_DATA_INVALID);
+    }
+    return 0;
+  }
+  
   private void encodeInteger(short obj) {
     byte[] val = KMInteger.cast(obj).getBuffer();
     short len = KMInteger.cast(obj).length();
diff --git a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
index 5e59f43c..726f1f96 100644
--- a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
+++ b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
@@ -665,7 +665,7 @@ private void processGetCertChainCmd(APDU apdu) {
     short int32Ptr = getErrorStatusWithCanaryBitSet(KMError.OK);
     //Total Extra length
     // Add arrayHeader and (CanaryBitSet + KMError.OK)
-    tmpVariables[2] = (short) (2 + KMInteger.cast(int32Ptr).length());
+    tmpVariables[2] = (short) (1 + encoder.getEncodedIntegerLength(int32Ptr));
     tmpVariables[0] += tmpVariables[2];
     tmpVariables[1] = KMByteBlob.instance(tmpVariables[0]);
     bufferRef[0] = KMByteBlob.cast(tmpVariables[1]).getBuffer();
@@ -3865,10 +3865,10 @@ private static short getErrorStatusWithCanaryBitSet(short err) {
   }
 
   private static void sendError(APDU apdu, short err) {
-    bufferProp[BUF_START_OFFSET] = repository.alloc((short) 2);
+    bufferProp[BUF_START_OFFSET] = repository.alloc((short) 5);
     short int32Ptr = getErrorStatusWithCanaryBitSet(err);
-    bufferProp[BUF_LEN_OFFSET] = encoder.encode(int32Ptr, (byte[]) bufferRef[0],
-        bufferProp[BUF_START_OFFSET]);
+    bufferProp[BUF_LEN_OFFSET] = encoder.encodeError(int32Ptr, (byte[]) bufferRef[0],
+        bufferProp[BUF_START_OFFSET], (short) 5);
     sendOutgoing(apdu);
   }
 

From acb2f2df82db68542d49e1680ce9efa98b0bb1c5 Mon Sep 17 00:00:00 2001
From: bvenkatswarlu 
Date: Wed, 21 Apr 2021 00:08:05 +0530
Subject: [PATCH 135/169] Added comment and fixed one issue

---
 Applet/src/com/android/javacard/keymaster/KMEncoder.java        | 2 +-
 .../src/com/android/javacard/keymaster/KMKeymasterApplet.java   | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/Applet/src/com/android/javacard/keymaster/KMEncoder.java b/Applet/src/com/android/javacard/keymaster/KMEncoder.java
index 53c30793..0e4666f2 100644
--- a/Applet/src/com/android/javacard/keymaster/KMEncoder.java
+++ b/Applet/src/com/android/javacard/keymaster/KMEncoder.java
@@ -315,7 +315,7 @@ public short getEncodedIntegerLength(short obj) {
     case 3: case 4: //Uint32
       return (short) 5;
     case 5: case 6: case 7: case 8: //Uint64
-      return (short) 5;
+      return (short) 9;
     default:
       ISOException.throwIt(ISO7816.SW_DATA_INVALID);
     }
diff --git a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
index 726f1f96..0fd6622a 100644
--- a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
+++ b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
@@ -202,6 +202,8 @@ protected KMKeymasterApplet(KMSEProvider seImpl) {
       keymasterState = KMKeymasterApplet.INIT_STATE;
       seProvider.createMasterKey((short) (KMRepository.MASTER_KEY_SIZE * 8));
     } else {
+      // This flag is explicitly set after upgrade, to make sure that
+      // Keymaster HAL releases its operation state table.
       cardResetStatus = CANARY_BIT_FLAG;
     }
     KMType.initialize();

From db2dc2de9423f66c77516433e3ac3f5909ebc19e Mon Sep 17 00:00:00 2001
From: BKSSM Venkateswarlu
 
Date: Wed, 21 Apr 2021 18:30:59 +0530
Subject: [PATCH 136/169] Clear the operation data associated with operation
 handle

---
 .../4.1/JavacardKeymaster4Device.cpp          | 28 +++++++++++--------
 1 file changed, 16 insertions(+), 12 deletions(-)

diff --git a/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp b/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp
index 2e3f97b3..612e408c 100644
--- a/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp
+++ b/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp
@@ -232,17 +232,21 @@ static void deleteOprHandleEntry(uint64_t halGeneratedOperationHandle) {
 }
 
 /* Clears all the strongbox operation handle entries from operation table */
-static void clearStrongboxOprHandleEntries() {
-    std::map>::iterator it = operationTable.begin();
-    for(; it != operationTable.end(); ++it) {
-        if (isStrongboxOperation(it->first))
-            operationTable.erase(it);
+static void clearStrongboxOprHandleEntries(const std::unique_ptr& oprCtx) {
+    if (nullptr != oprCtx) {
+        std::map>::iterator it = operationTable.begin();
+        for(; it != operationTable.end(); ++it) {
+            if (isStrongboxOperation(it->first)) {
+                oprCtx->clearOperationData(it->second.first);
+                operationTable.erase(it);
+            }
+        }
     }
 }
 
 template
 static std::tuple, T> decodeData(CborConverter& cb, const std::vector& response, bool
-        hasErrorCode) {
+        hasErrorCode, const std::unique_ptr& oprCtx=std::unique_ptr(nullptr)) {
     std::unique_ptr item(nullptr);
     T errorCode = T::OK;
     std::tie(item, errorCode) = cb.decodeData(response, hasErrorCode);
@@ -253,7 +257,7 @@ static std::tuple, T> decodeData(CborConverter& cb, const
 
     if (canaryBitSet) {
         //Clear the operation table for Strongbox operations entries.
-        clearStrongboxOprHandleEntries();
+        clearStrongboxOprHandleEntries(oprCtx);
         UNSET_CANARY_BIT(temp);
     }
     // SE sends errocode as unsigned value so convert the unsigned value
@@ -422,6 +426,7 @@ static bool isSEProvisioned() {
         return ret;
     }
     //Check if SE is provisioned.
+    std::unique_ptr oprCtx(nullptr);
     std::tie(item, errorCode) = decodeData(cborConverter, std::vector(response.begin(), response.end()-2),
             true);
     if(item != NULL) {
@@ -791,7 +796,6 @@ Return JavacardKeymaster4Device::getKeyCharacteristics(const hidl_vec cborData = array.encode();
 
     errorCode = sendData(Instruction::INS_GET_KEY_CHARACTERISTICS_CMD, cborData, cborOutData);
-
     if(errorCode == ErrorCode::OK) {
         //Skip last 2 bytes in cborData, it contains status.
         std::tie(item, errorCode) = decodeData(cborConverter_, std::vector(cborOutData.begin(), cborOutData.end()-2),
@@ -1050,7 +1054,7 @@ Return JavacardKeymaster4Device::begin(KeyPurpose purpose, const hidl_vec<
             if(errorCode == ErrorCode::OK) {
                 //Skip last 2 bytes in cborData, it contains status.
                 std::tie(item, errorCode) = decodeData(cborConverter_, std::vector(cborOutData.begin(), cborOutData.end()-2),
-                        true);
+                        true, oprCtx_);
                 if (item != nullptr) {
                     if(!cborConverter_.getKeyParameters(item, 1, outParams) ||
                             !cborConverter_.getUint64(item, 2, operationHandle)) {
@@ -1139,7 +1143,7 @@ Return JavacardKeymaster4Device::update(uint64_t halGeneratedOprHandle, co
             if(errorCode == ErrorCode::OK) {
                 //Skip last 2 bytes in cborData, it contains status.
                 std::tie(item, errorCode) = decodeData(cborConverter_, std::vector(cborOutData.begin(), cborOutData.end()-2),
-                        true);
+                        true, oprCtx_);
                 if (item != nullptr) {
                     /*Ignore inputConsumed from javacard SE since HAL consumes all the input */
                     //cborConverter_.getUint64(item, 1, inputConsumed);
@@ -1267,7 +1271,7 @@ Return JavacardKeymaster4Device::finish(uint64_t halGeneratedOprHandle, co
             if(errorCode == ErrorCode::OK) {
                 //Skip last 2 bytes in cborData, it contains status.
                 std::tie(item, errorCode) = decodeData(cborConverter_, std::vector(cborOutData.begin(), cborOutData.end()-2),
-                        true);
+                        true, oprCtx_);
                 if (item != nullptr) {
                     //There is a change that this finish callback may gets called multiple times if the input data size
                     //is larger the MAX_ALLOWED_INPUT_SIZE (Refer OperationContext) so parse and get the outParams only
@@ -1326,7 +1330,7 @@ Return JavacardKeymaster4Device::abort(uint64_t halGeneratedOprHandle
         if(errorCode == ErrorCode::OK) {
             //Skip last 2 bytes in cborData, it contains status.
             std::tie(item, errorCode) = decodeData(cborConverter_, std::vector(cborOutData.begin(), cborOutData.end()-2),
-                    true);
+                    true, oprCtx_);
         }
     }
     /* Delete the entry on this operationHandle */

From 633893e1c8f690a366e9779e3f2935afaac3e6e3 Mon Sep 17 00:00:00 2001
From: BKSSM Venkateswarlu
 
Date: Thu, 22 Apr 2021 18:14:39 +0530
Subject: [PATCH 137/169] 1. Handled the reset event in provision tool. 2.
 Fixed the issue in HAL while clearing the operation table. 3. isSEProvisioned
 call is removed.

---
 .../4.1/JavacardKeymaster4Device.cpp          | 97 +++++--------------
 ProvisioningTool/Provision.cpp                | 85 +++++++++++++++-
 2 files changed, 105 insertions(+), 77 deletions(-)

diff --git a/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp b/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp
index 612e408c..728dcc14 100644
--- a/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp
+++ b/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp
@@ -233,20 +233,20 @@ static void deleteOprHandleEntry(uint64_t halGeneratedOperationHandle) {
 
 /* Clears all the strongbox operation handle entries from operation table */
 static void clearStrongboxOprHandleEntries(const std::unique_ptr& oprCtx) {
-    if (nullptr != oprCtx) {
-        std::map>::iterator it = operationTable.begin();
-        for(; it != operationTable.end(); ++it) {
-            if (isStrongboxOperation(it->first)) {
-                oprCtx->clearOperationData(it->second.first);
-                operationTable.erase(it);
-            }
+    auto it = operationTable.begin();
+    while (it != operationTable.end()) {
+        if (it->second.second == SB_KM_OPR) { //Strongbox operation
+            oprCtx->clearOperationData(it->second.first);
+            it = operationTable.erase(it);
+        } else {
+            ++it;
         }
     }
 }
 
 template
 static std::tuple, T> decodeData(CborConverter& cb, const std::vector& response, bool
-        hasErrorCode, const std::unique_ptr& oprCtx=std::unique_ptr(nullptr)) {
+        hasErrorCode, const std::unique_ptr& oprCtx) {
     std::unique_ptr item(nullptr);
     T errorCode = T::OK;
     std::tie(item, errorCode) = cb.decodeData(response, hasErrorCode);
@@ -404,59 +404,10 @@ uint16_t getStatus(std::vector& inputData) {
     return (inputData.at(inputData.size()-2) << 8) | (inputData.at(inputData.size()-1));
 }
 
-static bool isSEProvisioned() {
-    ErrorCode errorCode = ErrorCode::OK;
-    Instruction ins = Instruction::INS_GET_PROVISION_STATUS_CMD;
-    std::vector cborData;
-    std::vector response;
-    std::unique_ptr item;
-    CborConverter cborConverter;
-    std::vector apdu;
-    bool ret = false;
-
-    errorCode = constructApduMessage(ins, cborData, apdu);
-    if(errorCode != ErrorCode::OK) return ret;
-
-    if(!getTransportFactoryInstance()->sendData(apdu.data(), apdu.size(), response)) {
-        LOG(ERROR) << " Failed to send GET_PROVISION_STATUS_CMD ";
-        return ret;
-    }
-
-    if((response.size() <= 2) || (getStatus(response) != APDU_RESP_STATUS_OK)) {
-        return ret;
-    }
-    //Check if SE is provisioned.
-    std::unique_ptr oprCtx(nullptr);
-    std::tie(item, errorCode) = decodeData(cborConverter, std::vector(response.begin(), response.end()-2),
-            true);
-    if(item != NULL) {
-        uint64_t status;
-
-        if(!cborConverter.getUint64(item, 1, status)) {
-            LOG(ERROR) << "Failed to parse the status from cbor data";
-            return ret;
-        }
-
-        if ( (0 != (status & ProvisionStatus::PROVISION_STATUS_ATTESTATION_KEY)) &&
-                (0 != (status & ProvisionStatus::PROVISION_STATUS_ATTESTATION_CERT_CHAIN)) &&
-                (0 != (status & ProvisionStatus::PROVISION_STATUS_ATTESTATION_CERT_PARAMS)) &&
-                (0 != (status & ProvisionStatus::PROVISION_STATUS_PRESHARED_SECRET)) &&
-                (0 != (status & ProvisionStatus::PROVISION_STATUS_BOOT_PARAM))) {
-            ret = true;
-        }
-    }
-    return ret;
-}
-
-
 ErrorCode sendData(Instruction ins, std::vector& inData, std::vector& response) {
     ErrorCode ret = ErrorCode::UNKNOWN_ERROR;
     std::vector apdu;
 
-    if (!isSEProvisioned()) {
-        LOG(ERROR) << "Javacard applet is not provisioned.";
-        return ret;
-    }
     ret = constructApduMessage(ins, inData, apdu);
     if(ret != ErrorCode::OK) return ret;
 
@@ -497,7 +448,7 @@ Return JavacardKeymaster4Device::getHardwareInfo(getHardwareInfo_cb _hidl_
     if (ret == ErrorCode::OK) {
         //Skip last 2 bytes in cborData, it contains status.
         std::tie(item, ret) = decodeData(cborConverter_, std::vector(resp.begin(), resp.end()-2),
-                false);
+                false, oprCtx_);
         if (item != nullptr) {
             std::vector temp;
             if(!cborConverter_.getUint64(item, 0, securityLevel) ||
@@ -527,7 +478,7 @@ Return JavacardKeymaster4Device::getHmacSharingParameters(getHmacSharingPa
     if (ErrorCode::OK == errorCode) {
         //Skip last 2 bytes in cborData, it contains status.
         std::tie(item, errorCode) = decodeData(cborConverter_, std::vector(cborData.begin(), cborData.end()-2),
-                true);
+                true, oprCtx_);
         if (item != nullptr) {
             if(!cborConverter_.getHmacSharingParameters(item, 1, hmacSharingParameters)) {
                 errorCode = ErrorCode::UNKNOWN_ERROR;
@@ -578,7 +529,7 @@ Return JavacardKeymaster4Device::computeSharedHmac(const hidl_vec(cborOutData.begin(), cborOutData.end()-2),
-                true);
+                true, oprCtx_);
         if (item != nullptr) {
             std::vector bstr;
             if(!cborConverter_.getBinaryArray(item, 1, bstr)) {
@@ -635,7 +586,7 @@ Return JavacardKeymaster4Device::addRngEntropy(const hidl_vec(cborOutData.begin(), cborOutData.end()-2),
-                true);
+                true, oprCtx_);
     }
     return errorCode;
 }
@@ -666,7 +617,7 @@ Return JavacardKeymaster4Device::generateKey(const hidl_vec&
     if(errorCode == ErrorCode::OK) {
         //Skip last 2 bytes in cborData, it contains status.
         std::tie(item, errorCode) = decodeData(cborConverter_, std::vector(cborOutData.begin(), cborOutData.end()-2),
-                true);
+                true, oprCtx_);
         if (item != nullptr) {
             if(!cborConverter_.getBinaryArray(item, 1, keyBlob) ||
                     !cborConverter_.getKeyCharacteristics(item, 2, keyCharacteristics)) {
@@ -712,7 +663,7 @@ Return JavacardKeymaster4Device::importKey(const hidl_vec& k
     if(errorCode == ErrorCode::OK) {
         //Skip last 2 bytes in cborData, it contains status.
         std::tie(item, errorCode) = decodeData(cborConverter_, std::vector(cborOutData.begin(), cborOutData.end()-2),
-                true);
+                true, oprCtx_);
         if (item != nullptr) {
             if(!cborConverter_.getBinaryArray(item, 1, keyBlob) ||
                     !cborConverter_.getKeyCharacteristics(item, 2, keyCharacteristics)) {
@@ -767,7 +718,7 @@ Return JavacardKeymaster4Device::importWrappedKey(const hidl_vec&
     if(errorCode == ErrorCode::OK) {
         //Skip last 2 bytes in cborData, it contains status.
         std::tie(item, errorCode) = decodeData(cborConverter_, std::vector(cborOutData.begin(), cborOutData.end()-2),
-                true);
+                true, oprCtx_);
         if (item != nullptr) {
             if(!cborConverter_.getBinaryArray(item, 1, keyBlob) ||
                     !cborConverter_.getKeyCharacteristics(item, 2, keyCharacteristics)) {
@@ -799,7 +750,7 @@ Return JavacardKeymaster4Device::getKeyCharacteristics(const hidl_vec(cborOutData.begin(), cborOutData.end()-2),
-                true);
+                true, oprCtx_);
         if (item != nullptr) {
             if(!cborConverter_.getKeyCharacteristics(item, 1, keyCharacteristics)) {
                 keyCharacteristics.softwareEnforced.setToExternal(nullptr, 0);
@@ -865,7 +816,7 @@ Return JavacardKeymaster4Device::attestKey(const hidl_vec& keyToA
         std::vector rootCert;
         //Skip last 2 bytes in cborData, it contains status.
         std::tie(item, errorCode) = decodeData(cborConverter_, std::vector(cborOutData.begin(), cborOutData.end()-2),
-                true);
+                true, oprCtx_);
         if (item != nullptr) {
             if(!cborConverter_.getMultiBinaryArray(item, 1, temp)) {
                 errorCode = ErrorCode::UNKNOWN_ERROR;
@@ -877,7 +828,7 @@ Return JavacardKeymaster4Device::attestKey(const hidl_vec& keyToA
                     //Skip last 2 bytes in cborData, it contains status.
                     std::tie(item, errorCode) = decodeData(cborConverter_, std::vector(cborOutData.begin(),
                     cborOutData.end()-2),
-                            true);
+                            true, oprCtx_);
                     if (item != nullptr) {
                         std::vector chain;
                         if(!cborConverter_.getBinaryArray(item, 1, chain)) {
@@ -915,7 +866,7 @@ Return JavacardKeymaster4Device::upgradeKey(const hidl_vec& keyBl
     if(errorCode == ErrorCode::OK) {
         //Skip last 2 bytes in cborData, it contains status.
         std::tie(item, errorCode) = decodeData(cborConverter_, std::vector(cborOutData.begin(), cborOutData.end()-2),
-                true);
+                true, oprCtx_);
         if (item != nullptr) {
             if(!cborConverter_.getBinaryArray(item, 1, upgradedKeyBlob))
                 errorCode = ErrorCode::UNKNOWN_ERROR;
@@ -938,7 +889,7 @@ Return JavacardKeymaster4Device::deleteKey(const hidl_vec& k
     if(errorCode == ErrorCode::OK) {
         //Skip last 2 bytes in cborData, it contains status.
         std::tie(item, errorCode) = decodeData(cborConverter_, std::vector(cborOutData.begin(), cborOutData.end()-2),
-                true);
+                true, oprCtx_);
     }
     return errorCode;
 }
@@ -954,7 +905,7 @@ Return JavacardKeymaster4Device::deleteAllKeys() {
     if(errorCode == ErrorCode::OK) {
         //Skip last 2 bytes in cborData, it contains status.
         std::tie(item, errorCode) = decodeData(cborConverter_, std::vector(cborOutData.begin(), cborOutData.end()-2),
-                true);
+                true, oprCtx_);
     }
     return errorCode;
 }
@@ -970,7 +921,7 @@ Return JavacardKeymaster4Device::destroyAttestationIds() {
     if(errorCode == ErrorCode::OK) {
         //Skip last 2 bytes in cborData, it contains status.
         std::tie(item, errorCode) = decodeData(cborConverter_, std::vector(cborOutData.begin(), cborOutData.end()-2),
-                true);
+                true, oprCtx_);
     }
     return errorCode;
 }
@@ -1362,7 +1313,7 @@ Return<::android::hardware::keymaster::V4_1::ErrorCode> JavacardKeymaster4Device
     if(ret == ErrorCode::OK) {
         //Skip last 2 bytes in cborData, it contains status.
         std::tie(item, errorCode) = decodeData<::android::hardware::keymaster::V4_1::ErrorCode>(
-                cborConverter_, std::vector(cborOutData.begin(), cborOutData.end()-2), true);
+                cborConverter_, std::vector(cborOutData.begin(), cborOutData.end()-2), true, oprCtx_);
     }
     return errorCode;
 }
@@ -1379,7 +1330,7 @@ Return<::android::hardware::keymaster::V4_1::ErrorCode> JavacardKeymaster4Device
     if(ret == ErrorCode::OK) {
         //Skip last 2 bytes in cborData, it contains status.
         std::tie(item, errorCode) = decodeData<::android::hardware::keymaster::V4_1::ErrorCode>(
-                cborConverter_, std::vector(cborOutData.begin(), cborOutData.end()-2), true);
+                cborConverter_, std::vector(cborOutData.begin(), cborOutData.end()-2), true, oprCtx_);
     }
     return errorCode;
 }
diff --git a/ProvisioningTool/Provision.cpp b/ProvisioningTool/Provision.cpp
index 45425975..f1762430 100644
--- a/ProvisioningTool/Provision.cpp
+++ b/ProvisioningTool/Provision.cpp
@@ -35,6 +35,9 @@
 #define APDU_P1  0x40
 #define APDU_P2  0x00
 #define APDU_RESP_STATUS_OK 0x9000
+#define CANARY_BIT_FLAG ( 1 << 30)
+#define UNSET_CANARY_BIT(a) (a &= ~CANARY_BIT_FLAG)
+#define TWOS_COMPLIMENT(a) (a = ~a + 1)
 
 namespace keymaster {
 namespace V4_1 {
@@ -52,6 +55,23 @@ enum class Instruction {
     INS_GET_PROVISION_STATUS_CMD = INS_BEGIN_KM_CMD+8,
 };
 
+//Extended error codes
+enum ExtendedErrors {
+    SW_CONDITIONS_NOT_SATISFIED = -10001,
+    UNSUPPORTED_CLA = -10002,
+    INVALID_P1P2 = -10003,
+    UNSUPPORTED_INSTRUCTION = -10004,
+    CMD_NOT_ALLOWED = -10005,
+    SW_WRONG_LENGTH = -10006,
+    INVALID_DATA = -10007,
+    CRYPTO_ILLEGAL_USE = -10008,
+    CRYPTO_ILLEGAL_VALUE = -10009,
+    CRYPTO_INVALID_INIT = -10010,
+    CRYPTO_NO_SUCH_ALGORITHM = -10011,
+    CRYPTO_UNINITIALIZED_KEY = -10012,
+    GENERIC_UNKNOWN_ERROR = -10013
+};
+
 enum ProvisionStatus {
     NOT_PROVISIONED = 0x00,
     PROVISION_STATUS_ATTESTATION_KEY = 0x01,
@@ -67,6 +87,65 @@ enum ProvisionStatus {
 static ErrorCode constructApduMessage(Instruction& ins, std::vector& inputData, std::vector& apduOut);
 static ErrorCode sendProvisionData(std::unique_ptr& transport, Instruction ins, std::vector& inData, std::vector& response);
 static uint16_t getStatus(std::vector& inputData);
+template
+static std::tuple, T> decodeData(CborConverter& cb, const std::vector& response);
+template
+static T translateExtendedErrorsToHalErrors(T& errorCode);
+
+template
+static T translateExtendedErrorsToHalErrors(T& errorCode) {
+    T err;
+    switch(static_cast(errorCode)) {
+        case SW_CONDITIONS_NOT_SATISFIED:
+        case UNSUPPORTED_CLA:
+        case INVALID_P1P2:
+        case INVALID_DATA:
+        case CRYPTO_ILLEGAL_USE:
+        case CRYPTO_ILLEGAL_VALUE:
+        case CRYPTO_INVALID_INIT:
+        case CRYPTO_UNINITIALIZED_KEY:
+        case GENERIC_UNKNOWN_ERROR:
+            err = T::UNKNOWN_ERROR;
+            break;
+        case CRYPTO_NO_SUCH_ALGORITHM:
+            err = T::UNSUPPORTED_ALGORITHM;
+            break;
+        case UNSUPPORTED_INSTRUCTION:
+        case CMD_NOT_ALLOWED:
+        case SW_WRONG_LENGTH:
+            err = T::UNIMPLEMENTED;
+            break;
+        default:
+            err = static_cast(errorCode);
+            break;
+    }
+    return err;
+}
+
+template
+static std::tuple, T> decodeData(CborConverter& cb, const std::vector& response) {
+    std::unique_ptr item(nullptr);
+    T errorCode = T::OK;
+    std::tie(item, errorCode) = cb.decodeData(response, true);
+    int32_t temp = static_cast(errorCode);
+
+    bool canaryBitSet = (0 != (temp & CANARY_BIT_FLAG));
+
+    if (canaryBitSet) {
+        LOG(INFO) << "Secureelement reset happened";
+        UNSET_CANARY_BIT(temp);
+    }
+    // SE sends errocode as unsigned value so convert the unsigned value
+    // into a signed value of same magnitude.
+    TWOS_COMPLIMENT(temp);
+
+    //Write back temp to errorCode
+    errorCode = static_cast(temp);
+
+    if (T::OK != errorCode)
+        errorCode = translateExtendedErrorsToHalErrors(errorCode);
+    return {std::move(item), errorCode};
+}
 
 static inline X509* parseDerCertificate(std::vector& certData) {
     X509 *x509 = NULL;
@@ -173,8 +252,7 @@ static ErrorCode sendProvisionData(std::unique_ptr 2)) {
         //Skip last 2 bytes in cborData, it contains status.
-        std::tie(item, ret) = cborConverter.decodeData(std::vector(response.begin(), response.end()-2),
-                true);
+        std::tie(item, ret) = decodeData(cborConverter, std::vector(response.begin(), response.end()-2));
     } else {
         ret = ErrorCode::UNKNOWN_ERROR;
     }
@@ -366,8 +444,7 @@ ErrorCode Provision::getProvisionStatus(uint64_t& status) {
         return errorCode;
     }
     //Check if SE is provisioned.
-    std::tie(item, errorCode) = cborConverter.decodeData(std::vector(response.begin(), response.end()-2),
-            true);
+    std::tie(item, errorCode) = decodeData(cborConverter, std::vector(response.begin(), response.end()-2));
     if(item != NULL) {
 
         if(!cborConverter.getUint64(item, 1, status)) {

From da6135fbb3f3419fbde9344de6ae825f01cee036 Mon Sep 17 00:00:00 2001
From: bvenkatswarlu 
Date: Thu, 22 Apr 2021 18:19:13 +0530
Subject: [PATCH 138/169] Corrected the testcase

---
 .../test/com/android/javacard/test/KMFunctionalTest.java        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java b/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java
index 83a37087..c77e83e0 100644
--- a/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java
+++ b/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java
@@ -2888,7 +2888,7 @@ public void testCardRest() {
       // Call abort operation and check if the canary bit is set or not.
       opHandle = KMInteger.uint_64(opHandleBuf, (short) 0);
       ret = abort(opHandle, resetEvents[i][6]);
-      if (resetEvents[i][2] | resetEvents[i][3] | resetEvents[i][4] | resetEvents[i][5] | resetEvents[i][6]) {
+      if (resetEvents[i][1] || resetEvents[i][2] | resetEvents[i][3] | resetEvents[i][4] | resetEvents[i][5] | resetEvents[i][6]) {
         short err = KMInteger.cast(ret).getShort();
         Assert.assertEquals(KMError.INVALID_OPERATION_HANDLE, err);
       }

From 8b2adc9f9fa7a6cc6e9584fbad030208fc022485 Mon Sep 17 00:00:00 2001
From: BKSSM Venkateswarlu
 
Date: Fri, 23 Apr 2021 23:32:10 +0530
Subject: [PATCH 139/169] separate os_version, os_patchlevel and
 vendor_patchlevel from other bootparamters

---
 HAL/keymaster/4.1/CommonUtils.cpp             | 75 +++++++++++++++++++
 .../4.1/JavacardKeymaster4Device.cpp          | 33 +++++++-
 HAL/keymaster/include/CommonUtils.h           |  2 +
 3 files changed, 109 insertions(+), 1 deletion(-)

diff --git a/HAL/keymaster/4.1/CommonUtils.cpp b/HAL/keymaster/4.1/CommonUtils.cpp
index a6d2b7ab..090c8d0d 100644
--- a/HAL/keymaster/4.1/CommonUtils.cpp
+++ b/HAL/keymaster/4.1/CommonUtils.cpp
@@ -16,11 +16,15 @@
  */
 
 #include 
+#include 
+#include 
+#include 
 #include 
 #include 
 #include 
 #include 
 #include 
+#include 
 #include 
 #include 
 #include 
@@ -35,6 +39,13 @@ namespace keymaster {
 namespace V4_1 {
 namespace javacard {
 
+constexpr char kVendorPatchlevelProp[] = "ro.vendor.build.security_patch";
+constexpr char kVendorPatchlevelRegex[] = "^([0-9]{4})-([0-9]{2})-([0-9]{2})$";
+constexpr size_t kYearMatch = 1;
+constexpr size_t kMonthMatch = 2;
+constexpr size_t kDayMatch = 3;
+constexpr size_t kVendorPatchlevelMatchCount = kDayMatch + 1;
+
 hidl_vec kmParamSet2Hidl(const keymaster_key_param_set_t& set) {
     hidl_vec result;
     if (set.length == 0 || set.params == nullptr)
@@ -272,6 +283,70 @@ ErrorCode getCertificateChain(std::vector& chainBuffer, std::vector 12) {
+        LOG(ERROR) << "Invalid patch month " << month;
+        return 0;
+    }
+    bool isLeapYear = (0 == year % 4) ? true : false;
+    int maxDaysForMonth = 31;
+    switch(month) {
+        case 4: case 6: case 9: case 11:
+            maxDaysForMonth = 30;
+            break;
+        case 2:
+            maxDaysForMonth = isLeapYear ? 29 : 28;
+            break;
+    }
+    if (day < 1 || day > maxDaysForMonth) {
+        LOG(ERROR) << "Invalid patch day " << day;
+        return 0;
+    }
+    return year * 10000 + month * 100 + day;
+}
+
+uint32_t GetVendorPatchlevel() {
+    std::string patchlevel = wait_and_get_property(kVendorPatchlevelProp);
+    return GetVendorPatchlevel(patchlevel.c_str());
+}
+
 
 }  // namespace javacard
 }  // namespace V4_1
diff --git a/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp b/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp
index eb8ccdd8..d0b3a060 100644
--- a/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp
+++ b/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp
@@ -92,6 +92,7 @@ enum class Instruction {
     INS_EARLY_BOOT_ENDED_CMD = INS_END_KM_PROVISION_CMD+21,
     INS_GET_CERT_CHAIN_CMD = INS_END_KM_PROVISION_CMD+22,
     INS_GET_PROVISION_STATUS_CMD = INS_BEGIN_KM_CMD+8,
+    INS_SET_VERSION_PATCHLEVEL_CMD = INS_BEGIN_KM_CMD+9,
 };
 
 enum ProvisionStatus {
@@ -519,15 +520,45 @@ Return JavacardKeymaster4Device::getHmacSharingParameters(getHmacSharingPa
     return Void();
 }
 
+static ErrorCode setAndroidSystemProperties(CborConverter cborConverter_) {
+    ErrorCode errorCode = ErrorCode::UNKNOWN_ERROR;
+    cppbor::Array array;
+    std::unique_ptr item;
+    std::vector cborOutData;
+
+    array.add(GetOsVersion()).
+        add(GetOsPatchlevel()).
+        add(GetVendorPatchlevel());
+
+    std::vector cborData = array.encode();
+    errorCode = sendData(Instruction::INS_SET_VERSION_PATCHLEVEL_CMD, cborData, cborOutData);
+    if (ErrorCode::OK == errorCode) {
+        //Skip last 2 bytes in cborData, it contains status.
+        std::tie(item, errorCode) = decodeData(cborConverter_, std::vector(cborOutData.begin(), cborOutData.end()-2),
+                true);
+    }
+    return errorCode;
+}
+
 Return JavacardKeymaster4Device::computeSharedHmac(const hidl_vec& params, computeSharedHmac_cb _hidl_cb) {
     cppbor::Array array;
     std::unique_ptr item;
     std::vector cborOutData;
     hidl_vec sharingCheck;
-
     ErrorCode errorCode = ErrorCode::UNKNOWN_ERROR;
     std::vector tempVec;
     cppbor::Array outerArray;
+
+    // The Android system properties like OS_VERSION, OS_PATCHLEVEL and VENDOR_PATCHLEVEL are to 
+    // be delivered to the Applet when the HAL is first loaded. This is one of the ideal places
+    // to send this information to the Applet as computeSharedHmac is called everytime when Android
+    // device boots.
+    if (ErrorCode::OK != (errorCode = setAndroidSystemProperties(cborConverter_))) {
+        LOG(ERROR) << " Failed to set os_version, os_patchlevel and vendor_patchlevel err: " << (int32_t)errorCode;
+        return Void();
+    }
+
+
     for(size_t i = 0; i < params.size(); ++i) {
         cppbor::Array innerArray;
         innerArray.add(static_cast>(params[i].seed));
diff --git a/HAL/keymaster/include/CommonUtils.h b/HAL/keymaster/include/CommonUtils.h
index f08a60c3..b6612741 100644
--- a/HAL/keymaster/include/CommonUtils.h
+++ b/HAL/keymaster/include/CommonUtils.h
@@ -88,6 +88,8 @@ publicKey, EcCurve& eccurve);
 
 ErrorCode getCertificateChain(std::vector& chainBuffer, std::vector>& certChain);
 
+uint32_t GetVendorPatchlevel();
+
 class KmParamSet : public keymaster_key_param_set_t {
     public:
         explicit KmParamSet(const hidl_vec& keyParams)

From 08958178b2af5a9e86e128a14b26b724b100ef54 Mon Sep 17 00:00:00 2001
From: BKSSM Venkateswarlu
 
Date: Fri, 23 Apr 2021 23:32:10 +0530
Subject: [PATCH 140/169] separate os_version, os_patchlevel and
 vendor_patchlevel from other bootparamters

---
 .../javacard/test/KMFunctionalTest.java       |  76 +++++++-----
 .../javacard/keymaster/KMKeymasterApplet.java | 115 ++++++++++--------
 2 files changed, 113 insertions(+), 78 deletions(-)

diff --git a/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java b/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java
index 9e9c2c6c..517afb7f 100644
--- a/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java
+++ b/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java
@@ -92,6 +92,7 @@ public class KMFunctionalTest {
   private static final byte INS_SET_BOOT_PARAMS_CMD = INS_BEGIN_KM_CMD + 6; //0x06
   private static final byte INS_LOCK_PROVISIONING_CMD = INS_BEGIN_KM_CMD + 7; //0x07
   private static final byte INS_GET_PROVISION_STATUS_CMD = INS_BEGIN_KM_CMD + 8; //0x08
+  private static final byte INS_SET_VERSION_PATCHLEVEL_CMD = INS_BEGIN_KM_CMD + 9; //0x09
   // Top 32 commands are reserved for provisioning.
   private static final byte INS_END_KM_PROVISION_CMD = 0x20;
 
@@ -473,8 +474,8 @@ private void init() {
     provisionCmd(simulator);
   }
 
-  private void setBootParams(CardSimulator simulator, short osVersion,
-      short osPatchLevel, short vendorPatchLevel, short bootPatchLevel) {
+  private void setAndroidOSSystemProperties(CardSimulator simulator, short osVersion,
+                                            short osPatchLevel, short vendorPatchLevel) {
     // Argument 1 OS Version
     short versionPtr = KMInteger.uint_16(osVersion);
     // short versionTagPtr = KMIntegerTag.instance(KMType.UINT_TAG,
@@ -482,31 +483,43 @@ private void setBootParams(CardSimulator simulator, short osVersion,
     // Argument 2 OS Patch level
     short patchPtr = KMInteger.uint_16(osPatchLevel);
     short vendorpatchPtr = KMInteger.uint_16((short) vendorPatchLevel);
+    // Arguments
+    short arrPtr = KMArray.instance((short) 3);
+    KMArray vals = KMArray.cast(arrPtr);
+    vals.add((short) 0, versionPtr);
+    vals.add((short) 1, patchPtr);
+    vals.add((short) 2, vendorpatchPtr);
+    CommandAPDU apdu = encodeApdu((byte) INS_SET_VERSION_PATCHLEVEL_CMD, arrPtr);
+    // print(commandAPDU.getBytes());
+    ResponseAPDU response = simulator.transmitCommand(apdu);
+    Assert.assertEquals(0x9000, response.getSW());
+
+  }
+
+  private void setBootParams(CardSimulator simulator, short bootPatchLevel) {
+    // Argument 0 boot patch level
     short bootpatchPtr = KMInteger.uint_16((short) bootPatchLevel);
-    // Argument 3 Verified Boot Key
+    // Argument 1 Verified Boot Key
     byte[] bootKeyHash = "00011122233344455566677788899900".getBytes();
     short bootKeyPtr = KMByteBlob.instance(bootKeyHash, (short) 0,
         (short) bootKeyHash.length);
-    // Argument 4 Verified Boot Hash
+    // Argument 2 Verified Boot Hash
     short bootHashPtr = KMByteBlob.instance(bootKeyHash, (short) 0,
         (short) bootKeyHash.length);
-    // Argument 5 Verified Boot State
+    // Argument 3 Verified Boot State
     short bootStatePtr = KMEnum.instance(KMType.VERIFIED_BOOT_STATE,
         KMType.VERIFIED_BOOT);
-    // Argument 6 Device Locked
+    // Argument 4 Device Locked
     short deviceLockedPtr = KMEnum.instance(KMType.DEVICE_LOCKED,
         KMType.DEVICE_LOCKED_FALSE);
     // Arguments
-    short arrPtr = KMArray.instance((short) 8);
+    short arrPtr = KMArray.instance((short) 5);
     KMArray vals = KMArray.cast(arrPtr);
-    vals.add((short) 0, versionPtr);
-    vals.add((short) 1, patchPtr);
-    vals.add((short) 2, vendorpatchPtr);
-    vals.add((short) 3, bootpatchPtr);
-    vals.add((short) 4, bootKeyPtr);
-    vals.add((short) 5, bootHashPtr);
-    vals.add((short) 6, bootStatePtr);
-    vals.add((short) 7, deviceLockedPtr);
+    vals.add((short) 0, bootpatchPtr);
+    vals.add((short) 1, bootKeyPtr);
+    vals.add((short) 2, bootHashPtr);
+    vals.add((short) 3, bootStatePtr);
+    vals.add((short) 4, deviceLockedPtr);
     CommandAPDU apdu = encodeApdu((byte) INS_SET_BOOT_PARAMS_CMD, arrPtr);
     // print(commandAPDU.getBytes());
     ResponseAPDU response = simulator.transmitCommand(apdu);
@@ -661,8 +674,10 @@ private void provisionCmd(CardSimulator simulator) {
     provisionSharedSecret(simulator);
     provisionAttestIds(simulator);
     // set bootup parameters
-    setBootParams(simulator, (short) OS_VERSION, (short) OS_PATCH_LEVEL,
-            (short) VENDOR_PATCH_LEVEL, (short) BOOT_PATCH_LEVEL);
+    setBootParams(simulator, (short) BOOT_PATCH_LEVEL);
+    // set android system properties
+    setAndroidOSSystemProperties(simulator, (short) OS_VERSION, (short) OS_PATCH_LEVEL,
+      (short) VENDOR_PATCH_LEVEL);
     provisionLocked(simulator);
   }
 
@@ -2722,11 +2737,12 @@ public void testUpgradeKey() {
             {0, OS_PATCH_LEVEL+1, VENDOR_PATCH_LEVEL-1, BOOT_PATCH_LEVEL+1, NO_UPGRADE,  KMError.INVALID_ARGUMENT },
     };
     for (int i = 0; i < test_data.length; i++) {
-      setBootParams(simulator, (short) test_data[i][0], (short) test_data[i][1],
-              (short) test_data[i][2], (short) test_data[i][3]);
+      setAndroidOSSystemProperties(simulator, (short) test_data[i][0], (short) test_data[i][1],
+        (short) test_data[i][2]);
+      setBootParams(simulator, (short) test_data[i][3]);
       ret = upgradeKey(
-              KMByteBlob.instance(keyBlob, (short) 0, (short) keyBlob.length),
-              null, null, test_data[i][5]);
+        KMByteBlob.instance(keyBlob, (short) 0, (short) keyBlob.length),
+        null, null, test_data[i][5]);
       if (test_data[i][5] != KMError.OK)
         continue;
       keyBlobPtr = KMArray.cast(ret).get((short) 1);
@@ -2738,27 +2754,27 @@ public void testUpgradeKey() {
         ret = getKeyCharacteristics(keyBlobPtr);
         keyCharacteristics = KMArray.cast(ret).get((short) 1);
         hwParams = KMKeyCharacteristics.cast(keyCharacteristics)
-                .getHardwareEnforced();
+          .getHardwareEnforced();
         osVersion = KMKeyParameters.findTag(KMType.UINT_TAG, KMType.OS_VERSION,
-                hwParams);
+          hwParams);
         osVersion = KMIntegerTag.cast(osVersion).getValue();
         osPatch = KMKeyParameters.findTag(KMType.UINT_TAG,
-                KMType.OS_PATCH_LEVEL, hwParams);
+          KMType.OS_PATCH_LEVEL, hwParams);
         osPatch = KMIntegerTag.cast(osPatch).getValue();
         short ptr = KMKeyParameters.findTag(KMType.UINT_TAG,
-                KMType.VENDOR_PATCH_LEVEL, hwParams);
+          KMType.VENDOR_PATCH_LEVEL, hwParams);
         short vendorPatchLevel = KMIntegerTag.cast(ptr).getValue();
         ptr = KMKeyParameters.findTag(KMType.UINT_TAG, KMType.BOOT_PATCH_LEVEL,
-                hwParams);
+          hwParams);
         short bootPatchLevel = KMIntegerTag.cast(ptr).getValue();
         Assert.assertEquals(KMInteger.cast(osVersion).getShort(),
-                test_data[i][0]);
+          test_data[i][0]);
         Assert.assertEquals(KMInteger.cast(osPatch).getShort(),
-                test_data[i][1]);
+          test_data[i][1]);
         Assert.assertEquals(KMInteger.cast(vendorPatchLevel).getShort(),
-                test_data[i][2]);
+          test_data[i][2]);
         Assert.assertEquals(KMInteger.cast(bootPatchLevel).getShort(),
-                test_data[i][3]);
+          test_data[i][3]);
       }
     }
     cleanUp();
diff --git a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
index b1a78178..4caa9d51 100644
--- a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
+++ b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
@@ -85,6 +85,7 @@ public class KMKeymasterApplet extends Applet implements AppletEvent, ExtendedLe
   private static final byte INS_SET_BOOT_PARAMS_CMD = INS_BEGIN_KM_CMD + 6; //0x06
   private static final byte INS_LOCK_PROVISIONING_CMD = INS_BEGIN_KM_CMD + 7; //0x07
   private static final byte INS_GET_PROVISION_STATUS_CMD = INS_BEGIN_KM_CMD + 8; //0x08
+  private static final byte INS_SET_VERSION_PATCHLEVEL_CMD = INS_BEGIN_KM_CMD + 9; //0x09
   // Top 32 commands are reserved for provisioning.
   private static final byte INS_END_KM_PROVISION_CMD = 0x20;
 
@@ -467,6 +468,9 @@ && isProvisioningComplete())) {
           case INS_GET_CERT_CHAIN_CMD:
             processGetCertChainCmd(apdu);
             break;
+          case INS_SET_VERSION_PATCHLEVEL_CMD:
+            processSetVersionAndPatchLevels(apdu);
+            break;
           default:
             ISOException.throwIt(ISO7816.SW_INS_NOT_SUPPORTED);
         }
@@ -641,6 +645,47 @@ private void processAddRngEntropyCmd(APDU apdu) {
     sendError(apdu, KMError.OK);
   }
 
+  private void processSetVersionAndPatchLevels(APDU apdu) {
+    receiveIncoming(apdu);
+    byte[] scratchPad = apdu.getBuffer();
+    // Argument 1 OS Version
+    tmpVariables[0] = KMInteger.exp();
+    // Argument 2 OS Patch level
+    tmpVariables[1] = KMInteger.exp();
+    // Argument 3 Vendor Patch level
+    tmpVariables[2] = KMInteger.exp();
+    // Array of expected arguments
+    short argsProto = KMArray.instance((short) 3);
+    KMArray.cast(argsProto).add((short) 0, tmpVariables[0]);
+    KMArray.cast(argsProto).add((short) 1, tmpVariables[1]);
+    KMArray.cast(argsProto).add((short) 2, tmpVariables[2]);
+    // Decode the arguments
+    short args = decoder.decode(argsProto, (byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET], bufferProp[BUF_LEN_OFFSET]);
+    //reclaim memory
+    repository.reclaimMemory(bufferProp[BUF_LEN_OFFSET]);
+
+    tmpVariables[0] = KMArray.cast(args).get((short) 0);
+    tmpVariables[1] = KMArray.cast(args).get((short) 1);
+    tmpVariables[2] = KMArray.cast(args).get((short) 2);
+
+    repository.setOsVersion(
+      KMInteger.cast(tmpVariables[0]).getBuffer(),
+      KMInteger.cast(tmpVariables[0]).getStartOff(),
+      KMInteger.cast(tmpVariables[0]).length());
+
+    repository.setOsPatch(
+      KMInteger.cast(tmpVariables[1]).getBuffer(),
+      KMInteger.cast(tmpVariables[1]).getStartOff(),
+      KMInteger.cast(tmpVariables[1]).length());
+
+    repository.setVendorPatchLevel(
+      KMInteger.cast(tmpVariables[2]).getBuffer(),
+      KMInteger.cast(tmpVariables[2]).getStartOff(),
+      KMInteger.cast(tmpVariables[2]).length());
+
+    sendError(apdu, KMError.OK);
+  }
+
   private void processGetCertChainCmd(APDU apdu) {
     // Make the response
     tmpVariables[0] = seProvider.getCertificateChainLength();
@@ -3135,32 +3180,23 @@ private void updateKeyParameters(byte[] ptrArr, short len) {
   private void processSetBootParamsCmd(APDU apdu) {
     receiveIncoming(apdu);
     byte[] scratchPad = apdu.getBuffer();
-    // Argument 1 OS Version
+    // Argument 0 Boot Patch level
     tmpVariables[0] = KMInteger.exp();
-    // Argument 2 OS Patch level
-    tmpVariables[1] = KMInteger.exp();
-    // Argument 3 Vendor Patch level
-    tmpVariables[2] = KMInteger.exp();
-    // Argument 4 Boot Patch level
-    tmpVariables[3] = KMInteger.exp();
-    // Argument 5 Verified Boot Key
-    tmpVariables[4] = KMByteBlob.exp();
-    // Argument 6 Verified Boot Hash
-    tmpVariables[5] = KMByteBlob.exp();
-    // Argument 7 Verified Boot State
-    tmpVariables[6] = KMEnum.instance(KMType.VERIFIED_BOOT_STATE);
-    // Argument 8 Device Locked
-    tmpVariables[7] = KMEnum.instance(KMType.DEVICE_LOCKED);
-    // Array of expected arguments
-    short argsProto = KMArray.instance((short) 8);
+    // Argument 1 Verified Boot Key
+    tmpVariables[1] = KMByteBlob.exp();
+    // Argument 2 Verified Boot Hash
+    tmpVariables[2] = KMByteBlob.exp();
+    // Argument 3 Verified Boot State
+    tmpVariables[3] = KMEnum.instance(KMType.VERIFIED_BOOT_STATE);
+    // Argument 4 Device Locked
+    tmpVariables[4] = KMEnum.instance(KMType.DEVICE_LOCKED);
+    // Array of e4pected arguments
+    short argsProto = KMArray.instance((short) 5);
     KMArray.cast(argsProto).add((short) 0, tmpVariables[0]);
     KMArray.cast(argsProto).add((short) 1, tmpVariables[1]);
     KMArray.cast(argsProto).add((short) 2, tmpVariables[2]);
     KMArray.cast(argsProto).add((short) 3, tmpVariables[3]);
     KMArray.cast(argsProto).add((short) 4, tmpVariables[4]);
-    KMArray.cast(argsProto).add((short) 5, tmpVariables[5]);
-    KMArray.cast(argsProto).add((short) 6, tmpVariables[6]);
-    KMArray.cast(argsProto).add((short) 7, tmpVariables[7]);
     // Decode the arguments
     short args = decoder.decode(argsProto, (byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET], bufferProp[BUF_LEN_OFFSET]);
     //reclaim memory
@@ -3171,49 +3207,32 @@ private void processSetBootParamsCmd(APDU apdu) {
     tmpVariables[2] = KMArray.cast(args).get((short) 2);
     tmpVariables[3] = KMArray.cast(args).get((short) 3);
     tmpVariables[4] = KMArray.cast(args).get((short) 4);
-    tmpVariables[5] = KMArray.cast(args).get((short) 5);
-    tmpVariables[6] = KMArray.cast(args).get((short) 6);
-    tmpVariables[7] = KMArray.cast(args).get((short) 7);
-    if (KMByteBlob.cast(tmpVariables[4]).length() > KMRepository.BOOT_KEY_MAX_SIZE) {
+    if (KMByteBlob.cast(tmpVariables[1]).length() > KMRepository.BOOT_KEY_MAX_SIZE) {
       KMException.throwIt(KMError.INVALID_ARGUMENT);
     }
-    if (KMByteBlob.cast(tmpVariables[5]).length() > KMRepository.BOOT_HASH_MAX_SIZE) {
+    if (KMByteBlob.cast(tmpVariables[2]).length() > KMRepository.BOOT_HASH_MAX_SIZE) {
       KMException.throwIt(KMError.INVALID_ARGUMENT);
     }
 
-    repository.setOsVersion(
+    repository.setBootPatchLevel(
         KMInteger.cast(tmpVariables[0]).getBuffer(),
         KMInteger.cast(tmpVariables[0]).getStartOff(),
         KMInteger.cast(tmpVariables[0]).length());
-    repository.setOsPatch(
-        KMInteger.cast(tmpVariables[1]).getBuffer(),
-        KMInteger.cast(tmpVariables[1]).getStartOff(),
-        KMInteger.cast(tmpVariables[1]).length());
-
-    repository.setVendorPatchLevel(
-        KMInteger.cast(tmpVariables[2]).getBuffer(),
-        KMInteger.cast(tmpVariables[2]).getStartOff(),
-        KMInteger.cast(tmpVariables[2]).length());
-
-    repository.setBootPatchLevel(
-        KMInteger.cast(tmpVariables[3]).getBuffer(),
-        KMInteger.cast(tmpVariables[3]).getStartOff(),
-        KMInteger.cast(tmpVariables[3]).length());
 
     repository.setVerifiedBootKey(
-        KMByteBlob.cast(tmpVariables[4]).getBuffer(),
-        KMByteBlob.cast(tmpVariables[4]).getStartOff(),
-        KMByteBlob.cast(tmpVariables[4]).length());
+        KMByteBlob.cast(tmpVariables[1]).getBuffer(),
+        KMByteBlob.cast(tmpVariables[1]).getStartOff(),
+        KMByteBlob.cast(tmpVariables[1]).length());
 
     repository.setVerifiedBootHash(
-        KMByteBlob.cast(tmpVariables[5]).getBuffer(),
-        KMByteBlob.cast(tmpVariables[5]).getStartOff(),
-        KMByteBlob.cast(tmpVariables[5]).length());
+        KMByteBlob.cast(tmpVariables[2]).getBuffer(),
+        KMByteBlob.cast(tmpVariables[2]).getStartOff(),
+        KMByteBlob.cast(tmpVariables[2]).length());
 
-    byte enumVal = KMEnum.cast(tmpVariables[6]).getVal();
+    byte enumVal = KMEnum.cast(tmpVariables[3]).getVal();
     repository.setBootState(enumVal);
 
-    enumVal = KMEnum.cast(tmpVariables[7]).getVal();
+    enumVal = KMEnum.cast(tmpVariables[4]).getVal();
     repository.setBootloaderLocked(enumVal == KMType.DEVICE_LOCKED_TRUE);
 
     // Clear the Computed SharedHmac and Hmac nonce from persistent memory.

From 9d51ab8a1b1f97ea27b22c6199b751bc122d6d0e Mon Sep 17 00:00:00 2001
From: BKSSM Venkateswarlu 
Date: Fri, 23 Apr 2021 22:07:31 +0100
Subject: [PATCH 141/169] send systemproperties at initialization time if it
 fails then try to set again in computeSharedHmac.

---
 .../4.1/JavacardKeymaster4Device.cpp          | 63 +++++++++++--------
 .../include/JavacardKeymaster4Device.h        |  1 +
 2 files changed, 37 insertions(+), 27 deletions(-)

diff --git a/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp b/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp
index d0b3a060..65a0fda7 100644
--- a/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp
+++ b/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp
@@ -439,13 +439,39 @@ ErrorCode sendData(Instruction ins, std::vector& inData, std::vector item;
+    std::vector cborOutData;
+
+    array.add(GetOsVersion()).
+        add(GetOsPatchlevel()).
+        add(GetVendorPatchlevel());
+
+    std::vector cborData = array.encode();
+    errorCode = sendData(Instruction::INS_SET_VERSION_PATCHLEVEL_CMD, cborData, cborOutData);
+    if (ErrorCode::OK == errorCode) {
+        //Skip last 2 bytes in cborData, it contains status.
+        std::tie(item, errorCode) = decodeData(cborConverter_, std::vector(cborOutData.begin(), cborOutData.end()-2),
+                true);
+    }
+    if (ErrorCode::OK != errorCode) 
+        LOG(ERROR) << "Failed to set os_version, os_patchlevel and vendor_patchlevel err: " << (int32_t) errorCode;
+
+    return errorCode;
+}
+
 JavacardKeymaster4Device::JavacardKeymaster4Device(): softKm_(new ::keymaster::AndroidKeymaster(
             []() -> auto {
             auto context = new JavaCardSoftKeymasterContext();
             context->SetSystemVersion(GetOsVersion(), GetOsPatchlevel());
             return context;
             }(),
-            kOperationTableSize)), oprCtx_(new OperationContext()) {
+            kOperationTableSize)), oprCtx_(new OperationContext()), isEachSystemPropertySet(false) {
+    if (ErrorCode::OK == setAndroidSystemProperties(cborConverter_)) {
+        isEachSystemPropertySet = true;
+    }
 
 }
 
@@ -520,26 +546,6 @@ Return JavacardKeymaster4Device::getHmacSharingParameters(getHmacSharingPa
     return Void();
 }
 
-static ErrorCode setAndroidSystemProperties(CborConverter cborConverter_) {
-    ErrorCode errorCode = ErrorCode::UNKNOWN_ERROR;
-    cppbor::Array array;
-    std::unique_ptr item;
-    std::vector cborOutData;
-
-    array.add(GetOsVersion()).
-        add(GetOsPatchlevel()).
-        add(GetVendorPatchlevel());
-
-    std::vector cborData = array.encode();
-    errorCode = sendData(Instruction::INS_SET_VERSION_PATCHLEVEL_CMD, cborData, cborOutData);
-    if (ErrorCode::OK == errorCode) {
-        //Skip last 2 bytes in cborData, it contains status.
-        std::tie(item, errorCode) = decodeData(cborConverter_, std::vector(cborOutData.begin(), cborOutData.end()-2),
-                true);
-    }
-    return errorCode;
-}
-
 Return JavacardKeymaster4Device::computeSharedHmac(const hidl_vec& params, computeSharedHmac_cb _hidl_cb) {
     cppbor::Array array;
     std::unique_ptr item;
@@ -550,12 +556,15 @@ Return JavacardKeymaster4Device::computeSharedHmac(const hidl_vec softKm_;
     std::unique_ptr oprCtx_;
+    bool isEachSystemPropertySet;
 };
 
 }  // namespace javacard

From 51e6c073a350179dd9b3e4d3ad92bb3f8f847fea Mon Sep 17 00:00:00 2001
From: BKSSM Venkateswarlu
 
Date: Mon, 26 Apr 2021 16:00:09 +0530
Subject: [PATCH 142/169] 1. Removed VTS_EMULATOR and instead used USE_OMAPI
 and USE_SEHAL 2. Add systemproperties inside provision tool

---
 .../4.1/JavacardKeymaster4Device.cpp          | 17 +++++---
 HAL/keymaster/Android.bp                      |  7 ----
 ProvisioningTool/Provision.cpp                | 24 +++++++++--
 ProvisioningTool/Provision.h                  | 10 ++++-
 ProvisioningTool/ProvisionTool.cpp            | 40 ++++++++++++-------
 ProvisioningTool/sample_json.txt              |  3 --
 6 files changed, 65 insertions(+), 36 deletions(-)

diff --git a/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp b/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp
index 65a0fda7..ae21ce94 100644
--- a/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp
+++ b/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp
@@ -469,6 +469,9 @@ JavacardKeymaster4Device::JavacardKeymaster4Device(): softKm_(new ::keymaster::A
             return context;
             }(),
             kOperationTableSize)), oprCtx_(new OperationContext()), isEachSystemPropertySet(false) {
+    // Send Android system properties like os_version, os_patchlevel and vendor_patchlevel
+    // to the Applet. Incase if setting system properties fails here, again try setting
+    // it from computeSharedHmac.
     if (ErrorCode::OK == setAndroidSystemProperties(cborConverter_)) {
         isEachSystemPropertySet = true;
     }
@@ -528,7 +531,7 @@ Return JavacardKeymaster4Device::getHmacSharingParameters(getHmacSharingPa
             }
         }
     }
-#ifdef VTS_EMULATOR
+#if (!defined(USE_OMAPI) && !defined(USE_SEHAL))
     /* TODO temporary fix: vold daemon calls performHmacKeyAgreement. At that time when vold calls this API there is no
      * network connectivity and socket cannot be connected. So as a hack we are calling softkeymaster to getHmacSharing
      * parameters.
@@ -554,19 +557,21 @@ Return JavacardKeymaster4Device::computeSharedHmac(const hidl_vec tempVec;
     cppbor::Array outerArray;
-
     // The Android system properties like OS_VERSION, OS_PATCHLEVEL and VENDOR_PATCHLEVEL are to 
     // be delivered to the Applet when the HAL is first loaded. Incase if settting system properties
-    // failed at construction time then set this is one of the ideal places to send this information
+    // failed at construction time then this is one of the ideal places to send this information
     // to the Applet as computeSharedHmac is called everytime when Android device boots.
+#if (defined(USE_OMAPI) || defined(USE_SEHAL))
     if (!isEachSystemPropertySet) {
-        if (ErrorCode::OK != (errorCode = setAndroidSystemProperties(cborConverter_))) {
+        errorCode = setAndroidSystemProperties(cborConverter_);
+        if (ErrorCode::OK != errorCode) {
             LOG(ERROR) << " Failed to set os_version, os_patchlevel and vendor_patchlevel err: " << (int32_t)errorCode;
+            _hidl_cb(errorCode, sharingCheck);
             return Void();
         }
         isEachSystemPropertySet = true;
     }
-
+#endif
 
     for(size_t i = 0; i < params.size(); ++i) {
         cppbor::Array innerArray;
@@ -595,7 +600,7 @@ Return JavacardKeymaster4Device::computeSharedHmac(const hidl_vec& preSharedSec
     return errorCode;
 }
 
-ErrorCode Provision::provisionBootParameters(BootParams& bootParams) {
+ErrorCode Provision::setAndroidSystemProperties() {
     ErrorCode errorCode = ErrorCode::OK;
     cppbor::Array array;
     std::vector apdu;
     std::vector response;
-    Instruction ins = Instruction::INS_SET_BOOT_PARAMS_CMD;
+    Instruction ins = Instruction::INS_SET_VERSION_PATCHLEVEL_CMD;
 
     array.add(GetOsVersion()).
         add(GetOsPatchlevel()).
-        add(bootParams.vendorPatchLevel).
-        add(bootParams.bootPatchLevel).
+        add(GetVendorPatchlevel());
+    std::vector cborData = array.encode();
+
+    if(ErrorCode::OK != (errorCode = sendProvisionData(pTransportFactory, ins, cborData, response))) {
+        return errorCode;
+    }
+    return errorCode;
+}
+
+ErrorCode Provision::provisionBootParameters(BootParams& bootParams) {
+    ErrorCode errorCode = ErrorCode::OK;
+    cppbor::Array array;
+    std::vector apdu;
+    std::vector response;
+    Instruction ins = Instruction::INS_SET_BOOT_PARAMS_CMD;
+
+    array.add(bootParams.bootPatchLevel).
         /* Verified Boot Key */
         add(bootParams.verifiedBootKey).
         /* Verified Boot Hash */
diff --git a/ProvisioningTool/Provision.h b/ProvisioningTool/Provision.h
index e541c496..68a7f1d1 100644
--- a/ProvisioningTool/Provision.h
+++ b/ProvisioningTool/Provision.h
@@ -25,10 +25,13 @@ namespace keymaster {
 namespace V4_1 {
 namespace javacard {
 
-typedef struct BootParams_ {
+typedef struct SystemProperties__ {
 	uint32_t osVersion;
 	uint32_t osPatchLevel;
 	uint32_t vendorPatchLevel;
+} SystemProperties;
+
+typedef struct BootParams_ {
 	uint32_t bootPatchLevel;
 	std::vector verifiedBootKey;
 	std::vector verifiedBootKeyHash;
@@ -77,6 +80,11 @@ class Provision {
      * Provision the boot parameters.
      */
 	ErrorCode provisionBootParameters(BootParams& bootParams );
+    /**
+     * Set system properties.
+     */
+	ErrorCode setAndroidSystemProperties();
+
     /**
      * Locks the provision. After this no more provision commanands are allowed.
      */
diff --git a/ProvisioningTool/ProvisionTool.cpp b/ProvisioningTool/ProvisionTool.cpp
index 0f240b3c..3ff242f5 100644
--- a/ProvisioningTool/ProvisionTool.cpp
+++ b/ProvisioningTool/ProvisionTool.cpp
@@ -136,8 +136,9 @@ void usage() {
     printf("-c, --cert_chain jsonFile \t Provision attestation certificate chain \n");
     printf("-p, --cert_params jsonFile \t Provision attestation certificate parameters \n");
     printf("-i, --attest_ids jsonFile \t Provision attestation IDs \n");
-    printf("-r, --shared_secret jsonFile \t Provion shared secret  \n");
-    printf("-b, --set_boot_params jsonFile \t Provion boot parameters  \n");
+    printf("-r, --shared_secret jsonFile \t Provision shared secret  \n");
+    printf("-b, --set_boot_params jsonFile \t Set boot parameters  \n");
+    printf("-e, --set_system_properties \t Set system properties  \n");
     printf("-s, --provision_status \t Prints the provision status.\n");
     printf("-l, --lock_provision  \t  Locks the provision commands.\n");
 }
@@ -174,6 +175,18 @@ bool getBootParameterBlobValue(Json::Value& bootParamsObj, const char* key, std:
     return true;
 }
 
+bool setAndroidSystemProperties() {
+    ErrorCode err = ErrorCode::OK;
+    bool ret = false;
+    if (ErrorCode::OK != (err = mProvision.setAndroidSystemProperties())) {
+        printf("\n set boot parameters failed with err:%d \n", (int32_t)err);
+        return ret;
+    }
+    printf("\n SE successfully accepted system properties.\n");
+    return true;
+
+}
+
 bool setBootParameters(const char* filename) {
     Json::Value bootParamsObj;
     bool ret = false;
@@ -186,18 +199,6 @@ bool setBootParameters(const char* filename) {
     bootParamsObj = root.get("set_boot_params", bootParamsObj);
     if (!bootParamsObj.isNull()) {
 
-        if(!getBootParameterIntValue(bootParamsObj, "os_version", &bootParams.osVersion)) {
-            printf("\n Invalid value for os_version or os_version tag missing\n");
-            return ret;
-        }
-        if(!getBootParameterIntValue(bootParamsObj, "os_patch_level", &bootParams.osPatchLevel)) {
-            printf("\n Invalid value for os_patch_level or os_patch_level tag missing\n");
-            return ret;
-        }
-        if(!getBootParameterIntValue(bootParamsObj, "vendor_patch_level", &bootParams.vendorPatchLevel)) {
-            printf("\n Invalid value for vendor_patch_level or vendor_patch_level tag missing\n");
-            return ret;
-        }
         if(!getBootParameterIntValue(bootParamsObj, "boot_patch_level", &bootParams.bootPatchLevel)) {
             printf("\n Invalid value for boot_patch_level or boot_patch_level tag missing\n");
             return ret;
@@ -492,6 +493,9 @@ bool provision(const char* filename) {
     if(!setBootParameters(filename)) {
         return false;
     }
+    if(!setAndroidSystemProperties()) {
+        return false;
+    }
     return true;
 }
 
@@ -525,6 +529,7 @@ int main(int argc, char* argv[])
         {"attest_ids",       required_argument, NULL, 'i'},
         {"shared_secret",    required_argument, NULL, 'r'},
         {"set_boot_params",  required_argument, NULL, 'b'},
+        {"set_system_properties",  no_argument, NULL, 'e'},
         {"provision_status", no_argument,       NULL, 's'},
         {"lock_provision",   no_argument,       NULL, 'l'},
         {"help",             no_argument,       NULL, 'h'},
@@ -539,7 +544,7 @@ int main(int argc, char* argv[])
     mProvision.init();
 
     /* getopt_long stores the option index here. */
-    while ((c = getopt_long(argc, argv, ":slha:k:c:p:i:r:b:", longOpts, NULL)) != -1) {
+    while ((c = getopt_long(argc, argv, ":slhea:k:c:p:i:r:b:", longOpts, NULL)) != -1) {
         switch(c) {
             case 'a':
                 //all
@@ -576,6 +581,11 @@ int main(int argc, char* argv[])
                 if(!setBootParameters(optarg))
                     printf("\n Failed to set boot parameters.\n");
                 break;
+            case 'e':
+                //set Android system properties
+                if(!setAndroidSystemProperties())
+                    printf("\n Failed to set android system properties.\n");
+                break;
             case 's':
                 if(!getProvisionStatus())
                     printf("\n Failed to get provision status \n");
diff --git a/ProvisioningTool/sample_json.txt b/ProvisioningTool/sample_json.txt
index fbfd71de..7885b2aa 100644
--- a/ProvisioningTool/sample_json.txt
+++ b/ProvisioningTool/sample_json.txt
@@ -11,9 +11,6 @@
    },
    "shared_secret": "0000000000000000000000000000000000000000000000000000000000000000",
    "set_boot_params": {
-      "os_version": 100,
-      "os_patch_level": 100,
-      "vendor_patch_level": 0,
       "boot_patch_level": 0,
       "verified_boot_key": "0000000000000000000000000000000000000000000000000000000000000000",
       "verified_boot_key_hash": "0000000000000000000000000000000000000000000000000000000000000000",

From 82e5aba75ef154d81c3aeee080b14c5043033c7b Mon Sep 17 00:00:00 2001
From: BKSSM Venkateswarlu 
Date: Mon, 26 Apr 2021 15:44:44 +0100
Subject: [PATCH 143/169] Added logs for reset event

---
 HAL/keymaster/4.1/JavacardKeymaster4Device.cpp | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp b/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp
index 728dcc14..e1f8bb89 100644
--- a/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp
+++ b/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp
@@ -233,9 +233,12 @@ static void deleteOprHandleEntry(uint64_t halGeneratedOperationHandle) {
 
 /* Clears all the strongbox operation handle entries from operation table */
 static void clearStrongboxOprHandleEntries(const std::unique_ptr& oprCtx) {
+    LOG(WARNING) << "secure element reset occurred. All the below mentioned operation handles becomes invalid"
+        << " and the owners of these operations has to restart the operation again.";
     auto it = operationTable.begin();
     while (it != operationTable.end()) {
         if (it->second.second == SB_KM_OPR) { //Strongbox operation
+            LOG(WARNING) << "operation handle: "(int32_t) it->first << " is invalid";
             oprCtx->clearOperationData(it->second.first);
             it = operationTable.erase(it);
         } else {
@@ -1038,6 +1041,9 @@ Return JavacardKeymaster4Device::update(uint64_t halGeneratedOprHandle, co
     uint64_t operationHandle;
     UpdateOperationResponse response;
     if (ErrorCode::OK != (errorCode = getOrigOperationHandle(halGeneratedOprHandle, operationHandle))) {
+        LOG(ERROR) << " Operation handle is invalid. This could happen if invalid operation handle is passed or if"
+            << " secure element reset occurred. In case if secure element reset occured owner"
+            << "has to restart this operation again.";
         _hidl_cb(errorCode, inputConsumed, outParams, output);
         return Void();
     }
@@ -1139,6 +1145,9 @@ Return JavacardKeymaster4Device::finish(uint64_t halGeneratedOprHandle, co
     FinishOperationResponse response;
 
     if (ErrorCode::OK != (errorCode = getOrigOperationHandle(halGeneratedOprHandle, operationHandle))) {
+        LOG(ERROR) << " Operation handle is invalid. This could happen if invalid operation handle is passed or if"
+            << " secure element reset occurred. In case if secure element reset occured owner"
+            << "has to restart this operation again.";
         _hidl_cb(errorCode, outParams, output);
         return Void();
     }
@@ -1258,6 +1267,8 @@ Return JavacardKeymaster4Device::abort(uint64_t halGeneratedOprHandle
     ErrorCode errorCode = ErrorCode::UNKNOWN_ERROR;
     uint64_t operationHandle;
     if (ErrorCode::OK != (errorCode = getOrigOperationHandle(halGeneratedOprHandle, operationHandle))) {
+        LOG(ERROR) << " Operation handle is invalid. This could happen if invalid operation handle is passed or if"
+            << " secure element reset occurred.";
         return errorCode;
     }
     AbortOperationRequest request;

From c947d89422e7a68fca9754c906d32c49647f46f6 Mon Sep 17 00:00:00 2001
From: BKSSM Venkateswarlu
 
Date: Tue, 27 Apr 2021 15:40:14 +0530
Subject: [PATCH 144/169] Enable VTS_EMULATOR for x86 and x86_64 builds

---
 HAL/keymaster/4.1/JavacardKeymaster4Device.cpp | 6 +++---
 HAL/keymaster/Android.bp                       | 8 ++++++++
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp b/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp
index ae21ce94..845071eb 100644
--- a/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp
+++ b/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp
@@ -531,7 +531,7 @@ Return JavacardKeymaster4Device::getHmacSharingParameters(getHmacSharingPa
             }
         }
     }
-#if (!defined(USE_OMAPI) && !defined(USE_SEHAL))
+#ifdef VTS_EMULATOR
     /* TODO temporary fix: vold daemon calls performHmacKeyAgreement. At that time when vold calls this API there is no
      * network connectivity and socket cannot be connected. So as a hack we are calling softkeymaster to getHmacSharing
      * parameters.
@@ -557,11 +557,11 @@ Return JavacardKeymaster4Device::computeSharedHmac(const hidl_vec tempVec;
     cppbor::Array outerArray;
+#ifndef VTS_EMULATOR
     // The Android system properties like OS_VERSION, OS_PATCHLEVEL and VENDOR_PATCHLEVEL are to 
     // be delivered to the Applet when the HAL is first loaded. Incase if settting system properties
     // failed at construction time then this is one of the ideal places to send this information
     // to the Applet as computeSharedHmac is called everytime when Android device boots.
-#if (defined(USE_OMAPI) || defined(USE_SEHAL))
     if (!isEachSystemPropertySet) {
         errorCode = setAndroidSystemProperties(cborConverter_);
         if (ErrorCode::OK != errorCode) {
@@ -600,7 +600,7 @@ Return JavacardKeymaster4Device::computeSharedHmac(const hidl_vec
Date: Tue, 27 Apr 2021 11:35:13 +0100
Subject: [PATCH 145/169] clear system properties in setBootParameters

---
 .../javacard/keymaster/KMKeymasterApplet.java      |  4 ++++
 .../android/javacard/keymaster/KMRepository.java   | 14 +++++++++++---
 2 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
index 4caa9d51..2f3e187f 100644
--- a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
+++ b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
@@ -3235,6 +3235,10 @@ private void processSetBootParamsCmd(APDU apdu) {
     enumVal = KMEnum.cast(tmpVariables[4]).getVal();
     repository.setBootloaderLocked(enumVal == KMType.DEVICE_LOCKED_TRUE);
 
+    // Clear Android system properties expect boot patch level as it is
+    // already set.
+    repository.clearAndroidSystemProperties();
+
     // Clear the Computed SharedHmac and Hmac nonce from persistent memory.
     repository.clearComputedHmac();
     repository.clearHmacNonce();
diff --git a/Applet/src/com/android/javacard/keymaster/KMRepository.java b/Applet/src/com/android/javacard/keymaster/KMRepository.java
index 07caec72..c9fe8398 100644
--- a/Applet/src/com/android/javacard/keymaster/KMRepository.java
+++ b/Applet/src/com/android/javacard/keymaster/KMRepository.java
@@ -57,7 +57,7 @@ public class KMRepository implements KMUpgradable {
   public static final byte CERT_ISSUER = 10;
   public static final byte CERT_EXPIRY_TIME = 11;
   public static final byte BOOT_OS_VERSION = 12;
-  public static final byte BOOT_OS_PATCH = 13;
+  public static final byte BOOT_OS_PATCH_LEVEL = 13;
   public static final byte VENDOR_PATCH_LEVEL = 14;
   public static final byte BOOT_PATCH_LEVEL = 15;
   public static final byte BOOT_VERIFIED_BOOT_KEY = 16;
@@ -532,7 +532,7 @@ public short getBootPatchLevel() {
   }
 
   public short getOsPatch() {
-    short blob = readData(BOOT_OS_PATCH);
+    short blob = readData(BOOT_OS_PATCH_LEVEL);
     if (blob != 0) {
       return KMInteger.uint_32(
           KMByteBlob.cast(blob).getBuffer(), KMByteBlob.cast(blob).getStartOff());
@@ -638,6 +638,14 @@ public void setBootPatchLevel(byte[] buf, short start, short len) {
     writeDataEntry(BOOT_PATCH_LEVEL, buf, start, len);
   }
 
+  public void clearAndroidSystemProperties() {
+    clearDataEntry(BOOT_OS_VERSION);
+    clearDataEntry(BOOT_OS_PATCH_LEVEL);
+    clearDataEntry(VENDOR_PATCH_LEVEL);
+    // Don't clear BOOT_PATCH_LEVEL as it is part of
+    // boot parameters.
+  }
+
   public void setBootloaderLocked(boolean flag) {
     short start = alloc(DEVICE_LOCK_FLAG_SIZE);
     if (flag) {
@@ -683,7 +691,7 @@ public void setOsPatch(byte[] buf, short start, short len) {
     if (len != OS_PATCH_SIZE) {
       KMException.throwIt(KMError.INVALID_INPUT_LENGTH);
     }
-    writeDataEntry(BOOT_OS_PATCH, buf, start, len);
+    writeDataEntry(BOOT_OS_PATCH_LEVEL, buf, start, len);
   }
 
   public void setVerifiedBootKey(byte[] buf, short start, short len) {

From 2d4548a67b828987dcb99f20269e518c411f1de8 Mon Sep 17 00:00:00 2001
From: BKSSM Venkateswarlu 
Date: Tue, 27 Apr 2021 22:35:51 +0100
Subject: [PATCH 146/169] Addressed review comments in the Applet code

---
 .../javacard/keymaster/KMKeymasterApplet.java | 65 ++++++++-----------
 .../javacard/keymaster/KMRepository.java      | 35 ++++++----
 2 files changed, 47 insertions(+), 53 deletions(-)

diff --git a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
index 0fd6622a..aec806b5 100644
--- a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
+++ b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
@@ -41,7 +41,7 @@ public class KMKeymasterApplet extends Applet implements AppletEvent, ExtendedLe
   private static final short KM_HAL_VERSION = (short) 0x4000;
   private static final short MAX_AUTH_DATA_SIZE = (short) 512;
   private static final short DERIVE_KEY_INPUT_SIZE = (short) 256;
-  private static final short CANARY_BIT_FLAG = (short) 0x4000;
+  private static final short POWER_RESET_STATUS_FLAG = (short) 0x4000;
 
   // "Keymaster HMAC Verification" - used for HMAC key verification.
   public static final byte[] sharingCheck = {
@@ -188,7 +188,6 @@ public class KMKeymasterApplet extends Applet implements AppletEvent, ExtendedLe
   protected static short[] tmpVariables;
   protected static short[] data;
   protected static byte provisionStatus = NOT_PROVISIONED;
-  protected static short cardResetStatus = 0x00;
 
   /**
    * Registers this applet.
@@ -201,10 +200,6 @@ protected KMKeymasterApplet(KMSEProvider seImpl) {
     if (!isUpgrading) {
       keymasterState = KMKeymasterApplet.INIT_STATE;
       seProvider.createMasterKey((short) (KMRepository.MASTER_KEY_SIZE * 8));
-    } else {
-      // This flag is explicitly set after upgrade, to make sure that
-      // Keymaster HAL releases its operation state table.
-      cardResetStatus = CANARY_BIT_FLAG;
     }
     KMType.initialize();
     encoder = new KMEncoder();
@@ -306,17 +301,6 @@ protected void validateApduHeader(APDU apdu) {
       ISOException.throwIt(ISO7816.SW_INCORRECT_P1P2);
     }
   }
-  
-  // Call this fucntion before processing the apdu.
-  private void updateCardResetFlag() {
-    if (repository.isResetEventOccurred()) {
-      // Release all the operation instances.
-      seProvider.releaseAllOperations();
-      JCSystem.beginTransaction();
-      cardResetStatus = CANARY_BIT_FLAG;
-      JCSystem.commitTransaction();
-    }
-  }
 
   /**
    * Processes an incoming APDU and handles it using command objects.
@@ -326,8 +310,11 @@ private void updateCardResetFlag() {
   @Override
   public void process(APDU apdu) {
     try {
-      // Get and update the card reset status before processing apdu.
-      updateCardResetFlag();
+      // Handle the card reset status before processing apdu.
+      if (repository.isPowerResetEventOccurred()) {
+        // Release all the operation instances.
+        seProvider.releaseAllOperations();
+      }
       repository.onProcess();
       // Verify whether applet is in correct state.
       if ((keymasterState == KMKeymasterApplet.INIT_STATE)
@@ -664,7 +651,7 @@ private void processAddRngEntropyCmd(APDU apdu) {
   private void processGetCertChainCmd(APDU apdu) {
     // Make the response
     tmpVariables[0] = seProvider.getCertificateChainLength();
-    short int32Ptr = getErrorStatusWithCanaryBitSet(KMError.OK);
+    short int32Ptr = getErrorStatusWithPowerResetStatusSet(KMError.OK);
     //Total Extra length
     // Add arrayHeader and (CanaryBitSet + KMError.OK)
     tmpVariables[2] = (short) (1 + encoder.getEncodedIntegerLength(int32Ptr));
@@ -860,7 +847,7 @@ private void processProvisionSharedSecretCmd(APDU apdu) {
 
   private void processGetProvisionStatusCmd(APDU apdu) {
     tmpVariables[0] = KMArray.instance((short) 2);
-    KMArray.cast(tmpVariables[0]).add((short) 0, getErrorStatusWithCanaryBitSet(KMError.OK));
+    KMArray.cast(tmpVariables[0]).add((short) 0, getErrorStatusWithPowerResetStatusSet(KMError.OK));
     KMArray.cast(tmpVariables[0]).add((short) 1, KMInteger.uint_16(provisionStatus));
 
     bufferProp[BUF_START_OFFSET] = repository.allocAvailableMemory();
@@ -935,7 +922,7 @@ private void processGetKeyCharacteristicsCmd(APDU apdu) {
     checkVersionAndPatchLevel(scratchPad);
     // make response.
     tmpVariables[0] = KMArray.instance((short) 2);
-    KMArray.cast(tmpVariables[0]).add((short) 0, getErrorStatusWithCanaryBitSet(KMError.OK));
+    KMArray.cast(tmpVariables[0]).add((short) 0, getErrorStatusWithPowerResetStatusSet(KMError.OK));
     KMArray.cast(tmpVariables[0]).add((short) 1, data[KEY_CHARACTERISTICS]);
 
     bufferProp[BUF_START_OFFSET] = repository.allocAvailableMemory();
@@ -952,7 +939,7 @@ private void processGetHmacSharingParamCmd(APDU apdu) {
     KMHmacSharingParameters.cast(tmpVariables[2]).setSeed(KMByteBlob.instance((short) 0));
     // prepare the response
     tmpVariables[3] = KMArray.instance((short) 2);
-    KMArray.cast(tmpVariables[3]).add((short) 0, getErrorStatusWithCanaryBitSet(KMError.OK));
+    KMArray.cast(tmpVariables[3]).add((short) 0, getErrorStatusWithPowerResetStatusSet(KMError.OK));
     KMArray.cast(tmpVariables[3]).add((short) 1, tmpVariables[2]);
 
     bufferProp[BUF_START_OFFSET] = repository.allocAvailableMemory();
@@ -1118,7 +1105,7 @@ private void processComputeSharedHmacCmd(APDU apdu) {
     tmpVariables[1] = KMByteBlob.instance(scratchPad, tmpVariables[6], tmpVariables[5]);
     // prepare the response
     tmpVariables[0] = KMArray.instance((short) 2);
-    KMArray.cast(tmpVariables[0]).add((short) 0, getErrorStatusWithCanaryBitSet(KMError.OK));
+    KMArray.cast(tmpVariables[0]).add((short) 0, getErrorStatusWithPowerResetStatusSet(KMError.OK));
     KMArray.cast(tmpVariables[0]).add((short) 1, tmpVariables[1]);
 
     bufferProp[BUF_START_OFFSET] = repository.allocAvailableMemory();
@@ -1196,7 +1183,7 @@ private void processUpgradeKeyCmd(APDU apdu) {
     }
     // prepare the response
     tmpVariables[0] = KMArray.instance((short) 2);
-    KMArray.cast(tmpVariables[0]).add((short) 0, getErrorStatusWithCanaryBitSet(KMError.OK));
+    KMArray.cast(tmpVariables[0]).add((short) 0, getErrorStatusWithPowerResetStatusSet(KMError.OK));
     KMArray.cast(tmpVariables[0]).add((short) 1, data[KEY_BLOB]);
 
     bufferProp[BUF_START_OFFSET] = repository.allocAvailableMemory();
@@ -1474,7 +1461,7 @@ private void processAttestKeyCmd(APDU apdu) {
     cert.build();
     bufferProp[BUF_START_OFFSET] =
         encoder.encodeCert((byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET], cert.getCertStart(), cert.getCertLength(),
-            getErrorStatusWithCanaryBitSet(KMError.OK));
+            getErrorStatusWithPowerResetStatusSet(KMError.OK));
     bufferProp[BUF_LEN_OFFSET] = (short) (cert.getCertLength() + (cert.getCertStart() - bufferProp[BUF_START_OFFSET]));
     sendOutgoing(apdu);
   }
@@ -1639,7 +1626,7 @@ private void processFinishOperationCmd(APDU apdu) {
     if (data[OUTPUT_DATA] == KMType.INVALID_VALUE) {
       data[OUTPUT_DATA] = KMByteBlob.instance((short) 0);
     }
-    KMArray.cast(tmpVariables[2]).add((short) 0, getErrorStatusWithCanaryBitSet(KMError.OK));
+    KMArray.cast(tmpVariables[2]).add((short) 0, getErrorStatusWithPowerResetStatusSet(KMError.OK));
     KMArray.cast(tmpVariables[2]).add((short) 1, tmpVariables[1]);
     KMArray.cast(tmpVariables[2]).add((short) 2, data[OUTPUT_DATA]);
 
@@ -2121,7 +2108,7 @@ private void processUpdateOperationCmd(APDU apdu) {
     if (data[OUTPUT_DATA] == KMType.INVALID_VALUE) {
       data[OUTPUT_DATA] = KMByteBlob.instance((short) 0);
     }
-    KMArray.cast(tmpVariables[2]).add((short) 0, getErrorStatusWithCanaryBitSet(KMError.OK));
+    KMArray.cast(tmpVariables[2]).add((short) 0, getErrorStatusWithPowerResetStatusSet(KMError.OK));
     KMArray.cast(tmpVariables[2]).add((short) 1, KMInteger.uint_16(tmpVariables[3]));
     KMArray.cast(tmpVariables[2]).add((short) 2, tmpVariables[1]);
     KMArray.cast(tmpVariables[2]).add((short) 3, data[OUTPUT_DATA]);
@@ -2227,7 +2214,7 @@ private void processBeginOperationCmd(APDU apdu) {
     }
     tmpVariables[1] = KMKeyParameters.instance(tmpVariables[2]);
     tmpVariables[0] = KMArray.instance((short) 3);
-    KMArray.cast(tmpVariables[0]).add((short) 0, getErrorStatusWithCanaryBitSet(KMError.OK));
+    KMArray.cast(tmpVariables[0]).add((short) 0, getErrorStatusWithPowerResetStatusSet(KMError.OK));
     KMArray.cast(tmpVariables[0]).add((short) 1, tmpVariables[1]);
     KMArray.cast(tmpVariables[0]).add((short) 2, data[OP_HANDLE]);
 
@@ -2837,7 +2824,7 @@ private void importKey(APDU apdu, byte[] scratchPad) {
 
     // prepare the response
     tmpVariables[0] = KMArray.instance((short) 3);
-    KMArray.cast(tmpVariables[0]).add((short) 0, getErrorStatusWithCanaryBitSet(KMError.OK));
+    KMArray.cast(tmpVariables[0]).add((short) 0, getErrorStatusWithPowerResetStatusSet(KMError.OK));
     KMArray.cast(tmpVariables[0]).add((short) 1, data[KEY_BLOB]);
     KMArray.cast(tmpVariables[0]).add((short) 2, data[KEY_CHARACTERISTICS]);
 
@@ -3339,7 +3326,7 @@ private static void processGenerateKey(APDU apdu) {
 
     // prepare the response
     tmpVariables[0] = KMArray.instance((short) 3);
-    KMArray.cast(tmpVariables[0]).add((short) 0, getErrorStatusWithCanaryBitSet(KMError.OK));
+    KMArray.cast(tmpVariables[0]).add((short) 0, getErrorStatusWithPowerResetStatusSet(KMError.OK));
     KMArray.cast(tmpVariables[0]).add((short) 1, data[KEY_BLOB]);
     KMArray.cast(tmpVariables[0]).add((short) 2, data[KEY_CHARACTERISTICS]);
 
@@ -3847,28 +3834,28 @@ private static short deriveKey(byte[] scratchPad) {
     return tmpVariables[3];
   }
 
-  private static short getErrorStatusWithCanaryBitSet(short err) {
+  private static short getErrorStatusWithPowerResetStatusSet(short err) {
     short int32Ptr = KMInteger.instance((short) 4);
+    short powerResetStatus = 0;
+    if (repository.isPowerResetEventOccurred()) {
+      powerResetStatus = POWER_RESET_STATUS_FLAG;
+    }
 
     Util.setShort(KMInteger.cast(int32Ptr).getBuffer(),
         KMInteger.cast(int32Ptr).getStartOff(),
-        cardResetStatus);
+        powerResetStatus);
 
     Util.setShort(KMInteger.cast(int32Ptr).getBuffer(),
         (short) (KMInteger.cast(int32Ptr).getStartOff() + 2),
         err);
 
-    if (cardResetStatus != 0x00) {
-      JCSystem.beginTransaction();
-      cardResetStatus = 0x00;
-      JCSystem.commitTransaction();
-    }
+    repository.restorePowerResetStatus();
     return int32Ptr;
   }
 
   private static void sendError(APDU apdu, short err) {
     bufferProp[BUF_START_OFFSET] = repository.alloc((short) 5);
-    short int32Ptr = getErrorStatusWithCanaryBitSet(err);
+    short int32Ptr = getErrorStatusWithPowerResetStatusSet(err);
     bufferProp[BUF_LEN_OFFSET] = encoder.encodeError(int32Ptr, (byte[]) bufferRef[0],
         bufferProp[BUF_START_OFFSET], (short) 5);
     sendOutgoing(apdu);
diff --git a/Applet/src/com/android/javacard/keymaster/KMRepository.java b/Applet/src/com/android/javacard/keymaster/KMRepository.java
index d4a6278f..2409d9c1 100644
--- a/Applet/src/com/android/javacard/keymaster/KMRepository.java
+++ b/Applet/src/com/android/javacard/keymaster/KMRepository.java
@@ -42,6 +42,7 @@ public class KMRepository implements KMUpgradable {
   private static final short OPERATION_HANDLE_OFFSET = 1;
   private static final short OPERATION_HANDLE_ENTRY_SIZE =
       OPERATION_HANDLE_SIZE + OPERATION_HANDLE_STATUS_SIZE;
+  private static final byte POWER_RESET_STATUS_FLAG = (byte) 0xEF;
 
   // Data table offsets
   public static final byte COMPUTED_HMAC_KEY = 8;
@@ -90,6 +91,8 @@ public class KMRepository implements KMUpgradable {
   private byte[] dataTable;
   private short dataIndex;
   private short[] reclaimIndex;
+  // This variable is used to check if power reset event occurred.
+  private byte[] powerResetStatus;
 
   // Operation table.
   private static final short OPER_TABLE_DATA_OFFSET = 0;
@@ -109,37 +112,44 @@ public KMRepository(boolean isUpgrading) {
     heap = JCSystem.makeTransientByteArray(HEAP_SIZE, JCSystem.CLEAR_ON_RESET);
     heapIndex = JCSystem.makeTransientShortArray((short) 1, JCSystem.CLEAR_ON_RESET);
     reclaimIndex = JCSystem.makeTransientShortArray((short) 1, JCSystem.CLEAR_ON_RESET);
+    powerResetStatus = JCSystem.makeTransientByteArray((short) 1, JCSystem.CLEAR_ON_RESET);
     heapIndex[0] = (short) 0;
+    reclaimIndex[0] = HEAP_SIZE;
+    powerResetStatus[0] = POWER_RESET_STATUS_FLAG;
     newDataTable(isUpgrading);
 
     operationStateTable = new Object[2];
     operationStateTable[0] = JCSystem.makeTransientByteArray(DATA_ARRAY_LENGTH, JCSystem.CLEAR_ON_RESET);
     operationStateTable[1] = JCSystem.makeTransientObjectArray(MAX_OPS, JCSystem.CLEAR_ON_RESET);
-    //Set the reset flags
-    resetHeapEndIndex();
 
     //Initialize the device locked status
     if (!isUpgrading) {
       setDeviceLock(false);
       setDeviceLockPasswordOnly(false);
+    } else {
+      // In case of upgrade, the applet is deleted and installed again so all
+      // volatile memory is erased. so it is necessary to force the power reset flag
+      // to 0 so that the HAL can clear its operation state.
+      powerResetStatus[0] = (byte) 0;
     }
     repository = this;
   }
 
-  public void resetHeapEndIndex() {
-    reclaimIndex[0] = HEAP_SIZE;
-  }
-
   // This function should only be called before processing any of the APUs.
-  // Once we start processing the APDU the reclainIndex[0] will change to 
-  // a lesser value than HEAP_SIZE
-  public boolean isResetEventOccurred() {
-    if (reclaimIndex[0] == HEAP_SIZE) {
+  // Transient memory is cleared in two cases:
+  // 1. Card reset event
+  // 2. Applet upgrade.
+  public boolean isPowerResetEventOccurred() {
+    if (powerResetStatus[0] == POWER_RESET_STATUS_FLAG) {
       return false;
     }
     return true;
   }
 
+  public void restorePowerResetStatus() {
+    powerResetStatus[0] = POWER_RESET_STATUS_FLAG;
+  }
+
   public void getOperationHandle(short oprHandle, byte[] buf, short off, short len) {
     if (KMInteger.cast(oprHandle).length() != OPERATION_HANDLE_SIZE) {
       KMException.throwIt(KMError.INVALID_OPERATION_HANDLE);
@@ -319,15 +329,12 @@ public void onUninstall() {
   }
 
   public void onProcess() {
-    // When card reset happens reclaimIndex[0] will be equal to 0.
-    // So make sure the reclaimIndex[0] is always equal to HEAP_SIZE
-    resetHeapEndIndex();
   }
 
   public void clean() {
     Util.arrayFillNonAtomic(heap, (short) 0, heapIndex[0], (byte) 0);
     heapIndex[0] = (short) 0;
-    resetHeapEndIndex();
+    reclaimIndex[0] = HEAP_SIZE;
   }
 
   public void onDeselect() {

From edc0cc3321a5045ea2811e8484a6635aaf360895 Mon Sep 17 00:00:00 2001
From: BKSSM Venkateswarlu 
Date: Wed, 28 Apr 2021 10:04:14 +0100
Subject: [PATCH 147/169] renamed the function names appropriately

---
 .../4.1/JavacardKeymaster4Device.cpp          | 52 +++++++++++++------
 1 file changed, 36 insertions(+), 16 deletions(-)

diff --git a/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp b/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp
index e1f8bb89..2cabff46 100644
--- a/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp
+++ b/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp
@@ -51,9 +51,7 @@
 #define INS_END_KM_CMD 0x7F
 #define SW_KM_OPR 0UL
 #define SB_KM_OPR 1UL
-#define CANARY_BIT_FLAG ( 1 << 30)
-#define UNSET_CANARY_BIT(a) (a &= ~CANARY_BIT_FLAG)
-#define TWOS_COMPLIMENT(a) (a = ~a + 1)
+#define SE_POWER_RESET_STATUS_FLAG ( 1 << 30)
 
 namespace keymaster {
 namespace V4_1 {
@@ -247,28 +245,50 @@ static void clearStrongboxOprHandleEntries(const std::unique_ptr(~value+1); 
+}
+
+/**
+ * This function separates the original error code from the
+ * power reset flag and returns the original error code.
+ */
+static inline uint32_t extractActualErrorCode(uint32_t err) { 
+    // Unset the power rest flag.
+    return (err & ~SE_POWER_RESET_STATUS_FLAG);
+}
+
+/**
+ * Clears all the strongbox operation handle entries if secure element power reset happens.
+ * And also extracts the original error code value.
+ */
+static uint32_t handleSePowerResetAndExtractOriginalErrorCode(const std::unique_ptr& oprCtx, uint32_t errorCode) {
+    //Check if secure element is reset
+    bool isSeResetOccurred = (0 != (errorCode & SE_POWER_RESET_STATUS_FLAG));
+
+    if (isSeResetOccurred) {
+        //Clear the operation table for Strongbox operations entries.
+        clearStrongboxOprHandleEntries(oprCtx);
+        return extractActualErrorCode(errorCode);
+    }
+    return errorCode;
+}
+
 template
 static std::tuple, T> decodeData(CborConverter& cb, const std::vector& response, bool
         hasErrorCode, const std::unique_ptr& oprCtx) {
     std::unique_ptr item(nullptr);
     T errorCode = T::OK;
     std::tie(item, errorCode) = cb.decodeData(response, hasErrorCode);
-    int32_t temp = static_cast(errorCode);
 
-    //Check if secure element is reset
-    bool canaryBitSet = (0 != (temp & CANARY_BIT_FLAG));
+    uint32_t tempErrCode = handleSePowerResetAndExtractOriginalErrorCode(oprCtx, static_cast(errorCode));
 
-    if (canaryBitSet) {
-        //Clear the operation table for Strongbox operations entries.
-        clearStrongboxOprHandleEntries(oprCtx);
-        UNSET_CANARY_BIT(temp);
-    }
     // SE sends errocode as unsigned value so convert the unsigned value
-    // into a signed value of same magnitude.
-    TWOS_COMPLIMENT(temp);
-
-    //Write back temp to errorCode
-    errorCode = static_cast(temp);
+    // into a signed value of same magnitude and copy back to errorCode.
+    errorCode = static_cast(get2sCompliment(tempErrorCode));
 
     if (T::OK != errorCode)
         errorCode = translateExtendedErrorsToHalErrors(errorCode);

From ac1e91827ad6d8ae8e02cd41aa9927b4f32da03e Mon Sep 17 00:00:00 2001
From: BKSSM Venkateswarlu
 
Date: Wed, 28 Apr 2021 16:37:52 +0530
Subject: [PATCH 148/169] Updated the comment

---
 HAL/keymaster/4.1/JavacardKeymaster4Device.cpp | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp b/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp
index 2cabff46..090ea6ba 100644
--- a/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp
+++ b/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp
@@ -231,12 +231,12 @@ static void deleteOprHandleEntry(uint64_t halGeneratedOperationHandle) {
 
 /* Clears all the strongbox operation handle entries from operation table */
 static void clearStrongboxOprHandleEntries(const std::unique_ptr& oprCtx) {
-    LOG(WARNING) << "secure element reset occurred. All the below mentioned operation handles becomes invalid"
-        << " and the owners of these operations has to restart the operation again.";
+    LOG(WARNING) << "secure element reset occurred. All the below operation handles for private key operations"
+        << " becomes invalid and the owners of these operations has to restart the operation again.";
     auto it = operationTable.begin();
     while (it != operationTable.end()) {
         if (it->second.second == SB_KM_OPR) { //Strongbox operation
-            LOG(WARNING) << "operation handle: "(int32_t) it->first << " is invalid";
+            LOG(WARNING) << "operation handle: " << it->first << " is invalid";
             oprCtx->clearOperationData(it->second.first);
             it = operationTable.erase(it);
         } else {
@@ -288,7 +288,7 @@ static std::tuple, T> decodeData(CborConverter& cb, const
 
     // SE sends errocode as unsigned value so convert the unsigned value
     // into a signed value of same magnitude and copy back to errorCode.
-    errorCode = static_cast(get2sCompliment(tempErrorCode));
+    errorCode = static_cast(get2sCompliment(tempErrCode));
 
     if (T::OK != errorCode)
         errorCode = translateExtendedErrorsToHalErrors(errorCode);

From 4c6f532fa875f548c7b86d9b1f478d9b60403648 Mon Sep 17 00:00:00 2001
From: BKSSM Venkateswarlu 
Date: Wed, 28 Apr 2021 16:53:49 +0100
Subject: [PATCH 149/169] Renamed canary bit name to power reset status

---
 .../javacard/test/KMFunctionalTest.java       | 32 +++++++--------
 .../android/javacard/keymaster/KMEncoder.java |  4 +-
 .../javacard/keymaster/KMKeymasterApplet.java |  2 +-
 ProvisioningTool/Provision.cpp                | 39 ++++++++++++-------
 4 files changed, 45 insertions(+), 32 deletions(-)

diff --git a/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java b/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java
index c77e83e0..41bc41a6 100644
--- a/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java
+++ b/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java
@@ -453,7 +453,7 @@ public class KMFunctionalTest {
   private static final short MAJOR_TYPE_MASK = 0xE0;
   private static final byte CBOR_ARRAY_MAJOR_TYPE = (byte) 0x80;
   private static final byte CBOR_UINT_MAJOR_TYPE = 0x00;
-  private static final short CANARY_BIT_FLAG = (short) 0x4000;
+  private static final short SE_POWER_RESET_FLAG = (short) 0x4000;
   private static final boolean RESET = true;
   private static final boolean NO_RESET = false;
 
@@ -1969,7 +1969,7 @@ private short abort(short opHandle, boolean triggerReset) {
     short ret = decoder.decode(KMInteger.exp(), respBuf, (short) 0, (short) respBuf.length);
     if (triggerReset) {
       short error = KMInteger.cast(ret).getSignificantShort();
-      Assert.assertEquals(error, CANARY_BIT_FLAG);
+      Assert.assertEquals(error, SE_POWER_RESET_FLAG);
     }
     return ret;
   }
@@ -2837,7 +2837,7 @@ public void testCardRest() {
       //Call begin1 end----------------
 
       //Call update operation----------------
-      // Call update operation and check if the canary bit is set or not.
+      // Call update operation and check if the secure element power reset flag is set or not.
       short dataPtr = KMByteBlob.instance(input, (short) 0, (short) input.length);
       opHandle = KMInteger.instance(opHandleBuf, (short) 0, (short) opHandleBuf.length);
       // update with trigger reset.
@@ -2850,7 +2850,7 @@ public void testCardRest() {
       //Call update end----------------
 
       //Call update1 operation----------------
-      // Call update1 operation and check if the canary bit is set or not.
+      // Call update1 operation and check if the secure element power reset flag is set or not.
       dataPtr = KMByteBlob.instance(input, (short) 0, (short) input.length);
       opHandle1 = KMInteger.instance(opHandleBuf1, (short) 0, (short) opHandleBuf1.length);
       // update with trigger reset.
@@ -2863,7 +2863,7 @@ public void testCardRest() {
       //Call update end----------------
 
       //Call finish operation----------------
-      // Call finish operation and check if the canary bit is set or not.
+      // Call finish operation and check if the secure element power reset flag is set or not.
       dataPtr = KMByteBlob.instance((short) 0);
       opHandle = KMInteger.uint_64(opHandleBuf, (short) 0);
       short expectedErr = KMError.OK;
@@ -2874,7 +2874,7 @@ public void testCardRest() {
       //Call finish end----------------
 
       //Call finish1 operation----------------
-      // Call finish1 operation and check if the canary bit is set or not.
+      // Call finish1 operation and check if the secure element power reset flag is set or not.
       dataPtr = KMByteBlob.instance((short) 0);
       opHandle1 = KMInteger.instance(opHandleBuf1, (short) 0, (short) opHandleBuf1.length);
       expectedErr = KMError.OK;
@@ -2885,7 +2885,7 @@ public void testCardRest() {
       //Call finish end----------------
 
       //Call abort operation----------------
-      // Call abort operation and check if the canary bit is set or not.
+      // Call abort operation and check if the secure element power reset flag is set or not.
       opHandle = KMInteger.uint_64(opHandleBuf, (short) 0);
       ret = abort(opHandle, resetEvents[i][6]);
       if (resetEvents[i][1] || resetEvents[i][2] | resetEvents[i][3] | resetEvents[i][4] | resetEvents[i][5] | resetEvents[i][6]) {
@@ -3379,14 +3379,14 @@ public short begin(byte keyPurpose, short keyBlob, short keyParmas, short hwToke
       Assert.assertEquals(error, KMError.OK);
       if (triggerReset) {
         error = KMInteger.cast(KMArray.cast(ret).get((short) 0)).getSignificantShort();
-        Assert.assertEquals(error, CANARY_BIT_FLAG);
+        Assert.assertEquals(error, SE_POWER_RESET_FLAG);
       }
       return ret;
     } else {//Major type UINT.
       ret = decoder.decode(KMInteger.exp(), respBuf, (short) 0, len);
       if (triggerReset) {
         short error = KMInteger.cast(ret).getSignificantShort();
-        Assert.assertEquals(error, CANARY_BIT_FLAG);
+        Assert.assertEquals(error, SE_POWER_RESET_FLAG);
       }
       return KMInteger.cast(ret).getShort();
       /*if (len == 3) {
@@ -3474,15 +3474,15 @@ public short finish(short operationHandle, short data, byte[] signature, short i
     if (expectedErr == KMError.OK) {
       error = KMInteger.cast(KMArray.cast(ret).get((short) 0)).getShort();
       if (triggerReset) {
-        short canaryBit = KMInteger.cast(KMArray.cast(ret).get((short) 0)).getSignificantShort();
-        Assert.assertEquals(canaryBit, CANARY_BIT_FLAG);
+        short powerResetStatus = KMInteger.cast(KMArray.cast(ret).get((short) 0)).getSignificantShort();
+        Assert.assertEquals(powerResetStatus, SE_POWER_RESET_FLAG);
       }
     } else {
       error = KMInteger.cast(ret).getShort();
       error = translateExtendedErrorCodes(error);
       if (triggerReset) {
-        short canaryBit = KMInteger.cast(ret).getSignificantShort();
-        Assert.assertEquals(canaryBit, CANARY_BIT_FLAG);
+        short powerResetStatus = KMInteger.cast(ret).getSignificantShort();
+        Assert.assertEquals(powerResetStatus, SE_POWER_RESET_FLAG);
       }
     }
     Assert.assertEquals(error, expectedErr);
@@ -3528,13 +3528,13 @@ public short update(short operationHandle, short data, short inParams, short hwT
       Assert.assertEquals(error, KMError.OK);
       if (triggerReset) {
         error = KMInteger.cast(KMArray.cast(ret).get((short) 0)).getSignificantShort();
-        Assert.assertEquals(error, CANARY_BIT_FLAG);
+        Assert.assertEquals(error, SE_POWER_RESET_FLAG);
       }
     } else {
       ret = decoder.decode(KMInteger.exp(), respBuf, (short)0, len);
       if (triggerReset) {
-        short canaryBit = KMInteger.cast(ret).getSignificantShort();
-        Assert.assertEquals(canaryBit, CANARY_BIT_FLAG);
+        short powerResetStatus = KMInteger.cast(ret).getSignificantShort();
+        Assert.assertEquals(powerResetStatus, SE_POWER_RESET_FLAG);
       }
     }
     return ret;
diff --git a/Applet/src/com/android/javacard/keymaster/KMEncoder.java b/Applet/src/com/android/javacard/keymaster/KMEncoder.java
index 0e4666f2..14d8ef4c 100644
--- a/Applet/src/com/android/javacard/keymaster/KMEncoder.java
+++ b/Applet/src/com/android/javacard/keymaster/KMEncoder.java
@@ -108,7 +108,7 @@ public short encodeCert(byte[] certBuffer, short bufferStart, short certStart, s
     scratchBuf[LEN_OFFSET] = (short) (certStart + 1);
     //Array header - 2 elements i.e. 1 byte
     scratchBuf[START_OFFSET]--;
-    // errInt32Ptr - CanaryBit + ErrorCode - 4 bytes
+    // errInt32Ptr - PowerResetStatus + ErrorCode - 4 bytes
     // Integer header - 1 byte
     scratchBuf[START_OFFSET] -= getEncodedIntegerLength(errInt32Ptr);
     //Array header - 2 elements i.e. 1 byte
@@ -123,7 +123,7 @@ public short encodeCert(byte[] certBuffer, short bufferStart, short certStart, s
     }
     bufferStart = scratchBuf[START_OFFSET];
     writeMajorTypeWithLength(ARRAY_TYPE, (short) 2); // Array of 2 elements
-    encodeInteger(errInt32Ptr); //CanaryBit + ErrorCode
+    encodeInteger(errInt32Ptr); //PowerResetStatus + ErrorCode
     writeMajorTypeWithLength(ARRAY_TYPE, (short) 1); // Array of 1 element
     writeMajorTypeWithLength(BYTES_TYPE, certLength); // Cert Byte Blob of length
     return bufferStart;
diff --git a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
index aec806b5..5c452e56 100644
--- a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
+++ b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
@@ -653,7 +653,7 @@ private void processGetCertChainCmd(APDU apdu) {
     tmpVariables[0] = seProvider.getCertificateChainLength();
     short int32Ptr = getErrorStatusWithPowerResetStatusSet(KMError.OK);
     //Total Extra length
-    // Add arrayHeader and (CanaryBitSet + KMError.OK)
+    // Add arrayHeader and (PowerResetStatus + KMError.OK)
     tmpVariables[2] = (short) (1 + encoder.getEncodedIntegerLength(int32Ptr));
     tmpVariables[0] += tmpVariables[2];
     tmpVariables[1] = KMByteBlob.instance(tmpVariables[0]);
diff --git a/ProvisioningTool/Provision.cpp b/ProvisioningTool/Provision.cpp
index f1762430..950b9203 100644
--- a/ProvisioningTool/Provision.cpp
+++ b/ProvisioningTool/Provision.cpp
@@ -35,9 +35,7 @@
 #define APDU_P1  0x40
 #define APDU_P2  0x00
 #define APDU_RESP_STATUS_OK 0x9000
-#define CANARY_BIT_FLAG ( 1 << 30)
-#define UNSET_CANARY_BIT(a) (a &= ~CANARY_BIT_FLAG)
-#define TWOS_COMPLIMENT(a) (a = ~a + 1)
+#define SE_POWER_RESET_STATUS_FLAG ( 1 << 30)
 
 namespace keymaster {
 namespace V4_1 {
@@ -122,6 +120,28 @@ static T translateExtendedErrorsToHalErrors(T& errorCode) {
     return err;
 }
 
+/**
+ * Returns the negative value of the same number.
+ */
+static inline int32_t get2sCompliment(uint32_t value) { 
+    return static_cast(~value+1); 
+}
+
+/**
+ * This function separates the original error code from the
+ * power reset flag and returns the original error code.
+ */
+static uint32_t extractOriginalErrorCode(uint32_t errorCode) {
+    //Check if secure element is reset
+    bool isSeResetOccurred = (0 != (errorCode & SE_POWER_RESET_STATUS_FLAG));
+
+    if (isSeResetOccurred) {
+        LOG(ERROR) << "Secure element reset happened";
+        return (errorCode & ~SE_POWER_RESET_STATUS_FLAG);
+    }
+    return errorCode;
+}
+
 template
 static std::tuple, T> decodeData(CborConverter& cb, const std::vector& response) {
     std::unique_ptr item(nullptr);
@@ -129,18 +149,11 @@ static std::tuple, T> decodeData(CborConverter& cb, const
     std::tie(item, errorCode) = cb.decodeData(response, true);
     int32_t temp = static_cast(errorCode);
 
-    bool canaryBitSet = (0 != (temp & CANARY_BIT_FLAG));
+    uint32_t tempErrCode = extractOriginalErrorCode(static_cast(errorCode));
 
-    if (canaryBitSet) {
-        LOG(INFO) << "Secureelement reset happened";
-        UNSET_CANARY_BIT(temp);
-    }
     // SE sends errocode as unsigned value so convert the unsigned value
-    // into a signed value of same magnitude.
-    TWOS_COMPLIMENT(temp);
-
-    //Write back temp to errorCode
-    errorCode = static_cast(temp);
+    // into a signed value of same magnitude and copy back to errorCode.
+    errorCode = static_cast(get2sCompliment(tempErrCode));
 
     if (T::OK != errorCode)
         errorCode = translateExtendedErrorsToHalErrors(errorCode);

From 7c2a3edc0e39969e2369df2da74110b7637f4d20 Mon Sep 17 00:00:00 2001
From: bvenkatswarlu 
Date: Thu, 29 Apr 2021 01:54:01 +0530
Subject: [PATCH 150/169] renamed function and variables names appropriately

---
 .../javacard/keymaster/KMKeymasterApplet.java | 37 +++++++++++--------
 .../javacard/keymaster/KMRepository.java      | 11 +++++-
 2 files changed, 30 insertions(+), 18 deletions(-)

diff --git a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
index 5c452e56..cb739745 100644
--- a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
+++ b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
@@ -41,7 +41,7 @@ public class KMKeymasterApplet extends Applet implements AppletEvent, ExtendedLe
   private static final short KM_HAL_VERSION = (short) 0x4000;
   private static final short MAX_AUTH_DATA_SIZE = (short) 512;
   private static final short DERIVE_KEY_INPUT_SIZE = (short) 256;
-  private static final short POWER_RESET_STATUS_FLAG = (short) 0x4000;
+  private static final short POWER_RESET_MASK_FLAG = (short) 0x4000;
 
   // "Keymaster HMAC Verification" - used for HMAC key verification.
   public static final byte[] sharingCheck = {
@@ -651,7 +651,7 @@ private void processAddRngEntropyCmd(APDU apdu) {
   private void processGetCertChainCmd(APDU apdu) {
     // Make the response
     tmpVariables[0] = seProvider.getCertificateChainLength();
-    short int32Ptr = getErrorStatusWithPowerResetStatusSet(KMError.OK);
+    short int32Ptr = buildErrorStatus(KMError.OK);
     //Total Extra length
     // Add arrayHeader and (PowerResetStatus + KMError.OK)
     tmpVariables[2] = (short) (1 + encoder.getEncodedIntegerLength(int32Ptr));
@@ -847,7 +847,7 @@ private void processProvisionSharedSecretCmd(APDU apdu) {
 
   private void processGetProvisionStatusCmd(APDU apdu) {
     tmpVariables[0] = KMArray.instance((short) 2);
-    KMArray.cast(tmpVariables[0]).add((short) 0, getErrorStatusWithPowerResetStatusSet(KMError.OK));
+    KMArray.cast(tmpVariables[0]).add((short) 0, buildErrorStatus(KMError.OK));
     KMArray.cast(tmpVariables[0]).add((short) 1, KMInteger.uint_16(provisionStatus));
 
     bufferProp[BUF_START_OFFSET] = repository.allocAvailableMemory();
@@ -922,7 +922,7 @@ private void processGetKeyCharacteristicsCmd(APDU apdu) {
     checkVersionAndPatchLevel(scratchPad);
     // make response.
     tmpVariables[0] = KMArray.instance((short) 2);
-    KMArray.cast(tmpVariables[0]).add((short) 0, getErrorStatusWithPowerResetStatusSet(KMError.OK));
+    KMArray.cast(tmpVariables[0]).add((short) 0, buildErrorStatus(KMError.OK));
     KMArray.cast(tmpVariables[0]).add((short) 1, data[KEY_CHARACTERISTICS]);
 
     bufferProp[BUF_START_OFFSET] = repository.allocAvailableMemory();
@@ -939,7 +939,7 @@ private void processGetHmacSharingParamCmd(APDU apdu) {
     KMHmacSharingParameters.cast(tmpVariables[2]).setSeed(KMByteBlob.instance((short) 0));
     // prepare the response
     tmpVariables[3] = KMArray.instance((short) 2);
-    KMArray.cast(tmpVariables[3]).add((short) 0, getErrorStatusWithPowerResetStatusSet(KMError.OK));
+    KMArray.cast(tmpVariables[3]).add((short) 0, buildErrorStatus(KMError.OK));
     KMArray.cast(tmpVariables[3]).add((short) 1, tmpVariables[2]);
 
     bufferProp[BUF_START_OFFSET] = repository.allocAvailableMemory();
@@ -1105,7 +1105,7 @@ private void processComputeSharedHmacCmd(APDU apdu) {
     tmpVariables[1] = KMByteBlob.instance(scratchPad, tmpVariables[6], tmpVariables[5]);
     // prepare the response
     tmpVariables[0] = KMArray.instance((short) 2);
-    KMArray.cast(tmpVariables[0]).add((short) 0, getErrorStatusWithPowerResetStatusSet(KMError.OK));
+    KMArray.cast(tmpVariables[0]).add((short) 0, buildErrorStatus(KMError.OK));
     KMArray.cast(tmpVariables[0]).add((short) 1, tmpVariables[1]);
 
     bufferProp[BUF_START_OFFSET] = repository.allocAvailableMemory();
@@ -1183,7 +1183,7 @@ private void processUpgradeKeyCmd(APDU apdu) {
     }
     // prepare the response
     tmpVariables[0] = KMArray.instance((short) 2);
-    KMArray.cast(tmpVariables[0]).add((short) 0, getErrorStatusWithPowerResetStatusSet(KMError.OK));
+    KMArray.cast(tmpVariables[0]).add((short) 0, buildErrorStatus(KMError.OK));
     KMArray.cast(tmpVariables[0]).add((short) 1, data[KEY_BLOB]);
 
     bufferProp[BUF_START_OFFSET] = repository.allocAvailableMemory();
@@ -1461,7 +1461,7 @@ private void processAttestKeyCmd(APDU apdu) {
     cert.build();
     bufferProp[BUF_START_OFFSET] =
         encoder.encodeCert((byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET], cert.getCertStart(), cert.getCertLength(),
-            getErrorStatusWithPowerResetStatusSet(KMError.OK));
+            buildErrorStatus(KMError.OK));
     bufferProp[BUF_LEN_OFFSET] = (short) (cert.getCertLength() + (cert.getCertStart() - bufferProp[BUF_START_OFFSET]));
     sendOutgoing(apdu);
   }
@@ -1626,7 +1626,7 @@ private void processFinishOperationCmd(APDU apdu) {
     if (data[OUTPUT_DATA] == KMType.INVALID_VALUE) {
       data[OUTPUT_DATA] = KMByteBlob.instance((short) 0);
     }
-    KMArray.cast(tmpVariables[2]).add((short) 0, getErrorStatusWithPowerResetStatusSet(KMError.OK));
+    KMArray.cast(tmpVariables[2]).add((short) 0, buildErrorStatus(KMError.OK));
     KMArray.cast(tmpVariables[2]).add((short) 1, tmpVariables[1]);
     KMArray.cast(tmpVariables[2]).add((short) 2, data[OUTPUT_DATA]);
 
@@ -2108,7 +2108,7 @@ private void processUpdateOperationCmd(APDU apdu) {
     if (data[OUTPUT_DATA] == KMType.INVALID_VALUE) {
       data[OUTPUT_DATA] = KMByteBlob.instance((short) 0);
     }
-    KMArray.cast(tmpVariables[2]).add((short) 0, getErrorStatusWithPowerResetStatusSet(KMError.OK));
+    KMArray.cast(tmpVariables[2]).add((short) 0, buildErrorStatus(KMError.OK));
     KMArray.cast(tmpVariables[2]).add((short) 1, KMInteger.uint_16(tmpVariables[3]));
     KMArray.cast(tmpVariables[2]).add((short) 2, tmpVariables[1]);
     KMArray.cast(tmpVariables[2]).add((short) 3, data[OUTPUT_DATA]);
@@ -2214,7 +2214,7 @@ private void processBeginOperationCmd(APDU apdu) {
     }
     tmpVariables[1] = KMKeyParameters.instance(tmpVariables[2]);
     tmpVariables[0] = KMArray.instance((short) 3);
-    KMArray.cast(tmpVariables[0]).add((short) 0, getErrorStatusWithPowerResetStatusSet(KMError.OK));
+    KMArray.cast(tmpVariables[0]).add((short) 0, buildErrorStatus(KMError.OK));
     KMArray.cast(tmpVariables[0]).add((short) 1, tmpVariables[1]);
     KMArray.cast(tmpVariables[0]).add((short) 2, data[OP_HANDLE]);
 
@@ -2824,7 +2824,7 @@ private void importKey(APDU apdu, byte[] scratchPad) {
 
     // prepare the response
     tmpVariables[0] = KMArray.instance((short) 3);
-    KMArray.cast(tmpVariables[0]).add((short) 0, getErrorStatusWithPowerResetStatusSet(KMError.OK));
+    KMArray.cast(tmpVariables[0]).add((short) 0, buildErrorStatus(KMError.OK));
     KMArray.cast(tmpVariables[0]).add((short) 1, data[KEY_BLOB]);
     KMArray.cast(tmpVariables[0]).add((short) 2, data[KEY_CHARACTERISTICS]);
 
@@ -3326,7 +3326,7 @@ private static void processGenerateKey(APDU apdu) {
 
     // prepare the response
     tmpVariables[0] = KMArray.instance((short) 3);
-    KMArray.cast(tmpVariables[0]).add((short) 0, getErrorStatusWithPowerResetStatusSet(KMError.OK));
+    KMArray.cast(tmpVariables[0]).add((short) 0, buildErrorStatus(KMError.OK));
     KMArray.cast(tmpVariables[0]).add((short) 1, data[KEY_BLOB]);
     KMArray.cast(tmpVariables[0]).add((short) 2, data[KEY_CHARACTERISTICS]);
 
@@ -3834,11 +3834,15 @@ private static short deriveKey(byte[] scratchPad) {
     return tmpVariables[3];
   }
 
-  private static short getErrorStatusWithPowerResetStatusSet(short err) {
+  // This function masks the error code with POWER_RESET_MASK_FLAG
+  // in case if card reset event occurred. The clients of the Applet
+  // has to extract the power reset status from the error code and
+  // process accordingly.
+  private static short buildErrorStatus(short err) {
     short int32Ptr = KMInteger.instance((short) 4);
     short powerResetStatus = 0;
     if (repository.isPowerResetEventOccurred()) {
-      powerResetStatus = POWER_RESET_STATUS_FLAG;
+      powerResetStatus = POWER_RESET_MASK_FLAG;
     }
 
     Util.setShort(KMInteger.cast(int32Ptr).getBuffer(),
@@ -3849,13 +3853,14 @@ private static short getErrorStatusWithPowerResetStatusSet(short err) {
         (short) (KMInteger.cast(int32Ptr).getStartOff() + 2),
         err);
 
+    // reset power reset status flag to its default value.
     repository.restorePowerResetStatus();
     return int32Ptr;
   }
 
   private static void sendError(APDU apdu, short err) {
     bufferProp[BUF_START_OFFSET] = repository.alloc((short) 5);
-    short int32Ptr = getErrorStatusWithPowerResetStatusSet(err);
+    short int32Ptr = buildErrorStatus(err);
     bufferProp[BUF_LEN_OFFSET] = encoder.encodeError(int32Ptr, (byte[]) bufferRef[0],
         bufferProp[BUF_START_OFFSET], (short) 5);
     sendOutgoing(apdu);
diff --git a/Applet/src/com/android/javacard/keymaster/KMRepository.java b/Applet/src/com/android/javacard/keymaster/KMRepository.java
index 2409d9c1..39127850 100644
--- a/Applet/src/com/android/javacard/keymaster/KMRepository.java
+++ b/Applet/src/com/android/javacard/keymaster/KMRepository.java
@@ -91,7 +91,9 @@ public class KMRepository implements KMUpgradable {
   private byte[] dataTable;
   private short dataIndex;
   private short[] reclaimIndex;
-  // This variable is used to check if power reset event occurred.
+  // This variable is used to monitor the power reset status as the Applet does not get
+  // any power reset event. Initially the value of this variable is set to POWER_RESET_STATUS_FLAG.
+  // If the power reset happens then this value becomes 0.
   private byte[] powerResetStatus;
 
   // Operation table.
@@ -135,7 +137,8 @@ public KMRepository(boolean isUpgrading) {
     repository = this;
   }
 
-  // This function should only be called before processing any of the APUs.
+  // This function checks if card reset event occurred and this function
+  // should only be called before processing any of the APUs.
   // Transient memory is cleared in two cases:
   // 1. Card reset event
   // 2. Applet upgrade.
@@ -146,6 +149,10 @@ public boolean isPowerResetEventOccurred() {
     return true;
   }
 
+  /**
+   * This function sets the power reset status flag to its
+   * default value.
+   */
   public void restorePowerResetStatus() {
     powerResetStatus[0] = POWER_RESET_STATUS_FLAG;
   }

From e1f16632a21190d1465cae84323678a67c1a7d08 Mon Sep 17 00:00:00 2001
From: BKSSM Venkateswarlu 
Date: Wed, 28 Apr 2021 21:50:18 +0100
Subject: [PATCH 151/169] renamed function names and added comments.

---
 HAL/keymaster/4.1/JavacardKeymaster4Device.cpp | 18 +++++-------------
 1 file changed, 5 insertions(+), 13 deletions(-)

diff --git a/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp b/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp
index 090ea6ba..76058f52 100644
--- a/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp
+++ b/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp
@@ -252,27 +252,19 @@ static inline int32_t get2sCompliment(uint32_t value) {
     return static_cast(~value+1); 
 }
 
-/**
- * This function separates the original error code from the
- * power reset flag and returns the original error code.
- */
-static inline uint32_t extractActualErrorCode(uint32_t err) { 
-    // Unset the power rest flag.
-    return (err & ~SE_POWER_RESET_STATUS_FLAG);
-}
-
 /**
  * Clears all the strongbox operation handle entries if secure element power reset happens.
- * And also extracts the original error code value.
+ * And also extracts the error code value after unmasking the power reset status flag.
  */
-static uint32_t handleSePowerResetAndExtractOriginalErrorCode(const std::unique_ptr& oprCtx, uint32_t errorCode) {
+static uint32_t handleErrorCode(const std::unique_ptr& oprCtx, uint32_t errorCode) {
     //Check if secure element is reset
     bool isSeResetOccurred = (0 != (errorCode & SE_POWER_RESET_STATUS_FLAG));
 
     if (isSeResetOccurred) {
         //Clear the operation table for Strongbox operations entries.
         clearStrongboxOprHandleEntries(oprCtx);
-        return extractActualErrorCode(errorCode);
+        // Unmask the power reset status flag.
+        errorCode &= ~SE_POWER_RESET_STATUS_FLAG;
     }
     return errorCode;
 }
@@ -284,7 +276,7 @@ static std::tuple, T> decodeData(CborConverter& cb, const
     T errorCode = T::OK;
     std::tie(item, errorCode) = cb.decodeData(response, hasErrorCode);
 
-    uint32_t tempErrCode = handleSePowerResetAndExtractOriginalErrorCode(oprCtx, static_cast(errorCode));
+    uint32_t tempErrCode = handleErrorCode(oprCtx, static_cast(errorCode));
 
     // SE sends errocode as unsigned value so convert the unsigned value
     // into a signed value of same magnitude and copy back to errorCode.

From bc30d09609c4d44f74d07e60f8d74b53b9fb409f Mon Sep 17 00:00:00 2001
From: BKSSM Venkateswarlu
 
Date: Thu, 29 Apr 2021 02:59:06 +0530
Subject: [PATCH 152/169] variable names changed properly

---
 ProvisioningTool/Provision.cpp | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/ProvisioningTool/Provision.cpp b/ProvisioningTool/Provision.cpp
index 950b9203..0f31fb86 100644
--- a/ProvisioningTool/Provision.cpp
+++ b/ProvisioningTool/Provision.cpp
@@ -131,13 +131,13 @@ static inline int32_t get2sCompliment(uint32_t value) {
  * This function separates the original error code from the
  * power reset flag and returns the original error code.
  */
-static uint32_t extractOriginalErrorCode(uint32_t errorCode) {
+static uint32_t extractErrorCode(uint32_t errorCode) {
     //Check if secure element is reset
     bool isSeResetOccurred = (0 != (errorCode & SE_POWER_RESET_STATUS_FLAG));
 
     if (isSeResetOccurred) {
         LOG(ERROR) << "Secure element reset happened";
-        return (errorCode & ~SE_POWER_RESET_STATUS_FLAG);
+        errorCode &= ~SE_POWER_RESET_STATUS_FLAG;
     }
     return errorCode;
 }
@@ -147,9 +147,8 @@ static std::tuple, T> decodeData(CborConverter& cb, const
     std::unique_ptr item(nullptr);
     T errorCode = T::OK;
     std::tie(item, errorCode) = cb.decodeData(response, true);
-    int32_t temp = static_cast(errorCode);
 
-    uint32_t tempErrCode = extractOriginalErrorCode(static_cast(errorCode));
+    uint32_t tempErrCode = extractErrorCode(static_cast(errorCode));
 
     // SE sends errocode as unsigned value so convert the unsigned value
     // into a signed value of same magnitude and copy back to errorCode.

From 75a14fc826218c3aad01793c8f22c8a5b0be83b6 Mon Sep 17 00:00:00 2001
From: bvenkatswarlu 
Date: Thu, 29 Apr 2021 16:23:08 +0530
Subject: [PATCH 153/169] Fixed the failure in Unittest

---
 .../test/com/android/javacard/test/KMFunctionalTest.java      | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java b/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java
index 9df39738..1e80f4b2 100644
--- a/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java
+++ b/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java
@@ -2758,9 +2758,9 @@ public void testUpgradeKey() {
             {0, OS_PATCH_LEVEL+1, VENDOR_PATCH_LEVEL-1, BOOT_PATCH_LEVEL+1, NO_UPGRADE,  KMError.INVALID_ARGUMENT },
     };
     for (int i = 0; i < test_data.length; i++) {
-      setAndroidOSSystemProperties(simulator, (short) test_data[i][0], (short) test_data[i][1],
-        (short) test_data[i][2]);
       setBootParams(simulator, (short) test_data[i][3]);
+      setAndroidOSSystemProperties(simulator, (short) test_data[i][0], (short) test_data[i][1],
+          (short) test_data[i][2]);
       ret = upgradeKey(
         KMByteBlob.instance(keyBlob, (short) 0, (short) keyBlob.length),
         null, null, test_data[i][5]);

From 39ac041ce7f14f07b1986f1e9970619af211191c Mon Sep 17 00:00:00 2001
From: BKSSM Venkateswarlu
 
Date: Thu, 29 Apr 2021 18:32:32 +0530
Subject: [PATCH 154/169] Fixed the erros after merging branch

---
 HAL/keymaster/4.1/JavacardKeymaster4Device.cpp | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp b/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp
index f1f25cb4..a7298172 100644
--- a/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp
+++ b/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp
@@ -438,7 +438,11 @@ ErrorCode sendData(Instruction ins, std::vector& inData, std::vector& oprCtx) {
     ErrorCode errorCode = ErrorCode::UNKNOWN_ERROR;
     cppbor::Array array;
     std::unique_ptr item;
@@ -453,7 +457,7 @@ static ErrorCode setAndroidSystemProperties(CborConverter& cborConverter_) {
     if (ErrorCode::OK == errorCode) {
         //Skip last 2 bytes in cborData, it contains status.
         std::tie(item, errorCode) = decodeData(cborConverter_, std::vector(cborOutData.begin(), cborOutData.end()-2),
-                true);
+                true, oprCtx);
     }
     if (ErrorCode::OK != errorCode) 
         LOG(ERROR) << "Failed to set os_version, os_patchlevel and vendor_patchlevel err: " << (int32_t) errorCode;
@@ -471,7 +475,7 @@ JavacardKeymaster4Device::JavacardKeymaster4Device(): softKm_(new ::keymaster::A
     // Send Android system properties like os_version, os_patchlevel and vendor_patchlevel
     // to the Applet. Incase if setting system properties fails here, again try setting
     // it from computeSharedHmac.
-    if (ErrorCode::OK == setAndroidSystemProperties(cborConverter_)) {
+    if (ErrorCode::OK == setAndroidSystemProperties(cborConverter_, oprCtx_)) {
         isEachSystemPropertySet = true;
     }
 

From 25d36f429595860f397db3b5f7ef7e6c6282efcf Mon Sep 17 00:00:00 2001
From: bvenkatswarlu 
Date: Thu, 29 Apr 2021 21:00:47 +0530
Subject: [PATCH 155/169] Allow checking of boot signal event for setting boot
 parameters only in Active state

---
 Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
index 78fdc4c9..6566dd55 100644
--- a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
+++ b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
@@ -390,6 +390,7 @@ public void process(APDU apdu) {
         switch (apduIns) {
           case INS_SET_BOOT_PARAMS_CMD:
             if (seProvider.isBootSignalEventSupported()
+                && (keymasterState == KMKeymasterApplet.ACTIVE_STATE)
                 && (!seProvider.isDeviceRebooted())) {
               ISOException.throwIt(ISO7816.SW_COMMAND_NOT_ALLOWED);
             }

From dfff6319e7f56a5453c56a744ff8633016f60852 Mon Sep 17 00:00:00 2001
From: Rajesh Nyamagoud 
Date: Tue, 4 May 2021 09:09:45 -0700
Subject: [PATCH 156/169] Added debug and error logs in hal apis.

---
 .../4.1/JavacardKeymaster4Device.cpp          | 99 ++++++++++++++++---
 1 file changed, 87 insertions(+), 12 deletions(-)

diff --git a/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp b/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp
index a7298172..f82dee0b 100644
--- a/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp
+++ b/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp
@@ -232,12 +232,11 @@ static void deleteOprHandleEntry(uint64_t halGeneratedOperationHandle) {
 
 /* Clears all the strongbox operation handle entries from operation table */
 static void clearStrongboxOprHandleEntries(const std::unique_ptr& oprCtx) {
-    LOG(WARNING) << "secure element reset occurred. All the below operation handles for private key operations"
-        << " becomes invalid and the owners of these operations has to restart the operation again.";
+    LOG(INFO) << "Secure Element reset or applet upgrade detected. Removing existing operation handles";
     auto it = operationTable.begin();
     while (it != operationTable.end()) {
         if (it->second.second == SB_KM_OPR) { //Strongbox operation
-            LOG(WARNING) << "operation handle: " << it->first << " is invalid";
+            LOG(INFO) << "operation handle: " << it->first << " is removed";
             oprCtx->clearOperationData(it->second.first);
             it = operationTable.erase(it);
         } else {
@@ -283,8 +282,11 @@ static std::tuple, T> decodeData(CborConverter& cb, const
     // into a signed value of same magnitude and copy back to errorCode.
     errorCode = static_cast(get2sCompliment(tempErrCode));
 
-    if (T::OK != errorCode)
+    if (T::OK != errorCode) {
         errorCode = translateExtendedErrorsToHalErrors(errorCode);
+        LOG(ERROR) << "error in decodeData: " << (int32_t) errorCode;
+    }
+    LOG(DEBUG) << "decodeData status: " << (int32_t) errorCode;
     return {std::move(item), errorCode};
 }
 
@@ -425,16 +427,23 @@ ErrorCode sendData(Instruction ins, std::vector& inData, std::vector apdu;
 
     ret = constructApduMessage(ins, inData, apdu);
-    if(ret != ErrorCode::OK) return ret;
+    if(ret != ErrorCode::OK) {
+        LOG(ERROR) << "error in constructApduMessage cmd: " << (int32_t)ins << " status: " << (int32_t)ret;
+        return ret;
+    }
 
     if(!getTransportFactoryInstance()->sendData(apdu.data(), apdu.size(), response)) {
+        LOG(ERROR) << "error in sendData cmd: " << (int32_t)ins << " status: "
+                   << (int32_t)ErrorCode::SECURE_HW_COMMUNICATION_FAILED;
         return (ErrorCode::SECURE_HW_COMMUNICATION_FAILED);
     }
 
     // Response size should be greater than 2. Cbor output data followed by two bytes of APDU status.
     if((response.size() <= 2) || (getStatus(response) != APDU_RESP_STATUS_OK)) {
+        LOG(ERROR) << "error in sendData cmd: " << (int32_t)ins << " status: " << getStatus(response);
         return (ErrorCode::UNKNOWN_ERROR);
     }
+    LOG(DEBUG) << "sendData cmd: " << (int32_t)ins << " status: " << (int32_t)ErrorCode::OK;
     return (ErrorCode::OK);//success
 }
 
@@ -503,6 +512,7 @@ Return JavacardKeymaster4Device::getHardwareInfo(getHardwareInfo_cb _hidl_
             if(!cborConverter_.getUint64(item, 0, securityLevel) ||
                     !cborConverter_.getBinaryArray(item, 1, jcKeymasterName) ||
                     !cborConverter_.getBinaryArray(item, 2, jcKeymasterAuthor)) {
+                LOG(ERROR) << "Failed to convert cbor data of INS_GET_HW_INFO_CMD";
                 _hidl_cb(static_cast(securityLevel), jcKeymasterName, jcKeymasterAuthor);
                 return Void();
             }
@@ -512,6 +522,7 @@ Return JavacardKeymaster4Device::getHardwareInfo(getHardwareInfo_cb _hidl_
     } else {
         // It should not come here, but incase if for any reason SB keymaster fails to getHardwareInfo
         // return proper values from HAL.
+        LOG(ERROR) << "Failed to fetch getHardwareInfo from javacard";
         _hidl_cb(SecurityLevel::STRONGBOX, JAVACARD_KEYMASTER_NAME, JAVACARD_KEYMASTER_AUTHOR);
         return Void();
     }
@@ -530,6 +541,7 @@ Return JavacardKeymaster4Device::getHmacSharingParameters(getHmacSharingPa
                 true, oprCtx_);
         if (item != nullptr) {
             if(!cborConverter_.getHmacSharingParameters(item, 1, hmacSharingParameters)) {
+                LOG(ERROR) << "Failed to convert cbor data of INS_GET_HMAC_SHARING_PARAM_CMD";
                 errorCode = ErrorCode::UNKNOWN_ERROR;
             }
         }
@@ -541,11 +553,14 @@ Return JavacardKeymaster4Device::getHmacSharingParameters(getHmacSharingPa
      */
     else {
         auto response = softKm_->GetHmacSharingParameters();
+        LOG(DEBUG) << "INS_GET_HMAC_SHARING_PARAM_CMD not succeded with javacard";
+        LOG(DEBUG) << "Setting software keymaster hmac sharing parameters";
         hmacSharingParameters.seed.setToExternal(const_cast(response.params.seed.data),
                 response.params.seed.data_length);
         static_assert(sizeof(response.params.nonce) == hmacSharingParameters.nonce.size(), "Nonce sizes don't match");
         memcpy(hmacSharingParameters.nonce.data(), response.params.nonce, hmacSharingParameters.nonce.size());
         errorCode = legacy_enum_conversion(response.error);
+        LOG(DEBUG) << "INS_GET_HMAC_SHARING_PARAM_CMD softkm status: " << (int32_t) errorCode;
     }
 #endif
     _hidl_cb(errorCode, hmacSharingParameters);
@@ -597,6 +612,7 @@ Return JavacardKeymaster4Device::computeSharedHmac(const hidl_vec bstr;
             if(!cborConverter_.getBinaryArray(item, 1, bstr)) {
+                LOG(ERROR) << "INS_COMPUTE_SHARED_HMAC_CMD: failed to convert cbor sharing check value";
                 errorCode = ErrorCode::UNKNOWN_ERROR;
             } else {
                 sharingCheck = bstr;
@@ -621,9 +637,11 @@ Return JavacardKeymaster4Device::computeSharedHmac(const hidl_vecComputeSharedHmac(request);
         if (response.error == KM_ERROR_OK) sharingCheck = kmBlob2hidlVec(response.sharing_check);
         errorCode = legacy_enum_conversion(response.error);
+        LOG(DEBUG) << "INS_COMPUTE_SHARED_HMAC_CMD softkm status: " << (int32_t) errorCode;
     }
 #endif
     _hidl_cb(errorCode, sharingCheck);
@@ -632,6 +650,7 @@ Return JavacardKeymaster4Device::computeSharedHmac(const hidl_vec JavacardKeymaster4Device::verifyAuthorization(uint64_t , const hidl_vec& , const HardwareAuthToken& , verifyAuthorization_cb _hidl_cb) {
     VerificationToken verificationToken;
+    LOG(DEBUG) << "Verify authorizations UNIMPLEMENTED";
     _hidl_cb(ErrorCode::UNIMPLEMENTED, verificationToken);
     return Void();
 }
@@ -690,6 +709,7 @@ Return JavacardKeymaster4Device::generateKey(const hidl_vec&
                 keyCharacteristics.softwareEnforced.setToExternal(nullptr, 0);
                 keyCharacteristics.hardwareEnforced.setToExternal(nullptr, 0);
                 errorCode = ErrorCode::UNKNOWN_ERROR;
+                LOG(ERROR) << "INS_GENERATE_KEY_CMD: error while converting cbor data: " << (int32_t) errorCode;
             }
         }
     }
@@ -707,12 +727,14 @@ Return JavacardKeymaster4Device::importKey(const hidl_vec& k
     cppbor::Array subArray;
 
     if(keyFormat != KeyFormat::PKCS8 && keyFormat != KeyFormat::RAW) {
+        LOG(DEBUG) << "INS_IMPORT_KEY_CMD unsupported key format " << (int32_t)keyFormat;
         _hidl_cb(ErrorCode::UNSUPPORTED_KEY_FORMAT, keyBlob, keyCharacteristics);
         return Void();
     }
     cborConverter_.addKeyparameters(array, keyParams);
     array.add(static_cast(KeyFormat::RAW)); //javacard accepts only RAW.
     if(ErrorCode::OK != (errorCode = prepareCborArrayFromKeyData(keyParams, keyFormat, keyData, subArray))) {
+        LOG(ERROR) << "INS_IMPORT_KEY_CMD Error in while creating cbor data from key data:" << (int32_t) errorCode;
         _hidl_cb(errorCode, keyBlob, keyCharacteristics);
         return Void();
     }
@@ -736,6 +758,7 @@ Return JavacardKeymaster4Device::importKey(const hidl_vec& k
                 keyCharacteristics.softwareEnforced.setToExternal(nullptr, 0);
                 keyCharacteristics.hardwareEnforced.setToExternal(nullptr, 0);
                 errorCode = ErrorCode::UNKNOWN_ERROR;
+                LOG(ERROR) << "INS_IMPORT_KEY_CMD: error while converting cbor data, status: " << (int32_t) errorCode;
             }
         }
     }
@@ -760,6 +783,7 @@ Return JavacardKeymaster4Device::importWrappedKey(const hidl_vec&
 
     if(ErrorCode::OK != (errorCode = parseWrappedKey(wrappedKeyData, iv, transitKey, secureKey,
                     tag, authList, keyFormat, wrappedKeyDescription))) {
+        LOG(ERROR) << "INS_IMPORT_WRAPPED_KEY_CMD error while parsing wrapped key status: " << (int32_t) errorCode;
         _hidl_cb(errorCode, keyBlob, keyCharacteristics);
         return Void();
     }
@@ -791,6 +815,7 @@ Return JavacardKeymaster4Device::importWrappedKey(const hidl_vec&
                 keyCharacteristics.softwareEnforced.setToExternal(nullptr, 0);
                 keyCharacteristics.hardwareEnforced.setToExternal(nullptr, 0);
                 errorCode = ErrorCode::UNKNOWN_ERROR;
+                LOG(ERROR) << "INS_IMPORT_WRAPPED_KEY_CMD: error while converting cbor data, status: " << (int32_t) errorCode;
             }
         }
     }
@@ -820,6 +845,7 @@ Return JavacardKeymaster4Device::getKeyCharacteristics(const hidl_vec JavacardKeymaster4Device::exportKey(KeyFormat exportFormat, const h
             });
 
     if(errorCode != ErrorCode::OK) {
+        LOG(ERROR) << "Error in exportKey: " << (int32_t) errorCode;
         _hidl_cb(errorCode, resultKeyBlob);
         return Void();
     }
@@ -852,11 +879,14 @@ Return JavacardKeymaster4Device::exportKey(KeyFormat exportFormat, const h
     if(response.error == KM_ERROR_INCOMPATIBLE_ALGORITHM) {
         //Symmetric Keys cannot be exported.
         response.error = KM_ERROR_UNSUPPORTED_KEY_FORMAT;
+        LOG(ERROR) << "error in exportKey: unsupported algorithm or key format";
     }
     if (response.error == KM_ERROR_OK) {
         resultKeyBlob.setToExternal(response.key_data, response.key_data_length);
     }
-    _hidl_cb(legacy_enum_conversion(response.error), resultKeyBlob);
+    errorCode = legacy_enum_conversion(response.error);
+    LOG(DEBUG) << "exportKey status: " << (int32_t) errorCode;
+    _hidl_cb(errorCode, resultKeyBlob);
     return Void();
 }
 
@@ -884,6 +914,7 @@ Return JavacardKeymaster4Device::attestKey(const hidl_vec& keyToA
         if (item != nullptr) {
             if(!cborConverter_.getMultiBinaryArray(item, 1, temp)) {
                 errorCode = ErrorCode::UNKNOWN_ERROR;
+                LOG(ERROR) << "INS_ATTEST_KEY_CMD: error in converting cbor data, status: " << (int32_t) errorCode;
             } else {
                 cborData.clear();
                 cborOutData.clear();
@@ -897,12 +928,15 @@ Return JavacardKeymaster4Device::attestKey(const hidl_vec& keyToA
                         std::vector chain;
                         if(!cborConverter_.getBinaryArray(item, 1, chain)) {
                             errorCode = ErrorCode::UNKNOWN_ERROR;
+                            LOG(ERROR) << "attestkey INS_GET_CERT_CHAIN_CMD: errorn in converting cbor data, status: " << (int32_t) errorCode;
                         } else {
                             if(ErrorCode::OK == (errorCode = getCertificateChain(chain, temp))) {
                                 certChain.resize(temp.size());
                                 for(int i = 0; i < temp.size(); i++) {
                                     certChain[i] = temp[i];
                                 }
+                            } else {
+                                LOG(ERROR) << "Error in attestkey getCertificateChain: " << (int32_t) errorCode;
                             }
                         }
                     }
@@ -932,8 +966,10 @@ Return JavacardKeymaster4Device::upgradeKey(const hidl_vec& keyBl
         std::tie(item, errorCode) = decodeData(cborConverter_, std::vector(cborOutData.begin(), cborOutData.end()-2),
                 true, oprCtx_);
         if (item != nullptr) {
-            if(!cborConverter_.getBinaryArray(item, 1, upgradedKeyBlob))
+            if(!cborConverter_.getBinaryArray(item, 1, upgradedKeyBlob)) {
                 errorCode = ErrorCode::UNKNOWN_ERROR;
+                LOG(ERROR) << "INS_UPGRADE_KEY_CMD: error in converting cbor data, status: " << (int32_t) errorCode;
+            }
         }
     }
     _hidl_cb(errorCode, upgradedKeyBlob);
@@ -998,12 +1034,14 @@ Return JavacardKeymaster4Device::begin(KeyPurpose purpose, const hidl_vec<
     uint64_t generatedOpHandle = 0;
 
     if(keyBlob.size() == 0) {
+        LOG(ERROR) << "Error in INS_BEGIN_OPERATION_CMD, keyblob size is 0";
         _hidl_cb(ErrorCode::INVALID_ARGUMENT, resultParams, operationHandle);
         return Void();
     }
     /* Asymmetric public key operations like RSA Verify, RSA Encrypt, ECDSA verify
      * are handled by softkeymaster.
      */
+    LOG(DEBUG) << "INS_BEGIN_OPERATION_CMD purpose: " << (int32_t)purpose;
     if (KeyPurpose::ENCRYPT == purpose || KeyPurpose::VERIFY == purpose) {
         BeginOperationRequest request;
         request.purpose = legacy_enum_conversion(purpose);
@@ -1013,6 +1051,10 @@ Return JavacardKeymaster4Device::begin(KeyPurpose purpose, const hidl_vec<
         BeginOperationResponse response;
         /* For Symmetric key operation, the BeginOperation returns KM_ERROR_INCOMPATIBLE_ALGORITHM error. */
         softKm_->BeginOperation(request, &response);
+        errorCode = legacy_enum_conversion(response.error);
+        LOG(DEBUG) << "INS_BEGIN_OPERATION_CMD softkm BeginOperation status: " << (int32_t) errorCode;
+        if (errorCode != ErrorCode::OK)
+            LOG(ERROR) << "INS_BEGIN_OPERATION_CMD error in softkm BeginOperation status: " << (int32_t) errorCode;
 
         if (response.error == KM_ERROR_OK) {
             resultParams = kmParamSet2Hidl(response.output_params);
@@ -1023,8 +1065,11 @@ Return JavacardKeymaster4Device::begin(KeyPurpose purpose, const hidl_vec<
              * key - new operation handle
              * value - hal generated operation handle.
              */
-            if (errorCode == ErrorCode::OK)
+            if (errorCode == ErrorCode::OK) {
                 errorCode = createOprHandleEntry(response.op_handle, SW_KM_OPR, generatedOpHandle);
+                if (errorCode != ErrorCode::OK)
+                    LOG(ERROR) << "INS_BEGIN_OPERATION_CMD error while creating new operation handle: " << (int32_t) errorCode;
+            }
             _hidl_cb(errorCode, resultParams, generatedOpHandle);
             return Void();
         }
@@ -1061,6 +1106,7 @@ Return JavacardKeymaster4Device::begin(KeyPurpose purpose, const hidl_vec<
             errorCode = error;
             keyCharacteristics = keyChars;
             });
+    LOG(DEBUG) << "INS_BEGIN_OPERATION_CMD getKeyCharacteristics status: " << (int32_t) errorCode;
 
     if(errorCode == ErrorCode::OK) {
         errorCode = ErrorCode::UNKNOWN_ERROR;
@@ -1076,13 +1122,18 @@ Return JavacardKeymaster4Device::begin(KeyPurpose purpose, const hidl_vec<
                         errorCode = ErrorCode::UNKNOWN_ERROR;
                         outParams.setToExternal(nullptr, 0);
                         operationHandle = 0;
+                        LOG(ERROR) << "INS_BEGIN_OPERATION_CMD: error in converting cbor data, status: " << (int32_t) errorCode;
                     } else {
                         /* Store the operationInfo */
                         oprCtx_->setOperationInfo(operationHandle, purpose, param.f.algorithm, inParams);
                     }
                 }
             }
+        } else {
+            LOG(ERROR) << "INS_BEGIN_OPERATION_CMD couldn't find tag: " << (int32_t)Tag::ALGORITHM;
         }
+    } else {
+        LOG(ERROR) << "INS_BEGIN_OPERATION_CMD error in getKeyCharacteristics status: " << (int32_t) errorCode;
     }
     /* Create a new operation handle and add a entry inside the operation table map with
      * key - new operation handle
@@ -1090,6 +1141,7 @@ Return JavacardKeymaster4Device::begin(KeyPurpose purpose, const hidl_vec<
      */
     if (ErrorCode::OK == errorCode)
         errorCode = createOprHandleEntry(operationHandle, SB_KM_OPR, generatedOpHandle);
+
     _hidl_cb(errorCode, outParams, generatedOpHandle);
     return Void();
 }
@@ -1103,14 +1155,14 @@ Return JavacardKeymaster4Device::update(uint64_t halGeneratedOprHandle, co
     UpdateOperationResponse response;
     if (ErrorCode::OK != (errorCode = getOrigOperationHandle(halGeneratedOprHandle, operationHandle))) {
         LOG(ERROR) << " Operation handle is invalid. This could happen if invalid operation handle is passed or if"
-            << " secure element reset occurred. In case if secure element reset occured owner"
-            << "has to restart this operation again.";
+            << " secure element reset occurred.";
         _hidl_cb(errorCode, inputConsumed, outParams, output);
         return Void();
     }
 
     if (!isStrongboxOperation(halGeneratedOprHandle)) {
         /* SW keymaster (Public key operation) */
+        LOG(DEBUG) << "INS_UPDATE_OPERATION_CMD - swkm operation ";
         UpdateOperationRequest request;
         request.op_handle = operationHandle;
         request.input.Reinitialize(input.data(), input.size());
@@ -1118,10 +1170,15 @@ Return JavacardKeymaster4Device::update(uint64_t halGeneratedOprHandle, co
 
         softKm_->UpdateOperation(request, &response);
         errorCode = legacy_enum_conversion(response.error);
+        LOG(DEBUG) << "INS_UPDATE_OPERATION_CMD - swkm update operation status: "
+                   << (int32_t) errorCode;
         if (response.error == KM_ERROR_OK) {
             inputConsumed = response.input_consumed;
             outParams = kmParamSet2Hidl(response.output_params);
             output = kmBuffer2hidlVec(response.output);
+        } else {
+          LOG(ERROR) << "INS_UPDATE_OPERATION_CMD - error swkm update operation status: "
+                     << (int32_t) errorCode;
         }
     } else {
         /* Strongbox Keymaster operation */
@@ -1141,10 +1198,13 @@ Return JavacardKeymaster4Device::update(uint64_t halGeneratedOprHandle, co
             //ASSOCIATED_DATA present in KeyParameters. Then we need to make a call to javacard Applet.
             if(data.size() == 0 && !findTag(inParams, Tag::ASSOCIATED_DATA)) {
                 //Return OK, since this is not error case.
+                LOG(DEBUG) << "sendDataCallback: data size is zero";
                 return ErrorCode::OK;
             }
 
             if(ErrorCode::OK != (errorCode = encodeParametersVerified(verificationToken, asn1ParamsVerified))) {
+                LOG(ERROR) << "sendDataCallback: error in encodeParametersVerified status: "
+                           << (int32_t) errorCode;
                 return errorCode;
             }
 
@@ -1174,6 +1234,7 @@ Return JavacardKeymaster4Device::update(uint64_t halGeneratedOprHandle, co
                         outParams.setToExternal(nullptr, 0);
                         tempOut.clear();
                         errorCode = ErrorCode::UNKNOWN_ERROR;
+                        LOG(ERROR) << "sendDataCallback: INS_UPDATE_OPERATION_CMD: error while converting cbor data, status: " << (int32_t) errorCode;
                     }
                 }
             }
@@ -1185,12 +1246,15 @@ Return JavacardKeymaster4Device::update(uint64_t halGeneratedOprHandle, co
             inputConsumed = input.size();
             output = tempOut;
         }
+        LOG(DEBUG) << "Update operation status: " << (int32_t) errorCode;
         if(ErrorCode::OK != errorCode) {
+            LOG(ERROR) << "Error in update operation, status: " << (int32_t) errorCode;
             abort(halGeneratedOprHandle);
         }
     }
     if(ErrorCode::OK != errorCode) {
         /* Delete the entry from operation table. */
+        LOG(ERROR) << "Delete entry from operation table, status: " << (int32_t) errorCode;
         deleteOprHandleEntry(halGeneratedOprHandle);
     }
 
@@ -1207,14 +1271,14 @@ Return JavacardKeymaster4Device::finish(uint64_t halGeneratedOprHandle, co
 
     if (ErrorCode::OK != (errorCode = getOrigOperationHandle(halGeneratedOprHandle, operationHandle))) {
         LOG(ERROR) << " Operation handle is invalid. This could happen if invalid operation handle is passed or if"
-            << " secure element reset occurred. In case if secure element reset occured owner"
-            << "has to restart this operation again.";
+            << " secure element reset occurred.";
         _hidl_cb(errorCode, outParams, output);
         return Void();
     }
 
     if (!isStrongboxOperation(halGeneratedOprHandle)) {
         /* SW keymaster (Public key operation) */
+        LOG(DEBUG) << "FINISH - swkm operation ";
         FinishOperationRequest request;
         request.op_handle = operationHandle;
         request.input.Reinitialize(input.data(), input.size());
@@ -1224,10 +1288,13 @@ Return JavacardKeymaster4Device::finish(uint64_t halGeneratedOprHandle, co
         softKm_->FinishOperation(request, &response);
 
         errorCode = legacy_enum_conversion(response.error);
+        LOG(DEBUG) << "FINISH - swkm operation, status: " << (int32_t) errorCode;
 
         if (response.error == KM_ERROR_OK) {
             outParams = kmParamSet2Hidl(response.output_params);
             output = kmBuffer2hidlVec(response.output);
+        } else {
+            LOG(ERROR) << "Error in finish operation, status: " << (int32_t) errorCode;
         }
     } else {
         /* Strongbox Keymaster operation */
@@ -1249,6 +1316,7 @@ Return JavacardKeymaster4Device::finish(uint64_t halGeneratedOprHandle, co
             std::vector asn1ParamsVerified;
 
             if(ErrorCode::OK != (errorCode = encodeParametersVerified(verificationToken, asn1ParamsVerified))) {
+                LOG(ERROR) << "sendDataCallback: Error in encodeParametersVerified, status: " << (int32_t) errorCode;
                 return errorCode;
             }
 
@@ -1260,6 +1328,7 @@ Return JavacardKeymaster4Device::finish(uint64_t halGeneratedOprHandle, co
             array.add(operationHandle);
             if(finish) {
                 std::vector finishParams;
+                LOG(DEBUG) << "sendDataCallback: finish operation";
                 if(aadTag) {
                     for(int i = 0; i < inParams.size(); i++) {
                         if(inParams[i].tag != Tag::ASSOCIATED_DATA)
@@ -1275,6 +1344,7 @@ Return JavacardKeymaster4Device::finish(uint64_t halGeneratedOprHandle, co
                 keyParamPos = 1;
                 outputPos = 2;
             } else {
+                LOG(DEBUG) << "sendDataCallback: update operation";
                 if(findTag(inParams, Tag::ASSOCIATED_DATA)) {
                     aadTag = true;
                 }
@@ -1304,6 +1374,7 @@ Return JavacardKeymaster4Device::finish(uint64_t halGeneratedOprHandle, co
                         outParams.setToExternal(nullptr, 0);
                         tempOut.clear();
                         errorCode = ErrorCode::UNKNOWN_ERROR;
+                        LOG(ERROR) << "sendDataCallback: error while converting cbor data in operation: " << (int32_t)ins << " decodeData, status: " << (int32_t) errorCode;
                     }
                 }
             }
@@ -1314,12 +1385,14 @@ Return JavacardKeymaster4Device::finish(uint64_t halGeneratedOprHandle, co
             output = tempOut;
         }
         if (ErrorCode::OK != errorCode) {
+            LOG(ERROR) << "Error in finish operation, status: " << (int32_t) errorCode;
             abort(halGeneratedOprHandle);
         }
     }
     /* Delete the entry from operation table. */
     deleteOprHandleEntry(halGeneratedOprHandle);
     oprCtx_->clearOperationData(operationHandle);
+    LOG(DEBUG) << "finish operation, status: " << (int32_t) errorCode;
     _hidl_cb(errorCode, outParams, output);
     return Void();
 }
@@ -1339,6 +1412,7 @@ Return JavacardKeymaster4Device::abort(uint64_t halGeneratedOprHandle
     softKm_->AbortOperation(request, &response);
 
     errorCode = legacy_enum_conversion(response.error);
+    LOG(DEBUG) << "swkm abort operation, status: " << (int32_t) errorCode;
     if (response.error == KM_ERROR_INVALID_OPERATION_HANDLE) {
         cppbor::Array array;
         std::unique_ptr item;
@@ -1372,6 +1446,7 @@ Return<::android::hardware::keymaster::V4_1::ErrorCode> JavacardKeymaster4Device
     ErrorCode ret = ErrorCode::UNKNOWN_ERROR;
 
     if(ErrorCode::OK != (ret = encodeParametersVerified(verificationToken, asn1ParamsVerified))) {
+        LOG(DEBUG) << "INS_DEVICE_LOCKED_CMD: Error in encodeParametersVerified, status: " << (int32_t) errorCode;
         return errorCode;
     }
 

From 209456a3ba8596c59bd23c8da61363f6d034d624 Mon Sep 17 00:00:00 2001
From: Rajesh Nyamagoud 
Date: Tue, 4 May 2021 09:09:45 -0700
Subject: [PATCH 157/169] Added debug and error logs in hal apis.

---
 HAL/keymaster/4.1/JavacardKeymaster4Device.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp b/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp
index f82dee0b..84894570 100644
--- a/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp
+++ b/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp
@@ -283,8 +283,8 @@ static std::tuple, T> decodeData(CborConverter& cb, const
     errorCode = static_cast(get2sCompliment(tempErrCode));
 
     if (T::OK != errorCode) {
-        errorCode = translateExtendedErrorsToHalErrors(errorCode);
         LOG(ERROR) << "error in decodeData: " << (int32_t) errorCode;
+        errorCode = translateExtendedErrorsToHalErrors(errorCode);
     }
     LOG(DEBUG) << "decodeData status: " << (int32_t) errorCode;
     return {std::move(item), errorCode};

From d56df369957a593e79560df4f648b12006ae75f4 Mon Sep 17 00:00:00 2001
From: Rajesh Nyamagoud 
Date: Tue, 4 May 2021 09:09:45 -0700
Subject: [PATCH 158/169] Added debug and error logs in hal apis.

---
 HAL/keymaster/4.1/JavacardKeymaster4Device.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp b/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp
index 84894570..67f8f527 100644
--- a/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp
+++ b/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp
@@ -727,7 +727,7 @@ Return JavacardKeymaster4Device::importKey(const hidl_vec& k
     cppbor::Array subArray;
 
     if(keyFormat != KeyFormat::PKCS8 && keyFormat != KeyFormat::RAW) {
-        LOG(DEBUG) << "INS_IMPORT_KEY_CMD unsupported key format " << (int32_t)keyFormat;
+        LOG(ERROR) << "INS_IMPORT_KEY_CMD unsupported key format " << (int32_t)keyFormat;
         _hidl_cb(ErrorCode::UNSUPPORTED_KEY_FORMAT, keyBlob, keyCharacteristics);
         return Void();
     }
@@ -1130,7 +1130,7 @@ Return JavacardKeymaster4Device::begin(KeyPurpose purpose, const hidl_vec<
                 }
             }
         } else {
-            LOG(ERROR) << "INS_BEGIN_OPERATION_CMD couldn't find tag: " << (int32_t)Tag::ALGORITHM;
+            LOG(ERROR) << "INS_BEGIN_OPERATION_CMD couldn't find algorithm tag: " << (int32_t)Tag::ALGORITHM;
         }
     } else {
         LOG(ERROR) << "INS_BEGIN_OPERATION_CMD error in getKeyCharacteristics status: " << (int32_t) errorCode;

From 832a986d54896b657a114fe60c38520cf3f209ba Mon Sep 17 00:00:00 2001
From: bvenkatswarlu 
Date: Fri, 25 Jun 2021 21:34:37 +0530
Subject: [PATCH 159/169] Fix for attestation failures in VTS.

---
 .../keymaster/KMAttestationCertImpl.java      | 17 ++++----
 .../keymaster/KMAttestationCertImpl.java      | 17 ++++----
 .../javacard/keymaster/KMKeymasterApplet.java | 39 +++++++++++++++++--
 3 files changed, 56 insertions(+), 17 deletions(-)

diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java
index 1e3eae79..9eb24246 100644
--- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java
+++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java
@@ -463,13 +463,16 @@ private static void pushHWParams() {
     short[] tagIds = {
         KMType.BOOT_PATCH_LEVEL, KMType.VENDOR_PATCH_LEVEL,
         KMType.OS_PATCH_LEVEL, KMType.OS_VERSION, KMType.ROOT_OF_TRUST,
-        KMType.ORIGIN, KMType.APPLICATION_ID,
-        KMType.TRUSTED_CONFIRMATION_REQUIRED,
-        KMType.TRUSTED_USER_PRESENCE_REQUIRED, KMType.ALLOW_WHILE_ON_BODY,
-        KMType.AUTH_TIMEOUT, KMType.USER_AUTH_TYPE, KMType.NO_AUTH_REQUIRED,
-        KMType.ROLLBACK_RESISTANCE, KMType.RSA_PUBLIC_EXPONENT,
-        KMType.ECCURVE, KMType.PADDING, KMType.DIGEST, KMType.KEYSIZE,
-        KMType.ALGORITHM, KMType.PURPOSE};
+        KMType.ORIGIN, KMType.AUTH_TIMEOUT, KMType.USER_AUTH_TYPE,
+        KMType.NO_AUTH_REQUIRED, KMType.ROLLBACK_RESISTANCE,
+        KMType.RSA_PUBLIC_EXPONENT, KMType.ECCURVE, KMType.PADDING,
+        KMType.DIGEST, KMType.KEYSIZE, KMType.ALGORITHM, KMType.PURPOSE,
+        KMType.BLOCK_MODE, KMType.CALLER_NONCE, KMType.MIN_MAC_LENGTH,
+        KMType.USER_SECURE_ID, KMType.ATTESTATION_ID_BRAND,
+        KMType.ATTESTATION_ID_DEVICE, KMType.ATTESTATION_ID_IMEI,
+        KMType.ATTESTATION_ID_MANUFACTURER, KMType.ATTESTATION_ID_MEID,
+        KMType.ATTESTATION_ID_MODEL, KMType.ATTESTATION_ID_PRODUCT,
+        KMType.ATTESTATION_ID_SERIAL};
 
     byte index = 0;
     do {
diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java
index 37e67d1c..ca8f86b8 100644
--- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java
+++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java
@@ -457,13 +457,16 @@ private static void pushHWParams() {
     short[] tagIds = {
         KMType.BOOT_PATCH_LEVEL, KMType.VENDOR_PATCH_LEVEL,
         KMType.OS_PATCH_LEVEL, KMType.OS_VERSION, KMType.ROOT_OF_TRUST,
-        KMType.ORIGIN, KMType.APPLICATION_ID,
-        KMType.TRUSTED_CONFIRMATION_REQUIRED,
-        KMType.TRUSTED_USER_PRESENCE_REQUIRED, KMType.ALLOW_WHILE_ON_BODY,
-        KMType.AUTH_TIMEOUT, KMType.USER_AUTH_TYPE, KMType.NO_AUTH_REQUIRED,
-        KMType.ROLLBACK_RESISTANCE, KMType.RSA_PUBLIC_EXPONENT,
-        KMType.ECCURVE, KMType.PADDING, KMType.DIGEST, KMType.KEYSIZE,
-        KMType.ALGORITHM, KMType.PURPOSE};
+        KMType.ORIGIN, KMType.AUTH_TIMEOUT, KMType.USER_AUTH_TYPE,
+        KMType.NO_AUTH_REQUIRED, KMType.ROLLBACK_RESISTANCE,
+        KMType.RSA_PUBLIC_EXPONENT, KMType.ECCURVE, KMType.PADDING,
+        KMType.DIGEST, KMType.KEYSIZE, KMType.ALGORITHM, KMType.PURPOSE,
+        KMType.BLOCK_MODE, KMType.CALLER_NONCE, KMType.MIN_MAC_LENGTH,
+        KMType.USER_SECURE_ID, KMType.ATTESTATION_ID_BRAND,
+        KMType.ATTESTATION_ID_DEVICE, KMType.ATTESTATION_ID_IMEI,
+        KMType.ATTESTATION_ID_MANUFACTURER, KMType.ATTESTATION_ID_MEID,
+        KMType.ATTESTATION_ID_MODEL, KMType.ATTESTATION_ID_PRODUCT,
+        KMType.ATTESTATION_ID_SERIAL};
 
     byte index = 0;
     do {
diff --git a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
index 6566dd55..101ae9f9 100644
--- a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
+++ b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
@@ -1512,6 +1512,19 @@ private void processAttestKeyCmd(APDU apdu) {
     sendOutgoing(apdu);
   }
 
+  private boolean isEmpty(byte[] buf, short offset, short len) {
+    boolean empty = true;
+    short index = 0;
+    while (index < len) {
+      if (buf[index] != 0) {
+        empty = false;
+        break;
+      }
+      index++;
+    }
+    return empty;
+  }
+
   // --------------------------------
   private void addAttestationIds(KMAttestationCert cert) {
     final short[] attTags =
@@ -1527,10 +1540,30 @@ private void addAttestationIds(KMAttestationCert cert) {
         };
     byte index = 0;
     short attIdTag;
+    short attIdTagValue;
+    short storedAttId;
     while (index < (short) attTags.length) {
-      attIdTag = repository.getAttId(mapToAttId(attTags[index]));
-      if (attIdTag != 0) {
-        attIdTag = KMByteTag.instance(attTags[index], attIdTag);
+      attIdTag = KMKeyParameters.findTag(KMType.BYTES_TAG, attTags[index], data[KEY_PARAMETERS]);
+      if (attIdTag != KMType.INVALID_VALUE) {
+        attIdTagValue = KMByteTag.cast(attIdTag).getValue();
+        storedAttId = repository.getAttId(mapToAttId(attTags[index]));
+        // Return CANNOT_ATTEST_IDS if Attestation IDs are not provisioned or
+        // Attestation IDs are deleted.
+        if (storedAttId == 0 ||
+            isEmpty(KMByteBlob.cast(storedAttId).getBuffer(),
+                    KMByteBlob.cast(storedAttId).getStartOff(),
+                    KMByteBlob.cast(storedAttId).length())) {
+          KMException.throwIt(KMError.CANNOT_ATTEST_IDS);
+        }
+        // Return INVALID_TAG if Attestation IDs does not match.
+        if ((KMByteBlob.cast(storedAttId).length() != KMByteBlob.cast(attIdTagValue).length()) ||
+            (0 != Util.arrayCompare(KMByteBlob.cast(storedAttId).getBuffer(),
+                                    KMByteBlob.cast(storedAttId).getStartOff(),
+                                    KMByteBlob.cast(attIdTagValue).getBuffer(),
+                                    KMByteBlob.cast(attIdTagValue).getStartOff(),
+                                    KMByteBlob.cast(storedAttId).length()))) {
+          KMException.throwIt(KMError.INVALID_TAG);
+        }
         cert.extensionTag(attIdTag, true);
       }
       index++;

From b1a912c2ac5549da35994bffbdc6d7d63b388ce7 Mon Sep 17 00:00:00 2001
From: bvenkatswarlu 
Date: Sat, 26 Jun 2021 22:18:53 +0530
Subject: [PATCH 160/169] Fix for attestation failures in VTS.

---
 .../keymaster/KMAttestationCertImpl.java        | 17 ++++++++---------
 .../keymaster/KMAttestationCertImpl.java        | 17 ++++++++---------
 .../javacard/keymaster/KMKeymasterApplet.java   |  5 +++--
 3 files changed, 19 insertions(+), 20 deletions(-)

diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java
index 9eb24246..0aed6458 100644
--- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java
+++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java
@@ -462,17 +462,16 @@ private static void pushHWParams() {
     // Below are the allowed hardwareEnforced Authorization tags inside the attestation certificate's extension.
     short[] tagIds = {
         KMType.BOOT_PATCH_LEVEL, KMType.VENDOR_PATCH_LEVEL,
+        KMType.ATTESTATION_ID_MODEL, KMType.ATTESTATION_ID_MANUFACTURER,
+        KMType.ATTESTATION_ID_MEID, KMType.ATTESTATION_ID_IMEI,
+        KMType.ATTESTATION_ID_SERIAL, KMType.ATTESTATION_ID_PRODUCT,
+        KMType.ATTESTATION_ID_DEVICE, KMType.ATTESTATION_ID_BRAND,
         KMType.OS_PATCH_LEVEL, KMType.OS_VERSION, KMType.ROOT_OF_TRUST,
         KMType.ORIGIN, KMType.AUTH_TIMEOUT, KMType.USER_AUTH_TYPE,
-        KMType.NO_AUTH_REQUIRED, KMType.ROLLBACK_RESISTANCE,
-        KMType.RSA_PUBLIC_EXPONENT, KMType.ECCURVE, KMType.PADDING,
-        KMType.DIGEST, KMType.KEYSIZE, KMType.ALGORITHM, KMType.PURPOSE,
-        KMType.BLOCK_MODE, KMType.CALLER_NONCE, KMType.MIN_MAC_LENGTH,
-        KMType.USER_SECURE_ID, KMType.ATTESTATION_ID_BRAND,
-        KMType.ATTESTATION_ID_DEVICE, KMType.ATTESTATION_ID_IMEI,
-        KMType.ATTESTATION_ID_MANUFACTURER, KMType.ATTESTATION_ID_MEID,
-        KMType.ATTESTATION_ID_MODEL, KMType.ATTESTATION_ID_PRODUCT,
-        KMType.ATTESTATION_ID_SERIAL};
+        KMType.NO_AUTH_REQUIRED, KMType.USER_SECURE_ID, KMType.ROLLBACK_RESISTANCE,
+        KMType.RSA_PUBLIC_EXPONENT, KMType.ECCURVE, KMType.MIN_MAC_LENGTH,
+        KMType.CALLER_NONCE, KMType.PADDING, KMType.DIGEST, KMType.BLOCK_MODE,
+        KMType.KEYSIZE, KMType.ALGORITHM, KMType.PURPOSE};
 
     byte index = 0;
     do {
diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java
index ca8f86b8..a1ddbd27 100644
--- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java
+++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java
@@ -456,17 +456,16 @@ private static void pushHWParams() {
     // Below are the allowed hardwareEnforced Authorization tags inside the attestation certificate's extension.
     short[] tagIds = {
         KMType.BOOT_PATCH_LEVEL, KMType.VENDOR_PATCH_LEVEL,
+        KMType.ATTESTATION_ID_MODEL, KMType.ATTESTATION_ID_MANUFACTURER,
+        KMType.ATTESTATION_ID_MEID, KMType.ATTESTATION_ID_IMEI,
+        KMType.ATTESTATION_ID_SERIAL, KMType.ATTESTATION_ID_PRODUCT,
+        KMType.ATTESTATION_ID_DEVICE, KMType.ATTESTATION_ID_BRAND,
         KMType.OS_PATCH_LEVEL, KMType.OS_VERSION, KMType.ROOT_OF_TRUST,
         KMType.ORIGIN, KMType.AUTH_TIMEOUT, KMType.USER_AUTH_TYPE,
-        KMType.NO_AUTH_REQUIRED, KMType.ROLLBACK_RESISTANCE,
-        KMType.RSA_PUBLIC_EXPONENT, KMType.ECCURVE, KMType.PADDING,
-        KMType.DIGEST, KMType.KEYSIZE, KMType.ALGORITHM, KMType.PURPOSE,
-        KMType.BLOCK_MODE, KMType.CALLER_NONCE, KMType.MIN_MAC_LENGTH,
-        KMType.USER_SECURE_ID, KMType.ATTESTATION_ID_BRAND,
-        KMType.ATTESTATION_ID_DEVICE, KMType.ATTESTATION_ID_IMEI,
-        KMType.ATTESTATION_ID_MANUFACTURER, KMType.ATTESTATION_ID_MEID,
-        KMType.ATTESTATION_ID_MODEL, KMType.ATTESTATION_ID_PRODUCT,
-        KMType.ATTESTATION_ID_SERIAL};
+        KMType.NO_AUTH_REQUIRED, KMType.USER_SECURE_ID, KMType.ROLLBACK_RESISTANCE,
+        KMType.RSA_PUBLIC_EXPONENT, KMType.ECCURVE, KMType.MIN_MAC_LENGTH,
+        KMType.CALLER_NONCE, KMType.PADDING, KMType.DIGEST, KMType.BLOCK_MODE,
+        KMType.KEYSIZE, KMType.ALGORITHM, KMType.PURPOSE};
 
     byte index = 0;
     do {
diff --git a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
index 101ae9f9..1051cc0d 100644
--- a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
+++ b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
@@ -1442,6 +1442,8 @@ private void processAttestKeyCmd(APDU apdu) {
       rsaCert = false;
     }
     KMAttestationCert cert = seProvider.getAttestationCert(rsaCert);
+    // Validate and add attestation ids.
+    validateAndaddAttestationIds(cert);
     // Save attestation application id - must be present.
     tmpVariables[0] =
         KMKeyParameters.findTag(
@@ -1485,7 +1487,6 @@ private void processAttestKeyCmd(APDU apdu) {
         KMKeyParameters.findTag(KMType.DATE_TAG, KMType.USAGE_EXPIRE_DATETIME, data[SW_PARAMETERS]);
     cert.notAfter(tmpVariables[2], repository.getCertExpiryTime(), scratchPad, (short) 0);
 
-    addAttestationIds(cert);
     addTags(KMKeyCharacteristics.cast(data[KEY_CHARACTERISTICS]).getHardwareEnforced(), true, cert);
     addTags(
         KMKeyCharacteristics.cast(data[KEY_CHARACTERISTICS]).getSoftwareEnforced(), false, cert);
@@ -1526,7 +1527,7 @@ private boolean isEmpty(byte[] buf, short offset, short len) {
   }
 
   // --------------------------------
-  private void addAttestationIds(KMAttestationCert cert) {
+  private void validateAndaddAttestationIds(KMAttestationCert cert) {
     final short[] attTags =
         new short[]{
             KMType.ATTESTATION_ID_BRAND,

From 7d7259b11a91e73654f389b78b8e41d84a661a96 Mon Sep 17 00:00:00 2001
From: bvenkateswarlu 
Date: Sat, 26 Jun 2021 18:29:23 +0100
Subject: [PATCH 161/169] Updated the README and sample json files

---
 ProvisioningTool/README.md                    | 11 ++++----
 ProvisioningTool/sample_json_cf.txt           | 26 +++++++++++++++++++
 .../{sample_json.txt => sample_json_gf.txt}   | 18 ++++++-------
 3 files changed, 41 insertions(+), 14 deletions(-)
 create mode 100644 ProvisioningTool/sample_json_cf.txt
 rename ProvisioningTool/{sample_json.txt => sample_json_gf.txt} (71%)

diff --git a/ProvisioningTool/README.md b/ProvisioningTool/README.md
index 0eeb4f8d..bb24c82a 100644
--- a/ProvisioningTool/README.md
+++ b/ProvisioningTool/README.md
@@ -9,11 +9,12 @@ This tool can be built along with aosp build. It has dependency on
 [libjc_provision](Android.bp).
 
 #### Sample resources for quick testing
-A sample json file is located in this directory with name [sample_json.txt](sample_json.txt)
-for your reference. Also the required certificates and keys can be found
-in [test_resources](test_resources) directory. Copy the certificates and the key into the 
-emulator/device filesystem in their respective paths mentioned in the 
-sample_json.txt.
+Two sample json files are located in this directory with names sample_json_cf.txt
+and sample_json_gf.txt for your reference. Use sample_json_cf.txt for cuttlefish
+target and use sample_json_gf.txt for goldfish target. Also the required certificates
+and keys can be found in [test_resources](test_resources) directory. Copy the
+certificates and the key into the emulator/device filesystem in their respective
+paths mentioned in the sample json file.
 
 #### Usage
 
diff --git a/ProvisioningTool/sample_json_cf.txt b/ProvisioningTool/sample_json_cf.txt
new file mode 100644
index 00000000..5a28a4b3
--- /dev/null
+++ b/ProvisioningTool/sample_json_cf.txt
@@ -0,0 +1,26 @@
+{
+   "attest_ids": {
+      "brand": "generic",
+      "device": "vsoc_x86_64",
+      "product": "aosp_cf_x86_64_phone",
+      "serial": "",
+      "imei": "000000000000000",
+      "meid": "000000000000000",
+      "manufacturer": "Google",
+      "model": "Cuttlefish x86_64 phone"
+   },
+   "shared_secret": "0000000000000000000000000000000000000000000000000000000000000000",
+   "set_boot_params": {
+      "boot_patch_level": 0,
+      "verified_boot_key": "0000000000000000000000000000000000000000000000000000000000000000",
+      "verified_boot_key_hash": "0000000000000000000000000000000000000000000000000000000000000000",
+      "boot_state": 2,
+      "device_locked": 0
+   },
+   "attest_key": "/data/vendor/batch_key.der",
+   "attest_cert_chain": [
+   "/data/vendor/batch_cert.der",
+   "/data/vendor/intermediate_cert.der",
+   "/data/vendor/ca_cert.der"
+   ]
+}
\ No newline at end of file
diff --git a/ProvisioningTool/sample_json.txt b/ProvisioningTool/sample_json_gf.txt
similarity index 71%
rename from ProvisioningTool/sample_json.txt
rename to ProvisioningTool/sample_json_gf.txt
index 7885b2aa..41c9a708 100644
--- a/ProvisioningTool/sample_json.txt
+++ b/ProvisioningTool/sample_json_gf.txt
@@ -1,13 +1,13 @@
 {
    "attest_ids": {
-      "brand": "Google",
-      "device": "Pixel 3A",
-      "product": "Pixel",
-      "serial": "UGYJFDjFeRuBEH",
-      "imei": "987080543071019",
-      "meid": "27863510227963",
-      "manufacturer": "Foxconn",
-      "model": "HD1121"
+      "brand": "Android",
+      "device": "generic_x86_64",
+      "product": "aosp_x86_64",
+      "serial": "",
+      "imei": "000000000000000",
+      "meid": "000000000000000",
+      "manufacturer": "unknown",
+      "model": "AOSP on x86_64"
    },
    "shared_secret": "0000000000000000000000000000000000000000000000000000000000000000",
    "set_boot_params": {
@@ -23,4 +23,4 @@
    "/data/vendor/intermediate_cert.der",
    "/data/vendor/ca_cert.der"
    ]
-}
+}
\ No newline at end of file

From 5c400a4d4c1f56efc9e6c6f49bfa3be1ec9fd37a Mon Sep 17 00:00:00 2001
From: BKSSMVenkateswarlu
 <40534495+BKSSMVenkateswarlu@users.noreply.github.com>
Date: Sat, 26 Jun 2021 18:33:27 +0100
Subject: [PATCH 162/169] Update README.md

---
 ProvisioningTool/README.md | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/ProvisioningTool/README.md b/ProvisioningTool/README.md
index bb24c82a..9d65e5d1 100644
--- a/ProvisioningTool/README.md
+++ b/ProvisioningTool/README.md
@@ -9,10 +9,11 @@ This tool can be built along with aosp build. It has dependency on
 [libjc_provision](Android.bp).
 
 #### Sample resources for quick testing
-Two sample json files are located in this directory with names sample_json_cf.txt
-and sample_json_gf.txt for your reference. Use sample_json_cf.txt for cuttlefish
-target and use sample_json_gf.txt for goldfish target. Also the required certificates
-and keys can be found in [test_resources](test_resources) directory. Copy the
+Two sample json files are located in this directory with names
+[sample_json_cf.txt](sample_json_cf.txt) and and [sample_json_gf.txt](sample_json_gf.txt)
+for your reference. Use sample_json_cf.txt for cuttlefish target and use
+sample_json_gf.txt for goldfish target. Also the required certificates and
+keys can be found in [test_resources](test_resources) directory. Copy the
 certificates and the key into the emulator/device filesystem in their respective
 paths mentioned in the sample json file.
 

From 5d88ba31678f42ba9708ad63c3b865bcc2793737 Mon Sep 17 00:00:00 2001
From: bvenkatswarlu 
Date: Sun, 27 Jun 2021 01:17:05 +0530
Subject: [PATCH 163/169] added comments

---
 .../android/javacard/keymaster/KMKeymasterApplet.java    | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
index 1051cc0d..0949177f 100644
--- a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
+++ b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
@@ -1443,7 +1443,7 @@ private void processAttestKeyCmd(APDU apdu) {
     }
     KMAttestationCert cert = seProvider.getAttestationCert(rsaCert);
     // Validate and add attestation ids.
-    validateAndaddAttestationIds(cert);
+    addAttestationIds(cert);
     // Save attestation application id - must be present.
     tmpVariables[0] =
         KMKeyParameters.findTag(
@@ -1527,7 +1527,12 @@ private boolean isEmpty(byte[] buf, short offset, short len) {
   }
 
   // --------------------------------
-  private void validateAndaddAttestationIds(KMAttestationCert cert) {
+  // Only add the Attestation ids which are requested in the attestation parameters.
+  // If the requested attestation ids are not provisioned or deleted then
+  // throw CANNOT_ATTEST_IDS error. If there is mismatch in the attestation
+  // id values of both the requested parameters and the provisioned parameters
+  // then throw INVALID_TAG error.
+  private void addAttestationIds(KMAttestationCert cert) {
     final short[] attTags =
         new short[]{
             KMType.ATTESTATION_ID_BRAND,

From 0c0358d8454ce81b1d8405b355e26c956fbc3657 Mon Sep 17 00:00:00 2001
From: bvenkatswarlu 
Date: Sun, 27 Jun 2021 01:50:55 +0530
Subject: [PATCH 164/169] Changed the version of keymaster in attestation

---
 .../com/android/javacard/keymaster/KMAttestationCertImpl.java | 4 ++--
 .../com/android/javacard/keymaster/KMAttestationCertImpl.java | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java
index 0aed6458..9558041b 100644
--- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java
+++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java
@@ -84,8 +84,8 @@ public class KMAttestationCertImpl implements KMAttestationCert {
   private static final byte keyUsageKeyEncipher = (byte) 0x20; // 2nd- bit
   private static final byte keyUsageDataEncipher = (byte) 0x10; // 3rd- bit
 
-  private static final byte KEYMASTER_VERSION = 4;
-  private static final byte ATTESTATION_VERSION = 3;
+  private static final byte KEYMASTER_VERSION = 41;
+  private static final byte ATTESTATION_VERSION = 4;
   private static final byte[] pubExponent = {0x01, 0x00, 0x01};
   private static final byte SERIAL_NUM = (byte) 0x01;
   private static final byte X509_VERSION = (byte) 0x02;
diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java
index a1ddbd27..3bc941d4 100644
--- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java
+++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java
@@ -78,8 +78,8 @@ public class KMAttestationCertImpl implements KMAttestationCert {
   private static final byte keyUsageKeyEncipher = (byte) 0x20; // 2nd- bit
   private static final byte keyUsageDataEncipher = (byte) 0x10; // 3rd- bit
 
-  private static final byte KEYMASTER_VERSION = 4;
-  private static final byte ATTESTATION_VERSION = 3;
+  private static final byte KEYMASTER_VERSION = 41;
+  private static final byte ATTESTATION_VERSION = 4;
   private static final byte[] pubExponent = {0x01, 0x00, 0x01};
   private static final byte SERIAL_NUM = (byte) 0x01;
   private static final byte X509_VERSION = (byte) 0x02;

From ac7f3ecbcdf16971ab44aa94b0948e8dce5f01e1 Mon Sep 17 00:00:00 2001
From: BKSSM Venkateswarlu
 
Date: Tue, 29 Jun 2021 20:37:33 +0100
Subject: [PATCH 165/169] 1. Removed rollback_resistance from attest tags 2.
 updated device_locked in sample json test file.

---
 .../com/android/javacard/keymaster/KMAttestationCertImpl.java | 2 +-
 .../com/android/javacard/keymaster/KMAttestationCertImpl.java | 2 +-
 ProvisioningTool/sample_json_cf.txt                           | 4 ++--
 ProvisioningTool/sample_json_gf.txt                           | 4 ++--
 4 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java
index 9558041b..8abbd04e 100644
--- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java
+++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java
@@ -468,7 +468,7 @@ private static void pushHWParams() {
         KMType.ATTESTATION_ID_DEVICE, KMType.ATTESTATION_ID_BRAND,
         KMType.OS_PATCH_LEVEL, KMType.OS_VERSION, KMType.ROOT_OF_TRUST,
         KMType.ORIGIN, KMType.AUTH_TIMEOUT, KMType.USER_AUTH_TYPE,
-        KMType.NO_AUTH_REQUIRED, KMType.USER_SECURE_ID, KMType.ROLLBACK_RESISTANCE,
+        KMType.NO_AUTH_REQUIRED, KMType.USER_SECURE_ID,
         KMType.RSA_PUBLIC_EXPONENT, KMType.ECCURVE, KMType.MIN_MAC_LENGTH,
         KMType.CALLER_NONCE, KMType.PADDING, KMType.DIGEST, KMType.BLOCK_MODE,
         KMType.KEYSIZE, KMType.ALGORITHM, KMType.PURPOSE};
diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java
index 3bc941d4..1f242f38 100644
--- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java
+++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java
@@ -462,7 +462,7 @@ private static void pushHWParams() {
         KMType.ATTESTATION_ID_DEVICE, KMType.ATTESTATION_ID_BRAND,
         KMType.OS_PATCH_LEVEL, KMType.OS_VERSION, KMType.ROOT_OF_TRUST,
         KMType.ORIGIN, KMType.AUTH_TIMEOUT, KMType.USER_AUTH_TYPE,
-        KMType.NO_AUTH_REQUIRED, KMType.USER_SECURE_ID, KMType.ROLLBACK_RESISTANCE,
+        KMType.NO_AUTH_REQUIRED, KMType.USER_SECURE_ID,
         KMType.RSA_PUBLIC_EXPONENT, KMType.ECCURVE, KMType.MIN_MAC_LENGTH,
         KMType.CALLER_NONCE, KMType.PADDING, KMType.DIGEST, KMType.BLOCK_MODE,
         KMType.KEYSIZE, KMType.ALGORITHM, KMType.PURPOSE};
diff --git a/ProvisioningTool/sample_json_cf.txt b/ProvisioningTool/sample_json_cf.txt
index 5a28a4b3..fd79e227 100644
--- a/ProvisioningTool/sample_json_cf.txt
+++ b/ProvisioningTool/sample_json_cf.txt
@@ -15,7 +15,7 @@
       "verified_boot_key": "0000000000000000000000000000000000000000000000000000000000000000",
       "verified_boot_key_hash": "0000000000000000000000000000000000000000000000000000000000000000",
       "boot_state": 2,
-      "device_locked": 0
+      "device_locked": 1
    },
    "attest_key": "/data/vendor/batch_key.der",
    "attest_cert_chain": [
@@ -23,4 +23,4 @@
    "/data/vendor/intermediate_cert.der",
    "/data/vendor/ca_cert.der"
    ]
-}
\ No newline at end of file
+}
diff --git a/ProvisioningTool/sample_json_gf.txt b/ProvisioningTool/sample_json_gf.txt
index 41c9a708..7825e693 100644
--- a/ProvisioningTool/sample_json_gf.txt
+++ b/ProvisioningTool/sample_json_gf.txt
@@ -15,7 +15,7 @@
       "verified_boot_key": "0000000000000000000000000000000000000000000000000000000000000000",
       "verified_boot_key_hash": "0000000000000000000000000000000000000000000000000000000000000000",
       "boot_state": 2,
-      "device_locked": 0
+      "device_locked": 1
    },
    "attest_key": "/data/vendor/batch_key.der",
    "attest_cert_chain": [
@@ -23,4 +23,4 @@
    "/data/vendor/intermediate_cert.der",
    "/data/vendor/ca_cert.der"
    ]
-}
\ No newline at end of file
+}

From dc4cd434729ca20cd87e21d9521f75fc15f1b1a4 Mon Sep 17 00:00:00 2001
From: BKSSM Venkateswarlu
 
Date: Tue, 6 Jul 2021 21:06:03 +0100
Subject: [PATCH 166/169] Fixed issue inside isEmpty function

---
 Applet/AndroidSEProvider/lib/gpapi-upgrade.jar  | Bin 0 -> 12638 bytes
 Applet/JCardSimProvider/lib/gpapi-upgrade.jar   | Bin 0 -> 12638 bytes
 .../javacard/keymaster/KMKeymasterApplet.java   |   2 +-
 3 files changed, 1 insertion(+), 1 deletion(-)
 create mode 100644 Applet/AndroidSEProvider/lib/gpapi-upgrade.jar
 create mode 100644 Applet/JCardSimProvider/lib/gpapi-upgrade.jar

diff --git a/Applet/AndroidSEProvider/lib/gpapi-upgrade.jar b/Applet/AndroidSEProvider/lib/gpapi-upgrade.jar
new file mode 100644
index 0000000000000000000000000000000000000000..e4814bde4b6b21982103c55f9b1a3a4a58f0b807
GIT binary patch
literal 12638
zcmbul1yEi~w=IghySuwPgy8P(?(XjHF2UV`gkZtl-Q6KTa3|P<{mahIIXCxKy-7hW
zinRvon>~B>izz?0X><$9HtpU3AhEfMm-{hYJV5zg}VnH-}a5?OzDJ
zeZRj16ac{6i+L*l^Aljd{nggNl-|_J)Ys
zA%jv|s@$PcJ>vU-=zypxIr)I79gt(CMRqYETXUFxgZHlPZdORPeTeAd3ak!pNs7$
zDsU3PfnzxpG(K@0n3_<~R*^JWQ&-Asd;ug~h*%8s?6!<ulJT_AFDwM;coA!sJVdE!jlhf
z3Vp9$(%m-{W3W{3Oq>@qRU+0OlYx|sXGdt$V#n|)eGaB7O@?@rhz24mLrnK8rjJ<7
zby1W0Xz|GyaU-XEKg_cXO5ej}###IG&!R*>rDqbNdC}zDx>##9AcZAuOrh318><7Z
zQouxNYyD^!JZe^Whz>BcyK9C^{HPABl-^`2iQ)pH1|i*bE%1<4L)R-vXQ4U~;#YoL
z=_Lv(6@Z9RvC^
zgUUJs5>8=Lv`?0$!%I3|1BSdF%9~xHtX^Uf8mG9MZs@Ll
zG7eI#xJy%$AS5E^$M)MVPcT#5@*ClHDS$
zv_TZ015iVNiIWnw^b|@h;l7P&BJd1M9r6OF>nFFkQ?iQnwM_$677`gRiUq7%l8c}y
z21=PfqV*aPOLs{?6#45Z9IV|n=~Q}!6Z(!nLH-XeKhTP`3HR~a(IEo11Z=lD>gmAh
zK(SCAdK;gN_D6lTmMoohe4ker&ae|*I-gH%>Ud81{czplOzZBi;d}_krq#L{y350v
zPo-aoN?NbHv7416#xs-;g@-@6v>6(Qo3H+Kx0DL@UC(URq&AO9<&n>LmWa_=X^jFN520gYRTy@W(MBwmQbqNs3AY-Mb1Y~%D7Q5LC4
z+wQRaMU-jz;42>qvNYq-s2XY(U)y`&%}JLvz$*b)
zkVxCv@oi1i7+;3jAQY?f=ZU
zS<`5{Q&$9%s%xn1LW>@t@>xpfqljzr<2>bUI>i{8DhdrGP@)AD28)IjgGC^{3S9jc
zmIrYMk9Bv!(&iJOO&CJk7&P^aNBBXOYZ44=Kiklx^gN=V)w4?;wBthM%?Am&nB9i-
zN+{JW5`7$pDc}z6-K(NH=Wn@J!Kf`NUeNClUXEK(Cge~TzO6RzLZ;e;rHANfY%*Mz
zRZ$+C?VO$SR|m5+tF%79()dOp&ycf}(dMk2uKZ3LYPEZKyc>3uWJbLc^01A;k_iLcI2qM
z@~ramR`TfxBrKk74}O=5L+@4-6>!FRNHk-S=Ql*DKt*q??<8_{W{PM~EqvmXgo{Lu
zl=fv5C+Iz|Sg^qA_0ai|BZ!)f{Ky;Rk>#2YaUF9u>p6JHe>STofbp~ZZfTg%u)$W0
zo`bHeD5*c#CL}P8lR7~
z7x-cy?Gdq}x^2okGmZL(O{RYI+RR2viTI&CObn#XfxCS#pIj{7@w~`
z3^5^cAZ4fNdEWVj>6YaB@WFm=t!W3!z2b1Ww(EFd!}rnHWNDNEu&A!o_A+^~-vED6
z;SqgzFA`3s-Y+jZd*bl0W9XoYqIn0C^RqabNi2r3NQ=@yoKqZ9T^lk|g?Z@7rIU)4
zRZfY>WOv_pLU1>n+}Fw*;ut^ta~^0fp0=%NI1^oLZDl7@Rc@_wg1Wo~;AIBXg7~u;
z*wvE@;rc~xM&^~($TQ(P!RZDJksnnC5mWn3t%;>{-pT5_ACqsAS8z3n55a^b>Gds!
zH~#AA^0%*IP~PY!73NpEDg2FY$p1_?zY@)fhV@%VhV+6*@Txxrgg%6@OU57B($9Fr
z0e6&N7R}LDbXTMnPaTe)Fmg&)SsMKMI5tA}jf7O#-a%TsmmeWRYkYK^`D*kyE?H`Q
zFc@i>rZ`e-!boRtdaRzZ*twp8Njdgxqs8~^d~@@K*PcK|=%kj%(K0?+CjFaKQfZ|`
z@Ju(R`tmm>1EalqB%3k`{Uqn*Qbw9anUor?WEm)4a&vK5SLi&`SLN`pM3vGibU`S|
z?8BM_pKIA>_O460`oFi5W|at=1k-4;dcZk6MUbS<%LuV4E4GIDhNllZf8%$SN#tQ@
zoXVK(FP+}AR11-8#XVGNRjT<23Pp3;Wa>*aqQLDI0+Nrc5N`r@>QBIFzzF22m9K|x^5S`IEQlt^ztG8aybO0wW#v=EmVhZ>4X>5oE+(zs%1$D{b
z5CltgkbRv;IY33d3c3^g35^A|E^5#=9hqADd)X##gak0jS1r&x_gqa~3{u=qcs-m0JeVYrBtdl=raw>35au(@L>8K?JTxQYRqL^vexsTs
zv@R8h>%LxNVON+czj8dx$*{#H~frD8+}T(F-$
ztSA}#6V=OjH2*|lpOcHm2=cTLlH=75=QE8F)wpDyemG!b21FOO#d
zmg$(qcVLHUEcwB517-qMjXSr{1TnW_VmL`IZg_O90k
zVCzh&Us74=Wc2k)HQmGZ*f%w)Mz0O3W7ECVpf_gGyAL~=IJ10>WaykHhQTn9xL{MGC(YGN(H&L?P%c-n1&L(1O4DVwhWIIrap-ktK
zt|(dXZ0jslRtjYMNM`b#N`0sy+UzbieXY67@*W=W{s)t};
zth!;HTdL8z*(-`iockO;k^p5uK{Y{amO7e~Wl4$9W)2iwz}hB3hImVYf-jugv{i@T
z74?H)LxRO8z~g&9|GX&`)pjX4$ii5jjG8u7PcMfeN?NXk99tgv08
zGizp;-2|sd_La{z3?IRd!FR2$UGFm1puw}&S<{Mf>b3EqfrEDk*YRjQfFj-bWP*s@
z5SuIN3E|Nj!*QL>fgnBqk&;PiUotll>l3yRh^AAHZkk=$C)1)cb3ssZ33O)jKzuZ5
zNmRIPkeaN?cxoa256P4@-|TO-S@@-q$_5Ds;$sPABc;>vNMZAJ`8gJwHv`w{p!>w6
z(G}@61vKQ>OLq%Q0gS&#P7U@94$_)(UTGj}R)9rm
zP!MMe<;w(sN*`p!i^*uFV0b9a%Zt7)gYke%qWvbtnv%cpptZitL;*#JnNi4&shE-2gyDNj%yjl}DXnc^bY?9hexKG#Dv*W#G95|aXZ)8Geq$NRd#I53i
zJS;cQI>p|w9+$C+mdlNT6Q|Q{jwwlt(@KDXU|KAX0)e>EQQt*_Z!_(&LUfs7If^xV
zW?m!f=bw=_l#=d7ls4CYFc>;80N-)J(ogNMrg;%tz0Mbk-$B8!$@D{ekX1X3a^Mxy
zHGQHXsmi8uczCo8WFQtRbA^wLy7~rtFA_A`L?VwQXyyDVe9I#F>SG0EubomLiLich
zu9Vf|y7p-4Mli%&ai_}*4w8UAF%SM}5pN6-qy9w>F(?2z&^*{vWDl_!-%nAE&u)$^
zrBxKr>;wm@%_JT-ZSZl+Og
zG)`VnHV%XazuX6&
zK}X%kqsV4M@OVe}CG@FX)oh4OSKq=*jf18
zjO;B{tA3}a^X19lH`?m3*VS}1vnnxcuks?diGhKbda`iY9h
zyJ+AEbQ*PXz%Qn_Sc1*Uo0Sl{=foSsA`k&_){`N9(GI-{hkU|+&l05;NFRLU|M?c=
zL5W0;kwHl|BlE+ZZAf
znt5LH%1t_f-KH~}<6_PgErf0T!9#R@&sqpEvkPMvA*LoQvh~A>YcbL158;J<1>1Ho
zHX%vr5usSPcn@$lt)9yRJ$yD8=ihoB@5(*E#?)qKSc{^Fj?XvwTQwYk%kN{XVli5gd1>9))a`RL{Ttp*
zsA{{)UE_!O62mUH6E}SemRO`ma0vo9saAVl%_{`RWI_*tMBp*h{|@eGKlf?a_T9x1!}q$!4%u2CDNH>sVTv
zCp4oLUt3$xSu=-;@7)i2nln4eee&4HTM0No7k3vide%rkVuY!7UD>4|dFU@4)7Fa^
z`VcZt!luHC&Q#(QzTD#!`9@Og5!9_h*uu?jX{N1&{E&<3JGanv7pDK_@T5_A=-JkE
z&pOb~$O>bk&6c;!J}CNi2JUBpHhsM35%8vOd?(!5)^jQmg}o)uovV3E-s+OvfOQU0
zoT0JmOPf)})WlCPz)*cMyX(pe+T8oC>pje%Pl3AT_aU~Bg`2Tk_q-R}Ga=-90`P~=
zPGt$~*E)%O`-gX9PxWJ-4Eo4av@*EiDp60=SM~S9zC1g+V>d}|?${k-osGbRez*Ir
zlONen!RFN6B4cvSybX#CZGdBu6M2oRqi_8`pWuCf(ur=G&^v)fYqG*G+{QaHD&Gtg$7@th4gLS(@?6txj
ztvM8@d=bj*f+M>03Y~Gv&M#D@4BCvir~*9o>kc>)pwA%
z1aZ9oHISF7)^PgdS?ws=TOmtfV%+veW0bBFUH
z#Cb^g5UrjM2L7I=c%$$Gk&U_y_<3iFP{@$zJ(3gma8Jw$J@mCOL;Y3Ri1qkGi}$wh
z3HB?#AsGU8-OcXh5TIG}Tq?KZ9v=AJ2Y5ekxChs%$HougujcI=XR|)wS@_clAEwKm;PR&)jxS!?G9K?3xRkl0ld;Xeh4DGnlb97YgePCW4SoBLQ@D^T0NMx?bLcvX$$WD>zha7T
zjtC|3VLtM~7T1(QJ{oRUb3~M}oSr2zQ&&?{(;}Tg(J2at_9fQ-liR=@l4Skps)Wa(Fa>e_+{O9nXqBBn~WN|FSdoUoS
zVPrq?fw-DsNNYh9m2&v+ni6>Zm%d
zuLN%j9Zr>h5dJhTj9?-Y#0>Ks$pPUJXyss_vq)eh&`E0TBozT60jDGXol4s>od~3P
zhSkZtnS2UDCfmbRiEj%7y*tJyBuFVa15bvqoNk8rc3iYwqDu9a=3sIsR@MHz3?x(B
ztqiMI^^5c7Nj^smsF!>|Wz%3XHFn7K#A1Y)M6NdG1(YTd^2jol69n_yi*
z3~i~D-jR4Y3;NwC3V%IUsn*v{tFjUu@zY{eeFpo~PxVH?4J4d8c!Q2w5UTq;;pe0FyGor=ae*u(PT)okp~HS8L60WT&Sdp#W%Bv#*A@az-6Hi0lq_ueujpu3u8-Uno%BI
zY5JJ8Z#A8cA~@4OduD|a#lDCIC^+J+jxpj!KG!h6AF~dJL1aQ0MGl=AG~-VjOMU)|
zCGD5!cIHI@+#wE4-{?EGyfV6cM(fDk2n96zQly`G=
z+#)MWt*d81j~mj329&tj1IO#xOpgr&U>td_bt&dZObwdr9?UpOE{au**_INYhxR2Q
zSPf(ALF7`d^wyk6l(OW>vDd*?S#0`4c4U4^Afivp>_#gy^lBvX&-x*5GvF`hBIcig
z9UWgJrAg`SZ>3MqQ)gz6(=4^^H`cB>+-(AouRz_`NmX&~KGmJ$N9lT>dZ^KW1!Nd#mhFw|2uak=0$*s7coymJ^H&~t~gzqP`AlvLj4B@UC9-F>BV88R@MP!D3*PA%i
z`wuM~@VDbenm_ZSoxY*v+j$|axs8eKUs5=0ETc^i1B|dMa67OmJRFm$c}adosE%I>
zMMfA6RN?mZee$f)(-S^?Y^pgHc$%I(=Tah|fE>>Or3X0VCef#Q$IH&LI4~zxDq))4
zJcy*M&3JZU**Ikj%d7)RyYfT=D3@F`yV7+%;R;ppb5!HLCMCHn9KCcLa2GYTgt4p(
z`vi^X^RHk1(eF4YlG{tY9EUBFAGF&2iRzDZor-W}(JF_eaM8C#oB5cNpM&-_zyTAip~ImJD&gUzd~LPiN`>
zoUY#vSq-i99UY?;ByDH-5wh!NLU<%r>f|(Z_D%r011#l0%|8k_;CIIXqlQK^+c!A7
zRE}{WJ(0oL32b-5Z;BH3!wZW?K=F+pk9%#fb2Go(JPybLxIw{}>-DTLty1@RgGEjR
zqnL#HpRjPlNVJrP!ldvLUJziq$an0lg%QEZg7O^M(N23J(xm%iFuLth;x_9SHuFRf
z+x(P(Un7BIJ?c~7N@Ur3miCxFc#ncMQ-RI47>#7Bo_~olsRZZ
zj~GMGjw{st!6f$M5~t1MiBjKw{y-;}jiP4x27aD?XIKkH9?X~@U6MK!i$h>F5l%h{
z|BU&g&s8fNlo|EOouZU=b-xBoFrwk=PRQdnbDu@IXMq2bvN+W;h66IptvimPt%CW$
zh0J|g3u0=XXIhu$ceLy+Mfc)q-pnbz8lq$#vHSztTloT*1KuApSGI%Y)kwITmhn}#
z)-LR_3SPJpHT;SXXVD5b4_w!Y>esPFy6G|`5OpBU-*zz{f(Gh1Zzj?OiZS*RW+m1_t72wvVXkTad*laU?@z_w$~
zm}a|STk!7BJZ%@fb?I-u`m1wMV^uMPd$S|Jyv@$P&+~sTHHtr%+J9u@f7MvRhzt-T
zMzHM1Q}heE^}dxF`|a^w)B_A@IS4_98b(m67);Yq4l^%SbUr_LV=Ku40y?9co6Hy9
zla1S}AJ4#@h;o|dZbK1z}2~Y+4k^mvu(k(_^>qF
z;n*hXeLj0<7JC>nhL^sR6E=L=o4g;CJfN}X-!8XSETdcPf~U6dA>HoKDV2*oKeYD8
zaugSce&ryy%7^jSE}J9_t?k-^x1U^302r3`B+qSj?M&t4GFZHD}AYIZ##*P+mG{16J?j
z^PfBkdOM^++=CeVl!d&AgucZ@A8;%{lK765^gDS74KOnIVe_NKWvYx)j*E>O$T;ZO
zf3%mkha5?8|14HzAnl+%W~-;@AbDur7qA^e@L{HkXJ(!KomBW|9vze32*nuqPb2+*
zac=zcJo2yc4vyo6>gGoX-snBBP(rx?Q4!xUAXl?Q{c;YHVWbU{fp4(AMZ@D4ip1XA
z51|1AY|F=ocjdNz3ZR0)%mE`9f~cQw^bOseu0RlBq=sZvdm^?^*^XABFT=^OQxaRN
zWh3*uY4Em$ssH3Rv^`2{B%Qr-g!o-eTIBS3rtfLW!W6Eiw2)s#9^2_G$-ADn9yTFo
zT%fzReIxPw_0kX1a@5$mM9>*pz)g?@I>s5@0N-=rPk^H$Srei(pt!bK-%|_R(PFuiut#l0T>F-Qi=X?_l(cW$1T=|I2FjUxa^~kLZlu?D~`}6=(QS
zcvn;@tj+kT0`67BP%CZaz2py~M(gU>!hn7BQfiX;7iU@eE;jBxpAcUVIu6$Aj3tym
z=VW?uw2-?_tb3lGZa*&A(gZBPl+{OD*pFyXs!9rjspw6n@+`qL!OVYKL6QgfjIE;c
zStW8LB7&i?GI?xUB~O786WJ$V^R@G0>OBtUj#5@Q8qIJZWS9fV0-KBq@JORB(1wzVFcR0}
zCRbP9OjU7uqR}8wI$Pbx=2|(!zX4ANSvR;mN4iR@KI*KG7uw<=R<=b@rLibd>
zBkxFd%&U)o{j9B}ZZbIv4_c8M6J(>f0z4%iPiTtv`D5(!A|d>78*)2S>(fGuodItd
z)^uV8?LuX^_7=2xqB!Kmm%cSJ!CTjDCE-()=a^7qx-yU2bIzXGoF3z7kRtjd5dC^)Af|dSh*88DBpi|9`T>qeBL<-jc)E8mx{yZ)AhQiLSkE!he1P6biK9VmVdQNoE(80Op#T5Q
z6AMHA6IE^76*d%a6~8BNJ}&wcBXVghTj1^a9-zf~{cn_?ctPr%PHOVRqYKwygkK-&
zgok7@;T5$fPYB@(?*+fF_wp%|y+3@Ms^$Dd6
zhZo1m!fTL?g&S&F530+*H}bXhtxli04jK0sV}<{&B||yE$;w=Yw#Ae~{R!})p#z=maSnCI*~oSP_pz7EbM;GJAerW_0;VO%JxL(a)P}GpISXNw!+4s-
z9~JacBzPRHC^V^yv#O*E{7H#pcf}}2mm|V{!Gl!)Ln&d0EG1L*x|F^Rl=bkY?W={hWgGaZ
zQfRJrZ`;Y;2E4r31)#lQnmTkpGr`0scVCjVDI@jC((!2j9)`!_=O+vOkB%U@sR
z-46V#{q4P}{5u}sF8=`Z+rIUE;r|u;-9Y!N*X7+n_ji!Kapxbf|JlC&4*hPH`Blk%
zH_QATNpDH|1N49PK)-{&i@?9iAMYaY-+_qnN6`P-V*U>QuA%%Y7rbjIe+MJ(AL0Lp
zqVj8^-}ivO?hfA@w7)|S?~lm84dP#o@$cZjZb;rYn19Cz!5_i@lj{E!_1D(^pLJJH
z^heZx*2e#e{cA7$zB%|ix`_XX{XfU?zxe-|e7~>r?;Z8uas2k{AByk2D*oMH|IH=u
zh`;s}{~SO%(*HNaU;6D|2k;&IR}%XtxXRmj{=dBLf56|G6gf%Ix48=d0RQ#{1_}Tm
I@K+`Of52({3;+NC

literal 0
HcmV?d00001

diff --git a/Applet/JCardSimProvider/lib/gpapi-upgrade.jar b/Applet/JCardSimProvider/lib/gpapi-upgrade.jar
new file mode 100644
index 0000000000000000000000000000000000000000..e4814bde4b6b21982103c55f9b1a3a4a58f0b807
GIT binary patch
literal 12638
zcmbul1yEi~w=IghySuwPgy8P(?(XjHF2UV`gkZtl-Q6KTa3|P<{mahIIXCxKy-7hW
zinRvon>~B>izz?0X><$9HtpU3AhEfMm-{hYJV5zg}VnH-}a5?OzDJ
zeZRj16ac{6i+L*l^Aljd{nggNl-|_J)Ys
zA%jv|s@$PcJ>vU-=zypxIr)I79gt(CMRqYETXUFxgZHlPZdORPeTeAd3ak!pNs7$
zDsU3PfnzxpG(K@0n3_<~R*^JWQ&-Asd;ug~h*%8s?6!<ulJT_AFDwM;coA!sJVdE!jlhf
z3Vp9$(%m-{W3W{3Oq>@qRU+0OlYx|sXGdt$V#n|)eGaB7O@?@rhz24mLrnK8rjJ<7
zby1W0Xz|GyaU-XEKg_cXO5ej}###IG&!R*>rDqbNdC}zDx>##9AcZAuOrh318><7Z
zQouxNYyD^!JZe^Whz>BcyK9C^{HPABl-^`2iQ)pH1|i*bE%1<4L)R-vXQ4U~;#YoL
z=_Lv(6@Z9RvC^
zgUUJs5>8=Lv`?0$!%I3|1BSdF%9~xHtX^Uf8mG9MZs@Ll
zG7eI#xJy%$AS5E^$M)MVPcT#5@*ClHDS$
zv_TZ015iVNiIWnw^b|@h;l7P&BJd1M9r6OF>nFFkQ?iQnwM_$677`gRiUq7%l8c}y
z21=PfqV*aPOLs{?6#45Z9IV|n=~Q}!6Z(!nLH-XeKhTP`3HR~a(IEo11Z=lD>gmAh
zK(SCAdK;gN_D6lTmMoohe4ker&ae|*I-gH%>Ud81{czplOzZBi;d}_krq#L{y350v
zPo-aoN?NbHv7416#xs-;g@-@6v>6(Qo3H+Kx0DL@UC(URq&AO9<&n>LmWa_=X^jFN520gYRTy@W(MBwmQbqNs3AY-Mb1Y~%D7Q5LC4
z+wQRaMU-jz;42>qvNYq-s2XY(U)y`&%}JLvz$*b)
zkVxCv@oi1i7+;3jAQY?f=ZU
zS<`5{Q&$9%s%xn1LW>@t@>xpfqljzr<2>bUI>i{8DhdrGP@)AD28)IjgGC^{3S9jc
zmIrYMk9Bv!(&iJOO&CJk7&P^aNBBXOYZ44=Kiklx^gN=V)w4?;wBthM%?Am&nB9i-
zN+{JW5`7$pDc}z6-K(NH=Wn@J!Kf`NUeNClUXEK(Cge~TzO6RzLZ;e;rHANfY%*Mz
zRZ$+C?VO$SR|m5+tF%79()dOp&ycf}(dMk2uKZ3LYPEZKyc>3uWJbLc^01A;k_iLcI2qM
z@~ramR`TfxBrKk74}O=5L+@4-6>!FRNHk-S=Ql*DKt*q??<8_{W{PM~EqvmXgo{Lu
zl=fv5C+Iz|Sg^qA_0ai|BZ!)f{Ky;Rk>#2YaUF9u>p6JHe>STofbp~ZZfTg%u)$W0
zo`bHeD5*c#CL}P8lR7~
z7x-cy?Gdq}x^2okGmZL(O{RYI+RR2viTI&CObn#XfxCS#pIj{7@w~`
z3^5^cAZ4fNdEWVj>6YaB@WFm=t!W3!z2b1Ww(EFd!}rnHWNDNEu&A!o_A+^~-vED6
z;SqgzFA`3s-Y+jZd*bl0W9XoYqIn0C^RqabNi2r3NQ=@yoKqZ9T^lk|g?Z@7rIU)4
zRZfY>WOv_pLU1>n+}Fw*;ut^ta~^0fp0=%NI1^oLZDl7@Rc@_wg1Wo~;AIBXg7~u;
z*wvE@;rc~xM&^~($TQ(P!RZDJksnnC5mWn3t%;>{-pT5_ACqsAS8z3n55a^b>Gds!
zH~#AA^0%*IP~PY!73NpEDg2FY$p1_?zY@)fhV@%VhV+6*@Txxrgg%6@OU57B($9Fr
z0e6&N7R}LDbXTMnPaTe)Fmg&)SsMKMI5tA}jf7O#-a%TsmmeWRYkYK^`D*kyE?H`Q
zFc@i>rZ`e-!boRtdaRzZ*twp8Njdgxqs8~^d~@@K*PcK|=%kj%(K0?+CjFaKQfZ|`
z@Ju(R`tmm>1EalqB%3k`{Uqn*Qbw9anUor?WEm)4a&vK5SLi&`SLN`pM3vGibU`S|
z?8BM_pKIA>_O460`oFi5W|at=1k-4;dcZk6MUbS<%LuV4E4GIDhNllZf8%$SN#tQ@
zoXVK(FP+}AR11-8#XVGNRjT<23Pp3;Wa>*aqQLDI0+Nrc5N`r@>QBIFzzF22m9K|x^5S`IEQlt^ztG8aybO0wW#v=EmVhZ>4X>5oE+(zs%1$D{b
z5CltgkbRv;IY33d3c3^g35^A|E^5#=9hqADd)X##gak0jS1r&x_gqa~3{u=qcs-m0JeVYrBtdl=raw>35au(@L>8K?JTxQYRqL^vexsTs
zv@R8h>%LxNVON+czj8dx$*{#H~frD8+}T(F-$
ztSA}#6V=OjH2*|lpOcHm2=cTLlH=75=QE8F)wpDyemG!b21FOO#d
zmg$(qcVLHUEcwB517-qMjXSr{1TnW_VmL`IZg_O90k
zVCzh&Us74=Wc2k)HQmGZ*f%w)Mz0O3W7ECVpf_gGyAL~=IJ10>WaykHhQTn9xL{MGC(YGN(H&L?P%c-n1&L(1O4DVwhWIIrap-ktK
zt|(dXZ0jslRtjYMNM`b#N`0sy+UzbieXY67@*W=W{s)t};
zth!;HTdL8z*(-`iockO;k^p5uK{Y{amO7e~Wl4$9W)2iwz}hB3hImVYf-jugv{i@T
z74?H)LxRO8z~g&9|GX&`)pjX4$ii5jjG8u7PcMfeN?NXk99tgv08
zGizp;-2|sd_La{z3?IRd!FR2$UGFm1puw}&S<{Mf>b3EqfrEDk*YRjQfFj-bWP*s@
z5SuIN3E|Nj!*QL>fgnBqk&;PiUotll>l3yRh^AAHZkk=$C)1)cb3ssZ33O)jKzuZ5
zNmRIPkeaN?cxoa256P4@-|TO-S@@-q$_5Ds;$sPABc;>vNMZAJ`8gJwHv`w{p!>w6
z(G}@61vKQ>OLq%Q0gS&#P7U@94$_)(UTGj}R)9rm
zP!MMe<;w(sN*`p!i^*uFV0b9a%Zt7)gYke%qWvbtnv%cpptZitL;*#JnNi4&shE-2gyDNj%yjl}DXnc^bY?9hexKG#Dv*W#G95|aXZ)8Geq$NRd#I53i
zJS;cQI>p|w9+$C+mdlNT6Q|Q{jwwlt(@KDXU|KAX0)e>EQQt*_Z!_(&LUfs7If^xV
zW?m!f=bw=_l#=d7ls4CYFc>;80N-)J(ogNMrg;%tz0Mbk-$B8!$@D{ekX1X3a^Mxy
zHGQHXsmi8uczCo8WFQtRbA^wLy7~rtFA_A`L?VwQXyyDVe9I#F>SG0EubomLiLich
zu9Vf|y7p-4Mli%&ai_}*4w8UAF%SM}5pN6-qy9w>F(?2z&^*{vWDl_!-%nAE&u)$^
zrBxKr>;wm@%_JT-ZSZl+Og
zG)`VnHV%XazuX6&
zK}X%kqsV4M@OVe}CG@FX)oh4OSKq=*jf18
zjO;B{tA3}a^X19lH`?m3*VS}1vnnxcuks?diGhKbda`iY9h
zyJ+AEbQ*PXz%Qn_Sc1*Uo0Sl{=foSsA`k&_){`N9(GI-{hkU|+&l05;NFRLU|M?c=
zL5W0;kwHl|BlE+ZZAf
znt5LH%1t_f-KH~}<6_PgErf0T!9#R@&sqpEvkPMvA*LoQvh~A>YcbL158;J<1>1Ho
zHX%vr5usSPcn@$lt)9yRJ$yD8=ihoB@5(*E#?)qKSc{^Fj?XvwTQwYk%kN{XVli5gd1>9))a`RL{Ttp*
zsA{{)UE_!O62mUH6E}SemRO`ma0vo9saAVl%_{`RWI_*tMBp*h{|@eGKlf?a_T9x1!}q$!4%u2CDNH>sVTv
zCp4oLUt3$xSu=-;@7)i2nln4eee&4HTM0No7k3vide%rkVuY!7UD>4|dFU@4)7Fa^
z`VcZt!luHC&Q#(QzTD#!`9@Og5!9_h*uu?jX{N1&{E&<3JGanv7pDK_@T5_A=-JkE
z&pOb~$O>bk&6c;!J}CNi2JUBpHhsM35%8vOd?(!5)^jQmg}o)uovV3E-s+OvfOQU0
zoT0JmOPf)})WlCPz)*cMyX(pe+T8oC>pje%Pl3AT_aU~Bg`2Tk_q-R}Ga=-90`P~=
zPGt$~*E)%O`-gX9PxWJ-4Eo4av@*EiDp60=SM~S9zC1g+V>d}|?${k-osGbRez*Ir
zlONen!RFN6B4cvSybX#CZGdBu6M2oRqi_8`pWuCf(ur=G&^v)fYqG*G+{QaHD&Gtg$7@th4gLS(@?6txj
ztvM8@d=bj*f+M>03Y~Gv&M#D@4BCvir~*9o>kc>)pwA%
z1aZ9oHISF7)^PgdS?ws=TOmtfV%+veW0bBFUH
z#Cb^g5UrjM2L7I=c%$$Gk&U_y_<3iFP{@$zJ(3gma8Jw$J@mCOL;Y3Ri1qkGi}$wh
z3HB?#AsGU8-OcXh5TIG}Tq?KZ9v=AJ2Y5ekxChs%$HougujcI=XR|)wS@_clAEwKm;PR&)jxS!?G9K?3xRkl0ld;Xeh4DGnlb97YgePCW4SoBLQ@D^T0NMx?bLcvX$$WD>zha7T
zjtC|3VLtM~7T1(QJ{oRUb3~M}oSr2zQ&&?{(;}Tg(J2at_9fQ-liR=@l4Skps)Wa(Fa>e_+{O9nXqBBn~WN|FSdoUoS
zVPrq?fw-DsNNYh9m2&v+ni6>Zm%d
zuLN%j9Zr>h5dJhTj9?-Y#0>Ks$pPUJXyss_vq)eh&`E0TBozT60jDGXol4s>od~3P
zhSkZtnS2UDCfmbRiEj%7y*tJyBuFVa15bvqoNk8rc3iYwqDu9a=3sIsR@MHz3?x(B
ztqiMI^^5c7Nj^smsF!>|Wz%3XHFn7K#A1Y)M6NdG1(YTd^2jol69n_yi*
z3~i~D-jR4Y3;NwC3V%IUsn*v{tFjUu@zY{eeFpo~PxVH?4J4d8c!Q2w5UTq;;pe0FyGor=ae*u(PT)okp~HS8L60WT&Sdp#W%Bv#*A@az-6Hi0lq_ueujpu3u8-Uno%BI
zY5JJ8Z#A8cA~@4OduD|a#lDCIC^+J+jxpj!KG!h6AF~dJL1aQ0MGl=AG~-VjOMU)|
zCGD5!cIHI@+#wE4-{?EGyfV6cM(fDk2n96zQly`G=
z+#)MWt*d81j~mj329&tj1IO#xOpgr&U>td_bt&dZObwdr9?UpOE{au**_INYhxR2Q
zSPf(ALF7`d^wyk6l(OW>vDd*?S#0`4c4U4^Afivp>_#gy^lBvX&-x*5GvF`hBIcig
z9UWgJrAg`SZ>3MqQ)gz6(=4^^H`cB>+-(AouRz_`NmX&~KGmJ$N9lT>dZ^KW1!Nd#mhFw|2uak=0$*s7coymJ^H&~t~gzqP`AlvLj4B@UC9-F>BV88R@MP!D3*PA%i
z`wuM~@VDbenm_ZSoxY*v+j$|axs8eKUs5=0ETc^i1B|dMa67OmJRFm$c}adosE%I>
zMMfA6RN?mZee$f)(-S^?Y^pgHc$%I(=Tah|fE>>Or3X0VCef#Q$IH&LI4~zxDq))4
zJcy*M&3JZU**Ikj%d7)RyYfT=D3@F`yV7+%;R;ppb5!HLCMCHn9KCcLa2GYTgt4p(
z`vi^X^RHk1(eF4YlG{tY9EUBFAGF&2iRzDZor-W}(JF_eaM8C#oB5cNpM&-_zyTAip~ImJD&gUzd~LPiN`>
zoUY#vSq-i99UY?;ByDH-5wh!NLU<%r>f|(Z_D%r011#l0%|8k_;CIIXqlQK^+c!A7
zRE}{WJ(0oL32b-5Z;BH3!wZW?K=F+pk9%#fb2Go(JPybLxIw{}>-DTLty1@RgGEjR
zqnL#HpRjPlNVJrP!ldvLUJziq$an0lg%QEZg7O^M(N23J(xm%iFuLth;x_9SHuFRf
z+x(P(Un7BIJ?c~7N@Ur3miCxFc#ncMQ-RI47>#7Bo_~olsRZZ
zj~GMGjw{st!6f$M5~t1MiBjKw{y-;}jiP4x27aD?XIKkH9?X~@U6MK!i$h>F5l%h{
z|BU&g&s8fNlo|EOouZU=b-xBoFrwk=PRQdnbDu@IXMq2bvN+W;h66IptvimPt%CW$
zh0J|g3u0=XXIhu$ceLy+Mfc)q-pnbz8lq$#vHSztTloT*1KuApSGI%Y)kwITmhn}#
z)-LR_3SPJpHT;SXXVD5b4_w!Y>esPFy6G|`5OpBU-*zz{f(Gh1Zzj?OiZS*RW+m1_t72wvVXkTad*laU?@z_w$~
zm}a|STk!7BJZ%@fb?I-u`m1wMV^uMPd$S|Jyv@$P&+~sTHHtr%+J9u@f7MvRhzt-T
zMzHM1Q}heE^}dxF`|a^w)B_A@IS4_98b(m67);Yq4l^%SbUr_LV=Ku40y?9co6Hy9
zla1S}AJ4#@h;o|dZbK1z}2~Y+4k^mvu(k(_^>qF
z;n*hXeLj0<7JC>nhL^sR6E=L=o4g;CJfN}X-!8XSETdcPf~U6dA>HoKDV2*oKeYD8
zaugSce&ryy%7^jSE}J9_t?k-^x1U^302r3`B+qSj?M&t4GFZHD}AYIZ##*P+mG{16J?j
z^PfBkdOM^++=CeVl!d&AgucZ@A8;%{lK765^gDS74KOnIVe_NKWvYx)j*E>O$T;ZO
zf3%mkha5?8|14HzAnl+%W~-;@AbDur7qA^e@L{HkXJ(!KomBW|9vze32*nuqPb2+*
zac=zcJo2yc4vyo6>gGoX-snBBP(rx?Q4!xUAXl?Q{c;YHVWbU{fp4(AMZ@D4ip1XA
z51|1AY|F=ocjdNz3ZR0)%mE`9f~cQw^bOseu0RlBq=sZvdm^?^*^XABFT=^OQxaRN
zWh3*uY4Em$ssH3Rv^`2{B%Qr-g!o-eTIBS3rtfLW!W6Eiw2)s#9^2_G$-ADn9yTFo
zT%fzReIxPw_0kX1a@5$mM9>*pz)g?@I>s5@0N-=rPk^H$Srei(pt!bK-%|_R(PFuiut#l0T>F-Qi=X?_l(cW$1T=|I2FjUxa^~kLZlu?D~`}6=(QS
zcvn;@tj+kT0`67BP%CZaz2py~M(gU>!hn7BQfiX;7iU@eE;jBxpAcUVIu6$Aj3tym
z=VW?uw2-?_tb3lGZa*&A(gZBPl+{OD*pFyXs!9rjspw6n@+`qL!OVYKL6QgfjIE;c
zStW8LB7&i?GI?xUB~O786WJ$V^R@G0>OBtUj#5@Q8qIJZWS9fV0-KBq@JORB(1wzVFcR0}
zCRbP9OjU7uqR}8wI$Pbx=2|(!zX4ANSvR;mN4iR@KI*KG7uw<=R<=b@rLibd>
zBkxFd%&U)o{j9B}ZZbIv4_c8M6J(>f0z4%iPiTtv`D5(!A|d>78*)2S>(fGuodItd
z)^uV8?LuX^_7=2xqB!Kmm%cSJ!CTjDCE-()=a^7qx-yU2bIzXGoF3z7kRtjd5dC^)Af|dSh*88DBpi|9`T>qeBL<-jc)E8mx{yZ)AhQiLSkE!he1P6biK9VmVdQNoE(80Op#T5Q
z6AMHA6IE^76*d%a6~8BNJ}&wcBXVghTj1^a9-zf~{cn_?ctPr%PHOVRqYKwygkK-&
zgok7@;T5$fPYB@(?*+fF_wp%|y+3@Ms^$Dd6
zhZo1m!fTL?g&S&F530+*H}bXhtxli04jK0sV}<{&B||yE$;w=Yw#Ae~{R!})p#z=maSnCI*~oSP_pz7EbM;GJAerW_0;VO%JxL(a)P}GpISXNw!+4s-
z9~JacBzPRHC^V^yv#O*E{7H#pcf}}2mm|V{!Gl!)Ln&d0EG1L*x|F^Rl=bkY?W={hWgGaZ
zQfRJrZ`;Y;2E4r31)#lQnmTkpGr`0scVCjVDI@jC((!2j9)`!_=O+vOkB%U@sR
z-46V#{q4P}{5u}sF8=`Z+rIUE;r|u;-9Y!N*X7+n_ji!Kapxbf|JlC&4*hPH`Blk%
zH_QATNpDH|1N49PK)-{&i@?9iAMYaY-+_qnN6`P-V*U>QuA%%Y7rbjIe+MJ(AL0Lp
zqVj8^-}ivO?hfA@w7)|S?~lm84dP#o@$cZjZb;rYn19Cz!5_i@lj{E!_1D(^pLJJH
z^heZx*2e#e{cA7$zB%|ix`_XX{XfU?zxe-|e7~>r?;Z8uas2k{AByk2D*oMH|IH=u
zh`;s}{~SO%(*HNaU;6D|2k;&IR}%XtxXRmj{=dBLf56|G6gf%Ix48=d0RQ#{1_}Tm
I@K+`Of52({3;+NC

literal 0
HcmV?d00001

diff --git a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
index 0949177f..b41e48f4 100644
--- a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
+++ b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
@@ -1517,7 +1517,7 @@ private boolean isEmpty(byte[] buf, short offset, short len) {
     boolean empty = true;
     short index = 0;
     while (index < len) {
-      if (buf[index] != 0) {
+      if (buf[(short) (index + offset)] != 0) {
         empty = false;
         break;
       }

From 4f93707e421227f4a5cb1418323cb4585bf9b7e2 Mon Sep 17 00:00:00 2001
From: subrahmanyaman 
Date: Tue, 7 Dec 2021 19:55:11 +0000
Subject: [PATCH 167/169] Merged changes from Keymaster 41

---
 .../AndroidSEProvider/lib/gpapi-upgrade.jar   |  Bin 0 -> 12638 bytes
 .../javacard/keymaster/KMAndroidSEApplet.java |  129 +-
 .../keymaster/KMAndroidSEProvider.java        |  417 +++---
 .../keymaster/KMAttestationCertImpl.java      |   64 +-
 .../javacard/keymaster/KMConfigurations.java  |   29 +
 .../android/javacard/keymaster/KMHmacKey.java |    6 +-
 .../javacard/keymaster/KMOperationImpl.java   |   52 +-
 .../keymaster/KMPKCS8DecoderImpl.java         |  223 +++
 .../android/javacard/keymaster/KMUtils.java   |   32 +-
 Applet/JCardSimProvider/lib/gpapi-upgrade.jar |  Bin 0 -> 12638 bytes
 .../keymaster/KMAttestationCertImpl.java      |    9 +-
 .../javacard/keymaster/KMConfigurations.java  |   29 +
 .../android/javacard/keymaster/KMHmacKey.java |    6 +-
 .../javacard/keymaster/KMJCardSimulator.java  |  205 ++-
 .../keymaster/KMPKCS8DecoderImpl.java         |  223 +++
 .../android/javacard/keymaster/KMUtils.java   |   30 +-
 .../javacard/test/KMFunctionalTest.java       |  278 +++-
 Applet/README.md                              |    1 +
 .../android/javacard/keymaster/KMArray.java   |    6 +
 .../javacard/keymaster/KMByteBlob.java        |    4 +
 .../javacard/keymaster/KMComputedHmacKey.java |    5 +
 .../android/javacard/keymaster/KMDecoder.java |   36 +-
 .../android/javacard/keymaster/KMEncoder.java |   10 +-
 .../android/javacard/keymaster/KMEnum.java    |    2 +-
 .../android/javacard/keymaster/KMEnumTag.java |    5 +-
 .../android/javacard/keymaster/KMError.java   |    5 +-
 .../android/javacard/keymaster/KMInteger.java |   13 +-
 .../javacard/keymaster/KMIntegerArrayTag.java |   13 +-
 .../javacard/keymaster/KMIntegerTag.java      |    4 +-
 .../javacard/keymaster/KMKeyParameters.java   |  161 ++-
 .../javacard/keymaster/KMKeymasterApplet.java | 1255 ++++++++++-------
 .../javacard/keymaster/KMOperationState.java  |  103 +-
 .../javacard/keymaster/KMPKCS8Decoder.java}   |   21 +-
 .../javacard/keymaster/KMRepository.java      |  455 ++++--
 .../javacard/keymaster/KMSEProvider.java      |   94 +-
 .../android/javacard/keymaster/KMType.java    |    2 +
 .../javacard/keymaster/KMUpgradable.java      |    2 +-
 HAL/keymaster/4.1/CommonUtils.cpp             |    2 +-
 .../4.1/JavacardKeymaster4Device.cpp          |  548 ++++---
 .../4.1/JavacardOperationContext.cpp          |  154 +-
 .../4.1/JavacardSoftKeymasterContext.cpp      |    2 +-
 HAL/keymaster/4.1/SocketTransport.cpp         |   40 +-
 ...hardware.keymaster@4.1-javacard.service.rc |    6 -
 ...ardware.keymaster@4.1-strongbox.service.rc |    6 +
 ...dware.keymaster@4.1-strongbox.service.xml} |    2 +-
 .../android.hardware.strongbox_keystore.xml   |   17 +
 HAL/keymaster/4.1/service.cpp                 |    5 +-
 HAL/keymaster/Android.bp                      |   49 +-
 HAL/keymaster/include/CommonUtils.h           |    8 +-
 .../include/JavacardKeymaster4Device.h        |   69 +-
 .../include/JavacardOperationContext.h        |   11 +-
 .../include/JavacardSoftKeymasterContext.h    |    2 +-
 HAL/keymaster/include/Transport.h             |    7 +-
 ProvisioningTool/Android.bp                   |   68 -
 ProvisioningTool/Makefile                     |   58 +
 ProvisioningTool/Provision.cpp                |  509 -------
 ProvisioningTool/Provision.h                  |  108 --
 ProvisioningTool/ProvisionTool.cpp            |  616 --------
 ProvisioningTool/README.md                    |   47 +-
 ProvisioningTool/include/UniquePtr.h          |   39 +
 ProvisioningTool/include/constants.h          |   95 ++
 ProvisioningTool/include/cppbor/cppbor.h      | 1113 +++++++++++++++
 .../include/cppbor/cppbor_parse.h             |  195 +++
 ProvisioningTool/include/json/assertions.h    |   54 +
 ProvisioningTool/include/json/autolink.h      |   25 +
 ProvisioningTool/include/json/config.h        |  119 ++
 ProvisioningTool/include/json/features.h      |   51 +
 ProvisioningTool/include/json/forwards.h      |   37 +
 ProvisioningTool/include/json/json.h          |   15 +
 ProvisioningTool/include/json/reader.h        |  360 +++++
 ProvisioningTool/include/json/value.h         |  850 +++++++++++
 ProvisioningTool/include/json/version.h       |   13 +
 ProvisioningTool/include/json/writer.h        |  320 +++++
 ProvisioningTool/include/socket.h             |   53 +
 ProvisioningTool/include/utils.h              |   30 +
 ProvisioningTool/lib/README.md                |   25 +
 ProvisioningTool/lib/libjsoncpp.a             |  Bin 0 -> 2640366 bytes
 ProvisioningTool/lib/libjsoncpp.so            |  Bin 0 -> 1388960 bytes
 ProvisioningTool/lib/libjsoncpp.so.0          |  Bin 0 -> 1388960 bytes
 ProvisioningTool/lib/libjsoncpp.so.0.10.7     |  Bin 0 -> 1388960 bytes
 ProvisioningTool/sample_json_cf.txt           |   12 +-
 ProvisioningTool/sample_json_gf.txt           |   12 +-
 ProvisioningTool/src/construct_apdus.cpp      |  584 ++++++++
 ProvisioningTool/src/cppbor.cpp               |  626 ++++++++
 ProvisioningTool/src/cppbor_parse.cpp         |  389 +++++
 ProvisioningTool/src/provision.cpp            |  343 +++++
 ProvisioningTool/src/socket.cpp               |  110 ++
 ProvisioningTool/src/utils.cpp                |   96 ++
 ProvisioningTool/test_resources/batch_key.der |  Bin 121 -> 138 bytes
 .../cts_tests_tests_keystore.patch            |  176 +++
 .../device_google_cuttlefish.patch            |   58 +
 .../hardware_interfaces_keymaster.patch       |   36 +
 .../omapi_patches/JavacardKeymaster.patch     |  330 +++++
 .../packages_apps_secureElement.patch         |   25 +
 .../system_sepolicy.patch                     |   28 +
 .../device_google_cuttlefish.patch            |   60 +
 .../hardware_interfaces_keymaster.patch       |   36 +
 .../system_security_keystore2.patch           |   13 +
 .../system_sepolicy.patch                     |   40 +
 99 files changed, 9757 insertions(+), 2874 deletions(-)
 create mode 100644 Applet/AndroidSEProvider/lib/gpapi-upgrade.jar
 create mode 100644 Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMConfigurations.java
 create mode 100644 Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMPKCS8DecoderImpl.java
 create mode 100644 Applet/JCardSimProvider/lib/gpapi-upgrade.jar
 create mode 100644 Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMConfigurations.java
 create mode 100644 Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMPKCS8DecoderImpl.java
 create mode 100644 Applet/src/com/android/javacard/keymaster/KMComputedHmacKey.java
 rename Applet/{AndroidSEProvider/src/com/android/javacard/keymaster/KMInstance.java => src/com/android/javacard/keymaster/KMPKCS8Decoder.java} (55%)
 delete mode 100644 HAL/keymaster/4.1/android.hardware.keymaster@4.1-javacard.service.rc
 create mode 100644 HAL/keymaster/4.1/android.hardware.keymaster@4.1-strongbox.service.rc
 rename HAL/keymaster/4.1/{android.hardware.keymaster@4.1-javacard.service.xml => android.hardware.keymaster@4.1-strongbox.service.xml} (75%)
 create mode 100644 HAL/keymaster/4.1/android.hardware.strongbox_keystore.xml
 delete mode 100644 ProvisioningTool/Android.bp
 create mode 100644 ProvisioningTool/Makefile
 delete mode 100644 ProvisioningTool/Provision.cpp
 delete mode 100644 ProvisioningTool/Provision.h
 delete mode 100644 ProvisioningTool/ProvisionTool.cpp
 create mode 100644 ProvisioningTool/include/UniquePtr.h
 create mode 100644 ProvisioningTool/include/constants.h
 create mode 100644 ProvisioningTool/include/cppbor/cppbor.h
 create mode 100644 ProvisioningTool/include/cppbor/cppbor_parse.h
 create mode 100644 ProvisioningTool/include/json/assertions.h
 create mode 100644 ProvisioningTool/include/json/autolink.h
 create mode 100644 ProvisioningTool/include/json/config.h
 create mode 100644 ProvisioningTool/include/json/features.h
 create mode 100644 ProvisioningTool/include/json/forwards.h
 create mode 100644 ProvisioningTool/include/json/json.h
 create mode 100644 ProvisioningTool/include/json/reader.h
 create mode 100644 ProvisioningTool/include/json/value.h
 create mode 100644 ProvisioningTool/include/json/version.h
 create mode 100644 ProvisioningTool/include/json/writer.h
 create mode 100644 ProvisioningTool/include/socket.h
 create mode 100644 ProvisioningTool/include/utils.h
 create mode 100644 ProvisioningTool/lib/README.md
 create mode 100644 ProvisioningTool/lib/libjsoncpp.a
 create mode 100755 ProvisioningTool/lib/libjsoncpp.so
 create mode 100755 ProvisioningTool/lib/libjsoncpp.so.0
 create mode 100755 ProvisioningTool/lib/libjsoncpp.so.0.10.7
 create mode 100644 ProvisioningTool/src/construct_apdus.cpp
 create mode 100644 ProvisioningTool/src/cppbor.cpp
 create mode 100644 ProvisioningTool/src/cppbor_parse.cpp
 create mode 100644 ProvisioningTool/src/provision.cpp
 create mode 100644 ProvisioningTool/src/socket.cpp
 create mode 100644 ProvisioningTool/src/utils.cpp
 create mode 100644 aosp_integration_patches/cts_tests_tests_keystore.patch
 create mode 100644 aosp_integration_patches/device_google_cuttlefish.patch
 create mode 100644 aosp_integration_patches/hardware_interfaces_keymaster.patch
 create mode 100644 aosp_integration_patches/omapi_patches/JavacardKeymaster.patch
 create mode 100644 aosp_integration_patches/omapi_patches/packages_apps_secureElement.patch
 create mode 100644 aosp_integration_patches/system_sepolicy.patch
 create mode 100644 aosp_integration_patches_aosp_12_r15/device_google_cuttlefish.patch
 create mode 100644 aosp_integration_patches_aosp_12_r15/hardware_interfaces_keymaster.patch
 create mode 100644 aosp_integration_patches_aosp_12_r15/system_security_keystore2.patch
 create mode 100644 aosp_integration_patches_aosp_12_r15/system_sepolicy.patch

diff --git a/Applet/AndroidSEProvider/lib/gpapi-upgrade.jar b/Applet/AndroidSEProvider/lib/gpapi-upgrade.jar
new file mode 100644
index 0000000000000000000000000000000000000000..e4814bde4b6b21982103c55f9b1a3a4a58f0b807
GIT binary patch
literal 12638
zcmbul1yEi~w=IghySuwPgy8P(?(XjHF2UV`gkZtl-Q6KTa3|P<{mahIIXCxKy-7hW
zinRvon>~B>izz?0X><$9HtpU3AhEfMm-{hYJV5zg}VnH-}a5?OzDJ
zeZRj16ac{6i+L*l^Aljd{nggNl-|_J)Ys
zA%jv|s@$PcJ>vU-=zypxIr)I79gt(CMRqYETXUFxgZHlPZdORPeTeAd3ak!pNs7$
zDsU3PfnzxpG(K@0n3_<~R*^JWQ&-Asd;ug~h*%8s?6!<ulJT_AFDwM;coA!sJVdE!jlhf
z3Vp9$(%m-{W3W{3Oq>@qRU+0OlYx|sXGdt$V#n|)eGaB7O@?@rhz24mLrnK8rjJ<7
zby1W0Xz|GyaU-XEKg_cXO5ej}###IG&!R*>rDqbNdC}zDx>##9AcZAuOrh318><7Z
zQouxNYyD^!JZe^Whz>BcyK9C^{HPABl-^`2iQ)pH1|i*bE%1<4L)R-vXQ4U~;#YoL
z=_Lv(6@Z9RvC^
zgUUJs5>8=Lv`?0$!%I3|1BSdF%9~xHtX^Uf8mG9MZs@Ll
zG7eI#xJy%$AS5E^$M)MVPcT#5@*ClHDS$
zv_TZ015iVNiIWnw^b|@h;l7P&BJd1M9r6OF>nFFkQ?iQnwM_$677`gRiUq7%l8c}y
z21=PfqV*aPOLs{?6#45Z9IV|n=~Q}!6Z(!nLH-XeKhTP`3HR~a(IEo11Z=lD>gmAh
zK(SCAdK;gN_D6lTmMoohe4ker&ae|*I-gH%>Ud81{czplOzZBi;d}_krq#L{y350v
zPo-aoN?NbHv7416#xs-;g@-@6v>6(Qo3H+Kx0DL@UC(URq&AO9<&n>LmWa_=X^jFN520gYRTy@W(MBwmQbqNs3AY-Mb1Y~%D7Q5LC4
z+wQRaMU-jz;42>qvNYq-s2XY(U)y`&%}JLvz$*b)
zkVxCv@oi1i7+;3jAQY?f=ZU
zS<`5{Q&$9%s%xn1LW>@t@>xpfqljzr<2>bUI>i{8DhdrGP@)AD28)IjgGC^{3S9jc
zmIrYMk9Bv!(&iJOO&CJk7&P^aNBBXOYZ44=Kiklx^gN=V)w4?;wBthM%?Am&nB9i-
zN+{JW5`7$pDc}z6-K(NH=Wn@J!Kf`NUeNClUXEK(Cge~TzO6RzLZ;e;rHANfY%*Mz
zRZ$+C?VO$SR|m5+tF%79()dOp&ycf}(dMk2uKZ3LYPEZKyc>3uWJbLc^01A;k_iLcI2qM
z@~ramR`TfxBrKk74}O=5L+@4-6>!FRNHk-S=Ql*DKt*q??<8_{W{PM~EqvmXgo{Lu
zl=fv5C+Iz|Sg^qA_0ai|BZ!)f{Ky;Rk>#2YaUF9u>p6JHe>STofbp~ZZfTg%u)$W0
zo`bHeD5*c#CL}P8lR7~
z7x-cy?Gdq}x^2okGmZL(O{RYI+RR2viTI&CObn#XfxCS#pIj{7@w~`
z3^5^cAZ4fNdEWVj>6YaB@WFm=t!W3!z2b1Ww(EFd!}rnHWNDNEu&A!o_A+^~-vED6
z;SqgzFA`3s-Y+jZd*bl0W9XoYqIn0C^RqabNi2r3NQ=@yoKqZ9T^lk|g?Z@7rIU)4
zRZfY>WOv_pLU1>n+}Fw*;ut^ta~^0fp0=%NI1^oLZDl7@Rc@_wg1Wo~;AIBXg7~u;
z*wvE@;rc~xM&^~($TQ(P!RZDJksnnC5mWn3t%;>{-pT5_ACqsAS8z3n55a^b>Gds!
zH~#AA^0%*IP~PY!73NpEDg2FY$p1_?zY@)fhV@%VhV+6*@Txxrgg%6@OU57B($9Fr
z0e6&N7R}LDbXTMnPaTe)Fmg&)SsMKMI5tA}jf7O#-a%TsmmeWRYkYK^`D*kyE?H`Q
zFc@i>rZ`e-!boRtdaRzZ*twp8Njdgxqs8~^d~@@K*PcK|=%kj%(K0?+CjFaKQfZ|`
z@Ju(R`tmm>1EalqB%3k`{Uqn*Qbw9anUor?WEm)4a&vK5SLi&`SLN`pM3vGibU`S|
z?8BM_pKIA>_O460`oFi5W|at=1k-4;dcZk6MUbS<%LuV4E4GIDhNllZf8%$SN#tQ@
zoXVK(FP+}AR11-8#XVGNRjT<23Pp3;Wa>*aqQLDI0+Nrc5N`r@>QBIFzzF22m9K|x^5S`IEQlt^ztG8aybO0wW#v=EmVhZ>4X>5oE+(zs%1$D{b
z5CltgkbRv;IY33d3c3^g35^A|E^5#=9hqADd)X##gak0jS1r&x_gqa~3{u=qcs-m0JeVYrBtdl=raw>35au(@L>8K?JTxQYRqL^vexsTs
zv@R8h>%LxNVON+czj8dx$*{#H~frD8+}T(F-$
ztSA}#6V=OjH2*|lpOcHm2=cTLlH=75=QE8F)wpDyemG!b21FOO#d
zmg$(qcVLHUEcwB517-qMjXSr{1TnW_VmL`IZg_O90k
zVCzh&Us74=Wc2k)HQmGZ*f%w)Mz0O3W7ECVpf_gGyAL~=IJ10>WaykHhQTn9xL{MGC(YGN(H&L?P%c-n1&L(1O4DVwhWIIrap-ktK
zt|(dXZ0jslRtjYMNM`b#N`0sy+UzbieXY67@*W=W{s)t};
zth!;HTdL8z*(-`iockO;k^p5uK{Y{amO7e~Wl4$9W)2iwz}hB3hImVYf-jugv{i@T
z74?H)LxRO8z~g&9|GX&`)pjX4$ii5jjG8u7PcMfeN?NXk99tgv08
zGizp;-2|sd_La{z3?IRd!FR2$UGFm1puw}&S<{Mf>b3EqfrEDk*YRjQfFj-bWP*s@
z5SuIN3E|Nj!*QL>fgnBqk&;PiUotll>l3yRh^AAHZkk=$C)1)cb3ssZ33O)jKzuZ5
zNmRIPkeaN?cxoa256P4@-|TO-S@@-q$_5Ds;$sPABc;>vNMZAJ`8gJwHv`w{p!>w6
z(G}@61vKQ>OLq%Q0gS&#P7U@94$_)(UTGj}R)9rm
zP!MMe<;w(sN*`p!i^*uFV0b9a%Zt7)gYke%qWvbtnv%cpptZitL;*#JnNi4&shE-2gyDNj%yjl}DXnc^bY?9hexKG#Dv*W#G95|aXZ)8Geq$NRd#I53i
zJS;cQI>p|w9+$C+mdlNT6Q|Q{jwwlt(@KDXU|KAX0)e>EQQt*_Z!_(&LUfs7If^xV
zW?m!f=bw=_l#=d7ls4CYFc>;80N-)J(ogNMrg;%tz0Mbk-$B8!$@D{ekX1X3a^Mxy
zHGQHXsmi8uczCo8WFQtRbA^wLy7~rtFA_A`L?VwQXyyDVe9I#F>SG0EubomLiLich
zu9Vf|y7p-4Mli%&ai_}*4w8UAF%SM}5pN6-qy9w>F(?2z&^*{vWDl_!-%nAE&u)$^
zrBxKr>;wm@%_JT-ZSZl+Og
zG)`VnHV%XazuX6&
zK}X%kqsV4M@OVe}CG@FX)oh4OSKq=*jf18
zjO;B{tA3}a^X19lH`?m3*VS}1vnnxcuks?diGhKbda`iY9h
zyJ+AEbQ*PXz%Qn_Sc1*Uo0Sl{=foSsA`k&_){`N9(GI-{hkU|+&l05;NFRLU|M?c=
zL5W0;kwHl|BlE+ZZAf
znt5LH%1t_f-KH~}<6_PgErf0T!9#R@&sqpEvkPMvA*LoQvh~A>YcbL158;J<1>1Ho
zHX%vr5usSPcn@$lt)9yRJ$yD8=ihoB@5(*E#?)qKSc{^Fj?XvwTQwYk%kN{XVli5gd1>9))a`RL{Ttp*
zsA{{)UE_!O62mUH6E}SemRO`ma0vo9saAVl%_{`RWI_*tMBp*h{|@eGKlf?a_T9x1!}q$!4%u2CDNH>sVTv
zCp4oLUt3$xSu=-;@7)i2nln4eee&4HTM0No7k3vide%rkVuY!7UD>4|dFU@4)7Fa^
z`VcZt!luHC&Q#(QzTD#!`9@Og5!9_h*uu?jX{N1&{E&<3JGanv7pDK_@T5_A=-JkE
z&pOb~$O>bk&6c;!J}CNi2JUBpHhsM35%8vOd?(!5)^jQmg}o)uovV3E-s+OvfOQU0
zoT0JmOPf)})WlCPz)*cMyX(pe+T8oC>pje%Pl3AT_aU~Bg`2Tk_q-R}Ga=-90`P~=
zPGt$~*E)%O`-gX9PxWJ-4Eo4av@*EiDp60=SM~S9zC1g+V>d}|?${k-osGbRez*Ir
zlONen!RFN6B4cvSybX#CZGdBu6M2oRqi_8`pWuCf(ur=G&^v)fYqG*G+{QaHD&Gtg$7@th4gLS(@?6txj
ztvM8@d=bj*f+M>03Y~Gv&M#D@4BCvir~*9o>kc>)pwA%
z1aZ9oHISF7)^PgdS?ws=TOmtfV%+veW0bBFUH
z#Cb^g5UrjM2L7I=c%$$Gk&U_y_<3iFP{@$zJ(3gma8Jw$J@mCOL;Y3Ri1qkGi}$wh
z3HB?#AsGU8-OcXh5TIG}Tq?KZ9v=AJ2Y5ekxChs%$HougujcI=XR|)wS@_clAEwKm;PR&)jxS!?G9K?3xRkl0ld;Xeh4DGnlb97YgePCW4SoBLQ@D^T0NMx?bLcvX$$WD>zha7T
zjtC|3VLtM~7T1(QJ{oRUb3~M}oSr2zQ&&?{(;}Tg(J2at_9fQ-liR=@l4Skps)Wa(Fa>e_+{O9nXqBBn~WN|FSdoUoS
zVPrq?fw-DsNNYh9m2&v+ni6>Zm%d
zuLN%j9Zr>h5dJhTj9?-Y#0>Ks$pPUJXyss_vq)eh&`E0TBozT60jDGXol4s>od~3P
zhSkZtnS2UDCfmbRiEj%7y*tJyBuFVa15bvqoNk8rc3iYwqDu9a=3sIsR@MHz3?x(B
ztqiMI^^5c7Nj^smsF!>|Wz%3XHFn7K#A1Y)M6NdG1(YTd^2jol69n_yi*
z3~i~D-jR4Y3;NwC3V%IUsn*v{tFjUu@zY{eeFpo~PxVH?4J4d8c!Q2w5UTq;;pe0FyGor=ae*u(PT)okp~HS8L60WT&Sdp#W%Bv#*A@az-6Hi0lq_ueujpu3u8-Uno%BI
zY5JJ8Z#A8cA~@4OduD|a#lDCIC^+J+jxpj!KG!h6AF~dJL1aQ0MGl=AG~-VjOMU)|
zCGD5!cIHI@+#wE4-{?EGyfV6cM(fDk2n96zQly`G=
z+#)MWt*d81j~mj329&tj1IO#xOpgr&U>td_bt&dZObwdr9?UpOE{au**_INYhxR2Q
zSPf(ALF7`d^wyk6l(OW>vDd*?S#0`4c4U4^Afivp>_#gy^lBvX&-x*5GvF`hBIcig
z9UWgJrAg`SZ>3MqQ)gz6(=4^^H`cB>+-(AouRz_`NmX&~KGmJ$N9lT>dZ^KW1!Nd#mhFw|2uak=0$*s7coymJ^H&~t~gzqP`AlvLj4B@UC9-F>BV88R@MP!D3*PA%i
z`wuM~@VDbenm_ZSoxY*v+j$|axs8eKUs5=0ETc^i1B|dMa67OmJRFm$c}adosE%I>
zMMfA6RN?mZee$f)(-S^?Y^pgHc$%I(=Tah|fE>>Or3X0VCef#Q$IH&LI4~zxDq))4
zJcy*M&3JZU**Ikj%d7)RyYfT=D3@F`yV7+%;R;ppb5!HLCMCHn9KCcLa2GYTgt4p(
z`vi^X^RHk1(eF4YlG{tY9EUBFAGF&2iRzDZor-W}(JF_eaM8C#oB5cNpM&-_zyTAip~ImJD&gUzd~LPiN`>
zoUY#vSq-i99UY?;ByDH-5wh!NLU<%r>f|(Z_D%r011#l0%|8k_;CIIXqlQK^+c!A7
zRE}{WJ(0oL32b-5Z;BH3!wZW?K=F+pk9%#fb2Go(JPybLxIw{}>-DTLty1@RgGEjR
zqnL#HpRjPlNVJrP!ldvLUJziq$an0lg%QEZg7O^M(N23J(xm%iFuLth;x_9SHuFRf
z+x(P(Un7BIJ?c~7N@Ur3miCxFc#ncMQ-RI47>#7Bo_~olsRZZ
zj~GMGjw{st!6f$M5~t1MiBjKw{y-;}jiP4x27aD?XIKkH9?X~@U6MK!i$h>F5l%h{
z|BU&g&s8fNlo|EOouZU=b-xBoFrwk=PRQdnbDu@IXMq2bvN+W;h66IptvimPt%CW$
zh0J|g3u0=XXIhu$ceLy+Mfc)q-pnbz8lq$#vHSztTloT*1KuApSGI%Y)kwITmhn}#
z)-LR_3SPJpHT;SXXVD5b4_w!Y>esPFy6G|`5OpBU-*zz{f(Gh1Zzj?OiZS*RW+m1_t72wvVXkTad*laU?@z_w$~
zm}a|STk!7BJZ%@fb?I-u`m1wMV^uMPd$S|Jyv@$P&+~sTHHtr%+J9u@f7MvRhzt-T
zMzHM1Q}heE^}dxF`|a^w)B_A@IS4_98b(m67);Yq4l^%SbUr_LV=Ku40y?9co6Hy9
zla1S}AJ4#@h;o|dZbK1z}2~Y+4k^mvu(k(_^>qF
z;n*hXeLj0<7JC>nhL^sR6E=L=o4g;CJfN}X-!8XSETdcPf~U6dA>HoKDV2*oKeYD8
zaugSce&ryy%7^jSE}J9_t?k-^x1U^302r3`B+qSj?M&t4GFZHD}AYIZ##*P+mG{16J?j
z^PfBkdOM^++=CeVl!d&AgucZ@A8;%{lK765^gDS74KOnIVe_NKWvYx)j*E>O$T;ZO
zf3%mkha5?8|14HzAnl+%W~-;@AbDur7qA^e@L{HkXJ(!KomBW|9vze32*nuqPb2+*
zac=zcJo2yc4vyo6>gGoX-snBBP(rx?Q4!xUAXl?Q{c;YHVWbU{fp4(AMZ@D4ip1XA
z51|1AY|F=ocjdNz3ZR0)%mE`9f~cQw^bOseu0RlBq=sZvdm^?^*^XABFT=^OQxaRN
zWh3*uY4Em$ssH3Rv^`2{B%Qr-g!o-eTIBS3rtfLW!W6Eiw2)s#9^2_G$-ADn9yTFo
zT%fzReIxPw_0kX1a@5$mM9>*pz)g?@I>s5@0N-=rPk^H$Srei(pt!bK-%|_R(PFuiut#l0T>F-Qi=X?_l(cW$1T=|I2FjUxa^~kLZlu?D~`}6=(QS
zcvn;@tj+kT0`67BP%CZaz2py~M(gU>!hn7BQfiX;7iU@eE;jBxpAcUVIu6$Aj3tym
z=VW?uw2-?_tb3lGZa*&A(gZBPl+{OD*pFyXs!9rjspw6n@+`qL!OVYKL6QgfjIE;c
zStW8LB7&i?GI?xUB~O786WJ$V^R@G0>OBtUj#5@Q8qIJZWS9fV0-KBq@JORB(1wzVFcR0}
zCRbP9OjU7uqR}8wI$Pbx=2|(!zX4ANSvR;mN4iR@KI*KG7uw<=R<=b@rLibd>
zBkxFd%&U)o{j9B}ZZbIv4_c8M6J(>f0z4%iPiTtv`D5(!A|d>78*)2S>(fGuodItd
z)^uV8?LuX^_7=2xqB!Kmm%cSJ!CTjDCE-()=a^7qx-yU2bIzXGoF3z7kRtjd5dC^)Af|dSh*88DBpi|9`T>qeBL<-jc)E8mx{yZ)AhQiLSkE!he1P6biK9VmVdQNoE(80Op#T5Q
z6AMHA6IE^76*d%a6~8BNJ}&wcBXVghTj1^a9-zf~{cn_?ctPr%PHOVRqYKwygkK-&
zgok7@;T5$fPYB@(?*+fF_wp%|y+3@Ms^$Dd6
zhZo1m!fTL?g&S&F530+*H}bXhtxli04jK0sV}<{&B||yE$;w=Yw#Ae~{R!})p#z=maSnCI*~oSP_pz7EbM;GJAerW_0;VO%JxL(a)P}GpISXNw!+4s-
z9~JacBzPRHC^V^yv#O*E{7H#pcf}}2mm|V{!Gl!)Ln&d0EG1L*x|F^Rl=bkY?W={hWgGaZ
zQfRJrZ`;Y;2E4r31)#lQnmTkpGr`0scVCjVDI@jC((!2j9)`!_=O+vOkB%U@sR
z-46V#{q4P}{5u}sF8=`Z+rIUE;r|u;-9Y!N*X7+n_ji!Kapxbf|JlC&4*hPH`Blk%
zH_QATNpDH|1N49PK)-{&i@?9iAMYaY-+_qnN6`P-V*U>QuA%%Y7rbjIe+MJ(AL0Lp
zqVj8^-}ivO?hfA@w7)|S?~lm84dP#o@$cZjZb;rYn19Cz!5_i@lj{E!_1D(^pLJJH
z^heZx*2e#e{cA7$zB%|ix`_XX{XfU?zxe-|e7~>r?;Z8uas2k{AByk2D*oMH|IH=u
zh`;s}{~SO%(*HNaU;6D|2k;&IR}%XtxXRmj{=dBLf56|G6gf%Ix48=d0RQ#{1_}Tm
I@K+`Of52({3;+NC

literal 0
HcmV?d00001

diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEApplet.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEApplet.java
index 7c6f31fe..7c28370a 100644
--- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEApplet.java
+++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEApplet.java
@@ -19,6 +19,10 @@
 import org.globalplatform.upgrade.OnUpgradeListener;
 import org.globalplatform.upgrade.UpgradeManager;
 
+import javacard.framework.ISO7816;
+import javacard.framework.ISOException;
+import javacard.framework.Util;
+
 public class KMAndroidSEApplet extends KMKeymasterApplet implements OnUpgradeListener {
 
   KMAndroidSEApplet() {
@@ -47,10 +51,22 @@ public void onConsolidate() {
   @Override
   public void onRestore(Element element) {
     element.initRead();
-    provisionStatus = element.readByte();
+    byte firstByte = element.readByte();
+    short packageVersion_ = 0;
+    byte provisionStatus_ = firstByte;
+    if (firstByte == KMKeymasterApplet.KM_MAGIC_NUMBER) {
+      packageVersion_ = element.readShort();
+      provisionStatus_ = element.readByte();
+    }
+    if (0 != packageVersion_ && !isUpgradeAllowed(packageVersion_)) {
+      ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED);
+    }
+    packageVersion = packageVersion_;
+    provisionStatus = provisionStatus_;
     keymasterState = element.readByte();
-    repository.onRestore(element);
-    seProvider.onRestore(element);
+    repository.onRestore(element, packageVersion, CURRENT_PACKAGE_VERSION);
+    seProvider.onRestore(element, packageVersion, CURRENT_PACKAGE_VERSION);
+    handleDataUpgradeToVersion1_1();
   }
 
   @Override
@@ -68,6 +84,8 @@ public Element onSave() {
     // Create element.
     Element element = UpgradeManager.createElement(Element.TYPE_SIMPLE,
         primitiveCount, objectCount);
+    element.write(KM_MAGIC_NUMBER);
+    element.write(packageVersion);
     element.write(provisionStatus);
     element.write(keymasterState);
     repository.onSave(element);
@@ -76,12 +94,113 @@ public Element onSave() {
   }
 
   private short computePrimitveDataSize() {
-    // provisionStatus + keymasterState
-    return (short) 2;
+    // provisionStatus + keymasterState + magic byte + version
+    return (short) 5;
   }
 
   private short computeObjectCount() {
     return (short) 0;
   }
+  
+  public boolean isUpgradeAllowed(short version) {
+    boolean upgradeAllowed = false;
+    short oldMajorVersion = (short) (version >> 8 & 0x00FF);
+    short oldMinorVersion = (short) (version & 0x00FF);
+    short currentMajorVersion = (short) (CURRENT_PACKAGE_VERSION >> 8 & 0x00FF);
+    short currentMinorVersion = (short) (CURRENT_PACKAGE_VERSION & 0x00FF);
+    // Downgrade of the Applet is not allowed.
+    // Upgrade is not allowed to a next version which is not immediate.
+    if ((short) (currentMajorVersion - oldMajorVersion) == 1) {
+      if (currentMinorVersion == 0) {
+        upgradeAllowed = true;
+      }
+    } else if ((short) (currentMajorVersion - oldMajorVersion) == 0) {
+      if ((short) (currentMinorVersion - oldMinorVersion) == 1) {
+        upgradeAllowed = true;
+      }
+    }
+    return upgradeAllowed;
+  }
+  
+  public void handleDataUpgradeToVersion1_1() {
+    
+    if (packageVersion != 0) {
+      // No Data upgrade required.
+      return;
+    }
+    byte status = provisionStatus;
+    // In the current version of the applet set boot parameters is removed from
+    // provision status so readjust the provision locked flag.
+    // 0x40 is provision locked flag in the older applet.
+    // Unset the 5th bit. setboot parameters flag.
+    status = (byte)  (status & 0xDF);
+    // Readjust the lock provisioned status flag.
+    if ((status & 0x40) == 0x40) {
+      // 0x40 to 0x20
+      // Unset 6th bit
+      status = (byte) (status & 0xBF);
+      // set the 5th bit
+      status = (byte) (status | 0x20);
+    }
+    provisionStatus = status;
+    packageVersion = CURRENT_PACKAGE_VERSION;
+
+    short certExpiryLen = 0;
+    short issuerLen = 0;
+    short certExpiry = repository.getCertExpiryTime();
+    if (certExpiry != KMType.INVALID_VALUE) {
+      certExpiryLen = KMByteBlob.cast(certExpiry).length();
+    }
+    short issuer = repository.getIssuer();
+    if (issuer != KMType.INVALID_VALUE) {
+      issuerLen = KMByteBlob.cast(issuer).length();
+    }
+    short certChainLen = seProvider.getProvisionedDataLength(KMSEProvider.CERTIFICATE_CHAIN);
+    short offset = repository.allocReclaimableMemory((short) (certExpiryLen + issuerLen + certChainLen));
+    // Get the start offset of the certificate chain.
+    short certChaionOff =
+        decoder.getCborBytesStartOffset(
+            repository.getHeap(),
+            offset,
+            seProvider.readProvisionedData(KMSEProvider.CERTIFICATE_CHAIN, repository.getHeap(), offset));
+    certChainLen -= (short) (certChaionOff - offset);
+    Util.arrayCopyNonAtomic(
+        KMByteBlob.cast(issuer).getBuffer(),
+        KMByteBlob.cast(issuer).getStartOff(),
+        repository.getHeap(),
+        (short) (certChaionOff + certChainLen),
+        issuerLen);
+    Util.arrayCopyNonAtomic(
+        KMByteBlob.cast(certExpiry).getBuffer(),
+        KMByteBlob.cast(certExpiry).getStartOff(),
+        repository.getHeap(),
+        (short) (certChaionOff + certChainLen + issuerLen),
+        certExpiryLen);
+
+    seProvider.persistProvisionData(
+        repository.getHeap(),
+        certChaionOff, // cert chain offset
+        certChainLen,
+        (short) (certChaionOff + certChainLen), // issuer offset
+        issuerLen,
+        (short) (certChaionOff + certChainLen + issuerLen), // cert expiry offset
+        certExpiryLen);
+    
+
+    // Update computed HMAC key.
+    short blob = repository.getComputedHmacKey();
+    if (blob != KMType.INVALID_VALUE) {
+      seProvider.createComputedHmacKey(
+          KMByteBlob.cast(blob).getBuffer(),
+          KMByteBlob.cast(blob).getStartOff(),
+          KMByteBlob.cast(blob).length()
+          );
+    } else {
+      // Initialize the Key object.
+      Util.arrayFillNonAtomic(repository.getHeap(), offset, (short) 32, (byte) 0);
+      seProvider.createComputedHmacKey(repository.getHeap(), offset,(short) 32);
+    }
+    repository.reclaimMemory((short) (certExpiryLen + issuerLen + certChainLen));
+  }
 }
 
diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java
index f64858f5..4f4d4709 100644
--- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java
+++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java
@@ -31,7 +31,6 @@
 import javacard.security.KeyPair;
 import javacard.security.MessageDigest;
 import javacard.security.RSAPrivateKey;
-import javacard.security.RSAPublicKey;
 import javacard.security.RandomData;
 import javacard.security.Signature;
 import javacardx.crypto.AEADCipher;
@@ -114,11 +113,19 @@ public class KMAndroidSEProvider implements KMSEProvider {
   public static final short AES_GCM_NONCE_LENGTH = 12;
   public static final byte KEYSIZE_128_OFFSET = 0x00;
   public static final byte KEYSIZE_256_OFFSET = 0x01;
-  public static final short TMP_ARRAY_SIZE = 256;
+  public static final short TMP_ARRAY_SIZE = 300;
   private static final short RSA_KEY_SIZE = 256;
-  public static final short CERT_CHAIN_MAX_SIZE = 2500;//First 2 bytes for length.
-
-  final byte[] CIPHER_ALGS = {
+  private static final short MAX_OPERATIONS = 4;
+  private static final short HMAC_MAX_OPERATIONS = 8;
+  private static final short COMPUTED_HMAC_KEY_SIZE = 32;
+  public static final short INVALID_DATA_VERSION = 0x7FFF;
+  
+  private static final short CERT_CHAIN_OFFSET = 0;
+  private static final short CERT_ISSUER_OFFSET = KMConfigurations.CERT_CHAIN_MAX_SIZE;
+  private static final short CERT_EXPIRY_OFFSET = 
+      (short) (CERT_ISSUER_OFFSET + KMConfigurations.CERT_ISSUER_MAX_SIZE);
+
+  private static final byte[] CIPHER_ALGS = {
       Cipher.ALG_AES_BLOCK_128_CBC_NOPAD,
       Cipher.ALG_AES_BLOCK_128_ECB_NOPAD,
       Cipher.ALG_DES_CBC_NOPAD,
@@ -129,7 +136,7 @@ public class KMAndroidSEProvider implements KMSEProvider {
       Cipher.ALG_RSA_NOPAD,
       AEADCipher.ALG_AES_GCM};
 
-  final byte[] SIG_ALGS = {
+  private static final byte[] SIG_ALGS = {
       Signature.ALG_RSA_SHA_256_PKCS1,
       Signature.ALG_RSA_SHA_256_PKCS1_PSS,
       Signature.ALG_ECDSA_SHA_256,
@@ -138,6 +145,14 @@ public class KMAndroidSEProvider implements KMSEProvider {
       KMRsa2048NoDigestSignature.ALG_RSA_PKCS1_NODIGEST,
       KMEcdsa256NoDigestSignature.ALG_ECDSA_NODIGEST};
 
+  // [L] 256 bits - hardcoded 32 bits as per
+  // reference impl in keymaster.
+  private static final byte[] CMAC_KDF_CONSTANT_L = {
+      0, 0, 1, 0
+  };
+  private static final byte[] CMAC_KDF_CONSTANT_ZERO = {
+      0
+  };
   // AESKey
   private AESKey aesKeys[];
   // DES3Key
@@ -158,7 +173,9 @@ public class KMAndroidSEProvider implements KMSEProvider {
   private Object[] sigPool;
   // KMOperationImpl pool
   private Object[] operationPool;
-
+  // Hmac signer pool which is used to support TRUSTED_CONFIRMATION_REQUIRED tag.
+  private Object[] hmacSignOperationPool;
+  
   private Signature kdf;
 
   private Signature hmacSignature;
@@ -168,10 +185,11 @@ public class KMAndroidSEProvider implements KMSEProvider {
   // Entropy
   private RandomData rng;
   //For storing root certificate and intermediate certificates.
-  private byte[] certificateChain;
+  private byte[] provisionData;
   private KMAESKey masterKey;
   private KMECPrivateKey attestationKey;
   private KMHmacKey preSharedKey;
+  private KMHmacKey computedHmacKey;
 
   private static KMAndroidSEProvider androidSEProvider = null;
 
@@ -196,13 +214,18 @@ public KMAndroidSEProvider() {
 
     // Re-usable cipher and signature instances
     cipherPool = new Object[(short) (CIPHER_ALGS.length * 4)];
-    sigPool = new Object[(short) (SIG_ALGS.length * 4)];
+    // Extra 4 algorithms are used to support TRUSTED_CONFIRMATION_REQUIRED feature.
+    sigPool = new Object[(short) ((SIG_ALGS.length * 4) + 4)];
     operationPool = new Object[4];
+
+    //maintain seperate operation pool for hmac signer used to support trusted confirmation
+    hmacSignOperationPool = new Object[4];
     // Creates an instance of each cipher algorithm once.
     initializeCipherPool();
     // Creates an instance of each signature algorithm once.
     initializeSigPool();
     initializeOperationPool();
+    initializeHmacSignOperationPool();
     //RsaOAEP Decipher
     rsaOaepDecipher = new KMRsaOAEPEncoding(KMRsaOAEPEncoding.ALG_RSA_PKCS1_OAEP_SHA256_MGF1_SHA1);
 
@@ -217,13 +240,19 @@ public KMAndroidSEProvider() {
     rng = RandomData.getInstance(RandomData.ALG_KEYGENERATION);
     //Allocate buffer for certificate chain.
     if (!isUpgrading()) {
-      certificateChain = new byte[CERT_CHAIN_MAX_SIZE];
+      // First 2 bytes is reserved for length for all the 3 buffers.
+      short totalLen = (short) (6 +  KMConfigurations.CERT_CHAIN_MAX_SIZE +
+          KMConfigurations.CERT_ISSUER_MAX_SIZE + KMConfigurations.CERT_EXPIRY_MAX_SIZE);
+      provisionData = new byte[totalLen];
+      
       // Initialize attestationKey and preShared key with zeros.
       Util.arrayFillNonAtomic(tmpArray, (short) 0, TMP_ARRAY_SIZE, (byte) 0);
       // Create attestation key of P-256 curve.
       createAttestationKey(tmpArray, (short)0, (short) 32);
       // Pre-shared secret key length is 32 bytes.
-      createPresharedKey(tmpArray, (short)0, (short) KMRepository.SHARED_SECRET_KEY_SIZE);
+      createPresharedKey(tmpArray, (short)0, (short) 32);
+      // Initialize the Computed Hmac Key object.
+      createComputedHmacKey(tmpArray, (short)0, (short) 32);
     }
     androidSEProvider = this;
   }
@@ -273,10 +302,15 @@ private boolean isSignerAlgorithm(byte alg) {
   private void initializeOperationPool() {
     short index = 0;
     while (index < 4) {
-      operationPool[index] = new KMInstance();
-      ((KMInstance) operationPool[index]).instanceCount = 1;
-      ((KMInstance) operationPool[index]).object = new KMOperationImpl();
-      ((KMInstance) operationPool[index]).reserved = 0;
+      operationPool[index] = new KMOperationImpl();
+      index++;
+    }
+  }
+  
+  private void initializeHmacSignOperationPool() {
+    short index = 0;
+    while (index < 4) {
+      hmacSignOperationPool[index] = new KMOperationImpl();
       index++;
     }
   }
@@ -285,10 +319,7 @@ private void initializeOperationPool() {
   private void initializeSigPool() {
     short index = 0;
     while (index < SIG_ALGS.length) {
-      sigPool[index] = new KMInstance();
-      ((KMInstance) sigPool[index]).instanceCount = 1;
-      ((KMInstance) sigPool[index]).object = getSignatureInstance(SIG_ALGS[index]);
-      ((KMInstance) sigPool[index]).reserved = 0;
+      sigPool[index] = getSignatureInstance(SIG_ALGS[index]);
       index++;
     }
   }
@@ -312,44 +343,61 @@ private Cipher getCipherInstance(byte alg) {
     }
   }
 
-  private byte getCipherAlgorithm(Cipher c) {
-    return c.getAlgorithm();
-  }
-
   // Create a cipher instance of each algorithm once.
   private void initializeCipherPool() {
     short index = 0;
     while (index < CIPHER_ALGS.length) {
-      cipherPool[index] = new KMInstance();
-      ((KMInstance) cipherPool[index]).instanceCount = 1;
-      ((KMInstance) cipherPool[index]).object = getCipherInstance(CIPHER_ALGS[index]);
-      ((KMInstance) cipherPool[index]).reserved = 0;
+      cipherPool[index] = getCipherInstance(CIPHER_ALGS[index]);
       index++;
     }
   }
 
   private KMOperationImpl getOperationInstanceFromPool() {
-    return (KMOperationImpl) getInstanceFromPool(operationPool, (byte) 0x00);
+    short index = 0;
+    KMOperationImpl impl;
+    while (index < operationPool.length) {
+      impl = (KMOperationImpl) operationPool[index];
+      // Mode is always set. so compare using mode value.
+      if (impl.getMode() == KMType.INVALID_VALUE) {
+        return impl;
+      }
+      index++;
+    }
+    return null;
   }
-
-  public void releaseOperationInstance(KMOperationImpl operation) {
-    releaseInstance(operationPool, operation);
+  
+  private KMOperationImpl getHmacSignOperationInstanceFromPool() {
+    short index = 0;
+    KMOperationImpl impl;
+    while (index < hmacSignOperationPool.length) {
+      impl = (KMOperationImpl) hmacSignOperationPool[index];
+      // Mode is always set. so compare using mode value.
+      if (impl.getMode() == KMType.INVALID_VALUE) {
+        return impl;
+      }
+      index++;
+    }
+    return null;
   }
 
   private Signature getSignatureInstanceFromPool(byte alg) {
     return (Signature) getInstanceFromPool(sigPool, alg);
   }
 
-  public void releaseSignatureInstance(Signature signer) {
-    releaseInstance(sigPool, signer);
-  }
-
   private Cipher getCipherInstanceFromPool(byte alg) {
     return (Cipher) getInstanceFromPool(cipherPool, alg);
   }
 
-  public void releaseCipherInstance(Cipher cipher) {
-    releaseInstance(cipherPool, cipher);
+  private boolean isResourceBusy(Object obj) {
+    short index = 0;
+    while (index < MAX_OPERATIONS) {
+      if (((KMOperationImpl) operationPool[index]).isResourceMatches(obj)
+    		  || ((KMOperationImpl) hmacSignOperationPool[index]).isResourceMatches(obj)) {
+        return true;
+      }
+      index++;
+    }
+    return false;
   }
 
   // This pool implementation can create a maximum of total 4 instances per
@@ -363,79 +411,38 @@ public void releaseCipherInstance(Cipher cipher) {
   private Object getInstanceFromPool(Object[] pool, byte alg) {
     short index = 0;
     short instanceCount = 0;
-    Object object = null;
     boolean isCipher = isCipherAlgorithm(alg);
     boolean isSigner = isSignerAlgorithm(alg);
-    short len = (short) pool.length;
-    while (index < len) {
+    short maxOperations = MAX_OPERATIONS;
+    if (Signature.ALG_HMAC_SHA_256 == alg) {
+      maxOperations = HMAC_MAX_OPERATIONS;
+    }
+    while (index < (short) pool.length) {
+      if (instanceCount >= maxOperations) {
+        KMException.throwIt(KMError.TOO_MANY_OPERATIONS);
+        break;
+      }
       if (null == pool[index]) {
-        // No instance of cipher/signature with this algorithm is found
-        if (instanceCount < 4) {
-          pool[index] = new KMInstance();
-          JCSystem.beginTransaction();
-          ((KMInstance) pool[index]).instanceCount = (byte) (++instanceCount);
-          if (isCipher) {
-            ((KMInstance) pool[index]).object = object = getCipherInstance(alg);
+          // No instance of cipher/signature with this algorithm is found
+          if (isCipher) { // Cipher
+            pool[index] = getCipherInstance(alg);
+          } else if (isSigner) { // Signature
+            pool[index] = getSignatureInstance(alg);
           } else {
-            // Signature
-            ((KMInstance) pool[index]).object = object = getSignatureInstance(alg);
+            KMException.throwIt(KMError.INVALID_ARGUMENT);
           }
-          ((KMInstance) pool[index]).reserved = 1;
-          JCSystem.commitTransaction();
-          break;
-        } else {
-          // Cipher/Signature instance count reached its maximum limit.
-          KMException.throwIt(KMError.TOO_MANY_OPERATIONS);
-          break;
-        }
+          return pool[index];
       }
-      object = ((KMInstance) pool[index]).object;
-      if ((isCipher && (alg == getCipherAlgorithm((Cipher) object)))
-          || ((isSigner && (alg == ((Signature) object).getAlgorithm())))) {
-        instanceCount = ((KMInstance) pool[index]).instanceCount;
-        if (((KMInstance) pool[index]).reserved == 0) {
-          JCSystem.beginTransaction();
-          ((KMInstance) pool[index]).reserved = 1;
-          JCSystem.commitTransaction();
-          break;
-        }
-      } else {
-        if (!isCipher && !isSigner) {
-          // OperationImpl
-          if (((KMInstance) pool[index]).reserved == 0) {
-            JCSystem.beginTransaction();
-            ((KMInstance) pool[index]).reserved = 1;
-            JCSystem.commitTransaction();
-            break;
-          }
-        }
-      }
-      object = null;
-      index++;
-    }
-    return object;
-  }
-
-  private void releaseInstance(Object[] pool, short index) {
-    if (((KMInstance) pool[index]).reserved != 0) {
-      JCSystem.beginTransaction();
-      ((KMInstance) pool[index]).reserved = 0;
-      JCSystem.commitTransaction();
-    }
-  }
-
-  private void releaseInstance(Object[] pool, Object object) {
-    short index = 0;
-    short len = (short) pool.length;
-    while (index < len) {
-      if (pool[index] != null) {
-        if (object == ((KMInstance) pool[index]).object) {
-          releaseInstance(pool, index);
-          break;
+      if ((isCipher && (alg == ((Cipher) pool[index]).getAlgorithm()))
+          || ((isSigner && (alg == ((Signature) pool[index]).getAlgorithm())))) {
+        if (!isResourceBusy(pool[index])) {
+          return pool[index];
         }
+        instanceCount++;
       }
       index++;
     }
+    return null;
   }
 
   public AESKey createAESKey(short keysize) {
@@ -718,15 +725,7 @@ public HMACKey cmacKdf(KMPreSharedKey preSharedKey, byte[] label, short labelSta
       // This is hardcoded to requirement - 32 byte output with two concatenated
       // 16 bytes K1 and K2.
       final byte n = 2; // hardcoded
-      // [L] 256 bits - hardcoded 32 bits as per
-      // reference impl in keymaster.
-      final byte[] L = {
-          0, 0, 1, 0
-      };
-      // byte
-      final byte[] zero = {
-          0
-      };
+      
       // [i] counter - 32 bits
       short iBufLen = 4;
       short keyOutLen = n * 16;
@@ -749,10 +748,10 @@ public HMACKey cmacKdf(KMPreSharedKey preSharedKey, byte[] label, short labelSta
         // 4 bytes of iBuf with counter in it
         kdf.update(tmpArray, (short) 0, (short) iBufLen);
         kdf.update(label, labelStart, (short) labelLen); // label
-        kdf.update(zero, (short) 0, (short) 1); // 1 byte of 0x00
+        kdf.update(CMAC_KDF_CONSTANT_ZERO, (short) 0, (short) CMAC_KDF_CONSTANT_ZERO.length); // 1 byte of 0x00
         kdf.update(context, contextStart, contextLength); // context
         // 4 bytes of L - signature of 16 bytes
-        pos = kdf.sign(L, (short) 0, (short) 4, tmpArray,
+        pos = kdf.sign(CMAC_KDF_CONSTANT_L, (short) 0, (short) CMAC_KDF_CONSTANT_L.length, tmpArray,
             (short) (iBufLen + pos));
         i++;
       }
@@ -768,9 +767,11 @@ public short hmacSign(HMACKey key, byte[] data, short dataStart,
     return hmacSignature.sign(data, dataStart, dataLength, mac, macStart);
   }
 
-  public boolean hmacVerify(HMACKey key, byte[] data, short dataStart,
+  @Override
+  public boolean hmacVerify(KMComputedHmacKey key, byte[] data, short dataStart,
       short dataLength, byte[] mac, short macStart, short macLength) {
-    hmacSignature.init(key, Signature.MODE_VERIFY);
+    KMHmacKey hmacKey = (KMHmacKey) key;
+    hmacSignature.init(hmacKey.getKey(), Signature.MODE_VERIFY);
     return hmacSignature.verify(data, dataStart, dataLength, mac, macStart,
         macLength);
   }
@@ -797,15 +798,6 @@ public short hmacKDF(KMMasterKey masterkey, byte[] data, short dataStart,
     }
   }
 
-  @Override
-  public boolean hmacVerify(byte[] keyBuf, short keyStart, short keyLength,
-      byte[] data, short dataStart, short dataLength, byte[] mac,
-      short macStart, short macLength) {
-    HMACKey key = createHMACKey(keyBuf, keyStart, keyLength);
-    return hmacVerify(key, data, dataStart, dataLength, mac, macStart,
-        macLength);
-  }
-
   @Override
   public short rsaDecipherOAEP256(byte[] secret, short secretStart,
       short secretLength, byte[] modBuffer, short modOff, short modLength,
@@ -970,14 +962,18 @@ public Cipher createSymmetricCipher(short alg, short purpose,
     return symmCipher;
   }
 
-  public Signature createHmacSignerVerifier(short purpose, short digest,
+  private Signature createHmacSignerVerifier(short purpose, short digest,
       byte[] secret, short secretStart, short secretLength) {
+    HMACKey key = createHMACKey(secret, secretStart, secretLength);
+    return createHmacSignerVerifier(purpose, digest, key);
+  }
+  
+  private Signature createHmacSignerVerifier(short purpose, short digest, HMACKey key) {
     byte alg = Signature.ALG_HMAC_SHA_256;
     if (digest != KMType.SHA2_256) {
       CryptoException.throwIt(CryptoException.ILLEGAL_VALUE);
     }
     Signature hmacSignerVerifier = getSignatureInstanceFromPool(alg);
-    HMACKey key = createHMACKey(secret, secretStart, secretLength);
     hmacSignerVerifier.init(key, (byte) mapPurpose(purpose));
     return hmacSignerVerifier;
   }
@@ -1007,6 +1003,7 @@ public KMOperation initSymmetricOperation(byte purpose, byte alg,
         Signature signerVerifier = createHmacSignerVerifier(purpose, digest,
             keyBuf, keyStart, keyLength);
         opr = getOperationInstanceFromPool();
+        opr.setMode(purpose);
         opr.setSignature(signerVerifier);
         break;
       default:
@@ -1016,6 +1013,17 @@ public KMOperation initSymmetricOperation(byte purpose, byte alg,
     return opr;
   }
 
+  @Override
+  public KMOperation initTrustedConfirmationSymmetricOperation(KMComputedHmacKey computedHmacKey) {
+    KMOperationImpl opr = null;
+    KMHmacKey key = (KMHmacKey) computedHmacKey;
+    Signature signerVerifier = createHmacSignerVerifier(KMType.VERIFY, KMType.SHA2_256, key.getKey());
+    opr = getHmacSignOperationInstanceFromPool();
+    opr.setMode(KMType.VERIFY);
+    opr.setSignature(signerVerifier);
+    return opr;
+  }
+
   public Signature createRsaSigner(short digest, short padding, byte[] secret,
       short secretStart, short secretLength, byte[] modBuffer, short modOff,
       short modLength) {
@@ -1094,6 +1102,7 @@ public KMOperation initAsymmetricOperation(byte purpose, byte alg,
           Signature signer = createEcSigner(digest, privKeyBuf, privKeyStart,
               privKeyLength);
           opr = getOperationInstanceFromPool();
+          opr.setMode(purpose);
           opr.setSignature(signer);
           break;
         default:
@@ -1112,6 +1121,11 @@ public KMAttestationCert getAttestationCert(boolean rsaCert) {
     return KMAttestationCertImpl.instance(rsaCert);
   }
 
+  @Override
+  public KMPKCS8Decoder getPKCS8DecoderInstance() {
+    return KMPKCS8DecoderImpl.instance();
+  }
+
   @Override
   public short cmacKDF(KMPreSharedKey pSharedKey, byte[] label,
       short labelStart, short labelLen, byte[] context, short contextStart,
@@ -1120,17 +1134,50 @@ public short cmacKDF(KMPreSharedKey pSharedKey, byte[] label,
         contextStart, contextLength);
     return key.getKey(keyBuf, keyStart);
   }
-
-  @Override
-  public void clearCertificateChain() {
+  
+  private short getProvisionDataBufferOffset(byte dataType) {
+    switch(dataType) {
+    case CERTIFICATE_CHAIN:
+      return CERT_CHAIN_OFFSET;
+    case CERTIFICATE_ISSUER:
+      return CERT_ISSUER_OFFSET;
+    case CERTIFICATE_EXPIRY:
+      return CERT_EXPIRY_OFFSET;
+    default:
+      KMException.throwIt(KMError.INVALID_ARGUMENT);
+    }
+    return 0;
+  }
+  
+  private void persistProvisionData(byte[] buf, short off, short len, short maxSize, short copyToOff) {
+    if (len > maxSize) {
+      KMException.throwIt(KMError.INVALID_INPUT_LENGTH);
+    }
     JCSystem.beginTransaction();
-    Util.arrayFillNonAtomic(certificateChain, (short) 0, CERT_CHAIN_MAX_SIZE, (byte) 0);
+    Util.arrayCopyNonAtomic(buf, off, provisionData, Util.setShort(provisionData, copyToOff, len), len);
     JCSystem.commitTransaction();
   }
+  
+  private void persistCertificateChain(byte[] certChain, short certChainOff, short certChainLen) {
+    persistProvisionData(certChain, certChainOff, certChainLen,
+        KMConfigurations.CERT_CHAIN_MAX_SIZE, CERT_CHAIN_OFFSET);
+  }
+  
+  private void persistCertficateIssuer(byte[] certIssuer, short certIssuerOff, short certIssuerLen) {
+    persistProvisionData(certIssuer, certIssuerOff, certIssuerLen,
+        KMConfigurations.CERT_ISSUER_MAX_SIZE, CERT_ISSUER_OFFSET);
+  }
+  
+  private void persistCertificateExpiryTime(byte[] certExpiry, short certExpiryOff, short certExpiryLen) {
+    persistProvisionData(certExpiry, certExpiryOff, certExpiryLen,
+        KMConfigurations.CERT_EXPIRY_MAX_SIZE, CERT_EXPIRY_OFFSET);
+  }
 
-  //This function supports multi-part request data.
   @Override
-  public void persistPartialCertificateChain(byte[] buf, short offset, short len, short totalLen) {
+  public void persistProvisionData(byte[] buffer, short certChainOff, short certChainLen,
+      short certIssuerOff, short certIssuerLen, short certExpiryOff ,short certExpiryLen) {
+    // All the buffers uses first two bytes for length. The certificate chain
+    // is stored as shown below.
     //  _____________________________________________________
     // | 2 Bytes | 1 Byte | 3 Bytes | Cert1 |  Cert2 |...
     // |_________|________|_________|_______|________|_______
@@ -1138,30 +1185,28 @@ public void persistPartialCertificateChain(byte[] buf, short offset, short len,
     // CBOR format:
     // Next single byte holds the byte string header.
     // Next 3 bytes holds the total length of the certificate chain.
-    if (totalLen > (short) (CERT_CHAIN_MAX_SIZE - 2)) {
-      KMException.throwIt(KMError.INVALID_INPUT_LENGTH);
-    }
-    short persistedLen = Util.getShort(certificateChain, (short) 0);
-    if (persistedLen > totalLen) {
-      KMException.throwIt(KMError.INVALID_INPUT_LENGTH);
-    }
+    // clear buffer.
     JCSystem.beginTransaction();
-    Util.setShort(certificateChain, (short) 0, (short) (len + persistedLen));
-    Util.arrayCopyNonAtomic(buf, offset, certificateChain,
-        (short) (persistedLen + 2), len);
+    Util.arrayFillNonAtomic(provisionData, (short) 0, (short) provisionData.length, (byte) 0);
     JCSystem.commitTransaction();
+    // Persist data.
+    persistCertificateChain(buffer, certChainOff, certChainLen);
+    persistCertficateIssuer(buffer, certIssuerOff, certIssuerLen);
+    persistCertificateExpiryTime(buffer, certExpiryOff, certExpiryLen);
   }
 
   @Override
-  public short readCertificateChain(byte[] buf, short offset) {
-    short len = Util.getShort(certificateChain, (short) 0);
-    Util.arrayCopyNonAtomic(certificateChain, (short) 2, buf, offset, len);
+  public short readProvisionedData(byte dataType, byte[] buf, short offset) {
+    short provisionBufOffset = getProvisionDataBufferOffset(dataType);
+    short len = Util.getShort(provisionData, provisionBufOffset);
+    Util.arrayCopyNonAtomic(provisionData, (short) (2 + provisionBufOffset), buf, offset, len);
     return len;
   }
 
   @Override
-  public short getCertificateChainLength() {
-    return Util.getShort(certificateChain, (short) 0);
+  public short getProvisionedDataLength(byte dataType) {
+    short provisionBufOffset = getProvisionDataBufferOffset(dataType);
+    return Util.getShort(provisionData, provisionBufOffset);
   }
 
   @Override
@@ -1181,18 +1226,25 @@ public void clearDeviceBooted(boolean resetBootFlag) {
 
   @Override
   public void onSave(Element element) {
-    element.write(certificateChain);
+    element.write(provisionData);
     KMAESKey.onSave(element, masterKey);
     KMECPrivateKey.onSave(element, attestationKey);
     KMHmacKey.onSave(element, preSharedKey);
+    KMHmacKey.onSave(element, computedHmacKey);
   }
 
   @Override
-  public void onRestore(Element element) {
-    certificateChain = (byte[]) element.readObject();
+  public void onRestore(Element element, short oldVersion, short currentVersion) {
+    provisionData = (byte[]) element.readObject();
     masterKey = KMAESKey.onRestore(element);
     attestationKey = KMECPrivateKey.onRestore(element);
     preSharedKey = KMHmacKey.onRestore(element);
+    if (oldVersion == 0) {
+      // Previous versions does not contain version information.
+      handleDataUpgradeToVersion1_1();
+    } else {
+      computedHmacKey = KMHmacKey.onRestore(element);
+    }
   }
 
   @Override
@@ -1200,6 +1252,7 @@ public short getBackupPrimitiveByteCount() {
     short count =
         (short) (KMAESKey.getBackupPrimitiveByteCount() +
             KMECPrivateKey.getBackupPrimitiveByteCount() +
+            KMHmacKey.getBackupPrimitiveByteCount() +
             KMHmacKey.getBackupPrimitiveByteCount());
     return count;
   }
@@ -1207,9 +1260,10 @@ public short getBackupPrimitiveByteCount() {
   @Override
   public short getBackupObjectCount() {
     short count =
-        (short) (1 /*Certificate chain */ +
+        (short) (1 + /* provisionData buffer */
             KMAESKey.getBackupObjectCount() +
             KMECPrivateKey.getBackupObjectCount() +
+            KMHmacKey.getBackupObjectCount() +
             KMHmacKey.getBackupObjectCount());
     return count;
   }
@@ -1248,6 +1302,20 @@ public KMAttestationKey createAttestationKey(byte[] keyData, short offset,
     attestationKey.setS(keyData, offset, length);
     return (KMAttestationKey) attestationKey;
   }
+  
+  @Override
+  public KMComputedHmacKey createComputedHmacKey(byte[] keyData, short offset, short length) {
+    if (length != COMPUTED_HMAC_KEY_SIZE) {
+      CryptoException.throwIt(CryptoException.ILLEGAL_VALUE);
+    }
+    if (computedHmacKey == null) {
+      HMACKey key = (HMACKey) KeyBuilder.buildKey(KeyBuilder.TYPE_HMAC, (short) (length * 8),
+          false);
+      computedHmacKey = new KMHmacKey(key);
+    }
+    computedHmacKey.setKey(keyData, offset, length);
+    return (KMComputedHmacKey) computedHmacKey;
+  }  
 
   @Override
   public KMPreSharedKey createPresharedKey(byte[] keyData, short offset, short length) {
@@ -1279,21 +1347,52 @@ public KMPreSharedKey getPresharedKey() {
     return (KMPreSharedKey) preSharedKey;
   }
 
-  private void releasePool(Object[] pool) {
+  @Override
+  public void releaseAllOperations() {
     short index = 0;
-    short len = (short) pool.length;
-    while (index < len) {
-      if (pool[index] != null) {
-        releaseInstance(pool, index);
-      }
+    while (index < operationPool.length) {
+      ((KMOperationImpl) operationPool[index]).abort();
+      ((KMOperationImpl) hmacSignOperationPool[index]).abort();
       index++;
     }
   }
 
   @Override
-  public void releaseAllOperations() {
-    releasePool(cipherPool);
-    releasePool(sigPool);
-    releasePool(operationPool);
+  public KMComputedHmacKey getComputedHmacKey() {
+    return computedHmacKey;
+  }
+  
+  private void handleDataUpgradeToVersion1_1() {
+    short totalLen = (short) (6 +  KMConfigurations.CERT_CHAIN_MAX_SIZE +
+        KMConfigurations.CERT_ISSUER_MAX_SIZE + KMConfigurations.CERT_EXPIRY_MAX_SIZE);
+    byte[] oldBuffer = provisionData;
+    provisionData = new byte[totalLen];
+    persistCertificateChain(
+        oldBuffer,
+        (short) 2,
+        Util.getShort(oldBuffer, (short) 0));
+
+    // Request object deletion
+    oldBuffer = null;
+    JCSystem.requestObjectDeletion();
+    
+  }
+
+  @Override
+  public short messageDigest256(byte[] inBuff, short inOffset,
+      short inLength, byte[] outBuff, short outOffset) {
+    MessageDigest.OneShot mDigest = null;
+    short len = 0;
+    try {
+      mDigest = MessageDigest.OneShot.open(MessageDigest.ALG_SHA_256);
+      len = mDigest.doFinal(inBuff, inOffset, inLength, outBuff, outOffset);
+    } finally {
+      if (mDigest != null) {
+        mDigest.close();
+        mDigest = null;
+      }
+    }
+    return len;
   }
+  
 }
diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java
index 8abbd04e..7e5eb5cc 100644
--- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java
+++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java
@@ -70,6 +70,31 @@ public class KMAttestationCertImpl implements KMAttestationCert {
       0x03,
       0x02
   };
+
+  // Below are the allowed softwareEnforced Authorization tags inside the attestation certificate's extension.
+  private static final short[] swTagIds = {
+      KMType.ATTESTATION_APPLICATION_ID,
+      KMType.CREATION_DATETIME,
+      KMType.USAGE_EXPIRE_DATETIME,
+      KMType.ORIGINATION_EXPIRE_DATETIME,
+      KMType.ACTIVE_DATETIME,
+      KMType.UNLOCKED_DEVICE_REQUIRED
+  };
+
+  // Below are the allowed hardwareEnforced Authorization tags inside the attestation certificate's extension.
+  private static final short[] hwTagIds = {
+      KMType.BOOT_PATCH_LEVEL, KMType.VENDOR_PATCH_LEVEL,
+      KMType.ATTESTATION_ID_MODEL, KMType.ATTESTATION_ID_MANUFACTURER,
+      KMType.ATTESTATION_ID_MEID, KMType.ATTESTATION_ID_IMEI,
+      KMType.ATTESTATION_ID_SERIAL, KMType.ATTESTATION_ID_PRODUCT,
+      KMType.ATTESTATION_ID_DEVICE, KMType.ATTESTATION_ID_BRAND,
+      KMType.OS_PATCH_LEVEL, KMType.OS_VERSION, KMType.ROOT_OF_TRUST,
+      KMType.ORIGIN, KMType.AUTH_TIMEOUT, KMType.USER_AUTH_TYPE,
+      KMType.NO_AUTH_REQUIRED, KMType.USER_SECURE_ID,
+      KMType.RSA_PUBLIC_EXPONENT, KMType.ECCURVE, KMType.MIN_MAC_LENGTH,
+      KMType.CALLER_NONCE, KMType.PADDING, KMType.DIGEST, KMType.BLOCK_MODE,
+      KMType.KEYSIZE, KMType.ALGORITHM, KMType.PURPOSE};
+
   // Validity is not fixed field
   // Subject is a fixed field with only CN= Android Keystore Key - same for all the keys
   private static final byte[] X509Subject = {
@@ -166,12 +191,16 @@ private static void init() {
 
   @Override
   public KMAttestationCert verifiedBootHash(short obj) {
+    if (obj == KMType.INVALID_VALUE)
+      KMException.throwIt(KMError.INVALID_DATA);
     verifiedHash = obj;
     return this;
   }
 
   @Override
   public KMAttestationCert verifiedBootKey(short obj) {
+    if (obj == KMType.INVALID_VALUE)
+      KMException.throwIt(KMError.INVALID_DATA);
     verifiedBootKey = obj;
     return this;
   }
@@ -255,6 +284,8 @@ public KMAttestationCert extensionTag(short tag, boolean hwEnforced) {
 
   @Override
   public KMAttestationCert issuer(short obj) {
+    if (obj == KMType.INVALID_VALUE)
+      KMException.throwIt(KMError.INVALID_DATA);
     issuer = obj;
     return this;
   }
@@ -325,7 +356,7 @@ private static void pushExtensions() {
   // Time SEQUENCE{UTCTime, UTC or Generalized Time)
   private static void pushValidity() {
     short last = stackPtr;
-    if (notAfter != 0) {
+    if (notAfter != KMType.INVALID_VALUE) {
       pushBytes(
           KMByteBlob.cast(notAfter).getBuffer(),
           KMByteBlob.cast(notAfter).getStartOff(),
@@ -445,44 +476,27 @@ private static void pushKeyDescription() {
 
   private static void pushSWParams() {
     short last = stackPtr;
-    // Below are the allowed softwareEnforced Authorization tags inside the attestation certificate's extension.
-    short[] tagIds = {
-        KMType.ATTESTATION_APPLICATION_ID, KMType.CREATION_DATETIME,
-        KMType.USAGE_EXPIRE_DATETIME, KMType.ORIGINATION_EXPIRE_DATETIME,
-        KMType.ACTIVE_DATETIME, KMType.UNLOCKED_DEVICE_REQUIRED};
     byte index = 0;
+    short length = (short) swTagIds.length;
     do {
-      pushParams(swParams, swParamsIndex, tagIds[index]);
-    } while (++index < tagIds.length);
+      pushParams(swParams, swParamsIndex, swTagIds[index]);
+    } while (++index < length);
     pushSequenceHeader((short) (last - stackPtr));
   }
 
   private static void pushHWParams() {
     short last = stackPtr;
-    // Below are the allowed hardwareEnforced Authorization tags inside the attestation certificate's extension.
-    short[] tagIds = {
-        KMType.BOOT_PATCH_LEVEL, KMType.VENDOR_PATCH_LEVEL,
-        KMType.ATTESTATION_ID_MODEL, KMType.ATTESTATION_ID_MANUFACTURER,
-        KMType.ATTESTATION_ID_MEID, KMType.ATTESTATION_ID_IMEI,
-        KMType.ATTESTATION_ID_SERIAL, KMType.ATTESTATION_ID_PRODUCT,
-        KMType.ATTESTATION_ID_DEVICE, KMType.ATTESTATION_ID_BRAND,
-        KMType.OS_PATCH_LEVEL, KMType.OS_VERSION, KMType.ROOT_OF_TRUST,
-        KMType.ORIGIN, KMType.AUTH_TIMEOUT, KMType.USER_AUTH_TYPE,
-        KMType.NO_AUTH_REQUIRED, KMType.USER_SECURE_ID,
-        KMType.RSA_PUBLIC_EXPONENT, KMType.ECCURVE, KMType.MIN_MAC_LENGTH,
-        KMType.CALLER_NONCE, KMType.PADDING, KMType.DIGEST, KMType.BLOCK_MODE,
-        KMType.KEYSIZE, KMType.ALGORITHM, KMType.PURPOSE};
-
     byte index = 0;
+    short length = (short) hwTagIds.length;
     do {
-      if (tagIds[index] == KMType.ROOT_OF_TRUST) {
+      if (hwTagIds[index] == KMType.ROOT_OF_TRUST) {
         pushRoT();
         continue;
       }
-      if (pushParams(hwParams, hwParamsIndex, tagIds[index])) {
+      if (pushParams(hwParams, hwParamsIndex, hwTagIds[index])) {
         continue;
       }
-    } while (++index < tagIds.length);
+    } while (++index < length);
     pushSequenceHeader((short) (last - stackPtr));
   }
 
diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMConfigurations.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMConfigurations.java
new file mode 100644
index 00000000..6e5090a1
--- /dev/null
+++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMConfigurations.java
@@ -0,0 +1,29 @@
+/*
+ * Copyright(C) 2020 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.android.javacard.keymaster;
+
+public class KMConfigurations {
+  // Machine types
+  public static final byte LITTLE_ENDIAN = 0x00;
+  public static final byte BIG_ENDIAN = 0x01;
+  public static final byte TEE_MACHINE_TYPE = LITTLE_ENDIAN;
+
+  // Maximum cert chain size
+  public static final short CERT_CHAIN_MAX_SIZE = 2500;
+  public static final short CERT_ISSUER_MAX_SIZE = 250;
+  public static final short CERT_EXPIRY_MAX_SIZE = 20;
+  public static final short TOTAL_ATTEST_IDS_SIZE = 300;
+}
diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMHmacKey.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMHmacKey.java
index b2a38b24..98f623b2 100644
--- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMHmacKey.java
+++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMHmacKey.java
@@ -21,7 +21,7 @@
 
 import javacard.security.HMACKey;
 
-public class KMHmacKey implements KMPreSharedKey {
+public class KMHmacKey implements KMPreSharedKey, KMComputedHmacKey {
 
   private HMACKey hmacKey;
 
@@ -36,6 +36,10 @@ public void setKey(byte[] keyData, short kOff, short length) {
   public byte getKey(byte[] keyData, short kOff) {
     return hmacKey.getKey(keyData, kOff);
   }
+  
+  public HMACKey getKey() {
+    return hmacKey;
+  }
 
   public short getKeySizeBits() {
     return hmacKey.getSize();
diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMOperationImpl.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMOperationImpl.java
index aa133bda..de304d8f 100644
--- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMOperationImpl.java
+++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMOperationImpl.java
@@ -28,6 +28,7 @@ public class KMOperationImpl implements KMOperation {
   private static final short OPER_MODE_OFFSET = 0x02;
   private static final short BLOCK_MODE_OFFSET = 0x03;
   private static final short MAC_LENGTH_OFFSET = 0x04;
+  private static final byte[] EMPTY = {};
   //This will hold the length of the buffer stored inside the
   //Java Card after the GCM update operation.
   private static final short AES_GCM_UPDATE_LEN_OFFSET = 0x05;
@@ -87,15 +88,19 @@ public void setCipher(Cipher cipher) {
   public void setSignature(Signature signer) {
     operationInst[0] = signer;
   }
+  
+  public boolean isResourceMatches(Object object) {
+    return operationInst[0] == object;
+  }
 
-  private void resetCipher() {
+  private void reset() {
     operationInst[0] = null;
-    parameters[MAC_LENGTH_OFFSET] = 0;
+    parameters[MAC_LENGTH_OFFSET] = KMType.INVALID_VALUE;
     parameters[AES_GCM_UPDATE_LEN_OFFSET] = 0;
-    parameters[BLOCK_MODE_OFFSET] = 0;
-    parameters[OPER_MODE_OFFSET] = 0;
-    parameters[CIPHER_ALG_OFFSET] = 0;
-    parameters[PADDING_OFFSET] = 0;
+    parameters[BLOCK_MODE_OFFSET] = KMType.INVALID_VALUE;;
+    parameters[OPER_MODE_OFFSET] = KMType.INVALID_VALUE;;
+    parameters[CIPHER_ALG_OFFSET] = KMType.INVALID_VALUE;;
+    parameters[PADDING_OFFSET] = KMType.INVALID_VALUE;;
   }
 
   @Override
@@ -196,8 +201,7 @@ public short finish(byte[] inputDataBuf, short inputDataStart,
       }
     } finally {
       KMAndroidSEProvider.getInstance().clean();
-      KMAndroidSEProvider.getInstance().releaseCipherInstance(cipher);
-      resetCipher();
+      reset();
     }
     return len;
   }
@@ -210,8 +214,7 @@ public short sign(byte[] inputDataBuf, short inputDataStart,
       len = ((Signature) operationInst[0]).sign(inputDataBuf, inputDataStart, inputDataLength,
         signBuf, signStart);
     } finally {
-      KMAndroidSEProvider.getInstance().releaseSignatureInstance((Signature) operationInst[0]);
-      operationInst[0] = null;
+      reset();
     }
     return len;
   }
@@ -224,25 +227,32 @@ public boolean verify(byte[] inputDataBuf, short inputDataStart,
       ret = ((Signature) operationInst[0]).verify(inputDataBuf, inputDataStart, inputDataLength,
         signBuf, signStart, signLength);
     } finally {
-      KMAndroidSEProvider.getInstance().releaseSignatureInstance((Signature) operationInst[0]);
-      operationInst[0] = null;
+      reset();
     }
     return ret;
   }
 
   @Override
   public void abort() {
+    // Few simulators does not reset the Hmac signer instance on init so as
+    // a workaround to reset the hmac signer instance in case of abort/failure of the operation
+    // the corresponding sign / verify function is called.
     if (operationInst[0] != null) {
-      if (parameters[OPER_MODE_OFFSET] == KMType.ENCRYPT ||
-        parameters[OPER_MODE_OFFSET] == KMType.DECRYPT) {
-        KMAndroidSEProvider.getInstance().releaseCipherInstance((Cipher) operationInst[0]);
-        resetCipher();
-      } else {
-        KMAndroidSEProvider.getInstance().releaseSignatureInstance((Signature) operationInst[0]);
+      if ((parameters[OPER_MODE_OFFSET] == KMType.SIGN || parameters[OPER_MODE_OFFSET] == KMType.VERIFY) &&
+          (((Signature) operationInst[0]).getAlgorithm() == Signature.ALG_HMAC_SHA_256)) {
+        Signature signer = (Signature) operationInst[0];
+        try {
+          if (parameters[OPER_MODE_OFFSET] == KMType.SIGN) {
+            signer.sign(EMPTY, (short) 0, (short) 0, EMPTY, (short) 0);
+          } else {
+            signer.verify(EMPTY, (short) 0, (short) 0, EMPTY, (short) 0, (short) 0);
+          }
+        } catch(Exception e) {
+          // Ignore.
+        }
       }
-      operationInst[0] = null;
     }
-    KMAndroidSEProvider.getInstance().releaseOperationInstance(this);
+    reset();
   }
 
   @Override
@@ -258,4 +268,4 @@ public short getAESGCMOutputSize(short dataSize, short macLength) {
       return (short) (parameters[AES_GCM_UPDATE_LEN_OFFSET] + dataSize - macLength);
     }
   }
-}
\ No newline at end of file
+}
diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMPKCS8DecoderImpl.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMPKCS8DecoderImpl.java
new file mode 100644
index 00000000..921cae28
--- /dev/null
+++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMPKCS8DecoderImpl.java
@@ -0,0 +1,223 @@
+package com.android.javacard.keymaster;
+
+import javacard.framework.Util;
+
+public class KMPKCS8DecoderImpl implements KMPKCS8Decoder {
+
+  public static final byte ASN1_OCTET_STRING = 0x04;
+  public static final byte ASN1_SEQUENCE = 0x30;
+  public static final byte ASN1_INTEGER = 0x02;
+  public static final byte ASN1_A0_TAG = (byte) 0xA0;
+  public static final byte ASN1_A1_TAG = (byte) 0xA1;
+  public static final byte ASN1_BIT_STRING = 0x03;
+  public static final byte[] EC_CURVE = {
+      0x06, 0x08, 0x2a, (byte) 0x86, 0x48, (byte) 0xce, 0x3d, 0x03,
+      0x01, 0x07
+  };
+  public static final byte[] RSA_ALGORITHM = {
+      0x06, 0x09, 0x2A, (byte) 0x86, 0x48, (byte) 0x86,
+      (byte) 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00
+  };
+  public static final byte[] EC_ALGORITHM = {
+      0x06, 0x07, 0x2a, (byte) 0x86, 0x48, (byte) 0xce,
+      0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, (byte) 0x86, 0x48,
+      (byte) 0xce, 0x3d, 0x03, 0x01, 0x07
+  };
+  private byte[] data;
+  private short start;
+  private short length;
+  private short cur;
+  private static KMPKCS8DecoderImpl inst;
+
+  private KMPKCS8DecoderImpl() {
+    start = 0;
+    length = 0;
+    cur = 0;
+  }
+
+  @Override
+  public short decodeRsa(short blob) {
+    init(blob);
+    decodeCommon((short) 0, RSA_ALGORITHM);
+    return decodeRsaPrivateKey((short) 0);
+  }
+
+  @Override
+  public short decodeEc(short blob) {
+    init(blob);
+    decodeCommon((short) 0, EC_ALGORITHM);
+    return decodeEcPrivateKey((short) 1);
+  }
+
+  //Seq[Int,Int,Int,Int,]
+  public short decodeRsaPrivateKey(short version) {
+    short resp = KMArray.instance((short) 3);
+    header(ASN1_OCTET_STRING);
+    header(ASN1_SEQUENCE);
+    short len = header(ASN1_INTEGER);
+    if (len != 1) {
+      KMException.throwIt(KMError.UNKNOWN_ERROR);
+    }
+    short ver = getByte();
+    if (ver != version) {
+      KMException.throwIt(KMError.UNKNOWN_ERROR);
+    }
+    len = header(ASN1_INTEGER);
+    short modulus = getModulus(len);
+    len = header(ASN1_INTEGER);
+    short pubKey = KMByteBlob.instance(len);
+    getBytes(pubKey);
+    len = header(ASN1_INTEGER);
+    short privKey = KMByteBlob.instance(len);
+    getBytes(privKey);
+    KMArray.cast(resp).add((short) 0, modulus);
+    KMArray.cast(resp).add((short) 1, pubKey);
+    KMArray.cast(resp).add((short) 2, privKey);
+    return resp;
+  }
+
+  // Seq [Int, Blob]
+  public void decodeCommon(short version, byte[] alg) {
+    short len = header(ASN1_SEQUENCE);
+    len = header(ASN1_INTEGER);
+    if (len != 1) {
+      KMException.throwIt(KMError.UNKNOWN_ERROR);
+    }
+    short ver = getByte();
+    if (ver != version) {
+      KMException.throwIt(KMError.UNKNOWN_ERROR);
+    }
+    len = header(ASN1_SEQUENCE);
+    short blob = KMByteBlob.instance(len);
+    getBytes(blob);
+    if (Util.arrayCompare(
+        KMByteBlob.cast(blob).getBuffer(),
+        KMByteBlob.cast(blob).getStartOff(),
+        alg,
+        (short) 0, KMByteBlob.cast(blob).length()) != 0) {
+      KMException.throwIt(KMError.UNKNOWN_ERROR);
+    }
+  }
+
+  //Seq[Int,blob,blob]
+  public short decodeEcPrivateKey(short version) {
+    short resp = KMArray.instance((short) 2);
+    header(ASN1_OCTET_STRING);
+    header(ASN1_SEQUENCE);
+    short len = header(ASN1_INTEGER);
+    if (len != 1) {
+      KMException.throwIt(KMError.UNKNOWN_ERROR);
+    }
+    short ver = getByte();
+    if (ver != version) {
+      KMException.throwIt(KMError.UNKNOWN_ERROR);
+    }
+    len = header(ASN1_OCTET_STRING);
+    short privKey = KMByteBlob.instance(len);
+    getBytes(privKey);
+    validateTag0IfPresent();
+    header(ASN1_A1_TAG);
+    len = header(ASN1_BIT_STRING);
+    if (len < 1) {
+      KMException.throwIt(KMError.UNKNOWN_ERROR);
+    }
+    byte unusedBits = getByte();
+    if (unusedBits != 0) {
+      KMException.throwIt(KMError.UNIMPLEMENTED);
+    }
+    short pubKey = KMByteBlob.instance((short) (len - 1));
+    getBytes(pubKey);
+    KMArray.cast(resp).add((short) 0, pubKey);
+    KMArray.cast(resp).add((short) 1, privKey);
+    return resp;
+  }
+
+  private void validateTag0IfPresent() {
+    if (data[cur] != ASN1_A0_TAG) {
+      return;
+    }
+    ;
+    short len = header(ASN1_A0_TAG);
+    if (len != EC_CURVE.length) {
+      KMException.throwIt(KMError.UNKNOWN_ERROR);
+    }
+    if (Util.arrayCompare(data, cur, EC_CURVE, (short) 0, len) != 0) {
+      KMException.throwIt(KMError.UNKNOWN_ERROR);
+    }
+    incrementCursor(len);
+  }
+
+  private short header(short tag) {
+    short t = getByte();
+    if (t != tag) {
+      KMException.throwIt(KMError.UNKNOWN_ERROR);
+    }
+    return getLength();
+  }
+
+  private byte getByte() {
+    byte d = data[cur];
+    incrementCursor((short) 1);
+    return d;
+  }
+
+  private short getShort() {
+    short d = Util.getShort(data, cur);
+    incrementCursor((short) 2);
+    return d;
+  }
+
+  private short getModulus(short modulusLen) {
+    if (0 == data[cur] && modulusLen == 257) {
+      incrementCursor((short) 1);
+      modulusLen--;
+    }
+    short blob = KMByteBlob.instance(modulusLen);
+    getBytes(blob);
+    return blob;
+  }
+
+  private void getBytes(short blob) {
+    short len = KMByteBlob.cast(blob).length();
+    Util.arrayCopyNonAtomic(data, cur, KMByteBlob.cast(blob).getBuffer(),
+        KMByteBlob.cast(blob).getStartOff(), len);
+    incrementCursor(len);
+  }
+
+  private short getLength() {
+    byte len = getByte();
+    if (len >= 0) {
+      return len;
+    }
+    len = (byte) (len & 0x7F);
+    if (len == 1) {
+      return (short) (getByte() & 0xFF);
+    } else if (len == 2) {
+      return getShort();
+    } else {
+      KMException.throwIt(KMError.UNKNOWN_ERROR);
+    }
+    return KMType.INVALID_VALUE; //should not come here
+  }
+
+  public static KMPKCS8DecoderImpl instance() {
+    if (inst == null) {
+      inst = new KMPKCS8DecoderImpl();
+    }
+    return inst;
+  }
+
+  public void init(short blob) {
+    data = KMByteBlob.cast(blob).getBuffer();
+    start = KMByteBlob.cast(blob).getStartOff();
+    length = KMByteBlob.cast(blob).length();
+    cur = start;
+  }
+
+  public void incrementCursor(short n) {
+    cur += n;
+    if (cur > ((short) (start + length))) {
+      KMException.throwIt(KMError.UNKNOWN_ERROR);
+    }
+  }
+}
diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMUtils.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMUtils.java
index c2b5c7f3..e41663ec 100644
--- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMUtils.java
+++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMUtils.java
@@ -52,6 +52,8 @@ public class KMUtils {
       0, 0, 0, 0, (byte) 0x9A, 0x7E, (byte) 0xC8, 0x00};//2592000000
   public static final short year2051 = 2051;
   public static final short year2020 = 2020;
+  // Convert to milliseconds constants
+  public static final byte[] SEC_TO_MILLIS_SHIFT_POS = {9, 8, 7, 6, 5, 3};
 
   // --------------------------------------
   public static short convertToDate(short time, byte[] scratchPad,
@@ -303,6 +305,14 @@ public static byte compare(byte[] buf, short lhs, short rhs) {
     return KMInteger.unsignedByteArrayCompare(buf, lhs, buf, rhs, (short) 8);
   }
 
+  public static void shiftLeft(byte[] buf, short start, short count) {
+    short index = 0;
+    while (index < count) {
+      shiftLeft(buf, start);
+      index++;
+    }
+  }
+
   public static void shiftLeft(byte[] buf, short start) {
     byte index = 7;
     byte carry = 0;
@@ -343,7 +353,9 @@ public static void add(byte[] buf, short op1, short op2, short result) {
     byte carry = 0;
     short tmp;
     while (index >= 0) {
-      tmp = (short) (buf[(short) (op1 + index)] + buf[(short) (op2 + index)] + carry);
+      tmp =
+          (short) ((buf[(short) (op1 + index)] & 0xFF) +
+              (buf[(short) (op2 + index)] & 0xFF) + carry);
       carry = 0;
       if (tmp > 255) {
         carry = 1; // max unsigned byte value is 255
@@ -409,4 +421,20 @@ public static short getLeapYrIndex(boolean from2020, short yrsCount) {
     return -1;
   }
 
-}
\ No newline at end of file
+  // i * 1000 = (i << 9) + (i << 8) + (i << 7) + (i << 6) + (i << 5) + ( i << 3)
+  public static void convertToMilliseconds(byte[] buf, short inputOff, short outputOff,
+      short scratchPadOff) {
+    short index = 0;
+    short length = (short) SEC_TO_MILLIS_SHIFT_POS.length;
+    while (index < length) {
+      Util.arrayCopyNonAtomic(buf, inputOff, buf, scratchPadOff, (short) 8);
+      shiftLeft(buf, scratchPadOff, SEC_TO_MILLIS_SHIFT_POS[index]);
+      Util.arrayCopyNonAtomic(buf, outputOff, buf, (short) (scratchPadOff + 8), (short) 8);
+      add(buf, scratchPadOff, (short) (8 + scratchPadOff), (short) (16 + scratchPadOff));
+      Util.arrayCopyNonAtomic(buf, (short) (scratchPadOff + 16), buf, outputOff, (short) 8);
+      Util.arrayFillNonAtomic(buf, scratchPadOff, (short) 24, (byte) 0);
+      index++;
+    }
+  }
+
+}
diff --git a/Applet/JCardSimProvider/lib/gpapi-upgrade.jar b/Applet/JCardSimProvider/lib/gpapi-upgrade.jar
new file mode 100644
index 0000000000000000000000000000000000000000..e4814bde4b6b21982103c55f9b1a3a4a58f0b807
GIT binary patch
literal 12638
zcmbul1yEi~w=IghySuwPgy8P(?(XjHF2UV`gkZtl-Q6KTa3|P<{mahIIXCxKy-7hW
zinRvon>~B>izz?0X><$9HtpU3AhEfMm-{hYJV5zg}VnH-}a5?OzDJ
zeZRj16ac{6i+L*l^Aljd{nggNl-|_J)Ys
zA%jv|s@$PcJ>vU-=zypxIr)I79gt(CMRqYETXUFxgZHlPZdORPeTeAd3ak!pNs7$
zDsU3PfnzxpG(K@0n3_<~R*^JWQ&-Asd;ug~h*%8s?6!<ulJT_AFDwM;coA!sJVdE!jlhf
z3Vp9$(%m-{W3W{3Oq>@qRU+0OlYx|sXGdt$V#n|)eGaB7O@?@rhz24mLrnK8rjJ<7
zby1W0Xz|GyaU-XEKg_cXO5ej}###IG&!R*>rDqbNdC}zDx>##9AcZAuOrh318><7Z
zQouxNYyD^!JZe^Whz>BcyK9C^{HPABl-^`2iQ)pH1|i*bE%1<4L)R-vXQ4U~;#YoL
z=_Lv(6@Z9RvC^
zgUUJs5>8=Lv`?0$!%I3|1BSdF%9~xHtX^Uf8mG9MZs@Ll
zG7eI#xJy%$AS5E^$M)MVPcT#5@*ClHDS$
zv_TZ015iVNiIWnw^b|@h;l7P&BJd1M9r6OF>nFFkQ?iQnwM_$677`gRiUq7%l8c}y
z21=PfqV*aPOLs{?6#45Z9IV|n=~Q}!6Z(!nLH-XeKhTP`3HR~a(IEo11Z=lD>gmAh
zK(SCAdK;gN_D6lTmMoohe4ker&ae|*I-gH%>Ud81{czplOzZBi;d}_krq#L{y350v
zPo-aoN?NbHv7416#xs-;g@-@6v>6(Qo3H+Kx0DL@UC(URq&AO9<&n>LmWa_=X^jFN520gYRTy@W(MBwmQbqNs3AY-Mb1Y~%D7Q5LC4
z+wQRaMU-jz;42>qvNYq-s2XY(U)y`&%}JLvz$*b)
zkVxCv@oi1i7+;3jAQY?f=ZU
zS<`5{Q&$9%s%xn1LW>@t@>xpfqljzr<2>bUI>i{8DhdrGP@)AD28)IjgGC^{3S9jc
zmIrYMk9Bv!(&iJOO&CJk7&P^aNBBXOYZ44=Kiklx^gN=V)w4?;wBthM%?Am&nB9i-
zN+{JW5`7$pDc}z6-K(NH=Wn@J!Kf`NUeNClUXEK(Cge~TzO6RzLZ;e;rHANfY%*Mz
zRZ$+C?VO$SR|m5+tF%79()dOp&ycf}(dMk2uKZ3LYPEZKyc>3uWJbLc^01A;k_iLcI2qM
z@~ramR`TfxBrKk74}O=5L+@4-6>!FRNHk-S=Ql*DKt*q??<8_{W{PM~EqvmXgo{Lu
zl=fv5C+Iz|Sg^qA_0ai|BZ!)f{Ky;Rk>#2YaUF9u>p6JHe>STofbp~ZZfTg%u)$W0
zo`bHeD5*c#CL}P8lR7~
z7x-cy?Gdq}x^2okGmZL(O{RYI+RR2viTI&CObn#XfxCS#pIj{7@w~`
z3^5^cAZ4fNdEWVj>6YaB@WFm=t!W3!z2b1Ww(EFd!}rnHWNDNEu&A!o_A+^~-vED6
z;SqgzFA`3s-Y+jZd*bl0W9XoYqIn0C^RqabNi2r3NQ=@yoKqZ9T^lk|g?Z@7rIU)4
zRZfY>WOv_pLU1>n+}Fw*;ut^ta~^0fp0=%NI1^oLZDl7@Rc@_wg1Wo~;AIBXg7~u;
z*wvE@;rc~xM&^~($TQ(P!RZDJksnnC5mWn3t%;>{-pT5_ACqsAS8z3n55a^b>Gds!
zH~#AA^0%*IP~PY!73NpEDg2FY$p1_?zY@)fhV@%VhV+6*@Txxrgg%6@OU57B($9Fr
z0e6&N7R}LDbXTMnPaTe)Fmg&)SsMKMI5tA}jf7O#-a%TsmmeWRYkYK^`D*kyE?H`Q
zFc@i>rZ`e-!boRtdaRzZ*twp8Njdgxqs8~^d~@@K*PcK|=%kj%(K0?+CjFaKQfZ|`
z@Ju(R`tmm>1EalqB%3k`{Uqn*Qbw9anUor?WEm)4a&vK5SLi&`SLN`pM3vGibU`S|
z?8BM_pKIA>_O460`oFi5W|at=1k-4;dcZk6MUbS<%LuV4E4GIDhNllZf8%$SN#tQ@
zoXVK(FP+}AR11-8#XVGNRjT<23Pp3;Wa>*aqQLDI0+Nrc5N`r@>QBIFzzF22m9K|x^5S`IEQlt^ztG8aybO0wW#v=EmVhZ>4X>5oE+(zs%1$D{b
z5CltgkbRv;IY33d3c3^g35^A|E^5#=9hqADd)X##gak0jS1r&x_gqa~3{u=qcs-m0JeVYrBtdl=raw>35au(@L>8K?JTxQYRqL^vexsTs
zv@R8h>%LxNVON+czj8dx$*{#H~frD8+}T(F-$
ztSA}#6V=OjH2*|lpOcHm2=cTLlH=75=QE8F)wpDyemG!b21FOO#d
zmg$(qcVLHUEcwB517-qMjXSr{1TnW_VmL`IZg_O90k
zVCzh&Us74=Wc2k)HQmGZ*f%w)Mz0O3W7ECVpf_gGyAL~=IJ10>WaykHhQTn9xL{MGC(YGN(H&L?P%c-n1&L(1O4DVwhWIIrap-ktK
zt|(dXZ0jslRtjYMNM`b#N`0sy+UzbieXY67@*W=W{s)t};
zth!;HTdL8z*(-`iockO;k^p5uK{Y{amO7e~Wl4$9W)2iwz}hB3hImVYf-jugv{i@T
z74?H)LxRO8z~g&9|GX&`)pjX4$ii5jjG8u7PcMfeN?NXk99tgv08
zGizp;-2|sd_La{z3?IRd!FR2$UGFm1puw}&S<{Mf>b3EqfrEDk*YRjQfFj-bWP*s@
z5SuIN3E|Nj!*QL>fgnBqk&;PiUotll>l3yRh^AAHZkk=$C)1)cb3ssZ33O)jKzuZ5
zNmRIPkeaN?cxoa256P4@-|TO-S@@-q$_5Ds;$sPABc;>vNMZAJ`8gJwHv`w{p!>w6
z(G}@61vKQ>OLq%Q0gS&#P7U@94$_)(UTGj}R)9rm
zP!MMe<;w(sN*`p!i^*uFV0b9a%Zt7)gYke%qWvbtnv%cpptZitL;*#JnNi4&shE-2gyDNj%yjl}DXnc^bY?9hexKG#Dv*W#G95|aXZ)8Geq$NRd#I53i
zJS;cQI>p|w9+$C+mdlNT6Q|Q{jwwlt(@KDXU|KAX0)e>EQQt*_Z!_(&LUfs7If^xV
zW?m!f=bw=_l#=d7ls4CYFc>;80N-)J(ogNMrg;%tz0Mbk-$B8!$@D{ekX1X3a^Mxy
zHGQHXsmi8uczCo8WFQtRbA^wLy7~rtFA_A`L?VwQXyyDVe9I#F>SG0EubomLiLich
zu9Vf|y7p-4Mli%&ai_}*4w8UAF%SM}5pN6-qy9w>F(?2z&^*{vWDl_!-%nAE&u)$^
zrBxKr>;wm@%_JT-ZSZl+Og
zG)`VnHV%XazuX6&
zK}X%kqsV4M@OVe}CG@FX)oh4OSKq=*jf18
zjO;B{tA3}a^X19lH`?m3*VS}1vnnxcuks?diGhKbda`iY9h
zyJ+AEbQ*PXz%Qn_Sc1*Uo0Sl{=foSsA`k&_){`N9(GI-{hkU|+&l05;NFRLU|M?c=
zL5W0;kwHl|BlE+ZZAf
znt5LH%1t_f-KH~}<6_PgErf0T!9#R@&sqpEvkPMvA*LoQvh~A>YcbL158;J<1>1Ho
zHX%vr5usSPcn@$lt)9yRJ$yD8=ihoB@5(*E#?)qKSc{^Fj?XvwTQwYk%kN{XVli5gd1>9))a`RL{Ttp*
zsA{{)UE_!O62mUH6E}SemRO`ma0vo9saAVl%_{`RWI_*tMBp*h{|@eGKlf?a_T9x1!}q$!4%u2CDNH>sVTv
zCp4oLUt3$xSu=-;@7)i2nln4eee&4HTM0No7k3vide%rkVuY!7UD>4|dFU@4)7Fa^
z`VcZt!luHC&Q#(QzTD#!`9@Og5!9_h*uu?jX{N1&{E&<3JGanv7pDK_@T5_A=-JkE
z&pOb~$O>bk&6c;!J}CNi2JUBpHhsM35%8vOd?(!5)^jQmg}o)uovV3E-s+OvfOQU0
zoT0JmOPf)})WlCPz)*cMyX(pe+T8oC>pje%Pl3AT_aU~Bg`2Tk_q-R}Ga=-90`P~=
zPGt$~*E)%O`-gX9PxWJ-4Eo4av@*EiDp60=SM~S9zC1g+V>d}|?${k-osGbRez*Ir
zlONen!RFN6B4cvSybX#CZGdBu6M2oRqi_8`pWuCf(ur=G&^v)fYqG*G+{QaHD&Gtg$7@th4gLS(@?6txj
ztvM8@d=bj*f+M>03Y~Gv&M#D@4BCvir~*9o>kc>)pwA%
z1aZ9oHISF7)^PgdS?ws=TOmtfV%+veW0bBFUH
z#Cb^g5UrjM2L7I=c%$$Gk&U_y_<3iFP{@$zJ(3gma8Jw$J@mCOL;Y3Ri1qkGi}$wh
z3HB?#AsGU8-OcXh5TIG}Tq?KZ9v=AJ2Y5ekxChs%$HougujcI=XR|)wS@_clAEwKm;PR&)jxS!?G9K?3xRkl0ld;Xeh4DGnlb97YgePCW4SoBLQ@D^T0NMx?bLcvX$$WD>zha7T
zjtC|3VLtM~7T1(QJ{oRUb3~M}oSr2zQ&&?{(;}Tg(J2at_9fQ-liR=@l4Skps)Wa(Fa>e_+{O9nXqBBn~WN|FSdoUoS
zVPrq?fw-DsNNYh9m2&v+ni6>Zm%d
zuLN%j9Zr>h5dJhTj9?-Y#0>Ks$pPUJXyss_vq)eh&`E0TBozT60jDGXol4s>od~3P
zhSkZtnS2UDCfmbRiEj%7y*tJyBuFVa15bvqoNk8rc3iYwqDu9a=3sIsR@MHz3?x(B
ztqiMI^^5c7Nj^smsF!>|Wz%3XHFn7K#A1Y)M6NdG1(YTd^2jol69n_yi*
z3~i~D-jR4Y3;NwC3V%IUsn*v{tFjUu@zY{eeFpo~PxVH?4J4d8c!Q2w5UTq;;pe0FyGor=ae*u(PT)okp~HS8L60WT&Sdp#W%Bv#*A@az-6Hi0lq_ueujpu3u8-Uno%BI
zY5JJ8Z#A8cA~@4OduD|a#lDCIC^+J+jxpj!KG!h6AF~dJL1aQ0MGl=AG~-VjOMU)|
zCGD5!cIHI@+#wE4-{?EGyfV6cM(fDk2n96zQly`G=
z+#)MWt*d81j~mj329&tj1IO#xOpgr&U>td_bt&dZObwdr9?UpOE{au**_INYhxR2Q
zSPf(ALF7`d^wyk6l(OW>vDd*?S#0`4c4U4^Afivp>_#gy^lBvX&-x*5GvF`hBIcig
z9UWgJrAg`SZ>3MqQ)gz6(=4^^H`cB>+-(AouRz_`NmX&~KGmJ$N9lT>dZ^KW1!Nd#mhFw|2uak=0$*s7coymJ^H&~t~gzqP`AlvLj4B@UC9-F>BV88R@MP!D3*PA%i
z`wuM~@VDbenm_ZSoxY*v+j$|axs8eKUs5=0ETc^i1B|dMa67OmJRFm$c}adosE%I>
zMMfA6RN?mZee$f)(-S^?Y^pgHc$%I(=Tah|fE>>Or3X0VCef#Q$IH&LI4~zxDq))4
zJcy*M&3JZU**Ikj%d7)RyYfT=D3@F`yV7+%;R;ppb5!HLCMCHn9KCcLa2GYTgt4p(
z`vi^X^RHk1(eF4YlG{tY9EUBFAGF&2iRzDZor-W}(JF_eaM8C#oB5cNpM&-_zyTAip~ImJD&gUzd~LPiN`>
zoUY#vSq-i99UY?;ByDH-5wh!NLU<%r>f|(Z_D%r011#l0%|8k_;CIIXqlQK^+c!A7
zRE}{WJ(0oL32b-5Z;BH3!wZW?K=F+pk9%#fb2Go(JPybLxIw{}>-DTLty1@RgGEjR
zqnL#HpRjPlNVJrP!ldvLUJziq$an0lg%QEZg7O^M(N23J(xm%iFuLth;x_9SHuFRf
z+x(P(Un7BIJ?c~7N@Ur3miCxFc#ncMQ-RI47>#7Bo_~olsRZZ
zj~GMGjw{st!6f$M5~t1MiBjKw{y-;}jiP4x27aD?XIKkH9?X~@U6MK!i$h>F5l%h{
z|BU&g&s8fNlo|EOouZU=b-xBoFrwk=PRQdnbDu@IXMq2bvN+W;h66IptvimPt%CW$
zh0J|g3u0=XXIhu$ceLy+Mfc)q-pnbz8lq$#vHSztTloT*1KuApSGI%Y)kwITmhn}#
z)-LR_3SPJpHT;SXXVD5b4_w!Y>esPFy6G|`5OpBU-*zz{f(Gh1Zzj?OiZS*RW+m1_t72wvVXkTad*laU?@z_w$~
zm}a|STk!7BJZ%@fb?I-u`m1wMV^uMPd$S|Jyv@$P&+~sTHHtr%+J9u@f7MvRhzt-T
zMzHM1Q}heE^}dxF`|a^w)B_A@IS4_98b(m67);Yq4l^%SbUr_LV=Ku40y?9co6Hy9
zla1S}AJ4#@h;o|dZbK1z}2~Y+4k^mvu(k(_^>qF
z;n*hXeLj0<7JC>nhL^sR6E=L=o4g;CJfN}X-!8XSETdcPf~U6dA>HoKDV2*oKeYD8
zaugSce&ryy%7^jSE}J9_t?k-^x1U^302r3`B+qSj?M&t4GFZHD}AYIZ##*P+mG{16J?j
z^PfBkdOM^++=CeVl!d&AgucZ@A8;%{lK765^gDS74KOnIVe_NKWvYx)j*E>O$T;ZO
zf3%mkha5?8|14HzAnl+%W~-;@AbDur7qA^e@L{HkXJ(!KomBW|9vze32*nuqPb2+*
zac=zcJo2yc4vyo6>gGoX-snBBP(rx?Q4!xUAXl?Q{c;YHVWbU{fp4(AMZ@D4ip1XA
z51|1AY|F=ocjdNz3ZR0)%mE`9f~cQw^bOseu0RlBq=sZvdm^?^*^XABFT=^OQxaRN
zWh3*uY4Em$ssH3Rv^`2{B%Qr-g!o-eTIBS3rtfLW!W6Eiw2)s#9^2_G$-ADn9yTFo
zT%fzReIxPw_0kX1a@5$mM9>*pz)g?@I>s5@0N-=rPk^H$Srei(pt!bK-%|_R(PFuiut#l0T>F-Qi=X?_l(cW$1T=|I2FjUxa^~kLZlu?D~`}6=(QS
zcvn;@tj+kT0`67BP%CZaz2py~M(gU>!hn7BQfiX;7iU@eE;jBxpAcUVIu6$Aj3tym
z=VW?uw2-?_tb3lGZa*&A(gZBPl+{OD*pFyXs!9rjspw6n@+`qL!OVYKL6QgfjIE;c
zStW8LB7&i?GI?xUB~O786WJ$V^R@G0>OBtUj#5@Q8qIJZWS9fV0-KBq@JORB(1wzVFcR0}
zCRbP9OjU7uqR}8wI$Pbx=2|(!zX4ANSvR;mN4iR@KI*KG7uw<=R<=b@rLibd>
zBkxFd%&U)o{j9B}ZZbIv4_c8M6J(>f0z4%iPiTtv`D5(!A|d>78*)2S>(fGuodItd
z)^uV8?LuX^_7=2xqB!Kmm%cSJ!CTjDCE-()=a^7qx-yU2bIzXGoF3z7kRtjd5dC^)Af|dSh*88DBpi|9`T>qeBL<-jc)E8mx{yZ)AhQiLSkE!he1P6biK9VmVdQNoE(80Op#T5Q
z6AMHA6IE^76*d%a6~8BNJ}&wcBXVghTj1^a9-zf~{cn_?ctPr%PHOVRqYKwygkK-&
zgok7@;T5$fPYB@(?*+fF_wp%|y+3@Ms^$Dd6
zhZo1m!fTL?g&S&F530+*H}bXhtxli04jK0sV}<{&B||yE$;w=Yw#Ae~{R!})p#z=maSnCI*~oSP_pz7EbM;GJAerW_0;VO%JxL(a)P}GpISXNw!+4s-
z9~JacBzPRHC^V^yv#O*E{7H#pcf}}2mm|V{!Gl!)Ln&d0EG1L*x|F^Rl=bkY?W={hWgGaZ
zQfRJrZ`;Y;2E4r31)#lQnmTkpGr`0scVCjVDI@jC((!2j9)`!_=O+vOkB%U@sR
z-46V#{q4P}{5u}sF8=`Z+rIUE;r|u;-9Y!N*X7+n_ji!Kapxbf|JlC&4*hPH`Blk%
zH_QATNpDH|1N49PK)-{&i@?9iAMYaY-+_qnN6`P-V*U>QuA%%Y7rbjIe+MJ(AL0Lp
zqVj8^-}ivO?hfA@w7)|S?~lm84dP#o@$cZjZb;rYn19Cz!5_i@lj{E!_1D(^pLJJH
z^heZx*2e#e{cA7$zB%|ix`_XX{XfU?zxe-|e7~>r?;Z8uas2k{AByk2D*oMH|IH=u
zh`;s}{~SO%(*HNaU;6D|2k;&IR}%XtxXRmj{=dBLf56|G6gf%Ix48=d0RQ#{1_}Tm
I@K+`Of52({3;+NC

literal 0
HcmV?d00001

diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java
index 1f242f38..6ca72904 100644
--- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java
+++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java
@@ -160,12 +160,16 @@ private static void init() {
 
   @Override
   public KMAttestationCert verifiedBootHash(short obj) {
+    if (obj == KMType.INVALID_VALUE)
+      KMException.throwIt(KMError.INVALID_DATA);
     verifiedHash = obj;
     return this;
   }
 
   @Override
   public KMAttestationCert verifiedBootKey(short obj) {
+    if (obj == KMType.INVALID_VALUE)
+      KMException.throwIt(KMError.INVALID_DATA);
     verifiedBootKey = obj;
     return this;
   }
@@ -249,6 +253,8 @@ public KMAttestationCert extensionTag(short tag, boolean hwEnforced) {
 
   @Override
   public KMAttestationCert issuer(short obj) {
+    if (obj == KMType.INVALID_VALUE)
+      KMException.throwIt(KMError.INVALID_DATA);
     issuer = obj;
     return this;
   }
@@ -319,7 +325,7 @@ private static void pushExtensions() {
   // Time SEQUENCE{UTCTime, UTC or Generalized Time)
   private static void pushValidity() {
     short last = stackPtr;
-    if (notAfter != 0) {
+    if (notAfter != KMType.INVALID_VALUE) {
       pushBytes(
           KMByteBlob.cast(notAfter).getBuffer(),
           KMByteBlob.cast(notAfter).getStartOff(),
@@ -664,7 +670,6 @@ private static void pushEnumTag(short tagId, byte val) {
   private static void pushIntegerTag(short tagId, byte[] buf, short start, short len) {
     short last = stackPtr;
     pushInteger(buf, start, len);
-    //    pushIntegerHeader((short) (last - stackPtr));
     pushTagIdHeader(tagId, (short) (last - stackPtr));
   }
 
diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMConfigurations.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMConfigurations.java
new file mode 100644
index 00000000..6e5090a1
--- /dev/null
+++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMConfigurations.java
@@ -0,0 +1,29 @@
+/*
+ * Copyright(C) 2020 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.android.javacard.keymaster;
+
+public class KMConfigurations {
+  // Machine types
+  public static final byte LITTLE_ENDIAN = 0x00;
+  public static final byte BIG_ENDIAN = 0x01;
+  public static final byte TEE_MACHINE_TYPE = LITTLE_ENDIAN;
+
+  // Maximum cert chain size
+  public static final short CERT_CHAIN_MAX_SIZE = 2500;
+  public static final short CERT_ISSUER_MAX_SIZE = 250;
+  public static final short CERT_EXPIRY_MAX_SIZE = 20;
+  public static final short TOTAL_ATTEST_IDS_SIZE = 300;
+}
diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMHmacKey.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMHmacKey.java
index 65f1d02a..64837ace 100644
--- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMHmacKey.java
+++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMHmacKey.java
@@ -17,7 +17,7 @@
 
 import javacard.security.HMACKey;
 
-public class KMHmacKey implements KMPreSharedKey {
+public class KMHmacKey implements KMPreSharedKey, KMComputedHmacKey {
 
   private HMACKey hmacKey;
 
@@ -33,6 +33,10 @@ public byte getKey(byte[] keyData, short kOff) {
     return hmacKey.getKey(keyData, kOff);
   }
 
+  public HMACKey getKey() {
+    return hmacKey;
+  }
+
   public short getKeySizeBits() {
     return hmacKey.getSize();
   }
diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java
index 46bd03aa..2086620f 100644
--- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java
+++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java
@@ -40,6 +40,7 @@
 import javacard.security.Key;
 import javacard.security.KeyBuilder;
 import javacard.security.KeyPair;
+import javacard.security.MessageDigest;
 import javacard.security.RSAPrivateKey;
 import javacard.security.RSAPublicKey;
 import javacard.security.RandomData;
@@ -72,9 +73,12 @@ public class KMJCardSimulator implements KMSEProvider {
   public static final short MAX_RND_NUM_SIZE = 64;
   public static final short ENTROPY_POOL_SIZE = 16; // simulator does not support 256 bit aes keys
   public static final byte[] aesICV = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
-  private static final short CERT_CHAIN_MAX_SIZE = 2500;//First 2 bytes for length.
   private static final short RSA_KEY_SIZE = 256;
-
+  private static final short CERT_CHAIN_OFFSET = 0;
+  private static final short CERT_ISSUER_OFFSET = KMConfigurations.CERT_CHAIN_MAX_SIZE;
+  private static final short CERT_EXPIRY_OFFSET =
+      (short) (CERT_ISSUER_OFFSET + KMConfigurations.CERT_ISSUER_MAX_SIZE);
+  private static final short COMPUTED_HMAC_KEY_SIZE = 32;
 
   public static boolean jcardSim = false;
   private static Signature kdf;
@@ -85,10 +89,11 @@ public class KMJCardSimulator implements KMSEProvider {
   private static Cipher aesRngCipher;
   private static byte[] entropyPool;
   private static byte[] rndNum;
-  private byte[] certificateChain;
+  private byte[] provisionData;
   private KMAESKey masterKey;
   private KMECPrivateKey attestationKey;
   private KMHmacKey preSharedKey;
+  private KMHmacKey computedHmacKey;
 
   private static KMJCardSimulator jCardSimulator = null;
 
@@ -113,8 +118,11 @@ public KMJCardSimulator() {
     }
     aesRngKey = (AESKey) KeyBuilder.buildKey(KeyBuilder.TYPE_AES, KeyBuilder.LENGTH_AES_128, false);
     // various ciphers
-    //Allocate buffer for certificate chain.
-    certificateChain = new byte[CERT_CHAIN_MAX_SIZE];
+    //Allocate buffer for certificate chain and cert parameters.
+    // First 2 bytes is reserved for length for all the 3 buffers.
+    short totalLen = (short) (6 +  KMConfigurations.CERT_CHAIN_MAX_SIZE +
+        KMConfigurations.CERT_ISSUER_MAX_SIZE + KMConfigurations.CERT_EXPIRY_MAX_SIZE);
+    provisionData = new byte[totalLen];
     jCardSimulator = this;
   }
 
@@ -539,12 +547,6 @@ public short hmacSign(HMACKey key, byte[] data, short dataStart, short dataLengt
     return hmacSignature.sign(data, dataStart, dataLength, mac, macStart);
   }
 
-  public boolean hmacVerify(HMACKey key, byte[] data, short dataStart, short dataLength,
-      byte[] mac, short macStart, short macLength) {
-    hmacSignature.init(key, Signature.MODE_VERIFY);
-    return hmacSignature.verify(data, dataStart, dataLength, mac, macStart, macLength);
-  }
-
   @Override
   public short hmacKDF(KMMasterKey masterkey, byte[] data, short dataStart,
       short dataLength, byte[] signature, short signatureStart) {
@@ -557,17 +559,19 @@ public short hmacKDF(KMMasterKey masterkey, byte[] data, short dataStart,
   }
 
   @Override
-  public short hmacSign(byte[] keyBuf, short keyStart, short keyLength, byte[] data,
-      short dataStart, short dataLength, byte[] mac, short macStart) {
-    HMACKey key = createHMACKey(keyBuf, keyStart, keyLength);
-    return hmacSign(key, data, dataStart, dataLength, mac, macStart);
+  public boolean hmacVerify(KMComputedHmacKey key, byte[] data, short dataStart,
+      short dataLength, byte[] mac, short macStart, short macLength) {
+    KMHmacKey hmacKey = (KMHmacKey) key;
+    hmacSignature.init(hmacKey.getKey(), Signature.MODE_VERIFY);
+    return hmacSignature.verify(data, dataStart, dataLength, mac, macStart,
+        macLength);
   }
 
   @Override
-  public boolean hmacVerify(byte[] keyBuf, short keyStart, short keyLength, byte[] data,
-      short dataStart, short dataLength, byte[] mac, short macStart, short macLength) {
+  public short hmacSign(byte[] keyBuf, short keyStart, short keyLength, byte[] data,
+      short dataStart, short dataLength, byte[] mac, short macStart) {
     HMACKey key = createHMACKey(keyBuf, keyStart, keyLength);
-    return hmacVerify(key, data, dataStart, dataLength, mac, macStart, macLength);
+    return hmacSign(key, data, dataStart, dataLength, mac, macStart);
   }
 
   @Override
@@ -610,6 +614,14 @@ public KMOperation initSymmetricOperation(byte purpose, byte alg, byte digest, b
     return null;
   }
 
+  @Override
+  public KMOperation initTrustedConfirmationSymmetricOperation(KMComputedHmacKey computedHmacKey) {
+    KMOperationImpl opr = null;
+    KMHmacKey key = (KMHmacKey) computedHmacKey;
+    Signature signerVerifier = createHmacSignerVerifier(KMType.VERIFY, KMType.SHA2_256, key.getKey());
+    return new KMOperationImpl(signerVerifier);
+  }
+  
   @Override
   public KMOperation initAsymmetricOperation(byte purpose, byte alg, byte padding, byte digest,
       byte[] privKeyBuf, short privKeyStart, short privKeyLength,
@@ -991,17 +1003,18 @@ private KMCipher createAesCtrCipherNoPad(short mode, byte[] secret, short secret
     return ret;
   }
 
+  private Signature createHmacSignerVerifier(short purpose, short digest,
+      byte[] secret, short secretStart, short secretLength) {
+    HMACKey key = createHMACKey(secret, secretStart, secretLength);
+    return createHmacSignerVerifier(purpose, digest, key);
+  }
 
-  public Signature createHmacSignerVerifier(short purpose, short digest, byte[] secret,
-      short secretStart, short secretLength) {
-    short alg = Signature.ALG_HMAC_SHA_256;
+  private Signature createHmacSignerVerifier(short purpose, short digest, HMACKey key) {
+    byte alg = Signature.ALG_HMAC_SHA_256;
     if (digest != KMType.SHA2_256) {
       CryptoException.throwIt(CryptoException.ILLEGAL_VALUE);
     }
     Signature hmacSignerVerifier = Signature.getInstance((byte) alg, false);
-    HMACKey key = (HMACKey) KeyBuilder
-        .buildKey(KeyBuilder.TYPE_HMAC, (short) (secretLength * 8), false);
-    key.setKey(secret, secretStart, secretLength);
     hmacSignerVerifier.init(key, (byte) purpose);
     return hmacSignerVerifier;
   }
@@ -1167,41 +1180,55 @@ public KMAttestationCert getAttestationCert(boolean rsaCert) {
     return KMAttestationCertImpl.instance(rsaCert);
   }
 
-  public short readCertificateChain(byte[] buf, short offset) {
-    short len = Util.getShort(certificateChain, (short) 0);
-    Util.arrayCopyNonAtomic(certificateChain, (short) 2, buf, offset, len);
-    return len;
-  }
-
   @Override
-  public short getCertificateChainLength() {
-    return Util.getShort(certificateChain, (short) 0);
+  public KMPKCS8Decoder getPKCS8DecoderInstance() {
+    return KMPKCS8DecoderImpl.instance();
+  }
+
+  private short getProvisionDataBufferOffset(byte dataType) {
+    switch(dataType) {
+      case CERTIFICATE_CHAIN:
+        return CERT_CHAIN_OFFSET;
+      case CERTIFICATE_ISSUER:
+        return CERT_ISSUER_OFFSET;
+      case CERTIFICATE_EXPIRY:
+        return CERT_EXPIRY_OFFSET;
+      default:
+        KMException.throwIt(KMError.INVALID_ARGUMENT);
+    }
+    return 0;
   }
 
-  @Override
-  public short ecSign256(KMAttestationKey attestationKey,
-      byte[] inputDataBuf, short inputDataStart, short inputDataLength,
-      byte[] outputDataBuf, short outputDataStart) {
+  private void persistProvisionData(byte[] buf, short off, short len, short maxSize, short copyToOff) {
+    if (len > maxSize) {
+      KMException.throwIt(KMError.INVALID_INPUT_LENGTH);
+    }
+    JCSystem.beginTransaction();
+    Util.setShort(provisionData, copyToOff, len);
+    Util.arrayCopyNonAtomic(buf, off, provisionData, (short) (copyToOff + 2), len);
+    JCSystem.commitTransaction();
+  }
 
-    ECPrivateKey key = ((KMECPrivateKey) attestationKey).getPrivateKey();
+  private void persistCertificateChain(byte[] certChain, short certChainOff, short certChainLen) {
+    persistProvisionData(certChain, certChainOff, certChainLen,
+        KMConfigurations.CERT_CHAIN_MAX_SIZE, CERT_CHAIN_OFFSET);
+  }
 
-    Signature signer = Signature
-        .getInstance(Signature.ALG_ECDSA_SHA_256, false);
-    signer.init(key, Signature.MODE_SIGN);
-    return signer.sign(inputDataBuf, inputDataStart, inputDataLength,
-        outputDataBuf, outputDataStart);
+  private void persistCertficateIssuer(byte[] certIssuer, short certIssuerOff, short certIssuerLen) {
+    persistProvisionData(certIssuer, certIssuerOff, certIssuerLen,
+        KMConfigurations.CERT_ISSUER_MAX_SIZE, CERT_ISSUER_OFFSET);
   }
 
-  @Override
-  public void clearCertificateChain() {
-    JCSystem.beginTransaction();
-    Util.arrayFillNonAtomic(certificateChain, (short) 0, CERT_CHAIN_MAX_SIZE, (byte) 0);
-    JCSystem.commitTransaction();
+  private void persistCertificateExpiryTime(byte[] certExpiry, short certExpiryOff, short certExpiryLen) {
+    persistProvisionData(certExpiry, certExpiryOff, certExpiryLen,
+        KMConfigurations.CERT_EXPIRY_MAX_SIZE, CERT_EXPIRY_OFFSET);
   }
 
   @Override
-  public void persistPartialCertificateChain(byte[] buf, short offset,
-      short len, short totalLen) {
+  public void persistProvisionData(byte[] buffer, short certChainOff, short certChainLen,
+      short certIssuerOff, short certIssuerLen, short certExpiryOff ,short certExpiryLen) {
+    // All the buffers uses first two bytes for length. The certificate chain
+    // is stored as shown below.
     //  _____________________________________________________
     // | 2 Bytes | 1 Byte | 3 Bytes | Cert1 |  Cert2 |...
     // |_________|________|_________|_______|________|_______
@@ -1209,18 +1236,42 @@ public void persistPartialCertificateChain(byte[] buf, short offset,
     // CBOR format:
     // Next single byte holds the byte string header.
     // Next 3 bytes holds the total length of the certificate chain.
-    if (totalLen > (short) (CERT_CHAIN_MAX_SIZE - 2)) {
-      KMException.throwIt(KMError.INVALID_INPUT_LENGTH);
-    }
-    short persistedLen = Util.getShort(certificateChain, (short) 0);
-    if (persistedLen > totalLen) {
-      KMException.throwIt(KMError.INVALID_INPUT_LENGTH);
-    }
+    // clear buffer.
     JCSystem.beginTransaction();
-    Util.setShort(certificateChain, (short) 0, (short) (len + persistedLen));
-    Util.arrayCopyNonAtomic(buf, offset, certificateChain,
-        (short) (persistedLen + 2), len);
+    Util.arrayFillNonAtomic(provisionData, (short) 0, (short) provisionData.length, (byte) 0);
     JCSystem.commitTransaction();
+    // Persist data.
+    persistCertificateChain(buffer, certChainOff, certChainLen);
+    persistCertficateIssuer(buffer, certIssuerOff, certIssuerLen);
+    persistCertificateExpiryTime(buffer, certExpiryOff, certExpiryLen);
+  }
+
+  @Override
+  public short readProvisionedData(byte dataType, byte[] buf, short offset) {
+    short provisionBufOffset = getProvisionDataBufferOffset(dataType);
+    short len = Util.getShort(provisionData, provisionBufOffset);
+    Util.arrayCopyNonAtomic(provisionData, (short) (2 + provisionBufOffset), buf, offset, len);
+    return len;
+  }
+
+  @Override
+  public short getProvisionedDataLength(byte dataType) {
+    short provisionBufOffset = getProvisionDataBufferOffset(dataType);
+    return Util.getShort(provisionData, provisionBufOffset);
+  }
+
+  @Override
+  public short ecSign256(KMAttestationKey attestationKey,
+      byte[] inputDataBuf, short inputDataStart, short inputDataLength,
+      byte[] outputDataBuf, short outputDataStart) {
+
+    ECPrivateKey key = ((KMECPrivateKey) attestationKey).getPrivateKey();
+
+    Signature signer = Signature
+        .getInstance(Signature.ALG_ECDSA_SHA_256, false);
+    signer.init(key, Signature.MODE_SIGN);
+    return signer.sign(inputDataBuf, inputDataStart, inputDataLength,
+        outputDataBuf, outputDataStart);
   }
 
   @Override
@@ -1242,7 +1293,7 @@ public void onSave(Element ele) {
   }
 
   @Override
-  public void onRestore(Element ele) {
+  public void onRestore(Element ele, short oldVersion, short currentVersion) {
   }
 
   @Override
@@ -1301,6 +1352,20 @@ public KMPreSharedKey createPresharedKey(byte[] keyData, short offset, short len
     return (KMPreSharedKey) preSharedKey;
   }
 
+  @Override
+  public KMComputedHmacKey createComputedHmacKey(byte[] keyData, short offset, short length) {
+    if (length != COMPUTED_HMAC_KEY_SIZE) {
+      CryptoException.throwIt(CryptoException.ILLEGAL_VALUE);
+    }
+    if (computedHmacKey == null) {
+      HMACKey key = (HMACKey) KeyBuilder.buildKey(KeyBuilder.TYPE_HMAC, (short) (length * 8),
+          false);
+      computedHmacKey = new KMHmacKey(key);
+    }
+    computedHmacKey.setKey(keyData, offset, length);
+    return (KMComputedHmacKey) computedHmacKey;
+  }
+
   @Override
   public KMMasterKey getMasterKey() {
     return (KMMasterKey) masterKey;
@@ -1316,8 +1381,28 @@ public KMPreSharedKey getPresharedKey() {
     return (KMPreSharedKey) preSharedKey;
   }
 
+  @Override
+  public KMComputedHmacKey getComputedHmacKey() {
+    return (KMComputedHmacKey) computedHmacKey;
+  }
+
   @Override
   public void releaseAllOperations() {
     //Do nothing.
   }
+
+  @Override
+  public short messageDigest256(byte[] inBuff, short inOffset,
+      short inLength, byte[] outBuff, short outOffset) {
+    MessageDigest mDigest = null;
+    short len = 0;
+    try {
+      mDigest = MessageDigest.getInitializedMessageDigestInstance(MessageDigest.ALG_SHA_256, false);
+      len = mDigest.doFinal(inBuff, inOffset, inLength, outBuff, outOffset);
+    } catch (Exception e) {
+
+    }
+    return len;
+  }
+
 }
diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMPKCS8DecoderImpl.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMPKCS8DecoderImpl.java
new file mode 100644
index 00000000..921cae28
--- /dev/null
+++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMPKCS8DecoderImpl.java
@@ -0,0 +1,223 @@
+package com.android.javacard.keymaster;
+
+import javacard.framework.Util;
+
+public class KMPKCS8DecoderImpl implements KMPKCS8Decoder {
+
+  public static final byte ASN1_OCTET_STRING = 0x04;
+  public static final byte ASN1_SEQUENCE = 0x30;
+  public static final byte ASN1_INTEGER = 0x02;
+  public static final byte ASN1_A0_TAG = (byte) 0xA0;
+  public static final byte ASN1_A1_TAG = (byte) 0xA1;
+  public static final byte ASN1_BIT_STRING = 0x03;
+  public static final byte[] EC_CURVE = {
+      0x06, 0x08, 0x2a, (byte) 0x86, 0x48, (byte) 0xce, 0x3d, 0x03,
+      0x01, 0x07
+  };
+  public static final byte[] RSA_ALGORITHM = {
+      0x06, 0x09, 0x2A, (byte) 0x86, 0x48, (byte) 0x86,
+      (byte) 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00
+  };
+  public static final byte[] EC_ALGORITHM = {
+      0x06, 0x07, 0x2a, (byte) 0x86, 0x48, (byte) 0xce,
+      0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, (byte) 0x86, 0x48,
+      (byte) 0xce, 0x3d, 0x03, 0x01, 0x07
+  };
+  private byte[] data;
+  private short start;
+  private short length;
+  private short cur;
+  private static KMPKCS8DecoderImpl inst;
+
+  private KMPKCS8DecoderImpl() {
+    start = 0;
+    length = 0;
+    cur = 0;
+  }
+
+  @Override
+  public short decodeRsa(short blob) {
+    init(blob);
+    decodeCommon((short) 0, RSA_ALGORITHM);
+    return decodeRsaPrivateKey((short) 0);
+  }
+
+  @Override
+  public short decodeEc(short blob) {
+    init(blob);
+    decodeCommon((short) 0, EC_ALGORITHM);
+    return decodeEcPrivateKey((short) 1);
+  }
+
+  //Seq[Int,Int,Int,Int,]
+  public short decodeRsaPrivateKey(short version) {
+    short resp = KMArray.instance((short) 3);
+    header(ASN1_OCTET_STRING);
+    header(ASN1_SEQUENCE);
+    short len = header(ASN1_INTEGER);
+    if (len != 1) {
+      KMException.throwIt(KMError.UNKNOWN_ERROR);
+    }
+    short ver = getByte();
+    if (ver != version) {
+      KMException.throwIt(KMError.UNKNOWN_ERROR);
+    }
+    len = header(ASN1_INTEGER);
+    short modulus = getModulus(len);
+    len = header(ASN1_INTEGER);
+    short pubKey = KMByteBlob.instance(len);
+    getBytes(pubKey);
+    len = header(ASN1_INTEGER);
+    short privKey = KMByteBlob.instance(len);
+    getBytes(privKey);
+    KMArray.cast(resp).add((short) 0, modulus);
+    KMArray.cast(resp).add((short) 1, pubKey);
+    KMArray.cast(resp).add((short) 2, privKey);
+    return resp;
+  }
+
+  // Seq [Int, Blob]
+  public void decodeCommon(short version, byte[] alg) {
+    short len = header(ASN1_SEQUENCE);
+    len = header(ASN1_INTEGER);
+    if (len != 1) {
+      KMException.throwIt(KMError.UNKNOWN_ERROR);
+    }
+    short ver = getByte();
+    if (ver != version) {
+      KMException.throwIt(KMError.UNKNOWN_ERROR);
+    }
+    len = header(ASN1_SEQUENCE);
+    short blob = KMByteBlob.instance(len);
+    getBytes(blob);
+    if (Util.arrayCompare(
+        KMByteBlob.cast(blob).getBuffer(),
+        KMByteBlob.cast(blob).getStartOff(),
+        alg,
+        (short) 0, KMByteBlob.cast(blob).length()) != 0) {
+      KMException.throwIt(KMError.UNKNOWN_ERROR);
+    }
+  }
+
+  //Seq[Int,blob,blob]
+  public short decodeEcPrivateKey(short version) {
+    short resp = KMArray.instance((short) 2);
+    header(ASN1_OCTET_STRING);
+    header(ASN1_SEQUENCE);
+    short len = header(ASN1_INTEGER);
+    if (len != 1) {
+      KMException.throwIt(KMError.UNKNOWN_ERROR);
+    }
+    short ver = getByte();
+    if (ver != version) {
+      KMException.throwIt(KMError.UNKNOWN_ERROR);
+    }
+    len = header(ASN1_OCTET_STRING);
+    short privKey = KMByteBlob.instance(len);
+    getBytes(privKey);
+    validateTag0IfPresent();
+    header(ASN1_A1_TAG);
+    len = header(ASN1_BIT_STRING);
+    if (len < 1) {
+      KMException.throwIt(KMError.UNKNOWN_ERROR);
+    }
+    byte unusedBits = getByte();
+    if (unusedBits != 0) {
+      KMException.throwIt(KMError.UNIMPLEMENTED);
+    }
+    short pubKey = KMByteBlob.instance((short) (len - 1));
+    getBytes(pubKey);
+    KMArray.cast(resp).add((short) 0, pubKey);
+    KMArray.cast(resp).add((short) 1, privKey);
+    return resp;
+  }
+
+  private void validateTag0IfPresent() {
+    if (data[cur] != ASN1_A0_TAG) {
+      return;
+    }
+    ;
+    short len = header(ASN1_A0_TAG);
+    if (len != EC_CURVE.length) {
+      KMException.throwIt(KMError.UNKNOWN_ERROR);
+    }
+    if (Util.arrayCompare(data, cur, EC_CURVE, (short) 0, len) != 0) {
+      KMException.throwIt(KMError.UNKNOWN_ERROR);
+    }
+    incrementCursor(len);
+  }
+
+  private short header(short tag) {
+    short t = getByte();
+    if (t != tag) {
+      KMException.throwIt(KMError.UNKNOWN_ERROR);
+    }
+    return getLength();
+  }
+
+  private byte getByte() {
+    byte d = data[cur];
+    incrementCursor((short) 1);
+    return d;
+  }
+
+  private short getShort() {
+    short d = Util.getShort(data, cur);
+    incrementCursor((short) 2);
+    return d;
+  }
+
+  private short getModulus(short modulusLen) {
+    if (0 == data[cur] && modulusLen == 257) {
+      incrementCursor((short) 1);
+      modulusLen--;
+    }
+    short blob = KMByteBlob.instance(modulusLen);
+    getBytes(blob);
+    return blob;
+  }
+
+  private void getBytes(short blob) {
+    short len = KMByteBlob.cast(blob).length();
+    Util.arrayCopyNonAtomic(data, cur, KMByteBlob.cast(blob).getBuffer(),
+        KMByteBlob.cast(blob).getStartOff(), len);
+    incrementCursor(len);
+  }
+
+  private short getLength() {
+    byte len = getByte();
+    if (len >= 0) {
+      return len;
+    }
+    len = (byte) (len & 0x7F);
+    if (len == 1) {
+      return (short) (getByte() & 0xFF);
+    } else if (len == 2) {
+      return getShort();
+    } else {
+      KMException.throwIt(KMError.UNKNOWN_ERROR);
+    }
+    return KMType.INVALID_VALUE; //should not come here
+  }
+
+  public static KMPKCS8DecoderImpl instance() {
+    if (inst == null) {
+      inst = new KMPKCS8DecoderImpl();
+    }
+    return inst;
+  }
+
+  public void init(short blob) {
+    data = KMByteBlob.cast(blob).getBuffer();
+    start = KMByteBlob.cast(blob).getStartOff();
+    length = KMByteBlob.cast(blob).length();
+    cur = start;
+  }
+
+  public void incrementCursor(short n) {
+    cur += n;
+    if (cur > ((short) (start + length))) {
+      KMException.throwIt(KMError.UNKNOWN_ERROR);
+    }
+  }
+}
diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMUtils.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMUtils.java
index c2b5c7f3..88b7b4d1 100644
--- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMUtils.java
+++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMUtils.java
@@ -303,6 +303,14 @@ public static byte compare(byte[] buf, short lhs, short rhs) {
     return KMInteger.unsignedByteArrayCompare(buf, lhs, buf, rhs, (short) 8);
   }
 
+  public static void shiftLeft(byte[] buf, short start, short count) {
+    short index = 0;
+    while (index < count) {
+      shiftLeft(buf, start);
+      index++;
+    }
+  }
+
   public static void shiftLeft(byte[] buf, short start) {
     byte index = 7;
     byte carry = 0;
@@ -343,7 +351,9 @@ public static void add(byte[] buf, short op1, short op2, short result) {
     byte carry = 0;
     short tmp;
     while (index >= 0) {
-      tmp = (short) (buf[(short) (op1 + index)] + buf[(short) (op2 + index)] + carry);
+      tmp =
+          (short) ((buf[(short) (op1 + index)] & 0xFF) +
+              (buf[(short) (op2 + index)] & 0xFF) + carry);
       carry = 0;
       if (tmp > 255) {
         carry = 1; // max unsigned byte value is 255
@@ -409,4 +419,20 @@ public static short getLeapYrIndex(boolean from2020, short yrsCount) {
     return -1;
   }
 
-}
\ No newline at end of file
+  // i * 1000 = (i << 9) + (i << 8) + (i << 7) + (i << 6) + (i << 5) + ( i << 3)
+  public static void convertToMilliseconds(byte[] buf, short inputOff, short outputOff,
+      short scratchPadOff) {
+    byte[] shiftPos = {9, 8, 7, 6, 5, 3};
+    short index = 0;
+    while (index < (short) (shiftPos.length)) {
+      Util.arrayCopyNonAtomic(buf, inputOff, buf, scratchPadOff, (short) 8);
+      shiftLeft(buf, scratchPadOff, shiftPos[index]);
+      Util.arrayCopyNonAtomic(buf, outputOff, buf, (short) (scratchPadOff + 8), (short) 8);
+      add(buf, scratchPadOff, (short) (8 + scratchPadOff), (short) (16 + scratchPadOff));
+      Util.arrayCopyNonAtomic(buf, (short) (scratchPadOff + 16), buf, outputOff, (short) 8);
+      Util.arrayFillNonAtomic(buf, scratchPadOff, (short) 24, (byte) 0);
+      index++;
+    }
+  }
+
+}
diff --git a/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java b/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java
index 1e80f4b2..bbba28ab 100644
--- a/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java
+++ b/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java
@@ -20,6 +20,9 @@
 import com.android.javacard.keymaster.KMBoolTag;
 import com.android.javacard.keymaster.KMByteBlob;
 import com.android.javacard.keymaster.KMByteTag;
+import com.android.javacard.keymaster.KMComputedHmacKey;
+import com.android.javacard.keymaster.KMConfigurations;
+import com.android.javacard.keymaster.KMHmacKey;
 import com.android.javacard.keymaster.KMJCardSimApplet;
 import com.android.javacard.keymaster.KMJCardSimulator;
 import com.android.javacard.keymaster.KMSEProvider;
@@ -85,14 +88,13 @@ public class KMFunctionalTest {
 
   private static final byte INS_BEGIN_KM_CMD = 0x00;
   private static final byte INS_PROVISION_ATTESTATION_KEY_CMD = INS_BEGIN_KM_CMD + 1; //0x01
-  private static final byte INS_PROVISION_ATTESTATION_CERT_CHAIN_CMD = INS_BEGIN_KM_CMD + 2; //0x02
-  private static final byte INS_PROVISION_ATTESTATION_CERT_PARAMS_CMD = INS_BEGIN_KM_CMD + 3; //0x03
-  private static final byte INS_PROVISION_ATTEST_IDS_CMD = INS_BEGIN_KM_CMD + 4; //0x04
-  private static final byte INS_PROVISION_PRESHARED_SECRET_CMD = INS_BEGIN_KM_CMD + 5; //0x05
-  private static final byte INS_SET_BOOT_PARAMS_CMD = INS_BEGIN_KM_CMD + 6; //0x06
-  private static final byte INS_LOCK_PROVISIONING_CMD = INS_BEGIN_KM_CMD + 7; //0x07
-  private static final byte INS_GET_PROVISION_STATUS_CMD = INS_BEGIN_KM_CMD + 8; //0x08
-  private static final byte INS_SET_VERSION_PATCHLEVEL_CMD = INS_BEGIN_KM_CMD + 9; //0x09
+  private static final byte INS_PROVISION_ATTESTATION_CERT_DATA_CMD = INS_BEGIN_KM_CMD + 2; //0x02
+  private static final byte INS_PROVISION_ATTEST_IDS_CMD = INS_BEGIN_KM_CMD + 3; //0x04
+  private static final byte INS_PROVISION_PRESHARED_SECRET_CMD = INS_BEGIN_KM_CMD + 4; //0x05
+  private static final byte INS_SET_BOOT_PARAMS_CMD = INS_BEGIN_KM_CMD + 5; //0x06
+  private static final byte INS_LOCK_PROVISIONING_CMD = INS_BEGIN_KM_CMD + 6; //0x07
+  private static final byte INS_GET_PROVISION_STATUS_CMD = INS_BEGIN_KM_CMD + 7; //0x08
+  private static final byte INS_SET_VERSION_PATCHLEVEL_CMD = INS_BEGIN_KM_CMD + 8; //0x09
   // Top 32 commands are reserved for provisioning.
   private static final byte INS_END_KM_PROVISION_CMD = 0x20;
 
@@ -534,6 +536,8 @@ private void setBootParams(CardSimulator simulator, short bootPatchLevel) {
   }
 
   private void provisionSigningCertificate(CardSimulator simulator) {
+    short arrPtr = KMArray.instance((short) 3);
+
     short byteBlobPtr = KMByteBlob.instance(
         (short) (kEcAttestCert.length + kEcAttestRootCert.length));
     Util.arrayCopyNonAtomic(kEcAttestCert, (short) 0,
@@ -545,8 +549,17 @@ private void provisionSigningCertificate(CardSimulator simulator) {
         (short) (KMByteBlob.cast(byteBlobPtr).getStartOff()
             + kEcAttestCert.length),
         (short) kEcAttestRootCert.length);
+    KMArray.cast(arrPtr).add((short) 0, byteBlobPtr);
+
+    short byteBlob1 = KMByteBlob.instance(X509Issuer, (short) 0,
+        (short) X509Issuer.length);
+    KMArray.cast(arrPtr).add((short) 1, byteBlob1);
+    short byteBlob2 = KMByteBlob.instance(expiryTime, (short) 0,
+        (short) expiryTime.length);
+    KMArray.cast(arrPtr).add((short) 2, byteBlob2);
+
     CommandAPDU apdu = encodeApdu(
-        (byte) INS_PROVISION_ATTESTATION_CERT_CHAIN_CMD, byteBlobPtr);
+        (byte) INS_PROVISION_ATTESTATION_CERT_DATA_CMD, arrPtr);
     // print(commandAPDU.getBytes());
     ResponseAPDU response = simulator.transmitCommand(apdu);
     Assert.assertEquals(0x9000, response.getSW());
@@ -593,23 +606,6 @@ private void provisionSigningKey(CardSimulator simulator) {
     Assert.assertEquals(0x9000, response.getSW());
   }
 
-  private void provisionCertificateParams(CardSimulator simulator) {
-
-    short arrPtr = KMArray.instance((short) 2);
-    short byteBlob1 = KMByteBlob.instance(X509Issuer, (short) 0,
-        (short) X509Issuer.length);
-    KMArray.cast(arrPtr).add((short) 0, byteBlob1);
-    short byteBlob2 = KMByteBlob.instance(expiryTime, (short) 0,
-        (short) expiryTime.length);
-    KMArray.cast(arrPtr).add((short) 1, byteBlob2);
-
-    CommandAPDU apdu = encodeApdu(
-        (byte) INS_PROVISION_ATTESTATION_CERT_PARAMS_CMD, arrPtr);
-    // print(commandAPDU.getBytes());
-    ResponseAPDU response = simulator.transmitCommand(apdu);
-    Assert.assertEquals(0x9000, response.getSW());
-  }
-
   private void provisionSharedSecret(CardSimulator simulator) {
     byte[] sharedKeySecret = {
         0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
@@ -676,7 +672,6 @@ private void provisionLocked(CardSimulator simulator) {
   private void provisionCmd(CardSimulator simulator) {
     provisionSigningKey(simulator);
     provisionSigningCertificate(simulator);
-    provisionCertificateParams(simulator);
     provisionSharedSecret(simulator);
     provisionAttestIds(simulator);
     // set bootup parameters
@@ -926,7 +921,7 @@ public void testDeviceLocked() {
     init();
     byte[] hmacKey = new byte[32];
     cryptoProvider.newRandomNumber(hmacKey, (short) 0, (short) 32);
-    KMRepository.instance().initComputedHmac(hmacKey, (short) 0, (short) 32);
+    cryptoProvider.createComputedHmacKey(hmacKey, (short) 0, (short) 32);
     // generate aes key with unlocked_device_required
     short aesKey = generateAesDesKey(KMType.AES, (short) 128, null, null, true);
     short keyBlobPtr = KMArray.cast(aesKey).get((short) 1);
@@ -951,28 +946,9 @@ public void testDeviceLocked() {
     // create verification token
     short verToken = KMVerificationToken.instance();
     KMVerificationToken.cast(verToken).setTimestamp(KMInteger.uint_16((short) 1));
-    verToken = signVerificationToken(verToken);
+    verToken = signVerificationToken(verToken, KMConfigurations.TEE_MACHINE_TYPE);
     // device locked request
-    deviceLock(verToken);
-    // decrypt should fail
-    inParams = getAesDesParams(KMType.AES, KMType.ECB, KMType.PKCS7, null);
-    short beginResp = begin(KMType.DECRYPT,
-        KMByteBlob.instance(keyBlob, (short) 0, (short) keyBlob.length),
-        KMKeyParameters.instance(inParams), (short) 0, false);
-    Assert.assertEquals(beginResp, KMError.DEVICE_LOCKED);
-    short hwToken = KMHardwareAuthToken.instance();
-    KMHardwareAuthToken.cast(hwToken).setTimestamp(KMInteger.uint_16((byte) 2));
-    KMHardwareAuthToken.cast(hwToken)
-        .setHwAuthenticatorType(KMEnum.instance(KMType.USER_AUTH_TYPE, (byte) KMType.PASSWORD));
-    inParams = getAesDesParams(KMType.AES, KMType.ECB, KMType.PKCS7, null);
-    hwToken = signHwToken(hwToken);
-    ret = processMessage(cipherData,
-        KMByteBlob.instance(keyBlob, (short) 0, (short) keyBlob.length),
-        KMType.DECRYPT,
-        KMKeyParameters.instance(inParams), hwToken, null, false, false
-    );
-    ret = KMArray.cast(ret).get((short) 0);
-    Assert.assertEquals(KMInteger.cast(ret).getShort(), KMError.OK);
+    deviceLock(verToken, KMError.VERIFICATION_FAILED);
     cleanUp();
   }
 
@@ -1015,13 +991,9 @@ private short signHwToken(short hwToken) {
 
  */
     byte[] mac = new byte[32];
-    /*
-    len =
-      cryptoProvider.hmacSign(key, scratchPad, (short) 0, len,
-        mac,
-        (short)0);
-     */
-    short key = KMRepository.instance().getComputedHmacKey();
+    short key = KMByteBlob.instance((short) 32);
+    KMHmacKey computedHmacKey = (KMHmacKey) cryptoProvider.getComputedHmacKey();
+    computedHmacKey.getKey(KMByteBlob.cast(key).getBuffer(), KMByteBlob.cast(key).getStartOff());
     cryptoProvider.hmacSign(
         KMByteBlob.cast(key).getBuffer(),
         KMByteBlob.cast(key).getStartOff(),
@@ -1034,19 +1006,28 @@ private short signHwToken(short hwToken) {
     return hwToken;
   }
 
-  private void deviceLock(short verToken) {
+  private void deviceLock(short verToken, short expectedError) {
     short req = KMArray.instance((short) 2);
     KMArray.cast(req).add((short) 0, KMInteger.uint_8((byte) 1));
     KMArray.cast(req).add((short) 1, verToken);
     CommandAPDU apdu = encodeApdu((byte) INS_DEVICE_LOCKED_CMD, req);
     ResponseAPDU response = simulator.transmitCommand(apdu);
-    short ret = KMArray.instance((short) 1);
-    KMArray.cast(ret).add((short) 0, KMInteger.exp());
     byte[] respBuf = response.getBytes();
-    Assert.assertEquals(respBuf[0], KMError.OK);
+    short len = (short) respBuf.length;
+    byte majorType = readMajorType(respBuf);
+    short retError;
+    if (majorType == CBOR_ARRAY_MAJOR_TYPE) {
+      short ret = KMArray.instance((short) 1);
+      ret = decoder.decode(ret, respBuf, (short) 0, len);
+      retError = KMInteger.cast(KMArray.cast(ret).get((short) 0)).getShort();
+    } else {//Major type UINT.
+      short ret = decoder.decode(KMInteger.exp(), respBuf, (short) 0, len);
+      retError = KMInteger.cast(ret).getShort();
+    }
+    Assert.assertEquals(retError, expectedError);
   }
 
-  private short signVerificationToken(short verToken) {
+  private short signVerificationToken(short verToken, byte machineType) {
     byte[] scratchPad = new byte[256];
     byte[] authVer = "Auth Verification".getBytes();
     //print(authVer,(short)0,(short)authVer.length);
@@ -1058,17 +1039,29 @@ private short signVerificationToken(short verToken) {
     short len = (short) authVer.length;
     // concatenate challenge - 8 bytes
     short ptr = KMVerificationToken.cast(verToken).getChallenge();
-    KMInteger.cast(ptr)
-        .value(scratchPad, (short) (len + (short) (8 - KMInteger.cast(ptr).length())));
+    if (machineType == KMConfigurations.LITTLE_ENDIAN) {
+      KMInteger.cast(ptr).toLittleEndian(scratchPad, len);
+    } else {
+      KMInteger.cast(ptr)
+          .value(scratchPad, (short) (len + (short) (8 - KMInteger.cast(ptr).length())));
+    }
     len += 8;
     // concatenate timestamp -8 bytes
     ptr = KMVerificationToken.cast(verToken).getTimestamp();
-    KMInteger.cast(ptr)
-        .value(scratchPad, (short) (len + (short) (8 - KMInteger.cast(ptr).length())));
+    if (machineType == KMConfigurations.LITTLE_ENDIAN) {
+      KMInteger.cast(ptr).toLittleEndian(scratchPad, len);
+    } else {
+      KMInteger.cast(ptr)
+          .value(scratchPad, (short) (len + (short) (8 - KMInteger.cast(ptr).length())));
+    }
     len += 8;
     // concatenate security level - 4 bytes
     ptr = KMVerificationToken.cast(verToken).getSecurityLevel();
-    scratchPad[(short) (len + 3)] = KMEnum.cast(ptr).getVal();
+    if (machineType == KMConfigurations.LITTLE_ENDIAN) {
+      scratchPad[len] = KMEnum.cast(ptr).getVal();
+    } else {
+      scratchPad[(short) (len + 3)] = KMEnum.cast(ptr).getVal();
+    }
     len += 4;
     // concatenate Parameters verified - blob of encoded data.
     ptr = KMVerificationToken.cast(verToken).getParametersVerified();
@@ -1090,7 +1083,9 @@ private short signVerificationToken(short verToken) {
         mac,
         (short)0);
      */
-    short key = KMRepository.instance().getComputedHmacKey();
+    short key = KMByteBlob.instance((short) 32);
+    KMHmacKey computedHmacKey = (KMHmacKey) cryptoProvider.getComputedHmacKey();
+    computedHmacKey.getKey(KMByteBlob.cast(key).getBuffer(), KMByteBlob.cast(key).getStartOff());
     cryptoProvider.hmacSign(KMByteBlob.cast(key).getBuffer(),
         KMByteBlob.cast(key).getStartOff(),
         KMByteBlob.cast(key).length(),
@@ -1196,6 +1191,142 @@ private short extractKeyBlobArray(short keyBlob) {
         .cast(keyBlob).getStartOff(), KMByteBlob.cast(keyBlob).length());
   }
 
+  @Test
+  public void testRateLimitExceptsMaxOpsExceeded() {
+    init();
+    short rsaKeyArr = generateRsaKey(null, null, KMInteger.uint_8((byte) 2));
+    Assert.assertEquals(KMInteger.cast(KMArray.cast(rsaKeyArr).get((short) 0)).getShort(),
+        KMError.OK);
+
+    // Cache keyblob
+    short keyBlobPtr = KMArray.cast(rsaKeyArr).get((short) 1);
+    byte[] keyBlob = new byte[KMByteBlob.cast(keyBlobPtr).length()];
+    Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(),
+        KMByteBlob.cast(keyBlobPtr).getStartOff(),
+        keyBlob, (short) 0, (short) keyBlob.length);
+    short inParams = getRsaParams(KMType.SHA2_256, KMType.RSA_PKCS1_1_5_SIGN);
+    inParams = KMKeyParameters.instance(inParams);
+    // Begin
+    begin(KMType.SIGN, keyBlobPtr, inParams, (short) 0, false);
+
+    keyBlobPtr = KMByteBlob.instance((short) keyBlob.length);
+    Util.arrayCopyNonAtomic(keyBlob, (short) 0,
+        KMByteBlob.cast(keyBlobPtr).getBuffer(),
+        KMByteBlob.cast(keyBlobPtr).getStartOff(),
+        (short) keyBlob.length);
+    inParams = getRsaParams(KMType.SHA2_256, KMType.RSA_PKCS1_1_5_SIGN);
+    inParams = KMKeyParameters.instance(inParams);
+    begin(KMType.SIGN, keyBlobPtr, inParams, (short) 0, false);
+
+    keyBlobPtr = KMByteBlob.instance((short) keyBlob.length);
+    Util.arrayCopyNonAtomic(keyBlob, (short) 0,
+        KMByteBlob.cast(keyBlobPtr).getBuffer(),
+        KMByteBlob.cast(keyBlobPtr).getStartOff(),
+        (short) keyBlob.length);
+    inParams = getRsaParams(KMType.SHA2_256, KMType.RSA_PKCS1_1_5_SIGN);
+    inParams = KMKeyParameters.instance(inParams);
+    short beginResp = begin(KMType.SIGN, keyBlobPtr, inParams, (short) 0, false);
+    Assert.assertEquals(KMError.KEY_MAX_OPS_EXCEEDED, beginResp);
+    cleanUp();
+  }
+
+  @Test
+  public void testRateLimitExceptsTooManyOperations() {
+    init();
+    byte[] plainData = "Hello World 123!".getBytes();
+    for (int i = 0; i <= 8; i++) {
+      short rsaKeyArr = generateRsaKey(null, null, KMInteger.uint_8((byte) 1));
+      Assert.assertEquals(KMInteger.cast(KMArray.cast(rsaKeyArr).get((short) 0)).getShort(),
+          KMError.OK);
+
+      // Cache keyblob
+      short keyBlobPtr = KMArray.cast(rsaKeyArr).get((short) 1);
+      short inParams = getRsaParams(KMType.SHA2_256, KMType.RSA_PKCS1_1_5_SIGN);
+      inParams = KMKeyParameters.instance(inParams);
+      // Begin
+      short beginResp = begin(KMType.SIGN, keyBlobPtr, inParams, (short) 0, false);
+      if (i == 8) {
+        // Only 8 keys are allowed for MAX_USES_PER_BOOT
+        Assert.assertEquals(KMError.TOO_MANY_OPERATIONS, beginResp);
+        return;
+      }
+      short opHandle = KMArray.cast(beginResp).get((short) 2);
+      finish(opHandle,
+          KMByteBlob.instance(plainData, (short) 0, (short) plainData.length), null,
+          (short) 0, (short) 0, (short) 0, KMError.OK, false);
+    }
+    cleanUp();
+  }
+
+  @Test
+  public void testRateLimitClearBufferAfterReboot() {
+    init();
+    byte[] plainData = "Hello World 123!".getBytes();
+    for (int i = 0; i <= 32; i++) {
+      if (i % 8 == 0) {
+        // Simulate reboot using set boot parameters.
+        // Clear the rate limited keys from the flash memory
+        setBootParams(simulator, (short) BOOT_PATCH_LEVEL);
+      }
+      short rsaKeyArr = generateRsaKey(null, null, KMInteger.uint_8((byte) 1));
+      Assert.assertEquals(KMInteger.cast(KMArray.cast(rsaKeyArr).get((short) 0)).getShort(),
+          KMError.OK);
+
+      // Cache keyblob
+      short keyBlobPtr = KMArray.cast(rsaKeyArr).get((short) 1);
+      short inParams = getRsaParams(KMType.SHA2_256, KMType.RSA_PKCS1_1_5_SIGN);
+      inParams = KMKeyParameters.instance(inParams);
+      // Begin
+      short beginResp = begin(KMType.SIGN, keyBlobPtr, inParams, (short) 0, false);
+      short opHandle = KMArray.cast(beginResp).get((short) 2);
+      // Finish
+      finish(opHandle,
+          KMByteBlob.instance(plainData, (short) 0, (short) plainData.length), null,
+          (short) 0, (short) 0, (short) 0, KMError.OK, false);
+    }
+    cleanUp();
+  }
+
+  @Test
+  public void testRateLimitWithHugeCount() {
+    init();
+    short maxUsesPerBoot = 1000;
+    byte[] plainData = "Hello World 123!".getBytes();
+    short rsaKeyArr = generateRsaKey(null, null, KMInteger.uint_16(maxUsesPerBoot));
+    Assert.assertEquals(KMInteger.cast(KMArray.cast(rsaKeyArr).get((short) 0)).getShort(),
+        KMError.OK);
+
+    // Cache keyblob
+    short keyBlobPtr = KMArray.cast(rsaKeyArr).get((short) 1);
+    byte[] keyBlob = new byte[KMByteBlob.cast(keyBlobPtr).length()];
+    Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(),
+        KMByteBlob.cast(keyBlobPtr).getStartOff(),
+        keyBlob, (short) 0, (short) keyBlob.length);
+
+    for (int i = 0; i <= maxUsesPerBoot; i++) {
+      // Cache keyblob
+      keyBlobPtr = KMByteBlob.instance((short) keyBlob.length);
+      Util.arrayCopyNonAtomic(keyBlob, (short) 0,
+          KMByteBlob.cast(keyBlobPtr).getBuffer(),
+          KMByteBlob.cast(keyBlobPtr).getStartOff(),
+          (short) keyBlob.length);
+      short inParams = getRsaParams(KMType.SHA2_256, KMType.RSA_PKCS1_1_5_SIGN);
+      inParams = KMKeyParameters.instance(inParams);
+      // Begin
+      short beginResp = begin(KMType.SIGN, keyBlobPtr, inParams, (short) 0, false);
+      if (i == maxUsesPerBoot) {
+        Assert.assertEquals(KMError.KEY_MAX_OPS_EXCEEDED, beginResp);
+        return;
+      }
+      short opHandle = KMArray.cast(beginResp).get((short) 2);
+      // Finish
+      finish(opHandle,
+          KMByteBlob.instance(plainData, (short) 0, (short) plainData.length), null,
+          (short) 0, (short) 0, (short) 0, KMError.OK, false);
+    }
+    cleanUp();
+  }
+
   @Test
   public void testRsaGenerateKeySuccess() {
     init();
@@ -1223,7 +1354,7 @@ public void testRsaGenerateKeySuccess() {
     cleanUp();
   }
 
-  private short generateRsaKey(byte[] clientId, byte[] appData) {
+  private short generateRsaKey(byte[] clientId, byte[] appData, short keyUsageLimitPtr) {
     byte[] activeAndCreationDateTime = {0, 0, 0x01, 0x73, 0x51, 0x7C, (byte) 0xCC, 0x00};
     short tagCount = 11;
     if (clientId != null) {
@@ -1232,6 +1363,9 @@ private short generateRsaKey(byte[] clientId, byte[] appData) {
     if (appData != null) {
       tagCount++;
     }
+    if (keyUsageLimitPtr != KMType.INVALID_VALUE) {
+      tagCount++;
+    }
     short arrPtr = KMArray.instance(tagCount);
     short keySize = KMIntegerTag
         .instance(KMType.UINT_TAG, KMType.KEYSIZE, KMInteger.uint_16((short) 2048));
@@ -1284,6 +1418,10 @@ private short generateRsaKey(byte[] clientId, byte[] appData) {
           KMByteTag.instance(KMType.APPLICATION_DATA,
               KMByteBlob.instance(appData, (short) 0, (short) appData.length)));
     }
+    if (keyUsageLimitPtr != KMType.INVALID_VALUE) {
+      KMArray.cast(arrPtr).add(tagIndex++, KMIntegerTag
+          .instance(KMType.UINT_TAG, KMType.MAX_USES_PER_BOOT, keyUsageLimitPtr));
+    }
     short keyParams = KMKeyParameters.instance(arrPtr);
     arrPtr = KMArray.instance((short) 1);
     KMArray arg = KMArray.cast(arrPtr);
@@ -1303,6 +1441,10 @@ private short generateRsaKey(byte[] clientId, byte[] appData) {
     return ret;
   }
 
+  private short generateRsaKey(byte[] clientId, byte[] appData) {
+    return generateRsaKey(clientId, appData, KMType.INVALID_VALUE);
+  }
+
   private short generateAttestationKey() {
     // 15th July 2020 00.00.00
     byte[] activeAndCreationDateTime = {0, 0, 0x01, 0x73, 0x51, 0x7C, (byte) 0xCC, 0x00};
diff --git a/Applet/README.md b/Applet/README.md
index 3a859194..064fc9d9 100644
--- a/Applet/README.md
+++ b/Applet/README.md
@@ -18,3 +18,4 @@ which serves to intermediate between Android Keystore and this applet.
 - set JC_HOME_SIMULATOR environment variable to the installed sdk.
 - Give ant build from Applet folder.
 - Download [gpapi-upgrade.jar](https://globalplatform.wpengine.com/specs-library/globalplatform-card-api-org-globalplatform-upgrade-v1/) and copy inside lib folder of both AndroidSEProvider and JCardSimProvider to resolve the compilation errors.
+
diff --git a/Applet/src/com/android/javacard/keymaster/KMArray.java b/Applet/src/com/android/javacard/keymaster/KMArray.java
index bfa09269..adf61723 100644
--- a/Applet/src/com/android/javacard/keymaster/KMArray.java
+++ b/Applet/src/com/android/javacard/keymaster/KMArray.java
@@ -92,6 +92,12 @@ public void add(short index, short objPtr) {
       (short) (instanceTable[KM_ARRAY_OFFSET] + TLV_HEADER_SIZE + ARRAY_HEADER_SIZE + (short) (index * 2)),
       objPtr);
   }
+  
+  public void deleteLastEntry() {
+    short len = length();
+    Util.setShort(heap, (short) (instanceTable[KM_ARRAY_OFFSET] + TLV_HEADER_SIZE + 2), (short) (len -1));
+  }
+
 
   public short get(short index) {
     short len = length();
diff --git a/Applet/src/com/android/javacard/keymaster/KMByteBlob.java b/Applet/src/com/android/javacard/keymaster/KMByteBlob.java
index a6f4c529..d980bd9a 100644
--- a/Applet/src/com/android/javacard/keymaster/KMByteBlob.java
+++ b/Applet/src/com/android/javacard/keymaster/KMByteBlob.java
@@ -130,4 +130,8 @@ public void decrementLength(short len) {
     length = (short) (length - len);
     Util.setShort(heap, (short) (instanceTable[KM_BYTE_BLOB_OFFSET] + 1), length);
   }
+
+  public void setLength(short len) {
+    Util.setShort(heap, (short)(instanceTable[KM_BYTE_BLOB_OFFSET] + 1), len);
+  }
 }
diff --git a/Applet/src/com/android/javacard/keymaster/KMComputedHmacKey.java b/Applet/src/com/android/javacard/keymaster/KMComputedHmacKey.java
new file mode 100644
index 00000000..9621b417
--- /dev/null
+++ b/Applet/src/com/android/javacard/keymaster/KMComputedHmacKey.java
@@ -0,0 +1,5 @@
+package com.android.javacard.keymaster;
+
+
+public interface KMComputedHmacKey {
+}
diff --git a/Applet/src/com/android/javacard/keymaster/KMDecoder.java b/Applet/src/com/android/javacard/keymaster/KMDecoder.java
index c2579372..7bd0e6ec 100644
--- a/Applet/src/com/android/javacard/keymaster/KMDecoder.java
+++ b/Applet/src/com/android/javacard/keymaster/KMDecoder.java
@@ -435,14 +435,38 @@ private void incrementStartOff(short inc) {
       ISOException.throwIt(ISO7816.SW_DATA_INVALID);
     }
   }
-
-  public short readCertificateChainLengthAndHeaderLen(byte[] buf, short bufOffset,
-      short bufLen) {
+  
+  // Reads the offset and length values of the ByteBlobs from a CBOR array buffer.
+  public void decodeCertificateData(short expectedArrLen, byte[] buf, short bufOffset, short bufLen,
+      byte[] out, short outOff) {
     bufferRef[0] = buf;
     scratchBuf[START_OFFSET] = bufOffset;
     scratchBuf[LEN_OFFSET] = (short) (bufOffset + bufLen);
-    short totalLen = readMajorTypeWithPayloadLength(BYTES_TYPE);
-    totalLen += (short) (scratchBuf[START_OFFSET] - bufOffset);
-    return totalLen;
+    short byteBlobLength = 0;
+    // Read Array length
+    short payloadLength = readMajorTypeWithPayloadLength(ARRAY_TYPE);
+    if (expectedArrLen != payloadLength) {
+      ISOException.throwIt(ISO7816.SW_DATA_INVALID);
+    }
+    short index = 0;
+    while (index < payloadLength) {
+      incrementStartOff(byteBlobLength);
+      byteBlobLength = readMajorTypeWithPayloadLength(BYTES_TYPE);
+      Util.setShort(out, outOff, scratchBuf[START_OFFSET]); // offset
+      outOff += 2;
+      Util.setShort(out, outOff, byteBlobLength); // length
+      outOff += 2;
+      index++;
+    }    
   }
+  
+  public short getCborBytesStartOffset(byte[] buf, short bufOffset, short bufLen) {
+    bufferRef[0] = buf;
+    scratchBuf[START_OFFSET] = bufOffset;
+    scratchBuf[LEN_OFFSET] = (short) (bufOffset + bufLen);
+
+    readMajorTypeWithPayloadLength(BYTES_TYPE);
+    return scratchBuf[START_OFFSET];
+  }
+
 }
diff --git a/Applet/src/com/android/javacard/keymaster/KMEncoder.java b/Applet/src/com/android/javacard/keymaster/KMEncoder.java
index 14d8ef4c..1ae67595 100644
--- a/Applet/src/com/android/javacard/keymaster/KMEncoder.java
+++ b/Applet/src/com/android/javacard/keymaster/KMEncoder.java
@@ -89,16 +89,16 @@ public short encode(short object, byte[] buffer, short startOff) {
     return (short) (scratchBuf[START_OFFSET] - startOff);
   }
 
-  // array{KMError.OK,Array{KMByteBlobs}}
-  public void encodeCertChain(byte[] buffer, short offset, short length, short errInt32Ptr) {
+  // array{KMError.OK, KMByteBlob}
+  public void encodeCertChain(byte[] buffer, short offset, short length, short errInt32Ptr, short certChainOff, short certChainLen) {
     bufferRef[0] = buffer;
     scratchBuf[START_OFFSET] = offset;
-    scratchBuf[LEN_OFFSET] = (short) (offset + 1);
-    //Total length is ArrayHeader + [UIntHeader + length(errInt32Ptr)]
-    scratchBuf[LEN_OFFSET] += (short) (1 + getEncodedIntegerLength(errInt32Ptr));
+    scratchBuf[LEN_OFFSET] = (short) (offset + length + 1);
 
     writeMajorTypeWithLength(ARRAY_TYPE, (short) 2); // Array of 2 elements
     encodeInteger(errInt32Ptr);
+    writeMajorTypeWithLength(BYTES_TYPE, certChainLen);
+    writeBytes(buffer, certChainOff, certChainLen);
   }
 
   //array{KMError.OK,Array{KMByteBlobs}}
diff --git a/Applet/src/com/android/javacard/keymaster/KMEnum.java b/Applet/src/com/android/javacard/keymaster/KMEnum.java
index 2b55a6ce..a55c243d 100644
--- a/Applet/src/com/android/javacard/keymaster/KMEnum.java
+++ b/Applet/src/com/android/javacard/keymaster/KMEnum.java
@@ -30,7 +30,7 @@ public class KMEnum extends KMType {
   private static KMEnum prototype;
 
   // The allowed enum types.
-  private static short[] types = {
+  private static final short[] types = {
     HARDWARE_TYPE,
     KEY_FORMAT,
     KEY_DERIVATION_FUNCTION,
diff --git a/Applet/src/com/android/javacard/keymaster/KMEnumTag.java b/Applet/src/com/android/javacard/keymaster/KMEnumTag.java
index 7493aa3d..f69aaf51 100644
--- a/Applet/src/com/android/javacard/keymaster/KMEnumTag.java
+++ b/Applet/src/com/android/javacard/keymaster/KMEnumTag.java
@@ -31,7 +31,7 @@ public class KMEnumTag extends KMTag {
 
 
   // The allowed tag keys of type enum tag.
-  private static short[] tags = {
+  private static final short[] tags = {
     ALGORITHM, ECCURVE, BLOB_USAGE_REQ, USER_AUTH_TYPE, ORIGIN, HARDWARE_TYPE
   };
 
@@ -106,8 +106,7 @@ public static void create() {
           new byte[]{RSA, DES, EC, AES, HMAC},
           new byte[]{P_224, P_256, P_384, P_521},
           new byte[]{STANDALONE, REQUIRES_FILE_SYSTEM},
-          new byte[]{USER_AUTH_NONE, PASSWORD, FINGERPRINT, (byte) (PASSWORD & FINGERPRINT),
-            ANY},
+          new byte[]{USER_AUTH_NONE, PASSWORD, FINGERPRINT, BOTH, ANY},
           new byte[]{GENERATED, DERIVED, IMPORTED, UNKNOWN, SECURELY_IMPORTED},
           new byte[]{SOFTWARE, TRUSTED_ENVIRONMENT, STRONGBOX}
         };
diff --git a/Applet/src/com/android/javacard/keymaster/KMError.java b/Applet/src/com/android/javacard/keymaster/KMError.java
index 0b4373d3..e2c74dcb 100644
--- a/Applet/src/com/android/javacard/keymaster/KMError.java
+++ b/Applet/src/com/android/javacard/keymaster/KMError.java
@@ -59,6 +59,7 @@ public class KMError {
   public static final short INVALID_NONCE = 52;
   public static final short MISSING_MAC_LENGTH = 53;
   public static final short CALLER_NONCE_PROHIBITED = 55;
+  public static final short KEY_MAX_OPS_EXCEEDED = 56;
   public static final short INVALID_MAC_LENGTH = 57;
   public static final short MISSING_MIN_MAC_LENGTH = 58;
   public static final short UNSUPPORTED_MIN_MAC_LENGTH = 59;
@@ -67,8 +68,8 @@ public class KMError {
 
   public static final short ATTESTATION_APPLICATION_ID_MISSING = 65;
   public static final short CANNOT_ATTEST_IDS = 66;
-  public static final short ROLLBACK_RESISTANCE_UNAVAILABLE = 67;
-
+  public static final short ROLLBACK_RESISTANCE_UNAVAILABLE = 67;  
+  public static final short NO_USER_CONFIRMATION = 71;
   public static final short DEVICE_LOCKED = 72;
   public static final short EARLY_BOOT_ENDED = 73;
   public static final short UNIMPLEMENTED = 100;
diff --git a/Applet/src/com/android/javacard/keymaster/KMInteger.java b/Applet/src/com/android/javacard/keymaster/KMInteger.java
index aee6f9d5..2ae32ac1 100644
--- a/Applet/src/com/android/javacard/keymaster/KMInteger.java
+++ b/Applet/src/com/android/javacard/keymaster/KMInteger.java
@@ -101,14 +101,14 @@ public static short uint_16(short num) {
   // create integer and copy integer value
   public static short uint_32(byte[] num, short offset) {
     short ptr = instance(UINT_32);
-    Util.arrayCopy(num, offset, heap, (short) (ptr + TLV_HEADER_SIZE), UINT_32);
+    Util.arrayCopyNonAtomic(num, offset, heap, (short) (ptr + TLV_HEADER_SIZE), UINT_32);
     return ptr;
   }
 
   // create integer and copy integer value
   public static short uint_64(byte[] num, short offset) {
     short ptr = instance(UINT_64);
-    Util.arrayCopy(num, offset, heap, (short) (ptr + TLV_HEADER_SIZE), UINT_64);
+    Util.arrayCopyNonAtomic(num, offset, heap, (short) (ptr + TLV_HEADER_SIZE), UINT_64);
     return ptr;
   }
 
@@ -147,6 +147,15 @@ public short value(byte[] dest, short destOff) {
     return length();
   }
 
+  public short toLittleEndian(byte[] dest, short destOff) {
+    short index = (short) (length() - 1);
+    while (index >= 0) {
+      dest[destOff++] = heap[(short) (instanceTable[KM_INTEGER_OFFSET] + TLV_HEADER_SIZE + index)];
+      index--;
+    }
+    return length();
+  }
+
   public short getShort() {
     return Util.getShort(heap, (short) (instanceTable[KM_INTEGER_OFFSET] + TLV_HEADER_SIZE + 2));
   }
diff --git a/Applet/src/com/android/javacard/keymaster/KMIntegerArrayTag.java b/Applet/src/com/android/javacard/keymaster/KMIntegerArrayTag.java
index e292c5e6..558e44e2 100644
--- a/Applet/src/com/android/javacard/keymaster/KMIntegerArrayTag.java
+++ b/Applet/src/com/android/javacard/keymaster/KMIntegerArrayTag.java
@@ -46,7 +46,7 @@ public static short exp(short tagType) {
     if (!validateTagType(tagType)) {
       ISOException.throwIt(ISO7816.SW_DATA_INVALID);
     }
-    short arrPtr = KMArray.exp(KMType.INTEGER_TYPE);
+    short arrPtr = KMArray.exp(KMInteger.exp());
     short ptr = instance(TAG_TYPE, (short) 6);
     Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE), tagType);
     Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE + 2), INVALID_TAG);
@@ -134,6 +134,17 @@ private static boolean validateTagType(short tagType) {
     return (tagType == ULONG_ARRAY_TAG) || (tagType == UINT_ARRAY_TAG);
   }
 
+  public boolean contains(short tagValue) {
+    short index = 0;
+    while (index < length()) {
+      if (KMInteger.compare(tagValue, get(index)) == 0) {
+        return true;
+      }
+      index++;
+    }
+    return false;
+  }
+
   public static boolean contains(short tagId, short tagValue, short params) {
     short tag =
       KMKeyParameters.findTag(KMType.UINT_ARRAY_TAG, tagId, params);
diff --git a/Applet/src/com/android/javacard/keymaster/KMIntegerTag.java b/Applet/src/com/android/javacard/keymaster/KMIntegerTag.java
index 6ddec4bd..c4bab026 100644
--- a/Applet/src/com/android/javacard/keymaster/KMIntegerTag.java
+++ b/Applet/src/com/android/javacard/keymaster/KMIntegerTag.java
@@ -48,7 +48,9 @@ public class KMIntegerTag extends KMTag {
     ACTIVE_DATETIME,
     ORIGINATION_EXPIRE_DATETIME,
     USAGE_EXPIRE_DATETIME,
-    CREATION_DATETIME
+    CREATION_DATETIME,
+    // Custom tag.
+    AUTH_TIMEOUT_MILLIS
   };
 
   private KMIntegerTag() {
diff --git a/Applet/src/com/android/javacard/keymaster/KMKeyParameters.java b/Applet/src/com/android/javacard/keymaster/KMKeyParameters.java
index 0ef85ae4..709b604d 100644
--- a/Applet/src/com/android/javacard/keymaster/KMKeyParameters.java
+++ b/Applet/src/com/android/javacard/keymaster/KMKeyParameters.java
@@ -27,6 +27,60 @@
  */
 public class KMKeyParameters extends KMType {
 
+  private static final short[] unsupportedTags = {
+      // Unsupported tags.
+      KMType.BOOL_TAG, KMType.TRUSTED_USER_PRESENCE_REQUIRED,
+      KMType.UINT_TAG, KMType.MIN_SEC_BETWEEN_OPS
+  };
+
+  private static final short[] hwEnforcedTagArr = {
+      // HW Enforced
+      KMType.ENUM_TAG, KMType.ORIGIN,
+      KMType.ENUM_ARRAY_TAG, KMType.PURPOSE,
+      KMType.ENUM_TAG, KMType.ALGORITHM,
+      KMType.UINT_TAG, KMType.KEYSIZE,
+      KMType.ULONG_TAG, KMType.RSA_PUBLIC_EXPONENT,
+      KMType.ENUM_TAG, KMType.BLOB_USAGE_REQ,
+      KMType.ENUM_ARRAY_TAG, KMType.DIGEST,
+      KMType.ENUM_ARRAY_TAG, KMType.PADDING,
+      KMType.ENUM_ARRAY_TAG, KMType.BLOCK_MODE,
+      KMType.ULONG_ARRAY_TAG, KMType.USER_SECURE_ID,
+      KMType.BOOL_TAG, KMType.NO_AUTH_REQUIRED,
+      KMType.UINT_TAG, KMType.AUTH_TIMEOUT,
+      KMType.BOOL_TAG, KMType.CALLER_NONCE,
+      KMType.UINT_TAG, KMType.MIN_MAC_LENGTH,
+      KMType.ENUM_TAG, KMType.ECCURVE,
+      KMType.BOOL_TAG, KMType.INCLUDE_UNIQUE_ID,
+      KMType.BOOL_TAG, KMType.ROLLBACK_RESISTANCE,
+      KMType.ENUM_TAG, KMType.USER_AUTH_TYPE,
+      KMType.BOOL_TAG, KMType.UNLOCKED_DEVICE_REQUIRED,
+      KMType.BOOL_TAG, KMType.RESET_SINCE_ID_ROTATION,
+      KMType.BOOL_TAG, KMType.BOOTLOADER_ONLY,
+      KMType.BOOL_TAG, KMType.EARLY_BOOT_ONLY,
+      KMType.UINT_TAG, KMType.MAX_USES_PER_BOOT,
+      KMType.BOOL_TAG, KMType.TRUSTED_CONFIRMATION_REQUIRED
+  };
+
+  private static final short[] swEnforcedTagsArr = {
+      KMType.DATE_TAG, KMType.ACTIVE_DATETIME,
+      KMType.DATE_TAG, KMType.ORIGINATION_EXPIRE_DATETIME,
+      KMType.DATE_TAG, KMType.USAGE_EXPIRE_DATETIME,
+      KMType.UINT_TAG, KMType.USERID,
+      KMType.DATE_TAG, KMType.CREATION_DATETIME,
+      KMType.BOOL_TAG, KMType.ALLOW_WHILE_ON_BODY
+  };
+
+  private static final short[] invalidTagsArr = {
+      KMType.BYTES_TAG, KMType.NONCE,
+      KMType.BYTES_TAG, KMType.ASSOCIATED_DATA,
+      KMType.BYTES_TAG, KMType.UNIQUE_ID,
+      KMType.UINT_TAG, KMType.MAC_LENGTH,
+  };
+
+  private static final short[] customTags  = {
+      KMType.ULONG_TAG, KMType.AUTH_TIMEOUT_MILLIS,
+  };
+
   private static KMKeyParameters prototype;
 
   private KMKeyParameters() {
@@ -108,14 +162,6 @@ public short findTag(short tagType, short tagKey) {
   }
 
   public static boolean hasUnsupportedTags(short keyParamsPtr) {
-    final short[] tagArr = {
-        // Unsupported tags.
-        KMType.BOOL_TAG, KMType.TRUSTED_CONFIRMATION_REQUIRED,
-        KMType.BOOL_TAG, KMType.TRUSTED_USER_PRESENCE_REQUIRED,
-        KMType.BOOL_TAG, KMType.ALLOW_WHILE_ON_BODY,
-        KMType.UINT_TAG, KMType.MIN_SEC_BETWEEN_OPS,
-        KMType.UINT_TAG, KMType.MAX_USES_PER_BOOT
-    };
     byte index = 0;
     short tagInd;
     short tagPtr;
@@ -128,9 +174,9 @@ public static boolean hasUnsupportedTags(short keyParamsPtr) {
       tagPtr = KMArray.cast(arrPtr).get(index);
       tagKey = KMTag.getKey(tagPtr);
       tagType = KMTag.getTagType(tagPtr);
-      while (tagInd < (short) tagArr.length) {
-        if ((tagArr[tagInd] == tagType)
-            && (tagArr[(short) (tagInd + 1)] == tagKey)) {
+      while (tagInd < (short) unsupportedTags.length) {
+        if ((unsupportedTags[tagInd] == tagType)
+            && (unsupportedTags[(short) (tagInd + 1)] == tagKey)) {
           return true;
         }
         tagInd += 2;
@@ -144,29 +190,6 @@ public static boolean hasUnsupportedTags(short keyParamsPtr) {
   public static short makeHwEnforced(short keyParamsPtr, byte origin,
       short osVersionObjPtr, short osPatchObjPtr, short vendorPatchObjPtr,
       short bootPatchObjPtr, byte[] scratchPad) {
-    final short[] hwEnforcedTagArr = {
-        // HW Enforced
-        KMType.ENUM_TAG, KMType.ORIGIN,
-        KMType.ENUM_ARRAY_TAG, KMType.PURPOSE,
-        KMType.ENUM_TAG, KMType.ALGORITHM,
-        KMType.UINT_TAG, KMType.KEYSIZE,
-        KMType.ULONG_TAG, KMType.RSA_PUBLIC_EXPONENT,
-        KMType.ENUM_TAG, KMType.BLOB_USAGE_REQ,
-        KMType.ENUM_ARRAY_TAG, KMType.DIGEST,
-        KMType.ENUM_ARRAY_TAG, KMType.PADDING,
-        KMType.ENUM_ARRAY_TAG, KMType.BLOCK_MODE,
-        KMType.ULONG_ARRAY_TAG, KMType.USER_SECURE_ID,
-        KMType.BOOL_TAG, KMType.NO_AUTH_REQUIRED,
-        KMType.UINT_TAG, KMType.AUTH_TIMEOUT,
-        KMType.BOOL_TAG, KMType.CALLER_NONCE,
-        KMType.UINT_TAG, KMType.MIN_MAC_LENGTH,
-        KMType.ENUM_TAG, KMType.ECCURVE,
-        KMType.BOOL_TAG, KMType.INCLUDE_UNIQUE_ID,
-        KMType.BOOL_TAG, KMType.ROLLBACK_RESISTANCE,
-        KMType.ENUM_TAG, KMType.USER_AUTH_TYPE,
-        KMType.BOOL_TAG, KMType.UNLOCKED_DEVICE_REQUIRED,
-        KMType.BOOL_TAG, KMType.RESET_SINCE_ID_ROTATION
-    };
     byte index = 0;
     short tagInd;
     short arrInd = 0;
@@ -211,18 +234,14 @@ public static short makeHwEnforced(short keyParamsPtr, byte origin,
         .instance(KMType.UINT_TAG, KMType.BOOT_PATCH_LEVEL, bootPatchObjPtr);
     Util.setShort(scratchPad, arrInd, bootPatchTag);
     arrInd += 2;
+    // Add custom tags at the end of the array. So it becomes easy to
+    // delete them when sending key characteristics back to HAL.
+    arrInd = addCustomTags(keyParamsPtr, scratchPad, arrInd);
     return createKeyParameters(scratchPad, (short) (arrInd / 2));
   }
 
   // ALL_USERS, EXPORTABLE missing from types.hal
   public static short makeSwEnforced(short keyParamsPtr, byte[] scratchPad) {
-    final short[] swEnforcedTagsArr = {
-        KMType.DATE_TAG, KMType.ACTIVE_DATETIME,
-        KMType.DATE_TAG, KMType.ORIGINATION_EXPIRE_DATETIME,
-        KMType.DATE_TAG, KMType.USAGE_EXPIRE_DATETIME,
-        KMType.UINT_TAG, KMType.USERID,
-        KMType.DATE_TAG, KMType.CREATION_DATETIME
-    };
     byte index = 0;
     short tagInd;
     short arrInd = 0;
@@ -287,13 +306,6 @@ public static short makeHidden(short appIdBlob, short appDataBlob, short rootOfT
   }
 
   public static boolean isValidTag(short tagType, short tagKey) {
-    short[] invalidTagsArr = {
-        KMType.BYTES_TAG, KMType.NONCE,
-        KMType.BYTES_TAG, KMType.ASSOCIATED_DATA,
-        KMType.BYTES_TAG, KMType.UNIQUE_ID,
-        KMType.UINT_TAG, KMType.MAC_LENGTH,
-        KMType.BOOL_TAG, KMType.BOOTLOADER_ONLY
-    };
     short index = 0;
     if (tagKey == KMType.INVALID_TAG) {
       return false;
@@ -318,4 +330,57 @@ public static short createKeyParameters(byte[] ptrArr, short len) {
     }
     return KMKeyParameters.instance(arrPtr);
   }
+
+  public static short addCustomTags(short keyParams, byte[] scratchPad, short offset) {
+    short index = 0;
+    short tagPtr;
+    short len = (short) customTags.length;
+    short tagType;
+    while (index < len) {
+      tagType = customTags[(short) (index + 1)];
+      switch(tagType) {
+      case KMType.AUTH_TIMEOUT_MILLIS:
+        short authTimeOutTag =
+          KMKeyParameters.cast(keyParams).findTag(KMType.UINT_TAG, KMType.AUTH_TIMEOUT);
+        if (authTimeOutTag != KMType.INVALID_VALUE) {
+          tagPtr = createAuthTimeOutMillisTag(authTimeOutTag, scratchPad, offset);
+          Util.setShort(scratchPad, offset, tagPtr);
+          offset += 2;
+        }
+        break;
+      default:
+        break;
+      }
+      index += 2;
+    }
+    return offset;
+  }
+
+  public void deleteCustomTags() {
+    short arrPtr = getVals();
+    short index = (short) (customTags.length - 1);
+    short obj;
+    while (index >= 0) {
+      obj = findTag(customTags[(short) (index - 1)], customTags[index]);
+      if (obj != KMType.INVALID_VALUE) {
+        KMArray.cast(arrPtr).deleteLastEntry();
+      }
+      index -= 2;
+    }
+  }
+
+  public static short createAuthTimeOutMillisTag(short authTimeOutTag, byte[] scratchPad, short offset) {
+    short authTime = KMIntegerTag.cast(authTimeOutTag).getValue();
+    Util.arrayFillNonAtomic(scratchPad, offset, (short) 40, (byte) 0);
+    Util.arrayCopyNonAtomic(
+        KMInteger.cast(authTime).getBuffer(),
+        KMInteger.cast(authTime).getStartOff(),
+        scratchPad,
+        (short) (offset + 8 - KMInteger.cast(authTime).length()),
+        KMInteger.cast(authTime).length());
+    KMUtils.convertToMilliseconds(scratchPad, offset, (short) (offset + 8), (short) (offset + 16));
+    return KMIntegerTag.instance(KMType.ULONG_TAG, KMType.AUTH_TIMEOUT_MILLIS,
+        KMInteger.uint_64(scratchPad, (short) (offset + 8)));
+  }  
+  
 }
diff --git a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
index b41e48f4..f549a30d 100644
--- a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
+++ b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
@@ -34,14 +34,18 @@
 public class KMKeymasterApplet extends Applet implements AppletEvent, ExtendedLength {
 
   // Constants.
+  public static final byte[] F4 = {0x01, 0x00, 0x01};	
   public static final byte AES_BLOCK_SIZE = 16;
   public static final byte DES_BLOCK_SIZE = 8;
   public static final short MAX_LENGTH = (short) 0x2000;
   private static final byte CLA_ISO7816_NO_SM_NO_CHAN = (byte) 0x80;
   private static final short KM_HAL_VERSION = (short) 0x4000;
-  private static final short MAX_AUTH_DATA_SIZE = (short) 512;
+  private static final short MAX_AUTH_DATA_SIZE = (short) 256;
   private static final short DERIVE_KEY_INPUT_SIZE = (short) 256;
   private static final short POWER_RESET_MASK_FLAG = (short) 0x4000;
+  // Magic number version
+  public static final byte KM_MAGIC_NUMBER = (byte) 0x81;
+  public static final short CURRENT_PACKAGE_VERSION = 0x0101; // 1.1
 
   // "Keymaster HMAC Verification" - used for HMAC key verification.
   public static final byte[] sharingCheck = {
@@ -67,6 +71,14 @@ public class KMKeymasterApplet extends Applet implements AppletEvent, ExtendedLe
       0x6B,
       0x65, 0x6E
   };
+  
+  // getHardwareInfo constants.
+  private static final byte[] JAVACARD_KEYMASTER_DEVICE = {
+      0x4A, 0x61, 0x76, 0x61, 0x63, 0x61, 0x72, 0x64, 0x4B, 0x65, 0x79, 0x6D, 0x61, 0x73, 0x74,
+      0x65, 0x72, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65,
+  };
+  private static final byte[] GOOGLE = {0x47, 0x6F, 0x6F, 0x67, 0x6C, 0x65};
+
 
   // Possible states of the applet.
   private static final byte KM_BEGIN_STATE = 0x00;
@@ -79,14 +91,15 @@ public class KMKeymasterApplet extends Applet implements AppletEvent, ExtendedLe
   private static final byte INS_BEGIN_KM_CMD = 0x00;
   // Instructions for Provision Commands.
   private static final byte INS_PROVISION_ATTESTATION_KEY_CMD = INS_BEGIN_KM_CMD + 1; //0x01
-  private static final byte INS_PROVISION_ATTESTATION_CERT_CHAIN_CMD = INS_BEGIN_KM_CMD + 2; //0x02
-  private static final byte INS_PROVISION_ATTESTATION_CERT_PARAMS_CMD = INS_BEGIN_KM_CMD + 3; //0x03
-  private static final byte INS_PROVISION_ATTEST_IDS_CMD = INS_BEGIN_KM_CMD + 4; //0x04
-  private static final byte INS_PROVISION_PRESHARED_SECRET_CMD = INS_BEGIN_KM_CMD + 5; //0x05
-  private static final byte INS_SET_BOOT_PARAMS_CMD = INS_BEGIN_KM_CMD + 6; //0x06
-  private static final byte INS_LOCK_PROVISIONING_CMD = INS_BEGIN_KM_CMD + 7; //0x07
-  private static final byte INS_GET_PROVISION_STATUS_CMD = INS_BEGIN_KM_CMD + 8; //0x08
-  private static final byte INS_SET_VERSION_PATCHLEVEL_CMD = INS_BEGIN_KM_CMD + 9; //0x09
+  private static final byte INS_PROVISION_ATTESTATION_CERT_DATA_CMD = INS_BEGIN_KM_CMD + 2; //0x02
+  private static final byte INS_PROVISION_ATTEST_IDS_CMD = INS_BEGIN_KM_CMD + 3; //0x03
+  private static final byte INS_PROVISION_PRESHARED_SECRET_CMD = INS_BEGIN_KM_CMD + 4; //0x04
+  private static final byte INS_SET_BOOT_PARAMS_CMD = INS_BEGIN_KM_CMD + 5; //0x05
+  private static final byte INS_LOCK_PROVISIONING_CMD = INS_BEGIN_KM_CMD + 6; //0x06
+  private static final byte INS_GET_PROVISION_STATUS_CMD = INS_BEGIN_KM_CMD + 7; //0x07
+  private static final byte INS_SET_VERSION_PATCHLEVEL_CMD = INS_BEGIN_KM_CMD + 8; //0x08
+  private static final byte INS_SET_BOOT_ENDED_CMD = INS_BEGIN_KM_CMD + 9; //0x09
+  
   // Top 32 commands are reserved for provisioning.
   private static final byte INS_END_KM_PROVISION_CMD = 0x20;
 
@@ -116,14 +129,13 @@ public class KMKeymasterApplet extends Applet implements AppletEvent, ExtendedLe
   private static final byte INS_END_KM_CMD = 0x7F;
 
   // Provision reporting status
-  private static final byte NOT_PROVISIONED = 0x00;
-  private static final byte PROVISION_STATUS_ATTESTATION_KEY = 0x01;
+  protected static final byte NOT_PROVISIONED = 0x00;
+  protected static final byte PROVISION_STATUS_ATTESTATION_KEY = 0x01;
   private static final byte PROVISION_STATUS_ATTESTATION_CERT_CHAIN = 0x02;
   private static final byte PROVISION_STATUS_ATTESTATION_CERT_PARAMS = 0x04;
-  private static final byte PROVISION_STATUS_ATTEST_IDS = 0x08;
-  private static final byte PROVISION_STATUS_PRESHARED_SECRET = 0x10;
-  private static final byte PROVISION_STATUS_BOOT_PARAM = 0x20;
-  private static final byte PROVISION_STATUS_PROVISIONING_LOCKED = 0x40;
+  protected static final byte PROVISION_STATUS_ATTEST_IDS = 0x08;
+  protected static final byte PROVISION_STATUS_PRESHARED_SECRET = 0x10;
+  protected static final byte PROVISION_STATUS_PROVISIONING_LOCKED = 0x20;
 
   // Data Dictionary items
   public static final byte DATA_ARRAY_SIZE = 30;
@@ -189,6 +201,9 @@ public class KMKeymasterApplet extends Applet implements AppletEvent, ExtendedLe
   protected static short[] tmpVariables;
   protected static short[] data;
   protected static byte provisionStatus = NOT_PROVISIONED;
+  // First two bytes are Major version and second bytes are minor version.
+  protected short packageVersion;
+  
 
   /**
    * Registers this applet.
@@ -201,6 +216,7 @@ protected KMKeymasterApplet(KMSEProvider seImpl) {
     if (!isUpgrading) {
       keymasterState = KMKeymasterApplet.INIT_STATE;
       seProvider.createMasterKey((short) (KMRepository.MASTER_KEY_SIZE * 8));
+      packageVersion = CURRENT_PACKAGE_VERSION;
     }
     KMType.initialize();
     encoder = new KMEncoder();
@@ -349,15 +365,10 @@ public void process(APDU apdu) {
             sendError(apdu, KMError.OK);
             return;
 
-          case INS_PROVISION_ATTESTATION_CERT_CHAIN_CMD:
-            processProvisionAttestationCertChainCmd(apdu);
-            provisionStatus |= KMKeymasterApplet.PROVISION_STATUS_ATTESTATION_CERT_CHAIN;
-            sendError(apdu, KMError.OK);
-            return;
-
-          case INS_PROVISION_ATTESTATION_CERT_PARAMS_CMD:
-            processProvisionAttestationCertParams(apdu);
-            provisionStatus |= KMKeymasterApplet.PROVISION_STATUS_ATTESTATION_CERT_PARAMS;
+          case INS_PROVISION_ATTESTATION_CERT_DATA_CMD:
+            processProvisionAttestationCertDataCmd(apdu);
+            provisionStatus |= (KMKeymasterApplet.PROVISION_STATUS_ATTESTATION_CERT_CHAIN |
+                KMKeymasterApplet.PROVISION_STATUS_ATTESTATION_CERT_PARAMS);
             sendError(apdu, KMError.OK);
             return;
 
@@ -395,10 +406,22 @@ public void process(APDU apdu) {
               ISOException.throwIt(ISO7816.SW_COMMAND_NOT_ALLOWED);
             }
             processSetBootParamsCmd(apdu);
-            provisionStatus |= KMKeymasterApplet.PROVISION_STATUS_BOOT_PARAM;
-            seProvider.clearDeviceBooted(false);
+
             sendError(apdu, KMError.OK);
             return;
+            
+          case INS_SET_BOOT_ENDED_CMD:
+              if (seProvider.isBootSignalEventSupported()
+                  && (keymasterState == KMKeymasterApplet.ACTIVE_STATE)
+                  && (!seProvider.isDeviceRebooted())) {
+                ISOException.throwIt(ISO7816.SW_COMMAND_NOT_ALLOWED);
+              }
+              //set the flag to mark boot ended
+              repository.setBootEndedStatus(true);
+              
+              seProvider.clearDeviceBooted(false);
+              sendError(apdu, KMError.OK);
+              return;
 
           case INS_GET_PROVISION_STATUS_CMD:
             processGetProvisionStatusCmd(apdu);
@@ -490,8 +513,8 @@ && isProvisioningComplete())) {
       sendError(apdu, KMException.getReason());
       exception.clear();
     } catch (ISOException exp) {
-      sendError(apdu, mapISOErrorToKMError(exp.getReason()));
       freeOperations();
+      sendError(apdu, mapISOErrorToKMError(exp.getReason()));
     } catch (CryptoException e) {
       freeOperations();
       sendError(apdu, mapCryptoErrorToKMError(e.getReason()));
@@ -531,7 +554,7 @@ private void freeOperations() {
   }
 
   private void processEarlyBootEndedCmd(APDU apdu) {
-    KMException.throwIt(KMError.UNIMPLEMENTED);
+    repository.setEarlyBootEndedStatus(true);
   }
 
   private void processDeviceLockedCmd(APDU apdu) {
@@ -609,12 +632,6 @@ public static void receiveIncoming(APDU apdu) {
 
   private void processGetHwInfoCmd(APDU apdu) {
     // No arguments expected
-    final byte[] JavacardKeymasterDevice = {
-        0x4A, 0x61, 0x76, 0x61, 0x63, 0x61, 0x72, 0x64, 0x4B, 0x65, 0x79, 0x6D, 0x61, 0x73, 0x74,
-        0x65, 0x72, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65,
-    };
-    final byte[] Google = {0x47, 0x6F, 0x6F, 0x67, 0x6C, 0x65};
-
     // Make the response
     short respPtr = KMArray.instance((short) 3);
     KMArray resp = KMArray.cast(respPtr);
@@ -622,8 +639,8 @@ private void processGetHwInfoCmd(APDU apdu) {
     resp.add(
         (short) 1,
         KMByteBlob.instance(
-            JavacardKeymasterDevice, (short) 0, (short) JavacardKeymasterDevice.length));
-    resp.add((short) 2, KMByteBlob.instance(Google, (short) 0, (short) Google.length));
+            JAVACARD_KEYMASTER_DEVICE, (short) 0, (short) JAVACARD_KEYMASTER_DEVICE.length));
+    resp.add((short) 2, KMByteBlob.instance(GOOGLE, (short) 0, (short) GOOGLE.length));
 
     bufferProp[BUF_START_OFFSET] = repository.allocAvailableMemory();
     // Encode the response - actual bufferProp[BUF_LEN_OFFSET] is 86
@@ -693,84 +710,72 @@ private void processSetVersionAndPatchLevels(APDU apdu) {
 
     sendError(apdu, KMError.OK);
   }
+  
+  private short getProvisionedCertificateData(byte dataType) {
+    short len = seProvider.getProvisionedDataLength(dataType);
+    if (len == 0) {
+      KMException.throwIt(KMError.INVALID_DATA);
+    }
+    short ptr = KMByteBlob.instance(len);
+    seProvider.readProvisionedData(
+        dataType,
+        KMByteBlob.cast(ptr).getBuffer(),
+        KMByteBlob.cast(ptr).getStartOff());
+    return ptr;
+  }
 
   private void processGetCertChainCmd(APDU apdu) {
     // Make the response
-    tmpVariables[0] = seProvider.getCertificateChainLength();
+    short certChainLen = seProvider.getProvisionedDataLength(KMSEProvider.CERTIFICATE_CHAIN);
     short int32Ptr = buildErrorStatus(KMError.OK);
-    //Total Extra length
-    // Add arrayHeader and (PowerResetStatus + KMError.OK)
-    tmpVariables[2] = (short) (1 + encoder.getEncodedIntegerLength(int32Ptr));
-    tmpVariables[0] += tmpVariables[2];
-    tmpVariables[1] = KMByteBlob.instance(tmpVariables[0]);
+    short maxByteHeaderLen = 3; // Maximum possible ByteBlob header len.
+    short arrayHeaderLen = 1;
+    // Allocate maximum possible buffer.
+    // Add arrayHeader + (PowerResetStatus + KMError.OK) + Byte Header
+    short totalLen = (short) (arrayHeaderLen + encoder.getEncodedIntegerLength(int32Ptr) + maxByteHeaderLen + certChainLen);
+    tmpVariables[1] = KMByteBlob.instance(totalLen);
     bufferRef[0] = KMByteBlob.cast(tmpVariables[1]).getBuffer();
     bufferProp[BUF_START_OFFSET] = KMByteBlob.cast(tmpVariables[1]).getStartOff();
     bufferProp[BUF_LEN_OFFSET] = KMByteBlob.cast(tmpVariables[1]).length();
-    // read the cert chain from non-volatile memory. Cert chain is already in
-    // CBOR format.
-    seProvider.readCertificateChain((byte[]) bufferRef[0], (short) (bufferProp[BUF_START_OFFSET] + tmpVariables[2]));
+    // copy the certificate chain to the end of the buffer.
+    seProvider.readProvisionedData(
+        KMSEProvider.CERTIFICATE_CHAIN,
+        (byte[]) bufferRef[0],
+        (short) (bufferProp[BUF_START_OFFSET] + totalLen - certChainLen));
     // Encode cert chain.
-    encoder.encodeCertChain((byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET], bufferProp[BUF_LEN_OFFSET], int32Ptr);
+    encoder.encodeCertChain((byte[]) bufferRef[0],
+        bufferProp[BUF_START_OFFSET],
+        bufferProp[BUF_LEN_OFFSET],
+        int32Ptr, // uint32 ptr
+        (short) (bufferProp[BUF_START_OFFSET] + totalLen - certChainLen), // start pos of cert chain.
+        certChainLen);
     sendOutgoing(apdu);
   }
 
-  private void processProvisionAttestationCertParams(APDU apdu) {
+  private void processProvisionAttestationCertDataCmd(APDU apdu) {
     receiveIncoming(apdu);
-    // Arguments
-    short blob = KMByteBlob.exp();
-    short argsProto = KMArray.instance((short) 2);
-    KMArray.cast(argsProto).add((short) 0, blob); // Cert - DER encoded issuer
-    KMArray.cast(argsProto).add((short) 1, blob); // Cert - Expiry Time
-    // Decode the argument.
-    short args = decoder.decode(argsProto, (byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET], bufferProp[BUF_LEN_OFFSET]);
-    //reclaim memory
+    // Buffer holds the corresponding offsets and lengths of the certChain, certIssuer and certExpiry
+    // in the bufferRef[0] buffer.
+    short var = KMByteBlob.instance((short) 12);
+    // These variables point to the appropriate positions in the var buffer.
+    short certChainPos = KMByteBlob.cast(var).getStartOff();
+    short certIssuerPos = (short) (KMByteBlob.cast(var).getStartOff() + 4);
+    short certExpiryPos = (short) (KMByteBlob.cast(var).getStartOff() + 8);
+    decoder.decodeCertificateData((short) 3,
+        (byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET], bufferProp[BUF_LEN_OFFSET],
+        KMByteBlob.cast(var).getBuffer(), KMByteBlob.cast(var).getStartOff());
+    // persist data
+    seProvider.persistProvisionData(
+        (byte[]) bufferRef[0],
+        Util.getShort(KMByteBlob.cast(var).getBuffer(), certChainPos), // offset
+        Util.getShort(KMByteBlob.cast(var).getBuffer(), (short) (certChainPos + 2)), // length
+        Util.getShort(KMByteBlob.cast(var).getBuffer(), certIssuerPos), // offset
+        Util.getShort(KMByteBlob.cast(var).getBuffer(), (short) (certIssuerPos + 2)), // length
+        Util.getShort(KMByteBlob.cast(var).getBuffer(), certExpiryPos), // offset
+        Util.getShort(KMByteBlob.cast(var).getBuffer(), (short) (certExpiryPos + 2))); // length
+        
+    // reclaim memory
     repository.reclaimMemory(bufferProp[BUF_LEN_OFFSET]);
-
-    // save issuer - DER Encoded
-    tmpVariables[0] = KMArray.cast(args).get((short) 0);
-    repository.setIssuer(
-        KMByteBlob.cast(tmpVariables[0]).getBuffer(),
-        KMByteBlob.cast(tmpVariables[0]).getStartOff(),
-        KMByteBlob.cast(tmpVariables[0]).length());
-
-    // save expiry time - UTC or General Time - YYMMDDhhmmssZ or YYYYMMDDhhmmssZ.
-    tmpVariables[0] = KMArray.cast(args).get((short) 1);
-    repository.setCertExpiryTime(
-        KMByteBlob.cast(tmpVariables[0]).getBuffer(),
-        KMByteBlob.cast(tmpVariables[0]).getStartOff(),
-        KMByteBlob.cast(tmpVariables[0]).length());
-  }
-
-  private void processProvisionAttestationCertChainCmd(APDU apdu) {
-    tmpVariables[0] = seProvider.getCertificateChainLength();
-    if (tmpVariables[0] != 0) {
-      //Clear the previous certificate chain.
-      seProvider.clearCertificateChain();
-    }
-    byte[] srcBuffer = apdu.getBuffer();
-    short recvLen = apdu.setIncomingAndReceive();
-    short srcOffset = apdu.getOffsetCdata();
-    bufferProp[BUF_LEN_OFFSET] = apdu.getIncomingLength();
-    bufferProp[BUF_START_OFFSET] = repository.alloc(bufferProp[BUF_LEN_OFFSET]);
-    short bytesRead = 0;
-    Util.arrayCopyNonAtomic(srcBuffer, srcOffset, (byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET],
-        recvLen);
-    // tmpVariables[1] holds the total length + Header length.
-    tmpVariables[1] = decoder.readCertificateChainLengthAndHeaderLen((byte[]) bufferRef[0],
-        bufferProp[BUF_START_OFFSET], recvLen);
-    while (recvLen > 0 && ((short) bytesRead <= bufferProp[BUF_LEN_OFFSET])) {
-      seProvider.persistPartialCertificateChain((byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET],
-          recvLen, bufferProp[BUF_LEN_OFFSET]);
-      bytesRead += recvLen;
-      recvLen = apdu.receiveBytes(srcOffset);
-      if (recvLen > 0) {
-        Util.arrayCopyNonAtomic(srcBuffer, srcOffset, (byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET],
-            recvLen);
-      }
-    }
-    if (tmpVariables[1] != bytesRead) {
-      ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
-    }
   }
 
   private void processProvisionAttestationKey(APDU apdu) {
@@ -779,11 +784,11 @@ private void processProvisionAttestationKey(APDU apdu) {
     byte[] scratchPad = apdu.getBuffer();
     // Arguments
     short keyparams = KMKeyParameters.exp();
-    short keyFormat = KMEnum.instance(KMType.KEY_FORMAT);
+    short keyFormatPtr = KMEnum.instance(KMType.KEY_FORMAT);
     short blob = KMByteBlob.exp();
     short argsProto = KMArray.instance((short) 3);
     KMArray.cast(argsProto).add((short) 0, keyparams);
-    KMArray.cast(argsProto).add((short) 1, keyFormat);
+    KMArray.cast(argsProto).add((short) 1, keyFormatPtr);
     KMArray.cast(argsProto).add((short) 2, blob);
 
     // Decode the argument
@@ -796,8 +801,8 @@ private void processProvisionAttestationKey(APDU apdu) {
     tmpVariables[0] = KMArray.cast(args).get((short) 1);
     data[IMPORTED_KEY_BLOB] = KMArray.cast(args).get((short) 2);
     // Key format must be RAW format
-    tmpVariables[0] = KMEnum.cast(tmpVariables[0]).getVal();
-    if (tmpVariables[0] != KMType.RAW) {
+    byte keyFormat = KMEnum.cast(tmpVariables[0]).getVal();
+    if (keyFormat != KMType.RAW) {
       KMException.throwIt(KMError.UNIMPLEMENTED);
     }
     data[ORIGIN] = KMType.IMPORTED;
@@ -836,7 +841,7 @@ private void processProvisionAttestationKey(APDU apdu) {
       KMException.throwIt(KMError.INVALID_ARGUMENT);
     }
     // Import EC Key - initializes data[SECRET] data[PUB_KEY]
-    importECKeys(scratchPad);
+    importECKeys(scratchPad, keyFormat);
 
     // persist key
     seProvider.createAttestationKey(
@@ -858,14 +863,7 @@ private void processProvisionAttestIdsCmd(APDU apdu) {
 
     data[KEY_PARAMETERS] = KMArray.cast(args).get((short) 0);
     // persist attestation Ids - if any is missing then exception occurs
-    saveAttId(KMType.ATTESTATION_ID_BRAND);
-    saveAttId(KMType.ATTESTATION_ID_DEVICE);
-    saveAttId(KMType.ATTESTATION_ID_PRODUCT);
-    saveAttId(KMType.ATTESTATION_ID_MANUFACTURER);
-    saveAttId(KMType.ATTESTATION_ID_MODEL);
-    saveAttId(KMType.ATTESTATION_ID_IMEI);
-    saveAttId(KMType.ATTESTATION_ID_MEID);
-    saveAttId(KMType.ATTESTATION_ID_SERIAL);
+    saveAttId();
   }
 
   private void processProvisionSharedSecretCmd(APDU apdu) {
@@ -901,17 +899,24 @@ private void processGetProvisionStatusCmd(APDU apdu) {
     sendOutgoing(apdu);
   }
 
-  private void saveAttId(short attTag) {
-    tmpVariables[0] = KMKeyParameters.findTag(KMType.BYTES_TAG, attTag, data[KEY_PARAMETERS]);
-    if (tmpVariables[0] != KMType.INVALID_VALUE) {
-      tmpVariables[0] = KMByteTag.cast(tmpVariables[0]).getValue();
-      repository.persistAttId(
-          mapToAttId(attTag),
-          KMByteBlob.cast(tmpVariables[0]).getBuffer(),
-          KMByteBlob.cast(tmpVariables[0]).getStartOff(),
-          KMByteBlob.cast(tmpVariables[0]).length());
-    } else {
-      KMException.throwIt(KMError.INVALID_ARGUMENT);
+  private void saveAttId() {
+    // clear the attestation ids.
+    repository.deleteAttIds();
+
+    short attTag = KMType.ATTESTATION_ID_BRAND;
+    while (attTag <= KMType.ATTESTATION_ID_MODEL) {
+      tmpVariables[0] = KMKeyParameters.findTag(KMType.BYTES_TAG, attTag, data[KEY_PARAMETERS]);
+      if (tmpVariables[0] != KMType.INVALID_VALUE) {
+        tmpVariables[0] = KMByteTag.cast(tmpVariables[0]).getValue();
+        repository.persistAttId(
+            mapToAttId(attTag),
+            KMByteBlob.cast(tmpVariables[0]).getBuffer(),
+            KMByteBlob.cast(tmpVariables[0]).getStartOff(),
+            KMByteBlob.cast(tmpVariables[0]).length());
+      } else {
+        KMException.throwIt(KMError.INVALID_ARGUMENT);
+      }
+      attTag++;
     }
   }
 
@@ -966,6 +971,9 @@ private void processGetKeyCharacteristicsCmd(APDU apdu) {
     parseEncryptedKeyBlob(scratchPad);
     // Check Version and Patch Level
     checkVersionAndPatchLevel(scratchPad);
+    // Remove custom tags from key characteristics
+    short hwParams = KMKeyCharacteristics.cast(data[KEY_CHARACTERISTICS]).getHardwareEnforced();
+    KMKeyParameters.cast(hwParams).deleteCustomTags();
     // make response.
     tmpVariables[0] = KMArray.instance((short) 2);
     KMArray.cast(tmpVariables[0]).add((short) 0, buildErrorStatus(KMError.OK));
@@ -1134,7 +1142,7 @@ private void processComputeSharedHmacCmd(APDU apdu) {
             scratchPad,
             (short) 0);
     // persist the computed hmac key.
-    repository.initComputedHmac(scratchPad, (short) 0, tmpVariables[6]);
+    seProvider.createComputedHmacKey(scratchPad, (short) 0, tmpVariables[6]);
 
     // Generate sharingKey verification signature and store that in scratch pad.
     tmpVariables[5] =
@@ -1273,10 +1281,9 @@ private void processImportWrappedKeyCmd(APDU apdu) {
     tmpVariables[1] = KMEnumTag.getValue(KMType.ALGORITHM, tmpVariables[0]);
     // read key format
     tmpVariables[2] = KMArray.cast(args).get((short) 1);
-    tmpVariables[2] = KMEnum.cast(tmpVariables[2]).getVal();
-    // import of RSA and EC not supported with pkcs8 or x509 format
+    byte keyFormat = KMEnum.cast(tmpVariables[2]).getVal();
     if ((tmpVariables[1] == KMType.RSA || tmpVariables[1] == KMType.EC)
-        && (tmpVariables[2] != KMType.RAW)) {
+        && (keyFormat != KMType.PKCS8)) {
       KMException.throwIt(KMError.UNIMPLEMENTED);
     }
 
@@ -1386,19 +1393,8 @@ private void processImportWrappedKeyCmd(APDU apdu) {
     data[ORIGIN] = KMType.SECURELY_IMPORTED;
     data[KEY_PARAMETERS] = KMArray.cast(args).get((short) 0);
     // create key blob array
-    data[IMPORTED_KEY_BLOB] = KMArray.instance((short) 1);
-    // add the byte blob containing decrypted input data
-    KMArray.cast(data[IMPORTED_KEY_BLOB])
-        .add(
-            (short) 0,
-            KMByteBlob.instance(scratchPad, (short) 0, KMByteBlob.cast(data[INPUT_DATA]).length()));
-    // encode the key blob
-    tmpVariables[0] = repository.alloc((short) (KMByteBlob.cast(data[INPUT_DATA]).length() + 16));
-    tmpVariables[1] =
-        encoder.encode(data[IMPORTED_KEY_BLOB], repository.getHeap(), tmpVariables[0]);
-    data[IMPORTED_KEY_BLOB] =
-        KMByteBlob.instance(repository.getHeap(), tmpVariables[0], tmpVariables[1]);
-    importKey(apdu, scratchPad);
+    data[IMPORTED_KEY_BLOB] = KMByteBlob.instance(scratchPad, (short) 0, KMByteBlob.cast(data[INPUT_DATA]).length());
+    importKey(apdu, scratchPad, keyFormat);
   }
 
   private void processAttestKeyCmd(APDU apdu) {
@@ -1485,14 +1481,17 @@ private void processAttestKeyCmd(APDU apdu) {
     // expiry time - byte blob
     tmpVariables[2] =
         KMKeyParameters.findTag(KMType.DATE_TAG, KMType.USAGE_EXPIRE_DATETIME, data[SW_PARAMETERS]);
-    cert.notAfter(tmpVariables[2], repository.getCertExpiryTime(), scratchPad, (short) 0);
+    cert.notAfter(tmpVariables[2],
+        getProvisionedCertificateData(KMSEProvider.CERTIFICATE_EXPIRY),
+        scratchPad,
+        (short) 0);
 
     addTags(KMKeyCharacteristics.cast(data[KEY_CHARACTERISTICS]).getHardwareEnforced(), true, cert);
     addTags(
         KMKeyCharacteristics.cast(data[KEY_CHARACTERISTICS]).getSoftwareEnforced(), false, cert);
 
     cert.deviceLocked(repository.getBootLoaderLock());
-    cert.issuer(repository.getIssuer());
+    cert.issuer(getProvisionedCertificateData(KMSEProvider.CERTIFICATE_ISSUER));
     cert.publicKey(data[PUB_KEY]);
     cert.verifiedBootHash(repository.getVerifiedBootHash());
 
@@ -1517,7 +1516,7 @@ private boolean isEmpty(byte[] buf, short offset, short len) {
     boolean empty = true;
     short index = 0;
     while (index < len) {
-      if (buf[(short) (index + offset)] != 0) {
+      if (buf[index] != 0) {
         empty = false;
         break;
       }
@@ -1555,7 +1554,7 @@ private void addAttestationIds(KMAttestationCert cert) {
         storedAttId = repository.getAttId(mapToAttId(attTags[index]));
         // Return CANNOT_ATTEST_IDS if Attestation IDs are not provisioned or
         // Attestation IDs are deleted.
-        if (storedAttId == 0 ||
+        if (storedAttId == KMType.INVALID_VALUE ||
             isEmpty(KMByteBlob.cast(storedAttId).getBuffer(),
                     KMByteBlob.cast(storedAttId).getStartOff(),
                     KMByteBlob.cast(storedAttId).length())) {
@@ -1692,11 +1691,12 @@ private void processFinishOperationCmd(APDU apdu) {
     authorizeUpdateFinishOperation(op, scratchPad);
     switch (op.getPurpose()) {
       case KMType.SIGN:
+    	  finishTrustedConfirmationOperation(op);
       case KMType.VERIFY:
         finishSigningVerifyingOperation(op, scratchPad);
         break;
       case KMType.ENCRYPT:
-        finishEncryptOperation(op, scratchPad);
+        finishEncryptOperation(op);
         break;
       case KMType.DECRYPT:
         finishDecryptOperation(op, scratchPad);
@@ -1721,50 +1721,54 @@ private void processFinishOperationCmd(APDU apdu) {
     sendOutgoing(apdu);
   }
 
-  private void finishEncryptOperation(KMOperationState op, byte[] scratchPad) {
+  private void finishEncryptOperation(KMOperationState op) {
+    if(op.getAlgorithm() != KMType.AES && op.getAlgorithm() != KMType.DES){
+      KMException.throwIt(KMError.UNSUPPORTED_ALGORITHM);
+    }
+    finishAesDesOperation(op);
+  }
+  
+  private void finishAesDesOperation(KMOperationState op) {
     short len = KMByteBlob.cast(data[INPUT_DATA]).length();
-    switch (op.getAlgorithm()) {
-      case KMType.AES:
-      case KMType.DES:
-        if (op.getAlgorithm() == KMType.AES) {
-          tmpVariables[0] = AES_BLOCK_SIZE;
-        } else {
-          tmpVariables[0] = DES_BLOCK_SIZE;
-        }
-        // If no padding then data length must be block aligned
-        if ((op.getBlockMode() == KMType.ECB || op.getBlockMode() == KMType.CBC)
-            && op.getPadding() == KMType.PADDING_NONE
-            && ((short) (len % tmpVariables[0]) != 0)) {
-          KMException.throwIt(KMError.INVALID_INPUT_LENGTH);
-        } else if (op.getBlockMode() == KMType.GCM) {
-          // update aad if there is any
-          updateAAD(op, (byte) 0x01);
-          // Get the output size
-          len = op.getOperation().getAESGCMOutputSize(len, (short) (op.getMacLength() / 8));
-          data[OUTPUT_DATA] = KMByteBlob.instance(len);
-        }
-        // If padding i.e. pkcs7 then add padding to right
-        // Output data can at most one block size more the input data in case of pkcs7 encryption
-        tmpVariables[0] = KMByteBlob.instance((short) (len + tmpVariables[0]));
-        len =
-            op.getOperation()
-                .finish(
-                    KMByteBlob.cast(data[INPUT_DATA]).getBuffer(),
-                    KMByteBlob.cast(data[INPUT_DATA]).getStartOff(),
-                    KMByteBlob.cast(data[INPUT_DATA]).length(),
-                    KMByteBlob.cast(tmpVariables[0]).getBuffer(),
-                    KMByteBlob.cast(tmpVariables[0]).getStartOff());
+    short blockSize = DES_BLOCK_SIZE;
+    if (op.getAlgorithm() == KMType.AES) {
+      blockSize = AES_BLOCK_SIZE;
+    }
 
-        data[OUTPUT_DATA] =
-            KMByteBlob.instance(
-                KMByteBlob.cast(tmpVariables[0]).getBuffer(),
-                KMByteBlob.cast(tmpVariables[0]).getStartOff(),
-                len);
-        break;
-      default:
-        KMException.throwIt(KMError.UNSUPPORTED_ALGORITHM);
-        break;
+    if((op.getPurpose() == KMType.DECRYPT) && (op.getPadding() == KMType.PKCS7)
+        && (op.getBlockMode() == KMType.ECB || op.getBlockMode() == KMType.CBC)
+        && ((short) (len % blockSize) != 0)){
+      KMException.throwIt(KMError.INVALID_INPUT_LENGTH);
     }
+
+    if (op.getBlockMode() == KMType.GCM) {
+      if (op.getPurpose() == KMType.DECRYPT && (len < (short) (op.getMacLength() / 8))) {
+        KMException.throwIt(KMError.INVALID_INPUT_LENGTH);
+      }
+      // update aad if there is any
+      updateAAD(op, (byte) 0x01);
+      // Get the output size
+      len = op.getOperation().getAESGCMOutputSize(len, (short) (op.getMacLength() / 8));
+    }
+    // If padding i.e. pkcs7 then add padding to right
+    // Output data can at most one block size more the input data in case of pkcs7
+    // encryption
+    data[OUTPUT_DATA] = KMByteBlob.instance((short) (len + 2 * blockSize));
+    try {
+      len = op.getOperation().finish(
+          KMByteBlob.cast(data[INPUT_DATA]).getBuffer(),
+          KMByteBlob.cast(data[INPUT_DATA]).getStartOff(),
+          KMByteBlob.cast(data[INPUT_DATA]).length(),
+          KMByteBlob.cast(data[OUTPUT_DATA]).getBuffer(),
+          KMByteBlob.cast(data[OUTPUT_DATA]).getStartOff());
+    } catch (CryptoException e) {
+      if (e.getReason() == CryptoException.ILLEGAL_USE) {
+        KMException.throwIt(KMError.INVALID_INPUT_LENGTH);
+      }
+    }
+
+    // Update the length of the output
+    KMByteBlob.cast(data[OUTPUT_DATA]).setLength(len);
   }
 
   private void finishDecryptOperation(KMOperationState op, byte[] scratchPad) {
@@ -1789,39 +1793,7 @@ private void finishDecryptOperation(KMOperationState op, byte[] scratchPad) {
         break;
       case KMType.AES:
       case KMType.DES:
-        if (op.getAlgorithm() == KMType.AES) {
-          tmpVariables[0] = AES_BLOCK_SIZE;
-        } else {
-          tmpVariables[0] = DES_BLOCK_SIZE;
-        }
-        tmpVariables[1] = repository.alloc(len);
-        if ((op.getBlockMode() == KMType.CBC || op.getBlockMode() == KMType.ECB)
-            && len > 0
-            && (len % tmpVariables[0]) != 0) {
-          KMException.throwIt(KMError.INVALID_INPUT_LENGTH);
-        } else if (op.getBlockMode() == KMType.GCM) {
-          // update aad if there is any
-          updateAAD(op, (byte) 0x01);
-          // Check if there is at least MAC Length bytes of input data
-          if ((len < (short) (op.getMacLength() / 8))) {
-            KMException.throwIt(KMError.INVALID_INPUT_LENGTH);
-          }
-          // Get the output size - in case of JCardSim this will more then input size
-          tmpVariables[0] =
-              op.getOperation().getAESGCMOutputSize(len, (short) (op.getMacLength() / 8));
-          tmpVariables[1] = repository.alloc(tmpVariables[0]);
-        }
-        byte[] heap = repository.getHeap();
-        len =
-            op.getOperation()
-                .finish(
-                    KMByteBlob.cast(data[INPUT_DATA]).getBuffer(),
-                    KMByteBlob.cast(data[INPUT_DATA]).getStartOff(),
-                    len,
-                    heap,
-                    tmpVariables[1]);
-
-        data[OUTPUT_DATA] = KMByteBlob.instance(heap, tmpVariables[1], len);
+        finishAesDesOperation(op);
         break;
     }
   }
@@ -1953,7 +1925,13 @@ private void finishSigningVerifyingOperation(KMOperationState op, byte[] scratch
   private void authorizeUpdateFinishOperation(KMOperationState op, byte[] scratchPad) {
     // If one time user Authentication is required
     if (op.isSecureUserIdReqd() && !op.isAuthTimeoutValidated()) {
-      validateVerificationToken(op, data[VERIFICATION_TOKEN], scratchPad);
+      // Validate Verification Token.
+      validateVerificationToken(data[VERIFICATION_TOKEN], scratchPad);
+      // validate operation handle.
+      short ptr = KMVerificationToken.cast(data[VERIFICATION_TOKEN]).getChallenge();
+      if (KMInteger.compare(ptr, op.getHandle()) != 0) {
+        KMException.throwIt(KMError.VERIFICATION_FAILED);
+      }
       tmpVariables[0] = op.getAuthTime();
       tmpVariables[2] = KMVerificationToken.cast(data[VERIFICATION_TOKEN]).getTimestamp();
       if (tmpVariables[2] == KMType.INVALID_VALUE) {
@@ -1968,11 +1946,58 @@ private void authorizeUpdateFinishOperation(KMOperationState op, byte[] scratchP
       if (KMInteger.compare(data[OP_HANDLE], tmpVariables[0]) != 0) {
         KMException.throwIt(KMError.KEY_USER_NOT_AUTHENTICATED);
       }
-      authenticateUser();
+      if (!authTokenMatches(op.getUserSecureId(), op.getAuthType(), scratchPad)) {
+        KMException.throwIt(KMError.KEY_USER_NOT_AUTHENTICATED);
+      }
+    }
+  }
+
+  private void authorizeKeyUsageForCount(byte[] scratchPad) {
+    short scratchPadOff = 0;
+    Util.arrayFillNonAtomic(scratchPad, scratchPadOff, (short) 12, (byte) 0);
+
+    short usageLimitBufLen = KMIntegerTag.getValue(scratchPad, scratchPadOff,
+        KMType.UINT_TAG, KMType.MAX_USES_PER_BOOT, data[HW_PARAMETERS]);
+
+    if (usageLimitBufLen == KMType.INVALID_VALUE) {
+      return;
+    }
+
+    if (usageLimitBufLen > 4) {
+      KMException.throwIt(KMError.INVALID_ARGUMENT);
+    }
+
+    if (repository.isAuthTagPersisted(data[AUTH_TAG])) {
+      // Get current counter, update and increment it.
+      short len = repository
+          .getRateLimitedKeyCount(data[AUTH_TAG], scratchPad, (short) (scratchPadOff + 4));
+      if (len != 4) {
+        KMException.throwIt(KMError.UNKNOWN_ERROR);
+      }
+      if (0 >= KMInteger.unsignedByteArrayCompare(scratchPad, scratchPadOff, scratchPad,
+          (short) (scratchPadOff + 4), (short) 4)) {
+        KMException.throwIt(KMError.KEY_MAX_OPS_EXCEEDED);
+      }
+      // Increment the counter.
+      Util.arrayFillNonAtomic(scratchPad, scratchPadOff, len, (byte) 0);
+      Util.setShort(scratchPad, (short) (scratchPadOff + 2), (short) 1);
+      KMUtils.add(scratchPad, scratchPadOff, (short) (scratchPadOff + len),
+          (short) (scratchPadOff + len * 2));
+
+      repository
+          .setRateLimitedKeyCount(data[AUTH_TAG], scratchPad, (short) (scratchPadOff + len * 2),
+              len);
+
+    } else {
+      // Persist auth tag.
+      if (!repository.persistAuthTag(data[AUTH_TAG])) {
+        KMException.throwIt(KMError.TOO_MANY_OPERATIONS);
+      }
     }
   }
 
-  private void authorizeDeviceUnlock(short hwToken) {
+
+  private void authorizeDeviceUnlock(byte[] scratchPad) {
     // If device is locked and key characteristics requires unlocked device then check whether
     // HW auth token has correct timestamp.
     short ptr =
@@ -1980,10 +2005,10 @@ private void authorizeDeviceUnlock(short hwToken) {
             KMType.BOOL_TAG, KMType.UNLOCKED_DEVICE_REQUIRED, data[HW_PARAMETERS]);
 
     if (ptr != KMType.INVALID_VALUE && repository.getDeviceLock()) {
-      if (hwToken == KMType.INVALID_VALUE) {
+      if (!validateHwToken(data[HW_TOKEN], scratchPad)) {
         KMException.throwIt(KMError.DEVICE_LOCKED);
       }
-      ptr = KMHardwareAuthToken.cast(hwToken).getTimestamp();
+      ptr = KMHardwareAuthToken.cast(data[HW_TOKEN]).getTimestamp();
       // Check if the current auth time stamp is greater then device locked time stamp
       short ts = repository.getDeviceTimeStamp();
       if (KMInteger.compare(ptr, ts) <= 0) {
@@ -1992,7 +2017,7 @@ private void authorizeDeviceUnlock(short hwToken) {
       // Now check if the device unlock requires password only authentication and whether
       // auth token is generated through password authentication or not.
       if (repository.getDeviceLockPasswordOnly()) {
-        ptr = KMHardwareAuthToken.cast(hwToken).getHwAuthenticatorType();
+        ptr = KMHardwareAuthToken.cast(data[HW_TOKEN]).getHwAuthenticatorType();
         ptr = KMEnum.cast(ptr).getVal();
         if (((byte) ptr & KMType.PASSWORD) == 0) {
           KMException.throwIt(KMError.DEVICE_LOCKED);
@@ -2005,48 +2030,63 @@ private void authorizeDeviceUnlock(short hwToken) {
     }
   }
 
-  private void validateVerificationToken(KMOperationState op, short verToken, byte[] scratchPad) {
-    // CBOR Encoding is always big endian and Java is big endian
-    short ptr = KMVerificationToken.cast(verToken).getMac();
-    // If mac length is zero then token is empty.
-    if (KMByteBlob.cast(ptr).length() == 0) {
-      return;
-    }
-    validateVerificationToken(verToken, scratchPad);
-    // validate operation handle.
-    ptr = KMVerificationToken.cast(verToken).getChallenge();
-    if (op.getHandle() != KMInteger.cast(ptr).getShort()) {
-      KMException.throwIt(KMError.VERIFICATION_FAILED);
+  private boolean verifyVerificationTokenMacInBigEndian(short verToken, byte[] scratchPad) {
+    // concatenation length will be 37 + length of verified parameters list - which
+    // is typically
+    // empty
+    Util.arrayFillNonAtomic(scratchPad, (short) 0, (short) 256, (byte) 0);
+    // Add "Auth Verification" - 17 bytes.
+    Util.arrayCopyNonAtomic(authVerification, (short) 0, scratchPad, (short) 0, (short) authVerification.length);
+    short len = (short) authVerification.length;
+    // concatenate challenge - 8 bytes
+    short ptr = KMVerificationToken.cast(verToken).getChallenge();
+    KMInteger.cast(ptr).value(scratchPad, (short) (len + (short) (8 - KMInteger.cast(ptr).length())));
+    len += 8;
+    // concatenate timestamp -8 bytes
+    ptr = KMVerificationToken.cast(verToken).getTimestamp();
+    KMInteger.cast(ptr).value(scratchPad, (short) (len + (short) (8 - KMInteger.cast(ptr).length())));
+    len += 8;
+    // concatenate security level - 4 bytes
+    ptr = KMVerificationToken.cast(verToken).getSecurityLevel();
+    scratchPad[(short) (len + 3)] = KMEnum.cast(ptr).getVal();
+    len += 4;
+    // concatenate Parameters verified - blob of encoded data.
+    ptr = KMVerificationToken.cast(verToken).getParametersVerified();
+    if (KMByteBlob.cast(ptr).length() != 0) {
+      len += KMByteBlob.cast(ptr).getValues(scratchPad, (short) 0);
     }
+    // hmac the data
+    ptr = KMVerificationToken.cast(verToken).getMac();
+
+    return seProvider.hmacVerify(
+        seProvider.getComputedHmacKey(),
+        scratchPad,
+        (short) 0,
+        len,
+        KMByteBlob.cast(ptr).getBuffer(),
+        KMByteBlob.cast(ptr).getStartOff(),
+        KMByteBlob.cast(ptr).length());
   }
 
-  private void validateVerificationToken(short verToken, byte[] scratchPad) {
-    short ptr = KMVerificationToken.cast(verToken).getMac();
-    short len;
-    // If mac length is zero then token is empty.
-    if (KMByteBlob.cast(ptr).length() == 0) {
-      return;
-    }
-    // concatenation length will be 37 + length of verified parameters list  - which is typically
+  private boolean verifyVerificationTokenMacInLittleEndian(short verToken, byte[] scratchPad) {
+    // concatenation length will be 37 + length of verified parameters list - which
+    // is typically
     // empty
     Util.arrayFillNonAtomic(scratchPad, (short) 0, (short) 256, (byte) 0);
     // Add "Auth Verification" - 17 bytes.
-    Util.arrayCopy(
-        authVerification, (short) 0, scratchPad, (short) 0, (short) authVerification.length);
-    len = (short) authVerification.length;
+    Util.arrayCopyNonAtomic(authVerification, (short) 0, scratchPad, (short) 0, (short) authVerification.length);
+    short len = (short) authVerification.length;
     // concatenate challenge - 8 bytes
-    ptr = KMVerificationToken.cast(verToken).getChallenge();
-    KMInteger.cast(ptr)
-        .value(scratchPad, (short) (len + (short) (8 - KMInteger.cast(ptr).length())));
+    short ptr = KMVerificationToken.cast(verToken).getChallenge();
+    KMInteger.cast(ptr).toLittleEndian(scratchPad, len);
     len += 8;
     // concatenate timestamp -8 bytes
     ptr = KMVerificationToken.cast(verToken).getTimestamp();
-    KMInteger.cast(ptr)
-        .value(scratchPad, (short) (len + (short) (8 - KMInteger.cast(ptr).length())));
+    KMInteger.cast(ptr).toLittleEndian(scratchPad, len);
     len += 8;
     // concatenate security level - 4 bytes
     ptr = KMVerificationToken.cast(verToken).getSecurityLevel();
-    scratchPad[(short) (len + 3)] = KMEnum.cast(ptr).getVal();
+    scratchPad[len] = KMEnum.cast(ptr).getVal();
     len += 4;
     // concatenate Parameters verified - blob of encoded data.
     ptr = KMVerificationToken.cast(verToken).getParametersVerified();
@@ -2055,20 +2095,31 @@ private void validateVerificationToken(short verToken, byte[] scratchPad) {
     }
     // hmac the data
     ptr = KMVerificationToken.cast(verToken).getMac();
-    short key = repository.getComputedHmacKey();
-    boolean verified =
-        seProvider.hmacVerify(
-            KMByteBlob.cast(key).getBuffer(),
-            KMByteBlob.cast(key).getStartOff(),
-            KMByteBlob.cast(key).length(),
-            scratchPad,
-            (short) 0,
-            len,
-            KMByteBlob.cast(ptr).getBuffer(),
-            KMByteBlob.cast(ptr).getStartOff(),
-            KMByteBlob.cast(ptr).length());
 
-    if (!verified) {
+    return seProvider.hmacVerify(
+        seProvider.getComputedHmacKey(),
+        scratchPad,
+        (short) 0,
+        len,
+        KMByteBlob.cast(ptr).getBuffer(),
+        KMByteBlob.cast(ptr).getStartOff(),
+        KMByteBlob.cast(ptr).length());
+  }
+
+  private void validateVerificationToken(short verToken, byte[] scratchPad) {
+    short ptr = KMVerificationToken.cast(verToken).getMac();
+    // If mac length is zero then token is empty.
+    if (KMByteBlob.cast(ptr).length() == 0) {
+      KMException.throwIt(KMError.INVALID_MAC_LENGTH);
+    }
+    boolean verify;
+    if (KMConfigurations.TEE_MACHINE_TYPE == KMConfigurations.LITTLE_ENDIAN) {
+      verify = verifyVerificationTokenMacInLittleEndian(verToken, scratchPad);
+    } else {
+      verify = verifyVerificationTokenMacInBigEndian(verToken, scratchPad);
+    }
+    if (!verify) {
+      // Throw Exception if none of the combination works.
       KMException.throwIt(KMError.VERIFICATION_FAILED);
     }
   }
@@ -2108,6 +2159,7 @@ private void processUpdateOperationCmd(APDU apdu) {
     }
     // authorize the update operation
     authorizeUpdateFinishOperation(op, scratchPad);
+    short inputConsumed = 0;
     // If signing without  digest then do length validation checks
     if (op.getPurpose() == KMType.SIGN || op.getPurpose() == KMType.VERIFY) {
       tmpVariables[0] = KMByteBlob.cast(data[INPUT_DATA]).length();
@@ -2117,6 +2169,9 @@ private void processUpdateOperationCmd(APDU apdu) {
               KMByteBlob.cast(data[INPUT_DATA]).getBuffer(),
               KMByteBlob.cast(data[INPUT_DATA]).getStartOff(),
               KMByteBlob.cast(data[INPUT_DATA]).length());
+      // update trusted confirmation operation
+      updateTrustedConfirmationOperation(op);
+      
       data[OUTPUT_DATA] = KMType.INVALID_VALUE;
     } else if (op.getPurpose() == KMType.ENCRYPT || op.getPurpose() == KMType.DECRYPT) {
       // Update for encrypt/decrypt using RSA will not be supported because to do this op state
@@ -2124,41 +2179,27 @@ private void processUpdateOperationCmd(APDU apdu) {
       if (op.getAlgorithm() == KMType.RSA) {
         KMException.throwIt(KMError.OPERATION_CANCELLED);
       }
-      tmpVariables[0] = KMByteBlob.cast(data[INPUT_DATA]).length();
-      short additionalExpOutLen = 0;
+      short inputLen = KMByteBlob.cast(data[INPUT_DATA]).length();
+      short blockSize = DES_BLOCK_SIZE;
       if (op.getAlgorithm() == KMType.AES) {
-        if (op.getBlockMode() == KMType.GCM) {
-          updateAAD(op, (byte) 0x00);
-          // if input data present
-          if (tmpVariables[0] > 0) {
-            if (tmpVariables[0] % AES_BLOCK_SIZE != 0) {
-              KMException.throwIt(KMError.INVALID_INPUT_LENGTH);
-            }
-            // no more future updateAAD allowed if input data present.
-            if (op.isAesGcmUpdateAllowed()) {
-              op.setAesGcmUpdateComplete();
+          blockSize = AES_BLOCK_SIZE;
+          if (op.getBlockMode() == KMType.GCM) {
+            updateAAD(op, (byte) 0x00);
+            // if input data present
+            if (inputLen > 0) {
+              // no more future updateAAD allowed if input data present.
+              if (op.isAesGcmUpdateAllowed()) {
+                op.setAesGcmUpdateComplete();
+              }
             }
           }
-          additionalExpOutLen = 16;
-        } else {
-          // input data must be block aligned.
-          // 128 bit block size - HAL must send block aligned data
-          if (tmpVariables[0] % AES_BLOCK_SIZE != 0 || tmpVariables[0] <= 0) {
-            KMException.throwIt(KMError.INVALID_INPUT_LENGTH);
-          }
-        }
-      } else if (op.getAlgorithm() == KMType.DES) {
-        // 64 bit block size - HAL must send block aligned data
-        if (tmpVariables[0] % DES_BLOCK_SIZE != 0) {
-          KMException.throwIt(KMError.INVALID_INPUT_LENGTH);
-        }
-      }
+      } 
       // Allocate output buffer as input data is already block aligned
-      data[OUTPUT_DATA] = KMByteBlob.instance((short) (tmpVariables[0] + additionalExpOutLen));
+      data[OUTPUT_DATA] = KMByteBlob.instance((short) (inputLen + 2 * blockSize));
       // Otherwise just update the data.
       // HAL consumes all the input and maintains a buffered data inside it. So the
       // applet sends the inputConsumed length as same as the input length.
-      tmpVariables[3] = tmpVariables[0];
+      inputConsumed = inputLen;
       try {
         tmpVariables[0] =
             op.getOperation()
@@ -2173,16 +2214,7 @@ private void processUpdateOperationCmd(APDU apdu) {
       }
       // Adjust the Output data if it is not equal to input data.
       // This happens in case of JCardSim provider.
-      if (tmpVariables[0] != KMByteBlob.cast(data[OUTPUT_DATA]).length()) {
-        data[INPUT_DATA] = data[OUTPUT_DATA];
-        data[OUTPUT_DATA] = KMByteBlob.instance(tmpVariables[0]);
-        Util.arrayCopy(
-            KMByteBlob.cast(data[INPUT_DATA]).getBuffer(),
-            KMByteBlob.cast(data[INPUT_DATA]).getStartOff(),
-            KMByteBlob.cast(data[OUTPUT_DATA]).getBuffer(),
-            KMByteBlob.cast(data[OUTPUT_DATA]).getStartOff(),
-            tmpVariables[0]);
-      }
+      KMByteBlob.cast(data[OUTPUT_DATA]).setLength(tmpVariables[0]);
     }
     // Persist if there are any updates.
     op.persist();
@@ -2194,7 +2226,7 @@ private void processUpdateOperationCmd(APDU apdu) {
       data[OUTPUT_DATA] = KMByteBlob.instance((short) 0);
     }
     KMArray.cast(tmpVariables[2]).add((short) 0, buildErrorStatus(KMError.OK));
-    KMArray.cast(tmpVariables[2]).add((short) 1, KMInteger.uint_16(tmpVariables[3]));
+    KMArray.cast(tmpVariables[2]).add((short) 1, KMInteger.uint_16(inputConsumed));
     KMArray.cast(tmpVariables[2]).add((short) 2, tmpVariables[1]);
     KMArray.cast(tmpVariables[2]).add((short) 3, data[OUTPUT_DATA]);
 
@@ -2263,6 +2295,7 @@ private void processBeginOperationCmd(APDU apdu) {
     authorizeAndBeginOperation(op, scratchPad);
     switch (op.getPurpose()) {
       case KMType.SIGN:
+     	beginTrustedConfirmationOperation(op);
       case KMType.VERIFY:
         beginSignVerifyOperation(op);
         break;
@@ -2285,7 +2318,7 @@ private void processBeginOperationCmd(APDU apdu) {
         // While sending the iv back for DES/CBC mode of opeation only send
         // 8 bytes back.
         tmpVariables[1] = KMByteBlob.instance((short) 8);
-        Util.arrayCopy(
+        Util.arrayCopyNonAtomic(
             KMByteBlob.cast(data[IV]).getBuffer(),
             KMByteBlob.cast(data[IV]).getStartOff(),
             KMByteBlob.cast(tmpVariables[1]).getBuffer(),
@@ -2473,10 +2506,12 @@ private void authorizeBlockModeAndMacLength(KMOperationState op) {
             KMException.throwIt(KMError.MISSING_MAC_LENGTH);
           }
           if (macLen % 8 != 0
-              || macLen > 128
-              || macLen
-              < KMIntegerTag.getShortValue(
-              KMType.UINT_TAG, KMType.MIN_MAC_LENGTH, data[HW_PARAMETERS])) {
+              || macLen > 128) {
+        	  KMException.throwIt(KMError.UNSUPPORTED_MAC_LENGTH);
+          }
+          if(macLen
+                  < KMIntegerTag.getShortValue(
+                          KMType.UINT_TAG, KMType.MIN_MAC_LENGTH, data[HW_PARAMETERS])) {
             KMException.throwIt(KMError.INVALID_MAC_LENGTH);
           }
           op.setMacLength(macLen);
@@ -2509,9 +2544,9 @@ private void authorizeBlockModeAndMacLength(KMOperationState op) {
               < KMIntegerTag.getShortValue(
               KMType.UINT_TAG, KMType.MIN_MAC_LENGTH, data[HW_PARAMETERS])) {
             KMException.throwIt(KMError.INVALID_MAC_LENGTH);
-          } else if (macLen
-              > KMIntegerTag.getShortValue(
-              KMType.UINT_TAG, KMType.MIN_MAC_LENGTH, data[HW_PARAMETERS])) {
+          }
+          if (macLen % 8 != 0
+                  || macLen > 256) {
             KMException.throwIt(KMError.UNSUPPORTED_MAC_LENGTH);
           }
           op.setMacLength(macLen);
@@ -2529,11 +2564,24 @@ private void authorizeAndBeginOperation(KMOperationState op, byte[] scratchPad)
     authorizeDigest(op);
     authorizePadding(op);
     authorizeBlockModeAndMacLength(op);
-    if (!validateHwToken(data[HW_TOKEN], scratchPad)) {
-      data[HW_TOKEN] = KMType.INVALID_VALUE;
+    authorizeUserSecureIdAuthTimeout(op, scratchPad);
+    authorizeDeviceUnlock(scratchPad);
+    authorizeKeyUsageForCount(scratchPad);
+    
+    //Validate bootloader only 
+    tmpVariables[0] =
+            KMKeyParameters.findTag(KMType.BOOL_TAG, KMType.BOOTLOADER_ONLY, data[HW_PARAMETERS]);
+    if (tmpVariables[0] != KMType.INVALID_VALUE && repository.getBootEndedStatus()) {
+    	KMException.throwIt(KMError.INVALID_KEY_BLOB);
+    }
+    
+  //Validate early boot
+    tmpVariables[0] =
+            KMKeyParameters.findTag(KMType.BOOL_TAG, KMType.EARLY_BOOT_ONLY, data[HW_PARAMETERS]);
+    if (tmpVariables[0] != KMType.INVALID_VALUE && repository.getEarlyBootEndedStatus()) {
+    	KMException.throwIt(KMError.INVALID_KEY_BLOB);
     }
-    authorizeUserSecureIdAuthTimeout(op);
-    authorizeDeviceUnlock(data[HW_TOKEN]);
+    
     // Authorize Caller Nonce - if caller nonce absent in key char and nonce present in
     // key params then fail if it is not a Decrypt operation
     data[IV] = KMType.INVALID_VALUE;
@@ -2644,6 +2692,21 @@ private void beginCipherOperation(KMOperationState op) {
         }
     }
   }
+  
+  private void beginTrustedConfirmationOperation(KMOperationState op) {
+    // Check for trusted confirmation - if required then set the signer in op state.
+    if (KMKeyParameters.findTag(KMType.BOOL_TAG, KMType.TRUSTED_CONFIRMATION_REQUIRED,
+        data[HW_PARAMETERS]) != KMType.INVALID_VALUE) {
+
+      op.setTrustedConfirmationSigner(
+          seProvider.initTrustedConfirmationSymmetricOperation(seProvider.getComputedHmacKey()));
+
+      op.getTrustedConfirmationSigner().update(
+          confirmationToken,
+          (short) 0,
+          (short) confirmationToken.length);
+    }
+  }
 
   private void beginSignVerifyOperation(KMOperationState op) {
     switch (op.getAlgorithm()) {
@@ -2729,84 +2792,116 @@ private void beginSignVerifyOperation(KMOperationState op) {
     }
   }
 
-  private void authorizeUserSecureIdAuthTimeout(KMOperationState op) {
+  private void authorizeUserSecureIdAuthTimeout(KMOperationState op, byte[] scratchPad) {
     short authTime;
+    short authType;
     // Authorize User Secure Id and Auth timeout
-    tmpVariables[0] =
+    short userSecureIdPtr =
         KMKeyParameters.findTag(KMType.ULONG_ARRAY_TAG, KMType.USER_SECURE_ID, data[HW_PARAMETERS]);
-    if (tmpVariables[0] != KMType.INVALID_VALUE) {
-      tmpVariables[0] =
+    if (userSecureIdPtr != KMType.INVALID_VALUE) {
+      // Authentication required.
+      if (KMType.INVALID_VALUE !=
+          KMKeyParameters.findTag(KMType.BOOL_TAG, KMType.NO_AUTH_REQUIRED, data[HW_PARAMETERS])) {
+        // Key has both USER_SECURE_ID and NO_AUTH_REQUIRED
+        KMException.throwIt(KMError.INVALID_KEY_BLOB);
+      }
+      // store authenticator type
+      if(KMType.INVALID_VALUE ==
+          (authType = KMEnumTag.getValue(KMType.USER_AUTH_TYPE, data[HW_PARAMETERS]))) {
+        // Authentication required, but no auth type found.
+        KMException.throwIt(KMError.KEY_USER_NOT_AUTHENTICATED);
+      }
+      
+      short authTimeoutTagPtr =
           KMKeyParameters.findTag(KMType.UINT_TAG, KMType.AUTH_TIMEOUT, data[HW_PARAMETERS]);
-      if (tmpVariables[0] != KMType.INVALID_VALUE) {
-        // check if hw token is empty - mac should not be empty.
-        if (data[HW_TOKEN] == KMType.INVALID_VALUE) {
-          KMException.throwIt(KMError.INVALID_MAC_LENGTH);
-        }
-        authTime = KMIntegerTag.cast(tmpVariables[0]).getValue();
+      if (authTimeoutTagPtr != KMType.INVALID_VALUE) {
         // authenticate user
-        authenticateUser();
+        if (!authTokenMatches(userSecureIdPtr, authType, scratchPad)) {
+          KMException.throwIt(KMError.KEY_USER_NOT_AUTHENTICATED);
+        }
+
+        authTimeoutTagPtr =
+            KMKeyParameters.findTag(KMType.ULONG_TAG, KMType.AUTH_TIMEOUT_MILLIS, data[HW_PARAMETERS]);
+        if (authTimeoutTagPtr == KMType.INVALID_VALUE) {
+          KMException.throwIt(KMError.INVALID_KEY_BLOB);
+        }
+        authTime = KMIntegerTag.cast(authTimeoutTagPtr).getValue();
         // set the one time auth
         op.setOneTimeAuthReqd(true);
         // set the authentication time stamp in operation state
-        authTime = addIntegers(authTime, KMHardwareAuthToken.cast(data[HW_TOKEN]).getTimestamp());
+        authTime =
+            addIntegers(authTime,
+                KMHardwareAuthToken.cast(data[HW_TOKEN]).getTimestamp(), scratchPad);
         op.setAuthTime(
             KMInteger.cast(authTime).getBuffer(), KMInteger.cast(authTime).getStartOff());
         // auth time validation will happen in update or finish
         op.setAuthTimeoutValidated(false);
       } else {
         // auth per operation required
+        // store user secure id and authType in OperationState.
+        op.setUserSecureId(userSecureIdPtr);
+        op.setAuthType((byte) authType);
+        // set flags
         op.setOneTimeAuthReqd(false);
         op.setAuthPerOperationReqd(true);
       }
     }
   }
 
-  private void authenticateUser() {
-    tmpVariables[0] = KMHardwareAuthToken.cast(data[HW_TOKEN]).getUserId();
-    if (KMInteger.cast(tmpVariables[0]).isZero()) {
-      tmpVariables[0] = KMHardwareAuthToken.cast(data[HW_TOKEN]).getAuthenticatorId();
-      if (KMInteger.cast(tmpVariables[0]).isZero()) {
-        KMException.throwIt(KMError.KEY_USER_NOT_AUTHENTICATED);
-      }
+  private boolean isHwAuthTokenContainsMatchingSecureId(short hwAuthToken,
+      short secureUserIdsObj) {
+    short secureUserId = KMHardwareAuthToken.cast(hwAuthToken).getUserId();
+    if (!KMInteger.cast(secureUserId).isZero()) {
+      if (KMIntegerArrayTag.cast(secureUserIdsObj).contains(secureUserId))
+        return true;
+    }
+
+    short authenticatorId = KMHardwareAuthToken.cast(hwAuthToken).getAuthenticatorId();
+    if (!KMInteger.cast(authenticatorId).isZero()) {
+      if (KMIntegerArrayTag.cast(secureUserIdsObj).contains(authenticatorId))
+        return true;
+    }
+    return false;
+  }
+
+  private boolean authTokenMatches(short userSecureIdsPtr, short authType,
+      byte[] scratchPad) {
+    if (!validateHwToken(data[HW_TOKEN], scratchPad)) {
+      return false;
     }
-    // check user secure id
-    if (!KMIntegerArrayTag.contains(KMType.USER_SECURE_ID, tmpVariables[0], data[HW_PARAMETERS])) {
-      KMException.throwIt(KMError.KEY_USER_NOT_AUTHENTICATED);
+    if (!isHwAuthTokenContainsMatchingSecureId(data[HW_TOKEN], userSecureIdsPtr)) {
+      return false;
     }
     // check auth type
-    tmpVariables[1] = KMEnumTag.getValue(KMType.USER_AUTH_TYPE, data[HW_PARAMETERS]);
     tmpVariables[2] = KMHardwareAuthToken.cast(data[HW_TOKEN]).getHwAuthenticatorType();
     tmpVariables[2] = KMEnum.cast(tmpVariables[2]).getVal();
-    if (((byte) tmpVariables[2] & (byte) tmpVariables[1]) == 0) {
-      KMException.throwIt(KMError.KEY_USER_NOT_AUTHENTICATED);
+    if (((byte) tmpVariables[2] & (byte) authType) == 0) {
+      return false;
     }
+    return true;
   }
 
-  private boolean validateHwToken(short hwToken, byte[] scratchPad) {
-    // CBOR Encoding is always big endian
-    short ptr = KMHardwareAuthToken.cast(hwToken).getMac();
-    short len;
-    // If mac length is zero then token is empty.
-    if (KMByteBlob.cast(ptr).length() == 0) {
-      return false;
-    }
+  private boolean verifyHwTokenMacInBigEndian(short hwToken, byte[] scratchPad) {
+    // The challenge, userId and authenticatorId, authenticatorType and timestamp
+    // are in network order (big-endian).
+    short len = 0;
     // add 0
     Util.arrayFillNonAtomic(scratchPad, (short) 0, (short) 256, (byte) 0);
     len = 1;
     // concatenate challenge - 8 bytes
-    ptr = KMHardwareAuthToken.cast(hwToken).getChallenge();
+    short ptr = KMHardwareAuthToken.cast(hwToken).getChallenge();
     KMInteger.cast(ptr)
-        .value(scratchPad, (short) (len + (short) (8 - KMInteger.cast(ptr).length())));
+    .value(scratchPad, (short) (len + (short) (8 - KMInteger.cast(ptr).length())));
     len += 8;
     // concatenate user id - 8 bytes
     ptr = KMHardwareAuthToken.cast(hwToken).getUserId();
     KMInteger.cast(ptr)
-        .value(scratchPad, (short) (len + (short) (8 - KMInteger.cast(ptr).length())));
+    .value(scratchPad, (short) (len + (short) (8 - KMInteger.cast(ptr).length())));
     len += 8;
     // concatenate authenticator id - 8 bytes
     ptr = KMHardwareAuthToken.cast(hwToken).getAuthenticatorId();
     KMInteger.cast(ptr)
-        .value(scratchPad, (short) (len + (short) (8 - KMInteger.cast(ptr).length())));
+    .value(scratchPad, (short) (len + (short) (8 - KMInteger.cast(ptr).length())));
     len += 8;
     // concatenate authenticator type - 4 bytes
     ptr = KMHardwareAuthToken.cast(hwToken).getHwAuthenticatorType();
@@ -2817,13 +2912,53 @@ private boolean validateHwToken(short hwToken, byte[] scratchPad) {
     KMInteger.cast(ptr)
         .value(scratchPad, (short) (len + (short) (8 - KMInteger.cast(ptr).length())));
     len += 8;
-    // hmac the data
+
+    ptr = KMHardwareAuthToken.cast(hwToken).getMac();
+
+    return seProvider.hmacVerify(
+        seProvider.getComputedHmacKey(),
+        scratchPad,
+        (short) 0,
+        len,
+        KMByteBlob.cast(ptr).getBuffer(),
+        KMByteBlob.cast(ptr).getStartOff(),
+        KMByteBlob.cast(ptr).length());
+
+  }
+  
+  private boolean verifyHwTokenMacInLittleEndian(short hwToken, byte[] scratchPad) {
+    // The challenge, userId and authenticatorId values are in little endian order, 
+    // but authenticatorType and timestamp are in network order (big-endian).
+    short len = 0;
+    // add 0
+    Util.arrayFillNonAtomic(scratchPad, (short) 0, (short) 256, (byte) 0);
+    len = 1;
+    // concatenate challenge - 8 bytes
+    short ptr = KMHardwareAuthToken.cast(hwToken).getChallenge();
+    KMInteger.cast(ptr).toLittleEndian(scratchPad, len);
+    len += 8;
+    // concatenate user id - 8 bytes
+    ptr = KMHardwareAuthToken.cast(hwToken).getUserId();
+    KMInteger.cast(ptr).toLittleEndian(scratchPad, len);
+    len += 8;
+    // concatenate authenticator id - 8 bytes
+    ptr = KMHardwareAuthToken.cast(hwToken).getAuthenticatorId();
+    KMInteger.cast(ptr).toLittleEndian(scratchPad, len);
+    len += 8;
+    // concatenate authenticator type - 4 bytes
+    ptr = KMHardwareAuthToken.cast(hwToken).getHwAuthenticatorType();
+    scratchPad[(short) (len + 3)] = KMEnum.cast(ptr).getVal();
+    len += 4;
+    // concatenate timestamp - 8 bytes
+    ptr = KMHardwareAuthToken.cast(hwToken).getTimestamp();
+    KMInteger.cast(ptr)
+    .value(scratchPad, (short) (len + (short) (8 - KMInteger.cast(ptr).length())));
+    len += 8;
+
     ptr = KMHardwareAuthToken.cast(hwToken).getMac();
-    short key = repository.getComputedHmacKey();
+
     return seProvider.hmacVerify(
-        KMByteBlob.cast(key).getBuffer(),
-        KMByteBlob.cast(key).getStartOff(),
-        KMByteBlob.cast(key).length(),
+        seProvider.getComputedHmacKey(),
         scratchPad,
         (short) 0,
         len,
@@ -2832,6 +2967,20 @@ private boolean validateHwToken(short hwToken, byte[] scratchPad) {
         KMByteBlob.cast(ptr).length());
   }
 
+  private boolean validateHwToken(short hwToken, byte[] scratchPad) {
+    // CBOR Encoding is always big endian
+    short ptr = KMHardwareAuthToken.cast(hwToken).getMac();
+    // If mac length is zero then token is empty.
+    if (KMByteBlob.cast(ptr).length() == 0) {
+      return false;
+    }
+    if (KMConfigurations.TEE_MACHINE_TYPE == KMConfigurations.LITTLE_ENDIAN) {
+      return verifyHwTokenMacInLittleEndian(hwToken, scratchPad);
+    } else {
+      return verifyHwTokenMacInBigEndian(hwToken, scratchPad);
+    }
+  }
+
   private void processImportKeyCmd(APDU apdu) {
     // Receive the incoming request fully from the master into buffer.
     receiveIncoming(apdu);
@@ -2850,22 +2999,29 @@ private void processImportKeyCmd(APDU apdu) {
     data[KEY_PARAMETERS] = KMArray.cast(tmpVariables[2]).get((short) 0);
     tmpVariables[3] = KMArray.cast(tmpVariables[2]).get((short) 1);
     data[IMPORTED_KEY_BLOB] = KMArray.cast(tmpVariables[2]).get((short) 2);
-    // Key format must be RAW format - X509 and PKCS8 not implemented.
-    tmpVariables[3] = KMEnum.cast(tmpVariables[3]).getVal();
-    if (tmpVariables[3] != KMType.RAW) {
-      KMException.throwIt(KMError.UNIMPLEMENTED);
+
+    byte keyFormat = KMEnum.cast(tmpVariables[3]).getVal();
+
+    short alg = KMEnumTag.getValue(KMType.ALGORITHM, data[KEY_PARAMETERS]);   
+    if((alg == KMType.AES || alg == KMType.DES || alg == KMType.HMAC) && keyFormat != KMType.RAW ) {
+        KMException.throwIt(KMError.UNIMPLEMENTED);
+    }
+    if((alg == KMType.RSA || alg == KMType.EC) && keyFormat != KMType.PKCS8){
+        KMException.throwIt(KMError.UNIMPLEMENTED);
     }
+    
     data[ORIGIN] = KMType.IMPORTED;
-    importKey(apdu, scratchPad);
+    importKey(apdu, scratchPad, keyFormat);
   }
 
-  private void importKey(APDU apdu, byte[] scratchPad) {
-    // Bootloader only not supported
+  private void importKey(APDU apdu, byte[] scratchPad, byte keyFormat) {
+    
     tmpVariables[0] =
-        KMKeyParameters.findTag(KMType.BOOL_TAG, KMType.BOOTLOADER_ONLY, data[KEY_PARAMETERS]);
-    if (tmpVariables[0] != KMType.INVALID_VALUE) {
-      KMException.throwIt(KMError.INVALID_KEY_BLOB);
+            KMKeyParameters.findTag(KMType.BOOL_TAG, KMType.EARLY_BOOT_ONLY, data[KEY_PARAMETERS]);
+    if (tmpVariables[0] != KMType.INVALID_VALUE && repository.getEarlyBootEndedStatus()) {
+      KMException.throwIt(KMError.EARLY_BOOT_ENDED);
     }
+    
     // Rollback protection not supported
     tmpVariables[0] =
         KMKeyParameters.findTag(KMType.BOOL_TAG, KMType.ROLLBACK_RESISTANCE, data[KEY_PARAMETERS]);
@@ -2898,7 +3054,7 @@ private void importKey(APDU apdu, byte[] scratchPad) {
         importHmacKey(scratchPad);
         break;
       case KMType.EC:
-        importECKeys(scratchPad);
+        importECKeys(scratchPad, keyFormat);
         break;
       default:
         KMException.throwIt(KMError.UNSUPPORTED_ALGORITHM);
@@ -2919,7 +3075,7 @@ private void importKey(APDU apdu, byte[] scratchPad) {
     sendOutgoing(apdu);
   }
 
-  private void importECKeys(byte[] scratchPad) {
+  private void decodeRawECKey() {
     // Decode key material
     tmpVariables[0] = KMArray.instance((short) 2);
     KMArray.cast(tmpVariables[0]).add((short) 0, KMByteBlob.exp()); // secret
@@ -2932,6 +3088,21 @@ private void importECKeys(byte[] scratchPad) {
             KMByteBlob.cast(data[IMPORTED_KEY_BLOB]).length());
     data[SECRET] = KMArray.cast(tmpVariables[0]).get((short) 0);
     data[PUB_KEY] = KMArray.cast(tmpVariables[0]).get((short) 1);
+  }
+
+  private void decodePKCS8ECKeys() {
+    // Decode key material
+    short keyBlob = seProvider.getPKCS8DecoderInstance().decodeEc(data[IMPORTED_KEY_BLOB]);
+    data[PUB_KEY] = KMArray.cast(keyBlob).get((short) 0);
+    data[SECRET] = KMArray.cast(keyBlob).get((short) 1);
+  }
+
+  private void importECKeys(byte[] scratchPad, byte keyFormat) {
+    if (keyFormat == KMType.RAW) {
+      decodeRawECKey();
+    } else {
+      decodePKCS8ECKeys();
+    }
     // initialize 256 bit p256 key for given private key and public key.
     tmpVariables[4] = 0; // index for update list in scratchPad
 
@@ -2951,6 +3122,10 @@ private void importECKeys(byte[] scratchPad) {
       }
     } else {
       // add the key size to scratchPad
+      if (!(256 <= (short) (KMByteBlob.cast(data[SECRET]).length() * 8))
+    	          && (383 >= (short) (KMByteBlob.cast(data[SECRET]).length() * 8))){
+    	  KMException.throwIt(KMError.UNSUPPORTED_KEY_SIZE);
+      }	
       tmpVariables[5] = KMInteger.uint_16((short) 256);
       tmpVariables[6] = KMIntegerTag.instance(KMType.UINT_TAG, KMType.KEYSIZE, tmpVariables[5]);
       Util.setShort(scratchPad, tmpVariables[4], tmpVariables[6]);
@@ -2995,28 +3170,25 @@ private void importECKeys(byte[] scratchPad) {
 
   private void importHmacKey(byte[] scratchPad) {
     // Get Key
-    tmpVariables[0] = KMArray.instance((short) 1);
-    KMArray.cast(tmpVariables[0]).add((short) 0, KMByteBlob.exp()); // secret
-    tmpVariables[0] =
-        decoder.decode(
-            tmpVariables[0],
-            KMByteBlob.cast(data[IMPORTED_KEY_BLOB]).getBuffer(),
-            KMByteBlob.cast(data[IMPORTED_KEY_BLOB]).getStartOff(),
-            KMByteBlob.cast(data[IMPORTED_KEY_BLOB]).length());
-    data[SECRET] = KMArray.cast(tmpVariables[0]).get((short) 0);
-    // create HMAC key of up to 512 bit
-
+    data[SECRET] = data[IMPORTED_KEY_BLOB];
     tmpVariables[4] = 0; // index in scratchPad for update params
     // check the keysize tag if present in key parameters.
     tmpVariables[2] =
         KMIntegerTag.getShortValue(KMType.UINT_TAG, KMType.KEYSIZE, data[KEY_PARAMETERS]);
     if (tmpVariables[2] != KMType.INVALID_VALUE) {
       if (!(tmpVariables[2] >= 64 && tmpVariables[2] <= 512 && tmpVariables[2] % 8 == 0)) {
+    	  KMException.throwIt(KMError.UNSUPPORTED_KEY_SIZE);
+      }
+      if (tmpVariables[2] != (short) (KMByteBlob.cast(data[SECRET]).length() * 8)) {
         KMException.throwIt(KMError.IMPORT_PARAMETER_MISMATCH);
       }
     } else {
       // add the key size to scratchPad
-      tmpVariables[5] = KMInteger.uint_16((short) (KMByteBlob.cast(data[SECRET]).length() * 8));
+      tmpVariables[6] =	(short) (KMByteBlob.cast(data[SECRET]).length() * 8);
+      if (!(tmpVariables[6] >= 64 && tmpVariables[6] <= 512 && tmpVariables[6] % 8 == 0)) {
+    	  KMException.throwIt(KMError.UNSUPPORTED_KEY_SIZE);
+      }
+      tmpVariables[5] = KMInteger.uint_16(tmpVariables[6]);
       tmpVariables[6] = KMIntegerTag.instance(KMType.UINT_TAG, KMType.KEYSIZE, tmpVariables[5]);
       Util.setShort(scratchPad, tmpVariables[4], tmpVariables[6]);
       tmpVariables[4] += 2;
@@ -3039,26 +3211,23 @@ private void importHmacKey(byte[] scratchPad) {
 
   private void importTDESKey(byte[] scratchPad) {
     // Decode Key Material
-    tmpVariables[0] = KMArray.instance((short) 1);
-    KMArray.cast(tmpVariables[0]).add((short) 0, KMByteBlob.exp()); // secret
-    tmpVariables[0] =
-        decoder.decode(
-            tmpVariables[0],
-            KMByteBlob.cast(data[IMPORTED_KEY_BLOB]).getBuffer(),
-            KMByteBlob.cast(data[IMPORTED_KEY_BLOB]).getStartOff(),
-            KMByteBlob.cast(data[IMPORTED_KEY_BLOB]).length());
-    data[SECRET] = KMArray.cast(tmpVariables[0]).get((short) 0);
+    data[SECRET] = data[IMPORTED_KEY_BLOB];
     tmpVariables[4] = 0; // index in scratchPad for update params
     // check the keysize tag if present in key parameters.
     tmpVariables[2] =
         KMIntegerTag.getShortValue(KMType.UINT_TAG, KMType.KEYSIZE, data[KEY_PARAMETERS]);
     if (tmpVariables[2] != KMType.INVALID_VALUE) {
-      if (tmpVariables[2] != 168) {
-        KMException.throwIt(KMError.IMPORT_PARAMETER_MISMATCH);
+      if (tmpVariables[2] != 168 ||
+    		  192 != (short)( 8 * KMByteBlob.cast(data[SECRET]).length())) {
+          KMException.throwIt(KMError.IMPORT_PARAMETER_MISMATCH);
       }
     } else {
-      // add the key size to scratchPad
-      tmpVariables[5] = KMInteger.uint_16((short) 168);
+      // add the key size to scratchPad 
+      tmpVariables[6] = (short)( 8 * KMByteBlob.cast(data[SECRET]).length());
+      if(tmpVariables[6] != 192) {
+    	  KMException.throwIt(KMError.UNSUPPORTED_KEY_SIZE);
+      }
+      tmpVariables[5] = KMInteger.uint_16(tmpVariables[6]);
       tmpVariables[6] = KMIntegerTag.instance(KMType.UINT_TAG, KMType.KEYSIZE, tmpVariables[5]);
       Util.setShort(scratchPad, tmpVariables[4], tmpVariables[6]);
       tmpVariables[4] += 2;
@@ -3073,37 +3242,43 @@ private void importTDESKey(byte[] scratchPad) {
 
     // update the key parameters list
     updateKeyParameters(scratchPad, tmpVariables[4]);
-    // validate TDES Key parameters
-    validateTDESKey();
-
+    // Read Minimum Mac length - it must not be present
+    // Added this error check based on default reference implementation.
+    tmpVariables[0] =
+        KMIntegerTag.getShortValue(KMType.UINT_TAG, KMType.MIN_MAC_LENGTH, data[KEY_PARAMETERS]);
+    if (tmpVariables[0] != KMType.INVALID_VALUE) {
+      KMException.throwIt(KMError.INVALID_TAG);
+    }
     data[KEY_BLOB] = KMArray.instance((short) 4);
   }
 
+  private void validateAesKeySize(short keySizeBits) {
+    if (keySizeBits != 128 && keySizeBits != 256) {
+      KMException.throwIt(KMError.UNSUPPORTED_KEY_SIZE);
+    }
+  }
+
   private void importAESKey(byte[] scratchPad) {
     // Get Key
-    tmpVariables[0] = KMArray.instance((short) 1);
-    KMArray.cast(tmpVariables[0]).add((short) 0, KMByteBlob.exp()); // secret
-    tmpVariables[0] =
-        decoder.decode(
-            tmpVariables[0],
-            KMByteBlob.cast(data[IMPORTED_KEY_BLOB]).getBuffer(),
-            KMByteBlob.cast(data[IMPORTED_KEY_BLOB]).getStartOff(),
-            KMByteBlob.cast(data[IMPORTED_KEY_BLOB]).length());
-    data[SECRET] = KMArray.cast(tmpVariables[0]).get((short) 0);
+    data[SECRET] = data[IMPORTED_KEY_BLOB];
     // create 128 or 256 bit AES key
     tmpVariables[4] = 0; // index in scratchPad for update params
     // check the keysize tag if present in key parameters.
-    tmpVariables[2] =
+    short keysize =
         KMIntegerTag.getShortValue(KMType.UINT_TAG, KMType.KEYSIZE, data[KEY_PARAMETERS]);
-    if (tmpVariables[2] != KMType.INVALID_VALUE) {
-      if (tmpVariables[2] != 128 && tmpVariables[2] != 256) {
-        KMException.throwIt(KMError.IMPORT_PARAMETER_MISMATCH);
+
+    if (keysize != KMType.INVALID_VALUE) {
+      if(keysize != (short)( 8 * KMByteBlob.cast(data[SECRET]).length())) {
+    	KMException.throwIt(KMError.IMPORT_PARAMETER_MISMATCH);
       }
+      validateAesKeySize(keysize);
     } else {
       // add the key size to scratchPad
-      tmpVariables[5] = KMInteger.uint_16(KMByteBlob.cast(data[SECRET]).length());
-      tmpVariables[6] = KMIntegerTag.instance(KMType.UINT_TAG, KMType.KEYSIZE, tmpVariables[5]);
-      Util.setShort(scratchPad, tmpVariables[4], tmpVariables[6]);
+      keysize = (short) ( 8 * KMByteBlob.cast(data[SECRET]).length());
+      validateAesKeySize(keysize);
+      keysize = KMInteger.uint_16(keysize);
+      short keysizeTag = KMIntegerTag.instance(KMType.UINT_TAG, KMType.KEYSIZE, keysize);
+      Util.setShort(scratchPad, tmpVariables[4], keysizeTag);
       tmpVariables[4] += 2;
     }
     // Check whether key can be created
@@ -3123,17 +3298,18 @@ private void importAESKey(byte[] scratchPad) {
 
   private void importRSAKey(byte[] scratchPad) {
     // Decode key material
-    tmpVariables[0] = KMArray.instance((short) 2);
-    KMArray.cast(tmpVariables[0]).add((short) 0, KMByteBlob.exp()); // secret = private exponent
-    KMArray.cast(tmpVariables[0]).add((short) 1, KMByteBlob.exp()); // modulus
-    tmpVariables[0] =
-        decoder.decode(
-            tmpVariables[0],
-            KMByteBlob.cast(data[IMPORTED_KEY_BLOB]).getBuffer(),
-            KMByteBlob.cast(data[IMPORTED_KEY_BLOB]).getStartOff(),
-            KMByteBlob.cast(data[IMPORTED_KEY_BLOB]).length());
-    data[SECRET] = KMArray.cast(tmpVariables[0]).get((short) 0);
-    data[PUB_KEY] = KMArray.cast(tmpVariables[0]).get((short) 1);
+    short keyblob = seProvider.getPKCS8DecoderInstance().decodeRsa(data[IMPORTED_KEY_BLOB]);
+    data[PUB_KEY] = KMArray.cast(keyblob).get((short) 0);
+    short pubKeyExp = KMArray.cast(keyblob).get((short)1);
+    data[SECRET] = KMArray.cast(keyblob).get((short) 2);
+    
+    if(F4.length != KMByteBlob.cast(pubKeyExp).length()) {
+      KMException.throwIt(KMError.INVALID_KEY_BLOB);
+    }
+    if(Util.arrayCompare(F4, (short)0, KMByteBlob.cast(pubKeyExp).getBuffer(),
+        KMByteBlob.cast(pubKeyExp).getStartOff(), (short)F4.length) != 0) {
+      KMException.throwIt(KMError.INVALID_ARGUMENT);
+    }
     tmpVariables[4] = 0; // index in scratchPad for update parameters.
     // validate public exponent if present in key params - it must be 0x010001
     tmpVariables[2] =
@@ -3170,7 +3346,11 @@ private void importRSAKey(byte[] scratchPad) {
       }
     } else {
       // add the key size to scratchPad
-      tmpVariables[5] = KMInteger.uint_16((short) 2048);
+      tmpVariables[6] = (short) (KMByteBlob.cast(data[SECRET]).length() * 8);	
+      if(tmpVariables[6] != 2048) {
+    	  KMException.throwIt(KMError.UNSUPPORTED_KEY_SIZE); 
+      }
+      tmpVariables[5] = KMInteger.uint_16((short) tmpVariables[6]);
       tmpVariables[6] = KMIntegerTag.instance(KMType.UINT_TAG, KMType.KEYSIZE, tmpVariables[5]);
       Util.setShort(scratchPad, tmpVariables[4], tmpVariables[6]);
       tmpVariables[4] += 2;
@@ -3291,7 +3471,8 @@ private void processSetBootParamsCmd(APDU apdu) {
     repository.clearAndroidSystemProperties();
 
     // Clear the Computed SharedHmac and Hmac nonce from persistent memory.
-    repository.clearComputedHmac();
+    Util.arrayFillNonAtomic(scratchPad, (short) 0, KMRepository.COMPUTED_HMAC_KEY_SIZE, (byte) 0);
+    seProvider.createComputedHmacKey(scratchPad, (short) 0, KMRepository.COMPUTED_HMAC_KEY_SIZE);
     repository.clearHmacNonce();
 
     //Clear all the operation state.
@@ -3300,6 +3481,15 @@ private void processSetBootParamsCmd(APDU apdu) {
     // Hmac is cleared, so generate a new Hmac nonce.
     seProvider.newRandomNumber(scratchPad, (short) 0, KMRepository.HMAC_SEED_NONCE_SIZE);
     repository.initHmacNonce(scratchPad, (short) 0, KMRepository.HMAC_SEED_NONCE_SIZE);
+    
+    //flag to maintain the boot state
+    repository.setBootEndedStatus(false);
+    
+    //flag to maintain early boot ended state
+    repository.setEarlyBootEndedStatus(false);
+    
+    // Clear all the auth tags
+    repository.removeAllAuthTags();
   }
 
   private static void processGenerateKey(APDU apdu) {
@@ -3321,7 +3511,7 @@ private static void processGenerateKey(APDU apdu) {
     // Check if EarlyBootEnded tag is present.
     tmpVariables[0] =
         KMKeyParameters.findTag(KMType.BOOL_TAG, KMType.EARLY_BOOT_ONLY, data[KEY_PARAMETERS]);
-    if (tmpVariables[0] != KMType.INVALID_VALUE) {
+    if (tmpVariables[0] != KMType.INVALID_VALUE && repository.getEarlyBootEndedStatus()) {
       KMException.throwIt(KMError.EARLY_BOOT_ENDED);
     }
     // Check if rollback resistance tag is present
@@ -3330,16 +3520,11 @@ private static void processGenerateKey(APDU apdu) {
     if (tmpVariables[0] != KMType.INVALID_VALUE) {
       KMException.throwIt(KMError.ROLLBACK_RESISTANCE_UNAVAILABLE);
     }
-    // Bootloader only not supported
-    tmpVariables[0] =
-        KMKeyParameters.findTag(KMType.BOOL_TAG, KMType.BOOTLOADER_ONLY, data[KEY_PARAMETERS]);
-    if (tmpVariables[0] != KMType.INVALID_VALUE) {
-      KMException.throwIt(KMError.INVALID_KEY_BLOB);
-    }
+    
     // get algorithm
     tmpVariables[3] = KMEnumTag.getValue(KMType.ALGORITHM, data[KEY_PARAMETERS]);
     if (tmpVariables[3] == KMType.INVALID_VALUE) {
-      KMException.throwIt(KMError.INVALID_ARGUMENT);
+      KMException.throwIt(KMError.UNSUPPORTED_ALGORITHM);
     }
     tmpVariables[4] =
         KMKeyParameters.findTag(KMType.UINT_TAG, KMType.KEYSIZE, data[KEY_PARAMETERS]);
@@ -3455,7 +3640,7 @@ private static void validateAESKey() {
     tmpVariables[0] =
         KMIntegerTag.getShortValue(KMType.UINT_TAG, KMType.KEYSIZE, data[KEY_PARAMETERS]);
     if (tmpVariables[0] == KMTag.INVALID_VALUE) {
-      KMException.throwIt(KMError.INVALID_ARGUMENT);
+      KMException.throwIt(KMError.UNSUPPORTED_KEY_SIZE);
     }
     if ((tmpVariables[0] != 256) && (tmpVariables[0] != 128)) {
       KMException.throwIt(KMError.UNSUPPORTED_KEY_SIZE);
@@ -3480,7 +3665,7 @@ private static void validateAESKey() {
             || KMInteger.cast(tmpVariables[3]).getShort() > 128
             || KMInteger.cast(tmpVariables[3]).getShort() < 96
             || (KMInteger.cast(tmpVariables[3]).getShort() % 8) != 0) {
-          KMException.throwIt(KMError.UNSUPPORTED_MIN_MAC_LENGTH);
+          KMException.throwIt(KMError.UNSUPPORTED_KEY_SIZE);
         }
       }
     }
@@ -3530,6 +3715,7 @@ private static void generateECKeys(byte[] scratchPad) {
 
   private static void validateTDESKey() {
     // Read Minimum Mac length - it must not be present
+    // This below check is done based on the reference implementation.
     tmpVariables[0] =
         KMIntegerTag.getShortValue(KMType.UINT_TAG, KMType.MIN_MAC_LENGTH, data[KEY_PARAMETERS]);
     if (tmpVariables[0] != KMType.INVALID_VALUE) {
@@ -3539,9 +3725,9 @@ private static void validateTDESKey() {
     tmpVariables[1] =
         KMIntegerTag.getShortValue(KMType.UINT_TAG, KMType.KEYSIZE, data[KEY_PARAMETERS]);
     if (tmpVariables[1] == KMType.INVALID_VALUE) {
-      KMException.throwIt(KMError.INVALID_ARGUMENT);
+      KMException.throwIt(KMError.UNSUPPORTED_KEY_SIZE);
     }
-    if (tmpVariables[1] != 168 && tmpVariables[1] != 192) {
+    if (tmpVariables[1] != 168) {
       KMException.throwIt(KMError.UNSUPPORTED_KEY_SIZE);
     }
   }
@@ -3555,21 +3741,27 @@ private static void generateTDESKey(byte[] scratchPad) {
 
   private static void validateHmacKey() {
     // If params does not contain any digest throw unsupported digest error.
-    if (KMType.INVALID_VALUE
-        == KMKeyParameters.findTag(KMType.ENUM_ARRAY_TAG, KMType.DIGEST, data[KEY_PARAMETERS])) {
+    tmpVariables[0] =
+        KMKeyParameters.findTag(KMType.ENUM_ARRAY_TAG, KMType.DIGEST, data[KEY_PARAMETERS]);
+    if (KMType.INVALID_VALUE == tmpVariables[0]) {
       KMException.throwIt(KMError.UNSUPPORTED_DIGEST);
     }
-    // check whether digest sizes are greater then or equal to min mac length.
-    // Only SHA256 digest must be supported.
+
     if (KMEnumArrayTag.contains(KMType.DIGEST, KMType.DIGEST_NONE, data[KEY_PARAMETERS])) {
       KMException.throwIt(KMError.UNSUPPORTED_DIGEST);
     }
+    // Strongbox supports only SHA256.
+    if (!KMEnumArrayTag.contains(KMType.DIGEST, KMType.SHA2_256, data[KEY_PARAMETERS])) {
+      KMException.throwIt(KMError.UNSUPPORTED_DIGEST);
+    }
     // Read Minimum Mac length
     tmpVariables[0] =
         KMIntegerTag.getShortValue(KMType.UINT_TAG, KMType.MIN_MAC_LENGTH, data[KEY_PARAMETERS]);
     if (tmpVariables[0] == KMType.INVALID_VALUE) {
       KMException.throwIt(KMError.MISSING_MIN_MAC_LENGTH);
     }
+    // Check whether digest size is greater than or equal to min mac length.
+    // This below check is done based on the reference implementation.
     if (((short) (tmpVariables[0] % 8) != 0)
         || (tmpVariables[0] < (short) 64)
         || tmpVariables[0] > (short) 256) {
@@ -3579,7 +3771,7 @@ private static void validateHmacKey() {
     tmpVariables[1] =
         KMIntegerTag.getShortValue(KMType.UINT_TAG, KMType.KEYSIZE, data[KEY_PARAMETERS]);
     if (tmpVariables[1] == KMType.INVALID_VALUE) {
-      KMException.throwIt(KMError.INVALID_ARGUMENT);
+      KMException.throwIt(KMError.UNSUPPORTED_KEY_SIZE);
     }
     if (((short) (tmpVariables[1] % 8) != 0)
         || (tmpVariables[1] < (short) 64)
@@ -3814,87 +4006,62 @@ private static void encryptSecret(byte[] scratchPad) {
   }
 
   private static void makeAuthData(byte[] scratchPad) {
-    tmpVariables[0] =
-        addPtrToAAD(KMKeyParameters.cast(data[HW_PARAMETERS]).getVals(), scratchPad, (short) 0);
-    tmpVariables[0] +=
-        addPtrToAAD(
-            KMKeyParameters.cast(data[SW_PARAMETERS]).getVals(), scratchPad, tmpVariables[0]);
-    tmpVariables[0] +=
-        addPtrToAAD(
-            KMKeyParameters.cast(data[HIDDEN_PARAMETERS]).getVals(), scratchPad, tmpVariables[0]);
 
+    short arrayLen = 3;
     if (KMArray.cast(data[KEY_BLOB]).length() == 5) {
-      tmpVariables[1] = KMArray.instance((short) (tmpVariables[0] + 1));
-    } else {
-      tmpVariables[1] = KMArray.instance(tmpVariables[0]);
+      arrayLen = 4;
+    }
+    short params = KMArray.instance((short) arrayLen);
+    KMArray.cast(params).add((short) 0, KMKeyParameters.cast(data[HW_PARAMETERS]).getVals());
+    KMArray.cast(params).add((short) 1, KMKeyParameters.cast(data[SW_PARAMETERS]).getVals());
+    KMArray.cast(params).add((short) 2, KMKeyParameters.cast(data[HIDDEN_PARAMETERS]).getVals());
+    if (4 == arrayLen) {
+      KMArray.cast(params).add((short) 3, data[PUB_KEY]);
     }
-    // convert scratch pad to KMArray
+
+    short authIndex = repository.alloc(MAX_AUTH_DATA_SIZE);
     short index = 0;
-    short objPtr;
-    while (index < tmpVariables[0]) {
-      objPtr = Util.getShort(scratchPad, (short) (index * 2));
-      KMArray.cast(tmpVariables[1]).add(index, objPtr);
+    short len = 0;
+    short paramsLen = KMArray.cast(params).length();
+    Util.arrayFillNonAtomic(repository.getHeap(), authIndex, (short) MAX_AUTH_DATA_SIZE, (byte) 0);
+    while (index < paramsLen) {
+      short tag = KMArray.cast(params).get(index);
+      len = encoder.encode(tag, repository.getHeap(), (short) (authIndex + 32));
+      Util.arrayCopyNonAtomic(repository.getHeap(), (short) authIndex, repository.getHeap(),
+          (short) (authIndex + len + 32), (short) 32);
+      len = seProvider.messageDigest256(repository.getHeap(),
+          (short) (authIndex + 32), (short) (len + 32), repository.getHeap(), (short) authIndex);
+      if (len != 32) {
+        KMException.throwIt(KMError.UNKNOWN_ERROR);
+      }
       index++;
     }
-    if (KMArray.cast(data[KEY_BLOB]).length() == 5) {
-      KMArray.cast(tmpVariables[1]).add(index, data[PUB_KEY]);
-    }
-
-    data[AUTH_DATA] = repository.alloc(MAX_AUTH_DATA_SIZE);
-    short len = encoder.encode(tmpVariables[1], repository.getHeap(), data[AUTH_DATA]);
+    data[AUTH_DATA] = authIndex;
     data[AUTH_DATA_LENGTH] = len;
   }
 
-  private static short addPtrToAAD(short dataArrPtr, byte[] aadBuf, short offset) {
-    short index = (short) (offset * 2);
-    short tagInd = 0;
-    short tagPtr;
-    short arrLen = KMArray.cast(dataArrPtr).length();
-    while (tagInd < arrLen) {
-      tagPtr = KMArray.cast(dataArrPtr).get(tagInd);
-      Util.setShort(aadBuf, index, tagPtr);
-      index += 2;
-      tagInd++;
-    }
-    return tagInd;
-  }
-
   private static short deriveKey(byte[] scratchPad) {
-    tmpVariables[0] = KMKeyParameters.cast(data[HIDDEN_PARAMETERS]).getVals();
-    tmpVariables[1] = repository.alloc(DERIVE_KEY_INPUT_SIZE);
-    // generate derivation material from hidden parameters
-    tmpVariables[2] = encoder.encode(tmpVariables[0], repository.getHeap(), tmpVariables[1]);
-    if (DERIVE_KEY_INPUT_SIZE > tmpVariables[2]) {
-      // Copy KeyCharacteristics in the remaining space of DERIVE_KEY_INPUT_SIZE
-      Util.arrayCopyNonAtomic(repository.getHeap(), (short) (data[AUTH_DATA]),
-          repository.getHeap(),
-          (short) (tmpVariables[1] + tmpVariables[2]),
-          (short) (DERIVE_KEY_INPUT_SIZE - tmpVariables[2]));
-    }
     // KeyDerivation:
-    // 1. Do HMAC Sign, with below input parameters.
-    //    Key - 128 bit master key
-    //    Input data - HIDDEN_PARAMETERS + KeyCharacateristics
-    //               - Truncate beyond 256 bytes.
+    // 1. Do HMAC Sign, Auth data.
     // 2. HMAC Sign generates an output of 32 bytes length.
-    //    Consume only first 16 bytes as derived key.
+    // Consume only first 16 bytes as derived key.
     // Hmac sign.
-    tmpVariables[3] = seProvider.hmacKDF(
+    short len = seProvider.hmacKDF(
         seProvider.getMasterKey(),
         repository.getHeap(),
-        tmpVariables[1],
-        DERIVE_KEY_INPUT_SIZE,
+        data[AUTH_DATA],
+        data[AUTH_DATA_LENGTH],
         scratchPad,
         (short) 0);
-    if (tmpVariables[3] < 16) {
+    if (len < 16) {
       KMException.throwIt(KMError.UNKNOWN_ERROR);
     }
-    tmpVariables[3] = 16;
+    len = 16;
+    data[DERIVED_KEY] = repository.alloc(len);
     // store the derived secret in data dictionary
-    data[DERIVED_KEY] = tmpVariables[1];
     Util.arrayCopyNonAtomic(
-        scratchPad, (short) 0, repository.getHeap(), data[DERIVED_KEY], tmpVariables[3]);
-    return tmpVariables[3];
+        scratchPad, (short) 0, repository.getHeap(), data[DERIVED_KEY], len);
+    return len;
   }
 
   // This function masks the error code with POWER_RESET_MASK_FLAG
@@ -3929,38 +4096,58 @@ private static void sendError(APDU apdu, short err) {
     sendOutgoing(apdu);
   }
 
-  private short addIntegers(short num1, short num2) {
-    short buf = repository.alloc((short) 24);
-    byte[] scratchPad = repository.getHeap();
-    Util.arrayFillNonAtomic(scratchPad, buf, (short) 24, (byte) 0);
+  private short addIntegers(short authTime, short timeStamp, byte[] scratchPad) {
+    Util.arrayFillNonAtomic(scratchPad, (short) 0, (short) 24, (byte) 0);
     Util.arrayCopyNonAtomic(
-        KMInteger.cast(num1).getBuffer(),
-        KMInteger.cast(num1).getStartOff(),
+        KMInteger.cast(authTime).getBuffer(),
+        KMInteger.cast(authTime).getStartOff(),
         scratchPad,
-        (short) (buf + 8 - KMInteger.cast(num1).length()),
-        KMInteger.cast(num1).length());
+        (short) (8 - KMInteger.cast(timeStamp).length()),
+        KMInteger.cast(timeStamp).length());
+
+    // Copy timestamp to scratchpad
     Util.arrayCopyNonAtomic(
-        KMInteger.cast(num2).getBuffer(),
-        KMInteger.cast(num2).getStartOff(),
+        KMInteger.cast(timeStamp).getBuffer(),
+        KMInteger.cast(timeStamp).getStartOff(),
         scratchPad,
-        (short) (buf + 16 - KMInteger.cast(num2).length()),
-        KMInteger.cast(num2).length());
-    add(scratchPad, buf, (short) (buf + 8), (short) (buf + 16));
-    return KMInteger.uint_64(scratchPad, (short) (buf + 16));
-  }
+        (short) (16 - KMInteger.cast(timeStamp).length()),
+        KMInteger.cast(timeStamp).length());
 
-  private void add(byte[] buf, short op1, short op2, short result) {
-    byte index = 7;
-    byte carry = 0;
-    short tmp;
-    while (index >= 0) {
-      tmp = (short) (buf[(short) (op1 + index)] + buf[(short) (op2 + index)] + carry);
-      carry = 0;
-      if (tmp > 255) {
-        carry = 1; // max unsigned byte value is 255
+    // add authTime in millis to timestamp.
+    KMUtils.add(scratchPad, (short) 0, (short) 8, (short) 16);
+    return KMInteger.uint_64(scratchPad, (short) 16);
+  }
+  
+  private void updateTrustedConfirmationOperation(KMOperationState op) {
+    if (op.isTrustedConfirmationRequired()) {
+      op.getTrustedConfirmationSigner().update(
+          KMByteBlob.cast(data[INPUT_DATA]).getBuffer(),
+          KMByteBlob.cast(data[INPUT_DATA]).getStartOff(),
+          KMByteBlob.cast(data[INPUT_DATA]).length());
+    }
+  }
+  
+  private void finishTrustedConfirmationOperation(KMOperationState op) {
+    // Perform trusted confirmation if required
+    if (op.isTrustedConfirmationRequired()) {
+      tmpVariables[0] =
+          KMKeyParameters.findTag(KMType.BYTES_TAG, KMType.CONFIRMATION_TOKEN, data[KEY_PARAMETERS]);
+      if (tmpVariables[0] == KMType.INVALID_VALUE) {
+        KMException.throwIt(KMError.NO_USER_CONFIRMATION);
+      }
+      tmpVariables[0] = KMByteTag.cast(tmpVariables[0]).getValue();
+      boolean verified =
+          op.getTrustedConfirmationSigner().verify(
+              KMByteBlob.cast(data[INPUT_DATA]).getBuffer(),
+              KMByteBlob.cast(data[INPUT_DATA]).getStartOff(),
+              KMByteBlob.cast(data[INPUT_DATA]).length(),
+              KMByteBlob.cast(tmpVariables[0]).getBuffer(),
+              KMByteBlob.cast(tmpVariables[0]).getStartOff(),
+              KMByteBlob.cast(tmpVariables[0]).length());
+      if (!verified) {
+        KMException.throwIt(KMError.NO_USER_CONFIRMATION);
       }
-      buf[(short) (result + index)] = (byte) (tmp & (byte) 0xFF);
-      index--;
     }
   }
+
 }
diff --git a/Applet/src/com/android/javacard/keymaster/KMOperationState.java b/Applet/src/com/android/javacard/keymaster/KMOperationState.java
index d8705de4..bfd67ceb 100644
--- a/Applet/src/com/android/javacard/keymaster/KMOperationState.java
+++ b/Applet/src/com/android/javacard/keymaster/KMOperationState.java
@@ -16,6 +16,8 @@
 
 package com.android.javacard.keymaster;
 
+import javacard.framework.ISO7816;
+import javacard.framework.ISOException;
 import javacard.framework.JCSystem;
 import javacard.framework.Util;
 
@@ -27,8 +29,9 @@
  */
 public class KMOperationState {
 
-  public static final byte MAX_DATA = 20;
+  public static final byte MAX_DATA = 63;
   private static final byte OPERATION = 0;
+  private static final byte HMAC_SIGNER_OPERATION = 1;
   private static final byte TRUE = 1;
   private static final byte FALSE = 0;
   // byte type
@@ -38,18 +41,23 @@ public class KMOperationState {
   private static final byte BLOCKMODE = 3;
   private static final byte DIGEST = 4;
   private static final byte FLAGS = 5;
+  private static final byte AUTH_TYPE = 6;
   // short type
-  private static final byte KEY_SIZE = 6;
-  private static final byte MAC_LENGTH = 8;
+  private static final byte KEY_SIZE = 7;
+  private static final byte MAC_LENGTH = 9;
   // Handle - currently this is short
-  private static final byte OP_HANDLE = 10;
+  private static final byte OP_HANDLE = 11;
   // Auth time 64 bits
-  private static final byte AUTH_TIME = 12;
+  private static final byte AUTH_TIME = 13;
+  // Secure user ids 5 * 8 = 40 bytes ( Considering Maximum 5 SECURE USER IDs)
+  // First two bytes are reserved to store number of secure ids. SO total 42 bytes.
+  private static final byte USER_SECURE_ID = 21;
   // Flag masks
   private static final byte AUTH_PER_OP_REQD = 1;
   private static final byte SECURE_USER_ID_REQD = 2;
   private static final byte AUTH_TIMEOUT_VALIDATED = 4;
   private static final byte AES_GCM_UPDATE_ALLOWED = 8;
+  private static final byte MAX_SECURE_USER_IDS = 5;
 
   // Object References
   private byte[] data;
@@ -59,7 +67,7 @@ public class KMOperationState {
 
   private KMOperationState() {
     data = JCSystem.makeTransientByteArray(MAX_DATA, JCSystem.CLEAR_ON_RESET);
-    objRefs = JCSystem.makeTransientObjectArray((short) 1, JCSystem.CLEAR_ON_RESET);
+    objRefs = JCSystem.makeTransientObjectArray((short) 2, JCSystem.CLEAR_ON_RESET);
     isDataUpdated = JCSystem.makeTransientByteArray((short) 1, JCSystem.CLEAR_ON_RESET);
   }
 
@@ -77,11 +85,12 @@ public static KMOperationState instance(short opHandle) {
     return opState;
   }
 
-  public static KMOperationState read(byte[] oprHandle, short off, byte[] data, short dataOff, Object opr) {
+  public static KMOperationState read(byte[] oprHandle, short off, byte[] data, short dataOff, Object opr, Object hmacSignerOpr) {
     KMOperationState opState = proto();
     opState.reset();
-    Util.arrayCopy(data, dataOff, prototype.data, (short) 0, (short) prototype.data.length);
+    Util.arrayCopyNonAtomic(data, dataOff, prototype.data, (short) 0, (short) prototype.data.length);
     prototype.objRefs[OPERATION] = opr;
+    prototype.objRefs[HMAC_SIGNER_OPERATION] = hmacSignerOpr;
     Util.setShort(prototype.data, OP_HANDLE, KMInteger.uint_64(oprHandle, off));
     return opState;
   }
@@ -92,7 +101,8 @@ public void persist() {
     }
     KMRepository.instance().persistOperation(data,
         Util.getShort(data, OP_HANDLE),
-        (KMOperation) objRefs[OPERATION]);
+        (KMOperation) objRefs[OPERATION],
+        (KMOperation) objRefs[HMAC_SIGNER_OPERATION]);
     isDataUpdated[0] = FALSE;
   }
 
@@ -107,6 +117,7 @@ public short getKeySize() {
   public void reset() {
     isDataUpdated[0] = FALSE;
     objRefs[OPERATION] = null;
+    objRefs[HMAC_SIGNER_OPERATION] = null;
     Util.arrayFillNonAtomic(
         data, (short) 0, (short) data.length, (byte) 0);
   }
@@ -116,8 +127,12 @@ private void dataUpdated() {
   }
 
   public void release() {
-    if (objRefs[OPERATION] != null)
+    if (objRefs[OPERATION] != null) {
       ((KMOperation) objRefs[OPERATION]).abort();
+    }
+    if (objRefs[HMAC_SIGNER_OPERATION] != null) {
+      ((KMOperation) objRefs[HMAC_SIGNER_OPERATION]).abort();
+    }
     reset();
   }
 
@@ -161,7 +176,59 @@ public short getAuthTime() {
   }
 
   public void setAuthTime(byte[] timeBuf, short start) {
-    Util.arrayCopy(timeBuf, start, data, (short) AUTH_TIME, (short) 8);
+    Util.arrayCopyNonAtomic(timeBuf, start, data, (short) AUTH_TIME, (short) 8);
+    dataUpdated();
+  }
+
+  public void setAuthType(byte authType) {
+    data[AUTH_TYPE] = authType;
+    dataUpdated();
+  }
+
+  public short getAuthType() {
+    return data[AUTH_TYPE];
+  }
+
+  public short getUserSecureId() {
+    short offset = USER_SECURE_ID;
+    short length = Util.getShort(data, USER_SECURE_ID);
+    if (length == 0) {
+      return KMType.INVALID_VALUE;
+    }
+    short arrObj = KMArray.instance(length);
+    short index = 0;
+    short obj;
+    offset = (short) (2 + USER_SECURE_ID);
+    while (index < length) {
+      obj = KMInteger.instance(data, (short) (offset + index * 8), (short) 8);
+      KMArray.cast(arrObj).add(index, obj);
+      index++;
+    }
+    return KMIntegerArrayTag.instance(KMType.ULONG_ARRAY_TAG, KMType.USER_SECURE_ID, arrObj);
+  }
+
+  public void setUserSecureId(short integerArrayPtr) {
+    short length = KMIntegerArrayTag.cast(integerArrayPtr).length();
+    if (length > MAX_SECURE_USER_IDS) {
+      KMException.throwIt(KMError.INVALID_KEY_BLOB);
+    }
+    Util.arrayFillNonAtomic(data, USER_SECURE_ID, (short) (MAX_SECURE_USER_IDS * 8) , (byte) 0);
+    short index = 0;
+    short obj;
+    short offset = USER_SECURE_ID;
+    Util.setShort(data, offset, length);
+    offset += 2;
+    while (index < length) {
+      obj = KMIntegerArrayTag.cast(integerArrayPtr).get(index);
+      Util.arrayCopyNonAtomic(
+          KMInteger.cast(obj).getBuffer(),
+          KMInteger.cast(obj).getStartOff(),
+          data,
+          (short) (8 - KMInteger.cast(obj).length() + offset + 8 * index),
+          KMInteger.cast(obj).length()
+      );
+      index++;
+    }
     dataUpdated();
   }
 
@@ -250,4 +317,18 @@ public void setMacLength(short length) {
   public short getMacLength() {
     return Util.getShort(data, MAC_LENGTH);
   }
+
+  public void setTrustedConfirmationSigner(KMOperation hmacSignerOp) {
+    objRefs[HMAC_SIGNER_OPERATION] = hmacSignerOp;
+    dataUpdated();
+  }
+
+  public KMOperation getTrustedConfirmationSigner() {
+    return (KMOperation)objRefs[HMAC_SIGNER_OPERATION];
+  }
+
+  public boolean isTrustedConfirmationRequired() {
+    return objRefs[HMAC_SIGNER_OPERATION] != null;
+  }
+  
 }
diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMInstance.java b/Applet/src/com/android/javacard/keymaster/KMPKCS8Decoder.java
similarity index 55%
rename from Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMInstance.java
rename to Applet/src/com/android/javacard/keymaster/KMPKCS8Decoder.java
index 5178d4e2..7bf5bb4b 100644
--- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMInstance.java
+++ b/Applet/src/com/android/javacard/keymaster/KMPKCS8Decoder.java
@@ -15,9 +15,22 @@
  */
 package com.android.javacard.keymaster;
 
-public class KMInstance {
+public interface KMPKCS8Decoder {
+
+  /**
+   * Decodes the PKCS8 encoded RSA Key and extracts the private and public key
+   *
+   * @param Instance of the PKCS8 encoded data
+   * @return Instance of KMArray holding RSA public key, RSA private key and modulus.
+   */
+  short decodeRsa(short blob);
+
+  /**
+   * Decodes the PKCS8 encoded EC Key and extracts the private and public key
+   *
+   * @param Instance of the PKCS8 encoded data.
+   * @return Instance of KMArray holding EC public key and EC private key.
+   */
+  short decodeEc(short blob);
 
-  public byte reserved;
-  public Object object;
-  public byte instanceCount;
 }
diff --git a/Applet/src/com/android/javacard/keymaster/KMRepository.java b/Applet/src/com/android/javacard/keymaster/KMRepository.java
index 6dfc2d0d..7032d258 100644
--- a/Applet/src/com/android/javacard/keymaster/KMRepository.java
+++ b/Applet/src/com/android/javacard/keymaster/KMRepository.java
@@ -30,7 +30,7 @@
 public class KMRepository implements KMUpgradable {
 
   // Data table configuration
-  public static final short DATA_INDEX_SIZE = 22;
+  public static final short DATA_INDEX_SIZE = 33;
   public static final short DATA_INDEX_ENTRY_SIZE = 4;
   public static final short DATA_MEM_SIZE = 2048;
   public static final short HEAP_SIZE = 10000;
@@ -45,8 +45,6 @@ public class KMRepository implements KMUpgradable {
   private static final byte POWER_RESET_STATUS_FLAG = (byte) 0xEF;
 
   // Data table offsets
-  public static final byte COMPUTED_HMAC_KEY = 8;
-  public static final byte HMAC_NONCE = 9;
   public static final byte ATT_ID_BRAND = 0;
   public static final byte ATT_ID_DEVICE = 1;
   public static final byte ATT_ID_PRODUCT = 2;
@@ -55,6 +53,8 @@ public class KMRepository implements KMUpgradable {
   public static final byte ATT_ID_MEID = 5;
   public static final byte ATT_ID_MANUFACTURER = 6;
   public static final byte ATT_ID_MODEL = 7;
+  public static final byte COMPUTED_HMAC_KEY = 8;
+  public static final byte HMAC_NONCE = 9;
   public static final byte CERT_ISSUER = 10;
   public static final byte CERT_EXPIRY_TIME = 11;
   public static final byte BOOT_OS_VERSION = 12;
@@ -67,6 +67,11 @@ public class KMRepository implements KMUpgradable {
   public static final byte BOOT_DEVICE_LOCKED_STATUS = 19;
   public static final byte DEVICE_LOCKED_TIME = 20;
   public static final byte DEVICE_LOCKED = 21;
+  public static final byte DEVICE_LOCKED_PASSWORD_ONLY = 22;
+  // Total 8 auth tags, so the next offset is AUTH_TAG_1 + 8
+  public static final byte AUTH_TAG_1 = 23;
+  public static final byte BOOT_ENDED_STATUS = 31;
+  public static final byte EARLY_BOOT_ENDED_STATUS = 32;
 
   // Data Item sizes
   public static final short MASTER_KEY_SIZE = 16;
@@ -78,11 +83,24 @@ public class KMRepository implements KMUpgradable {
   public static final short VENDOR_PATCH_SIZE = 4;
   public static final short BOOT_PATCH_SIZE = 4;
   public static final short DEVICE_LOCK_TS_SIZE = 8;
-  public static final short DEVICE_LOCK_FLAG_SIZE = 1;
+  public static final short BOOT_DEVICE_LOCK_FLAG_SIZE = 1;
+  public static final short DEVICE_LOCKED_FLAG_SIZE = 1;
+  public static final short DEVICE_LOCKED_PASSWORD_ONLY_SIZE = 1;
   public static final short BOOT_STATE_SIZE = 1;
   public static final short MAX_OPS = 4;
-  public static final byte BOOT_KEY_MAX_SIZE = 32;
-  public static final byte BOOT_HASH_MAX_SIZE = 32;
+  public static final byte  BOOT_KEY_MAX_SIZE = 32;
+  public static final byte  BOOT_HASH_MAX_SIZE = 32;
+  public static final short MAX_BLOB_STORAGE = 8;
+  public static final short AUTH_TAG_LENGTH = 16;
+  public static final short AUTH_TAG_COUNTER_SIZE = 4;
+  public static final short AUTH_TAG_ENTRY_SIZE = (AUTH_TAG_LENGTH + AUTH_TAG_COUNTER_SIZE + 1);
+  public static final short BOOT_ENDED_FLAG_SIZE = 1;
+  public static final short EARLY_BOOT_ENDED_FLAG_SIZE = 1;
+  private static final byte[] zero = {0, 0, 0, 0, 0, 0, 0, 0};
+  
+  // Buffer type
+  public static final byte DEFAULT_BUF_TYPE = 0;
+  public static final byte ATTEST_IDS_BUF_TYPE = 1;
 
   // Class Attributes
   private Object[] operationStateTable;
@@ -91,6 +109,7 @@ public class KMRepository implements KMUpgradable {
   private byte[] dataTable;
   private short dataIndex;
   private short[] reclaimIndex;
+  private short attestIdsIndex;
   // This variable is used to monitor the power reset status as the Applet does not get
   // any power reset event. Initially the value of this variable is set to POWER_RESET_STATUS_FLAG.
   // If the power reset happens then this value becomes 0.
@@ -99,6 +118,7 @@ public class KMRepository implements KMUpgradable {
   // Operation table.
   private static final short OPER_TABLE_DATA_OFFSET = 0;
   private static final short OPER_TABLE_OPR_OFFSET = 1;
+  private static final short OPER_TABLE_HMAC_SIGNER_OPR_OFFSET = 2;
   private static final short OPER_DATA_LEN = OPERATION_HANDLE_ENTRY_SIZE + KMOperationState.MAX_DATA;
   private static final short DATA_ARRAY_LENGTH = MAX_OPS * OPER_DATA_LEN;
 
@@ -120,9 +140,10 @@ public KMRepository(boolean isUpgrading) {
     powerResetStatus[0] = POWER_RESET_STATUS_FLAG;
     newDataTable(isUpgrading);
 
-    operationStateTable = new Object[2];
+    operationStateTable = new Object[3];
     operationStateTable[0] = JCSystem.makeTransientByteArray(DATA_ARRAY_LENGTH, JCSystem.CLEAR_ON_RESET);
     operationStateTable[1] = JCSystem.makeTransientObjectArray(MAX_OPS, JCSystem.CLEAR_ON_RESET);
+    operationStateTable[2] = JCSystem.makeTransientObjectArray(MAX_OPS, JCSystem.CLEAR_ON_RESET);
 
     //Initialize the device locked status
     if (!isUpgrading) {
@@ -170,12 +191,13 @@ public KMOperationState findOperation(byte[] buf, short off, short len) {
     short offset = 0;
     oprTableData = (byte[]) operationStateTable[OPER_TABLE_DATA_OFFSET];
     Object[] operations = (Object[]) operationStateTable[OPER_TABLE_OPR_OFFSET];
+    Object[] hmacSignerOprs = (Object[]) operationStateTable[OPER_TABLE_HMAC_SIGNER_OPR_OFFSET];
     while (index < MAX_OPS) {
       offset = (short) (index * OPER_DATA_LEN);
       if (0 == Util.arrayCompare(buf, off, oprTableData, (short) (offset + OPERATION_HANDLE_OFFSET), len)) {
         return KMOperationState.read(oprTableData, (short) (offset + OPERATION_HANDLE_OFFSET), oprTableData,
             (short) (offset + OPERATION_HANDLE_ENTRY_SIZE),
-            operations[index]);
+            operations[index], hmacSignerOprs[index]);
       }
       index++;
     }
@@ -212,10 +234,11 @@ public KMOperationState reserveOperation(short opHandle) {
     return null;
   }
 
-  public void persistOperation(byte[] data, short opHandle, KMOperation op) {
+  public void persistOperation(byte[] data, short opHandle, KMOperation op, KMOperation hmacSignerOp) {
     short index = 0;
     byte[] oprTableData = (byte[]) operationStateTable[OPER_TABLE_DATA_OFFSET];
     Object[] operations = (Object[]) operationStateTable[OPER_TABLE_OPR_OFFSET];
+    Object[] hmacSignerOprs = (Object[]) operationStateTable[OPER_TABLE_HMAC_SIGNER_OPR_OFFSET];
     short offset = 0;
     short buf = KMByteBlob.instance(OPERATION_HANDLE_SIZE);
     getOperationHandle(
@@ -233,9 +256,10 @@ public void persistOperation(byte[] data, short opHandle, KMOperation op) {
           KMByteBlob.cast(buf).getBuffer(),
           KMByteBlob.cast(buf).getStartOff(),
           KMByteBlob.cast(buf).length()))) {
-        Util.arrayCopy(data, (short) 0, oprTableData, (short) (offset + OPERATION_HANDLE_ENTRY_SIZE),
+        Util.arrayCopyNonAtomic(data, (short) 0, oprTableData, (short) (offset + OPERATION_HANDLE_ENTRY_SIZE),
             KMOperationState.MAX_DATA);
         operations[index] = op;
+        hmacSignerOprs[index] = hmacSignerOp;
         return;
       }
       index++;
@@ -247,15 +271,16 @@ public void persistOperation(byte[] data, short opHandle, KMOperation op) {
       offset = (short) (index * OPER_DATA_LEN);
       if (0 == oprTableData[(short) (offset + OPERATION_HANDLE_STATUS_OFFSET)]) {
         oprTableData[(short) (offset + OPERATION_HANDLE_STATUS_OFFSET)] = 1;/*reserved */
-        Util.arrayCopy(
+        Util.arrayCopyNonAtomic(
             KMByteBlob.cast(buf).getBuffer(),
             KMByteBlob.cast(buf).getStartOff(),
             oprTableData,
             (short) (offset + OPERATION_HANDLE_OFFSET),
             OPERATION_HANDLE_SIZE);
-        Util.arrayCopy(data, (short) 0, oprTableData, (short) (offset + OPERATION_HANDLE_ENTRY_SIZE),
+        Util.arrayCopyNonAtomic(data, (short) 0, oprTableData, (short) (offset + OPERATION_HANDLE_ENTRY_SIZE),
             KMOperationState.MAX_DATA);
         operations[index] = op;
+        hmacSignerOprs[index] = hmacSignerOp;
         break;
       }
       index++;
@@ -266,6 +291,7 @@ public void releaseOperation(KMOperationState op) {
     short index = 0;
     byte[] oprTableData = (byte[]) operationStateTable[OPER_TABLE_DATA_OFFSET];
     Object[] operations = (Object[]) operationStateTable[OPER_TABLE_OPR_OFFSET];
+    Object[] hmacSignerOprs = (Object[]) operationStateTable[OPER_TABLE_HMAC_SIGNER_OPR_OFFSET];
     short offset = 0;
     short buf = KMByteBlob.instance(OPERATION_HANDLE_SIZE);
     getOperationHandle(
@@ -284,6 +310,7 @@ public void releaseOperation(KMOperationState op) {
         Util.arrayFillNonAtomic(oprTableData, offset, OPER_DATA_LEN, (byte) 0);
         op.release();
         operations[index] = null;
+        hmacSignerOprs[index] = null;
         break;
       }
       index++;
@@ -294,6 +321,8 @@ public void releaseAllOperations() {
     short index = 0;
     byte[] oprTableData = (byte[]) operationStateTable[OPER_TABLE_DATA_OFFSET];
     Object[] operations = (Object[]) operationStateTable[OPER_TABLE_OPR_OFFSET];
+    Object[] hmacSignerOprs = (Object[]) operationStateTable[OPER_TABLE_HMAC_SIGNER_OPR_OFFSET];
+    
     short offset = 0;
     while (index < MAX_OPS) {
       offset = (short) (index * OPER_DATA_LEN);
@@ -303,18 +332,15 @@ public void releaseAllOperations() {
           ((KMOperation) operations[index]).abort();
           operations[index] = null;
         }
+        if (hmacSignerOprs[index] != null) {
+            ((KMOperation) hmacSignerOprs[index]).abort();
+            hmacSignerOprs[index] = null;
+        }
       }
       index++;
     }
   }
 
-  public void initComputedHmac(byte[] key, short start, short len) {
-    if (len != COMPUTED_HMAC_KEY_SIZE) {
-      KMException.throwIt(KMError.INVALID_INPUT_LENGTH);
-    }
-    writeDataEntry(COMPUTED_HMAC_KEY, key, start, len);
-  }
-
   public void initHmacNonce(byte[] nonce, short offset, short len) {
     if (len != HMAC_SEED_NONCE_SIZE) {
       KMException.throwIt(KMError.INVALID_INPUT_LENGTH);
@@ -326,10 +352,6 @@ public void clearHmacNonce() {
     clearDataEntry(HMAC_NONCE);
   }
 
-  public void clearComputedHmac() {
-    clearDataEntry(COMPUTED_HMAC_KEY);
-  }
-
   public void onUninstall() {
     // Javacard Runtime environment cleans up the data.
 
@@ -380,6 +402,9 @@ public short allocAvailableMemory() {
   }
 
   public short alloc(short length) {
+    if (length < 0) {
+      ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
+    }
     if ((((short) (heapIndex[0] + length)) > heap.length) ||
         (((short) (heapIndex[0] + length)) > reclaimIndex[0])) {
       ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED);
@@ -388,67 +413,75 @@ public short alloc(short length) {
     return (short) (heapIndex[0] - length);
   }
 
-  private short dataAlloc(short length) {
-    if (((short) (dataIndex + length)) > dataTable.length) {
+  private short dataAlloc(byte bufType, short length) {
+    short maxSize = getMaxLimitSize(bufType);
+    short dataIndex = getDataTableIndex(bufType);
+    if (length < 0) {
+      ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
+    }
+    if (((short) (dataIndex + length)) > maxSize) {
       ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED);
     }
     dataIndex += length;
+    setDataTableIndex(bufType, dataIndex);
     return (short) (dataIndex - length);
   }
 
+  private short getDataTableIndex(byte bufType) {
+    if (bufType == ATTEST_IDS_BUF_TYPE) {
+      return this.attestIdsIndex;
+    } else {
+      return this.dataIndex;
+    }
+  }
+  
+  private void setDataTableIndex(byte bufType, short index) {
+    if (bufType == ATTEST_IDS_BUF_TYPE) {
+      JCSystem.beginTransaction();
+      this.attestIdsIndex = index;
+      JCSystem.commitTransaction();
+    } else {
+      JCSystem.beginTransaction();
+      this.dataIndex = index;
+      JCSystem.commitTransaction();
+    }
+  }
+  
+  private short getMaxLimitSize(byte bufType) {
+    if (bufType == ATTEST_IDS_BUF_TYPE) {
+      return (short) (DATA_INDEX_SIZE * DATA_INDEX_ENTRY_SIZE + KMConfigurations.TOTAL_ATTEST_IDS_SIZE);
+    } else { // Default buf type.
+      return (short) dataTable.length;
+    }
+  }
 
   private void newDataTable(boolean isUpgrading) {
     if (!isUpgrading) {
       if (dataTable == null) {
         dataTable = new byte[DATA_MEM_SIZE];
-        dataIndex = (short) (DATA_INDEX_SIZE * DATA_INDEX_ENTRY_SIZE);
+        attestIdsIndex = (short) (DATA_INDEX_SIZE * DATA_INDEX_ENTRY_SIZE);
+        dataIndex = (short) (attestIdsIndex + KMConfigurations.TOTAL_ATTEST_IDS_SIZE);
       }
     }
   }
 
-  public void restoreData(short blob) {
-    JCSystem.beginTransaction();
-    Util.arrayCopy(
-        KMByteBlob.cast(blob).getBuffer(), KMByteBlob.cast(blob).getStartOff(), dataTable,
-        (short) 0,
-        KMByteBlob.cast(blob).length()
-    );
-    JCSystem.commitTransaction();
-  }
-
   public byte[] getDataTable() {
     return dataTable;
   }
 
   private void clearDataEntry(short id) {
-    JCSystem.beginTransaction();
     id = (short) (id * DATA_INDEX_ENTRY_SIZE);
     short dataLen = Util.getShort(dataTable, (short) (id + DATA_INDEX_ENTRY_LENGTH));
     if (dataLen != 0) {
       short dataPtr = Util.getShort(dataTable, (short) (id + DATA_INDEX_ENTRY_OFFSET));
+      JCSystem.beginTransaction();
       Util.arrayFillNonAtomic(dataTable, dataPtr, dataLen, (byte) 0);
+      JCSystem.commitTransaction();
     }
-    JCSystem.commitTransaction();
   }
 
   private void writeDataEntry(short id, byte[] buf, short offset, short len) {
-    JCSystem.beginTransaction();
-    short dataPtr;
-    id = (short) (id * DATA_INDEX_ENTRY_SIZE);
-    short dataLen = Util.getShort(dataTable, (short) (id + DATA_INDEX_ENTRY_LENGTH));
-    if (dataLen == 0) {
-      dataPtr = dataAlloc(len);
-      Util.setShort(dataTable, (short) (id + DATA_INDEX_ENTRY_OFFSET), dataPtr);
-      Util.setShort(dataTable, (short) (id + DATA_INDEX_ENTRY_LENGTH), len);
-      Util.arrayCopyNonAtomic(buf, offset, dataTable, dataPtr, len);
-    } else {
-      if (len != dataLen) {
-        KMException.throwIt(KMError.UNKNOWN_ERROR);
-      }
-      dataPtr = Util.getShort(dataTable, (short) (id + DATA_INDEX_ENTRY_OFFSET));
-      Util.arrayCopyNonAtomic(buf, offset, dataTable, dataPtr, len);
-    }
-    JCSystem.commitTransaction();
+    writeDataEntry(DEFAULT_BUF_TYPE, id, buf, offset, len);
   }
 
   private short readDataEntry(short id, byte[] buf, short offset) {
@@ -465,6 +498,32 @@ private short readDataEntry(short id, byte[] buf, short offset) {
     return len;
   }
 
+  private void writeDataEntry(byte bufType, short id, byte[] buf, short offset, short len) {
+    short dataPtr;
+    id = (short) (id * DATA_INDEX_ENTRY_SIZE);
+    short dataLen = Util.getShort(dataTable, (short) (id + DATA_INDEX_ENTRY_LENGTH));
+    if (dataLen == 0) {
+      dataPtr = dataAlloc(bufType, len);
+      // Begin Transaction
+      JCSystem.beginTransaction();
+      Util.setShort(dataTable, (short) (id + DATA_INDEX_ENTRY_OFFSET), dataPtr);
+      Util.setShort(dataTable, (short) (id + DATA_INDEX_ENTRY_LENGTH), len);
+      Util.arrayCopyNonAtomic(buf, offset, dataTable, dataPtr, len);
+      JCSystem.commitTransaction();
+      // End Transaction
+    } else {
+      if (len != dataLen) {
+        KMException.throwIt(KMError.UNKNOWN_ERROR);
+      }
+      dataPtr = Util.getShort(dataTable, (short) (id + DATA_INDEX_ENTRY_OFFSET));
+      // Begin Transaction
+      JCSystem.beginTransaction();
+      Util.arrayCopyNonAtomic(buf, offset, dataTable, dataPtr, len);
+      JCSystem.commitTransaction();
+      // End Transaction
+    }
+  }
+
   private short dataLength(short id) {
     id = (short) (id * DATA_INDEX_ENTRY_SIZE);
     return Util.getShort(dataTable, (short) (id + DATA_INDEX_ENTRY_LENGTH));
@@ -483,7 +542,7 @@ public short getComputedHmacKey() {
   }
 
   public void persistAttId(byte id, byte[] buf, short start, short len) {
-    writeDataEntry(id, buf, start, len);
+    writeDataEntry(ATTEST_IDS_BUF_TYPE, id, buf, start, len);
   }
 
   public short getAttId(byte id) {
@@ -491,14 +550,10 @@ public short getAttId(byte id) {
   }
 
   public void deleteAttIds() {
-    clearDataEntry(ATT_ID_BRAND);
-    clearDataEntry(ATT_ID_MEID);
-    clearDataEntry(ATT_ID_DEVICE);
-    clearDataEntry(ATT_ID_IMEI);
-    clearDataEntry(ATT_ID_MODEL);
-    clearDataEntry(ATT_ID_PRODUCT);
-    clearDataEntry(ATT_ID_SERIAL);
-    clearDataEntry(ATT_ID_MANUFACTURER);
+    JCSystem.beginTransaction();
+    attestIdsIndex = (DATA_INDEX_SIZE * DATA_INDEX_ENTRY_SIZE);
+    Util.arrayFillNonAtomic(dataTable, attestIdsIndex, KMConfigurations.TOTAL_ATTEST_IDS_SIZE, (byte) 0);
+    JCSystem.commitTransaction();
   }
 
   public short getIssuer() {
@@ -506,32 +561,39 @@ public short getIssuer() {
   }
 
   public short readData(short id) {
-    short blob = KMByteBlob.instance(dataLength(id));
-    if (readDataEntry(id, KMByteBlob.cast(blob).getBuffer(), KMByteBlob.cast(blob).getStartOff())
-        == 0) {
-      return 0;
+    short len = dataLength(id);
+    if (len != 0) {
+      short blob = KMByteBlob.instance(len);
+      readDataEntry(id, KMByteBlob.cast(blob).getBuffer(), KMByteBlob.cast(blob).getStartOff());
+      return blob;
     }
-    return blob;
+    return KMType.INVALID_VALUE;
   }
 
-  public void setIssuer(byte[] buf, short start, short len) {
-    writeDataEntry(CERT_ISSUER, buf, start, len);
+  public short readData(byte[] dataTable, short id, byte[] buf, short startOff, short bufLen) {
+    id = (short) (id * DATA_INDEX_ENTRY_SIZE);
+    short len = Util.getShort(dataTable, (short) (id + DATA_INDEX_ENTRY_LENGTH));
+    if (len > bufLen) {
+      return KMType.INVALID_VALUE;
+    }
+    if (len != 0) {
+      Util.arrayCopyNonAtomic(
+          dataTable,
+          Util.getShort(dataTable, (short) (id + DATA_INDEX_ENTRY_OFFSET)),
+          buf,
+          startOff,
+          len);
+    }
+    return len;
   }
 
-
   public short getCertExpiryTime() {
     return readData(CERT_EXPIRY_TIME);
   }
 
-  public void setCertExpiryTime(byte[] buf, short start, short len) {
-    writeDataEntry(CERT_EXPIRY_TIME, buf, start, len);
-  }
-
-  private static final byte[] zero = {0, 0, 0, 0, 0, 0, 0, 0};
-
   public short getOsVersion() {
     short blob = readData(BOOT_OS_VERSION);
-    if (blob != 0) {
+    if (blob != KMType.INVALID_VALUE) {
       return KMInteger.uint_32(
           KMByteBlob.cast(blob).getBuffer(), KMByteBlob.cast(blob).getStartOff());
     } else {
@@ -541,7 +603,7 @@ public short getOsVersion() {
 
   public short getVendorPatchLevel() {
     short blob = readData(VENDOR_PATCH_LEVEL);
-    if (blob != 0) {
+    if (blob != KMType.INVALID_VALUE) {
       return KMInteger.uint_32(
           KMByteBlob.cast(blob).getBuffer(), KMByteBlob.cast(blob).getStartOff());
     } else {
@@ -551,7 +613,7 @@ public short getVendorPatchLevel() {
 
   public short getBootPatchLevel() {
     short blob = readData(BOOT_PATCH_LEVEL);
-    if (blob != 0) {
+    if (blob != KMType.INVALID_VALUE) {
       return KMInteger.uint_32(
           KMByteBlob.cast(blob).getBuffer(), KMByteBlob.cast(blob).getStartOff());
     } else {
@@ -561,7 +623,7 @@ public short getBootPatchLevel() {
 
   public short getOsPatch() {
     short blob = readData(BOOT_OS_PATCH_LEVEL);
-    if (blob != 0) {
+    if (blob != KMType.INVALID_VALUE) {
       return KMInteger.uint_32(
           KMByteBlob.cast(blob).getBuffer(), KMByteBlob.cast(blob).getStartOff());
     } else {
@@ -617,27 +679,39 @@ public short getVerifiedBootHash() {
 
   public boolean getBootLoaderLock() {
     short blob = readData(BOOT_DEVICE_LOCKED_STATUS);
-    return (byte) ((getHeap())[KMByteBlob.cast(blob).getStartOff()] & 0xFE) != 0;
+    if (blob == KMType.INVALID_VALUE) {
+      KMException.throwIt(KMError.INVALID_DATA);
+    }
+    return (byte) ((getHeap())[KMByteBlob.cast(blob).getStartOff()]) == 0x01;
   }
 
   public byte getBootState() {
     short blob = readData(BOOT_VERIFIED_BOOT_STATE);
+    if (blob == KMType.INVALID_VALUE) {
+      KMException.throwIt(KMError.INVALID_DATA);
+    }
     return (getHeap())[KMByteBlob.cast(blob).getStartOff()];
   }
 
   public boolean getDeviceLock() {
     short blob = readData(DEVICE_LOCKED);
-    return (byte) ((getHeap())[KMByteBlob.cast(blob).getStartOff()] & 0xFE) != 0;
+    if (blob == KMType.INVALID_VALUE) {
+      KMException.throwIt(KMError.INVALID_DATA);
+    }
+    return (byte) ((getHeap())[KMByteBlob.cast(blob).getStartOff()]) == 0x01;
   }
 
   public boolean getDeviceLockPasswordOnly() {
-    short blob = readData(DEVICE_LOCKED);
-    return (byte) ((getHeap())[KMByteBlob.cast(blob).getStartOff()] & 0xFD) != 0;
+    short blob = readData(DEVICE_LOCKED_PASSWORD_ONLY);
+    if (blob == KMType.INVALID_VALUE) {
+      KMException.throwIt(KMError.INVALID_DATA);
+    }
+    return (byte) ((getHeap())[KMByteBlob.cast(blob).getStartOff()]) == 0x01;
   }
 
   public short getDeviceTimeStamp() {
     short blob = readData(DEVICE_LOCKED_TIME);
-    if (blob != 0) {
+    if (blob != KMType.INVALID_VALUE) {
       return KMInteger.uint_64(KMByteBlob.cast(blob).getBuffer(),
           KMByteBlob.cast(blob).getStartOff());
     } else {
@@ -675,33 +749,33 @@ public void clearAndroidSystemProperties() {
   }
 
   public void setBootloaderLocked(boolean flag) {
-    short start = alloc(DEVICE_LOCK_FLAG_SIZE);
+    short start = alloc(BOOT_DEVICE_LOCK_FLAG_SIZE);
     if (flag) {
-      (getHeap())[start] = (byte) ((getHeap())[start] | 0x01);
+      (getHeap())[start] = (byte) 0x01;
     } else {
-      (getHeap())[start] = (byte) ((getHeap())[start] & 0xFE);
+      (getHeap())[start] = (byte) 0x00;
     }
-    writeDataEntry(BOOT_DEVICE_LOCKED_STATUS, getHeap(), start, DEVICE_LOCK_FLAG_SIZE);
+    writeDataEntry(BOOT_DEVICE_LOCKED_STATUS, getHeap(), start, BOOT_DEVICE_LOCK_FLAG_SIZE);
   }
 
   public void setDeviceLock(boolean flag) {
-    short start = alloc(DEVICE_LOCK_FLAG_SIZE);
+    short start = alloc(DEVICE_LOCKED_FLAG_SIZE);
     if (flag) {
-      (getHeap())[start] = (byte) ((getHeap())[start] | 0x01);
+      (getHeap())[start] = (byte) 0x01;
     } else {
-      (getHeap())[start] = (byte) ((getHeap())[start] & 0xFE);
+      (getHeap())[start] = (byte) 0x00;
     }
-    writeDataEntry(DEVICE_LOCKED, getHeap(), start, DEVICE_LOCK_FLAG_SIZE);
+    writeDataEntry(DEVICE_LOCKED, getHeap(), start, DEVICE_LOCKED_FLAG_SIZE);
   }
 
   public void setDeviceLockPasswordOnly(boolean flag) {
-    short start = alloc(DEVICE_LOCK_FLAG_SIZE);
+    short start = alloc(DEVICE_LOCKED_PASSWORD_ONLY_SIZE);
     if (flag) {
-      (getHeap())[start] = (byte) ((getHeap())[start] | 0x02);
+      (getHeap())[start] = (byte) 0x01;
     } else {
-      (getHeap())[start] = (byte) ((getHeap())[start] & 0xFD);
+      (getHeap())[start] = (byte) 0x00;
     }
-    writeDataEntry(DEVICE_LOCKED, getHeap(), start, DEVICE_LOCK_FLAG_SIZE);
+    writeDataEntry(DEVICE_LOCKED_PASSWORD_ONLY, getHeap(), start, DEVICE_LOCKED_PASSWORD_ONLY_SIZE);
   }
 
   public void setDeviceLockTimestamp(byte[] buf, short start, short len) {
@@ -743,22 +817,139 @@ public void setBootState(byte state) {
     writeDataEntry(BOOT_VERIFIED_BOOT_STATE, getHeap(), start, BOOT_STATE_SIZE);
   }
 
+  private boolean isAuthTagSlotAvailable(short tagId, byte[] buf, short offset) {
+    readDataEntry(tagId, buf, offset);
+    return (0 == buf[offset]);
+  }
+
+  private void writeAuthTagState(byte[] buf, short offset, byte state) {
+    buf[offset] = state;
+  }
+
+  public boolean persistAuthTag(short authTag) {
+
+    if (KMByteBlob.cast(authTag).length() != AUTH_TAG_LENGTH) {
+      KMException.throwIt(KMError.INVALID_INPUT_LENGTH);
+    }
+
+    short authTagEntry = alloc(AUTH_TAG_ENTRY_SIZE);
+    short scratchPadOff = alloc(AUTH_TAG_ENTRY_SIZE);
+    byte[] scratchPad = getHeap();
+    writeAuthTagState(getHeap(), authTagEntry, (byte) 1);
+    Util.arrayCopyNonAtomic(
+        KMByteBlob.cast(authTag).getBuffer(),
+        KMByteBlob.cast(authTag).getStartOff(),
+        getHeap(), (short) (authTagEntry + 1), AUTH_TAG_LENGTH);
+    Util.setShort(getHeap(), (short) (authTagEntry + AUTH_TAG_LENGTH + 1 + 2),
+        (short) 1);
+    short index = 0;
+    while (index < MAX_BLOB_STORAGE) {
+      if ((dataLength((short) (index + AUTH_TAG_1)) == 0) ||
+          isAuthTagSlotAvailable((short) (index + AUTH_TAG_1), scratchPad, scratchPadOff)) {
+
+        writeDataEntry((short) (index + AUTH_TAG_1), getHeap(), authTagEntry, AUTH_TAG_ENTRY_SIZE);
+        return true;
+      }
+      index++;
+    }
+    return false;
+  }
+
+  public void removeAllAuthTags() {
+    short index = 0;
+    while (index < MAX_BLOB_STORAGE) {
+      clearDataEntry((short) (index + AUTH_TAG_1));
+      index++;
+    }
+  }
+
+  public boolean isAuthTagPersisted(short authTag) {
+    return (KMType.INVALID_VALUE != findTag(authTag));
+  }
+
+  private short findTag(short authTag) {
+    if (KMByteBlob.cast(authTag).length() != AUTH_TAG_LENGTH) {
+      KMException.throwIt(KMError.INVALID_INPUT_LENGTH);
+    }
+    short index = 0;
+    short found;
+    short offset = alloc(AUTH_TAG_ENTRY_SIZE);
+    while (index < MAX_BLOB_STORAGE) {
+      if (dataLength((short) (index + AUTH_TAG_1)) != 0) {
+        readDataEntry((short) (index + AUTH_TAG_1),
+            getHeap(), offset);
+        found =
+            Util.arrayCompare(
+                getHeap(),
+                (short) (offset + 1),
+                KMByteBlob.cast(authTag).getBuffer(),
+                KMByteBlob.cast(authTag).getStartOff(),
+                AUTH_TAG_LENGTH);
+        if (found == 0) {
+          return (short) (index + AUTH_TAG_1);
+        }
+      }
+      index++;
+    }
+    return KMType.INVALID_VALUE;
+  }
+
+  public short getRateLimitedKeyCount(short authTag, byte[] out, short outOff) {
+    short tag = findTag(authTag);
+    short blob;
+    if (tag != KMType.INVALID_VALUE) {
+      blob = readData(tag);
+      Util.arrayCopyNonAtomic(
+          KMByteBlob.cast(blob).getBuffer(),
+          (short) (KMByteBlob.cast(blob).getStartOff() + AUTH_TAG_LENGTH + 1),
+          out,
+          outOff,
+          AUTH_TAG_COUNTER_SIZE);
+      return AUTH_TAG_COUNTER_SIZE;
+    }
+    return (short) 0;
+  }
+
+  public void setRateLimitedKeyCount(short authTag, byte[] buf, short off, short len) {
+    short tag = findTag(authTag);
+    if (tag != KMType.INVALID_VALUE) {
+      short dataPtr = readData(tag);
+      Util.arrayCopyNonAtomic(
+          buf,
+          off,
+          KMByteBlob.cast(dataPtr).getBuffer(),
+          (short) (KMByteBlob.cast(dataPtr).getStartOff() + AUTH_TAG_LENGTH + 1),
+          len);
+      writeDataEntry(tag,
+          KMByteBlob.cast(dataPtr).getBuffer(),
+          KMByteBlob.cast(dataPtr).getStartOff(),
+          KMByteBlob.cast(dataPtr).length());
+    }
+  }
+
   @Override
   public void onSave(Element ele) {
     ele.write(dataIndex);
     ele.write(dataTable);
+    ele.write(attestIdsIndex);
   }
 
   @Override
-  public void onRestore(Element ele) {
+  public void onRestore(Element ele, short oldVersion, short currentVersion) {
     dataIndex = ele.readShort();
     dataTable = (byte[]) ele.readObject();
+    if (oldVersion == 0) {
+      // Previous versions does not contain version information.
+      handleDataUpgradeToVersion1_1();
+    } else {
+      attestIdsIndex = ele.readShort();
+    }
   }
 
   @Override
   public short getBackupPrimitiveByteCount() {
     // dataIndex
-    return (short) 2;
+    return (short) 4;
   }
 
   @Override
@@ -766,4 +957,66 @@ public short getBackupObjectCount() {
     // dataTable
     return (short) 1;
   }
+
+  public boolean getBootEndedStatus() {
+    short blob = readData(BOOT_ENDED_STATUS);
+    if (blob == KMType.INVALID_VALUE) {
+      KMException.throwIt(KMError.INVALID_DATA);
+    }
+    return (byte) ((getHeap())[KMByteBlob.cast(blob).getStartOff()]) == 0x01;
+  }
+  
+  public void setBootEndedStatus(boolean flag) {
+    short start = alloc(BOOT_ENDED_STATUS);
+    if (flag) {
+      (getHeap())[start] = (byte) 0x01;
+    } else {
+      (getHeap())[start] = (byte) 0x00;
+    }
+    writeDataEntry(BOOT_ENDED_STATUS, getHeap(), start, BOOT_ENDED_FLAG_SIZE);
+  }
+  
+  public boolean getEarlyBootEndedStatus() {
+    short blob = readData(EARLY_BOOT_ENDED_STATUS);
+    if (blob == KMType.INVALID_VALUE) {
+      KMException.throwIt(KMError.INVALID_DATA);
+    }
+    return (byte) ((getHeap())[KMByteBlob.cast(blob).getStartOff()]) == 0x01;
+  }
+	  
+  public void setEarlyBootEndedStatus(boolean flag) {
+    short start = alloc(EARLY_BOOT_ENDED_STATUS);
+    if (flag) {
+      (getHeap())[start] = (byte) 0x01;
+    } else {
+      (getHeap())[start] = (byte) 0x00;
+    }
+    writeDataEntry(EARLY_BOOT_ENDED_STATUS, getHeap(), start, EARLY_BOOT_ENDED_FLAG_SIZE);
+  }
+  
+  public void handleDataUpgradeToVersion1_1() {
+    byte[] oldDataTable = dataTable;
+    dataTable = new byte[2048];
+    attestIdsIndex = (short) (DATA_INDEX_SIZE * DATA_INDEX_ENTRY_SIZE);
+    dataIndex = (short) (attestIdsIndex + KMConfigurations.TOTAL_ATTEST_IDS_SIZE);
+    // temp buffer.
+    short startOffset = alloc((short) 256);
+
+    short index = ATT_ID_BRAND;
+    short len = 0;
+    while (index <= DEVICE_LOCKED) {
+      len = readData(oldDataTable, index, heap, startOffset, (short) 256);
+      writeDataEntry(index, heap, startOffset, len);
+      index++;
+    }
+    // set default values for the new IDS.
+    setDeviceLockPasswordOnly(false);
+    setBootEndedStatus(false);
+    setEarlyBootEndedStatus(false);
+
+    // Request object deletion
+    oldDataTable = null;
+    JCSystem.requestObjectDeletion();
+  }
+   
 }
diff --git a/Applet/src/com/android/javacard/keymaster/KMSEProvider.java b/Applet/src/com/android/javacard/keymaster/KMSEProvider.java
index 167aa5b2..dbfa3710 100644
--- a/Applet/src/com/android/javacard/keymaster/KMSEProvider.java
+++ b/Applet/src/com/android/javacard/keymaster/KMSEProvider.java
@@ -25,6 +25,11 @@
  */
 public interface KMSEProvider extends KMUpgradable {
 
+  // Provision related constants.
+  public static final byte CERTIFICATE_CHAIN = 0;
+  public static final byte CERTIFICATE_EXPIRY = 1;
+  public static final byte CERTIFICATE_ISSUER = 2;
+
   /**
    * Create a symmetric key instance. If the algorithm and/or keysize are not supported then it
    * should throw a CryptoException.
@@ -223,7 +228,7 @@ boolean aesGCMDecrypt(
    * This is a oneshot operation that performs key derivation function using cmac kdf (CKDF) as
    * defined in android keymaster hal definition.
    *
-   * @param instance of pre-shared key.
+   * @param hmacKey instance of pre-shared key.
    * @param label is the label to be used for ckdf.
    * @param labelStart is the start of label.
    * @param labelLen is the length of the label.
@@ -272,7 +277,7 @@ short hmacSign(
    * This is a oneshot operation that signs the data using hmac algorithm. This is used to derive
    * the key, which is used to encrypt the keyblob.
    *
-   * @param instance of masterkey.
+   * @param masterKey instance of masterkey.
    * @param data is the buffer containing data to be signed.
    * @param dataStart is the start of the data.
    * @param dataLength is the length of the data.
@@ -281,7 +286,7 @@ short hmacSign(
    * @return length of the signature buffer in bytes.
    */
   short hmacKDF(
-      KMMasterKey masterkey,
+      KMMasterKey masterKey,
       byte[] data,
       short dataStart,
       short dataLength,
@@ -291,9 +296,7 @@ short hmacKDF(
   /**
    * This is a oneshot operation that verifies the signature using hmac algorithm.
    *
-   * @param keyBuf is the buffer with hmac key.
-   * @param keyStart is the start of the buffer.
-   * @param keyLength is the length of the buffer which will be in bytes from 8 to 64.
+   * @param hmacKey instance of KMComputedHmacKey.
    * @param data is the buffer containing data.
    * @param dataStart is the start of the data.
    * @param dataLength is the length of the data.
@@ -303,9 +306,7 @@ short hmacKDF(
    * @return true if the signature matches.
    */
   boolean hmacVerify(
-      byte[] keyBuf,
-      short keyStart,
-      short keyLength,
+      KMComputedHmacKey hmacKey,
       byte[] data,
       short dataStart,
       short dataLength,
@@ -347,7 +348,7 @@ short rsaDecipherOAEP256(
   /**
    * This is a oneshot operation that signs the data using EC private key.
    *
-   * @param instance of KMAttestationKey.
+   * @param ecPrivKey instance of KMAttestationKey.
    * @param inputDataBuf is the buffer of the input data.
    * @param inputDataStart is the start of the input data buffer.
    * @param inputDataLength is the length of the inpur data buffer in bytes.
@@ -400,6 +401,14 @@ KMOperation initSymmetricOperation(
       short ivLength,
       short macLength);
 
+  /**
+   * Initializes the trusted confirmation operation.
+   *
+   * @param computedHmacKey Instance of the computed Hmac key.
+   * @return instance of KMOperation.
+   */
+  KMOperation initTrustedConfirmationSymmetricOperation(KMComputedHmacKey computedHmacKey);
+
   /**
    * This creates a persistent operation for signing, verify, encryption and decryption using RSA
    * and EC algorithms when keymaster hal's beginOperation function is executed. For RSA the public
@@ -445,35 +454,43 @@ KMOperation initAsymmetricOperation(
   KMAttestationCert getAttestationCert(boolean rsaCert);
 
   /**
-   * This operation persists the certificate chain in the persistent memory in multiple requests.
+   * Returns the implementation of the PKCS8 decoder.
    *
-   * @param buf buffer containing certificate chain.
-   * @param offset is the start of the buffer.
-   * @param len is the length of the buffer.
-   * @param totalLen is the total length of cert chain.
+   * @return Instance of PKCS8 decoder.
    */
-  void persistPartialCertificateChain(byte[] buf, short offset, short len, short totalLen);
+  KMPKCS8Decoder getPKCS8DecoderInstance();
 
   /**
-   * This operation clears the certificate chain from persistent memory.
+   * This operation persists the provision data in the persistent memory.
+   *
+   * @param buf buffer which contains all the provision data.
+   * @param certChainOff is the start of the cert chain.
+   * @param certChainLen is the length of the cert chain.
+   * @param certIssuerOff is the start of the cert issuer.
+   * @param certIssuerLen is the length of the cert issuer.
+   * @param certExpiryOff is the start of the cert expiry.
+   * @param certExpiryLen is the length of the cert expiry.
    */
-  void clearCertificateChain();
+  void persistProvisionData(byte[] buf, short certChainOff, short certChainLen,
+      short certIssuerOff, short certIssuerLen, short certExpiryOff, short certExpiryLen);
 
   /**
-   * The operation reads the certificate chain from persistent memory.
+   * The operation reads the provisioned data from persistent memory.
    *
+   * @param dataType type of the provision data to read.
    * @param buf is the start of data buffer.
    * @param offset is the start of the data.
    * @return the length of the data buffer in bytes.
    */
-  short readCertificateChain(byte[] buf, short offset);
+  short readProvisionedData(byte dataType, byte[] buf, short offset);
 
   /**
-   * This function returns the cert chain length.
+   * This function returns the provisioned data length.
    *
+   * @param dataType type of the provision data to read.
    * @return length of the certificate chain.
    */
-  short getCertificateChainLength();
+  short getProvisionedDataLength(byte dataType);
 
   /**
    * This function tells if boot signal event is supported or not.
@@ -538,6 +555,16 @@ KMOperation initAsymmetricOperation(
    */
   KMPreSharedKey createPresharedKey(byte[] keyData, short offset, short length);
 
+  /**
+   * This function creates an HMACKey and initializes the key with the provided input key data.
+   *
+   * @param keyData buffer containing the key data.
+   * @param offset start of the buffer.
+   * @param length length of the buffer.
+   * @return An instance of the KMComputedHmacKey.
+   */
+  KMComputedHmacKey createComputedHmacKey(byte[] keyData, short offset, short length);
+
   /**
    * Returns the master key.
    *
@@ -560,9 +587,28 @@ KMOperation initAsymmetricOperation(
   KMPreSharedKey getPresharedKey();
 
   /**
-   * Releases all the instance back to pool.
-   * Generally this is used when card is reset.
+   * Returns the computed Hmac key.
+   *
+   * @return Instance of the computed hmac key.
+   */
+  KMComputedHmacKey getComputedHmacKey();
+
+  /**
+   * Releases all the instance back to pool. Generally this is used when card is reset.
    */
   void releaseAllOperations();
 
+  /**
+   * This is a one-shot operation the does digest of the input mesage.
+   *
+   * @param inBuff input buffer to be digested.
+   * @param inOffset start offset of the input buffer.
+   * @param inLength length of the input buffer.
+   * @param outBuff is the output buffer that contains the digested data.
+   * @param outOffset start offset of the digested output buffer.
+   * @return length of the digested data.
+   */
+  short messageDigest256(byte[] inBuff, short inOffset, short inLength, byte[] outBuff,
+      short outOffset);
+
 }
diff --git a/Applet/src/com/android/javacard/keymaster/KMType.java b/Applet/src/com/android/javacard/keymaster/KMType.java
index f571275c..00704df2 100644
--- a/Applet/src/com/android/javacard/keymaster/KMType.java
+++ b/Applet/src/com/android/javacard/keymaster/KMType.java
@@ -186,6 +186,8 @@ public abstract class KMType {
   public static final short USERID = 0x01F5;
   // Auth Timeout
   public static final short AUTH_TIMEOUT = 0x01F9;
+  // Auth Timeout in Milliseconds
+  public static final short AUTH_TIMEOUT_MILLIS = 0x7FFF;
   // OS Version
   public static final short OS_VERSION = 0x02C1;
   // OS Patch Level
diff --git a/Applet/src/com/android/javacard/keymaster/KMUpgradable.java b/Applet/src/com/android/javacard/keymaster/KMUpgradable.java
index 0a241652..87204a06 100644
--- a/Applet/src/com/android/javacard/keymaster/KMUpgradable.java
+++ b/Applet/src/com/android/javacard/keymaster/KMUpgradable.java
@@ -21,7 +21,7 @@ public interface KMUpgradable {
 
   void onSave(Element ele);
 
-  void onRestore(Element ele);
+  void onRestore(Element ele, short oldVersion, short currentVersion);
 
   short getBackupPrimitiveByteCount();
 
diff --git a/HAL/keymaster/4.1/CommonUtils.cpp b/HAL/keymaster/4.1/CommonUtils.cpp
index 090c8d0d..476fe68e 100644
--- a/HAL/keymaster/4.1/CommonUtils.cpp
+++ b/HAL/keymaster/4.1/CommonUtils.cpp
@@ -212,7 +212,7 @@ pubModulus) {
         return legacy_enum_conversion(TranslateLastOpenSslError());
     }
 
-    UniquePtr rsa_key(EVP_PKEY_get1_RSA(pkey));
+    UniquePtr rsa_key(EVP_PKEY_get1_RSA(pkey));
     if(!rsa_key.get()) {
         return legacy_enum_conversion(TranslateLastOpenSslError());
     }
diff --git a/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp b/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp
index 95de2096..9df7b6d4 100644
--- a/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp
+++ b/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp
@@ -17,14 +17,12 @@
 
 #include 
 #include 
-#include 
-#include 
 #include 
 #include 
 #include 
 #include 
 #include 
-#include 
+#include 
 #include 
 #include 
 #include 
@@ -40,15 +38,16 @@
 
 #define JAVACARD_KEYMASTER_NAME      "JavacardKeymaster4.1Device v1.0"
 #define JAVACARD_KEYMASTER_AUTHOR    "Android Open Source Project"
+#define PROP_BUILD_QEMU              "ro.kernel.qemu"
+#define PROP_BUILD_FINGERPRINT       "ro.build.fingerprint"
+// Cuttlefish build fingerprint substring.
+#define CUTTLEFISH_FINGERPRINT_SS    "aosp_cf_"
 
 #define APDU_CLS 0x80
 #define APDU_P1  0x40
 #define APDU_P2  0x00
 #define APDU_RESP_STATUS_OK 0x9000
 
-#define INS_BEGIN_KM_CMD 0x00
-#define INS_END_KM_PROVISION_CMD 0x20
-#define INS_END_KM_CMD 0x7F
 #define SW_KM_OPR 0UL
 #define SB_KM_OPR 1UL
 #define SE_POWER_RESET_STATUS_FLAG ( 1 << 30)
@@ -69,45 +68,6 @@ struct KM_AUTH_LIST_Delete {
     void operator()(KM_AUTH_LIST* p) { KM_AUTH_LIST_free(p); }
 };
 
-enum class Instruction {
-    // Keymaster commands
-    INS_GENERATE_KEY_CMD = INS_END_KM_PROVISION_CMD+1,
-    INS_IMPORT_KEY_CMD = INS_END_KM_PROVISION_CMD+2,
-    INS_IMPORT_WRAPPED_KEY_CMD = INS_END_KM_PROVISION_CMD+3,
-    INS_EXPORT_KEY_CMD = INS_END_KM_PROVISION_CMD+4,
-    INS_ATTEST_KEY_CMD = INS_END_KM_PROVISION_CMD+5,
-    INS_UPGRADE_KEY_CMD = INS_END_KM_PROVISION_CMD+6,
-    INS_DELETE_KEY_CMD = INS_END_KM_PROVISION_CMD+7,
-    INS_DELETE_ALL_KEYS_CMD = INS_END_KM_PROVISION_CMD+8,
-    INS_ADD_RNG_ENTROPY_CMD = INS_END_KM_PROVISION_CMD+9,
-    INS_COMPUTE_SHARED_HMAC_CMD = INS_END_KM_PROVISION_CMD+10,
-    INS_DESTROY_ATT_IDS_CMD = INS_END_KM_PROVISION_CMD+11,
-    INS_VERIFY_AUTHORIZATION_CMD = INS_END_KM_PROVISION_CMD+12,
-    INS_GET_HMAC_SHARING_PARAM_CMD = INS_END_KM_PROVISION_CMD+13,
-    INS_GET_KEY_CHARACTERISTICS_CMD = INS_END_KM_PROVISION_CMD+14,
-    INS_GET_HW_INFO_CMD = INS_END_KM_PROVISION_CMD+15,
-    INS_BEGIN_OPERATION_CMD = INS_END_KM_PROVISION_CMD+16,
-    INS_UPDATE_OPERATION_CMD = INS_END_KM_PROVISION_CMD+17,
-    INS_FINISH_OPERATION_CMD = INS_END_KM_PROVISION_CMD+18,
-    INS_ABORT_OPERATION_CMD = INS_END_KM_PROVISION_CMD+19,
-    INS_DEVICE_LOCKED_CMD = INS_END_KM_PROVISION_CMD+20,
-    INS_EARLY_BOOT_ENDED_CMD = INS_END_KM_PROVISION_CMD+21,
-    INS_GET_CERT_CHAIN_CMD = INS_END_KM_PROVISION_CMD+22,
-    INS_GET_PROVISION_STATUS_CMD = INS_BEGIN_KM_CMD+8,
-    INS_SET_VERSION_PATCHLEVEL_CMD = INS_BEGIN_KM_CMD+9,
-};
-
-enum ProvisionStatus {
-    NOT_PROVISIONED = 0x00,
-    PROVISION_STATUS_ATTESTATION_KEY = 0x01,
-    PROVISION_STATUS_ATTESTATION_CERT_CHAIN = 0x02,
-    PROVISION_STATUS_ATTESTATION_CERT_PARAMS = 0x04,
-    PROVISION_STATUS_ATTEST_IDS = 0x08,
-    PROVISION_STATUS_PRESHARED_SECRET = 0x10,
-    PROVISION_STATUS_BOOT_PARAM = 0x20,
-    PROVISION_STATUS_PROVISIONING_LOCKED = 0x40,
-};
-
 //Extended error codes
 enum ExtendedErrors {
     SW_CONDITIONS_NOT_SATISFIED = -10001,
@@ -126,9 +86,20 @@ enum ExtendedErrors {
 };
 
 static inline std::unique_ptr& getTransportFactoryInstance() {
+    bool isEmulator = false;
     if(pTransportFactory == nullptr) {
+        // Check if the current build is for emulator or device.
+        isEmulator = android::base::GetBoolProperty(PROP_BUILD_QEMU, false);
+        if (!isEmulator) {
+            std::string fingerprint = android::base::GetProperty(PROP_BUILD_FINGERPRINT, "");
+            if (!fingerprint.empty()) {
+                if (fingerprint.find(CUTTLEFISH_FINGERPRINT_SS, 0) != std::string::npos) {
+                    isEmulator = true;
+                }
+            }
+        }
         pTransportFactory = std::unique_ptr(new se_transport::TransportFactory(
-                    android::base::GetBoolProperty("ro.kernel.qemu", false)));
+                    isEmulator));
         pTransportFactory->openConnection();
     }
     return pTransportFactory;
@@ -202,10 +173,11 @@ static inline OperationType getOperationType(uint64_t operationHandle) {
 
 /* Clears all the strongbox operation handle entries from operation table */
 static void clearStrongboxOprHandleEntries(const std::unique_ptr& oprCtx) {
-    LOG(INFO) << "Secure Element reset or applet upgrade detected. Removing existing operation handles";
+    LOG(INFO)
+        << "Secure Element reset or applet upgrade detected. Removing existing operation handles";
     auto it = operationTable.begin();
     while (it != operationTable.end()) {
-        if (it->second == OperationType::PRIVATE_OPERATION) { //Strongbox operation
+        if (it->second == OperationType::PRIVATE_OPERATION) {  // Strongbox operation
             LOG(INFO) << "operation handle: " << it->first << " is removed";
             oprCtx->clearOperationData(it->first);
             it = operationTable.erase(it);
@@ -392,7 +364,7 @@ uint16_t getStatus(std::vector& inputData) {
     return (inputData.at(inputData.size()-2) << 8) | (inputData.at(inputData.size()-1));
 }
 
-ErrorCode sendData(Instruction ins, std::vector& inData, std::vector& response) {
+ErrorCode JavacardKeymaster4Device::sendData(Instruction ins, std::vector& inData, std::vector& response) {
     ErrorCode ret = ErrorCode::UNKNOWN_ERROR;
     std::vector apdu;
 
@@ -417,11 +389,20 @@ ErrorCode sendData(Instruction ins, std::vector& inData, std::vector& oprCtx) {
+ErrorCode JavacardKeymaster4Device::setAndroidSystemProperties() {
     ErrorCode errorCode = ErrorCode::UNKNOWN_ERROR;
     cppbor::Array array;
     std::unique_ptr item;
@@ -436,7 +417,7 @@ static ErrorCode setAndroidSystemProperties(CborConverter& cborConverter_, const
     if (ErrorCode::OK == errorCode) {
         //Skip last 2 bytes in cborData, it contains status.
         std::tie(item, errorCode) = decodeData(cborConverter_, std::vector(cborOutData.begin(), cborOutData.end()-2),
-                true, oprCtx);
+                true, oprCtx_);
     }
     if (ErrorCode::OK != errorCode) 
         LOG(ERROR) << "Failed to set os_version, os_patchlevel and vendor_patchlevel err: " << (int32_t) errorCode;
@@ -450,11 +431,15 @@ JavacardKeymaster4Device::JavacardKeymaster4Device(): softKm_(new ::keymaster::A
             context->SetSystemVersion(GetOsVersion(), GetOsPatchlevel());
             return context;
             }(),
-            kOperationTableSize)), oprCtx_(new OperationContext()), isEachSystemPropertySet(false) {
+            kOperationTableSize, keymaster::MessageVersion(keymaster::KmVersion::KEYMASTER_4_1,
+                                0 /* km_date */) )), oprCtx_(new OperationContext()),
+                                isEachSystemPropertySet(false), isEarlyBootEventPending(false) {
     // Send Android system properties like os_version, os_patchlevel and vendor_patchlevel
     // to the Applet. Incase if setting system properties fails here, again try setting
     // it from computeSharedHmac.
-    if (ErrorCode::OK == setAndroidSystemProperties(cborConverter_, oprCtx_)) {
+
+    if (ErrorCode::OK == setAndroidSystemProperties()) {
+        LOG(ERROR) << "javacard strongbox : setAndroidSystemProperties from constructor - successful";
         isEachSystemPropertySet = true;
     }
 
@@ -492,7 +477,7 @@ Return JavacardKeymaster4Device::getHardwareInfo(getHardwareInfo_cb _hidl_
     } else {
         // It should not come here, but incase if for any reason SB keymaster fails to getHardwareInfo
         // return proper values from HAL.
-        LOG(ERROR) << "Failed to fetch getHardwareInfo from javacard";
+        LOG(ERROR) << "Failed to fetch getHardwareInfo from javacard returning fixed values from HAL itself";
         _hidl_cb(SecurityLevel::STRONGBOX, JAVACARD_KEYMASTER_NAME, JAVACARD_KEYMASTER_AUTHOR);
         return Void();
     }
@@ -511,28 +496,14 @@ Return JavacardKeymaster4Device::getHmacSharingParameters(getHmacSharingPa
                 true, oprCtx_);
         if (item != nullptr) {
             if(!cborConverter_.getHmacSharingParameters(item, 1, hmacSharingParameters)) {
-                LOG(ERROR) << "Failed to convert cbor data of INS_GET_HMAC_SHARING_PARAM_CMD";
+                LOG(ERROR) << "javacard strongbox : Failed to convert cbor data of INS_GET_HMAC_SHARING_PARAM_CMD";
                 errorCode = ErrorCode::UNKNOWN_ERROR;
             }
         }
+        LOG(DEBUG) << "javacard strongbox : received getHmacSharingParameter from Javacard - successful";
+        // Send earlyBootEnded if there is any pending earlybootEnded event.
+        handleSendEarlyBootEndedEvent();
     }
-#ifdef VTS_EMULATOR
-    /* TODO temporary fix: vold daemon calls performHmacKeyAgreement. At that time when vold calls this API there is no
-     * network connectivity and socket cannot be connected. So as a hack we are calling softkeymaster to getHmacSharing
-     * parameters.
-     */
-    else {
-        auto response = softKm_->GetHmacSharingParameters();
-        LOG(DEBUG) << "INS_GET_HMAC_SHARING_PARAM_CMD not succeded with javacard";
-        LOG(DEBUG) << "Setting software keymaster hmac sharing parameters";
-        hmacSharingParameters.seed.setToExternal(const_cast(response.params.seed.data),
-                response.params.seed.data_length);
-        static_assert(sizeof(response.params.nonce) == hmacSharingParameters.nonce.size(), "Nonce sizes don't match");
-        memcpy(hmacSharingParameters.nonce.data(), response.params.nonce, hmacSharingParameters.nonce.size());
-        errorCode = legacy_enum_conversion(response.error);
-        LOG(DEBUG) << "INS_GET_HMAC_SHARING_PARAM_CMD softkm status: " << (int32_t) errorCode;
-    }
-#endif
     _hidl_cb(errorCode, hmacSharingParameters);
     return Void();
 }
@@ -545,21 +516,25 @@ Return JavacardKeymaster4Device::computeSharedHmac(const hidl_vec tempVec;
     cppbor::Array outerArray;
-#ifndef VTS_EMULATOR
     // The Android system properties like OS_VERSION, OS_PATCHLEVEL and VENDOR_PATCHLEVEL are to 
     // be delivered to the Applet when the HAL is first loaded. Incase if settting system properties
     // failed at construction time then this is one of the ideal places to send this information
     // to the Applet as computeSharedHmac is called everytime when Android device boots.
     if (!isEachSystemPropertySet) {
-        errorCode = setAndroidSystemProperties(cborConverter_);
+        errorCode = setAndroidSystemProperties();
         if (ErrorCode::OK != errorCode) {
             LOG(ERROR) << " Failed to set os_version, os_patchlevel and vendor_patchlevel err: " << (int32_t)errorCode;
             _hidl_cb(errorCode, sharingCheck);
             return Void();
         }
+
+        LOG(ERROR) << "javacard strongbox : setAndroidSystemProperties from ComputeSharedHmac - successful ";
+
         isEachSystemPropertySet = true;
     }
-#endif
+    
+    // Send earlyBootEnded if there is any pending earlybootEnded event.
+    handleSendEarlyBootEndedEvent();
 
     for(size_t i = 0; i < params.size(); ++i) {
         cppbor::Array innerArray;
@@ -576,6 +551,7 @@ Return JavacardKeymaster4Device::computeSharedHmac(const hidl_vec(cborOutData.begin(), cborOutData.end()-2),
                 true, oprCtx_);
@@ -589,34 +565,12 @@ Return JavacardKeymaster4Device::computeSharedHmac(const hidl_vecComputeSharedHmac(request);
-        if (response.error == KM_ERROR_OK) sharingCheck = kmBlob2hidlVec(response.sharing_check);
-        errorCode = legacy_enum_conversion(response.error);
-        LOG(DEBUG) << "INS_COMPUTE_SHARED_HMAC_CMD softkm status: " << (int32_t) errorCode;
-    }
-#endif
+    LOG(ERROR) << "javacard strongbox : computeSharedHmac - sending sharingCheckToKeystore";
+
     _hidl_cb(errorCode, sharingCheck);
     return Void();
- }
+}
 
 Return JavacardKeymaster4Device::verifyAuthorization(uint64_t , const hidl_vec& , const HardwareAuthToken& , verifyAuthorization_cb _hidl_cb) {
     VerificationToken verificationToken;
@@ -652,7 +606,8 @@ Return JavacardKeymaster4Device::generateKey(const hidl_vec&
     ErrorCode errorCode = ErrorCode::UNKNOWN_ERROR;
     KeyCharacteristics keyCharacteristics;
     hidl_vec updatedParams(keyParams);
-
+    // Send earlyBootEnded if there is any pending earlybootEnded event.
+    handleSendEarlyBootEndedEvent();
     if(!findTag(keyParams, Tag::CREATION_DATETIME) &&
             !findTag(keyParams, Tag::ACTIVE_DATETIME)) {
         //Add CREATION_DATETIME in HAL, as secure element is not having clock.
@@ -695,6 +650,8 @@ Return JavacardKeymaster4Device::importKey(const hidl_vec& k
     ErrorCode errorCode = ErrorCode::UNKNOWN_ERROR;
     KeyCharacteristics keyCharacteristics;
     cppbor::Array subArray;
+    // Send earlyBootEnded if there is any pending earlybootEnded event.
+    handleSendEarlyBootEndedEvent();
 
     if(keyFormat != KeyFormat::PKCS8 && keyFormat != KeyFormat::RAW) {
         LOG(ERROR) << "INS_IMPORT_KEY_CMD unsupported key format " << (int32_t)keyFormat;
@@ -702,16 +659,9 @@ Return JavacardKeymaster4Device::importKey(const hidl_vec& k
         return Void();
     }
     cborConverter_.addKeyparameters(array, keyParams);
-    array.add(static_cast(KeyFormat::RAW)); //javacard accepts only RAW.
-    if(ErrorCode::OK != (errorCode = prepareCborArrayFromKeyData(keyParams, keyFormat, keyData, subArray))) {
-        LOG(ERROR) << "INS_IMPORT_KEY_CMD Error in while creating cbor data from key data:" << (int32_t) errorCode;
-        _hidl_cb(errorCode, keyBlob, keyCharacteristics);
-        return Void();
-    }
-    std::vector encodedArray = subArray.encode();
-    cppbor::Bstr bstr(encodedArray.begin(), encodedArray.end());
-    array.add(bstr);
-
+    array.add(static_cast(keyFormat)); //javacard accepts only RAW.
+  
+    array.add(std::vector(keyData));
     std::vector cborData = array.encode();
 
     errorCode = sendData(Instruction::INS_IMPORT_KEY_CMD, cborData, cborOutData);
@@ -750,7 +700,8 @@ Return JavacardKeymaster4Device::importWrappedKey(const hidl_vec&
     hidl_vec authList;
     KeyFormat keyFormat;
     std::vector wrappedKeyDescription;
-
+    // Send earlyBootEnded if there is any pending earlybootEnded event.
+    handleSendEarlyBootEndedEvent();
     if(ErrorCode::OK != (errorCode = parseWrappedKey(wrappedKeyData, iv, transitKey, secureKey,
                     tag, authList, keyFormat, wrappedKeyDescription))) {
         LOG(ERROR) << "INS_IMPORT_WRAPPED_KEY_CMD error while parsing wrapped key status: " << (int32_t) errorCode;
@@ -839,11 +790,11 @@ Return JavacardKeymaster4Device::exportKey(KeyFormat exportFormat, const h
         return Void();
     }
 
-    ExportKeyRequest request;
+    ExportKeyRequest request(softKm_->message_version());
     request.key_format = legacy_enum_conversion(exportFormat);
     request.SetKeyMaterial(keyBlob.data(), keyBlob.size());
 
-    ExportKeyResponse response;
+    ExportKeyResponse response(softKm_->message_version());
     softKm_->ExportKey(request, &response);
 
     if(response.error == KM_ERROR_INCOMPATIBLE_ALGORITHM) {
@@ -996,12 +947,7 @@ Return JavacardKeymaster4Device::destroyAttestationIds() {
     return errorCode;
 }
 
-
-Return JavacardKeymaster4Device::begin(KeyPurpose purpose,
-                                             const hidl_vec& keyBlob,
-                                             const hidl_vec& inParams,
-                                             const HardwareAuthToken& authToken,
-                                             begin_cb _hidl_cb) {
+Return JavacardKeymaster4Device::begin(KeyPurpose purpose, const hidl_vec& keyBlob, const hidl_vec& inParams, const HardwareAuthToken& authToken, begin_cb _hidl_cb) {
     ErrorCode errorCode = ErrorCode::UNKNOWN_ERROR;
     uint64_t operationHandle = 0;
     OperationType operType = OperationType::PRIVATE_OPERATION;
@@ -1022,21 +968,20 @@ Return JavacardKeymaster4Device::begin(KeyPurpose purpose,
     errorCode = handleBeginOperation(purpose, keyBlob, inParams, authToken, outParams,
                                      operationHandle, operType);
     if (errorCode == ErrorCode::OK && isOperationHandleExists(operationHandle)) {
-        LOG(DEBUG) << "Operation handle " << operationHandle << "already exists"
+        LOG(DEBUG) << "Operation handle " << operationHandle
+                   << "already exists"
                       "in the opertion table. so aborting this opertaion.";
         // abort the operation.
         errorCode = abortOperation(operationHandle, operType);
         if (errorCode == ErrorCode::OK) {
             // retry begin to get an another operation handle.
-            errorCode =
-                handleBeginOperation(purpose, keyBlob, inParams, authToken, outParams,
-                                     operationHandle, operType);
+            errorCode = handleBeginOperation(purpose, keyBlob, inParams, authToken, outParams,
+                                             operationHandle, operType);
             if (errorCode == ErrorCode::OK && isOperationHandleExists(operationHandle)) {
                 errorCode = ErrorCode::UNKNOWN_ERROR;
-                LOG(ERROR)
-                    << "INS_BEGIN_OPERATION_CMD: Failed in begin operation as the"
-                       "operation handle already exists in the operation table."
-                    << (int32_t)errorCode;
+                LOG(ERROR) << "INS_BEGIN_OPERATION_CMD: Failed in begin operation as the"
+                              "operation handle already exists in the operation table."
+                           << (int32_t)errorCode;
                 // abort the operation.
                 auto abortErr = abortOperation(operationHandle, operType);
                 if (abortErr != ErrorCode::OK) {
@@ -1048,44 +993,40 @@ Return JavacardKeymaster4Device::begin(KeyPurpose purpose,
     }
     // Create an entry inside the operation table for the new operation
     // handle.
-    if (ErrorCode::OK == errorCode)
-        operationTable[operationHandle] = operType;
+    if (ErrorCode::OK == errorCode) operationTable[operationHandle] = operType;
 
     _hidl_cb(errorCode, outParams, operationHandle);
     return Void();
 }
 
 ErrorCode JavacardKeymaster4Device::handleBeginPublicKeyOperation(
-    KeyPurpose purpose, const hidl_vec& keyBlob,
-    const hidl_vec& inParams, hidl_vec& outParams,
-    uint64_t& operationHandle) {
-    BeginOperationRequest request;
+    KeyPurpose purpose, const hidl_vec& keyBlob, const hidl_vec& inParams,
+    hidl_vec& outParams, uint64_t& operationHandle) {
+    BeginOperationRequest request(softKm_->message_version());
     request.purpose = legacy_enum_conversion(purpose);
     request.SetKeyMaterial(keyBlob.data(), keyBlob.size());
     request.additional_params.Reinitialize(KmParamSet(inParams));
 
-    BeginOperationResponse response;
+    BeginOperationResponse response(softKm_->message_version());
     /* For Symmetric key operation, the BeginOperation returns
      * KM_ERROR_INCOMPATIBLE_ALGORITHM error. */
     softKm_->BeginOperation(request, &response);
     ErrorCode errorCode = legacy_enum_conversion(response.error);
-    LOG(DEBUG) << "INS_BEGIN_OPERATION_CMD softkm BeginOperation status: "
-               << (int32_t)errorCode;
+    LOG(DEBUG) << "INS_BEGIN_OPERATION_CMD softkm BeginOperation status: " << (int32_t)errorCode;
     if (ErrorCode::OK == errorCode) {
         outParams = kmParamSet2Hidl(response.output_params);
         operationHandle = response.op_handle;
     } else {
-        LOG(ERROR)
-                << "INS_BEGIN_OPERATION_CMD error in softkm BeginOperation status: "
-                << (int32_t)errorCode;
+        LOG(ERROR) << "INS_BEGIN_OPERATION_CMD error in softkm BeginOperation status: "
+                   << (int32_t)errorCode;
     }
     return errorCode;
 }
 
 ErrorCode JavacardKeymaster4Device::handleBeginPrivateKeyOperation(
-    KeyPurpose purpose, const hidl_vec& keyBlob,
-    const hidl_vec& inParams, const HardwareAuthToken& authToken,
-    hidl_vec& outParams, uint64_t& operationHandle) {
+    KeyPurpose purpose, const hidl_vec& keyBlob, const hidl_vec& inParams,
+    const HardwareAuthToken& authToken, hidl_vec& outParams,
+    uint64_t& operationHandle) {
     ErrorCode errorCode = ErrorCode::UNKNOWN_ERROR;
     cppbor::Array array;
     std::vector cborOutData;
@@ -1094,6 +1035,8 @@ ErrorCode JavacardKeymaster4Device::handleBeginPrivateKeyOperation(
     KeyCharacteristics keyCharacteristics;
     KeyParameter param;
 
+    // Send earlyBootEnded if there is any pending earlybootEnded event.
+    handleSendEarlyBootEndedEvent();
     /* Convert input data to cbor format */
     array.add(static_cast(purpose));
     array.add(std::vector(keyBlob));
@@ -1119,21 +1062,19 @@ ErrorCode JavacardKeymaster4Device::handleBeginPrivateKeyOperation(
                               errorCode = error;
                               keyCharacteristics = keyChars;
                           });
-    LOG(DEBUG)
-            << "INS_BEGIN_OPERATION_CMD StrongboxKM getKeyCharacteristics status: "
-            << (int32_t)errorCode;
+    LOG(DEBUG) << "INS_BEGIN_OPERATION_CMD StrongboxKM getKeyCharacteristics status: "
+               << (int32_t)errorCode;
 
     if (errorCode == ErrorCode::OK) {
         errorCode = ErrorCode::UNKNOWN_ERROR;
         if (getTag(keyCharacteristics.hardwareEnforced, Tag::ALGORITHM, param)) {
-            errorCode =
-                    sendData(Instruction::INS_BEGIN_OPERATION_CMD, cborData, cborOutData);
+            errorCode = sendData(Instruction::INS_BEGIN_OPERATION_CMD, cborData, cborOutData);
             if (errorCode == ErrorCode::OK) {
                 // Skip last 2 bytes in cborData, it contains status.
-                std::tie(item, errorCode) = decodeData(
-                        cborConverter_,
-                        std::vector(cborOutData.begin(), cborOutData.end() - 2),
-                        true, oprCtx_);
+                std::tie(item, errorCode) =
+                    decodeData(cborConverter_,
+                               std::vector(cborOutData.begin(), cborOutData.end() - 2),
+                               true, oprCtx_);
                 if (item != nullptr) {
                     if (!cborConverter_.getKeyParameters(item, 1, outParams) ||
                         !cborConverter_.getUint64(item, 2, operationHandle)) {
@@ -1141,12 +1082,12 @@ ErrorCode JavacardKeymaster4Device::handleBeginPrivateKeyOperation(
                         outParams.setToExternal(nullptr, 0);
                         operationHandle = 0;
                         LOG(ERROR) << "INS_BEGIN_OPERATION_CMD: error in converting cbor "
-                                   "data, status: "
+                                      "data, status: "
                                    << (int32_t)errorCode;
                     } else {
                         /* Store the operationInfo */
-                        oprCtx_->setOperationInfo(operationHandle, purpose,
-                                                  param.f.algorithm, inParams);
+                        oprCtx_->setOperationInfo(operationHandle, purpose, param.f.algorithm,
+                                                  inParams);
                     }
                 }
             }
@@ -1155,22 +1096,20 @@ ErrorCode JavacardKeymaster4Device::handleBeginPrivateKeyOperation(
                        << (int32_t)Tag::ALGORITHM;
         }
     } else {
-        LOG(ERROR)
-                << "INS_BEGIN_OPERATION_CMD error in getKeyCharacteristics status: "
-                << (int32_t)errorCode;
+        LOG(ERROR) << "INS_BEGIN_OPERATION_CMD error in getKeyCharacteristics status: "
+                   << (int32_t)errorCode;
     }
     return errorCode;
 }
 
 ErrorCode JavacardKeymaster4Device::handleBeginOperation(
-    KeyPurpose purpose, const hidl_vec& keyBlob,
-    const hidl_vec& inParams, const HardwareAuthToken& authToken,
-    hidl_vec& outParams, uint64_t& operationHandle,
-    OperationType& operType) {
+    KeyPurpose purpose, const hidl_vec& keyBlob, const hidl_vec& inParams,
+    const HardwareAuthToken& authToken, hidl_vec& outParams,
+    uint64_t& operationHandle, OperationType& operType) {
     ErrorCode errorCode = ErrorCode::UNKNOWN_ERROR;
     if (operType == OperationType::PUBLIC_OPERATION) {
-        errorCode = handleBeginPublicKeyOperation(purpose, keyBlob, inParams,
-                                                  outParams, operationHandle);
+        errorCode =
+            handleBeginPublicKeyOperation(purpose, keyBlob, inParams, outParams, operationHandle);
 
         // For Symmetric operations handleBeginPublicKeyOperation function
         // returns INCOMPATIBLE_ALGORITHM error. Based on this error
@@ -1181,22 +1120,26 @@ ErrorCode JavacardKeymaster4Device::handleBeginOperation(
     }
 
     if (operType == OperationType::PRIVATE_OPERATION) {
-        errorCode = handleBeginPrivateKeyOperation(
-            purpose, keyBlob, inParams, authToken, outParams, operationHandle);
+        errorCode = handleBeginPrivateKeyOperation(purpose, keyBlob, inParams, authToken, outParams,
+                                                   operationHandle);
     }
     return errorCode;
 }
 
-Return JavacardKeymaster4Device::update(uint64_t operationHandle, const hidl_vec& inParams, const hidl_vec& input, const HardwareAuthToken& authToken, const VerificationToken& verificationToken, update_cb _hidl_cb) {
+Return
+JavacardKeymaster4Device::update(uint64_t operationHandle, const hidl_vec& inParams,
+                                 const hidl_vec& input, const HardwareAuthToken& authToken,
+                                 const VerificationToken& verificationToken, update_cb _hidl_cb) {
     ErrorCode errorCode = ErrorCode::UNKNOWN_ERROR;
     uint32_t inputConsumed = 0;
     hidl_vec outParams;
     hidl_vec output;
-    UpdateOperationResponse response;
+    UpdateOperationResponse response(softKm_->message_version());
     OperationType operType = getOperationType(operationHandle);
-    if (OperationType::UNKNOWN == operType) { // operation handle not found
-        LOG(ERROR) << " Operation handle is invalid. This could happen if invalid operation handle is passed or if"
-            << " secure element reset occurred.";
+    if (OperationType::UNKNOWN == operType) {  // operation handle not found
+        LOG(ERROR) << " Operation handle is invalid. This could happen if invalid operation handle "
+                      "is passed or if"
+                   << " secure element reset occurred.";
         _hidl_cb(ErrorCode::INVALID_OPERATION_HANDLE, inputConsumed, outParams, output);
         return Void();
     }
@@ -1204,7 +1147,7 @@ Return JavacardKeymaster4Device::update(uint64_t operationHandle, const hi
     if (OperationType::PUBLIC_OPERATION == operType) {
         /* SW keymaster (Public key operation) */
         LOG(DEBUG) << "INS_UPDATE_OPERATION_CMD - swkm operation ";
-        UpdateOperationRequest request;
+        UpdateOperationRequest request(softKm_->message_version());
         request.op_handle = operationHandle;
         request.input.Reinitialize(input.data(), input.size());
         request.additional_params.Reinitialize(KmParamSet(inParams));
@@ -1212,14 +1155,14 @@ Return JavacardKeymaster4Device::update(uint64_t operationHandle, const hi
         softKm_->UpdateOperation(request, &response);
         errorCode = legacy_enum_conversion(response.error);
         LOG(DEBUG) << "INS_UPDATE_OPERATION_CMD - swkm update operation status: "
-                   << (int32_t) errorCode;
+                   << (int32_t)errorCode;
         if (response.error == KM_ERROR_OK) {
             inputConsumed = response.input_consumed;
             outParams = kmParamSet2Hidl(response.output_params);
             output = kmBuffer2hidlVec(response.output);
         } else {
-          LOG(ERROR) << "INS_UPDATE_OPERATION_CMD - error swkm update operation status: "
-                     << (int32_t) errorCode;
+            LOG(ERROR) << "INS_UPDATE_OPERATION_CMD - error swkm update operation status: "
+                       << (int32_t)errorCode;
         }
     } else {
         /* Strongbox Keymaster operation */
@@ -1232,20 +1175,24 @@ Return JavacardKeymaster4Device::update(uint64_t operationHandle, const hi
             std::unique_ptr item;
             std::vector cborOutData;
             std::vector asn1ParamsVerified;
-            // For symmetic ciphers only block aligned data is send to javacard Applet to reduce the number of calls to
-            //javacard. If the input message is less than block size then it is buffered inside the HAL. so in case if
+            // For symmetic ciphers only block aligned data is send to javacard Applet to reduce the
+            // number of calls to
+            // javacard. If the input message is less than block size then it is buffered inside the
+            // HAL. so in case if
             // after buffering there is no data to send to javacard don't call javacard applet.
-            //For AES GCM operations, even though the input length is 0(which is not block aligned), if there is
-            //ASSOCIATED_DATA present in KeyParameters. Then we need to make a call to javacard Applet.
-            if(data.size() == 0 && !findTag(inParams, Tag::ASSOCIATED_DATA)) {
-                //Return OK, since this is not error case.
+            // For AES GCM operations, even though the input length is 0(which is not block
+            // aligned), if there is ASSOCIATED_DATA present in KeyParameters. Then we need to make
+            // a call to javacard Applet.
+            if (data.size() == 0 && !findTag(inParams, Tag::ASSOCIATED_DATA)) {
+                // Return OK, since this is not error case.
                 LOG(DEBUG) << "sendDataCallback: data size is zero";
                 return ErrorCode::OK;
             }
 
-            if(ErrorCode::OK != (errorCode = encodeParametersVerified(verificationToken, asn1ParamsVerified))) {
+            if (ErrorCode::OK !=
+                (errorCode = encodeParametersVerified(verificationToken, asn1ParamsVerified))) {
                 LOG(ERROR) << "sendDataCallback: error in encodeParametersVerified status: "
-                           << (int32_t) errorCode;
+                           << (int32_t)errorCode;
                 return errorCode;
             }
 
@@ -1259,43 +1206,50 @@ Return JavacardKeymaster4Device::update(uint64_t operationHandle, const hi
 
             errorCode = sendData(Instruction::INS_UPDATE_OPERATION_CMD, cborData, cborOutData);
 
-            if(errorCode == ErrorCode::OK) {
-                //Skip last 2 bytes in cborData, it contains status.
-                std::tie(item, errorCode) = decodeData(cborConverter_, std::vector(cborOutData.begin(), cborOutData.end()-2),
-                        true, oprCtx_);
+            if (errorCode == ErrorCode::OK) {
+                // Skip last 2 bytes in cborData, it contains status.
+                std::tie(item, errorCode) =
+                    decodeData(cborConverter_,
+                               std::vector(cborOutData.begin(), cborOutData.end() - 2),
+                               true, oprCtx_);
                 if (item != nullptr) {
                     /*Ignore inputConsumed from javacard SE since HAL consumes all the input */
-                    //cborConverter_.getUint64(item, 1, inputConsumed);
-                    //This callback function may gets called multiple times so parse and get the outParams only once.
-                    //Otherwise there can be chance of duplicate entries in outParams. Use tempOut to collect all the
-                    //cipher text and finally copy it to the output. getBinaryArray function appends the new cipher text
-                    //at the end of the tempOut(std::vector).
-                    if((outParams.size() == 0 && !cborConverter_.getKeyParameters(item, 2, outParams)) ||
-                            !cborConverter_.getBinaryArray(item, 3, tempOut)) {
+                    // cborConverter_.getUint64(item, 1, inputConsumed);
+                    // This callback function may gets called multiple times so parse and get the
+                    // outParams only once. Otherwise there can be chance of duplicate entries in
+                    // outParams. Use tempOut to collect all the cipher text and finally copy it to
+                    // the output. getBinaryArray function appends the new cipher text at the end of
+                    // the tempOut(std::vector).
+                    if ((outParams.size() == 0 &&
+                         !cborConverter_.getKeyParameters(item, 2, outParams)) ||
+                        !cborConverter_.getBinaryArray(item, 3, tempOut)) {
                         outParams.setToExternal(nullptr, 0);
                         tempOut.clear();
                         errorCode = ErrorCode::UNKNOWN_ERROR;
-                        LOG(ERROR) << "sendDataCallback: INS_UPDATE_OPERATION_CMD: error while converting cbor data, status: " << (int32_t) errorCode;
+                        LOG(ERROR) << "sendDataCallback: INS_UPDATE_OPERATION_CMD: error while "
+                                      "converting cbor data, status: "
+                                   << (int32_t)errorCode;
                     }
                 }
             }
             return errorCode;
         };
-        if(ErrorCode::OK == (errorCode = oprCtx_->update(operationHandle, std::vector(input),
-                        sendDataCallback))) {
+        if (ErrorCode::OK ==
+            (errorCode =
+                 oprCtx_->update(operationHandle, std::vector(input), sendDataCallback))) {
             /* Consumed all the input */
             inputConsumed = input.size();
             output = tempOut;
         }
-        LOG(DEBUG) << "Update operation status: " << (int32_t) errorCode;
-        if(ErrorCode::OK != errorCode) {
-            LOG(ERROR) << "Error in update operation, status: " << (int32_t) errorCode;
+        LOG(DEBUG) << "Update operation status: " << (int32_t)errorCode;
+        if (ErrorCode::OK != errorCode) {
+            LOG(ERROR) << "Error in update operation, status: " << (int32_t)errorCode;
             abort(operationHandle);
         }
     }
-    if(ErrorCode::OK != errorCode) {
+    if (ErrorCode::OK != errorCode) {
         /* Delete the entry from operation table. */
-        LOG(ERROR) << "Delete entry from operation table, status: " << (int32_t) errorCode;
+        LOG(ERROR) << "Delete entry from operation table, status: " << (int32_t)errorCode;
         operationTable.erase(operationHandle);
     }
 
@@ -1303,16 +1257,21 @@ Return JavacardKeymaster4Device::update(uint64_t operationHandle, const hi
     return Void();
 }
 
-Return JavacardKeymaster4Device::finish(uint64_t operationHandle, const hidl_vec& inParams, const hidl_vec& input, const hidl_vec& signature, const HardwareAuthToken& authToken, const VerificationToken& verificationToken, finish_cb _hidl_cb) {
+Return
+JavacardKeymaster4Device::finish(uint64_t operationHandle, const hidl_vec& inParams,
+                                 const hidl_vec& input, const hidl_vec& signature,
+                                 const HardwareAuthToken& authToken,
+                                 const VerificationToken& verificationToken, finish_cb _hidl_cb) {
     ErrorCode errorCode = ErrorCode::UNKNOWN_ERROR;
     hidl_vec outParams;
     hidl_vec output;
-    FinishOperationResponse response;
+    FinishOperationResponse response(softKm_->message_version());
     OperationType operType = getOperationType(operationHandle);
 
-    if (OperationType::UNKNOWN == operType) { // operation handle not found
-        LOG(ERROR) << " Operation handle is invalid. This could happen if invalid operation handle is passed or if"
-            << " secure element reset occurred.";
+    if (OperationType::UNKNOWN == operType) {  // operation handle not found
+        LOG(ERROR) << " Operation handle is invalid. This could happen if invalid operation handle "
+                      "is passed or if"
+                   << " secure element reset occurred.";
         _hidl_cb(ErrorCode::INVALID_OPERATION_HANDLE, outParams, output);
         return Void();
     }
@@ -1320,7 +1279,7 @@ Return JavacardKeymaster4Device::finish(uint64_t operationHandle, const hi
     if (OperationType::PUBLIC_OPERATION == operType) {
         /* SW keymaster (Public key operation) */
         LOG(DEBUG) << "FINISH - swkm operation ";
-        FinishOperationRequest request;
+        FinishOperationRequest request(softKm_->message_version());
         request.op_handle = operationHandle;
         request.input.Reinitialize(input.data(), input.size());
         request.signature.Reinitialize(signature.data(), signature.size());
@@ -1329,13 +1288,13 @@ Return JavacardKeymaster4Device::finish(uint64_t operationHandle, const hi
         softKm_->FinishOperation(request, &response);
 
         errorCode = legacy_enum_conversion(response.error);
-        LOG(DEBUG) << "FINISH - swkm operation, status: " << (int32_t) errorCode;
+        LOG(DEBUG) << "FINISH - swkm operation, status: " << (int32_t)errorCode;
 
         if (response.error == KM_ERROR_OK) {
             outParams = kmParamSet2Hidl(response.output_params);
             output = kmBuffer2hidlVec(response.output);
         } else {
-            LOG(ERROR) << "Error in finish operation, status: " << (int32_t) errorCode;
+            LOG(ERROR) << "Error in finish operation, status: " << (int32_t)errorCode;
         }
     } else {
         /* Strongbox Keymaster operation */
@@ -1345,8 +1304,8 @@ Return JavacardKeymaster4Device::finish(uint64_t operationHandle, const hi
          * may be called multiple times if the input data is larger than MAX_ALLOWED_INPUT_SIZE.
          * This callback function decides whether to call update/finish instruction based on the
          * input received from the OperationContext through finish variable.
-         * if finish variable is false update instruction is called, if it is true finish instruction
-         * is called.
+         * if finish variable is false update instruction is called, if it is true finish
+         * instruction is called.
          */
         auto sendDataCallback = [&](std::vector& data, bool finish) -> ErrorCode {
             cppbor::Array array;
@@ -1356,23 +1315,26 @@ Return JavacardKeymaster4Device::finish(uint64_t operationHandle, const hi
             int keyParamPos, outputPos;
             std::vector asn1ParamsVerified;
 
-            if(ErrorCode::OK != (errorCode = encodeParametersVerified(verificationToken, asn1ParamsVerified))) {
-                LOG(ERROR) << "sendDataCallback: Error in encodeParametersVerified, status: " << (int32_t) errorCode;
+            if (ErrorCode::OK !=
+                (errorCode = encodeParametersVerified(verificationToken, asn1ParamsVerified))) {
+                LOG(ERROR) << "sendDataCallback: Error in encodeParametersVerified, status: "
+                           << (int32_t)errorCode;
                 return errorCode;
             }
 
-            //In case if there is ASSOCIATED_DATA present in the keyparams, then make sure it is either passed with
-            //update call or finish call. Don't send ASSOCIATED_DATA in both update and finish calls. aadTag is used to
-            //check if ASSOCIATED_DATA is already sent in update call. If addTag is true then skip ASSOCIATED_DATA from
-            //keyparams in finish call.
-            // Convert input data to cbor format
+            // In case if there is ASSOCIATED_DATA present in the keyparams, then make sure it is
+            // either passed with update call or finish call. Don't send ASSOCIATED_DATA in both
+            // update and finish calls. aadTag is used to check if ASSOCIATED_DATA is already sent
+            // in update call. If addTag is true then skip ASSOCIATED_DATA from keyparams in finish
+            // call.
+            //  Convert input data to cbor format
             array.add(operationHandle);
-            if(finish) {
+            if (finish) {
                 std::vector finishParams;
                 LOG(DEBUG) << "sendDataCallback: finish operation";
-                if(aadTag) {
-                    for(int i = 0; i < inParams.size(); i++) {
-                        if(inParams[i].tag != Tag::ASSOCIATED_DATA)
+                if (aadTag) {
+                    for (int i = 0; i < inParams.size(); i++) {
+                        if (inParams[i].tag != Tag::ASSOCIATED_DATA)
                             finishParams.push_back(inParams[i]);
                     }
                 } else {
@@ -1386,7 +1348,7 @@ Return JavacardKeymaster4Device::finish(uint64_t operationHandle, const hi
                 outputPos = 2;
             } else {
                 LOG(DEBUG) << "sendDataCallback: update operation";
-                if(findTag(inParams, Tag::ASSOCIATED_DATA)) {
+                if (findTag(inParams, Tag::ASSOCIATED_DATA)) {
                     aadTag = true;
                 }
                 cborConverter_.addKeyparameters(array, inParams);
@@ -1400,85 +1362,87 @@ Return JavacardKeymaster4Device::finish(uint64_t operationHandle, const hi
             std::vector cborData = array.encode();
             errorCode = sendData(ins, cborData, cborOutData);
 
-            if(errorCode == ErrorCode::OK) {
-                //Skip last 2 bytes in cborData, it contains status.
-                std::tie(item, errorCode) = decodeData(cborConverter_, std::vector(cborOutData.begin(), cborOutData.end()-2),
-                        true, oprCtx_);
+            if (errorCode == ErrorCode::OK) {
+                // Skip last 2 bytes in cborData, it contains status.
+                std::tie(item, errorCode) =
+                    decodeData(cborConverter_,
+                               std::vector(cborOutData.begin(), cborOutData.end() - 2),
+                               true, oprCtx_);
                 if (item != nullptr) {
-                    //There is a change that this finish callback may gets called multiple times if the input data size
-                    //is larger the MAX_ALLOWED_INPUT_SIZE (Refer OperationContext) so parse and get the outParams only
-                    //once. Otherwise there can be chance of duplicate entries in outParams. Use tempOut to collect all
-                    //the cipher text and finally copy it to the output. getBinaryArray function appends the new cipher
-                    //text at the end of the tempOut(std::vector).
-                    if((outParams.size() == 0 && !cborConverter_.getKeyParameters(item, keyParamPos, outParams)) ||
-                            !cborConverter_.getBinaryArray(item, outputPos, tempOut)) {
+                    // There is a change that this finish callback may gets called multiple times if
+                    // the input data size is larger the MAX_ALLOWED_INPUT_SIZE (Refer
+                    // OperationContext) so parse and get the outParams only once. Otherwise there
+                    // can be chance of duplicate entries in outParams. Use tempOut to collect all
+                    // the cipher text and finally copy it to the output. getBinaryArray function
+                    // appends the new cipher text at the end of the tempOut(std::vector).
+                    if ((outParams.size() == 0 &&
+                         !cborConverter_.getKeyParameters(item, keyParamPos, outParams)) ||
+                        !cborConverter_.getBinaryArray(item, outputPos, tempOut)) {
                         outParams.setToExternal(nullptr, 0);
                         tempOut.clear();
                         errorCode = ErrorCode::UNKNOWN_ERROR;
-                        LOG(ERROR) << "sendDataCallback: error while converting cbor data in operation: " << (int32_t)ins << " decodeData, status: " << (int32_t) errorCode;
+                        LOG(ERROR)
+                            << "sendDataCallback: error while converting cbor data in operation: "
+                            << (int32_t)ins << " decodeData, status: " << (int32_t)errorCode;
                     }
                 }
             }
             return errorCode;
         };
-        if(ErrorCode::OK == (errorCode = oprCtx_->finish(operationHandle, std::vector(input),
-                        sendDataCallback))) {
+        if (ErrorCode::OK ==
+            (errorCode =
+                 oprCtx_->finish(operationHandle, std::vector(input), sendDataCallback))) {
             output = tempOut;
         }
         if (ErrorCode::OK != errorCode) {
-            LOG(ERROR) << "Error in finish operation, status: " << (int32_t) errorCode;
+            LOG(ERROR) << "Error in finish operation, status: " << (int32_t)errorCode;
             abort(operationHandle);
         }
     }
     /* Delete the entry from operation table. */
     operationTable.erase(operationHandle);
     oprCtx_->clearOperationData(operationHandle);
-    LOG(DEBUG) << "finish operation, status: " << (int32_t) errorCode;
+    LOG(DEBUG) << "finish operation, status: " << (int32_t)errorCode;
     _hidl_cb(errorCode, outParams, output);
     return Void();
 }
 
-ErrorCode JavacardKeymaster4Device::abortPrivateKeyOperation(
-    uint64_t operationHandle) {
-  ErrorCode errorCode = ErrorCode::UNKNOWN_ERROR;
-  cppbor::Array array;
-  std::unique_ptr item;
-  std::vector cborOutData;
-
-  /* Convert input data to cbor format */
-  array.add(operationHandle);
-  std::vector cborData = array.encode();
-
-  errorCode =
-      sendData(Instruction::INS_ABORT_OPERATION_CMD, cborData, cborOutData);
-
-  if (errorCode == ErrorCode::OK) {
-    // Skip last 2 bytes in cborData, it contains status.
-    std::tie(item, errorCode) = decodeData(
-        cborConverter_,
-        std::vector(cborOutData.begin(), cborOutData.end() - 2), true,
-        oprCtx_);
-  }
-  return errorCode;
+ErrorCode JavacardKeymaster4Device::abortPrivateKeyOperation(uint64_t operationHandle) {
+    ErrorCode errorCode = ErrorCode::UNKNOWN_ERROR;
+    cppbor::Array array;
+    std::unique_ptr item;
+    std::vector cborOutData;
+
+    /* Convert input data to cbor format */
+    array.add(operationHandle);
+    std::vector cborData = array.encode();
+
+    errorCode = sendData(Instruction::INS_ABORT_OPERATION_CMD, cborData, cborOutData);
+
+    if (errorCode == ErrorCode::OK) {
+        // Skip last 2 bytes in cborData, it contains status.
+        std::tie(item, errorCode) = decodeData(
+            cborConverter_, std::vector(cborOutData.begin(), cborOutData.end() - 2), true,
+            oprCtx_);
+    }
+    return errorCode;
 }
 
-ErrorCode JavacardKeymaster4Device::abortPublicKeyOperation(
-    uint64_t operationHandle) {
-  ErrorCode errorCode = ErrorCode::UNKNOWN_ERROR;
-  AbortOperationRequest request;
-  request.op_handle = operationHandle;
+ErrorCode JavacardKeymaster4Device::abortPublicKeyOperation(uint64_t operationHandle) {
+    ErrorCode errorCode = ErrorCode::UNKNOWN_ERROR;
+    AbortOperationRequest request(softKm_->message_version());
+    request.op_handle = operationHandle;
 
-  AbortOperationResponse response;
-  softKm_->AbortOperation(request, &response);
+    AbortOperationResponse response(softKm_->message_version());
+    softKm_->AbortOperation(request, &response);
 
-  errorCode = legacy_enum_conversion(response.error);
-  return errorCode;
+    errorCode = legacy_enum_conversion(response.error);
+    return errorCode;
 }
 
 ErrorCode JavacardKeymaster4Device::abortOperation(uint64_t operationHandle,
                                                    OperationType operType) {
-    if (operType == OperationType::UNKNOWN)
-        return ErrorCode::UNKNOWN_ERROR;
+    if (operType == OperationType::UNKNOWN) return ErrorCode::UNKNOWN_ERROR;
 
     if (OperationType::PUBLIC_OPERATION == operType) {
         return abortPublicKeyOperation(operationHandle);
@@ -1490,20 +1454,20 @@ ErrorCode JavacardKeymaster4Device::abortOperation(uint64_t operationHandle,
 Return JavacardKeymaster4Device::abort(uint64_t operationHandle) {
     ErrorCode errorCode = ErrorCode::UNKNOWN_ERROR;
     OperationType operType = getOperationType(operationHandle);
-    if (OperationType::UNKNOWN == operType) { // operation handle not found
+    if (OperationType::UNKNOWN == operType) {  // operation handle not found
         LOG(ERROR) << " Operation handle is invalid. This could happen if invalid "
                       "operation handle is passed or if"
                    << " secure element reset occurred.";
         return ErrorCode::INVALID_OPERATION_HANDLE;
     }
 
-  errorCode = abortOperation(operationHandle, operType);
-  if (errorCode == ErrorCode::OK) {
-      /* Delete the entry on this operationHandle */
-      oprCtx_->clearOperationData(operationHandle);
-      operationTable.erase(operationHandle);
-  }
-  return errorCode;
+    errorCode = abortOperation(operationHandle, operType);
+    if (errorCode == ErrorCode::OK) {
+        /* Delete the entry on this operationHandle */
+        oprCtx_->clearOperationData(operationHandle);
+        operationTable.erase(operationHandle);
+    }
+    return errorCode;
 }
 
 // Methods from ::android::hardware::keymaster::V4_1::IKeymasterDevice follow.
@@ -1511,11 +1475,10 @@ Return<::android::hardware::keymaster::V4_1::ErrorCode> JavacardKeymaster4Device
     cppbor::Array array;
     std::unique_ptr item;
     std::vector cborOutData;
-    ::android::hardware::keymaster::V4_1::ErrorCode errorCode = ::android::hardware::keymaster::V4_1::ErrorCode::UNKNOWN_ERROR;
+    V41ErrorCode errorCode = V41ErrorCode::UNKNOWN_ERROR;
     std::vector asn1ParamsVerified;
-    ErrorCode ret = ErrorCode::UNKNOWN_ERROR;
 
-    if(ErrorCode::OK != (ret = encodeParametersVerified(verificationToken, asn1ParamsVerified))) {
+    if(V41ErrorCode::OK != (errorCode = static_cast(encodeParametersVerified(verificationToken, asn1ParamsVerified)))) {
         LOG(DEBUG) << "INS_DEVICE_LOCKED_CMD: Error in encodeParametersVerified, status: " << (int32_t) errorCode;
         return errorCode;
     }
@@ -1525,11 +1488,11 @@ Return<::android::hardware::keymaster::V4_1::ErrorCode> JavacardKeymaster4Device
     cborConverter_.addVerificationToken(array, verificationToken, asn1ParamsVerified);
     std::vector cborData = array.encode();
 
-    ret = sendData(Instruction::INS_DEVICE_LOCKED_CMD, cborData, cborOutData);
+    errorCode = static_cast(sendData(Instruction::INS_DEVICE_LOCKED_CMD, cborData, cborOutData));
 
-    if(ret == ErrorCode::OK) {
+    if(errorCode == V41ErrorCode::OK) {
         //Skip last 2 bytes in cborData, it contains status.
-        std::tie(item, errorCode) = decodeData<::android::hardware::keymaster::V4_1::ErrorCode>(
+        std::tie(item, errorCode) = decodeData(
                 cborConverter_, std::vector(cborOutData.begin(), cborOutData.end()-2), true, oprCtx_);
     }
     return errorCode;
@@ -1540,14 +1503,17 @@ Return<::android::hardware::keymaster::V4_1::ErrorCode> JavacardKeymaster4Device
     std::string message;
     std::vector cborOutData;
     std::vector cborInput;
-    ::android::hardware::keymaster::V4_1::ErrorCode errorCode = ::android::hardware::keymaster::V4_1::ErrorCode::UNKNOWN_ERROR;
+    V41ErrorCode errorCode = V41ErrorCode::UNKNOWN_ERROR;
 
-    ErrorCode ret = sendData(Instruction::INS_EARLY_BOOT_ENDED_CMD, cborInput, cborOutData);
+    errorCode = static_cast(sendData(Instruction::INS_EARLY_BOOT_ENDED_CMD, cborInput, cborOutData));
 
-    if(ret == ErrorCode::OK) {
+    if(errorCode == V41ErrorCode::OK) {
         //Skip last 2 bytes in cborData, it contains status.
-        std::tie(item, errorCode) = decodeData<::android::hardware::keymaster::V4_1::ErrorCode>(
+        std::tie(item, errorCode) = decodeData(
                 cborConverter_, std::vector(cborOutData.begin(), cborOutData.end()-2), true, oprCtx_);
+    } else {
+        // Incase of failure cache the event and send in the next immediate request to Applet.
+        isEarlyBootEventPending = true;
     }
     return errorCode;
 }
diff --git a/HAL/keymaster/4.1/JavacardOperationContext.cpp b/HAL/keymaster/4.1/JavacardOperationContext.cpp
index 7319cb3c..64c13c71 100644
--- a/HAL/keymaster/4.1/JavacardOperationContext.cpp
+++ b/HAL/keymaster/4.1/JavacardOperationContext.cpp
@@ -18,7 +18,7 @@
 #include 
 #include 
 
-#define MAX_ALLOWED_INPUT_SIZE 512
+#define MAX_ALLOWED_INPUT_SIZE 256
 #define AES_BLOCK_SIZE          16
 #define DES_BLOCK_SIZE           8
 #define RSA_INPUT_MSG_LEN      256
@@ -50,6 +50,10 @@ inline ErrorCode hidlParamSet2OperatinInfo(const hidl_vec& params,
             case Tag::BLOCK_MODE:
                 info.mode = static_cast(param.f.integer);
                 break;
+            case Tag::MAC_LENGTH:
+                // Convert to bytes.
+                info.macLength = (param.f.integer / 8);
+                break;
             default:
                 continue;
         }
@@ -61,12 +65,12 @@ ErrorCode OperationContext::setOperationInfo(uint64_t operationHandle, KeyPurpos
         const hidl_vec& params) {
     ErrorCode errorCode = ErrorCode::OK;
     OperationData data;
+    memset((void *)&data, 0, sizeof(OperationData));
     if(ErrorCode::OK != (errorCode = hidlParamSet2OperatinInfo(params, data.info))) {
         return errorCode;
     }
     data.info.purpose = purpose;
     data.info.alg = alg;
-    memset((void*)&(data.data), 0x00, sizeof(data.data));
     operationTable[operationHandle] = data;
     return ErrorCode::OK;
 }
@@ -112,9 +116,7 @@ ErrorCode OperationContext::validateInputData(uint64_t operHandle, Operation opr
         //combine both the data in a single buffer. This helps in making sure that no data is left out in the buffer after
         //finish opertion.
         if((oprData.data.buf_len+actualInput.size()) > MAX_ALLOWED_INPUT_SIZE) {
-            for(size_t i = 0; i < oprData.data.buf_len; ++i) {
-                input.push_back(oprData.data.buf[i]);
-            }
+            input.insert(input.end(), oprData.data.buf, oprData.data.buf + oprData.data.buf_len);
             input.insert(input.end(), actualInput.begin(), actualInput.end());
             //As buffered data is already consumed earse the buffer.
             if(oprData.data.buf_len != 0) {
@@ -145,20 +147,20 @@ ErrorCode OperationContext::update(uint64_t operHandle, const std::vector newInput(first, end);
-            if(ErrorCode::OK != (errorCode = handleInternalUpdate(operHandle, newInput.data(), newInput.size(),
+            if(ErrorCode::OK != (errorCode = handleInternalUpdate(operHandle, newInput,
                             Operation::Update, cb))) {
                 return errorCode;
             }
         }
         if(extraData > 0) {
             std::vector finalInput(input.cend()-extraData, input.cend());
-            if(ErrorCode::OK != (errorCode = handleInternalUpdate(operHandle, finalInput.data(), finalInput.size(), 
+            if(ErrorCode::OK != (errorCode = handleInternalUpdate(operHandle, finalInput, 
                             Operation::Update, cb))) {
                 return errorCode;
             }
         }
     } else {
-        if(ErrorCode::OK != (errorCode = handleInternalUpdate(operHandle, input.data(), input.size(), 
+        if(ErrorCode::OK != (errorCode = handleInternalUpdate(operHandle, input, 
                         Operation::Update, cb))) {
             return errorCode;
         }
@@ -183,13 +185,13 @@ ErrorCode OperationContext::finish(uint64_t operHandle, const std::vector newInput(first, end);
             if(extraData == 0 && (i == noOfChunks - 1)) {
                 //Last chunk
-                if(ErrorCode::OK != (errorCode = handleInternalUpdate(operHandle, newInput.data(), newInput.size(),
+                if(ErrorCode::OK != (errorCode = handleInternalUpdate(operHandle, newInput,
                                 Operation::Finish, cb, true))) {
                     return errorCode;
                 }
 
             } else {
-                if(ErrorCode::OK != (errorCode = handleInternalUpdate(operHandle, newInput.data(), newInput.size(),
+                if(ErrorCode::OK != (errorCode = handleInternalUpdate(operHandle, newInput,
                                 Operation::Update, cb))) {
                     return errorCode;
                 }
@@ -197,13 +199,13 @@ ErrorCode OperationContext::finish(uint64_t operHandle, const std::vector 0) {
             std::vector finalInput(input.cend()-extraData, input.cend());
-            if(ErrorCode::OK != (errorCode = handleInternalUpdate(operHandle, finalInput.data(), finalInput.size(), 
+            if(ErrorCode::OK != (errorCode = handleInternalUpdate(operHandle, finalInput, 
                             Operation::Finish, cb, true))) {
                 return errorCode;
             }
         }
     } else {
-        if(ErrorCode::OK != (errorCode = handleInternalUpdate(operHandle, input.data(), input.size(), 
+        if(ErrorCode::OK != (errorCode = handleInternalUpdate(operHandle, input, 
                         Operation::Finish, cb, true))) {
             return errorCode;
         }
@@ -213,22 +215,23 @@ ErrorCode OperationContext::finish(uint64_t operHandle, const std::vector& input,
         Operation opr, std::vector& out) {
-    size_t dataToSELen = 0;/*Length of the data to be send to the Applet.*/
-    size_t inputConsumed = 0;/*Length of the data consumed from input */
-    size_t blockSize = 0;
     BufferedData& data = operationTable[operHandle].data;
+    int dataToSELen = 0;/*Length of the data to be send to the Applet.*/
+    int inputConsumed = 0;/*Length of the data consumed from input */
+    int bufferLengthConsumed = 0; /* Length of the data consumed from Buffer */
+    int blockSize = 0;
     int bufIndex = data.buf_len;
     if(Algorithm::AES == operationTable[operHandle].info.alg) {
         blockSize = AES_BLOCK_SIZE;
@@ -240,33 +243,43 @@ ErrorCode OperationContext::getBlockAlignedData(uint64_t operHandle, uint8_t* in
 
     if(opr == Operation::Finish) {
         //Copy the buffer to be send to SE.
-        for(int i = 0; i < data.buf_len; i++)
-        {
-            out.push_back(data.buf[i]);
-        }
-        dataToSELen = data.buf_len + input_len;
+        out.insert(out.end(), data.buf, data.buf + data.buf_len);
+        dataToSELen = data.buf_len + input.size();
+        bufferLengthConsumed  = data.buf_len;
     } else {
         /*Update */
         //Calculate the block sized length on combined input of both buffered data and input data.
-        size_t blockAlignedLen = ((data.buf_len + input_len)/blockSize) * blockSize;
-        //For symmetric ciphers, decryption operation and PKCS7 padding mode or AES GCM operation save the last 16 bytes
-        //of block and send this block in finish operation. This is done to make sure that there will be always a 16
-        //bytes of data left for finish operation so that javacard Applet may remove PKCS7 padding if any or get the tag
-        //data for AES GCM operation for authentication purpose.
-        if(((operationTable[operHandle].info.alg == Algorithm::AES) || 
-                    (operationTable[operHandle].info.alg == Algorithm::TRIPLE_DES)) &&
-                (operationTable[operHandle].info.pad == PaddingMode::PKCS7 ||
-                 operationTable[operHandle].info.mode == BlockMode::GCM) &&
-                (operationTable[operHandle].info.purpose == KeyPurpose::DECRYPT)) {
-            if(blockAlignedLen >= blockSize) blockAlignedLen -= blockSize;
+        // AES/TDES, Encrypt/Decrypt PKCS7 Padding:
+        //     Buffer till blockSize of data is received.
+        // AES GCM Decrypt:
+        //     Buffer tag length bytes of data.
+        if (operationTable[operHandle].info.pad == PaddingMode::PKCS7) {
+            if (operationTable[operHandle].info.purpose == KeyPurpose::DECRYPT) {
+                /* Buffer till we receive more than blockSize of data of atleast one byte*/
+                dataToSELen = ((data.buf_len + input.size()) / blockSize) * blockSize;
+                int remaining = ((data.buf_len + input.size()) % blockSize);
+                if (dataToSELen >= blockSize && remaining == 0) {
+                    dataToSELen -= blockSize;
+                }
+            } else { // Encrypt
+                dataToSELen = ((data.buf_len + input.size()) / blockSize) * blockSize;
+            }
+        } else if (operationTable[operHandle].info.mode == BlockMode::GCM &&
+            operationTable[operHandle].info.purpose == KeyPurpose::DECRYPT) {
+            /* Always Buffer mac length bytes */
+            dataToSELen = 0;
+            if ((data.buf_len + input.size()) > operationTable[operHandle].info.macLength) {
+                dataToSELen = (data.buf_len + input.size()) - operationTable[operHandle].info.macLength;
+            }
+        } else {
+            /* No Buffering */
+            dataToSELen = input.size();
         }
         //Copy data to be send to SE from buffer, only if atleast a minimum block aligned size is available.
-        if(blockAlignedLen >= blockSize) {
-            for(size_t pos = 0; pos < std::min(blockAlignedLen, data.buf_len); pos++) {
-                out.push_back(data.buf[pos]);
-            }
+        if(dataToSELen > 0) {
+            bufferLengthConsumed = (dataToSELen > data.buf_len) ? data.buf_len : dataToSELen;
+            out.insert(out.end(), data.buf, data.buf + bufferLengthConsumed);
         }
-        dataToSELen = blockAlignedLen;
     }
 
     if(dataToSELen > 0) {
@@ -276,17 +289,16 @@ ErrorCode OperationContext::getBlockAlignedData(uint64_t operHandle, uint8_t* in
         //data i.e. AES/TDES Decryption with PKC7Padding or AES GCM Decryption operations.
         inputConsumed = (data.buf_len > dataToSELen) ? 0 : (dataToSELen - data.buf_len);
 
-        //Copy the buffer to be send to SE.
-        for(int i = 0; i < inputConsumed; i++)
-        {
-            out.push_back(input[i]);
+        // Copy the buffer to be send to SE.
+        if (inputConsumed > 0) {
+            out.insert(out.end(), input.begin(), input.begin() + inputConsumed);
         }
 
-        if(data.buf_len > dataToSELen) {
-            //Only blockAlignedLen data is consumed from buffer so reorder the buffer data.
-            memcpy(data.buf, data.buf+dataToSELen, data.buf_len-dataToSELen);
-            memset(data.buf+dataToSELen, 0x00, data.buf_len-dataToSELen);
-            data.buf_len -= dataToSELen;
+        if (bufferLengthConsumed < data.buf_len) {
+            // Only a portion of data is consumed from buffer so reorder the buffer data.
+            memmove(data.buf, (data.buf + bufferLengthConsumed), (data.buf_len - bufferLengthConsumed));
+            memset((data.buf + data.buf_len - bufferLengthConsumed), 0x00, bufferLengthConsumed);
+            data.buf_len -= bufferLengthConsumed;
             bufIndex = data.buf_len;
         } else {
             // All the data is consumed so clear buffer
@@ -298,22 +310,19 @@ ErrorCode OperationContext::getBlockAlignedData(uint64_t operHandle, uint8_t* in
     }
 
     //Store the remaining buffer for later use.
-    data.buf_len += (input_len - inputConsumed);
-    for(int i = 0; i < (input_len - inputConsumed); i++)
-    {
-        data.buf[bufIndex+i] = input[inputConsumed+i];
-    }
+    data.buf_len += (input.size() - inputConsumed);
+    std::copy(input.begin() + inputConsumed, input.end(), data.buf + bufIndex);
     return ErrorCode::OK;
 }
 
-ErrorCode OperationContext::handleInternalUpdate(uint64_t operHandle, uint8_t* data, size_t len, Operation opr,
+ErrorCode OperationContext::handleInternalUpdate(uint64_t operHandle, std::vector& data, Operation opr,
         sendDataToSE_cb cb, bool finish) {
     ErrorCode errorCode = ErrorCode::OK;
     std::vector out;
     if(Algorithm::AES == operationTable[operHandle].info.alg ||
             Algorithm::TRIPLE_DES == operationTable[operHandle].info.alg) {
         /*Symmetric */
-        if(ErrorCode::OK != (errorCode = getBlockAlignedData(operHandle, data, len,
+        if(ErrorCode::OK != (errorCode = bufferData(operHandle, data,
                         opr, out))) {
             return errorCode;
         }
@@ -335,13 +344,9 @@ ErrorCode OperationContext::handleInternalUpdate(uint64_t operHandle, uint8_t* d
             //update call and send it to SE in finish call.
             if(finish) {
                 //If finish flag is true all the data has to be sent to javacard.
-                size_t i = 0;
-                for(; i < operationTable[operHandle].data.buf_len; ++i) {
-                    out.push_back(operationTable[operHandle].data.buf[i]);
-                }
-                for(i = 0; i < len; ++i) {
-                    out.push_back(data[i]);
-                }
+                out.insert(out.end(), operationTable[operHandle].data.buf, operationTable[operHandle].data.buf + 
+                    operationTable[operHandle].data.buf_len);
+                out.insert(out.end(), data.begin(), data.end());
                 //As buffered data is already consumed earse the buffer.
                 if(operationTable[operHandle].data.buf_len != 0) {
                     memset(operationTable[operHandle].data.buf, 0x00, sizeof(operationTable[operHandle].data.buf));
@@ -355,21 +360,14 @@ ErrorCode OperationContext::handleInternalUpdate(uint64_t operHandle, uint8_t* d
                 //256 and for EC it should not be more than 32. This validation is already happening in
                 //validateInputData function.
                 size_t bufIndex = operationTable[operHandle].data.buf_len;
-                size_t pos = 0;
-                for(; pos < len; ++pos)
-                {
-                    operationTable[operHandle].data.buf[bufIndex+pos] = data[pos];
-                }
-                operationTable[operHandle].data.buf_len += pos;
+                std::copy(data.begin(), data.end(), operationTable[operHandle].data.buf + bufIndex);
+                operationTable[operHandle].data.buf_len += data.size();
             }
         } else { /* With Digest */
-            for(size_t j=0; j < len; ++j)
-            {
-                out.push_back(data[j]);
-            }
+            out.insert(out.end(), data.begin(), data.end());
             //if len=0, then no need to call the callback, since there is no information to be send to javacard,
             // but if finish flag is true irrespective of length the callback should be called.
-            if(len != 0 || finish) {
+            if(!out.empty() || finish) {
                 if(ErrorCode::OK != (errorCode = cb(out, finish))) {
                     return errorCode;
                 }
diff --git a/HAL/keymaster/4.1/JavacardSoftKeymasterContext.cpp b/HAL/keymaster/4.1/JavacardSoftKeymasterContext.cpp
index 8f9905af..bbdfba28 100644
--- a/HAL/keymaster/4.1/JavacardSoftKeymasterContext.cpp
+++ b/HAL/keymaster/4.1/JavacardSoftKeymasterContext.cpp
@@ -35,7 +35,7 @@ using ::keymaster::V4_1::javacard::KmParamSet;
 namespace keymaster {
 
 JavaCardSoftKeymasterContext::JavaCardSoftKeymasterContext(keymaster_security_level_t security_level)
-    : PureSoftKeymasterContext(security_level) {}
+    : PureSoftKeymasterContext(KmVersion::KEYMASTER_4_1, security_level) {}
 
 JavaCardSoftKeymasterContext::~JavaCardSoftKeymasterContext() {}
 
diff --git a/HAL/keymaster/4.1/SocketTransport.cpp b/HAL/keymaster/4.1/SocketTransport.cpp
index 331a00b1..e060262f 100644
--- a/HAL/keymaster/4.1/SocketTransport.cpp
+++ b/HAL/keymaster/4.1/SocketTransport.cpp
@@ -22,7 +22,7 @@
 #include 
 
 #define PORT    8080
-#define IPADDR  "10.9.40.24"
+#define IPADDR  "192.168.0.29"
 //#define IPADDR  "192.168.0.5"
 #define MAX_RECV_BUFFER_SIZE 2500
 
@@ -30,6 +30,11 @@ namespace se_transport {
 
 bool SocketTransport::openConnection() {
 	struct sockaddr_in serv_addr;
+
+        if(mSocketStatus){
+          closeConnection();
+        }
+
 	if ((mSocket = socket(AF_INET, SOCK_STREAM, 0)) < 0)
 	{
         LOG(ERROR) << "Socket creation failed" << " Error: "<& output) {
     uint8_t buffer[MAX_RECV_BUFFER_SIZE];
     int count = 1;
-    while(!socketStatus && count++ < 5 ) {
+    bool sendStatus = false;
+    while(!mSocketStatus && count++ < 5 ) {
         sleep(1);
         LOG(ERROR) << "Trying to open socket connection... count: " << count;
         openConnection();
@@ -67,22 +74,24 @@ bool SocketTransport::sendData(const uint8_t* inData, const size_t inLen, std::v
 
     if(count >= 5) {
         LOG(ERROR) << "Failed to open socket connection";
+        closeConnection();
         return false;
     }
 
-	if (0 > send(mSocket, inData, inLen , 0 )) {
+    if (send(mSocket, inData, inLen , 0)< 0) {
         static int connectionResetCnt = 0; /* To avoid loop */
         if (ECONNRESET == errno && connectionResetCnt == 0) {
             //Connection reset. Try open socket and then sendData.
-            socketStatus = false;
+            closeConnection();
             connectionResetCnt++;
-            return sendData(inData, inLen, output);
+            sendStatus =  sendData(inData, inLen, output);
+            return sendStatus; 
         }
         LOG(ERROR) << "Failed to send data over socket err: " << errno;
         connectionResetCnt = 0;
         return false;
     }
-	ssize_t valRead = read( mSocket , buffer, MAX_RECV_BUFFER_SIZE);
+    ssize_t valRead = read( mSocket , buffer, MAX_RECV_BUFFER_SIZE);
     if(0 > valRead) {
         LOG(ERROR) << "Failed to read data from socket.";
     }
@@ -93,13 +102,14 @@ bool SocketTransport::sendData(const uint8_t* inData, const size_t inLen, std::v
 }
 
 bool SocketTransport::closeConnection() {
-    close(mSocket);
-    socketStatus = false;
+    if(mSocketStatus)
+      close(mSocket);
+    mSocketStatus = false;
     return true;
 }
 
 bool SocketTransport::isConnected() {
-    return socketStatus;
+    return mSocketStatus;
 }
 
 }
diff --git a/HAL/keymaster/4.1/android.hardware.keymaster@4.1-javacard.service.rc b/HAL/keymaster/4.1/android.hardware.keymaster@4.1-javacard.service.rc
deleted file mode 100644
index 556ffd1d..00000000
--- a/HAL/keymaster/4.1/android.hardware.keymaster@4.1-javacard.service.rc
+++ /dev/null
@@ -1,6 +0,0 @@
-service android.hardware.keymaster@4.1-javacard.service /vendor/bin/hw/android.hardware.keymaster@4.1-javacard.service
-    interface android.hardware.keymaster@4.0::IKeymasterDevice default
-    interface android.hardware.keymaster@4.1::IKeymasterDevice default
-    class early_hal
-    user system
-    group system drmrpc
diff --git a/HAL/keymaster/4.1/android.hardware.keymaster@4.1-strongbox.service.rc b/HAL/keymaster/4.1/android.hardware.keymaster@4.1-strongbox.service.rc
new file mode 100644
index 00000000..8ccde380
--- /dev/null
+++ b/HAL/keymaster/4.1/android.hardware.keymaster@4.1-strongbox.service.rc
@@ -0,0 +1,6 @@
+service android.hardware.keymaster@4.1-strongbox.service /vendor/bin/hw/android.hardware.keymaster@4.1-strongbox.service
+    interface android.hardware.keymaster@4.0::IKeymasterDevice strongbox
+     interface android.hardware.keymaster@4.1::IKeymasterDevice strongbox
+    class early_hal
+    user system
+    group system drmrpc
diff --git a/HAL/keymaster/4.1/android.hardware.keymaster@4.1-javacard.service.xml b/HAL/keymaster/4.1/android.hardware.keymaster@4.1-strongbox.service.xml
similarity index 75%
rename from HAL/keymaster/4.1/android.hardware.keymaster@4.1-javacard.service.xml
rename to HAL/keymaster/4.1/android.hardware.keymaster@4.1-strongbox.service.xml
index 83fccabe..b82da1e6 100644
--- a/HAL/keymaster/4.1/android.hardware.keymaster@4.1-javacard.service.xml
+++ b/HAL/keymaster/4.1/android.hardware.keymaster@4.1-strongbox.service.xml
@@ -2,6 +2,6 @@
   
     android.hardware.keymaster
     hwbinder
-    @4.1::IKeymasterDevice/javacard
+    @4.1::IKeymasterDevice/strongbox
   
 
diff --git a/HAL/keymaster/4.1/android.hardware.strongbox_keystore.xml b/HAL/keymaster/4.1/android.hardware.strongbox_keystore.xml
new file mode 100644
index 00000000..4418ca77
--- /dev/null
+++ b/HAL/keymaster/4.1/android.hardware.strongbox_keystore.xml
@@ -0,0 +1,17 @@
+
+
+
+
+    
+    
+
diff --git a/HAL/keymaster/4.1/service.cpp b/HAL/keymaster/4.1/service.cpp
index 75ed2510..cd7653d0 100644
--- a/HAL/keymaster/4.1/service.cpp
+++ b/HAL/keymaster/4.1/service.cpp
@@ -23,10 +23,9 @@
 int main() {
     ::android::hardware::configureRpcThreadpool(1, true);
     auto keymaster = new ::keymaster::V4_1::javacard::JavacardKeymaster4Device();
-
-    auto status = keymaster->registerAsService("javacard");
+    auto status = keymaster->registerAsService("strongbox");
     if (status != android::OK) {
-        LOG(FATAL) << "Could not register service for Keymaster 4.1 (" << status << ")";
+        LOG(FATAL) << "Could not register service for Javacard Keymaster 4.1 (" << status << ")";
         return -1;
     }
 
diff --git a/HAL/keymaster/Android.bp b/HAL/keymaster/Android.bp
index 92e3be8f..9bfe7faa 100644
--- a/HAL/keymaster/Android.bp
+++ b/HAL/keymaster/Android.bp
@@ -15,11 +15,11 @@
 
 
 cc_binary {
-    name: "android.hardware.keymaster@4.1-javacard.service",
+    name: "android.hardware.keymaster@4.1-strongbox.service",
     relative_install_path: "hw",
     vendor: true,
-    init_rc: ["4.1/android.hardware.keymaster@4.1-javacard.service.rc"],
-    vintf_fragments: ["4.1/android.hardware.keymaster@4.1-javacard.service.xml"],
+    init_rc: ["4.1/android.hardware.keymaster@4.1-strongbox.service.rc"],
+    vintf_fragments: ["4.1/android.hardware.keymaster@4.1-strongbox.service.xml"],
     srcs: [
         "4.1/service.cpp",
         "4.1/JavacardKeymaster4Device.cpp",
@@ -38,23 +38,19 @@ cc_binary {
         "libhardware",
         "libhidlbase",
         "libsoftkeymasterdevice",
+	"libsoft_attestation_cert",
         "libkeymaster_messages",
         "libkeymaster_portable",
-        "libcppbor",
+        "libcppbor_external",
         "android.hardware.keymaster@4.1",
         "android.hardware.keymaster@4.0",
         "libjc_transport",
         "libjc_common",
         "libcrypto",
     ],
-    arch: {
-        x86_64: {
-            cflags: ["-DVTS_EMULATOR"],
-        },
-        x86: {
-            cflags: ["-DVTS_EMULATOR"],
-        },
-    },
+    required: [
+        "android.hardware.strongbox_keystore.xml",
+    ],
 }
 
 cc_library {
@@ -77,24 +73,21 @@ cc_library {
         "libutils",
         "libhardware",
         "libhidlbase",
-	    "libsoftkeymasterdevice",
+        "libsoftkeymasterdevice",
+	"libsoft_attestation_cert",
         "libkeymaster_messages",
-	    "libkeymaster_portable",
-        "libcppbor",
+        "libkeymaster_portable",
+        "libcppbor_external",
         "android.hardware.keymaster@4.1",
         "android.hardware.keymaster@4.0",
         "libjc_transport",
-	    "libcrypto",
+	"libcrypto",
     ],
 }
 
 cc_library {
     name: "libjc_transport",
-    host_supported: true,
     vendor_available: true,
-    vndk: {
-        enabled: true,
-    },
 
     srcs: [
         "4.1/SocketTransport.cpp",
@@ -131,12 +124,20 @@ cc_library {
         "libutils",
         "libhardware",
         "libhidlbase",
-	    "libsoftkeymasterdevice",
+	"libsoftkeymasterdevice",
+	"libsoft_attestation_cert",
         "libkeymaster_messages",
-	    "libkeymaster_portable",
-        "libcppbor",
+	"libkeymaster_portable",
+        "libcppbor_external",
         "android.hardware.keymaster@4.1",
         "android.hardware.keymaster@4.0",
-	    "libcrypto",
+	"libcrypto",
     ],
 }
+
+prebuilt_etc {
+    name: "android.hardware.strongbox_keystore.xml",
+    sub_dir: "permissions",
+    vendor: true,
+    src: "4.1/android.hardware.strongbox_keystore.xml",
+}
diff --git a/HAL/keymaster/include/CommonUtils.h b/HAL/keymaster/include/CommonUtils.h
index b6612741..8fd247f7 100644
--- a/HAL/keymaster/include/CommonUtils.h
+++ b/HAL/keymaster/include/CommonUtils.h
@@ -59,9 +59,7 @@ inline keymaster_tag_type_t typeFromTag(const keymaster_tag_t tag) {
 }
 
 inline hidl_vec kmBuffer2hidlVec(const ::keymaster::Buffer& buf) {
-    hidl_vec result;
-    result.setToExternal(const_cast(buf.peek_read()), buf.available_read());
-    return result;
+    return hidl_vec(buf.begin(), buf.end());
 }
 
 inline void blob2Vec(const uint8_t *from, size_t size, std::vector& to) {
@@ -71,9 +69,7 @@ inline void blob2Vec(const uint8_t *from, size_t size, std::vector& to)
 }
 
 inline hidl_vec kmBlob2hidlVec(const keymaster_blob_t& blob) {
-    hidl_vec result;
-    result.setToExternal(const_cast(blob.data), blob.data_length);
-    return result;
+   return hidl_vec(blob.data, blob.data+blob.data_length);
 }
 
 keymaster_key_param_set_t hidlKeyParams2Km(const hidl_vec& keyParams);
diff --git a/HAL/keymaster/include/JavacardKeymaster4Device.h b/HAL/keymaster/include/JavacardKeymaster4Device.h
index ddb6b24a..617457b1 100644
--- a/HAL/keymaster/include/JavacardKeymaster4Device.h
+++ b/HAL/keymaster/include/JavacardKeymaster4Device.h
@@ -24,6 +24,8 @@
 #include 
 #include "CborConverter.h"
 #include "TransportFactory.h"
+#include 
+#include 
 #include 
 #include 
 #include 
@@ -32,6 +34,9 @@
 namespace keymaster {
 namespace V4_1 {
 namespace javacard {
+#define INS_BEGIN_KM_CMD 0x00
+#define INS_END_KM_PROVISION_CMD 0x20
+#define INS_END_KM_CMD 0x7F
 
 using ::android::hardware::hidl_vec;
 using ::android::hardware::hidl_string;
@@ -62,6 +67,33 @@ enum class OperationType {
     UNKNOWN = 2,
 };
 
+enum class Instruction {
+    // Keymaster commands
+    INS_GENERATE_KEY_CMD = INS_END_KM_PROVISION_CMD+1,
+    INS_IMPORT_KEY_CMD = INS_END_KM_PROVISION_CMD+2,
+    INS_IMPORT_WRAPPED_KEY_CMD = INS_END_KM_PROVISION_CMD+3,
+    INS_EXPORT_KEY_CMD = INS_END_KM_PROVISION_CMD+4,
+    INS_ATTEST_KEY_CMD = INS_END_KM_PROVISION_CMD+5,
+    INS_UPGRADE_KEY_CMD = INS_END_KM_PROVISION_CMD+6,
+    INS_DELETE_KEY_CMD = INS_END_KM_PROVISION_CMD+7,
+    INS_DELETE_ALL_KEYS_CMD = INS_END_KM_PROVISION_CMD+8,
+    INS_ADD_RNG_ENTROPY_CMD = INS_END_KM_PROVISION_CMD+9,
+    INS_COMPUTE_SHARED_HMAC_CMD = INS_END_KM_PROVISION_CMD+10,
+    INS_DESTROY_ATT_IDS_CMD = INS_END_KM_PROVISION_CMD+11,
+    INS_VERIFY_AUTHORIZATION_CMD = INS_END_KM_PROVISION_CMD+12,
+    INS_GET_HMAC_SHARING_PARAM_CMD = INS_END_KM_PROVISION_CMD+13,
+    INS_GET_KEY_CHARACTERISTICS_CMD = INS_END_KM_PROVISION_CMD+14,
+    INS_GET_HW_INFO_CMD = INS_END_KM_PROVISION_CMD+15,
+    INS_BEGIN_OPERATION_CMD = INS_END_KM_PROVISION_CMD+16,
+    INS_UPDATE_OPERATION_CMD = INS_END_KM_PROVISION_CMD+17,
+    INS_FINISH_OPERATION_CMD = INS_END_KM_PROVISION_CMD+18,
+    INS_ABORT_OPERATION_CMD = INS_END_KM_PROVISION_CMD+19,
+    INS_DEVICE_LOCKED_CMD = INS_END_KM_PROVISION_CMD+20,
+    INS_EARLY_BOOT_ENDED_CMD = INS_END_KM_PROVISION_CMD+21,
+    INS_GET_CERT_CHAIN_CMD = INS_END_KM_PROVISION_CMD+22,
+    INS_GET_PROVISION_STATUS_CMD = INS_BEGIN_KM_CMD+7,
+    INS_SET_VERSION_PATCHLEVEL_CMD = INS_BEGIN_KM_CMD+8,
+};
 
 class JavacardKeymaster4Device : public IKeymasterDevice {
   public:
@@ -94,38 +126,39 @@ class JavacardKeymaster4Device : public IKeymasterDevice {
     Return deviceLocked(bool passwordOnly, const VerificationToken& verificationToken) override;
     Return earlyBootEnded() override;
 
-protected:
-    CborConverter cborConverter_;
-
- private:
-    ErrorCode handleBeginPublicKeyOperation(
-            KeyPurpose purpose, const hidl_vec& keyBlob,
-            const hidl_vec& inParams, hidl_vec& outParams,
-            uint64_t& operationHandle);
+  private:
+    ErrorCode handleBeginPublicKeyOperation(KeyPurpose purpose, const hidl_vec& keyBlob,
+                                            const hidl_vec& inParams,
+                                            hidl_vec& outParams,
+                                            uint64_t& operationHandle);
 
-    ErrorCode handleBeginPrivateKeyOperation(
-            KeyPurpose purpose, const hidl_vec& keyBlob,
-            const hidl_vec& inParams,
-            const HardwareAuthToken& authToken, hidl_vec& outParams,
-            uint64_t& operationHandle);
+    ErrorCode handleBeginPrivateKeyOperation(KeyPurpose purpose, const hidl_vec& keyBlob,
+                                             const hidl_vec& inParams,
+                                             const HardwareAuthToken& authToken,
+                                             hidl_vec& outParams,
+                                             uint64_t& operationHandle);
 
-    ErrorCode handleBeginOperation(KeyPurpose purpose,
-                                   const hidl_vec& keyBlob,
+    ErrorCode handleBeginOperation(KeyPurpose purpose, const hidl_vec& keyBlob,
                                    const hidl_vec& inParams,
                                    const HardwareAuthToken& authToken,
-                                   hidl_vec& outParams,
-                                   uint64_t& operationHandle,
+                                   hidl_vec& outParams, uint64_t& operationHandle,
                                    OperationType& operType);
- 
+
     ErrorCode abortOperation(uint64_t operationHandle, OperationType operType);
 
     ErrorCode abortPublicKeyOperation(uint64_t operationHandle);
 
     ErrorCode abortPrivateKeyOperation(uint64_t operationHandle);
 
+    ErrorCode sendData(Instruction ins, std::vector& inData, std::vector& response);
+    ErrorCode setAndroidSystemProperties();
+    void handleSendEarlyBootEndedEvent();
+
     std::unique_ptr<::keymaster::AndroidKeymaster> softKm_;
     std::unique_ptr oprCtx_;
     bool isEachSystemPropertySet;
+    bool isEarlyBootEventPending;
+    CborConverter cborConverter_;
 };
 
 }  // namespace javacard
diff --git a/HAL/keymaster/include/JavacardOperationContext.h b/HAL/keymaster/include/JavacardOperationContext.h
index 53d08dd9..0d452c67 100644
--- a/HAL/keymaster/include/JavacardOperationContext.h
+++ b/HAL/keymaster/include/JavacardOperationContext.h
@@ -49,7 +49,7 @@ enum class Operation;
  */
 struct BufferedData {
     uint8_t buf[MAX_BUF_SIZE];
-    size_t buf_len;
+    uint32_t buf_len;
 };
 
 /**
@@ -61,6 +61,7 @@ struct OperationInfo {
     Digest digest;
     PaddingMode pad;
     BlockMode mode;
+    uint32_t macLength;
 };
 
 /**
@@ -136,14 +137,14 @@ class OperationContext {
      * reamining data for update calls only. For finish calls it extracts all the buffered data combines it with
      * input data.
      */
-    ErrorCode getBlockAlignedData(uint64_t operHandle, uint8_t* input, size_t input_len, Operation opr, std::vector&
-            out);
+    ErrorCode bufferData(uint64_t operHandle, std::vector& input,
+        Operation opr, std::vector& out);
     /**
      * This function sends the data back to the caller using callback functions. It does some processing on input data
      * for Asymmetic operations.
      */
-    ErrorCode handleInternalUpdate(uint64_t operHandle, uint8_t* data, size_t len, Operation opr,
-        sendDataToSE_cb cb, bool finish=false);
+    ErrorCode handleInternalUpdate(uint64_t operHandle, std::vector& data, Operation opr,
+        sendDataToSE_cb cb, bool finish = false);
 
 };
 
diff --git a/HAL/keymaster/include/JavacardSoftKeymasterContext.h b/HAL/keymaster/include/JavacardSoftKeymasterContext.h
index 0fa2d711..8cdeab92 100644
--- a/HAL/keymaster/include/JavacardSoftKeymasterContext.h
+++ b/HAL/keymaster/include/JavacardSoftKeymasterContext.h
@@ -18,7 +18,7 @@
 #define SYSTEM_KEYMASTER_JAVA_CARD_SOFT_KEYMASTER_CONTEXT_H_
 
 #include 
-
+#include 
 namespace keymaster {
 
 class SoftKeymasterKeyRegistrations;
diff --git a/HAL/keymaster/include/Transport.h b/HAL/keymaster/include/Transport.h
index 25294102..c6674dca 100644
--- a/HAL/keymaster/include/Transport.h
+++ b/HAL/keymaster/include/Transport.h
@@ -64,6 +64,7 @@ class OmapiTransport : public ITransport {
      * Transmists the data over the opened basic channel and receives the data back.
      */
     bool sendData(const uint8_t* inData, const size_t inLen, std::vector& output) override;
+
     /**
      * Closes the connection.
      */
@@ -79,7 +80,7 @@ class OmapiTransport : public ITransport {
 class SocketTransport : public ITransport {
 
 public:
-    SocketTransport() : mSocket(-1), socketStatus(false) {
+    SocketTransport() : mSocket(-1), mSocketStatus(false){
     }
     /**
      * Creates a socket instance and connects to the provided server IP and port.
@@ -89,6 +90,7 @@ class SocketTransport : public ITransport {
      * Sends data over socket and receives data back.
      */
     bool sendData(const uint8_t* inData, const size_t inLen, std::vector& output) override;
+
     /**
      * Closes the connection.
      */
@@ -103,8 +105,7 @@ class SocketTransport : public ITransport {
      * Socket instance.
      */
     int mSocket;
-    bool socketStatus;
-
+    bool mSocketStatus;
 };
 
 }
diff --git a/ProvisioningTool/Android.bp b/ProvisioningTool/Android.bp
deleted file mode 100644
index ad1ee2d1..00000000
--- a/ProvisioningTool/Android.bp
+++ /dev/null
@@ -1,68 +0,0 @@
-// Copyright (C) 2020 The Android Open Source Project
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-//
-
-
-cc_binary {
-    name: "provision_tool",
-    vendor: true,
-    relative_install_path: "hw",
-    srcs: [
-        "ProvisionTool.cpp",
-    ],
-    shared_libs: [
-        "libdl",
-        "libcutils",
-        "libutils",
-        "libbase",
-        "libhardware",
-        "libhidlbase",
-        "libkeymaster_messages",
-        "libkeymaster_portable",
-        "android.hardware.keymaster@4.1",
-        "android.hardware.keymaster@4.0",
-        "libcppbor",
-        "libjc_transport",
-        "libcrypto",
-        "libjsoncpp",
-        "libjc_common",
-        "libjc_provision",
-    ],
-}
-
-cc_library {
-    name: "libjc_provision",
-    vendor_available: true,
-    srcs: [
-        "Provision.cpp",
-    ],
-    shared_libs: [
-        "liblog",
-        "libcutils",
-        "libdl",
-        "libbase",
-        "libutils",
-        "libhardware",
-        "libhidlbase",
-	    "libsoftkeymasterdevice",
-        "libkeymaster_messages",
-	    "libkeymaster_portable",
-        "libcppbor",
-        "android.hardware.keymaster@4.1",
-        "android.hardware.keymaster@4.0",
-        "libjc_transport",
-	    "libcrypto",
-        "libjc_common",
-    ],
-}
diff --git a/ProvisioningTool/Makefile b/ProvisioningTool/Makefile
new file mode 100644
index 00000000..ca462cb1
--- /dev/null
+++ b/ProvisioningTool/Makefile
@@ -0,0 +1,58 @@
+CC = g++
+SRC_DIR = src
+# source files for construct_apdus 
+CONSTRUCT_APDUS_SRC = $(SRC_DIR)/construct_apdus.cpp \
+                      $(SRC_DIR)/cppbor.cpp \
+                      $(SRC_DIR)/cppbor_parse.cpp \
+                      $(SRC_DIR)/utils.cpp \
+
+CONSTRUCT_APDUS_OBJFILES = $(CONSTRUCT_APDUS_SRC:.cpp=.o)
+CONSTRUCT_APDUS_BIN = construct_apdus
+
+# source files for provision
+PROVISION_SRC = $(SRC_DIR)/provision.cpp \
+                $(SRC_DIR)/socket.cpp \
+                $(SRC_DIR)/cppbor.cpp \
+                $(SRC_DIR)/cppbor_parse.cpp \
+                $(SRC_DIR)/utils.cpp \
+
+PROVISION_OBJFILES = $(PROVISION_SRC:.cpp=.o)
+PROVISION_BIN = provision
+
+
+ifeq ($(OS),Windows_NT)
+    uname_S := Windows
+else
+    uname_S := $(shell uname -s)
+endif
+
+ifeq ($(uname_S), Windows)
+    PLATFORM = -D__WIN32__
+endif
+ifeq ($(uname_S), Linux)
+    PLATFORM = -D__LINUX__
+endif
+
+DEBUG = -g
+CXXFLAGS = $(DEBUG) $(PLATFORM) -Wall -std=c++2a
+CFLAGS = $(CXXFLAGS) -Iinclude
+LDFLAGS = -Llib/
+LIB_JSON = -ljsoncpp
+LIB_CRYPTO = -lcrypto
+LDLIBS = $(LIB_JSON) $(LIB_CRYPTO)
+
+all: $(CONSTRUCT_APDUS_BIN) $(PROVISION_BIN)
+
+$(CONSTRUCT_APDUS_BIN): $(CONSTRUCT_APDUS_OBJFILES)
+	$(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS)
+
+$(PROVISION_BIN): $(PROVISION_OBJFILES)
+	$(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS)
+
+%.o: %.cpp
+	$(CC) $(CFLAGS) -c -o $@ $^
+
+
+.PHONY: clean
+clean:
+	rm -f $(CONSTRUCT_APDUS_OBJFILES) $(CONSTRUCT_APDUS_BIN) $(PROVISION_OBJFILES) $(PROVISION_BIN)
diff --git a/ProvisioningTool/Provision.cpp b/ProvisioningTool/Provision.cpp
deleted file mode 100644
index 4251cd80..00000000
--- a/ProvisioningTool/Provision.cpp
+++ /dev/null
@@ -1,509 +0,0 @@
-/*
- **
- ** Copyright 2020, The Android Open Source Project
- **
- ** Licensed under the Apache License, Version 2.0 (the "License");
- ** you may not use this file except in compliance with the License.
- ** You may obtain a copy of the License at
- **
- **     http://www.apache.org/licenses/LICENSE-2.0
- **
- ** Unless required by applicable law or agreed to in writing, software
- ** distributed under the License is distributed on an "AS IS" BASIS,
- ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- ** See the License for the specific language governing permissions and
- ** limitations under the License.
- */
-
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
- #include 
-
-#define INS_BEGIN_KM_CMD 0x00
-#define APDU_CLS 0x80
-#define APDU_P1  0x40
-#define APDU_P2  0x00
-#define APDU_RESP_STATUS_OK 0x9000
-#define SE_POWER_RESET_STATUS_FLAG ( 1 << 30)
-
-namespace keymaster {
-namespace V4_1 {
-namespace javacard {
-
-enum class Instruction {
-    // Provisioning commands
-    INS_PROVISION_ATTESTATION_KEY_CMD = INS_BEGIN_KM_CMD+1,
-    INS_PROVISION_CERT_CHAIN_CMD = INS_BEGIN_KM_CMD+2,
-    INS_PROVISION_CERT_PARAMS_CMD = INS_BEGIN_KM_CMD+3,
-    INS_PROVISION_ATTEST_IDS_CMD = INS_BEGIN_KM_CMD+4,
-    INS_PROVISION_PRESHARED_SECRET_CMD = INS_BEGIN_KM_CMD+5,
-    INS_SET_BOOT_PARAMS_CMD = INS_BEGIN_KM_CMD+6,
-    INS_LOCK_PROVISIONING_CMD = INS_BEGIN_KM_CMD+7,
-    INS_GET_PROVISION_STATUS_CMD = INS_BEGIN_KM_CMD+8,
-    INS_SET_VERSION_PATCHLEVEL_CMD = INS_BEGIN_KM_CMD+9,
-};
-
-//Extended error codes
-enum ExtendedErrors {
-    SW_CONDITIONS_NOT_SATISFIED = -10001,
-    UNSUPPORTED_CLA = -10002,
-    INVALID_P1P2 = -10003,
-    UNSUPPORTED_INSTRUCTION = -10004,
-    CMD_NOT_ALLOWED = -10005,
-    SW_WRONG_LENGTH = -10006,
-    INVALID_DATA = -10007,
-    CRYPTO_ILLEGAL_USE = -10008,
-    CRYPTO_ILLEGAL_VALUE = -10009,
-    CRYPTO_INVALID_INIT = -10010,
-    CRYPTO_NO_SUCH_ALGORITHM = -10011,
-    CRYPTO_UNINITIALIZED_KEY = -10012,
-    GENERIC_UNKNOWN_ERROR = -10013
-};
-
-enum ProvisionStatus {
-    NOT_PROVISIONED = 0x00,
-    PROVISION_STATUS_ATTESTATION_KEY = 0x01,
-    PROVISION_STATUS_ATTESTATION_CERT_CHAIN = 0x02,
-    PROVISION_STATUS_ATTESTATION_CERT_PARAMS = 0x04,
-    PROVISION_STATUS_ATTEST_IDS = 0x08,
-    PROVISION_STATUS_PRESHARED_SECRET = 0x10,
-    PROVISION_STATUS_BOOT_PARAM = 0x20,
-    PROVISION_STATUS_PROVISIONING_LOCKED = 0x40,
-};
-
-// Static function declarations.
-static ErrorCode constructApduMessage(Instruction& ins, std::vector& inputData, std::vector& apduOut);
-static ErrorCode sendProvisionData(std::unique_ptr& transport, Instruction ins, std::vector& inData, std::vector& response);
-static uint16_t getStatus(std::vector& inputData);
-template
-static std::tuple, T> decodeData(CborConverter& cb, const std::vector& response);
-template
-static T translateExtendedErrorsToHalErrors(T& errorCode);
-
-template
-static T translateExtendedErrorsToHalErrors(T& errorCode) {
-    T err;
-    switch(static_cast(errorCode)) {
-        case SW_CONDITIONS_NOT_SATISFIED:
-        case UNSUPPORTED_CLA:
-        case INVALID_P1P2:
-        case INVALID_DATA:
-        case CRYPTO_ILLEGAL_USE:
-        case CRYPTO_ILLEGAL_VALUE:
-        case CRYPTO_INVALID_INIT:
-        case CRYPTO_UNINITIALIZED_KEY:
-        case GENERIC_UNKNOWN_ERROR:
-            err = T::UNKNOWN_ERROR;
-            break;
-        case CRYPTO_NO_SUCH_ALGORITHM:
-            err = T::UNSUPPORTED_ALGORITHM;
-            break;
-        case UNSUPPORTED_INSTRUCTION:
-        case CMD_NOT_ALLOWED:
-        case SW_WRONG_LENGTH:
-            err = T::UNIMPLEMENTED;
-            break;
-        default:
-            err = static_cast(errorCode);
-            break;
-    }
-    return err;
-}
-
-/**
- * Returns the negative value of the same number.
- */
-static inline int32_t get2sCompliment(uint32_t value) { 
-    return static_cast(~value+1); 
-}
-
-/**
- * This function separates the original error code from the
- * power reset flag and returns the original error code.
- */
-static uint32_t extractErrorCode(uint32_t errorCode) {
-    //Check if secure element is reset
-    bool isSeResetOccurred = (0 != (errorCode & SE_POWER_RESET_STATUS_FLAG));
-
-    if (isSeResetOccurred) {
-        LOG(ERROR) << "Secure element reset happened";
-        errorCode &= ~SE_POWER_RESET_STATUS_FLAG;
-    }
-    return errorCode;
-}
-
-template
-static std::tuple, T> decodeData(CborConverter& cb, const std::vector& response) {
-    std::unique_ptr item(nullptr);
-    T errorCode = T::OK;
-    std::tie(item, errorCode) = cb.decodeData(response, true);
-
-    uint32_t tempErrCode = extractErrorCode(static_cast(errorCode));
-
-    // SE sends errocode as unsigned value so convert the unsigned value
-    // into a signed value of same magnitude and copy back to errorCode.
-    errorCode = static_cast(get2sCompliment(tempErrCode));
-
-    if (T::OK != errorCode)
-        errorCode = translateExtendedErrorsToHalErrors(errorCode);
-    return {std::move(item), errorCode};
-}
-
-static inline X509* parseDerCertificate(std::vector& certData) {
-    X509 *x509 = NULL;
-
-    /* Create BIO instance from certificate data */
-    BIO *bio = BIO_new_mem_buf(certData.data(), certData.size());
-    if(bio == NULL) {
-        LOG(ERROR) << " Failed to create BIO from buffer.";
-        return NULL;
-    }
-    /* Create X509 instance from BIO */
-    x509 = d2i_X509_bio(bio, NULL);
-    if(x509 == NULL) {
-        LOG(ERROR) << " Failed to get X509 instance from BIO.";
-        return NULL;
-    }
-    BIO_free(bio);
-    return x509;
-}
-
-static inline void getDerSubjectName(X509* x509, std::vector& subject) {
-    uint8_t *subjectDer = NULL;
-    X509_NAME* asn1Subject = X509_get_subject_name(x509);
-    if(asn1Subject == NULL) {
-        LOG(ERROR) << " Failed to read the subject.";
-        return;
-    }
-    /* Convert X509_NAME to der encoded subject */
-    int len = i2d_X509_NAME(asn1Subject, &subjectDer);
-    if (len < 0) {
-        LOG(ERROR) << " Failed to get readable name from X509_NAME.";
-        return;
-    }
-    subject.insert(subject.begin(), subjectDer, subjectDer+len);
-}
-
-static inline void getNotAfter(X509* x509, std::vector& notAfterDate) {
-    const ASN1_TIME* notAfter = X509_get0_notAfter(x509);
-    if(notAfter == NULL) {
-        LOG(ERROR) << " Failed to read expiry time.";
-        return;
-    }
-    int strNotAfterLen = ASN1_STRING_length(notAfter);
-    const uint8_t *strNotAfter = ASN1_STRING_get0_data(notAfter);
-    if(strNotAfter == NULL) {
-        LOG(ERROR) << " Failed to read expiry time from ASN1 string.";
-        return;
-    }
-    notAfterDate.insert(notAfterDate.begin(), strNotAfter, strNotAfter + strNotAfterLen);
-}
-
-static uint16_t getStatus(std::vector& inputData) {
-    //Last two bytes are the status SW0SW1
-    return (inputData.at(inputData.size()-2) << 8) | (inputData.at(inputData.size()-1));
-}
-
-static ErrorCode constructApduMessage(Instruction& ins, std::vector& inputData, std::vector& apduOut) {
-
-    apduOut.push_back(static_cast(APDU_CLS)); //CLS
-    apduOut.push_back(static_cast(ins)); //INS
-    apduOut.push_back(static_cast(APDU_P1)); //P1
-    apduOut.push_back(static_cast(APDU_P2)); //P2
-
-    if(USHRT_MAX >= inputData.size()) {
-        // Send extended length APDU always as response size is not known to HAL.
-        // Case 1: Lc > 0  CLS | INS | P1 | P2 | 00 | 2 bytes of Lc | CommandData | 2 bytes of Le all set to 00.
-        // Case 2: Lc = 0  CLS | INS | P1 | P2 | 3 bytes of Le all set to 00.
-        //Extended length 3 bytes, starts with 0x00
-        apduOut.push_back(static_cast(0x00));
-        if (inputData.size() > 0) {
-            apduOut.push_back(static_cast(inputData.size() >> 8));
-            apduOut.push_back(static_cast(inputData.size() & 0xFF));
-            //Data
-            apduOut.insert(apduOut.end(), inputData.begin(), inputData.end());
-        }
-        //Expected length of output.
-        //Accepting complete length of output every time.
-        apduOut.push_back(static_cast(0x00));
-        apduOut.push_back(static_cast(0x00));
-    } else {
-        return (ErrorCode::INSUFFICIENT_BUFFER_SPACE);
-    }
-
-    return (ErrorCode::OK);//success
-}
-
-
-
-static ErrorCode sendProvisionData(std::unique_ptr& transport, Instruction ins, std::vector& inData, std::vector& response) {
-    ErrorCode ret = ErrorCode::OK;
-    std::vector apdu;
-    CborConverter cborConverter;
-    std::unique_ptr item;
-    ret = constructApduMessage(ins, inData, apdu);
-    if(ret != ErrorCode::OK) return ret;
-
-    if(!transport->sendData(apdu.data(), apdu.size(), response)) {
-        return (ErrorCode::SECURE_HW_COMMUNICATION_FAILED);
-    }
-
-    if((response.size() < 2) || (getStatus(response) != APDU_RESP_STATUS_OK)) {
-        return (ErrorCode::UNKNOWN_ERROR);
-    }
-
-    if((response.size() > 2)) {
-        //Skip last 2 bytes in cborData, it contains status.
-        std::tie(item, ret) = decodeData(cborConverter, std::vector(response.begin(), response.end()-2));
-    } else {
-        ret = ErrorCode::UNKNOWN_ERROR;
-    }
-
-    return ret;
-}
-
-ErrorCode Provision::init() {
-	if(pTransportFactory == nullptr) {
-		pTransportFactory = std::unique_ptr(new se_transport::TransportFactory(
-					android::base::GetBoolProperty("ro.kernel.qemu", false)));
-		if(!pTransportFactory->openConnection())
-            return ErrorCode::UNKNOWN_ERROR;
-	}
-	return ErrorCode::OK;
-}
-
-ErrorCode Provision::provisionAttestationKey(std::vector& batchKey) {
-    ErrorCode errorCode = ErrorCode::OK;
-    std::vector privKey;
-    std::vector pubKey;
-    EcCurve curve;
-    CborConverter cborConverter;
-    cppbor::Array array;
-    cppbor::Array subArray;
-    std::vector response;
-    Instruction ins = Instruction::INS_PROVISION_ATTESTATION_KEY_CMD;
-
-    AuthorizationSet authSetKeyParams(AuthorizationSetBuilder()
-            .Authorization(TAG_ALGORITHM, KM_ALGORITHM_EC)
-            .Authorization(TAG_DIGEST, KM_DIGEST_SHA_2_256)
-            .Authorization(TAG_EC_CURVE, KM_EC_CURVE_P_256)
-            .Authorization(TAG_PURPOSE, static_cast(0x7F))); /* The value 0x7F is not present in types.hal */
-    hidl_vec keyParams = kmParamSet2Hidl(authSetKeyParams);
-    if(ErrorCode::OK != (errorCode = ecRawKeyFromPKCS8(batchKey, privKey, pubKey, curve))) {
-        return errorCode;
-    }
-    subArray.add(privKey);
-    subArray.add(pubKey);
-    std::vector encodedArray = subArray.encode();
-    cppbor::Bstr bstr(encodedArray.begin(), encodedArray.end());
-    //Encode data.
-    cborConverter.addKeyparameters(array, keyParams);
-    array.add(static_cast(KeyFormat::RAW));
-    array.add(bstr);
-
-    std::vector cborData = array.encode();
-    if(ErrorCode::OK != (errorCode = sendProvisionData(pTransportFactory, ins, cborData, response))) {
-        return errorCode;
-    }
-    return errorCode;
-}
-
-ErrorCode Provision::provisionAtestationCertificateChain(std::vector>& certChain) {
-    ErrorCode errorCode = ErrorCode::OK;
-    cppbor::Array array;
-    Instruction ins = Instruction::INS_PROVISION_CERT_CHAIN_CMD;
-    std::vector response;
-
-    std::vector certData;
-    for (auto data : certChain) {
-        certData.insert(certData.end(), data.begin(), data.end());
-    }
-    cppbor::Bstr bstrCertChain(certData.begin(), certData.end());
-    std::vector cborData = bstrCertChain.encode();
-
-    if(ErrorCode::OK != (errorCode = sendProvisionData(pTransportFactory, ins, cborData, response))) {
-        return errorCode;
-    }
-    return errorCode;
-}
-
-ErrorCode Provision::provisionAttestationCertificateParams(std::vector& batchCertificate) {
-    ErrorCode errorCode = ErrorCode::OK;
-    cppbor::Array array;
-    Instruction ins = Instruction::INS_PROVISION_CERT_PARAMS_CMD;
-    std::vector response;
-    X509 *x509 = NULL;
-    std::vector subject;
-    std::vector notAfter;
-
-    /* Subject, AuthorityKeyIdentifier and Expirty time of the root certificate are required by javacard. */
-    /* Get X509 certificate instance for the root certificate.*/
-    if(NULL == (x509 = parseDerCertificate(batchCertificate))) {
-        return errorCode;
-    }
-
-    /* Get subject in DER */
-    getDerSubjectName(x509, subject);
-    /* Get Expirty Time */
-    getNotAfter(x509, notAfter);
-    /*Free X509 */
-    X509_free(x509);
-
-    array = cppbor::Array();
-    array.add(subject);
-    array.add(notAfter);
-    std::vector cborData = array.encode();
-
-    if(ErrorCode::OK != (errorCode = sendProvisionData(pTransportFactory, ins, cborData, response))) {
-        return errorCode;
-    }
-    return errorCode;
-}
-
-ErrorCode Provision::provisionAttestationID(AttestIDParams& attestParams) {
-    ErrorCode errorCode = ErrorCode::OK;
-    CborConverter cborConverter;
-    cppbor::Array array;
-    Instruction ins = Instruction::INS_PROVISION_ATTEST_IDS_CMD;
-    std::vector response;
-
-    AuthorizationSet authSetAttestParams(AuthorizationSetBuilder()
-            .Authorization(TAG_ATTESTATION_ID_BRAND, attestParams.brand.data(), attestParams.brand.size())
-            .Authorization(TAG_ATTESTATION_ID_DEVICE, attestParams.device.data(), attestParams.device.size())
-            .Authorization(TAG_ATTESTATION_ID_PRODUCT, attestParams.product.data(), attestParams.product.size())
-            .Authorization(TAG_ATTESTATION_ID_SERIAL, attestParams.serial.data(), attestParams.serial.size())
-            .Authorization(TAG_ATTESTATION_ID_IMEI, attestParams.imei.data(), attestParams.imei.size())
-            .Authorization(TAG_ATTESTATION_ID_MEID, attestParams.meid.data(), attestParams.meid.size())
-            .Authorization(TAG_ATTESTATION_ID_MANUFACTURER, attestParams.manufacturer.data(), attestParams.manufacturer.size())
-            .Authorization(TAG_ATTESTATION_ID_MODEL, attestParams.model.data(), attestParams.model.size()));
-
-    hidl_vec attestKeyParams = kmParamSet2Hidl(authSetAttestParams);
-
-    array = cppbor::Array();
-    cborConverter.addKeyparameters(array, attestKeyParams);
-    std::vector cborData = array.encode();
-
-    if(ErrorCode::OK != (errorCode = sendProvisionData(pTransportFactory, ins, cborData, response))) {
-        return errorCode;
-    }
-    return errorCode;
-}
-
-ErrorCode Provision::provisionPreSharedSecret(std::vector& preSharedSecret) {
-    ErrorCode errorCode = ErrorCode::OK;
-    cppbor::Array array;
-    Instruction ins = Instruction::INS_PROVISION_PRESHARED_SECRET_CMD;
-    std::vector response;
-
-    array = cppbor::Array();
-    array.add(preSharedSecret);
-    std::vector cborData = array.encode();
-
-    if(ErrorCode::OK != (errorCode = sendProvisionData(pTransportFactory, ins, cborData, response))) {
-        return errorCode;
-    }
-    return errorCode;
-}
-
-ErrorCode Provision::setAndroidSystemProperties() {
-    ErrorCode errorCode = ErrorCode::OK;
-    cppbor::Array array;
-    std::vector apdu;
-    std::vector response;
-    Instruction ins = Instruction::INS_SET_VERSION_PATCHLEVEL_CMD;
-
-    array.add(GetOsVersion()).
-        add(GetOsPatchlevel()).
-        add(GetVendorPatchlevel());
-    std::vector cborData = array.encode();
-
-    if(ErrorCode::OK != (errorCode = sendProvisionData(pTransportFactory, ins, cborData, response))) {
-        return errorCode;
-    }
-    return errorCode;
-}
-
-ErrorCode Provision::provisionBootParameters(BootParams& bootParams) {
-    ErrorCode errorCode = ErrorCode::OK;
-    cppbor::Array array;
-    std::vector apdu;
-    std::vector response;
-    Instruction ins = Instruction::INS_SET_BOOT_PARAMS_CMD;
-
-    array.add(bootParams.bootPatchLevel).
-        /* Verified Boot Key */
-        add(bootParams.verifiedBootKey).
-        /* Verified Boot Hash */
-        add(bootParams.verifiedBootKeyHash).
-        /* boot state */
-        add(bootParams.verifiedBootState).
-        /* device locked */
-        add(bootParams.deviceLocked);
-
-    std::vector cborData = array.encode();
-
-    if(ErrorCode::OK != (errorCode = sendProvisionData(pTransportFactory, ins, cborData, response))) {
-        return errorCode;
-    }
-    return errorCode;
-}
-
-ErrorCode Provision::getProvisionStatus(uint64_t& status) {
-    ErrorCode errorCode = ErrorCode::OK;
-    Instruction ins = Instruction::INS_GET_PROVISION_STATUS_CMD;
-    std::vector cborData;
-    std::vector response;
-    std::unique_ptr item;
-    CborConverter cborConverter;
-
-    if(ErrorCode::OK != (errorCode = sendProvisionData(pTransportFactory, ins, cborData, response))) {
-        LOG(ERROR) << "Failed to get provision status err: " << static_cast(errorCode);
-        return errorCode;
-    }
-    //Check if SE is provisioned.
-    std::tie(item, errorCode) = decodeData(cborConverter, std::vector(response.begin(), response.end()-2));
-    if(item != NULL) {
-
-        if(!cborConverter.getUint64(item, 1, status)) {
-            LOG(ERROR) << "Failed to parse the status from cbor data";
-            return ErrorCode::UNKNOWN_ERROR;
-        }
-    }
-    return errorCode;
-}
-
-ErrorCode Provision::lockProvision() {
-    ErrorCode errorCode = ErrorCode::OK;
-    Instruction ins = Instruction::INS_LOCK_PROVISIONING_CMD;
-    std::vector cborData;
-    std::vector response;
-
-    if(ErrorCode::OK != (errorCode = sendProvisionData(pTransportFactory, ins, cborData, response))) {
-        return errorCode;
-    }
-    return errorCode;
-}
-
-ErrorCode Provision::uninit() {
-	if(pTransportFactory != nullptr) {
-        if(!pTransportFactory->closeConnection())
-            return ErrorCode::UNKNOWN_ERROR;
-    }
-    return ErrorCode::OK;
-}
-// Provision End
-
-}  // namespace javacard
-}  // namespace V4_1
-}  // namespace keymaster
diff --git a/ProvisioningTool/Provision.h b/ProvisioningTool/Provision.h
deleted file mode 100644
index 68a7f1d1..00000000
--- a/ProvisioningTool/Provision.h
+++ /dev/null
@@ -1,108 +0,0 @@
-/*
- **
- ** Copyright 2020, The Android Open Source Project
- **
- ** Licensed under the Apache License, Version 2.0 (the "License");
- ** you may not use this file except in compliance with the License.
- ** You may obtain a copy of the License at
- **
- **     http://www.apache.org/licenses/LICENSE-2.0
- **
- ** Unless required by applicable law or agreed to in writing, software
- ** distributed under the License is distributed on an "AS IS" BASIS,
- ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- ** See the License for the specific language governing permissions and
- ** limitations under the License.
- */
-
-
-#ifndef KEYMASTER_V4_1_JAVACARD_PROVISION_H_
-#define KEYMASTER_V4_1_JAVACARD_PROVISION_H_
-
-#include "TransportFactory.h"
-
-namespace keymaster {
-namespace V4_1 {
-namespace javacard {
-
-typedef struct SystemProperties__ {
-	uint32_t osVersion;
-	uint32_t osPatchLevel;
-	uint32_t vendorPatchLevel;
-} SystemProperties;
-
-typedef struct BootParams_ {
-	uint32_t bootPatchLevel;
-	std::vector verifiedBootKey;
-	std::vector verifiedBootKeyHash;
-	uint32_t verifiedBootState;
-	uint32_t deviceLocked;
-} BootParams;
-
-typedef struct AttestIDParams_ {
-	std::string brand;
-	std::string device;
-	std::string product;
-	std::string serial;
-	std::string imei;
-	std::string meid;
-	std::string manufacturer;
-	std::string model;
-} AttestIDParams;
-
-class Provision {
-public:
-    /**
-     * Initalizes the transport layer.
-     */
-	ErrorCode init();
-    /**
-     * Provision the Attestation key.
-     */
-	ErrorCode provisionAttestationKey(std::vector& batchKey);
-    /**
-     * Provision the Attestation certificate chain.
-     */
-	ErrorCode provisionAtestationCertificateChain(std::vector>& CertChain);
-    /**
-     * Provision the Attestation certificate paramters.
-     */
-	ErrorCode provisionAttestationCertificateParams(std::vector& batchCertificate);
-    /**
-     * Provision the Attestation ID.
-     */
-	ErrorCode provisionAttestationID(AttestIDParams& attestParams);
-    /**
-     * Provision the pre-shared secret.
-     */
-	ErrorCode provisionPreSharedSecret(std::vector& preSharedSecret);
-    /**
-     * Provision the boot parameters.
-     */
-	ErrorCode provisionBootParameters(BootParams& bootParams );
-    /**
-     * Set system properties.
-     */
-	ErrorCode setAndroidSystemProperties();
-
-    /**
-     * Locks the provision. After this no more provision commanands are allowed.
-     */
-    ErrorCode lockProvision();
-    /**
-     * Get the provision status.
-     */
-    ErrorCode getProvisionStatus(uint64_t&);
-    /**
-     * Uninitialize the transport layer.
-     */
-    ErrorCode uninit();
-
-private:
-    std::unique_ptr pTransportFactory;
-};
-
-}  // namespace javacard
-}  // namespace V4_1
-}  // namespace keymaster
-#endif //KEYMASTER_V4_1_JAVACARD_PROVISION_H_
diff --git a/ProvisioningTool/ProvisionTool.cpp b/ProvisioningTool/ProvisionTool.cpp
deleted file mode 100644
index 3ff242f5..00000000
--- a/ProvisioningTool/ProvisionTool.cpp
+++ /dev/null
@@ -1,616 +0,0 @@
-/*
- **
- ** Copyright 2020, The Android Open Source Project
- **
- ** Licensed under the Apache License, Version 2.0 (the "License");
- ** you may not use this file except in compliance with the License.
- ** You may obtain a copy of the License at
- **
- **     http://www.apache.org/licenses/LICENSE-2.0
- **
- ** Unless required by applicable law or agreed to in writing, software
- ** distributed under the License is distributed on an "AS IS" BASIS,
- ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- ** See the License for the specific language governing permissions and
- ** limitations under the License.
- */
-
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-
-#define BUFFER_MAX_LENGTH 256
-#define SB_KEYMASTER_SERVICE "javacard"
-#define INS_BEGIN_KM_CMD 0x00
-#define APDU_CLS 0x80
-#define APDU_P1  0x40
-#define APDU_P2  0x00
-#define APDU_RESP_STATUS_OK 0x9000
-#define MAX_ATTEST_IDS_SIZE 8
-#define SHARED_SECRET_SIZE 32
-
-enum class Instruction {
-    // Provisioning commands
-    INS_PROVISION_ATTESTATION_KEY_CMD = INS_BEGIN_KM_CMD+1,
-    INS_PROVISION_CERT_CHAIN_CMD = INS_BEGIN_KM_CMD+2,
-    INS_PROVISION_CERT_PARAMS_CMD = INS_BEGIN_KM_CMD+3,
-    INS_PROVISION_ATTEST_IDS_CMD = INS_BEGIN_KM_CMD+4,
-    INS_PROVISION_SHARED_SECRET_CMD = INS_BEGIN_KM_CMD+5,
-    INS_SET_BOOT_PARAMS_CMD = INS_BEGIN_KM_CMD+6,
-    INS_LOCK_PROVISIONING_CMD = INS_BEGIN_KM_CMD+7,
-    INS_GET_PROVISION_STATUS_CMD = INS_BEGIN_KM_CMD+8,
-};
-
-enum ProvisionStatus {
-    NOT_PROVISIONED = 0x00,
-    PROVISION_STATUS_ATTESTATION_KEY = 0x01,
-    PROVISION_STATUS_ATTESTATION_CERT_CHAIN = 0x02,
-    PROVISION_STATUS_ATTESTATION_CERT_PARAMS = 0x04,
-    PROVISION_STATUS_ATTEST_IDS = 0x08,
-    PROVISION_STATUS_PRESHARED_SECRET = 0x10,
-    PROVISION_STATUS_BOOT_PARAM = 0x20,
-    PROVISION_STATUS_PROVISIONING_LOCKED = 0x40,
-};
-
-using ::android::hardware::keymaster::V4_0::ErrorCode;
-
-static keymaster::V4_1::javacard::Provision mProvision;
-Json::Value root;
-
-constexpr char hex_value[256] = {0, 0,  0,  0,  0,  0,  0,  0, 0, 0, 0, 0, 0, 0, 0, 0,  //
-                                 0, 0,  0,  0,  0,  0,  0,  0, 0, 0, 0, 0, 0, 0, 0, 0,  //
-                                 0, 0,  0,  0,  0,  0,  0,  0, 0, 0, 0, 0, 0, 0, 0, 0,  //
-                                 0, 1,  2,  3,  4,  5,  6,  7, 8, 9, 0, 0, 0, 0, 0, 0,  // '0'..'9'
-                                 0, 10, 11, 12, 13, 14, 15, 0, 0, 0, 0, 0, 0, 0, 0, 0,  // 'A'..'F'
-                                 0, 0,  0,  0,  0,  0,  0,  0, 0, 0, 0, 0, 0, 0, 0, 0,  //
-                                 0, 10, 11, 12, 13, 14, 15, 0, 0, 0, 0, 0, 0, 0, 0, 0,  // 'a'..'f'
-                                 0, 0,  0,  0,  0,  0,  0,  0, 0, 0, 0, 0, 0, 0, 0, 0,  //
-                                 0, 0,  0,  0,  0,  0,  0,  0, 0, 0, 0, 0, 0, 0, 0, 0,  //
-                                 0, 0,  0,  0,  0,  0,  0,  0, 0, 0, 0, 0, 0, 0, 0, 0,  //
-                                 0, 0,  0,  0,  0,  0,  0,  0, 0, 0, 0, 0, 0, 0, 0, 0,  //
-                                 0, 0,  0,  0,  0,  0,  0,  0, 0, 0, 0, 0, 0, 0, 0, 0,  //
-                                 0, 0,  0,  0,  0,  0,  0,  0, 0, 0, 0, 0, 0, 0, 0, 0,  //
-                                 0, 0,  0,  0,  0,  0,  0,  0, 0, 0, 0, 0, 0, 0, 0, 0,  //
-                                 0, 0,  0,  0,  0,  0,  0,  0, 0, 0, 0, 0, 0, 0, 0, 0,  //
-                                 0, 0,  0,  0,  0,  0,  0,  0, 0, 0, 0, 0, 0, 0, 0, 0};
-
-std::string hex2str(std::string a) { 
-    std::string b;
-    size_t num = a.size() / 2;
-    b.resize(num);
-    for (size_t i = 0; i < num; i++) {
-        b[i] = (hex_value[a[i * 2] & 0xFF] << 4) + (hex_value[a[i * 2 + 1] & 0xFF]);
-    }    
-    return b;
-}
-
-bool parseJsonFile(const char* filename);
-
-static bool readDataFromFile(const char *filename, std::vector& data) {
-    FILE *fp;
-    bool ret = true;
-    fp = fopen(filename, "rb");
-    if(fp == NULL) {
-        printf("\nFailed to open file: \n");
-        return false;
-    }
-    fseek(fp, 0L, SEEK_END);
-    long int filesize = ftell(fp);
-    rewind(fp);
-    std::unique_ptr buf(new uint8_t[filesize]);
-    if( 0 == fread(buf.get(), filesize, 1, fp)) {
-        printf("\n No content in the file \n");
-        ret = false;
-    }
-    if(true == ret) {
-        data.insert(data.end(), buf.get(), buf.get() + filesize);
-    }
-    fclose(fp);
-    return ret;
-}
-
-void usage() {
-    printf("Usage: provision_tool [options]\n");
-    printf("Valid options are:\n");
-    printf("-h, --help    show this help message and exit.\n");
-    printf("-a, --all jsonFile \t Executes all the provision commands \n");
-    printf("-k, --attest_key jsonFile \t Provision attestation key \n");
-    printf("-c, --cert_chain jsonFile \t Provision attestation certificate chain \n");
-    printf("-p, --cert_params jsonFile \t Provision attestation certificate parameters \n");
-    printf("-i, --attest_ids jsonFile \t Provision attestation IDs \n");
-    printf("-r, --shared_secret jsonFile \t Provision shared secret  \n");
-    printf("-b, --set_boot_params jsonFile \t Set boot parameters  \n");
-    printf("-e, --set_system_properties \t Set system properties  \n");
-    printf("-s, --provision_status \t Prints the provision status.\n");
-    printf("-l, --lock_provision  \t  Locks the provision commands.\n");
-}
-
-bool getBootParameterIntValue(Json::Value& bootParamsObj, const char* key, uint32_t *value) {
-    bool ret = false;
-    Json::Value val = bootParamsObj[key];
-    if(val.empty())
-        return ret;
-
-    if(!val.isInt())
-        return ret;
-
-    *value = (uint32_t)val.asInt();
-
-    return true;
-}
-
-bool getBootParameterBlobValue(Json::Value& bootParamsObj, const char* key, std::vector& blob) {
-    bool ret = false;
-    Json::Value val = bootParamsObj[key];
-    if(val.empty())
-        return ret;
-
-    if(!val.isString())
-        return ret;
-
-    std::string blobStr = hex2str(val.asString());
-
-    for(char ch : blobStr) {
-        blob.push_back((uint8_t)ch);
-    }
-
-    return true;
-}
-
-bool setAndroidSystemProperties() {
-    ErrorCode err = ErrorCode::OK;
-    bool ret = false;
-    if (ErrorCode::OK != (err = mProvision.setAndroidSystemProperties())) {
-        printf("\n set boot parameters failed with err:%d \n", (int32_t)err);
-        return ret;
-    }
-    printf("\n SE successfully accepted system properties.\n");
-    return true;
-
-}
-
-bool setBootParameters(const char* filename) {
-    Json::Value bootParamsObj;
-    bool ret = false;
-    ErrorCode err = ErrorCode::OK;
-    keymaster::V4_1::javacard::BootParams bootParams;
-
-    if(!parseJsonFile(filename))
-        return ret;
-
-    bootParamsObj = root.get("set_boot_params", bootParamsObj);
-    if (!bootParamsObj.isNull()) {
-
-        if(!getBootParameterIntValue(bootParamsObj, "boot_patch_level", &bootParams.bootPatchLevel)) {
-            printf("\n Invalid value for boot_patch_level or boot_patch_level tag missing\n");
-            return ret;
-        }
-        if(!getBootParameterBlobValue(bootParamsObj, "verified_boot_key", bootParams.verifiedBootKey)) {
-            printf("\n Invalid value for verified_boot_key or verified_boot_key tag missing\n");
-            return ret;
-        }
-        if(!getBootParameterBlobValue(bootParamsObj, "verified_boot_key_hash", bootParams.verifiedBootKeyHash)) {
-            printf("\n Invalid value for verified_boot_key_hash or verified_boot_key_hash tag missing\n");
-            return ret;
-        }
-        if(!getBootParameterIntValue(bootParamsObj, "boot_state", &bootParams.verifiedBootState)) {
-            printf("\n Invalid value for boot_state or boot_state tag missing\n");
-            return ret;
-        }
-        if(!getBootParameterIntValue(bootParamsObj, "device_locked", &bootParams.deviceLocked)) {
-            printf("\n Invalid value for device_locked or device_locked tag missing\n");
-            return ret;
-        }
-
-    } else {
-        printf("\n Fail: Improper value found for set_boot_params key inside the json file\n");
-        return ret;
-    }
-
-    if (ErrorCode::OK != (err = mProvision.provisionBootParameters(bootParams))) {
-        printf("\n set boot parameters failed with err:%d \n", (int32_t)err);
-        return ret;
-    }
-
-    printf("\n SE successfully accepted boot paramters \n");
-    return true;
-}
-
-bool provisionAttestationIds(const char *filename) {
-    Json::Value attestIds;
-    bool ret = false;
-    ErrorCode err = ErrorCode::OK;
-    keymaster::V4_1::javacard::AttestIDParams params;
-
-    if(!parseJsonFile(filename))
-        return ret;
-
-    attestIds = root.get("attest_ids", attestIds);
-    if (!attestIds.isNull()) {
-        Json::Value value;
-        Json::Value::Members keys = attestIds.getMemberNames();
-        for(std::string key : keys) {
-            value = attestIds[key];
-            if(value.empty()) {
-                continue;
-            }
-            if (!value.isString()) {
-                printf("\n Fail: Value for each attest ids key should be a string in the json file \n");
-                return ret;
-            }
-
-            if (0 == key.compare("brand")) {
-                params.brand = value.asString();
-            } else if(0 == key.compare("device")) {
-                params.device = value.asString();
-            } else if(0 == key.compare("product")) {
-                params.product = value.asString();
-            } else if(0 == key.compare("serial")) {
-                params.serial = value.asString();
-            } else if(0 == key.compare("imei")) {
-                params.imei = value.asString();
-            } else if(0 == key.compare("meid")) {
-                params.meid = value.asString();
-            } else if(0 == key.compare("manufacturer")) {
-                params.manufacturer = value.asString();
-            } else if(0 == key.compare("model")) {
-                params.model = value.asString();
-            } else {
-                printf("\n unknown attestation id key:%s \n", key.c_str());
-                return ret;
-            }
-        }
-
-        if (ErrorCode::OK != (err = mProvision.provisionAttestationID(params))) {
-            printf("\n Provision attestationID parameters failed with err:%d \n", (int32_t)err);
-            return ret;
-        }
-    } else {
-        printf("\n Fail: Improper value found for attest_ids key inside the json file \n");
-        return ret;
-    }
-    printf("\n provisioned attestation ids successfully \n");
-    return true;
-}
-
-bool lockProvision() {
-    ErrorCode errorCode;
-    bool ret = false;
-
-    if(ErrorCode::OK != (errorCode = mProvision.lockProvision())) {
-        printf("\n Failed to lock provisioning error: %d\n", uint32_t(errorCode));
-        return ret;
-    }
-    printf("\n Successfully locked provisioning process. Now SE doesn't accept any further provision commands. \n");
-	return true;
-}
-
-bool getProvisionStatus() {
-	bool ret = false;
-    uint64_t status;
-    if (ErrorCode::OK != mProvision.getProvisionStatus(status)) {
-        return ret;
-    }
-	if ( (0 != (status & ProvisionStatus::PROVISION_STATUS_ATTESTATION_KEY)) &&
-			(0 != (status & ProvisionStatus::PROVISION_STATUS_ATTESTATION_CERT_CHAIN)) &&
-			(0 != (status & ProvisionStatus::PROVISION_STATUS_ATTESTATION_CERT_PARAMS)) &&
-			(0 != (status & ProvisionStatus::PROVISION_STATUS_PRESHARED_SECRET)) &&
-			(0 != (status & ProvisionStatus::PROVISION_STATUS_BOOT_PARAM))) {
-        printf("\n SE is provisioned \n");
-	} else {
-        if (0 == (status & ProvisionStatus::PROVISION_STATUS_ATTESTATION_KEY)) {
-            printf("\n Attestation key is not provisioned \n");
-        }
-        if (0 == (status & ProvisionStatus::PROVISION_STATUS_ATTESTATION_CERT_CHAIN)) {
-            printf("\n Attestation certificate chain is not provisioned \n");
-        }
-        if (0 == (status & ProvisionStatus::PROVISION_STATUS_ATTESTATION_CERT_PARAMS)) {
-            printf("\n Attestation certificate params are not provisioned \n");
-        }
-        if (0 == (status & ProvisionStatus::PROVISION_STATUS_PRESHARED_SECRET)) {
-            printf("\n Shared secret is not provisioned \n");
-        }
-        if (0 == (status & ProvisionStatus::PROVISION_STATUS_BOOT_PARAM)) {
-            printf("\n Boot params are not provisioned \n");
-        }
-    }
-	return true;
-}
-
-bool provisionSharedSecret(const char* filename) {
-    Json::Value sharedSecret;
-    bool ret = false;
-    ErrorCode err = ErrorCode::OK;
-
-    if(!parseJsonFile(filename))
-        return ret;
-
-    sharedSecret = root.get("shared_secret", sharedSecret);
-    if (!sharedSecret.isNull()) {
-
-        if (!sharedSecret.isString()) {
-            printf("\n Fail: Value for shared secret key should be string inside the json file\n");
-            return ret;
-        }
-        std::string secret = hex2str(sharedSecret.asString());
-        std::vector data(secret.begin(), secret.end());
-        if(ErrorCode::OK != (err = mProvision.provisionPreSharedSecret(data))) {
-            printf("\n Provision pre-shared secret failed with err:%d \n", (int32_t)err);
-            return ret;
-        }
-    } else {
-        printf("\n Fail: Improper value for shared_secret key inside the json file\n");
-        return ret;
-    }
-    printf("\n Provisioned shared secret successfully \n");
-    return true;
-}
-
-static bool provisionAttestationKey(const char* filename) {
-    Json::Value keyFile;
-    bool ret = false;
-    ErrorCode err = ErrorCode::OK;
-
-    if(!parseJsonFile(filename))
-        return ret;
-
-    keyFile = root.get("attest_key", keyFile);
-    if (!keyFile.isNull()) {
-        std::vector data;
-
-        std::string keyFileName = keyFile.asString();
-        if(!readDataFromFile(keyFileName.data(), data)) {
-            printf("\n Failed to read the Root ec key\n");
-            return ret;
-        }
-        if(ErrorCode::OK != (err = mProvision.provisionAttestationKey(data))) {
-            printf("\n Provision attestation key failed with error: %d\n", (int32_t)err);
-            return ret;
-        }
-    } else {
-        printf("\n Improper value for attest_key in json file \n");
-        return ret;
-    }
-    printf("\n Provisioned attestation key successfully\n");
-    return true;
-}
-
-bool provisionAttestationCertificateChain(const char* filename) {
-    Json::Value certChainFile;
-    bool ret = false;
-    ErrorCode err = ErrorCode::OK;
-
-    if(!parseJsonFile(filename))
-        return ret;
-
-    certChainFile = root.get("attest_cert_chain", certChainFile);
-    if (!certChainFile.isNull()) {
-        std::vector> certData;
-
-        if(certChainFile.isArray()) {
-            for (int i = 0; i < certChainFile.size(); i++) {
-                std::vector tmp;
-                if(certChainFile[i].isString()) {
-                    /* Read the certificates. */
-                    if(!readDataFromFile(certChainFile[i].asString().data(), tmp)) {
-                        printf("\n Failed to read the Root certificate\n");
-                        return ret;
-                    }
-                    certData.push_back(std::move(tmp));
-                } else {
-                    printf("\n Fail: Only proper certificate paths as a string is allowed inside the json file. \n");
-                    return ret;
-                }
-            }
-        } else {
-            printf("\n Fail: cert chain value should be an array inside the json file. \n");
-            return ret;
-        }
-        if (ErrorCode::OK != (err = mProvision.provisionAtestationCertificateChain(certData))) {
-            printf("\n Provision certificate chain failed with error: %d\n", (int32_t)err);
-            return ret;
-        }
-    } else {
-        printf("\n Fail: Improper value found for attest_cert_chain key inside json file \n");
-        return ret;
-    }
-    printf("\n Provisioned attestation certificate chain successfully\n");
-    return true;
-}
-
-bool provisionAttestationCertificateParams(const char* filename) {
-    Json::Value certChainFile;
-    bool ret = false;
-    ErrorCode err = ErrorCode::OK;
-
-    if(!parseJsonFile(filename))
-        return ret;
-
-    certChainFile = root.get("attest_cert_chain", certChainFile);
-    if (!certChainFile.isNull()) {
-        std::vector> certData;
-
-        if(certChainFile.isArray()) {
-            if (certChainFile.size() == 0) {
-                return ret;
-            }
-            std::vector tmp;
-            if(!readDataFromFile(certChainFile[0].asString().data(), tmp)) {
-                printf("\n Failed to read the Root certificate\n");
-                return ret;
-            }
-            if (ErrorCode::OK != (err = mProvision.provisionAttestationCertificateParams(tmp))) {
-                printf("\n Provision certificate params failed with error: %d\n", (int32_t)err);
-                return ret;
-            }
-        } else {
-            printf("\n Fail: cert chain value should be an array inside the json file. \n");
-            return ret;
-        }
-    } else {
-        printf("\n Fail: Improper value found for attest_cert_chain key inside json file \n");
-        return ret;
-    }
-    printf("\n Provisioned attestation certificate parameters successfully\n");
-    return true;
-}
-
-bool provision(const char* filename) {
-
-    if(!provisionAttestationKey(filename)) {
-        return false;
-    }
-    if(!provisionAttestationCertificateChain(filename)) {
-        return false;
-    }
-    if(!provisionAttestationCertificateParams(filename)) {
-        return false;
-    }
-    if(!provisionSharedSecret(filename)) {
-        return false;
-    }
-    if(!provisionAttestationIds(filename)) {
-        return false;
-    }
-    if(!setBootParameters(filename)) {
-        return false;
-    }
-    if(!setAndroidSystemProperties()) {
-        return false;
-    }
-    return true;
-}
-
-bool parseJsonFile(const char* filename) {
-    std::stringstream buffer;
-    Json::Reader jsonReader;
-
-    if(!root.empty()) {
-        printf("\n Already parsed \n");
-        return true;
-    }
-    std::ifstream stream(filename);
-    buffer << stream.rdbuf();
-    if(jsonReader.parse(buffer.str(), root)) {
-        printf("\n Parsed json file successfully\n");
-        return true;
-    } else {
-        printf("\n Failed to parse json file\n");
-        return false;
-    }
-}
-
-int main(int argc, char* argv[])
-{
-    int c;
-    struct option longOpts[] = {
-        {"all",              required_argument, NULL, 'a'},
-        {"attest_key",       required_argument, NULL, 'k'},
-        {"cert_chain",       required_argument, NULL, 'c'},
-        {"cert_params",       required_argument, NULL,'p'},
-        {"attest_ids",       required_argument, NULL, 'i'},
-        {"shared_secret",    required_argument, NULL, 'r'},
-        {"set_boot_params",  required_argument, NULL, 'b'},
-        {"set_system_properties",  no_argument, NULL, 'e'},
-        {"provision_status", no_argument,       NULL, 's'},
-        {"lock_provision",   no_argument,       NULL, 'l'},
-        {"help",             no_argument,       NULL, 'h'},
-        {0,0,0,0}
-    };
-
-    if (argc <= 1) {
-        printf("\n Invalid command \n");
-        usage();
-    }
-    /* Initialize provision */
-    mProvision.init();
-
-    /* getopt_long stores the option index here. */
-    while ((c = getopt_long(argc, argv, ":slhea:k:c:p:i:r:b:", longOpts, NULL)) != -1) {
-        switch(c) {
-            case 'a':
-                //all
-                if(!provision(optarg))
-                    printf("\n Failed to provision the device \n");
-                break;
-            case 'k':
-                //attest key
-                if(!provisionAttestationKey(optarg))
-                    printf("\n Failed to provision attestaion key\n");
-                break;
-            case 'c':
-                //attest certchain
-                if(!provisionAttestationCertificateChain(optarg))
-                    printf("\n Failed to provision attestaion certificate chain\n");
-                break;
-            case 'p':
-                //attest cert params
-                if(!provisionAttestationCertificateParams(optarg))
-                    printf("\n Failed to provision attestaion certificate paramaters\n");
-                break;
-            case 'i':
-                //attestation ids.
-                if(!provisionAttestationIds(optarg))
-                    printf("\n Failed to provision attestaion ids\n");
-                break;
-                //shared secret
-            case 'r':
-                if(!provisionSharedSecret(optarg))
-                    printf("\n Failed to provision shared secret\n");
-                break;
-            case 'b':
-                //set boot params
-                if(!setBootParameters(optarg))
-                    printf("\n Failed to set boot parameters.\n");
-                break;
-            case 'e':
-                //set Android system properties
-                if(!setAndroidSystemProperties())
-                    printf("\n Failed to set android system properties.\n");
-                break;
-            case 's':
-                if(!getProvisionStatus())
-                    printf("\n Failed to get provision status \n");
-                break;
-            case 'l':
-                lockProvision();
-                break;
-            case 'h':
-                usage();
-                break;
-            case ':':
-                printf("\n missing argument\n");
-                usage();
-                break;
-            case '?':
-            default:
-                printf("\n Invalid option\n");
-                usage();
-                break;
-        }
-    }
-    if(optind < argc) {
-        usage();
-    }
-    /*Uninitalize */
-    mProvision.uninit();
-    return 0;
-}
diff --git a/ProvisioningTool/README.md b/ProvisioningTool/README.md
index 9d65e5d1..35cbca19 100644
--- a/ProvisioningTool/README.md
+++ b/ProvisioningTool/README.md
@@ -1,12 +1,18 @@
 # Provisioning tool
-This directory contains provisioning tool which helps in provisioning 
-the secure element by using the APIs exposed by Provision library.
-This tool takes the input parameters from json file.
+This directory contains two tools. One which constructs the apdus and dumps them to a json file, Other which gets the apuds from the json file and provision them into a secure element simulator. Both the tools can be compiled and executed from a Linux machine.
 
-#### Build
-This tool can be built along with aosp build. It has dependency on 
-[libjc_common](../HAL/keymaster/Android.bp) and
-[libjc_provision](Android.bp).
+#### Build instruction
+The default target generates both the executables. One construct_apdus and the other provision.
+$ make
+Individual targets can also be selected as shown below
+$ make construct_apdus
+$ make provision
+Make clean will remove all the object files and binaries
+$ make clean
+
+#### Environment setup
+Before executing the binaries make sure LD_LIBRARY_PATH is set
+export LD_LIBRARY_PATH=./lib:$LD_LIBRARY_PATH
 
 #### Sample resources for quick testing
 Two sample json files are located in this directory with names
@@ -17,18 +23,23 @@ keys can be found in [test_resources](test_resources) directory. Copy the
 certificates and the key into the emulator/device filesystem in their respective
 paths mentioned in the sample json file.
 
-#### Usage
+#### Usage for construct_apdus
 
-Usage: provision_tool options
+Usage: construct_apdus options
 Valid options are:
 -h, --help                        show the help message and exit.
--a, --all jsonFile                Executes all the provision commands.
--k, --attest_key jsonFile         Provision attestation key.
--c, --cert_chain jsonFile         Provision attestation certificate chain.
--p, --cert_params jsonFile        Provision attestation certificate parameters.
--i, --attest_ids jsonFile         Provision attestation IDs.
--r, --shared_secret jsonFile      Provision pre-shared secret.
--b, --set_boot_params jsonFile    Provision boot parameters.
--s, --provision_stautus           Prints the current provision status.
--l, --lock_provision              Locks the provision commands.
+-v, --km_version version Version of the keymaster ((4.0 or 4.1 for respective keymaster version))
+-i, --input  jsonFile	 Input json file
+-o, --output jsonFile 	 Output json file
+

+
+#### Usage for provision
+
+Usage: provision options
+Valid options are:
+-h, --help                      show the help message and exit.
+-v, --km_version version  Version of the keymaster ((4.0 or 4.1 for respective keymaster version))
+-i, --input  jsonFile 	  Input json file 
+-s, --provision_stautus   Prints the current provision status.
+-l, --lock_provision      Locks the provision state.
 

diff --git a/ProvisioningTool/include/UniquePtr.h b/ProvisioningTool/include/UniquePtr.h
new file mode 100644
index 00000000..da74780b
--- /dev/null
+++ b/ProvisioningTool/include/UniquePtr.h
@@ -0,0 +1,39 @@
+/*
+ * Copyright (C) 2010 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#pragma once
+
+#include   // for size_t
+
+#include 
+
+// Default deleter for pointer types.
+template  struct DefaultDelete {
+    enum { type_must_be_complete = sizeof(T) };
+    DefaultDelete() {}
+    void operator()(T* p) const { delete p; }
+};
+
+// Default deleter for array types.
+template  struct DefaultDelete {
+    enum { type_must_be_complete = sizeof(T) };
+    void operator()(T* p) const { delete[] p; }
+};
+
+template >
+using UniquePtr = std::unique_ptr;
+
+
diff --git a/ProvisioningTool/include/constants.h b/ProvisioningTool/include/constants.h
new file mode 100644
index 00000000..ffc0011f
--- /dev/null
+++ b/ProvisioningTool/include/constants.h
@@ -0,0 +1,95 @@
+/*
+ **
+ ** Copyright 2021, The Android Open Source Project
+ **
+ ** Licensed under the Apache License, Version 2.0 (the "License");
+ ** you may not use this file except in compliance with the License.
+ ** You may obtain a copy of the License at
+ **
+ **     http://www.apache.org/licenses/LICENSE-2.0
+ **
+ ** Unless required by applicable law or agreed to in writing, software
+ ** distributed under the License is distributed on an "AS IS" BASIS,
+ ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ** See the License for the specific language governing permissions and
+ ** limitations under the License.
+ */
+#pragma once
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include "UniquePtr.h"
+
+#define SUCCESS 0
+#define FAILURE 1
+#define KEYMASTER_VERSION_4_1 4.1
+#define KEYMASTER_VERSION_4_0 4
+#define P1_40 0x40
+#define P1_50 0x50
+#define APDU_CLS 0x80
+#define APDU_P1 P1_40
+#define APDU_P2  0x00
+#define INS_BEGIN_KM_CMD 0x00
+#define APDU_RESP_STATUS_OK 0x9000
+#define SE_POWER_RESET_STATUS_FLAG ( 1 << 30)
+
+
+
+template 
+struct OpenSslObjectDeleter {
+    void operator()(T* p) { FreeFunc(p); }
+};
+
+#define DEFINE_OPENSSL_OBJECT_POINTER(name)                                                        \
+    typedef OpenSslObjectDeleter name##_Delete; \
+    typedef UniquePtr name##_Ptr;
+
+DEFINE_OPENSSL_OBJECT_POINTER(EC_KEY)
+DEFINE_OPENSSL_OBJECT_POINTER(EVP_PKEY)
+DEFINE_OPENSSL_OBJECT_POINTER(X509)
+
+
+// Tags
+constexpr uint64_t kTagAlgorithm = 268435458u;
+constexpr uint64_t kTagDigest = 536870917u;
+constexpr uint64_t kTagCurve = 268435466u;
+constexpr uint64_t kTagPurpose = 536870913u;
+constexpr uint64_t kTagAttestationIdBrand = 2415919814u;
+constexpr uint64_t kTagAttestationIdDevice = 2415919815u;
+constexpr uint64_t kTagAttestationIdProduct = 2415919816u;
+constexpr uint64_t kTagAttestationIdSerial = 2415919817u;
+constexpr uint64_t kTagAttestationIdImei = 2415919818u;
+constexpr uint64_t kTagAttestationIdMeid = 2415919819u;
+constexpr uint64_t kTagAttestationIdManufacturer = 2415919820u;
+constexpr uint64_t kTagAttestationIdModel = 2415919821u;
+
+// Values
+constexpr uint64_t kCurveP256 = 1;
+constexpr uint64_t kAlgorithmEc = 3;
+constexpr uint64_t kDigestSha256 = 4;
+constexpr uint64_t kPurposeAttest = 0x7F;
+constexpr uint64_t kKeyFormatRaw = 3;
+
+// json keys
+constexpr char kAttestKey[] = "attest_key";
+constexpr char kAttestCertChain[] = "attest_cert_chain";
+constexpr char kSharedSecret[] = "shared_secret";
+constexpr char kBootParams[] = "boot_params";
+constexpr char kAttestationIds[] = "attestation_ids";
+constexpr char kDeviceUniqueKey[] = "device_unique_key";
+constexpr char kAdditionalCertChain[] = "additional_cert_chain";
+constexpr char kProvisionStatus[] = "provision_status";
+constexpr char kLockProvision[] = "lock_provision";
+
+// Instruction constatnts
+constexpr int kAttestationKeyCmd = INS_BEGIN_KM_CMD + 1;
+constexpr int kAttestCertDataCmd = INS_BEGIN_KM_CMD + 2;
+constexpr int kAttestationIdsCmd = INS_BEGIN_KM_CMD + 3;
+constexpr int kPresharedSecretCmd = INS_BEGIN_KM_CMD + 4;
+constexpr int kBootParamsCmd = INS_BEGIN_KM_CMD + 5;
+constexpr int kLockProvisionCmd = INS_BEGIN_KM_CMD + 6;
+constexpr int kGetProvisionStatusCmd = INS_BEGIN_KM_CMD + 7;
+constexpr int kSetVersionPatchLevelCmd = INS_BEGIN_KM_CMD + 8;
diff --git a/ProvisioningTool/include/cppbor/cppbor.h b/ProvisioningTool/include/cppbor/cppbor.h
new file mode 100644
index 00000000..06976118
--- /dev/null
+++ b/ProvisioningTool/include/cppbor/cppbor.h
@@ -0,0 +1,1113 @@
+/*
+ * Copyright 2019 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#pragma once
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+
+namespace cppbor {
+
+enum MajorType : uint8_t {
+    UINT = 0 << 5,
+    NINT = 1 << 5,
+    BSTR = 2 << 5,
+    TSTR = 3 << 5,
+    ARRAY = 4 << 5,
+    MAP = 5 << 5,
+    SEMANTIC = 6 << 5,
+    SIMPLE = 7 << 5,
+};
+
+enum SimpleType {
+    BOOLEAN,
+    NULL_T,  // Only two supported, as yet.
+};
+
+enum SpecialAddlInfoValues : uint8_t {
+    FALSE = 20,
+    TRUE = 21,
+    NULL_V = 22,
+    ONE_BYTE_LENGTH = 24,
+    TWO_BYTE_LENGTH = 25,
+    FOUR_BYTE_LENGTH = 26,
+    EIGHT_BYTE_LENGTH = 27,
+};
+
+class Item;
+class Uint;
+class Nint;
+class Int;
+class Tstr;
+class Bstr;
+class Simple;
+class Bool;
+class Array;
+class Map;
+class Null;
+class SemanticTag;
+class EncodedItem;
+class ViewTstr;
+class ViewBstr;
+
+/**
+ * Returns the size of a CBOR header that contains the additional info value addlInfo.
+ */
+size_t headerSize(uint64_t addlInfo);
+
+/**
+ * Encodes a CBOR header with the specified type and additional info into the range [pos, end).
+ * Returns a pointer to one past the last byte written, or nullptr if there isn't sufficient space
+ * to write the header.
+ */
+uint8_t* encodeHeader(MajorType type, uint64_t addlInfo, uint8_t* pos, const uint8_t* end);
+
+using EncodeCallback = std::function;
+
+/**
+ * Encodes a CBOR header with the specified type and additional info, passing each byte in turn to
+ * encodeCallback.
+ */
+void encodeHeader(MajorType type, uint64_t addlInfo, EncodeCallback encodeCallback);
+
+/**
+ * Encodes a CBOR header witht he specified type and additional info, writing each byte to the
+ * provided OutputIterator.
+ */
+template ::iterator_category>>>
+void encodeHeader(MajorType type, uint64_t addlInfo, OutputIterator iter) {
+    return encodeHeader(type, addlInfo, [&](uint8_t v) { *iter++ = v; });
+}
+
+/**
+ * Item represents a CBOR-encodeable data item.  Item is an abstract interface with a set of virtual
+ * methods that allow encoding of the item or conversion to the appropriate derived type.
+ */
+class Item {
+  public:
+    virtual ~Item() {}
+
+    /**
+     * Returns the CBOR type of the item.
+     */
+    virtual MajorType type() const = 0;
+
+    // These methods safely downcast an Item to the appropriate subclass.
+    virtual Int* asInt() { return nullptr; }
+    const Int* asInt() const { return const_cast(this)->asInt(); }
+    virtual Uint* asUint() { return nullptr; }
+    const Uint* asUint() const { return const_cast(this)->asUint(); }
+    virtual Nint* asNint() { return nullptr; }
+    const Nint* asNint() const { return const_cast(this)->asNint(); }
+    virtual Tstr* asTstr() { return nullptr; }
+    const Tstr* asTstr() const { return const_cast(this)->asTstr(); }
+    virtual Bstr* asBstr() { return nullptr; }
+    const Bstr* asBstr() const { return const_cast(this)->asBstr(); }
+    virtual Simple* asSimple() { return nullptr; }
+    const Simple* asSimple() const { return const_cast(this)->asSimple(); }
+    virtual Map* asMap() { return nullptr; }
+    const Map* asMap() const { return const_cast(this)->asMap(); }
+    virtual Array* asArray() { return nullptr; }
+    const Array* asArray() const { return const_cast(this)->asArray(); }
+
+    virtual ViewTstr* asViewTstr() { return nullptr; }
+    const ViewTstr* asViewTstr() const { return const_cast(this)->asViewTstr(); }
+    virtual ViewBstr* asViewBstr() { return nullptr; }
+    const ViewBstr* asViewBstr() const { return const_cast(this)->asViewBstr(); }
+
+    // Like those above, these methods safely downcast an Item when it's actually a SemanticTag.
+    // However, if you think you want to use these methods, you probably don't.  Typically, the way
+    // you should handle tagged Items is by calling the appropriate method above (e.g. asInt())
+    // which will return a pointer to the tagged Item, rather than the tag itself.  If you want to
+    // find out if the Item* you're holding is to something with one or more tags applied, see
+    // semanticTagCount() and semanticTag() below.
+    virtual SemanticTag* asSemanticTag() { return nullptr; }
+    const SemanticTag* asSemanticTag() const { return const_cast(this)->asSemanticTag(); }
+
+    /**
+     * Returns the number of semantic tags prefixed to this Item.
+     */
+    virtual size_t semanticTagCount() const { return 0; }
+
+    /**
+     * Returns the semantic tag at the specified nesting level `nesting`, iff `nesting` is less than
+     * the value returned by semanticTagCount().
+     *
+     * CBOR tags are "nested" by applying them in sequence.  The "rightmost" tag is the "inner" tag.
+     * That is, given:
+     *
+     *     4(5(6("AES"))) which encodes as C1 C2 C3 63 414553
+     *
+     * The tstr "AES" is tagged with 6.  The combined entity ("AES" tagged with 6) is tagged with 5,
+     * etc.  So in this example, semanticTagCount() would return 3, and semanticTag(0) would return
+     * 5 semanticTag(1) would return 5 and semanticTag(2) would return 4.  For values of n > 2,
+     * semanticTag(n) will return 0, but this is a meaningless value.
+     *
+     * If this layering is confusing, you probably don't have to worry about it. Nested tagging does
+     * not appear to be common, so semanticTag(0) is the only one you'll use.
+     */
+    virtual uint64_t semanticTag(size_t /* nesting */ = 0) const { return 0; }
+
+    /**
+     * Returns true if this is a "compound" item, i.e. one that contains one or more other items.
+     */
+    virtual bool isCompound() const { return false; }
+
+    bool operator==(const Item& other) const&;
+    bool operator!=(const Item& other) const& { return !(*this == other); }
+
+    /**
+     * Returns the number of bytes required to encode this Item into CBOR.  Note that if this is a
+     * complex Item, calling this method will require walking the whole tree.
+     */
+    virtual size_t encodedSize() const = 0;
+
+    /**
+     * Encodes the Item into buffer referenced by range [*pos, end).  Returns a pointer to one past
+     * the last position written.  Returns nullptr if there isn't enough space to encode.
+     */
+    virtual uint8_t* encode(uint8_t* pos, const uint8_t* end) const = 0;
+
+    /**
+     * Encodes the Item by passing each encoded byte to encodeCallback.
+     */
+    virtual void encode(EncodeCallback encodeCallback) const = 0;
+
+    /**
+     * Clones the Item
+     */
+    virtual std::unique_ptr clone() const = 0;
+
+    /**
+     * Encodes the Item into the provided OutputIterator.
+     */
+    template ::iterator_category>
+    void encode(OutputIterator i) const {
+        return encode([&](uint8_t v) { *i++ = v; });
+    }
+
+    /**
+     * Encodes the Item into a new std::vector.
+     */
+    std::vector encode() const {
+        std::vector retval;
+        retval.reserve(encodedSize());
+        encode(std::back_inserter(retval));
+        return retval;
+    }
+
+    /**
+     * Encodes the Item into a new std::string.
+     */
+    std::string toString() const {
+        std::string retval;
+        retval.reserve(encodedSize());
+        encode([&](uint8_t v) { retval.push_back(v); });
+        return retval;
+    }
+
+    /**
+     * Encodes only the header of the Item.
+     */
+    inline uint8_t* encodeHeader(uint64_t addlInfo, uint8_t* pos, const uint8_t* end) const {
+        return ::cppbor::encodeHeader(type(), addlInfo, pos, end);
+    }
+
+    /**
+     * Encodes only the header of the Item.
+     */
+    inline void encodeHeader(uint64_t addlInfo, EncodeCallback encodeCallback) const {
+        ::cppbor::encodeHeader(type(), addlInfo, encodeCallback);
+    }
+};
+
+/**
+ * EncodedItem represents a bit of already-encoded CBOR. Caveat emptor: It does no checking to
+ * ensure that the provided data is a valid encoding, cannot be meaninfully-compared with other
+ * kinds of items and you cannot use the as*() methods to find out what's inside it.
+ */
+class EncodedItem : public Item {
+  public:
+    explicit EncodedItem(std::vector value) : mValue(std::move(value)) {}
+
+    bool operator==(const EncodedItem& other) const& { return mValue == other.mValue; }
+
+    // Type can't be meaningfully-obtained. We could extract the type from the first byte and return
+    // it, but you can't do any of the normal things with an EncodedItem so there's no point.
+    MajorType type() const override {
+        assert(false);
+        return static_cast(-1);
+    }
+    size_t encodedSize() const override { return mValue.size(); }
+    uint8_t* encode(uint8_t* pos, const uint8_t* end) const override {
+        if (end - pos < static_cast(mValue.size())) return nullptr;
+        return std::copy(mValue.begin(), mValue.end(), pos);
+    }
+    void encode(EncodeCallback encodeCallback) const override {
+        std::for_each(mValue.begin(), mValue.end(), encodeCallback);
+    }
+    std::unique_ptr clone() const override { return std::make_unique(mValue); }
+
+  private:
+    std::vector mValue;
+};
+
+/**
+ * Int is an abstraction that allows Uint and Nint objects to be manipulated without caring about
+ * the sign.
+ */
+class Int : public Item {
+  public:
+    bool operator==(const Int& other) const& { return value() == other.value(); }
+
+    virtual int64_t value() const = 0;
+    using Item::asInt;
+    Int* asInt() override { return this; }
+};
+
+/**
+ * Uint is a concrete Item that implements CBOR major type 0.
+ */
+class Uint : public Int {
+  public:
+    static constexpr MajorType kMajorType = UINT;
+
+    explicit Uint(uint64_t v) : mValue(v) {}
+
+    bool operator==(const Uint& other) const& { return mValue == other.mValue; }
+
+    MajorType type() const override { return kMajorType; }
+    using Item::asUint;
+    Uint* asUint() override { return this; }
+
+    size_t encodedSize() const override { return headerSize(mValue); }
+
+    int64_t value() const override { return mValue; }
+    uint64_t unsignedValue() const { return mValue; }
+
+    using Item::encode;
+    uint8_t* encode(uint8_t* pos, const uint8_t* end) const override {
+        return encodeHeader(mValue, pos, end);
+    }
+    void encode(EncodeCallback encodeCallback) const override {
+        encodeHeader(mValue, encodeCallback);
+    }
+
+    std::unique_ptr clone() const override { return std::make_unique(mValue); }
+
+  private:
+    uint64_t mValue;
+};
+
+/**
+ * Nint is a concrete Item that implements CBOR major type 1.
+
+ * Note that it is incapable of expressing the full range of major type 1 values, becaue it can only
+ * express values that fall into the range [std::numeric_limits::min(), -1].  It cannot
+ * express values in the range [std::numeric_limits::min() - 1,
+ * -std::numeric_limits::max()].
+ */
+class Nint : public Int {
+  public:
+    static constexpr MajorType kMajorType = NINT;
+
+    explicit Nint(int64_t v);
+
+    bool operator==(const Nint& other) const& { return mValue == other.mValue; }
+
+    MajorType type() const override { return kMajorType; }
+    using Item::asNint;
+    Nint* asNint() override { return this; }
+    size_t encodedSize() const override { return headerSize(addlInfo()); }
+
+    int64_t value() const override { return mValue; }
+
+    using Item::encode;
+    uint8_t* encode(uint8_t* pos, const uint8_t* end) const override {
+        return encodeHeader(addlInfo(), pos, end);
+    }
+    void encode(EncodeCallback encodeCallback) const override {
+        encodeHeader(addlInfo(), encodeCallback);
+    }
+
+    std::unique_ptr clone() const override { return std::make_unique(mValue); }
+
+  private:
+    uint64_t addlInfo() const { return -1ll - mValue; }
+
+    int64_t mValue;
+};
+
+/**
+ * Bstr is a concrete Item that implements major type 2.
+ */
+class Bstr : public Item {
+  public:
+    static constexpr MajorType kMajorType = BSTR;
+
+    // Construct an empty Bstr
+    explicit Bstr() {}
+
+    // Construct from a vector
+    explicit Bstr(std::vector v) : mValue(std::move(v)) {}
+
+    // Construct from a string
+    explicit Bstr(const std::string& v)
+        : mValue(reinterpret_cast(v.data()),
+                 reinterpret_cast(v.data()) + v.size()) {}
+
+    // Construct from a pointer/size pair
+    explicit Bstr(const std::pair& buf)
+        : mValue(buf.first, buf.first + buf.second) {}
+
+    // Construct from a pair of iterators
+    template ::iterator_category,
+              typename = typename std::iterator_traits::iterator_category>
+    explicit Bstr(const std::pair& pair) : mValue(pair.first, pair.second) {}
+
+    // Construct from an iterator range.
+    template ::iterator_category,
+              typename = typename std::iterator_traits::iterator_category>
+    Bstr(I1 begin, I2 end) : mValue(begin, end) {}
+
+    bool operator==(const Bstr& other) const& { return mValue == other.mValue; }
+
+    MajorType type() const override { return kMajorType; }
+    using Item::asBstr;
+    Bstr* asBstr() override { return this; }
+    size_t encodedSize() const override { return headerSize(mValue.size()) + mValue.size(); }
+    using Item::encode;
+    uint8_t* encode(uint8_t* pos, const uint8_t* end) const override;
+    void encode(EncodeCallback encodeCallback) const override {
+        encodeHeader(mValue.size(), encodeCallback);
+        encodeValue(encodeCallback);
+    }
+
+    const std::vector& value() const { return mValue; }
+    std::vector&& moveValue() { return std::move(mValue); }
+
+    std::unique_ptr clone() const override { return std::make_unique(mValue); }
+
+  private:
+    void encodeValue(EncodeCallback encodeCallback) const;
+
+    std::vector mValue;
+};
+
+/**
+ * ViewBstr is a read-only version of Bstr backed by std::string_view
+ */
+class ViewBstr : public Item {
+  public:
+    static constexpr MajorType kMajorType = BSTR;
+
+    // Construct an empty ViewBstr
+    explicit ViewBstr() {}
+
+    // Construct from a string_view of uint8_t values
+    explicit ViewBstr(std::basic_string_view v) : mView(std::move(v)) {}
+
+    // Construct from a string_view
+    explicit ViewBstr(std::string_view v)
+        : mView(reinterpret_cast(v.data()), v.size()) {}
+
+    // Construct from an iterator range
+    template ::iterator_category,
+              typename = typename std::iterator_traits::iterator_category>
+    ViewBstr(I1 begin, I2 end) : mView(begin, end) {}
+
+    // Construct from a uint8_t pointer pair
+    ViewBstr(const uint8_t* begin, const uint8_t* end)
+        : mView(begin, std::distance(begin, end)) {}
+
+    bool operator==(const ViewBstr& other) const& { return mView == other.mView; }
+
+    MajorType type() const override { return kMajorType; }
+    using Item::asViewBstr;
+    ViewBstr* asViewBstr() override { return this; }
+    size_t encodedSize() const override { return headerSize(mView.size()) + mView.size(); }
+    using Item::encode;
+    uint8_t* encode(uint8_t* pos, const uint8_t* end) const override;
+    void encode(EncodeCallback encodeCallback) const override {
+        encodeHeader(mView.size(), encodeCallback);
+        encodeValue(encodeCallback);
+    }
+
+    const std::basic_string_view& view() const { return mView; }
+
+    std::unique_ptr clone() const override { return std::make_unique(mView); }
+
+  private:
+    void encodeValue(EncodeCallback encodeCallback) const;
+
+    std::basic_string_view mView;
+};
+
+/**
+ * Tstr is a concrete Item that implements major type 3.
+ */
+class Tstr : public Item {
+  public:
+    static constexpr MajorType kMajorType = TSTR;
+
+    // Construct from a string
+    explicit Tstr(std::string v) : mValue(std::move(v)) {}
+
+    // Construct from a string_view
+    explicit Tstr(const std::string_view& v) : mValue(v) {}
+
+    // Construct from a C string
+    explicit Tstr(const char* v) : mValue(std::string(v)) {}
+
+    // Construct from a pair of iterators
+    template ::iterator_category,
+              typename = typename std::iterator_traits::iterator_category>
+    explicit Tstr(const std::pair& pair) : mValue(pair.first, pair.second) {}
+
+    // Construct from an iterator range
+    template ::iterator_category,
+              typename = typename std::iterator_traits::iterator_category>
+    Tstr(I1 begin, I2 end) : mValue(begin, end) {}
+
+    bool operator==(const Tstr& other) const& { return mValue == other.mValue; }
+
+    MajorType type() const override { return kMajorType; }
+    using Item::asTstr;
+    Tstr* asTstr() override { return this; }
+    size_t encodedSize() const override { return headerSize(mValue.size()) + mValue.size(); }
+    using Item::encode;
+    uint8_t* encode(uint8_t* pos, const uint8_t* end) const override;
+    void encode(EncodeCallback encodeCallback) const override {
+        encodeHeader(mValue.size(), encodeCallback);
+        encodeValue(encodeCallback);
+    }
+
+    const std::string& value() const { return mValue; }
+    std::string&& moveValue() { return std::move(mValue); }
+
+    std::unique_ptr clone() const override { return std::make_unique(mValue); }
+
+  private:
+    void encodeValue(EncodeCallback encodeCallback) const;
+
+    std::string mValue;
+};
+
+/**
+ * ViewTstr is a read-only version of Tstr backed by std::string_view
+ */
+class ViewTstr : public Item {
+  public:
+    static constexpr MajorType kMajorType = TSTR;
+
+    // Construct an empty ViewTstr
+    explicit ViewTstr() {}
+
+    // Construct from a string_view
+    explicit ViewTstr(std::string_view v) : mView(std::move(v)) {}
+
+    // Construct from an iterator range
+    template ::iterator_category,
+              typename = typename std::iterator_traits::iterator_category>
+    ViewTstr(I1 begin, I2 end) : mView(begin, end) {}
+
+    // Construct from a uint8_t pointer pair
+    ViewTstr(const uint8_t* begin, const uint8_t* end)
+        : mView(reinterpret_cast(begin),
+                std::distance(begin, end)) {}
+
+    bool operator==(const ViewTstr& other) const& { return mView == other.mView; }
+
+    MajorType type() const override { return kMajorType; }
+    using Item::asViewTstr;
+    ViewTstr* asViewTstr() override { return this; }
+    size_t encodedSize() const override { return headerSize(mView.size()) + mView.size(); }
+    using Item::encode;
+    uint8_t* encode(uint8_t* pos, const uint8_t* end) const override;
+    void encode(EncodeCallback encodeCallback) const override {
+        encodeHeader(mView.size(), encodeCallback);
+        encodeValue(encodeCallback);
+    }
+
+    const std::string_view& view() const { return mView; }
+
+    std::unique_ptr clone() const override { return std::make_unique(mView); }
+
+  private:
+    void encodeValue(EncodeCallback encodeCallback) const;
+
+    std::string_view mView;
+};
+
+/*
+ * Array is a concrete Item that implements CBOR major type 4.
+ *
+ * Note that Arrays are not copyable.  This is because copying them is expensive and making them
+ * move-only ensures that they're never copied accidentally.  If you actually want to copy an Array,
+ * use the clone() method.
+ */
+class Array : public Item {
+  public:
+    static constexpr MajorType kMajorType = ARRAY;
+
+    Array() = default;
+    Array(const Array& other) = delete;
+    Array(Array&&) = default;
+    Array& operator=(const Array&) = delete;
+    Array& operator=(Array&&) = default;
+
+    bool operator==(const Array& other) const&;
+
+    /**
+     * Construct an Array from a variable number of arguments of different types.  See
+     * details::makeItem below for details on what types may be provided.  In general, this accepts
+     * all of the types you'd expect and doest the things you'd expect (integral values are addes as
+     * Uint or Nint, std::string and char* are added as Tstr, bools are added as Bool, etc.).
+     */
+    template 
+    Array(Args&&... args);
+
+    /**
+     * Append a single element to the Array, of any compatible type.
+     */
+    template 
+    Array& add(T&& v) &;
+    template 
+    Array&& add(T&& v) &&;
+
+    bool isCompound() const override { return true; }
+
+    virtual size_t size() const { return mEntries.size(); }
+
+    size_t encodedSize() const override {
+        return std::accumulate(mEntries.begin(), mEntries.end(), headerSize(size()),
+                               [](size_t sum, auto& entry) { return sum + entry->encodedSize(); });
+    }
+
+    using Item::encode;  // Make base versions visible.
+    uint8_t* encode(uint8_t* pos, const uint8_t* end) const override;
+    void encode(EncodeCallback encodeCallback) const override;
+
+    const std::unique_ptr& operator[](size_t index) const { return get(index); }
+    std::unique_ptr& operator[](size_t index) { return get(index); }
+
+    const std::unique_ptr& get(size_t index) const { return mEntries[index]; }
+    std::unique_ptr& get(size_t index) { return mEntries[index]; }
+
+    MajorType type() const override { return kMajorType; }
+    using Item::asArray;
+    Array* asArray() override { return this; }
+
+    std::unique_ptr clone() const override;
+
+    auto begin() { return mEntries.begin(); }
+    auto begin() const { return mEntries.begin(); }
+    auto end() { return mEntries.end(); }
+    auto end() const { return mEntries.end(); }
+
+  protected:
+    std::vector> mEntries;
+};
+
+/*
+ * Map is a concrete Item that implements CBOR major type 5.
+ *
+ * Note that Maps are not copyable.  This is because copying them is expensive and making them
+ * move-only ensures that they're never copied accidentally.  If you actually want to copy a
+ * Map, use the clone() method.
+ */
+class Map : public Item {
+  public:
+    static constexpr MajorType kMajorType = MAP;
+
+    using entry_type = std::pair, std::unique_ptr>;
+
+    Map() = default;
+    Map(const Map& other) = delete;
+    Map(Map&&) = default;
+    Map& operator=(const Map& other) = delete;
+    Map& operator=(Map&&) = default;
+
+    bool operator==(const Map& other) const&;
+
+    /**
+     * Construct a Map from a variable number of arguments of different types.  An even number of
+     * arguments must be provided (this is verified statically). See details::makeItem below for
+     * details on what types may be provided.  In general, this accepts all of the types you'd
+     * expect and doest the things you'd expect (integral values are addes as Uint or Nint,
+     * std::string and char* are added as Tstr, bools are added as Bool, etc.).
+     */
+    template 
+    Map(Args&&... args);
+
+    /**
+     * Append a key/value pair to the Map, of any compatible types.
+     */
+    template 
+    Map& add(Key&& key, Value&& value) &;
+    template 
+    Map&& add(Key&& key, Value&& value) &&;
+
+    bool isCompound() const override { return true; }
+
+    virtual size_t size() const { return mEntries.size(); }
+
+    size_t encodedSize() const override {
+        return std::accumulate(
+                mEntries.begin(), mEntries.end(), headerSize(size()), [](size_t sum, auto& entry) {
+                    return sum + entry.first->encodedSize() + entry.second->encodedSize();
+                });
+    }
+
+    using Item::encode;  // Make base versions visible.
+    uint8_t* encode(uint8_t* pos, const uint8_t* end) const override;
+    void encode(EncodeCallback encodeCallback) const override;
+
+    /**
+     * Find and return the value associated with `key`, if any.
+     *
+     * If the searched-for `key` is not present, returns `nullptr`.
+     *
+     * Note that if the map is canonicalized (sorted), Map::get() peforms a binary search.  If your
+     * map is large and you're searching in it many times, it may be worthwhile to canonicalize it
+     * to make Map::get() faster.  Any use of a method that might modify the map disables the
+     * speedup.
+     */
+    template 
+    const std::unique_ptr& get(Key key) const;
+
+    // Note that use of non-const operator[] marks the map as not canonicalized.
+    auto& operator[](size_t index) {
+        mCanonicalized = false;
+        return mEntries[index];
+    }
+    const auto& operator[](size_t index) const { return mEntries[index]; }
+
+    MajorType type() const override { return kMajorType; }
+    using Item::asMap;
+    Map* asMap() override { return this; }
+
+    /**
+     * Sorts the map in canonical order, as defined in RFC 7049. Use this before encoding if you
+     * want canonicalization; cppbor does not canonicalize by default, though the integer encodings
+     * are always canonical and cppbor does not support indefinite-length encodings, so map order
+     * canonicalization is the only thing that needs to be done.
+     *
+     * @param recurse If set to true, canonicalize() will also walk the contents of the map and
+     * canonicalize any contained maps as well.
+     */
+    Map& canonicalize(bool recurse = false) &;
+    Map&& canonicalize(bool recurse = false) && {
+        canonicalize(recurse);
+        return std::move(*this);
+    }
+
+    bool isCanonical() { return mCanonicalized; }
+
+    std::unique_ptr clone() const override;
+
+    auto begin() {
+        mCanonicalized = false;
+        return mEntries.begin();
+    }
+    auto begin() const { return mEntries.begin(); }
+    auto end() {
+        mCanonicalized = false;
+        return mEntries.end();
+    }
+    auto end() const { return mEntries.end(); }
+
+    // Returns true if a < b, per CBOR map key canonicalization rules.
+    static bool keyLess(const Item* a, const Item* b);
+
+  protected:
+    std::vector mEntries;
+
+  private:
+    bool mCanonicalized = false;
+};
+
+class SemanticTag : public Item {
+  public:
+    static constexpr MajorType kMajorType = SEMANTIC;
+
+    template 
+    SemanticTag(uint64_t tagValue, T&& taggedItem);
+    SemanticTag(const SemanticTag& other) = delete;
+    SemanticTag(SemanticTag&&) = default;
+    SemanticTag& operator=(const SemanticTag& other) = delete;
+    SemanticTag& operator=(SemanticTag&&) = default;
+
+    bool operator==(const SemanticTag& other) const& {
+        return mValue == other.mValue && *mTaggedItem == *other.mTaggedItem;
+    }
+
+    bool isCompound() const override { return true; }
+
+    virtual size_t size() const { return 1; }
+
+    // Encoding returns the tag + enclosed Item.
+    size_t encodedSize() const override { return headerSize(mValue) + mTaggedItem->encodedSize(); }
+
+    using Item::encode;  // Make base versions visible.
+    uint8_t* encode(uint8_t* pos, const uint8_t* end) const override;
+    void encode(EncodeCallback encodeCallback) const override;
+
+    // type() is a bit special.  In normal usage it should return the wrapped type, but during
+    // parsing when we haven't yet parsed the tagged item, it needs to return SEMANTIC.
+    MajorType type() const override { return mTaggedItem ? mTaggedItem->type() : SEMANTIC; }
+    using Item::asSemanticTag;
+    SemanticTag* asSemanticTag() override { return this; }
+
+    // Type information reflects the enclosed Item.  Note that if the immediately-enclosed Item is
+    // another tag, these methods will recurse down to the non-tag Item.
+    using Item::asInt;
+    Int* asInt() override { return mTaggedItem->asInt(); }
+    using Item::asUint;
+    Uint* asUint() override { return mTaggedItem->asUint(); }
+    using Item::asNint;
+    Nint* asNint() override { return mTaggedItem->asNint(); }
+    using Item::asTstr;
+    Tstr* asTstr() override { return mTaggedItem->asTstr(); }
+    using Item::asBstr;
+    Bstr* asBstr() override { return mTaggedItem->asBstr(); }
+    using Item::asSimple;
+    Simple* asSimple() override { return mTaggedItem->asSimple(); }
+    using Item::asMap;
+    Map* asMap() override { return mTaggedItem->asMap(); }
+    using Item::asArray;
+    Array* asArray() override { return mTaggedItem->asArray(); }
+    using Item::asViewTstr;
+    ViewTstr* asViewTstr() override { return mTaggedItem->asViewTstr(); }
+    using Item::asViewBstr;
+    ViewBstr* asViewBstr() override { return mTaggedItem->asViewBstr(); }
+
+    std::unique_ptr clone() const override;
+
+    size_t semanticTagCount() const override;
+    uint64_t semanticTag(size_t nesting = 0) const override;
+
+  protected:
+    SemanticTag() = default;
+    SemanticTag(uint64_t value) : mValue(value) {}
+    uint64_t mValue;
+    std::unique_ptr mTaggedItem;
+};
+
+/**
+ * Simple is abstract Item that implements CBOR major type 7.  It is intended to be subclassed to
+ * create concrete Simple types.  At present only Bool is provided.
+ */
+class Simple : public Item {
+  public:
+    static constexpr MajorType kMajorType = SIMPLE;
+
+    bool operator==(const Simple& other) const&;
+
+    virtual SimpleType simpleType() const = 0;
+    MajorType type() const override { return kMajorType; }
+
+    Simple* asSimple() override { return this; }
+
+    virtual const Bool* asBool() const { return nullptr; };
+    virtual const Null* asNull() const { return nullptr; };
+};
+
+/**
+ * Bool is a concrete type that implements CBOR major type 7, with additional item values for TRUE
+ * and FALSE.
+ */
+class Bool : public Simple {
+  public:
+    static constexpr SimpleType kSimpleType = BOOLEAN;
+
+    explicit Bool(bool v) : mValue(v) {}
+
+    bool operator==(const Bool& other) const& { return mValue == other.mValue; }
+
+    SimpleType simpleType() const override { return kSimpleType; }
+    const Bool* asBool() const override { return this; }
+
+    size_t encodedSize() const override { return 1; }
+
+    using Item::encode;
+    uint8_t* encode(uint8_t* pos, const uint8_t* end) const override {
+        return encodeHeader(mValue ? TRUE : FALSE, pos, end);
+    }
+    void encode(EncodeCallback encodeCallback) const override {
+        encodeHeader(mValue ? TRUE : FALSE, encodeCallback);
+    }
+
+    bool value() const { return mValue; }
+
+    std::unique_ptr clone() const override { return std::make_unique(mValue); }
+
+  private:
+    bool mValue;
+};
+
+/**
+ * Null is a concrete type that implements CBOR major type 7, with additional item value for NULL
+ */
+class Null : public Simple {
+  public:
+    static constexpr SimpleType kSimpleType = NULL_T;
+
+    explicit Null() {}
+
+    SimpleType simpleType() const override { return kSimpleType; }
+    const Null* asNull() const override { return this; }
+
+    size_t encodedSize() const override { return 1; }
+
+    using Item::encode;
+    uint8_t* encode(uint8_t* pos, const uint8_t* end) const override {
+        return encodeHeader(NULL_V, pos, end);
+    }
+    void encode(EncodeCallback encodeCallback) const override {
+        encodeHeader(NULL_V, encodeCallback);
+    }
+
+    std::unique_ptr clone() const override { return std::make_unique(); }
+};
+
+/**
+ * Returns pretty-printed CBOR for |item|
+ *
+ * If a byte-string is larger than |maxBStrSize| its contents will not be printed, instead the value
+ * of the form "" will be
+ * printed. Pass zero for |maxBStrSize| to disable this.
+ *
+ * The |mapKeysToNotPrint| parameter specifies the name of map values to not print. This is useful
+ * for unit tests.
+ */
+std::string prettyPrint(const Item* item, size_t maxBStrSize = 32,
+                        const std::vector& mapKeysNotToPrint = {});
+
+/**
+ * Returns pretty-printed CBOR for |value|.
+ *
+ * Only valid CBOR should be passed to this function.
+ *
+ * If a byte-string is larger than |maxBStrSize| its contents will not be printed, instead the value
+ * of the form "" will be
+ * printed. Pass zero for |maxBStrSize| to disable this.
+ *
+ * The |mapKeysToNotPrint| parameter specifies the name of map values to not print. This is useful
+ * for unit tests.
+ */
+std::string prettyPrint(const std::vector& encodedCbor, size_t maxBStrSize = 32,
+                        const std::vector& mapKeysNotToPrint = {});
+
+/**
+ * Details. Mostly you shouldn't have to look below, except perhaps at the docstring for makeItem.
+ */
+namespace details {
+
+template 
+struct is_iterator_pair_over : public std::false_type {};
+
+template 
+struct is_iterator_pair_over<
+        std::pair, V,
+        typename std::enable_if_t::value_type>>>
+    : public std::true_type {};
+
+template 
+struct is_unique_ptr_of_subclass_of_v : public std::false_type {};
+
+template 
+struct is_unique_ptr_of_subclass_of_v,
+                                      typename std::enable_if_t>>
+    : public std::true_type {};
+
+/* check if type is one of std::string (1), std::string_view (2), null-terminated char* (3) or pair
+ *     of iterators (4)*/
+template 
+struct is_text_type_v : public std::false_type {};
+
+template 
+struct is_text_type_v<
+        T, typename std::enable_if_t<
+                   /* case 1 */  //
+                   std::is_same_v>, std::string>
+                   /* case 2 */  //
+                   || std::is_same_v>, std::string_view>
+                   /* case 3 */                                                 //
+                   || std::is_same_v>, char*>  //
+                   || std::is_same_v>, const char*>
+                   /* case 4 */
+                   || details::is_iterator_pair_over::value>> : public std::true_type {};
+
+/**
+ * Construct a unique_ptr from many argument types. Accepts:
+ *
+ * (a) booleans;
+ * (b) integers, all sizes and signs;
+ * (c) text strings, as defined by is_text_type_v above;
+ * (d) byte strings, as std::vector(d1), pair of iterators (d2) or pair
+ *     (d3); and
+ * (e) Item subclass instances, including Array and Map.  Items may be provided by naked pointer
+ *     (e1), unique_ptr (e2), reference (e3) or value (e3).  If provided by reference or value, will
+ *     be moved if possible.  If provided by pointer, ownership is taken.
+ * (f) null pointer;
+ * (g) enums, using the underlying integer value.
+ */
+template 
+std::unique_ptr makeItem(T v) {
+    Item* p = nullptr;
+    if constexpr (/* case a */ std::is_same_v) {
+        p = new Bool(v);
+    } else if constexpr (/* case b */ std::is_integral_v) {  // b
+        if (v < 0) {
+            p = new Nint(v);
+        } else {
+            p = new Uint(static_cast(v));
+        }
+    } else if constexpr (/* case c */  //
+                         details::is_text_type_v::value) {
+        p = new Tstr(v);
+    } else if constexpr (/* case d1 */  //
+                         std::is_same_v>,
+                                        std::vector>
+                         /* case d2 */  //
+                         || details::is_iterator_pair_over::value
+                         /* case d3 */  //
+                         || std::is_same_v>,
+                                           std::pair>) {
+        p = new Bstr(v);
+    } else if constexpr (/* case e1 */  //
+                         std::is_pointer_v &&
+                         std::is_base_of_v>) {
+        p = v;
+    } else if constexpr (/* case e2 */  //
+                         details::is_unique_ptr_of_subclass_of_v::value) {
+        p = v.release();
+    } else if constexpr (/* case e3 */  //
+                         std::is_base_of_v) {
+        p = new T(std::move(v));
+    } else if constexpr (/* case f */ std::is_null_pointer_v) {
+        p = new Null();
+    } else if constexpr (/* case g */ std::is_enum_v) {
+        return makeItem(static_cast>(v));
+    } else {
+        // It's odd that this can't be static_assert(false), since it shouldn't be evaluated if one
+        // of the above ifs matches.  But static_assert(false) always triggers.
+        static_assert(std::is_same_v, "makeItem called with unsupported type");
+    }
+    return std::unique_ptr(p);
+}
+
+inline void map_helper(Map& /* map */) {}
+
+template 
+inline void map_helper(Map& map, Key&& key, Value&& value, Rest&&... rest) {
+    map.add(std::forward(key), std::forward(value));
+    map_helper(map, std::forward(rest)...);
+}
+
+}  // namespace details
+
+template >> || ...)>>
+Array::Array(Args&&... args) {
+    mEntries.reserve(sizeof...(args));
+    (mEntries.push_back(details::makeItem(std::forward(args))), ...);
+}
+
+template 
+Array& Array::add(T&& v) & {
+    mEntries.push_back(details::makeItem(std::forward(v)));
+    return *this;
+}
+
+template 
+Array&& Array::add(T&& v) && {
+    mEntries.push_back(details::makeItem(std::forward(v)));
+    return std::move(*this);
+}
+
+template >
+Map::Map(Args&&... args) {
+    static_assert((sizeof...(Args)) % 2 == 0, "Map must have an even number of entries");
+    mEntries.reserve(sizeof...(args) / 2);
+    details::map_helper(*this, std::forward(args)...);
+}
+
+template 
+Map& Map::add(Key&& key, Value&& value) & {
+    mEntries.push_back({details::makeItem(std::forward(key)),
+                        details::makeItem(std::forward(value))});
+    mCanonicalized = false;
+    return *this;
+}
+
+template 
+Map&& Map::add(Key&& key, Value&& value) && {
+    this->add(std::forward(key), std::forward(value));
+    return std::move(*this);
+}
+
+static const std::unique_ptr kEmptyItemPtr;
+
+template  || std::is_enum_v ||
+                                      details::is_text_type_v::value>>
+const std::unique_ptr& Map::get(Key key) const {
+    auto keyItem = details::makeItem(key);
+
+    if (mCanonicalized) {
+        // It's sorted, so binary-search it.
+        auto found = std::lower_bound(begin(), end(), keyItem.get(),
+                                      [](const entry_type& entry, const Item* key) {
+                                          return keyLess(entry.first.get(), key);
+                                      });
+        return (found == end() || *found->first != *keyItem) ? kEmptyItemPtr : found->second;
+    } else {
+        // Unsorted, do a linear search.
+        auto found = std::find_if(
+                begin(), end(), [&](const entry_type& entry) { return *entry.first == *keyItem; });
+        return found == end() ? kEmptyItemPtr : found->second;
+    }
+}
+
+template 
+SemanticTag::SemanticTag(uint64_t value, T&& taggedItem)
+    : mValue(value), mTaggedItem(details::makeItem(std::forward(taggedItem))) {}
+
+}  // namespace cppbor
diff --git a/ProvisioningTool/include/cppbor/cppbor_parse.h b/ProvisioningTool/include/cppbor/cppbor_parse.h
new file mode 100644
index 00000000..22cd18d0
--- /dev/null
+++ b/ProvisioningTool/include/cppbor/cppbor_parse.h
@@ -0,0 +1,195 @@
+/*
+ * Copyright 2019 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#pragma once
+
+#include "cppbor.h"
+
+namespace cppbor {
+
+using ParseResult = std::tuple /* result */, const uint8_t* /* newPos */,
+                               std::string /* errMsg */>;
+
+/**
+ * Parse the first CBOR data item (possibly compound) from the range [begin, end).
+ *
+ * Returns a tuple of Item pointer, buffer pointer and error message.  If parsing is successful, the
+ * Item pointer is non-null, the buffer pointer points to the first byte after the
+ * successfully-parsed item and the error message string is empty.  If parsing fails, the Item
+ * pointer is null, the buffer pointer points to the first byte that was unparseable (the first byte
+ * of a data item header that is malformed in some way, e.g. an invalid value, or a length that is
+ * too large for the remaining buffer, etc.) and the string contains an error message describing the
+ * problem encountered.
+ */
+ParseResult parse(const uint8_t* begin, const uint8_t* end);
+
+/**
+ * Parse the first CBOR data item (possibly compound) from the range [begin, end).
+ *
+ * Returns a tuple of Item pointer, buffer pointer and error message.  If parsing is successful, the
+ * Item pointer is non-null, the buffer pointer points to the first byte after the
+ * successfully-parsed item and the error message string is empty.  If parsing fails, the Item
+ * pointer is null, the buffer pointer points to the first byte that was unparseable (the first byte
+ * of a data item header that is malformed in some way, e.g. an invalid value, or a length that is
+ * too large for the remaining buffer, etc.) and the string contains an error message describing the
+ * problem encountered.
+ *
+ * The returned CBOR data item will contain View* items backed by
+ * std::string_view types over the input range.
+ * WARNING! If the input range changes underneath, the corresponding views will
+ * carry the same change.
+ */
+ParseResult parseWithViews(const uint8_t* begin, const uint8_t* end);
+
+/**
+ * Parse the first CBOR data item (possibly compound) from the byte vector.
+ *
+ * Returns a tuple of Item pointer, buffer pointer and error message.  If parsing is successful, the
+ * Item pointer is non-null, the buffer pointer points to the first byte after the
+ * successfully-parsed item and the error message string is empty.  If parsing fails, the Item
+ * pointer is null, the buffer pointer points to the first byte that was unparseable (the first byte
+ * of a data item header that is malformed in some way, e.g. an invalid value, or a length that is
+ * too large for the remaining buffer, etc.) and the string contains an error message describing the
+ * problem encountered.
+ */
+inline ParseResult parse(const std::vector& encoding) {
+    return parse(encoding.data(), encoding.data() + encoding.size());
+}
+
+/**
+ * Parse the first CBOR data item (possibly compound) from the range [begin, begin + size).
+ *
+ * Returns a tuple of Item pointer, buffer pointer and error message.  If parsing is successful, the
+ * Item pointer is non-null, the buffer pointer points to the first byte after the
+ * successfully-parsed item and the error message string is empty.  If parsing fails, the Item
+ * pointer is null, the buffer pointer points to the first byte that was unparseable (the first byte
+ * of a data item header that is malformed in some way, e.g. an invalid value, or a length that is
+ * too large for the remaining buffer, etc.) and the string contains an error message describing the
+ * problem encountered.
+ */
+inline ParseResult parse(const uint8_t* begin, size_t size) {
+    return parse(begin, begin + size);
+}
+
+/**
+ * Parse the first CBOR data item (possibly compound) from the range [begin, begin + size).
+ *
+ * Returns a tuple of Item pointer, buffer pointer and error message.  If parsing is successful, the
+ * Item pointer is non-null, the buffer pointer points to the first byte after the
+ * successfully-parsed item and the error message string is empty.  If parsing fails, the Item
+ * pointer is null, the buffer pointer points to the first byte that was unparseable (the first byte
+ * of a data item header that is malformed in some way, e.g. an invalid value, or a length that is
+ * too large for the remaining buffer, etc.) and the string contains an error message describing the
+ * problem encountered.
+ *
+ * The returned CBOR data item will contain View* items backed by
+ * std::string_view types over the input range.
+ * WARNING! If the input range changes underneath, the corresponding views will
+ * carry the same change.
+ */
+inline ParseResult parseWithViews(const uint8_t* begin, size_t size) {
+    return parseWithViews(begin, begin + size);
+}
+
+/**
+ * Parse the first CBOR data item (possibly compound) from the value contained in a Bstr.
+ *
+ * Returns a tuple of Item pointer, buffer pointer and error message.  If parsing is successful, the
+ * Item pointer is non-null, the buffer pointer points to the first byte after the
+ * successfully-parsed item and the error message string is empty.  If parsing fails, the Item
+ * pointer is null, the buffer pointer points to the first byte that was unparseable (the first byte
+ * of a data item header that is malformed in some way, e.g. an invalid value, or a length that is
+ * too large for the remaining buffer, etc.) and the string contains an error message describing the
+ * problem encountered.
+ */
+inline ParseResult parse(const Bstr* bstr) {
+    if (!bstr)
+        return ParseResult(nullptr, nullptr, "Null Bstr pointer");
+    return parse(bstr->value());
+}
+
+class ParseClient;
+
+/**
+ * Parse the CBOR data in the range [begin, end) in streaming fashion, calling methods on the
+ * provided ParseClient when elements are found.
+ */
+void parse(const uint8_t* begin, const uint8_t* end, ParseClient* parseClient);
+
+/**
+ * Parse the CBOR data in the range [begin, end) in streaming fashion, calling methods on the
+ * provided ParseClient when elements are found. Uses the View* item types
+ * instead of the copying ones.
+ */
+void parseWithViews(const uint8_t* begin, const uint8_t* end, ParseClient* parseClient);
+
+/**
+ * Parse the CBOR data in the vector in streaming fashion, calling methods on the
+ * provided ParseClient when elements are found.
+ */
+inline void parse(const std::vector& encoding, ParseClient* parseClient) {
+    return parse(encoding.data(), encoding.data() + encoding.size(), parseClient);
+}
+
+/**
+ * A pure interface that callers of the streaming parse functions must implement.
+ */
+class ParseClient {
+  public:
+    virtual ~ParseClient() {}
+
+    /**
+     * Called when an item is found.  The Item pointer points to the found item; use type() and
+     * the appropriate as*() method to examine the value.  hdrBegin points to the first byte of the
+     * header, valueBegin points to the first byte of the value and end points one past the end of
+     * the item.  In the case of header-only items, such as integers, and compound items (ARRAY,
+     * MAP or SEMANTIC) whose end has not yet been found, valueBegin and end are equal and point to
+     * the byte past the header.
+     *
+     * Note that for compound types (ARRAY, MAP, and SEMANTIC), the Item will have no content.  For
+     * Map and Array items, the size() method will return a correct value, but the index operators
+     * are unsafe, and the object cannot be safely compared with another Array/Map.
+     *
+     * The method returns a ParseClient*.  In most cases "return this;" will be the right answer,
+     * but a different ParseClient may be returned, which the parser will begin using. If the method
+     * returns nullptr, parsing will be aborted immediately.
+     */
+    virtual ParseClient* item(std::unique_ptr& item, const uint8_t* hdrBegin,
+                              const uint8_t* valueBegin, const uint8_t* end) = 0;
+
+    /**
+     * Called when the end of a compound item (MAP or ARRAY) is found.  The item argument will be
+     * the same one passed to the item() call -- and may be empty if item() moved its value out.
+     * hdrBegin, valueBegin and end point to the beginning of the item header, the beginning of the
+     * first contained value, and one past the end of the last contained value, respectively.
+     *
+     * Note that the Item will have no content.
+     *
+     * As with item(), itemEnd() can change the ParseClient by returning a different one, or end the
+     * parsing by returning nullptr;
+     */
+    virtual ParseClient* itemEnd(std::unique_ptr& item, const uint8_t* hdrBegin,
+                                 const uint8_t* valueBegin, const uint8_t* end) = 0;
+
+    /**
+     * Called when parsing encounters an error.  position is set to the first unparsed byte (one
+     * past the last successfully-parsed byte) and errorMessage contains an message explaining what
+     * sort of error occurred.
+     */
+    virtual void error(const uint8_t* position, const std::string& errorMessage) = 0;
+};
+
+}  // namespace cppbor
diff --git a/ProvisioningTool/include/json/assertions.h b/ProvisioningTool/include/json/assertions.h
new file mode 100644
index 00000000..fbec7ae0
--- /dev/null
+++ b/ProvisioningTool/include/json/assertions.h
@@ -0,0 +1,54 @@
+// Copyright 2007-2010 Baptiste Lepilleur
+// Distributed under MIT license, or public domain if desired and
+// recognized in your jurisdiction.
+// See file LICENSE for detail or copy at http://jsoncpp.sourceforge.net/LICENSE
+
+#ifndef CPPTL_JSON_ASSERTIONS_H_INCLUDED
+#define CPPTL_JSON_ASSERTIONS_H_INCLUDED
+
+#include 
+#include 
+
+#if !defined(JSON_IS_AMALGAMATION)
+#include "config.h"
+#endif // if !defined(JSON_IS_AMALGAMATION)
+
+/** It should not be possible for a maliciously designed file to
+ *  cause an abort() or seg-fault, so these macros are used only
+ *  for pre-condition violations and internal logic errors.
+ */
+#if JSON_USE_EXCEPTION
+
+// @todo <= add detail about condition in exception
+# define JSON_ASSERT(condition)                                                \
+  {if (!(condition)) {Json::throwLogicError( "assert json failed" );}}
+
+# define JSON_FAIL_MESSAGE(message)                                            \
+  {                                                                            \
+    std::ostringstream oss; oss << message;                                    \
+    Json::throwLogicError(oss.str());                                          \
+    abort();                                                                   \
+  }
+
+#else // JSON_USE_EXCEPTION
+
+# define JSON_ASSERT(condition) assert(condition)
+
+// The call to assert() will show the failure message in debug builds. In
+// release builds we abort, for a core-dump or debugger.
+# define JSON_FAIL_MESSAGE(message)                                            \
+  {                                                                            \
+    std::ostringstream oss; oss << message;                                    \
+    assert(false && oss.str().c_str());                                        \
+    abort();                                                                   \
+  }
+
+
+#endif
+
+#define JSON_ASSERT_MESSAGE(condition, message)                                \
+  if (!(condition)) {                                                          \
+    JSON_FAIL_MESSAGE(message);                                                \
+  }
+
+#endif // CPPTL_JSON_ASSERTIONS_H_INCLUDED
diff --git a/ProvisioningTool/include/json/autolink.h b/ProvisioningTool/include/json/autolink.h
new file mode 100644
index 00000000..6fcc8afa
--- /dev/null
+++ b/ProvisioningTool/include/json/autolink.h
@@ -0,0 +1,25 @@
+// Copyright 2007-2010 Baptiste Lepilleur
+// Distributed under MIT license, or public domain if desired and
+// recognized in your jurisdiction.
+// See file LICENSE for detail or copy at http://jsoncpp.sourceforge.net/LICENSE
+
+#ifndef JSON_AUTOLINK_H_INCLUDED
+#define JSON_AUTOLINK_H_INCLUDED
+
+#include "config.h"
+
+#ifdef JSON_IN_CPPTL
+#include 
+#endif
+
+#if !defined(JSON_NO_AUTOLINK) && !defined(JSON_DLL_BUILD) &&                  \
+    !defined(JSON_IN_CPPTL)
+#define CPPTL_AUTOLINK_NAME "json"
+#undef CPPTL_AUTOLINK_DLL
+#ifdef JSON_DLL
+#define CPPTL_AUTOLINK_DLL
+#endif
+#include "autolink.h"
+#endif
+
+#endif // JSON_AUTOLINK_H_INCLUDED
diff --git a/ProvisioningTool/include/json/config.h b/ProvisioningTool/include/json/config.h
new file mode 100644
index 00000000..5ca32281
--- /dev/null
+++ b/ProvisioningTool/include/json/config.h
@@ -0,0 +1,119 @@
+// Copyright 2007-2010 Baptiste Lepilleur
+// Distributed under MIT license, or public domain if desired and
+// recognized in your jurisdiction.
+// See file LICENSE for detail or copy at http://jsoncpp.sourceforge.net/LICENSE
+
+#ifndef JSON_CONFIG_H_INCLUDED
+#define JSON_CONFIG_H_INCLUDED
+
+/// If defined, indicates that json library is embedded in CppTL library.
+//# define JSON_IN_CPPTL 1
+
+/// If defined, indicates that json may leverage CppTL library
+//#  define JSON_USE_CPPTL 1
+/// If defined, indicates that cpptl vector based map should be used instead of
+/// std::map
+/// as Value container.
+//#  define JSON_USE_CPPTL_SMALLMAP 1
+
+// If non-zero, the library uses exceptions to report bad input instead of C
+// assertion macros. The default is to use exceptions.
+#ifndef JSON_USE_EXCEPTION
+#define JSON_USE_EXCEPTION 1
+#endif
+
+/// If defined, indicates that the source file is amalgated
+/// to prevent private header inclusion.
+/// Remarks: it is automatically defined in the generated amalgated header.
+// #define JSON_IS_AMALGAMATION
+
+#ifdef JSON_IN_CPPTL
+#include 
+#ifndef JSON_USE_CPPTL
+#define JSON_USE_CPPTL 1
+#endif
+#endif
+
+#ifdef JSON_IN_CPPTL
+#define JSON_API CPPTL_API
+#elif defined(JSON_DLL_BUILD)
+#if defined(_MSC_VER)
+#define JSON_API __declspec(dllexport)
+#define JSONCPP_DISABLE_DLL_INTERFACE_WARNING
+#endif // if defined(_MSC_VER)
+#elif defined(JSON_DLL)
+#if defined(_MSC_VER)
+#define JSON_API __declspec(dllimport)
+#define JSONCPP_DISABLE_DLL_INTERFACE_WARNING
+#endif // if defined(_MSC_VER)
+#endif // ifdef JSON_IN_CPPTL
+#if !defined(JSON_API)
+#define JSON_API
+#endif
+
+#if !defined(JSON_HAS_UNIQUE_PTR)
+#if __cplusplus >= 201103L
+#define JSON_HAS_UNIQUE_PTR (1)
+#elif _MSC_VER >= 1600
+#define JSON_HAS_UNIQUE_PTR (1)
+#else
+#define JSON_HAS_UNIQUE_PTR (0)
+#endif
+#endif
+
+// If JSON_NO_INT64 is defined, then Json only support C++ "int" type for
+// integer
+// Storages, and 64 bits integer support is disabled.
+// #define JSON_NO_INT64 1
+
+#if defined(_MSC_VER) && _MSC_VER <= 1200 // MSVC 6
+// Microsoft Visual Studio 6 only support conversion from __int64 to double
+// (no conversion from unsigned __int64).
+#define JSON_USE_INT64_DOUBLE_CONVERSION 1
+// Disable warning 4786 for VS6 caused by STL (identifier was truncated to '255'
+// characters in the debug information)
+// All projects I've ever seen with VS6 were using this globally (not bothering
+// with pragma push/pop).
+#pragma warning(disable : 4786)
+#endif // if defined(_MSC_VER)  &&  _MSC_VER < 1200 // MSVC 6
+
+#if defined(_MSC_VER) && _MSC_VER >= 1500 // MSVC 2008
+/// Indicates that the following function is deprecated.
+#define JSONCPP_DEPRECATED(message) __declspec(deprecated(message))
+#elif defined(__clang__) && defined(__has_feature)
+#if __has_feature(attribute_deprecated_with_message)
+#define JSONCPP_DEPRECATED(message)  __attribute__ ((deprecated(message)))
+#endif
+#elif defined(__GNUC__) &&  (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 5))
+#define JSONCPP_DEPRECATED(message)  __attribute__ ((deprecated(message)))
+#elif defined(__GNUC__) &&  (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 1))
+#define JSONCPP_DEPRECATED(message)  __attribute__((__deprecated__))
+#endif
+
+#if !defined(JSONCPP_DEPRECATED)
+#define JSONCPP_DEPRECATED(message)
+#endif // if !defined(JSONCPP_DEPRECATED)
+
+namespace Json {
+typedef int Int;
+typedef unsigned int UInt;
+#if defined(JSON_NO_INT64)
+typedef int LargestInt;
+typedef unsigned int LargestUInt;
+#undef JSON_HAS_INT64
+#else                 // if defined(JSON_NO_INT64)
+// For Microsoft Visual use specific types as long long is not supported
+#if defined(_MSC_VER) // Microsoft Visual Studio
+typedef __int64 Int64;
+typedef unsigned __int64 UInt64;
+#else                 // if defined(_MSC_VER) // Other platforms, use long long
+typedef long long int Int64;
+typedef unsigned long long int UInt64;
+#endif // if defined(_MSC_VER)
+typedef Int64 LargestInt;
+typedef UInt64 LargestUInt;
+#define JSON_HAS_INT64
+#endif // if defined(JSON_NO_INT64)
+} // end namespace Json
+
+#endif // JSON_CONFIG_H_INCLUDED
diff --git a/ProvisioningTool/include/json/features.h b/ProvisioningTool/include/json/features.h
new file mode 100644
index 00000000..78135478
--- /dev/null
+++ b/ProvisioningTool/include/json/features.h
@@ -0,0 +1,51 @@
+// Copyright 2007-2010 Baptiste Lepilleur
+// Distributed under MIT license, or public domain if desired and
+// recognized in your jurisdiction.
+// See file LICENSE for detail or copy at http://jsoncpp.sourceforge.net/LICENSE
+
+#ifndef CPPTL_JSON_FEATURES_H_INCLUDED
+#define CPPTL_JSON_FEATURES_H_INCLUDED
+
+#if !defined(JSON_IS_AMALGAMATION)
+#include "forwards.h"
+#endif // if !defined(JSON_IS_AMALGAMATION)
+
+namespace Json {
+
+/** \brief Configuration passed to reader and writer.
+ * This configuration object can be used to force the Reader or Writer
+ * to behave in a standard conforming way.
+ */
+class JSON_API Features {
+public:
+  /** \brief A configuration that allows all features and assumes all strings
+   * are UTF-8.
+   * - C & C++ comments are allowed
+   * - Root object can be any JSON value
+   * - Assumes Value strings are encoded in UTF-8
+   */
+  static Features all();
+
+  /** \brief A configuration that is strictly compatible with the JSON
+   * specification.
+   * - Comments are forbidden.
+   * - Root object must be either an array or an object value.
+   * - Assumes Value strings are encoded in UTF-8
+   */
+  static Features strictMode();
+
+  /** \brief Initialize the configuration like JsonConfig::allFeatures;
+   */
+  Features();
+
+  /// \c true if comments are allowed. Default: \c true.
+  bool allowComments_;
+
+  /// \c true if root must be either an array or an object value. Default: \c
+  /// false.
+  bool strictRoot_;
+};
+
+} // namespace Json
+
+#endif // CPPTL_JSON_FEATURES_H_INCLUDED
diff --git a/ProvisioningTool/include/json/forwards.h b/ProvisioningTool/include/json/forwards.h
new file mode 100644
index 00000000..ccfe09ab
--- /dev/null
+++ b/ProvisioningTool/include/json/forwards.h
@@ -0,0 +1,37 @@
+// Copyright 2007-2010 Baptiste Lepilleur
+// Distributed under MIT license, or public domain if desired and
+// recognized in your jurisdiction.
+// See file LICENSE for detail or copy at http://jsoncpp.sourceforge.net/LICENSE
+
+#ifndef JSON_FORWARDS_H_INCLUDED
+#define JSON_FORWARDS_H_INCLUDED
+
+#if !defined(JSON_IS_AMALGAMATION)
+#include "config.h"
+#endif // if !defined(JSON_IS_AMALGAMATION)
+
+namespace Json {
+
+// writer.h
+class FastWriter;
+class StyledWriter;
+
+// reader.h
+class Reader;
+
+// features.h
+class Features;
+
+// value.h
+typedef unsigned int ArrayIndex;
+class StaticString;
+class Path;
+class PathArgument;
+class Value;
+class ValueIteratorBase;
+class ValueIterator;
+class ValueConstIterator;
+
+} // namespace Json
+
+#endif // JSON_FORWARDS_H_INCLUDED
diff --git a/ProvisioningTool/include/json/json.h b/ProvisioningTool/include/json/json.h
new file mode 100644
index 00000000..8f10ac2b
--- /dev/null
+++ b/ProvisioningTool/include/json/json.h
@@ -0,0 +1,15 @@
+// Copyright 2007-2010 Baptiste Lepilleur
+// Distributed under MIT license, or public domain if desired and
+// recognized in your jurisdiction.
+// See file LICENSE for detail or copy at http://jsoncpp.sourceforge.net/LICENSE
+
+#ifndef JSON_JSON_H_INCLUDED
+#define JSON_JSON_H_INCLUDED
+
+#include "autolink.h"
+#include "value.h"
+#include "reader.h"
+#include "writer.h"
+#include "features.h"
+
+#endif // JSON_JSON_H_INCLUDED
diff --git a/ProvisioningTool/include/json/reader.h b/ProvisioningTool/include/json/reader.h
new file mode 100644
index 00000000..9c9923a5
--- /dev/null
+++ b/ProvisioningTool/include/json/reader.h
@@ -0,0 +1,360 @@
+// Copyright 2007-2010 Baptiste Lepilleur
+// Distributed under MIT license, or public domain if desired and
+// recognized in your jurisdiction.
+// See file LICENSE for detail or copy at http://jsoncpp.sourceforge.net/LICENSE
+
+#ifndef CPPTL_JSON_READER_H_INCLUDED
+#define CPPTL_JSON_READER_H_INCLUDED
+
+#if !defined(JSON_IS_AMALGAMATION)
+#include "features.h"
+#include "value.h"
+#endif // if !defined(JSON_IS_AMALGAMATION)
+#include 
+#include 
+#include 
+#include 
+#include 
+
+// Disable warning C4251: :  needs to have dll-interface to
+// be used by...
+#if defined(JSONCPP_DISABLE_DLL_INTERFACE_WARNING)
+#pragma warning(push)
+#pragma warning(disable : 4251)
+#endif // if defined(JSONCPP_DISABLE_DLL_INTERFACE_WARNING)
+
+namespace Json {
+
+/** \brief Unserialize a JSON document into a
+ *Value.
+ *
+ * \deprecated Use CharReader and CharReaderBuilder.
+ */
+class JSON_API Reader {
+public:
+  typedef char Char;
+  typedef const Char* Location;
+
+  /** \brief Constructs a Reader allowing all features
+   * for parsing.
+   */
+  Reader();
+
+  /** \brief Constructs a Reader allowing the specified feature set
+   * for parsing.
+   */
+  Reader(const Features& features);
+
+  /** \brief Read a Value from a JSON
+   * document.
+   * \param document UTF-8 encoded string containing the document to read.
+   * \param root [out] Contains the root value of the document if it was
+   *             successfully parsed.
+   * \param collectComments \c true to collect comment and allow writing them
+   * back during
+   *                        serialization, \c false to discard comments.
+   *                        This parameter is ignored if
+   * Features::allowComments_
+   *                        is \c false.
+   * \return \c true if the document was successfully parsed, \c false if an
+   * error occurred.
+   */
+  bool
+  parse(const std::string& document, Value& root, bool collectComments = true);
+
+  /** \brief Read a Value from a JSON
+   document.
+   * \param beginDoc Pointer on the beginning of the UTF-8 encoded string of the
+   document to read.
+   * \param endDoc Pointer on the end of the UTF-8 encoded string of the
+   document to read.
+   *               Must be >= beginDoc.
+   * \param root [out] Contains the root value of the document if it was
+   *             successfully parsed.
+   * \param collectComments \c true to collect comment and allow writing them
+   back during
+   *                        serialization, \c false to discard comments.
+   *                        This parameter is ignored if
+   Features::allowComments_
+   *                        is \c false.
+   * \return \c true if the document was successfully parsed, \c false if an
+   error occurred.
+   */
+  bool parse(const char* beginDoc,
+             const char* endDoc,
+             Value& root,
+             bool collectComments = true);
+
+  /// \brief Parse from input stream.
+  /// \see Json::operator>>(std::istream&, Json::Value&).
+  bool parse(std::istream& is, Value& root, bool collectComments = true);
+
+  /** \brief Returns a user friendly string that list errors in the parsed
+   * document.
+   * \return Formatted error message with the list of errors with their location
+   * in
+   *         the parsed document. An empty string is returned if no error
+   * occurred
+   *         during parsing.
+   * \deprecated Use getFormattedErrorMessages() instead (typo fix).
+   */
+  JSONCPP_DEPRECATED("Use getFormattedErrorMessages() instead.")
+  std::string getFormatedErrorMessages() const;
+
+  /** \brief Returns a user friendly string that list errors in the parsed
+   * document.
+   * \return Formatted error message with the list of errors with their location
+   * in
+   *         the parsed document. An empty string is returned if no error
+   * occurred
+   *         during parsing.
+   */
+  std::string getFormattedErrorMessages() const;
+
+private:
+  enum TokenType {
+    tokenEndOfStream = 0,
+    tokenObjectBegin,
+    tokenObjectEnd,
+    tokenArrayBegin,
+    tokenArrayEnd,
+    tokenString,
+    tokenNumber,
+    tokenTrue,
+    tokenFalse,
+    tokenNull,
+    tokenArraySeparator,
+    tokenMemberSeparator,
+    tokenComment,
+    tokenError
+  };
+
+  class Token {
+  public:
+    TokenType type_;
+    Location start_;
+    Location end_;
+  };
+
+  class ErrorInfo {
+  public:
+    Token token_;
+    std::string message_;
+    Location extra_;
+  };
+
+  typedef std::deque Errors;
+
+  bool readToken(Token& token);
+  void skipSpaces();
+  bool match(Location pattern, int patternLength);
+  bool readComment();
+  bool readCStyleComment();
+  bool readCppStyleComment();
+  bool readString();
+  void readNumber();
+  bool readValue();
+  bool readObject(Token& token);
+  bool readArray(Token& token);
+  bool decodeNumber(Token& token);
+  bool decodeNumber(Token& token, Value& decoded);
+  bool decodeString(Token& token);
+  bool decodeString(Token& token, std::string& decoded);
+  bool decodeDouble(Token& token);
+  bool decodeDouble(Token& token, Value& decoded);
+  bool decodeUnicodeCodePoint(Token& token,
+                              Location& current,
+                              Location end,
+                              unsigned int& unicode);
+  bool decodeUnicodeEscapeSequence(Token& token,
+                                   Location& current,
+                                   Location end,
+                                   unsigned int& unicode);
+  bool addError(const std::string& message, Token& token, Location extra = 0);
+  bool recoverFromError(TokenType skipUntilToken);
+  bool addErrorAndRecover(const std::string& message,
+                          Token& token,
+                          TokenType skipUntilToken);
+  void skipUntilSpace();
+  Value& currentValue();
+  Char getNextChar();
+  void
+  getLocationLineAndColumn(Location location, int& line, int& column) const;
+  std::string getLocationLineAndColumn(Location location) const;
+  void addComment(Location begin, Location end, CommentPlacement placement);
+  void skipCommentTokens(Token& token);
+
+  typedef std::stack Nodes;
+  Nodes nodes_;
+  Errors errors_;
+  std::string document_;
+  Location begin_;
+  Location end_;
+  Location current_;
+  Location lastValueEnd_;
+  Value* lastValue_;
+  std::string commentsBefore_;
+  Features features_;
+  bool collectComments_;
+};  // Reader
+
+/** Interface for reading JSON from a char array.
+ */
+class JSON_API CharReader {
+public:
+  virtual ~CharReader() {}
+  /** \brief Read a Value from a JSON
+   document.
+   * The document must be a UTF-8 encoded string containing the document to read.
+   *
+   * \param beginDoc Pointer on the beginning of the UTF-8 encoded string of the
+   document to read.
+   * \param endDoc Pointer on the end of the UTF-8 encoded string of the
+   document to read.
+   *        Must be >= beginDoc.
+   * \param root [out] Contains the root value of the document if it was
+   *             successfully parsed.
+   * \param errs [out] Formatted error messages (if not NULL)
+   *        a user friendly string that lists errors in the parsed
+   * document.
+   * \return \c true if the document was successfully parsed, \c false if an
+   error occurred.
+   */
+  virtual bool parse(
+      char const* beginDoc, char const* endDoc,
+      Value* root, std::string* errs) = 0;
+
+  class Factory {
+  public:
+    virtual ~Factory() {}
+    /** \brief Allocate a CharReader via operator new().
+     * \throw std::exception if something goes wrong (e.g. invalid settings)
+     */
+    virtual CharReader* newCharReader() const = 0;
+  };  // Factory
+};  // CharReader
+
+/** \brief Build a CharReader implementation.
+
+Usage:
+\code
+  using namespace Json;
+  CharReaderBuilder builder;
+  builder["collectComments"] = false;
+  Value value;
+  std::string errs;
+  bool ok = parseFromStream(builder, std::cin, &value, &errs);
+\endcode
+*/
+class JSON_API CharReaderBuilder : public CharReader::Factory {
+public:
+  // Note: We use a Json::Value so that we can add data-members to this class
+  // without a major version bump.
+  /** Configuration of this builder.
+    These are case-sensitive.
+    Available settings (case-sensitive):
+    - `"collectComments": false or true`
+      - true to collect comment and allow writing them
+        back during serialization, false to discard comments.
+        This parameter is ignored if allowComments is false.
+    - `"allowComments": false or true`
+      - true if comments are allowed.
+    - `"strictRoot": false or true`
+      - true if root must be either an array or an object value
+    - `"allowDroppedNullPlaceholders": false or true`
+      - true if dropped null placeholders are allowed. (See StreamWriterBuilder.)
+    - `"allowNumericKeys": false or true`
+      - true if numeric object keys are allowed.
+    - `"allowSingleQuotes": false or true`
+      - true if '' are allowed for strings (both keys and values)
+    - `"stackLimit": integer`
+      - Exceeding stackLimit (recursive depth of `readValue()`) will
+        cause an exception.
+      - This is a security issue (seg-faults caused by deeply nested JSON),
+        so the default is low.
+    - `"failIfExtra": false or true`
+      - If true, `parse()` returns false when extra non-whitespace trails
+        the JSON value in the input string.
+    - `"rejectDupKeys": false or true`
+      - If true, `parse()` returns false when a key is duplicated within an object.
+    - `"allowSpecialFloats": false or true`
+      - If true, special float values (NaNs and infinities) are allowed 
+        and their values are lossfree restorable.
+
+    You can examine 'settings_` yourself
+    to see the defaults. You can also write and read them just like any
+    JSON Value.
+    \sa setDefaults()
+    */
+  Json::Value settings_;
+
+  CharReaderBuilder();
+  virtual ~CharReaderBuilder();
+
+  virtual CharReader* newCharReader() const;
+
+  /** \return true if 'settings' are legal and consistent;
+   *   otherwise, indicate bad settings via 'invalid'.
+   */
+  bool validate(Json::Value* invalid) const;
+
+  /** A simple way to update a specific setting.
+   */
+  Value& operator[](std::string key);
+
+  /** Called by ctor, but you can use this to reset settings_.
+   * \pre 'settings' != NULL (but Json::null is fine)
+   * \remark Defaults:
+   * \snippet src/lib_json/json_reader.cpp CharReaderBuilderDefaults
+   */
+  static void setDefaults(Json::Value* settings);
+  /** Same as old Features::strictMode().
+   * \pre 'settings' != NULL (but Json::null is fine)
+   * \remark Defaults:
+   * \snippet src/lib_json/json_reader.cpp CharReaderBuilderStrictMode
+   */
+  static void strictMode(Json::Value* settings);
+};
+
+/** Consume entire stream and use its begin/end.
+  * Someday we might have a real StreamReader, but for now this
+  * is convenient.
+  */
+bool JSON_API parseFromStream(
+    CharReader::Factory const&,
+    std::istream&,
+    Value* root, std::string* errs);
+
+/** \brief Read from 'sin' into 'root'.
+
+ Always keep comments from the input JSON.
+
+ This can be used to read a file into a particular sub-object.
+ For example:
+ \code
+ Json::Value root;
+ cin >> root["dir"]["file"];
+ cout << root;
+ \endcode
+ Result:
+ \verbatim
+ {
+ "dir": {
+     "file": {
+     // The input stream JSON would be nested here.
+     }
+ }
+ }
+ \endverbatim
+ \throw std::exception on parse error.
+ \see Json::operator<<()
+*/
+JSON_API std::istream& operator>>(std::istream&, Value&);
+
+} // namespace Json
+
+#if defined(JSONCPP_DISABLE_DLL_INTERFACE_WARNING)
+#pragma warning(pop)
+#endif // if defined(JSONCPP_DISABLE_DLL_INTERFACE_WARNING)
+
+#endif // CPPTL_JSON_READER_H_INCLUDED
diff --git a/ProvisioningTool/include/json/value.h b/ProvisioningTool/include/json/value.h
new file mode 100644
index 00000000..66433f88
--- /dev/null
+++ b/ProvisioningTool/include/json/value.h
@@ -0,0 +1,850 @@
+// Copyright 2007-2010 Baptiste Lepilleur
+// Distributed under MIT license, or public domain if desired and
+// recognized in your jurisdiction.
+// See file LICENSE for detail or copy at http://jsoncpp.sourceforge.net/LICENSE
+
+#ifndef CPPTL_JSON_H_INCLUDED
+#define CPPTL_JSON_H_INCLUDED
+
+#if !defined(JSON_IS_AMALGAMATION)
+#include "forwards.h"
+#endif // if !defined(JSON_IS_AMALGAMATION)
+#include 
+#include 
+#include 
+
+#ifndef JSON_USE_CPPTL_SMALLMAP
+#include 
+#else
+#include 
+#endif
+#ifdef JSON_USE_CPPTL
+#include 
+#endif
+
+// Disable warning C4251: :  needs to have dll-interface to
+// be used by...
+#if defined(JSONCPP_DISABLE_DLL_INTERFACE_WARNING)
+#pragma warning(push)
+#pragma warning(disable : 4251)
+#endif // if defined(JSONCPP_DISABLE_DLL_INTERFACE_WARNING)
+
+//Conditional NORETURN attribute on the throw functions would:
+// a) suppress false positives from static code analysis 
+// b) possibly improve optimization opportunities.
+#if !defined(JSONCPP_NORETURN)
+#  if defined(_MSC_VER)
+#    define JSONCPP_NORETURN __declspec(noreturn)
+#  elif defined(__GNUC__)
+#    define JSONCPP_NORETURN __attribute__ ((__noreturn__))
+#  else
+#    define JSONCPP_NORETURN
+#  endif
+#endif
+
+/** \brief JSON (JavaScript Object Notation).
+ */
+namespace Json {
+
+/** Base class for all exceptions we throw.
+ *
+ * We use nothing but these internally. Of course, STL can throw others.
+ */
+class JSON_API Exception : public std::exception {
+public:
+  Exception(std::string const& msg);
+  virtual ~Exception() throw();
+  virtual char const* what() const throw();
+protected:
+  std::string const msg_;
+};
+
+/** Exceptions which the user cannot easily avoid.
+ *
+ * E.g. out-of-memory (when we use malloc), stack-overflow, malicious input
+ * 
+ * \remark derived from Json::Exception
+ */
+class JSON_API RuntimeError : public Exception {
+public:
+  RuntimeError(std::string const& msg);
+};
+
+/** Exceptions thrown by JSON_ASSERT/JSON_FAIL macros.
+ *
+ * These are precondition-violations (user bugs) and internal errors (our bugs).
+ * 
+ * \remark derived from Json::Exception
+ */
+class JSON_API LogicError : public Exception {
+public:
+  LogicError(std::string const& msg);
+};
+
+/// used internally
+JSONCPP_NORETURN void throwRuntimeError(std::string const& msg);
+/// used internally
+JSONCPP_NORETURN void throwLogicError(std::string const& msg);
+
+/** \brief Type of the value held by a Value object.
+ */
+enum ValueType {
+  nullValue = 0, ///< 'null' value
+  intValue,      ///< signed integer value
+  uintValue,     ///< unsigned integer value
+  realValue,     ///< double value
+  stringValue,   ///< UTF-8 string value
+  booleanValue,  ///< bool value
+  arrayValue,    ///< array value (ordered list)
+  objectValue    ///< object value (collection of name/value pairs).
+};
+
+enum CommentPlacement {
+  commentBefore = 0,      ///< a comment placed on the line before a value
+  commentAfterOnSameLine, ///< a comment just after a value on the same line
+  commentAfter, ///< a comment on the line after a value (only make sense for
+  /// root value)
+  numberOfCommentPlacement
+};
+
+//# ifdef JSON_USE_CPPTL
+//   typedef CppTL::AnyEnumerator EnumMemberNames;
+//   typedef CppTL::AnyEnumerator EnumValues;
+//# endif
+
+/** \brief Lightweight wrapper to tag static string.
+ *
+ * Value constructor and objectValue member assignement takes advantage of the
+ * StaticString and avoid the cost of string duplication when storing the
+ * string or the member name.
+ *
+ * Example of usage:
+ * \code
+ * Json::Value aValue( StaticString("some text") );
+ * Json::Value object;
+ * static const StaticString code("code");
+ * object[code] = 1234;
+ * \endcode
+ */
+class JSON_API StaticString {
+public:
+  explicit StaticString(const char* czstring) : c_str_(czstring) {}
+
+  operator const char*() const { return c_str_; }
+
+  const char* c_str() const { return c_str_; }
+
+private:
+  const char* c_str_;
+};
+
+/** \brief Represents a JSON value.
+ *
+ * This class is a discriminated union wrapper that can represents a:
+ * - signed integer [range: Value::minInt - Value::maxInt]
+ * - unsigned integer (range: 0 - Value::maxUInt)
+ * - double
+ * - UTF-8 string
+ * - boolean
+ * - 'null'
+ * - an ordered list of Value
+ * - collection of name/value pairs (javascript object)
+ *
+ * The type of the held value is represented by a #ValueType and
+ * can be obtained using type().
+ *
+ * Values of an #objectValue or #arrayValue can be accessed using operator[]()
+ * methods.
+ * Non-const methods will automatically create the a #nullValue element
+ * if it does not exist.
+ * The sequence of an #arrayValue will be automatically resized and initialized
+ * with #nullValue. resize() can be used to enlarge or truncate an #arrayValue.
+ *
+ * The get() methods can be used to obtain default value in the case the
+ * required element does not exist.
+ *
+ * It is possible to iterate over the list of a #objectValue values using
+ * the getMemberNames() method.
+ *
+ * \note #Value string-length fit in size_t, but keys must be < 2^30.
+ * (The reason is an implementation detail.) A #CharReader will raise an
+ * exception if a bound is exceeded to avoid security holes in your app,
+ * but the Value API does *not* check bounds. That is the responsibility
+ * of the caller.
+ */
+class JSON_API Value {
+  friend class ValueIteratorBase;
+public:
+  typedef std::vector Members;
+  typedef ValueIterator iterator;
+  typedef ValueConstIterator const_iterator;
+  typedef Json::UInt UInt;
+  typedef Json::Int Int;
+#if defined(JSON_HAS_INT64)
+  typedef Json::UInt64 UInt64;
+  typedef Json::Int64 Int64;
+#endif // defined(JSON_HAS_INT64)
+  typedef Json::LargestInt LargestInt;
+  typedef Json::LargestUInt LargestUInt;
+  typedef Json::ArrayIndex ArrayIndex;
+
+  static const Value& nullRef;
+#if !defined(__ARMEL__)
+  /// \deprecated This exists for binary compatibility only. Use nullRef.
+  static const Value null;
+#endif
+  /// Minimum signed integer value that can be stored in a Json::Value.
+  static const LargestInt minLargestInt;
+  /// Maximum signed integer value that can be stored in a Json::Value.
+  static const LargestInt maxLargestInt;
+  /// Maximum unsigned integer value that can be stored in a Json::Value.
+  static const LargestUInt maxLargestUInt;
+
+  /// Minimum signed int value that can be stored in a Json::Value.
+  static const Int minInt;
+  /// Maximum signed int value that can be stored in a Json::Value.
+  static const Int maxInt;
+  /// Maximum unsigned int value that can be stored in a Json::Value.
+  static const UInt maxUInt;
+
+#if defined(JSON_HAS_INT64)
+  /// Minimum signed 64 bits int value that can be stored in a Json::Value.
+  static const Int64 minInt64;
+  /// Maximum signed 64 bits int value that can be stored in a Json::Value.
+  static const Int64 maxInt64;
+  /// Maximum unsigned 64 bits int value that can be stored in a Json::Value.
+  static const UInt64 maxUInt64;
+#endif // defined(JSON_HAS_INT64)
+
+//MW: workaround for bug in NVIDIAs CUDA 7.5 nvcc compiler
+#ifdef  __NVCC__
+public:
+#else
+private:
+#endif //__NVCC__
+#ifndef JSONCPP_DOC_EXCLUDE_IMPLEMENTATION
+  class CZString {
+  public:
+    enum DuplicationPolicy {
+      noDuplication = 0,
+      duplicate,
+      duplicateOnCopy
+    };
+    CZString(ArrayIndex index);
+    CZString(char const* str, unsigned length, DuplicationPolicy allocate);
+    CZString(CZString const& other);
+    ~CZString();
+    CZString& operator=(CZString other);
+    bool operator<(CZString const& other) const;
+    bool operator==(CZString const& other) const;
+    ArrayIndex index() const;
+    //const char* c_str() const; ///< \deprecated
+    char const* data() const;
+    unsigned length() const;
+    bool isStaticString() const;
+
+  private:
+    void swap(CZString& other);
+
+    struct StringStorage {
+      unsigned policy_: 2;
+      unsigned length_: 30; // 1GB max
+    };
+
+    char const* cstr_;  // actually, a prefixed string, unless policy is noDup
+    union {
+      ArrayIndex index_;
+      StringStorage storage_;
+    };
+  };
+
+public:
+#ifndef JSON_USE_CPPTL_SMALLMAP
+  typedef std::map ObjectValues;
+#else
+  typedef CppTL::SmallMap ObjectValues;
+#endif // ifndef JSON_USE_CPPTL_SMALLMAP
+#endif // ifndef JSONCPP_DOC_EXCLUDE_IMPLEMENTATION
+
+public:
+  /** \brief Create a default Value of the given type.
+
+    This is a very useful constructor.
+    To create an empty array, pass arrayValue.
+    To create an empty object, pass objectValue.
+    Another Value can then be set to this one by assignment.
+This is useful since clear() and resize() will not alter types.
+
+    Examples:
+\code
+Json::Value null_value; // null
+Json::Value arr_value(Json::arrayValue); // []
+Json::Value obj_value(Json::objectValue); // {}
+\endcode
+  */
+  Value(ValueType type = nullValue);
+  Value(Int value);
+  Value(UInt value);
+#if defined(JSON_HAS_INT64)
+  Value(Int64 value);
+  Value(UInt64 value);
+#endif // if defined(JSON_HAS_INT64)
+  Value(double value);
+  Value(const char* value); ///< Copy til first 0. (NULL causes to seg-fault.)
+  Value(const char* begin, const char* end); ///< Copy all, incl zeroes.
+  /** \brief Constructs a value from a static string.
+
+   * Like other value string constructor but do not duplicate the string for
+   * internal storage. The given string must remain alive after the call to this
+   * constructor.
+   * \note This works only for null-terminated strings. (We cannot change the
+   *   size of this class, so we have nowhere to store the length,
+   *   which might be computed later for various operations.)
+   *
+   * Example of usage:
+   * \code
+   * static StaticString foo("some text");
+   * Json::Value aValue(foo);
+   * \endcode
+   */
+  Value(const StaticString& value);
+  Value(const std::string& value); ///< Copy data() til size(). Embedded zeroes too.
+#ifdef JSON_USE_CPPTL
+  Value(const CppTL::ConstString& value);
+#endif
+  Value(bool value);
+  /// Deep copy.
+  Value(const Value& other);
+  ~Value();
+
+  /// Deep copy, then swap(other).
+  /// \note Over-write existing comments. To preserve comments, use #swapPayload().
+  Value &operator=(const Value &other);
+  /// Swap everything.
+  void swap(Value& other);
+  /// Swap values but leave comments and source offsets in place.
+  void swapPayload(Value& other);
+
+  ValueType type() const;
+
+  /// Compare payload only, not comments etc.
+  bool operator<(const Value& other) const;
+  bool operator<=(const Value& other) const;
+  bool operator>=(const Value& other) const;
+  bool operator>(const Value& other) const;
+  bool operator==(const Value& other) const;
+  bool operator!=(const Value& other) const;
+  int compare(const Value& other) const;
+
+  const char* asCString() const; ///< Embedded zeroes could cause you trouble!
+  std::string asString() const; ///< Embedded zeroes are possible.
+  /** Get raw char* of string-value.
+   *  \return false if !string. (Seg-fault if str or end are NULL.)
+   */
+  bool getString(
+      char const** begin, char const** end) const;
+#ifdef JSON_USE_CPPTL
+  CppTL::ConstString asConstString() const;
+#endif
+  Int asInt() const;
+  UInt asUInt() const;
+#if defined(JSON_HAS_INT64)
+  Int64 asInt64() const;
+  UInt64 asUInt64() const;
+#endif // if defined(JSON_HAS_INT64)
+  LargestInt asLargestInt() const;
+  LargestUInt asLargestUInt() const;
+  float asFloat() const;
+  double asDouble() const;
+  bool asBool() const;
+
+  bool isNull() const;
+  bool isBool() const;
+  bool isInt() const;
+  bool isInt64() const;
+  bool isUInt() const;
+  bool isUInt64() const;
+  bool isIntegral() const;
+  bool isDouble() const;
+  bool isNumeric() const;
+  bool isString() const;
+  bool isArray() const;
+  bool isObject() const;
+
+  bool isConvertibleTo(ValueType other) const;
+
+  /// Number of values in array or object
+  ArrayIndex size() const;
+
+  /// \brief Return true if empty array, empty object, or null;
+  /// otherwise, false.
+  bool empty() const;
+
+  /// Return isNull()
+  bool operator!() const;
+
+  /// Remove all object members and array elements.
+  /// \pre type() is arrayValue, objectValue, or nullValue
+  /// \post type() is unchanged
+  void clear();
+
+  /// Resize the array to size elements.
+  /// New elements are initialized to null.
+  /// May only be called on nullValue or arrayValue.
+  /// \pre type() is arrayValue or nullValue
+  /// \post type() is arrayValue
+  void resize(ArrayIndex size);
+
+  /// Access an array element (zero based index ).
+  /// If the array contains less than index element, then null value are
+  /// inserted
+  /// in the array so that its size is index+1.
+  /// (You may need to say 'value[0u]' to get your compiler to distinguish
+  ///  this from the operator[] which takes a string.)
+  Value& operator[](ArrayIndex index);
+
+  /// Access an array element (zero based index ).
+  /// If the array contains less than index element, then null value are
+  /// inserted
+  /// in the array so that its size is index+1.
+  /// (You may need to say 'value[0u]' to get your compiler to distinguish
+  ///  this from the operator[] which takes a string.)
+  Value& operator[](int index);
+
+  /// Access an array element (zero based index )
+  /// (You may need to say 'value[0u]' to get your compiler to distinguish
+  ///  this from the operator[] which takes a string.)
+  const Value& operator[](ArrayIndex index) const;
+
+  /// Access an array element (zero based index )
+  /// (You may need to say 'value[0u]' to get your compiler to distinguish
+  ///  this from the operator[] which takes a string.)
+  const Value& operator[](int index) const;
+
+  /// If the array contains at least index+1 elements, returns the element
+  /// value,
+  /// otherwise returns defaultValue.
+  Value get(ArrayIndex index, const Value& defaultValue) const;
+  /// Return true if index < size().
+  bool isValidIndex(ArrayIndex index) const;
+  /// \brief Append value to array at the end.
+  ///
+  /// Equivalent to jsonvalue[jsonvalue.size()] = value;
+  Value& append(const Value& value);
+
+  /// Access an object value by name, create a null member if it does not exist.
+  /// \note Because of our implementation, keys are limited to 2^30 -1 chars.
+  ///  Exceeding that will cause an exception.
+  Value& operator[](const char* key);
+  /// Access an object value by name, returns null if there is no member with
+  /// that name.
+  const Value& operator[](const char* key) const;
+  /// Access an object value by name, create a null member if it does not exist.
+  /// \param key may contain embedded nulls.
+  Value& operator[](const std::string& key);
+  /// Access an object value by name, returns null if there is no member with
+  /// that name.
+  /// \param key may contain embedded nulls.
+  const Value& operator[](const std::string& key) const;
+  /** \brief Access an object value by name, create a null member if it does not
+   exist.
+
+   * If the object has no entry for that name, then the member name used to store
+   * the new entry is not duplicated.
+   * Example of use:
+   * \code
+   * Json::Value object;
+   * static const StaticString code("code");
+   * object[code] = 1234;
+   * \endcode
+   */
+  Value& operator[](const StaticString& key);
+#ifdef JSON_USE_CPPTL
+  /// Access an object value by name, create a null member if it does not exist.
+  Value& operator[](const CppTL::ConstString& key);
+  /// Access an object value by name, returns null if there is no member with
+  /// that name.
+  const Value& operator[](const CppTL::ConstString& key) const;
+#endif
+  /// Return the member named key if it exist, defaultValue otherwise.
+  /// \note deep copy
+  Value get(const char* key, const Value& defaultValue) const;
+  /// Return the member named key if it exist, defaultValue otherwise.
+  /// \note deep copy
+  /// \note key may contain embedded nulls.
+  Value get(const char* begin, const char* end, const Value& defaultValue) const;
+  /// Return the member named key if it exist, defaultValue otherwise.
+  /// \note deep copy
+  /// \param key may contain embedded nulls.
+  Value get(const std::string& key, const Value& defaultValue) const;
+#ifdef JSON_USE_CPPTL
+  /// Return the member named key if it exist, defaultValue otherwise.
+  /// \note deep copy
+  Value get(const CppTL::ConstString& key, const Value& defaultValue) const;
+#endif
+  /// Most general and efficient version of isMember()const, get()const,
+  /// and operator[]const
+  /// \note As stated elsewhere, behavior is undefined if (end-begin) >= 2^30
+  Value const* find(char const* begin, char const* end) const;
+  /// Most general and efficient version of object-mutators.
+  /// \note As stated elsewhere, behavior is undefined if (end-begin) >= 2^30
+  /// \return non-zero, but JSON_ASSERT if this is neither object nor nullValue.
+  Value const* demand(char const* begin, char const* end);
+  /// \brief Remove and return the named member.
+  ///
+  /// Do nothing if it did not exist.
+  /// \return the removed Value, or null.
+  /// \pre type() is objectValue or nullValue
+  /// \post type() is unchanged
+  /// \deprecated
+  Value removeMember(const char* key);
+  /// Same as removeMember(const char*)
+  /// \param key may contain embedded nulls.
+  /// \deprecated
+  Value removeMember(const std::string& key);
+  /// Same as removeMember(const char* begin, const char* end, Value* removed),
+  /// but 'key' is null-terminated.
+  bool removeMember(const char* key, Value* removed);
+  /** \brief Remove the named map member.
+
+      Update 'removed' iff removed.
+      \param key may contain embedded nulls.
+      \return true iff removed (no exceptions)
+  */
+  bool removeMember(std::string const& key, Value* removed);
+  /// Same as removeMember(std::string const& key, Value* removed)
+  bool removeMember(const char* begin, const char* end, Value* removed);
+  /** \brief Remove the indexed array element.
+
+      O(n) expensive operations.
+      Update 'removed' iff removed.
+      \return true iff removed (no exceptions)
+  */
+  bool removeIndex(ArrayIndex i, Value* removed);
+
+  /// Return true if the object has a member named key.
+  /// \note 'key' must be null-terminated.
+  bool isMember(const char* key) const;
+  /// Return true if the object has a member named key.
+  /// \param key may contain embedded nulls.
+  bool isMember(const std::string& key) const;
+  /// Same as isMember(std::string const& key)const
+  bool isMember(const char* begin, const char* end) const;
+#ifdef JSON_USE_CPPTL
+  /// Return true if the object has a member named key.
+  bool isMember(const CppTL::ConstString& key) const;
+#endif
+
+  /// \brief Return a list of the member names.
+  ///
+  /// If null, return an empty list.
+  /// \pre type() is objectValue or nullValue
+  /// \post if type() was nullValue, it remains nullValue
+  Members getMemberNames() const;
+
+  //# ifdef JSON_USE_CPPTL
+  //      EnumMemberNames enumMemberNames() const;
+  //      EnumValues enumValues() const;
+  //# endif
+
+  /// \deprecated Always pass len.
+  JSONCPP_DEPRECATED("Use setComment(std::string const&) instead.")
+  void setComment(const char* comment, CommentPlacement placement);
+  /// Comments must be //... or /* ... */
+  void setComment(const char* comment, size_t len, CommentPlacement placement);
+  /// Comments must be //... or /* ... */
+  void setComment(const std::string& comment, CommentPlacement placement);
+  bool hasComment(CommentPlacement placement) const;
+  /// Include delimiters and embedded newlines.
+  std::string getComment(CommentPlacement placement) const;
+
+  std::string toStyledString() const;
+
+  const_iterator begin() const;
+  const_iterator end() const;
+
+  iterator begin();
+  iterator end();
+
+private:
+  void initBasic(ValueType type, bool allocated = false);
+
+  Value& resolveReference(const char* key);
+  Value& resolveReference(const char* key, const char* end);
+
+  struct CommentInfo {
+    CommentInfo();
+    ~CommentInfo();
+
+    void setComment(const char* text, size_t len);
+
+    char* comment_;
+  };
+
+  // struct MemberNamesTransform
+  //{
+  //   typedef const char *result_type;
+  //   const char *operator()( const CZString &name ) const
+  //   {
+  //      return name.c_str();
+  //   }
+  //};
+
+  union ValueHolder {
+    LargestInt int_;
+    LargestUInt uint_;
+    double real_;
+    bool bool_;
+    char* string_;  // actually ptr to unsigned, followed by str, unless !allocated_
+    ObjectValues* map_;
+  } value_;
+  ValueType type_ : 8;
+  unsigned int allocated_ : 1; // Notes: if declared as bool, bitfield is useless.
+                               // If not allocated_, string_ must be null-terminated.
+  CommentInfo* comments_;
+};
+
+/** \brief Experimental and untested: represents an element of the "path" to
+ * access a node.
+ */
+class JSON_API PathArgument {
+public:
+  friend class Path;
+
+  PathArgument();
+  PathArgument(ArrayIndex index);
+  PathArgument(const char* key);
+  PathArgument(const std::string& key);
+
+private:
+  enum Kind {
+    kindNone = 0,
+    kindIndex,
+    kindKey
+  };
+  std::string key_;
+  ArrayIndex index_;
+  Kind kind_;
+};
+
+/** \brief Experimental and untested: represents a "path" to access a node.
+ *
+ * Syntax:
+ * - "." => root node
+ * - ".[n]" => elements at index 'n' of root node (an array value)
+ * - ".name" => member named 'name' of root node (an object value)
+ * - ".name1.name2.name3"
+ * - ".[0][1][2].name1[3]"
+ * - ".%" => member name is provided as parameter
+ * - ".[%]" => index is provied as parameter
+ */
+class JSON_API Path {
+public:
+  Path(const std::string& path,
+       const PathArgument& a1 = PathArgument(),
+       const PathArgument& a2 = PathArgument(),
+       const PathArgument& a3 = PathArgument(),
+       const PathArgument& a4 = PathArgument(),
+       const PathArgument& a5 = PathArgument());
+
+  const Value& resolve(const Value& root) const;
+  Value resolve(const Value& root, const Value& defaultValue) const;
+  /// Creates the "path" to access the specified node and returns a reference on
+  /// the node.
+  Value& make(Value& root) const;
+
+private:
+  typedef std::vector InArgs;
+  typedef std::vector Args;
+
+  void makePath(const std::string& path, const InArgs& in);
+  void addPathInArg(const std::string& path,
+                    const InArgs& in,
+                    InArgs::const_iterator& itInArg,
+                    PathArgument::Kind kind);
+  void invalidPath(const std::string& path, int location);
+
+  Args args_;
+};
+
+/** \brief base class for Value iterators.
+ *
+ */
+class JSON_API ValueIteratorBase {
+public:
+  typedef std::bidirectional_iterator_tag iterator_category;
+  typedef unsigned int size_t;
+  typedef int difference_type;
+  typedef ValueIteratorBase SelfType;
+
+  bool operator==(const SelfType& other) const { return isEqual(other); }
+
+  bool operator!=(const SelfType& other) const { return !isEqual(other); }
+
+  difference_type operator-(const SelfType& other) const {
+    return other.computeDistance(*this);
+  }
+
+  /// Return either the index or the member name of the referenced value as a
+  /// Value.
+  Value key() const;
+
+  /// Return the index of the referenced Value, or -1 if it is not an arrayValue.
+  UInt index() const;
+
+  /// Return the member name of the referenced Value, or "" if it is not an
+  /// objectValue.
+  /// \note Avoid `c_str()` on result, as embedded zeroes are possible.
+  std::string name() const;
+
+  /// Return the member name of the referenced Value. "" if it is not an
+  /// objectValue.
+  /// \deprecated This cannot be used for UTF-8 strings, since there can be embedded nulls.
+  JSONCPP_DEPRECATED("Use `key = name();` instead.")
+  char const* memberName() const;
+  /// Return the member name of the referenced Value, or NULL if it is not an
+  /// objectValue.
+  /// \note Better version than memberName(). Allows embedded nulls.
+  char const* memberName(char const** end) const;
+
+protected:
+  Value& deref() const;
+
+  void increment();
+
+  void decrement();
+
+  difference_type computeDistance(const SelfType& other) const;
+
+  bool isEqual(const SelfType& other) const;
+
+  void copy(const SelfType& other);
+
+private:
+  Value::ObjectValues::iterator current_;
+  // Indicates that iterator is for a null value.
+  bool isNull_;
+
+public:
+  // For some reason, BORLAND needs these at the end, rather
+  // than earlier. No idea why.
+  ValueIteratorBase();
+  explicit ValueIteratorBase(const Value::ObjectValues::iterator& current);
+};
+
+/** \brief const iterator for object and array value.
+ *
+ */
+class JSON_API ValueConstIterator : public ValueIteratorBase {
+  friend class Value;
+
+public:
+  typedef const Value value_type;
+  //typedef unsigned int size_t;
+  //typedef int difference_type;
+  typedef const Value& reference;
+  typedef const Value* pointer;
+  typedef ValueConstIterator SelfType;
+
+  ValueConstIterator();
+
+private:
+/*! \internal Use by Value to create an iterator.
+ */
+  explicit ValueConstIterator(const Value::ObjectValues::iterator& current);
+public:
+  SelfType& operator=(const ValueIteratorBase& other);
+
+  SelfType operator++(int) {
+    SelfType temp(*this);
+    ++*this;
+    return temp;
+  }
+
+  SelfType operator--(int) {
+    SelfType temp(*this);
+    --*this;
+    return temp;
+  }
+
+  SelfType& operator--() {
+    decrement();
+    return *this;
+  }
+
+  SelfType& operator++() {
+    increment();
+    return *this;
+  }
+
+  reference operator*() const { return deref(); }
+
+  pointer operator->() const { return &deref(); }
+};
+
+/** \brief Iterator for object and array value.
+ */
+class JSON_API ValueIterator : public ValueIteratorBase {
+  friend class Value;
+
+public:
+  typedef Value value_type;
+  typedef unsigned int size_t;
+  typedef int difference_type;
+  typedef Value& reference;
+  typedef Value* pointer;
+  typedef ValueIterator SelfType;
+
+  ValueIterator();
+  ValueIterator(const ValueConstIterator& other);
+  ValueIterator(const ValueIterator& other);
+
+private:
+/*! \internal Use by Value to create an iterator.
+ */
+  explicit ValueIterator(const Value::ObjectValues::iterator& current);
+public:
+  SelfType& operator=(const SelfType& other);
+
+  SelfType operator++(int) {
+    SelfType temp(*this);
+    ++*this;
+    return temp;
+  }
+
+  SelfType operator--(int) {
+    SelfType temp(*this);
+    --*this;
+    return temp;
+  }
+
+  SelfType& operator--() {
+    decrement();
+    return *this;
+  }
+
+  SelfType& operator++() {
+    increment();
+    return *this;
+  }
+
+  reference operator*() const { return deref(); }
+
+  pointer operator->() const { return &deref(); }
+};
+
+} // namespace Json
+
+
+namespace std {
+/// Specialize std::swap() for Json::Value.
+template<>
+inline void swap(Json::Value& a, Json::Value& b) { a.swap(b); }
+}
+
+
+#if defined(JSONCPP_DISABLE_DLL_INTERFACE_WARNING)
+#pragma warning(pop)
+#endif // if defined(JSONCPP_DISABLE_DLL_INTERFACE_WARNING)
+
+#endif // CPPTL_JSON_H_INCLUDED
diff --git a/ProvisioningTool/include/json/version.h b/ProvisioningTool/include/json/version.h
new file mode 100644
index 00000000..d0f3dcb0
--- /dev/null
+++ b/ProvisioningTool/include/json/version.h
@@ -0,0 +1,13 @@
+// DO NOT EDIT. This file (and "version") is generated by CMake.
+// Run CMake configure step to update it.
+#ifndef JSON_VERSION_H_INCLUDED
+# define JSON_VERSION_H_INCLUDED
+
+# define JSONCPP_VERSION_STRING "0.10.7"
+# define JSONCPP_VERSION_MAJOR 0
+# define JSONCPP_VERSION_MINOR 10
+# define JSONCPP_VERSION_PATCH 7
+# define JSONCPP_VERSION_QUALIFIER
+# define JSONCPP_VERSION_HEXA ((JSONCPP_VERSION_MAJOR << 24) | (JSONCPP_VERSION_MINOR << 16) | (JSONCPP_VERSION_PATCH << 8))
+
+#endif // JSON_VERSION_H_INCLUDED
diff --git a/ProvisioningTool/include/json/writer.h b/ProvisioningTool/include/json/writer.h
new file mode 100644
index 00000000..a7fd11d2
--- /dev/null
+++ b/ProvisioningTool/include/json/writer.h
@@ -0,0 +1,320 @@
+// Copyright 2007-2010 Baptiste Lepilleur
+// Distributed under MIT license, or public domain if desired and
+// recognized in your jurisdiction.
+// See file LICENSE for detail or copy at http://jsoncpp.sourceforge.net/LICENSE
+
+#ifndef JSON_WRITER_H_INCLUDED
+#define JSON_WRITER_H_INCLUDED
+
+#if !defined(JSON_IS_AMALGAMATION)
+#include "value.h"
+#endif // if !defined(JSON_IS_AMALGAMATION)
+#include 
+#include 
+#include 
+
+// Disable warning C4251: :  needs to have dll-interface to
+// be used by...
+#if defined(JSONCPP_DISABLE_DLL_INTERFACE_WARNING)
+#pragma warning(push)
+#pragma warning(disable : 4251)
+#endif // if defined(JSONCPP_DISABLE_DLL_INTERFACE_WARNING)
+
+namespace Json {
+
+class Value;
+
+/**
+
+Usage:
+\code
+  using namespace Json;
+  void writeToStdout(StreamWriter::Factory const& factory, Value const& value) {
+    std::unique_ptr const writer(
+      factory.newStreamWriter());
+    writer->write(value, &std::cout);
+    std::cout << std::endl;  // add lf and flush
+  }
+\endcode
+*/
+class JSON_API StreamWriter {
+protected:
+  std::ostream* sout_;  // not owned; will not delete
+public:
+  StreamWriter();
+  virtual ~StreamWriter();
+  /** Write Value into document as configured in sub-class.
+      Do not take ownership of sout, but maintain a reference during function.
+      \pre sout != NULL
+      \return zero on success (For now, we always return zero, so check the stream instead.)
+      \throw std::exception possibly, depending on configuration
+   */
+  virtual int write(Value const& root, std::ostream* sout) = 0;
+
+  /** \brief A simple abstract factory.
+   */
+  class JSON_API Factory {
+  public:
+    virtual ~Factory();
+    /** \brief Allocate a CharReader via operator new().
+     * \throw std::exception if something goes wrong (e.g. invalid settings)
+     */
+    virtual StreamWriter* newStreamWriter() const = 0;
+  };  // Factory
+};  // StreamWriter
+
+/** \brief Write into stringstream, then return string, for convenience.
+ * A StreamWriter will be created from the factory, used, and then deleted.
+ */
+std::string JSON_API writeString(StreamWriter::Factory const& factory, Value const& root);
+
+
+/** \brief Build a StreamWriter implementation.
+
+Usage:
+\code
+  using namespace Json;
+  Value value = ...;
+  StreamWriterBuilder builder;
+  builder["commentStyle"] = "None";
+  builder["indentation"] = "   ";  // or whatever you like
+  std::unique_ptr writer(
+      builder.newStreamWriter());
+  writer->write(value, &std::cout);
+  std::cout << std::endl;  // add lf and flush
+\endcode
+*/
+class JSON_API StreamWriterBuilder : public StreamWriter::Factory {
+public:
+  // Note: We use a Json::Value so that we can add data-members to this class
+  // without a major version bump.
+  /** Configuration of this builder.
+    Available settings (case-sensitive):
+    - "commentStyle": "None" or "All"
+    - "indentation":  ""
+    - "enableYAMLCompatibility": false or true
+      - slightly change the whitespace around colons
+    - "dropNullPlaceholders": false or true
+      - Drop the "null" string from the writer's output for nullValues.
+        Strictly speaking, this is not valid JSON. But when the output is being
+        fed to a browser's Javascript, it makes for smaller output and the
+        browser can handle the output just fine.
+    - "useSpecialFloats": false or true
+      - If true, outputs non-finite floating point values in the following way:
+        NaN values as "NaN", positive infinity as "Infinity", and negative infinity
+        as "-Infinity".
+
+    You can examine 'settings_` yourself
+    to see the defaults. You can also write and read them just like any
+    JSON Value.
+    \sa setDefaults()
+    */
+  Json::Value settings_;
+
+  StreamWriterBuilder();
+  virtual ~StreamWriterBuilder();
+
+  /**
+   * \throw std::exception if something goes wrong (e.g. invalid settings)
+   */
+  virtual StreamWriter* newStreamWriter() const;
+
+  /** \return true if 'settings' are legal and consistent;
+   *   otherwise, indicate bad settings via 'invalid'.
+   */
+  bool validate(Json::Value* invalid) const;
+  /** A simple way to update a specific setting.
+   */
+  Value& operator[](std::string key);
+
+  /** Called by ctor, but you can use this to reset settings_.
+   * \pre 'settings' != NULL (but Json::null is fine)
+   * \remark Defaults:
+   * \snippet src/lib_json/json_writer.cpp StreamWriterBuilderDefaults
+   */
+  static void setDefaults(Json::Value* settings);
+};
+
+/** \brief Abstract class for writers.
+ * \deprecated Use StreamWriter. (And really, this is an implementation detail.)
+ */
+class JSON_API Writer {
+public:
+  virtual ~Writer();
+
+  virtual std::string write(const Value& root) = 0;
+};
+
+/** \brief Outputs a Value in JSON format
+ *without formatting (not human friendly).
+ *
+ * The JSON document is written in a single line. It is not intended for 'human'
+ *consumption,
+ * but may be usefull to support feature such as RPC where bandwith is limited.
+ * \sa Reader, Value
+ * \deprecated Use StreamWriterBuilder.
+ */
+class JSON_API FastWriter : public Writer {
+
+public:
+  FastWriter();
+  virtual ~FastWriter() {}
+
+  void enableYAMLCompatibility();
+
+public: // overridden from Writer
+  virtual std::string write(const Value& root);
+
+private:
+  void writeValue(const Value& value);
+
+  std::string document_;
+  bool yamlCompatiblityEnabled_;
+};
+
+/** \brief Writes a Value in JSON format in a
+ *human friendly way.
+ *
+ * The rules for line break and indent are as follow:
+ * - Object value:
+ *     - if empty then print {} without indent and line break
+ *     - if not empty the print '{', line break & indent, print one value per
+ *line
+ *       and then unindent and line break and print '}'.
+ * - Array value:
+ *     - if empty then print [] without indent and line break
+ *     - if the array contains no object value, empty array or some other value
+ *types,
+ *       and all the values fit on one lines, then print the array on a single
+ *line.
+ *     - otherwise, it the values do not fit on one line, or the array contains
+ *       object or non empty array, then print one value per line.
+ *
+ * If the Value have comments then they are outputed according to their
+ *#CommentPlacement.
+ *
+ * \sa Reader, Value, Value::setComment()
+ * \deprecated Use StreamWriterBuilder.
+ */
+class JSON_API StyledWriter : public Writer {
+public:
+  StyledWriter();
+  virtual ~StyledWriter() {}
+
+public: // overridden from Writer
+  /** \brief Serialize a Value in JSON format.
+   * \param root Value to serialize.
+   * \return String containing the JSON document that represents the root value.
+   */
+  virtual std::string write(const Value& root);
+
+private:
+  void writeValue(const Value& value);
+  void writeArrayValue(const Value& value);
+  bool isMultineArray(const Value& value);
+  void pushValue(const std::string& value);
+  void writeIndent();
+  void writeWithIndent(const std::string& value);
+  void indent();
+  void unindent();
+  void writeCommentBeforeValue(const Value& root);
+  void writeCommentAfterValueOnSameLine(const Value& root);
+  bool hasCommentForValue(const Value& value);
+  static std::string normalizeEOL(const std::string& text);
+
+  typedef std::vector ChildValues;
+
+  ChildValues childValues_;
+  std::string document_;
+  std::string indentString_;
+  int rightMargin_;
+  int indentSize_;
+  bool addChildValues_;
+};
+
+/** \brief Writes a Value in JSON format in a
+ human friendly way,
+     to a stream rather than to a string.
+ *
+ * The rules for line break and indent are as follow:
+ * - Object value:
+ *     - if empty then print {} without indent and line break
+ *     - if not empty the print '{', line break & indent, print one value per
+ line
+ *       and then unindent and line break and print '}'.
+ * - Array value:
+ *     - if empty then print [] without indent and line break
+ *     - if the array contains no object value, empty array or some other value
+ types,
+ *       and all the values fit on one lines, then print the array on a single
+ line.
+ *     - otherwise, it the values do not fit on one line, or the array contains
+ *       object or non empty array, then print one value per line.
+ *
+ * If the Value have comments then they are outputed according to their
+ #CommentPlacement.
+ *
+ * \param indentation Each level will be indented by this amount extra.
+ * \sa Reader, Value, Value::setComment()
+ * \deprecated Use StreamWriterBuilder.
+ */
+class JSON_API StyledStreamWriter {
+public:
+  StyledStreamWriter(std::string indentation = "\t");
+  ~StyledStreamWriter() {}
+
+public:
+  /** \brief Serialize a Value in JSON format.
+   * \param out Stream to write to. (Can be ostringstream, e.g.)
+   * \param root Value to serialize.
+   * \note There is no point in deriving from Writer, since write() should not
+   * return a value.
+   */
+  void write(std::ostream& out, const Value& root);
+
+private:
+  void writeValue(const Value& value);
+  void writeArrayValue(const Value& value);
+  bool isMultineArray(const Value& value);
+  void pushValue(const std::string& value);
+  void writeIndent();
+  void writeWithIndent(const std::string& value);
+  void indent();
+  void unindent();
+  void writeCommentBeforeValue(const Value& root);
+  void writeCommentAfterValueOnSameLine(const Value& root);
+  bool hasCommentForValue(const Value& value);
+  static std::string normalizeEOL(const std::string& text);
+
+  typedef std::vector ChildValues;
+
+  ChildValues childValues_;
+  std::ostream* document_;
+  std::string indentString_;
+  int rightMargin_;
+  std::string indentation_;
+  bool addChildValues_ : 1;
+  bool indented_ : 1;
+};
+
+#if defined(JSON_HAS_INT64)
+std::string JSON_API valueToString(Int value);
+std::string JSON_API valueToString(UInt value);
+#endif // if defined(JSON_HAS_INT64)
+std::string JSON_API valueToString(LargestInt value);
+std::string JSON_API valueToString(LargestUInt value);
+std::string JSON_API valueToString(double value);
+std::string JSON_API valueToString(bool value);
+std::string JSON_API valueToQuotedString(const char* value);
+
+/// \brief Output using the StyledStreamWriter.
+/// \see Json::operator>>()
+JSON_API std::ostream& operator<<(std::ostream&, const Value& root);
+
+} // namespace Json
+
+#if defined(JSONCPP_DISABLE_DLL_INTERFACE_WARNING)
+#pragma warning(pop)
+#endif // if defined(JSONCPP_DISABLE_DLL_INTERFACE_WARNING)
+
+#endif // JSON_WRITER_H_INCLUDED
diff --git a/ProvisioningTool/include/socket.h b/ProvisioningTool/include/socket.h
new file mode 100644
index 00000000..8f47325a
--- /dev/null
+++ b/ProvisioningTool/include/socket.h
@@ -0,0 +1,53 @@
+/*
+ **
+ ** Copyright 2021, The Android Open Source Project
+ **
+ ** Licensed under the Apache License, Version 2.0 (the "License");
+ ** you may not use this file except in compliance with the License.
+ ** You may obtain a copy of the License at
+ **
+ **     http://www.apache.org/licenses/LICENSE-2.0
+ **
+ ** Unless required by applicable law or agreed to in writing, software
+ ** distributed under the License is distributed on an "AS IS" BASIS,
+ ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ** See the License for the specific language governing permissions and
+ ** limitations under the License.
+ */
+#pragma once
+
+class SocketTransport
+{
+public:
+   static inline std::shared_ptr getInstance() {
+       static std::shared_ptr socket = std::shared_ptr(new SocketTransport());
+       return socket;
+   }
+
+  ~SocketTransport();
+  /**
+     * Creates a socket instance and connects to the provided server IP and port.
+     */
+  bool openConnection();
+  /**
+     * Sends data over socket and receives data back.
+     */
+  bool sendData(const std::vector &inData, std::vector &output);
+  /**
+     * Closes the connection.
+     */
+  bool closeConnection();
+  /**
+     * Returns the state of the connection status. Returns true if the connection is active,
+     * false if connection is broken.
+     */
+  bool isConnected();
+
+private:
+  SocketTransport() : mSocket(-1), socketStatus(false) {}
+  /**
+     * Socket instance.
+     */
+  int mSocket;
+  bool socketStatus;
+};
\ No newline at end of file
diff --git a/ProvisioningTool/include/utils.h b/ProvisioningTool/include/utils.h
new file mode 100644
index 00000000..9eb991bd
--- /dev/null
+++ b/ProvisioningTool/include/utils.h
@@ -0,0 +1,30 @@
+/*
+ **
+ ** Copyright 2021, The Android Open Source Project
+ **
+ ** Licensed under the Apache License, Version 2.0 (the "License");
+ ** you may not use this file except in compliance with the License.
+ ** You may obtain a copy of the License at
+ **
+ **     http://www.apache.org/licenses/LICENSE-2.0
+ **
+ ** Unless required by applicable law or agreed to in writing, software
+ ** distributed under the License is distributed on an "AS IS" BASIS,
+ ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ** See the License for the specific language governing permissions and
+ ** limitations under the License.
+ */
+#pragma once
+#include 
+#include 
+#include 
+#include 
+#include 
+
+std::string getHexString(std::vector& input);
+
+std::string hex2str(std::string a);
+
+int readJsonFile(Json::Value& root, std::string& inputFileName);
+
+int writeJsonFile(Json::Value& writerRoot, std::string& outputFileName);
\ No newline at end of file
diff --git a/ProvisioningTool/lib/README.md b/ProvisioningTool/lib/README.md
new file mode 100644
index 00000000..d9ac780e
--- /dev/null
+++ b/ProvisioningTool/lib/README.md
@@ -0,0 +1,25 @@
+# Instructions to build jsoncpp
+Download the code from below opensource link:  
+https://github.com/open-source-parsers/jsoncpp/tree/0.y.z
+
+#### Unzip it
+
+unzip jsoncpp-0.y.z.zip
+cd jsoncpp-0.y.z
+

+
+#### Build
+
+$ mkdir -p build/debug
+$ cd build/debug
+$ cmake -DCMAKE_BUILD_TYPE=debug -DBUILD_STATIC_LIBS=ON -DBUILD_SHARED_LIBS=ON -DARCHIVE_INSTALL_DIR=. -G "Unix Makefiles" ../..
+$ make
+

+
+#### Check the generated static and dynamic link library
+
+$ find . -name *.a
+./src/lib_json/libjsoncpp.a
+$ find . -name *.so
+./src/lib_json/libjsoncpp.so
+

diff --git a/ProvisioningTool/lib/libjsoncpp.a b/ProvisioningTool/lib/libjsoncpp.a
new file mode 100644
index 0000000000000000000000000000000000000000..601854f494e9d1a8c8be89a22bef826b5dcc4cb5
GIT binary patch
literal 2640366
zcmeEv3!G#}RrhR2NC*iN5F|c;0mTG_WO{aHAK{hFZpWGIBg4*a5+Ts(nYp{$Nl*8r
zr+XjhCL1?nb{q#*B^n=KRFnv)@d3n;geAme!3P0RqoAycy2GGEURe>z_divq9{1j=
z+ugTsPk?Xuu{kw;t4>v&I(6#QIj5>#{OV$DV$W;OzPK;^zkcganYRDi*Oyz}zkc;P
z%5>e?Jv~qVaL;Ky11tYlXt2TqD?G5m11mhR!UHQju)+i1B|LE6ho0WE@^6I(D?G5m
z11mhR!UHQju)+f?Jg~w8D?E@L54`ZVztFStZ-oXcJg~w8D?IQW#RG*mRQ64c?(HeO
zVX{2BcdUTKwy}CHH?gN!E7WVnQhjD*BEO~_RCd?*A|hMssO@g7k&L4{+zy_NxskD<
z!rr{@oa}|{8{=J{uhpuxk;<-WUUiL`I+V@%+dzK%=51pIO=!bTs?oV-IfkZ-wV6QV
zs;?~+Cid^o<#Ge##Tl>*jZS6v$V7ZrqoorVg6*iBhiF_+9a$W2f>CW%0aOvsl2(J0U8RXrp+X1ok3PlSEu!$w#-(8(~X%u`71$>D6!VpAe;6%#VIcIJlC^v3GcR8Xn!sNN7%W{B|pg(2}rY|PgcCnp6@r5{v{o27QBIRg`o
zS`AI{HMgJoa^?8-!9+c=oubbhYPI5l#B8~N$zTEkVq0TsJgBvlbxiPWVpdVPq+b#(
zA)!F~vFYMOFeAr1M2g(*puR2GU#I28@mWxU8xtSa9MOq~)mNB19V|t+^)s&}>|(v+Qk$xc@iJty
zHQCdZq6*rlI#w@?IaaS7g|T&o?VHC|liV7sPnZ2mg1?#_g&qBc9XYJrqnoiPUI~<$
zU?W5VW0Z;mOvRm*63LH^_%~WDfmuWJB(5GTY`;EMdaV>YTsl89QJfCONWrX3M25tN
z!Youucd&(r_0^$mn6FCBahJ8Uo7QxT^|S^R#-U?@`*|gzC9}2CgQQsNg|D?Tn5v?b
z(8t?ZoLAS?BD>k{{J@HO#(OVy>)j?%alo_j6
zf)SqrC0Jk-6w8kzNgJ?DVh>fS2el&hFe7@_j%^f5i!)Pm?5y8sBs#;w^68
zm}yqs1XJa5S2k+SO-=ZVJx4=dBAc7_K(}4&G%@Lgb{@(t)}_eMn<8e`yY~VnC$<9~
z?EKN08led{NYjP^p
zC`q4<=XNMkj!rexYAw8O#n#H;(QU09ZuQn=7!Vq+Z21^AlI7s_jcT2jj|dCpJle3q
zmJ`)6)y!_wWN_)k=4-NAY~^dB8CyBqR*tQ*teZH771~J$`mt3->ngHUs6BnvDyV1d
zvZ&Wq#qH_JEfsXktdz>6scxVHebQht3q(kzbY`$uELVn*V(HAl7}{AST2U`ub?Noa
zuVE$@3n`gWAv5{g(imGQrqn-PT4MF3)B#P^W}G!)lGMP&f-X(aSs+Vgut^2R-s@A~
znji@4aF%^PG%sw!f5?Dpu&Y_n4wI`*S7Z$f{hV73MbNk%&@5=!WIVC;P0|LnCn8+H
z7%-xkaz0E_^NnN=>3^ffUW;T0%ZyD}<&5xBUT3f+Qf{pw&Si~K**JnULEZ%s!t~#5vNwJ3*YDf9-n8zEXoJ3MYI1uDkSAu6$-O7^|-@j7-9+
z2=|oihNDZl)vB68X$l6ZvGs*5<2lPI1n*DX%2a{%Csl(iluvcn^m4pBBv$kJsUA`#
zxRJcw|MNwT<$Wpb<@+(`D;0keutR4X&}g0{P+S^D$ZDw+j})ztB6J{W>D
zjZ9L;Lh&F@1x{+SyRN
zr1zIxmwJwcGq*5%)NU`aU6wIW1wFMdWH9SsW{XB4q?1-#3u2kAH74qW6mfYXv_VS0
z+!{TlRQM{G!#AS&{Ca~6ynThRo*^b~?{+Zw=#Ijs=_?WNAW^r-Qix&QTG0OaLb0)b
z#Goa7gl?=pRr0n<&or7|v8kw?xw)aq(k_;X1tAa7`t=3&@#<;s>${pWxwS$72#ZUh
zI6Y1Ltkkl2?LKU}&C}(4IYh58SE^bEMeu^~yt_K-t%jlYBk_+cz_H
zgB$(S)hJr@mZxhU1lQIA>^}uETI5Gba)!tvduU9U4r6h$6l}3*h-(we7%A-%x`{@eBo`
zvm)K<6f)6?P`BKOMW0M{m)F9oMS0f*OUELw34X8CTOMm?*haoQbqWrb2K0j5V@d-P
z)UxSfsYVv;wZ_b?LbAvPHJ+Es0JvIZ&DfSOPW#vGo))Yryfx2H~>9z3I`{!(`VmA3Vjs1qC&qOhj%IsarlDVL1u54y%Qrl
z+9->{vYCkW4sChZj1He!p_j|mO{!Mx5Meipd9Y~iOIx
z7R}z;;0;V^t<^>{bN;_rkZM_(seZX=eIU(FX$>Dss)nU8Rxg*2pE9V_ZUje;US0ob^d4{wt
zB*y8ZJ0V^9!ik#DWg1*Mk6(fx{w;wRT<5qpYmL=_nDy6J)-%>2LzBPhp(RKWw6#uq
z6-6xCaZYRA{1DHz*nHH}kq@iYYN)SD1dywYL}*jrkM`%c$xS4zRb?@GL$L>u>lHKy
zG_~z6|*q|IEEvyb=RFtPmkc!RyOzv<+dOi=p4@O6lg@bG4
z3W!+p#~8=S+FjM!zG7{11d+I&8AYOC0<|H{;eCWcpQnG$&2k&4cvz;lD92p99pR~{CCSv3liCH_Ax%MUV96QM(G=NmpFD>x3y$a3!_t|aTaZ&)i}$zt4maDTE}Cl7OFSaGM|j6
zJ@qCLS0~L#To;K)QgzIdG|5W2Tyqk8m!zR56xY)Z)UoyM*vxAQhhL9MY`gH}Dz&3c
z9S6q1=-TY8E3@U
z$yl~sTOO9j3_CCg{f=!}b2HFc4uz1oFXpoA?Njk!Mi&yRHMLdOX-;ZE^
z!{GjXKX}RnCeZ9lb!5f_1<*2-6-vDa=uQ{|qwhX#jDD=AZz?K7VuV&2vhAo)4w2@g
zUhA;$ua$Q1sV7gV
zJf=aK&-I%PAy(ftu*PV&`ttAzZFAM_Uyz{7Qz`Vht%Y)RA1q|!)dm8=JuKl_nwDKp
z(tZnd7B92)S6l6uhwy746%dg|w<k`f4p)^rkgfF7wse=z6Q8`I@rXr+(8;J&RDx%$rA{R84RDVTL3+wQ&_O$TCIbaog?i>5}B0bM;}nQTI>_F)U5?N!Qu1ruNIND
zaW8*5AHTIXj;^<|n@%IV=1#>j&Lz!RRG(Nub)HqtSx!&uRu?uWmiXG{$)?R+u7%85
zM$@F7wX8WN?{el@fD$owum(Btwzdqpi+WZfXJ$=Xmq*UA7`c%+*CQbsUHN13)0wHc
z2z3=pAw`qXv?NHAQKXcmPNXTssRvKX64hB=@l7{`srtLuJI9QsQaZbgh!5}7%*f!~w-5RZJEt^R-?
zwI_NHVOR@oKeB44urYcqzW$9GNEHz;>Byusxn-LTcBFn2rxSX#Jd#rEQl}g0s+Kry
zjp&B;aTDK_MHl;Q8Slrv8T4kQ43STDAQoFv7;dDs)<5E@#y7NdkHU>bHl4A0x$b}a
zNnCL4i`db359P-;u%yV^qz|JzsnvSqO<;$VOz8~qh<=I~;z3W0`wp_|%hQqVo8;Lz
z2t+tIN0CE&f-;`&6vllvC4~G0S0Ja`Q9#iu6g?4Y5Lx%H0PDf7Pd5>Ykz?mUZh4#s
z>75n0Bpni}4Q~bATtx$HO#pZXN;8E@qg+N17M}b9W$CuBacPEvaF{IN(MGxukWMjD
zg+uD*O?CAbC>Xyb3$_Jq>yJ@y}!C$hs1=T6*IhqK1^(PHGAx1+UPZMZI_
zeq*DbV3)P19=W`@b`WsQmLox??SyA#fr#r*bmeX(()Eu=ghHjSC7fJ6%++Og!8%ILCyiD+26B+l@O(~U|3wNg4^
zw7uOi#`dYv&EmvX3fUClb#1iwpM%Ruof)G-ms7xmu1?6cX*(Yh5n05lt?15P3u7oy
zQ_{+5RDyX#1uUdAnKzY2Nwv2qXWdN?`Bh?~)?Fr9+PcfMEHt}PJi>}zvFolpBzY6$
zg1fX+G=znKvtT=NphW~tMS&BK#Uiar12>+?D0E36IP0eKA{3<=k_n_`W??8HEp%_O
ztmBq|H;W@K=3Gg0Lnh+#yJ?@bEMb||lVpY4U|H0nbvriyNvI;R0WFd8skI4Hn62ei
z#4QJcZyn=HA9R#Kmza6E>}&%R4MKL3Z8%qy^}5LPjo#U%g|+&0&RMJfkemWqHkF!iZ{>iPYR~psb~-b%=@Fv3t;b_-vGt9yRpk
z=zLl$RJj613BQqVFl6NG+?=?Xs-m?oL;;sU5ivw2SQal)1iPy>Y+aHJYHPKXP30$h
zi-;RSjs38OcVd@A6z`f^u`*emDikLsFfB~;IF{GHPYLe;4IgT|!q8R4aw7nTCTR0v
zBzl`|F{o2NRQokmg{4w$ho0BO`V+1+YCKYERNRt9$9kg%uLSx;s!@Gvy@c9`_)B;<
zoQmfDqTIUpj@P24Qcsg@MeR|=-{hv7Hh+^9r7$I$`HbA5fvm@}V8?S2;lb04DGc8*
zF45ygYG%UrN%jSBM%?_3xf*{YB8*!Zb|5~+l7a(0rP>Z-3F8Ud2ATIa``N}je8yly
z_6;!*g()JDT#wX@b?_T(3QFP+7I0-E3^U>lqT+xsU-(Ok9UX*jzirxqi_F47w=|K3
zr;rX=1t(HH45L}1#T&qAfrwcdnW{Fg*%wTt>e?v*jXgQnVgJ2aWXrLHk;4RLTyZGXL(HzHLGo&f+-mnZtkuG
zlZB~Z3KzVk+eSssrD+>PDr{IjLKY(0#;fC-BF#tBAw%VsSj58c#c9h_H7(QnAe{)a
zPXWX0kh+ULt%dx|pFu3DWn>7>~fI_)}*P@!E5fVKRvIx~Vs{S()YpP)&=C7`gM>ETa{f{MAC=
z-8$`Po;8T(Ay|;btYMHm0yT6PvWk
zhF2FW9zdw{NhQO}URaVz*%C5YMJlqyiQ7;W&hMPJ&CF9xQ4n3>#?odov5JspnrzF@
zuTy1|Y15&l&~_66;kY$xgLQQcoD8})6Ea0AX$#e2dfTPjtvs8qI%Ooz-V*n7bog)@rq`S$;BrZZcXTur-Q0w
zv_{A8c8y?%^}+s$V7gwaR*c!g`c1CpAv~o_CNB53JOf$H9syaPG0icY#+yYlOPbW0zr)~
zRHA1h^fO(t9BSJxhjd`9UaXfU#_F|FWjFA`_fEQs>myxvCO&Rxu7z_DU8%fM){
zzGp*icY~g)P|=xOGW3bnEsgX*Ihee@w
zB;Qi3?Z!z$M^*S-+@J7y(0rCH-E{RuwP4ppIG476e*uTmW~vn!$?FFSd;1M{t*!5=
zRrhUgRO+RvAYZE?77LH+AQ}$}(*FIqTy6lzqDq3Vz?=RvgQowvA%SvBb$4kZ8-#1G
zqL7Ud@L~~i>$2iZV9hx57H%Qq)Uf+~-n`W6N1x37?^`#1;8cEt{
zVVt(6XpdTw0R)((cOe-5vz5k
zfLz9MxsBB+(g8;*yQ(31h)a`CQ+dl+X2JBhKxi&9m^r2u_yBjLI>P_pZmF
zzyF)quwTCo+DdNiCfp`cLQp)68>3aEgq6jo;h;6`7ZXCsx==LI3kSJ$4+m%V;Zk3^
znoFpz;!hRmzdooG$LS)JT_e}b)Ueq{NL6LBfOsHER;qP89VKr4#)Ta6Qjc=!hJbEZ
zARB)Uzl!i!9ZggMvJrAVq0~C{wKy|_C@rc-e9GsC_KIlyz52#-oQD1}yLH#otsdQJ
z8%|*R+J;Y#whb1>@vr{uH*O4np%METc8A4~YTunfC
z3)+D1c!^DBE?FSFXj=|bvc<^
zZnDiipY}CQ%hGff3SFa_l4@P6z&9w6L_$yQTE(UU7@Vfr${i6h#Oh!GGQ5g6p#_J8
zdCxur)+wU6ga`Sd&8-*e*p36!L39Oz8KP8&r3fada6WM_vBiPtZ8$?@M}~?@(Vueh
zpW;gg3hs{=jQuo_KM>Cq`)MFQ8P65_DQq~FLx%qGX3p-k$jMvQ@b9U0Fk1|u(roZ3
zRX@H(54YMes(b-;r>rMdTlI{Fb{6<%MLPK_$i;U;imUuPnss7RB3m3L5>^^(ucFyQ
z|J-radcEkDv{zP<&RZInD5~)m%~W;PPq8hXB%@NSV)V`BNaY$W9w=AEAySb6l9PT7
zF;OljWZ7_4I1sz1^uWvQQ+k90Jf@H#>|)qf$U=_MkfNXOUaN6mr?1ucaf=mLQ}TRRD{6oXFjfQxf9W=i
zeL=ga7FQwcuY8|!1H~E3X&A$rTdlvl`+#aURU6o`IoevBxg2uMK`Bt=vTC&)FM|6S
zXJFOc8`SEwLEKSwXkYeVtuM`NgYUWqJ&u}AZ@l?^kYFso=Tc1vM31PDe!C(w0qI)i
z4z-4%U~0O~{*jK6=?Cu6H~&qmt!&4np5gXYVIN2uW~WtXS6ZitlyAr$Bb%)D@0e!f
z{Eu@RCewymt*AUzmdwYDxpMq^?2F@t)XcYX4^5PVqK+BvlsPP9Rvl{)Fj9I;5HmBC
z_RF6-=A$9F&u1V}Q5z-QX^GKNZ)hH#$3$V`3lOw{-E9}H}QAq((M&dqVw41l*b_x8N
zw3H!GESH-=)Sn$__D5ZCj{XU{a~0igk>)_A}BKc=HO;R7oS6t03IQspa2@JrjVciNDz
zQIQ>AFPykFIt5b8c;CGyYGZbWRlxEpwmDrSEi~!ut1w8j2(&d+$OKzgIy?YvWUVmM
zba$+-WQ`%yS}~bYuqQI|v4iL@Ns0)*PCStDWx_!`5j{coE*i}x
zs&u(ZC1_Qy>?C6xm3UXlm>xt1&Qs1mbe;k
z^f=vuK&4=pun)N9;a}JPmm9AZ+Z9^g<#k1Zc|{X(%Pg*Fql18;@m7O{HiB2%
zYOyhcsxBtZPL69JKl`062EQ!vh?5DKrhWhH0
zydOt{I5CnH?>B6
zclXSYTa_x>HyhA4P=@zF{xJ!;_(e9HguMad25Bmt13V+!HLGEPl&|LQDdFs-wx+dh
zo{Qko%fFI>X^e9;+7!BLS`}H&J3)#I;pL5#JEkK~G*Hl~dBZG)QIQ%=5ADE*g)ZQZ
zWFDIgTW^uXc
z(fmhW$lrk{WpLB~mEafhg^3t`oD-G~Gm7q)Ud1aR+3hmdw@^ZQySf&q>
zx~O$C{sVYJfp2!efme8DMW7h)%Ft&i&7v_-hJh?;*!1F@W~?PvR?XX~`=*q=t__QB
zVz+`o>2eLrXwtQgP(3na!gCd_)bqL(6D$IcFB1!O*ShGPLL!EkwS=zKPS>l|s#Olb
z`EIC&E+m7#C_}lme6^)SB+R$D*yYq5<9&4bOhb~^s^}(a
zVu3F0QT6zDM`?@~#uSpW`(|fk$SPf1?Qgt=kBP(=mcy-h-nv*WSLvlZTs%0WuYuOV
zS{>KYou=#dF>`SgjnQi%nsuIz`aoAy8&p(XE9&eM=8-B#RIjNB4Be
z$XEo~;!y}Pp3A#DO1r=Y@~&3n@k%3`L7mmYvPk!d(jAT?@|AAbe@Az)i6e{t!CYqu
zC$2A{9l0daiEpt9fH>-$vfn8hoYPDa2t!&Jmvh%
z<|#n*6cwdmHxEvm;k;RVEaxep+UaGwCgtL6$1kzQR=XyM;*8glxvasd{{83
z#D2KW+pwP&*`7iz+g*)R_Fz)O6%)L~Yx%ue@LHnG5n<70(1Zx}QOiGDncX6}xvg56
zL0Xb7v0jpdvU+L1Q_y)g2T84$${(0_4J%hTb5pMsOLbggG>cC{YlW<8nR}drZ+I8ICO#FB
zCX#pLs5c$1Ht>c9t6en-uL4*;??SP$-}ZY8$yL}@EMxCf$GuU)r`=&p0|zt^4_H$(
z{-_cpNunv7rg`WEQVUx)?qh2$B$ZtIwp+H;s|V7cVy1PC^BR_U-^?1*C0inPN`+c!
z_ntb8IJnXlzyo4nMrjhTCMysKavMCzJA&kFyY>)F0
z!DEFPagSo5T7mULx_Q;LU}>j}!TOLeoRGRK`?}V9(n#n62R1NwX>R5QQH_1)ibqm-*s1%2
zLhZwIBk10s$dyYFSL||pct%bIw;0j++S@HT07RpLQ5fZo*;!JY|s#N
zBfF>Q36UKZiT>sq`qI>g0;6LpJkw7LP)n(gY=Y6Xc8vojG@A@Qsml9ouxYT7CB^45
zZn{rSQ=#Po@EF0;&?KMhw?Z7qnW)1YvL8Ln3BEEU{RjfbGCBU~1`g?zqh&hc%1S|N
z%`s{LjvdhfTWGUlCl!#Z7%vJI#HEBFm<%39C)~!<6jkLz&!ewV9<5ATKZw>(R(-y1
z^dd2qfi$X!!#LG!!+u+t))9$Dk&U>OzJw#4ZwV&FCb<9skWpQj6{stZ{UG**cqn_l
zbYj55gasU3s+S(GK54uqKF6mmk%5G<|Lja3*i)qC&}qk7z{h8Q1~%sxs2EWH4Xzb;^aY
z`9kC@6Ff;=)>mA5O~Zo5mp4I{Kr?JEOMG}kp1Rc#7erhV7wC&yTzD|4fpJNMCPgro
zabF!b#O6BZq+d;*XZNIcEtn9PcgSlx+7vu%C-I_s
zt%^WU!lxoPB8q^Ee4hKG^aji311VsYZvfcZdOls)^%gwcXy8da+aqYI5tUxfM@c
zl2qf^W4WUZMMt!B2$WQ8V3D?+?D<3>XNP_ICW>?M>c-l%ZhwJ935ss9ZOHA9&a>OU
zi-vq~=yF`kkS4wWKC;V&pGQ;Mcz`(Uplg0QxF+D)MC8s?b*9@_9Z)1uVG2g3sm4^2
z=e>KKC4Ec;NiAD%i~F1RHo=45ViW^eZyn4dcDz`-3$W`!E{d~bi4OZF)d`_1;yMIo
zxLLtE&JYr@+;>_P8JS{XBw*Nr40xc}$xN$YoyB#7Koi1m7z|wkn*3s?xnV
zLZJi=yov#SsWuQ<;qicZ`f6O~GMW?=anZAoc;fA+*a8PdDXwXrWf+Fu2_fTN)s?rZM5D3we!$hz5zWZ1Z+wujk;(_Igbg8-1@M
zW=SZ@wgqt`FE-GA!v4Z=P@I$^o&pS%p(q+PDz;$IWzhu|cWuQcz+h&h$9gUNr
ziBsFX4xuUg`_=eV`%<;p%NT9Qdp!z)C{EmFTnXB)cQ;_hES;z^FD*TmQ>u(ip+@Ku
zu%yVF_%iO%IzB{$M;=BulMF_;pb4oH>2PhPvOdt7gbf;5!lmU021LvRWBJL(Gm8nz
z#_-&_u#L)hWH=Sel7?luWJw}qJPfvzbPcTPbeBTDJ@auIuc@(t$?+1^+Ds0CqOFK&
zDqtRvhOs0IZwJT|48Uoy>JBpx3!0>`59j&G<&aM6vQMUANi!^VD~3N@SC
z8HzSj0v9^4fTzXxMM&`D#`}(!S%&htb&=BRnCH
zTV)f9uT#1bOaO5Hi_JLim0Fd;zIIAV6F*ArLj;FeN|aO3dXVMwMwSvr6;hEbikv>>
zsJk1QX-r#jNI&TskjJcDpM`EMKU+fDxneqs3#)$!(M!v;_+l!Kl
znTv!-buaFZsqWx-=ZLw99Ez*d%Z}=!vy67vgK;8(leSwI?MMooMC)6)K*&jncod`{
zD7bf27%s3qZ6|`#RY#sC85mB^2+TIV=K%wkhLz2vASR|&D1rt2hu54dc$pkl5V|@G
zx1i#Y-f`8Tb(5u;dJ*pu3wJL>M{Y>nkEE_8*nzXBu?Pa{hG0vSfUTCitHI1nbyvE8
zcCk
zbuh|ZB9A%BpICcmhGQ(5;$)!igYkHhn1VPR^7@uWgbfqHJLQRv{6DnuLL53o-VO>$
zhuqbN&mkM-X=PDW1}B%}b;)ja>LeNPI7zVkRT1@IA(scHiHTVVnS`i9TszP_7PfsU
zAZ44e-I2KA8wRr#YW7|Yb}3q8WH_!6qvRn`*XA@g>ko`5^ddENVo*z<#)ExWa&m6iah{0XW^dzQ7M_2FRaNq7d>_xv^~Xm+(Av|Dy~
zFoaJAYMZ0l!Fo#39+s9j%&F)e*0!#oEgkP+eJzO39nm681H~up>|#B&5T?N^0L?$39@}lADF_G%RLS}kkg5nDDwd$30A|kGn4H0Gzi4oFQ+ZX6E
z`rXyqfn?Le+E{*aVk_GN7L|@H7+CMu;7*;%>QtdPF#!{XX&%S7TkAz+EeCO92L(f{#sK=F3*{Ya9Rx3t
zAckPFyxrJuR;OnWPd`GTlJumA7;m{dyiDv4Hx{IupI&zI#;;+L;e}ImnW8*qBd@@+
zD$8ZVFJ_;_@*w*v?0wQ&+9wfb3f44At?I02lS7tLycwC%<|MkSYIB~64Q9f=c7wgI
z&3xuXsR=%5VN*ex93FAzS6)agXxc;2ppjZduZ~|IOw6^0MY7qQVvrF3NJ5{3aHb$_A9kuU1DoHzarS8Oc>aKdS
z(gYEoCOZlN*5U5m)lAw$C|y;JiY@r{`s%rb3yn*>Co5vT?3UgWzm<>THL!lV>~#1*
zVx7Zs*O7S}cRH5H#Jy&`G+C-avg0fpuIbcjFZ59CcW^lZPIv_S%80;5(0m74kyvQ3
z0uoWtrN@{(c1(-dZ<0?gGzCnE-u_Pa?MN)vKFcm;2
zw_5F5tgyc!rG~64q&3F%W>+DV*$&Mf-HO(4~!9Zc8G8ybI@Z+r4%t#q7FXE)XL?oVAl94;Q
zOF+Bev2W`}i+tXMMWR=}Qx#sBfsvCU!>FfXt#M8rVGxS8nl{1etiF3Op`I4Dk0aVD
z;82xj^cU8RP!uEiw&`|63_{!+i3-~Cwnn+XC4SJ1*A;$1Odn45HM>(+JR-eXFjoQZ
zBuoW(8}b?&0GlmIY2fL&U0Un}W8%cRK0H0@ll5KG1<7TC$0J;e
z>g7sJunZO3|NoiaiuoZ`ch$7zWatkx+{a24lANJ8w)>*$96#q3k?)%q{U7E<(YSr4NetBn3`~yFZ#*%P*qf#$T1&%TUp--~Z
zjxlbhRTI^(e-9P1zl7Uc**7&x8?4Fl=-x54xj{fJ3sYLcgBo;8-h{#IAO5rs>pa3%
z1AQe%EC-ffd8)8j!RV|mj8ta|mrvDqm5aM)M2%y3NYwXbq8j@mWI=U1vAYvlahvB8
zgz&l&DyQ2W2GQbOw4R1h&>U%=OS(>>^NZ8}IL{rRMvYpuZ}pyFf8<9sUYEoAaCMDD
zCBNsl4!%AyHdE+_Ndr8b*7WNR|4UE+fl!M6-GF@@#qo~>h9)KQgs|?CI9&THx
zmZVRz;aI{kNc-pp0;2BBF1mC#n4}?+eO)c~P&>dOwNhpGWkW)($?xykboE8GVAn;E
zpZoV0AUtQt7KAs03w!&U6+X}`gSZbNsru`iVVE3mo~0R%ag$*^6XErZDu@#%g}g;?
ztd6VnC&22ti9JRAP~HT&+!4j@A70^+6DtQ@eGS>C^mv*&r8010{y?eYzeq_Cx4J2=
zV#bYgGT*N%sHnKx=2iYp2^~8h%aZsk2xZRon_1v3F@S49X*>So8@6uQNYDAyOXDSC
zlaRDFh=%sjoK;+gwRo%`uM999wCm0Fi~LuKZGJR21|#g$@Q;Fb;LOwX8WlNv^&6q-
zTwCV((k?bpU$CnJfja5FeU2>~sb%hqH6EX|Zavc?QbS?<5E~4#X@GwaZj5N|+LUFf
zhH(h09JJsciGr4F|IL<>SXyV?azy2AFdYU1Sj+Oh<0Yg9HEHdOt@{L92E8Wzbr7WrA=vVFD|w5
z&7^gEiZd)yF0aZt-lZ`T!T{UOi5pM>8!8M_lWMVfA`K6~0ozoM$hV|Nq^w^l4Yq^M
zr8T5PKV8n3Y4i-OTpCka;;{nK`SwU`jnwl%avrXeyKQX8g5uQGVzZC6GR+tp?sehJ
zWsg%XFmOav-OHS#8SSpm4ive#tnyN_g%#aVL+W+ifh)t+-GRON8t*5K9K8&eWk>r$
zi?g>W&K1&ut?4@Hts&Qn1Q(?TR$taAmFvz)NnGB(-a@;#0bV@>+QEDUclBx~zHQ`z
z;uI1Cv=S>LiMM5zRUuSf?eClPi(*^4+%Ip_l?1W0Wd(s;AF#Emy|Ycj`QyamCdCOB=F&FuHhYPJ8D
zvMy94W+*qzL}}`}@>tz*ea_`zz}^(>Dq?dslZOe--aX3!a20FbwvcGfxp0KX(wT$lxY^&3
z+z>)oZPKuN4Vz=Hu~_UAe5;%>^eZDjR*uymQmRt{aNE$CAaOiG`GJN)+q+CrLquSo
zSGOX3tQh4K3p=@z>+1_6w6}*dKz75?B`e@Wp0Qdl?=?_NKwT&AqVkrC3v1G>$aqLh
zdtaa8u4%jd^0Y$<4DvED8PjoOheN7n{&Ka$)R*Z@G33k^t>%hM(JnXBE76>>(S9B*_jg0U`Bk{Z8O#)t>unn$3g_7Dd*BAsxcA(a@EK{xFAbuFE+gr-5P
z_a(e-z{+Yx6G;1-TWgBiMs48Jv{52VSEp2lYV4L(?M;s}UED
zh;aEd8VHyk+q8+sN!=pFxk3>s&o~T1Sn274kr9d+gw?OjsM0G@Dz~N5f%E4dEMhBgX->vtPVXlZNt2
zDN`h|tgDg3)@iUCZ6$30f?iLu94WfV&U)KkziSU3%#fnobc>=cYj_&6npt3bu%IbG
z((*ZoWvkT+j?I*OW+X_X*6K=1KGNm09AWq$Vh?AtcAk-I%`DOxA++OT42zH_HI;$T
z&4?{HqJ}xRGz;gRc+4@V6=!gHXuS}Kx0h7>Z$|jX3JqXa_XVi%*G!OidNFt^`N8)U
zgwMs0SuxtNVsdpae97;{obv*{lW0piKla=A)(1Ql>Uj|g!WRtZ=2c?7mk
zA%1@&H^F_-OpHJ$GV~eq
zE_t`DWz@*!EFIiZJ5aX|ERPK(Z0TE`I&*6<+@aUXd_b>t0u|;5Z#Qlrv5q
z*UNm@I*toCaOtVL1&9URKJIuQZJEesjFTY?rdFJ?vtVkJbO(mAh~5w!fJ8#zbq#x9
zwy>rXFABXijUqc441nov7N*$jXruPo%Vk|u+rH(hj}8d=-V;t?Hz4WUihZ7{6&j-N
z3K2Q&muISl4P;<)|DE8eW`LCRZXp9PM_t8kVtM*%HZYiUsjW}A1}$t412SA@Lgux?
zbiGy(5{r$2A?sX%g-zSmI%$}hJ{`7)7A^Ed?JUxhDwm^kqSBZs(P_h+z6>ekF3dMK
zy~)iK*&w6VN+-?pcw;jY!zCS2W_MxUA885
z@3LjJLc{i$isr^8W{gA~8$eygoYpLO8Cp)H=oSZx?Tee-`+zjGGn+}C%|c<#qneL8@NaCJp=QkdQee
zBNHyBC*I+Sy`5@$G*wFJWzsX!mJM*DCLB$SzhecBZHVp`(diCyV0{D?`9{pp{w5W3(v#;C8UA-`diu<49Q5ke+pDtv}z%JR@to;J1Jeq?$Fx{Cg
zM0aeE@ts4LXk+%Dditi?R6z)YRvHot$_^{i%4GlCQnDXmjUT@F!PF2dtNkpi43iSI+Adomn9RfkBAB;`$aEaUZ3s=dwu
zFjFV%I-wfSpnHW!hjv}`Ntr^;rHO7sELssYuZqiY$!Cboz?gb6kft+sR{HwJHnF9=
z(-9ogAt{7{Y8$4>3(+CYsM&m=z;Tv^Vq?F2@Dy9L$zY~ltKwCpRBSJ7$MS7mYr7X&
z&QoCyS$XO5=ct7@i%OKHW3}C7IL^|DDYmcDh=~!-a3gNwl^}@NVzqjzREfQ;Zgn;b
z8X5zj{{b;5&+SG%vzY~}A=|?c3kE?XACI94myLA~k4`YHT7B~)6*p6ujAho7Qp)x0
zea3@hUjM?LO27W~lq|bXvBGBucVeZVE|zK|9zBaz7K%l2yr_|C@ICM0X10Z&no??P
zOWi{EbR-Q#g*-&DTr3ebI6)XngVXXk-9rta*F8wWI7XU&kA*yCHe|y5;WF)5W(LSO
zhe0Y82PPRgY}3D0d!mg4_wE@RM~3Yb8lhL=^vgzC4zjg;Xq~sK1_Nk#bl5^@VBa=d
zW6Ti5TQus;8YG@a==2;l++1=;oAurWdyB-qi+Vet%^dRKLS!f$C2Xnww
z61~mbjp_)sQ!c*VKiC*|^2xU2BjKz&Yg_kH@E8R_6{Rk>N;x1TE%ij$ML7#;Zf>hi;&hHYrc*WHpiUb~Mt#m(
z@eN`Jy&Xmfmf)zOyH$rwV4`A3V~((jY8+U@(VnP2;0{3*5A?C)BlcL2TNBtaj(3-|
zt1%0G$DCd6Sa*s(Ap}B1l_+}Fq($l^zY#NNy%FQ6ryn;{IBuqL4i1?a@E*-(*oA~|
zB}9k#i!`VW8z6NGudwngGd(o*9q=r(wQI!_rntalcO{rCOa)Wpjg;DG#IUcIy;Qm_
zmXMHALQ9JBgo!l!w#BZHq%Z{*D0|Z~RZSCIpNkX?7?Ce(!=j045z*AB)q3sgGW9L=
z5hXs}u2edgwf@jaOSOCGe!Zc^XB4ZRT6n^*yR{)$h0)Q!hP1hYne`*wAfE)5D_E*h
z*7_n|#>PN)w)|QM)f>D~g#B&r$qiByMCevf(lMeP#*355G|No9r#_cVkpd}wiQX3t
zMMz?3!<>;IC6bY4K#4Oqxw4wc)*JVv%&Ga*T^-UMH3VP7*(FC!Xt8?K>^QY<(Kb9y
z+m;)?ncFTRGffaQAUDzN=)k7}zcOxCVr5wYy~A*0URIKL}?3Zas~r-fQ$$Cd#SD9tZ4K{6b%>
zC(rEP9W^;`rnSq2hsgiM4Bo{T_qFxEp*1S|b!T6X=lQS!q-Q2CnwXxxsCu#d2^Pji
z5c);DW}-7)+^=v*X#XkG^1o{a2StYUYla5a4p8#Cvv1CCx%{+Mt9sP`R`tBL$NZ&!
z?diGW@VWYrOGWC^p3k2CnbRrn1NaZY4>Np_;YR@<;`E;}e3;=QfXDIgWBB)R{_W2J
z{{sL1694{+e|r@0lbrq(;9qn4(|~`&>Awa1J5E0a`1hRt2f)v8`m=!l$mxFq{2ZrG
z0RA(l{{`@0IsJLSf8+GO1O5l6PXaD-`U`+docwe4!2jd)w*a5ybkAv^J^cgyPXl}!r%wkwgVRq3Jd@LB
z0X~D%X9GTy)8_!5%jstU_Hz0>z-M#%Ie_28>E{AIkJH}^_fpioE`)m;`AE8wVYlDxSrFO0KSUTuLgV#r(X;BI!<58a0A2305@`a6JVaxmoxk^
zz+q000A9iA&461ty%lg9r>|r<3ix_XZwDOX^bWwCoW2V1YEEAR_~V>@1H(5mycY0H
zoPIN4fz#Ik7CAi*IKk;jz<|@c8181c2e8EH>j7`zbQy4p(-pufr>7a-2w3Cv3}Btp
z4Zyve-Uqm!(+2?G!s(v?{7Ft91iXpUH#0oM@D{+I;`Cv_TRA-o_|u%e4e$u3=Kz0(
z)AN8o%jpG%Z)Ny4z@wc0Il!Oi^e+Iuozu4i{vxM;3Gfb1|1#jOaQasPe~r`cVE9gk
zzYcgOr+)+RH#z-VfbZh;Zv*}gr{4{D7pH%h;d>aq7w~Eu
z@HnSG2KaGK|2g1aaQZI+|BBO}0DP3wp9K6Ar~ex8)13Yrz`y16-vK_x>Az?A4}hQH
z^k)J8k<we4!2jd)w*a5ybkEbUX3#%cHvpf;
z>C*wv;Plf0&*b!344(mbHm9Encn+t}1$-8#djZem^s@ny&
zoc=z*@8|Rn0RAASUjX<*PQM7SkJB#(dbNU8`Wxy#;R~S|S
zr#XEiV2#r=fOSqc814n!$Lalm2RQu}z@OmsPXZp~^i6;_bNUeAEu8)-hKCv63OLK@
zp9Z{*(?0br>HBP?+@SU9gb-+70{TqP4$?4w$d>5yG8}N5H{cga!IQ_eT@8R@&8NQF+iv!#@LjnA48{9_RGO06)&@KWF$CfPcy9zhd|az(+a#Nrs;S{A*5s8t`v8{kIJN
z4)8Hf|2^P8aQZWVpXKyF0{#=HKL>b%)BgDK_h
zmea2Typ+=$059Y8MuwXh<^eC~^p61!b9#i~6@Z&Ly@lachT8zIp8t0aE#MC
z0C#fwDu!1xyaw>cIsFE}H*)$~z&COF&42|?Uk6y^^f=%IrzZgePVZv4o8cb75~r^R
zyn)kYz$s2w7*+wNIejBwjngxLbxt<`_i}n4;C@aYVE7impWyUQGCT-)6Q^%xc!=RG
zfIr3Q!whc)oaOXSGrSG(2&d;5{tUx;z@O#x0^nOY{WgY28U7r@pJ(_B4ByW1cEDfc
z^e+M4!RcQH{1s0BD&Vhi`W=ApYKEU7O^zQ@y0jKW<{6kLv5#S$l`cDAgkAEM)zYp?n_W=GWr|$*)5U1}0yr0t#
zF#Is!F;0Jk;e&u5<@7@g{|xY9PCvr%Q-FVse>;cg{%vgd@E0!}o;T;tP|!}F)V
z^g;;6;ko?D+_B;L{A0s&kDSC0J%BA>pclh|BxsS#W&i%uY^XBuP{>aIvA3pJ-!^e+t7P|_{
zvbcq7coH@Iq`(6C?ybSD-L9coBhEQ|qWAFe6TU_~f-0$-PoCG)d)vKKKhXz-^)|$A
zq^BXywxS`;+WMTsC(b;4{BciPmtOdl-WPsjSbkN5H9V)s_b8fva&maJ9RKO9p>vJLsg=X8%0E8y!<6d%K+mhsu0K;H
z&uyG}5ApNTIm3tZr&cX}>K^>jWBNn0<9u}aBnq5Vy%6cc$3{bcpK&J&hJJbE&@uc(
z{}TlsIdok9rT%<0{O4ogKTp_yis3NG-*i$8&#t+{XQAY?^CE8H0H~
z22+v9^lq+k;@hf+Aol#u6TKgN&aSzmo%Im|*e?cb;Jpae@D1j4P45n~U}3x+$nVGg_}MWn^s
zMDJ_Rn0vsNccU?PQDfd^&li%q3;AQJ?C`?YW2pP?d!NMrhUflD{oeb5t?xp0cMUHz
z=sWPqy5>H5)Gm&JpMMk0>K~Mo?WINv*p(RmkR&+#&^7jq9~-{qi+2#E<_;b~!w(J5
z-M(KmXJHy()7-Hmvt=Zr-I&iG>HWYV8oa}gue$YE{mh3&HX`^Dv>j-U9wV&cPsVuk
zIRDc7f!hh^k)y=cGK
zMNTyIS)wfewDdVy`|Z?M4B4H-3-~wpx2nh^XNc-lja=$T{?|o5s>|dhOdtt$3H0c*
zni#5|CDIu}6d~hFM8<_9G&sZav(ykWTw**lKQQKJ2+X~={-MdK+9}821zbM-YqY|~
zBl$bYaR#gyrTkqeBnLcyH@NGasxW%^PW%mq4HK9MB>D2lp8^Zo$-08ga~2-a&!y9Q
zKLDc5ZzXm;N3!cBORGsz(V}G)T{_eJXxb9x;aeUemJP`|#l`pUiF50`7{=Go#`UI)
zQ5%L>HJW@Ln5AMj9i*D
zBWzZARomu1qJ9yjNdp13A8B0f
zF}(0R@zbhDU;E?`Q<;Zq?!jR(az>b2
z1G)G)A`X6dK=ewHPz_W|D1NPD6ie62CN^O%aFCcmqJN=D6p`>Ywx!~5l)KjRFT?XJ
zGMQjUNouNZniRK7p8cs4_{dCsl9{^q1MeXIr3J;Bp}n_$99b8S;Xh_h9#d1to~UL%
znTcwObnk1+jgb>3CN;2NpNDl1i@8)Jc}0`r8yW!VmLUQE_U|*pp70EG!JCir$@dnzEgj~j#Ho|^DL%&Xk|K*
z|JKqziQz1jO>EZU*+ylyXQ*r*Y%i19&PKK+tgS?oXHxpvGL2-<(is@9o}*aZz9psl
z+437Nu+VdrHbY~5o)GyT(;B+q5E_1+3rVq&7+(KiJr7j$H>pF|*nl?<9elE{{v7=G
z8TE7U-*f9v$A8am{GgR_cwv-wZr~_U@zR~xzS+Awd}y4Q+xb~pL}_HIn&Fo{IG_J4
zR)_Tu9z0X7+-3YQm;dH`{+kPL|6-TPh};m9uz;xmI~6?ZB;YK5MlW6$yKD1%TiLv9?5^@;ry3-
z4juf;%NsN<)>QiP((~~1#f{#`&ls#P^I(aVE#8MNP#(Q*_ul$0{PalvtN5>E<9VTp
z4$mH|UnsEg-?S%?0%G#NpM282uD@2a?ZvW~;s#ahmEK}!qI%3Ou3nUz-}+VTKtkP*
zFcfV;hQU?GG0G5*JMW3B?fAsY6YVU1loTBr2K=nGUi^t)F@iLTugc$37t=~`)*QBN
z#EPFgbntWMHeRW7oJT3K`)-_pz4i&>!Q&6m%u&@XJ*W49ouqCbHx(_tL#+~`0cw?g
zOqDr`>@Ks#aqM)5L)zcrFYZCN??SilM7Qsl+xqr+&+pRX+j!CNf`}cv_XZMREFczM
zL&GhX3epMZciw^Z5cq^5{>$Hj#wQfj{5^*czI|0=8ya^PrsoOj2U
z;!F6y0qyBtK2v?FxgXkAc08));rv;Ue|8-J9Rp(kG1*eHkW+pEiA
z>t!GD!Nd6{ZK*0-twy&_R`3Y#U)vy~f&OvnL2&3x!2S0gr9_D5$(nMCC_8umSa6c(@3$&H>&V6)|Lf+7k>ztI3
z9ew8fEPXzF>Y1@tj-zdd6gIKNb(sPrcDZ4rVWH46s|_KOoQ-giVr#kGx{|rrCU$Q2
ze5>{Iw~N2#Xp2ZjG(D^lL`P%9V=6C>Up@Z@u;4O}^fLHy|=q2BN|r(X!?;vaz256^xts#ztQ(Rc+qNq@`6zK{(Q
zk)9k8S(g4ncBOar6W@IDNx_jzMOqu|QSuMF;K%ldT~Ae>yw*gC?XN#VljMW=k5Yq#
zejy9m`)kdlOK(oj8KT}&E;+N|eXA~(Gx0XusR!EZ@ujYG%R?mb+%{!lje``VDHxZ6
zhaM1nJ;gyTYYnE9
zcSGWw&)-S%oMwVX)}Wc-=(sFFGXZ79WClDvJeiNo&Y%?`Y|l7!KmFEI55UehBBhD3
zaJ%@^ImSmhC5vnYBVVm!2(JcY5z^2|BhIs$okoM`lfZ`_krQz78X|?8$l>
zS)NhF!goj(Cd|rjzD{kV;*9%f*vz=F6Uwph3SF9t4A6jQ=`m`O~k6zq?ebG_ui;hHlGM|S6f9Y9Jhwn!F
z?xqdgE1}OE$-n2&!T0pkX)Aa4Dv>;QSlSHXTv@errut)!wn_MR?_d6f{NL~s|1v!H
z=1{P)X`uZwV$&6NO5VJ*-^^AQ-*)e-oZ5#U+8>z_>%I%-^(|lAL#prG{dfHz3Fr6U
zDZuS_07T~auHG*l`*QEIXYZjL3$w>WMixW!v!dMm=y{OZGC6$~RB@4MVfKWbH&S$A
zL3~}9y$&+_-m_>*n~6HSa64B=Uu`a*KX3T(7tSA^e~y?mvKh2v`3xb5RH2&WXzZWq6Xw;RBFsra}c^T-)#wRZk?(f5V-i){0=MANuiMj}xXoGUbcii*vj
zf`t6%((v%SA_)DyYq+=apc3?Gv&cI?OM_?ADohSuAq2fm+0Yn8R?6O6KMSfZehUB5
zlPo;`Mw2rc1PxTf&EhHP>-gR7x2;Ep2=F3o!e;$o$@;
zR=mhez><5+P;MtyuGk6_TCy*Lm_CL=ciMv@RwQP+x#(t2t>P%5_|jAv8J&8_|E)_{
zT{lG?%RCwMv|Ycob)M!CulFwl`#lPC`f1Ym8(N4|9xU{%7swS=8sF~$j=O11>Akf<
z5-7Tklj87_-dnH1H>9rZon5PPp-kh=SR5$I;C+TbJKrb9B{F5_cVd@D$|NZOf3I@K
z^hkqfkxskDTJv6^Eu3ofzHKKyA3k;M!Ctu0>gx}my10JD;s*NdQ^Z*8N&tYSK$_8&RKl6`qeg~Fa9r~
zqc#W!lgj&V>Q~{>QonwJeqA_7D$qS(<-6fKz)0rr7%|aHlHbo3D(d2UkbhndhuqbC
z=x<1*(nN`>DtaC*O?7QVmtFve!F#A~v&UMz3DV%Gm}Zgb)O+h&(fq|*@gFT~%mlJ$
zmEk=jO&mq6Ip_G=453f=*bmusm-12!&uu-rWiB7r$`OerWD_|c8h3&OclpNb=a@_8
zdtUP-{Hwh`{S(#?SX6s&yI%ePOkf<$DxUhM&bYZq%rHEEKIY$jYKCFB?{m*b-rT|E
zku)DQqQxhO`$Pp`!eRJ>(3!cjX@_wwcInO!4Hd4bV`8?0fA3461x$|@0@soGo{yY3
z`=veK?Cl|q{Jxjcagb*`x^R>Zg3$N5^Ogd^>h5%U=?oWZ)~A+sHDMu5w${1M
zRirbnBW4Km$kS{dx!2;6dpqF~jcD;j%&d=qSIFN=j#$K^-}kiMw+SPNi%X8=Kcq(d
z^f~feVsH-~{LsZW_2IwkZzez5k@@o=_dm4i(S^}RWroFf12Mi|CvxqI=K5XEb&Je(
z=}j*{-pg-(ei+xsWUeJFVrt&#u3+9|LzAUv9nRmkYViqZLn(R5v?)=(*%HiEB#DYFeksC+$%O_aUy9}e&o%Q
z^b^8N2rI>I2H@l87%rihx9vPtLrBBkb6p%C`
zzg%RuBCO$v6yca!y8vm=+$+=e&_)y}nI%M}D$Q+K7$sE&s6(-C_~{rJq4OG5k1t(^
z5SHFsf0npU{WiKzH0UX%LU^1OpN?g*i7KV3X)kbx6p5FnTP}Wi%Q=k|!{t&_!>?Ek
zQcxz3V%k`9RZ4nLU(A799-`@DSvHicwoYczw0ro{(=cKLpT_WXhG#H5Gjf8f-=1~y
z1Q+JAnsSKvn#+F?4V%j&*bFJeoWV4XurssB#?~Z~f#;)vCn4ZZP_Ha}C++1^d^_V#
z;xbd?NgV7rhM(wvB148}snC>#qvuF96D@-payI-ObC;b(6+L|De0=FK$7bx78yU&R
zsCF&8<`77h2U1jAGo9EWlA`WDK~{O1f|-*CO1L#R$_p7=Ke2PJz?{j6o%7`6IE2}G
z7i7d!a$=|XKGqDDnLbU#sH=!nd~~?JW9GR|`G73sPM_x^h4PO>&&3$5fAA;UJ@%uJ
z304+*puorH6`jXnVuyg3vEcd@Wrthft;`Pro!fgG-HFwTY17#$KI21oSP9KX#WQGS
zhBMHGU5Odq+APDA$k5RtpqDEYLiXqtMp9q>ITy9s4~spfTmTp8Qbqb9?BG|uR%>`7
zigy8pQr+)V(ogX~Ypp1Dj^c$1#aDW760y#^dawS7-PQJ5^a&w<1SKIdp9SQQghhoz
z?f*tiz>AEWZJUxX`{y;$x_X|f%8fTGK>G7kjB1{xg`$F#7QWL}mw||j>+qi@5>k`H
zX&n6S`+7{x8C!#Qbu+R|5E;cC2Jur}q;<(9ekWNPPT6}!*a+xUSMM^N>N?naTNPre
z6@d(U5ud`kj0Btb6N#S1)%s65xwQDh`cDeFT6~`V({&1qZgmAJI_z?uq{<5=W>@Bq
z%gks-ubBTvv&U(x#rNs2>d00|YA*gPR~0(eiD94vIY3E;7WZfz>QEROMyJe>4-04h
z#?I=ubGw@}0}HHK};z$*$+Ng_^U<4iffCcA>1XK|3_ac
zYOGYkoTJV;oLD)fhLK=;eA}K*(_*Tzr$)1|C
zRiDL7RkJAhyw>7za$b`QxY>EF&v|gJoYxZ4$JqSq%X?mH?(rje@?T&&>O)(H4t~C;
zPEnEc<8g>KI0R1BNd$_!e?|}oO*j3>4EiLJu%<84z33~4zIaSEZ6v9b{5NEMFyWjV
zj(dGuANslnBaLgGw7gN?jBcL%%CwFP)akMdLZ{0%>>%4Cscne-JShU^-hTqXw&=<`
zh7KtmdKiINA}$
zqo2h3BF>k&5gZY@#Q8Fvy?2%_w^O*}`7+&wsJ4f{`Fz>eh2)0OJ**xoJZIoYqVU!%
zgj%BG$wf>Vu
zUf26e$IynMHrhbTKQp-=w&#dpqjR2u?mEL98FfHW9cyJ
zY?u3scs1nAQ*_9Y&I=8!uADwJT8L{uY)-(&)ctTozdEOI7j*qQad6^}mD7jeV~H!L
z5A7Xe6Rul1eRyK!^r6}^S(dfD>nLFpUUC(&w@*}D-O02c)(S|jmD7io=SN!VS56Xdrv=G$xpG?2UMtTRC-Nv%N^{KfXsb0W
zexftYbT;p-aLfY#sERDDRf~7@gFf^qu*Gbrk+;a;XgCkeIi-%siWqEa!YOKks!jaO
zjg7pfAxn#5To=+0^ig-XfOWQ=;$-B*V8^3g4SAj)=X=8rWyWzN{~4)y;GF+_{_}@V
z;1-cN5rjs!0QgJMa|+2h{;_F}e`=cJb4_!cXp*CqzWj3&97pp1(lp1vez+fA3?}7A
z@!-N|u#^8Rg;soyf5h2;%UD?dktK0O*vQ;N4^T;!Z_C^XHM~kA?2q_h<(q4F#m5;N
zT`ed-Y|=YFECgy~{H2`%MV#?8C}Cl+(<|6u$fP@gR_OK}!6D%@=e@U{g&3p7Z(+tM
zF>fgw_O{M+&N!7
ziiQ@~k)_MbT-6Bd>3z2*YZz0^rhLmo#1Z!0lUlP=kMYvDiF-_DPQfaDWc33oFR`h{datvl6{9pbs_sEl<5|1CuuA^+0+O)vGsIK5*`3KM2GJp2)
z{QcB(T;3+=Fn_zmFYb1ix9Dzo@{@D)l6n{ccSyBR^;n{hYE;)Oymij>UfqK89yjBI^dc4T
z{Z92=umfES0L!W}mx-g4vZ)KRHxWWjvD?L;uA>g-Ou_K{JGd357OO?1Z-!LYH!oeS
z32m_0)U?}R{ciOlf}h)~$ju?q=%kuh!cHl**~d+^zxow-KN3YE|D)6WB<$&b8~XMZ
z%caS_E5@$e);C$5XiNo_df!xIrrtLm^aZ8*o}kuOtn?LYwc>%ksz_JIuMZ~bRIm|T
zB+>Nb_fG`DWH8w`Q!h^3u%$Frs`r&DeYK!Cc@^cm@MSXR*nvvDxW6x`)vC2iB#Kw`
zF+##FstNW_qk>>kA?G@hK&=t<6w5O~PorE;%D3{ZyA;@4C1#qbRxY_@JH|e!U2;ir
za&lvJiumfn@P{qciDJD}t-K;qAo@F(9xWFq0z&gLbm8JX)v4g(Vr8<13NJ2~#;-@6
z6VuZdGkj(LMF%c=%f&Ob3Hn%|U&W^aab!@t2w8h3s^v2HjM2{&ddkI_y5QDA--}<<
z*H4t%TAGc&U}_wHRfK5%%`huB>;&jkA
z6WrJcDiZ-UZKhsBzj`h!P9}U6O{jY?^vI*INyAVqc;>j8c*$?o>Z+%#fE(1L^)Zg8(xZwM+>emvNXuH$ErVxn4^
z?Auc;@9L}W0?ph=1%1>fFBLE8+f{AU`X)=eOLfy=L4Tre3+49&`@xnIr784ZpwZpF
zsAo&567;=v@)dm>tL4U21<9V5_w}6J)7RHC76g4gs2p_%^q6u)0jKVz(UlAgtscx2CVEVRZ8^(J;iNp6k5spT}J^+-e1|Mc}2eUEh^m;
zKE(z94Z(qOP}yDI)A!of^bNdub$`#M#&o%abtLG+w@dmiSVjs*)(_|(
zov3fGR_pS^rdoA+I+)xB1x2i6d#YtDL^JZ^w*SZ8m%!^(t^e<}-*=yBAF~_@A=N=R
z8A2k`sbeZ7rBOl|3Pq(sC57Xplm;4vT&WZdSDHkbnxx^DW@#dBsqQU`{J+ohthM&q
z@B1Frz1`pR=VPC}_xgUHXFcm#<6h5x-xupH(7O-1Oegfl5O)5c6D}Tsz6(`mP34`7
zUf%Uw?%m!+gJ>NF2RLF_I1TB4{xRo|=s$XtS4^v{dgop=;sRcXVKT0F;3$aE3@A%5
zZ$SUyG-nJzB3w9X^uWUpA4s!AJxo~Vfi-$C7JnD?AJcEtkjt@%^Umo%YRG_oGI<<+
zc)y=?-l-mO+#hPD7X`+R-M$-7LYG!v;$d<9G*L=^x_CRj
zh83y!a*tRk^vCYmoXWI9x2R*Yv6OOMN_LrqRLlQuZ5}?_t-=luCjOrACM59$h1-fX
zaV`v=Qr??Nr_{#zkl=act=B1eJ?fMxZ?3*8cthQSqCb`lW(3|V$>6%cdn^#qjwb{=
zv%E8dud=*r)q5a)ktnz`+nYgo%}*9A$@V^^%Pq-*ce1@lf}k|VdpQXHk?qaR8V@$i
z$?H1YF{RQluve=3*ZJN(zGTt4Bv_y8o${Q&EZ2KG5xkw_{g4Qr&++CY=O`rIkrn)!
z<2{}gY|imYvje2Ok{vvh>wTRa+@9-wmn%y4Ylm~m%l>VF_fsO+mGq`1gH1`YNPJR+
z^Rb8Ct-QbLGPihBtwsGlk_c`LypI!rze@xQ0&f--=ka9la^Ss9mtR3o;N2heD@RZJ
zOM<78-hC?gI`E!VwcZT8Tm4{8;63UGlLPM!KlncB{on`hC%xAb0nkl};OW5oTXHcn
zhj%I+bltzX18WWbjg!H!q<2crKs{*%~||
zN)GAlym%3Gx^2`8vvzVepq+hbo+!7qWgL6LudR^;EQe(+Y(d()@%t$uKS
z;9Z*tZV9NYNcl1md>MGxB!f2s@AhQyY(SMMev}ruMtPrV<%Msk>rk4T6Tyru@4-ZH
z9m<;QfJPYvuV#6#1i_P8-eXx(ilOHO|H$=*2cP76v$;`Tmn^s?&s#$EwK`d_D9`(a
zE++>CYxBIN)C67&3by8X<0$v3Sp}0rZyjBJl2tH2^j2o$^6l(`RiQUMC)g2sPviuj
zhu)33rFhJyDoSs%!@32ZRP;{$$X{L2dn3_lO}_V8GQc&O+xC297JQZuV}tn>yro&e
zvh8gBL4!pJoT^D|pxCJfx6RmKR)G(R(m2_`tQFc9xn*>lu4n^uN-gb502Q
zdKXH4RcId!^STEode`a3UAff;42E+P!E*`kU8)XL>XqGsFKJ|bBg>nPuAA*Wgsz+I
zeW`+1v%MWEcrx32!Vh+5d#nB6>ul;*kL7r`C4zf$ymg7-iyZH>M6fQ$o0$xz=X#GO
zgYmiE)@1NXuD3fGEY9_w4uW5EsVQ#G^(JKnkLG!IWd(QVdAqaLNwePP2-tD?{+kot
z4SuP5JK^0-jRS_AehAJ-7QB>15A(cns^F`nw}=YzqAIvP@V=+Z>-~cJ0%c{RW%c@_Q
zWz~O{Wz~<%w(9TA_MRo^VuRBJJo
zVViSKqoBy^3J(75zN?Pfr!yWcr>Wp2rG8MscI8c`Y~UJ$_r~pf6}+QVnIBB`y*UoP
zTUm8~f-W*K(nkfotG=pHN(K5v1>gE=Q6l(j!dp#V5(CLbaY)WFK~HZG0KWg1tKdn_t6`{j4rm0KJP_a>4emfJ_=w+M>W;NSx9>Zla#yOJY4
zZ;1+4D|NFU-0pkxqbyOTKTD7C*YDD2){@^>s>}t5)}HAp_H77Wic0Vxwla3tqvMz1
z72W@4PTD)U<*uG%-(Jrv_h1%k)0BWyoL|b~`wXR{H$V#M&E(Q;_!Q!L^A(Raijew>
za;3$6KA*&|l;Ed4_$N#e?YFO%{Epx5C`2&DeI6Kz%$MLJM2nC;UR>-s3qQd)-3^q<
z&wec_nKA|sEBK+)#hr30E#8K>#4J3!%tsP_u?e=X;t0Z|;@3;YkDcy~K8(0*VaA`?
zo*s)`(OWE1@pw1(b*Rqpi(iq=zrT($`1=pF$p1Qd)2U!yJri0%h2Z-q`5U@7#a{q0
zt)rBF@Nc{8O58@jGWAdbGwTRCq^H;f%
zu>Fl%7-)4(#ZCGz{ES~gKi=y&pfWq4{1KxQ@Ysv&@~b`TV9*-Z7xJs}ZW0+lO)K`x
zTzmG{o>6x!BX8D(X`9fQHqfuWBeM;W8|};9Q&T<*U`GI!!x(^0h_bLebeU>c4t3}z
z_@!ceVWWO+ybR>Bp2&l7*9GQ+T9aXorB6EX_`lcDr&D(Efy^5d<
zyB(c6VfUm{NxK(DA1VnY8bJGwOxN5Z3>=;Ky0ll(mTI~aY79&F)U^f4?p2xU8NETn~}@c)7((k%Ux0R2Gp)b1Ms^{Z0Vl9+R&+ha!hJhg{jR+4F&
z-~r{#CFsnHOz-67xA`0wy_ADh$P}FUh5ep5$Loz|ahbPiIEekMErx=Ul-0S6*^ZUS
z*^Uc*?R;L)9VdQk?UxCc=?&_g;V;VVx3nASvJx58>HRrpz>F#Sy`x>s$})c3!3^N(
zUu|E$J+PVTiKM&?qnfvKh@NCzZSIp1@$8u6@e*YD#sKf=#m4F)GxMacCDua*Gf(8p
zQmoRZU`anEzP6&J)^9xVm{pZi_bIcYwUoLv^x=m9Uch&y$843hWSO+^vc@^UN9r`VLaT=J3CO=ek~=HZNs
z->JxOPs=J@{ccTX@a}K5^>T4>PiHa$Yu*yO!YL~$=RX^}H-U_e`kw`v!mvY^a1-*PI?wlS)m!7u#V<7?+5gDLwyc5MTfYAWsV
zP&=rJGyI7s53k}3JVNSe_%
zS}A3fs5NeljN3YiUHY8-bnahA;*}S71fY&M{y9qZDqXjgsPx`=*=>}94-<%#<5B$+
zyrw4b*-ZLXhztcMf&6r=ScY1HnWs>xMtePa7GRnBmq^MWoQ=dE_NUt=XJuuZH
zmJoqEyw=eb{Xf>{_f%8RpP{3VTR|?1Kdbjbr$C*^Eav);cg<->lve*yLFwD1Q<6%l
znL>v{N}u?M65nsZi1hn*LCFB^8_wDIDbpsqU1$7RGkykzXtb53mD)vWY+k@{YxYpN
zpQA%_hu9!;n{Z2QA04}Ij`W-58_@KtQ|BkJve{s@T5V5@kC7IS#wXTb9Q0?c6}X@B
zvU%^i5Y;1f&sDmesy1a^I1<%AfA6|PTK1p1E~y94!sCBn0?*Jx_RiqWbCG#++&hEg
z8DQ@W{)c98(-(QAM}s1|rWqS$Z71{GHmnCVoN?^@A3MXEt-1KZ29dcOvmSAu*D*(*
zZASj|b<`{@ny?Ot9L$R*OcPEDt#fEg2pdz_p*j~!#QBg~=5SUOKd*q#GWnO3V!=%!
z2pmlrOV5t;?swd8ry|dh?{z1BO<$hzo
zkJclFb``{hDmR+U<<;xEN{gwXY{KgyW~zq!ZGJSkfwzw
z-N)C=<%wp)@ng4nqYETsda}ghY*gK@eN;DX;jT5b=yw~c>|7w(xP%^Uo!eD#0W~os
zy-`w%=N!XBdyNs{)+un-6xv|5&bn^d#RuV?fHj~Z*@)7U0~)y9Y{jE1-M0)H-k1wqyrDEk-4I0k53q;MM|#7T^Gt}q3{@#
zR(9*rNI9(NsW#I(-$66Ap~}?qZOJii;K$f2%Y!2x>+xxOx9)#K|DU;EonhtmAA2^@
zo=+)hQG5WR&Q9GJNBiRSqw4S#Kgexz>m9!~oU`S--REd)iK
z5FG-y(nzLK?tg4=nC*2wrn9$uFSr
zBk&R|4QQ!=932LB7)ogy2&j;0kEjXMzp<%g`Gy34%LI=(n6#>|L_Xw%^^%M+n%{Sz
zAqi^S2~S?;k^?6W+H
z6;Vw)Tdo7QoJmufQ(KgY_<(oB(u}rMz677F;wtBA5G`q2bW%kUhIQu7SPOM-
zqIQpRAg!;QZEe`E#-l<}V9IHu7{csKhGLme0o0D)ltb}^BcO9zRI}t<@Jc9)?T%+9
zxf8Z%xnBXo4mf_5IbAjyblma&H)h$M$dlF?I?#f_?*vpD;w+_|D|6QL7C6oO<6o#5
zcOis$Po6Al>*UzEkF@bZIAFcg#@Cp#b}e0rr4yR|$I;+}Z`SQm`c040uef1vsY8w=
zUg^gstw$*;LU#j-TX#OA^O?U9H8%VVbB0-4O&Li~AXGopRLTD(a>h=*-o{VpP5*YQ
zE`cW`t|HS#)coCf$E-@C!lgfXMHbO41;_rUc34r)bUV^k)27)*)VODhtbus=NnJ6}
z@LSfa6WoR~+G!&lBFW+qNht+RFoLx&-gZeXzG^}(ms&eUZFibn&q-6b1E8wy(1PT&
zwFS~PMLvWJN5aDSXl%16dYWb-he^@k-0bFKDqrL#apW|XG&NJ!&aOYzU7>B|R7#%V
zal+Ubxq%D2&P?d^v^J)yjNk2wH;m2Z4-DgT!!+~bfq}XYOmT$!3Lo0VY
zL%Exs{7MUH*uxS;m&Psz$R0LJULi3J$h3Vx+r=3;!5JxUnIaLmTOHg5Nh6Zw1P|Ca
zE2lX1t;aNYDH?LiYrBMLs?Ol0hUU{PO;C_uCY9+}yzcqUJ1k9|&+cK~S+c5lAw9h;qWDU0zCa=#
zt)|PhUheSnbE>l|J*jx%HDecgyfwYZJR|WNYxWM>7j2n~B>=r0v&>nku^{aqz+R&t
zn+LLXc8OTY)<-hr@iJoOSMIlr73F4G#&$!8(MyY4*zJD8?)PXt82fc=ctywibv>7r
zlRbT;4||ri4=eln`#g
z3%2-R?|gT-;8(oHF7qz#hJu5s{m`y>$>_E^)&Mz4#q%<1hdjI9shu9B8=ZQFvtkby
zlZxL>Zy56(aar~u>nSDpNHMWtXxYUZj3u%!Rfu&tH9J_?tB_ZTaU%e&FUPmN_{VV~
z@216!oJ|e>9wtw=PB)oiOGIruMbw<57nw
zP?%ea%8>=gomPYHvrSr(vsq#vn7EPs2D6^crj%l0Ixfc9*{9_+zYvU##i$rG;6o3;QXOFw){#$Z8?KurqG}rhhLGt&xmGW{7H%HOY5PXTc=G7aOcXg+lbe%Far`)1P$fV1=uX^|%
zg@8u!wk=62ZG7%4G;?3-*fyp3D-18_-0orxGN-`r3W=Qv^0uPKn!^Dyi
zO-o2ejqjVLjk_=#11-k_H_>+rvFtfiR?^$-Zp7y=Be#b>OQKWw6=zFxIK(~U6Ym&Xg4(L&`Js`kzO@%
zjr+=+l;NFrGjc#KdZ*pmr8k+Qrj~9gax(QtuKYjz37rh#&?4$}ZjYly+Y)?uh5lWw
zn|jp1DQq+a%i$^HG^am$@Eb*gVxQA?MzgePpxW+h=FQS|lZqFhewScNrbN!23QcT-
zKGS1f{=kzJbwJ(;NB<@PL@{V^P;ZvBTUTkqgBX=0o!X1QP0&H{PREpdeu?9nu?xJ>
z__+@}p5rYK9pAx+enjaSEmeph|C&*S`mThYyez_BpJTi5=3IQ{3K#|?`<4il(Y!#}
z$3>$h)aEy>rF}&;e-57FT+VAFUWrv;nWJND;+?a*9YMZHgB&
zZe6@!QUH3=JP`)=#5p$}{UdA83bdoSubPrj+L~BN;0%fEQ}7I3w%c|{!%r_e#i8ce
zH@>fL=Ume-QzN`i8%rO8HW?|$aAy)VqdP3c)4%&{&&xF=>tVgoi}dldcE!so-I4aO
zJDE19zK;!Tw%PL(#XhFwE1K$P`d
zU$XpDxT|)aHKr8(0fJlB$h@IVTwT0D>)OB}k3%>!ac75j1KFZYDHe_+)zhd=bpB1QO6w=6uQm%7H
zM|#%UyB^_X09@qs&i{s$t!WyWwr|sC`QO;XDcU;^(%`dq9>l_9?>uNGzPpl+TWc?1j>1de(R7<}ac*ZjJy>ScNv|gV-Y?=Y19JM{>&y=PAh%tX
zjhpPE#-wrp!O&aL^H@&nQJZJRyfQp})`SpN
z+geBT=@G0_WABuvJ=?GyY5N;BsoG%PhPYbV7>xW7{i?HhRfykWLgtYx&Lw(V*8
z>Ib{I>a259W@>sTX4~lfAOx3~(&;lkmr!rZ2XWbQ{Tin^#-+`*%Qx-s>}FegTnn7*
zOnMzSw&a&w{}q&~ZT#5nUh3CBQE|DR+;ty474tK%X;G-NlxMNu>|<%BqMT9f>Q+?V
zZuFja-}bIo?c0^>O`FazV5hWX8YT9$+mqgpZOcvRgQ+#??rZI7G|V8EHu!N?nO|>q
z+fRHoZhLly9HKUt_QV{G(~!$-Nm}1_n9;_#6B#sZQ^r2?(Ni<(+*7`=sAcV$$rp_U1Y?7qySm?J?Y%L*n+E`dAGp1=@&UeOad44L@ary`EqOzkd
z-DpXy^ZxJX>vky2*jWFp)?x;LKTBU!1L@h|BDx*$pWsAIG>uHRGJt+xPyO~biCdCS*IQjjy<%Yr2=AI_2^m+N;SPwXzAU5L~
zYs$m5NA;>N(~#guI-bd(_jjYn)A6WN(+DG^AejvM-RqG(jmuF#ME<|ATKcVinaJFJ
z%e5U1agPr`ol+lw?30b2!D+HY%jL-AHhLG$4ORW-*Uw=$zx=PC!zX{7ub)E`EyAqz
zpO4Sc@Y)wSEy4V_sB~{M4zI`JgNGcm*c*-0VShW}?{NSy6E;6PnK-ihYoL0>i$)-M
z3zr59cd5GGbZUO1*4>ARtz7xdTKjQdTEM2f^g4b;J$|{>*!5qVTij=9vl0I|gt5$W
zd2sR20z2_I!vR(dH+se2=|Aw>5L{WvHma1EF{P`b5R2KLFrUsd`x5$%AiNn=505$?
z&V~BSKi-ae{MsYZ^-{xmXhc@2GsS<;h##Ai>^l&9+ivES)ZVs>j~>OlN!ltp!zwNI
z4ZY6(P3CcF1Ky!<`W`={OD=z8Sft&Q_$c^0?dF<~Jx@n{B)!*eb2@j#ll7e)M)Qjz{vMPg+jM@LWBLymJ>sIvioH{-_+FAt%i*sP(l;55eM*fQJ(re@GZl-7J`jnJ^H+~Y`^Tyzq
zgv0k*Do+tdl{AMo;oQrdyOFve&I!Txsv*tGzb}uZypi;W{;k5n+Wf*=AbH%D^3N#R
zeM1A#jNJ_pcXg4qoseVD*h;BkO%HZYe&
zt&A+~B*b|jJQF98tT07o*GT2tV1Ay?)~21HRicJ=fs}(@&!&ko-t)>oO*oB!sc-f}
z)sRWzW+4m^Lbq}W=L=z&C9u6*2cqF>A>3dId_{kBi#_Y;Nz`J6Jzm&PTQ*_olgAj6qSozrR)wz0a76OeVjflk7(;wY}W(wXBSXUg4DLQ;=|@sweCy%}4gvDcCQzQJTf72#!?
zunpiZmcSMZ;WbUDg4=^|L`9Oq^XM$p4>k1&+@6qu%6<~+R!uz*x8us8x@P{W`FDW3
z!18VDbEy@4?&<0U(B6zw9b0Q_)+R7^Sr*p>HAYuqp{7=Y-nux%1Kp@nA&8-(izc)J
zc(f%{Yl8OSFZt+5T#UbsJgLxc>XyQ&Qqz@g^;UE-S61z!A`z4^?^Vp_-
zAPlu6a+S8}a3OK0zYc`ShNSVM1m|u(7ubV@^9WirX!t-cznde!0@%w|Uhoqg`OkrU
zZRKTjKc^@>1ob8spDtwLs4BUhSAc`dt_PR?tt&_5fkGyZ>WDu_6PYa&WfwTg&H^@&
zaGr?;zr>Nh3fOfi@>dJaC7%gwZVEop!IuJCk%CWk^nVQO^AvoBgZ~OFnHRTzj>ggK
zRb5~WQ}Fo?-VxZ*Dfq(;DR-T>Y=1nUc)e+dygtKyK
zS*N!-p5`s7>>5HQjv9tPml(24rXq1#i!PDG!6HFKbr1f`Ckg8!uc-fMFaHQf>vG_)
z5{FC>t;{*W(enlHZE-zfUVn#_mycyC4!5nI?_|^%SP|h)Tffwi?*^<_iu|>X{7_&c
zQ{<-#&O^myV7D20#WRx_Im00>1mS5*a)z%t4(V+WKCvWc_*&?Yc7Tw?x=wuSj7%#X
zQe6-lS(0PZI}WJ}2z_HDXSpCn*yzwN0`*!;w^N&LUEey)yTQ6Y#?&M)h(_4uAiQBo
zc4E`aJcqdjtRF3tODx@?SV$_rB8EO3;u6PiCplUU1>p!wa$GXdA)O3De@k-ahASM>
z6(CHtB%UDc3Q3z^=FlGm^=V5__1j$z^KGy`i7~ah1rBKk2)UI^VN?CK#$g@+Rx`_V
zTFS3N;yJ7YgflIP2k%s!J+ipgn0_g!6XSG8@p;1JZZR9IM=g_eI!?dJVZH*^7wOEj
z#(0|}vm5;C_?C=lgmKoU(st)N^k$%TOs8x2E_0ZD!MY&MO!dc`LT7(W1oaL}rz`hS
z?EJdqP+#n+lpQtxr68`gVw?f}(e^YDCTFk-tRF0sGSH;f4yi&Ftlx2nH`oehN;fGH
zrfLaBJHygi`a4GT1~%B>k@wvp?NWz+EvU20p-0j>pQ(=EGZ6Y)2Eo*>@qi=qE%?c*
zri9jE^6V%6UGC89g4#9%J+&&|a%4^f|2!*Wo#+<-D~CP~)Vng!Q%kYSk@+k5FP9^u
z9aS|aY9*h8`fCPyYAL!qGBvS@(*j3IQ;?@&ev%Y#o$Sc;0RP+!GF%k;V;YMia}D@+
zW{}}VOMkS?`HsvJ;IGXf!=n!U(K6TP@cM#>kxk(5vND#bc+`;{gx8}iYTzlj2!}H)
zL~Vs91`&BH66p&1fD9s0J&MS?k;s*x-(W=|qIh!%Wn`mL(2x
zZffo`9A;CnjDt(S4s!!o+blEH*b5wHUQO(6;>g?#raH`4V0E?3jK_&(ADOf*RW=3PTIrPf=V(SA(=4RlBQ8PFktZtT>
zYHU?u9*x0R4FqenWkv&+jB^JHleQYwjbP2NOe&W4(zOohaS+y6l2zwUuy;H3ji4%w
zy;7n$o!gh&$R2S7_k++uR**cWjalW8I)Tu~k|OO6{ZofN0@TuS=we5Gc+9J?mi;^r
z%x7?5ztZz))R*~)$AA7)av%U#Vm;V@HxgunNN~0DpGYGA2W)PcRah@?Z(s*v(d)$q3M|HX<1cqIZoo`yMbKHtY-;=o#-qpLMHOLH%?OblFhk
z@=+`8LZzMp$MFRR=91J*Z%6%lUSVzRigKvWFl$fByfG9HJPf*W_rE%9jU03Lzb3qd
z&lAFtwduYzyot{@gb(t0O1O;AH-_)<`KE9ypKlHe>Jb0duoa(g54-buMtB~d?+nND
z`L1v=pYI9Z<@2m?2cPc?E7T?Vzl8hod0yCz&-aJN^Lc(ag3k|xH}UzQa2}r*gs<^=
zTaCxq?tj+kwS&s@V~x$6zP(1UKk403<8(g%Tw^~z|5BqppLf={1n1NHpEJskcD=t3hM
z7Z9=Wr-VMAZwmK0
zfbOS;hw%C4uq&T$35W7|S~!8vw}x~0d|SAb&$ovk@cE8#C!eQ>)euw7tv@5I&*wYC
z5NY|7`kVOKuS3rF(#f$%myF9@IE
z^CRH~J}(M)^7*l__CX~7c-Vo@PlSE>{MT?4pBINW^7+Z|0X{DYSMd3%@Rox~?&)wo
zpPvcW@cG$r6Q7?8a|#Jx8n)u|^WpJ)ULIb^=NH2%d|nYg%;%NiT0XA|zvc7luu>zE
zUlSh0=a<4``TTM?n9r|-rF?!he2~wtg)i`VZTPW1@8a|8VeQ7G=k>5XpVx(_>GNfL
zej}W&&rkCC&F~$4{u$>c^+Q#oE;c=z)X!Hn4(E#ss>bPjv7f3)Woc5suBu4RZc@L#
zsz_dLf~u@Y?rl=PP*oK1MyjHSH&zu%oZl2s>h!$X^*nDpS|D2DS=gPy>CSqXx2^>T
zPpwzr`dLBG!3d9sW+Yt42@P6RnAt$Te~{DQ_;4z2@T`MC{|ObgP}J`Zq4lQ6e(#5R
zcpSvxPl95_czsH5&<9(Bo>vt&HE}R3lS_k>894;0Ei8h85;C;$=Xs>08<1Xv-bnUh
z(gk`pPh)Bjl7|sQIcn$}fv!PvnSs=;5k5%pS->8$_;VT}@VS`OzSoXaCl4!I16IED2{5ynYAg}_=GTq00{Unh78u-*n&l&$w14j3|(
zozC0k7l1H|NbI7eg3n+DkCCCJ7W0xT>S4fb(6#bBq~W4nElPM^L@4Y8{Xi6@dRXP-
zEfinXxe{8Aq?_c+0Ht9yY?t5d0MEOgMH{wn`Y*__HtdLv5v(yFRTbo#
zIQ%65HQI$qgcbog%%VB{P8#WvlCJ&wUBVa0`fWGsmEiuatcQR&1;;c}zBDy!LLb8M
zs72GWR$lUWz*4s3n#RoNfklipV;!aj+t)}smKtqwqn{|ULnOOmD;
zYUV-YiS^K=a>nM%L*au>z2eznC
zNO#I_pz^OgSiiF1H<8HrlVB?U5OkIt{E?RLH&pd$xt1jGE;Z;v&u=blYMPr#g2*Cq
zmpXs6=eLaT+=F5`c12Ls_JY$xNi)JLl05&Rs`P}UUpb+au7;$c-Xc#D!wsZ}C`O2U
ze<4)|X&RB}A}y045ot-eqzfa`N0!9dkxR5qmkEhdwiBrqveOPcP}QfRCMjKP)32vc
z!hxs**KGYR3i-B}AkrhsCaOUr&h`9>l2N3rEK0b@NXP>RRhyT4Q1fsHW{}*2io$@_
zy$2l{R^fAtunwPFg^Q3$?m?}?XZd_sxQ5Sd!ngU{F6_nU!^1Q9+&&!4=Oe<=eC`+)
zHYNEZ!^(W_9McfzQW=TlriPZs&8?Fv;@W!)y4yM|cCD
zdxq2bd|Wt}&%MG{%sU~hP3MDKhn@I*SU8~>-M0y6SquF=w^8#^9#y$NRCz|4aD~R6cQ_8U2|}s|t~9w!RUrQ)2^8^r
zRR!vSBK}e&epO6d(XE!4p(+eUb8kzwRQa1oEU;|KT5=SXJA^jD#^b{FAY%qv%QzM@zR6z1)Z!9mPu#btm9i
zMnV>KjgIB^O@itv{CS?>GoVnz-5F-(>j8ai;mhcqnMTJ)@K1ntSvaR(vBx7(l4}1*
zGMoQ!e{6hw{iBhP+y`Ee_kHv4s#U!NcXuOWyn}R4t?FawPb(yOV+cG5SIbntlUsOA
zj;(%=!k-h6l6%OB;b<6}dr0qaFrQD7C&)w22q*CUpl~*y2Zzt{c}Vys&eAp;J{sgN
zgBGr=hK~jN(D-W?L3;P%BM`U(sWe^4I@;*)2GNzg0h}0+vlAp)Q}AE?08%e8DDRo3
z`ne%7v^uGh0V#1_{b6S-d7wxPt6T%59IofY`FvAZZZ6;(S~+5$Y$RJj)B!jYU1(*4
z555G-gmo#ih*3%`y3oi~R{lOhSbiqEJ8``g5&&_!VPbyXDQLE0(1SGz&^Hfp
zXROCfGVw60_=Pls?OzFlJVBmdWFMr~Gl-fP!OIzL1?Wf%Pa${`4itMWnEwP9u4NUKHq7B;RWw8GQv`A@~!(o;SFfLGqWg>Xkga-;0EI
z0dI^`a{Bc-)T4^TMGL<0lH@Giyz+DMYcw~_t3pn}Uq~%`wQ{v}`R5j45+b&jVCPnQ
zCnQzk+-mRgO-@fXqPdd(dm6M2!r?y(qGEMIDAI&008X%khe#bi*H*h+Mz&{>axd@)
zEhh(8nsa@`c@e2=E$1>=D%*+G<_qUDVBc7rv}(MKVt?gBqBah8(6z&{XUZ1SmAV9f
zG`o+=r}A|Hv$tVi37Fj(iBXcGTk4#~;U^h~lZzvVPlO)n&u}<9fE})yw#a)JkSxKQ
zwm6XTRr8SIzd+V|NfMMLc+*zRiE5YNO^?+}@TOh!Y8-0T-c7sb`?!%-+O#{5vp7WA3Gh_SbF=c2r0oU1uQ@WSd41erZA@@cvw`8}-pZDN+O>eJ`YoLAc(M$Q+lnT}XF=@Sr8JO`IK!
z!?<#Yv~8u9gYv4O$zX9MGdc*PGig^}f$_azDfW=CI=ie2E%E4&L)^e_O0cfu9aakv
zI#?3fC1H_feT78TqfP}l%PuS=O&WiW+4*ywVX>5
zLLMe$;;6;=^DL2BJ-_kVY_y~79bg|4&dLNI>&X8IY^Rl%%;vRz;zXO-1R)bg9ncEv
z8yv1>_aDA7BHtur;;3Hub25?HGO>KRqiiIwO9*Gn1lKRiv;0(Gx2MQIK!$%^J<>KVg!nq
zewCiZzC`MGR_s&~qnAXR705!FIeCYnq2h2fVU$K)vjbOnbnsUX5Xff
zqc;d=Sw({)8;3M`i3czOMXb;fn~c=ktk^IT%VLilpI%Y1mPB%z)I>*wMU{1!zG|<962CgB3KvA9TcyKc-SxCS6X>rI
z)R>@`4*=AUrJjnQ0#3MFHF_6Xl}NrIaC=CNAxXM${Q{kY3+l>S!WJ
zDeqUcE_xV6NfL@d9}0ibGTo4Jnw6m|SMV>Y7H<&nkQQdkn5wP>QW>Aa7evV!M5@>UJBc{BO(^ykk6_`u4yh#w9W9A$
z(nf!+%{d9+Kuh43K((q_1$sKW9E|HNi`7UQo25ETtqEf!XFWv{Q$377j~fx)BIl^=
z+amU%qMS(T1N`}v*ym8@ya){S$F5l0FGT8SI)LC^9Qpl#)hC?g#kRSsXe-7RZCejv
z6G?T&pW}(m-AUN@sn*{`>^{OKlDZUs#uA%#OG(diwA}&h9>Q6h;O9B=PXc=`MgBs;
zx$N%(`zQs!+`)eWwkri6@8~bU6j%p`Yu^nH-Ue8Q6nvWCT;HbvJ2M5J?%&MVzo
z!0K6iUy!}#M{$2rt&!Y`pvXe0@R_PbpBlF5R+h<{m})TojLIZ(uWHjj5@{eJ#8h|T
z&pZ;LHsbn0uc-WI0j`b{XvG?KcJkc-d<$_RQ<>A-$tc+wgCGtkBi$k$MU6mcP9&#A
z4sn!p1$MkqqTM~(ksktVM2h^?j(jPwn^NSb2+p7WdH~qM6#1J4=a-^i0`|I0#s2qS0QjaQ@FF7`4Vv%LtW99-vMhFR$%~ZxeSr-&xU>kTp5KzfG4oomZYh`fo-oN)e*sv}64MR{
z^0}2(WL@~V!~6&=@hGpPgz$HVu!9JrqWan;m|v+F8>~2_?6lO>jr}3^4IA7Nct^{j
zB+Xe8aZUk#UW}udScgrmE}vz&5`-HpiPu%UCKl5ELYfW2qj3_iruabtrI6@>zBs0B!FU?6oS;U|$g9YGyH
zTa)St5RQ$L`Y=gHQ2QFpL{RA|hMq1Y(m3E)z57d%#&*!iOL-G%ycEK7ai}4b*J51h
zI2|I5q$f!rKRr~*6lo;!O)+srw^|}oq_GCfk<3U|aukbnq>*emlt?4U9Rle{BiYi!
zLShx-iB!UX%FB;$wm$xW9^qU@1+cQ#;vF$+V>;*F$1Z;5boB;L*yg%
zDhTh!NwNCaWH3`7WS_K`9k|+`EL8=UEq`qPh-n8~m6bQ~_SZx5d#o{kU;(}gtvXckBcEt1AEo+L>aoT`lLZeOAfdEekiNoZ9=POd)6{*LQs=t#df*&sU4}=c^HiGaS
zg!6JS(bCr;4FW`@qli#~x*LDyq=+n42aSUQU)cH^Ihgb^nCpnm24u0X^mlRiUn2cG
zgDIlRB$^m2+4BrAW`J11T`5?OP|(yUF6A
zkRE9?Xa_u}8dEe_v)>jrlcs|?li2JoDeZbk+Y(?)tv12+w{x)kdSD-?$Zv4uw*&h%
zMgDUq|C&88tKo3--y}GDyDhMegtND$?9Z#l)1tcBDr_d53+DML+I|rHC^BLKup6v4
zDa}ugHS>Tiu=0{yk$*sdT~8%-_>AdH-?u{w_2sVQ=Lf1KqmPLVrM92
zIuJpq$Q3(sBanJ|Tuw-34(V19DDWl9IRxh9&@s`n?A$sC?Y^dT8F>)t+L`DH&9~H3=1+#OU&Ets>PmGACfi%bx9nKW-F{NAu
zywq~4kQ-%|7?sWD%>?#<#T^~j2~Os}0Q}t;N6hEhR;;>J*yPD=Ul!IX|PC}xSND~+iKfYQv;>O_{T
z){LV8o)ja99;wP#g*60(tKuY@YMo8g#2dn#2G;xx%xDue@t)3kDQIicsoGN;HS2RQ
zzBMda`$^~dD2rR!0aWr_#B;0Tkg8^P3h8UnLMtNG41`uha%QD(1n1cHallS8N_6-C
zUU2Tl!-0*q^1S7k_|cKS5!kI(UhtnC`A2{~VdZ7S>6B>w3~Ee|2fqrNNa{oUp)fTU
zNsmvR6Rnp;Y+trFIF_Aqtict
z?Y1~ojK<#)ygD8&8sZRnt~e%%6_1ORT;CnR>KbF}N`KxV4FF-dC6SyaeJ0s)c_x7{
z&60TRlI%WqG(8N$bCwhtCdL0&)Ty_?_{_4lV~SVwM|X;CqEGDrW4B>xgMJnbT(o`h
z=+qF0IKeR}JC8dJ=iU*7u0-O|)FD+95*KX%2*Wdxlxz}lc9TGuMkKB?p6;alfsi=6
zhe23kH94eQN7I`ie3VI31xM3QL^#4zqf{040&jhh_q`;UNO27L
z!_MYEoW@tp2&G-Hp{HWkWpNe^itmE?NYBCH*BAgSw(C*{$%O_|^$Ev_VRyj}MuJjD
zfzUHfLgxZW?}D9WFth9O9?Dio41VAK)6;bA@cZ`gPIZFJF4$NIKZrv$rM#ZSl~iRF
z?1GV=B!OJH8F#@*{F|7#qFXJIX&0D{*jkz8aTRZ6(q4sN2l
zQQbi36DNrh-42EVyV&5;7Nnir!9`a$0pr1gO3Ow_i}RA?CTTDYtK{TA3m$v0Vbz?P
z>>1fZE4n7X${BczhssnmzB(2E0KS$jw3i_EEe>@XnJ=u#m561oPX@pSu;(PTd-w=s
zID>l0;rT85;dy|RCa>LxP84lmV)ClG#~^b~OpeK+jO0b>lQ;5BPBoHE
z-o!VRMgHo8COGoHMDkOsUk;#VeHM|TJb{E2IQ+ZF@uXf6#}m%&ys@_)2_GAdM($_i
zd!+6%h?+;<7{$sTs!68>q_f7E(1t^DV2+r1W$mU&mSSF>QwM4iwOM!}>n52Kar7nG
z$4Iq^O)5y@MwpK?lNeXxxHg43v4FfUOnGCN81rx}NMV-Mr|gCK4C{Ojd8`BL9b%Gi
zG`gBmlK%$B4ui_jDhgh=3aXriM|m8sf)A{M=0FZNsH@;JtKdYyXIctfX(vpsO`q|S
z{C>0=$ANGI(aBwk=|b6MHO>XRkSJW=OsU0AS2FKV$<_dWE3QU3Il>`-Zw3BSoKuJO
z=m|F;t-An+3Zrbp!8%5zd89Y~v+AQ~Qj^(CjD2K~(5JsC~&(
zDtRlCcuk!AQR5k01a>sx
z?0l&&%*gYo3Z<$B37bjhgLzR3`)gHnV#FRIY$n|a<}6}6l{Zpwe=*XR8%z;h8+WM?
zs5AK=Ao)v6q8_Eab(Pk#6JS0%Ea#v|#;xIJbU3^L7)>q9QL|AKx&Z8L39N?x=*<41
zSwq0MECZ_(m|n8XuSO$<=gXiqRV<{W*^s&4$muTev+CFukcy8^Jf0*w0MO&n35oD)
z^u;DgTu?drf{MZyWHMh|12^ymd7CfDwR}PD;|pp8e33L4RF)2undeVdT!zaM`_P#@
z!E;P5M=QORqQ$vb7EMvX)I4F*&D5<%M0C5c+n?+L|j1-x{>mia4E
zR$3Xlas@{xWK$(cfEe<)7W@V&i9y;B#e(}IM^}1SqJYMGl_Z`>o3ENa1SxH-^nqlm
z5I)lCdjjlh2~8q`{z7Us9N<-!KpG@#QL{;_xfP7LmPKk@micb#r@?sHvc5${yR7DV
zn_~kQTMSFOd0p~l)iVP+9ZJfR=i>b*99%t$%atH7St3f9)Ch!Dmc(Tf(&-NAI1o;?
zB(h0+Xt*{9ACLF0wgg)NnsujU-3G=i%VIT>mwus%T7-HUgk?l(Lw=SvGcwV5)Y-s<
ztzSDQlG=nn-w>Odps+7YG^d`W*^f%*L{c@*!$Jjz=;nRM4NtT<3lo{H-Z8=^k{W519TOdxpTa+-f6s#F>CYvJ62OQ?(V7(Y;Iz!}Ahxrj$-^ZEJkSmJyw`sEp
z`R8LC#UYL$V|8U7EU%(5=}-_l$4Fc(?Ur`JRHuM(j%CpVq6ytKVGO{l3_$|u$$o_+{v@Sy6RJ8_C4r$)f{PY)E`}-rkxxu0ZgU+FepGS82#b9(dERD6-SbwCSmx3Lt
zEgOsUTMVYyy;1#0A?EAl<9yJb+cWj#1dI4@f%aLPN~(1Qbe69{_IH3$ak%jc=goh3
zms6b3O;a0!);vblx=zxBVt~Ek1nCKzZBOur03RLaa0{&Ji8Cm3|3(mI#z^cH?b0)}
z+nxa9dCMY?Njt4NS_m{o`|pA9i6QBBJY4MMtaboPjxgnqlwkKNn<|w_bwOwpC$Vd)
zo}ZAmb0olSnF!Zw!r1_aWgsMP(Y_l8@PuiYg!`?*D2}rnT_0&(r-Lyp&SG8CUk4|e
z4m#U()lcMs-MnlBX4p)(S6^wTcoo>?TnVyhd8{ozaj-;%b
z(Vt$q1HvyZ!q}%=A7wBAWAc{L&2_n1o*^-uiyg}7`3yEJz*!>TeIupbU7;=oAPgy!@>q>==R#5W>w
z6cTz`iJ>G>rbd!=d3qaWAkd+PAZHCdYQr0NRk%qcl+ddwGh}}ade?Os*)SP
zFr_?|F6p0I4a%EFjXdVqs<)zE@>jGGu4@ViU4d=i4lP6Iiw6R#A$?yQ{z7Ywc@4K2
zlG_qzJTeq(I!HI*P`!_q*3RT+#>RRsa^$~?2j
zfrOV0Cl>4Z7^#~LqK+hQP;2*+66+}@o&Ke801nB4Iqaq6m9_Up@;=PJJSP`wVzC~Q
z>4@WKlI?CCot#u~4}2;y42ks+V=#{4Da?rl|zU4Ro~;tD>n3ibnXkU?DqpIHk!0`6)lbR}&m
zDY2d;rHIuM@FBY{LfTl8A)hIh5sCzS$gbM}&msy}I#Xm{R0n)W%~QZv#MKB#2Ykrs
z9|7MK=SXlw2Yhw`%Rw`je7IfltU*1Edk58I)J>993ATTncV+qg<3uQxhBGGTFE=~=
z;}`(8f6$HXA9Q2;$1RThqmlg7>JtFO`o}UPti$0~84Pcd5=ER?|M(mUUmH%WfBcHn
z+{=x0ZK#O#j|QZ(0q~}Aj_DumkX&y6Aepmp3?$h?QY~VW3TU*JDwqC2j7d0dOkqwe
zxX&`Be-Ps_97|G|W%V1OB%)LLM@wY*Ay^xUNxq5o50d{GM{tEHJHM$S3Z#FKf;xZ?
zFchso`Ufd!59AnwruPq0a2DVpmO@vt{vr8E*C35kK$uQ+a+hMdP^4>+#zlaiAqv+w
zQ))r0m(*Q@)VvM+leik;=&nKj-VQu*Wh|>$*Qg2X0Kz#Rr%BzHL)mo#)Ex(R4(b-d
z?C
z*WuEUz^<_PWrSl*D*q;#biFVv;G7XIrI9HLmy)}qaOt}hu!2Y~f~e3DE+tQ?jCR|zwT1!Kf`Vr^qaOrGV>h}bpw;^fg>u@PGCI13oqX=i`OMM|+`ZHCbXw%_R
zCfx<*>=ZV_rSl@T4wo|NB`{wnwo`c~T>1slw;4wKMI%9NRbjQrKEM&
z;QbdI;s$Xs!lg9qNVwF_?L3|&&xed2j}Rr@K1GK)shk||q@wTznamdp;Xb|~Z}SDY
zmM_SCd_j$XFIt)lDoY2-43?qep$z4ROK%;A?*hl+-;YL<5-weY^k)pF9wUMj65&$m
z_k{N5989?MbEN#k%FvZ7Xv3uhNF|tXX`O5Fg-%Y;i;fbqIzv6=)Mq{F4uBGhIOz9rH+^0TxVgiC35)G;d^
zE+vvGxDFE|4rzkIM!1xEmS*d4DUnn${&Xic>yCv>S=%6B!wBaF9SfJT{Pn=fti0rg
zaH)Tz%}s|(iKHIKpQnh;+Jud8X?Dcc;Zh>0Px0p~VzX`H7acBTZR&c@%f=zv1lQqG
zmah-&V8R`F9WG_tI|Dm51=rzH#`^<1F9p}(Qr15X*u)fEhf5is4eb6DT!%}!JuC;d
zItAC^QpP_8_Laq@=a_KmE~Mv7&}HZTty`7}m(~T?EJjc?0BDv8mmUp9H^b61iyJN-
z2y7_fPSZoU^f63i@o*`T)GhdP53#9w#VDy`giDu3B05}3Otlh!){zKh;FiOLOTPs8
zU7X;COF7@XiJ1RzIQhEaQqHIu@OH$BGLjaf!=C43N7rU{o;nS@6r9O4G2
zwoSOS1;7rL;Ak-6(%t}1H3Z#MOt^Fe(l54{46PC_<$>ZxKr;=jxc{&P;$$5zW#$sF
z*2I}?iZFG!l$jgB`aaHdhDaSQWoCXUo||z<(K+{M$Q8vpT*~zJpdJ&W>&n#OQYM`Z
z!pInji>2LS!le_yxY@F3ZqNi1F1;V%!-kL{T)Gw*uf}9jYsHO1hfApp{?|nKloZ!s
z4B=9GW=K*xHz6A?tvVS)KMtn>>`NjhT-pLyTZ3yeO}O+pq@QK5Xu+U!FyYeCU|eok
z8Z+V2sYt&)1vBB&1xR0RFvaeT>PHG;!lmzmwsp@`6E5}3P&OP=Ue-!~bjeJ(v=EFA
z=`4u>NFOxe(%zt*6{BihCR{oi;MH-0^aKf)QttkA;P=Hj+yYIwlu6Hl@LG(-UePW!
z;nL5*_{OrxW71Az;nJKNu*Hpoy`bB%4wrIPg}_=GT!vWb5jtGTq@E!3jgzEWOt^G7
zz{@fbOt|zWfOlpf*l_70fX`$im~iPE06)w?u;J403B*!M>YE!-hHz<3FbXY;7nRNv
zrU{pJ1mn0k>*WJ%+cDwNfnbb|vm9L}Tsj$yJL4?YCH)oQQhG{~negI79eR~siE~Zx
z^nD0_frG;&bR%IBDJMrr?9NOV*yzav(9UbpqM;QCJ#=z?`niSN7Cpm*&&7{6;M|?h
zCxs*Ud`dW(&u50S`FvLR9H0AzAL;W>KA#=#cOJ=~9k%Cl|L}BuzMRkJgfsN{DLS`2
zx%$LPbUvl}dwkzl-=C__r}23Z*%%~g+b;Y5oQ+uf-HWje{i*@|l|3ZI*FOJEc*#W|
zxnhfRD%_M&%u9X+DjWBkcKo34l=D&EOzR0N}2%iX(jM_)Sy_3vfXCaj9weW){&yN~2fYxy{K_laon
zCCiPeHhd8!%wi{He@
zR{Od9lTr8FA8J3}c;tcRdU+H3b49gZXtEM@CY%?Ww84)81yq@o=tS}^f*$V46v^B7
zIAHq|OCgfC+GK%99&M7+0OA!%B=2fq6hKfR_I@RkqH-d6yuZq36m<^=LZ%sKK;Qp$
z3+Arp(W$(6pnE4sJ}`egDd$PvL_rIX+`vHUM#9}F=&eXl>Ie{yjg$INo+i-U*I;@-
zGx-)Wlx{_V?#0tg)ibdx8zmR+=k!F!Q1Tx?M1*nIG#3}^3|I)_^bd%A7Aka-^
zZ_CBif$jxJ;6OLY@Cbf4QW}k=ti&qvkm7r8U!*Ro;*qzaisw}&vecvgk*rUk}B
z7E%vBjG2JMfxk=c2ag~e-IkSNuoptx{n0b&EQha(gbv%dmu12mx?7h
zabxn5lbm&22i3-
z?H-PY4EH|@bXS;OejsnZ+f0OOOb%sa1KpJX*gziL*gziL*g)Rtj{LeveromO0mK4%
zrAU~8!_Prc6e&@}i3Rc=M#AHU6AR?6M(UdeQPs#Bqo^`-
zxD;kteac>#63Ay6gwFY(La1zKP1z!T*YA9NP1oB8h@(z6d
z0f)HWi3CcZn-m-jxP_(Am9!-j=%y60TB3QR_H?A3OETm$#WF(K#V#PVR{<_13RgN)
zV$nQOGY9y?aW%1M9yxs#@HgU|I$VP~(ETN_?+E97xLxsDka`;T4ywthnHUKgWZj8R!r^cgNdF)O4S_T_sH;Hw2Prrf@QIc}SF!%#b`8>a2?*ne
zPVQ1nce@5@oB?<)QMkUDQi~g!4s?^6=YX#vPNYUSI?zr2{uKDuI49OM6k2ya4#~%9
zQWEHH1gI4b?i|!DgvTRnybDofGmGldOHw_Rkii`2-f(Y9p!*8wjpnL4y*k9zC
zy)~B=fo@7FFVI~EEDChfT|ChJ5ie-P@6zfB-|PJ>fk$OB3kc7hpq6
z=o~4~f$ny|j<)!*5v~K>rve*j@t%a+K=*|vT`vp^IA;X9X=I85-Q?~l&^-XF8$US%
zqC!WYn>?kG3y_px4LZgGo3fT28WZULC(?f*?5qg$rS0^m`WFa#Q0mI-wC1!F*rrEM^Q?#lp{TEYlY<7^$6K=-|1ER3_9tpgM2UJ1s!
z7)xhn0^MH%{3S+EsfL?Cca@naKMpRx)Q>n<2f8nYrT$?c9AQY>`8v=|P02qQ*cpVg
z^QFEJ=$=4TDB5(On@QJ!IXQ)mKzECXtpnXmdJN1Z#C9sr1iIHE{XK&zqHE)Hpqo0A
z{{xbLwInA(Z35lZ(ODbfkS0JfZVj72_u*g^Tb857d@lHOfWs_-)o^E)wrB#~|XE17-F*0^MV0;Y)CF_*bCOqy)NWAbqaE
z)C3|(J3^pa`aPk&J^Ztu3w{kLAK_qqimqHi8|WrLD!~N0vu5M1cN~u34am`zMxdKK
ziWlI)6KNCZJ{l>PN$#L~^{dibXU-7`sfZQutRj^c7j=hcC3CUpj(hb3{@
zgro!AOga~Y3oVIk(jGE_?uh{Jumr9-ssPP0f$oRFSYlbMM)J~u?zyN~^(F}Gi8PlK
zNSi^Rn`TEHZPbBoA}Q}aWP(GQps*3>rkx{0Lj#-BOFW^KYopnF@y)`4y!sh9C*9kJQA1Z&fQ
zZr1iSux*61HoU`g6fVQdi*51Y$=j2-66Wl;I=lcWjUx^dt>jt_xqk?%@p5kyak`|)_-K^*c5RM{}
z)1q{so0Xga>>Q&+yGsYUS^i33*QUtpKsU?Z4Q!5;&*Bzs0^LiH{vu&q2&b-0p!+?5
zpIgGhXfQE>?wq
zOm7Hk^B7%MrVey7sVfMl#zW`g
z-NT^Y^F9A}pQr0qo%5bkr%uJLzPAhXnZwKt9KZZsRx<3W%=QNb6
zZONhs-BoWwtH-4sOY)XLwrwSEKYGyJ3$Vc{sMQrc=spU}nQ4Ib1bxs=y_pr@pO?l+
z3ydCg3uqGnccwt%73opdn6D?rBMl8(Sze$c%G!n<(EV-hCxF^QHyo{+emnS;>=JiP(>086@qn2duKOd39asEWNu
z$)Ats+8>6|qoMHdcy0z*vJZ&IbKKh5j|}^Gt^s)5_B0=Jz){pbo}gK?RG%5FQSvsFHwlnE9jG1vtsRKoQ_v&GO+S6W9U39D
zaV8uz5Sd7q;?Y5WL$~qA11qy>bac@7RC)%e=TghBv{U)^=%8Q@_}7AW6ZwTm>CC{R
zgV;BXPlk%vqk~8=uON7{oCuB%Vzbu`$gDj&NI-epJg)$k8Xz-yHaa?}G3c!$o*`UU
z9q#C${$P%*2ynLUC}*aDIWG<9OZR1QbP!!+cf7L|9vxI0Mb2CY>3>8TtOF`MI!Hh-
z0Qnlx;x6@#JvvCVeFNT)PMh-W(Lo|#ay!N_TuJ$Nv@9au3B2y)C#vh;$`|=@;7uqe
zzeoAv?M2`%aq=?JXK{282OV2C_UIr1Z2D?}GP{
zlh@pEbWlS!EKT9)AdWc3{|>MNrDp8WK_b`m4)AD-<=LZyIA&$~mgCu@gQS>8l1CG*
zoIN^73bmL#nrC_T=pd21q?}yiYz{c}*lp$H?9oAD=Tqf)_UIt7b5A**JvvAn=--*P
z(;gip&TB+o!cKd1kjV8aCuffi61nkCPAepNbkIWZmf@1-gVVBHm&VaSS`Xx^T=M9k
zn?SuIEvKO5(Lv7u@U{anmdpW12feW!B$Z1Z9hAEZ0}C!Ss=OSI4qEdtK?Gik>uLu~VC>OBq}&7kBMx%_-KbND
zJv!($@c!-i2_5$6Am;Ncu4;Ejr6xwrXPePEJ8O>)qDKw@vMh?Vh2N9$X(lbB~fe>>vIgl{^~HHwOk
z4*CuV@1CgK;yVRIM+emev#|ptG(<-Sbp>;<15ktJGhR$}M+Y4Z$Seoz8e0+_9kd+G
z3sV5qqg82-4!RbAd(t3I))gEbvO5gi@W5QtV0
zN+)>jJof0I-jo{vz~~5M#GMMVM+b4aWM%;{pPC@>4#|A
z1HcasBrQS=)8a=*2Ngcxc@1!B@#S1?26p&}jt)8yh#nEj8f1?SlDx{mn-uYNcvOSz
z(Ls{?5&+I1NJi6y)%NHhDcauwxUnLTJvvCT+X28Xg4nury3_3J(Ls{k9ss^^nq<~h
zP`Avql3l(FgXnpO>$QpWJ@!JJHb`Gbut-RdO8RfP^88@
z)SvXZzEXnbnNU*MN6`e)@|)sgp-X>Wb4N7iW@BJ`#~mLja8ib
z{!rbE_?@}@6J_1Np>8s?dD#idssr-=5z8=UZ)Oj{(Kl@(Jx3~dFxZDU@MbEjDauBe
zW?VY@WU99&s{{$laGj1Tvo#hNYU;2jDE1h|5_2Q2TgzdGnK~Sv6gyL~#Jq%ScRB1>
z)8>usFobj!n5zPJBkxKuF~p^AQ1&8a6Td%L?IX7S08lYYV--WeA01(A4l837Gr?LE
zu~kK9anM>*ReUR3w$d|GvOB)PqfbLky+cI<{qkg_Ba#Onf;yXE|6b~ScWlM
z4dsu_8spq%kIecI*bq5Y!QfGjBeSHgNml`TZq~cd
zHw(o16cDSGZO_dj{%l+qN9?4F?YUW0u^IfW5ys|V&&{HWf8lyLVkcdUbF;)12^Z7O
zgXn(=MlmKqTgKW~KDwa(zwCZ?z?UYj8!XZLczHL=r2FeB}S4I&9d}IN4f%&ilOeA2A
zWc-Z+UIFhj$8UndByv|1f3~U~MaAP1>y22antoS)WAHjSK21^3Y9sk&wMm#EfQ)xA
z8kBIK?m>*(ZCS-q>oV3i=ybVqOyC1%k1TA@pm;Nc1;#>_x4
z*MU{pXyvo=%~{}`=lH7Z;!d*MQ1EyK6Jxd^xW|EIrC)hUg8u?|uQ|RdyR?Tav{l(`
z1ruYu$1z>v(qbszj(oyz1YWap{AG#E`hqv89RI8Ye=>M8%JDBuFnq
z-llT=zbju}C%YZI#~fb^dwDxqJZfP!Dwr7aIf8E-Sot?3_*HhIqvKL%RFYP5kMd1R
z&<`Y!z1*+?>cn07R|V903K@(7V1ff3AGeGpc58=B&9{>72#VO5pssOZC&jv(C`hXP
zCIIerAjV80gG-XFrFlZ^T>!sIi%AAry8enZxhK&6aV6Tnnt4G&RcipcIuI?eW!bDC
z@$pyyj&z`9u?rSk7m%sCA5Q2#8`LYDn3PU3P&41OX5IqC?Gegqv74om`7ZEYBcGkp
zNamVV9lg^QM}7mqZ;_HDsDXkc^U^0hZ$DgnY3iNO)Ej^y1WB7nWY;gDX(|B6Rix>N
zgr-#hTvU;!NeNAx0l2FoO)C{7HxC(|!c9G?mk-4#Dk817Qu-US6DSr@bIXz2;f)g~R;+B1?^6MlJ
zR?&ddSy7A`Vyxb-s<$?gE&Gdrxe@GJBMGm8umUQgr3uO9;YFSwGI3%F9#r9sIn
z1ssopksx>_?Ti|IG<43Q-X~ei2WgrD+FQVKFwb>>M+lImQOU_Vs=NfsM(}TOn6GJo
zV$O^)kAwfb!xZiUM%Iiac6j>;yssUfS}p%j6Vl?^(Ap9g{({-T^Kl=BNJnq_WbE;a
z=_KKVD2QPZ)xl%A5$Wi$%%0CdOqz!&d9dxesW~;0n$~qO~
zb0U_`^U8lj`F{uR#)xk&rTodF`q66qS_i^E!G0J=sDXQN(;spJ`bF<{DO&C*jKMW@(f&O*pGTy)5FGcVqT!Vc!JS9gh7G*=OT|;)TM0%<(=a&+}V?
zP(=WTYAdk?E30ubAFHxJ(j^M)
zeNZvKp@|!Dv1$gHoP#sY9;
z1k%dtEWR3Rs=v?Hrj9LBG&|1eKwl6^=s!)=wj&g?5xi}VPl?3eQ3~u9LFNe{UUVq&
zqr2ae!9-^=_HMc7lR&zJDe4&xe%_8uMLIv3QV<&8$}FKT8?yvOI-hg|wKqA->40;|
zmW&!4iJ1Rin9!E!plETy>KCG)a1<@gKNB+29gCJ#rj-2KokEyy7I>8N9)kwtqpv&35fj6V*u`N;sGjpkXa~etg@KLt7JVwmh`03ak||29OQ3sWu7E!vM4-USphOC!6htpn~X4}
zlay~-f_b0=i0;Rs1SU;0l0PjO1;B(fNDY{ww#@@?iQ~USD`bIR`VZx2E(G(h4j_e#
zy>u$GYbkE>{PR%`X(U1E;_&vDqegJD)Z)uf@dnlGW)_Xb%w@v)52!y!9P=UBgN1#X
zR(~-x)x{-}=Chc;Liz2%>*@Gk$Ld!}1&;=6l4F-|9#;$I2M8?z#{5QUZ5|tiLvt=B
zNAfKZyRNGuLyYr+Zte=rzXJuaKDZ}riSE>$Uh#U9?qyZ;4wvWW)aJI9CX_rSoSNW_a7r4B;k(3PlR=$l^Cts{#0j1Bs0%i;j1s(b19}VDCyp)PncLw)epL+_9U}3~h6E|0k1$
z;|g(!iCVU<%z{1B(>6zUM-A^DxG`QWauBOYG*^;ssC)=hLFuw=!N}K87leCeJc*?*
zWwlV|L`bb*mfay?L`)H{M2IWE-RKaVs5mP+?$DzM2Tkc&JAi_k^LjQ*#Q;1aAg+KC(E4uMGbUN
zG5-eh%Lt%L67gk`T|J#nx%}5Lj^avaQIH*R1=JRR?hf=olgQykc7N^^|;KFJXN)!=P%d{uT=6^?<%CtWojrzO3F
z1$iFSS1CbvSpGug|CRi&!TW)HF>fa@uLytxtIJVN=CMYZ0-KMBGaU|*Pq$Sph{(#Sr9-on%Jcu?Vk
zQa7l4M72_V+^G5BEsVQF#~U?Nr3=rBH)?VasfH`_4Kx{1C(ECbXrrbDn4KKpbLLk^
zieWcuegkC$_=h{p9W+2OcB6)v1>i4rm>&?+C0evmvj&uPj!y~8w;MGNgZDhHy&a^c
zH{wQ3GX$*H4xYNuZPd_du?s7`op7NPDQ+eQI3AiV$9!ofT)Nn9QfpS|o;kDC$~_h%
zHiKGo{BR4Dbf+fuL#_Ebm5dZA0bvqEf
zP~9_h(xh3sVi368+bEp>CF%FB&6xisISjp47BA6%Nv1;Cg}BTi^u-3mv?x{aUy^qx
zVj)JR6t2Sml2H5wT(P)e(n?hHUlIdz6ir#pQ7!sWhiTeSkD&2vNy@VSC7~@{9ZPDR
zHd+U=ux;Oq@aLo_7ut=&B9)QSX@{h{^gUo@4`}idrI6e`3Hsl!l5av
zIi?Cr8}ebZIcBfI(w3%EfUr0@HYf$#|5$d>ZR6sWj>
znarj~u0|~O2;UOtleuq?Q2hCnxMA`SJmSF|&5W{|W6C46p)NrS_VNgA>Ec-85!#sW
z$n>bN^oZ+ZG5|LO&@(lrhi?Egh>04r^7(Zc(xQv+Ni!};VeXAEJT%O>!21_m?G%X;
z{$RnlAR4gh&j^2kifc{Ie+eu5`ZL2O6oj;zRew@g@81dj6y*b={g~Z;H~>-;?Dkw$
zla#JExVdU-0Du-_X
z+SqsTgvRM)|2Ydbk
zS{Z}b$&ddqYGG*7)Rbz{2SUXZT;^&v=|zaeO`3lS^2ywHlcxA}DRIN(A2jI~9GbG4
zW2#BhhA+t4v{#d+E%_*pvZTJM+P6~n2U+&%1|au#xV(;_=+D5kY|_l+hgm9!xBL)x
zY*H{rYUR@d*59=knXvgsc8INgk_vNzxLFjGE%3gW3J)#>MFaBG*AbfI$?ga(UFU6f
zA_>S#qd6YuBSWcE=|lz7ftG;0L@RUcO}D4`_SeYj-kI87=WR$#TIRWw!X-#|H)pSAX(~5WYd9FVC###eo&CM%T85OggO~)=LDI~
z_IA{|2*cxpL@IUIq8!$#Cw8VB#g6bs%6yR}*+mRfagcVDAV0O{3vlJh7M*q!d4m9S
z!vKnehE1|KN@UYP+EL`qPUS?3#jJ=M_J#<;Hm%*PJu7r#G=^^6UZE}
z(F!_v>%m9}st|Cz2SE{NrwA#|^gC%AY6eP-IDV
zk+?@m%+`+`H;5dbQXnoT`Hy=`G;R<%9}3dhrTla;*y1Nvi~5NZlh%#(6A5=J&Q>3L
z%iezaDv6Oi|F~CKKe1tU{9-RZkt|9Wi93|U(taXfQA)x8u(L#dqJqnzAf25p;6iN(
zM;(ooJ}@%0@D@YB+ys({%(d}CZhXp*w!Kf`a|r`o3nVa_G6;9^+g!^MGB*>JmDn8FtA-;Ex#Z#$lcB*
zhh=SRY`b?xxVYIerjM%*Tv*WQ9o$n8r0u7zwx6%B0Oadr<7>w@_Y-g}<0m@$_@xRt
z(9{a|Q>vteD(QbEPOeBQF{0!kkdjK|v55-W*2}%Jl}SNu1Fq?xLJe%o*vV)A65;TW
zQgI-cQV#$iiDyw%iJZT`rEo7f@z#iB1Loe}JCKxaKs9E`I%rQqxJQ`%#zJ^wZnhDk
zcd7^J#M}aW$ZpWl`U15Y&3jA&<#=oX2J}+tGw1Z
zkyh4eTrF{3$JJts!-o?WL|U0JwH|=h>gQiKE1o8vR
zUU()Fb@vQ(ndG{WzT*Mr5?F(6t~@}#^7n}v5s7^*jI`3#fe$@vyf%>}7aB$$IVB<6
zUNYX82*T-9H}jK_^IpN?D1z|mmyt(c;+gEZaqqbp81wS0;4`pgNGyVPMLOKQ|6|6Nd5zCS4FDc>Iz93kI(
z3QolL5y#9r(QEjUh`9D&GR#fHxN735cM
zT}Zq0tG6lSX+v#ksj1$hpz_c5$8gohByprDBhIu((31iOupKj|Px!0%tHYHc+iaFYIPulkHQyQ=`Xl>#i9Va&{|heB#Lz3b3H`qs4SCuxbF
z1Lj>PAvRM?f74g}3;~IrpGbu(r6k(I**QG_8u&!F#JhA24+EkLfL@m#b=!lj@t%qJ
zLA7}#n9}=}5+m(jjuBBcT{~7j`xjIsz9+QO?>hE-wf)|V@9w|1L_X4NyG|)#o?PZ^
zgaKv`o4!AOxP@SS1WjnTv(Onfykm-h?k3*}rp346#
zQ+|Ktvn`m#;GG`v_0O6L8k|t_Hvl$9ApI#zw^0ct4}iBb;wP1iQ;?MF
zJpeu@h~+Yj*}^r*cH@1lb;aR{d~3k|b`o4U+(v
zU6H0~iDH}qz=aiQI#xlfK64`gw?-iCVr&#{uJL?YHH4KMu=yBc;^rfBOu6Rs6O?(s
z!~RXY`xr+-*L-S%-ZOpKU{^(&Z1Z9DnLPk}5rMSTuu&wM4|O$UD==M-2}h#!=#YM_4Cxx5ofzupB<!Rv!l-_}0my>49Evm-G0=lS@?7juWM|q`ahOs|eR5b&pi<1x~
z6!RL0TXaz+dPakKD1j`APVi3*1juJKY1LyDG&BzjXngO$ohZN0u;1U=@0x?L8k&Vf
zYBlr%6m5ZSa};%x>)F-NQ>0E~SsB>X&;P&GkhS}y!h>M9u6`Ex8vz?-0rMjwI*!o5
zxJ7NLRIWwMf%NgXGJm0wsTOq>$ZI2(SsL?gi`oRh%P&BnglEY((y!=!~G8vtNbCTNHb9D#TLG{s!dVB9_?`^R2T>a>i?b
zOGMMomPZUpXA@@zAQ(-7AEC=I=A12i29dKXPXk+})!9cPhy8xs<*L!QY%T
zW3E3ernCxZe~|2U0P+F_STw`fpY@0DfXRc0R6>+cEY%-GPXmCO63CKhrHIFUHcmJA
zyc(8s_Ms3tf?_8g1F@8|7l6DpVwn{&-#U8@c5G52#Ia~Cs
z26ZigEJ=Fsc@X4XxMc9*=C2Gsq}ns?#Ts!C&DNSC&htB=glbIg>x*QLGS5BHS*UYO@I@!!6yILq~b6iq1!`PoS^P#{@a1x?~VyR{>dKQAZm_U|9D@8o+
zvvE%6z^p&e?cO2S3|JFVG&B;=c>XHTcR?79wR3%fGHxt7rfRuLdKc`E2pKjL5~)i1
z1>{_@Wtl@`zOAHs;5Co<=}MAkoXJWe&WuDbo&qzV%P{6DiO+akCCMYAWF<|f^lAi`
zIcdgRCCT%)WF<*<_XF}21z0r0*q>F>7r^}HBt!|tQk5inYQc^5aY;$iW6>~>C*qQ^
zh)-fiv9NR352%j8bv
zW#l}bQd%
zqUmPNpP;0sT;j}u2o9paF0vVO&HOb|qOnMRf}CvTBPhKP!7?Y!m}}-A#M$ZkMzY%o
z$TkYFXoj&rYvwNj^MR8PB@|0FbJ6n~s6JdNCDBR|kNa$#ZcJHPqnxulL!>9gYRxY1
z>@gr85wT2@m~WlE0KBCUKkaP!VL)^INB=^h|R4GVm^$J5ZQX8|RLg*~Lofk5&kzY}x(KX_8a
z<8}OQuss?UcuG$+ER02gqhaB2#9g0X;{+D>`vC$nEQnJaWLpA~cdLc)KpGtuL0mjjD6@xMaU<#rq3M8H-gh1GVVwd$o_
zeRhF^SfvtN1E%LS3L3NvPr#=2MoBj4)}{44SfT&LZO}s=>zb#b`vqK?Uf_9+Dc7L4
zus#Cy>xg6IkL&e>-B;M3VoMos-}H)csjzYf2$xTsTY%G++`&|>+#$lH^@G3}QBHP*
za5*d;1I}zG8@F+vhcxX+GwNI+_wamlyB$=8>-FYy75JiFAgvP<08;&{~BM$
zY$Y|T^#({9Z(fIw7Y69B#C*n;-lE=v4%4za3-32`%vLq|k2(dmuI&oet4&?jg3=GH
z_P$flx#Yht-lZht^mMIW$Hlvq#QM8e@9OA1N)C4Mp4CUY_>gLGzC#oFUXifp%DTin
zYl1MKUwl4573+GJ#@6+&9b449PHaW*x{|YPUlXaIFFMANEMivwn%1*LwrC`1VK5Hi
zb@E7&oks>H9i75p9th8w{aGVD$7MpgauqQQAbCE%p4T_(^cN1aoZ#s17uHSYtnh3xjV>L=|p{27o2ES$H=@OL~t%d&-?q2fSd
zX^lQCRXrzX3hBq;XWVVBbh93`4YY$gGdiyU@2SZ5}BN;;t(i;l6O&mWz1<)Lne|sG^o(n7BYr%@OV4EU+N|$o~L~^80iR+4u7MbPL(r^80iT*}wAp^a$Cb^854($NWfqudp(f-~48m
z%J0)BWOvE$(>G+-$nSG-$i9%@XF$kypWkO-c&B_14%u+?`wR)$0Q36{3+u}F@R02-
zzt4zpw0w^Y*^u)4j0)Lc^81Vl*)Hf_^P&Fjcg%OGS>F5RD)Xm=@H@JyxJ=fmlf};13Cox``P(#K&OPl0bTOh*7e1j
z1G-A0Sh5<>O%kP==q`yyn&=^k7MkcOiT0Z4C5djD=q-u9n&>NuA)4qXi7}e!FNyJ*
z7*O-FcE+2mi9yxZBQaAGL&WL@niwjH6Ercb-~|+6u_i`VN#QME?3Xx~us%NZdbOfmzEJtqRD%x^MPIe5<|
zQ$}%_H3X)Bf2;Ia1aMqZ70UZbXT@vClc6mkhkqVZ)q~_o*3#ruZh-Q3J069P)!z{h
zIxQ2j^%DL|Ie<#Pq861jjf~M*V9=XNS5PM-vr~V9+{9#?|Y_ntjs^|kX@daYbJM&ZJeG>7k$SCzyxPN4!Xihq8
zRqU`fL`h93Ky%Gxr2z~jlMN(Ug@>v7+2lzzi8PZa2cYD8gm*6X1AV^!}E>C9D-sybR#{o()#1^2`X>NSfL2w!E}Xod79Pi9^5wA6*n
zn}eoElOIpMm`MwCh8r|n8to#dHo-bwSQk{pI$RXqSdqf}q!~VvmQp+W>+0YWClO@xvNHBm(p#hNITM0HK*WKgP!
zV&T-&L{&*N(nR%;i^CS0s8Pf=-QM&614GrRZ%ILKfW=aymO5QLvy)WkYF#6$)N$g}
zJ&}|)2KvFuA1U%di@oL5hlgujwk!l&pcU
zn+qi;;Q*5%)aOP~7(4@R7z{%J!r)N}M>OS)fNuI^iU}Ry%U2lqD8mZV4&fP+-TvJQ
zGOh7T3$uTZ(lc1TTyPh@kPkvwA)!+8n%m8jA*J!g#gN+ZX2p;?@dm|^y78vO&;v@3
zz}icey+d2qUgY9!YOi+jwzW69c!%1@x_HMr%U!%voy%SPz&f|Oc#oP~Hmd$!B^*gL
z-a8TRlZX#4bvr#n6PqMMhs7HvLx(5ghbLqwCg{^^+~;hVQS))cW%WLJSf}8uws!SC
zOxNh14DG{ojjmJ3us*Vo)>&iN07>XXF>IhDbZ!_nND?|X3>z$o_Nr}&B)Vy0s3iJo
zVwfa`Xkxf*^Ni8N2uY09#3)G|qKPq*7^jItBvGb`GD#e&i6bO&m?n;t#NnElB#H5w
zm?DV@nwTbuiJF)$i6b;IR}x2R;y6hhr8CN~lVw9?0~{$GNEVvj_0npGEvtD8=wZ;e
z4W7bsYI+1o*@MCs3>*CLs|s%iN#j?`JgD&vGFxbTQv!2K0&}ZiUXiSZSJPoW4ETp2
zpMOBg1^n+-C}B=a&dH8r81TO(DPTxJM}%?*WD`}2cq15S
zn;lV@Ed%UT$$P*7g`-#)CPMdPdE_^3MKq>2AR59`q0c&}Lvqw3b#A4$QFY7jeeR70U3
z$1;rkE>mSDK!$l~4Uc?Dpr<-2#~*Lx_d2ItT8{jqk~cfDOx`137ab2fs_OVaEA6#%
z`o7SAPP+t)cwbaq6Mq?}`}5(jSpRqrcjBBrddUFDYZe#bf?
zW*u0KiRa0Zrm4EtRi*SEN7c#ykSPTdC)+3dnQM<0muLd=x8bG>nOWuW?w0=uP^
zjN31!$kV)W%~4i7Z|w=8ez-DJt)vXb9O|1+g#Nav?1)O6Ac^%0
zJ`&pBHc31yp)X;cgq0-BrBuwQ^xPk)&|fbEWh;t@b;j>4m`~a1vIAnif!J@f`*ql@
zzLMV!l$|N%lFnTVLiKTF-eK94y{d>>gxv+KUXCsPDLYqg-q1v7mOPOzExWaN&mfy9
zE_*M3byvK+3i_NI{$1Iuff^}Y$`87p@XLM-w}XF!$dvt5%#BAs(;y=JtOS~eP0F(0
z3qAmND)r+pSk=}bH%%B*gW2el+_I1Jh%i5alGg=A{E%)S*z!M7ejV`IIldH|*_&Ch
zrcV_)0I1Op`58SX4W;ZeA7W~~6Vg4iQU>4JS3;s_L#%A+%Rc0flECHrAF3HBSzbPbJ%HI*J
zZspkD#s-W9>u|?zOtG@>g*^w<6Uh;Wv(&l{DEqA{^Ytz@tn0w@S$g@gK-mNJK1cg8
z{9~*alpU0*T&Ek_rReOdk0`f8;bT<#8}%uxpR#s?{9(jWw=4hPjM(!tcm>cWqB^I^
z$lF=;56l$EAnUyez07@VCVw%|+M*806vv5inX2bHPFW`8lR1SQnyJj1)5Kw_Q4@z}
zO8hC%tmV9~-j6J&Pn}A+zkb!hq)@Tknw90u{#`JpnZv}qhic)>$0+e|O?ETOd9?1C
zkgOaPkyELKJ+)=ZOU`xA4*k^0(kGTG(
zqwJnqdBX1M*e})`K(^|ASre-2?$Y{#o#wEw)>=TUJg+XRZ**|I0;G+&GW-*OnT8=n
zUnF1Fzyj_8^AQJNAuOPw1-uUC2M$2XEugUl{0vg19#Iyw-2$3eKs_*ayJ^psNKu2Ig}P
zFcp)H1@yFlkHGxe0c4I+4ZSTO=!qpdF7-FtmetV50$PH3U;$kDu9vE0n
zN9jvj*y~JxpoT<9%RgE*vD2BU;LR+@pRBJ#W}h=F!8^Mge~Pv#b~$qmcsG>ePct$f
zakw-OgSWFB{}?SP2T$`Jczeq6r)&OvB5g8#FzMh*Hl`VxKYO%k0$z)9{9_ZI>JQ$K
za{O5d{#5X0mgCP(@K=I&b~*l>1pgZFZYal}o8UhT-p+FT;}ZP$z}r)fKQF=09E9@Y
zN|t|qg5LzZ7UlR068!$)4JpSzKEa;~-pq3Rg$e#j@XjvBUzFfq1Kthg_$MUz4}-U}
z9RI`w|2^AHc&y9Gx2vy@QNsOx30&r_Zp!EsR69ByEKyuftnl|XsF0x$s0)QV0
z;=q~AZc_qO(hvXt#HAq7BkoZuBd(HFaglnb(bzBN*2Z=2S
z>sJAA5kWHDCp6ue0Br`~E(em?RI|G$Vf}Leyg`r@F#)nEp|AGGD5u?FmhF
z0cb{$Xi9*dPH5^2z;LHYre<~4D+y;!2jDMG6K&G@Mv=P{$P0nGHjOL~e>(wx5YSx?
zP7{+8*&Z#7n7;?89~@G2CVcZ*0$J@~+>qhYswj{AHj#TTpa!Rqwr1_y?xmqj0bs5J
zCA|1^qK%vdz-103c}i!|O37s8_lq*M-v-onhm;a0kbVOBI#6Faq$`I>zzY)a`~kS@
z!KKBP2Ax0_C6Jwf>O*At7FI0*8V|rU2TByXdIGczfb$*5nP_hTwl=-7J7#M2LBmV|
z*ZoAB+Y#IwiP`m23sq~L1^pfJXuRIkaHqkdT3OV8fhZW5Lh;teB%rM=v@u{E98?@G
zC^f51qBO&SI*ds1O9Ip`BkK}bcPs#4X+@w83DBhgtcyU_8@D&;&-(_=wv+xak{I(a
zf}IZBo<}>E9hl(12i_jX*PD=SwQn8bly%WZhQyd6+(*^GCGPW7S=R)=9eAA`UvDRS
zs1JsLJTYR)JY!^?T}STMdg(nUSGv}v+S??HgIr!J7FnV9mS(J^>
zyAc;|uP0=xa9QjJrGceP%;?UDsTHWik(pxNAQyW+JEg3o53LjbYWI-ii+Beo^h4&=
z;xGL)zOa~gYZ{;5h`;cATkakYnOcPtgEFRxq9L>eyF8iVo8a5t(}uw~dsFv$Mykym
z2VIMBW!6mvb20_WzEOhHU@s|WB4+aHp(eQK1*$uLin|U1~
z?@(+TbI@f+L(BUwbq=*Wb59ItWC69nY~lb95inVd+CM9sh+V*pQGK1uA8kUBkfI~pw9Yfoe^aYcTmsgaAWIi
zL#BB9h{!iLB*xFxz+Xn0)9I;m;ygBG>a#Z)pIkNTri9!MPvdf9g{mSw0O^o74fH$Qaf4lN!
zs#^-)igNr%68v@GZHoAE3u=vcJRT=A+W~ki0@+sngc_N71N8UEyO6%r9`G;A`vLUd
z98aD4bnKx_DXM5cT#3q1&@-{;Gra*Ak_Krm&)Hm#26Gkxv_Pv=$Kw|>jgRUCM{DZk
zj65g^RCu=?E!RPCLnQ3IqYdm09k$Hv5ktpH&u0sHS1`pUuW|8f<5CYC@)iX>M^?1a
z-h|b?&j${|4J6E$u(E^&66*O#RqS4W-WmCeki!(}%R8&+Mc8K_gXFC$BquP+J6lr4
zcB3<|X{}f2n;IgwUornyVf@p8mq!SF^H%5cBtsQFzkr2^)Lu}PD~eL9_CitH%}k&o
ze#~xQKg5;c-^-1>7a?Z;07e#yg{j+F7ecjuOtpxE#~FN$f^6sKwUicMI)T}pfRCm_
zLRoE0z0fn_1(_L*=lZxZzs1%rh}n(6YUbGTzpuPYTwZ;^8A>i)Ve)67yp8F?
zyh{ag6j;+Dw*F}>?=mO66r9x&*RYA`)T^0X?rDj2Ut=Sc
zJgnijIB>xs#;b`-eINsv7XMZUX$$tj4if7Vu(qGA0zMp|qavWqX`9<8{|h)v%W-cP
zISzamgL9?hs@6MY{J0s^hsj}IRYx^uaTwT4?s8rCbpSs|fo-V|n)|W}@Tuv3sQsmA-*BGJDnbhEOgHnq+f#mtmnGkN<+
z3ZVA5GTmn)$G$`b&9e4+zb2b&(ily)&}7CYTWT_EldUxA+vEY7%(KbXnyh4#Z8Vv)
z$+lVf4RwIx(bD(D1&vH_a5h)_NGy3Jtz{0zXM-V!{@+af;>bb?izF;or+4`()-DMyf{4^u-(XQTp9dGK
z^1oyYSiDI2iCMcUQ0_^pJh?3R8t7kfW#U(q#LI#r=&gfGn0qY?T1Ff!3;6O5S+4~n
zZ37t&?qNjSHw)%JhCtV=!KkcsB$@pe0C27YRWzSxJ$!;gvaTbWYk|LsGEY&bY&ryo
zYNii?{G?O&O3Xh@^L!h;PtttZj|fhQZOR^wkpP$4{bsCVnPT<>uVuv7t%~5(SiC=2
zheT|{n$>As^I0AP=Kyqk1hjfii`nObwWb_mSH|p}VC^c$K0RiC1lH%}
z*k{D-O5=@J6_>go-nI$Oj4`diZy#Z-`DexKpM
zj0S&F3X`<#f*80Mpo`ML_tEmS{mAUE`Ck-^`~&bu{|6$M#UgJ3{*4on`Ib
zkI~^oj6t~66Eb9}5m&^R_TUe6m{_BrwQH_Z^hBU0M@XC5`m9?6ECFkIIriUFl0)4U
zVEx^(Rq<8Y=eL2plPnGg>achfpax$Zj~?#=`B@5WN01GgnK=Th9$Z>z>An)kIzaQi
zMv(^q)x{yDh09zST$`1ZfZWRl*Jbkw(m%upCubXfaFxBy4K`&fj|FRt0`iG`o)zs#!E(tVsv+CTl1_oddy(O9^ZThxs4Nmo;vFR;3
ztCpGz1y31M1@ou)LPvkke*hAjRbSq}iW`7^!ckaRS<3tQraef{;EHFFLy?+{D-+B|
z4V55BFc*TcIAVG?i=MCM;mh12@w^XYc_nJiRRG=;fz_g074@;)c=9wUlPS*72D6jE
z+RV-KNr(;l5UH=oReai@EQ*tlOPCcI^t9|l8W!EO2e4-ZP8syJ{J=~mIT$412@y~q
zM96F>yJc^)yg1+o8r8Lp@_sC)$s3QxZYCpM;zs^jsJWG@HbczZMcKX(_wpK>BJNZL
zcBOW2C2IA|i@?4f;k^%q7(8g1OTaMyWq_A1S-jDn$=%zrnBKiSlt@HDn
zm1Odl;tl|Bbi_|QUkbjcBon{ftIq=91cIaxTnBp}X_h7@s?7P|s`MUZe4}|7C3-%M
z`B+%(O>kYM9NqW#NpKh=p4lQS@xaSa^)55pNsqlivlHBJ!TH^BUn5t$&!$R+Jj+9$
z83fl?s=~HktgDQYW$6@fbp-kA9Ok#J7#
z7Q)~caDASv9R~Nc;XTN9g#IZYG?!>j!Z0`-dtkZXI|(&Dqdk9MU9%m982Vd8trAv&
zxx#Ek7zVFOycvEl7zX@7F8(Klo)QN9ZDlUt4{>u64<#N3e*+~9)^{VFKPC(V_AH-1
z%ZX@C2%%;2b>_K%FO3fazTiBRc+SRmfszXth5=s+o(ql{#8BhcN_-2#FyKq9a{*r!
z9tM1oINo1@c+SRu10@$Q41;MB|5ifA!(b6^2f|=6!kol&LG_{Z4k=;K9PwOGI*b&?
zn+Np~&q){twT0UX6uhhDaMJq^XSj0&!!e^6Dt(z~P&~sh;IA-q!A%lg+nt(~!Vv%M
z1SJ=ojt-Rz9!JP`p#~=&?Qt)SA++-scc-80ovU34n6&?nx
zSfB6m4Ta$UC_GZpu%yx%h5=uz?AM$|!P%Hkaza3!62D8re);5%L>LBqFR;(|5a$BE
zf*CJEfnJ}lNe+eJPZ6GG{H^54Fbv+EhX9seeT4oxVRo8CG6`Y8
zxW84%n~x%48VNguaN%S+nuO-T3dC~~4}+c40QnG*Fz8M6SAxDq&?Mvp9R^PmSBQ<{
zT=3Up#FFU@KUqM9WacEqpHD#Xy8_re$O>fVT$;kI5q}iOVer91L??)<7KkLNt5
z1_EV(mwdjxHy7|V%3;9mW}iFO=))lRd>L>~sA#pL7-xulsr6Q2E?p$1iPrlhzEeWJ
zF*g@%Ko|ymxvJ0i)aC-d$2JU@h0k}*;@?#u_CZ|J8HY`9}W)NFK#3d5n@D
zAX)yUMLGR%%wZSHpRnFcvGiZrYSFV|H3fcgIf`m!?-GNlwC=Hyc43RyVfFQ$R21(?
zer&Mv>*}xRD1U^L7wc60r!M!Cop>Vmk6rFpI_X62-QwKuapIy~bMF%8{+g2){tB}N
z%^QO_?gtL2)*j~PXPMwfsjaIqqnL_udo7zpOSa;wGgk;#g}(zqCSa1n*
zAR!lghO(!`f*ChcrW(rTe<_eLVhRaiz_?#&HgOxSB!Mp{
z^=k=%?}0_RCFFZI{kB5R-a-RO$OQ*We2j#A8z}w;hY%Jb^!aK?ti4J}*m^7E`5sLy
zz(DZ%&di)p!=T=6;PEY)If;Tm@H!#fj3~$m@!weDwu+9+7=1txq~?N-Tj)EI!(brd
z{_DaVx0PfPng`<%&q){tT?zSBAk#s{iv+iWP>98FE?BmWxa=JaSKrByOt@NfQ8Fj;
zVUT+SLR>+k0U(Nb`d`e5zm-$+i3!k3W2Ey&v-SDr`7$qyk~15x-KyykKPH<2$<;44<;udxjQQ6fbn?8$;Jy|nB(^?oT;&4pYT-2-2WLJzY@hykguQRM{&P_dnE6oAenCw6w$<8D5pfY4)7X113Evo7U(zQ?HJ%=
z);9vRn#ix68DkGlV0$YR*bzx=Y3GkD179aP%obqe<+r^1DImFazf4^o0+U%gK1#RK
z^q45!i}y~MwL=O8KP*%Iv=%sP2nLld|Ilj2*EAb7>uVmrS0*Q!nyE}qGObdXoMgJD
zGQn$JqD*@7b;+HfGWwLdjQWFGnW^PyyJFD8iBflVxO;)?$`rRtygbI3n~P{c$7LF;
z4b~CkGVL^N9WgGGb_Cvx%AKmr+WBavM?zog>>jGtPfh!6*8hs!T~@7V3ry84o13
T9a<&-|ISV@{~PrhY4)C5?85pYU!#owtOh=!1NDy*35m?w
z$*p)JgtqLJPD?a}xC3m3xO4!nQ?*>^06Zli*#R^icL1(uE9?L_SJ(k+ov>FX=m4oq
z&;e4JpaY~bNpyhHwH21+lqeJ4MZ1#l?3H9mG#!_OciR<~WOs!nd3WzjP?A(8C`l?4
zlq8i&sw9cFCgUtB)vO=-mt-4vtPvT;(o{Zon*B9x^SRS>i1KM&^094~_=@|^hsY;weErRF-|5Ly;POt4+jcyjRRdMp
z_U{;-IiB_830WN~#P*4>$I9S5(`&s13#8~18#4Bh#NVVOm>t@~n07JXvq
zB@TLg-McMxtKlo#xpQ!L!i-qv(a4PcnAT(n&QCO?cyelfQu$%w2T1C$P<7IzDPGn0
zOuegB2ht0eZl+_ydXu
zv}C%K;N}iqL3)YjH#8kIjnRH#LTxZv~8i7s5EUy
z`_x4B1k|+NmdHJxs5T*YmsKm;0@F21OjN28roWL8j!kc{Bx$;IE=tHm#fa*`M5TJH
z>6oZAZB55SrRfSLs`{Tq^_A>w6Z{{=&ElOgk%TTf2tkDEv3ldXR4q>6Ps2Tmd!tzGjtNJi_pd1x9w
zUYAfC`*>Ou
zm0%t7SB%AL0f|0?Y{aa;15~N%_jN3e)){i@XL6k}JCW}gCth-j&6jh97{G`cup*P5
zVOC_CrDm8FnNHCRQ@Wu-?Z-p=zUHszOrc6!A3kU5rnEn2nmg@0zcczYaJK&q+I1xT
z(KPF1r_)RWl8r6=()w*LSTed3<;CuY*vE!%)Z)+czSk2R@`8+Mkk^qRy>8bjX(6dnY0l&SY%H0w@EsEu1_HieIUPKRqXK%?ZZG
ztX~VNI8@i-Ttj0meo`GCN5eI=uBFF&#XM!^o`eeCX!B#%zXYmV=I^cR@*+ETd&NAl
z<=cdg*h^-)H6vO(6hDovj&`6%pLmTp5mdRGAUkn4k;TqgwBF55$uxX(D<}Ff(-3c)
zxS#kGu%)%by#Sn>D5YCfu+BN4+&ZUqVx99uLTy}|
zJy#@W1JTPF+eHd!Ky9q}bso1P8CLw7wzC0N{F)x(l~(@T+KjI_pN*+}_O&R%ia(VP
zR{W`au;P#MX+1oVPh4fMBA>MJT=ATaus1K=T$nS?+_hr1!=b)*u0R@!gIKk^}uzlm=
zgmmoazACNLP1HBIwvxUv<|NOX1Vr?S`^H>Q#ptoobaO4Rs}tC`Z(I>!dsuAgoe5jw
zzVRh+(l`ESk%zvKTI8W`xJBMq3AJ&XJ^YNl`UaOPQu~a!zM+elxNm4W?i-p$-{|;7
zxKIH&XeaZ$$aDUX;iuuCi~DPuh6)4HZJ);IYIdXU26F_l-uN
zN}XMSQp;p}?u57?ZEe)7KN2`yuHeS6%{0Lxtv7!6LxeYe#W&CQyrqeJnr2jiSzmaT
z&8Ir@$*#R&xp=tRRoTXm9)q9St-ab2x^Vw6yLSEZLdsU#kgfFs5Sg`oHN7!P>*}=H
zb=m537Er_8%khv!KhN85mAEro$UHD%Y5Lx5RZ4LG$}7D}dWYg?SuwMIBCM6t`ZIGa
zhlpo1JAZbr=%}V5EXw>jQ5uW#%fGM+@O6sQwFSDQ1@kvIQb#`AClT%sBOBbsE;L;?
zIj7<-c9ChXX{f!d!oliWs1+sb(QTMpjaf}?@3zT4n#5q$ybu+(3Rj3gMx%d2%Iioa
z{Iml(`ox1(H&CmI7zeB0pyTiaE*`9wf+}r@N)v-sb1Y1ggH_!Z@{M;6z?q8?NIqO_
zdL5~NpF8b08pN8Kad^}w2WoP1E3T|FYdx>^?+I0fstKxoN~&tL*)F4x
zY4Rn0U2;y;_T0+--1_m#{oKxsd&exn@@zl^OTAuss@ZqZ3IO$?p;~-6UAi_!$Cw9zk>O$hM71MNDbaO4n$BwpnRxX7
zDk&39*kd|L)A35Ten2bq)6srouV8i5++Q+H;+;I~3BF|79S9LLcWwSJnLfI+hpyBA
z!$=c;F6(rygf4fV0--5h)h|t*l+rIvQ+KoS@~wE221KF{pEmMi*53lEj3g(_R^xll
z-iq^H6WF-WuSZySPm$Sm4Clska-b?U*8a?;D%1P4)!5k^?+@H#5eQ&Xhed
zQ>6DgGx7AP2u^AJONAA%5Ta6PD=}`M0#5LXhjnA7oKf*(!hb`u;eV_-_=-!hIg&gj
zAxU+V?0Ndzp7$>#qEAg5G3)n$DxNBKBh_NB)*`=>>g>j1G
zWB15u=jrItCmz^#L%Vh~>>gdM9`s6YOIQ;3&IT9S;>EW$%NwR{YnFG9ZflCS;|8NQ
z1fow|VN*brRukWn$n?rnw>iD)t;u+=E{`Ce4{&BBf+8xSghb?Nd`D{H=Q{h%xUlh!
zF#yzRBF}+#7+TV!pk!V|AeF@3WI=xgt$I3qBg)8UO>B9*jZzg4Nuah)}lfQ$_d{B#@cu2*fHjXRjlr`8nHuGaeUl
zEvVH*jPt;$6?VQ)fDxnlOWUZc9U#BMO?5t{Bs(7|()mV)__gEO*duXWwgFY@@)WmX
zle%12AUE{IFTP$z5V3N4jzbI&-_d=K;u9%5a@_>py&75rK
zNVa!m)8hZf-gkg!Rb+qP^3KgmdftQ(NPy6L0-;Oj7OG+;fJzTUksu@>Dxkq$iDlRF
z3RqTALEUw2U|oB6UDw_zx@%pKU0t_)zjJ2h-g$?t$bSC!+yC=1&y#!So;l~tnKNh3
z%$zRDV#aCu<@d^b7M#_hsCImj)D<2OqN#epIBrvc^F0&R#`pM=+qo@DFf`aL|n
zK)WP;c!6r;!wd7fAFJhdA08yy}t4cR2sjP7#70~a_8fW<)e&c=nuJyCE*x8G=2B56+=(Pl^ybKhia`}1!D$fRBJCMC^ap8K1f-_R(#EDYz&*Yu*kvts%
zO)x#FynY(~XEPw)I9yn7WSxwC7Pz|YXxmy!G?bRAJLMylpKFpPm>X1nAfTkSAssQw
zZ#D=MM2+Mo?*^2c{J9$CMc*4CnF@&pyng~ub`MtYQAkFv;8)0y49YQMVFfQkG+0jc
zf{SSL^GF33h5U{MlFy~KfF;WbWnil4v$zZX>Aqqwl@uP3cn5GP7o)t&Og=z`=X
zKL<3yWYmveAjI=mK)l#hibo0e9AQ!F0S&rbh!elGJnvnhUEMVkW^zoLVh~Oh$d)U`W(cq5$VK
z;BcQ)K!h_FL)o06e~ZQABlC!&O1TA-Gj8UQMg7AqS+C}{Acs4X=H=_1EJ#A_or!B{i&1nsc~?P$fsO)gKRt&+4Wy!Ps4A!F~&%hULM~JKm$~L!>RN@pr(3Wu4;q|Mc1}|20h&!1Z@U
zxOn5l$xZfJtGYD`UkvxkWU%5q9ljXhwUm%Ebok;RdE(e_T(`=}oprn8OaLF9`m3y)
z+yp2~d}a;3uDD;lzc|P5^4@xy9`91`FD~?3d`0-}#3g}U(Zt^?S4K2*1nZ5lr*l@zudAw2VZW&0Rbv(ohOyb0c1IpDSrG?w^Dnjsm7m(Tkl=05$Yryx5U?_@Ng&QZdns9r+x+*jc@C
zZ!dO~rm{({1YYbA1(}31q;f631iC(wIH5#$llg$M#8c37>A+(x
z(@UUx823lK1nO$oVx;A}!HZoC1zOnAMTg>^PYuRAuY)n&ui&1oa^@ekK9a8>Y)8=t
zA4lMd5L|e@?ob#<6u6Mf!kHj3jY9@9uzc>0I7>%RdIND`e@5XI&hYZNl-N?5s_vAJ
zmQ1q&O)x$5nR^0s-(cVkB4i{tc`2ZV?qOL6t#h0^4BU$(DsVs7xO1fLd47#yJ-Q-E
zjToVy2h(%PdQ>97;k*SwGH!^B;Hr@MAV66V#hiyrQ|r-V!GhPLX}S0c1gN|zxUga<
z)Dvl_f>=^IUEL|q#kjl4vjI&oJv3B&^_7luIUwG3xG)l(5pgOAi_)X&PWfSUL2{GN
z0-9hl;_*qNNHyMNDDeO~C&w0rb;vRX<7x@{U^IBwdipF$p$P1n`;w3$&q=kLI3q4!{Or0Xn
z+3pu9dN4ev)WZ*XPN|s4bIRw)b6#`t-aMz$ROmU0LVC_4S7BiS*>s9L=R_^>+2}d;
zoG+cPu}sf-HSj{u`4Qvp-E-!ivdD3s2Bl6ftBjlc7|?QhqGBUZBtu(OvlAb>ZM)0R
z5Ow|XshWl3M2F)KyqOn2iyYd@Gq>h|NNy}F4#1bBY@=~FUdEo(;dogCCKvn)6@Ikm
zDr4|ON?OVFATCJt=mjZNP72HY%khqL9UgQ#T4mhiWCV^TY4%s!iax4
zLk^GQ>y-v=en|TdK*Nw4Gm$Ygb?ETtIjS8vN@>U(neq|0r~ywwFrJ<$#3VNo&!+~;
zp4Wl0?vL{D!SrG)Kdfo;&J*KBVI1>im4iKH9>8T7*R-ZI*4BunVz`u_*
zaHHwzLXEoylE5kH>8Sk`E2t6C^hD1o)00HN^z=0Zxy@i6O;2xF%>U)|v;-_@dg}R_
z(XnjZXq}sEb*t*nC`kQ&YLNQ_4jyhzCv#EsJN>P~qs#@$WM
z12n<(G&|jew-EJ!c&l(>Bs%HkR1g-W8`Pch(F}Jxpa~`;9{*VEI1d2gJ&p_WxCa6`
zrG!Okhq_Zf>g=xoO)wdF6n*$1mC6)Z;gH)5D~t|%NGqK6VX75g&(E;JqY)My3rg=;
zTv#58269GPA+e>jO5G_R33eW!38p72JYtsP++yHGR`_c`*$QO<5LUPzxW6-S2NGi>
zH~F>3Rj&kKD2trfBCqXYkYFf5i2*)<4=gY5b|owMhDhiNVnL}N%5~ymJRl|jXoBfU
z=*-#J{~LI3DiSw&JD@By2@)RgiajVJe00Ezr<&NqUV%J7B`2@gb2@yeW{4N`Gj`i|
zO-KKOulG1EEYh=Jj{a8?>`-@-`WPj;oBRsU1d~DHIZt=TK42rh+eYPio;Ui-3b4rC
z(h4v80M==A*pQO}<;4$$;LU_sduDYi2{xc1mJ5`3|5g-%PdR&&~QB
z!kq?gn-Di`lfs>(aPcV+!~=`|W_XPVdor-2gFNNLyW8%C{V|}H~b`MxswyP9}SX6nj}v!YxHNacnk+Zfa7h$g}L5xq6)nD
zQ`~NyQ0!C?6G~}!$UEhu<`n^&U>*okyiU9@PI8aG%W(!8_}sssbCYubWkuhA0^!nD
z8)q%fboE&aJTIr`UNX>!1>*}w@FJ>r4frsv-_37x``u(M6ipqEm`>0B-;j(lbyjyb
z`D#cp#BEFDvi9YUKg8`LpCS33n;qv*DAWmSAWm-bAAqvtGN6YkXWM=Fu<)G`?n5E&
zv49%5W2B^Kr>WEaBe<3R*=c3;nGiB~08VuLbJ7yjYzlZdLvHys;{OKsDA;{oDt9>M
zEACKL;}$vQ*MJAcGdZ+zP^fR|m-1X^r-HC4?NE2hb20Ale}E>KjLj?iLzvfcLqQ2b
zM{<+heyLUmb7w?LRU(&$`G*fcnQW4Bwx*0Nj3|j6Q5HY&8^<}B9?rvs1*4!O2S@!p
zx5HZ~b}EPkrQ6k=^3hm%5YPnkz!*Ih4?LG$`#!>-^nl-((t@{-Ls4H2X;R>rtNKn?
zm5-2SDZ~pynw|0BloDr3{lP+~LsSO8?rD;7f-8k2+odFloqVst=%o*b>i}`kbn&YSnBxkv~puW0}@hiSx9p3&4mzn
zI550paA6e}ORd&9ek-qNDBQ18K`baOS9i)sy?Ftk3FZMEj==-<=8)--=vD(i8aht_
z$~sCp-BufGArCcTxK`ckINJ?c9aVOdV}5N6SHJN*<)=Ew%Q`_)zwwM!P!1H{EuJ9d
zkU9Z?OYI)d(+cOMir*uiDbJ#>Ba9OqzapO70{)YI-TbzCwT_k+P;-&oWNyyS9cLv(
z&?%v^Zt^)TnEW}=7$|z76WiLp0uH5VAiR
zQ0^Lvdt-eA+e9l)iT8SMJvBqE;!cexKI7*Z&isEu4xJ1|-M<#=U!#hF3dc=8p{tOw
zIq7g|O?v@Ic&`2}bhOo=JvyXy?p5MRB}cpH!>%OSNjUZbCT)SGQ&~vcQ`4$?o!r$>
z!*~N1t6xrTa=yluYKV^4NHxGh@4Crx&NXPGS^Wx4dmF0|%j(v7uJgQsTOZc58&KZa
zQ@psGz=YRr#e6h?yFnhGBxAz4h&6fgAm0f7(gz`tgK?bWJ_I%WJB76S&}oIZ@HnQA
z#JS9>lfGa4|ICL{ZWN=3e`;>4k%YBJ6*oFjIH!K%OJ9{@0DJKJgA`T`wTB31H1kQ;%(d7D0peYT3-cI&0pOGp7NvXCo$|-f1<6f53}}MMz+?V^>2!NE{FpMv*)25#iduhO{k2W+7?9}5b@
zn;*@O|Js|&@+x@qLB=?Wy!kFv!^;MWwTF>8HXQQiG6HXUa|t1DPVqVE&HEy1mDm!s
zIP&Jh0cGo_SiI@Yzd1A2o67(*ym=wy&?)MG+?U~H>WwNQZ+@AsLdMA=Z+<;U*qeU}
z9sSavJv!`=mo%+Za^%gcAq9K$JHg}&gEsQ!f7P_AUVMiDYH0ajq=v|w4*=9qL*&h+
z8sN>JKHG7QHfSSnK1VUN`=ibzHwZj~jY(
zc_vYMb3&5deDbrP#{bKE4Yb}?TzD+eSA69^zbmC`C|8c;0&O)xE-`Fq5J
zo%u85%uh6oFcDH54hptCl0iFjV#DKU!y*K{jG8V8>8=KpTS>)x#O>$TC2lNMVS7lI
zTYeHwiW__yLOxFd%IZ-8fBdFpsw%{-dx)3*uu?CD-mx&jE)u^(Nr~y>cPKg*-t!Wp
zu~C1{WF{(p&qJ??-|OM4Gbz8;DDxHyxDJEco;
zzXpFJ33KEr1kL>%ntOn9Dn+wm#v>{A8O@4ct+r-G0_pe?2S8cr<3k2Jk+|;5|-Ng0C7_yu(>h@eXH2`TPU3qC}usaR_Sr#;7ft
z6-Pg+R7Wk@w^>ouAI^$OKBxHjC604A_AG-u?jNR?7LSKTS!mM%zcat)vf
zrl(o)gVP;nEg;?oT$sl!3Y3=;7NzIao$}GF_!^)ICZqM#j#)VLXW&I0+50iod>J2(
zI&$s|_Mme4-o)}op2I{(9tk&j7`W&Zb>v!$ci54Nci55g`3E{uBA_FSC*s`dM)36>
z!G*O!CpHb$Ql*qWR(Hxrs{IVm1k;mhpPqpiLV$SwZxj#Gf>TOZlsW^fQ#9$61Daqm
z93+`@{`dG02p~t0I~h2$?-&}!xowLb=cFd7*8|F4!wMhEQ=y3S%JA_d4nQH)D<8*n
zr)V$zr1Nt3aPYnlT;9=~Qo_ZDk-(X0ZhM022l=bb+;iSW{MV4GjcS~mOnY3J!KH|f
zu-9($D%uaIPURu)D2;nI0=U3sNpr@xpm;7#6h+Z;=ZPFbuhd52H<`SsP`={Y%ElSE?eZ}T;7(x
zP3x2r6{X@QqDBv32#v{}fF_s)CdJQ)RpSgN_vOvl{~7pEWVH&=bfPXmP=Vf?7gs#y
zIMsl9D{x^MC@{@EyRK$%;K>@K*5MNY;v
zxAhw@@j{JV1)jUfoe-KltpNXf2vptzT)4?}e3dio2P=prrAyVF@?4C&o4g9p1k+=%
z7JY8mQ?!cv95_6jC{W9WMKLNFy?s74nESjA=5`;>apNjy$YU?#{LfQSV-q9*lAA07
z)NHIXWXi7*|2J?8B`RJcRJ2UK)msq$MwXcl&~l*RCmfpzIYj+2__>RJ6~{|
zp9A7;!G%M&6guY6Ek&QX>Q`XK93`gEEft5MTS9S4i6f=2)t&N3&;<#VvoZ=mw`F@jcZikb#}Zx
z{bwHR`@;UMR&06o;LnfeQrwp#hfZ!AjOZJTnnx;JH+d(ZVTJ56Kfea={|ww{p88DV
z?&dI3v^lE1il=s`XPZCkw!znjb&PsejU);waWg4K!4`vZClaOr%!KH3*gbxgAAQX_+^UDu{g>r~hGqesOZ|y$#=g
zeopl<$_`dp{L~Xr=0&kQzwy(R?CBE6x$WLtPs~1CIgFTbPbOx%Suzy$^-65orx+T>
zI*yZ@ya^21SA`lrS!nsX1%Psc!}xK(8}a)$1GkT=1aqIpl^usZ-+`#i
zeNEy%VdEBme;o{faJS>a1COfYjNE__38napQNtF5mFEGPAbRpJ#UCW$wE^+E;Sw@)
zN(qb71a+r;c(Ad|46G_qj};
zNij>)XVU+2VqPy^i1jb1bc%fDnVOe8#B2CW3YqQcGi9KHedfzX_dunb+~k{J$UZad
z9{S=KtC^x;q0dbD&=)?Fq(AhPd(XuPc)b$I8u`q2fRWXx0fOfm-PGcVA)
zXHY~wb2VsFLw84o+(MrjodT9VQ~jn``b=2^`OGiSzc+wdr~WGACLaMb>|cyd+3emy
zn^7ztZN6@N7n`s2zi3+XrOS6LBSKdcvC^9_%JWL1`-zwkejC*~Gpw}}pk}T3^gLFy
z2O7A%;08Y4muTGZx8cXbNER8m(G0Lg<4PkjW&jzcq8Xt0(XNPp0MYw3Em-A?v
z>11Erp10eRh!LeHaeoDWBZ*+-Edka&92Dt-J
z?uamEJ^m~lcQSCJ8RTt^E6sR@llynX{=RDxH~5{Q36i1s&nvKX1=MSU3%8A`bV>=6
z(nxiueB^t_0h(Yka{8x%2RZ#?0rhHeVLlYS;*6Y$h=kH*>Q4E{>0b+Ig6YZWZ#~Iz
zHXC@O2pI{l1py5$l>A->!DCnqkl%}8{TD3;BxD1+vK>sH-tRlb?;i`N^cuu$i3>|d
zuXuD4}gOkzcgffxdB3k>|IE0+Vx603umc&9$kajr6O
zqptjg#+C7HbmdEE)e}wP{?^7V-a6B9J|NtkxNzI3N}~&igi`b0M-7V>18o3J5Is4G
z<0j0IecBsPZ!|8eE_46HHI5i^JwP&I&-hb8%rF)JUh4uqfT8
z?v#&s+zn`g$-tvad?oq3UQPPEFM!GO1|1F2K2Lx9s`zb8Am0PSOT4aXr^B3wQDvEr
zx?L$u;!GkIlsW*X41XhuVq^?CCwCQsamP?jrD!ay29&2KJJ83bNf9~~>C?~Z_uylk
zVyMJv1i5!NF07LPg0QV+CR@CUQds6pCo|box<9Il(i6D9hQEDD;{KxMQ
z|3c2&jSDlRR}P%vQ8}J9=(pZgmlg%LZQ?j_aXQjNk~rd
zc>s+?&N~qoOYU`s-0Qkzuwsdn(&@NggujtQJn{&-9FGe+b_zOn&Lni~FY(OXc&K##
z_=48#T*^DS)tFFTA#|0Zpy7Lf@)*-m&El8d!oOk!)XTve0G5#AiJ>CCad$JHoc3;<
zf|9U9;z6lGzcN5R3g;{UG{FoT$Nbs-J8;JX@)!4?MD;BLm>L%y8~lz7`KL6+kH6zM
zt3lvhjmv1l49~)nT4M}YUpF}>!i>-J4(U69=5%YY`Bo|rY;>^ScM;(d(^^PniD!Hm!;<-Zd(Gg{V`0GeQWVz%Z^m>eM9
zP+XV?1^NtTgidLOx>G)CW(}YTrYC0Azr=}fK)f??VICiXnNvzwlx|XY%Az*73{Y7
z-AE6S=v@H~+0jfmWXjc!bBKZ4JgoXCjhl(~5N_@!;4U$6F?(~uc+j{qNQXH0<;EE8
z8RESGyws3U6G1tA=Qt%OhwmKgpj_@z2sQlK5TQ@V+J8?qO&&MHP%i*(dq8!HaLf0=
zedQ*{In==25b|BAab?&{{eCglNff=eo)oTs@zF)_SwKF!kh=!#t~1z08;jdCyYN)p
zwwoR2Sp!$^%iQD+jVq%kYMaz9=x`At4&*6vPlcS~{iump|8c_4zX9c*mSW?0T=B=(
z<1GxpUO!yeQmM=^d!nHLN~$~M
zBLn;epa~{}K^47Z7|F|oh=kwbe4v&bue4H`JwHH_bxuruherMaE$iGEe}IJ4Ur21S
zE&u>``EX&ZZwrVOYX;UFOUSw?*0K-}*bB?&i(}3I2HE_^F@ZB=(W&_T4@z~421N~^
ztkyCaKfy~9;GSpTMuXx?jVnVqXm7J`HAnbkmBlZ>ftMN+Xd+~TL6H)&!JyC~o7@x6
z!uy{OBXJ``F9MXsm8W)KF+G4guu0ql_rSgDWXyjCZZuae(zr+Qh8@1)6Zou44cuq|
zJ)&{t{?r&i-<)X;AUb{}2hc5G_rAd{8bF_EcHu#!@6W~Si;tq_M+2w}pxk`9d5i|o
z{n)+H04h4r=#lYZkE{e8FM5B#0yF>6VxatB$_%;m{bP$lxfI4L!%bLEUkN7OQ<@VM
z@hFK_<|lid2znS*n|ZP~gdXrJ2rJ^nULh}uOGyw)JJp@?XV3)+WBg-dZJyxz@CIlt
z)r&VkxAT2W;(or5aEdnu82=#g4#Fjr1vM^lGP68h$II%oy#8`UP8Co(2KQ?GjU@7s
z-RUwA7kp-GF@6z1Ih6*fJ3jgcD63vt2z}=66sOsjEl*&B!2#uoAbr#zjeNw5siZKj
zDj4GD25w}C-)Y?G+7KJhNBn1NBvRxOI|CY81Djd#$}{nUK!CkrxUfpdQk+skr8HCB
zDIW=V0-y;dgA*%$Zm#2;0*H4ZF3f|rew^W5NhzUIx@vmVR-z<6OiXm?!DeDJ3dOdE4Zj@{xe80JUfn%#`H44wl^&2wnv)%#uvfnM6dC
zM&mvfeft@Sk#{0aqhx7PP{||?pGLX
z(pr20QL!*S-6^U&K2nj0k)p^_OCi4$$xW+}B4II9bg_Yakgt&^hRC~uJ|S}MVL)D>
z^#I&xHo5>%_9?$Y+h{X);@ss<{L7$1>UIX+{dEWNtp;%?PuDj6Q$_qZD`tc0x%Yx{
zS@n9=RUZU7hxMmcez>w@&BCQl{G%XO_U$tYG)4_BTKi
zOi#>uK^5tL0J8#ILS{}WVNn_guuc(=5r8I`jCdsP$A*A-RB0Zx;dDv~i_&T8PWgz(
zS%4;(3_OnO`73nE^=L!)6tLg@u{r+mcl_kbpt9t?}VGlu0fcE4od
z-XFDvzZ?u4&D+AOunTlyckNK5lg{GBII?WC((csjwfJuW_5fbvcsW2H4{~-L3CSBL
zIK^+ncN|9?7U9CulffI!AfA*iS9i*n(*?;*CIL+lJ?$e)HSQw@ZnRf_#>6dt7!|)x
zcpu^tR_v4#7A5~Pd8hmux*)m9Oh6MvMggkHGmgb%wY6Dm0KG1_Fq>@hq7{TlX`H%K
zzBOHt+~kpfCYTIj=Z=K-7aMr^tt%%t`5K_CQ2K}5v`d!`=dK`M`Y-j3oA_NpHwjQL
zY2v>OvgJ@;qey-kw3A-)Jn5Bx6{O1_=RJZATrmXr7*%<}=c*A@-(e&~{5FXwA8rqd
zo~l8^N=YzE-9Vtz3YBq_qX11XLo6FVBgTzKCBEhR80WZuOvAQhw4Zhqu)KM?#>c>y
z^(WUh#DdZV>Q4D1>4M}YF9$Ti^w8hrKT$V4pL-L4-W|9wn>7o-pn?!7{Z`#6A9cgq
zfF_s>Y$`7}#&xa;vi@eEjtU+4F<+>jcolMDZd3m8%77=kSmRYIqaRW|r5v%e_MZi9
zgB!_(-esJFiC-NQQiKA1N^Y<6nW+fz23e<|7M)&K8T|4wweB-imtGVcaMsbp;#(!m
z#X(wEp4QY4TH_Z7SrVZB8&LexAWqEqrOs5^gS?HWW9j226;AzH$WR{ye=}rwBb4E^
zFOBx=&$YzsgT5pJUUo~vTpILjS55rY8>aX&4N%|ni=Pr?N{Sg$JInR+{BZs_URBx=
zQ}^jX`ej_fbo@SM6$Gpe@~(p@Iz&ujN67_*B`$@SIY6(}HGWSUr=R$|q65q`=)`R1kGv*4Kvo
zv>}iJPYSxq$yeLdq+k%WfNV-*jFCpBmv@H;S#&ImmUqr^e@Bjf7ugor|y)G_}mO=g2|}w
zFM~4r2Ej81>V$B4bnu^2l%aiQ-=LptyY`v=f___B8Tb)2FBAJqbEntaQab~JLB(wE
z-XYgbf7t57qwfb!H#
z9s&E6)1*bbpsQFD0{Y4&^?9esI$sp&e`4)#P=J@T5U-rpv1W-Ae_0eh#rv06PIoF3
zkl_gtG#WBI6*lwHR2j6>eL~BiTlJ)D6`e_{OhRu-5qxYgyfw7EtG`KUl3XsrZ!A#>I&U3E!35Urj7!`S`lRKju`$X)YQFz
z8r}cq%I!=qQ(;I@{oo)i!gfVBK?`}8l6rF3tQFj>DVpLFMRB~Q(0ZM#F?Ourb;8Y%
zT}pYN$dW_%m6h^~XdO>lGS7)0De`qV0*$SFX)=yEh~OiT=`=@W+~nU(MPP+bR@X(u
z$Ig
z-{Y}hJMud94}}}`U26NJaXk@J%U0I?lQCrzvt{X1F}1;+6)N{8#aSY}94jQjy++tt
zeK%Bpe=L}TigdbNWf0!Bs+X#{U#bStcm3RpRv6(ra7&Dxi`Tfosm})cJ7U4(277cW
zCw%YDVjs#oTA`3J+-3IUACGaJaj_ur*GSqwhh{qgP}3NsbmL;}$r(ag;xxfWT5X%Tx0$h*{hE$Mg7j#ht3ASI|cas4Gl918~>Q4DD=z@eV;{%!?9`K`y!F-?O{MB`j!hcuuvm};zu<~BF
z07dG$eR`Ge_##k8M$?^9Z1jzN*VKU*N3<_xW*z|FIX}ZQ!?4O+yg$pGu7(ej(w%;{}~iqEi$p
zm}TM1arKVZFC|j&uGh60YzXEp%ir^Qyf%TJk8(!sIvo68@`AGs{A9a6HAHq<4@sExjy!%FCjkBk*E&@($$i)s1oB?j45xrQvX9XMe%Ao#-GocX&nYEDN>8ghW!LPhMLj`wBV^*PpQL{+E3%%e9
zh@w*zEBJfU0$%9#Ocn4VuRK-2i@mZ`0Wa~IiWOY#8L@&8%hKaKQ)N^sLD3Ky(RtwV(c(4{id*1_OyC_~T>LyZM
zju+&|qGlz+g~oG$HqqrdnxpRW9NjEE>*VVm)&YY8&k7h6c~-!nSOavxphN@yMZlnq
zwiq2SXy+LLgHdNv%hJ5y3!`O`u1Z8o%e1c2bj!4^;)bq{CypPx!En&(6om}_kjfDu
z134`8)^@9_tVz4i&)pvg8LR_0X_lY58RXgRkinO3YRKSg*9sZzj_4$#?==R63`Py1
z#@yuwnL*ST5xyII3{a!vzg?jkqeBG0ba}dgP->C%D_0GkHEP{>w{C9Ady#v!3}-94
zC$*GXP0#6eohL&fFKCK$6~%8gh1TPn8si*l*LGUs-Q)(_jCNsL#tGkqFx#be@xO56
za&=MbEcHn%m$*Uuv`8!3e%$1EKtrt%HMZ@Sy5_chjT>&;M?FoFtaO8g2Crz}eyznT
z+^U)T_A^|y@To=1ZY6&8Zt$?dFWR_&VDXdt3T)7pnLM`B;^qX`_2N0r5hWw2uY4uaw0z$!xI@IuF#hSLS)7*3!XE_WS
zzK}FL+zm>bMcRo%2P*&#wS(T5{71NIDa)aQk=mA2=wOt)m(am@HwqmrolW)kbA$Cp
z{n66!J*$4HlYX*u!q`DSw|h$LV4(Ce6gyZtmiTvf11CLdA1sR#{v#NmX8S^YjW+bv
z)3B!6&cttPaG1fav*PR~&#~C`A};Z*ZOJP_+8QW-haPw}bdu;3rK*KaZT691{8q5R
zU>rpbo=9aZzrYiJtBYhj!>MgegZSEDhe16cCfnd9t1^sMQs7`5%XOpjXJ4!5U!;Z&
zdVs11oAfPK)L^uNKNi7x;1TZA5zMJQmo|SV2d4sGr>8;Ou6z*%@ck^HsPo8#=Ga8M$>L3QAklo$_tzf`o4Z1DarZ
z?0I^2H{9q!5(PN_0FG4M7~UFSbKIGAHRfRHAZIw=y9Eei#)om=6XDp9x>vR*|93-t
zc;@cDG=i(0zquZvSBB^#L-fg=sbsJ_1!T@_T(~JSNU(}A1VcJU-6`LOE=c$vXn-b&
zj5hE0xhwVI926!Pg^=!ZPihigbgO;Y%*5^as&PV>4Fi1LWMQr{lh|>^
z@>5p$wa@S}{Mr!(It^DDoCN}u`@aF2r!Fi01iU5z>P^Lkn?XfRDPdAtq3)E&VO~y{
zEdWh08FeaX{3VNy#BOc1K@qiQO3#nuX$>{Vf1A$JxRmM$j1q=M}
zX^G>Fb=wjZ2`Hm!?%i1$pYHh~O^ZCw>Hb+UxVs2RIAc+fN4I`05iTrqhqv^z56BoI24^hH9-Cj0QQ2}%z6+dK
zXGRs}jt@9~nVO0kA*SUz85x8T2Wp%$&EgI?W(>|K!b7@X2K`!kML2j#53;tg`2@(!
zQN&q=vIJDbBDlkak^%LM
z^!#(#*}aq%g`CSgtGVUpHn;#0@7^q%5;xVv`-EaMCn$mRx^MmW4B5fAJQC6CP~H4jSVBjp%e0%Z{G0U0h?8GeIl+P#vi
zl3+A=t)3k!smV@q<7~5F2=*3zl7&5ToSAnfV!CO|53
zf;sf@&)~v}xKk=yh7}!}uQYI&vLEgqOclDvsq({3+rsbs6>}B<2Sihu(}0_;2I)~@
zk+Kjf4C_8RwN#E&{5~VqE(nYx>Z%*SXHLF!4OJmIH!6ko6j`<~yI)JmmYOlub;q)H
zr*SEnzY$GHH4X;3i-b_*AUfD5;@^{hWo_hp-janjMnj@fS%t(mgp(d}b!*+D%z(dbW%n$6*@hW%2r*Q7+MWSQ9u_<7d>G!>)!$dfKl)q^?PpSq_+
z7r4r@PfH~u)oPc=9MrUOBK2LNbp)#OU0wlQ2}ZK&pSk3dQ1WxE9t+3i|O1gVR4E-zEi
z#`P&0;E5=UD!+bDxFGlqt{jr*xyB0VMvaV0$L6Dm=H8pke�p!fmcR>&+>R(M`D}
z>NRFWHnbsybw);3MkaH=Rl~XGBKU1ldr=atS@6HOGzIgfzTU`PrH4>!?%Pd_MO{f#
z0)DL+@dMq$>KsrDX`uS@E-}VI_i|2j|E9_
z_R%f!++3`69w6i9!9+|qrzmYW&yporPi;|F?l=z`woB@k3yX)MhO^qFztqL@2wH#~^dJH{I@*A#!y7UQEhn{(e{gY9>
zs-xtb^i%}rcBJ^|r=!A-@iSIQkD&Eris+A%uLTQ2R)-m!wTL*K-Ke~WNbDZ58
z$~J?KzW~~Y_4F5%(0=P%hRDs`cMPMI>|fc#k_H0;y
zFNy=-+_1_b<$wQS6^>P53{~uu;2RJ!Qikzlq+Vwm56J4!lZHZ^l%&I88mMD!`dP>D
z^fSVCDM^P7HBg5f_4D4!b+lIF+s`_Bt;_WZo`3h*mgh*#NZnUh&v#qTHoYz1PyIa6
zs^8|XKlPx|>~j5q3SF*4==#~lAEXP^{S51Qy!EUTcJszb2#6>}UNU
z8(m(lGwM!LhnZeBACR}(XY0$>&%UGMg(;n!HtHvQ37`QH42-JS&&z1<)7v(4Yu$0&=RU7szl
z&EJ0BTYamn`rfvl?eR6!D!2Lfx5{n%D2(1xFy`qN{=ruHa;toX^=#|Uwg+2Zd(-Dn
z-Jg5Y?@z6tebvWEOP{n#G1C#|1M;^1_*I&LV?W#D&t4zc_Jdb?DaqzHIHeS;aqGFA
z^*qUX9$-D&{=j~=EE>aYj6DWEqr^t*#5J@s{aD(
z+1AettGwQNw(Fa1mD~Mq>u;ciUtm4oU_CFho)cF4tF7|p*0at3f4V>Zx9ii^*L9Y@
z3oZTbZM?Ox=nvUPdRw2iKe6SppKbqakB&q@5X4P-kXZzo)Ec}bC=Y5sOwqM&H+51`BKiT$X
z+t16EeD?fk(|44c?vTos$JVDl7^(?u|F^ID{!i=oKdldYKW>jtdp~3EuSRG^t9y7n
zRXyANX+P^zteTBYU#Sb!-QF+R^7OFq?eV|2XWM^OS^V~9KYOzm+g@#b*zp#7{M+rf
z%kA;8ul#KPZu^4+Eq&Pj+4kpqTi@9IVf#1R9_{CYEqQGHTw;~~PwUHWk1enLysz@N
zx7uUdt8GvA^8}0DF1PvH_E51GdV74>&#f$aTVH#7&bH`netYX*+dgc3yFcu5+aKBc
zciVsOZT>2<+GF>}LaW?SFtZT=@(`1{)a|2Fw;`?2Q(TYomb?JxIcFSb5y
ze)hAiUt53nc(Lhi|6xDd{B8OATm5bO54*gxg}*m>f9m>der1+C_WIJs-`lg@9{bs*
zx9!J%w&%O0mb`l_xBG8z{@U)Zz4fQvzP-s~>$lu$&;G~#8rZLa{TkS>f&CiTuYvs<
z*sp>88rZLa{TkS>f&CiTuYvs<*sp>88rZLa{TkS>f&CiTuYvs<*sp>88rZLa{TkS>
zf&CiTuYvs<*sp>Aj0S#RhcDYXX9oD*o%?-u7OpOxe8-<#UcY2I!nw;x>$B(2Ts*yQ@l2GI&8J_M
zFR5FA=ecvEr#W*^u2+wX=gyoncQJ~5eANj`onBX4y8w?d$5~Kw67>vNa)H7`pHLw&
zT~ar5_K6YKC3EYdhoy68*VPhV2rz5rlA77TUR<+qUK5bI*|Q02=7I&avuB1x^$Tkt
z#ipfc}OO?osn9@So9>s?wTQsvqkwGcbP0sj;3n9#|T?l#VXB!fu!i6<;H8U5~
zoH}<-)R5}>g|q8wY8OgKUHzg3b4ew{Waff-wP>3Xi+UlFO4U8b2kKQ;3f&Yd%TR(*9f_ZX^}y`*jqY)%R^XZp-piu>$kWCaACd&=y&
zi%9-RlNg9-esvA?1xBq=5fQL8qa;mouUS|}(Am^CvgK4~O)UWHN!{F&rq5lxxR%9%U{oJb*Dsm7B&BPVsh%`*k<@}RA=Rxggh;zUt*KptT39w&
zCuNtQ)ld=PMjcaMSF@m|ZaI}NLh0P<8d78JBBiT^^(W0;4Eqd+4D@Q5nAMr8li;7~
z7cZW>a5fnLqs#$wpN5-$(ku+NI@p&4SdY`EA3S!#L9$4iwE>8V*eHMnnG{ytNt$R5$yJ{s7#<|D
z?0cE7t2v393l`I-S1+nvq9tOZkOfPYFQE=6ivR$P#KXc`Sth%`mzD&D5+X}OvxGCM
zo;$Oye(_vV9G;fWT)-ZS3ThWGo4I(7Dv*6I$sK`z9|zNr$=~F{kFBwA1rZ5c5QuS@ewOik6QG{AY-KCXD&`HwgyYjUa9HjmTLi#1_fGLU<7f#Sd-~
zEyszH)uPon(R_7?8WXpgrUHrV2LF*jH%D*67p2ypkx#Bkh1l@vjU43q2y)X;LX
zX!W|RzlqXTJH58lHX*W1!fhZd+ALazgnN{>RD=P4qBUhKlKC*V3%aKLxcsyH5fRAWo2gcf1%MKThP5G`mDIm|dMHriXE&h;DTv
zd%W-$i}Yo}ozhnn#hU}_1@Vny1ZTY3JVx|(F`2hf6s-}(@oM2N6^F(rXk>f<8C2dy
zZoWA5QsKtuiNltmm$!({@kY@rK1GzpOGVBml)NFv4U0b`ay}Owwg97EbdRqQIc-Gu
z2L-g26F(U^HKO~AUU@`DZh*~gpP=|5u#p0mOpC}6IMPfDD
zOE`hoA%S}=-XOB+9>kZiwvk8Y&~CvWgkLS#l&I7vCc+Q4
zh=NZ<9O_J4DvDlDZIJ5FCL5F(FWRETZJr@T<;Cw5C0=;}{%PnYQ9PAzZBlM|(?kMF
zCX&3ZLOdiA)6`>vA2Xuz3Kngd|ntr$aAgJ0Sj0>XzIIC@vSRs)aa4
zWLLmydW+5z;9Z7_#1@geQM6c129p8n24C-VGZLq6@MRop3zha-XN*rYYQfm^$n}{v1hlSZ@plObD&Eh~^DE
zrZHLyNx$tx+C0%3H11j{K%GdRAev8wW_^Dd>@nTXBp=ug&gU&SDStcR2HV5|0X&P3
zKQWIXJL$O?-YPy!91y=yxQ~egFw`1gCnt&a4~q0%sxw+nq24bfqH00T&)q2d1==1X
z()x(z?M3lslDZ?hFokNq$e2$GgO4gD!Yb}b(3j9tCFv*aLI2dUQ6jyAvVoi}WR&?d
zNZg=0m?zS=iB`;^gXBQ^ayR4R1y#7ls@N&Tf+2lG{<jd9GG|JHc_%sG}|aT
z5vWQuqgx7Z>PhexeubPNs()N1k_-cl7(#3F#NMm=_XKnMh~i-)4(~o*^;ZG+7uFFl
zaDSFa>nn2F3%6eM?oG4G4$%^WA3mTpY$YG&ln&a$deO6*M1{?^3*O)yEP-0#26II-
zjM}v#|18m?S_~psmFPh?(o{G#5Hi_34Y76LTrNblC~Ab8+APv4Md^4^9*65c9>cOh
z6jzFlL@ehTpX!crcVhA-MrmMFIvyG6GRJTZf|3<^ZF!pT{Q7vEXy<2Fi7s)rE*Lq_
z;z7O010H5>euRk=)plMVdGYbw%Xp-EytSgucuc<#Y#IcsBEg6VZh$61e~9Qag;rV2
zXo@%#Fn5TY=O-f{Q(#?cc3WoOSsiM!5zePKoK;6poo_K(NIFpR^j?(m^}P>JX6qo5ct_~nzVUt
zC<**#(Inb30M$6GB$f~v=8W=hU>QZUPRM7o$l6Y0Fzt0(SY%HWnKYfQ7v0y3cH2bv
zZOnA-zp3h;r0Qcae{G6%(0orF^X*bH1%UbE_@!#r+%{)Oa(35)cydHU?
zWUA-^QrK>*c%{gIL-tRu^YdV0K!o2ZT*uXuO_HL#V6#A9wwNcnNG*9?6QU$|L!cR*
zX;y#+J7XUaycy=xv7&-!FZ54A3%g))>Wse}nxx|MMYjj{Nm*Ve>}j^sqP(p)jGm6J%iNYjN|z
zGM(9wMvv>bi`YUk=}?brlY&ISV7x*
zjF56=32l!NIrjtWpd|+5=$HA14aD2?a2{d{HoUA8#F}K}D~NW|acV
z+z#ttGYK{&KVHVp(8pe=H#CCohX~5qh9V?reM+V98d$APgA?mf%8OIK9%E{9=yF7d
zz;8>QB>p_m)uI%OiONUfJ4FZDWUxn}_0&3Ayz?Ret2RQe7CCo_EI9wQqEKn0JGM70
zRQzmSeR!=gmpmd8bu?kOspJ-5v(lZ&F%i%WaJorfL8`=-MbAr}Q7r^$JDxVqW7dj+
z4I-~WersmPU)N~%O>y1|W&5qW*Vsh<4DkoXB``Z~BNto6~<
zw!=jKonpXdF&GPhVImE+W2uT|`4o{+Pk9$Mf4~S#J@uH2R*Tj!T4JjlBKDl~cnD=+
zkq&zpFPcvg%~p%FYLU5#R$DTU1@Rh8ky&M;JA48}!gdw=@+RvtK=GX~tq!~1otPCq+jCRB;3;d<(q~7u^9G<+*iZLc14MYdpVXtR1f8c
z#3wRg40)m?SUT-~-FAMF*U1&7FavL3fhZleS#;Yb`fnD4$RPah9JF}P5XY5Kh@<>=I{Q(=v8BfMWlET<{Q&0&Q3BG3_p=2|I0u571TFaHzcJL&KZpNO|eJJ^b<2+A=3j#ViklvWti
zI)u_6VU&LOqk9%Pc2xZ$8J7`M>GOj@m2OQ2Rr0*vdyA;#BiMo{8bVLl*(1O*Eex<^
z$N&pGCE;MYMsz^jDDsb{wPW{4`g_t1nu>nCC#)6t*9GU-tU{0HVE0|OHe;drfwDMmV%sG7cza59^^l!ysy8Pe9
zVR|5#2ix>Kq5lDz*8M{AR^CRO(>3wK9)COAn5fPhieSQ>L
z-`?0E{ig#vSg5JM&T0$ZNMMj@=tS^i{MX^4LK2^);(~)%uK9%#B=g5j3e9HEZ
zgbB3tm*K?~MW6Y0L8v>paF4*$IIJvXU}`Wl
zUJ);#{p9}06m-#ZUm{bLO-H79%TdkmB(P=X-D8y~{EtSa{*B;M7v6xHfv29&VUO}-
zqjZ%Is=!n4|8U@`_dW!kdaJ+__wv36o<{8tJdvZ=A9!LWsZ^HV2<}iOv_xWddGF2l1ME(PgLb
zyzU6rjTJa-DYg}7>dcU$0kJNhKgax7B`6ALlL3E%f|+B)KGCOatQxb4iyI?
zhp_yxq2gfV+A`iiiB~Zc@4%}?%LXwZogXm9jHb211h5`zHFciT83KiDB
z326(qi!NK_u)_(IPBPacpO=)LcWA!oMS@nfIKuOdm?-cs<_#y&+n@
zL9f0lwulypSLYx)M=x3tgzpHf-UybKpo7|AiAe945O>eUK7dYgxOn79^{t}lCDC%5
zsGvh+E$^onDu~wN@IpC2%diq`86U%MS@14%%{QoJD8*-oL+R}i6Qo<5UkKtA5b=#+
zXzUxR1tEOWdkpv#q9r)>48i3y-tHe;aGT)($;e8v2dbGa(B3kXsvX2pz~;4P{Od
zowq@+1=v4eBE*KRY@2AY7MgbhS_<-eil9vH0o$@7-4Epfmyc!PXEJgKGmI~Wp)C@H
zxYK*V19o5>;6xo>mz3bupw|&WlC|`PxX|lPCu9(U#vU_0co4_dmeq;o4^E7iIIuw+(jX70TBUzM>8J*AkScAKdVKX`
z$K5HJ3cTJkPMKcdq99+MTm2UW@l=YPfu{JE1p-SAqmJiXcXOPoh^IE_H^gbQEJ!({
zy8&%!9=}51#df}EeyNDX=Xq%oFNN_PSuX6N3jfl(9=%)*S5qc39~Az0
zuds=>eXIrYQ=7J4Xf64vlHQi43(`{yZYK3{XITYTdAcA2Z(0mx{4MN>%+!J_LsprH
z)EX4;mb>tCOYtHa7QD?1s6owyXQEt-L&gE3N1Ns8p$V@m
zv9ORXOG7O?acZkc7SCnlG%|Kq9dH=HYat~_Il}!Y9dpKU*Ui#6o25!{J`Q+$yYWs>
zGPg><0BtjR`-BY~-iU4V*jO@C`{wJI3y=38Y@$;>hJ3Z?cqwkmE-a0Gsx;OEBeP6t
z%xdoXOc$egm}s|JbZZdaSkY#h=!94FICHQ=1PvnXVG-+vx5MR4s-rR86@zxs%Asq6
z7`0Kh*{b2DbQkXo6FX>O62m+F_!T|)?v)iZsX;o!p36F-v-5WM+|`Wa9g4Hw)zSj2
z+J2+Taco4Frx?*~=z#*Xw-p9P>&hkt-V6a^-v~r;gH0m0PIx$&FqL#c(>QMFOGVoF
zCMoG?e;!WX*U8eXRQo-<8O`p!|0tTnKHwoY$EV5(&1DQ^JhlHC-R#OZ2@@dLaq
z;%6~@@^*_}4Wa`E#&uwER+E*G<#ydd6LCeIn7CGs2aDIGar~5Iw`h;UQ}8oGC61-C
zs{?W#t?{ncD@({Z%)
zSfGe;Tf{{9%OTtQ?coqorqp|5dalKfZ%kwQ1-cxX#&M9g(?sk{ypD!JG~M9ZyP?S$=Fwa?zVQ!I
zRk75Cg4x^@A-+ea=iwb)GXym;;pbh7o0=g1S2S0|K80f#ny*`((zxG2A>%|}OsCsK
z0!X6uc#$}h&PU?(q=%DaUYC5Yq=}jH6U^0v^;|u=>ACtHS`F-`#ejFFD4j;L9oF(V
zqE|9br2Udt0&3~9PiA{3*tW$W!@8@>HrdU2sl)IibXg2*yFp(2ghWWBj>GqXkQF~d
zcsNXk!-C#Jc-xduVs&f~-Nw-z-DU)~H;7`46Tz>@@j&+BatU+3@MemlvqWDU=)uuF
zAiN>G`$XDbiK1%A2HqfQK}6BP}j<61gYMMZU@^;#TB
zm3}3WI^^ELKz~N0eIl~n#CqisY+>6VGE#LD
z9B%kggEGaRkW);2BTDN;SLIc$akT~rUVOq9`ZZbq2GP8VIw)9JPIFztkIv;O9ey~k?LHsPz^a`(G1dl+(sCb+hu~`hkFFH4i1J}v{Y%Leh
zhXd)jQ*>5~UQ6Icls0=<%36@>)8E8er*}w|GNN~8!^6M{$Ce^e`mBiUf(uJqAw+-O
z=#)9}6RdB>ZV?ky%*R@1k~1pAQb4Uq$VQB)0)jH|qsy=&Qd`^~5Yl4&HhZ~c^n=ZO
z%#WIZ)g#~K(}bP-3663M!i?p0C=l_nbg~UsKIV<~Q7F~jjJTT!#_R1sN((Wah{9c>
zH4byvHK~H{5SgKaxCg}7N-u9MOD{t+d%!XV;g`Of#c;(W2QRt}UC^eY_fGmL@Ia+X
zi_7N_qZG?&wb=gQMSw;79D2K1d=%zV4)$Tz3bxCpScspXk`nA+R3+95dM8hQ8J}W)
zQ7dR`?)ib$pJlk_9?Dt-;2jDg?5A*S+{e0#W@^MP=!Q`xmP)~`n*Wad9gYs{z*>jq
z<+=C)pI*YHM5!LeA{js9k9ni_zPGdFLcA2lH2M?K2WK%ii;{Ch{|D&TA!+emqT~+T
z@GIBTLiWJ`~uf7qchQN
zjEr&>e6ZT_7tE7&V(<>pc{Tm=sBEoB;MM5_icAi`8@sglI=Q4SOr0%u^APWVNV_*!
z1%NHah^gbN1QSHxI3W1Il2
zcTp)T(wyZSW`%^ms9OkJsF?wx6O4+TjE_fK@!7(W5Gd?1h4}E0i1_u0fB=gK!PBNk;M5EzyT!3HV`8r6-fpHBj2~y
z-uvu*&OWE=oIcgE9RcK>neM9d*n92u_|~`9+WOvKN1qO4#8?fBibO?(A>6L=-BeV%4L63zV>YKj=j
z{S_0+Ndv0P6VM0)F8}OWPhYMvGGWwz5AWrxF4haI`Co>=xBsoJTgKtYJkr08-|l_O
z1tgi@{;TlQUwi!?qeB~hW#YSkf*XG?NY^NFw4eBaa6|tmxP0G@#rY|u3}cJ(ZQSE0
zzXhU{-SEH_{`F6P3^X1{BU&rG#-j00JZ2952Veif)+hhb*5`I{+p}m$_x~_rYyTb!
ztW3m~d9~lxz3@^OnGgI2SQ*5GcTJp>5z{}1xB63fs~>|SEB;pI+y860)t?Q+|9=Dd
zn@@jd>xayaeKz!h{(X3ffBHLHUp9BnM3Mg%e1*MlE842J&V1l6;R6TX-r9e(b?4W%
z-Z4qo?+Z5tSzvhgU-$=GZ?cod$G(d}H0qR}#e3iV~kA{Nwzu~K&{zJCg`0iic`V{J#
z<9YW#ki;qi?>`Miu#YYO!Jni?`6QamfSmNn*Pq*+4^A$cBmw#P3&L}Q`ux7%6gT)|
zh?FUDi>*)o7DHiFQU51fTYqSw>kTey#x?#U9B(gv$*8pmY!!(0zloLmf!~itW2KQ+
zxl+#r%bU&GM3?;kAOQyjUAup0>(eN?evIAyWt-Lr_U7+G;O~EHt7FV`COz|SL%;nv
zm{srm+7=Q>oxig6nJ)Wfedf{DkNy^8Tck?g_}8{>!_-O}#V`FVTKtF}V&L|g=pg_l
zR7c-+M|g3cc%lFNwXHXvZ+-e#fk^zr|8(o8&;;UF(L(1x+PWq5nxFjLtxpZNe&AmL
z0DHz1)#vYS{m`!$T=r*`r}%rgL+Wn=i_m=dbKJ%+v
zpZt3;H9K1S2%7NU0Z6g+Rs03*6Zm%8qXo@@aH2l<8^ZSlrbf~v;@La=b)=Uxh9CK45zHmRs*4NDzRm+)$SPHuIGK
zFE0Pt*PnvA@x>ojWtaKDe}xZx0Sdf>@K8^IegdHrX%
zUNf1BjLY>0{5<=fIVx&~Ir=|te+=g0=fJ4=3Yw9r7yntbj`P-yJk8HDVm7&?OpNfC
zl^XhUCPv8oHWNW)e)}JW@x|vtr|>W0#-I5X(gXTfKNkKLz9hMG6P?$VYzEs?F%g0QjxgEB{%;{#;a{&EXcjhekAG&Qw$hIN
z^RZPK`^UnFFMMa~r@yVjl0mw@9RjlDrnmgJ88G)du)Ci|vhx$)+4^4ev9ggG$yUsb)Ne;;1cy0Q~DHRJ^GQ?zMGkv%m;|mh9Ai6
z{B;&ERnax1r+^xUJlf;ep2dOQYdR`_vRyKT=HsQNA+}vV5$gE=7CVYW=bq8=8MF4c
zAgKT1ceXkRnN4~rz@Hh6ypFbcH^9<=?c?9`+O3Z%A1iZ@|61?y6?2b_3(lD36R^KO
z5RX~%YC996@(q5-6f9&6*l*&}z$YJ?W19Kxe+SbTn7060rq}%Q-`;xS9y<7K1u4&H
zl1u=TvECWSpxm+Fyc?L&TYnKN_Nl*Fr1t&-)ZP!i{%Y$d4kaBb0+YGGzsC!tY4yx+
z|2D*l7x-yjV5Ab4QH*(NU%4VEU+v8O|7m=^%u)I;AnZ((8;Q<{OD+)4_@Vh!PUiAI
z2NvPCP@SS{pE)o87w)|S{4D-kR+!xV?X5@Vx8>VX{@YC(+aC=eh>fd_n}VnZ90FkUvPL@@+(jF9$_Tr
z!I8|!Z0`(){n=pnaCUJr9(InN9B(K4&t@MEr=1o)dOJxlDm3Z8eA(U&hE8@5^)mav
z$QgE>&cnUVCBGoo)*n9D>zueB+1uUf4F(;~O?-DcIKrJThx5+S<0r?C`ULNSE#%`U5fdV(~mVozJFAEERs%n$Iq#1I#q##K2^Pp_dr(`ARQ(D>*vB(8uAh
z>u<%a2fuPGgGxKc%RP<}?eaRu?F9dBZzspYF$SBq7fX3)d}KUaEadL?J+PNgkMAc>
z`R`?W*WM(VLUi;^@#CAAtvEcJ_sk&D-gMbLdH>;+773ZjGkOzm2crjA0(%vImVlY
zhqm43Svc&y8qazI*$?-D+fOg%MrmwwZ0?hb$q7#H3CC_OX9NA?w3T$9a++%b!Pg&s
zsDF%O7i#lD4`!3e5W+1A1j}Yri%}Wgk?1_w=~8I9R=w`C1cH^|jd)>hYx0b9Y?IOC
zeB6D1vfX)PF4W$BfC;Ml=oI)p3^eUsjF-s(a=(Q9@{*mKSdnFKG{#GFAIfxJ9gWa=
zxWgCJ*|0|b?_$2_ojdMS+@+qo_tp*hLtn}$E8W&~1H3h%m{E!Kj&VZwH
zpI{g?mjDkiJJ->@_ukx>ka3FSCkGDn-!vE__aUDF49U1-(I
zPUl$yorA~SmB&rbc)=#_@r0Yt@?h)wbNI2@{Jd_k=b*iVmFEJ89^EWK
zjQ(Hq(>Tt@IL|M791Z-9i{7|3y%x$h^TBq|~
zKN*b9IIdl!Z+&Gb?ushIP{n!f>6Lw=c6&T~;S}1DC|{iU^H(Z(6m!4^y=5=5GsS0fhi4N8dpO7O?AHqUfd5X>SjPo@2iY8QgKseN{uU-%sFWsy4@oUSAX3n)F_Z
z!sB<1NuFQymm)kW2yfcM6|pl>`(zD|^MHO?*Q@Jorei`=A^9A**y
zyq5tTQ}i3N1ZG|1_ECJe)6sa0b7~@*ygtGnA6eByKMK)mg4h#5CR8~B@@aqAJ?wYr
zukYJ{&PIc9=-c~)(dp?BQFDKoEE&t=3jE)4=V0EO4rY_2*Y86wI2{I`{Y(YaTl5Wj
zvitC#7sLDeghbjagF1b(s?vTNk~$tv&z8^CBS|GbzB7BGL>WFIb{&i^;e_;0hG(Ox
zuKf-`oZ&KgJ{-gUmdGd;7(K$4#3Q4lXWQ7+On~)E*sVu!{~w+|WB8;m8l1~wJFu@{
z1|L`iAxVZW`@{3)Xf{pGm-F^+@K5U!z>(FErRs9-0U%+-(Wgrf-S%PRVM`A>ZRoO%
zKwi8$_;d4Q3}KeQ%Q>nHXbK{Q=*8u5NU$(^*%`OgYln3-(jQpln9J}*b7rfq#z7BZ
z7}g{DM*WV95N~L7Os#26Ho|2F>I-YPTm9MO{9-wLXim1S>kgzvF{tFj;VXDVlk?sj
zQMQ4V;t)lLj>=OLd8hKeM&Nt1KNnedu6`Vb+U|7rRd*Vx+ev;Apw|omse~1ERE7ch
z5OSDH8AE`r1(c}5eRZRvXhikrvl}hA){Dt-f)ErtHXT5UXVc#J?s9$sr<r#B7A1
zTl0R{TQ^Q-v+=zz!f#Tm1eaqvTwL^@<1fhxod4nCiz?)v4Q;ng6itk@y`4tYa=vxV
zug4J3IeL72n^En%*zCjQ{I2@TT)TswPEb`cL0Vb*Qf{}7Y5cqd&0LGN(E
zs6sowDah&`Z$;FT2FF|1>Zhu+F66aC$cuJYy`|)0IwFX4J_7)&P_N0Bv~Q*obN^yA
z9t`I;oATJ(_u)7AJvD;CJ9wYDvTOjN4jx)y4Si-tkQP0ZqszriL2A5i0g})iclHxX
zHR0Occyu-$4icy%pb^b$72RRynXd&I=}F$z-~=Aj)g;lTe277{Y__YFaF3t0E~X24
zf8r|os8!AP`TNv#`rStJ6e4p7!Y8xA#dsEOZW~WY-GtPRb=nE+;Ve~s{7&cmTrIVT
zZR#17BqEWNOiZ4!^`gI6&c=h{ZBDP~0kbw@vpa3R?(Fu}U4Wau3y=^Q5g?Mu6#17X
zU6xF&w$wPZ2n;4mqz0d!d>x($9j(C-QSR)O1mE>vk$C_p!?+*h(s5OHPS*~&IJA(B
za|3_Bbmie18`P+`;1Os`wxaYYJ#?+L_;6Gcf=At>IP2J>*aw&>oOloj%MFGho*h;fTPo4#AH_r4R>t_u)ky?uv;zvhg=1{i9M5E5xD3%@*jNLlGrZ)<_`ZD4BZ1M
z=U|O!<`#~LAPjV8a^WN%&|TfRGiz={`v8{~Dgn`gq<8VM`v^x_2oRSK&yh}2fb3kD
z1Ps9{@F$?k?7O!2Y(il?ngF}+4g?CcuC4pncJd2YU5&oppAbsP!4JA#LHf2Mt}1i2
z+#7mCa7#{Sb0Y0`C7|G2z>FczM?yyYy(a3g2*dM}7>tVzzy=g91K}E^Z`b2KEA(Rm~-LnK&kP
zx>zQ}>VSwq5QcNe0nOe5T+9TazUTta(Qohc7Vr1wXNc;$mfuDV8Nr0}8p6h`?OlRM
z?#-tHW>HdM0+WCr!{uDI
zvSt(Szbh;WOOWUu9%k$f=!&%H3BW;S1SIAMUj+wpF&keFk8F-aEk&a!h~|o5l!>|{
zUkrN;T`!x=yLp>SkBvagaWWsBJrC_?k-z8ml-Qu8QcZN~Ql(-+Bk~aq(A?#iFr<_`
z1Eqr5d)QKwEO#b-ZAX0JC?>
zz}yy#LAnW{g*4he!ZI8_L+bn~)Z7M?7?wKzCQ37xyo)A7O8oUy3Opdy1!5N4zy+>H
zT5s80vOC3nqhLf)_vZ7SDS=o`quqSf49;!yi;}E0^qQoubx&WPE{$7Ry&-15?z~FnA16$MM68L?Ypd?qlDSJ2OGH5lR7e
zZ~AXHg-V&i7ZRt%ooJ-cY29r4(mMp6kKkR{-WPXZ#uDdqow^%1K!gI|Y0zzQyb4!#
zW7fEA$J7dwhecRS(@$oFwrx&wIX9c`16naePLi!R=h%CYCaf#ECIE?Jp>B?G3P=kB
zHAx-K7jvY4vyLEWk
zBQJ|6Wr-qvjZuK|`9FyJQ)2YM^ydBN^A=*HG#2D5@kr+o{*sgIY_Gs&s^hK#qT>OD
zf!EMk*!Ngio(gR5D6{PYB>ZdFdR|RmK?6P{6|#npp30S^Zc_`&&5I;hC#*Z`^e-n^
zT1%FA1GlD^^iY$#waO-U>_qTW4-y|-?{SI6}>vODfIs
z(LG^z_Ff4*?>Z*EZjQPhWrd(MM6}a6F^({m&8x+7I3Z$!l1xG-s@ls`XM1OeED_jt
z0Dt-)b|0w=WHW+ZQb1Kxe$B1hi(|(9N}*?uCEK)cBIf?a#Y{mLx|k}m3G)!Fz^Zf9
z;nmpsztlbLvGRXy=AW)h-AA7sA+mU)Ks*0z;0u8R0&(>vl@_q
z3zxEEpuAOju4m(!P@B(YQu>^LB%LgJlcD9L^uZX@0Mt`pljLxhE1t{tb{cFuKkkaxOkFsygq9jf
z!bVUCre_J=fi>CURe1n52UQkVRK2Ef3t&~f^X#b;XRl$o3@%VDK5w^`A&c6iGe#M3
zIBbI4lusZHlAs89c%GcRLJttwS;`#`Xf5AAUs%qte%8NzJ2`!^==Y{*z+idBw~$P~
z7(QUus%v^@sGW>@ac%`1+tOPdpgvHH0aBzXHs_rcWkHemD@YjMqqhRG)10+5<}e0I
zt0We3CWfAvc?M0>;4GY?CglY(Gxnuhl5^CjkR?fLTj6D9#ye4(2Pkk_T!erTF&Vu(s-I7fy}Q7
z-=tBOcyiaY2d;5|s_NtW#pcPl2_0r*22<#F${4%)WLBocf~W=
z-JNnb*pbB72L&bKHM9tuLh)2CnF3Z%4vTC}
zv9XqTs!*09HqkYxlyGtBod*4OcPYo0m0f5e0PrxR+WjFU5pqD+BF3`sH=6n-Fvfs7+zbh3oMm
zPUxGa2!o-36Tqt%A{8+u0`5{!MXOjPVv^#w@B6+=KPVzLt!)h74z0b0pn(ksC0;+z
zmP34^Qs*&;=z(6PafCT&g;0H36OL_YBf`-hd9%|(E_w$@JP90n<*I(Qc7Zb|2DqzU
z<*IReANg2E_^MxjFOXq%S0~kR^k5qlW{p;(dQN`@_6*@kZ4%Yq*2Qc>Z9^1}(V@t+
zj)7&xL(GRP(|dSv4qS2}+rNH9vkxMnGy<(?-t{%5dKnU@iPo$Z2HFo(Oj7csH~$a{
zT9?825TWa2<7Urocq(2)qC`Y8srdEv-%Kq7n6|mbSGMbw*Jhx&g^Nk|1ddN$+1kg4
z*B4Y1uItX?dnxoBX*B|Oo!u@1c0=5sft+XP7`5z9u1(S{DFH$pmz?(o`@v2I$pDX&
z6)cL>jx7LOE=ZRsn^F=T9c
zelkaknKi&N^#dG2X8zgofV>Q361A3B+kYQG+G9zwg2}o=`OXA3!;r2l8xD0|0%p1<
zH_!-ePOwYRLWzu|)ealTCM09JGl1rlM~{(P#|Cbqs@^s)LfDTctn;2x;?jalJ>3|u
z-nOVK{)9G0Nq2!2`k;6DBx|--J|S(uw>fchU}D*iBu~uGr~1G23v%V_f#+Ze*?}5c
z$!;qsMt+4(5~SUGt#`CU84sn>yNjhw*@o(Q(L-s%LBQjX%%;8xR;!6?dL(sRv8rb&
zHnIPFh}vG;I}8EICS=;`06b)j1B3J(IWS{YBn>T1>OQR!O;3phx=p&t)%0*JKO8%*
zje%JcKL-Iu3T7ydrURB&*uc~+FfOoK&4Fr^8<;6dwhd((l0>5qSWi9dO~o#uUBwxi
zM%fe~bwsFrnqnlT?6x(XLG_X06-ZY(EcWqoYWoC74W`rmz`|lKl0(6uZ(35Nt}3+Z
ziL}nUG?d2kQClML4K*sME0+M&(BhxKp*;R>?_|MZGGLVWn>ge(^Z|WY$R!#MsZH0b
zowZJS12-zc-DKQaT%5pnaX*+M-f^wj-A~2LvsqnlaO~LR06@{+F&_X3`pJ6z^6rgn
zmhFE#w?d4#L4XE${w|3Fco@l_=9xzQjvtD8;+bJhtdpEkRD=#Dd&F~HU^yyDq#~79
zdx~^4f`Cg2s6lL|7kQefq&wG;ZJkUXDl~pr85o#yG|0npc2Sd0WpyTP5Zw|II3&%x
zN`a@{AwkSW>D$FMc{x(h<>loVAZEgORwk^fSCaL1j}m>
zOGMV|QG&f+yB!8jwC!XF^^%!hauZLJ3}>hCI!B75>t;6LK*)_vSG6+REO)eZ9+CJ*
zTqPlYCfGXicAuUaQraPzf?PBLFJ1mIn&OXxz0CGNS2kr3RE;vVfjK2YZ^#_PQqkXO
zQw^G?1!=On`%;2Tgj*WTxSNaykuu9QV&3@*M29!oq}HEN@6g3|wPqKvvDO`U7mu9iey3klZN$L`micm-GGDNPRn7E)T0YEuFcQ$Hqvj)j
zzCU_wB;e6DmD5^zkid&t|x(N(c={d1U_LxJ&cv<_QAf>H%A+4bo_<3-R#~P~1
zsj5oEVA$76-kqOuc8)cVZyMgQMw9s
z>*{+2bqMHfjgv%QMg7n!re2>2Wr&w-q{Wg<=$V3kr+0A=#QtdE&i-dyjX+gaKaJ~G
z^pkA_hio*tm}tqUQ_;fNGH8WMaio)oNPJMQrGzW_)(xg|BvT{WCg*Ob0#x7|?xDVV
z6OOIp+SJfxhJpY?4a@No`B&@2_+dI;qWsGieXwSkzSao=ysWwkP$aS|@
zWIIJ?rRfY$N~wbz)z#quLEv*z`x4{_Tap%QP99DFG+)g{%_EB)(103>r%WXlITqni
z&GxR~aF*0OnRIN&HBUM>s9YqFV&3ZsIv!chwX~UW9B|9~6EcYVsUg9{@*G0y(d;$(
zjW7BHX;nKL2tWJI2Ec7XsYsOD3w?wL|2(JV94X5Am_jTSWsz^2BrhObA04y`ryucj
z%aj6tjUn{%`Dh^oE#{qAv&=ACh)gh4LKqPYQ7thhB@I&^yIvq*b63^`VA@d%APQz3Lv9SMKU#wlz>wu}}
zYwAU+Dnxu4z81cnmDD4ko5Q)+4Nt4E5L$XC&GWafYzJhrj>isEdyw@XLHREl`(uZX
zz3h4P2Bi#3WVxZ|PE-5DK)fcyxfQ$zxab@;n+wd8)7|nOX@g2j2ptCa>p-8tiqny=!nPSDp^WVF)P%EFD&8{H=)Dz3^P*5
z!i|1}YzxZ@-^F}DEz!J(uEp|o+p{oL5d4IB@r+yFq&_h21&8*rcddoD(#I&~1*G12
z>MOyICFwib#mm_+4<|{#8DkmI3K)j61QiRgasV_)Djd-V#sR_c*Y?b?bH2~12R|@k
z#m3doa_-Gj>I^NM@&d|8{u%t}pEiP7em_Hnh+HQ-T8dloeylav(FbqZ+widr
z*lwqcaqkYY0K7Pr?#vbWkk)vs!mvcbQg?I}P{9a2818q71)8)Zrznabb`*4aiB7BC
ztR3~n1{BpO73g)bq92L3W#Oc-wM{EnhLc3dia&`(&HDlPQ@+eyIAn>$sQ&
zX7P&Pp4Y_5iFw>J_1LU(bXC!WsxAIa_Ze~F=`Rmi2
zMnH%}Y6)cQqu!$l5220z@32#v0d{Q&=<@-l3k&bM%3RX6H}7#|FCPPf+|JHLGz2rx
zArr!rHX9(u=ymO9`TS@KJBaz{RVpW9@p8<%r#9L$+&1TtM#|m$Xt)Aeyg3di4b#rZ
z778e>`O&zlx|R`##>IVJBoVVb@b7Dt_NU++1i;ji#m_z6l*9OIB|oxc7kR7ooi;e3bVN<|KwAdF2sPP}PgOJ1
zGs)TXg5d-=(384Mw=-xs0Jj~P4Sznu7dROc86AZRuPC?yjcjXvQ
zUg93Qg?U8B_=QelYngEZm&@CU?FP@#ndgYf0sXrfed)Y(+sf<95;#?LZ&H(M^+pCl
zH05PYb-S0))tUK%dzx5}!3--W$$1e^;DO&zqxF&ejGI+_9!v{VdrMQ
z?@;%k8#r~%m`rf0`V*jK;Uo!D6s=bedkj~ZB$WFE~Wefs?UEawO^<
z3^QSu$sskUVS5`D<0klFP8|+t8Cr+ULSg5~3>}9OYszWog3}BsY;a}l#j*i$MFrO}
z4-O29o@Q@6ZIbc)vsAB`OYa%0>Y?BIT$nU{Mr@~Rr(D}^2gUDzT}i(yoz`oKjhUWl
z!UOL_5=9cH5m{F|xllD|RcsG>26ccr_OT02I05NTH1-&gY-(TbbSpcv@Sm;i-|dNe@-O1ahfP+d-oP
zAPJkd1>Vx_so@a6ezinzADEug{X9Ad8~Gg$Zy>VG|8DyMj{COK}=
zfoze&KGd3H(g&?_ulp=9xJ;7|5*<2#7DR$p^wDnA>-7ZBBkgqA<-pxXSe12vZSZjo
z5i%5z4Q`$%FR4t!SISzm?qR*^6BQ1djVuq(Kx$@J1XB`+$c`O^=@w7}dQX?}gz{d5
z!=Zh^(9<`T0FI-a$N+0QftQ511l=X<*opu_TBR9Xct9^moFBj(0}i!A=T(xwFWDqk
zwRwZGX;qRR(+B-Y!E0YYIf0c6o#c}>MDhEz#kqxDO(0J@Yf9K^d@$#-(*si;9`vR>
z0})+LbJbB|Zi*O?KgJj>()6^%EoNZC@HtWr;+dKa9vYkvzkX3X*GELB2&zTI5x>!~
z-*%{}?#N8H1pmb-;(BNOH
zCgNHz=Pk>W+IwX>DdX$f^l)*Pfh*?r_xrO8Ohjc5c*HM~jRp-BRMctT3=y|Qx}s{O
zaDfzY(TfI9c>pe!x{VevvSprHvz_}GVVUHiPGMPv`p9Pmug^(B3B+RjOfY1ic2i5C
z3@O#IRrBUIVSk2m6fPUD-|2H9Y=u&3{YJ^PJAjpn04EP>|9wsd#o#hlIlMasY%#u=
zpa95%-Yi9sY=_rGqy;A;ZPE>;APtbXFjZd!#>G=lu-saP0eB&xj>gj7$P?#VsC%Y2
z0%=O+Xr%ZXN45H++vvhK_c3S0l*2)N;2Wdm2(?1r#NasgHwQr7(mu^xVY8>izS*lQ
zQsR{}dd*-G>i95$8E=w<-#;Z}OySD-H}My)v6>xJ+G_2Bs5oPlcWx>_{%g}wp8|_s
z_UFT6q+qBLf?lRagxSDk`#K-6imsN|Azg?pyO_KRZg8r$aQGCLQn
z7_Srr`>8=sc{^!A3CBXqC<*mDq4NnAx7GqoESaW3Cti%0wIj{|9k|qqffl;7I}L%R
zUOU|*fZ1BhmGR#X=EFW(dCcFN&nAL`be=$G-F8iF5NX>%*eRK8MaNl*S3Y{L*9Y@m
zrw&y&6YYbP?aVG8sIt?J{G#U~RE^tEdGLOKz^F#Z3QI9Ev`3R+)ktaliWg((YT6Gi
z8}6HYeojrEP(aCWTSz?*UZV+L*tOT7nh#9HUXd?j3De}=h=y(cb)mY===Rja^Io2c
ziMS&rKBJ~v>8fP9P09;;=Gv}CFiJW5^dsxG1Rt0)8)$H`NP+o0Uu5gn1w#in-c6)PPLL0N9c
zF(9U4nf6H{CCYSmk2&y?rHV#*4VUCV^;8u?F>cG$ZIRxpBLoTcg64f)T-RL3;m01F8xOKhuGf6@!aN<{VxNMbNk0_u`n89k(p
zrj0WGme7@4V;jBSn!<$@j>b)7bb9uy3Bv+8j^7H1m{}tPW<{m`=nQU&ka#q4eL{Y5
zr^CFBKpQ#0y6H1)k&l0-sWLEha^f;w6>RHVh3WN7>NsaQe#e4OLNrLX@QC;~jSq(n
z7-3>nVn#~V8eY|M2QfW9A^uWg*DV;M%AQmk97CO_k{zdl1@HmySfpJq&oLQkmo2Ep
zD+X4+GseT?EVUN{)WQP7fxQ~9$zJF5nq_WyvXbG*DgQ<}Z$@7l5Kuf84%{HtjXIMB
zUIA$p{!9K6ilA&+owvd8KY|wq!+3zd9f&rz_&`VoYz&VrlNH;3M~dJDg)!s&|dA
z%K=+AJOieB3D277=J_kvgL-YZ%6h>#RynLW;4Z|C7K{)Y4bO)F&(R|0!Zb*%>IGTK
zar7SSoaAA*k`z+7!Haq_SW%VT#S->l$mJa`B03)v^g3TU`omR87VJvu+>w*@$aehAKQ{yWz8czN{9
zccN$2e(l!z4C6`_VL;j7*}OMFj^NT{56}YyT^y1r+9ernQdQU_KLKkPbdiCc49oHE
z=6vC|Zfqk3G&yHmZO(vLoFnkGF(UKZ>Rw3;tH#f|>wcAp4M}^oK#Z>|dkHurC{su)
z6d)y9flwm?y4lyR!ocNm8EtTGR#ioPO=%7$cdU-Jaui%l2Keh#d!~
zO$W%C&Cq22u8s_nXVxK^k9{YS}9>g>->&?%SC4PkN`WFlMhVmPkkw)#AJFz99tZcA2
zFiLkp*Fu72=thfq<}7Q+fxtmnoT69!DYPp_4wx6JcNgm>;W<5@&sQH00E&?~hF1>3
z7rYrNmjHqHmu+O->91ws8Zx4!k}>EM!Zpdz{`uw7j$5|FR_*1)i&}jz%$DvW6H57r
z2DddU1wt$ZFO#E;U~EJHc&W6w#K^nVC)cDcjlwW*k#|g8dk}9kA-DsyztdK!;m@VR
zVfdr3x6sSM&SPjo-MFbcc91sTA-rd{${SCtIl^My@Xo;ZCmIh4E08>d#q24fFr7Z?c`@Gso@q@PZM9o4*m?4*+;`d-NNn`RP%&{@Y+
zWt`B*ScI%5alWg%naZnY0AU86+%$DK-6Nc}rb@C{^@bo808`eAuo$Vc#}xu8Xdyiy
zeTO0P}zs|%W!zzXy)Pwc7`srdY7%`OgruJ-(`z`5>=)~0Q)yZb;~a8y
zkydU@RU2cSZ^zv)Ud2-Q&L_4os`2wsJ7NDb1F{y5Ic`E*rzJ7f6MY#1V%i9r1B{FY
zaM{*m**nX?hncOZ!z4U^pVmCe4%9St&3>!gPj_1d}td
z;RJL#yR1?*=0F6mHA1STWN
z{OSw>1wI=O|LnzV$#&U%%U1IK4D;~LXX8;{EOyq)-R8G5Exo8eHIO%0u8DKaR8=)O
z(LKaMAq9~JS>Z&?!imzZVnDU8!*ODkXq8`qaJ!@9KQa|wI><~yi@V!4?hh!`(tQg-
z5S!5m$g(-_J9V^!+FTK|hnv0kelROL6n`}*dHZM&0wmR&86=G>j5O5k0tE+tH^JNw
z?HqP}KqB6ohDQsTq}@}xC1lG;;H2-?gx1FGj#ICV=NFg|{-;TDwmnMQTo>CZ(~&td~m(v>DxV5qM(zhQhU#fwvM9;DGcrp$$4p;lRV4Y36&^fn3(
zc&5(0Ze^Yq`d9Vp9gGck*5a>KuVHg>lZg-rH}#4&;}!rET2x{OytdF~=HX1aj^yB$
zSH{uLl_dHpV6myTIqXaaPfuY!QR`(?StV=ia#Mcb5ZH|k#<5aSGMEE8r^+hSVuR7C
zsVqv_z#GGrq+^opx=l>UMM(0HVt;j^8|7i?^0Thv7vRvCyCi5$f~4?bcDfGuDIVOF
zSt4^3j#x~e4x-72O)Pw0dK_e*>n6`E
zC(G(r81@u$q%R-Y@LIf%la7kC?PpU}kt5LZ%z!(D8)Xi7_;Kjgx;a9Po_TAlWY*|D
z%9>7immb6;^D4cSFTzTY6`;b
z1}yV>i9pSlUeGnk)T5_r?;8mR;)*0YQ98n!e#G*xRfZBc>n1E%l-Km)PvH4BGTT)Rn%bJGurY2yW!ss>jJ9?&FN~a-^
zA3#$wm=#5fT;6gJs;Z^Hu3fgqEDII=8A!I$jZI%SVEL9!d;&)2yD~%OIar2sa*{xY
zGJ9JW3y?h(4do56&x^l9i`JT6Uk9YL;i_jqujm(AJfDe$?o+Z9)kQ^Nv_>Aud)@at
zrX>h}2qaH`Rj&bs>y6ZUcySKwPpaMz9SRuJ?7_aL`7CgGY+GqgQNcMTIJoSMWGXsO
zJJk8`Wq){1>I!vwdpGzelWnk=kTKd#rvOz}uE#G?PYSJ&WTdyY;G`vIMM?
zs9{poawao4gtLLb*(qa7tsMTx<_ZZ`A
z#>B{phKalN-mtg40B!(>1&X-8Jer}Fxy3OS-?$h-hdt>%QK8(~cG0~zc9}4g
z^og%`zErW;*}n}Iv*W@~r5lvG^tQuA09G{_bm#y!B*SDFFC;J`n_S1(J@Ks4-9pSu
zCIkr&zpqP-c_Os3CUBxBz>Np^$Wa9
z124(fc%yFGYvwW6jH-mjo*js3PY(~Wos{9?!;n~ehuuW>_VV<_IlQ5zly#JB
zL`1{cSUD)DXS6dR7xg?wYYOsA4JiVKn{@6v{5Lhy@u@7zS|v4VM)DiR}i
z#I#TV%BW=k!40(x!UVOD8I!OxULuZRpK?&ox~NSYE$*WT9p0v^4{V@VlxYB=EhRZR?eCUloNbf@C28$Q@GALhuPbdqljZ!%OaNT=ez!X
zLZ4la%=%g4OLho#sGv_Ka>(qyutrpM+B9U@_Sae^$q77_Y7)s%duZh!Uwud``T67&
zgm(pxoPG_@t2OSTuT9K?@(SYDxxkSSv&9_L6L4Ol4-wlscgOF$F3Gq$bzTl6d>YmT
zFI)cN73+&y0%QBk$uip*S1W6%ljTHPnJslB;ZLXdx!1JM0?^Grw}nC0i2KD2^;3V|
zL|$9}^2R$*@FDZ=T2i56f&!N#_42*o)t(Qy0obcNJrd_ZIWo2uDG!U9O7IMYDi&Pf
z7PV?db_nH}!>fgtT0r8!hYY?X5CaO(Q#76jc|(pR^hm6M6zoM4{HUebW
z^~G%3KR^Gf`Sb1Vue|!oH@|vvF&YoPD*okH7xO+pnD7(ONxk_nS)h{K?*NX$Na$9i
z>m;hX6krEd@=&fM`Ix0nZ_i{K<)45=UcPL%@7&Qo*P3Ohm0!4F2g5gcNh*ix1QGEl
zv>J~^o9=uDcBABMTFq-`$2OxcQ1RlL=4+0ishC0;qg4Z0YaL~YRykedr3&_PvYfr>
zn*tqne@Dv}gepMg*{uudjEQDYvKT|&HrYkqwq2uXPFHVU~HK=Y_k+#C;u?X63Ty<60!VZ?&{eJZsRn{Sq2(F@6cd0_3wl8d2{_*ZBr%}_^hF8
z0Pq}3b%Jc6o;5snG_Y*%jTXm1vqqTsCdxC3yOa
z>Kd3%27$89VPA?rv|bOYqc_Ji-{BctMl<|d4_?$LL&`GVV+~sXJhyXO&_Efo3UK`q
z+f$-ahOKlD!?~)ZZce@*MLel$j%i-wklq>C8#0Kg5Tick+
zO0l`}j%f|_H9fwru~u-f!oJ|1MpZ?sx-287`6su!S|-9WLPYQVXiHVy%{>P!iQ`f3
zUA4E}r)NSeK!yz?^&}NnUGRkdoNjm8P@gD%w44o(TpoUeYL|4t&Kihy%nYd-$S*HW
zyXj^m!FiB9aauW(@mlLzq8Gfk%P`jR2h2r*dihNAL6aZJbgfGB{TWns&({DLsIZvz
zZ{JQ{po#qynVak=E?^(Sv*BDD9N{1LT2EketJ&P56>1XJq(QX>BgFX@fVCm{%$3@w|*-QK@ptPChTS_h2+-Bag
z?}4Rf@F`6p(LWoE2h@)aU!pn1&p-LvjR#-;a(nN_?XT>9W&6h4ljX&9_|DmIN=gO(
z*~4s7@Q#@lB%-bR6|^d>h@>mNMn|
zZG@xj|7(BI$A&+*zXr1mzv!QO{}w*RU`WrAQM4=c(Bwrdr6e_5zTbl$Os2bo@u@1y
z5~$)@4$dV5>e$EGwZ~VT(3>K&T^xS;UiXm|YHv@5lat~634(si#bKj%uf)9(UaWAm
z!KsoH8Gw&@dt`MV;u(^sB&@UT%-8&CG$=VA(nOwUNLuR@nK{GmgF4mYg68)22zP+8c0vmq~5XF+gRr
zK8jQ%x|^ho#H#CHHXJVfq_{byejg^qIrAwsJ$uBPn^0tOac0{u=FCyr-#dh1Tvi=BYy%yC@45AckxG
zDP2fR*%DLMNVZ{G;Q%?I6*ER)k5guEP+w-Qmby>sB#TXwg5A|}u?89hV@fVxd3*~O
zvqJ|j0WfDg`rsU|{MZ%h^UKA+gHrFM-y)LEdC+Orwi
zlEI%)kvdc*&;mu!lGO)x4G|d#XqnS;8$39I@5!l_v{mVuW^D&}YEx7?F`h#8NZ9$F
z0U8d7*Ssqwg@;YNa>ed%x_(}fUl}KO%}8l|^h($HidAP4)1fDVpFe1QWLt-#*RIq!
zzbhrqHbmu(Gp=LGQ-MM^q4M>p&b^e6Oo6nvQy(w~STbl-=i8=SapHsO{Dx^tUX6Z)
zeYI=GgupZwmD6Om>HOS2xE*G~08
zsV-NWJ;n<8NG#{I?-W$>wmXlY=&~6@eb*qb2uG1GNH!WXsZcQ1mwNkccj?ri8GkAb
zXi}+kRrT0>!7${(u17-GEpow{>?FS^NSC6(briqdmGn|9pO?2jz`O>8oKoPZjo%*3
zrl`^cHkYpJJLzAm>8)U4H&r2_FMuM+p-$>5i(bn6{IIty9@(g>8mBHLHp!`*pxW8&
z9Tyy{EY7iM695Yc92qd@3ky(5WNMT0IRJ2qZnDZOQ1I-m!Ac5&4|`Uo>(DpU#%CHeo9h#{3Rn^U
z5)-f8%XJ0d@3{tZm{76ZF;@&++xJhl;eez~ui&{C!GUWG)5N?emXTx%gB9P8NKYqx%6*0Yk1(0D36w1W;24J
z=xLve6%5>|HL6|%Yb~)9
zzwf7}t?*hV!*X7Q>ZuC}lda*!@T^NxkN9|vfMh9?HG5u5gu-cO?u!>DGwep<3FV!m
z#RrmU*O#}MzQ!>Cq-F}HCXjr1bfU9KU?-je_-t_51oTFmx-+Qh=fnPoQj3KJL@q;v
z0M~{G1`gJuw1@!Fyk)dVh!dh`#iR=7zBUAHLVzXb5BYs&dJJ8c!z+3!u~jT3uWXxN
z#z`jUOi|9K?+>SEON1GjdaMmP?E5;5OqLHlUjTLzlrr%R>P*hqV+XbjQJRs$s@f&S
zof69LHNIt9(o~d8k%y`LYCC>EGs_dlEvjC~gDf=!uFtTCuR+ZwX-*4fc;2z+x?P#e
zM
zonqA-sAw``ISk*P=G-sJn%tTf2%W)ptX4u_D{v1xc3hbSE4`R05|Q;g{SGj<;{;r}
z^B#un4ihw5lR1k9;i@X5w!fV{yCO-kc4TS&@aC-NUKQ(k0c*Du+D46|+1~Z2pAZfm
zR8jWwW_^Q`5OuMgGa^+nc9tbWMSE~7TtjhxEqLmkqf_|+rhWMwBueCKki{FGqgDWu
zB70+u>6<4k9%vdKF?3T;#Sq(qcBlheJ10D*7Q%?kX$W;W{q}mH>#oK+QtD$>w{B~m
zetFv!bjr@)k-*L-*Z28wj3A}T)WJt!;J~G$^B2%Ie+jLHA0eUf@LYI|fJV=CTG|Sn
z;lRyS5H8D{0|uG%?@gC?Ptc;o4d5+BSEKUj*3|;6*X2~{cDy&6vl__HF$NFd$=Q`n
znTA03S;7c@PAzA^cv3#V2^Cw!1>!wC4W29A
zcS+;V2Hewt6tdH_6jM$xEs(92y63nyp(xc8r|6&f!r-Pc2J5PfxeQA>@5q!%Y;%MIyXF;)p{(0g-?DB*
z)SAkY;?$6OhL*c%kbe4%J-s8d-0c+iE7xaxWZir$tlggK)VCiP4*+kXgURb$B*h}v
zcSF)WxjO1A50C%YVFtldSdj`WBUFl)&QGHNj5TSv9XIqWCGPgJoyLn#yeSN8e8N
zrQ)6Fd1dH87&USWdnB-UDmd^}yKJYKOPa#DOsS)}sqxAXRGakx(XsBb&3&#W4X!);
z-E)6pj#536fh4P3rXV1+-UAttesMo&n-X$b!ob3+6k`;mLJFj0p$ys{(`#xaPtoTH
z4g@(g+Xm=YsxlyR-s(i1!&IO=PE**K)KM+aaiN8Fd~<
zAnA=?^w1nx`a5at>OcPhO6|trnhysFtJp41Ycb6_e(wkvUW8wgORF{mLPiVkiiq3#
z^e#g$L|O8~?jr?WpHq9;)JgGZ_fXB~!Bv(6NTlX?Gjd_1#CCl1VqYbGc7z0c`VPM-ETM@QY
z0Mf$N;hf^Ur86WAThJWH!!hP=Yq}*+C)zuY)#P4v^|fx+1yDs~hB#QAYJ@PG?Md>H
zd3dCFWpcf@>JigY$ID4=O@^&_x$s(j`+iXKewKRU%hB}J6t#rNTA;R2Sb*^3qe`qK
zI}!Gr*-0LW2S9d^C^x_B3^YsNWJE2$byd7c-`*i^QlS`}%Z{1fRP%GPPYh^P0H4@k
zqXN5zM|YJ2ON;0;RBn#g@cDpWB_6k8LJO7-vPdK
zjO@i2EO_;8G~Wnb3DIqX)w(AyVocd05I7ALCg5RRa4c^dR9M`8fbynEPz@{DOVp-4Tqf6w5M8yf}rEzbwVKrM9
zr?j0FMk2Ewew0JG$g@iQQcgIjmpC9_c@GG|Z2pSmdrkBb(9^knTt`nYj$YPGROO;;
zBN$;OyCiV1x#So##HEvCzmzIW*)f|VVXF{WWdbJxnbDMcp=2H<=mBA)9MJk$v<4=szclHEOw~1Rh|f*Lk8C4Yn<`;wGd8r6MJ^Kk~&K
zEpa(JUcMR+2MP!U*i2zrubM>JduIkSR0i!uPu%W^?J!d$$FUpUp;R0%hu9x)JiaRwvxM$L4{iOuq)iDK=gygb*^>
zSJx)l!V)$eP~&|0Eg5&kJtpFmX%msU#-Zns^@g#s@pfvF^XamYt1iAjoSZLT!7YT)
z!$V|mIysPBisBazAGBkc2UUFhXzL`YoeJX6@J@C~^7Tfv^edk?vQTMPBPqnR<}`I-
zQj?7{2t5KVbn2KmqMh42ewA_m5`u*FMAm%xLeM!miu%c$>4`RdYSok&c5Lwrlm%h_
zD*zVb)8$XU=Oi@2Gr;?WvA?QB&xNh-aIc*O#+p3^%JP)b5Y;whqs4Pls7`jAi8u{ZJZE$mms^9_D5}EA=|ehsTL2M4+(`J-HnHcYcOWj
zv3lMKh&uZ*1D5*x*e~zIH)$KPVo^C*>$`DjRG3#p2=;@ERRADGaYs5p^I);s1jrD*
z#-M%WYFQ>6D1}7N<`-<^)gRND{nGSeJVu<4-m6}-+>%&ZCd4K4ljIWZM^8bpL^E16
ztD;!=K2R(l{kUF28g)h5!yD}DA(YdrWN{9JUyrdRNXJN2wa%;8TqK|4myjXSb3}3(
zfJvIC0={*FAl+S=lMe~({G$IHe@RZz)qJ@4qBc6&(DGaAs*mWlcY6ynm&I>k
zU#{WIut_^xET|qssiy8{a7^+pv(?O%)upJJR4@5xh8zk56G}$~M1Waw&Zs$KUGmS@
zN&R8ARuM~6SqmBJ8Dl~ONX%x5O${J$n=!3=@uFHHs1-!fXdB)iX+`+vw6q!VXV%BF
zB@u5*J($Qk3xHWzok7_G-C*`gaCiww@IF=7O8TmSzou28H7?LTkje+@M;ckQ(`69H
zp4X@IAy5PnGZ@K54oqd!~8{cfB8*)doH=jy2IxNR9G)rxcbmnV#Q
zlpr!OXEUE(zvq%2)Z?P4k;rE_&^Z}Ni%jP1#r+<`&lB~sr=>=qzq=~MzWB#oEe}-
zMQO>!0#l?u3K^lb%+*cH1M=~c7UbuNa{?Ai>dZXya8PG
zUdyJQna+)<9qv!-Y1P+m@@Y
z*M|@4T5$?kzvXN!v2NhF?Ti+HSVw~{8l1lDd|e;7(Hv#F?akRTPg7H`gxO9Q;5EI&
zXo)`cYHn&y>4D9R%^?o(L4ujgbJqmBi4a@>MOawD!dud>E{VBOql+
zjdw}LJ9k{t&}8az&XME*oW7Q#`>fKa?*6R}34=Z(bHzrJi-{(ooU#)C)8J_zFil0y
z348{G-W#^>Gl`wo4%Y)
zdUntuNy0aF-cJdAu!`iqPz$3D;p-Pusa?UcBXA_KOxiCdy`3%_K^`+E4p0NDyd;#JU5b
zKfOVBl~QNkw?M$63Mf_7=LmXE`{NlB1n9CjS_~BWbEY}I4v09=?rDy+Le*v!jk+dc
zCLma&=^4uR4gc6?^Y7lMHIuiBSl{xr5!z`vZ4_95JlJ8S2}%nYJp&8_G2>e5&@=&s
zF?fJIW)8-Vlv4w;@Mf8j_`Bo;LtB(b2fYW)2kdW{FfBMT`5imLlN~Z_fbxPX#x8O=D|S}K
z-BZq|5s+pb^eeis9btAxd(RdsL{+lU%jL8qR?Lw6a_U9)K5uIyOqB?rw{}rfoU{r*
zSsc429B+vdEWpZ^Au9t|${RH!8XBj+i)Jq1Uq31yVl++TfypR}Trw(e>Dcgj+%rk+GQ!3o!%
zog(z5>M25wgSXyW_Rhx_i048+V^c8lV@*`RWHzCx#BDkq
zjmL0j@pQ|TZj)8MO#CZ@4tg|nZcJBl7+;uN7*xy$U?QNZUY4pU^JvyA6Mt-q|FT3b5sD_11Hvg8acDlRqEWu#~Yy>{<#h|6zMmf
z<}Fmf3oeTVuH%gPT|3Bhz$^HdZ|}J(z+jo{}vP1udQTsvce9AioWi}aTtu#2+<
z=Nq}dAe6GARX4>Fe*BOiwk~E+q?Ss;3|75QwppcuAW|yIT`}7xTD5DO7M6_dq85hh
zmh@71%{u4|n1=IQ7Xh5w)d>%DTp2Q3@U`iPe}ui_BkHj@39a7xyO{L78lOEd3*piLWKn9Em+Qu@@@7
z`(^7R%RK8LaloXsnvxIYF|v(ygNH5+KD
z)le`bws5S_8*0*|)}Jf9SH(-2`qJFvb|Nli9!@y0tP
zD$~XRF?G74G}{{ss$zwUh1wEX1EA
z-vl?BkL`O;84V5tkr{QfD##{F$>a5EJ4Nj*;~ehRoK0O4Y!3SECTI_BqChV^@bu}G
zi{QX^BR+pBQ|Bp+=u~JK)Nv#s3+1Jj6E9b-^_8^^#@Dc2Vx9;KDrmF-A3rfUUF?cv
z-MvI@Itg~ojIEs9eQ5`hi65Q9hu~SOhDktF5t!G0$u1vgn%07;k>=e3Lp}Y_9X5SN
zAnOc7)ZrR{=)*iAx+HdyRGXae+{sJavTmDwhP=-uNgoNGqDiLfZEt{gZ#t1|63?5V
zjpW#urtSd)>e}r)cM!ph`et)#C2S=R4l{W%K>{BE*x{wAX`
za+-@RfJx+$?q}qGuseKve=s^V+-m7zpoWC`0X(Rw5Tz$Y9pSV~i4wJ1hpA>EI<
zbje^gNqRD1+^qlrsIwONp)_YKF@n3oUOv{Gs}bDqL!RcUg|cx}s=Pd1VFiC*nJ8hr
zStP{vOJ;T*#rQnwFHkd$35ei+;h~O~Q`-nIZ(s$}UB9IYI(nYLK|7~Cm-Fmxe|67&
zeO_qlXl7Acaa&7z2v7^9hoqG}fhy8ShG{alXX%b;vnw?xX7@aY^JZ`H9yurc4V3tY
z)7gt@A`pfLbpR>@M}_sE$m`R{&AVtO(K$IpECnaxp)zE!HzDcR^*7P$3u+anJ!e;99s>tBY>U9o4&jjpA4^kXTNI4y@
zj0HXGPL^9g?-XA-Y_#$})7VDOq24hbHDWPR9Y%MkR_M;~*%5lt
z@S4EDt%PbtP#N`LcG;l5*e!RIIUHPDZdKzDmsVln(QFk~{{mcu+4y2IMXG;3k*Klr
z^nJ5dIlrzzKm@Q6gR{0w>8M~q(KFr14wR24F{)g1eYh|+>e3g;Kn2uFYX{T2%NeP^
zzMtmB@1e(*uYz3JWY~9v<7u5*n{8PukmD$fRpQX+3vPvbF6G$TT=>~JDoVZRAQS?t
ztwX=4QFA8Vrp9>K%c}Ow^||%eJ_DAOt&dmf4laDASjlH5L|ybWmE-v^JBqy+FUHRh
zn}Zjj+0>JZl&G@yS(XM|hQEORD2}ObBaC{g5tJEmnX!Ql*Q5*_mf#$Q5~o6B$&9+1
zNM}FoIp}*9JK*zXU=!o=p$zGkZDoz54gy=xZ0!q#hS#)!^}qBln{%_a_8|$wKzVZF
z8eS@=rybyv3Z)n7Aotg0?^|L8JyvA%H9QA8b9nN`b1kGi77fhlP1o$kQYiREsiI`_
z=YV#=Ff%AEfd~TRFwYxi`ASM5Q)0XH)}RI}KG>n54<^Q#ba(PvtLrZbN5z84R
z0*6XTqJlH6Tpw;bb8|fyh(UM+37~p#XCgTXAaV~QkFcT;
zAlI?;=(gy=mPRHTgfiWw7>U~mQkLClHx7mG4IW5$V#}YP6O9rBGx+pw+vGcJ0g{5`
zW^GcEw1Z-+x_NByX7bGFWMioY-sXFj`pN;OUufkw8o<(%C1ChYW%#|cr{zw;A==PG
zI&L=(3W-ogE^=qC#Q9AjfC;8JQl?7)_cg%kW3LA@y1PMWFl~ArZCRrPRAxCNmkCI2
zzP#ag+|Y&aR=s*qu{Jik!nGAX~!jd(>td*JUEV+bcU7}Gsnk&tL7rkH~
z2>gGD6YdUGjWxFiASG<8HTL7;ZBwUr*PpCZY;mIdyr5&yAY9ib6;X=>F
zo{xNSF5JrnyjntE%*iZRSA2Sk3LfzE{6bcjEPr-!J{~4CgOv?hIl#;@Pu}XbrKLdO
z@=AZwWC2_zS?uI0<}f;}DGC843WzhR6~zC>0~MH${P{J09D1>PVP_rh#!ykSB^B||
zRietl=xoIH+@ktPh*3M+*olrc=xhW)W?*qC%~Pn=78sN`MWY;?q(0C3d-K^uN)fDq
zXachiZz+K6funnQ^%ZI?^4naQRaIyXbpX=C;ra48G#sDAGtr*jzq0oh_OXFXyZiWU
zY;0iR&w|*+%3xVjF)8$f-S0c
zuUrex!`0VpNC1y-boP8Hu8zB>zs$LlRbVUDcGX9?$dVhN|8>=_F+L_1
z2lD|lp!3`9MB@=iS{SHTq~i(;6zGt{oT%1{!}mIp69oCXQgkM5I~wE2s@+`!;lMG*
zOJkr0@GVRPe1Tb>4)Tep5;P8Ej#E7x(tlKuV?2x+VATp$BSUEBV~xkz;$eYCr!0WC
z9TtiVTGYG*HjSmAhweJ1=6%n&Zo-vBL0K|}mcQUc8q3XkJ{)6aVlEth>js;UqPeD>
zUoCpDeN!Cku2-0Y94#KsjJU|4G5M9Y9+6GRd)l?lJ_@t(;pOE8@
zVVbSs);cSb=SoheNNXVKo6Q%f?c%t(bfs6iTm~n#N&B@wUkDl4CVOs1_sUDM7r8L6
z*D0F-+;2YZV$L;ga07Gdyn*0?{opuMH7a}kA-W-%X(4PQsUmqr+mfcYN^-2|t_AV6
zK4{ek2LW0V9BZp*aTLsHWe2dB67@Ozc6LQE900;>T0C(C$I}#0NM_lzl*5!*w6SzO
z=PGuV+lAubAU`&i(}ltoZ%CW%SabV?30NnJkPSfJPf)SQ1eHohVQ=NUZR_M4DB_EfxwTH2E)CZxV|0
z12@^xCTHwaD8}-J5MuJI?C_w>%zN64nH`i@nh|R%3r(N-06_!WREdAj8!Y*$mfLZK
zt7>zsX$GHI;m{Bw5nu@+a4^`wzy|^j$owkx5^GNW*oAiDX#m&af^%J}7m0aM0qS;N
z0>_pVheJKg9{KE-Rohm5Q)G^MDNttoxx74vXxOn-B11t#?-@^_;UaHVH9-?%TVZvnhKAPvMqK$TGP9G
zr*Em%OU!f=xa;~%nizpY7x)~5U`e;l9
zB+}ik9chu1o{kM|Rkg^(jD`18lcfBeBxTs&-@gsrEOYkI
zdSVGI?tQxVMs02Al~pV~oTEZ4ig~LJbLzFWBH@qff
zCW<{!*BA-VD%>j^Q_@JpLRAf$%y?(hJ^2{?;n{hQF$k;7#N*a-6g@FjuP)Jr0Xoq>
z-#p`nM1t%JW*VIg=M;nOLb(<|9$4;Y^*=~0xaTa|qiyW;RegV5<
z`b8r0)R|=$
zG9m<<*XY4*w>`j-rV%p2Di|H9hP&m>NdX>X`yBWh_-x2alKDov$oU^R5>zBS@rk0j
zUuTGhCK`g5d+##5QzedvIdThR^*|SRod%qR#imi
zo@_Aqy@j)2_`?(vx6CODW8O9|L8~2-k_jLM;+M8{Z|4EI+uyht!FoRFJ)s)CT=ozQ
zxE4}kVFJh}pKVAL&g2|G+$GW_2r4j2&;o>+bV=sN4d$`5E7jFYppx8@3
z<<{0A1fr3PGpJ?Znc7&yzC);Eh4l}r5K#|QXk{M
zR4xa+n@q)EyYmQ-u@}})8?4dqqKz(8B3tSFy2}^mXz{y54lzNi$lhESWio3D6HkVH
z=?`4pY`J-RpduY7gPB*_n?-!8UwrMejz)Kupz|suuwC|FHYhdkymLJ-=!+gfM
zY6M&LH}}4Xmk~q_i-!*Gi;Mnq{3SV=WAM-7iyVm^W-(i)16-<>*xOWf%i2AKcG17Z
z+L$X+8%ZC#K>ruf9ni#Vgi|Ya7J9p#ZEZWf`A$7*yT8_*nt-%MFq!oLpv5(auC9u1
zvHy*bk4Ut_@gaw$djt;wNW)W_257>N*TSAj+F|dhF$SrKmNb`IbkKJOwz=c6m$F>anc?zrDRVuS
z`qrXi4h2U8^)J%^&*~IONx9y8`Y)$9^q;ix=_mn#xqTN-emUzywplJrwx_PC%qll{
zXrx~Y9@-mN%8O(@8$B=vI2HSZ3bdo+Q8+RH`{22Mo*7HoGEQ$-OdksNyKdhnLCb5M
zXpicJ?|W}x53&5n1U-iEZd+)bnig8BOB#h997tzisq`GStC$L}2O!u=UYb+{33GW0
z@+G3|t2R3Djf@Xdh#;3wJ}iDcoUIf+ph>C~W%vzFnK->Xd?qG9HaFXXiD$#`9`K<{
zjMDl_daz{BDCUgfR13X89C|uwjc&i3PqCLx6X43nRO_G+$82h|H~1s$c{EXSwD?
zxIz=>b04h^q@V}BPQla@Pj%;$(wjUEuFve0M(Yz3LFQ5-8%pQKLMzR=rbMVXBn|Y|WfD+dIH6
zT`AwVdlabxt@XM`;LZsVqVx1wB2u1RNrlPXPm92b+MNb1BLb%;dy^QrA;}^KE~KJX
zwq84%TrUV<%*euQAR_$w6RdCh=0o(k8UfP;^l>=D-(Gbnx8B#p$Z*)@&M}zBBZP~b
zA|{`z0(|c5!0WNC*raXUQXMSGc&l5PFDi3xUC-d3c`w5aMusu3C1;LK#q(NnAGNk=
z!Cg`zyMSp%Dd0n=9L-5syeGg4`n}4UvM=!2(hd$?-+KuovS!b`CkW0-(}mE1u?-n?
z@julclIF;e&%masK$iM&Y28N*Vh`K#l=RKT%fU44yYntB_m&b=B^Qe!x(ALC1xkkA
z>cd7&3GOeZBykxK$)
z2)V?uEXxzh_#u!pE$hXzp}1Zq%6ZsP+-EIeXb0ss%nFygSz&NCezUNFeb~{fN=Gn3w$F=v?O3FC^FxCXqq6*{YIQ
zlWhC0t4h8M9Ks??i?T?;rTMu#k~)rwWteZ>VB3s)t@pa`%S$srDL4U9-H{#w%QwlG
zw7j{oA)}mAGhP60Xml)Q(z`}MER$gq0cAOKHW_);KZ3p$=k;)g>7Y`BD4IWAwf0R)
zzyqyrk#VCyH=jVF_vIgU`Af?H(W^vOoU|YsTdD-Fopmkq&HZ5Ygl$%x9-9K(&+@U;
zrUqVkyS~v)t2Jt&sN~H{g_oiHsROht$Y0k0?GQ06S2RvZ53-#{>z!f-hs2mL?ngW9
zG>^4Wz2yLW?gJiJd6pZ)xicIym;lgc!mP|))d~3mIjE#%l(9hy|oh(RDU{c19>fooBNQ(~$AAy^P-d2cd^RdXH^Dn~cJ
z*4}Hf0NeBeF1EF*i{yEXp=rirl?EB7Bh30s1yiPMK-mBpWEWq3s1%w;B1u+1WLlVQ
zPCw@2$3Qz2n+9pdX|Kt-lz^%v$_dUyb;(>C&6W1xhINx^LhkTa@%BV)BJny;a&`bx
z@s2X?HFbi84ys-JTmsXXCR_q#W=4>G|3p}k^h_M~NHUN_3~aWj-QuKKb^(np>ITZW
z%w!U8i1V7sC+ZL1G(sSH+HU6F4@*A&B=qRBKsy
z?7GAvI~gVhfXU9ocGyTg*EC(NvVBc0F#p$wnI5U~ejg
z2@)zp1qm(K)&ZF+{^bk}Y)~@|j{ATbOrFhkKFYt4^Hkj)uCl?_O*fpu7k#Yp80qHd*94}UrCmtyDOytq8sRmQ$Uc^m>aRROH(THdTtLL76n`yIif
zUpz!15~f~1!GPn#F_>i>NemvjJe>p%Soq=D99$PMY`y8Si_$_ijl4Y3gW&Tw#BTGMzHEi)I;UtvFH
zye^}Eg*PxokSli4f2sAAg3pQqB9}VbDs*u5(ykEQ_a{{-(elPj*#OB{!tkNNifx&a
zdA`(uM_n=bbdEM_@`r>^D>Qdteaj^))>)32W9W$2<%4)!1-ZS^kC|cU(l3giNo{xu
z+pzE0hW?ohuAi=iGq_kr8XRg(gKi<$dfK}f+lFgVw|W!kYH)^7hD$f*z{HNLJR!&I
z=uV#x=LnT0EsJke)!ms^G*}r^Xi_Ls*1x^3lb#VVrxDXgPxR4sJx&Iv5h8@hAI^5b
zuZe{rwVZ#;tP$A9y?(O>!LLFHRhJjHX#;EVq!@|c$v$?Oz|KlycXMc=k0lIANQfvqwmf<}>>
zCs}`HPuUSn{7<=*Hi}p*W;M&}4v}v&1q#72X!Jyqy-@gtuXzVB%ljt?GIDrR8PT;(9XI>LPdL{^JtNjc%U8wHjo!^Zc3NH>jN;M5ja7Su}{hOJNh+HeFW#iWNl&
z)t+KYR4~?m1i{i>R~zj^9aCSpw9{0Pd*t<+jbKwRt*S?8;tZ$wJ+a7C9Mlqtfa!2Z
z7OuY6h8&xowC2_>mssHD60_;02-{=Pj0vi`+$oE^c%jV^$?vuYy2aehG@TkZ8q7YV
zPu_%m-{~!FPNQ*WSPntkPzE#!#rSzQP~N3chjWGI}+6$xV3#>yvS2@v&C}bd~7EV
zX5he(=wt$ns3v_Bu(a`c{Ez#!QiP*d^Q72&Wp7PA5UGE-|;|%|%QB+5i6IIE=*Rt)Nt-AZ-UsN8S>n(
z$cf1CQ?5(=NE7)$vdu0z)J%9v`jU8M9bc6}8giw_fHtM`s-9)ox~t&2uxO{_-Wet#
zvmeWFuA_Y9N4&mugHtrw^hLde_-8ag$F`1_`cjINQR37b$qp|f>eP4;3cG4c;V`Eq
zn#ohb8?-x~0j?BxJHMicF5&c_*U4W&nG*hzb_~*$HmkI=4@>?YCTsVWz*i-8`+?4P
z@r=4GSQDPpzT`dOMVeE8e+cTWWL;Nb!NL&tx}m58hHo`miRywT=^af_A31l^lvj|+
zsyefMkTyZr5fMz|nrNW7PP10fA>0U9{zz$*g<#K!%5CI
z(H%#!%%j8|k8m)C$JCcI5Mhtjl2?~}B&}vRxX}l9To$_MMk>iY?TU9SOMToKrw4H#O$@v-N!Lmb$c8oJG6)_^wEwmmV!mX!3
z&9GJ_iSF*SYukf}+*Uw%GL4bjYut?|1F*6-UlrfV%{<^)VAUW#Z~$FDm`##iA5C}A
zhSxk`g4Q}6^hof(ZSw@th3G^lTwO7&mQ}Swfbs#0s8pTsTA#JLx(g8(@_M`&d0!hn
z2aDg6!4iiVd=nDac?NG0oU;QvXfvX(RQm>6%|mLuS8Fm#7VfFvi(XYVctvUVaS)!`
zyTLyNKgiT-uMu#`h%_qXIc9U1!b#g$qGwuC^JEvthZ*2F11y@!sttQVHh)#tK7k&E
zZLi@2So^}KZ&b1?WYDJbB$EUhJup|l)O~>_!2?Jl>)Q0U=)Cnaptir1x7+Q#C3@Uo3=*gzldXn3xLvpUzpy=-+wabRjvREDNtk9rpiv|Pz~$6zxlJ6%BZ
zExR_~0g3vPhk~Smn!$)vW|~qgJzu3~BQ-qvbOn=ynq@}1wb=KUAa`<3e8|)j!T2h9
zxvV_^r@S*ZM5hDKZdu1Pv2IRLyclV-&4m@16MUu*>z<%q^8;Y!1U``N4LeF
zSfetT;a9YTW^+-huyUN=1Cxnv0+Es&#Ns&$NIpzZ4RAVIs-j8psGhN^Dawqh+B9rh9}C3sEOnP9V1T?q_V)9p8+Bd*wmbN8siaEm+!5A5U=&oj-iVYW3
zJ1&Y@fst0T>lzf?519!Y?5p!eB*e0gF#LK4f~h|O*o0RX)*uA5D(J8$`rc%gH>56_
zDPJTysMRQ<+sZ0(9_)1m_xk^+dlN7_i(-HHWhO!t5QKmr0fu1<5Ma(^CJP44c0wkZ
zkTDZ5O625Z=1k_0*_b(#1%re|L_ikB3rY}_RY3(s)C)>PmVhXT28I)$B9xARtHq3|y$1N`Z-So(d?3%W&+8BpNL_b}qJiT?!5808==gFdCy*8jEk9
zW)wRrLZedSeRiq|Tw8E#7Mvk?_j57XRlOZa`Fu)jO2FOZX@mngcqSZ@31&lWaSRdZ`R6
z@O1r+w*UGYp0M#3OTz`5kE_EtnYEC%^MvD?qVx+j<9ca;u1q3Wb(*dyb*)gN#Dt7sVBB0c5
zftrT`=Oc)R^c5AxJ&494l|pVKrGE!j`BoHh>sf{dBlc|zoweTVNQ&C0;=EghFvf8x
z>me+nz7avaccfOaDKN}-AyYFS6fDvQSrZ+0
zo?I_i5kwnj@?I0#>3X-GsTH1#IhEXOq1J?*B#i9kgkI#J7bztg_lw0{MJBew3~F))
z2l(5(X`^})Hw$o!j_Qd@RSQrF;WB3k*`pm6D6?H9bQ)id?T0rc3%!G*BjBqX
zfpZFAc0%^7xDL&k*?6=j)03H^SU{inJVHJg#xWOzKN2a62G8PM~dSC}_h~`<$BF+>rC#uls
zDp*&Wqx<>F&z;0UDvXYTvcOX!)vw|ALw+%4n;*`kA&p#6bBuPTNRHdjS%y`1jum10_N
z<#Mj@
zXrNJ2+l|1r!jVI0y0b5AH4Nm|mDJ>wGT^PTbdeP$))Rq=wht-!-M@0
zm5|GFShap5LRNXI5^bx{9;B}KE=x6~+^CxB#mB~0S8AhCQ@{MafyoemrKrrX%pIQu
z9M@8{O;9hTutwmmbf9AGRIx`L1sD1kh6gw3u&40RIlTFxF9(x}<;4!_w*})`M68QGlH-M%AF&6FU>UqC1Xg;
zVR^kRRF^O-jYUl)bDI{0&yf!Y_l_{oc$Ee%U}?5!!Zb)amQ|b|Y%$S`gDoQo!V@fZ
zK3dIg^5#1GJ9>)8XnWQ%QEamY^W8eO%AULG{xo>v4|f(A>!WzLvh6iA0uLI{01d#i
zg*0b_(-Bl9e!QaOAVHuHUZ4VJmXzjSsbNjY5wPx)W&m4<9h6I9sh#NPV57C1bY3MQ
zeW%hEP19#^`}@)4G8WgkF*gMFh<5dHWVEqh@S7Bgje^+{s&%RI4JTU0fxswZ5P
zL7|Wk4FFNS{i6w$x@IOPP^KX+Wm*QVGzDuY%Cs_{!lQGbb^>x>PfxeD73_Y>^J=oYUYzLXn|
z_ku%3N6!}XqZ(IN(8~&LReX+2{EY_ig6_)iqFGF(Nd}`Dg7bgP|gC;
zjrYEjI<CquPO+QSweP?Zg
zzEX!2xVQZ)=0QJUx4+B6eE&CI!(Q=VBg5ujbaCrj&+z1ODALt4JA>_U6$D!i
zZ^-nF4s_vbgSFmIXrq-n>w3~juvX{0_+>qsUYr4CtUg{sW_53)L#TaR3V2)@z`F4E
zyS~2eJT9ZSR>nk>(cXPdM`te_WQ5x$-J^`LU4s%zflt8(fP?kY%AU1*i@`W818~EYJ?~`9dF2LpSIW9zQ1xExQhdP8
z3Y)^ow*Wghbw?+iXiLLG16A!Z%w}#;4&ovpIu)KsP?TyRl}-2t+>$iXm4z3}aFaJO
zMB=i>A-1lXli<=+v-?IA@D2uuQE=F@!PA$`2Zy|;ZNwg8hzr)_BYzNMmRp@0o=Hzx
zj}Gt^2Y`|v$59lL@##qo$BBQ5yIeXzGWC0c*$E>$=_LI$ijK{pMb?Ggx3(%+{LKy?
ztRa1ojtx5O54%;ZLP~z&8?wq0QBzWvC5S6W?
zv6K8i4edR1=~Sl<_gstTSs*40PSwDTKzK5?JK{&d$SDaSx9iuZQZ-nhby#}X*;tO+
z7`rD|zjJS+*j2}uIfzCik#S0WS_@G}yHyqaO-?S_DT4MP#s#UOchF1);v3qb@29{g
z6lia(uBwUcQWCpFLq@h|nrCCQl
zmC4oQ-O|zHe7zzF2;jdekMml0yY{h$_Iy=w(WTYcc;|Cg5cb5CBA>Ics}Z
z;ZVI0P~wX!i!nW(`U3VAg)F!%PRp%p&#R+b(7RKO-$ftd!!<@L>1u)Ze08`{aN@*N
zg{hvg(Jop+H9o*A7*@t^XI_(ux80?mn65HMwBDt4!r95LLJBTLs)7ja&FHft_tbg2
zx~j_2OH3^oNm~L-uE=QU1&biq!yrBwl$CW7F$})%Ooo=lKsXYsTd(cc4?iL+}c^Fvm
zi%u4`N`iw9cOQ6wjC2RGdDD?Zys(r+F8+)Dk{uq-ZlH;TWjQ*0;3oO_CM^wH;B@me
zC}IdKZdo{3m&-uxxT_hcrw>h`PyqHD+!-XDFM=a`T8jnQ;Yt`VI?$2WG+tCqhS{|+
zU-3EN#TgT9gK`RjEY!Q5qdgSK%GUn!1&-=NWlMzJ6n0Be%LLVmoVysML;hZ{aWrLS
zPz0lj{~>z}+`9lqkTM>_)tmcx2kZTOXvrf#GHbZ#Le7kiTaTV^p_^CoxH3&erD)ivk0`L3B~NqwUasJl
z+bGN7)Py;sNOX3ejis@+L*})mz?r$>lTIQ5f!D-yv@2*_v8c>ScN8F>^d)7$HS$x_GymbQwY^Odn5>(Es
z+OjykiHj^Qo=$L5Q1>wXR5J8M#V5gf5?hRAGt|^B^}fnlun2bNVa-K14LlyIH^q2y
zrZ(k}kHi~~D&%5CO6e#(cM4~&=~*=4fdb*67wzCwedBXDyeg6_k>B;+0t&snC{A(B-nLVMTUjd0do}mU^tcS5g04%hj4*
z#zSf&EjI4Hz+48wG4{aAW3_5}7c!C2BOw0e`D7T4qJY%(U?3%ux6d`xBTe`&GdXQ+
zAc7Oih{8S^0S#yXEvv4moeolIt_d5dtu>oZ)kBqG@2c-PR40M~4o`Zf%IiXJ}T|S!DlD!jCe`&tB
z0m#$%Wm@HHOo->8%-35J2q6mJv8S%Gca=3Q%DdqO5j;Q7vd@nfn2K*rj_{RbiOLk=
zZM@ShcGgt4rqWOnh>V@>oLq+Z26J*5w?ega&!kf7Zcusy0PWlSDp5?TIGwoT?s4#O
z53kCAZ8_hwL3hv?Nia0xxW<8{5SIcoxrEywYh0IGhuKRo&J{03`&pFYFb&s1m51MbNj0J0s;jUV-131t
z#+ou^zO6ueK(Ghw%>9S**Xke~mccgegGEDMP9G=9)o@P5-Br7iR*m3&JH*7Dg
zPL)cv#3SN#s$dx6ZAi7IJ~TJ+`Ae@lAVe%^G)uHSiYHmL)?jj@9%@+GQT+8aMS=MR
zl9CpY;T*hSlN;#D#V)k;K7cSkc+UjZSA32F_p&V*BL|^z37!ZA#Km^0Mb#i{y{Azq
z|3kB?pfX?S;7!x#CS092#Ike~6opiP104e^cBa^%gGD9=SMt#?zZRXKt>E&3H*WZF
zVma5QfClB=858hhh#TQ@JQ~`jziv1?6jQ5@Rqq2j`;S1;r97s1x)JOy^4q&))56|!
z%1P{VKvY{B>kgcni0_ubOiX)Xpq@fwi*^HdrS(m|u%YsAOsSl$%f3;=iF2&YBXaIj
zf=>4ahOwCb8D=61&E?}AB~HB*BTfrjP816_|7o>r#e5$CkfcojRqQVrkH@FiFU1FeQ<^BTSh`*Z$7r{nLMx0mZ7a(J-Rc#R9nyMg^t~c?H=^$rE~y8y
zur#7(*S0h+iqcEaLR>NJxZ5?=O0-VAo1yoq@H({f}U;-fpcq_ljj+P_P
zdy@MGPZ=h|pTnWmENt-nRXpAUUj^2@35tEpwV6sUgjOWa6)ARc&FT;(#&>jM*hN)4
z8FK?vKX?JVz%w$eLaOO}hP$1$rPFyZOq=Z
zWme1(F!xt8k0BfrABO?;%XvnVFF?hZlcBzBR}N!Jm5{52gM0=Zho#UJB}DNFKu`g&
zB3hKjwdqs}UPeI2HHJ3B%a_ec(%`
z2y>pLF$ozGq$(h8=^_XphiYK?j`YPCbBvRO=yDu46045vPwW}HoJS*g6IbEzqW?ul
zVyJ6}c;gASlw?{V9Rh+*yEaT9?|)DVa^j%(=!MyIS9OAca94|ZMFo_?IzJd5SWQn{t&FH}1aaR&oVbJV%(u_`?tnHx`J>G&&R
z042)xeX}r!`T3L5cLeK$1)jMpF|S#a6gA$C&5k1JPLN$o*iZaipPDAVABB&9fpVvU
zxlJ%YH$;K!&Re7<~w%s$$vgX#;M
z%;Oi}sy9cVo~%n#oTwHi&4l`VQfN7XzD=t2YBf?Mz#7m!I@FiP4NauBZi`_Ltlk`z
z$Hiw;6I=!YC;8UL>1`@N-Vw-Q?hmduMw2O_x{`H6DaXW(4zXddQh{PSR<;s+CJV_~J3Mm
z@9zhNe*|wiq#Mg{yBcNS^#dN63KkLXtXrW!v%0@9*n|2rh@#@pEGD*I=x_pk&AuiL
zf(z_{gB!%P|C9)0#i^(%*;OMw(Ffx(vLJ;LUM+JyKFqjSpje_VASzLvHJpy;zDb4S
z0M|-2uXqFv-*euNQjQ)933*L+8Y5GqfRX9u4IFbb-Id7pMGmgi*d66s{uI$l`^fb*
zpfKfocl44XuiJ3Ll6t-wtY)yDfC9ib`T$SBBR1?rZ=T+u59nk4T$6oLM#h=JIj%?g
zyWLdA^XXn{=~6zr5jsDI2Y~qeAPhEXy~afi?g-UYwb)n3yRXvDw|D43`~fb`>pH=k
z(wBSp=wJbk(Wq(y7uQPZv!sm2o2~(cfe*esUqqY0!|`#!q4wf}rsK0WXqkLfVSgSx
zE*Nh+s@73w{eU=?*n3I+aN&;lU{a;MPkRT)+LBiH{(06l?QbeidXbK=6)k*}gBBHK
z{tI5sUbTM6${}+}Ot2OkI2J2L5+f@BV}LFPOA_6o3DX(fD0sGA5wEysrvzSob(Yn{
z)R!b+Jc3SLfu3961@}PU9JZ^Dx3MnMexu@D&w*D0wdN}=dR2vBLEqtWVz1GyZXcZ7
z13;iNtcMWp3b9)_JRlioWZFRZ7T~4us`iBD2v+I0Rx3NyY|bNl5nI*8DZ+q}7}vMM
zDekO=9FJX40uz0w%3M6?mf<6vH7$#j4EF5Y-Rg#w|nR|(q8Ar3VvkE}7K<>NO+GE?C45_AG
zh(#Fer`PjpxkR831hrj=y;i&iPw?u%Tkz4tnnm|F;ROVA=S@{R1Kt6~AAOFXd+8w?
zRc@ujXf9pBL5p{K1ltAJhoF21^L1i)@_cw0PluD7-ocmzC(y`Yey}gAN2}x5*`SZB
zjhu=#7H=1#5YAduPv6!AZB1-$99xAsg=%g9SC$&IY|Lf1Gxt`dJa5n8Vg)MwdRpaC
zjG)3QgUpys9dvH+F;}Jjs41nLM8Kj#a5TNyt3*jHmP=BdlQ#vc&>Lqi2iy`>3=9V%
zmbl;nn9eCVp6%Sj?v5DecYd6Z_tKN3UfDj7p0b$z37tRzjW2p5<*|F1(
zH`ByGl!#=9@x;hT`-(Cj#nWns*{YNf>%0eYocbz`ka6xE=wHkMYk+gFD>5yNy0V*4
zEL8idrgSyWMhE%CdpX+jiaJ9{+zi@6jb<&a?Cc$f%~GWcLklT@YvJ0yLMAuJ@7`7A
zlhDpGB`B$nRn%6wGmG3W_%LcWJlp|y2&#P$c9*O4SYMKAd5Xk?(wA8;qTt;5cn@JA
zr(OzK3|BV7x#tmm&StH-da?l-q=EKb$0|7!mk41QNJ79)LJ|TU>Hr*6mji7A&)d`U
zFV;n_f|-iVw|Mc+gfnY1?@!_xwXC+roub+F0g3(%u>P)vcuI@9E`^Hfx(KYDY1XTP;;C^Y&#a5fV%C(PPE@Mx}qC4Nb=uVRBPG7c4(n{UtFxx
z@*WbdK=IG{s!RUCk)n+tEHOomw{p?QV-R$?b|tQsQ*KKTG=XTbt~BfL=(1B@NXY2;
z&MFsA<%ddy5BVZ9)K1XqSeq&@L7dxyJG-^8LQpIjyqg0r`>ZkU%dzRGR}neN?gm#l+gVoRk{|V87CymB+8(aZXpSRaR-16W2Rg$^YaIr^NEYtn
zLg8CElclDiRR~^NA08=ym@8xkd(vPa0+onQf6!v)M156$L8%Ql4R?D{Nv4lBKs7uE
z1h^SsDACsd=b8FZ51`Y|=EyTDb#SGNy~GU6UK9)tA~sgkpT3g=rwq!om*EzgKkPQ=M<{iQ{N*
z@8}}Wlv04ar9QsJvoU-A#d&zB0jxa@natWOSiN9?Am%atuSi|&TI}zejnRe~Crmk^>G;&NQTk`yDo+d@J~#ei8%cB#XofVLYuw1%EJgNVcLc>F`BciZ%Bh{Nw-{6nWNv*~Xj4!;xe51rm)({an{!(y!q3qp<$E59$x5g7EvhIejqp
zy<%8Qe~Q!Zilu+n(0`fJTd}@|{^VUS1GeKn?zexy-(&5-ariBfp?upo-w8k`nXkTq
z$dP>&o)Mq27UlB{c$fR%PbmC7_-~Xlpu)Pm*dUx#mGwJ&y0K1sm`z8>6
zlvUHf@q1N`3+B`P`fzBR@3rIn9MgLYzKPMp{`tD?pEo$)KJfo!zWQ=(?}Yy0J8&etBwcZ$kK
z{J$$y41R~>A9^g_r|O02R}@J<0@9b^A_l(~;6Ex-)4=|J!qRz;=}7b7RZc$@iD?=i
zwBJwI4HKg1F#JQOFSqF}oW9siubW31upP@d9qVbnulqiwV>>2t`Om}Oy>@K1Q
z4z^48>xNK$dM#f~8&2#uk>jwcNym!4COn^>fO(A{iShumD3ly?Q`^(
z31~2YU+8;kKiA`0$OBEYeT4G;63c%piqL6*&yL`Ftbo7A=+t!@p1PT7NPE{UMasaj
z+|KFK;qPWFp`K?mZ{Nvv*aXS3I$&FdZCfV24GBciBK$-1MBN-y&jp-bh^4PF>AjpD
z;wh}>rJR0e?E9O{_jhu-)DK%ZJ>`DiYwQ0~iS+SgT!6i}`+b-FeiEnmxaoE8H}zY<
z>HE3qN`<677l-Efb@wI;1BqH2>;ML
zkMm-k9j{rO=bdgIXWp#jbg7IjaZ=lR;-}3_M{4JTCDONXy421$I9+Pz!~?K_QFK23p~tyS8Q>cL
zn#t)ub!*uv?p?)QDR{Oz0`(vfj2?&Ln$
zKdDneJL<<q*(6
z#_3XDy}{`ce@{F}^}|o`e|pRl{5^~FNc=UP%P7TPmogoRzdD#sDgJtf>1=T8Txa>~
z6;7A>WN&0b_(}ZJ#OV_MG{CpIUuVPLWAe@MDXnKZyTg1jeOq5g69s8p&*@9y?2TiNhNiS&sFW8qO0TTAPdgAzZT$>}7{HGRiFx`NXs
z{@lpvCtxA^`<$)cW=@yt{~)K&aKBeW9W?;9jnkiZ)3Fa78*@a;h-~X_;Peic1}{?B
z2eUYRs+-<#+pv<;>3_P7j_+|(iS(N}UFyRvoPMHPzH*5Xk8CeNUu|;3x(>?qt=xyD
zWZeQ{!m!N5e(L4)g>F6TW>ZHs0M^9yEWqDmbEeMjA@61yXT)eIhQl(RDpCh*%e7p_
zkCST@@I?KSc8!|QfCWU6RM%}K>e>L`F2_IMx34?Dm0hVGOTzkYY``30S%c}D8!$DB
zP~SE4Bdd6;0iXx*5BOb(e`wx9{&s9&+Z!-3iY~)Hbe_5khzORUoIFt^@mIrPm??@@
z;veRFwH{9b=q2v+QTTgo+}b``f5o_q-o$Dv@nRp-3dvTi%N3m71%J0?DF+#*-_7YE
zdC>srPjPxN*?c`_gx@syFIL|H)vs92ghtH4u_3z6i)?xer+*eR>GZl!nm%2|>FZ+Y
zs(=Q-3Y@;rF3$JJgX1g@Ue9@YVl=G1;p?2fpPSD125iHRIi0plx{gj8UgLCWE*(I|
z_wanixwM`8y3|}+$#kT-G>PjW&HDx@>sF>wY%Xo(JQ5$j#OW)6o*gsG$M;U*le7ua)yD*dP`#Q_V1x}av_*zac#>cu}i}CR`rX%sd8=U^xSUoKtPdpM6qDbQ7
znVepXk5_V@P#qe8_9jlhF*z5mvUA~9&a*#OM)#+qXFS5`B$jo$v&O#2=^@_0I*g-%
zjH0)@bx^W;H>?HDr%9Yg@&zs6bg2%#oF1wJ(!aDs`kkCE=|WpMUFxHkN~Dh`qfZo_
z40SPm?5rb`I6br$Vf`0ydb9g|-pb5gP7l?u0lvAE)4%C{k89bNERDN4kEDw|#p%>k
z%?E5h!aBap>CzbOfeRY^q`mrNPM5xK=X6>Ub@?3Uh2{5^`2LC#>34HFiC#^g<1%n6
z7r1?Mfse;wLv$WoTbw=kt4t>(`;pFrOsAA=pLq-x5=9}NYyf;5ms3neZDJbJk&v#h
z<4e4m)1^M$!s!y5h+r;UiwF}cbIGxPRdOVd2
zIck9PAx@XpHl%Sa=aFRPeViVWRanMzoc=WY-S8C3l5g8_eU07lVeo|wmV#Q2*e@6;b{*T+YgPH3IR{(Ozn06Bc>F$2m)i3jr-%9#`{Pwkmw0>v
z4OkROC&3KlG7Ks-#dP*O`J}wq1);BU2o>}S?>3a|7{DWpX8>)
zTt^c))^9tfhsFZaRd9ZIo>TjqFjExG#XofYfIcn}4FJ8wC4oq9Z+Sl{)Wz8BCk{o&YVujlj-Phk09FY*14IbD(;uW`CmzXPUV#bmu_
zI;TtZTh8gEZs_)BEkCa3bV&wZ&*}5968d|Xcj$ei_H#OkIi1ciN|^p*PM7uquW`Dx
zM?ati3zpY_>6|Xjm*t#JQ&-oI?XnF(cRi%
zpSN?mG)_?~ei%hp;vc#mbssYGvVqejKApws5}&Q)bcxS4m7sq!r%UzU!s!y9ZRhmR
zI5l9Kr{W)=x8fhV{fTinqC_4XhXtHR8i!s^m)dbDr%U5-C#RE{O4swfcAU3z`u=V^
z92?0?oW75n?!+vN$4wgir1VLg-j11c`E_#*pDZZxeJ`g=^}m$UrE$EI(@AXU@*Vra
z))M8v#Oc!dGM<#pu)PzwTU83L1>C*hTw8Zy!a{5fS{f-W`mD4x6>2)dt_Ww(q
z9@5zxAbmV3kPwquWIs2V^GLF;ozo9+>!4H|<^SOH&>X`$T*2uB?)PMeR6$gj=bjRI
zu&vK=9!aNumD79Na-3Mk3Gc*&DB2JI(7f*W7Fswx)DA3v8K<8)~p-r#geW=$jm3!KjdT80mJPtgF-Oiq{j3G1+u^GIcE;&e$rxS7)>
zxwD1SC0^Oi=~5pl!=JqG(Pz)4`p-HA8VNs%msfJS#EY9aU0RoJ=JZ3b5Iq;!x6uI5
z7EUjwzr0u?502CLcflX3TYGXuX^+=_i+#`2J2#KME_U={vUl
zt(-3P^Glq5sQbNRn;$<56N>0RvnV-|+P8qyrS|of`2JE(m)dtHr%V06mD8oQ=_O95
z>7e`1@$ZbE9nnvsKdD6ef)eSyoGy*er6tnuEJD8lYQB}zC0T@dUM`Ub=fU1{;1Bpo
z`@$wpUyGS^Kh~*$AN;rbzQ3B&rFnP{r^obg*sq}Z6w7~x)1`5Ih0`TI-g_=K
zOuqA?iPNR;J2+h$=OIq-!a_{{S>O28oG$h6J)9om;|3u445y#y(&v3QLeg&+NEjFW
z`F}&{_0hj$viGZx9u)9z3i!7K{2>9~;^A+DTI>>8+|5uQJ?#F|)VDtRj(|Vv;i#)1
zeVw5HKb!G7rmAuLXMOaT`%lh+_~Qcpgn)lnz`y6=r$H%o&bZ(mBKlV!J?-U39SGY+
z_EY$~{y%Z6yu{FqiB{Z7F3O(dFv`hR`&MAX2et>`0^Tg(EdoAOz^4oNNdi7oz)unI
zSpq&=z~>0~JOQ6C;HL_Bn}9D8aJuQj4j})nK3XE=?-1~%0=`VZ&k*qC0{%V$KU2V0
z2>4k7zEZ$f33#`F_XzlE0q+&?vjx0Qzy}0;NWjk#@DTwY74UTezCpl0AmHZ-`1u09
zNx&}<@QVceLjwL`0sn}AUoPMu74Rzs{3-#zM!-KV;GYoi>jeCh0)B&l-zeap7Vw({
z{4)Z6i-6xI;CBf4=LG!o0)Cf(e?h>%DBxcb@OuUP%L1-%ii?Zr`sjWk|JMZk8v_1-
zfPYiK9}@5_0{(3Q|Biq^D&UU`_!9#DT><}|fIltZKM?RA3b@{VCCBRpA^%SV{HFr0
zZv;%z|GAKVyMX_vfd5Lse=Xp@5%Av%`0oY$4+8!t0spgr|5d>MCgA@N@P7*U>jM6U
zfd5OtVQU%q!G21>#|ikZ0zO{A-z?y}3;3P_zL$W%O~CgR@cjh*?E-$FfFC5_2MhS2
z0)Ci)A1>fW2>6i#ew2Vu67XXM{5S!hEa1lr_z41jqJTFEc(Z`F2>4V1pC;fl1pJ)>
zK2yL?5%5_8K3l-&3OL?W<^SrVQw6+Dz!wSlVgX+w;2i?KRKS-B_!$DeT)^Ka;AaZ>
z3ITt=fM*0eE8txMo)hrZ0-hJ}H3Hrz-~$3aDB$M^_=tdy3iw(9UoYV23iw6=|Db?x
z67UNJ{2~F@Hx0+jeCh0)B&l-zeZW
z3HWCO{1ySfO~CIE@XrbOT>`Fej!usI7liy@67YKk{3`|Y@b3!vQv&{d0e@P+e<0w`3b?*GJjo}|3;ACV@Sh0ye+c-`
z1pF5Q{+|N=D*^wtfd59oe=Fd>6Y!S>{Eq_uih%z`z+V;czX|w11pJ=@{2cXzNdh{RlxTW@V5#0J_0^L!1ovM0|fj)
z0Y6B<4;Ju41iV4O8wFgy5D*()*rXpR6Kto)YjW0^Ta%
z(*%5mfS)Ab?-cNp1^itCK3l-&3ivz$PYd{|0^TOz3k6)iD3Ro=#X|nm1iVAQmkRhY
z0Y5{)-y`751^j&izCysy67ZD*zDmHm1-wVVR||NrfS)bkeF8op;DZ8wj)0E{_^5!d
z6YvcJey)IT6!7x|{Col5B;Xea_(cMKv4CG9;2#$7j|li>0)DxGe^kJ)67Z`9{2BrO
zn1Fv=z^@hXPYC#R0{%$>zd^un6!4n_{4)Z6i-6xI;I|9-odW(j0l!PY?-uYc3iv$&
z{$&BbPr&aN@UIK_zYDm2nJKxxd`rmxkbr+%z#kUyM+E#)0e@V;w+i@^0{&eA|DJ$9
zE#N;8@Mi`5M*{x5fWP43Jrr5z!O;bT?-n0G_}8Zh*U_Ig`2oUrw*dd`PlWH`;d_z?
zYEKV8j_|j7IKG*}r?F#c{eEKEKTi*-yXy8A2X?oDJndcrX=ctF%19lcgp_`4?l(CLow1l{##G@!Eq4&bra!q
zdM1|k4B>~zF#N}XyW*b|J&u1dzr}<%nSblQTtN6t{ZI4%Hxujd;Uj~>nJ~inK#qey
zMK~W)aqxE#tIcu{_1E_iKHI~;MEI#5{yO0cJbdPx5u(!sv9vD27soLC$EOL$=-B$|AO$3c=$1NFz#v(e-Gi;
zc=$PlU+dxb6aEPg|0&@&dH5TIf5F4&k*NBjhp!?0J`cZ|@P|EIy{GZ0ho46x?=cVm
zFT$Vj@D37%Kl1P`gg@`$yYGw8e|Y$O!hh!B>j>ZO;U6RXmmYpU;lJ|mzY_kUho3+q
z`?nt6N%%iK{9M9c_wauw{J%Z?HNyR4F%7gN>_MxW`_Zk0ztzLH6HYfQy4j;+X$d*l
z%Ri6sLp*#P;fH(prwKp8!=EAiC=cJAmZ(V{K9lfcJbXRjGd%o$!r$rPzaxC6haW>r
zV26hf68>%vzlHGkc=&UKzt6*WrKNO*htDCr&%-Yu{5%ieO86H&90w21t2^2hF{J2FU|Xi*|qxEy4ku7S#Ywi(vqNvxgy2AJO9DrPW8YXasOt1Ohk-
z`v6YDJAjiA4d5gc1Gum6VWxU@t4AO|36%g&lRkjcBo5#-$pSb{f&fm;8^DR_0=TaS
zVy61&ATO`Nef?13zJ921Uq4j%q4+=VS06Qa7y|XtVFKPL;J*H;=o}&BKT^Pt67Zu1
ze3F14BjCph_;CV0S-_7M@Dl|5L;-IS@RWcz3-}ZPZxQfT0iP=1(*%6FfX@(czOW;a
zS|9O679Q^JM=(o$IHQ#tv;ILVJiPz0iP$}X#t-v
z;Ql@cGuB7`K1kth0-c2dzDU5^1$?o9pC;f-1iVAQ-!0(&z6>+gt6LqtZ|Vd4HI@H#
zFR#MS5b*a1_;LY%uYkW#z|R!$6$1W#0Y6K?GXlO+z_S9rO2E4Wyj#F?0^TFws|CDQ
z!1Ds`@1rqeeY8f%-zVVx0zM$%g91Jz;O7YVuz-&UctOBN1$?c5uM_a~0=_}O&lT_w
z2)J*Tz>M|Lc|v~QE}`w^g#vz&fL|=&9}@6O1pLDSeyM%vm!0#6DF9`S-1^i0_evg3P
zE8t%i@UIB?eFFYf0l#0szb4>c7w~Tg_`eJI0|Ne_fPYiKza`)g3HTNP|F(cXEa2Y}
z@J9svQ2~EUz#kXztpfgpfIlhV-xctu1pIpf{(S*|TEL$X@E-{HvjYA@0e?=wesdkOjX7Vx(TIK9w@BxApN^*Ut?!++FA69hW@2{^v)
z>;LN2i)vm%eRP13|3CqMhkzd>;1dPh_cLPU>LcIJsPIDtIt>DTn1DA5xbMeQ<@$b1
zg&!%<@%@`B|ItEz-|wmN`+iS_A1lx~PQWJ%`0)aMf`FeW;7tOa67XgLpCaHb0*{mv@C?{`-C$pW2I1pHkBK1;x73-}xXpDW<=1UxO^
z^9B4=0bd~CZ34bfz!wR4yMQki@Y4i*iGcg@18RKz_yL7473g#d_%Z=MUBJ%}a6fKA
z)n~bo|Gfh4$2llEXA1fK_y?8${X+h;1Uw_)D+N3&;Hw0@OTfDYJSX5i0=`dO#*&_fL|!!7YX>q0{$TZzeK=4EZ~<4_(uf%G6BC_z^@SSj|%ve
z0)CZ%UoGI*2>8bY{Nn!LBKZ)_>BVoX#u}Uz;71t
z&j|Qu1^gBPzg56*6Y$#w{0;%XQ@}qb;GY-py9E4h0sn%4e^J1{B;fZ5_`L%DWdZ++
zfZr$JUls8C1^jCQ{&fNWhKIj+U=%e*-!l0AD6rx8GT{#yd|w4ee1gEuk0|2vS*
zcMN_E<0--)HTb(2?-cS65dN6Se>~^Egz(1=elX)V0e)Cy&reNa{A)t~X9$17&^eLw
z{}%AQ`S0%k{#U?vI|$qRT|-CLXAPO}^wSx?7jUfqi#&m*azA~K@ptU0GQOAd{}14y`p;|(qr0{&kD
ze)Qq0{tKH_1+~ZP62L?C{J4Ps7t`6lSEJyO-bz~gun*YhOCKed;t&!GBW
zw4Cwj+z*QxU&r`(?uTy1Kf(C@+=$j)RKk6XkK0fETfcnpEaPwC{5pc+4~*|ULFMmd
z`ujkCA%CuCTu1iIVEmUXAWz_OhXD`u=a&T>$0L;gbpfA#w5rc9;s5x%yfgFuPcr^}#!pqr(JWZ_Lgij6;5Pt{{qQ>T)jnMA4}|=$2>9Nhcp#l;f#30`;8x+Qj(r$A;^9gMi;I;LiZw7`@6|
z6GfWO4>=C;U3r#7(IPIl5Aaa`oG;*81bqBt)!s`X9e-=Nr1^~h>v)B$^Ttv15x^Ur
zcW1bpqB{iqQNn+0+NJaVO2Bu4@){%i&PYKOADu$DeP@KL6^#(Shv}a?IsfMfx9^PT
z_2?IX{}@HbeaD2wS#&Sq2bz9(n)Bm(_Kng02Jd0~6u_|`
z9-F3s`HU|Y@L|UH;D!2h&VME2s~GMm7_VbMuY*@H-jl!|V0;A&e!V{ajPd&xssa~teg4JxJzSr=xIPns
zzp?&X+7!Uu8qH&T64SYY^A9lou>}gy>*MDcU%67@di~n7RnfmWuW()N9LBeEKkJtR
zJ^=XMDr@Y|8wLEQOsAduQ?G-aQ^Ry_0i5`g8BniN+Zey>OjWEN_qV{j!u-4PfM~h8
zi1Cd*D!-Pi*8tw=yw7zwx8lnJ{zJmId2;nt0pAbiXCv%Tb>|fLFQ*fJxWSKS{G)^)
zX>cu99|IiQHExZ{_yXtuAI7&auI1-cn9rF1%Y7=NmWKm?H#+Yb!Stlx9fTia%GLPK
z30JpaU`8zuPdEwboM`gzr^rM@gdcBk?(XPb!hdf14Yr5$ds4uEMfi4;zmxO7PWZuw
z{3j(A!y>w@TEGVM`z_&q{`bzt{4aa;xktcv
zn}hlP=;c3)aQi+NbPN5yFXTTG*0aXw6_3uPgwOQ)VXKh;xOs|Crmt7!X-V{cz(eDH
z3E+*@;@l|BS`s2@Hg;MX&q7cNlW|At3sZ>T_s
z&btNtd;z~#!2c%TQ$TMBm3t20jnS#5pO58!evt4*2G`^Dzl66LJkR-OgZ>ese<9%5
zpWnJjWz-(!%|iZL1pF?*8>7E?eEwG9L{Tt!--8a219|HPiV|0e8r^ed|Ut#b$T>sk%x9`pM
zG5#FkzTNdrry>27hR*4n|75~f8C;h;Ot^iQ?Wdgo2ZZ;T{Kqr?KZM(N*|Lluw*{D->9?71-#+kbz(eCZxg(693wUFsweKj>?R`?nzx%r}zkLr*%jX`#
z?R#+hGpBx)@O7sC8@c}bFGV^V3_hRpFDKl-2e*Oq{~O`wnfxmm-$MBL28ZJ4w=XD8
zjnO89AI11e!Y?qmZtoWW5B1xh1iX0}()ah9J%oSAqyHJgef{l6gn!iJ--qjYI8>}L
zy4>I?#@|c$M?Cx*!ml#;`JDg13IDLcHUCdN1LZ6K>y+)8qSh!tMKUdVCkW
z2kBgA=;-mioA6H>T#xUc3BSSMdVHIgBb^%!uE+6G!tMKUdK`aD_)R81G?RXl-ivfT
zWANFGZzlW}gYVA#cIx{u|7`{bcB0=83HSA%Gtb2QcbNQIzI~B!y*sow120CkglUpOfB?biQE9-Jj{)OZZ&|*Xz+KXJLMS-M@lx`#zoKw^s@OlA&_~
z(_ffDI;R+1kIPMj-)nH)uD=uR>s?bZ
z{)EX7>IePa(u3uG*Wd-lPb1u4f6*S%7@cYIYrgu5fd7v0vrK+n{}Wduou@s#lW;%(
z^@M-VBQ1A}V|@=?7=-`5AuB7C*Uuj_vk;oSyLG5u!=?=iUMhl63lHby?3
zvk15Ez@E=^9wqz*LuX%>W5=D1bnN?sdR)#W{3j;=QB3DS!hdS;V;TP!;oA&;A>%D;
zkp9mNei`EjmZzwihlPK{#%1<
zdG#;Ce{XO-U)uV^^v?vmk#8AA!qXJ_=uRR3{Q~|N(fN}pcLLLS+W^x4v%x>h`1=XB
z?-H(K{87T~yM+7j_|^>~oqrfQFdgXEO87qwz8~Xx!hOByLBd}*`E@_Xzl_gzsv~)${B9BS_!ApSTax`2yj)oBW#3$3w*$qdg6-`FtMX
zdl|fo>0C+p+YGMx`6q%}9}NXHM*Erkns3(;{&s^;VET^|exSiW%lL$~NarAf
zYd$=m@PiGm`S2maeLZbI_z?UiCciGXoAAR8zCV}yWx@|LxQ>iG1?(@4k$pc=uY=zr
z{792u_y3WgKsH848T{=$UtS^HzMpt1m;3&6G5@h9zo!2f;l3WY^aGgxIFnzO`vbx!
zd-$%P05?X*8+JWX>dJW4-jtOZ9JaojK2u;`}*NV!e@DOUMAev1E*e$bY`3Udb}6~ivAI9~(itsjr&t<;-2jPnheg@}nz69wkHn^6b=Me7e
zdp8lj#N^j}_zdBXdwlpi!tJ||)41H@KaAxrHFTykK18^E|55Y9R|sEb^6P&4KHKb27j9KzlZSuH2tuW@eP3Q
z&3||Q_cbB^PY74HxMO}@pCdnt<=XcvLEWWaj&S=<Vq;8{mzRum9`=jMNz2W$5g~bgm}+ZV!Ki
za9>|K{*y?@*K@8T{0oN8T&6$yQ<(ot2G{lfCgJxQd?x2V^ajjt-`_l%@rw!ns>!eW
z^J&8U_5EF&k&eHPUq<-X44vbc{&R$X!{B-yKjlWG^MHqck??PNc*CbL|3e1fpXo0I
zd~g1{`@hwce~Zb#oD)AUwdV5@ZT8x5YGQJ;lDNb
ziH!f6@ZT9+%lQNEz;a*q@b?h@M}yC2I-3c%@1p8{`!(TzG5N3L{44H6`mY*X_y4B|
z_w|i$6YlF9yL=Am`1;1X2>+X*ulwgx!vA6L!?`{W67K5>FB1MwlV8{K@XuqpuNz#q
zcZl#e46ga)vxM7sSM|93j&OSszwZCT?n3%?*K+3VU&Q=x_3%}Iht`FUQGQ=f
z_&(u#89MD;&w(!?{e29s>;EX>Z!@^A&%%2!{{(~Uae0*R{SB_==d61%{{aTqbgm-Y
zzTc|l{0o4G+Vyh*Km5x`-@f;%>EsEw@4dc*+j}G7{yP2}!tFb-ny*g!3es;d_1E~#
zgg1Kl9`|AXBMkmlE_VgtM;ct$XA9v+8C=hcKNIe+gS&qf>HF*8DTE(w=$ydio=f;K
z2G{)j4Z{8PYdhh`nf$sw``nM^`s>#`!u@sXe8MLiI(mLRO1Qti{GIRw)(Xo-+7G?uXsKj&$sMwRy&86W(g_>;1yHgikZL?$56hZr`gtfa$zO
z_(>-JK8#QP29|5zs~uo`h;aK}t;W9zc!>X>r~L0S^d~c&#(zip_PyHu7+*>FJdxbFX_314h*-QHcnkk}ZVW^moliwU>y;cEOw!k3!-x}RSr{0xKZem?$N
zNdG+s*X4E*zTDutpKm05nZb2G|BUeW8T=6L|C1j=`YQ~69OGXn+`fma>%U?P=3i;@
zYdQ}QzRKWwy`J)I%-?NrEg$Y8yvN{ry#7MCFK?$mjC6c?+ei3nLr3?|=Lom&=jwXC
zM)=t#zsB3YgY-j9<_8s019LIf8~iBF{}sYF8C>_z>xBFBcgEvL{{oX=_fIe3_I+Mcf5I;|`E`AMP531S
z*Y!VaE7Je4!FB#2!arhgUH^v&zs%se+=eHR&gBL_f!lj6;U6{l$&62Y67yeWa7||;
z;r_h%4&nCQUY&p6?;@RRJUZ_t{9^{!{d_s$_T65MKSKDmCcmctN5Vg0a4iQWJ%#07
z=izGzx9|3LaeIG4xP7;GE#qf=59!=!=;-{96MmDyb^cSokNH1i@cB&V0mALOz3q(8
zdK&ZJX7cNHolW@d2G`?$3*q+NUd<=Z68*++m!LDWU>wdnH@VgDJ+xr*7
zzi4pX-rNuHJi{6P=D3Gl|~K7(t1dw}r!4Spi`&kI8SzY_h2P5!+(|L)I*
z+j|J$heeNi`A-q@ucrL={ol7U{R;{IwxM$n
z$#my>vZH;44A5JX85-=%cWp>Rw)Rx>NFm#`raj-EFJ!O?jm*mp6?zGA${8qR^8+KN
z<<_<52Xg6-MO~e#j8l_ls9AruFMn<>y`C26b
zv~^C+AcX(JHUX(rYi8*x$e+t)da10rt?9L4Sg4@5|{wYwT?H>4K)zU?$b!Jj2z~|?(h0)>M2=y{G&LyvVOc&Ex
zn65{my5VijbQWf0+PZTCg?wQ{TW2c_vmSE%J9IbvFP)mAi^=5shx*z&XJpz}rR*q-
zRXuFGcbuc0=Itc1demXEG-uApA+Kj(-sP$rDm@g26pn-~qSC1iRho^WFVmX`VQJ}<
zKLzKuB6F-wt7&g$X=3v7gmnr~lUYr1Z*CIH;S9H9QfbSeULZE1Udu9_Fg+G^P9Xtm
zDyT}flhe-oK;bNU%J{~%@c(vBnvR2>FE|r-0G6<-IB)Eyx$VlSYiZh4Rc|f447F@k
zWXw`i(`jrfRY*0B4&-5Z%M2BU+Z3O&szs|7-MPM80T#j(O^`O=Y+&;a)({|L
zm85KCnBBv3*l-qT3z>PiBr9S`6Z5hhuhe6IZTLp=B7#YK_
z)o9)6RXCnYVM0%{dY7I6sDm$EMe0|2$+FCnWld^~YbWmQm^C+<^4H`xz~-rcC_4=D
zhgHO?+GbXEyM0Pc8OW{6n4MV7*DblEs#;(fv&O@&I5s@$pst#YR|Z!MTrZS1t|mj7
zi-x;g#Aakz6dPX1CM2)BEXL?a!cK49Vv@xnFMVeU61RFVTh$&JCQP6z!5Lm&ZGxZ1
zD-_D2#!=U4jMTvt>+`7RVFfzpuyj4O=9)47MqS(V@Ov+d`g@WzB0^|G_-cqW0x_OBSCF
z;Tdl7p!TC%E%$Gnh?xs8pE~3uac=AKpg)B5+20|$3p`nz9nqQ9FHbp2j
z*WI0})P~@96*nVD#jPawe~EkrB@cwjgfnAFm+{MRhN#7_
zy}v14=~UtAVaA>fjYcyGabujhy}=9cKdR)oQG=>y+m@;2TV_>h_Q+p|%xxx>X<&f4
zE3BPZn4U?c>KW!rzp7Hciu$tHbk!AxK~802jFd_*1TeYTR86C!%qsE`sb+<{Ot3Zu;^3Um&}>no>?+~
zeka&Dm(8Bjp2nWQE(upayAFy}L}v+CNT-SwGa0ag^WJm9aIWVB@Q|%vpBc&xgBuOp
zQiTnfwM}X~Dz@r!e^lPEC%MWyCmgYuA`*TqSd~VEx!dh!F%V}=L)JTuN2&F2c4)3T?jOvH85
zwF_x3Gk5}Z`O4%)H)x1PstH|$U4_MHuC(BWeZ}>u>6B>&vdk%Te{MzQaM_|<}#9_T$MX;mqOvJ-mI!_
z;$=HggJ~f-3;UKz=WQ!_nHBF;@wt}c*0s$2#=U|Laxi)(T1hM)&$zTRpU4Gm0dIL9
zxY=a~INIQ*C|`LVW!>cG&cF`Ln4t*FR(>P5IwV85$g_Tr9KScp#aswl27=oruEB%8eRuv59Hl3=XW(x?uT!9O#a_XT=e=3vc=*xEH
zu;QwkPC?W1BeRExvn=KpIVscgBTH7D4gN3gVT{PoGNy8Nf-ixcU?wYXsN3t)v)$bk
zI#Fdq-BHjiiW-MS_T
z5%;OVD3&eN+?~UCpwmYCSLKF19&~$FXYHgon{ZaeZ!kP0pPlhfrAF3ehdQzw`UbPz
zV9!%_ekVh$e+?O6yBX9I%Qg(l^~E9Z~ETYgP&b=V`h11&m?|
zBvXfToBes5!r{rM}SJfQ6no|n}Lp5+GFF(93Eg>U>a%B6IU{i
z2~(hwcMY!14bLAQ>{p@y1^Eo(%OKmPjEtH+0I_ZKaSf!ERH~Xxp!uWnwgc@obbM}=
zg$Q)9R@n@XD?+I${n_>H5T}?MDYWrg;>d$ki%mW~md+}J7Dw|2M_2WMM(M1cMGMUj
z$c2L7TA!$<(ilB)H5F
z#q1>mDZvI0USqU)Ov$tjj%1b$2L2ffp4F|Jj*BV>}lrj!{S>|4&g={Lc
zK$rbZ!V*)#KBJ)b8A?Ic_NOhu`dvo41&q?%NfzqIaeD6{7j{(vq7mw0uHK55)LF{HI*6S
zZ7dCSED$?3VdE+8WR0aHtZCMz0mRg@;e~o9hTeW+r@xuFAZx8+Y;&45$s_t~+nq2Iw}?#jygFdzu3RDx}BJE8|$
zDt0}Kt*pTe;dRbZh$+M&3W81?%4$~Ea@69Y1Z2&)=w~tISh1YVPikkmnr=Ct>1oL;
zp;um&DyuEpj*{uwVp?m_4?~J;@Pk_Ft|bbv{!mHZEI}ZyaysWFWAnm|A`$dHJqs$)
z-1Njq$kZ5|iU(gnwS;quCa59)fi?RjDS@q9P=l#HiR>|TwZj_6;IBJinsYl=M=ppx
zZ!)+NDK*U=;+!*@?}KA>Ou%%ApTp@CKM^ecxxzekj2O=C+NK(D9xAg$oiux>uJsFz
zk9i=S;!VJ0B@v+LecKhhE2Z4V{uvW93Z0rAnKL-ZQ3vi4+nOCgGa+tqAkqh$UW)_F
z&T&t7+frlFQ{n73*yKTH(MOR?0CQD`&w$L19nj?%5R6->O+aT_^V3+J`E|ljF+$m%
zJ!ZZit9oeRFjnPB?bfTnSk=RpSKBk!nllTvC2P2%rew#O>9tUGJ6I2kQ_-)3G_++5Ko$8v41WjQ4E
zx(Dp0J(+^5wsp9B)o72>dpigF=*FE?tMVs9S$8%t1?B+M<_A3bxb#u-sG~QKLW^t}K&|-uv{c%^n;Q?}r$lHt@StT%~k+
z34DcNLP!G6V)W!7z^^NZ$EaEg7}v%D4OP&Fd95wVU@<8>;Cya#Fi<>x{w5h7ZcH-a
zY*wo@hcJuWijkTD$5KG&$SfPOXXRPyXs>;^9Cvjt8j0^(=t|TbtX_-ZElytYMw{_6lc&srf*n<=6zVd##ssdR
z%N8=|j4#z?X#4=7SbWUlvD@l)r7#~%hj48b@PWn^GeP5-%b0rFwo$ZRjvZZxdRHz8
zVAg>&DHgX?rf`DY^kTf3FWaY>l^p1m*C#H3L6mgZkm{r1&?u7~UEgNOB0UwB)}I$^W#k902y!q=s$3r?v|i0ir%sD
zOvRmTV^bz^xbno&Ratmhi|cKyH?($rqwPpz<>0ex;MmMgyj{bIUmvSxVzIPp
z)4gJe!N<9;rhP5EEVf5$>1GqnKiGrwlqCi(>8pGjn#R`Sz7x*0!*Ywq+f`rGu=cu3
z1-4|t3k3D-
zgygXiQSPp%T8{)8jAPyn+BxsQ)tz8$g8RgHW>$OCvoUmn&Rcz5$f%>8PtdL^Ym>qQ
z1z<$RORa~=lAW|kx>0)NI0ckt64|JnYrMMpOqb#(RkmUZG(wxrfQ6CWFB*@
zfKaFA44m)o1B)@5wA9!awIo@^DsC}|+j#Y+s#
zn@=U}v?0Cx&+q^lh{I6(Bx9r=?08S>K`LSnmIku2f`lQhhzRtSHjc)Iqa+a=T)agq
z4*@;r=4fz(<64T4Q-R8j!11w;8JhSYYam!YwggqyXi-swMcd~zsp*zgV?0-8^`RU)
zH>+?DmRk(ARf_;D21RH|x0*dFT3N>yl{aK&7iN1&8;`!LIcy`0Q%$GgKsxzd)muo~
zJ5$E$K%=6afYenyt%|NGsb+97;sr+JJ8WABA{L!O)_XIpXK;93cDTC@qWUTN!Dnl<
zt6(HRz^9MeopS193yN$IB+{b|1vPA9DQ=`QaROE8Jv*g@NNTR#X-3fLqrx5NZWpKs$aF
zj1VpsdW1kH#p}98V#5S`9;G##6{Q>6$G$=gu&J@?=P+gkd-O4#m_c!4$NWm!}{FKNXeT
zii<0%;RMSLR@+fj0&81wI+ZC)MQQCwHHxmX$RkxX%#lOIRs1qWu9&`GgA*r;)sz^Mjy?r@G2vV@Y_&w5nhO_1HDRM^`lt@
z(cDLt(m9YW7N}!SuG&*fGY&sN38E`W+e^W1eAnsTV@EtxaWY
z>H?E;Hod-ysyi+R>a`w6z*g0(MK)RRYM9+*jg=i8UIIY-3tdx*F8I@+nX#tBHVqc^
z&?{%KDU_ZlSpbioWtQr9&x-o=tLjB^(eL#4jnJGgzHekB6>98dfwnbQ7JlIHr0^nL
zRh?W+N0{O8s#`ooXGm5AxNO@pxNJp$K2P|5tE;{-o!8FsZ-qmgUBG<=7MNj(`X>`n;87t#10Jn(T%UR^O>$jWJI8vEdWk=IRR>p$%hGDCl!|3}PKv$W{%G;!y!#
z9wJK!OVgO^NyZDJPyU8X2_DZt&K&0%JO)w=M;ftMF;L*3t0iTDOyxulRS?uDQu3Egd=j;ftA`K@r@ichiY0S+(A$@dJ?i50hn{2$8s1x<_>Y@QBD
z)=!y2eD|WRsc8)ja2YWUMvV_RK%~NqX|432N+jIjmGh{928n_<=i^-o5Tgm=MxUKB
zjddIxMY;w(^2TL|Ht^~^k4UBqE;T6RNU1Cyb0f9Qj2F%-tBEC|Z#?!aMXoAFm58QG
zu&nr<)mURz%pyY*@?gbPa>4fvyg-^a+*=P_sv~#H7BV)F06pgDFgGho!j>DKpJoOC
z3wo|&*i0BVLHx5~dw!^Z-M+)L4<43EkV~Fd#omBs$fs4~-y0^R6-!@+ug<74DIMb=
zjJ48E0;+?2A`?lhLg$|z(Lw4fptG<{OZN*F9X
zMoC-@g&A9v;ts4}LAvEFV&PAPbu5_K^hlXYS(r$0H6zg&%I`{FITH!lq9Qaz+gw^)
zz7#D^rYu2PoJ5tfG)S}xaVpR$TcQTP*L<@xgle!r)em2>$3v?DTVYkEx1~Uk-ugy;(B3FgGt-`qYST`%63udJ0~(Ij=EjC4K!J7~
z!C+!jj$kyx{2x@H3$E7%>#t-LhT($!0hnQCWb|9=?A*;l@aAxCRkkk+w{)$NI=l&X
zDZInbr>ko==;YW8Ic=TY2yL7LbfS
z;!xf3Uf2?Y;YeAFX0=v`O{tOtGtYy^!QJ1pBDrE)(`Y>7e;K$(Ve3yIf1H@T3
zJP41g9eF6QHm!M}fQE5>)f#lKe=8Z7E{qYSQiBm5c2c{|^wNH|-d0M346bgc&@6neEEMlkrpwP*$q022YhrzlYVS6Ryr1+K}mjH>kk~-3147VEM-(uDmut
zO_?#(2_J14ueeg^Cjq{IkV1PNM;l;@-R!CJB#bn1b7fJxOgyV+iUIc2WfZGNd4`dA
zS$YQtK10o&0mp#6?!>9No}Zv;FOfZIqjwB?p7|yIsi}97bhb#djPmv!ofma1gjWm~k>OCk-6W
zgw+q7G_c6p>qKFyvhh9st)8RKCHkeZN=G@ugeyC}5vEb(z(!Dli9C_Eb=RI2^!?@s
zlD=OsY~a#oyyialgC?2=l@HW@2t1M6*KoODly0BCD3Oc@pit=({-$h!yHh?-u%c>bK$8oUyV8n@XGb;b6$lH1Rv8(3+J~%nUo*F{viYHnw%zs=!4Iuwg55c*+eMV$4mBEIS;CiH7hzMMX6x0ohaKa7z#4k?ryjUV`Q+W
zx=?gz1sf;3C^M~Vuzx5!oU^f3(2FrUXnQ}HI{{3Z
zcGZF$GXRsR*XU_YnFYCQH%SlCCQBB4qXK#*H&tk8b+p7p8!DxQhQMB^KDZq91|ex>
zPT}Fqa(ZPU7(`?Xb4$#^yyLd)MOYNByRjY!S+miCYpk*mw47T#I1Jk+u=0uq+i6~Y
zWE={6gA(B?pdGUNg70+dFgQyG`!m_DE|_ArdK}0u?~&rWPj_39OewOHh-Wohe1}1U
zf=BNa^&NkXI=2*bOtJ!(UGtdm!CP>YDciTAp;skoY%5Yqyltj~%Kt)dg5)p6eX5?9
z@~2!of4A-QrB;oL+o>w+6}ieKH;i(Xbx*;RDCMvWN4ByK&5Hy){}LZO!+vJ*+z(4EI(AK3)b;KY(gI#W`U}2?z
zU)8#Socx3hcwXs&u`+Mj!<9pbYxO(JFk*L(mVNj(t{+M4O*)WWHs%fvz?FTYT?Mfj
zu!hEsqE%IMXh>-%r5Gx>!8JB0`D$1*In?gE(^qJv-`V|N-SQ{SFo`D}F&n2p{)vYj!~fmW4or*xi{3~2s>#on_~%^)
zU6p)u@!xpHh#wqVJ^92TF{YDG8~*q0$`yYNzv55cPw@`=i0?PkS6ShnCDV=I-@KjA
zxLL|vOy$Hce@{QTXLH`Z{}`DKVSdbSG@o3d;Z12pZQz=|GU)0CM6yiC0?-py<3h
zlRJ)#X0N%b``~}^7Q9j7Ib`~e#PHjl#M}PE-m3g3Mf|JZsrh$rNdE00JnYrM-yX_`
z&ysR9A3od%bjqE7`0v7n>A%?jhyC8eUYDjA0*6iTAB}>;W;$#se+`7ge#>8%a7TJc
zi?Q%uy2ePJDv}TM|9WhF*oo-Bb%}v_BKcmy9_^)={Qhfg@+ZQclUQPue4p~y3zdvz
zM*jzWoB0~zZ(h)(x~%wnX%2U3kh!dXacPtB&GA|9e|47CQ^a2^4zxvM1r@eoB
z(<=>OIyw9ktjzI;J#PQqbE|)wBKc@C@hs@C=V$3>k>r)>zkbNys78EGJo7xvRZ8-9
zGx0Hn#Ltqek00oic>C~IYw5o{AblNI@{;rjnoZn6@VozRw;VCJWeiI()DF7ttqIGZMJ;q8fYrV$mFa+$*q
zd+22};TLe3zvpkBurq)2|JPvR;Yjl7cJfB|Urb2Q_h|F8}e{!h&+a}xl
zL+rDvpP%^fMZ3gHJsU
znYZcE_R%gpV*}DoO|!3Ti9fO>{^!6U`>G2+8r~Xy4E$<1<8OyE{;3rHHk^5WfHO~l
zqwF7&_0y}T@UC#?9|dQg2U7T&6#iKXKLF2;e#@REqy8N5BJgA31K`KQZ-6uY2{_}o
zz!_gPYeqdMBLDgDli(M@Iewl>;j7?zkmpnQ3Gi>>?4M+9$*<%etg|efbykP7&S@$9
zWjO131I~K#9GzZHdOd{`F>xG~gcpHVhZlu+hZloC0B8MA!%HB36TA?72b|+D%P|@C
z({sbQz4_rBKfB$N!z+8@zZ{k}Z7J{evfz8-!W{7ZNR_(AyT@LJwc2}-L7Z{{BTnJe+{
z$*;DEKLhc7;g#US;oQID;b$WLNjT$QhBN*RILFC5aE_B)$J%zpeu@26+&xiBrhce|
z_+%Hhw{K572l4EO2Jp(*uBOP7Y$Mujo5HU^9*&2*;T#XE;Af%T58xap-@C{D_3ldh
z74bY?3gom6kN8F24<%A~ZTIB1RzW>o;8o$*!K=X^gr5yx1wRM=8l3&G1D>3dqyKlq
zYry}6Gk@;mY{L_wY0O_7&itptnZG`~CfaQSXZ{{=<{t=W{?TwA*SEUIejM%laVp|D
zo}Ym8xPBhaaNFQxfFgW^03`OaJD-N&iP>qoc(q$obivr8NVFP
z_*dbK-v(#=mvC;^0XVlSd+v;J$UM2=ocCJ5Yhk?gPvLjK&qe$b@Y?Xt-D6zs@^SS;
z3eR`E1w{N{zfLWh!f$dW19{Fz+
zKgILknj-%KIM1`|;7w4^Ryh0Z=MS6x&DSQr`Gk>j5>L~uIV22RP=FJAMre2cY`-ayMy2yZ`Z8Q}?6=YG(Qoa&-zFlS{WcrUetQDWetRCye)|Q^
zI!hML*e=#t**)r<=yldWJnOs!&N?rLv(BsFtn+#}uTQ4HndjLQz6H+wyWq@o0M7V)
zMKbz_@#Wx*uM21W7s8pRE1dIZPdMk#MR3kbtKd8?Ho-YB?SS(-Dtpn4?d3SB31|NE
z;Vp37^@H=c8wKZacRQTN-IH)0cbnm?Gp*R+>u&?+IPc*e<9v~i^S+4ZIKL6jaeg
XY1)`P(9XI^x^GABA5C
ze;Uqycn{7zd*ICT8=QI4N~M>dmaMZq+AZv!pfu*M1ZVzQaOQ6fzXY3Sj_`T#OW~{FtmjKO>p9?_
zC9xUF=c3!P`u3E~*se~>g>Pzqm}!ndUG&r|sR6kfbS`sSryw{*jPX%BA#?*?aoUIpiVyxu+f
zGne=0&4}lIoDJuGd;-pPSHZa-x4^kyvY(!@z06Yt&OE2WInHarnWqt)@g3ld9{^{&
zBjC(42F~N_EqHhAugVoOwwL?mJonfy@&3LE;<;bC!nt1tz`0!`;oPo|;jFXl8Hca4
zntRl_!^cl;#Iw!|;jFU_~)YISV8H;$l!dc@E{6|9oulB4Uk&GV>3i@&
z$ny()Fg(xM8TAi=mxEsgZw2oM@8TZ)zt;P|H{yB!HB{o)$9#f#-hbTL7RaQ1&s_o)9hufHGS
z+5e*?ev8N7fOyt_Kb-YH0%!e8Q}_!hd^3C~`x(ys`%`${>KXma__8UyRtj&O!h5Cg
zktzJn6h0Hq`Qb@8kM}ccWNg=P^iL-^~Ny4SpZI0{jU$*J18~b9?u@$M)v(
z{g}0OM*ZC0B5-bRc{sPX8l2nP6VCV%aK=x7a~w{GGtXmi=2;GBo>g!jcPG`!=m+*&
zS@-C-_TF!2AfEkJ6V7#;{ox#+GvFK#YvALs-*>_}PWHJ+opGEVKs=ArQ|j7=M0~De
z?C)h$czyRoDQVZEo*wY=@Con<@Okiw@HKF*liUJlKYRk`^S5u|e4du|JlnoRlWEMK
zAI|(`;LKkc&iswxe2;JuocXVSGym0a<{tykg?_sk&gabc!rAUZINMzgXS-|Q$D!Sg
zaJKsaob7%KXS=_{*>2W)8T*Uv9_Jq8c4khCD~x#7QvuF;YQtGiQ#k9n1J3>XAe{N1
zgfsv1aOU3#=lt`5du;FMH2eAt@tl7S!8vaqU*EnjIsQ3+7J_sB>0$_1uI!=fZD>cZA;p9}T}1epd?L>>hPC^g7=`{AA?G(a7qI_-*#rw7l+#&@{$Z
zk@)Q%Un@m?XNmvN<9nruzgyy4c>NEgh<`)kV|(9A5kIMk6_DI6?%&z)Dd?YP;J3kV
zY?_hhcK87J~!G4hvgX6!0A$!CB|e?osC|-@ykF&pMB7o6$eKPpkmv_^b_|
zj(RS0k9IeCyH_Bd&p(Gte5|**9`SsBI0eprTLfo6uYxmv3!K~a3H$hNEg95&WFJ{4p+mue>b~FKgT-ocM#A0`!k&VlkLKc?PC9&0OvSt3um2U
z;jHsc_oy@0f!~LC*0}=CI$wda&UfIfb2psF`#w1Hl<@~CiCvh+_}XyBw}-Rc{&2=m
zgfo67obgYl@Rw8gM{wr<3C{e-U6irk8DARCey9Owp7Y^6zc+>R{C*dl=Y=_N9*;}m
zJP)pg^LqYUILBx4i!-*D`A>tl!13D_&f~osoX7hxIFI*x;5^=!!CB`QDg2yEGV15?
z)zm$XuULQH2Jt+;`onpAT?^;_y#>y3@+h3+WDA^mzJxQ+0XXwy?~t**99OyE99I{>
zIj(xZdA%_j&hc;?oa605IO|-W!neX%|J!iZU%jJkZ*o7j#W*}4-WvXtdvd%h5R+Q6Bo6P)n_;fx;%XZ&?=?)O!2j@vik+>d+U9JhbMId1cGK79Y2ox%Sk)dFd7SCD@Pez&Q`>gLgoD?k*YicZ8RMbG>&>IP2*RXFa3bWB!cm&+&-o`|f)r
zKGu8BMLe%p*TMPx^Bp+n$m*G2b(v;O}{eGi<+`$0Ij_tkX
z%lMKhym|_6nZkRf@R2F}0r-8W|4n!k_(yQ|=UzDX<01DfiOtTQ_%By-M<>3r_q0Eg
zf8~BG2Iqb}1I~79!nq$?!r9L^z?o+ToO$NMInGzWndc=qHmSnROq
zJ!isMPj5KmN5L6?1DySTFPwQ6!PX?|O*ukN6gFj`N;yj^{yej+3b=d={MhTp@X_#x;J3O*f5!Ulsfg$O)Le;=_0NkD&-pvUL`s>44f6Ej;9?t&1(>>~m_1pI$p8dZ-;$!{x
zQpB_VSK+MxZ8+=yB!z#Q!Vkb7Wj_zf=zr!vErr)j;TNXxJ}G=m3co9bKa#>Z&r@ALnq&UjTjEB{p=QPB#p0nVr=X}Yt!Sh^zc;>kf
z&OE&(&pV!H0OFZv7@T>=!`EPY?}0xFe*wHdyKQEluMaA8t
z|NlB35zp(TTJW{V-x$vMza5;{S6$((XMlUu6UXl`#Iv58;H+mFob}9xvz|q8*0ahz
z>WO*aCB(Cyci^n&Q#kAS4$gZ1fU}-shuZ#)dSX7w=bqRlnV#E}fwP{D?bU5po?;iEU{I(eJtY;0J^=yQ*p6zhfvkT68
zesYg`VxHWOc-C|Lu#DrE^%R1$o^o*3Qw7d?>bplhG2b>rJnQKUXFYx3tY;{k^^AkF
zp4;7{o|w1qK|JeO2xmRZ;jCvZob_ymvz`y#qn?=mKSw<4`3=r`vJKDJkE|yzob}X(
zGrldH@txs3FARb+&qO%$+zw}+xp3xr2F^Td;mq?koO!;6GtbX(=E-r*;rp{FoO#N_
znde+M>uCdLo=$M)83<>d32^4Q4bD7s;LNie&O9%|nP(fEdA@=(&ptTwWFK+(el7xM
zo>Sq>QxVSVlVNb)?>qv34c8T$;BUg;gTDnoab!mQ+u-HlZ^IkG-+}jrzYD(+z8yXn
z&UJ~4;e4O_D*Qdi}{D;`ykKpXjui>nJKb-9zbFKAHv>VrT$Gaz*Ok=wx;B2=dobA?u
zv)!id(QaJ7wLv`F?Ez=I1L16UES&A$;vVhBb=qBsXS?&@YVqsCn28gmWQ+5YH+sO2+nrfxJSEjJ<|d4Y_~6*
z?GA^t-AQn^dzX8(8`mu}5YKiO!P)K#INRNo!oP=ee#kN=W4|y@ZaCvhz!`r!obh$x
zjBf^Kd}lc0uYfat6rAxlz!`rpobeCA8NVFP_!r@fe;LmC_7I%oA?J0O=eM}8&+o4D
zTNyaVLuEMYtPf|qE!<-q#(dr$@f?Sj!`bdtaJD-E&USBek9K1|pN@F8y8zC1m%-WY
zdN|wN>K^UJe7+s=Z1-z8+x-R3cC(MoIF8tEe)niM=JP^`XS)^QY_|rS?KXq6-S+O$
zZp`PM5zlr9!rAU9INQAy{t?dm)7_)pxR0KNc(%I)&URPB+3qGdw|BdHv>WGAWpK!LDXWZfUZz1<+H_jua5YKk2!P#y-INNOt=k|7Xk9Olc(hKoycQ~Bwj)$||
z$5Z%9IOn~MaOQaz&iJq4jQ<(V_#D@#rGF*oL&l!~XM8z0KLC0cZRG
zIOE5`8GkFB@w4EJe-zI6)o{kY0%!b2IL}i>$7l5OP8`?g!#{y{fPV@f0{;v?4!#RM
z9sW7|J@^;!-S98rr%lMHe>c1aocG;L;9ntrFr0aAf-}!-IP*LPXa6sOv;TjBuRuMA
z;9Q?jbYjN#evJ4!@FMUg?pYGw_6@uhJbU8bzVi1eo!k?lX?qag7tZH$qurDFlX(t#
zo{5O(bGbX<{Ji8taQ5>PaK6WU2hRBK;CvpE^@c=oiLY#l{}`VK&isYo+>gcK+>cAr
zv!|v1{QqQM3_Z?ZnRum~1}ntl_w%h5zr^F$h)?wV>%`}H{08xf?ivnlJIekc+4sr+u5-^OKHfct_>Jzl
z#BXuWD}I}M{NCqiw}g8^iJ$IXM0|#O3GrF(WyI&YmluE7y`uO+_sZgryH^vx!o7z0
za`)Qe&$`zWf8M>J_*(a-;xD_m5Rc!V*G7D^$F~=M)4hZEJMNvu-*@jO{*ikx@lW0R
zh(GJ&xxe_=9v{EYFviIn9zRs#FZK8l;&B{}79Z&G>vE@i>mQiN|rYUHmoAze7BZqn+Y$9PJX1<7l_|`<{P~
zcpOK2#p5{IC;o-!`Az(5_XFa8`f-##>HFNDJjQF%Ay&x!s?UKl36lK-6iZ`^6g
zzon&B6YpEWJbBNR{EGO2?zP3^_d3)QAMWwV&vr4-DEFq~k9$2W#K(Jl8}S?6+l$}g
z-a&ku=TEL#Wj%L!d^hpw?!Clkxc3pC<=$U>uKQr|huw#YFLWOvp3{A__*3rV#Fx8I
z6o1zJCh^Mdlf~D%CqI+Oerx4EO}vkL-eWSyud8Q&FCbpEu6aT6jvik`ytBub5by5s
zWyBx$`10a6yH^yCpW|6s{G{`&&T8Ua+-r!>bFVG_je9-uDqes5+_E_CZg6ie@o9~%
zo(|%9-8+jHaPKBw(7l&<5%)ggCEWXqmvJ8~UfzAEct!US;+5S;i&t|WCtkySqIhlh
zo5bt6PZn?JeusEd_i5rS-0u}{<33Zoz58tO4({{BJG(Cs@8-TpyqEhD@jmX$#QVFi
z5FhNmT70Pc8u1bC>%>R9ZxA2nzEOOl`&RLr+_#BOcHb_3hx-oki4E;|*(rXn$L|uK
z>AqWhw)-COdG33~mwUVW#20z|Z{kbb4~Q>wPk#uN*p!$bR=8(NKAeKbcI6PS*~sE@
ziLdiKdBwAOd;#&Y?ghn9b1x!(hI-shIljg
z+TuIBf9i?<=H5{JfO}K%v?kX7EyT0Aw-L|b-d;SHdk68n?w!R8xOWpT=-x}bhU&waA^0&n*Y@unU>O}vHs
zz2a@$XNtFXpDo_OeV%w{_XXnJ+!u-Wa$h3e$9gEv
zeuH>-kKZUh(c`y@-{ihce6ss?@jKjih);9hDSof}F7cV}yTxa_?-7srd9U~akKZT0
z$o)6*CGH2rm$|3qu=(S!`QJU8_-gkY;%nSJfR`(*}+uTct
zZ+9;vzSiq0FTT^`D~j)OuPnaXy_)zQ_Zs4R-D`{QbFU}9$j5U-@dF;;RQx56-zENM
zciXSK#dr5G-y^=qeXn@@+>L$W`#kj@5@jU+OY3R%WE0Qkomb5z3P=NP2Q6W^DtKYQZ8$vLe-^=a;`Ge7bdL7jZROy_%2`jNzQ
zd)aTr&@S^=PT}?7i&1|I_z7_C$A$3d&t$(XNqF>EJLDOK_$%PQWB>Zc`_jh=-wR)a
z_-m2JKQ@sbKM#I0;*-yaV!z)FXa6jQ^Sv|sIn}sYhx{B5ucYt|DSTrJ-;%<=gGc`-
zC~YtNENs^g@blq6!dd@5czMMC0{6#Q>HYsJye;B?gZF{|4)>3RrRVtr&i%;!!a5Hi
zz7p~ugx81v3BMSgD*qwGv)#0#Gsaa(6$7A7aHz)jb&>)_MF9cxmL%gZP&4yl~FL`!Mg-Lpm8$9ZWu=gBf~
zj(^TG=VDxyMSNFyIXL?v)i^AV_%g_I8oV0(XB>~LzXIavXTbfnQ~GgN34RXpugCsn
zp2~riiQ+P+@ZwBuTZvyA>c)<~PZRAN+
ze=Fo+|F?m2Jhz4W>%;VM-Wtwv#q$O0zYy`Moco3GoM-60u)Q6SpXWjL1Fy#}LVN?{
zX%FXh7u)TR_)8E!72XlP1!rwFNJr8^Zt?7pFH1nL3|11=?dq3bs4-U
z;(49M{_KYMIv$@T@n`nLf4OoRu%Ejlp69zB@P3{rF;%7YgmeC9{nHT7>(Zt0UdZzX
zyf^%N_~r0@@GIbHN7+9l>+AzR4$kA^MC7>=@$KP#;XUCTw;bmjpB#tuN0Fx=@_z(p
zKV(P!9M8Gn?1zGI_Cskn`=JJ$#|6hB>*x6>`7=A?zP=OcXZ#>I^YggieJkgm0m$!<
zgVX1|fp8v=%wH4j4n{oB7gxbK4-bWN9v%kgJbX1g)jZ7e(KU$gh&o5Wd&8NZ^VKNC
zr*ifu<2j$xIiHV4evWhYGv^=PUvQq`{RQW9w#)gP_ZK{l*l(%k^AhN{F{q#8`8qh~
zRbKydyT&5^pUkV{kcac?^>EIste^8L?{_$_jz^v&nO7$u{(mvAPDFmrt2e+ouX6lw
zym6dxJkU9>-iZ81GOu!6{a?0`XJe)8V(lpM>8Ie-nNO{3|%)k4|yED~tHMkcaony#L~L{#3-X
zpQpij|8*~%_gTDet&e){LwpDL3^?ci`{CSQ55PIU&4Tkh#c{&p_d&$-d@&n-E$W;D
zza2goJ_r5~oco>mUq?L8N8H}|$iwq8<9Xfw2;%wNtPY&}cR>n&G=(pO^Z0rU-a5s0
zodREkcwV0@hV%NQ37q}F>p*VT6Nu+He-h5~=~HlCS1g5hME%R)1L52+tY7~_S%G-=+izJju46f0J&X8TQ0FT6PWWp0uW;V)^WeGm2Uyz@Ss=baDWM{?fb{VC5oJCKLx
zoe$wW?=TO~JB;Ufhw(h`FrMcf#`CB=hqw#HX51I6r@mc+Ptz;72k)^Em+bBc1*81@a%s{LFq}
zopjF6bk5J5XFkV%WPGZASsS+0%tv(
z_xN1sTEw$X_VX0fvk39u!g;^{9sEbcbHC(Fv0Wt)zZZFU9{B-Y8u9z!jQ<(V_+Q|s
zBhRmJURQA3@_7sUZ4mNs++GjoxMe@He|X;Eey@T&jOTL$#`8Ld_49euZ`fYO?@!?e
zQux6X{wJK*&xha_`F6$o(Aqf-F2(ky9h31KfaCcnIG;affzL;ttnd}^Z18pPqv7wv
zkAZ&+&kpDNO+Ftu8RI_(;)}qqK>w77^Z7tkIPa%Yy*K3k&53q7&X0rh`kDSuu9I^i
z|4#H9`r*I#OH-qg6D&C|DFKn{8j+Y
z_!Hq(k^g!0Phu_)Tz*+bM9)W2~nq>S>919$&rS9TCs#Jsw}f5YOXl
z9GrD>zwmhl_e&x45Bs?YocpCHJk@m<=j~#M=XG*%cnQ?c=R!O`mOwn;x0ZzSdao4x
zpS*7^jXeEOXBqe?IP0GV=W{S#2XcPk^R%+a-vW8c!F$3v4mZJ1MSM2Q!{yrP$$P>1vtk;H{|Dd;CiQq-am03
z@9*bv-UoF@o>u5jJ|FIy!Y9CcAkRuT=Z7tD&JV|+-}s!I=NHZo#SqW=;WRks2OeL1
zF2{bLcSfD3qyJOg4{|=KhlX?4k?5`u4x359`|6<e=$w~oqE7a6EjZ_;u^1fyY^@qZ-q(gfuBU(8E<
z9>sZy&Uxuv^na>(iPtB!5zp(BI&jVdJkS2!``i+k-_ApR&cpTKg%MvL&OD4SgLpm<
zITL<9@^E}MgmZj0f>%eL#&BL|GM@8%6U3K8o~CflZ_VH(5Z@fm=Oh=vIUlxwvwvE`
z8Q(gEw@Kk`;hYEB!Rw;_3*qhH99OKTJ>uD)TrbfWc`iXb&zoE?!Sg2lpPV;&JT`@aMFf#dU1cnQ?Qam9JQ3*wpQGI**y9G~40pX&Tu67}#tg6Chp
zH{m?i1Nk|Act6fMdm^6mXD|3ksE5x1*gw4y&vq||bGxp9^LYZj5!&s8_)3UO#iY`XT>C$lo8{1wH`Y8$J-u^W7jgk892|+>b*L
z&vAY=Jk|DcoDV}h$HQ*Sc8x+k91qvR
zIUYvCIUdHqIUcTqry393?_&{99|z}k0f=ktkhjw^oNnSMix
z_?uGr%_;mAIFFafaE>3&1N7Sv|98h#xitGqOg(9w2Y9`72lAhYcs^(2dE`#S|C9T;
zyO4+XaZ}+(avzrq@w|^?e%{CNc{uOm_&kmGadhs-X=s<@@NPKgb9#OBGo9}vrXx>x
z#NPw|U$lEK@*hdN_aUCwZ+tGt`vqQy@Vc&Niu20B<;>YJoh7?V;sqToQeI&d37%G(|O-l7UTRO#Phi0_^F0?
zo=47y^Zu0gO>DOt;^(1V);S-}^AXP@C6I^nIrBV%JoE){=6MwUcgH{T_fD~279xL1
z)c+Wq?b3N2vIz12B+p{xVLz}=*3%d9^-w>rxA`37am3S~fV1Cbq2Cz41o8AI;T*S5
z!MR-=w|t(n6!DxNmccnM(d(lh=&j*TBM;|?5u8;nA;im+*k}JaFcJE=B(5;mrR6ocW(Z{u8|2Gp68|dVEmOc)k?zEq}AX
zSbviAEr~qIdz<7}Ir}3m>G8XMl2ikpYZy`IhHd@g^S|#QN>1r~M+!^OnS~{L=D#
zCw~4~gG1uad}Hyk?kn==e$xWu=Rbs(dC~lI`?kOO;e&S!>WTk8(jeB6MxLgBn0J@>
zsS6DHh)-W`+dEGDiK`7Ji4V$Wbv`H_`QyGa>M60(0^@US;e)$cyK%o6KI3=G|AFN1
zvdrRli$|XC#Y^01aEyK1U;UZ$ka=$LG5!m$%8DOsVD-fBGm1JV`2dOED-`}|DT}{A
z@_g{Pc@Obt{CK%iyjMA^^A_?Qik9vsydRKP@k@z~bV+_Ax(QeDf`qr>gixe!_1q9`WtOTloZVrFg{$
ztiB=QAGWb}?-DOD*Wzc0KjaS%SBv)D74afIfn6Z}$N$
zev0@@)2+@K;*n>r_%=VV;#w=(-T$ZM-yrdkC;2nnSpP{mEdDF;h)@2^J;rx=+TwE_
zo!PtjcI6k(|Gvdn5dUSAZEqFv4{oyf=HgfTywpy7Of8EaDZa0P)t6jjko=1N`T22c
zH~AR>`VIT-?+=Ub_{coDRxSAzc_MzTc*DvTms}&1{L=W(#2@wt63I2>hl|hV*CUZ9
zTQQ3}RXplBQ+$Ds!{j^S!{txDqokkH-Tt0@W=@a%w}_vU&-y=k4}Q4#M{
z-x81fABex|7Y=`lNBl9_Gw1)RzvVA39`UD&XZ7ooM&c3QQv8jREq_1ph`(C=^`aJk
zr+ASjR`-44Uwv-<`IPwd+7|z;_}jzH-xZJekHx$1vH19X4Kc1FK7KDl_?c_0o|1lp
z5gzfUiNA8WZEs`oh;Jpn*yrtj;%ohQzgoPQf6(Ms@ra))KB}43vsAoRar3vtC;NE&
zM*R8O)(`Rf2%;aVHMczRdk4aQuVwulKmR{`wZCvHd#wF?c;q=l{KY-iZX@y2PqXiD
zDgKUM@AVds_yOXlRkZv!h=1wVw^PIiUTX34#e08dzF2(N3+C&^t0Zr35?`CdpIU4F
zxp=2Xte?LX|KnVXKRVfwiLdC-wKL6gi@#9U@{|?dbb-a6AwDOo#WxZ^=6ds%;s>v=
zJiWyiK4|d+#Fy=|_*=yzeyVuuXDrVm@!PUko@L^jp0xN4;_du~X{-4Bo|b2~_#Xqz
z_ljRT$NK%)?0pCX>sZxGKCf6}j4Yl@e@)$+F$kNA$_i>q4v5b+=K+V+kVe`>qcJzYHFXNlkH
z3lCR`NBm3TKQ^)aJH;b@w|KMHE&gbKU=;m%?L+3d#V6LV?X4gl@m0h}`3K87ibs5R
z@u&TT`2_KZzg7I_uGY^B#3O!*_zA78{x`)V{(bR{{-E?%@#)>Ie-4Sip4;jvc)b04
z^yg&1pDiK&oj+fyBOdXM#8>(CZ4dE??<<~mnbmQpc*Nf)zPXasze+sfUlOm@%ku9O
zkNDl02!DRHMLgo)75~mZsJc%);tz=T9c=rhm|vGgzb$HP
zUQT@GS5|*5@x}g&yBmmK({rhi%0xh>Ps#EA$8wh
z*?pdle%P7E;;V{B{&U3-`7f@&LOkLJiO=h8`R^Bx_=m(-`GeRk;t~I@_(6a0{HJ(r
zzfL};K<52^^%C2^XNjNiu*KCBzqh{C-%I?I^%mb>d`2_#DdJaEu{?K+kLhNGPIMZEe7tMg9ryN|N?S>jdqnXeY#@8_eJ#Mi%O`L~Kk
zp6|qq^tSk)#djRAcC+~NfauR$XIej$5FhFvKtEOd{PC8*nt0@CCm#KCsd&S=mgfrb
z$TLnn`sXI`)q^e1-Qtnwaq*jHTKsbH_`SdD#J~R9`t4KkYy9uui1+j7mixq8kFs{N
z6|p~~|7Y&BzvmW@{3nS={^H`1zk+z-S(g7y@yK68Jo48UkNll|!Ex08TX)MpT)adN
z^E<>Bdi+B1FZ{Y|o%n2z|495C&;Ofv9{2qIoFnSo;rBnIOITgun@8FHy(NX;DPF-B
zm@E)~xmK3+#7~H~E@Jstil5`pnb(UqpJ(xJicfvpe5ZKCe<^;KAHRphi@s}ljwzXz
z{uTZ3!b9e#h-dNRtAzM(7u)w&6|d&k3AMzVe`4`%)qQ(Ah_~_U%>LrBy;qB8IbiuG
zi%0xa@kPH`{37v)Un*X!j_u!#;_=??E%Ehbk4kS~uXx1&Dt=rQ%U__B)fM}t*H+6@
zSiFsIZ#D6_KRQ=@ir-&cBwokQ6P?AMonY+_6Mz32t8cV;@dg&ZK>WIT7XO6!j`9}&
zy!bGG9{9R=AAipOw)kteS)R|t$G&C$y?E8VR?mL%2^W}WDQ$m7|KERnmUK8pywEY0
zzl3z%Tdv3$|b4bQc|7Z#8DONn3Z{m@SQ7C#^K5-<3G^KT|y3
z3(ON=oc)Qx$NTQ;
z;uY_=?P@L_&tck$&uV4ygT$}&>&t7z>u0t2Y2xvmZKn7^D?e?ec=Yp&;ytI?H+&?%
z#^3LMA%2gq2l!q5v@%xbai?bP=kxt~=>+j7{kdg1@$SBExsv!zYb}3k@wd(}?;!rJ
zKi}&n-mkaSceQw2KMyOPx&EBTS^wN9{=45t+$G+`pR+wI{^K`R=VI}iM_c|E#Up-$
z_~yD+-zVa69kN?|T@{Nz=CsV)^_ia+a*Ow?W^rj1GRNn<+5UdKc&u+PEZ*7oduj1u
zK0ePCkM+GR#ml^C?OrM#`Fn_OTx0z_R{UIl&p289hUcxIY2qE~n=clRbu3SdZ(C>a
z8^p&vZoXB#NFnpj#N#}>S3K6S9~8gJ*MH{p?aP_yuH^g{_jd)vJNa{!lH#$RwvzZZ
zA3xE5kw5lJQ;C24Roh<|iJ#@iV`uROn=F2$c&y94Q9SZY5x;1i?e{t2v94)>_?F=o
zzeYUP#l0f_QV*;13-K)LZ9nGn=g`qVRVSI}6MuDs`AOnm`}4{2;&~fdo#%+(JlK4u
z_$^s2|3dK=FIoL-#k2W)y4S^HKHMfA&l5fp&;6_A-z#3UlhyN!_(Ogjc~E>pcFU9V
z4F5CnM{+#R@^$Ygin4lurQXuw
z2a89ZYs63T`R5k#6GmB{JH@w*w0@Z{9`TFB_xtmK7sY42V0ku+_a1Hjfq1R`=DWos
z&-dboJb#u-_I+_&MEtShU$(XFEh&C}F8luS;$M%q{;w~d?>UQaD*nTd<{iWvG_`hn
zi+@$Y^7j`X{+jtX@i{k`PZICp$MtOS$p47=uZ^spHR5r8e?|P-ITpWP{DtmT&#`A_
z?*EtvP8R>z*PWa$er
zcUk;n;t{`8e6Am-Tg2me%e&$)&$s;Fi(l*?$op0NLqBg8_50Bn|3CP1xw7Kl{o>aQ;Tou3~YiVyU4jBUjG&bK_h#H;)L
z^*He}YFhj(@wmQyM*QfO7QbD5fZtF3EO
zJl1tI7C+ISt9KQT>*2xTaeX*K{Bd9Be}{Nn$37q)dFG41d%kVwdhw%Mntv`{V5Rl{
zLGk$fMNYq;i*XX4o5(M|?lJ4P3gYqki|XQ$=REPdpRhcah{xwCE)y>r&ppH=eysRX
z-`;z~fQtS7FS(7?!Ov}$Nf$V@p1QBoxQ~4ezw2(H$D$f6rbYH{ich@`u|ztIeS~X
ztHj@GZR2E*;wSoAjciQ(~CLZ_WL&PJ`
zNby&8+ICGBkN8>Q1$;gHGvX2dg7|a(`Jhk4BmOJ#PyPPoxayhvC)UlLAYS4-i>oXi
z@ioLxdB@@}5|8*U;zR$i_)+2!KVE!ZE8Fk$#N#?`k$89ixdH3NiI;x
zm0zcQC%*VW+rPhv_xJht_!^ckj_WRd{GT9R-N%1n@d-ZvR~3)v$>)lnwbR<`ARh7E
z#5?-^_!#kNPgtHC#Ou#CpDVu5-^VW$|E`q9zak#-Tg1Ei^U6Kq^L$;|KJnU@+IYxU
z)7puCj`&l=fADpZ=ZK%<&jIR+-|O!|I*CVoPx1R6wmQa%FRW*Nm-ur%&F>eF=XDFk
zH*B@-{aL*KGd2zninr`&p0}2@6a5qM1;rm3Z*ixKPxJ9vRs5=#ExxvRJO^$rzHgV+
z(@wl>1Isf~{PP9ow~9xesp6M>Wbx067kSj$T`OL3tHtjU|K86Rd&E2XI>w{?eP;A$
z#2+jEzW=?HcwGOVEgpI5i2vEy>g*&Q=lv_iBhL`=S^mI%ns}Vo9ubc`Pl#XR?;SRX
zNBmatt$nQjzZQ@9AH}ozbLqUbZM(If3yL3A%ktL}kNge9r}}%JUg8noU%XC1tK$~&
zh`&qxT7Un(M7+)_t8<0;um0Tf4e_|I*)D#=D68jZ@rXYtKG2{46snWCKO?@B__Iqa
z?mY2$Z`ee<)2$ZYTRh?ii1)5-^Vp5zai29!JnoNXikE9`?Jg6K`>eI%k>@q>Jbs*i
zE#7~y_m_|N7>6HRW?o7>?z1Y3$Nf@rW?fv
zbhY|tiAVgy;{Ny{?RoLI&w5#W_S2UCBk{P;`a-<@gBJg%c-&_lnH10hd`r`5V
z@z&yT-*<`lY=15~R6IVUqk#?U#HPVJU)lsLHwN&N2NDBSUloKh?g#4@pp*F
z=cn!!->}ZMYl(QouMltB#p1V$$LFTEi(laDLw*pC_}|6v`u?c&2J$zscB22|^PYvo
zJFc;~O5$-JeYW_Q*JMfmhD*dF{xb0b1ug!1@rb`!yg?I-e@r~$mx|X)z7$P-y)Pd3
z(VvPRxGFt7?T~oHXFuQmJ^C$|kDt@T3%#h)kM!`Hbr5wGCyajq19te4d>M7)`QUVf^0^G;UJ{o+~n
zn?EOB_eb;f;$!Zxc0Uq-cZhA*7vdkbxA;HAt86mQ(#Zad{=D~e%Tri9evVlw@ulUw
zKgA=yvG@a5SbQJxFa0_`Ah#Uu6BZN<5weye3{?ylwwB@m0rKp55ZH
ze(Zbkb7$LjWo?|fKO;V;__C8Ne`)c!kEkGC+us8=6_531t;OGd%j)PW{&ZujbA)(2
zXShK;)`LwEFLbTdKVLlV$Da|8`|EY$k$$s8;xT^4ir@dI_5W1yh@TmRm@$9Vf#yos-`_(Qy32WvN5)6D(<>Ok{+;_LkWw~+X2?xn>C
z`StJ_;`@9Y)EAF+^3BBa9A)*46o0Y2`HkYSu6nBYJN_POhWLm6JbbZu#4i)y>(6O7
zibwog;u|*Fc-SKz@jr=oDPa5KxMrF6OF6%vDkT1?9~b4tbNhXLGx36_Sv_sV>rS-(
z>?I!Y{l!o6&vQ)_kNC;r_zvP7UbOs!#be%{ARh1cZxtW^k>zJmghn78NMF=5%C{xvG^Cn
zBmNcfJ=rY&WAW{|%)b<$b(W38L*fyi-R}=_CU!&e7AxOdmZ!M*4?g}+6@S#n&w1kO
z_u77KDIR$)62IvYYj=Qn-g4%{#5eo8ohjlGf46w{DOS&7@p!JXN<7{dY!*L$rsa7@
z{Ed9p&tHqz^Up{8DBjNB>mSq7@oEfd1LWo
za$CEXibs48@gIDi87?0EbDem%Jl5`A;?X}d#5?+Ww#UU|UGZ}9++SM$*Tf_KP4TU_
zTKpH{v99<#@g`4N|72-p-xvEU;&X~;dE4TOiI?@y*_9K|c8|rMFCObgE*2l!(CXbXTc?xXJ#A5qHcTqr*7
zfaQNm{W|mQ>K?yS{L!@*e@q+uGx}$Q#~m+z?&Vg0HSvhAEnfW^%iBY|+-mc_;(IQ%
z{A0xUw(Wmc{KD3j
zf3JAlpZ+F(RWXY{v0di=jCDjs#aH@#c(!=F$E+j1Z;RD`k$A*+5kF&r#g7qR=FcY|
z5N|co>V8^0-g~|z9`7q(7k{m}^}}c4@!s*6{CyUG
zmUzV16wm9|w{6Aay;w)_dr!3O8X_Lgk;aP0`^QP*1@Ewx
zJ%hv}{u=Qo8e2Wn#3O#Dc-1`?|Gap_zbxMLTC0DTc)ah}BR+4l#iw0le@1`CI=vj?
z%{EwES@DQJLws@k{50`c*Vj(`p7$;PAn{nIca8X;KF+6!NBm6jZ<8CC_*y9*>-1g}
zFYKSo_((kBzYwqO&xf;KZ0$sU#yY*@#DDbn3gyKkzOwkv36{5|_(p#}a*_DUH{19e
zARgz1Vd8rqwfMWl=JM1pA$UllFa=X@yCjf
z$Y=GG6JJ=*zW+?|S>?=Yh+pFOgZ0H@on&+IcrM*hy!WlvpIycGA7}0M7jIS3;)jYq
zKRhBH&s&y>$NGmC#aH`!xL3tn`SYKh;_)8jTk(U1te&66=Wnup
z$mQ=#<9Jzhx%nyLt^9tor1*)|Eq@L1h_5I9);Sj6S$xJR=Dozf^7l2@ibwne@$I85
z&x7K=XLRhKA&tA&+VTFd0YJ4CoKQ_;*Zy{`o9y8
z_ai@x-%-!<9NW?UjQtq#dBu;t&hnoo9`jOV@nZh@saE3gKIJ0uQf)2&VDT*9TYcAw
z$GE*!Jl?NO6`%X5<#|jzo&!H89@ky3iAVl7#orrj^?xrO@9z$X$NRf%muBw&i|bpS
zqT+G=R#yBZU!Pe+Jl@~c6Cdu+D=rj|=W^Y||?`0H0&zYQ0U<9&?y?|!{EN&JnOmS>K5KmR#GPl(6of}a!b;?G-O
z6OZHZ9r0hkvwr+geA^1^hrQz0`sY9or0^V_Gw+v@gKWFXn7`x$8mAHcwApi7q9f8ZSP|7
zxV~B`9@k52#NYRM{$25i|496NkN-nFu9uGLYTFn4rPoBOv!Hmy7Z?9xg2kUJ9=|`R
zf%xw}uDXi0s?n5&zMzZ>Nbr{;|a`5s%NMtPr1fuf=Z@kM+Yl
z#5c~fI)4*C?|$?6y*km)J^gcAB`>po55L2I-b)4Xm=9};kN4+hb;Uo(Z}oQ(@8R=d
zFY$@~d}pM1ms>5*B=Hx&G{0N?t4Hj3d`SGH8!i4x@o0CY_^ZvWUp9(I{5J8gOI!Xu
z;t{`3{Mwr>f9`IX`#<7O6#smj#hoEu*6*9n7H^u}`k|%xu%|6gTk%z;%`X>^^TJT^
zm?y`J$LHhj7LV)U1>&(TVu|?dcGjO8#E{7(zmD#1f5!Na
z_}t=kpR;;S7mxU=;#J?y$
z+&@RWOMG;jqtXlABmT2LzdgD~=Keh2?@w}zul>{F%8Ez)8RFmjbyp+t*9%%b7m6<}
zlqJ1^PU4@|w|1`1Yjv&_Z`t1bHSxEXWJyo-
zrFh=17XQ8Yju$OHcTa0S#&ec)%uf_wI>Ee>_~~cZ_n#wP!1J^h@88Yp=`8-}PnKtt
zc&z`qS-h-2ueeh@o8Q+g5RdoWFNnwe+Gg=yJFK3%y)yStT%R`<-*m6_PaE<4xy(C=
z=f2&%zj(wC74PQbd5U<qfS@soH5KaTSHbIs`Ih%YF9@+_<8Z1IS%BVNrvmvO0heD1Y}_{UwW
zKgWqj{7vHboniIN5s&luqvGpETK*TsF%KLRk32{F{2l$=
z<^wxk%8LKg$-I$xY2WW%#N+*PKk;}ke6{$p8kYZ7@p!*{pLpb%BYsU4>(7{(GH%7mv@?9@WRTBl>gT6#M%r;_g<<8!t3#Yg0{
z{oYYLK3Cgae6g=P9Vs5~wXYX{-tU+06OZSjbHpzmW!t+_JU%D;qWH(Ft^W7LBmPtI
z=jpAv3KKe;K)^+R`KlKvppMw1}_h-bH
z5P!?xYcvp#bvVt%e|p;T_Y{wHBmKk=__
z&lxt0$LDk7^Exr!K0V&@d@u3w`P^T`i~Q>SJ0NpE$LDkNi{I1J@>drBqOf@l@#X&9
zzJ>VIRujB_i{B~!zW*Ga-Qoq}dCQ>8{TaVcH@EmafA3#G
ze3Cy8tRnu+_qM$ki0AY9?LzTGrLB(s;^QAOA1Z!=KOdMP{>%_-_ipi#ejoI>_-)VF
zxLPj0q`&z#@d|q_{|@m2kDLD?9`W&e$zt5Tw%fL=#Nf>RU(55C7tiJ6v$1%@w-O(a
z$Ljg(=lvv_NuD?3dF)7uzx`FK<9hMDr7X|w;_-g`QSozpo!%1h@9S9p=fxw>C*tuO
zX0P~hH`#vqS$yNw=6{Ia<44dQV>GFiM#DchcT;&FYxLcD+oITx8HB$;edF@lGblo
zugct?t$ki9A|B6$Dv3v)v&EZDx4f5#_we&YKk>Lexmx^lOOrNPJl6&G4^zdDpKaSa
zM|`}`dyk3VS<>Q{i?8*cv-hm{X)UbX9pXp%`=D>c(`H&f9}DfJ;_=+z9PyL<=T|oq
zkM&e-#h+VZb@mdE<8Fv}tf#szh2JXP=xfVARXlzk{e1D5=hunHJil4|glnvSJ{6B~
z`;~axJ8T>t6p#39!!qx$!Y^2SQSlh(WyCM2WZ&OFJjQu5@ypg(d=K$Bey)D9_yoC6<@yC>f9k7>!Wt3@O|R(zU)u&
zSRa+s&l@q1Eqcn@Jy|^7zZ4Unzrf;86_52%RmEeSQa$llAJtMk)<<0`9_yp75RdDw
ztHq<;apJK)YKnNQUz#Sq;y4=*Pl`wU3h{it?)r7{h<{Uj;fNXq
z<2d$XJhv|-9_yn{6_52%mBg#Au<_hTJg#%vipTn>4&qfxTAhQ$-Q8$P`Q_zn0IpVQC>QV7tMXev!i^p^3
zP2!#We*7!(SReI+cnSY`Ao)jT?&nw^RaiXc!wTXZeI0Oh@tF7Oif8xFyEPGydGA8;
zn18y7$GkT{Jm$So;xX?{5|4Rrs(7?JTRi5y#o{q9EfbI5PyB{>#BUdW-|y4E5s&yE
z#eW{{`_JFo#PJgIUOw^9U$OW~;xX^l5|4SWiFnL=t;8#4xBR`uW8NDg9`oJ^@rEzi
z_`h8|=DqvHW8Rx9{%aYlXQg<|d+Wtx9@{8Bex>F4Og!Sh7H{bB$6RaQ7yBjVvE1S_
zv)J~Q5s&!O#oKs%6Y-e$T8Y0@%JTOWk9lvnc+7ia#B&d_dF(#%nD=IjR~TUJt`?7Z
zZ=LurPgwq);xX^-7VogZ@@I?VAkp2)=SVT{I#oQ@Pc9ITb)?J1V;$)_@mNRtrg*F)-6qu`A-{;q>bH!sGTOuCoNLPqApKJZORXo;_ZWn*wKOgjic&sD+UHsTB);}kW
z%iRC5jYbTRhg0HWc4e*!EW!@mNRNTl{kW9Mc5xSVwxR`0xI_@lo+uN4i2h
z){(9eUz{T?{p(%vSU>iics$oSDE`$}+ui}!r>9Gc@f_Fl!^F!SYw=^nWBuVI@l7Qx
z{(kX@e@Oh{ZdS)?@t7yKh)14x#h2!{arm=%JYUT*KJ)fQp1k6%&at?v;_=+Fv3TTZ
zC0@hV?_MDu@q@&3_&B^tJmT*Vf8FQ($HgOlx%iuhj!NIKZQ>EXL%jbI>xVzYV;yOh
z37PwIM$s(kP*^!P0!
zkN9WAo4#TBw~EJke7ktD+SWgN#pC+nPw`m)dCWv>Cyvw6ejQd!Jm!Il;*qDC_^a1g
zf3_F@YO48A@dN%|c(Qn`Bb^~0>p$m;zvk;XpB0aFq#MK|&sOnknp(f?7LRqId&L`;
zu=pG|WbV(1&nsTk*Qb>ik9DM##pjK;{o7PL){(XmU*YpiAMsd6I#~RmuQRzxJl2uk
zA>QmF+s*~z@!occ_!_^T-5?(CgSLwI@pa?7#baIQUh$U0Y+N1d&v9csM|?i<&-~|p
zpD7;eNUMu)dfEE_0`Yj?eWCb?JFT96;_)0~qqy@dKd+C)|1Li69^3ClCuJVzr7yO>*AoArn|TBA4*AV56_5BH;;r{v{3!8Q
z7dl>iY)z|whIqu!6~FIM%m1u+tP5Q$?#pS@J`j)i&%`_Qvi*2KJl2I~yUE&*al0~`
z#TONi__E?v{c{<0#bX_5WAQ7W^Zpl)b)-GS&s=Ts!^LCW<{0r4>stRmC?4^Th?nxu
zZM`ZU@o$J<{*2Z0lX%4M7hgEt;!E9Ze?~vYy3h*ZrTsl%6Y+>|Eq>a4w!emm$2yIX
z;#p4oe{|h-oL1Er?{T`3mTu`3q@=sMq@*RKK_mnOrMp`~kxnTE1Zkv{A0UD>2na}s
zG}mX=`rdoy^Sa|7jPsr~YscBA_Sw%F>z^rbts|WSf2Wz{Ujx@V(#`PKi!A?fxYm)L
zfuAgD`R~9r&+rPab)?b9gzwMd)htgsxYm(ofiL!PSPZUpq-Ehv@>qE-;aW%90luw|
z)n_1F>qv*gPx|_+nQ*NmT?kL;-|vBI9qD0sryp&*+=Zw5(c1M7yuombPck-qKWiOn
zYWUvg7FP6+5x_%vE?5M*SgS=@H%f>{-tomuY#xDY59-AwT|>O
z{BCsHzW3o;NBS>3{VmI%V4Qu8^WT@ye6QA#CWpU_Wc7a!u63j(;D>&m
zZ?DyV09@-xKZmE-XZ4v2*E-TA@H+9VK0m;4ynwI2stwn=(8loDejU;muK2<57k8}QbK#ng{T8n09h>3Lx>~>O
zgdfdl`G1CMz0iHQ=2c$9Gv>8%5_LlOe!h3wzK;dhdywP9$6vDe_3#yEt^RxAo6B3d
zhv66fJ^v@*k^MgRG<>h6k8~d1`i<4+Px#dL%wNE>eq{BDJkfrx{r9P#uVcbD_~*Zp
zz&HAPj5EUfc|D85yB)T2tHFnKG_McOcEJ)ggRk}TOFQ_8wHDtCUf-X04~3s-VC|m(
zf11?t%!B{W*GsQ}PbqHkTj3o_TD$hcOZaugF?bz+uhAL!+n-vVi}0BTtp2y)4Vzp1
zGx(&f=CLP*-|lsMUM?j(du?l1c6d*p2Pq6Mdc*QofETD>UJrgSrsZ!1e}2@w8@yT(
ztA9UumFt#&2>hVGpJ62YvacJN1TWUg^2~y#iDTt1g3nEE@yp@OGnsFIXZ7R5k8rKG
zJ_b*h#`2tp*C}iLa~mGFlKE43aUWL+CtE)4?{!;Sd|G(P*XB9kI&K$&Ydt_&xbD+y
z!f#iydNhVV@aHD&;aacQ8{W$2kA}ikpK)-lSDXs}eYdsu8@SdhZiv8l!u4F{AYAJe
zPr<+U=jeaJwI208e1p#$M4b|TJ1Ra7JnxSdml>}4*qrd=g)F`bToxh)|CS1=un!>eCyF&!t2R^Ks)q4;;wI5F=z;)fV
z8m{ZEE%3X(ZvO~ev$$Mvjq?KV=6+pK
z9j^Vi9(>VPwtbt!wNASq{4+nFj)3d9HwAtvhK;v{aP40!;X3YZfLD!d_1p*7aqnaV
zegUrI-c7iUdynAzTUq@hO%K1l^n5cWd~*ehPYBm~#WZlO8_WUMdd0$Utye4$*LuY|
zaNXB5hpXI9aIIJD2iJPS!SK3QtzYKA6~74nb3^N&O>o7358rjpw)?Me?Jwuxe`T=z
z|HAcLEUM27>bgSf6%)d>UNJd*ctvY(UbwCw-iK?wVp(|H0+#0kxb};7aIIJD0w4aV
z_0Q*Utyi1?*ZRZh@Uh)3&nmd$H^R$4vHBl}YyIJA__P(4|1MndkKuE_wfKa79ii=|
z^@_>i>wH~bLAb61E5Nm0u{!)~zdr8(*LuZn@U8y5W(-{G6{o=W`1@+s!1WwwGkjz*
z>*rtKTCaEx-qk-}{{pUchS6qOKJ}-Lhe_c1Hd_B@fa|!I4W8D^%@5acuLNAjpQ>;j
z_Zq=<+-nQhajyql$Gt&tl{*@)%(>2YYEqJ?<08UftKfUxQ=_H;n(|E{MT?D_g2G4`8th5a2@wf
z!W$*A{<;g-aqk~^u0<9fe{T4G9{0-XnH2uGtHou6Yn^r}xQ?Hd;W~acg14P)<@SYZ
zo%SHO)+bMfYn}E&xYlW}hHIVn_i(M#J_J{}C*kw_^IzBCivJ6q!`G!pn-{+S6(0}Y
zIhn;}fh#@_JXr#ZuL##V?V9i&>+L$QJzVRwJHfBFw)oHBI**Kl>$o}xuIHz#;hG2d
z5w7)J2jR8OS$i+RBi}Ut6JE*}D7=I#KH7ZyJ)QSY`g_IG!WEwdUVNkdetEd!tHTeZ
zvG{gy#dn2o@aG+4;EJCDUy;`GuY)UoEBxz}wm+VPEB-h5&psdh60UXH(H4a7&-+7c
z{G^3z-E|iD7ycZ!BwXJ7XUId@z^P=0}
zTBp4mJ|~;?|2eqUXT8m{ByR=D!~2)|R%+Vuxq^Q#Zw%JU4~)7J^4
zSrjSkKOHAEZ$LB{pB0T9RzS4HR*w2j_bGAVk+$3R$_`h2e)#g}mbWHc@eSeK9$S1b
zxYk_{fXBFI^`8Y-{8#WB`7Qr8xX$Cd;rUiZ3HycL;JSXe3D^4S`|#?MEl@EX
zC*fLm{TqDV1B-tESNt=0+L0EYXleL<);jH!@T6TV{$04%X%~ZUNMrq37p`^MP2h`?
zT0MHgwNCp}_?_DpKN+rd+Oy$h{XKH);d&ml4ZiCw%YPECb=SYa=l8e%c?ehhbNGbn
z);}q}4&VP;r=0zK#*#=h$K@Tor+%MAa$mBrhN{``Hr@5
zt-J05Uy{|z9S&FgSom;1?k$09-StX%i87XdFI@3I!~cqE#py@zp82ZWB7JZ
zKP&z%cptyc%m&vw?R@Y-KA&73u65eg;s0#2`m}^=UGzurLGi4;qu`341i#hE@^64E
zemnfpQpQAk^P6E$-%<|`lE50av@$VMj6s~pJZQxb?dEY>|
z)@cui*PLtlXTr5kdm((;5$n&baIMq+5#Hdn#h-#}p5X>u>$LB|3;BBqVlKCQ>SwLf
zehaR@Pml?&b=o=MtzK9^RDo-qb{%+pUl-I4u65d7;d%30{-JQK(;fxy=+h|0
zf@|G%5BSzeR{!yE#ZQO#$Y|}^0@ph2UGQGMz0Sh5PWuwPsXrHf3fDUANGrqlXP=c;
z|Fm$e)6N2a(bVF#f5iDO-O2w*>$IyOeuaPE7Or*LUEmdbo#zO+)@hG}zjFWAJ*uZu>8|)?Gh_S4n66n|M|DepY-cc#3>hpQ3QByDkGiP~Gx=
z2v__^@UEU{gmJ6!3D-KSd+;nnZ9B#G
z@ulO*j8W#v;o2_mz_s2lH~g``Z%yM@`87Y*2=SWlY71BXF7UArt-Yh*T2D9~uJwfT
z;j!x5c-{=x{o_t}nN8L|C*fL8_!~Uq6RYQ6aLvm-gKIrujI~yd`c0k$uKhYKysUqo
z{av`mTT%GRebx^(;EJygFZZLxcZF+w_J+UCYwei~*Z7KFG?g
z4xi`kY6(vj!{R%@?+v#4%!F6+_@(frS*)Jx;rcrqTj6ImTmB<(#s31Ybi?xBhAaL7
zJk@QBkF(yt{`Vzx{iFCq@Di!5A9BF6er)wD3h$P~@>YVM*lykdo+5|k?+(w?#`1p-
zSNs@wEr0*dVz}a0z<=@kpr7E1KLXEL+3J54uJ}9f;-6XlV{NeC)A2{~3E`urSwG~3
z$82a`06ut%<*f$Sc4-1HIoag%W**OID`~%?o
z{x%;4SDs1mguSdEzNKe1Uk9I?(flAhp~s(q&)jGA`4g^r<|lAn7sdY0eoy`X);#+@
z5&WKyt1R#`Gp#@Kz^5&+JZ0g(9k6y)g%5jT@h#wrZx3&f%kq2*uan2}41+J;VDZ!8
zik}aUk=Wwb!_`0A;8~JdKOBXtfBpy8^MG6M^#1p-9>A~qx|HbtTteGR@$un3yIVhG
zgeMtb^~?c(?~1jzBwX{m!auxbzuy3!*RSiE
z!}Iy)Vg|!AthaW30bjb@d=WfNCM$P2ykK1$5BuPn-#ZHb;E=^%hYx*e`R~Fb`+R1S
zt>ODk@u}hedth;8;r(lySA|C%ZuRL7SNtdNI58~Ge0bI$%)f@O@$1j+aK-O||M9lv
zxdd1IpYXx6EIzV7pV7Edd~CQr7nBLE_?+-M$E<&nmdT
zaaaA>xUl6(2iH1{+;HW25B|#u>z^8Mt-ELdFPq%T?Fv_XANVD|z8weGbN^}ZsMjt3
zD!As&w!^hvVh_C79BbD(xaPaAz_XXO_~&pve~jYCC-wh(q5t{sztr%J{$7a8@Ya7@
zyNbgVUmiZZu#KNqa6Lcm2>)L~tIrp3#gB(q^81$+aK&$c|2fm@e;ls(Gw_1nSpA>D
z6(4zr)mQ!5EvMyA57+bDZ15TFEPru$mk-U$!)Khd@>;1QrT%%km++Z>{g!fP_bzWEp|01LH|514Pc-H>^!AmEzav#DK
z{~W%iisebZD|~<6>}B7lhZpqE@0Wlpz5;ytVXIGTc$bovzk3A!34Bw0i=PPZ?B|_@
z@OwX6{4)4yUthNge)TP@=P~&3lh*&I;oaw3{%deOzl-YS>o}0zub<<>yY;vHY2nIK
z1YUoq)w48wc>hRY|J8x3T}|MVd|lBX__K&RhrAbHg2QeJ*kze2ER`
zNax}DT;x5tKIixZertvGPy9XMw~OMF!Jqp&n0Mj&oMSO~oky0p4qWjcz-K+Q_&#ub
zZg(>L{jO2MeqkZJR&MiU@ZICgx5E{`2Y%`ctIs*O#^Fu4#=~Q{#=}c^#n@583P|#k
zm81Pa;~@iF;~_hIdMEq+(r}Fjeg0MXwSAi){?LNRVTpRc72h9T+T*9ewSDKobKkK1
z8{vxo9zMgb=g+`39v;K1U$Xqq;Nw?Y|Gb7*_v2O6z2W=6LnGTRvEZMMxBSWA-TXbP
z8R0r_7J?VQZ+Ys%%l&TN9j@mrqu_VGw0bXxNA`6ihv8G+wfM*II>XG9?hD@!QN~z(
zio9-r_yWTN7Ty=TRHN3zW0|{1~q1YklDv`dIvUxXyQT
z;F_0M4DaNh+u8$&Wqgzsm~10;aIJHz@j8(g2)$On)4
zo5fd#>+>45;d^sfeLBGPd5!My4~kg5N5b`ajfwEIetcdA*F45r_yE6tJ^$ju_!*3VOW2AwnZDw(W;93V>65hI+#W#iPc~)1r^7MiC
z|IPADhAVzHJbhG){~oUA2nXTHa{_+E*JnP2EB-lr;+NL{Ne)^0I{#`OBQ?C@V(b5+
zaK)E_Z_HwOTfp^PraN4DK7sF>Zh2V$lT6x{znh)s*pLg80`&78%=fZ#V
zdB3f2&4>I5*Sf0C$v*Zw*5&Tz%|f}d$@
z`NzU_eKi&SiO)x^g)4pwyrsAISGdkczr!o}{oNyY?NV0H7w~uUSwELM8or+|_0C>2hO(m{&2+)
zfyXFj@iXB~{JHo7c--<9zXh)M)$D}FNNe$D;kw_y2A}Ek^RFWCXvZyIod3Rr)_I;u
zXZ@cXt~}}BQGNRshAX}#eCH<1-w>|&=J0B3Exr$2@dM$#Q`vqo3tlLV`8@bfwXFT?
z;riU%9=P7Sav1)W&%ulw}GaNVz^fdYhtDoz+hqe>@!R23Z(DtSg)9Dd`0^VT{|K)5
z7x0|^cPmo(^E&Mpiq8Q5xTLkWB)so8)~<^1hF@EJ3%J&Kc7f0H>$=`>eQtIlJfE*)
zoC)7L+3K?iK6sV+5AYJcUhWULuHWv$N2j+u58-+b^1tvSl`THnFSdQu&#f!k_i^Ff
z-?e^A57#>Utnj?UEl*AOF`v(G3U8d;;yb`~o*D`NGM?3E0z8w?dn|z~eg%9*IV<-k
zxQ^#1;FGFYzny`{cx8F+!xjGo{##$m^VYBSd+Pr@ZSDJH@E;~xd>**s--CC^ZSghW
zy6&nEAN0GG+ZC?)&&lx3Us?Yzgi=iOqQoFe3rkLV+cHdYm1)%
zzp&ccwFItmSHde?v-q8G#qWn#^L4Pl!4p=t`do(R^YvYi;fj9=kLUCDNqrn?zfgP{
zc%mjY4hzF|U0n)3c%H>Kg)4s>c;iGCKLDP|@5?@ir`lotFc+@v_%*zy&)02+KlAJR
zpWqswhv75*czyw{_-pWXU2MC*geyMkX={i2e{MI6PXkwcX7~@|t=~$(6<;2{?1klT
z1=l$20B_~b2M53vKMdY|spX#r|0b)|a}iwIYb9L!-FA4DtG^Sa
zepdWHi2r=P#m71me!HwrVxAIS?y|*YfS-zHUJ$PM_u*TITDxk(wZAlg7dUG5=?GVR
zclfMWmVX>v@l)YL{rX`QT>JY*_1f;KbGYKiz^@;&_@!|5^D21tZ!P{1
zT=6I2(|20@J-DtYwsesuCLa>j}Eo?&G2epSi6qH|Mv6I8F*vAzxx}m?eY{psh{OfcFw-)
zxTN^B@XhaA-1~5?mna8M+0Ejc!gamf0j~8D-QhWkS^rFgkK1qCWf}Zn0`qNf)o(X^
z_)&}h4X*gh@Sl90>vMR?RMy@oetoU}oYKbfr-D!S^Fk(gjKbc}@M8DP%faXS`LP*X
z`&V0dWZ&Ng!!-`SfH%Kr&=a0_x7B|LT=6sDPoi1=
zrEtZ655Fo%hHE}NC46v08xMKlns0v(UND*E
zuL)QF2JlZOTm3(VYkc;BSM~A#EqqR9D|a(o{jeAQ_8V*0S-76>T!-uV&O^AK*F1;E
z_Rrxa`NP_${#Sfz_-nteeh;pGC;_k6-0J@UT=A{o8~?HRL2w;sM!<{rwf>w3FXqR?
zrSOE4tetn@8@-;-;My)R{rIH*>DSBhB!eqHH$2JDR?lK^t>Y~R*ZV7K!29pDJgwlG
zH|q%h%iB8wuK02At{W}?7I^e-s
z9n^bp#W#e1GRVeNTeyzTJ>YtOPJeihRMxIZaLw~ChU@wDTDbCWfmiEl^*jaF`*|+I
z^?sgP@Z|npwJ4V(h5e^~);ga!@ZKk^+_Z4LpC=2v#Sn`x3fFwH?*CNokb2f{br7%q
zZvj{Tw1?04`{KcH_5Vb;`hOl=`Io{AM2Z~NU%TPz|6_3V|7m#XSC;2KT>bwqd_@W0
zPFKQjFZF+7`1TGKmj$l=&jT}cT~`0$@ZJS2&rJ9ZzaLxxA6eV-EQ2f05AZ^V
zEdNjN3&+e4!jbRu%wD7b3955GL{a*t<*q_ff
zh2QdZIBnpKeceeHxY|1e{_K&}dnA06zlUTJTzQtlFZulNTKLR(mj7q?+0Nz{;Asw6
zKi`3?f1+Fu-_KLNvhNeZ6`u|MR`MuezfcIS<4-xbjt|w~7koc&1K07V4_wEeVQ}Ri
z4KMMnwd)(Wjz1gWI{thQ&)wMaoPz84a~>Z51B<^8*YW3H_&J|nisR4EHU5YAaU(H&
z;2X>T4qTs)D-R#F&9+x{_?+1`PCCMM-0KBjztr*!h2Pv{^%(`fz1Z@vfnOeH@tfg4
z`hDej_~|y5=Nf!;MXOJoo0d=gHmZunCxx%+X>sY`MYmg??C?g7EWR*2`Zt!p6ueFw
zi*E-{Ud8fvg%8MQJ{7*x@89Rb=kB#~cfwoveB)2>%lY3@&3O9
zAK@PD&+z^K(Nt?!Jospz*GdW3yhXEg&7W4
zeWt+2$FcsO1CKP$d>LHzSr1o#ZilNse}$JmZ1w*g-q@eh{RvmONpFSUF7sB|c1Z&t
z;`2*6;Od8>@Xxkdd&|HZes1|2!S#3gTEg{y+TQRYgRR~J;g@~RpGCfnYV`LuWs$_1mD`idP<_Uu$ux;i`XS_@6hd+}iMbh0L47Ri7^K
zR&}l1-tZwleumQhxIG%Kep?KW;pfv8@QjnKAAW-uDs1(?1mEs|kN7G4vkX@MH}GBw
z&Ex%LU*r7uCA4lfPIAki1)h3gPmo
zZQoRIZQp|M&gHG#;_%iLY`a&1tK2^DN;#~4gWx;rTK>^+ZQoh&c6TiPEBKlkmVYx`
z{k#jVe*P8Sprz$G2miyLuiu30cooT?->UyNcCkD$;hV2o{gc9Vyvhu3HOu02!q?QZ
z{6*lmZ(DqI_z!2z>%%uJvhCOzuJuv9;os`>T=2Mly)g+MuYi@i46gj^;L5M}HmN_~
zd}Zz3gZMth&CkJa`+B&`@Ukhby|3U=b6cKhf7@4;JN-k8&j63-^Euhzr9E$Xc+2*d
zr#gIs&%b>D*M8a>uKjcX{P%CIpFf8;PGY_uo~g6>R``h$R?ppV&1?M+-pj}H1^CNO
zmghEH?Ro@PyW%|v-~apl1uIG6|N8o<^6(?s?Dwm|TX(Ydc7ew%Zr%&N&+q#N!qpEG
z;rmNko*D3me!aH@uKjcieCb@P|3Uc8wwC_{ylHRi=bLb?kBa;-e19r`eE7=fmM0nf
z7heaM8?OA7;5yFKg5OJI^=J>*aiAMq$ARJS**&Zu#=qYz|-Zl
z`s9c2X=Ztf!Ih^O{EF{KZQ-wewESJ+$}(BY{2~#cqQh1^R=0C!}@b{S+OHS_kX%l7M~V=rk#~r3_dN3#g~PDdD`+;gR9)G@K}ES>J5LI%koczUtD4J
znF(Ke#C$be*QJ}`x-LBoPwMBvlkix6UbqYYVWjsnJoZNOS8(-1`X}N0|4Al`&jvs1
zsV%MMq&-i51O72#@EO?dm*mcJ=n?P?2GySl>F
zuAy+1I|`odQ!95mT;(o+tK4O9mHRz>oIkHT0H2Y?`uSJ*>p?bt&cP!MG`|ZkJ=p61
z5PsO-@9_*?X{41K^O=3sc3j!SZYy0(o!WZHD
zxmtJoJ}tb{QrliR;BOx=F9d&H$nunhzg^MdYr>;dGH(q3EV|_x17E$w;wQt$b+q`U
z@Fu>#aV7kLUl;9yKk?)Cet0{-{y7eha>B;jY50LgR?my@5`JHE13oFQ#ove5jBV|D
z0w42}#lL|!_s>DZcxk_<Dea
zrf2Z-6Kz~2dS&^v9kpH3!}a;5Z1B(h`_gc|$F(v%=dV^?OSs}Yz$^b^@gv}RkLx)2
z;RuqKjHa%!}WLICc(2VwffA0=l1;T;CimH4Sv(>c@TbPfaO08
z*M4*zuKnUJyyp&UZ)9Izrtz%!*zhJFS-F|u+K=+XwI3CQU-IXAb>P~MK7?yO`UswS
zp4I;|xb}-L;n~wz{TIL${|&tUM>cMMf@{Ax0^hO1;;+ILe+Qn+$4M+-=dS+Oev}Yi
zxs}yF4_y0Eak%!Q^6a!oN`uqY{ea^${
zbhB}I3$E+of8e?vjvOWYc2_;)!*xBJ60Z7WhW|3%^5%!DJ|*C)PZhZ8(*Umew1TTX
zo#6>X1N*=KK7p$~!{MsWM7ZiR7q0p&gR4I4;k~0;|LlaTK8N9|&uO^oa|N#Y+=Ht=
zPvK?#y#&#{UOEowemNfeo77hS3~%6=GuKR_RaOK|suUggeABXFH;XGXT*H_^mx3xUcef^I5|DE0DiQ&4xP6?0x
znZ*}@>;AeFyy`xSZx6qJ*S7C0xb9~c!f*7p_ziH~&u)X4@_E#waNWNimcdWgQ;o2WRgjb(y@x9=R{}f*BV~d{x*Zw;j{=cuRy&K@#e|N#Pf9;2V
z9o5Rc3fKPoH(dMgE4cDUixGZ1b{=EjXM}72%?sE5TL@nHOYeWU_TP4J?Y~{%=lr-l
z8m|3!5`5b&D|ZV#&k^&zaBbfs@TfjNc@eJo8}Q~Ct>50jH6CKb4ByYWtU8g>!!;gq
z!?nE%!V|@@ymjCj4=vyt51rx4-xGe(&w~@-8V_^f8V`%%QzP5;*j~8C!%4Wt!&&&a
z0+#0qT;t&teDzZ6pJcJZ_y4~;Yy+f$mw9Y)1>sufSr5L+?~j_m^KG?yj)8YpZd-Ua6|p=L}rukw4&%##{b}aGgh3EvUN
z;xoZ@9?1bO=+7$)z;zxe2H)P!+FK5;dC~fC?O!e7+F!cBHO@bQ-}3vf5pbQS=D;7N
zw|XvvD}D!D=d}ay?)z;#oPz7P^gFy!S1b2ET=7rfDK1<71b$r6c+hd|ZFsq%7M~BU
zel7vmai%=Hw$B^1f@`~c4A*gN09^Tp!GAAp<8T37+jk{g$FU9YvQw--Pr-E@yA0QH
z>`!?0t(GT-KW|q*>o^u4o??yF|2_Ed8J4FkT-&z_{CrK@Ud`c(Zws&Yp2ZJ>Ydj2x
z_v>x-nFrT+SPs|rS_gl#(()XIYdoBTYdqY9EB`%sU4M=fH=eam{jc$m0Og{L(U)%AmJY4bB;A?)g{B7YnE_H@yKX38F;p*o}
za2+>h!qX
zgL4$FadirQsEO6*Pq^am!z-t^_*niNQvI)Sm;nCmAdAlq*ElQ$*ElHwpE=+1G=Xaz
zegxMz>-@MB9_2kNcMDwS$DQy&{<(=?;5tA4
z2Cp{V>VE~U^W!ae-Rjm~58*mLK7(hTXZfQf4&To@KgNbP^y|08aGf7h!jt%XX(qVN
zj|Jh{UrNI@{;R_^ZX3hj_Rp=fgX?@Z06ulGZO4&t#m|T9{J0FBHHY=%Cb*6>-^2g;
z*82ZAT=A#j@vm4t@56OmdIC@Jhs7sI5`O!tpVPo~+{g@{bJu>q3|!l#CS1p*rf}tN
z4gcqm)$=pBw(nTDj!RSEJ#Kpc!*yKR4cBq$AbgNNXS@N|ap^8RmapGSnlyYr-`i~M
z$_Ur?%?{t@>!3=&6<;1+pr4i39Io-u7T$cO#SemOJdB2GdrgAp|I^yF8m{rM9j@_k
z0IvMU;ODYh{yT7uho^9jhd1zNy=?!==<8~A9?^Kn3)grk1dpH2^3;cGJT!%O-DLed
z41UJf6K{g+{PI2g*(&RYV{n~c{s&K5-QsV-b$~kXe+Jk2CDPmB$McKttsi2;
zb$&?*f0EkbQ^IwA$p9bhpFha~*ZCzsJagR%R?eFiy`^C0$8^g6-+QD@^=?Pc<{_qFiSpMm7ZQsRk9Z#0SfA)2Z
zN8mc1oQ3OnauI$<&tc&@o*4p(6JeSWW
zjD!!JV)-Y*m46L<(Lu|<5&rf?Yu9f0nvc4L)R))u$+YRSokB@K?T$s}6i{JBx1)
z&*t~l9pMAMwEFac=UHMt6n^!%kGEs+T?4G%x8YCx^Zqe>K3MJg!_Nz8;N3e|o)Yl%
zew=R(Z|d#(1irhP)qgKM)>O;C$Df<2K1==cZpY!P`&yp!@X6gQ&niLAMmQaAKrlv
z^>#glxAyTCJyZDY7}LjnV)&xQ7MC8L_r7^<`0su^DMs&S{Zz|L|tNr{q03PF#)pI0#>{|0_@HdGq|04KdT@S?02>>DfhZFsI1mOl^t^9)x1YVgl8nsyd
z!hbGoGPty;Ek(U{CW5iUtf0(ezKyK`wG6IpXEvRj(t@>H1<51;PL!@iB;iA
z<63*W!()XK{`cQF__f+r-d6bd_7;B%Ua^+>9r$gZ4~d^8eEq-t*y@uE-l&mzUifIg
zp05U9>(@~|;ZOQno=@R9{Jv=hd`?BH-w*J%KL5EFeq)ivUxrV;X8sDkaiH~2^sM3g
z;fQ~(GcCM-Jga{x_^_JhP2eYcnD>EqOl3Y19?#cFu7FSQ?XnM^^Rdj2z)>UJ}d&C4Ucoc`v0p4d}{>0D*`_Qf9&_~e?;IfBJe1=!uP-O
zq=)ZHWA!f%|ERx>ljiVzlPvFN@QKaLm%~eEu>42iF?`+ZDR`!smgjf)I)6{yUHIeg
zEPuw_;oF;Jfq5Qye2*^%&+X@hitzn@9a0y5vX7P50^V@4c_;X+zE+>U@Vu3*pNGNw
zerkEf!^f7j_}TEj#V!78_^QlS?s|APf1lnC_-wzvJp`ZT{qsNgn@_CV%kWXlt)6$`
zZ#G$dp25?3{^)rupN{`qz5f%zfAo3LwD279t=t^&Q4g)$Lh!mipHLP)=9JZ=7X18T
z^JefZ`OQ1RZ~toE7yfT;tIy}~tFz4~!dvdPcFluVs$sqyK5&|qyBVJCGxML|nf<(T
z0zS~k!v**Xzka?A&+FHR|H8K{wsu9!YvpVE_VoTw1i$9@cj@49j@j?$f|v5^&Z6)%
z-VYVwJ^a3-9=vcCt7l7i>E>2$SNNgttp7iS&-V3oBjGcvSe_;Dcbi(CeejzXEdC^X
zUvsPH1^DDLmgg4yw`!K>ANV(;EIx8R`?{XNBP;J@~@yxrm7
zCbDt|!$;>e9|Nzt-+T)E#3;+Z4gSF$^S$tQGg$pE!YBLj;cs}=QdVvh-@nyA!+)~;
zZ^2Xgx`I^jp8g!60DPR^cb9@!TW9&J!SgS+`Zt1SzG3m5;77Wf4}q^vW9^y&&*j$}
ztKqv>Tb`fbRqC6cgSXma^?V7x;qhtTwck^JMmuHkMd1Tpntup?tF`_9XYeg?tX&J?
z>-;>j8(z!r-_OERG_!L5hClY_6tCd@{P>fwK=^hQ@Ogo(@ZA1+y0Y-5e_6Q=;Dg6m
z-mdVAb*;Tq;k*6*Xd%3zKR5gizQf1;N%+emR_+COe$U^jVEFdV>tprr3r{}T>Nyf#
z(f>~9VtAF&mUjodZ#(l};eY#jfZOmdef&RxxAOUuxbKCp|5HDoz71bL)9RlVK7N?}
zem1!B=cW5NDF^?{-)~t5p8JONXFGU>Rp$NR2Z~xf2f<4pw|agK?-kE{6uj~z%QFF<
z)%T-m@Z7DeK6BuO{JQQdcz>_wGI-kxR-bL~p*gHRyWsJ9TDkk+jeTDI2t5Bs7XJ(U
z(c4z;#R&WceEAZq&l~swzfOx$$nxpr!ueBcH1mhhqBeT4{)8Y
z_rkCFJlkdXmKs*iTkzd)S%1dx{a*d~Cc2gT7QBtmBjtjB<<}1d;T6BPa_hi#{qO;N
zMM^8TFZ|vk^TF^1^{xJM;0^qKd@;QLb*s-V_$~i@&-n-dB;rhFqJ>kt(TKz}ExB9%zWcZzh
z-v974yRF>y@V_cs{2};oe~xn!UgVa=--3VR*AEZi9gydSgFO{~ZHv`s9bEBS;U_)*e{jWLfcM#E
z{qr2I_$Xz=_j4w0=7Y*E-i*@SkQ_{1dqHzlKlr>)~{jtbFzJ5I>I>h9?e1E?F
zE?o5~1|R12sSDTV^jpI9_g^}|hxv8&5V+nOFafT=|1tv}f0Fh8I(W$;)^GbF@T2gx
zem!s*t~|Hk3w>TUiqB80pA{bm{_$$7PiDB{bHS@cvEx8_xW-!}xW?Ou@cb{W+<|ay
z-{J6&-?nnUf@{2e3t#W=1>FZ%{89MV{(S#BT=lsNpX<;2qWk(I^|QuX61c`&YWS7~
z)~M_FvVwS&*8VcrX_`K|%*QNDg=CS2Qh1zhuB8{qBJSh>gH`g=eZ
z;QISJ*Wu0lJQByR-__51KDYdt;Cil?6aIM>>*sRtVqaLEYVZVIExrwWuz&umGyKsW
z%kw#0@nhiaVp;q$c%iSX+_msWKEHPWp3k2j9fx1@Yqu_grrK;~RL*q~2A<@J#YeAc
zU$wo8`us^;c=l>G-V(vTXlB2k9G=-fzn>O4Qp>x_?`q-|JLvY9j(2i;EJCJPv`3czlSS+5ByS5tIsX?K!2~u-|(s4|FLRY
zebt}2{JBp8__OR*|7`H@>zU_;Ka6Q!4Sw&S)w3@Ag5S5cgOBNF@m=8SeSD0A=WJu~
zQ{gN9K79pz?KrFFdiafRtX~eoOANF8$KfS?9oh|eMX%3Yc#FhVZnQe#`+s3+^SJOw
zK5vr_-rJw=W`WQ1=VvA0Q;u7C<>9CNI-w%Q}A`$EdFn};{Sy&^?8aEb;I}n%&S(<^l;Nik&43=Uk?7epBLJ~
zKlJDOo#Ed^vU*I17aeXs4?cRS)#w1cTWa%T@ZCc!&trIlb>=VN8^5(Y$?MtAb$l4!
z!nS)lcz5rh3h?@V-l-1HFx2vX2)`WF^0$W{I$`mH;Kz5H4~Jj!=kIgi&lXul7r`fH
zvOGV*6@M7MafRi%0YC1~Iqt&COt$z0^{pKB=K{ZOe;Z!!mBr_U&xmTj|33U1-|s5J
z6IHbStPiiW)AF=}XY=`-kKwPsw)g>XU5AW>>$-Ouyp%r|SOnh^-SV%2$7^r>@B@6h
z&$AtYuRUn(y$i4Qx8;8f&!5Bc$8BIg*LFF$-o8%;SA1G{M*lp*yKt>1F9X+l^4jph
zzMkYm_*1`s`50bgt+jU${JPH%kA=VA(Aql(zSQ^Ytsi#5fA;h5ak%ayuE2F4
z@h4pO5%=J_k9Z8%eZ+IP?js^K48I+99}xqt`-pgO-A5#b>pmg{T=x;_;JJN0&pYrF
zk!*YAgqO%>_0A8!kkGs^T=yd-;JP0v2iN^bRk-d)8pCxz@)2D3BYojI4txRE{m4|f
z?nl0XU%zDIa}!+mBR|1)Kk^G)_am3#%6}bRe!rFb8m{}1D2>98t7u7WJEnmve+GDl
zSNJyz
zE&dK%_Y05UA1=50CukhLpLM^G9DY5X#pQ(SexU$-kk3ohhwFZ!8GN9xGwcP|{lWnF
zgC17@$#C5-%!a@C+4^T4T=xrG;WejQdym6UdY&`z*Ap!M9$fbqPv8Z-y@@{v-~YP5
zNCodc)$0E)T=y5n;H`X~v>{yg7cJmNYg_(L;ksWK27lq}XXe8d|1~_Juix7b*ZsmV
zc%lW?FSp@}e+Vz;_g_hxgzrz?FQkSi^W#quxZ+F0zf5EO(+aNpi;nQqm2G@Zh3o!e
zF8t{`R`31r|9gJ{Ka}0-^BAuCi;9q>{DHrBXeeCw7o*^<=39Lh!gar}4F1U1#~y+!{v>?zpVpsu;kv*02OiI_50m>m
zsIFsme~})3-mgQ7z;%C70j~RtdT`xew1n&a;$yh(F9yPOe=!=a>x!9h-CukS*Zsvt
zxb81@!*zdg0$$v&|1ZIH-|;tG_Z^X%hab=1p11F#!8d$jo&m0Ty#nxpA6a~b2)qhB
z?g1O0t>Mbk9-eKqQ75@aD@~G7(uCIgEev$mXwKq9D!2t7g@J~9KmxSwjtO9(*zgEwI@L}(nPmRE5
z!aw!<)phV!zgvBF!Il32{Fgfxe;z*U7xQcIG5$G%sD9m~e$#f03qRq{$8*7-_Os$VDUi@*=TWBR<@
zRk-rpgvavdS&>@Wc2Ga-c=8tf=jv9^G;rmA2d?Ya@^FpY>hKwU9W@j_y1&(L1pMJW
z^QG`3b<9`6Q~qVX7k;3zwd-g2cmDa%d+@zJo?pQ8_;c+9t*jjN=e9ZaeQtQ=epYT3
zcv8Qg%I?Qq9`Nm%G-)365gW;POTAq>c
zVg4L#3Vd~4Yu7?}lG~PNCA@knD|Z)th~>EgpX&4Nci>xwSpH}5?mmAWxrhBc^shg<
z2rD>?yN)wgnp=JH1mb_RUk&>~-GJ{1cu(XhSKEF#4F15^wN8eQ^3NA9g6CXm{jk|R
zl=X)|xu+4Ya&N#@?i0AmjnUJRsvlHtdiT&zzYmmK81dRJl>_nH1Mwdsew43A>tGz4Wm4CK!_qm6@+ZL$*dBoqY6gC_p-Gv|XgG7{G_RFDv
zw+8a0bXPyC9}20tK6<|l{?HmROI?Vxr-35
za@WIE?ryls)q6wP-W!2(*9FRb#XNr8h}qYIlt;&ngm4`dL9B|dY7+m$Q
z%ANf%I}q=e6#r%X?;L^nNq!%(2cFTdOa2bzSsExerr+nOT%8vZ!8OiP!8Oh^!!_Ot
z!ZqH?!!_RO!*w3%<{qm0l0f~xK)lA`47kpZD+75J2lDJey!zn}xY~6Ou6DhKt6gt>
zYK5tv)vnC$p`R`a)aQM~t6k;c+P^*s!yVAndt~_wHtDJi%+nhjs
znjl{7Y6I6e92m$mJCJ7z;x(?e2jXW1;!h%8+x;9|+x;qB{qqQ}{)sxs3RAzSe^R)I
zemXNypR$No{UTr-sX_y8SftYZc3m&TLV5h;MW2^Dc~tTvu{{`y>DAS
zdX&ZG^Z3wr69ah~2izZ}{}&M{Qnv{5&k4kj59HY%LHr+q_;G>wev;YQuH##jVO9yXOUJjkaP4=g;o9$V!FBv8;~pyI^FVtWGv4nbdc#%jaJb5y
z3Rk(`x`&GN{|)P(U5MBDgV1Ctuu1K
z)!w3TwYL#m<+g)w^Ys;7-9x4Mt{+yPX#w{`U6`*#9_9Zv5buZlu=q!a*Z!5r2W6;S
zKP866R}HvdVuX1sclD3T?Hh>qOT4i7aS_DN55)VWaajBg#B2ZB57++nIFQG0Wy12r
z^_^Dr)c%zWuKg<=T>DoxxVC!{xVC#`xW;*N_fS9ktzlR_do$kmuZeJ#yAZB&*TPlq
zUiVPBeybf;?(c}#{&fwm{p(dAk57Sws!=_~$ymhmT1Us#&B+N8s;GvHa)VLs6l6#<%cDcM*SNll|Zo
z{ENBfN&Ms#`p&0j!wPucUH!JGiOs85gSYNs^=TQ%<5T8gKNx~|?JuL?+Fv#Y^7s@$
zSe~PZ*KzMOT;uRMT;njRpQP0;jfX^V{e8-m?xFtiM_6I?DI4&Qtt-R)1LRTuF%kGI
zc#NHv?5jZju7Ugq1KuUz7m-Kh#`KGrP-y2sd`)-uLo@jLvSH1N)HaaEmzae8U}V5M
z2J$aJ9$kkogKK+jhHHEM;vP!fA&~zT;&pu<%`fuQuG{_`Ek0c3ri829eDH-)tsjcQ
zfAI5GRrgR8KMK^dGvf2NwmiMz-{!DiniEOlQv0uvS9{R3rAWs9tE06x}pYlJNZSCzG$kQf}XF|YR2Ye0k>;7?1Aih-~{z<@F
z2E3f#goNnBfR7D$i-0e7SN+wlErIyvf%sz)#9s}>Hw(l+N4&0cV*AY%%gqjNzsi!8
zcMpBnG>~6^_aj720{&ef{)2%3jQncvgFt-aKzuB}X=FW9x`#p=1>*A~UdQcXaP5!P
z;o2Wtz~A}K&PV;+Lq#?Wlsg{rYS*?ve1kyzi3sAK2IA`n;uHAIw)#QWX(`~kPRj^a
zd*6kty=CFLUTWkXs!F{;eTE=j`6t4ae<57?HwE(74dlNR@Hzqi7kRXOHA$iVQGF8l
zttPT|1D!6ymiVdqm)$!gW7C5?;*L&rEa=6!f$8%7Y{BM@IY5I+g=I?pbItK6Rh
zc}fNHTn%{1fImkb?JrS%Qd{lP_Du}e_RZ-YN?jt5zbxWa&)yOEAh?cuW8nSL+j(<}
zd#K3bfpULDypBtU;HuAg_SQXK2&=>D)IRAk{mxdq+TF7-nRxaw0I-oUS`
z8@q>67YgL>hIr+l6o`K>5WfuZDtBujzF;6e)=c{*^lyQHr*~JolqVN_-ZlHB;_ySq
ztlw(DbslN&9{TNf1LY1vyvm&g@9XOZx4;#@4_;#ae+B*b-%W6iHos`HulpgxQ;XJ;5yFq59H4i$UhPBy3d^j*M070c)`b(
zY!_Vpa1eg^fW@DJH|u161HNjRjfYq6p{U#z`rrRWij>YD)~cUt`bAAm_fTlAKzz3d
z;%5fpa|YtKB0hiXuwoojK3x6q3a;W(1uJ(T7?@_4=
z?=sB#tscDg0IPp9_?2W{lwIP)z?^_Lfbr+aE~
z@4JV-OBcvLBH(EQJ{NhEe^nqpO(6bkz*7hOKJsW>J%wvr#aUp#tafQ!rGdZQDAb$(
zox9ybzm+ObZcW6i{!QU}PfZv2qK%epEb{*vR_cFiSp%LjQ10u1rwDkdh4xM8-{b*r
z=&tsvo^9Z|Zto4(^NSI1J-?U+*Yk^|a6P~H&RzA4?{(decs;*34cGIFzXN&R4zxGs
zSN09to5DTxQ$OT|^>k^(>v>0QxSn^k3*<=}D0d*@H4ewaH4f*&H4e81@+S%8KOXSJ
z0nf6?zF~Xy_toXPUM+$6*crmQAyNhRP_{&Y{9OZ{FyOOSPxarLi&#|o5Nbg6w4`Zs34`v*Km
zz$dz^e^k$Ta2;1y!*yKU3DF
z^jp#GSO5FJ|K@NIulCjp#77Ine~Ne=S4YEjTwNT<6E%=$8{##ea}cij+zjN2637$t
z8~aB6pggtRLqClih#wj7NC97fJSukue4PJ%x1R!e-h}m}{c{!Z$`f^&6&CvUbs#>K
zyXvp~F*jWMV{y3l$HsyD{tCaaQo04)KPn&Qdyz-=JPOzG@OO9$|Gf6qK>injcE$bn
z|F!pdz%#k4y(+gzApTh(zE%YBP2oDfbcXBvG7zrw%QW{;ZT%JDVWqD`yy|%XuJgS-U4v-a~b%Kg4P*T+(X%(7=``Y5Amw!2zX}y`$yvfdHmHFVR^PA
zUU?3}|1M_tp(g@)9tZ04IN*;0UTwwyzaQ$u)eo)VFa2|%o!mp&9tQGH4)}wBe~Ub7
z*N#B^-+_4jog8kjHxcBCwK9CWRR6c(dFokQI``0b_XFit3b-F)!hYHUc~t+-@SI;*
z{(GA3)lX#9jKpp^uRwfOclE#K
zqw>L3pW<-MM^%GsKB^5|^HD?L@$y-}jfSh-DR7m$0IqVkx`*0(C(z#Gh*$n=f%w~j
z_!kkxCtm&k`tw#GzM#AMQ}b#4;VSn__>`Y4*@QrTe??T-4~`*Td2an5?(PJ>&N2W0
z|3MM7#2)*pT7n|oQ){|}bR*g#6gg>|HYIIO)0C7VD1svPpa_bf2#VNa8Nw8?jWEoF
z!F1@%gt3HS{O{|&KA)UdJ~^jN%h&Jm_~-Fx((}CE=W}28b+6~T&q<75RO;LJ73%yQ
z?d*MjqWz!4v&FUjT7L%e@++vqXWa<@6m|X#mm#ol>engiZ}>o>J)fY?&f>N`#mIk*
z{DKtuOObCy{(ZRoD)w+{o2jGM2|pOu>x8s=-+pbUUMEDw-PFHezC%o2`?&!5kC0yo
z{}BE}iaJfkADJxY5!CrJ>ih`*06y@+#CmxjUM8-~tL?wk_@2f7`PZOM3+jAi@>*y8
zhdTG?-tzbBdx^WL@1f3#@IS%JO&uLSJkxmfo&HG|7}xf^WPJLCzJ2c*-{Ll3XI&YW
za;bOGo*Z%8Zz%YAwfnW>OYS9TRz!&`_X>e-?$$C
zM~b^=$)89Gs};f@L;X`t9j$*O@{c0_P>TFB#`XCB9_l=TI{z|xo$q>2CANoU$Zs!h
zw}(B9>+%0k)Oi?njxl+i?Xt&x2b%o9Kso
z(4Kw7wI8%S#~Ro3U>tSiSK@}%E;M)Or1>aBZyZlLv@L79`
z>;9&oy4Tw{OqI;;vQl*4}XLPrz%?o;OV$?YFc)B$i8lMQQk~
zUBqqsk5A!KjO%_n$M~M>`$o+dcXPiM?Ys$o4SboY({X)kT+gTP8rSpbx2S(L>i2xf
z_k&&D-r{cRRmf+j$d5x_K6)KKYif#orOE60{lOIZCyZ-9HyK}F8rzKe@~7Iu_WaM}
zb$jUfa_4^7_Hh4rD{=Rz8vQWbKjyg3auXP%Y|7TC%o+i|}40X0>
z^3&b-OW}Ko>-yDk(f-DDzWK)W_gTeE{o`aFb4>oTbA3A&A-@Rix!vS-z75D;`$4aVw==HS!$%p{&rKh1T-#r6{Q2Yk%om8exnG3#TxIfF
z{}JS?kY8@{I^Ta7*U!DK^QvE7_x(cD$q?6m&^m+RZv;<@ZQ!4DApFh1C*0$GJnCP7
z`ei1s{d|UT?dSVY=X}(8(d6~@)Z50j{a>TbLe$yfkG>ytd9_Y~xSM(&^0Q4|>n||=
z_B>zrI@CEAb?!HLt@EUDJ#N2dT#wt|8`nCUFYmluAMNYUkK2j6spp_Qqu`bBn5m=n
z=OKSK@{3aBZ${&o=(cJilHpMEx_+&IjP9!(TFWbiQvH*W=#bQD;8tZ1{TT
ze$f3f-MH?LdB*j)bd+&z&nd>w+|+i>@~0vHg30TAn~m#n?;ogh
zD(XbsK`r>wwQ<
z*VhBab$xw|I&)E{-Q@MSw_$Vge%M3YO)W#6!%SZ5EJA(`^0%A3_Rp)x$B|#xbxQE%
zzRwQ-=f7}Nhn+*LaT?YRVgGW<4EN9#X^{0!t@Pm%u{
z@+HXsm?FRR+ntwJ=iA5lh^X)9eZ<|frlbCeCa-m-8Q0@>x$%F=-@RIZ`qNN<3A`Bo
zq^YCxZ8EOw_XFd)etXC`tFCvgv$OFlZ}$DQhq!w*7410&J_SD0)Y1CqB0m}V>r>?K
zN4^O8KcvXFrtp6l*Y)zf@tcqK>-`sTx4bdTx8J+IKWx7pU|j3x8Q=R_Uq4^mRVzgO
zvrJz5ZISVE8F#oEbxuN^XW%Eoe=>En{`!CFyj(9o=-aui@yq4ncZj%q)(NP8gvsl8
z+OfuUzEh0rc-ma!I-Yi=ajkQs@wen)(_lPrci-5*8P_^1jq7^+(fB)KegEw6Ugv((
zI(r$vS>DVt+PLN?7}xg4jTgv#pAdI*pM?H@)8w`O$`t;sab4bZS~@S6jw^0u{D*Si
z4?BvxXUR*`uvJGH-(1>yhN+V?*-uz#T-$%M@qBrc&Yh^QV+O9$(M`jd>GSLEwYLH+Tle}&0w{TqyH{W{~%$wh8G>K}#re=&Kj
z|99hB|6Akh4eg@YhTot-t<WzZug6R$d5rjFGc=D@Ca?X_^P@yR9FBY+aoZ2s$RCFMkty;g7$0-1pWjU5SEhNt5cP9W
z|7Mfd_CJjLNaSBlk^eXHBaq+VFMj@Zd3R0W`xw{lf2i@hH1SmU~#A8lN>^OKD0c0S9vZs(U8*WaIWt#Mu6
zTa4@Lf~Cgwb-^Ev$7B%VZE@ERgU}COn7p=U*H4o7=V;^m_VBsc;_lHv)W5*wb-C_A
zegN{%rO5vY`TofNGev&gzxj5#@BNV9PTU^12c_^4##>MF$Dc8%pN0DKOhF*GFPr?ikNAmi8o#2qU;aNC*Y{V?D4KK1pq-*mpc
zjO%>&GOqI-V*J@`U-t-c_h?_tx7g%$Kb>V<_tVpi>wa2kT=&yz7ReBajg?GuI-;?e6+mixzf1S
zxzV`Rx!d^1`}p=eDDEEh#rl00?za4AuC@Ae1Z&USHa=UZ|!ZL`1odb(T{
zauD5JT=R?M=G8$d^2eC`Ns^yw^12?cGWl$|iF8kj{A0!+JKeXt$@qtI9Q(rfp>p%#
zzsB#o&)3;uh5xC``>C|&K;!Gl&9^z?+HbmCryJMpv+cl!BNqy9dA(+R&nWAa-6
zW#d}^UE}@ZzWzt3zc=b{@((}VwtqY0U&-KQZ*ljmy-?>!lh<~hX#BBn{QQbhClht9
zGkL93Yh0K2e&cQOdg)Qr-xKvefV(~7L%9j|m8qlK$tGX;_PXyb|FzuI+Ev{4+y2J$
zWt{d<
H{qZE@y1dhk>+;Ss-h8L8bEdeq^Lc6KttQ{|9KSqwoBTq_zi0B=p3jW$
zCWDLrGS#MFjZb;cKj{kN
zufOg6Hsg96e%QDkhyP|==eyFluJ<2|>w4d0W#|4`a-@H}rMP?4$2T$jezeK!d`~j2
z+exYMXX^cSQjYq&qW&Ewuk{}`o-2)d5_Ni`&gXD9$A{#m=+CB(*5CM_o%`X5UjFfp
z;_i{F^Dn8hugUj(+%MN5@bH$n+?O8#ceh@v#`yeXQ~yJGoig9#wVf9jKVqq0=+;=wH5`?qAxT?Tl-C_BO8VIna2i{C<)#
z#)r%Ap`9eI?JSUXUTFN$lYRf(Z0czHA2s=_CI4EA{AVUVR`Nfk$fy0gbN?Llf`6Q0
z{LGzvJ2Q>%ljrjz#dUdWZ2c|S0&%loDA-WU1y{AB#|1>U1={-+xrZ@n_|_`cQFKE$SCF{65Fz
zwf@=0>o@oN?}ezd3+g-scgY2EGyfG+N9+H|xc1NAjq84~(N~@O;eS8*nQsq&BZ$`TK{0aJN6!%6?r2cl)FE=T*jad6yVp
zcd~Ei^Wxf`SLLSb`zEi;`)}j=dCtgpu0rDdr9;p6k2g22{j)3FEmuUAYfrdau0A>L
zs1k`}8^8M`Uw@Qw?T3?%S46`yku!`hl;g}IczE2C_FMyZ?fLUGKi|9HE+3ctAH`kD
zwS1cN=O@U!I@+IU-}`!+Usv+Gh}-Qg*W{Ot_RDobihPOj&Cc}wS!?QKN}b0{UfcPC
z$xo2{zl}G_P45lb{c_p%Zvl7x*1Vo?e}8f9hb!f#_bBAqZ^szd@x2P;FE94(xY+mu
zPx<*?E$&hq2LJNYyx(N<(K)`~-ay{T33A=?xyft4eQkW3*L{1^fABxGe~y0M&o?UW
zrn>r{OZ|Q(ugi6W$=A!x{9=>W_RKL}SmKxK9OJRQefzF3uE(+a#I>C{GT#?XUgz6v
z^3x^%lkw3bd_QdYW9R&Z}~>_kNStI!_wc
zI?Ijg`uzy*w*N}s{gLmC%dkXbv;QXg!R1>epJ_Z@_M>6ObHtA~9v7c$yjJ{baqZ81
zxygJl^4uRAjO+N)E5>zv=>y|BzVxMW9WVOHxb|nSpA!A!+N1s7&$zCy1B~mq(^%sl
z%ZF4Zifcbi&i32YLgPKf?>2RGzK2Va`XI4;|t}!!@56rUS6%gnQMgGAZ`To@Yxj=4W?p{=b_1Hj@7?MSiniI`_}(a?^efaoa!rjq7;JaO1k4jyJC3
zLbJtnd3TlhUSRUNTvr*_I!lb}_|h`tI==L#xXyR9yoq3i$?JT-HLlCML3s8~To3E=
zZfjh}mokm(_|h2TI^T)Lb$n^E@x$bP_sQaJxnw9UJdoXJ@>>6H<0Irg$b+aOLxf?S
zkKpc*@jrR9z&ECj)?Y{7&#T*y_Rki^b-x&BT*n`B;qG`P!&8ybaCf}Y>y}AymygQv
z?JRNEKaQ&8X5%%;^L%%kac%#@#iE*e>-q+3J3rae
z=X;B5e`-JPXI$HPsBwM$n{Qm(Uj`5RP1<>Z@tF7}aMykvUs?=zb*d$QE8OL^f1Ve2
zF}LI^_wdX6zRBzIer{Zs_j}_yzLd6}?@#SF?T0C^%d6U=nykT71(`sDX^Rub{qYNHzC7#qi5C1ZG?T7yw*M8`^
ze)8>VFL7;8*^a(FIVP|5k1?*}C)17V@om1T|E<)&%;a@^sTS_`$2Q-b$Q^LEKWcxz
zWL%f`J>%<6_JzI^*X1qU)_boFI`@w*Zy)12zBJIdjxXgJ*Zw&M9v)X^xhBEga_RU|
zsc{`&I@7rJ!_CHZeCYw>I==L}xb{Pu^uuQ+ul>+-L*GA|@3FOCfIi}Oe=IQhimiNp
zc8dHNCV#u+>x`$1KbxY?AK~HgT>5#Xsq@Jee!_Zb$=7?jaUIX;Z(PScMjF@goFl|t
zzq#?8n4ewbSd-WBoO6+P(Jwdm?Y!RPwLMQ7*E+8m*W=qqrv4b|hmAMtynY`|_w(&7
zZrAU=#&sNNjB$NkJjvA0k>x5idF{`OO@3o(&#fk}+vk18bsXtw<2sJ?nsGf|eIc&f
z`3;--eppBTF0So|UgDa6PVz&Im-q5@@>A3~!MGmBt~7PFmpXTwy!OK*#ETXR5f?|4_#H
z&oFuIp9_t@zo}n;*BaOP-eFwlyUe&Ae?B#?^ZloB9oPDw@w;Vz+dzK5oi10qjQbrb
zZu@PV@vY_kH%FT~+e@7bOkUf0xp95ndXw>ZjcZvXatG?~;5W_i`zvtQ!|(cTjA1ib$PYl2Alk7$scd>x?Cm3ADrf&5I1%DN}X%qaw!ll*M0D9u)HtA
zr9?ROAL82n6XchIq;2L?>e|lDjcfn!Vtn`r|NK40UBAhxE1d5blW+amH+BN@a>@xO
zoMZCZo{NoZduoig#C>~eQD06`Vf`0P{*V3q_Ol#$IaP%DHu$E#>EZVc(>wRu$XUM5
zF5>RdCddyqd0nofQh1^9edPLJI_kT1reD=2uYaHBCgZd2_w9TNbvDu>!Ozc3zPDW0
ztu%i6?tb~(P)AM)VYTh#eMY)nm5ulLsPSGe`I%>myVl8}Ih>$1U7h8=>7na7b>u6D
z9EtiL5nD&kZ_c%*i{`j*!IyLPLw=~<+0QXJ*KZuo?W7XU?W!7{F8_BwYUTf~J=`zq
z;oQF(;XDpB!+G3jh4VPs2IqKP*fGI0*B*`sraK6}+z-BgEDDdhfP7`adn*P%bKtwe
z^Widt5l)T4cSAl7-yL2Fmm#olYBf9)`C9m1@Ot>(@J6@{1%^|b;rzTzD_n*?!+aZ@
zpWD)n+fCjd^OfB$;yeo;m7T$PKX?|rKRgG{&++BM2O=MX4}!Gwr{9xqU;QYLBM6Od@e;$gw-bZzw1CJs<44wra
z4$py)fak+U!ej7UxZbCA?KuoyiM+f;Ae>qam$y)aUJIAEXoOx5AC3Br@Gp(Degs_K@8g#1NO-zjUpvo-N8v}ov*6?5IdJ*NTsSo!J`wpCT;7ruPSyAIxb_@_
zd?oV7!mHu(*0gYHE&Mp->*4azk#K4wd=m1_@Dt#z@Dt%}@RQ(rGIq;V2-o+AI*-Al
za`JXw1kZv`hUdVi!1Li#;W2nIJPw}*uY^yBSHnx-weT76dicrkM))c4X1ILxBAnU^
zpNV`Md=^|UR$PD1hNsI#jPp1=3ZDbl-?QlQW$+y2=fd;hf0z4o7B0L8F13V6Y30?_*8D0%ycPZtybb;rc%+wq;QIfs@N{@9JPQ99
zo(2B|o&*0IJRklkJO=*^9*2JpuY~^{UJYLXuZ8~uUJw5Q-U$B^-V9#}Z-xI8-Uj~{
zJhG{O;QIgH@N{?^JPQ8`o(2CJo&*06JRklIJO=+39*2JiuY`XOuZFk7YvDh@>)}7b
z8{z+jH^YB|x59shx557hk8I{2xc>hIo(>OB&N3|uU&lR3zOvx!!gJv3!Smrg;4%36
z@Hl(}cqM#8cr`o?UJKs{UJu_G-U#0W-VE;vZ-w`Qx4}1sN78)-^5WLcs}yG!DH~<;c@sL@Jjfe@M?G_ycWI}ydEwe
zc?vtA5xx)d&G5ePR`|Z~Hu!#Uy_xE0e|Y*9iT=-mN8xg7GYn?I`y-zN9{|sX4}{0y
zgWz%aV0a~b2)r7e4X=d{h1bImfH%Sqgg3(vg15pChPS~Ffk(DX^z)(cba)Ot3Lgf~
zf)9u1z(>II;UnQOcrH8+KMY<8KO9~SmtWNpE@&-$6!P`((eOt27!n_5Fs9^5IeBkAi2x6wY?J8!+3<9D93F+wfoH+X
z;5qQQ@O*eVJO-Z!kHb%eSHe$&SHmmdweb1ydid$^M)(=kgGVwF{eL+;9bOHO!mog5!LNkpz^{Vm!>@+N;Mc(8@N40f@ay2!@EUk6
z{Capj{04X<{6=^)d@;NgeiOV6elt9>U84VQfv3Z3;ZgXl@GSUk@ErK<@O=0Zcnp3A
zJPyATUJ1VoUJb8<*TV0H*Te6DH^T3QH^Z00TjBS?+u--ZBikqX{{eV9ydEBfKM2o)
zKLpQ#KMc=@FN4S6kHF*bN8y$5$KciQ26!#}adE-$Y;{CpX2mEEqxZx_!p^}muj*~a&maq}GGS|`u=
zb5cKMe4x}RF^YR~tW2t}knhPZqB=K2^NVc(Hh+@&C#BqsjPovi_Ql
zKP28_e4`ybv>D%JClBq$_4DB23Jj*{_VDq}KA0xkjQXa#c#j&Nn&~~$_}hDX&obU3
zo^AYn@f_p7i02t!u#c}FGk&qOr^NVkQb(^j-DJ1@Ykj?zQ`h=>j#lp>b@be)K2^Nd
zLGY#CU)ot`JYT%g_{M$x^P7y9@9VwU_*LR9#=jPCGhV-+uhVY4aewb&rv(3XlU@I8
zk>y?9#@*qEh(}#0_|p7yQa{u9V^TlMxYo}$uJ!Yc?=Z;EufX^VgT2R$|3$pS_yt3J
zzS8)^hj_0t{*`#O@xKl8`5NQv4EJ7d{5z@BV0_@AKHq3u>oghPWw_6`8XqckRv14`
zyv?}QX*YiGa9=-tJ^xeJ?*gflVf+d4sBx{6X?&8@&oTb2)X6jcvv|I7ty5rpzSNH!
zUpL1uPlfTZ;+4j=PL=WNq<*dODN?7-_>1E8#r@zjR=m>q)l#R*_%q_Q#@9c_*RM0a_*n1t#$Oh1F#e5rv++-2
zzD|qrqo#OoHGYiv3ggF$w;4ZEyxsVZ;_2)A`RMkOR^%UN7(Z0t((L#$OkY8?Tz`>sJ{6y4ZWA@y(}suQDDNuQk5kbf2#?en^S;dgImN
z4aT1mZ#I6Y)Ne69Nb;@5wf+j@T0gRZZsJ`p`ql7t!#VnIHOBWn-+L`w
zx;&gvXIzH$BK2_jZJE-BzOT
zp;E*B$TVIj)3V?PAfIhq`#%S+*Bb6=dB%0!=fe*|{Q~2fkHHT{zQnlhOL4diJ%rDy
zFg{IcRl*NN{VL;f+c#1T&q2P%_!}~<7CsF5I^(*1*29M*-(Xz#$42-F$S&$wz%SONUn=pJ80LwS{2b)#jO+TUho6glgK=$ZBm6w%n~dx6p&7mq`4;24
zf3?E(8q+;(g>l`#+Ta(Ue!KCGbuWXYZu`Fw`84CYf2G5#kk2r#+j)3QNTwg=Gr?nW@{kIi<
z4eGBjzMo8MgI|k$yK!A!9rSmr?>gkuB%nT2rlrGckk2swCz%$7UyppI@!m2m3w{Ig
z*~ay?Uk?06pC;2{@TZY4F}}4-i^HEmzQVZnPbK_Wo(^w9KEt@~?@{z75N(D{bgD${A1+njBESr;h!MiU|i3IjqtxA-();rrZvMq
zMZU$j9zR>*pCP}(xNdK4@XwKNH@>e8U79OEylHe
zEBssJR~SD;rnSMpL%!X(_Ge^kA9CyEd*suM?=RER;qAz07_X6OQTPwYXByYB$SnAe
z$Y&eZ^_2tvFYhp$LA
zJbcrxJg3I^(c-o6b=*ppuR7yfh}Xl{MZUqfp1&I5>mlD{{0*t!4DW$_i*X%aZH2Fo
z{0igR{x-tKEry-wVT(_Snd?VyDjSrG(S@4aK&o-{t
z!#QvrgLg}oXS`$khxbJN0^@o-iNSjzUt(O3Cvo_u$X6KG<3lBUGvup`>+zu)o{oHt
zaXmiN!Z%00&banZJzQTyxc+P~uIslEuCG~LzR9>AADZD?p*=0eb$e@tZ;kv4;96CdQ#^rg81hEco`w
zXB*f3B?rC(@_EKja|;=K<->PGzQFhdACJV~J0V|UT(58A@STybFrFv%E8)8!UuC?n
z5G~;{vSR@^uiTWAFb$vzQdm*1`d>^Tw1>YO_Y~vl*
z|L}c~&oi$1e0X2v3yf<%2HzL?6611siNxXiAzxvzCZF+#`XAI4bMWp#<-rp
zYT^BmuQOgF?Wu?NN4~+ho{t*g1CVbruE)1#_(0@ajO+f=3fE(vYw8N)eWd+u@WH6x
zZd}jTk?s5wU33WYX~sLYe|R?X8OF7K6h0LBOyhdK$buh$e7132-W>RW$mbc?_T;6~^KMMIeR9B{c1Y|O&UcmVEgfEf
ze1>to9*Dw^Lq5~Ep6{~Y$0MI@T=O~bNyz6JA1m$8ho69afpM)LgP(|eiE-_pIQ%5!
zD~#**SqU#hzRGxiX@505hJ1~2ZGSDi2>CkWdVN(7pNxEiam_cvry$>CTsFT*GkhxY
zEyi_!Y=svizrwiY+u+lXZ#S;_$c~Bad^+-J#y8dNA6|ldhH+iqD0~L;na1^am<2x>
z`E28Qe9nQNf_$EFJwD{aOOY=yuI-7zXChx>T#r|A_$=frjBEW$_-y2>j31=iKRk|n
zjqwGNuZ7P+zRtLgpVY(4kZ&-q;~|akxyUye*Y(v5FGs$`xLmGBTH*7MUtwJL_cr*c
z$hRAxCH)iG$^XYiPeVSXOylw}k_EpQ`E27lUX%mB1o=GU+W-0RMaUNzmxqxU
z{8HpgjCWlB!!JX=!nmG~D&dzSUu9hPmuh%5@-@bFebvIRK)%knJdD)CuSCAVxaJ$-
zS0UeIT#paU@T-w;F|PY>EBqSdR~Xmpu{QX%$hRAphaG>E-9@iMK1~X$>+6?vcn$Iy
z#x);>UyppIaqXWh_zlQs8`t%l1HTdZJmZ7p_?Zu1jC_G{ef<)H--LXLajhSR-;8{P
z@jawHmGE1TuQIONLp8h>`5NQ$Fj5P@75O^j+Mo6C+mLTCuFKm9za9A|!SVO;yO4Spx`?Z$O^BT>I1T=XvF(~R%uW07=t9r78*50-osemC-&#;`_`S&I8P|M1d@1q;#&vs(!S6%9#JJ|;@cWUkFs|*Xgg=0Mm2o|PRm1C%
zuQ9IqTKI#=*BRIG%zF4k$Tt{2HR8V-;SVFgN8w!t4o
zzTLQvheUcu!Y>zn4EZ$Uy1vrk4ajF0*ZnsNe;oNt<9d9^f?9
z!prcDd?ft-clgHev<>|OS7#IW0Qjcxli_-e<|bFc(~-X&zB&9kxNd81@`rGJ%Z~GZ
z_H*C;`xbQDagR6Y@4n0X8T^04?|Z>zC@A#daCwOk`XqSAwNfyp94@DnFn=jL8jAmR
zCtOx(IN=$%jvcxQ@4@w&+W9Z=-5ki*kOBTbZhh^p82mgEz9+l{o(Vq(z8CxkxQe>(s^1YQBphA)N>g)fI60RIAhAbewKglmtE
z8Mw)N!}ZwXd>s4`2l90x{7}W<=N<4I_
zhu;F91Ah))2LA*;7d}=Fg04N~@GIf-;QxZ33g1Q!ny$`i@PptL@Y(SB@M`$!@TcHs
zz~6;0fd2wN6TVlDf8g4A7JL-^Z1@a#CHzA8Iq)ao=fXdPp9kN1n1A5fvk*QQem=Yw
zegXV*_=WJ{auRa&tKcWYFM{6$zZm`u{1W&V@I~;A1)PQ{mUa7sG4dAH%PQuPY~e*Pa{TyTWgT
z9}Zs(FM;0#zW{zSd4}LQIe)t{m2jHK=>*4FlMVp)N
zgYX^U55Y&lABLX{Uk1Mg{s{a9_@nTD!ykj|--mJSY=HNdi%aK^!)L&sfL{WC5?(aM
zKX7%Pg5L;#8vZ!^8TfnfXW`$&8{u2X#jcz0bMWio&%k?^nKh4BBt&xU^kzX|>={Au`i@D}*@@L%BV@IlA;2d@1;z)yq!2)`cwU-&Zk
zPw;o(Kf}L<{|~;!vHpQ;&oA(O;So1czK(;h13wMEF1!Z59{dY<5BQb^enyVghxdbT
z0N?qzM1Di~A@DT#N$`!}U&A+sZ+(2C{wDAN@SgAq@Lup)@J-=M;G4leho{5SCMDXl
zIlK>i3-}25mhd9@R`7G+Tf^^xZv$_FZwr6qghV?t;P1k>gMSO(9)8h@i8?#Lm%?|1
zH^X;=x50OYXPlI%zYF{zcobd;?+rf}zAL;I-Ut2+d^h-C;k(0iaLUmh@T|f_`}c$&
z1YO~AbcPA8}PpHf5P{LZxTzib3ge0@crTA;92mQ@P6>y;r-#C!3V(C
zFN%a;jt0W}zz4yH!w17pgb#tA1Kk$R#TTM@K@pa@RjhR;2Rew+BqJ+FMI+#A3hO&2K;FFV)!xe
zzrv4&{|qmH?=UUV&g0-i;m5;|g-?Q?1wR447=9xB3HV9y58#FHAK@|hw$l^sFMKj;M>khwEuE=e|R-K
zAASXV7W_*1BKTGC$KY4P--TZT{}23H_~x?{?Y|B_5MBd67JfbaT=)&}TKJ9d7vPKG
zAH#2g_lPIjc{6->_$}}e@LG5g{8sqc@Y~?G!Ec8*!k57R2EPN|V@{&|cfxmt-vu8I
zuY*s4-wm&X-vhrHelPqf_)_=>@cZEH@cZH0lqHty0r(JjJ-h(^ApCOpL-04?55qT@
zo0#u1_+juz;B(-Q!moor27d(J0B?am4*w4R1bn;lL_42^4}m`gp9Oy!em}es{xbYI
zxSy+kzt+Y*^id=dmH)0A{9Hf5ksSC2@ECj}cqM#ecrAPrcq4pMcq@D}ctn=PwKE+a
zg>Meefo}oVYaUl;J@i8*@@|@b={d#OR*Jz--3Og-18+i|ZQ(26?m2yBCTa51{c!(A
z%i~Pri{x>h@pt8M34904w+in5yZw58;uUbWT-w+5aQEMK$v+Nv`QE-vqy_H&`=Rt{
zyYUj)xYm(+ZnCR0K^1s7M^{^4s_F`D)|k
z;`PRFkPd1#zOihKZN?uJPnZ61^K}2dl#O&dxNGOlzB!R>xXXVc8}Bf<%P*CD4DRyj
zZes9NX}m(b)_9MteZJ9nnrytS#!JQj0e7XJ^<^SyvYvH$%Xah=Hix@>57{5G;O;pC
zck%h5aF_2R`2x7h|0ww)xXTZcd?noFd-e&w1z#7zU0#n1b#Rw|OY#rGU0$!no8d0M
za*yC!@by02<@K1}4tM!a_H^msxGdYdGnaou+8>3xX;u3K--55b;4Z(8n;3lM!5#f?
z-;g6m!CihI$;aV4`DplE->>dsJHzXdchg2^`H7FiUHvgqzXk4S*M2^)f7jlb`}ewd
z#)f{n`ZoRj<80&E;swSp5U((Pk{oExfxC7d=Vlaq>EBz|`3@ZDUH?wH`afbll{7XZ8oisTZW9H`feM~$CwxX0&
z#G!DP|5)+`aF^d+?voY4T|OemU;R70+MZU)Uu5!INWKp4o^!F>?|BgJ>K`n5{kykX
zKVMF$@0GGZ!p!RBax%v
zF8{XV<8YT>FwLcd_oc&K{%6VS-(z)IIkmWWME{Pe^QZ&)(!YP|-2H1R@e@8a^>>ov
zex#?LuKC&-{&Cd!*pt2I7{6LPX8cj{O5;6F@pWpAe<*%8-1Wmg(oX$5nA*;VN`0L-
zP5uDM>))?*`QAPneoyb^A2{C?o(1m%9}0KvIbZ4*z;{Ew0=_%E2JYtljf^AQ3U~Fd
zkox-f5M9>&TNn?%1z-Ai4Aq|(kI0J_^{>S@g1h>+N&QT?d(MYtu6iWW5AO1hN6Aldv4)FZn+LdzAyX`_*nR%@KSgVd>-8O&uP*>SHp)PzYIPc{xsax
zIbZ602p@s`XK_eaJ2ENaUmNTzC%rFnA1pIJ^=rmu}(ITKFjB8{wnjt?)5$
z9ei=^9}ADVg$%x&j|>0jzm0?+0iOy#621_g55E-d{(GtPr~VxZH{YX>f6(NwkoGzb<*Yax|{Dr*4a&s?Z;Y
zyLMhL?R*C=Z+!~$`uqG{`{mLz^b8q9b1s*dp=ZP8EkB_bz~wDAp;y4=(lhiLcq|nE
ztpQ#HZ-GySx5KBvGh|%EwSOu+8(s`AfKP*0z^B8{fxCXbN%~oTPq>?}TzZDj(%1P-+@;l{|)>i_*Ogm
z2X1*Uh7W{a0xy6sf)~MEd$OfH3*eU`zZiZQTz~(eYtQ9y{k?_GtKpHI`~&A#z@zXh
z;W_ZD;4%2s@JjeK@LKq_@J9G`@K$&YyoU^8y7pfW-wl2Pd?frv_*D2}_(J$i@Fnn@
z;V;5(fqx3Gh4O(GnH}cu=d*H+1uAOnIa{~O{!1b##>i_5J
zFI5bF)<*pU=lA*lhTj{b{(&{8{*pef)!UgCC9XgW%7>bK$NZ7D_)%g+Gt{Lih{tOX03goz$s=
zzli*D_#faa;V;2^?&cr3<$4*uHQdd2smwPU-h_Ms{1tcw{8e}j{EzUb;LG8EfV=iI
zNPAl0uOY9$Ovf$P>+tCA{(&xE_>>ba4hxCs6O^4Gv!en-hKga3&9JMjO)
zzk&Y*-)bNKz%B33@PY9E!6(9hftSN0>m(-Bz}JB{z}JPhz}JKS1lRX^xVh}u*U!tf
ze|_W+f^Pti!8e3g!qecj@QvVi!`*rrDC?yOzA^GE;G4kH_D!_ECp;703!Vqx6n+%k
zwP&KVCl22X`T1~{pDOtpcslY8@Xg^Z@Gao&@GapP`z4llD|j}1Yj^>C8+ZkLTlivl
z2K*`bcJL43+rvMDyZ%`q{nKOrMEiF@emD4z@R9JH;8Wo{!xzGLfiHna;V;5_!#{=Z
z3h$AXXurM(%E@l<-H;y%-yJ>9LyZkcA
z@7UihtzX^&$R7kB2tNU??{Ra_UjQGB{9^bJ_*3v~_=oVJ@SorZz;_(r=I+~nAp9Ws
zLGTmc2g4V@4}mX+9}0g8o&*07J`Da7d^mi^fr<8yfFA@O2|odz3ts>~3|xnIwX0kMKMVN=_}TClcqP0Yehxh2
zphWx6g&zbz4<3Urgjd4Phu6X{fH%S~gtx-0;QD41w>@73j~<+8|Hbee_$BbE@I~;2
z@Jr!K;FrN)gkKK-6kZMQaY&+_SHO3JUkM)xzY0DTel>g{{2KTY__gpC;n%@ez-!<=
z4^6cHdU#*>4e+t>8{wt!#qdS&o8U{~H^Z01Z-K9b*TQ?|B-(!~yf6GV_*nSu@KX2^
z_#*fn@TKrO;mhH7!B@iT;5~;$!Y{Y|-wp2zzXv`RelNTfz7)O)ejj`({C@ay_yh1Z
zcs+cp;feM?2pNm{8uY-;|P~vcmGRq8a6L
zM@`8cTv|M9dU;81{+KE99ApO-j-MPvi;D|Oii@TemyPJ3o0yR+W&_!U;|j})=N6YE
z7sLh^7EUdmGq1RC^1NwLIH7!K;i##_v&w^wa#Zj**n$R@7SEmQ{~v5Y0p<1^ptC8QF*9B|
zYQoUMv6K5H-LQVICME5S0l|S~?K&dKLjT{-A<1?cY$g2*k12MCq{3kPDPFs!(bd*b
z%B{7eb6eA`HE7+i($d*e3QJ}Lhx@K2CzJ=9N6KwI^)@=OaAH>B#D2lHmOm!g
zt!Jpj*{1skyb=A~c6(}WvZJOyJes4X94WglPtamHp!&mXmm^`W9%YkmF5P_Yped!r
zMP*%DJ0_TUw-54zif6`?o>#hGVnBR$yh|h2qzwb(^X8W19vK`I%|UI=4~xMn3=Xfs
zDx6ptYzyPZOc-El{`xJ=ZDirr)}^uCTx~<$;s(3vlv8qp26kC!xBC3nwz_R+pu6Nr
z*7Mza`rzQSDE`w*x
znp<2}9-K}Gbv=IlzrF5HcC8a!LY3on!mQa-*Y4u=|LLoWq(`yAr-s+#zv@yvS>d9!
zs+jE6{BQcI!8aABx!+>>I}WH?cS8AZQFcZ}l8c_-bT1qjjMq$cmv>!u!r(~$o6boO
z)Y3x}%8Tc?3!DCl*WOcR&zf6a*l~fA`qfm*7ht)$$u1K5WzCy4!;QYh%gf|?ivupf
zkU+nIQ;Vk+%_}VrhUrR+%Zo=%a4*%|%d7$JWmbOhu**gC+Ez`ntGH{ewQOTN9BJ${
zq_yTRMuJzp;|jyxFPk@|+`TXfURs7POgctYgJF}IvrjD^HGZwu%8~ApG`M7NC4%wM
zX~kv5v!)aWm$115%jd_7gL6RYYrEtxWs@DEgApjXNDhYRN!Ky;X*qkFo!
zdRJF3>2}u5m%Xc7<*S?b>Q?^hp5Je6HiJ|}J66={Hi%ROI@Zu{w`p{9J%k%$@Tz%k
zabZz;p?e{|x{c8s>=Q3)I`1U9NU6uB{L9ni&&m#lqx|SfV$bY2%yxcC?&=SqUC!UD
z*+cPiGU(Sv$tYGy2)bYVSojz0{npZI@F$Y)LRGv^ib4JRxc5KP+;L_!o)G@5mZ_v~k)8tH5
z7@nnqWg1$TY_z4j+u@M#py)3&isEs%CE779cPY@NO{u!4V@cwrxuvQ4w)2*xJvuNP
z)=O-7N&6z@eBEeZI5y=jkqX^yxQ?a-mrLWvxb=bSywt0rqtNd)$Q7I)#uWy)Q3~A)
zxZHeqitEyG9p?~#haw!HOZuW*JG0{nYjo0CWyz%HosRi*w_&TgOz|ssm5u1$32c=m
zx_1s+Wr<&L8cSNYV^i(knJj6Ijy3;(bTV80On=S!EI7uj;^>}q-oMEKK56BSu3Ylg_haS$^G-K56ZaCcqT$7SrA^vv5uKtXg*lqe}b@a|D#q)#VkD0-{UV@Py
zd8o7EYfvFMPkufLX<-C0>jF|6wfIz11x|2?fJrT}H;;X4Y{D
z7by~<-ymy+6Z3n{XYAK
zUWju;4Yruz#b$W+aAV{C&2RqVp_>EbDTc;>P0{c&u)OQLg@U%OopE_2Ub%Y_>dESr5}$yyu$5SdhF=QkCdV@1%Ne$L!s5x%X(#
zC@Kx!R244QuU;g#&#qP9cdNCD)5ogTLU#w@+!h4UqZGE)^!r}cX+1K5jOS9Q_
zyf$0yFxK!STVvAK;+?n3+}t73X8)dd9ainKBT6rHes;&YccT?L>Krb&{ro`3h-``i
z{eyR5mKIG3KFHwSn?E`jJ#%BcG6LJtKSQR?E<3HLZ0e}s?dK`p-sZ0N-Mz#lcLm+m
zkH0NwmM(cIf4=QpCAcIu467XY%f|yV~ip
zTq&Lz4ATFqt+8W>sv9df*?BzaXjI4XRJY&NoywC|>HgU~>C-zJvDPQ_RhRvh=k!$<
z@BYPAr^Dl_i~a^@_AY0xq;p*BlUK58YkB@kR_fQE!je|iEv?&Uu~k<2l_#=Q)(&3;
ztnIlhY2}VX*jk>>k`~nt?f0wCXi3W_+PsD*wWQUwvHgFK^IFmtgl{4Em8Z58h1cxt
z<}YTGms*n(&F?ef(|=%aA>u|pI^84)uK(xiJGwA<~lySNtfysa`5hC-T1V-Qor5}Ix_JdYqyuI
z-TU&*y{+GCJI@YYmzB+!UQ)i=RT!+Gj!k;47BSe1y7h7KAwiQ$i>IxkMdtO^@6)XC
zUEEX4f;Sb)E8{Nf-Hoht9#e5$HuBfps*;zQovQ|GBE=g_*5YPZ@bUbt#H;?`_&zvz
zog3an(oO&OTJP=^QId~w{%+e{@Dg@hVd?DCf+32@v*!hG9!zoLHN~+mcNwE(4}bh-CzE8KANYNiY;bTe2;M*7KG&c0lxp^jAmxAm#9EzB+*OuaiyV#)
z3jOwXFuS=l!2oFaym)ExsL?Wf)9Dsk&>{AgSopab_l}TY*e)0m^l$wz13ba!j)JS!
zQDbLj<*r%T@N79CY*3*Lyp1XdK4X$-<;b|ZnVu^r&+)KmhL`bL%1pZ5v2r7Rh|@Ax2A@auo3ckLz}`U;0`I}hIJE5?rTv{b`m
z-MVcU-iYgZ!%7eSsjquFH>x|MZJnRdu^8QamG0JWH+m&_-;sY=77pU`(>a~CmSFDr
zo!gUQ36kGEGEcSV(1GDtahF>Mt9XNda19;or`qe`eqw$hL8@Cl9m5fwOQc?LsR~I4
zbeuy51b0GL1>M4nv|a;
zFrC=l#`zJ^&PR;k*B6>Mc0qtnqV$ibLt|G=AD?$ixgycO9Y(wyED|Bq!yk9sRA36r*ZxM8kc;CCOM^
z(DF5XWgdKZHYm8tPsAj>r?XbG^6$zqhnQ|HEZZ1dly!OYU2tXg`>eCzFqgRdHzoMZ
zt-%O)s$tRKdb;Dw6LY?7N~Yt^Bvy4#bTxMc5o<-f|CJ;8`oii`c)>HfcXKQz@p4bqEtRb1C7NL?XwcIF%qKA6gs@2A7Sz8uTtk`Xh
zq3H4Fk^GxK4?{A4VkH{Fcs%U!cLA?zXiuIrrZbKmE4?(6JxpXB-e`F-!#YrD?<
z`F!5zeO=eN&UMb`eE!^>taR*1hVTqU*>E{TTctR&q_D*Nj#}|bXj5JaKNXvG<|yWL
zckt8+xY{e96R}^PmFquhzJa!a=L+y1h5Wq2xp~E6(U;CJJxj?a!;$=2GG464E4Cip
zaMkx@$OW+8i!XBWo|1*vmk0mH*O$Z8)=S&)9&d3+{_EmPRG2pYb$eJq&w+?vp>rfzE0|i<%9`b*4Zfvy;nWzq$GTfZd~dx
z=oQ-}J$h*wugG9efx#ReIE?Li!x)yQm9WzufYrfTQX7Iv%{AU!i*Z#lI@MtGcGeWp
zYf#?v2%(WT{t2qvX;{>*ot@H-q;mz?T{is7bMo^FTlgXOD>?bcVe
z2N=UHD`K2?=@rJY*#&btx%L8Axu+M+T@b#66&*$pLRm0$LoC7RpnhKhj&+C^Pq>ID
ziQIf)Sy3mkWVAZ6{yIDR6z$sdj?}01I&MkV{1C|Clf=vvS{E-I!&0jIc!=d1>QUmR
z8SEZ3Lya}LvI_|`bbC6APk!a=@ho{o(Tdv*^{2owjz?+4{?<$SR6KgYarfL;AvbDAIw4|?(jaN3&HW9(eenq@{K3>r^1cL?#&hQWwf3E{zKwd
zXJAw2PGVM{(1vFN@M=2z{0eu|z#prHCtnF2;2!(P$rM;Sc6ikethTR*WE1dha&^SjN;K{J5TY(!sdW
zB&J*Z>7%BK?HUeV?!uoDge87vzN@c;4aTQ8VzKjNIBPerfekUOf&Ko4w^NW62Of`K
zqL$vm*%t1;h}=^MucXeK1;0z!`O4BU;pHaxcwC`S?g0^vI`wxgQ^75dM;GVLnNc)*
zYVP#u&?_QJiW?vOC(7OvGOM|<23007XTV%bTiESnQl!=6Ndov(cq9RIR*6;%(+hTF
z)j>a>irJyj=XwU;`Yq)fZ?(a>b#xwscL#et5ng!2MWm=@j_{&+^g<{EYo~7v_R@q`
zDY7zX@nQ*T-K=V{+#Z_)SV&Ef7C1kb8tUWj0qLPGTTuWf+zo;L5yG9lm1&S0JYT
z?s_}>u`jqIOT2A=hu$9(6_Fc`@`mz6$%U$JVoRdfyIJ9qxcEIvm(Lvk!L86mvK1yqXw#B3pr+$H&weS$t>x
zQH@hryM%X*&6<-pW9sa@+3=E`9XsnVKmYQdIh7Un8Q`g`xCcUC82(S4P>ZoW@}fS}
z#Xa+%-}$M(X9l6<%Rjhz6ejIz4x~oyPK_NpZ&Y55b_||)!w};=Gwo!`yR%f#Cfq~S
z3AY&C)DzE`Pwm8gU~)`x^M6!j8Cf*IdCq>tS*&uxsdsXm$a+rO?9Qx}nz<{1TFpCt
zqRc$8Y7QrN#^+ugG@W;-sY#1Sa%J?aM_D`9I=;G&Z<@GpF$oR8E(AqQzr!@O|G?o(e<^|-J&cW&qB9pHU<
z?l$`511{sTXA3*76}(;26i9Y+6gOx12Ru8x+r&IyflS4WyFI6QJeHqscGB`}HPN$8
zMjKD#v(>2vdqp3c+@QrSIrZ#+2~Zal#S|L}^xd-I9g{ge^w5AeIo0=9XVx9w&b+K6tfHKyr?XNmUI&eD%Q
zVuS~~$Z2Y)c$p}}BR&HMzv!z=8Y!P?_%$UjG`a_S2WP*PB%9jgj4d+Mi17s{h@G!r
zXAO0SCwEPgncU!sAiVJb-fJ^TzFI;x1Bl@ft_X4Do*bNH#-IUoc@_OT^uSA3;f1~(
zb^x1G;i-ZD0w3&%DoQ%hX0JOdz3CHYPc;1T^lEZF29hhD)Oi;Em?4}d6y6SHSS|L1
zqdR-_BBMJt!%5QyFLK9c3f_8*8g!NpcUl0bdDPST!0Nyk6l0(hlV@Bua7M}r^ar25#C@m-i;XYo_DeTD8N{b^%7vc`HVg-1x
z_Za3@H1@EJ@a#)fK+!lOn%DoxW5(uAhaU}I;A*NN=nO?u84oTJM*{tsJj`(vv~^-*Uvs>g|%^QM)~f_FF0EOG|U5arxy(~9%lg$3FK
z*Q96V&7+kpxsBOWSTHBgtpzThxQDwDEW>xq*$~b%2f~v!Wo1+0F`Icsb6`QXWWm(=
z8O}iX;VXPaxifH1QAysw6HlFZI6U(){e1ckzh5ge+I+}qW{|#`d2XcCJX#6gjfCdC-9-$?yfYoe+`50X@OtE
z;QwWze?5bL#{$2Z!M|&PZ({K8S>U%Y`1dXF?F{|{3;cEl|Dgpw5st-=8b8ez_+AYD
z5sUaqWAGnY@DE_{A6wvuGWbs{@M9SK77Khfga6b5KbgUQW`WOV@Sj`YOBnpQ7VW>7
z!M9lOFJthn7WkD6{tFBIoecg!3;Sys{6QA@rx|=-3w#5EKiC5QCWCK-ZBT{yxY9KK
zV6MTBntvu+@NZ@CGcE8P41SgcJ|R9@|9lI4GJ`L$!1reGMHcvU20zyVKZL
z{4EUrb_;wBgTKoHzlOozZGo?6@b_5YH#7KqE$~f*SL46N0^iK=ueZQ&W$+s;@Er{P
zD~tF~fO9qcsN=`i7WiZa-)@2L&EUVWz^60#Z!Pdc82on@_)Nm9@$(Oh_6sujH!bkl
zjQ(#~;3qTqe_G)48U5e3z|Up)w^{iA5(fXh1-^p8e{P}wat7Zu5c~MGituXud}G01
z!|?xLVgDKi|Dy%Ip26ds5KIssSDMD}%^cps{w4S;O;K#Kpo&RSGdk|!Ed*)KaGZ?&Mp+BDM;79d;oCUs&;g7e#FJbVB7Wirg-`xU#
z3xn@rfycQfe$@W^Cky-<2H(>HU(euovA}O8yxRW1So9y9>)=PlCt2{n$LODIfp1~(
zzgp$vcf$vLrwf*+8zz<;XaTfLu
zA-w9peJuDh8T@`0_;C!rw*`I@gWul*KZC)iTHxn0_&yf+OBj5b1-^ptYW&1ow0|{&
zKhT1ICE?ZhImiNkCxgd65o`agW$*`E;GbsjT`c_9z~FIBHdg)LB)r;w0So+l48E%c
zehZ`jK-dKy1^!M3AGFZFmcgH7fq$C8_q5Qzfx+)$fq#?1pKhUlGlT!L1%4}o
zUuS{uVDLC6i#7fey2<>l_P=v1@I48y&Ogqzz^5?y$rkv&41S6QK7+CUFBbTr4F9ec
z@i&ISPqpCBX7D){_{j`@ngu?e!B4lqmoRudCx|tE7c=;o7WichzQ6*%lEI&6fxnZ%
zpKpP$W$=X-_@^2CYzuq?;nn;x#{%ET@XxitzsKN{Ec#yygU5R^VvWCT48GJte|O}!r;p-@QWGz5)1q?2EWt-zmmaUVS&Gs!Cz^CuVwHd3;fdzzS08U
zKzI@k-amhp1-_BN?{3lmnizbQ1%ET))%$7^!)ic3;h!r
z{Ph<2WCp*dh5jiF9@i9O&Hrf({;wAJbi%9cf0G4%2!p@b0-wp?Z?(XWW9nZa+iz&A1WzifeTX82#Rz;9*nuUgN8b{bLw>lLbDT!T-wwKbgTFXkmXogMY_@zl6c#
zJqfXnKZ_as`xf|R4E`ev{7S;B@z-pDU&Zi$Y=M7(!GB_buVe6dPe-i&-^k!UwZJzr
z_|Gix?=kq#E$}T2zQqE+jlmye(SO_<57qU9FD&?b5>UnWwct--@LyW+_a(d<|9DSN
ztno8|!GB|cAHwLr%>tjv;J>%Pk7MvZSl}ly_#Z9sGZ=h_1%57rKiDFEE@AN7E%+-K
z{4W;xmLIx_YvZ>=UVWWF!*T}_{9uV?&`sZ8V>lu831%5MwKi>l1#Ndl8@LLG4`X8TZi?#i?
zGWgjR_-%~-b1d*qa&-Q`zyjZs@T&bsS@i#241cKwe;UI--vXb`;4iemXE6GgS>Q)7
z_yrdDAcMci0zZMlUuuERA-vlD7hB--8T=&{__>V!3oY=MF!)6l_zDJ(&y>d6|CclP
z%PjD#82sfH_y-t#xdpzC!7s7EZzQ}LKSx{SkIf9e!h-)zM*olnzL~*aWr5$y;PIK_
zSmURIvHxldy!)dB>iT=N1->W!sDX;V)&ifx;IFg5_hsBzyP78b^qyJqN_$CH_j|IM&!Pi*eTNwPk
z7Wj4sf1d@ugTdc#fp>O~KL2>Y0^gIt|J?$g!r&jY!1rbF4_V+d7<{b-eguPm*a9D9
z@Q+yFCouR&E$}&nSI5sa7WjOI|1k@E3B$kE0)Gj^|F{Ldg5iI{0$-=>MgRix~*Arg-{ib6q&L7@n_N0fGlNHPtoW@Aew~H?I|#4#
zpXV*`&K}YE7vJd3ll$S
z&`j`JPY0^@e1e2Oe5q$MzQWV<*$=*9n`U~pI!;4Kwp@Lg+=0)ZKM6!`d#2Fw{Xil=
zy)K%zI!@`zaM4r1W7W?9_=0un_%gz~@#bRm?}K57uwOIG#qZ?;N$UK^8}L^XKe;hn
zi;h2&@EW~SOZZxP4#lm2PRre|&Z$u1{9h3-A3&_f27(XzzaGeS|DOx{IQw(%5HKf0
zitvA3|0@mnYQi5HM#_S2=jE_j=&$Vvrb_)&2#@+d$LL=J`#JreBz|lk^`p@^jj)r$
z|C{iKt6(}--SnLS-|tR&)c)$hP}cdsf^D4rIgI_A82k5zZJhpNh<}g||Ly?h_{)gj
zZGZItiwys<2L2M__p|?K1Ah%;|H};jECc^_G1@=Pz+cbU{|du@HSz21x{>%d({sRX
zGk_aCpSukDS3f8ZqhUCVfx|tYRj>i;%+wTUXZ+U)$Ljqbf2RxU#CMabpVcw)zh>Z1
z>=WI8-(dLhova-H8shJxDg|XtO~-vFwQheJ!;iM=_K!C3ze)TD`S6bfJm>$R3_t#U
zsm@<$;O~f$f0ltio8fO__*WSCdp{%%_p={==ZUjFpW(;f@6_#IZ{W|2k^gA}|6+z8
zf4@`b|I)xegZTaOSBrsvCBu)u->LKO)`gG%%ZVT72kHmtJfEI`=loww{5f^P
z|40M>Tg1Q6!xr8D1{(O2(`5fIQ~2@sH+B1G8~7*GO5meD{P;UPoc$FHKmPuv&i}rF
zKk;En?AQMIJ1rc)b3k>(e#GyW{}KSt@ux8S`1_eUKmN`G$3Hek
z{u>Sa84N%Eex}a9H#`%>@z0Ere|LJONYDR4h97@_Pv>7?;J+e9{t^R!4#SVXU#9cF
zYv8{-M*g=9{ACP3{(hOxe-fPdasGcHMt=96PTl|23_t#Una+>bR5<=miGRG-|M6J$
z<6e`}`D=(jNC#v7!{6W1`M)>tAMuC;`t`qdz;petov|N(ze?vH4)2NN>_3C}m#fA?
zSG4OY##6Q``{yPl(
zwZtD(?8o0f()sZ{pPc`v5r3)=|0f3i4#s}`{S}=b-*d_FFD8D!_&WsfT>B><6g~c6
z@aX)r4g9N!f2fcB_?}6QKb`p1^GE#s3!VQF1Ai0oFZSX8yMcca@vHL>JlD|qyMmiI
z|4*VHus=oP$79t`9N;Is)7Gb;xAFjpbS-bKIa(tQ~JUV_^AHJ
z-yhKV?=kSFJSJ)M^$(qYwShlK{A&Nl_t)$EpBwnc5`T?UBm7_I|JcBvL;Py{2btfj^Dm$M<*Y{G;GK6I}b>Li{sT
zawzNm9|3r-{f9FA`2Inif2n~#{&7jXrw{*Y2K?THe@(;d{(H%we>UmgM0m_!`2IXy
z|3l#hEzWk3Ew}b^WS6O
zzlr$$<}a%a{EfsPRQ!+cZ_@d{F!29C{C?xdrw0C%L!|%J@dMxAr1KvI&xvyFf8G;P
zali2+1Mpn?2Z=vLu^-?6qVwZ()*Syz;;$jRE1(L`XP$vShxp6rXpDb+e}~SG&lz+4
znNLcfU;cjFz~98!kMEz*`SCehj=wlY{+|u}?F>J@e?jLz!N7k9@elBLTk5KAIu7t$
z`zO*1fYtWL_aEr|w;K2xiQg}O<8zW6e;UJ&&rj?8_?#Z+|D&IhR{G`d!AU%R9O3=)
z=K#QS`VVFF$L9xi{ckkz7ZU$cwXvWKRd_zv8Thk_KZlOS{)5lI>HKlYy#3!2|FIsn
zX#VX6{#xP>D*X8Tn9h&)$#d;D@M#J3^Zzw~=ltKn_#f{-*ZIFS@SjTj$NAX*rGY>B
zP?^6~`-d|8vv=d|Uq<{c-crLVEA`~
z3v68bZzKNGJ=R9YAKoX(*h{y2u=|IEOj@{BaRpJqSCiuyUV
z7w^B3gzv8&3}sNk^EnCdod1H1{wFf}-)Z2_C;kEtTQvV|2L2r4&mlaS84F$Vs!82OJd@TW2SXE6K=4g4#KztH2o==d!&@DC+^
zcl^Tmoxt#~HSj0YOX9&k{0|%W7c=&s#qe)6@E;u`|K|q&l??wRhJU}k`S{Bxem#Dn
z3eRVn0e=zU{l?Eb4fxH3Kf%Km-Tt=$o{Rrl#{S8S{XJoVz~zr!*Gpo*{?`rg9Df7D
z{}+aTvVngf@%!bkvkm;s#Gga{!}!l(_-`}tFCl)v_`k`(pE)2p|4d`}KQ!>KjgkKy
z1OFt3e+I*!vJc<>EyV8^{{;s8PlWf2|HlmYaT{dAEu!{w1(@LZ)B>K1zqw?84jql{
zpU>ET$iBS&n~DD&4_kEqI}q?3e0|{epx)N;@7@@O(xAo@>7v
zM*j;K{mTvf3yJ?Y51Z6g-E^sezlq_W$MClr_@5;Hy)=jE_HQxpCk~YHlTCQ+Kcx)+
z=-#~l8=sd}UZNTcWlbGtB;Yy!PZ|^*zZWw64;lE!y&#FlYJ|G|_Zj%-5`Us%{{n`8
zyMh0@O_G0sX1~t=qk+FHL)xE1c=Z3p41d=Cy#ISPNT7?SYNF1+G6B!|zlq^r$ncjM
z_zQ{OFaN)4z^@~`-}z@hIKjdu((m8hLU_OV!vTQj>>oNfI{q$W?7!5&Km0}MaliS~
z0t0_G!(Yzuzi!|^hxq;M-)!K|Cw@16F#eV@{Ck6eod0Wy-|zfocffQ0Zy^341upVm
z$?#7x@b`X60{!N1lMMXHM?|-Oh~Zyl;6F7+{+kW_=?s4*!~dRve=+gv<0n+%`DCQ=
z?ROpF{rc}B1AYtP7kSvC=T8>_o@@V1vOkCL*#6fr_HP3`7k@KemcVxi?+V@iuK~~T
zuOfbR{&p?HpL+n$KXS8VJkBL1iMpzv$$;nhGmez;r_P_QXZT+-@Lxjwe&hf12L2r4
zSI2+6S3Z%Hhtm%6Ipjdz{_9?m`!Av6T%p^4AmBOsYv~6pT^?-z8yWr^4E(#kDjEI8
z|7#8W4aBdG|9@rpKQr)8cun&AjsG7R_#2Os?Vm%AL;G)L_zypb_y4QJ@7I4r27I4J
zN$fZNZZY7;65en8`4I42`)3>-oqum*>_5IQZ~raCKZ^Y43aG;K84h@kKS=!Q_;WkM
z|BQkE1LFUa7VtX%69)cj;%_2tvHkC0_)8Av?f>F+2|UANZFK%E0z7Ab{xQ=3s{MB{
z{C|P~K@;`)*N8VHF$_#12L8#!50^(hAD#b21HLdu{7AS!
z#o2!e;R`(M(f%I>c+UO?vOkCL*#7r3_P=i6|BU!ydDQdK?LRf0*MB?VclV&9^4_NsB-@I{1&>51o~<68{+HmQA-nHK~
z161&Q_5eKRzdF)iZNHBg{j&`GDep^~QV&~n`(+yV8;QS+@YsHzF#I(J{;P>!kAL0%
zI}H56<7N9nc#9A6f6DN0HSn(?{^^8wh0g!EfxnFSRsVm^@Q*x_Z~v4JBqIzjo{!Ey
z4Dek0S2OmvGW^#X_{S2z-~4Zxfxn)yzm4Jl+`xYe@gL){K05wBHt;tw_T#%k^!e}c
zLwNuHgZO)C{CfTz4tUQ0iJ8&k-`5QP3Il%&@vqkSp$gBZ+Q6Si{ObJY8-{l5Op}hUI#P2tM?+SR%{>8-Kr0{oT_%AZ>KliBw?oN1D=>6}X
z2K-xu&vAhyb^kRQ^q({)y8XH{`UhZvn2VpIKa+%|KKu^gIseTi{xZU2`~8XGKi|Or
z0P*|H|7IHaTZmts|Lwx?KVsm2gZQWW*#CC}e@a%g|C1R0Zo>`!|6CIL&Hv&7&-p)t
z_*MJyU1fUym}20cLHrYa?4M-d&tdG}gW+Fm;D3_%Aw76Ldi+0Z;4fqB-;?3r?O5Lb
z-w?mw_}LTiod0VW`}bz}&ol6MZINcL_E;Z1|Hw1&*Au@we(uBYZ#3}N5dVc5zn;II
zHSi~nmGPfLckX2K_d
z&(x3Zzq<_hcL}e@uNDr@&=Yw6Z(_v1X22(YCAEg`;rZzLzXW)${TDOspTV?$;b>m}
zEaLC)VVB3Mn`Qx?+^5D{j$dL`fnw?o_}R#1O6<+`>kKx1$fSXjg0=I82ufXAaeSb8uZuO?`H#l3&TH}
z;lJ3xzudsD`)@wrIs2VcWc;h~lg04AZQy@|_z&=jpEnHrDGdLK4F8~$c>lji{G&C8
z>-P5tJZFCf@vHN{lNkQh2L6<9rQv7!*ng{mzjj=Afdu!659Ys982%Om{~Y4?TR;26
zz~4dq>iXGuhW~I_AmieH>^7;l-~6M%fIo}ye&??<0MEAHsnUNLivO}1{U0~*Urqc&
z3GWI$ejYLK=P>+dF#Lg2c>ldX{C@e%0X%1aHSw$ccLKwIn1TOO;`f_>^fU0+F#KmR
z{0j{HDc?(v``KS&;IC)+Co%kY82E=0Kb+opK6?9qX28!UykGnuGLCQmrGy{kVVB3M
zn}P=X8p5ws4~DX?|7gH-@zX^9t0p|=pDB$0ZZhzX`#}Pi`S7nW@aLZ<`>)DBmEr%+
zz~4mte*O0=1AhnctNA0B;Xh?O-+swIO2hr)cP!vJ|EFh5`_=wCo#DUOz(0ui{rc~G
z1AivNpU3e3!@!?Q{JpgH*M?)~RRjMdhJO~rzyGPc|4WH~pbviv;5q-#W%vsi{wW6j
zJBfb}jbHD7_ZaYXgrDexUv1F8g3-T_(f=z0|1KSpcz2CoZ@=NE@&4~ac>Vlc#~%fF
z&i|`Of3^P=G5Rkz@J}ZG*EIcg|6gO^ZzTRE!ejosfZ_kxz<=1kC9pu_*X@7bz+ZE^
z?EmWgZyv*+p3VDzIq~c5r`x~CfWMpYeKmmg)wu}pT>G_?{`HFg<}>=gV&H%2X9*nW
zBy?1D^AL8S$qm{EHd>
za}4}H5WnC2Z--(s-8n(VJ89QuC=WB3KmRwW_)s7FR~Yzfi9bWJzk=ca-oU?#`2FIq-N4^W
z{A&DN#qg(3;QjwB@gJetucZU$Ai#6}?_l_sG5qBQ{%?riZ~k_vfj{}I==^&%!{2D&
z4~SI-$MMVmFB|yN8UAX9KLsXO=u>_D@krt?@bUj1fam<5N&M>geI3J}Yv8|y_;=U%
z_5S~q0skQ3{l@RL2K_5Y|9axb{IP=3zb7nkasGQFUPh{4`*j06=fB|D(eZO5!#~x)
z?{ty;e*Nbh1Ah*~|5t|p2?PHT#P2tLuQBkK5x+Wq-^}nQoz44yR)VzOZ~X27c+UT|
zlcfK1l=i=s;V(1re?a_@9z7qaRb@?O$i$Z(;m@FT+3M9NzzP
ziC@p(di=K-@R!GkKjd7Ve>vetd#sOM|2q)yT>Gb-6W#y*&e*@nz~2<3|2G);bBJH<
ze-API(
z{CoNMzruh&j_@!%dOmvll>?shUq0#Yj=wm5)ie6PW#GSo`1^R+qxY(
z@^51JUpDZk^pO01^ZyqN{4K<<=HC|?{ylPe|DR0!`uMNUKXMHC$%H@1@qTptxq#=|
z&zTaPzcw@aR~h&h6Tjd3)k_9^HR1inzvm75r!e}z#^|3sjrV_DjQXEtz;7bF-}&q5
zfam<5!RY@6qyIey{vU|nul-jW_=61pn+*R42L65N#bti&fADnP|NRN?*ZygM=lqw$
z=>ImO|3wD=(}};oxBJklNMvKFfxnF5{};o*#=w6u@%M^QiBg>Q{UHN?HN*cd!|%-C
z{a;P|V>G^a?fcIL{u<&}=il!${AU~Z-z5ISH9npH48SMAF`3$qCdU2`8U88*e|%5r
z>3%-^6$bux#{Q2O{!Iq{bm9m1dOn(&&ISX2+Fzpc_a_X0QXb#_%ZOjkUpjvez$bu)
zy8nj~zuNwvGW?Sa{7(|U-~97T1Ajha|K|+<9R~g;;veMkzVwy4X`=z(Z5J6o+3LYi
z*8A_X2K^V4{_6bm3r7DgGx_#AJ4XIr4g3uZ|5k>7oPocF_~G_m&qt4+69Lb~Px4e5
zzpDLTG5og}_`f24zwzTn1OFuASLbi-41c?Uf6rZIOJD7=KDzze4E%G6zlQKQfBu%?
zpFN9j|2v7_Z~R?rz&}cOz5na+`!L|S_Dji$&OhHX`uE7^_5Yao57PXn$4>z89DfGG
z|0Bac#=ze-Nm}aXzpD-Sy$J6Ye<6eZK}P?d82vvp@E=F~e)E@)4E#9^|8|D|paQ=A
zW)Z(%{!Rrv*M4OT|E~=Hd;|Yd;`htH7Z~`fi9e|HKU6f4zPov$&cOfA82KMH@Ha91
z@eF^$dA$GoCCm67>(hUJGw`S7b{9z1{se~qYy*EG@%zR98Gz^7KcDzrKV$yu%J4sE
z;J=>u{qpa<2L8pwU!$~tBEx^=`Mm!R+)eubKp+1P1UzSd`ZVc()&3p~|Fs7GF~qO0
zpXvGYGXwq{!t3h~dj8KZ$=Lo5c8U#%x~ymkj#r
z{@Z52zejk#_Wv62ocB*Ge!uvA+<-46yuN;``|lCJbN*{&^xuckzsFo&|78Y#J^liK
z=lEL~{{0yKvkd$X5dXef{OJ5E4EPra?>GKe8}xUkN9Vs(M*r^&{99t=|H{Ch!tkdt
z{4*}#+b^D8eB)>TRKRoXm%;EK$nd{q;7=p|UA6Yp<99$Yum3>8>+P@OZ!qA4g!h|2
zzhS_iP56O6`o98r&VND1e}^#s+h-nc{}sgVH-G5`c#c1Z;Xjn&|BHeD!5IB_vjP7M
z;r-@+HyHFUBmLF!a{#0N=LY_SUNTbr+J9gP@Bcjr?|1$EP{4EkuP6O8D1LDMIEc}I
zk%9j-;=jZv{w^}`w=?ZOnBo7(!2dGw!}Q$q(fi+f2L8ku(ew8s8U6!HdH)aDQ!@G8
z|F=Kjq1veRzii^KC+*SyM=|^}4g8bn#UXzEKi9yYoEJTQ9K-P6W8lAn_}%%p+X(vj
z*KWZ7jqtm>K$3d<4VusUzn1VYJ@R~Xe1E`m{!b_S%LtABKbEooQUiZ#ie&QRUtr*0
z#qb};@V{l?Uq<``Jl0EJsheIm@Tbg-ZvW#M{=+Zi{a;7?usrAa=8$vLD;D0AZ{vQqe
z`LksHQ2DbN{W{msPhwjbJm2E+fbfxm?K{qolX2L29)e*(k*
zqk;b&;`hs6BQNIt_ch`D;%|`wAJ<#@-!Fe%1bEK>$@#MV)%-Pyv45k1zmWL#^FMw3
zc-Fw5N&IU2pTqDEf(a^@Kd&PG!+iRGf53D0Ph#w!%;@twt)du`X!u#c)TLI6t
zUk79VWsLoA8~CRXzhC_AvxK+5i12>#*9-8R{>kS@&wrLM`sW$=?<9WT_%q<2j8Xr4
z01s+Kt-qu*`deBf7BJc{bv#XaX$Pb0MGGHB7XJ!sfyu$&A`7rM*kgkC9nV82E6XSN&~(w
zM*M3A{7Zy)?9(`I)U%qssK
z41fAE-u?jxOaJTRmmYsp4ET|R_nUuA0zBuxe9~X-KX)_w-(ujONBn;CkGBl?P>lM&
zZqR=*qyN2({;5^G|DPd#*M2t)_3`6o1O6?-`}N-&0MGeRs$JoevOhW}Xue^ZS7Pa62s=g9u6
z@;}1xe@p!O^)u%X>3@Cxrn$-a(!gIq{A&JK!|?BO4d4DFiGPshZ=Jsv;Gx>6`FkVr
ztMkXT41Xr^>+L_6`2E`dSOdRPB>k`Q*D?I(8TePm$e(B6&tUkUWcY6}@YfT+oX
zztO;-L;Py{Kh5xOB>s4{~4weMRE`gg>r|K|q%YZ(2XW%N&}mhr3WpPVlH
z&wiS|y8dGbug6~o;q~Kn{~r%{P%A3_+nM&?!02B<{JQ>`#NW$D|Emr9Pl{3hkU{^n
zxzYXSc}D-I4EoO{{@yIP-)7)%
z9o9wE*iV~4>HOWUmGP(1J4xdtK1~Zi9Ul*PP|L~GDyZq+Q*2pD2@v&vnbChg1OFg=
zSu%W99Uw&bpU%IRfj{#I$)Eif2}S-_82*6<{@3tji}3ju+~1~tbpAsP{MFTxf3af!
zYYhKz;?Gb?pj`8d)TzNyZsu#cY`mQ`c4Dk)7%3|>h|A5{5rmc@a?0$
z73lcYfCslYncl;kbn;)_P`LyB_cr4{v`6PgMAIHR7^QtJNO4K{Q5=5J*C*MWWNN5>BuJSfu{qOuBB3q;k9`9EJqdqUev0JNB%dW&PjWrU
z4IrPR@I@^>J&QTcn2KT!EckR4S1H_4ws{!HcVAb+9quONS;G6psjoj8&>N5DLV
z+Y&$qsEp?hxUCz=L@IYD*#qRCsN56eE>zwXWD=E=LEY7XDxVJW3@V=qasrhnf;@}LXM>zX
zhq#d#QXM$@@t@0P^otevsrt
zAZw}oFv&+iK1$^^Bp)NW7Ubhpt^@f5m7fIp6qTO_xsJ-ufP9w9^&r<%c>~DjsJxNn
z^CVvYxrxdRBwqyi5|v*DxtYqZkbIToYakn`{5r`uK>mZuZ<72c$hWBcHpwQE{{s0A
zmER@#9?18p`~k=hsoV_mBPxGP@)M9-sQf9(&q#g_vW3d6Aitn;8_2Cx{*vTZB)=xv
z4)Pl+e+%+EDsKb%J(YhT`6I~=kpHIgPauD$@^+BFQ2AGozfl<{E^+t=c^`k99%UDh
z_&f1f4uI@RhiTAo2HL
zvED;L_NVe;BnN;zoXP`94g#4$<-s72pz@I*hfw(_l1GC)hRQ=h;^`!E4JUalNc=rU
z+;$vD{B1-mA5St9r55f(%mmB$6kC#NUg8*az4llsa!^K0m+L%
zUQFdnKrW>6r6d=DTukN5KweJea*#`?ycFaWRK5~q1(ib}ucC4#$YoTn0(mu+uK`(2
zREVkatk|PLg+l
zyqn7RfUKeNy&&(S^8F+q0Qq++KM3+6D%XO1n97fUe3Z&-Kt4w0wIm-0Sx4n3NInVj
zDJnk=avhbQ0r@PI>p`xk@&=I4QF$ZD=Rv+e~z#evM=!
z$=5-?LFIpde3Q!m1o;+~-v-%4<$r;Ehsy7gd=KRNRQ`bEhaj7&{1M5IL4HEzEg(Oo
z@@F7Fr*aF)R+3+UY@_m4kY7^yE0SM>Y^U-!Ait&ZcOm$ls`pC-vBu<3QqjPq5qtB))?L%K?)3PLOU?#`kk{r!u}P<4;uX333-I
z?@AKi1(8hU-ALm5751PqzUyF5D&u8@C?>vM-en2HB6w_>6KomGODu{!~7UBtCauk(M06Chvf7jEt;;LZf_!_9OE*N@M*<2?`;u>Fo>Tze~_?8*L
zBYO(HN`|)``CU@#Pr=Z0qJFBZty^ScM2S$7TdUNyeB-2Zr#vT(zHBQlgat$EhJt~i
z$A-Xv&G^gK;l`iP{PDr6rE}qnTb=t=w{B@R9#pkL9{ZMZxY$9;RxZVg%j*N7rDLE_
zDgK9#4J{2~CFSc-IHkt|*J#|}x~*!3_(}>zY2Z<_Qq)zs0{KG8QU>M5U{x>yifDZ>
z^g=N7nsAZSrMx9Bw81@&+CggNX^I7H#bK{Y%cEPv>$XUPM1ZQoN;7(mjsRs#UbYci
zj~WvKI4#rx;oBYzO>7B<#y3}FZBJU8wY|JOZb^N~0T4v6N5(7KmDLhThX2jM%89T&
zxotl@pb|I99qqxYZ14>n5K69oQN#;SBtswRfUQ6ztAbr<1%?y18xMUUGcgVhs}3KB
zRiK_&4YF764jgo(Q$0mFk|BhCm)tq0hl{B}+n)g@K^G})R3pCwx_xCs?cZ6h~jZ53S~jtW*n7Xt5APHcqk2;L0GJYaV(&)OO%H%pJTyUw5_)XgHc}>AyD_h9!#$??Ux+fmWr;C={3w5)cYUm
zTfQ*}9WWf*=*gkr$%bezg1O`;UoS2PFP0>$`h}ir3q183d^{T=^3+j5h7qVV6jV~%
zR%irmTd!+XH4&=7(J1V72;^oM%9@?hU13jH=eBGhemiVICE%*Yza6YBh5QjYN6anA)%?c
zhSJ@khUVZVggdf}r*o9hc9^!}P+)4rZ)$Gy&o{|nO@}A{MZB-}VYenVQ$~*b<9Nf`
zjfd=vS-NY|TA2ETz6~bbxnXEz}SXq5E>8${kKK-jl`=b(3-+ASH3Yt?dd=!TQXcZ
zG^z*(7@@#j)YmassH}}U60PjVCVeIy6(xWvu9W&ck=|Kk1wCq7#F+^r73hU^jLTl7g
z6>@qVUyY#=8Du>Z=ede~>ipMZcVzGgkIuF;ZW)u8ZNxV7^k&FUEoUxh|v0^wI@JY+}^#R;)Fz)?i~yx_wgYy
zbX4_Rfyt;cJF)!ZF5O?!>vyw?%=%)s2Ngo&4FEDo#v&jgc3`fanYg|sUQ{Z!%duh5
zH^2P`;~*Ui>I6ga?l%bKy|Ii_NKq+F*HGIHZM!I&rJAAF%RlOZv&Hg{w|9RDri*xl
zLfOICVaiuh=~SqpgQ!Qum8zZUw(mrzig?-M1w2ClKYPYLJUc;^VED&m8=k(fIac_R
zt3?~RGaxH88O{Wx=S%kl&L(I(5RKrCVH=XJt8bexHp=FJu|@8}wt;zm)kOHiaVM-|
zr32>*;9|he-1b
zhN2aO0WH#iW@*6k`nJc8u9!@Ocg5=;)5&Q!7;9JX3x6iXYY!w|<+HoYjtv!&w;S
zM87-(i+w7z-F1{qqOyyAvK7ZHkvF|Iq=`7hT!QN>s18?WOYpF)cD26i+4{m!3kr&e
zV=HS8D~Qvo$hQx0`*2w?1QCp^d}M^J2fNMIv)1Cot|Qc5A<_YP9y^Sy5jr4g?Zj;r
z7+7wEjG8E?Z9@TE2jrf$geJL`Kr0Y+a!9FzuieW({|Lh50tUHC#|i=
zu6xb*z+B$ZHK}T&C%g*Fxw_Pf
z_e#Ph_$o%wTr2}a_wr_39Xmtr%J6K3(GmFJJhuU|cs+Q01$ex2Vm%zxAY
zsW`?;TV9F-TdLdgWR1zVU7i;xrna5v$sF=faBXDPEKn(JecYU|n$HOmnVAf;)TAZ<
z0u!H2gMV&D3U2BmI!o2)#8G%NjB`@x`SDA)lIXogQ|L?
z`Qixh9@dEqKkk;WvE^AC+MzEm|O3K*ABx
z(=0N_#Aac0#31}i?FYR!l(k*LMS}`l3r=Zay+Y(0oYHo$gvIgZI7kxBAjF&$7Mcl>eM-c7$H%DpAw6}g!==BrgFw}GK@*`6dvPFY
z3y4)KWt7Jj4RV=SuIf^P#a6^jh`ILA4WY(RRzvy12B&0KXx#N3eZVuVcr!2@rDo(S
z@ybIClPRH7D-Ld0K~P*@sKuCu8SE|ft+%r~uB&gYpdB!{Ll?-Z1?kL88niy?#`@Mm
z+LyEzeGa-iLvb43Iw4${$VfeLr_4^JX_0bC4>7H7#fK=RcKA9u*bmxepr9avb!<2P
z!&;}z|DR#H$4c?Q$nX(9uo({A2+?1N2SO2gL%k9XIP-7Biv*S9o1uax&)oUV@`Z0Y
z3rIPfcj9+<+J6ajz{;$R@^qsJwWQpHJzT80fKre)WtKhkxlmImYjgR+%}z;TW!C2P
zEq&TBKf^J}VQe@^BZEv5j1kPl6Z$otw)d8o9>bZ}v+k|MF!tSc#d5d?6`3Vy$F{?<
z9WfrO*Bg7ZyCE(|EjN^hWi>)Ppc7m14t;bEbp>(8a6fE|CCK40r}frw7@?EF*CNQ5
z*S9V)?Kq!yU~nS@gMDVw!1YNt*NdsHC}(YG9Zko10v;+pEL?F^!0&^mc)J?_egZw^
zjtmrhq&Gkm-Tz4pk-ixYyc`a!oY(+CHf)3I$>qR;QzRJbO>qwAh;4JFCgG@+Ylp&b
z6vx3~&z1ItqhMQd_~3BdMlxSN(SngU9<|frxE*MXv59Mc%H?x@wGYE-M8ZyAY?GI)
zA;gx}m(scUh@iWmm_ene_N@{Z)vH$E1$XfA^B-X=GuO1owjGbtF>(DX))lt41PPHT
zNY3`c7pTLt4CwnA;n6-c5oUCeTP@@@S21S;kC9bpLkqyHM>TYe+yqvJNBnTI#)zwe
zRl7|sEzKf?A<;UxjQ57TWCJ-jS>*p<uro^0Z2TUysuwH1RXEvM3nN+9V<
ze8wh*j1jDoUUvh%YK3SSYCw0b++FVV9NUVw>O-sHLN56w^Y>IYPOT0jN3IalMA#kL
zw8*La5Xil^WXPK)LYsn>k5QC~J2c3o(Cfhv#8cQJ^=6J%dK4ja(|W4k0f%!3%nT;Y+2C5!ia&=8#Oe~Z`!%X1v$56u
zZjFibJ>f~$Yuxg;?*Xc#l?&Jw6hdXvL0y{n*c;I;2)#1uJdL6tIv-#T#r_D_PtcU;
z4u)I9Lo#%*zr(??bTCS5q_?~WW@lgVpv>vC&Xhr-HpU;!xJ``Yt^&`%*}kyn{$*?OYfcWSlU7u+y5UABs;Yj{p5
zla_o1Hn(npf01~$4A=ibKzB^V{-R#HvhG6<{&(y{v;O0K2p1J8a$z9FKJ***AxHM1
zM^60X`%v)zI+5ip(;akoxZ7%-2Uvi^Sw^~b>I*8Ab#4#&@b9=Nk2_9DB8{m;ytj#N4Y^pU=vufa_(=t=p6KRi-l
zl~G(6p4S6zcpFgPiZ98436Hom`)$(X^UOg#eb&y*HUN
zYlmW8MxIVa_FB(`Rzee6oJ~|Z(E9!BTOR^gWaa>CFl87lu;T{Y5!w)Z{R_OX(0v1L
z-SBPFr24i+bUe!x4U|X>vOPH)LId7wOpKnjd*{Q2y}El#P*9~UHhhbamz#ad)9`wogVV)#mAi(
z@?n3=yB#v|8e6Dzjkb7EnYBh-M8MY@#E@e~Jq@mdtOCpSH1xvCS6}tJ>#B=(bxTQ0
z?k0>_W)6s(*kM`UfopkqM}TY%c}-(PLTN@2uSZo*1cvY``Y3#(5-eZA4)0>slKRqd
z$S!K`S_)5`crH3Ydy88V<^FE$e!K!F_CsCW@C{CIk@6|{?_@36lC&fN7aqk0GMUC(
z@f}5~y@0~2@{*xTX&=%+U+icc29F}vm!^ad4V0+FJp^&<4N$q@Ze12Tje0(~IwqPy
zVH$i%u4avoir;}}q>8Ojvcol<(1jU
zY$$x4RhcV6M@a(~xTYnwfbXy@u6~CLFA%xz?F5j6@Zq=c@sL&E(w%#&0k)Ir$-jsm
zF^@_>27yO&BDieUwPdpTwcF0Wil(kEw{$J3^V0EVvM{*9E?NjI)1^(+XnxmBM`H>BO=eOn<6g_T2_xd+y;$;M|vYq>>y`Vu0T_um6PFUrP&Dw8NF%+?ow+AEp?Qt
zBS}9PS}LlpS|NozEK(_SNO<_4wz?@E9+wr|%5!FLoStD*bX?V>t0TOzcWFJFfnodr8L
zu~v$^FQDac?1_YrcMh}@2N?9NyTbk7c6@cD
zy>_U;$Y;%}MA}yOyCXql@CwN>ipH=idIv=Kya+gCje1qkf8l-vp>5k9pd=1E?r;&5
zy+dI^qwQv$}PwgJU=7HjyBd
zBa~E1?F3q0uUv|@xG;2)Fb-lGlj#%KAKjf~A)W(qBc>RIiLa9pQyZ*l#FSgz-V*zW
z>A~TMi9?Y4Bv&URrf5eoVu~8vAzSVFY1pSLX)ISqOhS05#Vy}*bgjHqjJ}$m-6?=;
z;{U|)6Z?QZex^tDi(qI))BmFGfwlw>6TKv=cYy8x*E=A2{9o?~UbYc?g4#ROyIeyP
z--DMi!EOKV!4T7|O!)8#7x@foa9CDHDZas^u`NN2L-3HVa>f9gS|Y0{?y8Rav^tIa
z!?L!)GZ5MxtR0c{1h|7$PLWq&ii#eitsi1%qBE4k?tV51Q|D`j*ZgPq9zwJB_13)>`huBGjnGpn+c-E>pGQ7j%RQO68albz7
z4nNZki<kNX4BO$=H-&YA&^O`}p>O1?c)t|5#-p$4
zoiMsya{j5z#UlE+{TbXxO3QhIgsAxf=dkTcUhveB88!*-s>g&g4j$wR%7=|$!hsJD
zhn*2=R7^Szog|&`l`haSLuXKv2)!>&X$W{|s%J7(4>#{Ggt)*LO_esEgm0*$c@Q*E
z^nJo=rgNW21aly=LhypH(D>*l6P345i3WtDh(I)8@sbmC%2tG~k#=iQPKqS819Mb|7K_H8lmVu;-eERJR
zGWhVy3)BwXmta~>QP$t(Dg9&OEFiQ3hZ;51<%1u%Q#s*tzy1*?d~V%v!k6lv-^hh-
zr3G8x5@$bhl^%*t*iP^IdazO$Bs}k~-#;ctQ(E;?n;_^OqOXEf2fYjBJ7rNL0|#}t
zc_NE{m_(v8h14j#n61WKhMK9=rqi=j2vaIV9}Ig+b~GlYFbBqC8IY_Dl`e;HtWY`R
z!?i0hHehL-QouQQonqp0?3C(CMlAuSMJA
zPEWtDP!1MV((X{!1C?3JLs>PISr5QlPKRaH%saOdk{R^>NbQwbHC5U0aCFwn$Ts&RsD7(fNW{#0Wj+
zu!#@1Dv8hi`bQ)_w{A#$nL#=|kT2#5f6Gi1G3V}d-yT92J7jNY-47Qky!i?$z}l6I
z`r@6WbloyMu5yRT#8c&7Q53mT=^{+U8X`@kxd=!2ijr0pzDf07(X%Q0x}Do|!PJc(
z7zL}?9XMkQYdcqPd&WU}8qM{OqL=r%kX_#;Rm|u
z=C>>uc(_|P!Xu2BHNik6dm7wxq2A-7yh&n2K-=fOIgPMzBN)8sq$C&qC0%m|s08;o
zl=LX?h%Xu5iqC0-${pAVp2X(@@Mi1au*OSMXe-|2ycjktqzjgX@-~$`Z8yFG?R4BG
z@9&ehPZu9STN2&-TJiM_#k~nDeRK~*BTilGV0d)ec9GS0trjve`wM4GuTAF&oA9Mx
zVVjO@#XES20&mO3ms$(^LL0;@G~l%p7aEKq4`Zrs5jm_RqpYW_-yv!RWh_E^=U#X9;8%l>;_3%|q?iFe1*J&cp!Pz0aPZR2jOol?6DshWE
zE%ZD*uD(;pb6$uGt;$Q%X{SnG8xfflN5~`RUY+j+O_-50ylfKAc{sORiJ3XH
zE+5C3&|^6uG@k_F!C(P7WQ>pa`?4t?tzf`qgNEvwMWWL|J`&-7Wq;cx4_hnO_^yBxnkP0
zDYGvY)g0;0p4_aaxInz#I89c8Pu_WOZf+GLjM^+>fny3R?<(0!CK{RW-S>VgyJ3`w
zC<(>Bc=c54u$~o0E)}_Ve0#10SZRqp$~7OB^MwKM8V^V*|8bqmFtI?u*Fxv7!Bu2f
zu3tGWG#;G-jhs~x<#EU`uI}C}0dP}_S!Ld}(!8tMysN^r3)gWf$Jc`Ppk_EngNwr+
z*P459TmNu=jvOTM?ugywTI@Exx(b71N)3dOcT9mh5GFB0OXX5Ah`0^}{|2>9l@lxE
zOD#dqrC5c_4Hhp3wJL(gW>qIG!QZCEZ#W4$H)*MOe6>8Q0w+RZ+rgy+;Dw<85Ng0R
zOu;LMm{DSu?A9wzRW>cX1gO9YQ7KZC;3F@hszH|yb&JCm9bUNtj|?@gZ;p>^jH?gf
z$|W9_^h|wRV|hzPNYoTWUD_TER^EzZr^G-bsEdwb-7Ip|URg%N8ifjY$A1OP_~7@g
zCJI%ic;`8|FwrVjPrPnLA07%Fsu8uTQY=?OqP124U2hHU#9NpoTyF`(T1yn{z|tOa
z<5b!R4Ye|CLf?pcaQWjnbg_&gd|{S!(;MWbVAax#)dsJs5?|4p%F>nKKIldil2!0)
zUBYAG!9{-M{pmq^I9l(66S7GB*M|wXnOAtPvX&9iN!jS3Q06&W*9+eVj@?ID*Th^J
zguDdZE^@tXOepK==v>qgQ5a?=RpMowpk~-BaAJlp91Lp?lcUPazQeMfhP6;}8KV*g
z5bu6*vLN#?udnt?J7Of1XAa8!dSF5(>;e6}FEN$#HqZx``ypMr4I0Ap7teQTP8Dod
z%}H8vCq|>#?4~F2Qfhc7eqT6iFAYL9EpD~q0in`;VN-i$b{g)9)Ft+@dr-NyL1Guy
z8D9$T`;62HbH8@^J?v#+jiOTPU<_l#_{|ZsT^~UYhlD-e^P*;&Me76DJX{^ZtFy%}=~Y}&@wQY6ywyLd
z#x&{ii8qF;3WE~d6tuy6r6AL7C$$Uy{#Y*WJeChp
zJtRD*2l4L@)iXK`RlH#xS6Mqk3%5ZZ|2C=r_-(L`nAIUxS?y5F>L}Juz&i&X
zflCaqEZ9vvt>3mM`>1~B^+JQRLvm@s8peZSu1>vh1O8Bek5U5bHRnj-?j2GKhY&Ow
zC;6d;+e4)t@Cyuar9&=T*n!iE(!-vCmWHmVjDOzW<5Bj&NrPM6GYEbb&j?y>f_9qn
zoLH?FM7U<<{YfD2;tAM?X{tSXD`aU@#`?1uG*|?GVwyx~+=ib;;y?V8+uKK*_7}`a
zJ9%EwoZ-XI$}KF-8$NtS>DA59&XOVQ*o=F#Nm=7^hFs(2T17F5_CpL}CEuNJ(ujHgTC22*a@HaCJi^aKf
zX5~4wZz8*MMo}qpM1g=y=w?s|>KfRIIxeR|Dd>#~DSN#dDLXpT2M_C1AyAh0!_h;?
zO?xR3-8==-=7B9bNmsFrLetCH33Ur2-Pqu$S_7v|*_
zd;0kFqSa#0a^WY?Xg;K8uMUJz%p5*EqVJ&&>3H06X>;-}
zJQFGxcIkS$+4I~f=?d7SMf5nR;0qwh6rislvk93tJ$DY~uW5Op!mQkqg89*QD|m%p
zWNot&U`Z!-MD&mi)QL9H^?+B43g_pYkq5JgygAdMl@&FLrk$5Jy~J%2)}K-M^Ya!A
zNXwfu!?K>4;K6hkI{>C5rN%1KV5%~ww6M@euh~WO^Ty}Ro|fkgOU)+Tue0(>B|~`3C)VPaG&}~U>#j9$(gVlJi?QOYIFzie
zxzKfNSmaSLigxb0h({-Pzvpa1Xi#1c=e@Mbf*O_Ar)l34J>ThAwsv7
z59y!Zev3;wKk#y#b75d@oU1iK7BRCs*!G>>tQ-GW!UyT0UrbT;PLv
z=Z?6*3-QjY2;35vdSe%7S$yEPc;~M8>*2HvRNC#wxGcxn93R-2;9S$?O}Vkx@qv}`
z&cxJT;+%znPve~1NRvTVgRTMR{kXv00jD`Wuqog?*(J~taK7j=#c`SvQg83-EDi)h
zU7gzl_>(M9|H+Gy`i8jFmIUXSxIklq^DSt(S*Ry0cS~|R;#U5)b@I$w$-Axt0J|%D{6Z#;QWBKElWsU-ql%?
z5ZE4Ymb$eKy#`geD=xJ0q0)g9xxg97pGnyaBhkV{G8yd!{ec=tqC{}!0}%OoD~Uye+Ha~
z==go*@y|i)#|1#OpW*^rx;P(_Qay@`mWoyqD)y1bHpkXarC
z&7){gnW9ouk}1lNR63(!bRo~GG|KW442$%$Z&~V;u(f5_eb@K?UCo^YBsM)9NM0i%elzk`$JTwDCz$?B
zuI$;e=t~;&U1`~c>qTdmm8~g@E-zyT{-A6(QA#^2+BU{0RkmL=Np(wF3w++MY)o{r
zrpcHzw#}tERL9|7lFZZ*{W80Wsn;7ayZ3#?m@iG)w+4M5-_f7>Pw?^hep25x#>~l;
zU6YIM&fs-B0N3=>_-vRG-#w=x@Uvu_mr-F#)vEHmGi;Pq-Blr@{SUUUh2
zgd>vIn7m(d+rM3ER+h9yKQC+cGD{xNM4#|ZE!qCvQu7&kcb7GLtt|SeIPct&?bnhm
zosnlh8iP#4hJ8jy5vpTq&V0s#T#_rFn~UxWN(>&I2*1^5Cp_XW=C+)9I#>R3F8Uy$
z{W5z4Q+q_&!R8E8cD9M;giaw=2SeK>#-N|#?TF7OsK{+zcAUAul+QNNZ3!azR{&fC+UoJ6
z`Hb1Bm8G27gN2Tp{e$`W*XHlvg{M|6{&oRWd8>cL61T$uw+!5~N5gp!X}McP1UIgb
zyaM-4v8LkfBis~R=bx76riP*x$=d~z^^42&clqK!_4T^@a^0E#sZIZj#;DI*9n&c>U$+TwDB?QAKHT*ZKd7J`ilDY>L3&fx2cW!G)08Q~dq+01}C@{>jX8705gX56o-{yB|?
zH;*I!#&D|9&`zfQS&c@t{~_%+i6azgJ3;eysLUR++X40LtKp9)q79^etKQ`ww67wW
z7DtmYah3jBAxvkGqBL$tMmCf-XEjILaggj+h1gV
ztL*9kE^-ykF73qgZ@liDOI~n^44X?e)!1M6I)){%57&I|*4FUSwpBe9pC
zxOIgjJZJ9=_|g?2d3Q!ZKJ+-`WSOh-zO`FBkvb44REqvj5{nx+t
z9au)IZNJt5U7IgDIyfD_<$5Rd>kQjXf_kd9RF+#UUR|lB{?>Jr`NK>3TU$gYOjye@
zBa(J0G(q%?bFoyEMWSy~K+%4SJu>9SPG71&&Kiy)ztJ4mlCmQ?hHlpk8lf-e+
z1Qu}U-HpQNiM>by9*n`6GNRAQh=DU6^21M8cb2Z@ugtk<2*)h)@`&uT6&gmHmCf~&
zHH|~7Td;b$Ok4c3>aKdd|8=!+@mgvjaT`bPFa}s%O|e9%_G3`jMSdZglSaWs{Vb|p
zmn-L_)!W<)uIn)%AA{=WMVG5m-_GXRF!b)Ap`eJn7V?{Dc@
zZpD&nk?fgC^Gjd#?uI-Tq5@MFf3ml}*u@{*$`K*Bvg6|rycp9WqRx}9px1>Fm(|aZ@+LH2#k}hFBS84jdo?p=(#Dy?Fy|f=d|p_!`hu%@
zNxR}O1V<*tmp2cF57mHC_-r7rO7&H4%ed7APs?y*=jFvN)=k=QSGEUYQ<6OB&vW^J
zQILeMsmt0vE4N{r@|G5=k?SYrJfT;1$pcvWUEgTuXAOF0OLzu#n|{DZy@KShw*_BW
z6)=xpNma$VK7e#gYm|*%Se9f#$HN2u@)f<98-{$Ya?_2opQ!!5c1pRXs?utn6jo@pQv^#h0pizfaxRzi#U^%aH
zMY3F#Nw|4QPw${B;zQS>g7u`E6J36YJLr6Yh*?<1gvY$#q-uCBSC&$IipSZ+r(uUF
z_G4e2;Mo;$&T<*RaX&8XFEVKCvJ_Q=p$C+pYvWb0T%>PXJZ@&|8G}{&&04JE-@1ly
z-SX~%hgVwjU3B?Y&
z*>+u6UW~LecWd;!%G}7;4Bf5`6=%K3-4+f&mAM&8FCX-pH!OqHm|pKT)!M`LZl|;?
z7qXCXs^Bz!4d0DiESBmzq!ava9w(BTustRigR*1Jx?c-gr~H3YwgTT2u0Q|dc9#DG
z+ZpXG7`HRi3$hDmg+HN0ZU5jBiNSt`ENGo!XXI*o6-yY5OR3hV(nZIe-+R558MAfm
z{G0ER9Et&A9x4y3tGzA@Rk~{q-7EeGcL%yL1S2?y>Uk1{mvt6CO5_Vu5R&~E)epDR
zaAhYiW$+6}NMlN%G*;)SX<<2%F<9cthOg=MTDXp1#%naZh=VT-d2G1^&&fTvBBwc~
z?p-|HPhMvz9>D_rD5bc86EE%Thtj%P2BWNmY?g%YCZ`Qk`z>UP3W}4Fj35b9IoXAG
zW)`kIVy$9-e1=j`{e{%#>8#lc+RV&t|D5TiCTU;(<<35FVqm
z))rF@myboK$HXE>l|f0plwQ{s8K2RM8wC@xorW|xSg2V>{DSp7>TnfH5p?bF`oIo^
zT*(%=gv+OFfV03GY);i)d#*KWTZ^gdoTO$~i{Ytjgu)eVYT3#K8T!6!fgGlmAPGZN
zCftBxG1U<>3%QbCMVDe#*;ZL{=8tn^VhK&T2rcT+-?6H#_No9C^m}G27r$)_BjJbC
z)d9v2^^3-FG3dCjPol(ud+9ar#A0#W?7J>C)*y~yYm@7yK!pYskX*D{(y?0jyJ`9g
ze68&U{;SHayOX}hR&^-g%V5>4u*xz~4@`vfQD)Gbg`AY8%#UhMt1bHyhF=DFeggA~
zU={-%9P0G7KA8RLrb+$guY3Sut&Au~YlwznttKiblW~wqzxkgWhsW?N$YsDn7|M1J
zQXv`XzJ`HwD8?Aaej-dzyP@*XPEi27$tSEpjotYsjPfE}jipO={}9HwbQ~4c
z)Ek}(CDGFgufg@F&f#!hMo6Y!$Aa(acqD#CS{wsoL!nl*K;Km2n-?1aOz^aoPok>U
zIvu$Q0uldY+9(_~i~NSn)G14&NyFgpWyk_G>Y6y)FiZ{Gur6%)W+(8Zr3HNaeivT7
z7HUAsHPXT|Ugy#v6{_~t%b_%!-I}6)SICf&y5MG*hRX|QDpwp#0yS)p!Jb0b)8|3i
z++yqNa3Lz4hkMY173WsG+0IwL$(yi3L|=P49DOFBBk1I*+!BDWs=OFjo;IvH>uVA^m
z7SCMBa!Gf?QnVWHO^~t|dT(zX(pjN__lnkH?P9?px%_7
zzHl%{=XUMwaai|VFg&vRXK(T(v%Ic8dWBO(_N8x}@25^#6v;j0B|f9A`Yq(%7`gN0
zn}V)Z<~x!sPl7&`o&=`%dlwY~pY+eyzL%fnGIhQy2_f8H$5PG+Z3Y*Wa+$t7RlI5k
z%wFlW&{|hJZY}A@Q!XH79Q7jyh5?MD@_0Plog{N;RXg`SnjD$b`mEi^Acv?;RdYo5NDAhp~%i?
z+ym5ANV=*pWUQ?>NX?*D0-w89BlV?*KOj?2GUX(_$+jY`UEYtH!AoZzEViw2Yhxf~
zOPsWa)H@WiE)<foK=ltaTdq+mEAT<;f3nBgIqwu=t<(V8){^yP~jB#Y94UL`t
z|9A&N$E$NIo{|abPad%H|J4K5@5}H%9mG5WN
zWIj(#{RLNz=%e-x>8oeR`?&FqBMH8>3|8^Q?{5V0T)DR~9M%2Kqir!fNj>B0aL|m;
z2hI3czO8J+d7r!)@3^!h@65HKHhdgdnMYC{wHoUvVaiKr1O_tz_bx}50
zt#=y$B`f2=;{NTPU}%k3vs*omUmHXitODN_dV0u}3)?`GguNNeSr)7axmmyaM16QTKaxvo(V6R`|e$vv_7BF~@(!
zPCxhxmouwnTSEGoKHXNE)LGcx{wM7J^IgLEkZq=|FSq?+`&5CYw&51nZl1mci;_zjgM=@^(a
z*whoga&s1ve!{nHae4o#t7{+I6A?tV%w^di1dAkvOXPIJ2Z
zC((R^WD#aEEa+<6mQwaL^syrcoSrm#XZ;s8+)=X6qYCDDcTaV
zqn_L`0*W71uP
zr6R`*IJOEWB=Ho~p-tT_tV6cpL!sa@DEO_rS{C=agLk6l^O>|g<%8Y~zf3>d3ZKE2
zJ}YSH)BD|V>XbVo+3+ymwTqQpruuJaIP+Kj6-}J?V;2R!7QrE)!d|Bzy-J_53W-=p
zG_&_~xsi2gI4Q6na`VX)Rqh(5Y_5S0r#
z5DO+E*KvbRi=lEYZvt)VeXe~SHENsdR{d7#3v%rK7^;-}1&Sw`78@(&J%Q^wJR(c2
zyvKC6os552H53eVtal7Qx`z*wEC!2eCfVw*VuC^2|4jAbN1OUVJ$WRYOV`wuOA+V(
z-*q;tq+qiCFS^dg51|)*|47oSI2*MMTMb4FcGcy+ng7{Wv1=PCi}h=_U|s8#THDN(
z+B%LMwgCq>{tNvR_74}~So~-{=^u^$uU~MQ%|6rpKP&!}=@;(WijC|4qD{$4du<&s
zy>AF(#=1m+*WRCGtijN;IEnrSuOKPtSFYBAsoo7+$?PlhHyQ59Xw3KRu*Af}I7Q-+
z$;c>jZm^Lx+A3aEt!1g8>kbk5leXzpcPaBbrjvqUcbzu%IFGAeRyl8n&4gp<)G4c@
zqOW1$+9W#}hA(fBOIJjMk``F}n$;~|T;&GU=1dG4Mbh9t}UyH=&b!2`NF=f@0!7i)Rz%giGy(wh+?~oKJGID!+rIEQQgg6Lmp6E
zxk-u?$giBOKU`j9CAyYc{>|MpysDppdRuFyTh|xvmB+P15HoN^*6LoT*g>+l(y#Ja
zg}Ay~f+n!Uc~OHcOWjxZvP_pD3xG=mlqtQRlH;pxrt~eIMe%zagLdSL=$NegEzuiM
zv8g?uu!(UNRQNXimQLbB{;8@@`IVRdi}c2bi*DoD(q&EYXGK#!i~~*S=eY`V6)%9N
z@d@M=w!E#fEiaY5Z+R(}^*@$2;UEs>mR?fN&RqXCX1d0rO
zj<$~TVNk_R+5gw`8QU=m7%ceFjyYs6%M6SC7k1Tuf9_7-rhe5iLn4d5n(>R?nP>x}
zKj{aG|BK@eNzBZ85#0f^5bX-1Qr4kSUC(x(zb#L_>+;mqg9Q0MW^$WdExMt
zs+ody6|8NI27^uVa*GaY#zj?YDR(e_6|BO7l2qGEO8ol}vc058t!EaXoOWOwD`)EC
zp^?A#%L|!S;-a%{IllOLGBt1G4UK=$?iV*P%YY(FA>Yo?%uxy*`I0{CTVha$&f;O9
zFNDSO(YWVf#W5Evj?2Okav7e`k-dhtr_Ag(*Udbf(B*c3&tTBGhcm=ogRzo~rGm40Aq!buXd&2)KUn%!DZeUP?MdV5JHw!g6Uc>mC?@@o49n=d*$
zDM}@ygfBm@g^S)!ENpl_rLYQC`%)D2T;wY6FUj`TKRKG7^pb)e@}JLYuH&%*Soa3^
zRHaY)bw*P4k}h4?d9rZbt4~-h@s;fM!{%>1c)cCOOND4bY>`e&`Sg)%jY8!UngU0%e=<^#7D
zNiJ84T>CD3`lyZg-z2RlGk^@|)k{!Jr`9iVcr{pL;1J`ogU7jh;n~T8tsJvBx@Cvv
zWGKuSgjv>)I2_Ru+vF+dLTjpAwK};(wIF^(OMKuYf|Mc=5y`v*?2!N=+5^K`CvU>i
zBpc(gxRPtxaJmR!T;`gkfk6dBU(wLf+5|F_(VshACH*9si!fic6(9Uz^Hp0cMK#`(
zzNyG&=Pf8U-b?F9-^pI)TETzoP7`gDa>-n<4#3avY^4ixR;8avHO}?B*TTQn3kv3q
z^az735z^d!*DDwY0L%I}^$v`6Sos#*8D{t4?;f~Oxp24(JAL-HBZEVzWA2(wf
z&;RLo(o{wVH;&6%&^corBYvsk`Bfpy?I(Lzc#nqHVFj$>ZU1*QbzO!-)HghgsF@7}
zNna29-(G43+YQ8Rbnnl;YH^ch%6WcFaN~H|;nw`5g~7?4K$R&AS1!xeIrM;Hu0neY
zciv=FNvFxq5tDw`9Kj3nKlEQ=8>>(KFc}T8N>AFdaS@aFw1~^eeT1WQ(tv-1rT<-a
z4Blek(ML?^+-cAehm0NFZ{oxwCiYva)t297k7FiG8hiMdUzJe)R{bWA9&_ZRu}4hE
zYQOC#6O~Gi`TMzB+kPox!vp5%Ne4w+M+=_g&)JjEqMqs9a-#@o_}8>@m-wd*qo^6b
zgAzLIadp34pMJTbKU?ul9o|<
zT{)$qqxpyb7UK|YxxaqJ?=AVKa{o?SzXaWrYLxDT)XJMGzDDXcglb18RaM?vqX85i
z!|#>1t^YQ(>*w3oXS&rftjiwMk!R9_OpYqYY}^7L4B}4mPc6Ek-tGkT%Z+tO&tGbo
zVU-r^t{TLTM*7J(a{qEgx23*UV7_PON)L+}eJNJ?fWR#DJ%DLQZZ+MZ=p!C|6=`o0
zrG8t4;oWv*5tO<_sHFUiqZGbYMQY?Lf;K{G3nF5qSfTLi0`~yaCk?Caw*?+mYNCAs
zA4p1IWdCxT4=DLl56YaPe>=rcj?Me1V?QNbqSqnr`^bzmQ*a5L!N
zASh`=CH)9OToM*hNi9Xw&=yUAnLHVFBxScoQ{lt*@_A!bQCeZ5J|OgWYAoDb;c~zu
z0UbhE+@R9k6=s1?1vJaSQWDcUv9y;GuLt3QG>NjxRFwk~m9K*NK_T0kw!0EpLqCC3
zqtu$F%6drY_Ek<>VCD$4U%}MPN*Jw#0o4-5D`A``h`mw=s^JtR%=85L#6Pyh9?^P5mC4oD&L0+%)b3mO_NRO(-raP2m?gC?>V?{d&
zw$NfPBK=K=>42)ji!9*_fIoPGSgeE>ETL+>C~AcxDUudm24|(dWvSbMwp$UZ_(`ds
zS?a-{omvewH1lW6zXaS{Jf9U)U`1t4db)WGw3pM=z}Af{>tir}@+_$dHpVdTww78K
zdYj;|BOfbO3$ueIbOpGBC*0T}t!5|7+6RoWo<&cGneA*@r+{(3XEn&MF0icY!I$Y&rmhv7SU%S<==@l1@Jrgc*)x@ji-6H@^i6}&v<#o_Xy-a0QQNOZ%N}SM|GNu>CC9b`ze_mQ-uMb0S+m<9b86syFMWwq-1hT
zPyE?|WU)+@9Udqf4s0}WnTZuYHjtkJY-&dS6vd_FR|2~(gP#@P4+DE5gU<@|zYXkz
z41RfluK`w4p0@v5i=#eG6JRYe_`Cq`32cW9ep`SK2R7Q{+KV1k+#HYe8N~boLuX%Q
zEwQYt!MHiavYqioOIQSOu_M^V^Il-Wa$p}3mnu@_-&@(AkX|DWO|Z&;v4kc7TR4JM
zUZYf+H|I~&6W9*KMY*=D{d$b!yrq@hK*{8oarkqLBkN?U68m;JAdzUJ5+s^A_;VvA
zyo;jlBPT_b+Xh+}0e_AhnxI;RvwNWDL*QSe^{9Cx15(WjEQxW1ZFPK*Q9EFp6A#+@
zae@2*V7q4IPY>kB0y`ojKTB~LDrNw?$jOJp*X04}b`b9Oq+s~EHXywU!aJT63}1Hy
zq}3plR65@VBhym>sR;;eJt-JcUk^xqKp2`L>0Bk#p!)g!fPNIHr+K=c+HC9kB4Ex2
z>xLB5lA^L?gk1!}Qcv;|n`M><%um7k#xteF+8z2S$;7oV^x@Fv7Wi#QprsQC+jvso
zl7j-$ULYLkNx|H3Vn8|pg!4T~CP*rk268N#MAjHyc8S1F&&yydurE68vnx}zTm|q1OBo0G*_l%@G)3lc_uTkq;3JJ
z0@ryP;ZSdg6~ZJts_d^!(*=wz9m{GN85p$(utOZ4ct0G{jtl6gfjYMudLnJ}nH2~=
z0HN242xhy+O@Ykk;Fr{OCG-x{Yd`hxV*$Mhs6C3%vsL+OAhSF82YVUs#IX1u2lP`x
zy`l&`TZ%P-%mVPAsYb>+s%}1MB_DvgrU*S-ik$hO=1IU_HTC>cgR2LC57(voytl_L*}hV`Sqj=eyi%6kdgCW0NH*Vq@T1db@qA5bF@o2J<2J+*u5~t4
zoZ%qT4cImryo2Im*IvNJIXoFrr90c~whHLeK)uM*{Y+??`vlC}!Ft3qvo0GKFqeU~
z!ZTTCVeZET%v^&gs*6LNo6Y_5fVnAHy*<upzjCjVTE*Ctc3yd46rWt%&f7C
z1LhrIJ?fcRV?PO)Z-Vu?XBIW~yMUf=7)6b6s24ol8XK2OI?lCHCPR(pT(BGXhf
z7YI*#l2;c_uyX?Xd!R;*U5V0kXayK7a%9N?bdBjWWoEu#Erm=bcsnLWwuP{>(|x29=O%mp_R_
z<-Za9h@zUfRkbmWYV%mu(&b?#wgG!LCs8a9k?q}9D;>a6w`grY$bGpyo9RPbIIA0~p+(2?MqhWZN;f$r
zz7q|$bdyu#ujG7Y{3YtAbdwoz)i*q!6L*mFxp8kfpBE36^ZD`Na=swGOwJd@_sIE@
z_<1>B9;ge)H6HoA?GXOVRD`upCIS!;`8KueLP3bH^g_y`Nnvuoae=>vixPu5kSfr;QZBUYDi133&wiM(eP(L8T57C|njXgHnj7AhI+1yyUO{hcvm^kjSrUdwefU0Ul-pb=fB2J
z$@zx(GdbTB*ZG<9x5ho>e0#jVoae`r<$PCsnVj#A@0as}_%%7-6MrG+d*kw7D1Tqv
zO3n-8UUI%45fR)KZ}vdkQqB*?edYX6e2|+y$J~=OqU$^IPUjV>~|{mPGT
z8bwq1C3gVAE=Zf$6rZ<42o*t?A^3cm3_iJ07`mf~?Bn>M`4*MOG`HId^38XR55brE
z0_Y!au!uF^Q!db-ZHoIJIC6a%niX88hUR-!Q05arUpQDNjplm`QUW_`;t)Z-
zo8EjF0%cgdA(Li6+7KN`b2;He%@366$!v?{K7^Q~g+?hf6v?9;WOhsNF^V4t>~xR+
z1qHM6V->#?*tH(toAMnb>thAq9|`6`;EO#+@=(qR3FlqlpL&ky(IT9t`TPQ`9Jxyo
z^v;sv(-hwXSbK*XW*a?%13s7~PM0uvUl0b8BrbYX@ykWQ1R8pv$D;h~rcqSdd_dI{
zq~XI>jhS#VK1a>_;r>e$(HDk^5f?7lgJ7C$2_*yhB|jG+EC!?HRu!AHh@w;YrR6pq
z$AW^`20m}wkv4Hgi&}0cNl!rNV;uj&k(&h2qC0Fv645efig75q-iRSbMpQCt#E4_%
z19H9@G@tY3>zH#-@J8Y|gt|}2=1lYy9A|j6FlQ6xTLRXi4epq-ViT-PT>1N8Ja^^a
z2A@;qhk}oB{EPXVnziByq?SPw#yE?L6;vYS=LeP_G|8aF&yAUsZwdb8Qq?V=tXXM4
z)h(}tpIALFmY2T@#;MA9sa)0{ha=@^<};gCSZt|cGmw6f!?Yz@!plmy8Q?vRV6LHt
zMXLRk@^WVSbQ+BE1CVfrXeABBMTMfsptxRisD_nk?Drg`2O;j
z@U=4w7Cokn2V_Kjg5q~UTpbhTuSS9`dy{=^*_(_g|BB+T;g4(0O-7fmhs9uLSs2?E
z-sF(-#!MqQiXNAIT6M8C+q$`_sA_9>Qnc=%H|%!--Mq-`UtuNmvinspK+NI4dnG
zZL@iN0+;k{I>l$oxpRD>oV&zV$$5+Tq%y23+H{Mj%ei}ek(_(PbLG5Mypf!@j@!z4
zn|KR3ZyWcL^LFvqa^60EOU}LH&tQFNn?CVsIqwjcN_yY8O3pjRx5{~^c%hv8$4|<6
zK)h7WJI90MJSZL}=Uw81%T)6Exh9>`;6ZJ|*C4X|A`Y_vLS{KWS@KL%
zN&n;ts`%BWl08txpGm~)B7;QS@T--$+*E#o40}k1e^ZHGp3ST^M^*W~5@^GIBs~C&
zY;HN-J40KJ^^jV1uBl|7(=UH9mAvNHFSi@1Vd<7~sV*(Bs{Q8iY^-fL>P79lHdEx%W?8f!p#<$t}?aIdWj;+L>XOI*fOYlK_deV&8
zyGyj`PW9#({P_qer5*Q(d%@b$j(f&i$a#of{dU|x-b22Ri4T|aq49J%kBzUwxf$~`
zb&skT(NVYSB8YyBGy;|KSP0qDQ6RFMbwI4*1-;Dg>
z*JvoEIKZ1|s+3W;G?$LfzW{k%!pL81T+`Aq<>zc>ub4{5)nm>&ypo`9pq+!_>s*PBW(!5_;KNw0Z7=D#J4D}
z&=U$BgybU}q$9WDPbxkQ*!d1O?^Avn4(NVL=7tqWnFsvtG-tgLdv%Ujk@(O>K16vs
z%dWsH@)aNBn+zl^EAtIMr`~2%TNN*@n9~_E7}-&Y)OP%OOjYXK_zn4z-<9lmbEBQV
zL#HU}jwAO2h(^>Yp_3&H0yxwYzNR{icF=Hw4vS@#COQ)MiJtQ&4N%S*3Fji&ro57vERI+F~)TCpBR+*}VCwZtJ}
z37enHrwQ9;vNM?bg>0#Xj98FKKh5NLh|Ey2E>Xg!el-afA+A=3xLRdBCbjx7#C@%b
zmz%NFX0tBk?*o#{ip{#TlC*yyAs5p_QJ!*oS+Us`o0DnW6~bmam0J}9$_I9Fqt#|R
zS9Hf0=?Rez@nn$xafLYQcG+?iQGFL8|M0D`vYo3}J=ZUb_)iJoG4kjKI6mFJnXSiaXk
za=pzL;+xTRTBq`Z;$tu%)*-k2qIRW6TT9C?t@C%#qBG3lBae*A?~@70nDVZ$7Dw)f
z&7p3tf{PSvjr8sgGpB%H$~u81^KAKHjrTbM+2+ZxN?))_M<8jO7mO)m8QiK1A#)ng
zb3CIC8I#4X_myxBuzNlJ=yb>=`CBVLRqFGgz2T{1psM;@@y~$$K})=!O)(Nv|35sLDI2jx&l(}C|Aln>R>Qz;Fp-b@4Kd`C0l
zBuncZ(ry9eUQZKGm58!k1J+Uy{^3cqOz&Ei4^tBB$b19Bk0dpryR{Op-Rz%}S&2+n
zwWCym38qaqYy!ifjYB1_>v|g{lzfpA;yY1ndOj($W;463AZ!
z>_DHf&o9O*YSTb9o1$i7^6Ik!<;49
zE!Ac+z>^)p4ngBKYB&)!pm`pnd6HwU$DdnBmTo6kK}wpUBx2@S{8{QrirWp=;-^o6
zeM3BHoJzV$l}J%);{vlWj)Erih?2xlTY#{AG14bWlI->Y;UJQ-+2wTGtYmjG2s4Ul
zYM><1bR7t{7t_=}(6j`ESBq)dNlAY>3oiN>2&;=}vYVG5;Otr#YlbE`3S2O@B**Ed
z>oXwr0%12CvVi|^Gp;Pz<)u*kssKB^1eG~x44^P8SUzyYfD0Y0Lu9?wsN!@J_vjDp
z{7`nj{m{;R`0hNLa^ku6!~X8Wt@yCR!kJK~8v-hBO$Nl}Fwtz#4p>bbQN=w8^dq6G
zS|IgIm<#Ow1Zyk_b4TvcGh
zEtH#?mK9Z^KR72ObW5tKcH0F8mUcr%@3S*+3#E#D`xB}__c9=Pj1TE!_
zrt!lwP?S7TmHE-iY}6B1kvK%3;ipjWded0KD|rGk7FN{I!PxADlyPani|C&q+u5dJ
zUl?fetUI+M*Cs2jv-9+^4sH`7B
zs6y-0;!%r`v=)^)P?@d3+PVl+s!Ma;-{!msT<(^sKYc%GEyAb)99+
z0pmu;(&eMXl&Tg>x4VHBF9QCY;}~(4jA|8+s}dpo6NFWsB>qy;8v&_&dt4vjP$
zB$=kYqNp_v)u!z0Ot&)<_Fl>+$qdGyA!LhfTG9goZ4-b^A}+Qmen=pH9rOE4b1YrNRD2Ma@G`JBhzC{hnc}iU
z{u0=C9+xOVRUhe3rlJofC>()>TH#ljE`5@wTcxu+nPz+Z8CXo@YSUwIBGOz%$TSo2
zX9`7VVCV>^>LR4PIVb)Lg~Q
zLr8zx$%buZz9qa3aD^w_mkd^mE#YT?rI?4b^g6hnE{#Ekk|uyUI@m}LlonYM;a`P)
zxJ;Nkfi*PEl$Ma4M8{VWm%KK
zn3`g#nkr+;=-u4q0B`aHS!pC{s@7Q6qhP$|S>oWtN77oVM(4^z;isT|L}(9}x6;
zB-n~p_F=$W09LRLQ^LOj!cr0*PU>roV!4ly{w1@J;ezW;y*pKPOBpi}gUhk_tB*rD
zOtKulY{7Ci1HN5~V}z)yrF!~|(w-oU_9R(X$--Dkn%HE1_)!{XGGVg)*nUmp{P)6w5cit<@kxysjYU9eIB@QX+vo|>>
zNK@ih!#{c{gU+K@FkCf9`4ey%u{A!(ZSfbNVu!k~^P8CDZi|mW`e8V7FKz0qt!;0M
zpNiy}4l;iyehAgs+v3ZSV9fO(%uka>3(4LVf6QU-w)nP4XikRV?c*M}VwS5C-ah8N
zw3>w6?c?R(Rt^C5Bj&XUK3OtuA5%}Bpo$l}eN6G)Q{skStwgcg$ESEUWi`i|Vv)Ul
zOdGBs=`*@RA$$9nw%p?(wFcLoj5WgO^Zn{Skn7S
z>If%!lC-xbNNGrsK*ns0dnejVn2p{~YE-d%g&FL>46F4SBz0)D4W=9W?6Zk1WOFdkh@OY7)DDZL*
z)h86?`yxSZ3sme~^Y&%l@F}&P-5K{Zq+p%Nu{NA4TG|8agd?|MlKmNi^hN5f4l%70
z_#A;p1DfFBO%r&Qz^4N`*TY>B_#%O?0d!{yHlpHa7LflQaiDGdTCgGY-$lXlEKqy0
zD(dKvvL*C?jl>@)wH-54xW2+Pe*Hmcy*P3M2uri7sAU>RUtqclY@h;6=!;{Z7uZ#@
zYof3@5a|aKle}~Yv~Nc`5y@vd$P8g-inmeO*}!h_IA=hM+xrU-0(&lns}eP!vo+v7
zFh29FeUn_eS;8)G4h}KUi2K!wEfsGDth2`{ADY@vNjrkDwi$%SMlyB35$I(AQwunW^%#bHfrCls)6SUCwIHVY63Qf(#qIv@zuXN6R2pNmE1
zcE{Eo99qO#X!mMgm6XE8qS}Jd)v*d=Q8Q@qAmBqCN1dfhEgOpx(orCsPEwQ5-|7WFn5D?CfoXhTCR>K9B8=~xt*rfLtY8*pg5
zRW@Q#+x^3{Z7hl;vmO5QCHs74o{B|@wgZ42L|l47Di$U3Cj*=21K#6yCL1S92bjf2(V3xV1oALVo^Q8*uk;Vu_!TNIIz*g0~dy|s42jv
zdR(t!`pA@IE<^Hlgjm;Vp;kCzQ4b_d*T$mAG|%DB>%~M6i&~tB*jN;q=4bq=xtBFC
z^n;5L2=PsUbs;X*sV&OI
zqWU9!PbV9;6&H&d3viMrT#*b`E*5n*z*&x9FTGEf#vnt|31NQ{<|g&!Vo?*3K80DxaKSZYDi$RMUjqCZ&tXz37A2eqfIpk!7$NGq%EqGJ
z1>p-%l66&KEUFX}XgwTik&u$rl#fMi1;zjzE$9k<(b#|rF=vepv?A3R}axc>33fU0T
z2T1aypl#U&)PP`)Y4%t#B?<@HYYZt)x2?vLPng(g?*-NUcJMsaK02#6+Weh`lz%G!z07Jt9quNiU>BOtV6gG^10I
z(vTv7jQN&(ZB@ICO+8Z}cs~V~(Do!VBj3wt7VS%7Q&%47zYME2eYgup?OT2>KKs}d
zzxdb`zocSQZIQ4Uj@%k%x+&zM3XM(mLFz6JF?nwOP*`JABLR)~a4o{)MOtH1CwZtI
zp(wu`C95NZy=(5h+#5cn*1-oL5FrKYOin5`wHR8Sr>4e9_8Oa7j?|S7F|86sWx
zUP7s!%uHb$o1*b|0J?{8f5Or@8Jm($#B>#~u_-1j$MKOD;6gX5aIvYMm_EYg)kH8G
zn`(&U<_h`M@&B2eu*k
zaGd+_G(PM=MMYv$`H?VBCPon`YN{XkVHa67_ViPIK55b=i^nW@w#eR?{
zR~6XU6y@$t%Ze&dP#Bvc_I5S&Y;5Xl@P5FN8^ac-aV8g=sv3nSc5n!0jwGQmTozRz
zHpO0M@XogNsc~LCS?`!DH#4AX~(yWJ<}Cr_wGq^&nCf
zd+C#CD%N-~)$fyf8|VtpIGqet;bK!i1FVI4UQ0_Anz!~c8=GnY!j_&yEkY_1o7x4e
zQAL=^YRbo^CWAJ;kZSF7v8k)TxZSfxqTQ=~S_&7NdJ>G69IG%kHJui(0RC^sG2*Ne
zah8ou390fR^e`Oi4)K?gY-~zMT|nsRNwmot?P61V0vzoL(i~W;mgQno$AdA=vqX(H
zG{mNET#kZj&UT*^ndVmfxyy+p`=ma4-?MFOiX`)Q{8>)+dCWW&n-Xn50E@=h!dl$!
zlM?yHz?u>ld9@9(se@SwYMYHsk!1Sg&tS5pPbnL*slyVsjZKkcj>Vso$QIqI&Bmrg
z+a>SgztgN
zjZKkh4#A&^#Y7OBnvjUt*c6%O3jDdAA~Z1cgNsc)2yk(l5XPn?-*F2WW*)HHGx9bzCHF3t0DIBPYm0KRsSlCIp`F&*JQ02`)Bu0KkJB
z!D22pbpq1Qc9^v9uxeavYAzVJq*$uP$EF?w__8NRY$_QId~E7tFn;nZDPrOyX)S)A
zRNcd{*2fWa8F6ANHq`@!o{pscbFnEZ&kY53h{Lr-1odoVQ^GtAtP84T+Sn9r&D{dl
zgJk*vp~yZdVZH^HdQ?_Y{ZMgHg^f)KVKoU?C-voGQ?+nux&aO?JJ*z{*pwLD1$a--
zVNxnKC7iv1ADrSCA?muy#->gLVWua^x~ecXH5Y{WX;QM9^0BGEf$>iqEm%^1(V&7B
zgE?zZK`YvAt}4ge+!%)l@rwo&0wD<~=+JLBS8WH{04KvQVMY?TkboAKtOIC^T(9S^
zJur-A4J6Qvf7;?f>>)?svSiUU_~swP9$jT@SOO1X^U;wixoq?gVlP0xkK)L^iW)Sl
zSdB_>4`Tlf;Brq`-V22G%+EcD%_mg82VOeCDVcaJVCC2cvB_xyyshV)M~>8>dl0)P
zu>KyG=Uyaq5x=@V%OLKqf2QuiE4d29g*e3B$Kyl84vY|;g#(t|WxAe^wCRQ~m%^=c
z{+XfB-KMLS^yl6vZu3g~8F)Xcl#dsyJ@rq}Jl=zbZ(SB|`7A`4s^F`Y%v(3&51(_6
zu9X~^S02@{J`SPj8d{5L9}e#ftTzq>xjILkVYuq!C$lHZfqL&8vDEm`C1R~1tOp-&
zP3??aehTRwTK$vXq)EBR<>^SDjwAOiD^ejFxx5m|^BiP;B96J-Z;s3Hkt6ds2rr~b
zqlIK6m+v^t#$fXMAfY)K61n{3NEb*%uZOD;lDxKI#1_&^Lj+OSCspDL~3
zxH$vhEKj(W1T0rUct{D?1Do&hc}WI~6n_fX-#kuv6Oa}w=~EDX@FaPMfRK_gumYuQ
zh(n5?ty7wWdZ;dBrB9XKXIc;a80BvbZi(30Jtr={ojLD;)M3=JfOaarwc?Kwp9pL+
z@u!H(g;QzQoPC7?0TtO!MVMf&$Ddm=B9EBXZ1*{3+uvpr(yL&;NwyeJB?j7GWy^hm
z^dB5%NY`1abc$w|t2zepFB~Eq5~f>1XMo$L3HwME&*wIwix5heuMe44e4&c9Z>dTz
zrNu`>`go_oI^bc`o^R2y?AMenq-(&uk!*37mUda7?J;0adu@up70AB_?Bk65@<84k
ziyy(l5mwiSfqXMyZHNc?uTWgP-5c0WUS7-osAVod_MQ5iY=D89&@oRMp#a$@Hd8LXXRV&}aX
ztfOM$z*jQ)*@&1lrOz{R-2%Dt$?5WKrI^UICMM<63Tee3&P1!)9Lc?a?TkbF%Uh@i
z+oC(<>^l#Ls$9Q7ZZcA*rsb40Gay|F0^hNr%H?evK@QuMbRC9qT7z+=?*(#ygACv1
zQCzNPN!Ja|gq$pQOS{yR!jN8ZJSHg|Dn@rojq50&>^=#5YcL0<*)pCeagT&J8l(xH
z7;w&2A2a1F;1_z%`*fpDAxGB`^KJxom&XGg(-f!q&jDYa;;8wu%vP%|QZ_yLJ(#sl
zKw;UhrAJ5=>&&g}zb3ldfVnN%98<+11-cg`y7vNeTy?sKvF()JqGiYXZ@@dtX|{v$
z?H0Te>9;vdUwgBHuF*05F3WlXj2Asie5V8#F#HhU7oHGkc*JTbI}r;K99lYRFv3z(
zpK_*d3Q7-8`#iDaY0KCJ;P4bd^=MT-udIn6oRubV9u96Nl)kLYIbhvcgqd6bm%eFp
zej2nl3aQpp?_1Wtz*y~AI>BqFdwV@;Wna^dx+kIS;YgfeyYHu}g{uM61B9L=1+&8E
zinA%2p}>YaC070`#ibh`2W*O$m*9Nqw}Jenz^?T2ivJME-v{hrFW*?2RIie5GtNTZ
zTBM(qO_KR1{_u@BQY1S*^)BglUc%04s8e2>v;Gt;bZ~@avo9PGZC!zFMLbyGln3&A
z0^27eUrTX$0{3WO$9r6D@0_zQ6Cj`ksH-AOFgM`OtzJZN``eO&F9!C!$F=pB=zwV6
zNBX~rN!Mi++o5HN4pF(2u?Y@`;;bEuzpi+5U|mwU5t3SQw^}KcJ_xL#DW)yTqXFqC
z5Ki(W%30C}nw^yA5)iKOBpJXoyLSRj4}$QVCrPss!?gHcs5r=tkWM8P{RXFi*-zwm#4G`
zp&LnJQ&75(l=Q%KG}K)|*w62(?bDPSb29wE&@Onk1SehLSIBl&dux
zsOoK;%SHINHxfotWH8_BM+>8Um|of@S0Ud@mLLh=o9ne1C-n2dmr(kioeEwgGc39b{T_p`RzH
zt>i$JV8Zt}exXzenx7RIU>dUzDAztdM^39VaE}8=$Q@`JGt8#kLsc(1yW<#|;qGoa
z@=7JobQKt{0=1C$=}4ST0da%EM=MPJH8^f{u;Clwt%?&96;A*4e7mRVz^itN+G(heM%xOEOvN-Tm(=lg~oBEJqwxe*S5Lx0?qZ;ELF^Y?bymjULFFkw4A&iSO#Y2Q%vq%Wuawe~XArjiKTek(5;;ivAYS8_52B
zns6K^pu_MdbBky-z!K^ZlSBW=Xp
zB03P*VIHT1#qDc!F9dci4!N(wg5X1!h#%Cl4hrzm
zch9gd^u&A7**{Hv!gw$G^Tlvpt-8FS_7=1$MK?`CfGGo_xt-
zQhMHF8hkcd$`zj?10(jidrTie`ZLkM4yBO2$7CQHDQr8*6xm{E!{n&R$+I1
zU!NgvIML`HNboOUI0gc;JDxPnnO;b5a=$$!$wYh=QuO5=iHyGRqm0_+1su)zi7#L{
z{d{|erBTJOT8E!wM+dxsf$#9sp`v0x`I46|ffq0kNo{hkM8f(wavQSTn^LviN-e%Ku(K4bGdZbE
z?zce8oz%2tlD%$ne+sEf9b$G!VBO^YA)qfjJRpH}lY0sBtc64Lnq3oEH@Pkz;N@W~Q*6{%HI~fUY2XFkxw9
z+~h8Of$1t>=RhVrh2uFdATxpAo7}ep
zHrV5oD7MM{ATW;bEb*f(vN#$fJvq-&a%&_-oX1X_<>s62jpapPZXUY`ii*!;w*yJd
zV{akhGv-^5S6KXH$no=-=#|O9{k}&n9P~kflWU!OBeVGM{E-#(A023(_*Dd6|ug$nSw^K2yBRmKm9gyv$H16AI4q
zg2y^R`vae&abLL8Ltc88laBTjWT6+l*$GC2j~+WA>U5j&LQi=ig>F)aZdjg3O&STQ
zj}oaL6Dfh-Pox@LnD)p^KC4bd0*^fB?HlN2WG3yjD9LGz7gFeleYzW
zDG@!#iQ2wwT>*%E)}6#Y0!_{+JS>6!l2JH1fo{(z
zJTrlw$tXNMfj-PAJUM}W$tb)sff`?$F7o9G)QwP33=4{R~6I$RDxGsW=#+Ef1Kc*h$lT?8^Q+(z8i6RCA9zD
z1V6Hvep4ddl8ts&G5u>2`T524f1lt>i|OAm(Z8yg{)P!&b$Jo{*H7?H#AOx;>bF~h
z??yc9pUw$>WHJ366MR-N{g0RW0qqv2-}d)M6rwSUov4LgOQhb*NG(mIe#%IFlt?wa
z!j{DO^XnjMUeO)S(%v@-knp=}s!_7waj`eC9b(&2{jYi3dlWHcsT9
zaPoNkicsT3^c^Q^i_s~O`rb=vL*6uzsy91b!aj-A=7fTAaJximU`A?4A~hx>wOb-}
zYDVhdL~5>+3Nsv)h%R!X)-MMiJ~HZbLL&dql)Ne#ETm%-CFOH$SqobBd5Na>BxPIn
z*@=>YDJ9m|*Cz7gipgJ<$e&$I{@z6X=3?@9CGyV}lYdrm&aeM;^47G)2^3wKuIsmx
zTsI^X)b*Q5hTSt#Untb(-w1+aq*f--_>7cUPx=6*&dNxwNu;jLNUg6@H0Le#+*h*}vK2JpFIMEONd4hrE1n#T6+|JKys10p1{y|IW$V
ztm`JCb+1X6wQVBRkx)>LEfcB!UaGY7F7YQl@q3~;S8m7ikhrs)hsJ~CJUkvP=L6zX
zUBjYC9Q_skFTRD%4_p|2{dG4}x+z!j9tt0$1_+iQs*G9T6
z-u*D;`><^Vj@;wC`7ngM_z4L+nKekxgD;Q<#1ywbOxXljTZfw^l%IwJ3iO95Uqni8
z;Dgc}xtF7l!r)$xJ_^GpoSIYAw5*e_I28gL@LS8e`9`l%Z-UJUvA+{*CUQ+4uJ`~@
z9e!!@XnX!@xqg1Ega4i8CXaXE>zXwEi4G#aHFZkse5JsCW0?r3i$h`pj$?9JDoTyfkD_HIZ06Queths@Q~
ze;YE>`ylnF2y!=4A90B8MU!4z|5Sm^tH9pz_(F;+ewyO{2KKYZA4$}oRf7en3qzXY
zkc{y%eYi8~g7ggu*4JlgxUp+naLkjGR^&R7CbBmX$+y19Twf_0!G`jSJl*VOAoby{f{#$#Gy>Sd6GZnjPy*$nO+B7zNly^^r%7tS!D`!ZV267A
zJz7yEI_z&I=1vAU!xN-%iI>Kbst-v<`IBIf1*Q^LD<)m
z?t&?nw2f}Z71AUSPVuA{Nm92AQ8T5@L_U^ubV_L&*RM%MW#-)vh!VHau*4a$iB$*TN=hO_leoA*2Ws_v);m_@!
zt$BA>yfL?kECKc+aVd)8Jr$>~%nD%tcDU}zQBuD^N#!l*1UNz^g90TTfooNun1FKUr6-U)p2C#1+GWe9r)B7DZ^hil}iT0=+kba1Tj|UL}nVG`$4E--~G)
zrzG+G*C70o)+8gcG?6^r)r@s#n%q?}00zql(ImaRAXU>BcHmkdk+*FWzdk+&vf4)R
z>*LZjEQT5JY>#0^JN*ov3BnYZTZSWJ)|7=4T~L6O4*^p
z)kzB?8zMzF2W#1qcMYTjCl?4FK*7wG-#|rXFKSBJodwFSp)y%01uEpb3fk9Cz8(rD
zOs!CPZr5KQopOh}2zp$q+vJdt$C2BI4wIFVyFO}y6Wd@oL4tjq+b*a&iI(D&Hyr81Zp7%@N8
z?*{;Wa3sveZ-Nxe#ze=m0XLM_aX2Do;z9WChY};NFOorps|ZgLf=s0Tk1y3FhBcr*kaz3`KKPMD>ef<9RarIg!3K8$rLF>$KIlP|3bb(Y
zu3jsP%jNxnYLms~GV4(qj8v$uKe-~Ay&zbTh)*&rlJlYEVjQ`j*qPERl3S2|ufq&K
zB`XqfvQCF~MMB)XgFhcqq{a?V=T{`R!;JKbgd|gOH);n*$i|8!&}~;FB$=)8r1Yl=4JX}oJ6^SUh8ieZ|Nte=f?21H`JPPbthlfh+
zibO~sg75`N^n&51WJU5Grcdh%yCRW%8^S})aftCMq9w2^64ARY2s@FK=v9(kk%*>|
zAdD}j$*xGm^Jju^L0XgVKvABV*@lK?#Y5ovu~GWCVl`)#RMff0PI)yi*GmcBSzHf^
zqK(_x{RhKunLp7`xF({E%dlq0l8TXDX=i<6gM_`;MQNeFmKZh9gs2t(<8L~!WJ`&)
z&n=#Wk(@6QknXgKy`mY7G#m7<*!*65?Y+Su8F$!FKX-P~Y2JrM>P!AeuahfwE5+fb
zB{T_{i$D1wgOaSAe8$WvkS0c4i9^y?b4!TA_$WmDcz+-$%VkKba<%5c4;Bq2g2hd(F=y3k}f?Q
z(^R@kOTM3i^bJL5yo#i{wCJr3H#Wu*=uLHL(X<5!+mn>lWV^I@ejgAHN^6paB~2vH
z%#tpBK6t)M%aoOLgasZ$NAS-}G-Bl^q&Gtn->9X%1^fRkspim<3cfT-`bo_LlYU%<
z#PvoD7!ak0gXnsQg1(^%UUU_1Z8HRFDmwf-M(?*V2-k-d#~-FpX`
zp}7pqFbsnXAaTHfA!nE&$bbq%P*72VfPjLms9?l^Ie`&%%&TI~IiYLL>ng@obPa1<
zWlgKD{@?eUs_weiargIq&+q&9^W5sHbKZ06RMn}_)!|Bx?HUqAPda6KiQ)dplGT(r
zpy6MI+R83VD*H2MZH!io-*P1n`jg(9Q=pcC?rYm7;0FH?;NpSB+&InU*KU*A%7#C}
z>0%Y(gHer51Z1dr+bs~;2d>19w^PKsa3%?4B$wXa;duey0`L_%;Fr1V6NuG!
z=N0(kw}bG0n|ujWgWu@87T|3;;Dy{#7k$>F=yW|d+k*bbm1B-aQEa&rV?ykYBY8cY
zbnWh{q+ilYZ*xj=yjl7h`+S~TdtJTNn>sL2?p-K}MJ5F}q&Lu|?dAD=vF{g$K|4KtLg-&gb7g+M}F5o{60za
z15U?(ye`wM?I=$%^Vt8nYf9G5o`@@}5;~+U8mp{klac{)p35v}fXo{g?ZkXXBG&Lf
z5fd#|*7h3ave}pQFzsyh%Lw$itpiEW%j3xJj!RMpcEaZ!gr3kLb-;vqW3BTk3*q``
zCkGLi9ePY2gcma_97Kk)UylVud)?XsnspY~5}}VJ>zN$PT@J%CB#WnM?ZlR
zgU3U$sph}ws&m+GN9U+`!seIbQ;AgWMZfvYRLd`Q)Ix_ya6{Pqkss>y>y9^v7di+x
zmd!i)5bjBz=pb@Wpo}+j#oA_FlGWxz&f5QhcfFB_{rEo-Q_u0+qT)%f<0R`1Tey9s
znHHRf@&hO3=hR?ie$etOWYqa6zk_gd+sK_Q&FNXua-PeHtuCs>I}#u8mR>6Hl#`$j
zh=jOY;t|PO(hZPo%5R+=bcsoHIB8&dLQb)6!tQk0Q?^*V;ceuux8JP1?=r$cm@rRW
z?%FID6#m+x20jbKUr&^{@oc(M#?5_s;Ybv@}C%zw@(
zPDm!1m9h$XZ<7iB=^%W($;dNK;%k{R^id7kUHmlco_Q1a46NO!B>Vxn{C2F&uDEC^
z#r*2m6CWho2UxLRz7YN0txjKyj%Dga$nO$hB(XDAa1!a#-A4E{mMLOso`>=`}uPCpy|5Xm#)-ET%c%-)Er3Dcqds=>Cia{?BztQ)Taxd?rI&N;nq9
zHGKF=f*hxM4%Foimq2_q8yuStdl^3HB|(mwy+OUh;Sz|i=5@#BgJp&fl}V7JrU#x!
z`^n)Fh_9yOv$jyOc;N$VMxJ8xd-uJdj&-;MB5jlzk+{nOU`*Hhp@M;Rr!fit*j#=q
zw()=qx|{8S;1b{=p|kN9pWCh=MPte^Kt~o-mr~QbFA9B;rpiq1AzctW3hkMWPc`oY
z-^z4+z4@~5dH!4T6Xg6s^9DJ8*!%%Gf86|SIsd)+_c+g3xb%>qJLHQkcp~DB&
zB?vN|e`
zIhl7M{vm#;kMIm+(2cm_8Or*R7CdiR=IeyNyYkDy>*n}+^A}k{eoVQnp?gbWj(~|X
zJ0aMO0^dWIVNBn&F0L)-6PQM&Ys$s7RC=CB??dU65u6iCGiIg7mh&-IqXLVQ?Ct~P
z849pyhB5OAt}Lz8DE*$GmUy+6=yPCxjwQrqis_5o#p?tldfK2G+v6uC(N4}GDhMA$
zooTxc91{Hj2u%M$FmQPL8{mK%AK}Hvv|Ea%R(eetG1BDnP`0Wm>tA@~i)cukzv!js
zo9wwGN=$kU&i&2?QTuY){9@+G0rDXjU`kLqx>hP%C|&3cQj<|$oTqGG>A-Y6O)tw!
zFV9P_%uBC|(~?Ko@Ii;btgsTcD`CW-%VDC%M-Dm;OpT8kv^A#J4BCuYP3g6Rome)ytJJyF7)$FO>?%$-|LdRKJ(tpSE4hrb_guD5m$P!r7N~n0ztnSB
zqS|{d-R;A5+d%)f;~Cjn5TRBb)BRt;OlEH#3{W_crrS$!68uuHQ=OtarTagXpob`$
zATtBO?lD?=Z7ciu-#d^utH3*yd@)Y>V^yBMV9o~b636#%fJ{`7D7goKhaAY>MVaC$
zc^$mJIlixChJvJA{{|pLT}rtOW43S=>7l%6wpB69%eNY!5fq{EDxxLW)60BU0Ok?I
z`tm_@JxzxJaC~E$_VF}b3cz)ZX|n$Y#^y7R0q~3iX&0kYi06!_KZLB;(GqI~_u1|h
z&wXTlk>@^bUPfobFSU2=Z``LJ=p!A^$WBu1KF?nf*O_%6BF#bs%P6vp>SFhKBtcvE
zA;_GCU}KEVai5itH@AUz5BXwTj{CfiN-!^j_gBaFTi&{lDES_Me>+gF`-qaZf5D9$
z{3H`!iFF?-*GK>+62x*D#uE48PDrl%NWKREbQncwyo%(wk7Rxh0GAS!=v9z)AJKF#
z0FO1M$-0kddIx|{8q;Lmhs|fwaEE62Y4eEJ&?!9kp{~w!A2V=av;@%pObpythIEZD
z^M?BUJo^60urF^A#cFQ;zf~h|UdL*_`@dCl&^8posu>cEdes$bc>A&7XrV@U@!y%t
zxI2=lS?8&lfjV?*lKAhak)b}e=2=h8d7hdi{yS>U1URv#^%iHr@b+JLg-YVTqvj(P
zYB+wfsM`9PTRGW9)j;SSj$i5oto(BqRZ~IU!?DbUgl`vB2Y`2&hTwV%+z4HUv3OA>7uIf3CAUmfS{GIKQ2HGNpTyFP#fvJwmXounlI&WdtR3-_
zq8Y~i+oGx#m}#+uD4|%+qDu5E19c^VEQzhP^HV?u<_wT8z)$XZa34UkXN_3kdIdfK
z&=w!qh4Q4@KUQap=pIt;zpDo!ok1N8YpP#g*R|CSlkD27PS1PW^je(zy$oW`nu~j%
z{UK@Iq+xQ|WY=7~kjfnk-I~`m*8l#R>rR*zUW~k2vDjrJ25p5!8m}3&4cTkFcF+%q
z+rqBSej5v{seKe0WNpP-)*+6i@+QY&Z+VlWv_RhE*#8YY1dd(f#CsO481dX-T(gbZMM}o}F2=0v0s?Dygp5Rj8MetrF
zUyM_}U0bou%|F2V(eeFx%}$P@q~uMQji0Z?uB}ALK=8&mzOTeij#94O0a!>7%Vii#
zCP(iH6}z^Qd`|=De2UO`710vdwUuOkD*z7=l;~BEog78e769IBOp~1)Mbl3JG(l_s
zMw6W!<>81<0CaaCbr?E@OpZ;apim)oC2OlSfA!o)-uTONpFcp^YAWnh`y2N;9rTTk
zhp(~v?lb+$eD@*JY)0?|MfxRZxX+FW+PV)x=1TpmkPZ?bRW`(OB}amu&u
zGn(>!z#HcHe#=|;5hXJK*xiA0*H)rr6?jKEzOTf(kCba809O*kav8=F_ZglP&bp7}
z`z%0PD8iam5iNmrAIbbH0DdAU(W@ZqKBB1&8nF|8ztLpfM>GuwU;;t;nymY<`OI7Z
z7CDf54V}VsAL<&8(#ceN(z|ZJw^Qwl6p(8F@=?r|nv~~cv~BD>y#lbKej`k({g25+Sl(2TDT&+pL3kvZqBFBH
zn5VDVs`K)hd+NE~o*%L2_i^qw2tm*uzrgN|@c!1D$jiLJ;*Sx|LYW%BC6)IH^ls|^
zt9iO?4hk}1tDBog3>pU$-8}s@vUl_J_lVoVuFhT@3#_T_1`SE2NOxhWyn*(;_q~Bu
znlEpleG}@o;+N{giFG1`gH~=2^x1RsYKA1BK;CH
z2HGzYv>j*(GP4lu6{A&~8)!MXtp@K%^2Ipi+ky5P+IBv8S2(^uM!JEPN*(~fS@$8*EJ3gWztk>N
zr_KiVIp)e3ZQX|;a~^_*7@Zbv)_rC}-rNP=1LTWw%D3+G5h}rK0q;G>_gmh&k0|*G
z0P{hv66-#qq&;}u9p6`C-ABq*1HeuMv0R3+#C;CF5*eh$c=R$iv+@2e7?)Q%a
zfc7Ur-u-+Ry7g~!{YmggQd77yErGou@V|GlYVBT~T@Jf-qFYnTzonJ=jQ_r>qY@2F
zJnAo>IJdDLbpfO=#V=LDd+6POjXmlPkRNs|(=p*&k9q~XcO5_1qxb;5ZDQSIAGdT_W6x4
zsrj$EYN13;-m9)T3fDvQvfn5q)&BKLVvW4+s={`^=pn$K_Jxy7JueH{apGRYe+A&}
zw52!dxtBd(WY2uDxF27X&gn&bceWcO_0Nv|UQ|P>{Npi$|Mgx}07C-r&0P$-OFnlk
zYP-k-FyT@BQZH4mpAB
z^F}NoN+_1oMMTdwP=6qhC9z$^`c)}vxHEq7v)7tEYb3WXO#x_cAJ~NjAXOg)PvrFf
z3S{UTPfSQZ?93R4_7lHQXT0$gJ+H9mckMYi6;3$=i5#cofC#(6b{*bF44MxUHC{8QCB9g$@!COc5VwV0ojo!ZSW`O=8j?y8XJ@Ir
z1?nUJ@D`}j0(lG6`=D+!eyNkN{>@vUZUOy0$1`UW5MSR6xB+#fYbm=xCDJte694&u
zU+RJcjRk6t1Z@|n1eqZSM#X5=W*4Y`pcKICy3=Tj3ofhzfypz1r~C&sIYmcTAh
zCG%kbj3+43t022T6-|2su(UBvc7ZCIjsxI~#x&UlDx1%20^lYG(gg&aLOkcN5hzqh
zU6T>9|0UluY}+@w>Z>65BN`w5a_HbgYE2O82M*c}Z%U&11sXHJq)q@&KQh&Jl(5P`
z?czA*?CpV;{@b=j*!zEj+u&f=I*8?t7cQSe*&Up@6G9GNG(vvB#R
zJ?DaRQ7kL{MAwDS!rsneIc`LL4TRoc`#-!9DY|5>*nXo_AfF2<`P#0_cq>j`&(JZ)
zgA8#H-p=zL%xm@6w5Z`G_fm(+*(Ela{m_OC^f53eL3g~!N#wMrId%mk801Ru0{wX>
zk#mJ>K06W;46MYdY84CjtCQfBuGo6TJQQK?YazkFzV6uS$V5a?IeV4n!0P~KUBb&)H
zLZ_Mo7cCD4kCId-c+O-BmaaG`2+3?Ez|jSVBYtSn;BlgXH!fAf_^jN-v>GNzDuk(0
ztdKlauw%i4s$dsUz=zya!IWag1FK-Fq+$gsTVL=CWNT7V{A@_C2zlqc#x$XEAw8+a
zgc6^PxJV7@)@EgbQBwD|3A;x*Z{pUZ)KJD1({sDwalEpGH4t7C6MB`h!WFnfySQ{i
zs@k(rls>Ta!WciOcy$~fTzp&{A5wBr93NVo=pR;cPfQxQ;VEE-y#STVG{u
z>Fljw+(|60(b-P*9G1$m9-qrozgxQHHX#2_GPBojsjA3@X|Xf&9mup^G7OY=Rk|g!
z??#>k2_PHx2DL^XvzNGv;L{;AYIY+c%K{vON2gmHMkdRvg-c5KXO1Vq-~&=E&LD(}
zg431uxDmao<4M!vW&-Hxf!6lH(gx3vDn>Gf7G!NG;1;R)uW|sIgYxevr}Gqj?7J$3O-rOr*RDj8VRh`
zE4z}y2XuYcda9IEKCYV-)-TKR9j}8ae2lko{^40ZfWyao6TZ#xs1iO6)B1-TR%Td_
z=xb=q4C|dOf)izi^~tgkGs6Z%^u^4ufe{@nGi-2F)d6l%BtsUH6OrV3zC9mq&*$3n
z&G!5>&Zn9A3swb#>$I*m&<1e<${&hUX4sI3eJ?X?XvE%@88$3p|H=#-9-S
zUOZ#t>;|D1FVaD9L`hpp92$4?n8R_Xf?IhZO(wk{?@YBU?6=
zT5BVyl7fwp$f(wlZPKSACBy8fCT*xRe9sX^7qt5Y@y--`eN4ab_@Au8F#|k>V+J>)
zo9iFPjTs_|BFSpZP)U?&Vwfa4X=1n}dTL^XB&szrQW8ToF-j6Ony8UPohE7}QLl-y
zl9;WD@uds!)bBh^>{zk{i6xq-6RTHhVv-~d(!}KEGf{*!n%Jc^C)1-fF{LFZ?P)G(!}1)*wnXZVs0Tv
zhQ1FDSbvGab`T0JVQrx`GB6nV23TD4vrHlPEqtT46mE_9{_CvB^02!rqbd7kCRCU@tbfrRsRur(o7=FBnnvzu&ixr?@aP&^~-Oen$JF}
zYX|{S6S1jA6soER5><1EjLlV$s@hvst%(7if_oDM8*}+8Tcr(hFL^TIN=-{!$V6T{
zUtInb^2JPApp#qeGFe0XBUbCNjuTelufEAvYL+PMMpnMU`^61wa;4PHvAQr=9E&B@
zMH=eASzv;{n1hxFL&r9igp2@Vn|Y({*g{EUl+#=ip(Y|pM4D(Ji6Tv8B~hXYoeat}
zQ6!x0G|@^DoitGrab4I`6Kz`3r>lc-e;BHj`i>N|D=d~4wbVsYGvi5(Yev_PDz#iH
zb)l0|XJ9>8`8guLt`T{y!&%za*AXCXEitJ`+xggnn%Bc(;j=k;*-mz-k;UQ1F^@4c
z0BzQcjxw?$YG!Qtj389;8)9T7SxF&{+go2Q|r0=mZl>1-ZgC+*3j
z31Ieam|vIl;yn^xd)OY-UfzKxq7QW}87_5`rS{UcWV5O_=45NxkH^w?$I{eg*?)?q
zx5UyO`}$b=+gO@qveMVa(j|C>P21aJzZ6RkAe(x%J7~dPh^42;(q7*Gilq;UrIY$p
z72n4y_*PwFfOl0^d$f@?I^VWa6Fg_U*T|&-U%*RvzB6t%a&7QKBY;;-r=mfZnj%&|
z|3~5)bQ0Xnxy-cS)kf&jmz$QnL?|i>URA(#CQWrkTO^qcXLe%ex=6x(v0E6046B3^
zNmyf2R2_0ZDjQw}ZZ_=Lh2aGfcI?V)2-!=i(XH;9jF^=TCxI1(e?gcH7k9&h6zdUW
z!%Gparp|6do4)|94W`@hvT}B>DBK07DBJ^K)`m*Cpod)wk1I>|K*qI8_C3axCwm>^
z+9&%P<9nCAjT(_<^!OdxeG|v4+C^C7DZNj-u5r9yyT8Yn{^dbTA5dNv#|M^I$MNB%
zT!yNik;NRDH9pFVkM`md%i>L=@!o#R_{quM%lMtV_$*I$50Ad6&B)k>#iezKcV?Z=
zn=l}pjyDTsc9@`Rew)xWzfMULM$5unXQ2t>C7~0~gb9++xn{zSlF+$k!bC|_tLi#Q
z4AsOWNz`a!vLxy>v6Ji=)oWsBNleqk6iH0iM7<JvFhvB<5&hxg_?|8EV2|vNyAwuV~6LoRe&@NjlAh
zBTEkhJsU<%Oi;(EZatE+on?ZZ*#Uyu*+=77dzhO%%*}$~<}MVq
z)@dUvZ*YcuV>Al+vMlC9gprsW$qptcmFT6-a6uA~LU^BEO^U@ZsdsU#5V`?WBw(fhKBj@Ll|791!Fk9v+!Biu>zDnfPKm1@zEbSbrxs!fX_jwBW9
z>Ra>PD~G53U6xIoP&D|&jZ$f9&iyhj98C$fkX5u+Yo&qYq|L;ICs&Dt#`{P-3Sa2O
z{`r=Kd>1(i2O-Rc)1WbY4qB?D^GX-u?Ir1MEddx$04dqo$8}{f+
zo1c(S;|={-x{pE0N*MkKp~w>Wr#CA;Mvx6#^k>M=+(Z(tco0!pbnG&}dEpM&Dw4Ks
zn&G}&!JbWyY=Lj2pmK40l!1{jC1F~^jD!UeHj%Jtu8ze`uKf=>^og;s;FzK=*d%;I
zGA}qTlDwXS+-vxyXqQ$IS`20#j|RmW9F1bW0{=T=+5n>uhZLOHGG@1g(l+=hTgLf<
zQ{>7J^-8;j6IxbqbJ61+ZK9~){bu}{-kW|!d{AhXLXDI!rzUhF$rSu6x&Zv^)czlf
zSbLdNg(Li=gbL(!M5f@^<_`ippE(xN|J@>l#)omdM5
zTmGlY-v(aOmX0r#!raZ+MAK)A+zzN7F_PaawVFOx{z&j9I=((cr1kxURH%IUWghtZ
zIgH_#R&1qzS;+EmF>Ka>eVq^nNtP_re|r>J)OM!dYrv6BPW?N;>cP
zhD{v?Axn=nJOm%y?isj`!8HKfs$fj2a2w?1N~yr!`P>M?B~&_=`jl0xH$`s;`60*B
zYFGZal-TnZ@c!obI;_hmTrXKqNHv!MHwX^~<}E0v3DZ)|c5UU{YI>?DNz6#K+BfFR
zOhvrwH(xaEnkr=TX<|23tBF~u;$3LA7WV$_wy>}vbt>h74qpm|ipxb;Q`7DF{&2!Q
zCG~LI8T15AJX*@GW)qLMUjP}Kc+yWiz1>0Nylp1o4tc>{ZJKmKDtrnwRr6fQmPGOe
zO{g_@mKF>4+Zg*&n^bE^EBoHI?~Ab|AgQWXN;{LSi7lE?>^)^a3brQ3zTS2hV#P@d
zI_Psp=3tPH#xJ!yi#ZI#ivGV-L4^gJ2j=B5fQ7Jtjuvn?n2*K)T5bWIE#P%9{}uyi
zy9I1-0sjIiQ|xS@!4}Zf0?NVc76at1b1g+T3m5_Bjxj)7T>;%KU=Eo3=Kyq2R@7jN
zIu?l2W7I!26AXcJV+z1JJaM&B@m^#RGK)V28#)
zQ$5g*08DEPRPTZI1K^OxK=z;PWWl!{fQuRf%`nLg81N?K@#pEo6YO(lE_jRb
z`194L*yYSx@Q%;p?_*?A;&5p$1@Edn{z5G&2T$`bc#r4t7is>y+il(j@54O)V$GjD
z+WZP$LEBts+t;h9j^K66<1h92W5An`$6x00=YqE=kH4SCUkl#xdHnr7{-xkumB(N1
z@gD~7@jU(tkN+-sALj87@c6%iS5TH){*@lTBY55N_i8v^{L%47
zuWH5sH8}@q>-SdA`h@@-K#)xLGI6N&cX^-_
zzXWMp_6H9%8h}YL$g9PlJRjKyfK@R_@|4b^jgm^q1ClbepAOW;F;YtGAu}HGZlIov
zk#RYU2XF4dKLYf-7%qc?hivH~i#p&V`S|_D!&-ZwK>*amAg|aZ9%v5$mc^jhM0*Kv
zTUS1{t;?^1j;ZEc{t#_8AUNNN*#V`esx>!){vdfYUaxGp-(XR_Eb1>n{5==N>mTDm
zcd*c30LxZ5g;L>y(x$2MO4Adl0Yr+!d7!>2S(nJVV;2BsHwNnGfer*+D`^w}O#+;mH+mJwSWLK(>0Im{AGlAn@1a
zVD!46UX;yF74TE2!S(n-_wK0{Toz}-vd~iYNa^l~X&b7UiN;L@*Dn}lw1Xz3%=P1
z_?5B9MHEr*_)b+)op}(!Q!&V!7Jv3Y?*s5fW1v(z$*w6%)dD{?UUR}GG7BN*^Z>6a
z=Bx3aq{?L8Rdl3ig3PW6_9Xi9q^O^!%B1VufRdnDvuWw_M46*wXb`d=*vc+W7metW
zSJ@S5t?auY@*u^oVGg<^>1cU>0sS4vGq)vxP8RSDn7_t=dkE0x>Xw#`#FFhz&=EgT
z?l;$VY3*7exmxTVTI`3Q#Ow^}tXS?b>Qzvs>ZO$V1A-%Bkk@8?J}UPEvt5oQ8YoO8LGM^eyL|@x1!spTgymm+pJdGj3_fO
zh6W*r8)>ti1q)I|{14i9pdtwDrtto$@L-@Z+~bhY?h4y>TWmYfsQ_)DTKSrVw&}i>
zcMa&bIiBI>nH64Q0Z)PXmlz=9j%rwH0iS^RO$?AZOGl4Cq*`+D4m5RODogF1G_@)f
zPJv9iOPum-B7-pUG&Nfo_?
zF-1*2&YIi+fz1@Ust;;hW+&=2jRdy&PtgYlq+7lT$qy-g3#GkP=cy@qYE4$UzXH$_
z87Ckgc}6m3n@XSt#z@)R&>7+!ogpTHw>$ZXvG*fmeJ`P4Luv>1EjlzPxXo*rjR0KYKsMhyHDB4Sya&98^7!|8tBlvddnb>-S^2UQ`vJUP^7xN=
z{IVYSQ!MslZRo-%39U3f|Uf)%0@=ogDD*#qf|D1=F;9k4MJfp9F|+?AWNN9;IYH3#1hr
z*yaFui(Co>!B^wX5LnNGK}Gz}ym6JNXGQ{(3^w<{h{tJ2%{UZqCj@$Trs*XjYu*I!
z!PngY#aU8CDFIgjIDp`3%%|
z5EA1IpDKpG1@JhMeZyCQcoenFq2c>dRZ^<;U|bY4my_8I}n2TDSoL{wCku`yLy5#AZD&h?7BvBH+A66i23<;
zZKYlNI<~Wm)B~h&BTG04T@65!nev!;lU)O@M~!UK$vDDf4*C^Eb2$q%Pl}cpgB*0K
zx361ncqO`-%t2S@pe6qVEd%b=QtZ8e`#@q%o{{yOp`@9HAhq;g2m~8^D3GStXIikB
z2NObd!BO}HO>dRQ|4t=U>P@LP3ia}sdb8>{t>g}px_3bJ=rORD1-0kLl-mnl?6xonBnM2+x&dS}pkhl1vkhgpBr~!Cc
ziHE##nUx!AA+JQT;i1@^jY8hI%F0Da$aPdC>LMXzg&A^5oRx(@$W>2PK2sXT$j^F)FACv#L?aJ$4M;XL
zoaiSBy8F(=kq1eTv!Sd477O$AsU&AG3P<6odk{!wBw$%Ev4s=9*AMZ&CH
zK=Nf0&RI@{WTHJ0W^q-DFD
zd`~kbE$%QmTX;NrnP6fPuKRP3$QMmjxhKy&!qYw{=f*FOgPG=R6P!;ZkcqCyq
zyod680+J1nJrmKzg1$!3Dscd42~xeS@>Sr-`$?r-`$?
zr-?J)(K-QO>pgU3bgrO#MMDMME1DIfM+o{Ihj!-livA=by`w`!
zq<6F)=SBM*uqv1~T0qf&#Q5IPcY@v_x=zqLM2{1_YUzq#T8*HGd*~gau1IC-tD>!f
zu8Mvl`k?thj}`P14_y^a7j&Pf^eh&&PgISw7ImVa&-2iIqN4@fH<~QyzR{u>JxS1y
zdFZ~;O@gkDjuv!vbWx1nNzmIobanK$p!-F43A$hO63&YjtyvjNn=9x}1Cu)G7ZoCv
zm5(oE>ib8ZicJ5g@N8%O0+HF>$(Wvqp@99P(THT~2SmL9<#}=}vPeWui$!F;M93dR
zWMH&RL@mpJfMEpm1okM$p5e(*!*%x;jQ*D(DA1G`NBu9&Hx%
z@aWALeTASu_0YqkR|GvG`bN+rqL$}6ORf@h+2EwzM?@*4GW8>)UO@3YIYw_1^iB>f
zDS=dr$e3uEh>VGjx97{`Toc`I&s*&IYdP0O(Rs|GHtJ!|W92+H+RL8T*z?(P9v9tY
z&rjR)2XY=C{c6wU=TqPKXpo#IMD_N((w^7LdB^A$dw$8DzmoIBsAwbQCq~uwTrcOk
zXr(=`x93~rJSlp~p1-o^q6;WLIjXkjdV5|e=PA*8d%hlLb%kA}5-%8%G{BVTIHWT5
zQ==yYJvDkSM$Z!TlOB3%bgQ82qn`y`AGN*E>E2z?-+Ji!=v_fii~0kVsh<|@5~DW?
zy35eSl4(&3q%!r>qa}i#9-S1U9~1O$4lOBxju4R<(Iyd@5&a40MT-tx98CK_Kv^o*c)izW+t
zw`fs}UM=YCu%xKFML!67R&=zWXGNFc+=(;kv>lDW$2z#AkpHZxJ4l)O+0kZ^nH_zI
z^J!-B^7+BEsVa0tj*yd_9ql2KyGMl$EXnRsFPt^ENh)|tj-X)95t%)r$s)5yv@Dj{
zS!F)Rm)RqFN@VtoP7#?sqw8?i8arEzX*=B3firE-=w}g`6Fnm$bD|I9Y|4y0rM{z+
zfmL&&zDQ;2_lkmxS(3e?_Bd+}ABoO`JoH}C-h$pc8Z79&qiHy6xknoLCdQQ>eDCNq
zfzOTh7x>)h#27wS;V*mexzYUspBG&r@OjaLIIAs(Y57JZEj};$RM7LI*9AR4`e%$j
zUeJ9!^!%s{sZ9NXD0>OZxge^}dY@=6&RWjlMqZ9M)r0R7
z9VGCD(P08#7@Zr#YZQK;2VWRnDey(nEdpN@JsZQjt0#Qo!52j@3w&|(k-!&6O)hoD
zq!r#_WS$o+jtoed`hBDB!1BCfEK{H|(_$Ix)t>C>lS+8vSBF}RMlt2{L$pC(IaSQWEHQiss2?%%GEjmMqo%Ky*E@D5
zU$&MQs0GtcH}aCoKIBR9I#J#9dL^$VncGq#r$wB8w!C_DX%5S`=q0h5c{~*7D5}-q
z7sOyH{cEg3*v%y84ki}=cPuUjE5E%yGDi6h*qHXLQ}v(4;v>nH@_M;{66d~WEbZk!
zG|Bz&Slr8faFY8)vApo-oYM-=sdj0>LNt^60F2emMKy4%UEb+w8-%wazG5scuA`8w
zkIfRq6a1VLsimhF=~3SzwO8|8-E;mr;0mV;a8DZh!-A^Ft%NgZ08i_M0c;r%H56$~~0BKFR!hdbk0;?oT&-ur!*Su74M)EPCjVL_3LldlM*h`H
z$UpyxgqIEZiSTeN2-%RImk;^r@<^!Jkbj{Tg%i;**^vLg7YU_~ukiBQi_(Zaz~dJV
zLsIaH^jC=T>xofVw}Nt0t^(l-;jLlxM&Yf#nq?#b`vnpn0SY$!uAvO$;T8a^B$^H1
z208p#B>%FBk|abDW<&lpbeI{-+?(BiXiG$~!wD+h{@MxxzxW@8$4L444-6r{?jH#c
zn;17z(=3G9aKJHOP7zI8Zz6f^%?veuCmNwDJR3VhSqa0{qD2Y(j%CQthDPB(o70j<
zSS9?*CU$(l%gR6Qg#3@7D7;uK;eR%T{68RUpuJ86|L+jnSm?>wkbjmL38hN*rK0e@
zh)BLRRwa9;*loNG3VwzHyxw*PqD^ssBN8g!e#OQZ_9i8xzITDy70hh7;vPi%3XasQ
z-2Dl8FDeRozbY$X$U8;Zkau80-tMWADEv(jya5vOZcA0jDE4k~Pvh@~e$CN#F(Y?x
zk3eGmx?r?a8e+kjf*bMzzGH-A%_ou^hvcun{<>CR)8S{`*9-juLZr(1H?&qWUDlzn2ZlsENm?
z_RM%+1~^Q^KS3=N`3*}FZ0Ur=tSW^9+Y!_lTg!WH1yhTvK}?N9AXzTR&6^TD7TYu9
zN!|y5S}5|&+hNc0uu0w*`Ph=B_fnG{``EK-2zIo83r*M5p?b9`oZhS@INOVjl(
zJ%o2sQXA@YM8!uXN-Ft@)+IsZYhEU$aVDdXNdZ%otKdIk0j$b;m_Dj(UQiO;XC-hN
zWTU3xP6*FpN^VUxnLBBcsA)2Hszy}L$)>I9u|}V4x@y`QeX^<6v^Dw+)0+P(oZ4_e
zP+9BcD@8(Prr}fHXvw7F2D6hvGG#d}b(iUu(^7Ytezv88k~h43y2tsfLq4%PNz1hQGSi#m
zr_}bpJ)xwwpN3FU+Z_6Wdq8R{FG^~4_bjOR#a4Ia_E+2Na7t?88%UrU7X)oCYyX&q
zmTbE*fsV3K)3Dp5{8s4!ina=}n;(?EZ?+q&T>{iSWt2|4d@Iw|RQ
ze`EPv4y{rdyz>b~Yl2pXW~!MxWRX5JXmwboQq%Q8$sV4P`q^l0
zXnva+us3KY8R;R~Gfr04?Ph=so^QZ`2eKS(PHZBr=MuxWZ-M3YWQ<3qp+ER#w1CGp
zduDtM101HI{Z7`1=NmENZ@+Iup%h`m?7~BUNo}YvJWkGah3n-U6rQVRG~!2CC{=Fo
z>OUE4c17;;foggq9PFSVJ9#Kg5{KU4`C{VG$AFFY#V|3&Z0ClFk~=*82WsI^x))V{
zzkv7Lkx~DE&#j5KG=IW$<0ycf#9NTA(e%8a__Aa0bqmP41I;UkY3RALtuL~@vF1J*
zYt&UT^HUwKKZw1uelNuPSdXrQFMs5jiL_O^21;RFzktv5iA(GWivClYj9#rLx1pQE
zv-fB{xpM^{9E5TVUfVEuoe!)#k}ms4P;&;aJ~g)o!Jj;AS1V*1UUJx!8|d0S;56C~
zn4^gPEO!#`ro+cNT+i^N5
zIn^t{zOm|Erq~j2?I0zH7ZL3m((SCY8rqPyqlAtc?JiC?x1&bIR!Cz$lHSnn(sZlP
zEhe7ya!vZmvB)(phbV7W=FQ9e7v0MNaYtEf?oFUJW$Jdx5c4wspw=Bp$9fYubOnsi
z|1#Y_x7bK7WlBEtOiIT3Zd0vE{1%4vDvrU_p(T-?R%4;l_sOHBcf->gJ;~INrd>R8Brr~L)|B77wg_1i4t$NT?8-l`J
zaZYcjZ&J8G2vdX7I^^{l6JH__d)~%;r@1dSo!>(uD5HKJt?HBdt`Q1z-yYOL(Se+{
zisJg95C4Ft*25?5GX+#>pTT`;)e>Csoc|myk4P_`i`Xfi*p6{FcY-SZzzgv>B8p~$
zg%;>RY`Rwm0x(?IWM56z1tlNfW0m0q-;={M{0L!LZ4#$`HZR>mh3w*WUb#J
z?4Vm8NDs;!l4_|#@)FEQkD}m}B@a5~_;_=y{$q&B=)}3e%}C5sW~6)WOk`ZSO~dr*
zwy?YqmX_dHCDq+-=k6q86>5{CHCdy{UCN2%LUb$@x0~vQ`JiNoXWk*Pd2hL_C>LiX
zk!0}PlsR&A!CiYpyH#T}slB1yLGA5mto46Fd~sB|1k=V==uLf(Kn8+dm>m1^x}{a;
zOqY|v4yu_kkMfyGQIjI{2DMOhY**A#1ofynaPcytthI
zyAF#hxV_DZw$G0{VV`{0q@;;Av;tLBOmz)av%4)CPD|rb?ggAQYV<{u%F6_+*QL?6
zCM~P6AVEH&HTuS-QDf~NN^~WQrW>J47ER;9l@Vb*DEbddZqdYf2`XjLR2nhPMbkVi
z=bi)B9m%5U4N#>VZnfU$CSZT?u&_}M(@?OR#TMF?eaRHh&K+XhWZ9ug)bj?^
zTChi=q(`izE2w$(jP0h?<@}#T*0a|4Y+O{rxpwwcNPmJF)35~8xSRb}*ZD2&{zx!y
zI%;<#&{BoG*EW)NY`37h7oWhmY0@2xd24~c#mAeMF`z!};WC69Rhpw37
z`CF6m{H;rly5G#-=iU|smqBmpZUoZPcySxg-*R5N29Z`w2C6%25ghR;AP6df2{
zu0?{QOG(eo!j@oP8#N6J=GgMm9%-F8k}S+Hf2+CbVC^t}YdV>~HEkDen7{QZw5gI>F%9!UjW3|349OYB>{XO!RATO1j
zv+$GgJ-HG+G(+WyfJGp$+2B{o0na3?UCJE#>ABYl~1BURD=Z$
z)`V|ndaJS6k+^0`V(efWH4O(sS}cejH5C^Cf{J$OzM58xz#pS&^^@pNrfiK_dXu&q4@&+jQr$MbIlw)9|K>ow-W=dc5=|fr$<&4#
zyN=|IoYIG@@h2%zoO(+0>lbj1hm89NUt!XdIUr~ubHJLQ`L3od*?oDZ0Ez7h3Cd_H
zkAK@Ujn;a-=$g4wY;y}yW+21w
z8m}Tp(Fh!-;Wo|RTaF(GiY`L)s*hI|e)ZXVD_n|l{U4O@AB^3Rj2~Y@pK8MRk=&)x
z@na4|IDSOo0W8;zjh3tDKDM{>Ef!ZUs+Dqe^m^SXHha@>0%XMTb5@7yiv98yef{zl
zef`qCbP76d2`h^;|Z&LaT$WxbLfH{lk>!DE)`&>ejb?h8`3I`$EJW
z$tZOYs4}2yVV4B+UV{H!3aZpavi?1#gBKsfcrcHDcKVQm^6TlcY;M1?Lf9ogK$AO?
zd21U4;%ja&KR0dbIZ($+$I1uhgrpx!lTuhgonx%G=HKa_J
zI!$B!wZJodkX2+F>i4y#=Pcag$zB`~>#g3pX1CiCSbu3cS$}CZvnzD9i}lwvUUtd)
z>kMQUE5~9c2&f2NrRy)NB`6s;-xU>C+p)3RAT1Vg{WS;>w24di)pWA{(sZ)^nkxgR
zxBjYkn={a#jGuj$xUPfo^Fv*)Xjj4d>sW~B_&IhP#?M#0GA0kYtcC_DBk%pfgXRa#
z-YKD4Sc~KWB)e)73%QYtu@C~!9Yf>7UJ0r+=s9*pUpxocM?Gw^kbChr*vz}wWm=l(
zO`4!DsM4R~Tb0D=txC^TZJRpxM~9+>WNq?auaT@>USc
zMJDcOZ6l^(e^8}j9~o;$k+$y1FJRm*t7&)&IQ8ZiO#7UxhZoEanpQia7tBaas~ypc
zrj1@*;3{+7E_n9UvtvkX2mgLq>=^HPbu`nIckSxDnhz3|@Nb^o!9_R^(=Z#-x%I}k
zwZ&fioAVedciS$l-boMDbUk*haZ_(KnC?g%ah4*RJgzO*IUpc
zeP!_Jp6hcf&s#fUc2dt<+)d~9>$L~U1YL=B9j|%C2tTVfG#;Bl^J%*Or
zKP5_%QDL_gwkX6&nc_%t1&2{V)g+^Wrjt=Y)5)lyoAfn7AO5fX!N|lN$*91;HkaOb
zsT~y}dC<3nf1vJ;#E-W8#!$X19rr#e^LwAB(fgK-34(9E{FC07I>6?CvQ!y*-%}|m2^u8T%Y4e|Z-*6zL_ig?H-xz_S)CmY=wm8G@eP>JWV@^D-wP(gV
zGr(aQ?gO<@bfEXGK|*?8=g-ltJ$zEe@|B*CNbe&~Z!k&S>()Zt`)sqyR96~NJ$hfs
z37+dD3#WC^EgsXzKEtXWy0H-Ncxp1<@wDzTmZfT!+_5Zqz{_c0GI3x}*X2a9-*ZxI
zOsZDvq}Z6Wr4c7-hZ~DFSC{VXoV56;&v5_q4@tu()AVRiy^4zOKwJX})O~zovC=%I
z)-vpCqo&~)i07?@p2%GZJrS>jN`g}p6&10H8=*pbHy&we){kw1_3$0Y|2c5n(Idux
z1!|tfSjDU^Pg#rAa(Mg5V}qdQfr$!?Q*xMw#h{9_ke$EBA-eSfM!S3Rs923YDyDbJ
z?s0d@ZgF?YHgSjJ(yM~tAgE29fFDnFlzxX@msYF59E1QvYQM%d
zTZWhp++V?DiOrTFrs`96*D@;SF&~odsId{#aG0;JP_lr{<;)6uEIs5rJ1FhiF9#{%OyQC%Zn;L0-XP#f6e7EV`1J!=hW{4BzO!2J=5;+;Opu
znuaq#ja?wU;Uq3Q_6suI!#;2K<z!FLh>;;1=HPB4_3E1P&la_ec
z>tgKLph{07+q=_hcRQLBnDig}sHJXjq4A3EMGfBODefIBei+oa8DvB_>G&Xc$HVRw
zW7CIN><=|8Nm~!6uvqQFfxz{Z7Iya-dTa5lBbi4w(20Bhp=u)C$+_
z#}DG#ha)l(lrc9RN7ysti6frdsNzD&6wR;$*ldPjaz@o=4-0}jJWY2~9S*$70jgI6
zb?`&%99`AaKDJteG`#MrrhU}wWWfway}D^@4l?3ox8Rs+2D!oxYnF-GVu7Fl?UoDPE<2IX=F4f&OotBX9rfFR}Aw59T_T`3M((&^<();ODMNu+y$e
zmIS58pay0Dl3Ip9{Dn@34vMzf-BexN|82OMG!5_HXyFIN+#
zM}mC@Y;E{K>FwCi>AePeYr%0xqIU|Y
zIeLrl!GoDMfegk*V!%6$Ts3NqCx|BVaS|
zlZHCr8$0&#bwt^AEq}2Si8elfaq~_$ykRa?QvO<0%E&FI3&t0|$hR7*+>!L9bW}5Y5?@rJ
zNV?lvW0M1P9|7w)mJH8HjHMo1Ho2hr@HtGZP@0;GK-}Z=rf`q15d_nj8;^N7?}y(|
zB8N^QwWR+XVM&l|bKL?S<{I6}MVsO&ZtSxsJCM4~zVX1+9CCq0de4V;c{dxFc!K8K6qF4iOi|;BxzXhw`_%ZU#==
z9oty#2La+PT#?>E)5$iMrjuV`1u2Znbj%}{qT&Gks
zCmyZWCN_5#3Rf3hKrIv<7{1=4E)Gex*i+ua!(%>>1KYWv#=a{nKH}QS7qF%5y2n$O
zyQi!#@)5+MVpEwP*5;=2c@R!rg+Q#AO=VG4#(a1@WzUSeQQtJY0cxSh!s<(rpw;-c
z-3{16D|nn(JrbWSKALvp7B1DpIC*=CYGh4$%l??~fN)2Tw8l)s7Eq;_WP4lZY+^no
zDgIJ)z1e;p+=5R_&P8I-fdI>!KfG|zC)SH@H*MK)@pM*nr)f#2XN`!RMRzG7W#2O?
zx?3gO-N2%I9KT-i_c{f*;4GQt4K>(^k;60$Jtn`ont`I_(2)l>@pDEVyy2%qg1rl^
zHv%y3MBxRupn7{YTD=EKKB!*aYH-!d%%yru_6UN@kZ{NMDQDlHV{P@4?QNEFqd2E}
z|31yD-ai9e!A;ZL>gD!tPW5u@Jg0hfFJ0GwtX|zP))gtM*Y3T?)vF3ny_M6T${j6j
z#5C*<^W(>S&N3%@pusVyc>Hwy;Wd!%sE=6}gDSnoZH$+E?U;F
z5(HZync9j##t-gt2i4TZBfT!E@}$WkPzyzjMLMg|B25KGio~Aailn{5u0z(^hXGNf
zM{uXm9Z8Wcf{M6EIUNi|8V3=-NP4poMLOlL*bs$e>UIQDBo3!RHMQ~BV$X~xMS2(1
zLJ>oeicgw|Mcna8(Z7j1+ZCXS^N{WBjdEW&r?bt$UUEE^jRv@ad!)IYjk~=$ovj5H
zi8-B(1b-~k{o$muDL)y@Q~^3$@jb}@5w8eIhj{_irYybN%Pu+iR3`OEI!yHmw!@4E
zN6KtK(K5#!Cg&CcI*eUf>cdMcG3I}cd$(VU4s)01DKb7lv1wQ)`C!~*KCZ(sbLlW|
zcrt_3M991Wws=?0ezHtX)FLwqZ^Y|X@)DOGr|Ef`#)FV*?(7QP-Njw6H1=aYX5POb
z5bxpZ4t?EgFkQJ_Q_b9YbUrb0k>onFKd6PG0~704)U^RF-X1OKj$~Xr4_GmV_vp1T
z)mWtaYFdp&dW@!Z8OmoQkCY8w?;ib%Q(O+XcC%5uErdL@z3w-ilJ?SPoGyb1?dx;+
z=|S+dSDvJOegRedWq-*JJ^l{2ia;Jq<9sHcWb@(6E)NP;9rZuG>{9yZr`QUCWNKdo
zQsKPKVBSIyR8u97Q|y`X~Bx6Z$PzyzjW69UY2Ejfa4of#VOv4{R
zm3~F`f7&{im;BBKs6rnHtg-Kv;BrgfE5RnHv{&-lAD_l6;Urb@gv}49q)p#}GU+XR
zA;$GN+QU8gIXv$;15fY5XbItL=ZgV;j;<{{xwj=vE3d<
z@fSx1!FL`udEB7OsTP~F8~b##&Nr@M2ddZ2lV_XBMz#!G7dEL>n>ZQJfhpwfj%0Q{&DrGk*-OWsfB^y2)U60)44w
zb_2glrlY3q27Z@Jm8R>0l7~F)t~;8B+y8_1H!|B>Y0d48Og~N6X!^~JytW>w8vv?1Hra@2_yed?L5*)-
zAD1qFzb~s=&CeW{uGGD1do7*UbQs*I%MxLqbvV($5d8+IiC<>~X
zA&-0Qnen8Np8>T{bfA$>LV}H4dj5gf|6$@w1fuvb=o(4U%*N`qqL-39T5ZrX^p^br27!~>5rOEP4PCf*JwIr9`u2NKZy6agaSTo~)>j
z1hr7aklzOLIkv6O0qK7H#KE|yF3RFf_ZI(5UJ-2Z&tbCZ{(4s^owsLi^aBVEWEQ-M
za9?v|T|5^f&etHjBk`MGK$Xghciw;Wx^B{5wP#yvcu~=VdTBf5!Q3{Dx9s=E{0WG$G;&%P*YV1
zB(FNKF!t*1>C-zvO*O@M)Y~)Tof+W3J8_^EiVnDWM?U?S*G}bR
zdz+^Jc{g!0z!kcAdeZ+tyNQ)w%##vIkhpRk%=fmty39{NgKg9_6mMOK;SNZ5Bt88!
zP{k|U26@SPH#Y&Cbn!2N%iUyt7!<89ba(wOS?Lub7Jw>iFtYQufsxN1MJw7TUwWzvH*zDo;z?Hn{?$tZ6v)*J
z-;mQQiG7OP+j6C=--7=Gk$MDy_+)qACwn6iR8s|y5A2!o&J1vvhHpVF6dmx%+mR5T
zoP;gdF6SrJkQ8kcs8Tet^R{4J(RB9^4OtbgV$o_FE!t`*kfPm#uH%ZvxLi{#^kk9?
z{AVE}!ytDIMVMQUJy?|1&*p9;KI^s-?W>>o%Eend;ro}+;EtqmzX!D`$@UTGpm@_R
z=@X{YRS~E@R%VoFPt)P+$sCsEA&vV=dzwmpd>S+Q9$WAUBS@tdB9La{)}ut^
zT(OW<2Rf>p?9Pd5%MCkjo{Yq&6WC9T~VrP)!t%XYHBs{tR%KhF3r>6fx?k
z$0q6fprk%WAUa-!K|vW&JX&6$XU01+z+oE7KrIw8=qNd_(FWQd7-=Bxe@X)-uZBL`
zF=tcsS+^-_-wiBbPWAFm8fYV^Qt9^QT~IuJ9=-wVVUq^>AP*Zi(CK^qP6IuT
zUcU`ese%h#yP!_J2BJzHJ;8TJ(m?${EfjfHZV7T314?R=Q~GJECk=Ek
zsD&a%9k-+Z9S2J4bOd6@D{SO4qIle5&x|JxbT6odA_g7B4^G7Xo`*~Nu(`S3?6Lf8QURUCu+k|Lygvb=;u
zcX_X%GangtE9B_?f^q`m1wIG^m0+);q7MopyGt09JoThA4&PyjvwR;}iVKbhX%flQ
zfc*5GBD*1qPr=C&SjCcUkkJipzY@2jbM_-~J6hAp?PyIWx1)8xvL+}lI5P#m%3E2w%RrVR$FZacdde2
zwOY4Yt?du(qOHoJT{WP!F75yOote8$o}ktKKL6kU&p_^-J9EyNGiT1soH;Z1zO=*s
z>wkiM04(PuTx1>T@0AfX?2{zJ`TEXyFsfXF)TG4ci15$L@r&z7akk*%H-uG1D2B)M
zo$+8)c^0WjiAEZ~gwTJ36z2_Ge4$$+%X+M8LU7YHirw}w
zQl(|U>`(OZ@}R3+!^gjwIaGOOwq7tF592Nan)Le8zn126Lhw7n*>`QGJk`a4VY*}*
z7jID}8#(^n%&dKtawx$Jz7=cq7eUy03m4_?lojW9h~%=UXr`l%SC^1~hJvku6asbY
zjZ}r7l=Pr1C25
z=;hG3uZL&_o%6dMt=`Zg3H#;qEo(;z){_JF06bVVGOK|p{*!nyy^I)Sm82evXQ^k5
z+&OU8CvFI84wFR&yKN*=WgSS1az`cL>ijUX*gG+*&MAMKDbFeM-H6m*pe2h!)JlCV
zc?zjgOPFoACqG#?t^u%gSW-8v|3nkA-G$$WDO&QBt`}}n2)NsA&iC|~K%b}@6Y6Tn
zsT>p5LNq-A;e}uVoPbncG-whf8C&$G6IePX)}o0{3E}S4M6mb`vesW5d}i$~$5*%yNC<-;EEV2@Nv
z3ZEpV{M3!NC&r
zV-us*Gu|6MDTKSy$9>$#{c@tGf~7@)BhFt=jM6?gtKtgq_(q7wz|Hfv$zy8eIT(a*
z3hKVdFRK=*;kqlHuZ)#z9##8X70VsIj_re;#(D4?ofM)KlzV!V7H05E0DDPV*lRpk
zPmaaMG+Ea7km@{uiyY6cMblMEKk)5N|28~WB}8NRy}mQPnimAS?XO5pN*eg)*sXY=
zx>odGgW2=@LFEI6OOYC?JZ6HcA*h-VY=a^V+Gj;!*_hY`YR)L79~|ZQ1NRJ#qPCRI
z&G0|uiBEp)v#g6i$GHv{Sw(u!WJFD#EQDdFzB3+7o{u9nDe*b+eYFv@08*Ua<05IC
zOA%EOis9e-&Uiq>{Q+o5G}8DOvMWZ4(*qYtgI-Rngis7q^_}rx@|=m(q(lRaP4=uOVnrSC={>9899y8z5MaS}@|8I43kqJ4T>uYu
z+YF@2^0j#j)2!P~7=X8jxCo%v16mf&4=Q*@nfGyp)cKIwt)Wr^58}&6m2#wOP!^{>
zh|Q?CDN=3t|$3^*!TNOvYVOf2V?S!SQLNO38bk(uy{~9v6b`
z5AAG^^DB`
zYYA!_Du1qD{;OX3JVq;L&_|#KABSMS?87F1r0eCw{^E4#FH*e#vp@#BZMp}mJeA7K
z%ibFAy+)RUncxTT)GZ0&2J&n4a6P{wey!*g97FzhTABO|&{7oq{Sp}o-nRd0Y!Zq2
zGC4msMm<9&i)UNbo>2LLOxnHj)px;QRs0?G>~w2T&yjvTE08MNI#SO&;@!Wk>zV3<
za%P2a19_h4;rivwIRU>?6M_xO`IZN(4mxUiqMYx*3&NSTxZpT^5eiVwk8zQ`fS^HV
zD$qqex9kG}5>Y7R>WVabCwo(qQX_7$P`>*dEj_5LGTxlMK3FXB|eGW
zb&6%(hZN@#TqKPi;LIu^6vG?(&UhfIzaTX!(Lf{h=W9=QK01;J~u%=;FgmBI9NyPT*PC-Dr6
z_Um@FdPZqEVC~*eY27s`yX`TrG)pcMQLBGUwyf7eup4y+?Y5z}M{31m_$#gashzbe
z&bQM>YK$o?C4WYtI-5CHJ=SSI9F|1`pBSh4z%4MOjzck_ji3)hK%+D~zQFbZ{3vGu
z(zy~B*?<##SJM^UXVBGD(ts?6JM^7#j3P2X?~$66Bw*8ChzHuV#V>sw`p<{gaglUs
zl7zI3Xbj>GT}{M;-kpooq{OF|RbK}EM~YL4i=;unRfrhD8D{G{D28w8JL7@MZb52NqETgskH+_}LU5J34zTc%Dpi(>pcj~5v66qX
zdsWB;`37=>mHfM%^&yN+cm=G~b2YI4@6;qv>OdBaV7CoKs!t6nnZ@K}cDz{OF0cls
zo@SB?fjTb%o>J$_40XONq|PtE>#-qixi=W)N?OT{@iJC|Q$ea5)amIEuGC7fVYj`9
zR5?d-Ss!9v*$l~sSjkXyBPfX?+7KJ!y&%^%ghkvkkE2NcBQ6t_|^Ey>YGhwhfjw7OBp0xJZR&mR!li
zPqr&R#)DNwG=^qAFs8ha7WNen
zR(a5{CR!9~;9yNO;vTIx{GOatpx#hu8R?7Wl&YUoUNSyETei7+?orZNtu@dU&K?xV
z3p+V7*lk|}*~FJDzGj{{-ue;Ncx8*NjN0D(4PK~D*@}jhcpRW!Ltk9BV&U0%tRx)0
zeFJ|GB0AnD`l=$@ADn_HZ)u4#1CsQJsz(t0b%O(7a^)HPOCGMvos>;Br^39>93i{NWASxSXWUlU%{23^j(z#K$*}PSljOc<$-Y#mg
zuKp9b>C;9|A-hJq5r6;^5~~tgIX>FH7^7z+>BJI!k$`YyHhZ-
z6!v?@gN2=}qd52oXt`7-3?}S_R_=XyBmpJC<7s#-RgcHYkudksEJCtjhPrp&gi)<7
zM7O}FoA|M&OJr{et_aa$`A0rDS`oqwI6BqCB#g%q$%Qylk3L6)R2*GFjy8qp1{_`I
z(Iv9Sks^f2bNjiL^#d025H518p?|tkx|;5a^`KAADj^AmKk7Tls
z2T>X9w*C)j6_7n%s}|8i4XGaehE#oiF;r_A8}j84-Jl^CdUT2GHKZa$jyP-~3bcyV7qzFOIzrpxn??53XxJWtE
zt0bqfoJZ^d9QLi*B*8EcFeC6+LyVdvE>`iju9j7gn6nlaIT(>EgVLE!U#2RuXFB8f
z0QFsHfmF#Uk4a1G
z>^ETauW4aF=m2{QU`rni=mrw#ht!A!iu(h01X7&|xJco$NUMsF3=8$0@h-d|;C(Qp
zCM6oX_pJ&1d?QkvHeCD$f=V=5IXRB>WGem0aYibiB=H%x1S!r8TnzsHWqbUsv~vDs
zR~LhvV)ozoEnT`0XOkGiiMX%AUkz#1^yH<2mvOjQ#oxx<{#C@Bjkw4{c%(Dncs5ZP
zZovI!{M8WJDjoy8dl7Sff{Tx5%_a!L3%KvXUk!n*;*U_5-H16K;^Nmu^~C{BZ=Qa!
zW)q$v`(bQV;;)7nHGgGl@l|O5zDRRwaPbL*_#^_u4BU^wUk#zH$qyhY=Ucf8@ZdDz
zA~EQ}4Nyx6&hRaLXFQk_wjebr@zE&dd3~XZzZ33bA=sEghk}jxiB{D6umbWA(*VB9
z8L$cb7cw(`FOu`5kuY~U3uAa#-K+r(%~r-MqT5}IY26*==Qn!!3mcbN8Lx^`b%=5S
zlFRq>L9tJXj4z{jFVIKMfL|hrGNs?t0DP}Gk|}*a00|>if_|?j<7tt<+Tij?O;vLF
zOh+z1RE1gtB$v-dxO{|M-YIfF4snSj8L)N#NLta|DF!O0^f{!AyE-!U2d_|y?(U9E
zeZ$L_Ox+V^>iF-lJ-3U*)hONz#X4fQ-R?1UE7}tSTK9@<-WTX^SDkE?e}(v4MdHN}
z{&pX~^if?Yg@2UBpOnX?#|@(Y&WM_PPgFlD6TBw6Q4Be{H}z)Q1y=b8mb6YJYC+Qr
zvtufTA07>t6x;Oj`B}^X`~b2X+w{Wuvdnd&R+ahG`Eqv7Xcc*!2xFVxKYzfIl~^CG
z_Yy8tuT*7h5M7FA6XNajrR(Q@l%#Mk7lqH1llWiGx5ltIm3*B@DUvu2ZH>Q}t==f?
z*U9#@$8^V|JY?@jRyjGWTv%;oG>IP6>dJ+~tc+$aKHSP^@!}(_j5S_-q?K`&ihskt
z#->2eMz4a9Fltg745yOg)
zf@GPDTzElpfQ-C<{$2J6#D0vw)uV8+{wAMU)R}yCHci5qHTf8v|KZacxXAH_PIH|9
zAqGO?rR1&-cZ%$!oHHQH{l}b@UthCUs-Yvvnr{oRteD-3#*cr<0O+pb1xk~A>XC6AT&#n$*1
z5??Irn}~B8F1}c-5@Im?Qr{U5y!gLGYLaNQ1u^r&QPx!H-^C=5u1I<-<0WUBGDSc
z$LKBt<~t8xHG*>70(`KV_tdsNo~J2#Gp+J#Nv|05Ux?mhpWeTt^fW)kq7PLa^Qfv|
zv6!IfVLp9`^s+^w*HeLjynP$I(Sy{GlBjcb0N3;;ap0x0fc7UHo_=HI8P7D8z318lq@NtnS
zd^)HxmJynto=6R;1iFzRydx4vgy7)=*YL-6fZx*@@E^nz%^~=J{<;qEPY`}@JaJP9
z{<}W?J3GK%MEDouiC?FMf2{-j_X+>gcq0BxP~Yc#`kjy(t?v@T-xE)a2*Ll_ho5Z1
zA3u%ocf}KnL-0ZSp4kDuFX8WqC$32ge}f5McuL6Iy42_6cYw=-`E+Z%T=|#Pudilo
zizn6d0;~Ki>h`*L{=Y&c1#h1n|15GzPYqCSpQo&;OX68)01pQg*Gi-NYw;f3MZr7M
zYZbs{Uc$z;(g+){s;SA!XpP5OpC#BIakj8{GyG+XK;LP^MGoIwm)cu#u}WAl!#DMv
z@j<*G;Osk6lM)wm!g4&&k61htn|$~1;itGrg52b@&yoa*!mwB084n2l1F1=g3xW^f
zK@z+dCxOJz@sNj$&!JU9Xog`(_CjEnj6-TtqS2;!_DU@ONMnvigG^Z^gko5u?~DgD
zE0
z#1oAn{J?p7dlX-nzrw@ULDA6Yq06JkqgE8~lV}To21th!nw`cs6$!xMG%C|D|{rZhZRRoXD6L&s8Ma
z^fG0E!oaMlm|W;#+;V~H77bR$N%53Ix=y7j$dlu_EDM;BX?Y)3s4kvyBUtwWPISm%
zw>=WB5O*>qw{`If)nG?i<^S#q{E6|5H$wQ{+-SEAdOjkMjcXNwiShoN5ra-WJ)X&p
z754g2r=A?{)a6a&bX+_!3pBkDaC&aIBww}0#fL_w@^SGo$`Jw1XOQ0Lc;fmHy}&p1
zOq8Bhwb60?(y*S&N5^GDqCBhodeR#dPy97RuhLhIqhE+f0_U-%Cvb(PdwvHl;(x2b;NGl>hYlMEyY5gcwfpW
zaNqQakM?{JR`~!@>=DoSX^3L8Px0+2MXet_;`%3~w87FNUPXe`xboSg*EODz`enf3
zLZ9A3r23PBuWwxqdR^o4*H%DJ$*gO9iegxQ?;xXFsK?fI0m;(1yCGEI5q^O;cm*m8
zP+M%J@!pDIj3_ZOoEdi?58~5GvgJDWrczN0LvF~H~wN!;b27UiBwr(
zZGkF$;j67xzKZyE+&v0#qxf1)ZC_2T@>hxfK`eJe2*1ha|4t8Isl-vL{10No
zRkzWD%SSQKGiH@vLwW~dxxWt4`;t%3{*|teqNhjL1F<1gYBZ=Cg5LA!VMM)^@_j3o
z+Xt9lD0EcJZo48(kK=`6@U58ahxqXQTBQPS#dNoMU)vFXk9i}ivLoJ(X*=S&@Cftg
zSjcQB@5`#~izRLkvC`kK+RwwRV1=g&-WTi3F;*@%J}d?P>#>Z#hwxAK@rV36A{sr}
zydLYO@MkJ|ug9u&Us0lZBP6Pmu%^v;KIR?+N?z#ZyTpFu(N~kt%jYRkJ+EXBm)Lo#
zgy&=9)d=&H7S%3KR2M2yy&Th%&zlM;rf>mVU8xV
z560Y&LdOW@i_PEL0QzmcEq~-0QFmJ~fkhi;IiR-|H7lNVx
zi7;<|L*E_iIVMLov=Zapv7!7S1zL0EyV&sCV!3aI=(TIYc3bydx~|I7y_k?(dYTzHF
z?F(BYC11gkuZy`mLnQ}QddDkSHJ?|d>tfPVY*gvn5yHzz_|lkL_)<`%{eFL6i&TF+
zjBR>T>+Gefm&G>iK2KHY>t2<#&R*r|g}09QMxYlV75!S6mC5g|#A%xsvadv$&Q@Hc
z&HI~*i1AB?7=Ehnj92o4fYTC4O-g(k^g<#>?F4#xI)i2$xS48&>%J2K=H4
zQ}LjF(S*I-Dj^|;;lT7lqmI~ZGsE*m-yiDD3^>N6bBT22h&I$=s%30A^7b{XkuUm@^
zKmN8PsnqkA39BuaoRkkDv!}-rWxok(+*e2Kw#i5hF?)Zwi!_AFw91pDvow}i9HP_R
zm)w~i9W@_ezWGxL;OEB@*M#8D@ZoRh0RIf(kBVhK9)i#I`Aqy)^Qq@gDY0TC1`_kP
zwCZ&!N7$^6#_cezC*^Ja}P~KZ34Cs+5o#RlHrTezE=>
zred3Jx&4ymD%B5lz-(iTq?1M*`h
zvC%!;Skra>>3o?#ulo7pbc6JnjhJXCbqC`&mzi
zvO>exuOhXZ#?rSrxu*in3wQaYKajTci~S<*3>6_uzroMCCzKT`{ozRIeOdZ7PR{Q`
zr61vI=j>O~)jf_>RrhN{Maa_2{jBepS!4aI>qA)~#%_)yfD>g?9WK;
z*eKWgMXU=IAsM^h&)Q&S{mRd}B$O3mY*U1>okb}6Bqt~L)qt^OK4bHd8e(kgT3Py$
zNLAy-X-@8u?aEwG35%Rg%8t8#t=f)Ml3g8Q#VY?D%be{bT0>>ttfhi)Vus7)qPeNL
zk>GuXek`qZW$DazMyY4*4>{h+CMVM5{VwSr<>b5`qCed4sRREIsnadme4MEW&`eNO
zndRtR*~r*3BO<-ySkiPSF%vYs5FEv62$$sBY}1{-{yJ_5@w+&QD?<3w{N6I`k5Nwb
zYP^dg5cpxroeXtkbW$Ukm;$t5boEF2oti;ayJ23-dCSw`Uc!TVNk2k0rSEYX={@W9
z(ikUGm5PO{oGVza9KlCfE?FElc1^+G@tJBc5K
z@B`^SnHIk|B;ALIU+5(MlomhZwRGhdhVZW={$4vV2#{X*ir+e!uZQrtnWYqSuPrMO
zw9YX_fYs+kiW2V)I#fYC8ifuqdJ?GTjiZd|4G|D4wSrb
zwom`UF#W)v^`za80tt>IJ!MO8Bbv$@|8@!#Z@2BMN%3}Eq`6K8WrQB^Z_2WMLIBzM
z7?Z73WVysBVYv+Z^quk1DhX?Z_-?EbNFD?1-S#~?9pBURV#U+pPbvVE(-#+6EZ?c|
z%eP8Mg5fBAXFTx0ABWVW#K$6J{PV2PdfQ$^*r##vDGr=W}eo#+Ea|H*9&d#rlSQpJX882X-z8BLDejyUVLAM@xp}q-6S8E{o1~+u<82
zA%hGVd(@rr^?v96IZ~74Rvu4TE+bnnxYwSA^taQWP`dVD9A4`T;--7s$
z?faN~Ka+!>WU(JvRO1038DC?;dmhw#GSWr@!Qen8GWqqkj9X`SKS#8c8R(nH7RkiOY{b5Y+7KA
zzm08qzHL_$XF4uMTb^&H=!39Ih|bWU?~LPR9~tn2m`F{M28RA*jlAQW!*UXDwCyX1
zb0aPW@kYBBotRb$(HVZG?~G641p(jwMrx8YNc@}f4$iM6@#VJtmc-fDf%tN}Cq0Z-
z3DFsP1I7!d>Ie=PA~i`G=sU@Fc|X<~Kb^#v+V*tfoY9f^Qo9Q+Bc<<4?O}YdN=S?0
zN_}VC8<4T@htwnqvKq(8`-0@j@;=uZ-wbc%&vJJ_sJ4kJ%-o+)gYA!3OL56-brl(Rd7FXdvtOck+WEa@~a4+XD536C8+DgKK&I)4e_tdr968W
zKaAz?rKD_cHC8~(j6&~On@`0d^XV%r&#@C5L*>2Tm-p9bd3y8Cv8z>i+OAD_^!164
z4Db15Rle&zFHp~!Uiph*4jkQ%7dgKEtS%C_V2v^Aujbo9nLjHeOK3T~LUWpx`LjOi
zae+1KNLJ+Ig1Nx)!cZNt+ggw+<?7~ax%#)B7r+mV_izHILGr1!8LdmAV@xcKy}DgrW8F;9o!b)GRu
zO%jb{3R?yTFhQFvMt0eXCcH9n=UBCcI~QLdO$&OJ54ye911E5i5855JC
z0w7)p=uSjxk|ap?Uz%%vpWQAIh
zC=9pjJLAD#&;3YE5}(9MJlNlbV1o|6I}BU=1PX2^oZB8MSP6BrJo{vo5QAYbK)kR*
zN1*>mO_BuX`VZy(SZmg>Ubf|4pMPoyWvGvGE>dOvw^vD)rTV+qk9k}^Vr+P|C$PU`
zUry{BaFK!_u(tnqCkp4GGUt>=u%9n95NMAE`14)+IX8*bABBH#lEKu
zcH6&^Dz$EP(L1J&DumAiYrK7k`w8e}R;%
z)|(j>P4W>I(N|v``(b!X}eeCmy-QT_?g#9fadw&%BD5bOgM=0z`
zswQJn^{BtI>13}1tK~O{oQK!c+_C+<54l*g=CiO~iK2f56%BN)7gA-L>xx>lrV_k+
z;)t~1$8`YjP4F&mQwY45UzH0za4iUHa(9f)Zn3?I;5XwUI|a*D{jIa=Z&gHOct+nD
z5B%%DLu!&F*x$Y*@91w1Nf+3EAh+*=8-h!8U5((
z1zCl=LUfDthTf0zOs%gJ(4xdn^jfJR8I5wG!d)Nr+>}Yi;d=|4UaLZ;
zSK&LM65sV}(%_eP{3vD2U3Y%xzTNE8}Ec0^WYfb@^6`OWfkIh_xc(d=nSh
zDyzJRT7x#@k>P%QXFM@5`qgBr)MBFgXmpBoyt*sA7IZ$s`GVR
zWO@0>l4>s2%Wnl(Rm5VrQ{Nd67SxX+H7Q9z&DY_9%b|*VNanQ={6r!l*lmA9s^sC>
zY|X>{Fp57SV&X&11GB6WLNW|QvKNBxH4LdqiH3R%Jkc|(0XS3x+ij-+2FpZz2=@Fg
z`;g2k5A2c_^im&mwGX6!bS3G%h^6zky!wZzxM%5wgf5u31ZENIOpRcd02>uRkf5?gd6mo
z@ou~z*lj;TYEq&>nAtABcw^bZngPBY-bP?6DOO=mERE%k%^D}hWUb7dks6j&Te>)9
z119cTNX{CQRe}dmX~mF>w?Gkb8OabbWkjh17mV9alFc-!)s~V{Qdrd~f@Kj$l{G^q
zWanF1S)`WZQM0VvJe`(@G&c;LA0;2K+NoI41+yepFv2J%Rbd~QTAb=+7i3H-`PLN4
zR3XzMDMdLUDmB=nELLbevRH}Em9mN@6?S!MWv)T2R5Jh}l7TMa$6=t<)#n^6Qp`#)
zWx9rvZwjcJ4=0<$Yl`k{F6Nh$BP9}p1H4EYG^9trXUdM{W@V{nWF>m}382q}-j}r6
zfMK*xScqi0uTN4k9f-SMIKwNeziwN(p1Nc>vW27`P;TKl{T5B4*(yn@1q
zM6*1Mp;NThRH#N%Evw6^3~LhlO|%U)P<0uE%w``J)`N+qwdf|pWnTc3>@Nq$&?K;sfPx7bAo74y5nvfOCwXDgS267jt6pbmm10hN2-BcwTYQ+&za%_Gz
zUQF{dWWCf-LI$R1*=!Ab05b}~HeIBV;me;PN1YjJpy>`7);Xv&g<0PdEmMiIXNLJw
zEi)_3eWW`dElUeEfvWj2Q6_3jFSk)|@_DRociFB~gyXc@NHO4xAD-F}c#cn9O4aKH
zU-GHT@&J)<^r1|A4RCq>;?L60~BZWy(`Fzfc^2tUy@lteS)y?q*>8Sn^
z*RoC?Vabt0vc;j~6paGvuOSmy`mT)X5Rq)S&W>T^A!YQQ>A
zkF-*#wpx@
zH27Yb0`=<>wky`#aa7xs(}sY!Y$IxiPyQl<97W@+#l^Ni086%ri62X_l~O2avrd=V
zRTxI7vR`8!_*HrMhPur`heOWgHY)DxC&z#*f}%m))7dK{WvUXtZu=uIYS2w~o2zWC
z+%VcUdU0XlTmS4>YS_6Nv_h5$k7s1Tth)x_!TiZ%EP?Xj<3G069WeDZTejJ?;9cp%
zbrMwRAm<)6QhwVW6RPufLNMgNEXgMRZU_cs@$<^IR9IAq3VXfLNEGyDBTWfoixe^T
zW&`obW@XEHWBv^Rrf#@MyM9k+d)p#TY`oKzp5@j^h6~Al`wzgAxo&NtemWDS?sM|x`YkVw{>7gb#Hu~%cHK#
zE5oYeHoxjKp-A2c3ePsuy_%{@+<}xMQ!{+yR@*XnLWMZTP-b@_UM;opZX1HJ?!i^f
z$M+(K5chd3NTzv0hZtBt%e#Vo0QCCireHC2%{{(zCp#Zz$_^@_>@B3S)2q6y$V55p
zmtod_P|Mu19twm2n3b5@Jym$v$Wh~km-~~nxg2mG339+YDatVeUwjKP{GxQ$W1fy9
z0|x_CgR>Trf@<=|38TjW*$uRE
zvE=qwe0IIrhDHAxDOp*n!^sLT@qg^_3J00kPO`^ALfBIEvZQ!lwz>TMO;EUGKRgQj
zw!?Iw|1fq?
zr{^jJpZ>-$;0+^h1KG16y|t$vZQcpZU`WF8DZqx;M2ZIuz2C^3p;zHL+xiGwrVf+_
zUIlseF1?$)n7Vt84lmVnt9Z|-OC)&S94`@GrbsZKJqMNtNLe!LeUykgD#xn738
zPcoj(@%92E-=u#idfXNW2b2Es;Y`F${W71;{?N<7H}%1F8qrN(oa@$8+G_L9x|PWCeN-FwT*OE&RMd6pXeVV8%f?`Ij$X8$nfcXPg)
zZqPT|XP80XY@abkzRAB?-f{!p4-|P?n
zZThDC&HD8;>U$`7GvAzlO?i$o=$rcDeM`*)I}|_W_+#pmIX{@?nf=>*K2&|o@=W{M
zEdLg-V)|~%$9!I6z@Kb9oAk}+hmHQro#}8e>-$hR6LGV@{7}E!>w(SjBKrO(qbXLG!G+sHTd*&II(HGi1=nD&z?e;me*1bH+i
zlw#7G8p>mItnqBl*QWlO{dtv9zL{_8>!I>Zc$0sV-$UvDkB$17_VFo3zG-j&$jCp&
zc%EcDUvJ36EYE~LlssNF=$rP4DX&Tc-qh!1M!qROQ-43JzI$JZ^NKOs?@;<|*3Z;u
zGvCxtv;5D?{}>Vv8OX8lGP
zk4$~bHTX0Ag{FMW`kLc^p)uZ?`fBofhEaZt@oct-slU$}
z@FyA1LyYG``8P~`JCyv*@#C|~-)x`HtIwvqOno!U8)(SKtdGghBm>^`cbWa!EYGB8
z@@vYk+9>afZr>jn^c#(5lYf)nvkmwnX>d-p1x|u
zlFEfE7dNhISX{Zh;j}ZFR;^sLdUd6~53Q;=r{Y|n7*jtjPE+F|5}dDaI_G&aXO{Ha>-eIuYGmnlEq7wHmqE-c>b!@O)9IYdHMY2
z#wAPC)0&0LTNsVu3qg$y%}W|poZ_0V^3V=e9G^S#QwX)Nc~xUY!^-8%A;E>qm#sQ&
zVUs4xlobnC2j#6^*g(Qyj9F`zEF!vm22#VK`S`+o!^&kUWyPvBn#{uG%U3OuB}q_?
z*1TwuN66>IC%tIZO3-Rq)U0Sh3}7vwg0JC_fu$`g7X`9vZdtv238f_=A)AGetHNKn
zykQxIcUsHRrBXB?U_fb-Eh`&VHZ(T?;oK#Q(^O4!&DIJ^(70YT=2L=_xlmI@Gi7Tl
z@@SX&QF0LPqNe7>&_mV+vH1&6)07sSwdnMPjZF3xW&Y}B-3I8KklWG*HUN5Zh$s=H
zh9f5f)IlTQUKiJ}vYB9uC}kx_GSRS#iGfTS=Pz$)l7OnMm!74i)O1c$^O6FGC=H>rX@|0=0k}s%?-;Nn$M9Xu2|T7x{N52I=UDd&uGJ{CKSTh%9a&N8lh!=
z%SyQu4%Kp{q#!fIGgaj&v!qN$-G<_iok}GrIMA#;t)*c(GbeE5KMO$fsdHKQs@eP%
zr!_S%Y(_h)1mki3{OL1hPE%P*S3?OwmTWLUfhP^syuw3TOukwojNw56t7cH~=7tsQ
zN+2%Jhp1>)H4q{{ocmhbZg=u1$%M!XXFSdF+eMjESD?tI$uDbn
z%88mG#)MJ-$Fki55!)xSw}^@jBIb@4#Vr(1!s%TgG7}Grl)Fq6Z4=4y!mby^v2$FE
z3voN))(KozJnFUrTc+&5HSY8+z%7B)?8H7%u?G}^wFPOQIHW)fPP{2H_lUx!B6FMQ
z;`S8Xw}~E`CG{2&i#1B>BH=cR;)MIYq>DI8y6#Pp;jS04W-+*4xF%%$Qvwj
zmWs~HM0TsN*N71l#n>HU>W;W8?AXN@)Qa-`!gj~c6#Wl~LGD~JaHc5OFA8_CDt)Vj
zK<-Y_cczX^p5@kxj9BJw5o;ACEV~ZPgBvPSFH&nozZNl>&)Y83
z?{!c-v{(hYvlACBVrrErMYRAJ+bNPQB73_iTq6bnZ?gb1NU`f<$yza>T?~eBXNn%~
z1ku~A5Q8U5d1Sej8lro<=&2#bO9)7<`+m{W8D2mEdeKP}LU{3vu_6c3aGdIt$hk^5
zsENH^l(!>gP)gV{gu`auD++PjUnvT}s^cO)K8Q|01u9vmguBfJ0|~cUbdILPvcPcV
z4lxX3M)CWpYn|r_dykkp0ctHWpv;?@k_%bKUY3H|jB5;fo!BEEcd-Osgz5(w=m))^
z@!7cBTcF?Px~&9(eka`hh$X1$VCI{#oOW^KZc)c>HB;of^F;aW>?Pe%@50Tf-MpEi
z59-xvyO=OTjBFN1%oF`Li;4=-zgcwJ22ysSLUd2Gh;C~{L5rBll)0jqxAlU3(q4y)
zgC;IaJSqCRN6T(NvZ|(1HRg&OLT(d->P2TTwq6XKiC#Kh36g3a9_{TA0ZL%Y+S?~0Ua#U$
z6J@+O9_iIPL_xd8Y7xg`Ea`)B9Gnp-A7
z-%@)-!3NamfQW4q*-lM~5HE>hRH|9@S54Giwe`4JqNqi5T_;AmSBqkdC{Ul0T|)E~
zeFux;W?tt{$_6ZF8)jwPTB^`7U*>Q(W|PQ!N{r#$5KBD8ytyJT;r0-@
zJ4J6iV$`YJBF40eNlQ6Fmb8eBW|28hq*_InrJ`S*sHqqInnaiFyh_?X6r*D2JjJ$g
zn^B1@H^qvioIYKI*d|Krh1erf=)}#^9)QLX%XaIlVr$%8lO~CbzT_)+p6HA#v*wbk
zguBZ{cS<F23nAMoH|NmJ;+g`zq=Kh3axJyotBBrR*?t!?9`ngZ@b9Y
zCW@Dd+^0ktdnei*w;nSwE{sQitql4|`Ajijhp5~pDkeZq&|(ZQIrW(5aL0_oVH2&6
zd4OE>+(x?S30;r>%v~KSS%6B4rApQ7V1b}P
zw}{j=qMKxVY_k~ODuz-@^F)!79PLR6a6E6f;u1^LiE4SDClljCO?NUntdW`#7xXot<-5KQXt=&sC*IkoVI1%06AB)`(JF9o1D5b44jg!pLFI!El9E
zjrBq_TnQV6i`Xhx&gpX2eismInuP1cL@W_Yy6s5!YPL!AK5&Rym4I--w^?WAcKhU7
zl|YHQp;l}DmuuDcO;xLIR3ot$HSXA4rC_~#zYSx7K2q63KhkUVh2U>@iP=vrn^UqMP={hB-ayFx=r-jEDA4Tal(Bt
zeQz|m9&rGJ45TyBsVou2r-_LVi$2pu=?=-?W@*nliI?yrC17x!7+NoSt3=qga-^4O
zl6{QdoJyUg!h57K9IF?jd0WSIC#IU7t;$B8Cng}-UMGgs(<7SKa(TOxcrCS9S8kuMnBXEnWc`#011bCs`1cpyej=1p=
zx6h3|A7Kz@SBW02a(0AD_5g@O&N-bAk@vYW
zFs~KvHzyf)r7;pf~XVbn3Eq608UZVav^`aXT
zn?1+@`7#IvMsji!?0NWC+}PQ3MG2N@?zN(5j%)`9zPp#yPzF!YK&-Whnt0@^
z>g1SVBZVBel(gTYDena2om(#oc8if$i#%9O7?iV}F)5Lcl%qt^AHdlFh_Fcx{2tHm
zVU_j1C~{XJ_d3xxBur^wDFcRvVsA8v4d!C*Y82)fgV%_fy`QS4SY8zEgj|-1v8Wwa
zJF0pyXBZl}eiOMYny$^*zF>2W)Md$LQNsNP%KoOP4wdz(*@KRc=c+FUB87LYdNNGU
zgX)XdGTpVluw@49r8lIXyHia5oQ*TiZ=6ClPRVYO+%CqQDUL+@#4@o!jm6G1T4Bb|Lz8@V{`>8v=rm1>akd&DkqlW>hOZGg#9TF
zBWT#^sB(pLiC{fD@zYhh7s=I$kz2%^UC_0iVp2z4lPl3Wk<%hN?G|&6)Ed_ZVm~|3
zxH$=|5YUnLiV7%C83q{lY2`?27FifG>Z{=Cs27uV%RFa5Dv~J%Z$RmAhQJYmB@h;#
zl>nZwTTDWN(+7Ue4QLAZuR(MWT|JYbY181qnYmlo)mX&ufhUqKYB)e~HAJ%pZr5@M
zh_rgA+^f<3dhHR_yTxRt3`x1aMT%OTq0^1rD(1AxQ3XrPLO27u!#&FS$Q6G+{6{;m
z*sByJNZupn#LmUs!IED=T>EvO5d*L|$2e{~y;4+KVB5Y
znow;b#5(N~g;Wty4p$}8;WI#@yEF!AmO(xR&}n=91nCq7BWU<4=s9e$-O?e(X0N#H
zQw=>`>qV9`DJ8nVVYXSSam{8?NhKSjO-07b;85jaSn|1`{G3{h~E#Lj_b*evH!h+1|_YH}>GSsHLOVVDRL
zW(03@1@wwurDuFEh;~V|3OWVhm}TAIVxVmoyB-(XeRNs~SXCZ|5&EBlsLF?oePy8iplR;8Srg1tBXg|`V
zrZ8zo!g0VymQ&#mF6El7bxB0rCh9Nt!!E
zRjU|}cALQ6%F0$TZZ7NYryoB7PJ38<&|CP$wOcqY-NIP3J2-pR$dV
z%$Xu~BK@buScI_;EE6-ZTEfkC`lrOPGZBYhi{{MO4IDGz*JS5|e)Z$6RoQGy<^PfH#KyL&N`
zs%DY919Mgd7P7s^iew+GNCDh}
zQSZbK!0=%LxUwT~5BEfF)EmWW*kuaA%DbsXnx@x?@i205t#uZx{;J9JigF
zUf5=viA_Ol54zZEn2C{QAf1(JzgOyYf#>j6k_rI_>}r@!8NAjV2D
zc()jeZ5qTfU!vGE){89Z{4Ro1-WgIThJjXmi_)>po_}0wcAd;~l!9P|&-sg*AO}CC
zj!@K0rd}mV){v)!GpImxNj#`l=bPo2g*8hT<|z&13IPKK4Z+NCv;KU3s^{aVoj
zzT%~#aF*zdp#)0$G7LfNf?#KRBscY-^%d*Yws*U1eY+iNq%B;ZLguA#-eW$ll|B-T
zFcdk&Do3VWk`Jf0no|?EQ&8Sj+{B$nOU$2~s^Ky_H2?ss`2njrm}^3s^LE_Ey5>QFeUlUh+ohtX#esQLp1zTis4E
zOP{eba_^<~V||ddo8vSV;plleTX+>)oX*r{1K~4~!z2ZA>m|AMidFGn)Ig3|nOG$MWx~wAyedvN>cI;dm7$uG?_p2Zs&nAv1K>
z3^)<4fFhmY$U*4y)bR@zSsHT2u=J}KP8-tstCTAlZSJ3B*>J2*5CwIduX}Gx3v?TR
zy8A$VG*C{I(qweMQXC;!mA8L%#V`VzmXujVew;0vH
zj!ARc4*LNB4%Hvu=+ILPVg1>aO450UD#FP95pui3@aXAQq^;kZne1mg@1gSzMR^*1
ztItl+U-zw~aKgI%W`Y8|2#3&mrBv56ioXivyMcTUkGvtGuR*-gk;EWyIr#4j0s}k(
zM*dqd_@zY_Om8>}QarH9=@@1ht;zTfwO_GACdM%eFj3l%*g8QR3m^x#By3f8CRRPO
zOGG}5p?YT^$A#=@W&aIPqz;I<+j7W$Yz*vAqYXQ~D~7gm$aJnpuiT(Iv{Az47z)^-
zaprL%RPu-&BEDU9UxVQNF`V-)!}*bUYFan4Z-rC`T*6#==r}*B^^c++dG0K5Q6Y+9
z^zD?fLO2lL74SXe^5`OD`3AgKkBF{LZLuhN1BXwp;d#!&^#TT1r#498EYW8>Zau^Z
zY$G;{I6N^M6thMXy@uL{x{#p(S9Z_<1K`i;I*C!?+o5LV&=Tyc^xv&o#}Mro)p%~C
z^&*2on(6z$#KdRhA;M)^QAHr`NML<46n;LO@rA)B?Z!_d?+B5{G?7s|aOz4E=@iw&
zk1%+2g&q#Xa&3qN%X}P2c7l`?8;~S
zM8t<;xru>Ep366IKSd=!MHMc?419_8Rb4+^XZvFYO3TnDeFVG3Og%NPA?AKcf=
zK8?X*)N~{IPw`Gsu19e0Du(Q=XSfvaxP9BzP-56FUqf!6c6h+j
z;%-82=EEv06>Zp;F$PunSP_oeb8UDuCW-hOjD=5&_pY2nV2GK@O_J7NR!!j9UH*R0ix6!+k0dU4H(cxmRSc47jYjkWn;|>@Y?F
zn=p-)U>Z$dz^-ggavPwnb%jnAryc|Sc>ok*P>#dvARUEsVPj%-?9`}LX~gd`&&f!l5zPF@!#Z45s3Vw^LgAg#@B*d+!x-#}?Nq_R&;aC#MsEN=9}15_d1
za&}^aNHC#J)XsxO;0zucjwyJdz;UOE#0DfdKNcDPaI%#oBUSk)h{H*;59USi&8&hlKxF5Mul#BxCB@EhLHYxl-H&A={$t_%
zL#eHyc7NqyQ?mz~t$MJ@kE-=wAp1ht2Eo*h0i1LDZE|jZOvDFaw5%#t2B*=m#;jy;
z{KadXA=A$|;r^dy{@@+%b2X}ABYhusRA=-k{hHq+FCX&-hW|e$--&%
z+Q8=R936a~1VsLRQK7v$#;o)_aw~n)HPRMsP!-6bCcTw+4RS~96rE$#6Go*58vC_aZHGnxR!_`!xt7x?Ov#QNU_@2Co$@fGa
zO}>JCvU!glM)HB|a@V6ic#G~$ftMv6XF!37!w-ZP?eL0K#@|Gj;piI6Jcc8hupfFN=lK01
zi-)Dq=z1*?p?_H?4odlN@*F?j2+x3*C=Vuqdc$_EswmEqxEx`4Yy(o1+jcm|%XN*L
z__D~EDSGb~1Dydl9gp#KjC}ht$LUoha@UJu3}t8#oUpBc^MEIchv4-&?5NdZJi=kW
z9RlV;FKlXa4}750r%2Kmp=tCrXrLSnekoCn6@jMl4Bs*Yjq-XNgBl1LIBDA*r?3PY
z1zXsO-QLn5BK3b^(+*=X4#XDk#(_9B+Q*|S?mG)?oV#=16hoVMbc8Z+mf?b-wpzA1
zPRpSFohOSv>o8tc;UzKAWv6VBZfO=0w_sF(lesp%;y#(89W_PtUnd0GVXqv3K`?lW
zKf?c8(&AK2T7;Em$WgEh-KPlFa;ax68#A!6Ap1PIcy%~jveLPi;R%4wO_e$)7q|x*
zmy4qV`mZrbXJV1m8%C^L1R1C=qVrGHpJ6bJxxeI~Mf2Vg!(ZlEfq^){;HLMvaz`uV
zW-&O}0S
z#DCphec*pbQz|-WidXPKHRW^4`#*V*COu0EQ0JaT|
zu-7T`*r4-Y@ZUscbYrn(OdOA4;&8CbC-7>gV$YZx{)Txe4xdi3H|uwa&aC+C55$a<
zkArB&srRH~JSvP`Lhh{c6ku7s81oPeFueFb69&9UoQ_YHxWl<=T#5+~u2!6HoC~k(
zPU&?0r?RYY05Gf?Z(@q(?k$!`ENF}Jf4k#^vqnwnhCM$KnuIrR^rGEZaC`(Sw!}RK
z9;ALn%7bJ8{0sne4NilyDDuV}unqwE0O$<4B$Osc#2&UN4BCH&W!~>09M$wJ=Lq62
zu=|nYK8#k`BJv)lvkPA{aH+Ei9MWFTW6!y_;q>B`og#au!13Y~j-N9-wqE3~7m3)}
z?IJUV_urjw2Y&4L)2__$?ipQ>)&3G8!pJt*l@&~z
zn6Z+(7P+|(ibCCTM(*9{Qw8pwqV_l##A_652FOz=yudwM3_e!c%+ek*l;fvRCa%PN
z?T9R1ZuAyMP78d~Sly*x85w8beht36!p6i4H+Y#2*CYJ3bVRQ0*v+dD_@YDi?L3H;
zDGy?$+X8tED%O8LUefVp92qPBh-}yW9;`|XqOqh?gN_ZJp`}a6%G8{Fj*d@>Y`PGOB>85*Q{ge77dk#&#+rMKxANS#`**fUc6({6MtN2@xZ$`
z{C-+#8+GA1#-6AP4>3ZJ()c%aP+GZ*4AWXGgR$(v2}Yjq>E=tJV5)$B1-TcM>F}}N{0TNnlZk-k8!u#er%AXRdMeK=`J3U4jmyiO4)-_l2|)CP&mkW
zU@Q|Jy#0!zF%dk3epTlF9z)4Q?L9F7+Ci%zmV&n;FVwHn&fgdL^LMivT>o!R+@ynI9Xh8`{X=eC
zMmHtlv6U07F$cc_L!M{c%>l|7<^BV&NMsV~usLZAS{?i%hGKsUY|^^zq}};lqiz-Y
z%RBGHzOSldSu_{BjBv;Id{cCL0ER}D^7R=Dp$hnAc8URdYBBr-@aOX+M3?k?3HM@t
zkNA@!6Hf=b+>mSsABEvly9)MOFH8+R@udaY3rm;n6j`vpeRpnTy4nhpYTQn^@RcA8
zgZ4V)j@^mZC_Pn(;9iI0G26s|x5SVWF!7(I#FQCb_u(*>e1*@(9z!X1hqC3nzR7JO
zQHy;n(W8;`H%6bVYT?XNwyYs&!~1ARql2CqtDKITcn2r{X^oL|#qhXDjWe~tNv5$2
z)A=aUV@i9@dgy_F8y6I9JY~`R8=RD`w-tXk?(JmMi*Dy
z{3yaP-p&AxT_n%U@&l9d_<(ws)^V38PxTIwx5nS$hvEb~{DplpdiD
zr4mLVX&kbVw)i53o=$o%&M5jnbvYX|ep>6#-J~?j(4CIvpJDDC-2a^3IP4Z3FYy+V
zIAW(N-WW<>gZ_1XAKo~Xdk9T3>eEuRg#4)Ze`a
z%lYjX7Axedd^jH_57o%y;@(CaItV-(xrterH#^It`;#wXW$s!C@?rS%gm0C=Lgq)znRE#F!OKf~FTTh+H&B5a8%WGtayVK4-A
zP({d!?(*D*)oGn`{Ac#f8NJ&Wj*T_dI-bf@6M@mxZ~*e{){1=`?JM{i3%+X*bp^`T
z%nbFt6hq%g_dL;MH{3dvn2n!SD?P&@w}C4?O!r;T!rf|>*bP0u7yB%SI<31MFvE7@
zLs*J}F{`ucEgzqYOGofJ^a5sxgA`;4dd#Q
zHpvaE=eHPivf!HtTwM_p?+?gMVFc(7H;uHhV^JT%KsY9F+5jIh!m!hGn;O>+F7l!%
zg*|YNRAXSo!DxIpW+cjys%k*}Gn;nq#J7Uu=SH`BAN`>eWctEiKR}PK|7(izU3C3k
z*f{Nk6aP4wDUXAe!gq={!|-7Q(V|3W*gLPIk9OsuEpNZ{|K50FsNARZ1{$->6PRWA
zb{J+Ee7=Wo-ormnD-bvN83GJqe5#dSdylD?+x0hC`8^+I%1`zsaB^cZ9`FS=C2>QE
zo`b4QZpXKkRPMpMlYx6tj*TNv7mLv|#B`pO#z~FoS4nM@Q@JsW{Sey7<9d2@HYWNP
zP+@%D9(xwTsnV~keJXX1bj^#1xrsX??FW47P%Q9EFnSAPz2ojx+2*w%80t+jt6pznJJV8d=#HlI|X@B;P^9
zC(weyEh2(Tkz3%NBf5v2iAGcX04kHaA1}9hVu&=sd&uo2J*b89O!k--cKKrT{6gID
zLXhtHhI`}}d?8&Pqe+(`Z3`mT%ymoK&=k4vJDOXcI3
zhNfkWOYnm$_)#PL&{DV8MQpFj1|{
z=uw9sI2t?l1pXe<*s)W=1b?AqNH}>y5Bx)sN7v739;JSbXvWcVnn%x{zv%3BOyh0N$obQzjc8o5a`Ch^q!Hueo|OehOyEvc`qW
zRfQL>Y@Tu2%+so-O_Rc^u5M^rzND#X$(b$qwI0e7W!HEznxV=bDWy>331Qlt<`ERs
zjQTml=Fh2~|NpS}u03vCNfsb~iUtcbX54nSNL7_2Ll&S1-A!Az3M$P^?=BVz7MZM~
z#g|D|mC7Id+xMJ^8#ixe-efY9yg$FvqF8*~-h{
zBfRVYpYZS3>m|P=>3lUCj?&~7kCk9b((iZa;HOVm!CrSYO-Jd&6f=)x2RODV*{UaItghj(wcsF}czm4wZy=VS6`E8cpzh8a)oSgJk-<|b8UcF5|a%;EU
z>|qwmajKhLxiekandrj5>-8^x9{u(!*1Y@tJ;qc`F%AnezAl&e>aou$UsuyV+$MH=
z$$!aUEs^~}jU34XpC{OeGq*C`3qL8#O-dT5yuNThPy3&)o+fi$$D(MTjh3s&{^bbI
z%THWwvr{?2G5ySuPCPj;lLSN6%%y?h*8#w7tObdQIHlEV4^{4~L}
zM82cvze0_`5Ir5IfnqpIXo%)IJgx&BJjOJ<9Z=c}1*PRL8IvG!II6{+x>tFJf
zIxeBN@C}wG87}w&Ftq-Z9M`&cyR+p3J+0*(ycim5-Y+;}vYx+QCEeZ?#^Fuj57DE7
zw3$P8m@C$Sb0G^c9&U%7;reDHs`hr%QP(WD{<+n0QWa=CPK|V)Uhb2bzt>c?oy$r07O}gF=exhXc`}d*Mh{-uVhU3@otEbcL&WB&29x%Kzff)ai`B$Rc
zpNNY@AvvM*_W}y)p3XEZMO;4h9juWjn^B=c6g&(&{VcxVufbu;%0kGUjpXs
z*?4*n>odAeZ>Eb5#(A!KdgbnUlH>-CcAw?GJ)&1wtva4*A7<3b(lx?a7fULAi)AE7AbtKk}sh70FH
zeV)aG;^2Nn3=1^UT$sB6`J>z%RI<
zdBak_$W8jif~_7UbSa8mi`)0<-oYV*bM_{=dYN>}w^A|9-D?lYHO*Kj-OZobWYC3u
z&`zdgYxFr5RegSLUf?uzyUzU|EGEnD(<~g2L#{i0Du*Tu+qvxn?0|$2c+`(q?{~%a
z`dIenZNfMz1wuk{FQ6Pw-f*dB7^Ge0xWVWbU>A#+sb|D`~_-M
zLLt7&&%u7Azw=`j9Gz(8f!_R*AV79rk47{J1{RxJiPxOW5e255*_!TVXS&IJn(6f{
zji?`k?m~x-L4yUYPp+3sMofY6?wwV6;)7Wqrffc4^fA-g!D~>IE=KS>FAJ9sl?4ss
zR=oELtv&=qPzZ1q8q1Tlc{b^e(SF>RgC^I`rJk{7Cm%>D?RNpJZUAE$i65w?FkUx0$)6K{0-+=qk&3Cp~(2#c9p;tdksG9*~1QDKllPE}_k6e(Q
zem?{bd&&IrXJ^ox%E*QH#2I52gM4w%yz^ga;+zc(0C@wtB%TO@LBd~#^q(wxJ_mBP
zN#CAJ<^U>sH-KG;_%#AL+N&yDFhfG23K6V~j{y@_{;uN`EHJMj0F_%F2KyQ?s}E~*
z10_a7qPppvhQF&v$}a=ava1YrrrC{(lSgpqjHk^U(!JEZ#F3NfY?e6b
z<&h!``AY)h#pI0`pMzhx2*Ze<8u($+vq^V@HtFT+ZgUHLJNg0_2MD)ncBETGOwijp6aDxT1U>ojV0QSLBD^Rjs4*`iW
zRS|tthI#$ob6k71Uap2WNE0T@g}CjuF{+iS{(g8xeT%ipWh>m0giwS2s2Rd3YKCu%
zC)(f%kq?6oS5@0oOTrMnku!Wd9m4`5bu>~X4v7mwyBs#VUEcwktvtd6V5@)WP?dUb
zMwf7lP!qblh~sv!BVPfw4!6q*|C#b19F70d^AQHz1!$#>pB;#gWkMlITo8XTXD@lff%c^J!8DAV_0%RIDLeP;2
z{!BeXH*J(oXR3DP%Si_w?5o*waq}ef+*I`jPXEPp^A^sr>bt{ra+QjTXB;bDwcmg4
z+#7x0dm_%4pOX%g=<>EW06s0wHESau%%rTGS
zyH7t^R*r^iJ-xXV!3duI1r8h5|KhCQ8Eo){kTT%+!2B~=XL2C!kE+?yLG&Td8AA>8
zKN?$x3%n@9YwzT?y^@9p%y8z6aa7Y)oa5}|;QUg|Nb+z|4Sg4hrB*}4^vT0?dyAN6
zJDkqMCc5bQ)7@e_ou~cvdb!pI5_ke4{&cb$&FF4T9-T@EexiCX{ESco@MlHHxZ=tA
zka$`-{v`6KSrf-VQ(Kg$;d(t3U(>wGU3u!Wiad3;M)C9M4(AKpPr`^=vtw2V0c59;
zJn-H(&<#(Vsx*t`r?lU>d13V9$f%R(DpUSFxrCYH>W(%R~
zu3$d5x9jDDS9-!9!pX1TMkN5r=bPj@g_cS?u;q88B?%htcU&Nx`Q`?Wa+qJsYhN%d
z$c+#q(e$KR_^p2(w~r=R71#*<-G2Ys^NrB6)Yo0$2rZDRC0HHcX3GU#TMHOYgzdqg
z(*4Am@TB=<1Cw(Cd8$HG7>TbP`1mok(!v5^_p;^hft|^R0@a
z?7WxItMs{n?6X}s>0eY*0L@i3x}X^)?)cF(KH&~cL_wxv|Q@yV6H
z`mes@JpUX*~%
z;|6pG#s;8}GC1I2Pk%okVRsFatRU#;gdr&O5iB}b&_Mb8TMDtm?QoM%7(D|dvq?7^FFid^uBMAG@b+B-!}ceXY9FZe>1x*{
zWna*JbcpggRX5f1VmisssiM`vsdDN^XMeE}lIzE0vjXW^Vx{Hi<;!I90CTlq7Hv3DEHOCoHDU&R9rwEMlz1k-
zdo3dEFuckXu`tpA8#;@XQ!x&$T{>SR3wjjb~Qp^a4)h7@#YAsrV)AcU-vi%x)+
zhCQr@t4g5n8|Tc{grSXieltdGSya*aGh`Q14dR5CK&Uo$x<6))5>RLQRkdqVI}A1k
zkqe%)_r8drg-VtJ1NaI0ZhM9Wp;hD`23t_b{M11pJZ@QCkU|_35m+8afR&d79HEei
zfXc%G?beP=OP{_N>fT`Y$b6)YZMwc>&N|j+#+W-%Xx;7NW;h?f2Ot)NA*1L^E#lG+
zssLsOJvmw7Y?gA(6xD{RjGK&$1$;N2#_Xi-ElsSssc
xlXW-=+g2
zMgqCRTi59|RxrZplLSfNXoXnoF+E97C1yCD5%)}ywb>zyp)z0Wm*frvZdX9VoK!Np
zTd$MNhmXu?
zl(K^P3X#LSS@k>vnaeShO*VEIt5Il*TwdUqt6ZieVqK_v*VFsya3+eD<+qAWyf~zo
zM2%iG`el6l5<9ns57d;KXAwrF``Pq@#;
z=uR@&89N0eT@SXx>+-hbV1Pq`Hp|y}4I06MJg|(sgWya?K8z<=p)iO#?xrPQCB;%@
z0n>Cl{lm2I#mq9oVZBN`GA7ZnTpU!Mc(}!iU1Qd))BAJ{=){ygAX)eoo52f
zE`_imT~8#8R!$~a2KxLv=(jbS&vdJ9Onm)N)sZK@NOy~zMKAfnhIaT>-L=K2v2*xZ
zGTbsr0bgJEU(hyn^>^@qNr55PQrNA7K^Kn4YB)aUvS=Mh_k}#)JMw%j&XzdSe?sNr
zrO)Fth#EmS==YA($?$H*$_~_nqaqdEDyEw^LXw!Lb0*;;PJ%W|pkIg}V0FFz((!nQ
zJ(b?m({c-dg+P8o#S@fH=coj^bq_TO;{M&P)NX~AsT0;h_P;XzzS=HOvZ*e9ksB{4
zf6_rjl5AZ5lVuiSyO_>)J;0WC
z38tJ*c?qnBgA;bF|BmIS+Yezr%NqT#<-r&npMXIu^%s2m;PDR7MmW<{n$WhH{~WO<
zvfRhHW5Dr(GHwbjh#DB(rlT*uHWw8aisod}gqj@?$re(cD;mEP;JRi(Bgg(c(yL{i
zj>6(Hr7tpSE$=Sm9$B@;XfAx*K%gTC0RFm&ZPaLOG1-7!`|x-o6kzd(0F{Fuy%=c*
zKS0DP%n{8Y8*8Ae4on)5qP|LF)15TNq+qeEYeoY4VGYA3EJ?lQ?urFa`_&|Q9J@$y
zi)$qXZ3K_>rl+|i`f4c$BpA%WJ`j(ybo}3Zm$kUe1XI%CLJSOFEZb(}P%oQhqWjRP
z>^2c`yd{$g%;(2bYDWPyMEx|~a41Tmf!J@@%s*W!lF3^%{Qyy-^8ibUyje%8
z53FxV(L7d|(lh$i?!fXn1^T9LEAvW5eIG{Tgsoc&0d}7+;>%fan-;cV+gLfT+v88q
zF8he*V~>wo@+PZK#MPcN=c+jAUCTtf=@wcBl8{$h@sYDOZNs~-oj;AGr!ND)JnL%1
zfWt60p%Tl@h*2#PO)`1f(@xx#&#OOxjgOpn7VlqGhhSWbjPzF5>oE&`6<^
zd|2L0N5YT?I+~A+U6%Fu*?HA=;}NOIIIFAY{0Dpx8dRGCw(g
zHA2}=CRdW*%}IPjR7U+#A1C1o34Qj>v?4?TFBYxWSJGL(9O=9=-3S%n-lzbgUz(cd
z3pKuALpx=khpQ^2k&q3IpmL6=c*xVQz~J&|JQb9RVDnN*#YJj1F?uwzFecZ5he=9A
z*Y(Lsn5#%5(>CuRMNSAUhNI=imqhbxM^r7~g*6+HeOfYA0{qj0p32Oy*@37r%D9$5{sD&hnWtu6d)NfLmOF3vYV@22RB_;FX2=p^tuY4on4`8>g@sH06&%T&`Rx
zPJSOmNwNO}80KH-62kwm4v?Sf$O{A%VW2X^2YAUb%Lh-!_$4+~)cie!aAlv{}t
zjzIrA9~q)ycGL=*7z0c59Qup@ysBdGK@sYkDbzQa|f
z#!F@+5csBe(%!}ObUZ~hy|y6rNddOJLoXu|KN6Jlqf~I)<;SyaklXps*KP=Nap=`0
z&0nDk-wHqI9Xp7E%K~B=MJ`WA6S@8;8r7t0u>?DgX`M9C0IM)4)2jJVMKngq$*_4a
zq(G|!l#DC@)R(khfX1IqQ5)#bY4^Ffm|+%v-yzJvN>QQ`8(?%)2+hW|x{WI&%TTlC8wxWN#MNv}
z3{8%6hJYK~8b+gUNEiLMxEjvW52y*mKI^H`6|X)vE)cB#fKYSb7or|Oy%3zMCb}es
zl=R_bQjM#!5Z+y;EKca=&`qDEldTpldS6PEv;$!Wn=5);Sin|pcef`M>C`|dNEi4o
z?tmX6NhpJj6L4}3PCJg9&-FZp{Ay>TJy0#!W~RzJ!_gMmoDb4a6lx&d-mMq3{Iawv
z7G;p<`E=7~5{U7WcBj)%<|~J###0l)yx_x#Og-)3Q1Nkz%a5}Vt{}r)0fVTJVYM%N
z9anz%p9A=c+uP|zXkgO%=2;KVd9#9aOa%KCXE^AfV$7pvmhS?L*TuMZu+c-V5o+Zv
zxL4ASPb_fL&{MHMb<*qLn^wobi!&S!My$%5anX9+9V~Q3DuL!=NKCkAqq+ujHyq*UUAAK4z!{zhR#dAV53Mr==8^+f;=hQpR6J!sO4^8%OHBMLiwEwyDaZyA4t1d?Ftz1YKN=ck9LiMVd)B
zr6(F6=tOekEcPWe8iJP$P#n)L@45TfqjRARASuspP!<>#PV|~qPGHL?E~Dta1o)-x
z`p_3C^o&$K2&Fi9tf_=(`cZ3Hq+5BeyKVO=&_9>3v0jYKAzu`eIDI@w7^=l$i}ooE
zQ7Zw)QNU~J&J+W|+&GR)m^yJML$ZZ0QPq~d20EWerXV7S8-oE673!Nm_K%P`*lMi|
zTggY|9Z{v`Lj}^QvwmO)4&=n5R~lG!#Z8HBc_S|YMnckv1zCz9TKnuc-I=-^lR&jo
z$9>a!&k#_Nh0IFitYfnLSmU|I8X0}HLW7UYZWx7Pvk?9(Bn-~raRupP||I>
z|AfI$)tAnVv?i&ABpkf8pr^Xx7rX2i!OfO8A+pX2*0HKq9yKy7xb|Sq>UqT
zLN2NhsNO+f;ASBFQxq;|eo6+S6_Q+}ulcAmludjK57gPpwr<0WVg
z`n_77Tg2%VdGkLNM^cIuphr;;#z|=MVDCZ#cIQv|85gVCZy5QW^TB?+gkMj%fo%zQ
z{&g#NTwVK|06-IP(`8%RBkft-AV5fyE=_m7But#C>UNe9RLLo6Mg12LIZu0g>a+
zLFB)lZe^baE#$C`UpBpL?2XcM5rvg6p`+ILTv<(
z*u!883(CLUcIs@#a=-}%n5JMZCrsq1LC9q6AaSKq%`Qc8h0;GFlrO|BEv}&d&I${w4w(k6
zeXURZ5nTpjmAhK3aw6oMH9`}8*~q$M9on5b-Jb&^Y2$*x&RLH7z$;2pr9^4;LxnL^
z;Qv`>uL&4v#0PXf+0tY|gOK>^VM~8AM5^1A;d0)tyZRDq1`}K`$
zBj^^{nT!x$34=PbEP^tGNE`ZI@e(9wvho
z=J!r8TzrdRw}Z3~Kun67(Q^%LRM2?-sY$GdJ&&7m^EI*J1ZP(9a0B}cV0pfihm1s!
zOtqZ$W8N&%)`HY;4T(o+h-Ph4bS855X?|0pMF;Kp-Rd_fULKr*<6tlrFlT^4RBusK
zp)CowFlZ#hGeL#>^&T(X=3r(|gUEyTmejelpN0&KIYb97*m(2ollvU9pbL_`hg6~k
zie<+DzNrl08-C^K!A-SWYl?2lZp^Sg%n>Efb|wr-UraZysWKrAoT#acdB#Z(^M9g!
zLLaasD!a`hbyC*83~S$!yKv9hs!E3=*jxnbSM^<8u;Tme?HAivD1p@96w|vVC~yGXm=5Kb20;(Afp}>9Cf5_Ex|+xB=>f*PavUj=0{GytamJ2SL>!LglTmfdK1gATK|
zQ}mOEPL--~0l9UpOr%9JGWt-9O?ZNiHOIduP9$iuOL&$XxU624SMm{n$+w#7KHJ>F
z>VHYLOLV)Gi5_J4uUH4&Nq)t}{*hW~|A9Kbn52fP=U}_iOuNiEjc%qn)q9_N*n9~X
z-S9r_NG=CT0dE^|$n%hS{pXU6E51{>3fgMuB8Af?K1rydX>-gpR
z9J{iHrebMllF=^4QM;>X+{CAixCY6fsxOxosW98}m(SOQy@T7sn8~U1X6D%J0Gc5nZ`Ivw^-j$$;?2p5bS#4Q6e>est@x}G{-
zJcfz&=z<}S!Y>_1l5><^`V)&iZ{p6s(LxO+!
z{qgkymLn(bP(YwJbZ9_1GpLewv}0f?p8Wter?j;?O@^57&e^%o7j*A2iwtt)fkJ_c
zbshl>?%iw=SqOrvqNiEU8F4MNDlddV;R6(^CV)J&k)8g0s_l=Vat;h7GEY(1Vev??
z&56mkqCkXV3*}O+`5AqHlL;iUl#x&>DAF4!4FIbAPQJ+hIaauRS|6)ss;xOIYVapi+7(F2Z!^*ehE1Q?{~KCDA*sUi+pn2p|%G(y8a$-ctUV$uS86k)7i8HTj=
zkLLp_RxWG-$Z{1IqQtKe4V&^4p^#I+k%(m#R%;?kb6~>vY_x=Nc**7#rG?1?Rs1|~
zZ9K2oOmOI${B-13h+S@SypM06z+2kRSIFc^gVxPTF&&Xur`n!o1NGR;C0$Xe`RspJ+f^xQ#h=w#(XMiR{75Vn=QlW~q%8a;zoPsR$pzBM$MmA{cUnOZ99bW{D6b_7Msq2n3va8Km+;
z|2{@|i7Dwmtaw$MHzvCcTDZkPS(G}8T|$$h{Ex+q0cD%Az;w05sqB0~FK{;&GE?bo
zY@`|Q7po=a%E5rZVhV-v;w;!tBriEOz~hQ1qand~!U%YTWbo_N+XN|tH@=r8Hl?a^
z@MrY%{q(sq%Xc)l9ss}wg8`8MM^_LiV4(U#OyiqwWlHDCmPVM46GVn6DwnOf&;hV)
zd%ia!$KXc{Q+wgUI3%IHYn{i}+JoFAoZwm{f~i7r>ZGDaGI*1t`)fTufs{lnYeY-bM3izukoS)i
zL`yiNZRK$96^b_VyIFMzaqfg0`T_<@Xlq#tDWI;MO#7cPE0;~8t)7A7`T%*6_eJo9
z%w*krmYm(3%-8(&OW!zNi=0hg2a1*{UC3+r!JWFS$_5(uitTmF$t;5M2{1z)MMcn~{7DTo%4Fuk|3EvZV81ik(
zYM4#Gu*{Tc(q0!o6|P_Q;4DI=?}@(x?^%DF%}sM|sjE=E_aq3otbM^l+(KjiZ5S?9
zZ(G%d@9a_#bF15>6fpZ{3XO-|bBw(y-oM%-tM)*@;V{VnZj=k|;73*hGmc1l2o@$t
zm}<+Wmd3K2^Er}{mAp10-g#PsE}%DgZPT`SCso$);A`fp1VOw43t@oXIC#0uMlN2+
z1Mk$k%2!ku1zY6(kjN4D6gl6Zt%cObP`NbN;kS`{)flWv)eN&PpI&UiYRAkVTGg>YL#=Uuui
zqSyj;Ij%t;<>Q|K8C|Ojme!HBfe}{ElFQ?O7Gj?+ZbEmicLRB82=2zbk;Se1ANY%YaD(cc0tfkGXo0_z@X48>B_$H&3(a
zkUOWJRH_^&nR~N9M46}wfR}|9-r!raiR+P)MFk2=o$umTCns6CvS*(=0@NI=HVVfS
zf~EtjLRNx?Ym5fNLw2~vp~4t51(xg#o0jj$JNx
zR5tD59_&}ngfXn3!Z?RYz_tso|IA7s048JuK~OFOO;t&9Urk{<^j`mP3k
zn;=|8c7nnj2|BQcuI*Y7auXAnO>Y(m$}v+EZ&T};OD!^#Ec5=VVuQ=YqVE==4GgV0
z7^LSTT;K{g5ZEW~2wnIwa0xVi_gU^+M`*!AB4?VlDS%}Zp9D>E)XUEE?#0~+=donZ
z5?fUt%2{|EB3QBI@WVTy3L+$6u{XAVk>-RBl^`ISRP~$79*qTR&QDy-rJjje=qcA=kYMwAJY4W{d$Y)
z3@Dy}I((p8;Ck8bbc~5QBnc^48s?76HbPMc^r_4RHexKY%AkD63>7Ou^Q1!|Qgw!A
z*O;6Ih*6sFRLUzHa3yw7$n#SNYqqX(#7{oj>ORfd)XBL8S8p;OPBd98viq|Cb(F41
zE`^qYn@0M6ri%%l?Fa@dfAzY9=nQ?OjKvd%fZp9ahrp&^RiEr>etijSGTtncTR<_O
zqelF|eF37s7?{LN$s*m{jc)OU)w0uizGF}r1l%|;0qk3|O`cH$w-JY~vBr@aH94jX
zmy3nY|41g_h~ex*+j0Kow&T86#Z#mglF=Y!RjjxL9RK!1USk~B_mO5Cl6X=DE_2V>
zXY_%NT`KrGv_!>;z^
zwO<8&$e2QX-PsdDzrLH!#(x+0AP1*ASED8*ge7~AY?68>|5Ny^E$0y-UwzxA&Y5Hk
zm9RWU*W@n`UuRoRnBywg{#2?gjrgIg@q@Lmu@?aUwFV}$Au={zT+jr=)0qN{=q
zRd!KTND)rheU7(^x>n+Q6Ui%~AbR~wqwKg}$=hs88-=SAGSiefBd+lx`pDb%pbK4UWlo&qk=@e-8<&xtbRL
z0j+kCSVOPg%Z#+Lrc7{y={M$#{@}9BT5AtnT(ES0c6xnC;Qp6%MNjxp!XCq01>8W#
zR?Urlg7PK64c{+Ew9qX%kxLhZ^SOddAfi~uVw*R366sC4W`|>;e}qUuOu$;Qi-g7)
zS@N2|L1VGABp6`fWkX`hHUeP&nl4C%=IEYriaDwcM_0n+D4LI&2X8opiP_*1@R;N4
z6e`Cfp+X^dsXkbki*%N`CfpE^a;#kXPgrX+Qsq5zb9xRgjJ)tIb
z@7Z*@y3eK8++?~2l;)bv;o_{FHwpOn|De0i44wmJvc~kdDNZ|8D;SNAx|6R9*=I%#
z(=W=yI_+k?_>w+KLJfvvTD{_*R7K6&@ozjn`_y!_jdPYRFDkgolDgW-K?GGxGH
z?p8ZJdh6)}^~a*5r95U}Ln6Rt)w#nN?xQc&RRTF&4R4r=VwVbl)#7twiXl+xOdeW<
zo!WkYis4s4vq65JS&Gfw4ESJ(%Fd^i>A`Fx@YM8$C7&mqDj;Zu!+`n-Iu>Q>CG-{|
z%^wl)Lm|}?#Weq37h6=UZv25|k_p}!E>P3+aR?6`wqiaqn+enh=&(4U1e?S85O6D}H@D&|G*dq;*AVgk}><$X@{H0CKO
zK{`Bq&6m)J{%5ZJjvnWTGH$
zOS;Rh2(F-~+B}Qlj7YcSl^7-OK%Nia_>V+;LWq(gpeFl#i)iT~Ye?BLD}gLFm?g{k
zn-L}&Z0K^Zg`7$nb4X-ADz&Ggl7#KttYA50{FyvykIcZf6=0hxts&k*q**Rm3-Um2
z7>uljWNC14cf~f95s~~=X+AlQqWveUQQgTw(8Oc8zeT@VLU$Av<;(SqviPk+e1
zWD~mNF-6Z@Yz#t%IEAX%akb0XaYL44!eWf85x
z);JL@qzbCsSvtXy?2fz-hB?q`IQ|y29bg-tExm*Jsugld1;CXtww5_E_+yXcMBSJE
zM`(yHvdm%uJawDJ>RQ+-MW*?kkGX~Ik~QGA%J8N@9AX#$x$3QbCNqpLg~^?uhTvh1
zTo@-v>neqN^w;a<`u$T2{E8NL=W%7>MAx*U-c+SVt6N@V_4#O&x4-p
zrra_THhU?ruYjP@O@8Y{3V~G<9Vlm_>yp8s2e*hW5kS>7U1S(-jQ>)P+`gW4goK&r
zc&XH|O2Y%u~>t{_aI8bgbX+hPwndcTwO!x>PCGMmfTBaFL079`3=HOXNnOL(x?&-
zTm}x?2m?J{Nriw__jx#FA%}t?l6#4fl
zP;@FQnbXAVS@qxX1FuxG6=bAlW_A0soE^4)ivvukS#6|i|4tp
ziIn6)BE*JopOD)vaEq$ENMWXgB8&9vb}0Vn9Te7<;BuR+Pxo1neJ_l8i{F}bImhL=
z-x!;N%VbI`>NQYhF{E^cc6*DgHDHuYvPoB+KYf`Id>o9UL^<*wY{3LBR9zCysfK`g
zqOMJe)+H#Gt2GTCw&tK>$_B`c#Sw;eB1P-x^(^5RfWNzY9Z9wk_^j4?xNuq-WAwIh
zsIBu6EsMW436w;iYOl|Lo1@LDnj_)P)*Q*;vI677@l91IBLe_^jRwPmeW&6=ZPRz9
zXIq#tzzI$MEd01!KMdF7Jl1w11*59@Es=6sOF2{p<-SwEcNE_>SIzqxc+G{d_7jbF
z4UDw&SSR9zZjA61WE>vHSMdE$hvt(g?D~dc*x63TJ-iofvkCD>{Unscp7oQMLon~k
z33_o*JEe~DlO+6_tnRiCY`>1RX>%B*g(*7=;tGLnDgX#kDN{W0&^t>2k7q}k-U=Hv
zsBs(KzJCl~O&!3h>=@Uq06{iC7v5#Zy_k2>@_D!{d&;~G7mo~4u~048n26I*ai-Wh
zw`$VEkxF8$#{`zK?68yhsdCxWrMz&HImIotK(n|}u^`M0yW0tp49tS`LP$&WDmK6A
zgMk9Rj7=-tl_emMOdlVm5c0@w1Wh++o5EU_63sP8`yifvPX)pn
z+lg$m^^`5ft+?h#h_)PbENwj9>w3opcibhe0WSlWRc=so;UqdUzhjdHOc=5VtVQH>
zzLw7JyaJ2STCA1lO}OVEdz>;w>+QTTI}Js8EGJt-oNAjv4FTy~jn+h)NsdKS_Nz}PgO&95eqd(4dfCY;TgdE
z4+!TmE(Cudx-(GxMT^{AK=RYPE|QzzX>3r2L8ut)Yuj+8oh!3*Q)
z7paadhcODOXC7A`Yr&4!+_GvJyfP{0(3IKBIQx|rN9(_WEpblIa-Iw&VedtOefLpX
zzU^yclp{ZqxLCn83!;RR)+RzMkF#Q_M{YuuPbQ)nRtNn$*U$ov^+(|k9x3A1)P<=G
zBda8wWL&5Omh$wQcVzMyEt4$7n1$~b$=etP6^yV%24_r&LOQbzPVXiv(M89BYl%M6#q
z<6gwb1o(MF*FwPI9NPdjotHn0p{PA)QN@=zYS4H%NL(r3VIY8Mq8OK{&5SqFca3H{
zVfVg+X+*lBI)ep^)?`SMqGgKc(BCMT{Wg(;^fLyvPIDRT->ogZ{fSn^gFc2W&$1|K
z1JU1t$%8Ay<6{aq_;TX;l&_@!SB+|m*IWjwG?V}bdNyAjL%lS}cGDfzA~)?esz?4P
zKntkGd6zn-`x`FMea9MR@!H{8X})S6CJjd@qF4$wK)kpd-Jr!EO-mcQiEH5u6kz!_
z7h;Wqm^QZlOE=(M>ilm^b>zHe&Er-hFDfEI!&b}=U11Ld*gF*_tGv=**cgzh(c)q8=K_}=6^Dt
zI>cyC*UnB-7zswj)<`3BHl5~}+i*f_
z`gdfm%tkJu{^=V0!_@V}^O#6GjcW9qV_p-Ly&Q9_v
zgNYg-k@SYW%qaH-zwzB@GRLrugTT;$_i52cN?nN)ElF@=}MtBTA;llL`lL9A~ty|GvPe0iX>30SmIePJsGNCy(A}V}w+m_72Ag)VrHp
zhd^f|cJxUtF}7OugMi(DT1r6mPI0^*lg$da7#^E6BSrs)hZ<4%q=B-C`c5s2ai(BG
zQ%*%Ysw>fbHr%)bl{hr_9k9wJkVBQ`aDDxVw-s0P46VDrri|lS94yQJ)63C=($rO|
zqNIv*iW707gJ%O@G?Ufha0Z14hB5IavUH5Y9e*gR^qcqF`OD^-OB2f&UHfSr{E~&uE7V_u86vs+R$I%|PW%9_g6KbPQ-__w)AggEy
zNJ3SgOm7I&t5O)~+|Ls!7XcLRRx45s(PemC)%v|+(5j>={>&(LutMRCKq_juGc_Oq
zIny}FaEgsTX1bv+S~x?rFqvXRkoHWgZK#pO`v>&C%K=Rwf`FSmym3a!9=wHp@=6V{
zlPEQG!rDG!L9JqzJdVK}%LD`ofTOa|>a29t3TEi_S=I_l>woKNS;{Ano%Ult#lvUw
zSs)9+!$#tdc)&wky|Tg97Z{sgF}6aqFW6`>Q!qSQVC=sw{I*zVyjR#&D4S=cVwRU+
zsSE@WNDZ@8aKqqJ-mAv~FZXL<&jt$ob!oI0>E^e)#Yk#i
zN*1n4*r9?5L}IOi-UNz4Ij1U+%)R6xt8nHyoU9TwdP90r_s}Z=hv|eZ0_Bub;Yke=
z4^3w>nvvUu`tIpw4A>I~CGv-X7eNGfy14_337%Fu9*=#P^6&rgzX$pfY}s{<(0zXH
zzLOIg1ksVz@XHAMRh&Z!u0MWwmaw20OBH8Qy2d$?ON-RPTLY~K0Uio;SbqW%LLLi`
zXFPV5pTNkw@)K)uNPwiW2+!Q)Q`&tky3L~-yTJ`4;=zG&;aE-z5td!JQJd|etDvPU
zTtLKBEGmOPD^1G5z!?&VV;fjbf$szv3@wJz&kF>m&OmI;P9<>c$S#2zh#06kKgKi1
z2%>E;ITTY^&ni+wt@U4VF|PAxddrpw1%iWQtN=+oHQeJA&E&&jh$mkM{17t_J?Kj{c~ZJjw7Y}
zmUhAKM--13=p8vfimnf$s!P;A(aUQ|6Ol2^ylMH_P>-C{frP<9^G7lowP{8>~Co)n@Lj-&f4N`&Mxu}Z#KtqFzrKa066JW>A@Gf)i$z_ZXXQp
z0gn35a;}a%L@C=^=~_zaRZ^qUzh7fJU7l{fTCcwMn~hLztD_LxIE_$3ODne8^Y~k&
z4P3<+WY4u3#Htrrggb64Pg*CT?Xpk--`Sk{3N>5LjJ1}Q%8kv05_?oGG-}vnj%|a)
zb~c4x_GUmS_^c%17F%3wt)Y=y4(W?6L&dIVsynAwq${B?z(M2eJ{85KfqOZZ@QjU%
zMRIC(qUj^Jb8{}m5#Rz;G{i(9XK!#XR+5F%x_hSktM2LWsc={>J9L@L$brr2T97`8
zZ-ry>3B?K2;E>yzUS6a7YgrLafWTSY9#;7-L^&XI&!C1Cw&7O-+321GlzeIN_vd`*
z$YG_!AH%rU&aEP#Pr2tic(IZOXpLrBp0Lcw2^KMS
zDw`=M_`B{*G*wR4LkVP0cAVVkDcLViq^K=?8H=NoZb{t#?QkK0tBWRit43H8AjNq%@TJhK6xBAo3!@k)TXCRTz=;h4C1YLawU6
zZ9{Vs?X1JNLi~uRzD`HWoAq#YJEa(rj0?2y)dcXTv}=Oy00X+*_dVg>l}>kswqxga
zI*gbu@|o@05&3_D56Ss5BKb8!8r2zr;RvYs>X0VO+1RzU1jPP_Ws9Irk$d5JK~q|^
zagJYCuSUFHA6Fjzlg-%(9<`v9xEx-8@82CMODjlo18fnwkUpB^`ed)#Mh_V-VvR)|
zuliIVb8K!`Bgb24cyb6V&&q%-*tp0k0zo*Ej4V;F%AZjX7+VL?mFTTk1@zLB==(n^K*F8htbC;r8;I-G!6dIIh0Ec+Y9*(zQg
zZTX&uIhlp_*q7{#;#>3!Fei?1l{xOk{XPJR7WXXIxcc1VdrivnD2{l%%>5C7u{w>&
zJfgmz2Yow8w2r6uwu~oI{sJbx#Q=2yiLWlb@&^2@JyepQf7
z!yHed33*RZ!|MrwaEIaE&|&rOTKC880I>N0+eL1cl%`=ff_*EvvTfWq
zP<%nqQle7Jm|Az`MB2+@)TO46@ozd5XE|7?*j`pxpG?-Fyr~fdF_#8HTcq(-6KeYX
zSx*$Rp*1IZKkGE`9y-?Z+^YIlLz7oHO%8-m}Q4_}9SlLo)w;DNVJ9Li9o|J%&Opqgd;vTP&4?%{h
za%}_Um&-<2G|~bS?!h9>JKI|*e;gY=Ufo(mmohjqK}Z9yBJj^nbU3U5H$?Mo0(V0F
zRmM3e|EeHJp&$H@Nfk?4E#BeX9HcRd`q=6;mjQ72hXi?dXNay`5w8zE`w|v(Y;<#e
z({`lS=KU85IGH!dal@UnmdKINTBY6(%%Y!MeZzC_UGxX#Iz0SMwZRx=YuGXtglX0~`Xvo6?cY-FSbEo2La%%cLwT913U
zWNv77pfV#&#ORjy3HsFaMbo^saM1HYUn2+5Ck#y{LkyfwTpwKr9{QD5mDG#Uo%Ps&
zLt7_(!VJHFHkuI(82?rgw_-aj_ZCo+P5
z8X=KfeM}SAI)OjOv$@XgTh`#f@T>SXS12zbuP)buD$G&m9?W129W9&5MzQ&cj49cp
zx#H@>^2NLS5vbApo*Whm7$2Iv`oT}?0Nnekd^klXTCt!O9eUv@rp0WDV!EdLI;0xD@)x7~H#m2pZW-1UfXJ2P1{lE=6v
zd*bLM6sI1Axc~k4mL-Edm`uQ724fPgnkIQ4!K}Uqi!JIDdFOt-9nxr~h2=d`d_3|QFWBK-G?YoIL1NBDu(Qgo`7|%=>L>9?1;C1#L
zu#q_`mHFG(;0!5vQ2h~jCYr9=cn?K$2FeGVB7gia#TX9xA-M#}R(EP&MQTu+>fXlL
zMi*%u$rCqLJHX~#KRjtq^8ZDTk|Mmj?R6tFv6F2OHAs@}>L1DACm_LbuzzHq=f);?(5QU@;X&lR?xu^IBMeA_vUS>#BaD
z!F0i57g4@hB!-xOm?MVBAXIM=k36J+QH>TDi>Z~2ioaK8eUYN9$hC;l-@Y`jW~=dM
z2qo*uESt)2Bn=JzfR4@rA3-#ik!g=PA`3toy$a)#Xaq;nuIss98j*#5{QrRW0|i3b
zZ8BK^8Y?>mHEOD9G((T#*q5x#m^Qb==&0_%PRMLim1s?Q#XKE~Ot=n1JIg0f!;JH-
zUPAN71%u8opD3{n+?lXE^r`i)hcr)6;bwjD8V@pnnsn;UAHw4v_#SD%Br^XBL_T9P
z(^4f8c^JbS^&34l!3vrI>QUdF%?wk@jz3U#BX`zgCi&9oC!%qbg
zpdWO*>F?ya=?s`pKTm;FyEShr)Xzuj0G)MA%W@hx*Hg`bb9*!Nl{dVFhbTG7{J$RZ^hJ{6y!H;A3CBze4p{F*nOEU$lK
zhmv8f16^w&%)!nAl^T-*rajzg?$e
zXUy9{cRn}q_?WS$FM_=S@oa*V&a@AgW%qfnLUQ<;q6f?^W0WR3e&0YY;;zLT%f&zt
zU?8lV(hhwbR*0lDa|&A>`75!
zJB>M_#;+SBzCjp~UOLBzb>iz#L2v?XK<+by>IRbU`5Rv8~?5wruJlqb&
zL3AoLoLvFm$H{TvoeRCqISHueSf@A1W{7qq(4I0@5x!n8aU?=|E`tx(03@I*ok~NM
zW^)+;^26!BWKD($L3#h74=1Y;lBFAVeuuX%sYm=(*4`wg6a7W$a7=g(Bft|14SAwqNeECBVJ}CYhtmQhtXSzmSuGI
zZnr^qke$vjaOjOhfX#2(uB=2g*fHL<`z*)((nwDZc~H^l2qCrBqk*2%YHkG*EJt}V
z=`4_-ptetR48-_jR@v=#zTA-9f6qBsh27favcg}IJSNogAJS?|k%h>gi1y7Y%@7}_
zzqiz=*Eor>+GZS2_>?fR7@x770_*&|?6603XOvE79aogsnTfxa4>StNLPW+AJloKE
zFSwES^1Wbz7H|fwE?&X&sd7^?A1rYBB@CdWo{Sdbo{LV+IH3IINmk(|24r`{7f6Wx6@BY+Z*5+|eV
zS{oyyF`CE#-a)pghjDx3<@LCs1s!gVq~y8KB#h1G5sg&DZq3}a#iNPv8gP7!Yq`Z~
zy2K$nt%VG`7KRMEq1xHD0_}nXYRWu-(C&wnW63r98iG4?HD)79ya#-KHsHLTZgoXZ5R;h+}I5{nt>PQhdJOmmG2a&r-FBdx6a}fnwwe~
zWI~MrqRVSHwFwdkOV4kihvz)M2-NPOyb3=>Xp><3)MjRKH#*KDyp)|MpgjPtgbAe*
zERjY{S{qj0bzZ3=5=k7Q8IaIOi<9g*k>%gK4roIQbky72jc$P%C)aCCqTKvN{2?eS
zEM^|9)Kts_AJy=)P2)XR9+I7*?GRZ@)PrIvXip*52XcML*0@9eLpd%u#aidvM#(Y#
zU=xc35BF^wYX@|`#^L59DeHc8B~9Xr=j>uC19*?7hM|Vk4{fd+UaXcJ_B;9_4}(L)
z%|=ZoySVo2TU)Eko@t34O$Rp8(|h<;0^sZ~KoTmaBcrAx3nhTP6T_uZ^9}rudPPxD
zwLyBjCO$r!Hdvq!ACtI4l$CZk0Mj?gYQB#MprDb^NxcXiw07knM|RG9oN1^y+Az4p{@-o8DY#xb;j6N^`Ice$g%04!OTfZ;UYv6vFa6}3!Cfp1s=*0>yook%L26h
z^BuD5;?51om)_9{oDsLn%@e}FxshzA&U1vB@=;Lp?e_`8mn+mls@k=dKEZ`WE~+NJ
zGRNVDNm$BEx=y3QhJ|`niI^^w9cG$u1{z(6Jj?K8R)qXo?K>W)cvjCh0fj
z)*x5q>`+Yit50`}?G&SDNwSi(LkrKi-(ed%CnOghOffGWMyAb0^Ne2%gt`2g=#6wV
zW)moy*hm`zoKGvF72nPkHK7X0!?KBC!`htX!jJ?$hvK8(F(gsKdTdqgSh>*_~&ZhJ$N7Y^Evnpu{6kOR$0
z=oe>i9GDHk@*dT1dw5gY+VYvUlEXH~M-sK!|3-aOtwYW+G#wx*K}hR%uvIV#dS(@g
zdH4OIT2VUjL^;v5@lZ8g0f(b9%(sJ+9gND4l6c!H_P1P@>GVwH3$L=mo>E;1$?dtd
zC8dGTZpb8CiiDtMYf2)w0-*Y}z@LF%;}ZigE{IZo`xOVJ`}{qOF?!XrGtK1^Up@A<
z6Hxg2=D^?tvClSx)3?jzEK=c!OLM$K((Q#*CWaY^DWTu>`S?}#blo!dUOXtSaZ9C-
zJT_nx&3XjVhrwsywcISw0#`lkTAYLnkB4~=JIFcJI?q(+XNm|k+(HhR$hy-?KOCIM
ze|-4(_RR+b;CI)_Ai;HmO*^wZB{a~}jC|M17HUJ60NRi}7A{|ll&T#j{nKdirZYBb
zJa-CI?vw6-!KXi_)(aLjJPD8!b=Qt`J4i&Ci^}qZ)nlFp;Vf_AY_)RR-5+J_xOSWh
zcNtQ!;}2))s7y(=kQ=78zW+Yx2uWA#&VZ+;Q5^V$TwKRV70Tl!&=T?$rO^x8UPyO$
zH{`@c_#QP@MQ&nNr-6~@PsU4M{~_lW`WOEZsKyD6l!Ur@f1)i8MAaNe4u}vjO1K^`
zJs75Cm%to0*E
zxsJUE6NV%0Oys_Vui_7VGEBOWpb7qCnblBsD$AeAjNQ)K7t%OnM~uo*5RW#22#*GP
zydKc0m;#Zx6bPa_OnkX8>Yx5VGTcC^~I*(5I8DZcyl?xl29C$LVfL
z#5Q@ezMXWqALga@Zq$1FrlD#|O
ziCLCq_pDIw9vuK_gRmI~rb`j=UgsrDk@u3HG}jk|k*b0GgR9)cn-~i@H6T$aAXRd9
z4zXt0DfB@41%PyPWfEn)|6?{96YZKmaVAtLoUC!(^8E<1ptt7FgsaaDeLF78>!H$oolZm#J55Nteyio|wm`)KFwDW)+VI~CkQtCI)N^nhx1A9ai
zek5Fx8vm>rY0_}N{H=e(09LeHoXaBwFip*Z8r+?~7)YeW_jv3Gm8rujMXYLdlYY5U
zAsI-E35{5|YKSoX*4g~NW|imFcDAizBtw6=;&-Z730m{zj~M#|u~1^p=Y+E~kx1o7
z+3^UMhT02?Gb^TX_5q6+v%9Is*rsYO&Vt}tRkmF@N3m1-)oGt|Ffq_2PyT>T4mK!1
zz;6I}g&nutfM%R+uTEl{W$;26<7Q8z6)7`M5-!RKKy%q?A%XMHaJdQ@JS3(vxjk8&
zB5%KQuH3G*F0NNraO>79e?V|Nek*lGP@k`|Q(#j!N()gV8!l$d%;I-DGeh!7E^Vqf
zPFYcY<5NF-^wpM1F?F~?4Rof>8gbf5%^)@vbKR?_3lN$D;0U$DE@=4A_v;t7B9B&}
zk_-M_m9%D4b3Ht>*Ezzo7l$%)u)9Eb{rkGu9Uqg-mNl4%0|2Vc?0U9HQR>KXs2695
z1~*$)4Dh&}s)UqO@_SZ|DwRBghm=dpCi@a>;~}tb^W}Ilxs?1>u+mVch4g$o$0^fb
z++H9w94F!1aD_Z2)M=?>AQS>?(;>3UoDSh%A=y-m{kKoZbQ2#CrlqMtD700;wmbfL
zuqqLTK$Q&QuPYMBnOsa{kYI5AJ>}aYT-l!jOJ1%vaD2&a0Mli&5tMfXIB*v!y(XsS
zW}z+}##(H&=*p9c?K#FZY#+r`p6+aPyV}(HnmHN;wPfh#bi*~%W7$-4V1Ptg@DIF^
zkUXT<^SY2JoDzd&m?*>{tKo*F)YGrx9wmgHQ7o4$Yilw5MwhA
zt`D;MCElg%tI|}&0QMt4thL3G=`2@cnw+Ry2mWbL$+bJr{a%8Nj*Axnz38b?E;jRxE@$5{`l3_6PR78*S-a_>kW^gW7_vk7!7USJM-vJ^_UC
z3UhdutKkhyrf+QIL^cCP>f3ll@JHD|>6A4dZijk+`JS*Gd$&bYbRUm6U1C_uV`q|D
zk1>DbV_RWvJ48Jj@`CIuzD3&gOa~Fmv9!xn7#UuOu&3pkbcDB_=mV3p@Y=QU8C-;Y
zP>ASzmRC}Q(7_B`Z27Y@YTz^C9Q{uq+o*m(u8)eTspLp7fF%@Fj4K49S$ELf08b@{P=*r>ji6euc%ih>NIr07T|WdzFf38PdH2FFW9EgpsG8`A!|L
zIzg66M?{5A_4DcG&3ZlbUe$qG!4!TNli`GxB83VW2!a79Iy}DA?ODIE@VUEZc%5Ga
zSN(N3Pd8RSA-X@n%%T}F)30GDFD_1jY)S2}9mPPXaK95~lTa+QG|e$=ssJd1O#wt9
z>e5Efp*iio%c>+GPWK(zCis~$a8c*bpvgR_c=+$6s)RWdnO+A&QznqmMOmk4(gW<>
zpygM{TrTd2YJlHV++#=nIv(cXKoWOyj*O_dix-Gq)vYj_A~qy}@&7twM?XzJF5W@9
zFob@%x*R^vmP1#Gs4&USE|wrf*|bHNu`cEbMBgFgZ%?aFL-k8{S~tnt=GvG^}>h%f>hZo?TT(h4}V~5FMSDaU%aJAkyWi
zQ#d&|dgzO#sXdw?_hNaP99mK)Jt$7G6@?)^#(1EwR;Mj1n5fkXO0*5sa=@w}>CUpA
zK^J1Z^$rrO(f^Mjd*_mQQcxi{gfZc(5;LFiU@T-Vf|yRxWbJ_px(+=0Ig#}2#0zg5
zf(osQXUrF20VR|oEElavRjGOv=lV63px+sBAiar&5_D;?FbMbYbzj^I=r#f10K`Gl
z0YPSBkCU&q2snKo@aE>Bdy(~#)&AJ5qnJzfbad;ykz+^&P)U!K*yLPf5~iDn5lOnL
zeo8@i)V1@-@!rbTcc{o~x#-o+aRjZS$czqSb4XDX
z5dh#N0RW@OoXU0(0Sp^;uG4EId#gi43z%!>gbNV{=X@A&7a$w?*uO%aD8TfMB6wG(
zLhVS`TtkMm*nsz}iEgRpt_Z8dkRT=H`65P<_rQ5Lm+TnK#&EPnpN*f>M|UEcqCeiV
zGH6M$BsOxQZi7&W0@ccYPQu8u_43MDf7!I++=UJm3cuYoVWKT4vzq!kAmX%sQ;$w2
zX|2(I3bkms^g*J|3uHj{=r^}RkzXlW!T&z^%Pye9a6*u)_{(oC@f>Ypta4v?c6>H0}`&b*6
z5bAwKcWcy~Z`EVLL~aOWz;Zm6If)u(22OY!*cdn6MDKPYTf?d_S6ojw(=>P+?|>$P
zsG(Gv6&rVZ_~OlCtbK-5-rTmLuQXY8bi`4~D)O0U$7GrP<25GTBD@}YU`0ZWGr30t4q+Ri=^G+24KNb7?=mg|EAk?7
zX_D%h<1E%BQ7Wsk@`JU?94xC!36lvWw6gqX#2O_YF6!!TZ@Wa#6O4x10oa-pmwfE8r7>ZBLU2z85#{r+oKaG7(HnhF^CA{ja*Ln
z6O{KQKonv$pkd+hPCg>062uf*(o5)enEYtU2R2DlP+bg80movB(L2NpI-A?&diw;g
zKv5DqBsuzSce=Po%ZV|ym6*E5Y6W!BKl2PJH^4nho#b2&=&l+ejQSy&`vHnG-=A{B
zGVBc-+Os}jgzOAnF1Yw{Qw8Pbp8^tRW7#0Wm~sSO3$=km4J2lXPO-MArA_mRBFqP9
z!3|V}Pk}{Xw-wHPV~WbYrV_EQg&P_dqCHf3R*;9I5IaH<*{r!NAr64B#6WGxiGe-&
zO2VCaHu~>c>3}C_R`)GrwNgs7GA4Hh-Q_mR)_gyMPZYqE%Eg(MbwHPTvr<)yVT;L=
zu>atxZn^r``gvv@77dLMx%GS78sso#qo_^y=_cK}{5jDZ_Tjm3-(OPQ&k_4Mx7uvw
zA--^9iY3IRjMy@`Dkzp%`lEr?a&~hs9#*A6E+Ntq_ZSl^8?flCXBitQ;#%H^391!z
z-<~r-|CCP1C@3Vx%AzlBYzy}^;C8^DWC~U_mV7zs=tyMl12!pEkzj{H_dy>#$h**7
zz*nr$A9~$m$lS^O(Og^5I?r1jd3xxTo;=pmzjq7(pqXID6KQsK2R4aK7bf7bLS$r_=Oju5Tl0#TehXNFOp_FhT~jz%z*T5Q4Zs@l?i0hXYz$Bs;;3%23zA
zMJU%4A~EUaW#JG?JI-$Jg=(<_({0+`csJq?sFXYzQN~RVkU_t5cK}Z$V4m2hYhP~R
z*F7h1>2908#|X(Gia2>PeKy`=JRH)!w4+is1GG(h6=I3tbEENL_o?&0l=
z?dv{WL_7)cIQIyK2oI*)d+j(57iuyerk?asY7;>4HR)_IL{z2KZ)ThKcQ3CHD}0cj
zu_BRaq`>N4dy4TBXkWc`JXVUjjfGH1W11E|RhZ}5`4BBuqXd&&BC^E4Cg!B+x7Ax4=Lo+hYNpJX#o7KTD*kGvm_EMHSTg#r!55V)OWaMI64)aO6eDP
z2)Y*KRpPXU%BNk|Q5tYgLWHAmjb5vS$6ZJIjcZ8n!$&`=AXH@g~m#$XqIKRdub6KnmQ`dT(UCK>f*tIF-UqgK#
zxYlmkB8?8OCpXtP7g<&IJ2szv&lm3YLX>^*lS`cXglJ~bi}jyq!=-?kIvNs&>0uLi
zz|KuIbLt!LV=KWm8{6IMMuAhkbzm?Y!f~_&WC^?z*QA=d>ps7CQ!S}0DD0q+WteJi
zj=wv%HRpltXhb@WHX`=e|+$m)Bp6@wu>e7lp_B^fDb)|(HsEPxC>l_qaE$upv
zMv80y<}2i@Q|5CE3*)O_hj&R*sF1!3{nD20+O0hUJbxje^?5c!Yc)bOYiYD73m6#CI3C$X-S^SsK`0>2
zkC`A>JJMuHz`sSFiBnm_z*D;Toi04fDu?m~YDB7{F(&c0PUxvuLHNOz
z7x2WW4D}0bQz1GcMPWw~3p2W9{Pb*r8oC^9IlKRST2Wq|iAX57+yJPEV)`9}ae*@;
z@x-t>MNR{JAjg424#y4FYpw+$*gCchRS8zRs*0s#eJbSGqMryeZgh=KiUxqto7}8W
zN?M!>Ado&RMX7k^bq5tE!}Vh_L0dtNyxF7k_4nUfJI`;Q5Q%ZNdr!C0X8w?GM&)`K
zk;`mTBruj`7w`TUcX8RNrpX7F+^DyBnkhsLa?avZ$OF$U5rp03W_$uyLptE_B0}Db
ze05(fEggi&mv<_z&=yJ^!<_Am?2z;lkyI~$eH=!?VY75E&3IKVDsLH&7KwXKYz57z
zo^~4aQl|^2g`Mz_9nq+hV5+5?lx+v5jZ@}v0>yW3{);?y(GucNxT3&lm!H)voCNscOv>RcG{*l~cNEBO7A)O{U
zuK0}E8f|D9Scv}t$Jb6OC7i$~_D@R#fP?I9uO*JK)IgO<)o>U+Pjj%PL?5AvRaT4q
z*oyrB_sq3Ao`hIzUu#MsL^M^1puxL=N3><5JN)n0$(k89>>?7@#wp_Pnkv^(10C8Y
z%|7G0Xba}D&zWOcBb6C_iryJ1!(t5tFA<72d!2}a;CJ%Hko}fq!+kRp(;)kTi`iXq
zMDa%lDtxjH1d&hzsx0F(%#~7JZx@Pd@7~17kMb%ZD
z=c^tFprv4zofxCt9vTj_LaW5k#BCB}GT$Be$UuPg6qZEnpWf>7b@x5Z;cn34HUov3
zIA@n2oL~*Q!c3lTnY&0v8}y+}M=4SVE%rh$oyo=yQqHW8bP?<z~VR&kNAh4;21J%|8HSVW)`Vto-O^^?I*JotU2U2xhzCrofE
z(QA>N@v$Z`eZOf{osqIn1=(sK&Asx`2L~FiR)2jzob~s%!`Te^?zxx#WVpUbwm8KS
zS7%aF^ov1EbAOZe#fdlfjQSJyQVXP9ErW8UbU~Ci_ySrMvhPXFDoXHTpV!0b
zw%J+o3?&Gh&80XIVNrOX?7;9VYYF|%a7WOT!LJCD8#5xNW!
zXsM;bjI2D%{#z+YWuBj4*LVsQN1zLR~EWJNNtDbo3=b
zGdsr(Bt<^YoOJypLAHg~s_Q3NVIl>naV{%ROM#T&slZ$7DJ4|CoX{m+U9X8na109-
z+=&FufK#aOmV_o(OM0>=3`|53Bfsxx#`J2tTn}$_0X>M2seWkt9RXD}OVPE~W21gA{T(5!&S&xU#MIpUxELEL$Q0|+<|w<7N@3MGIokfe&gKzm
zN^}>?Y3dhRbhb<3=d$T6gcThWFDFqqkp2+hL#-OeL2lB7l#6DFNHu8Ej&bAa{A=-*
z`un?L{b1SJ<=EH-1OuHcUh)X!uDA_ciA}mjkcFM7t~hN3W1!KXA!s2ppy@SCkd>2`
ztLJ(_O)AaH3US3w6BF-fg66B!n_JP@*#=0)sm;O7!k}Q9NsEM3Ke_s+^L(2oCE#$s
zkrvfjQgmh|MKW88$1QtJVkP1lm|~&gX{^Pw?x(~6Ht7r|n9caPNs1)%uBWp=Ea_ce
zC(sMi2^(31r?OpwL7}Rp>GJs&VU~~=8TQ^p%dlNibMU+HOt5n%zSdx`NsOdQQNfJR
zi#b$fNY#(D<12LQ&f%A#LHMRwPxBHFvf7g~O5<)xZDZGDmQ=a)o*UvoD$|}Pa+fq^
zXo+qdwiuTMfu;xwe@k@UPDaMthtiN(Hp3?I*J#bL4i9X4qFk1A9#|L+LaZw4WS*a7Sb)AwN0_Qb
z@>QrXsqa{%2^M
zeL4VQK1#;Kacl^xIknzY9twlBgh&bq()DZ;f3OzkGoAt9AvB4_gk9+*3f=k)wYVy?
z{AvQKvyWRB|wUsWzE1GCECxP5W
z9fRGwA}j(71cNUhpUP8Fl;j-fW13rMYAi(uPlTnl1_-n>;YjuhB-NRK53BoY4tC99
z3S3uuL9w0?dldfo3NNUZVpA_;iXfhnGT0E$YN3cM{0v*U<7XAGsr04c=ADMpoe#?!
zklWKEpV3an}P@-UG%{Ew)-id~ho9
z%yoqmZ!&*M;%3Vs|G8=@W^wVJwo7Q@g_8B<`f+eca^)7Kes1cDg)I;okcsSv_Hn1!
z+>A|qm|A`Kt|#L)uuAzsqtgw_bv;X+Ch<9jiV=AIx(0eJ
z{0#&Wcnk=rAkhH3ZXZ|6Eoz^m$+Ie!XrO8;1kikn7o*{7IKmh-^RVMQjuvkMcrFz3
za|k(8HO$aRVT@&Ha-r{@rw6MfNes=Z6^L-=u*J1{t2eO&1QYMd@L9B5I7tWS^!(U$
zr1juCjj`o-i2BfhL`xGhC9_DY)P6>hfcL;X7Pc>y`cC?7pLj7ar|BQ+rA6o(ZQgEY
zFM+bb>~_%wlL;nA0H)Qn69A|2E>D_mMdb;jTd^b=>jz_i(z&)%Q>9pFF9e?q=}>$K
z6GLR@iOTGDz8Kr7s1|&$AhJc!#Tj~<8J|vosit2?=_+uHA}w}A*Jbh$<5gd_5%fTO
z0;J3i6y>Qg4kZGp{;V$m0yM-1?b6wMP*MBG)N|+thrwMzON{#2=xEn)q~4;O#Vv|B
z7JIsoI3-0QDELZM3|dTxSB25kZIPnD@$_C`ARdoggUUb(BH;n4J9_{t4vW6Rkn8D4
zJw`P|`oxHB9Ih_C3S`^2$*5=*0F
zG{pd9u@*HjwMJMk+_2_Ju|Qg4Kq5q~yjf^$d?ypJ=+g0^Io%DHEVgoCNF$
zP2GOKTOv$ajyvdJ3G4D^eSko1GS_a4+$^>r5UrT2U$s6N<`IyNlu=}=z1SLel9Rm?k^>l#r=;7G=Y*_qKw=r}cMeNCi$vU)B
z1^_DRe8vu^wqpfxs4{wXCEsROq7?{(OSF1wrOP-%6?*E>!ABSZB<;>cY)*vXU_(D5
znX01cPv`-9XJ_B9n&ZXRnJwVT`JBm?6pjvR{c+YX%CM9Cib7$N-R{#23xEz&{kNSb
zH}maMQy(=C7FSu>sSg}ay}puaNYueN{Wx9L?@Zy95Sjw@4hE@3mxtyPXAY};YpAa4b!uWEs7t~wJw>&D?*iB
z7U0b`%7J@BcgVktDAT4(k(E_5c@$%lHa{ZOBd#^S0XuauyBW^W2M)LN-%L8Q89d{i
zQ?S7-!&=^{^aj?u*r<5U2)U|L@nIE{(8;XkC+BNWfhE!3LzHfwq*lc$k*vi|OJout
z6@BZu5vcY^v=BYeePRe;`&^MdKyw04v-lUf_Xn?x06FbLOLZ)@^H#c1mu8W2B@cTt
zM?&3K+riZ8oaQ>`3>z)UyiRh75LnmnL~5_cl#~^f-!gIp^YQmPHenStfc~FViSC`N
z2NmM`M>Rj{-Dk!5MaE0206OrL7v7{BxZFx$gkPLPB}p>}9I3EmNE}xX2AoyhA#(<+
zVjd_~UL3+mac1h=1-*%j<
zX*DmQ*HV|4m~W@qb;s1fKExTU
z5h=_q*0!m|K3}u-m(Gc$8d%A^5cIOyK)l&Va5B7`Z4>Q@$)C8QgKQKI-zu=3aH#VA
zG(cAwwakk&NIJ4Jl+kJEAZG
zvhsQom;y_j^H-{Q4cG--#V2u^9_llB)B6sHC(AWwt|sYn0$*VPRXv){Q4c0gU+2#Z
zlI)-!b~62H-FWSdYn~I!9W8W+eps#$n4ywL2C6$Ut^eV_|A)h*S_lTRDn=Ox2IQJo
z>FQ#RO5T&{qH>>EU0Nm-gWwcu*n8yACM(<|^gr*2-^WMFyr^idxFy!S`hW^M*9g4+
zCarv|3|0;j(&#{C%a>0u)JO@I-EqI?{$;wI0@eG&9i_pj
zpV@YELGi&Dd%WHU6V(hKY`U4Ho6U`knPWI{wSBq3Y=hwhh&PBp=*LcYe6Tgn*x!B79%tcYwN0Qm<##_xnH(vhm1Txkw0XV5*Sa)vLwLAvsc^>AT$3n6*<}11*l`39_bd1a+DamKc;
zj33+wf(lmU*}9)+k1pled>D8_aI*%Ar0*joU2trA8D$eot|>G}+v|mVlXFSVs9slx
zIns`j_SWqjYj7~~6iv{O7NCMSj!SPm4aUOItv?Pv5GjBPo|;A;|G(V533yfI@%Vqp
z#kEvXQBhH2L_tN&4PjHPY(WADkwisBub1Qkfox`hV5!xL`$pZZ)U8_gweC_&t!vdv
z>)O_>)>f_5($-qFeC>Z`-g)15&OK-DO>UC@p67oaO~Pm9%=^Cc?#np`-=PkrIceHy
z+Q|ck12>F@iM!Zi74yjM4xf@^s5xnXw-wpe1m*{@>p~9)W$$(3Q}k4&Wp5v|%AYUi
zu>RnhK-QW+jIi*z_NtyQ&{Hgq8uk7)iw%WSGG9uS08tKw8@
zS(*m5DLAqc{#RgLo0M-B-Q8LcsU2o1ws&h;5WWtdGUedn;YTfiJ*@tx|7P(2;j@nlih^JrvIP8(*C6vN=y%H8pkL>}e!C6W
zV$0S2f?x=6{2#B~@khlr1J5d&^3Ba_Kmq=VvI)rH+6jMH`4L_|A30n*;14UG;pHol
z!?iX3u<}V>z6Lp52jUMauk-S?$l=oDZy9m0AO5!YpXBe~#PY+We3_RI0YBii2mY}4
zALZo}SiYl_&+_v5EZtcB&TVlG{&P2*
ze?#FP_&;9%g8wnkgGro+6=x)hJ~4JsXBNufdI`b{=}kW)kyzJ{6fr&{pzz>Ti$AQb
zq7$8b7Rz^&a*^H!mJdU@^{2U=%F_ib*YfL5mY2x;kM;g|k>#4dH{_8I;7W0Yv|n_g
zOWz2VPn7cIKKxlMFO~8|Mvi`dfb+A``q}yb@*{DG@pCcgUB-4Uk#;c8R(V@kk@5N&
z{7-o%Y!%(-amy3Vbp9uMz$xQ`U!=A1NQsbZlVZIuw6copvu@
z%yO+RpTlykY~RZAangRXxBpxYc`@8m%6>?}-=TCIenH|40H{-wM+eJ8>E`eQu3hnm
zP3Mt59#t$KDdia>9}4Ud4&&MEI)H7>L%yxKitT7^#Um`o^tgBwnZ^d=`6kPs4auLN
zh@kunmTUPncniD{Ow$i;H&^;}j$?UTxk3B$SUy7DU+eGhWchk2FM8I+?<$s`6_T5R
zjrJd5xz_i*nMeKw%LhyQbA0>;Vu+DAp
zaa_wf><(pWp)u|y{;f+C{$tSS<5LB{pZ1wi%v%E^miw-9R%)^yA
zeMK?YYGC<6tKNKaxv-}kL%ola1ZIz>x-njc`D8>CLrRW2T{
zvRtdXpRs%wdB5=Kpl_fc2#&!YHl9VZ$$l}Qa+WW}KG@1J9Vd8S%wrw3{^yZj#q#|i
z2p0yAU5f!d!t#pjIE?jicq>O3*cMM^Ka7fNi%Wc4Jahmk!*vV(u<0$jmi&QsE?_&0
zpsx&-5p2_sPB=ZAZ&Tv*%DmoNY;S6u-YBovpVN1LcG<*mZ!mtq_>Ew_H{$f3@%|d{
zO-!KP=8ec9$8av=aBy57@xxN%Pt;q>dS}GxwR*h|Sg$!w??kURfb-}3+5V!wJ#jjE
z4BMLx9RC4e&*ftxL55I1U>o=W*Ao2U@;OcUhw>3DkLwdC{Tz>d;^I5V$9FC3of4NH
z^*-M|V7*odJLFGn1I0Y>DUMg%*b3ui^X;E;;l1y}t6~5ABRf1OPep$qH_)7FCF^a9
zOXnv(oi}yC9{P3Fw(tY4>G;F?{kuLqn{PX3=P#D?&3%0s#D3U4PH%wG!|*=i@aD_#
zimF{c55fflxQ5{m8y}vhp+8r0ID_K+neg>#KHI60c8X?FIK^m(50>^%_UXGf
z&;9FJuK8zU9{E6;P{Bf)44?gr`B=*G=cJs+!bK1Hc+O+JNm8%V$cuq>vV5+TV?CYf
zZLDFP!==utMvigm&uRH)O#LhRuh$#FdJp0~(iZk>H~H`e&_XV(Q%RkoJ4gZRz=%BZ
zSuDRSbpQG8{)RmA3s^o{-rwNkcPGooN_mr!qdx|*zix)VL+M1nUg`BFu-;GN^ltXy
z4cQq3(%XaydF1o+$XDi(ugN1{n?sKN7|Q;d7E?YF!t$XICubwE8$|}o*lL#F5|Ur*~D1Q3UY*
z^(>F;2Z}*Hj(vvxXQ+(ucnfU|qKTot##PSpy+GHc!3+mz9lM6*Bc#06`=~vS{4$pB
zEAKa50NH;akNj1Z$HfoJ#RT@zY4CT*2bh;){bC3$@&y5Poi;BkeL5zve1(i>ky(I2
zKhDo{|4Np(h3+>KeY}4S%MX!q5x=!8*YbKO`vJ!tp>*=PEc#+P>ztphgT4^!$it~a
z(0wtT<(e-R=ehr!Jon$q^0>Jd`sz8B$E_Ej{G&W_njnJSc=+G#?TGd3;b;V|dHBQa
z{rEY(G1&4Da{2i*(MbpU$>b%M}j)uQo
zUSfSVD%6I4!8&84j#wKWOc4kInwHt}FwMlX815Oza@;GIVI;n1`c;hPeAc0$tPQb$
zyprXb&)2YAE0b$ku8o)8V!7t)O)RHhHh#Qci)pN5A1#2t!@f3~uBdYk>*VTB>rfFc
zEgq|iNgTV!h@uS~My@;`$Z5$Hj}07-=C1)%x#QP;F+WGJT)Tf3%c+gD{wy+^DtLbb
z%O}F$vdmzYhVlzoPQz1szc^2DC(FMp?=M$sPWz)x2$o}gck<&+ok07uSgystf#pZZ`-@BhDg7+h+PFLO$X{f+)`x6hIsLNf
z6Xyp8?2QrA$NM8#9@i#N`t!&eSYD5T*zk+YqCTac<=WW!PL{WX?l%Vv@ctL`+`l1@
zd;n!^{CW@CAHnjt_@QVP%bR5U?A&<1Z#&yr?;NQ|Yt=!#xw(7n9)c{?djRvkch>1wrsQ{&4wqKP99X&;*u;;(-0kWM3yv
zVx71$jZu7#tayN(#5YV|f??gtc3y|SU0g7%=X_W%vd(g;Q)DK{=*JB#5A`=-
z1E(%1A3%cmvk)jB!Sc8@Figv3?DNQc)9gcx!PKCgcD57O@1XoLmY2cbF0J)Goe!{F
ztB0?$oW`;?-^9M~XDpA)6AXV4EqurCiK4umo(V9dh#?4KXO-~FWymbc4&K1>*n
z!XOBhf3AbYz~{64T2!*>L>sHUjni01D+|}NTq_IfSgw_Y_gJo#1#>u1pVt-BfHw%V
zK4l`ywfLXJaxMO+v0RJ)^(@!ozmDZvS$>b@TKvt%e|-8e4~wa?2SKhpoXR>hys-I<
zjSAe4<*kn8adE^jR&^naTXWdJFrH)iq42jWYhwQT5zFJsD&D^(4NikVn-2_Ud0akW
zomtI(j;!xPc~9(;AZK7WEo?{g)oPZ<`3mp9m*v_RYCX#-xi&A-J})-1oQBj^F6JZy
zX|fSN@4@g(SsphAKzUUjc?-+6d|J(NEuZdXxt6~5ET?S_n?7;ocq7Z>(q9bmA9x`A
zfa_NLVeiK_>j&P4<*cK{u_lKc%St=Tm&q{fIEnYQi$S)A_2x@GGftvGGx~cS>%^r8
zU&c`-z3Bg;c`NaF)KO^QAkR0==f+7^GN|w4z{zrUfwU}L6@;y^T7iwr|h)x6KjR9vRrG+KV!L8X9guPVnHw(e^~os
zAF7Ft2O`%4|$_tg4!
zYH&F!1VP+5r5N})mTyEQ8y5DH?|U2bSx0NrSF$`bmO&flh%B|o*Rzf`*ICDMtv!B^
z<=e}6av3W|MwOiRHDo%(m|-aE#Fb;rzYEy!Q=ktG`4z{0qkTWxz;-5JxHc?4%Y^0R
z0+z?c73Fube2Tmu!sq~(7Xur_X+0SJ4#h*9pV-JYXjow5z+(;!V<1%){h6&&mhS|*
zE)BfDi@vyu;}AKsh`vaBUv%cMgYmeEHI-MG!yueGc*UFwK^?6+8cf|QHr%Qmr`rUW*Q3ygit
z%R2Va?eKS~JelzVjfgR?rjEk^f?y8*uy%^ffC1%oET1Uld`7((*eaI)FnbJou`e&T
zvW}M4=W>LBarlVkJIOeRa|v701Ur7*hizvI`|2I|JLHR*7bPz2f5B#FY+m$B^c;p&
z!?tLd#ri|6@3iL#3-7;-N?k89_P;r>@yz6kzy`C;l-Crcy_TUf{>T7+)EZ6dKBFiVB5$h+>rk|AO{?k~#gS=nF?|PPNK3K$U2rEE7K^}BUiCp%g38oo+}@pW1YA@dI*I3
z5zFK149d5p!C96MM0p?1a#|X-X%uU^(^*cid@8!psQ*+K#aHkHgl&#D6%;wf1v5%R_l2_C6Q0JT8whe&?`U
zTSvV$&;8G_T+M%$mti7p`ox@d%fnCreHH$&@*=ajiSZlGay9*V0YQeNLemM6+1lf@;>j
z>33+86aCo2I)kN-*&?UDZ8gi|(pU`l+{^N1@V5&C{j}JW)uDiga5^7_zx!wFnd7V!
z)~1Ol)XV&kNk$$Q7fj0pmhXvbHobg)0_F2ruC*B}S+4ahYgn%3=USF)ZNghD*V=?l
zEZ5qEA(Js-`dnZF%e8f!`7GD`x02;m7>MrtOS>)6)u7@+k}(OgnM|GdZY5mGMJIm`pz{H_dpzc|xUT!A+R!H)RD%4zl8
z^otW&K3&Qo|4!ljJBj659XXBVny;>BdEB_A7{Xk~@?3S~1J=>%NPjY}uXhe*xpx0l
zmTPT#9n0g=h-p~G@?35DM$X54ZTk8gVPSdL$a1Ys9C$b=!KJ0Ol;!)Ok}VJ7oibG{
zr(moc$^#xN!SGvHuK8*;%O^_vaKAl+buY`0lyW}Ui1ydBJk-a-{Wuh*^s`(`-#{wJ
zL7>I2l;v@GiT0~lz9_{
z#RK9hpOt@)?ZlfAid{7|>HJZ<2D8A5`!#jE{1}VK~UE*iRkscgUZ%&k=n_`AiH*ZzF10uBEq~
z<#Bn7alMS?qcIShUa@xg0L!(x$g3=`mG|>=n`r+tmTPOkgQ#%~0&T8Z&T{SknmqTn
zvs_y*yo}|$$oTX784$%?I6Uef{QbXivPAG8iX&Gdcv#_&DEv`{Kd$h#3jb+@4}{qD
z3p|$!iQs4QpDrDVV4cE$uJ9)n{#1k?!11vH`+FkuB94XS_|HV}wEQP)Ab&>T_yltF
zN(9d<{DlZV0&YjYq5trre#`s`;l32nKM`c8Pvc?udrQ_`3BQX(Ir$fJ{FMk^j@Y?@
z^{t)_>1F0mvV*7&0{e>jJ_+~(uHDQp`k4sUN9>~@5&T-=uPFRAg}ZF75*=U|6Ac-D*P*jUD|~Z>Z=vw56uz~>2Pk|Sg%4Et_6o;0XGE_=u%p6vR`_6r
z@2c=23g1KF#R@M`_)vxKtMFk8-%sHODEvT$AEfZ4!pjt1uJADmAFJ^33O_{QhbsIq
zg-=rW6ou2l^)R`^j0KStrlD*SkbpP=xR!qW<`
zRd`0>ixgh3@FfawPaoD*RN1e^=qBDg1j1
z$G7H1uS9UB!p~Cp*$O{b;pZv*0)=0s@QW4xeT84D@XHl`rNXaP_zx7mM&Z{g{Cb7o
zsPLN<{$qvTs_@$teuu*ERQTNrzenNsDIDLN7rhd}0}6jo;SVYN5rsdd@U;qmLgDKa
z{-na6Quxyfe@5ZYDg1ebzo77!6#grPzpU_IEBrSKe^ueHDf|tEzp3!wD*X2fe@o%-
zDEvKzzpwB=D*R6h|FgnBRQSgV|3u+`Rrse0|C_=$D*PV`|4iYZEBxOI|3cwkDSVT{
zzg9R*rDLu{P^9pL!Z%a+77E`=;ae-*zA-)=*+j67qCZgK+bevK!go^mV1@6Z@ZA(X
zMB(^m$>@~`_E31S!uL}6-U=V8@O>4IC+VYCBG^yi2PoXW@jq-U5sXyy4^nti;iD8j
zTH#|9K2G5WEBp|JAFA-f6h2YmlNF9{^o?FH-&FYF3a?c7429b-GlauV1hW*$pTE>*bw
zf=c+FL~yyHf2G2&R`@jvU!(AA6@I{hF3g1TI+bVoJg>SF$
zK?>hV;X5mQ7lrSt@ZA)?yTbQW_+AR%TjBdCe3-)bQ}_W2AEEG(3b$X~3YWx0P^RdY
zD}1!V$0&T9!VgyXAqqcK;fE=FqQWODe5%4L6h2Mi(-l5L;WHI}gu-Vlyh`D76<)3I
zqZEFO!jDz>@d}@>@DmiCQg~Y7wF=KDe4)Y@DZF0cOBLRz@MeX#D7;nSZ3^#D_;Q7>
zQ1~edU#aj@6@Hq+PgnRE3O`ffXDR$_g`cbN^Avu8!Y@+zYK32-@XHi_g~G2=_zx7m
zM&UnH_;m`uUg0-J_#JQ}3(u`R&gbsvj4gCOc;XKE)@`OQqO-N!EhT~VBNqj30_%Czf9df`?4)cPV)&2aX(VhzN~>7;o`W<~;oLJa?5T5LMG
z9+Evr9-|ZIA-?-&_|Kg~4F9o|xIB$(RDMBRmOjG=ZH~X`DLVuB=RD%_w5$y1E
zhp(R!-#rZBUkS=Wdcq(iJA^nr!5QKW#EU}=|M39vy&}Ab4ic9{_*CNiMfiop>B-KJ
zY;!772Zb2^V>B0b3%yWKTak-J;Kd56DuR!d<&5uo)FS{D&qVg
zf#5F_uNK7oxdRpbng}l^epG}nA%1j(Urqd&2!EHjJ(cXmMc>4~kM)56I+(aTm23n{
zi8n;_?;_q9;hz$xCr?7M!>LO1VQC>T->O?Bi23tN(myN0$5RtE5dIe
zet(32Mf~9ipGYs-cqGElB>rfGe@^^o5k8xm&KD#6Y~sI;@OOy665->iseLoT&nNy)
zg#Uv0A0qt!h<_U4L#WB#7~!qNqmRqHOnmc5M>vw2czOe5$kw^Uw~OdMO?-z4PYlM}
z>1pPWox_Ol6wzNne9s8~l=uM=K8?DT@(8aZK0CsHLwrGmZ$@2FLxh(T$G2OBuUg`#
zMEF(2&yMil5I-lv523E^stA9AIF9bZ*Biv|ig46Q1ouV8IfloogFX#L!U2$-*yT6S
zk2MdRI{6qo)H%m+>QrMmb&@fhI=vW9om&j2PAP^{rxC-cQIFx&NXKw$bYnO*qA{Er
zxfo83Rt%>`D27v`62qx6h~ZSZV>ngT7*3TehEt`9;Z&$&cy#=RN(p+pG@=eXI({?y
z(eaz%(eaz%#rP|7CCpn5V|aA@hDwQG?})D9LlwS{!uM79Foh3S_fVj`d?tt0m&f^S8b
z(LYS#6BRy5;gc0UMd4EwUZL=53O`)o(Rm6gCW7cZ#qj7n#qgQ`*SrLXH5geiL
z*$SVd@G6BLsqnc9uU2@C!jDq;(F#9C;qw%Jtiq2|`0)y#ukaHTexkxt3O`BVX@xIP
zc&)!dn&Irto%!cPMRrq%mewxBhSNQi7eulzVDf~=@pQZ4#6@HGw&sF$&3O`@r
z7byHfg1=a)n=^@GBL5mBO!9_zx6*jl!erMW~nveyHeQ
ztMKa-e!aqPQ231s|B=FPQuxgZ|FObvQTVM2zfIw{EBp?H->LAs6n?kD?@{=@3cpX`
z_bdD-3V%T14=Vg2g+HwDM-=|3!XH!k;|gD^@SiID35EYm;p-IsbA>;t@LwqWDTP0+
z@MjeMtiqpD`11ukb%A`~!vmN#TE1_=gJrNZ}tV{4WasMBy70
z{#S*6s_?%le51nuuJC^-{GST{OyU1h_~#1$x5B?r_?HU*O5y)e_$Gz_pTfUZ_O(enf7l|(Q{(XUeYkqV!y@M?wEDEuge
zAFXhFi(~Xk1oISrtiq2|`0)y#ukaHTexkxt3O`BVX@y76fuL6sL9L=+r|^uz7b<*_
z!WS#NUg1j=zEt7S^DQR5jf#Gg!lUP5jGY!m|73-?D!fhM?F#Qu_%ekrS9qtwS13Gs
z{>S*?+lu~5g?~rkrz-rr3O`NZrz`w>3O_^Ps}z2w!p~Cp*$O{L;pZy+JcXaH@Cy`v
zp~5dx_{9oet?=(F{1Sy2CklTc
z!vC>b5R?RuI=(wLz;JCo1io!*{tW%x8F-xj0mL77c6Q>sMiF1@_zuh`5dWFuTQjdC
zzRvLjnO{Ww=Mnx0@h2VMkM&<6{*>c~G5?pMKM)dLBHqWo2kRfG@EOFParSp){UyYo
zb$n0eX9AD&=QRp{O|i3)`18*G32grx5aBrc`v5Nq{_XUqvwoYRe>Uky?cYfJ1!w0V
zw)0cP&R;-tyWkP0KbZBO2L0{Cd*-)f{w8z#Z~J>A@t^h^&U*d%_ZHyT?clxiBeM7&
z%uBQQ80O=cTl;gEPt4+rnNQE+-(x;6i{HTfq%6LU`Qj}89`L=2{PS5hKAV8Y*(*L>M=Jbs;Fzupv(oiv
zMSoaHy#0|19|aukPfP@K4Ku%jYTzZom;Lyk?#Zjm75xX9+c!DccIlgY8~fQj!~7Bs
z7jCEPJm4k4S1w#gCS5PFzI_u6xSg(lk^Uy9Z|ld{p(fl{*}m0J0WT5nrMLPwu)ck>
z#T9J-HPZJ7-}hy{+djs=eKK_-^J&0Kf__E(&%o+m!1}-JZzQ(9{)G8g%qux1uali3
zXUF-?X5f7#wBj$!@5%x7(Dz@f~`nNQu^fJ>Mk%lvibKV!a%`KwzP
z(9HaP;BoEA2H+)u|6agptUr3ViRTq;=UdEAVs4(#3j$kyPFMJi%7e=958T_6HzKbto)H_s6U!8DHNjS7E*`K+ysqSgPm
z!goHvgnJ3=+jNa(zK(e#hkFL_y#oInH@J(gtAWSm;~NV9M6o{>DmeOKJT9KEv;GsTZ~NhW!6ADE{<(6S-ig35p4s}VnSY*T=N+=+
zpL4f%K3DXoj*O4z3BXGN|2#X~PFE-Jy#oInx@`w8QS4l+@Sl)<|J=Q`|03D<&&6B&
z9{@)`Z1{$W$F3Zo{*V!Id?@qH2N*@Tovx`0uVZeWD-8lWa{WH@P2V*4LvumbT?&7m
z`Os~QUW)aDQWMW?K9+fQyL}Av?DnvY`FYzK!xe1*a^NMw7Or1d!F*H_`PPoNF@G62
z`fWYivHt%n>93FUn~5@`|26BcXFEfI59Gh)uLD^BS1de>g|mQ{i0>2GcI;{5+qigI
zzQw3`{nLoQ;^Jxb|3KV-hvg6s_qcMj6V-p5_-he6{YRsIlpg^c{q_*|Yj)?pk@<_9
zA=5eBD}cxOXN|&dSM2|i`Muj4!{gch+X~;vJiDJwK!=O*FW$izu~^A}maiqmzT!mneVJ>Gbjc>|9_PGmd(1s>=B!^Xz*?*K>tWZQX~
zdG@&I6Xsj*820Da3f~SKUJ|_F%G>@N&l8Dn@5=xA%zvTi4}=1M@tn-z+Al^710I*&
z0~P(Lz)OPPy7<_7bRlv7eInaGeyZq?J=nzOnVn6<$Fjv4z~kaGSJBTf|9Y^o)5(5V
z$$apx2Do;Q`LbOMzk&510$w7%i?o9IQYerm!C>cS%lDdK;(sFBXLG?g=AF!sVLL}N
zU(b9gTWn%}+3rRWhGBG_1-vBK)rD)v+piEG;<(ix2@c2noxpZr*g)4b=8LoViOip1
zUcnZZ0WS&mh}i!%>-R4zruW~&1VEzaXh^DgsSmsxqU=&|s{VL|0
zVEl;J{p`Ud%om<$_%-HNu!{NJJkYRTKDdr~Q7Wwe81u8Bzr|}0^DFor^P95xf0#eX
z-0lGFG|{B@TceBtyW>*I{7LBF@UlB?l@pDA8MKRd**D~_m}vM;Cm{{o6N8se#PU<@
z%8wmKy$>Ay|I~O;hHC(qlP@Qteu>k!={kH8a{rw#%P%3muhZw^75t0%Fvo5AJajVJ
z+0SvSe-?0z&w8l$cr7u%f@_&yz~x~#<_|M(ImrOae{J=%_y*<&A7b=v{DUbb+1X6S11|{BJFzwz2RVSfLP`G`vMZ~Fy;
zqQi}y8M6%MViD}l{Kw4gIR8-QzhXX!V|*<0_h%bBHRe~)%zVro1KOBB!u)pToc+N|
z%>T^%c-G$$29TKE$yEk$H4YA8zKl7$BRGcnW6aZRXF2mBM;g%1{4(aNnP0;E1Lh@j
z4LFEP%mDCXNia5&Un_uPJm*#$eYl;jYnlImc`ftLnSagP&a-x&VeC9}lu@+$OPTL~
zwBcWKd@clD68P`p*?9hz^@qL{pPc^wY`>BC
zB$tou*5DOI{{SeLCBcUgJ1Z6b5^yXJU$Z}laee%p^ryLSSF^<#P+m&{|9wE)u3kxe
zhST4dsy3`2;A(C4qU18ln-*R{^mX$_>D7EWDBVwJ8I*IS$q_
ze~USHGr{kf*PLYZt)0)Uedf;@aWDev6^7fAHeeF-H1qqJbM*_JXWoB-QH17#u1(Bm
zG5;p}a}3lgw0|5|pa)q$1w76VrzrdmwllEK7k;O^LpksABz=!2=muje=OTSTHz-%-)50fyqWbcQurOrA7K5Tu>OA(J`>uh67fA>
z+YVez{76?mEx%XM|BU!2oO`~V!S=2snB(l&_MwS*RR1R8e~s9AMd3v-ktqrO7SW$h
z+<({7#($}ze;@I`N9=q|{Fq4m4}x}~B#7!SBL2^aovRf7Ja8=Mix-=Wn#OmQ9*g$<
z_cTXyJ~jYH{k!W8n9J?b`=sx`%W33Wy-gGTf3
zyO>`D9ZgB#zvF4+`5bVHC+qLT`ny3p6<2>tfR_Xr7cRJkuA_-Ba(p85$BEZFz9aMP
zVE$7QEOGq1%x3||_&mk&8OnZcA$|WnP@CSHh&MSqHa@Qt_um7x@fm+2hTG=!ZG0{y
z-s<>Jj?a6*F+LwP8E^~7XN#2Kt6L0DFdqiIB={Hq%h#`F;Bo$3spvmNJbHd$`;*ZA
zau?6-Ii9Bw?{s`5^Yz3Ja~!$}y7oz?>YOn-t~k2rX)Dcac(|>?-Gx$*L^_TuEqrc
z7sntC{Yr`Weyg?rJn^%fealOsT`LLBb{yPA*EPiLECkEEx&BOiXQyv@8AP}wIM;D&
z|4QQLInLE7*hKsS$IoH==_T>yjpsY-c+0OC6uY{4U~`JN`KH9ijay39fY9#%C3A|J_*Yx8D>0fz#impD}b5II1LA
zz2o~be~tK!jvvUpKNOgf;3miIxP3hFA3JXQyP+qeesmsj
zHgW$wSzC{uC4RfJQ^w&Q)QWcQaNO3TvxrCMJI@fm)9H_AJ0sfAPPBbHo%kfDe>CfV
zNc?Wcw`bnbj&|;G-1^~B;`ccY*-h8b4%DCG_!#D=6Su3OL15GMf5h#oUf|ASR4-dkD
zzeW5B$8C9@v?4zKt-woyWlrDv`3>Uh9KV+BA9@PvN5`M16Mxd_+j4ay@uwUwV>_P^
zf7)^D|GmGB_M_wEsl=fivGWeN5^mbuEcQtcX+KInu$N}?A!kO
z$Hb%K*bT&AaQfB{+kOY_zvQ^}!*Rra<+%03WyGW7?T3l`@5tM6!rzF$?Ce-Sj5`&>
zjq0}$kB)C|ApUD-$NFId@!vRZ{jkq>(f+HBTm44juQ`4#=gULH-*9{{=G&fzcHVT{
z+Bu5&ZymRG))4=_<5vG)#NTrK(7;?roR0S2aopC6Q;Gl4al0<@8Sy_kZsR%gduZp+
zj@xi=B>th}cKoyX8L0oUszlK3Z%@4@lBj`&|4x8>mr;wv4uG#o&UB&m~-e%%MoW8B6&k)}&!UtV~cJ^=_nkl+o
zC0^|Kw#*N>6!oLysHMcC&s$;;7B
zbo{f1xc{!P^}}XYp#D&2ABOjIEg)`N!62~h{4a>_=k&+0{`4!+&H;|weE$LQ5sr^$
z{avp@{gIB__?%AsAjfSx^EvUPv}yBh6`a{M#)$Zv^{cHHLIc0WM<==h|JcyxU7
zZQ{}K$xn!narSL~Z6ZF-ahos0ufcE+cHG8i0rBWK;Y{Mual(4y(Q(4oYta57&c2P$
zQN;cCmu-B`Anw1vZ2kWdaeJyeaBqy==Z9#2va@gfKacp~j@uUeSHz?J`><=#PNmbg
z;WiWZ-&wZ#{xtDfPT!Wu@zeXwBxpYK7{x@$B$zDdx;<{aX+PJc>2V`wAsjN=p7{@k0;&LYQcJZ~T#9k+Z%
z+@9tSf+=k0w42e6|6cRK%!_`EyusPG^WQUw+gct3HeJsXZ*uy!o!s{pv=h~DARZlu
z+(+D&Vt?+U1O^@@L9?^J6UXy>;{JQk_8i3_x1oM(ME@4zZI0V^a`^42-{H8me>w4G
zj$8em?m+#{2=5@i!f~4~FB3n-aqH))ccPt@j@$P6CgRcY&nDuhI(=(@)?H}Fe<%83
z_Rj|5r#t=W%n!dC_0Mqp1m+hLKhyC8nE!|P*^Yx-==%OWXy;tV=P>_}`1y`cWWM*k
zsPDfMZJ!9ej`+n+-^TN8;`S6w5Li3A+=q59b^12Hjs-rD!;-(QQTUr==Q3x<=I{3R
zqy6YOXD0E>o&Gx<$hJR0{pk2)A#wj5>S3(^0`cg$V&4bQ&ehJojnCP{uW|e!w(~>c
zYaE}({A=RZI=+Z``a!fG9Vh&R`1MZTmcyYBq5h4I+jjK|;^ymAXnHTU{|zX3CBe;3
ze@kz!vh~j`~ExEHoe~?{;1Qp{`?(r
zdm1hX#;|{OU5j?6IsI*!uOR-I&L{Ob=>CH--*BAxQ*x3pP~IZj@xoxtMKm;kB&FqB<{bX
zy)UP0+jVIFWoLgJ^U1{hceHK2n@9ZDPT!8te?a^d$8CNEKS%qoId0Q+JaPXWZCmfw
z6928!-<#u8^d#E(z2iGE9|1hB-K!-1x17H9{{@QvdWCQIi+KA-EBs1@|4HE^o{G2M
z0vy(h5}Zu8pYk)}{yX4%vceWmqy8Tv`rje`zT>vMeMtNR$IIBxkLC;{N;K
zb*w-8S=9I62eZatUqJn6Ki)$8pHAP}f1LPdj@y2GzZcO?w0~bjJleni
zht7-%h=9C#5Xw(
z-3nb3UyhH@cYwqGk<+*B{6C0)?fBko=a}`V??1?7<8wA~|2=eD{_iCo?MJr!HQGt^
zXR~fUWfJkt9Jl?~GUEO_>9(9aM%;fVeGD5c`3>6N+S!@K{JX>lIBwgw_la-gxa}YJ
ze+BJ4@BCof`RNK@NZfxv-TLQV;{JQ<^&Fp1iEr=1tzusKDuz4A@kPwriSOk29?Wkc
z?!T*U)Ac3sU7Y?ltY7&W+TYdjU76oS+<#Zy=KG-6QGa)*Z}a8b#P@XkV79aM8>sKU
zt3Ifo5&W3=-cH}P|8EoD$8qb2iEpAE|NZn1w*MgUXuaP1x2W&Gt8V>&5%H1EJ~Rt-
zC4YzdrH&uZ{7T|wj*nozk+}a(`i{&e{T}U%ar(BMxsrIf<3m~hL*nM^sEBMlN4>%y;_(>Q^~#{dqC*xsKcPZX`a;@g;0$&-c+zl+PwU!s+kN`rje$zt29A
z`NN9-pNaeLwjas*bN-0o`tP>e{_$4g$GUK>A2ty8-)*<)8uf>=PX2;;hvT+9{2y`uU3klv{RP8a;q+~|4-=2Z
z^WaZV{}iWh{c|O8|GoHqIkI07_uq?eVm@I5+BwbHvEiOf{B*}VSpP%fXE<)d{nlU6
z&Y6x|I~~OR_u_4S-9r3qr$3tQe?;7WFMcQHdwz=c&vW{<%+CkDS8%=KwjSL;`js+Yj5qS
zZD-M_bVEaPZMwa=HI;5%WZ;h{+9rbS0%d@8DD);4+*W#gUFq^7#6*382C&MfUE
zLc6psQ`=mZF?yLgqgk;4Y*sC)s!pc7YI0m_rXiDV3x{3n6~?D8skZiXdwp%HzNx;wKHX4%
z3j7N)Fx^y_s>_&+!he_6*9WP?XU&;BX%^hlu^?5MvY9iQoLk;xGpM?Ke5SKD(}H%U
zjILOQ>8@^1j!w;8kZNzuWKxSW>AFm-6;TE!%c?0F#;YI#w>p0%%c|1tizl@%>S)X~
zwNGV}?!FZbnYv?I>)SJ}R#e?S&IVR#3XqB8xG7K=u{cyzx0ko1>su>lR+pt9@8I9b
z(o{9%T5Wr>t-Z2(G@|l`Oj}zeXjD|E2~{LVS-YwF#+HW4>hY;r3z8KTeIBrNR(1QR
z#&nC8sAMWT(pkx@sOU{Yb7w;OP44zER^ES{ElRFIPI=X2S?XxWFK9OwKwYbZGB!4q
zs_pDdCX;1ApiD#Yh0Lz3h1^ZnE>5>X@k`gYw^i0+hSpY8_}r*c&_(-g*V
zD@0Kp)%B?6u@a4Jmv889p@-y6!X7uZxE@+zU)G(MdQgwNwd7deQbNm&-Fu~Lbd}l-
z4XtROx|^;kqbs4)SXNO{ld6X1e`fV4F3JDnzQAQA^cn43lwzIJi2fVcrW(_A~y@^U_@SKH7kW!v%?Ud
zf4ykbo5D61(me;NQM`9^wWAR;X8f1tF-uk}n!`W20`U%Ttyb66eeAm5wu_>mG|qZz
zlp8QZu@i}=r>i#<+{n1pw3n5-rg~{+1vcyI}{G*h|Ik8X!4WTtY)T<-s~rx56Y%4IbCuc$6J
zH$f>cp!XD=URL=m#F}j+puyzfF(xuqmu^qnJlC_VkN|y#6`p+X`)H-HDZrt*UEta^
ztxd9Sf=(x^TglbP6z1JLVcs=uj)W2iLbGaNrM_hw;o4`y*(i4KE8X6mUh+dEB`D=|H3jv;z>@>O_~
z?9$kGYamIUKj45Cz3Rq!u|qVw0ukShP~L!%DyVC&wTBW^m!U~L4?mKr8f=Trn#-)l
z(u$movTcp^TrQ}Uvw7V6W<|y)M>RGtgM``va#f*Gt&UWntdbsEbzHNeCsL`)?#`G7
z4GYQ4YO};C497JUv9S{EM5IESNuIEpmCWu>!9*iuSGRgRfvLg?j9R|Unipuq&6!h`
z%J_q-4rDWUz7l@He`YK)rzSOr*OTppTd7^R@Ci51h2Q2@$fYFQ%pI|bR{ndTQSEWa
z5GV!C6}~hz9oC4=x*pbdZ45SRK`FKD(RMwya1}C?@SO?x7@Bu*xa~|#Yc0xNT%byQ
z5oJ2k_nDDUd_|hW^{9(ki@E1#-)0FyFHx8_Um8LMDcUf_#LwhKS*ZMIrI*T{?~<$A
zyE5K}IjI{aX1A1zqp@M);sL(sW>4aS%eyWO6=}v?oXpL@b>;T5WXz6Ns@*4ZYD*1x
z8>ZNmGvLos_}i5IZUlri1A@Z<=Vlw83u6hgjLWHz@Um28Q(dMr#gm$OZ6?f$>cc?|
z|3!l&jDpG6(pk-m>T4@nTbtbyA!qp9j;8kd#!N^Q+VUx*EuWgBB{XRh`$9=lYFge{
zh3f-#4OPpkvqpTQQ>o^bw&a);^@b^&i_%|iLn)>`#Z8=4BWz_gb~M76f(v3?%WE{#
zomrZZO)8TZ=!GNuSL0Ggq*^m=nRXYU$jv5^woeP~aFu24aD{|PE1bzbm(tO+uVDg>
zse@A~#=KKEXWF!CSP!k4G_tEd)OCUdScg4*m-n
z;$TY*i+>fND2(AKJVIu(Q?287pJTqXM!M6^wVg;n}x9!(HDr3wG9FGdCs*AWnDY5SM!~
z?zUG1Q;!)5JLMx`(WkRB)skt2-FetGZeNjFRvN&x4>lI4uH*jN6fQd5?{?u%Sj&eI
zff?SJoE+P}xV3q?Y<_TD(0$_-L1U(|wq=EjrzsUjH7&1)P4BsxHrQqkXkWZ`X{vVd
z($vCqeS>MhT;&;WHW-`D4kP@`q#N~pMs`GXdjo7INA@DI@lKBN2FVn34p6{(7aT^9
z1%^Bdq9&V)(d0wlwioI_+R`sDPULQgS3{;LSP16<(6yYybdsQwCqI*6S9c26W$;kk
z;J7Q3%TW6@HX1@cc^M8;@&sR<%3d9$W!;=9OZLnzcMZ`5jfP!4Xs~G6J#WOx?~%CU
zSfGXbH7#ex*EiL+X7E6U2`Zn9a)i_(OK3Df89EY<`GR?tJ|A0`OATxNZw0Pb8T#WTgAy8a4g3Mm^rx@0@PAkUfbNV!UZ;4jn^pH
z66kSRs>_HR&MIxtHbOGZ@hKCFEQNAhxt95sB~O;ux5@EQBq$1Dc6BOz#)$gK*Z{{s
z!?dVCJ3UQ|fd%1d?Xr(i`SQhS9-+ulbQgUY
zGuM{$52!~4&Om$?CCj8mQ947s=Z;N^6`fv*x3DK-Eocwo3`-PgdypWLa;J&?csk@9
zE)q5Fh)I@5$r??3U|NTkan=!MRYX49rV#nmn!Y@loYLHg1L4Z1h0UR+HBK&@*BE)I
z)W^y5+@CCk6)BDn&Y}HUhB4-jKtn{;K?&rXE~AyJC9`43mK-~kPuass@2X}vZ@(hj
zH$FI;(RcqgYG1|S`m9vMxXT4u-nKm5LhIR3ZeYC}|A|A73K+DE&orgsk%3hG!peDV
zt*{uMq7(0xGw9Ez=Jpg$)L{v-zRfI|rW)#(W-4jP7S?uw(mtJgmZ2Vu(cS>uHO@-Y
zZEf%z1BS!f2BVkJV+hMC%G+18z}y12Z4Srbq>bH@zKa`dYiV%8`?n&Z^QMMMtn3Rei)rOne}Lu!7cM@r{3)%
z0EP~$-H^&29p$$x4h3)J+cMdAJMex-Cv<+vc8z@&ux;G>EC8`r6-pU2Nah$}Up?62
z1L)zC4BkaOH56^=!8VLf$J0>01{)C9ADY?;OEUHCuxbYTHetO5pa@$n(ECA?lxb~u
zE1IHeg9pMlWf_OS;Rzrf@tN@8mI#XWDsW?G^u`D(tDpthaEv0Tj2>GuLq!(}e3B`I
z!ka5jk0-k_2-4&>E6fWX*v&3roEchjDBymvMj}&TW;8t*jkD{_FgI=iMTS;Zf#oce
z5lMr3{?rl;1MG2(KI##mI79bj53TpS`hqbNk4sfoMix)aP}uBN
zh&&yO3-NFa9jm0tK)K>-Mv_s!h(?&qdt8Oe+v-m-E7!1d*RBmeyYSHE0!W0Z&-AEo
z4V*%OEfzEM4-J9gA?DchE>gG|DRcSFoczCtVv`b;@#(fH)#l;aNM?>-l!22k^x!S7
zIPs2`E1t-d#<54v4s%Z`f;fEl}cm+TDP!wq3A(JsW-G-aw
z5eJN}kLP33ZM3T%xnWGbA{a{{zyW~BEwFWm}d
zJer>~7V-=p4UOVA!QC@>JqyC^&Gs~|cC%6Dk#wu%P|fJQ643%$-!`eWHEp*(MaKj+
zX3l~o@C0|Xh}xPjv`5#%iy-&}MvwDT8WUlRfm3MMQDraL)pr`y^Kjv5%{FNEVYv!N
ztoG<>u9KZfI8|Kcj|D?}Olx@1pf7B0U7l{OtDGx`EN;!Nq5@9>Ll8+w6)myBSq3=I
z09*0&c!(J-bTJlw2%Ps&r5#oF*jLG9L-XL-VwNMvre@%RC9mv(PvefzpgrT&oD~n$=0w*6p@`86fUHx!R_w|b!gjiK
zA-3N*it1S-6FP-qCIdDJqC#QWYin*;mVpC)rtI1Cn0b|AmOn?q;HP3q?659bR^J9Q
zjQTn{n`>&TbfxhCj+mmWst|8p&yaTj&DE8u9booSlD96B+>6FBl6lq>#-v+Xumg+r
z968lECZ}8%7Um{rPq-ynW}2!a=v)Qn3S?Im&suuipp2%**A9#IN}RQp5RH_LkskBH
zT$0}|m($)3I6K8jlMP&#Y_xiu0a)s}=aV%J#sQ%W$JnTHU09gU(H<0qtfy1EKV8yZ
zfaCW-AQ*Sdvx}SNa4Os0--l6jI|9Av1z4)4kzgOX)^9ZQX1tv5&b8+j<
z1eb|774@QBZwj}cAg|oB;=Ngt$*z6Ww^w{D-O(!sG36$PvQ0~t!&t_&dU$-W&Gt%M
zX?i2%vG_<$>#|G*EspoN@gBV(v#7p_R{+cj-d-6&!ZCqfc#GHgmX5Z?@RVciQgF9@
zu&rnDYr(_Rjm>onv%4IaA1DherL=HlUJ4kQ2tzlgE#iPkF8ImrJ^K&}4)(_Is&rLD
zy4IW<$0+8wtNS+<)|u+zgvx&DVp!oc2YqnqNl8!m7N{)eMytBL=7Ax`Lr0|j@
zWe>S5{P2?PRboV=m*cAuZSd$JepZ2o{4%(sAKS5TEajtQ
zSqTV<qFn(=Tz6cp*)<7k1@u)M9>DBhU02+
zMJmS#Te(3AsKDr|+1IVmeOCC4g{R;$TB2zzx>XmBFZ2vcR~!%Pi8fk!icqAxBbUP#SzR4Esj>;)PTa?SpF2Cxn5RX!6JPs4eY)AgaUB@W!0geL2oU=OvP5?f$8>w~uT*4o9b7^ki~-VZ2z
z>R~6Zo9~pWpbb7aupE6m747c9D-x!elL%1F6AN^h+V%!ej65udG2oDPP^|hY7V}$*sG~by-H;kifQ#g{%N#*3;`5
zY!rKQ`6M|W-n;=bt5i*keMY3Ym8baQQd9Az_020P3wm=FMtT{XV~340NCLi<#k8PV
z1C(BJN!)gvJZY8{L|tNfcO3aZ0L_>Edj
zX$2KIde<&&t>dP5
zS7f1Gh`x}@hLxktS2zm=zpj>>BGDi8&a2|wEV|&d*->wwJyzkO*jJBF;Jc9gN-LDx
zJ}O@rjya4H_hK`55~+_ur%9kYAl^rTh&Da@5f~U0@;Ir_96S~r+}hmChnxQY5R84#
z1)b}6ZKZ5#vQByDZ+2;=-kHjE_By{UbEFDJ<9$?|{OLqI!we;;uL3ef(;n05qty8F
z-`!5!ohRqR2z}=WdDgJcyzQrDJv|a-8nyVdVWvS#JaySesVFPM
zt{pbrVRI0^Ow-h!>S(GzxdY$7Pcun;tT%4H1VuDw4FLJn7D%0$$MsR->wRKXq|IUQ#|24Ut+V9yRQ^opcrXsHLczDL`T(#WhVGe;3z>DSG`#s{0lfh}Yip+`6$W-QJ5%EM
zOZXy2%EZLHoe!1);MLTAFy9;A99NreN!P-=Y+aAn8&>@ctoJGkbn+GOF7qSo`nNkS
z*BcQA!__{&v895?Cg49l1q}m>vQ!E;G|W42>K8&GF|TOy->oPp>tWK6_4NxH`oS`M
zl^wwKM*5&AdB@Rfe{hX}7AE6@uYlduM%WYJW~Q%(C}MLCs+b$7iZywhRe3HaT(T+d
z?!>q&Ev)?xTyJ$7b+PbiRv=Tc_`&BPeDQNlwsKP!#=Z7wTwCiDOE$YA
z4KJ28(eR3mG3Y~j`VlvJV4Py;Qfd|svQCwCA)R(r#ildX4yKaY>g?_Xp-5%kBPN;`
z{UMWb|E;=m>^$tga&nCO^rijKIK(P8wiOlQ-KzsJ-tav$ihad0d~6y6Qz^U2_y|^_Uqc3^M5HVjqosXU!nC)K;6c!?P%S5C!K{!nydO
z$_99=WTq|!Z&6&(u@J_sxtDjbnq%bci4SS5cXq&G3T;keLkYcRtKE@5bd-uo$Os!I_^@|p_=l%v_AB7Gtl7cTQE&P8IIMf+f6l-m6p$|S%`m=Y9
zcs0AvHfh8*6^`mE;f-yyl3`Yb%x=3VQ{`CuV5LR0@7*u)xR#6`{=#`hb*e4X0520s
zH8;Uxiuodgea&5=Re|1>XFJV4DmSo3U``_9G!z@`zCIR#y%kNuZ}AwWeDZ*W>9nepec_zJ)(Lh}{IfTx0=^
zRL7-Y@L^tF2;Y^<;CD%S*S6V>i`~%6)0^Q40gvFRYaz4ckf9fP%RVbN$s{>8)tYX?
z*Sqn6r|*KJ4OV=S4-Q`PZkoE!p!ZR&!4ZjgJyjotk}QW{
zEBDj~y4`Lio^H6^XT=2GNS?w^{?Hd||JS{7nLXKU<|FbPK&qv=EpMUy-{coZ4tqYW
z9fI1Uk0*p(#@uBiE{w}RJtK-9kQB96BInWEb
zGdZ!h>(S0-Rvz^cX7SXZaz-MTH5gI2NcLSBrY1hzgzC}t{>?tpp;TAb;EG8=*2J=q
ztuDVdT!JNdsr$?)irCI>5vsUk5YgF58>R}o2
z6j(*XNp;FB+-2>47ZeuM3J9wL=8rIsoP?7|+Vp@`cv=&6r&0?to})*EFlA@co5e#e
z)sIfu4Qpy&l!f{p6nMXy&`T94ZkeC=+~rDe+?Efh;fjDiK%1i(joX_D^>XnFYBv_A
zj*SBC@f6fg#aYbX5yjq>-P7Rf9?jM{4%Ph=sIfPjo#?D({j4#CvI!*}s;X!%Rc=71
z;@VH#A&0!3zhX15TebVL9a|2LHJigB$7;8mUDj|zqv_^oOJIREe_Nv24ejiWg60C9
zi~D+zmiXpEv1BtQu0_am3*;p{#+9|V#}Ua}=||yCb$q3dYb0iBadG`Wq#V;i%id;P
zo%e-(XAoOaa^#Sl|3FWowDz%9L-_+cuRYv%jd!)#bk6JQtWDI=lq+^)GuL!0RBF51
zQp-NBjJBg`D|T6^$O@xzB_TG(z88yb@tQZ-c#U`iw$aaf)HN=@Yer8(h&TL2S4-BckU{<&t|$9J-T^&?dbbgXf7)=(s9WDrj)ZVcba%yTfr+*tH9f
zdCfpqoLhw#ZN>ZAco?g*8PP%^1k3ON7wo^g+3<|5<5yEqlVeYMWDNx3+!y~2FkiYt
zH7m6H2iEAD;K?q&x|i1E{K*u23jx2J0HzM5{6v{M<(q0xFJeEGrFhgsCnIJpD1{R)
zDR|(a2k+uAA)C!m(ef0wrGp(JysN3z98?hIvIbs|rP+(#c{Zd>x8??2eY8Fa2mSH+
z5pw7M!`*VM`Yj#pU5G(^m)w2#(&(vT)L6Mq-qfD1Z-Q?u(A3qHR`>=jwrYG<85*l@
zXC-xcW`ttac6z^@Q0?Rm{=%b32c+x^gbO_;AWm8J*#<*sqaHoW#{~Lrr~H5QCW=DN
zBfy^8G};$(jfCH7;bRJYnG>)R3MYLUo7?*O?GE_;-4uKkxW2KYQQILi{f2WyA8akr
zp{oB`YSW$hQ(O4q3~ZV3)B~>GI-mK%1I`2iEbYO%9)5cUHu-yeUZVom@A#cWuq_Kk
zC-%q*b@zR8>;#&QlsO=QXDxd*2p+SbKg>=~M7XoIg{Q%Kj-G^~IIqDM|b|I{ZiH?r?(ZPd@jo!ochL=;K6v
z=RzC~;fv_#C;-2V*j3M7ZqiJL(*z^H4md7|A-cmN%ap8ho0qsD>W8%jeE*Fe*)aFj
zrhWfmvR)}6ILm>|oeRHB*23T{37OlsuVN^}VvTvir!>r4BKuc07%!bkL
zP!3%A^tYv8VrO2frQC0B#`$h(YI-JJXL^`fjivZ1Qkt7*ACI6JAPo4xgWTG7>u3aQ
zSlJt0eE%2q2`fsnr9M-eSzZqZ<=osN1)nc<@3VlY$(KRot$q3|0zBH?89I#vsHy2?
zv!TuNDrk>sAGDVP!IQ#n<6K*|EyO7m{&{f-fY+Bt!5Fl%5kiEa3@qfBcOUk0iu~R&
ztomWTKqY~Jn0+1}c2)~}5h-+uFh9hFc(d>X>z7ay{K8Z3Yz#vMWnU%7g_p?atTm*i
zSHi(vM6n}`EkZA6gIvEJ1B?3jCW(sftzH*U?8FkB$uA047IJ7%+#+Tn0dN^G>vFjk
zn0sJ6$NF<2R$YQ26R-@EPYPI`uHbK+hlbQ~%cF&~qCQ(>EdAnhmsgDo@ld|H-HS(}
z{F*a1C9viUhoZ~~EJp>5TW!bbXTEMH_P(rsrOckMfg+uI$vD;;KS-Oq1yOb+yO0F!
z&a6a~tBFX4*S$4+@z3^Utwn1$%eJl@+B#Z+?p9l;SQeE+ZrM_wZ4av1)=V=26`oEL
z+;#pw_}&*e!b1qZuHHf@NEIjB7Eb)e5!y38vI@gTJh0Bwpr5seLKx!
zY+8Kd2@P^riwPd@vtuP#R)Mnz&^V5P*$NH+yV?qC@id;s@@PgMbT&;4qGB6b#aKm!
zZ%fglJ<*Z7DT>`y3>`s$-F8|F$r`Q1w0>r1!aNloC#HI8#G-MJ?J;9+hleX{rr}^2
z3XRwfF+25gFcWJ5Zo;inKNhDRqpP?17bQWy!&>c#AY>ve{xxx?4aVt3cSZA&T
zz?t&wbDMHk8RC)a+$O{xW&rtKkQ5t!bi7Rth0<$!ZJ3^R=KyD17!_E_AZtyHfZE2d
zrGShpq$vAJfyD)Tp)4y<{@}~xO&tvlun2=M4r{H%UF8KfLGW%3`(m%=MfJ7vy7Vustq7jK&r2bUQ3qw6~_~+uJH@;5pjJ=>|-rJzdh>88#kiHqR4O%x&aS
z(_I_5SXY;BPs67I&>h_$B*N-9#KOLgjA8-RsNiT&J?#Gdu~k{w20USOLOK8ZuSeG-Axp%L4kAY+u(t)3=K)4RKQ*V?(S#W+L{+u7T|7pgcz3T
zpyPqu!sTKfnHFZsR)RiTcP_K*&a+_^*uDaeKY@aEB({+R?w5dR`M4`Dj*z_`PUN81
z8)s(_y&Y0$kWJx0QOmOm)%{f2^BS;BWFNHet0hK!=Vxt0a}z(?*^MXHX{Wfaw}i!;
zC!lRn_7$N#^^tr0t0!`X-m{Gh7&GPAG=;>KjaK(ID`^oM4v#g|_GteRXWmfOpwFwp
zM#UAe*P_DX3m}(mooN>3@2Wi%kB(}lhAyc~86W-bORJM@v70&)fx
zXZdSja$^NX){)ov6<}Ph42UItvmBA{pkyK8iIo-_bGoTwc$gnMyQOhFAN&^M_*h*#
zP#2XX&SlDikXSD<>r7^3NhdtbYAIA@yQHGo;I+AMz3Rs2QT>_;I6A&zQi6tM8u8ex
zThZ=fgkx4nuTFt4>wa90sIBIsU<~L7r$C&fqhVRm&+Bq%YVy%1@
zJMV^ioHbGG^d0lK8)4B3S0!g!h#o8&)BuAu@QYdB0-B+a0~QEJz4^T!NeGN!BkyyV=7%+3+p33
zdi?N)X#BE92w2nHaicD+7*Gr7OFBL~Y)g8t2NPN?sDf1qyGYhY)78*X_S%L@$Rr$u
z#f^l4!&s9F#3;x>?dYs|;b0F==3%o34U_2dVKUp?(gqKURN^_{2Akhz>N%OFo>Nlh
z5D9*%O+B0ml?=X^Z5N2lGi1D6((4)NyCH55M0%3FQzYdiY%ET~uw-U!xY)!hGbn6#
z;Eg}MH1o-xvURhbVaDg0(oK?6x?az)Y;SgL#)2a`_&Pm*K?$1$H(P;*1|sRk_st8I
z;2SXud#?)i+t5p3)xN0jgyEHYWna}zbvNB+4i9R=J8Rvr7sjD5-+?!Oz-mQic>_FN08fPUU{pjM4fKFmt|sGuP%p&Cd%7MY
zc+$AGsSZ}Ydl(rz`oc;ns+2NTgP~;ChKEhYF
z^b=e%vOX??u7}b&KGT$5&;XCjEUcW@)(ZImx5Jr~1@-Oplm`zyQ3XzuEUOs3EZxw7
zuXcr&#O#bfj+p<%2VAg!?Q%yi9)wYQ8aO)Ig+*q~IW(m)BLI5q8uc~GusW`@g87YI
zU5Otz$K7NmiP>(zfw5T@jvW}s8d65Sak}P>J^6>Warai(v1_00YSa6G{BuM6oF4a>
z`5qO*PqY^@Cx@cgoi-0oCoP7@xL{L`E0h?Nn2}xf^IW-Rn=s0e8;ISC3T<3;y*(}K
zh4!>d-IZ&&@gX;8zOezH>z@HL4K=PKP)m(#lGKh>Hq~W1Q|%os(3H%W*Jj#q^Wk9p
z7oDi2E;*+0fOvKHC{#s-J#-7-g2CM=s`cgCvpZ_r5t%&D;*c_2S0}^vg%t7A4oq?P
zRugHJBXm|4H_-9vF360?mM6By-P+R4t_58x7p?&INx6W15qNa95^Y05m6}*F7n3@Q
z3Rwz19@3bB@2}3oM%O)}$b$#2mUGR@9o&S+QgPgEp5Ls}%EQ!}+J>-hZ9`rA!j_aN
zZB*8?x;_Zr^f=J9(ra00Z!}#7XK3KH1xi3L9;|@1862O}IaIY~#5U!&=;wTxtox-7
z;uQWm7cLm$GmBX0s=}*Q;7@$icyXoy9;2sh({c^kkGYUeXhOoxBjy{f)j*D6Bcgdg
zaiFXIcFVmhxhsZIu%|6DtGjt+3Y2-}#B%r+Nu`$0FcSk0!or+w=)ng*U{V32WYRrf!`6H
zT529{iVFDCR$Kz-b~LruH)dk)DGQ0rT{TC~##t>a0;U(#FH7RcudN7`A^JGW?YR*plk3Zx7)5
z7XE;%Km5Nv{Mhtga~(z0@EruNV_pQmw}k&2_}}(7+8HGDJ6Vo=N5L-^d?&%57JO5}
z$LDu~?=1BHB=}&#|04Jn{YcNe@>@I3^-Sa9j*
zdjyw$eu}w`&j9}Si$Y)e`S*fLKYtSqzy(nWq@Sw=mwsL<_?{yE%LJExzCdtk=O)2r
ze%&LuwDW-AGQU0*yja9%Jd_Q*FkO2IK2Pwy1;1VJ;ex*?`2K=#5PXE-$H3os;jfW`
zFBM$cStYnk*DnMw6?XRBjLeh$QG$;Xyj<|9f{zybM8U@h-XyrxKTYs2AnmptxK!}5
z!p;qXOFQ=pK2GTWTyUxXy5Qr5{s)2|Ecj=FA0l|Lx%b-y!G|jRAi-rhEEinnSA*a(
zUrrTV=F544%k*9^xJ=iBg3I{7Ah?XrR$KV=9wyRTEcishM+z?6nQ4Mg68dumm-Tm%
z!dnHG{ya-?8UMQlm;QW6aOt;SF~{Zr`<*&&?=}j3Y3B>UrJcR-X1E}!fz;nma9M8W
z3tl4pbGG372!5a7Nx@$gT-y1s;L^^6TTwJAp3=_Sf@2$H>*)u~(LZw`+yUnHplEAv
zr&`2kXTfU(FA-ek<0R(U_U8$G+5XoFF72-p9NSVG|H}pMFZd&ZA1C-91V2*nkCkR{T-y1o;Ih5FYg=*;`KMj@^Etsg1plYtZGtZy=zVlGCotc^LC{ETY}@*$+iz)GPn6yihsbh+4kmlHlN5GOax~NJFS9$Pw?}z?5yQ-
za%C3(fcdpqd>F^)N5cMD!v1T5%XDqKgNZ-JQ}SsFKULumEBqe{|61^35zlFZ;^T9v
z!mktja$)B#!LJZ}qu?^Vn*{$-^lQl-O?-_7FI
zpC1VO(w|=lF8w*I*r)3O5uX;p7hFeL0T0PH;Jnx?6BLjvBUCKo^z=
zIsQ3Ja5?^|5?r=>M+q*|yIG01FZl_~ZMv@Kbk!^TRAEPsV=v9puj^;RyGH2CaqR7a
z%kkk$f=m1FEB5~)^rihT1()_G@9q5{?KcYkm?#e`1($YK3oh;4%)AJK!SVdEgbDBN
zEN;u~v%-#y|LcOwaQ`j%<077ehx&A_75osve=7JK!DTr=fw_(U%7n3-5&E*6pDMU4
z=NAet%lVH4m+87&a9N(85?t!PEV$JFli*T+qu^41^L@PEr2ck-OZ{Pjhw7=|vYyTm
zT-rHNa9JOpU~c`7YomDmQsM6kJ3j+mJAU|=;4*&``x<-J{v({f-(Zfx$^0EExXj;C
zg3J6pQg9icMS{!tbTGH^d6nby9icDdbA{kCJ~s<44Hl;CkZa?EEQbZIbCpR=W4;Fotp%gc5V|~*1MwpOnPm;tmAyy
zM&WxiN41~B4_oiX3oi5h@GLvi+5Q}%FY|q|;4&+i16@%dPA8J`jR`|=~hJ(#%-_Y4kqve1{|9xu2IcZuLK+nW%;ZTT-s?6T-sSKxU_Sj;L^^`f=fI1
z3NGzDBe=Blj^NVH$AU{cp9=o}v3HkIb!^+VfFbVgN}MrJu
zF4qqnms=AYmpc<2m%CiumYYiZb3Np7xyQkAx!1sPxlwY3tuKy;G~hTMvV!AyC=QNw
zYJ+2)Cg5172RPQ50FHHLfn%Nd;5a_Ns#|~V)BcQO>ABORn8yvS+QL0l<
z>z9T+Zm$O5xV_qg|o(Ztd@_%e@MDT<%+NT<#xmTy6r7@clC-hWwn_iFa0a
z^c%LbKjmj@JBLFa+c_T`+qn)L+j$!t$ImBl96v63WIY`1#PO2^9P8u)$2#8NSf>g&
z)@ccjb-I9Koxi|wJkJF`0ORu?@I&CS^2++!II-spk~#6wuH_UkjH*F437P92^{<32RQaa!UAFA2m2unIQByZaO{Up>NZZUY5V&)@hMQ}6zq?S
z!H{xBGGl)E)hN8uEF-@xHFV6CVtY{Wb-BFVz15j@Kzoyu$h!*LSWH
zzv0B2dWT=%+1k$?$?bk}cXGQg*IV7uKX^ZRDLAh025=k?TfuQW(343)}LFUKKADcaO|IF;FqEO
zU%{_{M=KoGpI5=%!OwtK1IPMX!SOugkh=9lj;OM{Q;^5w&tq^r{(J<-<4>w0VeP*G
z?JNV1?u!JSlh)@Z8|oo)YTTpJTK?E0f!P
zRFiy<=IcOx+>bhe<2V@sj^ku9IF6GQ;MmWb!7+aV9Q)xiIOd;&<2bBTJZ${nIIOE~
z{dP(Fp(*5X9QFanaX1W5F>$N8S1}mWzCCh5Q|;a~&LCciw|PgnTq#sTV@wo-a)aejoDLz;XQ4
z1;_Cm1dijmA2^P;Dd4!h=7D2=3plp(G&r{N8aURu4UXeHM~Sfh!Es(l-L^}jXp$=d
zc^v0;!Ev0o0mpGZ5d0SO|8j8b=Y8PV&nLlgeb0g8`g)f9uh-XCJwnJoJ65%Zu5UTW
zf1P91bN&~_kurx{<#Z|<3He7|0p=-Pl4lhPfAdED;h
zz;U|=fa7)#c_UfqSEP{te;o3Ec7J#(IQGw4aO|HQ;JChfz;S)s_=PPO*SCkdt?wgU
z-vN-v^_>BZ>$@Br*Y_kizJ5Id$Jeh9;CMWYP$sPX_&i=(@J`U5g~9Q4tp+&m7hS>e
zb!|8}zD~^s$Je#J;Fv$FZvAZg(KE>3f%eBN8@9f9QUJH
z;5ZI9f#W#b1CHbH5;$(hyWp7r1di>DT`sI2u${@ku}*4m9RDN1ar{qHx9yTKx-4%V
zQ+5;%_YCEz%Ic7o$L
zzYUK0SL)WEHqN6|2wPtq=UKsVoR0-_!@zO5)75#oM<9>wzX$#t+8?oM*m~h|6M$no(}82Y065lf0FLjE
z=mZ`N?U@9Q``1G7Tae!jj;|N5z_H)r`-iPB?$=eovERCYe}v@@1IO`m2ps$8A~^Qv
z18~g$0mtPgtQOXOTyB4GJP!N~j>m!J;JCl<1^0mUy#nqI9t@8C{|Edlh&Qaj_x-bJAUl-O(${%ml}uLsBR^9j5T^h3;AVe9(?JS{lZ=?dNf@}t0Uf1Cr3`{QPC
z+#kHg
z$p&z&zuSpFbmCu~cd7^z&YDJpP;k$K%y)
zaLm64$NDt_!`2s%S54IIc=b__S8X7l3fegs9FJF%!0~u>3p{${u=_u6op^*gVeMQG
z%S{R%59(wEj}KlB9M5m-g5&ezm?I)?n*lzg+gM}zSBf7Ex9A5uR>
zZqM(vY8bxGDa~(H57{K)p36M~j?Y87G?F@wd{S87Tu!_gcrwV}1fK`v;SV^z@3>K8
zm(VZAa@#?EJUAXdSAwU2JdT~A1&m6_FT|Q$YcGl;8;I))3ElVCj-avpB)_Y1;8<19vsL2ByczAw~gTG
zzz={&fbIU=iGKpe_IwA&_5?Ny>j!*Y=mhQu%bf&X3VaVZ){oshtUkVuWCX|he&ATY
z3pmz4436!;1zrK#`5L?&c!U;V?ZoL`#^i%Iq_mG!`g}a
zg+Dls|N7uKZl^o(Mc_DomV;yaAAw_g-h$)tByy{;_G3HagJU}@I`P`z*v@+3*v{49
z`6Gv&Uu_333Vsp1IQVNP9=&zgdSO1J6EE(>Yk@o7Q)2UgO~8G@hdc4f;3XhG7aaR-
z5jghSD{$P7E^Wfr7hgwGfIB|p&f4Dvyfk<)cvkSQ;C|qd+J-InSH!UTrNFVBt-;Gc
zo%!I{o=58T`r;8omKO~9vQQ^xyRi1)_|FXP3;VSj;kf
z(Qt6AGYK5W!xC`J?*zx?UI54C-Ui3|@4<1rd9@Gg&vMW|Rlv)Ghy2~R(65j#cBuf~
z--(X}uL${t;Mkro;FTdCwL{o)tAM8guL_(K~
zf=*%Ug>|xkW54B9x8p-B`E{2HkjFZK;MmWd!7)D+9Q*$uIQIWVaP0r*;Mo7a!Lk2S
zbPnqW?El>0x1gUZfn$F*0)GejPT<%NW5IEKA9a!TIQls<)CpD(As4()`xf#sqlUdM
zd;!NgzrmM6{fI$f{SXW4#1(dNwC7dG>yB;rd=3cta(r|AZ&?DzPcANAp1?|@jv_gBlnPP;rKH5O(Q?&Ag`kCLEcV1ANfdiFY?psMaXxk`;bpaEA6q*
z-LZB~QD02?p!AYoPW~{1_-gWK8O7I==TzTJeo*V%=Vw@ZW@!CX}_oAHOS{`{Q&Y|
z>W9cncu3u2qvB-<5$0P5e
zo``&zdNT5{>ZQm(drEuCk}p)RNWN3OD)~G08sypXN&NuwcNO2=e0UW5@&4
zCy;kgpF%!UeL8so^;_h_3P^kIkxwWn{)pV(7x#?3g_q=Cl0Q&?OTJS5BY6&Qsq>Y*
zmU?>mXBWrr`YGgCXV;s_!0|dIp}J#y{t3z3>$vXTp>;4{$Vr{@;ErFi=X|v3?(@gWlhX4*=JffzbBM2FE%J!81v7
zLi2aQ^>7gCj@K0HpE8i253bV%p?Sw^isf5E9-H(=Wp(i$2!>lh#|)=tB)SV
ziAM&<{)y?tV}N7*+)g~N6VKzs3p(*aPTbpx*K*>4;Ch${?dLk+zR=Hg!SysQG+*C|
zJO0Lj^*`ntI&rLn`%7cU7lZaR0j~+(6ub?1ZSZd3INq{@H-kJb7hNA43GD~;AgF`a
zJ6OLt)Gq>g^r}u=Z&!pa7wh9VYzg%)by6Q4>!UlX
zkK3gi)W_pkcPIXr6Yl|z^?N$;Uf{UD_i^HV!LfcnaBP2nCq4i?6Kvms;CfmUIt~Yc
zWBtKSdJ4kv^Ufx?B$!|9D&)3iZ1~9Z$%Q0UrkWZQ#SfPk`g|8xPeT
z=S7Zl3_Cu*hWrSq^BWx7lh$!!67m(&#BiT8lM&q6acLCP$K$|ga2yX~z;S;Z2VOq3
zHPW6);HkkUg6m~ZX!|FD7k84!`ja7#=O=%I<8ci80oyYb^41>PE}k)@A$WYA26-Q7
z=XCJ8;4{FRflmSN4L%cmG&r6otN@<{`CZ_S&p@(qb=ryBICPAkIgtMVd0cKh7*}|H
zQW_k`1CF1$P#=#=^T2UC&Iiv0?O6bh^%sHTcwP*S`6b|0p#E}j+>RdLSZ5VDp1-XI
z_l5e)z_HF+aBTlNaLlg<$Ng~=IPNcA;8EPF
z+#mV}_fxFD3-Vb1A8@>W#QN2o)W_q%Zm6TTheF$l?gMr9K)wn1Uhp2^`@pdu_Jcd?
z2V5`A|C{wX0QGUb(6RnO$m4#2+eL2|hW5`P$m8}p436XN2spm(p8&^ki08354o^Zp
z0Q%W+&&`f|dRr>AooB#HL;fsyO>jI9Zv&3~fb|{s^lZ81Ab%dbJ~-A%2Yvza`1*Ab
z9A6(XUm5CPz9IM}sFM~P&sTB(LdWG|eOxZK2iF(#I=vsdT`og=us^SW<8ci84aeJ6
z$m4kXH`hlv{_(yRw&xnu$Lk>MpT^Lic)o|%LFoAUejVyhgF0A$3pn-z9>;D#9o*ls
zA4)@=n~=xxhUe`iAb$(;)xd9qw*tQdJ`wyb_)>7(e|Lc6c(?(659+)E$2#x9??WEX
zs~>jooEPEsX&i9uf9z-M|H80b?0>wj#Qtvv`CibT-r#usG9LUP^P48O9rq^JL&yCp9>Z^Q_=F&hhX3
z;yCw)JZ>*MuD*o+!Q)Kby<9NnA
z?$EO5>al7ESa`t+P`R~yFictRt
zcn5II(QYs5#b&4vzU4;Mfl_
z!Lc7OkNx17d$r|aKg0&d<;DfaL|thdOSsT@rxfedC1S*iOeB
zv9-t9xWeqrl0u!P(0<3(mCvI<3L6P7iRbGY&j8v}X}G*4YS-
zb&i2!o%7(>Z}z!{j`J?8{~hwH;rNitaicEe%aOqk!;CS3l1&;d#p69qh`<-2H=h-j>k0L}oOl^0UdxHM1kVTcal7DhvHj@2PzN2yVScEOwL3{9eX8<_fUz!Szb(Vu;oqgaZp`CcWiT(@nxZLD$9P@&H
z$PbR!gH^%3A>SSx&+7&_@oC^#XA?N?r}p~mIPT4b_4R}Ga(3PKG~}0T|7s2SUQlNM
zIM%`IDXg;z^8KLBG4KT7x4{cRzr6v+>(eMs`T?&maGc=vJC2i%P#?#`KyVxnGr@5?
zZUo2eg6C0%VZCra8VLPR0_qfjJRVnzf|r6k?spBq@qSbgI37Ryf#ZD%+`iavxP7q>
zUN0AecD{r9#ldkq;&SnN8JFt?+Z|so{GE6sC*BR*@wXjp{7(YU0sF-qaBL@@M`1e;
zKpw}>3vle8xNv@g?a2*}{btX-JN9>MPax#6Jw3s3drflU>%p;|r@`_5l0Em%?RgG)
zY|nRa?4Jw~WuQ3f;BxKxaED|6G=@C(&meGL*uHbYaX-cD%D%8adP{Rc&&NtYol4+X
zrzkk?kJZ6(do=;ajcDu3|g!^&OXs{ZI<(7lZnzpno!emxesn
z!Q&o2PlEUT{Gblr_rv*}=dfJ7jxGbs%?@?Sf#dvC1#rAhuL#~0>R`XQgI9t)9-k|N
zGL$LA}agX8_WZ{W3{J#pckzXY!X{e!PNct5i_9G~%ed@OhXtk*1XTacs|(#@_78g_5C-;fu>Lgj|0uX@i@>N9FGGn!0|YM{cr~Q2k*z?{kq0b
z=LO`q!npko-V*Zoyi+UiOfdej4$h}wo$`>!I`zP@PFrxSGZ4Hrv}Y#6Mb#{Sc
zokQT*Z&$&w{wr{NUML>yFPosBTY}?pU;=m>Sg*O@xZKU)xZIQAxLkYRrQ>`Lj|28T
zN{8cd;3?F>!gwUYJ1
z`?O!d@qX$5-rxQc`t`r}x1}HcyZ5*8b+CHK&SclonP9x(ybNAXy@?o>F9Z4ZFrM-L
z;akYJfIRN+_&V4T>fn8$PT&op&NMjgwFSpKz7C?}>tJW7zsyOU9pKo`lTQ3GI3CAx
zf#bZMA2{YygX6pp-j71h2Kg?qUf7>O;CP*j%f<1~74rC;HacEkcY{2Rx9;G$-Twl&
z>qp1SgX21=SqxdBIjl09^1Z>ggZBYH1l||?26#X4SK$4@W5Vk=
zzAh&P9{~AO;P`s#4vw#Gz}-{CkM40*h7Fa#XW
zhcWL7?HLMr96wpXar_Ji4}>}+z&nBCeAXE7k&wsx!&v_*vRn$8qikJ`UQ6=Z)xIke>(jYlCBb>^B_GnIJzNmW%hJ@bwh?
zc_1veB-FwEt{ONlw-NXRST5dw!|^r{@;L823>?SXByb#WbHH)DS4`%53lZsW-nYm7Wdr1Kf7uF-`^y1v++R+ED|x&2X7B}&$MszZ?yL@uE4-iSY+T{^Sq$}Y{44?gH{%EM
zIDXLo&G^AQjvs6%jvw@YGk)+swjcCAjyD`Xc%Ku;4?13lE`@%>{#*wBZ>~d^LmtN=
zI*!8?kjHVj(uw2o1ji5F$8$D*e4yV}Lw!7MuK~w#yA~YJ57&X?_*@T;`^5%uKWGnb
zM?4O1ggjoC;pd}fhdP@ekMql$!STElmy7*?pGSn-Wee27ZIH+D
z`7UDE{i{-t-wyczaBM$r7km!N3-TA?^%U=qp=1B-faSJ>I*DMtdN^@x&rYc026?=W
zz}N9zPV&3KF^}hUxLxo(tq?31&(rWcAJ5a8KzuQ5j*m=b#SOKM#)mZ~+{TV|d)d
z>#vKD9|_C71is3N}ui%{amS
z$Ipwy^Pl;!+#0Z4{G2yD&&2&b6XfwY?+uREO}HJe!g}HH^WV(ZV1HhRIz?c)c$_Z_
zj;{+i{%=5?Hju~H7rY;c>xJX(Ce*?EQMg{qp+5HKKj3&=as!_augkc<7KWINX?k^7^kNxln9Q)xhcoir0alM{Ez6Io;g8!TI
zjfjx{pE%zr4E6DR8((*Dzjy|D9RGOS#_KOUf5v`BFAV(?4E3?jbMUN?e*uoym8HRP
ze7**+0Cn)Vf&1?p$YcMYq~c(ee2I74kUVzJcTZh3*FJ!SRFp^>?U){rSU*{{+YSzrb<(;_Fvl
zXb-xt6UWz!-%!6Xvu=#
zS|R^u&tF-6hdY*Qj;~YrdD__irjB3IFKmAkaI5d=he-d;_SXxk^WSN|W4Zsg_FH=$
z?THf79&0zQS5#=H{ktQN
z7A`LKdTJhAQS!~Hj(I!smipkTU9WMS36#H|NtU~Y{7nN{?oRRsdj~-bBJpgL-!oF6IC%qoP)ob@KlSS^m7u*Z
z(&}GsEZ&mp{Lnv`)1N$pJ|H%XyuA*}GAS3xrJt5U${hvAyHcLB8QvR;)SmnvL
z{w?{&Z!;@Nei7xj>xtn?^5ktKe}MdN-RVz|$4Vs2
zwde3{xm|Ne@D1f%a%n$Dl;v3d^>^_!#A=ctoB)xA;r)+4_M2(eyRi`ZJrJ
z;Kw8X-az^@EBS^5oz321YgVB@LxcTk^7Bq)rfd$DWcOL++hN+Bt*V
z>MS5n`cCTXB(JXf^-*%GbCx{LJ!$7Na?8IZudQzYiXK^h&-&lDhqNa?`R=jeS;?0r
zk@d|(?(HY}a^xfWiTjf`i6-8I{DK~@29U4TH$7e4)zHGfx>FeVTa?9^0
zZ<#@U{|33`9oM#wFROo4Pc$6&LeVYnxCez^HmUrancVWZ$fM~v^e4A`Ai0|!KOOgA
zak-XvJd2CoDp-DY+>1cBykm|VJ-Ys(JjYxKy5$}Bw9(r{-13vipXdqEM)I2{WW6qs=hX4`oZL%KV84(Tej|1Mko)Tmm88+7z1E)|rR3*~
zl3lZfXa|FmAb
z6#0czGR`ZKcgZe!d;g8&pB>kUI|@j?9pyVrk^Crf%TFTDURmm_BA<36boE^}k-sP_
z`J?17lgV<=lHboF{*>HB&&S@79~vRcjTTeBJO0_RzTP{fPCW9adcB;HJYEjT=O8~=
zRoY*Q{B2Ij`;&LpH+BS)PtXgm?&P0pO8vp)R%bMMszQ=qM?Oi%+ePxEE2LlElE>25
z*{|da^g=40-Z--Uw0tu1wBw~8Jjf&I`LGwcTNY`5RdUM*kpI*R&`#u)gJr#XkT=)+
zEq{|+eh&GL#8PJ`x#bU#mnkUuyX2OCO8#uM&Uekz0NgdA3Yae;K*u*O8z7DEaf`mcLH^F^;t7GkKp%;=jpEu0rN`5D~jc7G
za?3v@pP5eTM~^Gtxqsr5|E&{TxyZ-llm09~p43OYKDp(alb6?7xyL)
z_$=;AUQ6#&wIa8CC-SX&y}E$h@+-(+>UH{Ma?9T)-4f!C&$%$t~ZJe3pLj-Yjy>lK*(LddPpo
zKEbh}L%x2Juh4m!NP6C67P{OB@RfPjO5klix(lE8TuE>U0h0$f6?=Rw&a!%
zVjm;x`!~DRpF{4e`|np;K`7`AA_5RXZa-ZJP
z&adQ4ZcBSoB$MyfKbB8V-d4}s%aL2&pZwZ)sT)LY`QGG5^aD`mke7Wf?O#IPOpjMb
z$t{1DJh9H3d?vU2Z}O~HWVvq1!}pKn-O0VjORhZmd%f$YXDk
z{0wr-FCg!JOY+CaEq{*Ob-v_Xb)M74gXN=>7y2swlbPJ|xyXBZ%5khFx#jDVAI~fG
zN0L9+>x&8G3$IK2=aAQ2Aa!<;+kKV;
z^?p%W@+|KqmzjKIdvQ;4tK&~@{S!!@d!*E9L2h;WlUx4`Cy&}t>P#WGI%~*R4w3v8
z@?JXsagf|w=P&M)&(PPu=j44;%eeYL{|6^se}D@|ka3Lcb=E7pWxMaW?tv22y7QdD{`<+sG}yhrG1zUsuQv>T@`^
z$yd~u`ftf!)^`d0`a)i&w0Mkk`aR^Ed4dCyb0@d<=O+K7_jOB>TfRJb
zwM$aJDY@m_kY_$8`N8CtA4PulzH8_&EF!mgv6bX4KTG|iBIgS?SmpLmkzEg{RTNM5hG)TvIsT(8&qk-zbf{7~|>
zU&W`8x7OE}1>~caOMVr(TSaN-cJe60#1E05JuY?5k@qhoewF;XUgy3h|9o5WpU7L3
z6VH@EzT0-WtJk4<$*rBm$gQ2_$#Zv-_3|g*wL+HHirm`SkvwBvsWXrKL9z&;g;tUG
zo+tIUlUw@_kz4!Ek>5=z%e_iICx_I3O>XV~MBY;SAyY>AJ?m$8J?}3_o>E^2eaU}o
z-SXrU3QOHUC*GKR`g>WgZsa?%iT5Q>(p2hCCAa0yCGQho>TDyo1DsTLcUq&weON=(dXPgkjG0ab)set-=9D9eswDH_eUj{
zkvymNXI}On(hr5mm#-18Ozz)A>bE3+l1|z=jC_~2XD+#2*DNIu()qZ9DiHznszZubd2$QMMEd?j+5KdMRoQU4H17xG|z
zKA{(RT78~jEP3QlvfO#()cEBVUnQ
z+SiTTj;nph7wGYECi%qV(*Fy{C+m2fk}Z5c-0LDgFC@3;^VgBz)a|~FJV?jqS#oVGDW+*SHBVfOItx9bWw@?15fAKb}D>I3h-H=*U1rY}ry#dF>Bw*VCF_-++@8xSLjFC!o~6XsP5YkpI&2|3>6vQ%XDAlb`)9?deKBL(d-ulG}ZxQRKGVMdW3QOFP$*A2}_)
zpM3K#Y0pveZ+ai<40-e@Qs*Z5v2{}C8TqHJ;vdNu>3vbxTvE@*b78%26NkKLY^jry
zyjdja=k(-#21q_X`RNbhzT{S?EO|h6sb80TN@DRQ+7&>-!1b)
z<1Wd_E1VQ}CvW{)wJu+MfLvYG4iZiq#wSp
zzY_mLen?;6Gv$$gw|@4%E&Z00e1LBEdgNKPelzm3XQj?U^7>Q7*OS{g*+X7-y|nM7
z6Sw!@So=rn^U}eTU#HLUekGrkRQlO9Z}@&VtoK9Wko(M*TuOF5UZf}QtNmV-{JGvg
zuRz|nqx4T8xs8*?&VO2kUD$Ge?JpH
zL!N(w)VWE%NUyt}l7H0x`AMEf?~^3=l;zlVe;7sT7bLgq3xD#8$s`{{{!OoEr;x`;
zsOw7}Pp_Bnk|&HO<0?|V@a=r3^Nd-^eRN)?4Ea@k-Kj!e`INN34Y?hEx{&wM`_B`}
zEkA?&!3$~kHge1FB|qC;+H;HCo(p9R?PeLA?UY47S+^!=E
zlUtpVgz>%@^n>X`{pCJ_m31I57PVRf#ipDUZX9!)d?c^()SfkBaby*)@K)aM18;Q
zHFA3{`X2d+-csimx!n(m>lMD=tWHw$wEEmyK61+!AwLpH`m-jv^ikHg1i77u
zlqWCOLGn$>?fqG8$+P)NJNlES)$`jiJ0KGaL<+#)Zn^HAT&E$^zY!`5$i#!CCskO%5K
zS7!2AD`mM}uMSpVFJW{_Y`PRzf?a1xEYj5%q4dwWMg#3)2pPwN=l1|!rpWO1n
ztJ0pP!0+?G$NGM)H!{KNZNcjhE%sC$~Dy$(!j1
z0*xX6)mWB0g?z|5slS!nUtf3jkZ059A1;zx{wDdOoKpWIxm`y@EgHT*txjC>Vr3RZu#Tnef56YQ*z6{
zA>R^J>c=nkU-xHna=)sQD@<ew*Z%liT&t
zI`ZnRq&=s|Eq{spd1k5qj@?7wYzw+^*MVkXxMvmo^2Pq&Pq*Q_lxB6liPJx
zQSwiE|EDIoeI7!6@(g8NLl@AU-17a%>z+AAYa{Ii6KjftfyM`_xSqWK=^}l_NL1uEhe#}LFWuermKyII_5J+xy
z8k3(~CUyFeH`Mc!VdN>lO1qbm-#ICDPLR8=mi$w4`#gj<peqCByfR<>Qhk
z@sNBLa{D}l+~hF}N;}JtTfPeUyyw!6mgM$6zK-PH%OpRX-16he*XjApGID$W{yOp(
z`DJ~Nkz4*8`O7)7zQN@7zTo`9-}x97DcP-)Fs&JdfU2-$;I4
zk8hXB*XjE!ZEC^Q9zy;rl;|J|B{X+*RkTe8_{U$nTdWf2hw@
zwjpnwLE71cywGy-DdZ*QiO(jl&`XxPg?w0C*)F@u*X#ayo_y{asdJsY{}oy8dvcr4
z`$qoiyyTOV3E!WVPfhL{RoYpcyh&sE{W9d!b-kLATfQCn@ut$Ak>rOSh)*P6azmCo
zk9?>0^B(eS`W)I}^3RQ={zY=D^NKvqCt2<%^5y!zo~U|Ux7T-j4ks76-QOrm{@|6=
z_b0dK7z4;#>+4`Ua?1yiKUpR9$B^4~&}8!U+MW&M_T1xk^7vZ+B6&M~pVxhIyHE0(
z{6Ehnl6Rjg?T@49@7B+DKf#UM?hoW7xBB_XTU?g$P>uYGn=H2>xjpyTk~}D?B)8`q&yjoT`QA11$7!WKpU6*-68}Y>Lg!iH
zmY09G?PB{;E^-_HUgRzP<@ZaI=g@IbjXbS>&P+q{4<)64+L2FbDfN4jTm1p#QEy0{
z$>f%wNxo7)FJdEk(K)i*9po4F`LXll6ZJTMjl5}eY0rCd+mC*ekM1q`q(|CoeZ#^5e)Y|2KIS{XBt<dC4R4^J%2c4|2;#tSHO3{{MDNeojGd$FUsbB@ReFANwlt
z3gpT4{Hi+ni3^f%NpAU$p^emJ@1$CGE#`pd{IzmB|>KKFZy-13*mKj{Acirn&_
z$hYWoU$HC6dRYHkJ~6pxM9JkPw|pV;8&@P>o4iIt84nG~TdflRi~Qzf@uB2%$BU08
zzwtztyMjDYRmpE4Z@*Oh4EZ)a@47nI%7x+~#E_lH2oAGs*2Zxt!eQQ`VDv>O9v~ayvc*lUtp4CdC&mOo2gGQQM*MQ-^|wH;0a=TtA
zOuj(hpAtZB`9|dXw@Ul_l3RW#xl0%6pM~T$&$5#I*HNi|jNJ0)$T!87@e@pL^Dd2f9`VA5*RUh8L@m&rtKb#juQn;^emiTp+kS+DlwFZK98l-%ZJCX?HI$}IBQ
z`u>GYY?Sxy{S0AV1ntw)=i^yRJM=eyX6X
z?|pKcX9*@xepTv6s1d&ZEgyq?sD3VuJGsrvc#xOZ>!4EPHZN0=d|*D=ADfZeyi7at
z@gJn!L&$AjW;FQ$y`Qs~+~#FAlG}XBPV#vAe9l#Jo0oY^ZgpOf-`^qqAERdY{X@EJs-$zp5+JmWnalBtQEdLEuWHn*$K&clG{8>Ve*OFrG5=^%hw|xq1S8O$ZcMx
zFL`Hu&TS&O&4WxQ&s9wJm!0I6KR`ZDKiBaQx#eGycbh8x6GxAuc6_#c67n=DrGJW&
z+dNBY@_PE*brW*Sw;_M7^O9r8ZC+*ydCOSRKWoTsUSW+i#o4w64bZu2si$S>cM{AY5Tm-$V8vaht?El_^X`qSoR+{w%7=NtHv
z+q_IU@*0n&Zhdl_muXJkMDGLiBe!{$q2#G`o^c_$qlJ_TX@>{$ixz!m&Zucc7lKTyo
zI#bCD?2`7+B5&GHd_MU^z5l$K+~!$!kx$q8%CqE_ze2uU=SSX<+jY=q@}N}G&O~+P
zyNz?3mq|&UR?qVakmoERzh8>n?vwbF+q_92`N5A;r!%?TPZ&&Y_Xj4BTm9+e)00a5
zE#z0+#1D|$yvzymJo@uPayx&1LH_lNjGy1+HZK#Uo-E(`zwRgbIXSuA$H+`>^D>^~
zsr5XtFnRkiQa^w^e^hB_Bk~r*B;SSH_M?g9(Uwbo2Ki2%cU#5YOY$ekZGXH(URJM9
z?~~hn%4>3)-}ymq^E=V%%kr)NZGI;)xz$faURtj=bCX-%{?3)vj~!F`xiaN#ey1jR
za=ri1p4{elx{|lNEbB9l-1f(rvQJW$St3TeXjOD`H|PMylUjFi%PyFx!u3*L2mOk1IRPpkvh}J
zEkBREhl}L5lH2j{7`e^woFiX8PS)!wxy?tsAs^X9mK(8Q`2M$iO!7necZD*LTRuB^
ze63%S-0~I3J4crGv?8~BC-N%&BtMee@)OCc>HOvja?5WZ-=)`6XUHvog?w@(>BkS`
zHoxcHFRheDWeX50#1B=67XR63wOxvzWo#O`m#SbYejB#I*~6-6Ct$FWO6$%T1swp){<}1>(is;
zmOo3LN}o3fCb#@M@^t!sx42Ei_owBPlBZlF{p?L{d0+C$@g(1r-12S7|Ll_dNOH?h
zB>$oJ+t-oX{LVJ=wTWas&ym}8$5ryanXr>?gN6$H^0)mO8=Y^L|M`
zL~kCx-_~pYrz5xdo!sO$FH?|wp_|mLLT>Xr^~tSHbMiAfPt=#(=4*zM|2QtookMQ<
zCFEc9{AV}0&F>s0e>_3@^ESE7?>r`-sP`v-k=y)E`bIC2glsrR8Y5yT|o8LJ_K5ne!
z?~&X5&NK2`C8R%H^tn7cPq6u&XynKBb9LOvZGI;Ud5Vlu--q1hcPf+Hyi6_fe350n
zg2-)tXCS%N8OiP{?O950^E+$F|Jowk>kN5@CDNYv+?<>$u0jE`Q`Rfe>}O(*GwaynO5@a$SuE(JpEJYm$T$H
zUvrf_OEjtfmfZ4R$xEb^`te(b?|+-$Nlv~%KhGp5xy`5KBkyri>eeE+d;{{bdi)$f
zZut@9eGW+dmE@M+NWQnSvt!&`5g~(pZoIr
z<;ZP*$Dh3Ra>+L*xA)z&Coiq{A4Zeg{LWCArPlbR-|YL-J$DEkA|4W-Q5XAiq;u`e6sT{oV1S=o0sfH{9T_-Lff3MH+ZYQ^S%zfmMvq*nkB)9p>d*pUpeNNtGlGOQ4ZsR9%=kVJl
z{%Yy}oP5-CsXvgsi7t04`DT6IW-Gjoc-C|GVh%Cl2{WeU3dDdC>y$
z`#H$%?>FTm-@aDb-;6wu<3&E?t24QOYN_9ke62nYF_io-U&&7=xBNWv#l2;@+sG}y
zhkSN_$zLV6{2lVvaiu+<$;ay7A&ML%|8B?gz6oV~CL;f$^Q`&F%YT#KFG_yWP3lx7
zw|oHkYrRj~iQMu%$TO~$Z@Y
zimxZ{uJf?R$Sr@4eD^JB=QHv$kHz1Tm$)v=jn-ZM-P&*Yc;wS{Jh+p$^_Myx2
zcgb(IZp{o?pfNEBtop(M#$iCAag}?BtgBB+t@F>Xsqjm|naJ`4k;L
zP020amVBZfXZn*{{|qN@8&j4$i`@EW5qZvMlHW#de}`o+`IkeIzesNRo8(b+KY2rL
ze~0A@d4krmU1Ii-<=B2?`Gn;AV@o~@x$7PI{oLd+`ioa2x6hYuNS-~u)Ne^XEuqvI
zLcU1bGlo3BzVCP~xy@t#Ltb%~EcXz3v0LI#$ZcNrBYE6PlK)9QrjvO3p5gm>e?>X|
zXCn`IEcpuLopqj~I(dRqQnw>{)fD1?k+1n7KAGI^*Uch-cUs!BiG1&6sk4i`joxRx
zPj2~O@^(w4PF#KN(#GMlBH~HOlk4?$QF6a-;uBsTYf9K>ln$OCAa)l@_hPt58sko{wsMLeNHb)Z&^Rp%=O3eaK7b
z{ptqfmTy5GDCJ%3bKJQ-6DWW3AL*ZsMb`fwd0d@O{6=oq*RFlS
z_uJCrQa=s3ecpIx@-})rEJkk6OZbs5A1L)3kXyb5dA-JxA4b0JoA^@l+d4nJhuog8
zI7M#HMO-3(_D1TzB)8`)zLQ&>2z|r%XNmMuCk45Oo8;1y=cz9FLgbb&K_271?sF
zS&sFmeV%`E@?`lWSAg8|#mLijlzd(C5&C>cQ}UIWWqkG~x7UTiME
z*U(>RLT-Pbs|)!OeScyv@@rLPxx>j*KNVj<-a+rHuOMIh-Zk_WwvpTX=@s%S`aIPg
z@;d=i=PkL_i7`mpW&M15lKh;2eBvVUjO3TciWepSvQ4}+dFSTh)yb_r!^pq=CG8(a
z?vYM>Ho4W=MLvDGU1Et_3BPOX^_+zPHyWppFH^)Y0q+UT`iZLE9oTI^@6Z
zpUmX;cS-ENh4rV+r+865Q19pXlH1=gDNk{>V54&r
z-a4XemxbhZUvwS0)!9bgsg(5NS#rCszfT@d@AC(fUwR_#aTywZyV!G>vB@{(lw4x+
zz@_3j$Zek2n>_Vv$@`M`UnlJeAh*xoX+xe~??-hZkEEX$G?Lu%6Upc5eB2uHtFNS;
zTgadLMF{wf>xs8*diwmM7vB(2-
zoV$}--h;ezW!dj4lG}A_4f3GkvfbN}TfcQBPpaopyU5#k%KGdhUz1eYbDG?a=QqfA
zWt2Kk$?baoBl+D`l6M^$zCS1E`*fm_zsN4ROyqX|IWM`@@g}$D=_`@j{f8Rl0V!m;
z?a1vuQV{vrj%_@0M@}hIZ
z3z6I3O|M37pZ^d@UNMQ(2_m=ss6V-VPQr92K94-+3F-fhkLY=RL2}O`(*BC%_Wthr2TwieJg?Ii)D$!}qg&{zDw{K`$g{&Wf(`X6#TZ#+(J=X>YK8+?=Yydt;rM*I70
z)^AqFbwc?5e?3cnPE2m+jj70o<(KiFkKE213zI+B&zGo6{_eRfcOZGkGcw+Wk!R5P
z!a3wSK1-d&pOKIMlyiqw>o)7t?*5U!=mTySz(N6OH$dkvAewa?4L46bX$`X=4L%vx(
zn0%(5pGVT`JR8r8)$RJvJf|)<4dtJ|mGr>E{*X@AWy5f5Q5mrlUCZfjNI~T$*XC8KY5WhQvVpaz3=)ax#b^_ztrR5C-Ovk
z-}M*y=#SF=czU11#=qs0kx$cncJev;c{`ru2@*;D3gnirPCh@e=I7dL=hXIhCbxV~@(X$%IFa1)Gsq7{lm%=ckMAe#+(G_9
z&jZhsTmCwE;<8fz9l7PdkvFd-`S{c2yKS#_2c!x#eq-=hA#@@|Sx4)0zB}J_j|D-0~C2H|z5r8_477
z``S*Cr%=C3KJuNc*HiLq_l+d~N1uONKyLXJ7$;<0}&?<7vZz8X#pCfUSJm8!3*G2NL`gc^HkX!yWc_h6b;;Qp7*8d**oO5*Y
z8v2|}DsszbByX(wg5;YsOFtJU_tX2g)yOShhrGJx+mr8kE&bDt{Efc8j3BrC1oB^+
zUqoI)&+}K2@5m<0-9v8qBjkrQf1Nx+H|d}I>wP=ME;nvQ?HlmE7`k$scNd
z19>7n&g>x1lSAsCBDee{a$n6qB~S26>bxPZqUUu{^?r=)kCu;1zDD~e3%TcD*^ar%
z4>T4pLvHyhct
zulv_K@?!zg&Tr%glZeNfFW;^IEuV-yP8-Q(Az#~6JU4lrZ1TERg52`u$y;c?K6z$O
zsneW%_g?9rzT}o4N`862=3wm(Z`r&RR3g)gN}^o8=>*4OICBd-)7xoqV2{8AqBmd{WA
zt%1}pNpAT%zeyF?T_IXyp
zBudgm3+;3>4(zf?)tu!8suG%NxliW^+Qkci+Uey
z7UfeL8zprMlNbIV
zUY*>|#~PE{`^#FBzt!XCKyo|Z8&7WUFPlc5JdLz}9l5?ir=x>7&Us_@&z@~Oxd>%^fq`R<(Z`@ZB!E{iuHxAW(AVwhkVj{sehB){;tPE@>zwYoi3~8dyJ58j`xGu`FvdR8M~!^
zDst-wcXAt7`N(bD`jFdl%abS4ehVPC{k;YGnxfLquH=>TBTH4VAd&rWXdKk_8cT1$>&70B&<
z0rko4dFeLfR=*2*JUu@dPkzNs+CQ7z-ruyCJdeIla5uTVzv(dfDSdwC8o9l{=^lB&
zdTGxG@}_z`|3N-HpX6h&mG8E_>~%8-xyLdYhxy2#rjY*kBeyy|$-VTx^g!~;<)qGJ
za;vkEJWeuc&rb3s`(%BtlH2R`ee&h{oWN^xyPx)n{Kqw^AAMc;ezW^^@yH)||l6I~mxBPDMzaq)@I!SK%2jnro
zNd33umXE6A*T!K`Jjo{}w|owA*C>)NL~eP1@|=|=-+*mZvGD|v05Urw?i{J6b#Qhv@xZu?6<@`^pA{l4UD
z;!2&eFDo*}xlzb(04NAx1M>w-b#
z&#uUFr;=NKF1dFcS?)G+yN)wnvS
z(~;YCL{{?PFY^1oHA+!
zlG}B}Me;oTr2TKn?RfZ`+^!>{Y!2VgGj#lCAh+v??Bq{(%kP&Zx9fxgdTo&4qaGl|@e&kM-^==)jLk=uT^o4miDwC5zbUuyA-Xz{R+-8Z?PeA@b?ZtW>XZtbZ}ZtZD8p0}8^yA!$f=Wy~0
zBP9Pfx#d@rFSsV{-$6b+hxk77a;L>llY7q;zd~-WFK@_q>2p?}$y4cbH4(Rl-(FTf
z7P-~WL|#VkYk82b953xGMsCOXO5}Fju1P*qpYv=@Zu!pS?J~;xj3T$={B&|V&d(=*
zR!!<`C%5DL5pp}upCK=oQ17|*7iB|Zar(Y6wogB<7i0^~T)*CFpRTk^Ce_ew17_8?EG-|yXz9N()o
zmpnyE$+MJvg}=1Bo_x1{AInbiP+dl1sbW$s6f@xt~0pe*fWP
z@=haVJYSLL4i)##
zk>vSxem)XO!Bn@#ZQt~>MQkxk;l{Dzqmz?e!U>?rPs^v$pgkq{up|FfN@5i
z)a3K^_hmAXpL`&BN|U$N@1yV~Po7%#pL*n&uQn&ge6>9}#(y|@2mO8FapeE(kvgZ7
zqrXeYlb@CCvYLGD6Y=fjsQ&;t>c2uBuY%;cL*Af`jL!>lnmk^N|58YYd}7-kksFTyunV%)0rIOJea(TuI~kr|8rFGFCa(1wvo45Bk_C5
zXXt&}SIEEbkUH;>C%7(o5*(DjF>W(-Jt8^z+WQihg&gyo+~k<&_>klKhntW;PA~ae
zlP63f{v-M17ve$WJxWV|Cy-y!f4_bv`4C+fT}IwixBFW1mpWhENsfBL$X5)IdajV)
z*Y%bM(e7k&wEG8n!XOXVpS|RX_49)BEzz}{f!&Ref9jao%~y*4%;PlL3x~xys2JqXC;4gOzJ5|z9W&iA9*F6&om%Mot?<943#`R$wS*qorB4d
zXB0X1ht=dhrDM7hZ6+UkQrZnA$8m9qJZ3(LzeyfeQ2ZPD{bk~D^nDNG|2&KID+M|F
zm606%%1Ms>+>d-r3CUlZ-2bE0(}EoB`jeyG?&N590(qk3((Y99`JUnn$kFa{amiDO5Xl&$y13O
z^NO0}m{)Wl-#c0IbSF>oue3Xm9Qj9*BmYA3ijv-A1^J6iFXPI4qMMLo
zy}l254qX=-NFJ=$rz6SH-x=in_4l3Ulb1>${aQwjJUhu->Tz^{yl+#GMcJPx
zlH+r(VDcDAC4M0}j<1#EIKB>&Zz?2tPLLl8lX196j{LXCk^c+%#_uu?F;7Gv=TW8P
zaU$~n-!A0EuwBR>yp}wE>VWjBl)n5;@`-928pNFbyn>E8T5U~i~R4F5?`KtVg}hy
zs*)$xcfT@~2+Xug>KC
zwn=<1^0wg;KZJZgY@>e0p@l}U>#65}cM2_RPC;9hDGR|YjXEl*L!Q>^U
zO8gx1Sl=Xm2l>vv5`T<5^s2qSY(3;rbac$4FPjAG<>$4maQr0OOgUPq*1=1|?
z2wewQN{-(PSVO*CucuCvOR?vT&QF8%#Rj^7K2eNM&|AFor@`&7$r!D!zC$hb|kuOdz-jBRf9LckSJpT_8zn*-DUS}O7PcmBK
zL&+155Wh~IO4p0-lK0a4ke`v?)_Kbt^7dYm|6lUny8aX6ujt#Q>{oqEo;#j+a`M>&
zC4UC;s-4BNk#9*O`$;}>yswud$8lGK9LGx&a_qP5$#LBEB**bGh&+E*sdFrOu~jk-
z^T{zESWccboy2b?$9-;x$*b${x%^4KTt7FtMUMD~JdQ`)pO%Vz
zP<|PQ0_4~(Wyx`WnjiTvJ+51m<9@S_xD`_sCU
zr_y!)@#MJwZ7TWcdD5SCY6}{P)RMbQ6C=j^oHf*EO*}
zHhX*Yx%$I)u?BY7nLI601^v*f?#lyP`Qj^pSp
z`IUJRpYWozgZ|<;N=c66C_DL}iSqiwrl@qiT>B()X7ppylB1rN`9LKa3*rpnTH(n;o{_|ry_ZcMzX!?kfWX!*19ptFz2s!FGLw^2-)N_p-^*kg;J#WZS&o^?^lR)QF*dI_&
zO7dNmr5-PGTrcM)FI+z>)+qVW9j!m
zt|!O)@@{fmFNBgK|5@^xZ>7#>b#ZbZofkDG
z$Mtn9@`QR`?Mq&4rX0V6$q#iCpHF`F7pZ#*`I{oLpX?&XeSMF}2c(xg>90l~2V6&c
zk@tx$^%Nt=b#z(sdJ84KJ~^(Vn~^{LS>oG~<2t$v`LB(o?f`OJM-Lz$c30v@kmEXf
z9Qj!Np3;77LnsRdJ{R0uf60rUQUo>Kfge}>6(mNI61D1Ka%6R*yCFC
z?H+hX9w#Nod_FTd=I6P{_d1KmQGd#iBfc^@zVECxImV$IIp*_$>!@$@bb$j`{p?@@c`+uY2T}
z&p#s%EHCl#^!*>>fcbnf@?v^E$<1C;>hvMUe7+KSvph1M^~iA?wI#=K(V4vOZmEAT
zIpTxJSLBd7=aJ($T1AfIXcKwSU!>g=fbJMgBuUspkVZj*D;PKfICn)HmgC
zY%j!TCZC||KV`{rT=PE}Ur$r1mQ{GhH6$Gq#|
z`h)F`aquL^JRu$Vlz#GhA99RyMRLp&s*~ppis4GsjvVj%UCFaFmv%>xBYr%2n$|H~
zFIYy7_x*L`GA&IgX>@
zM;*y;=zSw2$#EP_ARn#QgUiWr9IYq6HDBudlN`skX5=s0N__$3
zm~RgtUw2H#VJbO}iv{GE4=*J@Hdfj_NRH$53_0f8*T|7SoIFlx$^VTU^M{0wwBHyF;&&(j-t@pu(l4HJlmOQAKY_D)~
z%vT?i2kHG$U&t|Ejj5maV%!GJlKhFtF<(tVe!rKDLq>AUSF@AX)8D_yPmcL&QS$0Z
zq@Hr*n6LVgcU&Uzb;u9JljE)>Ip&iA^k2*
zM2_S41o@^`x<8QP_7^;lA8@+a~)_6HolS;%qx<|jw~qU0NO-qL^^$8TG5
z9KW5&)AW`4#*yRrolcJ9cOH3ZT^HL)j^po@%_v_$;0)y9!-usOUUv4%&W;e`AI$3$a_qc{w97Fy{FTXZ9;-=yca7B1h#cp!mgF6Dp4@>P=do_&DQZjpzT`NM
z4JOa2*WIJYaUPpUJ|$A}Pb0^9X#shb1Tvnh$#I_9MBei!$$yj_@u$c;m5}kjPmc4_
zGxDK&e_brS&plyObIwOrI4^mUHVNf$Z;N6O+I_1)VG%$=Yb>So@FKeGC9rzx5#hn=R}X#
zbzbz6{DS^|&_{Bd2fmT743+VT`!f1C<2;areAyX^OGA$HKxXo~=Hy1@!^tOINy4>%;_aF`tNf08de
zEbZPS$2dfgW8L5%@-F)O2%dT!hT{n1oP`|g2HxZ;bpBnD9P0qp$v^3Ro9)OE-<7;v
zJL&Hja;yXVO74|c;+K&lejWMO+!BA19P0*QJ?j`&*S6aJO_{^S`_ivLJ{Mt^U51Ucfzkw@m1{;nfGJ4y2IBFBBO$H;NNVi-B@
zgS|isr9kyqB=*B(qh*Guw@CEuG*_W$YRL-qGkeiv7^$s-oa>vNIE?jv4={D%Jias~2|S!A4Rk*B#V^)w^@`>y2gK%Tg-_|N2J
zGD)5Z!rk$+WhNghMj4Fbrw>Un$zdC788-&yhx4thdB=^vDhW+Ge^*n!ze2DhXad|_*e4<;{iLh4&e
zeo?PyHnZ&ED%g(Gb^K3KJnoabOnyP{Yr021@3z$Wjy&UGsq;JepFhZWCjK}2
zI8VJGdD4?t)%&!)$%6~X>x+@s$RK%q$&>4RtR8t@{XDBRIj$3aB%gao+U-vsr2E?_
za?DewlArOCIv0@N(cd3gP2QlYw7Z?$PygMPBjhPJNdCXbxBo4ElRUnj$DWd3Z7T5}
z$vvlw$ND05VZXYe?{}W$)04?|&rI&6zsHx4{6s;?Uy6LqH}R_E_&tzDC^@(ffY0
zlArxu;>wZ7OC$MPlBcdN@&4qQN{A03zoPs3H1gP*XA${C~*zRUz8L7k-VbrZ+iQtBfq8V9&5=H=zKnuyk@Ah`;vTD
z3K@qFdQD!AotSaaVGh_
zvQozq^6>TI`2I-jhXd}4@1^)Wx_)|+JgZ)RULv2U`{zCK?>c{YO}<_4U;RqnQ9s8|
z<{{ewbw=!zI&+cx>*rF{$P?C<_%7sm+lY@N-=_1xE#&JKOZ*w~-Y3Ohk?&Pc7$bW9
zjjGDyeB>?F>yY=+`+<9rC(!+BGWlpd&o3j-dq>(mM&3$4kA6sAMvsfQdOpVZr>H0W
z%}rii*H!Sn;E0dV&lhS?{NWptrw#cM{eJb1ZhWX4ALYj9k!SLf<0!<9?{eb@-S`#q
zGrI0^+l_y8R8eDpT>H>K_)j|+>MuW<4wp1>GgYSH$KRXk8tA)$V;V>?Y@&d
zhVIW-$;a=Oc#qi8$Dv9h@r2~Ls>=4wKptB?Kluu8$y1hmU=C@o3;C(^5K7|e@VVw*Q-C1C)M~kaiWjU1|84jIJCKdj@k
zgnU>@$+Lm{--@zd?I!oo@jp(!So5DJzpvwei+qEwyFMkav`6asKwj>&^b7x6-UVQ(a`FUvU6Y0UjUF%g$qVF^yrsz(*OmIKkq_P_@lD9H
z>F1<<$cqn`_-W)tb)A19d2ug^UqfE#k@$AG^8LEb+?>3({=RBEa&UBW
z{rkxC+?PD($bTCsew}=S&Nm*B57W;nBFVkX2_aA@Lo_v+I0j2zj0^68{_d`^@4i$&;**aXv}jBa6g8CI7Zv;$!Q5Z5W4B
z7sd0D@AZ~EwaFjrao3alhVF+`$Ul^m{L9Hx=;!$R$luSF_&>=r43&CrlJET>@o&jj
z>Uw69MDjZHx00^wdXcxNEpesEYkU%KPrgjAzj~5SJ}C8!BG07nUkk}w==^C7c?!*6
zLhq+W{cSo*{>tQW3(9$>3Hcq}-vY?z>gS1*$jjuB{w^k8wnW-3lti9KJ@0h?FGn7#
z=eK&~Y4y6V3Hj7flD8H4mIu;qd-Br-q`zIrTj+k+ll(;;$oI
zLtd+=#BU?7TuOW|`Sm}=FOaXPEOlNd|CU|i-;#e!BjfOyyyQpmvZIO
zu1J0#^4Gdwl_DQGPvRSpm(t^~J9({s5ykIyC0-%|0!ms0!{U5DR9-ZP)X
z?<0>lK-#@YeygqY_bK^#eLwn0zDm!x@l!}X)OknG=c&ny>ijG>`QAoSXL0iFxg~F9
z@}>Iz(u6$hy2SgF<9(+a`DMMX97T@!N#wH*NdBedh+j+YwMzPRlpOJ=$!BW(19HT_
zAYY~NarAl@KMqFGM~=*WYT8BfbIo7QK(UH#y=5koVX3uc_pSpG}@t
z*R?j0BYr3OQtfXTIpVL9C)0KQH{{+w$+&$czo_dZDN;q>|MC8qf&8ZaUO*{woc}A4
zub3oxTaq9BOZRi~M*4a25b|U?4x`9#){=hBBggyo67pHP9(aJfw|;L!D0#_!Qs;g0
zb^5;WoIH83#K%u9e`9~Ht@8&@@(X<=t{^$)4<*P)rj-6RCda=A)SA5XXURW^{EJ@C
zjwIhdQ{sOopX?*&)#c=Ii%32D$j|Bf#WC_DOCPW8$6>-$t!@&tcNo&fUYy8bqvywx)q=c(kyvPqtm
z{+qe7~-H1dw0RdFgoae!4zCm3)l8KdmG$d|vvskv!L2
z@lf*1I)6Ave&>+HKO)~WRQmObyqeDcVf_8{b7cIUH@uWyuX$7aS6z=PMBcxV
zR0>Tw!CUi^&YA5UI5t>m9dUT3`cO7auqCC^6kZ#wTiO`f;8
z#9tuKTwU@%C-*EM@$bk}>gNuL(#!K0=R^f1PfGGqdVfxS@-lnm^~J~wHW05tzFY6t
zZ9pDJ@1O2Qj^E=8B>&P&@=qa0{4DY(8o!ks@q5S%>hCFEAxHcj^7I-XJ45vGynRz1
zdz1Il`@ss4uO2SrUx)ngFXBze=arN5RUkR)988`?KX;o&j`)S-TfC*+J>-Z#LjFz9
zvvS-d0lQ
zW%50`u5z3FKnbbGBa{4%e$B^q8TsM9l0O$Y;tP@&&oA+{$r0a}y!9Zdqdz&~hmju`
zB>5MSBYq|M)%g;Cmb^<_Y4;L&%eWH%i9Gz1_;>OtW5qM+Iw-~y@j1!wHkNiPlOw(s
z`K=BT-;;c4Z}Gw8H42Fbk-yOQg}LNdZwVoP^Fs0*AV+*C`Fy=!{V6%(-;n=WMe--h
zB7bAt`uWIsrX}C1pKBB+@6=IVU!MGj9+IaOc{4rEJCJ|5C3%LBH(4(}o_zL5@u}op
z_ls{NZ=|1thmx1ke;?rjIr85iznxRg4`0Yn>HB!ftkOQlvwSsqoRNHle*Z~n@+H}2
z+REgpRVs~1(b5jpa-BHz(O#-}g&Bpv^efpPtWe&PEQ)>HhOBhv1l^W<;7O8hHw#D663rJs8y%@%!sMm=fBTOO7C
zg~;*!73InC{S{ToC+NJoEjhlwq9-}Nzv3tI6LqETDdgFENu5jG_*(KF-zEM4Ir4;(
z&%Z0}-XTZ)WAdD{B)>;?8fUFDKDplziT5JM{#J|}`&&8kAiaN}B{{aQKlztj((Z6_
z>_6kkOLUa@rR0cTOWs-IkC3CDQ{=Vv^S*oJ*xw?^vA_L8-n~RjSD~JIpC*nw>~C4g
zvA^XepQZ0FmC5Jcl5uEAepJt^oydz7l>MMP`2bx9>qDMeuj_H2De6bNBPc$}dZ}kR
zIpXJ&A6qB!e~=@7FZt9s5`U2#@i)n@ZI<{CB#S#l(-V)uk^aU0{QGf9XImidOu+=a(}&_tv~s)
z3zBC6c^&<|p=IP_pGcjD$XAz_?S7WLq_cxX{kcnCP1mPhlViR56ZsjPucY#hKAt!~
z=O)KGc46{8W##pC$?<(et;zBIKOM;{>F?)GAkSM_@-HUG=klw_SMQbhgXBZ1h@T+e
ztlv*^hkVQhiGNI9WT5zWa>U2e&lPbVxTW_yw$S@F8$K99+>AC^2H
z$W!S2EtZZe#u@v6BJzzZq<$}Q#OEPT|4rhnlF!oh*dF9-^t!Asd1}26nrEa-^mfbj6A=7{<@#MxZclpnEa#8+wYO@
z(D%)M-FPJV!>=-KY4b%NXXMF9o;If(7sbgDUygiz9Ld{^{K^yYR^&-4hz}v38z8=l
zd`-C2bBTP4t^>!)FR#P?Gg04nijt@5BYDb`x6|XO3VGATlD9qi#q5%2Ai1wz{|+ZF
z_d?<)lY4)b{4>bs{UGtn$lvIFj629Z=SrR{(&^zk9r@@5c0Wuq`g(-H^+-#A}`-VJXXo*b*9qu
zLlN?YI)58mDtdf|)^c9jN?t+F|Ka2dLS!70mX4n1p8h^{dGZ%p&qDG^Z{+o-$y;<4
z|4d#crg-i$(c4Y0^Z8lilhaGT{v;o$_se}Fuczw?K01HI_Gd2wB*T27uNm9%?-JeAJBW0sHJZVG+>
zElFN%jKuXIKdSv*L_S;hw=3i)_4+8T9)B3;jh&><66D_cxn6hj!Fr#}Lh|D6B+qH`
zLi#=A&&Z$Zy4f2yp0r~0@j-lQH(r#yK~vce>ydlMki4DAC+mGpLFDmuz7#^9Pw#(N
z<;D-X@lZE@n>mm9C(#;dyVw&c(B{@%`Re3%;_
z>&BOnXZ}U{xklZ26i2tA)3a;F;~IZTdDgs=Jg-fBJQM$&;urlb@o{|RZ|7%x6Q5cg
z$Jf`p5|`1$Cou8(DLz{!i7#T}6PozS6u(#JIW|s)@{B@N4^%#i{BmaAyhe10=YIKL*9$VKV|?)ax&_J4>oM|iVfLs-zFp_rolKrxCeIj($G=Z8ogDQXGkJEJJU86L
zzcBGTOnj`G@&NtCcFanS?O2!`+p!WkwqsLurc@UkmVB^&o>H6qk$%qDo_wUncOie7UK$S|N4tZ_J3W#3vE(g(6b~VP
zH$#r2)#^^vMhSI2aggHCufNFAuLtDl*E4eT%e#&==KS1X+HGxoz47tJbqeCD^Q!T+
zCjPZLwioudNOFv4LR|+%{EV5d^d1G(oz!bg{(2OT{G&|#Y7;+~;?eE~6TiyDA9E9b
z$;7WT@h>PI$4iEK66E|`VdAT(qra6G$dh%+2iK7KOk46gx_|Z}|3j}UN2xnmmz#Fy
zQhb^D^5hcoZ~8gQT5=rMyUB4}pCrd|eN)|OZJDVjPJMZRaX|jmmXQtI4y()W4MCv0wdR;zLaQL*t8$f2BOAr?`I3jPb#F
zpb9yT_nPFWr#U&sxf6N$Ia1UB@{_s_KV033T4d^?hCFM3
z*JkwiqVANk(A1M(e-Fl?-;MjJV?5DrM-#7yqN{-+6n{nM|D(z8ssBoj{By{+_mHAi
zlJ8aDqwYlMA?m8lo(*FWV=j$-8EhLUl^Zl+Kts%9-v=1za=Ke`7Jd$#xo~5
z#>{lJhF%JF6F%F~2F%Hwov0trIcS@gX>OVs97@t=reu{~Y(@Y+qzlcwx?mRo$
z#8;sB$S?9_J@WPXc|=E(=U0;wPE-&u-!qHkTmh=R^~q
zO&#Naa>s-qhIiL
z|s&S^>xyHvD4>LZ-cm(DD|2oN0PbpnbcsngVRF3hmnPp)KPq9=pUUJfHcKOo$T3goK;A;{
zW5n;bp`PN?B>yOiAENhbtx$Jb(`#vOqcP-oUtU6v?Yob>
z)*k7^F?HwBVAHP%g;Ob`NOeCik<)Kium
z_0%RuJ*~;HKMYcLn(SlR-Dy0)_&Lgh@xO24dz<)w-NYwqFG0@FUM4=jI{G`Uv^-hK
z#P>AugN*B?byP+Vk2#bFb?!9r-A$fz6p#Jn3OV+ZaB^&y*W}nPk>uDeN&Te=^cUA(
z+0~tAyO}!6P(14NBS)Qe$Z?)&N{;$FlcWCr7=_a&3Rv&o;W;CgnNcx}oR|Jk^9-Q@+fF{gFi^;}+69r-aotVfRdVRLfK1G|!A
z9ypL3^T1!#oqBZ0T=guac+|6w9QAA?M?J^LQO`wk)boHG^U}}iPMvzHcGa0nH>%_M
zR_5|H#&v4o@_y_NzJME%kHpRpeMV+o$f-qfr$L6{u{-kUvc#$i~iz$AsspTn};0zElrN|e=~JwoOQ|8RnGv5$2@0-iPxoT
zSNvLvM?HJUQO_xI)N`F2??<21ojUa+1y{Re^v%_A{fNfpLB{o?Etk(x$9Q79tT*xc
zQK2jTsGIn!CSE@>b;bWf@pwOqr;`0#74P2G7^Tgc^;jMp-L&Uj7Z
z57ki*_P1B$*xx>pV;Za@4t+9Chv@N1f-@ohGZ9cAro@>P)7SU?;SyiT75=cw!!ff5#h+e}B9*#dmw|
z+8sP%}D3pM)Iehcx8qmp3{3
zRgxUXU3GFCckR`k(#x3o2U0x7VTy^@OH)?^7NecW=qj
zZdP3!aZ(gBc}l9IU)bL&k>hx&Nsj%h1v&PsuH@LS29RUDagw@IVo_6P2*sn$HRPys
zD>;sfz2vC>G&$I0$>dvDArk)eV^BccSd5}Ma
zE^eZJcv0aA;_tYLe@Bk%{hYd3&;6}SzWRVP(p24fl-;zu$aps6+bIv~kD(uOIH6u9
zKAk$(lh?#&HSxX_k9D3}`8Agse!^u%+1Uc5D@Zl528TF^u52c*aGn@Jgs3RWpkP_rrM{P=u?cRs{p?+`n
zAa$q7Os3ss#xokfU_68IXOti9elhXsO?-a+aM7W3#{JaMU*u_F;?tV=0E)-D+#qt~
zSx%01x$WdL^!oO=y3?f7?&7Gwoj(!A)0leV4V4F6e|9%sf;^KRWEIq%Y^hED?#5FY
z528GnXU;S6DNX!lipTg|GVv)){0lenX@8a=^tag(dF(}w{CUYycM0+|`X*e1e1l#O
zc2IX(OK$2MOz~)Ul8N^;@gWqCdDGI0$s4HdJW6Wn-)=mK@iUYM^WID37|+|}nD;&=$2fl?$2i9u
zE=6D*Fz-!Ej(M+-y7Q{Urv4ffkMU_~;uD$pJ`|5SN0Ot?-^fwtVsg~EOWkQQp=tLo
zibtIvO?(0qpJaqQ!1&<(A`LmNTeFhmy0tJl&L=h1omS$TcH2`t>g;dgmT
zJNZbxFa0?AOZ{H58|qG1W0?Map?GYUDx)OG_0z=vY+QdO##PXCbso1R*RL{h`83Lp
zaad~NznJ_-C?4A-;TY+c^HXopbG@pfasAa(mp4<#IN<%F9XZaoy~%OD9cA+WW9qy@
z@#xn>^4EG_-%FE6ztY{6E&160^-I4>$>n*}x&9*LsNa_y^*1&7^`D+~*<@o)~}U68Z6+@?bkA9Vh)oztC<*avT?x$Z=dWB*$^lfgHz0UveB5
zqsVbwOe4o}u}~Ha`H!*_&&y88y~NZ@x*-T
zH*)O%OUSYRY$3<~bC?|SjVI*jZ>$N?w{P7#@;H&Y^GLr+$<>Qe#`P;-U0$E^pw4#W
zs55{Zb&ep%yl8>CQ;!~^u6A!2*N?bd{+9Cme}5-R|D2!CT#@o4pE|Y+?qe)Vj{6u}
zkt2UE@{xM|-(THn_o-<&#P}2AA1M#=$DSnhqt3Oz%Hzc9&Lh2r+Lf)i@kb_q9m<3K
zxidN1ok@=Mt4${VLzDlh@dw6p{37)_KkpmwppJf_-5%s!Ps)pik-x7edB>Xk_e}n6
z#_t+GO?l96xQP!p@t@qp$I|V9`f)zYqwZ99$K+{g{I>Bvln3=}B9A>uUUbalxn=Ua
zH-6K2qRBE&s1y0qk)!^y+7mJkDUBDg*`e@yhjOX{3nXlRxE@{~n*#>dv#*OnhHA@#9VWRTIC^P5fGNoIm%H
zXZBH`dxRE=dx)xh~m-i0yn;c
z-0!v2cfjPoWb!{Ve$jZ0-{f_uAM3ga$+51Rk{s*0ImofDTZ|m*x;53E)-RZP+EYC0
z=|+xv`jVrbQRJv+8ae7&N{)5redl#D8}apDI|!-}xD4;`6Ix
zyI?)GI62yFNdBXKe^CeWuKT3DAadkcKz>mtFU!=OSN~<|yhicJbB`RKf4w8`dQ9s1
zV)CCe`HM`G=P?e*Ux&P?eqTfrb>~$$MxAscjh`|3HyS@}{5a)DyN^u#DHES!y430X
z)UTFyJzGu*keW2U^moyntb)vi2~DgNPAiJwJ|Iv0^+{c|lj)<2JvW1Z@Ty3?9|
z#fGb%w-k?dW6hAdoS&htNcoXL9pixcc@A=%w~LbFyj|PmKW_4Opm>Z=4|3EwkR0PP
zjvV8&jvRT8lb8EL`u|Yfd34Ow`IX|4C#`OOj1RmhdH(p4tgO0|Uw=i=^+XTjM@+k;
zC=cHEgUQkELUPP!4wL^CE{*(6j_cF=^$ShHmOFb=prO-YXH)4b}=s}7s~
z);E60cz5FmjR#SFjKee&f560Vp?HkvClkNl#3!8{y=1
zJbO)^b#CHA$$#l3FFI%P>@j&Fjqf&|dQS9yq0XG-sI#WJ^Qv7Y&oJXVjnAMwIB%>V
z$9ZELInEmwP5vDw|8t5*o%m7@r_SvrKJDD-{Y89ZH{OOE-%r?`{J~+#+gIIrw9T};
znBvjy2J$4o%8Ry}Jb#!x_bDEE-jFBJ?``;O@@zGEGS8EGou6Bb7gxvei|tjN9NViI
zIkwjTlYg_xKbhiD{}L0w$;9t+6aUVQezR9!R%^WDU6GV#kze5jlF8zz34iGS-R
zKFPx9!59CD=CeQCC
zPrAi24$e>g3J=$_h1Id2Wlz)J>y@BHKy|w4ay&KC5E|8<$o8&We
z()Wryq_Xt$qq_5GzSiRWl{7@2M}N_70d?ouc_zLJ#iO3VCVsAo|IJPOauYwt#P4+z
ze}WwI_ABH#|3sMlvrYbZOQQD|^;cAPo}FdlaX${m2m3>3H+lM!V}Dpl`D<$%J1HLf
z!vzzsZ-K5?;NOXI>eR0sb$Rxs|J|<|>dv#%U6JymotyZ{dvclDc|)(TZ+dx_cieoO}i7_#4mH>2gu`Ikh()n
z{s|`kN8{s-Ct2~|{mriKJUhpw%uvHr7C
z-D!7}X?H)xBmX%QA7tVmQat9ppU5$vjJqoO_+UQit?oQK(&Vo|@u;V%i63F&CmSDb
zd>Q4zc&;Z${$1o4&y(aB&&TA*6G48ag%p)!b@XwFm07$rIr3B{$9~>`e7Jtj7f6mg
zBgk{=#pq&k#IGht{m03tzLEYUTO)rvKZlv|_g2UIDe{*y@jsjR#%|)foA{w7K8WIR
zf8!)_+}}8z9QQXaCC9q)UUjEmLrlAWQ#|_h*u)Pu@sV!gQ?C8rxD7J#`P6yb8kqQj
zCcdki_~9lVb5iGJGbtY9wvZg-wvrsE<=xbcnTI3D+rSJw|2j;T9!2AX!?QvCmq13B_1SRZ{H
zhBT98$<>`_`=#lfXP3Z;*ozod6`F&XQ|24+vEwOc;vZ8
zjyfNcA1f^RUz_~BO#aLpJc=
zlfQ?_zmwvT|2X;cK9c9G$JeJH?%d0!t+ME16C?5F-
zlRwcn&mfbhoyoJ>_z%VpQXb_0XyV(N_#|8YyT9qlv7S&!-Fa0TlPADA^ODI^!{qVU6@5IBCjmL$N79n7UoOeAsyo@L
zoBZ`C9{HP-BY$V|o2MjMFO$ET$v>ask$*M$!%Om_%_dJ(ljpkeD#p|8jy^uvE=ARy
zXZ=ikFXNSsuXU5>n2Gl_@iF&AZx{VaM1D^Dm6?2+UNlr8$L}N5B}e{dUl(-C``sB#$Nq9Dz|>rLE@p8tGxXFLT#FsVkuiV7P((5p%7iCO*26e8#gd49y?p;yFrH;v8+Ta
z}Bcsz`e~
z$dTt5`EH#QKO{%|D{>r<9tWcL>-R$P*qa=A3X`M$3gjbwW$-$XBTo-<=NBVo0{K!dZi%-u8fz*-s-4-qb_Dt
zpm@|%oBW5hvj6lX&vr-hPa#J=i;Vvr6&ev&@~kp`G0H3J$!WK7C*CWb#2+y3#8-P4
z^&{%feR9Ehdk%#kcA8<8z8fp18-O_qWJlX*{XA^Q@C6sphFk@yOGN9LG^7
za=d@{r2LolJiLP9k^c|!FZ#Z_m-2*Yp2y^g)gvhn@}~`zaX^0u>!M~MbsVRNuR-z0
zbWszZe{%d_iucs`-`wP1L-DP3@$!(H__O2%brJ44<*D0Iwr|W6(qFDKDS4sh5?4SS
z;}cu+RH1l`PXlt~=|y?Ac943;P(1SdMt;%H*&Cz2pNSm#_fh^p&3}R7k^c@k^1miW
z{=_F`JTMNc{axjF;
zK8?nw{!_+*`&&pI<8xEz&(++-x1;z)8b82I{8WmMsqrh^#2=veu6kTtauffG;^*q3
zb(~ZG-QO(g=q-U5TP2pbipHIJOR&ycIvcn1mOEHTi?4Qs-uqKcC5e)3`G-OLe=yqdaIg(^<*q{B+{GYJ4$uJ`c2|_&gf_lbiV8
z$S=>3_7;=J9WTC*^5@fe;{}RG{o&-8pS&R-KT-xM$2n;S{dzH5yf}HqF%nmm{6L7r
zH#6?+|313^cPIB(4>0Z=7ne&*{weCtBWL_Wn@RrV6p#L%rT9qw5axlK_?Ul5JLoUQ
zA*FGreh;m)lsf8}ulehnczay;AV>ZQl&7)gSw!*Z*B)}@xk7oe>xVzDC?0td>pCL(
zi~TJ#Ir0}Ge|ufVs}0s8b-M&NlI_xu;?eGJFJldT`j^lbG1IRIMBgrvtA>^oM3pwgJV%!<$5FO`7
z>ZmhSbs7I}Cf@m9)S2;;6ZyY!Kt1KjQBOT`)YHzmQ%|7QGg=+>oT(=D%ro(}o)zS;
zl1lt`^2b3^_urKNx_&74l;Y9fkL1`N;$8mVI5_qDYW?}uQU7f}smIU6+xi=jBmXGl
zPJU0#zk>3=s4V&SnRuK3PjckHZrsTq9$WH6QvQGR!>-gfsVIiic!Wz=~bsvCFm1Z$oilxMl-8D-*aJ@YAkyvA>F6Mu^0
zH|oXxT{rQsj5~FDXq^deN`IYxIqsvLliXjurn>VgXM26si|_U(-uA1PaVLME^P;Ff
z6Ual^?yKHj-Fdk~
z{c}0lqyCL)6L0GoW8A4HLc%>3k$Y)9yU81>UnCDw|3}?<=+u)qyEKsOwgm8go5{FS
zPq5aL%eYg2>yGmJlH})_i`O*nZBLA31+C4-0
zeY_<9eTv6VtmlA6vmx?`Ad3_lIrMJY;CumiMRb~MUM02K+1CpnUtrS=2=Ja$g`6ic`j0(@|x#4#Usxr
za^y*MSGEuO6_!Ezn_nH{hCHRok*5}U8(n8>O^)r}SsmMbu5R}L;|`t4DD{k?JlO6t
z$+6v6kmESoPLAzF67`H8%B>oe{kGm?K|6cTQ9<1Z+r_SSCpB&@d
zlk&9FJfkTd+iL;Er_=bYZsHG+qum>nXJC5i*ISB5yOHF`lk~of1Nw{eLl*MGNhE(c
zb&PXlI`PI7k9OOWquoGqv^#?wd44Cy_0dXl?9YFapVtp1&a0#T(6mzjJMt^)DIY{1
zAJmhH9QEWQzy7o2FRJcj%OT|Y*_q;zzc)F??PqfIcP%+S58XpvDUCG#l>Ag~>E|1D
zjE|q*r&0f*JP+@o-kChM=ATCHspGksJe&Frb?k>2hgamcTSy%rO`hy#JbfO?^PC62
zR|m)XOdX1^vs+%@L>>K2sQsNn@u+h)Ir6V2-+-AwsU>F0*eC?5IWkt2Vc$I<(H
zyu3V4qK^7|Y5p1%kNgeE^G=gGe;`kkOY-+2ufI=xkUHAUr0wpec(i+j9R0dTe&i>q
z=O*PplTtj*6KNmY7x}Z2BYzR{cDmimsH6U1&Hod{BmXdR>YqW5{42Zi1BhPX2<2pWPO&%|k=R3tCPyFZ6`-}IfG~}l@NL&_m=TTOZzqWCwM{{)?
zI#3?8JCx#sG=7?!__Y+@L*oy-iN8+qO*Q_FoA`t;q<_v&r~Y%E(z$HveBLNXj`!aR
zXS~E+j`i8^}@5esa`vmK^iyTjZ$oA9bfrz2tKh
z>i07Gc!p{Ht<-ruyO5*)QIzKw%`=zcF%HYgk>@x$;?I#||G!E8q?YvOfjYKJU9Bhe
zD|w##m4zJj6ejO=P_}O=b>ttbpW_5lJnA1uK2`6dm_~l%wd7w){$5T$9&6RnZcc6Y
z9mS*FujJ=yNd6?RqmRR)uHvcHk^ie+FVrM2o>=1BQy#S2i+u1WX>YP|XT8No(s*n$
zZr4@zlViJ|Chw=~R2S4ye_X9Ic7(Lg+dTz&@8MEV26g0lkx0BE`4si;K+ucv`v2=$xPVt2_{vE}m&LnT89Vg7$e;TKk$EnrP?jfDG*Cd~=-k$Ox
ze@}9pA10F{eik|6SCS9D<=VU+8`V)~U9IOa#Up{m@G&o7#%C&ix0$?P3OPP6`<)!^ZdS)Qe2{K=oNyC=g&g@GlfUU8i9V5U$tfQ1v-HCm
zhri{2T~B0JM?Df9^}F6C{$kXVsJ|9D>S;xecE^xo`%Wguyk$OlKu0Ndsk-w>mkwQ}
zhEn|bI?{u4CSI4!ko0GPy7Ndc-CgaTHm;W_F26^4P|r6vp6E;TaVx%49;Z}y9_b~DD}O2D
zI`wyXN8>s*clmV6U$u+mUrb(0{j$m9Y)kxk#_@W+`G$N_cX`DJlSki@T~B2B8oj^I
z^?a0zyuoV8Q&8P`mA;j_o)|#!80RtMdwNNGznVOH>z*qQayoteOF~_)%Pt-c=_$pZU0*Tma#(9^Cfza3|P6K}U;pmDq1gN)n#B-ps!KSPY${du!-dwd--
zZjZ+>mz`~4^W#><-cK;wD~qwCoq<9h3-
z%Y%(qFnL0ZS2VuacqQY9jQbi7GhW$vxN$$@5yq<+$Ng*0cvdy;sq-wys~Pt)UfnqE
zcXQ%v7{@%$@tVdPnmo0P`x~!qJkYpK1zgVt8Lw;NgN@fS9%8({@y*5?7(ZmZq46-|
zjf{sIZ)`lmcoX9udVS!GPgCQb#+w<(eYH+}bK^cHzJ+mL*N=8w?r*%c
z$rEV2jqxDk`m3IIZVB$lJw==%kczffAjQbl8Gv2{?xbcq0BaC-4?xAm@&Ukh<
zj{EB!?_%7`#CJ9BWBfdl5dl?^S9KYA-#1As=YvKnR
zZ)kjoaew1OjRzXnTUA`o1{oh_;)9LrlDF&G5aT0E{AT0&(S_^TL&k$le30(|
zHXdPojB(uO?u^@5FbX9%%em<3YwJ
z8xJ-<#dwJEsm3=O|IPRzd~jC&cM
zZQRHB9OJ&m=NfNle4cTCM$oTKZgN-jV9%6iv@y*5;8$V<`#CVwTCC0;z
zFEt)ve3@~N1oFTc=jFydjju57WqhS^ALFZx`x;+uyrJx~B+
z-(Wn%_(tQKjc+o3$oOXCVaB%@4>!Kmc!cpkjJtk;GU~B2{@aXuCX@$`Z#V8`e1~x#
z<2#M}8sBBSq4C|u{f+N29%y{8@gU>-j0YRvZ#=~K0ppvEA2fc*_#xwA#t$10H-5x;
zgz=-sJrc!z<37eu822@P(s)DTe;W5Ue#&^D@zchGjGr+cZ2YY8
z5aZ{JZ#Mpy@k7SLjE5ONZ#>-i-^L@1Uoh^GSROdzf6=(7@k_?Nj9)hHWBiJ7U*lJe
zH#C0DxWDo1#siJtFdk(5rtx6ow~U7vzioW8@jJ#384oueX8f-4aO3xkM;O0v9E+RI
z_&+f2nM58q{?NFW@khpej6XK+Yy64vhQ^;7_c#8`c%bp;#)FK%Fdl6DrSTBsuZ(Xt
z{@VB<;}OQgjK47+Zv3tB2;=XJdnA2V#
zL$Qr}8joY#%XnPlKE~r2_cb2hcthg}jQbl;Xgtt(BI7~E6B`dUp2T>F@ubE#8&78Z
zka17rVaAgi4>z8|c!cqk#yvd$H~y)Ndm2w|+{<_x<37gI8uvAx&Ui!P>5cmv&tN>z
zct+zv#xofYHlEpdi194OHyi&y>fQ&w&hh^LKcfhWn6jWqDT1n#Hf@8Nv>FmEj;07&
zCux#4Ax(}Xty7AiEa)twCaehS2s#Uju(Hf*g3e;=w%E+Ft+v>@&tmJyw$6Unbzkr6
zoY#5hednAjO?)4}^Pnf^dB0!R`+Z&abzk@O=l*jP@J`^Fz`KD@0NxAyXyE<8j{$BM
z)ijz2JpI7yczf+;H|)~0NxHf47?L~3Gi;1Req24g6~0y};{$_XDp79ylak&JDoRfiDN1348_cAn_&jkJr;6dQ`0nY>80z3r#e&8j*9{?T!
z{!QSGz}Eq92L2%MR^Sf-ZwLM`@J`^Zz`KDz0=yUaqrm%te+ziv(0KW;2c8c6+rTq{
zKL$Jq{BhuUz}tX_fIk7e1o)G{Bfy^m-UxgH@MhrO0p1GyY2fX^zYDw*csuZJ;LiZ>
z1^z7Xe&Ejm4;&UR|Bb-Yfjz+VO44*UneJAuCjyc_st;Jv_K2X0E)th4NesWe=UaeBRE
zfDWS=ze$VKCuqK6e1PU#a~aR4dB8lzUnX9__;%tYj8|kDP|5hS#3PK4pI|_g@dd=2
z8Gr6*16mlr^%w(M8GmV_0d0)`hj=IBbBK2_-a@>a@$ttR(8Kuo#QPclGw}h&XB-DW
z{i&;g-i2=;Z+IHj3(Lo38J@}bLP{r#@h6A}8Mo==GJXc7A7cDBluj|@CsLdxjN5c7
z8DBx^H!>ckbeb67K-`||^=9w5pmgjx)bcjswr#Y0@(HHgY@1{Gb;LV0P#??FPcpx|
z7%wE=%XllL)5rKEtqQ??26B+@@2&_#8^Vgz+U5kG=Ic4)5oT}Gi88)|(r;$GWs1pH
z3*#RWZ)NA@WvWT1lkvlI4DVvRl6W`cjl_Exf0lSZ<9ALo=?^g8Lp(6XY`5js
zPdttBqo*6YOvax&-S8~N2Z#q5pE=Xm=Q3VHJj8ex@nXggKEtF_!g$4(4XxgU
zf1lE6VtgXmH#7cy;w_B7N4%Z!*=L$~IvD>N@lM7=vy6Qgg_z{#)1UMCmw22eHY^=(6(;i`-6QC
z<8=B8^a7`)T~F1=_>q)WKX6)#^tKEzez5hOX8zFSY0FrXG{%oIW`T6z7;TQpG4{B0k<*gO$ChGZ6V;9l!pE)X58AB0G|N%m5f{a
z2=Jr9KFausw5<{NF<{@sxJ|zqcox{VFkVO7T7la-s5iASZp*(NxQ$WUcQ9__=>&d~
zHl$A%h+IOY=`LauPXqfl#%*0}2TnsQ
zPu0P=weJK@Ln+U`i}B;gcQYfDhfYT7jvoB!W
z?#mGHe2P(j6*F$@a|!UX!M>7lyDuZa&jI@=<9E`wM&S0C(3_eVx8>6eyb#iFVceE~
zEAVr{zKwC4emn5FVBf*GO}`WPJh1O#+@8z3fu9HVJ&d0~+j@c9A(r0M$GElc2Yvyh
zKfrkG+(4Z|UH?O1pT@Y2KOOjmV4uObwa)}TAMCRjx5sY~coEp=GH%^i&0m
z+w?=gX-MhW7c(BK|G;Ue>DgB@Zp%LcoQ8;=eUx!)-w3?evo!xSF>dQ;Gw@5nzJ+ny
z*0ch@4D8z&xAC+Cry-@M>R{Zq&z-;*Li$~d+w{AE+di_E^)P;lu8``}3;YU$ynp)`
zKZ&;W0}q4!0ONN52F4mA?XCpu(-^mPJso%{*k>?q>q;i@#bBSsxb0g6ftP`OF5?H#
zwmjhFU|+zvU1tgbuK@dE#_jQ20(=SBS2AwvLj?Fzu#Yl6iMBNYuLS!h#%*7%8F&@g
zw=iz&Lo4tr!M=@gTOZniUj_CZjN5(L3A`HYyBN3Uwr=3dz`loZ8-FkG8nEwU+{WJz
zycX;S7`OE~K!bK&|07_Z#<-0?9r)E?pTW4@Uzxz`z&?v{+g1jF+dht#^m5rNZUGruLAon#%=j@1HT^Zdl?)G;PZSelyr-F>a6FAn;qjK9})W
z`wx6I*cUKv?L)wC1^Z&gZQEJ`{5G(!Wc(1?76JYhu#Yls+nPq;O<>=|xJ|zq`0Zfd
z!nn0>1%3zEw=r(dwe7&~1p5xgZTg+S*MNN&<2AIc8~9hjzK3yJ7QMjl0{cG3$J4fc
z;9mp#0mfr}eX1C`{x^et8soM;rvv{w*k>?4i?(F~zZ>kc82=t^3j)6f>~k5n@#g_w
z3-$$!+v7b1{9dpxX8cfHAnH>B{2K;&|5h^o3)&U|ejnIJ8Mo(#M&K=A-^94>Uo`{2
zAM9HgKbf|*0)GJP+ZaEQwzUKQCfIi{ZtuzI1ilXJyBN3aTQ~3r!M=y_DYUH@_(Ndd
z$2k2A^aFnw><1V>)ox2Sf9T!aYMJ^@W8BuCbl{JGeFo#UJTrkm3ierySJSp2@Na>A
zF5|X7;E#cQCF3(_TLk#yU>{}Nj$Ippw}E{V(CzJ+mHcCEml1p79|L$s|O_)}ot!MLr9oxnGMeHY`g`Vag&VBf=dto{Rk8tnTR
zkJW$R-v#>t#$)yWKx3rqe>>QxF&?Y`z@Gv848|wZwoKs9f_)a_wtRxXp9A|`#%=lJ
z0pAGr1&rJB2?2i|?28$<Lu1+cGV+?G!S_={j4W!#oeBk&HeZ(`i0-wgaEuy0}9
z*3VYpFN1v>;}d9GJ8*kW)|)yQxAAlW-vsG*F>d4O2L1}z_b_hL?*;xU*!MAh25svH
z{(Z0?U_4~Ekt1FIJ1tY+X^c;&ZRx;&0QMP-+xnIX{57!8V*L2s&Bh?`AA)@@<92`L
z0pASv1&q_rKnVEjU|-C*9ez~2S?490DKGlBmU?6VlR_Cer31N&UYSJ1XR
z;9J4IfboU2Ed>1MU~k|1r}L}1EuRvw{{`4rGH&f7z<&w$QO4~(IgP-3z`lv`u{tpI
zX$JnDLEgVDjNAI$3j9}K-^RFYi`#+!8tgk5xBanB;O~Qd7voP*`_>KoH(=kxcoA*u
z1^xlp_c8uw+SU*Jw_rcOxZPiYamGj&Z!g%VF@7m+O9%ctu+Lz8f7+G_{P$p=#kf7*
zgTVg)_PLDH;T*^Vz76aP7`OHz;2(m0G2_<01o$7pzLN19X8%t1^XVx
zr_;7x;Qt5qeT>`s+zltmvQ?Zy*%JMz`lTSTi-&!{|WZRjNAHF0{j!OuVmaFzY*Y{f_;>68&4zf
z0kCgk+{V)k{9j<-!nlp675KlwzKwCaf7^lo2kbi-xBIsf_)f6zV%+ZEZs7j~`yR$)
z^&j|WVBg2MEzf@7{{#C0#y{PSHqwdGJH2}U7@o$sEuVDYUjX|I#%=jz0^benvlx%{
z|AFrg_PLDPc=CXc0s8{R&!+5#fbRkJ#f&c}`x4-Lf_)|96UaUSd@rz%GH%Z!`nn8|+&czlh>#1-=j1w=r(#uiAm{3-%q1+x|c&aN9@IuDckw`>PxHevp0-
zItv|iMj|BTZ#%+D*2YwXT4=_HB>W_WUfHutp`?L&WV7ZMa9ry&W&tUvTN~k5n$8R3+9I!87-1Z+rz^8$IG2;^`o)X~G!M>7l+n#5dqZjy>!M=}in|?p=Gr@jA+`!eFozb
zs5~=)&j$M}#%=ux0+034R9d-=+xn9Sd=8{vz_^V+1Uw(?iy5Cm@s|L%YyNsuCF7Tp
zeFXS9kbabLTR$6t7l3^ecGh8~7ry?_u29_X58H?E4tMg5v219tQgX#_u5ez@Fieh$#@3YM}RK{
z`zYf!{zl-HVBf^}3QE5jcoo>UF#ZzRw*tQs?AsW(?MXZEtH8d4aT|Xp@M^H{V%#3@
z-N2WDeGlXIe9;TM2JHJ7kM)0m+c^eZ6a$Rg`WZOF6qHUn0_mqQKHZoF(t%$M_8E-F
z+JE46V4uZ!to;XG5B9l?+x}Y~@CL9iVBD_ngn%yx`(noJ{w)D+pINAjqLT3tl}`lt
zHIROkaXa2=1Re$ZCdTb}tr_@Auy0}9mS-#QYr(#a@%<_OcHq~6eFx*zod|RSUj_DE
zjN9X@8~F8L-@~}A&%MBJ0Q)}1Powzzf!_%B1B}P!3aMbVX(QODF>d<<>A-IS`wYfy
zeaHlUGuUS_ekH{p1bz$H=Q6&W?DK%H2KxfWZG8>_zZL9@8Mpn165zLieI?`eTA2v&
zuYi4&@yjXxM&M0g-^BPNvTp`{JJ`1{K9THOf!_i4ZHymG_U*v$1p5xg?fJA5_!_Y9
zV%)Yr-N3&J_C1W-{nZQnF0k)o+>T%RfqxC`2N<{Qk9`@rHf;v`G&*5fPVzuH@UMe?
z2IIE<$pn5k*k>_r(+>i_2kdhhxBZPg;A_FYfN@)%A>j9deKF&su%AbztAc
zxZPjf!0nu_cHP5x9>voO{2@rckMRr1z90C*U_Ze48Dt;GG=FH*RrXfE?|^*|mtcfo#uaa*2&2}Y+)+rd7Kaoe9s2mTD$
zXE1J$uT0?2f_)a_);jqTR^Ts#eH-I8o_65h1N#ofZT;*7z6tER
z7@tP*cLRR~?0XoG&Hn&@73}*MFQfGPf&T#P2N<{40|bsXLT&mQ*rzdW=U3B#ZwC7e
z#%=nUz+VUZEXHm6=k6JgXAjDg{#pv0{`9uq3VbiH$LB`w1N>#M-xv4};A4SLrbKn<
z`vJcIxE(v{&DR1y5bW{!gtqSJ%`bqx9n)+66X0~|qQ-&00k?Hl^L^6vzwzgsn_q#z
zN*c)M`0X*Fx3vPNu7M|c33#SQ%s)Q`J^}b&fYUDZw(da-?%J;%`|1rx0?+a+%|G*i
zp8&i9IJxq+-T<8b^!R--nPho!=?I
zPXRs^cmePn;HAKAo1r&f3*62{X?_oIyJn^N^T2a8pwG{MpK77{-T~asCFso=R9HG+
zr)xl;nZRdSsJ<5gx92py`3B%$2K$GBp9%bJ;CaA50zM1)VYKsfoU?)F0zV6Q6>z&Y
zs5jpZJRj`W13w%14}qTp{4?OTFQzw-r-n|)SqS#$0Y4Y`Rlw&0Uk7|1@Rxy~2mH6d
z&j&t+Dz}d30^r93w|yVIIUo3iU|$A&KJeARi-5NQUjY0~;1>b^6Yz_H??nfpj{g$i
z#{(}0o)7#|;7fpC2K+YQc1)l*KMs5$*uMdM5%4M0DCjt^0Dd9xFz{;NCBWALF9rSz
z@WsI22X6Zadh@@5+qEpsucSsw$628PeVTwTu~2H3gGL2
z-vazW;NJrN5b#%lKMZ^u@K)fvQD;lX^9b;xfjByao8Pz+V9V9PnQN-w6C;;Lij95_OJs{4W5X2K+_f7Xj}8UJv{w;O)R)2L2B4
z?*ZQqd=u~!^2`q%=PSU^0sboRO5ooIekbrw;7XMzXrYt`1`;wIy-Lv8{jK}e*nA-_-}##5qK}~gU>NPbUeQU
z9t8e-;343D0A2%p8}K#2KLq|H@IL~77xF13_Jwt9`Jty{}lLtfM?7#KXm*%fu9cizrZg8{u%Hn@c#iX
zoM(RM^aI{M=J!(IUjW_&d^g|=&x@zCJMe3Pj{&|G_#VK20DMp2zXiS*@H5Yk`%MGB
z82H}6zXE(8;6DPsFYrGB9}9es3*vtF1AZLv{ehni`~cwJ1)dK4x4;hsz7zNtfgcfy
z$8!+yF9VNVi=<4i0DdsouLOPw@cV#&3HWXo#{Fgh&jfxb@Gk>D4ERFehXcPB_;}zg
zz>fg_0`Mb&zX$v%;5&h50zYhiJYN%lhkzdqJPQ06;Ew>G2)q;cvA{nCejM<_isJDc
z5ByBvS-@Wfegg160zVP>-V5UCp9K7P;FEyo13ww~^}r_se+c*~z&8O80{;W>Y~cG}
z6pwQX@KbkzYIM6l6ahF0zV0O9`GXIvw&X>d^YfRfu99@2k<$-Gm7K!n0B;3e4E$B#mjeF)_+`L91AaO1Nteg-
zwGjBZz!w3p1bzkZHNeBb-vM3%d^_+`;A0oY<5>*+WZ-4M=K?PWUJtwi_`SfF0Dlhn
zQsD0buLM4JQ9RBn;3dGX1b!p%tAMWqUJd+Z;LCvj8h8!x{{gQBe$*B5I3vK%1b#K}
zFz`CyHv+E*{s8a>;6DVu9Qf~muK>PZI3DLUz$XKb0-pzbCGe|(UkiK<@aup-349gs
zH-TRd{LjE|0KQ*IJpLPjKMcGP_@9B_1pJWFcse%&4+6gh_#)t|fnNvwR^aynzYX{n
z;9mj$58zF}4_O?K^LF5;0lx!yG4MNq-vE3K@W+9F75MAG?*iTr{A<7uEQ`n44Ez+}
zUkAPb_}#$kfZqeW8TeY@PXoUf_(#CM0sM^ec%1hEzZ`fA@SB0(5Bw3}4*>rG@NWYD
z5coRayH~{Hc@X#sz#jsBF7SteF9Y5R{7&GH0Dl7bqrl$){w?4;fv*QXen~w3Zv#II
z_+!AA0Dm0#9l+aww*h|w_&dO#1ir`8csx%5uK~UR_!{8f0sbWLr-AnX|1R)PfVTrb
zv@#ygGr(s8e-`*6;LicS4){jk_XB?(cn9zofWHU)Mc|(T?*KlrDjxq!z-I%08F&fs
z?*YF7_$J_w0DlGe_kq6({1f0m0Di!g@i<=to&|g}@L9lL2X0a^Q%Hx6vA+U=O!{*-
z^}R-db9q22mKB*eg~CZi1D|GM;QM%@s+@J
z`Aj$24YUB)e&4H;pLM`>`a7wS+r;=pYUJK$d^Pc%jL$p3OFl53>Z8r?
z9mHocZr{JM5crWM3Gd%kz;#-mQ9A1we<$6DHZi_{8sqmFzmoV)#v6%`r+RJUZy`Pt
z_)!q&Lg1OeR{@^@d>wG@;{{6JzQ5c0wa7>-kcs23OjK4*E8{_-XNo))qPdfgip?oF+*V|^3{mH;}eSVBIA>hYA
zIuYPHogaP4Y+TFuXBmcfFuvkY!+RLd(9YFofblDcXVCGged_Vd#2#w&@hV|*>~O^m-v+`hNe#xo|$6QdA;w=LekpLB-@|l*>JtU7(U+%sIB*ki
zZJ$H-_PvTWp4W1W{S(aoe6qLiL$vl&sN?c3v#%t3`yNAUzxh;?emb28Ebl(e@F3%-
zoo;xD@nYha0@wLkL4KpaHM(J@N#`cu+Ws!GZv{?O#1lLLT-$FVd;4BI{qqFR()?rJ
zXQ#RTf8fi8f6UU^Lg}Q_dCA&upJnV11+M+>B>P<88htR^*v|s4?GK{~9xK8W$=bQBHd%JA<(=RZ5J+pt3_-4lcNZh{1%BC|r
zWYS5a^RwkEh-WeWGVub&$6sjDsbsvF_!`EKruE%>f$MVk5tYM6;5w%HMJD~Nj6Xo!
zzHi9J{~7TwP(MO*oxUA6WdhgResqyZKacSfX&tc;xK8I&in9{9PA7}j&zcxtLcERf
zM~QC%exeD*`*%BVYT`XU_8?=VeNHledjC!WelqZRz$XK*2CmckjN(}iT<6!0z1ITQ
z_Q%q?%SOi65Z}sp8}S{CZzevD`cpb>{eR0M^^f}GFusJ=Cl)Zi8_oMSF#ZtnwT!<{
zd?VwBlz46fTNz(Kd?()pO#UqJThhnVfwKE2%h4l=%(c!=?6g|Uw?K6Z)W
z&5XAaZ)f}$#Jd^af2m35J>WXOB^1AX9=nZyBiVm}`pcSY`(m6c}WN5FOb*HQdw8D_i9@6%Q0_kqB*y`2{d0@s?r
zGGo7h@u!J5Fus}iTE_coOgbAGZ;lwg75H?6ynlB9p8@>8z;*o3Q+_jO9HV2;1^Zm!
z)TQ&b76U&G?4!V`>*j530X`G#JAj`7yazaSt-P%Rz|RExFX+sukB(pe`I4=N!1ENh
zpFH5y74tTg0H1A*)psNCvw*h(p98!TICZVOt-ZjhYvu8efa^csr1-}iZW7h`I>-F!
z{ktD>hP*Z`cmVjkZD{6dqo_wRP#^MQ}0akGxS
z2>2x63xLl9ei86$;1>g51N;);8-N!B-vazn;M;*;27D|{qUrcA2R;e-Lg4d&F9LoM
za9t07L-nu$_!VHk7C3bsysaC7mw^2%z;*h6qx9|b$8`L3YWGw-!G1BMGyW*^L)+7-
z+52sq@ZizrhvwG-4*_2VJOccB;LX5q0NxJ#M&RAR8-e!&
zzX^EyG3Li^>g#6ULEyIl4*_2dJOcby;LX5q1Ktk&E5N&fHv#Vlemn5=iROon{|?|m
z;CBKK0bc_=3jC|U*8#r^_$J_A1O7hnX5c%4e;xQ9$C@8Heto>`zK8jp3H)w@ynpk6
z-vhiH_*&qrf!_=KtH8D2v^~tm4Zyzv_T9km1Ktn31$g>#=7-ML{lJ639{?T#{!QSQ
z0@rb7QJhiW>%hJR_=CVZfIkGh2l&Il2Y|N%&p6)v(D`}Lfp{|NXF;BNpQH_80aadrXE0sbcN1;F0|
z-T?e<;A??z0lpFVkAZIm{toaRz<&aK+{xyLj=vjtF7S7O7X$w(@F?(~0dEDq75HZ0
zKL@@I_%DEunQVUOIDZK|3wRIk0^sifuLS-p;A?>Y8u$j_?*s1!{u|)^z&`*!?iBMw
z$NyX4Ily~?F97~K;0?fk4}2}~KLFndd>insz&`}O1Na|-X9Ud;9si$z=K}8oUJU#r
z;8Eaz2HpbvFTgv1ZwKB3{I9?Vfd3!xjBN8m$Nx9rxxo8@7X$wocog{Gfwutv2k=LL
z>-MUd+N)0BJHWmd_&j4g5^t>w)J1-wb>f@NK|n15cY7kN+&-
zS-|H2F94noyb}1?z?*=d1H27*0q`xr3xRJ3elGB_XT;;53w#prdBEoZKM!~{@biJM
z0e%7S4ZuUdw*bEo_;%p)fsg%iJpLl!lYrZ63AN=s;1_{?HSmjpuK|7u@D0F=fo}nR
zDe&#UF9SaI%y|5l1D^zZA@F&?7XhyZeg*I~z{9}pbIEjjUIM%u>`Q_7178e0Jue=A
z8So(Ra^NB06~G&SF9E(5_)_2-fmZ_W0bT|Ccfbz|sOxR0-44uBKh#H;!P}>#$G1wZNR?^_G8YC=c^rf7Vu|)7XW`2cqQ=XfHwi(2)qsW^T4}+zW{tY@E3uP
zog0t81Ngzfbva~FIphL=3G9o3zYN?yXKy!^#`l1?fc+-m9l&1!-UIwq-~+&a06b$}
zJYTN?&jr32crozTfk%ORd8jk#wlKa=z2Sk$^(&V(lrC1^4Rz+b(*9LfQC&K@p(5H4
zm|R}kP#T!LxV}CxIYuXkFFU`e;na#~Sw*Cwss%om1Enk)&(ynakL)n)`mLUYUF0nQa{rj>=&PS6P@ghiI2
z(uT@ebxW5otEg$1;}yDORn)Mux}yA&I$e}0S_NYs^&Zl`C)d?ZuC6UBtqx3HT2>Y|
z`#P-ZNp(dm2Sp82Rmm4#nLmH-f^g9k{U3|Fs3Eq?3eWd4G40~g>g5%=XI*B>B)_O3
zCsJBfS2$Pev%~7Q-lG-O6=e^{Wj;TDl+v6(R~68peY1~EqiciNs|$sXHN-VtSU}zo!2xJs)Kb#ST`@(+1XQ6V^QTDTKjuvk*MevP&_ako!j;pJtQvLPlsg2klLzo2Nw
z;Qcp3v5RT*@P)?F+l{KS<;QJP-i<>gCl+Tcug=PNbox|Q7@BJio9rpr(0h5AI;^}T
zNpQ&A3`gsFw5j~hs#a&2aAlP`(TWFItZ;YXST+emzhFlEY7wu$z)l~-PAn2TgYSAimo0;yOi@Ekg=(XRoz0?L)jCj2MGX~K?{ZoR
zCAJHJl~)Kw=30Z#nxc-{vK9IHssp6DI&+JrVs3Mm)vl;0oUbhMFVH>5>2(#FsNUj|
zin@xLvWmh5;ryJ2m5~b7isrCZRMp7(YgA`KtCjfFiW=Sd3Rf*DEUvFBYEXUU(wg#c
z;kn+QHMI?4RfkpIG+b35Zde{smeo~Pc@9(uYD%`Ep6jyO8r8vEUe-{h5-Tj4?)A8G
z?bg!z`l_X#A8%8B{7OV
zY(J>7|C~FqQoF4By$#Um)#IO(+N{sDM=ZABqf~gRkksKeTd0fJf@f!YCWV%m@43+Ar
z6-lmtk*G~Vk>rMp3RwouS0{~K9Qx$cS6w^k^ikAM-LMNozs35@=*6`lydW4}kR4v2
z2fVtq#Z#U>hkj08d`C$tRJDhF&XqR$d^OvlhVO~dk3iW^t5_CkSSg&lcX6Lit*9x7
zeviuFl=virciQx(q+EK7zI`1vtHH`;SG}1&8&(uu)Vr1gv4^yar97>yx}tRO1lKMf
zk<(N^zP=(~cTfhE>@J3!on2jfjhdBQT)SM=5aS`%p`Ed$w(gqJy7I#L*vQ7`x4bD1
zRhO~{_x)6lkGfSO9r5(4n)-^m1~t*5&l5spoIPFj_*hqPM)+LS8?`+?6|pp~(dn5E
z>yVX8nOz`tq;_#nrpW+py#pjQ-LUayCedX~Py
z>x{%l{v+bzROLdAD=X`2uZg?S6}hUWp<-!WX|-uVN>x{Ku{WJNs49;{7&G+JO5KWz
z{AGiZ-^JEs+Tx0(RW)$Rw^JP>-FC$I8c9$#R`!A~bGI$2?!VQ&IXPAqO5$
zFqKK+A@lCzSC^ZfP~H`7Lesr>Z}vOV*oM%J+syVRh11O=#UR)mG}&Sa0m$jgQnq)7h%fY>PcN
z?n{z5Iv4xxc7LQ=o@(qeRDlkejL%Mm{V}9G$=;~(Unz<23$>c8_Jy9c&re}r%z=H8
zY*)yki=Iuxo$^k0NLk#)J_B;!4xMUg&Wn!%you)g72ZU4tY)g|FEfWdto~f`NpDyj
zP###*HyodOudC5@e)g#hH(Z3YkPhcjubV^+g{&{!G1CSip-jCw8k^5iTLaKB#QLEL
zr=L-C2{lr8Sz_1Ds0yMQeQXLQlI(ucck(F$TLQlz!
zQi1x;Nb5PsQS#~46)aG@zB`)!>=8M7+47xW9;IxF-5r%ZI8IYu?i=dNFDqtKO2im{C4?dficd$(!!#2=l>e*3`_cveDG2
zWowG=0IKDb>e8|bbq!8ULwI>j)z!-@3eTPIb)x*HE!C-U$mw6TeNIGW^z+JxofrQ6
zDuk(nNoIGw9t5_JBe43FYx`=vFRRlw*U8G2FTbo>pN-VGNSNrE=3OzOb~{~xCUyG?
zSD0%y2VJN#dWYQ*^;6|`N_M2GqO9VYDm4unTgwPH6g9+hxWcDbF3c18ihKzV$(&t
zP#trZl}5w%N(q~zkxIL)G*VhtWiA95;k3oRv_5B#;E|fGYIdw%4_?|BiQ>;z_Z!3)
zZuGIER-^P)ii6h3)nezAaClkiRTbtU!Kx){){<`dh|OCLr-jg+SnsmKSSmUUb+u$L
z91^+*Bav%0tr0I-?-EHp5c8%Zq)76MW`&oj8Jxk#@M!fVeI`do=8(&tV!LyCRYzSM
zs!Kb6h1eTYjg+)DlJo>6iS)FTw+gfiXCNuv)J`#yG8WOGb4WIvLxiJx$i&=d6~*LK
zQR!(zb$yY~w4wi+QQ`@GP^09xN}=|TcMrkv_m5A?DeWO2t=>moRD<@>)FJm#vgDli
zl3#)4B^fe}5xiDpNI%}Z
zu^AAA=_0pyLBb8i;wq{tZ?o=g<|a}-PQ=|AFI+vOR=dGlYBWcQuGu#6r1j7tb-!BZ
zyzVz$b&+C~F#+GVz7fMBW
zcv;1=#mko@z0X0nemYCEUS^9P+P{%mo8qV5QJQR2o%C>B)zZoaHQp8Pd5_nwQJWc5
zcM_<(@Rtk`Lc+Y(sKud%TxtfOt~TP`@$VH#{Gx0#D?WIZ4R(Bvu1xw4L%PpbAF0k0
z>)yho8aU;vR;4Ih@7J|8`>#A~@9iBgE0IH@YM(L3D8S{;vL#acc
zr|hdMqE%(J>f+5vWtDokgQ~)I)qnVxDC*`{UueEq^^|kkk#wyn;hKX{D-PX5pj&)Cr}EEH9`V)@pVr8y0)DPLOov)lSD`K>
z_fE921wfyW#rdSsYCNad;k@ba<3eRPQd^(2dVQV+scw%Bs}(wZ>)YUN#^9dHs8#lC
zy+f(IymO&XB~yo<&n{*i^ihj6p~PbCkyi`7r?`AxaX7YF@srQ!oy7gudR668w}*On
z`Fode&07}CA9C?FA3K70$%2aBXB~B@JJ-~?*j}kX{ZvR37GQmslZQ$iE`t~6CQ
zK((eCgjHO<{*<_qi^KmB%8%;ekJ4j_yk)i6%BJ!IlcM?}jFDU=v}eAdE@IY87$dl=
za$~EKdOwZQ%4Ci@O_taCEl#Qo4RMc|JqDB&Ut1h*!l_)k9HJ&cA%&+h02Pige4N-(y(unS46fu?@iqnT8)Gtjikip`j`;-bv-IN4qs
zXDjj$jkz=z?$la~3Gn7vEkCHKadxQd4qtqtS4_t&VaBQ}W}mgU7S@BDPXC_Bw
z##=qa(|$r`{8BP2eX;Do(dVZa;s8@;b*BT&&qczj(NuK|>1hzXW~B0&^ceC96em_)@yMO37lHYa3pGSs#Tj1z)TaR!kHCc5q1F^f
zZbeaU=gd-T($W&w*`T!SWv1*_;-SjR?|2f5#Vo=NT1s_oX7S`T#apiRX6RSIVJEcU
zQtc5dNBnd&cmZ*!`)TFG)Ddmg#`Qc-WkuOlYW1cjf0_5ZVQdKTEGQIR?75jf6V~xE
zTvny-m=jZoon|p#>LDaU+zgvNt-NXpJrd7bbJSNVt3Hvw7l}pBd)HzJwlq?`$Sz4D
z30Kjnx~+PzIjXm&pJ!)l08S6@VigcqdDRtqYAGwRLuz`VaH*cUXh_~AW`$Z;5YydM
z{ScJ_^@ORx#Vd~_qyoy%pHWWtPI`6EUdJ#fO;sLF&*1fDVq(kFiA&Q{f^@S*?0#zX
zOzNeBT&g6f@8Yd)&s!W+mtTa{rNp~%uctces-C)D>$5vOel+MOmk(pnTAz_h%gYDd
zm#U7^*i4w;v%c)DCi*B-dsdBxQhILoH06?t!DUHx^a9eyXk>YVTQKrDQjZ8@%Rpvv
z*p`wxF8FN?rZbg4bq22K)-;q>)u_ikdE>oUHB^te*Nqb1uME4Nb$8tZ@s^m)i3@Ak
zD9$aaV*i})I~~qSt(r$a+nb?|9S`xDVQ&G~9*d(}LG`5&%WCVTC-%ky8{q>r@x2EB
zudV~}+G6iwl>ZmmkG-ZLY4(S|daXNkdKFmD+{N}~ypqLQd$n0j390!Y{Uo?j^|bC?
zUCTC)3{E_CsWerq;fzJsOZ^vnnSyu)>8>3c>KP_g
ziIsE|dndXxpdZ@dEm;nFkkY7iip-gb9*pfdk1c?&@Y&7M3b(
z_Xex(3tgBQE-Mw!HYN?9I;Q)9s!q&T-=;>W4oi0UbG#3Ciatj4{-c#=b2qWKNIyjV
zPo5h!S{b^EyA_L`wlhyRvb_i0_$PFqQ`lMNep+_3UNBssUK(Uh5PDJ8&UEmer#B)|
zryZ5E&+Xt6Yq_qouJ_Tp925SXWYvtgjttpCVn{W8Y}Q&ODvu3@$dJrgxg;ynmbEl~~cQAX-aLdz#+
zl0Z$&s{YWRNdo09H*p@q@BX@BWmNZ1U`>o293xztaEfobnmyIG|K<;8f^QgA8Rq{?
z$$QSt5OC1SwK_^iWbw*-;8%*%gTu)aRiM;n4~OF*Rt#!i>FVkg+At;;^AnzwpU@!{
zr|(8A)?J(38%`K09@it>a>nNd^}30g8&ubP47%WYh{IW&aZI?3B%~T$q4iHT^Cu=u
zclo8<+W0IrC9Xw=)X7~1X!{smGo3gqsa{y8iXb*C>6dEKTV~i9#xEUg?s8Of=S?~d
zqq*}*Ki)>El=Z<0lUjqGIRY)3Uver1y*g*6gHvm?k|dQG4YkUtT8rswZ9{iUZN
z-la8zyDq*>oKL#A!l4tltM06s5Ly&<8o!`uq*oxlaeqShB%uz$5hbqzsk)<=fZ}~x
z)sKwre$&U`z5mwEf%bHTWqpKI#2Dk6AZjeywvDHg;^)tV|443Ux
zNJCs-hJ~8igE7QV249`#mAUz$N
zpUCyJlRjI-YYn8O8V2=BiJIlr)oQq}9}urz>8jqRxmd_-Zh2LGL#clI8NJ#pdz!sx
z$KIy5K;3IMXiZpWG2!)UdahD0pQ)F_)-D;|!GJPN&u
zGIi-gb=fX0M(9C^TDw;b(gJ<8t!gHvTU1peX6{q;ypF&VQpQGT5us`SziTw)tm8
zpD?Au#;59#S4W!DH9>N>RaK(IHQ8a!eCmZ*KI5iRR*jBor)W+!oISd;s=5^n@(aAY
ziB+#DQs-&9_{+O2MYRnhbMJ%KB$_^>8kXvpX(lwy(7zjrUC8vGw?#l6Il~{6iSmcv{
z&5STG!ZE)JYa|Coe!&c`yxv65t`CiT9OmmAFVtj|spzVcM6YY`21j-T>|fXYQjJ$<
zJ<%mpvJ}VEgKj8GxUf|16ZY6isgCO%tOxfgz4l_L#VILqsC_A|K1pe)!KsbW>;||7
z)$Rh7)j@Z3NoncpbyRwZjg=Cox-KQAsjHxg%o{yJKTVZsY#Cpz%d2;v)z+!^g_zfJ
z%VXCWwig$(*B1{a4qjDrze@vQb;g*k9_>(GyDVHoX*AJob_e`eykKSz-@G_bDy!DoEiifFr(3c~PY{=+MI>^+s8GlDlqi?0^Gz
ztZK|uyo#7^d+p*YE6N(w6%oT3ap+EiI;-jfUAqgZlf!)Bn9*+|8&2}(aN;LCHSy_n
z!-qO04rlbl-bAJw{gJqdxx9iu6jP-f44+j?*U}BE;LUx)e!Ezeb*i0RHRrD$YE6$I
zS8aB}qLvCYv0vrW&5L!NQ@R)5|7h_^-m!1xlZwikjnnjDUO;vy=XJqZldRGgheYCX6ix@I9h=Z$_TL3^Qqlm=s~mW-w|rxjo;l$6>M7~q
znFFcEIaH4r+cZ_-cXet&a<2zPcDZ%QXl9lPK`SsT5
zLf-gMlB*}1)kD*&^n~;D#Z~21b?PLd?*D<8cz@Rm*%Iv
z)0;YZ>l!s%|ECTV`I+>o2dA#AFRLk6*NE>z-_o01^(M^+O%B0j0Y3dr)l=S8-)gSj
z>$R%lh>ggGnp#vxpJR{88_guN0qo#Yoqwk%EeU<7WCxMzT&wH0Rj*NX@ARu`RH-Gq
zCU;Imbrtf}D5&sU^{1+eY@JuXifuGHCcJROHrwwE0M{Py)3JZ6?Uz`>K8rP7d_vey
zt&TH(O_J1dQ)ijosIK>uYL-u}s3~1sT@kKYQdnGHr*@iZ_|+o#;;IJkokY|P)h2}t
z!YlHptthQtu3uuK4l1**pmv}6FaCIWR=&P1zq)ix)%0YO!hX3|!$sTndyk$;JQu5i
zkbBY6c|=V+*@>N`-DFAc-w#fF3hv+ztC(5}9bHkEyeBKk%mWvO=&Fv^S(eY=KgeRcagKmL3+)6VMgyw}j`IaZb9DdEDJ@``AfUYk~2Z<=8995?+-cZ=c=
za`GMvHX;KqpUdZR{I0?GZ2(k}`S!)>+#yx?p^sLqTB?1NJM=>3Owz~nCOr}!b)r{(
z^$i)iw$tS&b~+&5kyD*BhnsO&#l)?sE600!pW-i!HMA{d}q+X1<#K(EZZH339n|i3=lwO}8
z5m2>yI*3h0Jx<1&+e&9@+?-2P4O}u=H7n6*ShXqjdip@UtuVYI7?`Xcy06a;fyp(s
z4Hc8mIsc-Q)%CDtSJCgKHOnVQ)Eh4<>KbhL6_w#7b*0Oc+og52%Oio2_&oouK;S?j
zp*&(^>HCE-fxvrT2n5uZ_p#r8`gvrRM&DZhx7}0MFA((o4*G?H{$mGyxuE~MgT7kO
z|HDDwKzc0yUpbV2qu~Fa4*r`2{jVMTHw*fIIrwiOJ?8&?2mk9yKaRe2{rioBzC(!r
z8kL6n&->VKzxv-vb{PK$4*s_Y`rkU}djx&2gMOQ!|DA)rU(o;FLBCVbf8bF5Y08)W
zVEO;S!T&fxzs*6PDd<0R&`%Qde{|623i>}e=;sLfJ_mhB(0}BhUnuDR?4Yj{^nY>C
zHwgOe4*Etx|5pe78bSYm4*C{B|2GHydO_dspl>HVp8r2~(02&_vmB29&4T_!2Yt7o
zpX8v|=PLcd{7-h!>$ZmLgARIKSM>+mzo`!T0YU$F#Z(gB$A0^r|HkZQ>@ff3d!()(
zOL~mI!6E((!GDE=|4hOEatHsD1pPl8$}d;Y?{Lu15%m9b(1!&5Cl30Bq{sbV?@<2b
zg8wHS%0D9bZ*cG*75qQt;D5ECZ+Fl)3;Jgq^y>uu^A7qpLH}b1{YF9m69;{#pzn6j
zZy`O_zfT?N?^eP8PaXXC3i_Wp=(h{{UpeRp1pRLu^kdXmO@FZc{k?-eo%C4#zje@O
z2>$=zpr0t{|LC9(3i1ERL7yx5A8^pm5%ixq=tF{DpVL(m-p79Xoxc|f`hPj-D+T?(
z9rO)?{yz@-MnS*Uq5WS&daS?qI_TF5{?i@wt%CkQ2mJ;i{x3S{Hwym8Ip{kD{Xq`;
zErNch!~X9P^#66xZxi&NIq3TZ{r?>FI|Y3}wdwY_wcmcnZyFh3`~3w6{Ww9tn}a@6
z(C_Y`*JCaH!T8T~s6V-aevX5Fj-Wr=K_3$Ig%0|Kg8p0weI@C!{hI5bj|l$fIp|jj
z`tu$1O@jUc2mM+>A9B#Qk{-)%zJtC^&|m1F*JA}<|H~Zon*{%@4*Jc4{!$1179sx2
z9P~YcevyNIo1oWo5`<&le(h&J8RGum!$Gh6disOPFY{Z~8a
z^|_w=-^(HXOu>J|!GD&ZzuG|`Bt4d2or8X+;D5P;UY~1t`K@r!>$ZyPuW`^XBt7o`
zl@5A6SI7Nd>!8>Bn(ME3(618oH#q2<1pSQ;dOcR)@i#i?bz7@HSpGLT=-UMUH#_Jz
z3i?|d^qqo!wS#_(pug2Y-y`U6bI@-S^l1+5SHGawbt={K$4)`Nw}bz*JqOpHeH`@Z
zf_`5IeFo{V{k+Q|{}ToOUw69P|qW{rwL5
zg+lxfIOr<{{Wl%-4T651gT7JFKj@%eBj_J;(6XxRLEjve}jX*SI{5mkpJyM{9km??-29{Ip}u^@jvH~|FpdZ
zpFdu3(5I6g+y56G^y3Bp9S-`5g8!Es^g+S@IEV7j74+Y8@Si8dzsW&APw@YWgMNYF
z|5XQliJZ~(Er>)UqE{L
z3h3*X4|6F0kl_E94*nMkdOapjwf9PISb84yX|M7zVBOLrs6#W0w!GBQj
zzr#VFEBOD!K|e>(f9jwQ3GpB4P=3XN|9?67FBkm(+d*F~`2UZCJ}T(-oNTJ~Z?&NR
zuY$p29e<=-Os-_2qCvtH2e?x1fM;@8(ir&@j;f`2`yovMDbpx@g;-z~(ykAuEP
z@V~Evew&~l>!9x!^ra5^okIQ>JLt#kW7>agzxQ*{r<0yeL*DuO00(`B;9sw4q*{L_
z3i<;b^g$v1FFNRR1^*Kqj-NS#{vZecAtC;w9sCyy{=eklzg*DkHKkPdUqsL!>Y!gG
z=nr$yHwpUj4*IpE$NGP`gMOXh{|EDCGubdX{5*Y|6~XKIKls92mN@#|0xdo
zEWv-!K_3+SXFKR;3jQZL?7umJeyW52c|!a-4*Ft2Kg~g3F2p~>L0>KS*K7Kz9=}mR
zf2>3KuNL&DIrwiD^rt)M*9rQW4*E7he};p8qo6;|q5L`p{h1E_w+Q;<9sKtQ`YZ?i
zHqztyXSPH9+Xejz4*qut@t@=1-(EP1?RTMrek=)5Ki5H@K|(CQc@Fwa!T)&<`bmQR
zd9rPj6WBHxvP=AUA|3wb|%LV-c2Yp1)U*w=)CFK8N2mNZn|0NFk
zW9PJ@;h^sl{D&R%TLu3oIn@961^;CZ{`&-d
zxr2U(ps#Sy2lg90|FXnEKUUD|Yx+{{KV^^}_y1A{eWu{Q%0WL#&|m4G&lU9gnGC7s
ze~zHP%E5m~(APTX7m^;!KjNS-7xY&<=&ObJ>m2k^L0|8nUoGex9Q4hCez}8wouFUg
zpl>5R?!Rjs^zDNGl@9t%g8!Qw^qU3$H#_LN1^>4==z9eJs~z;)1pTcJ`hG$G6$kxJ
zA^%Md`Z4K|hxCbQ<#J-|uwLX9)T=4*H2g{C7F%Ckg()=Ah3N^vw?XIYRt*
zJLu;L{!ex|{}c=Q`yBk23-RCYpsyD6-*nJ72=T9T&^HSD2Oacl1bwT6zD3CYBM$mj
z!T+NU`VE3!-&2rk|D{8S|Jx4wPQm|U4*D&E{&5F=kDzaJ&~Fp;PdMoNNss66Cmr+y
zg8!!-^kWVf-2Q*ZK|hxC*#3XlL7yS$+a2^1h4?2sw11NX|Ia%3&lUVX=b+CM^cx-Y
z1w#DKJLne(`WGDZC4&A%2Yt1m*Y^~q+WtfZ{Ywt|)q?(I2Ys`kKgFT`trPU$bMW6r
zdTc*lanQF5{(}zjZxZycI{5Dr^xt>TZx!_Vp0ZTyPcP}Q{C?=5?-TStaM1S)@xSJv
z-zn%{chIM$4{rZAJLuC%kL~}D9Q5M_{TmMYEFu1Ehx!{7{J-hof2N>+%Ryft#Q(N~
zJ|yV3IOvOo_xKA#
z?x5cw_@Cl%{B#KVsSf(hg8qGn_`3!DZyfaRlOEgu4;=K{1pRLv^xK8_^*zO@p1%eJ
z{qG(0W9X$E*na=PL7y(@w>jv?lOD_ePY(Ktg8oAX{Ujm&KRW1h1%01`evY93$Uz?x
z^nZ5HFC;yd|6d&R<%0hlhvPpY`2U-O|ES>qV+Z|eLH~CLeY2qdhl75dkpCSH`t^eU
zPaO2^g8own{U$*_;Gpjk^8YUfeYfEM-wyis1^s^<^nF77J00}>g8sh_`T-&S&m8n)
zzBsu5|33%)SkmM9BcSdHPWAkiA?W8TajN=>f4&n2mcY$WBb3C!~Tm3{>vQvuNM64XNsg+erp8(UvSX32>$nW(6+-0zbJm_GiK$+7>^P)DN8|*LRcN`mq}7mfD|z>FO^p|14uxe?-jE{K3ou
z*$R94XB+yKn4DVwI{z;T`49Q{|0~6R2=mYLe}#{J_uGu{pd|V_(zEabnWXQb>+o$d
zy!@7_4buJ(EH(MJ&mqzIe?`duwd7wv8x%hS&E^+#@9itJYg0d@{kPlKjn&C$Oty&h
zd%`6BDJkmrQ({TKkn|^@GxayiWIN_t)Y-xU1ocS@=M2IW6W{!dBb-@el;k5#O!T9eZt_D}8>z
zkM@Nh{hl7pxIW_nW0kD_U83|-{cEE9+v8O4|96G__xkwHP0|0aef+ly{(mO;pQm=b
zl>g!s{hy=sQvN#x|34S}xBB>xlK&HNXQ{tcb`w6|^zq*<`2VHgf56B8qbcU!zSEQ+
ze|>^~{r*^c{MdRiPZge2{;!e$x`f;g&i^?|FO`2FVmx8{qu*c3{omu`Kj)jqakBR3
zE+79<@{jG0e*Y-<|E7=sa`K<-_|wm6SN{cg`L~gOTh99U)9(-E{%5FX8c5~8Iz|6e
zlwR`RDfrj#59R*v^YOnvMgMpE`0o+?>-T?h|N5CEQvNrS|76FXeWnU8|9-*0e*Y);
zU!(>elK=lp(Z9W?h5Jvt+IYhKuiyX4{p)K&B>x%fO#M$*|Lip}+<&IvU%&s8``2?K
zlKUI0C-+!mfy^n1d`W2AMKkq?fcNp2*FW&z+
zLp^6i(qBgU306qoT%W7-(*8@YGm+Xjb^QAMVLbjjef+N?|GfXp{om%}KTGhh-#^9u
z>*vHs`EN_n|Id8<=L!Dx`=_}7Of^9u`QJ+Zk7MPpZShm>qyKk``d57PnGYE+6VRFZ
zo0orw(o6flSjfMA{}j*vzUn?%DgU#{e`6B=dn&!;KSKVaq}TONzdwfizs$$~Yvlin
z%s(&x`+f9VNxw3QeyvaZeH4EQ#IN7q!s9
z(o5xEP;Vl|`1Sh_c>EL8eHK#uKPCUCqciolN+RJiUg;(OZREdzto8oa?;qg)zwP6H
z|5hVR)_-dC@!wDWvHjD}kLUjX?&E(l`9Fi=w_iN}fA#U7Mi1b`{Ojk(bN^SU>zt+X
zuO|O@TF3Ow{a>o|Qu&9-KTU&r_pj*ZuXF!z`uP8p{3olwN2%-dr1-19jUzDQ%r+oZ(3;y-<8@c~OR0Waz-$4E+V`kOg+7>?tD!r8dKEZ#c;J?Pl{|54(
zZ2wpJ_z$cwImP|2pI^rF|AvqMw^H=~nvees!M}cf5BHy;7MP^+?<4;cu&~wNDv5;8
zZ9e*azGcjk^Yo*-hS}?*XZLvD)`s;|8f7lKK>s~(f_Y~{5K2!_5Bar
z{~2n5N-F=i$-g>058kjG4pFSHq_Z=V1Aef&2G`9D+e|Cx{f
zO7eek69515@!vuIOGvNx|180O?V)n{ze@h6GykkQ2Ch_ksr)lm4&MJ~3I2cT<9`SF
zSKaf35BGnmnjn+v&zQ%JteFY;{#&5*Qv3xJewUEU0>S^jhs*hYmi!+_di%wSBe2*<-$VLj{hvijFO^@H5dT~u{^x!Ck9opG
zJk179-+ceI`}prA|JeSVC-^^fyj*^#k^f}v-#De0@}GX4*?;K&0>OW!kN+j)KUw=%
z=How){A2yOQ1HLj$Nz2Qe{quX|C*2gVj=%Ug8!fU`0peC1xfsO`}l7n|5mS$pNjAK+MhI~m-c_NkpHmYe}RwxdF20+gxn79zhB_vzfKtss;a7`uHy)|HcHO{|!R^k33q=|5wO=viXzS
zee@6b=v4>_pPfGX4Wyr(U~OVW^r_NI`ER29{U$M$Z4Q$iGTH;iHmB
z_!KL>2>_K2=O1T2B>2Bw;N%y_;2^o&rVVQA0K@&>C2Mj{}ZK`
z^50DP$Mfe`g#1?@FXw+#it)eiqyH)CYgqictnu?prI+IGq4=X@toPp?Lj3cxQ(7x`Di!-S7YBH@#Df*k)g(uWeP2iN~&
zlwOLzm*Nlpf9$;td=y3UK0Xt&5Hdg_AVgFMD)OR2KzRoZ%IYehQH-LZyaquL5E9>!
zV2Eao(fER*f^xnfDk>^sM8E(F_;$v3e7i&MJQL$-e9tM$|EcbpnV#Mr7Ciml-T(93
zPd3#vUDZ!jb#--5&+IPClm0gt^uIL(|A;4~-~mbSZw$fDoG<;S&L1}#@M}ZxPhCJx{-4G8%N6{E2K<*p@K1eG3MT9S%^~<%
zS4sb?_TOf}&ppI!|9y;~Z2fXii2Q1n-$xs8P$BSI0(q1F#!CCq~OI#@ZSx=pS3{Zk5};TGT=`?
z%xr(h)lv}CL*S+R|6ItM?5|;bb^I
z<70RPUON6SA^29Q^uKEVeFpraL+}?f{;^5oe<Cj8>76YXDaz`rsCKc!0I_X&7Ear}J|B7X$SXC#q75fhxL|A({uz$Eg=L*8Wn
zB7^-a4EC=H!Jo_c$@1su-e&zPSw30(o(Or9{wodoKW5N>NeKQL#-E!jJq
z;-}RBv;PLLe6si%9U>oN`DF2PBIHf}A7HTmHG}>4gy3Jr_{rj@F+~0rmQNNx--hU)
zXVCu*gZ};DAXEHq4AEbY-)lqU-(vY>`Lh)ACjU=m{V(CsL-WVm2L0a)!JoZe3U&^R
zzQp`7V367Vn^|7(Ki&R#i2O2^PiFrD$eZlnZm|D7gZ=M>;17RJ8m{Y)CIYWPgU$Az
z#_~f0+>%#4)fe(6{l{FJxc>Rjp#PE({9715+5EpK1i#FH{}%)Pdm;FLXM9W#ftTL@
zZ-wAj8Su9o@b@2L_J45d5akOTmsw>@N<%j~Vdm4fyYc;2*^JdiOV|G>$ftrMSF0Frh@S?7|K5PSY5Xi<
zd_Di^@$+g3ex(8b8w396VP^a<8DEcI%}nb=$eZl1HpI_&2K>82@UvckQ}JpeiT7W}
z|2#zgP?k>?|5J`O+kXPfFZYmTLC2o}d6WIy*nU@@#&08pWmfU;|EC{g#{Y)#_5RoK
zBak=Y7vGSWzkV{{Umk*g^k!*qGW?4|@K+k}cNp+L55d2Q@h{T+Z)?Y&hTv~!e0BZ!
zs{w!VaI^o@wn(6{8lH|n4)P}dkExXYAJ6jC|MVqkdjD?R6ms9FE3c2mAH
zKL!SJvA%x1mhm5ijQY~?kAb`iKgRguS)S}~
zWx)R~1pn~YBtgk}wm(v%^;Du`OBK%AP{uRfY?Z2AwKWBND==NU>d6WGO
zjK7=(3BR=g|KJnM__J!Hpq_tp`#VG4guiH!v|r61Z4LO3hTvb%_-D9=Gu7>XFa&=k
z}9jxgI_%lNI5;I9gi|AFOuB$0m%@+SXnH~4QKgZ|%!;Ag)sf%WSrz5kBG
z05^@lKD#M@Ux@th-IV__ME*3EpO?gcb&xmtuaW(y&i@?^{#!N5Z2voqpX~aj-HB%T
zPg%Z?roZn0y&!MWf7b1ZEZ
zb^Mm6nDw8@^7{3=E}sT@lm1z(e-2wu^Jg!E{uLqkD;OW$6L{(VFAKqs8Sr}>@M}Zx
zcQ8I(bE_}y(E3{l{v~ez0h3;2|KSGw`J>JLZ+J(_CCi`Bhsf__`9884@4w!E&q3bQ
zf0auTA&qE_}dKlLk;-*V1t+XM8AI6!uYMd$dLuT|7L{9zsK^)^2apD
zoBF?j^;h#pu0j9TL-5;ellmshAFqVqXWu2`U&TM#fS+-i*?&_QKiT}14tbOPc?SI9
z2K@XG{Kbr~$G_fx&xOdZVEG@lgr^-^YeMudX8qOsAIBN=AAGvmfA@YM`!8AiT^}O<
z6w4=zzc}Pg{$KQ`#Qs0Qp#N7P_}?%-t$Ea!?!V7N@V7F)>OcCfc&U}YewsGM?7w~f
zx_kaxA0mG!%VT>a@Y3~v2J$BVZND#Z{y52?e{Bfop3N|E>zZ>!<|INBz`p=ao{ZBRM|78gNPmGVtyTD8D
zzq%0o@yin9|1<;sp=X-?ckIU!7U?zc((_MO$eZl1G~kah;I9b5U(ERZ1L%qI^FRoG
zHREToJo*1j1Ab!&{+o;s_Xb|N{ojV*Z!_3G)_@;9%k2L{KasF{{?z+_S&00RERW$8
zcf8z}LJGenWZR+cfTNyvu`mrhGP560?ulC;r1OB)W{A$KO
zMl)FV-q+MI>D^}qb%Q1Hsk%*%&`VQ-lYHb
zhh+S!{Wr&;|MMaEuk5D&LnfN_|717y?+pWgr7CYkl`
z$ntvr(fwZ$BA>(Z`uNx7%OG#EKl9_JcIt17KHe(RtmK
ze>eoc-{%rGH-Mh#|79Wg#f-1!|8fKVHzD{JG5!)QVd(b%GX#GT3IqP7Q_cQw
z`-L<-mc;%-$eaA1^;n|+Z!q9*48b4E_{sdgE(AZu_^SVJG~lP=1|7Lrzy4Uv_{r7}
zCxpm9!Sc!GzZ*j2Ygqm-N&J5;BM
zuay0-`u{cq{+~ne-)4N>f7)=cUJSusWWc}OfZz9gv;E&PelN{_9sjft`2)U`g2!s|
z`uIH=@+SYSWc_0-PyM&pp#R1Y{HctO^bmOI`mYPYZ)E)OEKT@#8SrzaoBj71<0o7H
z90GZh{bL?ajGv_j{1qYisb5LOM+U4<%-;`$;Ll=w)&KVx@DIAcY=0i(cTR$TUx@r{
zmUrh*w;4Tt?uNX{e^so%D^LA*zd`?&GtBx=WWi+qOM|=#fB6%#|8iJy!hgVke_jaw
zql`b?HJqs)zXc)q+YI>hES%KJ-#<^CX}13x#@DYubpJ01kx%_vDm*5M{_`Mj@?YAM
zQd2elRv7e8n`PF2EaUe`g5L!4Cj30cSM&Fy2K>uI@ULe4Wb?;GA^1}b_$v+guY}+~
z!uZMd&$fi%7c+hi`;X%H2?KtI3(fxjd^hdi8}cUquQb@d%78yL1b?q@q~iMik3N2?
zLgWu(`Qcjp=<)w#i2hp*{(IV>f1BB6|4n85Wcl-=5cz9az9EVJ7ee0T|3=o|m8bq+
zW6*zN2>xZ?O5kMqb6p62?W)B5xz>Q6GRN${&5W=2pWgq!gy3gAm59IIfWIIFKm9vt
zf3o{8^B`~Xe~j_f{8MefeHGnClm9ANe|7$N!JvPA2!87KQt@Q-$3H^ww;B3xivfRFk=cJe89&+jc?jf9_BR;t
zUo_yK7lL2N_{qj^K?r`@YB_#X|G#X&-x`8n&G-i=iJwg&_<4-4&R?$@@FN$Q{r?Zf
zACLt9$PoFCKS;q|n!KKW#)Zg_V)>p)ssD@Fel>r*Zm@qv2>#`a-!BRN10nc}
z4ES#v@b|yi?El9ZUyncCe_4<>*}u}z|8E=cOG5B}Vf?;H?7uPuf4jl{cMbSoh2Z!3
zQ34;R;p^*<&qMGV4fyXF@CRRF_J2O(x6|--|IZ4MKcD5tB#}QK@}~aFd^$0Id}z@B
znGpOy8dl0HQWC-%Xdnme=EqF^dH0eXR$o3pZ;ple?kcUcOm-g{r^dbeA7k=
zoNWI3C`A8R2K_%V=zscUX8+|dexD@%I|cG4|CJf=|8Bs4B?NyW<4@M`b^mP%!C%Vw
z>iqE!1ODvG&Gv6*{AALj3N!vUEPqZC`!9#Q$^SKMzdC<^Zm_@kTr+;&
zza;Rr8ooaMQXy}`&#IE+zmnx?{Cr`+za#|zea25V{u@H%zhL=f^KX5K{>xeaEJgpX
z4EmpQrP+TSev*Pillbop$ea9E&G>5ker>@2Fa-Z}#!u$IKJ(1_pU3iU{J3W5MHT|A#~HpJ4o1E-+I){+5N{XFnt3Z#>IU{QY3SKfTy&{{cTsLAU?8nS|$m
z)`rLrV)96W@M{@g%|A^H_(znO`|k(FPqu$r7$U#_
zFVbDYS4dE2>uAh@0X~!TuHo{AQ(Q`%`|Ej&Gy+KSet}GemxGmdEYo
zz)K&0`H+WN3I3~O{nh-LVbK4s5d13{U(X-9{@;ekSF(IwK>Nh|e_w{^zs;b3YlHr|
zSDXF6o$-_1e;o{YlmD{U%JDaz^{4#X)_{L)2!3p*6zrJ9{;eVMQ&>J({B8=-znJw`
z=a2RV{j;wz`|nQ1Z>8z4$KORE@(;3nha~c!hR8q9@&{`2di-sNys7^d8SLNJVE^f5
zX8UUyziSfwQy_1`UunSK-+=#O2!5t`D#o$~CBc6_1b-{ztNF8&0e@25Z2t+2-&X5z
z?a(?0@+SKm8Gjq=PvfVv0Y4oVXw;_u{LeYIL>i;nuj5A`Z^ExxmnI}t`wukWj|{x=$zeK_BZor>eZtnk28DF1&^#1=eM81*bdnD0+JLI8O!u*;2oa{d}e;#VkzteSQ
z{SRm&HGMe=eh0{#@CPuyI(~W@@LvtV|0m<0rQz%T+ZuwOSuO1!&+;^Wa}4-LR+#ON
zrAnkjli&}8yvhDqjIa8?j{$#42!0{sAEe>yy|4}!X{Wpu{
zk98f#RF{uI-sHcm4KjXJ{|z?izc>VcHRGSF;p_c(TL}Jm#vjk})PF+___ZPU9h*v|
zWb4Onm1h49Vfke1#{(g6@?SOUua3W5gZ|fq;9nS`zwW=QLh!d4@Q*g&zZQaD$@s4R
zZa3=jv-gc=|1D>EJ$`ll^Frj;uza%puMvisth@+SXv+mtx|M;P>Pb+cLj7=Ll1
zKK}Ine>g;b3d?ub^w;H=LEfbQEY{zRU&_v_=9gX`+qItCyW1nkVmr#>*q@t-|c_0
z{|p0uX$b!NjPJ_3ZqWPx)e!k_SUy?)Nx#i(e`>n)bh7zB0(q1Dl?MCIHrRh>2>$tu
z-`h2usowv$hTtzZ;Eyxlw^?Mie=*}HyMAZ|d6WIsj6a_Brv9H`z%K~F|B>;NT|bNu
z!Owm{j=wAgf06zUSl%Ui{CyZAA7lBwT|uV0{64pv{eL#g$257p|Jy$@1SI$fMZ=|5q`-8h;lU@JmDRw=;gS{PjVI{5LFriRM4O
z|K17FzlQb4@>;woer6f;pM0m;f9JK7J(Vo}H-*U0WBEKyf4%?LL*C^7@mmu6e~v-_
zHjB;rzsC5<=HFJ3H{ma5e0BaWGT@I1!Eez@TAB=hbO`=71OCMZ{C7j}k7szPg^xxtT`PW!JS^j=6ME+xz@2mM=AAfH_-sJx=
z2K%ou*q^=B?EiL|5~*Dh{D~p*hqC;nB=ToN-lYF5gZ|eV^nZ`>n`nVq$@twgd>Iw~
z$+trA%NTz=v(osx&Vb+SPtt!ne${T`r$F9hf2{%kdINrc#@FwkZD;($d{ae9bCcC4
z1V8qY^pu+aDh>E&h2Xc^%NBUOlHi{ff`5qt|0V4p7p2x
zzr}$6IOFU7pUU{j{J$auKkem2|KDoBe>VjG*4^~~8zJ}u4ET!-_`fi|?*FZf@6O+D
z80h1#F$8}q
L-(kQ%;2t^tQnbL{&iHLzV5XVc@o_A#>)*JW`X3E>sFg7Ptu*Mr
z#GwC-5dAY-+d@-4|LXcL4AH+E%O~@HWr+Tb2K|>B^sfrhKbP_K`A^sX1IV|6rA@Sc
z8N>2=ytv0MeaF>blh1uca=7->_`TPl{}-&kCT@*q{Kt35esJr9N0#+j2>uwxAAe4Y
z5GDNk4fu^A_-nd$Yf~ZT#<|;wetf*Ee-Or6`M%U&
zjsM3C`d=2J|02de#06&R>h01Jme<&GPr^k4>@t7H#Xu1pNp*ZHMpmT%k;^b$7~L;t8D}a7-=y$g~mkUtIo)
z>Ca4eF#Uz;ub?}*OpTB#)D|^NkH1iv9)qA;`BbJ`vUFRK%5-~)ZV^zKwwh_XleWxg
z+XsIZUB1&L7%ih|DS$tVrUasG@Q(RKOnZUmaJe^VA1)sbdIXpIg7)Kb
ze^C0aPyAT}nGRw)7<34ihk_o-<)c7zxjc;N(M*p49nR$_=&@Wrj%f_^crKp+I)ck1
zK}T`7uXM&!^<*}e=bNL+5aamnpx1D@3^dN=YeCDod>zvYrq_es
zz~xHN8@YTF=*?Wd1#}^oZ)JKL(?y`SbNLRYcY-eF@)D+Zf!@vKrJ#S}@;#vUa``^c
z`?trcgFeXRhd>|Z@(R#Lxcn&7$C$2U`Z(wlTz-=2D$u96yc+arE>|&q26PRV
zpJlohbRC!1gFeUQYS0Z_-Uzyh%g=+pz~#-LTe!TH>5EKXV)`=ZD_njR^v_&=jcElFWzv6NO)2~6l;qtej-*NeS&>y(`BhyCEe{uOI(4V=y
z1N0Xz{|dU3%QT_e^hPeE>q=UiQ8^Vf!ezSNr*qAirhzu+ayqEPKv=?U=R)&EoPtOgk{$7j!=^?+@CM%bh^8x!jrQ0Zb2MdJt$AE+5Ra
zD`+<^cL(jk;mJ-OVAX%1*_F82XFoXbam_T_Rv(EeN=06LJ%gP0CxIs|km
zmyZNJip#m6!?=7j=rLR#4jSe1v7pCsIR<(>mrr0ig6T-mQCvO|^dv6lfu79eQ$R;^
z`BbL)pr>*9bkH$eK7;9*OwVFE7W8Z`)1@HA%s9~TT%G_rk;{{qP6jRD@)Xc>xjYqg
z8kf%lJ)g_dK`+322HrFI+$_)wxjY+m4wnl-i@1Cd=*3*Vgz2TAmvQ-WrdNQ@~j^epHtSejMf2VoP
zD8X9wkt+PR&fY{UvH0A^SiGnqRvyLMidE$86vcQZpV^F`E-fF`7+dq|EAkbKZ;k!<
zNo>RCO=9ty*oN&XF}o&aSI4?5SFZkVA`_QE{`?GgcC9wCg{D#J3q8e-b8@e32&1lDrG53l9>Y
z6?t|no=@T#>#O5iYTy5L=T1~^Q=Rgn+DbNBsf`!?y*&T#XrPwtBqhm!!O_~nBk82q
z+I6C}B8N{ds4fb48$f*A0vgxa^;M!1e7w=Ik}t*pa5;Ko>Eu{>YL{;4Bmma-u8vhi
zt79eA`{1Z5Rvw|=iw%q}E$ZbSkZBdDi*Js_->p3esz8mZSV=7`CXr~>X6vx}82r1`
zy0j;bm&ShF7K?9GgueR4EYwDDSLCDdcVh6`7Qu%@(rMtvIh|q^ElHs@<4LOuahoMp
zAujf6={)$JCOJ_q9|gJmr_m(L{IhpDz!I&U96MZEU)ZI-BlT)5zA4a59Jy{2176Z<1l;4r$!yJIDzJ(f|A-yHKYA0Uh`HRrAYuvbr
zZxN%yRdMN*SjLQMafI=62=dTUgb%o*)l{=#eKvIqgea{Ews>?^-8vk6laU!+IwhlL
zbm?U+{Bq$D#d8;1h0S9XVhq(c<3g-rR5eBeH}{&a1DdP9a7xBk)l)KhMVDUmTg3b9
zIb_M)Ro126xVn*SOdMC`(N!_{F26cv(=dkqVtBsr6C$`G`lLHR!11IoFJZ{}EC?4r
zJ_19|=P?htsmhRZgNS;4yV~1`OA(RfqqeW1U6%EDTcZCwC6Q8n4NMVAG1Uz*wJqLI
z7JW-?U8cv++@^}>zGdv-{Lc_QNE=9yugUPLh`CAaC8B*aeG~mr_e^
zY`C1I)kXWeRXF#L#+^G$8f<_5k+c7T>Wl?J
ziQ!d;hgW4$mFf`q{EqKw{gkobBVoJVvoZwaa=`7NpxJuh#y34joBuM8W1Rj~j#HdQ
zuqU407}Q6se85L8$rHh`P^h5HTonst1xJk-&=a;NPB#nYz9za5US$P9YwlIA`EVamM;`3+&!Bxx`KHp;35$)ayIeigDi4pd8r_SMP0@M+P2_x{}(gDw(wL;o1igc
zmZ_ut+>k2TnhvR&9$s~FcvU~Dl1}1rwWYS~E1D6CTKVS_FN6Q1^96M&Yx~E}7aov#
zzMyKmZqe^OU#Npe$;SS?5SGUCDB=zCNYVzw1jB%G6d*-IO1J(3T%Ru}%c}DQZCUa9
ziuPjSnb`cPBqMqEClj+tBbr2&yYCQf6kns@o_H|{f1q{IQb~21D@@0mbGuoUYAcM0
z^R}iYlTvvpopr4$X>68p&Ci%(c4I+{@h#d-G^DOxF51ko==`HQ^JrgUfN0^oM!vu
zQQDDOsvMg|3qyT?{$AvYW8+deip4je?dtgZd{O*3uApMOH5QmFV|8vfT*)VHV3jYF
zy}1!t${$R$yXHoz??6*`KrPP&bsH#2EAcTm#Le|~W!;OY^X3?*nazo=HZ6jFN_
zmkP4;F{Tak(ER5qmtq3i^&FFQ&OqMJc98&tyB*cJ>hYG`@h6a{QMDy^GBS-QZqA(=
zoN46dFXpzujFO!&qeL4>6s^&OlbcX&m~eLQlxWWchiNHW*yWFMI#g!K-#jlpj%UDj
zXI@eVu1M2}$l&51X`tGTZADLYDo`4!yIStEsVUJgoh5Cv?#SP%9s1^4Z%A{-3h189
zx;pyp9iGC;-!TW(jKLH*}5H
zNL~HzOo+*qyH7MDXPJaqs*disLRB~+VIES#1S$D6aCsRNK9O$v4F-CR)X@_azk91O
z*G4aRmU`V1M;BEn-4w^Vr5v-SVG6+vCnpy%?I;6@);iu)s@|ADI)gRI!qZicQl;iR
zGoI25JnMTAA_pq`=}m~}C(PPnQq=UWKU_gxudZm!{B>_CbEIqU?;Qc?46k!4>*zr%
z!(5tdPBV!7rzU4rRi&4_>35G+RU7oiP5mrGJ7&&fO`N?=C;h!uf0V0jdi|vMc6V13
z?)_3M8jC6uF4Fw*gqx9cXRv5A;^IMXkX7VAh~sK~w1|;L>rj8)7nmpf7U~WVa|(^~
z0DoEZq2jp@;W~z%7W{o7B@$;KLZu5y9!0oURTh1COLPS#jPm>y;H^}Q5RWs6d-ker
z#d9CF3VW1C!Hv;f5?lqxarqIjtiDrFfrREtqAP4PHaNN}$y6CoTXeIZYdpZZ3DiNF8_V-o#Rk?Cdi&<|_@Nsk>eCrg
zOi#93qAP{_qbuQqIVY9OU1=4zclCFhVO7ebD|g{_vF7z+uq3+Du75D3p*nm6MY0U%
z8Lf=7B;)mW5`of*TT~^_(;aa2x**59lOgUg$nc0qzbnuGE?#3-<6eDvbX$4u_<&c-JzPmFlZE2IgoF3hYmJdGlR#X)4cjp
z?-?X{4;b(z^eECz8LLsEd&C(F#Qhc03EL6n(eH34)1N*`S6owIXna>vZQIrH=oed}
z4Kh#~NZpIe^BcevP*fPKq#+Ea)XmY)?A>6cOBY&az(LxGmTtA9Ux*tt^I0)VxTFOg
zk%yySToHH#3+9rc%Jm5DJjuO6`2ZXq4a=Ph{lrsdyvc@LJ8$_=PeTA(kK!^%tqAM{
z^20e`twqOXyPYHN!Jnv~Mr*j%c3HiFf=%kO=+5G~JF^Q1;D37I-Y(PnbU55?RGh5H
z%XKRiKjY$j7nUjwgcwAliuO}!b{d1AUarqf718IER+g9NPL54#K-zjv=Bd}$WCs;p
z4pVbwo##<4rFjijl0p84@Sys`lMHfCQppSQ_Hp8KVOg+7-WgObz{Mm{3nK<@oa-gc
zeZ}hEaI+EpRWZi(damz={MzzU;D$G1-D^bL$XnRBL;QS}nkSOY_~Ho}w^cbXOAGxZ
zuV-sG3&Yf#iK=OnaSaVi<=G4AY56Rm#~Y6>g>02_yb>LVH_rRXhSI{5)S9v!l{Zm1
z?`Qi%MB^EfUUZs2
zi<+l5G+XWR)ps(4mJ&r;DDu4tnfTQ)G8It;MT{%BfL%y1=Lq|$m!!eo<+o5wY+M9y
zyOJ4{c7)zxqsKEHR#&b^=z6ZC9$ZVuyKo0-BV~MTb_3SjV*SYmrzTr38$|Z7AGCbl
z5Ew_89ecn54O(XuQD$w>+~q#2E9XfikJ8A^68R%uv>k%AZWxL3mfS3OncN&m{dBw~
zH7sHPkt@Sn_Az~b%miJ572*ngVT!}jZiTgDmE%RgpC-f
zn6UD)0EAi21)?J{N9mW^%=A(Uw1FsPOEl-rPO_EUsWr7F+if|q(KrMPCm|Olya8jI
zvGUw3ZFMP{WxrxVb8Y<1JBd&Jr*;y{ey1J4+~294#(#S!arN)GllZ`g?j?_Yqe#uw
zb;tZ6JBk0KY2MxBk`bJEYc1*4RoybtOxR8$eO3duERFpKb`t6HSittSNH7JL3BPLN
zKBy{$a6~&*HR`3HNzZFD7y1Qd2wiePisH-9@f@{r~MH
zx)YwVFjMA!L#?`)Q2J?`+hqok-EYtvDF1ISk(M)iu$L%q^@w{0fvqcVFOfcFi=pK2
z$^6^fmslVyaywluV_EVW_Yn`4yN+npU+^FS2psQB{Yi9!HVm{yP(T^6)N&U=Raz6W
z0a}awf@Rhpvge2oh`~F?M5Jp|w~eyU9(46-)Rl_!^&Q8j#Dr(Mcs6Mi+;POSzuu0c
zNqaJCOjbEARfD~vTy%@AMp>WO!vE}6qr3ja8b1eXe55-(Grh~5#@xV8BTsPu>0QR{
z@+xT?c13BoL>Xw)#+V4*Xe``~-NQZHXcQltgFn3y?j{v?mvI67EOiqXY3g2M
z?r+>{#MKkDqzlkSd4cAE^Hw88uDEjZDwJy=?`l_w=Vk?W21Uk_S9kuh#U!oleQK$!
z(RG1TFhLhOEiWc1ftlJS&E(ZCYhtov*r{|?ohh!W^$XrOJwHVk(=kt%ft&o#oPHmg
zV{nx{CYxn(H7r;4$H$-7n>)Vy^CRQimApZlb(v=k8yoyA=~QTk%x>P@K`>h`1n<^e
z%*k<=69g@Ge*dkyjdE;>45=<^{pX(fgEhhJygz=cZeREwT8S`Pge`q^ix&>6qIGR}
z=gyBUR9Cwm{&zO)ygM}%aR{loRp`@|`p!1)Xla{7g(IMQ73uDN5&7ZCCkj)AlZpsUNb(%VK5G?Cz(>
z)Mv4ScToPI9k&4@H(aa@QlPR*
z4oCF9ckxIy8LKO|p@ug6L?LkQ7xi5JwvtcmiWUpOZFy2ZH-E|JDbLS}SAK}pD5GF*!iJ?}0&=jjn9eb|%qP@_}~G
zJl`ppV5Fn4igq1Eb4j;^eL`{T5l#C!MNCh{5DdmJFw8&dyE4^xPPmzftsZ
z5IVLcHx1AhRaySdCCzs8zo^8yJ$^dBayR!bdH=zUN_|JI?#16}3z5EtJQmzH`%Mo=
z4wUWCBU!`Cmr@|3RXWO8EqbrIHU%rCjMW(FfsZUuejFbEB>opSUghPBZZEO99Cfe$
zj+>U>Y;mucb_sdrAF^qgO05R{@mn@6*U<`!wIu&c!
zKj87lb`rbHMM3BOPiKAq=cF@7%K}C^h+(-P8x0M`c+JjU(=ihoN
zQrXK)OH8el?9?`2+wrM5fgDI;B3xcr~i`jctkQQB>8AndU+YJ=Wj_^;oX
zqzP`1uA*H3{83LiZWH-3x~M#NR!L(DJs6en#3S;U_P`K70ZHG#hcWd>?pi8~so%bH
zsXPIRrJ29pj3?|~o`dz~BA#Bg#nB?SCnSr$`bu~ZQf0$VrsV%49-wqLGYy%jij+{&
zV%-aSxS1)wfrHvm`a$2&d`-;bVH=u>T8Y-YwY0oVE+3+#bRN9*wk7bu<;cMHr_L*E
zEgzHSKX@7JZ12KQY=PpD*ga81HlCp0|LlgTcg2ruj~rZkAP*cje{d
ze|p!HF2K=0+pwjUX?ix(yOOcxC=A^`y}+=2DoxzOO;fA@#M7C<0F+I+`=;fjva6bV
zxvTD;;;Za_!;_lg%0OMQk~~^wj8hc
z&M|qN7qYpED`GFr8e5GQHBb}gRNLr+xhR^RQc`AAH??`_$J-I31*&kE)S@)(ZG|pJTr^jot&)SV;z2^LVR6aUbiSLE!dcYX9VS(?(NZ<_Ay1U9G?WQP{*Jmm{vP<0EYK^w%+~$?m
z{AWBVCA#pQSvW;z(GF@_z=iHfSERnb+sDl9Rd}B!Qvm|oru4YDo45Jqn8~xs=ca_G
zS=rDz!Zn6`nQgXS?oZZ;%5~ka372qpq?FE*_3n(|wi?G%Ql+_6sic?kU9%^CyF+N}
za;hpT?Mn!|Xx8QHx0`(ZcZ)AxIsklIN{8UT80QsoFEY4}M`mi_^VFXOhX@P9xZq|B
zPmEQR9zjaDj;vTH4k>*E1%v4-M5s7HD8N{}jvQ#=wli%|1lzAa*y};*McC8Ez!$3U
zQmsLav3MPIiY40ASxeTDgZH{9eT(okeN(6=9ovOp0wzAU9m4WZhoON8&qP
zN7AHRF{-$HA@w4gS}t%;KTWLU_--9;0S8?TIj?izHLtAgM|1SMiz;kbkD__7h4?P#
zj0Np5iPg2hKQ}R`)2f#gg27Pt5Nz@I17_CU5L#6~(JWHmm(F8-ww_$%-kls7|C>7Z
zRJ-=6Cp`zKCp}LnCj%}~&&$l<`-Yt;`>CR!Az`~{4A$idA3GA?W6O=GA3<_IcoYn1
zc}F0+T+K*|)6vQPCx-%M{utB$YfW7!dV%rB`7OAL$yhLihD@KNLq_RFe;)OQfU+ehi>w!mKb3<_s88|unqHg@E^bQJ5vPSO_mj2wDn>dHE0-i*
zI);vv&uh8m9^yOIMNY@Y1+CXBgQF3LZc>oBV@qisL6Mr}q8J-2Dl$r*73UUGwcbu#
z-YHQPh?mBMhVsUVsPUsYE^~FoLcx=;Zo$Mi9OyJ939a3GW8T%ixMY?smrL7~MUQez
zvP4*5*Yy^vFsHN^SF^X!7u)*|P_=j6EO`;t>ReKIeErdWczX>f>DK??oY!Hlm$$hN
zmk~1md5Q?_K7FQlpPts>)NjGP6>Ysd0PI^6!U#`FXbF@akDl@kWgkTzva(dA
z3H+8eg0cKR+k#jWxua!It|j}juL`1@FmX}>Vg-)fI@cw%JC;p#JB9k^Qm-UGgUO{ClL1xI}9Qv
z8#70ir(l&TzWuVif?(xGaEI-zL4!gmuJw~erPsC_@&V0)y;hi8KhWzCR!NE}Lq8y|
z>>o&}fO3%|2ny%o&3QT{K~OQNgJ*M~ida
z_FQqk<$1v3h>j~tpkv1rPag4uhjPrgv7OP8KqCZB7a
zIN?NVM$z=?)?vrbm@;j~w8BfR!+IASG7vAzJL8^6YWL)sMH8nN9GX3G=FI7bW*5zv
zGws|N1(UO_ltq6l?4Z
zYwT=mY@s!_Nca99dpv38j5&qblcr9X-GloTojhaK#M$R}Q>qTl4jjyxc3HtV7}#x2
z_7zuTcb?Hb`{0AKCrp}DFsty7)i$y9bZbzyH7N1Ce&+JI*5y_1i|&*jsWKh%*Oww?
zIjvjw?4d)msbrm%Z5^6zWiw1TPSK2MGbSVYyU7uS!0IMX$bsj!+npkfE2wuYG%qdK
z_5TF>&}_kk3--iH0g$8}%?kXcm@q16gKxrw!f7*SxTfve0IpT=k1m=vy-;@6o*T0}
z?I^}bGlaU6!3$O~r-8#VHnnHS6g!^CORDb*kk&N>mhGzUJgh9Oa%ICBOPhkU6Z*%uUH>`pAm
z?h3B1*)wNncO}-YR&(p3f=PulXAc@QyI@Yi?28J#<8hB*M7_V4*
z(`%lKCl9}x=Pn$SwQhsIoN&)#FIg;+^lz8mBAUaxxY3=GuzZ_qr^(bV){fHx$BY(;&agWyvjW<gTHseb1^KVl!PTh(V;&-+1yIUJFZmPyT*^JfIxX4{tjS++|ymx-J
zBTG}PXHvjLhZT0@G27Z|^Wg(cA}=)-TN>CF$0)Y29(^k>)I#-~U4T&DqG0Y1T(}
zdwc_JN@QVk>%kOUg}s&%d9u0nQ_5h=dZ|g|_2$;+P1@midQ&4`HMiEM((mW~7+GiE
zlWx7(EK-qfU7L0W%9YLOM{%LkLc2eVyxNZZB^|%j8+kDuPC)w&c4P;*Qc$c)iQM5>
z+X(8Xlt`6h-QT1?e#f;*QQQ)(pM!g@M2@||P-EfuiWMj{WiuvSH~E$gbLk@s6z
zi<(AWXkl$@8d=cN`m$-{s}|P6W^=Z+v~Ev}+}_f94z9t$g7nCymew8Vkw;rvKc>??
z4QMvx5GZzf|eB=h394DI0%o$-p`eFOlCe~xzxgB#lTh^q=$`tFe$ek(p4dNk|
z^|c-ObBc9K$`~Ql{LIKqYY{i$`D?rI*UP@Ye)ave*!R~O-(TB=zsiNbe(?SEpzp5_
zg}=54e_bv7^|kQV`@&y$lD{6bad35dcq@gd@K;vzDaLZ^DGzKwj%zBvkk
z^96kKcoQ0A!u(E0Va0e^WJwBsUps=Y)Of;%ufDe<&!$+b*+VS{N6xoKL{705aP*8A
z+5tZ!-eDWkg{
z2}O&ji1q{>)*d-=HVUP7`_GzKtH`D;cKgy){5Ug;@s#%Wrc$=Btd~>TZ%CzVVObST
z+W$2bneN6?pxfEV0Z{8cSTKuuOT3wt=yX#e&6u
z%0*ewKxw5NtV-0+dL@3n{BEiwe#RJI-KZ=;)b(A`{w}8#w^X}3{R~HJLt}*Y^u#%7
zQK&g;ACo<}o$LQJulQw4m{mcK9jg9pz-AZyqNTj?TPPoZO7Kl$TVnN`w#V)HPpsfG
zk}%7EYNed6FSffLqK+H53F|Ta8^hdd71VoQ;xByWFZo1YN-u_75BVtm3RjEb9JI16
z!Gn0B)r$mplAdt&kKtWJa|PL?cz9Rd-9vBOV)O<-w@DtOXGb@D62UKpnYHOKIFZ9WB3Tk!-zLLku=E`G?{9dl%PH*zsQWWA61b
zJ$)+pyfYY`;yG>T_nyzE_0U(k*i{0
zsDe?6-v@AZ6;xR1hoS%YXq;|6;3q39=us_nF8z?SxSOfQVGX(o5u-c`!~+@OLLa90
z{cTtW1bUppMcHdmE%5vyQjFZ}NLKGof@)^nb?y%Bb3GyKS;z0v14=Kt>j^PzC?FbW
zAmZ~Hw_uCG&4QjMyirF3%Zm(cfXI9)hBogIQPk4lN6Yxe?CvQ0Ns^zFcSj&tXrGIp
z8Y3aODd;AGJ+TWmDK_v3P|lbac^LX8%P7{h^>Ma{e|L#kGPgl~r90&v*g6U>@?tg+
zH@?r|Z1OoE=@<8W+f2Ida%OaY
zX@=UvhTRz4!_=F&29dp8i}6NND>?|u9D?ajEL|xJ%x$y^`-mzx7~?b#fm6(e+m-H=
zr)gHpOH-oX8z)M}aC4kC=EQh2tfJK@aB~+$n20Xp_Zqq1sOvh4J60MRN1DXfdn8OM
zqiSRZWnZ`km(Qi8(Gc^}2n|!jC$6!7!+b=&Ie@~C(x1rp`0^2W6-hlY?*-BY&CuwQ
zBI4faI+yyR{wVT*az?g=NkZv3vFMU~o8)THf4B{Ehx+UTn~Sjt_s0nnq2M}-A_D_l
z^s_q1-A*9;roz7EkX{PuMQRV!_9o?*^K<=y&j(<5$T~3uw+c22)Hoj6ArTKBlV{@h
zih~VCgRLCD3gl-ooZgPph*tW>9r{?Oo0sJ}ORULgfr&L45x{sh#kNGND08^0)eB|4
z+WWeY8Z%SRbl;QdU|9@#0souxWqH4L;ota%Y>7>23*j5B>t
zjq*J-?CX-bRaVh~VBKbF#hbyz0#`GFf&l91MpQ#__4KaBiX1z^?`%i7%fTWR5o9b5
zf5W^MvW5y@rHyw7nmWkjP68fICsRFl$hP4ReK5R?LOpqRWqu!&rAz&?9;DxHIBFz^k6#4$0d3ew(A!6!MU#c=C`S
zhvjal9D0Znw6+Q2&ApU$y1^N>Vv-X^olSWQ9&lAt*H+uy(;2I&w`$8UnT1_%DKnbB
zmeE%(fn#;nEt$LB65so!=tCI@>iP}{Xp0Dv2}NUpucO=RAJsKMTM)?2^w)UqJhK%Z
zsaC^7=3tz59YYt)%Hd`JQ^(>IE^+bmqAs7vunHrbTY;Qcf%Co<`0UrgvGTJie|t`r
zp@*>Yx&Rmd_+f7!wLVqwn=fkuQ&aMh7B*MI+47NL%xS9A8_c2Q&Swa$Ol5q-|LhMX
zF5odVnwexhq^yJ7HkCG%+VC~7yb5Wc(V9UE=#q_Tv=>1S76u|>*X_HtqBUqPwD4RK
zv?ANHT`UB6c`qcqv8_r#_rNGf-d`qbbAXz#KChCGTI_6sAwXkWi7#BcnRfP&XLgx2
zgl(|JA2q?=mg}4~vPiT;f$O&i=^tou$
z=y$D2VThLzhvm!9Xm=x5Lctob)>Ova@$nZhP;vS%&t=0vF|XmnJR{>@j*NdMj_UWP
zK|p-*zqsc{#%sM1KpRxU#tu7MS-Dfzi2)I50_)Uxe$^gip6;6{-IQbg!A1B@a)Xh+
zDbXKrXw^+dTGB!=i1{Osi|DG`hV4jHirx5%fbFwe>t`-X%tzFfv>FM_IlRr{W(Tr2
z3--b(`UOQ6Ahvr7Llv?QOBUQOkU!z0w$aUNgRffx!rD$jd<(*+1{|;rDH^vS{^G7m
z!gmaJHO|S3snB2%tf)-vF`RbYj>UIi86BK;1k|u(Rb0X(#I4S%auO!hHFJE4fpB5
zEv}B-2fBn-<+FLx_08@ho-Uxt8fTZnJ-#AgG&Jc-cHhEp05`VB}}G_ioX;Xu#U
zS+RHu&epnT<(jdP){N>iR&EU+!f?DxTZ$T9@wc!jFlRza12}xcT9XImQvV-J9
zYz6qEHT6#>ocR;<<_igLOoIuD**I!wp{RO<`W2%~yT|%l*MWil&4e0oa`=9+aJF=Y
zGEFDMnj3GPdAlD`?kY|}QWs)|YPD@+wHJDZS{NHJL;yVPMP~tP_5OsX0UD)7i9PEM6A>*ei*%elQJ0PkV9MOZIsPB0eNf*j
z3pKtHW=G?-e^9~{u)beeU-y2p60@#WN~kN|{`YFbb7Yv08@xaw4(b6fj!fp7U5Qnu
zy3TQJM^4|Zr_tPrC3za%>~EXk0^C(SJeTgaj{~>G6kANI4-vYXpUZVOaNssCne2Kg
zA{QX4+6jx0gs3va29HLs9YtTmn#=29^k*PG4c9%tTbSyBsN^>q>{wyYq~Z;BCDimF
zP$Vf)`co?&guKOl^eqC5%dw|K8J^V
zNH&^GYboEmkNRQgT?sLN&ao5b6v_`3o4F-lzg@8i)wsQZ>L+{27JQD@*s!m!|FLEx
zBO7kw?|Ht3~xKsJh#$7HSL?
z(rZLDnf)}X*AdGd?GM$YL6
zc0!$^lc@@;T_n#j$noh%uthkgZ9bBuJMnr!Sy
zVcnUMrw8inRqGf?x>+(zk_;n48Kz5y=^lg7SM-5wVV-2D@EAmi{&B>fGyJ=yK$hGk
zlKWYYTa@S@bB|9u{9cc{Omf$G+`XUXQSlMLyRfPKR6ZNX$YH%bP|Bt3{pXixvR
zU+$9iN1^TnyyYNyng*lnw?E1Haj3i0tM?iau2!S=e#w44Sno>n@0^6HGRz=tSn5zyPzj|Dv
zCny+I>~7537VUPzTY6v}b*ePx7-r~;%BaV13OW@NQ
zRI7hPsUL^B0u@AZ-T<)V3D&I-fFB)SAY&dU2m#aV*O%8egx`H*5t2J@q2Bn`rQP}5zwZvohrZ$eQuN2ND;94HwWF{-(
zXV{Hkc*A4zCN}0wS2(`_*N+~juviXcW$=+C@F#QCE^bFTn
z-EUhJ&V#_!%i~lcH*}c^Y=NaId5#-eU
z@rGm<{wM?MB9EO)>ZRE9j^xl3sZT~TKlq;m<7=Ln0HA-Y&jFHC0Mvo&JCBn9n5nPA
z)Cym<(-Cj!4WWhLl*1$@Iqf6BG05fORwgJ)or=0?ZoTh)HKkpwu$O@Ko)C6lnsF)>
z!L<;2#~`Q=jRzH(2JlB(yB2y5lh=OIzZ(?xPGB8qVAs3yO+{uj_@{a@o)cB`KU3JR
z0_$P}yKcoVip*;8zZ@dNj%uCeN6DvP-DzOgtr(%m?1SsL!|~QaL0%1uD@p0C(-fIe
z;6K+OBTS)xZm=ja^TB_oK}G~E{bQNwip*2sf6X8xvJU-YnbI_|z7T1o4*b7*G9ITb
zvX0zAc+H1skE`I`cq?haj}-FiQxis8&~0~PkG!FsF5?#+bEd4|Hd5?s|Dr|z=z
z6wdd-^|{AMeWs#ctZ>qIKDEVLI#)-(UE%Bru46n-4_$5e0fqf+uwIbJ&Sq69oY#Qs
zHjh(RcC*6yIJh==oVv1g3g-vlYVbIX%KoUZr?)Rlcs;j9AJR*zHn>?aE6C*b`f(<(5$=rMWCsT1sCh5c{D+QGFb$S&eb4YEfS!TliA)e|Jou`-(#reR<>
z&13RgSJ*#R*k^(D+7NcBM`yrT9sVr*`~W!D;*EVf%c86==OdB-#lKJYM};c!9=N}B
zB}fM;K_!`neF^7VY<^%f0Mk-7-k}&j)4U}xSYjwnoZ?EDFoXo=S~T9w79g|0UhIk(
z4B=g4=DrJ@kGk9j0I4fQT$Dhr$mT*-7aXNh$gQA7@GjY`^Xax-KX6@6toHsVq?0c#
zd*6XAF5M4}(!sui54#Rwi7RE4ha5&*9z#X>NGu~ULxOJ@-pApcaw96a_81(?+Hoiq
zc(u*PojS{+Muv?WcabPS-BeV2$lv1N3KC9&d>ioeJPCP82#ih{a3f7`G8h7pQfpWlp@D0QJIJ{Gq=vwTLv*YkC@M?t?)QGU33S>X3
z1;Bp4cA!(KSK>sa=)ZlRZ{Ctito!&8363BM%YhHsD0c%d)w9QNB?~
zw>_yZaoXI$9natn?l>;}UpU|ML;Q1H-*HlU%Z@lFMhACC$8*y=(>Y?sEh^Dwr#>ws
z*}2XO2)#&lg>#&sH#o%@UXkod=QcrabXEy^lkygjy~BA<&^w(^1zqfYOgRD6)#nQ~t$RbE+eq1CyUWTwpWF3t&FDRAZVLaX!Pe)SK*YFq)J
zy}`1cCg6QLLp&W&@*fRFOEU58RXWqpW#X#QQl7-la;t1&lsZWH36d!jOvS`Rg#?gk
zKGXf7Oc(l0FL_J?jvT@|T`HOA%%{ZE4sh(gE_P=!HI>dw-S}24ooJ07P}S!9uH@Q2
zR7LH`#vZW?W=^p>Un7D1#>)K@<6H@UCbA+2^m4jCk1#tR$LT9*Z)cdGeVkE(9^upp
z+SmDB(0-2n0`d2ES_(SQiHq}toP~l8cK#&j5a$s=k8~yozN4Ju1s&#`A+B==j&r&Q8gqIJdb~4K&=Jlvf^Verf}o?E*9AS%`AE<_=K{fZvXc)w
z4}P`|JfdZJjmOk9z6l(
zd@(QFi>e3RYPk?O@HA1g4re!cHA98W7=c5Le1MvdskRi&TAf7g_+~`xA8>kyCn&2X
z%BsB%vaJ2^mdcd-q6MOf-Vv4c3uOI!sQbHHZxgKbsC0Uza5_b_{VNz!
z0WDpG?;$5eZx;2aeu062>ogr?yLfEiSAX9;0l5Vnxx^?{2RVpn)BM0?$>LDIEsGrk&3(@}0
zNTOZlIs0xUTI}QrdbRV6pmArLpw~Iy3R>Ybf06jEcRC4rgVR^g8=dij-r~#^^j7B<
zL2q|f3VMh0ilBEo{}gnI)9NK^XQ`7T=)KNxLGO1?5p@d6_5D#d)T?hkE^3imtW@g$5!9IY*MdsjPU<`yBsCxG@_A9`&JJzM
zaI{b)IcG_Sw&&BoLY%VBr^+cPO(9wN%x21@w3Rr6?!Zg@w`D5LPAN#Ac?eIfDd)Al
zky;R-Dd%?n7={UdrktPo5-QT!i?`<7c{|Ke9~5Y@G)`qry%QUeKk0u?R&S=6UO1=%Q1
zDQ(yHd=Tf3BA&Jz1&@6gP8?2*%}HKXZIV?noF45~$*DlrKQHU2qHc~`Z)cGFbkXz+
zVy@X6C(2QMYmlY+xcuH0btDRXM8QfWXUTlCZ;P}RFX2cGzr@h%M(iUvgM#@br@R1JEbdHvPE-}A%_`yp>mMN(3$Y|
z6)jvQ(@7tk8IAgLJf5|rfaEFlc`io%RUXe_&{XaKwOuZGZbRKYUOlzS_5E$(uWHoQ
z;4K{VEw1sU##FLD!$0QEw_A{QKZ3IvFa-BMQ7zo*i_s~Y4pDKc>+n-uhm(tahYv05E0
zn;X$$6%L9;jCQAORy+!U6Dh}_Ih*o4b|wmOLUw2O5&f>E1M5j4V7H&rG(DACTP2R$
z&uZH1O&r-WxN~|;c24Whqr1l~-H$wuo9S`eUf)wQ<1Uym%j)s8$al7VP%k_Lf_F;a
zM$}y(>Z)bkQ8;~)TV=oaBOnG76Yje}=KKzg$KXsVamXfLIF1;`3*b*ALlx>?_3FPr4KO~sRPl4k`3boG>2V6}WJ_Pl`ji}8_2Dh7vq=?c
zf@JzeGIa$*e~*dOQJESg(?~Fk^_YZC0`3&yj6-E)+x8r=TE=7E_x$S+6Tqn^A3Th{meJP+(@$xJ-<+xYhZF)NxqFevS0kNF14Ogwf<
zAIyz-OU(O4WO$E4MAL#NTk@PwfZI`DPdpTN5?+FJmQOhTM42OU1U{gGx76`MU&m>O
ze0dD&Q>jvlbyLKK;Oudp*u^B4jF))laG1W;X0e1lyE+Hm=EJ&SF)r5pWccsDOZAMnDu535r?F85J{TF=N7<
z69&*{dKjKLJTvl?zxO%S)pf7qdw>1)?^@lr>g;_^oeEu5-PK{FlD^s(MPxV+!1foP
z?Cp%-lhhi7E+i#IASZe}f@M*MJ-~3*0c%SF9QlLv=a@}kK;Rwat4-k-ko9Gt-TpSP
zR~%>*2d#<3htFTQ2wR_
zqcq50XLh@II!LPegu>rKtzBPDASnRz`Gk;*bvU>gD?5tTJU+u-;6QSh6K&!ji&PQDeyf_bdng{
zX?6a9q_~f@XBhGouQ!!?5ubo`Z21}OSxrw!_RLo7!1D2uz1)=ZwAZA`Q|;DPdkG{f
zoOU<5su}HL3Fac8S35=@GStK#mT^D8XB~kiH0?T)zY)rM4}^a^60HbHYf+hFlv$&1
z5H!Fh1#1$fRF|ea!=~H?w84L+TK^8WtjS=^cdXmcxYa+kb**JB2jkS3r87Y`<)G#>
zdHfsrJJhZQerwDzQdrVw2(pMn-;z;z#I{l?}r>Gy=3^pwV
zX%4Ja%PO~nT30aoJC>NyhPK}HZ+kmD)|Bl)Nv4^H-664xZI;)V%=|kYyNenp$()bf
zrDP9h;xZM?w@=H6wY!0BA}&XP;zK?CH-Nq4^wqcPOy?VBy41!hnwn&;QtS;Vxhg5cjI!YsF>0`#P|<9o_^@D5yC^
zjwkaC#J>?rJZwlj|4P&KvD;kpDAggGOw)7#h68MWQMtXhxar)Y#)+=tVfP6!&
z>$jCVE#Xms&pSd@(pf!Y2_FLdG$!a}-kPhWF-TYPC!m^x;!>6)P+FuGqkVQnm~Fx8
zoz0Zwl-WQhRKnZ`tOK%{(n%__yT?2ptaG!ONvEsy^F8`4px&27x7B&OM|ur}e`b*k
zvt^IOrdk}t!
zNfw`|Y0-FCIwT01V$A4A~p~I=jX)qR|p+26`G|%mE
z(F0_xAD;%=khM23)`YTn{g{h4ZLo!NeuY#ayMDX}#3N(K97KGssOtLh5fB(N8-zo%
zN%Mqc*N>OSSiFAB6Q`DB$a>f7qmXY~42>;0@%@dNX
zk7A@Nw&VJsf7)Ie18PLBskgLS;PgVbB4ZJ(?Y
zAYF?se1yLJ@r&JQyQSeE&2%);aBWeak@iA;cupAsy8?Ee9851lu!Y8+gfWX;BFLwZ
zejg)pom>~M!Yc(fc`#dwO*GA`iTZlMTLS9j;I|0Zz$WMVLHY_9mQ(!B;XS5s8O|^-
zGDJIvSBLrGfKkXii!kU&BGxS0;c~0=6yb(2P2!0#eHzWbOUnw~q0p5O-xNb;JMk*2
zgqsvMn*qMy2%nLF>lGk8tb`ANed+LTk^~-8d>611xF~5G>Kl*rjFMV{(A|+_nL$Wi
zA&i9`Y0=^RruAbRP;Wz_kP=sV>gm;wG=2o6N72*{x}tbr#di@u8`y=!^L_&^lhd$U
zXqQn4sLB9Up#UG=#P#1Cl}AnMvtUji7!2)e8-(;dn7@!M4#)r++7~v2MWeBli%l>?
zx(?ala!oGm0I+v;gi|eHJiw{h1RV6R_)^$}MTBuhq7R!^T#B^*y{6iQ$Z~iNv@eP+
z*aCRO?9TOP%YIYYLV6U;r^uG#(z1Emv-Sb7Pnb6^z<78Yf0Rz
zu1~!52LKzEqyM?$Qri0io9py7@0-o;S0#1xwX%hDCYa~tSo=}&1eW|FGBt-73)^CiJiQe;diI*U=v|(p*Gl!o&--(*-4qi)-^jr_C?*B?T~2!T
zs)ICzLiAz2pFKRiHpIOA^-)aphB`g1kXBJ1n>ZJZ&3?cZVABJtJUOJ>g?90SsOk;(
z^e%*SeYT#G&hSVNg22T#H7?6;UJ3(J-A+JPtQTX#?VjEb)WNb|^?LnN-A<%l17;%Z
znlG6leK%|aoEi&5N<_N}We-W%lfj&y&6fT|iTfnPl^~trh#u!GEn`Zq1Ad3&G-5I8
zD6u#r?mY$URfl^vPEwrie~#^sERMR*HlyQmc!9E6lJzj)x5Fm=iX0KrG-QOf?CTQS
z!@!(MHhT#vkiXczC$YT<%v1i(wp<4dZ_&IPb0v7!#g=Vne7gl7g#3jV)5Y%=ESdsr
zL3o#C{S%C@981bh3Gqc4vlk{v*wlH?!lTwgbAVkPffkIg)YYeBS4V>~(b0BGJbBhK
z4hDE^7D4T3RlcOGvq88no5Z2kyJQ<~QRXJFUa5weoMeRW*pxp3?Wey|ZApD(Sp}F`
zlwp&C(8-@3bnn-YR@R9*?*u~Mm}I0lmGq@r;iSw=1YsIU-l+7g;B|Mq@E1@29$*hTeZ_zG^xp*b52vp^|DaTl?U)(a{@_n#lVrlZF(Jby
z`L-kO;8c%)CG1cyrpWqvXE1w`?d8p`Jc_j{VEa02S~dlq{z70&bM$K}&Iz$O2N>6;
z)xP@PCDerowN_i%B$-FCd&;pDw{M&g`~zU0I9wZkO8Y|dJLGw2#M-9J3ml1hmh`bEC;7P@giVel
zeU~QpfoJIr5I%M!X;I>sX8$`iXLf**KOxS3J`XbP>_PFp+A~eSXce=pL%*v9$=X0*
zV`5ypM|CJupu-@F&CCVi2$I-ld{P}HN!CsS;ezT&MlVT8a<_x9i6rT1Ww_Ji@{}Z*
zeFKCKoF$Kx?^*f{gw(`pEERi}8iCN3Byrrc^o(}rvVb}SgmKQ2S112ck}ROk2Vs%3
z93OOGT}0{^luOh
zM);)J>msRITC1dbAhgaVd6q6$Qa=#(%qB_aE2l*hx7d?J&NoFe`3mo}Q6#!V%$v_J
zK-n|qD8$v6_t5vKKgD{kd;^lXl}RnHXkHk>Xgw~=yBgQ>~j?MJRS
ztZ++(X<{k1RWWS%G?F!8ZxW-4%Yd(sITp50a?!*lY){3on&2cm2#1(jQVOyz&(aUl
zbP-cuyOY9}oya6~pP9LD*Pz|Vx)&SlcERp}{mhsKcj!4{-yOV(!WyuYpQ>$cBd$h5mDM)B9{_iCD0IFH@kxGe#M=U_#G3Z
zYk_#F2%1f?C(Nm#rUAt|)}^l0tG~}s@-23MVhdl|A9s9;h`V5wSV*1aQOjU1p`j?+
z?^F0QswJ=egu*Z6f1*DA*?vZ0W(Vc-3Y*LSg2Mjte^B8B{I{gDroqO%q7z`TK4T5;
z$}8gmFEzw~%>l1Z%7Jm)1A$(#JiaNwuGr)fW&5ePB=+vjjAdP-d$`
zC4JaI=$aicq>#NtNnh$BI||houkgqNuVH8e*DL9?i?lc(e&FIGBNwNaKpS@#FAS*D
zo(ASZ(ws4y2U!)9H-ceR4(0TnDqiX+Uu!g_ae{vyFocG!!=g7g>2S`kC}`{v(soAZ2mP2P9Y
zQF7Li9P7kNvGN+MY^9|wN&0I9`4ZBfW5m3dz-J1a52JOliK6)^fzJ`REud}={yc#%
z5O^e@$yu0Q2wnG=ae-O}P
zgm)3HFWNOtJvpW*R|PwMQScSEe>(+C{ZX=Z$TFGzQ2*F8Eg5_B?JJy{L);;TOu_F^
zQ@o9iXG4IEb2!)WEN;iL1Ar~c!qtd6&_#`yQ^7dju}YIvdMIH7u)7^D<*#1!R{S|&
zZ#$g&zN^EP^bH7qI1;mByp+Z$sWuN1Y*G|jSu(KZ?``T{i}qs+cA~O*gt*HR&6|5
zC9COj4CB$N2VuxQ9F_BE)tf-F9<2&tqc*m1)E_7hh737YyO-K+0znWzTGbt#zOja`
zA=*c)sAwhtno4*)3|d$ptrFvl03GAttVgQ^KM&X?4(Fp)(s`!2h@MPhi`xnlX{{e-I9%Xz`;bK&BUdO?OE9HMk;pOr_wD5lUA6EE={0}euLjFe-
z=ItbZWMKpRH)5tub-zpB@-;U4vsr-R<&pmCcjKbK=
zBSqIZGn+j#k9%gGXm`|uv6&~^y%L+D(3)vomp2r`rE%`rmn6;X>m0zd-&c7Cs>VlMCOF
z|NRQTl>hw;Yy5}2nT4(G|8V)ARXErFpCtdY3$L^PPs;xRg&*1f@DH@1%x>wzjuO~C
zUDzA}$%LtKS<%h2<4j!En6sf|UKAJST}7XQQ(aAP*oXOXr&(gRNO9(HY0v3u)B!2A>L5*u{g>Zk4Y0y6}vb}f%y=-
zPjghTILdaPy*MhQ;sa4U*wg{NUKTHo?gn}H7&D~XOJ(um=oo;Lsw2dUqlW-onoSrc
zdEnwGis-*Cj&?3*ewO&w#w;ibz*Upy^gILyErPOo4~vy$C_On
zUBgU15A0QEO><)xN5z{jfPLrmH8m`b_GZJ<7#2raA13_=Xq}~I?Bb~CwO;^?u4FHc
z^4u#Nm4n&EQOV|9VstTkaa1z3k{I2~UK|y@bvb%=aa8mk$kDTlqvGeAIhb7>6+gev
z!R+Fw6kyRo*?!u^Q7OE(#5_Ok;;85i%h9uoqoOy<>1l=di=)Q^TZ2swHZveOq_H@v
z^*~hh{Ke6`AbliTPf7mb=r#~Ob0miR6tFn@3Hs@37Dr1C#=wnDoyyh2;^-wuL9c-{
z4!bx?`Uq^(of?ZpYFxVsW!uG3vX@{xDVr_*i4yJND2Z2K+u(>E$1aXi@;LC99A_Ad
zQG0m1IJzC!*ADk=*u_z%lXplERASRylcVm-bp`dxE{?K9x`8>0Z1xLsL`c)nkz3hz
zag?@agSqs-+qR3Nw0$<1*ZrOCeWcjk;^;%*Jsw-OopHQ4x()KrVoXMSGloS|ASU9)
z(Lcb54vq6IWv7IAakMeO-5kNQ5HF4n1h|(Y(1NC;uDZq113@{`(W(+p;>FQZ0A8F$
zP&-ptadazKUsc1bW^vRUhOZuA)4Hc?I=E{=#EYYCz~~yYbb!}`
z&MuDbOTDomOpZxLic?AP;^-WZjs)RolDtvHE{?Lfm~(+$92>ERzg--a!*L_9`<;H)
z;;86v0k+NQXDyD3{=b3!>h!he$KvSDrAS-7wTq)9nI?zh3>KS|PO>-}9PQY4ag-!8
z4!a3tdwH{qqhjqaV2g=+6CArZD*9&uJ3mL?UmU#+*xe3S->Y35CCR*t-FC;;yxGN3
z!FQ5$MC`5Bcf2@S4taB8^wh9+ZLeY%M|%Mq;&2wM#qHwgWMK2Na3du3!Y+V7$S#gbS~Gynk8$lD)gik$Dygpm;Y^aGH}$->i=&dY8$j4t
z9my_^N^&oPu$3gKGZ|1dIlDM2$$byPPG`v@*~L+@RCXk8g2(n3OLlQoEcFFpI7#BT
zXUQ&(=J6Pr3Btk7l9xNXI9fo`Ng$lMO3*N%UycRaUO&M4vXk-ka|E)xWeXo?#6NYDe!BML}qw+Z79mp
zLXc+S+Nfu%`S5p27TZ+`Ms!s|^D2YBsA`*8qDmBp-JmoeR%FCi6dfJ)^YqStHlc&S
zIuV=mO#(@QBvT~nn{5q|GfjB9-kx#mT8M9eg^j)y^;MG0w#@8{WWqV#$+<{mp&&hA
zu3fTBhGosht^0
z-V5+FN8UtZdgeRUwC20JqyCz($i%p9`;l&D*-vLnX81|Q~k4sGK4SaIU
zu_>%hOe_R+Tnzim*5{g9QnucuANtu6C5Yn%>z}`1gx0dQHw8QdGmq2MJRC3CHwA2k
zczX;PhHN$D-W0&=gPKjdvhppsb&*mfws0X0YyIJ-0A4v$u3c0iXArg#Ib7TnAazZ-
zD%fR~rLcD-ghx|ByjIxW89@Fy*e;J@zliN>3QgPt{K1%GQ?Pdi(8L?qK8Rtzh;e6t
z6opsB^m9)ZvFye(B)hH*buQSyu+<6nVrs!jZFvk86DU|yt06k>VCLd^OM-$MGn5&#
zCq#Q=3umwuA12tHiX8~?(iqa|_?enF3BgNUUEHb6{9{n@*u;Ay-l?Tsith%jkHhJTlGYhXFQrY~
zRDm+f(dbYXE#K0P2IUk-6Tc+MeWXBa`@;R7pxhMGblQzc8;WdqwX=-&%~N2!8ncX)
zlCnDbtS`a%*|DUkq{l7T!(){!L(|8mr6A8OY8@S0!K=lP=W-sm}lSj?WwdyQ6=4b47I9fyt!n-+%5A__LCzUcz_9>jQ*8#X{4xC{PJ!tN(Pye|l|9qII>Wh}Fob_i;^
zH9|SQMC~j{FL7$;B(|F?NlNlA5T0-(hK!fM1%7L3>S+XA=6`#%q;j-#1&GanY1H$I&EUi|OoK(C6!Y9>PI@u%r2}1q}
zS-Erb%HgQifSsNMbQW2HPO1^*e81w@6*&Fd8@uHFikz|N5Q+CI^0>@-zvAIYYZ=qq
z#(H@XJ6+GI8^2%iY=DNn_bYw`$=$#ob)0ae5&9GN@C
z?^pbl7+hCJs9|yY#>Cx#^}!}@OuQ6x4tZnZyO;r~21SNZ-o(}=V7?LPs^7Fo^I(=4
zguz=hzk`{9AiB3`E{0$kws0MjRmi?Yb1lS|#*mJ8ircqn-VSV2jGJqykE>iTt#8rX
z0Kpc(?`2aY6Y3(~qA9DBY1W&}Ee+qIS-R5B^Y|7`sg?w5?_*LU(gI9LzoO-U1|s>O
zMBh?t#zQa>TlhI$YlbZ-(OVxDK)M)P_$?5#gRo4)#(jlQnrTRZMJ2}+KE5hm@hmwm
z{~;hnpadn$3#cXcmQe{eMl1}d7i_{L6}T>f8uL12Z(|EL?Si-owxHyEox^+s@o(4!
zG7RZ}U22!fJJYxD0ZXq(1xr6o4CrSN3}Q`z(fG?efQOiJO)1#U*|8GsJR
z(dL)#kOtx70IhP`O+En1g}XUUBXR-TNAE4uud!)z&}SFenVt$cLR
zqpLAoOX)PD-SV-u`1cJ={z$WFT2y2&K{DXi#wLiNds?yO`v`2>0PE`TvIL)?_()*;
zIJ`k(eyU{XKtM|!%vXV$<=6$~*n;vSg~K8{2OQIe+KMa@gznr-MADs4o!!y580o4c
zlj&!WD{ZpnIKBPXiRhUq3Q~2+E+4OBGn4p{hB`0_h4xm6Y1D+8=|)KUit-8i($^Lc
z?}jbxLug-YLHT5b20%PIhP2qK1fQw6nF;VkX
z><)(yqZcw9mfP1XhED^0%@HJXNhvL0a?Pcfg7lNfy&S$#`7uRbo)kBNW2F|05U-6b
z9K$5Ec`O&CHKbi)#7rVQkY>wQYW0r*wztElC-^GG4+M6k!)GVvPmu~<1L#5r=Qa<$
z31L2z?f}OeMr~~#*NQgXd7g-*E5}Ls^~KV~xKhxIBO*(Gg_5#mu&HP!4yTSRm0$?v
zK}sz@DVCXLi#4#kI7#yvmu7z=%ZNw^Rld0s?W8GIBhL$U1sDr*jJzbs8X&8k5iRdm
zq`)qMbRD+v44T)EMU=lT&_;+Kk0GfF|8RXz%X=#b+Z{=KlyRc`pVH`=ogIMF$h;(>
z*-#HY7T+oWwQ%r7bVJ*mJzEO<037BBQb6-Tk|Q(FHpk+Q8{T)Qpq9jCykRF+pD~U%
z>u7u|V^R6?RN;xIpe{%c%sv#Bzm?KVnOmWCKa<=54I^sG*cLNh0s4+(TtmYtv2m|H
z&vQ2we+1!AM_PoCCD|+PLaKllEwE`?7a?TxZ@Wx(>Roj3g@-dpxh`d51lbSMOb?Qw-P
z7lb1mX?!dAq9l7Zdly_Wr-5)bNx#t*Ie{y=w^)W*CEM$TBCEwno{^G
zGb%G0;9icP3D^^4ap@pnM-XRuYf~vX!xr@#$j^x}L%JngYza32+~^1_)Zk%t!JY$~
z=YYQ97$tByctjaj85vBZCcXt@M>gvUWxWx?CcY4gM$-b@aK>0(+C0Q1*T$wLlMXgS
z+br+RE1CsOZL;^}mGL78qQdWpc%(HxX&4|O@j|5b%BJxnMUR0aM^WSKyF&9Quf;>vWz
zgK)#LJ1UzbQ*kC%g0T7QvMk$Ol}(Zvf!$cgmd0P)Q}J;;dJY73C~?V(;{6qumld51
z?A#dFOSVcH?islSgpDyt57FYWo{<-UZH;l?$V89yJqSBVVksDgY*Exn_quay=YeoVwk2ui(nQiMF5A#>
z-u4`LZj6xjZ802--#82h;|n;8mg7uT7rV0Zd2V{f+V}+Yi9C^&Kv0G)oWMphkg~e=
z+;n${d&E#R=cZ$TO^R_dmHLN@zMh-Tgy1m1$7ECF+>}@0a&9@ci!g;Qb4h&h?DyDJd2V6!1MC9Gz8Syv#=holGa
zL5_1J%vp}T0zuAH;By^kJ3{sfgT2tW43d)^P7RCOD-gE;dkEWK3rIb?7aHavs-a%H
z1X_gd3Iq!+DZ=ky#}%PuDQPBk&xtWK6HZg4nQ-Q7yJOrB-VL0;-Vd&q0qPx8`H@jTio4!o<*>b82mB7lkrpgY
zN-Allo@D1^#5AkOjxCgh0Wa5hr086a#5O19J^j9YihyZqn!uo^j7F{
zBCcgnYhKZTU_XjPa5K?C`TTRotdag$j^5Y>3=wC<*7-1`^HW-H;=+S5i7s$7&T(PJ
z6-Y>3C>vE2oo7!x%EpQZO!5y{5Kq`|BrZv(D?9OPJ{^{0FZS@Ff})-<7muSO4iBE6
zZR|M83eZRHVm5l4>0rBZKjjZwr2MdmM_TEV^s_D#7Y08jBtB00;`!DRAE%@xIc13-
zr(6pY4`DMq*j`>nNR#E`lr0WG=Rr^$sZ-tKlvLl9rEVCt8r3~c*#YioV${_X)uSCc
zIinAwNZQ4GC=}{-YWgzAK?7LIb?lRj>mZhES!~4ZiJS?E-dLc?NwbkYT@~$fl8^g}
z2~#VVC7?^0;z#kav~=sN+8xkK8o)_;C_V0i=}f!U7~!?QKWnI){`BUu6j!)$Vatht$08#BQ3kO%62A?T1$*#C@
zOm6(Lkeh+LJ&W9HXH2p7mVi?8LhCahF49j!OXx557J%F(i#(C`>S7DZo99WIyaaJL
zILYxT`C@k}#kc^No(b!jwkkJLaXq_drnHkw>7gu&j2GHcG$q#T$8k#8HLE8MT^AMBL!X!?No%2_
z*20bw6Lh%PuR^K0HV`#WE@bFcha%QJEL{pqYNV|i8C`0EMZOUuMh?v}B3BEt+JIc$
z@)h-Xat-JvTHpv^uSJP+;XV~oEM>Ttk!N
zF}y6dl>RS^%X-Tpz7=eUw~Uypo4RzmBwvRDs%34gFSX`&
zw&dmrXU|q9*cki54;_S<&Id7vIXX}EDPMOn!M-u&)2BhDZTys$}f7;lW7
z`)`M_JPs?V*SKD?bnMd1h3KsPKz&;jmOn*4eE8jdeCJeKoVHzMrU$`5&s%
z*UD@~I>!!|wtlsN&0nUcKF-7=Kmt)^-N(I@~_{%Y*=9iAHv;2sGTQ-ZY>J)n(i#r
zFQunVp?)bn&lK`Y>3Ox=*W{D&d9^##T;D2QWUk$}u<=!Psk3%fhRK+>VekWN;YPN@
zCY05lpwN#H{~1H(;RM&UI#cILT>8N#s(PYdCi(*_W$Z?}Fg8Psk!OZsw-*(jfGxw2
zUcaq9xROtT8`U19A1PJsS)x6I+N-fU%V{%YwTD#l0dQTEt$kpU+})r&Nd;!jFr?oD
z)MWbWyV5krM{ABh1?Oj{AwE+rP+v|GlGv$af+@h5GH_j|=tN!JicBH-kSd
z)NclVR(R%%(X!VvfH5zyVZkU5$TXxpH9$gE5S`Q`sU(#0pr`rD)
z?EhEz?>GQEJt%t2uEV@=mQVss{SNeWih9hg#lPLxLz?tyBPi=JA4j*IGivTv*iER_%Lu>fJM
zqaH`s{L&dZW^g|!OW!SZDK){|#@Ax&qzXG;8()j9m#QVxQhP17d8!gbtVv&unKHJp
z%T7cmQC8eqZ=^9pAs-)OMou;w3ZY4=>+o4nmKrPWrgSpRQtXbWN`IPDcGFbXJ_);*
zvPm-6VRy4*tF?ZL4~4#Y3fK$8#W}@?D9*NEJ^}V!jQbZxM|wu`uR;A|^No!6jO+%i
zdyM-=CMZerH6DbiBr#uxA)C3zsop$^vqdr4OLrAWXHtdEtBU5p-WDY}xB-NXBqes0
zWN(X-Vt5gRt<_nY<7MM}5O!8)$$q7V)o04C#g!^-T0PQW*eE2xaWqKNtFa74#b`c<
zUGFs?8J%;Q&w(&@C=HH=`JCpn8uGJZ%*eT=Yd&Yra%E>i@ZG@5hGXJx{+
z&4(oOF?L@#b_yCnv28x{nA_BKI6SbabBf#M(+z5-1+b1W?$^9+K4N4P2;*aty*O{1
zj~H11Y;lbHMr`wue4PctB_uIlhM}bSEJ-qFn~$XX7)UQtg(a&hngiQ>B=Ju{_@1Q1
zu99r?5laQA#4>Duv1FT%Sn32qUy^by+2+IQGZR6W7L&Bquu*u;hqml+GPh_Gs5*qq
zm!U$#2YW-vA)fruWH>nieScymxZ(fNj7-OzHzWUF%`Ei1=~cupNoYp;Hkb=U!~MMQ
z-;9y_(M(rtfx*1ymmA~Bi=Efp3A^`U3;X;EN)z(pdCiLuZ;c@{Fv0D-<||;o#CZ0+
zhVMJH6Ahi$kY^eq@iy4PJqa`9<~4koqMO%DPPBDi(;ZYZ4ZC?xn;|!^*)LJhd5t7@
z1}K+Pfmt&Q{jYh=BjCL3G{gwivgS2n=UYem8HWB>iz;F1U{eh-Lba?GC3bp)G=N0r#4GVM8I+ahmDp56j8HAB>cvhskou6woY+#+mjs#v
zAzq5jUEXgGMnI`9BB*UCAh}kcMSgKembn15t9<2zot?@{Aid`k+f$!X`}HKrv!uep
z(bmasD@d~?x&Dq{Yh-_S##H?uYyTgy|9q2X$1d1q^>@79*!wp4d(I9Zet$QCQhBAQ
zT%sSYYIsnO4RA`sgL~YLu`AW}*$>!)8263XNw4HFO1k%g^cYp>ysBsp?4(x`{|5-4l9bq0lAZL5rClHtpd$Zb$xeF3QcDmzk(6u6
zPI_5=W;6(U#UyPoY!o$+oq(Sl3(~ZeG@q;Q@|us_!j;o}E`zc4G+2g9;W^FcKFA-B
zG1HU;*L-e19o}e8ZSx`1e1Y9}RB4^C(R{8<*tYqQWXd<<(7~o`wPu@77wDT_!1@yx
z=M=ZiXFl~O13Mtb{hGJUM~oZ~!s?im-F(EzI$$@(xNpQZAIaC_AiP8p^JN%Hn$LMj
z=4|tkbbkVA7ggxIs%Q>u^O3~sqkdXq^Xw|gHXpGx0EE#buJ9GvYc-8x+IT(YtZz62T_hG
z&Wz(`q8KsfI5~vKxBbNMv2!8H8NTvOEfa3aL1Fl!&W2XYPUdPt<=c)lKzOS*2rE_
zDXg8Sk-bZrB66xmrWWTtg+~!IGQGSVkV`Z&qkd0B)@x)xac6@@_RnWaxKkrD3w}pB
z4`^hT`1Y7a4v6-Efv2>-24=tO}^AN9SrT9d_KJ3_ezACeY1
zB3nyc9+DF5P^XrZ9A&7AlFdQzj9GG6(0g!3BGN|;&iDG`!37dYD^e(tNFzlODbh%>
zL`pSMQzCUWqC-iAMoI-~sF7L{X{wRBMI4sfYNV`$&AW4uUIa(AP(P5&><*8ma;
z%N}pbObM5FzHt~sr~vw`37ueSaviDUF`GXl3^n|YIN6C%l1af;_f}JjWmlD@>v!B6
zO(jR{BdZ~33a5zc=VqrM#iS`T)xK&22|U=X)1iu=cXs8l^Ym&MasA7`HC(8K!pF1n
z=2<9FLVHJ$*UUAw}
zoVJ(t4yS#*(@x4$P5kOi@ZKkFa0y47!%9s`28aT;{{~sN?cAyuTM7;Dtw4xC$TcmD}(!Nf{2`(+f}bbf2FN*y4zDAINkm7~
z5yK^-gXoA66460)#7K#BR%@dq(pw{=B{E1OV#9k-arCULyNwq)H+a
zG_sFGCTe7&L?&ruxeV9EnWR$UKQm*T|s~nW2%xB(k3l
zy(5mT$-#Ln3Q~F+y(%nsoe;tSLvA$i(piyPAv%bpp7#j
zl+#-ijAV-#eO1llA=2=AnN4W;Y8i7ie1pfi-Q(OLoU6o-(Y1B3l#}QmU{X?Pg46Rc
z{ZdS+!E?45jM*b!PHWbfMe_~|#`Kq1T3sD8Adk9>O2-Tpr7EX1tR@eiz$y)wSY(w(
zj
ze&19H3;RxrS<)vfDw7XA$}nY}T4J^>H8(}kKZ{FN|Uie^Bn
zxHCcKPO~DJlKi|VZEMUCVev3hq}}M5>zJpty{V07P4PSud(TKY|OlO*Kb14$#jHw@+R5zbMdmwMtFyB_4sizFXx@V32s~G
z2{H?MA{&x!y>!ol(k~&GqioM2xgKOA#U;EfW)HGGYo@6FlGNgWb~VSd!lP&xWKqPc
zWzt*l%8>LHl>P$D(pp1qgIy35?%0@HN00rn6Km6vH09D+jXkaAK?p~3{Y@pOi$ud`
zB;j$D(lGZp4h{AysJv{u#BmKO&yTH*Yb+em9oIzU(%{Da92Rc{$uKP~uCZ?k^=l`U
zRxhuG-sq)Pr&oBGHc@w;kcPAoPIA?GX$RqU?E`srjy
zTa?bg^Z6Gkj_ZlbLBgHYJvo$LFvJ7aUs0X*Ik43N8>}%g5$FUOr
zsf4zUzz{Mq#bsh+Cs6+PH+oaIcork11ZjKce-_Qyz
zl>rndbtcVld5OTPcfG~^%
zN}`A_Z%A|9BopE3H0+C0+*it;U>jj)WFJNQ>_(*#yOT3p_G{2RMG?P@mgZB}QFKH*
z?w4Sn{sDqE63oaxiVE9P^CsDAxUwTTFF*okuur#njT9B|bzKYRVHZWGGx#=kE8u*v
z*X+Wte#u&Ft(sor3TUD*@RPk=Y?W|I_WDufJPFs3ea2s}tvayAbN|JJef?3@s?s4_
z@EQ%27DoLOi}+{0g5EFKLVBg`2(w|}YfzAQHz$Y35@?lS3;zv{E?8EbQsUr_fVw-l
znDVOA<&qH!g?`BjaYfY~rSE@aBc)Xz<*$ANFQ*k>bkVu$lLB)p%t-dK3PLC6>8c$?
z4*8f3Y?}0l-oWV`Arywzn7*obnbYZpXi##&SzajY#
zw(wV$0?8KtQt?`^SlIg=__US18an1$~WDcFo~+K6`v05z!=ws?N)++
zBL$lJ6;@XOKRxD{iA+N|-xiR{hHI_`emgn&)R1(P^IgJu7WnJcalS959cI&f1^nMJ
z$0qYbEy9w^0&q&PNir7xu_j^3|89Uf<-k8B4vYdc-oeeNR`sjE2S9ol5h-xyS_kB+
zKWjp3#0!l|n-mtX<}|XeTGYtouud60)_gwH@LT3HO`9rtxKWLdDWTzp;!wu4`W!uq
z*;`_p%Ns!5MxLn0qs&I0Zg4zwY~)!#@_fU!L|!wau^wA>Us+>G;Umb@=1X`Mac`N3=R@M+ptu0|Gz>~8G+8-;cr)8}J
z<3`77!*-*DUY76(z~>y{EsSKA(9aS+0QiL?uuWP*e@oZ}uwYx9SGFxn7+?ua0k(??
zdNfH*RSnUa>i`uq9E7TvWIQXwOazN~{}sR^9f3MFnGu$73c&NS37X6(Bclvkg1Hrh
zyGZKxD-0;Ury5|^%uB$w#kjhmq_H09-yr;_I?_0gRPSxv;DSw3@-2<`Nc}(vojWQ%B`;*)kq5q$^j=Nx>B
z=Sj&s7!I*%#%1l3J8Nk_eUO_+o#_MCz?f4J9)2mXt8(x|J$w_e%{lmC9{vun
z4|DLtJ$whST{-v>9$x=lpAr#=u(U;43|R0I*>W*Uov3
z;$|A;vxsphv)$d97F!DWsu7qYIeXg02g7^@u?;KNXdS&yq$ISl_*PO9wj&hkld8u~;Yd{v$*6eQ{X$lB)
z9LX!ion9MR4#HWEBx%aQqLmVcGI@}p{YJ3vcTCB#$4q<7Enxl2FOp313#;vs_5xv=BYD}b>yeg#aFQcA7wsv)T`l>zfKI=vnuLV`
zeq@_lu-k}D9IzcqTQzH*g?t+^I9S?wRgClPWII@
z7!2{=F(l)RVT;u_Jyz|Z=bW7J9t_e^j>uZKoc;-CE$}O|IC@^7=cZG_Je~*#i?Ib&
zQ^R7;iqla=q=IRoUKTOsk@9DRr93?@4btqp0`Ex;Du
z_#41|sZjNUmhEzgPmLjSHSvame---G{!=LD0Ji}*cY^+qQ@NWeDN*@FP12ls3%h?h
zk~b*+$0Pj?LLQtJzjR?DC6>Zel3WuITE!%r5-#16C+-XcHr(Or{1;(`jJj&ANZBNr
z!?0US_NFAOUxpQO;H)x|c+Hd?@MM`w95qPuD6oZHCsjHD<(yU6jZ>1Ec@-*eQEf9*
z&JZJiC)IwQ-Bb<`lu&c@c+)nVzqpU2tW
z;Psv>!9RmKXS1X(Owza^Y{a90KX|u<&e7ZVjcgBGY_@-7ncH
zT@IPIEU3CGl+!Yq;FW$B1og0qKQ`TaHC?$D)EQXM9Q;AA53d5YZw~&L;xf=J1hzB>
zf6Bwp0d{$e8}Hon*`${Y?*-wZm}Fb|^Xg={1@djgE@xTl5%8kLzJdHlhiRd{oRm;l
zj4GjB&lgTcvSX8BU
z$7F5IrwE)LAVtsDiJGu9qz~p768EC1AWcEyP+fT31Y0QlNu>A*U!x{>m$HtuTZ#r-
zKdPX&Z>$@rkHam-(lAE?JU%95`Pf~i%hGwnM($6M@9*fH$@_KXSY
z`KeMAQB_)8kBe8>Q^A}`c0Hyn-Dq@dx&~ci%Qwq_ofPBV*;#Z(IwDDi<10b9i6qH`
z^j}*w$#c|{QOzLDG`9)#&uBMos;_;ION}h6V6_0W`W=k@PJ`1~Ctjs&S2f(;
z5*`BhOg5pj6kl&8NajBRL6v3d77b2G@0l7V%%Q0g5=w1!SW0@#wl+FEC0*ty8y%r&
zRq7oxXYtG+8kwrc>R)K#Q3@YpqoXx?iH(lY=mV+Kv`y@pio4vmW6{`HRKtnJ#iG2o
zt)1~HImvr3^$)SbTo^W}r_k7?{`9~M(iBQ3u`vB?>9`;9q8@BR81OrZT~I6dH&hq#
zcv#LRuZ4UhgP=AA*g7Tz*NQOxLZM)9LD>ujI5s9^^$JUL>4rxwJ6&NP0p_tW+Z!~a
z75WJ2*}yKV4u4SbJAgfyjZ4oSeX2O?{0-nAWOMW|HlZ9=KLY#H;mLF$iWIN&1FnQ&
zlQOYAKpllTLfj{Yw6Uw{3dP3*n;7F(wNjyjAU+}oYNF6d5T6}GexY^N-U1#ECvv6Us@Spd$D!K^V?2hz5-
zQL+`A2eErPCT9(#=St4wb|>VIW1#!v{v&Ccm7#Le%2s^;)$4B>9r!V~H3S|+cD
zM+fW4K!C$zLVS2!t%t`?NW#nlct}i8FV#Y4ZLnq)z*AyEUdU**HAD;3#ghogH{g#F`=8Y%eIccC3MfOPLhsb2{?xTor
zqRT|5VeHM=@bePhihUIE&1sp4@2A6~93!}A7!P+yxCQo^i2EoybvVQIMZ$0tT_W-;
zM8a?;>NAq}>`{XIP7%&T14dE8aGPi-!Wr2|(EvfKAi+BaCQ-g%H22?*;eP2@?p1!R
zSWrIqQN&wwGSQ4q-0$0qmQ})iB$7dw=bDp
zu#X~MF3Log{)=Ir=4YaYT^Qztz)Zx;oEhOn5wE=B0RikY63#@tJeY}iSuGO{$3C)>
zhbP;HxlillnVbooEAbf>rt+k{VR)abz2xEJ{to&%fx6db
zWC9^JV^!Ga@>d;~!zn%al^FNV?}!Hn$T5G3j0AhwD26iRQ=e-M?K
z<~5j1bmvSO)#r1RCs&G1WLuq+Ogeihf$p{5<#w
zwL4zRFeOpMm%FCBwJK>0P6VH(b`v!68L8YZNrryM}jAZpoVpP)`q9<0VxW<1VmToj@
zvJ=mj`^#HrL3*2XxtM%Syr#l%awJ7Dt?(=2FpbW2CIl9>iH-D`9BQ59)FpMr8|eKB
z)W6Q@3$EtBa;ZP*)Vj#Lj!E_e@f6PCO|a8PO(PSi-w!G<;Dh
z2UmT{YEqs)JQ78>;XsO_tEHLqm1k+bq%9L&_$tMGXTfxfq<`d!a#r^1SH=hf_o5z7<-Hc|1u3&JhFet^i
zFqa1>#TXY5PX8$2^m!Ch&?cINa7OkR97w5$>qeRAFo>h*!^IG^5y6@RDK1>V{rQ+o
zW(3SckBKd6V$i`J&-)(@B~FPl(TNCVqE;s`A&T+*KlUgHNYX2Wa`Ue^C
zuVDB)*)tqPpU{olg+6}?1?OWfk%>M=I1`NprA@RuEJm_VZxf;l+OMQ|IriyqA&%s-
zUYgf#qUf1bkfwLh1__zy(bcp>aVDZ-#)kQ&XLR2uQc1r0%x{CYksu!UgE-A^XlJ5b
zk}yBC-A2TjhzVtE_&dlm5kEnliTbbMel+$`M0uK@er_W{6xt~auLLoYeR_jfSHWs#
zWs?YgLokXSXD;|jddzFYXI=z~B7Uniy{%`P#lTUp1EzEQQN&L(W+HxMG9zKMOw>|(
zp0IyeO7RHU^FxkpB7U?ml6{(AXUs@2BRV)P&VeRB5{M)hA$T)_Z3Js0Q~EvlfG*$6
zWglS5vB~ipzd*MDO+WZXJ$V5EAG7%q!$VB`~TPAuAdyGq8gUE|*nTQt^BiZ9J
zJ&o`JW181!GZ8P~u9xnV*J5V?9ESh*^}=>nVUv=Hc=0!icr7B$D{gHhn2C644liNA
zKFtdcnDzZg0nbU&Jk`oXJRL*Rq=09NX#5D`;KsMw8e%7*GY~Q=YXsTpGM;w63NQV^
z@0brHx(A}WcI{drv}>=&#f&pV{w0FljfT72fbpe{s!v3i>hfFhp>StG1{?gTof9yF
z86*~OLuiF+-i?;Aa^(qXax)^kR-9=zGNZU2xgaz_cpP>$nT6TNkp%ca);_0EAHJF{Ja-f-Eg$wz
z@a&Ip_OF4|v$Ftp4i9P{SlJaC;kmQ=a8eMSJ0!!jI^bQEhuWdFRJqlfEw{&$(
z#0!xf^(03gpMNZV*-5Lu`_L;
zaUi}dC_Xm5o5rhxihk4L1nv6-5jE?&)W|KF5R#mdStkwPf0j&(HAxDMZP2Wn0effy
zOM>!enlH2UTJg5m1QP10pu%xb$D4*7;^uN;wJqyzHH((DzQJLZTKUc@91sA)7qOH6
zqySLRlVtwBwf_v4aEG5+_ba5OqQ>KXAda$nnWTE!C=I;6kmekhIKGdrAdu*s+M7_T}S;f`J(^&`a1VIuyubA~%XD*me_lpEhiIo{(Y
z4o{D{akH-Ar$^%-`a=1cb+>?rw^e!{8(j;DdM%w#tubX`BSrr7`{yYQE
z(|c)`Ih)(!wBwGj+t@R4(}%}x>A0zUo2UM9Z^F-?#=rKCHwwI*18+@y;PD{Afp>Cz
z;LQpu_$}1n!$%s8*7Fa#PN2vfyD8Fe6ctOgK_+t>W8ss
zJW1)tw7MM7+6xb7*vJP>$MN&2zxsUrP|-MkDYZ?3%^}Z&Vmn@VIK$QsKbtzx=j#`1
zD)@!e_?NVWv%vhjZ=xO#taSy{NE@xm;_rC-&u|m&@H6YyKw2tluu)Ou9VuOv0?rn2kUflBZy8*aVvlco
z=eJBJew7&A5paw?Z;@Aq
z2`e4~<~jsPCtMnqXt%ZiljVa@DDC)7-T0UI!mr@Uk;u>HN<%0e)0>HMvVupbsrhuZ
znuB6ZeoZ&lq&aGK<44SAA`<`V*??JhJfu=m*So4aCcyX28}Z`=oG8@ViBi7Y(@jcw
zL#%s~E#-=5#aHvFB{vMLQF$#bbv+&X>?pAD?4@W11rV|
zd#||D#hqYYG2k>!erDaeI4SD6q;k5l4XGB|hDK@EwIS6{r{pHWqYX-_#|;dRYHaETNdAg691Cf{~wS_g{;(>PB4z&
zFK%06i!kXyPjBRfdoUb~+jcMBXAx8Rt|jR(dtK64;0k``IQ}I^`EgKi-M^H3t=V;A
zPuuac$MG-8-W|RUn%knFv{St&Uu8`$2*&X{$p47lNc!s28+qX#3z7-yC+Rq>POL(=2&d&WusEr(@qh`cZ1YPZ`lujM*)c6tc$E6Nppu#10*y-R(2
zM(mwhoxQesjroOL+N18Tug#6aCG+eHq#eE)4YE>^mXVi`#kdA+e=Ham>FZslp
zG)K)SdTkM|Y>-pydW5bMephu*3M)
zC1Ce1_1ob!TLfl45(#T{0Hn@dsU&gkg3=Gf
zk6EQ($v@5kE?*i1`*{YEW^pj2;`<>;jd`zp4ZfZZX?S~Vn*$0G=~|uBlT0~bb$XI%
z&Kv}-X_dc^?LWiG)cQZw8ZMPY;r;o5G47PEmw$MF^kG=<;McnC50h;9nRRU;^;=I+
z(SCsi@i)N+&AN%;p=BL|<0@>jYCaEL*yX2yj`!>)XGZ)sxSNJZ0(#kjS3hu;m7E!2
zIS?(c9lt;x|2nx;w~LjD3j@AD5t_4uiVy12G|Cy#0}ySgQB2IIcqV!{6ML4~Hdf8R
zxwwsvlvAX~E?YcMqg5JR(m*@#Q95p(T$`VK4bMFysNgrw;~$DberDYhaY|H^X6*vW
zDZrztW@=U2I6i^iN8?q}f0S)b+2PratD95p^ps#wP;2uoL9iW(#J>?XVAkc;v$dEM
zvRq=44@7yFnA-6(>+vrs=21|WP9Q1fXR?d=nWUKc(WLm7bk|E@0__7+*d3|*UbK#bw5HXN7`$4WUVz6+}e_PB_-9>1XAH{cBA^ooF(k^+DF1Z0_>bw!u}Bb
zWtQNL>XpMz!IdnK!b`E6#txgqHv(M)j@**v+ht^?b^czl{|q8!Tt-R1?_OK2b1Bn8)ZxH%2dv!wX)v3GD~Qdkjx82+-x~-%FLr~
zlb&x?eh%F6p8};%@=8A%E*%c1D^bi>0%=!yX@72{MMcnX-lE-HH(HA~2H@-0;ZD`?
zofw%ytt9v^zCC5yDlhHyNTE(!Sn(j%%;Al*2|tWnG#6l1Q)&u5>Pq)H^n+jz?nP{j
zv!T9B_kUnGF5Vs(PhW@nB2qHr{TV=}btuX%G2y$Eb5F{gFY25hfV!Y_QgM{C@M}=X
z{zMPC(^R`jIgvz>YtMNWudQk-frz6#iLV>Hc#1K>)p{EI7uMq9xsUO{&cs
z___n&rOCqF)o?dtPxt$w8KgaUJ7S|$H0hXpLm50GP>2h?CYm`-V)Ew+lYwB-%*8U|
zlN7Pra@@=;(nlkQj~?K`cE)99Q*$GS-!E-iCp$Bfz~CIdd|^C(tL5Znj`y|j*S#I1
z`N5Q`vCw40AJ|l5pW2ch}dU2i`-ld@I3CyVs{*YGjjM|N^z6rRJgI3U|7st
z3X<1yhxuoby0r%<&1A&vUU1@P8FN78s8mULo{}BgPey{NWp4m0NEw
zmx_T>5v8QB
zL=Jya;`5kaMDwO11*Q_LT>5h7o$71*>Ex$6xmu}}ZUkZnCQ#S%
z1gex34li>1;p?R7k_m(MrK_Z7DGQq{=8gDv`D5b_Qb?)2b?>5*m_z+F46@v}1Kd>yZ?
zYO0;W-ResBK0SUEu`wW4>V*Ou~p`_-gKlhr)pZT(IdHT|;obb3N*i#B$s&@`**xckV|PYG37t
zug63fQtIH3PY+^ws0G)DF?kPRqYAtZ9ryO&ab3@t|B5cWiqmf7QpTK)=Dck>)w4rB
zzoeg0Z}%7B3rkt=3%cGV7y)LM^hL>+5$lYbqXuWHH#o(SMMZeP{$5pBDbnaLOWlB6
z5F6t%FgSmsvJOM^{rc0G5W^d1hc1}V+N!416yBh&bkDHq>;df``-sXrmf-rr*FTae!Q3Ne>oU1jDA}PLjXC)&mGn<$~xoE7G<5OVZ-Rp
zQ&H#U=t7+PgN*D(%6FXg*MA?;1vh<=S|o$dQrmS6#LlEmbYP}rZOTMCpp00UNJS|B
zACTcbooT3vgl2gr5}L&(5;v>x1z_nHkqb&L+Npf&3*JO;9m3OdrIRITnw>{pnp>aPww{Hu?QuQwv;j;*n^Ea?MskXKq~HX
zPUB=UUKl40EoxOCQ05
zRZZC_d`eyEeir>8*n`Iq8{;z2h`o5=My%__Xa~}tkjatWov#`pRSj)}{CUhIZG%X?
z;jd#@Z=jVrmCdk8<|CgDlf2TZf~E0reHY3`Qy{I+$nFlOC9f+~nq=k_rSEy1yj~SA
zRh(Nhy-6&qunX43QIz96h#v+RSr>f6>!zxy5(+2OmF{!s2f-fvC1PWopH%*bV6Ofb
zVw^wVhs*dmn<|uwLg50x%YGSi5F6ucRK{{lQuFkhuphCWZNSJZ@#y_Z;lIJ1
zE*1VmO22P$XVaO;&f&G*__oPrNnOR+<;KXoUOqg3{1?Afa>p@>5VK5pY_
z*_}vTBWdw12PBNLAG9ZvQt8bEW`D`fA+?1RQ|@*4mt_RNET12eIY7Sh`C23ZRh`6TmDk^f#f*f~EZ~kzMU3o-l)YFo7LvW@k}>K9IlZmiBY;vLa_fN6
z;9w7a4Y7<+q(k!f5`55Z7T;r@6|+d;M!y(bV}2zHDIs-SM^woOHAy<=q!_0(I;-Fd
z0eQ2@tMc#MF=)nQK-5t*m4N!7jQ%u3tuKKKs&j?Pf{WHd?7{1nXx;LA_SBH>_&s}x
ze3sVCnD5!O@>yClW4>=sl)B|wD|hkhvFQ~h>7a?j9(*5S84iDXg>hHHVY^+pe>y!w
zw|hUv=*xk;^Hm}C;5T$$vRarOPej^Z1=1FKY5#jj+Al!=%wFoZsnttMU!x6-jnb9>
z8l9>7t6OhvR$0KhVJ-bV8k2(u|52t(%cKkFE4ezXRW~q)P(C9;=u5af!1!S9TB_c&
z-}XmpQ?SV96kZ6DIU7)X1ySNkhw+QRAAp}{4nG#5XTt79;%
zYD!6=3eh@Ls2h856=GwYjkx;f(3nOl<4Rq|+o_CVN=0F>y3)Nb8QzH47-u66M_-sf
z8c4^qi}d#31Bm4jx%sbhqzjurivw^F>--Qu+~#ZX%HweKL3*p2vQc#DWzjqb
zI1U&}rahZt^@Ccl@bbMl_5rzAO7>4Urm)oMzZ2H!
zzoT_}W%y!&@-EV`A9Q%+?8?@#>h16U*d6Tq`tXDp?+zv>5
z1u34xKSLs9LFmrUrda(T7eW*gjsFjFIr-&kK$5875^6%$;N&0S!Z6AjTp~>gs)52>
zB(K7MDP=DG6a7T-XchkL9{7K8=Uj;&9t@hL@ke+g<)YArYbX9oDYaGj4dlBOcg~&o
z@$y+4DG7!5;QAr_mr^3D5JrLZDcm{V!4D_*+kJ1K-S^JlhyGX_DJzAa}R>0oY}V9ju*rkRLOU%D@FS1^LG&&;{p$F{FQwJo<4*B=j=G8
zKFJZ3fr2(UPVq~Yz=f~86*J>V>b!y<7J5r=SIwbzNxSDq6W>LEEvC9C%&YYK>KnJ!
zi1kW{aiQQBFH+&)7ucr(t7h?40W|i7&R%2%SAgFCHhg&y4-is#h9~oFcDZ~8$NAbm
zeD63=wGZa|5X)e`>u*ZHJ$oAtJqx6Tslve?d`73;$!XFC#Kt&3@%#6|61W60&K0^avIGK!QF02ms4Lyi
zq#p!(@K(geI6oEE4Z3^_Vw}72!)3gJ!mMISMd3^8O7~2xxY~pNjMx}wLm9dKZ@~JO
zK)SmqF@ilfewl(IL55tHJS1bI&eTI3!QSOwYpm;((f%V=&2x_e&`Xd}2fyhx!Qx2k
zDA*ks{1TPH9z29}%$?4*8fa$0DycR~hh0`t!DM1vtoZ!qqd4>;(1f{O(U0mTkXFx%
z&v)*#te*waVstpzgMZX%rEwq?&GFYoX1yO-plDi^A3{BotNpG{^zzO{EaRUxEU*Re
zV^C|}m{P6Ti_{)F=9>*DDThiM|MtjQD$G-B-Vv#h&+wN12x;F$FCW4Wk3I=Bi1KbL
zYnn5IW@howLJx}wmUw8UhgFhCQ?(Qx$MtFamr_}!@1mbU`uP-otlT%R!J+qbr@{es
zwFjpxSDloaI1%VxYs}G%IZIiq1c5#UB3OY`Ivi5BaNdRUk^{Tj%3eQNDe<17s7I!O
zipZ{?AbsXL|7QY;7$G;^W%>cwy~
zp=!Nc3yHVF?~<=n7a*3$Tr1U;(bYKgGLY8C!|gh)4?5_G;KE0*gZM+N^E`eStDa)vv79=()pCJ8nFx|t&mp!0%>mur1hb6lTJ$-Dl?2zDWUQ(
z(hUa{&`$^|pdSw^AGibue+6pR^3WbUscV+wgY{UANE=z{_uMxVV~FJ*>9mD^y#fAF
z#5(2pVF;3q#y70J7E=}q+trosUq?R(_TUYOjd6Zr@j2Jv6d1%f`|-nNkbMv+jFMCM
zu)5N{&vZYH*cj)h!hR+!>tVz=-^UM^;j6%3wHFXawKh@~3eVvBpZG7O9Hn2Q*u`J?
z5WnJ|e06IN&b%bRu|di$R`g>Nh~qeiJF!F~kf+hhvpblFNAI>Gh0_nuQ#73Qo5{=N
zI>j5A8)p5V$&)0PhmG(6GTn(noKND%>kD{Xzm+xKVI@{Fyz$O5$?&L33XkCW1pZ4Y
zd+9sr=Y#mM3XcFhPvXvb7C&B*)<#N9;WVy)#D6IzvI^T*qQSLDJ_SFVoKS#oemDo|_<^jHoWd7yeF*=hl-eqI`6Z6!pOfkqJ0MppzYPvI
zT0rL+c|JHqTtdg~kq?gTGxxrX$+YX)^S8Ml%a}svAd#+Q70kk&4k(m^J-Ej!e=wt(
z&OnMB{_1T!Zth^lCRzT&x5@JF$(Ymtw1^yjMnxRahM<2op_&D{-KO2
zI%=4FU{>y(Nc;`m3glX0nH==(
zd9{5Rv7C7t_vDlNWlwI+D3?_q-7kA`TLvE-iJt6V*wMY)a`$J%=$OXH;m1{q0~u53
zGy__*AhWzNBk#^TR&Ad3p*_Ljto9}1JLx}e^$Te
zF5Q_?@E<^o$l<5dvWv~n(sV`AI26^bA7ZaroK`5le*Hq&sZaCLA{)x80#`L
zJr^;~RQz~_S;dr!!fJJ;d%uj!5gX%dRK|TbTh^6`apL&lGRVxZiYXO^gX&86ei?5^
zY>cy^jCa^o32@yHJ7bO@+W7*0xFE6$0zIQV6n?C(bnln=G-6|%pZF4;)uqGL5qW11
zj=fY(NZ25-XR^_*{rrI=neUXLts&0YrJf8ue`%e8LzgNJTX1h#%}4;D4U)YPCRPNOoe9$4NaR0)Ve#_mF
z!KW=o4&SdTxlvd0I~CEUBQ#~-tRt}2u8@v4{Vny%UZ>zmq!NH9b&kSZyw{;r-N61s
zY>e`g3RA4p;wxA>X~3C&O)zcYOJFYTle^~461e7?SZs@#Ww`g7Sf5hH&eR(_~H8KV30t?l$^qc)s^o3ia(9m
z80F`Rb=rRmr1dL45lmaS5*44Mbic)qSFu%1sVL-bkXO3*ErvqG#wZ)rSMaU>rnfTO
zpsx1dWk{1lPwtA0HN^2LZ7v;Hnh2CRpo)jFgjl8>I{bl_eaXyAGB!(baXayMO8jnw%)KI-*m4r0C50p*(L
zO(i17C~kqrTG~5BaeTr^iIqW_a_Q{Xt8t@4iMp`|TM-*56VRbEWbX*11)Jkw4<0qr
z=1{ylE@K__hWr7!Imr8!K;A25R^a$|jl5V!@LNpx2hu|O=71UT%ffAv^}G_P_3EMH
zbmt?L4v%?b@VjtcInm=j9btV!PsX{wkcY-Phg;={{8Ap_>Kwj$pDuDh-FyZG%0$n~
z!;=7bPb^-m63GO=isWe=v%Dm~4kh`|2!F5MIefjB0A3spvWyoa*>n&TK@*5i=L+Xs
z?)US6$K}6|SZ~~XO#N)6HjHbZi;SbA93zMCJHY7jOXTy>Wf|2hD}FG-pTmqC{@{Vv
zQ|zaaP`-I6qE;||Na+g?%j0b$hX)S?3OE*-B&&u-=6C-(Dhojt^~1xSL?p-?K(1C?LH(TzTbf^D&zZK}p-H{1WAvz>GxUeH>x$ln@$$8=5?GGgV
zU}T!4<=Yi-KBU2bxnhJ|I*a;;f$n5@sQUL{cfgn=nzu&EB@#&!1LsoLbwM{K2~$Yt
zUXQOw0k_~Mn~EnswVrO=*F_4cAyp)Xw?zu+&|~?cNxqN|+k+2R1|P1Hqb!qM9htxf
zfEH65DZHC%RpC2c51vG9j2eX2#U}A}Yitf*H^oZ%x;9peD{02DdcOJmf!J02W@D^{
zudcO)PT+SZMWTN~gbvN>26jS&8upzG2L-1|k(CNg))qS9-_43dS0bej8ss?eC77QK
z1_|h_$VQ1az{M@|sDxLX=xu=#e&qG@v2Y1mEWF~dOd-8lqW9k%gRx_una9|-jHNnW
za-z=!>Nx84(rOI#QZn}#B7JI=1VeF5Fbk~=%Cv>Pn&6&xqAT#ALy1>z9b%bi6!feu
z^Z^F%1qyspHUy4;eX3X!SJ6^U6W;e-xFPf?WdhpVTt|8Pn*LkRwFlgqQ>dqeD%_{8ST2Lu7?nXxy8ze7;jQpI(Anj;1~N2z8QzCj#=5-_HlCbX
z?NrI8LG61N@_spx_bsYkd+$b5+?3*Z$+PP#*GdWJ$5^Fd#KNv-5#))NU~Gx_M6Bo
z+3g|QV7G^LgkraM>rRK+?GZZ#yS>j&#cn@t8|?NI8VpL$rq5ffM8kDBu5RqXtApL~
zSZmTQk*Es2nm(?Ppu9c!VXjK7&MKyy6z*16x_<-xAlQQ+LTrq(fpD$D_pZSD7kYRQ
zKU@Y)QCP*4ioywXrF-84_)EmbI2)DmKTyN|3o*_g@WW-$be2_2sVEd)DX(I3KYw%0{@jm%iPB4|}XYq_Yk`T+9clm}*K$A)&5x@B8Jt5i7G1
zI^K(7ZliSX!jD%*0DhF5!WY$*?n~(h0sEv78>9TxrfQw`7lE{X#V-WY7SP8jblB(N
z@BSUOoJ?_F;I(qVmN)R^iu*#H^eVjgh6c*!{!d{68U}aTZSwhya(y4YZ9C)f?{jEw
z6TJVhiZ&7&^eG!U2ng5PH``kV;LCWL8yFOdwcdNn
z{Y4I8v~zg7ms^j+_GZidrJBpVk#ZE!mppV>?m_oBx*?(Y!KD&9zf;h>PeJqj3Ys7H
zpy@&HQwn;A6hIkz-wpwfz73+o$JC8I_`Fx^`-|kR;|*2;eJn%=-jX-=Uv3OU!wTJXp+qgZrz0CCvEzf$g0M
z4BTyOHj?*DV$yz>%8nfVv>eE<;=z~lRxN2=pGO=ES|N2uO2f~W-~(v5FQD(5=x~L)
zu?K&LSF(+LMf5=vjHOjTpEuFrbzah`*Xg9)GwBN_oRq$IqQlc(Qu?xqEVXrh6iEpZ
zvL}g2^c@uHseEo5L(6i>J;Dm&2a(b2+1n7uJt>eqqcr?nVP(*}g6jiq&{mH<_&2y?$ShWJT-)Y~bTdKsQA^
zpbeMOfCFNZ>Kd675Q8e9PrK-FnOD%8y@J+NNP@=k3s(*5gwQ#>qz@t~uguDAiR>((M;YoLk
z>2otW+~ein;pJbmlu!WqWpQgRp`yvtyqG>nqr)68=Rv$KYT0Fp(j|I{Ng;h^>=0%9
zD1KNJkg61r36zP#x73yHH7~LUzmM1$=Lg7(b=uQ`v^P)&1bgt$!L)_+0jDvqN5#|d
z!}XC|3{*_XDXhVJ9sG(nA~wePsbZb>=0Mt2Dicl(38pQ0dtd;UcxjFzO%6RpGBa|Y
z`y+$ZD)@LH?R+oocfGXVj7-*PU6(%el0olse~i1|<3@)zFKcC7=@vi4Yap?#@`#iF
zEo1=}>*sm$S?(o@9Cc#yxzo!18xn3qDLO3o%07^??00%)vkDe@mtR(<`w$AtbaU}r
z@U=i!%e^wci86uL%~qs+`dzpuWTi8%BJE|A3x=Ro@Jz~_fA?~>gmbodIT!yukds@7
zdhNkQH|jd$Q)MNfr74;KkYtkAyjCyi)jFwc-qj^CCkS>$%A7~MoK4}JOWOZlP=T~IaPHD}zkp`c0prpdJ@HVR^s{jwtQY(T)
zC@zMBap}g*Q8#1o%B7gG;UfJ4vjk_Zn&K4TQz?`1APc5Ubz)4%(XDJ@
zeLm%l39FoMur=xO{MP(jJ1=u>!F$(Dp=Re*8L9Kb?a|$v5RR_TujT9$gYBw7Lnfhi
zH(2{*FC&0LAd?vjs4bzEOi@Jvved;w+1R2iYUNa~5CwPLtZBhaRR8pRJCdE1B|$}5
zX9TnA+Gl!^+$bODMXLFTmcW}8PO0miUCN_9C-_zuKG$mk8cR)>7fcn#n&J|>Jij~J
z7?k2w69%(cs4wS(Ktq(*6t#%w;8(*(Myu
zqzI1(L=NCa4HE);eYi-=Y6xZ^cr-dd4jTAP-Y}qk%Db6{fo`tIS4p-|j3i3~*S2~f
zP;l`;@VYRH5s^Srhm%vJm!XMTNQ|e-D$
z-$^uS_NoE&Bu?$DvbwV`&nJXwk>o(7w|WV=bSXJJ$R)yWWsk7oEd%tmI*UYy&(PX|
zkbp9kzf00L_I!C5fYQMNQQ=L&(W77$DG!EFvA8BjMM}-Ko#tl(o4)LmQjQ{P(I|!S~dk
zw{nRRz3TJz5K`H1vlTHw1$?`{2Qj|`W%~R`j>$W11trw-R-3hpe>6G{M<1$^-8f{|
zpc}GMeD)ND2QgyWSQ@CibsBUGXC(R^@y1P3@w??459xz?-FtKyvRT+?YzO6g1vA|D
z*-Tz2mdNYxUAVeUe4p9wX1
z4aikqK)0+1BtcLq3`j{5pEWuqM_YsOb1B~v8Ghb)^JW{=NDcWypgW`>NooE?
zBe|^nL1a)222HZ8|3~NLv8tUS5%)_zB?lV*WkN-Tq@WPXdPpJ~i0fg$GA{$Q`4K;!
zah?#ylRC%zmtH1M4jdoyGKg%C8gJ>Hm-R8@r3A3|`k(#R+$LgOUkMODf%K~~O@JaL
zsK2Jc#h3$d0fb-o%k#Q{9S*iqAziHP_eqw?^_w=CVQ>LaysNoA)%&mZB}_t(+r>~7
zp0Fq4_uGD3P(BSKrTk8)Ru31xYx@=v&Q!L^j{P2xH!Q~`*Z4k;TlR5*3jG1)R-GoO
zS=PUYVz5##RBd;*9u$1HJzNW#idFrDAT9yvKbRU)s+Gj^7Zqq;Rh@X%nR5@O3)0eTK^$gnxdG19C!#c`xOKMx8E7@!uM6=9()ZBxa-
zer>$0SEj3aZM_H*lpA4yZGkYpJ@9~A?ZnWrXkI92M~aTr4jTPz<~N_U&q=4(ey`!4
zm+Kems{ML8dcM9P@6GYiN2lpz=j#8ZI-$Cf1PO+1!3W%%@G{|VKAYoh^5+vq`DS}fdN=9I
z#2@q79Pd)2J~O?EuO>d2{WIHZ)@SzLd~f3Ox%#)vXunzBfbsr!#`6Z_*~DkF|MwX9
zV2+;&KeIiPjr^Az^`9%hS)K`hvpwdsNgw9>$Bg!v_-4|t+1{l_e)GLaFXnsm*~F(>
zqkNNpnE6fozRbvP@^2HL%=~kV{7uHQ2`^LroBGjOBfqKNnB#3euRlkAvp!SaoA5f<
zvsu46p5#9b1~dKc;7i;;Vm!|_o=yBT%QK%%`Cz^`%Qxw}!l>WuU!n2-T<|jA>&;}k
z7;}6~{l(OGOnfrSH^;YISER0HdJ~^bdNTQo2~V>;^V#G#=CfIz$^Xxl-pp@4oA_YD
z)8q$cdJ~@y8}KywgYo*c$JZe68U$X0z-thA4Fa!0;57)m27%Wg@EQbOgTQMLcnt!t
zLEtqAyas{SAn+Ol{x5{Uk#*S1VYNiD!^8e__IUi-G;@Q0yL6zxue77PrE{P)QQES2
zacPY;G^%uGN3!24-PO~TC~fX;?d$1iE$!^sc~gH+cS~qsX0@Fs#q%>ZFM+0)aB#|%o?)!f~I4M13G-PN4jMK_#8<-u4`GAey{q9xfwrJ#Iz
z?oTA;11johiDM^bM|Zo7Y3}UoX=x6nrWW`ys;p#73zas|-Eqr6BHo)+rFZr0RxPJ`
zT6(%s_CSlO4gHM=%g0(+enjt^0Y<-lz0Dng)}oH?j$}u3XUDCHRzFeOKzB>Bqo-TO
zBnNss6B?S$o$Wn743V+DJJA~7IndU|utdF~j;p@VD5|C~P!}&o``bDQFrXEHGag9c
zw?l)6M~#!Ho-mprT_!T`Y1!4>$ED&L>TgSbvbCc-N$(PSTN1t0B_EzGG#avFlo063
zg;1Uzy7M8^7w_!o=VIh=w(U`{8t6~-hrq6opsTr8bz)zCGSL-J^!4?~ChlpWj&kum
z{V0d4Om=ih_@V;4}*jTN`Yh`+0ogN+(+qfLTziJt%C-pr&qo1
z9_UK+0UXf?!Kh%*eP5!xg-{I<;bB1pz=N{!(#7VOodX@6$)z3LtBDow0jT4I
zj$^RrA>OsKKiQnbpvws3F&@9Hep8)%CDAw#;lJXcMXIq>FClw8*(EbkyQpVb+#=MB
zRwM~u{fGfGMiwMTUEUMmbqfg{Zq^U~8KHpmK5B*3-AAxv!P_fG3F-OLc!yf{c+xNDPqo#E#^hC9p{x2q#12
z0oxX1Pm7!e$AQ=p>x1vUh={t=P6RJ993g_Q?#HXbmqgCJLL5(-;NOs7>Z8ZSlm;>F
z4pG=3Cf?yCjfhCFtRG=tOH=Z_Dl%l{-@AeGYFYxg{dz7Kws3
zF>QiXc_4q>C5GLd<&$Ui8upAce|t}~SG9!__ym~gMiJSHX_6mxOo=83t;
z1Za7gLLm5NCJH|z#<}?-(x{6KrFgTeQe5Mu$PigUFdhZOr<@jr&Z0ayA}QV%o_1!^
zXd17cpusvVra29%v(o!%DytA>!CFgfvG$PVWZ2O*{6^>}BPq7v5{>Q<8zQk15j`#t
zmE9ns_)UuP)nd7`I8V4cC?eJ%+@#3EO^L`V6?yIhB65qcE5xexB6eJi0mzW6QHb3l
zvR&9!8Ln6!>8TZC&xov~nAIqz9TQV)g*ZZq#_ksOHR7@|G1V;
z9}x@CB&R{lrb`k(k!S;c(J+AvwUsIv5Rogz*h(s8X_?y~3ZEBa4vNW*B7!!yi`=A$
zqU6{?5pAHBkG)3B7?82E{Mg)UMZ_&bsdn^nF*fQxDQu@SUyOD81-_IeN?!5`&OyO$
z>98q_e-GSUcnY~1#eDZ}JS?JzSz?F#ZufDK`D-zDkH~R9Dk3LDK3eZAo+u`|16&>r
zghK;^9*&E;Pl$;RnDJ5f+h&xAMBUHJNHLFEp1%X_z9!s(h17wqCqZaOO<}dJ#G}
zQO0=s0X0pGx=)D-r^GBO;GoFASL7tcq;?6ZgJKRvCq-5xbvbqo(}&Y4o7E@A-bTc+
zxzw4Pr^Yjf#+l>5^u<_;~_714>|KDiCoB>6T)r~6HbFw
z{6@?>BNjLnd1A>XarrT^<)En81eP%X@U=snl>)!onJbm=0)b9ECGwn0CJ5mk7BjCE
zRj7if$N@GHmvoL(?6Q=xWx!1%?Tpu>pi^Qqa@voJ61toa+vo!RL5~@#+>GO5$#r7p
zNl^khX%v!ottdour=Aqqt0YM$MdlrZu0#b6UUAEug*hVcX4E$zDz1eTxkgmuwvj43
zEtn=xi`ni`G4qVbJ`FM}5tACl)kw17n7EcwIkP2miJ(mr5D_^ps_Ak+y<}0LxoK_`
zrH_l;>MXW}ctqqy#_SLkkpT>Xh>SZHX)OW$%_tHxBTdKL@3`MVr+y%2y5AKGA`<}O
zipW0n9y?ClHjGZq8By!($`e&`Q1ab&=t>xo@fevoBxwR8RJmJ@P&P&gjdG&SoIG4J
zz>Ww68Bz3R+O;B^@Pgi}cnsQEV!_nHY1N>SY_t!F#dJ9#Cea1Wrbn;7M@9bCcuv`l
zh1ZE`7%>c|QT&8!F-CXL7)=5c#W4}1F$$J3De69IM2)9vse6^D#N3y}(leq62)YCX
z6yS{wuq?qff(}zdF>?8MJqxdMPK&&g0v}Xf+$gf}JgH19L@~tqbMSNuse@Hl@N?uQ
z8cMp26dV)wY>^#lIEF{?TIjM-8dHqwVvK6O`$QoAyBMt>=x6j|lfGXPbzdhYMY3E5
zDwR?ZMJ0pj&>~>`Gn*>zCb4D~$j3zCPT#u2aUfgRW^58?N1c-@5
zX~t<0qYLzn-2hjk7z0#V+79eG2+&Uu6OTie9rL(^43wpLV$yMEUN+zZzK^5?Nrxx{
zfcKg)9?i&%?B0QBmOK+kMVJVDEvA^H7;}dxXqTE6B8i7WXy=FtH-p7=0FKvsa0Gn5
zD@$pJMkczCt9xNbBjW*+_em@!hjfeMi8sENsu|wgJMy%9o28*
z;dk1^M2bEp>TtJbTQr6id&4lZ<0mZQlcM&RSe6uogbrBqGO87TCB-}gZC&Ob#2usb
zmMG$9J_=PKUq&4hlWANR9TcUf#pENxep0Nt8z?&Y6l#RjuNASoP-DATbsQoB3eg!N
zw0!qok#|hwLp3LCLm{QbJ_
zy92BMRDgt}@K8b?C_sxJcY!qb9pX&H;%0$U6S7_c3@ijxE1_`|Qo;sS`kcQ@{cRJE
zdgSkTBc%g|)Q(Z%XWjY4~YEZPqO$ed{Vfev`i?*
zwXESnYLCY|V*DBS&pjx{L*G9xYF59-`On4q$6_SF`3c7&_ltaJw<-Al*fKHsezK_k
z?~(wk&qD$%0RAqHTssm80O1N~q>uoxT_FK-9v4})l5@j5bNorS^eIyyh_NIRCLfd_
zJ1?P7D_j-|2Tuir!nk%Z<)EM;a!!ebbU7%cgZq$hZx#~|3i}0!haIWK!{j02VHGsF
zRN~?It0W#8MZuFJ6b}t4#KV*4D;~h%Sv=e?#Y4G>E+r?FeM&4?Ei(Q^?~j7_
z!_$=y+XL+Xi3{NV?qlVx9}XXg((FuT3|<=Vf;blxkikI0J}!4E`=uqW?K%KZP@@6yhCSE_fwe$r6=GzfUk_S8$(ZVRk;$+vcP
zTVN3odP-!+4pEsD8_+KYcXV;dr1l&bq~nr)NorMe)rH#(EHO@pB!;`nErq|zFe0SP
z0C!?BJB-Z8K_4Pz|iu!$k!I_bm(v6R-#+Oy*I~wJ`Z_
zG2`Zx`JtquaF#JwosW#kfs(lHf8PWF(GRgfz&J)^f}jjC2hYO>S+9i532lQw$mFn)
zS-MFS{!v*WQCK7_Z6=8NO;XwfITfVMc!+)*)h^g1E;%jgA#4_%Q`j_+u*rm0pA?f}
zXhCgBUNo2ZAYAWdU3<#pxkz0}7ULY=WKPL*$
zjM(VNCDZTjMll`!il;Wd1azNuOgNZ#s29!|ygDTo0i@YZ=>%b)5sTi5cEa={5#)9Z
zh{dOc<1EVeQa_J3Rj0%n_ZZytvtS7w6Xm$puw=7gcC#xFrgt^>o8%qEF5+vus0hWf
z2MK8oSry+aRy!-m(1(Own_w*FvFcf<-n=`q?iJ~&2doyg9)y(9H?6b^y+>wm-vMXmmw6v85np0
zT$l+99$E(ZFlhdQ=O;cT3ce?%oP;}b?+)lUBIhBz7t>MrESDW2m_DItpbU@*=^hz)!_Png^66zju_QQUAftTV!FnFW6YHmV
z()-9MDWC6Ua8kT{hNoYZLsmS+%jX>o?F<+av!D;66__Ghg8zm1pNIb$__y6%V%ww6
zygYI^tT+V<$b;&2hFqJmBOu~-#QdX}^qk0lLD)nfx4<6(TyWowd9Q1M8Bm{VFo%hv
zFiVLnW1&~qY!s6p5n~?{KrzZO*{w&8o1AepFB=7P1C#U5V%|0Helf9DP6=m*-+np6
z7Be1)CX2qp`A_rrnAnX43wVcZA9E>w3`i|d@Lw$Zw38!WWCmXhI>WqpE}~y#z>*0R
zwOrNUh%v$Fqe7>5VCn_Ze>zjY7#n`^aeJ5-@Aul21$8D+)Xz(8fNwW^J10f?Nhg}3
zKOezt{Ir)v&U0Y!|0H{C6!L3T$YPL5i7F%-uID}s!-OZqWVL)?T)5ru$J_a-q4|Vk
zi`*ciJ*oz(_1F2>@cjq1~B9R
z)@mkc+Ht;vIk)6xk%6@Yo4`%=_#!V&tsfaJ~mipW?B_w?+1
z*--=J=Ybc-m>U@J)2L1Q5b!f8mI6h|ecYx;H`L6O_+=2>kun>$>}rToEN)Qib_`bV
zb5JctZt^kNALH#^5JL^3?0GS#QItJ``4cS4f%n6iN(k?Wj3Byx0wqoQy@)ys6l~5y
zyauCs7AS^B%yb`@G;6ft0}K?HYDG?oLUkj>Gobz{kQT=z1{uY_75Fvb3^9f!kIMu(
zVM_ZU_{uoQ%`CT6f*~hNYWJXc*PTR@BB1BoYiN!Xv%gULG9QpQWMudyGK_y2-gQ}B
zER4~=0!B9+7n>E6GwAIQ@=n6^uX>vs&iidNH3!HnbW`)fO??Vwm#M)t3jQeyc93-f
zydVuABGp#|13w0?fr*f*Cp3bGu2dC3kO?=5InM!$
z;LtoOCf*6uZWkF33Fi+|kmZMo<5^Ho21Ne~IC~^;vco9%DKrc#w<4JQ&2c~bfT)D3
zOCGMAMwC14ZKS79`wUUvv<8v!pjdJjvF-Vr#q8&V>l9BE3$CNvxsfr>0$W5>@!J%P=V6E0cG2x9O^Z5tFGLj2LLcpetbV8lZxKm8n
z?N_|+J0c%M%kw>$FOBSl!X24#TIzxqLIMV_`EN)M=Ow72nP()hjMbb!jS+)iM8KNu
zUX2EIh)hfpTnn#cxyagxHC81P;7ENLR8OW#b$;}u9F+-TT#(!T7|661)B95!#9A0w
z_tWo&Ba#^zjMtz_qrrzkvt#~Qw)HH$#OTK9Y{KQWA_E{sXEV+Ku$liL#4_FK5Z8dt
zF6xhqO^SAmvR=t2ArpH+Jo%HDWGMiNqJnZ`eKyw
zBAQVIQKJOW*%`l)_uJr)W88IMNR0PD_UI|u6(ivbsAL+%rK-e`5Pw54S&^~miYFuT
z!vyEq+L?55Akm(wBfn
z>yM%JMG)3=Tu*HdVZzt&z7WnGVw0>-8eKRFotFgM{j%>9!}9g>sCyp#k?Q~(&TS0g
z6M)U!<6^!NfO%nF`7Yo`30N$a!eCiMEgW(ghj7{9WTmh(o*GYlGxvG47H**buDP|G(%){LO07SW*QE6j`0#;m*hfyy5#cVf8i)geFEP_p1LmB-!WD@EB3upo1
z;s(h^jP8CN-F2Wh3#V#AO78z#=KiZ;ZI@`W3JIP2z|Sz@_G^)gHPvTG=gzoWWZi+~
zpY!BwzTGBg^G`rqgje7gH#*}o5v#%om5On@NFl%kJ|>aemqaE20Nn)YHjMvS_$M}K
zJM)PRavvv!QTexWt@cDU98P#RJ^-^Fjf$zEKKoD_eDTg~%=6`mu@QK{7W9*sZ)`i9
zb0zRBkW&t`Pvkv;w9mw{mg#H76leBCG4qX(uw`U7z~z(awmZ{l+*7dbsUSb%+eZ}N
zRtx__h)jwg)YgLYYW>;!b`}CRx;+R552AF1$Erh3dN8(Y=f=~20!T}rctCSVWjylLPt0;
zFVX0DP6nVz+$iTWz^fTA3Fo93i?n{M5%uo3BH8{vmvnSz)xiZ4L8NVvzuZK`LC^ri-pIN0rMT4NC6=%d6g^|WvgT{=v4}>Yu=sPyu%sVa?q&CK%
z0p4Yv5rqm>3=F>mZC?7A$oz;zY6BhLhk?s}R7_AM8yNiwpnO4O9M~bv-#A#REJ>Fn
zzU`FditNXTu-Nf9F--2?L8B&OLXX#H-Nn=M4h%6iFky61ac%-1tHbq}$l2}LfLICV
z+knOp{ujD3`;3@(T6V?YkEg>z*nps+F`fObA;8Z7b=XeD79{xGgrkVSXx^8QETAwN
zZ+{bRykXuBQE&`qH$+)BF!P5P#}IoD;q5CJ4799J5%}b=_VRVK?9$U>V`{WLJ5ql*
zjPeHlyao8P%zc9>JPFz?1y6iJ(v6`a-l=?@g`m9Yit-F~`AZnwbNR6!KpISNEmI1)
zVUQ34tin`c5g2BJXaotf+jUA97KFCgmsh1=VT|F|F~alDh&r%1C4oas`x(4;-H*U7
z!01NCIxB2vEXfI@j(?SPl&Crk<=y1`200HEiv}i85Av17GzR)!3^aUJ8x*k{Z~qM_
z6hecL&PDR{^3&o9)o25Khk9p>A^s!AW(v6fJQyPj6!$m4@(nbcv^v!~g8+uuTjy+n
zQT!U%M8`#W>c0ODbyq-krGEPn^c}0K8`N84z@)WxmuGD$#4-^0Q^cL%vQ)@vjOy9c
zkn^j~DA3^gE;wyKjzQ5p?Yz+@+)VX`c8tcay`riCryVT2iuNL}ud3T=A*!({SuIZ=
zsK25qxjY_k*}J#Ayu2c~m%qNHDOp}lo9)#m^7@v#re^%q(WPlwysoYaJI7n=cGKw#
zO*nR;x$9~^V}WXDO0I}++licsM18OYE7o6&q}bqI*OaWH!wKpen=0Z><#9Zhm&KbB
zoj72jyg$hmAW3JUzrP+SygJc^ElumbACQZEQi^P4S+Vq)b?eV+4o4U&C8n(*DmRAI;CcLb|5eUr#oymAB&@%}%1G=L5@y&5+11cvt#nBb3J(1kg
zLKO@TtaJ#jZbJnDK%PCJP_`Ba60BV5A#yEI>gpx>^Wc4Z@x)3#{L-5Pu
zP05;geQTmSi9;vC#2G-X@+!b&pcj?LclHc`H*5u`Nkya_?{NqwUOodu;T-Xgk#eQw
zeTm-A=9WZVR~JgDig$Hc>wCJo&|=0X3nZkTtq{}TdL>RshO`w;PSG?P^z{|>+i+!8
zQnzJ$92J%Om@9c~d3j%g&TgsiZcXg1yJ;&JiGdL4S$9ug7r2u?-J^bMV;VgMYHBXt
zR2?Vst|q+f?XBy0)oWB7O}8hl-YBV3PJ{(%LdWOCC9kS)V8lS@b_Xdd6(B*2P0Im>
z4ZRp2kW5c!YaC~zboB2cj@sP0rX&xHT~CZL1)UV<)ETn
zIQWLnOR3);udAYCNg$3u{tyhwW;Av^u6;e7>p_LhEjaCm24X~u&o;@Br+XlWOdpuI^w7vqoumxCLi2{^j
zS_+!l29=c%hf%YlavdF{G*r!5LFaRkjFs9BuzI9uwv3M;Q`rMLNGeV_iXx{q
zK~-+{Pbp*UkqEMADBwqvKv#gP^EpdW*YG%zuTxk|Sd7OW<+pni9-rUjxQuL@k
zo@{QH%*1Q-MP;AMpc3{c)-7XO@0{9ydTg!+NYI(+Zcpy2>#|yQCfYl?sURN{y8*<;
zmh^<&&TT;1IMjn7>eKf4_A~FQRX4}&53=W
z)vjKgKL_JY8ri8WwK~!WSi>PLqB$)Dl}ZKWAI>r_tE*ckiI|!i)R$5W_Gs$L9eeAv
zJy;RHiqCdrwvbjowSisk6-BlsasNhW=I9yv&n(_Mf)Rtz3u_7{5({$8R_eE=MIfa2
zf)2LFn=Xwv)x_yUN&mD*u1X?ksIK$CS$e~
z3Xr8V%1O;4lMJd!E1=xd-P~D=lLQm03n?T4D={8VJ{L4bt|u)i+KF>UR~JLCks=7p
zt2@y@(6S3R@tx3P6aB@-EF%MAvAkT_s`cG%J>_M-?aDky((|h$H6;4hkg0pA;;w;;
z15LhgRoi#7@xTLx+0bSNwBc+XKM9Y~usyl1<0#=;-6x*p>9(uu#J3@ZIVcRzQDOnq7VNHv$6KUA+)qOem5)3frlQSeoo6x)s}GD^O3KDwB*8L5
z!)HY5(MY>W762wD_H@AhWWNn*2LQA-F(rgq9e`PKfwW#NEih@D?@BZS^~px>-Iqc?
z3OIB40PtGrg9=WC=z$Na&Z{WHK7lh+PCax2KF
zkvj9>&g)C;PW1I-LP{MHZ5tv0L()$YCC(n+lzuyT5^tn0#@D8zYZ*hcmVs!
zN1v!@5daDYtSe{|ln5BDY);RJRTEjXx2HsHkMcSveloCGg3D#Bf?PW(Xm#
z`g=NeC${MsQAtOmx>QBFS(RD3n?8*a)JI61_jR=If=<=$bGv#d1CtR$
z*rR8kR*^O)xg?lD`GqbHVO4<`OR8l`X^Dio<|Yzs%as#mq=p!fLE6zCA?eNrwC<53
z{CT?_*dpT5>gwrN6I>&&PMSM3hsrXrmu5MkOec52l!9}jQ)w)tiiD^W7?Hw-BiBf=
zw@A8hAf8?wV6M<=lo~@?mM75zkl7q>?(1vbC&}^LOIoT@Eosp@s9tMC6T@=y;=-+x
zVB_J30!7pJZa^!NGgUIrsaHy{T+9;3x~ndH%!zrD{H%(ezu<0C|Ct9unM|TIxhNo@
z1;NknxgkbMITGje#DD6wgYW~A#$Vr`FIA8+I_T8@D8cNASrSC^ESAw(e5lb}*m)4|3
z>LpBFU2+K%nl~C=-Q_KPJQXRag)n$DjgD~X=YUa~bDv%HG*6|Kh>L9szS?807LP$h
zjM^03P?sFYcni7OudMG*Ztsy?XB~gXjJg~2c$Zf+_it+MYlm|VX+5MF4NP1Xz{3DR
zmsiN;Wt-tSPV}+Ya>PqN;DIJPW~AJ$I!GFl0|&go($ZnWG1a2#E;5wrT6T8?=xd_sEF`VI^&V5K+Q6Cu)%?k`r7(3Dc;Y%9dmK()HMok~jy
zz+%>Uu9^U5t8b{)lT&}hcwWcrb&)Z}QcjGGTFYtm^B4SRssL-r$;#1S3r{G?_1Hvj
zqlb6U>~9(9k?sgmXe2hq+0oSL;mK{@-F`V#BPIC2I%%a60nGz?MjD_!->JtHWbD#3
z2-wB0W~`Ov<=L_uP($MW_Z7=9nc2~OGj!Umjicnb3Rd2iNbc(E+2gMfvf_;i)|i8G
zpaxBpaze_0R|`zM{<)`zB@cA@M7+PbE1{=elqSxmx`fj7q-&0pm&;jw
ztdne~tyi$M!gEYKGtmp|>W%N*7w_-Iq8T<(dRl5~;%$5STbjGE;fIzo1QtBWdAv5v
zVam0C@#b@RK3D4*uHlz6dr3Su$~g;V2P5Q){$!}thP8RLOGw+e7CTN;uK5Ps{as4d
z{@}W88WB=ZMrG-kT)=A#@kNvb0i$#1TAx%dGq5A<-XlNXUh241R6~<=%a|py?yP70
zw>I@iyd9~G#Hs~avk+8c)3R>sc4ILf)!kN|~Fd;||*|ctWUJgy3
zns%0{EYI68jF+PlV`R=;rDK!ODq^+b)n6GH0NCjA9#jT`^?8L!6|t1s(HwskhQ_tUC9mNoF+T5ZV$Z+APF
z7cVX2%D02m1TODHWH%nEP*7rN&;u9@j(joqK%(Z0;8gOIS&~_L0h-@+u!xZg8gEm!
zuN;Op(6Zt~pJIWi41(
zM@yzao$w&0z3WI7FjAK4b5g2)6q#ATJB)%y#p{9%1aZ$NCa3+R3&30p2t^PwobXEl=GI**zJ2s$84poBF5-D}iEnDS2eyD-G
z2zo2@OB`(y?`>{frdoY*Ti|>BeD9Dn9#=3QT~8CQ+7Q=PaL5VhO;Oivg)zeWw@Js9
z2ZH$i25_iLdDEpZ(%-{5*0_@?W2(gY0>2E}Vioi4q-o_ZugE~kqqkU`sYst|C5
zbZe~4-iN&$SXiVdB)x_G5@|<+_)#S-+Ltr^uro%Z%)lZhlsHn(iKUfT9=Iw$1sm{4EcXxWgmkbleeTcsVUCoQs*m3B**ALD?X(rplBK^*w4r9=bxMgma&_hGadb{{TLpYWNiMkXKO%d
zm?H(bCNvsHl0;YuO1cmxo?wV$G9cbOu-DqJXX@z%gNhbZ(JMK3rsgorL)Vsf_ax(q
zo;G-nJEXTnj^k+XV-_oFJ1IsZ^|5s1cf~n7SopD}O&PFTsZ(@xmDVaYGYRyFF7NZ%wG`M9WMLu$o6okvy26ZKd;gvlyWyDr6K
zS>KlKCak++rHgQZm*nxrKLasFlW~(&?M$>K&w>SMNz?KQ-W}G74bRvdhSKTaD%3@1
zAGCEOF2z`sui|XJ(qeDvR46<#B82bZz1j?PzGE>!^G=J36%6cpZpn8FsoS+VrHy
zsKA62f1-qu>ROO^?2zL221IWv)K8=M;cP@@I*^{6_HjJr<%Ds{DItN0@&X7yn!FZk
zUPE*3lINz_4K?gx)zDSRNZ8x#FC^xpAFX}OU7hUsNOtV(#DUp$-84-@3t^ahU!)HC
za~+Ce(q3XiC+?$j@|1$C<8{>3tH*;NPZ@UtmIIg_5OrNd`o51^!fp)d&*&d0QsSiAnkh#Fq
z383oo&|N&F59&>+PC4h*V9?a0D%u2$g_8~Y%6r=4I6SGZxjiw=#&&qU`*0)%&W5IA
z>4%?~$8LLaPhLu=;{s;zqmThqzbze3bRI`@%LU=1qfSW1N`?rXKgP!k;?`KkG$K#!
zNLMLbOVy24
z?$Izc%5icLgoE5@rjJEpg#})x@N#PUI1$YPnctXDUjsOYL>(z%&|$OW`3jtW*55Ob
zw1Shm%z!T*(;2$oCoM|{%LqJ6=b|;%cgX-(QfQPCD^sbVX{j_I$zgacMh!M8`zryh
z0J#nkLuq-ejTu}XkWrm;k<5l%;`%#M1iAn_F?PYzWN$}*9e=8&w*v>#?dibjcs?a3
zEnaX{AKnv`Vp$jKZG3WkNEngXuBPd{VZEp>6>s8Q@2*(P%Hl}r*TOd0rrtygmI7Z!
zlA#}4gh`tw?OUJM!Ysp!oS}LR
z1+7{^xwMP|M|bh0UpfC)$hy*W8c5?vH#h*`0D*g|EyQ42=hjH;^qdnV1hNZs!O;>yKXZtP(Pc-R?;S@)=mY4I|4l;%G
zfn@=@OySN+ixSDd!_0f=x<7EJj(%RG+MSTwV8FlqCRAW+lJO}?c4}dXc737_N0ag{
zsKnl0d>RMm)|RnZcJUM?y}za-<>xwIEzT-2TVfUZ>dSW)OzDge9X3nnWRzEu)!`{P
zQd3}DrBkf@rTgU-lIhWjOj|ZxfKEHQtxtJ&AJ!eP<=TStU-VXJ(hy!9E~GIggw>!0
zQ)*xjZaM>}Gza$eGb{sBll*P!)Q6F$T1$*2xR@8+)`%HS=px2R#yjw#!UmwohF(5M
zfcTkDq~)XIM*>16suAJ)LBk48$4K8mC#dmlCzSAaFjgB{7G#h)Z*^)}G`A)r6^vPl1+74*^K
z?|zbNjXn(^k44reB5QBc(sLP7-q}XyXLosKP72O43Vs^36^+m9l)DbNo?%@>3I#w
zpbF|M`a47c=^!UtgG&Tn9qxMWkj}{XS
zoja0V4Q(kA;<3fMh^K#sQO0UnE5rPdI=uCq97EdzBc1NYA(Z`zzTF9$>eud3TKB5>
zaoP*W)>qVHOWy7}%%PAlRXjv(XSL*pMGFdqe;6AOVdT~e1V(_W>EI20(wBKiT{@*}
z%ReZaQ^`l{MyI_75b~+E`C0M=t&z(3G@v1ODnZ-8+z#okMwO|Xo>o1)3bqp);i(EK
zc4~qPw&=UsSdYTruEVist=yDXkb^3mnv|656SvdLo6s1n-rU
zTVI(M)Rrq>=(!iT={*F*H_xWGjE>7Ew36`(bmH;^e@7Zad4Vj`JZe&HzaJi#R_s>a
z2Ezw|^j1GCLE53Z+X6v=2jn7ZFIpPzmdH;dN~z1)KUnHMTxMm!w7p_*zQQosQ%_yID@7
zKsAr@>NbPd^R&0Ozt*Jn(
zc{F$mX5&+;g=BduNMG32+KOgncVO6qRm8&WFWw|p6dR8S`d&+tAFsR=Ep!lk0|^qiPo9rE;m3)j-ZA~Cf(lMWlItMfHW
z2qLNc1;A~rlz_Vq8)10m1G!_cOtc@m6`Yy$#5WrI!7AZ-lbRV^270Ka1rZ>Ks1!r!v6>sZH
zVCNma4K{$aOleu$YHe~#__Tmq1}uH{yx|0=(p^1WiPGlo);@eOvb3{f=S}@R-7USn
zrRuu0tYlxwt)=~aE%Y)@vHU77w_ukbscfugs$JBDhZrzA-E0f_!~b9E-UU9ktF9N{
zJ*fq;LNAtD-Z`O`0&U6UBsmXGOV49Yn>IZsP0|NYm`)~>WKJhD>C7bOoKg<&hfuU2
zNadlufQX8US`{zgMMOnJtxy56C~^ye^5<49+N)f>-```cz4l{evUhgk=RcqJB>Ap2
zYp=Z?zx7+cXF@5@!bo0#+jsDfl9)g^UL|FbQ0^w*avCjzZTVuSits|MH8OcbzO+hr
z37%<{7M!(pA7#I9V3Ol1Gi>pwm3A`O?!|+{mm}2C3YhCUrHtvW;FfA6ZZX&V!ud&i
zBj-G}V$99HtJnoO?p(X!`c8qG5OBq?=;l>uRORLs(H?F*MsJSptgpfhUG&US5iUby
zek5BYh0}8N*1810Z#Y>XqTI6IXpL>S5Qlz#zN2B-d38Cb#UA5GY+RC{qinb4*)goz
z+)qIlE|!>GVj!2oy0d1$I?EKz5K(4c&aHl7q#wkHwGf=6wuE0Qa~;H*>XKC0tXy^K
zVrmM9#waYrKPm-EVJE
zgDQ%mbBdf}t8a~%l`fK^%-fD$hDdN5u}jLQ%0ui4(9~w7Rz-#txGe_@Ac}BxRI=(E
zR_-o11Sd{XPUSZ0B|q$l3mWJ}T#iVm)VhAyJq}0^TK4ILn#H?K8_kkR%MfyqL1(zI
ze;UbJ#{)PDnWWQ2uz@xbsL7;}d}f$P#dcOwVD;exa&0~v&jU<%sFtS-Lul5Rvd*##
znl|iS?pjN?PApHc{H@Qc=XD)rKPAM@qD2bMWkJ)@6fw~t&@+@cElk~|g2b#$5Z&l0
z;Yb%sW-Jzryv?_V?O2qN?0Q-FAPtdlthiS2eL^@HPuN7H9;>a*2@`3#laMhm=Tt<=
z>+Hi#+v{m=ay8Av5XJ0@3l`+M*2N%~q7UKs85gytp1L!Z%%OmKCb>s(Ne9`WytS#AKvuL}?tHB`{9Hz$Qf*mS2L(B!&B1X*U}+
zP(oz0gDs6-Gd0Iu1&+9Iu^?jVc?i}WMOUI4bd06!8|(Yx`e-=Ik#a>#gus|pq&#)2
zPT|m2J7VXJ_c=Cmcxz2xqZtF77u-VfkL|kAyiY}J96W9&B+=3Aib18_qzD@vZwTwg
zIfP<%VMq!}ejir4g6xos;u!8y0uFK{>u-C;GLl0$LU6Zm0+s%XlN`7lF;<6Vq2*qq
zLz#9-$tUL&W#Hy+*?h;A4V{(1SykFHhsktSOQElrlZ^o5?xq2iSRO2RTHmCR%vM>0
zy?{#@#3**NRH~Iy-`klH{jYPKH&yKB>Dy@N#5Ie>%r_PmAo6S>
z?6q8a=qz%2=$vrQsj?Y|OA`)=4mA59?j)O$$TBX}HAB2f$yc1>wCht?7E|wb+Y1|*
zI_=cvv|Moyk<{ZHkpt;rJnUXASV`Ek8ymeP_0q`ahAFRQCt*v)#+(mAWAd!OBynp{
zjua~-#s{a3S)MDTn>-xDo&971V`!-^t>oNBhVvx49)lGcAHCF4nCXFIix6)(X5@^<
z0tcq|C44EecgrwVr2l#&<0R&3FITEH2;;g@Hkc&SCQv^{y4MENnj&dr2{W7Br$i_-
z)UUs#7hL5aE>v-KilC4rg?#ooi?B$NV~tuR{vl>+lw#ZFTIuZnNgM(>Wm>}T36fB_
zgdQS8?25(S637_B$Rd!q4Vqc-2;}nLdA*2$a3?hEvH~R^X*l{WEAc>J27GLLX%8U(ZXp7XIEK*
z`m;j{A?TunP-o`tR2gXr)us&|jhKRU-FQ!^M#vTnIh=@TKtMPC3&e>HrYDY(B2~^?
zjjcw>6v2)inV2lA3s$cZ99~_)C7IQ4Q+i#F+*{H((HtZjeKeOZS8gcFodWS)3pqi9
zlZw#t?~?$HBz~Z!Al?yO-*z6U!qwnG7^=MKWz^r`~<>Z3Yp5v@!&*cuUOthv8!XjTr#Urm}U2JL-(H5qhV!7zTdaA+$R#iwRN`y@2p!al$
zxuJ&0*uY#n`FEwvuE=@$R&t@B%rUE>9M07)S=rkd_D20AxK8&h34<^|oNF8__=4tK
z760oDhJwnKl?7bY>qCo
zne(l9bZEM?^D?ZfnO?2U=h6hG?8tI&p;a}fi(3Uoq
zs0C5f*q>VSrSKWJ+Je!^{K!U4q36gm_qlu=M$DpdM#AW{(uMIZ3zo!Q64FXKgQcIm
z!<-BoNd8&cRX0f$`Nu>DxLwk{Es>Gsk!!QYO$_(QB;KsiA{PEQ$QT6&
z(wL#<0P|`&jOKaMQY+tz1#WUk!<7kvPp=MFop-jo{p`S&1{xKUzoSsTvzpL1s(w3a*AP&Axqj=4P_=Y^{I1oAhnGay6tHxc{$_uRJ7V
zCgod%6-pCt6lg%tcU!)xMAM@mWij0X8~~7jd=a%=vbMGSU57&jz1xh(gb7YEzMyCspGYL(>y1HfSqH)o)h(#d{lU|RI
z`S&)+2w3r1;awQI+Bo@$MZv*oTnlDlj2%<-8einp?J@5GVh;=1+g2OkQ|c$NJFh%?
z{otYJJf}1|xcAasmktkJvfNv3)h}DDw5R-iqi(>xtON2kgi_I~HXh=#4xSX^R?O)tM?X9Fx1^XbhSs~VOm+EqnT|i
zB5-p(><(nW;5Ia)*B%ktXQxBFbZR8)G1SC9yIA2di}_hbV9cFn4nhOtar7c%tvGGT
z{&E}k3v@^g$ujH^IKvINSx9l+GGkw^g
z0*jhj^cLL7ID
zVr#nM7F;3NVE6#r3r}eB-R;~bqi{i(SK$r`viiGsfWCmXSmtu8mHi^c1mBXPMkPZm
zwsPcfxN^1M%Cs
zF-Y9#ioh1nun)ymGaQf0!e4dwZ{^lXOH@w#x42^H#dvAr_
zG=Kn%4t=#M$C0SnMnUctNC#|gMG_WAIIU#t%ofR%NErYZ+~sOdq`9!buksh0pt1I>Y7jhdL$0TP15LOyqZV?1j;YZ
z_s1g4dC92N2}(sNZC%}|In?@CLld{BWNDiYZ}PZx{gUJ>qUTla89_)p
zBx+(Fq|cTWjz)AYqG>Bd6}KXn;4F~RV%D4SULq_|t@UsyEGze#wGGTN4ipaZ8@
zMqDpKV@V}kd&E+`NLO;aLDqh{_x`O4J0MAuR!-4DV$v?gm0G*%NDIIWtaDLGu_>*U
zVZu-MQfLiVs*B{YKrut%5v#(B%p+hjX`6*7bClx97upDK-O)6fO}b#nVrnMmS~0h4e|6m(i1v)ci(Fh
z9$+m~P-HUMiAAlY0H8KjY)nO$efMuzj4lN1NV{{Q+L`ytC!LFq^_Kweq2iEi_9GZ9
zCKvd}q>If;+w=hIC;HIDOLT@=`W)J$nUJ)6nd{W&V8Ecu+VD&yeJp;Zo3(DeTt~^*
zn>e{BBa`3=ikt+N(APWgfh4g69`0wxNlvMe#kdE4BPg#bkcTm
z6Q*Gcvt*N%65HEE_1?6A&P2_^c1Ye+NHZ-fAuGigmn>^UdHBZLX}8%Vant=3YBowq
zT#Y+t*1lmc9-ydb5|;uEPPvvMMO;wPCV7SOG-6V(r9h*I*Dq9wj(<)}P9fTUm|Q5F_&svDg%fymX43}TBd1X^51QsdQye3EVw!Q)Nn
z3KlVzT_TN^V=+sQJq;gDnr)3UwBsU*wd*
zeoKy4)0KGa)?^s6`M0e%xQSrxP+T6w#_rxqdx*|MTy)t1mMtBK5w$~aG>3f+lql*p
zvB>zgC1i1vzpShgT8ioEDgzBDI4MwU90ed=qDXGA7FV_gh1!{g-JJIkrGCzQkfi
zo#HR1D)j8!iMe9iyIMgD1E!BA0D~RFlAHM0_^E~zEEoOLC@*e=F^SDGLkWK{$Za?~
z1gA0I*7p?s!GapW)q)5OTNLJWcb=^D|K_0KhxqEnp{d~fqjA)mHazG?a!b8NG<{-DYeBhlm4l@c)!1ipWM=@;7;%DJd
z+&j`-@In@qfE$K;1
zUU52LDsm~~rimQvida}q5P6&F8S4xXxnXd0dcT_{^ZEFTZRzg5wlY^=Y_xO%_u-EV
zboCEC)0`>X!Z#fuAuXL&>g*ho-}F@gfhKQ648uzN{t^}UhJx&j6n={442!VU3LgM>QsQf9SaYTik!Iei$%Q|&>0z~g#
z+CdIB@@CFbE0S7-FDsA9di`=zArt?wNi*3oyPf_mAn!LW6s@2JGIeWU
zma+-{Mt5%wC8rjUMG#2H$~g#ba*F}!_JmPS*=V7+nX%Y(EkVQ&?eY!f=uK(dyn4S~
zjBCAa%K#z~J{he*hy+r(!xzM&Bg&$U+$kwm)U}AC0G$^{vSGo8ReU)L9{#T8GsIzv
z4a$NI6A+q?qL5itpT~UqCkPVP74;P(B(j;pWKfa@T%}=BqSZS`p%N@l5g9q1Q27$8
z8}Wk3DPcfo^jebjAhqgmSCgA2c2>hEaN9>AJ%)Z2GI?kgVZwMh-X9-
z!Q)j_Tp`LY>}nrU0uh~12>HqKac;6$&3>um1iT|@u=XPRDd!5rD$3C!#~X~~tBcCe6hU2?dxmJg
zzPy6e(-qCLNqk$QHL;90fQSqh^hl#ClP6S77Z#|#MRym6Uqci3D#
zzAUqk-G&81;yT+m)7rHpH6oRVk*4jutS{j=AuQL}ceHPH2^Up^jbd$$Y?+vIJ{g;V
z8FD?XcUsjZq}$zYzeckvCt=ITM=HdQn(Iz>NLI?l=7`)#>}P(F-|jdE0rMJ
zJX~L>;;=$wB`4AvuDI7)O0D9ftevrBbeRm_jGi!SD_FrCRf!@@ch+eCL2TBdLn7g>
z0!yMs_xNh7Mv<^>f>D?E*n)YZ0F5+RGRlsaegqzG6vyiY2d_b?UM8)g}DS9xN^lRIY6vOrfflpyBP7DAP>t-kHAIz1Sigk$4%t9kS
zuKAqM`y9OLZjxuCA!DrOn*SWEL-$q(#b0HDiPjyKeG91y331K6b!D}?q&?sS(nw4O
zse85K^2}hCXCx&Qk0tZY&IK*SK&Ia*XibYqdeh|~faHI{7X$19NwHFl;)dPjaC(r1
z1zR8YWmj+}q6cMcC>)L;XkyJrGIJ4U1st{-3s3o1vf8q1Ti6qvT73Is(+ydgcAA}$
zE5hy#kFq1?Fi7L`^<_9zP&f2&l&uFAJXBN}qjWz17C_}F93d$UD+stJ8CU2p!)arI
zrkKgr%Es}M55__b5smVYry>^4&GP(PW;h=i2!6RDIGT;R6PRT2
z3AA#%MhmP{gHo6D+RJl9_9+-aU<96Oww-pv>__9sb|m!m@}*Hzrxwp`f!c_qNE^37
zXH)LH8|)Fx&s2juErAR%@C6g4-I^d)%!Mepn&iynLyvqt1DZNttAr^E6S5!Of`X{Oct_8kHfMO=l6FU_zugeam@d^l0A
zMb(t_jXh_Gg2vtly@snCVwO-q0nPy(3jeo1(4reLx91f0gw$i9@i71V;;?sl{`2@_4UEG$mzdRvE
z=GmD;bCS9{J?*_!SR;3$9Q7q+BC=5+fe6|b5
z9DJXz@|6Qmj_2ax3!rN~%;bsKn?APAM&*Z^;ChWVjFQpk6ThiVCFD$HinLq7?tx>^
zH04Uf8{#ROA2VhT!N{IQ(sOQmndEQAySYAOJQ;M4qog)WvUE
zC^tRELNwYM-1asd5GD0Dqc^NIInX;xRa2~+j)6}Q-&hf<^64QKjH%lpv$0oBQ8$@0
zn4qMgjAq-$Pi!e@{4jS$uyNTIiTIf8$GZg0yq+&$T2L=6NrzUumj>p4s3?&|zJ-m6RWknE9VKJ0Z==!LTyoNKrv`8Q7@
zaW%96=u58r2WDp&Sz3xB7(p4vmGeo)5Zrb4&vWVn)sJtU|Dfp=&pOsML8OuziDCgV+qyn=_JPnLns&EZtr5Wu<$tAd6G0o?qXyjEw7WYqCG+CfMP^k~xZi~5MH`xa_M`Nnn-F;Yp1nV^%zqRMex8rdThuTXN%Ruq^th=S(Z%atleFt#Ir
zCA1ij#t-s%@UbiKGZky?2&o#YLHtDCqa?Unsnoh~wXE0bkVSxeaoQ*uSkn45pmQjG
zuOcTztFqW>udZM#CC-KHx3-Nd3d3_PehtT=wRinlCEs!-U=U;<#j=+}rV3>)y@YE(
zxm)u+5Elux%&o2ViI!vlckUA4oiX6VQ9}SuTOMhDDAx$dfk5DmE=>j~PGhn$b+X$@
zZHAm5Xgf*SnB*XRn}+sQ)d#I*7VhEJSLi}E_W*N>meN#;!n{a`pX{r`sth-HnU`DT
zazOfR>FR*Xr?!#b2rjMD8=VHw9tK2#!3@|wof;b8WdfRH&aq=|j(wrymD;OBD1
zCo;IMP;;_iB4#IB!C4LsQL)zv#P?aj!p9s
zw3ay-tG#FGu<^C7t#&}2o2$z$2;UKNx=ATUk4@@O6nNy?rif4)K?qK~n4i+P_~(fp
z4>Zu(FzIr$T+^`amiZ(FaV+z#gE`%8ASEK7NEz}%i6ZkB%93TLcOz98Y3M>oQG4VY
zcnXvxmz4sWG@=!Me5+iY<%_?Y6FD?2EiNjaF$gNK#mm{Rjw~Q(sF`f8=O(dUDl&gE
zCXyG9sJxKX3!`P+ZOXW*%YSpn1L7uE__Pmq@dyOCu{)4*3NUKgQ_zB!D3?X;Tt<7Q?w&k+69f}YJC>ImULnm1qbVg!`CatPW2R)-W*u&
zZQqesu;_!&^(ZTi+j<;+-##|%VlE6OQgAHCNNKdZPz9JNLm<~J)
zN|b11N|t7Va?*{O1!sla(J>xtVAd!<9=BR3DHhJjteSqI_#lp@Gn)-kDNb(#2ea_>
zc5B19iA=PjRy@>kXECOpn0ZKHXcMHW6AniKp@xd)coO<3aafv55s
zkU}5$?e<|dZ=-N?EDD^uu>`e}p&S;I?XD!|s4jNJx)ri!l0vXmV(7b=E<(eiOn3G+
z8KcO)7rD{t9}r>4VrXWtaU5}F_5*pt*HR5<-&<;Q!!#wv`z`x($rVlI@Ngg5+yJq_
z0i(mZtT2^sa(Ig5_Fc=n#5@%FAZy=(DJOLozn1#|dnYmmVo0T^&V9W2a1B9Bari_HIh)&^-r#DBtQYF@gE&|M@TPi}Q=qn2_wt{-J
z(k;#J2$AdwHGh`!)DB}{~bV}h!N6HyyZNmV!Ha=3QV9695{(>w=VnNBG%dN6h%
zKBjvL@-!p`QS!6}Pl%k?DJH$SUIK@-gby_KbhLEoeXNjOE}-I+!UA_*SkCF>60OY&
zTcYk1*lzYYqJOt5u+ZdxqymxjDaJj<+-B|La|u?+7Ob}yrlByMgTZ_>g*xQ*BrGDa
zy_36gy;sg^@Q_0ai6eW>gnY+5yE2v7btTtoi?}4&6()qT9|>f$KDhm!)QewfI1o)(
zK(|TScG=k#?9y0LZaQpX+kS7V?k}LlycW@_hQkK#C_~2;OKJNEyMqZhot3Zc<3xM
zA@2mGHcNjT;sOW`cba|$_NNepNye#4RVIZ`Yh&HhcR4*9eziO?esRj>{Ut86D#gQy
zEn#tRW!|OA020wHfN3(<3dr(!T)}&s77sE$nVj)l?1ifdt0aR(fQUXK=h0T*ADMH|
zh}voD&m5Z{hTCkfXzX=-0h^pm43RKRL?1D3De{eFvYm9~8_p@>jK3qviLoy{8`cCm
zdTc1eL&pZQsE#V!=L(Bx{T|<0S#f*K+21o0%e{=6kO=SQ(4Ho&ZD!ge5wtGhuE~k<
z{UTL4`BzmITDaOmZJrk8!oLNxGQJnuJ3m6+o-CF2?E}jIBMMR8FtyIyB&;6nS=E=U
z7^0%?dK<3q?XD$LhK=akBt;Bh%C-@M8jdf(wZk*5A6X=mmwo#jt3hLoQiyQP#OcmK
zOGj&Aa^p?kAY^Ajs^}LSlNTCJWaAB&mGncxp(2v>Ga4HCJx1-1%{E*?h(qr|1iRi3cwo4%W3+KDSmimEl8
zg>y!fMnt?TEC#W4Q_BCPw!k*wSRusJvQukNIgAPGv`=xiS!2Ux1xc0m+;Mo98wScx
zh7CpOUn3h85qEJi_vuU33}N*W%B*zVB;LuoYm=9TK7w?*268|RF-=7h8NSS73t>-r
zE*M+vJIPUjXT*~Zu_5Ye3RS2c0~`Y-Qx&;C#{=S!p?LQmOo0MWYADCZHTOsz0ZC6S
z&$SW7&`p%>1pg35rC)4rXXAv-m5Cur7DzCo;@!}9v6%#nanq;lE-~2bBJ-+DsE)9Y
z)+L``li}Pz7D|pI$b=_43fVV@UvbWo?Dv-qs~Qp#)oDbSL4Q*iXr!MZi7GpT)WI`?
zq>;UvT<}`(66{e#0-41P6P)byK`4YXU%rEa@)VlvgcLNF0@iw>CJ-+v*>Px1^NRIq
z+)I0sf>Nv|hvViOV`c(IXS@l`3`rLsqXq0R5*WLe!uoBu%RAVPLsM&_hq+Da5}1v4dY4&%IDeb61|s(c8x_?5p38Alg@MsL9slYJ8NMM@hm&H
z(4r{fT}!(n3U9FZI2$#sdFaq2bYY7Y!nSE!*`E|);Fo&K?JmVJhT?`|x*%{3Y}Grp
zDl}YXNsp+aT!}8zkFs
z?xnU{B8oN=Rmi?t6n+IS!V?$zVU<$cSHiPmi+Y}ooib5>T{7P29%fe}BYE~8YGHh{
z*b$#xrfjdP+W0<|bL}q{*>2@RmK7oCtFe^}y%I%28|PqCG_orvtt8?VNmNF$nbi13
zc6w&Mkl0ui93U_XHG)2F(ejPNl+P7kVxiOKh$Ori3Y{id0>e}S&rjDZfEOKiA1TAvWKliwsJ?6C@+IqU~PTemhE51
zW`P(UJ6Eoq#u{JKt>0Gx+D*fsb3A9EPg%EPJpKumAW{JH7I1F*1?3VXDo4zM9I<@(
zrUeEsNhq8f8@(kBw3N@%ep{&uofZ&a>UGz%1Zd9f+VI(PhUAp1(SwOE(@1v1B3S3Q}CkiQn$
z{|#B(p{}Bp|~>FK{(Lvg|Mtr*T!&HlB;=`eUxmiBq-bryJm_r4lH+!wyS_+
zht!s<5IFKS1pg%7Bsmy(uwr3!U+cN(?1b?Kr@xUY%kzL;j-~~YOlS=AW>4R<(xyZ>
zwOhF}ScxQlpO}WxBJ|S7K-Wu2e^CfJ#9j25${WJvy^cFqw+x3693||_)$foDJpmG;
zaMxTBdp#~C##rRKayl{Nyq(LMHoP*?f*z1mLgK>@_nccBD<`@^ud|AX7nFXI?=@LT
z7OpNdF$vvrO^+l>of5_fr%5a#fEh=B#mc70oFrg_x(4=nPPTD6VkNW}S$JEOjRy9R
zA&9uWazZNW`zm9xMSMgye=8VM>5-XrYC@BAVqBd)FSl4IxZ1V7dn;=TC%Uz2i=|5-
z0EJ%4to#6~nr6GTIH(r1QTvBfy;{}~oJ#StevQU9q#1GX5|(RtTcg`-zO&cytS1>h
zM?Zz!gVK9b*4&Ux>dyOWd4wk5Xb>?Jgkeu^NjdX?(T-E_8?Oo~W*X?_nDXju}T$2wZ+kX<`wpc?_-?
zh>K1-|CswXoWGEL03om(+NGw4&e^bq_m>zS$N?D;q;f%a+mRFV_CSX!t+g`OL8|lE
z4R{NCXGG%;{oKTrg00_-Ww3e$K}@%6#JHAkO*TA^RL+A|^`|#>YvjGhP
zw5U^U{B{aw=}d)u6yS=uRE-ejDT%}Ew8_H;`ysNS2$MGJaU8!2#<;w0Q!YqB?U%A
zzcAM7a<^4FoS2q4WDH^kRQYVNI2l7crrmxzE9uq%*KBM2H4P1j8{r_wA~50T$Wvxz
zfB!Tky2sc@E48-qxvN*;Lk
zlh~L^7W0xt9E4ChQ_2C(&0?ZH!61`wW&DusxfH@H!MX>AVG?}Km?=CyZMC3s5Clvj
z5izeF&xoOyyP00Az6F+v+c;ctace3?q!E!6y9Fi~GC~(@?zD&Ix@xI_2}Bv}#d7u5
zx;iN=K=>r)j`ncQcRD3(Nhty~CnK4fmE?B_Z~{>~C9-p*O=*he5jSinHg=vD4s2iq
zBB1SQ5Kf3>ClDOw$Z~I?i4a*J7ox)&A0?kbb{1Ud*6X(hh?FwlSXdzWK`g2k`9Wa`
zIvg!-&SLEklI31hPGD7#FapmI<3;)&O=#|$Bw5Ws*u=)c*TTUO*^nRu?r^d(*8Sp=
zND(S%Z;F`!?;8zXMoxD^
z7lmz<-{pS;GVe9ay-5t($BR4bA+BMYH?!3^mTt8>K?y6dtGd|Pb>bjq-k!#$rkAGm;2m(@!EYsNYI@A}dJjHScOfUP}v3`4n1>f8aURtH7sAXkE
zl)fQFPudYEi{Y}ImVFbUi{2Kn?XV5iQ>(p@ixQN)0SQ&7d%YdI>sE$fug(RTs{SZh2Wdq=l+9k$jj|kMrVWMV5?SCQB?oSI^uatA}uZ
zIGTD(iJbXqF+g(BRtl&Hi9pOZhxO-d@97OxQooIM7)EKKj_3%y!!{WM6D;>J%RuDV
z@WeLQ{qEmPxrV7U9A>nEsKjPXc8*+Ujcj^zh|Wlyy0D{*lNyIjkp($c9hohdtW`uM
zvyQt4Wajx#JMiu8$lXKE_>gKqx=|F3*5nS+OK=J+w_%nK63GQzx)EL&Z|O48yBl4$
z?iBJ3nabv3z#4gvf9YZ=6k<LnD4Lo-$mUFgi_NBhz$RT`%!RCcN
z7XJxtbe`-Cm9r7@ouVXC=0lX_x3R^+g4#|U9^4Ssn(NyBN@cONN>Par5-rZT6wSh!
zfRqx^vFO%y2giBR0wXRF1B&ertz|3>AnP$DY8@*$M0jDiVLR3Z%QPrb9;<^8HPGn+
zO=H3n;qqW!O)u)lT8H3k8_=OXRXqixG`>=2-vCCOmi?P~#)M8Q-0tRTa;DXM1|x;5}}VJ$@Q@tpnJepSkS;H
zEE37evz5lf=s^08!CW%o&1$m{*axvjDQy&u+Zf=bh|2In~q*eKo}Y&IQ9<^iGbg!Mt93&SQ^
zZoYP#n16hSarm??ById$x!y51n3~fQ_u)Kqx~2RkOKsf1L~`-#lOTy1Viu^7o5NDQ
zi5N!vOIa>pRY!eVutkxP>8OliAnIzS+kq1v;spnCMWRZD|ZS
zbm8383z$ozq?^`&je?rWMvXBsC9=TP%Q-v_1096RZ?zpi77EG^;pZmgK9DIvf@4@-I$`3Jr!>-Q!!;9mDCqux
zeaYEn@*LwFMuk;5cuH=oGjMQ18{%hkksG5J%Tyd>q-VWOwbAQRrgi8kBYGrCk$|+50bT32DU|K{{LbF>%+Yud3g*2_
z!)p}Slm$CDgj@AR7*E2Boo=H6LN7qfp*bBfMDP_$C6s9%DS0kV<+8BRny^a_J;+UI
z@(X@%)tbe{FhRAeIV&b4bEP*}46_;it(8;|mNr5gQOv26xDY7UxMy9*P}&Hv1G9^I
zd=!k545Gu-7fCo`CP{R0GQnWN;2rDPv24OgL35f7Biw@Op-7lUXWF>_J=H{LAPUx?
zCt4vVu4a4bClMy=EH*@0=V%U%wo>G7Y|LfUI5w6PN#vyD@_@KSNr%8UH!qzWBYylO
zc6mbflO)re?}4|SvtqKdwHp>Sr-?Ok9JW@PCaGR%(HCQP6lz|a@hEZ!g~47{I!Mah
zg}biwKC9RO2TUwQVc#WM!+tH7DX8%>LM``}+N<4aYaTbPIxZYEf|>g;q5(vg8uRrI
z#%`)+M5l)8ZG?brDajhupb=z>RMnf5@lY*T1V2}1`I~W#iwFD8=c@+xSeZ)c^*RH}
zPbb6RL*(olaU8-Pa~5>=ncnaQH^Y656A1C;R!sstHukVkA7kDGL>t;P1o9}2?2+ZT
z$xEm>6s<4aL71NzWBrqL^_#oANoVd1aFG-vYD1F37njDMF+`r!toC9Rru)nGMN
zn6x4Pr36}Kwm*@T=tfhEC4a4zBbi(cGcQNCz0Zdpk)8Sqo!OXfEJ@>ZjT5vegXZ4H*!Gho%lHeNNJIiJZ_a%viDfA=p
zjI!WE>!-dE_!_Np0JdvQvv6aA5?+YpqM`!jBG@hw3Sb#rLopS@Y3ab9y4#cFy4L%2
z5IRj5CP0hjvPanm)0ILB1xh!A&2ds9vr6nnI*#0%V-#OlGh2}yg&yikl3R8wZzGFF
zE2YzJlRURDwh9{>;VsqYLq(t(0LNMWMN&<@_(AB8GpM2JqigD?a2T0@dM2NBihPM}
zenLwwku?`+?xfNY%jR$O^Kd4cA#P{6^dv
zB@Bze17`fB?0sOQw9=^8>L(g7I%NVvL5V7wtJyhKini$44r@>vabu}QxvrR_`ct0j068&jgkebx9MvEd1?=7-
zvmvFQ#KM);8}Wvby}@E{hgIgtaP|b{{mjy$_4r-{j?u716w4H*i1QrFllf~rGoR1$DQ6Dt4xLqJKqpW;0?>V?(Ec#<&5M*i91~fxd4derg?StY_a`hiU4Y#wktP6Q8^e7
zFT|@5q!_ABKIMv#Q)G7;An8k|K8N!@MF}KO){6@%ADva{%X^VYmFXN$*xq861;H{I
zO7Klm?4j@))y}EP!fFe?Ywgw+ahk<(S|%DHR<2yRk>IlzG@J7cUSiHm?+KV0c@yC*d7I|Gtd`zm{j=7Z<`{89&Lfb
zJH~?MK5ovIqSuCTJ;^Gy$7+_aClCg)IRr8)7e^0lIwd%PNwx;!tGg>L%ISJ&snMKg
zG6eT2UPXl_aR`q)Pm~%7kM7#}UmnDFaB9RslSqgAzHgri^<{Sxl9Vj9PZ$ZNtdJ6O
z0>WCFWnm+Cg^{CnAE_d*LWkti*k__BDC>GIbaX<+E028EWuwZZ{%4%%Socco16Xo`
z>Qa)Z2+1!{k|^tF6PJxWDj0;Q8SIVZ2H^Z{unj^if4Y%!uzHzQnEoc`&KSiPqk>Q5
zuO)Vs&VJarBm(ZI@Xg>hZp6y_C}Q%=RlM(cVa&#+$t(xFLXX1b#5v6DSF{b=YcRD%VioeT
zpnKee1gQ6E1t@4e_w(dJXE`v*go>s)*1T&$V~27eA+iv)nMK8xmmJoazK~@v|5ELA
zs;8JwG5G=aZ%AfKLRd1Sv@Hrty-A4-g-Btkfy8B?8*`{gb559)bS$-Utqf(&3}&Ub
z)M=k!dj#Ua9cK-e^(M9BxmLg7xi)uF|6Nx)4BG#G5x|-y^dK))75}+L*9rr#{5b6&y?`RkmKgz$cUC;
z5r}@UK+aWN3_ELZRM;@}H!iO@*y9dbU<1~I(A9#rX*k4j**NU4EIZG9CIvANKAw%i
z#Q8z&#An%EB5~F@)4FMChCk>bq@5@#uwHkRu
zg|fx!t&H_>iILdKtv8C3fRhX$Ll1?cB&*JFJMuwH`ZABPCm1)l_TIMIfX2IivXSl|
zI9#4e^#+`r8|Fx0DQk^8;hZnS0bkH*4iHayp|?rH7o&SA-l6KixE_6r=tjw>D{)w_8+MC^#M~W=V=ClsdAJU(
zUi(zvn`r;%)72T2+i_7MszuY`>=DZ(BRURp>Mrqgg+sU8$fwNo+*y)#{#K1?axY-g?l*0iy3%4~AySzCQvv8LE0W`Y(A
zTXUTxo*EgiEIlz-HpTB)z;Y9+XRu9N|S7*E45|
zCPSK2Y_MENeJd-_FIVBKTCc!kiR{<){+zP@i`;7)&PBr`nsueBE`f4_LBYnd7qUu5
z>bG$mx=^DuYMOd*-5_xZsTZ@cbcf_%Cn8N+<=y1EY@|@}seBd$tX8L2Fa~tA13&LZdi&M24}|dFG7Aiw$N#FNS$i;kX%&Q7TXlG%)tBLUmCGEnOpZ5{
zq#)(M+`|13%eBGc3ij=!fiK)pg&dDD4M_Xvk{S_?^YbXQ4T;cfs;-Gt$q1T=$5SGb
z3ePPJqOg-Xj>6lf2qR0QjqbIpO(dhQOT_ZHS%deRdskMwOT56@6e9B>iabwUe7!MG
zw-L^omg6M09&pQ?&UbmPgM6(rXR+v0{iI9w5X!#Fz*m9=Km#VBNRh(9y_Q)a(_~e4
z8LRX#B{P;nfw=&78z(=KMX_&+7$1WO$$E$eYZAVSDO8G-B-aUQX^fkZj~GSuz@-Sq
z+2@&vi^Lk#x#G7m**!)K%_-tQCd8?b@w5N4Q6;JJSDRYabe>xD={L
zi#L2i-juKD>#95__IWAnq=@;-GgqoW&z`iom=bK?jroX>mc&ikl}Ag$&ixROLtBwO
zMl1~o6f-?G`G-7-O!X&jLRP++-WY=uS07#>320e;sz94y`X@|BaR*352P$OC1fReI
zO)NB#Jgsv#G!i7a9YzF|*|*My??!Q1ieE5>by22>q!5V^nXb%}Uw@;8&=yui$67nA
z3Iw_^VKH;x1i)m_Ou3XSW$EXN+LFG(_;wXNeT1Z925k}3vJ*rCX}#Mc2N<$1FNBpSU8L&0n(2V3aM$DegkVH&%s?@
zUMA)TcF|BY!nmYc$Fau_o|GGe)cHJNl-yu(xz}D;2u{0la(VS_BC?^{IjSio_Kh7;
zPe-i}vXhFaI){lFBGwQsO}uCtW0u#K0w*S~BNnF0ld{qZD~37kG6)DzG-#~oF|}me
zDB@{|>TvPvh@jeDG;D~kBG$6)5teTDnF!sLNcc=G6nV|D2OcdX9)0qb$7rm|OgocX
ziiPo8CjFu>j$hVUW1B|jVuRfXabO$jB?SJZ*LL=NjCaj3rscAGryQ?bjU$-Xg$g%JurSjG3<{6lhR3Supnr15tD`Gj3%;UE!9>~}R0>hmRSgpf
zadwf*L|Qfjb9dcpGC*eW6@)mK7c7wEFp)7)qGa)8UF>5WioHM*r)4$(
zUg4Oyn3668U-6(tgsA0=+)K==bx0ff6!jS7Rqa$L4KG2eF9#soRTM?{ILHzLpTJxK
z<8AjWNj-~OS{yst7#UU|PvO&!1Lnkh$%&okaFff}?1z+}%Q`)wLmhY}uu(ji+jVt;
zWCRz``a*9RhlfbB+@MLjHDx_Y5JbSS){&LCNwt8ZQ*ss$?hvB?iDJhgx7wKXk=Pj1
zyRcHGP9t$DTWxdXXYqM
zL~$FIxuJyy0t=||j(8Qx1DrdCv!FI@tHgBqAVu$kR|~E|)n0qKp&HpVH4T&tHV_Bt
za*zlhnWik8^AXm0m`PY(c9Uu#BR;`8!dBzF){fv*&HjuAD#{rYX=-S^Zo`YL1V!X`
zOp9EWi-#h)Hl|Nx#5pucqjYryVWhNol((894$mXt@iI)XSK4GP)kbbAtc%VdNqGmE
z5qdVg1FyrNu#ESK#eVZi3`YmrHgVDmKu951t=Srdb89+b(N8YypCIx1O}vNyZ8prZkRG)
zVjaOgi_{ujY<%oL`fd(_UD{1_11?cWrAM!g?fhe(pG3
zrEu-Qpl7$w*R#OfwY^T@**BrthTF3QLSdUnZ^bhu0}1_NsOlSIiKW~(q&OKXbJPTL
z2C<;Xtcxt!!kQU@|AWo_n9W7!>T-D+;+W|;T_J_n)nK2Y>LQJ|EY2;na~8$}B7@cc
zf5jFui>nCvjbSyxew}vI(@u`OfdA=puKWnjxP3Y}3{m1NB@)`d(P{29Qwht
zu0;j>NoD&9$LELWA5(sHSbj6%_&kgLG3B>}<#!N{&-3XYQ@$3KzngG;e9!-w6no1b
z(DKLAPt*QH*#7slyyTWIh2>AdIMByezF*6CQzg@WEByY=TE5_x?|3m+cnYvPwEUTF
z`Afp@zgx>McFSvF`Ny>UGPk@JmOr57&vnZe!t(EF`HS819kX14`u7wp7W(+UzhBFr
zL6r{Z`f&PxvzEWdE#GmsZT}7}A92ftSst
zZQiNB-=jwG`C0s*=*ooNO6ljBkFxa+YrQ|h&&d1G{`lyCeco&IdA~yI
zz&vl@1H53VKkwJ_8T@X`cgR6Q<)6~>w@1qFwCz8rV4FMVE1|CoN_U3Q$1I@H!4ZXgKm!@I=W8u(;L6K>IZZ%C_md$?Ec(PviOXYRO(
zA4t#pptkdV{La6+{rXAi7md+3wVeke?fjK(=OJz9htuZttZ+`x*R}J_v^o89IHxxe
zlYq~!;{EJc4Sdkf=}9f0rb?#IJLGVt{@$(S%>0=0)$n~jqUAS7zCXhi==)#N@=M+F
zx_o~S*dtngk6V7_odd5vbH`m&>jL0s>bm)S+8q6UIF}b|y{ppd?F;9!`Tg{;An?s)
zPuuz9w01rowsWtxb0+GAWB2d;a@6mSX*-YLCr_&xzpLr}2EKk4YEnJ3FJ6vHk$SX0
zZ#$FQqp`f;G580ckGszsxYy3*VJ&|FRWi@oF=f9$ujSWA$|r64YqY!`DZkm4zhBFJ
zbNMMPzsLQ4Y%cH9_5Yo;vHfZ|myc+@)wFtx;T-Jw0eV;vq@AHOW;bcMkM}*P<-W7*
zZY}qnWgqGD{V(m?v6{(8F;x2JMYQ6wf>E1^k*WZKVQ=4rk%AkKacb&KmP~mg@VBM
z{XOfH)A(JXYw|~Mrbot)&hm42*tPu%ZRZktm>Iu$8DDDW4cg9+#@nGi`ci3!>U~)2
zT^?Vz^t?;L_5CHS_aMF#=@*@2UkK;*{KujKKG)Jere8Y_bA>@bgSvjM!tarGULLk_
zv$k;!>V$0^Kfx^*(#QMf6U;aD%6y}&mhW}nVI>@=
zo|f-)%Y~)qxqO?J`}%*cmZz;Jdj9=dKH|3D2%rD3mfz@>?~scueg9k)3f>ecKgJDE
z`KXp(;g;)u8w9pr*Wx^WkIb`9BDHZ++elk0RDQRX`{>d~wA?3q`;wOXc+y9-JndY#
z0M8F}jl2)PM&5ze;@iWqyn=~JI{!oMT&3+ioOXVHBjf|#pzZk9#0RxJZA}c~IUm;N
z9EkV#WZ2hlYa2gs1}d3-F|dOPEwynr3tEF<8o%3edS5yAd2J4B9pBoU(sJM4Sm{%K
zmzGEN{|*rv)4KSumh%tu4l0u#MEQMM{ssIVd52Gj(0uaIcm>*L}Vt*S)__`wwe5(P2AAN`tBWbI+%OAQ+*4%oscL
zV^qt1b3Ci%zVYp8x$phnrscjhaBrXQ->>C9`u(t$`{wW5C(?@tfp7jswS0^!nel0c
z>uXla)86kQeC1|cf2;UCLR%)@JaFfkul~LrHEC-Q<@ab?58-$FEZUP_3!nEXt#de5
zhd87`U=M2fO|fznq4Bx1KtBe4Jmk|RwGO|Y85iA~w62<3
z?i<%TwLERys1F~~@*j5l!1w%tM^P{68TVuhZdJJ=CWU=RBFdsN~gUZ{N4h_XqJ_4{7vs&((=bo0Q-Fd0#ZGFCfua^7Hp!@rL|KUF6=RTEQJP3UBYgEhkQzbJ#
z-EjP7wcN+M^t9YJK5x@_+M(z5XLw$4A4?=g#?c
ze|xn28Ezk57>>bBT0Y~JJ2Lx|TJBq8cWXJx7wi~2vW1Um`NeLz(oK55FKPJ|Zn?_o
z`TezgpIeT7KxCZC&*#PErvrQXl;5P~hhpuM2zwCNE%Xq4==qT|K=qe{z+azcLd+}Q$p5I(;0!9gzemS3UeX*8RI2-nFgw49G*
zQ!ZBxUZ?l0(>@h_Ld)0iyIm(l&s2|p0pQQ-TK{eQ9vMff_lsd)&fZCl1i=vfWBMXu
z0Pf4hTJEFWlUnW@i)NqlJGDIRPC{e(p+4XLtd{%w|7|T#JL9SSv-yjDzVBi!_s!*`
zmh%y7#_zgte4ASCTWfdrDgRKP^3Q7di`@C!G0h#I_xrY%`)J15Ow3fTZ~E`Z9WK^#
zzDAjHN0v9Kr?1D3u)*X_w{+kLt4&1
z%sV)A`yARZ`1sDQVJ-LZH&a^f+XE|F?i+)<`jmfI%P*r&n*KX7tozc+F$Zm(gNL--
z*S~Xqgc|nCeulN&_xvd>_qD&$r~IxycGB+5D?2yyC%`3waAVt$SM90>k3^0)b8Ab7<58u>X8{9EL2`h#c`
zJ=Z+X{5+ue4yuHY!Rhyb;NR&-;xk|^dZI-G!T*f{`qx14A09mNI9q2R*x`1=!C6CX
z|2Dr21ZR2bKiY#o#)F^j!5{0v&q?4%(WxEI`cd*25RE0={QVy7{F@a2g#JCEKk3In
z@c2agzXY7-@l35}eoFlxO4Pp}1@v6Aa*ycuzNh#e{l<#o^kX1+LZY1uflxc|JzFaN
zmexO@_zQke0J6C_R^&1WDOOw^~c
zfndmk8;dm4g8Uo^Xf%?af#4z!{%j9^u?N4@gFn}Umpu3`4?gC>cYE-?9(%njE
z;5T{j7kcoUJ@`vJ_$?lM&V$!Hc-@09dhmt^KkmVA_2A1Myyd}HJos%MyyL-p9-OR(
zlAnR#ga<$6!C&gZU*^GI?!jN-!C&RUU*o}F=fU6L!Qbe?@ATkr_TWF}!P#0MG0+3S
zTRrvP=D~l`gTKRr-|fNQ>A~OS!C8u)(*K|K)W64rzt@Am--Ca^ga4cd|DXr|1rPoq
z5B|#@oGpG+#^J-B`fN>_QvcUI_3!oIzv;n0;=zC0gMZY6f6RmbjtBpQ2mho8|C9&+
z0}uXb5B^6U{4*Y$EK`%8f#6R(_@8<3`#kucd+^VBaI(xzeg=a3J@{XE@GpAsFM04U
zd+-N5_*Xpm-+1u9_26Ig;17E6Z+P%;dhoyZ;NSM(-|^rNdGLSq;Q#Ewzw5#O)q_9c
z!T-&Jf6s&ehX==1CFO(ruLnQVgP-NWALYRx?ZF@8!O!;KkM-c^c<{%2@N+%*c^>?S
zJ@^wn_>(;NlRfxTJ^0f-_)ZT#$`@A2UKJoxiG_u=d?!lWLyyd}HJb1^0_dNKT
z2S4e-PkHc{dhk0u_-PORau5DW5B@3-{u&SdS`Yqu5B>%Z{zeb}CJ+8*5B_5w{4Njv
zRuBF*5B_!!ezynzDG&b61TGw}BUDxXML4v_Cb*gJ=N4GI7b%mIjli8fI^&l|F#6+JkEVYQ(La&TD;O_FF#6-Wj9;0+$G)E+)@Vn{-oyCy5sd!$PsU%6
zz~A&3f?k-w|C({u*hk7P`vLk>l>$!5&oO?BgUGK>Wvv>=gPT*a}U!K4pVEk1H{0MKkI}`YCGXCZSK5z~}?@r*aXZ)uV`0p|P
zvkClhY^(o~1b!pqWHA%{yqWP&M?w7c1;)RUzzG-#-od**UN{h>Ub9d?wK{O#^zmkZ
zx>~iccz~mxgnyggpno*KMt%+iyqO{x{V@>m=19SLv8Uj?s8euWyeT*@#uQwYbg`0w
zAW65W%0Q5$+k*4t$6BHKJZUL-lFmyzNjfihlFkdBr1OF&>Ac`cIxl#V&I_KT^MWVo
zyx>o!ABoQZTX!X3jL%b(AdmsEhD($Uh_`48KA6A=7!V87L>cs(2~6rg!-HSo!GFYq
zC(kKq|Cyfp7kTh!dGKd@@aK5&i#_-y9{f@d{#*|}?7>SO+|}xbRR)4x;UCU#1Hq{C
zSNQ8dFc$vd{5BAbJAZ}04y5o2R5}nO`2@j}e1hQn=ttr+5Iiq|5inpQIYo;H#H%|B
za{VN~L6rt1l2c0kD-sw11Hl0ge$ay_`59^Fu%~{K&yo5^JoS_OkJL}{KY~wq+PT_;
zU*o|iJ@~aA{HO;%=E0{t_;nt9+Jnz{@L3O@
zlFt-8$!7}wV)~Kz3V6%T%k2d{eYIS*d*;PW25?!gy4_@W12^56{*p5(Ww
z;y{q(w*_x{+FADCEf3!I;42>dHV@wM;9U>i^WdumCO!qd(xJ@~6U_^UnmYdrXCJ^1T9`0G9R8$9@rdhj=T@Hctz
zJ3aWDJ@}7#@E`Z!cX{x)c<{G+@SpJDZ}Z@9_uxP2!QbJ*@Alw7<-y`t(Sv`;
zga48T|78#UD<1sA9{g85_^)~JU-#hmdhp-y;J@j?f6Ie^#Do8~2mc=){G%THV;=nD
z9{hJa`2Y0apYY(n>%l+i!GF(#f69aZz6bvU5B`T9{L>!%k39HiJoq1b@XvbiKk?vy
z>cRiagWu=D|J;Lr&Vzs6gWvDL|H6ZR!GnL%gMZ0`|D^~2vIqYw5B`7$|B46yYY+Z6
z9{j5w{BJ$@*F5ga3aX{5u}}e<$$o
z{WtRG{1=O#r@x)~c*6hH;y
z;IH=JZ}H$i?ZN-XgHx=bwEq0N2Osv}6qAV7!@um1xB7~{+$D;Cen5ch6hEr?1!oFy
zRPnar9mS0W;ah>H_4Az`{C(O^<1A^|te;OQ{s)R1&im_%-})%2PqDJ;^VlCwf9`p}
zhk}dkdbmca2lJl#w|elO_26Ik;5*Mx@6VhEf2Rlk4d6q;rMCarw*2{`r~cEQnEu>~
z2XA=rU-IDp;K46`Qu=cjJox*7@3axR5f4Y->okjgXXx8M
zdGNEIEbR~KK$i8nPxs(^6el`OA51rYmJ~m&_?qJH0G_t~Kd<#otT>8EPMmgy(02Ys
z+j*?M?`su5|3YcMiE{cF51dKhY3<(vd?+|z=gX{zU)FY3bR6C;%?0;!{e!l?76%vN
zm!Tl^_cVO`+x}hp+Zh-y8vk!AqgvJe>;*pL_<_D$@t**m_T0~T
z@Uzk3wEB}C{EZ&`k39JIJoxyt)1SNQ!G8_-P%vr7=L&t_L9F8;&Qv0Rp&Kt}{Ftpj
zr}h7u@#`#Z=6yfLcgXRZzE>)=E){_C7trT1_?y~4@A>k#Sur;#{swJlT8e{v75~nd0F>W=KL15a)s14>-jYB
zwEFjI{ZD9pu%Z+W&jB{x2&2=wkwWT>JC)
zia%Dz?ZsOE60E14L1<@g#`#L%Y4b9tczpa{ruel$+$imu_MZWKD0rH_Wne9$j(G5fwlkvb+@<||6Y!luXrFKT^C94A>-n?V
z&YTh?ihoa^f!*o#&jU{Vk3V;h;-A$1C|LrBLvCl*wqy9TA<&(nAdE9$_<>h4KA5Qg{a{Fj
zf)^(6n;B2me~|H^MEzON*`eSji!0d;9$-9Ke-dz|JUh1SnwZ=qQY0?OM!pGn|D!7a8Ou;u*u0OK#Q_@d%x;=CCO
z<}40&h(A@}Y3t6sr_dy2w=|rcLPrwpTFjI!gvvn*LDsa
zr1q0?xwkNW{0yyzXUXUPFdoK{F#GEm&YPj2Wb5lO5WF9FT7SOI^~1OmkJI+|AEtJa
z_uM-eZ`tDtbx81Gqp
zMDdHSq;^hN{3gX;#<)3kgWyKR?_)fSUvY)v(^pYDFSYH=EBg@DESEhU&k@
z;*(nc?To+9;_p-Zd{h_;%wkgqBz=C#6xDy5t#8)PuQDFS
z%`o$I4mQqE@D5ww;I}iLJV*Y7@g#k|3>_N^-f7!8Py2Z<<9A!Uq4)t@z=wi&S^Nu%
ze}wV(SbV4A7td1tpSCz&hd)2Vc#^(-oAG;WeY0-&Tu<#J>DwKQzt`3`^zbu`zdwOL
z@dj$=0~R;y;TFcjxE#;be!iXY58C>s{RbHT1&bT{{7h`vp&&`GPBZ=?TYp5`{|4hp
z`tu?XgrVS#
ziwXj>9?pId)xX!)H*|iP@i6YkxIXuv82^Z^Z^rZR&D2g9_XBJ*e?A2~Z9jg&gFooO
zALjNyYM*P~_r))!=YGuMtNPqOXZ&|8{*dC&eF@e7gvD{J@aOj!|D?qYJ>OrU`k%76
zStsvjJV}4fx`pb0+SWf$+n;6p4=iqW+E*D5XYkJb{0Z@y}V@tn
zJFj6pNmuV<{A;$pId`7gq;?*(xarT2GyaVP{x!zGY4M#p4y9#k=kG1PU-6${{M!~c
z{KF%RC+Xg?7PVufr{VklKI7l9?U;UE*rxgqS=`X`{fz&k#gAxz-oyAmTO89ZpA~8+
zNw20E|E{fX=+*Br{;w7{&;3irAF=o|wE4?#qxS#J;y6b6^BKm!XYnahzeDx^!{T7`
z`147|Lr1=g6@NmP>WA@Cu2B3s#*=j8&lx{cxhIL2PG4E>rPJYG0iH%To&rKT6r5$-
zF?8UajE8Yo4F0E#C+W=YHEJhGAO1VzkGAa}()SuaLG>SFaa@!6^M{OwaazpyJpLrr
zPwtmjF`nEPf5!M@ZTrvB_Md!;+BwJKW*xqs@y93d|HJsX34Hl>YA1~AV#eoVjE8Yu
z%sxHyrRnqX1HgxZC))PU*M1)N)PFVC597d?=YEdyC);)~?EKk%2elu@f%$F4f0ywv
z4$P3^Pkb5G-)Y-1^mB>v#K|>=j*&5rFO!2
zHD>)>&v+QG#`N<8j32enHTd@!pR)L6+MnCrNbOH2@Xs(lYjN}3=e&vPhw*9*-~Ka<
zhw*Am`_H_S>c1e-&g&UZj?aCJzc5jM=*`s5ixT)8<2PG;Qs3)-#=|%^W?fzMW7JL<
z$HtuF?`FK3XlLh-Q~fZGjiHA>0eolhDqG*+_c9*FIWc?o3&73q+C~2HEv_HNQ89G}
z?xOa?crvE_i+~RWVSJmnXk$kiZ`uAlSMi>w{yVw-Q?|Zo|6a!LNZ_AkJd7uEj<)|d
zz|HRp@sCHNV>^Q|?#)guyoB+W+V%}SzmoAVj?KARzXCk1{nv8+SK4+Sr}gh<{52MT
zs^Y)Rco>()JoodAztPq=`z1KuZMP~XI*nevb7^g5C8)e`rZ-vIyV9uF>L(iAdZpHG
zb$gxFT2G61Rh!Lrt=emMD%H-Sfa8tDR=ZQjA4f;8MuU^3J&o?6cB|KEHxDgUJJlMR
zFV~#%k<~`4H`|`+bsDY3@~P=5w{U!+aq{Tua=p{2P2y3_dU>igGhCss@2yl8TdS4Y
z$&-^KrAlSKzEE9l_A2Pnt(BE_vr#)$4xchIiq7|{jaITRQ`a~T92xV~8!n^b@vy}`
z7>d@)T<2E8XG)djuxMm>t=e3z&$h2yZTIT)@@7Y4-!JW1toLrHHXHLd@{nIsKh-Ty
z&GdG4>%EDiGripvdbLuiG%{E1Hfj|-4&yUXo9UHGH4J2>*Qqvo-HBRxriy>c<(b}S
zv)=7a%#2qEq8~f}_`+CadJgsL^~zGcI$!S`8Y{2a?v{p+RJ%Rt#NkN6$V~54v#$M%
z6pc%D(+(anQn{gCqm_W(*7NlreI7%f!=@U`D^2s*LLU+Kdwh+1y{QhH)_A>_Fle26
zby)^z_Yti3cIT9-GSk~*rXt@X$0{?uy_JdidaKvyo#Fwr^NzuzdFL_QWgb(ZL7bS`
zTbZ0ImCNC1ZcjhL_ul-nc3y9bnhi&%h-G10tLB<&XRg8>vFXiaJGFH?Hk_R8Sz{&7
zTDSecp6EH1TJ8CK1Zw-Yk271ttF6XutM$rCuQMShYn0M}{Fg?}88}~W)_e5{oJ!^L
zp|OdXU6r*m&Xy9No2Zz(G1H;&>@DqT)lXC`Be1!p?lgT(&9R6tHh^F&++M0J~mr9HY?m6O;tg=)(jwCYuG;j
z*7_;%v&$>h4)%$1PPyKVMv$2)XMSRPqNo=!yRY#1!7E@pq)!iyU1AkcI##I=5h4;K
zTt!AYWGRq;q;kzb$^@iQk8AQYKGXA)k3EK*?pkiI)x#~4i%!up!d8%>-ll`IR5?Hw
zI1t+TIxT^jgE2CYwqNs%Vwnj5=xxeAPhEAn9)efE{i$RJkKc>$BQ&c1MOW1JH0y9H
zw&xUWPtTjp^u~ItE6w`E)l->vBoXDAk;=@d+zo_^ffn)^;2B9`DTtO+ad<}LXQ`&q
zV3PK4tPk#2LB1?^Q>x6;a0rc>TpliG9~UzgrC3{~^3{0pIG>d|>bQ}I3!*e!xe7OL
zxg1lM(r0RNZg`zZcr-tV6MB6m?
zZ`V@&WDL|9bEPgatg|;Hi*WW{IeF~hfyv6TBS&V+vz6Hc2PexqKUqaYhh+xjDJsG_
ztWzq&3%65l<%o=EnCFoeN+|Q9%ZMW@ioH;zP}vD{uI3^2M$8d;p;#9p-H&wOu)F{$
z9VY)ogXalC%7sP?SB-g^dKrveD#a7|-N7*y$CXb8hi|;JQ(w3g;>VLGE0}mlIU&aD
zovN%2+b@qnvbS0S#fH(g#*iD4FvsN$je$D>ml}TDgv0m>Lv2+`+
z1i3W+h0xPKOqTdJA)ro3u)%tQ0*4K9Q?n3fj$z#7!R;ob<3~`>(pOMl+E92MqT!7u
zCJBUmPi02`qVF?LFw?_BQzkI&sXS@Kh`TLe`^b}WwF8kY$PAAjy##L!aC4S;XB)^}
z7-@6F+9o!rBEUR?7L3MEk8B+LnLMBHRc+0M#$79o-lTTbU=pw
zOyjCrkt2d%F#AwfXUvXGJgPLz&*Jk5%VD!m!VoxXsz6C~*c7XQbiQyP<{+Jr+?wwf
zDy*|gFYcl)y=!>LW%@>Yr&j7R=Pq0tsdk-npT$R!@?Ez4dg2=r74}rShuf=IV9BDr
zP%F-eE_DjTQ;&YP_3>)=V7uK+es#3lxILxC#z`ew&Wn{s@tAAt%X9V4(du%&YnCqe
zG!&ZTnJdHGjm^~;8!hQ&F)dB
zoJ)ih4w5VCo;Nd^or;WuS6S>W=|ai={ZSHMCzl!46OB@M0&egWU|P6sM5mR?AS
zHm!a$CkfacOFK5*XxJ2yA#)}b`iQX6BCc)WC=}9~d*nwif#yMS2u3b}=8aN{)<29>
zzA&Frp6tY;b2$!B
ze7^7(GxccACwMBAcys8Ko7pL1y*a#5F>f(eYu2lJm2<~xccUuMK-D7jdVXtHk
zrXt=eDjP_f=sinS7|k(hJJJ?flbGychJ=X{#Im(p@c`fNK|#dq1u{=kqO#9v%g$mx7$luQbanOx~i_g-_nR
zl$0f;Br2tCFNA1MQe6d>F7MUB-)5=!HiZv@h_M})v3R?Ym5odpos{#>`?w7-o+(er
z&3>k|RUi|Z(t3YZ)IT&bdj)cjDgBG^klwDOa$+g1_2b8ULU7hFts@DC#nw7^bqHl~
zPP39@-CbMS029GI%%mF#?e@LeZIFxg`k$f|kOAR?azu|nrb46T*6MN@@*J_uJq#w*0-k4>z>U5gt#?wC#9!zn77~dE4<(
zIsX^dlXdw=cyJJ?|qnNcsAGzc}*eeNvJJdaI@pLT}}M)KK^f|JOG_uFM9H
z?q1)nPKcYF4Ih_ZIYqAKD*7PfS)$}3y*H+kuUDqr==9_iijX5)rGHnH@+t3@+Ddd7
z_PTVB%#+A9Nfb5qebVZLuOnI(w2IrwUY0k_lETH3qEgz|OC>0b4~x4Pl*&;J7!QFo
z8y%IjmioU=gqo-JrvFpaUgfCV&{7*Ijll}v9Zi)?Id6k|t?JU*Y?T-N|{fVbWp5MpIve
z6P@F2>`{jy^g`u~`_3pg#R?|Gk5OXnS1BX
zeP-oBP3W^8V)FUQPT@9cg~sba0LGz9f|hc4(<}%At<<_v&d4`IN8K)
z_&f>nUO&By8~*(|iK5PD6r2Ye0d+cgKd|ZOmTK^wfpN0Q5PYq^}Os&lQEk1hYNXHj7}nBJ2YSCAEO
z&pdnP9FEoJP32j)WCOe~wj=L&+ne{_Uou|vacnK8(`SUo^LOvCCY%!Dqg8LibeER=
z#XP>xdwOR@z3nA7iNEp0w1O@(w_guad$iY?6m(8!=PdxvJBR|i1$eGyAvet7l)rXB
zcPD$7V9yJULRx#cBrh6J+gT0jndb0r!08(bJ0ETdZq>zk#ewHD_JJL`Rg}-ix+A=B
zY7Ir&2lfgGS=Q?eYx4vINJ(UEr&FuWjEhYSc@Or#Ia)=60y_l;g)DXt*Iv;1KxS3z
zyhA?E5-vw6uXB__4!_%9$a9`rPP2E8hjY)7FCd_O;D^Bh@?r0m&LIu%6%^d5oA-m?
zVX8FegD>>)acA59{>~VpMxAgxg`5NLt+;?d=d)iy9XmNM5c08k|JtPk+B*Z9vRZ_^
zg+gBOVK1I?20CHcVSoRkp62epN6dX$Q605x_PJcAkas|YTzkT@A*Xzv
znsk;@xF1dRls`b`+bViDik}OAUFYpKgu>48a7*Q>i~rT{hH;Swbh6&7c6hD=k+Flk
z=)<|V{L?{X;UIZghK(ZM)O1ql$=5eDJ6gzTG15{zZ@lR4yduOsC+)NG?zP*dX}xE^
z8`9i;g^5f-|97ua$@@=VrSg9~sT?vg3%^O_kd*(?D_wMq2WKMPD!JFqkR}lJ*B^L4
zmlS?=V|OKQ>I@CJ0enNv%ze{9sE-D{nTvwES{XVOdmC>_Qpx3}zltP|a6!(SS{yjp?poG&bqH{V|bzTk>?7Sk#nKty-
z2a3=Swr>;0=Vl>iuyaJ+2^-Hocotv3<}xWCq0d{eMVprT{4v1ueg)^8^$)1+nQ(UI
z=?ZZ3`_qJ7U>FN4Mbz0jr|mftyUq~US^X|U|M0wC6mFr9BRvxjHZ?}g=rvX3%;bjY
zoRY3OWOfK%F&?IL&hV|4Q*x=7H*=eiuYl7=-GOVUi5urH0XR?7?Zbp`>Xz7R()GobyJW!@tQYciw6kGEe5tkX3VbGt{m-*CV$B3YjPgd6l!<
zs(rm-vV!vtVCSsT*8uCQAYY#*Ott8|i_}^F@n64-)V(?Ui#K-uce8`}{@Lsxw8>iG
zSjm6YD;9;eiktULp8D!ao!;Hsz+p5^Hxte-(9}$r+6dlXgj>pxTaN$cHPnB;)A*0-
z=1os9Iv=?T=+dTD>u!I2O1+tG#ujy<(Qjo-b_zR4cJ
zor4N_$91XUE$7Zks{UVAg=c_@6WQ*vntz#-r`hub=*rQ6!0x>&dfwpe
z3{UL#Eli95oV$3>-KARxzK1$tI-x?%3fFLMw|PdG#tdQFh)u3S*RL+ISmI66%b*|XnxiUFN$vI2pt{HYVJnGOpVd%`ZxKq_m!*wRs
zY=x3Doff91rIqG;4kLVK1M`K<2IlpAZa4H?;OkZ$g{3X{yDM{G8qiZq`JJiU|N7u~
zXJ_2`DtF3FE>|IaV3<}$x&7SV`QvV(y50Zd0Uxe5wdFBBZhW0S$-VRbum5yJxDBS-
zx3@<`|NAduxJz>24_P>u3hRL1Op^#T>*8Jv^-sAt-QE8|0fL-QAG%ioCx9-}x#pbJ#ks>wzaZ>%}H3(j>6
z_y5h!wP)>fr|#YUSAm=t>2&+opVD_8tVy31-giGvOZv;ZpRnGsIHxV$u{cf5sj`3j
zw}50Rpp(iOeYuYpS_ijt{^p10KIrwUVP5wag518(-`}0ob|+aw70SI4s^nZQom(I`
zNX9U7r{(;$q1SK1$-#evNVnkb^FP1S`ZxD>?$U*Sw8_eHcju{xfWQ_loc9)X?btF*
zBPM@m
zLp1uAl*2U2cm7V0(}#JQQeNkAsQ0EJAn$*3+u(kzFi4_Cm5
zBHXs~SEHHIFf!q7hYV4@Q-^<*%K2+7A%h&}D&qa^7QsQz2b7)JrN0=f{GFQ=_YvCv
z>1f`a&~|pkd8>k_Mk>1fgVTS!raibn2>ED=dm#=PQipv}Iye3|HR#Icezwc)VyiiS
zkJ3Km<-88ab3JzU?X|Ny;k3{G{&Y`Y%b9Wxxv&3^HyvtH&a+|X>g}1BbFMp1KjHbq
zV|oAP+mAy&sN>v(7O-j5P$P~i?f>DQF_a;Y+t2@#KV#_qE!uh*{vcz>qtno1r?5;$
zyPpPY?ffl9TcG0X6_4!x!5>j`VZ$CW1ppS2T3*DBFLhr+TFtX=TqDd5IcK8vyJXE0r?xWulZrv
zMnWxub@{i`cFT6`;Jo9({oG+#szENoq1V^_c^AS~O8a9YIO;4E;9LXSwCdn2plt8_
zp`Gqw93s>6ijdwiOm*Nk1sn;v-H$!s^Zd87gwO4&oaQN)a<><<3-}w_w0nYwe8MzT
z|Jmbzb)YbZ|6kNTq^Da7w;hE;&kdcJ`$DZ;dGt4!kIdZe{f-yzhLXL
z5BY~Zn79AZl6{(|Pv#
z1Lh3Uyay}XMpEzzAK!ZsUd`Xz`t|YmUo3Mp91@Vvd6%B^cXR8ze@L{8y|vjs5!0!Am*9XNZMt;p9_aolkk|hbrt|q~
zY&YnCygl32hk9OS=QEML)%brz$p`=o?EN$2SYZ6KtmyEEVx4zNJL3`eZaT1en;v=H
zIm@nX0)pB(e{DmYeW3c;B~+&z9j{Af9&q>MER#*
zU2@ysCgcM&K2V+aw>>!S?+|d@-*Mo$zhC+A?clh-yTNgPqv!#3zg32MNDhwib-?RE
zd~0xwU!`vK`JL9!R)}u|dG>=>0)GJB7(9)8ken~e|AYL~FDv;`_0sBYI?U6Q;!kRP
zEAmU~1AOF}K=HRUeg^qN^{;&7*-h~;H2yHTwZoI-Mf7|=3;FT9dn<}0bn5}zVRCS6
zhnc~#9ai$;b-}S6HUh_X@&$N9IKErJG5#SqmftU`?3cBN(pnGE$;+#!RCntE_ctpz
z?r#+zULPFyw+T3we>pgof0w$IzlxS~AH-uhPlIDQ?@*qqn&%P32S7dNi}w2V@V>g0
zr>^Fy4)Iu?j^NE8{}3N}#`=h#16~sHtnlGm!Lc5WfCoaJU%{J$M~&{Sham7o>JEAO
z1*?Zt5Z?mgyHk88t+#bOqkNA5O-%R75_=t}g
zL+Z`yCrINHsJrJE)=y@NZ>jOQeZ-fh_%<3}(MSA8;K6WQhEbk&nrAG;w}kk~5dSXt
zY>00Kz7XPzfiL$FzX`lG#P0@g1AYX&BKR5bw&0J!KLn2*)7#G7F`kXbvVgY-F9eR~
zqd#~Dhz|zu2tH8Vp-|`12#CjaG7r2Hne+gm^AslYLR
zR&dN;0vz+y1IK#n0FLn=fn)wL;Ml($RkwORtL^+exs4yLktcJ1(fPUs`EmR(Ha*<90iPV?Q<2N1pLM;^%_n
z@ml4>w}a#U{tS-&kzX9|{$hU=Tb=heF~s9}G>qc&=<)r`hp#5L{^)BT`43RM^+(5j
z#Q#k3)*s#V5g#$G)PwD>^+z$(xqnGT@zx(@@)2Kz;;la_;MgB!0>}QS
z1UU9b^}(?}Y6*_#U3YN2u1*5S{%EzjwJW=Bd=2q<9vub8{^$}omgfaHp6^lPd+QCa
z=c&LkPeC7E6&&+70LT0tz%l<&aICl4;26II9P@7l$NuP&x?9hko&VEr#V=X{Z#{Hz
z+{Pivz{`Rc0q+K0Qr#iH_niN;{PiFnud8z*-n~V(ergHC_lEpiz&{4xPkCm#1#rHO
zK|HpfTi|^lPtJt$d+v2?0C;(IH?3RF1)9H>4{u9;RMPr&f&5sWq2L2yyHmk&UT6(C
zo{!tWv7HoYO_&A8K4UY8?0A3#A
zdxPVCeFBdC#Z+*NpAU}l>%lR8Cpg9*2gmpe;28e^9OM50$N0F(y!DLnnZU7r@_=I=
ze{k$K+ks<$*HztZ2L8_fS${VY;wQmznGTNq;8Gv{5b|UH_#EP~e~h18>cK4!#wS;I
z+abp10-pxuECoItyf*j@@aF2aUF(0_LOh-q1HrNX-3^ZY?|I69*xiuxb<2mpfIKyz
zoH0|#?^!vmUrwOz)(_sFW&?Nk$;L$m!LhxS2FGz=U2yE*TY+Q$-WMFVI|3ZHI}059
z_m$w-zwZIZ{71ks|21&z-|vGrf%=J>QtH{QPt2bH9P{S`$Ns%HIOZ7&j(Mhl<8fc4
zZpYomnJXY3kNa+L-0op;-0oR$Jnr|val8>BmA8IyypaSPx0?YRw_6%~7Sw+eaP0S6
zgS&m2wdY>oSZ~ABt=@LK|KWU%g?OyDh2U8J)!9R1KY(L-&Z%2@zSHttgLo{@
zbMQG%tnF{q)UqFL`^54j0LSvA2mc)Mw#zyl!6x$9~~ga2y}L1Rn?GjGIQbr~V(i|KWU%hIp+1
z`QUh+Uk{Gu`2igF_a|^XUf03#cs&RI0_rD5Mk%kA|Am%6F?n$b^Giiu^ey>8di6-o
zKdVFjycBQi+loRw_P-xcd;`rN>?8hTaBL^z!Eruh5#?{J`By+Zmgie=tmiY}SkKqN
z@w)UB9P`A^B=r}``G$Ftfn%PW;Fza0IOeGWj(M7a<8^X4I9?~$f-iyNdm0?)@$P~z
zh4@$C%fRDg_SOS#w>tQj5I+bUw>uGhIm9mq$N25wczrktj_v9K_!!7vJ&U*eE5KWW
zV>=uTz7pc+gJb?p;Hx115;$H@UV!6v(`WUT6R(p+!7;uyI9~Tgg0F`1%mv3h%fYeT
zehrT8_B=SoKLp44m*CjW-^%9QUu@?&z}GqBL7yB^jeAFc8AAwOOZ
zJA&hOhk>t!^6UZs3jBh)mD3$_xL-d*JYL5hg5z<95FQ$L($f-vrw|2#)#hfn)u=0N)IG;^vTgbI8+9tp1a#
zyY-3npAj6}b5S2&4jkKaLvU=*lfbc^tOm#9yF=Z|zfRljUWnfU`+ET#&+FUZxL?2f
z@Mt-u-rV}Za;8zY@>qRlfq1OXlHj;s^}w;5&B3vpoz;1}A3;2B_fv4pGv9}=0LSCF
z6CCp#0LS=C;CS3)<$8U6ruX56efWpqli;`y1IPLNCE$G^{xCT1*IDrL5dSkc?(aLf
zWxwpW*nDPTb+`TWhCB_xcYyZ--w8eqd>8na;NO66R(B}W`Th;Ww}klE?|6?3&huwg
zw>(?)yer_t%R?UQf9q1b&GUZ%@p#|S6?`|8vp+Z$L)>+-vjlw
z2ps46*MQ?Z!!B^Fw!B=%l{l4%O5qLGStvugp
zdES9|ERR3^p&;ovyWKM#B?fp-JP
zeq^}1m2-n$|HnZ*mU9s}=Gg?k7qbBj3?teI6=O7;2+e2`y|5xBx|1k?l
zK5qX>z{^89^MGR>e{gKKHNbJ45Co2SI)G#RKyZv74UX}1z%hO)IL2=U$N0VA7=H#F
zmTzZ1IPHB;22*T9JgB!9OFL($M^x@7(dB}F9pXu+rhE@>;uRB
zx&V&js`8C92IS+v2d3_2T%Xt+X%XtqR`;iym*e@q9?5%&C|IZ7K{Y6FaMNkio
z!Lj^(!Eu~F8yv6mhr#i>dJY_~t2e>1{-3B@{Xf?F_bcMvU#$Ol>K1R;|6~x~681MI
zIF_>hlHoKJa)&<#^ft+H-+q>O6kP3y$?%9vthrCOBTNT7YAokH9g{
z5OB;h1swBy366O-fMcHh;CTIf06rAzEm<*dJICh&CBcV5d|hySE)Wck&jq@J<9648
z<8y)A;JDpC!1qIW62I#$KgMST$Lq#>;MlJG!N)-UP2l)k;21cz!{^`!AWu9!(cE^3
z@fE=Fx)%VB@iV}2erzZB8rbe}AAV8Y3H6M(Gr9$HzV49gKm8t(+xs1!sJp+8*N3?8
zdD3~-dtiAo`0xVYYoYvI!EwHEHaOPXdT^Xq+y{>H;Xi@ny!3r=oR^MO!nRe{(px`x{dpf8
zk7F}%thbNB@i>kI$NicNj^$qrj@#V;j_v0pIBxekIBxd=IBqvnDQ`WX=K;rhD+`YC
z)xa^nHaOOEe{kI2i9URZ4}Spu1Duaf)!pmHA?N?zcD}n`aZAg0_c|~M;?sgR2QLGT
z^Upy(ysr{tMuPA^$z_hTu{BUtbUL
z!7+bc@F9@rBXBI|C*YW8GC1A`EmU_>hiZq*As+98z5&PW9sk>|Jo2m-Z{~
ztsk71P7IFQO%IOSEd_oG>a8(2&P%rf$NS%&;8<@%)vexaUiwpr$9h`;j^$qkj^*D1
zj`emB9LsZ7-OA(M+q+*^As)-~4E!|IPn7rN_aZspusrd>u{`O(e}X)@z(;_;2R<6S
zJ~+-xcLvAnUSDt=w~qqH&)Ka5$Nk+2j{AEV9IuB@!11~ose-rOM#6q21Rn>U8GIgi
zDR8_#*HL#uJ?E*-KQw{(mXN0lIOZ7&eg@(vfMdIwt8Ux1`R64NkL_wZIM(xiaIEK(
z;MlINfMY-V0vz*1t>~?P>}QjMV|*rXj4uL?@nyj=z8*Nn2ZCdKH*ky}0gm-B5ghX@
z2FE;Wz%hOgIL7}3j@!Kpj`5KydFvVDlYwJ=ZXaG29P=~)$KxIZj{DUM9LK|7fe(dt
z{yjLh^Hb{9&hNSZ;e1_$cx>kn!SQ-KesZwdSR6dcPLud26xupUx@
z<8jOej>oYCIL;eaRk!_G;5Jm}t0B3~3pFFRdE;QnkMly^DBjv_ABe|#7!AG>>SrG1
zvGs3DAs+MmK=C&J{G*TfN8s2FUxDLzAW=1`C%3w=oH^93KCPVjAs)+FhT^SVRq_$v
z92}2(PjEc$gTV3nISCx|ECt6r>%cM3UU1BF4jl8`0LMHp!0~#XvAVaOheCU(4vzEK
z-NA8wcog_j$TI^R=dqW8<92U@e+hZA*YK7Tx0?_A9K=@!$M_Gx@jBKW9NTAKa2yZ6
z0>^pmq&28xDT(O?u2^A
z$#?WRR)^fKV~xpee!Cgu$Lm-xa4gR#A3hU&EtLNj_*dXbYkTVf>n#uXI*2a^z8<^|
z_y+I~!Ev5>82Hx^KLs3*`+RVWUk{GkJqV85y$p`?+Yi7of5tlA`oZ>-2OQ_O>w@ET
zsjUz14vyEQG2nPzIt7l$@dY>@ub6eE{7w~n+Nbpk3Dn)@x&`V#Jvi=fZgAYMVm`bw
zIF>U29NSxea4i3);8>pN;8>oOK76+iKLn2Te;FL}{{oKj5$k!|2_CN;;8+i(e0W_S
z{;|4y9M3!d_qJ@#Z=nxA0C_IL@jVA#7W^UPxdQo<*Z1z%Rfx|4j(IABUx)Zw>JItc
zg!~;K{uadd1HTPE1^f>9m*AJdH-O{uI-%}_hAPh;h{ya-z%hT)2HyI)3){^Gj`h=0
z-Q8|v=YJ{O|8u@NK>P#9GZ_3K_$11cMf1#pc+9f~9P{j^JOwn*0f@&u$H8$P^$z8!
zqIn)cJmz@;j(HL`l=`sx3Di6()!pkA=E(?-d5Tk>E}Ewt#ABW+;E$l5+ftrBnx_lI
zKZf{m6hA=Yr}~KB0FL*4-&3B^n&$|_<9**b@ZX?3cfc|KOUnPfTj9=Elt%L1t!K=i
z2)q{L&!+DFx?4o|p4|P)3-S0|sSG%d_i9p}xtgaT#ABY;;J9DCDbGd^b4m*99N`%!kKs;;jeFlNB7Vx23?b9_sq=wmy8251;PC7lLEIvlJZ1
z2^YYhz;V0{j_vB1x_g?q=biN<5kK(O54NjB;7=icI&iF?T;N#GMZvK=71XUf)*sb?
zcq~s4IF_d)IF{#Qa4gR-a4gScbt{kcYqKF9%d;9B%d-_6%kw=rmgfXGmglOvmB;$W
zI}nfMc?FK;iP_Y9e6c)9z_C0Tz_C2})U7<$&lZDtEKgN%EKfslEKe{vmZvi~mS=#v
zmB;$);Si7InE{UFSqzTlSqqNkxd4vwkH9hh6*!*P@dI9eT(W>;o_ye##~&Qa(+C{%
z1cPIqUf`H#3^?YQ3XXY}fn%N>;FxDWIOaJIj(Hw}W1g4bnCGo#-g?ICXJv4_kLU{?
z;VthvmigfLTz(}u&R5?C$9b@q;87rdiauq|0M~C>q
z;4#4GfaCn(D)91|D?}P4xW1c9@z59!K5`kl$wBUGrGlAprZ48d}FhV_|
zvw624wDI|Ph<_XQYbM28KeYhjV?q3SaIEKD;J9B0DgSC6x1WG`EYC%Xw|@Kv#AA7$
zfn#~11bOQp%aa5=Htbh=^@v(;)<0&4c-(GraNKSMaNKS~aNKSSb=$7>gY6(5x7!aK
zw>uIXw>twIx4TH)wrl;}3W&$;?f}Q_9stMfo&%5bmiPR
Er?e(fH_<8~vq@E%9p
zZftPeZZRM3502+o18~d}1dj1Nz%hOxIL1!|$M`wm7{3M_KLn2tz7V_}_Yl{^8_#G=4OBTlI0|9n>e1cTt~8-a~yRd2jX4
z$@{4Kn=J@0o2OpRVyc$nEc(?Ixe6@q5V^sUIL;
zs(zS!h5B*wHR`9x*Q=i;|3lkD0k`ovU)B!K#gTs(A+H)&yf}FZ^-|=W)XR}aQ?Ec?
zM!gDoA9eR$%>8n|x&IrW?w(Wbm-!I&2IRxln~;xIZ$>^&y#@J1_15H5)!l0>mS?7V
zC-TqLyOA$Y??wKFdLQyH)d!HTQXfM8mAZRRf#uw&KAL=s`Z)3(>J!O#t4}50t3H!F
zj=Fm{sUw|3$j63=|#T0MUYz;<&&d@1l;;QIK{vt4)W
zWbM2K#Ak!}kHK?;j{?W@VhQ*=5Wg8b5BNbJeg!-)#6JYb?Z(yn6h0sQ!STE(1$pv8
zeryjTp?-Qne13?><5d70+c|nU$WsvF^|9xl+Cv72F9h*;z7z(>c7@lscOg#^h}XwH
zp6$A8&#gW5hIl+LaJ%n9Jf5e;!Lfbjf%?Qe??F6zDRAs(OM_$o{sQvj^{NcSgaBNo%z)M1WLvUSA
z`=|31`_o1c@2fw>{l)8Qao8^IFK*X;H;ebN4eE?w9K=V83R7<91hr<97Fg<8}{%
zPFGHFz)Z
zHsF)N+k&qK{}B8rcsuZ$;20kn+5^^4CW!9_i0EGM>G^lK20#|y`$*x%v#i;l+y?`K2Z??CzW
zW3Qh2!SP!LD9>1k$L-?v0k3a(Jqd<9;~-B@a6I2fgX48B;~V|yqK<-~ff502$&503pWUZ1g?
zSkKtcehGOdLpiZMPXT`b@pxQf_}H(s5I+s_;JAG{cm{}{1&;Bv!SVWl?GXDltcQ+}
zAKT$TaBPQIZ@9l}ARdn+_EQ+|tDnOD1A>HQ*^Ael0lW!T5|2kJk;XpLLK2`?dAp*uQK5$N83x
z;8@QXpC8KeHNjGZ-b8GsGX1>&zD``
zrJx?Z0j~~@`LX@)hIkyO?E&u(d76Mv0LS^jDd2cNJ0BeHXIFsZ_z>H}x3FFG@4&IW
zVY@8@`S(IR=J_5x1H|tG$MO7raBM#ZeE1PSal6gH
ze}wH~IZuLP`@!=)E#&dlKc0p>nExkm%!B)d$Ndb%
zf3ci+pNq$<6vSgY!R=mv{CM5_JL81#Do->mr#sBO=#@
zd4cN((DAuBIzBf<@1Wap=P}Uxf#bTDk>H1&a@stG?XR21tq1dL5RdC~u>NmA{a}5%
z>u2oC^1H{q0(e>taNX7-x`g>}`pECDBeE~dUj{s_2Dte@0>}KfAV0=qd($+2Zl2pt
zyzM9ExdVCZ=WaZ<&%cxB7aw`BoPQ_Jum3R5T_5{(5Ayt-?cRrYtOq==F^{k9K7c%b
zC;lPCN6}x1;e5BbZkJ+#M|Td+fFA_nlh>OhkeEDhmq2pxs7{`Xkp=Aj(cNw|_u%VS
z5&iDEyWNVqK;G`l%&**+U$TDLJWgKmV9I0Oj{Lia0wc&RejNE~eL%FF{9$R??q>2}
zoxt8sJ|K#mWXH)Tc9J~z$aBtAkRSWm{vOc}Uc60yeUZc`Bd;?LhXVzgliw~Y(1!d*EZJZEwUGRYQcB=(iZ2#h%K16D?uI+Tc
zteneqAX$Zc)EJ2iB0r?(OIz}1S0sKE`LOa*PIoP(`(@j0uM-jr$vf#l-qyEUeAgE8
z`?k*9eCd42e}M8-cqQ@nT+-qvJdk)B3z_drDjr*}Y39Yg6;DgvPd{jqle|POi7!BY
zTyHEYlUsak^1G9z{B6m<9w6R@JW>?d?q}qG43YR5caF{!{W6zlqNvw>E#%qsy#Ait@*E+bbx6v2i`?QL
zkmsu`+l{IHq}4--dg2MlOSKfwLB9Qxcz*Kd*~Kf9pV5UIwaJG)lJfT^x4-W=h&)C#
zX%BPAC-0Fwi^(%+|G1gl;%z;S)x&fhIGptnf0aD84$S``xBQWH0A%@>C6jVyCAauI
zN~n@pDc?Z_>@8+p~~5}+y-a*^j9rDh<$#$QT$JOg_gy`~ftG7G3>xgx+~OyaZ_xq!a`NN*WdGNZ=ZPWp_C5J`
z5oNna$aBRPze)a+j>qnkHyyMmmS+rk@>h~)HTg%{-cFD|o+I`0fc#h$@n_`4
z^hPbdPCUBR?bfHoCnx_!$5;8tW9oRd82R;IrTn$XExr-?tYs44h5VfM`@PA3{8IL7
z3c1D4A+M|xep|>bem8jpeGq+#+~RMNZ=EOQi4se`TYWzNME)I{eAG(W-yGx?pPxL3
z&d)R=xA^AdZFGWa2)V_NCeNk|qL+|c{A%+0+ok-+$SwX1`S>_e4^PO0s*3w*KVbFN
z_?UPy@{hii?WQB|t>fns(%Pb;uDbnGEw65kQdPfTt&#YWs-UhAh-BdzxA;@!-{|=86?wH6vfZc&
zL$~vLI&YJYJlb%HD@H!;sdzBC-)!;rL
zex!l;GxB5yWxrDD{feD;7N3#4t&ZF6{)XdgQ~b0WlD|8-mNck6&
zkI?JY_v99TgnVRb$^V4h;{9}-Zu`}1p=>ujxy5HE?>|!Zw+i`cz3-?)KDd^|_aGmn
z3vl|8H`H<9404N~PagGvyr1
z$pZt$QhUbwh;Uh=X!k5_@btzMt2lh3FmdHR#z({bHsax3Rlax3Qo@^;l_
zzihpO)x*}$WxKm5-pcts`R)>u$KEGrdG=ivkE{z}&5P;vCqB8AKQ+0PKRfy6$dW%V
zdAZzD{tDz){_5llv>y7CkJ9Vrc=EgbCI1ZaQ<=pVkbl=se6zg)oe43OJKZ@Mui#{ViqR;mi
zlhzJ42TjGlBrox;bVbTpfc$b+i7%<&E&uiQ;#J9QopU4dKeRrZ
zlk4rZUvF|-=Q*0();UijxBPR-Z|gdWZRA<>`m&!qSAvM19Xm!IbDh-B9dcXG@Q8d<
z63G)ao79ul+XS7rj6)uz9c_AY8-Kn-ZtIzglh4d9<*Z0<_an8*f7>PT&B$$CWqa}m
z+J1VI+i@92etfR%|3vbb+MmuKuRmYnH%su3m=Ky({da_>^$!&eh&*TMCOZ+Qx
zTOSoAd+6i%MCV&Fli$$eUWGjVZOLDge2vaW)g$k$-kN;ib16p;@?*&*{{-@LJ0*Sr
zd9Lpzekplu9j~t@PZU}5Y$J~|RPyX6e=tJ)BzXp%Z@EgIT(9T%$%$51v(aU{XUT8reE4JX`%@+U
z1$oo$;&11a?{*xwd@c2pjJ)p+iAzgfsFB1MAkVL#<9L_+Mlw0Rb;vD$WAbx4KirMn
z`q_`ktG|@;tR$}+Pkbx+&6%=a`^h8462Cy+cD&@dL%t!h?AKHBqa!3wgk197>Uq%?
z$&;Mi;?tAg{#N4OCAWGgOaAlUw{T
z@@aJ?|2=Yh&i;fvgU(~b)%zPe?lvw>Pj2J1?Br2m$#%<-+jz1%x#g)(UcR90Z%^`@
z#l@$PFVYu_t|Yhh@LR}j9s6$bo#mwbXUT0n{7rJpbD#W0dC3!9&tt34ptMr{c;p9l
zejppU#pfmW*L6V^$!$G+O>%oq(}vvE!*?d{*-FYeg51`_k0)=e*TW^`wjO>p`Nleu
z|9f&dEyn2?^X|X
zUz~y5^5h^t-d46-f!yM2knedQ+iOE^@tw&_>O8||E1{s>0>~{-EAl2f&Kp2(
z@x#fR>*vMhkz4#y@;N&HvzOfB50fW)B=z!u+~S{+7pyMvDT{@!Pm9k;ZtH!^kXw8u
z@|z{3o?DYwttQ@y{OwWVBgpN(W*qrjK~nDJ+uIKhf)aA#%HKDnY)Zl9az5
zxy3gnPaxrbJ;?1os~`E|&*T>-liPjPZ1QghN&I?pyU*H2zB#+Z|4454S?9^u^p^Ja
z8+pk65&7t=l0Wf#^4*S0$o&!dO`W$XL~fr8EO{5|s7y51?8UjMA#>~q0!$=9cma%LsB_&nrWPD=SJklW{3YLKs-CGoAvExr@^
z0v*o`C%4bBjw4_7Ldw5{+~QZ0U+XFH`^fF{cSp&;pDyLUPHy+nzmNx9ko<8<$?sYH
zTYM7oIg=&6D7nR#CeNzRp@PUQ{zLM2^z&;I$n8FQI{8!%dm&onD
z`zHD9R1y8$uZX2R-$LH=VE5fI$R{k2`bkY5d9?g~X7aPcCB7Vao%bca3i+K#Ql4P)
zp?ckKPkt+&#E&Asq0a?ABQKR9f@j0)$vf!hjJC1wmiUw8UG(|F1@am?UizK9ysj60
zMP5grL>Dq^CkXwa*KaS{{AtEPg_>DZ|D1XJ&&@IPuKnO
zC%5>jpAafNo2^4jNZ$GnsfVoO7H{)&mZ$kolD`7Q+kH)S^16v6e|vIUht`dJ
z@E4MQEcuL$l4lmV&3h~*w{>D`$UCHyJp0IPe&8&*-S6KdxBU0X<7+#Nt>=@~o2^4j
zL2m2NGLSFSd9&i=HXbfV{?>WfulnS+4lRJZN;awIF66eZtUtN6!x7}uw7-}|ZtZ6Q
z`Okx;oEyn4emi;d?dxwW?o_+auc
zw@P`sl3SjS$y1hiQLzqc!^|OHdlecBN8_BJHc91tbA@Rq_ZJqO3^35A0{vNr-
zKOyg;M=@)>#`
zH-tPmvE-RcKJSV667s$6WWV;4+w+douARCA;}hsmRT
zCwWeh?+zA!NpA5`bbiI^v;0hn&q;3cl?BKbCzSFuBDeVFWJ7NuK@W7JrO9O|ay@LvHbp$YTXbynUY4>doR4>2q51vA;@r@{?QqyX1%U
z{Y!PpE&c=Y%KG_>kI5~5Fu6{*_$?&2_~qm$Kb8GGL~ijX$-ma~?lJjot;aver)-z}
ziEBtbS-si)X=?IE(ldk%Y(+@7D_ClB5%<&0i4biLVg*d*kZCk=VP+mfd+c~Dx(Tax^p!V+Jf
z+~NbsPi&F+p5*qNu0MJ3M2Vk5Zu3YB$?bXQa`KJ6rTn(O-rAMT{~Vlf)joh9W
z{6bz=pEpIRCBJ9+o41zo$0k2HMLaXP#pfnZcu(?HCb#DuwaLFoF7chnExs3d%==QF
zN#qtki#*mJl7ADq#qT1I+gPa?N*S@MW5GvOg{S;DgS5W
z)-TK;AFj{KY<;@zuYLY*2gSF1CgnLtZt>U1r)&L2)OkM3Z_h_!kbkG+ge>G1{|6UdUNe{6;+K%;)c8H*C-pu5
zm&xaSCENX(e6!ZW9rE0|e(XN^jDnKqH}Zs+rTsi7KQcz*1}L+X%!-bnVhG5MrZlBhX(
zCjH!Q8}gB>Bu^*udtD_@Px2MX#ru)B3Kai@+<(9LDDsqA{_*7J_e*)Ek&h@XdFGQ}
z7%je>{K_oxZR8Wmi+@Lc_oDa-@?w$1&yk;cPs-`1>np9jS$s6|U++qMBl60_B!6pi
z`#kIb@~!hFegwI_H)#U7y=QMG`Oo^ieigYrH{3v8DXx@%Ke@#pC7+@7e4E_*>j&hQ
z^n8q~^N3cT_M9;ZdDlx)o_ypnSBjS+x9fRTa(nJvm;Bguspt0O_I#v2x!sS9Cb#?(
z$*<`;lhx$*Tzeb2J=gx0yzMtq&I{yrU-L8h_6bry&&ch$c0@fdt^Qy2k^G6sZN54^
zxjpZG$A=duzgbW6mm|OTOuQa>)b3LL?&Qh!bCi9_0}n`^>Ew0vx-^eGcVo$K>&vVj
zY`e!O-o{Jk$g}Q~?cO3Usn1t_Cy%UucOa5(-?sZzR>>2OymWIZXKHfGpNTxEkHi-t
zxA>Cei*rhReez=y#ha4%E+F2MyqJ!Q`jID0Ch=3r?L1vT{zRWsZ1v&0$s5j)dOJyO
zdCrq(j3?#!jojk@Ag}#)M9(iIY9ha9$IIeVl2_69$rm8E_;<-aJ1cn`lK-IN&kx97
z==$0&z5^XyUN*|c5GBe(daoId_uVb@CXwJx4x6zTjiY^ML%QUf-UP
zr|mECu|JUSR{s{CnEbh}yU0y$@rB51-<0-Kjojkvkym;k<>*Ro@gI{v`C8&9l3V;t
z@}Lb8{}s8#Zz12V?ejFb#a|*Htncf4N#4DT)I$`Vr?+}u6hYd5YI1u%o|F8?R+6Ux
zdD_#mUp2^M7m)Y{S-r{oW|HzxCAa&mIpovyIr3)m_&N`8n7n>s+28Zzhmwe2BX9J+
z_zQB2x6g@Md)ut>$?f@ovpeo{0h|BKMn3kq5Al!tLrtao-IBpd8_;qUx++IH1T5OKk9vSEpj_9f#fN5
zJl2)m)|Y-vUTuro$(+j`U&rqpZuUH^)1<7qa>U-ozmPvd)a$Aqul)SW#TY8e)czYyRZxY&BjWaPObOZjt=+j`4_bK;N_58g-Zui%}k=uIIm*nv}N_o<@
zmG4$>HgAxd+}5KOB2ThTe!mI1tw(J^UV4P=?ATOOFqGtoYklXsw$K-?jBtFH5q3g}!Gmw|rCUF(XZGCA?@+Ln^`FoOEe1GzY
zktF{@a$DcHocx>X62FVw;`fpNm_XuhkX!sc@;o{(8oizTUJU1(+hi?19(lc95|^Fa
z;`5Qm)92ka$SuAB`JOMNKD&@xd~fnC6{I{<$u0hK@{waD|1NTi-$(vYREfVsZt;)E
zr%#gd#BVR(tv+o%YI5>h^Cf?Na=X8NmptQI$=iV3)}uCK&m!@?$Zei&0C_t7_f&F=
z|D1esS}Fey@|=&wFOvVE^EOY&Z9Qs~4x#JK){(|0Pp9irGLzeS)B@y|r#Si3g|fXm
zkt`Q&co7T<@w;5Mm;iR88(btd_T`hJzK$ZfuN7rD)^?jt|bN6LSh+@9Os
zB2Sl3;v;H5W9`<~qsAZ)j3)6J$ZdUT4)XH7q#nwWTYP2mb;~8bHMy_q-~EGf?z
za*Llt-f5)dUqf#3o5<@IlK7M47Jq@fg1-MeLMJJg)u+WrCy#hT;%t7%;%z!mglKNht+2odg4Y{p1-b`-u?Yqfsz41YETW|a$xjl!yMt&fN?AJr`HadUw
zoV@ybvcIvr$?w_mviQX0vyMqzZgQJ9dzakulqH|AQt~t=xBI^Ko8KG|`x
z_*CQ%M@oEAa$BEVntZ@^iElt|@y*C1YkVJaThBa=e2E^H#pJeLeIu#B~XsfQQj2XuZprOr=Sy>-bcn|({rp+UZQdXc`N7BX`xVIT{rq*w
z?fv{8kY8ITVn@4W*5=+TH)AjcI$j_~p{FljX{^2gU%^Unq
z{_`ox6Q_6RdbW9hB;?TxO8h(I_I}{P<=6j(^6I
z+xvm1kngS~`?-?b<}o&qFUTh4IYe&r7-z|C9^)!`F8!R{3v!#sh@|tE*3MV>$#zqc
z+dM`_@{{k&e!WL-?-BJUfB#*HZ%%H{v$~O6o<8LDb=}T1a*Ll!uG8dx-;mpLgu~>P
z=M;I{rBXl7$Sppi&Kp^McDN<+Dacnel6uHMzO28Xx#Tu~vV?r!Nh#-6a+}}SLw?L3Nsg&m$
zxyAoN{_>9GkI^r5ecJtF0&=?_Oi6C{gE`2zZk4ayiGn!KcD+n|IqdSNY{18
zBp-BJ;%brqI#WD=ysyrGwj}>zlf?HXx4$1cki4pX?rA!?<)2F)JXi8>BDZ?mNj~W(
ziGNJqahmvB1LV7%@Af&nc;vswm$)?K7N3hegVujB@{NTgPigWrJknLO{)2%aAVkz0IQ@(*>qJ&4@S#}VX3^zWh1
zBe(mt@5mGAJl;>_JC;iMFOh$IBZB7#kH{_lIk|maD8V4fXZ3IK$;mr^AaVK0E#B7e
zSe_z>CBC+g_(tTvuaxrlB#)X>^7JErq|X(`lUw{$@|iCr&oc7WX=JywzaSsiPvYa~^AoGjorR@5NyyjgymxkTi_b^?t$u#F61m0K
zBCioe%F~YAuD9LDhwHk~apacY{@$AHSMQp#U#lp7oBsXfjpP-3OL>lv+i^TYUQO>W
z?vSVJEP0-iTYL5!BIUAjwy!4f3CJxzIeGVI5}%LU;){}}Y%cM&$SuAhdA`LG--X=b
zKO#?}*N4gE)(&TpfAB)`uOhej4djh=o@yU?R9!D|lH88hC2~9O?y>8-{TQEwJ}y?C
zc;pd(k+_WH7N3Ls%re>E66CeD->go4evRa>N51cgcpGwy??j$4k8F1^xt%W~$@6BC
z{Ikg|ej#}z-LGBb7XLl@f-F*=%j9;x-y|R0P~syGm2%nnV)@@D5AG)M8OiN@&q-fvsb2okOVl48-8DzgQ
zliP90P5!oCPb!mJd~Nc}PbGgRa(lkhi#(y$^Eh%FZ_gsP=Q|6@Cy$eQ*h8K}?+eb6
zA3HAPyi2}Y%kw+=@HUb^j^2M;JzIPd@(xWUe;)GeNyLkgM~NxC+X^D&UT=?ux=k=){klCOCw`9CAK&wI`xxAwe@+@6PS
zAh*wZ?j+w^M#_1f+}3H_B0q6i${B4`==yw+PdqbuyvE|i$ZcM$9C_9;lD8JQ)mt0#
z{3#^9C%LV^97;Z}wZwl)zF6m%=8;?cQu0cNWxu{5Z=%l;j*xfKe(N-OnoCli`{Z^U
zUy<8&FY0Ldy%^57=uT12=>1U|a%(5K$nCmUkbI}!?^GqX=h1b^cO;N{XiskO-O2N7
z`~-4)9zC7Bj?T}oA-DKV!e|JMX?H
zU*1OYpCq^VU&+Vn{Lgc8o9B$E^Xpd68P7=m#N;-Qnu^?SqLjZ7x#fS4JXUwfUyt1S
zmk-F>e<|_f$uE2^+nqyh^{|}0+z^T1NpAD@KaktJ{TXtbhrdF8`-qhD1-ZpX8Y@4y
zdY&^#%9D!R>LC;P_*fEOn%v?mlF#WQ@xkOaPH0bF@|?tfLVhTo_!#nYy6){b`2#KI
zWpX<%_sDZ?lKd~pEk4n>(Dk-X*X`saxAz_tAitx}Q%aNDI>Soj_WAlcdXx?-vsPfZXDvj}Kj+y)VeWlaO0{
z5%P-lB!7AGdU`)zl{`vQiLXU&e;2P6`KWmk-<{mbGn#yjjt{4kTl{A7x3zxul289x
z>fsQ1Ms1g8$uD)4a$Y01{d!5hzqI6!J|T4d-;FN+&P<-Oj(B16+x2C;{^Yj5P1tpw
zu`T;d$v=?%*d)n6mfXfOGs*3}f(yvAd?op}klXsMAINRJ#~E_Ve}(*>-f#GQCfl*=
zs=c=`7P-B*FcEq3^78w+$!*<8A@Z3TUy
zMQ-mKTu45*upGx-Y-^YLTym3rJKklXn(gWS%SRpeKaOFe8PAEWohd&uoQY(M-z
z-tGlH=lcI2|CPiNnus}%(8_7flW5L!o>L~L4P(wTqlq%2R;VR3IkX%yDdvzvcV!&w6-#+W+^zegEJ8f47@muKW9OJ>ReQ>wSJ-?_C$UeO~kl
za@&7hBVSxj`sW7uz!#-GMN{tXfBRgshsjUq_1HS(NhPFC2zm1W@!sUOi^=#R$!DsM
zBDdvj0=cc%uaj>%E#rNQJSI@ayPVwWe@JfiH<8A9>GRlK+a_=GSR*n_u6N+x)usZ5faCbB%LSzYzI;J&vkIUb>Uy
zYmrawDRrBWTRU5kTRTUPU*9El;>epc7N10JbzUdG{+Ztiq|JUSwXHpG$BupllJr?
zxAkQJdFE46|5@_alcdfR@@q#WKa1S9+w;h6yS;?mw%hB;3w4tETgeNr7vD#2N@qATs8*eRg8*d|W8*c~lH}(9k
z7kSw-vYZScuT)CrZyb4d-L6g~|Kq0Q=aT39NcwXnc^SPf9o?>r{8hr|NNRm3Qv$
z|ML6gc^&c>n@jzs>iDP1qb+Zj_4;!u@>lfz@#^GNhDiOo(O#@Tb|R&ZGGHM
zZtKwj@-CNUy1ph~rQ4TlmFa>XUOfof*5kUuOOEE
z_AP1OY;wDwVIKL{T_wMs-0mybMjlmF+IfQ9?pruZUVM(!zfErUx8z?Y!>vC(TE85*
zUB|0Re&@8jzCL;6An_LDwjOmQxAmeo`Okx;&M0!rk0UZtbZ?ZtbZ{ZtZDCZtV#ppQP89dXn35aum58Cyyexc1|R>04ReHj`U^2l=$8C4Yk4&g0IIw|GnD*Kg#uUCpn@5jKDAJnI4S
zlqoXaAadKzHz2p;&lcoXza4q)C#3!may$MUM{ehF&yhdcS?Vkzx8vSbKq}r^SH0cU*9D8+vH;=NdMQ?_YbX~?fj@Ad1yJwwc^AY`OzfuM`L8Vrjy(G(Mq=*(`aUBe(VUWpZ18=aO6fh2*F7?;W;~+xq({xvjs4$&ZiF{wKHf_YZPg
zfAhV6cmJP1B+moMZT)?ey#7|ncP6izCH>!r-1aX+$!-5Kj@pep&tj^5@FS
z^j0Ca^`$zwr=jFqk=y#xmE4x+2=eeP(!TNJw!TawxAo<9a;ra|e6U_$+CXmWO9r{E
zFZ;=dek0TSJ-Mwfx5#aMxkLW?+ft{j-p5_YJNfSKCTxAFOg_E6{)WVU+x9+2le`VD!F|>?@IEPdf&wkavSe;@@uChcENZr3wEBDeK)7rCu>pOf4AVt+qs^K0u#8Sf>^+ws6{^2DEHy6#^i
zk570K=R;W6@=$@2O}X`>Gk>|nWb{!^!{Ma4Ihm+fNnBL@e9VUjnbDY$fKyK^N
z402m9W|OBJlsfN{TYeS!vd*&n?;GwP
zC+z*HKyK?rHS*m1e|oi`JjE9{G_!t@i^}CAamcCVB8{QolX9tw-I+A3rMjG32%$
zJxd-mU-GY$+j^8jZtKxX@}_=LXCt|tFJzG0`NCmxJ735mxATRIx^Y+X
zW(%ZF1o`RTWV~a@EkA)gZiM7#liTO-%_U!5TgJPZ-16(mTjWYUi~N+nA9t3#ewgI1
zlQ-AvV1JPRQbqFl^g6Efe>c6}@*ug@sX%^jqSUEIUjDlDPd#$moW?P3`qRii=_KucmHfq`;%|{#{Zw+Rzma@Ph=|B1YfuGhE7zuh72`Gb6BX{qC<
z=jFDXJQFC>Rf4>co|grZ`|01^)F6LY?*|JZ&+RAe2_tW+e-{=(-fNq*b2xdCW8xFY
zU(xfy7s=QA$#f-?+u!e}lP}WGd)Y?*u&$5$$bVWR({+NptsXC4AkRE1`5f|P`uTx(
z$T#Wx?}fI?bld#uq<;@sioCVnUtNWKR0nx|9r6Rei8mvkcSgJec`co;2=d>hn?2Fw
z51*AfapdD4kbam#KJ{7gS>&0z9xWj6en#@|k?+v^w>OX{Yd>d@uUH}N{G9yF5UGEP
z{L|s$m&tFm5&xBZ>?!ekbh)X|7ow?*wW=lIW
z$e;K`{2TJsdfomO`Pvl87u#|7^yX%Z*C1c7^QA5MYQ29ck^GOMvLT*Lo~`TS+vKO7
zly#%l6TeR{#Wt{b^i=`olRE(
z?f+o%BI;eqYv}#kapW)Qay5s1lI~|$k!S1YlOH1gT941Kk(bu>qVO({@5kDIvZFk&
zN&fP0vOKgVzohS*bRr+|nbe6Qe@2ggV)F3BJpAQ6{2lVWSMKqR_`N)QM;`uZ9{w%)
z0X^Tpn1|oa!|&Dou=TUmDN7!lD*aYD4}T&LZ=Q$uCVxV&Lq_J|&*$OO^YC}c3zwGm
ze?ord>^;5#XUH@4ebDlI$B=PkuoCNAlE#)@Hq`eEUMF|2X*_J&tNf
z{+~yrP7Ct4^gg}Lc2?HTf|Q>D%j@~8FuJ&rs;|4!-!^6C|&{jai@7oX2wM|>&y
zWBsH(YsgD%k^DCDo`K@~$eVp6{v~Xg(n|H`-R**V{_Uohf;ePKZU(n^G6nXz5
zGGD5Y2hEap)+N96r_}9CUZ9WUBgy@AJ2RHN%t6V|CjU+MzYECgx0CU%Apd%!)LBQ~
zu7LO_pNErMotMb_>3sup$Pek~{ca;~S5c<(BzfEs@pF0jujJucr;y&CV*S=r
zJ&^nv^@ij{&dPXSAV06?r}N0adP(x@$d^AQ{r@@nZwEqcO+7D@7r9sRE6HEc^Wy#F!Mc2&A@8Q!vA@WRSCV#?
z)$^)C-qE@3Nzbpv8z39A9hT{^eyH%E|F~Z2#FF>!
zDL$EeyDDNMN-#3&)DYILj|SIOvRcy3
zs{73%x?QyKKCH)wwaE)Llkv78|FW%kfAXcTiH{(ESC1cFAg`f5mwb=DPqdaiTCbb$
zCNHJiy;J1R?UsJHNAL5p=^d!&gGI>4>3-)C@}k#ex}GBc@P>E?@-OC#chU1d8*iL0
zZ+*xs&64~m@*{fvY8-h?f0?d{L&8qy(Pb$eAyZC-Q+8~h#w?Bd{X>G9)5=WqF!hCjr=n`
zFZh#usjk;0zmV}*|J2v_)60_|DJ$FO2IN`I|k&Z;@}(>mK*&^=#|^FLZz8PoAUO+sfqob$ec$e8eqj
ze{=Ho;o|mp12*1=ACh+Vq5SSd$&VuMy;}0mk=uS}8u>iE4zrNl^2^9yTrA_=PHy?V
zY&$W%=(YUucQc|C8ME1&+&bt5aU{70E6CD0!^5CzRasVdUNQI4X+V^25l7
z9FzWkncVWPlebTld>Xms)5!c
z{V{p_Lz2%TzpeYnZ1Q2RN&D}R|EAYZ?$h`AZFxSf*C8vDzpKX&kCXT8EcM%x+wnse
z@_Hqu{Ugaw?i7zFKf6cjzd=4t&mR|%XOEWrCi0(eitiw=Sx?4$oV{vBA>3;=R?V>Et5K7i${`|?I|8Z-csj#BKdG#Pm{wTE1uZvq887+PO_7}k5{9}AG{-VhLLYLC*z$)Zhs&8DtUoUQfDQ(<=2w`(oyn<$t{13ynw&#uzx1E
z{C~)A==QV1w|Dpdb05lhL&?kiE*?gn^ssm|`5!Z+?kINszLHnTt(|koE9mxQExF}4
zljrLG>lnG^Pm|Bmo|DxNU4&-${kbWCaK2Q69IeD)i
zWW4*xv-CLg2zkRElFuP;s>^dO`Pb#8J!Q_`J-rv~yo`K_ULSah-12S7Q*?hinB4Ls
z$$!`PM_wbh{Cx6TI$ySsTRww4P>=sFlULXKD}Ev$tk)lkW#8RDXD-U~(&Xc(h&Lp+
zd^7U14W3-OkJ*4=XMCx5+my7GF&RhNg@{U2$p2x@+)RouQA^%9vyE~IFY$bJ`Cf__*>Wm|g$S?UxBeZCg&#$HA0K12R(isUDd_tE?dnv~AwL&OgTCW3i%ENn-zo+N#!^o}9
zSn^6;rGH)_Uw%XUEpofg@DBME-Og_(x9e+r$x}8+{d45@IUC=TM_rSAfs68J{bu>1
z$@m)}NKu%XojwBmWoqU$dk=0pH1^)v@}4Eli`?e#JLGm9
zY$bUCJ?`8~Zl9C$CAobr%_;KVJ4pZhMZUY5c&W>G_p`mPSCQOro8%jj*V5yVr^sJ8
zF8N;MDa*tMkk``V*k{QtKZX3o;!7o;)v3p0;1=)FF?(BHoyM@iD2>mAtT?cl0LDjgvZK$%j8DbtaNe|BvM7kv~vQ
zd@=bB&3{B5s_W?|iub1)s|A3}b%jreHtqoc%MC4VPGd=7btUdLEL
zZr?|>o_v*_Pi2s2ej)XbkPjOw(|ejcZnosFl3&vP$tB-*Lh|?Pab+QI+55ee{DRak
zOMWN6_~Ya?b^p?syq~T|Pmv$d`_?*>uXs+{6G{F~3Gui*d;7CB`5~RZHOU9+
zeM(Kpt$s`L3#rnMUgX{GmGKTBFEK#;1#;W2&LBS)BK6miZ_?>Hn1_E(KDdF5_cHmc
zq2f2mt^OVII)!D&P)zrq*8f{|`7BM|<6~)m2)WJQQ1Y+dkbES0HC^6f$RBw{@-xWo
zdg*NPkX16htH~$V7vDf$Os{M0BOhNy@@Mn#3*;Riko;|OtK<1mro;L(Dp{TfkXt^G
zeB6^#zZbbJR|Cj@)$0*So?n92au2YLHef#x$Up(lMh`j^*fQ<{<ow%Pf0O)va@$`YCI3$UKI;Ox?SFqJxBah2mkaBE+s{5oZu{8^
z0*
zX7VpCiXSJhK3wYmn1|mWFRRBn5Bw~zv-Vh>;^f73dmBW4QjZ&JlOLKW?d(i$+l{Bm
zJ10qg61il0~DPjcIC^dq0F?-#_9+jb*?ytN+JC6n8B
zBZa)`RGHp%a@%ffA%9$tmyVI!asD^t1t-h&{zz`yncvB6J5%r%d7aG{JI*gbZrh(q
z&g@Kn
zLXY=GlJC*|S3LQ%dR+Pnx%I;v&M$fM?*4y5uOn3^@2_z)ep4lX
zlDzyR@vFJ=Xv@#eCi46i`7bx5zTbcD&X-y#{s?)7zP=gxGTl!0AaAok>W=^Y?)vBa
zrT$d%6OV{5BJZvH3rM$F>lUBOjs1CyC^j2TDFk-96JoY2So>K>1F4WqLP4UQda915ShMB|xA5LUpX2
zetI13#;ccXefc1D>u3AEfJWq2CkEs!Y@p9B6K1>u-bnMaZ90x4gBp+q~!lYHksc~KVBISq9@1^?-{Z@^2bbN!Z(KLz!5S
zM0xAaljJrZza!6`CB+K+{WHD#r%t{BkErwXhCu!}w5LlR`AEor4f#aMTl+Uc{utyx
zqr6R5Hsrs8{BL>W{qFx~dcTBxMRl8ATb?^X{tL)Yp!}71sXK*yvwpAQ>*O7D`|=L?
z$NIkfR`Qd&ubFvNW6Oko
zi>7=)CmA@J{1e?+&Vf2dq0R=%Tb)nHt$zRa-rH+%^dh{K+tw+C-H`R?z{-V+k*3PZ^ertfb8@dbH
zS)20K&Jc2IXLEAfjDoeh+dl6i&#&)m
zpMp9&q0Y~gx8<{--d|(=Z2jg>Zv9Y>-1?y|xqbgp6Y}lVWWIJ(ch7b}J4aGJMz57Aoe>b_c{|LFY|021y{|9nwe}27=;@ZC*+EZ2C`m?h~rnd*=KZgAHJn~B*
zua^vbui8m@+x{OQx9$Hea+~k@i%Gkzov}J!3ah)JTcMr7;9J1kQk@C`GBBLH{UsS+
zZ*u#d+=1i;biW@*{{8(@f2O*tx*6KDl=3#c`ysyx@@MkM->28rT>XzA{}lK}@M+*1
zz!#`nKilV|EG4>|5O#PtJ~$TmDb-p!;Ox1@!(_*Z%d;p0?n6$-_6azq+;4>d(x>
zH;~8adipWcPlxf|r}tsG_N)ajr_ST83HddU?+5-N`15(xSqAwJAb$y5Z*lMqy+d_u
zds5(G*K&`?+G+cd2gz+aQ-R#JGd0O=fAJ*w$=1HndBWA**xwiO{T@nrYiBIEwR0l5
z?eC_MTl?pbTl<%iTl?3O+y3q|b=Uq?(Ejt3x8jY
zR{vA-jru;$5pv6)ARiea?Yls}RiED^zm`vqdkd8MXS!BEJIkwEJ8gbdBe(g|fZXOw
zH*%YEypg$@FKcyJyRxA1+hg>fDC>GRPMXkb2f{
zmVaE`4P6TP4wSe3ax%HqSwh}PFK)dD_1}g1mnd&_?$P_^tev}ZrQP?dyJx9Tr!n|D
z;Neuq>Q9CI63A}=Ukv^W_#*H^`u?!B)9P1LckNsV`G$GqpNIV0ke{1Jeih^wKt3an
z{5i;{K)y&>=~wsrE%27=JY8MMFCCHB_l7$2q0Woo^T0m=p9}s6)wljEsrTJmdk*RT
zyMnrF#hXxP2<5HLYvg^7O8e(SojFkF68Ib7cc_jXpA;xB^{kz{ljKDYl3RPakiYSm
zygrhA>2#?xQ{APKp*;sFZ}l&dpC2mquS1>Jp-#C9GTi-s4ZNPZO_$Y=fc$L8kI5sy
zmVBWe3?7F%da2P@t!%}A+A|aC*HyRn*nYeTx$PHPk=uT}6S?g#`jOlIVidXU$Db#+
z{dkJHn~GPV{c9<2=cil9?fX)9k=t?p7vy%Fe^uR$_Z1lLJ%Q4n)^9c+gUP4sMYwkA
z?p3-d`>GA2yj{;pAh-G-K%JMNJ=x$df&WHzZ2o#G-Q9khzYmeye5_1v^RX_u&Bxy4
z*8X_%^xD#n$?ERe3}}BExURasp*yLLweu*sweu{wweu%(Tiyy+mUg+{FG71df=>e<
zq|VEO-M8rKOojYH%73$8#U=|a>*rf}c(F%hJl4)Zq4K=6x_dSS
z>UW{M)$d1sV6fDQhC2GEIKFDHfIkoQ&rqG1G^ul$+{T+jZpV$c$?dqYR28Xb(`)PX
zW9n|`WN1$)Mn@C5J`RL9!04f4-I{);^F
z*YofKdY#GU%j$=uSW$I1y%V5*Gw|`?J*keh)2?G#ee;Qwx9g=d$@i_0`SB)J2k$<1u?xWa3-d|@z2Goy*
z_WVeBo8H^xo}q)|D7&RlOaC>+VdvmZMt8q$uH
zfFckNSm?TLo=T%!DnJ~A-B_N&VehJ0Cdn_g>Ab#iM@6LM=$2XZ?O
z9IWoftBZnf?2{;O{gVp$fzZy)dE^g6J__;|^2p~xJ`(Z|)^siW=lZaVix8t$*)m?k~!+3X5-lpp~TbNfd}EYf
zA5z|qlQ)rDdv=oBaq?kuJ5K&p-HrEY81DnYPX1Y6Y`a&U+_on*$ZdPlQQcMR>8mKe
z22tMH{~Y9dKz=jjtsgSTtxbjy)(I>~^G4&Z`-ty|!4_3c9
zjU*W!gRetd8_{x`DOjP;CG--2dJ|jygm3Cs$=y_Huz`$wu5|4b?YC?
zH-mf_QK0uxOr#9qULB0*;?YO85xg8fpkXt{*kXt{zOm5S=oxDt7K3}UYsk^Cb3GKW?
zd8<>o(Lepr0`iU3xgUB^-nOC9lz;m)KMDC*%G>fVk=&MtY2>y%%ptesVYRwzXA>CjZpvFf
ze4B?~BY#dWCjA2SpMd&h8%w{r-;KfRs&jv~g?tF)`{$7#1Nlafe~I$epRbc!f2NRI
zf2NUJf9_Iu)722hn?-r+&mSP)0P^{tkpAI*sF;Tbk=y>IA^9USq;4~H_pCmQcO>Pl
zo#V-^{)^b^(U-dEawBb@L2kO^_`URWZ-EX#ksiN+N)`5JJ
zJo2r`ZGY5>-1bLLliPAKgxr>s8RXUvACh;!UmBZ5Zuv{(>)w^=FZkr${a|^2a+{A8
z$oJ_~wGmUHXR$&|PLoJDT^xtiRjcO$t??{4z{
z=yl!;@8`1QwmjD)UtC&V-<{mX+n3zhKb(BJ?wnsEw>oc;Tb&i;
zxAFEQw{{L8xA9I^xA6|ti*0XG{wKY@`XS}(Ykn`~t^co5zG$TM&pl7w-4B*8
zO8$VpuUwIQuzt=!bMk6>QKTFB7p-M{aq2d`+q6A%$WN+&N_DKAN62ltI!%7y8yW9K
zs9#IE!1wzhec#x&16Dtfyj6R7QINW;S`+F#O?j&`nEcQrY0pTgQv>R}LwT!{MsCx)
ziQF?x>hFO1)uH}*aJPPK*6rYxBe;A^6vf#
z-7Li(Qn&uer|oP=`Dahb>zh&jqF%flNqK9}cyepci{y>v-V$3*roJZA^#|1%sdXy0lHt}rMb#UsTb-yV$#tQ8ie9%ILV0V?ICkCN
z&89l<>qWTboY(oij$P~QCO@Fx7yK1@?lo!u59&6(g>=06b$f5qYwh)
zo%_81a`KBe2Y2h^X}!o7L3OPDD9TUJ{PaBX$>cU)R#BZmt&>4{8}HYY-=`NBuji4^
zCAaYwYa{(?{pqI{BZJhrKkJiQomS-by=Fbg+v;{>u)2-6yN-7vJdKmKiH{M>Kl$*tdNkz2n#MQ+P&
zJ9Re}x7?=ba@!5^1-%19-9Yb8FYx=lZv7tv?(&J69}DjC2lVEhY2?-qZ-Toz=~^cR
z+|{x9vRd6szWv=Ay{NpM@>c%`$|vjbfBrC6;h*=RY`rK(Zv9*tyrB1`iP~@d$k=t=pFu5HsH6^#>rS{}@ywr>Q?aI=Q!Q`KPEIxs};u7%})ZH`J
zKN+FkU*4aKQ0Sico)FZHY+Y&of-ZuLv*Mbjpfw>n|$+W$kSP7A#_`aI`#
z|M)7q)>%ky`^OK+ZU1;k-P*rYFS4GaytV%aa@)@Q26fz`9Hh&6-P3zqFXEO~=jp9V
zZgm=v+jhP+xow|&s#`yo*Ne)-DR0}!=O|xS^D`-L+nL3be^>KsC~y169h5(+`Jg+22v){CSE(`9PUhSV=E>l7!q{ZSQi+aEPk
zxBe-r7XR>RA1qlrNz9<9X!IliPgxgX+XS
z>Xs&t=b^6DZ`z*~z}zk^(XD(V!>-V6%O;;qjwR0lX8Clhh
z)%&-5l(#yI$gR!?tBmAFQr`M`BDwYRtKh!rmF9W&k!PrX2JZU7_Ft#LU7Z}w|4bgJ{csE1
z)v^6o!5;EL?w=~^Zm27fSz4yI3FU2i+p_C+cnG_0XX44fe_z@$S>49lL&y6*A4P$%iA4rmk-wbLr=?p
z-1It+R4)aN%Ue@&>z_8{c73}C`3HLcN?&z1I^9J2I%qn$n=dcud|60!Y`iPkb-B%;
zIzzP13C`>Cd?OF{^!lfNTt8IT<6b{?H`KK=Q0q6QytT6}`J&rWw+qzKU6HRJo~OLk
zd5PTmc`o^9bEWqT+$8TUwg
z9wCqZLA)OMBz=FOJGgK8l+k*IkSD9ZsP3w|>0Me_2CRg)YtJ|2
z)}CwR)}EW{)*e4!YdoHSzS02q+qEY|+Y?28L-Vu1E2_DNE#T$BFMzxH89MBDb(>$K
z^!X$G?rzT`ntwvw^434?$gLmxQ5`Mgd4uw{{ePR>w*P75@9F!O=}=z}#eAbUM){5%
zWz44`A7G8~J{IaP(`(aZ?I})f?WsgwRf|2Q?y8l7`kg4BnNP;o6Y_dU8}-+o2r?@v(wek<;M^w;|lto|jPh*IRO2Fr`es=KPT?Qug|QNG9?
z8E*&jD(^_0?odZ}?Y;psDgUj$U!FpKUR`&qzVqMwGD=?^n@5gxSK;$O-)}h`!13CC
zo~J7m^4M?T;5fe`!Eye^g5&a#2#(87GPu9~-#w)2|6MzA`Ai4L^&$ft*V9aJT;H?7
zal4TNj@ucJ_PKk&?Ug?`ZYKl5aeHg$TW&D!cS0eL`>Am7s@gX9po_V$S=GQ}A&=*|
ziQsr1oeZv*N`2K*!SVjOba1`I?8|3>*M#(ctfZY3El`i7CZzz5xg;YGPu6Qj%A6%Qw^?yc^{0{X>`U4jv47y%oLh~q
z22Tcm20RtK4|qCwU+@g@e&Ctl{lT-r2Y}~*M}o^qpzKeh!0o;p*FOWn1KmlK_s97l
z-~Z%SF!*5bQ1EE*aPT4Ek>EqYW5Hv<6TydpCxZ_MPX!+Vo(?_|JOg|bcqaI0@NDog
z;5p#2;2u2ya{W0L+#fs+JP>>wcrbW8cqsUI@Nn=6;E~|Zg2#d$1dzBbnsc=8Q`_&o4%@cH18;BSG)f~SBdf-eA127eno6?`FhI`|^+4DiL^ncz#n
zv%%j1&jC*b_uMZ}TtB}H?hn2cJP>>tcrf^K@KEp-;Njr!fk%R`1djzz15X5B1)dE4
zK6onlYVdUM55P0PKLpPNUjv>Ez7{+OJRRJ3;_H3x`hOj`e<69|d_8y|_y+J`@QvW1
z;2(j9gKq+l1m6rE3%&(B5qv9nGWa&|RPc|%)4{icXMleKo(aAKJR5u`cn)|5xaR?R
z;`(_PxIg%A@IdfA;KAT~!9&461rG<`2ObH&A3PTP0C*z!LGWboL*S|4pMj@?9|q3=
z{~SCM{0Mk9_)+j2@Jw(|VR_>E{|j(`@Grpw!M_3z20sQK3jQ^CIQVh!NbnQjvEW(Y
ziQp%}lfh4cr-FY2o(_H*JOlh&@J#SC;Mw43!E?Z~!97LfiR=G!;Qrv}!2`iBfCqzL
z1P=xO4m=$E5_lx|W$;+=E8vOX--9QEUj*B4m6p3bKL@xYtC{V;N?A4y*4L4g?ZmBj>N
z$p<|okU;*XdNTPE?SK^WiCRCE-0G*1Tm203-VX~LAU~#_Ngk~opG7`IJ)8Wn`W5o4
z>b@E79cJ@)cS#BQIq?3N57N9pxnF6?1(4TQ4<^si`u6^z)qhIshf?0^>z}#&-JbGV
zKa%p*OG$fT$ZKi+SaPeMKyLMu$;*|K`YGh!si%?;3zWRQf9nRj^=q4Y2IbqAm;3?p
zqZP$7$+NUh7WuSFlFuREr}cBm_h@}zFf9m8E_J`PE0nBgubKk0D=QMe?!aKdUE@hgX$+GI{69;wj|To>X$H
zpGI!=Gsr)!EcFkNN9lBBlFw1kBHyN-L;lvIQa_jcJ9W>!GTi2Sz94z-M}Dt*Ao-AB
z$p?|wt|J~y{!xAL5b^>I#KXzwYMlu3vRWsSyo%Pb`^s&)j;JS6-oLJlH;Mc~t)EQZ
zS?i>bZ&ptyPt^Kb$ltFgqw+{A2Y%^0&1;_IGAh$J!H2d8;2nZuP^-i!_ql`2-+FtV6
zAvxd$E$n^FCD+3`kEeiy+yKjZ_*AJbuh;DsO`ME;Zx3kKIyBHxe@
za%+Dmcu}YyMsE3Va6J|Ay()rSPcJ-?;CgD|%g2!GZp{-5uBRNnd;+=U6Txkq?gdHY
zx;gYDgWEiD`4sXY4!u9A;3b57zthO=@F5-iVaRVGuc5;-z^#wnpabMhHJ=HthyK1H
zS>&}fpA8BVml5ylwvg*?%98=Eht9sS93a=-sV5WM
zwgK)1S>(DK@nnPRp{K9@6>{4aPZqsWUeYgDUA+j&;r#l1lu0HkN9|*38
zu)ZMyG?gppU#d^orrBD+Bm2>zsny^l%cp*k!XyeZ^U$ZdL4!J9!ojr>s^mJa?D
z?!COH73b|eP$pLQ(`CRfTHcSs<+;ZN^%=_p^
z9;(Cq!CONYKCXK1ZhaNCBtK?&rxZX|-+HpAtU$gMre;I<8R`4niwJ~
z@GffZVGFrlHuGeF+cwPQ50KlwJQLiusV<*I{Z#S)5xvw(!mEn
zehYc14$AW!8$AxJPPtzDOklVH_5PS&agUFZZuwZc8Cb>Z&@`2%hSd4H0@M+y0Ur;vBkVX5GwA)iKW
z>tj0j7|3rSx9v{`cr4@(kXt?zd@SU%$Zg(agU3Ps3b~zo=YWrcd@lKM8&+8U#;&1jvVxTRt3oBIF~;ZF!Ca
ze-837*}yn@E0JTMsCYzI`|aGZy~qk
zAp<-S@(0MRKQqCnLOzT9@8utS8sx8#Tm2mH7a^ZZZpRy*A`)`T|8&Uvk=yd=4{pc2
z?qvbwHh%-bUxNBUFZ{tKs0UKt6&zM~6j%zY6&n@>V)5
z7JMe;6Ugm&BN2QS1M*qqrL_Io;Bz2-yeJ)rVESKE!_D9-o`Ckt8{d9peucX8L!B;>&fZVR-1%kf^`5d<^+e9Tp3|8uAI`w!cdR{{Zqy
z;*Dhw88#@C}g9CI9Faa
z4+lR8`3Q3BpGfdSkdGm^5(uK83uD4od|;0{Jv@
zTffr5k3xP6x#cs!Ga-L~-13>=UqC*K+^!vGgMSJ6E9AC)%K`ri^10+yY?v+>ZuviE
z=6&=de^`h4gMSVA0CL;k1%e-kd=RI_Bj+h3-V#)qjgv~_({k|kXw5q
z!B0UxhTM)fV!^+Gd;+;0?aa}kbCAy>w|qAEdB|TO*QbAfUZY!{FF-yQ^3H47u;TI`m%nJ{ee@%@
z_V|N;2l)VUYma@-rK^7l@5DR_{@(JYDo<#8LkWV7FH((FA
zc8M>K_Y0NqiTo;~6Ytt-%ZMBDB)A%sGZKUhtk
zxb~C>uL*9)4sLKbcvZ;9fa`yKL#Kj23i-FegTOa{KL&mX-1c2=@C9(&hdaLwZr56z
zKdg;#)BE=}%>5tSmSvak3Lfl0f5w5=G4wvp2d@jh5xgGwQSkcUzkxRZFQc91+TReo
zDR?9BNbnHw>EMmQmx9|lq8q#myb0vbgWEM5H~2oCd9Izd?RWkdcryq3(+T`3L+|5A
z@KErX;LX8TfwurJtq0hyJuSg|g0})s0B;RGAG{5C26$WWi{N441$7~I?P&*I6}&xo
zSMUztW5I2o;0DhE?*#eP;GMxg2k!!Y4LlsYu&!*b{awLpfOiA$2i_fg5_k{r1>ilw
zH-kS7egeD~_zmy~@BrN?xc2u3ZwUSjcn@$pw{U~w!23de4tPKCkHGtbXMqm@{{uV{
zyryovT>GQIJA)4dj{_eBz7Bja_?O_(;5WdBfIp@iP1l~G;O)U0>27A8r)Ae;;uboz#jpR1#bpE7JMXl9Qdo?Z&x@E5^Pf=>tk5BLo5Qo56N?SBcp5%|mCJ;9T}r-8o$ejfZ)aQk~u
zH{O}xkLtmJ^I70+!DoZ-1Ah(tBKYgz`Sc*e)lUWw1b+kE{{GVC=YTJT{F~qz;B&#x
zfX@TJ4L%>dlpgfB@xBG#06Yb}JNN?d@!)TRzX`q&{4n?;@ay1H=27e#?
zF!*ZlpTR!>572{G*Uk^Y8-cF@?*qOTd=hv%_%iTy;QPVXgI@*T0A557rd>NXf>#Is
z2)rHmCh+0lo55#-ZvkHez7_m)@NMANz&{4RUl00S`?rHX3jPUrEASoQ1HpHKCxT~y
zF9F{LeiD2)c+IBr#IHNS4+8%Ryd(HA@ZsQJgC~O@
z2VVnz0{nCEEbw2!Pl7)bDoH<1KL&mQydC&O@ZsR!fxirX348_kW$-=VSHQmq{~o+x3wd&n_u(pdUGQt*
z5#ZOsCxHJ9o(z5i-2Usv+cTd%^Zxy*{?}2#f7lZW?gt(Tem{63cp>mq@FL(D;6=f+
z!5;+oeNc_}xof9Cc%Yjg?~n6hzW>RuQ1FMqBf*P}E
z33c2s`@W=;;FY~z!TZns*yp8K9s53}fc!Gt+`iYT61b~VQ(~S_aQ7PfUaEHBF0Y4A
z9{b!9t8d@8WuH%CZr>O72Gtp_~lh#Rn;2q!T&yaVs!#_
zr3ogt?}G~`x9^*a1+ND6lfm6M?0W+jfLHc`
z$G-1)2Dr-?as$0T%fTJl_bl%vx9?^C9Ng8Zp>?i<-gLry>I27x_|cl@{=L&+`hkl5&0=S-`GwbpvU*8$>Y^;lP^^d
z)Sa=lr-dGWKL%de+n(aOy$b_(uPLd=i(SE8{!z`xg1dbGQ137APcnH%sE<7hz+IhI
zTF3rQ*41$TX0?#K{e7!>a!c`ZR3}>Nc=RB{@=5I_e?NF-Fa4zXAaM5@zb=vwBi|P;
z9z!13RXmA&f_fVHY4ro-g}O*VjN-voEZi%`^^)=427gS*_q$wSd1BL5SMycD-E1qY;
zUb9>CgULM+Qg=Feu=;FpSN~b9zY*Nk-`rQ~d;;$B`!s(Vyt+hvzi)%r0Jra}bhYgm
z!3};=500JJa-ctb!QHT;kuo3}+_k5q?*FEPyL|nDl3z|fQ2j%2SEshtISlUVTpKKP
zz6N*s1kL{n?(&Zfk^CKSm$&_WIX&oi+1e8I{eBWW7`!#OtFuza8wp+q@`>Pe!BfHO
zfoFi%2R{hz#=Ba_dl9?=JGBh|jBl>#oA*t-wQlBEJTMHwT{%-U8h2H+JLIO}}rb
z-6!n473A&yUgxdB{ffyG=WW1)z}td{fro*|fVTrr0&frg0eA=S!{8mkuY-32zX@L1
z>uYs+^Vj2aH(i|}9}M0FJRCe6JQlnw_(X6w-VHk5x!~O(Z}FiKH*$1Z-2=GYoDDcW&->m&V89WN|i@*nhZwDU)ei~di<-Vb}!J{ExPA_)2
z>C#QPZ)jC;*Us(Q&Q{<mL^2AN=DDe8=qrrQCj{%Pdj|HC#J{EibfKLS90{$F$7WgFaT=2=@0Ri&Fwf}kW5bzhkBfzJCCx9n{r+`ld-vT}j
zJPZ6q@Lcfe-~oE^&b5CAcnJ7Q;1S?2gC~F|flmdm>~%j~o|l8a0{H{ruYz9zp9x;L
zj68Aep9Nk6d^UJE_-o*?;ID%xgC~QhgTDcO415mwui$TjmnbVwT>IyO*9V^m-UEC-
zcs%%9;B&!Kz&C;~06zx)Hu$gL3&8`*$rIQ9Mc^Uei@_tnmw+dLzXP5Eo(jGN{9W)Y
z@TK6n;LE@R%F7ei{^j5y;48o*z~2K;0AC570-grG1$-5F7Wn(%x4~C~m#ZL8T>C!&
ze-ivd@V?+{z$b&R1z!Z74!#|H9r$VR_29R`H-ML`C{JAbH-bM2{tXYsRp2gf*IW03Z-x9t@NMAv1LcXEu8+a1fNuwH1^x;6VDKH_)4_Lw
zF9**6-wVDA{0jJP@Snk5Ka|sc^RFZ!H(h(=zrNqW;CsQt!9N9$1>Xmr489*c9sB@z
zCip?{9PmTn{%&HtKd$|s`Ti%rg24}ihl76(9t(a1JQ@5bcsh6{cqaH4;5p!5g8M%r
zPx5&mz5)*hKL#ES{xx_k_;K)L@Dt$a;920uz)ynz3VsT_L=}1B+W!rBeel!ZJ;1*O
zj|V>kJ{SBf_(t$-@MGZTz<&il4_>0GJaO&60A3&bB6tt*@4(~1FM-bmzYM++{0jIn
z@bAHY1-}YjqMAH$?Y{a
zw}AuVx88@KKsQ4ix
zqlS)iW783Jj~^5Fe?NTCnEx7ncU!$Bx^?@n3{R1_A)WuvDeq*34D+^hVAQzi`rauS
z()zy&-#zmG2QTOzOr6_3zVZ0j*yy-H-jR5l^!EtwuG~GoUQBdC-orcBZ$EC#=sLk|
zqQ=GdiW?Rm9oNb?gZ^F&ytDRSGQn=<{7a^8_xOn;qX+*VD&3v()%trzy8e20*xkk5
z)QuZ5Y_zv|gFUr|4jMEdI$=5){q7Ryo>XIc7vlw#}A92=@%2YWj~gfdxBjkYqZ!~jyj}Ok13C_@
z)4KJ)_Wb`pP5Rf~sOMdX|7RWXFBAR${TTkc`?|+_dpFPJKkrqh$ABKe1A5f)t{UMT
zylY68?jf|*^1k$cV~PF$qQ$PUzE;C-rIFiu4;$(23-2a8WI%U))?+~H?sfia%A)>9
zv;5x|-hZ|%ZYT0TDr_66|L&{*rJ2xRVD!*oqyKA9@V_&M>qUVIYn5$TORaU;YCp~HT6fQR_q>_=?)+}v
z++hfxeIL!6Oy2K(&pG$pzwZz6>Kc0*S~HhQ(NDj+vKU9GjB+&^T~WJWQC+NS8@N#c2xB*4fz5?KzQ}j^x7r;+cf#=Rgq=Q2i)x?dXoL?4s7A
zv9seQnzD3PukeN^#t1bxo|f|@sjD~6rEiRIbK&L8M9)nvG(v8?AzI5_xdBO4A#RBm
zG-i_!nKZjmt=SE0|FX0KGOM(i_!f=m}BRO|6`@NA!9=+YHDU
z&KWsCbIV+gb7$Dvg`85#T05xPbVnDb=k%eT#eja0M<~4R;jf`|bT(x-7(AqNBsc=i
zX{nad>Od20sHj8CDajv~CKoK?H&Xl9U6LvzuklX}AhT*2(Y&d+sHda##-4aA(cM)o
zYchceI#fmus;_U8rVN}5w_h2ZqIW=S{1O3jjSW8
z?AI8o%u#kKSF*ChUp1XU^^2A>XjatF9piNsu3^StE=Mt~Xm99?`IARK0dsZk#)d>g
zBdrgo*OQzs>K9YEl8w>9nOzkZ(;PB6Mdjk4{)qmor8Xg0Ff@EAiN)F*ZivUczO1#G
z=ALr-Be_VGRd&$0Qk~IX>S8mZQR+%+mKa9R`ExO+EGg0=8*AujqKR^XR{JfMMC)e9
z+Nq11n{G{US+ZyKFV0Xem`xa>(V59WhqsTXD2Io
zMp0`qh8EOo)v_0xgz8T2=CtNGhZ-0^Iyb~uQ|r>6Xy~FzkX%*Eu6+nXwCZJyt+^RX
z;{Sh6)cM{EZ=gUUgfwqB%~H+GSS^;YNw(`uV^b*uYYToWoAVjJYGAGP+vtC2L^U?f
z!!a`D#*CQPK=E3Hx)krYAYoaGIIz=l>q!Qo;bGQmC&k4)l~=1N-kBu>s7+DJ6E)ED
zX!rsI55fI(qVh~zy20mdY(t@Aebz2cClAe-9q{^uEKV4COJ?S9MjBu8d>x-#TpfLl@3QMyf!t%tGCX2IUbW@nOBuXpa$!wxkoaWB1RSjKD
z)qJOi`zr#+G>F
z4Y9U(N3@+T_FDaHZ_RQsJK3C2L8k7?8TFQ&;u%e?&9bf^^VamK0g1-y%tbU>Kq)m7
zFl{BJAxpcJwX$qN*+;hq(723lfHOkGiIck(i}EJ9a==6KeltS}somq5RUM$wPc1o}tk-msvGJ0+s@Z%khZf(O;@lzE%}H6IwJuqC
zHA>q;Ra{-LIz**g%u9Asvb+|ti2M%3f>z2Xxh<;_Jc~@0j~6=co@=V3>@r$b8*QB<
ztJr#L71TqROA>xkV&k(yQCe6WPUfqYDVFtPb0vd$S{kJQV*SE
z3NdQ;auqq`^37O$R<*Qh8Y@OB~ZexZ_BU8#DwCVgp$7mTVG
zwiiWRPwaIx(>Mzlpm%@S~@R5qXHUJsD7uG2Gm9okl#G&?lPyP!#+VOb!K;HjFw`q(0l9
zDISt~L7g_=LhALTA@h<$V;|pBmgwnru&u7Ut^0r<+o0v}v<8&&aS0C#)pgr!hH+|&
zt_M=}hP(>c5^tlI5_qFSJnEcJ$KqipF9`9fNWeZG9?qw#K?6g+l|ASU^-pRjT6_qG
zqDgob<6yo9QS34hUf_*{leLm!6l-W|qDR1P>TJ$xVI)d@E4te-bz6E?&5P=?{mGAh
zoiZ0!U{fQ*)Dn?OJ$^TYywD-5fmoDAlziv6k<@hMfWDC-Uaa`w4)Q4AbORH(R;K0(
z)OE|>thY^ORb-S|-d&#*fw?hnSz8YRKT(>KK?7fa?QLk2`!kXm5?Gzf%6@;^jXKVp
z4S7cEHfN_gzhnhXcAK6B$$>^{4Sci{PEVaMP!wY}V&SE%M!GSzJMI}=%?&V3$}NKy
z;|A2Rva*ExRPJ&X(IpxGhVAqxZ78P>LjD@%f~UVZB1fafw5XO=n9$VdAX^bw2Jmd4
zCNurEhG74_u$}s53WV9^uN$i@99##=hl!P$*Sn&Rfvm(E-io6GMO@Sax4Ch)2yx8F0Ot)P|B5VNgyWe44`
z(;jbM(Uavk)4m{@>=m<4A^m;=P9}f(-uo>1MH#NT3BGb~MwCK0Mpkeml6=r4(5v>2
z-mU7*js8f;K`tIG5sZ;L=XWmdb5C_@{1gjV>pS=+1bVa@>Q%LyN4?6XcRdabySF%Y
zAU&DZelgzt}fQRC9&bv%Q?Mo%=+uQ%no=7=$8uPriTA
zlOOZvwXwpk&O%-eYoph~F1cFfa5L+)w}j5=X>Fs|{Q3*Ex=@pp=o0_MqAnVAtZ7)u
zbT+12y^>Z3`eMKOc`rM)9u3}d5+X>w9aneXG_RO~ka}6JZ_}s>?KQpV_*8)9{kN8b
zzPZrPL=Yg2lG3lb;C)fy`d)PqaWA(b0W@_N9`jMWk@fAHQ=~m$8PI@!A_qk!k
zimrIFg-~C0HFT_u`!5Vvhk>u!T07$YS#Ij?k}fQnL8_+AyM|hv=0aLt>FbNpH6?ma
zHO)u6SI2sbB8Bv5FW)^BDWn(i#S1TAbk+Iv!o9{DHl%^yT7;TtAPFj2Yrp`$7}p!
z|0;7nx#exT{lyOaCZM10pl<{EQU|^NZ&&H|&v4M+EPOqFWe)oFKws{l_y3I{onPUg
z-vapjZxQ=>=kIO#_ZZM$=%Dxitrp$>iyZVX2>(RcbN%_4L;m{z_JyvW;Glm;xO)Cn
zJJ|m|h~In%eS~b~O^@Gk4)%`+`r{q+`9ObygMJdwpXi`30{W92^s|8eWCwi}(4XR<
zUjpak{SNxqf&NYh{a#@IC+IuB-uQc4{n-!n_c`!C
z0Qv_U^m%kFZ+iS5cF<1%`fU#Se9`Ou$0H8?p`2DuOxAot%
zfPSI_f1c>|_?FL2O51@uJ@`dvU@?4W-c=t~^*yMcbXgMP2*_3}H%q5ixB
z^xUTSdFStK`S-r)_4;4#p!Y$#zQRF2UJTUrQyl!y2l}ZF`bnbK{YIc);Go|O>|f}h-v;zoIOv}O`o#|VUBLfBhw>i+`U@QN!$5zPgZ;aK|JOL^
z_X7Ua4*GWhpT}hKb#ia3e5
zTY&x!2Yo-#|BZuwGw^?dgMKUEf7wAl2=x69`kg@k6$kwg(3d;Z-&cVCYYzN9Kwsg&
ze+TIAa^R1MUeEu#9rTeS)5rgt9Q1jj*W2%V9rPyx{e2Gl0-(R&K|c-XXF8N$1<*g}
zz@G>7TOIT@K>v_~e!1xN{CU_x-vs!7@1Rcr{v!_hKA?ZpLBAH*|CodRPN4sWgMI+$
zA9v7i1^z$bpnnYLzv-ZV3h1A7(C-BPKkc9&0{m|~=!XISTMqiyfqsXBejm_3Z
z=r43=zx)fwdi}r1L7yi=z5V|u2m4P1`hRxN7XUq9lgf1bI1T8(7`In>`lp#N6~{tjUOu!H^up#QOhei-O~;-G&W=zr><-zR$6dGUY6LBAjH
zf99b70O((J(B~bMKK_5rK|cZLf9{~q2l`()=nF)z_dmaM&`$&W*B$hwfd4B8eI?Mp
z;hKB@{~-Hf+9Uth
zmZ^wN5Qo`+ekRiN{}TGni@#w&-zo(-S?!WPP5&2K^czHfLQ<(dnEHB){sGZXHS~s=
zkx$XzJ^zhA^k1U<_sg06AE9GS|G!}2zbyPqL->za^vComVOacrXwgs1Q2#rNzFhRj
zD>ITm&G_?ks{Gv%M*ONp&-tZqrv6C!0>ytDi2sLlA~XJcPXXeu$&l~glUHfjzYFjg
zWb&6<_>T#{Tz8&68<5>1t0sk<-zsF~g|!@{q*G`;>E0ru~yP
zmj8zq{#xNziJs$sG~l0O;lD2Y3qts3ksg)*knoE%KG$_K{})*J7QWfvvaR~Y:%9})e9
z`oZ+s)IVske+#gmpZ_=G_nh!)7ufa+zd}{Rtp|GXxT_-iuc@3ipq0snNsKb3-q_?v_uR{kfE9>u>1@Xr8zeog@KcL+bM{O4Nu
zRe)ar_`kI9cW20d)xxg_e13k?EdQ%%nnGWv<=;q#{3}UMCPd8q>jQj#{?Fv|eTs;m
zzfM)Wu=xLjh2IbO{QREDKb5Kp;+G5m3S~y}Cm*YCCy^fczfJg6axk|){QQr}zsbVC
zMfkqnXVPf`TZe_eAMpA4ACv#Gh5xef7X)Z3R{B>zu<$G9&>v{??Pve_`5BYX_nB}^
z&GFAEU-aaWu=(2+7X7)R56hn_(xdWQEB5RC2R}by+RyhHAp7SF|4QXX@~2sTU$gKB
zgs+bu`2KB^KVso;7Cz69_08nJXWU!v&rxM
zD2`vH==%+US$;Q?9>uR->~9f0=Wi9T|7RBd@Lwy#KX2G?@`o+_p{OdqD$z54KHy(?
zEcSo#dL^th_(nJ)Gf0p8pKzJt>*co)@E^DE`-LCY{^e5vvrXps;bGCQFzh$ucLM2=
z{guG}#lZg0TKIXlDe$Ba{#zFPG|?9tdNcn2X0bmZ_UrYx7TABu1RTF*!Veoi%_KdF
z-+I93cjD!VKfYaCE&MgYmu4gx1+)C_xA3Z?kRHW<8{l6D_`k9654%Hw&j{haVd3uw@vjH`xirB+{uc;;vcczL
z_3crM{xZ>@s~=3C&HR0s^eBFLRVsh={AmRCA5J%TAo~--Zw=vpXyF$Kzh3m5zj45?
zweWwDVfkG_dgT9F;Qva%zt_Sa5k93yVB=WnTOM_AD1JxZsg5%BX8C=_qCZ{qVf{xh
z>5=~f!2cV7|F2p2^My~{Q(!agpGg-ek^jp?KQo|C&)-tgBl`z|{T;ymhb;V!!k-wz
zFE|C;|1HsnmERVNen|9T?f*TbNB$21|GR+yZ&~>JgkKWk|FzUWpz=HQZ?O4(y|0@B1
zHQ;Zt@Q>c0C`~$yKAZLL9t%GK_@4p%V@}2XcL?9?zfArSq(}a50sPMb{z?mfqwvG#
z&qEgdPSKZ##P7Qn`-jDTN-uBY{9Oy|pH4Rr(bs9?pZA1+t?2z7AFFSLq(|}F2jaI5
z@V8p{3%{%=3w0QMHu?8k`1$kG>kr>6V2*#Mo{s$=5dMP(-^`y$q(}Z&34fR9IsUf-
z{buz3tW6obN<>V{Pzuqjb9_Bq(}Z&2tWUDA^?#38^jkzfJ4sd_O#W8VBmZj_srXlkp8ekd
z{GUP{EVBRC!as)psBI?yY|bF_+YegS6
ze|eDfsQib;|9bL`H!lAHa?~vUi_XIKzb$+ko(48E{?A$Tk-L=a)qpxZe|C@_*st&-x^e|Fgn3
z`wu!rV7twte_8Yw1ddM6pC4NEA7tqN3#1=Mj7lT12Y~5=_YYLD=g`I`Mt0sC*Z@SB8hw!bESm4#mk_}>EjBdLP%InDgpB>b@Ux5=X4
zA^I61@r#ij#cwIF{~2Ka+ZO&Ggm0F=8Nch!!~RD$DZ_gV`_25nmh{N}gxKFFdd}aS
z!2VxZ_`Sm4AHv^l;qMc^uV?;00sdvvu>Z~XDDXUkZ^myn>5>1t>s0<1Y5wm5{C~Ib
zw+nx12!D@-pSMKu_4ea=z;8Vt`+wMG1*Y^0Y^MKBq(}bO2w$)NF981Q7XCEh-)jKP
z{Cmy9ZxQ}l(R2BKAMiVq?;@3|Jj_jXuzY<=q!|Aihzk~FMzw7Gs
z`tu{eKfD<86T%ORf0sqSLG)qq|FcEEB}08l3AX=9(T9zH9&DjAFFSx
zE&5*3oAuAscat93zenuX`;T9dI8WgI_Y=yo{Tqc(-9unA%l{bCBmM~BzX|w_7XI_X
zH~lyHZ&>tuM1N+$`tP%>2KY^eBG)!2S_n|C1K}T;bRGVA->;`t}VAf1B|2{P}OduciSSir-zr4;z2X
zBR%qezwq_;=L5hWvhd#$zHh(pvl;*ITKEOaRQ~Gx4*~z0OR)ci4=Ex|uLGOOuO&V5
zzef0a{_^C<9KSqm;V%<@Wq_XEehgapEr5R*;D2D@ZxTK=Pl3(!|IZfwS`hznfPdem
zIR38)KWzSWRwdTIm7%`Dq8}0c+<^D#@n24QRQ`kFzn{O{e&zxH|7te2f7Zha92Wl%
zEc_7=|Dyr_UJJih_-6i76$)$vq(}Zw`IM@Edj5|G{P!&U2ZT?{dx4Ek5!l|f@GFI{
z*Z*SyfBqaC{~rnei~vm?tA7^Y>KJBmalRf4%)W4fy|M3x7oT&xG)AxA60q
ztM+5R=(+v;1mI7)4Ez7&HYGgE;L|Ar+nJHWuR
z7X90z56k~+FUS6WkfHtwi~iV0l;I0Q?B7m$6u$zAUzO-Nev?4_uA&1_`?E~=rvG$`
z!1nJJeVgdd3LKpt|2?Ef_P2oY=Xd4g$@%=exV#$Mzd`t6*H7k<9`V-#{#3yKk%hlQ
z_$7w_X8Si};ST`*d4OLxAN&8d@Xhv@P7&A^kskR!2>9m%{?{%1qqi%}sR3Gg`TyFY
zpCtOQ{_j_$NA?c^`-_16a~9zE&B>5|G3gP158#&o{?itIeTMu&3x5RgO98)-8W>dn
zKPUW88Rci@?^Mzw|0i6h+V6VNbNf>U`1f1*KNtSA5dJ0$KOua-onU?i;D2c0AMvOH
zPcry)iomwy3LL+4MSoJ@==A&_wCFDtJvEPk&5Zw}q(|{zFaG;__J0=e|F}ii{`JB)
z>!0cWc+w;OFo^#pfPb@v|FH1S3wWO%zf~6gKH=;0557mt>^}}$jQ#(K@H;~If3fiM
zV=DjqM9=Y`1Nh&x@GBov!m#*1MtT(ge&Or+KM(LvtHJ(XC;YQR{6CrWh`$Z+F9ZDh
zEc|uCKPQBLw}rn8@T&m-^eeId+lBwJ5dIAo{WGFB$4_ScecGabN%UsI^8aArR{(x3;9p4#%fD7a}e`oTiTlg)F>GAIX{8r(c`9CQ9u>5bb@CSrnFNU-K3BbR{!rz@C|1JxE
z1n|26|0N4Q@=axUnE&6m@Rv5F$G;o!_gnZ=gzx8xU;cjn_`m<&!e1}^DlPuKfPdC9
zmH&KgRNpFvKT-dZJ{K6jFA=?&KP?&BznJu>{tN^AR|ES$W3hj&@Xht-35NX-SnMCj
z(EfWZ_UFgb`>&gU{XekSKPdbY4SP-d-?7*~Bzp6BGk<<-vAFwWoVE;#!QaK;e)EfTqa^j`iLC#Vqn3!YU9&i^}r{goE}BEHy5+Z4lKlV4}i_wvOe
z+V+3c+a-UP`b8G|mlmi@8dTg@r$5hT7>?wzRi^0n92@n_$T
zyF_ocUoG1?t5V}V?-%g
z>Tiq0Z$K`o)04k`rtqv+3vt3v`mi;6zt{r;z~1int@
YjsNX&^a1H3_bX4wecC@#?alcA9~9Ljj{pDw

literal 0
HcmV?d00001

diff --git a/ProvisioningTool/lib/libjsoncpp.so b/ProvisioningTool/lib/libjsoncpp.so
new file mode 100755
index 0000000000000000000000000000000000000000..a23ae279b4f61ca7a475bab45b8df3a5efca33d8
GIT binary patch
literal 1388960
zcmbTf2{cyU7dQSGLXs&B<{?RjqEKlAx2NvJd*L(#W7}unea<~+-*eA>EO&BumXweXagh=Y7O_vo
znNniPj((wM+>wq%B0Et(Q9Jl)B$6iT+z!
zf5pG!<^TR2)+d98ME@;~e<97w|NT3r8QoS^tPrjK-?E<>{#`JY{O_0-;u_kczDQe8
zqMITSm2zlC#C&8ZBwkqRksdFFe|Mh#PFNb!-|>>w!DP&f$iV+U^?B0Y`DtSug{7Gh
z+UF&&Zxs9;{ssR2|LZ3;yJ$4k*IGM7lTlvsp2_NEHdvo=88McHyPR>n*RW$X`pkac
zwWi53>gO2iaTEJ4Z(3L!GqvXZE%>!a78GYf84YL;5LH!3WVsEFuhq+uE_YBCbx@b~
z*Kg~es%9slu`kX}q+Hlh6eelzC#jljY-i^%W9p$%%I%NZ?GSmY#9xlq$ynd+`QmuP
z+1u-7RSiVSD@DN~z1*#a#?l69%9W#fncp1mBr=GJoc_mlnE%v&vU2eSmhpOa1_vVC
zs+1km6Z|Ws&qqu8+liv%T}M^MtGd*-Y3KT;yjT>Y+@{+@%Q1GjokXHI8P(x3ITp1d
zQLsXwtAq-KLDFus_s=YOe>?dnqBy(3deVV8@on@)ZH+9uwZF2ua(1y}Op;?x{KV8Y
zb`zrIrC&xDyE+X!u5c~RUZJ0zo@B6Ht<#8Fh0zKDS+4I_-|Hml&?(j2V$xW3$;6H^
z5(df;T{(3Ldj~r$kxuy_yOqb~Kcto$M{UTlQ|J(~Qc@}=)iBM@RxihK>{tt{qZ_8y
zn`B8w_MK}GQXXk1s*P$wy8EGkd7%NK$MvFw1iVhN@XvZ8Mxdg{N+vs?U*`BZMEDXxayC`SL8B4S|
zf4ba9)WpRvyoWf-c)sY#8S>L%SzHrGx;
zt|+IfpRF;!JStn+*m-D1f!k&|$%}f%(w-uFr+7I>J10@BNV!Xlf=EG1PCmLzvSCNL
z5R1UB#&(wdT}3_Gi0mR=d*>)ei}a+dH%TuvGwhVBq@F5gxkjlztV__aa$@P^u5j-NvKGkjCTB`)~QSTE|S*D7wjGv4w9UDx{LXC1LIgv
ziGk%Jy;XXi$rUPkiqYZHc7b|&F)=rM3?==dn`6_>*jT`179bQb7Z47J0L%j{05Dky
zSOi$YK7cI8LKFjKEFg|PucUGnl<|NBKq7HTP_6-_0@45(fK0#!0F!LMM!+V(R=_qu
z4q!WA2cQ736Ho{!0_*|o1?&Sb*$+4XC;=P<904#n3MdsHi9{!%ECZYdQ~;^~X8>mb
zOwIw$1FisS0M`IquERkc;4a_+;341<;4$DSfXOo~#6Mra&j$MZ2Fka9_kfRpPk=9g
zZ-5^FCT!~d1Ng^2FoD6Jr6z3vvH&>%leSdKQ`rv6_5fvoDxf2vGoTAV9iRcw0q6qs
z09^FxxEqv4ble?EV?Ymp3BU|s4(JK60Q3g@uk?Y>Hh{jw+d?^jjt5aWgi08yL_+~i
zfMLYBQ#k@kPrw-Z>;40Fs3;>haP|gK}10n#CfCYdkz(N3%
zMNlpVECDP9ECa*2}o{kf!OoTFtj!{b_N`}vC0BZqhfONn*z6tpbpRkaM7k?T`2Vd
z-2g@aV}J>Oi7Aw3bj&{YgyUX-J^&klEnpyEFklG49`L{7_&=YW;Mf%~4B!SB0T>M!
z3m69&5AX)~044%_0sa6cQ>hG~avGG=0l|P7fSG_$0FyaT&ILpQ<^iGr3jvD&O90CN
zOxT1N1Bj*1E1+BrNB|@O)&SN5(gEuM8vsl;Lb(O76|fz!1CS3W0C3p}$GhqCJ}8Un
z_yCoMp*#vW1}G)&1eIk_o(5C`&JuS4%8PV-8Op1G8o)Kcb-)e4O~4%hlY3OMTVCEyj{HGs=oIDYp(pWnmrCqUExa7_0LeEtUb3HS~83y_jRD{Y{Z
z0muU6h-1HzhvRktMSu#R1E3?IGe8}n0pOxV$2w5z0So}$0LFkG08@ZDpeKNd1(dx3
zeE`;gz5p)$;J81)mbigX4h9SX*b(Olr4zsfFq}9KDm|eb4e+AR%DUiSe?TB02rv`CBoxZIfN=WExOsHE2+E~^Wq{>?Xg~}g7O(=qBo4||bi5kMct9e3
zUIXP?Knft0xHKr!0qX!6fDHg9*-&n#<1J8b1LV+W_WN8oE&vn)iU7L-djU-LLAjrf
z4^YYYgK&HlPzpE!I0+~NlmjXORe*DV^MDJ0i-1c2CRd=m3aFva*P*;Y$G4!oO~*|4
zE*#&Z&-bBxK*tZMd<^9iI(`P_3&2ajE5IATJHQ9PM?fQh$!93P0)7B~0)7Mj0R94)
z{9~mwjK=^bl2A$k+R$eiDB1mCTYx;EJ%EWKl*)9>KC9BP8kC&?T>u&YO@KbY0MHF!
z1n2=U0hj`q^n}t9&>LU{um;!wxb%bL{(u1h2f$Fk|BB=Pe0G9kH^2zMNa8)A91R!)
z@B)klcmpN^d;$J|06-96I$#E17GMrwE`UimmFzeIj^_d90~Qj$2+GBPC4i-XWdJ72
zsbt5|aJ&Mr8W0ai1grt91*8C&q(hkj$Odd8j`3UQI0wq@fLuTxARkZwCR>;~)w
z>;vovFe!$zgpLnFc^GgMa13x9a1u}kr~ojjhVl&H9N+@rDxd~%4R8Z+6Ho`Z1-Jva
z3wQu{1mN-*j-S%!=TN?&DHHN*O>~
z`m6wDdw?Q98K44Sq6(!Npd)?m45d0i6QDz!K9mM@%>Je;92)|<5!ancxZ(T1(i4vR
z&}VBX`vUsW=l)RI((xcDhtRPdln#KQ04IPmU>JbOa4OxQ903>w@B)klj0boFm`s3j
z5@0gGkGQE&1^@y9GXNognSfb<*?=&>TtGM=5)cJovXIKfP%Z<+0Ac|v0r3DP2~Z}}
z@fs-C0#fKR`+X`Mr&E~$WhP()APbNU*aX-N_+QxypSJ;a0P+C&fC9iyz%IaUz#hO}
zzJfG+?hKcH*|{097GoD7Vm02x4AfC8XBKoOt>
zPzH1Wr~#OCrcxbBO@J1CW=oK|bj45o4jl=gJYcn3Ik0(5hol#cfv%-5&uPh`vI+CJ2}W7$JF#Xss>Zy%E)!;Gk$kR3-R2Vcqh^|wRc
zUW;yjH5_>U++`alNx8&Z}9&6KazOWsyK(@O3>De~J<&u-_cZVyZXbR%4&
zev{(Oy5GJL=E^A+A%jClxMep>YIq%7I&JWy;0|eN=~;U9um34_)z5n6V|lPF?^)^O
zV8si%n=Pt#Cdf8?a_Db*C@Adoh|)1(Cpt(=lqB3U8}Is0UOs8h-{GabisZh=7zPA7
z8lOIY)GN2c*1?&Rk2?Q&F!+~+Ow111`-4jc&JgRLz8o%27?W=5>!)j|2mF==}yUk^Q(S+J>B`x#$C
z-~X20qVLl=K+j?A$b(VN4i64j{gaKe+3TvGq|j%s*-ph*G2@(L+MeuC{r=r=&sPP@
zbcRpR{WNgg=%fnyIX#RAn!j(doZ&Ed?WI$x8opOw#XdZ`LNRsyHd(7tfqAF;Z2utH
zE&a={hw>NhH8|cKF?pH7yfMk|i{>6J%PXo=c(8xZ={uL}*Ds4Ww=-dRRMn1UChuNY
zJlK4vY`jX!N`nsHzYWvTc_-;!nlN&o-^vwz2YD@AUoq_0mbzQhj87jvJN9Fo+9sv5
zr5*(fUSICJcf0YQ-1`;2uVn7d&nz*{%^Y@neXduo=I*_-PIhrP^8Hbusr&33`%RZ^
zP`+Yz3s*sPvSN0s!GxgyxNpb9&p)aq5mtrFCia#kFH6(ey{pNQeAzM&%5WE
z+8?fO*3GD`vbDeLe?T$t^;w5=4(;j|`=2#=rglTe-Q}R2$>iW0W%-=~JX87)X}d+=
zakRC@`nhiud%e1H;h@D%#Yv0WCf({jE7D=z?0JJ`875|Fi#AxL4~lCTeQ)2d3zqvv
zP7Ii;9$cIENn5-BTAO+K@zDu;miJxWFD?GJ#{H_73(R*^9XY+`V#Sam8^iaPtyWD7
zS--2+QR7JOCz6A9_^7*Yj#Zc!aVF$_(8P>0T7NBec$7W;qdxG;&n;P@^%YC1b`0A2
zFe%&lRdvLRa0zXLdW+px{v{SosMtI8pMPTawBd!_y&Gno>9R>_Rr`C(+stuUu%qsF
z*6;w!8D_gaJ{)`gi}oAWaXR1gKA5P@-F`zS_FPH&4b{G-
zIsKn~$=L3(_ve{51*Io6qjggUHhQZhdhJrr|8nzYm96$@|DNTa#?G2__06k#hw
zMrC=PGb4MtEmPaOqUYq`A0f?4<
z{MIyC?Nr>ltZkChEn}qtS1tGTmKbNfY|o=jy%be7ui4JakDBlySM&VK1;YMp^
z>n+-BZZffasr$dQixq3`AM;sowESS-+|!eOq@2~vZs@VTeAw7u7lS-rPm;9UVXfGA
z#pK&zrR8bUbsQJ}c|3W{=4kVx`iiXs{123M`0jHx-^oUMwzb2-35yf#ww@ob+J0W&
zn`1s7=w34N=a#6=`Xv_sI=ZTf%x8YCn7emX!Hy2Y9QLeR^GH`ldy~@G=<@Fy+(JJ#_sHTWlcoYzQM1`
zKG?(_GwO7=%C`37)zd|HuIz0)>BMp4C&@RQ417veOw00=QZyb8nA5yOX1CVb_j6U3
z-F<6P7t?1>C$p92i#F8i9r-+7rFiShf%;3YTkgwh?pky=z2bU7hTHuOzvJefDi120
zBGv!>gbLll<*#-hRCasXyx?EAH&Ls*ZYq8-r_-v(-&ET^4JmkCnQ`;WvxP+-uFs7f
zG)uh3AE}vVIz@f4#E7xKp4gP6pBO#h$RGRV8y&7Behrh`GxX6A{{tyAMlH!bR#Q_r
zrN69Y$<@aj468K*sCZqUsO}H=l7uEnyq6d
z&$HfPlP1~RM=7fB%LOu3v(vV;Q7!D`w{K*#i=4`d6E&}1Ot-%`L*sqn&p8!;zPqFj
zH>zJ){@v(WzV{`=Q=7eexxSuuz@*$tJw{c;Iper<-Dzcp`;IP-VM?ZF>c
znVPN6+NG~MO?gd5LRag(pQp}W8h^_1N0QNsx6_h0Dp|YVoou_b>4Ns=N7^!X<}TYS
zy-g~tOtxg(JB?K<76g?a_RMNGTlV3X)UOZLs%9;3dRgBqTz^1G`t=?~ZKX!9?tX9c
zfpb+wUdaQUmv7wuGPd7-vzh*er_Y)gE6ME-ihQ`>#mSl)`RyBAr1hsQRq7S?)5>%I
z?KbiuCMS2~&uP>sYm@!x=MvvvO;%dTr*&(5F4VkF+MYG;pv~7*OV95yuEjHAbI1LW
zbx1ef^ZeIp{|-G0-4?@5niI?5kP9GkxHjpMq&9_HVs?c99T?2p5oeUbU4
z170qWE$!K3+dfgc@%My`BAxezzMFG*bS*gab98-4pT6#?!_WM)9#T9m@%!X+hwm@G
z9PuOQ%kT#^Z@Lc`4U;b4<|X&ktnF0O!n8rRq*Csr)E-~a!@K`(vk%vN-t5yVV#${QK_kZ&V3Cx{p@L~@3xpP`mGzdr{nxjTFN~}m>%*Py?J@l
z&UNy%;b%Q7XP#HTjLf`@&NnHtxTr{r>L4=I}m~tS()(zO-$m
z)cDd@(^C9AlCC^SS^Ma856$q$ceh>qtmUxoPD+>2LniG1^((z0idnD~%A}m8gxZ+v`HwX`tr9ox3_Y$oyLQl=t3M5#;zAeyI;ERx8mRy4g;e*O
zBM&xwH>>}qrJZ4Qp#0#t=1I=(o9pKVEU>&S?>F-Ns}IMfY&f0nV>-&f^!L-l({clj
zKh{%x{#5$(XH&0sCls5X98h!Vo>Ug-+39Vy>|9;1$Iou>^9#6Ky8cAUaId2c6`!iI
z*H>)$TG4sx=57B1X5Y+3qvx^G&atv>yNYQwY+?`yYv
z_VnNg%?rnuZLIAbwXjdO4|W&f`0~k4Ve`#Zvc@`OTO>>LEsqH|e4FbwM6codKC9W1
zTffX2_U~H_`y0UIi|?Hm%}tbQ?{f0XuXe?vL#kZ@-1GJK4BqPGpj}iFGN$6nP?eB12OWPYIC@}>YCuVm-y?5Ma6cT%R9e({h0nC^79tf7ak$0zMaVDo&e?0&-n
z@7pUZYHHZ$M|meLcdKo1v0V~=!u8K^wM$!fhOXZn7+m`Alx}?CuUi23Tyt
z_eNd(vOmKIzLDxa
zTNkSL7B{La9kh3!!lhy9?+S09P8n`-K70N9vEAGxbH7%Y{2FW<@ye-sh-2!}nw2xB
zT^s!1{-x;weViid^3T-j$$uK;eWYMkgyyPtRz=erbiY>nI)vYE?6WHR(27vIWhZW=
zL`Autj`}H4{UZ0ui3IN-yG|gP33vRlD4a5_rK|~!9~Y%N@(A{c?VZdOP!njS0O0v_JqH2e$zS|#U$%hw9Ee)
zSZMEe#rXNK3$u<5Tk=7wyJNwPx_)n6Z~QUy8Ch|z_(t0_|GbHB2k-Crb*N|0_Lqju
z*}tRh!#$2P2A-}69Pr10$CPMw=%pbaD84Hh$n?C8yK2-)XYT&;P%caOdiV~6f|dNV)$`;MM(E#jB2
zJ}S|9{$b^*!CfP#w0RJ&Il0FqJ>N_2<9%K^)%Kejbhb?6;pg-oRzq~(4!sm^WV2U$
z=#;3&ui+bin#+EwKIJ)Fw!4Q?!XBUeQ0)O7eGfZSO_(k@qw&H&>w!bt#=iAQxnW;-
z>-fbe^=#AasGypp96D`2RyE7l&~H;BAt?w0YDU%l=*Y5f`)
zH`L?ys(X{Ay31E;s%1`ay^-7TMqR=4X&U=7E3J-RwQvZSv0>xbcRRmyb$LEAQ^uq7
z=-c)4th#*Gsa}{iVbnQ?*o;z}Y0DzDw!KU^w`$OL<$~E)6uiuTZ?H>L{X1d*5F6QR
z1G3jI%$OJYZ=A|IHTf6Ei_1nW^03-tU#L-}(mX=(?||QxKdYbX_Rn(vGpa7Z?o-r)
zu|q?;?#_L`=hea3HtB``LL07yXJ1+UeE9>(XD@H&CoElHURk>*%YLNZw&&|o?>j#U
z*F1V$d8)#|Nv@t9&hP1QK;k*6b;_vl!P9DFq
zdLMOdyffx=;FC)cOEtT#@mGn@C{W$r|J1KLw!8Oz^?4qCL`!!_L1gjV2}3WvyJA&0UTdmU_hS;x$DXU-sJr9qdgJ59N-N39p$*dm>-V}&
zt}e@-q>&!yzQ01DVaHr^=jWG}g01g~RXb8IImEVqGp|EMl-9OE*_t)yuU)^gID60N
zioc3`iyCDYW|una7(7t!eRQYwn8j~0RsXy_Ub$i4mEn`B*9=dLQVsoCr2
zq@t;j2eQY1Qu-~W?p~7HxAWPBPe-1M)A}<(v}W=_t>r`aluaFE>Hc!OdH#`){q`=8
z`z$hfZGA|3V_wC&)YN#1p{H`>*DciXc^5G}DB3xou9L*BlY@eKvEwD`M@=+l4;g+z
z`sAIyPO054d#otgTiIyp<-4t+DP4WmS7%-MowJ&iQXYTTEzqsDxe*@l>EoP1PDY-e
z7uF73r#a-piRvR`ZGB=stIkYnIyOb_)X#giciy;eT6RNybaF;PXN$XI4wh=^o~)>q
zF7_RINvB(9D`%a5OK-jO8v5zC*5&juMeQ9wt69Gvtdo$bzw-U6b^|hccy!p*`EiY`
zS`X!^9pabQes*=zemDB>nVTkx~n>GYxe3}^(pX^rP(gu#FD0oo+Y_g{SRtw
z-&{S?cZu$x2+xhZinsObb}D0K_vK(Ka+LEYIjQrj;aTcOf;eWk&r&TqYjR`1%B
zzO$o=>1vbv_AgI6JRNVYJk{F6dH=Ev@BFK_eS7FKO}pyB%+Au`&r)tb?)ph_mQq-b
z?DgSpH5NOiMsKy=``BY@@GP~alF%z_>R)Wj8#n7gm-|aD>KsV;Q&&1HO(|ejN^rdY
z(hsxls%-K%o1O6K-!f%O--Hu8YbG0Y{&Cii5*bRDbtJ=Twn^h-@xR+_Z#j83nc
zhjkX5`xNM|bM(TYqJjg(zt$BrTTc9NMW?Z|l+Gqs6%#Gp`kd;K+oN>{iLzIA&-GWc
z9+axNsI$Aib&TJZgKHHltsdJyUmoX~FLUf!?6h*53-UegCTrxE&3b!GGwJzZ(Y^;!
z{XMh|W?DVXt~sIGZ=m)r+hI}PH5c`~pB;Gpg=E{yMN0;!yN^{FB_a9cN1*RJ&28GL
z`)9pssthrDI9rT)Xez8JM)*RxeGOg`6*`IS}B
zIHOW6qSx%A8%wH}{8~6aRrOH!oDtezUWYa2%vap2p_=h=?z_BGekE7`+IQTR5>{Q5
z-s6=~;PvCmDY{|ThWx#3-mm|RTkfl8kIWp|H|&?%wX2$2Jls_$MtvQ2Z^FvjSE?|k
zRUOEE_w-fA>O+@J8)H^K=@g`JMrK*ZMKcQ4$~r9GALm%L`Sk3%60I9&9qvSj+U@g|
zTiIP9$-VSId{~a^yf=FXglYRUPVZ!2f7few$)4Ad
z@3%dSj$i5@@FVc%L9P6Y!9PrsWa?(WI&HWk^Gbgo*NU6LJ3rT1ZmqtzNk8S@UoB-9
zofpTfuC9-bGa4Xec;-=Ex^;lAy|I7$SG^;3L(J7oo*nHGF>8I7L7yZOsxI67I-ard
z4wWDs)67-Qht*Y{P&(AdZ;xkjW8SGv*Itci_wVb$EuWPv
zzdD>fa&KSYXGizE5oPl2=bhR)uZLIUE8qA{FAk;soG5cn)-}7QP1=_gVUcEEAAVOe
z@adC2w)2hIF0maKZBlL8wQTjH}|-%Lw<-}Wu@b6es4qFb)F$Lf~tT!c-OE!BIhm40~c
zI6OCQp&i3kwrr=Qm3SWO+p@l1EA6!#HlDWRr`oEP`33V^j>C_YE%Se}TDFtZN<1rC
zxsFO&@pFt}%l0S0{=SyZ%chn1$FFZ$|6eQdY$xBc{>E0~cE1&#?GtBhqVO+&kXNIKcL1wp6cgEA1%zs%8D!
zR>oD6vn}fvx6)ogFdnvay*zGZe1q=O;`v%a|8MEM%v#ak(ywLxhHEYJm96AgV_O-Q
z*k0k5{JEgPctz2JdfdF1Ol|k20r|~;*=8wxhk}*b3t4`mD7rTec|S&iyodAEhd0L>
zQd$W+K|j
zW}B}-W{7{nemQkKuW(7!_aJ^Rykx-q*I}E9K!S;HqV{#BO`bhjhXv^kFTXH-!#K2~
zh_omHUeFNpj%de|_?t73_hK8sKum}ay^40^6p`oWb@MOslC<%S+Zm_C#&cy+YCG&F
zFdT_xxgOeoV2^fqUk&bnb{cii&#t5&120mreyc^Bv)FqEOxm7C{c2^j!{g~R9C;&W
zw8PtX=0%L>zMaSqLNlV5@In!bLk8P`3BvoW1B}CrugpZg3+XR|>y+`X6bBxkjZhKe
z*Rl<&Akb~Z@^(D(gKd%Lachpn^D<@|)C7C%Ph{L7u(y!9+MAX
z8tMm<{swAyy*>Y(FAkr^dNnqqolMe?g+Q_M&5}YM(qOR!=wZDBsDJY7^as4u#MiOa~JXpj2bPGJ-BBlM6rB>k^?$OlusLByNEh0p5M8-RZD
z>t(hb`V%(^?KqSE)jp^n$TpdSI1t|?&Wm7tNJD+-eqvFD7siuSet$@Bb&^r9S58prxp9P5Ni2V!eAPZ{cxRVUPNjY%?_o*Z;B}
z^
zCF=jcv=26;qo0pTQGYs4C!&H@@}D?GthbiVm(Od@w&6J0$QA@Zl&RjN&*+b@F4oKE
z-#5#VUrX07kAofL`7AH>qr4Qof_JGXZyZPY1|QFdzC!=^u@_4~c)sED82RMa$orE&
zBOwuDaflNk&-;I568a;|D=a7D`8v)<|9SsE`x@=s5g~t&>^pQr{S5X(2nau~p%Tbn
zrWa3)NZ&t`;z{%DJmL?~^(D*)7Sefrp!4E+tco~pokTg*Z+SjnYKrzX={|^GcNLVM
z_!eLs_<1RhL;X`UK6Cw55y;0b!SmvN1|7k;Sx_F%^%d#5$TCNLK7MLZ{PSpD@S*d)
zt%mVzpqK0Teaf9Mtk+a9UmLYSUdIIO&mue7e&|n68qYh^^`5yO`6ilAdHf$!o{&R%
zf~AA>!pe?JBFdAnSLKV;|o|6IQ`kN=~2oZE5Qg!YB`hPDgZ
z5#}4aO_5Kh`vq?2StFkBbs3CXC-UEx@)=?Na848TGw7ws5}HRGve2J6TCd>t<5iIt
z&ik1(KN`{eXh8M0>xlOIUB>u3(D(
zjTE#qpY9W9kpAq$sK0eRo)_=`@0TKPOXthS=PVjmXVJLIdG$GH-);VXjqyHMW3uZu)iwDZ6p?eqDx0tQlcecftC
zJEO5$(M5{GUy1{t*Qy_){f16xhhOhnl+V1YL!Mv1Z^}_WSOs}~vhTM5`6qNgm`wb>
zRODaMeP~zW9*TbQcCnp`{0E2s`ah>H@?nO^N0XgB;TVTIG~OB!KcDgqCCWGW
zxSbk+`j^Aef8Or0f6>0QA@cTQr;74ww=u{MC4L=r0M?Gey!Y{DwO>w0}z#{m~_U7mPE^pJr|3t%=XSfcAy+
z=Cc^o??nA=AnAXQ!uXu(f_9+$iRE`Yv{TGpOb6lq7s4O1dgJJNC=8<6MyaD_bD5zg21lrSI5608$8^g#WNuILY>
zyJC5L0PPp0|F__k3g!+6QS$Tr;ZNdGu8Qn)*7OXdx|3UjtyP_RF4(}g^e5@1J
z%k6Ii`{Mo}nBV0)!|*PaRU^>8swLXz_r=@KqMaz3mw7+$
zHI|NQ#8qlM=cN%uz+Nna288#~`z_N5FUI#`G#&9Gi`%41>L5=#K}
z!$`Uxfj<{Z60P&((>TW4(fv8N7^q=?hXGk9
z@#N!=c`n*7r1^r!ClCIR#o2WSo)_0|xQF_BG=K5-DhfwlWd`c=@g$h?Mqxgnv>D?W
zC&&ZK+GD+$r?Fw#_jNE?tc&`3#@H@A&fc_+Wb_>szoNS6LK)gwy9xd2L3}kV(6IA5
zREl;66CY}h`Ua|~4JJHXpq+k0K^{uFX^7t=*j(jBX+|E)MKv@6WvkcFR&%aY>
zogqF5?fa7b<`t-aO^_GmHzV(+hWb1XsTmlDfuE4)<3l$ZPeLk?mzKZ^R$8K+i~8sf
z_rDFTA9~UH;WYB+?q$>$&cE(=u)UNoqaA2gvE*!L>kP^wJNo`kJ`dVfqrN1qgYkO%
z3_$x0w4TPVyI)PHuONs1?x
zmNUmt{}9cy_N0IQ4C>3!d;w;~vT8f(_hnxk0>a}zv@PoUvMrL=aV!K7I#Gd
z^@%S}K|A+CQJ=?QJbYyR#Kz#i{6Ko1ICT!%2_ZX*t<1kZ?XW*Q&_sPmFU8_xi1we;
zdOokW53SebjYNIkKXr;w|JqvghqvP@YF|BSU!Kq0e}r*}dV%`gsor85H%jPvCBH6?
z(Yj>>ty{wBh($FY>wT1rcKE!I*vdREIUn_f^SH|>5&;%8Ujc{T6)ZyY?SA9_+hjUxu#3!D_{4h$8AKJ7s&q~6L1B=f$FSO%Ec4A@u
zkntX0Fh2ZzD`{QvJgqBsA^mF`QQuTBzs!dQWp-{Ep?w~I)hhHqF$a0xKQB{Wkw*QK
z*BeXMk#OGp_!I5RP+r92@TdU!Qi>9@w|FbyZnekUbufF>H_+inTLL!
zBmFh7FwN|wTc91D|IDL(9lR=6xN$fc{`8i`UX6&B6{w5g6y0Up&c(;7lqqiv1l$r
zenbP>*C&1vtz$G;BhSYTV{Npr@C6(I(ZE8ae+qeFp3uz;?SGh#c3jDRfi?Q?*$3ml
zocN*tkRMI^DEN6DqWB2&fp#l#e*a8)$Rx6(9)xxjrl5V^j;cQB&!Q0YhmUVvTFD1u
zYVf?aK0-U({~8*{-q8GFK=sN*qy0vDzQE6G#}D);L?7!7BmFoF}%iW>@5OXq}wLQx-ZB%Zp+)@w{L;LM%PMqCaYsUvd4b
z)6hfvz^OLR6PZ*y|`&D>I?IM
z3OCfhMeEXB|Iabh7v?95^c*>su8W@JXBu3OtX;g)F`h6jiY1HY<-he9A8oqs!WHnm
zjT<{|J6$l`Vkr@WW<
zH}z|1$EpMRpG5U~z=g@$J=h!l=k4_x1}GKCwrZVZ#hQFPj5v+@jnq%f$j&7gc-eES
zc)>haJr4bGp7G!QIbayt@uT$$-ruBXTovXIi~6AcRl1LcZY-8$6|}$B3hi?{ZR}A0
zx*eX^DAJGJiM+8O?`jM|eju$I@NsodFxu};>#;lzBNgd7WnYR2;zIV{%|iV#QRokk
zkJ)Fm|40XUKK@Jxp7pB+8RQKm(2#Fmv~zDP^4y=|`)DU!5qY@W#PZ_^@@wch6b$2H
zv7>cDW%dP&ATUgcA_xrrR+4-SA_F-7BD(QbdhwE46g8cwj
zLs5Sqt#@(#?W2(oqw9-3hKlGosyAuS8*%$63t%mbs`redp@Op>B1J+X2@NvG$3hlh3JfFAMzf`m{`aPa6pT~Q^N9Lz+{aLn^d}bk>
zAoH`IE}k#c}eqoXY9VBp^!i_eYMe8FD&DWB^Q1&K1v(y3?ZJ4uZ-6w9;S7%
zboWI&1r!H0>L)4G|1+rnJCc4FjoZ^+VZHpiu7=+;`yp!dHkmvo`rx5i+Xx#3O=0(dWuZW_&g2%JNJkA6~Ch0P3IeMSWG$Pn5wp
zE7Nm_!^A)FLH$g6?!)KnyK-pX+YIgVJX4nL>%W*I-;?ZkpTs;QSdfPVZbthPXa7rZ}se@FXXbRW@)>~y}2=j&I9^+H-J
zmf8K$j&PrC>JhZ#AehH($0C25#sNMrPfbQUVS@X_(=-n{?8FO^U%zPw(ayVd=npiL
zSiGq}AE&&Sy-DdU-$G_z(F&
zy028H>ux;V7cVoydT)_G6SC31^JnCFK9Jyxc5Ei1eIB3XFd(q@+G>n^2HCmr8~OCE
zXovT!yI+wP<{Q6gKFXo>H#JE#bS44k{h$kIhaNMCEa^T)xDV=?G1`A=hW_w*v-vvq
z6Jg#WGZN4D+ZeRpf&6zaMmuJ-zQOzRFjv%nN9%r#q^~~$^(`oWo<;n^c;r*rmpp?c
z6F-#lnPSRk?1|q2?Ze_}L-_`TS1gU!(EmKzZ^^#no=GYBIf4A-=j*Z`?VJ*fSJDCK
ze`z?LFYiBT&|z4;ednT|{C<3N4)TZMkq;Hu3g7Yj7WoDxw8Q(!@$JYDqjhE&-o@e#
z6A-g6%tLBu{>`E5j^`U|rlI~<8sGT!{_Q66x74s+KCji?#`xU)j(%>UdIJhje=V(>
znG&DX5944=<2+nGVtF@VSaVO82u6EIg_CdrY}$PGQWpT(!43mHyr5t%AxCvUw0O?EXOYnT*G8D_p#TXx(`N;G0Ix-LK>j<99r|&}j
z?UV=ddY8a7$MVKQ?4Kln@ODu@j`ycglz;MmuJ;q|+!M^#Z(OimwPAQ(N@8p9{rdT+
z-;|7g@_O~?c}+2WsWm^}!<45@9glXP8;C{P2JNTPeLdIrmPPwpyQ2L`r0?d4{8^eW
z_&C<-4W6%X|E=N^)bB^@?fib^Q#0}*v~JJqT}gSxI~w0|sa}yf+E;jw@nrwwgvlV7
zKv}!5qW0qFwFw+%{3%*T;^X8Qx{nT`@u4@G5nWx5{rv21jE_I@Lt4pa{?U5rVOr1R
zv!mk`kiVqKH!E}A_t;O-0#mMzr2!hB%(X|&(G3Ht+Y_lIQX9j!Zg
zke%W+6#u2D&*vReE98aqzJ4q7`&5V%i<@wM_cz6O3irL_l%t=Go3UOC^2h!b^0$s5
zZ$`Y*TeL5nm&;|)ez6J0xjX5P9*(@9C-VBlC!fdb+L-oDbs_%tbF{ye=6$}7kp}ZJ
z8y_s_JvivzVzH!n&Z4}fAMt+o(T-gwte0O$uc2L7e6(o4#Q(i-QbGHlcjNgEAUjv>
z(Ep3{-qv*Dcg{mQ0imeBfOvUG-BQ%IB>hA3=)cAx^q-Hz18*ar`4#*m|tDnZ|QF;@`l;$NZ0_{=?hxY9#7krF9kPu3|BTiIwS>
z3iO+39y#(H{SPGlnq6q;AkE`^y!sr5{DbLuUcBB*5O5ZskS6qBgX~PD`>(tjzuVIM&fEP@BF5no#fS6k9}Tkp@T36a
z&+lKXD6fmBejY&eo~G+vZ5HbDabVspJTDu1KWiuHw{Kc^v+HK;Dp^Q*eK}(l~RG*5!C!I%yT!?{^yG=1=wqJ;pe=zDE0w#Cwzf
z*5p4wuc)PHXGsp)q4YvD1|~ihheZAV#-SfQ7kf7k^_|K7Kj?={Ke8k8ydSo|f&RRq
z{NIW6@Abm?4UfL(2j6^_ozVrGVNdLNcy()+^Ul11s(_W=jf+!KfL8O
zjDaIp|3Ke}INy=j-8)=f&Io*(LP9
zcOmlpI;zM(eP6*kWbhf(Pv4IEynlwrVLzW*itP^FNi1g+QU6#2>Q5woEj`E7p}dH<
z;|~e+-_029@cRx=T0a>@;|Xuafsg>O^IB$%_W5-e3JDwI-2~THemwg5m*%yxENn2q|)
z^j<3WGesNgt^9@a{(QQh`Um%SY+lg1g>i%C6U#HQFU%hv!9>jTkH}%%-bkSS1p};C
zj^YO0SS%N*KMTKyM0o(lr-<&y*?JI@HI&B+^NP+5SZ~-bthYVY+X*@Vi<>Y{D5ZQX
z`W))trt=*@>r2A@Mfot$F*}EBQJ=5JR?>XBC(*9e1Ul~FEJQDch
zLiuC@#j_W$_XpY$?uYTE{#GoD_45AdLF;nDd0dX(2N%xQ0l(4ye0sj1MfGZaLtZ$K
z&!+n|t!-HEY0}T2aprS(yk7XY*KR-BDWvsto^ND6#&}MBgLcx%P5=ao#k064@_bzV
zWruu@J@UN0l8uoU&ihTYPe6&DFYx=LGc=!eS%7}>aZ&{aURJMgUhdcn%2_tJiKQ+Tr8v8d>CYrW6&Vmx;uhM!H=i56W
z|AzeM=k+2G_S)lv
z_44aIGZ6VOiUYSZg!;)uK|fgmH->Dy3Vb9b_5{*+vE30L*{+_84bAzCEM;ki~T0p-T3{N2C5$%By3E
zkMEECO&j!ww>!(@nEfwW$n)z|4NjcJKTEKmCju@6rZ3!=J}njP99@of__*-~`m;E%
z5X`f~A@N{#dWE1q&!6X7BOl)zdA>e&c`nu~T(?Z}LB59Wb8YB+Cx66xh0hC)!MMcg
zHGPTkNueF#Jb0it`YC+xEQOv^@1p&9{Jbt*!}AsHqfnsd2to85fyeU+
zwYzYB+**fr6pvthcpmbi3i+F~uaEa<8)#@2hgnlGK7A>kTj{#!NY@1)2M!&@^SYOb
z_5(=2mh=aaKEF;6zDNCFWwg)xPa&<#8PK|@5!q4IMSt?_QD2dGr3mEzE=Hb@t7Xw>
zKWhQ{17Q)%-Mz@0P@c^D`G;=A)BPj&$C~oq5CK1Z8|wF4h4%UPtgeB9f?baTtE9yB
z@%!8t`%zy*@SL$0ZX{WpuWO7=4mg~-%9*Fny(l6p?%)}k1R*~t0-=K+*5^$n4cCVs9#8SZbAUr`7WdHomdO`
zG!v^<=A#qxc)lm;evSJ-GZ*b2N<{m7d^_!m`o`1`9nrifiPkaH_G6se;OU9pPC`3h
zX&(-MFILC%`tlI%&mn&5BD60ZiGIT6ES7e(
zkGG%^9pQ27@Cfx)==nSE&khHW&l2>9DjJtcL(z^m*`Kx@^JEdd2MXzjSRPXTaFW(P
z{fN&CL;If7(a&V!}?R*@9@c}ilI8i%Z
zrgr4#)i@XJEDT0FeEw}*f$L7id(lp3>bKgokA2@e&+G`_pY?>Ww3H9{ZAASBnt%EE&UQmyxIZ}$
zCRS#@h`#5FkMqB2{QOSeW5(@_)JOeEy68WA6iZPx`Xiiw&p}6J_I+vnisg$;LMU%J
zNza3LKZ&Dt{ybXe=hw@(Ahcsg`=hx2sS2$3DXpvXILA}mY=@(t@K{7FkNTmV7;EHt
zo?PD<`_DcbY+v3keK#O~jILjvhbXK^K9TY|9*1*@*neJLK|5ts@AFsar!lP)x}ZBE
z-(BcWF}0Tl@mm+*{e_<3{^HUb)ITp6=i5O3$;L5dT4&HAJEz*ApHI!vA0E&CebA1`
z663)6l`wI$_OhaN2?)Db7C%A%4d0=@EAd~~p#FoU$oC>Xwv~B&9PQ_ED?oqNlfD!6
z!`eP*=N|Eew4Sz+o?F#WJU>!CRz&xYJTK}53j)l4*Ewh>i|q8F>rVI{V(khi=H52=WI#
zdcO88ALGNvv8#0dcxn{#{5q0>e!|W-hw><%kByT<{*Wo^?;wB9r(wM_DG%q@^)<@t
zcF=t4L;8ha{cvMy$8JVEt_-&C3_*fg!(M-kPAkA?>64
zPIkII!+M4J%*a;qqV(aY?@03(@6T-@p=JJ?(0b-{Ih)sgJ0TOcNzc5dzq5gc6-k;**$#&{*k@SBb
zg2~S{E76WUJx}*0z8j6VVL#BH!Ni~bjQU4((SNQlITCr{JU(F{p6?^N9|twD9O;65
zbzii@ulEDj(N4G`@;o0*aacT)MAsru%w6KJ=t@7~%IEYAizgw<0iZJTF>J*IisswBMiN&;XY|^Jkm^
z>Squ?ItKX%biZIr{3Js>UkiFKhTFG+0fE^O<`ol~kw4u5>*d#}Q6lof{GtCqMi0RAvLye9-a|WoJEA{)96Lhm
z!S}ZP&Otk=31}aNDX|=1gZYE#G1~7&v1q$k1!pG<@FehoACcTY#xF9*=gucZ_>X&@t;NeF8Fof
zR*HUl(sjY(`EV54c^QOupt;3Ty8-!WpONS7)tlqcWc^7&%bJLHW8>lm6>kZ%yI$9{)_m(8c;
zH8`J+CI5H(;rT8LLq9JOf8hw)SwQP5eB7=CH&{QH?~4BL>v7Ivv?KQ#?eOvEZ8++8
zrFCXL{ut|_{s&rD;r*oh4zf@A10Uz@EsziCh4u1wNq#_lC#;uW7Y39EI_Dw3pZe_w
z+HdJb`z^Wsn{jBTJ&p6+e#TbhJJUP`m#tV9p2Bz@+l2lY5br|c_6Qoc=M(<{_QSBa
z<)rDZ`On0U4@LWX=si#fyI5j3p`G4z
zAFV-r@k6vzd>`%nrubayjdsqD!MO4JwXf7JzVzIXw^uCPr|hBo6wcSK!u~JJtN+mc
zfpFSC!28v|2=p_H*4w$Au$5?M#0m6=kLNu`yuxxR>I?UmE($YvW&=dzpVr;!Z)!Jc(k
z?+3aM<$fA_Bj1&tBk*>Sy^i*Uc}OzMUo1YkH_)FD@}~$cOxFK}d4;Yc+V`4*=gaMn
zqxndfSDaEn`-w&9Kisy6rSUfM-WRc6?*B_8tT)l@|FHKa@R1eO{&>qG0YxJZAp&Yx
z4T#vCZ4yw(EIlN{EFlRPap`oDo=HO|-E=xL8AOeHeQ)oPn|mFR9(g|QT$}p
zzH&+NdAItv;UG^2m!z%9aO2y}vLGHJ2J2%w!^NA!tG4F4C0^>hd^O9EU;Ek`~`F)?F
zQ>*6J?{7TtL#Fe;YfMM47oYws_xqc(n9ii4bGn-MCoB5TQ~0eCdbBoM}bpvBZX$-w!{D`O$QKsMfomD0_a6YJVa*2BN*+54rpEJg)D(
zi|Jgd+D|`<@iX41-bdw+oon%1{;KTB*Ofide%(<@&aZwc%jZf(|D!iBKg}v`tm6Y`
ztM>P+_Ip+PRb^+6R^zHxc=k4?vsmC6wgbO;^*^?jQjnZ6W*Y3pMP@YIODgfeZB7Ycv4is=cklkq38WWZH(_y_Tehk
z?}LpjhZB03PrW{VjW+m#&KdR0XG*pI?zdU~y%XG?(w*{8M76(h7q{P~+8^A-^!KYe
z98y>L=YJKQ55I)zd|%<$T*mEh-p06|_gDRf`~CV+jCZm6hO)|D`R@sjD*v`ity9|m
zyk5l*{ph~5E=ked$AEOsj@Doz;Z7sLYDEg09^!2*=Rpp1Z@)-zzx9fKtJ3p3mE0(7BLDpGPUio9
zwO(ueY)SEWzohJ>)~jEw7$^7>#`nSJ_`SE|J;3eA`_pjrbQ@LONdD17G!1Vp=
z>04F%WA0-CA69a{mi!r^Cx7|_^P}y2%?G*PDV2}V<2r92GM!Jofaz%c
zd`P`V|Dx8Zi}iS^f6=dhy?)>|j4!J?K)tV-S>f@fRNi4g(FrBE{SThc^QGMRu_ym@RdM^z-^vsFY=wXL
zc*g(nCC0y_@K>doj(`2VPQ`Wo=V!ls2J^r38O;9&nOvymUZzv$i*p|SDdX3u{X3;i
z<)3pCOy`)KR}QBQGVcGr&+w0!&doL4Ufc5@O)>6Y$0KiN+`o>W*vzWaG@t_
zDqf-W`Sb|$)1vm*dcLmz9k-uU@&7g@&x3oo{eBg9I$PndJ(F?&y1Y}>^Bhw3Jj90l
z^Epy5p+B7`@w`WsoV(u5`TbROZ-Ca%`R6b{-&Xse0Y&Gpa-UKino#Y}RQUNyAGZC4
z>7TCf&pd|t{D+F`>hTW$koo!BZ@B$G)I2tPf$`gB7}x&Ex_V#!N4+nzivC?;rtiOZ
zv0KF%PEm0N?dP9;DYy66gZ<*kjEB^Er}_LM**7td_2)A`&sF`-?PL5_m6u;u{Qv7b
z*K76p>e&weoX2&8k`JXt_(`fKMf|5q>^`iat?sq?wL*3Tb)fZOj>>+jjB{R@?U-lx``0}Ai_I=BDRNlfRN
z3LhqeAoT6pKXJcbRd`yBYxY8J|4xM;^J}K_N)^x1@8f+m(L(-yf8dWqP~f+yelJmU
z?xzJp;72LH>uCxXWmf|KrOG4d@!oz8vEr3m*1@Lj<+%$|GK=77C0fdTUFju?^8armvR4kJx4FBnD@Vl
zjWhkx`Gwy+$nC3q@rqwP!1xg?~N0dzJfb{5$u1
zyK28X$@K5(V_dJxe^&nUx0U~_{fe{xz;tdup8KV8O8Mu;YnhJ!p4fJZ>x%LI{teu|
zL-l*@r@6g<{XPCkJgy5>+*|j1^!vGe=C#bH#=Fzp-hV#y|31#`_q~bRYyG+RYmEEX
z%`fd_{3N9(7b!kJcs1iMQuzgKCx3ht_v>FD-=_4|U+?sBr6>ON?t&hsf5txMQ}_Fm
zX*DhtH$GGGbG&+A{PjzBe2eGh;yakmg{u9(R*yzqEzvpK>+Ni`J{{XE8rL
zwM>V^DF3`m)nEPQSKNM3;pbe#?fv%wzQ(dnZ6`j(`|^jAna=r&&i{Oq`QNYj*Z8?A
zKYrT9-2Tx@-xg?qLa(Y;nNKnc^3TtH!1y12$@tS%`z_Dm@g9}(j(4}Ej^&ON^La;{
z>1g?%T+Q_c&-K+COn#C3^`B$?;4c{We}AWm-fO{s=eL;t4M#EmC#t%Lel;&mYFw?#
zPq@?PCw%5Z%;)gynT~!h_9^@0{|?msD$aB1Z7hdLC7&dXOU#S^J8LKQv)ul0J-65T
zKd0=&tg;V!9oebstNrWd$7`AX*PhCJYC3~d@FV)YU&Zu-*G-v!2Rp~jPf5^{>=Tp
zO|>6Z^E)!j^R=Yrx9^Wio<4uz*^P|**ZrGMXL&yN5lo-dO#b=)ml=QM`x%cZ{0`~&
zo)Vh$op0Kw_7~Hm%ukbQe}LixVqBAIy*o|eZ+It<_lau#)%twmE!_SdwJ+BA#1zTWSLT&dQ<7yXU-|AgxIOywuv(ZziBD*P|XkG)&%yRTCCg(q^qA5;FA
z_LrXaIhK$AyI1d3a`>u}gXaGQs^7<`{f_4Ufp745pR4So_Ge;ObH7VN%;!PH&)v#?
zzUSjSuIrRNdA!;mh1LE@%m2ZDWBL~=dDbgB?^E%Ub>$a5N8!(UG>_|J>Yh@q4?|QR
zD8DD}tFJiaam?rb2=nR@=P~`CtHK1`?@7BEpHTJKdcEGO>XyIqVdm#2
zil6s3Fh6e(Ge6q?Y*qH*US%Kjyqv1`(YL60xYnz?k7GJDYM-L<*6qyCUC-x!cdLG9
z-o@>oJIVcOK0}m`6Lxa-1Kj=U93Dcq1S^k;c
z!|gL_zqU)^ryR%amoMPVXrO
z{`c-+#_v}2A9}XpN1gl7^YRw854!QwOn*kTzwq-+=RZEc{AhhUkrqV3&z<)({(IGa
zkMbYx`3~a`srP+n7x(MG&+yaZJl^Bgc(p!Ur|jEBYM*|!qW^Sd|Ib+Gap~{hJ@^);
z^R<_9zuIqnv*PoWpXT=ZyEaQVD}8tgw||PFpWe#&kG3*SX%6}4xqo8Z?+-ls9G1iF
zKj-#6iq3u4aQiP^&A8_02V@ZB{JxxVVo(10Z)zaq`LQoDpSzXZ63XA3j&pl$pI@o=
zBfHdo@!#|R(`uftr7*YG`?%MBlIzLm
z)VY{b6`eP$eZhNv&+X4t_@!h(#CSiY@?YA{#P8+t`tP4PL)A0*>*`Owhuizt_l|$%
z_i@%|=ePZV`}MEmH#IWuUpHT_+be(XEXDu8ueiN`J-udu@okUe@#^>PD{p7HEj+}y
zp07|Wc3?O?5*y9Mv$S&-PS$B+(P^PbK&_^DnW1@px>1
zawMKg-arkn896lEd651&nCd*(O;oSh+ntL<28QCF`c#}cvrvHh`8
zVsKaxZQM1Q9*Kmv6Hi^Tw;kMD&(--qMa>Uz5Bbe^gk{%a@aC?z?2HfO(%HiWy3|d~
zUF%Yu1RWoM|XXUW|96s8jUI?
zqlr{M`kqnkv?@`v(n;emn)x--11^Wo_DDx}Q|w^W861y-$EN7EMzh&;wqs;}I;w}}
zs;C-Su?O@RQ{NqI?dTq=Df12=KVJ?b3Xsw3SrI=96;zM`>u-)t&UUqOlxEHcAxoLasm=nvdi3T+niYx8RD2*I7-u%2
zqbZYY~R)HODeOAaSC(w$#vBJ~4f*(}M{rZ{1tRZ5h|tDjJ-XvdRLs9B_b
zFfl+2=-#p6{zNuU2hsNErrpv-GB;&?qv?_M8RkC{89fxwbjA;-((%D)7iqe~FhApw
zuS15^u2o8+=Wr&Gx7^4v@(WXNjA8Mzb!SLxNBIT!3@bv0b8liiCwyMR&r;xO%=zze
zM2K0xTKPZAhm~yeer+0#=LV#wpLB$wY)52^q}!c4oJ!cK%kgi|WQsHk(<`Bg@DgKx
zo69%t#OY`vdoZwLo7qiYkBY_OqeLaAoKdm4Dc2?t9cO9x%&*dLgW8hPl-*695=O|e
zA4nfeWOruM!)ywKA#as>X;j;YW23f?40iFu6|h#eUioFB{X;OP%TY~-PQJFo4q1F;K7>(}FS9yNduZZe&M|zC5;U05Tu+!v-y;Cw=<32Xo
zW6U#G&BUFDE5~FVb_f(_R5UGL1!-SEuQBZldScxzF=rJ7LanZsN4r_&>sg&M8nyJ=
z^Y*~BU1|_sAGwXOj`V13UnVg!OpAqNJDDYyWl;PpIV!rtG=(tox6V40`#L9XaN8g)ge2||*h7zOAa2}BMoutd#^*#_S~rB3xq@2?t3iiLYS
z{jW2fBnjgZ*d^?IW3201XJq>6Exg{Vr=z0-@l2vy#DPWzd@qrWguCU`n_4ut@T*}9
z>Hezs-{xnv0G-`=u{~_7aKmH$6w?r^06XKPmnH5s8f9cgF3=@EL=tzcwTDko~7xEw9
zna+|Ql3=HKPhxa5P8L}|E=A&fris|(X9_=5vLKuKDXcoeo>%Ep){qz(R7QpNyf*ca
zy3i@CSU>%%2$=4WG0!ALapM$g&Z?#RvwtLZ6u*d(Y>VGw%B&k
zZK=13g?5zrtqtC}VNk_3d_dQ{=Ys~8Z6CBS@BG{b^>XvaoOhF-l}cPWmd>eIv~R*A
zmW`rIErNSRcl+!%Fl`szUkmRTpFiW^KBFz0&tx@KDJ+6<+k%t8a;q
z@+^CnMeq(wOdio*VxJ13`sL*qgw5U(dd8I;-IL(BPoQ|b;SJSqe~G)Y{FyO4Xy_)O
z6YO?ZzX3nkrQ)t<9#`1d02f$O1CK*&Y@jHVv#6Eg7MuEVmS?+XT<|fEbIdB|wy!V8
z(=FvO{aUJ(Ft5LWF00$MJI{__3VE#sA2d0x#s@0tyB6udO`zKR%_0Q6E+>=^c-{-F
zDPU2KD=wPN9SM0XOXDr$n)CGbMJ^
zea$`YYNs0Ang$SBZ}LW3X^V5j)<5%
z`7BLxZ`_@uXd{;*1!KP{Mv=l;#~`J*sCa~jVHgrc8+FA~a+o59-L0|R{SheHpxO)(
zlGKexCNFW?!7=b1vOVv#4~07ahZj)^d>Q
z`35P%>tBO$nTiOPocDrz=Z+EWwpp5>w3{v)|jDPLby>k`SCv=3eM$Q%7<$K=hrujq*5b
zAmYl~1{x&>)*8va#e+YM*}q75Y$Pel;xoCdN-N>+N+iP@2YFXR_4BDjF455~N+U(F
zZi6V+?WDg7{UcEXrIpcDa)Bx6_XEE?V7QZ>%ggm%wY=;e=$&
z&729OBP}Y+DqS6O>qsjdRUw}v){}`*eZNS1r`7vkq#s!QE7N$=edZ!p{;%8{Fqg
z?8xP;ypBql!(z-DX0zBM#(6FFP-SPhSZ}UGOPm799+f1FCSvhiOq4bhQ$V%E6n+D|
zmGFFg#Qd_fQ1LsL&xlZ!WA40-OE6?QQdE#H$V%wK`SQ&w*)X!rg{t66w9gbt+7lBN
zD8;Y73`>{Kk9XxEquJ>es0X69CnmQ8*|C9~7%3eClJ$OK;>)Mk9M4ek-k^I5Bhu`c
zU48hF42Vs!qtRBE8L~3FWO9OzQ620eBiPv!+mYEvCrOyMQgyzW5H5Th@p1F3a1|v;_$^B~4jmZUxQ
zbcLsv*Sn3H!*eDTrDJzuE(^XZjk2aq>0}w*h$1*y_#_Rs?Txk6UVMJr)GT>+OqDU!*umvMS;3K(Of
zRD#=MBRR*!m1&ZV#2hsmmkNCtZ86C&qcr7zcVd?oS?XCZ5cS#3CJrRrf8pJ3mSd^henvA+6R;D;&A)
z7eOR(NY}(cb1d4`FVmoc57*f`LSl1c)Si^Av*=YWCF_vP)rXy#xGr&+yy0OwJWk;@
zl`^J@C^xD@4yz{LN;e*ijLFL%M9SX{LR3DtTshh3sN50D+&OW$Bco>G{t`G1aHNJQ
zx|OT840gM!E(;4pT96&mO606uucDF}L2EEgNN@+owdhie056Ofz1Vk>NuuReTo%Bx
zs37-RB=$El2;=SrA3<}sPVBgXW0kRn!Gzj+({_jCt2QeY?Bz(C32$DLW~;&rBL!1v
zOJ-gd)!Ruw9~l#cyPlx=9T9%_SJ_TK1C5@5z;CllB7K!dbEUeMR~0qioU8DU;G$!tOORkL|t=S%A-OJ
zb+kY%%+`8FGXAoRrB{SCrhAbvm
zTw<1_@~9gUa&nFHT8x{(43wv$#n@2M=@ON-7_~xbYkRh21ujm&qspG}TY(7`POyIE
zMGjY(%%W*Du9gy|SiVc+oY52w!fewf#Tdl%zU0v;oja0gX3o{>^hpWkn+yS^OH`Il
zj!h*63Z@St^^^k?_ch7nUdJx7fg)?;rdPJ?PiGIsvx6OUh{5v8h=7AAd@z(Si0uK_
zFo+Qp@ZfEvF|E`f(@NsTiReL3N{LqB5|yBZuH}%IS;|$H9MNzrCa-FW@wJ+?&7-dJ?_5=0+F_k)xGqnLq|ZF6_>GDzhHtr*~)`WgP+;JpX_VG+7yPTWLFX*zfQ
z%9tTx&GigXRhGD&Y}7MNqzmj~J0^dS#;1~bBIZ*D&y?{b|2-=HXWSc?K}t;{U0$S;
zf%$xREr?^6hKHSkx00Ws1Y7y4<_5KC+hWTk3iD9I<4$Q(GUpoj+sSXj+m
zIaJMSEBVrJ1e0{B{2Us^#=0B}cx0lk^^N4;iHM*lbxYeJs!VsS@sZ($UcRleZe6(U
zVmauRJ3x}8-bw|MYJp7_<$m2w){zQyN5Uj>C2o-;-%G>v44t-VWQk0F##UcmeE{gB
zrLG{5kPG<;t)Q#ey)2)wMG@!#jjQ1HC<5t}FF6~GeJ8eExy-!lG;dDTg4$wizHD6o
z*m-?}o%$^Cuzw5f`?JXdL%G7Q)RAFk3o(;Q?Eim)7s~HY1SU%XKN%tt2FIuTBKSrI
zXTv#u6~rhK!3*LkxXNUya125;8VS3BDO!D-DH`Ks(T|Lth;6REf09hlk?EBDIdM+m
z5JkxP(_^BR->edrrRj+KNlvC*A9SwR`s>_|d1M6NOjdyk(CF-h*{KmP4*kS;vjkd^
zghwshSZ81r_8e%zBl=cnjlGsi_bI;7U>6wuvZ0cPdQyKrXiH)I+*l@+=-8zqrJl+F
z>c^k&m*;imfn7=nH}c&wDqkQH_8q&2!_o3+Nx!B+auHL}=Z;=F-s!ToBO_|3qRP$b
zqT?ql^bH9?y6AieS)H8}0^f*Og<+!#6dfflcW)@yET?7xPc4a5jM^SK_Z!4=@dHW<
zp4@~t;H_f?PRyfF*4OfAsnJpMmH(uzd0FoCjmN*@Hp=`5C%&ywQ6`xca37lSg8+O>~W)ktC0C6=06;YD8(TAJ7Q)eUNh(_doos^-dLkX676l4bI
zriffZI+fm{m^_6l##JEIvJs`Lcf4+$Psyy$x$0J8HrE&z^E%O%Y&FfE^p)vieVQ3v
z3|q2Ua8v&x$1PIa&Kls;Uhf;_=qxEsUb2_me<$wbeXP(fofvR8-1PpGRJwq%dpZIt
zq(Q^59{}~TB`cj^GiY=0+d2P{DXouC{)F>PE#7@NbN{hUC
zy{1*-n8+*L6B7qCY+3yVSvZ@Y)en}_hrO_WedS>qgYJ%QYn72cihl_+K3c*mW_->u
z3Z*V&Mk@JhnWfnVQrzXNUB=!W=>}Q83R2v_3TC8R+9GCt)Uu8l8#@v)W#9};nVE=j
zHIt^%)E=#`y^%Ds1x=`lwsWg;g^niELRo?#EzC(kTWTa4z?@p>lx$Ir&uhKe45Mo7
z(8;)Z?CL)uY-0|c9BoK(VDRB4{`_TCrf9u0zwuVv7t5
zxgifndvixdCCDy7>Xw3HoVpd!yMF=$19Y`9h45{0TuPME{(u4}tU8nJ$x!0Gg?{>Z#eNLFmpWh&B?W`*4d`A>%Aa3CEnw3TUrtqk;DFyBa_IM4Q{
zQhd@HX_*bN)3a|BNmM=q6--Rp7d&F>EIcw@b6+G)b;N9~+$Cqm^o26{vQ>FAVu<3E
zJJhXj;`*W8{b9OTBc?|b?8Gc>i7C{>@m>3j2by2c;@?S$FA)Xm&ZTmu`#5Q>r#qwM
zw+U=DKF$qE(eAA(7E$RW0KE_*uH;x(w-kh9AHhQRR4?TV-HXYL#Ck*?fR9g>AH=7Z
zR}@D}t&p`wLy1%-k(KEH70U2r7Islfb811p+om@*CoQEiu9H0#LjrIT{-oOQoo6i#|t4k`Y}E=u=yDR3m*L
zIe;fM$eaz*7wg4pCvysdn~#SjAh*r6D#E
z@;=E<`Hi;n)7{dT(KkBd1N6lNj{4I36qpTF{a^0$v^sUu{Tms&go8ekO=05!IzmIs
zKfl8PsBsvR&*bP>cG+Y^W`p#CiU8eX4LSf*=vb$2;|tPw!<7Z>x?np&0q}}j|o24>4KON?3
zp^7^O;LVLenZw0Oius*;0~|^?G(!6WwyCwsq=ZS{lxK|-Z-}uOgd!Y4eUTu&uq7sW
zOffxNNDIHwn53Ztm9+YaBn>UH?hT#vs;c0-_pQ+HDBSX2tf}qrg_&@9=Pk@M3LLR8
zS}?0lL|xu>rbT3HlOz6YEd@5j(&yy4^Cy}nIZ7@c%{G+^sc$<(8svH@j)}_SwK_{)
z%F_jA+d3RKUqe@x%Vj>m`|s0rC+}lFIvL?j6U~aazJ#(c`cP$=>6a#1#3xj>l+BYh
z{_NiG<(OAvT#_Pey2d5{#bg;9pDWwQ8mW}J?3y3;q~`KWt@)Y4*4F$?$p&{*9`~st
zkJDgw&7FHJZvnete%fdnyhgzIU^#Z6L;^)kfsqcVNU7GqOvg71n`97-eTySTqOjLv
z6NHypiAb67LJ!7MPN^Hwt;DG)_b5{F5I-H|*vt?=ghDIUPoXgERtTy3`!+;>3X#I%
z6q;}M>A?i;$Hme90zuYN(h%Yl4J1X5d>TSjazh;!UCSZ$+@KHQ2d6A%la&8RMT_f2
z`I0!qx0epi>2fyrs~_eqM}@|W7q8H9I#IUNBJQo{2*xIN?XjY=V~U+{?3Us?vH0L1
zU0pGn-XG|oO_W9<4nfF(qI=t8pa8R~NgGUcN)M8(V!1(?E$Wt5x7La#&=UvUJxt+F
z0{x*=_PRU~RxgYp=mH6|+~`0$Lc=W^@1!AsmAB@qZ5BK9fes5c07
zf17w2oG5cd9H%TrD!V8kVvjI4dLqo?mN-u@VfqZ9be}zvHcg0(yokb83TBIS*CPQ_
zG+RV)ov19`Jd-$(&eFDtqP*6C?UuauLUCl-8}&$+_iQNcOS#kLEG0|R!?F0l0KH-^
zd#d!@zDM%zK3zR@VjBFJIMUDpI|(n5yv+j*(de7%y`t^{+_^6DF=Z^eWX?UtN8DS(
zq3rx9nmC2-54IKP#XB}fK&3ySgH84)teagebNi!;yZqfY$Wpt;h2vD^NyW}`(WsoA
zWi2VvmtqM^`DzIY(!ICV?
zQ)O3SdFgoLl1lflu&a%A`rKfVn0r-fA({PO5V=p(uoO>%Ul#C!3?%8?iPEJ}Qk
zGdlFF*FUl_#XgX`Y-|_bQI#J~vh_r3s5dAYh|Nrfqe#UR%DBOGRu22qN}0`%=STcp
zLuP)WObgGlvymz`@`AjVYthV1xJGSn(RbQRp~TnP{BVhHw(;Q&yxgVJb6#WPBNcp;
z3)3(7G8-Q)_C6aQD&v(lKJUmwztyNy6yK(MVh@ZY24lmCVetvvKpQOI`AR3W5r`VC
zE1s~Gh!yB#$nxLmdJ7R(AREg2ZdsuvcXmf=%TFr|MLM)KmYHfD>^N8~+5u*9Go%mX
zeHk@c3Mvs}gsWb+h=>F2(|si|o7At*<8M(Ozkdf^@_tiR58F4@Wo_r(%~I*x`2f$r
zc3YpJ^6p>Di$VZ7C!g!t4wqkT=91JwW4l87eA*IrKfWjOU4;Uj`JUCip*8d=u6n}Y
z{Cd~d0?7l32Rs}lTdNXjNm=nEZKT}
zh%y}-n_E#H8Fw8geO1{cFI(n_yUbL$59_nug;rVb>HBL`r@OGHFZmge%vd%NJDAMo#^T~@7N(|KcE$&Clopnp
zU%gkPcn8ME~5}8~wJ)#06Jy#AbY9YJ2C72=xTPe
zr?siASJ^#ecA&1aYt$%Cr@7=?uG>q0?@H`>E1oHDl4tLBi=%f@@r@*^!ywHqxBMp>qAuuIS7?7Wk#H^0maF5bu|x;W
zY@A;HZSm0rgcA*iuXPch`Xm)gy=6O%QD|#aUKgcbB~~9p4<7Y0{9fQrO!b9tl0Yo4
zZ*ica;K<|^D8{qz?yw5bRWDgS!*pgNOS;I;K22&sxndIDY&s&nC(d%hFgbowe
zSD-_iP-U6A)7f4tUk&0$+l}gy%IvY_^}Q+de$p`2RX~zkUxP+@FqT;`{T^vdj^ZN4
z+(Jv)1HGaV&srv5P9CM!Pc|h-1{32Z2Cj8Xfv+>Y@>nMT
zX<8dKj>Lx(+nUHliYRktZ5j!S#AG77m!6={lzLX|d}HEi?FuB)A}zJ7pU~!7n`$XB
zV*`(+HB%_A@dZp`p`JH~aJ-w8SEyFLPSXYKfVB`rs1|6R@=n|FS`H40vOK*xsmGs+!xsmWoZfA4X3
z-FC`S1#qYICeEd0=|bBZIdjljdAV#hT)gqnP~77P)OU@ISS!Wn+|sIBSuBF{&{qluj2N9;#sszWL}6LWS4
z#He*qrkS(rs>~gyu#+@5I5yNCQTfBN2XC2#N~{z
zar6+~041drLi|;i*|#P};{DPVN`S@{&ggsqwkE#E8^)c
z7QU}OmAoz??p6?i^a!D{IMpfHNfNORk>R1ITJ*0JprKMI(U1Ho8f`i#_IJ^P&h_?m
z4*GKB?pkpKU~_n*v)4A>=qCejjj`^iboESfr=>&7Rh|XEmJA`qV4a)0*^c^DE|sHJ
z;xVxqAI@0a$i(%kos0@O;Tjd+^AV*{@gYL-K{p~UMoDoWx(0V37a7gT(k^Nu0!H#%
z(xT8>R(rX%OX7l)4yw?W1w2}#M7z8KC#Nr?j`N1wxirI5JZ2JN#aUOjVbeO+#%w?9&iAHu>~=sG(PwO$Mz#4qP4ej;9>m%xp?pJ6;wKleRr+{66!`ToL==)p
z<|t}Jp($@WdABuaAQ4JBYbn1^hUI{u@%&aIhKAZttp@WUwXecHo$x4vaxqa`N-rMR
zvGOs;Zgu|F*V~)A{d=QxCRZ!{&5}(rT+*#l7jnw)CTvJuFHtY#|VZo6lT+(jo186;TVL7{%o+w=^
zA-pQXxGXq(VY0pWGT8>!#FAMYv9Qt_AKk8U8hMl1O2>B9Zz7tML(}&GAv06U+Z0Y58GGTu`Fa
zSKcEOW4HX$!o8RtqTP&O!1Pn3K0dlTo;^TU!y0*yG&sMT$3WfgNRQF}$iQoSbZ089
zV=pKvy3%r#0eQR=bFXdRXGTTD
zI*JwXW}yv~z0P|%^vefpc+)^C5qBz7H#*Ni4EkuMD=m^YB=X`d$#I4@tP)L>Os0!J
z)zud?X==A@U2&-Pn(lq6cQ3=|J-c{woG&PKnV&9nTMY#n@GkM9Txg%F1coc-+C?Jx
z-B4F#8=U%PzK@=yDm*Tl0)K=jLRv{>km@il$C9WLPDGoOdq(!klwB6|SgHlzA!@cy
z1#|FSsF;p5?x)0`Rx$k<(~a35PrjJ9sKl;+*BTM8PdarlK~*M{^{0!Ebqx-@V&+C_
z(~0sB*FHzDH9AR=`s672>&d|mnc)YIKkRJyoFW>JN>X~><*udI-@(teg*>&5z0kSWcPy-_fc6sJoP
zDa>84j{P(vJPk@8HCr2=0HLjXOOnTlA}`Q0;es2~f6wpYN1D3&*wqw+O{=RP2r0Wt
zO2=v`#-#kC3KDfm$qTNX2&0S3OQ|=+w?nk~pcF;0^UEq??Mk5{)EwR_IpBI)X!L#O
z6{PEuQggLWtq+w|vj}is5gDU6DnhW*9B!fYGm$-*(3i_^(9?nMH+AQ@V5}l;0A=MW
z@B+1F^yf5bo_YUP&}}N>DvR%W$~zE-(}Vl{29Z3vZRxaOpAiYmU3lU^mWti-b|GX(
zZ98K631c9*u=#VoqL8FnC4oCr@d0@mq(58W&lKAqLPH-34^c3N^W9?OZRyAR2>Dg&
z5xugP_+(>_A}^w(*&Bb6Vv_<8HEnLmGi_RJKQ$c^71O$V>5#EkDaC^9f)0C@ICpOi
zqQ}Mn``Si4wcgr}s{vrGw{HNRpD>QXKsm7|IHsN*BEAP`F3pC@0r>g>Ax|8KtAA!s^KyFaFFO
z)$QerO(qYixNRpVQQclljmzv-$LC!&D|HGe0L62_4w{?<0;rq4$vEdZ#(23fjH|SFrA`D7j
zC!mX)_lbBH#iC_VD4jmzShOe?<>>rAdjIH!cb>VngeN$VylEA0)>1p|C6L+%tABK-
zg^ntB_0t(ksl~|sTlC=8(1FhSZt5tXGim?8qb#3-e24YQ
zylKQzW-Z
zomgKXSyZQN`KD=#xD+RwPOF-c|37piu92Ztou|#Qm1re=MRUc?uDTRNn`$pD6_XOj
zHligMWO*&P?;GfH3G`bqXZ0!Xjq#R*ksLP51awQ))Op%XdO5fgA+B=MK2CX_%A{?c
zAh1Ye)1>XXjvEa&vr#iw0&q9?}W
zh_?o3vpUf=GWu$=P3p&AU!t5sx2(po9B8Oq*GTRo_R;;3W_MGRmtc*}CXGUVo|3B8
zL}DQ}lpM*4Pa0lN_g3r@A8nz14r!aIScQHo_y*AL@Cm0)VqTZ3Z1PNV)s;>+*af0q
z!40O}TC{hq5=x{-g&gbwdCLNMb2Mg_pm5M-o-%AY&vp7ToSqAxH@gD-bYlVL;ga=4^q@ZQ~Q1tIEu
zO@5#jn@FX_H>&h*u_DCjV>sfB?NBy-
z$n8KFNm@)~Vw~UYI320(msUra$x3wYy9|sLoW_)bBNn>k4
zfGrwP^~}lfdXrS4laatZWGt(t`W~0mmz$kMx-f3+&2f
zc|c62>?nx3S!kldS)15Y&hmif(>jqwo})d#Pwmu4-|}3pB82i4uh;|H<@LL)MV_Ot
zW|pFSHYzl!Lj9Uh{TxTr@=(b!LDwo^N(pHtMJw`FOx+|j9Wd3BH
zi*<)*z36n6K^GFBn+rkCRYfH3)#c~`DOhL6Y`LQ=0Vk>Q1P+3
zM%!^eD;u??ZA2`aJTR1_YnRc-^@N@`EoMwN7{pSE{r{ZK$)TZ@HJi@RW@(U)qZyQk
zHrQ-cHc9%Rt->RBt~Mf-CgZ|+Nzf_!ScP;y^<~Jy2$ZeyGQUoH$0*sf?%1fjekqn7
zp^ZG}^z@}DL0<*Qx?Y7gOKy?a))a+1K7
z*2UXo+9+<4DBPuN^ZI}~ERh#TCB~BjX*w2>8KNuYQY08%EfV|)iC88?R-~U?zZUt4
zV5x@`E>4KchDpyWNSohj(*G`1^Wuazimhg1$t8U&U@LJAuE1)!X?hchNWsSFbMgno
zq4UjtV}-Gm$-7v5Y`kcCN!h+l8@=#I#35dFSaFly%}674g9p_umcpV=n?EUnKT17Q
z)L2?lCogE>)A3(7abCJb0U8}vHY{wLy&Bi+jVn9&m@$oI(xXL{_Q=eaV$Shd9Nm>u
zD9Z)t?Xk?@rg}4UN2WV@2DUb}bLq{MZeRp2o3~*4(!7xLwC8Q>^YXUjXY|mut#tRP
z@D1e`SqtQS>s7)RF8^@*B`>8wH3F?_PBnt@aeKFg$YPNLkR`v!mK`ocjXVU0N!qD7
z`c>KekTls|lW1qxm9Kd9$$@c_*_PMOF`(eo`!>Nr(ll=HG-w9Y7Ss&Fjo6jQ%%mYQ
zTXdfsq(d=$QYv+tJ-7&n#t}*ai^Jh9GGHavIbZf*BQ*H{eWoJ^|XSb1W6%zLB^eOxrT4G>U?GZQ+vm(viW`
zmA>()g1zFC!c>z*x4|aqw9*ZULAlF}@xHziebHM%eMKoeN*gQs7-TDl)hT?cHbE7f
zH;mFY(dPk$5fGnIZ5GL5V~lnKn&|F(E2P<`2(KDK(fBUq<7u&Ti{c8HcT=*@W53M}
ztOnZDTv%WcAUD;Y6t}=8iq1ht>zi(TDjEqx#*{y1%vn>hfEUg~swAXPQ@c1VSsWCo
zwTVrnmIs7TMU*0tP%Siziq-aq+V~khu`T73PA*Vm22RN_t{U7NN)^G?)2l9mNQ0ohkQ4&7^rS`E;iC}YC@{t
zF)JTuq{ZvZt|loVQSRY0;bj`0ErY5+Ntzs55$M`NPNNigvCO4Ku6R%n*uZks8^{I=
z*^6a_ZdS;0JQ>LOHuofmGV{|iTSpm(O%7By(Eyax|B2a9@xstIElc3QypWYIUg>j0
z8@6B?bR-u~jwG_Y6Lar+O^*m$z`J%~Ez6!txlmxJqVjqo;~*-58=OU1jim1e44MX(
zL^eCAgo#)oS(OIf#K10Ts9P0G9@Qp=A%oC%qLvI?tw6;*Diz+#W
z)1#Yx&e`{|@FQQfB2x{rXy%BG*7@Lhfzbv}kPFKsvf3gTX;2=yPozP|C`?6mQPwzb
zG#?+8d45Tm(r%D=;
zJcA%o%VTs?Ht9=xj56((jEH5dZYq_phq1^r)?vw~k*7!L7z%vSaY*_H{g=-~(zeho
z72VhiLznBwOU^e>gujzK0MMK2iKz{!qqNbLdvj|PDDg$=RSY^|L^+K)1oTw~3pQo190e+P&
z&NuCl^0ZQzV9!Sp^_?!f?aI5rLg+c45>^*z)H@@mG)I3t6{oBAWBVy9BXi>xrn;d-Th&C{SS>n*}Jlm)sz9z4?6r-cBW*!$?@K`MhjIf_h52S
z{kQw^v<}cVUw-U7Qcvqoqn>SE__>H;;HK_wm
z2v(T)7L{D2+pjyX5W=Cig!~bG
zQ=&88MP5Kt=veH+irIeSbDlhFCwaf_$yAkPm0KyfYLijW0akM`mxe&QGcJX(TM$cX
zt%M=ip7af((K?8TxD(PHgpHmY1}}K!4+CvoBiT9`h%L+3S=e%I710#Sj}GyYIn(7w
z+M3x&&{HxMT`bj8?D>r*dy3I7W>AYfZ?~DY2VJuWvJGGs>0)BOUspOB_;nmx&w5JA
zPx{y>8pq-qPx28;RTELPrF|vZh*RQPZi&^7rBo|y2~nXU{s7Nrr~j_A=i_ZpN!%(FFG?u
z3Z!Ww&*pmFa>Xe1G5795QXtDNz|<{u=s4jbBc~P^JsNXXP_arywf?$0Og<7Hh3f7|
zKTEjX#KbcZ_IvPBbfl-9GEhLf!Ey@lOnpSf>qNV7)_r=f)WLO{q997^s=wITi}glO
z*|Zo_y^b;M6;};9C7e3lXx0xQR_ExH2u@Lmw(u>^oMv;!CcIU8wOe#v*QSX{rJVu9fys5k*HL#&{hS*+^uF(bcJ))YIY>vu!$_)~ql$2dn
z;M8P(Uu=ms8j!EI1mtN56s9~B&kl;*dVuVSG%^M1zUatv@oL4O76%u{7QHxD)_kHr
zL(vyeSIq^J(u}&*XWAHBV!bkOUQeI6H3!a13c3r@{w2VkixGUf-FZ?l#d~8;X_J%}
zDkmPwi&jI>d2?rmtWXJ2X8D3e_4Su}Idta{bA7(GimXlfab>T=NYe9WbOS|DMH*M`
zu!$U*H@(S-#bc4p3CU79imygZ#!#ivBb8LY@mYPLq!l?sAuKNYceF3uCOtCnBaFU(
zfC+-F0meDuY!h@^35D?aW7;LAS`JyvmKYsP?^j6~e|asnb;<_aLVn{Wz;R-Mdy~j4
zJ3^2OZ!|evBBjFN64?3JXsFG(_YElHqdp~Unk-#=w@pq+OK+PjPl>RQSk4R^C)~V~
zf^T@^WaA+J-H{vx+&Wo$iPCO~OuKry$cv<9pT1Pk;h2lD>dn5BqX$s8IgPI!h33A@ypwpN^9b3jX1@nwZ<;-fZcd@
zrJc0Wu+7>vVtM31szU~tt=H9X=>!E^XoasdWMvY!_NKDeEDV-UO
zG{rhZZJD?XUDl597H6B>;%tv`Mpk?W!&>k|3foTuRDlSt=2zSDich5L?5lSR#uM?q
zodIPw&b7(5w=Zj=P)gzm~olPh|)}9CNV-(t0mbhvZjvlC|s73NOA~7lbCi3x4;v
zhra8;?yFeU@(g(ZpEWv|kg-A{7mjUDtNO7(V&L<_9x2nvE5oJpAv_}JUCb?xgyVpf
zvYZ#A;a||X^2x5`7J8*D>6S;y$I>I>wbY-Z@#}(xj$GCy`y|K`mvtK{q43O%^!qrt
zWZsvX_Z5%pnX@H9PP<;2tfBV#yIxa2mGY{nl!ymP25f^n
zVH2CeAJ=}Lo)t9w&iY!Y?6!cF_l4j#%kRm*)=H$-Y5g=UT=aue$tqkiiqX=gXh{*L
zZSGGFCbMMOlj#xoa&0UZKR~+!I)hCm@rgqzDp{o};|+L4a-pFWP()MYcb4hBfXnSm
z=ZH$e2Sx@d!n#3bwD%=mN_eF#z8blf8|{#S*|JX>xUbI&`BUEaoEDbC2`lm@IT6gZ
zx|HUg15eIJZY(c~texFQN~z3VS;ezr>#CnDp(C-E)y<2KIwI=6$xRm@<)K+ERxG
zQu3yC!g5%ZL{Hk;niz@qi<`gpcl3^CX&z{qNsh+)lR5c8CFOXECiLmrgVCmg@zhv?
z%o|w}&T-I;@PB=m_?NuU>+8gb8S6?zbyy|DTy4UUTN?HN`
zq(XR&`F^wMA-iMDg*ht9Y`I_4D-3i5AThp^q?YnMXn80}UL#>#_ir>3)sa%jf
zIlU3(*gV1F5FJdQJd%2$oMfTxghHWfF=);Aqyo!fg(6$!*wgw7*wd1hE5~q)V;f|?
zg#qt!Z>VEKE#e5$Qj52S=Ab^-F*2AKkLAQYgB`niN7;t+O?KjMq6$UEVvR3GkR792
z!A7g9tpMI?Gic`6WVr4r1%)hbx(o>UcaUNeT=*0O$)(IFq6lkIO{#O;M5MUI=K+Lc
z=M=hN;HJFHrC<9?(g#QJHboyOPDsa~id{-6KY!UEl`BRUjSna2J7K+I0-Ub^DyKoc
zj$O|2Oi}UWo;I~EuseDNQX-G(wjD?f=Jsb|tYuQieM=s7&npcrsY3nulUeb4s?ne$
zuolH5*C9$V8B#r(Q{_z=-w2}#cU6A#1BK#DgitzK5gmn-FSQ@oNx&k&s4D~J#+|Vao6yB}NV`vz+J(s~cdocg_Sg>5
zz2$|vq}P@La@t`Q$xx?b*{x6$@`;-1;_Sina4bGBpkvnJ18HJ!7^O`lKV$vcQB*iA
zVyeXDGV)G|9+hcrjgAi_GGfOmMa=pX-km;>9EfJK>Fka$7w6^wpgz~5G_Y%IB$pgc
z7@n#3{KQZ7bgLK(^d$OsaL+^diP*^st*mXZvL!o%f5RmF^NcY9tolYx#*RXG@Yg7iZWTM-#dIViEL`
z5Q<&A6=w%&u=0#Eomx#$j}B?cU&Byh+y`nQ@1&5yv$Ddzsn0_7T%G?D&Obb$PKc=a
zhaXrmXi=qc9TG>A1w*6z#pRNTK`|8tvt$HsKK?xC=B*r8yd|J
z&D{QCP5a#jt%{o~$I`^5mnU&M6djk$^k=UV50vk0WOh@@-hg~Iof?gH?!@U35ghu7
zs0uwurcxaPqzvR%sK1G2N?u`r=F=I3m?*6+&8$PNq9{OrHAc>-#?Wpkj6xi;b{yO36G*HJVOPIAjU)JjO(W~+
zMn17cefHKpySIyPMC6kF$&~Zy&Ac9(4vAMnYb32t-7!9P><$q7jf7?UtL4_$-`b6?
z2Th?s;R%%Ei2Wn+MfHhvq&PbaQ9(8L!gUstg;54W<3Q07GfRVKQl7y2
z?%d&2VvtqQt0bPE>Ko*Aks=5;a9e_kJrm}+GtezK*M{~D_1M|g{bXrnU;9S72D;56i8YvC$!y$MS3Lgd!NYi?F6|&1U0=UGk{xDJE2vy!O0XW_iN=Fb283aB*MN@h;>0W_{1&
zw=$f_7lWLrf$OLP$5$q+Q`S`nwA2g_(DTl@r*aA4`9OMO%6;6uFxIVb5GynHE9vw*m>zyQZ}8nnLa%IaSWe5`?g8flV|c
zBGz86+JHA=pvk74e8aSPfiXN%?#gH&VX!%DAxv!x`AycR0lUq93XMMxAv1BS|G#7>Vw_m>_ocnsUib}GL(UGxXk>TY3
z(k>UBI*)-8YrWo^SvdpqL9T}Ty#7FRk#UJMvwdDFGA=9Y+O~n`+}WLW!U&Kot0qajGncN5-ne`=PPIatUcx1Kx6h5
zZ&&bIX=)N_qG~b}4M*n+JkfHHz8W-0@%7S2n;hSu&&#`8ViTgr($)2Z{ActednBGPx{&Z_^Fjy33i!7FrCGW0E#v
zk@P~dVSdE-jcFvjfNX@LNJQLr%Ql$FQG!t%s_y7=if%lnJGzhFs7P}*Ax~as6Y66s
zlpRqu9=do+m~Ou;jWQSa+g8Nhi;5MNh->c5F{~g)!EFCnW!1MHk6gFzt4LdTeXT~Y
zjbouYI!`@6jLvrkE{Hg-)l^v6vRQUUo-TLn%mz(^xX@jH2S=A{o8KM78zJ2u>G#kV
zcJw6}BF=yXSY=WRSd}H->y3$ms@}wBW`sYdOp`DI8>8v5bfAJ1)%7Q6E9uwJc7>KA
z^)(o$nyt)<5bKa{T7{7Ft5M6QE6p5{qS82FzoG2QOllXk^&4YWy%KA|9CeIDcbU7e
z_aMd`q)5=MKrFXM;oz3lrF+Ade|BiRhLM>UGI{DlB?R*-K+R*27n|q}Hg&Xd-B4Tp
zO3?Dxr4miQ!iieBJk2sor*Pq6BNQGQ`U%qxn0MBmD28!zlww~YsvLy@^2pRs=15Jv
z7Y&s$D0ypi&(9l$>($hED6uoll}#2-tY-SPxdL&
zv^-OU)GSf7P%7C!nj0K=>QgToO<&Y3{yOaZ+kpZ4u7vnoMBoDse(h*_WFV6fe-DQ)
z-`%lod#wJV`iq)Emv7%5YXGd#`8A^cwYQfVG+tES9NOO7yLDSfEOJr9MXm4`enK~k
z;9o=waw`1v-W90wzZ^z0OqOEvJ{C2ebcY%x6M};1#aBd-59;ezc
zQYHW9?d@oK_L$J|iXKxI)C9d_=s(9w+M?A_#PKnq6X>6h0;(bUB}9K0J&FH3;^F^1
zEP;n5@UR3PmcYXjcvu1tOW5SCGh{e1jvb(Jl^;2M}(^B-)rfAW2YsL4+(Go
zJ&&Nj@$V17@15rzepHBd1dnxoKRWaa^?Mt&KRKB^F%+r_ol3t8ns0i;TOJvrUCNp2
z?@XU|GS2hIhCZ*Jr{;FcZj^jfYs`iKP`v~=ST<8+@_iudUI@)|38){d7zh1UK
zI@GQHo;&~MDzVGzr@xCo6Hho!{*yrYr|;j6mj9ge;aeUp_B5f;ln<{}?WcWs+oNb$
z^k>F`&qlrd>c7va_JX^YahH#H1NyH5{xcT5
z9q=8*pU_?Lr_X{{13%cl&VsjD@C@*ebS5qMj0In`;GMw##jLV&Ttk3A;TQ?Y{~HJV
z9741lCN20p^o#9REcluQp8)zJE<2$qz;^?mGk~84@cXMxTT=>Htxrvg3?
z_-_DTvEWtEFScKV_P>MowEfAf&tgc3FG2f9LHiK2M|>IDe-7T$HNbxjcoon=d>z`~
z3FDoD_K1gIycuX;1Ni#^4+DN1jH?~+&q4c6z~i7NeSm)j+7AK#1{iM!@CLxg0ly9K
zNx&b1ewRU?5ubzhYoNCi&>rz+Xg?2fSONT9V8>Pg-wXH};O_uAgrMJFLHjDepAUF7
z;Ex5o2JjyM{W`!KL2hBdzXx(?0sO^)w*h_}(CGyHeSl9}@Hq=U4)`G$*A(E3Kz|nS
z&p`VHz{dbz0{l!E*DBz5fZWyrS1yaxu4;I{`k;Lc;O_wXwSYek^s^4|i(p(~z#j*A
z3*gU%e%k>58PM+pd>8Q33;5TeeIMX;(C-l7{{`(cfZq-8#W>)XLHh~7zYgsu0e=Ln
z7t?@W4s>P!?*Tq%0slPEp9B1TAcuLtzX9|Y0RL~$pGCl*4egfzZv+090Uv<&D}W~e
zUj_Vf7}px$uYmUJfd31$pHu#=P>~*JUsKELm-zqp!?HTrz&{53F9O~K_!8jX27DRt{lL%)
z;4v82D&QZ7_G^G&1@zYe9|b&grmMGAK&J}uKSBFyz)u3a2JrJi-)aHJ{Z}2}T`(_U
zz+VOQTLAwh$iEHnGeJJ>fPWvx)d~1(fqpOGF9Ux10AGZDhXDTrw9f$kRp@sd@DD-z
z3BW%C_$1(WLBCUgKLOfL1Aa5Kp8*_(8=3|DxxnWf;9FoG=K-$<`U`-+66C)K_|d@U
z65xjcUk3a$z|RWcUxa>F0Z%}`Yk+?P+OGo+a42+^tN&YoP8HxFhEO%&-O#=U@V9}W
zYXSc(w66pFRFFd$@Q0v%3*cV{`fY%J00!0$_zfV>PQZEOyqNR?{wAQ`2lyjF5JQ0f
z9_VKPzYX{w2mCWYe**9WfKLLx4)_${SHO6u0e>0rGXwZM@G}ee@gV;>z*PuL3TPhi
zCqw%Mz`qFe7Xe=fK9>ML9mcf`_$1&ffIk!HuLAyNXuk&d>p>3dfY(F&(Alp3-vWGA
z0j^_+LJ-w}9}Vqm06!M^tOfiKo=0sKqQz76nK!FbyNKOX3G0)7*;
z?*)7a=C=>(`sXukmXeK4*?z|V(yUjlpy=qv;NOu$zFKNalHD&W^b
z`!&Gd19DpjJPCY;&T;ksMBuXu@CBe#4fst!rv`8e+&h120skn-zYg#W@E->JL(p#v
z;O}>+Q#={)e}VSxfPWvx)d~2|0Ph9-0+4eb-~%w;A;5nQ{AU0k2KwWGw*Wo?_<2Bo
z67c^4d2AoRZoIf>yf80SS
zw+8qdfPNj|j{rOj_;X;qEr357=(hoW63}S}{FTtY6Y!^je0l+If^qc$-T?H60AB?>
z1NdQ(^ElwUpx+6=FNXG$fJZ?7Q-J>~$Y&aGN<=z;W&p2;am@n$7^ih8Gza)Mp#41H
z7XiKi`02p^BH+IR`78ncR=}45KOg9?0RCxczY6#nAcr-;4+6dp_}xG!be^mKe}Q?a
z0{m$p|7yU00&=SX{OLfa7Vv)oI(2|Q3FHR{@`$fRBJ2
zdIA3)(CGtw5bzoq%5q^63Tqdw}-=ej?yQfZq#v2Jmel=W)RQ2ii{nek$-e3HTSF{S@F&
zgz-)T9*6cbfIkV^&jNlH@Hq$gDKPKzfG0uz3xLl7{YAi+f&LQUw*Z}Gz&{E23gG7f
zz6$sWFy1x5{}1H34)`-*T%kHw|NkA@R{?$x(60u(2HMvEelp0R7Vs}a`#QkC3wRjt
z`+-gi;A6ml8{jVjydCi40Ph6+F)%N^fWI5s_W}N1;ByG@zW|*K;Ew|S#{s_s=u80q
z6lgyQ_*i5BMcOX94hkb9xPh76CsS
z+AjhAUFdfi@H0T)Rseq-;H!W?0s377{4Qv}4)_&-ht7BP|C7K^72p@cyi@~z9pE*9
zp9bTt1^fp3Ujh6y;C~hHG_+p>{71mgI^d6kenS_y`hObC
zZx!Iz16~dIZ=l~Az@spawSaE}ybkb30H0yNdjW3&{B)2*8{mHeKHC9*F|_Xl{CSZ>Ir&9rQZ`_yfTI
zEZ|4Myvzaq59oIu@b?0p1;D=m?H2)mA&hGY@NWYD%YZ)v_*ntG8TwrX{3saj8sJAm
zzw3bC1AK;_>gxZMFfUbr_W)iE_#xoG2Jl7bw-)es0H1Y$e**9@;5&hS3*hI19NGYX
zGK{Mo@GnC9PQcHCetQ9bE#Q5CpAGXe1o){i-VESx20G(_-v;uW0K69Xp9K6bfKLIw
z1ml_p{GGth4B%LYHVgQTz~>y`TY%0y;A=213xNL&#=1v2mI&2
z=LFzag1$`xz7zPL0=x{j1bjQl
zVF~b`0-wu(Pe8vbfIk)JtOEW7z}En$Bkazfb-*73atJ-m)qgyHQ3ZG#%x^W|{{{4G
z0DqIyE5-i-|32_p2l)R29tJ!P^jiS`IpA%8e+K$(2mH0be<$F-fcCwBe;L~M0X_nJ
z4gvlwz%zh<9Q0uv@E3#rOaT65z$XEJ3h+4vcrWld4frEKJ~M#VLHk+2_X0i#cnJ8J
z2fP;aX94gZ0H2G1p9peT0z3}%mjRCgKP!Om06DJ$9tQerfcHWBb--&tKB0?T{l6ag
zuLAtdz-Kk!bC7?eE_ys_J3h-ZnoTmZ*Z@^~&{{iqb
z3-}+P{T$%;!o17_{$Xgp0C)uWUj+P@(C-r9#{r#Xz`qCMT><z)hpfe8mPk^5Zz^4G81pE(xPXYcA
z$YC1rb3qO>fbRtUX952f@IMFmnpB2DY
zq5Uf0?*#g5fL{gpI^eZ{hr+J@{~hF61$YYjtp@xpz-JBMw*sA7z`qT69pXSI4EVc2
ze_8-PANXklJOT644)`;Hekb7Tz)vsWD}eU_J_T|c0{mORPX_QMz{df<2k;5N`vIQ>
z{HcIX0saOU?=;|_fc7(hKM(ky1^iQh&jG#_)jIIY2beu
z@RtMsD}bK~bXEbs2>M+E`~je|4)`>TD-?0{|LH)d3h>85`)a^%2KqIC{|?4g3-}PU
zuLJy#KtBxluc3Vl;2#3K4e!fPVw{nF9O-Xg>}3Ht2T-@GGI;S->X%p94G$;b0RKDiQw{hR
z0j~jkH|js&4KQDIfIk)RFyIZqPYd8Tz_{7~kAocA0lyyFcLM%yXx|I?aln5c;I9HY
zLxBGn=wtxj4fr_VjWDhWz>kCZodmoI+D`%gKfup4;P*hkGk|{^+Rp;M4D&b#_!|MA
z2mHH0X94inL;FR*zX|vf;EOQcWx#KQ@vZ>g4EQSGS(vXizz+fab->R8enJhd{@)FF
z72xNBepUm%1^B4}{6e5p3;2_PpE|&w2J#F8J`D6*0KW_HHo$wJ-*&*i2lP7uPec1&
zz)yhoeSlvM?S}ww27Su_-U57%16~DmCIJ5|(3u200r(W)*MmH#0e=DDGk~`OKeK@E
z2mP4?{562j1AZOQSpfVfXuk;fO~C&W;6DL;8Sq)4zXJHhfUg4nahR_)z*9hf9q`A4
zK8G4z{l5(OuLAsbpkEF6hk>6Oz<&q*)&l-~!0Q12B=j2w{BMA_0DeF4(*}4W;O&5)
z4gGckemb=81^n-T_W^zhjCTm|ZO}dg_(ws{#{s_w#x()>>7cihfVaYYO#!|Q=uZRw
z9vJTo;Lia5X93>|{LBIVOlUt3_yDwD0Q@l^heg1zhH)(cJ_GHS0e?C4y8`%~fUg4n
zzksg+J_Yhw2fPO48ESI%{~>5!1^B0cel_4bpnVPC&j$I|0)8pbsRR5!p?w(eagbXJ
z;C}|WwE_NLK&Kt>9WdTbz@Gs0djbCh(C-8MYQTp8e=+Do2Jki*?>OKuf%X%CzZu$3
z0{&F!cM9;Y0sqs0Zv{Ftfd2^aS-_tKa+?GE<1oMTfPW6~1;Eb+eii}W2K1KzzXAAJ
z2K>K){tDn906DAzejLp28sJ%IzYh2TkbkJz)&E}uKUILY!?>ye9|t~b0RMNuYXQFo
z&jLOT_#EKdfzCYOGr;Ep;NJv%
z5%5`%&l2F@f%eOQ{}kG<0RCveR{{SX@V^H5FzCZN;J=6Vp)IcdF92Qzcq_aw)quYi
z_^AQB9r~>W{E2|q0e%d~Aq@CC0dE032K=-E{zGWr4)}XvT%Cab0{HI*{C1$<2l#t|
z{~^G?4(&65w*vifz`qLoOaT5mpfd^hUC{3o;J*NT8t~@;of*J)f_!EHkAj}h0p0`c
z=K=pM&|d)jrGPI2{wBbe0KWtHUk3aKAh#93-wAxK0{(QMvj+IfLC))de-_$@T3r1<
z7w{^;cS66_fPV|dRRj1a@Lvn~%R!!XfKLLSVZa{`?OOo93Fx;0z7y8LcEH<#|4zVf
z1UkKde+v5T1N_Ut=Mdm81Uv(H8_*vI{4mIQ0`PADJ_-2kfKLHF1^rF~{yrG*4B#ID
zI6>44)E^)9tQj%@Y4eLr67kkz^?#0
z?SOBG_ML!_0^SSw4bX2N;5Wi}hXB7D@C@KD2YejxH-J1R0RJ2GI|=yJ(0&T=7_^@T
zJPQ5J0RDU!?=0Y_0sT3^_XGWTz`q3a7XZH!=6wwupFb~1FatN(uh{iy={T`;a{z~2t^YXH9y_^btd0_fKPeg@DF1AZ3p
z*#h`OFy1!6&jEhg0q+L96Y$-@PcPurK)(<0H1IhDcoOs>1Nbc@T;Ny0^rXBeii}W1Nwq5yI-yHk{r?KksRH~E(5VLegD~D2z(XLPTEHiP
zP95NH06Jm7TVcLh0RJ=4Zv(s<#?=n^lYmYq;E#au_5%I_;Ij|#FwhwS{5Q}(1Ne7=
z{y5+fz$XCz0gP)B@CQLYQ-JS7)y-X*{M?w2_zz;(E&@){9uLFBq1^7pR|7yVh
z2J~wHZw5NGfWH{zQwR8aU|zz2zYgfP0RABG(+2oSfVTtwMd-H^@Y4bB1^f%pZy(^l
z2R?@Ye>~910DdXx$vEII1U@GK|0}eg1pFn?ehTm>K>KOHZv}p40I!4gvw%Ma#ybai
z70ly2;2prv0^olId=c;`gT5^Rz7OQN4ETxA?+W0Z(0�N5Xj50Dm>KUkChUfQO#x
z>i-Xc&nmzt0Ivr8T`=An!1qA=TEJfda;^jXH9#i}_}c()0el7cZv%V*=(huY4B(xB
z9|k(TfZq#x(g*k)jB5z+0cf8A{HuVE1AZTjYXb1!!aPm_UIXo?0KX9QWE$`p;ByA>
zPXL`+!1n;3bATTUbmjs79LQ|}@GAjd1pE~s|0TfR1>;=?{C&XZ3gF*?_N#!u5%4v@
zUjXA;2mH-2uF$2f{=Wd|Q~|yP@M^&0K&J-qM?$}~fS&+#>HvQu$Sn-`F)+U^fPW17
zZ3Daw=(hvj1@t=sKLz;g1-u*D_W`~H?S}y01$YMVOM(A!z&{20Fah{i0G|Z>GSG)9
zz&{Q6G~oXL`OEq81e+EBFy2nU`=Q@nz@G(t_5uD97}pTs^MGdnzZ&pyz+*sv
z0`PakxF!L=4BAftek<@l4R{9H&j3CI^k)Ho6Uc22@YA6EJm9Yec`g8cEa=-J;J*ca
zmH=-6d>QZ=;AaK!e}{fo0UrlBuL1s2puZ0Ig)pvAo2&nih4xi|zYyqG1HJ=mJ`H?M0NxAjClQB!rvU#m=)*MNr+|EB0KWppH4FGvKxYo{{m_0M@JZl*
z0q|*PzXi_S7P8HyH
z0G(>U&w+8(0KNcns0I8mw66pFvCuvY_%*<13*ct}KW%_N0Cd^`Z-;Sp0{$GJ-wSvc
z==1^pcHn;q@M{3i0DcqD9|!!ofKLEk1AI;b{%fE=1^6M5!!+P^@IKA}{x_gA3;6SZ
zpEae+|rg72rPvI@N%`7WkIepFNXH*fcHVaoq&H8@Ls@o1N}b0t3Yl;fWIB^4B&SFopHc#gMKFfzX<%6Nx(l3
z^D+haGlBjz;Cq0d8Ngo;^D+zg4ro6I_#WVM9`JtPX94h&fd56nx5B(E0X`4(mjQng
z&{+XI0{pN3f9%~0TpZQiKYlifcOD>wG^l8*5+Mm8+NK7Tnp)AIQWp^o@rD<||MUIK%y(zMi_!W#
zeO|x+>t$chV|dS;Idg7v=FH{H`j+qED~I*I}-#TU<3zU6=S
z#WU5n{1sohP4g|k!57bT-|`21;b;1mZ{;hW{e8=K_oed?-}3docxL&Q|I(MvkZ<{?
zzU8xh%g^>LKiRkZFkii#?puDpFJE(f%hP=6yx6xq;>*`%zU7Db!q@ngAK+VF?_2Kv
zl;-BhUew8ntX};y#`od55EpPXwXQprYxxVH5`;ph35-{mWZ`M%}X`O>+-x4gy|zc0vFe|}X0UzNaDCGb@Vd{qKpmB3de@Kp(X
zRRUj?z*i;kRSA4m0{_pKz`NpEKYpYO0>Qi`b5ej!!PMKH}s#~$ua;AME?^P_`
zFfrpb{FA$rz*Q&oxSE#4arE2*Bn+-!n>Tl8o>YeFa^|$D3brzkW
z-h~dR<%a<_42_O^`JYY?sI%!_^=@>RdUv`_{cXBMJ%eske}}GB??G3nXVRtWJ?SF#
zUUY$aZ#q}K51p;fp)=I`(gF2;^ysHv{`aQ`)bb%Vw14#hbeCE_M27aSmJfKL{j2ln
zMzwsX3hiJ0UAjVj2wkd{4-=vO)rZjq>ci<=wS35B!%((bKGd>dC`0{yI-ov+9{t42
z|15eyT|oD$kEFZQN6~HSqv;lPkZx4}fUZ^lkgiaN=u-7DbdmZ;bb(qXHf|WoRm;RJ
z5NsFT~D{wVZ%943(PzVg
z^<{LaT3*CQ{?)&s3)H`*bJf42v(?pfhWc_kpuU10{m{#Q4LzW)rF+#^(p~C0x=lTo
zZc&HnM)g&6t@>)ZLS0Xnsv~rf`Wm`G-9YE6ucfoqQ948Ydpe-LjvoEM%l|xjK;209
zs;{TJ)Hl#=>Ko}6brapFzKO0?-%MAi=hLO?KhQ<$Khg#2Tj*T%t#r1!na)t(MhDcl
z)1&Wu`CmW}s9We>^`Gc2^`GfB^&NDJdLiAYzLTz1-$hrb7ty8ayXhkJJ#>NkUOHEO
zADyjkr8Cs`(*gAZ^yqtD{uk2&>NdJp{UF_?eu!>UKTNl%+v!I2BXq6$QMy9Cgf3P8
zg)UM*Mi;0br*qX$(Anw^Izzpb4yd1`N8k1G-$@UsyXao^GP+B>oNiOEpj*`4bfbDD
zU90Y)E7Ys#QuR}Gk@{)6K>b%bSN%6STfLgjQ2(6{sGp%nH+cD9Ll3BX>0b4-beH-$
zx=sB&-JaT|SN#&5t?s8Y)GyNk^(*w~sF(kB
z^niMR?p41^cd1{a+tjbqE$TtKQT=baR{aKDp^nj|>LI#F{U%+Y9;S2EZ_(N65jsQt
zHXTsELyxZa^1q%QP><5R>J4<4`dzwB{T|(-exGhse?Zr&Kcp+vV|1zdBf3caFR|Gw?zUna^U
z|7v+b0^@)64s@4#N4iZdA1*-t)tPjoS|*ku|LU*P73yhpsahuTV*IE6CS9Q3na)+q
z2Q!d=wY->$@xOW(I-r&xRzm(qy!=n62h`bguX;DSOT9bYrj{2qkbkxO;0CUL)Zd|N
z)iRL-*FS2Rh>ZGI?@1S__o55bd(*kf3DkZOxLQvOIN55p-a{Bp)}OLT3+Nt`&S=M=c>O)XRGt+
z47E%=NBdVFL5~i5`JY7(sO1Gkw12gH&=&buA4RvRkEUDHLAp`>1G-lIL%KpO6M<0w
z>SO34wM?i){?#&Z1=s)TLR*VeFEL3K9O!y
z|AcN)7t@XEpVGDJljsWd$#kjuXLOPJ=X8NuCL|&M>Qm`#bqSrJmJeQ{{?)&rM~A%p
zpH2^`OX*&W?tiGyqFdBubfa1(4x#^3pF>xu=g_6I>rldO%%4_o{zMcd6xrcF4cFl5SDUL^2%zYI$)R`Bz^`
zSEw(eOVz)oi`2iN3)H`*bJf42v(?pfhWc_kpuU10eZ$Lt4LzW)rF+#^(p~C0x=lTo
zZc&HnM)g&6t@>)ZLS0Xnsv~rf`Wm`G-9YE6ucfoqQ948Ydpe-LjvoEDm;ZV6fVz?H
zRbNkcsc)d$)Hl*C>L$8TeG^@)zL~C2&!45qHdh~TK|BLAXbsOEQevs}`KSZ~wAEsN>?R2C15xQ3WC|#jmLYJ!l
zLKmqYqYKoJ)4A#==xlWdouOVz2h>l}qpx}S@1zIRU39N{8QrB`PPeI7&@Jk2x>3E7
zu2uKY73x)Vsro6pNc}Wjp#CeJtNt6EtzJ!MsQ*p})X&hPuX_1kLl3BX>0b4-beH-$
zx=sB&-JaT|SN#&5t?s8Y)GyNk^(*w~fS3Pu
z^niMR?p41^cd1{a+tjbqE$TtKQT=baR{aKDp^nj|>LI#F{U%+Y9;S2EZ_(N65jsQt
zHXTsELyxZW^1q%QP><5R>J4<4`dzwB{T|(-exGhse?Zr&Kcp+vV|1zdBf3caF2!uUtM
zC0(JGiDVf6tGA|$)bgPijQ`c!(z$B+U;xH{YWaa(jQ`d0p>vFX)iUuBtaZH@Zu`JKd(1i8#3aRm+Dck$?4f=vwt2
zbcK2*U8SO34
z^^fQR^|5rW`ZzjUEfYSGfA#TnK>cHS^hGcKv*`hK5#6gkf$mbDNVlnfLbs@k=|=TW
z>00$kbcOn4x>Wr$x=1ZQl!5lIK84OzpGs$|<-@DUzgm813H_h?7xd^qz5Jg}52#D&
zUiBGtm-fRI7pTvtbJZ8n+3IpSLwz9~
zP+vrkuJ!US6XnqU)fIHFT0Z27_OF(S=eYh?%ZDM*{?%15OI=5|sprxy>M-4?
zzKX6@Urkr2>*-Q;gf3EFLl>wU=v?)+bhbK5XQ+Qq2h`WmqyO;oKaU*+4_
z4Ro9OM!H4aL^rB$qHEPR(-rFZbgB9ebdmaxbb00$&bcK2mU8=sDE>hn^7pU*0bJh3J+3Hq0
zLw!FTP(MJAKJVp!F+HGeqkGj4(p~C@=r;Akbc?#3Zd5-)*Qy_-E7VKqQuSZxBK2c*
zf%K?j6
zy^1bXKSdX*pQa1cf2DKPf1|V2tLY5&-|2w*8G7_tFaK-k0d+6ktA3X5Qa?wxsh_7?
z)O~cL`X6+y`USc|y_POj|C26KzepFT|3&AjU!t?s{d9)R0J5^=ovS`gOWRJxDjI|4rAb-=HhhF}hSeL>H;wqzlx;bgud>I$J$LXQ(X-7pXs{3)G*`x#~~p
zZ1p&uq25Rb)D!gRGhY5vHk0wifLcBTkLQ1C`G5q*KkCisHnsd<6~;g6RJu{U1zoF_
zA2!DLN4*tYs@|F|Qg1^SsJEqa)!Wh8>NGk-y*(XJ%MZBY`v31<{-@Fd>I}M9Egup`
z{?$9uZR(xq7Pb6P5w3sL@NII$NDZ
zXQ+3f1L|Gr(bZo5r_%%KY`Ryy8{MVeoo-Xhhwo7T>KSyS`a5*3T0T&N`d81SOVxYQ
zMe4oi0`=Z>u3A25iu)hx96Ce2FC9?tN00u^%m4oLfLeZ#0PSCW0NtfNkZw~SM7OB(
z=tlLybglZkbcI@eumbh3K9nv}A4V6b52th0@&PF1Uo9U(!u6k8ejo_ff9fOX(Z726
zpG6O-3+P_;k#v{(D7sC3G~J>O(v52Qp*6IB^$+O^wfvwY@~@T;%A@_O<%3wb{!t%G
z=c?rcRmi`(kj_vaPY2XLrbnOl@;{p%P#4j?>J#WLwR~^|*MDmHVK}sZwR}Jm$G`fg
zbglX%xWU8I%|DkA@C`7jgi|EN!;v(+VZhFX5;2=%X)54@rOd&
  • GXiQ
zlP@hldsxP3k)#Y@C
z`a(LOzK9-O<>g;K)QIz+x`OUi|B~)fUqZL3E9n+>72T-*6ol&(-;MwhDP!=PyY
z>fg`>>fh42>fh1X>S{VeeK{RaUqO%dc=@lP2h_E6ulh>5OI=5|sprxy>M-4?zKX6@
zUrkr2>*-Q;gf3EFLl>wU=v?)+bhbK5XQ+Qq2h`Wmqbt4q&!Y#_jdZX2db&$}1Kp;+
zk#12p(T(bx=vwv7bcK38U8?>AU8MdaU7)^&&Q;$^XRDj(4E1evKz%zs+U@0k0X?8@
zp?lSTqPx_8rrXqa&@JkPbffxCx>kJ`U7=n?m#Xiki`4hf1?qe0T=ji)wz`$hP~T4n
z)DO_3E4=(KrU%q*bg%kBx=Z~K-KKt+Zc(?>jp|3}TJ@uJg?b5Hs{RXIq<)MpP(M!R
zs-K{<)g5$(dMO=HKS_@+_wwIK52(B7UiC7%OTC<}?x8ExtLReo
zQ*@E~X}UoDS2|byH#%Frn$A%FoerpBy{XE^G?xP#k
z|DbEtFVGe0wREZapLCJ>MY=%!FFIHK5}mE?r!&+q(*gA>^k|ot|8?|$dVua#ze;zh
zU!&X9uhT8+LAp`>Z@O0f23?_!(WUAkx=8&dU7#MObJcIr+3FEGL;W@#P`^Wuc6#|=
zPY0b2)x=Z~o-KKtzZc)EaH>y9NYt0Gt^a3;q8YWX2qT>q%$2dyyvRm%?>VEnt(%l}k*K%GJNs&}Bf
z)H~8`>YeBobtc`Y{u*7Y{yJTuo<^6dzd;wNO&XRGCh#gTut{NNw*
zua*y5BmW&<{^f&;82_rX>0b42beCFwNEG9LwfxW~>R&BC9F6h6`a5*3dJnonEgxvd
z^`ClAx=1ZQREhkn_oj2z`_S3y96Ce2FC9?tM~^
zd-K9cTI%LiYPfA!IHi#kX*s((P&s((mVs6%wA`WU)M{Uf?SEkEdp
z>tFS8bhcVP)QtA8KAsM!e@u@)=H-7jJ)kb4d(|h#{+6S_rROgF0K2aD1F
zspSWCaQ{nvGF__v8C|6QIbEPWh0ax%4QlCc`sO5(eQ2*)+=xlX4ouQTw{G$I;
zUqp{C@$xS}5QO7jT|xJ%Z|Bl_0@ER
zx}GjoN9ZE;HFSZxfzDN5OJ}R2bcXu(bU=L_J^F~3|9SL)x{>ZxUr%?bZ=l=MH_|QY
zCc0656J4vmnXXXJr%Tm;po`Rhqzlxy(7Ebc>1=f~ouR&s4ybRZN87#pFQ5n1Ep)H?
zPjr|1&vcvm4!T9XkZx4pN!P0HqAS#k=u-9FbdmZVxh;~e7|
z##zRh#%ac>#^ZRUC!zk0M~nxJ`;GgIR~vU5cNn)Dw;C@rZZ>W*jv9xJtBtFS%ZeZulX28IY+P+zWn6AtW?W)iY+Ps@
zG|o59GtM!dVVq^0X`E)9YCMitf)ncBc*J
z4&!#?R^x@n&Bjf}QRA?2wQ-ekxpA3siE*)Up>fbS-#E`W$9RTumT{(WnsKV}IHn9F
z)W7kF@t|?Pai8&O<8I>)<96d#s#g~rXsO~z54&!#?R^x@n&Bjf}QRA?2wQ-ekxpA3siE*)Up>fbS-#E`W$9RTumT{(W
znsKV}IHnvX)W7kF@t|?Pai8&O<8I>)<96d#s#g~rXsO~z5<
zuyM64&!#?R^x@n&Bjf}QRA?2wQ-ekxpA3siE*)Up>fbS-#E`W
z$9RTumT{(WnsKV}I6hgBQ2)jw#)HQF#(l=Cjk}FIjN6S{jTag>8#ft8jl;&(##P4U
z#%0DO#>K{k#zEtJ<2>UW;~BBB7aJEE2aWTM^Ne$hXBcN0XBwv&ry7srlO_rEZ#-f=
zXxwkyXS~|D+qlEH-MH0wp>eZulX28IY+P+zWn6AtW?W)iY+Ps@G|o59GtM!dVVq^0
zX`E)9YCMil+$7Y$@rd!Daldh&@oM94;|}9?<5uH^#?8h}#!=(2akX)kak+7safxxU
zaiMY0INvzWILCN~ah7qWahh?e@i;ztlu-Z1BgTWq{lkCC0_Zg~mbSeB(Uh9OD_rS;m>hX~wC>IBZ;PTxDEtTxMKiTx?uu95l{1
z&NI$2o?)D2oN1h9oN7G&u&ICJ5#vGQe&asl)yCb%9meg(t;P$Dn~j@{qsC$5YU3*7
za^o`N660dyLgS!uzHy#$j`0lREaOb$G~-m`@rO+P8;=+d8uuIb8Lu|(HtsNPH*Pgv
zXxwbvWE?dP8&?}w8J8QE8J8Fr8y6Y}jq{E3jB|`<7-t!08mAej8jn9{>fd<8c+j}t
zxX*aCakp`Yal3J=@j~Nf<0j*%aoD)pxXQTPxXif3xY)SRIB1-2oM)V4Ji|E4IMX=I
zIMsN(&D6i~i1DCtzj2@OYU6I>4&!#?R^x@n&Bjf}QRA?2wQ-ekxpA3siE*)Up>fbS
z-#E`W$9RTumT{(WnsKV}_+nH4#v{gq#{I^9#;c9HjXR9nja!Wu8aEp^8Apx7#?{7E
z#^uIk#wEtZ#)ZZ~<9y>h;~e7|##zRh#%ac>#^Vo|`Zpdi9yIPZ?lWF(+-=-p+-}@z
zywJGWxXCzb95${tt}-q+E;BAME;cSS4jShh=Nac1&oIt1&NNOlPBk9C-_*b7P&7Y)
zu%T$`$5<3PbgVKn)R4Nd9)E{BE4Q9lm%eLF3jVj;{TJbTC15n~Y58Z*jiJc;P}kc>
zgu2Ey3k6n&dN)??gb4cF2)3G7cQ&s(z3tyk-{s?){3dLhQnhz+s4oA_tMO+jGFZ7?
zs3HGsERTHy-~Ec6H8C-fV|eid3(SR6T!IsA2ON
zGm+F#BpA!>3^fGTh9W(&WB)xdQCI!^6_@TKOXQch5uhjb-r&Rp7f9x0!HF9uCK`&L
zub(<3zgAvb{rtq1DJhr!jA8I|Jq+_CHfjhyU$^dvx>YrivpYM)#(QDcCmik2{Lq?yN3zv;dhJ$Wxzd@OtJ@W?``hp-X11N#P9tzk=l=Q0~ll@Ei;LB@F$n&o!XVpvOO#fbxRbN89w5IxlAR)dWUJbnZ
zsjt9xs9U#X-KzB_txvi^hIf%_4>@b4vR2|#`k@Hxx8Xgs1tdLoR_H*d{wq^sU;C$1
zyP>)jGfyd5K2J86_JXD|hOlERQv&>FRv=|w$#Pv=_tsQ@D;h&9iUvQB9p>S;yV4)U
z-wnlM*wIdGXxLHf+KGv$eDQyF4DaICuT};>NLd;DFfdt6XEG*DiX=2rwO&#gIy|`k
zl5fjj>5rs*Z=1?(y+6~cwv=D4PZ{1WR2Liz3_rUBNQvi1j*e-_ats^9Bp27=3#9zJ
zu5-5dh;^=07hpqKlJ%Oqq^G76i{yXYpr>Y)Badqmxi*pO{7j8O5_#vV5_w51wnzWO
z#MzO$t&n($ePzuy%*HA4T8@Qus~7Rve5N6Ffg8^%Z;6|Y`j00jhPU)@jGgT+ft)5X
zX9NDMTQSYw65?eOsanVAvCT#JLMi`tBi{8DyX)}*cgcUFd=_|-Hx#c+e{_elBlBzt
z`Hllt==YZ+IZh_)M)9YUNo_=RZ|%?Omn=q#*G5*=2cKvDqVrgm4M8kl8H&6Rd;bBO
z)7S8|Ui75W0#O-W(KoZ(EM6Z9tieh&$ZAAbxK<8}Py?H5tRRAxi}HUk;mDBkJ{gHw
zf>ym4iCH9xxx;_7NuM1JcFMLlOS_B~c4FU)(PSkdf0yMG@8T$Yr0@>xZc!*&CF>Di
zPwX6gSv9hJp11iTd}tqqf|iCu^;^!NIwRhPxI4KLq1>|j;d-2LUPV`k0z5gfmDIj9
zpRKOC9tp1rMVc;Sa-tXGpQ9t4_2CQfhs{Pqus;2f8mYXx^?|vam0PZ4Flp@dNIRmL
z*D0}*ZjAHf0Fx!@k2Fb~_4DMQaDv1`N9M_a$E7_rzJsnl)Kjw#Yvg}i>l{AOyvs_b
zq(~9{1cw|~xJ`Q}^zSs*)uY`x3EkdXGy}g?Hv9_J&?I?9l`RNG@&A#3NObKVPE7Qq
zK69s>65Ksv>FtQ9K6pFBN#2~W=f<2}p-3c4D39rkSdZ|N-}LtH_GhW=$PjQh28`CT
z2WbdPLgcqNkt4Q;^e&BgYsQ>Dw~fhRNJ(e)kQa4U$k|?&?txz-a%;xvKy`;zJ;4QO
zPL5DZ!A01}sqo-pw65D^c0S!H;OAcAViXeFW&K|e3rqf+@5>6O
zVQ-J00Py13ux4U{`5fLn{Sg#eL!mU+?VRR%*zkc~f97ub+>`!J&P~hxh{HSnN6?0M
z!D%W~yF!{Qnz7dpoEY+2amO5#plPiQsoO2wEG7R9RORLSA#teUo>&;Mu^MIX(Y(ul
z;bijde=+@?668w!oKZvSnmaa2sp||xQhV?Rwx|g;gk>jg-IrtZwK9AK7T|=-74cTE
zyBAa&!jI8XCa;%cy|CEvq4*uOP^8OS!mVZeg3?A`_Dt*}d}lvlB{EQPnv;RT7iCye
zQ#ZDC`qkxVG7;o%r!Y5;rmjbzhRvsh=7*x0ugeC3HQ%3Dmz=2(YO$V~8VbuXnw0BD
z@ugcgz*&<9_y9iz<_0)w(g1nr&D{XIF+gyE4qeZcp580vp4eXaS+!7PS%@{q&U`I?
zXwhL$?4?B$6GN{^;b8qzr<8hP-${((4J0QqiY8wae~>6{wNadiuNnJNaYs@VC-|cH
zDWVuY)l1XNVM(9#Cv05DlsI+MD1$aBOCCXNEP4?2A;G>LekDGo@5OcxepYa})J;mf
zbsg$12{pJ~rrRv%Nw4XxLu(pFUl3|&n!`4GpzCG{FOVNd0F*&T+uXEdk##t1-0rcMXH3f(@q
zz9FSv~e~N6HWnO;S!uLp$nPIV}!tu9Sjs;*q%li@=|}3<({&tTKqG
z#4;ShWf9s&P4&d|${q0Ett+>~f72?rz<;-?`j#(XC^}oN`%v&~WWx(^@#nub#EPnQ
zk>Zz}O}r7Ax0}$O%Nl|&;p}kevg$3JGxr5p5D9+T5d1Vcdm>W&X}B}JsS`&?t{a1-
z4lA)uU`_fXxHs@==*(4Ew=NV|g;XE1ta61D5zd90Q)efEWnAQ>lttrDYu#JU5fm?k
z5IQUwk~>@V#5P+jwf^qP;D(f%>Ua05l6ql_+Xj7ceQ?8YCKm5kmF_M6Gsf#!jLO>J
zRu)q>^aQdXVYFvWpL+)u^#tF;f4K&=z&;iCi)J!5*K$qZbP#g7nf$!|eWoqj*~~lg
zz0KZP|5=-DiQUT)=-aNL@I73CX!egrFKil=T!Mtqs#c+v(K!|`F#{n)hE+YWZ^(s!
zTv_ZbgEpxKEas?pR~h~^$Wqjx)Z*d6C6zp^*s>zHY?G$=N=@}EX;nEIVygVbYxk;D
zT&b^)k$gKR@^ObExiTo5}*|*{Ys)_U0Wg(n0a+5&fduk$C;$_qK^2_@not
zC^wro9GGVgjCg*zne-yKOSOMZ^@saiek}fb=oM~nD+jc1r@lYE{a+&8%$R#L$o;Be
z=hCV^_~Gyah-%;T@Qr%h{*R*jZ=|lQavMY&Ob@^Izm~?m*#2^%7r~VeL%E&8zvQ+~
zv}wBRpur8w&U?2PCMM=~rqA6O1DciLOso$yge8~^TK7wTgo}8Vs>+@;f`NY^&kQxZ
z(jPoMyaK~NFRm$7Uq_#Wj4yIIoo&RoAna+Q=ODeoM
zXp=ih8nE-jUXrXgkH_yuo5`5m+%^=5zS&Ni
z-$L8+j*dyHy&Bi5zG~lv$#&Y&6ggVGL$xP%)O?|HpnQlkT+;P*mmDOI;y>On$UW0P
zjllj(S~k*!9awmp3ArFKq?X=g5;)fcz9ccQljh?kq&``QC;qCN6P7!<$VCk9=;8w$
z`LRaHaP11|@g~2g%)4=+NV^5lG1)9(paA}L63N<*{!6+J2t;Ue9rC-(Rf)YZ$<
zuxokDI`>E2)HS#_v!&0%|2s!$gtrIW+b`%(&~em?TBUF~gkI*@gK9D>S
z&vS5uO6roc@dI25J8?Dy7f63DM}kIHB}anE_)fZo90}Nl2Q&WNJn>+z4_|^*B*eCL
zO@}N?sVqZtuE1YX7(ZEyf1^#LbCmz7&^clrlR+l$cFB!l=eCyjl=XPjtnYAnN6v5Y
zIM?9W$8ZKyw|RQ_+>LHkh1`BL(3Eu4RGu(=tZCP`AWnZ1_7Z%FL>_P2PJ6%qM#;@u
z$pb7sS9cS{LA-Rw`#JiA6Zn$goHsgMOV%9M@=Chnt?wEc)Zo)dXyyfH4*oI}$
zij_UF(;kuiOVh^VB{uEtkODSPXIW2dTO`r+6_p7ieQeni8@xd?avsihu~f-O-HJne
zBYnxmWyr;RTo=v5by2;|Nkb3=_*q+FIJ_9?TPzoFIT+8>2k)t=z9*$pF69;n_~+D6
zL+ZQdY=#qBN(eW@hjE`Hb#K=Zxmd#gKeqaB&i_Imz8Z?G33bIbL(Ho}JwaY)BaG~A
zYUohxsgBpv*rz*?mVMU;@2#o6cfZRqoV@qY%W+quxE{rdZGy-EM+5XzyuU6j@b9VWz=kRWLhZzp7g;4K?0OT)Ln_xzkw<-j&d{D+
zp~%yrL;vxs$##7euEgA%W5r7nw~OGW$$b(BE)9p|pPU;Q*(YxmS`
zuyfQKZtDb>TzU}7b%`$>g~^fJovA21-
zO*qCYb$Duz@!vcsN%J4$GqL-GV|)*!@AHrGKs*;$J&Rn(?@uNjqVfkg@5)XcL!4^S=E<=PY%Qd%4AxQ7261)?CTX
z<#jnTG&HdoqV2OJSVLIKR3FhCfHNS^Wnr$xQ97LmkF!HC!y$JJPI1U01Ydgyhf)Z;
z@Rk4Bq4W!v$?^Ux=c0~b8^Tg~ZdqkqZ`tu}GJD6i#2`I|?o;*kW@RB
z3D3g0#g^E@S0v7+4`NfdqAo>aj_n{7=iJ=Wd;DMQoG(YYd+y&8&2J5Etxu6W#9wLn
zn)K&h7@YBOa$D>g$1QKfFM$`!IVF8=mGnUNY%YU{-O}gcrmCF8PE8Mg*9(Phs!qen
zLEbpHPYPuWXIB*QeJrGCUgRj}kS&$*cSA9**!ac)h5`SS(Dyv=9*0h`+;Y2Y>_l|M
zVw^VLl51R>ntM5B7^_OZt{AK9#!jtH$0N1ML+i%&tNhVWfh>!iS~vEM^sDpmcfv!q
z!;l>BsrkN=H0P-~3Tx?Z(pe!%Cm{_(=Q{hXU%H>Wv_O`g=q)|fUAng{&G(i%{bf%q
zQG+e>d-w1-{4e-bA?mU#|pxMqNA0$kFeO;sHb5k!{z=O
z{m$RGfmfq16gV~Nyq}j;qib;r@?9l7g;Rl7qpdi+hO_YS;2znxlbRu{AG#d9!8{&j
zNuAyAk^G^#_>cBAPD`o4cK)M^ZSOc9zZhEe#IkWpH=BH4l7byz?Pkeqr%x8)C#|~4
z8r=VgoiBHWlE)sGp>JB`J+TNy3g;ac2_}!w@m3c5CV3c9wE#u1$gQ(XT#F~vS)8+E;tq@^s`x^bS%v^r5sq?f{K2gl9v@Ok^9m+Bg+g
z?31pj@?QMZ_m)mT`+edw%3^DbCvY2bCgQ4ZNa!(^F(z{=|$4+zj1%O>|xg
z9%#$@$kgF7HuB*!on33DFX4@!VlUJ09pPm9B^h)jXL<%smA*`W4d*Ja^gc#%hEpeN
znw90lXPXArk6Ri3Hp%i|f*9OZ7saW@Y;w6mr=gj*)FM7T3HOmupZHl>2-_Tk8CK$y5N|5{=^w6F&G5@msGexooB(p^_8b{mAv#4DPGTeNbl5Czmrxa
z@9v24bXe|Utw+O)N7|6$yd|>==Yl&Be4DDH59^-W*CkB+%M$3^>i|N)8W#(qwg>%7sp(vG{ud@{E*s{~{eTCnN>!)A5f#X3lL2
zJ1cu)7f808XNFEU;64lGg;=_rM-o=bqXsuU&*Fx9$a{e2-|8cr8|6W1ST0E7&pe(D
z%ckK&B!&j}AH1L^H=`Sz=abHTji;TFFNQ(#oG!2J5T}=a4u?MiccNObDzll3d21me
z-5D=4-CQy4N68u6y()a+dj8FB>aWhY9?N`t{F!er4YLlx>n!PWua(xPrEmx~Go`SC_kJWjEQN<~btfraE!S-E
zQfT2~mO@>ftdWate<|eq($w3?ZCMK4&fhGBzwmFj2JyV{CJY$1z-iH(%dST-|LKqM
zRGWp2aE>gz*ld2H3CYdBFAINQLhd0U!p48ZP
z<<^lKymo~gF1|Y(USI8-)bY373M??39CxnS$04v&!o
z2d60X!f&Ayi3IWD8UDiiXShL*SJ2`o+09K5}z8yp!fwdGijw#OxVKi+h*pOU<5<6eI08mHZE8&m6X|bJ%`O4nv8|
zt)jEH{=rJ6=(00&7Qf`X+iZpoFjyibyAARN*eGWGie6RqqjS|
z!#jF%w*wb*<$NkQwXzKVVyJW)`V>x1Sg|(I;hzRb#Umi-{};fD-pj_By!Tu
z`|aLNNe#yPa0rz)P@_NoB@0jf=-sc
z*DK|o*sqb0#9Qt?&h3{4axVF6B~ppZr-U$C(kJzqiBTM!6vbR$6!j9t8>q8{D2}``
zAr`3{kwBetBB|0aH@WPCu#3+sU}J_IT0mk`&zqzUVHN=$>K!!*-00
zZF@wHmR;(_;a&gDj>qb}MeDDOF=@~7o!(syM*NRZK17+}wttWn`tdK(Pw3pLzj53t
zJw1=wkv*Jdo+l?P4n^hOBvYpsz`w>J8HvxHJ@0A>>coA#-2b@9-5`Dj_@Z;G-uazm
z#6P#njjF-zExc?xy~StEv^o-nICKd9V|vKWs}g%i7RN0&OKIT>x+iw=!~RZ{Ygbq3
z+7pu3J`i7fQ1aTw_}Z@}ue~I`b_`FR;z{Lxi{oowOkVrl_}V9u*M1|u_O^tzos!AN
zaara+O>lQN;Tpg#g!8dUYzx$5{4^nHc;|>Wk1#C3MIe&~bUsn*J?4xc98dn~`;-
zbZi)#_oU#Dlpzd%T*@q_p>HeY1+1Y=rGG}&UbqmGIaeQ|C?vgT_EViw*~N+3AGiYp
zD+&Cx6BzqV=kbqhqHfZq)5hBSbgegiOFQ0g{R(}?weGHTisu$sifWL_Ifzm=8k(bV
zcoW2sFqv`YoH#MSP*m^1+%f&ed+n&E1eKZt=tuzlW1aKE0C-rQ$H&
z*v!qwUopHyVusI`xn#p-ZjHDZcej;^XR^X8f+uG>$-BH#K9;8CZUa8Ech~
zeb&HplQY)xKXbFspRx8J#$3FBGWQGS;C{g(+%G`KzKOY8PEI+`>M5M_AA1Q$DvqMO
z-EbsC^M8qdVge)+juCAy#g+1xF;KK;zOTaoqkL3w_G?nx(b)l|QpQYkM+%0l;nz*wbpf&7Zl
zF?c6hz8T~M&{;{&CI2waDql?i;~53V%Gm#4&KstF{XabcjQx%O*^@gf@e9rZy8;)_
zNwdJt!@^C?0`s1je8GL}JlQ_B@bi!g?ApR``Y8$wMf*iM7;;l)iD
z>&hdPuVJjXGWc
zcET-jJKBTYxn>`*=f*RNXx=&BaK=VQHQ~mGo2FDuPvpg6G$AE?E^&Cdo6_{TBk1AX
zeCk}Ym(G@p$Dx~isoEkvoF)5n3J(LlbdFNf=WfYVaK@RAf49Tct3HLAWcSS7bH?OY5t-*pPkTjei
znI>rot!H9k-KT-{Fn&N8E1G5{)$L&$)
zJYV2;d79}x>|+{snC_%uXQly*5W@pC2&L7w1FKEueCkoK3mSuSD*}6T=4VXa?k;92
zvrXkawyU$JTxa~TfM52CX5RBnSWu~EtintRP{q5$T7+!e6u#2Zr-}Pa6&&0Pd
z6&Hz^6eLTX)+v)PrSi0OE=Nnkfl)1ekX!IxIkG9r{Q|cK@FrnSsm${JOsm|%`!jvg
z#`T`02dR4r<&XGD9szmJqBvyDk@DEmt8(7;NoZWV%S$2gyFQh2bsi0S(H38Ya_z*i
zu`>Jt_JrQ+bhdP-_mV|!+Pys_
zahE9ZlRihFvWDaZSG{|qiM$cp4h^F~bd}RwzlV5yw_h~;PT2d9yoF=JZ}%DDU&lkh
zp@!t}FQN4f|0*5{TYZl#ER8ShlpH-M3*!^Iv?{Mb%)ure{PM(Ug_Y8SU{CQGkF~#$=KUEn9uGn`d@~-?KYzyK6y3s|@t7vl
zm%sds$1`q6eiCLpF5b!Mc~(VbjrX+Cx!H_Ue~L7u`|vErcg&8+SGO3X#xF28$;G8GyY^cAL$^NBjE>+t_>!lT^(
zANo0ZoB#U>k3rcrKdUG61rsJpPCnsr@;QocpXW6foj7nT4<2Wl?D$S>!)wFDIf|vjKaZbB&|dLwtPR-ha_}Z0N8!NqnE%r;zLhP2qDEYX%4X268kGr3oAqn>%cYi{MoN(N=
zob*MGyWb*|TLLMPi(3#)(sB1co`v|nJSA<|^gKUr0@z0-2pgZkc#S-S`^;I0*Wxk|
zy?F90#E0a<%+5mG9>pxzwU{s=S54m3wUfR;>b&W1r#PvbzLERo(rDgo+dF5D`Vfr*u`YC
z5Z6bTW`<3eg?KYpXmQLb)|RBR5RX1fw$)jPso1UQ(>FN_vHLgJ+&NAC5qD1YNYY$B
zj1!OV&Bhs-$wjyf`@Lx
zVKEm4i}UK2n1y%^x>_9CIGrZULi{tDLc*baBm?omH7~GU#RU#d!Sf}RXP+jik)s{s
zXP#vrMn1ix9m{%R51lBxaR&A0$cQiT;$V_lh_%?lmvv{;eXyyU?@=`7*tJq||D{=o
z^Q6cAKbwX4OCFm#3vsh;okR9tGA2%*h4^jsI=*pU<~a!E&O-bM_c8w0XCcl>k3Shc
z6@TlK;rJ}X-m|gaq*;iM%hIG-hzn(D(k#U5WNFeY#9zzOq*;h(%F<7ypTsL}It#H-
zmJWJL`LGmi@4K?}8TP54IScV2J(YddEX3hkrHti3(ZR&VY8HE^H1O-ucPGw5TyO(7
z@Ma+vZSB(1in9<`Rv}4F
z_je0!YiRf99CJ&gZ*|sIC$IhEWD!=yBm5CIi4DqKr~ma?h|i!CbowZ_&i*%NA->9+
zBRU~(=dGODJGO?khr4WY&j;^7Iw9w=xKaScAkv++)P*E-o+Q5g?JJ+^tVaQLOcL5
zxUFtWq{_6(Z%?+##4mM|=W%w5U4)YV(yb0>He7u9XR0R8LR>26!1yf0>$Y%;YmdvZ
zIJvkk#zEjKu2NnjI5X~oNV)gsNWJr}#Q$GsA>PAh06H`C@l>Zwc9gC%xlB$)N8u}z
zLfpAR6XMjtT-;dr&u1ZSix~WEiBbJqZi6^I*yFf#Gi_<@FDBXKq4*~C*d(^Qw5`c|
zFbsh{cNXFu(whIHS%}Myl`Z5h%A~Up>o8nMn1#6PDwHG!RhyoLcq>A=CDDfAP3$-n
zvYRb^yZMXFLYyLZhm&R@eu_(Kr%RrO#IFjOS%}dRc^&u*%tAa10r|8Xg_bZ2@fOs}
zQ~&ua#P?8r39}IEP`rupO!a2A$l3gPj{Uxxg@{Rt|MgjjbI?sE&qC}D*jb3{WZ>k^
zLOl8!`8#PAVk=I=UXalX@b_oG^}<<*t0j!nG5jfl!y*4dZewR5{-?7B5B{}8<2)GQ
zp*TFqd;VGm60iG0yx@j-1y7Wu1U^KsTpt|p
zh3Ilabhsh<7~)l5h*memEpCX17~-`j_s8>$*dx56U5-~<|AijsCAnqwN~}mms4{}`
z{R~azcbuDb$3#{vl`SRQQ`q>p$T~^bg}6Br+gff()vegyJd<^Pk8M$MJ>!zGCw7)>
z6b(Kpe_tlIc%sEmvYSKwZOnL{?sYAwB*=+&FJJ&9w>
z#Y)Ft8!zjNRI7g9GYHxd+>yK3^(~=d#r|uc#`4pMzkB-?#Z#u
z^Tl?SFSZb3OFWyT&&A!Alp!=-`+mnh*v@|%W7Tab$#F(;FX2vwcXn_`4IkkYlC;V5
zXXqw(CvUQHvQ1jzoBS$ylN%=6^3eH-LoMl0%!TBc=#t=su{9@_E+I|`T
zd&b8M#oa~uRgQUXmwdj{4TJdogewp#;=H5O6Gryr<59SW#6Lrab47ZcT(yT9nq)P0
z<;C-^vn@^wnt=7+V{{=|=*QxA|E=`xjo@OxgIloWW2Gm1k(_K|5#ltNmwgI<5gHs>|Dg;9_??VUynuP
zlBsruvw)%hb6_Z$QQ%!ycpP$5anN`Se-PK
zxiO3#ZPReJFNVWx43T&Yv)mXSNs8gyz8J>7>*m5s!w=&zq`NUxCdKfoTn_NHo1WMs
zUJU5aIkriS$MEL+PDvh+6vF~v43##9<+K*5g0%hRm8@fv|2PJqD*ev-ZyT+P#z4*2mYTC9gd%zV@BV
zl43qCzP2}c?Y{A~4<)ai8ec2FGhouZAy0F3Db~hzz#TgD%<{>1J?1uf6nS;OHTre8
z=6>_8Q}+iSDRKLcqC4dIw%d9xlRf*7q8=HkJ9Qs&V|cH?#&Cu&hJ(Eryt)s^W7x@!
z;lZRBru$-e?;tk~UJOUYW9Y|^t;o@SaZ(H~ODFB-;z1ijARfaKH->$aVz|{8!^Jj+
zCuIQdl*83-3~$Y{lYg?1oZWCX7UGmzuFa&T*qXKJV+x-l-uR+$n6+>ZSYS7G$
z61sgl|7n`Wf1*?IPtsX7d@)z{#2QMm32vPV@%*hWhUW-~3Ln^XmdP(2^u!i=)$4A@
zAvW5Iq~yb@6K0s
z3nqFaGGoAv65n4wobfS3Nca9SQouNfJH+q9AiMT<#mU1(TG<-S5=7%0RB4Xa;f(8F
z?nOLP%F$`@(O;sDXPyMtu8=zQeFw~Z0|(W7`ots^8?0e{p{<}JTp)jcLx%M7mAVG!
zHg`ii`WIQtkPQdPi`Q3R3Fd#uKhD#nGrXj&s=DZJP
z_H>~Xkn&~DqqN8i8}1Lu?~lkQ*8{%uHU_^_84sqfI!~WN_)7}r)SsI>o*MNm`Dg(u
z024SFR_@{I-}3NpEYve=x`eSQtF0cx&AF6Ir!K+W#1!YJ#XqbX!-uV~G{xksA@!Jm
z-Xcblrux5m=})($_BLs$*z;0Jn=Ht}^|Ei2@8mHx{fozV>JcW!zv8+r{yE7F=~Gib
z!hGI%qGicDT%w~Qo67oMm@@U1KDwD{lJNIV`}{D|3qC*0eP1A+wK&@*+|_0sr}j?Z
z8If~qev{>{Un-j?XKktX)CF$wU+yh&zw37SDQ*bl@Kuzof3GrjoQVpGMb={`{#tL!
zH9}6qH9C&>zr@oMa~~C?KT`a9JumBGZc5j>?;rjI+a!HYZ@8u;}<+nIj@Kxh2p{e>1UFj
ze^1(?^EZC6x-zJ^DilmFxQoFvU#
zPnzagNOQu?6z2<{XzudaW!BIB&JN`W@D`01Iy;b8KJ+WTi!iME>^i)sWK(NTJv6zr
zrXguD9OUa{_62snPMXhhNsRL#D25|*9%^A)!f40sowyzPCv*--IJZY!_nsSlD{#y?Nk0x{
z47L2{!rNH2k%IKTdmplHu>RI+>Mi51AzkbLhuAoYvY
zEXCnd-K7n3Jj!AoVwK;$N*0H{-cgNcqx9Z)8dqFLVujYOE^T4c!_JzBR@bF
z_@DI2KSei}d>)bUoavKGc&j6+Pu{{w>U=4p7Y}ioX+pZIjzLsO=aDbaC%+|E|ITrM
z1BoU47detqjtR%XPS}C3&b<-rm*`QhamVcFeKy^r6gk7@q^2*8F}X)M5d+`Ew*PrO
zO0E>@7wA#$-t7zZDA!BJo7kgVgsdi&`+RUV3&*K2wBTh
zGvD#Zk{2ap2Ce+~18)Z)MbScx)AUSmj|^wzcNd)Vwj5Ua6BxV5Il68|$XqozR6Q>Dbrf_J+50
zLuf0fMpE1k^C6trxCF_51A{{(GpWJ2Ib4N!J~J2m4M#bRq`1HE)HRl>J9YNy^w1AF
zT`SsYPwdW_CPqDnxDCc1oBzIrgwsAJg+q|8S5q-LDSknYGTa}HWUZWe{AV5KN^UK-
zS>qlmr^~4=f>Bx&KVuTrvDIIkbI^KwC6wMAP@)iR059cme>OiLL{>x^p|q>MHH@ArA$_nh}V
z=iJF8`ul%A|G&>i=AQFz&-?7p^Df6m%YdH-4&VD`s7>JMW};`@TF%?Zq)g-wVT*X6
z_nQjY&b$=6@ND5u!!1r=IN|)>z>E?G^vua)
z5N)SZLw=Xi*1{Mlb_K1<@*vQ0Ld@^?BuUXTon%aOTh^94peuBsi)HB~PJk#$y`qL@gSe7Q3ai2vHPDX~bb*Ei)kh;K{08
z`O9ZhEPwf2r=v}(i)Gg)L2}>+G*e-=BIJpC<8#^0jn%#Y8#;uHQSD&3a4yxz#dR1$
zxfYnba}#C8FuH#S0gdalfzgV={u1hU^5;88qe1Mu2qFH3z9I@MqxF=n`=a%RHjRY=
z{|dF$e_HRk@v72#&6F1Z@6dWW2(b{fUI1Fp2d(EOWqH2ZNnzt3Y{aSY77|)nd36Y1
z(dE%k1EDkV#oK|t1f%>7@tY$7Vdez@cmq4xm&Ps7y<}e&U|@hKgMKzj;Ft?Iz@_r4
zSSN4*G%&8DTO|9^wmEAelflOM!?IYIfkgAv^8t0)mc`Wu+ylg8YC@G}6b;Vik3h-z
zhHUQ8G1>fnwRi^0j&HN%2!R5rIkfd7`*{3}f=`r3-bF
zwL1jf`pydzJ28RMFew1Tem2}^*pQi$V_NNlR)2zVvu0b7x~^)}P~F5n|ApZK3gk<4
zNOEvdntBuhVS&fsf;mzX$-QJ@wB`66*fO+ImvcA5*hgU>ajbC|E?HgY`O1o5)VJ^!
zLxnqPE(9OR*m-_?3`8v)1#%UG7E&TN5Jg>loM6GiSb52609pap9aBskj>a15|I2-Qz)ZbZ4gyrmO~Z?MS6#_M169oqJJ7Poh|;U4#QJ%
zd4BZIN+ovDi9%4Rv}>T)pIsjf!U{qi)5igj|4`$Gp6GZ_u%)u%?k&w)=DcW-ybAQ69v2DAF%>v$KT{)pTaFm0`JY3LA#
z^Ga$8`Qn=hM3=UsNRsy?Z0dERRN&
z9*V&fVI*hOVFH*s;g|e+LyWCVGx>1*{Q7>$_T&du0Y<#_kE*U6H#Mc0!d4jD(XinR
zEzN9(M7e6T@ojw$Qacs3Xpo_`#lVynp(#lrYL5~J=ryzz8sSm?qO{*W=ydSj!v6au
zN6}00{gVCpD(ROj!j$H6imn5@2h5IxmHzl8b104pzvM9FQUHhRmpno)3NLO8SB1vV
zDy-Zu*+QtjdVa|dM`MUYKCnKN>Kx4%g{2s*u@S1~;s$&IKu`DF9Si=xn77b^x9y6a
zTnm24ld#~YLe+At(1M?z(HB4#fQT&kc<5cnf}cgFj&M=XvkeNa*qiLWrh{|~{tx&b
z+A7V0AEf>^`b@LncaDTzIB%cGE?mh_Ohx=mnutCu_)SP^{D0JfA3-}2S@7HFiX|-g
z2ej*^l5fFZWJ$t;SBkk?MGJlhscr`8(}E8K+XhcJMwEITc~wKHBGT;?bk9{kjG6AQ
zX~EwUk@PJ1(Ma(ro31yiE6lMHBwXnHifPGah
z>;&6%>TIQSL8xH4H4+aaQvu{V2qCbnK<4fLU453@{V&<^^Ozkqm>Q
z#q<-BV917@2nk<^R&A!vVSs2^=8;O2FQDGr2fQQV$|hK(D$Hc;Xg_$b`z^7!C?~|4
z@R!4j`uRDy3pL@5ObJTgUY2RAz%R597qw4j1s-oJcTy
zxhvNjF?XT4ytP%;b#gvSV3lg_BOe9WB4g8fA#=nsGtZ}FV7*)rxYK(!H`xn7Ei=0+
zX5fo)8fuN)lkljbR&u;G#9#G7#C+I+@a>
z?~w>dz2(pr7zx)uN}msyv$+Rc6JXy?PsI#=cpb7s%YblJ$-OQ3)`gEA!Wht|9ZeH=
zmzt%^Tj@MWXp367kBYGjD3%9LNR4MD&M5{vtRcuD&q~EOglwN?X1g!S0<>(V~-vTgrBq&K4mS7;NMO611B
zxsDnt&m;XElv&Ipt&?s=dWyk6Fl8Vq+7ZKkCy^Cy)ub@nV@XtE5LaIud~^;Xg9QC8rKquY^&bOVFkpC=*U-__(@iW!H)8Nw8BFj|W6Dm^H!lV^ZDU@m8{U;|dAr)cafL0?
zOcpwl=nvpd9iy07O6it#m&L>fS$vEho0TI^gUuR9X~&N{p>zz%LF!z#wi(~zKr&($
z=)>ua6X=lS_^Bihu7`iCy*wJ+F4hZkDh6|5GJ@^cPM3Tgx`Q2DW4v-%m_cv!Ysx~s
z&^sXuL&?lW778GELKaR&&NR|W(H#_+B>Wt%gv)YwBa+~}@`CXdcrK6Uv65>_fZJ(!0pR`(F
zcx=d$zvxH!tW6h#Wbg@LMRZb)dh83pO2z9@u{6T=xlz0-y0%@Oj+%6Z{L30Z%wA*c
zdR3r$*rd<*aYwD!j{fePwveqAYOW`YLti~)^rE;YqymP^atNS9
zF#9e%4Sg+}bBK5pAp_2DHA>sO(^i$v
zcf`}~w=4llMXmi96PEGw644W)G0uqNrznq)00lZ79&hJd_ZYll#R0j;;5vczUs2`r
z3DSSK;bUU%y@|QEf^N*Hv>An+^>VN9-PXuaOw550#o&UyF*w)A$A5SHF@3C1Un7og
zF?buI5J_K*Endt4lt^{seD1Sj
z=;Tht`j0w>z>}bF{;n=W5wF@z&Pp<@pVFO+v@*G~j|?mLPvLlds|b$Bn|=_%i$glC
zdOxcAm~C+NZQNs!*lSWF&<0BdK2>aS`2(k1pwGZu&|rIHdd}Hcer-q2CAY(a5rn+B
z2S5`i1Fs4q0GO2sz$k9O1AScIqK+&NvGk}q9S|-Avn}B2X#zr7CI!REa3j8;h)XcK
z$h_KsuOvemE~fqgnUA^gp?`@?X3Q5H5pp?aDHa}oxC&%eiU#XsJFG!xw07RQ!Ok>v
zV>4Ydy)T#|V4!HDhYEn$kzM>c)`^HK2vV(lKn0OeSH;Ea1s{Uz)M9sKf1ds1(^5TZ
zb@6Nw7P|g!3Ui&tulYa<#Iz8)I&==_<8?S6rgOo}_cYy&8p!1Tlzr6P%{FjB%xuEM
zKH(9t68ofUfskGl;eS;iL`G~!tClM{e)p+pT)eU=Y16F2=wHZib!dN^wTP|0(<&bk$M7ChW~TV^F56u`GQ>v^6-2AT0K4m{5@2jU2HA;}}pb2IpE*7MwnszxKUZy*7ZmZ!Poud5K1Bo1i
z=|Ow--#c0h-e=r9`Um!9MBdRJaCPI}(GX~A;~jmMa^DZ{XwWd!19l&TD;IHy^<0cI
z{y*`K{<*ua8|@gXt|yY0a%2PGNo>#sVCo2>RrZc||BRSB+oLzi@0T{k#y)1J#qnAa@lO8TV@Dicb
zeEp64MG#pjThBFF={3K>bFp_{I`i%dNlk;s#b6oova(}Mo&t$jGK)&LhzAiZ*=&x$
zMH(`H0C)o3Qdc^OC83czr7j|iPE3aS(=Fgw1Iym
zs1>;7`LPWMH^~RM;YTADcr}=Wmt}gL;`aJ2`)C!(42wih_+frEs9IIw+0Ge;^LW9FU5HB4zxN!vhaxx=0SJa$1EbN13q#yK<`l##EEQN#&mHbKo5kqh(%$-GT1c8^BT1$KZ@73-wP)@{c
z&7qoHuV!tJXMK{$GV5Z5NTcQV)Luo9**FP_#b_GTIAZ`X7{}xvb4`hrvzD116*H!S
zjGdTq2hl%X{A0=_7}(0>gIF=q8$uY{qaG83TK~*SVW?nZ|2V3*_Bf_7l9}qFMKX3o{G?V?({HBgDq>UtiInggb_77Gl5A1!Mz~Ti8PI
zaipZ8MAcxGqPOOpJz*rMcuclJnVIXSYP+n4dmm;>^o^uLq^nIeKZF{^po^{_jfNcz
z%dpP`KamtFlvLE{NQ6^!@$9T)>|sA4i}fsgja)0^{^<1(2=>Cr*&uNk4V4CoA7Jq)
zxRSlcZefdKxgDLL!icY*9Le;Q
z2646#wkbs;tnG{IwnFADC=XCeRLf3uh;%2>TjtfTxHy#K9bu>m{Qe606_VH6&#`s1
z_HU}4YpS8egII|Tj->nU=S>rO7hprtO2Rha{R(G)2XBOtMl$kX`W9j+OMEXYx8c4r
zI1EzapT+M57X-Utf1c&a{lyMTXQKcQ(;~b^GUUhl;-rdTRXJ%I
z;s!_MX}B~J*z$mj^CRpvXs<;3E_AKOi{v#(k}F}vbscyB7;L6lfZGZ4kdq}+Jkte0
zk*GivA=bO?4d9h4^(lMWL!>2~evA@>l-**#2v)!ZmEH-R^*;Beo`exC--pPX6<~JM
zz_8ri-+RUa*xR3|;)?e7ZuC02LS~8S9G0~wbjD*@+S%W`j|Gc0vki&_S%W#*^k~w%
z+DUXmr~5VAf3&}sEEQW0ZJ^Y-5=W=4b%p+SiD7l&$#$A~E*ll#4i|_tk;m6$ouDG_
z&8-3L;%Ku38HmZL)^6rH=HQclnl8`kUxYIw%}Nc<^w`ZGh^#1p;noaTJD52thsx)&
zV>@cD_&v0ec0hj7;_V=yu!4nQvWer;nRisoz_o)2xWGHOT}_l)WxICTZd#2%c-MaR
z2=fHu$iZ;-hj(yf)E8=ouyqf`^=zou;p`GYXVmVj?l;wD(~uDDelCP`DrSJX>Lo8S
z+eV%c{|FzH?8NK`0Phe1c1V#By#HKcadHKU>=bpMN|`AVq`;r14_!2|Ur-h4co_3A
z0N8}TL(R0mNuJbFaDhRz$f}(Q-vLSR^j-`WNahN#>oNov&mgh~_6i;=pD@$80JX@T
zQ_E_+U*ie8)S73dltc!g{doodOmaNc9HL6l_EkzqzLt1A_|L{PG0SY*Ib7UYJNOd
zpV|dA)Ct^SwD>ikYtuETS{@S-ggl^OsomO_U%w3yiBI}p)XGt>r?#OY$Z-vYrYW@tL(c0O?C<;9>kH18#6J76Sbo`=6e
zEi`356b3k3UN!QSpSC;(I&Urj_A;jJ;0TYpwHOv$L!(j*9zeP`VNqE2b-b6*+aqU;
zpk~A@J6!F^Sj+cEUi**C5VWWBAu~K!w%SDg$iu=Boh$Q4t~b>%yHWTV6zSNnwm-5F
z$(!nroB;B$6R(5cAXu@Ca6dy2WrSZK)=FUnrHIMHkt!2tlX9+Sdkv^anw6(y
z!z%kDPk-i#vHBxF2e$g{kNhGLy*H5BE~U%b!9_IONjvxti9I09epX`u!bNB9|Npdu
zUjikoVF#~3NWU^WxCDL#6F+6`;5x#k|3`LkxH@UDeayJV?cg#xp#8RkCrf~^GCQ~r
zYOSgrycp|E4v($e4(r0O^iG6g(^cJO3A
zugnhqj6w7&+rd3WQ^xJ!^(4ot+rcghuCar+AgHnGua#L&Re!%kG9*R)P4B-Qd`Xfc
zo*iuGE8h2&Ebw00&WO6`-$
zoG5quC;A4GiuJYJrfD$3PB-_+sS%U+c!7Bj3FJ^j7cn4bO_%f`AMsWe5J&-Y$*Ecx
z7IDp?7#uIr1};>VWS4JM;$a=eE(Ytmz3Z430&lEjWS6f4Nbt6c!Cp)Zkdt2xTIdeO
zf~bT}w|+`wj^e#bw?!npowzZOFjBrQ^R7_>jMZE!DK^yJ0tL8_LfSC--}8XDe}wXx
zU?!}%Bj2E}-x8btW^AGeF9r+V!<5ih@NZ5n(_3G9$#0vA*Hf2!D#RbcTQ8aWx35+#
z4mR&28~!xYZ$f^YzejC<_=p7nW7s%MYNDS?J1>m1dcDp#SzU^xHudCp%-t#PBm33k3uYN_!
zJNdJVh2J|@=C4Y=OcmrsOvrD@9TBVTuO6UzJzzebKYQd~0x=NY)B!f>G*Re?P8gk!
zAl_DC4VJnukvrzq?gCnw^=4gTRXUsAH;k_47q&?Su`IYlcsuVu6=J60)e!F2_UHPS0Yx0Y%N?41p=AR{(zEokL5To|45s~5@N#b6sy%25D5
z#*owc`g_h#Ky2&L)Qq8%`)5O43M95`L<3?E;GX
z*i4V+TB?FYq#iv8ZXW}{Tz_}4lI*32wVuFU1>cS|La(<2f!>5;hr*h^-74ky#)P}LC$
z_7?IcWqnU%c-+=L=YlJW!BJ3t9_RH_3*G!q98cwBz52QInub|F#l$1Bl;xH`4DpL>T@%oP=f`*!|2*&*V-Yrt30G|TDsiKRHM
z`pJENe2K$(+;=Ht$K}2@ru#tglbLwJ->#?e*W6xo0vyK_?wcth<4T?qnWSrJt7k9&
z^s{Y_u5q+5-=a;QZ&V&t>lhDz8e@1p6)PI!J<%A@gWSf;AVAhL76NDN-N9~hJj?kG
zMA1rq+i6j&&?Mc?oMi?;w4PYPXlQU1Kki%
zR^pS${7-!n+~LUO4bKX<&?*chez-pF&#^4*K&Tf0J%f;gT?}Eu0s&BCJOBzAD%iEi
zs#I6tTv?gy!5Yu1T|b9xe);R?aPr5weh%uT0W8|TyksZ*;gr1Ocp4}839<0xROtN(
zUsSJCF;Xk+Q5Nzl-TKrD4Tb;X
zS;$GWZvDLhfi?!u+AP@~~Q2>*s!
zlO461hj{^yPQs*!N7-2`Iglj^hguaLp0xkeA(U-(x%t0yKJzxqvAgOT6*t?{>Kh=C#Iafndk`&Rku@@@_W
z$>H4#@aXXFkMJ1r?q+o1JZ{?LpM|A2Qtf_%9ip)0dss0mnvbYv}7IvA@-;r)K!dEWDv
z()Cgo(#|S-r!u)_5+`@T8ab?W3AtErpdeE(z{a15*w-L4PfhM?!H~8h-o@Zaf0fe0
zZT&*@`UL!~m}eW8+8&O67!09TFD91>^&bai3$Si^6uyDU_3dSf?s$;=@92)x=(jn#
z<4NC}CQw%1YaF#`@nEoYMSGvbKM5#`ATJxS){3DDuY;_V$5;eBPED7a0xR2J8}(vD
z{(Iyx-XA@Pen!9xI(*zUEc0?ThR^pob7qi)A+YP(>--*85nz3dAi4n420%0
z!d%L9eVZ1iljEBtlTPjM0UfL+^K77GG1wBR1sW4`0f&j@M`_^P*XT(^roTy(OV%v+
z-kW2(R_!F<=Oa1pDA7~#=t$Agc#M?jF_Lm|eak%7p%PlPkI~ljNBhFhnZAq1Xtd3d
zruOagW@)2Aae9mgM(0LA+#i9fQJ8Jv;?|7K@wzwKn%IOiN4SD=pEbDt{Z<~)`!Pg=
zKLmzjO#TV5tXim&f50rVG`Wu*)7D`+oVRMN>ZpB9>|e4M$DQ|T4Y5iSJH?LK=fvVR
zQ>@ihOF(ePT0Pu`XD8?QO}J+fdeRJmaP;*E>6L}WZK#L89qc0FDFIS1t(P$Zp7QV{
zCeBr5w0B9o7q6Su)!vitb7v>^#LBiCH-2qyZzn1|Vfepiiph4&BvVAXG4wL3-u>|a
z#(lI|U=00Zu0FXy^IgI(7lU6sA1myE&5FTQ_v%a^Zs68ryx9IlqIfR%RMmEAOGrNvJwH3k)-4b5Pet<{XuL09p!{6SBwLs#k0Aty83_LAz=gU$5?o4O
z`FR{KSF3-sc^#mT9fY5py-~zJ$0C-(g6p7i(85~J&_N$OQk-8pD9+*DbQtoB(ak!(Xl7yfT4E5`0g@u({e2H@@_UU#JCG_?-mYFvY|xR1+JI
z(AA!Z#$6{cCT|C82CjEmV|Aq`m!50J2pW5@MXFJgho@3>fJ*R{0cH)!kFEsu?vB-qa)n+=(?;&zBqO?~r!_S&jprlhaVbPtI
z?IXaZWU`(?J_l{rZOOb-2`Lri-;N2CUd(6SfjDy^H2hZJhmf3pl_pemGS)dCfP=B0GJG*x%IQv_z5N7CEhMJ2scrLv2MpJ@>Hz!vnPX~y+n6Ik
z(Y++zp*Wo%>!|$Q_CDlqpXc$+@nYY1BqqlIlkG7zin{H@)9)q4=3;Tg8xbTAQeOj$
z@)e_63*W7PHTP(#>MuNfWM7^MEeUu$Rg?t#Akn3rLO<+h3-W)%0RH*85Mt2Y+XEnb
z`ej>6o1sb*1)4{0c&S@+cvbW{;Ed8F0QMrs>BKnTxlSCC#*GZkjBRD+J%7M^Q)d>e
zwtMbS8lFK@t|*=$eYhu{tAY-!vrAve^UL)>I34(a<7Xju{5zc*GW7R(yt216BwMJu
z^t4JGArB=bWnFf#>0t-Ahvs$BLzhXFsR|fjhy43XI^@3qc8;pGR}VT-b@Iv2%+vx}
zNTq7D8$jEbKGO0qQm1wnnYbIwfvOJVm)$2$ePWjjwL$su?}Y01RbXGgW;Do+O_V(Tt;ByQ;;Vs$6u!ZTjBTii*MGt
zlbu(c=!4ono_qEVY5Vqt-ZY)Ingt-s29FT<;8h?rOf3M#uLcj@Eq%PeJ}5_36Xcha
z9SX}y)@N=4Rkv(oY5=q;1{)#^VTB?w$OVZ(PKJktu3x*r4zhVP$UE>$ok1RYBpl=q
z@GI;fq5SHeRF|tQKayHVuIYvF`Wuk8e(deE;8)am(k+`4_ZwePYY;zl-U$3j*bjA5
zwbS~n@mcYRevd=H_Kn#m+wu_mQpfoa=@t96nf)!ylgH3;KIwvYj-JNtIKvGEhNy2poud>+k2U>`e_Z;TByZhNV8jzq0bqZex-&0RHX|5y
zcjAYf)I4>~2h62JMh4n*x@BZ^wHIu>69Ub)^ZtgUe#Hou41pzZ3cdBJSVP-k6M0&t
z`wwUsG(pzjbdzRqx+5`j?RIUS}z^Oo6OGxWI1W_)EK6sqGtitX_8ut49J
zmR2n2F`6u3WJ8d+$qNctif+EAjNTPodcB-`7dbX=)f=D{z+$OUgkrvV1GMVY3pzSL
z09+V;O_K_(FB1iEwr*S3`o0nCAg
znL@xKGFPTIpIN>~rWcp(kZDWXKq6SIaAT^_T>|$v1nw_dW`4m#2M!d*PeOljDN^#M
zyw$Oz$j0jGh;7|3Xons_uKCS;)0>=$+(2y3qrQM%A6Elqob8vuf%
z82jWNE$+)L;uYEAzIvHRao;-gTyOsBwgFha&Z4j%xT3DaZ*~Vr5aBlE!dff7Us>_M
z1lp6r=uHSwVb3G+CwTEbur@QCu`3S5do+4WW*x4V-z07|B<#c^5wN0
zK;WT*_h3sQvuPIEOiwB^z5alM&`gF>edu@%VSH~qJZ)!(dlF7T-|c{SYCb#QKm+H`
zOv4XrYBN0~PTCBqtEDM$TJi88({!pfh2Aa(*ks?H$@I(VPApC{4f!`jZ`%
z0LSZdkoFm1oubF>@5t2tLas%J!f}3Q_rp{H>@EU$A<_!61}aZ?!Vv050KO^-pkN|c
z)^yGYXODSDvp-5Zm)YO-8xE8*Tji{tIbfj>^Hm0Y8)*kn=2Mo>alg$o{s?;$e*=)!
zis8L`qdJj?MJB@JFIv^8wBm7S%j;jwnKTrIyeL`42fr!sHTShqc(491#%}2yTvJ#o
zKdNSI(b8L0bM-6oH1Lw4v)j(E>F$uHK{M*QAy5?DR?KaY=BDgEI6R6C{l0?IIJBj!
z66W9a;O`8pY}E(mLN*
z>r^UiN(^*}sX)H`cbqRBA$=op!JmPImdw)1(oc=!{xJ0_Lxe*j?|nJ4E?T@SJNu;>
zTeWgB6GzGiZ6+2*4Lo4%zhGJMfah
z;KEZ%xL|Hj^S&5>)eUmvNlx^PpHb?<0}mEo}|b-}zmTzD-HL
z27ZI|`{7Tp4EA?NS53=T>HTW42P>L%yg-yw@`g-i6xR|x2
z1V8H4U^Ap>O8*XvObgyp6Ro61ov9F=fCFU70g2b>
z5|MKlknm$?Cck&$&y{>D$(8MGszFqjA}9%trFi+dGJr)*4z;O@*O1ig;WxU8AJBu^
z6GrV4JvBwNv~lBFCE*a#7dj%B`2x^)8G=i@fG#w0C!*cxLJ!R&k>6DbmDGhl5+i^+
zzG93pw7l)|{8q{X#-aCHi@)@Kp{T{RoCRgz^qs~cXm;ll2BbVelaDQjZ%ywK24B{{D-5i+d
z{+#?S+BDSvKjtcl=e)i7oyd9X#BX)p#7*s{F=Yq3M`jUu9v<^A+PZH_Ex4wwdyXl9
zGXW9FEW+Q46Ki%{jFVd3NH!X9h;zVRF@|n`_vElMF(|`W$f0JpHP=VKXROhRdKKN&
z%?jP7VY>!YBU)5Rgw_UmSFtwT|E6(ar>sb%#VU58;!^N>8!O@`q@~TU!;}RYX>@Qw
zL$@b&8ejd?TNqLnw2pa?OqFbuVe?^D8mp-?E7=8=j^-@%!T1CL!vUANy|P`CfwZdqIn
zq~ZOxv6&9=1CU+O{fglNBMK6s+>Uo1lOGA3*a+nyqDdkYWvE|1z1=@|!|F2U<$g6%ygv
z-C%58x2qUz%{OBoZ61zVz$GW5JTH8EZo8}bwh;;nA74BLd^}$H_*5ta@bRtq6Kq32
zCw8~+bI8}j81==+Js7sv@bS+cjqx#ajm}bkdUlcQG;WZW+}oC}O_(ek4u~nZCm^GY
zx04ddy@L>I+5*&j2RZVjx8iNMnC|Kch9YY1as0wXnywFv
zPX~;dSse)qz`qeKZeC5$SD0mJ@v%Uvp#eFrfGi>6$Sz^wF0^IZ@VW3iN3|lZ+5Ai{
z7LT)6zdwegwx>-z+L}DF3#}MYlgu?{v8v|B%OR4U#<=P5NMp>yZAsQNt!ZR~mqw?`ooU^5P15da{q7EBcN5+2$T&iIi)mMPrX#2<*45}MEa>Z=^Uc+Vkl0nRr_$5jCM&!Sgo23l1fBH`V;c@D*XqInF
zO3}%a4@GWh$HOWsWUcW<&c))Zps8#`EzbnI(6@|wnZcgV5Dh6^i4HNlQbdQez@_az
zxQ_}SBDC+`KCQxu*_vrMzmD&b!pZAiL&3N5a1dezz#)%?(K8JtXCoPkx08qyZyV2P
z=)xAD$F-2WieyYMiMO}?5tTGrx~LtLrjP&Y~)p#M34c)
zE;pBv|7%0ox}L#LNTnOdod!BsE=cMF>QKsKHYdB1k^)BXs6!?100Fxbl|2FL06$oh
zyp+6Ql7^ws{OCr}+i;`Z6_(%9i3zE+o)M5&@0PbRWsgdX?;I+fL=|o|XGQmk$|M$*
zpTaNK9YXGiyLcl$bcl-N>E%Y8?2q_gif%OGa#Sd=v+I*TMK3B!T+dE6
zJg7{=pG6IOv1pZSxNez-M@0=ENp1KK`0Qzxb&IIs6=)c2aSuShY$@gCXvgAw5>|$4NtL(^odj#1WT@}cfeIPw*d`_CjaXAjWvI)!6dr9@+)83+%fj7QH@xsP&iwIJ=tYI-
zoyXH;VQ`s-2S*M6nA-3uXzR2QH;5WuklOItG7VoYgrIW$Jb0Nr5egBd*lychB|8MK
z-M2$i4~k@HB7XZal&|PM(`WE&f0@SMYpZ)Soi?{HdclFpU)kRQ<~07=@%K>y_^X5Z
zHDd4;9)o9v!)Yn9!saM6=Hkpu8mqTxKw?1I)qwKQ!e~U#Lf+!Q2v9N+D67xv6&?uB
z9iZ6Qy&MQz_#iC77K9k9--}6i-;RHh+Iuomm1&Iki#&Q!RxasDEZ=l__-;smL-`bwR0~y#_YljcV)uDYymi*Lo7~KCJofVtJdD{0t>1yHm$1yFnv8crV;v
zF?jrMBSd+Ub)XNg=zrf0>VvIkUYE{fkIlho%GTR@A&2#!CX{J-Wz_HkWJHo|y=Iw)
zher)t(J(liVjQxyn;}37J=)EA(d^hR3a@k;m@(Sju*#m$e2~zKCJx&#l8OEB+n0%a
z1*pGmTld{)7BMjr%;%9=P;ea!a!az$zRiV&p-cF7$%i#l+e()>ELJ*;`xi=B4-$7r
z-R3pGWL0NC%a$ffspmLV;*ErLjrE9fm+I
zO#|L=1)3|XtUwSD+(3Q|3CDg`%Yyzoj{9$5T2>#e!6|zBC|~iBp!mKd?zP~TG2HX*
zl8=DLZN=Gc-yuB-js|LKwT;byI|CPiW^MT6ReAZHa>2
z$T*b*&s>vEf(;=Ah6EQO3JNx)t_VpG%FZhDe?Crw=a6f*G+2h;9u2^#-M68IM0VYR
z?@*I-y?Y+kZ6Z`_atbfGA4?cr)$99@OJ4hiHrZkUUf1W$l9I>rgVc97`2GfA0lxQI
z5TVt>_tp*}P;VJktg9qvq~iNnL|ADoe_Kn4?_n^4!EKbZB))ZPY$Mm$a?O8=B`@-s
zKglA(mq@UAI%e5E5sn|gZ^iNW2Z1_h6)yMV{zxcCgzv-c^T$8?YK2AB1#8=1HM4Ft
zZ6wWHB^&CI)~`Ueg!>Pa8oF^~+@R)$EZ3uWvyZOKtOIEt{~$~*5^8dyu63MZdHynv
z-aL_`OV5Lw*B3~1jVU(^*uXyAQDONIuly8K&J{RmkG_Wdh2!AB1^%tb%zCqC)*#8!
zbAhZFym&S8Xdj93*ZJR<69~9!uMiAu-rPVCPj+m%dj&SrHrIt!tMKW$Xy7$u;O^_t
zxs2U?r8CUc@EFmy+%RrDxO{AXhS@P3W@~4dsnD1!2k|3dMnUYxFPSY+vuVHD-XFHT
z(`nlUHGy%3iJ1mPQsN0sdGPVh9f_}|m%s)kO-1&$tg7v8hT9!5@
zz9-7{g_L!L&M=EOq-NI7fF#+*bff&JGW(SZ@-%oxjhGBob950fPXH+j=qW^8>JuO2
zynPGoioG}32Y?0o0v0S(z}havYk9=^Ohm-?clIJyF9!8c>)6Us+D(QkaYe(9v-M@r
zOhny-djWMvE9&Nt71TYCKfz=M#IX}^705tE-cYzED{ENA;16&jzzy{n1#4QxU>~>z
zc&@e2AHx32W&?1p-A;gK9@LZi17O4CAXT{4z}o)!NLh>&!O?H4gu%dg#wWtE+29%9
zbsvX#*~~ZTg@j?qvOQIEeG{oyycH+bvkz4_Mg^Grt;~uNqf
z%gD*V6_H~ffh#xFTcm#wBIh4QtydyaO+`-N6aYCn2Aomf;E{1?)_{>89!zOKm2cBP
z7UuDtscBgLbdABK0QL524!dHrN07nH%^rnTEe~;i6|@^N36?H?5LN)uP(^+=3-^$U
z=WMP|g-LcKm93>P-Q639m2$VS-zvzsk~Wwky21c#tMKnvu+?d3TrKdE_+~>%INaZBBMpBw?#im3y|KP
zlg=nRQ(GvbT#qzR5Z;QbO#6u2;Qe|v&-mPIqs)ns|+Wkx7
zhN-pP+!T*}@K5bTb}9&z1%*I&($4@FSp?ww5rugIc42mPG@tPlz7SPfAe`PxRGEoJ
zApgJ&4QOPhK;o`g~5uo(f?EXauOVk2n}cMrf9ec(JS62(J;rs4*(uX
zHuCHXyu8ic*rBqb`zf$dejc?yI%*6tw4q~0L~2=Nr1o}Edb+Y-(6em?QQM|`4=4gN
zn(^VrUWzw4RrJP&72KTxL)jv&tDaj#ez6~6v(bRIv>t#QA&_8wR2ogKHE>hwZ9##G
ziOY=dmyU|qT~LLZFJ7Kb+RZs{CGD(5uAJ!ni^0PTd$q#xs1STbhD+7(&gw?Lx&2bQ
zDj~N&N6Q9aADAm|1$K|yZ-Plibtyo-eV_tUxP47^T)9cWT-A`u?MvwZr))PG1|4c<
zd?wt?V3^L>EQ(rgX9f|cX>zza@^t03mW(b$0T|Zdx2SC&pJ4#PboEZY8wNZ
zlH9#rsm76oj&Zb)<9wgBK|PG=!rr5w*j4d)DuN)3HV>bNI*0~7KP0X5vu)q5aU4Qp
zfhxa-yBcYHg;+Mbyr2SGZRjoSjPX%=%Ia8w8-EvEEf?Vq5jW*Vx57PCUIB^L7v;?GPp0=a=h%a(67yZK*=
zk&W!yEG7z_)BNB3v&CTol8sf2zh9Tf7AZ>Jso)6)_5)hRZu{Y;r>56m7Za14!0>1R619KPXnh^DcOa;Dk{mCs(
zM_HP5v{Fpt{-pA=uwek_CMF$^&1aLCbaa8rsAqQE==X*3On*{)D+UF&D@4*U^IK)4
zV>nnXoJhKKd~hoJvaYuy9VZig3F%muL-!>eml1c7bbQF@BxWxAl#ZJaFu6P|j02A8
z7QAwC+bM3uzhNUw-C6wJzMEG#DIu~%NIgAt|kj!wv>|KN(b^G;V#$Q
zl$W!)CT#nEIg0}+s{N{e%<*Ax3RUkSPlyZodYgHhN=IoB{_V};P_c;^#J(f<5M@(r
zuEm~?2Pmh&&lsCojx!Lk9jv`kJ^_|XCozvID(2~e?sa(U7%=-7GhkReqRz(k
zl($BXs%X7QbXR##a3>XO&dr#q9mRDn?+LCri4#b1D*ppUpyX+a)Aa*S;~)??ph-c)
zK5Gg>jIq=Gz-P|$`A!fG%xy?}ty=ja#1Iij+ac~_n4=YrMup&GFfbUC4B$li;GKGS
zM!Ngj9A|x!ri9;@<9EbmzdnlP4EdJK@z~pbnz;$LaVt2z!lDsB@|4jCrd)A=tAjjD
zj<|jg+}&nsXxI5#%KX9LJBHmwCA=oqv4%=qAQHvtPEht
z9`w?~AqVL^dUPIqjijZ_<5Y;a4{u!@32)H_iw^b9ry&w}yV&*PQc8G%8Vm3G=oN7F
z_1#2)>t(V~4!9*eqTSzylM%ran+qxxgZVIJ+C*D)Qa8&BbSZw(V8nP{AC2LZ_)!BW
zoQXKd1-gPH_^`LoT9DC1CnzK;l}>v?=^Q{g5~br}ydgeKar&O
zvlE^XY*<%7H
zB9##Fx79HLI_g44hM|kWj`R&9x$UBPisW`3DP5+_N7+U15Z_`@jo#xr#mSG15R-Cm
zz5JP1hd(Z>>%k8eI`+~&#_Z+ZWW3N`-b3FD!=FzXO!H`uqYjKb+DeADc?qI)sOE1X
zzWK{$=tUFVhJrtby6S#Gq94uD_yv^U=D;0F0hy-s?OWP`L
zLSDZt5R+0yt>SDW+Tt32RfK+wTW5(0mp8HbclR57%?jenLNNW$
zHxC9f;eVL!-xu1W9U45yK2+}Km~Q_;`^7F%yeHH`E^|jdb8RlOFrT>tH?oe+EIj+@
zJd_#aU!hz0ePnJj3k#EQI65<5-%UP`u+fGapgTV_B9LQ*q;rQK>Sy)-R
z0i$s7ChYw{^q%bIP0=S*b~-?`O<`MP-8=>LxJZ@m9C!%7G;>%Zm=ed4)%-;8qC|UZ9
z)Q94O^#BD>g<`I!A&2Jc!Mc#SjRUtGZB?WLU!IG{NC&PZr7_>74!vShp6^2aXX1rw
z5!8Dt@F&69vcTaeK2{Q5_cLAlspk*Y0O3dXz?0)VFJ)FJP4S&HGb%v6YGGJssOHA3
z2@mXLU>YpgPXpOPdsm5B1ws4=6VSa06BUuZ+MQ-0uPZgWzSByM%rUrbkg1ECcD$+?
zPS8XPhaSypstOBsMNyTjw0M@~UdPXfmWj2XtuV6lYql^Eb-}EIN>@jmM)|Ip^*hz-
zYLSY;GjybF#bQwLT>^wl@DNym1EPYr1X8TGQg^{)451Z*gm!S!B{IBH$(?%!TWivp@s8Iu$$YVg<&L_Q#;%N9cE+pbhz__#w7Qmo*$Wop2K}w;eqaOvm1;K-QV!C;tU3LER1+fPy;GyI4$0o-hz
z9ounnoq5Ym&X?lFOp{a?60vYjyL590j~Rm7a`nse6!IlwFZ+|m&GXF%Hu>52~-=WNGM)1CxX`IOrQfFxC2VBvpD1G0~
z=97->;$Uwd(I*2EAGU1_Z0Goh-s^t}+q$J6#DJQrusTeThPNefT#3yXY&Uu2@_Bg2>?V5TJs>LG
zat{tXs>%-RF&(!?b5*wG^mh7)GOByY6hnWxeH>mQ5*E({KSZXjbRc#20eG>}3!}Dy
ziuNyzx;9F^o=;a%zcc3F4F%aEN*
zd~4}bQR&Sn1teY~W(Ou{30>@la(b)tsq1qOolL8hyZ1Q!iQyy*4@L@$!C;61Y`WCV
z&tu(ep`e8_?QbK)#+cUD-w(N#xjrx>N?U|83+sJTaxyYG#>>IQz7Eh`P0>r
z)`PKH4Jar=;jkfZTA5U@UGOZQ*Usuzu&95fucSO>im>BaFkF2IA^m9V*6=HFJ&$TSaa}c__;N+?qPBQ
zPxPpcu9+u7hx#OLOSIT
zGkCg1y4vyLG4|)!OSaF?W6fO0;;sRe9hGf4=0aJm=Ha%=j+USyCq3bt#d9i4f6V58
zN!zJyz||&=`ThZzs4PXuE}6Cq>|-%l|3KnEXDMe0=D>ZdWVVzuJ;wKQnCj@()PY6o
zgvkbnBOy>7gs$Ms+^_`gVfP|wXtA|ZAK0RjAhxC=c94m6!)yqYglUK7HT31N<|Sx1
zKb*qw2t7=w>^T+wPw?wQ(Gl(!9HMA?&Y&qtF92f`pm#bD^OiJc_@=F>)mS?-Alf{NKg_e#$1QI`)J8kCmQ{
zQYSm2FddAZotNPd+h7RO)#otFG103Eu3(1fvZWLsCsRsYnuT8Kv@r@-@FwIk54uKK
z6Xxv%xL#d_E?}h#=*A?(yp08-5bE&?Lz&l5$;?&c8;6h0Jct8^D8ps;Fd(M9n^`Xg
z{lb)+fDse$zQFm!?|zFS2WJN$rqGBf06zcPRQ1~c4;K)iE&=}d^N1t{L*|)IC*3hl
zC;C|Y1z2z-!{0(~l-D@#cd}INK~sE4U^wys%~|{o*zFDQFXYHk^Ttvv1~yRCd=DC1
z$`U2FoFF|0r5(dQ2Q+VG`y9-Sr`{%tF$Bwp%U%c!X+Zi79G&i+$i{>t<|AGQ3G#fz
zNft+ta4761@1kkr;~HEE4L1N146gKG|)N5eHx*r$yM87=*
z_qFAE#&29^@iiTd>5ub`m{K_eAEx6sY{=4Sqwc5%;L9?
z)K8C*24z_FXtCm+58erFrif$QS`2!>1GF4ghE+=^kyROrGjH3Qo4Fj>fe&l8ZCZ}Z
zWTsd0d+Xsj(}SOx-m^UB(2qKnZ@4q&0t0Z~5IO%}+JLJFiNpVW_Y1-4fpQ7hLlXeA
zFs;uQ{M5lpfReWUbaoMRuNGJ|5|Xw+A~`qni(GRrz9CWByys;zd+Am*@A@z(4d0?_
z_<92>i2G4u#WpC6#bdr|ZF!3&_o^?})$*4?TtpAH--p@DBMc3KpMqe~DI}nw7tJE-XKP|ax(nT24^aUx~C4^Jnp(BOKg`-lcI4YPGhZdUEhSBzb9Ha7$Hlm@YrK4$j?
zv~OQypVruS`7kK{)bD$9vN2Xb$NyN^6rU{?>OQp5;HXi04>!9ahAusH)Y%TYDIw`Z*NM_-6gW;Wyoo$}3r>$<7cq&IQg5WH~jS>mj
zS6&fV)To8W0Wrk>=b@wK?7VNb$X;d0Gp@`}zVUJtNbGeqAah~wJ?*Gz>=_cggD
zL*Lm4WoLO6XW&i4x4?9gfuDkVQcfd)U%oongVa)Aw5qtImh69roH$b|UvV5bu3r_m
z+RI$GkW$-lb0eJe@}<{+Gn~>$+w|yt>HwYoRl3{|wZ&j_N#dkwI6FZ?qIKT@d-j3J
z$=~*6A=GP03-zgZ>`AziH7_Z{NMYM@K0zmEcNtw*5nix{F7Xfpi{tV1I>|+dj_vNsoP}J^|RQ+`qqc^O9kb>Ad3-n1INqMTlA&8+xpil4Ws7b
z+%5#u2j8Gsisx@EW{q^5H5PTu?`23Y^reXbG5BFLL7_6Y%Ju5q*+t|<9xF8j?#U=h
zC{;iZGq}N~veR=4t>*gnviYg-aU#Z%B(5WemS;ObcTyC8i@_A~Dn3_%51@b^I4`~D
zKR-td^(#`)RC$g8zpYX;3#WAvk!kCq$?XK+gg!%iri4L}aJTunk{t)#O#S_7GO?f`
zwWe3=U-U+6h5O_t!BgfgAav1K%{Tj#_Ob^NuRvM&+wumuv{R71_M6*`m>K6)IFpKT
zw9AI$XukhuajyhUlpY94ZBVd$2p+B$kzJh;wS^q2
z9*cZwvvfG(PonZ&j(83pWNf|-;LgsNM#31KBBV?_!f_KvUs&qfI5*{*&#H0{f
zkKteN+HL9hU0F(I@FKR2>12waXSzyv#UYUraG5i2XZ)lr2hzLBT%&qC?yI%*pb3sp
zwuz;F2u5`-$8e+gb{KRAUyKw8pAUt73*W4tuzAX57Lg%aX}psXO%#Wiz8Ndvgg$(f
zp=lfujcmVcT1ORUJf#kL9;Ff7@%R{KAdgRiPx*m+<8eHNQtPRp@?9vMnCqUHd)*vi
z*`5N-P?_JIbVi#@JyVOZK#ptQ)y{mSCt}+%d-Ncx_aJ$#0a1;lhu~(86i+9{mp8!&cl1W8<=LLX
zEuOHD_&tG|M-UCq*sY=&#JFWFQN(o|VX8$B_w~4>)phfQ#6v5UPL65_lalFwJd$s)
zK4_MrUqDt@YIr+pYWI^`z?sBnom?Nm8Z#g0wl^6x!M{h~SlSjP=8cST7}!_v8SP)V
zdwagZD!muH?Ni!={7Xo`x3jcyyIB+61lPerYn?}f-%|v2+rrhrQm`#EYO#~0#LO6A
z2DJ5;<(=IGH;bi3zD!r+k3W^&k`w@suPiAZ(Dh18S}Pt!M=ZG%{WCaR*lDm0=0@;4
zIh{wgV^t!)&4jZBWF!z^ag_-};CoK!Ox9G;eG^18I`MHhN#dU`w$_>I%q6uZZb2sc
zNUC}6jiT)yL-WJFg$~uN0B}O0&3ED}w1{!?iwBnBWTV$^14DrVv6P{+yIQ4CB+(B4
z8_d*^4x=u6F&8)`Vgzl???4Sg30R$`w*0zUqkfuhKq
zNW+0-LJ~UDIx+W}*_vGir_mLN$Fh6|^%=BqFdKTr3dGOBQ$`>zhG!FOgcTgn<~ZLn#B}j2h^(h+t^Kwq=s=S2
z_?-N%<;pG`Axjq!1U^7)VWC#u3Qes8E1WhPv7STIs1{w)T44Z*#_?o4X^p}8Y>MS?
zkG+HoO>7zXM%vi6cy3WoY{~H0
z_W>l=(yqX5zz_l0ohAwb*pw9ErVfyr%GDSH*hBFJ{ZA3@4$3)j8}H8*1+|WD=(Y_b
z%M^?L9yEN^m(`kp4*K2PsDNew30$ix<1{iC6^&7G<3w#TUcswoqdM_@PBrX-{ZeEx
zXrV7``+}}B=5->pcW^(X&vNr$CD#NHioqgvw#HyxBJ%di&6gles&l-UeMH|SL!Qq-
zAAinuA!S4t3NxWM4duoGXppQJED?L5&b&r;b`En8ouL++FsiGU-{48Pv02()5!xEG
zDF&Z_^)!EmM|)$)VW4$d#xUeeG`tvS{rXbtMKf`&Ej+y;rU2n4O`9N2;s_na(7@H;
zY4Tq$&{F=z5A$@uPvJeeIv}Qz&H@vp^`BiOjkJ1myEX22uIk)=yQe?5MEj&SsERJh
zXP<3K=1AkSODP%=pH(OM>|tq3pGNp>bBK3>&wjrZK#kjO!fW$2p*~Jk_Ms&9e@0W8
zpi7<6!Jz{Z=0gCuD><7=+i*r}!LTM~GzZd^I-|ICigBkR=~QvaY3gA>Xd;B$--PSt
zabq8P$B&*iE~9rYhn9%+4y{s5X9sP&kiPy}z(lWA+FHQL5V?gQ-U5i+e78#*0TecP
z<&BDphq3wmRq=;F!Fl>Ny6=vvPf_sxKX5^4>
zuotWi+~qU13gQF94Q7k<3NeojfP(|Kn;Uz&8ARj&LrbQ0gl#$8Z~2(CtUybEN@FMM
z4|kiEC4NI)u<)+&9nFAhkK+TLw_D19fAm{UP91PB(=wO>e^a-HZfS=;OFAH5!Y$zB
zgfG9K{Z-rp|A*CPw?oi{SY`321G5h}Dfeg5&bFD)P(s^u!8bBLTh(nM3DXF}yC#SO
zE_gtlg!!PFS-%D&b+DYp@Q(4P434c<>TrsDq6WoIt&u?0F64^joOStd({A
z+n9aY5&@ngzvwYVKf(p5bGk5QKvQMWShnY+pUiwLaM%MpKobeBo`ApNo6ULv8_<(<
zrQPn{kwrLZc$vB-UMla)aqOQL2KEP}{Z?e~)&1Q}ORM!3%YP-#}oftzIWRiGinMK{_>Rxob6f@k4zvO#9Qv*untxRP+3xx;j;8cZB
z$dnU_wtxfd=b+<&3!6+C`ew)D32
zyVwKFqa90LEwLH8j%%wUOJRO93!f8@}
zG06#!kH`14hhJm9^5!Ptun6lPZ-@e#W-oDD72L%kV`uLnob{MjKm&y~_>1$0qoiZb
zwTsW&!2S!mn)nJ;gde-slTn{PiDUq16A)*DV?!9_i!XV=V$K&%CIuBe
z-J*$N==qb1(uwGxjU!C1L48?)0@6lBSb@9gW9D|cYZf!ta9$#Aa0Mgmy+~bX>r9im
zd)RvmVPy9as?teN!QMV;V6G)#*324E27#N2){77rl6Mdb%98g#2>(L>`H>0`B}Cmw
z`Z|ibyU5|_C8Fp>C(s)5?|?CPWNC|59Px(GKb?N8Ahl{upOmdPoYmLbCLi5NY)THsAWDe
z>Twn|Ky2CJIP@Fo#^~#b?bcMp4-V4ax6Ev-kQG(bDh5x%ZNetER_?%%br@lV-PX0<
z$|6<@FnL+h6`A@Bp=(^Q=VV?5>VT7Mb`rr36s0b
z^d7^AD1rh!hN#=rqHZS9YClWoAg?yG1Q;U=_#!+c^eG)k(W9a{j{YWk)LjHdm&)ts
zshO!-6;AyPIK7+(tWRWhLZ3_XKqx5XRL_0yx4rp^w
ztO@E%J^SOgk$C`MRUlizVN(xN2)i6nkh-vFSqx@dL271$&ZZm?FCqLm>UPe%Wod&r
zoKc(u7}FvbH;OB>{Y5SZgU^Pn1u?1sUn4w?NWlN7-_ctT04M-|lhiCM(K(
zH5J7R)+&qvxdo=#X|Fc67l;In;O6AGYl8nXWs7$bJ{E&tt>Lxes2+7=>m(H6SfA|A
zON`~Qiq!`o#^BGRR?jh{H?W8mtbv7b$UN&8{;m=pT)vFh(PSgE%_>sQ#Iqr=ID
zohFedttiT&)T-jJ(LAv@k*7M*Gw`Q7xjE%;)p&0yiAaNAeG*fE)?)t51E@If3
zqG^^wEIqZC$lkv${+6G;zshU1n%VpMCmnq?ijmmLv-cUXj|qMCO)_y(Uww;SQ;NPi
zV*uZ)zA6lROw3V2VZBWzwF>K9cq6XDdbgTAgbM2_*#Hz*Sm$jn!;8YI7P$aj|LC`z
zEG^>-YcJC>Qdk%H%{EIN@GVvP{($@VE#EK!kGg(VL*8jx27@rsn8K=*4#(MRqOv}Kau2SgTbEQ>0LXP8{
zA~qMROHg{)z?gvF0nd)A=%>~HC&Kb@4eSUtbeIV(NdYIHA51&
z`qko#CanGkz(txAeMeG{Ol|`$X-h4MHL%?nx>}LieFtBpjxwIG@c}+3!t-&F`nReH
z;qVc5I`w|b#nLh^Qn#Cykw|q56+#*QN$P+zHkHZy1K#booRm7??xtmMC}cGzQqw{P
za7C&Y7*TRLKEO)Wz^-iw+azU-j$0aG?3z{5JxHv9-7*yYuhJUW0ElNKb+d#?;!?ME
zG*egViaSEGE{C^ZrS3XOmWtF}2+uqC##V$z*1$r~Ahf7aMC8RBkgq7>dyLb88Ppqc
zdiB;mJW-S2X}BYQ>1z|>v0;BB0F!lzW1vA_d1M6CQ!o;tDI&Xxx%VdK-U{{rsHM#a
zCF|v0;kzS&jEOlh?|0B;j+Q1O*lnaDwz`&J!Pj%+JL-ijJezi#J#cdqx>A6mV(=5m
z6EQU=k1x@C9{DKKVvIy_DE}HgQfJai2MrU^(hZ^!
z&0Ky<-8;7fmJ&)Smoqnnu=IcL+`9A)^8VhrukbFKrMSJGA>zD8#K*D|zH9_K6lw!4
z*gq(bMF+lqj8K>x^ie|
zq>JEI9TC%GPz1cWxgc>a3_c}V8KoW`nGpXoWhB`zRB4p^dUz!(R7)}VTOCmVE8EnD
zdaRGGah~e)FTn*21ottVE2dtW^iWIE+;c6ZX4V`cLERe{g5Sf_L#+Tk!bxDRMRua%
zxesVE9yDw#(ERE%fd+jDH251q^8*7-_vyMi*cEMy-+v%L2qz^z+qKB-1eYKlBtpTJ
z!Os{|s^fJYB{RM%W7I!Zn%oTvmb!)~4jz;yA81qW>6zM)roiw~AAcE_sq#6d&LlZKe;KaDCkkvLGYe)CW
zZ@)1M0+OzjMDjiAs3q3fzVj7`&ULmw+qSy_W%A}WVWMcA?W!-xA4zq;A7jfnMUzf*
z53zJA`~q~_D}L<&i@VA0+kL8i39kn|gIx2Q?yST8Bv1@Yyiow~6W@2Hzb10P&Qap0
z^&?q24n0tn7*ZtZP4wezK-ijA
zInvF`ARW=6tt@l$V;_hdl8Ohs6&
zV{RW3flp$o8IgrEb4UUE>&3J|L*`uBq!xehihqRvI{;?*c9Kg&YSWX^!F+U3Zb!uB
zyKzoP37CxmH?ucn?UrTk<|@V_u81BkKXf5=zW&Df35f{cnuZ%3iqJcAGIw7(^X>{c
z%Cd-jaTYXfX_##^`6FTRMWtK7D_qNKGx@RGKmBrrG@Oj8fVUV7)hMe2ZWI0wEACSz
zanBZb&9yHCVH7+u3b#=u+oi3U+NK!XLxZLpGcXwL+r&q16MH&_0dyoN(t17A?KQqO
z=B}*C`mh;3zQFSfB1=8*$SS5$7XVh!iAzxVZKfFPTaU^ihk!dAUbK8eW)TnG&FV*A
zgJ?kWPVfhis4FkH0lHPNXyt3J8uV5o?-m5J{1k&(jcJCYy8Da3)+&AItr*+}0aNM2
z0L37S3_??`$J=7GE2tUC;5nk_tm7my_y({a+%-Is!6l%Sk-^)jymUb)@kNJP!HTh8
z-$O;mzf0o1m+*~YcVja>dRazQ&9WRflT&BAk9%kR}zPj
zBAO|Wa1zP8i&Z5Bt&HkYR7wM;0zrqz4b2C02C+<-vr#Z65o}3+)j+j@gd+40(b+Qn
z*2g{Ku!@s-PNh1DBi#5Q;-j9B|5huaY7g0=o#;M=o(ZFbG7;6Mw2vkR+EcukFc{lG
z9)V~-qS_7XNVG_Nq^-`5WN^YD|$PO5thhfO1yGD6Mp@USN;OinDibX
zSB~Yv;LpP#`_)uXt!ubPre}tJehHQDUmFnM?;}J&OQv^3=_RyXss5ZE8^bWLvqX`^
zkCBggB@)eGe%T|{bT57?GE>Lk>HkJ9F8wbC72P0m@d39P^&uCpN$8@vfyY=kYI>hM
zCgfssvwOvtiySL^a`DM>0OHBTzwstrF8*4J)~h2IJ4^hXbbT&BhbxhbleqE8QU~{$
z%3~xK1LJaGeM~Y}YF^>KPcXgzQC{Jwl)S>Na6O_qS&J0e=p-LHa+;F_Xeg%_$YY9}
z-t!)%!{<$R=6-a3HoU671Tf0=ouYi!pIl#Z9!8$%A1Hr{y^%cMcyTbr-u#CP|K(se
zw)^#NN(atoLaLLv#0Kta=t+1uecdw@VH^&zqi}Tnz}-(VsK>RV3IDsyeu}5XZFgeV
zdaCq96yRmtZlK;xu@7e<|Le>%?yCp{j0C*3k3G?uuNj?LLe_x42ZAq2_(*$FEdq1p
za5Dwgo?(V~VRu4Me6HaP9qpcg=<`_qDi)QaZ!t!1N_K-mM5h_*b=6^ntxMfqiFA1E
zSdJPCRK>S&x_|SP7Mr5^y+w%e&qD?1$v>Bp9Mz7fu`^2x{Rplfj#1mXM3
z@WN+b(8V&`)FY;yV=v;^QF!(uEe%sV{||fb16Ng%KK>sJja*79D=XJ-t{EB`nU<*)
zniv@t`KQb*MM1$32rfpZhN3Qn7!|f=W>i*Y)|!!-sZp6&xkcp`+gh=$*+r?SwPH)S
z-}f_f&OPVcd(rmu`Tkz7@9*_mU)|pKo|$=O=9y=nnR(9PUR9f_VIOMub;0{sA(B6+
zu&C;66sI<`;ZBPP@k}x7l%38cM9BfCtsD~1H~rIH!1C#4atx;!v8Pz<$zjQ+*sv>x
zV~8zbYDXG6Jw9^X5DA$c?JN-U{t;$U9c6*|x0(*28>Q>nmpi%@JjKE<5LvGCq2;?B
zTVi@54zWIX(b{~G{^xqevBy_p#x%|SjN=^=Sz#d#3jI}aZ^_Z%aKjt4n#j6?KlmDP
zj`MiZ0cC!85cf@4o@eaftl=mp^AoX9$H}~dGT6X2>tAw)EDbuDuNIGQoy=`pmY!G#
zmyigHsnCGKYUkjdueQCmOqcm-Z&^X_Tq}3*kegn$kO-zTpLmIGfkjTdh`o2-eXev<
z#i#F+_*l@1QX7NrT`3d39kaez)*#ys$giBj``@eOjbGQ{28(ia>T)682X7SorxK~!
zrHpRD|9oLa@ype24!kwsy=s^A3L|q2S;<`~_?W%{%<>$V8OQjQfud
zmFvRMyTAK`UIfoYrTXPRxK;|Q#S_TBnW?*hh}v3=Tm9;t)AQBy7X;?RKK;elmFWj-
zm&l&IRQ_I}&eZ4*HWta{v)Ci*p!Fia
z`d17J+fm!vtl<#1ufO7iStdI==eZ)V^737o))p(+Ofk_~-)z}=So;$*Jb996RNuq?
zq>0fCGQxJ(E#|%a>k`k^;M{kLA&U8)veLQ
z`dHaT$NsN&(G7S2{C8j%ZEzTNRDYtXUdPY%>QgVHdZ4L%y2M|@
zoM1QC-rimQi*Vaaw}5p1o{CPWDKe~Hq}TecRytH$oadPl?KlqAIH&8E8{FmNzd%c-
zB9#M8X6dRBH91{#t!p9&do(21`VJ}YCA&-2wy)%4*zXgzv}#VJ=+Hg0bsp_v>%cYy
z%dML3&{nw>P&^NBuO7x?pHw`r#h8DV^u~Vpm(7(rqpIFsE`HdR%<(m%&S4@Ut}i42
z)c3DJt|Hi1Hj93$)pk4BCa;y4pSi2us2+-NE>{ih9RJi-+_f=#iYG(Va%ImGdo5zU
zidCKbpRZRBs{Md@cG#&OW1Pxv&s?vL;f$a=kJwum`^kGl=5b{pf~#g$5G`*
znH{#@Ye7r)(+r(i;_ah)9IjaH@a$FoAvO}eG!BoJlPOfUSCq55MeNdAG90#~-Fv8F
zzac;0YI&*Nn9IIGZ6rSCvW`}@w->G^&Tz!Nuxmj%)qT_ryKck=e1Li`#P$P?`?Vh!
zrn;&8z)0kwTf!+dF@e9)e+)+*vh!UPDWj-#GfdwB47v9s^FzM<+frAkyE7+!jcQ2X
zg!zK{D9aV%<;g$^`gE6Dl5WQr)}K_GuG18~SU$GnPlD&0@<)5riB0BPv$lOT-*06X
z>)Zg^lf>>`@M1rhb;;!r^vId#u=UDRYkebJ8;0<ssCAR
z6J;AtQDu0yurmy`UuQS$`8Qs-LhOd(X4KBS&-@ad3O=>m$1JvY@GmlY!8`cZSRBk9
zd{>FEg*mkZx%WptaIKV#V64@y{>yZ99%|NPyHCDJ@PGtp_}thm(uc^)p7jvG;enr{n(+l
zL>&Cg9SDrFOpm-c>t3o-{WIKBoS*t;C_d%)WJ#=7cOAmrL>2$z^
z|6mfkrz+#lexy|;{fq+;8h2HFer#Te(_feET+n`#PNiciLZW=}zQdvfcjr1v=Q4EX9;;NH
z`yBY*l5L9Fsy;M@xf0yD`{j6LX8Bm%fN*^4oHw*{8zqnK+#fmG_4J4m>(id>^Vd1S$;&g
zskUSSJ
z-}N+}+=(@k^7?j<3=4(iVSnEM?uV5oRyS_rgZ!v))$}g?607D!+wZ*tisr2{yvOnL
z)0tFv@L1lYNxkKxYnTnDxc7A%z9MvuxP!M(@A6%Z{3dbLY`geHR`CJt6@SVs-ak;~
zNmdzo6Sm4cU8ZZDa)%`bU}i~>%?IXU+lR|4m6-05M_c9hZ1sFg<%Xn)
z3;Js;(<)`u!+(w6=!PvP(iydTRpTd(Y6*i?OKb4lW!AX}m{
zUyG_=f94HZ_!{fM<>4UT_x&R0GPBU->anSIHJ}8ap>~9n=KdYq
zaNj*zYxN`|RkP`idMi-xPOt+KALX((>#dH0~=
zmZ&aEe?n=+zNq4sGrIio0Pjm{2t+LA4XW(;67tI;JIKU5}6WK$0f9l73mH
z6;dckSGbbCG?Q+Tq+XI#=1>Saul!MVQC$`_s=jN};PPcZD2;0q82G3uZmW@EjLz0
zgtKi*_)9ob%fiZ+tLErctVx{18t%7ku1+9v_weE`I&5907
zU-WwMx{QHqdFkjIt!@TtPqAQ!_{*DJ$HWA2^MS){@w|G29e?q>T^e;p!C9<~oB39N
zEuSjG8yL-Zny@l{$t7RBjG21oiN{#@T4wbvQgYO0M`C=hkY~nwN?=|jox#gi|
z(oRWw+m+PIOnO$5o_8fhn@JUt^nferP>EJYfg}~WlJ=TO6D8>uSJDnM=?Y02E=gKR
z=Dgy5=y$R@6!3@NN_lE(1s{w<){Y3=y=7PB1E-mF43U$T`1p=DvF4d;$HhCXi_!MQ
zv(-g&?O20j(~HE!A0@B3c5LGiqc2~{OwwzIJ(QC2iSJIi=WJQMbM4rm4t-(Pjv4aY
zqiw-0@2iiNtGxORbL|LJd#WyL7R;mS
zptZxANMqzYu08X)?2GI*!fNL*%7$Az`UG9K1V-2bKSpJ?z!aG__^xK!<`igEG>9;Q
z^Sage8tIE}q0IH9pta*f!h@DyS+GMqu5;~BG1HFQ%CQkUUPpMS-56a5eZFql9wjRY
z%}wQC6*fkvV|pFb>e6wDy9OFb{Hi8O1Z>c!iI$xSv4$&lXU2269ud?c59?ivigL<5
zO9{P+tnz`0Y$`?MEcU`IX*x-J@iSzFwR7IKMCW|*Q}eR^Iz@yk@3&hf1#NVmrWQ1<
zP+i`Z!6BT3$`lZMP$^q1SEUIPxf@&Da%`7B{>rlB+VHl}NXw-)NrRP3V~CVo-H{H9
zbo08>yvBoiQ*TMG`GmHWIuEd)`=zzIy!1mIZPlcVRQoo0+_cuWVmGoLb;}wcn=6;B
zo-*&l%GxYbUx{XY64#O_FXwf$LKYyJ6g<3|)EPsXChr20tG+w?6TeVA-TJ^J9eUviY%J^CBBy|JJ-lgjM
z^rB=b_7a-bWfNW|u|`|LNZH(m?ZtYBs00ypl@?_U;r5%&*)fg8K(A_j``GB0CN8Q?
zEF#?~ODr0axM<$!;(0~J{BBlFSitr;vv@CxmyItnCFoY=ZbhVYTMxLtI3E93oLCfb
z@LB7+h`GfS^BE_}#x-g&NBzQEwQ@H_jij&D&=7*Q`8@{sNkYQRZ(wP9eAWA=JQs)n$Vxz
zT3aFQy5UO^F5h2V6Zrb#M>t_6g&ngNafGJ*E>#f}rNAzm5@LxrOMq*_LNop`hBv55
zkLDYADK(k?s5iv~TVu#b7Bny-|Gn7VnH#rI%D
zMdRC~1(pSEu6sF1nLhrppB#&ZPTg*&7Kf%**{SKFsSEAYt3p%L?9@J?sUt~stVr5e
zzE`JKjt{lIpP0bRX=k9Qqi=zD+yy(tm$DGGyUx5L-lVMKn@e0P6T$-P#tPJBer7$W
z^<_xKIz2%?PcT2%CQKP6+9s(sAq{V%-tJ7uaIZEYk2t7R#lx!d-F%85@HCn9EFn@<
z$fA=#a-EsnBG%|$bk2D-ud;sR?^wjmqu(zLl{_
z|JmBKomr&TrWZN|txYA=ZLLjnr5$>0G7WUL%zNdkvAgntw_wDgmoKE_5><71q^o74
zU{1H+%W`T8iD3C^T*9JAcFXgABTlH)xupG$2M0oB{`j3O^KBH_c)43n`rcqUW5tDs
zwCy>EoCPB1C-+kJoS41Y_QzxxLL}VgkZ^@asJ54}l0eVYg4940T+5hu6lPL|1(i6K
zFmbLm<_(^|HH-HMR%narik|VicTnXpRb^t4jKSYk1c{YGq?8XFI#&-$9>+AJTh)l@$4BeR3k)a|n14*o@g;nw)QsopCgiy6ztR=p0Y
z3v1j`i%hA#2gzna#+
zsAB=^n)-%z=hEJw-9v?FVVpP=*F^c@pfoC20ZU(ztJ+qoI7m^Kx%7Cjj)z&~McO9i
zW91v+o%KDX*RCp6pKiZsU9~?F3(@tXKD8)z!0=c;S-FGd40?gp;UY^mzAdn;xmL9(
zIDZuR8$WWalhR+^4>eXTYRUyH;L|y}6RDi0LlscA*;c@#9GvKY5>l+fBp4pTui{`@
z(fAzZ5VYE6Qy^qryIM->V^$AZ5>#Y})S*+2(A3}Csb4Ztg39{EqwBIeLR0@?r#=;$
z`X;H)rm9g|{XsxrerS;jTj2Q6)Vv^pN^7GLcrZ7p*-7DY{y}n%49eLxO$eBjXG}(QsNt-U`OmmuD`kH#LB>bLkH1fFRjyNWS?`O#ReKEH%VClZZO2D&KdU71
z+1kYQ?0<~1@#|?-h3-U^_$&3ugSxM8^(}Lwd_&K(hPQ87BDtBZ#etphH`tBZ^9Fi$
zCe7lHRn3k0H!@=CD{})GW^!sNPFx>>upx=n{3Jb2L;u*2t)5QL>CvSLwZ5BlN0oY7
zwUe_(U&ivXja>3I$f%fY!hE)HP5N^+YOYP(
zpwyqZ0UhLDSIm!4dF4k|Wu(M0-)H9iJ$dE3nA}>wLyV-9gP)mS58v6iI|BEOBoI4JX2bp@fVR_FO3~~AjC`E6t2hsyU1~&MS6!T5@8ql
zSf)?V@n9;NH}8@=&j#^es3
z50NEg&_4A%nkWEC&1V1e+1wn|+SJD!D`6ChaYX~oM<1Y2+ju{`lLX+~#t%P(|R4qbkLv|wdST5~Jy$ezTOPK|-7CD|<8GP`fAivbNgPyJ26EkIO53Cn{FsVBCev&1nI&hY*tIfUHRz5rEkm=r}^sbIL$NF?tkDP
zvz61V$fYv8iT30gur8+s@S2hMUe3;ayPT9>Dz9D$MkZ0|Ww&Dk#0hjZpo|uch
zwv!hRJT_Nb!NZ(kXgSlg)_0Z!Tt&eI8l7Jr@+Z-YQoMd%Q1V_RSL{MhTefF#osLN*)na%bXAq>
zSf^wJx5{T*9Vd%T)1sT@h-2A|E~8pAOJIWc
z=c{V#pGAPywD-%9b^Ja%RpO^1`QZ-14dS%FP@?<
zTI#w>U39OLjupf9AC5n0ds(lIKE4X38(J1M2VDPM;^p{Un~-1z_rzf*ajC&vS&n;7
z=jgI2C8PMuwvv>LgZ(V+IRq_yQD>7uyI6#3#SQrfZ{2_YY(DYX;<)eB!c1*WDox?^
zD^FTm70D-aNB81PJ$iqaZH<-boes2yqT($Pr`DF4d#nrz8Fjwmh6uf|$vh-Wt#6Ka
zfg=fc1q}zuT=KjwqrN4%eBd3o>9(9Dr%@4W>eaO>{b!LxFKeBOB)%9NN$i_tM-qGR
z-W^Gdli6oS5>L+5En6;H3JGR>p>81SV8%x;NRC8h=PxrO8cW;}z$e&p>HtNJso2-W
z=Y_~DbI80KnT-i+>yj-GTTglaw8|+PzezZ2|sQ?
z!lrg3i4W3*|16St?_TT3%u`BCm`LIb_Nt8~
zk}3w_iX_f;xb7OVu{Z=Gi5pY}fjClWhVJ0$VLLd@(V81+4OOX#$PmV|(XS4F`ocuF
z)Qe52Z@wF@kDoc>%MlK#U%f_dD;US`DLt!51
zWKLVll4JGC%0b-A57F*NlKQk_jzGkJ{N)N@0NjIafY
ze++6&?;wF{=0qScB$jyiS$EYc=O+wpNG$O~$r&6=+!n6*3MpCBHnjE1q$FxDyKJ=q__s_D(*nL(r{1fm%m(*yY%*_a1niSKGpqzcq2L4hjkr|Bv$4XyG9Ijopf&T&+ED^=>2)%s3)#C|^;
z55cyiojBqIwZWI8kSmUOA0AM}5qs;Xqt)MMuooT1u&&f{ggAJeR4f65piK~&`2GvM
zp&^~EmbHtb!hlk$rAJDD?8REyW*sf&IQ2C119TohU)KD9LQf>c;X;jPuXRsDrQE}tMQFYB@dHlsL4M;~
z)+Xo7RYl&mi>wYU@@lvu586d;qX?aH1V1|Zen#D)C!P4T#?}t5hu4PPi9sJI+9X)2=F>&@B)d
z{95cqbyA=1^tR>tc1k;9pFysyMO3g(=Dk^iqb_N$-}}{I`i*7Sf&}Yg)K4+XWVa%q8MJOiJNM@TQHCq%
zml>_QL)JOv-@`8u<8U_0vj&Cgn)G>~hN-ui@|&gCC30SIgzCB}<0LTV4%MCgpxAtu
zMQ`Z2r9326sNKY0-?u_`+Cjc0Ueru`MW;DKb(_Qql}g0c6{>q}xtdk(P~AG&tE-Z*WHP&JCQU)oN6)7i-3}*0)toN+KV_RbqapUuHSF
zjk#ZR+wq0T5o|b8V)SJV^`(ckz7y23Rr!QiDe<{paR|;OIf8R3lx#51dRY&N%tT+=
z_`Rhmxk_YtN+GN>GhAb4NGh+8Ck08_Wu{zcr)<_KSb#b}o@S^Ydr5Zu3bg)emyW7k^fuv9=Wa#2#zIlU
zxnUAgB;kZG2}*H4uGVV7lQR6Zz9-e;Ru6-UPiUK3y;~W~prGd`Jpqf+PsO*et}ue?
zej5u)h*ARA*hyQ8lJz8(6Y;O(wY~iTD^kmoELGaCB*?K>Em1|H=5UK!x$GQN7G0@b
zf$RI4Hi?JQTMkS3m5=C>__HXIT9OvLp+;F({go_K(vsQ)`SSxqk_`Kvnyh#Wnku-)
zpA)O+osRaDelMC*6HB{>QOS^%~&uHv_7P$Pl);cvgReXx0
z%C{e;%88D^WxX8j%L9)+XouaWvMW{`hS*LUW&x3WMX2m5wJP2kUOhU=&G1
z4u}RyWu~K5wH*2M@O2B7b1UxA8PANu;r=)Vb3o2Q<>G>Cj-y257I!=|iH)hQuGY6#
zZra(VvHf~2EKzNHgH7Xoy-QVtSd3sx$P68dP@{GpCR))rhwXOI=4Ff&(96(iR2q~z
zz)t-)b3Q2bR6F(Wp{Xr@3P|1-n))fJ&X|Bw`b%pAMeYeL^0X~5D>St#!4LGuLUuQ&E|V=tpC{@|TG#$`W#m
zTRKSC!u8Z+7gU8G3wmhCd8`>oJ`<~(IE+BzbvnWcH{k49a7%c0(RwhUk0t
z5@TASHn6tvXT`ki%ZbTa$CX?T7c^~R+??(~8F#H%gmw?BSlxr1>nq`kRN6%{LyIg4
zS0vRgagUiO&)K7%(`p_0>ty!*!jc{Oe5U-6y7T!=w9E6>>^F}d
zIlZ%3dLJA)eL|gb?dLPcvMIsW1R|&TG~>5KPUY!PnqDs_T<7zd#j?Vv;Hi0%iO@%-
zc0;JMTp`pQ3#HMl&)62t3Jsh-p)xoFr;nix37ld<>IqHD0PmFTC8Ew|u353uGH27Q
z)a!MmXxxbMpp8%xuxm{XM6hn?|
z#Wg9?{5%FkPZPeIOyaW%QGo#K60xmPQHDN-YB$@=W-YALQWYEF6x;4OwBtQ$^i(a5
zcCJRER1)l3!`32=DNjkU8>PDXEbHD8W392$*@5DI)n-+KqpJTs<&qg|y%=}5x{r1A-|)GK9`xc&DzW35WuM{>y-YwgJa=0A?L%F4Z%80RYO
zsw)EFrX6(C480bcZaloY)oSx#3GJ3mLQwQIyUM)oh`x4~Lzg4^x>9_Nig&smlzgH{
zCXOrmiqB3|+ocl+(KVdA*}NH))M_Z)>!nA?Erq%Qap~ZD0tLYDEV4P~eUFE&=G0JJG$}Wo@*8W$S(RE8yCLEw@f;J~d
ztoAIc3F05V@YU)4pQ@{xNX5Z1K}vj7E(Sjca1R$v&0fdg1{KM&Q!gYnMCn^4OclBc
z2E1Kh0u|%Z%y?}}Ao!iFFRB|Y{s>?DVC|k9N!-6^O#Nn7_PX1;bq5k)d-Z
zx^ug7SkH8de`D;|$pG?xdyHuer8vpZ`iETYs{cq5>&s1v5~`CbE^$k=pZOFQNBSLV
z$Ja5|u7b<5@Q4G93aGR}mQ3@a6f+p0gO^wX=t%h5>l}BplKbzbwBAJB_%d%pp7Aut
zu;XJ%uAYi+q#07oER%KST^nz%^;si<5E@uXcNGfw?k1?}f7Rc`S;(|dT*}uI~OFuzn=kF`n
zot7*fC^fjmes1R5FWY|l*j6R^E)L1}u9j2&3yA0v3FcNhj%yUb}rOx5P2zIJU|*j)1Tmc
zmsGx7eNwbs@
zsA!uEis2QRlJ%U+b=J|yEZ!yxK5=&ETBYd|#RBb?m$|B`p=_gB&G+v1^rxEF8Yt|G
zlIdIeW|vJb$p|O&{jkZZ*3m^}%ViYJu9m5KZ@fWmCcp5Vlus#c4O^=IVX^d&)-pKz
z_4^`u|EYQ(h*7_*KU%umDj%8E{Ad_!WAr((G^op>Q(4#=qxqlZ9L%M58Mz$`LO{3E
zS+yG1Q8bW0kaUeC-5WM3o}`0QLyL5i>jULF_s6$4P*zr}{+068_WyKLub2N{uzBZ2
zrGT%3E-Fpbxi1D(vN`CwrJE|Qn;tKHBexq3wKGX?4hbPmV6VP5#Qku)8uj0-3h6&h
z%0UXt|7&W<$_GAb8frbWo69WMQbcWn5}%bzx`U@nGt573YDEdw`?KBBZZW0Z6DsXz
z{fJtPwC7zp4Vu#a?2x9P4-d4hyD4pGsI+Gs(&jm&r8=Z7CN|>e>3(zid@EZncTaD2
zNV~ux?PP~Ec|P1B?Kx9gRj9P%9n$`>(C+D557_S;aTgA0xu&!+q0(N{ab2ai2OQGw
zK$?4J(`C_6nKJ!Dr_9ZibDHOCG6)w-bM#vJJ6aQ%0(!t>!xcHkE>i#JkRm@W2vbX)
zoS1YiPlgtGBV3V3>>_!gMeYq(WTsu@iqImH!WFs1E)q=<-_z2!;J=Go(6md+I+sS8$TK#v5oNbcR;L8AYDqr0w7m~^}N*7O%Pv!b}@|<%0`h8#Z
zeeBAob8eMAe1)|?kbSlK$oGYa^^|JgQM))rs*>8v)Z3&XDxpj9tLoZvNp{HjPM1|T
zSj`4B%~Il$R15XZ6qTa9zy%MfMCFglm#aM1s;APs+^!bB5!5bAl4`YeFNq!gC%(^R
zw=KtLExAnhUAvecHcFcMHL26Y^ovywA{sALO)+!U`flSO%L%tqesmdq)cQt=OtbYp
z)WlSSAW46o$@as&mUyo|INUaGCEz#&IA_ELDY{2Z%7CPFB$=jrU_BPH_&z=_*dZ1X
zbniYUaPMBn8#qn|;w@e1qGQJ>`{qGp-xXp;MBd5=-ac4c(Va5u<*|wKfybGbX3v)9
z$UUk$GnBJWYk`lozRj7WN>cg2sb+zJwv1OU)nfaH$f$D2@R~9Lw*023R=1+Ul+aud
z+=^Qr68Z;ASYS(-Zc2DQL_&9mgysz0k3bu)uq9k-O2`V4@F{n&wPI?0&s!4IrU=y>
zKQGXWC{se;5D6{_Kgjn(|mHYBC@1gTB?x3}>7L8(3M)TcvJBkk1E(A51i
z0+MeFP2FXujt)&-XQy63s_z|Q7&te1=0sYkAK+WiBtIj-!xj_dohRNh{u2WLTRm^=T_xllc7W^2XT2RC9Es8zDMVafEa=;G09~e
z*bJ+0$Sf=>DRUB>_K$`*6moZLsaF`-cf$S1SwByvsNp2qukmO&B)V>N-gJ>
zh+6c+jAhC~13D=q#3jG{puT8cY2y}&c~P>~7w-@nDK;DI>s)^pu8Oph&Cy}KzVA{I
zJk{IdrMGJ(w&Py@O6MIeEodoAJp2de4}=D;{x0Y$8Go*`?aO))x3u68E~KT5uPr%L
z`Y}DYoazX-wUl;{>-O_M?H2e<{H~*bGeYgbmHPPI8btYc5V17zu)Jdt>c%gF=m_-X
zcSuP7u)_yalU1&i-_;EiNYD;ARat+yZcDZ;^1xl-yID_>ZLd<1v&VX^DeL(3CGAEyvI=!Uv6mS3
zaYu@9Y?!0-ZjYyGDRA8%WxcXG!D!PddsOAOE?VUGMOyyVW&ZIO4KR%9UB>O=LdQ$g
z`+l!?xxa>(bC*puEZECyoZk_sqgq|u?RLeWbdKd0yLv{BKx^bjp7^>7M}zD*RH^-A
znh)nlr@EoM2I
zx$Fbw=WET+waO)nZF0v&{phuF0~_S2ilEg>U>S%=e=pIUYb}0K%V;N?g2}U6bDq
zm9bGOspAPjMoUJAmu%jYhKAp!dd47*mfvg9p$UHHd5&w6IP8P&N9ax~MLTTB8ijyv
zMSZH0zu=#P)DVkES|)$G!S^BOiSlThxTG?JZ@TyPvC^)WRm8kUMb?e^(q87VimiL)
zC@Y0(ncIdTH3^)S9540XUCxueWrhQN)k=B~~v#
zLPp0?^|8;0=Jh(Ervx=9v;K>|O~P2QxbOh4V{FZphY47~=&P>~P{LN;V+wQq(&GSJ
zh;x35C&-|QYbjnu@fFUYk>5^}*iHE<-hM11Y*!3vW(unxt=DN{8JsC3Tba^yoqA8U
ztMv`N4cI@gM5HUzRQHQY)zjn@Av&ZlpNIJ)Nz~K;H^UWD*+;U~Q#z^V_p{NO{BUMN
zQiOm;EA8AXd!5=u_3*DRj~)`=y~QVeVp6!&WHI?}b!&th;1v*b0A;-7-z}
zm9ix38|UH^(M7Fqr@1988!e--%T!N=Sb`cL*#wS>Njh)*uB6w0>4*oivV10UUS~o3
zG3MLNVrsmv(V7>-MDqe_ONpuAjeX~_%OZJd-tkm?t?%g!q!!QHY!v)~tmgQ+r6`lg
zVOOFYyXr(lpc7&QG)Il`yQP5^VtD*Ev%cJmhWqZV2%M69Pbl>$Cs)G0*7paAZ@KS=
zV(xmj$cfroy<$Rl4bIJIVCQA|TC|-ZyL;2mbyx4j|HioIW{j%M%(W9Uv%O0|rkR?7
z@BwzRDw`(D!O~a1#YpSQ=r5(Sf
z>cKvIR}%lUe@(Su1|$D_*^5cO($AAizxLh!m;}Uq%AUoA*uSRQ?kaODR&WHh-_1mF
zuNJORskz0am!K7Fp#<^D_@jb$YcEnOq-=p$?`ZK6S~8HnIffvpsy`jEArH~XBedck
zI_VmHYv*FF)M4z%w7WVEz3n%uKipZ>yEv(W%}(`{TAE2_J!Z*b)|+F
zpDjPk*mOMcJlCFI&D4&vM#wm=(z~#hq`+V8++$rSt|^opbL`J4@_DBHIaWSTv_E4_
ze1C>^P|6DC}EtAYP&;J+I9
zuLl0Bf&XgYzZ&?j2L7vo|G#QLp4#&rqgy}BGdndaGtDz<>~+_A(sHI1%u3JpdS(^m
zdp%RrJ?WX=jPyKDYPKgeFE8~@PmX$@Gj(SAG_MpaNGBep{v{SpOHWTrPxIt^Q>WdQ
zoH;Ag>&eXa`egUT$A#?y;t>7^8CG>
z^zwGDOFh4=(e)iio@KmN{y*?qN1J|2J7&|?{bt@>P~QKR*Fwt8&JknE&&eJb2LY?_cxwj~}dYU-Jo@bdQv^v1=2P(;Sy)%
zdhhh4=TA$`P50!d-(HZOJuO|Dmha7@U&ip%v?HV%M&!0u|A8>CGlH(g2Yn7MGcqWB
zlKD9gmhi$zGQ}2Bvpo5kg`Q~{=nEH+m+!HhfybNU$xY46PxlmLXHLsWqdNt7kr}Dp
zbgpOW?ixC`j94nV5a%_ifReYRXG{61=`-j$mr=#Eoa{7DMrzh{PtJ677G9{*kCoJ}
z76*H#=M?05(lTdcdhG@){fmBoL-~yKLd(^2Q+K*IH8ZPUXJuUcFR{>@hau!-pMOV2rZ+u5m$_pauyXa5
z^UnCN)&J4^t^OZBX!Rd5d2wB<{}f&~@>1^fnu4x(2$RQIu3J!gKlAelIFVP-`oaDqE9VYt
zH8I4&PVD43sJsKyq0|z*{?~z)4VVi7nYTNeL)U$
z7g5%p%9ze9zk0fw-9}!z?88uiqZk{f%+#!rSvjfRd?QhIS)S>6IkVJ8jK$b`R
z(kQZ0t{otIh6^vkO0Hy0&<4g|WLp2s^h@l-;RTtZSTm2A9&e{R3L_*m{gRO^JUMxH
zy7O7}9f3tW*m^fFH80G3a!vl-t^Uvd^!4T|+e>G8k`50Zto9)chGpJk)q1V2#`YQP
z8HpXR+h$D@t5f!`2Sx9xJyQ#&PfyP?jCSP>%T7zlOP`)u7$n%7Ufvv5%gh;SZOK*n
zWVi4?koQ{~nwp=Vp6B(*M$IEeo~|t@xc&L*)_zU2U`;lCU}2gd;SSC$o(oL<8ZKpO
z?Kv)uyE8Xkc9Z{${UpZDDM+@H)7AL{Sx-LF=0Dzi{T`mjYaXvb=1b~xG{PL~ST&QJ
zqu;xaJKKD7^rigNoSZCY-ob-&a?{yj=Hv|xC&;6OQ?B1rw1e06yk_!R&1(s-;-~ei
zeYuxib|k^Cu5I(b#p`okKl8fenKu7fynZlW!Q+^kf2B4&8OA(3PG(+uzPTw?-8672
z>4qUAWNmEe!)$CMb81$)7{0c5`gHsHHvebOwfWn4o%MX1{{=o5^FCQzSibja4zxK1
zyrz5PZC+~jjC8|H8y_|?EvG>02q{Ees%`Bw2w7^+_soVi|L{Mz`Kx*L=KXG78+e7b
zM^)c$gB+>u7C91*)E>zu4Z8KkHvdmAwD~hOw)sEhwSdp*yhv(C4;K$G)#R=hd4Uuu
z%)cYmud>sCw_j@WZ>etczs+k1@0)nl@sjf4brPt>UB7fFkR+v#T))oV&+u%f&P{Fp
zTVHPT&*F6@pU>rWwDP+0e#VJ>zf;XCZT>yHB6&ZM*J-?tR(`sy!t{UKt8MOa+x)Na^1RmOU%_hfUd@~x+VAl7E3e&tBaYk;yB&If
zj?kLW{-D*Itl8;f(%D5w$iOv(I$B{3NmzY`lxKGy=Sj~_bGrNAActdSTC7zzPR`lw
zijX*p>_Lyxu30&=(?_e|&5`;Pyk5;n_v%8|67b27?GtD2v#dy|vnx0EGiI|fC%`Gj
znV!dRTc6o5v(uIx+vLn_+3+ak@xT9cU#-hEnES})D-5HEm-VmVb;GD(xB0~|!)Sot
zLHXD4re7hGtNhxNTS*t8Le&cf7TvZNctG(oYU`|
zv>C>=ggnH|jPtLyf*|K#n10@+{4)YqtP4l2N3St)9`WOGM2hk=XJoUlXYTef*osS=
zGT52eC&ea)qTLC(&dns=MITa-v%-#G1obiOzud~?z#)4|w$&)m75
zv$OkndiVCEP7@Oni}|&{@1HT-@4t}OLSCoxN;coi=l@%;x2UJHG1z19M|Ee+@%u03
zwV2ljyiU8z@4uhdXS|B$`u%s!Gww1xT@6YA6k=I=d{r)$2HSoIm
z7UO2)7H#{E^=hn_*hSin$}R^FR`#iu8s)FT?X8Vz860I*a{lCg_Btl-jGH}19I-#M
z8t1y`u7}_wYZ0+`J)EqK+abs28$cNvGU>u)Cl_?N--}eNQtV*82U|^LmI^$7kpZ
zuT$3f{TK0)1~}@M00NR_u>SMT{1!Qm&ggFFI|FQtrD^+bXF3$&37)j^lb~tdaiL?
zV7>ay>z5it{%6KH?sk9vF7R2e7yU14N68_}hqeAVjoO*XOphPQts8B0I#pl4*m+4c
z$;^MLb7Y+nBfCD^jKkE|-&x)nF^V|zm?3e!4P!?nEAW?x{YkuUKEKtU3*-B7uLE}G
zAwz>N!nl~HkTc*oSOOn}YvC7g7wk2!)gQ&QP2g`N;$g45Tm2K@23QEE7q$AUU>tu7
zvI|cAW2?UzZiO*@4dY9mgp7w{cj@*wSmb02E;Z-B#Bw)*Sglt(Csx9H9DtFbVFd$K9;V(!Zp!oA!V
ztb$|K(oVQ~9ql@wIrl96f%460g>WWZ0hhwf@Kab1H$K8jIT)U5auo>3ClfGh{;1pM+J;wysKe1`dbeN!NV|@e)j0l=C6Qxa05I9>*3mC+Wal>9au*{55Q*FITCsF
zt1pa)qhJc02`A9MQdkH-hAZGta5KE8W1GJLu7k!UhH-f(+6`C2WVjh-!Fsq9#vI$`
zUk@wb9=I1Cf+49|uQ3FPsf4;nT1h?ty#Y;LenX*TJs*b$gHB
zwfTp_%i$#WAzTFeMH3T%kHcNC4*Fo>@ooMn_BQKaEc`o6f>9?B3xe6O1TKPW;TpIL
z_U%Hv1Wt$1LkwdHjDtI13XG1S-7pST!ufDBdWm(a5kI(tKeMN
z`6TQD#=;sn4>rIGXz-;*8=wc)!2~$;Wb6uN!y;G(tKddh10%aq9*%^@<+LAq;8vIf
zV^5*qa3U;$OW|6$8t#J4&`E(}Z1vkJ+Fs3{GhN*BBEP-3$=db~`L4%XpxZg8gum&cSc`i6JF2DlU&S2J%fLf`Nym;g5qK;N*(K;|{P2(E!ia0grs_rdKjauoZ8OVAf=
zfXQ&&Ap9eoaVhf>&VkkNQ@97F45r>|n1|2fmbaP|$@H(Uc3!H?k@_`3<{3oe9BavetBzImS7kn0u
zfWN{Fn4F5<;Qeqtd1mEsV*xWoQ%DI5mZ!?AETyd5^d3K*TvyoGV_TbK-w&!ap%4=#mw
z!3}UX+yhU_NAIu~>^j{rZh`|~4jc#9Kreg;R>Ch~HH`359-a&j!6evq2KEmJzz5(s
zxCMIQZdeI_fz@zO0p;N+cnD5{T{EyhH~=nz@k~l1ulhq;dk&bOuqyF
zoQeM6P>@*+$2K&JZI00^eb6_1@37g>-7&D7`b2sH-1x$f8Fc)@S
zz&Z%G!WuYtA$9_{z^H8Oycj!!qhJ#B!VLI0EP-#pwXg~9g8dg!9u~r=9OfmAh20iY
zFPsQ-;XSYdu7?|-57xn6OK3MNg0nE3!#yR-k=9=hE;H5Ier&5!F{mjGUi`C{eZpT
z{cr?)52nE$_u{uWyFxHDc9>CsUN+tS-K3D_qSx$Rk9W)Bqk3bI`
z{viE;&##~!_$gcjJ3T}_FdpuJvmd4&_&AK3%{*PjxWoC6pntf(3jM*pYv>=$ewy|{
z&pPxDTh`;(?l6o~pF{6(0Gt3fJdgh5^9IHnu6cp+f)~GpKZL_KQLd2jgoEHaZ~|<8
znR0OE7UaWQw~_Bo`n{e0z~mb2310p>_5hc_4RG}i_H%G+Eqa)PzILGpm;e*txOXTA
z*TNFm{aySOoB(&jYS;{YFy=1Kue;F$Tn1BMhreKluo70n9q%z;Vf6dVSC|Wpx%iI{
z7%#XACc%{-Q4ZF_3fOfI?S;8;+&shh(zvETm^T+t?)~@7q-E}@Ql5bznk&+jCR4A2ZU=e%=R>8Pt%EO!C6y|jaOkm!wmCtY&EP_55#XLLdd&Uj+hieP5
zYgh;Oz&(uXA$Ul}`3L+F<90b505f1TdMJT$a4k%RyI>ad!KEg!W#5395%o-
zXcVIt=z&{d0{jwAfl-HOC+q{O;1E~?t6>A&2?@R#gMXwvoDCD;gK!Gm0~f)`KT$ut
z9qxt)U=utHqtXBDpJ_j=gvoFl%!2!2^b-2rLOSdZlVJ+Xf_ZQ$Tn*R58n_!az$V!F
z-<1C&=UNyCN5W)S0<+)?a4D>Z>tTmqC=dJpioW5kuxknZg@fP$I060w3*kMj*eP5K
zx5D?}UP*_CVSF3*S;~43hr+pV68sz%!QOuSCL9BIz&yAQ?toGE;0L(75eJ9EWVjM$
z!8*7U#zy%4>tP1m4d=rq*aoA^SYJ9&9zG9~;kPggo^%Z5VJut^N5S22CTxOpVDwV@
z2jk!&m<&5dQXbBMOJN0E51)d&CA}l%p$A5n+u*Y$Je+E1Rm%^;h)C=#2yI~D%f(Kyqz34rfdSMD22Nyyw
ztb~NfltC*
zxD{5wf5Q!MR5!{)FKmV-FlIS+0OR4cr=vHx8hYWkuo9-7f!<&ZY=ECb<3aoY^uR6M
z`E63T^Y?sfDBKGd!IeE|H{1_*!Fzi$-tbEp{U`P}f1qA?0H(kZy=XTa11sQMxB)JM
zb+8IH!;LUz1$sM&@rJ|UI5-}9;dWRF>tHo(gL~kB-q;Hq1G_$C7=MHV;0`zrc0HH!
zFsd*10#Acm;ni?2^uoii7emq<8
zuwncKj)0vnKyUEE{>&3N0~}Hs!VFjfAB1b+I=BngKp%`BguYkfhhaQSgDG$h%!Mmp
z1>6KTz+JEocDR)Bf`eepqu3vehaCo^Z}|+pa4oEadtf!3KLmZj_uyf8!cg>G#s1(j
z<`+B!r@+pa({C6Ht6--q&=>3lo8U|s{g`2V0OMh&1lkS9z+C8s6)Y^SUT_zj1fvtN6L=+D
z1y{kX@Oiiwb{fh2T7%x92hN5G@C`Tx`d|_CTt&a(wXg;*f(@_^8c!l8iSn>7On^h-
z6gV9g!4mWq^l_pV<9)?j3v+mV@6>wuqRA|DR2>72G_uk;SM>Q(*>N3QORJa4kFlcfr0lF<$U4
z81+2oRu~IEhDq>Sm;sH6l!r6mTDSu4g8za(=((Blf2Lj-3vYr+@Nt*{lP59H;C8qH
z?uB*mTi6Vz--6yY&<;2Vz6&S8s9WhbOoXf8M7R|e!o6@cJPe~JW2Y}*pD+Rb31-1f
za4CEju7{t&-SDI-_y-sZqc@@-7zek*WcV%2f}T{$!xWfO&9jLx7sgDbKX5o~h9xlO
zCG-#DVR9Pd4*R4t&)^(b1$V(3_}UEg2D@jVw@rreI*f;r*_4B?!a|tfr5v0JYvBFR
zcp3dc4?F}D;LHN-6TUNtae|}nVw_;7xr`I+UQ9dT{w3&nGk(4VJ;MWV0xT+}KDY(0
zfF<`(A3ULqeG2@1DSCQ^aazWFguCE4m~}7X15+v(ADHnc{D6FZ82!Qyk5Fz4`!E;>
z?}y3oTbKpAuSUOcE8GAps+bS3{xSObD(92O=_l;G277`hJc&KQPV3P>T(W_A1V?P7
z99#`s;33#;EB5jt{e&fO0*tMuz3|jc_$|2fW$XbSfK9O5X4<=rdSM)#36tScm<6}O
z^)TfX{0+Px9)fScuG`rsY{yT+s@KU6cfN_Af`?!=oVOFZg|F7K9=~Q7kM3ezu&Q2f`{O0*!6YxwQvBu_I>OKE`wh916%>)>ljzq>m%9?M?&Kb;xo_#m%#+M9!`Pp
zz#_O8R>9~!*e~o08(=at-eg^Z9+(Rg;C`3|JN}h+!(MPb91eHGG}r|1h0!~>?*rrD
zyD%9ZfLXBf$CQV?;CeV5?uJuf6PypD-!hDH7zZDP$#5IYf`5lg;WuzSG(Mp`d=NIt
zXa057Fe2uRF(L|MBF>CHHmV|mI=SARSMJus{`hNnb3)9>6S|G+^1C~tii|7H7~J=w
zUOlC#lpn#X@K~Ptf!05{K8aTq*X3TX^-pAac{SCy`cIXMi6_J?>2T%ookmkJA0@q#
z*O#Q93C^3WFX{b`P`;A%_#>1Tu@Q4plGTVE`|vGBgmI>G
z++^%JjA`|s*8$(}e}s*XspG`rV~#nygKCKA`7rhTj2=!Bfz~)&ZMU;KG6?vHIZ-9O|AZm
zBgywrP`+~_mB8-g+d;c#-qPy7$9w?*O11DIbaab(35DIj-{B
zU?sg5>A#T9R?;rt;qid{5u`7f(&`^bdu{n~O2NIjR874Pr?&ck=6&SJj(#u>9U5)D
z>?PmKsjdEg$cg;-!?r9LFOMECX-_rvo7Uco;{>*CViZ^ta`fijVWj(nn@&9;6HlW%G^^9@E$b>}-K=9obHWV|NaZpzDb
z=X1(SCf`rwJ4576bmWtM9B0e(lF#SmdpD$gw>$Dl`@Xi@w~Bn53iyr=kvGYm@0b;~
zydC6|?;oEndYK-SFT>VL6ZsbMwc5#&FC!@5X$)rC{`c=pYv}3+qK8y5sNI%<|
z?pQaLlD?bt(a!V^Ba{H?$9mF#Azj)Tkl*1wl`j40PCqx^-Rl3C_mR_A+IeK0cG>MX
zgq$fnyPe{ab5%f28geQ~A1>o~p+k&!o5KFUOHSm-P1hrI+-m
z``h=I`=lQan0|1rqrd3I=?AwWr&neBesC}8S){k;2M?28Px@$AKSu=m*}XI4^QZ8B
zP>nz7quNQAaa)g`myy1V{zU$3g*|SgmL5|adCXnMG9r?15BUzQHvQyaM}KA99Dee!
z$a~E6YZp55iM=@dWH0(9-^sR7{KlE?e8;S@{Yx_WHmxz`^>F8N%9HUL$KMbrKN;o7
zC+&0i$yMYV$=?_#KY5lTpR~{6CwGvq>ocaG?Cj3x^pj2GyPv;7P<~PZ%hoz0cHr=n
zT^Wal=S@F(YEV9hpKSUadu#qypglhs9Zd|Topc$exzw{`gXt&VbBw3-&*3M>A;TOsPky0T
z`9c4mZ2il)JN)2?$Ps;9Vy|Qu`$~*l>J0y4JXG>|nEMtDQAkK;kapZVO?!-xyj}t}{C%~@@j+ZHT9hzYH
zS?3q$UifQR)8XTHj~fLa1MW9BWD&zU?1a%jU8luybwYrr-WZwBkel<1$MuRt--1(_2QU9su36@KN$Q_j&O;z;hyty4U4I7h?qljAk^ZO*OkhMzIF
z=Ao`z;4=sQ#r9b4m@NZ;8{BWq)`I83{l;t?c*F1g$7DbFO%-_WI($SC+;2=qfG-92
z8C*I(WR~9})ac_63>0=x>dGLwges#o<
z1IbTA`Oxe|Zas5U9bvpb2R^glGfw(UG<5TiGIzH7#iV`j8-4t%CnXvbpkIQRu-4Bj`&
zezbr;1dc=AZG*9I*$UnSUT(}~`8@~Vbv;!1S!R4oEk?5Z5b##SKf&b2S~m$?e)rao
z&jH_Cq5X@&cY({fQXFSvp0t4X-i+%~li%phlUDGN;N|)+=gt`PUvin>(0%v2b;xm2
z+W^jd>fICb9)5m#7y-Tp+^?Tgz&BRl^T4-(`;Fr=@HfEy@~{?M{PD~7Tg^OJY9l|4
z_qKt{--g|4a@ogCZmz_knA6xp_FH4a;QhcaHDg$6(?-sPDEQ^zetn38PX<59EI-Sw
zKMDRlaJl{z$C_)89IFDxashaEd2ROby{-@X5v+Ev%{Cy;Ts$+FXU5^pgN!pAxo8C+
zE91Oo#F5v6C%JLD_QJI=z8`*LNt}e!VA4<24j;ey-4D5t+?n71T3C`ZbAInfoPOK<=XdYJu+I$cH@`=K-(G=F
z0bdO6H#g>i&jk4O
z-R?iXmLks3KXZOPXTnJc{yud@XncyyRSKsRx}h{xHSN?zV3PxGeA2zA4~w@RQB*YAF$6yf+VAwr{h^We&LqBm0ns&%pP}?`cS$
z1s?<+Gh^@|mpl(X6?~}4zvuQrU~uMu!_Cc+@eDHzKDz>sf+xWJau^4n27bI5e}-Fs
z@&NJEj9)UJjXm_PX!uiz@2qv-X>$AESu=McPAmK%t`DD;$~;wv6(4VMYn0PaATby9
zw4wYQybcA8dW`#(32;1j$CvFF!l!slSZcz_I%a`4f|qN9JV$Lq9g=U6=cp&|a$}$`
z!Hw=Yss(X|;I~Ko+S(5lOa*t^daDtKZAEdh7yo+(J_nn}x7wcy%9><*d-ug}nc=rh
z%B?k$j{tuXTwV_s`+KPx+c4gm0{#s6?IxGw!t=X~k%Uj}&M(^+m_F8RP7uk{;Maru
z&95wY19-foygDD(5*~W{6qf38gYzcX$)d)gHNSnsR2H(f8;-po50tB$IX0M?mXU$
zcC>*z^Z2iKxcw
zhL1Ck&oJ6+%;R~8^FDn1=D;%Wt>7z4+Ud^Ywct|<{_}Vncnf%?c`R_SulPs#Hpsq)
z!IywP?mZUncaMcJ@ag)g|8>T6@G5Y>b8I7c2)x`HC)=)Na14bzM%-VLZCnVR1NWOJtHIv@Kh7*~>|t*L-&Udg
zZt$((<{whQ!Ot&W3GlA}^zUy9
z{2*|@e97NE>K_ZWKT=90byk9N<(O>1m<<4T=FVTS8)n{T7;{JdF6c0;t?a#u%$5AT
z(EGs8FX^i~pe4_PzYOkoP8Jc|^MQ{u%Nx(NR7wje_?FkDA%uzX9&o
zzBS-)SBSp_{AF;z_U#4#EjTWZ-2Pwc&PVw>zP|_eTZ4y#%l?ls%j39~Pv4yWgYO2%
zGUvuOuGQy)?*sR{7g!1|>^9$f^flmP!2R;K1$-j7-|@5;JO++K*KHs7Wy5%@=SldT
z67ZPG$c=N{kATlT6?|kK;_z7mpRs0~@4Ick*`{4JP<*hr5$7L3L
zQkDNa%Y&Z*?w2Pq6nO&on`dG03oFErf{z9FYkwU48{mHPED3%Qc)4*3qt9vZ3&1Ol
z!+QAKR>4P(!%p}-10TO}sK!lDE4W`jh|AQj~l?JRj9uSd=j|d`K9>)d;>WiL%Q{!=jMMW__>H*Zl1~cQH_UGa(w)FJ-8fS
zKRyn89C#PA{xjYB8^DKx`?aqLJOb`_zGwzN0^IL7-T*!b+;9HwWc_~et8sxQ=a1j<
zQ4cQj<5zwh_^IF{%>EnKPz~T0fzLBJKc67;-vs^~c)4r#FnBZge(*}yiNg1*y95)cMQrl$loB}gZNjO<(+*<^&uU##``Fs}q`xST|d>**px+YG?^AB*pxflk26x{E;6a|08r~WXS90z|Gywdec
zBYa+|;3LPW89oL0`1NB0c=yi!dE5zJ4UWq}H;=~W(5jY!0W;L
zBYbh3jJ^E^@Il~yd2Ryl4}OGM-uQe%Gx*oR{pQIA@E+iP{o4sX5ZteS)uZrvo(kpb
z!H0qS^=};bNN~UQHGoIJ2bujd_NKck5=H-qp_xg
z`;AXM_<#z09JtJ1x&DXIr3UaiaKE)k`YeRc)CxZGILN@K89tZcb#b0q?z7t*_}{><
zFX8F~KeBuQd{h_z@?Fosek{0O`3U${aKGa)1}+ZrT!-VnQEpwx`V-&-!OP`I@)UR<
zaKCw+0Y4GkZyx8skEu|;06r4jZ=Ad0hJGmcWoS#e{6@fU1oz8N3_J&p>E@Q_=jy_E
zD*^rq`0*y^eYbo|=3p^=>Koh2K1Y+h1^gKB8d*S}6Gpk$+O6ORgZu40>;Vr~;B{wW
ztpfKu=L`WK2<~_NH3|GkaKE)|4*8{K`;E^OF9x5E^5t^W4`o7V|8~s5&*bZWVWf=T
z_ptt^@*w>N!tZJ1`gZ~NePH;>&tzuZ=My1JX8AXAoH5t2jPDKf1Ah?wFxg(sjkS3U
z_pgxyQ-1O|Sc`TotZQq>C5~IC@oaP(_$u(LO>U`!O_tvez7O0l
zuf6e5K=J`*d1H@o1bFBW|Kn^5csFpr`18p9;x7a5jq(^iw|~ao*;???75Fyr2A}rH
z@tA=AUk`o_UWdXs8ueNt_xX&y`+jHRISc$one8w>D?A4LUGQ?ptIYFs@K3<~=656b
z9`F%neB*v;C3x5F<#`xo>d?=D;FsfdXnNf3hjVX=wGQtOhtK!4&xHT%BimU!9(!c)
z>4n$DTo`*O@^Ae#gO|I8k@=M4^*s1%@;H!x&_d@^t~bxS>&+a*xv;1IdLjRIko=og
zh~UPs)Pf`1DgUO>a`4wm_`2fpEdSQf*hAaOK7W?w_kd3a$6@BiH-1;B?i_sQ0^INX
zF$Db6Tm0`ECxOpJ`J5Twdac;LIpFoZ+S=!ra5b@I`xb-W2kv)%X#sDnz+1s@0{1(|
z?*X3;?stBx!zN-B{qs9+ha7-Us=&kO-yHC+sDGc?e|gO9cGtG0@c95f*tT-Vh@Tyo
zIa&iQ4r}xMT=y36?%>1C^2X;@_JR+pzxDPXjNxuQNV(J{f$G
z4-X^cT=18{r<(C)4%E*!IoCnU;Ikh-QPanGwz?L)cW?hbZUf&kul)L5kC^grXVsy6
ztA*qB$|-I?&$%ynZ)l-?M^!LuVMt`Y>(9lpjacR8L>PP=__982?Za^F7ms^+{yWAv
z|DnFj5qt*N%cxKGo1e9jbuC6L`8VXA!0TcxYiaTLX#rmW?sxpQf^Psn)GTl0br1N<
z;1`+PI@gIG#(Q<&#CZ?=O5~+jzwFB;G8^g|RsQ|1(MS2O0rKy9om+v+zxQ=9_%UW1
zcugeRApZ{7bnr91Z5ZaZVJ&>-f4zJgrMEupfTw#<#T}F8!YO_|+;uSzjyaYxxHLwgg_g<9vQ`ocDki
zz>hZhRHOgM_g?Tina?{s^#tAHX~ZP?o7ebTC1xB;eGwy!_oe{!jJ362YjQcZ#=e*Q
zJAMuD8DaYH+E>Pqf8VbW{M#m%F^p%Y>*2E&K0{0&^)m|2yx#$y10Q4Zn^k{hzCst^
znh^X_lNGT
zl5I&LmN>usTnPhZ!0W*;!|USM%DT8GF6UD}^tS;%&UN@+oaKD3!}lXr^#z_-+)I;j
zW+Bc5@HW}z-y3mcn+tB6$6SbYkpZ?4F}*m
z$p^rd;MOJn`N@E{p}b%Ia^U-XxV+|#qW_^ZN!eA9;*lmuYS7Kg8?MhgdYt
zd_3&tqZ<8K2*2l~-y0skA1XhY4|&-*=^FoaLtxRV#KQ;R(F5@K0eG?km-&$6H5vVM
zez#!{PRvF=g2UAsEd6?-pVwc8xhU7CcMLyy4KzxvPhlAk^`&RDwf_XK%~<@YC+B=w
zHwDjnuJC`xFa$gd-VbxO7$bO?(-@iaN#Ok&a6eJPmlydQ@YUaKYY&>-+E<)oi^1aw
z|9z+yaQQbw`0=}t2`Bw0C;MbOvpIOZB9`J5BCQdcEvA0o&
zO^HE1$4nSy8j(NAPs8ibGq{M?bJFzE=RU(nu4~2~ZW47p4L`qJq`@Bt
z_sc~V{PPOs^WZxxlo!}!96h`IJ&(+F7(5DI?mk`eDEQeGcpUr{94jZoxA^SDc&?iS
z-v*9l&*jE%gr&jja4gAO7t0%a&sp#jz;XDyoEL+#eR=S=(f>h`>v1x!zeOBA;C)PP
ze7+(KzP$pEf^P%&o9l6w_d6Do;JYf6PlN9UKSJQ2Zol#DDNF7*K6!9CKm543RETzP
zzxgL03w#1T+N>XQSPr2x{@`_$#vlA}aKE)A3Et1AytDpe{04zL_YD_fLr>>GUV|I=
z4I2<==(YZz1=e0Ew2ZApEKgi@`)w&wSdlSHK
z0+)Y3qNJU-tMio1R{}mC;5y!KzNNr-fcxbu1HKE~Z$9O~KL_`_{wRRg;yV9Ww58a_
zY3{k9>t#5Xf|r|bVHA<$B{{-~&^BzO>+!JE154?%5>ZmQ6Z
zrQq`KK>M|$8V!&fTLL09#i)Y=D%&B)t3|hCgyCbfLrlk>7<~Nl6$bwZ9G9O)U)5fz
zGylQ+U+-T&4n6|hS>KAea=%xS1fK&QHREG$%hQpJp9WtHeu&A9&pKwo7l7Yta{dOG
zET0G81@6~=frn;C-r(Q9F!;sbQ8T{Lz9{%j;QdT){MKC@{1$M(_9wyTfFEg=H=cc`
z!LJ7|HxFe0vgGBCNvHqdGf>`-iy4@!;NLatH@+(u22X=`H@UI*5(QrZo-nzk9*)cU
zWtagBp
z!s}4#EH{R6zRw_rbz@umFX2;cgY~S_kucuMfiDLyX#?h~HQHU{#y&pDmcS}yAv(SYa0H?>v#{iZm4;y3$$e=!NZ2E0Gw75jsF&U)D(AUl2&i&J6W8FH`-uY138(B{^4uC!L{ExGG^1)_1
zjPEy$1F!mi`JBr54d8nbzg#;dZvwYaewG=ZA3~748T?%Ek~|srBpbjdfgf#_=bo-C
zzY}~4c)9y-$*b{D;979pZn`<*!$`^N!B>M%DB))~lS<}!DaK(7_>*`YI_yk0hMap3
zxpOapIFoMi%ugO8VU$gQH-az6YjZwWDK|z7eA?jSw)a{pZoDTu-1zzs>k-3@#UJLGb%{_9C_Mhb|jp1DQtUw)o;a?nQdCJf%{!APXV6+Uhdp0kC{yvhYP`-J>?Fg
z-8{&3_E2|Ec_rdpc!z(k)`L$5_nVJ9z{i98U2}(UavTR%r%NA8c~|riEjU=M(t&wQ(G{{LE)LF2}k7d?NVuW*z!Egy*v`SPFh=_)RhW)OCn+
z)hqkc0-r7LDc2v#TfsN`@G$ru@K*43IKLP3Dd$|qy-(|zKu+fSKT94Ce(_!9=Y*_d
zGI$L9CA>E4Fn=#-9(;DeXM*WtsdGvg?=1uG-qhCq<6vow;A8Hwk%iA=_muzr0~sR^
z{s#Ciye_sw<#VeXU74@YHMqxE=%3Gi;ETZh&W&ThH-UFC>p0V$JJZ2m1oxZ2jo|CS
z{f^(2;Llg!>%p6Sco=Qk0sbg>$vu+Ff%AzdnS<)txNnBfL1rI#Z!dX0_y^#A$JjXV
z{{Y8jhMQ;OKB58q$b0?!*aTh&KFBO@>{B(fyx&^80em>h`yCTI!H0tT-RD+gv-BKr
zzcs2Jya7CBwvXom=lTaZUJAa)!hE`Hgqs6-Tz%j^GfyDS^pt;|Q{d-=4>s#Dt}`>>
zmxKGwr5t#oLi_^wcPhm1I!B0WD#VX~-wfW(Y@e}r9RvR!xL+O<;0wUZ~QPzx*UfO-Er89IQKv3-;bWxVUHfXTt8$zO{ix%
zxO47)<&@HTjB|G!aUNgdUr!P|1&%utHwO2|>+zNxujj$xhRV(4FW|MA7wcU&MpvAm-hhwanj8V&2Y!J!hVi@cli)LOssFvk9Pl&1{npdP
z;Pb%C&9N}*Z2`Xuykt*Fp0AB_{ucPGfREpCvKM@{PaSd|_Phb(3x0;DpYr4NvJFkh
z<;&n05&WJB?iBPqGoE!%L5wZ%InIn>+`G;L{{Z}8lN)_l2EG-%yUDrtBIjT&`j7*6
zK0o$@;cgq`TsQu1&kn@t`Dpn#vag}Jc;*W3w|4deudPsi47gRH{B&?pfj5G;JyL$W
zW&2iw7rz-;8BzFGs9uLR{-Ay{l8Ss)d5%WWSj6=3z4ER>?a`&=f@af>&z$>l0P4H>{fu{~$3(Gp1
z!CS${;B|4_(T3~Uh7I6*!Tsj=PVimelRf3lHM4dezI&MVUo!`S*Ms}*F--tJ9(;sZ
zhw(j@S>O{YlwSybKDgg{xEg#cxL*!7fzJf@8;9NCv%o8jL)Y))I`RqsafpCV2ls13
z47>?^n3)6P_cRmWKLG!h$&G!s6!;c!zj4ffZv?M2j;-)%gOA_2Zx49&it@)yZ?voK
z7CdtV_nYrSz%K^(+l!n89tR(8_R;w6#T@Xt;C|Qoi^1oEV`XsXy73&c1$-HJN&Adr
zr4@VwxZm--2YfsDQD%JgNWoci>Tsj3OcC)@|oo620NG7Cslkrzc()*F^Pb
z(HX~W;OByu>q8ht_Jc>kugB|Rd6@_PEvJ5XJAqs+g3mATI`rW2rGDyTbxvL5Zo?ke
z5B=v<1NhP4<=P_q(gc1e_z`$rY>V+Zhi34e;C{#42Jk-Merxki@UMgWjaT*U_+B}<
z-!WGYem1z@F*gqUI&i;Zt^s@jxZm2|1pa++zx{(|@K?e8^0xte4S2cx$}m#86MQFl
zrR#v&J8<9fl>fEHK=1+Jetnz(9tHPXS7w2a0rwlDh2RswPci2J=A*onm2+e@_zdv6
z01SP8e)(F2)
zGw(^CHvG!mlg1nI`)}~|8@D8Q6ujJ8D(fnsuJPcn%Ql@;rmkPet2p({U=w0}2;XnR
zF6PIY=s3vy>;~`mWB<>N)ZU3}N$`GVdE;6BK=2{phnU>>EW!lvW57$+H016kj^8Zs
z^T7S)_(JeU!ToZz8hjzR-?i>0@Mpm*&G7duJSJ*
z1Fr`6Tay#u0=!%w!$2wUPf&lQH93Snj6n=%O+E`VM;{Avo*HZNHpKdaPhE08><8Zf
z?zg7(z6-ek_si7?@K3;xL9AjMjNdhw0=^%7tjWJVn{XWl?l+brz;6LBH71_|2&p
zc%zpa*L?}_Cw$r+m{sJZjSGOPTXq^d2FOdd9!KaquI-%jI0QB?;aGyxiDIo(As-eiB|6
z+hOc&Wx@M^cQ?85`K&y69r$G?H-0ZkEX1=qaKB?P3_cSaSH5ojGu$~91;436`8fE(
z3gwgFub*1}nk9@X)8N4o<-f}=bG_*k1N5ey0`mYH?9Zo3_j2-Z#);+0p1IIl*x_H
zl!flYXSu-r#<(B&UaT)i$@2R5e~ix-jRF4`_~RxwzOO$Wd@hcs!6rBE=NrNQhW>Yz
zT=(C2p0E=99q^LtVq>3uJ@|OUFFDT|-!a$$o&Zmn@%b4=xqeQP`3Ikb>*~-sN4jmm
z+7}$Fo{3ApdGOnfx%?-*4h=5#v)*)%iAnckjr*zpd3g@_+u-Mxv`0NKmi5T-5*a+h
zlI{7AzNPK?(0xX~7IEJES@}I@8D}8+UHdG*OC|r1oX)LW(~a*^O@iOu@H@jseRmpu
z^1DNWZKq@MI2)M4Ui=H5eRAs=hs*kwA1waprpB%yHw)L7b&8mEWh6^(+Q|
z6x?qv8Vr
zfO^(?>Iroy=DiO6>GyhD`)`Br8)W2N&fj0UpOx5+`d)pbt^KC~1lMyR_>?oDWZr5Q
zVLv5T{<9R$_=7J1e+a(C^47v)UMGNyw>SZ6jlaj|dZpiu9>1I1W2yQ<
z+}r=5{CB`*eRC0K7WhiM4xL{b$6BJ=E^`z^oSpF7f!A)1-YJe%7I9W@#@v%*+S7<5
z=T4P7raR%c>`!g&JLQ-zF#P10Zgs~ri~6SgrLFyEC1cuL9Me4bNAG&RqiU%K_OiWV
zG4=}I^Z!0?7v
zu6mu&sS>72?b@;*4JyydxBRzY3nRe=YF4s(^JMRHlE|
zgq(PCEEb}^SNGsEQ)Yd^mf~2h2A}@9|FeTl;LE`;Fmuhn6)WTK25$wwyo9Tb9m#8#
z;Q0K)e=G-r*Mq0c@}99wBlj!e^O4N$U?V4TEc5PIZh+s+f8rWj`t|YnUEz*F8g;JO
zSNs)_(Pmb3k9opMR%6W5`r@rId`Be|UpH{a!
z>u{)(;fHwEW;d_m5%jZDyYIeq7`y-;m313qqxWE<;9YCmefJpR;C0}KnB|QU4IsQHuy0nH};_N;Pb$5HMwyOA|A!Hb%pq0@crO^?T>
zM`Lex1AH3cgOPT9jD5|W;J1TcWODxImuzSCV_56KCzo*bFiG-y@K3;_Cg(VW@!nG8
zxm%ZZ=b2vU<-^=I7|-=)A;v`boMy)0-iXZ4HpEDPJD(wZ(uje2%+CW!NVI_siuF@G%wmB=FG{>YoEX1l(`UU3`G}
zEsWpSY`^i{fmW9H?LYWXpY}QXKgdr#_;rXMI;)pEmgV+;9>?(qU!1{QKjXPw9Q+z^
zzg#B46BT$G{3>w2zGhkeShN0V?)sJozqvwuu^hkWT!DwdZ>Yed;Maru_MaSCbn|nb
z+rA`t#r}iK{`WD<8^?7Pd{zaX2cHRkkXc@RT*^5X#1Dk{7P#MB34@6LQtm_G_w?7Yv
zbin>aK-_Ps_q+6l4zzz25L*K3otg=U-xClkY4vz3um~sTXG8WQws<{cH`?M^TRDzA
z&)#1pF0ubwC2kM=2b|sy_IR{|ctqCN9O|*AgV-it{w>sFa|iK^ZQorjHrn={4q|21
z9q>k@YR4ioEgi*0FIm}+qBUr@R*O%A_OGhNiqMJx
z-g>yoZmSm0RoNd_i@Q76c<1#F_R}53t`7E+j^ZC3RXYzm89HvG^^h&T2-;tU#DgJw
zXGpflX+)O@^sEz>1;o$UkilC5Z{b4Yg`oYYE&dt=-WRmj*kZNp&aXoDW?SUt%TGi0
z9$P$Tf5#`zsn^@T2#F^H_AXnj4fJ~37K<%=g)M$&*$Zs(mSuku5}#W3){uBJXoKzy
z+ArGT525E#IkI!m=>D$<#MM1u?qJIXeG}ET2JEM+#NPt;k}A<=y$|PqgzVo|iKlEi
z9xvH)Kz7^Ds385vqr|#^{YXgsAz(L##Acb==Ysa8kk}ZsUkG7nhdb5vo@IX=6n6yd
ztwE6t+ABih;h=qQNHmexT;A^|0r9FHtWyzYe!y-Hh+p%qvwj<}|Ao{9WRCX*WR6po
z{rix3+mi3^w(K9-;`X4u$d>)ZJ0Aq?4{VVP*>BlmNyuJn%K=rnRI_qJK>UTl>)#4A
zqDKz|?MJHcCl&2R^fz=GCZ=s~suHi;_6t?w*(%kOnbYh&9mQ4lpF4^toQc^O>anOs
ztdV2(TBt{+M*K^@TwwQjqeiTg)8Kb@kKHx+Yhrkrs_LXokr^dd$i&#}-|Gl%A
z-${meqm%v9F5>T<>_@wZykYHYG)Q~mlOOSL3>w7ERt#YVaRT>
z#rvUAY9#*C(ec%+{-4h3>I>{C;yN{Eolm!~7T>fl6iuAqU5DhcD6S0JF9pRP<&a=t
z=Z&{NkSpw4RbnX);SS9l9t-AxQLGgf`AZXaP2SQKp@!JrNGJInq(BrQmk&zvF
zCC~%=z@NyMcUnE3v}OBn&{;ixZHv$4%e#X;{%ngivV*S&dwgljr4@e*DAePzD*WZn
zKdMFR8WsL`whsR{yBPlNs$%#bRTabkrm7hJy{cmP+d34(|Dc0dD;xi2sK-kkM4Np1
zfZgLAB-4ISos4>&iTAEN@r9uHIAHxCD1L1P?+S|Fb0~TZ0i8Pb7nax%u%EExBD~NN
z+hv!K5A(m;dR+BPvcE0nC{}an@rwd-oPgF>^rQ$ZdvmZt0rxUXWdRa
zdHFB5tK*sWRpKrg$SHS7pmwl*W}w0Tp19TRg_FB+r(+{3V80d!JYd;NEYa*%i9Y?i
z;^=(+*Wx*+99$XPU>jEkM~pH+pSV(bx4IP>*Uiv#v{
zOJ3@{YKb>w!5x7<56fl4Znwk_tq0X{eb_$(XW|PJmW_o2XL9Ef3s(v2LUWvmon_s{
zp+WQNPPdm@;(|V32E_MmThlDa7R$cdmRDkOdFrzj7idBI
zWm|kETX;{X&x2LsxsbeGX|yw?!9H|?z2yd5;RM6QoeuVn6YLc%elpm?P@lzEvqJWM
zTimIG4Z9Hy`C*_>DkOe~V?8Jyl?};QeUPLrmi@DkcwCl!F4*UGTfF0(r&ot=aPlyW
zo%*@cj>mBVmqnYcJ|Bfd&ayX$#LKeimS7)TdEq+ieq433Xm?zuVGlLX2a{#FWw%&j
zr!0%)cK@p+Uk3X8UXGmoOG|vL$?qlkFwo~$mcZfgBTKwP(&^Hf`6}@j3m1(tMBOFu
zySC3~&LsL%Ksr0`51a&@*#~`G6tMF_b-|74f{WAL0r~q;cjF2eXOiI4D$ljY!(Xl;
zGgSE#RC%Nw<&k#hf*s|N@IA6=DeKt)a{bSs{j^N5x-LKXbdU@Bye#L?s(@G=_@>jA
zBUG%Xowhs}6zgRGBxRFa%kb$Bbi=3Q2^YZg%0Bnna)tgZB%YTg-wfE#*lL-63a$97
zE$$E5Z`$I=Y{dyv;556>gSL1SSIHsqk}QOyw8fSe$+#9np}*VWp^*ItTl|!Tj!=bO
z!JNP~e^6|fg>YrPBPjmNHg<7buD;V5Mb$A?2v-v*w80WD%YEFXR-fB~V!x$2)>ocr
zzH_fUqyH;#%&MUHjb-EYJJu1u3W~qWDTChkSKUlG-P{{O2>UO#cqMq+Z*dt5${}OKZ`>a2U|eA9yrQ*zwf02EQY?|{%$IEGn)c9v;CZN=jc}g^YF*3EqkLp*hdKQMaW)Mg^PF_7ZH!x^5}oh
zjyXYPo4jXX=e?s)&$sQ%#Vx8nXRZ70(GOb~!tWJJO3#x2oO8tCfx1yBb>5h_1A%`8
zDNp8wOgnEDHQly5F1w+yD#pa-m?uiC!XV%
z44(eyP++(8d(Q6LihHi|e)k4XuTZT_hkGuUZTPR8kDY4;T+7IV`057(Kd}O@Sv7B2
z;ypJp?T;NAIOsd}jKG~Zhy!AonH0&sc0cZN0|6Z8F9yUWmpbK+w{HkM5U6=9Ab#Q!
zXBcbcK##P~6jPxkZO6U{F1YUxh#$!!$P?=Ki&Lp>m|$`$Pq5Dya@f6fG+OpkmiQH?
zZl`+#HlDuY!qM^U^rN7ShxYICIO}+UeS=7m4V!AegUj}Sy}F~g!?G856i-_A{%Y}9
z@C)lp7*(mj`yIt=9qiwA6n9o1gSWn@mOr?P1`L~SKMpfse}s(@EdCwE3zogEqj)O#
zOz>AV;(ZkTQH{8}+P=R=yjFb--ugvH7QJBDHA1dPUsU6q+5^k5Wk1wW{Mh;$)-}t1
zuA|szor(wQLHjN2tpvLZxlDcB5$ElvQ1ut~OMw+N;Tlt7sv}R74+UhF
zuuZVNMh@<8YmfxQF9huU@Url7jb%UD3FkRfwa>EGbP_)d4ij<>+T2Mz5wh>D6)#|y
zr4w$TQ7sPkAJvK$JB(fZDtl|KSXyQOrdDjJvKu>#kE-mCYsEtyuEp*1Bh~gJoyD(^
z8hI~WBk!vpt+Ai!EWW70^@z;Y2zfMKWUs0cGwp|})OxfrVE?H~UR7+U61Q0!(YFtS
zcB%u;oIUY#rMLvZ(I_uSWch>6wpRv3TuvotDaTt~Bj*T|embxuD1OSp?Gx!M#ASBI
z5;xhn?s_tSg$v8a8y2>L@X!IJI$n$$LEPOrMloM`Ctt6-`D%0Xwam@ei*CNQIQhEA
z$=By@zJBcHYnzj=*PMLKck=ZQCtq8gd_5-f_2U4H`8D=$I*VmBcBZrVrzc<7W}0cY
zxcS0{6Y_-(r`xPgkT2XH{>hLoKDzSd!dt97P5DBk~^7y=p?qw>2#-UH`U@~i|O>G
zZU3@XJXmEvRV#j9Wxro5KCH5HwIbEwj=(QEi_&cm7L*5?^WG7s
zmE3_?T7_LVZ0gEx`tB&4IS3Vw>Vb7}HeTF`9fhE1kx6_FI|?COsN&__*ii_{6$5(*
z*ipbHqkMTUb`(NbO>rKOHPp!)p{dqgxF-(u{x~4lPv`xEIx@e26oSzx}pl_9GsHA`u9}^zRJK?8Tcv#UuEE{41AS=uQKpe
z2ENL`R~h&!17Bs}f1H6hp2f+3!)kF8jDKO;(N6dh1O91sjIaLpRR+Gwz`r#E*qUzU}?Yz=Wmo6qsFNTYLc3wrl}cfmYSpHsRgPCs2SLm
z8m305QEH4DrzWULYKoesW~f0KepeCs)YMPp%W~n)9o?4)aYSvE;QzO(U
zHAan76VxO%MNLyP)GRee%~K0h(UJ92!_){hN{vzD)C4t2O;OX-3^hy5QS;OSRn)M4
zYM2_KMyWAsoSL8}sVQojnxST?IclC-po&hcpBkn{s8MQ+8mA_xNotCkre>&FYL1$x
z7O0|@^;5&t2sKKLQRCDEHAziT)6@(#OU+U9)B;s>X8qJKHA0P2W7Ie`K}}Lq)HF3i
z%~EsJJhea-U06RgOpQ>Z)EG5RO;D566g5rFP_xt=HBT*2#X+o}8m305QEH4DrzWUL
zYKoesW~f!*gP5o(kg
zqsFNTYLc3wrl}cfmYSpHsRgR&#`>vYYJ?i4#;9>>f|{hJsA+13nx*Ebd1`?w4rcw-
zFf~GrQe)IOH9<{MQ`9syL(Nii)I7C76?Lqi8m305QEH4DrzWULYKoesW~fZ)EG5RO;D56
z6g5rFP_xt=HBT*2#i6X98m305QEH4DrzWULYKoesW~fQu*sWEDtnxH1BDQcRUp=PN$YMxr4
ziaxBL8m305QEH4DrzWULYKoesW~fm)HpRkO;S_TG&MubQghTiwLlepSwA&QjZmZ17&T5!P?OXY
zHBHS>v(y|lPc2Zzk*uE@rbehyYK$7ECa6hjikhZos99=`nx_`1;waWn4O1i3C^bfn
zQxnuAHAPKRGt?|KN6k|URMC(1Q^V8Qu*sWEDtnxH1BDQcRUp=PN$YMxr4ih9;h4O1i3C^bfnQxnuAHAPKRGt?|K
zN6k|URB;UJr-rE!YLptI#;FNvlA5BXsTpdPnxp2a1*#ap`l(@Rgc_yBsBvn7nxv+v
zX=;X=rRJ!4YJn<_W&PAJHA0P2W7Ie`K}}Lq)HF3i%~EsJJhec@k435dKWdm7p+>1O
zYMh#&CaEcEnwp_zsX1z%TA+&KSU)vPjZmZ17&T5!P?OXYHBHS>v(y|lPc2ZzAl6R}
zQzO(UHAan76VxO%MNLyP)GRee%~K0haXjm%hN%&1lp3SPsR?S5nxdwu8ETfAqvojv
zs)(?DYM2_KMyWAsoSL8}sVQojnxST?IclC-po$Y%KQ&B^P@~isHBL=XlhhP7P0diV
z)EqTWEl|Z^)=v#nBh)B0MvYSw)Fd@UO;a<}EHy{XQwvmaBI~DysS#?F8l%Rk32Ks>
zqNb@CYL=R#=BWj$7{dCgVQPdLrN*dnYJ!@irl@IZhMJ}3sCjCEDo$ek)G#$djZ$OO
zI5j~{Qd874HABr(bJRSwKovt-KQ&B^P@~isHBL=XlhhP7P0diV)EqTWEl|ZU)=v#n
zBh)B0MvYSw)Fd@UO;a<}EHy{XQwvlvob^+~)Ce_7jZx#&1T{%bQPb26HA~G=^V9-W
zoXq;EVQPdLrN*dnYJ!@irl@IZhMJ}3sCjCEDo$bj)G#$djZ$OOI5j~{Qd874HABr(
zbJRSwKozI5erlK+p+>1OYMh#&CaEcEnwp_zsX1z%TA+#%te+aDMyOG0j2fpVs7Y#y
znx&FYL1$x7N}wr>!*gP5o(kgqsFNTYLc3wrl}cfmYSpHsRgPS
z&HAZfYJ?i4#;9>>f|{hJsA+13nx*Ebd1`?w&S3r2Ff~GrQe)IOH9<{MQ`9syL(Nii
z)I7C76=PUGHB60AqtqBRPEAmg)D$&M%}}${95qiZP{o<7pBkn{s8MQ+8mA_xNotCk
zre>&FYL1$x7N}w@>!*gP5o(kgqsFNTYLc3wrl}cfmYSpHsRgPyi}h2()Ce_7jZx#&
z1T{%bQPb26HA~G=^V9-WjAQ-OFf~GrQe)IOH9<{MQ`9syL(Nii)I7C76=$=4YM2_K
zMyWAsoSL8}sVQojnxST?IclC-po;OVpBkn{s8MQ+8mA_xNotCkre>&FYL1$x7O3JJ
z)=v#nBh)Ch`OMPKX`OY(8K;EnFPL`SRdcQjpFHTqL6PH57YywcdAc(?dh#Pdxx)GJO649SN6fQ52qcWeJ*Y17mo4XT-x|OCgeqa@$DTr4x91kx=QG~hv~Qz5DXii>N4vVOvUT|Zv~~N&d+eDWdx6JZ<*_$<>;6~+6xaQU(ANFgLR+`L=2+#g?Ne#%_BYVh
z?SF%|ZvPJ2db~peRXiTvVgYUZPKfjGRodGB1KRk>PUm00<5c-^v}e)Q{tIcJN4}l*
z(X^`usq+1351@So?M1ZpcxGt#C*Mq4{sOu4?|2o@`L%JpF_X3~-$eTYy8nr`UM~u?
zb^E(UR6K1*XwPE#WwiBpyy3CM397t~-;K7;$8_4G8Sg3Dy1rLw>-P2@tm5hVn`rC$
zU-a0!Y3usiXzTi8C#rb2vi=v^8&`t@9f`
zRr%}uPW0G~v~_-$(AMqQNn7W)VT6jO^E>)9W$XMTY3uwf8L7C=Pq)*Rt@ATEs%)K~
zw`uG8j~b=8&c}G#y1!}KqnOWkX?J4&KN_vdPb80?p=_PMIPHV
zXzTjc(7sIje^dGE@gGlH=QB+kzXs&|`y=f-+Pi75pnYFV#k+xa)p^S9#{T!5sO%Z!
zx6nR>_Jg!_{ASvEJlbgM@#u5Dil@ip^GV9q;}N|;*?K%$XzTHK?Lx(MKDW}2vpuI=
zq`1y!hPKY9Dmil0S(A8lQJHEo^0bsjrMTdya7rmfra
zna8gEj;c?u&u7!t$H%p_2eUm-(bn;81PRQc=k?+DtO
zUrbxizZ*S#smFevc3-w<3+*$Q-`U`1G_1#TdufJ<(FQtF%3Kef5?QOJmd+HiW>pPLQZqMbk_58h&
zwmyEEY3uvlwY2r|^tJD*_&jN?Vs-MZ2G+3cN8(`Rn%V
zr>)yR=zEHv#PPiBDrM{Abt`S1?|rm&zK36}{B^#^(boCR)7JT&l~DdVzbk3$_^;5`
z?fZVYGEV(zJCxo~5nxvH9B4@}W7(*7Xggt@Cl^b&BhJyh~f(uMfRm
zaeaKwr>*aA-k?2@Ls(u|${)nUer`MzNY3uvbH)-qjd-#0iuh;7-P0B8|hjvf)X9aDY&lcKOkso=t
zDzEJnZN2`jr9DIYFHrvadVUyf9sg|FSJJ1rJ|FN|7
z@jsKco-d1N>wG*xTes&q+B)7_9=kwW=XdD+s(zinb7|}2=X
z>G-p0>-II$K8fS~3)*`9c++7{h)vx0Xq&;8P;vD-ZUT_05K(evjPkG-3=KHq(F
zvGTv3?fngH&Fdd3<;!X7@!LULuh)?!rTG|5Tj%!%+B(1YdicwqG1e@^>&+Fsd@h1e2%zh;SQ2lZd7;tiOiJY)Rj9)16Hpyz4V(7%Qi-Ar3wZ!~-C
z13hosOn-em?V+vLmzvJ%H$wD$9zgq2*1wRp?*A`o>-B4=r+jsn(s=bAdmL?jex2>%
zi)hbg{h@uKwJ7d&?Fuc`Lw^<%WhZlJB>d7r=CO|I9Q$7t*Q<+^SvzUKXDU(4}%
zl(v3;w3)UZkI!lA^=in$D&9RT|0~)${#&$l{p0IO>z_hf^Ubu2^PBcDjDPqcs=T(x
z($?$g9NN14B9EP+t@HObZ9N`s9v<$l>eKy?($@9Q^w
z-ot6@_|s?~A5Z}n$-f_ofBJghK+o&e(f>kKT+|(^$`7SIp0>UoxR|#5D=_lku3pMt
z=d=2-()JFbt@C#=ZM~kSXzTW_rLFV1jrKHEofz3$#n<=i^J(ky&(hZA-=?jfm-IWl
zwEQgEx;-msU&Q+Md3dCcDnFULiFTCs2HJYP-A?;f@~KCt@;d(Wv~|2LVa0X4b7}Wu
z`PsB}`~yAjJkax(CdSkEL#t@({B5MI$A7EG-bMSnY~Q55s{Q)>Jd<{Ue5;2SJa*NQ
zs=Pj5&!ny6C28yHlaFXOG5+;Osq(#PFQTolC*P&5`y1+~{72D$EbU*?w!W^oEaX8KHrDymA^iJji;@j2d0iuT#rwN_F&d`
zpyz4t(qFfK4{cpvp8+cVEXG?vTemkuTi-8upZ9MeAI9Ujz5RCj^9XI
z$6rTV$IsE$@!LGS>+z~S-M?pO_hozEq^;w<>+w%URC&!8(bnhR9BrM?@CnLaukRPq
z*8Q15`{o`uMg_QuS%OH*MXYZ_(EM
zSw&mV-&Wds|9&TJU4PY36~CGJeTKG<*XFU$m46rq|E{P1dfHQHhleY!{T)I3CC1-JTOTiDM=1Xvb9_FQe>DyN^#1nfsIqsl{J>Gl*6kZl
zTOW@rX?LOjv$Sf<#eA4HP()bbD
z`god3dnnt#n6~ckv$Xa3-TVCUujG1u^&6w=)AL~t?LC&Npy4dVb$@Q4J(%_Xn6}Pe
ztH=L6kN+X#R6Ol}I&GcL^Jwe#-A7xuZ#!+>|GKkF+t-iw7i|Aw6BO6+kE5;Q&!nx7
z{|CNV>c5iqSoU`p?dxdAW6EEz7q`v-d7pTYLrNBb1o8))nE_2;zp{H>X!>et6}nD*5?-cuKp
z@~3F)`MTc2w|e+qkKO%36;HRnp0;l9G}?OpFZKAZqWuE5M
z_4W|jtH`(0{wD1~-%|cj+E>xmpBJe8c4>Xy=WUb7bv|d(*7<6py`AyB&(CH|QSr6E
z_xVdBxt`A(X-^22t>^EvwDo*%rLE`t`l+hC_V4-~WshO}NwoF&&7iI4
z^E%pkKJTQhufGn8t9W|9dID|DucfW$=X~0_{*APC`*+jU?ca83Y5VJ^m9~EtZGF5x
zNn0PU`)TX`b-7HH*ZrG8TlX(TTaU+P+B$znPFLmi_2@X-!3knWTbDnHw!Z(FL|e~?n`rC#{{(H_zc*>?@wcy3_380HkG3BF`Ly-%
z^9XHyePYd0<#qd(VofnZ=!u2?NN!+{!XH;=kG1FU#I`s*C_vQ(_Tq?AnhD&
zy}z-C_95gQXRGphzMV%~=l@08I{%w!>-D4CwW_?%|4p=Y{+H6$`Tw1V@20Kib7)R!
z|GU%H^LZg{J)h6KuGD`rZ9U&s($?*Hnf5X4|8Cm4KZCDV@pOB}(~i=A0d2kC^$u-)
zJomgomDlwRrLE(gOIznNPFv^iHQFbzzP+^d_?|yk#nz_4G#n%aTFE8!_Wpl`^jNuM9bd+eDWdx6LHet*pS{L1_Ntp`}YK0hAld4uokXn(wo?YoHizHqn7_hj17(AMMi5$);Z2igz+-|l};{JUz8J|CrM>;0$3g5r9;
zc#5`O5C6aZzR!R6`#NjbetkXu5p6wxYX717tL*`_b$>_D*6Z;skH2?6+PnYg-Je{*
z@;bk(J@x&c-k)6OsV_%cUoUv~7rgrk2iiaQ|J(O9{@?yS#@J8PeAMUH%W3QR+32xX
z(AM+GyZ`uqdcVrMAL6~g{=fb6@!rqBuV+5>{^Q4vp#PAolm~wDtL;-P6Cr_ms{b@ADz=
z{q+C#^P8u#KHZ*gcx>-}v-f`XK%b}dejYN;_zy83pVQXoPrhB0J@}-fx}&IG6BzqO
zK!pC%L5Qn9!`~FEDmpnYei68K&UA6Q_+qaRivx8>TjHp?z^HTZL5xAe=363M`;AUt
z9wx*Q1O6mLb?uTaZ==-757guTedSxV%d8jhB_4U--h}@wabiFOq)%X+{A`o*`GIv;
z(h|$??&?yXPVg27f4V#%YM-o;r9|Qw1Z{ZI68{fh*8yHd(Y0rG_ufge2@nzz2njKv
zg9M}_z4s=9AiY;9QUnwbP^xrMiXcszAfia`O+-Zm6%j!YL=Zp3hE)CEb7psLF5;i(
z**m-QzUR!$nX#-?f75F#R*mCkQBKPOPl?5COH>r-D|)yU#YR5<3G;<
zsu>O^&rAn=Rvky3tt=`Fs0lhNWhY6SS=||0sAowm&d79q_mp|Qf{g4
z^^oEo2+_8m1xj6$ax`rU(o=c!0Fw?eVvcu0OtYN5V8f(8UqS}+Nc9=kn#&{K^i3`L
zu8=mjhSQ}gy;X=RfV%+dMKGHoY1cv|T2`vaMp96cV*$h_Klk+=tBDj!=jz6o*_Jxi)OC#9f~q%e^<_w*xDmOhKjEtbj}
zFGUq#^>OG%Tnn`=QYxYIL@$+UY*{Hf0HcM^P$vr2ur_B(yBe_8TWAj}Einz$MgOLY
z;D|aPZIJ5lx5&%;U~KbQq6K4HrP__5U4Dl6Z+uLTs9JchR9Q-cK#yH_4S{p437^7d
zDImmRxG#VsR3x2c9-TGyTd7W?7t2bZHGc?|?WCzcOI5QIwDtsT?0--*XY+5Vmd8N#
z>)@_4eAD_eQ)4U@oNEcWAG8zU)J%Czwp7^&D7*s3eZw-1F|)!#mfGJ93gd9&%Y#E(
zpaE5?E=)~J#a@E0(g152LL8>3nbp*_RQqgD^E4QJ42vwCnbpuzjT69n5saCJMTvQ=
z;dM~uvn&<=9imo(vC(Jg`r%qS(yz2He1y!jwN+;<)DlO=M&jR{;^4B29KRB|
zbD3-*ayMHY`T+wiII;?UY7v=pW=~vZJMO4wpEvVkVm(WRe;sXg!hL2^|o@m
zdUyw5-3%W5@-^T)Z1vq)G}n=cpF$W<08Eb*nsvlhZ7}tcOTc(Lj3t6sv8g2b7>cnP
zgna-%^a;W~`4_MYw)(t-mxT+!ek7c$DENCX;I~mlZzB8m5g*}Z&VmR&g6UB7Keqay
z0F>ten9nB&yLdMUD@QfjXz~41RsmLva8{nre_bvOw`M5}M)c=&l9N8Dd
zVLn-p{yBaliKk1}3`rDpRA7O{M7ap;)g)m|BuaE1BBCofD)n`#weAD{Nw`+#G#H%WM?dGN
zMdLjA2EdwyC
z0K#@d(!&>%mN}|kU61qy2;Ui!9=@2g!BOr<9_cm+4mr8lwt8ebw;yFXG^<4>)?@|2Vtfm
z@ePu*ukFV4sR8vv5ziWHLEUcXne4{Qg#lH)tEc!2u)Ygp3Y$sm0;+vck8~S^NURow
z`j(#jYvz%FI`Vcnt*CdEC2YV&ljewTu^(J)!3HahDZ9aKx#dineqtRMc(%-k4RW^Paws^=N?AMoSh
zv&>|LOqON(>Yz$_)5}Z-s8#+=7dA8Z2GvD8J97(Y4c0T^%m?jpBB=iAGGdnEo8ffXOJ+$AP-^Kj?^NM#dO1bMb#vsykjRWBOQ7
z7e0jkU@7h^)$6Dy^8xrr|3k(zRQ3pUaGgiL1nS=pp+8uPh7qc9v?r4jqh?7Q4>Se+
zw8&4A+FGq5)YufS_zNB)6M7of>GX?G1+iShCffx5
zv4_Zno{6>0%Mm#i1wEN7;NLeghADZ}N$N)vv(F;b#8sM}5RZF3j!eTssI73lCk>@$
ze=MXR*q7;2YL-=B3N%2rb*qiEYllCsoq$;Qade=8I==jn>hZ}4464HN{xEjW0nT1zF|I?S*9T58Pis>R0zFEz^PV9hs7DwanY=c;*9uSd%FK{#SaMxA$qWu0%h>cBQn=l7sW
zxB+#E!s*<;yhg@?@3`uV2A0lDZU_}Hf@C=_GlyOE*Bp;j4TP446w;oFe!*3J`gwUD
z0P5ubpzD03rEJD}`!V$zmUCBvxdTU_-2bGYo36eenbllbFF(wfb`rxnBqkma;%l(~
z=Sxr?v;|7eNA-B3lpM{fL6iYPos%76eCk#bcb;`!5x@P*OT2D9KPbN<#3w2m&57qR~*i8f97zOo0vlU
zSKZPazUDUMaK77}Cn0p=A$9Hbkogr6UlBql9#Yw^*%_;7D9H^%=)^
zQa9S0@TfqwR@g^09GOS!rKX3u-+S)w%aYu;U2dshx^9@5UpV~G&03h`kGKUm{K&1#;Ze62habC>IsC+3%i*W)eh!bh
z=e+Pfho8C0SWAga`^>G#;c@qAFC4+)=k7c&+`{1r_bV^FgRp3tD--fy4pcNPS|&Ws
zCowXiEuZ9;S*R>U)AGnHWbC48X)+60xhSeK3z@fQS|OQ5ix-wzw0IGjg~U^XLoqp(
zZKIYxBE)#fR~@nxhL2k=K#VmG9E?%V<9w%Fo)ghsk`^OaiinqFHLMb+myTJSjzyXp
zIFCqg>XIWmuH-Q((woOz!)-&nE(uC+k?m_V=-(mtHx6qO6idd_n!~4`-ZHxFA}O+`
z36T>A!y@f|f9w}%68d*|zMC
z=)MF|iXPNOWy6pnUqtj&ACj+z@b2ovL2DIeD!s9f~i
zmHv|Ij;9`34_FHymz1p7C3E0ToIW$#V_Q=asAyPXc22F~LAt_cQjKk7jUQ4FD04-IE97Jn53NZE8
zNl==vLUe~@eK0a+o~&B}XW64-CP;QT=sA+W
zu2BOij%T1EbvBkDWpdA`mne?NSO=2tToWRH$(Ta#^+%?ybQ%3ZK^U9XuC1a{^}j8}
z7BHptDBuYEh=dY#F~`j((`aVr5V%lwA0({eQtcU~om5vzg2-B8q3kzASf#K(0clbD
zk1P;|$J29wRZ*&JaDveOhYZ5AkUalTRf>4>1X|c~^5?5kP)vQFB;si$!fJv28ug_h
ziT*w$iKsIXzZ9EDtj^dZ1LMVmG>1rZk~xu2(_r-8*sfwBMPOSWMq=X(!fu?Y7L(2z
z5+_F{5%I;yN+YEDx~#<(yhWrWs1ylvaVN3z%QPygL-FymDF)k9zQv*#MdU{vc-fx&
z86fOM8Mi}^XtfCyYC{A$O2{Dog9{Rk8oJd{er^^ZZi%aciVAT(e1@y
zC3gsiRop_wNWQ9@jl=5hBOG7DeU!tRZg~!CxwSZ~;V6T8*+JEVeb
zL`)GO9>*cCKu9*inMk1BawFA{5F&=-
zuv%eJN79)jj^4dixSZCTiv?=L*4zco0>Ddr36Y2PW)!Zg-WntY3CeBw*+XzUC=_{U
zQ%&K9>Ud|JjQkqVIRlTNJu`)ysv9sEr~Mb8`v#8aSeusyghRDob>nDDRDE-gC1S?Z
z5u!-bv|7lhlLJ#
z5*n?-+~K`I4!U=lNf1^q&cXs`LHPGVhv+`;4R5*pbQxLMy4IS~7ZkI0D(=Z=QpzCZ%z@}&V)HSjcoC&}yE
zfgcO>xPhl2AHyi#qZ+0@al14AL|omE#=wmG0}T(LK1U#83=!v$eBC1i9SAhTQm}j#
z(Qo>Y9(}dw!9d|Ez&8QgEUmGdm|CL&G&{yv-%(Xr)Yf+`XxCHX`+
zWUNBh+EMe0j)+bu?l-TPh{U%@ZR!^I$Fs#9kM4m9Yh_{!JI-~G)K@O45^>+pu|?b|
zzKCdi?QcuO6_>F)Yay3ULtA$o)F|$9Y+*ZD>x!Ie^$>hBE>=6)E&+7PnfeU*E9AMPSzrP7)$zT|CTPPG)}!
z16edAl5wzs#?i!%b4+J)7=A>`v_)XIl+i!^g5^UnTlnl30JAwmViYCmk~*hv@F#tP
zlZgx6IPV#JBJ}9~41==)QgM*dEaghXSomx>2cax{Z_iQ3;Qs2Dfh_g$<)ETuhQ=-(n4OmBdrzP11J^`Xt?S
zFbUs>2od+fVkm7`_G`Kj`(*x}5YO2o80C<*{jz3^6gdY5i>KiVbK?ydno4AJb5~Rl
zB4!U}%o(p1&Q%|3Zb41P>#;RK6MdfPJWyn8QKRt4Amy`&8jiy%+y%)#&)8n|SQ%i`
z5WUEU11sr>JUS#{8aU=M=B2?=D3k7Ln4~+rCR$45iSG#)etHY
zp)V)=z3Q72I)i8ixp8ow6Thk5~KwntTiOg6DQaDz-XBEQK|Cd6$L5xf%1t@(}Tqe
zRLdEarD{G|it40Y{s_izK1;HNG^@H)QE@&i2J^n0IJ6nqOuVHvqp4K8c6zLmAXGLa
z%9pUoL7dTAsLOyb0`{
zk>?$;87s?ddV&(89kCgBFn{7LydeRO%v%~$8XR8EXh&?us>i<%k!MJ?V>PB9;K*k9
zX+>nt8Si+_n1|=YB%Pof2y7VPTuhB)v-~dPjOAwndo3hSJ7P25ma57lUdi7DwmF2;
zj@XP%Qk@&^;m3h}6~bvpY{o9B{=wM5`fmWc8Nz8tY{p@!X7tr%l-bH)NW$UepLTp^
zd?wX}jrw6(mH<}P;5_%sSW$dn3$h$d(K5b}>Lh&d#F6ds)76k|nzm+~mZ}9tAI3)k
z8*lI&qo+Z>S7K8d3LJ{(J){{wNp+*0B^pyh-hkNcBthnrEx2(7F|W<&nX?^>5vawm
zmA+pNPwX;ce>GxlNQ^d#W+YlF>jt4!N5N&214ky+%z4C8EwBL5krK=RUV%7NyE=K^
z`jwGptHCpc_<}}`79eymin?|JXh+3;;gRZt@T4J83LdGbqvrnQRd|08Mi>%TpH8l-
zqjuEsGByW<<%Yx=qaVG`B?DV_d%Xv1Yy;zZr>Y5{V;KdECEn=w@H_6wSMmmMHvLb3%(Ms2{l}WYToUr1B*R7y#~V42S~H91dwsn
zQE#Ms$?X8)Fp)AP$0RGD?icjNgYzIpoS7@wZMHt7Cr^7GCuVjuJ%hctvY53kQz>sbdu?(6dt8?LJ2kSIOo1Di@%Eu
zI>glquwYRATdiPQxGbw;1)QDuwabv+F{uh5b;2(G2VJzTya~)pQZ=%Wy1WCPz(m2S
zfXs*%3|^P22BKsFe$sqQ)*?b8Epxc5WYV+iL2wAwGIym)ZHK4^h2WE!0!4VvyknMjY{(jlIfE?}weDkEwqVm>s|%_x_;
zj1??(t}B)C9MG$V(TW&aMI}qcVRb|P12AhP&j^xK=(JNfn{_M|z}~NXAXG3U(!wNN
zftuOCQVY6aWeu#Z4`Fgm>6F`9Do0LaegtTf|4sGs*WXf)EkrtRg0aD{(m(c%8mvTh
zxg2jlNtEIc7{`5#=^MmWnS(rZ)h3R&W3j4gVW=r*#|P^_a7
zN!G_tQ(|*>N~Bq$yIhv}HNm=ptz!n*88t-YV
zd?*MdBDdgY7vWl-ritz#TTOW1%lj!{XG1tm6Wx)v`f8Df{{`%R2&ZYHJKk1(F(+XC
ziI}3L;PCX*G|_#E-#BS?L#=t{M>oA+KR_D#-9T=
z%HaIUle^MZ(cRH7<{*ACVPr{3bfF2`ZB_X%6n+!HgJA@z+ZVkU<$hzUFOEX+8!*oM
zEWs~Exfk))-S2vsl6QcKYNm)Z({+Eg)vndvOg9PGBL>e!FHRM&5lDOvs>>j{8bP5P
zCeoWs?qXT8Wdb!udilxChMP5342UUv;b-szBJ{eH`=%_{IV6&f+0E~gnQ|fMD@lav
z*t5g&vk<|I>Rq%1YbU@D!wEEFb*npSSWZi)dmi{T;)JrwoECVq>4?sfbgE+z#E~f>
zem%18hS`p7B|ZdbS;A350(H>@y=DTu$jPan$p0
zV#yy6f5Vsc+6oiib<}HDARMfL<#!y~O3%=E!S6h{haFXXH>$57z+yf@+e()hk*l;8hHVOzCm928MO?I8OoZ8OD)JO!*$I(2ZB>7v$&#
z5MD7Po>%eYTa!|iN?D0rP9SUyC-H2G9~4ju{d_=^QsJz@t-r~T7jZ@p+8IsZTp$l>
zH+XR>|Ak3!$b;JBbwKw>EimgTtTY-AYE(Q1ghWKA`;cr;xbH!2&;{NHTAGxVK&Tr|
z@;#`ZeU8Lh`h`o@-%j>i=`Id(^vr-ji>R6q4*37gje8@y(z8DI170i
zNsmL|!##~HVOtWv5+*L`@;^L{iES*Afb8hRNLHt4JdLUSEkSvBj7S5>9LCewsI<;#
zBLf+KB9)N+iTwDMaXv4EQ6GOGx^n$M=K2`;7Yg|b;%DQq-lPP4k9Mo(u-7U?zvn~p
zEyDf!=meL?+him82?(dcNq&8ds0<}ne9W&8%3qTn&G6-)+c-;I&;z8zVbS!|8OS$9
zKad8B_$Nz->8C_ds2Le3ag>Z63}yuzKO%|tNhOYz>iBKVYJ=F`IINA7x1VX9oqqHK
zEezy2H#I1c5
z*pGdL7p+BI7F?{R9zvSufn78BfsptTRVH4De*i@xWmYUdA~^6*H;W&<@i+>!-da?B
z344=tTResB8xfd2m#~*wkyg$IC_7nDR3M(HuowQch?LUJ;0s)BIY*zz;sP{xCGDS)
zVhwGuoDV+5_m2=g-iPFugg0i(9Rfq>nM
zV#-?TAGl_IB<1xH+muxOkFuii$1U~5c5JvLyf?4`gx@BdpQi0nmgmwSfEUs2DwbM*
zN-|Tvf!Jjsk!IIH+ARx=g#ycN_%SkoFLIRr37e#ebQC|w>4Y;7+_MKbzQs|7Y;YOz
zzxtRYx(K#Ofx1z6f<*ta6z-_>c_9||2xmLM5j)9JuT2J_5WrI5glco~RAGN&rILw+
zmB_y0oiaZ;1}!^lLx9IERRiteAIfnbNDuTih(vYmn^jh
zR^?3QgexHr4ln(qGa!G(QcnSAYnKOBg>bfZVgst1J+jCgt{Z0mY^j8$_(Tqodf=xY
zo#@h3PlvYOvG!cb5;Z6j6M(%!xNba*|7EG3Q$3Td1h&q|C(?t1UBb#6z^zCo(lUwt
zsFhPME^h~|^qUKiox7Im8igGsBzF}*lCmO7FQ1NT{l`+cd{WCa=I)Tnb@aK07A{cRPPXVD4ND2E`Fw4pcrhFioZa0P34~G^b
zbFxMBD3DYhA8fO0L9?WdB^9{+f=*{Y@Ka$NoqfLBCNcX}
z6&Si#+w=yQfo3Qy^+fIwT*dm{oOBr0vsb79O$f=7dB7}1Z0eV6kj%Q7y-5Ww4b{3E
zf!X=Lbhpmd4Z7ckFQ+L~$>HFQ_BD$jgYVcXu{OY05x>I6^j#^DOru%vVVMORVB~f%
z4jC5PP7|<9a^@HaX8>L{giIQC+iFsA5bgntZtjRA!#G
z)m-!ixf`@&|E7vyRx9T6RP?7uf{ZlfDwcerx+TTkTjXxkJnTz=jxk
zUUIZ=+G;Z%JJ~lr9oVZzUgLLcb@w^lz~no?HW_(dlC-PYWpHmZM6wluVLQm}h3g;gyZP^ioyJ8I2qnk46ex!ADT
zb!_8fLT?Q7@U6gh8=PN(x9y0)-K?m}FA)D7Vcct}c16m$FOi)ik%8pwmiPnMKL)4q
z)x*Dv4D`fi(s(>2=fk1pdHiJ(FQwS;J1Tdo9(rUIulI-
z>e(Y*j0`+l1M>}JMNR@?jv?{brIR~{g*puM+&tEUu*;A_84GsABf9-dWZ=&cP<0ZF
zi-vUzw|GfEdS%AG;iw*;fOQ*;e|#1OJ?vVy??eXN!(P#HwS*CHXd~zhF-b)QPCxCn
z=PDr7ClZgQnncb_J1#0P>uay7x`NRE0TTHsZ5dEg&^owilR%h5B(5{Q-PueE1k|A@
zulcVBVXM)kN#v)rBjKmSwnf%-0)(>fTV6zD4lz50u;SGnc2b8FS2TEX@4bCEZrG!Z%f`P`p@fZlgnQ#&hnY^50PY(tr
z9LF0hAP7tYbV`{t(ZY~Nei6w`pri&-H|@kwEOzSDl42pE
zSNf2oGm*g07*VnqZ3s=EC3oAF@wIUuNy>*6GCPM<1+fJ6KDeiGd`HsHkz!tFu^ky-
zfw+wlA(%_5o*!#Y0J(B;c-;NnsY%I#G+j#Cf$686B2_LdGLM3)$G|H`T+XnD^GS88
zB$nV1-3&)tAC~+j-lVHJpaL7V(y)L)Duw_b>2rjJ@j^cdElgHJ
z#5Hr{9Li$VBNy<~wg-%T2(%`&T3U50HvBXxu^xBs-;bcTW7VZk8?3r)#$&56
z?-AUB3q)FokHBFibOq+Gx|A7?VIu|6g?vb+5$>0O
zUsxOH^)PWsm;bQ}cB>NJ1w(dpVkE0mG^=1W+TpchM3*B{DKdvy1Lpt6_$bO(G7-%IP8@puam5!g>UP>@XVk7wX13^9f2%FEStSV(rBgX{8Z
zFl5L6BCWgdOr6RssPj)uz4}IJij2-!5TJIjur1obVLYgX+QFnwxQIf0HXPPyDwy96
zuEk>ll^@Y1d`M0v+;0b!T48$#BBX2pLd$ScF7JJkgS02M53r#=uG>OOYMWVJw|3yB
zBWC~$%zaIA**O!s#R-SZRA_5`=*Slv5xo;Uy=gXkL{7F$>iZ2LU*g5+SU7`XXhpTe
z_;@OQ-f3uMC1$I08!Yh=#D2jc=Ti1#?qlpJF(oUp{PR`-0!e-Fr3JEF%#+ukr=j}}
zWKxgJw!|Y&|L9U3@jP%g676nWjzzce8H9WwPJa{&h@-SQLmLjA0&`;MA<}svxfr5ztj46z85xlRHFom8&bZj1N?+A7Pk_*xWZxszF*Ha!
zlM)?VB-0q}yswrm(u^0t8W&`*VD|LsB=$HDrFm}DCd{ZRdYM{JV6j^nnE>Y+86MrY?UH50pPNkMD}Jj&zn6fk;5
zWd}+MiUWDvM?D4fX+`Iv+7GLff+qmCHxxP(F+ZO`hNmRcJ6_2dWQ3b)d<(5{EC{a<
zoy;Yfo?M+ue_x%(iV1040eAyZxW1W^RGzd*sh+{~oHBL<_{nfJN#ulfBBUy{T-*C+
z;D3d4QjX7u9^7y%U{_T%T6ZE2oenoCzSU4C3(SBsg(@-BLmaYylQ;3SQLi4R-OZfu
zqMO$5=FTE*xOoVv0-TSydI_0b^R(A|I6?j-G^U}-6wVFs%52OG4l`-`Is_(02#yz0ztJb
ztHdKxoJaIEACkuiZ_IcD%Q`a=Jx4-!G!B-PUxXAivaAkc(4>JqYVdCu|M4gic*0VV
z!V=YiH8S{l!UwiR2A<9oWeyY(evGcpkMV6AztBB%7V&|q*pEQ<&BIG{&e2BxkOi2gdZ3rXXlPVe}muC@wk+5Gw
z7}k2vMF6{vc&D?6@vEtxuw$vpo6!`L02VQXd(e=X6=A6@Xu+}?7!AW%o*I0f`jd~4
zPG^9F48g)vq25NPa~f-@=P!UY5scTvSvOroI#cjT2+g?80AwBGKPYEa!H^#k+SOl;h0oS$TgCzu_J`J2-lwqN3r
z7J#{g*t+ssV(f4RTB_;}=-!O@eLf~hr?5vfg}Ub~b#;{`s54n-5PjK@s7Hxlr8Xdq
zw$z!eSku1;Fd7|}Q;;O%)o{NIn2HoVX>ueueeFaV@1;XLEsal2&-@>v9z{$!Bb}eJstIRp
z_4E>yvoXNdhEOy_zz3=6ZD83S;Alf24LWJ9=8CNvke~KdFjg2AsmaX3x2dxR!P*YS
zQN#KL745Mqlj(~)>MPtYwR!
z3&s+|Vl{f;$A+dXSf!vAA-99Dmq_Kv&iZCD&@MvvO1&AR->D@Mmks|
zYyUp>up(NXz|Yr&bKW%mBkUG!Y5CuP-6EXrX4BS52a96Irh0kL-V4)h93D~s>_6QGu57<_N^Ug>oe?VP*9}VXi;!hJsW#|5_w@x}01L{r8^yDu9
z{|O^V8UO@;Q{L$qP-+zfbM(gRa5y{@(o(L|E1*&^=b+6`vJ9|_gzKiqQ~dsR$qu-Y
z>8+2>@PKj$N+!v!VD|U5=}fT)(-~lw>k|^05>O{*;&T~b%GdC-ltd^2uN<`X(ZN18
zCmr{kEdck26KGqbvnHUHjPcSv1N<^^LdIauj)2;Wg$YjRAK+1a!V==Gjn3hKT7YL!
zDy7T^LJ=bA7DZo%cRmlOSI~D@NiARvd?kA8qw{S*ZQN#Q`EJ1agydJFhdNgSYBE|L
z%fAF{ijfbNApQ5Ce-_HV1o3bCvR+*=!NrcP<{<0?_=zFZ;L2Q1DWnBe(J{#V_W=KA
z2)eeJP$H;kkyqM%@eqzf+evGf^ahMwJE&ssQ~3cF@d<)AMmp_+YL7yTtA_YG2IGy9
z*^dX#R`-UTj(`UEu;l*3Ip9r<&Kp5h_(|+xp>8!9toh+g&WdKP394O>c{<+*>p(bD
z50SJh)7c$VcfR(9DcT70TR1Z`mgRg0~c*4s{
z$3UnaM&e@OPPh!IS5WHCJE)bX!02LFbZ^kh?@mLdddGk;9N=i5Ab1C#(^07=GrS4J
zo4|NBrf+JzgU{)uRBA$3hbZ5$uI^q3lJisLoht
zv}%LV&}WI@+B(20T2Vjb2G$wzJwq66%FOWBP6EFkJzS;_$
zzYZ$>N0nXwNxiWP#c5>+%YK5%@k!7whEqwk2zI)FMqNEZ6&Q+q-3B8|f3MU!ZO#C%
zat5Eqwqd71g!%$=bSocd#lxr~NV_JTCnMC-&p@aRuvs{PcTHx$8mO19+l|#5_>gdp
z-L3|*Eo5MZ@JQ1^SR6*;oC)5bn!TM2Y|W1xZvtbFVUfiIZ&1xXLozcFfM0&CBr+ax!y{DFA-bzsc|a%}P6|GQhuiG^?7%Nq
zkV;j64IUtLK}XI0vK?5Q7uq`k?E3)W`cfn_J3>vm0m4{-uRK6_w;w8M0X}Gr$(OYZ
z;Q9v$^DxiNzSs^-?gqjEfG5KUk}M#C8CRiZO@vy6dzy6>jN69AlS=)B$*fHgYS3lm
zCM)I~sW^0BVU~6~S0P>aLU=W*?=oQ24rggy%sLyPzHz~73r62?7VApjRe)Z0vF_-v
z!R8;roZm^+Di1^!fxa3CFa6SmUi#I!;Z@&UUEq7mzDzw;8QuRAFi!b&y7(9UVNXb(
z;=WaN@)&&MWKm!Iw7?=p#+I5`z=`bY{_rfuR@qfVPLCxTy69#LUo2UoEHoEc3_har
zIIJdgTjq(f##gB7G$m~ethK>;j+}=k50U#+I@%o19R>k^jyP>-?BW-QBPVBYx94xX
zL>^Wr(lkXb0&jVUOY@A#i5YxP9x-IVKoNONy--e5fvbxwty(
z0Q&$(&0gqsR3)!S`oya)Wt$IBIb#|^&4-|z@YU$Y98>i*>!wN;70%yiBN;j8LI93{
z=Lh2nwiH?_9-O=nOBMeO7jcNsg~QswxnXFUTKOAtlY!_8J|wpjZX5yFPPrEmQnmo0
zLpaHI2vs2^1ANR|6?1+<#tZeo0f-zzpJD_v+oC5zqj3mzt1rcL2=Bll4^vv7;wC8!>nX4wNw)&l*~fJ?x1?qVU(Yq{Ba_bqV_y#yOQ*z*NjPMILbIDg2l;wd
zgJ*m_#1*O4sJ!s?+y~_QddLR8ujl9rOMC$A3=Ww=+4ucB#PZL7!8xyFQ>5|rEPzbv
z<~5dh1iqepc;NDVJ;$*So!Qq@au|jf&(}i<8DCEU0LIrt7sl5^7sl7~Y$o|1S>E&Y
z^Z=04_w~$lg;;`!cX3#y$?&8^5=Z#Ho}W5c;vgc9`Wz2grJ`Pj2MDoOeMD9zYxusN
z0w3cZMmnwMU;rFC1?Kp^o?M9beLay-V|+c2Z-glUR>4t=WE--fJzviv*wpv+oPR_!
zdV$qH#PobUWPRV)a~bEvn2lpzi0S!yD0$!4({-2>t&reOu=W#^Y-4;qm*7Sx`EPLi
z;G^Nbo<*Cqg8P7NtQ>j@JYUa0SV{;@n$|9CB*X1oX1))3R{AB9m8zkl@Ff|@~s--7i$
zG08Tje-r^q@^^3qU;}MA-l^jILTCJ=6{G;p>r;eA}=NkK&*b$m3ue?(%&K{@CE
zxVNFuSy=z@yT-X57Hgaa!aSmrxg^v5u8|ipr14$AJBY&d%@or$qE=}&UjY9uT#e}(
zb@pj{-vVx<1!qdibd7F*;u}}M@)FMJ=qB~zOL&G_9`QD|##95;5J#Zge#{MNgk>I&
zp5a}HDx13y)unK#p6adZ=($V(dhr2w>1^oyx4ZP!QJ8k|o!z)gDeAx6rOSYY+@*9C
za+k(+!Tv`iatDXij>b*nF8!*mC9;B?go7d3lW^lMor<*ySpr~1LwF{n0PfQ7F|}w0
ztgXQZGw!=fFFs<4fxwRT{=3}bnT!CiWl7B=q#%#JleF0kapGG*L%mmbFUZCMDkQa)AJ
zk9LQ`U3#xLR%?+{t1$>Id{W3=Iu|cnQd6>?0XCR$HokF}-k~Zq?$Q@=6J*jtFqdXx
zd+ySe%=X=-L+4wX^bwe!5nETD?=G!{mm{nn5P!qRBrC~?AOZnbT?ou94oPLn0_xeXP9>Gg`Yntcg
zq;j&qlZwJ8lx05I0Q2z)S({JDw0uJ5;}dEGd{W9kp|Vt_#9&|JEx>
z1ehx8c#QuzxWu}f`|eU_oe)P!c`4vke2(OD8F%TtfYhYcAape(E}Ld`Vk&Wh$P>~&o*Ln_b~2K6=K6(`e|KFk{7`Ik=UF!
z<1YOzRVOJW9upM~tYMsXX9rPv8j4>ri{CEcSr>8(uo`JwM`N^grDOi
zLJ4@~@ZF`2X`j+%fWL+le0OQ=YdUi>Y9j7`I5MT{yGvWQ)LD`lz$*|Zl#p?kmdNfY
zY5_tUUy;x_+@*bPc}fNY8{sPnxl6~Fk=g)rfXxrdukM6tGu)*&S9$X91KUP8o71>U
zUq-#i&k+9&VQf5ISH8Qn3O*t!Zveb&2xqu5ms1LGmyWy->%~sOqY{qH8khig>B#^z
zlmuAW5VQv0U0P=c^3Vcc8=oMIyEJ+`umOl4YB1kjx}}0QP)rB3*oP$zK)SsdcWIM0
z9&;;LN5Yw$72_^#^no{&eGk@e;Y>Y5`tH(-b3JDCWIQ+H&_(CeLqo1{mzKi<8x5qg
zBB*u3=plFM3)l$7q)s3V3?p%|a3}QKrQKs;^a)_hGAz2wgxsa^EnxIj0N4A3kh^r#
zLT>_b448J8@|3{1OVi=Nd(hn&N0b``k62@Ix=S5&M5&v2U^WCKbsRGv_
zexHv?HgBkYjJve!Hgxz?p#A)xRNr0t;wVt9sdxy$q07r!=|>oM=?{MaECfd7f3vg?
zz_?2*7KXwWpmhkNhTNqWTS3tPQ|Xfs#m_i*_5VOq8e~ch{vX+(Z5@W
zEZNvCNPb6z4LN+$9l+sJ?i3E&yGuFj;O^qEqkGm1?{V14&5c|}mh9wKeDsl}o{B%s*R8$lHeUENhuzP8j&&u6mhIH4i0?7?dsAM)-jFfr
zLAnv9ucGO5`azsp=>zVe#S76ngB
ze1*K>OIP_YuF?OZsy(+FBEAY1E`dy!sXYgq4Ad!om9_R$*fpb02a^elt=+8*68qLm
ztagoPU}yD}s6C<_uFm;atII&kcUp_p@wWxQzQ?|%Lz0v1cy1uzAA+jQAxwafhb6N1
zlZg3I3ydGWL@vO)LF$UW{&dt*`F#|wuj*^zES2j%Mpk~(*QI6c&&T5OXFq4xF5>Ec
z{?&q-xVr9N4Rw&0UxMYy$g=jX!?^m@%XLT8olt+`dt8vGY<2vF6x|A{=+j=t7n82L
zLABrVtT{Ll5q}3&RJs&1RejlD)d{x!Ex|ADNw!RXzf2#y$z`vSQ9almB
z>Jn**Q01rv=>-D)Z^K5lLp3Mwif)CvkIDWQ7OeLa8JHjE)B%(C6{Y^i?ziOqMGv9Q
zcx^lRK+$r=(JbrK!Cpl~;=ifRLmMJb-m}nSJbAgA088DAr&03ceMm`oZ*9>csqe}A
zayy*cz{r6hU99~Y@7+T^dAz>rzqQp3G8sM5HpvUxZ8q**d(f$badg+jtXJLx$pU7L
zC*{5u)Y%Ov5z*;BB&QSZdqK;gZN7>KDJy|cH=N`u6C+ujqH%QB#9m0s!(&8RLgp}UK2F7WLwRXrAmiwMt7RrfH)Yy5x~c5t
z>D@+hbk9SJT!#pDbdwB^;BO$N@F+@3=ZY*O`C7kX40R%-aehRiiU+=mDqe}nL#T?I
zufoN5Q1Sx~>l!KYtGIszpgV{TK#U=IlW@O^k2i;VoRX8NAQTBF`Ht?%t3jv=tbvc~
zYHmr*4vy~b7>i^#VC?9oV(FB)F$sq(Q0UxPWQ4lMEbvVCAg)MV`VZvMJuUbk=GPJPT$d;`vTk`h?tMVia=2$DUrkx
zzN7nCV@s?@#QQ$SLsqHZPfGD2Vo&&pj3aCKj_&@sERlyHuW8OFF&Rk&B1yq#Pl3_WPRV!{pn!IjOW1`8)ABn
zJWAeoEwJ7uCfUX~@;3jjp?PPGs!Z(H?IR`CseS}
zfF~1$E1fCEn|C-v=WZGB_2FuaH}9A7+USRYe;&>;-n{E^mbeV;SHd|RZdW`Pq@Ko(
zZmP*pH*u&EQtPaf?C5T`Fw{TZgtE*VK`Nr}`2C~S`b_=)&|5x-k9Y`AqW7
zSl;U&0|1!*@g62eYY?#whxH3tlaxr}nEr8jBeo(T;-t?p{evErenjkVJ|gc>GxGaK
zjuX&=h9=$lG(h_)Fvss7>4<)4|2Q&;MtIx?aWp2`AT$|AH;vYQ|M+x|W()%Bxe(Lq
zAJ1j#AI-6-O^k&&mWG&K|HzI~`28d2KHNZ%;32R+CMMa&^pDbewfsdO*L^g+e{5B_
z`$9o*0p5he;VJMof@}-o^P>>V2c)=bVIYhp
zI+;r{-R~Ml2WXA+0k0qm*Eds4*O-W2z=iB^Qx
z9gRb$qnlLcn|KCT9&xuX?!bUb<6uWObqmeo5jMOFQDt)%qPi3g)lma3AxAfvJLKr@irJ0j%!jCPbd#l|vkp|V?#JA+|m6<4hS9s<9Ha$OALgDX8VrrKWclV_rTmrY+ZT2qx<8$
z(0vT?r+rM4&XA+~y{h;g3RU{=i2mD2SQ)S$2cx!O
zg*&=Gt_DI|fPD>t)o^Dvj_%1Lk;YgsW<7*u9NjchWO8&*!|a-(wn1i(FBfuj)3BqT
zWBJ}rj&2@LoR*NO7ehN#$kBaao#&vYah)8}SKQn@`BJd_v~q6KVu}
zlI)*QSt?UvSkW?$?kR8)lZ8T#?y?1u&rwV85nLSB^Jp|7NB0|p&<^J#eua<82}CfC
zZr$$*HID9<_y~#o6ftLw44rv`;f`(svDiQ3O~8A>)1#oiJHUa4FfT-aqkGenluLlG83Jk0NozHD
zFL=@ru-1XG)38WQW)>XXXS0KK0*vns>oO|ZWBHEm`=udx3k-XiS7P1GeMfiHMtpdZ
zlqUl(=yN2O%Q(8%1n~4lr0O6vG9)gWadcn&)g$!)VUQtFo;(*e-V1*0EVN7n__`sO
z3h-EXFSrvngUj_`Y&9%aV;tS}mf_Q8RO2T=_?k#7kiC$jo9>PwNB5RV7L%k{j;!F&
zP0%>Hsb_^8-81fBiUg9(z)xvnvu@+){xuRGoI#SZ39u&#=LT&Y-5a}FTE0K9Ax7Rf
zy01|s8AtcWd+>=YkmMWqSw?KuW*pr<os?Gk(XXM2USAKgWs9c{7ggB|mxEegbxb
zaMorV-L=Mg@=+@=nZV)6`;P7yEaGz6ivTMT!hJ_~=^S3!8USk+!hJ{gh*+wFifL9LR(S3~KKf}*A;RN5&
z-4ZMNlsWl3e*Pv-$QZt(`(}0gBUR!guEg{dN2Y{~qq}~JSAa?&)F6^>QT}_uOR?>P
zm9zua#a9w?bk`{0W#k25;|SOCt2<%Z3`h4b=$kD62C!v>vpJ2Udqq`ba4X^u__AJI
z`Ht@Iu!Jv91H5Di8@Mu;Qwnf&-)sa8cK`;kMyAc6YnushbdSajUgic^z!08mw5|HjdMW(%~pMtlc@`Ht?Z5#B)Y9H5ClEV+Mi4veGwMlU^z$)#Xz3}LJp1bm!gU4SIiq6}8$gI;S2Qa*d<=8!XxLsFn}Z;$ifVqx-8b
zJW_oS+Jup~Shy2nV5awiOJliB4gh1MVbKjFs!Q&F?$9k90?LZeVFXE{vnQ
z%pZ^~hxoca7Md`G9Nin>bFkWj(bZ>#9No1a1vUclV?vnk=&p?Y)Ye?Yuk|s>br7l_
z04?^oT(C&s)Np;B4o$v-`t+8v->T&39!D;gkFWVYN_g0Mh
zRwdBthEauiFZlD;P|+S>uW*9z=sqz;w;O9L@K?e)#?hT8&AXMa1YvU+iLD}xqkA%$
z^b;^n85UVAu0Ks>3FDn8K+W{VWfZ#j2-N~nq8bU>5FxrQ+!X4df
zn?cuLFvf?oSeJ2h(^Jv|j_wNJlcW3W6EMvITpYu}ZW6lCZW3Jr_K=vB8U4>QX+g#L
z0aLoFweg5wbzEKi6dI53vPw9`*#8iVwMXNBD1mAgsmosn2LD43K)(NhmUevq!?dna
zE9eP@$U>0Fiqx
zc>_%1yXWX%kQw*fizDDIL#AuukhLkTmN*N!=SYu3;KSW>Gp=FH6zIe-aY>i|;hsxu
zh<6$dn`Cv0#ywa3J$!rf|494p_$rF-{h8f+xtp7t#!W~eBqSja5CQ=qflva35D1-1
zuK_`Nm)?7kB49x*6a}$?s30PWfQSVY6j4DzY*@g81rYJ~oHM&~6JGUwKi}UU+va)B
znVBa2
zHp#olU4q;%q-+!gM4^{F(}B_+az3aji^Et-DF5S_Oe9=8A(9+YjObu@pw?ixE1`lR
zjCTj(o8az1cf(KK9q29!RtiqR-GNrzp{n6Ya9xDM*hvP+hv$4!y8|gt$)Du<)DGbA0~^*KZs|9wFG-9cahbFzgLrAyCbd
z@>o!OgJ)SRUQPy-p<((LhTxrXI0UYHAY5ow#i)pO2RgMMpEmA#fu3l0pw7sV^(mP|
zed39mb_a^qUgJLnJ=kx!P9qI|2j)Q#*>6emvIGgc15H_hr3(sJBh68^D*yDtU
z<4Mf|(bhp!Hl>RIo&=z+gRW0Em?=-e^^>58vvm+<`{33==XYX?oJejA;6ibz0O+lQ
z`W%H*3f!wZm?XN;TL%q32|_b~ZEqqtTL<+#0m49lqe>I>)N|H(Mf%y@!*<5<-AhWzw+AagTs#c*R(lJbD>!6U4Qjs=-
zxizS*X(}o-Y#sDj1G~Bk
zy>(DZkyLV(o(D$Z4Q?G&4pZq=XBl}x?DhQ!7`6`j?Xn%s-h@#QgIfm;uVP1PGGS!w
z;MPHVp0G3H+Mt}Xb?6~W4#BO1R5}o8*pBbwrnfl)nSQSxurl+XrXspfmg7q_++V
zU1BTuV9XwiLj|gYoU?V%ssoVITL)#FSM8!=boSfpSn$TMZ{dfagrB2H0KsFqux3wbH5=z0``T*l@4d?
zpz7-l4$z;#%c99ru_lfRKIIvqw+`z0gRJ=^#oHbO#t+x(Zi4S8avOT~Y
z^^dxpt%JN}lT
z3)Zh-2;?gjZ?>J@I_Rl2Ad~}`q6sB5VC$gDuc0554X~vqkOt+C-a4p8Rj_1VP=;z+
zb}%H^I%rfccr**(%2EWSM{gZ;+QPIp2zyGCsIk6j>!2m=@l#%~KK~o08ml>52R%T=
z;woq%FFH1$psB`PZyhwgB4UsXMm2|}8hD=Fr>%oJokee$-xKv=eITowg3@RU5D0gCt}3qB!B;93u4AL05uoY#sFW
zF-4Lsz$_xRirXT*e@I&g-Rrlt4FWb?YvZYR6I%!U-U8o{!C5ZAX&K>4o_-lcTL)!+
zYJWiWD6l6q{tsIRy?LJ^$@jqgNVE0UL8}_uIDI~FRpWZ=pg1o=67doWJ`PnfD0PEd
z2MziLZzck3pmC}vgIfn(#Q$X51M61`mrUYGMcO*(sYpA$r+_uT6jMzq($+!03Oi9B
z0%4mbQ9iLrpNF_#y$g*Eq9G50a7>f9?o!_2uc&<=v^8A-;ff}41^wvSE-m#+=0M^gJRrRPy*gB}_qN?!Z
z6cBi|nQK!OYG>=9X8X{UqNqIt(l*jmg5+!+bSpll=8|&|gkwbFKy!ntw+?EKWm%5w
z1rRQ4O^W1f9TbiC(pgj3%XsMuM@dc2)~N(m2;wJSU|{*gD8ni1d90{Qw+F36r?W)LREVHpdXRfRJ07q%=8O
z2hBW)w|zk9Uz)_4GTv*5(To{qgdYJ~fu76+!?-gHb762;K_W4ukm1DaEV&VDVCzS1>VOvQpDqYx1-h+uEpywxe
z52m8CaCs9m;?&p#r*2%?7+_`W%qH6xNZ&H_;wn5e1AcbF76Euc`7iS2Rm628RdxLt
z>LEQ-z1SrQ&gl*$>CWDMsS~!osp079Ej_<|jJ^QiPMZ8ADJ#ca$2PJubsb#Dg>3&Pni22f6g-pxIH@ID^Q#$X)H)G(vg`upICL{4Rqa`fw;SD0sZ|bi)b>@zVj-
za$xlWpxU)*n)JN(qf*fdczcH<6g*dY!T^(sA%Mm^uu`Emb-GJNv2A(EmNTY{!kOW}
z%}`rrT|#}Lx6GGv7*4Ta-q65vql
zeX~r!#9xeKjRTi7G4{>sc2=o)68KJsW1ATJX1$7T0;zZl#|I8v(!|&|i%n6zgZ
z6Y;T4let(SXmU
zKWKvRZuK;|fHEwb!>JVxqdDc`X^idgOne_$UpS9)Ak`gjN2HkcSOoV@k5f}P#84{F
zdWsgH{L6dbvQf(gNJJ67_Pllv`MDe50Zr&hgyHP*WseU%PI(I0_Zm+{WJ>t1g7}AL
z$1L*eH6%O^4!z{iDNTQQs?LX3DZsKcPC-$mWs?0frRO9@{<091?wUpcDn$#Co*{q0
zZ8RveG>yZ>UUpxH6!2n8w&mq1O!t7Y(V?ks_w*aNU{sTyneQRflYaRU7_U1l$yQRV
zOzEkxT-vPjU|iHJHWjy`-iFds4Q~&!F3(|PYaGf76fO}{kPZ*0#&PeR`}5wG(la+3
zUmSuc>*LgfBnFf5V@}lpd74cg)*5-GNP2E-fX@nvJQ$}Dn#|L6-uBY-({O{chg=Bk
zPL0P<&FNiJhdVAj67Y7Ho-Di-MjZJpPJ1+&d-~pD?BLVT#@_?>k;Y?w4#dz9qcghx90M}JoY*J8ns^LjCRo0M?gYcpz(VbKt(A181t({xwT?cO!Z2NwT
zodBPK_)}>y_Mi+in;D+4nds7c-a!7xQ6m5I7{a^4@ce<^6{mG|5VAFiLZC(?-Y2oo
zJqin@gX{=GZ%vxPCZL_My_0Pd5U6w?Fg#t?+Ob;<*ZZ^>$BsQHQxX4M@P2~5&<7!y
zPlNHC!xAQq7rfYKy~g*p=f{A3L^u^n$)5Ab!<%4wT4H^Oqj4F88;+8aq$JbRw4B
zsk8`$)i-HkQa{u4-AOx4PlB-fCQUS`@XiJ4DFg!*zB~@XnVU2*X`$(Pf3`jH_zeV!
zO0GogbicB>(~IP_V_pDsd7wG-7~V06tXeZP205LpsH*k2`z8JDYNK!5plnU9HtAi{
zs&(V&byw*hgDg=s*WU_=l~M}}f>j$wO~5SHBseUh0L-I=qB}_(5kr}|YPQlF&jQV&
zhG2SEZUemCkr4c==&CI}u6qnYg7OGX#|U0RIWCE&SE?3yo=i8`8~HV$iyEFXXw+?@
zYJ1Q5NU7j5h>{P7lD7J_;Bkd;QA3d2>k?iJ^uOzCcoYM_ra0j%xKI~riVs4mrzZU8
z*OY|-hzb@XswC^pI~MQ7sg?@sVxTe#~eQgotz{+(h6mkpm^h^HrK(zMRi~1
zBd=0|znpm%YFfTAOA7x1cb#wHHV_U&aTqJf+m=TNI_N(2Ei}%A^AZPA?Yt5_!=Vz4;+Bg=9ke8a_->jRkcQ4&yY%Mj-=@Q8}0agX=vGB0poe2^KCwhZ*CW
zVFeJ-^BVq|;Kh=@I0+qRyq$;&P-7Pf6RxUo;1@SSyN0yFYDe;dIQ-W#bVm3NOw`op
zf?c0DB87m^*+!38Lqq~Ahr_tc{xh<`I30~?P`K805P2gA-)S6q0;Ld8K*O#P6gie&
zW%S)*h#`Q+YuFov*BS>9wnc#MEd@(fF=jr37S#@~0y&_{B_fPoJPZxQOogzEB9uUz
zvxQQ`CM;-Fea9NJb;v)BiE9m`(
zqDMOSUPY|-E(U=(lt5e82Ef=C__6zuZwlbvhA{T40%NJt^H66Yis3xMfn*i(OyO0e
zXCanr=K#A?<5X+fI0ilsV&t_E*fXVYr9=fFOM0qaKmc9`Mc2dU}6>6+mD=
zYn;umLXm@QnDJK-4{~-a4vv5%`I13xAw5smHAHm~8fp?ng_)v)Nw#P$J+mLc*O4If
zc1S9*>fViBVQ5Dg{W;~fgxArYg$B@J-GX&`xXc54g(IQ9G^tP#^>=75={d9v^&hZj
zHBJ)t=P03DK*AJ3=O<82y#dDin#Fe1?)t{IB}M@$P@0GY5h$h8qOyd=e6yOR)_n=yjq#9>((y`6~Fo^LS)CFKK<
z*hD_H#`sypGq%Q47IlH#4d(+6B<8tFku!*CeA$g89V0}#yhWj|knEr}_Xl>t>Jm_wrA2g=UOkYWSDEdUj1
z>3C{*A|Cck{0IT*59i^Iq#R7zc_t{Gx@W7DHU4z7Qc_m
zimj9K5%k2hiKJ(>y2iHz
z@y=0wssWFJe~CC)vwSkBzK3TZ<_>EC%G2t?#$mikP=AKH$*6El
zd|2?vkAop)wziD-lTp5oNQ$ZeZ`B0W{ko*KIBuYferk;&C?xGb=uw)a0x(#5z6rr#
z7uXbypQKQf$wh97dqR4Ce-XZ~1bDwDaO8qkn)zl6^y=75!nGXnNZyP7nH4wL_uL0g
zCYTx(jUxR4RGc9-r^ySIJ!VAp!TjQnaQ(wU@hoP?NAs!5}L~6U`hFX5T6s3
zu>fYM1uR$NKL^z>@=X6liuQo|Y53;svBC2JM)p@AGzA=agQQjV*zEc9K`AIWYY1U~
z{fS7jxJSddiqTfUyf5+!ySbi6M3R4d9aTu&9$!@yr}|_S(TLoIsWcz-y!*29^CD?>
zQ3+JYVb9LBnD~RA9t=dKmyodfc%35dm71i-Mb2pnm{^W`!}C5mypdqkCaO}x$lIPT
zrsCZLAZ@gg6wWxuqO3!P=nvPyIE+M6f3IZdL{tm66w~0m%z-#5?BdFtGf~4(i^>fk
zJfTS(M(zQ|or`|&Z8ZJRdJyoj(i9bf&ppj18R9&kiyE#%!BBY)^FJFNMayBraN#&O
zh$?PDYpXm*=5{jP9+)xX;T+@@>Pb>1rhAe#NO@u2!;~p!n4xV^0X8B!K8IL@x+m_W
z8TD&Fs@W$(Y7Ti>9}<$q6yuZ`wRb-;?gP46GwP6Hp0$d5-sPEyPG>#|?gQb7CN;#J
zO~M-D+UIT3c{pFxr2Yt#`X(Xn2bbqljL4)3r*Ir9Fr-+N8S{)O;_fkh%PS)A^#C@+
zF_;DiWD4BW=IV+?#DCg|tdjA329%SHMnP8Fh@+BGWjopLRkv@A#tyj4jey^}K@gc^
zx1nB&crx@aWCYb{>`bAyL6mW0rauC^Uq3z%!8-^Q$8Z?q$R;y5{4OFSNl!2IpyU?-
ze{cw@OTxB{K<|lmDVaxdAs?e2#Zf|wBB91jYG9KxL8z}u`%t3`vl8mS2+YrwABneH
z;ESZqXL}H72?a$p%g={V8!b)R*E|9%AXBsOg*Z5JHcs?|aYe3mJ0_MRu#z$L6{+wI
zz_w^Srmhe2yThmslrC~NDb*uJVkzS=HiV{#oPg_xBthn|@o~uNFQR58{AXZS2NTdtuhl>w)QkGSk
zI#`-D;~M&d5$_q_zl4B%2JCwr&D$2MmQ|%Ihe&6!!NEQU<-_DPwc&r_PG8X()P(%g
ztLIAm^lDd$pI+_0ZeyP+>%ujzdoR!UXi27SkZsyc`GGk6mPRT5NlFwj_!EvBf0*
z^IgUmzwMn1Hr8RHH~pE!Ukzk7-vvz=!fyh{8NzStfFM+cLv5dIY`iOZ&N
zZsS0uhw$E2@Us}$2nUykNZuL3H%Ha@CLHDiURj#LLwH)G;dux(gr|^aBqma1QK`^E
zsjgJMCbh|De#ZnACThO?6!k8#gA+BR>K`U*CR&J~2O?#07?+_*vN}Cc^B&rDnE|kl
zCR`-{)FcchYG!tm;s#vW0Pm(b&r<*t2NN~hFDcF#;L|kc3hsgvHNKICSOu5$8Yiuy
z!XT7PnyA^h0-b(fCvg0yfmF~d(nL*VoG4whgfgL?s3D_eoJDZigk{jQYZG#mGRBUz
zv&k(QL)N7_pR);dT}1LX2apD_Lw&sF>@32&=>>SozUaN;SC=w&xXbqpl+-6p_6zW%
zU7i^$@s%v{_GGxu!(n(Sz?|C?Xpj{<9_`!XXu8080QgqT;rAmr6zq$Oe9sv9B!%}G
zx9>EbR9tqtV{|D};c1R#JT67zoI^sSY}1V4=`N9R9lwBNQhG@e{#DG9H6T_*;^upTT42TavCQwfb9<>tziw0LoV4ke$dD
z8*vx>mgKXZLbwS0`)^5_-!57Fy;9wsX`?M2*`g!pAwzaL$@itmuE1R|vPUN%
zvIPEpWb^*S5pW|OS)QAf6HL(DzEIRs&rx0QZkWnQlZz;dm$|i{yO{l9T-OM>cJd>MkjYp<)GjGK?&;
z0e3-*&|l(Q1pd86?m=-S@e`%QB|ZLwMS7!^76^{=jAWIM+9Ju%VVDZ%@Kv#7gLe1*uP{utZbDrNUs}b*Okm
zdR!+l=B_ZrmzsqN2MLw@^sj{X^Cf;!0xwoL#Vx)b;zq^32n3EB6?^K0-Bj#
zMWC1aMf#owJ?D;4d@XiGhQwp4b|xG+h(E7|kNPBXM*RfEAk9IAzu6)2MmPE-vfCD@
z9vZwD?Sp)!d%V6gAlGl725+r?1*61IQHGd#b|@zEsk-D7*xvn!Cv_v_mrmNC0;G>Y
zxNe(HshmN7ePL4NlBD7NZPHvO-5-IdQI@9NQgxOlO*%_&J%@<`s3^uEH$X~`$6YW>
z(?>xr0{=csuiK);A1x&=>G2=3ba7Yw<3+Q{YvrTP(#^VI?itRP2--sN&^6j;7>7_;
zLJ%DV<%~ogrN2@xxsI>f;mq@N`S6`Tx2z2p^%|Ip8)q|qF)L^F4nsu!AdP`*q`1AL
zV2~-ez>oz*#u>bXF5|~bUzM*BpbvJU(>+NVs~^D5a%do)Vg-RQ;u01cfAj1i4p8C
zs;E%k<*@%Q)Njjb=+_c`$v(VBjG+BvkVTVAO%RxQjS!g5hI=jQ3^J36iSb};+)tnv
zMb7RW_Kl>c;7LTESPBoTNcT?|=@3>O3b$|v$pL|-d|=nOL4RTipnpD5+Y{}3H{1fJ}Y
z?hZqh0{=H9?eRZ^at8*{6`qvtyg!wKY$yoYLxpm|Gnj-)lJ3v&O)Pbm#(~2L_4mJ4
z~D|8qv~nuhQpy%wYVQAT~XRQNc8m3elAM~G_E%IiaYRAs#eq~k0?t^zbs34pv
z6?`@nIkTbYMwUK_=!U;S0SuM+v?@t%7>fe2
zX{W4Be`c4#lgipJ4#SA=sQWXl)Fy(Q`h%UdnfD}mr6Mhpipo;=^^U5jv?j`x&u=a&
zBKpVUnCeb-yFbCd-)VJW5s1NlvR=NZ`Bpl9@C!^$tgH2h=ye+)T*2**$yAG6FP0Pz
zu9J-*VYT>GFb5r1RJ>;z;N35<**er;;~{`Z`{F&UT-0AXhhe%t}0%f+f`yG@+>Ml2PDD)u55hc1sACw!^Yb`Jip#m}m
zod2P?4c(;bwL=j~YzM1G7vf(FSwSUq+hS(9qv{&see&pUMo-ZXA~h*QCyP}M4aF$q
zf5_NB-H(W%roDkR3(AGfAokz0bK0;fsCW*$M?<3eYV762QmActg_B$)okT%sHi!Is
z^lMg7fGFg8IA>SOlPK>lb^nHDg!1k#;!$1;W?Q-wVRi4vXklDvopTsd5GmT<5BVq4
z?Y?EWfgc`&@^i_|SCdu{uYp%JxT2$$UmQ)Aq`%_(~IaQuRzQ=GeATUD3s1Hs+8
zJpSr|sJefjY>4IPg7XN1=8{YNH6m?pDrewNG2KCPf9D{{#ek|rIb}V}koLl4rW`6X
z1kDkemuJq1VqVxQ9@
zk>edTlyBH)-K49Tf&Fk7X?YNi|J2=bu*#9w9i=zrNR?@j-nGzpd!EAPB)^nMZ^7wZ
z6Hfn`-Vv=~$y~gsldF=f3s`d1(+D!15M(@~kj`z1WpCWFL3zZePa-WHqchYjF0>*v
z$@l1h_7x=WM8jSFAFzNJ+gi5-!e)U-EA1G9`LXZO~Cewp#y_>XpG4DfK
zXTOgZJsho+rom(hrnO3z&-%00QCJJ7#fcS;R(g=J`=B*?K=-XMYqNt=eD6q7d6YbXUC>|_Ebx}wk9p>#-%2D42U#~AY6^+|B_yIJmsh>_
z1SB{WsvZ#2X5(gt?bYZD7tP5nZO5^0jUyWMve6@9!m2m!kATxjL|3>SMn@+&znhBwF-M0UTmGZbcP~Wau+Zhc?}S>E2*JeM
zztyGOuJ8&&^ws4kW$-n5g-Ysti0Zt|mitGeldrySV%=rSC|_s&7hm}sKyJvQS@e@w
z_pI?s^u_-o$^qtir?4)lFSFKF&Pb&85G_R3J(UgIr)@(zy84(;j8j_{d=HK4#kqFF
zC*l3K>?qjysNAvu)N(R(Up(p_8I7r#v^d#xGM(I4F)@~WBy=a*pOEAaL%&I)>*t~F
zWV(J4TAr_8hUW71>(E|&y%0JP*Iu^`ohXt|n!|eFn=QzXhA#O8ZulfZQvL`{LOHr6
z#U(=<@QquB_QK8m^2nn?)J+QwiLM?_uknRM*9fQGhBAxFLOQxZsP_-_GhRgP7~R2>
z62K(dA?SV+hmnB1Wka1kCuf3w7S7)~kW6QM4~h2h>|TTr{RPZ>%@$Rwm%Lyf-6Vkr
zbxA2lLGJBowGLkzfG2C=luH7)P(G$R5kucCMmJ5MRbUx&`xAzU&P(9*QPTZAgF521
z5Rx8+(-bXDcOvF{l5UoeP0~qkp2Wjo&qy@(?A^nlY$pMVnxs29BoUG14_%@gCGcDJ
z@o6g|HOVt)CX8_$oX@lbDSzepCfFpo#VB}H
zFWc7@jC#L6C`G*n{Z4K>-d
zy^F6SA#v?dOoWWLB(C-Us)`V$wSs5a#r`$7A@a^WkAbWDhHUxuYt>bxv2t;BI93t*8|lZxDj#G3DpK
zWIunq1@hy|*WajWqA>bsC%Zx2^9YtJ9AW48sIznHhQT3>k~q6z-5=R&>k!~tg>9}ob)s-b5`Y}P
z8G7Ib-ZWf|Oqx^9jH1jaj55>bpb<_r6D}P#DS%Bg79uF7nBZzU(&
z^sGXrA(G6&sj+68dwsxjO;4rcc*_LxvOBQ8gmd5&-puqgeHU-7lW&uO&2w<|v8GAe
zZsfEyJr__Fv62Tt*zAym!rPgi+Q3=KK43>2+*b1XIwZ{i$tP$NxD-%
zSIkK=b7;y(nzYwVPB+t&Qs4GB2Bxowg9EQb%*~kx#o$T`k=3Iy*C*d?hvvu~lR30BwLtfqs
z>_Ngga60=`?`w$H5pKB~*Z~K>Df@h~(NIdxfN_R
z^z5fBAX7l7P9%z#q`P4Dp`mFo`@Hg^?Qa02ek8(rSwv@_ulCq6m;%ClA_ev8?30vj
zo8ci4w%w%3$v(@vGf
z7k{tRoc_P6xx%4I8I1ZDZCR>;_}FdPyFi?_jPL)gEu-97c^|@D$Y9(|05Se=D4uIFPKvxZSDxr5JbsSU(3Z-KnY%
zvUECCw675HyMEy&8+T+xPh!hjmz`xOgDrZWj
zoN
z9Y}GdlW=-NkDs-BH+F9*bhhfE6&Sm(+9eeOoBplfs)I+)f9k
z4Z_GBn5(!^vr-g5k$DC$BT$Zdrc5wLouNL-a7d5EVcbE1baGV35r7uL`7Q^N(-^mN
z)VllO_ZDE!IC$wCHHV_@ZE6xi~p$O;EbO=dSsf?>t~s7bo}mmGBz&5oQ5&SEXWVJ0!1quPIs#WB*e
z5vQ$0q?nYjxQjAT<_|}dvFBSsV{dvJVjn`}Qxf}R0K^<)Z>j+3GMsNXki5XSZEVbg
z;{{L*?vrq^XlY~f5`$yxnb1KznU7O@61WOolJ2yzdCtHwws#<4XH4`dDxTgXJr}3t
zTAJ>(u_IZ)Hg@2e?cKAW93%mXnxwmbG4^lOP``Z%&aYa6!%Sk@*triWjWQf&jK;w+
z!AG%sF$=NE$iE0Ln!>pw4t^bkW}*0X5OS?bPj+b7Ks13V;(y&8nme;
zg;m&zt&)^gxOTy!$@g?e8lZAG9HJ_TH+rZ_VyS)o!@ef=L?tmA54w^#n2)&@NPhsI
zWD0DjD~b7c;wJ#)T7@i1CtXSWiDtj#km;|ncBNnsnFgArD~V6h_%q)gGQB>q^pL3&
zg5_$8uscJh83>{?G^!7uouN?^+$TpaL3mKJtRn$?Xw(lHxMpFaByUM3drS&{sRU(&
zLtzW@=!qgOGW)y&eW-jgLxbg^&u}QX0O?COj20Amr#v+O7ENZy1Fb{r%BLN=cEpnbocfVKF~M}F%fkqAamoX~)#H?h#2iD6AnDaOJ*cJW
zPM3$t?44a6POL(FN#Gz(?~wpSP14=Jl!vTcFvhRoxM3kB!AeL>mxt<)8mv(!fmDfz
z6cd#wY;hN5&dlh$p$o?T5Q9Hu(GH%ft>AqZi1Z?{iMK(_F?QElfX2Xinghu>jN8T@
zJ`UF!^Qov{sNe*ie+v;>El#Dd0NrZmcBaJ`F&
z6cfA|^Ev9GRmPAu@Zx1SAH%_w4^94Zy#;&M*kKGQ!Na^c#(8F9gp80z`_{0(xg70be)oq
zW~OAFGQsI+*mX+NUN&w|!z82ZmaJ3G#VOpGh8c)px$cHvPMxv>L3HYr6Y$=tQ$ECf
zvU?Imc2f9760qx(G0>nVanTWLh9H9y341t{84iWas5&$hagiCdMP>835y5PpivKFg
zhLCQC!}ydWoNPY-Wzf69d4L1SZy2|;dF;o)Cjp!5;H9%Ut+?uJe!7R^$;Uu`mISU5
zOm{k)y9dF=sZ;nxJ|~-7?WEWbs{9J4pKvH?y3^S_ilm)vJ_IxI6f7BwxK_czQImA{
zFWLN&1AtqB(?d(J5)#wdeBOSgQI3P_WFk^bRHCrOU6eTo?RXPoa(+R#ewOtlXsMe|
zftGrDDy){eV;CA*;aUXuWAfE2$gFiM5Xs0K_$m?vbxaJTadexz+mW-bf*)E
z)_8Ox(Oww3BlJc)L>pAO45xdvG~MY$;`KHsk)|332TQ&L%G)GBQImA{FNx&KgaI#s
zb3;o|+*nK}Qe*?AQO3fI6>xA&MEoYSx2TIQ(Z@Hf;oK7k*G04v!*vn4+S`zDXxKm$
zY?Z>q6RuZa@Z`Qn;VbGQ+O3@jL0H_R>wNqAt9>oEh6X`+&~?%DI%+e=UGPitemqWH
z)Cmjq$H|peoYmT;GYHysr`=z%2SG0v*maLx7j?$VTwM3qb!OFgQapJp$W2J#7{PR>v-wBl;?za_3bIod?S38KiGeD|;WR@_)1A)d
zU$S?0|7QI;+q=!6JWB!;HA#2>lFi%FT+c~xzSI&FHx|>`JQ-^stmg(G7fi`9QHjD9
zcTwideE&IE55}H`d1Pvhl2Arw6S@$)iE~ztk*I26!dTQkn~xczSYunr;Sak
zox0+Ga~SsHAc084wIU9VnxwmbG4{%GFm^L=I%x@3LSow3Q=d{A<#4!;B_hQ{8Cy+U
z)80SHSFlb`)dFoVL)F26r&YC(W?$FZSK0@szJ-&n7A~PHNWX143f*ciAg5Xw)>?=Q
zgOHS>!3^Dp1oa&T=h24*aegJUA%>5CAwel)6)
zg>deUqx4rH8lV-1I+vy!V^K8Q&L!ko!BbrIbB^;1e)|l5;r-D
zar-9OB|(UaR#Hvh1k6LL9gdQ6>QzU>WQmr~eSv9_2A=Lsp#LazzlXzU2u!3f)X4J!
zX4t-l>(34%_oX8HB)*2(jifx!`>PD`9lAsK`=*G*p@bEh@40~yGOajg0Ldh@C8KFV(;&r1!b+Sg8sf<22pQud$+>wW@$Wk{^$ydHQ_IvjUZYi|<{Y
zHMq~OXby#Bex&Q+0(@EOay@$&E|%+iG-z=A8kbpCZmxO!6yB7DR)1DwEb=!D;U($%4o3
z1+SnJOIX-I2;>&Ho8le{+M0LXDFwYHp@PuPPxr!B(4L=I!E7i9TMlk+2lrf1^6{U@
z&3JpzBBQuyVJBafNq+`rAS>oeD-ri$kA5IU!}ORR6r4m(A7lv8uyX7fIEB?%Xo!YY
z5@>lL-*6AhMHuNm?5&n?&q#ckI9ujIMb&7EysI*SWeed@tsH$(7j|VNlvR)Ch;8f#
z_ZsCX6~fkHAlC5KvY(TJKW9K$UH@-%-yN&<4eR+0(sS1laI&Kl=>F3+xX3%)lkZ712-Jb66n1cJlvh45Oskm>Y{Ow-`dhS!PZUnP%wH^
z6irbsdpA-e!;EMPH=orR=SO)-kqQr2OsaPBS)<@^T&6#hj;zz!@R2DO5r3{vt?2POU8
zVngJ1H6td1c{@3i_k0rRPp^m9_nREfd5#EsDAH$6gWRKL1bP1mVSFN;ir}*zhikse
zZFND;ru+0S7ed{GO5Lfy5gAzxlL5Jn&9JKkQhZh9f-!tg;uR#3JK6{fO9D!<6Dwrj
zS0MJ9m?(3fO<(J;@f+!f9!kUJVQ4A}ba>wA`7|v`%|hX(*&|72gLycp8>Rv%@skjC|V0aX9_k?!c_>Twhv$$7DT-DF>1vacW5*B^1+B8vx%7rBMX
zR*@AEJkA0ne+3~5X`Jn&vKP`g$48|tq;Y*8m9LP-4SZChLK-*pb+}6YHS~Ft)Rl@<
zNaMynDlQ?7^L$h^LK-*sQCSFSobRK2AJVvmZx>%%`Y7XuG%oZ}1`KK3+E<>hMLx=J
zA&uMk+Vi!ok1|q7<90sEFd>aQ_$Xh5H16m-itGDw>g)J(QxjpNNHJT^#AH?z!FhGI
zTsjo}34UkxG8^M=
zQfqX9nwIqwWm3!gg=p&c)`Ag)ztvVlG>!1E>HPFrb<=2fc}TcK*d(ZF8e@jzDQpVv
zo0W+nt*$}jFzHkLqQxCQ7x&4BdSQF!{46UZ4ej5JWcmk$t?&V?Ipo(1p}cPSuXn{m
zHa|rA=Rsk94nM^C2lvH8eSWCu@7e%WMFW1w@UKLG^K<#3mVW^J%x}mKIsRhg&HP6E
zkmqlU{FI-^4~71to$%0%OU+$io_|nh6c@%a`$IMo^}zj$~0~Bi$8m;M07Aotu+0oly5o1T9@80K9BOQRO|1K(58P)nHnBlLAa4
zf1#uo5`pR^r6T>^+VJq2Y85vT##Nh=JBHzS0lqvYRWB39UUQa9FTiqXLB7IHYm9_%
z$IF#10M0gi^>HQo^_vLkZi>$-6(WBnCon7I0?bPne4^ab8?FVZj^x&<8Ig3uB61NZrR?E
z|LJ*T%r8|C-y?1bW3F!t>^p^h>tG^1t|`>FQ?~Nad=iI{HQNR&ZihH5GJM@}C4+Fq{nWC3d7_Kz*AC`LF^=KK}pe7sUJpyoJ=fDkBH=c)Uwg_(CaRE-tg7HmHfE-
zZ>Z_96x4xA*Ipu&4yt5@(T}bN>m|eY0IsC!95Hop6)FAYPe8&icsT=Tf>Ln$b_98k
z;X8pV;fa+U1&pW1xnYkQDnS|%#;q<}n$sfdz7`-9bC&N;I0utLAhI@Ls9!LQy&bRB
zD(Dyd`=wwWLo05A-p49zK{r;o?Iwl&1_9d3`Rh<=sr1Z?h+{L=JNQ6De^2Kz6s
zBE?BLVI*F*^zeiK@uv;ZGQ_TJ2V!2mrI#OE{$J6>YZ=N9mVezGDO&pY!RLS5jfXIP
zi1c5?u(@S8KScYfXVFqM266u8=b#{xkwpJn7^=67;)ja-Bem<5`oj2?@AUvO2Mq{FM#_Bhp;_Sb)FOH*SZ0kBDse+
zTw`>H1fVddANd}PnUcFj%S$t|j?6|NKjJ_>MNlx3tRej!!k?7fy*yS*)~=zqVjxrS
zjO7014}U|*`d|zQi#X^JRZIE6W=gMq0X|ez6;x#+Pze|5srUrFz);RD$yrC)?!#Zl
zun}*=aL|YRo#J>G2%(CwE0G#U~^M8!OO-Lj0!#adjya{BSJ6Wa`9fjz!2@k+ui}lY-YO(1oOP3Dyy}
z;e)XRlXOolO&pQ-JH87oc%lMb$YF|>R>~RP7E2eBzE4Xl`0Yc8?YkA|Lejgnv{KIS
zu~@p0^aom6!NV{ySa7uhUC7~@mJZr8jXA%^(uGveXBjHP1v%*p5)q2ok~``Rh(Ow;
z%8Z$mmG(#;AJ7*ZLCnsKU6&$Z_DdchO#d6g2Xb#$8Z=LK(7_TNP
zq6?)cOi&XPoBQFuyqc7_2a_JHZi(xKzE@aJOmwuW9zUM$&tY<-RgL&%bboLTKF-RF
z-%R&^VPd3JR{ZUBzvc)ywG(F1eN{|=w5pSEFWomr`!>EK^Z4{i9Nqd$riwBv_P{xkVNI`Bhh|3}C@
ztvm5Uz(2YhXaRoc;y?8yRQKYCuKqR#9(wabH-8vu>&Fk>{U4IHVt(l1KS|mK@lXOw#y?mjE8
z1}YkAnhxQS=b$hJQ}z^24~IVor=qWV;h)?axE(Aykz;#?rk(~9#x
zakew(lw5YsMjKLhSk4Hel-@t2#HenGo5VS6m6HXOVPLJw6$HP?gwmx>I61L&$o~qSy-6)2pXQwn#7A9)h>3X}rWN
zgp|8Hob^e@`F&R@OqF-;=4_Q)(YtK>6dNro`xD&n
z<$B>clAsh4>F=W%Y&%O?g+|UwoINiRx8kMT8ft2`95l7h|Rpc<9WmVBm9+dNhR
z&OWOn+CZ1Ua!nO3yj+B6ZHJ3n1PG|y@a6+teAb`kNiG&)@K`>R&hdOE_bN>E@Y!ei
z@k+7JDuZcDkClRR*rM@5bf~P_l6i~qX=<&6*{riRqLj6_k|8=g%m&^FSMGJnA-EG+
zqvzoT+-x3lzNDcE42>n|*0S_)f*{VCS^G%W`Y4jVpk3$7Stx*=ibH$$$AZ>T)KW%g
ze`H@6>tk6wVua{i-XGDz5WkYZY3W*Nh|X#LJ=5_1FuBB&K<6svUC1yp7eY;O7^F%R
z-#Z@MY8G`(@Ymb3pM#jmPZD(wNe}8$fGU*VZ3^@%vjvi=aaji5Z8~Q`Tk2Vyjnros
zVT;Vv(6Nw7ZQBovys5vSfi9E!MlEd8AqF)W1VbtngUcKz6~CpB3eOmLn))C{I7VtV
zIHt&)4SQOFIgzdF;(ZHx2+Z@nkB*4E46z#&?vD{}WvisaXm0}x%&90XT)1N)Q~`%^
zj^dV-^$6fa5r6JC6kHEbLk;^kt;gOkOL_2yEJDG`oZA$?&pR)
zSvG!NC11zb;m;94Y2
zJi3e|I7EC5FaJ;uNywO(qzwEO`X$H%K7R|4kY!iFw*j{uN5rL!A#X%H1tjo|yY82;
z)-|}e>miC?kr{|=h61OWqAvFilO}<|l#gCe9U-
zV1JV68~VTx-VdkSoOgkrzKQeFw=mw1kq0kgmpMdJ{sR1(!x2f9HbKSDQQb3zN?boU
z@i^EUERK%?d^vnmp}|wgvNoWcAUui|F8ql5l}Y`r_f#?f#1Dzci`_3aGgj9
z8=PV-{I@lL^o=Mkuy;#JYfHE&_Ax&!K;-u&UPS(p84u=BUT$J|6LOF*=_!zBxX)qQ
zZa)+rCZ#t>Uxfz+R#hxNmM=mQ;%kjY>V=!91Z0-cOVe&|RKosFoagp7y6K)~?P%G`h`%rgYK
z7+y-b0Wb9et*g>FARS9mfo_K1Rg4hFOvCp9fxU@WDV{FU8FK*hoPn1rM71OrQXD(H
z0344@ua||~)HQJ_@K<87=OZ3kVy7Mdae8d$jGjr?grOLjm75;&$FVgj$>;rVj)m>X9g+%9OW1MkM9
z<6g$JN9GLdiFGraO>j4oe!pBk!Cjy41HB)phnRN6eIc#_a|aT4JF42ihp}UbTZXEP
zKm}>GeG1jUeQ?^0!=R4<^31)npcRB2(XGKP=IYhC21BBp%K7BP2g`9RUp%)`8*ms*%#nY
zP2gOv2$iLo*B{ZG1#o34f~t@etDZEUrmE;sFm`BGd04~_NVYVuV=N~R13az?1L|l(
zt~7h2c9dTO{8s7NapU347E7?ig}nH`IeUX7($`*nn&D!^MEf+|hC
zKSH3H^!7u=okHo<4ul>KNh&Q|1K<^e-`)XXG{C8vKr*7tc~tm;0%=9L5YSZs*Ow-k
z^fTc=p$zk4b%k<*d>(|oM5;mxOs*%3r1d3+d0bJR1a{8BRWQs7g~(lPq*d%uFLudm
zAh;XaN^H_!ZurzzTFXCBFPg|?5USlovQVc7+DR+_Ih&LZLi?LYTranm*4%hIOhZAK
za1&|ZPtepsS{sV&Fs%S#-A$y9FC*aC+h_BqYFbM^3&P7ck-Fe(_dsVE5u0aM;va(W
zsY4RxHT1dy0U6QuB~&?-Gp_)<5yZ#U0p49&A7a{)O&He*zTsdKOI~}RlQ8LTje$PW
z^V}_XZHTIiW?&UMOksAS`l2sV^E&p8L6MOIfDH-awK4Jw^p_!z&BBip2%igVaS(4q
zl|-@h=5&&Rik#d8?6DwTuMy-2%JAROfu-tF9sqVEi0`M`^EMgrZFecC@|5R+T?pc*
z(9H@Ak|FI^;?2l-;6`J#EjaAVbg>%r50>7?FnL5JTBZWa2;xuo0Dil))^)bitQoMv
zAinKQ_&-!y&%R+>asaR)L3}IOZjs=Y@^>vE_aexnKEkHe1txRua9T3SEX
zwDDA68A1FZ7v#rCD;gau&MD1+6$bH+PeXpJv}O-+;ty;{5dV2N@Nv?59(H8;xxf|&
z@!0Ob$4e^|jXUF;fISw(J5&HZL0VruVCz2s>_`w_{Wk13QCfZ5+w$juU375CEeY=o
z9GD`*>-4a@L>}}T!f@C|sCgTd%#hZciMEm|z-k2X6AciE+0t@lt`PdQU!JHyn#V
zSWP5u?v*CC!!GIFixRb9{4
zfpCY`L}60xjbfgbA#EJ9t_16m(#)IbXORk+{Nq%38PsE%PC>LAvPWJ-Cc7XbPY=U@
zoXm0otSg$yI+blqj6ee4%gAwK(b*wpSyU{kI8;)UU>-y(ANWOv>{x)=1j+*q!D?BG
zDNH8eNA_>lw@JkyjL;-yMJD|rt)zW+9$5&&J(|RRa$!;G48!_knO)jpbA(ag)u4uE8f;cI!|J#dtlz*0#Q>!Q
zizc0932Jr2IynnYDWGL(DjS?xrqu*xxQ1bkM0cI-QUq34VzONnX}}{0drc!Ea=P8`
z7z4tzn@HPQfs|!LEJKsSos+vkSnrV3p3s5klA6)D!90p~J5a|cd(bkNBM*RhM3ZaL
z*3N-jjk42Hln!|w*aeOA#?^smB<3+m=TNuayorh%~7CQs4uuZIyv-npzeYnwb?1eczMni-L?R$Y+R-PU9kJv=&Aqw@#xg(i?tf
zdGy$6Ko~U)VKh4IG>{b)K8WE0W_gUr$6?z>12HjyK^-{;E*j>bcVX|5&@~>1v3>x+
z{*3)>_*%EXkC5QJ#)0JBgvb7l`YiCBVJAG#nEYadc^3+?5xCq7`e7}yl|=YQL4n^4
zU&1-T>f|{PzSAVtEYg3b0@n>+6(kS&DcuNgBn}RjTD0V!O$7`ytP&Op*}G~W)N)9+
zPna_eyw;T0nEXASA5FZ2)m+6-7Tjh9HSL{k+l7olo^
zSj7x$d=sv+P0c~L9=l2I`xD3sj~WqVJZaJ|qXJJF
z{sE|6h$(-gQ&B0eY7HMW1#ONIa%sBVxhM}pibE16&mul=SX=V&_a`bfxxktRaX+e{
zz>7x2g@JZ0-V0c95Wk#^dT759adEFb$2<+#oSX1NMnsg`#@7Se;@~_46=r|xt-Nk{
z4^6;_Cure}{U986NTN(Hyvi7O!>}%*1Q=)Fex9(EWXm#Ts~~`H8P>6_0&|;izo9WR
zJsNUH4L@yd#I}q>5~blNkr?K2)S7{J4C@mtl~RfsjX)?YO)7IV1*GGKRpC`kWA_C(
zln4|8m85n3=wAljH&Xgw$SvyTqWTDY0INcuRfcj%;Iv^T{S5kg2yS$Q#W{Ed@QmSG
zfpuW{oCB!3Qn)CGd?wQ`Ad5+NO5{hKvEWd)*qLc}kGFE$qDZ@tFGT9$vnb-JhkGDk
zsjD%sYowrNHS4$pMOVnyn_IYL;e)lnUVq_z&jM?$HmUqja+b!8vC
zQ<2&Oh6odx$6DjfWB2@!@$jLTS|s|{f7D7827S|dCMax4e5>Q*?ZID+)QD-4e
z7O(FKY$dDBkv&Lk%nLBlX>h;7VbJI0lK+d)<6VHO&_k400GLqBpqkEFDM>VkIz43_
z1j`xp8-;kXtGlYXkSfnQ0P7Rs>p=*Nf-=p0$T_kdoO?Ks{F!ikwgu59<|It_aWNkU
ze39mGhl=YP0&R9@OMGH?5jTMOqGszZqP$t8r&X9^i@XQ=1ub#~fhfry_6&?QIAS#{
z#CFgJo3rn26C>RbsdzpvoFfd=p9SUTZxoRAd?hX+w;^_gND*C@rr7c|C|eFblHltRYzFBH6P*z6_$BNb~*H514}@^iLpW2PY*{&SgXM
zdTaiARPJ!CppnE$SS@isV9i6Pi{$D8$qk};M}R(PwXUeNb_UYdL6uPwudRUUhpeyD
z6lEgdIX6+T^D91lv&QaHv0exGk-wvCuzp&gg7FgIw@Xntp+#aP*xtR-+Pzcpz5wTk
zQaqco$x3OeD4vd3X220lNEtz?nOOW8LbcgKt-&#`2~LAjJe%@}^(v|aGEOJJ14>cs
zP~|@hRgYR*|5U1`g0r?XF9u$!j8L9EzikHMvCaB%lahE6?8E;q(X>4Lc*?psMMdjV
zurF%~E^CxY*$hn1ZAGFzpn!*B#<3g@Wdp9j632Hzx^1^c+tJSi++0(F`k0(@
zb_U2htu|A!0tQkahbR&^U58K4dMCZ1diQq#nHEIfpsMdV>zrE%s`%CbS*OvIX&Vrw
zUFOLoYzhX~1B6gnRfbBT=+H?dGI4iAdCpSJ)&2Y;`3@$hm4)hQeNcRq}VSA68(em^$~`}yIBpBhK^tNie;KNAZR?gRYr
zA^z14nS);HY@PGR-v-(t)^_0u`5lHl?$>;@#%{?cgKFIu(N&=QSR>&<1d
z%3MZhQrmrlDqR%5iN$=Mm1=rk2%w|D%l}p-v)tLok!e7aWr$#gutK%v*~rXw^`U9+@}tIAWP;@;lTPqDLY9T)ux&ii*-|ZhGQ-qsuGH
z7CSA!)!noTyZnDP{cF*I^rqf*m74yMX?O#KI|E_d83^ajKm>ONB1Iv02CNZg$b5L3
zN4)`Slo@dph7&T6x&zi|Gn_C>=26mHW7K0LDj@0*SOsQmJ}fL_sYhV7FzqhEYKRna
zm%tithS0{vdDJJc?l40sdQeWC0&Aja_X_f;S71$2%I$7}`w)0PgZ(ECBlwFF)h+O$
zZI6K71RM;O>=sP)BS=*p1lM4b{qT%_>Ys!+oZDsd)mb`fA1{BD{y{Ot2@Ow4V0~}
zrj_xK5NCmXTN+QGHr$$STJtxkFqz#@6W~zc{)BZpoTY(0Cdx^*X^bx7l*FgF{0#Qhu
zr5-!6nZz+sk0Jc)>X$=*g(0V)+5H~-^Sx60n}F0L0#Qhu2RwGyiV~*>@&`xYD9vc_
zx0iYBKU&Ko%mC8zNW?Q}d9wZR=wE?Ge|x#dZd_F=`aID0{m&#c{M#!%_Gmb6GUnGn
zzv7bccunn_rHBeN{@aguY!j}Wu>JkvgYYjc!7i%;O#tjw9=peKiBli>9b6pEk+Cb$
z48UIPu?sO5>JO}J2UAp_DS%z*DY*xpfF|!Vk(H;jX%1jN?y>Xnl^MCZRmgh6&8|da
zyZxlcGZ^oAw*h>BvdA4sgXvj71;$+CDb?(poCcf%=7k7sQHiDj_F9kq*=e|~J230P
zzbrI&Uru-)P>JRN_ER4F@$2}l24FRDG1*VV(L}&r@8Ow1W10!rPkTxbl8B?JfIZ7o
z_3V>a=F(iie#TR>C$h2{(`3MY)+1*FjcGPuZ}9j@?C!=qCOjvf4)9{x-YB1rG^PoG
z{k(koqA|?~>`fjyC1^}j0(-OMc|PB`6@$3_f-_9!^Blq6;wei*z2C^^NrL^79983u
z2aS*6$;(ZGJ!3F_vMr?d7v48OvB{`<9{i#X1}h_b%0SGlj2ei6*imOn81(@fSQ%!}Bpr+cgjk-W2`>Tqk%-`KXa!A0H|hg1-9dH~;wA1k!RuFLuOo#Rxu1h5
zUqtX|$I&u6&KOD((k7$+LCjsEt_Mlwb%PMiq#I%MBly!;#~SOw=0#$)31r5rMBAnT
z>MN?MQHsLZw&5dOd#BGh`7JO$0q&O$zBp&pqs%vb#?bO$I};hkZa+4H%C1@fLuv^o;RM_SA4#!7$gk|6kby1d*d`(X???f+GmmZ
zo)`>+(Ty-(;;hM7EE%7H)hQBofGqYgsV#F;5!*4YBIjQ>_Za0irb)B?j4wdHbe$MB40!s#?0R(2?U$Q2*DW^JH44&(}=nFPcBN;V=4G?1t2YRkc
zqUSuiDg0oZf{fq312R)Acd(sKNYGe{*V)yqQkBl)T_#pQdx2%R@eL8Xrw6o-wS4Qb
z*^m_biSnuUNhB>U<|vwp-5~Yf<3jvsB=5q*VP8y4HZa?bgEcM~3swNu+lZxlN+Gzr
zKoUP0r6xd5rx+5^F*5IG<1E~}FO6f+r_O3dF
zu^Xv(4gkq~YjNtg`(R6^W&g^lydPPgHdx1Dy6NZC`x3L2fP0ZS-`I-OZ-2q}HL+pP
zZ_|ccd?$sT;40-T-&^Yb5FnOKso$nU!7Y1uM@r@WdcJ=Nso$nUtSy_43isP|kT}k-z`dpJ
z{{h6ZDfQdK`2H%Vbnmw(ccOF#Qj6~`JGL`fhai4C8TXbQpGgq9Pqr)J-s046m*?CR
zKyX$I-pN>YTPz|i`#@Jpv$|6%;d7aT#HZA6(=JTQ-pJ{CyrE525Q5{|PCzXC?#7h9
zi!|BZ$@lr3j>9&EWP1=&zdaCg{r2|0gc*$#&7doleLW(%C@)gW9*ZEc-=;S{mQAm!
z&@zC7gHSqAN^cdQ38(ZP2&L#uX%bAFe0R%a6m0c1H3~xPYS-uGAZ@jr?6V{=5prhJ4g-zEW7joDt{%U-qoDha4>-h;J4}CyOqJ4
z1`=Qx0roQB!E7=#0g~ijPkK@iqlwvh87%1LH{*3XOQX1MIiYPQqpKf$#w!#G;3g>
z46u@yPVcpBI!4)VQ@Ghn5o`2e0K9Yw2kWz#vfew##i>8x3NT?K%bPGhwgiZ;Xdl)@00)OpLn+ahx+7aIV}
z{u}rBaB3Pd8*ygROac?YZ_~ZE3xiipC&2PK01RNjn|Mc=%z$Kj3+_=iWcuyj=K&=T
zD1Li9VJ~6qj~JT(7GuMA65g|%`QCg2w^=~xwFihTWm=s28R9(x#AG{-QGUOV8>=;P&nuOBXscsmn-=
z4SaeMziHzycO=d&0m7lLp(YXze-@>28hrK&_~i44E=wri9Ti25wg(YMc)*Y!0a6~3
zi5hoet=cTj(<{*hR^5W!!rL}o3s4+SWj
zm?n&JxN~;wGWdYrl?=WTc{=55g=Kz%5g+204~
zLe!7C)KdD(6=11mMl4;4{56-Hxih?X6C*(RM1Rbs=luD`OK9GiU+uw|eN(7D7?i-8
z-Y4iUvpQlAc4~+OmGHdN!D1-|V)NfNH%i5x({9g1q%bRMkVCK2AfNc;@&()p|wL;dy;zNZwU!9$SqBLi|)kOTr)
z_Bq`9ZTbyRuRVq+V^$HE0DivrR$=h`l?0f*8hG^?@N6MDSum>^rPR1sH#n|wWgg2Wrx2_>@?X{Gi+C&T~)8Z7P1R&n^K!g)zl#?4s6`H1c
zDe7j~yuPz32(_5Fpo)<_#0$6rCzR%*6P6Nefa7dvcQZF41iMdxi0qCSh?*sra
z0RzBGXJ%Rq_1hJ*kXN+}bjW?n>T
zF}>fm-T@KKpwR$ui*foO2_mq?DTZ=DydxQ9;QI#vht8i8E4uf-&vNM2Z@&Vt_c(LO=k(>zhzo%&n*>?v{x!hS`@W#m`kc}-
zNc}d!y%p~y%_T~=W5gg6h*(%4^)^Q)777gLN=36MvlO;<%*Dg
z#?P{^VkGn1^c#?v)Mzsy245wl<1VkjcpYC!Ps8oJdAZAts%LOI8Xo>d
zM)e9pyuleH4S#u;jUT6(;yucje|ZBb-as*uQz(de6-lW{Q?RuMUp#=k`}c^-AF_9GOJ1*lp%VV_2jcM
zL@(1dL~tJrhm%n$Qe_rQL^B-#eyN`GLQGfE<6P-~LpuN1A#qC~U7%|8Ay}<^vQbxx
z$QJRbAZ}Ys^{I$SY1Qq)ojbGY_TV1!Myh_FQ7%ID`;4Rr)$cRv%jZr3R(+Y_s-Ai$
zcnW#2w5E5EBtSaLE|{_Q#ZgP{Dg41^~S
zrsldD#&y-V=HS6OIMKQ^eavqbWKD_9uarWkRim9@SLs^Rd2MidLh(nShX0JhZh(gI
z84W%Y@N>l#-Uo$QkexycA+%)?KMYNwmLk_3U@OSE1JFFx?Ev&E0pT4$KI;xZ^Vu7A
zfX(Ot`&Ja~0Oh6>6M_y9Ap{*DLI^rQgpjZf5MO|j^iV={N#;00Xcg_2gnoM^yd?5j
zmxNZ^H!R6iLI_F{Ap|9f5E4-mw6$C%WP)3zou`Jk@&D?cBg|?M
zZG42O+O#U%2=ivu#zp*5$O#sc^HPMI|LRNIjra&T+l?CXS;^UMG;rjkmibArIgaw7XqrA@l;q|>j!MNPxLKt-tiSqM;W+yBBllRrzRU&v|z=%He`tsLA@?3_o7
z)R~_N@p>_3#sCj}WT=Q=SM>s>S;RKA4W?upi=nP?QSVCFp-{IPbYwe44t5}SRWX`<
zjv8$-tg#C&frivy;oa=kaq{${Zs8gzrCTUHc<>NW`m|ATjpTvn9D1%PeM9yz+@~q$
z&=pZ=fl9K3>R*9)axv8_V@6YCpdtz$sOZKWs3aeyItD8FtW?K9
zC7*9FP*wT?C!8p`y0i6yTvus#ppr~5L&*S9TSZjGt-gCf#G?RJU!CtSVI%O6GE{NY
zg45||Tb=<%ilWmUbQ_@DJU&slsoCJ~Rd~92l$@pbQzVs}2mKBlHxKgGZu4l(-dZ;g
z`3xJc2HV5=veoJ4u>fqfjoDF>tL5fFH*WKg4p=u2`K+6Ve7;fh_!VqYzk>AFlyu!Z
z_CY#Zny6Dqm+*hpW!MmngV-(2d(XBp=;8?fE
zMW=hx-+;1th3o<%xUnP-y_^gDWzv?qD%t?bxLu?!PF3&^PKH&*@ZX_g4v?d=(Ss=t
z+mlu}2}5i0J*{pMhIXKPBc}#RJ3Q%v5Q_=F=^lx1(9hh9_@6M6ex%gUX4wWzh@K+i
z_g5>41v`~6{wa*4+lrxn15{WLsNIcvF}alv{D#0Sz%3R11Dy4j(-OGFIUwyLbhFvO(osoaWG&
zi%+jWKSx7zXgQbeD}wYZGp_-;qhdh|ZTd3`KLymC<`?JnNGUaTiy-}C%T-|4QarRl
zjXb4>Gj|Anh)_p8KzBYM+kl=U_6L+#6OCr5umKU<$hUI-5`?YF}0jqfN+us){CR*1$U|D
zE3y6u#@C9jtSdDOP%cRgIq49=2Y@>f&>0GMq>DSp!3`+f_+`+gtHMil@jeEgJ5c`D
zJm;n&^PJSMdCq%a`}NYIwV6IYd^BJ`Nh5ZVc@Ad$avWEl3^RWDtVRRO_~mma5nu8r
zbp2v-){EnQ|E|4=w${6dLTJV>i7=s{pF8{=
zC><4{c7tB@Wv;XFs(#}qoe`ph!fWZ)!!5vznqE)NF6)q2D?27hHKsb`*vgJ+B_Fdz
z!nP2803HP9U?l83c7VG`BPPEkB8Y|SA4_DNXy>sM&=8Z6^H>58x)G3<6`uCShX7@j
zi7A>SS|~5T`RDP%ym9S(GTGKLjao4b}LUoVP4>mdw{Xl
zQ|@D6m<4SDM=(%^);Z6e0{ilj|FkD|Tn=&Ak=LTby;AH^rFP)hW>9SR1V{!3tU&jN
z@x0ShnkXoKCE}kPk2SzOl5C7y+Wyd%OY0qN)$YWW=@cmJNk8Ugl^U4D#DM`QtaqIA
zj7j+;sG44i*BqDEOW?&VnD*STclW}4yiB3^FvMULJIQGJjB8Y^VkaB*gtIEA
z*lK5W6>QmAQIB?=WW*uD7oBVlLtEvQ5qF?qBy27Q2SB|IrT8*~=4KW$1am2!~49F6Nrzc$IVx@*&Oz?!OGAKw5xu`(Ua^guL?oi~qg|`B^
z+rn>^kqNhjuLTLU@PxfS9BvFuvo{hh0!b5TL|r}u^B-Kh7AwL6KtoK1BBUNgJ4sVG
zc*VhgM&XCR;W;(!X5b3NoSN=oQLa!-tL0;M3eBv|0t9IO1*;^*D&VsEgILjYoA6UM
zscH1^Y8SD)d+=sbAv7(qXFC8BQ5mfLIV9jt+mAdy#_-eZ!DF=ek7mF`aO?*+H>cgt3#xqTMS
z&0uasKc2Wr9+jdRJJbI7k1_3kzZef=iL;v6ThXh`kg(@dAxa^`ERTe%@Dxw`33(bu
z?v}W2QLJ?JbO1EOWT?V~FR&u%1&BEi3G+BYJQ4|O;VQfy!!=*=(CfJS01Yu2c*O5S
zv2%*yya60`7wusyXRRma`Di-FKr=|uXzzbHoW>cjvl?>K5%F6QmP=JMX>J?2d8yOf
zKQ*f9NFHK>pBnWVfdtK6HvdnJRx+}OuG97$G88ZPZ~ik17l4<$P65#nQTn1$A%f{e
zBgtK?eD)%iXdpScK-M|EZKOY=@C88GlS~;al}{hL6~Ffi=plux3;m^o>#ixx-Po^v
zKTW+P->%G+_%;KS7dDh#n=C8EsD;fhhGzj!H6w_$1o|sA8c|I
zbM39SI7(!V=EA~i?5+8C*x{||SI%jO4z9z^VIZd{7JA&dQk(@(k|k-_TdKA&{jqtn
zcv)`odM-opD0)Ooh$5>ZM33acLe2aTJ(ACA=7;E!e8$XgCb-{MjQfk={$Fb$M2{l4
zBYG6U9nm9~JN-KPIK^E%$K&8GI~t-#YorB5{1#}Ep>TEYto)#=Mq0bbnL=Kbh-FP)
zb7xr-+>Is4%^;|t*ysuy0w}i{y(HlZ<6jg9
z$&(eW!ziTzbxA|atzdNM5OGCEiJx#fB04M=!8@Ifi8
z7J+GwK*Cy4a~5etT@IgcEyi_&;;oBV0BDHGXdK8z=PR#pbm#j4INbSYr>)!hcpq*=
z=aZ1|&PNdLeBJ!m?O1^GU~{EKbY0c~lI3I^QQ~ly@j{-T4lI{J&!B=zI~&A#}coSKvk(00Rb({PUP_DM$C!fKXm56OngQI~0R3W)G(#O1
zcSup(Wd7tJ7;9r=0rFNTiuNwWyMXd+ffhtODidC9dXlA+^LKai0P&jElvgEUv6R=`Su6z`p-;B~L0!d0cbnmWvisf0N{;pqF98~2dUAn7rV4QY
z5c6{+?8hh;!dxqjfD7CS)*_K;9!KSPu*Cg?zQo3#c7d^gx}+iI1{e4daU~Zx;1uQ=
zibyxNED*Uaa8MB!xC|uh0^7i63<9P(8VPGfPDP{<^@I4OtfjcVu6XMrt^hQ|WGG_r
zWJyD817wB5(K*vCT0qQ9By2Zooy>J1xEfWFh(w|}`-l+JaLra6waM=dCk-(-n7lop
zWVZAq^zvu$&|MLR+%~)oP%iQX)yw1mM0};9!b@}U{so?_9?al%NJh@!=gN=_@-bpz
z1}{T2m`>G!i>Ukvyvr=vM(%g{4FELEyL5_v_XIWwo-wP9$mRhh`pJC=fSfU#(=)|e
zc)I63YsN|hFn=3`nhiGBW=iH*3Gts%xS3f
zAA=4TbGRYh8=VjuxMF<%1P<)_++Pj`!}?E|g()1guBtSzab
z8qHKVIu<<}I8m7iLeSY|QNPc?DXlPe)L%2OF}4<_Ass^4-Fj<$OSuFa9X;U`w($0f
zZ|p9~>Xb!u1Cv`7YwhOV1eE(;rLk;eXEiiCmL9WH5MNF(=JlfA(wg^sCfZR!Cz+qO)O=D>yA>Vo&@ET
zVw68Ql(cQzp(J)hiO&G>veQdA!N+lzScp@tiWeKus4NU)?V%5s{|eLhjrJ!a2vE(8
zlY1t!u(rYc?>3;DGmu~s(?HOQpIh0h*_bL*Ft!Fq0nYOv8gnycraCTln=x
zT>qFRP2a{fz#HNGLM#HK#Xvw&{h_gZg@b))FQ%e+IHVZp#`!&!j(`M2{kth5j}pG}tK(38BzPddD?&ego+I#<%7-|vGRZUg4lyCl7S
zvGX0EVRi_6u_Nv9KfTzIhS4u}LF><|St36b9N
z352NE;Fr>s#vw&&6qW&$HSUL+BQFvE>IS?9Re1U(&|u)PmFXqWD~$VpcnMSsZLx&n
zrLDXTyx2igpoJYBZ;Io0%m*WbF$bMsOv(zb*}h`*ZEJ-1HAk8tY_0RnX(9G1aGG1Z
zxV27&qH*ZJg`5@+0ZDk{kbw+LpHo)gMFJ?zrbyVIQFuj9pA(7g>zE_;$926Ds;5lD
z01Yuc>=_&j+b;lQyuxedD)%6uVYWxh>hPoxF93RSqAcJ2F75>fceu2@J0G1}NQG$Q
z&PVAvVm>Mn;BbyXk?5xoKUK_Exy+jZ%8DrF++A)o9~}S|JRh}!*joT9vmX++5QTcQ
zh0=)Sr2Rt7!L^wZs24o<02*R?SSaDqhjDB*Am-ypm>KO65ov@q{avj8as6Y0v`8yg
z>GuE)F&Xjrt^iXnW)G`;8XWbSqkkrzXOy_zZt972+w(Sei6@UF5vF$dQL(h
z&uJ7fjq5oj0(nmV6e0c^FJbG|xG
ziY?|jm8D$INfgp^_R7PtJJ4;F(pY=WZjQ$Hpyt?f9=Z>E$rPUUoR0#}^_-^|_kZ`C
z!5KM1ybH?gF;eBjZo5AXC}S{4#B4*oL=cLK`IftIhKf<FI7NWy#IGJeMJlra@U9VpGu
zkg%_#(3f_;iNtn?*A&-rja5Rm(=#`~=`lUk!F)9Es(^eoO4flMp6UY1=93K^-FLt|
z{2nWySqfJVPfH!#d}sov25u^Zy*4
zCW8eHPpO}vV((LYut?!Qqp-qrsy=m)`s>Ib_1A8YI$<`JK(#<%rXyh^QzTCtIgPkA
zZHU*HxXx0t^awW!&=Awp=(GiIA*KRi<{@Ebw9`wZ5mw4r>|w&SrQ)GSxaR>4F&Xjr
zXA-u^17hw)!aQDqLL!l{nx~oK9Ih1=4_(<80Sz%3c*LJPDa7|9q&01&Nk4RAjOw7F>xfUeb>0Sz%dDeWJI^*puA7jFT4ScvtQa0=eqG~4~01{T3xh_2NI
z_=_R3Ann|O+yyAd+b9&rC8Bs6I(Quwa+4vtHg#0gjUK6cr%>b#n{qP4VsGTOA2NP|
zti|B^B5|IUEKe`t;<%AK{}s7?o_PANH0Ma(G?+;Qe?E%22MD(-MXS2yJPs)9H$<)Y
zgE1c?+zIF^g(F?^N_
zBy&EJkrWxB5F&2U1O@82xUKJml@p13zqb+G#kIeZtvktEHzW@+Yt&~#6evFgj`=MT
z=KAb76?pOVGiujBwn!r;3r69~_7~t}iWM&&&=B)Lkm57qg?&QSKCX64vBE+R^*|KycdTM(rKfjGy3q@1A
zAf}Vr_$u}Do^+#ue1_&PBCK*5nX?o<=0N;s6#fG!YpyoB
zh~T%c;$YzyG5;7WwR^+G9RO$;ZYQbfJ(k+---b)+xyPzY$AnOW2Vk7=EV4pWYzlaY
z^k-j2{2zRtQQUQ~dvPRpIOY{E;0rf}rycVrzysqU9NOsM+FLs2IFN)p=G*xh_P!m~
z>#TU`w|?ces98-_H!7M}h3;WR85PZIE+1jUZYWg~5cm}vJ#p*>XqaJSq{Xw?`3xc(
zUwWdte;p(Zs*9WlI%&kRp7LZgs_xVo!2PBe?(;5gB~JwhH{ty_d>Miqb1xEZ>+~&&
zNF(eu{W1RGdPMQk9{VDoAtvMI6*!6JH4_GUQ(=bODzE*LnjMVD)>Bm?mksm#Z$McH
z%1y;6hdGqq37V4F5oN+_dxW@)9u^~Ey(uWk!BJ0Xqxvyqi!@@<1#+Lqb(s>N`^xKp
zhL{KX=qx<&Sho6Wgg@y4-mBXJcvZ%Toymm
z+!!o6D!I3~Ch2}d#vv98P0mV9Lcj2}FM2N>91?7@TZnr=S$Cjp1pM9wJdMKN0d-@`
zQNOGgf(YE^r1}x!nLewc>{wfi{8oU}^%Shi
z3#?d!P8qN)GJ{!g3l_w)gePRh=;-@9RGV+1HY+M6bvtOVO|^se(AinCkmg*Q6QFQw
zV3@s;u!$3-Ri_9~1vCC;xL=V*EbecG(~fcdXMnVVuFWNYhL{Iz*a;6*o9Tn0(Q|k>
zukdx(*$*h&C}MZpL~l8{sS(|^?{*>10xRrstpQCv
z1@rP?92mT|9U|k9IRSu6O|eTm1`kX*g`Asgzub%dBw>sdo-{jH4*rvU-RLTqtv6B9
zW2JD^cd*nW`1&3yB=whygj2f1$^(eWjYQE}!6zCoum7vo}>%Q#b1!M}&;cNry{w+9e?2vHBy}=nSw%E85##
zTCrWJCylIE(LEj}+AM5)0h21gYN2TBy0obdt&%H(cf$-_0R60wR3Ecn{xb?kJGjye
zdV7sD16t^o^+MbWtSyRGkLoKN+Kp^NOsgxEHpD?dTPWPAuAE;1<&{0fi#cjRc(vz_
zMzi8-klQDzF=1aserdUpuMMB{K}h6agcx`d)bw)-)~l$rI3(PU>5w>sStXL39^J95
zLf)6XWoffrEiwTOF)jLUka(c~TJ}$0!KIY_6=54ipV|QR*k3vQJCH83${@08-??U5&m`Htd85KSGb97U
zqp%0-No)xQm)~xag~@bzzg2{{3=#ZlR#&`b1p7C$tbFd&BB0cB7VvO8=v>##@)7}?
zu!2dD_BHrc?j@yt;hL__Yhfk%|6746`R)o#=_e9yS&mmJ;A?hA!fl3P%zE*dNJ7uy
zcgpU<^`Bd%N>y9~%mOsT^fWCvuo~+iK+NSxm{}8a0Fg*oZ#-&>S8&~+c=UF8ya{NC
z$-rZDlbHydD;(`i(ubq&uL3bwWtDZwjh)IWJFs-*#&;dKiGao{+>tJB9S2v2;LuQO
z&cORWKz%)B(X=;T<>1N>*j#Vk85CjO{C0lKYOz2uDC*5+eqVU=X6Q%DvZNU8&96X=
z8;W-$bFMd+5%_R#E+OR2DLyB?c|%04Lc6g2sfT2*y?JXux%E>lKHQsMoiAIvxbM}&-%X>Yz3B<#)4!$vOwD^tj<}XmuAr3ya}LTX3*YTngQPY-FvXF
z5Ln9glIGcetcC0XhnrP)h*9nK-rs9c$K|5;njYQqFO9p?#Fe#x!jW|
zy*VLCZ{FuUP~-RVJ^`(H1_}2iI>lH1_+282`F*)tbd?$}aQW;5l+B|8{`jT^A^yn+hE9D%a)=uuI|uK#;fl<{bciVMJd5xC4zy!EK~X%XJ;
zsHk|mqoRE7)MABVQEXI{2sA3DL)umFUEfKTM30K?b}Q3SN&f#vMJ3-I6_tJ>VbEkD
zdV;Sx90}Jj#iheWMH1>Cf%zY<3zbS$+~%AQXo%@)RQzU+5KjPNZa~7!hEkwBk+3|d
zk%PF_RXp^l_z9pPCZqY(xuMwf2guG_idJO(w^i|Fd{|fHh-~(ta{7LQ>5bfniHht6
zH`xPRaujb}kxvxi?N+4X?N+3G?$lzjVo|IjB?2lkp&RzCZUSHPEhKCW+OZjCS`wNG
z1D(b-OYzgD{SnX*)01i6MH#OHVtV!{W@H7CNLY9GhARX3kB-u0deEr{Xo$(Mk!1LN
ze+tn7kXy-}G#%2g6LsTYl>{N~1ay5d>NS9Jkhe(qxG#r~5$BcR<17vzBh)J&JEcrZ
zqWZw(#^?#&uY${QhZ9AE*%TBm?m!!Hyfw8{mvR)(rJ*9(j{OEh#e49c?G>>e
zD&~Nghl*>!mP5s`Alt6XVZ#AqUzQUMJy3k-@s603r25j>2@Y8T`z
zQ208s+80ncBq69k@68j^-WFmcpypg8tOEt6d(f$lo&iR^O&lg6vfrwiVhyg@ifL6>
ziI)HkF%Kv)5f7|Hi#M?26c0<Mt+~ss3!u!cqO2~sh8z)nhf(SCLp)JqSApl+awUW!-w}&QKB&y`NVv$f
zeN}hXG-8=URaUd?`6dQ0sWz!G;^Gb+up%d+hRrVoma7K
z2GDs5S8siIDiW9cEn-bmtnw-l*J8CI>8#kx*wZY_{m>MzILaYv06ykkBy3g+`-Yj7
zgsg|#6`0vcj6;!*!a
zAu<3lyEr`75|2c}`VvvC3AnaVJhU&K4rqwUh{rD<;1g3o%w0%0bW5RQ4&74pnTvS@
z&6uOa6uPBsH*`xVB9S;ICE@fcTz_sWtLav^no1nF5#taGE$ACsL&6KPLYw)Do-lhi
zeoz54r!yp{Xo#RcqwsD(-Joq)2V12gu>AAohZ3ijt%aKD7tc)K06lAPXk~0*pQTQUDu0VE~7aqg=KR`1Tt{$g;bZ~#=
zFp^#zOId`M#BeEOveqkSUOhm4;h`pvpiN&
zKI4tDAM5yjU}8>0!siT72$5@$RDs*Yi5BZ>&@qf6jijB&puQT{qiv+6d%C)80@URY
zVy19?Ljh&i*A8*MgLvqx2xq#4*8pWh(K$?HR*W?WmHbwfqNy~^%cKvuz1M8|4FlAR
z2yWkqV>I4JlWZ-O=;&5=H$a&e#qvA_=X2T9g$5c`PplzkCv#h6`-BK=!8Xy*5Fc1pOt
zip*AZO04VUGu&QvsFVdJ=13&$v?$ib1tnD+w?`*Wi8PY-LrKJoaLrM==$5rEoI{A2
zqKWkbl-*wDSRwY{A*cwm-I_ZIC>Ne0AvELTb1J;wL`Cn$fWv;SKcZ>>0&Qh8X*umP
zQx7X*I-e`tXHv{E+-K5nIWeyf5w7e4s;s7xm-dRrInXR2?CrO%WS$Y=h9
z`h5!2U6qu^t`*(_)U99iPT4B!`zp6(^=R?6?kg<5N}_K!SJc`8U1uFJveOAu&f<&i
zc_xuE4gk<5C5JASX
zNJKCM@fUHIrNrwIB;}|omJ}a0f=Kb|4EYu(EWS?pdn^~?wx@L9zhyH#kF|2pzw7Cz5pm!gd4N&vJl&y0Ntr@
z^$7B%gDaacMv%V|`@0V4;$pbIkHaiMIwXXkLoA>o83~t-M20zQBKi44{B#zs6%|80
zg7gA3MD#p@{5BVdM$^MMBrY?NNLc&gO|cBu{SBmXv?G56&=8Z+2r?TyXaso1vybK
zCX;$*At4*kE~=s*(PjaW@bv%;1mIzgM8ay)`y!`ZP#hT3US#!Nh2zd}4Ji$DyLgPC
z%!1rL9=Kh25yg8A4?^MVcCjB&)>!TG#0&aS82kY}R9~7^w~JpKTp27!yEueW;ma^l
zSPZu^psppjU7Q&L?*gc3jfBfaBEzbHNY->S#ZX-9D~7sVi~}@8^wcf}cFmS`I+piRPH%}^e+*~=mZRNFcOx|0lDKF
zOyS>c)S{S+$RZXO7r-OpIvf8PM3K=Gi3sK)vbPR*iD1j6Yf)C!{{+6
zFv5T8
zj*=@#M8Xf(@l6LZ%(f0gdVis7EQ_dqY;THQxc0+;24RbY7eO})cjjG4*gQlhvIu1r
zLP!g6U5x(>LJ|p!q1j5@nLCg$y4L&2Fuk8lj%LFW=|o6<57%S(&miKACnjL!>Eya$j&lqzQ+P!T$ql4nV>h
zQgG5W#8u;0gTC4?Rn4#|!ijcBJl-FV{ol9>B?0xoe@5YJfQFc1L8sr0Ogyc^|L;au
z!oJ3U(u&9lG+yUS{w^nB?{UNdfoh&Z(yrSOEN?zi^H0(XwTx)z$7TD`_?yVG;J!o0
zuzRJh>=7xhCe;CTIfR%g9MLgij==#x4E#2_$YfY@iz2P*l8yi=&q_Q?j4H%O&Qh>{
zYKhT6KEvg_wjbxyBXhZ;*JdsNl+8ST9Mj?>z4sso&=iFW&&Gc^64Al!%($IcZpjLs
zigWq7jY#j_2It=Z%cp43t`%*GFO{6us2Zu`1Q8wdR_vcnlUpq0Zf=e9Z-Di69ci9q
zm$tD(J6h6;gqE;$J3!6eNVq9bkkoAoB9Tb`y^j5FxZbZAYJa}~&=Av;7dy8Z2UP)L
zu0z7i8jX!$M(7jznPNY#;}tXQ&JF__VtQisVoNwOK+H=>m>Cr~Ofy2?gcnw2jw5)c
zn00cCS`p9?(-X52JMlsg5c6gv%#1>wVay2KLPyHR^<1j7o1P<&0W`$)#4I0C!|8yS
zOOP-#iW-J7BlL&UO|co*{fe0`=5|0sOi#>4z9hsufS8AnFtd|jCK3tjhtGt#jO!A`
z0~O4FM&TcThL{XIg5wV0{r^`8K`6X?T)fVJa-*b%Mk^uN(tKvZbO!Ji!5mT2#^Kl}
zXnBLp&cRh^x1&M$?M>1STJ@>n>}VuR@As$>D*!#DaLc-)*E+a_qs2w;^uP4opfa)(u?N
zSp=o+e{$~{x_T^dCj$CKiZp}9ol^|=$a(|<0j;laH@JKcI=C_hhmRrYObc&~sQ43W
z$l&;Vq;(Vk$x*zqkT*gE^TF;15Sofz9hcqj4m)>?-M7!++y1Yy)ws4)6Gh-Zqp%^M
zTqGHaQERTMzUucQd_kTfI175-3am6mi}|0T%?_t!r4mlBML-N-b3PJosl+#|*%Qq~
z{IdLdT%V{VwL$z;aeM*L5YhA2orF>~sfe=CE^jHT`+7
z5Pbk`sc>}%n&RNfm8kAOJFt4A4iw)WHF7CQs@%nGfd@hNzqLUB_vM<((^sVBA}KNo
zF`3q2lcUs}=c<_<&OF5O@H**7l8e_#*ZA5g6a_4bnI&xUq5spvawM)UkT_ZRW6Ww=
ze2m#x&d5nXqG5=2xNgIL29ak>r(_`#oY^%A;a=P|Q@S;Cb^94mZh5kW(3yENM2Vlv
zkL3n~-Ok-W8Uw?`D^l$vDgYWripJF!4Y4_(e^i$>r5j>L2Y0a35DV_ZH@|>Bp>VZJ
zob2GrhKTLQ3D?o!<^yc5K*A=WyfBwYG`;Re{F`VMN9_{d1~f$U(k14iJs-xCc?^lm
zO(YW9!QQ6$3)dg2$s*|DMtut=Oa_;j@csx)hyXEbB4Hl1kPOp^(3iYsiq5$9R?M_U
zy#Ngnz0_zajGTifa~6_zqqiYsGfas4jn6A7=2SZfhah+CBFx5cZBk6ZSBleym?`P|
zcoe>W27>t^61P!_EF#+52>t-qZ}Fc&NchQ6^tbP;N)vQ*8%z4x|3iN}QBHY$)!)7@
zS6}u&^tY(m_{<7S%mGMP3kua~t7Vad1G)G`99$>kKZCGE!qc@-|F|=kB5~i2
zY#g8=rl)~--C%4TNs!er2?FTPC_Dz7(v!zb5Oy`I*0mATh`z{;4t2rsRLyEsbqE2D
z%Le8tzm
zMGp1=vUMK6Q=$m;*j58j_Iz7WHd-2v8!=PZKl{?8ZSk%*m;&PVK>MqdlvcxZr2XL#
z?`6Ym$c_FQZo)p{t0zUT$qgJQz&E~9JsMLfPv$0#nJ`V*r+h(Kw+C_qEheC7r+wwE
zchu0_h5+CCLJzcOYv(1Qb)5B;e4{))9?5O7At?2rwLSeMjS==aUn!ZtJGaHVD*pwU
zEt0rM-}&N)qV-by0=&;7nEXZ04McyBQddU8UF&+}0*{JUdJTF6@;4T1-kE@gn4X+c
z-abr-h}k%Y87-f}`U;`n1kf^EmlR|62%sURCuVhEil+fFUqr&15i^mU+NQTRA;qPZCy_BCw>E$J&h
z5j4>5UPsn;TN2<_5&VE#ZnU!9;mzL`jH>n?AA10^pi7|TKs39(zEW3uLGyyHh*!dQ
zTq6$AKdNF-gAXeP@%-~~Q`ANNA|W9Ttw8
z@FoP`1&El9gzZOyMIvEk_QUHQT(?-VgnCeY7SIrpQMjv5_5ci4XG-j#=RHW6O#uE&
zq!D8Ci->>YYAfqkbyfKp&=8YB?O+D1A9KMFw16N{tInxY2sbCrNzu7J9LhL|4q>vNf^;b5>e
zfM#chU;cQi212}24Zp~N>j1?@SHo05LrexXEtmAhZZluZBLGhD$|ALO9r$HHxh9T6
zPmFE3f#i}X#=|}y?7Ri5a(yi}Dysd;5eMS7ptY~`Rq-MGfWaoWmB6ea@NEvDkNVZLx0Q^wVFa)ve2Yog%<5xue>4ea!cp5H)95whb7H9ShpI=gB
z2jX#5uRYUw9^E2V6?~8qnuMWyj<4i$7BCo}?&LwiiN4a!pvokrpq@B(a1^A5MBbof
zHqh_%*`tt=rOHGOoiQZH2
za$cbEa4_sIYZ#t0Fa|3h`wm};PHdhm(Q+RIWciHVV6{*bt-cMB0`Qib3y|fjB?n)$
zDK0^luNjqq+EjF>yCE^l*GV=qOz-Nw1Cc#_F%+?*>75w(H}2?@&7ELxeu#v-GJUcc
z)|E+i6^sLyaBZggV0E|X*8vSNJ?d;=1@u8;7=0NG%OY_ZibTR}ThbKG0FEujCj-zB
zlTqC-hcO!Ze8T{2_K)nuT~)6%3Qqyb{YhFIK9kGd(AP+o9X^xWY9n8xGi(fepUu<6
z#m@7Ho$t--h%c>M>o>6?9i+3hyvwK@VQHRM*ZA$tm*&qL8$
z4u*blKA-0o{8rVUQom`ge&YeXfqrqmdXf5-^VN&gFWy&IR+gh*d0#_UzZ}x9*?!nJ
z$rt*xJXPT)=+g50zJ@pzL#hHnQ=S0JQ&G)J
zDMQG9ekO|hIe)p%w)@rrY=BYFJjp2MqPTZ^3LeXA6(sfQeF$C`qWsk7Jq4@tTD2i4
zo7(clNu>+PfN1Ve`->=F2Pjzccd75MZlhXsW3|7~Y6p%if~aFrYOMnI#O3%Zs)U>o
zqjk4zf=c=z%C`Z`{8y!j3a({JUX8HKs@c*qA2=fNXG_a`5YbcQNC12>v%;9-|rUljz}Hgbh&ok
zaddD>wNI9cLO(4FVYk94-&~NcxFi{Fbz5GeUn2_TRCl4n(5dc1r%)JrxT~yjY8Nr^
zMz5fhYopYv@3Fi<=Wa0d(@}9tno+GnsgEB7V1om|G?5MSoCDa9*CPG0RPAF`R%$KJ
zJFR7PUZAivIJ^*5I=(rvq$bgF1`4(!%GVo3ICQb7rS6F=m}99GPQe^YJsf7K+rV&Q
zlbFoWtr=gWo}^e4%oS26pu1k;?E6~X#_wcr^TXh
zT-wG?Y4b71A*F{mLs^JHC07=!k6Wy{T&#W$#dmW9H4{;aK@J7%
z`aJd65e~+=xr5q3QU-Jn{EmQt-99QtcHJYnqE!xgm^&wr5_YesGEO)Gg>8AL5Bx=x
zZw|;RC_@Y)e>x*7rPcZrFlw^%SrDC01gmnu`N$;;vh}&hanrBUfjqU=wb6(#X5Kd9-M!W3Z
zF2b(W5eOs}=fhcCz+~#U*Ej>@jwhu?bumSyKcleo^{~RynlhTBGRM7%a`ehq!|icz
zeF=acTDlTdeB9gd8MHr7!NR;(jQe+Dhd(%#@MPJTR^u;lc{Gf6!W$>&G#m0nfBM-1
zLgG0t_TH1|mbapOd%eDSxDS3Km22!OcLGp%@I_4oKBOV@9j}_UvhDYIRht+VsJa`i
zbiY?EaEG>dOfg)~8bK#k{IEBU6gLadT&C8B_#Iv!y@?qiI-4{H&)(C)tZ2YRm5n?yN#Ef6TPu%S-LOw_;`GsfSCJ~VZquB^LD9ydHWXdVid4{k{ah55YE?o411)^XxFmEjN1IEjosDkBu0
z5rjU+RYrVxMjK>YRT-7TGjfm-1EooLQdmZ-HOL@fJ+E?bn45@}y-_c_JiZQ~@O}gg
z{LPdX6#liy!ecVeaf4l+>M~4lDObh~UiTzQz^F**qF8=%}Iy(4*uRzZMLp0FUm
z6h##o1PFSnR9dKl09j}=G6+z{6G!iNRS=-<`R)*2(i2nuAAD1APzrZ8Ss8^j0d<9=
zZ;7^hZUw&KiRp}-kiyqdgVo{qyky}eyWwd%8S^n6H84Fzq6Vg?NYudV(NTkGkCM{0VP0xXuR>{%OxzIjtHj0Q8d}Y=ufi^@VJ+Jgnm^XdWm7Z@CZLjnM
z|3juP5!)p{J0SJf1H@oJxfziDI#h7TtW6AbsNk@vh6EKVIAWGaXA_~}>?aBPOk)9f
z{qt_oI{YM3f)gv)XV!>}73?z`QyFxuV4vARHZ4pGIaaXWjG>JTJelot4tF>Z7rw}4+`0L|7&Tz(>v5L;o;
z8;a`(#n_AkG{j`o<5!R^HkiI;fNtFgac+PB8mTlpL
z3O1Szr7fJL`17U?6(EqILIqn*9V$qKU!VbVn{3P~RM2)PDY(@1)q^T6_euqItYFoR
z6c<;;bHfn@u8v1$|}j*1>{)4gkS|MCd|hxx+CFf(6;69|sGDn11T{94yEu
zCrEvTL{OyB3=
zwrH1>p~D5uaqf3`LsH>_3`d3&F32$JM}`a9nnl6|?HnysxS+kM!v$^2krK^K-vEf)
zy;CZo;{{72m2g(U%^fA2Rd5SgE{YelT~DSfW%^zK?NhHxj+NyF1NDfgh+;WaUdrL<
zRCy_@ZsmB95mG-XX<_`<T^Y@v21_P2w%468}72b?YpE&uHh?Tn<7#1((CpnfVv(7nzZPm
zP{P;k^9(id!D!d^IpR0f@bv@bj_0Lrdf`5+2)|bOP@0N2J)Fl`n%s;vjK_h!WTWJv
zSMHt?VLIuR`&grr97~*)`&grn1UM`Au|~Vdm3tX*D&fgC!&mO(jUp>|LgJPC2;n8s
z@iB1x4?QQf!iG_0^;O7{A%xyWnv{zJYB}oM+sKrF4S6y;&_^~yK7LA0HTxN{gn}7$
ziz|wCAH|x79iya-v-E(4my(5B8@^qTIB0{^Lx&FH@p2-(#$@QAjiIKp96HEw+L8(#
zv^Ct&!Fk1Sy^=0N2VD#uI+!+$5#PbSt(yn4QCXQFJlLdWaYTAgGNS5MC_oc
z^fDAXnAVy2rx?D~;M7*}*TI7WMfkTEqfpv~*()`yHBGEZ{Lc7(0Aav`hB;(PN@v&sd
zI9p7tM4foGZ$9wur`0w7)VIFyY*)gmDR7X{4zf$9$gFVFRMy52`U(r0)ug
z8q^2;YXyH>!&_woPPp%Cn3#AkE&lHEmG$G3ipQl+`(0Dr4XE3)Xu@5G*YkI&)%&H~
zI=l^FlDnF(!@B?`yNmfcyqKTjuH|JJ7O65km?z74uj8}xuy3368SZ-;l7mVg#P#_P
zHj30|LtahZD>l5E+^e-FPs$%&SI%WtAa#pAr-Mk-ULM*%(tS
zER^M6>dLzlP`CW>g>`1a(b@y6$u(7$ls1rGw9t){MlNKC6-am?L945tyyu}$;xD)tiKIhc%zIzObQZ6wQ}oBPgz$)S9P?WCwnO0Sz%d);y^xaHFl2%nmNjqrj=dw(7)7
z11yefvaLFGlnydm{At7@jA^$j`P-vXmlb-3
zi{7Uu04wcthJxT#0+
z7V=evqjx601e`iIBfje$n9wtczEi`uL#^xLyFX;iQ0T4QvYY^vyY2#5o^TVs1Fs(e
zHGf6I<)JK*NSI$D01#i=6x|gcZ06-Zqp&KVAtnQl;Sbfs*Diqc_~lt}9b=S>O~r<#
z-{nKy03NWJeFEjAla3;_E(j_qrsS9D&nV0V3w%a38T*EeDnvyJ{%u?@gUoF)mnuPZ
zMFR-`8HHOxlky|FDsa^`Tl{0p&oqUxx$5D)C>%1cR+P4lbLlP7hyIT(=GZhe0Web1z&>MF)IT{LD!%LF-av*OriNI<}EYuycqxH2hoNw
z2*-%EQ56#BN%P)$rYHn-QzXvkz!qh%Jb_(n>q-)pm|Po7N3X-sZen!F!73y#>&i=loZZm0oH$z6=#}f-#${I53>L?^~d5E^`9hr&>pV_d*$hi==HY
z;H#XzX}1y&n?SpaQb&M0qH=XS82_rjvhAh-_)Kh1(1@~?@YX)&*$|=Ij~FB{m|FEI
zz_wazHk)EH;0QDc^Cze1B6Y(AWN)`_DJ=vXsd(JYW;NO~^-e2!D|V)V-7Co6MJU(E
z9PRJGuKt)etzExi8z^!=2J9H+5`U32>Urc2Y}}EGAW;ukx6H#w!pKA*RnQVbGDN&+Njpdq@6L4vt6-bpihiR{h!dZ5%+~
zc5)an=ncrK|x}&;_rqHQ+{0t1uGlYVfY=dANzuU(8*z=va1(eJ#|{FNdq%tIm(t;9?jhRxA2
zoek>%-iQ(SV_=>sjxAE!!*j;;G_1c*VSheq=r17AHdD!##WpQ-Cz$m&tgDy-(sy&l
zM6_QPB+cCPiAFHRFvCju3m-e&2;qhC;4t2>K3ap}&P8B-xel6^N7sqTGprxqG{jOD
zf$u2!e|%kcfE2a&pG)O^EhRtX6V`Yq+33XjU7tktQ_H?24A$yk%oAW?FmR2`YDEeqo2rh-F{BZ%q
zH-l9PbA@Vv%ZNIX;zVNW>BmZ4H4Mfr7s|#GwHm-0;?ON95w&flR>#GYuu7e7GHt;A6cKzc=}1E*liRxoyYEb9Trb_%tpEU=@9
zKj~q*L)F52h00M8gzEtRGz7L-6ON$FQb9M3I9QjHuJVnYZ9P(A-Ee2pDN~GRwUReZUM%3%mKtU2UAC%>
zVMSa9<8Q;_nxMuQopy0sz1sr{b1Bp!4!2vNO4XUEYpbM-&{Y9oT|;=OWUQJ8Y}FC7
z3DF*mzJ^659i3PcTRoT;tS7;kZCH7I*2o5^^0~Ika~6Uxg0aP8>ETV@t_H#)Tdl>A
zd>6?b0^u`{B)DodX|Jtre&>>|gYc&zaf{ca!?r5%2A1Jz3$Wu^$SVQ9Xf^4StyW@k
z%%uB3sAouIxur=3rCNthgh`!1=xaz+RFeUpK}VvPLpczP8Z(|
zY@d&xqs+{aY7^!LY~N{MU;Fq}vTu=8=c~B*EnqTi?7yGJht*Qi=+2i&DzJNed?QU#
z)=AY3b4A8$0IM5?_l5qKrEE}4W9VfLf~&ob@nux>nOxOO_-Tr=+RfR4ocM?
zQ!lXsj14g?EAczbjuMU{8|y&W3-EwPu;g)?!JL=s<4&##=YU-zoU17DXFQfq_ybk6
z0@d?3;*}F^f|Xbp{_})?q}pB-%2NT};}I-bwg-e&Ks9|8`}<&k5jB9-C7hLKT*ag!
z;n6DnXxx(TFT$U^0rdmi1;i2k@bkDw)`Mxr4U%}Id?#O`SU?3A+e{Qo!G4J(Oc7a?
zyAHP!ss~h||KUwaKw>X`4ikq=&{~<(GN9(ZrxO$xfnO(%uSZtGO|tY?3SA2v~Dpp7BWmm9LbW{l35k`|_R8
z%_qzWs7+Wkz+J`Dz~+1MZuiBcMFB-yeluw^2yYmY?!K6`I-nXp;F6AmaK?~y_r;`F
z0?PToCH)S9Oz_G?_e^KrMV|Ht)Mr_4AD0S3aYNEwDw94BsPS+juuXM9Xd6S)V-*jB
zlIa%$>e*yB;h~^TG;}kxS(TSwWTgfNSDj5RMs=8Q5HAIH+F8
z?IwH$tX~b2bDX$_YO#J$-HR7Wgp&hZ9}eA2bh*7ivz<0UbqqIIoZBoAsu_|l5+?Ns
zszLCSFzF!>x)_ok8<;dEsM0#Qq|qSEHY6S(*?e7YOrH@{-(<
z?iBU`5IPtV4?9shncg%`4O`_7c_Tob8cUB-+&fO~nB~^*O0c#VChOFN&N|1(sZ|?X
zI}d?%@!!no#>g@Y@FGV;w@`0`pF1(86rxI&>FeTD>I&DG(xBG(H{FuV+#9F9#=SGQ
zfVN-_h-GFkk5A&%&3h~(x`_dIQ-RvDGtHHADs^#+YtL>Fj~Fpd
zfPO5^OjqhgS+{;JgLT6&DFK&MNvUe+3V9+D!T5U@4t)Wz70gULRuk3TP^k?UaG8_`
z<6e(t$&oL>sIE#4!N|f{Zw0Kkhx?`Pc4l<5;eUHKn$U)oJ)j#6bXc(dRx
z2z`17!Ke!4#MUd-w5FTbHSlFFFNdbU^o^v>$~#I8YUh@3DyUWNK#!_QPU5&yGcYEy
zSuMfuWn@etMrZ%BQa$ImxtIXz;yci@=i-)9eGa)Y+rafgL>-@
z^z6B45>gLh8q2xJhhDQBj%-aq-!1Z;q%N(8Luw*ibu7~a{GNA^;jGY)*H}X8U>7%?
zC&6EI2O0lvSf?`}q>4T5rt=#3NA4iQy$=1j=}ZYFFNv8DZ`_05JvCPM**&h$7sx@>@8iL;K4kCU%W`0G(>xq#1v7v5_V?du_
zM0}z=k_O_pA+`QdcM|s^Si6YHlN`RAH%3{BHQ^&lxB)u+ec~8sUm2xTFP1EaIZndg
zA=M6jJ}2`l2!DC{ESW*Rxlp`%{&id9$r!8);&A6WzfT5UFkaQ$r5#4160mAM{sJ}{
zN+=nx7NC)_T@L~4=i&a{K3~oli->+-yt@2}o4v`P&Np;361vRx@oGt1cS61ytUZPq
zRb;HQU%bjW+hu+M*0+X9gSngf8cO|%c(ro0o4O4@aV{LXaHCRZ=Aw9Yu(Hc61y*gt
zG^s}`ekoqf-Q=3^D5(AaO}8W~-Wji^eda2j0@ebJ^Fiq-i$uhl3SoMYTk`-?Ub^pKV
zmSkq$+h^8C&rkwCRCi^_J~2Tb_0%3WTQk90YM4>Ro~VvC`*v7e@j8SZU>z{bsFG#o
zg|J$`-_>~ztX~Z?yRl6FF|5|5yY!p|;QGMvuV%nZ+fkEVa;xkv_YZY`LUKj(T2bf27z7!uy6~
z)VTvJ>s;!neQ&rr&x2~EcsYutbNg}|84GT9)TeluM1D_^0-+*CkV?)q=76JaKIf9|
z2ceB2`P!rC=N;8=fNT38P^bR~UE5JAbqCBnsutdc+Z)VXID%Dv!0T|oAP;;4%l$w9
zoGAjMO3{2D64MUi%Zp%N^(4p!Ey2~!KU$(h4^+|5@vr`hS9ox1c{dK;UG`3Ce33zE
z>`FmZ{T#n$0y=)MTX+(8N`oa*DIW<+#2;9R{jNYC?}^+Y5i6DQK!Mo5NX7TMlPC
z138@QJkQ~LXFG=roew!&DDCXb#snvp9UwS<2yB=M@fL
za*lDh&iRqU^-khV(zDSi#^ENX8HYdSErYTM6#6x9!iN<8mbV|r|DJa$hkxWf#o?cM
zmvZ=5-nTgXJMT?|t-E%6%qrYl263rBg8V-~o^v{Jk%weyAa#Dnw%>%%iHkIsuXnMm
z;h>Hogic(fiTo4un68LeKnR_<$OH0a$n-(PD}>OAi`0;Hkxnt>eqzOiPgFXR{j)vRc^yg0M(j}+jT}X97wC>oc{xbk@l?fB!{z|xqs3BInFu`=Q{g2
zoabEP@HxlEL!dy~eCKWs7dTZpTb&K>Y
zb1HDS+-c6?N~afxtDWf_u5s3L_=2;a!?n&;4%a(L=q&m2TI!vB!`>rN34cRIB=d;=a4JP1$Q?r^P*v8M*yvcvNA_8b^QZPB}{KK-@4y*frroMd#B7=g*5Z`GIyzS&o3%
zPt=0+Oc;Rf#@a0iN^hO`1-j=$5c>>=U5{L|
zjF)POXZ7h1MIMF6_&Y$?J=iLBYmjB7KO8CjFh;dBEOElYf>yniQ=zh5Li$-u-jGNd
zkYa>3CUc8$f?ZU7%%VkgMAspRQgoqiDiPO?Xp87>9wb`$cu#c%9h`Uq*d&8Lhm5)M
zebtysQ2jq(s}24z$(N)jKItRWZ)td^6cOT0;0Fwc)6ksJ>hVmhUM0?1;8zTX^%Tj4
z#{}sURVT9ZA7Ejm&RNh;mWt5*RQhDqGZ*kez%o5tkVl_t>GXtqKm<>^bu7MNN^+O3ou*MdEph&C0
zBzW}hu|?{=P|`T_J+zgT0MmY&4xJhIMGD=659`vp?2Kxq`+}16a}&J6SiLm4=Ifno
zjQE;K)!=>K2cgS2e!yW52WZtxkYLumt8Ygr;LZx8Gw`Ge}mFy
zrP+!nccO$S|CpJ0`LBci+{=G8oY#Ac%A#h{rmDyx6kNvf1En(|+KQeqmCztGp^tM>
zwt|#!{^^AB4_Z>AR8+|A6p9LEfWJtrUxH$OFFs+BcpwXBxxxwQyG}}&cQhP64#osQ
ze=|M`2Rpqdt$~PnjM7;`R!k6YKLYGnIC%V~Z9R?n`5vZQqAUDyI9Q~av^D_T?h(W)
z(y&+1HIea2IQ&BcX}uo{TA@aWm?#vAPTbu%oYoQTUflg;BnM`V?s}lRCq@GJSFIe{
z13r&K70*L*T1%`#A#T+eZdNuf55;M}57gXVG29N>xICbzot%QYbDD-{03AnvoTepP
zwZR2H84>nNlqu}(gY(6rZy{`f*1Qri(Uk^HfaJUp{s@1|QO2xy1jRYKax6p%?<4W8
z5Z47`g;pS9qBw&mej>GfIPF{X)FQQW_y&o8iXXJ*-lGZZ9*)CgupCc}t+aXYjEdCW
z;S`D^GTt#3o4-fzR6Ze{b}17@(?uk)IQ)X-C@)%4s6l@S>p{@PQA++(%0hvx2e8#a
zhDf6cXNbUNJ%?IF%L?`OIQ{5sJP8n23p5)r+$vfDizbi~U3tr5;dr_^DOydaL_C?H
zo0E45|B}S{huWeQPmd>yVjaw{^U?GXbJ`U8sUqK5VMPU@p
zLVZ!$=JK0Kq)Sj~69)b8s)K=rp0Ol)y$`r0nz8kD2>eOU2{l`w?Wu4I&{sP6a
zoT(g^bLMea-dWCJMQ3afvx;Jsoar1^cIIARR&|PVSk0-(VRfe#hc%sF
zIK1CE#bIsdDy$C_tK=!4gG=LrczQ)StHiHA8$G9CmyN^{Am|RppxC^+oh>
z57PH!y{Y%gIWJeu^0OZ4re1;)4EK1wI3icacc=
z4hdGd2dh@{ekRnS`)sS0VUw&*F@7T!Kji&GsCVDQHIL{=iL?tAS@CmU1Z3N4T`rpq
z9bupXG-b*AtVp1avH-2r%=?^3pquytizWftEVzb)=2pFGKe%TSGs`+lN@3umg>spd
zQ;08;o1qnDR?W4IZ0B{WnU(T$cauEieIV6x9|aOBm4%Bxvu0A@FdhgXA_6^jIy_B+
z&IEDvlDf<)T5k~+sFPH8H#lX$spv^qC27G(<^$@*q4ebjNIwXuHNnNnbybp9`eZgy
z$GYld!~j6U3_MBDN}kN->PM6qCq5I{JcGw|u5VGXSRtzZ#;=aYBL5X{W6|`J4WPSu
zT0Md`fWA;X-5=hWB`JAM=$M_vZK;O}^~zCic*11F?KoYjb9?@ieqIC%ok
zELoEN3I3tKR@-ggxXVtgr^F<*Nxh^w&^>en^3@Vr<5H;B61^0RJKI}Wg#$gqGt1zP
zsqxp3D?KU$WAr?`sf?o{M`#1!q_V3U2Q>_&)aPQ+6r-sT`d`+_a@fZhYqgFQ(1
z+*r-jM$b;b^@4(e(sPeEBV56(sEAl
zpHTDf(a4>$BI&JqFta3P_?2L->W%WzrDmj25c?Gqx4P
znx7%S#~98@GC*^t2=xY<6LIDPUtu_}z)~xfZc3eXLj8nA;oE?{ZE%vXQcsS6*$;`x
zD!d?m3D|EqxPbE4bqnanI+*vd=@cdCua&wf52~q($ki5|XC5S!frG_-Hl2wp%>Ef~
zdQ&2QUzAo8FdvO(b1h^Oi%O)v$Tjj+X^n!&(^{;&<+Dk@HVHQ&UahwAYL)6S{l{~l
zP_6EUxT#ex<+Qhs;%X~XK70YtIQmnje34f0^NOz!VLMbpR*2*liyl3NRin}6A!ZcmxQle8lU?nmZ9!KwOsZ|g
zK@f9*F7y~yr$hBYN$*P<%VvmTF9TVD&sc~eyV8{
zY^~JbURACVz@mt+>|x?b5JWHwEPhoW+&`uLU?dwNhO6|5>fex*c1Bb`Bj}Kf%lJ%f
zC`^orKxZ085-~=yT^CgU{Ls1z*balgJsnYg`mU8%l+^&bJ_PNAp|XKm)iu?xAFBB(
zu)hsX#^_vV(hb$4I7mqqEh`NN7lR;sqDjB2_2ogT3_=4#Vxu^@cKgPod`k&cqySi=
zBPe}5n(p{kamN;}Aymt!g_V!gi^-tO_Gp3&$)(j6DxBM+Z3Jb9p>av^isNu|p?1IJ
zvW|i9l_8O3mZazR;dVkj3NInmk@yvazlfAd#m&>G@ai((V1N=Kisv=T;ch~G`4Cm!j!-0)9$}~Ps
zsJpk|?KVV<`S@8(xHgX#EQi-t+C7#MqXo<1sY11S5g!I3@;mr>pUB*7dBJk{rK;ci
z>Kxei~JCh|4>{6b{b%nOpk&*P3cMJFh7R7N+5Lo3txDwHlPWBD?`DiW^cX~A-M
zqfj*qyE$(Ltc{P;g5~fwq0WqV@j<|b`#3FF4(}G~A9O;je-^O$K28gk!v}<#-CyTX
zYzDT?$7w-s_#>gtzpC8^;wZ3B4bHRR@C#)}jiZvI$!hphp^jsT1aZV)^i#!Th9>ag
zlR~vdKgW1MU}*-=82>Ef`{XO015GwW@w~)0d_|}qJK$XzYRL~GwjD`OU5GN=xZ*Iw
z5BJVriNy%iVtCVGK(Z?~8L_jCSVa<}HN4?`w#xYmCPAcn9q`u-hgCDDu&r9d5mS{o
z9|Au?9I73iJg>|Pr%CnL9Lw7IG&1}X2!9(zwJ5O+x(f;SEjeT$@DPDothiJ+PGZAA
z5-WZ$T>Ut7)*6slBCYxhSC=Y3mcoig0NWUXzVMjvh*YodbT6YpAdEL8ZtQG?!+A#oPyM-Oyitf=mTm-IwiFuEBQb#r=Yc^FHo
zKWT;X90_o|N3b#)z||J+cUQh)faFjt9S=VqP?s=D5l6g;pN&N3%dRo?@v>iIkj4en
z_jNQT4uNpYka(3*7z?a(pK*)e3b0=Z_Zz1stq-V1xOw2Luo)5Ih!UjFL^%i2Yw
zYc9+gQgK8V!Nf}v7l^bQV>^NhAAnQ~gcdl0Gq9cR#WFOrq)VR5kp5c1T($7JEG~L>
zDpRM?=ukH_FH|r;c&8ZyZgfz?HJ87S7mp*8gj1y@3#9Tlo5CbEQW{|~y=uEsVnFACMvM(W~2@IJv|
zKLul~2N=92R2|Ccw}}7Q!^A8iq>z&+@{&l|O&wf_P%ZP9P=z`m>aH5Ni^ReD1f98p
zL~`UuuGs2LY9S>7Rx<={4pgfyE1y(r@c==z
z1fzptv6>X}(?wQ_8qB325$&>C3{=j3(6E+^F!=(>p{
zw&G_eu{TlTJbR4bb-LbzU2UHL`+{)33N(&Sp8Va(mA?V(cO#!dv&+Z}B5MLB2zq)M
zX)4v@a77YH6t0Em9XPbM6nY;nvPM*z;nqNkSN;UO0*Y?f8w)r^CFC(L+`h1y-9|iWQkJJ1z
z@|0BlE4%uy0sF{iub&ueVK$HPi(Z^}Z7~B6MS7xP^h5mPgi+qPH?cHfmsB+{1rajFjuY&Qq$I>snMZU({lt1gfN_-6L1mU_0Xo?)UD%I|F?iBeaU^fk3gkFeCtP{-l
z1XM>bmB@!9%EA6jM%
zjEDFnG7LZCNQ4Y@%i-8*h+rzV1uemT4&d@w0!?)zwF7EIep{#eI`DUi;}<4#TH}qi
zgW4qV74S>3dib@sNT+~${Y6)ig`2iG9BzxG*WMz11FHK>c$*%!OC(+Gq7ht`7d0J{7c{ZS)c^A*)9prxku&KU0<8uRQ7{(u7
z?7kA%S|gvhhSFadP-E~MP`ris_dQv+tuSFrKrQ?h%1;CQ)(~Fj&Whe;i5v*1vU`xb
z+W-Ugyxf
zl)8=P+Y0gBJWS6T^kppCfmJI`jb4QfXhwqZR1C{XJk
zR7tl)a1$!|=;yyc0JDOB8am7JdL($Duh?lrCpya71U9QwDg=
z7>;0K>IJmINFJrG!=lz8bT=fPSMkJHlL{%7x)%H2fG|Clq-Rqlv43mg2BCIUl$QN6
z7`t)Ya~MTHe|XXuWunL%LE|hkau0+Csu82$Cp{0^RZoWgM9VN;wyrI$$oZhX_PXQ=
zww)7q9vL|J;nN|sW?cwWrh@+RkG_?`#iQ?FXx40nMq_ea^`}d?Ch%DN2vpR~^*Q2&
z_gH+?IhfQF@%?ewAC)3&`HA_n>Pi7X6A(SagT$AFdymC4YDnuGB7}Gmge|co@3Ht@
zq~skB^B#*=M@0In?*P%`<0_5eF!vrG)3Y@5_;^MxBmr(hBba=N(kg^A|M4;D2@!bb
z$H%$1Yw?yb;)4GE$K&H?KeVkU4V#kIDVoQ}yKdMP*|3;MSE)G6nWx+gY;lpY6FDGp47YN|##1M;UI-67qR+SM7qzl4+?kw)2QAmcw?JX5C
z`A8&6M%;~OCl)`Crev(Nlh^3xwPi$LGMo0(qj-rX(k{nUNG9i5fs6Bz@J~3ml50%B
zrTi%W2_>%`iHoHJ|4A%GGLcSp0qpNP6V!P)?Aw&6M!MT`7fEX^Vqf(T5nr0%`?o`|
zpFQn{wDto!X5gFz54d~?@G$#kBUF)rk_p0kcSI!dJ?_Kto4Oow46j2XHV&nqjdPc1qEu?O(|u>LqJ7JL>wPW<28hnI=P$ol;~7pHLq7gxV0FeC3^#
zL_yajMNz(}Z%{row-|sPBAYL2>{oi)F^wP|{(N6lk#ia|z9`O~@kL!&Dy>Bj`5a~1z8EnAO_TW_(d|Z)1OJKq3WLVZyb%=Zks@6Ex0yRbaJz
z-19~Ce8A1yBfz@&xaW&1fQG>OM+2MSq8e`3~Z&3d%mcS<0N+kVi&NzKJNLV
zc3i*??6{7_m%z>$-1wq?!JJk6hIoOSCf(+V?)#!X{v3pS0E@*Cgl=D+FG}SCs|FZ#
zJ(ll_DtW;*u_LhVgzF;od{Ogi=@CJU1NM}`Jzo^3Y7X
zriUam#bMAt&nDveq7L{X@I_62NitL120i{E*Fc?0qUVcBZH=+B5Wvh>g6E66`y*SY
zTNijU;`pX|zNoLhaTDqdd|0d=LbkIxMNxm=nW4RdBg?eYFU
z4sPPQz-V=~WqeT+G1!y6b}g_pfoD?27gf8eOXxs^m0Vw*FKW(6DknM=y}K&)ovH;z7LE>IM_Epf3$Bv3sK72H&Eos&g_eNg|6v=ppEoo=ufl^
zyAsTu2tO6)TklXD%A|4e8PaN8ARRxmY-v@k^&Zs0#gqkiLEUkuQ6R>}R0Yb%wwsjT}LWH06u?_>w;mEtWMFmn06k3(*e=92>PCi!?>7M!dS8;KRy0t$heql;Tf25F_F<#
zzC^!IE~dQk(rOC<_8t*UXOl|7s?rJm7jiMp4N7ZHG>Mzh1jOVcktiAQ8`i>FRXSru
zJqdn8hn<~*nT6GZnpofSME&lL)Q=49vR#!j+44i{t&o?!woV3Oo
zC=Wqa=p1t9`KBH|2g5zzR4+WhEyo!vM;zmus`NAVK8KbMNmB|Z@A{_fGk6sRvEO@$
zDB{C2?X$SS`v*`Midj&U^x-*n`%k2GH=q&*F6YDZ?MD|%s|KJ4V_>ar=*n+(dix}T2o@iH+6j!Oa)fQ;IY1`pKu4z
z7Fh2XTq`lYsc9H-#5gdf8&-Qi75Jw9m@2Jhz}6X@i{JRBhN6Gn4eW@)Nj}QXd}LFYEOG<(baJu*!4V#Y`&?R_e-li
zu)YQ-iEO^9&-!6dc@m6g49oXTQJ>&n$sy`qYaYkw$?K##40QcYg(1lfC^CdkC=Yx>
zZHP~v@J`;xNnKJD<(n$^k)CUWy23mj7|lAV&1fMs4Y`LP9u9rq)K+{8kuc+%;_MmU
zROSw8Rf5LI3$k)bnJ
zFxEFkfbmU5@a~fshnRV>f+MJWbh4griieaC@r-Y3ASRLGO~f29(qqX~lqb!ZFxC&c~|
zKj(-&ixM}!sVTUllcB;%EVRrhhvH&x(i
z$sK`s7+41%_k2@}KX>sFz{VQf_@@5E%v8)n{4&BQ?}D0-@0)su=G(6U+!sR-x_x=R
zsiGMB#Yr&EdMw{Jwd;y&!XLo?AzW91=bL)Hh3?u#f!??i#G!G|H(La;Ekkw
ziH5+Mc}jfWRP*Jod>>$ge0k3|m1}}4KONXCU*7Xg#kIwALh?PW1Gd?h_k2_Js!9D+
z`yjBRM&9_Q=HT{2TtxhJPu6WKYr4RB1>aPY&(NZRebL5n=u%q5ot5XCs(2n6iUKU<
z5sYu@T1mGnsSoHO4;Fldaf>v*so`jm-02Jk>&aLqCue+91B1=So++;48=&5bq5Hn6^W$AozJBok;?O0+IiermH`TTZilqh^
z4GoKi5Z^boHXjI`0QT?*zHcgdA)4=K#6RO<+`iqa@qAM~(Ln8$U~G(G`Rk{rl>5
zQcLl~+WriTZ*Z_vf&OTxg3bolHais(x1ZDwtuHsAqQe-QQ*f{l{m~AEC?R$z6zPR0
zGFV)-Hwg{8CTNX38Tu2Q5U0ToEt;~jLyPa%L#xr*G`j+`G^lDt`bE4Dyr=TMYxui`Wz1(wtP_#SLc`am-s$Pb)&O^g*
zUJ|EF60A(Cpskg}sh99W?>Sqm#T7j6dk0hZ5UL?J4yNfjbn4GJkUCxtZ-X1pa=>ci
zfRn47RSt%0eRL*TQ$A4d4!z&t*6d6fZ;cIu8@ltcCf?#a(e*LpCNh}|@%eGsttbJnJ|1p~@+yt!dp$^WB;2cyF3;OmcPb;%3WSca
zB(FY3)qs*g9_G~t*|$dYYGGRqLxC?M-vKYj8(q90j(5jC9G6QRzK)VETu)+Qec+1P
z1*bSw)SDo_L&}PfAsW4=Qs+tQ3eb~4&JtRi&|rl5ZHW
zjA!(#YQaqJWaS9`{+N~Cq5(=P&o~k31ZKHwkhL;t_q;q4g*x_!X4M1K28Z333V^O^
z{-G;j2)_eog(#i0DztPuFe~y8{v_AMl^B?lOn_DDG{&RAJXHvfrRO5ze>m*nWVc41
zSNq=))<(qc@DP3p-fF{w%hiniNb@kT&ka7s7hkC=<-s%<(60ub!KLy~54;9|I4jg0
zzcn|YePso<38(dBEUysMCu9Xy+3|MTaAcn9$tp)gtK8f&kV&oB0u{2(4jdX|Ta6w=
zFO0*UOPV$GiXGT~L|8o#J=lZ9Qo@_F=o@z6%3+l66o7LKVKou@FySpbFtM9$y$EcJ
z!Pof-?6m{q^I6t@V4oSBo3dk8RTwWxq>WMFiQAeZ@Ya29my
z4EiOM3$g_U#UaP9i=u6D-GqvQEBjDPWn29-(zZ5J%B>LFjuth^
z0UJs9e!|(g6sTakTPP5~@9PI@+Un&KSSO7L@gjaU`XVi^p|$K0MXBA}vdLi>fN!%^
zyn-e|q~rKGNhfST;@fWn$5+`ZHA2*N#Q*7Gg6LLa`&6hKhj-3!iQ9>f!~cbYg7KH<8!89#+L
z356?v9@u4HzJ5I9&)F)JX=`i52<#+;!0ozsJ50wE8O+!<@ft)je!$xf_TTWUp0!
z%`8;wKQ>m{V+M;(%g*tH!QS5sRmoD7e#&imnS_yvR(-|_NL3R30q48{VN_UF{X?aY
zUMgOjmrec=|ycwdg~EF#stIoOEvG)2mnfk1m~Xyv@yhE9QAkqp$7722Vn7Sj3#|IUYkb4%M=?lZ{HZXW-VqZcs)
zHDrYXQz4hR?-|IIj}JbxT`)Z|3WF35Ek>2iHLiPs%zN?a-awuBV9hEvv#WyHIF`-*
zNoEz4X`oenu=NdXMR$+}8KUMKN<%w&R;pvgbvu~`e4gQ4pkm}tg9aW`!9P=M>m^`Y
z4X$;}`U5&9tKc7FbvlQEpNrvW^Ld(`$?W+m`1oF3rhkB$V>B{L*EL@eT*Z3i&OFcz
zx?fPiwq1466a%w5v8k8g0*Thm>}@J|5k*F|^bnZ+{!4eeMBFk4He%a|=1?Ujf;Y|6
zY$YX0WL%Q%O0k;z4?}kMzgl!#mtYv+6Tr_!{V~j1iV=J)lm>=^RVlN5T#*{
zRMROx!7-SS;Ly1v4T4$P)cx3&Vhv_4q7*1q4DFh4$@@|zZv*2&fE{B9T2CtH>O-l%
zgz>{bm=;S~M=9!iUuJ$RRq+t!!eG662d2IOX68w$7T{VC?}K*Y-&89xCl&Susro$t
z`+fl9caNn9c=qoHPR9j*$%_|7$c|iSPN_Kj!mxNpiog|oSrV5&&6h+K5NZ%fj|xX-
zqsd>BYV|?gTtr)79X%x$yYd4!qN_#X)4OP8wHNMB+N*F;6ln7*zYi?ltfx2nUQNO`?5K
z0`b@v1$#cSrgI>CpG^~!5`wA=d;nZ*!3ii29NKWLiS|Va98keW>REd8luQsR5s7Wm
zxnt5L6|6PM-8`i^2#**|n)Lg_(3BnyR-5Qv0K-8T?UD3Xg9F>+f_d>?EHzItAJ_`Q
zIVJ9AQ+c<>{{@v*Q&`)8y=QP1(VZugM#TjmgnRoW2;aq$xZh+KWMEcYaOyE(-3B4Y
zL@%W%P4qrzU`br?8+e=U0ii-Hi8ZAkua29bKz=*N5}>K{FOXu}n_rRE!-(igBF)gE
z1?jcg)7Eo=Vs?c8$%En`RuTr%?LgyeHcu62gCA_+2#Xwg_T2UmWY?Y*qQny?;z>%N
zt8EW|53bAoi1`c$yDsTZKBnpdquGHLl?~yq4h*;L*B+C4I(i%2cvKb((w}HS)*%}w
zKxU3@S50l;iKu-_-iMBh+
z|&LvYE^?5p8YW(nw`~ygK=T+eLf=`c)ikE&aK(wS0YNH~EX7&?!OL
zT=?|4mq?xrPZthWMt`DBW)*C=+0@9mlY$#&VKpw=MetBJNMUN=d)h*@<6`=klkoA5
zKm!rUgE@EVatuU)hlDzM%eKZKoryT?8|0ww!%%yn;;?*bA);4#kf1ZG0N+)&5*28p
zSgognP-DNv_Z5+n~I_|(GL-r`A%2lxr0<_OX
zppi(SYalbD8mz?Yb9?X@l{iJF;0_Uo%O!7Vps`3HH(O@YeE8Exs3j{Ub6SGe*5|(4
z6RKK@(sZX1qWH`=BM=xsyBkR>2hyH|$mt}&#h~HGgxY%qtH=<&3dbf77PKS0mHAyV
zRE!bo!K+%ue&B~ajtfr`YW(+F#YI5ZJy@$~F=zvdW3EWjWy>Cw)}kccwX@ewy9&wZ
z^y3coa+Zip#&jw5J-UNR5UOH+xMESbb#T~Cv#0_Y!fU2?*ArG-M0fKbL1%6ShDB-G
z1X!216nUs!>GH-KsKxM}{a|nx;8;S^ZAmeErvm|zhn$|eyz%mBZ#d3~^A3*peJ+=G
zyeP&MPw~1y@j7aO3h-7!-wj0mP6BMThBJgZQ676FB034VybA}z(dCV|PSZwc6_tQj
z^EhsK9k82fe0Co1@=<=>3l5|mUc{?JbNNjnN(TxwD$Iqj^a4WhWbwqphZl7*h
zbTEO5o9o_#L2xUQHNE1oMdK
z)Kgd>jF`KC7c-oBuTazD{d}=kZ;2l@rxx%ghO?PC<`L01J*CwJSbu|)Rx6eAMce3p
zhsUk+fUU;C&s8WRI4N(@iMH$_Bn16XyDY~5KVabk2+^)?12@%$SAXYYC@buX{@T;n
z$-vzgovu%_FZzc_Extk>HYz4f2Cv1$NL
zQ%}O|i~ioH*m)X)q9>sK1Yf1j$=eq_b0WTef><#bKhGH0?2BIMoQuBzY=gmRUvzzW
z(k6=ovtCB-zt{#fc&5<|uAaJ!ufSIGjOn}9$ipQ_Uu6w+L3z(K>aPPNAQHi0Uj-y?
z67D_I=yn4SfGAcJ1)*Fl$$O@;9CK??$HTm58nih?`fsR3e#S(*)0t;XwC#;~#x!9R
zzIg`WSvZ8m-G*3+GyfSA=?M{d=Vwf_zZWe2NsPFlzyI}&sfmrJ&R$}av`*1HV=B89
zuiYWKAd%u>k^hV-^}1j~D;vnHj;}`vdRz9B(N*Sc!Fz&O9e?oyX*~`BUL8*~olPnQ
ztIEJV*yJCJ+gMC8U{7o>c9i`;3`&SHoy?;)Zn!}o7T%jsu7RtGyE
z0cvUBQUrU8+&{bvQ(*&@C&&uzN6x%O?v;Ol;oc&5+B2{mXRI7?%p&*p`7lX_mRCvB
zy_~$e$o;E4c>aOdV;&;v`tVHq;6~fJ2wXV(8^5;!L+>AuQ_7H88aYWKaj`pLJm|5gb?<
z^8qa;xEH}@kvm@t6mJ%}Px_xG?nmTdBhWms5^w)w#9Ox*t?fMGFB8UTnMLl)TVp{C
zqSY)H5<@95v&enwSbPc^STTcVWS~AYj-hZFM$_uRn#SN-i8cTmFqHTf26O{spkY1X
zr-DW99WLTCXuzH|I2XTJLsflg>Qn!u`zQn-nio!Zv^Ij-(x-$-FY0_48)9M!;1*(
z6e6xtx_Rghi_Qdb%s9q+y>YA$4Iw#@Y91UcVaBllHX9>BQ5sMMf>UVD?2TiailAr-
zZVITCfz3E}AyH_20I*>Or*Vu*zzWg+UyVO1h#k|q&qD%PB?8VzsKE+ZnE_`XP6}43
zBdx4QWid>#>GNDWphNI?x-`;OmIu-m$T33b#40#{D`W=At?z1?E4~aP{p4;SL=DU}
zGFg8>W}>`sL(AMvh)#!*aqPTLL1f9Y(5k&yho{
ztP3&+)-94*$Bd9h&dBg5TIPz8iO1LftgI{{d%{i<3P0y&N))e%X07p3LjGJ;i)Io|
z>AHAE5y;mSGC7YP;i1p`Jos0z^`u`%?9$s51i);Czp1ccvB;(m)SA}
zuTb!-U6@+AS!QUFEh8>ei6EV2h8EbexC^x)NVk$EW1;XhTV8R~8saH*wKD#SEgg(G
zl;9jstE-yvjkc_NSm$tyr`pv&7wccMj@U8_;}6Ln%ch_44{T|>_>bB2Grr%J_h1=0
z$tPm|&#GPhC0>U9%eH(T>$nNeBHX|7;~D?jmet@RBfJISR4T6hjGwjT{RK2WB%A)a
z*mDk@u-p%aCdtpqrl0X!w!F(NpDo$+GyaDy+qmU(ESvtv;pNCGDCMnfI{hEB>1RBj
zlm%YXc;cd1`x(y-`*vtNi*Tx1w|sJc4gHm*yswMKTM!;qK8%->@<>OG56PyV@zPSx
za^>e_)BhG-)b9plksG>~+34xF;u+c#kmUf8MF%`lD?X0K-cJK^6I>5u%z0mmp<@BL
z6A(%L?Ms!XvG-Cy7Iu5-e01ZWuXlzn1Y{|&Wo6wRlts^K`F)-|
z-b^AWB`C81k;EB4)hh2H)vTZ#`mHXPKa5m7L#2Xpq&r2+v&2g){vo=C>jY(mFLYXE
z3DV`lP|cvM35e2a>`T4S08(v&@|_V{s;4i-P>Y~E0*It0_)_OuL#kI$euU>dl*CF;
z%1w~*Zb3Q5or3Q5MBQ@fHL$CdH99C?I-uphiILYznlWiaP4%rPd1WPTy{^JK
zxU5-0*~hKdOd^pcj%55B@#ESn5#hLKbF#W1L3H9mCxfyzAWE>ZFEt!xkaayM592+gVn4$P;!82~eNcYk
zLIZrM=W0Mo#K{GnwA3_TilJLUxyFT7`%;ZD8fWE>lSyz!$y7jO;TOKt
z3DiPX(KvZuqR!XPz7#|0ak3sDlFG5%ltxV|!+Yc86D_q=34(NKFjO&4P69+y^?a$v
zsWckL$#>Cr(FasJ`%(-wh?7TMXtXaipGu=coGegSOD*uF7-|f*1RL5~zr@?b#Azh&h09T(%4l9w^_q@+(7d5ur_4f1)FJc+3;rGL|tx8fPf
zrQ{_*B${iL$?LAKV0CdNSFF=gr3up2$WVroZ@Jaf&`1T!J?MN_1CQqrCSa{Xpj;cL
z9EWY4rW|&3x^vjcd6L7<&I&i&!(kWav>V>yu&a|wizmxY+u!E*?Fn6mR~%Y2w}A;n#QZQtUs-=&8S-iIkGSI0x3TZj&U&yaSAc^{^{jk$$L
z1yU|AGtrC%;Z$!`xvLTkL_cLbBoM|$X89xHuAS0c$!q_iOg
zLb>&mDZI|W&z;g%?F0!1^#SKjM$mR?o)I75oQ3YXoh5JKyVk6RBCYgUSY*e=kn@G8VxTW2
zvsaS7L~W)2xd&-cSyhZC)q^~f?urnp5?+jAQu}BU6*iN)zColha6K?-d^G6+Tx(4F
zXeW_s7jsE#qDeR5Ib>4Y>qKgfTL#v2Fq%{c1;(V|J3vbN1+xN?r*DK8CD3vjdR7*s
z7h0%ATIv0tKwHW)CJ<@%A|5r6CijIF?3DN5Y-ufpYcm;8VI1~qa-8zg2mR8^Q+Q$6
z(VY8$*E1YmI>R4>(vRjS_4MaUxS1LWo^I}FZ$w~wS#Mfd+<%0UM@F82%emCa<9Jjv
zIw|EHY&Hv-6{P=V^0jJYT+%Fz=C2`kkB8{BXl+<m=I1k`L04XN;82Mg0=l|n6UWuzF>_ma36zdg{WxKYkiG1BFR`Ivf?E?0ih^M
z#&dGbg!=fD*1Czb9-{O#)Dl}S-`3Fk1RWzNbwC3c*;*vUcazpBL|?#Re@;*zhT4jx
zQgA-rq-Z3@kS@dKjCU4EwIC|;1H8u&Soa6~>B{8pBG30Nq(zq00HI+lNgL2hsA)r`
z)e%@9gP$iW605C7iQt=wpJBdfj|cd)A#mpWQtC?|Kh-ZuTA{HpIQ^L-)S%FR?uAUY
z{xek4#b}|G!MOjdc>v`UN_K4L_&Ss?sj`Ir?&<_P$=Luw5dxAMhkY4ViW_9AW=yh^
z;^;CLnLsNU1})msOZSrTiovJYM~&akY!1RBhO`x?xTI=QZNV&nNy9;S(vXf4Nq;7`
zom9`zW@`%ot~3Oau@dR4vdK;D+|$s=#9IL0$MK9PeH}~A*k*1|F=a+2kv{dL+iBba
z-&}<5i<(1pD@;F&i;#Pk^z~6BdM3nI>b7ODApQMsNYi67(gdV(8TY_!M(g3EFMXgP
zU)~6KR{Gn=N!$PM&08XpN}p(@7aL6IG8vghDCvqukHS+X^7gkQFA_=$q8<^Y58Q;B
z%Xl>yIRrpwW@|8+3^0~hHE&`@7fMnACm!tf^QK`S2nUk*fwP_14|lmqsR5O|AL-nJ
z7P$eH9-svl4=|P%Q1>4ORsiuC9wz9_O1aQST1kn4RMI8n+Pec*Qf5Hatc7(7z(rI1
zv?7t5q>i`5NJaT|+lf*hO
zHygI3MN~*U;vlf2gmYFjUL&CX!7P``N_-3KXAjqFawILIN~#}F6CQV!
zBy7Y*fWuY7c+-HgfU}a)!0z>MS4kPlSDS!JE$5P2fzXjiR0@L5tQ4B3B;^iNDab|9
z35!aT+67d3bmnaQ6p-eS2pO+M%qpHS7)C^z-EjNei4!Yb&2dSuM3d;1dM3S#
zNs*O)3OA^%>C8R
zU7___X6;ITc(PKVxiJn=hia|^&iu72^uB0_z&o#9xs9=y#An5b3;O#XYgbm{S=L*I
zO|m*gvv%e6z0x8ZP7u@(7Wr#e5({GE0Yu+0P?aBXHPhmg$KW$8iCppu6`Gy!;*)}i
z(Tjt1-u%4=s-!K^f<-@**2sSeb|S%SOMatNWLt|`iaipF^1Ub;gaHeFWd4Tj5VMiF;dpd!b_7mh(5JL0x@$}x7(
z7|E9vomlD39&|}1qe--En@PNWJAG_Jm((JfWUgX;v$A&(NVxW9fODrFrRSu10FA~cL5doU3Du)9Z^vP!*MrN4N8_7BB$YZZT8+3s
zC`RMtSAmkQXtWvKG16#UflyMQn-p*Bk=A|>uK8R&BU1t1f8dyHbSQw6MqXgYKMuS1thQE=kvwd+f&@{)L
z6sEs(7a5N-I32~tO)AxZE(6|U*GfOV(Jh0&h)BA1F1f1Giwt$kpukq3q$?VIkS-i5
zgDQlQ0$m2YS8w`v&yg%{mpcH}O%}JyRFB+XxI%0G13v`MNS17invrlv>(5B`ZHK1W
z(6RuB{Wo1qW=7(maK%Q%@9;1|Xa0Kp-SQLJc(}kN`=jA+&_v3B4Buq)1gjK@egC1pgGJ*gzCeX`%umMX&*i
zQba%nQL%uP?|07Z?!Ae=e*gEq&vR#I=KRi?K69q*tgDf1K{WgtN%VKP?S#&`W3}
z`RJNi$Ql4PI3S@k7HA}8L1!UvfOf>8m(WQ1YBuOg0KOv-<$@%eUn9AQ;Zy34M$#QM
zfx|6>9IAvrM_#eG8p(@QY`IMUXhR^sTvsC*g8fvMG!TF>B_uf-NxvWLoL>MyQE^HB
zvDl=PR*J{|KKG4#fOGpsZsV16WnYaj{Lzk$$ty4D-Dl(s9o|2IO5$-Dj~by(2d
z7l2hI0R3{aOh_$%3N
zlYV(9E+D6-lLA@;qH|K*COsQ;Dht^Gw4M&VM3X*T%@%Su08<^1ze!i0XA5}*w5J?;
zi6(sxb4L#8RRG>15aog-o4-l-!!YG<(#_Fdapb=N=x1V~$SW4NNtaz}%MC|1mcu_l
zuG^$1ZnY()0+2f@m~h_(5<}J(T;z?(W2l&UHkf$
zee40Ar3SQZTcS@88)W5sf$XDelYX{)j{mL;!3uIXVpXS#tl9^%*Wdv0yY1i+JW*OZ
zCSgZ_SHpA1Xq>Dt20z+Viy`XEs1jz*n$2;azMesm?;M@
zl*S#*&&ekTK!50*MdV#-K&Q5fmj$?n2<~!L6Y(!d<2+V9$$MzAkjO^_FU367SHUm}
zu}4IT%nD!z4Hz)8#Ij)jqd2{4uk{J)&38&;9X6v#$S41octzgu7*j{9c>P%{UQ`i9
z@GE#B&R5Ma9tu_Qs<%5ZUX^Jft|q*c-X(cKD!6G97DJ|ajMW#^h|n7VchHjE+ad*I
zh~OunLhC-vw1Kgl4s0h+#R;nEWET|2^DH>IqVWdCKR7k9`|I>pVQT
z29HKOBIkRI9Bf%q{c8@?KczFh;vNWHs2d4bahs)tPhjCZv7}IpYLDxJbZ5!(*`Uua
zh_Y)jf>#+99NG$_R`9$U5VTr1^gBw>JB~0l#c)1kN!i4eR~huFP!YU+E;2h-8h5u=
znSITPt&0}H&7e(E$;F~CpcKXIwNu2J_@^BqmJAX1D9)&$2;N4*Xn{W+IJaYwFBVXE
zP1ho>n{}fXMjT4d43b6TFFD-t_n#8(Pkr!TC>4tI_{~blS|>t`Aw$GHh+0&3qA?{?
zrR$Uv4%HYAhZ9($5(U?Q(ouGwZd}5CHUZ+Wt;5kHhs(y%<1f#-xfGD6S#6+5q0$_M
zZqyO{$bx!&a+@nn3;5VCsc`m{wkTV6VaJv#&8`h9i>FYy)a{hW;`HkCRi$Z!apM&w
zd;$ySN<%A~965UTK{78J^j4CHyHkdXXKWYT3y<;Ol*3LAxugfhV?M$U-7k$=sVW}k
z8+QEd1z@#38PGz4J6Awi+^ZW~8Yzy>;P|`t$gjJ0K88sBgBmG`AmVBz;7!6oMqY#v
zd$40Sn*Bn`SO>&L
z=m|$2?YHqwpvqA4c8$Vj$Z_K$Zl-z`;G2#-1`nYX^|+dgxJH!`s?t^4k0AfQnqzQz
zbfZ+Gibg56u@2k+roz7sZMI}%;tuTLr?@0$jvk7^FA+-}wTNW9A6sX#F8xW4Izv7Wi
zWX)ZJN$)`8vkWxjx9n6?v*Xq#;=cS4k*Q-GkJPy7W)y?)E^r)uVF4lif;Tm&UJe3;
zLn>Y`Mewo($Uqc&3zQ6H@+JpZY^uT~$k|?e&LVlB2=4Z!D)d9p*$MEG6Cq;ZLJyeb
zWDmr0?Kz_jP6N~)A;ljKmNp?J`LH2^LslYYEu?WDj+Ik&$$8sO0y+N6UNX2HG%XTx
z^Pno)1&)yaMg55D{yv0EG%jO=BDOt_jDMY%1@}Cu+GN%l#U>Bf@&DfhJ*q1D%R|Qa
zAu6+~Lk5>c$;`U`Dync>-H3wnO`~Ta1@`~bjYaT)V6bi1jqG<6+v@*@jeA#|D8w0R
z8XvPysk!@p;-yyOcD^_n1$COTe*qSxxGOqn=fVG?Uy6&jxLq|IpbOeTs0JCF2jq~S
z%%-N-@diWQ!_o!mN9`O4SJ_5$3G!4VLt3N5pvlZQ2f|(1o%;aE8u~p}iDnx=?8Y0=
z6j53Xq{`;kXGB&Zv^rppw$;T>2SbVRD^DV>`xuQng7C-i9;pT8*a@m7wcxr75L9rN
z*{a!n_>-y}@rUe;DORUAnaovu(l6Ceo3@;j^!*vk?y#Di0~yRg3&Qf5g_P>^I9iLS
z+`)Nl+8iF@KxkoEo@2;WL(qyi0guRA|P8D;$GzCNWTN2#cjzuTUl>Gg^oIE9LA}!C!CO|)L9hQ4u2isF)k}-
zE9$^eqx&&U9CkRU4loB-Ie(2%9b{It>LBAbs(r(sop?~;atG;O(21M>F~@l!6zwh8
zj}|&`rUM~|JiLy|EIbeA(DF+K?Vq4BzYj2y?=B%j
z1pkyNgr`TTpth(z)MMORoSv02o3kYv*8;oQ|6EgN2Mhs>dBqRCA|5`@Y57|iNPGfT}b`!zQAvZ^IB^|zE
z178oqBoBr2!w_8@gYQ@e=Z9oH--5+-UZRU4hfIgPBpvi(L&TNBx(&p9&|Vk);k(_z
z`5{?nYqFS&ak@C;km+EVq(fzFh`3!3aBRx1z)@?QNBiBu`5{?HRBS%S)Uo1GJ5j8>
z&;d5dr`Y0-V8sHlnftmfUWadU2j_>VW{@d^F7HzLI|vwAWj92SAyjqCl0kKY6#c&9
z^vG_H;+@x($+El<|B-`2(4ieNDj$Y2aouk3oHTMtGO+M3H_jKLa%mY_2Z>%KW2&MC
z#mby}$ao9VJrxg!)<*sDR6G+p>J~jOg)ZRdm!Yfqc{y|sKd**<#?P-pZ{gWx$jEy{
z#gFw-z3|Zw@YkY=4jpf2LwFK@4}DTcWD`9ybSGO38G0I)DTg=UL`mh)7r~JD9afU0
zo)oeij-&EoKimOdBWTA9D)9^8Y3zk2s21gIi`Fq8sq>HO!lbEG!$bAJTUXyUNEbY{
z@H>Ad9Yu`U%P@H!zOhJ`gj)L
zzfla1+a&n|(_bgnUO}%ufTWfKEyo?Gl^
z#hS{Ujc2__;VI(U(ik-``qAO4gWQJ*$QWdf$O?KFlp&Fa4nPMYUw<#(u*QcV4Ub#;
zr0O{vo;idIGe*Vzh~*pV1sk44pBpQ8gt&QoZ1*=C!9Ovs@jA8q8cDYd
z$7VFV2hlRCBkp{UMQmonb%)5nhWCRQN#zjRwBZHvr+N^Z-EcqDibyKe*qnxk
zU{AbnI?5$>igzUmnuqyG?9`lPVCIgM^V}T{M6;LT5oBbv9{TzF&YnwYJ(8z!TEq;f
zo{^RGayQ;WZ8!ySpW&|^gNiEJFfCaRYPJ$ta})l5IyA{k3u+goqF(jK>152Q>wiAsXMc80|9SMMSd^!kSx&ATY+deE}p6i9XfvX_fiyCgXNR|Szi2Yxvb
zv}r`=$SHbrJtzlWR2Sr8lN2kxS@!I$UDN+skq0QNZ`dl#jn9#kK67IFr(OAg%@
z!g~~5^q}{b*y;Kc029&TbV;(=yD0H`BU-YtcTsxiL5Yp+aO(n;Nh}n3#iH{Ous(WF
zL)1$Syc+<81fu-1L3~tefFAV8y|$$30L(8Ti4T1Z)`RZfW=mQFz;gr&ki_TihU-B+
zA&H7l9suBo15y(ssuV_A8EN0JK(T5zZ<<|w%6}A4eOSNnSDy(qj{819W5ZwTkJjq1
zK7~V(CH3In#Gy%ENph>t@%5Bve9{lq$LfJY!a&L)Fh&u}C=%yZpEnupRG%*&mkg4R
z0J*|NyVd6g^rQ*kmoJ0%8qqm&ZuP0vAD_BJCddy!``n?Is6L;s)0B`~0Q~8I{MF|X
zM2Urz`4Brt_;Vm7s!#6$DhFf}0NN0U(k02}uRgRA;;%k$?6Sih572aCp~x#1xB6Up
z-A=({0IVU9U#{AOL-mPIx3l4O01lLpMSi9ccJAu&e-#5@rohVB0*W+}iTahOoCi8|#^
z)VBeNV*9^|;kU9fzP*CHfl_thw4*uY2YvDdwlY&8Hv@ldK`pdrrEhf!I`{|Ro#5Tu
zA;}`9+e+1`a$p?~+H{9rT&d!zucK5w@tn>$xfbB(iQz@al4Nt0DxO$7N)>OJI!e{@
zEPR63QATjyGgLmYuR*Wz@WZtGle
z_T-?Ut#f5z#hCDp&b0&4GM_?Nj?Q%fF>-XPn+V>~t!~4fc#Dq7K)3pt7;N3@El6P9
zigG#N99y$rux!J+RpYY(gCm!Ke{dYJ9TMw*B19wnwdXMQ`Ul6LGN5&Ye=mn7X?NW|
zp#t4%@=M4gcX0gtw#G;~7w`v&WjCYwgbH-4k&Jc*$H_1043b-c+~K0#!O_Gd`4FiB
zCqVm{=o~qBaGcx@7nxESeFxfa4!y+Scxjj|B<52@8-H5}AA^T(wGea`k_uXuLoYEn
zhJ1)mKO+Fy3xFX6qI5~J`3J{<6DrWHhGW@?Bfl7+<-|gfS1j(}*sGBp_%;Cc5Xdjr
z9UK=I*^*8HaIu6WXK*|`*p~D=0Hsjcfs&lTF%>nH4@V>bknDhzZbg-X2ggz!ktmb0
zq}l1u?CLZ1^MLBZZ~XbIPx(!#B6mU96cU(#vDaUHN_~o!xdi?z92#z84Xi$$i>c;g
z9@ZHt_XB>2Sn4s_sXncXspffDH6oC_0plkZ?N*-*^p{OY74Uv0L=65aa&GlGfo0ET
z#9te<#tywi^;t5)7SaWPUJl5wTc!80g-ir(mP0R5ebP{Zlml`F08bN$(k02}uRa;Y
zRP$6+OOE_efKCw$<*Z_HtIvefcHrLw@H>J0a^324e6KCZheAxiKTwiWeXjj%OUeMC
z6@daIIn`(XgE+K7u^0frPzR){4^@hQ>O=XO(c}PX28P-P&pYF3e$bBA@LL1k4aC0@
z3(f9OyA^SeyWoA$A<1n_w};y2UIqPA&@Mal;zKR389PI5Q!LC7PKKVt)nE8)uhOD6
z+1#O)m${vxmKUm>p|(*Ed>|W8*%n4umz!+vP|Ld~&icjPb#`#m0a-*0lr%}Ue;H~A
z^+k$a0A`QN!Eq)wcc^^|LoLhs7`|r-NGTCXpKj!#_G2tz%U|K`K`y&zQdIDiBO<9k
zwpuXM#y^9=>H(A!2;`xbeC60<)gw3Z2OMXJhcgE>I
zv7PiY`O-dt+D&!F>0lhh3mm6UPPWHodu`+lnl97rae6lvQ`v2g)0x;>3LK|n`ywH&
z5O-&sZh1gZYfC(q#X#lpA
zkmPi<-QPe*O931P;5`SVI$Ej}+|jNtM50WR)vPl@W;HM2azOQAWzb)JYGaXKmc4|T
z0RCEY^yB{O^UYnLHH3e*Lz6U<@K>KDPa{*^>T?UbLWGnfV2mS{4kXT91DVTcr}~V+
zwm*U76EIf0Xt(;rcKaBv?y9KB|t)|%FP6TKcu~6g{
zi(7pnv1h<3SOLJ(1oF#u$LaS_!8rwc0XSSjl2d&~KV&E43jn??A<3yeU*Yr_PXvQd
z9m4Qe#lveLR4D?g55+2@-465y7^jz9aR%f3pr5hICfk6w1M$C88^!BPiTjU51`LAt
zScfE!GuHdRawb6c6OdA(`g?VK0(~Yo@y9EO4hF#~SJmLxc7l3_*w1_I=W0CbeK#HnaW)9f
zkCUPoJkCS5`fRQ<2*w=J#Bb!QVP~2R;S7S$owpbK?a6BB9JS!@Y!H06$Q~r^L2zP5
z@eP8SH1j__b4Q@`FBG3BQ%#
zUW30DLwo2>jVc%e(sp>i;gDoSrrR}Y<&y~eBhbz}^x`#&4$w=dM&WEEBAi-5`&Fgm*2WOHj&duFhAt~SlHgPR1%JYt}vNwWP*
zjXHh@mQTVgw=f37jzVnnbU=V!f#MRrEmn0DCu(*&k>?Ei?gfg
zT#sIqc3aW@v$~*nXOqCGK6dQ1qRKC$_a|Te;xQR+E9w$!tA=(fdI1A8tBSTN+2&gD
zR@AP9DyiW}BjH))qtHdhN81q+n#hRjPCLjCD*GV(_81o|zaU9(w>HxWK-;xv)d)KdZ{tHEeM3>P6wlFe-*eCWh!B7CQ|)9Fr2
zhMqv&!(iOya+A$%B7DfhnH(J%h1)EMVL6OV#6U@tWc!yUva~en#Jj+J;&QMMVso3w
z^cQjBlH}ZkahrgY5|Q-COW6Bet_{Yjh%Aj9PQ>3md#!?}91%(Mtpe2Ed3gYK1gL)?
zkS9mvtB!*E`PBCcxa(_)*a(yAVdCwd5fN0z2fkI6@x?{zInI8bx1Zu6RLU-JxRvt8
zbGZ0!AwCR+u+-NooJu(=4^5wZ`I8lVPRQxnccDk%N@!O~;}yFS+Ldx@Oz}#26N}}H
zx92y{W~;81Atfo$rcT?O^tpK#?OspCCB>qm5s
zoU5QdfHOT*=5h*X_c`1JWPL^aIr56dRZvG`-IfDy3_wc)`Q^F_YP84BhW-GI
zEFsBJQ1dVvu%!C|c({ZlM?r1YQ5RHvax(y19FUsdP^Dl6b$TW>ERvOXd@$KbMLOR5
z$Aa=m!qCy=Vync`Ga6+`h6p}|%0V2-7+$G5u5vhvm8ZN9IxHJ_p&5G<#PJ!HmS}>0
z+~FuT!=FJ%h2{`wi!g1mY8h!1U*W2I;xhPppQh(Wk-0{wAMtn$MZ@N
z9;W9y^m>zaaY4BX`!q8xQ-2?OSadGPSFf26X-$IpjL<{!?xABvT2pp;#4+hHMvj{#
zOd>{p0FJa~#=Wpli%4ss4;mx+(orR$rI$A`Z3(T|Wg>KA{u{W9fM}6}!I0M4*sBC|
z&=)V3f)2SU0Ue{sE^Gmv*u?_oKtSXYVAJxAzrdTV1yy_+$5BnH6(;SRXUkGa+hC`f
zlr7EjWbX-k&3BTrSsXMmE+Fgay`Ceo{xqfOjw%@~!5h>|_>D8AjB
zUafov**D$?5!GWT2h2_65tR#%8l@@2BX5s|uv%p~b?XMeKP8R|CGxQ_*i)m15dP1Z
z5Y{ky3fX(&OjLSW^!;QnIt)yD%qp^xT>9P=9azd0B7jOYVoUxjmM
z>6tMn$v$}+?72}K?&FnUZ>z#BECo3$RD7O-_Mg5ojxfii>E+BZ>6l97Cge(^SQWcE
z$bv>?Rg5+xsg261Sp0^RHHzbqQQa1zise%7z6t(zltdhHPk$9fQcVwk4}Ml{Kh{N?M6sey7z%r`F
z6hyI^9yXnblwOrMe+u81I7TYc#%o~@6NChbC9?k;U^^&T?x=p`ct?h9B>>fQk=(@t
zugP2nN642WNj8)qXhqskL;D^P%)wXK_i9-$Ie)d7fv
zlv?oKtgBl4HI>{7|GMPs`UdTdK%aCMxYXT8rSwxA$l4&u&6G28mC%R!90!AtQ3p}
z*%3y}61)fiXB#-_InaLIYd;^ipIhzcyLc{^0|!kMX}Kz|iYN|T1&DtdT%N}17PUQ3
z<3<*>Hc#Wm7PT)=;|z;hl&5hME9{thUShdTENW7o#?35hE}q8O7Bvk|;}#aR1yAFa
z7S(%C<5pHWKigPTaXpQ5EvkT?#(CCiezvoyzIhtAw@&i2gGCj|)3~EW6~@yz-=ccq
zXjtt@Gcczwc*n6vh{)ft
zaFZERhB&5~O}uh4ruQF1(hN_NNPQP9lk=eNHHnHQ#N;+l;s{!F$Tr9kzP6jNsSqB-
zxrWOafr>F!fCIPlO@WjqKK&uMBB#OLw3Ls8nit7q3bw+U8D;;1J@G&vO`OT9XU_i}
z0{^P0iL3^;z|}a>m6aAu)!g*`(H)L-c0~B@hrp~x?1=RZ>kmg`b|m<^V`(fagB{g;
zOK~JKE0Y~{eS;8YRugtK@(o0_%xcPxY+na-iCNj~$n_oX3`Y(-@_qHcf}=S*dio-|
zfv08ZL8cUizNg0_I;~?yz%jzNgkq4(v7X?&MoDPPj!C}7?}3sR+7(Hd>bnQ8N@aD3
zqQP{IuihtcbPT5f`99ya&2V%w$3fctzSB|QDF~kh$AiAqpF!yrRtN#hd?UYvqfeQI
zpses+tq54(vX8;B*0=IcIQnsPHv4w(fTMpf74=KL&$`1gAcT5|*L=gDhNF<I$x~JnIj1!CeuKQpK(})fumn*K
z#2>Xt>bI{Dkvnjz848w=1*IoH@ZNUtHC40>
zqH)k%v9L;KsC&8zd03;Zcp3^EuOC2HxfcZVa__^{=
zX!0094I~dt`v~NYNs^pMKGo=iT{>XZ6zm&<6(7G8HsN|OBv(;Gi$sx0G9cnx5>cid
zGNC|;NFgGNU>grvc5oDaLN;aQWfjFvgbm2dRUJUPrf9<)nn;MnWGJVj%Bu%m@hsWS
zuz?+sh6gmOC!UmH&k~ADLID!WK-tXEbglpgiAWX1F2Yt+6y25hD@5aBVs3IGkvRYd
zr$Ot^*`Zk}cv2XVfBhYrP==y9SjkE!0Oy1oRmlQ_H$a`p*`ryj@gz}w3F$^xffDw8
z4p4t3YN`uR0?rOclwa4Z5AY-bD~i(-Vh!X+iYk!TiN*si=QNi^@`_df4CE^R5z#rC
z6a$gG9xE?7qj(Vh&K0XjKShCbKa)aeh1rd=NdD+9kb1DdBq9X}95585-CPZ`i*qH^
z{uXI$t`vh|E}K8Q$Pf7+ETs5QP8us3H4kEk@3}3SXdZ0$wu3R^H4kBj$M-X|yXK+n
zFnufM;;kc#9hUEy0Y?}+B7EOs1FE@~9WlO_(Tz4&gF&pX#RUk6U`l!4(NUm8vLnH_
zXgvaru}Ckh=36)q6kj;i>AJ!kgNPYJG(e5>yAZo&eOs
zMM9R{TbmfVa06g;~50RmB;r&-g63
zWU{E{5Xa>A%Fu(jJG`|2w_OBJ_K_2(G-2VKGW6Z5G
z^dJ%RR-Hcr_N;7vdBkFlWF4K}wo_41m9aKerPn1-4d?|tKh3U;-4~%?_Dh}{-2Ml^
zM=~Lz;TjncaY7UH9f?gc{hBTsu9aal+c4p-M(%YooTdm75#nPR1!%+Pq)y@@PRZTf
zY4M|L0yVBxY!1h2p=FYp!af$8*;0!y2a&Y6d>NP7?CUYg56|2x3BB=qQ|lW~VEv?J&DhV7
zBaywaX40}&*`LUM0qZ0!Q_5P<@gm>G+DOaVWvh_=4%S#&)+_rJVIDmUO#O0#{HwnX
zOoMW@!}3b74=bGudt&wD
z(5_oGFgxSTLf@d*G|@`w{K7Y|B^*lUH+>TxmZDWNR?H)Otvca2WJ`9$`X;S_qZK<6
zeEms4Yj#xg^&g{A6$M5u%AUVc|Tn#8LfZ
zxV(A-V5epJUQEMkddJ?nkJ8x>eqNL2o4K@jM{_GqEk&a%9Ak%lNq~7|{jwtYE`^n`
z&pFs=5%~#XlG`LMr3RxcDJ+qE04i1P
z#|+JLeG}^VsKZxdIBAAwIcWxAy|dts;A=o*ZUCh3ulKO0y@v6$Pft+QpqgPSTU(i
zG@85yEY~Rk8GRALA1t74F##%568d2hmivN=<0t|Un_7XSXo!TR=$UdaD8K?2KsF>|
zCne$;OrCPLXQT>NHlABohNU}RoUtO|Mq5ZpRblrl
zMpNyb)uzpI6SURb7dg|C(?5rOH}?y3h=WQH|pi9bT(p^MKjUvZ?h@^^eFUeXJN!)Z9uJZMo
z$5W6D^6;9AYg6QkV44Tvk-}DsO|MzC4#oKpo65er9;NOoe7tO$zk$iJJ?Nu1V-7bu|$L8CgSxBV$;pXGz8{i6kRv0$O0^Q&>XN
zGSh*<4XktG(C-;@BPx6GuDc|caliEuv=Vs?e5di(C|)XyY97MiYs}ZDqv>!<{~q*T
z2;&1r)U5Xm$Pa}7xgTmI%1nkss1JWd_N`xqs4n7}A@Y^tm2qDV-d;DhMjWgNM~`Tz
zfW{ZWberC%@||;TBEAffBOxX;6kW5(e0>dKm-#_?9BvVbEoNxKWBh8Z1pPT#F%l8@
zErN2-qs7A`{8I$^yYh%fEuG;p?u70IcHpI>pa>Z?0)Y)2@;=fnrH?`pNfZy`Yop<1
zB;f=2e2%}CK)FC*oBoY4wJ!blKc5>6-ECk3g0Os;Y~mdpAW=cM9pc
z@oE!rGy$!RLsy50YW|gpNPZh0vRqvQBMU(v?O-H*YfRLn`*4gKA!~1|oo6`@^reJJ
zrxtE`8Jn~^=yBsi7V
zK>EQ?etsOtKYG{aV!WpGhd@LG{u~QYa~4&spF%eLZbzUxNOfFtt!C>H_N|cnUV
ztr-`vB)9?|{~@8xNnVB3M9R^OR_NJYf%iU#q_Vxj)F4Q0p@l3gEyRbQU2^EETjyRl
zKk6$8X{Cj7hbzpP(pq
zgpHtX!>Azj4lklBm<+Eu_-nl=nT^q{2nC48aq+j14Nri$&IM2+Y(Pb+-$j5|L43;v
zP|R&WB0kwpfHNRoasd=~8&C-oR|5PBFAo~CiUUR122_!HI|7sgG06q+Tjwg0NmAc|
z(NAWA*xChfRabyysb?1=nSDVVQw*RwWra$U`j#J%{QH1d;-ZF7y-|R4ssHgZ!g(6R
zEiRz8&{Z__3c09V
z?WH*|NF830rvdn)1n7=|kUB_n3C7__r~`rQpc?nBx@$o8lR?{S;=VaFDp?VzBnK(<&eUJ@M``|nwKSqLdorkVc)cxRu=L)7MoZnLTm#w$KYc&-o5bmo(>$aMBN2D?k0_XwdJL
z<__c|H?aYr4fWH@^aOpPG($1MGkrE_^ZoSv3ZPGt=9Sg9{57C$@Y5eThUnfS&HkNi
z{x?87;?UJdqGyc+Xqxmk=w<6gUjp!r0}^_jA)wEc=G=R1As(pLA*5of9_ND$L}HFK
zjVpF0Q~|AqOOHsv3Ysxrnu{>3%53u;_N6PI3o@M^|6a&nJRB|Ohb(8GUD#L@Eu&r!0&*%Lr6|h0P<~&^2Sdx
z_@(*S5v0(|mWQ^AzaJ@d2HlpyM;hCpW&pHxK`Iv+^t&|U_u6%2FaQ%>5QoW)MTyfi
z^Y@4B*1iO&r(7hbH~{I<%q`G|xZijcsADeDO@~zQ8LLrELpAda%nBHO1<+qyI8T-o
zGOh}c;hOm;7D*WyQ303a;~!YV7!;+M>mIRF)DVDd7o?KSpcu`p*2b398-P(R$c>_?
zQhyu5e7Opp+Lrpj5pY!0LSIIYNN8CEW4Xg7B6wm`O*89dL63V8{(Ff=kykStT5qsX
zH8ite6Hp%l@l|mY&3|M7w3cRmJR2hZ0?Zrl2;>ZBlx}9B4X0@4Sg7lqFV%o*KuE4e
z3N#3#oKZ&$kCQ@B)V+yHhI|9GgD$Cvjs$Oov83#3xFF-^6Q*SD%3Y7*%4iec2eAioiW7(F$Eu0j>h%hNRd>!pQ}TI?}n
z&FAI&?cmc}Q>!DgjF~Uu!O>TXpjmQ+FsbE6(hR#}IdvkKCZHYe3a1%dB+ceJj4MO?
zdXY2@?QnMl&DJ7m=GI|+0-YZGoM(?628GeU5J|Jc4ue@xv!^g!z)Fu6@c{C+#f2n9
zP)3la@vWv0J&D}QLkZ^NuPv$z;s~bQ)U3Q#xB&y+6C9G9NAz;H8X$MCX?DT$WaB3-
zEMx(`{|35T0r=A{%PL~ww@8d%G^^YN^n0Mmy)X{DAT=z~Ys|(UnpL%?3R8Xoz_ehHZm=5F*>dw};DjfaI#2tgc(XdNr0Q?*d?k3koQ+
zI=Z#-ZoGH{ntTGrx_<&S)Weodw1e9Xz?%-p4k<$qtBMsxj?P)oF1mD8X65uK9@$ly
zW$9s8AJ-TpgOSzY_-jWf-u!~T5vNCSPivQ1jviVC@(3kUU8pdryJ=SDD)a$kkQPDT
zpgkwYUc$nzS`;3mnUjIetc5#FMCPyWqlhw-d^*-bBZ$cursQLvk
zaO#&uKCiFdt$9g$LViRFXcINFBY3I|p@^Eel3mtC>N4@?NJ_r>go$;kgV+Ito-UDZ
zHaRa#gZ0mcKppN-)B=Mrvmv_Km6Lec$e61|oJF4!K`!HdP2bxD46DJgpO`k(Mvn97
zL^9<+7(zeO1)Phth)28XO2hjUoR^9FCE`|ECxaf+f?q~au$FTNfN%ut2ieGJKcZwF
z)OiHsNb(XDmX1f5k7;J7KX4B@XuXK;kL+#)EXr!9AgM^JMYlzngsAWs
zuJ17(hpJE)AGe0blYeKEZ&IWw??r|4lqV}S^TIw|Yz6d<;&5(4WslL!?h!3%eIZIR
z_dNu;3i=O_2y`kE*-T)GB*IvyMKrC3w#zFRn>8~8dzC!Co5^^)6Mt<4wd9H12Dppf
zs8yieUYbPJc~Rpz&3qoyDdx+DZ@UtF*FQj9HfZ4#Gs)kWGhWc52VwLhq?`z2R&kcJ
z(L<*}C(?p%%&?W;6#)Fl0STR#x_4;i#%#Q;iY`*V2HHM9JvtSA>Mkw(tHHLGaR#(=
ze)^9Ukt6%H@Nak9`yjVL`>O=~fEFHU*!0+{_$U_sDnHcfNFiy{?`Ry|0-S-o#eRSrD%ffMTGEG(Q^i
zALAn}@%L0}@tGIkI;HWE95aGyh;dfa<8J~Ui&_$ozl#0^>`j9BnPxqVgA1~rLr{YQ
zzFv$P@}e9#K^H;ERo~3Q4iUuv<8OsLbpfcVrSrbl#Ze$%ltFj}JSf#S9<{|(Jm0r?
zSiag4P1I-@LEp@4Q62eA79od_|HvBX9d;oS2Pq=iEfC*!Fhmj&gZ?A$M&~O(1?{p+
z=ML|p+)03SvMcpROF@(ZqC@d#DXL@oLVmCisHemJ!aXpow`&m^gHr%(K;Qxj?UMZF
zEGk5%kM=^Lu$qK)AHQXUP@gm>xt>!>TlNhSf8v!WQmCp~B>Ly4ZmApvD{Rlb5_(S+~f{p%2p-G(u
znjQ+xHZsKcGtxzCPzU|8dBe*uo1FO4R(BU&w-}nk_oKPP-6$VJ1?~sjm-12AN*xK^
z_ykf)oU#ChHu6^(j1`yV@1LLupZA1OGA9#+#EDrsRI=O3T+Yx*TQ
zf6>G`*LSP*;UHen;+XB^#ameL!c90qvtmw>7k9^8T|3-{le?_(Wp@EE(ns(g2*h+w
z?iHDX(h2IuH095`WZ3PdeO@yJ9h}#sO=gp}ioLvhXC}aEnY7)DqXwXP*>2LtrI$C<
zOqz*!&1qPiwM^Q$^75p_Bt6PvaTa@cnP`$q>}5s3B(2BG*OZ!ci>YPOy|Z4E-dHv1
zWm>OEniadfOf%^sRm=9+OfY&~)iTNIHR-Za^8|Ywht*;a%M5Ev_Ht~}O`?|hEKD4T
z$OHT@z;WaOR?EE3CfU8_pG1s9uWp&AFat|rj}-F=>=v6|Go2vK0P&iV2Ku&)PHs`PmonKRGnALU=zi$&T}xu$$$e
zkXYv3*riEfj}(($`LWpanjaE>Q$W1tQ-!eRGWsn>6AhdLNz{5G4rOBXLFB!b&Awwv
zED=$jFuf-Em=6P(Vm`u<+00L>j7b`n*Cc(>B;5{ifE7nrIuj#Z9b}nwL6g^{7rjlo
zip9$wNIpDp)@(dM$n=_Y3y)=f!=|#=z>y2fOo!>^8&piXi3O)mza|g5zQ?3XbdY3t
zm~_pI#lBwiYogH=ITl;t0U2gz_LvSDyjf`fyWu^OWeg_kBu0?0W!{0AVv;wS0wy|U
z5fc+9kvDmyn8~nPYsYw%2AexDomM0lU|v@6eg;
z0mo@RtPz+!nDZU@dQH+lO;T(i3d#=Z9u*|%D3)n9Bm~WYOU0W!8g~%|;+vW{)M51>})pwu9Yb(`&v)
z{CxoNn)fY*br_>JF`8&NTGWI@(UPEfKNDqB@}A0OI{L2^CR%Kwx1rAM1prgbQ4Hw;
z{>T%!KB3d&;k5A;nVJOq6A?7bJS+8I;V{%2mY)1%eqEEE{GKMB11sS44W9g-CZ3Pm
zZhlV_ZhB9X==?rrepPGrGICe7cH)_w-dq<24S7K8R3AeOk8DJ343{Urnst)V)vRv_
z{TQweDoAJ0%m8#XYdE8;Tb?44UEPYuGr2AzUeK7)&j+BZTaPokhSiACHLM@@hUd`1<0p!OW(=~hAmyNITE8&5mh~K?Ygq>gJ#pkX
zQIO4`i~w{ks|sA6{1oc~qf@Nk2|Z~b(9Ib=A^@FYb!K#JtMnt3)Y?{EJd^k0I*@`k
zjD8{jUE7+&=sH#&qw82h2_19+No~vM0|Dqd))q$BwdOFouCouv-kn0!X
zZ1o*D$1!KshIS4}vH?idn}8Oap8RyH^kd{sx6<$&I$``2QLva93tdLLL8M!)n5B``
zomm=Lcj1{Fz8PUHWtN8>76@!)O=WarYcZo6TN?>|&tjn0FnUh_8dOGSSo;~BVSP&I
zKDec^U_GP12|#C9A2B-9`iaq*R`}yU55p{?U<0FL)BNS0X=!kI@|##SfTCv}p$}dG
zdNZTjIcRn}R>$&+qML#7g4Nv+CNllM>;(2X;3
zWxBrrI$HO`<;m}49b$AR>ms2`Q5VpI(eDJHJ6YQpop1fY=zOaT_O_DiQy0*S(LV>E
z^R4rYF0kqY<;gFwIuLr^aiCW)x^g3bObV9W=Wb
zn#n9(tj)~Q#d;ghp+oN;CJMe}&^(6)=q}bcMt8N&F}kbuD+Q2#00CTP^veP0uGVTs
zce7$vQRKT>b?{8?HUsGU7=0lC-OW0}=0>Qo
zo<7!dcqTs?4xUFjm@*l59yn3!WBtJ_eXS$R($~67!8C0FmRQNB)LT0|h*e*!4qTr6
zewKKOQqs?g!!tSYalo&z%t-<0epY`*_qWm*-QOy}GhtFMpqog(7~|;xczyWO@HX=^SKL$1}MZWy?%P_YFV~vRX5Gu+@^$gRKF0CQPPu
zW=MWH;-LWeU~3Y?hgj1YKE!&Q;Ez!{vlV<-0DOq`G{c8lFEM&r#q81FZB)mNN!>wds>Diiid{{>-z%gtZ;!t2p
zSCIT^9l|tZo)OkC<{4ov;BY8f5sGKN%VQ6cBdn3kGt%0~JR_~6#IuhEn+A$!Uojp>
z$rx!p#f+n@@0oFw6}lFT_fTL$F@EbXBL1VSQw$$%B?IQkA8q9j{Bg?R8VX*%slRTF
zwhXvD`D3iU3?F07Ao!?@fLBuRd!Erj3^{^bSxx!tl#LeoXQy+=bkE8Nc4q
zp6I-^M21LceiTPymPmd{WiZh=c?n~22DEd&@}5oJv@FGZBDpu#NIE~tuO6)_MzUk{
z2J)fv$ryT282j81S#%te-}BOggnsUdU~=%oJ;7Z;#?X`4|8&_o!ipXzy+kMe3Rsv9
zh+W(#jlh2`h91Pwgvex32~*^+y+kJNJ}$QkeS10NR3jNfPvW}QWmlmyJxzM)N&Kr^
zex~<*EE4BbD~I*Ky?4R-$yPzgVj*$|KoTvr^E*9dgt-m&am_KgwoD>jl_Ove)>o8O
z_`VO2lxp6|Z;_O>j_+CWtr4odLcTpiOR?;}Uy*Ok(D$%<7_9eoe1oFkTg$o^J8Z#v
zq2rrOzO}=?zzS!uKEm;BK)!XtEGQ|#`UJbrXiwz*HMsZQA2UP
zXt4gE!?1;X)1!v7@MVtgZt`su{o!kbU19rr&HbqTNc?&-mHk8#&7A2y;S_uA=ZyzR
ziGKyteXmL188vTaQ;wa5)oaGkvW1?*Q+aH+V95cqb+36ZCazwy*;x=1n0SC!80k|l
zCVl+FVw%^y@&!Da!^3OR_3|cNU2d_j*Q8IVS!Np)jMt>^?^*1VORw$m|P>zOu{tS>Tc%0@~Zd0@SO%^C2)f**F8ye8SrQvjy0
z)oXqRZ}Td1ez=)9$-`pPYtpBoO;2+QJ@^G!!(qh=Cw%et*9CYau*Y0Z|3ykJ-R^HO
z4T~5rlB6Cmy=H^CAa-O)7q*c1?5$)f`wkRBiuvdR1SHd(!cvq6-D7FewV@V{u~JOl
zq%5IZHnHLZnwP)0W70Q*Eb}RjNnfp}sI
zoK1MIzAnG}UKi&>m48py|LK<4g?knKO3)31`&6xHOladRf$k9^hxV7SfwdiA?Hw3l
zcTd7~63D)=OVgxy0mGMwB}t!U;Tlmq=g=o+@vFloh5sXbLzus4gu;G=_>^vi7np2p
zJr`RMzAiS0_S~?kR~MdI3m6>spyFW@hk$Z94A1z#g*_g=A6x_AW7>oZk6
z{b8>P#Kw$#U5E#5%wRWuqP6{5XsVi_lk?EoPm!f*3q&jG89EV1$>6S`-1(tv@G=hE
z>9mug73D^?!24UlxKtvhI`*Rxq3Wj*$lZ1zrQJZ9A`tgF(|GzK7Qnb{0hb6>m9>?y
zLJ=c&;chXTxuMIv1I#@PWI1n5l^W2tE#Hb-YCtDtQITFK%P2W^q!-F6%56t_p{(mf
zI^rM_`LK+luL^5L<3;rxgj>@NH_8q7o4`niX6#03ydcXfAtOZXGJfjHZQ%1@g83(IlKE88Bdy@KrDx
z9zh>VGNM2JN{AwG+-J*~?8?~<-{RNN6HZ-6&+#aSz6YgMe!zeUxO+R2wlcJ$?B3DK
zD#X*r8uX&qX5$Op2VNH9Q!tLP1Mny4DtuW`n3JFtNYG#Rssv$B;h$XHDfhoAshu*m
zSV`@aNySQPr>tj}l!*BR;heF!L-X}^5^!uVDjg7
zi*#82QrHVzWLwQ&b*Xv|FvRU>R@Q#X>`
z+mzg5U;<(qG8(%~ex?djh$WRnZjogS|eN4H_YhJ2afc)Z2{;^0#o-K`Lhk
z?R-MeRNT?$sY{`Q7w%~ya=NFwa_5Vf-Vkzjx+=MRH?ns)vS?Y9i6vUr`_ikj)^1tv
z%Q)q>Th{xss#9LI>pv$%Jo=DBb_o8Qs|jDOLq3&cQMxNC&RF_{B{he%xdpCb{%NhsB;v_S_LreLlCwwI%eBOrl-@A#rViJ6pL6
zMf6(eUw=|GY>6md{>jzV+9SV?E>+}!zGfHqH9bSG0_qv4ReT=(AhM+&?6vJ0or}7B
z1<`zcs){Duw$P~%irCc?bf%A`_koZ4QX2POQF%V9=BU}dqw*5t>EIxQqw~6n&TBca
z&)72k74I4N7VErfXTKuE+wh%ZW2?B~pLDRA)6tdPBSaS)SIfouI{dB8&3D?I%Eib9
zPMgEH)*M1^Pf>~O;|iGpAzbE^SocG6Mm4N)(Jp)F+3UEDc%dGz5s>UeMNU2AZa#ZtQ*}e
z@a3BD3I~XBnLbb(YvcS4>r>#+6wpKeDwD6q33G@7Ht9y?)jR-qIy2=ohrTz~K0NhVd@7?*xQCOeS80L&TE&(tqJ1^L)I&Wrv>ahF%H2AuIzSU0}iaqBebi
zCkK@JHr`)89pTI6lU9dfH3Bo9<;O5RBLC)t=(XDz}MJ&OA|B^HxAnt
z7St6alt9%&>|p6NDi8qOMb%;KtfQQ{BIfFA_yUYA7j=(+a`kUuW^I#jO35tL!xYm9
zr5P9M<&?WnRFA+&^NcOTUzhR=5V?I{JCV!AC&wTy-jT9#E7l(R=&`mG+rOv%%!k&8
z4tN%1^t2_nccb?re7TDx^4~k)0iH=(>}rtgPB&jf{kQ>(kN0Tds!JY$5$P=?yn4)D
z+)8DO_qVdEVCCM4#sX(VqA+)aWMrLKl1!rawRU!}U5_Q~W4
zEmU)gF5R3MSN~h{?3!Tx6OKG
z)mi4MK4`O^sodE-ktzGEUd9Pl^`_72Db$nk
z2%kQ3KseS#sW(zgm?hAMM(Y4_eWJ=Ne{F99U#_Hkx&KCQM4#b2ZsYtlXasO>Z*>4*w}_{u6#g|`5*fFiB(nS-cuF8#4P2^R|POB&hCwyx9f(f_5ycuRC)x4jSG;g
z-Gad#K@AL!b!grandqs!5M)u80$#RL7v;K2G5v2zs0rT?mQge!!^+Wj*Ae4*THdCCw)SuBP!qaIvC9_WuMLs#Wf7g6
zg39iNJq;T-(k-Zdz;U5k-SOy>U1tmvmqHzgPXQipMMRrn}3ZbJN1NNu8R95(vrcdC@>2S35
z+FO9V4d0VC7IEaCTy1o>u_3l*AJY->e8$H4m8Lx4xTW|9NhnQfQ1mNJ%8kTMfsnSg
z5WmtyA4B7Ai4yC6V2Y~;9lmmvCY4~n(xlverHMZ5L}iIHlS#CSNTX>qeb?V7pBabo7t&m~bUO+QvCXlWo0d^K8y~d$z3?t)0!&ZHm5Lv|@JrZH%9K
z(X!d`ud>gBn1Gj#-Yi5O0@8ZH;Fk6+P?De`mSQk_x-Mqm+0~9;4L5#E;2XlcXklI8
zpcaO8P3qrYK}P1-9R8a64nUldv1rXs|4w44e~+e*)cpm=vGFP=Cc7b3>-o2w08V{v
z&Q1USu-HJKpi_$trT>F`OoJ$`6%4<+LxYWor7(Vu(8UNm2iY+g<;Gwdd_$NQYDE?t
zRGFjuK&@B-N0g2C&u#a>Hy~ziv!*Zo1vcxLQ^=@Y<5Yrsy1|9?;*9#osndR$Tx{yJ
zU*p;pa>3Pr(2Pk`+JEMx3gWvECYRu?H&
z`RF4k_MBJC;e+-OYE^~KP)RGTl7)OOLavG4xD?bDQq>hw1->Qn8Ou#m%ALQe@>%6~
zPfRLNx!MDqV2hw-X!^<3BjD>cv%kw)9&WFXh{Ddu-4#F^h0!?ukB+$sjripUC9|Do
zGvx=hBD*Y=4AF(Nfq#kc>2E2#`~ba`sJoWWRs>3ocx;&2)
zp1*7C!xJY8>&@T2yQ?CQJ^!^Z!~8AHl_4d}=h^byo4-|Y^!zP%xj7=P;EWKHp(I|Z
z_B#4=pmL+xASYjU{-!^35ANt03wxp?0BkA|-l+J#E8=!^1g@yh1_|-ZAX!lZv_~rT
z2%5i_GxqA5-$;w7ddP^#+>D;H^Q>i58WV%Nb0I55nu66u;MSj)OmZ
z;m6~9Ij`yQu}?m9ImeevuaC@aN$;{^DA}U-lIfM9utQO65ehLwp=6#
z3mU8mKlRm;#v*L6?sg%L4V2EiNf&k)xOp8HeZWY51`s%!Ey8(Sd7jS};k>y#@5=2U
z`VAv7pX)X+xm>#JcJV*vV!y9+WN00mpo14!3A>HdZ{&Io=R*X}>!!5h1|c$5+=&%8
zkYg0TH<*12D%Zo)Y9SZ557<9J?V_+WtkB0Ois)4g8~?>V1pgH-g;9jN891&I3iwq2
z?h+=ef;idEapmMXcq%I%uR#t8=0SrVCQ8&zIN;huf55pA2%-4Ak#sBbVZlP{BreD)
zUh&ZE#|=s?h(!EPFXP3&17sa}Te*t)szK3JTkgih;BMuJ7_^m>r+O<#$l$GXJ?aPET*Vifj!^
z@l~X3w))}##qfhK4&=#;1GJJv74SmREX+~sNV<@dus0LSZwNLIOMUeOt?{6^zPN-*
zkLLgp!*jrB5xC1JOWAelN&!wP5kw@Csf+Pf>;EAA=>b_~=xF>giV}LWykdeKR*ETN
zBPlP;cV6X`7TF8X$kJ!Q>qDo=xz_V~9?R-7lx=etqNIR_-_da7W~INW*1uKi4_b~-
z1w}4Gi@A?>7QyaQ*H&mLO6z|SPyb*%MQQNHkDnkMZxsE?Z(J%i)`Vy+Q`3tu@a<WPXcQkB&19p%D7OVown)kHc4)bfrTe~YSw9;|
zAwqvPs<`XhjI0qtJOGwiN|4vCMu5r#x-4vek$)WRZ#k&E0PxnrvnqOP;aQF7x5%eI
zJKaOjK)8bL7$J=QQ01uaemdbL~J*%QzX3Iryg;|Z{X&$1MmvJ#viSQcT
zQW8OBqkqw?uF58Pu&X_dh2S9|`YES+)8$z<7tJ8H~6@Me$
zQt}>9rqiNauX^=lFQZmif5|nwT#trsa0acv
z@(`Svq;z=WXGVXw>tOsmFV`!wt6=>#1uSy>Y;X_KDQq>3Jr;)b
zeSs*`0K5?I{^C_o7gX-g`cfs~2GkX%q5;h-E$bwYqd@YqC8pD+$yLy9@V1v0
z;5GAb;K`Y8jFT@#NhCF8ds$*Q(s{~=Hrn86pgPQpS+_k-$gA)$Z$NSY6h^pt584w^XA@**owr)e46wD}Ril!@$Yb
z{hm?Y-91o1Ao@L{wmg@1;Jk@Emv%%SGs?)_1$LR!I^y0}NE)onZ7BEMY9ckK*CZIYj1MT)2$wIr0dj{L%;mCPR;XSVvfvVdsFPsTimRho`
z3%Og?olQ0`+1Zj?k$7~r^rm$nU&)Tsw!9BXx+Nz|&i*QeQMF;zB|thTMsJH4|Db9J
zAzSrPNn=iNJ4lw74X_}{*@CfIu{Y6r?*Y4>DR{Pv9Z*G%5;DdVJD{07g%yi1bBzSU
zx4mSQdR8oPtq7U0MkSs9Tv{Q6AFv{CHl}{X?u`mxfSo-{&eo%XRgZk8md+RzW!rW$1kaFg&M$da_6H-dEsaw*ni|`)Xrr^S^uF%|LMP+xH`$4uBx@
zF&ucdm>b;tp5op|nzr3;iRY1SRd#s2?^RG8mVw?k8YkTQ(k`M~d2wx`b#FkKPym7@AH!CEHs#O@nN1IyZBd3)_40Thj}dkCNHH1g#a2RZhOUI()GMKQfo|SU
zS&*znY=j8eyKzfPR6VK_tcSNl|2xR(JX)&sMwLsT7PASTW(--i`^=gBX1RxSITy|SIRcKSIX8?gk$-0LX3b|
za~2NV3AVMstJ8b+>MzQSPv<*2GfDplYy~zV9jL7H9I^*gheeM}fs9nh{TwG<
z6yDodTmzMjUJpfbXdEr#r}|Rd>pcm-A?i|kI5HdIfFZTsje;$Wjfxas!DNYGOJk$X
z_taezN%&M-;NKw(ac!imiyZC9F~Ra2RsoxnNEKo%)j91d5~|b_VhNq>3C6>a|BCu}
zhUlmdsTzi-(XJwmRzC2eKG7qB3Z?}+tP~clCgrebGpA@9)kb5B2A(1J%C@l-Wu=c%
zG#6Ce1gyfDwCorpeAOZ|KC4SZ`Ob?}*gYZ7y7~7b-Z-A3_pIYy^n@SCnAxw-SPsib|dYrZ1Ec6(>E0Cuu@b*ZDdn5WOEAF
zmKY<%cAUI$w=C68U8<{~26-SC?GTZp=WKP`Y7WlP>YlSRWUJ!^GaBkzJC+6+Ze*Kr
z%~$XFA^q$O8?_%4#a`m3pF})P}I%6M*2!*i%gR72p+q6
z0_h)j$%^&H_hq0uECUUqJ5H!+#{V=5k2r*3k04uCd?Tv@RWx;lj0^bj9dZsTyf+v8
z25L~F!JS(>Aa`w;+)9tSa_a=iT?e`NTVXLTOz!QVhRBV36=T9kP*c0e@?qJy}
z2G(+QhIx{KA<|xi(0IS6RyRN5P3bUu-MWmkIX|h@0$}$vsEre5yHlOf-=2?
zoVg0`^?-Lk4feKlR9iDymJ+NRUedrg2U%w9FJqA4Mlnb#FE*
zV|<|p`9?uhma@egU#7XX%yGw;KG<(2s3o1Z-+YSW)U*09S$PCes@Hulsmi)?Pla*u91;k
z)G6-bMx5P?K*}(eyRnYncTk8Oon^c8Hni2pqmZ_EY_z-d{=YWby@B9%`Q?{*^bCT`pK;)JSxv4}5MxJ}s}`+OGD%b6
zQA@;5L>pChq-ify2GwC17{1PuEE@voa8yZuV5AqR+ii)5zy;z%q$_v44K8FKa&p~Atl}LIv^{~WYq-&HF-fs01P#xxl
z)yr{0R^#1v8xTVCAHqY3io;~+RbS!$b6mMV^?v*`mZ
zQR-!*BsF^SNbD87*}T*aNigx8$!WZAx71F_L01Fc#a;QOcDea^v76T;cJzuX02|Ku
zdoa}0QRX8MqpB-wa`Ebl0!5ZXjy$-CA2Rab2|qa`sH@QOLIB2{=*VX_!@V`&-ttP1
z=iXtg2kxay4X%4hIlDLhJ|R}%q)I#KUfhhM>}xbdxtFqof~6EF4sq|dor2u^KETNo
zG!1nxg?~fbOQG`+_sUqh=Uy2w_S~yt@7ldm0Nk7238Lba`6Z?G7=iAE`T91W`Nj-@
z&g9B6-lRcstvllnuYsJavhsA+Qc$_qxPkHbUvOchlfrq`_%CqW>nNPe&G9%W(qFn7
zL#~sc8fBbVRig|sb2VmDHQt75Y_9Zp)tEh1^%BzKRwF5=YK$KOo-&HZo6W|7hvy&C
zCnxQRDJn+IHzLMPRCm5(b=wog`>L(HWVptW?O7vrz5b`TDtic-Pu-w%8iGzgJPo;7Y^xc-4RRH
zV_7qRlPN|T+Sw@D8`9Zgu#OAqY(xki%Vd1m>ufUL8_T2sbhfx%(7zvQtEeJ)9p*hy
zxx=`z?D$7!<0@DySyZpXWIm=kOlveUF0%oOEVHZ@jC&!M5YS=N(o){ML?y=jPvhP;
z+)9?d11+UO4GLXrN->aYNpvnQ3^`Xaa$139Gma@GJ(0ba>
zRC?%Pm)9Blf8Q*daNv7{2f%4QfCD?6E;AUXaS)j#a`H4w%tE?KDfG6D&w}bOFC1Nf
z6L$0$DADj6tq
zqn<0lc1u22f*@$I$NuPUym*?VlHY_jrP{00GZ4nTg&v4;`yAOreJ(ok=a<0Q0-Qg!
zkhSb_CeBiv^pvX0N#Z2u5#sCv&d;SO(g|0Gx2ct~d^tiEy$;;Y(=zN1$@Uc4HWE
zKaLmTH&ELvthW!VJX>MiXe_N+eQ!slZ5+)T2^l;&8pVNZ9=MhuSX5id@dk%GAP4OX
z5w3JA*}VlW?ka=~K~BpY>25ST{uo7jgZ0wXAekFPCCfk$U&=@1r$JO5Nmx&aF+^xe
zQ3{Hw$1Yfb5PG914x!W2BJo#7V&C6f>bg_w`a#?FubCp_O4xr*g>B9p{BLCwiGNlcE`{v)60$hFzOSLWo5j7=ET@txIE{3(hc6PpSZ;s*i_1mM~A1+
zFi4HPh&O@xmPN+s7=N1=n@O0dV6ndvWK$4C#AQ##4gX-jc8kP%+sdn;a#y45@Yp(c
zuye>tmhto(JVhI~^-(;>_yl4)O8D#2T&!R_fvWw0orbKU>BXYU(~C!!9}9{uXFP%$
z845Yol=K8GeSD~Nj3_Y^aOWYYNjJ-4Mk|*XMehV-skQLj;`>N8Q(9_p>;QypSw*x`
zC^ZT3FEDn`lH&GgartwD3g%tEdCRUS!{YAso44&^*Kdy4`ua_q^lT}%P?adQI|g*$
z2X>rno(N1#2-F1DmdJ;>Iut&Y+
z&AXL-rDSwl-CkSSmm<&e9;HCsC@nyMce*|^iO=16t}#2_Y+?|
zd7dMsf9m7M*16vKfw510eD5&TyNFwgaqtABU%yF~$XgJ80cy}Vh(6x~*z2Hf3d08G
z6~{h^PS*g`2!+M2T9xHtQ2$5pda9Llt}eMcC-Bc7XaQ5LbQ!D0Uj7>1bM2dMsb|wgK<-&rZsNl*2svgO
z99V8w$ilVj0#WjbN2433t+5rYBo~`74Oa=;BFF561G^=OT}6c2Dx1t&k
zs>5v1S7=;B*m?m-yYcmptS;Y!$-;EdJ?5%>M3BPMF;}xW=>BmPG|c>NxG;JGj17mJ
zMf@BW5nc_TF5-G&#JLRe0j1n)H`hUBXX(iMHFVu}YKiI9SBs}$O=#qOVoFHlePXtb
zyeF3zVgMM{w2>>-yL7K9A~94b3aPVR8F}x@k$04f=%`Weui%rF=TDSL1g^+wGe;d*JkAjZ|xVkKzZWM
z7SzPBYD@VF3PCmN;J~_ak%h5WMo-_a4S|`&*8E*l*7BF7aC;V3ySm?x;w6y
z{9jQ^@)qyjGj9DH;gE%RlakWnwTL88*_y_xMZ_gNh_}sxdakate3>p(Z%}y+M%l%}
zz|eDFsUhXPH$ByfTug!J-H&PftDmVq|84JX_t+aUy7c@h2?F|24!LFJ-RcCiqw
zTQnIx#E@MlayS*O1&Ve(LpsST+9(L%qU}Q0af?R3c~8*?JjWG}x4}OO9vwYoW(qyZ
znA_3NFyc`+jHn*{#9J;---bt&Az@FLEx&`xm8))n7IEu4qPs7~y>AMett+<`sKHpC
zQKGvU6)(4^VJRQyxUSUANSC)yV@AL46r!}?GW+1b)kL93@8z7CBy#KqOUytzLMin6
z(L7Kc=BIIJG_))O#axdA3-h6Ah)hE5u<_r4NLwly^|jF_L3NmoWaJ@8dJYuxA`UF$
zLl`6y33dCorYQLg9wtySQnZXjP#tE2jQEA9pkM09O7$veFfck6$`!s2->e^OJMqp`|$}W;<7yl|dCmsD}|s
z8;rD{lHpa*BcM9WMl!ac|4jwOd;$lqpp#U|iG(VJKPA|Vw2hMCRnRM-I?M(caj&;U
zd=HfMwTll=#mqBDmM&@OEQy;$(cRg_S~A4Xg3uT*+F;d4;QO|Uhr;Ae_R0`$peic~-puYzj=s^a#-AkB*0cqN{?
zaO08gpSK3x1ggU#AooF>klZ?v0aS4`|J7LfuV@wL
z6rVSe`~)bsitYH}PCN9Q{1}&x`ifa*h`iR)=iaDtGpNPtYbXu#6^Fq^HyrlQeUJ44
zxXf-ia2YAy8#Jnr$m%H91f)4ip*O0`0M%iB8WH})g^Q;_F_+_@D?(%vs>69x96-8R
z71kS7j)Lki8_9SdPX7cH^D7**(?ueoUe3mUbuPzETuO#Fs+0uPVK#Ema_oWIg3`W*
ztdKUSDf$>idqCxt0cHPZjF)b74RC1e>8Ls~GP7c0FW=Kqx6A??M|~;2c7xXmA?}D^
z-=ZkKtBVGPHhYx~*p%@nmfpYYdp0U?p)L<4n88kDr%5gvU0khUh&v7<k|2^{FbQmD8={FsR&0D7#pA^1s{0
z0)RPSNo_-fw}eefkL!W(mJl6T@En$+iHETzRA6sRFjuKDfnuU^OlY4)mhzY|4z5W9
z!c=_T1lSBz?HW{x^o-%JOhI4{OpHSn^#H0(73qlG+O0*wyi{^-8@{ij_^p}h262Qc
zzKKeu_y0p$Z0SV^6X
z#kQ4=6fsFm`Ejdp!AD`e5~qS1Tw>fw4r7{wI#OXPXt^C+tb5TR{uX%ur%F=)OpTif
zoGg4^L?sy~ldpO9=Xh?o8+a!v-XWUzpys_NB28jxMS)wK?}@lc#oR>39N733
zkOLLJ7rMDr+{U;ek76~j2JJy%@7KDTfErwOY4a0Sin1}b^mvN+TO}GyruxB^#(NPr
z>ISY$X|l|o-u|JoFoVwkb_S@QhG7@DSl5pUcMKO|6{zMbIPgHe2vt{?fYEa=Z6U>LBvOxVl
zRTgf5mOUyIOO=VMKqKsO6bFZ%Hhv|(onn!fl*ZWlMV@%&#|0s#Lyox^2QDH-&w?gT
zQnKNgDRv|MRGHvSo(Dm7n4c!T@fe^_fMR}z0}C5NF3Kd-YuhdHFVZ7nG9uSP2D6cj
zf8e_WP|Q>uSO!HoMIxa#eQb$VNMBGgyvefzs1CD1Mxl|1SlIm_&A>N2oY#ej8M-uUfE@27vgn=s>Y*
zmEmpJDy~!Oa#{}S)v~*z4vFa(G71v+@
z-Uur`uPYZ<9(pR!tejq`;4aGCmn+0gfY)9GVy5ErB8VS@dcz1}z;&exAqHG;su-e3
z=!3TR4cN`d^{PHkzynP_K{JjiDtiLC?CO}J+A@wvsxDN)n?wOm$2W_Zvwo(-UpR;a
z|GPpoMuyqm6-c-JdM&myasANR6y1;(;G0Egk#OW4JpYJa=A$@p!y-P>nIMZ%>$8x~
z!#9gSB7w%uW%y<8!-3(R-OGdQUS9npiuQIU)`y_=eWYjc%_8Qkb#&N<1M1}u?9%d&
zqh2DOSGAB7$qfy6J>Fl6ev6FTzY?Mv9jekE(VCc
zLcEX69Vv2P>Z&E4arM(}v^<0ELo@gX)Se1^kH$JLsB&rSd;QUVK|PZ!+gi#nU
zNEpFiyJU*$$Ujj*dIbjX$0*7K)nR@Twi#NQfns)Yg;8uRNEpEl+*&XK=~gAon=rM%bEOF+bOHYn!PIB+r3I1WUp8LwMn7t+U+3|#C{2JHvcVK$Pn2`iXmpqS@yU>Q_<
zK?V_gVh>CBH{vR^66U$81gH-4ldvnja4QTbW?dXu7zN~lgb{ol{`tBy($C6ESM}DG
zbpzF5ei9bf4OfOhF~{M+!YIlWB#hvL@hs1Bq^~Jqo~zb_>M%bE+u8%qJ%D2F!-0jR
z!ZMLasG*ZB@fFf}N`~jEi=aBp1{ra0wZaW`n+$QE!g(#f2B_TfWz@=Rkvlm8gH7Oo
z>DU+pm7#cR>q2*NdF6wKH0t#MIQ{BjyvJ0by=~q?pyh&Tu8~5l7$70k4!GI`Zxd0f-&+WA7S#L7N$fnhg+4}6otHvNMYrJ(5v5v{RiU^x
z8x=<*#nF;>Af?*H%X>4swxsv3muj!#aM&cIAG!rE{8dceVyqL?1YHRF3!r!fx=ES>
zTM~{Vjxq{J^9dZd0-Nbj)12gX6lzKwfUMu~Zz!9Q?n#uz!6?EXqi8><4vWB=b`nl#
zO`Gu1T(o~WIfnzwr6oyFD**${J7tj+7)B|vqUpITYHS!n;Dn00YrVHCFt
z5=QVL_u_vIkq%bEye8WXREPOV*dmm804U~g9CV3ABB2HdODse>UzO5pvdckrn2nlj
zgT{DT1(e=pr8ny8%KZ^kZnD%6)CO~qaK1MxWiWxCKpr5RpN+s@4QXATBjVo8!uo#;
zmIg{%y7p~4s9GADBu5mSXkUWl%@^r$Z)4g}d|q?z3qIMLXBBJCvx1uQaYQ|)0r_o$
zEQP0cWih=h%bDk^K!u>GAg&^s)7wC;RlF^=&A)-_pZ%jHXj>m-d{=4w04uQ$x)B9UD!%0~GVH_EdC*c4DtD6BWG)poJ&xR$VKnh-aGYIeeb8#HA#q<cCy)%TQGnRaK!9l+bS>
z)E}FJm(!L|ow5dg@Y~1B4pVh@??ZgmXS8r$@@EBj*pM@-v)NxyoR
zyW{_h{C)n$A@cY8GhO*{XVEMlfV5Lehu4HhfXYqSZI;oIEitmhS380?ODZ&CEvm%t
z0L@!v!eGKK5G8h$BoSyNIPHzoa`H5f=jRgp1B9fCsS~+n4Mw&0klS9#jn#4^b}G5V
z>~6uOAX>5fUJ4dH2+sH8q>ns{db*s1aV;WoK^DnVZ4n`*MRUlaLde~#M%b|@jV{KC<2Pv%N0gZqaa}f
zf2NitrXW3~gn2{vY)~EMCt(eT?W0jkK4Ava#h^(wN!
zl}pTSMM^`RVYcsf&EPPr8PXg9v6@H88v9w7oADO&r_fQn1=Xf5l5DTgGktb
zx#KqcGRNV-5ATpwo+J)VJ#1Dbs*LkJY~DgAXubu&nF$0EL(xFv+TuqZ?
zZDGaycCc`V^`RYi0Tu1oDd05M8Nz9fNGL+7KBAMeIA~i$XA<*9LtMQ=`Uk#Q1QK!M
z9uuN0Chq>qd1+d26;OG+>LJHcRN+a0(_6yTEfv~Z0QLi#*H^w#w3Y9)iA_Hq_5+fMeJFV=`a@uk?>eEA&%mgc?Jg-
zN&DBJ;fJ_33`cW+9bpo+UGet*4yX?ElYNt5Um_@GI~zxHGXHo?wWT
zNY~+;MQD+b4ZfH0%iN2D<`bO>l8n&(aipj4%_5LU_#0*U8o$iHaL{FuUA%@_neKiO
zoe96AKki1^gG-h8W)Vl$k2r{gCv7YSK{K;(&;o+&B!$dpQrBS#KiH+Lo85L(sAz!#k$#vU2qi$FE
zPr3PQ)b?Pb?pi|ixzQgnAL>siqY@O}D0;~?>P6Hi2DIdiXiD?dyQ{j3ltIM5!XI%0
z$SR6|qvkKSUlmI7=PLf3lC94-qZ6+ty;y=b$`Rnax0;=fYIUua|*S@_nwVMqS
zMM^``G}#}~1Ts&UvgG(fPyQH1$AdLlg&$7{97}|R$^IH-vQ>C|0_&XYZz6Rbo)G&q
z#&LU!za$NGR^cBLYV;j~{n1pHFlk~eTQ$v}lz@I^6<(Tf_vRWx?1HA)*S<%CneC51
zl0w2SP7v8&A}cm<2s#)0dY~e6}3RzgUpq{XY
z`%|e^*Da_o>=Ewo2Eu;C{oPR5Bi-MPggr|Be#%&2kV8kKSHVdbHOU)wKf(V$LEjuh
z`l^j?YDYnJ$R3K)I6v@@6%(C5_{ZXjjt}|tjG0r4f6ScdRNx>`+wfRbgw2UZ@ei9
zs>5tF3AFEkZ5SwKbsSg*#mYq@p~@p7-5zOfn2b9?b(jq@T5P!uQKs=F`haMT!hyw5
zU^{3GB#x$6OtA!MjWBtuL3Nm)Z2G)Fh%KO)yK!J)6ye7I*yD5#8pauW~Z)e$^FTNW%O1jkd@YJ%fce9v35RELNr
ze~hB}pgJT2L!FbyX&=$_5fa|VZ>#}9Y{EgiMI;i(O2~U3=|LsWi{gI@szYqF7EHO4
z3^`r=rT+mTQ(+fq-OiiHrT@I|1%K1VFy#c{+xkn_K~B+iX{(37ISl_C;cxbr?SY(c
z|B?9ZTK*sxKN9k(+lK``@k4X8pBKVX15mSIXbxj(8(Vah-
z?_7Ra30(tQzsG={?y*w!|$$zVq*FmH#B6$gz|G>FG$!nqI{TnK;zm%8YuR={7
z^Qe@U;BO}7VLpAG>wEs=Y$E_U7{?ed^mbWkAxBDU*B4^>R5`R+TTNKCNbt~bw`Xc%uXNdF7zjSxpg4{f-H-cH=_(4InI0Ew
zb^u_OOPDtKm4*4|12V`TG`79cH67#nC6Q{UaH7x-!Tp
zkw~a{^(`?HX~QrX6G3&Djn)+PAp>iQc_5mrabQ#E!f4Q%f;dXAFvOckUkKYT9s|{3
zewy^kQ=O0WMO*=OgsSsy+PNj)4XSg**h=y`W27%#jkhA@w+e*tMbrl}OYy^1{4t8|
z2<7iD`G@&9I6!_)$szp@`XYt_dF_&Hb6)WDrBHsQ|3Q~OFEH;jW^W+J>)hB?OR#5n
z$fx#&DBn9|-yOb)6Oi=xPg4GMJzh_GkE}(^AGTHlsUQMY&1#0iJSHtwhszA7-
zgFi;mzTg7Ul}xs_y)Q#nSguIV
zNSREvQN?FJ3~jxY4fA!GR=75(^_DcDimxj9h{HD=7^&iG?8YEON)3{j>a*Vf?@!;!
zQlWwK$0)iKDp9qMR9`Zc0ZVonX-V~El0a&4DV<4Pd7mBkJ~mHEUV)ZZ0IHr8bbBlB
z$>R=M-pBv80(nw?d0$IuFy43YSrJ@RF{sD3$8yRp=Zl;M(YZ=tYprmlt5B{0`vE-T_
zJdCI>l7GLmN>l;oit|!lyy^OPPOv;0FQkFrS=CKLc4o@psq!wNHk)CQtI8vnopd4zewuv+Ak7A}61(f?U-Nds_RL6?q3FT|X;b
zRZ)k;K5^yC$>-y-(pAT#?-3FkD_wQWYD$%16&_ZuI_0`*l62L_mYRIN9UIF7!e>^6
zzp-mZjA)!R>Wt;c0Pi1Tv-7nx-w$zSV>0$NEAnrc_01V+Y*}sWBOfYfgc|#rXRNHo
z1I27RSlqV5#cewhWLu`T?e$>W?usSbwpkI2VZ}0Kn>X|y3bu_Zdf#!ZY`0ly*)d$v
zfnOfS7_-f)Lw}^etBzAt@f)lX--2_)=d!HWk*S80d`gv7u5@>elQqA=szP@kScTii
zWeaWS#$ZEJwvgcER*4o6vH7$V{I{M{7KaL+sRS>#YRPGT+PE4#$vo#eakH%8wLyL1
zcr|ynT@j*r4ryL&Mec@6@EQd7HO_qB-Li0blU~?5!_~<^4dlAP;JWN!KSqM
zZ3ynRIUfB4beb!0;KlDJ86k^bGHAgEmUsiHPc5eF>Z*MQREPO#K^})YLB0aTv_GaR
z-S|fnx`j(i#RV(;e*^x}gs3=?|7b$JT_lpA{djjz18~kSAwz7#w3-gV@*GxyOR*P8
z6)wg8$thMeZOFAFt%!#J&-+lic8qrI*PsTu7Omy4BWTwntrWMl#PU*etmQ5>#|@kF
zD(+eVUzD{kHiFH$yA+)H4oGr|HY&)W**VCPq4LRA87Xw}I6S0E|1C*UZlixDtS2JL
zl9ZZcY=0}F!Y78Pc~Tl%RX6PxpavPcYh3o1Ro#Xv+ZpkxvQy2U?6Cw8
zqpVEju{MslOem%vf#9Vut3mQ&_*aXFK;oKhij&Xb%AW@HvP
z795ds#%Vb{!sO&>IoHhK3H>>e^Mx5R2^=Gp9ItIW5iEy8w$lm!kr}-iIbFl>uZQ9L
z5`Mo~@=N4QdP~~*k?wG}e1=>v!m(@I-TSKGmTXXE-#KXdba6WSS=sZDCGFi4qP;3<
zUtq?32DVxIrS{gkb$0%|c-e3N~N?D77RNTD+St&YeNpRM2WZkT@mIh^I3vJlC
z5X1ar*aS2B5wNw{BMob%4f_Gq&`Q}{36H*M6_bNh-2El8cIm8X!C9qX*atdmMo?CE
z4zgq^3quUsT?VSVnK32K;31z^rD1p=oIi+VgBoPmig9=6L3>+JW2=tAdZV{lg6@W*
zxi$9e!yw#mmX_1`qQl|CeWKlXu
z0bWr$n(C@7#+FoFl6E29>qMH`m=PTy^VBY>$-5P2K(HoSv+-cq#;mIMakYs*$&8o-
zCKR%Jt3mDn)H*2GH#>_+Z+UhK%T7}T@PD5;Eyl9#Qu29KKj)!M*3n;v>Rq_+g6rsSm#|&c(LV-vH(f{9
z-SfQIC!0gJAuAO@30Y^RS7&XezAW|P85aJ;9&Z4SD2d<;U2!*#^30bLT;b4(cn&iJ_M0SFt&0C~>i?#eo!SXqt#Rk4*R3nG*?MSTQ
zu))zrRF!CYDGm}}GK~4)6))ky%XKnPN5G#pXc@eh0K8D6UtCLNL?m$}lHL_(OmP9}
z=*`lq#z51@DDr)cJpzfx0K3iDZal6K$qFG7+8~}33zS(E2i8x|)M))8kwiR%3-Gx}
zhpF9xcb7mXP#xySCZy>xD$rEJxF1yUHV(Q#4cQx0jq>CTS*TBt|FW?b#{~voOPp_%
zqOpB}!85^A2H)Buo-%eAd}(y8QGx~{I?wq4b+gV$IzxJtXGk1-rkaQ()zOhx5F1G(
z0}Jm(i$9OoG;WmsIjKAMJD@sbE#ICpn18I8__EOv^sUBJoHxX;p^xLo&_y_ioow*X
z_4vKh*g@o7M8=~Q?HZ!P+$~&1gb+a
zNchv7!ty6b_+Z2M4g|ayBuw~VBaI@AB9YiD_OV1|VBXsxeUJNG_=6h^L3Kz5`i^sj
z(>&3%4GHgO7;TU%28IZ45shZn&q$(`QNz2a&Gj?t(}_qVS?BOJ+$WGuP@3EU*(h2I
zszU;)7Kx!0;B<7WWOmPKiMwk-oTPPtJq+~y*
z@Rg5*cQ=eO$Q8A5C?>qSQHHLm;!hrt7q!k3cObp;qV&}*(p9L4d{7;dLBf+ch48Op
zA^dK`7zToP9EW1U?>5Th03s5J{cQ-}fb>-*+-pLwgX)kB5q45%+6pvYgl-
zhVXt!J1F6J8iqec(I`+Il0m{7af-%2iG=4G#^WG}6*v?Vo@>M&X5qxX^K-<1kj5(E
z*;@EXP#uy%!sl}e;k`(B9mDtr1Yv(4ESy7$b&N!s;p7lp7Wr~spA9CJN_%a&*ZWw+W;ggK$
zOUT&~hX1EHKIKWmmoy?$FJgJ7@Q-Qv4}uzGzgjMpH0slfv9LRnE7v%~-HpkGYrK2j
zU#>$Ff|gH%NS|p$%!B0o_0nI*wZ0!i_2tUtnQ7FM`f{Yc2v>ersn2%LyUTTOqmr!{k#N3e_=d?bFmZ$ExHr0
z@4n#6@J*W1JqcelqJ>|RBOek+UP~~FOcHt!LE?Q#A5$vbl@G3cg6fcHQaPH_d}kV`
z-JN-yb`>pNF9Cs{8&_~HB7Y7tp~-H#srvJ36et#%B<#08O;HPwo=O!iitxuMY67Z5
zB1qL=oc0kN_fRz+is*^Vg=>^UAd5am(JD~6739KuSXz#&zU@sE^H4on4PeVSt^zN3
z4>gnb&f&7)r8FVN@{I>agMx@HmXVfy#x}?kZ{ol{B%wjoP0IEoDDxfC{>l{Zf!`~j
zI>gV_J(c9`F|13F7lVVACo&1R3+wz$kZ)IFl4OBUqHItdVk0r}kJK{6cdKQo`)W)d
zWLJ1_I3AhUa*H
zV>F&`s0B!bl81*o`GfWkszV}ZuK$bEJkha!CCs@?OZ7zN$17#|y-{!ss9gSynQStT
zf{{zJ5ArF-hBIm4USiA!POQX%Jwjj}b|RNF*oEIBljO{8WQl`F=PNC3v|%5D>W~Pk
zl?9wa^y?&gk?{@A#oss-6TK*FD~l%P=keO(l&e^{g^A7t)gcii`e#ld`d<>gz-WO?
zaSsljXnMXQazU$UBs!6puU#<37^IbyXm7VQ8&roxkm&ZDLi9=!J>Mw8xmb&X7L7+>
zaa!h>CEg~i66Y;SPJrqV8?}s%6H*~&TA5#PesV?eS}FC5s+D;#6L488)2lqor!XRq
zxF;EDz=_5Quu_aS{jY4OT82vmneQ2A((P}N`HDSnESpxKPIE=aWhAX@#76K9TqbSVs-+zXm9}eQ%cd!ic5k`+
zOOao4Q18TkyL}PB)TNTW9Xw4RqbTaPprTN~QnKHn*)JJ~s)N5>L~S516-oX~$qxQp
zmwzJrRkfRT8N>M$E20&|-7;bzaGMo(j^=*M<(9RgxLelK++&Hmy0IR(B*nc@b6*YR
z&XsMpdPB*b({fl{I3hdlHk98i?B3>nCBVH&YAha8i@dp-`yv<7u@@<;6jA1PbkS#J
zLA|zC2~@6gRZ!8f6~U7uS|j7rFnFghcx8eoMGi;CE(P}{g-I@4IYP8Z#@HO0U=$)l
ztiypj1?iUkt*q>CnZ(#^xFwDtovXxp@%7W7IwXSn+Y(OE-%Ju6Yh1*+_zedwS|k!f
z&7VwB?hl0Pl{jy;Qwdau*rKp``Q-|K?NYE1M>3cAIyF@zn
ze$DVAFZ7mHseAWqb-ubYsU(TUJR_w~a<2u6_*0Nu{uwFvUEQ)P
z{^=SrP+gD0Qi~-Gij^0v){JYp27j_^595srUG-`C-KRJo9z}*D_J(^t)7+)kLqSWg
z_{-2(ZL!q&t1ig^t?{m#v`|SObg15jf4jMYml@=ct{Ew-DG5s>A%W5Fl&;o;&^;X-$PK(6;^<
zjBVPr3ZB=;A5GKipv>57N;y4o6{MV4e!$A25%Qg|4RAA}GC!1O{1$^f0Vuyj%Z;+P
zIUNWp_oMQVPK_gB2e6|-HRs~Mr7nf6CNzxsr}Dc3L?&^4gu9!zAU&mIdK>BkpgJr9
z&3rOWXgicq3Z6NOlhGArMK#xj{|QvK;b^q7VHXy~e-mTGU&;o`5{ZQTRG1uf}N0b0c0w2dJ>>x!=N)Ybf|{rS4a1I1sM&m
ztV5d{V3hq5fz^h;%ae>xae_N`hEUEe^v4?_|3Ec7^$iA)hl^_Mj172pAET(k-*}9Cu@w7vP7;?1y9XiI!N2G*20w
zrmcDbREOE%%;-pZ5MDoKI`0HR?L+B&2
zMen6TJYmG+f0!!78!fJ22&>=tF;k=lItGs5q+-p_AuF)3#0TKZ*i{wBG$I9x%$<$U
zs&GCNUvtPY%%g-czBr^Y%gq^+Oi_gM4WXDvfyUoeEyJHItagY?%r(*>wf|~UyyZg8
zyq%O&=7&pwbWP~Y+o6W1J6hQhP)aj_u=h6Voa&P20IZR8+hnzU^m81g#3Xv
zVkd!3aYPqowrw&+plkirB*aIg7mbp~f$f`I6(`2O>J!sy1c+0~yhvL=1lc?6wx#JRjS$OqHk;9uxnH%bZ#4uJ
zdndAAC&&_VNYie2!^l1MZfK(150P`)6(Gty@FH@1G+ML*_DbksyDjt+1f5ev;41~C
z9mnhxIAOOrgarerRVjy!WGmA8wuEO+*^}QFA{$wFKWuPz(|MJU{keS{l{Ou|?vCu<
z1d&EoM(YTiv!BN9hK!^;*k(~K%YTkMA(i}%&KWpw@6Q)v8S>Y-7?Bo>Tde{Y?aZ;b
zeFM}t+#Jam*EkglOv4`88XG6%;V)@|%riFbg4Ve1GXN@Y*njsk1OoaZ26t+BMU47(xpZ9(?^
z$QnS|?1u8MKZ`=#WY|$15dB3BOhMLsH=9dhJc8?zB5oCQ1#%4gAnr9r7+ky-3L;*K
zEPwwHAln)CVGOrK#s)&14@Zmgtp~vJPKN!@S-fcsHFO=IC=5PqniSS7?m-B<&#-@a
z(-bw4XKa66DUxn(wyYssalc{L{2Q;Uxe;K~U`QBj*zd2vRVxi(d$|spm8%RhCK~n+
zdkpb}2JkOBh%)b1fr_53e}M-KiJl5{E4;Q_qxlydM49n(ATB?$!D@}3Y2eX3#8EVw
z%RmPq#mzD7KASKKVtNfKANxK2c32fCH0(AXVDN;KY7&U8r-O)FISj@vGi-Az23h2_
z$5*zXozxlQnxOLpRvPx?n+(wld5`LREreaIT5b21@YZu^4{J>^7tm$laKtCDH4nUG
z*l&JD1_SY`ixPKn-Y&!5Qx|#1K|k&0$stuT?=$QY4FR}}%)d2&EtY_H;j@YW(Cv-Y
z@%4%%3(v!|gnnk&pP&~TO#$nC11S4RLN6M2t9(f957?CdfCig+-LO|f8x
zQ00ZD9giEEjCDY4by0GDv##F)z%!=3_7Mz)#P<#WAGsidt5$;cnfCABDbQsA{?;IF
z@e*{@w9{X~JDo^ULL_Eue5D7t(@M~1roE!4DM7aY&_;vUO%hbzve#n}VM+M_4ALNS
zm9XA@5*_4b%g(eG>%U;$(b@=Cy_af!<2wIOe_<{D8{aRU5@*hIp
zQOz&&J6rajHvR#VLfO>#o!kF@L@Y$2I{
zBJ!qt{ChF`2PRtflDm}U%aQk-mrsvL1!h?GL%US|UgRC}^1r0Q%(LtbyOsPekayn8
ze~j#V#-Utqmu_r?m6yHIoF-5QiX
z0P;6lHl_!e-wSztb-wfALgeqZ>@RSKr7;%t*_5Xj7;^TNsKb_hFP2`$N+33bpm68F
zQkd}`ih)!3#kf=v)k
zsvkD~YuPVXgYXn&R&@cws@n(5w$JXc#pL@jb%VTPaN7sqF%uW5oqGGQx+Lg
z>H*}x8!DACoqTrTL8;LA2KkpmCCzYaF
z$g4;BvaPSrM_V1`vzJa${I?;mlgH2bQ+#&W+N$`2koU01-xI@pV4lz3a7qmovyr#Z
zjThKgQQCs)W>fRK~RA~_W;magXG-6
zps{{Ct)~Kw1E5fYc!Ff}rQaAn+i#!8B_@{nBA~l9Jjid1eAaKbxL*nW5U4Lhkiufn
z2EW~-mI7S^z$xh#Hpp*`#B0b7zpRi|fU2vJvZd6o54T+R+c%9bNrIUZ94AB8&UuM1=kO
zK;@5_fG*Z>`lYsFV`*_eIGG%3TD@qkT++6`p04cK3*a%$#tP^lB(joiU#Y9==R2T&
z(MVFDK#gqs77T^F5GjHAHyK~)4Yq=j&hcib?p)h`;T*b2Lm+N;QNkL%21XUw_E5|$
z+)%q9Z-ATcd0!1_3?GFuU@^+@serEf54gvz^vtvE3{2k4_!^i_-GDKuYp}BCZM#D=
zrR);${#dt!+F^3-(*!FD9iEP%L!1vcY+KIu%zhK*a
z=c!Um0kr4_@ZzQT$F}<)Q9L_6ah_r8RDofHH@IE(S@#?YsX_{U?inK4~%GNj@@Fz5j2ejTz1Mu5O`}uBa
z5w{Mg*9b{#4_OD=9{lmiDp-F7a0L8}6M%iLg;Ko;s~*-kfxjc|t{C%K&F=vG?r%f301tu09~lzdL~rJd!y`U?@=}quvfvp&Ez-y!V}HPO9e6X!e)Lm?+yc~ojSMoDk>5qx^z;PF
zJPp((jVx{~!+(#mmtq2ExKmb$Bz&b8G+bDW3^?{_TwY>iL!eq~WRS5xje)UAj@>$1
zIiM#{Lo_nTSVlH=>^(zOgP94`QjOHwm1h}#n_~|^@RCi~3FuqlaA7gBmt$W-5Q>p!
zfx4`bLB=-Rk2d|FW4~r9WFQf-O?<K;|Bxj-$`$RJ}sYJxVq*Rj8M2ZUWf9oEPo&oc6yV?TdL$vg+t?;2U$
zScYG6?DdrtyfmJpNy9g+88Ffe*i+W2D!T=!+cYxB*lGo62C)JAs|V0dF#H&OfqFzE
z*@bivRwoKIRt?z8jtdSo8czbXL?fwK3N$5PFE(U6(%25b+Zv?BsR@>476t4#UQsf?
zB50CZqEI-uFV)DHaZ|uPiK|l-_cSVisk&w)&naWx4A{Rvr9dqJxLbof=|S+b0ej$J
zW&2P-XZ;6U+L2aq2Rh<=_QLB3djt6zz7dUo#9K)azLoQlj^-NY5wR3$A7EGq$Be^x
zQ7Oe>H-i9vMP?j~Tz+PD$KsMy}AczGs%l+TWSw1N=h=q7~n
zx73+~mJogQHryi6qz+v&X!=Qe(3_RM#WqDn;9B6@7GJXvnWAZo1!SuV1A1Wo1hp5w
zeRXbBuP#G5ZqlMxuaW!%=K7Fbaeao=d=)4EskzR}kln2Gyn4u=ZYlZfP-fZy|s=bwd}4@SkzGume2
zSF96L@ssH=FTR6w7=ZC~65pX#=Prm+?FYd;D#fkF??Pih3f^jTMS0PZ`O*oIgR&_zVY>;ej!fdA}2r3>x%_kyP@mIHfqOXJ92m~&*1%JoZVT+?bbH`aPG1iE%IS_ksXfHMGf<1u
zU4b^7z7mMvOY~O*H96fKXwT_ufq|U99+<`Hp1=-H_XghQbbsI~r*8yG?j!z#fx4U?
z3gmJ6X5e8?-wG6RdN{D2)3*cv4`<&2UPaM`J+r$vo7)I!q>(^K0wMH3=!6gmy(1mz
zy>~>V3Mf^IBA_4&BG@RR2r3;#z>0zjf+#ky7o;fs?>VzOH{nzN=l}2X?A_gY-*cw!
zv@<*V7N3v#FY)=f-+zGQPxveH`E7p_KELDd>zrrs`Cb1y=lnXK-}9e!&Nuk{zCRHi
zbWiE`{dM^Kfxnw`z8B}ZrTwzRdcFwA60h+^P?q?NFOp<2ic8(nDY6(PcHPpcvKXau
z-O}l@7$tAr(wVZD5-%@{De){>jKtG-U|LzGmXU#BWrWD3`IpoR(jJWkGn-1IAl?K=
zT89L_t5CI>6shSlmFhl=!0Cg=iPS36-ZxFn$etzv;wpjZBPWW~>afM3>{9J@r6?Rj
zZC+|UX&1+YAGLW&sgU%MIRDY3C}L>VI~C^DKVXbUA<_Q=~Q~SXnjAyYpNHd8<7ll2cAy4Wsm}U(u76A6tKan_T#=-Ku&|uOrO=9mT
zK}1X?N~5XL{Gu_pN81R(!L9=D=F*aN`zV>;VDzaU;Z$P
zS(&Q-96nd`H{x@)zYU*j_`lXd
z=X0*VAM+aeTkyG&zdO6<`v>v4v40$&oA{^kxv4*adCmM8d~WWq#^)CP27GSi-_5+%
z{v&*Dw_{}|nhIcY*Xh{KoxdC7Qc2dptk>m29_OUDL4TU=PA{yiEyigXE7>Vg#@
za6P1v2J7cRWw&6N^XPWMlQTdr5IPrXMJe{MuU&u=E3d%$FDnRll^H$m{yElb%H?YGlt}LRZXdWPKjy(vYaQO+ai!Lt7Tk(R7
zO+-MJ7XNyhD$(*L2o|ECl4z^Ee=_jZ_5n<3tfhb^YD`$2kzSs(7R7794HtD1$zhxP
zx*!|gse
z7#lzaa}ch#%MExiW&gx=I1xLr&BQ{hTP5$rlN+!vq6^Zh67^rQ+eLvF80&9Q7N601
zc`X#kQWL}Qro{sL`rm*qK=>OR#)n6MDQK}>GZ(zS;A}&TA!T(QNLdwF9+jJoCl~@!
zrh-thC~44rlME49ZGTlAga$6=th%zO6Y5FN@n43xC%vY>+M9H)rj2ZqU^wK>U
zGyU!PJkP(I&-48s^Lde@L~Q$J`eX->599MF{{lXb
z^FPJs@&4m{p6I{K=Slv+JEUi_zcQci@)z)Vs=pVXr~8NV`9A+NKF{&5;PYJn3w*xc
ze}K;q_&?$ELjNs3FZKs8IQ5i$&|e1U^x^lTC`3OX12mnOKnw4pm&zawbYkeuv*=f)
zjWQ!zXJR=F4%r1lav`on0`9*+v4deS2wB;l&b}X<#OV=0S}JFLsG6@^i&|>sa4UOmdlN_P;j1x
z!!8`gTa<8gC5fZfK9#Gb^p;|Q{K&?yNrad=mXq_5)dCc*Dg
zyfbJ?M!8n@d;OF*G7e!*#-ZScBrUlp*UtVKDaM}H0@gs|-aZ998Wk30f2-}&4bkfH
zeW)X5G{sWOcBxI^h1D7K#d7`#45J@SjClZe56jtfw>B|m1pQ5flNdqZU|bEJ{X1$W
zUbATo2;T;m%wQ)Jq0A1bU@^ElKSYYs#vtFA3TRsU+`t;x;W5idL*R!3tgaoBdI1p&
zcEh}bF{1b}0O7%#6LB+=Z;A(p*Tu~!zKM_X^@PY+&x$v&cOj^8&?)Ic1im3+
zWr{V$Q~D)?84ZXZ{;m;Yxvd-j3f_w
zS{*`}ssxAXMD&t;!=nTp^0eOzdUH5;av{|eDAB{7^0~l=0-NCCSV0Tor^NB6Ypx=U5r~IT!1ix5eikQ=U6W;#vO+&;~k&&-8K`4t=f;JpRIcSosP7$ig
z$lC2er~;c03*Zhn!S8SroRT>G=g*x4uLnIk!8rkvUwa3MRX*F-7tl1i
zDW9Fu5%W^AI~R3RqjB{od}seChEvcHUpix$44a8KT|lhm~e
z?8MDXNvT`DRYEqpS)1WtG=@4!^*m-KCc;4k?_CF-t!gfy8+?d3V+aUwgTs6lY1=6q
zW1UId*sv-mafjE+w_@p1)vSU3F17G<@58V!>!I?w&7kHg)MPyp`3I@#GpgTMk+sX7
zhG`Tj)2j%Pg~Q0fQz=FrZ%5k4U_NIBP`W)y8nKh@n)zZI6KE
zUCJqNnXTm-k%%IEWIt1y2&({Y(1d10=*u2|VULK1&R2lFt?@rF7%1es3gRVOG=-`!
z!1_TmIdn?XkM{84NPnX$MtwLqc9MdkqM%5>+5O`_lwCSA3+U^#?r4MHzX
z;xMsy9S==M(pHpqMgmxJ0w~j6nyM;BQ!ZyUkamapQnVrMay1wmT^0vRC{`nB`=VXe
zJ}{1H7AF(0LCk6=ZTd(d>$(WSPntyG5++&nvbssTC&pitJCF@US~a7
z*=PgEB6nW3nAKm}pLWJ4GT+c$
zgugRHRw1J$j9E|D4ey}I4@&#h&3FNT$OfvDa2zURyhJf;6(&0pm4~tnuuQ^PnZlny
z>LO$;pAW2gNS>B3W<4wI+|o|W`vV&q!f6R()=p`ko9^JVfjtnyX$fQ2>(ai3x`FjS
z32bu+rzMP8Z%F&W5h{-IAh4q$oR;X}^91&V?LsZl`vTav8t3;pvNl#($%#R|qO1?4
zeG*1f;>ZXLX<~6Wi9tQZtWTuf3AGR7ReVS(l{!GhTk^
zP6fFiTt|`wC7`}Z=-X@&&YFNy;hXTp7LU!tT4-d`LgpgodWAZ5vEY20KQQ0
zp+llKSHp7LSd$M9se)xcjGCM?yfg?EG>Ow#X~MTLUTx|GtN?`0n#56{KeaF+3u`Qg
z;e
z$KG@SE3~^H9VPVxa1;&`ldzoe#zw3lAW~Tnsu3xa1YuEmLeLY;MjfgF3Xb*10$Ai0
z+v2F@7uL7vO|)M3CTz>z+0y?V-0IRrh2G9ZJNF{ly?COR1I>0XKEOr(*&a}5#7x+R
z&f9a+o_dFx!8(9I$>&f|go0j@wmnN#d}j%|iYX%O1o$QjhIcn+pbsmoB#qF$kIC|n
z^aLrU)H&Q8l=k9AFrGrJLT$LxMWMeE*Kx}}CFG;K?R`X68Ha#b#8nC~NN;pjDH!>0
z3OGD5&pZkL-jR0McNBf)ztBa;20OvLDDBo*q#)(<;Jt{$D2c#`&J6x2?R<0|fct+y(GWO&}G@?`RHYQ^WRP$?5P-FUWeEdz{%FCg2su(Jv{G01RbM5CcOc|`)srpq8)(Ig5JzUqi}(tF9UU!4!H0w_l%aVW32I8d%StT@x&1VfI@2BU#yv6_)}RROio&hH_$C#gv0UAK{9KlJvfs_ep6F*{0dmOnVA)ib!$={#FyafIR1}
zpcik;3>o8SdlA@f!ucsscw^K43lU=ZlfXXF@+IkQ7w<+{byFYmjrxk-)}}oP6Ieu&
zvc3>D4yCOm^%cDvWX`i8c4yPB(g|;TgCwiqFNfG1Htr01dzJC&ER9k9-XbJ!F<
z#I(~fv}E})z$S&{sk7)EXWH{#bi)21u!lo9br!vMoA#--4!#xGOCg*(i{AT8djx8E
z*8eWBk3u+g7QKs1JLh{R{67KvBZO1`&%463r>5ccX{5i5!1Ec4!-*gD|GcYA`xOk@
z7_R~>N8|jaig%M~2L_>Fw1RsV!YJ-sn+QeNW7-Y=gwsfX_ZA^YRlewb7VoE~{UO%3
z%H?3Ja#`wq7VnpMS?V`cSIHf~ULjm%0rhvi-<$U9o1Omd2f#kocqw|{rC7cvZVFWY
z0OzX&g+f@8UO@4#liB;9M+mte>Mf2Y8?y$)l%;dg9N;J{LT|ZvAD6XGgha}qkMo;k
zrtAcIZxW#ZI_dDq;!bQE0c#eLr~HbVQUxmS1#4MRW~kETUbc6I$NpuUQ|~dQsws=w}i!D9~`@92CF
zgwKnRBt=Vg#l1&7_M>=fTwVb~qO+q)7d0WOEABmw*JV;chy$4H5`^#ZEy$IcVYYn}
z#kV@#8@rh5HK@l}qMPB(3$yQj0<*#0!5CPCC46UFA-SdWY}^6D-2fM80{1kOnk>qs
zzoq9nJhH}mFkaFuPPR}Q`M$(T+hPL@PnFhCcpS7-no2BTevO)?*jB?M(Q?uH2jgcD
zuDB#D7saxPVs}W-u_-F|jN1Hqa|OkE+U*A1%XUk3AHm|g5aryuq(ScUpwRX0=p`$L!=g;t4GZ6`t(
z&adB(AwYja7;UfdCfq+DFSxp(uB*uCh5KU9ddin_qDG^lE1E+|>2O~0Ozz`wBG5xG
zg+uA#@7bu0^7~B2{A*umF6HVgY5_gOhsg!LeZ<3-r2*Zk!RBx(Bq9ux9JBkz6
zO<^nnV;zo)$B_hdQ-;@k7V=)L0qxWXo9tfj7@K}Fxrc5X0QVG*uqjorHQ_=x#9TJ$
zR??pun@~5Dha}Vuh9Me>({|!aT+!G*yB(|hY{}Dk6ZS~&gO8CvL6T|i;`UX@w*r_$!RX8`hUWrfm8Y?sKnTw
z_&@=sn_YWi0W@lRV#i7No;HNv!XYP-UuSR?vL})ri@<-jCw4|gl6Vjvgv2G?{);^^
zuDc=XX*S6!AGJNP)M!ju!MO{O?xEz+_QcjTR6xgRNLvjlhHN$D5o7k}X%I$!Bw!$!
z|2Z1i&iZdm#PH3kmLaxd0TRs&O!-W~)A(^Fs-
zE-Gi@4>lSTo7T*d_Ip^`Mb*)CxGuqAyiQ^J`-=0Y$}J79g+=}(*P=SvSQ4m16ZMTV
zAh0x+0FnCH2;3~UOLf8vL2!7VlpUg&D`b^@DK5P?NPUHHmqa!7~(#to=@t}kY)vKHLRE3#z*Ynyv2p&1;X32
z=x)QhbR4O*58yFP_=X5wnDClm&FXK6^S~}?{D+VS`weS)9Nvlo7J(qL-;(5IA<`R$
zbpl58bP#H25*s;~R45TzLr=o!FhpvXEW3X*@~trh%%S8`)39&B8uS|}9|PA(r0N<4
zMd5V~yW<`yZV~<h8>=Tw=F0%DZtVRSMrQsH0*syRrWs@Sd)v~(Pr6Tm*u@+E1QVpKKKA`uf=k|t%0iblMe(Ec2>s*kUM(i?_7z-K7A
zh*n@yctzC>OOTzn40{hMZmO4z3L)&x{ZJKa+Li8eN?tR2Er%m~RbhB^6?A3KThXh@F3nPJ+sBb@l{3Sk`1@}~Vp0NWW+I8TN!
zUe!>^w0B;_G(08XPa*#p!>mKq1y17m$!?{>$x9Y;OuP3p=vt6mIl@%@7^{QXh7TOM
z##+vdN9}H8gnJ%-7?l#@D(?g~6o-1C;`os!+lNuXaEu>>ntwHfQ$e_gUVLG>hvB-u
zsGRv`J&+cLdwx2DH5wJ6d=Cg@Y*WhF?52F6=@lc_tUeu8F*aTP3U?R6JqkK~dLEr49M*R$XyoIx*-BUg)2VsMJ6Y9gsNcJ(syy`J1!ID^#{
z$B?3Iu1}I`Ax({rUQefARVZeHv``Zj=U6JR#ispUrYa{Jfp68EWJ<
    ~W`E)iV$eD!)~$Dtm4?g#x>ST}Lrd=>PsVBN>>?cC4u<)-O@;Bx?Q9@6I+
zyc#$!H;_m7`w=(~Uls!2Zzto=plOsprwguf={v}!ok4#s=;=f|5BSG|vkZV-vWvW^
z{e(e=S#OsJuJu!xSliKEi58ndk;c(6udq~GtK8Ib`#c_~gxZha8HD3l>
zV?A65oIww$S9}MYLEQ&|&v0o_mxgUuFUJRS#}hltsZ9|Gs$Z_0;Vb~8S7k}pEOX9DMDJV1voR*dTwUP=eS?-9>$-Svv54l7d(#7UqH`8nyiOW1@>JN
z?zjFd*|}eh;95U)LKzDD72rI4%)EA#iAm|{ge~I8{SFXZ>+NW7omdBY2K^rc`a6Kr
zIY+vO`}L3xqx|V4&+&c$a2`JV7VYvBa2_(R0iVGGj1QfsWcqNwv4U$kH@wDLob7cf
z=y`ZuhJ*XP>FDtgN(u)We+D0CJud;yU=Bm^&brdE^}85Uem?LXuL(bd*{9(}h
z^Y5#`>6FF(TqpuT`Sb8F%X6CG%Ktu354>D(U0;8`{yHv4QOn)$F7Tm~oHUdBtpd)=
zQ;q>Xc(C!`2A7syXTv6O3Gg2_vU=W;?IpODlRQOX^5=Tsdp=m4}yE><>P(fiw6p>F*TW^{cK{
zp6gMbSAkF3)aoIH`q^ktuf3>@u0tG0>upX~+L^6-!{<@_PQ8EpRm
z@V@{!4^55&{w;7`CUzX~elj5{e;(o+2YjL6`dy>o)O{=J|7OtBS&{Aj0dQUx#QG`R
z*Z4DNsth;xn=82L8>6>g*FA3ue6iq~?^Dpn-Ua>$@NKTNdVUc2r{K>^)5?Ia{Tt)+
z{5sZudH|myxPC8#7!dy(a0Z)ZyKgwu=oxH_^T-Z@YdJ5t*gD|0;9m@SI?Zhl{AS<`
zj?Z@d7&tF0Al`47<;$Qi+kwwa;Jj303GjP>(|J}N-EWorgKYuGCEq!`TVl~=R{qoR
z$H~JjUj`N6yH^UX-`f}Vy3wG26!@gItX;MT{sH(fxC85F$_V3A13s0YUm>`*3xm57
z-+rXw+;nGuK3{Mx&lAwEnD0u^Gl&PvpGX-WI`ff!8gO1hAmYpYZU@fGRLEy7DS(!9
z8Ju?6E*Zf|0~Rhh9rQc|*$;nw)X{fKtbVeyL)hQG%fn~G{VZR){jF&7|1w
zcO~${pEdr%*8T1UA0C2d|KC9xRKJVC)A(Hn0}n1m1E0%)^DygSz_%_jJ`9@Q2l!aQ
zwVZEVx3)tlCzk=g>QXD`yP$sx_yVkRrMtS{JK)bt8VZ3IiXx=t=jAxfz)t|q%aMrx
zS#T}SILzaNK>rHp8BBgB;QhuLe_sBxX(#(brQphE!HO;p7z}(K=o!R{a_@G~`|Imh
zfq(C>2Sp$&|JB!9y`6~i>?pW?FE4A7V!K~6=(onD$Pce&_@%^QKfeI<&w>vx9eNq%
z?>XN1^Dw#$EB9*Ty$QzW$kkSFGCjH9wu0+-F-XPs
zz?(t;K7x2|VcjKhG3a>-Ch6}3{YU6OJAlvMKu;$f&O7@}w0wPiW)^TdJ#&n|3EW?g
z>?{LW>*sFRt2ytN06z)q)-=jty5e$zSY4r5fFDCx_!9l%xb#J`8rq
z@jEXM{hvV3;7J@u8Zc
zyd-QF;5PtgkbTzktH6DGe(!S2m%-*ZA58?#OS3pGt_IHF3>?=V2(IPaQa5Vl_dUw9
z?*7J~!75qKG;jvZB)%LtFUzBx{{i^j+u8V?0{;CEF#Zf4!uj!5hl41TJSjNqBm^h6
zIxrsJJr6!paBVMMQptXDb{_g`K+j7a*uH-Q&ft?xDAXMJK;_S%^+mw%5j?K^pMsu2
z16ZCdq~j?c23uwS878>4*9Bi&d%Xbu2Z5fK%^eT?Y~Z}KiTv*bpXrdd><=%1op#++-0xY?^Dy^rz}Gv}=$~K9=u06dj}ct!lffFNf&MPw3>q>L_-?;7dVfE$S#Z_c
z8@5^3QEmzPi$TvIVAN+e62(CCR|a6fPc`QtdSu
zJcN?Z94`7c{GfW`yE<1G9|qaD7w?=2oR>Ya-(D}c>kqG3dA`B?{v7CesUYdU1HHc=
zx2<#lEk7@3U>_b0oR?Rz-kuU%^PTmO^{XzOte{;gjSnyRWxfXjXRuJ>3xM+yILeb7
z1y}xGoMZe&&2ztpLGSwmyb9dkH{Y$w%EL=z`l5a^!0E)!{`Q>Un(ya-uzW}3yLx4e
zk1zKo0%s5__LGZ%^KvwP?}Na332YMI^{wEVudg?*Ki%-X;V-lW==T&{+l$WRTLW(Z
z&Y&M`$5(;#avYA+ZD$xCULr>NQo*%6w_~62Ch)HXJrCI(1N_gx8DwlO@NH%qpVJ=d
z;*gP@?GHtQYxxNg
z1=sJ|=Eb!g<$0h#9`p<@%>M8+a9%Q22>Oj?86SWDcL#@qD3pvBT))>}*PjBMmmEoU
z?)Lz2UiK&E6!-hpY~#bAGJSwI1Lvi|qRzSBO5hBJ$$Iz#I4@rovEY8aYm7fH#oQ10
znSyJ*9sPneV83$A+k^ge;J%)`S)I}Il1M4^{1i@=R$oKK{P#$%1S7KmE|k
z*$n!npyy?6X93?<6iY1+4^8X=d?auNYiB#21l-r#-vI90<;tW0%AY}5WLj~*2Z8f4
z#9e`}Cmmbqd8rip$wQPsDder-%ALFeD516O?
zbAQ(euH|7cKvBco?_=P+oT>-#zVnTqhay@2dB6*Hv39uu^tS@%C10fPw!rxCa45^R
zKX6{+y%G34D7e>pMWzM1^K@YoI#OyvSvt>iK3!>{C<8da9-L;dG#4^2G`pM`OY}j`0!FQ
z>LFJFXK?>LP!FE~zpv1~D+xZ^9cO$P+imi5qgk?~>BuSW1W1UN6frkwcz_{Kx5
z9;SkRlM_*%BdkAj+%*GdFowRMe_n95H6WM#6ZHN*=FTS>e_mR`a#jK7C3x)TFAJ{y
z`AF>JU&TyLHhlA2J3C};D{kV~f@{CxrF%u7UjUq!yRiPxcYMe+o4yD7&9}4q>4QJ5
zbBg8b`^VN2$Glkq`ZERB^1Lv}_{eZ}zfXbla?9O-?|G`}6;nJvjmd&5AAkR77H|e_
zm;yfc1LtL<{NC+PGd{drfc^6d!L^=?zqN8+3O*}A&tUrW2fpTXIn{<*(}g6lkciZ{>xPH_ER2Fo0cS38{<&u8B}_!)vL9|jF&8P*a7MsWsz-5dN<
zf^U*r%*1@bwSLZf0`1tzh|UEc27Q!eg8MxLoR?i!1MhOS<;$Rq{H}uqXW2mNl0~5B
zWt^mWNbpUh-gw@yD_(j5^t@D?^nDgv`ThO4QG#nd@RA71hnpOIxFq)Pr@&|6f2|(w
z1j)PL!{9jluEKMSe?fuK*MNSi;98&leBA`x_q#p|d>A~I?VN=2+z)(;9xRfds3q?A18`nmu_^Gf-&y&O{=w+)0)C|6TAvJ(ya(`ef%9_d
zk-*;o&P!1^em51xK>6_UlD?qN0OzG6I{?24I4_5x-0O0_@fo<2m2*1ihYPOtf9HKB
zIQIo!2YLoU-w62Az^Wje4YtDFM^&yJ3a?K@IvFm%f?xr
z8NeB|xF6`R0PgR5z6G3@ycU6ew~LHFgU_>^Rf4Ph`3~oHcLx2Df@}GGzx2z%hr!hk
z0{uI{XYFD2OnKPvV#{~^T@6oy{EI(-EiJvH{d6Mo|m3;
z9={KG*Nv^;Qos5TI4=d-AAE*fZuv5J1nG|xoH7BVE_oUBysVrwSAM|$%uJz-eb9@){45~91^i!^~e0iD9
zF2K(O&Y({mkM96yFcE%l;nl{+-`AK4oR{Hk2mWsZe+uhCw%1R<8Ju@A=w~i5{vT%S
zdkcZz1f0QyCb1=H@X`kMx8DM1uwvrp39j{d*uU+2d!opvIwOr8A)4>lVXD1K%6?
zse)_&@%I6*0bW^W^*kT+KLY0^4+jC??^ff(%Q)TuzQGF1_ecc)#kO=}sNkCKEYA*k
zA?UBdKHc`*IJ`4Wq-eEW|H{2EYc;LMB
zW(x4@f&1q;HoDXJFo+rZ;WXe3j>md_S#a$?kKMGk<6Hs$8{cJoc$pj9eI9V%PQFrb
z<>UL;Jq!9*4zT*13jSY#z8Lx#`{yQiTfPkH6qFyhf8O?J;Jiem5d2pQuI0JvJhK7`_Aiy>|!wfxxF=z07>)3$E?;gx7B$1pSIzIy(+k;PX1@&)D7aoeaEirSb9i
zk46E1}!0s1Iamp>%6lP^UlV=mx7*`W|8NYzy8UID2qx>fe
zuJ!!d-PS=K1OFo(j)ze4B>3=hyN~d*WWSuwr?l<
z>k)!$J@7KdEAY~zz+anh<=+$d{*M~He@=6W;QC!pV4~X|^bdocm&37rKLySp#lHsq
z&_5Y}2Bl&91_FzbojU5ZvhrIPX9`;UnRd05|3o}2-k!M7_we?4#p!5s#?
z=U=Rz{qyyM1lRB4rP2#Q|1s!Sdv?E0PZ%HHZ?;%)<#XSeR{lEhc?~#&2<`)XvJ7OU
z?>*k=PXoSKaP1FUUuAeb@CShR^Yq@ogHP3tYdgxVP|p`UrF?RKuL`d1{ztFfzZ6`{
zGYoQj7reUT(^eio&d*fAm7bR_F|WmrJ~!WMKws?bFFXqT_h?_ry`O-81UmrbOu;i&
zp1$zMyBS%%DY%x$mm8g*HTuutXI=pMT?AKp1`pl?c-qnDmVYkjyJ9}&_}U_?U@Czdy>k#S8kqxxaG3^}Be9Amz`hJoNql
zX7m@s4nv-0g6nvh;+>Cf20brlC|
zEVb`tJfgFJKl7RO6V8Lb7hJ!W!KeF!Pp_AZ|D!({pCaJJf-C*+&yCjqJka}op{IfV
z#U`UC|L1}862_t6-|c1N&&xbN2R4tkGaF}1A)&6{>cm0j+CGG39fQ)
z1vw$(J!Es>J>D?>OW}un5bzS}w)|A2mSir~uU^Ql%I%9+jIR6e=C
zMu*FM@raGPc~}pw06zM5<8w7$eNJ%Yzv4i{`vL#eTZTUldAl9($%1SDY50%P{|e;2JqQ}D?Kme
z=nMQc&_9Ft0EYqZ`;O7SznhhRAK>Q!_xDL323~fe(H{x=t=>gBp(peKK2-3y_Bt2z
zyexzD{7>M#G=38Jl)h*DcRs(1L*@a09yl+3;r#fq;M!gOFOH87k*%ThW4<2`)lCG1HY%2m6Q2i0(=|HkCe~<5M0Z-1mkWt`tA3i
z|M5`c!~TExYNPM@p5^;4@;zU0ZFfJ;#_Pa+Kl3gh+Ppd1vqNqnxbpcN>s;1D8Sp*5
zb<=0S$1SpQQl9tz$oQNIy9ejBX~21D1i$Mx!L=Uz_!WO~I6g9z^!V8L`}=5Pfd8)4
z%0u~cf#AyDKfiM~=1qE{x*GquPU(mXaC$E_?}}eU;1s{4}2x;36ydR2I
z@R`y3`!bEd*TTAn_3$?EigSz)zi~@ZFtq*`B@7p}#QhEzT)%fwf2+?Sz#jq5%UT8l
z@AEIC_xAy(2(EhIP;Y;>PH@e4CiFCpyR*QDmqSwSt^0-XzhzLgeQSaLP-EpUM0xHN
zd{g{8oIDA7UhdBN`4PB(&TES=@mc^eYBN+okBc`0}4BxR#%nUKfM^?}5)keeMK&;J=OD->1GA_!gL#_Xho!
zf@?YFJz@33cG>)U#E(ShxSHs64-_8DO
z_4Cw?R-W!Gr{LNy+dyv51%5i{S0jGQzQC^s{W_2vHvk{{qw(RT=^S?#0q128=Y#$M
z;0vHX{08`2zNEuwaZJu2Lrzo
zaa4u@pD4I%uOe&TeSkj?`q!>BKKlayFX(xhVGrP2NZ@bfGijvJb3Qssa4mnAXAM6G
z<-Zy9o5GKMGWfjf=3c_$h@(pG0|H1n&FI
zj$Ft1@UmvM*U`XlK>0a;{T}$S(7RYC-Pbifyd-Z1@@)dX%_i0#C^zl}K4_kmlk@WK
zU5(GBpkD|+PYSN>e%7T%|7+lV)-!x(tOxf4et_UwKfLsfy#IO^V0ghpzphpmM8aDEV$;&ORjbW$s*vq
zoQU7`3h$xXRB}o;`CR=zTryGQqXp&cnGF%ERYCKOgHa%9+F_
zmao5$xu4+5XBpxf-;eKF0Q$2qkM9Zmd(dCsDBN!{V)|0OIy{JfV&G(}k%eM&hCj2S0==nt1b4g7XME_qUL
z9oJL6_;nu%uKD`@Z2h(|-1j>j3H$;0KQOO_z)zZO<>5NzA>cK&hI9N*>Sg6w?dfT=
z1lRJsHpA+N>ydkaPnm0cs6UU{*60V#H=KIN8G`Hg-r)JM-{f$)HwXJ=?4M7A&l6LP
z5BtN8+Zq4wPqXr{-K&6K2fd5q>qg*TVV>gr^%n5c&o(}s_t)=j{C&UcA%bhaT8Vjo
z2Q=nkpg*J8%6TvFzc~7Ei`&1q+}`*vfnLY<8V7th{f-7@s$=pTc!bqu^RUT~`}@6X@>;
zemM5QWth0%zre@$8{e|8@#iJqTwe?Tz7+ciY~MqGkLqjn&w1(*;LD)@Q;w~-qw(M6
zI4dXhqRGI0KjCG-7grj8(mxLT0q8j*PTg;de#U=tqtRCzoH!78732x^(n|%`aj^j7
zZe!5j0s3yejn7cvJ$ABs{^}zu{~pM9U%|C~zwc%A>^}>D=fq0^zO!dP{0#VNZ@**5
zovoa!yzx6!aLu>eqd!Yu0U24W~SL82Ck<
z4Sx~k`49M9hy9)5z#lKLeD}inDfYK5lg9sytE~SIGIoi9!2NjFiv-v5PtVx*_5uGV
zfHy8S2AnT`1pX%GedtUTv|9HzPzCtk3w)dR
zjGpV$7r@`w6Lu@Ie6KyizNTs;*L;@^wDQo7
zdNSz!_z%|u_xINBZ#~|1U&9L^uc&WS
z1OE}@t`2-|0{$ZWD=LA14Sc;hRvzl-g}*_6``YlHpdSnTqE8JcpDP8|a{BjEyb1i%
z9jqQs0iTgWjeozl4d*zz7`VSbc(35f|AJ!6m-fJKf&1|xw;5*i{yj1kg6lX+ylMF|
z4*&VUH$^;W&O1+n&okI(Wc_SB-1z(V`-}rVa5Lk7I==Td;IC|NIOmJ4Mp$`jAh)@`
z+f8u&UjH7J%YaW9Y<%W{{{|zC-oNK)AK(`uupo^?R2PmZK484j&$`0C_jce@1lM}-?{i!X+&|~_BJeMEvhSk&
zS$l%nTJivJz>uTXxr``C%b-`{7P1ALcrj1TK)CGc6}
zteiYYzuP3M2Y|74QCo3=6f^n<1v0|Z|ObR=>2={P5{2^mzFR2d@Hz~_dnE&
zKhv$$_vavU8EybJbaP6VIVf#18p=tl$J{6ORH`zszQxYo~W_CF822O
ztezi35$Xije9xH}t>=}%$6)_x1nBoY)ad=V6Q=?HbXb(n+rSTlJm`CIEJAKh->
zl>+~y;94I497ieWdtYw!GX1&VT+m;zui;06&)-WP%^|KYIfQa|6Y!uX$z@kss!zz=}Ei1knj{L#a#oSg6O0)8yk={?Xc
z>rS(Lw?E0~M_7_55M1kdTL8@WV$hc(9x}(*qHoh{xeJ^u(
zZamfJ1lRIhhV>EUz+P2``~D0If&2Hdz6|{6QtLmoV{Di)KK?x^`v|V>G7a|Ob5Z^?
zfe*UR_*@VCR`Bunum1!5AAPKXSr5afTfV+Nc8%bg@5|7usn0wD+&|Cq2KbDI9J>hR
z*?ETX?+g8zdcp$WRY@!VaM1rvaJDrdmz2%4@_cixmA?#syh(6vm!;^3v^Q>44IKV&
z%Ru{XF;!{pTh^h
z4>>wYzhkZOUpC8d#!;UsxbkoC{N+vpy?<`y3E+q0+y~3Ecb)NRgx?Fxf0*FfzU9!X
zxn6q*_&TryRN{Ll)EoU%*stMw@Lb@TnO1)KH$DfvpC=!F-C*Up^8=$V2mjv)uH{(;
zeS`96De%W2&)I*z1E1!98J|PIXY?FfFQ4M=6U`J{`TKr2R|(F(2No__3HtuE#$U{y
z_G`5A@9>iKlauYwi9+BjRvLaA=xd0tYlO4|pCP!G$B(1_H_$KmoAKEm*?tas|2*1m
zP4VR)A-M9NeyH)GUb+s+H>@saUoyPO8x
z-(P-KaP7~J-)Z!#Z8}M;KhO9q$GBj>nkcx^pL)E}vpfx;-@qG3OM&lml+hQVobLgj
zfc~=p_{{m1?`W)-Iq%#BeExpMrx5f%0zVgWgX61Wf$`b)L!+Mw`a6O9`|n>0uHWUi
zZ?}cU=Q_`>ezxFB|2_O{*^c*t-rt|
z^R9c8@mUT3`D5_v9N@cQpNRc!x!_vQ)8N-v3i|brHa`8l{ksDNkE@3{p!fIRF9z=4
zBk($K|9;6WkFk6goMCcfI?6KzxNqNk3iwMCjh=FNi(`$Czh5&CxW6C$DDduB$5Fq1
zL-4ro{T%fEz2v_>&g%2wbF4p5kKG6O)ElgvtMFZi39jw#-@|wnaQ{Az7lHftVRb(q
ze2Oezj_X4N*Y@@A#a;mV-@z`*Z+sZIe=qj;jt>eQN+z6O{O`klH|=!`1=sKL?^(D6
z_(}b&9yqR7fzRQdJ^w@C|9~9eIND&5<=gLD6R2OKOhbT|zist!>RR@P2EnyF{yp8#
z0bgquD-ZS3^-csm)}h=7pAOuQ=W{>s1ool&pgg@#GCsatZZE;LU6%aS@|^|xGSI&Y
zc|v_`Iq;dVf6~tLI&lAd^uUuX->soHvVG47erU1P&jXmRyPRV5CqbSMMR`sXT+3P4
z#mY&$^dCTfk;lK+sm8~*o1FyQzX#+?!PUT)czb&}d|L0!)
zcRtJL-@tls2K1I41=o5Q4gHpKvKhF44(Kf4AC0i`kbdp6jnCqv45!=}0leI^i{1p>
zzZdvD;Qqa<`z<#9zCX_ug0rnrH7tPPcXkM!Ak|_#PeA$xYo~R
zt8IMIfAW6dFGB8dALKLOJq|E>maXJmcdw4AR1Ujn}}`ax}czLn?4x2=79p*+RF
z*I8ot9PnQxxR&!O)HC;+o)cXA=MA2J`^Vt3@#V(&F7Vmp0^{S~1O6M}?@zb#p9cCH
zfd2#Q=nWtb%PurN|HS?R+vQx~pTO=-J!+kcjJ{-!@u$410e-`7hF^hvp9kKnm(@c7
z@GpTchkcCgwbR8`pBq1A^fE2F-!Q>9!MoukEx6X_Kj1IN^4|d5zu)RT$3M)${#|&9
z@j3Jq%a`M{7WiAR&zyl*9{}DJ^GJ8#1(zD1+vgY`uJ`8&-WxRGVfS$5BQu7jedO;^$NkYJpR4Uw}JjxoHt?r{1Ui-
z?tY6U#^-|Wmhak@B*qD@^?5M%c_}B)2JYWS`84q2Ev%gMf7tUHvz;LpPUg!Qx2jYjX^``ifpse0ox
z7v=c?_)^T99Ct&P86W?isX4&?d(-Y0oMixOm#lr0@$t_A4FkRv4q%;ymsSE#K(8jx
z-ph^8SJ+46I64BjZ+CiLaFqk+eQy2pcC14;xY_vJS7-Gw1^EsKKB~Lnln-YEKkL`l
zZ<|5?Eb!vKh8F`*R5ms@HP4+sy?X-qfQrYmde>oQG=bh@fOJ)@?6
zT18E|s=26jnfg~YG$hgomo<+|4r!>)RA%N^H)Yb5^>t0n
zjdLrT@uvY5H8u5>6;eXsGsD0^)idhq8#D4SVc-~HI4)UKSznczR9{`!TwcF_`KaR5
zEdAq*{n^1+$u6?1Ev)533dx}mgz^^6o-ntjCIlo0*H$dpzof2t(7<6$
zBkSi*tI34^T3Apuw?V3CQ<&Rl~JaqNxe;)H7Qzk#f_PoOhr>P@5*e>gG=g4E9z!sN~)_GFb5&1e5Q
ztEIm#SkTg6s~5)nHCa&7BvqD~(O6NFs*>^yl+Gkwrdb+DJ9xD=w>(MDuBfY$ZYHfJ
z9ax_Ws;d*}{l-lkK5U%4GIv_KB<)7PJgrza0NmsJ#%dXz7!d4h#nnwC>ScV@*Nl*s
zuc#D?RH!zRg>zkZM~yBlofQ7#AZe8eb89n=)s^F9_((HPsw@jvSK&YzX|5~hWFl>o
zt@J_}TJdxR+PgzdT`Zqn*D$SdHhO)y&lI>1F0Y?Fw_b#c6?sDR{ba$Yil*iRT}>nl
zT#Z=wD;+zbEL~*(?ys_-M(VplBp7;mvaqaqVNIs0Bd-?Qt5Tp$MQsNd6b=|Zx4Ncz
z4Y`a<24ca=@C%8B^r+Hd<5TI>gpp|(IO+W+?4M4J1~__Tsfzoi`t(fc#5I}3$OHS!
znC&kjbismjL#9#Wtkiq+!t^|u7jz0pxXzzQk349?u<<1${O&RR8%*Xj4dlni-3^lWI?)2L_=kB
zvZ=YGtVkh9y+V_E0;L9I>Z(%nv{yv3=!i@$N|!YcNtaZ~>?R)^%~5j~IjcDqr^lx=
zjUupAf+q*?v(j}k7dZ+kjEMGvbh;+9pt`bNz
zmBH53oK|U|Q=a?{b&;p421qf=2B$+aT~Rt+-_VpSN|)$-uXBUrCSt8TT{c`rX4!~z
zxtp@;Dr$!g-EUmU@DWp{qzCjLXmwXqm6qx)p3>r`Q(d~;)_DbqMFldi33
zNLMtcr^(!za)VtOHp%6Al}Qv;h9HrQ+}9T1;iIH{s}=CH;YBI)azQ>l?j_kHDM{B!AC>B6;{RAXa(
zqnqfZiO|4CGGyXhRNoLsR8lv+K4|TtX`(mQS(V9)?Nv?&qnoEn$4a$Dx?2CjWV9M5
zjb)LeU(`aC42)Dsb25-CuBluHRKX#=Y(aJH+*)ZnCxN7X3(})S`?4-Nu2$wT5$Z6JzU1d
z;OeH-oVlVl+rPot)AczzIVgG~=cvMG_YdY7{l1zBXM^S;;xb
zE#jIhW~5}U48JWs-M$A(UMe-IJUwZw_UmD3k$g^4h`QP!Q?bmmF3UjD<{Kp`ouX}g
z6zdSNa>un}iy|<1L0g34AiJ&<*)P&Y7kt?{d(zl^1Gky&fFUdr%*hyOsX-`U+l8}a
zt+SdfX)78URQ<`S+<6sK*D*RWJ&6*YEF4i^t22$$cL%2GM5;>r*#D-vrGTmc?eDEs
z6bsVVax|%q6jrL$rovxN9?Ey88>?r`YD070#(aeI8=M0yH$$r);OxMzSh((t->L$3d^a$$tYQKi%)1Jl3n}g_$yFN
zSyXV*l>&Jf!eMJDqf3H^TD|@N6xF=0xdcs!5Bsl8n^^w7|i%=O#(3
z(rD&RC3U*|5Ud@_W$h7JIygQN{i!2;M*4`(#=5+-$zzC$w^Arq)^j6cG23z1utSBF
zZTXg%MhvT`LJ_;x8BwU3;XIi_ZFEaN*7>r;tt-5G?!b`Jx=|Bjw#js0%gROSI%e5Y
zP8EHkEIL(Cg@w@!5iihv!_&V^vJiP?&cp_*0Os#Jb4x2-Z$z@BEL|cUG0=~shDyhl
zW6}+TcRqRGjec#OHdrJ=CIPLblCmLbRgQwG3B4&iGzX6oJ70a{!jT0X)sqK76_ABV
zbaih_E^Vh|x?Ie>us-PeXN*+1D~vZwhy+z7W2VdpB0Wu+v_cQgN^UiPi8Y_oP4H1!
zlN_dE$ypXSVlS1IfN8^d^dvDDg)_54Nw-*FePB(;S!5m4anp;ML)@e;-xXs4P!S^K
zEe|Ac&Qe_7%hQ{4R~A9Pb)zF(JD^P#G|jGVC~K$?ZJS+3lyq3y(z7!QX><||%ci!D
zh{tT_{a+c`WY!ojJ2vyR)6~xu9XF4yP2pf1XDt9CVYmni{`xbIay5xLGoUU$b?KAe
znx|9tNGEjMFhScDi7il#h_aO=5-Mx#o~HdhW;_ijbk=d`;=`uPfO6)AiFIYN59hX}
z!Zvf^B83_f^aa_y$~4NZoNQGzW@P)XLJUmP@>HLwE~RBr(@nNe1Lo;2MtQwS=;1|f
z=PFfY3jvuaDpM*HB6c5rIkb8jP?wpXoyKEy|JLlEwt@;&eGxDtb@!!yp)&+H8;)e>
zc4X=oicPZvQ(h`HPvp@Mo4#6XUCt8mvQ*kOl?oO*zmyf+4VOyM;F~jU5R{Bj!7YM3
z&#)QUAQm=lmB20-U5o34uLaL)n2~|+dZ#~Y1dS$dw!?t0Q;l2XPmr~ZOj5&Cy>lOt
zzxZM$7$w?e{LptFCVvxKMU`xSYd2Yk}RsKRy&niT+`0jDyo$J
zuSIJ{%U#+xZE%_lD?)=SbbE2oK#|)`4YCE&JRM^uUD&^{e^GY8g%m)VB7U*faOMTK
z8=-rd(Y`dVwa%1(h@*Gq&Tvjv1fM!2wV+Zq-(?FG>R`K#&seUmp|X%nhNm7~K}r#2
z@g@tUl5w@k)EJtMWe-vY9kvkjF0gbxE%uFOr+&$XgxXR{rbyS5(dWRDF(Vsf-60*`
zto@}BJT?p1M4>B7%MFThs9R8f6m_jyq#d_SJ0$qBjS=h-z=$EEQ=m~IWai3Vkk+)5
zi(#7{EQ0BZ!V;Cj90sv^x>&*3}oM>vpNB(o2L(P+}@YgVmHV!da^@TRPoH
z+CVf>-GQ2!sgbQs*OUVKE2`||8*1Cs7+E?afc^GSuaci#Z*kc_t~
zLA#37jcn}7mXU2%IO~PAWZa6pZKK{_lUs{qYa>^8$F7mES0@u0?6NOjV>;=FA+a
z-xl=cjx@I#q|soWxg)NvISypD3+=q5t16l+uxgz!wj+~Swg+iDlpnxBXpSQ0
z1d(WFv07Pnh)2w5?hV`Q@1U`lnw4Z5ZTLJ^2CYurL!|*P)SrXBQt1O~^VFUS8J4TK
z1WWU2+L?2g^v+F9X9Uq|tz-T|3(-&otckaTd~;ws6r)vM*TejSGx%bejf!<6&!+US
z%3Hl4CH_M?L3)jqpKIQN1pYW2u^8xKjZC_iKM=E1dZ08}iQ2veCoBE&XX%sFWyvkpcA2t7?u`|ZYojb+G{mN?dQlZc%aQ-e%#~m2XthS>FM1NyH0OUwBy)bb
zl9g8CZJ=d~mEw6ipmslOZ)Ht8!Kby+iF=S)h3$F)l8O&TJ`?PRtEap9K$xJn9bIDbTIsFb0aKh0*|_+${3gNzeQm|KU+pRtm%wMQfF=_BC8?6Xo3G()C;|uSRQnfnfkS4zpb6|+
zvLo0odqqdBT3M+f`gJ?qrrIDZMyWU#<;Jw(ka81vO{sp9XAdqrHHYTHQt6n^mqGin
zZVSl9pDHQJSmA^3fXqy$
z#6D1%ucTNDzqx|CN-TTU~J
z)D4zyVb#Rbgp!4JfXR$75r-)4_U)bPT|a?&CwCLQSa#H^rNpusm^I#N4ax_!V8Dv)
ztDYIl^sbm58fyIZD!dULH+l@Ga6ovEa(G7EGo)8wTwGg9pW7w?@AlEY-eRl(wpWW+N?i%K4Ln!;UCtP>73&+
ze`Y2Va{Fr3H7&^2D#JMp4i?jTea$@aTMM0k!uMM<=Jp@4B#IVY**soOpm<$Kx+;$>
z2t&sprc^Ds+lxw(J%J!P@*3`}3=EvXX$KU&kM0WGoa>m|A13nF8pYS}iUUtUQN(FJ
zZA&j`LA?yyJmfqdPFx1eeP8Cd8AP^%RO1O&rT#lD3zHRP1`V4MU{^(lnLZXf`&Y-lZ}NV{PGYT!l4JPfo-)#*ko7RM**Kqr%RSyQ`yBvV7A
zE%J?RzMj9gx_LLWiB}QXy33Uo&fF8-w+q~zqV*rrj$&4lMQ*B)EzA0_sLRd`F{ft+
z%GtFHJx*LTxMt5zgq+nJ?Br=OSzYI*S5?nCsJp{v`3o(_<-CI&*qh#xL%Eo-oQp*3
z`>Ae|fZM4mt*h%wX31xZ(kfl4&`qPRa*DZ+D}%(E@OWG0LJTt3tS9nwZNyQ#VPzOa*`=%GPMIuySsr_~&Q{g}K3$_zMk35vy4jBpDo~
z*ucqO@Qzh8ztsuytoU`pw+)A>ig}ibQ%APC!b2tZOjQe0U+#$L$f%bUNRCS7Do>XR
zx!W)3=fMthJ|(1eUvo27hlE0$92;BNp>GmB#@T$`^yHeXeVYX0TaoYZb7X+|T|eBG
zZPn7Hc)yf65lcVGLF%@7W@G()5lB_$%NaG$qoUeqHT0~Fxr@V5Y8jRo67FoxcsW{F
zF(cEI)dXbyQ#rFS$A9h@GoeR?g!GMEArb5*4{VxW(I6C|V^>)`PeS`5r8mnSTOlYA-hi>RrTxw!>*>Q-iHHG+%(oP|CZ
z=KRaB1uy1m4ICu^#gQ8px}*VQzC~
zBpkMNvNcsOzNFdO3Qdra&YAUUaGlfj%lsWEj|5DGm;D1}*)N_BvCDqz4AOFH<<8TO
zvO=)E)?=B@)kmIgm0}W=Lb#oEk&^|m?*%8(({k26D1{YF{BGnW1w&O3ryW_*Jrh}I
z85c1}Xd{K}%TVg&B&;)FmNJS7v$kFtvi#ElCzt>oMONGmoIkSy8_g|jUrGn@mT?_Y
z@Iv07W?yN+)(mr4xKOc`*#XN|sIEgx=7=eGs(dt5j9S1_LG9JdQ$lzEv6$i(8e%Kp;nI^v*a)f%cNvd_7^5(7BuVm
zMg2Mnw^v~*QCc<~DrXKID#4J34KGP2`w!4zl5K`Ok|EHIU_BA#t-b9+&)#_74^M?}
zr5G}o<~XvVWRdo8m0|-mXj9oH>rmt^CzaZM0?w*6)Hi~7zk=IbvZeR*oGsb*jD2_2~$Ol
zRpLnMc^}$fgkM5*$a4@#GtWzi7iwi~Lr$*wM*t1{CZdC-w@7F;B8VklW~L#Tx(W&4
zny#K+GNq|eT3p149O@M>EB$9(eY1o-(A7=4x+!f(&T6V>XLL;~lD;r0s0*bO=#$mL
ztVA_ic}q4c?XMM0P2xza`M5vHVG!9wQQK>9LTzB$-16kDNL;7r_EBuV*3861So~+Q
zC%;;633WP*w5zm&PHs5*3km8=58b1K>DEhStq_V77gmgls`ZSf=|h3R
zKfb}G#>J1gzQG-~WpQsUtt5Fw3&Sv_Ka)Y03CGEsxJd
z$j)0TO^T&|Fl0Hf)Hk8S9=;G`p;ZGXCRb-zb0&*rB6X%gaU3bNNIY&4-EO5U;^`9;
z!pDs)FNCC(F}9}%rUSO5D|Ox|UCE@|6NP0-`%hW3de+7YbKTq4!50mTCc_+I&sRBhqqw972IAlDU_*r|g?(43#R!)@H*1nNzZ(>q%#ZdUv2~kQwh%Yu}+0Yx{G~*IP
zAvF~#K6nimf-fz#KTR{U==ALY_9R^ib>~C(UxRDo?p&dFmZ+i}QN>c=kzvV!UE@GYt
zjX>h3S}r`u24jk9Gua?a
zZRyH|C8aSjA*AgCC7_LGVdQMRjES59;l3%aRHXw^$Wd}qS-leyaq_f7#R{rdM0ETt
zOnoH3Oz~=%FSw5jhrgF*b1EbL5Q-|CyL9hB73(CUdt)+6vWwZ42WjXmhenpsU7lJ!
zrDokI5=kLDCq#DnB{agC&I(o?F%D$y4~W!);Lllk1$7>;6vualkiAFM8?pDu0v-zx
zcA)rSoRwW@63ZZ#n7T;lfWA@N@Q;X?a0e@tb-ym@4jMLooCL;b5O?co)f(KN3mjPv
z#fQj_wy6clw%#foF>o-Bkp+|@c_PiZ{pFT?hlYiHhr$MTZ{D`==N42*JVreWLZzM7
zQnun?<+&_@b&+@>RL)c*IGh5h7k5Oua72do1V#O_b3XaSNqo->?^KC{s#D`~_Nu~5
z+d&mgdLs;*p5M`mp*h^;*tRmlV|=(J@?yS5S5v6^0_vW->~ajsBlxX153J)|Hj+>K
z_iQOt<>hGS)^OE1`YP)-?5LD-v8`2XhNSb5Fa=^El46auxUhLHUix@bO4LSb$CYC3
zq#8?6_YCR0BQ~)aa@SEtFA9)8?VDFxke7J}9H+O|6hKjd)jk*mTnS9v@iqv{k6Kh@
zV>auL4fA?7s!aY-B#rNF8?rm+>$PsZm9^&&R{2iZp0{Vl%I~aIz=K9i7Cj)X$915Bn#41;_h>u_eIw`aB;fc6&MU2%Q=nf%q!=PY+WiUJ)#Z7Fk
z0@U^(3Ta?^$j)b|_JJah$H{$r5=_(S2HI5C%VTT^y1*=UgV{y=qJ1H|%*?Ys2-$L5
zS{;m)rL<@?HHCnKlWX-2w-?BB-s$4pC)_*JS)o9v8
zEl9?WbTiLmZV)Z|>~zwzLt{1TN8q-r7>O<{FkOIoQ7@!9>C~0~baoO}8rjQ&l?Law
zZC9&3w)Z0Oanu!WD3q%!c-|R@(q4L0%-oo5>e$bBJNzMG<(a`d&=Oo9hz`pYd#I^n
zY~CF*TxC0_D&t}#uv0p&%ZDydi5yW#w&lK;&=Cdn7;oP|!qfUUzKH%I7Ir^SImKL9
zbO@mzxDi4wnDyGGJ7-sj(mzA~Y*~H6?#2)itM}A7p&2N*HWIR=aqfs3hJ?XC^jtau
zM&~YOqz476p`B*s&O&$<@2s%@E7c;qd}^;r&vn|Eop_N~YvSFlYexynqN{J|0YPN>
z`Eto#aG_A{WG!Y*X>+F
z!qec8ilz}^A!2_^#+>I@<5qTA5r~{N9~H&|L^qFBh3fcO3TLUoRa}L^A|e|=J}tIC
zi-MnL$E!4771L*0eCo5T#sG;@e`>
zAsO`-ak+Y`pMJI)Vw}mKa%M)ZW*1wei-qTA_DZ>4LME2*;@rkM?bIzUq(pnq4MHZ8
zQ1@io5Qa=llUlZL7_y&7T@agd&LLHABLlr7cSJ>Pym})o&sxO}hxW?{XBUeYRtJf_
z%vJ-kktHEr!|}RX*o%pF@SKAcYwF`5hglGjUq(h7#ZcIy&K{JDm4ja2RbO1GB%~peE2?Xt4`nZi
zkrKr$OIlRnvKm>-cg#yaaIR{F+1*(;gW5D4-z&9(evZXp#Iv~ACOXq1V%$KyZ6Zg9
z>9eIvO-0^Fzffn%=xxSw1$T$8E`gR4_P7#lSr#u=VeM6a<=t8}m=4H2%Rr-iTr*Q{
zxY9UJN~iI6WU8`5$eyLzyMZ>myrq>_tysb3=Hkw4qAFLR2~1s5xLjLU5T7~LgIBKS
zbSGY%dvvQAw0e5Rob_CtnJPa><0i>IpSGPfY&bFx{Io(^Zb#}@rwz4E2fB$=gYRkE
zl9NK%7}~zuX?~&ga%k*FPGm|~mJVST;DtNPV0XB}U4Z3`g1=C)WSGlMeG;2pj0WkM
za?h6TE67E;az|R*lnz}um+eQTLs}_rZ$MhIMMI1HJy=gjwsDa(qP97qiM4Mx1TH%<
zYuOgIX2O>QwO1HP%Z?Wh^JZP6iN8oH?uyaCR2|v3g0b4BnmjflRXM~JD9)9%1t%ii
zrHFGHm3j+0QaZR8Cr{Q91A`8BX`1#{4%EH~tH4$f6y@hNO%*1kL3Dq0f^4*BuTrF?
zP~-?sMdi5=5tCKq6o+k-IeV|%Tq71T@xWeCF|B%DQaXIPvPSd}cRij|>hyYvKNdYP
z9Uj=l6_Jpatr@1ArlBIj#jVV0b|!h_X1Q$4-&ijq9bVyUsM_DAvN5fqITGMexQd=<
zL62(cXUKg!dEKU50pdL=!&2M%QHCr^q0Oh_*%QR=O=2jx0i*(>y?R~?1|_t9*k{0Z
zU6CArp{^UOlI-kfV~Kp(aMcqQP3U`(h@|q%380Z1}^!N
zAG1aVk({nnZ$>#LDASN!K&OE`rpekLI`z-DV=N;!Cmw)qB3rC`Y1}s2O@hX1$;m)E
zr>FI|HsYNrI%}T|2j0!&;TbCh0u55`BG75i17R)*a}
zq!0S%?3!5#9c+0dpuLh%}>Zzk2G}4l11v?rjN#q+;OY%-ld>}RTRu
zkJ5xf>zb3CCyQ~s??{ct>QkXl#8Svx63Pe444#ttrUM`7q-l0=CkML&Wx2=6LjArY
zU&ghTC`J-V$=_}ej=B9MIyM7Q!yT}2f#S3&%~7i*>seP0dJv!NrE*a%*?Bipbs2=G>VbEwTJrXEGg^1-B!*Yw4u$@;_|^
z%|`0JqqWG@ldymQM>M0<-#O`iXTZ&x%A_pBKzCl^Wp@#O{gCgza
z3_;djxU>Shy?STGc)4aS(>Ot*l81tkI-9c`@y^;7gX@qZEuD%Rl0m=pNYSk*e%d&a
zLcK6ppBH2g7GibY7WLO{76r#~-AO<<6hn1YBh3+bcm}aH<10Ka+-4iUi6+kWuj)+t
z$HmdpPm$5!c^=9|-!amdqAR?7lJTOh6%g_5wIDe2ifRNk?h4vizlX4H`*ThAEh)f}
zgLhI3Yvy4sb%WbQRe1kGD@*V2dn+R;Sp9YIipuPq7QYvQ@tZqCgyUleo+)k^g}prg
zmk!_Fp0o^N=K>tDe#r0$wqf&Z9qJG$nP+E!M6_Y1rhY68+B+_snMds~Q6LjzKr~V}TOIcciicJ^YB)ASqJ})E|JJ6%mySaHt
zxhKt}?L`vDim0_$;e#Y)X|@MQq!_Tp5ah
zAFVH%3j)1D`!VIED(}8GRi3qT=n5pQ9hkHk4k>2{q|`>CadCB}kiDKSq*ipKT2XCI
z|3S3NW>dBGjfo>q&+HEa!mKRpv&-OKC>A6jr>?(_^({@P0
zI3pu;p!_4N{h#lQg;C*$YdVox(22!%P>VlBLuq7vscGlVip!vrhD3j?&KmS;^$QNg
zK8NR&TbfD-3t1rJHVQi=##&O;B+`9gsnp7Ks}A*knP1UZ6({~|RBL~abSo@)yn
z@w3B9Dke~AEI*r6d62ukv%PMFxN93H#rm$ww|RYY4MuY?9(AWEexoM38|!V=@SuQbkD#(KGXf1C!8k
z(jYu&s-iP499X{k6YWxNxOW27>6SY6x4#uoNm-++cVDCXx~#mVB7gzlHWb1)RLfxP
zNMnW6maKh9X336olK~c03%PWX_6X{ndVlL@d~?-37wyB1VY`#r6w|g2d(Xx!SC6|;
zG`c`BMj>_F)%DLMm35vAoWNbAgbsQl&5N-Esfr)?8DU&R&XHTtG
z*{EAk-JI3&3;P$ftE*88wjdg8uFDScux&bbpIj;~&IPRvb9rs8n;nDi&7D7OU!o>9
z7`BXPaabr-5iH8GIKb35xeMJSwzRZ@F1A~e7BaA;cS_vnRP^#f^OY)VZm5Y1z-@Wv
zmuP{XsJPk+dzpsK$3Y4iRTuLJ@jwj-s6&BWWkX-=_)!amO+M3Q;F{Zt_zOeK`357~
zH`njAJ}QcatW2c>toL~3%m0a$@-4|qxw(SjVk^}cB`p!y$68p4$-8T2x)ps>ID#mT~o
zCWOh6yaH{ad9VpMyZi)vrsT57*15=gmy69kqBMr
zi0(G1QLY=PuT57}R*G#ga_v+q6!OE<{nR!f5?buBqAKG=xfh!tydG$CWCC5$2BO=U
za9R`e>V>4Pv*it*<7``{eZCB2e#4s5!mj?1aqL<`qv-++sx24|W0^{wAakX;`MLXKf#kv#xa
zS;R?9yiHrbL^mwrV-8!%tkaP)ss#Pz>w#+x?YlAV(k+ZR_OKk85SdzG5tRz~IaCUF
zCGh`g?rUNr%d)hBzkwDEJq$wh2sM;o7>!^^Iqdwi*mPBvYsOWTl_oR$M?#t)Y=<+W
zE9`JZgq@i!7R?4Bjf9E?qZUF!{0KE0m>sk14H7%HBe5A^hcwd6VvrCL&3FFpJ@>wQ
zU%dBhmq?W>?1;GU-FNS~=l4731Vjb3aH*L;WYj^~dw+6{;6~{5(~+N~u~W=F^LTbn
zF=9WLEpeaC+y=#E2Y=JW)g>R8v_zK=3>o8+TwTPd!m>G9Bo%ImW-6G`BHIjrKx2Qn
zfbK{t`HZhO_Ti4WC8CQ@Cs&u3RN;MjMQTx#%@9G++hGdqhTx7k$}CS8M``s9QF0%2
zE^8
zo4moiRdOBE$aV#c_SqHTz7q5qD~bIrA46y*A=bN2A7UC&X&Ms$3&en=y$baRIfNm%
zo81J!so>f2kPW%wSxUF
z#ybV63ZeeYv%+lK!i=`$L(~%550b49P8PGNFcTO7p@c;6>m*RW+H(>&fR!sP*WfQ9
zuf*Z^0G)}*DTU939%@pD$uX)&lpds6Uojxi3|}j`86vCaL5$qE
z9@~SZaLl1UTRgzNbb_-mD?|5d>Q6ze42Oxer3&Br%8%GCiDNQ1mEBqx40cP5s;Y)Q
zgoHb&^yUyv6vm=bW4ekN6i!a(nM;
z!3`F@(l8z~Px`gx0`8eR1mYuzh{IO|;&YU@(RmSmgN_?Mj7tpTkXlNxkzl5{&*@H&Tv{k}!7Z^&|nYeiWun>21VcO37aJ*Z|69H46%
z7YgxP3X%|A#I#(;QA?W)GE(d(ad*TWuv`h)1B?-05kw$nY0|HyK!U6Zu2XVu^X1xI
zFUD?BaR?~HMi`?MOFAKmiOS8Hq6Wnv3d9(pmT;A`^yCB=xtn4GNuS~6tCoRo!(P)v
zH2XH^3JMHSO;);ilNL(|cP~wGJKvR=7pxUC%mcO7zG*z(2JljFr5L!iPfrO%ad`3m
z>J@9Z{UO^BYQZ}KEx6h%^11g16~jo>rttvE*=KNk-2a3e{IqtMe(lN98nT5Gcb^z
zRCU_2j8ExizVu#k-Mc4tIw-
zV{7#c&w(#oMiZzd*qhqgcDe4<+IA0LE9Ue-Y;6VWtG*G2{#K{ur&6ls|l;3nhZO2w9S#tFj@}Na{Y*`sHm=R1m
zIEF{`F?W)-nzqBQNrGDe64-0Q@n(u{OU(exDIjsNwPky%%Dh~X3--pW+nP_ZxzE8N
z$woaD>ru}Rd%7^4u-k~{!(bxwwBiFyJS4*2!r{hts4lL(w5
zojy({6>)~Yz`biwa4*6uKyZFeJ(TW>MVE?DQ(P1e_DUwbXC;2OLy@Jaut1TCMG+dA
zb%iMQ%US^x0YWI@%#;fw1os+0VY+l7Ck|wq#;hezA4$Y)kq
z(XQxoNN6aT4!_uP=^<34`VXk1V--;dB#9__l89T3#|WFl7flim2h5OEIr4Z#6a;5m
zDJGz^IpC_OV1BZH`~Clzd5Y(zl(9D9rtiqz({f6Ew<}
z=t6`Ju=|kKk`9i0b_>yjw@YoWKqpwYvY{Mw86(u-mpNe1zlhjwCk-Hz$>}oYZIN99
zNs0eR0iX%A){`;osmy&6K~VZiJN34*hyc=Ie5GzNR!sa6(3gUC-I1VZ;)9LUua`EOIn<-@u)g1=bKpi?m`btLgf_1I`k@`rVgLI92OO`fQg|hBS%L#htS<7j66W?rq8oV*qm@nmDkV!$}gtlvEY!I
z+tWBQu}o5btg?|@pn8m%$q!*w><80zV^Mei09FU()XRUznrR8Nxzz@nOef>RS{xas
zCZ@43?Yt-Rv%~MLS1_kB93=*i=bJb4nA=Mozk$%dKF~nI5n-#vP!0F@`O-P7*yoa5
zmzO+meFiZ_oT^pwLk(G|sIFp`#IG3#o>XQN9y53=gdYS(F)Y!gBX5equJjMly4#0_ya-6jABwriG+Enrb
zmz2@z3lYZ!A2{g~u4;O55`o*b1n#O2vFN8RVX7pj7xm5^8p|96NeNQ
z2*Qw`N0PYR8ZMw&SUe*+40ot;B}+_v7|Tvvm8Z3UBKcy;zN17LEIoRW_>3Ed0f{-=
zZoh!)XoW0LsOg5RLOWTt1mO`!Ob
z8P5%Wh|gk)!fAC40LVEL-zRR$c;^zO3{hO^e1QnW^@m#pQ>sf&5}2qUAN!&tQZTC$
zdW}Y1g~G59cdGtE(|T&SH{xX_`HZEiU`r~&DPW(-!HpCv-s{;HcCc04^i^JnrkW~(
zX^pa$4W*JXK4u^%a@TRQ8!MsX@nZQV;P@4p&$OjAScJA(8QaUm9UYm%V_-cFR;wjI
z?1Sn>cyAH3eW6)Dj-l!R1;3JfW5d4>CazXNuc
zRUz{XdwmuJl!hzY^0-pn?100BG_uIt&Nn1;HDfG8#S+_f#uaSU_{O=OIK;bs_-D+hF>@hQh
z$25}NwYTKmX>b*Sa8jvLtFERg1YQW$PKu8t5t_YFo8sH9I7NO0MNXE@J}}IN#uUtF
z)w0c&Fwrz_R+ZllZ47b#vJx>=N7}&0e@80AWXc~<-#@{9O^rN)#e
zpkku5_({=(B=M=Rvch|!!BW$XFd=m!Y<0X!7Pxb2l>#uIROER)m|%z`q2T1<5E!eI
zqSb_>+n+Ur#DYg^qO;bGC;%a7fY=cP>)e%4qBadA@rGHWu->wYfUNk#LOc=&uRkBb
zD7!D16na{>jG1q+wo{27j#f=rIM&b8lIi}w`|~xDh6!gVv9mj4Iix;Ov;k|`*&B}O
ze_-D5Z4#yzO*s+6=b{=}bqo7>zb{o+%6GPD6|ti!!DxTs*O|?sWzS2
z*$@X6jhP=wxr5Z|(Y$b$sg9~jhqEjbgUAFYFx`=OEfW}M6{pdF$;0gSwo=0A`w{`n
zPJGw4T&*uBz?J!V%qS)={sHsKmn`VGeTESIaCwEebqbqEfqs0icrgo#$)SrE+@(G(
zpHjOm@cd5+u5xkuWVyIHzo2{ZuPP^%ZQYe}{
zQNekfWRQsiaeBd0^KiMIe007!TTEZAU-0wc?Vvi#xw!#jZ+dPX2vpT`yzzrMinCo@
zqj~upTlsPc$iifw&77C-E@ujCYP#6#)-w))`B(eKsFC`Q(KW;7j?4ihY9ayRY(vq;
zqVt&#Gy(=LJRDjD)kF^oYt)p2bR&dBC|=TcK~($|6?ezEGI^K-2%2!CBH~%MG#*N4
zA*VQPsXhf(0sA8KpQZ5odcL&r(u1xE5))k
z6fUw~rTl80bXs=8Vw2l5+iH?1icP1`I_2Y*At+LB(AW{dDR@-|Iv9f$;@Hp-=G+mK
z{GOnp1-D9ERM!qlAHZU?zO(
z23JNB7h;_2mno$=!##KL3|T&DUwzJ@B~^TVuo3K`7AQ&sXrQwqxXGNNM2I)OR*cU@
zt0!e(vQ|yrzm=7B)<9KdHOsx~y%AduKH^F@81wEh4;40&XNy)vFV-^eDXmB_}M^cwK`F6UOXThd-E7BIG97VV}
zMdYKB@Y;E^g7=lJa+X^@l`^A~DEgiGX2fP&oGil~@)%QE4AXZHR>7Fakkx58de5ebx|5Ej1pi0~V7&N0MEvk4uR
zj(TLDgBlUw!bx$ts8t4}I#_F4lbj{DcK1!ZznUJj-oP8ZDhZC8AUDZBs=?o;*yuCI
zC@|n6qHW-{H}|yWrAaxN+^yOhCO`~d7&F0nU(XgOH_Olp)7VmhS!$!qBtVMhpRlX301E-I+;t49r=>;u<*8v{B~crtMwDnNl(?S+HG?Qg5oIb
za{TOS^${vsULow|BN3_kmuf*Khq3O6|3L%LdYDLEr3^~!HytAH`Ivoy(au?b4SM%=jVNf6%zU%=`~moLKT*r=6GKc
zY|Qow=s}TqjEGY;wha5}2H_Krit+#$ic)=)w+wn`cjfxMt|fP&PS2l>zFj-xCT$6>*o1$R=z&Egf=P;j>c
z_PLs!8JSWrF71fM^WnNkaQtlRrCHoCD)?z#(twJzPJVsaDZJ*~Pd%-;DezTnSzf@W
zwrg-Gh!De=Bz1SHrS>w(3n`HYWSKw`XHu&spBw-ZHDOQK8oEhgg9oTIzjNUxl9`s>W9L=>81_PO*%?`4kxBUt>}H>vf}Bj(Ggust=Svid!0&8Y
z1$1Yb?Zsr4JCac$fm-p|m^vLjb0U+t#yjdg^ULHkcTULyy+WwpBoy6@8`Wh+|4EWU
zX*(j%k@9>fV9&JdOW4*L0h?BVY;*Dtu3vKsBv;lXJR+}0EJGbnY)xol(Fwzd^On|f
z<2}Knf_=u?B$jlSPMso@LC%(7WH%PRbP{82
zLn<n8N!aPL^$Vc~D)!F^TA&UXGQSHw7;v{JONMu0)s>+u#=%j&fAG-kdO
zBXd|ufuP!sl!K+ner$90-bTP3galP#aWYv==b*FQhsX2NIj|Rm6-BjT!=+C)(^p^+
z2SCA`T$}4X`*{kL19oQyA
zcmTRoEWI@gh9?y@0qsruK8Z;NzS801;xv>$|7N;6MUkLPks$pxu`D`8H>$+c@C&in
z!5xlX=ByfAgbUm{vdzr3L7c#A33&cAT)1vjU8iB4x{
zQ&dWvOwp7NT?||y;ysSL9$LPq!Xv~SimO>iuv;t|hhJpK4GS4P)O_3LoI{JVl~
zKLm^~I7RT5V-?7dZyMd2Te=7VRX&9wvw6K*
zqD)Y1Rx2L$%Q{Ocs`;z0c3UG#X$%T*|x$(#+9z~F0V5y)L7@ebe(UaX3`}=3oV%^
zx?K9B8s!UYp9YZaFzh3MJkT
zrs+(Cz3Wm}HfEbXi1lE)4z)LgFO&x!tJMaxcwp%RRY|b~wh}sFh!I#1%|Pu03kH`@
zRxqJ>76{fuBE>m>I1ml3kd@^^;wtbg6$S$KRfv)%)Y{6Fx0HO0oKL+s<%{8ID56fy
zGD1W>Q9NPaeufszZqG##9H&8p;W`rTJA}?HBK%?_I>H?pR?@ny_WRnnaUM>z6e2PL0vmo^B7C00@n`(6lbbx^?gWJ*JNN5|9l43;h
zc<1a^oJ5IPJO+E1qprvdK19nu+8}2$|C4h;2fZw&P<&jH&`hFi&QBJD(_JdD*F
zc$YNi9Lh{h_#$%AD*Or(Se2914b8kx951zp>R^Xn%CQ5@OLjy^sXawBRUP7_igd?`
zlY4~BB>Eu=Op{#uUCN}#rFkK4MG0kwla;Py^>jet%2Z@LKnbhrlI$N)&
zuV!nD0XQucs(Z{@YZ{?NWslTHa`!dbnTroFfI_j%57qs$Tv?2f2H#SU-uc4G!iQ7r
zu>}SbInm!bB#>dJj#379a_o~TAuLd~V0Jp8rtMc}q%mAh=c{UM4dTg3QFbg)uqnlz
zUje#cEom^v%goVbb&JbuUs1Ua+*;BVv6lDaTJ|-rABAFWWk6uNXY6?PYJS0Ija$K=
zU^T|nS<5Ks1O-=!gs?K`#JYqNV>Ufk9}e4Zu~;UpPBH~yujQp_l4X~TOKZ}EB9TS@
zzJ(6RC1<|-gn)~hW|$mQ+aB?dX!9j_RSW4)LQ$bq>=$e@94mwV!)3NeWROAQem@5w$x)AN#mtbqN4Efeai_znN|Iai78v
zpP+6p(FGsTDmcN!L<`Bcsbe|KM+bMid@kx3BBY(4z2p(+R-q&af-o2LuT*;4pa`up
za1iArLNT@d?og)3SScA{!3U5faR&A)TOd@MVT{FeZPWEjl-kXkD)_#RNcq!J
zx9H-{`4MweVR7=gaBF@W+~BriJy@4Y*68-5#Bf^XzOn*+brZI*n3&a>(Y=Z!Rv>d+
zw`OX1n3ed2bREAs7eW!v5e=*AYMaeMl@$Bb2kJ4noa|)+7g8B
zBRF+Nz^uJVQdL%TJbvJDnnnOZ)QVI-k)3!n89>Hu1`(h7eP}P7W>Sd$!z3O;+X1Rh
zHYZLVgA7FCTd8=;e`LTkA1E`ix+bP!75!*SqcJ}1Abo}OG+yiye>Pjgtx4wVZ!^Al
zG~62WKn1vOyPpG^C;YD;6L#r<(&WKJx8>ENs0VS&$H=S4uLRPd{q#J&QBk^SnzgxH
zgGp|dqEq2W|3x=x0s#Vy3z@Pxd7Z%kWv#Yr5=_v+T()3$#*W(3=i!izmh+uC2e=}H
zX4)J0y5X!N8AH2(b6zWE(@llNzGyicoWG_k!B#0(twA|0E(XLl!a@npJSXfqCol#Z
zvve>VGS+XR)gb>xIg_g}NM=XHgWqmXByrD%8w)AhlYtL)e
z(*k~1h!twR{_5@92@3qIDJKT_oXPc0@x)|ez+_^bDX~zoa4aWz4q@8f%}FqGt0Tdr
zoGo>iJpu)jCh5qxO0+E`i}U12wp2(n>F)#bC)xmd$27y(|b)HG&M@e<>x&%ad
zm(Cj(ELeBjj9lW7ZHF=M60koxq^hSNjA6(Ia$Tw03KI_AFNX%rSgM68bfXf<@o2v0
zB4EL1cmG1VZcG+)@Qn50>A~aq#TgZN)uea|aplk^UF5{r!!%=^uG@$f`GmJV{;+QO
zzM`1zE19resFtDyj5KM4o{82T
zuY__A0&Pui5+GN+=obEZ`#2U_eh=7+6OBFKsWSi5PON*}P34M;3NDtNf^8&0;i;VH
z?@SXlN+}(KX6|bO%(bDsT#b@TMb(dv2t6L_zZOW183VWDmhpb&)(B{#g>&nv5}k>3SN}nxBYyAwTn#21*O@R6IU{s%$0^cgbtBAXG$xo+*ax`e(>ZJV%|4
zI@8_sLp7%?V~w@kz;d#6i$djLRuK
z=H2QkhCH?AWY-A$3z>q?ClN)oHWuHD;Xhndu^*@P8vHbBxDmJjR-THha6FDio&V
zxgB>j;XG{SeIwS1hXW((lF}TrfOi-&k4b$Jj@B*T_CJ*bBQ5Li!RM_!c%02JSk`PaQNbEF$j|4p4LIf
z&f$D;Uy0f#oc%VrC=Tz_$zu72l)mK^ij7oiyjB*A0HV484O6=&U890U26eTKUOX;v
zl@E&jIi=hM=eTEAL9v(g-=atTV4_LE+iZh@O}$h_0kuGHY1pbQx`ut5Q%=>ZQa_yH
zK5J=t5SKi!NLSlSmp^oV^htz~jLYukIcNpPkL$l0(y#D%ly{J*Uo6mE7?kR&_RSpJ
z9+ezhRPxjFodd)sDLVNavRFZ_5{0BnHynl}H4O9GolpU!x6U5<1A50gzz@&cnCuz&6>a?-UO;sYAb@$
z#7s##1gGR3sfwi3PR7_!dfmj!R$S_^f6
zVG+~CLcN@5G&s~)aAj>R(L~Dj;Y+HsxI&`98cN~Ir%x8ki`h$R6e%KU`-u-YggZF#
zaI{?>uRd?!BfJdBFc-|`lJKVKDwP^DWT+zb0Ju7@{@*fLWS4i^2M7l0UDl!5KVL!2
z!fF^qoRYTt?Ta@+*iW9%)(FyJX`eiq?A_au?cNqla1)QlCp$bf8j)D|MfwazKGl>l
zghX%OY<+*y=tNbx7Buf$a<2|86v&1@R%9{5NmRq1+{vVlH?`#uWGODPF$+?MDoSN>
zTwor;$3ja!2eb&$Y$TQCqU6nibXyHbB9P
za1(GV={)T8!x{#0%D%W*Li|>A0xXF@FP1B2o(bS^GD3W!SdX$9K!c%L=MQS+@E5EC
z(~eMiQCcskqpMkr&|Vtum~CvGbw+(QItHmt91D)77O<2YRXt`alPR8|c=m2G?Vv^Q
ziltx-CJQP)2{ppdUe7CQ--4FOkZ>6wq2g*I_DwM?bJzFRWGM0}tx*o1pO?Bu$dgo4
zfB;YChQH2ID!7Z{{JK{g-PdZ
zkX_a*xy@AXVT%veGCe&t?dh%piR1C?iz}49TTL&h&bx}XxJ*NLF76Cmmc(co32(Um
zf*~OOHmi0jloVOdZpZosapH*d=PCEMvJa)W(x3~I9s*pp{K5_EAhm(?6=_#MFiFrhA&0$RE;d3_5`ZqfROj&U&`Go|WU}phG(aEC`1C-wc%m6d2E2&2pm
zP+#df>V*h_L}|Q~BCHZzn=Z5&$e&%EAH(m7tqlr{t2#sH@0Qb?%>cx1He95s6FGSK
znx(Zlu3m7_RM4yg0_X2fv_7b}m&)8>2)zUsqBl7l=+-H3Tg*kDTEi5Sr=EO{E2*n9`q~b@IW&JqAits(gEK8F)ap=|7(C(9~YK^4lFXoO^
zwa8^UnUtW6Q%3hBHk55jPH9G%mh8(L)kdK6hd4JHWPrE4Pn8j5jlLrGLPB2p+E7J=
zFRoB+n`flzGR|DVLZh#6>ucT49xhuFIbvG^QRa;G
zI`X6G`lH2iD#b-!Vk@GKl1Oc(h0O6+WVvccV;5@aa3x-!oaj;@-A*Z3A&%+E+qdI!
zBeSCdu@{vgc^=J5!%T`MY|1Fons|HC0}(@$c$_>y^!vDHFh&F7H>W%EIXILl5du7)
zmUo+E8N!jBR_c6Nr!!Hd`*@eZDT-+D$*c3_#ROI8R+|YuhH0@;oUq#JL{V0MzxN_`
zv0VDoNM}Gk)^S3~?_BIS11A&fq^;zqef-gEy19bb9q&MMo}X-<8iHRwuOQ3bh6{+~
zzDZkU(CFi|6b=K{@OI{x9)wEd!pj10gL>rZ#x%)L%DLPhpxb-Ln7j+6
zYjM^LV3blh-C=_+2Th3ZMHO@r3*W3>k`^hZaBo8=Z((!X#EHX_QlgmFG0OiOh)F~k
z9IKqRye*c@k*Ea!cLaNlT}S=T`$KI>2sv6146-MbcJq3+K>Y``{{X*xC`!YppTK1xLqHNgaKScjxQxP(KPrG>6_^{g|26N&l3)Y@AMyt^t#XO%w0!
zhlPs=dfZ$RzhaLO7UeouoKDhPk4@Y%!2sy14IAfUIaT0&a`=Q8+;=sr-!b%Nn9?Y|
z0zqQgKx`;Phrzc4bOwrjJI*!RHTfnl~;hqfYCDxnIuH36IiPoxrezuZu3
zeZe6FT!Y{whl(;w;b>jTC|MvPx`ZV}R90$9<`WIztZ4H%+RX`}giSAT++b@2G^~JU
zFm8cZz4Hm)sI4vCnA76g+#Y$5b+8?i(=oQW~;w<1
zMwGa+Y3*V7GHmB??S#aXkOLndqu?5Ib_MhjF)Sd&;8!~N8~{AWQgN2_loBTei(-iJ
z{mZNMYt+ic$kDy^yYtQT7_Xa^yuP;IE>I)--m8nNdzY&v%(~6H(Y^52FPp(l85Fy;;j|n~l)@Vut^ta2!W^|8q>Crv>dhgXze_78?
zM)x+TEHJu9@lSkvNgQ=_Z}xg}wwj*LCa+I%HTw&Gn;F3J$>G>S@!kuXbc!zIuyk3v)q4^u-PvgDW@zpDgCk!3lmp@S@jxHb{9Ure|
z*Y+0$i|u!;sr{yLj^{{9nq`6KwT
z@!ycQM=$XD$M9q0AO9!$z+Nx@6^)Aj(!WNdzl)E4>gNA%U&)p1^&kHk8Ef;m``GJi
zeEfgi_{SUh#9n__hL33ebPb!ozCC)Q@7wjhaV5Xm>m@CYeurLdygmOv(9b@g5Ap9G
z{ZPi+>u+7k`*iPLz)wE@H}D><$p#KYe*DoVa$kG>mK#gI+BkdtXL!$#|5C@>>w8=7|F5(0zxA7Pe|x?9b=w)b
zd%VB=H5&ap{NnHb%YR5aJsR2T&+=dKfBE|T2Yf{1<6UegOnzwrS*zm5Nq
zj{lL4e{CP=1@i0t3s)+Nq=lZAF{YQUA$9-L2X>#tL-QQln
zj?ex4NAKylpOe=g|8+MQzuGu^{YEza#|Jv@fxOy0?J73T{{G7tPw(0D|3t_CwvPX0
z`=Y+)*ZXUF|DEi6HvVs9@6)r=KYRTZ9WU?3|NnQr|IUZ;J^IbY*}H$cGXCd(AkY8q
z(soWpHQ}8jb$z
zx6%`5Ax2NvJd*L(#W7}unea<~+-*eA>EO&BumXweXagh=Y7O_vo
znNniPj((wM+>wq%B0Et(Q9Jl)B$6iT+z!
zf5pG!<^TR2)+d98ME@;~e<97w|NT3r8QoS^tPrjK-?E<>{#`JY{O_0-;u_kczDQe8
zqMITSm2zlC#C&8ZBwkqRksdFFe|Mh#PFNb!-|>>w!DP&f$iV+U^?B0Y`DtSug{7Gh
z+UF&&Zxs9;{ssR2|LZ3;yJ$4k*IGM7lTlvsp2_NEHdvo=88McHyPR>n*RW$X`pkac
zwWi53>gO2iaTEJ4Z(3L!GqvXZE%>!a78GYf84YL;5LH!3WVsEFuhq+uE_YBCbx@b~
z*Kg~es%9slu`kX}q+Hlh6eelzC#jljY-i^%W9p$%%I%NZ?GSmY#9xlq$ynd+`QmuP
z+1u-7RSiVSD@DN~z1*#a#?l69%9W#fncp1mBr=GJoc_mlnE%v&vU2eSmhpOa1_vVC
zs+1km6Z|Ws&qqu8+liv%T}M^MtGd*-Y3KT;yjT>Y+@{+@%Q1GjokXHI8P(x3ITp1d
zQLsXwtAq-KLDFus_s=YOe>?dnqBy(3deVV8@on@)ZH+9uwZF2ua(1y}Op;?x{KV8Y
zb`zrIrC&xDyE+X!u5c~RUZJ0zo@B6Ht<#8Fh0zKDS+4I_-|Hml&?(j2V$xW3$;6H^
z5(df;T{(3Ldj~r$kxuy_yOqb~Kcto$M{UTlQ|J(~Qc@}=)iBM@RxihK>{tt{qZ_8y
zn`B8w_MK}GQXXk1s*P$wy8EGkd7%NK$MvFw1iVhN@XvZ8Mxdg{N+vs?U*`BZMEDXxayC`SL8B4S|
zf4ba9)WpRvyoWf-c)sY#8S>L%SzHrGx;
zt|+IfpRF;!JStn+*m-D1f!k&|$%}f%(w-uFr+7I>J10@BNV!Xlf=EG1PCmLzvSCNL
z5R1UB#&(wdT}3_Gi0mR=d*>)ei}a+dH%TuvGwhVBq@F5gxkjlztV__aa$@P^u5j-NvKGkjCTB`)~QSTE|S*D7wjGv4w9UDx{LXC1LIgv
ziGk%Jy;XXi$rUPkiqYZHc7b|&F)=rM3?==dn`6_>*jT`179bQb7Z47J0L%j{05Dky
zSOi$YK7cI8LKFjKEFg|PucUGnl<|NBKq7HTP_6-_0@45(fK0#!0F!LMM!+V(R=_qu
z4q!WA2cQ736Ho{!0_*|o1?&Sb*$+4XC;=P<904#n3MdsHi9{!%ECZYdQ~;^~X8>mb
zOwIw$1FisS0M`IquERkc;4a_+;341<;4$DSfXOo~#6Mra&j$MZ2Fka9_kfRpPk=9g
zZ-5^FCT!~d1Ng^2FoD6Jr6z3vvH&>%leSdKQ`rv6_5fvoDxf2vGoTAV9iRcw0q6qs
z09^FxxEqv4ble?EV?Ymp3BU|s4(JK60Q3g@uk?Y>Hh{jw+d?^jjt5aWgi08yL_+~i
zfMLYBQ#k@kPrw-Z>;40Fs3;>haP|gK}10n#CfCYdkz(N3%
zMNlpVECDP9ECa*2}o{kf!OoTFtj!{b_N`}vC0BZqhfONn*z6tpbpRkaM7k?T`2Vd
z-2g@aV}J>Oi7Aw3bj&{YgyUX-J^&klEnpyEFklG49`L{7_&=YW;Mf%~4B!SB0T>M!
z3m69&5AX)~044%_0sa6cQ>hG~avGG=0l|P7fSG_$0FyaT&ILpQ<^iGr3jvD&O90CN
zOxT1N1Bj*1E1+BrNB|@O)&SN5(gEuM8vsl;Lb(O76|fz!1CS3W0C3p}$GhqCJ}8Un
z_yCoMp*#vW1}G)&1eIk_o(5C`&JuS4%8PV-8Op1G8o)Kcb-)e4O~4%hlY3OMTVCEyj{HGs=oIDYp(pWnmrCqUExa7_0LeEtUb3HS~83y_jRD{Y{Z
z0muU6h-1HzhvRktMSu#R1E3?IGe8}n0pOxV$2w5z0So}$0LFkG08@ZDpeKNd1(dx3
zeE`;gz5p)$;J81)mbigX4h9SX*b(Olr4zsfFq}9KDm|eb4e+AR%DUiSe?TB02rv`CBoxZIfN=WExOsHE2+E~^Wq{>?Xg~}g7O(=qBo4||bi5kMct9e3
zUIXP?Knft0xHKr!0qX!6fDHg9*-&n#<1J8b1LV+W_WN8oE&vn)iU7L-djU-LLAjrf
z4^YYYgK&HlPzpE!I0+~NlmjXORe*DV^MDJ0i-1c2CRd=m3aFva*P*;Y$G4!oO~*|4
zE*#&Z&-bBxK*tZMd<^9iI(`P_3&2ajE5IATJHQ9PM?fQh$!93P0)7B~0)7Mj0R94)
z{9~mwjK=^bl2A$k+R$eiDB1mCTYx;EJ%EWKl*)9>KC9BP8kC&?T>u&YO@KbY0MHF!
z1n2=U0hj`q^n}t9&>LU{um;!wxb%bL{(u1h2f$Fk|BB=Pe0G9kH^2zMNa8)A91R!)
z@B)klcmpN^d;$J|06-96I$#E17GMrwE`UimmFzeIj^_d90~Qj$2+GBPC4i-XWdJ72
zsbt5|aJ&Mr8W0ai1grt91*8C&q(hkj$Odd8j`3UQI0wq@fLuTxARkZwCR>;~)w
z>;vovFe!$zgpLnFc^GgMa13x9a1u}kr~ojjhVl&H9N+@rDxd~%4R8Z+6Ho`Z1-Jva
z3wQu{1mN-*j-S%!=TN?&DHHN*O>~
z`m6wDdw?Q98K44Sq6(!Npd)?m45d0i6QDz!K9mM@%>Je;92)|<5!ancxZ(T1(i4vR
z&}VBX`vUsW=l)RI((xcDhtRPdln#KQ04IPmU>JbOa4OxQ903>w@B)klj0boFm`s3j
z5@0gGkGQE&1^@y9GXNognSfb<*?=&>TtGM=5)cJovXIKfP%Z<+0Ac|v0r3DP2~Z}}
z@fs-C0#fKR`+X`Mr&E~$WhP()APbNU*aX-N_+QxypSJ;a0P+C&fC9iyz%IaUz#hO}
zzJfG+?hKcH*|{097GoD7Vm02x4AfC8XBKoOt>
zPzH1Wr~#OCrcxbBO@J1CW=oK|bj45o4jl=gJYcn3Ik0(5hol#cfv%-5&uPh`vI+CJ2}W7$JF#Xss>Zy%E)!;Gk$kR3-R2Vcqh^|wRc
zUW;yjH5_>U++`alNx8&Z}9&6KazOWsyK(@O3>De~J<&u-_cZVyZXbR%4&
zev{(Oy5GJL=E^A+A%jClxMep>YIq%7I&JWy;0|eN=~;U9um34_)z5n6V|lPF?^)^O
zV8si%n=Pt#Cdf8?a_Db*C@Adoh|)1(Cpt(=lqB3U8}Is0UOs8h-{GabisZh=7zPA7
z8lOIY)GN2c*1?&Rk2?Q&F!+~+Ow111`-4jc&JgRLz8o%27?W=5>!)j|2mF==}yUk^Q(S+J>B`x#$C
z-~X20qVLl=K+j?A$b(VN4i64j{gaKe+3TvGq|j%s*-ph*G2@(L+MeuC{r=r=&sPP@
zbcRpR{WNgg=%fnyIX#RAn!j(doZ&Ed?WI$x8opOw#XdZ`LNRsyHd(7tfqAF;Z2utH
zE&a={hw>NhH8|cKF?pH7yfMk|i{>6J%PXo=c(8xZ={uL}*Ds4Ww=-dRRMn1UChuNY
zJlK4vY`jX!N`nsHzYWvTc_-;!nlN&o-^vwz2YD@AUoq_0mbzQhj87jvJN9Fo+9sv5
zr5*(fUSICJcf0YQ-1`;2uVn7d&nz*{%^Y@neXduo=I*_-PIhrP^8Hbusr&33`%RZ^
zP`+Yz3s*sPvSN0s!GxgyxNpb9&p)aq5mtrFCia#kFH6(ey{pNQeAzM&%5WE
z+8?fO*3GD`vbDeLe?T$t^;w5=4(;j|`=2#=rglTe-Q}R2$>iW0W%-=~JX87)X}d+=
zakRC@`nhiud%e1H;h@D%#Yv0WCf({jE7D=z?0JJ`875|Fi#AxL4~lCTeQ)2d3zqvv
zP7Ii;9$cIENn5-BTAO+K@zDu;miJxWFD?GJ#{H_73(R*^9XY+`V#Sam8^iaPtyWD7
zS--2+QR7JOCz6A9_^7*Yj#Zc!aVF$_(8P>0T7NBec$7W;qdxG;&n;P@^%YC1b`0A2
zFe%&lRdvLRa0zXLdW+px{v{SosMtI8pMPTawBd!_y&Gno>9R>_Rr`C(+stuUu%qsF
z*6;w!8D_gaJ{)`gi}oAWaXR1gKA5P@-F`zS_FPH&4b{G-
zIsKn~$=L3(_ve{51*Io6qjggUHhQZhdhJrr|8nzYm96$@|DNTa#?G2__06k#hw
zMrC=PGb4MtEmPaOqUYq`A0f?4<
z{MIyC?Nr>ltZkChEn}qtS1tGTmKbNfY|o=jy%be7ui4JakDBlySM&VK1;YMp^
z>n+-BZZffasr$dQixq3`AM;sowESS-+|!eOq@2~vZs@VTeAw7u7lS-rPm;9UVXfGA
z#pK&zrR8bUbsQJ}c|3W{=4kVx`iiXs{123M`0jHx-^oUMwzb2-35yf#ww@ob+J0W&
zn`1s7=w34N=a#6=`Xv_sI=ZTf%x8YCn7emX!Hy2Y9QLeR^GH`ldy~@G=<@Fy+(JJ#_sHTWlcoYzQM1`
zKG?(_GwO7=%C`37)zd|HuIz0)>BMp4C&@RQ417veOw00=QZyb8nA5yOX1CVb_j6U3
z-F<6P7t?1>C$p92i#F8i9r-+7rFiShf%;3YTkgwh?pky=z2bU7hTHuOzvJefDi120
zBGv!>gbLll<*#-hRCasXyx?EAH&Ls*ZYq8-r_-v(-&ET^4JmkCnQ`;WvxP+-uFs7f
zG)uh3AE}vVIz@f4#E7xKp4gP6pBO#h$RGRV8y&7Behrh`GxX6A{{tyAMlH!bR#Q_r
zrN69Y$<@aj468K*sCZqUsO}H=l7uEnyq6d
z&$HfPlP1~RM=7fB%LOu3v(vV;Q7!D`w{K*#i=4`d6E&}1Ot-%`L*sqn&p8!;zPqFj
zH>zJ){@v(WzV{`=Q=7eexxSuuz@*$tJw{c;Iper<-Dzcp`;IP-VM?ZF>c
znVPN6+NG~MO?gd5LRag(pQp}W8h^_1N0QNsx6_h0Dp|YVoou_b>4Ns=N7^!X<}TYS
zy-g~tOtxg(JB?K<76g?a_RMNGTlV3X)UOZLs%9;3dRgBqTz^1G`t=?~ZKX!9?tX9c
zfpb+wUdaQUmv7wuGPd7-vzh*er_Y)gE6ME-ihQ`>#mSl)`RyBAr1hsQRq7S?)5>%I
z?KbiuCMS2~&uP>sYm@!x=MvvvO;%dTr*&(5F4VkF+MYG;pv~7*OV95yuEjHAbI1LW
zbx1ef^ZeIp{|-G0-4?@5niI?5kP9GkxHjpMq&9_HVs?c99T?2p5oeUbU4
z170qWE$!K3+dfgc@%My`BAxezzMFG*bS*gab98-4pT6#?!_WM)9#T9m@%!X+hwm@G
z9PuOQ%kT#^Z@Lc`4U;b4<|X&ktnF0O!n8rRq*Csr)E-~a!@K`(vk%vN-t5yVV#${QK_kZ&V3Cx{p@L~@3xpP`mGzdr{nxjTFN~}m>%*Py?J@l
z&UNy%;b%Q7XP#HTjLf`@&NnHtxTr{r>L4=I}m~tS()(zO-$m
z)cDd@(^C9AlCC^SS^Ma856$q$ceh>qtmUxoPD+>2LniG1^((z0idnD~%A}m8gxZ+v`HwX`tr9ox3_Y$oyLQl=t3M5#;zAeyI;ERx8mRy4g;e*O
zBM&xwH>>}qrJZ4Qp#0#t=1I=(o9pKVEU>&S?>F-Ns}IMfY&f0nV>-&f^!L-l({clj
zKh{%x{#5$(XH&0sCls5X98h!Vo>Ug-+39Vy>|9;1$Iou>^9#6Ky8cAUaId2c6`!iI
z*H>)$TG4sx=57B1X5Y+3qvx^G&atv>yNYQwY+?`yYv
z_VnNg%?rnuZLIAbwXjdO4|W&f`0~k4Ve`#Zvc@`OTO>>LEsqH|e4FbwM6codKC9W1
zTffX2_U~H_`y0UIi|?Hm%}tbQ?{f0XuXe?vL#kZ@-1GJK4BqPGpj}iFGN$6nP?eB12OWPYIC@}>YCuVm-y?5Ma6cT%R9e({h0nC^79tf7ak$0zMaVDo&e?0&-n
z@7pUZYHHZ$M|meLcdKo1v0V~=!u8K^wM$!fhOXZn7+m`Alx}?CuUi23Tyt
z_eNd(vOmKIzLDxa
zTNkSL7B{La9kh3!!lhy9?+S09P8n`-K70N9vEAGxbH7%Y{2FW<@ye-sh-2!}nw2xB
zT^s!1{-x;weViid^3T-j$$uK;eWYMkgyyPtRz=erbiY>nI)vYE?6WHR(27vIWhZW=
zL`Autj`}H4{UZ0ui3IN-yG|gP33vRlD4a5_rK|~!9~Y%N@(A{c?VZdOP!njS0O0v_JqH2e$zS|#U$%hw9Ee)
zSZMEe#rXNK3$u<5Tk=7wyJNwPx_)n6Z~QUy8Ch|z_(t0_|GbHB2k-Crb*N|0_Lqju
z*}tRh!#$2P2A-}69Pr10$CPMw=%pbaD84Hh$n?C8yK2-)XYT&;P%caOdiV~6f|dNV)$`;MM(E#jB2
zJ}S|9{$b^*!CfP#w0RJ&Il0FqJ>N_2<9%K^)%Kejbhb?6;pg-oRzq~(4!sm^WV2U$
z=#;3&ui+bin#+EwKIJ)Fw!4Q?!XBUeQ0)O7eGfZSO_(k@qw&H&>w!bt#=iAQxnW;-
z>-fbe^=#AasGypp96D`2RyE7l&~H;BAt?w0YDU%l=*Y5f`)
zH`L?ys(X{Ay31E;s%1`ay^-7TMqR=4X&U=7E3J-RwQvZSv0>xbcRRmyb$LEAQ^uq7
z=-c)4th#*Gsa}{iVbnQ?*o;z}Y0DzDw!KU^w`$OL<$~E)6uiuTZ?H>L{X1d*5F6QR
z1G3jI%$OJYZ=A|IHTf6Ei_1nW^03-tU#L-}(mX=(?||QxKdYbX_Rn(vGpa7Z?o-r)
zu|q?;?#_L`=hea3HtB``LL07yXJ1+UeE9>(XD@H&CoElHURk>*%YLNZw&&|o?>j#U
z*F1V$d8)#|Nv@t9&hP1QK;k*6b;_vl!P9DFq
zdLMOdyffx=;FC)cOEtT#@mGn@C{W$r|J1KLw!8Oz^?4qCL`!!_L1gjV2}3WvyJA&0UTdmU_hS;x$DXU-sJr9qdgJ59N-N39p$*dm>-V}&
zt}e@-q>&!yzQ01DVaHr^=jWG}g01g~RXb8IImEVqGp|EMl-9OE*_t)yuU)^gID60N
zioc3`iyCDYW|una7(7t!eRQYwn8j~0RsXy_Ub$i4mEn`B*9=dLQVsoCr2
zq@t;j2eQY1Qu-~W?p~7HxAWPBPe-1M)A}<(v}W=_t>r`aluaFE>Hc!OdH#`){q`=8
z`z$hfZGA|3V_wC&)YN#1p{H`>*DciXc^5G}DB3xou9L*BlY@eKvEwD`M@=+l4;g+z
z`sAIyPO054d#otgTiIyp<-4t+DP4WmS7%-MowJ&iQXYTTEzqsDxe*@l>EoP1PDY-e
z7uF73r#a-piRvR`ZGB=stIkYnIyOb_)X#giciy;eT6RNybaF;PXN$XI4wh=^o~)>q
zF7_RINvB(9D`%a5OK-jO8v5zC*5&juMeQ9wt69Gvtdo$bzw-U6b^|hccy!p*`EiY`
zS`X!^9pabQes*=zemDB>nVTkx~n>GYxe3}^(pX^rP(gu#FD0oo+Y_g{SRtw
z-&{S?cZu$x2+xhZinsObb}D0K_vK(Ka+LEYIjQrj;aTcOf;eWk&r&TqYjR`1%B
zzO$o=>1vbv_AgI6JRNVYJk{F6dH=Ev@BFK_eS7FKO}pyB%+Au`&r)tb?)ph_mQq-b
z?DgSpH5NOiMsKy=``BY@@GP~alF%z_>R)Wj8#n7gm-|aD>KsV;Q&&1HO(|ejN^rdY
z(hsxls%-K%o1O6K-!f%O--Hu8YbG0Y{&Cii5*bRDbtJ=Twn^h-@xR+_Z#j83nc
zhjkX5`xNM|bM(TYqJjg(zt$BrTTc9NMW?Z|l+Gqs6%#Gp`kd;K+oN>{iLzIA&-GWc
z9+axNsI$Aib&TJZgKHHltsdJyUmoX~FLUf!?6h*53-UegCTrxE&3b!GGwJzZ(Y^;!
z{XMh|W?DVXt~sIGZ=m)r+hI}PH5c`~pB;Gpg=E{yMN0;!yN^{FB_a9cN1*RJ&28GL
z`)9pssthrDI9rT)Xez8JM)*RxeGOg`6*`IS}B
zIHOW6qSx%A8%wH}{8~6aRrOH!oDtezUWYa2%vap2p_=h=?z_BGekE7`+IQTR5>{Q5
z-s6=~;PvCmDY{|ThWx#3-mm|RTkfl8kIWp|H|&?%wX2$2Jls_$MtvQ2Z^FvjSE?|k
zRUOEE_w-fA>O+@J8)H^K=@g`JMrK*ZMKcQ4$~r9GALm%L`Sk3%60I9&9qvSj+U@g|
zTiIP9$-VSId{~a^yf=FXglYRUPVZ!2f7few$)4Ad
z@3%dSj$i5@@FVc%L9P6Y!9PrsWa?(WI&HWk^Gbgo*NU6LJ3rT1ZmqtzNk8S@UoB-9
zofpTfuC9-bGa4Xec;-=Ex^;lAy|I7$SG^;3L(J7oo*nHGF>8I7L7yZOsxI67I-ard
z4wWDs)67-Qht*Y{P&(AdZ;xkjW8SGv*Itci_wVb$EuWPv
zzdD>fa&KSYXGizE5oPl2=bhR)uZLIUE8qA{FAk;soG5cn)-}7QP1=_gVUcEEAAVOe
z@adC2w)2hIF0maKZBlL8wQTjH}|-%Lw<-}Wu@b6es4qFb)F$Lf~tT!c-OE!BIhm40~c
zI6OCQp&i3kwrr=Qm3SWO+p@l1EA6!#HlDWRr`oEP`33V^j>C_YE%Se}TDFtZN<1rC
zxsFO&@pFt}%l0S0{=SyZ%chn1$FFZ$|6eQdY$xBc{>E0~cE1&#?GtBhqVO+&kXNIKcL1wp6cgEA1%zs%8D!
zR>oD6vn}fvx6)ogFdnvay*zGZe1q=O;`v%a|8MEM%v#ak(ywLxhHEYJm96AgV_O-Q
z*k0k5{JEgPctz2JdfdF1Ol|k20r|~;*=8wxhk}*b3t4`mD7rTec|S&iyodAEhd0L>
zQd$W+K|j
zW}B}-W{7{nemQkKuW(7!_aJ^Rykx-q*I}E9K!S;HqV{#BO`bhjhXv^kFTXH-!#K2~
zh_omHUeFNpj%de|_?t73_hK8sKum}ay^40^6p`oWb@MOslC<%S+Zm_C#&cy+YCG&F
zFdT_xxgOeoV2^fqUk&bnb{cii&#t5&120mreyc^Bv)FqEOxm7C{c2^j!{g~R9C;&W
zw8PtX=0%L>zMaSqLNlV5@In!bLk8P`3BvoW1B}CrugpZg3+XR|>y+`X6bBxkjZhKe
z*Rl<&Akb~Z@^(D(gKd%Lachpn^D<@|)C7C%Ph{L7u(y!9+MAX
z8tMm<{swAyy*>Y(FAkr^dNnqqolMe?g+Q_M&5}YM(qOR!=wZDBsDJY7^as4u#MiOa~JXpj2bPGJ-BBlM6rB>k^?$OlusLByNEh0p5M8-RZD
z>t(hb`V%(^?KqSE)jp^n$TpdSI1t|?&Wm7tNJD+-eqvFD7siuSet$@Bb&^r9S58prxp9P5Ni2V!eAPZ{cxRVUPNjY%?_o*Z;B}
z^
zCF=jcv=26;qo0pTQGYs4C!&H@@}D?GthbiVm(Od@w&6J0$QA@Zl&RjN&*+b@F4oKE
z-#5#VUrX07kAofL`7AH>qr4Qof_JGXZyZPY1|QFdzC!=^u@_4~c)sED82RMa$orE&
zBOwuDaflNk&-;I568a;|D=a7D`8v)<|9SsE`x@=s5g~t&>^pQr{S5X(2nau~p%Tbn
zrWa3)NZ&t`;z{%DJmL?~^(D*)7Sefrp!4E+tco~pokTg*Z+SjnYKrzX={|^GcNLVM
z_!eLs_<1RhL;X`UK6Cw55y;0b!SmvN1|7k;Sx_F%^%d#5$TCNLK7MLZ{PSpD@S*d)
zt%mVzpqK0Teaf9Mtk+a9UmLYSUdIIO&mue7e&|n68qYh^^`5yO`6ilAdHf$!o{&R%
zf~AA>!pe?JBFdAnSLKV;|o|6IQ`kN=~2oZE5Qg!YB`hPDgZ
z5#}4aO_5Kh`vq?2StFkBbs3CXC-UEx@)=?Na848TGw7ws5}HRGve2J6TCd>t<5iIt
z&ik1(KN`{eXh8M0>xlOIUB>u3(D(
zjTE#qpY9W9kpAq$sK0eRo)_=`@0TKPOXthS=PVjmXVJLIdG$GH-);VXjqyHMW3uZu)iwDZ6p?eqDx0tQlcecftC
zJEO5$(M5{GUy1{t*Qy_){f16xhhOhnl+V1YL!Mv1Z^}_WSOs}~vhTM5`6qNgm`wb>
zRODaMeP~zW9*TbQcCnp`{0E2s`ah>H@?nO^N0XgB;TVTIG~OB!KcDgqCCWGW
zxSbk+`j^Aef8Or0f6>0QA@cTQr;74ww=u{MC4L=r0M?Gey!Y{DwO>w0}z#{m~_U7mPE^pJr|3t%=XSfcAy+
z=Cc^o??nA=AnAXQ!uXu(f_9+$iRE`Yv{TGpOb6lq7s4O1dgJJNC=8<6MyaD_bD5zg21lrSI5608$8^g#WNuILY>
zyJC5L0PPp0|F__k3g!+6QS$Tr;ZNdGu8Qn)*7OXdx|3UjtyP_RF4(}g^e5@1J
z%k6Ii`{Mo}nBV0)!|*PaRU^>8swLXz_r=@KqMaz3mw7+$
zHI|NQ#8qlM=cN%uz+Nna288#~`z_N5FUI#`G#&9Gi`%41>L5=#K}
z!$`Uxfj<{Z60P&((>TW4(fv8N7^q=?hXGk9
z@#N!=c`n*7r1^r!ClCIR#o2WSo)_0|xQF_BG=K5-DhfwlWd`c=@g$h?Mqxgnv>D?W
zC&&ZK+GD+$r?Fw#_jNE?tc&`3#@H@A&fc_+Wb_>szoNS6LK)gwy9xd2L3}kV(6IA5
zREl;66CY}h`Ua|~4JJHXpq+k0K^{uFX^7t=*j(jBX+|E)MKv@6WvkcFR&%aY>
zogqF5?fa7b<`t-aO^_GmHzV(+hWb1XsTmlDfuE4)<3l$ZPeLk?mzKZ^R$8K+i~8sf
z_rDFTA9~UH;WYB+?q$>$&cE(=u)UNoqaA2gvE*!L>kP^wJNo`kJ`dVfqrN1qgYkO%
z3_$x0w4TPVyI)PHuONs1?x
zmNUmt{}9cy_N0IQ4C>3!d;w;~vT8f(_hnxk0>a}zv@PoUvMrL=aV!K7I#Gd
z^@%S}K|A+CQJ=?QJbYyR#Kz#i{6Ko1ICT!%2_ZX*t<1kZ?XW*Q&_sPmFU8_xi1we;
zdOokW53SebjYNIkKXr;w|JqvghqvP@YF|BSU!Kq0e}r*}dV%`gsor85H%jPvCBH6?
z(Yj>>ty{wBh($FY>wT1rcKE!I*vdREIUn_f^SH|>5&;%8Ujc{T6)ZyY?SA9_+hjUxu#3!D_{4h$8AKJ7s&q~6L1B=f$FSO%Ec4A@u
zkntX0Fh2ZzD`{QvJgqBsA^mF`QQuTBzs!dQWp-{Ep?w~I)hhHqF$a0xKQB{Wkw*QK
z*BeXMk#OGp_!I5RP+r92@TdU!Qi>9@w|FbyZnekUbufF>H_+inTLL!
zBmFh7FwN|wTc91D|IDL(9lR=6xN$fc{`8i`UX6&B6{w5g6y0Up&c(;7lqqiv1l$r
zenbP>*C&1vtz$G;BhSYTV{Npr@C6(I(ZE8ae+qeFp3uz;?SGh#c3jDRfi?Q?*$3ml
zocN*tkRMI^DEN6DqWB2&fp#l#e*a8)$Rx6(9)xxjrl5V^j;cQB&!Q0YhmUVvTFD1u
zYVf?aK0-U({~8*{-q8GFK=sN*qy0vDzQE6G#}D);L?7!7BmFoF}%iW>@5OXq}wLQx-ZB%Zp+)@w{L;LM%PMqCaYsUvd4b
z)6hfvz^OLR6PZ*y|`&D>I?IM
z3OCfhMeEXB|Iabh7v?95^c*>su8W@JXBu3OtX;g)F`h6jiY1HY<-he9A8oqs!WHnm
zjT<{|J6$l`Vkr@WW<
zH}z|1$EpMRpG5U~z=g@$J=h!l=k4_x1}GKCwrZVZ#hQFPj5v+@jnq%f$j&7gc-eES
zc)>haJr4bGp7G!QIbayt@uT$$-ruBXTovXIi~6AcRl1LcZY-8$6|}$B3hi?{ZR}A0
zx*eX^DAJGJiM+8O?`jM|eju$I@NsodFxu};>#;lzBNgd7WnYR2;zIV{%|iV#QRokk
zkJ)Fm|40XUKK@Jxp7pB+8RQKm(2#Fmv~zDP^4y=|`)DU!5qY@W#PZ_^@@wch6b$2H
zv7>cDW%dP&ATUgcA_xrrR+4-SA_F-7BD(QbdhwE46g8cwj
zLs5Sqt#@(#?W2(oqw9-3hKlGosyAuS8*%$63t%mbs`redp@Op>B1J+X2@NvG$3hlh3JfFAMzf`m{`aPa6pT~Q^N9Lz+{aLn^d}bk>
zAoH`IE}k#c}eqoXY9VBp^!i_eYMe8FD&DWB^Q1&K1v(y3?ZJ4uZ-6w9;S7%
zboWI&1r!H0>L)4G|1+rnJCc4FjoZ^+VZHpiu7=+;`yp!dHkmvo`rx5i+Xx#3O=0(dWuZW_&g2%JNJkA6~Ch0P3IeMSWG$Pn5wp
zE7Nm_!^A)FLH$g6?!)KnyK-pX+YIgVJX4nL>%W*I-;?ZkpTs;QSdfPVZbthPXa7rZ}se@FXXbRW@)>~y}2=j&I9^+H-J
zmf8K$j&PrC>JhZ#AehH($0C25#sNMrPfbQUVS@X_(=-n{?8FO^U%zPw(ayVd=npiL
zSiGq}AE&&Sy-DdU-$G_z(F&
zy028H>ux;V7cVoydT)_G6SC31^JnCFK9Jyxc5Ei1eIB3XFd(q@+G>n^2HCmr8~OCE
zXovT!yI+wP<{Q6gKFXo>H#JE#bS44k{h$kIhaNMCEa^T)xDV=?G1`A=hW_w*v-vvq
z6Jg#WGZN4D+ZeRpf&6zaMmuJ-zQOzRFjv%nN9%r#q^~~$^(`oWo<;n^c;r*rmpp?c
z6F-#lnPSRk?1|q2?Ze_}L-_`TS1gU!(EmKzZ^^#no=GYBIf4A-=j*Z`?VJ*fSJDCK
ze`z?LFYiBT&|z4;ednT|{C<3N4)TZMkq;Hu3g7Yj7WoDxw8Q(!@$JYDqjhE&-o@e#
z6A-g6%tLBu{>`E5j^`U|rlI~<8sGT!{_Q66x74s+KCji?#`xU)j(%>UdIJhje=V(>
znG&DX5944=<2+nGVtF@VSaVO82u6EIg_CdrY}$PGQWpT(!43mHyr5t%AxCvUw0O?EXOYnT*G8D_p#TXx(`N;G0Ix-LK>j<99r|&}j
z?UV=ddY8a7$MVKQ?4Kln@ODu@j`ycglz;MmuJ;q|+!M^#Z(OimwPAQ(N@8p9{rdT+
z-;|7g@_O~?c}+2WsWm^}!<45@9glXP8;C{P2JNTPeLdIrmPPwpyQ2L`r0?d4{8^eW
z_&C<-4W6%X|E=N^)bB^@?fib^Q#0}*v~JJqT}gSxI~w0|sa}yf+E;jw@nrwwgvlV7
zKv}!5qW0qFwFw+%{3%*T;^X8Qx{nT`@u4@G5nWx5{rv21jE_I@Lt4pa{?U5rVOr1R
zv!mk`kiVqKH!E}A_t;O-0#mMzr2!hB%(X|&(G3Ht+Y_lIQX9j!Zg
zke%W+6#u2D&*vReE98aqzJ4q7`&5V%i<@wM_cz6O3irL_l%t=Go3UOC^2h!b^0$s5
zZ$`Y*TeL5nm&;|)ez6J0xjX5P9*(@9C-VBlC!fdb+L-oDbs_%tbF{ye=6$}7kp}ZJ
z8y_s_JvivzVzH!n&Z4}fAMt+o(T-gwte0O$uc2L7e6(o4#Q(i-QbGHlcjNgEAUjv>
z(Ep3{-qv*Dcg{mQ0imeBfOvUG-BQ%IB>hA3=)cAx^q-Hz18*ar`4#*m|tDnZ|QF;@`l;$NZ0_{=?hxY9#7krF9kPu3|BTiIwS>
z3iO+39y#(H{SPGlnq6q;AkE`^y!sr5{DbLuUcBB*5O5ZskS6qBgX~PD`>(tjzuVIM&fEP@BF5no#fS6k9}Tkp@T36a
z&+lKXD6fmBejY&eo~G+vZ5HbDabVspJTDu1KWiuHw{Kc^v+HK;Dp^Q*eK}(l~RG*5!C!I%yT!?{^yG=1=wqJ;pe=zDE0w#Cwzf
z*5p4wuc)PHXGsp)q4YvD1|~ihheZAV#-SfQ7kf7k^_|K7Kj?={Ke8k8ydSo|f&RRq
z{NIW6@Abm?4UfL(2j6^_ozVrGVNdLNcy()+^Ul11s(_W=jf+!KfL8O
zjDaIp|3Ke}INy=j-8)=f&Io*(LP9
zcOmlpI;zM(eP6*kWbhf(Pv4IEynlwrVLzW*itP^FNi1g+QU6#2>Q5woEj`E7p}dH<
z;|~e+-_029@cRx=T0a>@;|Xuafsg>O^IB$%_W5-e3JDwI-2~THemwg5m*%yxENn2q|)
z^j<3WGesNgt^9@a{(QQh`Um%SY+lg1g>i%C6U#HQFU%hv!9>jTkH}%%-bkSS1p};C
zj^YO0SS%N*KMTKyM0o(lr-<&y*?JI@HI&B+^NP+5SZ~-bthYVY+X*@Vi<>Y{D5ZQX
z`W))trt=*@>r2A@Mfot$F*}EBQJ=5JR?>XBC(*9e1Ul~FEJQDch
zLiuC@#j_W$_XpY$?uYTE{#GoD_45AdLF;nDd0dX(2N%xQ0l(4ye0sj1MfGZaLtZ$K
z&!+n|t!-HEY0}T2aprS(yk7XY*KR-BDWvsto^ND6#&}MBgLcx%P5=ao#k064@_bzV
zWruu@J@UN0l8uoU&ihTYPe6&DFYx=LGc=!eS%7}>aZ&{aURJMgUhdcn%2_tJiKQ+Tr8v8d>CYrW6&Vmx;uhM!H=i56W
z|AzeM=k+2G_S)lv
z_44aIGZ6VOiUYSZg!;)uK|fgmH->Dy3Vb9b_5{*+vE30L*{+_84bAzCEM;ki~T0p-T3{N2C5$%By3E
zkMEECO&j!ww>!(@nEfwW$n)z|4NjcJKTEKmCju@6rZ3!=J}njP99@of__*-~`m;E%
z5X`f~A@N{#dWE1q&!6X7BOl)zdA>e&c`nu~T(?Z}LB59Wb8YB+Cx66xh0hC)!MMcg
zHGPTkNueF#Jb0it`YC+xEQOv^@1p&9{Jbt*!}AsHqfnsd2to85fyeU+
zwYzYB+**fr6pvthcpmbi3i+F~uaEa<8)#@2hgnlGK7A>kTj{#!NY@1)2M!&@^SYOb
z_5(=2mh=aaKEF;6zDNCFWwg)xPa&<#8PK|@5!q4IMSt?_QD2dGr3mEzE=Hb@t7Xw>
zKWhQ{17Q)%-Mz@0P@c^D`G;=A)BPj&$C~oq5CK1Z8|wF4h4%UPtgeB9f?baTtE9yB
z@%!8t`%zy*@SL$0ZX{WpuWO7=4mg~-%9*Fny(l6p?%)}k1R*~t0-=K+*5^$n4cCVs9#8SZbAUr`7WdHomdO`
zG!v^<=A#qxc)lm;evSJ-GZ*b2N<{m7d^_!m`o`1`9nrifiPkaH_G6se;OU9pPC`3h
zX&(-MFILC%`tlI%&mn&5BD60ZiGIT6ES7e(
zkGG%^9pQ27@Cfx)==nSE&khHW&l2>9DjJtcL(z^m*`Kx@^JEdd2MXzjSRPXTaFW(P
z{fN&CL;If7(a&V!}?R*@9@c}ilI8i%Z
zrgr4#)i@XJEDT0FeEw}*f$L7id(lp3>bKgokA2@e&+G`_pY?>Ww3H9{ZAASBnt%EE&UQmyxIZ}$
zCRS#@h`#5FkMqB2{QOSeW5(@_)JOeEy68WA6iZPx`Xiiw&p}6J_I+vnisg$;LMU%J
zNza3LKZ&Dt{ybXe=hw@(Ahcsg`=hx2sS2$3DXpvXILA}mY=@(t@K{7FkNTmV7;EHt
zo?PD<`_DcbY+v3keK#O~jILjvhbXK^K9TY|9*1*@*neJLK|5ts@AFsar!lP)x}ZBE
z-(BcWF}0Tl@mm+*{e_<3{^HUb)ITp6=i5O3$;L5dT4&HAJEz*ApHI!vA0E&CebA1`
z663)6l`wI$_OhaN2?)Db7C%A%4d0=@EAd~~p#FoU$oC>Xwv~B&9PQ_ED?oqNlfD!6
z!`eP*=N|Eew4Sz+o?F#WJU>!CRz&xYJTK}53j)l4*Ewh>i|q8F>rVI{V(khi=H52=WI#
zdcO88ALGNvv8#0dcxn{#{5q0>e!|W-hw><%kByT<{*Wo^?;wB9r(wM_DG%q@^)<@t
zcF=t4L;8ha{cvMy$8JVEt_-&C3_*fg!(M-kPAkA?>64
zPIkII!+M4J%*a;qqV(aY?@03(@6T-@p=JJ?(0b-{Ih)sgJ0TOcNzc5dzq5gc6-k;**$#&{*k@SBb
zg2~S{E76WUJx}*0z8j6VVL#BH!Ni~bjQU4((SNQlITCr{JU(F{p6?^N9|twD9O;65
zbzii@ulEDj(N4G`@;o0*aacT)MAsru%w6KJ=t@7~%IEYAizgw<0iZJTF>J*IisswBMiN&;XY|^Jkm^
z>Squ?ItKX%biZIr{3Js>UkiFKhTFG+0fE^O<`ol~kw4u5>*d#}Q6lof{GtCqMi0RAvLye9-a|WoJEA{)96Lhm
z!S}ZP&Otk=31}aNDX|=1gZYE#G1~7&v1q$k1!pG<@FehoACcTY#xF9*=gucZ_>X&@t;NeF8Fof
zR*HUl(sjY(`EV54c^QOupt;3Ty8-!WpONS7)tlqcWc^7&%bJLHW8>lm6>kZ%yI$9{)_m(8c;
zH8`J+CI5H(;rT8LLq9JOf8hw)SwQP5eB7=CH&{QH?~4BL>v7Ivv?KQ#?eOvEZ8++8
zrFCXL{ut|_{s&rD;r*oh4zf@A10Uz@EsziCh4u1wNq#_lC#;uW7Y39EI_Dw3pZe_w
z+HdJb`z^Wsn{jBTJ&p6+e#TbhJJUP`m#tV9p2Bz@+l2lY5br|c_6Qoc=M(<{_QSBa
z<)rDZ`On0U4@LWX=si#fyI5j3p`G4z
zAFV-r@k6vzd>`%nrubayjdsqD!MO4JwXf7JzVzIXw^uCPr|hBo6wcSK!u~JJtN+mc
zfpFSC!28v|2=p_H*4w$Au$5?M#0m6=kLNu`yuxxR>I?UmE($YvW&=dzpVr;!Z)!Jc(k
z?+3aM<$fA_Bj1&tBk*>Sy^i*Uc}OzMUo1YkH_)FD@}~$cOxFK}d4;Yc+V`4*=gaMn
zqxndfSDaEn`-w&9Kisy6rSUfM-WRc6?*B_8tT)l@|FHKa@R1eO{&>qG0YxJZAp&Yx
z4T#vCZ4yw(EIlN{EFlRPap`oDo=HO|-E=xL8AOeHeQ)oPn|mFR9(g|QT$}p
zzH&+NdAItv;UG^2m!z%9aO2y}vLGHJ2J2%w!^NA!tG4F4C0^>hd^O9EU;Ek`~`F)?F
zQ>*6J?{7TtL#Fe;YfMM47oYws_xqc(n9ii4bGn-MCoB5TQ~0eCdbBoM}bpvBZX$-w!{D`O$QKsMfomD0_a6YJVa*2BN*+54rpEJg)D(
zi|Jgd+D|`<@iX41-bdw+oon%1{;KTB*Ofide%(<@&aZwc%jZf(|D!iBKg}v`tm6Y`
ztM>P+_Ip+PRb^+6R^zHxc=k4?vsmC6wgbO;^*^?jQjnZ6W*Y3pMP@YIODgfeZB7Ycv4is=cklkq38WWZH(_y_Tehk
z?}LpjhZB03PrW{VjW+m#&KdR0XG*pI?zdU~y%XG?(w*{8M76(h7q{P~+8^A-^!KYe
z98y>L=YJKQ55I)zd|%<$T*mEh-p06|_gDRf`~CV+jCZm6hO)|D`R@sjD*v`ity9|m
zyk5l*{ph~5E=ked$AEOsj@Doz;Z7sLYDEg09^!2*=Rpp1Z@)-zzx9fKtJ3p3mE0(7BLDpGPUio9
zwO(ueY)SEWzohJ>)~jEw7$^7>#`nSJ_`SE|J;3eA`_pjrbQ@LONdD17G!1Vp=
z>04F%WA0-CA69a{mi!r^Cx7|_^P}y2%?G*PDV2}V<2r92GM!Jofaz%c
zd`P`V|Dx8Zi}iS^f6=dhy?)>|j4!J?K)tV-S>f@fRNi4g(FrBE{SThc^QGMRu_ym@RdM^z-^vsFY=wXL
zc*g(nCC0y_@K>doj(`2VPQ`Wo=V!ls2J^r38O;9&nOvymUZzv$i*p|SDdX3u{X3;i
z<)3pCOy`)KR}QBQGVcGr&+w0!&doL4Ufc5@O)>6Y$0KiN+`o>W*vzWaG@t_
zDqf-W`Sb|$)1vm*dcLmz9k-uU@&7g@&x3oo{eBg9I$PndJ(F?&y1Y}>^Bhw3Jj90l
z^Epy5p+B7`@w`WsoV(u5`TbROZ-Ca%`R6b{-&Xse0Y&Gpa-UKino#Y}RQUNyAGZC4
z>7TCf&pd|t{D+F`>hTW$koo!BZ@B$G)I2tPf$`gB7}x&Ex_V#!N4+nzivC?;rtiOZ
zv0KF%PEm0N?dP9;DYy66gZ<*kjEB^Er}_LM**7td_2)A`&sF`-?PL5_m6u;u{Qv7b
z*K76p>e&weoX2&8k`JXt_(`fKMf|5q>^`iat?sq?wL*3Tb)fZOj>>+jjB{R@?U-lx``0}Ai_I=BDRNlfRN
z3LhqeAoT6pKXJcbRd`yBYxY8J|4xM;^J}K_N)^x1@8f+m(L(-yf8dWqP~f+yelJmU
z?xzJp;72LH>uCxXWmf|KrOG4d@!oz8vEr3m*1@Lj<+%$|GK=77C0fdTUFju?^8armvR4kJx4FBnD@Vl
zjWhkx`Gwy+$nC3q@rqwP!1xg?~N0dzJfb{5$u1
zyK28X$@K5(V_dJxe^&nUx0U~_{fe{xz;tdup8KV8O8Mu;YnhJ!p4fJZ>x%LI{teu|
zL-l*@r@6g<{XPCkJgy5>+*|j1^!vGe=C#bH#=Fzp-hV#y|31#`_q~bRYyG+RYmEEX
z%`fd_{3N9(7b!kJcs1iMQuzgKCx3ht_v>FD-=_4|U+?sBr6>ON?t&hsf5txMQ}_Fm
zX*DhtH$GGGbG&+A{PjzBe2eGh;yakmg{u9(R*yzqEzvpK>+Ni`J{{XE8rL
zwM>V^DF3`m)nEPQSKNM3;pbe#?fv%wzQ(dnZ6`j(`|^jAna=r&&i{Oq`QNYj*Z8?A
zKYrT9-2Tx@-xg?qLa(Y;nNKnc^3TtH!1y12$@tS%`z_Dm@g9}(j(4}Ej^&ON^La;{
z>1g?%T+Q_c&-K+COn#C3^`B$?;4c{We}AWm-fO{s=eL;t4M#EmC#t%Lel;&mYFw?#
zPq@?PCw%5Z%;)gynT~!h_9^@0{|?msD$aB1Z7hdLC7&dXOU#S^J8LKQv)ul0J-65T
zKd0=&tg;V!9oebstNrWd$7`AX*PhCJYC3~d@FV)YU&Zu-*G-v!2Rp~jPf5^{>=Tp
zO|>6Z^E)!j^R=Yrx9^Wio<4uz*^P|**ZrGMXL&yN5lo-dO#b=)ml=QM`x%cZ{0`~&
zo)Vh$op0Kw_7~Hm%ukbQe}LixVqBAIy*o|eZ+It<_lau#)%twmE!_SdwJ+BA#1zTWSLT&dQ<7yXU-|AgxIOywuv(ZziBD*P|XkG)&%yRTCCg(q^qA5;FA
z_LrXaIhK$AyI1d3a`>u}gXaGQs^7<`{f_4Ufp745pR4So_Ge;ObH7VN%;!PH&)v#?
zzUSjSuIrRNdA!;mh1LE@%m2ZDWBL~=dDbgB?^E%Ub>$a5N8!(UG>_|J>Yh@q4?|QR
zD8DD}tFJiaam?rb2=nR@=P~`CtHK1`?@7BEpHTJKdcEGO>XyIqVdm#2
zil6s3Fh6e(Ge6q?Y*qH*US%Kjyqv1`(YL60xYnz?k7GJDYM-L<*6qyCUC-x!cdLG9
z-o@>oJIVcOK0}m`6Lxa-1Kj=U93Dcq1S^k;c
z!|gL_zqU)^ryR%amoMPVXrO
z{`c-+#_v}2A9}XpN1gl7^YRw854!QwOn*kTzwq-+=RZEc{AhhUkrqV3&z<)({(IGa
zkMbYx`3~a`srP+n7x(MG&+yaZJl^Bgc(p!Ur|jEBYM*|!qW^Sd|Ib+Gap~{hJ@^);
z^R<_9zuIqnv*PoWpXT=ZyEaQVD}8tgw||PFpWe#&kG3*SX%6}4xqo8Z?+-ls9G1iF
zKj-#6iq3u4aQiP^&A8_02V@ZB{JxxVVo(10Z)zaq`LQoDpSzXZ63XA3j&pl$pI@o=
zBfHdo@!#|R(`uftr7*YG`?%MBlIzLm
z)VY{b6`eP$eZhNv&+X4t_@!h(#CSiY@?YA{#P8+t`tP4PL)A0*>*`Owhuizt_l|$%
z_i@%|=ePZV`}MEmH#IWuUpHT_+be(XEXDu8ueiN`J-udu@okUe@#^>PD{p7HEj+}y
zp07|Wc3?O?5*y9Mv$S&-PS$B+(P^PbK&_^DnW1@px>1
zawMKg-arkn896lEd651&nCd*(O;oSh+ntL<28QCF`c#}cvrvHh`8
zVsKaxZQM1Q9*Kmv6Hi^Tw;kMD&(--qMa>Uz5Bbe^gk{%a@aC?z?2HfO(%HiWy3|d~
zUF%Yu1RWoM|XXUW|96s8jUI?
zqlr{M`kqnkv?@`v(n;emn)x--11^Wo_DDx}Q|w^W861y-$EN7EMzh&;wqs;}I;w}}
zs;C-Su?O@RQ{NqI?dTq=Df12=KVJ?b3Xsw3SrI=96;zM`>u-)t&UUqOlxEHcAxoLasm=nvdi3T+niYx8RD2*I7-u%2
zqbZYY~R)HODeOAaSC(w$#vBJ~4f*(}M{rZ{1tRZ5h|tDjJ-XvdRLs9B_b
zFfl+2=-#p6{zNuU2hsNErrpv-GB;&?qv?_M8RkC{89fxwbjA;-((%D)7iqe~FhApw
zuS15^u2o8+=Wr&Gx7^4v@(WXNjA8Mzb!SLxNBIT!3@bv0b8liiCwyMR&r;xO%=zze
zM2K0xTKPZAhm~yeer+0#=LV#wpLB$wY)52^q}!c4oJ!cK%kgi|WQsHk(<`Bg@DgKx
zo69%t#OY`vdoZwLo7qiYkBY_OqeLaAoKdm4Dc2?t9cO9x%&*dLgW8hPl-*695=O|e
zA4nfeWOruM!)ywKA#as>X;j;YW23f?40iFu6|h#eUioFB{X;OP%TY~-PQJFo4q1F;K7>(}FS9yNduZZe&M|zC5;U05Tu+!v-y;Cw=<32Xo
zW6U#G&BUFDE5~FVb_f(_R5UGL1!-SEuQBZldScxzF=rJ7LanZsN4r_&>sg&M8nyJ=
z^Y*~BU1|_sAGwXOj`V13UnVg!OpAqNJDDYyWl;PpIV!rtG=(tox6V40`#L9XaN8g)ge2||*h7zOAa2}BMoutd#^*#_S~rB3xq@2?t3iiLYS
z{jW2fBnjgZ*d^?IW3201XJq>6Exg{Vr=z0-@l2vy#DPWzd@qrWguCU`n_4ut@T*}9
z>Hezs-{xnv0G-`=u{~_7aKmH$6w?r^06XKPmnH5s8f9cgF3=@EL=tzcwTDko~7xEw9
zna+|Ql3=HKPhxa5P8L}|E=A&fris|(X9_=5vLKuKDXcoeo>%Ep){qz(R7QpNyf*ca
zy3i@CSU>%%2$=4WG0!ALapM$g&Z?#RvwtLZ6u*d(Y>VGw%B&k
zZK=13g?5zrtqtC}VNk_3d_dQ{=Ys~8Z6CBS@BG{b^>XvaoOhF-l}cPWmd>eIv~R*A
zmW`rIErNSRcl+!%Fl`szUkmRTpFiW^KBFz0&tx@KDJ+6<+k%t8a;q
z@+^CnMeq(wOdio*VxJ13`sL*qgw5U(dd8I;-IL(BPoQ|b;SJSqe~G)Y{FyO4Xy_)O
z6YO?ZzX3nkrQ)t<9#`1d02f$O1CK*&Y@jHVv#6Eg7MuEVmS?+XT<|fEbIdB|wy!V8
z(=FvO{aUJ(Ft5LWF00$MJI{__3VE#sA2d0x#s@0tyB6udO`zKR%_0Q6E+>=^c-{-F
zDPU2KD=wPN9SM0XOXDr$n)CGbMJ^
zea$`YYNs0Ang$SBZ}LW3X^V5j)<5%
z`7BLxZ`_@uXd{;*1!KP{Mv=l;#~`J*sCa~jVHgrc8+FA~a+o59-L0|R{SheHpxO)(
zlGKexCNFW?!7=b1vOVv#4~07ahZj)^d>Q
z`35P%>tBO$nTiOPocDrz=Z+EWwpp5>w3{v)|jDPLby>k`SCv=3eM$Q%7<$K=hrujq*5b
zAmYl~1{x&>)*8va#e+YM*}q75Y$Pel;xoCdN-N>+N+iP@2YFXR_4BDjF455~N+U(F
zZi6V+?WDg7{UcEXrIpcDa)Bx6_XEE?V7QZ>%ggm%wY=;e=$&
z&729OBP}Y+DqS6O>qsjdRUw}v){}`*eZNS1r`7vkq#s!QE7N$=edZ!p{;%8{Fqg
z?8xP;ypBql!(z-DX0zBM#(6FFP-SPhSZ}UGOPm799+f1FCSvhiOq4bhQ$V%E6n+D|
zmGFFg#Qd_fQ1LsL&xlZ!WA40-OE6?QQdE#H$V%wK`SQ&w*)X!rg{t66w9gbt+7lBN
zD8;Y73`>{Kk9XxEquJ>es0X69CnmQ8*|C9~7%3eClJ$OK;>)Mk9M4ek-k^I5Bhu`c
zU48hF42Vs!qtRBE8L~3FWO9OzQ620eBiPv!+mYEvCrOyMQgyzW5H5Th@p1F3a1|v;_$^B~4jmZUxQ
zbcLsv*Sn3H!*eDTrDJzuE(^XZjk2aq>0}w*h$1*y_#_Rs?Txk6UVMJr)GT>+OqDU!*umvMS;3K(Of
zRD#=MBRR*!m1&ZV#2hsmmkNCtZ86C&qcr7zcVd?oS?XCZ5cS#3CJrRrf8pJ3mSd^henvA+6R;D;&A)
z7eOR(NY}(cb1d4`FVmoc57*f`LSl1c)Si^Av*=YWCF_vP)rXy#xGr&+yy0OwJWk;@
zl`^J@C^xD@4yz{LN;e*ijLFL%M9SX{LR3DtTshh3sN50D+&OW$Bco>G{t`G1aHNJQ
zx|OT840gM!E(;4pT96&mO606uucDF}L2EEgNN@+owdhie056Ofz1Vk>NuuReTo%Bx
zs37-RB=$El2;=SrA3<}sPVBgXW0kRn!Gzj+({_jCt2QeY?Bz(C32$DLW~;&rBL!1v
zOJ-gd)!Ruw9~l#cyPlx=9T9%_SJ_TK1C5@5z;CllB7K!dbEUeMR~0qioU8DU;G$!tOORkL|t=S%A-OJ
zb+kY%%+`8FGXAoRrB{SCrhAbvm
zTw<1_@~9gUa&nFHT8x{(43wv$#n@2M=@ON-7_~xbYkRh21ujm&qspG}TY(7`POyIE
zMGjY(%%W*Du9gy|SiVc+oY52w!fewf#Tdl%zU0v;oja0gX3o{>^hpWkn+yS^OH`Il
zj!h*63Z@St^^^k?_ch7nUdJx7fg)?;rdPJ?PiGIsvx6OUh{5v8h=7AAd@z(Si0uK_
zFo+Qp@ZfEvF|E`f(@NsTiReL3N{LqB5|yBZuH}%IS;|$H9MNzrCa-FW@wJ+?&7-dJ?_5=0+F_k)xGqnLq|ZF6_>GDzhHtr*~)`WgP+;JpX_VG+7yPTWLFX*zfQ
z%9tTx&GigXRhGD&Y}7MNqzmj~J0^dS#;1~bBIZ*D&y?{b|2-=HXWSc?K}t;{U0$S;
zf%$xREr?^6hKHSkx00Ws1Y7y4<_5KC+hWTk3iD9I<4$Q(GUpoj+sSXj+m
zIaJMSEBVrJ1e0{B{2Us^#=0B}cx0lk^^N4;iHM*lbxYeJs!VsS@sZ($UcRleZe6(U
zVmauRJ3x}8-bw|MYJp7_<$m2w){zQyN5Uj>C2o-;-%G>v44t-VWQk0F##UcmeE{gB
zrLG{5kPG<;t)Q#ey)2)wMG@!#jjQ1HC<5t}FF6~GeJ8eExy-!lG;dDTg4$wizHD6o
z*m-?}o%$^Cuzw5f`?JXdL%G7Q)RAFk3o(;Q?Eim)7s~HY1SU%XKN%tt2FIuTBKSrI
zXTv#u6~rhK!3*LkxXNUya125;8VS3BDO!D-DH`Ks(T|Lth;6REf09hlk?EBDIdM+m
z5JkxP(_^BR->edrrRj+KNlvC*A9SwR`s>_|d1M6NOjdyk(CF-h*{KmP4*kS;vjkd^
zghwshSZ81r_8e%zBl=cnjlGsi_bI;7U>6wuvZ0cPdQyKrXiH)I+*l@+=-8zqrJl+F
z>c^k&m*;imfn7=nH}c&wDqkQH_8q&2!_o3+Nx!B+auHL}=Z;=F-s!ToBO_|3qRP$b
zqT?ql^bH9?y6AieS)H8}0^f*Og<+!#6dfflcW)@yET?7xPc4a5jM^SK_Z!4=@dHW<
zp4@~t;H_f?PRyfF*4OfAsnJpMmH(uzd0FoCjmN*@Hp=`5C%&ywQ6`xca37lSg8+O>~W)ktC0C6=06;YD8(TAJ7Q)eUNh(_doos^-dLkX676l4bI
zriffZI+fm{m^_6l##JEIvJs`Lcf4+$Psyy$x$0J8HrE&z^E%O%Y&FfE^p)vieVQ3v
z3|q2Ua8v&x$1PIa&Kls;Uhf;_=qxEsUb2_me<$wbeXP(fofvR8-1PpGRJwq%dpZIt
zq(Q^59{}~TB`cj^GiY=0+d2P{DXouC{)F>PE#7@NbN{hUC
zy{1*-n8+*L6B7qCY+3yVSvZ@Y)en}_hrO_WedS>qgYJ%QYn72cihl_+K3c*mW_->u
z3Z*V&Mk@JhnWfnVQrzXNUB=!W=>}Q83R2v_3TC8R+9GCt)Uu8l8#@v)W#9};nVE=j
zHIt^%)E=#`y^%Ds1x=`lwsWg;g^niELRo?#EzC(kTWTa4z?@p>lx$Ir&uhKe45Mo7
z(8;)Z?CL)uY-0|c9BoK(VDRB4{`_TCrf9u0zwuVv7t5
zxgifndvixdCCDy7>Xw3HoVpd!yMF=$19Y`9h45{0TuPME{(u4}tU8nJ$x!0Gg?{>Z#eNLFmpWh&B?W`*4d`A>%Aa3CEnw3TUrtqk;DFyBa_IM4Q{
zQhd@HX_*bN)3a|BNmM=q6--Rp7d&F>EIcw@b6+G)b;N9~+$Cqm^o26{vQ>FAVu<3E
zJJhXj;`*W8{b9OTBc?|b?8Gc>i7C{>@m>3j2by2c;@?S$FA)Xm&ZTmu`#5Q>r#qwM
zw+U=DKF$qE(eAA(7E$RW0KE_*uH;x(w-kh9AHhQRR4?TV-HXYL#Ck*?fR9g>AH=7Z
zR}@D}t&p`wLy1%-k(KEH70U2r7Islfb811p+om@*CoQEiu9H0#LjrIT{-oOQoo6i#|t4k`Y}E=u=yDR3m*L
zIe;fM$eaz*7wg4pCvysdn~#SjAh*r6D#E
z@;=E<`Hi;n)7{dT(KkBd1N6lNj{4I36qpTF{a^0$v^sUu{Tms&go8ekO=05!IzmIs
zKfl8PsBsvR&*bP>cG+Y^W`p#CiU8eX4LSf*=vb$2;|tPw!<7Z>x?np&0q}}j|o24>4KON?3
zp^7^O;LVLenZw0Oius*;0~|^?G(!6WwyCwsq=ZS{lxK|-Z-}uOgd!Y4eUTu&uq7sW
zOffxNNDIHwn53Ztm9+YaBn>UH?hT#vs;c0-_pQ+HDBSX2tf}qrg_&@9=Pk@M3LLR8
zS}?0lL|xu>rbT3HlOz6YEd@5j(&yy4^Cy}nIZ7@c%{G+^sc$<(8svH@j)}_SwK_{)
z%F_jA+d3RKUqe@x%Vj>m`|s0rC+}lFIvL?j6U~aazJ#(c`cP$=>6a#1#3xj>l+BYh
z{_NiG<(OAvT#_Pey2d5{#bg;9pDWwQ8mW}J?3y3;q~`KWt@)Y4*4F$?$p&{*9`~st
zkJDgw&7FHJZvnete%fdnyhgzIU^#Z6L;^)kfsqcVNU7GqOvg71n`97-eTySTqOjLv
z6NHypiAb67LJ!7MPN^Hwt;DG)_b5{F5I-H|*vt?=ghDIUPoXgERtTy3`!+;>3X#I%
z6q;}M>A?i;$Hme90zuYN(h%Yl4J1X5d>TSjazh;!UCSZ$+@KHQ2d6A%la&8RMT_f2
z`I0!qx0epi>2fyrs~_eqM}@|W7q8H9I#IUNBJQo{2*xIN?XjY=V~U+{?3Us?vH0L1
zU0pGn-XG|oO_W9<4nfF(qI=t8pa8R~NgGUcN)M8(V!1(?E$Wt5x7La#&=UvUJxt+F
z0{x*=_PRU~RxgYp=mH6|+~`0$Lc=W^@1!AsmAB@qZ5BK9fes5c07
zf17w2oG5cd9H%TrD!V8kVvjI4dLqo?mN-u@VfqZ9be}zvHcg0(yokb83TBIS*CPQ_
zG+RV)ov19`Jd-$(&eFDtqP*6C?UuauLUCl-8}&$+_iQNcOS#kLEG0|R!?F0l0KH-^
zd#d!@zDM%zK3zR@VjBFJIMUDpI|(n5yv+j*(de7%y`t^{+_^6DF=Z^eWX?UtN8DS(
zq3rx9nmC2-54IKP#XB}fK&3ySgH84)teagebNi!;yZqfY$Wpt;h2vD^NyW}`(WsoA
zWi2VvmtqM^`DzIY(!ICV?
zQ)O3SdFgoLl1lflu&a%A`rKfVn0r-fA({PO5V=p(uoO>%Ul#C!3?%8?iPEJ}Qk
zGdlFF*FUl_#XgX`Y-|_bQI#J~vh_r3s5dAYh|Nrfqe#UR%DBOGRu22qN}0`%=STcp
zLuP)WObgGlvymz`@`AjVYthV1xJGSn(RbQRp~TnP{BVhHw(;Q&yxgVJb6#WPBNcp;
z3)3(7G8-Q)_C6aQD&v(lKJUmwztyNy6yK(MVh@ZY24lmCVetvvKpQOI`AR3W5r`VC
zE1s~Gh!yB#$nxLmdJ7R(AREg2ZdsuvcXmf=%TFr|MLM)KmYHfD>^N8~+5u*9Go%mX
zeHk@c3Mvs}gsWb+h=>F2(|si|o7At*<8M(Ozkdf^@_tiR58F4@Wo_r(%~I*x`2f$r
zc3YpJ^6p>Di$VZ7C!g!t4wqkT=91JwW4l87eA*IrKfWjOU4;Uj`JUCip*8d=u6n}Y
z{Cd~d0?7l32Rs}lTdNXjNm=nEZKT}
zh%y}-n_E#H8Fw8geO1{cFI(n_yUbL$59_nug;rVb>HBL`r@OGHFZmge%vd%NJDAMo#^T~@7N(|KcE$&Clopnp
zU%gkPcn8ME~5}8~wJ)#06Jy#AbY9YJ2C72=xTPe
zr?siASJ^#ecA&1aYt$%Cr@7=?uG>q0?@H`>E1oHDl4tLBi=%f@@r@*^!ywHqxBMp>qAuuIS7?7Wk#H^0maF5bu|x;W
zY@A;HZSm0rgcA*iuXPch`Xm)gy=6O%QD|#aUKgcbB~~9p4<7Y0{9fQrO!b9tl0Yo4
zZ*ica;K<|^D8{qz?yw5bRWDgS!*pgNOS;I;K22&sxndIDY&s&nC(d%hFgbowe
zSD-_iP-U6A)7f4tUk&0$+l}gy%IvY_^}Q+de$p`2RX~zkUxP+@FqT;`{T^vdj^ZN4
z+(Jv)1HGaV&srv5P9CM!Pc|h-1{32Z2Cj8Xfv+>Y@>nMT
zX<8dKj>Lx(+nUHliYRktZ5j!S#AG77m!6={lzLX|d}HEi?FuB)A}zJ7pU~!7n`$XB
zV*`(+HB%_A@dZp`p`JH~aJ-w8SEyFLPSXYKfVB`rs1|6R@=n|FS`H40vOK*xsmGs+!xsmWoZfA4X3
z-FC`S1#qYICeEd0=|bBZIdjljdAV#hT)gqnP~77P)OU@ISS!Wn+|sIBSuBF{&{qluj2N9;#sszWL}6LWS4
z#He*qrkS(rs>~gyu#+@5I5yNCQTfBN2XC2#N~{z
zar6+~041drLi|;i*|#P};{DPVN`S@{&ggsqwkE#E8^)c
z7QU}OmAoz??p6?i^a!D{IMpfHNfNORk>R1ITJ*0JprKMI(U1Ho8f`i#_IJ^P&h_?m
z4*GKB?pkpKU~_n*v)4A>=qCejjj`^iboESfr=>&7Rh|XEmJA`qV4a)0*^c^DE|sHJ
z;xVxqAI@0a$i(%kos0@O;Tjd+^AV*{@gYL-K{p~UMoDoWx(0V37a7gT(k^Nu0!H#%
z(xT8>R(rX%OX7l)4yw?W1w2}#M7z8KC#Nr?j`N1wxirI5JZ2JN#aUOjVbeO+#%w?9&iAHu>~=sG(PwO$Mz#4qP4ej;9>m%xp?pJ6;wKleRr+{66!`ToL==)p
z<|t}Jp($@WdABuaAQ4JBYbn1^hUI{u@%&aIhKAZttp@WUwXecHo$x4vaxqa`N-rMR
zvGOs;Zgu|F*V~)A{d=QxCRZ!{&5}(rT+*#l7jnw)CTvJuFHtY#|VZo6lT+(jo186;TVL7{%o+w=^
zA-pQXxGXq(VY0pWGT8>!#FAMYv9Qt_AKk8U8hMl1O2>B9Zz7tML(}&GAv06U+Z0Y58GGTu`Fa
zSKcEOW4HX$!o8RtqTP&O!1Pn3K0dlTo;^TU!y0*yG&sMT$3WfgNRQF}$iQoSbZ089
zV=pKvy3%r#0eQR=bFXdRXGTTD
zI*JwXW}yv~z0P|%^vefpc+)^C5qBz7H#*Ni4EkuMD=m^YB=X`d$#I4@tP)L>Os0!J
z)zud?X==A@U2&-Pn(lq6cQ3=|J-c{woG&PKnV&9nTMY#n@GkM9Txg%F1coc-+C?Jx
z-B4F#8=U%PzK@=yDm*Tl0)K=jLRv{>km@il$C9WLPDGoOdq(!klwB6|SgHlzA!@cy
z1#|FSsF;p5?x)0`Rx$k<(~a35PrjJ9sKl;+*BTM8PdarlK~*M{^{0!Ebqx-@V&+C_
z(~0sB*FHzDH9AR=`s672>&d|mnc)YIKkRJyoFW>JN>X~><*udI-@(teg*>&5z0kSWcPy-_fc6sJoP
zDa>84j{P(vJPk@8HCr2=0HLjXOOnTlA}`Q0;es2~f6wpYN1D3&*wqw+O{=RP2r0Wt
zO2=v`#-#kC3KDfm$qTNX2&0S3OQ|=+w?nk~pcF;0^UEq??Mk5{)EwR_IpBI)X!L#O
z6{PEuQggLWtq+w|vj}is5gDU6DnhW*9B!fYGm$-*(3i_^(9?nMH+AQ@V5}l;0A=MW
z@B+1F^yf5bo_YUP&}}N>DvR%W$~zE-(}Vl{29Z3vZRxaOpAiYmU3lU^mWti-b|GX(
zZ98K631c9*u=#VoqL8FnC4oCr@d0@mq(58W&lKAqLPH-34^c3N^W9?OZRyAR2>Dg&
z5xugP_+(>_A}^w(*&Bb6Vv_<8HEnLmGi_RJKQ$c^71O$V>5#EkDaC^9f)0C@ICpOi
zqQ}Mn``Si4wcgr}s{vrGw{HNRpD>QXKsm7|IHsN*BEAP`F3pC@0r>g>Ax|8KtAA!s^KyFaFFO
z)$QerO(qYixNRpVQQclljmzv-$LC!&D|HGe0L62_4w{?<0;rq4$vEdZ#(23fjH|SFrA`D7j
zC!mX)_lbBH#iC_VD4jmzShOe?<>>rAdjIH!cb>VngeN$VylEA0)>1p|C6L+%tABK-
zg^ntB_0t(ksl~|sTlC=8(1FhSZt5tXGim?8qb#3-e24YQ
zylKQzW-Z
zomgKXSyZQN`KD=#xD+RwPOF-c|37piu92Ztou|#Qm1re=MRUc?uDTRNn`$pD6_XOj
zHligMWO*&P?;GfH3G`bqXZ0!Xjq#R*ksLP51awQ))Op%XdO5fgA+B=MK2CX_%A{?c
zAh1Ye)1>XXjvEa&vr#iw0&q9?}W
zh_?o3vpUf=GWu$=P3p&AU!t5sx2(po9B8Oq*GTRo_R;;3W_MGRmtc*}CXGUVo|3B8
zL}DQ}lpM*4Pa0lN_g3r@A8nz14r!aIScQHo_y*AL@Cm0)VqTZ3Z1PNV)s;>+*af0q
z!40O}TC{hq5=x{-g&gbwdCLNMb2Mg_pm5M-o-%AY&vp7ToSqAxH@gD-bYlVL;ga=4^q@ZQ~Q1tIEu
zO@5#jn@FX_H>&h*u_DCjV>sfB?NBy-
z$n8KFNm@)~Vw~UYI320(msUra$x3wYy9|sLoW_)bBNn>k4
zfGrwP^~}lfdXrS4laatZWGt(t`W~0mmz$kMx-f3+&2f
zc|c62>?nx3S!kldS)15Y&hmif(>jqwo})d#Pwmu4-|}3pB82i4uh;|H<@LL)MV_Ot
zW|pFSHYzl!Lj9Uh{TxTr@=(b!LDwo^N(pHtMJw`FOx+|j9Wd3BH
zi*<)*z36n6K^GFBn+rkCRYfH3)#c~`DOhL6Y`LQ=0Vk>Q1P+3
zM%!^eD;u??ZA2`aJTR1_YnRc-^@N@`EoMwN7{pSE{r{ZK$)TZ@HJi@RW@(U)qZyQk
zHrQ-cHc9%Rt->RBt~Mf-CgZ|+Nzf_!ScP;y^<~Jy2$ZeyGQUoH$0*sf?%1fjekqn7
zp^ZG}^z@}DL0<*Qx?Y7gOKy?a))a+1K7
z*2UXo+9+<4DBPuN^ZI}~ERh#TCB~BjX*w2>8KNuYQY08%EfV|)iC88?R-~U?zZUt4
zV5x@`E>4KchDpyWNSohj(*G`1^Wuazimhg1$t8U&U@LJAuE1)!X?hchNWsSFbMgno
zq4UjtV}-Gm$-7v5Y`kcCN!h+l8@=#I#35dFSaFly%}674g9p_umcpV=n?EUnKT17Q
z)L2?lCogE>)A3(7abCJb0U8}vHY{wLy&Bi+jVn9&m@$oI(xXL{_Q=eaV$Shd9Nm>u
zD9Z)t?Xk?@rg}4UN2WV@2DUb}bLq{MZeRp2o3~*4(!7xLwC8Q>^YXUjXY|mut#tRP
z@D1e`SqtQS>s7)RF8^@*B`>8wH3F?_PBnt@aeKFg$YPNLkR`v!mK`ocjXVU0N!qD7
z`c>KekTls|lW1qxm9Kd9$$@c_*_PMOF`(eo`!>Nr(ll=HG-w9Y7Ss&Fjo6jQ%%mYQ
zTXdfsq(d=$QYv+tJ-7&n#t}*ai^Jh9GGHavIbZf*BQ*H{eWoJ^|XSb1W6%zLB^eOxrT4G>U?GZQ+vm(viW`
zmA>()g1zFC!c>z*x4|aqw9*ZULAlF}@xHziebHM%eMKoeN*gQs7-TDl)hT?cHbE7f
zH;mFY(dPk$5fGnIZ5GL5V~lnKn&|F(E2P<`2(KDK(fBUq<7u&Ti{c8HcT=*@W53M}
ztOnZDTv%WcAUD;Y6t}=8iq1ht>zi(TDjEqx#*{y1%vn>hfEUg~swAXPQ@c1VSsWCo
zwTVrnmIs7TMU*0tP%Siziq-aq+V~khu`T73PA*Vm22RN_t{U7NN)^G?)2l9mNQ0ohkQ4&7^rS`E;iC}YC@{t
zF)JTuq{ZvZt|loVQSRY0;bj`0ErY5+Ntzs55$M`NPNNigvCO4Ku6R%n*uZks8^{I=
z*^6a_ZdS;0JQ>LOHuofmGV{|iTSpm(O%7By(Eyax|B2a9@xstIElc3QypWYIUg>j0
z8@6B?bR-u~jwG_Y6Lar+O^*m$z`J%~Ez6!txlmxJqVjqo;~*-58=OU1jim1e44MX(
zL^eCAgo#)oS(OIf#K10Ts9P0G9@Qp=A%oC%qLvI?tw6;*Diz+#W
z)1#Yx&e`{|@FQQfB2x{rXy%BG*7@Lhfzbv}kPFKsvf3gTX;2=yPozP|C`?6mQPwzb
zG#?+8d45Tm(r%D=;
zJcA%o%VTs?Ht9=xj56((jEH5dZYq_phq1^r)?vw~k*7!L7z%vSaY*_H{g=-~(zeho
z72VhiLznBwOU^e>gujzK0MMK2iKz{!qqNbLdvj|PDDg$=RSY^|L^+K)1oTw~3pQo190e+P&
z&NuCl^0ZQzV9!Sp^_?!f?aI5rLg+c45>^*z)H@@mG)I3t6{oBAWBVy9BXi>xrn;d-Th&C{SS>n*}Jlm)sz9z4?6r-cBW*!$?@K`MhjIf_h52S
z{kQw^v<}cVUw-U7Qcvqoqn>SE__>H;;HK_wm
z2v(T)7L{D2+pjyX5W=Cig!~bG
zQ=&88MP5Kt=veH+irIeSbDlhFCwaf_$yAkPm0KyfYLijW0akM`mxe&QGcJX(TM$cX
zt%M=ip7af((K?8TxD(PHgpHmY1}}K!4+CvoBiT9`h%L+3S=e%I710#Sj}GyYIn(7w
z+M3x&&{HxMT`bj8?D>r*dy3I7W>AYfZ?~DY2VJuWvJGGs>0)BOUspOB_;nmx&w5JA
zPx{y>8pq-qPx28;RTELPrF|vZh*RQPZi&^7rBo|y2~nXU{s7Nrr~j_A=i_ZpN!%(FFG?u
z3Z!Ww&*pmFa>Xe1G5795QXtDNz|<{u=s4jbBc~P^JsNXXP_arywf?$0Og<7Hh3f7|
zKTEjX#KbcZ_IvPBbfl-9GEhLf!Ey@lOnpSf>qNV7)_r=f)WLO{q997^s=wITi}glO
z*|Zo_y^b;M6;};9C7e3lXx0xQR_ExH2u@Lmw(u>^oMv;!CcIU8wOe#v*QSX{rJVu9fys5k*HL#&{hS*+^uF(bcJ))YIY>vu!$_)~ql$2dn
z;M8P(Uu=ms8j!EI1mtN56s9~B&kl;*dVuVSG%^M1zUatv@oL4O76%u{7QHxD)_kHr
zL(vyeSIq^J(u}&*XWAHBV!bkOUQeI6H3!a13c3r@{w2VkixGUf-FZ?l#d~8;X_J%}
zDkmPwi&jI>d2?rmtWXJ2X8D3e_4Su}Idta{bA7(GimXlfab>T=NYe9WbOS|DMH*M`
zu!$U*H@(S-#bc4p3CU79imygZ#!#ivBb8LY@mYPLq!l?sAuKNYceF3uCOtCnBaFU(
zfC+-F0meDuY!h@^35D?aW7;LAS`JyvmKYsP?^j6~e|asnb;<_aLVn{Wz;R-Mdy~j4
zJ3^2OZ!|evBBjFN64?3JXsFG(_YElHqdp~Unk-#=w@pq+OK+PjPl>RQSk4R^C)~V~
zf^T@^WaA+J-H{vx+&Wo$iPCO~OuKry$cv<9pT1Pk;h2lD>dn5BqX$s8IgPI!h33A@ypwpN^9b3jX1@nwZ<;-fZcd@
zrJc0Wu+7>vVtM31szU~tt=H9X=>!E^XoasdWMvY!_NKDeEDV-UO
zG{rhZZJD?XUDl597H6B>;%tv`Mpk?W!&>k|3foTuRDlSt=2zSDich5L?5lSR#uM?q
zodIPw&b7(5w=Zj=P)gzm~olPh|)}9CNV-(t0mbhvZjvlC|s73NOA~7lbCi3x4;v
zhra8;?yFeU@(g(ZpEWv|kg-A{7mjUDtNO7(V&L<_9x2nvE5oJpAv_}JUCb?xgyVpf
zvYZ#A;a||X^2x5`7J8*D>6S;y$I>I>wbY-Z@#}(xj$GCy`y|K`mvtK{q43O%^!qrt
zWZsvX_Z5%pnX@H9PP<;2tfBV#yIxa2mGY{nl!ymP25f^n
zVH2CeAJ=}Lo)t9w&iY!Y?6!cF_l4j#%kRm*)=H$-Y5g=UT=aue$tqkiiqX=gXh{*L
zZSGGFCbMMOlj#xoa&0UZKR~+!I)hCm@rgqzDp{o};|+L4a-pFWP()MYcb4hBfXnSm
z=ZH$e2Sx@d!n#3bwD%=mN_eF#z8blf8|{#S*|JX>xUbI&`BUEaoEDbC2`lm@IT6gZ
zx|HUg15eIJZY(c~texFQN~z3VS;ezr>#CnDp(C-E)y<2KIwI=6$xRm@<)K+ERxG
zQu3yC!g5%ZL{Hk;niz@qi<`gpcl3^CX&z{qNsh+)lR5c8CFOXECiLmrgVCmg@zhv?
z%o|w}&T-I;@PB=m_?NuU>+8gb8S6?zbyy|DTy4UUTN?HN`
zq(XR&`F^wMA-iMDg*ht9Y`I_4D-3i5AThp^q?YnMXn80}UL#>#_ir>3)sa%jf
zIlU3(*gV1F5FJdQJd%2$oMfTxghHWfF=);Aqyo!fg(6$!*wgw7*wd1hE5~q)V;f|?
zg#qt!Z>VEKE#e5$Qj52S=Ab^-F*2AKkLAQYgB`niN7;t+O?KjMq6$UEVvR3GkR792
z!A7g9tpMI?Gic`6WVr4r1%)hbx(o>UcaUNeT=*0O$)(IFq6lkIO{#O;M5MUI=K+Lc
z=M=hN;HJFHrC<9?(g#QJHboyOPDsa~id{-6KY!UEl`BRUjSna2J7K+I0-Ub^DyKoc
zj$O|2Oi}UWo;I~EuseDNQX-G(wjD?f=Jsb|tYuQieM=s7&npcrsY3nulUeb4s?ne$
zuolH5*C9$V8B#r(Q{_z=-w2}#cU6A#1BK#DgitzK5gmn-FSQ@oNx&k&s4D~J#+|Vao6yB}NV`vz+J(s~cdocg_Sg>5
zz2$|vq}P@La@t`Q$xx?b*{x6$@`;-1;_Sina4bGBpkvnJ18HJ!7^O`lKV$vcQB*iA
zVyeXDGV)G|9+hcrjgAi_GGfOmMa=pX-km;>9EfJK>Fka$7w6^wpgz~5G_Y%IB$pgc
z7@n#3{KQZ7bgLK(^d$OsaL+^diP*^st*mXZvL!o%f5RmF^NcY9tolYx#*RXG@Yg7iZWTM-#dIViEL`
z5Q<&A6=w%&u=0#Eomx#$j}B?cU&Byh+y`nQ@1&5yv$Ddzsn0_7T%G?D&Obb$PKc=a
zhaXrmXi=qc9TG>A1w*6z#pRNTK`|8tvt$HsKK?xC=B*r8yd|J
z&D{QCP5a#jt%{o~$I`^5mnU&M6djk$^k=UV50vk0WOh@@-hg~Iof?gH?!@U35ghu7
zs0uwurcxaPqzvR%sK1G2N?u`r=F=I3m?*6+&8$PNq9{OrHAc>-#?Wpkj6xi;b{yO36G*HJVOPIAjU)JjO(W~+
zMn17cefHKpySIyPMC6kF$&~Zy&Ac9(4vAMnYb32t-7!9P><$q7jf7?UtL4_$-`b6?
z2Th?s;R%%Ei2Wn+MfHhvq&PbaQ9(8L!gUstg;54W<3Q07GfRVKQl7y2
z?%d&2VvtqQt0bPE>Ko*Aks=5;a9e_kJrm}+GtezK*M{~D_1M|g{bXrnU;9S72D;56i8YvC$!y$MS3Lgd!NYi?F6|&1U0=UGk{xDJE2vy!O0XW_iN=Fb283aB*MN@h;>0W_{1&
zw=$f_7lWLrf$OLP$5$q+Q`S`nwA2g_(DTl@r*aA4`9OMO%6;6uFxIVb5GynHE9vw*m>zyQZ}8nnLa%IaSWe5`?g8flV|c
zBGz86+JHA=pvk74e8aSPfiXN%?#gH&VX!%DAxv!x`AycR0lUq93XMMxAv1BS|G#7>Vw_m>_ocnsUib}GL(UGxXk>TY3
z(k>UBI*)-8YrWo^SvdpqL9T}Ty#7FRk#UJMvwdDFGA=9Y+O~n`+}WLW!U&Kot0qajGncN5-ne`=PPIatUcx1Kx6h5
zZ&&bIX=)N_qG~b}4M*n+JkfHHz8W-0@%7S2n;hSu&&#`8ViTgr($)2Z{ActednBGPx{&Z_^Fjy33i!7FrCGW0E#v
zk@P~dVSdE-jcFvjfNX@LNJQLr%Ql$FQG!t%s_y7=if%lnJGzhFs7P}*Ax~as6Y66s
zlpRqu9=do+m~Ou;jWQSa+g8Nhi;5MNh->c5F{~g)!EFCnW!1MHk6gFzt4LdTeXT~Y
zjbouYI!`@6jLvrkE{Hg-)l^v6vRQUUo-TLn%mz(^xX@jH2S=A{o8KM78zJ2u>G#kV
zcJw6}BF=yXSY=WRSd}H->y3$ms@}wBW`sYdOp`DI8>8v5bfAJ1)%7Q6E9uwJc7>KA
z^)(o$nyt)<5bKa{T7{7Ft5M6QE6p5{qS82FzoG2QOllXk^&4YWy%KA|9CeIDcbU7e
z_aMd`q)5=MKrFXM;oz3lrF+Ade|BiRhLM>UGI{DlB?R*-K+R*27n|q}Hg&Xd-B4Tp
zO3?Dxr4miQ!iieBJk2sor*Pq6BNQGQ`U%qxn0MBmD28!zlww~YsvLy@^2pRs=15Jv
z7Y&s$D0ypi&(9l$>($hED6uoll}#2-tY-SPxdL&
zv^-OU)GSf7P%7C!nj0K=>QgToO<&Y3{yOaZ+kpZ4u7vnoMBoDse(h*_WFV6fe-DQ)
z-`%lod#wJV`iq)Emv7%5YXGd#`8A^cwYQfVG+tES9NOO7yLDSfEOJr9MXm4`enK~k
z;9o=waw`1v-W90wzZ^z0OqOEvJ{C2ebcY%x6M};1#aBd-59;ezc
zQYHW9?d@oK_L$J|iXKxI)C9d_=s(9w+M?A_#PKnq6X>6h0;(bUB}9K0J&FH3;^F^1
zEP;n5@UR3PmcYXjcvu1tOW5SCGh{e1jvb(Jl^;2M}(^B-)rfAW2YsL4+(Go
zJ&&Nj@$V17@15rzepHBd1dnxoKRWaa^?Mt&KRKB^F%+r_ol3t8ns0i;TOJvrUCNp2
z?@XU|GS2hIhCZ*Jr{;FcZj^jfYs`iKP`v~=ST<8+@_iudUI@)|38){d7zh1UK
zI@GQHo;&~MDzVGzr@xCo6Hho!{*yrYr|;j6mj9ge;aeUp_B5f;ln<{}?WcWs+oNb$
z^k>F`&qlrd>c7va_JX^YahH#H1NyH5{xcT5
z9q=8*pU_?Lr_X{{13%cl&VsjD@C@*ebS5qMj0In`;GMw##jLV&Ttk3A;TQ?Y{~HJV
z9741lCN20p^o#9REcluQp8)zJE<2$qz;^?mGk~84@cXMxTT=>Htxrvg3?
z_-_DTvEWtEFScKV_P>MowEfAf&tgc3FG2f9LHiK2M|>IDe-7T$HNbxjcoon=d>z`~
z3FDoD_K1gIycuX;1Ni#^4+DN1jH?~+&q4c6z~i7NeSm)j+7AK#1{iM!@CLxg0ly9K
zNx&b1ewRU?5ubzhYoNCi&>rz+Xg?2fSONT9V8>Pg-wXH};O_uAgrMJFLHjDepAUF7
z;Ex5o2JjyM{W`!KL2hBdzXx(?0sO^)w*h_}(CGyHeSl9}@Hq=U4)`G$*A(E3Kz|nS
z&p`VHz{dbz0{l!E*DBz5fZWyrS1yaxu4;I{`k;Lc;O_wXwSYek^s^4|i(p(~z#j*A
z3*gU%e%k>58PM+pd>8Q33;5TeeIMX;(C-l7{{`(cfZq-8#W>)XLHh~7zYgsu0e=Ln
z7t?@W4s>P!?*Tq%0slPEp9B1TAcuLtzX9|Y0RL~$pGCl*4egfzZv+090Uv<&D}W~e
zUj_Vf7}px$uYmUJfd31$pHu#=P>~*JUsKELm-zqp!?HTrz&{53F9O~K_!8jX27DRt{lL%)
z;4v82D&QZ7_G^G&1@zYe9|b&grmMGAK&J}uKSBFyz)u3a2JrJi-)aHJ{Z}2}T`(_U
zz+VOQTLAwh$iEHnGeJJ>fPWvx)d~1(fqpOGF9Ux10AGZDhXDTrw9f$kRp@sd@DD-z
z3BW%C_$1(WLBCUgKLOfL1Aa5Kp8*_(8=3|DxxnWf;9FoG=K-$<`U`-+66C)K_|d@U
z65xjcUk3a$z|RWcUxa>F0Z%}`Yk+?P+OGo+a42+^tN&YoP8HxFhEO%&-O#=U@V9}W
zYXSc(w66pFRFFd$@Q0v%3*cV{`fY%J00!0$_zfV>PQZEOyqNR?{wAQ`2lyjF5JQ0f
z9_VKPzYX{w2mCWYe**9WfKLLx4)_${SHO6u0e>0rGXwZM@G}ee@gV;>z*PuL3TPhi
zCqw%Mz`qFe7Xe=fK9>ML9mcf`_$1&ffIk!HuLAyNXuk&d>p>3dfY(F&(Alp3-vWGA
z0j^_+LJ-w}9}Vqm06!M^tOfiKo=0sKqQz76nK!FbyNKOX3G0)7*;
z?*)7a=C=>(`sXukmXeK4*?z|V(yUjlpy=qv;NOu$zFKNalHD&W^b
z`!&Gd19DpjJPCY;&T;ksMBuXu@CBe#4fst!rv`8e+&h120skn-zYg#W@E->JL(p#v
z;O}>+Q#={)e}VSxfPWvx)d~2|0Ph9-0+4eb-~%w;A;5nQ{AU0k2KwWGw*Wo?_<2Bo
z67c^4d2AoRZoIf>yf80SS
zw+8qdfPNj|j{rOj_;X;qEr357=(hoW63}S}{FTtY6Y!^je0l+If^qc$-T?H60AB?>
z1NdQ(^ElwUpx+6=FNXG$fJZ?7Q-J>~$Y&aGN<=z;W&p2;am@n$7^ih8Gza)Mp#41H
z7XiKi`02p^BH+IR`78ncR=}45KOg9?0RCxczY6#nAcr-;4+6dp_}xG!be^mKe}Q?a
z0{m$p|7yU00&=SX{OLfa7Vv)oI(2|Q3FHR{@`$fRBJ2
zdIA3)(CGtw5bzoq%5q^63Tqdw}-=ej?yQfZq#v2Jmel=W)RQ2ii{nek$-e3HTSF{S@F&
zgz-)T9*6cbfIkV^&jNlH@Hq$gDKPKzfG0uz3xLl7{YAi+f&LQUw*Z}Gz&{E23gG7f
zz6$sWFy1x5{}1H34)`-*T%kHw|NkA@R{?$x(60u(2HMvEelp0R7Vs}a`#QkC3wRjt
z`+-gi;A6ml8{jVjydCi40Ph6+F)%N^fWI5s_W}N1;ByG@zW|*K;Ew|S#{s_s=u80q
z6lgyQ_*i5BMcOX94hkb9xPh76CsS
z+AjhAUFdfi@H0T)Rseq-;H!W?0s377{4Qv}4)_&-ht7BP|C7K^72p@cyi@~z9pE*9
zp9bTt1^fp3Ujh6y;C~hHG_+p>{71mgI^d6kenS_y`hObC
zZx!Iz16~dIZ=l~Az@spawSaE}ybkb30H0yNdjW3&{B)2*8{mHeKHC9*F|_Xl{CSZ>Ir&9rQZ`_yfTI
zEZ|4Myvzaq59oIu@b?0p1;D=m?H2)mA&hGY@NWYD%YZ)v_*ntG8TwrX{3saj8sJAm
zzw3bC1AK;_>gxZMFfUbr_W)iE_#xoG2Jl7bw-)es0H1Y$e**9@;5&hS3*hI19NGYX
zGK{Mo@GnC9PQcHCetQ9bE#Q5CpAGXe1o){i-VESx20G(_-v;uW0K69Xp9K6bfKLIw
z1ml_p{GGth4B%LYHVgQTz~>y`TY%0y;A=213xNL&#=1v2mI&2
z=LFzag1$`xz7zPL0=x{j1bjQl
zVF~b`0-wu(Pe8vbfIk)JtOEW7z}En$Bkazfb-*73atJ-m)qgyHQ3ZG#%x^W|{{{4G
z0DqIyE5-i-|32_p2l)R29tJ!P^jiS`IpA%8e+K$(2mH0be<$F-fcCwBe;L~M0X_nJ
z4gvlwz%zh<9Q0uv@E3#rOaT65z$XEJ3h+4vcrWld4frEKJ~M#VLHk+2_X0i#cnJ8J
z2fP;aX94gZ0H2G1p9peT0z3}%mjRCgKP!Om06DJ$9tQerfcHWBb--&tKB0?T{l6ag
zuLAtdz-Kk!bC7?eE_ys_J3h-ZnoTmZ*Z@^~&{{iqb
z3-}+P{T$%;!o17_{$Xgp0C)uWUj+P@(C-r9#{r#Xz`qCMT><z)hpfe8mPk^5Zz^4G81pE(xPXYcA
z$YC1rb3qO>fbRtUX952f@IMFmnpB2DY
zq5Uf0?*#g5fL{gpI^eZ{hr+J@{~hF61$YYjtp@xpz-JBMw*sA7z`qT69pXSI4EVc2
ze_8-PANXklJOT644)`;Hekb7Tz)vsWD}eU_J_T|c0{mORPX_QMz{df<2k;5N`vIQ>
z{HcIX0saOU?=;|_fc7(hKM(ky1^iQh&jG#_)jIIY2beu
z@RtMsD}bK~bXEbs2>M+E`~je|4)`>TD-?0{|LH)d3h>85`)a^%2KqIC{|?4g3-}PU
zuLJy#KtBxluc3Vl;2#3K4e!fPVw{nF9O-Xg>}3Ht2T-@GGI;S->X%p94G$;b0RKDiQw{hR
z0j~jkH|js&4KQDIfIk)RFyIZqPYd8Tz_{7~kAocA0lyyFcLM%yXx|I?aln5c;I9HY
zLxBGn=wtxj4fr_VjWDhWz>kCZodmoI+D`%gKfup4;P*hkGk|{^+Rp;M4D&b#_!|MA
z2mHH0X94inL;FR*zX|vf;EOQcWx#KQ@vZ>g4EQSGS(vXizz+fab->R8enJhd{@)FF
z72xNBepUm%1^B4}{6e5p3;2_PpE|&w2J#F8J`D6*0KW_HHo$wJ-*&*i2lP7uPec1&
zz)yhoeSlvM?S}ww27Su_-U57%16~DmCIJ5|(3u200r(W)*MmH#0e=DDGk~`OKeK@E
z2mP4?{562j1AZOQSpfVfXuk;fO~C&W;6DL;8Sq)4zXJHhfUg4nahR_)z*9hf9q`A4
zK8G4z{l5(OuLAsbpkEF6hk>6Oz<&q*)&l-~!0Q12B=j2w{BMA_0DeF4(*}4W;O&5)
z4gGckemb=81^n-T_W^zhjCTm|ZO}dg_(ws{#{s_w#x()>>7cihfVaYYO#!|Q=uZRw
z9vJTo;Lia5X93>|{LBIVOlUt3_yDwD0Q@l^heg1zhH)(cJ_GHS0e?C4y8`%~fUg4n
zzksg+J_Yhw2fPO48ESI%{~>5!1^B0cel_4bpnVPC&j$I|0)8pbsRR5!p?w(eagbXJ
z;C}|WwE_NLK&Kt>9WdTbz@Gs0djbCh(C-8MYQTp8e=+Do2Jki*?>OKuf%X%CzZu$3
z0{&F!cM9;Y0sqs0Zv{Ftfd2^aS-_tKa+?GE<1oMTfPW6~1;Eb+eii}W2K1KzzXAAJ
z2K>K){tDn906DAzejLp28sJ%IzYh2TkbkJz)&E}uKUILY!?>ye9|t~b0RMNuYXQFo
z&jLOT_#EKdfzCYOGr;Ep;NJv%
z5%5`%&l2F@f%eOQ{}kG<0RCveR{{SX@V^H5FzCZN;J=6Vp)IcdF92Qzcq_aw)quYi
z_^AQB9r~>W{E2|q0e%d~Aq@CC0dE032K=-E{zGWr4)}XvT%Cab0{HI*{C1$<2l#t|
z{~^G?4(&65w*vifz`qLoOaT5mpfd^hUC{3o;J*NT8t~@;of*J)f_!EHkAj}h0p0`c
z=K=pM&|d)jrGPI2{wBbe0KWtHUk3aKAh#93-wAxK0{(QMvj+IfLC))de-_$@T3r1<
z7w{^;cS66_fPV|dRRj1a@Lvn~%R!!XfKLLSVZa{`?OOo93Fx;0z7y8LcEH<#|4zVf
z1UkKde+v5T1N_Ut=Mdm81Uv(H8_*vI{4mIQ0`PADJ_-2kfKLHF1^rF~{yrG*4B#ID
zI6>44)E^)9tQj%@Y4eLr67kkz^?#0
z?SOBG_ML!_0^SSw4bX2N;5Wi}hXB7D@C@KD2YejxH-J1R0RJ2GI|=yJ(0&T=7_^@T
zJPQ5J0RDU!?=0Y_0sT3^_XGWTz`q3a7XZH!=6wwupFb~1FatN(uh{iy={T`;a{z~2t^YXH9y_^btd0_fKPeg@DF1AZ3p
z*#h`OFy1!6&jEhg0q+L96Y$-@PcPurK)(<0H1IhDcoOs>1Nbc@T;Ny0^rXBeii}W1Nwq5yI-yHk{r?KksRH~E(5VLegD~D2z(XLPTEHiP
zP95NH06Jm7TVcLh0RJ=4Zv(s<#?=n^lYmYq;E#au_5%I_;Ij|#FwhwS{5Q}(1Ne7=
z{y5+fz$XCz0gP)B@CQLYQ-JS7)y-X*{M?w2_zz;(E&@){9uLFBq1^7pR|7yVh
z2J~wHZw5NGfWH{zQwR8aU|zz2zYgfP0RABG(+2oSfVTtwMd-H^@Y4bB1^f%pZy(^l
z2R?@Ye>~910DdXx$vEII1U@GK|0}eg1pFn?ehTm>K>KOHZv}p40I!4gvw%Ma#ybai
z70ly2;2prv0^olId=c;`gT5^Rz7OQN4ETxA?+W0Z(0�N5Xj50Dm>KUkChUfQO#x
z>i-Xc&nmzt0Ivr8T`=An!1qA=TEJfda;^jXH9#i}_}c()0el7cZv%V*=(huY4B(xB
z9|k(TfZq#x(g*k)jB5z+0cf8A{HuVE1AZTjYXb1!!aPm_UIXo?0KX9QWE$`p;ByA>
zPXL`+!1n;3bATTUbmjs79LQ|}@GAjd1pE~s|0TfR1>;=?{C&XZ3gF*?_N#!u5%4v@
zUjXA;2mH-2uF$2f{=Wd|Q~|yP@M^&0K&J-qM?$}~fS&+#>HvQu$Sn-`F)+U^fPW17
zZ3Daw=(hvj1@t=sKLz;g1-u*D_W`~H?S}y01$YMVOM(A!z&{20Fah{i0G|Z>GSG)9
zz&{Q6G~oXL`OEq81e+EBFy2nU`=Q@nz@G(t_5uD97}pTs^MGdnzZ&pyz+*sv
z0`PakxF!L=4BAftek<@l4R{9H&j3CI^k)Ho6Uc22@YA6EJm9Yec`g8cEa=-J;J*ca
zmH=-6d>QZ=;AaK!e}{fo0UrlBuL1s2puZ0Ig)pvAo2&nih4xi|zYyqG1HJ=mJ`H?M0NxAjClQB!rvU#m=)*MNr+|EB0KWppH4FGvKxYo{{m_0M@JZl*
z0q|*PzXi_S7P8HyH
z0G(>U&w+8(0KNcns0I8mw66pFvCuvY_%*<13*ct}KW%_N0Cd^`Z-;Sp0{$GJ-wSvc
z==1^pcHn;q@M{3i0DcqD9|!!ofKLEk1AI;b{%fE=1^6M5!!+P^@IKA}{x_gA3;6SZ
zpEae+|rg72rPvI@N%`7WkIepFNXH*fcHVaoq&H8@Ls@o1N}b0t3Yl;fWIB^4B&SFopHc#gMKFfzX<%6Nx(l3
z^D+haGlBjz;Cq0d8Ngo;^D+zg4ro6I_#WVM9`JtPX94h&fd56nx5B(E0X`4(mjQng
z&{+XI0{pN3f9%~0TpZQiKYlifcOD>wG^l8*5+Mm8+NK7Tnp)AIQWp^o@rD<||MUIK%y(zMi_!W#
zeO|x+>t$chV|dS;Idg7v=FH{H`j+qED~I*I}-#TU<3zU6=S
z#WU5n{1sohP4g|k!57bT-|`21;b;1mZ{;hW{e8=K_oed?-}3docxL&Q|I(MvkZ<{?
zzU8xh%g^>LKiRkZFkii#?puDpFJE(f%hP=6yx6xq;>*`%zU7Db!q@ngAK+VF?_2Kv
zl;-BhUew8ntX};y#`od55EpPXwXQprYxxVH5`;ph35-{mWZ`M%}X`O>+-x4gy|zc0vFe|}X0UzNaDCGb@Vd{qKpmB3de@Kp(X
zRRUj?z*i;kRSA4m0{_pKz`NpEKYpYO0>Qi`b5ej!!PMKH}s#~$ua;AME?^P_`
zFfrpb{FA$rz*Q&oxSE#4arE2*Bn+-!n>Tl8o>YeFa^|$D3brzkW
z-h~dR<%a<_42_O^`JYY?sI%!_^=@>RdUv`_{cXBMJ%eske}}GB??G3nXVRtWJ?SF#
zUUY$aZ#q}K51p;fp)=I`(gF2;^ysHv{`aQ`)bb%Vw14#hbeCE_M27aSmJfKL{j2ln
zMzwsX3hiJ0UAjVj2wkd{4-=vO)rZjq>ci<=wS35B!%((bKGd>dC`0{yI-ov+9{t42
z|15eyT|oD$kEFZQN6~HSqv;lPkZx4}fUZ^lkgiaN=u-7DbdmZ;bb(qXHf|WoRm;RJ
z5NsFT~D{wVZ%943(PzVg
z^<{LaT3*CQ{?)&s3)H`*bJf42v(?pfhWc_kpuU10{m{#Q4LzW)rF+#^(p~C0x=lTo
zZc&HnM)g&6t@>)ZLS0Xnsv~rf`Wm`G-9YE6ucfoqQ948Ydpe-LjvoEM%l|xjK;209
zs;{TJ)Hl#=>Ko}6brapFzKO0?-%MAi=hLO?KhQ<$Khg#2Tj*T%t#r1!na)t(MhDcl
z)1&Wu`CmW}s9We>^`Gc2^`GfB^&NDJdLiAYzLTz1-$hrb7ty8ayXhkJJ#>NkUOHEO
zADyjkr8Cs`(*gAZ^yqtD{uk2&>NdJp{UF_?eu!>UKTNl%+v!I2BXq6$QMy9Cgf3P8
zg)UM*Mi;0br*qX$(Anw^Izzpb4yd1`N8k1G-$@UsyXao^GP+B>oNiOEpj*`4bfbDD
zU90Y)E7Ys#QuR}Gk@{)6K>b%bSN%6STfLgjQ2(6{sGp%nH+cD9Ll3BX>0b4-beH-$
zx=sB&-JaT|SN#&5t?s8Y)GyNk^(*w~sF(kB
z^niMR?p41^cd1{a+tjbqE$TtKQT=baR{aKDp^nj|>LI#F{U%+Y9;S2EZ_(N65jsQt
zHXTsELyxZa^1q%QP><5R>J4<4`dzwB{T|(-exGhse?Zr&Kcp+vV|1zdBf3caFR|Gw?zUna^U
z|7v+b0^@)64s@4#N4iZdA1*-t)tPjoS|*ku|LU*P73yhpsahuTV*IE6CS9Q3na)+q
z2Q!d=wY->$@xOW(I-r&xRzm(qy!=n62h`bguX;DSOT9bYrj{2qkbkxO;0CUL)Zd|N
z)iRL-*FS2Rh>ZGI?@1S__o55bd(*kf3DkZOxLQvOIN55p-a{Bp)}OLT3+Nt`&S=M=c>O)XRGt+
z47E%=NBdVFL5~i5`JY7(sO1Gkw12gH&=&buA4RvRkEUDHLAp`>1G-lIL%KpO6M<0w
z>SO34wM?i){?#&Z1=s)TLR*VeFEL3K9O!y
z|AcN)7t@XEpVGDJljsWd$#kjuXLOPJ=X8NuCL|&M>Qm`#bqSrJmJeQ{{?)&rM~A%p
zpH2^`OX*&W?tiGyqFdBubfa1(4x#^3pF>xu=g_6I>rldO%%4_o{zMcd6xrcF4cFl5SDUL^2%zYI$)R`Bz^`
zSEw(eOVz)oi`2iN3)H`*bJf42v(?pfhWc_kpuU10eZ$Lt4LzW)rF+#^(p~C0x=lTo
zZc&HnM)g&6t@>)ZLS0Xnsv~rf`Wm`G-9YE6ucfoqQ948Ydpe-LjvoEDm;ZV6fVz?H
zRbNkcsc)d$)Hl*C>L$8TeG^@)zL~C2&!45qHdh~TK|BLAXbsOEQevs}`KSZ~wAEsN>?R2C15xQ3WC|#jmLYJ!l
zLKmqYqYKoJ)4A#==xlWdouOVz2h>l}qpx}S@1zIRU39N{8QrB`PPeI7&@Jk2x>3E7
zu2uKY73x)Vsro6pNc}Wjp#CeJtNt6EtzJ!MsQ*p})X&hPuX_1kLl3BX>0b4-beH-$
zx=sB&-JaT|SN#&5t?s8Y)GyNk^(*w~fS3Pu
z^niMR?p41^cd1{a+tjbqE$TtKQT=baR{aKDp^nj|>LI#F{U%+Y9;S2EZ_(N65jsQt
zHXTsELyxZW^1q%QP><5R>J4<4`dzwB{T|(-exGhse?Zr&Kcp+vV|1zdBf3caF2!uUtM
zC0(JGiDVf6tGA|$)bgPijQ`c!(z$B+U;xH{YWaa(jQ`d0p>vFX)iUuBtaZH@Zu`JKd(1i8#3aRm+Dck$?4f=vwt2
zbcK2*U8SO34
z^^fQR^|5rW`ZzjUEfYSGfA#TnK>cHS^hGcKv*`hK5#6gkf$mbDNVlnfLbs@k=|=TW
z>00$kbcOn4x>Wr$x=1ZQl!5lIK84OzpGs$|<-@DUzgm813H_h?7xd^qz5Jg}52#D&
zUiBGtm-fRI7pTvtbJZ8n+3IpSLwz9~
zP+vrkuJ!US6XnqU)fIHFT0Z27_OF(S=eYh?%ZDM*{?%15OI=5|sprxy>M-4?
zzKX6@Urkr2>*-Q;gf3EFLl>wU=v?)+bhbK5XQ+Qq2h`WmqyO;oKaU*+4_
z4Ro9OM!H4aL^rB$qHEPR(-rFZbgB9ebdmaxbb00$&bcK2mU8=sDE>hn^7pU*0bJh3J+3Hq0
zLw!FTP(MJAKJVp!F+HGeqkGj4(p~C@=r;Akbc?#3Zd5-)*Qy_-E7VKqQuSZxBK2c*
zf%K?j6
zy^1bXKSdX*pQa1cf2DKPf1|V2tLY5&-|2w*8G7_tFaK-k0d+6ktA3X5Qa?wxsh_7?
z)O~cL`X6+y`USc|y_POj|C26KzepFT|3&AjU!t?s{d9)R0J5^=ovS`gOWRJxDjI|4rAb-=HhhF}hSeL>H;wqzlx;bgud>I$J$LXQ(X-7pXs{3)G*`x#~~p
zZ1p&uq25Rb)D!gRGhY5vHk0wifLcBTkLQ1C`G5q*KkCisHnsd<6~;g6RJu{U1zoF_
zA2!DLN4*tYs@|F|Qg1^SsJEqa)!Wh8>NGk-y*(XJ%MZBY`v31<{-@Fd>I}M9Egup`
z{?$9uZR(xq7Pb6P5w3sL@NII$NDZ
zXQ+3f1L|Gr(bZo5r_%%KY`Ryy8{MVeoo-Xhhwo7T>KSyS`a5*3T0T&N`d81SOVxYQ
zMe4oi0`=Z>u3A25iu)hx96Ce2FC9?tN00u^%m4oLfLeZ#0PSCW0NtfNkZw~SM7OB(
z=tlLybglZkbcI@eumbh3K9nv}A4V6b52th0@&PF1Uo9U(!u6k8ejo_ff9fOX(Z726
zpG6O-3+P_;k#v{(D7sC3G~J>O(v52Qp*6IB^$+O^wfvwY@~@T;%A@_O<%3wb{!t%G
z=c?rcRmi`(kj_vaPY2XLrbnOl@;{p%P#4j?>J#WLwR~^|*MDmHVK}sZwR}Jm$G`fg
zbglX%xWU8I%|DkA@C`7jgi|EN!;v(+VZhFX5;2=%X)54@rOd&
    f9O=Y|r&X
zLmUS7uEv#)CD(w@u|3!BRsMVn{O=+h6?`f)B8k}#*`7)JRhpK-%vA*(T(9sG!9{~x
zXp!^=AscN^*M2H#n&7@Wx#@bdux@7Wv^^ImDc$42yr0-qXWg#5WATANo`wCW9ol8N
z4!n)7X5nM-1=Efz0JsP4$6QPqztbpb6l(`2b+F_{eh$WE&Em9E1Wd}D!Gc^V+hP76
zhYEZl4SP-d0rah98GzZEKpG^oR8Wt=KD7az6WIckJ2b6)C?s#1cI-|th6B922tnzI
z=2)FD?N2493_#deltfLfGiA%n_f0!9+z`9LdgmXQYLLOqPfYt^JPYz7Xutn26}ul$
zV&lWc!XgYl
zKhCycPBykQj@qualm|isLuS!>-l3USl7VtV$`6XdoMj?
z^rz;5jGrxg@Ci84xFW-42{xb_*S#M98&1?30&D5ws(Mr;+voYDhf|&hf-r_iT;r)w
zlL6I;_IZ|l>}1t^5FWaXM7B{wdh7)#9UQe6K-f(ru4%csV*{$;@z_UvPVqkp!a1!;
zk;pb`cwrm8;Uv;k5KPRf6xPI~pvUfu!8a#cG6wr%U^EwqzBP0nKt@
zNpB;Gr0-&(0*k~_F@r!V)&O7cavT_MauuJXRO|+H*oBpf7Neg*lI6=tP6f8hQ|b$g
zg4pWl1^o3KjKn?yTHEJ_p;^o$5`VX#ckq^YOL!~_n^`A(
zS64g2_y4BZA)00&r3^$XZlK6qIl+;7!{Px?0wA?d70Efo!PaY$3j`_
zdVejPjII|O;$(Gg6^T=L*FzO>D&F-Gh>Fr($CSq@FSCA4OKi)$17a<^HjIS_a+Q1}
z1CWqnl{{D364-5a#x9vy%@Q;5!>-7Y2-s>_4p3@044D6dUuI*OM9$Jo!^XnqI>S@L
zu*4hW@+1Ck;xJD1Mhn1B^e1LXrY<%-%MfdJkA=Dr4JDvrNBTw&grfGf>%k~J%Q=as8){d@Wj&W59bhFAO`yoC7Pf7
z-&dAJ_QyLBbWDj=?2ak1GtW?RxUaZ;*9poGL+%(3V=nyDQ(^_10iB2QB^Q!Q33sQ&
z`u~bX1rAbL&>Mk+Dq-TvDYWh+CR(`=GeKI$pTDmyUg
z2Ip%8J$Vg^^b}?CPuQ&$&M}CNg7hm7O~^y{Ee8s;zDYxUmOE-M-hcQ)8Uw#D#Y9MB
zb@5o<_<(1%2g0QcX>j7eRx#cYEO$B95Jvwbjf-!YVs&9b6^~!OjWaQL4B+~Qi^#Jfc#&}wivhe)8iRucRJR=DwfDO2wNn2AA?-fd58kMis+8muMjhfVw5xv
zdF4f`<{gJt6COMYM_LVK{7$|p7){q%bh9b+djRbx_!hzZ8j-h{EWytdxhK&QUoYCP
z*^emVWjOw#1=?Hd0i(&sPD3D2@+N622UNt29opR&nKNkrBPsyGi(H$bjXj
z7*;i~M5V>4)TnwY*Z0$lW1h+l{C)VG>mR?D?(_T;kjb9Pjr=qDobP{>&yD@N_}s*Q
zlFtSH@A%x*@3}$zX8t6clUHOTJSjT@J^RALC|I9Tc4pBw5rOYNz&?2|S6GkUHP=un
zyDIE_9oN*?OnIfk(Id#RrcDKJry`Q4^+HRW@_OJ&t!7^#H3tf*Iap!R9#_qw3h%gT
z$WbJVMhH#v;J^W>8Kd3|OCB1?tcGa^%$y{DVxz+pcG`CqaPUv`n!-+(;GU)MROu4)
z0~$V0m98-(D1KGCIrrV2a}RZ{+QvVYaGW3F^Bw+I_}tZhlFxVgFY&pzKkP5!_3@W=
z&INq#>mTTx=kU3of1`6g#OMD0FPyW1vQgJAZ}}_pMV93+gNx*I=nu-UHGyaPArjA0
zB-W%n{|aKS`$ZzT;TF6sgIxIvoPWv*YBt@RpzY5%C%7$5PKbtjB%y_7`yZ0IO%@a>em3ZhI>aG#!f^<_rn_P0yG59<6TJZ
zBi!wW-BnqLBXGbMi$Qp#D9P=IMIhPbW*2k&VHD0avea-X^1_Xe18D=$F7o?xkIIt+
z@MM2e{wki=@X`%T8UtOjeOn|i%J~CwH%Qt26cB~}Xx|Hz9`IvKp
zkz{W_M2GC3V6gp@>nE~*@2{CjLV9&n1)8kas#xIU5XHi^f09Pm{&@lO&&T2LJ}Emz;dbqx*S^FGAh`bQBJu*kuKjb{
zH}KN~wLD`;lJc97_XHZ=_kK9_j)uR0H0uklHjc(d;5}jTc@bQfla>+`PHh}LI3Br4
z_;bK^5MGXOZ5*W@kF*HT#?imfFChnc9)DkjL|o%2mHUu!^ot!ZkrOF67|DY}1wb1|
z?|d6h<>6k##U#-~#?iqafzT3Q=i3ObakK~83u6Sp$wdhv<0z8oUyY*+@=*C8%Et4M
ze$mzNZ^qGAFa~1M889ypo0Cf$M@=-LtnCIcIRv;$Zr3>aI;LD%J_%SV;Y!{$jwV!b
zLQ@Y|qmaC794*<%k?#qtUr63Hj;_1pWXV0iW@&kC9Hm;vFkR!Qca&75Ensd9X=CFj
zjH4Hlv66x!`4+HuwKkJ+7)QGwa+2&jU_WVjZ5*vl1xp)8n;;jY^*3nRIGWl@D!Gb7
zfl+uv#?caMF(HRa%V-|L-rSF>7RJ#lzd6wyNEih%WE>rVodG%KGYO-_4jD&xqc6yX
z@v)E`O{W<2!cs9u?v;?7YaHDkFjP1{3}LQu^t%mCIDZadu5mOQqZdxV044{WaJt6P
zk)xf&%Op&N(>0FvfgO_NnuO$B!v
zDjx{d#?jil9l0HFeZ8ohHjd_ZaEzm;LHI_K=*scIHI80HJsmQR`sX{!BZi~l#-RdL
zNX|8mu9^fnZ5++~LeZN-q^B06WZ{%l)r2;V{*2X=q0`7N+v5o)0Wz)xsS6G}#H9Id?H5Ep=buW_ZrHI7z%)ZhSlMhKCJL&cgn
zD)>CFppBzFeo|>#9n9v$rh0*&2re3`<<`d02k%z8`++(6Uv<02QD2zS{UDed|4p|x
zj=qm!iqIY6GHa`e543L>Cwi~
zGng2E4uk_mNz_>1W*nX04&S%~>+(M^iyB8Cdl|xV6ux?ZL*+dMO*QV?I69#;Vo(l@
zY?q}Pcx@c*cwUGuB-a{*t}aP(a%$t~8`aQ5KnF;U17Ql0RIB0|M;p&mPm){)>=9Q<
z$T&J1W*2@Ow*%Xy<+XA2mxZdh$@hVs*7Djon((+I{|m4`wY)Zt-k6NAY2#>5%+nJ|
zmO>4ffrC>gWE>S!G#kdz6YnUJYy)N|Vyn2h#?eQj9c`n4O(0ygxQxR%`X`K|O=4ipp^iPH7U?UD`O>d#$7CXAs2L{|%TnjxH;Ux}^jd
zWi^XuKOrgvLIIID;7XHg9NqdoJ_t(BNFNY}YfUP4u5mO0V`d+b=78{^
z)}%lqsj^*+gYNX&$N|;pCIJ$Y3A*zGWxG1Tpadi42DY}6$v?z%+rJt;iHphrJioFLk
zn(mB5!&nr=GAKB#B#~z@pQE0+CbTJsQO*cZP=xu4JiHfp8N>Q}mg*%Q20yI5U-IDF
z7##&cHZ2H?Joj}!3WH!j!?^Y+#IBPIx;<<+pc`eCP;uo(pGD1=pM;+i4Ws5*)x$8V
zLnzl3q?^KmER)n`7i2uPT^0FBWq%l0_ubQgxYOZ#pgKC=$zN-iYn$}uo^l+|fRBc-R8w6A=M
zz5w7Jn!KBoC2-fVwJb|rM~lFu1DHcG`bxXy0E5|c;kb~b_OSq4tXs%LdJ>ey8gs;-
zuaeB!4&JU1m+T`(OUbjp%3?iK+E|dqoX^1fGQ?$zbq86A`o0#qE4%baeClrt=Ahtr
zF$6INhe`$oPmp%k%}P%tK($@Cu-W<^X&?DnsptT_tIKiB*0ZG@1WaCz1$2)K7dBfj
zlaZXZg{FQeoaxa6v2qBNZQu%8XuT+)(j0sm4QdXMszG>OLW=@w%t18>=L;?*>FQq=
z1{F@AY
zcWMS7}k`o=aq_`!1uVE(8_=V=q8YglQ_<~aN#7z$^cG^
zLP<>FY&97hTC|$|ELH{_#v{>oSX=DTwEli<6Xfgd&zO$MRN5xUHz$*xA>Jm)H#f2*
z9(2)X!k~%5_q5&cThu$U6`VTYFnUob9>v%;d-8|C2E%!>3#sn-5F+t5LB4zA)f5gf
zl*;pVtGRgo0mL=nERkE|p=_W?Yn2@{CWmp%T?4pf7N^T2-BIGGR%`L2R^
z!`?On&fdF_@i;j2l0&C7-LlKWkS5CmtD|uWiXuHG**{a-AMFRNJt%!OjRI7J=9TtP
zEJ2b}K)GMjI9%*y$JNLIAB=X3lOQSAfwIM=sctuK0_4k*_Vkn3OOW)-!(hDYvLvUH
zVpW!Q@?vaw$E-_W{GnN#RNRI4)t7b_)}AmcVk(L?4wVZ0-XibA;k!GYd+*$z_ceo2
zu@=6N3!-dfC+gErop8v8dWOgE{h55D#cF_w;@JV3n)y;Aenc&^T`y`zqh1E~Vj99Y{BPA_iz
zuq9F5GEQKI0vjE|>BVgyb|KndQ-x7J0BlJJrx&+<*o7z^)eMJkGq4vzI1LSa_y+3}
z=m&83=qRvvG|s#H_#Uakokw0a>Dz!UkJcN^k$-@ALz8)A;KRmieVR&z$KHdA3x`S!
z9vS#{V@snRNT_OXuTK~~<&p}G;5S=+e@lB;3n8+m!?_Cx{WNI-mkfFV!8bLYnrvwi
zsKmkyd;DofY%yF{X|bgt-DM1$zC}z$L+$|KpeE6kR36aOj_)C-w9uQrzH)f6rGk?I
z-+_3os2F>|JNEeU4Ldj;txUwdDE~MLm46;X_?8&;mERP)hckM;^XJ({5JL@#+Q$VbllWoGe62G3|z5OHO228iWc&
zDx`@<9=-;q{ZxM^K?*=K74$1{2NX#JqW^@+cYt$
zk7-|q*_{()CkXp)(?o*`-)xYchelNR@)Hm)-lmC3^RUmrOr#f)Zi3*QULV6+b+Hd>akFrjmcBZ^HNE
z_!D}6#Shwn@F2i7n(#gm^!|$H>kIJ(TwVmeS96S+nuGlnFJf3poYTO+(3}+F==~LU
z+-HbC2}96TKu7``*4D)Si`X%-c?Ikz2&@hc-Z61Cx-Gn8;u-XSlmt0Rx}`;I)da;G
z7uj4F35)80?2QKyMeL&a6V$l7XjZ=jw+V2VioN}NNTv_Bt_KB)kOc`;P|G+F1vLC9D7x#Ey1rnf;MNIRN6t68K
zAuNm-D@ac4mSsKI7HYY@6e|Fv`~Yqr<1lvL0$7T%6}BA*><2hsbseLK(n+oZ(bhpxV5hS+HYdZWvUS1D37v*bv?+@(dQL%4WbiYCI{VzPtTVbqkyMqW`O5+6q)o!=H%z
zxHSI8*|A=gWJ|%3_b~=Pr%|`%9Y4b1~FNkpy-iJ5rj@MvO}sR
z(%@Vkhf#;1E(~>*k#(`SHW$tevtHzs9D17yv#3sbpW-%RMH;w>&PZKzDp;Q`rtN?>}P9|X;
zLhO^Hu=Y4S?ykTkj1*NNxI6OqvX%(oJ_?7?lDtsJw8;E=mM9C?YAzx>6Re8I%*cDO
zbXhh9)Tp{?M^Q6#O3
z#|C>x8B0)b-Xetk4VJ`y4{=Wgxr))LfLW5h=>Jf)V_il{C6~uS>F~JSfj)SgDpRV6
zd~z42(tOBHz(Q#9GmQpf6GDEzVRu1+CO;bxGL?`(9T*?u_EjN07CFZyp2y!?_I^C;
zGr$-cQo_gy`&R^fE|A$;Nh%kdcOn-HORR+JV>pb3q<)2D=!3}f*_PN2=L0UpS>Zgc
z%sCr*zBJPN6bKhIiNnb4MBL{wKb5ltMdun|3z26pR5VlwzO>&)`G^OUrs0(o3{~bZ
zTAGJ7?nWJeO*DZMD3sc&%u#Z?1@9+hQ2OwjXd|e-p-N1*H;<9>)^|lxhDKdp|NGf5JL@DW8MXF7k3SBqWO|#%VLMJ<6|??*RQoGoB>HJjRQA$+F)I
zx5SGi_!|f}HEBGq91>>S|H6_hCdDHZX*iT$D{-Z^kcq?hnYV!?>%ggrCXkHqjoogF
zxRqw$cd9Z+0vwN{2kl`^Nr8)OuC7?8_}?_5R7rogIAke}HbPdX5l1CG94(7XI^YSs
zrLlva5@+Cds4dNYvIaGy&-rUEa2t&ssk3KN@H`vPOiF3@LqjXCL51}IB6xw)Ui39a+5B-apxmM%$Y;RKIBjT?)qn@Iyf7^6vTGY}S&
zUPOt&Xm$ajy8}Uy^Fer!NLMK+s#$(1$jz)tZ=ytCzOWy>C60UiNL(y
zuXqiD@l(LgYCJXvZ>L1;3RXlaNQ>Of`X9slQCLij+6!^T_;)_Wzc@HK9DKaA7a}LU
zgl7V)OgIPcRsNDl#AI1~S2CVsYK&R{Y^MpP7(-nae8ecn3DPiNV+g187QSEh0ADEW
zt7u^4T(~cFF-b8{g)QO{X@BxJ!nXU2;+OkdI(
zJ@=%SJb}KDR7Lh>Pb_^6fko&$A|n0zUL+Ec<`yP30mLMlh!n~1qN1mjqWi&7OB;)>
z4kaU$TH1K10?iKd(nhvSrN8+V1!963_ztp_>C-4mG5Ii*cGoGx)8-<5-$|;39x(&<
zLJ-NP5K*L;8$;+?Gmt?j=_-uAb3f4N5k{afp`@VD9DDkx=O~JJ(}nilQR#p;U33)b
zLbU$#B<6F2w&j0%F)EPdNWY-Zisa>)hHv-{Lj;p8JN5|tc@$cnz+u#)-0aL)s%1Ak
z4r~|P54xD7D^c=`p{58Hw~|ShG&iMKBA8{_xp^itX!R2va
zr(E1oQW@1u@D9sPuI7+_2H^&gC>11KiITLMIT&r#+J!PN&E9ymFWAkpv+r~KO+yM*
z#=(JCB4%yU+sCrYc5w7I2cZ*@LVC?cluQFGyXF&)rcof=b(^L)v9WJ(xMlDC(n<7@eq)xMS0OuzAWXIOn)f(XpuyMkm=4SZ5cP-AUdZn>Id$
zd22X~0(@6d3Xe@`7M=&#YHUg&PcK;#eo`FC5~kyLFR4vF`zMzFV+P_KJl6Td4$VN2
zs(+b*m>iA>{tRt5CI;abM
z;bH5KiqjqVK+U;;tI!NYU=+SC1D81(C#@oS(4Fd=4NpMhv%p@(@xKYALiQ4c|5Xx0
z{aH<@B-AqylxXSa5nN8fpP)x4Ax9~_0oo-lCNao6g`t>GH-)QX>iObJ3>cu$dhqJt
z{O@}3H!SZFvpU*b+j$4Qj2f~IRk`d?)o
zQuwk$Br0>Pj;C|d$Cp5y;{u*QEteEmOeG9H+Bu8|o{G)`@#OA%smu%t3@
zPQ$zpy(tB6%*Iu*{zDMfr%({kL@ac*C!vYZ;pEbr{v7pXDF}O95(R;JFSiAu*ILS@
zGcThyh;1GSUyd1!_W_+m1FJE#B$}CFh5s9ia#9)j1|8zX$@9E^XrtyS3ncBH}pCsY0|G#KK(gt1W@rR4tWhy@@-s&UZ+g!
zk1j2N|NJ`T>P<@gRuOSYxBv1wWxp;keIq!^GxA#bs9&ed?Gve(|Ao;VoOv#b3Nf!pSOgcfut0go#fIy2{hs826?osfuwaO(`XQ78qScQL
z5suvV(3O~KdEytDoVC{=r`r)Z$Ai?PKhd*Unkgb%dXBF#MMccQBj2j=^UHxsg^LrY
zP&nMDB^{@07Pa)(U)p666a+u7!t@d9`j3
zWm0d}_wi|%;6N$%u%nM&E>fR{<}0Od&v0~q-u7I88EYuW)rd^`m~sc{i)n<0Hm;1v
zQ_82N14e@rdOr1hL&f76&;d-1gw;qpW&uX>amgM}OrDyRda|%^Xku%fBxyBW6}Pqm
z=G|L*W_H0|YA9+)Ai@tB-N+N@a*4S41!x#sdfxpWpL~Jqw=RW0@DqlPjfhzaLsIN!
z(=+=^RYO!-iKtNxLFun+h=0l!&LGa4nD*#%#m7s};f_j42U60sDMoNm!Z|78DwjsO
zE%5x+LFM06*Pl?<(Us^q3$;UJKhN2^uzi8UQKE;!QFHMmVqL}acBH||UoAr6_9AWy
zLgEIs2vSQ_-9ift)p%#2oK0fjZG5Qp{zHi{dJKJm1#0#I*=1Dm_v-3oFvZ
zSvfeB2~A|ESqE3sYG{fn7Xu}k$VyDywkR&e_`*sgD;as45}qwk1qfweRgyEiRah`I
zVZ{Y#3u&Mhz?qARSv~?=ymgHC)NG^Hhg||ezatjreifV-0MS6K(7Q!(v&(QfI(G#X
z6beajm6Pby0LbfDDkkDyft?)X=x}pGP(P!pOQH5j*1#$&5toPdApV@E*4L??5Ctb1shf*3hyd2*2
ze#0{cwqgp)jeiNEDh9~G4=`g}Dqe~jtN*7MREAUGVxV#`0``5Q9$xdsXn<1h4zT3r
z1jL>GL|jI1ejF`WPzU#BlHLt?PsWpz31D%L6Qt~^aF*I4~|1QoG6{fo65s&@1b}C+KYi1?-
zS)6Ca1SQ(?|02qDE%#OeomZeHU0wEF#3H8A6;s$X4Kt^gir+Y>kyG%fpvuJ47IwjG
zjXBK&eK80igx}YlK6KDs!n7^(bwusUt3qrdh%Q9Tc$%*}Vw$m-=_8i|8jAZJ^{_d_
z+>FW18GWSqoRGP=khB*HKHdlkbAWjWCxUO?2Cqe_H~W~IV5%g3!dgfx!4-sbH9Nt8
zNDj4K#DP5ocQV`H#a)7FmmfwH+;+qitS!qy4KMb|O>;4{EFt}|yI}5+G3D?<-+0+*
z1pSSL*m8OFDQvQk=J%Ao;a`6c?+2H*r2jR(@JRn>xbQ?(EJkm}d!i~8TaRizyA|qU
z8CBPxf=0B|p1yd6yuF=@-7e(EP
zC~A_f)b{{+(N9zZwO3jx`U-5+6nhq}YWWJBKePlZAu*9b8>U6gu?M4_V?D)?j5J!|
zn5gHSpCpSutejjh8eY|?6&Mai)}Po}y++-nZph0lYd@~*sq6kZcu%rn!Xk2Ckq7s@
zc;bZ3Y9#p!^TLyH)Iawq@-X9LzxsCYmwxr_;ER6s&ET*6>YKse_!k`~-nV}GcJO{V
zaM)y#@sT;ayAY({Ac7%>K{x-26P&=l;?r$WKVB^8})S&9U+8VUEd?u7g3+eG@&enO%q3JiA)Uw3l92B)JjHXEa;Qp4P)hRo=(y1IWw6z>X2lfm3+CX*YTg
zYd_ZmzX}y-o&IZm($^)z6;*JuYyX<7z?=N=Z
z)fR;AM51^}x)N%3HN~t=gE(h)wX12T)^Yru1=1oCp};E8EDBZYIa8hDGwP{A#fMwxQ1Kc2GK$Y&C>u!%TR?rN`1BnF&t}7Yv5QF_
zTk7Joh|`R0WkD350Os?EDPO|ht0dBc)al|gli6p_r(4ZfAj{dV(a4bV-hyy
zfxI*~;_<+t0;h{l#ol<;gXGhIRd(^)iqB_H7)nWV5ZbyVXL26JXE~CZl?(+o!NqSY
zK0W%V6p)KSSVbg?m!zvu@tMexmxpM85AfA@oQoJ1&Pm544rU+;Ee@D&I@6Dg!u
z7oU_`PBQqAiLp2eYjTUv!fxmRQd(32p)QdMX>yCtN(`bY`{W%U^l(XPTugi>Bx?)|>;^Tf^9yJyhHz7n#ZAa?)r2gYi0@5|Q0~v56{s;X)SOI5?J1I9dO)cW
zoBlu5aCa>Ef$x=?X8*rx#&T!|3sO@nKwpw@+sJ`H+%}T0|ErC>lhkCldI{Ay`ZZUc
zb~`Wa?LYAJ$!*a4G7h88pWwOun%<+3?8o7J%7tV@#+`o6@BM&Z26n~8i}q`1zeDNv
zYic~Ic(NosFNecuMKE3IehqD=sQWctL(+Zi$D1RQK$Si4H%LpR>#+s0AJZ!>t9X?F!WbeEnaw0L>zaSfhwQI-wrKJ
zS32u?dd3|j9UE?Nu;j;}d`kipHAz?hk@XLjKz8|%I*B-x1jUWTbk^VfJSLRMwK_<3
zh)6LJrD*rZsHMi7masw%hVx_`dU~IY2;{1a2ue365YH8qq8%Wk9x(br&A
z)w#8Ee%(3KPMVdg;ZN6hKSG?|)vEnGH1KYsZhberCG7v?O0!35qRXxC_I&HqZ%%#Z
zdC{rgoPp9^F-7aUUw?J@&Om7kMv;XFO0+?zwE=#)10~w$(;X0PhWGA(=mlIS|20$%
zh;ER8GayQZ20im7l8<11i|Wx7q=!qX>{524c`CHXrFE~ZPN%p3wnCj=N^BA8^p1QM
z`Pmcd`r$C{_#2=eGo2_4Yzo|GyO``l1l{Rx`>JrW}9??w0!T4>R-o9rI
zrKAA}ja^cx)BDpIN6DSQhPwD|o!&CvIPsbd!eSy(yd+(PI=#C%a&D*h-me{hUjk`A
ziBRB`i0<@`xaxTRDF|N?DWq3-dZR5T8E%2#Lq-m{U;JB%WSv!tYfxYe41c2ACY7n#*4`~
z6k8Xc9@kA#4f3)Uum*&4;B@i%7As@^{xiqE@-rIg$Y!fclmDn54tXC;pT
zd)mcsD?S3t0x1RL0T50QiQ*;cDpY)ybL8COvltV`9QfZsxf+Ns;AqMPp#_l&X>yCtP)y--GzNe$`Zi5&@tGL31ZAIm0E8tjNfjR|6orZp
z=}P|HizuTq$;cj`riLZIp+}**3+?SUN+I~o0JkB^WIPMHC*i^9SN4bV
zC>N5m7
zNzB}+G|Fjky^n|#6Wx>O>_>ubgY$kIMSBwD>hvTiq1m{jHhge<64Sqd@Hx=FD=e(S
z&W#ked)%m5w1wpw**Q^&(%}hJ0w27D#+^5gOsHM+019QeXt?vD6bW_hZVjQe0`O`$
zjQ4?wRE8SZuZ)DX39jv3MDhaX21j0n6(P_5aH%1hpvyWG@MxDJ6xzhT`Kc6JjtDUi
z$Ra||lIjNZ8d5@YyIXx_P~QmTnUE}_t?lmY_bj^POPjCmD>i2JdUAj%|kws~0fvO}TXwPOuBh4v!&ndvEe#^koD9dTTH
zzkWvLVtN$lPsIF=dL%f_^sLEL>!WA65=EYB*`^XC=ntkMR8PT$re`^7YzoJVu0)Z!
z6PaEU67(lxR;MaI=9|iouUrYr=zj{;LHR7LiiIabVDTqU{xcGywq>tCx2d)aFNx~1
zHeSNrAVuwPdkGvZ8lvEOJ`=)HnBW;+4;2U1F^8n(88&*N;13AY4)@I62Y}`_a6J>(
zwToNdVAx$d-1?qQmi6K?I7%Z0rO~30g@;cqN&mm`|I}ni7Pk|hB1uooViNI$cLsMm
z=`@PRTI5uG7Hq}g;Tymn`!@b&e2OAosc*#H##_`bZ4N_bBM6T-HAJ8V
z>3%McKc)aUHMH6Fqvo%80i}n#g1Y10f?`uZb
zYy%9^uD*T{d4e@bqweVqk;Mq;QC6rs;@$4~7vgOwF(j0Gi@Gq>d$*sjV#e?@jVQy`{
zi4P9$jhi}rQ##lMk6&(GzR3(eh*|R7dVEtg*dKo8*5{kr!G0EQ8t_eCuuURpd3@76
z_;yF!G~%1~!R&8wlg~HZg2j=qxlKw~Cxqx5+%Ou!X&U3h&CuXt3PE!Y_1NHLib4y%
znHXI34v?1qYlpDHHaHne1#;U&r6I9q2CIF7o3;@Ra5Fo&eKT&_g%^jm`+}#VAk!hD
zG;SUU*7yTR_n_x6UPTBFL$#ONGp+)VRl#pcfz~UbCT`XTSO1NhJ2^O;gRi1C$?ff>
zlCUjEA1%r4*Ylsu(HnWy9O+Mu3E(QDsa1b3A#4q~Ad`n%6)va)`mf;8L2>6w@JjO%&Eq
zW2B;&h{?xPRNhP@PzPtCPq>Yc;-R>mR^eLUg5o|ow;KdMQ|>AC9|EbmjG%PgO(aS!
zNq3TNkrY(WQ}&pkWh&ZNMB}8mjhphl7n;*0$M!E`(H~U2Pb%VCAt^d26`8NOD)_3f
zcce2VkCOB&6~varEtI5>wgGloVf|c8q{KIZ`nD>q?$hd7vy))`+9D438-Z>(Q-W?@!I5BllB`b`1>QS&>GXjs{OscvPQwLX(QuclZ622V41wa#&f-^%9
zp-Jod=nGgfr_?~YD(gRjX#Hi;*69G9v==Ql5a`}7d#11V*=DH
zX9nlb0TLTQ#k;Do#v`C<3x*(~=QuK12r*}_NNa#K7kPs?Wm=M}P8ohGF>3(RX5J`H
z)Zwm_Di@RvB5hUy@Lnvx;2-2u+B871=&G`P8xc6~`HB^D(!yL~60e{R1KG)L0Pi=b$eu>H{ZJN<}n@d8JidwV4R?u#1#3
z*w`e`P|j~@z5LiIxxdf_%L|hn^h^JwIKcwJuL%AFMdGG3yc>&jiBN=!n!wMUA~d7A
zrj>fAn-GD#M~zSKxa7^jZgn`*1Kl@-#XZy&zCMvmCt}ZVA+9-vf*sp%b9QY8kNcyanR`8#9Li*WcI+4Q-ElqI}aSU(a6G$QpyCuMF)
zgkq+Q8H*slrj@9|Sec5_ZoG;D?6V@6Qy9A}K*sEsrD}q3^B)Ly_@>gB5eR<~|KZNR
za``nCZNyWjBtCc$OI@hIsZ6|cR5q?8T~|UG&o7rq{r$l4X1LBQNqw%srrF?^kD(%9
zwMLID5Y-$GStY2?8@M_O3MwYhgA;h758Nvy(K8ZwD2VGCQ6-80_cSQWiO!_!ZfkH|
zGr9&{FFOiOt(ZKzJ_qx0e(h-1Uv4*a)`_{3+z-scb=~M;bp0sSOy$>$nMBueM5Yv(|AbrN%0dMuIun7TfMMRob>6WRS~Bu3+S70xP1fW`?b
zY?~43#)&FC*Ad6YNh%BGn18TdFjCg!rx0^)a;C1znZwTXfw+xlcj*7YvHMKw)?U>0dCo#1FWBQ@+{-Qw`yr
z)2QgBW>7Jt|8neNJMMkq5*|K?|F<5&fM14()0#Ak*1*}}wEQoe|Lt(<6WH9b4iBeA
zUDk(8X#rD`%?`=s--AAoMOEoe*G=
zVkk;iPy_@-P)tz4f{oZ-OB7H?n3cMX+Jx|2${r-rY@nzrW9aKcBtj
zoadaGIWu#n+FdP|8Hm;
zE%Av0;
zqr$<>bh$Y?BZJyz$W3L&yVN#IZl+|sO>J}JW@^TX)HY9Ure(ZIZ42dQdd5g4XEd4uy61fd`=>vP8Z;uD)9e{!2>0kouR!%0
z8P3fHp+9w82%-#cv6)s5CL>2}%v=r9h%cvMiglCpCPuu`+fk!7OPf2Q0Wn(*=4)c^
zFqpT9xl=G3^<~$9kz*Q58AKoOLn*@Wyu6?L`fj}G^a6@OmjU>Yzkdo{mRhHm&O1q!
zA0c;G7UT_p$_FG-c4?%1h&y{Bnzuk`XeO(VFEmWIJZ}q*o5aQs;Ywy8%`{};T`1$_6HH^g
zi##46@eWQe>IQ|F7%8uGa(HIy4hE1``zbk3I!GxmLhux{J*w3&q|O&(7R9K&QGLo!
z6tngSsD;DO&n)lmW^x2PlVncjnFD(YW|&sP_`D=TM6
zs_=_*AdHXP8HG&Dh1UhlYJVysG{DX1OeRxjk|K$c^t`NF(6Ec0jG=@`xj9=Oi{54V
zv!=YwI)*pT>x_8>$ShK;2_cY95sR-Ol@`~$LVn3GW;p@d#mrk1049W1edd6FuXHM(
z`xk!U@FT#Fn1p@g15{zh4j^wc2Kk3%=~7E4#`NfZTaLtRHgbF^H#XE#g*%xGQ{6(A
zUcRUs_s(sr;jA`GTC*_o-CbLR&X^5tFGzQUZ}P^HX;X3eSoH6sm1d6p4XwB59R|(wI9n#(f-^(nlSus)ys^i9PFOMMV?Qq$OQqpRr$@(@xJKj98e3Fj|KG$Q`ASq$Q_d3d5(@g~wp7sN!}L$8^ja3fcG;smFzvpgU9Xi2<|?0K7sX
zDw&8aV-S(M9I2?oe1s}Ig+}?(7-f1uK3jkGU%>ZSzi@L4fWmIZ83ahWS}kr4(xqbJ
z%VN~sn3k=$T&Q>WR3k8J|2I&0zmxG~5Xh`8@M#sDb;f%>NertBe;5TV-A&ks6L?Y^
zjmuoCZ$_c7_^%kPRj-e5{fKzumUxt46}?r80IH2u29O-fvk|JhR%1Jg#E3@FG`5pm
zhrLy8+3h+ru>puq
zOTG@0ZS%W0IDX>cNlx26I67_bIoDBc+ccEBP}?yx@H$T0pV7TeZu??qM}^gK1Lq+;
zqvE*a7pUUb7E}>lf^2Ae9cJI1w!MIHRo695;Gv>tMh2r6U8i{$Jv;p^j3e}Skoy&X
zhp{r{sLgZeyhhi#r=i?RHOqojL;RhefKhF_Yytb+tiPXd47(Fp-2-;U4c8(~>t)Ia
zMq#|Vo`tEy{OFyLkM`o`=v;h57Tue2)|*(DR6qZ5kciJy^?6X!HVuAJwS8zKV%PSK
zrdSkRH5;-T4~n9P(jNqWvo6X;1pbK7cp;|{gsk@wVJ^kzX4MX
z{(2vyCo+sSKNIsq>Zae#BTIcF_;(PKLJ0|{4Zo|4{+RmiYKwUu{5R@g9{m=!+aG!Q
zdn`4LWa{t0|H;RwHmz@fiUZk|D6W#qRA3_bOE7p=y$I}snK$6mAW45au*zcWDi*At
zQ*ZjyMqngZV*_@J0XHD*-%`)oj@LjyJ&7DKI8&`M=Jtj3KiT5^F44?tPlcHJhCi-D
z;vZ|e7sW@nzHSi9@<1mw`z_49@Gd&YN%{nj4IY5P$EY-m`f_W@I?_oRHXddG`6HiY
z%$~b446Q?))bkrDb$~qR6H(K+NFQia&eu>f%t>Q=gax(r2{Z64F*@E!SqyaLQFyW+
zJ<5s5&3N8SaI()NXIU@EO?1*Z(O8*{$<62_CzURz^3iF4O*R@U+nkCx9PQ*bWQ-f0
zekWLuH2s0;3{hvpr|t#+(Pqh?kwV2yPaFBZ#i(xdP^HhO=e$X>=(%>
z97yyvbJK9*v$(mhQK?|F-UfCOTFvOLhD~v;8;(Qaj6Rh2heW><*+*0Qtw#OG9)I64
z(EEXE+79L;0f33HfFkXlOu*}4ei#54a|>vp-7g3@0Mg$9fN{5gmfHQDfZTV`z~gV@
z5CgQG
zuBaA>n*&q{%Z&l_((Ye(Bb>*;d?5h5jh4&;`e}DMZuG}seiHy#CN1Cy?JmG`UVRwM
z)ZKnsS+?*x+_}iF0ov_~N87qNn590z)FxTrE;?AJ&Vb+U2oXIDfT$1BMvHiWq1yX(
zC$t;~=E(toGAea1{C#w|_VAG_{4ki8CIVcpdK(?7Gg6Pm=Oicz`gQ>BCaBwQP~eK6
z9Id@C{+g3hm7bo0m-WPXPQ?2Xr_IA&t@AMVQ*7k#wVX@q!Ef
z5|Y*A!KX*ZYH#Sh7Ss=b;dMabm&a-Etj0D@GXXfU4rtC#&=l3)rqMP|>j2nL2Q(h9
z6-Ti+>y01d%sAZ&z%d<}&l)L#mAdk`EdrKX~TBrK}HPA;Y_bB>{W09MG
z;aLi*jGhACj2OQwhG5Z|I%Qk6qgdzkD)6df{EFWpKTD_f##;gO5&CNIHpcipkAVCf
zo%tJ5L3gPi0&ho*&v&Jwb9L6Y_)>|^Q@;n^o)~{Ox>?bAI%OPQ{NVE*eF(h6G5+`M
zq5n9Yx(%ax)@a=r9gQOVZDG4(3i!us@9GIQ&-#EjFvh>-C4|2~d-q_vL5k26@MgsL
zH`9J6Xz!aXw)Ct5uR6xxgWh}eMD5*qwdG$8-o_aJz~hi#sJ#V4EdL?!cEtFHnjwBC
zX>ZtG%YP5NJu!X-z4s#R9Za+FKLp<47=P&{(7#xF2g)qJ@drph{x<#BiS`p#Q2xK0{gAd-m&AX{CnVi?(IMV*Qt-7
zMu;751mKPUB(14Q;zK$zsVC-dnWz^4c#|MWVjSpEo!WPV)$~08zXzJ6y)>Gh(2?KK
zy%J417^XDC-)M>hy^7_{P>Uo^y#N?YkVL$MIc$uzTc=#x!5V8i01E?6jFV|f4Dth=
zQsJBR9H6dEMAn7xK`wN}L=bb~K0u!h;EbYeqqaPZLiV+ed~kwNVu(FJ{TLucr?HKT
z5lD2Ojx0SHUv|=fDSI&IjK4`y9P(+j^3k7l%Jy}bdSd9^fEtj1RIY%2*C{Xcv7kx-
z<^&*PMFIV(y~4+A894)hivo~@DV4>ja~$u_3v6w_8K?&Wq@*|w8FIWk&>xa=_c~Bt
z2FM^C+Q3)WqL`*R-VO{11g<{8s0V+OY$?zN*`zg)S&sMjH5S<(s2)Vdl`sM2INs(<
zZHmSLFf{;~WDBT)k!y^){Z^Pj(
zUkv+*APLd7j@M-%`f<;LzMDKo-VACu(_m5U9dG>2Kz&cdrwJ&T(T;<5aJ;vx;i2*Y
zYa2kt;DU0!fe5yv#^9P-BP`yBN@Hv~tlhCo8hr_B)OTU}+uDEu#SH;$&Tb
zCPz9a7Xomp4^j=epG)-K!d@IVxZEc++Re#%+H(Y>9|CYk0G8cfXc`u$w;VMp-W>U0-K(=wk3X1pM5-XCg9v9j|gW
z-k$+^yw8$$M$;^+Nl%OfqWzuJ({hc^I02wj0w8nUVvcZ9AG*_csEfhBJ^^FK1*3XH
zNwm^Q;y_p}+s)D66eokd;*gi`Eqi@52vhMEEJ6>2KX&+wUBk?f>+Hrk|aR)N}9xEckjm;Ex0%_fSN>K8gP7q!)Z*)akbY_#^Wkf$DN#!><(Qlo6sW@k9euNXvbkn-8*Mibl
z1yB`YEvUHv3>rJvjZA=@ePfdtEp*)n(K_gz5P6$oI~YQ$@QPgb7G$^n4)kAro_;n4
zXzseRZ-YhBzrf2d_=~W9nSjZnp^clK_NP`I!0Q$80_w&Ki=i_jB0E)}AGByA2cIBKIJuPuG#-I?mCXoGcno%M#7e+nwCm@GV5@?{N4v
zQKZX>^H!n7aZ-L*ZMzncuas(pzr;tmGKYAd<82+}D47fD3|`L|KNs`<(TAO^ujg1F
z9tCf5jDN5Qe&`7&>w8Q@Nkg{;ycKo$&p27xNtV9>ylZ{FHe=73?5jNQq&~A8i_rXr
zxZMZ9BR&WlNd1Czzvy`1qXsyygT9-*YiY~WoDxLvWygE%W{|!I{b0az+cbdOt4?lD
z)Ge`P2C^t0|G3O>Utb5%PRIKQ?-kJUPFDbqNCc(6+5({09k1Dwn8Tg`=CK4Y1|~~K
z<)U{PeamT))di6n)$bGBz2kV)=cTfQL_cuc!UL$l8z6Y4FRb3s!u-%lzZh>+=v#b-
z@s%pX5>hdudq^z_CFw}PcStbrLSgL=X^HOyKZd|J6q^1AqQXX2rS`xQVj)kv^YE>n
zJ`85+Hx^)~cT#W0ie8~?ObYaXhUQ>)_5u2Ms*!GbZY%7k6KbHn608?I41j0=GWw;?vz
z8e{&li&8;o=M$3WtJWW|pm@z)Zw$)UoBC#?!90udTDo4_&RE$_wS54F(QoM^7cRsz
z9Pa*$lCVpMp05LAY-x2&ILe9}AfolT3K}S2nM(xGco`WrwvEj&(A^kjZ
zM@Jzy*_Tzz*JI^7Z&*lAM5WWThCUh0)jq(Fqg1)>S@)vmiStGr1$>PUl=7vSxri-U
z3vPtPn}?2$FzP$-h-WY_FzrVA<*g9f`;h&D@<~X5jxZHB=q_)gm@LU+f6&vZ#Cqi+
zeGZmx)u~Vt!C&xd`3>Za4e4XBBB0(5J-QUko<6|D{5-L)7Y$|ogUaHYSI|>{oI!LW
zhU{L^3L%~rO8!30lzhDkytO{xj?Osr_bv!|J+L~kG{@Hia0@|_2Jv6-=#3Z(cpE~=
zjSxd^BvpuE?$(3h{66v8nWDODKb9|`t<+h<_?sU$L)jlxIE_X*j!`qrw-EpIAJG57
z-!K=FnM;jc)YXeyhg1jfCIx&M6SakUshn{KsY>jLt9Las)|=}l?Sz-~bM_g8e=5|R
z8>o`*qGWC=-Kw|DO@07{+Pw~lZ3!rqO26ve;U*t$0Kns5zL*Gb=~%sw+~i+Skr@^D
zGXQ=_1f|lmdWYQPldvg}8~PD*w)mTLi+@a|YsE9Ug9xzr{nC-26Mg-P^t8;UV~8b0W59mR)M}Y#-n@n8i$gPbRl;Q
z=r{R1<6l$hU%d{YvN5_k2y4>y37Om-{YAbh=)JPf8|f8gj-PQ4||%KC5yi+n1X-pN`IX3cL7X0Z=YH|onM`BK`}E8&~phOj;o%nBdidj%=>
z%XLO)+lJBU3VJb+r}=2xXiAZ<*2%r_P3k4!T~miICH`TZyd6dHPVgR10;b|xNIvDyOc>e_aSWm+9oaENcLn`+GX2S3no0y)2m+K@yj0I3T
zf!xPunZlkcg+1R%J_qI+3*JPZZ+a45fs=eYc1&9U^5Pgvih7Zg+zc(?T97aCS=K00
z(z`jy&!DN<0^Xg8eCbJe1Dxc1@R{frz<)CllP5iiJ&m4*L!j&Y9&8imbm>TZDm5WP
z`VpUHk?UnhH{x^CZ^)2d#20ciC__3CUrL3TnNfviE%cS#%*~K4#Me@s=c^F2dBGug
zOD}Yhl)E2Mpjf-?q%ROirj63zWT$EpYEMGUAA
z#CG^QXEU}JOZ6br>!@{8Ht7Sw9OeU1JywGm+MLz`t%?2_LFk!ap6CNiEK>)*m+?U|
z;&!{_Q(G0H&Iaw-J-IQIwFBKA_U#*DBo)`mPoIO*XPy4M^D#u!JvfW8~e&
zM&=sq4P`>R)yJs3PuZqkmGK)oEmZsrIjjPfb7e;UK*RZ%9C0=@eYRiP;W==PbzD`5X`FBcu$RQYIz>t5c52~brbgZhE`avJ-PP0
z%R%wH%ibcLubFrrJB?wH3d^-;>0CoE>~W<+&*Q3kcvTkHVS9ZLl(5I6=lw3%=MN>t
zT)!yS@8IZpTsbZ5aeX>`$}yZrUgP5qxo(AH*yGXj&Kt(-#zNt>=UpZA>x9DVu-9h<
z-`OJt@15d0>w=@_ak?n%
zUHv7mIm{1xO}p@#6MJA0+GrA?!`*!{aw7&n3bP%MlR*B{U4c
z5^uCXdW$@lKnrmWChTpWL4`c7)sxZajT#wQ@;r<+4gP-ASot*IS^zaal97XIRgIp-
zsH3t-xr;0wphG^!8%Ueb?=66(dg}%}Q{4I6kGu(8_&s44@G0Mt
zd|sI9oWAozS53Mii*L`QcW;C1D%EhWu4Fv;1UFa
z?-jzmxCB{nR}uHJ=(vuT?+AiavOjnJ71
zdnbYHd3)eKLnT63cO1!S^Le~%0gq&cy(dH$CDG{Mi0}PRg%G<$Vef2QhP^gb42WcW
z|BoXK0ZOP^Ad5~Xa~6*9Q>)1wU(M?u<;ZK#`<&6ZL*U0RC*iVF2>A@xVXp#^60bcp
zdU6cy7N8+?SVQs|IEH=z*^_C#5a(_@@3}KU<>u&cnE-^n$IqfBlEWSa!}j`V(BZz%
zrVy_~+#9?^F7d%1$RX~b9rg}Oz~8PVljN|+fWr3rN6^C_x1bJtN37#<6po%pdWc&;
zm&hfIb}p~i0O-jvv`w@d!dXnpLqhl+m!9_|Q^76i(XWv>a}vn&xL0e4yU&)$Wmt}$
z$IfktyV{1m56|QA8#$8fd0ccY#Kqmh-XNfWU1%J@4j=a5-3b
zqk5*G%aI#7mU!H>(34|`yEBI6GAuHv7aJhCQ6%Rt
z#pSKIED>Ibbm{x^16{7nC0|e!K@r!#3X$S@T-pooIZ@|VNJiLW1q*xp7$WR($GEWf
z0*+{xFpY*s2?TOd(UT*l>8XShjF^2Uj}y3?#GP_@HXY2NIDe$QYaFe*3Yw6x$H`yM
z<6K0DGj1hv8TL3ehea503~}NCy}pAaa7+^7P%G?lIEJE00!NA{{J5NbZv$+d(^TPV
zCEks`09ShUfTKWb2HJXE__(7wZ&Ydxek(uLKjK}z{SAH_E|_uNg%sta_B&$QZso5R%?>bsaw%ty|LU7XW#$XtpVItwYv{A?9=
zjY6KO;z^+2kJ04yIRE-{5=eN}UXDm#?aiP@M80Oe!5&0^;3ZIJTI>}8_RV-~H?Bc<
z0FaeC%M&m!!1QqUC=
zPR-0d>=ZaPm8#n=)Tt){e(p45qK1Kr*L)QtQN$%VT%R{7q}6f97;G##oj^@Y4smhG
zS$s&s`#+OYdM7;87;FBVARbeo339Vl-i=
z{BXa7_r?6w3g$i)*IjMCRpL?7wU^?}7aKySAcP4B!DxC!H;-vrge5L?88?K4CUukM
zf`81uQvolimz=erN^cbbAC@%`abMcb5tc6W>T$OH$J_kxk)>rV>&Mc?si+Q|{o{H;EaX#uG$StAbVyn0`
zP+SJ8#NTLw-MAj*SWuT(Y%Idle5_xr^SSkC%2Jd4@P+czwYLF>)hgpQ8@(756Kiok
z+2sw5eJWREm$$I-jN--4f8YpT0`}*Vjn0OFPQK+X@$?;Gw~7n#(g&!!EVgxkbyF<%
z2;ZA<`_nBJ*CD`-1g=iSTjy6iRuWXabNq@oQ{_*Bl2KO4v_Q$7P!cT785D_Nm(8pX
z_Q^)6g(kuCvrfjwn%FqC)E1De>UMHJkgJQcF&M+$RQE7u{+6iyPQfQ}U1k?^z|wCS
zUYF}Kdl;{^Y-l=$+o%3UeB!RCV?G7FB-QHSILOx{*H#a&tsZWhI*|Cp-B9znL+TUt
zs`y1f{;xezSA*BG!y1^#IDwW){Q`%pXf9qT}ih!}L_r=zBHINMa~t^wwCV30htTW@PjO3~w6
z@BFqdyZBO;h?(G{^?6$lFs)Ce%I6Nlj@8vZ(A6kC&LtV8Kk9-6r9bM{fnWM)HeULL
z$R}r+NVN^<1NVWK22?GmXIX5lf5MGy#fOny
z--m70&T=RJ5%2@C*H`OnwjtE&aZ@jVoTk(-GsS#O{3j`Rr)D~dT9LpQV|t8>GO
z0p@m4$Bp<5vEi5kX0}`NV0C#XEOygyobPn;CK$}HYrY8z!!-Hn+FCy-$_1Nu#$1_%
zxy@~5%FxIx33Qv=&)g5nl2C7P^Za0qZ@b0qNZ;nxY_HCdc--se8;MF)$~}r7w-Jez
zs@EBj;pj*cm(>?<*kMcJrbYzl>A>G~eLR%3SGhd2BQ^;c2u_ch)f>~&S4u=Bai@e*6>VzvBq2n6oG<2QKkHG5XB
zAJbB9dwi^wi6!sOco`J8rPv0!(bH07=BqK>2l;(J#xcLWzFEv~ukXQYHHK?Gb9ZBj
zF&A9*V=QcpETJm@XBsmNFQ-!#Ta(*8iGV1BO
zI$odI8~MC{)7LhskUQ*BUq1I!{_%h*g|S}7SMi$aY?k~ERmQa}XcPiZf7UvsegWS(
zjDvXk8U&<@sqeDpA=NTlt7mLzvHnjfs1XrkjP68?R;@G+G1gBw3z+|7>(;DcIVg2U
z<@YzWety=XPtoQ~$nOz&f!yPi+6*Nho@!M0l?ulp@Z+FLfwleFG+Qj^t@e5F|$ET_D#6jjElbYlMQNe6pi0dq(;)PT;waW
z(o3MHrPIiaucNBqhK_jnOXeXQ(7)=U=-wrNJMO|v2ggeddg*4Q;${_ZI(~&4Rs1+4
z&JN=>M=V|N#|mTmL4o-OfEwtFNDwviBOgmVW=6h~GsXbdu2AY2Kwq;8V#VSFP$ljs
zA~dGGU>D-L9#rQJUpE^R1k&~2B0Wjxk!>P9Nw;JQR57(4+^^MVIG`y%j&pR4u)zfN1CtH5Hwk@dfrAOs=n2(wDQ;eA=1h|R7p=7N@
zy>g1qJf2k-dbt(QYH-vEruxQ4M%<4(=mtvwX4-+X9~foDMn-rXh>};z9mvl=&V*VP
zg!-vynYcu80Yym8!j9w(s2X<0?QGn(Hn-@QS3*S>I~~#^P%#>xMf|UZb6JULDJxCG
zxon`hjhcpYc@yKnN0yJCgf|Dy$>El-PR(MKe=$OOX}U==Od&sA`;;FN#r{{j`MBG{
zXstBu=HqT3b00PB<__03&m&Ef`muTkaVrJ&1Nyph3#N73As6hEZ7xs`YzQH!T*}ovh
zmw|JXb*8bw_XG7~EQ4>^atkpwF|Sl})}uTAD!>{ak0kf{UdxjksrP)~(r@Pzn0eXR
zT$=F(b9vp3*ZPZQO5Ln?U+<`b-RbzI04>%~__9VeBK?D08%n+Y4&~CH%3ff*$MdCF
zWG@(Ca%iTS^C%)S6#^Igkzos4FEY|X+sN?xUm{b$t($A1#kma!(eS{tK+0y#BdNaU
zt6DvZ^Yi$Z5m|N<4l29#nfUw>TR59M`e@hoe{9>aswcp>z
z{VIj~j;7_uQ0*=F)crH-hPw@Vj8ARn7T$vf-n6+B(A1Q6zZx#aN)!hne;Y{j(?t}A
zgoNhw(_PFxV*UWUeF_#XJk83-ynQ23CFXX*NM-Lk0pmYVADv-hhq_}^xjYd&(!_LK
z*iJ4DGU2WZcj8k*4lh7BQ90*?bC_)Q^HsMy;T4Uqd@znMD3VxnglgFKux#U
zBLeJ)b+8BsJ)HCWX|9>7bR_Ki%dsW}u`s+QzI_|IjTuYYx0E07@2Q9F9$=ff1wOW*
z>pgg94jiWf2Ps^97NB|(y=khW7UR6j>dFe@yAsrhh#|bN_Y($=r4x~#k6UD{_jNar
z;&?xR$^1SP#Z5_gg_5U2^7eX?`+Ui(Rcx$Eb(Ac45?!)Cc$3}K#+#iJQz^1_t53mJ
zJ*i^!Opt-O*ai@*6vIG`hz?W=7dNaF1#2&Xf8fpeI7qjNy+7&NumdS3y4Vk@0lGH#
znH%)S(6xC4H>#ML8)D(0$8jER!yOSAZ}-0{j!2-0$s(}XwK-kRl`t04mh#pXtU5
zvE0lBH6l7-!`DUeOx5jpl&`Mfd~NZusxuB$u~EX5#^O+(8K1(*%*6Wui-0PhX2QBI
zu=wk~ES-#7bDnh!#a^cYLReD`@zQJ>re+n~}dg(N$TeFdf
z6Yy!87b$|n66cb?d@8Ec4ATpXoBzV{6G6ul`Gy_|=D!jidBn|s}~epfCm?}_9$yC1LS+rWpKuo3vD
z4BVgg2zEJ=;U%_c8pybDuAjrpjE~*k=02*j%LhY6bFJR8ec=6p#zCM;ZjSzg#uHb)
zNTs}&T$s_vSQCa?MnW0;D{jrU>YRai@Rag#a!wN<@F+oLbLY-ep=j4n#^m%N{OQ`w
zpav$FsXgM%R-F>8>6MN|!H#=?I!GR%nzrJ>YCcPU=OR=P=Njay4I)-SK9C?V5Fp;K
zAPkokB)<)0?zYdudYD)tTIDTlCbCx_bn${}mL>C8U397G^v^f_@h*CZxu0qJ<6X5s
zOV!6@9>$`Zp|29koy9mvedH4cc-I9gqeZCIQ(&u}487;lFZAJhLad_{?QrAFfd9x
zXr2~vERuGxj|`0dY=UsdB)7x5KM)*3FOusxL#Cr%sr(bJ!LuzJznDuso*^U-k*bS~
zYqLY7YCDL<5UDxzp8D>@?Ucf=p^8T}!ccB+g
zzo_LNT&s~(e8S&ay@&JX_?J=7JP_M_*)d$rMOq0Q4+g^PeH1@s>~;K`o21}~w2
z+TUW!pqxKlJKD$ojP?qJsv{?WvqtA}0K=kC;{AOIJk`Z8R{MG-avg-l#~hDjrWVB#^O2ABM{fo1u2JecP#s-t4M!FX
zw?t)KR`ff#s+dyC@H&2LKpwO@V_v2Qs1Z?tLjN;WA*I>7F_f4H&RN4uD<6d-{&eju
zP{p7f#VVDmpf846i$QhH!9g;QBe5Zzw|A!NvWIY^dQ$9HEW>;Y&NHpjSj~GF)QIRn
zBv#@^A~ARg);qw>`k^Kg??@CF2@lhR5((4Q@W&v3rZn=$Ag15&cZ&2I_@+*`Ss0U)
zKuKf*n3kw8OW7z+V9}J#OjN=mOY?GM4ny#2QXay9u(&{97NfN
zGE^bz^1+xGX$ynb)6ojlh=@@~FFdB|0*ccQ2hs5`brciz{=Hfqi}N6>qbM-j@t{UT
zj5?fZeC`8^a~lpaLf{BRMhG0_h}Mr#6l5^M5dzt`F(U**R53NuJAH!l4}(oM9TkLk
z=wB5_B+#15$Of>{;zh2L^GLk;g|R`4c3SN{(rChbv;1`JGEjrDL0mby%69mV@tTArj|m{FG*;7EgBlSXsA+qti`9L>5PUiT&W7)e%lX+cvCy?&gDPD+vg5jTEzyQ^
z{F9aQhodrY(=CtaN5Y2ctr~Yd)&kwf)W!3vm2@gI@6mbeRMJK{>rQZ0=6yPg-4=FC
za}K-=HTN3=%$)PV2e^O0NTB-WygCR15BmIQ&h~96QxEwHwpFYAtEVCjHvUHhMl3It
zLbya8HAq65fMOD2+FraemeBUrePxWP;H0<8z8+Ru3h8@Gjg^oa^3%0Xf+{T~`;d~q
zv=8Df&3DSDNiEpnM!HOYZf{ZnflRpR(Ctm?ZU`_9AETyxo|JBTbSnQYv^Vo@kQG6Y
zhb3X?84m?%*j>LliW(3eI-~E0?E58{f?C)c&rq#2x)k!$wbMHIeaqK$6Tk1s2f8V*
z=?>=JjAn4(-`tzgOv+B((DW?_sqE5Y@zE>4{v)CE<|
zc#po_Rmh|Jf!c0mO9I)aeOZoL#2q&Tb}y*wEw(to{#Xxt7y6%>9pOLrnK;c2u-uI{
zE^jKcxRpZ6-^oQby}cY;dd650xNeM=4kt%U=3)LQ?C~|}eD0Eaht)qQ(7ze_W&D<~
z6RsJ*o#75*@WJ@4%I#zBF~E8VHRlO1CtHoN;pnS=jEyDW(^dhy57d9YGpRc|2>no9
zY(cYWh;SzanvH|;>c|Y$lgNrM9Mv7I7pnQ
zf)#i;Zb+|sQtTdVPyY+fciTa4%)=#@A#l+F5BCgpp}1v_Ls4x5PSo}#`UH_U3e-A9
zb%{!urkni-_Jgb`y3=$!Q*_bcX>}VGz=V{u3L%Uf{Ey)+
za%`A!W$^#Vo>9ahd%P6_2?r<
zuEk^PGSlwH(6<0Bfpa#=?<4zfKFnDIOY8vRGyLn1AOcHp*brEPH>!Yj{3l2`xm|3A
zEJpzS-b1%7tv2sXaK%PxwH?e*f+2j>8Y3aVyW?L*;j%w?NXD%y_~$yz|KiG-goEVp
z1JB0i@JLF1H`Gzb;k*$4GNM(%(~vt2SI$}-0y#C3kgHx(>I$5%#lMUoRe(W(x&>Fx
z%Qy%;7VnL5@!nXn3h7ZJDY_V;eu(ov{L3g@b~g`?;{fB2g7L?6gYmPwT2p_4h$HpO
zRb)-I_5?N15D}&D
z7yGCj{sP}=KxgS>SaN$OQ;cJc&Ps^FE1=)M9y<@>28|T%F_XDocQN9RZJCO_=(owe~E7-`8z_6%=3<*Mnsnr0(AWj+KSM+n#
z$v8h}l@$fbP6IU}@>I46_3}JWoJ(<#OgaQ*s+g#6F_^m#=k-=czd*<1phiRtI3zXx|2Eo}WigB^{q{&~3aEO4`~Y**Zwk
zqka_FtCxYodYNk)N*p-N%~2f$3;wOmkaY1rc;KRkv#qPF_zm@m98B
zAln*LDS!UJ0-pfhgl^55=+-Q@=s^K`CD78XVG3kgdMJ3NTXTUsh{}R)&4q3sbC225
zH)Pn;EWrApZpYSr-%lM&hPq7w85YHDL6
zy8#OM)3s|8WjTSpNM#Pmvz_=}|Fsgx1NoI_{|BR!Q4P$Td1X1@Tg@!DJ$U%B(yizj
zms_DMBZFYJA(&u-_DlUCKn*OYX8_99N8-69kk8p9whLJM5~GQ()-V0h;`PSI5gkK<
zigl{FrYY9IEXTi58{*&z6eX>Z^n6{RTgu)w}KiGc`Ew=k$(^rXD1GU#~AX#HbrU}0N$8C2ytD*2`c
zymo39;uQ_Z>~C$V%jiI6MZ8S%Zz~#AHrD&4eUsPAyr($Ryz}{OUL)h>
zF-G_=yx&?Vakk+Qqy;{1nM%uWS`ud*UWU_S&$CPzgKVy~dI;wi@h_uz*+o2DgM%u#
z9_HDNE9X-j0+nhc!B3-!Jb?4>_?Ho+3XboK2=@oPF%AM}5s1qgVsFPBS%2_b+pHNG
zSYQ~a5s_zGm{p7QHd`1g`NLzpF%C>%+5cswkMiWzWwd?9N+0KSHdcd`I-pZ^E0j2o
z;UID3ynif?BN@UARp?RT{1*OYM5}^VkOzBlDkW(WGDO`ee7;$!w0GuFn=aCuN
zxOLj%5LnI>thP=oMn{b#{{H#!$T$zhzl;)P1vsdJnlR>;aOKRyAy5z(PYPUh6jp%6
zc{ToJM5~n#L2=rZnHS;4*@T0LvX37pO8D=Xti2282kz_x2^gWTRzO=)P@{4b3%BNz
z)j6X7dS5?w@5<-uh7&(E`pG`ck}ROR$tgxFSx8gn%RzO#@sh=emkIcq;5
z0dF-dQr=miRIcpd*6gb4b-Rtn`!*5n7AWuRkSx6cYgYAo+49k{$giCwX>BO~Z4?Z*
z=G`h#3(ke7c?QvUcH9X_%{Z^OH8bW|-9f0mB2UNK15wWg#c6^=
zpiC7Lm4oJB0L~}W(=h_nh=@_gmJ^kl1d1~Q2hqV{hAJlNk?--O2D(5vU
zb>~g+3A?J=&094`c@smjMuA&%Q&qdUi3P8t&YnB9oK;xp%_Q>E4e%_7SFwd_YdMAYDzSe
z_9Rd@52+7uUSb>d7J-`2L5+wQ3+LTXa{v^TG$c+(oDB#s$_c5q;O~38t_`|?8lgOG
z(39BrdWF85Cp7x5;YtXZ`ngp9j%U-H!T1)LNSJy&oxH(y=9C6
zFCaf%I~m3?Mk56ni7c89z&Wbk;{uBhw9|lXHO5Ne&4}9&*G#4F0V@z|g
zhW;JWHv)Iw>qh#AK>G84mu?&y>PzR`{VmpuD+)C-?h&sj-HIn9Uh`1VBdEV@?o>9H
zVReV$g|=Nr|0anWW7i7QAa*En6E1vMscs;qxHFreTfkp`emg~)tT56Ei%;V^n`^%w
zjf;n^&Q1mlopV8r(+TTv4cW6nooKQ10_>(bSYz4r&|s#9^8wjhpmqmP|LinzpA^Wx
zQb!iA5&VG1{h)5KSoFT-hbQ906XRsUIpp>a!r^kdB|v@ostM<@AP@E@%8oR$AGy+>
z;KR6q3()?5Y!;1mYUbwr!tTW$vxKWtbM&e%uNjr6*y!8_g*jYd-}}@oo&>}98g4;T
zEhuLcRtE9*x;cIsQ@!r9kgt76H>~XFedo%4^-j(7Ui&NnvpDiIf$VcLxeyesiFS_b
z3TKVL3K=h&NL2@3ekZ6wzDY@yVt$9)KPYRG(mUOBF6HRfY^j#wvIlZ0ZoVxpJqC@!
z47-@%9#^)*bZf4uK6VYLw*r`RJk}-j9&qg&jMrA1I6i2Ww{>f3t9xvx0!jVDZX**k
zdSt5Cg|C7mQn!KW5N)XL@d>Ey7A(hNmTq(NTzG#~j|fxEZ56z0+@_{3uc
zxYjoVo)t3-xfb;sh|vj8n&gCnqIx(!IdDwI*UWXhm_jtu^o{4b!%q5x1p-41u6vy^
z3JOlfK^!Ih)DUUk$GZiLNOv~FN4W)D^mvFg!4nK)h%~kw)
zxj^XAZUb2Ww3u=1ghf6tM}XJtFe%s>q+mCw5k?5Hi!_pRG}21W6_GMI4~q21nLXpk
zD7n~P9hoegk&!ua_S878!0$D3lm7srw+&^MEjSn_l-q2dEq0i1a=nq;*V;*q;|l*?
znw#7g$o-F*SR&%`)3sCLp+>Et)I|X`&ff}cGz8c337`%N>@_cX(JZ$1IJ;1N4gE!XR
z=N#cX-*MdF!Ta1v-Uj5oR(?Pre_tJWHI5rbcpo{*?}9Vi;xW9GpRWC-4&FL!r&kaj
zH>L2N#45@a=*K;1;(J$+H=lwUmp<$8pLBYf(qSF`Q;w{I960=^&AuLV_`g||zQeDD
zLgVM2HQT7u;io@j!cBDe&pB}p|8xua#3n6A9R5xxaQL@az}Y@PT9sW+oWmc-4LZEb
zo#fCM%oW^g!u&cI3p@jAkk**fzud775am#u{uNH5(|-$cDQ?sjqaL4(fcIJ*LOs9Q
z?13y!zd0P;MgWb|zs{-S^shG?SBcY)(o>4l-{izQ{qr9%F+MsWg%3FOoIWEYWq2^w
zK*#mC&P?|dC;2bjZ2zy(l81>3{&el_V-wQtJN_w7S5t%G_?sh5lL0f1{{*Lw<3G_S
zSjWH6PdFWal=cwEztV|0{xzVAG;<;bsYbhzA233AIBYAywOhbPQ>b!
z+f9-_Hz`7r{)$f$oPVRmr=X1)?R4Tq2RXs=mJ2=wBD4YU=HGc|WLuwai$Z>(svu@+VtO1o{Tx1M%R%w7D_o
zm(4Zsv&UonV`Z-hWV?eJ1cb=<*gqV_ID9n9W~!5F=7bkRn5*nh0QT3LOz0B=4NDR=
z*o@Uq7vJ?}a~1zffEvEV$le)bP32Jup}1M>O{BumD#d}Znws&^xbYQ
z6dJetjh2OC>2|kTP@>!YR>!&BhBjI6+hiHHdr${%caQ~~;{(L){;cENZZ>x_I293C
zy~(8W#lYqEnh=-Hn9F@wOD|2DesQ^v=tP%00&*$t5?hLTM430@a(C!hKYIhI02-J3
zw65cFpV4-91^w(N2o;z6oQ`+7c{iFEADfW64|F}3%Lqvk?yo{jRQ72|^NF}P?rNi<
zVc4k9wM`}_q}g}3)w+YJc5t^FhGAWQ2pf01LDzA&H9o<*+e`gK)7?G+S>tZ6*D-gy
zA5?L-TXf9bHfO4(pS@Mrakn@7X0ZKiZg0^S5x?~+lblDaL3HiW@yQ8X>vG-66jk)A
zxw*zXpwwa<#H-TPsbWe#(-rT3;N0Hom0mq`>)LBUjZh2~R~1~@8?$%3xd#W)!ABIT
zn5gDYyXqaBCuW(r6$NqI18PLXsN*Me!@dW_`3(or!N*yun5Ye1T~#m%Gg|d@v;s9E
zV$hMz-3JDP^3tUytQqEn_?Aw#*?K+_$GKVK$ouH_LAE|I6kl{h*ko(DpNp6mmf_QA
zpJ21KA}(83{c^bp>3W;EFQLbDM<$ud=+^vP)vM?VgYr9^rpiw?wb8BFUxiP3)iA$+
z92-|aI)f?&WTtLq24cTg^_VHp?(liDwTypQMHzvWMEUrBLAZ8*j
ziu4B28H|IdxrS)ZHtiiUkx*}3j0nkKNb7Wcs~{7Bi5KsTV1}H^J@p~)c2;<6Qvygn#E_9Xq;E~
zn28cU5tHA)$tD*lJ*#_c0IA*LWf(_er6&KW5Mr9o-7)4~VB&*075VAfVNY!DOY
zoPxQGk0gR@6koUe{sA8oT3KAB)~T7;>toCH^I_sFOmEp|xicw|&z(G4oMVzPB(Uxy
zNQSZQH64w0_FHRivDUoGT61e)%^rMVo7TI%Ej_QlOkz
z?I^PxD?6EwaWAayC=(qk$C#3HUUm5#yb0!=?(Kb^C1ZQ_#D(*aajT{O!r8O(d5w^(
zRUUP_HMg3Kd;&LU
zvH#NM+|UGhsq(qK$@vyKK7clv=0g`1afcIua=(+?&oo*;3ZUHC#Auyc!VO1g36s)!
zjkpgAQ(At-xfoa+m%`U_IXxo1;A#h#$jb6-@2UICQZWZqC!-h&wX0Ht~O!fX}Jw^
zI$+IZ4zRqNsfU%#B}2=PWQN0Hrq+!XPe2Ei&#hfcPbb%uP+(66*0tD3fc=~h$i0R0k
zwUa7JnMH_fb9%9)ir(gyZ+P;ml-td`S!GOdT_9gcdAiM{fgM={Am5QWo;0u@Rdc4f
zlpE4)x00;_$+N(2K4-p4D(m3CVp70u#x_vwMjWI~U{@)wO`uSx(_Hl&&KG8w$oRfU
z*X{&0BJwbKF|o7uIqCq;?Jagz5d5F<*aB|glyWQrZi++DF2)5+c&mS0H4yx_zN#DW
zNKhjp&wz=Y*CeD)1ocvjJu(P*c|11%0%YJki|G(xHUX2hr4T#Zg+tk&{Vrxz`CEY<
zV6i0u_LTtptefX!J&zl`gviT&3s=A5;@vMzw2uo!yUnnDi#NcA^Upd4UdX-P$$btY
zD8*TMNCocOnEPnXf3SC&yUB@|`-Lj|9{`VnmQ7Z7uRwS8zv{jy&~0>G64Mp-9)Pm2
zmyKiolSt|!tFud>^I7Obxt^um#88UA(uZ=<+TD|}znP;_Efy5{>Ds}-_Tf6^$OC(xslL`{mSd0N
z|F+oqv{}UbXKXOYUo53(QqFuI!n|7o^pQr*Of_ar3w+!Rz>otsYt>?b&Wk|Lkl)Nr
zr&QeFO|V7e^rH$jrU?XIgn+y))?$<{A_iq>{2ZKgk{X2wJ3Mu73_saP4{Ypa_D$=T
z)F*9G=BV7RY5g0|&DFqQI|o9O%9IN_-UdsA#(?1n7Re>T1JvV1il?A4txsA$Zc>v(
zLHEW^K3-?yjR|d3E(z&bRyd=P;XsNiGP~CSVi3l7Fw&7udPMHr+-#i_9+ZFO;Kqz?
zHrQUg;+!PaMMB8Uh*R7<4R6UNCS+7@f6>q|J_22VYh($q3}ciRe@lKoqmdAa#(`#}
zVo_$yL`>sYNtq6S}a%eF9CQzWrfBHuSvYh+G>vD*YVF_tlCvCR_6QRa2YV4K%%gV+Ji
z*tIK@veur(lE_jiKwz=}b%@#dKPIy~+ENr~?&Q=-ZrQnKX^^P9v&79tH?fF!38F2U
zOtiZuTFM65t&_49#oD?*3L?INt6zHv`Ez{V8r)maKO&D=XtkBLX0
zrZ5I&`=)7@GJIMQU+!(Z`jf`WTPJ6aFw!ii1Jd-QJiO!PAUp;Q1;*L(BiVyJ+Wj17Y{tizEi~j-
zxkLcdx{1nJ;pW&%Ix%3`5<+GWHokz2FF&TH;sHuxxgZ(ujo55}p1HZkHB<)TlBfjL
zQw(oWX7|QMEt4@->rrCeX~Jdkx6v}$F}(#!R~amPOnjc3z>Z~sp^_Ovp_fou{qgN$
zVpL)Vm=&Lv-f1jXv*QbhQghBjtu*Be<9Y_nQ09eDQwOB64T<@y<4jw^0(U$df|}n+
z#W`E-oM&B-UV$>aG@Lj*wEgI6gxXJpK|R
zN88hR;yr#8kp9`3k
z>&vDX*+);hD$x${t^H~BW3*n|l6`uj7)|RJ`qhD$Eg=bZKO^8uGUElSjDyBDLAly*
zrxuC7UZedK825Lk?vAYIhU9qxlEvn1ov59W5+mZ(dEEy^Dpr`*1uEH;(`(R8odYeg
zMiT2!XesV-Ed`7FdG&%}HlMHK@)=1t*}C3nsMDQN>H?!9&`d*^0(haOV`VA7h;g*l
z)Fk}k1Z}4BU1DPstLzvY`l&-aAc=l-4NN9wHv=n4_}8Fc25I)3XuivR8$s%PEj^$s
zpvVM$rKV3d_257C4B%(}Rk{x%@7L$65s+_mMz(1xjeL!dk>Y%99YgpXidr9KB7;p&
zw3J&2vD{u?Cknf?`&(Nx*6YF@2C*lv$D1EUu$}XC3aS+={d@`91>E6fwSyO+24v
z=`M@#OJ(3W?gnE-?x>)%Zhh1}8a~br5wIzvHXR&lx=#ubyZH-cyl}rLFb>c(P7lDo
zeoFv#_@V~Aqc)kj=#VtYoRpWXBk1cq#KJ9=iAo<%Fxo(AC7Yr@^@uIyN&h!!(Xh!B`*+tsSeW^
zFJQkMV@sS^OdwKB+?8&Sy-|BxA754u@-S}
zES}cX%shM^A47u9a6eCsp{0J2;B~sfpAh?HofstgnXl?_86u^={uesF7fXnV(f_SQ
z8V}}ockxm)=zc?Fbnc6z_@4QDpJodV!~UTT4QpaZ@i9{#`;qI?j$%IiC;u9b;{g4a
z?Z{HgLBDi}X1rSikB0RGeX5ih%r}DCMeOt&I2>>NE)+AkJ0vvrWd9HkN1qpTHSuf`
z5tXqSf(XbA`!7M8oDCTGh7I`m0f%8(|NBoJ<|sRjVcGw`W{KjbdSY`${!CDqqba&`
zCd@N4N-06ikVIAmlVzAEG7~oS=ZO3XCQMlSb3mE?ybLr|vhe@zGZvnNHis32u^hVhsMirL23-y#^FplmVGEdv5H
zkkBeNo6Ub>>Ic&Cb6&+kSW+uYCYLY=O<^@NJ#FncF35#;F^k*c*gjAMkSQ-F
zLrVjO1RXz|!JJXNDg7eQ(Vv0pWHK$GR+Pn;B$+pg&qEuTF8-`c*Z6W^8ia1~vsT@0
zN+n^K5ekOVHm>xxJtda5^!km0Nn5WV0g`BAJ@ohJHjpWt(CHh@n?NPAsh>Y>*FWCM
znEH<|52ldwH~f;ZWplsP&!
zZ}@-C3MIyqRds6o%)+$9@=G%-HJw9kQ#}`DGE0w%HFQ{H*q<$#5u-Adm=Q8FIkV!!
z?Stu)`2kmoPpt4P
z@Mj#%OpzV8n(RIiNmUC2Nm~WjbvntPGsJWdXCW{Z6mwukc!_DuPv(g>Tgvhm8^YMR
z9>1fGO_AcJ4iFM8cuIU`;5+d6Nt;s>=Q38tTPNP%uBtnca+#9$^w!$}skL@OYVD*6VC(GwXl=jy_51(UUVEMM
zo+*GGzCQn3o`;-s-nHJn*WP>Wwbx#I?X_Y%CZaySODo`E;)%w4>)WHcg&ly1&c6#y
z^&4Dz1l2b^gfF;9dSlg2+fTcrg_|*A?uZnBM_h4SScEO^j4I%UEPj(sKEf2DKXAQw
z1sY%jVbk+_7$&O~-au}qh^gkiar?0ma21b?3UHNY-yc(_)cAoI#aYzad!YKMxn_@k
zH)b53STZU08Z|GXo3Jg1bH!g&*!Ws5;qo&-+oI
zC5EjxT%4}gx*z=)ACB3^ek{gX^YOSr;*L&b!Qn1u`%R?#%&_vvsmy;MTACfWm~nm3
zf^~ZF7=9v|dFLS>v`AB|dFNjf3TI-GOcIk^CikcGH8ZaEwNFO}*32e;=`-3@22qxs
zhxKKH6}9g~tT+ZY`usowIWi#-d_+sP^_68rtvd0$A-3meOQjKP!AW9<`7Bt7Ig0!2
z@yO=n-veNFHp+}(7@K5pBODlCP!bH$BSw7DyutPt-qr~26G?0_{V}$fftW6d+F}mb
zKF4`}v=a<7L|GxZ#YGt<-s+<2Ae&tx0t~eCk&uxYY<`IVB2`(?lgi@&Ai9JMc#N9B
zHkdeb&ezdT(Ovt95#NaEGMzr(j9MK)j_mgn4J~52i8ryt2)v`d>CGb)Z&P7pUc;XD
zSx3HYts~Dw%$VOXc9Lg}o#eaG4gqNqLI1rd#b&wsKL3ufldvTvGgIuTrjMDPAF6=_
zPmD#?Z%>KtBjA={Y$rd8R&GYaF9n`YSPrD$ew<(@c_GFs!fMY?VxF)iCC26g;+WW<
z+1jJJ$nX}GSk8&Hbile2v;By*sB&#D#Y_V^EE|k_D_SOURRLz^wCPHj)og9ic`l2~
zN$}fcMh7`%IFE%oA55_|C2Gm|rGCfchUEktJ8QIWVG+}b?-A4cU#2`=2-t4Ilb&}W
zzlltL#``U3QVmiyZL7fk&bNZ$5nEAWdr4@p*k|H^e~yX5I|F-FF{a{rc)HLyH2c_7Aaf=5d-
z`$Tl}&QeS?1DGiMkC_vg$V7J*yH7D3#I=u%ylAGIz6jezoXI2JZXv|VMlx!%Fr6eK
zhwCqkw{Ae!i7J1L5p`ejF*R%#{*8OI(<}VjEGEA)7E`;UN-Qujo-5k4>Iey_kx7U%
zUg(m+Aeb-w+kb2QiMp`pUVD;X0b{x*`#C`L02nH?OD%g(6}^)yN_1vX69WtqyxkWE
z7Q0_jD*?YL?km1UDcV~zBKv!cE#uDgbC@N9O%(QRX5HChR)A5$-*Ah2k#5iDMr{J~
z)ZjGVZ}?bXxf~U9sg1g4hZVvL^R|fEM?Gx_GWwAvjb5c>8#PY~6ScWr(2reY*i^2mV
z`wtbEme=5x;-A>Q&CHu)S&WC>7#{rS{4mmIS4DRP%%WFYo;5?n52D^FW(fFQRjaOz
zr$PbOnHhj>N}InwMvO@Ajv_*p54y!6#cJX##<)9f01+b)jN5NX@wuUJM?|)XF)b5s
zlo*(Z#WjAqrIMSXHU!usbY}%WlvuuuDPN2c5o#I6Dpf~}3SsA1XVfyYUgkIaR3aPz
zB-!rW>>oW2favqkh_gZPB#G>A#YZKksX7*$BW*C_7iSXL5^HdP%e&YzZc##HLkK?=
zJ^B()j4uDcMt3RU*vg`63J)Y4R{S~%Kicj$JMD;?j^LbPc^_S)M#Y`cEy-=M_KCMg
zbZel)dZEPojSuItVOVJwwZy$E*0|y`UZ4_LV@HhG71c$2-OFrXEf~gtr3(=JQq)xt
z*gS&lkP>-@a^;zEO0lCU18}EN3i-Pn+ruFxjy3%U?=h|^mM%Y>yZ$|@W*SO#2w5q<
zTa`e#PrO&ZV=}WPBPx$%jeoyypJB}i@J%tK>9!j;)=-r+V~=i~P^tK$_&Gw{LiQ?-
z8B6v{@z24i^tn$U5vKRA&>zw=P>(S~d^oyI!6Vrqd?dy+alg2X;5hH2zCHdw+xKMq
z0*bin{zbda44B>ce=JH4YVcd%;*B1D5!z=hNr?8KYBb(fi_8AVPAuZCVye{9Vs{lk
zugfC#iMTF{orMnps+}&fk1ZWZOaPyZJIVZ%5@<+Z&y_^yiqFJs=pV*zD&FHQV&5>O
zL^t{3tHKlFpiGFE`53imM2%AZZcOx3QEBY+P(h8Gb0Qnp&-$9flU`PH_Db=yo6N_5
z$Ef=^@1N6m%~G}vR?N`fsvOY
z>%c$)(BDgk;-CzRyy~;9*m7gQ@dg$isjv7ZKhFzmO!3V~VX&`icbPFqcVX^78ApqB
z)_?lU5nqc=Su^XtZp{l=re<$kr7^aTCEWv
zkiAOSUE`TpQve_$HNKNzR(LkXh`B<-M
zi5*lnrtm(QceHFsi5eAtrr%*y_&H1h>~v!FXq3j-FB(Gu570}1@Wy5^Vme?0haR86
ztPyeWf+mdI4ABOHjLkVQb^@RChylji38r`BlFNu)kobYX|IW$A-vC>j@jp=C-L$Yv#u&#dNhMR8g+Om1=)~)sS
zb6P{)&br$oh4It#eWz>NS}t(4ypupuefzE9Sh8-NJ7@KrS<^Od*xY^Vw9d`lLb|0h
z@%?q}H+6SP38<#NbM4ytgc9Z{ujNLb;4mAKtmOy=%mX&Fwq5*VnFJ
zvu$;F+ZsUX*5lUIh_3KP{BCcL{#w_5OSk>Gt$oe9_H6*UaPUT_t`2Y6vJpRVgKFc3
zO*}Fv(f}+b#)N@fXjgd6+P6hZ?P?E4e{64G8{Wd@f`FUWbZuA*>}?x1cP4ofUb~jD
z)@%jUl(miNB8En;SF0h%ad^T){X7lC0xjwjh$Q2HcJ+dLX;|7
z&xUaOHg3~u##_y0`35BxXhusH^?-O*u23{|Y{3at
zuer&VzIF$50Y7fPb#41rra#(~n22b8#|9n?%vxVX{DR?TKp^W!aEs`0Ke&@I75RnCrrUl62@abSm?c
zJiz$jJBVw%se8l5Fn}iT+zueEX7e(wBIkr*+2=h980~V=v#s8#ZxsQN-%i9b30_DMj3}EduD;*~J6S9DxUD
zBz|nRFd6=7N(q4SMBa?BC4^B&`S!T8s7**9%EW7f`r6Z|VRS#0dKE%|fJ3;s&Hr2mm!5XU
zG4Vv%cyo?|1_2t?Potx6GPunT9&O(YfuMBfW@Jt=h2{s)l|$qnrh-n&_6jN2E1(Rw
zpv~RVMg{j$10L0OP<9*D0+3rrbLy#~gK8ViBW@Z$=Fd9H;14&a&h5J3S7-C9^>Bm4
z2TJD;)W9F8m_OocNw0HnMJ-QV5P@^JB+$)hzSRwoGeo6L
z{WN}%ruI{P3srjS`zdRP#thJ?R?29lKr6L+|3rCA%^6Au<8^pfs1rU29rOmL-l*5kIOx-+z$YW89^M$Ee~t${Qs2N0c!H!HZVkOLN?1
z-ZAqwIv_vfjsbHNc+XHK{ug=AFp_kQn}L3*I|1^Wcv$k516)s~9Yohs&J1u(1Jx{t
zm}#Pd0m?f-BYT-)GQs93*Leq;yN~kG%!I#1m>ok5DwZ#9R-1@we#SD}!zKYZoy2?rVKI)I-$7IH
zfk992G)(^s3e2W?%MI_M6fitk&~2kE41PD|c2YW~LIIlDM%5iO3Ej}gb2UfI{4l@%2d6n0h0kML+Jn&_n0}2*;2y&TS;l1G#2j!
z`h8D|z%w_@xeFDHu2)CKNxWaizZ$uJ(hj+|)h(fn@sd*^S~|+HE{{1?5sg5J3#3NXaYZKqjdg=DVs+UWs^HY
zmWqz^t3+PIMB@U{Yn^oNs@@o3f$21+nLJ4MRy$rrX1t(KfWh6HC~YR?R#Bjv8X9<2
zIYFZ_`5^#Q`P8oQ&q?@L8Fsb0#%FuJ>8#sYm5eT(YI%aJj74D`f9WxavtiYeBfaTH$TDR{ML|B
zlpL?sj52<5Jx(8$w_^DPVb_DOHYSW;f*4?Bz+FJoSF*Zg3R+25;8|dSEcn;qd(bXw
z-0q4McmQ%I6{v)NDwf<%uMd;640=;HisX{;R+aX4Tco#h(c6ubb1$X2H-;~vGPlgM
z+AMIFnmW)CJb};=qup!J3Ary(z^%jL;dYvpg4ctPo8$4KZPtdekeeP|L`R44Rtq$V
zE`AMbM*UfE#wgYk3JqIi5AhsKJI0Dd&I-!n<#azy-cOZ-Gpy*C;a6%y>w=&~=o)o|)2UsV!7-FZYM(d~P)Kv`FXYdSB-L
z%=jRUa#y#Z#Z}x_8-)E@lppwwXSD?+My;RVng4{4^2bFfx
zB-Au=C2wx>8;P1I?GvK8^ogYJ!A=E@>LeC{j`WM;Ov$IRRWt>!f_F>3M#_Xhc5ey0
z`Cu_1Lhh98Gu1m&3rt5jp?<MUmhHaA18osV-`c(3ymy12)P?*Iy_=oOXGSx`WW
zK|m0KgO^Lz?RlvUIn_l55Gpr_nC?6=@R9AE#20Wn_qK~7Gx#$!MC07s+Nch*!z-o5
z&Z2Dd9*-5j=<19JQ#Pxd<1ngqJSV*Sg$=O&77h5gU|ct5NWJBRao1Ar7b)-pUb_WN
zxeTvuq=iRO`RF04>7nu-ng$+#HVhd%9&7^b6Oyrq)!q^;!Yq0B^J0<)fbIK<1!TFm
zM`Tt7rX%kGu;{l?k+ZxAtXD`yt1j@P`g(NHF-mVFsJY|!foBQ~E4f~s5r!@{MGfc?
z3_nP)!Zt!e0qds>h17tydOd{LlnSGqy4{#l*F{7QjSsowSdw_(0=iX7p-eP>#XC*o
zd6Quz3hPt*Sa~-}0JJtn?x5U9C>z4Rk4kKBOvd)c5ar!rv=3)2){?JKL6{fp@sSc*1JC(GWCeF6wk*0X)u37sFs_w%(3khoMLm??LwUQYWIGVibkxUhLv}>!
z%kVy=4J~oED8E3qW_m}sBD*EoNQ=3N5Sy701ASB!Z2>PFrbMIoaSIOf@@Nz|2=0AU
z0`9|@68_ss3(YkHdqSgCqFdsBm3ZqT^v3s(4AXY#nHg^G9$xf|+_y!@h7fXd;|O2=
zWy~@V4z;TgT6`{cbVa?WALfXwDB~-<-*$i5mfwiXZvpY>3KxE}t#z*}Kn4B|V#$!J$Q~@?{
zE-Ipm=6;$qNVEHCE;EGt2LuC6V&eEv)Wk9Q-G2ci1yt7Z=h#S*kMRJHq|(Lhcd6PXQKaV&{N;lb;ry
z{d+WZ%#PYVW*ghbtmuPT=E2PCX*QS@qJa%4f&`_Ij#1hQ$~^{wSZNfnN?vbwP6Q}nlWb0Xp#c>-Q$|6ZyfCv6>@1g~94OauW}&UHvlO|7
zZ8Wl~umD&A$~%PsRvD(qWy?mwS;f>=DFLf-g;P_At@;_7T~0af
z+xlUA8htL~(=pk|VL@YkZg}gHX}{n4)NZU#cJ^88Q~UW^pW=Gu24j7iDAp&n^+l{t
zQClBdpE|_)bX6F}r+PEzjb$a?_>|*b1r`|X?!dtnTcGA)#Cbai^Gb%5#XfnNtCdny@%dIS7kf6E)-Om>z0q
zf`tl)k3DpC6WxGsF#k0+(Ixl>vwU+CEycHS2Ja%lo6&?b@D3W?LvtdfENY_5@vNeU
zX0x5m4MDSEgMu4sg0X;2h26(NZP5@-9FS=T50nY=ZAzh0DIMpELYl>o_=_>V@s~;Z
zgw;+1G6y>hGVk-3$qM2s4bDV&yC;WlFwjlF2^RoHiK_B_pXK{r>-#>*_uY>_-uK*J
z=49Vd(-qXK3^w&0ue`(O=>N6@U_AWQ4EI7;Da~8EU
zv3+(SI=u=uLH_W}fgp~6xZEIA`!W0pi202z1{+s{Fg)`aB0rbkZKj|3Id4JuIrn=I
z_-vx(=R7j}Tz=zp*FNVn3w|!Yaeix`voV#Q%Wv!o>~kJielEXp{Ahmfrz*4$RO1M2
zI{r_<{~G+S!2c@zpNRiBVEYzctUiIK_=vRB)PR=8*C;LC_gCwIROSDrd!`!a`h%ty
z;(LdG$Mw*Ye6(3&oZQNt1?-U3i_Tn0HG}BaBJ3Zq5MsktH%KG<(DU%l!x^MGrwG-_
z9&nuL$iUCV!R18({z@!|U_);k7;P(+;FHe<=byklfJYsUOUiIG=v2c<(#I#nCC)VV
zkbwyrd(4c`A-JvW2vhMBFv7#_F3^M$ZZQO4?&gO0_?dwL*c&^XT=pqVGY+%wR;SUk
z*#Wwwhc4?8UsZvARH45IbV(0gYN6@Ill6c?UmOuQErk+}_tKrG6>xU|fI{(LWx#I}
z0iJoIXk1VnR8NQW4FSwe1Q1k>bms;I91R5eono%TGc9_j0-ofeE*1d$>wZrGpGISf
zz56KWEGnepdno92I%$H(C0|`(X?Y|&0LCagNppIr3>#Jmn1*f)a|dKi9c3LNx78_$
zHqNto8r>Ho6uG8xlNGR^w4YoR7dRY;U_a^?
zPvxK?@>+#H;<3MOBb*fmap>Jt;M8&vg7iy8+M9-2PQ!1@Uqr@u?doBQ=u@PlIq+VF
ztHgNt3^*f&Om_PIqayqV`$fY&wqJNS-H<_dL@_#%W$kdq|;=
zr8B)v@D1+}HWBzSg+FQG@Gem}b6VO&Tl&Kofg-fG6w_yHqo3eeiqa1Pf@cZF-q1nH
z3zGx?g;m@ayxQX_j_`rrI#eUmQ(UVWo}_D8d_J0B5o-ei#O5P@HozfKYT?
z@lyL)BtM~`
zUqH-(2zaH4*v>R>R!_53JcyFZUS;bgoUjE$%HF6L{<7ue_bKQpOrQK$X<84B$He$J
zirDS1-CH}~aAZ3N>EFt%JxP0;|Rl&y!a;8aeq{}8N&PPKmJjM>e
z4qaCuE1h8MRg9m5qS5dTv;tT9;xUE3$HjC%!^BQKA{FGCW#yP6d=LG|2RfN5;c`uH
zji|RoejLSnUI}HLVS$hjm+e8y?SzfqVU-%hb$c~CHk=}PH^iC%LEhu;r
za=uffU!D;XKT!neG1M|ZE99<`UBP~<&;)_N>uw&B44c*E3qf6waa#v~1_k^ph8#T&
zuaR-rQ*aj!ugE(p<0fKS0a_SCet|-vO0e*o
z+D%isXezEk^w88EUT*NWp~t_%tkYNiBQM|`cv-qCXtaq>D#+hlCgK|k_}>`xd>rMa
z!}bZSApahG*acELrfh~K_naMbmtv;qn0|$)=$Ka&p0s2Bq|o#4m@8*m(oM%u@DxNy
zQ=#?`cf+%a@qKh%3(dsBJ4gjUqOq-1u!|io;g0FRHO-k==#;VS5hi$emM!`uR`q$h
zs$U$lsvlRJAG6-@Dyt37E~>bm*F|g&;PY43LTR5hI)hbmgu&;{wuL8U@Z}196vd9i
zbc7l=aZnf{-%QwDit!5!ZV;;CT&Jo)5DLtUJ*)^n1wyv>7INU72Jb`X%Q(I&WU{Jz
zXi^KW=H-j9UxHbrg+hX>`Q%kPqBQjvr@2t<5}%KC9~T1!fU4#VGj@-Z}|YBV#4oMc+v^~VTGRmgg>RPq@3{U8!gG_KjCFg
zEorhZrkYc?E5cuWPJOu9lJaNGse*;Jl)u89YFlK>9%fGQZ26wzo&RhZzt|R?YPPf}
z!mzVNRGLK_bk!QUoWvl{{S<15lm2HT4+%}Ex=vTe!8SjCa@@$i!QdP
z?|}fRK20@NJr;uBs?d7@O+PHO78#koRYAw06*WZOVhMA*f==f^!axWIx5M=M6a~*f
zgr)s2qS@MLUK4+**e9V0EgPWa)`%n;>4-}#ecZhzP#UcE!g4p=DNrb^JdmS1pgY;k
zun@UO;eH~e;42mMypeJ{_y%Yp)<-QsM&xeA`a>Zv*m)=68!{IwmNUMHyk+bvhrh;e
z9PMM8JPNhy#(`V-)=O<0!1`2jhQ`7>JnZj+9!2;A3_a}GJKyUQDK84__Y}St
z&71V{CV!SMf>>D+hmIR?&7LTx#yum;MiSf?>9a
zj5F(UJ8lH33dcsTy31|7hoMd*L_pBFIA#~PTjBnln$Y!-f?$9JGhKX=ro*|jpUUo}
z*-!9wlQeG{l|6zFT$_D6mEl@e4_(y4_h^ci(WLE+8+;Vku+qH_SSRMcZ!V+?>-+mS`3{Y2MLdTW}%W^9_9|W%m>yra`(h
zzttB0!w|FT15}FZMZJ{WLu1!d-b=jYtZJjY7Hr&Zr=p!y)5C``qu`PI5{}D1$R8o^
z!!&jpBZshq&4?1dV!16lQ5MUh*`)}-Hi~F7jNElH#;}2dxITqHjIkT-6{Dv+>0;9Gk(Kp2)en_D(h@EGq$o$G@Zq_vW*SyP3_3*d@$^@(qI;6y$aat^(=Z{)tic
zCQHI8X82cW%n=TEfgQHb1lXcD!!CkC#D2y74azGbmuum+J$yw
zX4G3Vg%t6MLVu5SGEDPMP)#piWvYV@5zbJG7hu&;4V53KvgXJ_c%-k>v)AXRZOM#0$d~qhg$9!&x-PUlUhvf>pIOFDe
zPM9)V2+zvCEco5BI_#2z)JM!O$e=8|0%e+44(BsmN(g3H^Ld4N80;}u%rMj;eu^_1
z{_ra0{I6G@;vP9az0MqS2K(e8Y@j>X25L?$q*bHdVq5hLS`|8*%x;Pm8YYyCgK^f=
zcj}vQrZpL)4=OZakXTTDTA?Wf<)0LuC@9OXvIPIX6_l@CZOOP0LAmG}`_efC<>wUd
zFDfWS+I;g`OGBKrku$UB6^g^OSZOo=I{V)FNSntLIhC|IrU(}zZRWRG5{8jB>lNob
zq|IT)9ZuT3sz?cp%<5alN=wp(Nt*-uT1shCy~-B+{~Kw;qI=HuwpDSRDGGIqLLV{~
zu!2*Rk7yTX_#$Xcv3V-#d5hfDkXv6S*=L9W+R)_SO3aBwMY
zg_>{{N*YbWBGQ5-{|r^)KbvI&u%cmSWOSdAX4i7+220$pVc^a?gM~+yG1siNe^Tg2
zu{43GyaWC*d|t7+g}~tz4ho%9-F+Lcs?V
zkEaC;>!V_*KcLV!>P2E4P63r|)Uyix4z!p0$X<^p$Ile>G3a}<2WYNUIE18E6?z|_
zvj!p?5`ku|whenX^mNB-=G~!gzhr;6Ofmk1iZkKGjXRTyk#7dHOEG=`l`kEgGaiSF
zzE1h1!cU`)aRczY(g9~x_>e+-a|7@T0yiR7gTuGbgROj~U*J_y+OMf}CaUf9Z|QD(
zt0nza-my&|!i_DvW0R&GRd~OQh3}9<5Pqu&pGMDMPuOVpNy4T%Yi#kiqg6#{)fgzU
zM&FXR8x?*$cBn_0?f)u;eh4Q$xo4=*j@T%p1?^Pmr=TTPpP?zXX4ysFuh4&nt}yGg
zSX-rPLHL3qd=vK~|GKb~}gm}~Fvg3Yc>&*h)>@5T-(Xjt7xgnIr4OMjfmm(B8cg{HDFzf}?bEDN*0%j<8p
z1f6789o!I``5fiq4tFa?ccmU{@Yvk1h(8CzFBzaq?J_OLGY>2Dg
z`)K4c4!||Cg+@Qhds`f;R_>*FSZYm(#@Ypl8D!)TZ`>RshhQjSaTJOq?~rjzY_-7PClX<+en4IDT-Ynj-QX3a3{fC
zCR|kzRuNOFca*Efp6knO&FP^QV}L*;4(T(QzRzs5eb$eqpaOG$yk}il1peO&PvAu9
zth!D1{oSUsR=_B8nmeYXl`cL+Guvosn02U;yD04hmYNxInG$}-&%sDR_4tB#4BR>i
z`hsXfm{Fy>jRPrcYV3uH{p@`HXrU$iVILllATd9LM-I-wUY9n>MttpNOB2L4mh^&O
zUP0u{vnQn@m7Z6Wq*CdR3QZxE=5DbS_@$Bvw96HALE`4;`qmp3HygKFl2VGBhZG}G
z-2A745(Zhs&8rGeDsIwmu~jFC8|jjZ6n?I0xnB{JPRqv?`afY>9_zAwnqpc8!xo+}
zVlpk~DE#keTE4B@(wuBsisJdAqWlTIsx;DtIkIGsZFlBOT5#rUx5fMy>&A135YWTw
z#Bz*>?Gn_hF67GslO3}muUh7~1lp%mzyDWF2-{R;hW6hF#)6I?fHibdE7!V8M<
z4IorOfM1I3p)Bde#(lKpR!iV1Y;p=&f_lyP8`vi*jJJRsdr~1P*IN|-HOA*aY7wVZ
z@iE=02;Xf8V7XWbkBT}(Hxn&>6k^e(JD*e(_UIhTJ7#;9BzuJKD)?jKM7q%K5d``h
zg~sh51e(3mHs@gM{-V?K0LKGD)))g_tWZdOEDV*WXzUZ%dNl}p$;$B0
zJ{F0)JiM7bO1o+-BSK2E@NC(`9eBB_zlLq3a5T$BEV)W0-iWLRlf4
zjh?y4Zs~+0b}QJw+zIGD1tl_zARJNz|K46`{+5CgWSmg-M};S+s{9?c$%$0eDJYRD
z(U7lEgd`h(S@Pbc7;$DMIXAgap<>CrgJ3@@Xf#JBr~Mk~am5?PSvK^)Y&%jJI;Sea
zg%~>b=u1froiYH273X#6ewd{db{fk5>IH><9ZZpIeXsu8t#DjQG`tnD9R9oP6m9u9LN;tjg#DToB^MaNi3+R6*X~iON_u9{Vq$<
z?_Hkd#V3r+n{G}sINlW>gkS^5X0pKVjH4BPIdkL`R_ge)7LmxcUsO;Eu05gfYfBZB*f8PR#fp%GYh^^=rWi>_^gRkqJybtZl+;5td6#X$xrb`2q9(RThUz1V
z@J5D8*1wt_OAcS5s5(OvP7AY$rR#Eqo{lxh%F=tILX$4cTT?*AnA@Y!Ggx@*J`XgXgNZC66Ujr
zg1Z%-$iss0xFYz=7SNLlI`>rZ?ywE_mm&(>NCll!ffK9bRf_)x9qL45_>Pv6de$D)is5R^}jfznzh?Ony$Gp9gdt
zd+IwaB~Ch@)CfY=du-*r$B#vjk>8^TsqeuYQj`n62UB&otv&9rUS!Qh3QZ$`N{@kx%-i&yN!&d<>eaFpk<_5$cOX{fofF;VPsL(#BLUSg-IK>uB#-^S7yv%Ils`MU~b
zt@*OkbVY<{hW=Ke=jQS`_t@6Qv8JekS12@Y^%liolR}fKf$vplYBli3ijrCloVv%-
zH(XOhZf#T4kD$kL4#kPR-3q-6Vz0p4N#$3X<50seQos|6@<}crdaN$c?rf%M+6(wo&4l6Wu^Uf$r
zV)JAwmF~6e|4%SGACy~;wtA#O6BaemLsuz0@hC@%zh4m+!i#VKw^O9=WxhPDz~7?o
z8L*$lKo2RDedZhcsl`HNSe{X6+^`7rL<*=ZwtrG+Qt6%dLE9s#r1v`&AyImdHb#?I
z6yY^6WtFj$74=XM{*FkR!j2-yG=vZM1$Rq#$ZK!9&sO{&;8y=@i_B}dMpfB@3-Kn*
z1HTWq$(Z-QuJ2!1wY495qt!}Z_v!n?O?Q#ZgNmxg5p^mJi)ln=O~Z#RK}l!L5{0Io
zH9Hg~>8yFbLX*uJY0{I5631LJPR}d!!uq-CBX6{yC4R)`^!zoeln;Z55LK(*Ce{Ozp2oPF4Jl
z%c+VdHbE-B`SYFPr!S8tesQf4N=%#ii9a7IkWyq#_2ohZlH@`)nMsi$GMYaVAS6*u
z$W@v=r)GTCRlFS2G|v9Xb)A25RbczuD4AFJea;vOU}ADrekch$C0(v2Qsw88NEMBY
zFp5p2%D~i#RPn+(P791G(|{P0lGj#;^qO3qW>)2|CW$6LOvtQ?XOihsGOMBpWZ8^n
zR^^v%W>tJm$gB!=uFOK}S^RUGp_25&LCWR?br2USWinLc
zJWZJn)kVOwbmtZ=7UzWH><&=$@wY4FH@x{``}`q^^NWxGY?g1sCKDh1l!FK<5qBP@$x5zLfpGeU&Yysdy@M;
z#4eRV#1F$q2v4&@C#enz0uiLhmu6{7=#)txg)D^!5Ll;@$`4Ql@_wOoq~63$F~}zb
znZ_A%NyvNMl#B1E>3&2nz|B$Q8=TTg*~nFjL@A%8+$ofe)KEwthaiaCY1TrT-%l6!
zLj?-BcfPBU#^I`j*R-4_p2hWH60%FeRTmDs`zfP^
zFL5IFd7zSJH?R+P;d7J;TDz&H*=rfXO;tEKRZECqR@^3)LT{38T
zpr4kSPxjY#LW8)gR}pHU288`Z!C%D}4wuGh2`3^RG-C3ZVvA8MlANGe9E*)XoNc6*
zy@mqMqu{MTzL}(eKS@0tbFZ1nvXuDGz3wjty1pBOF53@g3J0=y8y6
zh8YnV$pS-kaWluvLmCbQy2Fzkbh~@pbQ(MKxd^})8Ztjkj#BkmZlZCzs_lzsd
z9N}W6rG`D)#P1I2J>i}Q!g^`ia!lbS%5LH8U1JXNtxBGU2MIHdr-6(vH8*2kAz>c6
z%v34SCBberKccKYn%KmD5n+@a%WE5H45&bwsOMw~BE=m19hp+(v_(P`*ktH&V}
zwH}~VoDeSu(eq4eR^m2D{YavN9OMhRhl(IV4pQ}WJZ{9<22%FoL3e|@i6f!9#TC2p
zUOjHhucTa%-M!rWEWppaM*M6xrRL&i;2^pHHSov=4lcxZq}1c@Pw^{FbPc{whrrPLAPK96~o
zxd;La(MsT1g~U}WsSr00JE*3G=C)Ez7nL65zoz`pAoK4|6w6gQ)yyK8FkDC45uP>g
zaH@*XLIj{ht`?^n?mkGRhAc5io{H%mHd+MQ$wdXc)&>NRJ+^2OrA=UhbC3j3k}aE?
zm6(#p&}oQ{IirxK?Zq@i|M8_CX7IwxDHEBeo3Kzy=IMzrSfcka8S;^63ynno4cJMN
z3-4N!oGa%DJcTiP!58?bSPr?-g!znYVmgP$EvH&st3N<>&FDvPIRsF4D;7z7VmV^b
z3a-E+!o*aX46v9fNR~LhgYPY6aYm}b{VV|raciX3e)Qm1GylrRbz_Wn12^BMoek3{
zB(g;K6?ul-d-EQmYY}A@BZ%9pZRXo7d@I33<*Z|7O+emYNNv+NK&~SUzw$(NgmxsB@AfOQI7=9&fYY9?{hgn$8dpx0$1!yF)
zJea8flNt3`8$Sh?i
zgmyz4$s9s2&o81pXA$_O&uZNv4lg?|1ed;R`)D*)22fJ%Tv1GggNSIvC73HV&K`UX
zhS7q`5V&tbAN>2)Q%&T9yxl-R>Mo-^67aG@?q=v~6A)5lviBMmw^zY%f80vf~=rX*}1K-Am&+wb^j3
z8ij(RbjP=up&UX=+MLj;QE1gzv}*g`xK$HQNvp;(8xi|hfj^nEeLX%Jq?boYuQylF
zqoX+*q+`GEXOg}x$$%sqhKVQ6F$|?b?Kmu((i~(5jcrdU2p$K5omr5@e+Cb2^^yF0
zRAHuf63(f8mGWPsz#*F4Kn3PY1xpn0(nRj{DNwc^ps85?otlx9b(9L%NBO$aj0n=R
z;u8u!|HKW7RDA7vT|kKPY`N{M8m?z@AJsg-wbeM2M$#0SLcXeaq683{!dAsUFQBS2
zJ3R`ys;m>d$W@|Ak5Coz8r{Lw5n|pZosIES&pHbsgWg%_)Q_T)n`q%-s$NQ?`_OwfGqf?VwpF&Y;v}V+4d;cFR=kQ;R1PnX
zp=4zY_ikq41F<5^!pF2Ad6cB&g!tr#_}~Q-AAk1S%Z9Dn^iimlmT_&|y=kC?SMD?{
z&-@U9Zuln@=Bx%nMgv}A(GGU`beM8p&ZnBsHuEr8XMP6T7$2j`ODpirq)~iU5L~p4
z9|E6$0^h~*54C%m+hI)|*kOd+Qq0ndlZdN_g_`BX64TAWNHaak>~tF?z!HWQ{E7kh)O>k&pCo^&9m3aUuA
zXydYCV*|a1YR}?UbG&}z+YYBeUZVZkt;p-#Xr_vT;>*w}P?9t5#ik0z8IQ9ejKUVq
z`v?_ZB`H~9_(Qq{UZN$!yxAaxUiu&&V3p}(@!kb(fyriakk9&6?E3$RGVY_P-tlu$
zh33Uj#W}Q#k>?lo2Hbovf+~zv3-{|Q@O%Q-iJNNtfhYW7@_8lncMd{qB3tZUID-zc
zP|m`YGs?r0%c=NhpsW^M*kuI2()=2BVXq@b4QE%spCpOwgguvCZ!79o
zW$-?ld*ZxWitPoi{ZB;!^U*rq^honuX9fnj^i!T-
z_tkaY*jiG9`1gzd%)wa@8Jr>>oKd*(
zbC4F?LYHBDaDZQdrr#1bLJPb<&}BSAfbV$?LvrEt*PNiG$NsAHFCCu#rAj|tdKNat
zeK1C}Vzb1o9O}SdhyOs9@O%nF37WAUO|CO06YOUfo?oM@xVRRYy^pRs23{MWMTxv-
zcA_nm-A(y}bk${+k03Kz8(;}(rA5e%
z02pVpHdZJLq$#^mJB%eTlwb>ljVI@RZXV=#76Hy*F>^PDf)lGeg#d^!1uX`rT?zxw
za^zu|j!irQ{CoSjEg|lpxUSg_3+*^`5SKN+5V^AZscHym3urMvnOf*Qk0-J_!=#(N
zpRVdLQUzPgA{Yb8VM68hm>qu}>`MsVfyblpc!;iYZJH31(*wEJ$B;{mvq
zH{fz@FU`lDIR0H*xci(VW5h2gN%xLokJd!F;CN0cl+U`;(KDtMPW+1yAqEDuKEuXy`>39oY@SsW
z`Fj}xz)V2UTCgB=syZs;1(Y>l=ENW;PU0ge-mtPt9P++tnu^6d;|7EoxfRb{@1qRi
z#S1whWygq&OJL$qWU^MdW1I^qg2DSiguqPTB(kEGLjA|C4Y#zTGPZ>W+Fu
z7$T}%#wdubl7PvXEC$9A`fXTTz
z`uv(^@>r&@^%&-JYdt1oJ$8-N0EShr0X*O$DHOiqK!MHAoUS%~Ik^ZD&6@_e<-XsE)u2p0{eUfhh?na`?g0adnARzJJ;;rOBw@`?par874l0*n(`bwW;a
z;-oy7bvT#n@Av~JhIuBd(q4#_^|CcMMtRq>)wX&iH6XuqKNdDbclE~4r;KWBTTxUu
zMB}OiWEeVuT%U+s;jIEU^R7dSE?>#}N*vaaw_-jOR7H7MWzI0V^)zLW
zrs1py-_oDsZb#UTOk*K0hUMOwiu_q93$Yyy_w|Wo5GG}=pvAxt!;l%oZ8eJ=bApkL
z!l>ASr!(*#8nvB2L!6ef6sfUz2jTQd;0wEp6LH5|e8`hDeDI8$*^9vUd;pjSB_s=y
z2ysi8iSu9)2NsU3_jCAAv-^kT2XBF4jr0T|I9f@&j!GJM{bWh)pmr`kWTJv$=`kx(
z2-*kN=H84=)F>CJhDzLQa4G}cXqsZ|u|9}gU_Zuyk4EyZ(?(^hS{a`Bl9nvFc$h;>;Zg4V$vv`*B9ek`N~(3fBY0M8%z3)Bh61#_H
z{UU}Oke`ND!XE${1_;XoKjD-muTz9SNNkCcm;(|4uYoFsUOQLMprtWYrEEDD3!ZhK
z4a4At@cGF8%{Cew@R@~+MVD*zSFo1~u%f9+Fr8}VlBBrM^$MZ1`HJOjLQ+(?LBtXu
zTi1A8_p!`66P*s*4xCK8pAYYWc*fbO`z_>5Z|w2d+cn*IBn_yqi(WqN=X?q=!JRmx
z+bKnh<~EbtYhI3ZvWd@aR;z$7L=uu^m>VsZD*$&35w@~~X%Waag&ovvoYS?p5e)Z4#!lw`-ASU@$uHpD&3ik&ul3sdELGj721U#$I68c#apbGm~
zIB;R%dIau86$GPQkf$r6z?HoZJ^(k%6$NSISM=4SZTzl6#`dZdhX&x
zEFIGqzK?rTrEDRVYbF_HxX&u|E18JxfK%E6+$zC_&8GAbq_M@8qDO$lsQ?A3+9G9}
zl9nn`p9%K@1s`khq&BULr%YH;o&hOikUl6v3PblQ^bFY8m#<64=P`vQW-kzg?sLLUZ{Qw&yWJWP4}W`&E((28p{Ee6Z@hO0eAcRLd<-f6lp@@N;>V)+3N2oGAb+GKJ~5@46fjp2-V6FC
zpnzH}K;Sni{AEPMK)`>f-moJSvUi+05@|8oBx0DDLk$Uy5k%NItoK2qKjM4^-?0I5
z@R0#s6>*L-oVSdkJSao0&LmmP_-^OkQI^*K%l^5@U!c+6WgaI@G$$+6xf9K0neIHS
zHM|#YvaEw$0@pFH(`^ui9RK8TMBnuW7Qq=AE>X1B;18KPg7T4H|z4)#qU;Q()pg}xuOCRvNO
zNKVA#3Qi>AdkTsrB7uhLvBS~8B5R{!B<(83cu+AOL!Mun24f(+h@tQqy-}L_M@30l
zNJF_Lgp&nxA#?iSnq>>gH+*=PqWm|6#~AS8By88FTE$YXZyr&U$AJQUXRLKM7bRxn4^o{n=Mc-ZmCY#*tm#y>XnSFLfiopeU)EkW*nxxf?5R@+MrN
zDE(+c@K9W`0BPnn#ffXCs6xY}Sri$aD$Sy_bi^e=xdFj(PkmupB*aDPJU}u%?^4p@
z!nlacdsv}}I+hqw?5INhIgkpC((}B6{IP<9hAn=npmXFv68f&Lv?G9HM1KyXAhGUs
zvqB%iUKMGf;3Wl1%4CE}Mt%#E=vYd5Uh%$C>UB!!fzeA_Zb9nUtEarT&#op`pcPMi@TkJZSLfrB;n
znDj%DnMkJGtOQm@i;!5PlFKh7M5vuB2bnO*i&{b4E=PzvtI+pBcyV}1
zX#cuIu)bG5*%HrhBiF(dSggBf3Y>|1Xo|TGKM{HvJU8*Z2f={#U0y@))^|UGg`qws
zp^!A-F-3S02#`3%xKINpDVwZEaE8x2EI7xtobN-r7r?#Mo-b4~8_OXG4#`+J;0T9#
zo2)JYs1V3$rCj_W!Unu6=@S9l`VeOf^>%v`zNlD97u>T7O$aG0#8=e~
zNBk0nrXW77@I>NwD`;5a4=Ywu;-6J$0`W58{-p4@2`7V^S8tnkVS_3<(j)rvze0~1
zi5YcF=9^Uf9fc;X_(g@jk&16`uvDKw#W>U{vtc|+%$9AhLK6ds2sb>d2v4vgJaLFm
z6K6uu__XPY>9&UCySZx>oUohYnbe`s&tL{a7_r}3uJ_16nmIrtS)%8*Vgi=kO+`4e
zL(0YRCYf>YCo~nIJ=y}SC%E_oU0+^=EBzy
zH&Gj@8HXk~)4|yY&X|zvyvW;yKu05bJK`e3NGd74-6@BY5XRQ01PXT4!z%B3!=)nl3GrWH?f8
z>3mDm522^xSo9>7J97%eb)rQaLGT;XFXHXMOE{mX!f~1oQ~p#li5zDDFgLD_!V*va@?*oWgO+J
ziYQ}TD}1FUp$xd=mcvzxcu;&vvV@a=v(UCXX^?m6n8aHc`~M=qx7U67XzoNTjn0NxHZ$CXq$b+IijE*+9o)}qjF7P20-geLAH
z!Z@5T0vH974G$-UJ*4O_8?98fhs7rD`Qr*YhUrrbZF#h6%d!H$pzyd2nLvL%EOf*Y
z+lIJzh35(sDm-^w!qHxA!qKMlUPI*aUPbfE{O1+)
z3W63bYJgf>LEV2GF+vY@W+M%F?*ud`96(Vp&V!KTwRs
z!e3HQio%O8w{#^bTn2lgV#G}*8SFPJG}T~#KoOD+wlM2Y6(za8ij2!*a7?PNRx9*;
zIOU1I4X4y4aEewuET>3+k6CV;o3y_XctAQMvA<>J+^h)a(;t8L`nz<=y>Ck1B@!j(
zA%!AJ4E!}_hzMsr^Op)4K8vb|#J65)D~a1A2#@wC^msOFAo*;SMX(LHhP6^9GF}eC
zs}Y+cWHx}aIzpSU*#uYO*ayym$0t5q_6b4|0An=?g<3;49j27O?aj9KPuXo9lE%+a
zwN^|ghZW@oET()oPz&7#{*x`D9!ohzZ?WaPG5bxczMjl}!`s7$6d`W2Bn!tE6#66<
z4hN@vg!`XDo`{Q_t1Nj5aoS7G%KA6RR|p3{wB!6!y@)Jivklf&j`W?
z6d^J5jI8HJ6k!+4s+?DFB*s1zRYqP@xL>1?vNNu>UHU6%<~4|;ZNs?>v_hfJcN%_db%d}FRy<3=iIJu$=-$>r-W_aW`2snw`**=V)z^Lo$2(dw
zL@i-jp>j)n|LRuSioXV-FcUtab;peFU&PmpgOzPoq`!4GV(D$%-;~Zt+1t{VVY6Jx
z3Ch)4R1cpbL$$W{J=yl$tWfy=uv-#6f}H*OTNqvBzh
zL{uVQI&QG-iwkotEPl@XHKJzj)HlO2I*ooP
za0_9r$o0)DG#cH}p-3shA=3C(7)2azOd$;16zC3a04p}*+#{AV+z?P^z~E<
z*?%iSQpU+yYbi{{I30?Rz&N5@?@@Sya(zr8I*M_ztEKr>>ns7O4lXZOguTW@#5cWW
z@DgHAE=53{Gl8*4x!bj@6jqT(6rRK?!i&(L!V?ZBMQAm&+r}i=MXbD1czmLTF|hBY
zJE=16NyeUYW!&QuZq$rGvAHP3PLL{1k?09`D{XPvl|(Q9m_ifSKzjBY3QsU2i1zTh
z!ta6pRt2+aCBiYVzR=M*K$*xF9*IoKn}{1aY(MUYO0{4BCVamxxJ{w=13G^Iw=7j1
z<9F|hK;a&9fNEc+sn^1~wL=cT(#^VYLUG`XWp4NdaKFU
zA_D1?Ih~x9qRYyTb8DxiFkutUG#~<(XbTB^CcXKX!V@>?ws=iu6<53{Bfr+yQz|1;
z&7Ad?3{#CWzKG^J7Z*rg5RuZKRE)T|?J}zlD>P0u7G{4|p`XIU9EH1|xBhu&tJmqPTsS>Y)}&z%bA?$Jc$QuRj_bS{&#v(eHJXL1%^DpF`t?a#Yc
zCaLhwI>k*?|72-@S`m`kpMR;)frMy
z#HzF3XbX*m@Awlm@~x%}bE`3~409>hcT;^jE>>5{h-4D49Q~VZqrZX!0rqGf)j|^n
z&8240Gn1!s4^7~Y7_v+rahwlIQPM#LTWnFoGD4;~<+(|5AHnXl#knSGn|oRz!`tR$
zb}!y)tBjMEvZuOQp}W{CQx*al>USyxm2d=zx|1yJ>-ZWAq8%WPMS-ah5ieseiaT*^WhbU+veRI&3rU$r??r0zz7scG{nZ_Z|X}gLf;t!?U%1N
zn68z%^18x@mnT=
zRfcbeVUKA@?9YH3
z*PYxIAP~0Z&zMT%Fb-(TCXUH`vqz4zbb;J*|S6-AT6)$3XRJGFZCZ+
z=zn3ADm@F26T3o53;v|w#Oz+u0UO_8>5uCGSz&t=I{Y#&g#KQU;}Y6RMJ4|$c}3->
zky8{Jm!nKt(WKC1Nw5TEo1(-e!4m0smqO1shn1K|UeVW{8G-BNm8{+fp!}V-F$Q3+
zunXV{1>me8=8fB90Q|=1mvGjqwda?$YD9f^*S31iJ%wC3_48~ZtMywpwb!rNyl&f;
z4eRPRZn%k4Bq1wLz5SflP`9)0w#b|O^n5d2b!}VA1+JEN66KtRh$DTnvx2sVm55)
zGRcmRLI%GQvQmY&Y}p79?n-UgvT4oc4O>kzB$EpWMRAX4f`HML1t)ym0^0GvBI0=B~4eB$&hu(6gCb2
zHv<-Z&>jCo3X)Nm@7(c9A+y8V^ale3ML0vguU_4;6(Yno$uNpV+S#?becQH;8@d<<
z67Xa57J>P*S^09}b;KmL61JG8?L`Ul#1?NjK)&0=SLl%u2!4|?e^u)2RgPJkhshTu
z2|G*C~wLx|SG&$Q=pO9Qj;7OBf!Cf4bKc+eitgwqX^sPiq71yV*
ziBZVT=9jp6briw{Jp^aN-C6t%BcBJN0Zl0&xGCU49(=fwVg+C7D3j9{9V8byMrKgc
z#jJ#G3F=^B8PVFEiZZ7?Sixwuk$
zkjnOPY(a!guLY6VlNfg`iTY@-ys|?!)5?_~ZNxQ{F_WVdPHTXBcK=ApBlN2(IM;r@j#3C6KlTHu1W%
zk%DnD;hH2&$uVnQ1Mf~km^>JRCL%sv9ZlvRmDJ|l2dDM4Q(3Y40(4NE4WH#IVW$%f&Qc5;x#V1gnJ;I+N8#
zi|zGT6F7sp0f{i`s0ESL7GrQ*VCO^>dX93;DcEwHMMa34XJcI=`VH4NXgucv3-DbH
zr4p451CzhoTxf7O5eJWA&>IYSgUIz%!69?Ao$({7c#ujLQ0^lfjF96h7lCFDpB6YK
z7Ffh7#Wl$zNMdvud^Z5Z7@g+_?t~zOV;`mUQ5kF{NZw!~D2oS1
zGJL2BKhcf+lv8(b5P0B-<+YDWpE79dT3E`6_%s3Deqs8-{S_5X<#2atFfwvfI>&9R
zplo*v7ztG8x^D(P0&~JnQjS|8e39EVQG!7Z;=+a8Y4BAnLz13c_Xa!&xDAL%-s0f8
zf@}D~F#*tA=6_5p#IZikx4X=hPxyhsUkrirI;G2cOyp8T)5}E2J;dKzi3I@ktP`@f
zQN}xXmaM2}*F+iETprkYII1({*?~n5aJbPoGO{^5vIXcTjO<<=*|FRWh?E9NX{tGf
z@osv9LpzR#7Gb}uBhrDb5{?aHimwn`%$+P9{tm|e%5#i;U1aR9H)B8D+v7|qp?pri
zS3xlT7vV~e_cBf3dqub`G<7*$)=zK3F+48h!HUQcLOF0>20mF(O<#{WTa2K;&H`jJ
zLEva)0hxt5Oh8remEng0emXnp(*|&99B%oIC}@aQFh?AbsEx%pm393K_qQVZx0b$Y=a;05X(0lX9uxZK$uCW~{=(vXbWD
zD~EE0|C*Vdr(yTo&-oK`PGiEEP&U^ArM6%4%JAU<%NrLoar9WE|C_@f2e=4-(jQJ+
zfvgJdZO)Vc(G&1;N^heX2znUC1;wm>cO5eQx#bl!&b_MN`KCqil>^A;6UYBXB3&S8&x8*-A3;8__{0p%`8aa`9^@uAUj@H$sDA
zDEX^93c)?AD93H#OJ|U}2%Hw;F~z7(!KfB`Px+odjnR7c|6}i6gCxnW^RV98?cG^`
zz`|I73y=gj3liXR_SMzT>A~y(^Qa|yc6O%OJ)l8|ag7o8$=DReXTMM0ezg_k_LT3AiA~
zSS~W4zqeIqmWmj62?G}pI-dffjVFKA+;&&_%n+ic^fLGhjsk2TSu(V
z|EO2F_2lCpJ^x$g?;IWS0j$Xex|2QzRSyc_?|p6YQ(vXq2<`)n8>P~Ij3(_IYMn1W
ziBYadC2;#umd}YND9dl+4qm^k6&JVs?RxM
zAO9J;Rf`|{>BXn_IXBPf9PrLQ#ky&9F^l54Er$Uul_1o|ub;yMO8oj>9;ztLI
z-~ZFH6?igHYJ6%WbMar88eW8^=6zR5WO_-bfTBJd{Oeq+55Fv0`BS&q#`P5VXRmOl
z8t*{>zHxu?Bh=luu}^19Hk7~g9A-P{)wwNbs%O(Ya#~pPzcXKHIu`aiRZiW
zCpdkrUvq2m?vwcW_hZ1&c@_v_U%!qiW7t>BVR`jE&OdqVn~R_0jKJqOBM|l<%@99}
zJ02{)_6?W__(mzjNi7T!9g4Hvnh+`LG7^SZbc|G;1xyvR$q9Of*4|CPn(
zIIRXesj_T~Sdb6ny-=zC*B3uT#rhf)D+cnNd+CEXEg!nD_yzFDg4O|t1yAxr81RC1
zzltlI!?!51e8(T+pD1hLD<(04;LK?m^MpQtByTXy~NKf#aGI$%p5d-BWIP!b?Z{^Yq^;6COrpf%*V
zuOd+Up${*p9K>xpQiQ@$kWc{0E0j|zr0bYRozW6xCx6W??U|g{%
z0SiFN=8r6bgZ}-P(5Q0v(Qkb7{Hy;kZ4f|l2$KNj8deu>K_bU%2~76E=e
zi{Jz5|L>eY`=kF2(m)3UD{dxs8|M>cq#g9M!@146SCgjO;
zKgqp)LZ)6md7hBSc|;NX?EI7Ge*7bgAOAJ{6|j-Snre9Ag`t6e11y?Pi$#Dz;K1G2
z#QPVkAU5Aw1$<)70;WJb4c&&>0SL*jz6x*zVcRnd+dhbe0$^0&?uSBySHU`uiVXzd
z8E^gnKf%CHU_~&rUC7!Q%Ds#gXFy=g0zI3@zlQJRScPY+ScUI<{7sGUO2h&$7smoO
z&J%7cjs-44pg;cjmoP2?bJ6i$n6{!GC_`$8r`^Io=wH$seG;RJPZ~3b#lRd6&tjZ^
z?fk1iu2MmS+6-u?BAf9H-r=dor!J5Xn*lZT$!{;dAL02Gg`;#tAu1Rl;0a>_6=96Y
zr?~*unEb27Pre=eeK@JOxY(EVRKyj1`L2wO*gLA|nH;j?_
z2Q~(Qk$Fap47$_5=l?cQ$diaj#M*phaqG5P8(&kw+I#?}|1sS5h1-jteGkJaerfUI
zOk;D4#s(!th`*jgpar)bE-_7xf9;IP0W^<+9GE?SQj-JWNSPcc#7~`j3H;v(&uDgb
zCGOBC{O+HYzyihxX&$z?5y)m-K`rwH21WA^7k{wJ787Sc28eG`pTkByd;WFxRPffH
zgdzHrj&6AYbxZ#Znas-u9pJou?EG(I$RsD`eCi8-1bKh{>*xu7e(|xb#dF`m4>|t@
zbF|K_d}Q&l?<`*Yvv>|fdNe}kdq;~eqUW7c(d@T>51*`JiY!9GC0yjQ__KjOH^sJb
z%$F1^BlspncFz6uqFnVrC&jp*5;S@Y-&G|=>u3js@uw0S{<4JNk3nA}bi|~__vzoh
z+W=3j`RRxM9JT}$W4!oR7eDjMAo9E<|9JA;
z=Rd5v_0%}B7t#aoAI|7pA|gf+_^i?
zDq6w6NS2C!d7fYAU&No_Uw!~r{}!KuxBfw-bnM?>_5KcE$^HBV@9)ohf5!z5ejVZC
zGYpvlsPH-f_%U1*$PGHO5i$WRdj<}d*v_vllHGmjJU~OZf}h03b9y;wjXnrJgD3`b
z8Ir5`uNFV{cNag7LHC?q`te^|eCBV$Dt!QJ_bPt$fHvy<7x+U$onQSU+=U|t4?c$l
zdLHw-aq;JMSoV|O5(@Swa7YM6f^J>^4G|!$Lke5X0|CR9e}73lJ^q}^{|Q`>o*!XQ
z{r4}+a`NZ;Z=n9>I*iBpbN#o@8hiqw#Pje7@f66Ly@db$F#h*x{O^S9xdW;9;9Uu~r1+brA!&Dw|pf{1&#HEnB
z#IL*$p7rJz7N7fDi|_l}ix4sX#&h87cnpIVzKeBcPhxeSKKJ`&!leB|$-PFPo2>+^$T{(AS>Wd8cS!bW5BA~%gNgt&HeM8#jRj~QYZ|9~w1
zx9nGf4CDG8WF)kHKE*Ju#gw^|4fHWTX@B{jlfv&~--ZEQ`LMQa=tKUT{X&SzU9a)v
zD`rRjQ&!dfF^55cGx8}@e4*bd=DXGJ{HDFtKLFqC)87H-%9pgoLqEX@VRd;K4m6>=r8=P{RQxOEPmjR
zfv~F@`;bU<-edrkzlED-&B=)AQPyc4dj4bp%oKu-{k;8cpK4eyJd2%MAdQ{(ys3o`e_j)Zg|MSOIakK3FkvxPGTHDY*W60V%k?`TZBo;$)g%b^S||f@^QW
z&c8I5&9+s1P(<#l_6zfHrCGASe=}JIRmgwl56v5=7&G+KU$vj6s3KI?{N-!r^kyb5
zXbtB-vY-DiAEJW4NMh(uo&Wbi{Mlne;)lKrWU{gN{x6{P>XnZGO#NeM3XJkI
zk*`biHU1;}(Ts5*dXIl*zYVY59|xk>`gyCes!eV%uhBFwnVssTU-&8eg$$jss_b90
z+xm;J0WV@}E@9v;LRB+B0Oc-Rb^9gSu%-7FK`*yqcop<2-}QeO(fJqHmJ8om`~kzy
zrHcQe{gfSU-bg(C-7EIf-^Qm;gBA81LB+=aDn9k(w|#Tew_p4xxXJf@XYu>ZP1HgZ
zF==c6VLtJy?t754RfYfO?X81H<7@WQ)X`7{HV0{|eld@SDN4*X!b5Zg66iQn@@p+8S0SWf^|HtqnmpJzdpbw`GeS(g%s_xhS
z19RmpG089KG1n*f1^YcZf*v)xKKeFVn0t&Cq5^Z`t|pWN%-^VLwE+0i%o>}oWufM`)R7{
zRPD{r*iZj+*qhb&7FU3PI(tKd^egrYe-U3mu6Yf^WqxY$HOHP%j-*qiqkslaHE}QzcbEgQs7ZL4&8yHIw~HRrrFXm`O9_=wAP$BO?nzE_waV`my;=
zW{i$1fS|Q*Utf5eP!_lBg4<3bPqFM`2Vl1G
z%k&ieEBkS(C0aklAb3Mlfw5&jh>=moU(!!sw4eUh$xn4-#JD>W_;-}wJFh(7mb3bi_FT>fU%I+omd4{u1
zCG(aQpT7?)olx(T+qdke{}21%zOnc{=71~X?a$axe*;f;?Y+e>Bn0zU?59DY{_pIk
z{{?69eP{7==66+oW^(VSi&)6LqwaDs_l|xik9$W?$t>=jj|+-$_-D;Nq(;5y9{z&;
z^fywpyDBGNw;yMTHk8Os@A1Mfn0x#W*bOxNy<*l(HUI1O)3oN-%WJP{K$KYcg#bp_!f+b&@C?H
zfzf68o?kS}k|JI<2f%)s;bhY%__F;xix27L|APHOlJr~O?z8so{t%0{{Po3+#LB#B
zKm8TFJ1VSinNM}YW)a(}aQ>zx7fCU1=&t_KpEvJb#MPv?`1+v@Zll^SyIF`xv7F{p9~ld_v-i=*xFjZ-L=peW%;%bjOY5
zPPaYkbZ?H1_WIrC&Yj(*XzkwU?e4I-fUj;w(ZTR2YCn9~SV=GsY;Egh)_$zjKk7D{
zH&>g-`~|tT{_w_XbI<+A-tJPX(`k;!qw%$2X9ssa?v9%~Z`|3PZbWjIMq}Bh71(O;
zP8$uc-+!y!+->1M&BUYfsW;`R?}2|no_u$@hQ9Rn+o=b|k2_tkEo|*BN4OCFi%YFe
z9<&adJG<-A0_ZQgeCRiJr|ZhnuvO*Zc_pt>w+#=_-jKws@W0MudMimZIHmzuTTRCR2H6e5K!=OyutNJ+PN|
zcdtix`R{3C#oi;=@Pw`26t|GA
zykve3@xwk2%f$4he`
zigaHUjnKTg%omJ&Dvm2)mbiS`or){eb5~!wAb;pf8D*tA6mNjHCKNL&vDPk5=&C$;
zLccc-y3;!#`{5Gc0Y-=2acepnUww@?fR^(VMg=8|rP`ftMq3^1A9PSse|U$Wv5M6_
zI>gPRJu0u}Hf|l#Bl2_iOrl?eBE_5zY;?nVAO6+DB4gdM$UC-RSj=r6#{QdiG-~0
z;7?JY&Aay^T)Yu)ubS8f&JWpwwuYVV!{%GtP@h%!p@eP(-X
zg&sGX_aZ15Jno7-ZhW9~c5Ic$*?gC$SQnerLuRM5iogneV;RfL1&~8;cRqQIq@!Yg
z69&yF`#Hajv%8DK`=CVzn0Jm^eGu*Rq0@F@fO}IIc5(ql6PR~7SY@<#C3TWg=R)7Z
zr-AC-$0?Hs0T&M+4q7Kk3WP_7q3({aOzw}y(+l|5Ro!wYiq)*&oXWtuTh~=StVcG7
zk`p&Xm0VJFc^2%%zD}djA3bo2YDbhR&hp_Sm9#xLmEw4{mapu$`jhTU7wAu4zU<87
z<;%{CyLhqqQ?u?RRE%gCD10mho@`s5&bWL|L8)D#pLa!EC-Z>fs$afreL?$V^5d%)
z@F?aibz0Mw%0t5Z}LO
zmoNK1znH<7E{JWUDKyTawT>a1c>$0A85qvda5B|jtnbRFcHJ{QbI@|v`XIg%iwfD<
zfj6&v9Cpj~FlM*B*=#Izx}L+n0vTL(PJ3CKvDS{@J*wiyiB8B{&|FykeQD5oC`yjM
zYfLTK#Y9R}5H8xo6)-7<*LD_xo}{Q8Yn?p(Sf|Fh1igJMade*hvml3AL_ZOGiEjiQ
zllO^P0<*4RQz*XKeyTHuk}+HN=Lhp##2
zIuqr=QE#kudbCUAn~P|xnz#c0f4aOr2LI(~5VhKE=mn?4;ENxerBPagUp(nvUnA7f
zm>I0;la-bBO-O3LJ3N@)SLY*^`0&oGiV|g5gqXC`JBGi}-s>LphPw940B5?>=zg~k
zzgi-mP{4BwTM~|VcJ3`$pvr54p$~6Tk_`o6vQIud~
zY^)^yY25($tQv}xUCvbiAB-g0bk#}f7kJphgH9VdZ6H7w2M(^=I3ly31XRu^WuTH1
z0R%5DheLvZ-os{pK^=5hMo+0|HYA-uwR1mCFLbdlc$je4myt;t3h
z%m931?KapU2Zu+~?oD&DbzPSsEs8BgZ+9QTBN`ln#S(as!bLuc5c^!d%K20&FcHLKW_l8x=(v
z$_L$cqXn;eFz5~tT9VJR11TO2Tm37b*@ROnCLv%pl3-f>e%MPF_CT+D^)v9B)GEQ{
z7Kla5Nr71JT=1jNW^AD-fTViWsd2rw9aw
zcM$ME4&coq>{gez4!m3LwZXNs2W18EKpqy|fc;Nm%@)U`Yapl`E*Mm3yBmU-uJTqy
zGih+Vbv;G-SSFN3yQ|((WZ9cX09F;kHGpbkBbJ!!N4-A46`Lh_!`t`nJN!L0f{AzV
zzH?&P0Q8)AXhAR{aNHsgKs;?xK{>iy%ox7F>*k;bTm9x5=zn|66ag9O9SlKf40Qwq
zqJFKSJM293xzHg!$txP1z=JxOB-&JtO<*lV+}?ZoU}cT<;ce
zhlBo9r;A{A^hjcC^KfO|1W}-?(2KLOX=S%e7Y(pBl#LB%6K;LslEVWw;81Ha!AWmO
zvZ3%PCvSsSU-WX>M_t!@n0!WBWF^9PA+IKlYXOk-VLc;Krvfe+UXHtah;58ZApqS)
z182DOSa82gmI*1i2fa>LWL94*vDNtzoKyT`qkFaX;BLV{5M*@RyTM)5j-`t@ZovwQztq_n>QbJ=%otlHE-zc*k?
zz9Rsiby(fkmZC3Ubp>t$(m;SD11jixC6cX8aX^__<=)WGfwN%<@vlgjz_)<860Uxg
z)DsF<8ogIPRF1O$XmOq}yKnj;0a0=3Jt$M6p4;$3CFg>?p#dL~#w-l$xbM(S7lVxe
zwg+n?sUwGihJRT+IhNw2gLXhli3%O#gV~Usl^Xh^vUve!1^_?}db#O1C*_Lzq_U;=
zBH&B}ld>Qn1Y$GVy&?X4xl`-5Lh3q@!HR}adlF$FM!O3$tfExb@W9wBNPZv6a|{vL
zZmYEf4#LqK_;0rbtm#c305MWqXUT{f3lmO2EFLn4#|XzLkFaFGd!Y-Wr40rQ8Z02$
zzt8{lc!hFnED{clBRCc=fovyCQQ}GF(2+5SdFPEdtVoxWRdPb(iWZGGcd`GY!`1=E
zkzj@o-8Omag4>E>$R2esyIRFvf_^w&KxA~KKN=ofI2zJr>UK<`l@X&u96NT$%yCVg
z9peBf>fognZR#%b0YDc8D>9#4lnkGUz$s{03Z6|0Irlde8@SRx2zHh2_G=RvJOMm?
zz1x}|Nd-{EAuyNVk24~jGJ6X&KX3WOmokd6?oidCUXn761M};wt+RqKud81^wx%=S0>P|+vKUYu7b(ABp^`lpUVdDnxml($`1Z*f
z0Oq=+mdZyp9b&mk6veDasCc-FC6H=Iydb@Ax&rU=s|!g
zk^;9mc@b>3RtUI&$aKo!bzvVh{VaMHaAz`ogprt))Tgd8ZYsYWKAJ9v=^Jim6j=R(
zlKYhn|6PVqAVYXI;-a|oicM4ZNX`di@cFs6rJfnSIlPh5M8
zS<#~XQJc%UC<0m<@tGA`vN^)(*kC9=6cxhKB>A~9#!e%QDd|sOd(^2hE&$84P%5Nu
z0FB@#37D&#^{6Ou>bR=0e8wZ?r<%W4aMZZ&lf$1_?_iJ+G02<*~LoE;_
zb!WHd<@u!jPo%H5lALUY4&r{7=sLi;ar^#w0fnJ)WXD(Hk8ayKav9p+yas6-2bz+%s-3m5q%1CO(4JM*<|O+KW_YW4ViT
z531h)<)AJ3mbySTm*=7Ts+zKEZjCOE8TTv3kiDwax`h)F_B%%-g;?lNs>nu6D6sjd
z%2D5l`|M&T!E@_QG476K_ITlbYho%6`5L|{YXq87=@drs5cnndO1b%=MT_s1h72_Lq*hb#+~y>gI|?b=t<^hQ^c$ld|l#OkOLw$5ic
z*Z>!1H)>dUqbVH9Tczi0HlCTW@n|G1#u18^qe*MfwS^??G173;Q((nx2R3_5MV){Q
z!(J0ArxhiX-l#N8ScfS=565oQ8KI(EFvu>_(-2Ygm0*2|e2h|}!|7N%
zsP#>Dw@y*D;bu5hlInyV
z&Bq_>MZGL9jUazSPx30V!#<7kdrWT>7%rychx_9J{zQCpC7oRiq1_eat_g1j=|^}w
zroacr0HFA09OPb*!M|Zurs#>Da$|`LY^ycB0Z*F@@WDs1wJjSVN{Vx68#&
zuVX@*9|Dy4)|52Z^oXZyndP?{x+B>bFSWg}Z>nPeFbtymqoeTxQW4!D0~RUgOKz-#
zy`Ye?HgnD*z7ywMRxF?_(YxjXM19zrg{ZZ>#rVNiE`&FTbqwGGf}Cg}gJ`_@H+Iui
z-ZJ-KdY${zd^WPZqLL=Jc1?DaVGmws6UKDfRVK7I(e~UzCCY-BRs{F
zQH0XD#sp`AZf=3jX8ULinw3X`J=R5*3)q)iQ&j7YyCA=t#I!=DGHTumK*Q$X3PaQAhePwS4y@+IA#@bJ1?642s->u08ic!
zlvn+bs7Fflt|}sl$Rq#l+rE#|PPFbCLK#yd2coPlinzL+8NR*4bv(&+6g0M2Mw))$
z#hiq$!5p+)KtAro#x^t%$0+06Xg{}fya~LWMHzbKvi`Jks`2ohG$L;!)9MPhs&~2z
z7+Bt|iS-)arA7hPI5eo+^dnmZQ-^lOj_-p0$MCYiaN@q>E}P?S9vuQ?oX9TEAF!;U
z22j{DOR86WGieQmU}@Ggt!x3^!_u-|c+eWZ4LzLD;YrWP;;f!ma95myNNWgL1jS#U
z|IO3@pa?d@DrG69ydM61eiRegC;XbMPPLB@r!LXMH?Oyf--~f%;)5w34|wCGl1P*)
zgxwa1cB;0bl6lE+5M7c^9E54nVXL#2*vSO4AE-Z*MUfURl3y79j0|Fg-FEJ=UjCF{
zFwRuOP^N^ujR4r>D#E;=c+*uK!BYlefrB8$yr_hZn?&Li653eB&Ed;=hAR}b$xX6S
zru9hxodFreBzZ(kvjwvBf#v)$W<1;*qjzc!$V=_K!@0~q1G^oxf{9a5dc%DvXqBD6
z3I*$yWc&PWejr{-()TnUK3sr{>QhPPp?Q|eEXRGD?cNzF%}8Z?!1A_xM<>9i*GCo5F&W6l#W|QVGEa+zI~{?J-I%iZz#h^ya7n4vo6c8g(i*k
z9{i7l2!&O@2}|FV1TViI>-xf9ko7tnqzzV&6wTO0(w3n0_Yo)=SRJ2kY3Jjs;I3fd
zVvdT~nX1DXz~itAO92%Z6I!;44y-NX#*QmqDL
zpla1CsXk!K%uR6HOo
zh-=1RIPeO(WkH(2`J&}dpLNQGU0I$?T3C|Wll3LXz`?+GPrMIzLS)z4o3MXN|0a%h
z`MZmc3K<0Bjhb$~+QGtJtK;SdxSRABCP#a4P23NLh+`a2x%;VDb27ZOI=imG8@MGn
z5wniHfR=2BFQz;sbF}~4sMS?vZA&&7Fr!KtnD;ei_wg{2wVQra=?P}4v|*l{
zih>$+97&kYb%6wwl0^j?PxcfkY$!tg4jJeIPZN}M=K(UcYsj0xtH5HajMV$SkLeJD
zJWNMN6^ov%ex$vj3&JW3sj8Z#tYb<=)K-}KF+4Qi*;~wjpPmvM=^mhWJ{)Of5J7dE
zwRdfqA>w3V;h$XZf}o)b!SYyD38;D$AlUo4*(PwJE&U%BIyK5;15XomNBeLtr9ZtM
zTPU|QBxFSvSOmw?$p<1DafqZgGs32^toH7{sTtd5As;ytS#FFDQZ{?zkM-5m#=u9Z
z%Lu3fWiA5aI;8p_bp#8Aez_5h`{;tClKgxFO6A-;yau_PKEjpK7>fb4PovBv9DW;_
z4{T+bRuihK-3LsoJum=|EQxpALc3a#Mys!F0p7&}XSv;M=e7QDB!DeUIgSfcuz_XW
z<8`%p7=K_SpjLOx$MSrybF(+W9Fgw0*QO|{Evu{aIUf0vFja-;#Ae0wjDqrxAP21o
zAnl+R-gy9wSJYFnR>9X{i3dzB4tYs9%X>e0h^pG`;
zd5D^GByIFlUIc+Vz(A%ZNB~emiFFTgnq#fQObulBN8?ASXaeHn?SP{P7Ob|4&uWFi
zH?^U&4}1*?XDRLRznXHi(w-bv+lu^&vllk{v%1!{Y|=gIO?>Y(Z$pEp0wIAJXhOcN
zTu8{%Ua5D+F-jr6v)oNCB*OsQ8juj-L?N7`Zt!kXQ-1;O!;Y0*@wlz}so1S&QCROO
zGmBwrAAOJB(-W*-(l@W#*xt%%4FLT!P7nPP^*YO#cYPvs1|E~7id~Y>Ejg5+S8xwR
z^YL#fI5?r<07@VCw6
zI~W7>dAKo3ZW;4Pe5+YEHZu3S`_qEG+M4XLf`kf8heqk(yb7*OV_B$B`k2H7CKUFj
zs*?llbo#Xd83K4kwPW1%qGfz9bZUe88Esg${7Z_WrDg)hPb#Kj#aT~SWmw64H5@dC
z>^uNFGgMAOWv7&3o*R*zB-vOIY|U014+c%kW9G@_DXJ9-n~<%F?to0l7DEfei&=N@
z%=uA;K_K2AmruTc31tnuzI5@-s+(&PSD#-c$a#$fY6u~P{>`)!O#zsOsuD2##
zToSVu)U$E{auN)2FU11)$$c>Uy-k{^{hss(3A8nL@ViQ|(i91zrmuZpU#wBliGTsO
zQ~b(HHGUcEqevUHq<2C*uh{c9s%dT+7vmM*sRmDbd8nb!n`L7sYCUXuWd&M^EAihc
zJ$IZ^CsN_j>+S%*?T$Tmy{iCq4$=5H!EiL)PVbS*Z%Y{;#sQNgq`m{l9S854>u!Z-
zOgt-gT}-!$uvh1e68u60vRICK;j5gUSj2vcsxxoqrh1UJ(kL|VPzt)?HmUcvi$?|8
z3G%YhKE^|h#;A_Xp+-Z7N&0OJ)RfBx4U#x^D9KWqbuhXotQve_5ihn5Ev)C0zI_@L
z^y66Dot678<_lWCBy)7-*DZ~oGfetZeeskdUZ*}VZUHCJ875b`dhD;jmt=Kxkjl#0
z6%U_?e=}6CL!E6(dd0DypuPn`swA2b0bptkoNwhDhVAkFK0V3_lap`o{MFskNSo{l67ftb}*aufGc
z8=f&*VJ{(zNyN>&;S)(LyemKBX62s;L-Z+us&gzPqMFzFP-)J;L)C+BFw8lFE`gS+
zPa>9ulT1h68NP-5$99tb_iW^NnUjKuBb&Oj`?TTl5WXU+GSX4NxwQJG4xhzVqp`9L
z*EQ0|BBy>I6z@_*(2)Nws{!#A$x}w2ezoeCkvJy3&~C9z35L7DdAfK7ce=s+%BYYe
z8w&f(OxjUTCnPB3oXADVDhqs!Sw3^lWFCEUAWW2goQsm$qL%G8-XK-0hKEM_4BF3x
z;-+;Y(3yyR4yGuK!`)3u3~nCXT_F2e8NE}&_$XQpM>yx_E3iZh%T
zld+{(xS|5+n1BYpt(InJJZ+K+71Bjlp%}okZslXe`LjE5$U@9#%Z_KZgaP^QfL)1y
zS18FViH(^JY2pd*L=tuqFB4FW9nPmZs4V6OJ%eI~OdYU`W;pog-)U@&S)7%zF*;j3
z`m+&F4L#X9C^{-(&OKR)X(cSQ4^PU}iq;wmmm8RhOsRUR^Ovn_=3dHplXDYudTs?9
zbG}wygke|3>MNYx48j1F3^m5WN?@l0(PwmVy?yrFv=ckoMf1uX#+BIaeDBTh7T{@Z
z+eA<_Sj8xjU#!!XK_UR?frZ{C9FAlh1*k5!x=nz$LLAY3csLp&5N<39%5ZufwATZf
zSol-a|9ZewPVr)OR-Ogtkbx8?zR%IR}996QWJTWOCr?`2Zyu>mMpD%6AwzjMFfv9lUEM;*#hgobSATVud
z2n9*COSga;(0jU+CzSOftegFYk1%@r#+G8^C`U4*+0LA0*;)hw2Rq*(;PB_`5C>4v
z3lirCxJZYy-nwIS7VbvJWK&gbUZZSUmE?l}2~tnAf=-~E(B=o7B=-4&0I4RJFIw2y
zW!*6;rG%}<2XihvJut17gWi;9AOy_$r8;5D4c7ux$QZ+{PR6n%4}6SRhpKr`@w5m8
z6Qj`LvfdKJ2k=`!4uJ*fNNe4Kk?sNhi)p*n@LoDGz7g$B?(UI@NX?S>NnEycR(4>X
zQA4y3^KP!~JHYSM5y*PUZ&{|;z-#$ZsE+J3MXBMJRlss74vLpOVUmBXJvzeVPqL#U
zV3B+^>PAsJI&7Oc*{;lv@+yhTDKRNmA;}*Q5x|kQC0U)R6BMrKsYa
z@#>_EV~NZ>^lWSzv`9+TM%m2z1`JMjjBa7u5|&W+NtI*WU&+Qh2$lq%|~=S8xR03rAsr=VqNK3ZT#RH^pLw@TF;;_@Eg5p4?Q|x!3;I772s;FrP)3B
z*BDVcwY&=cb!R#X)!+v8X_(9m^UdJ%y9Pe?7B>8nm7c(M3y2;wwsv_#Ytz3t?6oPC
zpmIO#?vj%U=RQI5xkK;_6>D$t`O7F|W$PFihYY{z1$L*ZDWhn-7lBi>x6f{D5xcXw
zb;6{%TZ&KW^67{=xuoXYjl@TZ>w;Sma6+>`z`mYqbkP50sqeB6I
z@k)v4J!lr3Ugr2?8KR($By{>*;D@cGsnH=9`(#aovn}f`4Psz|Ek1fp0BE9H>QZE@
zKz#ksSRZ%WpvD-#J{}DO>}uYDlG=16G0>@Y)^l7*HiLjwVvl!UZ!vqMqjt*cfyR1V
z%S_e`^sy;1y*z!OPGb{_4vr1b6jcUkImwUER>{3%HArDBiWg%TYUq5XHPZ+m9@@k%&V#}dfbR){O{?~=pHq*&tW6pbd+9lw4X!ssH
z_xY@h<&x?GB61^;)2B#H=t}I5M-VP8z4o3krPA||QjY|g0wi;b?4YXh
zWFbT(w07lBqSm}h!p|RHdkBtjJCa<_WU_Zr-64cene<39*CKJVqdJ%sC6uj%l2our
zZ^CHgD+7)C*i^5w(-T6S<{bof3OHS2
z*Z~w6n}bwI)tZz^IX@DOI|3KI-<)EFwGGBBNQ>|oS&LGKs)q!JZw1)NtPx_Py!Li*
zTHCrrQ@NC?b!s-56%iaE0|(cAdjG8`M1l5^vz98-wM4KAg6nD2sls%{b_EQCXt0>U
z>n+?cUKKW=hfzwAp~RcXN;#Q69)w0hnKHC6L0WWh1iK_BTkA6Ni?IzTAmt(HX?
z^ps5s3h|`qnC0{mQxPU6s1%bY=f-OABzv9FYql=Jla*A-npU@H30kr!PpTQ%hy`IO
z&3LD~cXVK`pU}lY|Io&TzB^218H&OT(igl=a2{|_>sDEClTYTz)rHo?O!xjGs;Ugn2nenk%_7)x$6Wx_
zU_&`F{C{QL9$WYuyobVtE^Q-;7mfS#o%?i(In|g6SDcIFAMnPqPY#hl+;lx1esrph
z1vva<%f1^#7bI1sPm|rO#M=asca2+%p!lv6mkvi5mZ_mWn)fg*Z2%np*dX*E#sK|6Gz2pcSE7oK%`#;e!31pz^klLr?n=f5
ze(Ayz(kz2Razk@y!Q>FoovTEHZdI>J*qUlT>yGFt64N1Vb}P%4HS26-6SzX6Ss?Bc
zfRwoWSJ|__(N?-#5Io{C8YE{xfP5kIrKO@gWXn{d?VaYmdp{n%{>3{t?rq(@6G^fF
zvR1Y2tBm)1P;$bq0w(0)Xez@>>Zs+f+$PVNVkHKZpYvQ7bGBl%
z65BnI5Ibs5O{P)(9y={c|5dJTjeROI9fL7b&`^nok=bQ$znh}_8iXBO~@
zMbbyDBMMLHj{=t>&%n|PR0U{T8D99|Sphba=u&?VX6BqMe{GH;Bxb@{O=f$Sge+h3
zUsBzM^E6L!8!6)XraXSJ7v35lL{t0-rnb~Y1$1#BTPxe7|z7J&z#(eWa)$U@QAv~vNJ$i}o-SQ6AytvT7Ce{nN?Ml6=m%`9iplkxJX^xVB9egoj}!C+hb3VGvLQf;7hb999H
zbeTXa_3b#2!O}pofx-zvA($m(JWD-UH)yI|Dlm?VW1PXNAnaB7mC{0V1_x$J$A)QK
z+1kM|tE*{@ZDKokIwpmai41n{G*`JoO&}5iMaX+JR&9~HFyKzMI;g`MqtdLy3ML_r
zG&(y>4+7oaKHjsdlBd|S2Qt=0ny)DW)|B1C)*5>P>m3Ye&@>#o70bk5#j0XB8qXAs-5KUVL
zDQGaYHB~gv;cXi7aIu|MJXIq&m3(rbfmAbLelhbpGj4r1JuI1_2$y3*SV=2N)tCWb
zEGv=dFSh9%4ddd24r1y3)=_^NH6#luojUpj`w6RaO1Xw`#kK`u6E14h2eSHIT|gkb
z2mS7k9*w4Cedb#(M7Kv6*mgMT_u68yQ+BJd$=|+_B+b&WhtayhX-!OPMtmB7HnfLW
zC}b7lfGRnyF?WiwtF%|`>oA&-C7R_|Ahd4k%BhS>mKxm)-{_G!YfR;z`&awIvbHOKAB?3@iFMc
zu|GztB>}}90jv_-$XIl5qv}gudq6>DXd51x1!v1%!{+A(1F7yityioV?*RDGW)3^K
zbOHP?H%D5C$O75o7Bu?Dl26|UbT(WN0>b97b9WzR7d=)+O_Z|YE??yb9A~Ed=m>Vk
zz}2O-B&Vlrq0`$p9X)ZWuCJc!40w_h)q~Lf$0?}6Mu>`
ziJQXGgX_ErrxHcnKpO1b%|av{x_l;_91;NJ4RSt_sSaWy?6LGE?Gz0YobMzf_6%pB
zqN8KWv#frFVUJNt#sGm0uK?^|B6m|o+7icF9$ci1)F)_Ufx
zt&+i-YnUuA`DyF{CePYI%bcW!)&<07_5|353UvNA@Jk8R$U1TU|8#ksDU8t|YDpHr
z9Ulp%z1*tty+Yo13_-@AV$9B#O#-K#xH`46>+-Z>Yy7rwm~7XTt7dDt+=zt`X$RDN
z;RPLirKnh3l)?2o5vRY3oM^Z*SC$}s{^oQ*LCqYu0Q$xIQur}gP=7)KHqYfrmGGO@
z$|_)WDmrYROJ$%Xuj>5u#D{TXYpJ*dp`~?H%Kn~lx@yJ%@jy^CLB*Gdy%H=JOU;tG
zA)E6|iH=#(IQ%csfShpP!&@CZ!!GMnQ)mc4D(Z~#qC>81F<4dBGGN2vM2Qh*tuQu3
zX~6nz0r4KHIj_m!mHVhL#1NywAxfc)qg>I1s=$aQ@}{z9PnAQH<{HUf1;n&rsb?rp
z=>J)~pNWU9yR1-DR}_878ev4QZ{2Phjt%}0NS}UGjo{(t(IF5)=_TKG*kDL+=OIFF
zku@Dc$nH%TxtV-Sv=ru{0#Msz#$|NoKjj`CoDn1
zoTDvq9aZ(@Zrn{RDxIx$d^2Q!Gf`FdW3+#Nq&r8d%811hwuU?L%eg;LqX)7)*Y3;bkB8>?$2
z+7`jqvY(8lN3L_75)FSrL4l%4_Wa=q{hp$fS669YB1;U5Daf(
zOru!)EkXN9JT+$sBwRG%F^>|t6dg#LH^R0l-x@q7WMq%`9~{DinMxZ*!MX>u)eNLo
zIM-5TMNDp=+OY-9VmV&}+3~s$vnq)=Y%Z{^cInr^VleEe4)$D}I(xaZ^NXa%M+fK{
z?O)=I3s|p}dTq3x;Q|E9279m$V7WsrIviwXtqoX92Yy~rCf4Vjl;zncWsI31wkEY~
zzyx>GksYM*zM6w+DX1|Xqtn2rirKN!-KF%*Fxv;?)}e{4LmlnxC?tOEip`QrzNlOb
z0JSL>6V;U-F0kC60!$!TH_FMj(Ad_STt}BUJV)2hS3^%HA$nA==K5Ml&b0B$N~UQ`G)VN7TRGcI*V)!%C*FXeY1vJBigf8);4CZm}yN
zcVtZpKU81Yj9}4jS6Ui@=kH44nV
zP8Q3ZNft8e9LGL;ASDAUkG;xP!@2Sl+bWbrDp>`aHQFKFgj-Z`LUYC2Xg_UJvN^8kviDo%O
zEZ-CuL_1&5S_vIZg$$S*oXX4(3^XN?4)n7Y#4hie*B~8qZY4lsTM|PeElJ0&`jz3K
z$4+_{PAB3>Sh!w<3YvA+5yBfQ^|dOIB)6O9W%Tpe2U08XhyZZmJTFcqJgeq&-U3eG
zE;DVYaf?Kn)CbiE+=wmUb!wL`5?Belh?4-{ge17`w$-Z>Xr+-O)6*pnV79uk!3G{P
zk4i{1Cz)0>A3y^{ks1(Gb)VfO&OoEcTE2XEcgh}iNZYJ^OZr-I^d;{P@!{*;lRz_4%OfB50?4iwmSatdgn
z|B)qd2qz}ZG0iHuWU3L=8{2Ojqf3Jfnyoe}whk~6DrWZ)o^z~@e~gw5Yt9$-#5&HY
z#92x*R?DwzepPj+RZnwbjWV*7(Hf}V^JqV@QL7Ha5yxW7EJ85iz`#%U?GcDHfOg3U
zH%V+&Fzu;!FvsUkz&zLuhE**N1(KSURdIpg_8D+EWO)+X=S5vO;D+cY5h$m!M|1tQ
z9DeV8Qc0ieDRMEGUS5U6YxR`mLyE#FPK>AKp|1MJ91Q-GQG0VUdH_Q8Az-=muqQ}+
z_ncSlc&1!lIPhV+9l2XcdNjOc_`H)#)qL#{PJ>Wmkc2;*|;gQ%IFa<9V
zzZ=99J{0#N1g%^McuQq(oF?@#m+>%3PYrlGT`d@gsbV+l{&X;sw1%uz9igtm2+{F$
zuP?=s0w?y7JCO#|XyIL`37vXVVT~Fa!koR|8&B9RCDhs2Dsq!qq~?VmrYA<@XrKm`
zX&!aacF5w5V;x9j!&WbGu5st-Fi~j@MiNo1b2Bg5_kgKqI4KN?V0A{t0Nm>C!=5Eg
z3YzFbHJ{*F=Q^_zq0^;f$B5STCMc#K%Cu<1vH!ZQi6JsDE>GE$f;bQZT1nlwMqqUW8T)P!BipIB=;HQf5ORad@>0oWkx@7aBVTANwNMJqZJzH($#nMB3BudktD
zc?09m$0~c|@cIL16d^?l0AmsBYZbvQu*;}nXiZ-4k6Ke9d=;Y+I2A!5v3oUl?Z3?H
zL}H?Ma9`{oZzTF7zI;W+q_&^H`nq#q$(K_Rz-Kf<4_4DVZEzg#PZGH}1hndlQrbCWL`0
zzzD>J2t&Aet1^CgzDCVe!l__(1Hml1=@87831qPtWy?nnVJo|+Y3+CE&5Bk^k0ij8qsMgcYbHN!PdAYS^xf-|lJME~G&_eo=_rNe
z-=d}1sXBs4Z)_3wKAX_4q;`!x)Ul6}CbQ`WRf?HLtn?nwa^~&I!Jii-Fr(W}@wfn|
zFa|*qKZPfmO$R8t8lvfjQ4rc1lC*3;=+e29
z4?MPrT5BJ3D{XwLo<(Ko2alx_5;{Hl(
zA?3WlXz!0l4=A>pnG7IvLok|ZMqaCxj|LL*N#2_y
z_9l=j2ETavNelTwOKtx34yks*jcImrWQH}!@$>i{}<9O|i;D1}n4+=L%|nhsVf
zW0FkYbBn!AN}-|o9)q>W(DE6Yn@FYrp^)qHO9V`U0vQD1VcLBOJ;`iI$j`c3;W($
zIP7)X=)D33l`BHgd!A511|%>gBQP4Ns^}{2QNGbn%Ak$BoMT|TD41ugvJz*T#ZHby
zSZbOJ`4zd%+k5Emw3~WjYa*_ej-a1;rh?9}dz4i8R&|cNCn|AjMSkd-xMhP6g)ZEz
zTQCD#WF8U;*qBaXMwKJN6XR1k$17Rps3mnE)3ptSg(tpjC|(xvWIY=SuE`?5GcfE8
zWv_v?mS~B;@27{Yz}h;1>DXY*30cKK3r=*118}vz{?t!O@M2#
zn;k$S-|u3=Ib{Y5xH0akzwh{6pf2Hd7ghu}Q|MQIDTDJ(YXT%8vXW`X)88|6HD~3`
zie`#z&qcv2Tb9IdX~!WGi{s(#?(kqLGu_YX`PX!^l`J2~L;zM|t_}%XV5Jat8Cff<
zLqhdMQu`_%#@Tpcanns++Cv_u^s6oVBv`g!8n-BWArEup1LAN|vsNO)14cysB?(Cj
zN_dOx8Q2royAe@inuRvPCN}1b69i`zaUpumwV_cC+0C
zcD5T~bmd_S(^(ja)5bBadLyrcz*0;b=Bi
zyz)p0hfY5zdU>aXdRAVC?!@b(F?(SAj9}scJP|vw-GWev#lnA3HdD#+
z8&}DPC!tUCN_2P+PhF?*2vznW?8Zc2`iO;sp|7-R8V|?aJ#bx^!*1)c8OYRs{zU`m
z=@@1!`U5ZJ%K1-idnIdcd<)^P$Pdw&;1W+4fzG89QA4xf1>|z0M|mED$$@#USa~;b
z?mC}XPwazv?}0%*LxrWY^4l_Q=TPSqVw(e{sdHYz=Eo|M!`fmP5w*Hfn>aPB2m^)Q
zZnwXGPe@v_lfLbY?-QeKUJY$F*fs3`6%6OPG52_rcx-i9?=FTE=l40{JvljMD-VzV
zSX%qUQ)JbMMQgmGrt-%LisD+#VGLo|_RF#BfTD2CyVzKfF`k}`)#h|Dr7LZ9yt?eN
zyT=e`a76wzj4!tidIe{9ZA@pENdO{#Gc=k-ZpuC^03|JOHIE96vQKmkfKsb%QHELz
zOZ;9QnBpo6)TIlC@z-l^Z7D-&{hs-^oiZ8Wne*r;r23qt-xD()0
z?+5vIyyssBrq@S-cDEC;b?a!q5{F>Z=QDs=L|lY`sBD9mjE-Fqp|uUvTa1a2DU}~?
z-9lu9Sv5^V4Y-4$vJ06JTwx3qi_2imv@70c{kY9lEF#-J6
zMkD2r(V5mo2~eiN8vE@*n$8#m5{z~~L;s*|el}>!f2{II13MfJfi$qe%K!~vyg9TE
zVlb1Iygv%Umg4jXs@pkZXxY+(m$e0gR;KL1JTZig?zfWJA_#N>BNe%>G_<^O$CXkgpV2Zpif8+iDT59R-UP6-
z8~JXFX7x~`L0B0&D5V1H6m_f%j^!pDZ@{tQ(H}l?tm{g>R|dqy4ode!voC3D@onUJ
z<0IWzVo;?6ViFud`l7YK8ALMfjeEzvR$s(c;3bVd>kV!Pt%n}J*$ktQS_nU2p&Vq3
zFa1_V7~5kUh*w@moIV;qVre?tnp{7KCl$Si*wiW}2QB1B-phI%^Vg3?O^E(?|VoM`4!)Fp}H0swPg2
zh&5}e0stivCjhoXHbuMRuW`qBr`>moreTP4Ap=)uPA0p7AsM92K}1OOA`T*Vly&WtCDLS4JU$sT)^iqU0Aw$`Lb?=ysq8u
zt0Em0a6&Q3T0I9Dk_~NH&NmAXSlHat)InG&a0+~Hc165dVm~RCgV>Wz8v3;JDyftZ
z4_DyEE^9aI;%nW(;q(!_I9Me(bR;#C^Twsff8peVHf?ggj7y%w_KBBFgoepG*(J$#
z)zDDSeBQu9#iTrT)_ShRWtja2mCQb%DlJdZGrGL%aagvGAxKzHWS6@S1Sg9fnnsqz
zR1JbD49$OmqL|5l1prihy6mx+C(U%j+Gbe*LU=J&HlYMbz_7+-ngkz^Smf%n!w}Dm
z_e+N3stcX3TnVPc#peP)aR0l&JMQv%f@+2@63*Rl*wVW$Fq3{gNKOJRsB@)QL15XONYFJ5C%#UNmlliCAy?ZCvEqiEFtSe$EH8l7ltdJ|YWMyH79nh2c@Zk1!piot}4RV6I@`%S?VW-ir`;_x3Tk7A&UVTB2C^
zK2Rvv`$n~7Z-=QCIN%XVlDkk&kD|$8t8EmNts1V;m}!|P5SeWLTw;X)lLm{~$XQi?
z$=pj9h^bxu48RBlw{Thkbsx3w<1f)3IIp{t&nSJzDJ{P(@$>=M#!72)8~q-rV)F^k
z3+GAj8zi(4K7((%-P6A3)6>#+yt%HAXG;R!
zlsX=Pbr$?Fw`GB{B?XoOn@d1~_bIy(LJNjEFKvjdaDm3Uv;$B-(#V3%l|dXyeD}v)
zzz2qIcD_o17;3{c;FDOLW4QkPnKlNls>4BmGGtL&Ko?3axhkcAMvS?Itm5)fdGRnW
zUY)CkC~$H6>a)}>zUjj9iv4ONwMZ#I35jjzDvX~?qVKE7h|xuQ0k&HFYnG3g%qBf{QQkBN!fGa
z57$Ece`U#{>M?dWe_fgC%p?voPxxVhn?%RF!tv{?B!Y}Rq`b{ClA2ETWj0l^eu-I`
zZxlRX(fmsQ8i`4!fn;H|paUHG5F_ViiyG9hZZg3*p?4E>bJfh$hONZ$!-25d2bG7S
zv(4xZ3ePZtM*oSL5x{;~oYg2V_w4l&l1k&UUp5gKb4r{kXZa+>K0LBK=0;f8oyd5D
zS8|VFIy=DuCUg`CC>66ukv~qoQy>wrZ_`m9>={Wgp|RYX07UI|w!pyo(9Tq^HHp}0
zcypF$(G(Y{U?5|gCQE=TB*LVu-M9WYKzGc!V^@MxxHs4&uhGr}y~v14hj!-fiE
z2pcMB_kxg7+>qg3Zh(ut<4%>L9AXR
zrc;!Uaw}_p!6;I@FTy@q=Z=b!E>0B-#Fgza1guD>mJx3Si{52zGC~z6w=@%LLN?M
zf(9Kxc(KkQ(VZykDM(SHT#0q9rv3zP8C0O#Nu(^9)rAvn^=1KXTiJMGCxg}#+nwND
zx}sii&dGJOni-@v_v|=kq`?-Lk>E`!jR=Qkn7m5aHFtJ;z{tC5P>TGM^pcw)R=WK;
z`=&2vGnmZ{6N`}rJ}#z%>rCnuDqQr^y>&E{ZVoIvqCgofqLBIW7D*qu0*Zp>X1hgN-fW1jaaXhER!s~$W0klP9*psq!
z47GY8lJ|uZ)Ege4U7Y}2f8w(GS1!mpm0i>_Vx6inaoT834+hC5q~{FE3;2s`siU)`
zwiqP%WKmh~cY4Q4V_(6&@+MlbNQGxDbVq&b#B&D)#~y^n%H%$l9h2%us6{dPMLeFf
zkCiedIL31&U|BVhfa#Z&0RYsuYJ-L-k0$8y*wBG5*iV?c%{ekzpK}LK
zwvGR>b^=}(`$}+D?A(Sc`<#^`9?U#YR&ZgPQdP-@9Gi-v@*})JPNlFyR3#g{Tt+)$
z#rjGRlu<9T_wc-uN4;qs$l_O;6|cBnqj13}Tw?L(>hQ58Ah2jDNik+drIa_0{jh*a
zzDNWYS)47Y-x5nLFH(qqqsS2_&`Sj7`2hBqS^7isTPatt92E>zw(?nv2cW~)6#qI2
ze^A`orHUAVCvr=8Nl$K4(0MhNOsalWUc7|idZ#-8Lp*B?>G{(Bvju}Cn9)8!R|S6b
zHM33B?dEDs{ziu{MlgYz6PRP706!u)~
zqU`Y9L;)a5-8&BhA{<;G`yweRuH#MOKJJqbTNC~=;rE8rmKFj?9sAjuc0O{vze#;+
z7b8$Q2KN{JU5EXn2?ig);ZwAcCdT9xBc|jJP(dvo4YIG=Yb4}*+zj0FYz(gx$pIW9kDS89@1wR%n@GLwot81mn$2^+#hRt=cqxlvtAV=;H+*r*W;C6;sT+G2tSaJ(a
zc+7A|@=1BS`B0=19oGa)u*)d7QRq7$@Gsw3bxmu#
ztaeeiBHyjbbKs%<$^u4)*F(S}>w6}+$jY}F(EUVfd!NFnM?l^+P?Bt`x&7jcP*SN{
zDG@w}iCIc{0LK%JDU(1F+S4~l;450!Tk87mABPHMH^tTm`kr;@xy+nD?d+?t`Dq42
z#SNsh5fYj^LSzL^AY8Yo6(dp>{bJnF9cTL4akgfs2ClMD4SVv%VUK?_F%kW+y9*D9
zN%4Ss%xW^{da?Z1Ad%v738O(sC&Hm~R@_hwsSn{1008iBtRy%COg%tY%_gGKXbQ(*q#N8+i%C$H9U9T|SDPqO1p%}VT(@I}a)3al0-CSau
z)m-F9Zqj{5bx?02tj(29Dy|@{#v;zDwQ!v|157{lidHQY!Lgeb8Rf*ON{Ws>OE#P>
zZ(A&PF@^qmYtqwBmefNR#*_9683IKpA1OLIKv@;g?17BAk?^Qi*xB_gQ5~LD=mqh=
zCgfv$!#4aMqLDe33m|((TP!&pm9j!y7;Q<_Bb&^Pl*5sb27;CcLD8T!ep}}%l@|hP
z;uh*q4usYQPFD9J;u3f8{CcPj(>*N5nLUO0;xLB!pMR~OQrU(8Ax%1?x7R4QutTYS
znoDo_ZFV4yARN#PP(~od3r$iD84qxMDD8UT?_dYTrf?bi`A}_7UN`6_c)|~lGIk{^>
zT#*VLo$iF-S^bPbD^wAfw0%rI3NUvqz|=@`L>MsczU>a1J|nPc#vtlzbx;ArtQuJM
z(3FX8UY?_PJ>)npV;r^q6c
z>oq0+m_XKOT)qq+tJgN0Qz^Zvd?j?R(7Vw#wQ7+hu(01(I-{e#emAEWM>Icx_3lA{
zNLrfcuNt#swo{N7rG1n$6I=D=1_?EGMaXt><9_!?k49)alDO-{Z8usVH)~E&BG~pd
zLY&r(3rvt1sB^}GiJ~sa3f*8`&6dG>1xFS)3|%>LqAeFm1i_tqERY~wcw?>8
z+c%ZO(yFhvg9ty=r|E~JL7-Z23Z+1AT1CTLtW*N9Wh{e{`hgU$Twt2=x5Fna$&~Ph
zOnc@K6~t3QNX@mYaRMsy`X1*UGslQ{Jmud?PH+yrLrh{6{uE~v7i2+})u9U;{kT-%
z)Qm5@jv39*>TNcbFR3Wi>hs`a-(~upC6F{s?301xK_+HMm*-@xwfmT#s0z<|))+eQ=w^M6w-L9iETt0$(cJJxb4KB?4{EMR(7cXEH!
z?<}ab#T*P6t3jc;RV@NRt5w=vpi7lp7B1WRoJv>jxIo|e29i7qi>b(x8C5h`Al00b;Q3C(
zGAd+Kn1=E0&{1>AG9n}6f)LcRSZjiBL2pxLYF0-bm)$C6UzWpeYTq72pXVq%{iwMs3(dN3LQ^7Wj+GQNR{1w1oQo4iGIM
z5atP!$+Uto>~RIQ*lX${ZxvHVG^q+b
zu`7}+>#&hR%%pR{m0~mc-sXEY_ry`6-~Hn^x?|}naHgWD2s0M~RPIz#LhF1;S1FBy
z!s>1#7nw6x;Ks&r`~dUxDANU5vN(jvg^PDRdSCE|L1-}KcOLy{geTKDl!4j#4ag9{
zFd3nXlp%1m@$`bvp{onwiAMSGVDA3yWj3dn+=iCSD{BE?IB13-tAZNVk|jX!1susPMvOMT7OJZOT=RypXuTwR0yQ*|D-xl7m2$54@q
zE_qtK1G3(mTn8(eb?D}g^_O{kZ3`l(UKy}X5}l8XTTjTlmtX=DxABeRk?k18j3Gc*%#}>o=eoa-1{hSr`Hht>9ewZUu-}bn0ZZGm
zVnCQwdYL>zatDkl5a~7#-RtAgK&tMormp{%
z)IeqRWyva{T)PBPA5;e2>>f_6+khEmP
zT(bOBsvZ@7DF~md2uvc#)&-(7XE{oYBdK<84om^37w@`^3vpkg2bi1afR(ICXx?M+
z4T%yDgU(l{cYsE{#*%7*vLP9g_PZJg(<`5V!;&r1w%;H=uK3;TAyujswThIq7F2C}-2J|1K^@o;8(
zfpb9AwazZFbwzCY+S8^D_9&0~$K4%Ew`e=cMFoeA0d}_z+f%9nl~bZ(N6gZ7FUSB?
z6_grI7dI?XO@kGaPF8Ql@T0dx!i6HWK(KlGS%hYJdX&vbv<|}WJVDIvo{NgG=w^-?
z`l6-V-dZ9T7lrhqHAbP&oIMJC=uA?MdpG;c*fdJnGfcpc;DL>@PUx%I^Qd__*-Nv`
zGt*mVV<-`)X$&m^x~!Tz)ZwVYRt%^wn&cF5LAxO>e~AnEWjM=%OxSlYhcJ;v1E
zklPZ#tp`7x$&;8N*_ZZ^O>5XmysC
zGYI=zm3GKH5T4$7ESi%wPZX3lI4$C@6y+MzZOI}D#OMbgxQh0N$Rh|J<^)E^E%HqF
z%3zO{Uv2L1V~TUQklwPax!K1vFG*%;sm`CL69AxS1}>dZ+Am1z<;z~%m*6Zgnq}?C
zYP$=H95efYJc25XCp0H>Z{z9U=_b0L**`
zO?Y&|RXTEcbhBm+Bi>z+%}C}glGoXr4#BI#dGB>J-hZR}h~>CFOBa*qAP#Fl;kAe>
zi3Os77FP0G>~g9Yto{jd{Y2v0Ly8(r7-96Q~x2M;J*MKly7~?B=b1fb#HvyP(4@
zP!BP;ih{Cy)6M3y$qzf%hao%dA~dwgW0Ipl%NMUI0WWEDXWAxf9&^o|`2w*4R~X0a
zUB*c98=BL@W|lWSSkn{?F#|6m1R{75BHaWNT?v<@E#5rVtH2u4r5d<>a4R0k7
z7qHanc=Tx2E?*^}Kom>YdH&RChIR_#p9${5-i>D;!gWRg`DiS~_7SHOL^R}0sLUC`z)HvXSG<_7yndRymLQXY-PyffoPrg7Sz>ojz)mBRrjw47gUe>l
zmc|s0*;}3FhN&M_1(uEpmpqPRdhXWw#5P%;|1MQmZ*p=_RJ{7}X!;|zAAh5M}ueowOS
zU;v-MzZkF_<9heN7B|i>zVlL}a|J!0&@^sAldVYAo^9H2fN~IbNMp+5?m;wZfih1E
zF(jH>_B|+NfrjofIvT!R1zn*r8sSr~9^qu8j>ah6)4_9G82Z63DD%p6%+U@g=|pfU
zDmoJGTj^N>>$M57JRRvR{)ut1xXR6GhJ|+%<+_D$mDE_NjutVg9?3Rp&JQlQf)FD_
zWRr4|Y&=
zt@kghb~Y-tfY$e}*_t1Z-}d@ZuMbi<)H{p?|D!KXMHc(wrzEs~{V2{H9M4m_k?`F~
z;(subJe3Li&2ARvPBE32ozvn_mgB1HO~5CCI+b2sNkSfvBDKxN@
zfppNGP{M*9+hKqD7PD{QhM5p4pA}c}qMjMGc~#UQ3`st(hCCCQ?OmnmVMP
zWuY@_gQW*eR_=C<0AEaeWKU_U$^|}VJh)#fjF$78LMt@eH;qSaVYn%}le+D-wM|$E
zna0L>cR=)RGmbzS7kI+SjEe1UdBgNg@tK{gDp@~@u{uqkXAN!HH
z2dLr{{58z>O1v|_nsm7jXr$c;70jTslHxqoD^=EW%&?r{ICj^>U0s=Yp|OD2YMpX*
zBvUVNk6Kr~(eUSxV(lRsY*Eo6T)0~n-%G|!PO>bMfUkHDnE8?n3(esr#DbYZsZ7k1
zEFR5#oGLEOd@hxx)2|F&j@i@D<>h^Ta4yH`(sns?mI}q(>1v3;U=Iqow*a2YaN@}O
z5{`hWDW;gXyGZz?V}4a1W+iC0AJVs&c=nfb#4lzw4?upK?;Q0I*xhN};YmFf2i2R^
zhv!eInk>p;3pX9{?zoEp2gBzq?3l{6q<&mu5=?oXPTrrSB?@RZ(S(0~FqEmD5y!c*
z1xa(eLq8Z?pN@h7bG71Lq&0spEaQ@2gN-3;Nb(;HLCMBs_|bl)vic@%Eq!3?FFN6_
zbU7vzr<<;Pl5&8Wi^^0Dk-S5!HdXX
zYF7HtY%%r(o_qKRxJq+vSgClH*O
zGHv&L+9DzGf9KzNn|UYf_D7i5Hz<_Bp@S@
z!nDRfOX23Vh6h~?{OGoYBe%TSa`UcGyR;j1Mqb}-+C?pY@wsiHQSw%S397XHi3x|QfV7TJt6tvh)__ehU1}I(!bA?8rlD@)1U4y0PFmEV<
zhWU<5uM^?bPp*CjFJa0chhQ(C9JTMmgNgRWn2|8~j52TdD5y~%0tDFl90OiDF9I2G
z>o7D|z>8wd$O+3GSyFb?>Z^KyvL(Tc9Otr;)nDAgdt>JO`OI;$bj1(vFVQ@l(ab`y`guB%KP7pi}ysk>|ReJq6qG)ViYZtjqi#EKnN9C@|+c;@xs%WUD;;SjSt!yqHt)-7`X)=1xG_$
z{-G
zj@z(gfVDw71AHlXXb45tWzl0|fKV|!Xg}N8?Iro}PcJko$D$;Ve5G^j6@VoztUbEE
z2W_g}Eg{vuA*50bQY)t5KsOU4c;}#u4e&Vhkcst@uOdDeI%CTQMSZ)ZwMJrP=>>c%
z;y15~_!dv}%YQwbs2CQY&8ZYV_}rjO#~yFr6U8r^nGJjvp#p%5~EDJq%LJu@m4^}&p_5cVp+9u&-=^){)ArqS`J
zhj7*l8I$;veQZUqZFCu~p{ewYo-0g`&(4D&444i~VVj{YS4q=s4#I`QcIq)jls-4CXBr6)8)pN=$VSrt_!m{M8oj?m{
zrPtj-owF1)kQ7{`JH3+XZMmQ3p$#l#lf5V#@7T%)o)$Y?L9e7TRJ0Jwr@0V#n~>Fn
z9YA3B)*UQdW8)?`qk5Q}4zOZ-gugv%^3lCt6RW||jLW;ILhd0~&Y4&8Ee9qPWOc3a
zS*FWi8O?kP%u-i4Kdohu$}H3#kJ83>DrhI3N`QPC2jFS*5PrA)k7J=3j-l?;`|;C&_dQ=x6bA(D`dlTL^RA6hA`S+tH*85KMuo1Yw
z*oesG{yb)!Jk@p48m(+9GEbZ#@}#JNXCTfn3JxSGs$yA94~mdWV9M@0w&ZPXqliX3
zcCmtJnV0!z9t0G2LX9^QIP2)4_1bNi%i$|Pg(Mp+Or|sS!~9}LiwlLoWrq@lKD?+#
z18T>Pv)C(|O|fJ_zlBWV$M6-acIEoVUeGcyzZ}1HYrlzACnAV)$wOenL-hKoZVs_h
zSkwH5ui)LeZbBm9Ct95=N8juLru)9#JCp(I6UDP^OG$`M+P<9Gh8i==FJ0IJpQb{W
zJf^9AH_AI0yu|`kNgiNM4N-lP+kpDZ-uh4s@${
zpxYzNt(3Mx+3I-J8XMg08`|e0gD?S2-a(Dbn*2lL3yQz6z
zq!9+~Y{hoWP2k0*^P85qfuj-x%2Imi>@xLt>g=otY-hteh!~bD7;MCc)=odqkUKP17&!sEauLd06Z{>wiv#g8cvg_{DQjAHW2#?p{(a_r||%f^g3fWFwa=p
zB52jXvBGPjrX}_5Y@4{Cz-3`y2}{&`qNW$se1>r*74tii8E7rr9FUCk^IQR|<~$fv
zj&63Xz1L(t%(9Dk?KL@P5jc}XG>J1&AuPcGo2wv47`06;Op3SL9ZK=+L~H^<
zH&1eU`cM9j($TzWI=J;)*?Jhe_?b_fX)+l@O$pc_GY7
z_SuWUGpypO$?L#dUDaFIpjC>}JH+o;>or7)#la9b%S1+t_+BcOedi586_;KIYyT0z
z2Juw#y#(Fi*zfU%u6dBQbs6w7*+y+N@8M~XDIOl!(oNrW&-f)NrENVKn0}*hl3%c@
z*`wFdvWN9mk_WK>Vqt&M?Me-n_o4yZG^skzz#5bj(4>sD&Qvjm=bZ
z|Cj>mlZBp*3FT`}feRm?0+QIQ%3ea}2Dino$EKU)W3xBqVgZSLp=YEb*LL14Xba19
z1mYRANNagH?r2sn`zlSleQx)XI>U9zJGExLa8s!FppDfX>@7$|mqr%vkSksb6D9NJJo_Cvz6vhpW*1JiKm^i)^`{Fj>0r=kN2q=IwnqcMR
z4vi$*cj(5~dhc7_X3kw@l22$F=efe{5n6U`qg!S!>j(8^7Fu#FU9QVbi_U}+(0CYj
z)Urs3SAOZBCPfz*RaqA>RhqX(>IDxa@h-kzj7$%cZ#s0NzjPfw;0jGB&%hxI5-PY5GVhf^%L}rP)8q`>!iVL8;
zrCkhOGu^i6fezFjg9ULqAQxIbp4fxW&K7{N5589V}*$T$tI5swW
z9BeZ$dpWrpjy6OT)etThjYYu2Q9KOhm|vZt6~`bdHLVy-Kl8<6R|^FKn!Nvise2PR
z$+EIeG*v)gR1|q`fR=zQG);F!*4`Ek)m2e+R#$hGmBk_|VN_&fWmIKmWJg41RiU=1
zh%ADDK0#;14Us`dP#F|O98ghFKzy=@zzCy&D~#K3L?841-*(Tr=bjUHiO71R0$-hs
z8#nGf%eVZ$ZPoxQ?AkPRLUReoAg^F+?1-4Hq87D^!7lxKh$ms|toE~NpE(OVx)fyJ
zVCLFZzML0x#w;EfV`p$v*%;Lyfx+;sMvT;hj_m~8I^$1~-zai3dq=06)ip2GuE^NE
zw=DwKVIv(T7nX3AVqoRHJn`-w!4I?*#8
zTz5cHszQ{9WT#O!mgdBG)7#pQrBjlk+c`c&<}yVkO^XmYm5Y(a_4p61SLqgx&Z)PHy;t_;bY?C<
zaRtn6fn&x|i9#iln7N)$6pUQ~Yv0c|id|v>Xj4%_4iL+bdy>%LFSv7%D=WX{eC2r?
zWY>d>vbUArg&kfS)@jfbBridC3&jf$=aCWknrOGhn3;L(
zH0Zcl8tSA&p;u=y33v<~c8kYGoPy6Vd~u6>Av_oGo{;^s!%(U-K!PD58SRl4vcqW7
zK-L$^6@lXh*wC&1gRJtXcz}qG7^p
zl$!__;zp~7mzEdvp^3acnhU?LS;@J+UR_?ZvjL8Y9oIe&4H5Ac2d$@NghvU-&2cgh
zk?~$_p4Ko2iTZWqdCNmYc!k6fy42d|>WX8?I6;sRUBR$|R4-&RTKR^q7ILPOowfr5
zfH(jUwTbDRH6Qa%O)FABT7(s`@PVoW9FakIpm)H#(sM0oj+Iu;YZ57h;zGU42256G
zY1r!)7|~vz_<6eiYjVdkgw_cV&s)gbue)eOcu^%}4n!*Avy&zwC(>{^hjh7oIgTiR
z(qO>8_hR!rh>K)gUuR7sc0LP(HIy
z&dZpD&7VFKs;p0?nEdL0(4;^eJ%YySk5WKgqx
zMKTW^up2r-#qiAjsuD1U1!@k3ze=sW0}ANk2u3@)VTM{(a#2=uV_~&BSVw~6RdDG@
z-cR19F{OO|(Fvrgo$GH&(yDZ#cnZaW$+oJiA0E^k5!ou62>0}EmSbj9jy0N!amwcy
zJKVxyi{*rfP0~Y>=f9zyQOJ~xpBpDvie3lu^@+0>UemN{&vxqu&gxwq&FdMXISbG6
zw3K}6mrmv$stb5x$@I>SX)!4iFs{$cu0+P)6DS*|VwY3qsL+5GyQ#vm;!i5Z7Wd0b
zO`R?(vIt6B=N(r^@?1=QdcW}+N>E(xAW(mGFcEg*przCUXH1?%yaWPJuR8iVPE(eH
zFpr0vZplK%@t$=-4O8uOiFV?H%zWEfL)BruGA)?x0BFIZ?#h6pCa^6sPcS1J5NUN;
zogaCP-Ey$Qb-Xu+Ud53GHl{k7igXm6LOc_T|7odp(zvf+c0tqt?^LYkXql4=tQQCT)=I_Md@(P6~zGwC!&L@44
zfIdkV;fI};GIMZ$^@
z0ou`_3SG~HYtWs{NJtOd`)#U+tARbVlG)_AgY1Kn#}|w9gYTrcnpUq7m7X_7#JkdJ
z0WCZsQQ#;%<5GrXYsJAs1ia;p(sPJRI!jGJc5ydOH-e6UgG8%ZPYm
z?w>3)2{H~5fn5Ec(aP?kVqU4UR?rqhw~w5Sq7E!KjGp%lpvJR=?RvW7)7{ZUY{aXXe6_a(Wu~qzc8r2)1PQe
z6}c9{z*`4(%-Mp}0FOD~e1Zqep7Y_$Sm*#%P2<>sxD_FaZn*guHNEu7n*%D=eH{Ni
zI|ReZx$n;r27pa`DF-)Rm;yRb0Fv7^3Iq6g3+$mYm_Bpn5zHf>u){|%i-;gUKunFo
zm00{`o_o=a1HIf6=fq&?EKNt2@_Vh2|oC)78lK0IVMK}GGA
zvL0d&?KU+>-9Vef$r^gQb~jhXNFGqYxArqEc8+ly-L-*K@HpGE)(jSLTu~IIoj$!R
zD3rH&R;OYgU{&EQc~-zz6@;_NZXBH&`OjHOrAz4H9F;CqMJmjR3{m`pa8#=-LFu=o
z?3Y$CWhWYm;o}r$+qu1qrepA}(YN#OQ=iLJW^ML*5(~y>*LuvxJ>*DrXUHuwtp>45spo|y?+si5N*}iX>%3Aa`p?}I}(A_
zVCkS{PYFXh>>ENk1$P%u62&PIFD7{_DJE`hrlhM&Yns7ko0^yIP>&Q*mCzjb0<`0P
zpM#%J8;K%U=78^l1Z)nXI_d#RMM?x+x5Rz#X}%(BHm!Wf^<>~-@8Ed=@tlxm5OP+X
ztq_sLR$8_SvSrBaw~I(uhC+a6#PPQf`3x5~D}75(SzT@89E^wqCFJCBPoFDzRMg}{
zL(emVGL!>{)tOMU1e&Yh=xD2;v33fI0Q>9|$XZ&>-#@HAi;T73z|NIdBCp$-2BRWqG3E9`xcMMnN;hIw?N5c(-3G};)0$cg(bU;TV
ziFkp6#iR&!CH0f9CiT+_52K`?D$^iBzvt6z`KjEu8PeDB};If3!&70{f%g@;Gyzj3CQ9KM}S_$}-
zXbE_p2>`tph$mSn@x1*Z+i*({!>cc%T+=hjj_uOXcahpWUh-A!4pR&%O
zeE4x8@HLFl)&@2Fx5)k5A1PFa=kd-W*mxmhyrHoX@nCtDdBAA(iwR_|i~}4rwRB2V
zzg$ij7;7}UmDGLcGDz0kqJ;I4tMe|_4nCF?0iEq)Rd#SE_0{{kRtslSbk63Q=0?WQQ
zLU})MJ`Q>T;)MmH1MUd{?^~WyWw=Q_$Ev3tgqp?lctuvB{4$FCR8cLL;-t=*t8ALk
zY_hf6cmscZh2KM|uZ|HqI6E0ZvwstXqg;AX2G;Ff=FUQ)i1q)BA^K|Da{^f#
z75aGt)wL-y)9ubaA{!7yimn23r+IMYEC7Q|x$zdW$vH>B`Wj8JJ6nr>&m`;_iss@-
zuJgkupFas#dO@+sbuP#=)Ud%FX#^Lc6L4SV?M=c~`zsXJ%5E7?K?vi;LuJPELgYOt
zXJJ%t6d1A>`g7~8$HC!9`L%c&7OwuE{oYe4he(m1IXfM2$NGZB^L+K=rzmyh6}Ymp
zRq_f^-S0NqDrm4tYePmmJhhFCnG9k?h#y&Z6oBmll;q|)=24skGYTzk17+TOmrwM!
zCTpFGTvV>ZI()N(rvVq`ilhV)9T7By($6A6(-tfp?*BuC>Ky0fNsGdbQQM
z^;RIwgPyLLn3Q-PiUQfUXfaC_cQyO0EYw@86@o!v|20gfb>4IHoW^XuM!V=j+W=6@
zFP+Ev!%3i;2?*ig;2L>()500jpCWFJ!{=c?0>NNPOuBGI+}*!&dLS88nAGMts0-}!
zo-?<|QKi}*P?iN-gyO)|hpeKwAn|#x)$=NwQI@r+5m`|0CVQ-zb0qae&EcpVLNaB>EiXtYkYo4D0>=vqzrrBG1!Ko+g?0`J8uD3>mtjo-$9JG
zuLoo^G@B=!3OkD*{H~6m-gs7GMF@&O#S&zOY_D>3siO6Dr%BL3*hw@6q5cS^iT$z^
zRl^t&P>a2tBOG05fjW2=R5k#tQK9Xtnd|wfUh!K8RaG*6LDPc
z&7u|PdBI$?dv^n-+LqqlcmvZlt`n1XZnz@QcA_*nn9rXeg{~bCM>;EOS4cI_rJNt%Li`LMR@pQV$O1
zv(UQaJST%u7P6&#$9)JE6%gIE3zWAiWh2lM8+?g8OjB=BhYq@U{sFM*pqevR`L=W
z1ZXJr-1B=pth(StQ*CEn>9qo<1v5BhS_`(9Ie!ZuWPXprC*}eX#o*9!aD2Ju_U!?+
zbw@oHxRiR6yEqTV1s3V6SMDgl_8i5)@1jyBu2hTLpaW_Uc_tj$|J&>ssiSrSdX(X>
z&=;UCaDsWkl~Y%Q%0o>>ie!Iq!D0cPx0xgOiR3YB6g7D2$B?x-M30e06}&Nwp`Z_>
zPcv%>8oEQdFZ8~U7Im3f&?K9~`bP+XVbz)EFe_SDl(>?dBhtIMo|$cBPqDXhKaukV
z1&w8g>)7NozQPv}d510@5UbRXfo#?N6t;$FwZM#u#i-@1(5Pu^N{>U>c@?UEF%u?q
zj_WSoAxm5+1yHnP%8?GdzU27bO}4>FJy}?6%8#P^b?N~<0JjV}yD;K!aSaJ;nW~|5
zxePaDgXUnMh|?iy=vHz+C@6nr)ZNM{(G*`@`qTCv+M7l+VNaW*bVA@N=`OQuQ3byf
zST$hP4lkV{Z6R+P0rF*=m+(W+l0n&1D|!p_saS@j{;3JAm;Zqc7z>Czd^E49U2n-`9JMsXJ57)Oh
zHYs-c+(2VVX>+va1V;l2)ltHYA63arH90#zzEpM?xa&f#q*{Ugov0LmYUygDz_e
z9fWG0S#^T1Haj+#H^oiB{Rc5BEwISmP?e9@tNw|QoI9()I+bTaNkcs?a$PYR2<&Au
zYkn~!AjE=N8^j_~X*Qo;uEO#3H!7CLB=J>}ZmsxRWhgl-)KtX($*Jb**o*Y^HYq&D
zi1(u))edz&++J-ISJ@`~7T$TTN**Zn^*2mq7TRhN#)4ew;Wi|#V9s0-i*{^6TdZ84k=0*lL73V>L#tE>mA#Mu^NDAE2xx5C}K106;&v;(Dqe9UVvS!YofZeqY
z7xSI*A`R53TryL^As^V0UbJxL7!PWb=}>S1eo7Q{l%)!1sE!Xt+1IE0MGT2VD=|i;+YubJ~M%9w1=&N_T`%mfD4T@nGQwYC&G!-M=~^V?8wqb^Wb$
znx*3(XEX6(s;l0E-;%(#I%ydz%by!Ne9(S1S)A;^8WxBvp_Y9u{tJxkQv1OXDo=y^
zXMsf8tWz+LeZ1|Lbnmj+E1MzG+ONqWMYJRJK7k75HGpI!nf{^{5ru3D2b+h(`UoeM
zGKMW25|e;uFcz6thFdN403ff2#@Y6e1G$0vlyo)EP@wW--L#iuxNJp(+t%6(hykY5
zmwIbd4@T>KM1P2W2C2x-F_qW<bjCoekfS?;@N9l2}dkOsXPlFSGD-Ge2qCVzJ(|)
za=oqf*SGp3j@{PdlVgrC9?A;>rjEdD>?`_xkMUCUHiaT0ZkyJPIjX011SUhzYmcBd
zSk2`nuZhJ+NV_n#yJPo>$`;$5*%!!WXr5%t#ivLaP$S!6sT6?4P@#Ahts*6#F5SQ_
z?m&BdYb!|7z#;S|F=E*D+Pz2sV!?P5UbnbBftA%0TTIwB=W6Q{7q+W&O-DYGz3lsY
zc2n=8s8?V0YZRQ|M6x;J>0s+A2IjUh+~{jAF&IS@0W6UYt>{
zCQu{&oHjS*I$0=`$I7h+E6%XBlN3HY1*x;02CY2yhIQH_zQiNwQ}Nz@z_CSt__I
zuxga`vcN#1%Ikxf^zw^t@{>l{T00l=w6CMFV=Giobg;R#jc$jgsAF$uV!qV^!hcdL
zI4~D9OosFnEP5>ukE;xbc-!{sG#hQqCMM&Cjf$F9*T
zkjirnSIKnOz{2;qiH8N7I!87%bO5Xw3^#-{_a-gsi%rKYDELMk3M+U94s}_nd8oe}
zXK2ULg^`HX?@7~`v#epkj*Sgb@X0P+=%D03y-lbeNB2gigcNedCL5iL8oA&+|bJ^={NbGAkZJ-+uf=e%C(yJ-o!yIv_gIcQJ)aM)ha54#Cv!E;bEhMJ
zoz2qzp7_$n%s?osMsxA7*sR{N8`yq;>yn;PJrb0m1TH6*85+-
zJ)HC@Z-u4N{Iol#D6;KB@`I~}V&S7b(x<2+lwY3b8O*^_Dot^FL!H!`ej5Ywj9`_v
zz2;s5BZU2dHV{&hY!Fm;_Bl}BLsZ&QAg_R+)#F~Q%x9J+a3mHa0`Y-S7FEHMS-?(q_YH;I~h!_
zH8T0KWT*0`p>;ED4d}8E!fc{BJgx5Cuwcx*t(=9g^&%#G3|WaPaAve_ZDqAyD{3!r*b;1=XNage
zlvV5%l*YETr*h%7!0m(b?tTz=YwsE&1%?~kBW|98fgYLp;912Q(M#60GF<79R9x_g
z0BK5EZ+7|=;XvW%9%{otDdEOKm|pJP(v0tB)k+`(WJ1`*7B;E3cnZc$=}R
z94E?|ZDhhJumsc;h+KblvN5!f_q0IBt9b20YK<%r^wHiqiwt#?8ueO8V$<`+Q7r>I
zCtp;Xl413dR^EYwOUaqqX&q+2&T%RQx1@LngVHgbIC#9GCXC+QmNQQ#_H3a9UKo&f
zIshLJSPta>b_rUzSZ)#toXpwa0817lGd`Y`Il=^Ic*Qim5&MB6Zv==TSL$)~7W3QG
z-+?aUl^&oj<2zJ8#t@3Dc!00l(IMZ3CX|Z$BUr8Z!>~mYq08KhR#?eA#3d`tVIf_K
znDNeX#Ou&tVKhvzyjFtu%Yj;nd6`R`pkd!fLD+o)9b7c0E&!{u5is;^$JUB?rDoKpgk%IiU8aQ
z@@l2nJ+_en9c9VF^*NzVe$;E)gKsqJ!U<+Ao=0f(kyx)@TlI8uy@?|c7iNO5k&Osj
zs-kTb&90@Xos$aWHeb^Ufyeig^|k|n0AC-MCPIwWWl5U9ZWDEYF=mQ0HNISNceY}H
zW|Fb_yx1MDDJ65HT@-Z~6;@C+Qp+?`OkiEZr*()BAG8f0jVIt{lg@CpZ4vlj`d*|~
z{c@cyIy64dQ+bx98DQ%c-0-j*v3BG(Knl?Y$$74#%>M(}3NYb1xsP4puR_{!X|)5D
zeuiKs?dSTO#&VCZ4^MEer9|kHY_&$p4feN1t7}p8T%_0m_Hl}|k~30lN5^T3bPz3?
zqgAYrun!;)?vl3)rlgE!ho_#V#l8=Y$|t9o3E5rC5Etga^~GSov&xNv;kC~%8sOkt
zt*HqG`XhKjFQ+f-WDq@tZB*kY?nnoh3s;{e+Yp7TxBq>$cd)}Y57@(Wc`+*rT;G$8
zGxANllam=hT*M|ee>`OR6yt$o!`QNh;lN1`=b##!k5`K?BjKTzQB1qDR_$fVz@<)i
zl$?hMQVRsTK73D(R|b%DHX-H)<2B+9O{C;OmXh=~CM3y6g341AxXTc0U|mah<>@PE
zz+G9AY_O8R!YsFWu2EY-BT-R~f(#nwk69tn2KKdG~HijvYOa591abJR(E
zQP_nb)t>RHEYyO`9e@Wosh94Cz1BK(Lc?X@r#w4E;Ow1E32s)_&Dnp#*2gVx5746<6G-OnBCcm7oI`LLxdxu<`Mh6b2656iNYyf%Be?
z*O5vrNTG(*evUEUpn!`Nl$)b+la~9yT&~_Jz5&Ui${aU`oBi>2Zw&Qe7PpJnpk3kkf?ZoZ7G`KoE4o|5ehsOwaY`{nSE)gDRv9{opC$>?KV~e!Z0GA
zJxR$7?{x7alD|1;F|`*^(P#Qho|ABzA~tS@yFdQ%WzzjN*-51+
zbbQL9r)6sbTX%=lDDX6k8j#(c+jJ7@-8!5PUL=PR!;9hjHZf(1^?`$dn;l~vxA;>s
zKe^wkFl8C{Np?_?X?4e>WRrqbX!(oFK+l$t#z}d&*eRPN=fCDzm0B$UpFlgczO?@htTF4%`f%~
z|C_y>P&*?&jWP~MaXh({pGq4Rn)+SPpU@uHYsV~(OLq>VOF^Q7giy<+slVAk_mSfVT^PP
z37$2pl^zpJxvn#ZN~+O2P=1`e1M1)bZjV%cn)f>GwxjI!@%z^Y>Y3`c`bXBMyEGBpL&kr-E1QpNg{kp
zcGg^f(AC5U9l$B2&e!P3X~c@f`tV|l%nDL6_}>B_lC$cbZKSB4Md)(nGpLr2+jAvL
zolnVYsMcWDBPj8JHUK%Y+3$`nTvN>ya8)+8(^LbQawwK2;W17{TdUN%OTD??nThUGIc9+Op4AV&e7_qe|4)*Cx`A9e?R;^
z2%{`h;R$(xLhZf&!49F&%z-cghe=Jb2{2X&>tq!iTArjL112#NwK4Dn3fh&baOE4d
zg2CTN>xVFqR&`tzw?rtF9^<&sbcfi3G`Wv9R-6p9P+~XX{8Fe}Zdh^UTnHR?;u1+_
zI$*W4zS
z>$_@8>>`RrCVi#@ca!=iRZvRruEN$$URs2In-~>pQ2?_(LyB2gyHby%`Iijylt0&V
z6i7!HW^92Zo#DBGYI~+SXY}D!u!+x)20H^S0#E%Y$3@((L?r4;RF1eWH0N()**;9;w%O
z^eJ_!vY+#{lH<@NsI)dCPl}4hpB7-kLaq@xyPtEctH7cQVOJ52DKihbQUW^JLD@kM
zB`V(`vBB4c4V+;tcxkBx#+-+aq!^xXu{_S3-0@R^*J&)Bz_#VdW>%g&5SMLfDHsU;
z^U#|)77d07cru!MQ;m$+BXj}4
z0*nGVvLy!%_7AHl1f%eoEoySHW76Kzn#KAdmwH@z>WJj589Hv#`uBiuq#oO;mY#h`
zn~OZr5x9y?Gz6BM)CaDMM`C|bkQW#w2VWGITzp4S-77j3$jKRVQQYd>T07^J;Wfm|
z+1%TZcG=8)=ID14fL{Dg@@mCkXg-dji+Vwle04!i*j`h^8dF=PXc}T6j&Z9uscOKwn%K6Zia9|U6WvirG
zSN6imP2JLaCj4-e8B48AMkG%UFAjQH$pEnREb|MD0}5+7izYq{ZJ^w1W5LXp0OQao
zPV`N@kHM&dc364jggz&_vzZ07ZT1vN0jt1Ol|h>mhB&$p(DqoSH|xv2?wG7_NI
zEChauw((;auIlFVgQWP0w3Vs~SsON;OAr6`wd0;FVIB?kp;kzYz@UpQiV`c*+lUmylVt^F3`6qNZwCqp(A
zyy2>%(}wEyCfnWh)BVkh6Xb!M>rb{vn*{p^nn`v3VFVJeN&mDsJ};`lMOf9@bm*JY
z+gw?kdB3&W7kIbP8kZr
zp>TOf$J#OVI|LcyGOPCW09#Iz|
z6%Vkv&6YJ;UtWO^X)03(qQ~v_uToW4eh2=i7|i=AR!{yZzb9s02`8#&r9y6E0TBw3
zgJR@K2nJIvs-pVCv1j#SjlfsPRN_2>uzE=(yi*nN(hB*<7njaKw~=T}ykV=uR+lHqm11|kBxgvGK!%x(n-i1U7ikh1TNVpJD;rg33eIhc90I$Ts`nkAnp^%qE81=
z-~lY9y5=`svb`kku}iDsa#-!Q3drulz2wo!Oi}7UbX3~h2&Ct`w>qtqsZB@=rshb0
zvy15H&R})vY2y*591IGf(-#JlD+A~Hrc2N&Y^Qx-r@OvQ8C}r7B(4m&p8Utd;lQPc
zM=WuAO<-I!QGT$INZ-rb9$*Btv{Tcrp%C(%RE?OA9T?JQd}W3X2Yz=xuSNXK-HM}7
zB(i&+=a2oNcZMcoCyW;1hgkCf{g2}vZ4MNuS?(egMlLRB
z_$?U8nQKxKJ9@>Dyt1&3_IIq4qh!=&^jzbhdM{=-^C%~+L0yfC?2e^B|B6PQ6U)U6
zAHupy?gjsl#sId|A(zR}*jCP*Sz=PkJE-h{5Y9(
zt$7F?eoDvBP9MQc{i}oC5Q%YHYiQTBj#I(4w^{#`X);FxPkV;tHG%4>F6R92SuZA{
zP-qMZ2S=@iil=}WzmKkh;pSFL%Qx?00x5HXYDNu5#Ra-%M32jaU#rlKh-^7$mrZ?0
zGeYDmd3R<7e$ZPdfIuV9wZskD*``gcM)hp+?~@QlX5}8>eyz|VEqo@$ig29yQbmY5
zgitF0Y3p0^Q&2myN(#hNqneD=xPZcKH=Vj3;B;Zde@o1^qF7Ph-C0Vh!(M}>oo`E=l|;eT@)_%g
z@GcbX!v=9HW!O?|gqcueTW%5uVVJD)0>xPb7
zK8YvFr?&5B-!Gv|Ggwa$#VPw~-`4O791`T1SX&rOPD9o~zbmo)MIB34;Utq{PM}8~
z?I_N$e(o50@e(#~S=|Gxh3gmjI+U&h#0sxo@QnmGJDudL%M5$2%DmAW;pnIC9OBfS
zD$Xu;WVfw=6uF%&$0z3sh{RAu&j<$-Ln&BBiy11wD(&}B>|AU|`1PTHdwp8?~pH4HYdnii1lr8xb9X6*hHey9%69rb=vUh;CAMO6J|I;N@(9?KD
zEPNfPjbGdO0DYD#@1iO1aD?tX1j&W5ZhCeFX&UrErg^eC_6E-ZCEb=)(^El|MpxW(05Cj4Lx1
zadc0P%LJybxtI9Qbxujdy*s5MWai!l;(P~sw(wb4BD^dmj~Rd=kqic(?S>92cXlTD
z69F@0H0|b3_Rh;HwGBFdCp;h3x+W(n{710wu%=rRR+B5kdEjA~r3fkp_Jbyn6pO%$
ze%a|V1UGr8^@7T|*?d@`8!SRQ^K+)`Zn45B=&sSGH8TGRyuoMUY~u(}0Uq!etf(1a@B
z<45i#pYRk%Yz2;2!~1&B9sdbZ5GG^FE@K{`aDjv#m#wPkx6buRGSzCXpdzsX#V=yEvzj2T
zE?xsGg~FIHv&3Eq%k#?Sk@0fRhzqLfKUD#-Ou;N>ob0wR)GVcnp)?trvlPZr^*htz
z0U7Qw$ATHUi65sIrHv~XnuuFvE(j+BPoV0u5Wj3^xr%_I6d{DQy6T}Y5>z#>B3-hK
zB;^E2G&IdhJq&|HD$)`==eOj22xn0zS&O62WN`6#F
z&C2}sot5#hvj&Y22co8$gyLJ)x1Fqy!KNJ`Sqi~d6Sp4?1xo6=ijdI1aau>{8{$E7|0
zFG2kf%+7J^wYSip-yQRW5f}999QNF#O>xg>!an{Yd8|W)k@uSZcK568IxfTi%C=q>
z$?7if&tmWcc?+l*l{DMk_S}}eygVchMp(X=SszJ+T6_$)5moTV*ATuaEh)(@F^h+R
zI6XWSoC9~56y}AEYbVg`r;94Dq#QMP#2txXm@@yE9|Q;#_Pl(f!3xT3GW+Jlp4K8X
zE=tAW+RSnx8tk$9GwZerClqM6+L(sW
zp~99v4w^0wAoo3rGvXx{0+M338TBqcDOqV5(a1o}XyT2Qb^55dni1Isc#sI3q`vs3^-uq=$4WQBCg|$zCr_oH6>IdKoftF$rgzb~md?;Yxw>KbH
zeiNQ&H5l<-`_-vWD&B%P=#8b8Y%zDQk~e@_y^MgltDQ0W?$K6}ypFPc(&R;fp*6B1T^#5Ud3Py)9aj3!fIrbtwQEYp|k*3$3fH`{=;vZ
zj-2T((@rk1?~3oy+Pl)vw$fP~h>Zm-A$eV8l6Omo_v`7AKf>NKw3w%Ihlq8eilWC~
z65H1VZHC4{xwQQEn7pizw=Ueo+egk8WeVK)-gq-WW_aZ9VF;%4I0wr&SZ!le$+t}o6+Or5vz-KY6e?WPi&xY
z<#?S#fTfCwkk7p#Dl@GTB!1b#$>gL3cv?)p+6)8#O8D}s%XHTB%`=Qd1soYpn-r{)
z@O8K(r5}j^go(4ME=lB}Y_t|u2cz+Xjm%)l0^u0lKjg3HrN(c2mGMM(6Af<$tC4(e
z_yJ%M(Evqy-s&O^P5R6>oW3tplSYO+c2z8w#j0He0Bv;2Y(wD1Tw#!iK7r4hIRH`)
ziXwl~{!J3bto36grY2YThQNwKX{PxEIO9ao+M0J$%CAU(Gd@Dx`VLokaskdL=CS10
zc__Y=ImvvqEx@Rzu8SA?4>qjL9$kUHM427wxGr2X*aeCGWCAjx?BfP`R|I$b14IMu
zK(sFUm$N^0&Gtdd^}8SDIdFKK8@QIjeozv!lg|=!071!n`*Fy@j7?pi$b8|baNKbI
zg=1Dq>X|as28Wy$hA}!ZQaGQMo$p-NOr)$T79#{X3^zL69@^GR=Oc>H=uEm7(YJZh
z7Gu-nHuHF-P_hQ=isRHosut4)34Z6Op)3P1FeHsrc-m5xDrgz6tf;1vrC4yevX1X!
zkg@P?-%Z^;yj3tkgt1|&O6nq%MyxvsrlP9EzmFQUhSA{}Jh{m{f0^ax^#kub1F>YQ
zHnBh5y7+)0K_gUeh#02GzI-})L&?YcpmyB0bCAk<)4s?QQ;VrsT2ALYke))kP?m3c
zv8np!ld$uAM)qN8HjcL~-6c_#)NwnnE~eK}&i3-uljI-*b&8(f-csX)qvfYmS`qco
z1;rIOK@-^|amj>sk@YBIlK)u=Qi{K7e4>aWX)3LlrS+me1$`(vYH=^5cbNQ@<9;xm
z;b=e^Gx8>0I3OLhCMOs7!e$LDiY7NAbAt{A7ux8LxsXkDy`4RV5VRNjo!(l%cUeP;
zv}bHzI$wIGUo>B-f;)bi;fK=hYWM-F8Lsd27gkpW6w>60os?=}UZ%=@XA}rQ-x*0;
z^rkAlOVx(=3>-f7BA*XwZQC|I?VbDq#~KmnL~p{IL)(tw8Z^E}jcUY;KeON2s`Y}x
z{4&wz)Fu>`R?TUeGd%qnly~G;$VtoCGGFf8>Bi}@I0W`g0kpWNz>SEctloK`)5f?
z;0W)QGl&9UcvJaR=QRQ*mQ@MIW29_M^ra0&$eLPPj0|$<@+dr*IOS5BSJjQPy{g{7GnhEq|4TF%yvyrY|CBqMAe7UnS%#w@Xh(P=i{C{eLKM%W-H6KUY*YSFBw0mv~qY-yGN!_g#bM>=Fd>7WO351aZ;h2b2|Ksh&Hm@|ea
z2u26jEUGeyN=5%-bxMw==hyHe1Phj0RMlbYg(h2(xWewVrVM|FCKH~JaRs=nk
zZ?wc#s-jxpf2S
ziP$JLdY>kCA;p$s$NJ&rS$k8mze-MObh+KuC*>R4oHNx$&U8>!+KbyHFyF$5I*7cE
z-%svBQDG7V&yRdgQ!$`NW`d%EP+DaEIdLo^7H8QRWSNuOb9$?oEaFNa5k6U)+jc
zjwir*&>Y{csP{sJ6+A10Gh|AAS>TkkgP9RmrPX$gFk};r^{fv}C%)*oJJ&Hv+t7$1
z8;sAQp32~=LRR=Wt{jArnBi)o#XVGO!V2)!NZm^{N9S3{%Q|K*bUa8m!h0%nnP{MO
zYUf8>>xoN=f0MsI3yuOhO@)C(wcvk}Gd0aFYuLLeO;=$F>acvUj*MyS
znqx}*Qd`$**FR5G3Oy%=GPK|g)Wa2N6iCN5VT1_H08?NMg*LhwbELPBx}lvR;7QC3
z+e7T{SyEN=_U^bZplm!s$8Lzcv%=5Qsmi*PMo#{9#{vnf!8@0Lfu3a(m-3iLnmgGy
zl6c~Y_L#08zmMYwp0;3yu@{1n;wQ?upgJK$Lk+o5duk@&)raHa+RNm_ZBim|UJ8bq
zQ@#mR&+kJq<2k<%*G$q@lR8xuH46l$rFt;g9pcNI+a{7!DO@ws-%ZsZ*pHkcAhJjP
zy(%?w@)&8;5|DdtyD=;AWq2#yi!o_!d04WS>#$ZQ5CpPGFf%$%)Py^BFw-G`Q_3D!
zfHMU0EJiMPX-AezR2q^>C7Z!f1sV||c`
zu)sQmrlqP5vpl)B-d}m@i1cq~chtPI@{|f2&+jf?iGkEC<3kpp7xL^Czq%2mabGJ!>|dIMx*!B
zs`L?~oxl7f>mwFZr66TZnlhFWsfCl7bDkmYyg-a|XB|~*3t-2jl(T?Cc)7Dv0WXd#
zfr2G|S
zLNl#Bd3uquWxtP
zY2@0Yc*d*SB2w@;q}ZJM|aU?$$qty3LjLZARQ`gQ4M2s1?e?zG;;
ztc5i}&oirD)Uvg%V{==CUPbE$&ZT_qMPX$M=lFp+nk&w=ew!iTTn0D<)e(|_>E$GX
zgt`3uv1I=IP9&X{-Twe
zsDy5^E+XEMIUEQ?r4&MFi)@_L3l<%^M`UY+s;ix*=FXO4!s{&eVm--$v`MEu%OeDX9mGn1{V#vJUKv7mFn2NwIQW}Oy_
z>nrxyE1aaLUeo4>wxR{e#bO!j%~f#f>pwH$Kx8=bxu5%u!=g1@GCr(Xvk#_3z6*|k
zg{!F5E&yYrP)KyN$26`K(npeWi-WL&udMVfSW0w9+6>;r#CB(NMV*MJ@Cis|3Hz)T
zF<9@8;o`-fv6hBK2Wb6bcVhz`6^^a1qcsn*Y-u9gOU0kid9hK_mFzTOr{;(83XX~|
z#+%rh1|&I9!gVWiT_R2dI+A0*qXwXlgctHUYDqd0-1v;qs
z0yaeizD69uf)?L6xc}Jr#BdwMJ2B-@V`=X$ox4<__Hq?qq#;{|pGBae?)sJPwXp!5
z1x_6~H_@}nDb9>Mg|{o^zG<5ei<;)Ag#}GsnqhnHBuHdOI$DkI
z0GFwi6_tN$bd3KT#+tC|gcJ~4x_vlYKaZXcycPB#y3_rOH6V{^HEZ1oE%pSLy2i%H
z192%m$6mNljCvo{UB8y;tSyg2l
z3&v%TGVa%|#r}#H;?p$GnFC9;?JEMK$XJK`I+A7oEIn;J!tWmhz?*GJs8jJ6jtvxhEfYtH%9*d|qOl(9%=S;G|2#&r}+chhI--Qh(9LOe$
zvbtFbwtCX(Gq)c*-RX?CFLahVm&T|VvqR;OZ|-ebLg*Y@(HWl+t=~&kYOeERW5ps7
zSXzn*G*rvdjb@UB1@_$RZn*%5NDEZxa8~>U4eBXULM3tK016TV-pQ%7!F;S^v2#ky
zeNUglEvo`j(Ta-Lt0v5&JKW?;{R&TTkWlgkWyFc~>OE(P-f*ZlGVClTFG{|~ehr);
zf0;;o)p)w#z?&D1|4azj@?^7*FBU`nB#h$5&ZNe`swOh4M;H;^vvJnYVrB6(Vrp{9X&O~&2dy0#`lcKdAvMX
zpUjXS#k-4htgKPvd7yq2^Tjq=7Pl+LZTx}G(`n@E4y}*U?5lf(H8Gln{9M5W
zPOl2(WjJI{Iao$wleH}@RfNr=4+HVi*(u1mMAB_s>M~$)lE;61Cu19rn+i;@0MncZ
zQLT$7;>HYls1S?KnSbW4nlZc#2`p4@`=Cn$IYT|N=|p%(FAzMb#d7sE6*H_VDhT~V
z@;@QGNLi)E^-HJ<&1Oo47O*NeEJ~DoNWJd*h4sxoxnCGXTUlK_8)7Cge$s@OyO*Sy
zgmuL+m%?kZdR)Bl`NllSy8S*S(nvM@b{S;l@^X1WR1=Mty$cT)mby%5XOLat^7A
z9P#!k-hg@43E#^bv{B}n=|Dwb5MLM6NV|tyeSZj`f=EuSuNYNG6&#?H_eAAPCC1D_
zC}uMT_4s6J?KX+urZ*!c%@FOZ9A`CEB{t2G7w3t`qN^_ARioZd%24}UmblxVmZ}@I
zep&g5{AS{X#UYBiFO+{IQ?y(5f377Ym^?-6Bs5cB4&JE!##FXdlr-M?1zr{UO_Iqx
z9<%e}K+MYbw5X})A|H*9(;PtmgsLu`zJR1KfFk-CL#;UCg;Ns!C2r2@m(S6v@{)ga
zR5w9+ekbKfwp2K>L_(q@3zfxvi5|!^F+Dn31QlL@_I0>}6F~jjOXUDfO2!ZgdL>Rs
z#`BW;Eec8Q>~3ejPTqZaq(hsoi^^2BxIu;``kvXufie!_=T0$OkcT{oK>Vf63C=Yn
zcWa+;{fk@~XoPC2ojdy76{$s8g3jEuCo9PWiLqN}*3Ekkvx9Dm-Ga&$g}5GpGyLKr
z@|R?WL@~Rf>^W~j8=n_vUpNwrpGFLt`yR|Rp*
zm^Rx28M59Cj#T+S*Lxz8G_f1ICr#o6#MRoyc@kPf>1NsQP}&
z9{^6Zf-Xq|1U&VRZLUZpm_!CJ`p7&dmC9S2$8fQb(EesMzk>Cxb@|Qu_Lu%3Rz8#E
zQY0$s8!b^*XstNcHv|dv5G6%tU9>06>?&au^=n9rHb>gXiT-#p8eU84*=_0*Nf?jw
z@MT$VMfk{&Y2Pf+m(QeV#5-Z9soV%*qtu)UAx?P7Rg}vI$hbsGsq39vIAtYE0==sqyT@6vDqeMe%bkBxvFw-2
z*i-5S9D{B)@FQZk!`AwAf;1VZgnlP_KS-2R)-!
zXrnglHa1we*AFywd@^8Nr1g{f
zsB~XdoY)eWe^?W=a#RFHBBTW2%fBV?K>p28Djna9yLdW!{YfCJ7mW+E!l5voq<9Bz
zRW}zK$3Fx!(pskSNQF#de3fT7d&@Wv6|v#%jF?_hW4r08uY{;2*-1f#XL;^0HBUo3
zMA<>-`m61twOX7K(!s#t2_mpi6su#6)rv(vRgmsro{1t`VqBT6)CisjGbN+V7<8F<
z5^0Amm=Yc9$PubR6Eo95Dnhh9+P*RkE>%_^1@W>m-%3H;61yACx-tp+o}G
z!%|aK?oihfv0owZl^Gl!8tv2iz-J~XXr@aP6#!9I7w~rpSFd=Epd~5>GFcl9ujIr(
z&E_I_Zvu@aTYFa!Szoa
zD0#!tMpsk8YwKFr5*CIqdqLlwB7c%qo}%O$N;oe`fqA4IK0j3sN(UxM5{13HHe(nj
zyS=?vvd9NuGN3AFVC}_~I{&RJftx{~A@c{Q@p*r_d+Ciqs*gmbOc7@@Y!1Qq9jKF`
zF2BS9O^9w-8LTQ~zCQlhUVW)v$VCxP9b7!c~yezV1
z%+kr;*h(L!qvCF}oX857I9sKP8*;(JdtjJzkiFJLvn5QNOj<8F(dES=Py>;-en)V~{;2J#~}%UxJE_+Mf!p*pE*A
zHaO(6mU5yaD)pS06DuFAq2~p7rmMDvd5r2Vv?7_esS?^HKu@l_EH$q`i;xHQZ~97g
zg!iY4e>gJ&%SIcA!BZ>g;66?47u#xJwwO9|@04QV5(zgg!ms3n)OAmIae-BLR~Q#x
zPsJk(WexEbk?JUwrqaZt+gTiNJbg!JJC;#(s~5z8z+88suf81YP`GK8dZnaqBR_BH
z6d{(Rd1LpU?~qADhFW0Lv%{MzYqFjyygFV+pMHHhc$Vx`L2ND`&^@axM!{yqU#o62
z2i?|GG0d>X`&%`gN_-DTRnkQ8MOdYkebl@VWn89SQi1jC!K|m^*br9%PU#!Gu{gHG
zk>YqTl}pfYIUWocCYAVB0G9qKu+sX3HqtI3d!}52zt(2_;%*n`94uZf-+&ugxH}Hh
z6rUiz?$jYZN9;~w>#7MzhK7-_E&|Z@c8YzI|A_F6yE{cnkYgePRq1k1No!`^9R#!8
znkX9NWY$z>c?jpHKic8wptOIeZVs;%*YM5ny7wT{;4tw&DrICbU6qb@izZ^ch9U@;
zQ34$*BY7)x6U>%m1Kh+-s)D2(sNcZQY;(yr&Wg!D8R?royuU=MMeW1lf-_0G8*?c$
zDltRTNg9f>fNXlDh%bu)FRn1&P>mjl^jz7+0_getaMr!cW$U<6rXWi$rYQ;8)eB!P
zgf%4Zi|7V5#YjH7wBDuD8+$R0aI-quB{%_
zUG1rIS``IcyHvq8ltlv!_rd2S(@6hXT}UAQ8q9F+0$gnUzSL@PyHLQyTHLHy4v)9o
zjQ7OWq?+TjksMztnNUA$o)pFiEK@S8B!{z>fp=q}62E9}Gp#`yg&C45tf>6WO$Xsp
z4%lOWE2e(jSIze$g_#**9#?d87T?Iq=6uJ8CWXn2%jQcsoryzIXD3kncGe)tGUJ@q
zlHwxm@_?xWYuC1h6G%oY7|ol?GQ?8OTu&iSOr9OS!@cfSw}W8MSCAgOCF1S6*;XFR#R%7jLfNpUj8OOIR;
zh%OTY(@vt~;KWa&sg$XG0X{&W6Bi@!1F9(K56d1$f~gr5^JPdd4b)^mGG`=VinKgt
z0!;)gzz`zcqWXEYm;ua)lbcnFkKxEziN1=aqsq+O_N4<28?1uiT@^QFZRazgP1sd!?++S=(BLJt_(>M~&
zo-S;-CNhD<4)Hy#+8Lm^wD(16@aw}czA6bbWsD}Kak%a6I|^+#XFqw^ln-}^E1N~^
zZMfI(t!KshhoeNu)-?Nro(VG(RZ-LgLtGAf(Ek0Xt;n|C=x?&a)MIbaccfiG=2A`>
zVLP_7kq+=6wzA&uj{CWYUWl}-;+^ZPgW32)N%KD_m14z2&;b-sW#AE!XR#u)`BkOU
z4h|(Mb|j2SngiCBMe7t7wwUogZWI9zqO&R$H1mm@9G=44ZALe-HL<0otBqV3%m=na
zJb(oy9*XMZFsE|vqPz)(pPFtB(v209c3dDjIoXy2id3zi9BKKaBP?{z!Y-6K+$Gz5
zk&^!{@_ucwIU!8=9yqv9QQ2Q$prn#yE;U27nX^s>_3>Sasxs&<5#oW{N3DSRD=nTp
z-wq%j3UIZESEPo8Yv2VKOTpV4U2gI9Lj4F#%|#TYNOV*v-E6EdqF@^JZRcPB6(lCs
zXOWMuf-qJkAo;PDx^yq?-=&@xj`3sgH+9=c)Ut!fC`x
zouyUEP72U)&EcaXr1IMjXH%FIk{--
zoaZpBQ&M>+nd(JUT>-V{Q?b-n;s
zz>cA+DV*;}oKaOYFk__o6JzFDoe2QB%%&=4+sc#xrp}6+XbI%~-K=~u|5G8*>_kP?
zJyjko4$0Mpb0VPR5wYL#s!+=TOQUf7y{Cs42fg-agnw@#VcT2!qO8Cc6FS%B}qz`NI-$QKp8^&8|X>TO$k^+C8m%J}9Fx|6^Mj{4ZBk
zg3rMbYB|+iMW7iVIYea>hmkUNonxbmW8|?B;m{>-&H_{`e&BrrrOc46=X&OzH-qsi
zh5nG*o2%KiyLK}FG!>y;xi^C
zYG_L%)`xk5aIF`KmQ4G_Mkh8+8i+)q!2@_uBGHV&pp>X+cLC~Wc|!bWoxbZ(@|(7u
z=_OOlpW`jS>5C3a$C;)YpK!}V|X?#5G57^@Fu9=$nwY^uujhsCt_udx6_`l-%&B;EHr!a;GiQIkRY$x{0=1?~1K4|T|
zLadLa07W@i++dp?H7K%;zo6DJyTm06Py~zrd=?p=XLl-r{0k9lfo|X49bI@7EJH07
z!2&uq&xcOpFbzl7pevc0INSQEbLry5t+?Je>zx+u&4R9%&5C}fv1<$iM75f_1wyR_W)m$J9B53
zhYLHD!D163Gi*VR@m-T*IqEPlC)44_K*9MRnkfJb(Zj_lN*!O_3p*-awSJg
zqZy7X9SVe(N$2_gB6AB~$fP)}dNzCot$$C$?CYpltsn`xG`DibBf4e2ej5QID|&(s
zuwKaRqiMYd>+9T6z_l3oYH2YbEZErgl!P7xAPvUHMx*YvyHM(Ea9Zj)T*uY(8hHd9
zr-e|vswx$SGKvGd(?gX71dY-$CC~ZlpiiD6gi!Vd;BkZ1f%Q2*m}N0}bxRuYnlKcG
z;U?(imXqs(VTk{`>Xk4rS}{8!CLG&s4nfLrgmo;{>Hg-$3EAFw>bcxk5Ehb@jipqp
zMM0Kg5K$cSweH3`B+?dy%Y}7{MB414U($*~*^QYXftgt_2+qG3+DRQ-X47GGMrYF&
zM2lJOPp+tVl`|Zvz>w3I_=Mkjt8e)=>KXzqYdqYZETHnp@>ah$=&qlnX3}Gx`02co
zn>je$vA*z~Nx)@r?L4-%m%N0%z1AHcUmL8i@Vn7NCRM3ci{&^WJ8Xds#>^i#`^+oB
zGml3sz)Y2J%`sbx5&=!cJI|bEwV=^-;zSn1m*bj4jB5%ofw~b0YNpejW3^#avnYdn
zM5zm>n(viq?c0I~heCtomB>5l$Y6TF2v*)96
zS@TrMwCDBoK3Js
z+k5l1o1b~hc+{g0xfvFJ)ZtS-vX)ra5p(dW$LYJ~%my=kV=tR+$K3g=uF%T#%%AnH5tS*
zjJq>f?S{u^8!x#Rl)bU??F`JZY8ymn)pxq#x?y
zMqcE^G=FoN%+&Sjb4
zUtaf0tu(i3fuo#2kVNQ0ucmC*m3_inN#mJ`(K)zAqP-B`KfWw(7v)=KH5@&v${X{o
za^u_MN-f`pCb23C&N48X&H~at+>yWr$1BYNc&U?2PW~jPeTjtzBboGA`kyNcy$r$<
zFt5lUYD4ERU##*<$ZVS2i(zCa#n4w8MbL0pfPJi-n}}K>lqwgB#X(jQDSJ-SD6XSy
z_nMtGKcc;z3)p_9b|vi?TSj;oPDS7fb;!5R
z0Tz)7PacVHICj@*^HU7iQGt~~;ci4#q6A=`FDMkaaMy4=5$;s0V3yoZc{|E3Bv3W#~(tVI)wWds6=Ld&v@)_It)={EcG=Hd-S>7%X;2=*!%*O
ztrtU!qPcs6F(nevrZ4_tZC2)*`vRoemEArYN^pQG|4j1sbSuIVaDJOubUD`Hq@v*s
znBcs$--~0IZBchU9G8fu^+kJ1*3{o#bXU=sTovNkB$&9L#1We2KABiXsUHIdHjoIHu0v2WM$$u_fTIlwA{VllXISNV8P`ABbcTGc!v~f4IpUfySA7<3gNk{qqSce-V2+R8y7J{
zbm)k%zlQf@Z37QS&Qgh8J~jW0gGTt;5AtE?Bni;88%-9Nj<_BBJhyD{Z_L
zG($gUusPc(d-;5Po}e4h>$bM~BXq%H)VuaR%g!-ROr(4V
zQsfhh?+e4>dUt(mt-Ii}iL(>S*qC`b6;(|>Yu#;R_|~_PS7do|B;!-(JUlkX+ng;p
z-I`18^!ddo4bR~zBW8D?MxllWy}?XjhJ-BvI~ffwu1)UhjxG+w=#!VkZgJ*^S)eoh
zoWVV_@HJM}Xro~JMf_808I(hrH|^O$)QhVoZGi%QGKd3iAgUz9W|l{1Uc`GG(8}HM
zMeY!n;-a6#__K_fS>BYi#BlFOwM1U$q};`l@0$6d28!>?T##T*fI+nDrbcVxjaXNA
zff~wvYgp2}7-B-pc8|eh$Z=|B^810b)nnUycpazD@gzHa*nI)7Z6pyn&IbSE^V`_#
zThz=ve%41WB<~{QGVVS7Si2rdhGY^ZzpxF$z3~bMvRDJ44HrA`;eyFhPrTPpjDu|!naDBLG
zVIFuh;Jt$t!8Fk7omD~ED-k`~eBgn>X!^Zz^<0pr2i=N}M67)o4dgCuj}h2JnGTFX
zQ3cUbz%oeGOTqYc5i3kJvp5A0V$RbAFU6VyTB@(R|HavN5lTFG0fIc06gx&~BeY3m
z=_C>y8U>}W`2l-*!_wU62@4~qlGwG(r3_u7_>3#v(MmN3?QNK5lrFh@d!s)Z^iGp!
z$USpXFq&^axhcV}n~4oX;J896b#P(q<4PQk_muim=9BNTvj9buT1sYXot(GO%aU!5
zoUAK}QYzQ%kj8>7*;!{D1C=7Ix7k{M9cV?A@k(P6@nCcQCSC@W7|2mPP)0XfJWV2W
zA__lDjn~iSEW!)tl1zYYloz&B{Sm@Ht(j$=Z#sQIo#uR+OylN&0yr?K8?P0M+#Sz=
zvj76uZZhZwOW?pfO6qTN*5h%06|g+cZk#15fS|`#ov;Ayl28(i<{aiwayZs?;a-v9
z3qw)q=^(j@EA(G$lAatE&AU^p=ACtYgm8{Ef&y4f+_Q%H2%~N_)u--MX#|A`hL}c;
z^TMGD#H?p3nqdA9UxkmmeJ*5-xfQ>_%T0=3z${SSDSpAFvY)u7Of)cF>Y-y|1X*A@
z;v33-bp?L1XzWo9`(b($i~U&>i+f!fzOT=cUb)g&S6AJNG}`N_{&p#S?p
zrH^~1jPF#+AA0}u!+PEOl-hNJ#PuK4>%QWrezd!o7<$F(3`YNU2^Q^p0uABUh(6=f5
zd!^y^+j{-wir2sE59GdA-YN8@N^gCajKlk1e6Rfdr$uUmM(+|RDNGjaWw
z>UCF@+I54(^*{Czx$oPQ{;tyBQyR|agFhzMKl-nQzF6r?l)gjhkNu5&9)5q%$K~(u
zFsj#oLTPyY{r^&~A1l2>?>kD||BZhu*Ps2Q&~H`xYNg@*U-7@>y3hYtp$}I2#Y>
zeS^~Q`@f~%|JP5;_sg!oO|N@}(sjM>^AqE9?l^2GT4FTG6O^B*53pBsJP!)0vr;W{>YmyYjNdPV6~rN11|Ki9F*`+lX|
z|9(mjC_Sk3sY;)w^m_yP!#XzlvpW7crN6KA50rjV>8F%_@mI<3KSb#vrH7S%qtb6u
z`t3^ZRr+qFf24GIkKFIP($D>B8Q)*&W0c;gbV=zcr30mxls-@C^OgQ*rLR%?drIG~
z^e+Q?@DcL+MxU(XrzriafIi@na{U99z9OKX*0Iqqdz4&n^pK7ZE8Pm{r*v%e>%K<5
ze^lw~0{S5xe^}{rZjkGZzEa0V-=pLAD*fEAmFtb})A4?#KN8T_>e%SLkCyKn{ZSpi
zLh0gT0sS93{&S_DbCcZf
zK1!db^!ZAETj|@B{)N(yDShPQe%SQEpk7j107#d`rLqiNXJG$spC&6eb8RH-xn&qMd@Cp|0$sF(D6H!{%@rV
zExFHw1KQK^iqcmF^tW~VHl+_;l>0nP>2m}6MjijE(!W;vH%dPf&@=nwerJ`wOX(jf
zea(LP-01ss{C=fJ4#?+5@6_>WrQaFQH|yBwA0L$O8$GLX%;*oP{4)BWBXa#0D%}d`
zTXbyn<2wF?(#PK_-@i@iH!FRH(qB^gdZl~5POdll^*TPM^t+WlTj>u4^y51Igwl&g
z<$h~QZ-2aujeduYpQZGNZj;ZAKKKbTHu^M`*GAv1<3CdR$YXN7(Ip+9Qu<>`e_ZKD
zlzvp{-`+0Y|2w5mJT7CS9UXs*(xK8VrQf0SSxWy>>0c>bI3f2l`d}R!eWH$yp3(7H
zrO#9Pe5K#gmirm~P91-j(mx95{ZGpEMsLuu(Gxm0`V<`-{T>}ZN9ijA`Y$^Ew9+$A
zlHWV4bf|Po>8}R#<~!tiqtDi{(Vx=sE0uoRDY@S0+jMO7);r~Mqj#N_vC*-PjsB>P
zU!io*U2?tA*XY>jn{;gSVRy^*Mqi@imn!|0fIjq$Ua$02Kz~ffKd$tB0sU(o|BccY
zot66;z3%Jz4fW`xzX3^_;pI(8_*+9)9aP41@zZ-{AQ*96wn8JgM9yiN`Ee(
zk9@j({wSpfzfs0UPwCj`$G=HF|Af-d1oUCwET0>_S;t1(&ydegDt)2S7b*R@fWBGB
zM*mR9M*q8xjsBC4jsAy@{NCp&T?*(}$3}lz$FEZQrhs1i7P;RumA*ZopVG0>FX+nk
zM!!zSN0mN3px1P4^kq7JxzaZT^nE&hztV^H^<$gv#sAHoKS(DF=?$fc+zK)Gv)3MQ?
z(ebO5{+iM^DgB~>+~4RUb!_xobZqpNOLD!@m+RQ*YjkY%o$GSF(SOsi(VI8qbECaY
z85{k8j*b3{jz6vR@KCNd`Xn9Sq4duJy1pgX8-1mYjsB*NjsBC4jXvNW`M%LZIyU;_
zIyU-?IyU;=v3%d?eI_zCdQitkFK^4|Mn9@!qX%~6^MgvC6VP|+*yyKqZ1mPE@_nNd
z9UFa)j*Y%t$438D#~)PsC0FHsM$hTk=rtW1{b?P)O6j`;`bixd{rqckf1{7pvC(5X
zHu}Rl{t=~bRQjt*|5rd?{7kvO(T9DjjE&x{W24`qW24`#<7X@V0i{2v^w*TWN$Kwg
z^j~!RX{8VUHu?RpRQfojH!FQ|K)*xBMt?xZKdAKm0ln|H%l+@C^rnD*zm8w5^vwbN
zppK3HhkNCIM!!+VMt@evKd1EX1N!CPA>TLpGdg~?(q9hfU+DN_N+0kn`Thfye!0@G
zP7sepfA(0(XaU~x&8*FcLekqIySncW24`tW25iX
zvC%)%vC+@|Zuvc?-$41|zW229FzFx2NP(YV-Z1nXyHu`BD8-2hFe%Q&$Cs48MCnVF{zO23NykRttz)B~)bXd39{hg!eWQ2l*yx6ijlMv~M*mdD
zMj!iPx!+AnM*)4dj*Y%i$41|!W25(ZiQLcVjXE}ZyN-=^b!>F3W23LuvC%i{*yum#
z*yxwPRDS;}l-?B3r|a10%XIv5rLPI-n{;gSojNx9F&!KIjE;?d;Sb337`<1=M*l{~
zM$i19TyONZb!_y}|F?W@^c6Zb`sX?}y7!0VdZV}N*yt4<8-1aUjlNaKMn9lqqmO@?
z+~4Rg>G<_Z|4HdTEB%_6%k`mu?aU9$-~W@+%^#8R&nOMAfBH}B=Sm;;DjDCcG`#-M
z8|Cw7EB!mAH~gynJ-q&Veog-V)Hexz!LJK_htlx+FVVkWQu=pF_q;iN|2OI1AMhLU
z`H%iLq3=~1-v4I3?pu}Gbq{(={Qj@i>;6rtU3W*~`j-Cgy-Mx6XC|&+c&q>}nUt
zn=*drZ^fTyq}Tn1QoHVa;`)Ek>z=6hwd-D(xPC{k`%R^G-ESnWU;b@*&L3C$jks1h|6Be0t?!V}&nbPj((w7e`JHmzYm~lK
z=|3tBumAQxmh0cH^b6i2<0mQ&um2JK`^S|YdY@dsr8K<$CGVBb|5@ov^tzu-T>p^w
z%k^EQkNAL$zfoy;|9{ZGKk-lHx}nmaP#RwUY5n_?J}B3p`jF7?RvKRa5&iqkAC~LB
zS?TvH4X>{rmL#n<`%a(7%`at|>k9k1~F)
z((wL&{8{(qKRy4mh5nS%*D4LK|FO@J>u$P_UVmSqZ&4av|8c$UWx;j#y`Ow9y#5B2
zvu8g~J~w)gj?3av?7DB&>y5rz$41|y(HSNgR|AFcFBO7BoQ3g}C8{8FX&d63-C=sq2X@gn>6@5@ThD;+DH
zD1Ajhe^wYqzzp3Nj
zQu?WYKJ1I+`HbGKW20+2Hu^jrTO5nUt=QlHqkeAmArF@O8@)ltMt@kxKce(KO5dyW
zpOpTy(tTen_uH@ZHv;-@9UDFM5V_vyH|f~udvyF>rT-YvhyP#leWNFJY;>Yyqc7F5
z(bwtN=(~0NM@l~v(69Ou`Mo_#pP=-KN(V|WDgA+f{MN-gds74Pz9z3w4jF5fqLO2vRr393DE+TW-=Oph_Q>Z(@7A%=k&cai
zuZ}Hl$l`>ITD;K036ZB3w_w!b7M`p3c}+lnPseXp`X@?1p!6@5{*}_@ua@UOuk=zt
zKcHiypVG0>`#nOwZ*-vJOG=*=(7)5M(Va)i_l>?($3{P@W25(Zlw5DLt>cqQKkIAc
z^Uqd#E}$zqHu~*1$o2OsJ^!^bHv0QI{sX0dAJDIQv|PVO>8XIe_%ZUi(bwwubxJ>~
z)Ydf>k7C#Tqh4?HD{qwh8-2cxjlNFDM&GC7FkbHc`u7JtR_zV(n&zSTgT5<`s+&H
ztn?29`WYP?{lZ)1_l*9$j*Y%c$3{P**ZrAZZ}gKoHhSL!@_R-fs^f<#{f2=4
zXC1#r=^qF5<2wF?()%5h`y2gv9UJ|Oj*Z@ZNUk^fTRJwn=dgTk^fnzE{U#k7{fb-V
zdZRados5kh)v?ik(ebC1o;)ho8~x-HWNh^IC;orjeFvOX#TEBMP_YCnSP(@)G#1>q
zu&~%dd&tt+T@_1wEV~a_*v9VC>;-#6WA7q1M8%GpXe=?tipHq18yl9WvBwzw&YAQ7
z-*@l4`?jI^zTfwLiNpQxxo751IdkUBnKSmxbhlyl%ybN%nO=kErATl0(%10J^iw=D
zO$;~wOgF_d({u2AF4C)!vR}|2WeM=RymZ?U#-C{co|ztoXQt=jnd$9#X8Hl1eg7Te
zeMee;Oq=n{bmo5ccc%04%=AV)GyN-`UqJefmv$d*{Fwd*&rB!dndw=0X8H!6nQmTU
z{FwH^b6=!A$JyVR?v7`sv+&IHoQX!y^cp-bMf#DKrY9NwRHVltJsxS}WcxeQ2k^{v
zvr_x}=19kS=~6s1y&KO=yOr7dOpEdC`w#j43ZxqYdZuUM`7ET5d+FDB{s!rK<(B{Y
zNPBzf+56ky7bCsSOCQBE(^v4!^gBE=?QwwdW4be*nNGtq(+lx@5z=K|T5+K9n}&3m
zm##a-{@xYo0HgzvzTu_2A7u3Xk=A+X28Y<+H$+;F)c02*J_~#&rGM|ndt*~X1W^B
zOgEZp{Fsi#^EjkUUV0LqnLdGMrXS<^6Qr+I7=NZaPqSyHHF#!v4W60)fM=%ND(!uy
z)A7u7F`k*eh-aodRN4DXN8_34v3U0V?}*=mzcYOo&rAz4#-C{h&(o2finKNVqt^T_
zP6MCIy!0_VGyM+FOb?xI%8>7I^)lD(|UVmIt|ZEpTaZKVGTylv<%PXNRRf?k~v1tbSa*huEI0Zukg%ty+(VV
z>0~@Jy${b!pTaZKO`Gt2NEaeK9O*?~`ZS)IevIc&kalS{eoTAdndupLW}2F7^h^)L
z^Aw~@z4T!`GyNFPpCB!qXZ)Cs!86m-@XYj8JTu*LzP-2fdK_Hg?<)4lP`bON54K89zeui}~Mu16R@
zrZe%(^jbVKy${b!U&b@jAMwnz=1Aku^f){pkMvtF?S7Qe_dvRDNeiJl&ps`o5`Bw{r$!(EWI6chhAmRKK)go
zzZ~?hfj*Uoe&frHPci7%0bS2L^j)tu`bU>o`WK{UTw~8qBHd-FJ^SU`*?Ye=`YS=d
z7xJk=dLB}r|D5YA-v^PthV*r$KK;;JjeflqmY#iwrEeki>FYrE_3cLYBj|3p)1H0$
zk3jz+=ywL)IeF+0zRmb70(~jyX5^tSzsuX)zo6Gq4PTcf`g^v6DF@7;#<
zRir-u6_EQsy=U~T`7gBQk3c@%-#30tcf~W)eele*4$n-l#Pd~1Uqbpa(tSTL{!BA?
zW_k{u&qexIq%R=tyxQJx%^!kvn}MF`csx%)T9357{tFFw?;NDNY;WtY5~O30RwJE-
z^i-s$A-xglhe#Pm!}mv^UjXA-FyE!fzqS2i-@f77Ps!(9@MGHbL#uD5z3}YsUvCTi
zBrkmo&whLce?N+JpMk!;``e%6z50)=yi9M!^9rPYLi!leoj*2ursMEDs=MLzL-@Jl
zT`*2XTjNu(T=P&qrf=f;Eu=ppZSVeaYx|MD{mi$AwYJ~Ma_#?#)$0LBZ}HMk@yxXJ
zpGM!>{^pwQXEL9&k>6sZi$1sfnO=+M>yWNQ`hPqAL3`sDu-u=b{7g6emwhkOUGU6w
zZ#*-djprJqry=$C7ybPtf4_1CfxzEIu`%27b
z74l=6`oikNw-@{N;nwWI|G%AI|6iX^ABA?vcQIDT_>94-D@xgRgJToo9b8GhYHMK|ozjmH;48FS>=`5s+ymSeknf?*a
zOy9us&uyRmrO)@V-2X)Rnf`=lroFzh{=;-HJX0=HPxbAiYkHoI`HV+?Ow)Mw_YZyh
zWNYWk{PST`!S`#V-yq%bYx{nGeb?%9=R~K(4Qu6+bxy36csv&GocKHz?~+*DKaS7Z
ziQ+%S;p-%>n~}??b7I{@adRBrHL>N~IDEatDaXd)>r1A&K{GoiHc0f2#Wze$8XHId
ztHk11yjx<$1#$EnC3cQ!jLwOTr9A88R7B^*CW)!N;_yuqi$}!an&j>ET3+>naHdnW!Ei*J)tb_F^odgZ~l
z&4X{32k)H+-#!n%Lk`|akS>XT{p9~)Ljl%GEO_BDWoD1y?>(Jw6K^eQtlaNbtDw-{9!8{ge4V0=yIYE%BFuujS$I39jW~
zkk(x>EZ343J4yfV0(vuXBoe;{-qpkRa(K_gqv$83A1}D_|IH;f?oyJU{_27M?ncAE
zH8^n=@T=B04u?QS>gz4lL%{|%zT|cHV?882ob^!X;s2Ev^?Qc`myzRs-K0JgKNfgb
z;JXQ~-^Ig4Ujv^EyeAItK8*q$1AO%*_Fa{rUj}^arH1ze{v_~w*0%~60{lbZp97x)
zd|jy@Ezjr;jD8>BI|4ru_`$$O0RI+;xTXU?1o)evC;!ud58lxDiv)2$ZN8S;rJ+ZB
zyUg)$wo9Xj--~={^z4ItHP*L&?_XgIy&U*Az#ERSauxz-e{KeU_RlTlAIfJ5=ylxc
zZz%B9z#9xs%mQ9@y79jU_=&)Ko?-ZjmL!$|f8tyN(!k#VKK)_?x96*n8c
z1#o>&@w$f%|IVs4aV_v0Up4$d`F{Orw~K3+&E>sLiA@tVG4oLz{SGdl-1)A^@yVSp
zh67&#Il%F9nBZ$Aa_8A9hv&}wvmBq?d94ZjS9DZ;HUeibvtrMI{g+DzkRQwQ
z1n3!TjWcD>^^8A*gzXPLhXQACD37-eNKaTm8@nJCC
z8sNtR=b=Q_|Kq?JM0Yai*As<9%frKvy8u5JID<*d1O7B{I!UnqY`T&0VQ|R<$OkwN
zEo=|`4&V$1I|}vxo#5Iompo|w=UL!$H#YtZiqoBZfHSBozjvKYjGl)F*xwcjuKdsF
zWc-=$$G~s7-rAS**SgXuN?&lJ;U^*Aoq-?yo(a6OAScTO*ZO48Q`W=9z!{8#{oyX)
zG*T9Vf3MAq4-duiyQT}S`0O#Q(%8hTpXXQ=CXC~--_Ax#*da^tx0B2BI
zsTTKp1~{Eq$^XB=d3g62&=>bL{yc0Z;@AC-0?uG(vw`0uxYonY%dOuo1-`+K#)r
  • GXiQ
zlP@hldsxP3k)#Y@C
z`a(LOzK9-O<>g;K)QIz+x`OUi|B~)fUqZL3E9n+>72T-*6ol&(-;MwhDP!=PyY
z>fg`>>fh42>fh1X>S{VeeK{RaUqO%dc=@lP2h_E6ulh>5OI=5|sprxy>M-4?zKX6@
zUrkr2>*-Q;gf3EFLl>wU=v?)+bhbK5XQ+Qq2h`Wmqbt4q&!Y#_jdZX2db&$}1Kp;+
zk#12p(T(bx=vwv7bcK38U8?>AU8MdaU7)^&&Q;$^XRDj(4E1evKz%zs+U@0k0X?8@
zp?lSTqPx_8rrXqa&@JkPbffxCx>kJ`U7=n?m#Xiki`4hf1?qe0T=ji)wz`$hP~T4n
z)DO_3E4=(KrU%q*bg%kBx=Z~K-KKt+Zc(?>jp|3}TJ@uJg?b5Hs{RXIq<)MpP(M!R
zs-K{<)g5$(dMO=HKS_@+_wwIK52(B7UiC7%OTC<}?x8ExtLReo
zQ*@E~X}UoDS2|byH#%Frn$A%FoerpBy{XE^G?xP#k
z|DbEtFVGe0wREZapLCJ>MY=%!FFIHK5}mE?r!&+q(*gA>^k|ot|8?|$dVua#ze;zh
zU!&X9uhT8+LAp`>Z@O0f23?_!(WUAkx=8&dU7#MObJcIr+3FEGL;W@#P`^Wuc6#|=
zPY0b2)x=Z~o-KKtzZc)EaH>y9NYt0Gt^a3;q8YWX2qT>q%$2dyyvRm%?>VEnt(%l}k*K%GJNs&}Bf
z)H~8`>YeBobtc`Y{u*7Y{yJTuo<^6dzd;wNO&XRGCh#gTut{NNw*
zua*y5BmW&<{^f&;82_rX>0b42beCFwNEG9LwfxW~>R&BC9F6h6`a5*3dJnonEgxvd
z^`ClAx=1ZQREhkn_oj2z`_S3y96Ce2FC9?tM~^
zd-K9cTI%LiYPfA!IHi#kX*s((P&s((mVs6%wA`WU)M{Uf?SEkEdp
z>tFS8bhcVP)QtA8KAsM!e@u@)=H-7jJ)kb4d(|h#{+6S_rROgF0K2aD1F
zspSWCaQ{nvGF__v8C|6QIbEPWh0ax%4QlCc`sO5(eQ2*)+=xlX4ouQTw{G$I;
zUqp{C@$xS}5QO7jT|xJ%Z|Bl_0@ER
zx}GjoN9ZE;HFSZxfzDN5OJ}R2bcXu(bU=L_J^F~3|9SL)x{>ZxUr%?bZ=l=MH_|QY
zCc0656J4vmnXXXJr%Tm;po`Rhqzlxy(7Ebc>1=f~ouR&s4ybRZN87#pFQ5n1Ep)H?
zPjr|1&vcvm4!T9XkZx4pN!P0HqAS#k=u-9FbdmZVxh;~e7|
z##zRh#%ac>#^ZRUC!zk0M~nxJ`;GgIR~vU5cNn)Dw;C@rZZ>W*jv9xJtBtFS%ZeZulX28IY+P+zWn6AtW?W)iY+Ps@
zG|o59GtM!dVVq^0X`E)9YCMitf)ncBc*J
z4&!#?R^x@n&Bjf}QRA?2wQ-ekxpA3siE*)Up>fbS-#E`W$9RTumT{(WnsKV}IHn9F
z)W7kF@t|?Pai8&O<8I>)<96d#s#g~rXsO~z54&!#?R^x@n&Bjf}QRA?2wQ-ekxpA3siE*)Up>fbS-#E`W$9RTumT{(W
znsKV}IHnvX)W7kF@t|?Pai8&O<8I>)<96d#s#g~rXsO~z5<
zuyM64&!#?R^x@n&Bjf}QRA?2wQ-ekxpA3siE*)Up>fbS-#E`W
z$9RTumT{(WnsKV}I6hgBQ2)jw#)HQF#(l=Cjk}FIjN6S{jTag>8#ft8jl;&(##P4U
z#%0DO#>K{k#zEtJ<2>UW;~BBB7aJEE2aWTM^Ne$hXBcN0XBwv&ry7srlO_rEZ#-f=
zXxwkyXS~|D+qlEH-MH0wp>eZulX28IY+P+zWn6AtW?W)iY+Ps@G|o59GtM!dVVq^0
zX`E)9YCMil+$7Y$@rd!Daldh&@oM94;|}9?<5uH^#?8h}#!=(2akX)kak+7safxxU
zaiMY0INvzWILCN~ah7qWahh?e@i;ztlu-Z1BgTWq{lkCC0_Zg~mbSeB(Uh9OD_rS;m>hX~wC>IBZ;PTxDEtTxMKiTx?uu95l{1
z&NI$2o?)D2oN1h9oN7G&u&ICJ5#vGQe&asl)yCb%9meg(t;P$Dn~j@{qsC$5YU3*7
za^o`N660dyLgS!uzHy#$j`0lREaOb$G~-m`@rO+P8;=+d8uuIb8Lu|(HtsNPH*Pgv
zXxwbvWE?dP8&?}w8J8QE8J8Fr8y6Y}jq{E3jB|`<7-t!08mAej8jn9{>fd<8c+j}t
zxX*aCakp`Yal3J=@j~Nf<0j*%aoD)pxXQTPxXif3xY)SRIB1-2oM)V4Ji|E4IMX=I
zIMsN(&D6i~i1DCtzj2@OYU6I>4&!#?R^x@n&Bjf}QRA?2wQ-ekxpA3siE*)Up>fbS
z-#E`W$9RTumT{(WnsKV}_+nH4#v{gq#{I^9#;c9HjXR9nja!Wu8aEp^8Apx7#?{7E
z#^uIk#wEtZ#)ZZ~<9y>h;~e7|##zRh#%ac>#^Vo|`Zpdi9yIPZ?lWF(+-=-p+-}@z
zywJGWxXCzb95${tt}-q+E;BAME;cSS4jShh=Nac1&oIt1&NNOlPBk9C-_*b7P&7Y)
zu%T$`$5<3PbgVKn)R4Nd9)E{BE4Q9lm%eLF3jVj;{TJbTC15n~Y58Z*jiJc;P}kc>
zgu2Ey3k6n&dN)??gb4cF2)3G7cQ&s(z3tyk-{s?){3dLhQnhz+s4oA_tMO+jGFZ7?
zs3HGsERTHy-~Ec6H8C-fV|eid3(SR6T!IsA2ON
zGm+F#BpA!>3^fGTh9W(&WB)xdQCI!^6_@TKOXQch5uhjb-r&Rp7f9x0!HF9uCK`&L
zub(<3zgAvb{rtq1DJhr!jA8I|Jq+_CHfjhyU$^dvx>YrivpYM)#(QDcCmik2{Lq?yN3zv;dhJ$Wxzd@OtJ@W?``hp-X11N#P9tzk=l=Q0~ll@Ei;LB@F$n&o!XVpvOO#fbxRbN89w5IxlAR)dWUJbnZ
zsjt9xs9U#X-KzB_txvi^hIf%_4>@b4vR2|#`k@Hxx8Xgs1tdLoR_H*d{wq^sU;C$1
zyP>)jGfyd5K2J86_JXD|hOlERQv&>FRv=|w$#Pv=_tsQ@D;h&9iUvQB9p>S;yV4)U
z-wnlM*wIdGXxLHf+KGv$eDQyF4DaICuT};>NLd;DFfdt6XEG*DiX=2rwO&#gIy|`k
zl5fjj>5rs*Z=1?(y+6~cwv=D4PZ{1WR2Liz3_rUBNQvi1j*e-_ats^9Bp27=3#9zJ
zu5-5dh;^=07hpqKlJ%Oqq^G76i{yXYpr>Y)Badqmxi*pO{7j8O5_#vV5_w51wnzWO
z#MzO$t&n($ePzuy%*HA4T8@Qus~7Rve5N6Ffg8^%Z;6|Y`j00jhPU)@jGgT+ft)5X
zX9NDMTQSYw65?eOsanVAvCT#JLMi`tBi{8DyX)}*cgcUFd=_|-Hx#c+e{_elBlBzt
z`Hllt==YZ+IZh_)M)9YUNo_=RZ|%?Omn=q#*G5*=2cKvDqVrgm4M8kl8H&6Rd;bBO
z)7S8|Ui75W0#O-W(KoZ(EM6Z9tieh&$ZAAbxK<8}Py?H5tRRAxi}HUk;mDBkJ{gHw
zf>ym4iCH9xxx;_7NuM1JcFMLlOS_B~c4FU)(PSkdf0yMG@8T$Yr0@>xZc!*&CF>Di
zPwX6gSv9hJp11iTd}tqqf|iCu^;^!NIwRhPxI4KLq1>|j;d-2LUPV`k0z5gfmDIj9
zpRKOC9tp1rMVc;Sa-tXGpQ9t4_2CQfhs{Pqus;2f8mYXx^?|vam0PZ4Flp@dNIRmL
z*D0}*ZjAHf0Fx!@k2Fb~_4DMQaDv1`N9M_a$E7_rzJsnl)Kjw#Yvg}i>l{AOyvs_b
zq(~9{1cw|~xJ`Q}^zSs*)uY`x3EkdXGy}g?Hv9_J&?I?9l`RNG@&A#3NObKVPE7Qq
zK69s>65Ksv>FtQ9K6pFBN#2~W=f<2}p-3c4D39rkSdZ|N-}LtH_GhW=$PjQh28`CT
z2WbdPLgcqNkt4Q;^e&BgYsQ>Dw~fhRNJ(e)kQa4U$k|?&?txz-a%;xvKy`;zJ;4QO
zPL5DZ!A01}sqo-pw65D^c0S!H;OAcAViXeFW&K|e3rqf+@5>6O
zVQ-J00Py13ux4U{`5fLn{Sg#eL!mU+?VRR%*zkc~f97ub+>`!J&P~hxh{HSnN6?0M
z!D%W~yF!{Qnz7dpoEY+2amO5#plPiQsoO2wEG7R9RORLSA#teUo>&;Mu^MIX(Y(ul
z;bijde=+@?668w!oKZvSnmaa2sp||xQhV?Rwx|g;gk>jg-IrtZwK9AK7T|=-74cTE
zyBAa&!jI8XCa;%cy|CEvq4*uOP^8OS!mVZeg3?A`_Dt*}d}lvlB{EQPnv;RT7iCye
zQ#ZDC`qkxVG7;o%r!Y5;rmjbzhRvsh=7*x0ugeC3HQ%3Dmz=2(YO$V~8VbuXnw0BD
z@ugcgz*&<9_y9iz<_0)w(g1nr&D{XIF+gyE4qeZcp580vp4eXaS+!7PS%@{q&U`I?
zXwhL$?4?B$6GN{^;b8qzr<8hP-${((4J0QqiY8wae~>6{wNadiuNnJNaYs@VC-|cH
zDWVuY)l1XNVM(9#Cv05DlsI+MD1$aBOCCXNEP4?2A;G>LekDGo@5OcxepYa})J;mf
zbsg$12{pJ~rrRv%Nw4XxLu(pFUl3|&n!`4GpzCG{FOVNd0F*&T+uXEdk##t1-0rcMXH3f(@q
zz9FSv~e~N6HWnO;S!uLp$nPIV}!tu9Sjs;*q%li@=|}3<({&tTKqG
z#4;ShWf9s&P4&d|${q0Ett+>~f72?rz<;-?`j#(XC^}oN`%v&~WWx(^@#nub#EPnQ
zk>Zz}O}r7Ax0}$O%Nl|&;p}kevg$3JGxr5p5D9+T5d1Vcdm>W&X}B}JsS`&?t{a1-
z4lA)uU`_fXxHs@==*(4Ew=NV|g;XE1ta61D5zd90Q)efEWnAQ>lttrDYu#JU5fm?k
z5IQUwk~>@V#5P+jwf^qP;D(f%>Ua05l6ql_+Xj7ceQ?8YCKm5kmF_M6Gsf#!jLO>J
zRu)q>^aQdXVYFvWpL+)u^#tF;f4K&=z&;iCi)J!5*K$qZbP#g7nf$!|eWoqj*~~lg
zz0KZP|5=-DiQUT)=-aNL@I73CX!egrFKil=T!Mtqs#c+v(K!|`F#{n)hE+YWZ^(s!
zTv_ZbgEpxKEas?pR~h~^$Wqjx)Z*d6C6zp^*s>zHY?G$=N=@}EX;nEIVygVbYxk;D
zT&b^)k$gKR@^ObExiTo5}*|*{Ys)_U0Wg(n0a+5&fduk$C;$_qK^2_@not
zC^wro9GGVgjCg*zne-yKOSOMZ^@saiek}fb=oM~nD+jc1r@lYE{a+&8%$R#L$o;Be
z=hCV^_~Gyah-%;T@Qr%h{*R*jZ=|lQavMY&Ob@^Izm~?m*#2^%7r~VeL%E&8zvQ+~
zv}wBRpur8w&U?2PCMM=~rqA6O1DciLOso$yge8~^TK7wTgo}8Vs>+@;f`NY^&kQxZ
z(jPoMyaK~NFRm$7Uq_#Wj4yIIoo&RoAna+Q=ODeoM
zXp=ih8nE-jUXrXgkH_yuo5`5m+%^=5zS&Ni
z-$L8+j*dyHy&Bi5zG~lv$#&Y&6ggVGL$xP%)O?|HpnQlkT+;P*mmDOI;y>On$UW0P
zjllj(S~k*!9awmp3ArFKq?X=g5;)fcz9ccQljh?kq&``QC;qCN6P7!<$VCk9=;8w$
z`LRaHaP11|@g~2g%)4=+NV^5lG1)9(paA}L63N<*{!6+J2t;Ue9rC-(Rf)YZ$<
zuxokDI`>E2)HS#_v!&0%|2s!$gtrIW+b`%(&~em?TBUF~gkI*@gK9D>S
z&vS5uO6roc@dI25J8?Dy7f63DM}kIHB}anE_)fZo90}Nl2Q&WNJn>+z4_|^*B*eCL
zO@}N?sVqZtuE1YX7(ZEyf1^#LbCmz7&^clrlR+l$cFB!l=eCyjl=XPjtnYAnN6v5Y
zIM?9W$8ZKyw|RQ_+>LHkh1`BL(3Eu4RGu(=tZCP`AWnZ1_7Z%FL>_P2PJ6%qM#;@u
z$pb7sS9cS{LA-Rw`#JiA6Zn$goHsgMOV%9M@=Chnt?wEc)Zo)dXyyfH4*oI}$
zij_UF(;kuiOVh^VB{uEtkODSPXIW2dTO`r+6_p7ieQeni8@xd?avsihu~f-O-HJne
zBYnxmWyr;RTo=v5by2;|Nkb3=_*q+FIJ_9?TPzoFIT+8>2k)t=z9*$pF69;n_~+D6
zL+ZQdY=#qBN(eW@hjE`Hb#K=Zxmd#gKeqaB&i_Imz8Z?G33bIbL(Ho}JwaY)BaG~A
zYUohxsgBpv*rz*?mVMU;@2#o6cfZRqoV@qY%W+quxE{rdZGy-EM+5XzyuU6j@b9VWz=kRWLhZzp7g;4K?0OT)Ln_xzkw<-j&d{D+
zp~%yrL;vxs$##7euEgA%W5r7nw~OGW$$b(BE)9p|pPU;Q*(YxmS`
zuyfQKZtDb>TzU}7b%`$>g~^fJovA21-
zO*qCYb$Duz@!vcsN%J4$GqL-GV|)*!@AHrGKs*;$J&Rn(?@uNjqVfkg@5)XcL!4^S=E<=PY%Qd%4AxQ7261)?CTX
z<#jnTG&HdoqV2OJSVLIKR3FhCfHNS^Wnr$xQ97LmkF!HC!y$JJPI1U01Ydgyhf)Z;
z@Rk4Bq4W!v$?^Ux=c0~b8^Tg~ZdqkqZ`tu}GJD6i#2`I|?o;*kW@RB
z3D3g0#g^E@S0v7+4`NfdqAo>aj_n{7=iJ=Wd;DMQoG(YYd+y&8&2J5Etxu6W#9wLn
zn)K&h7@YBOa$D>g$1QKfFM$`!IVF8=mGnUNY%YU{-O}gcrmCF8PE8Mg*9(Phs!qen
zLEbpHPYPuWXIB*QeJrGCUgRj}kS&$*cSA9**!ac)h5`SS(Dyv=9*0h`+;Y2Y>_l|M
zVw^VLl51R>ntM5B7^_OZt{AK9#!jtH$0N1ML+i%&tNhVWfh>!iS~vEM^sDpmcfv!q
z!;l>BsrkN=H0P-~3Tx?Z(pe!%Cm{_(=Q{hXU%H>Wv_O`g=q)|fUAng{&G(i%{bf%q
zQG+e>d-w1-{4e-bA?mU#|pxMqNA0$kFeO;sHb5k!{z=O
z{m$RGfmfq16gV~Nyq}j;qib;r@?9l7g;Rl7qpdi+hO_YS;2znxlbRu{AG#d9!8{&j
zNuAyAk^G^#_>cBAPD`o4cK)M^ZSOc9zZhEe#IkWpH=BH4l7byz?Pkeqr%x8)C#|~4
z8r=VgoiBHWlE)sGp>JB`J+TNy3g;ac2_}!w@m3c5CV3c9wE#u1$gQ(XT#F~vS)8+E;tq@^s`x^bS%v^r5sq?f{K2gl9v@Ok^9m+Bg+g
z?31pj@?QMZ_m)mT`+edw%3^DbCvY2bCgQ4ZNa!(^F(z{=|$4+zj1%O>|xg
z9%#$@$kgF7HuB*!on33DFX4@!VlUJ09pPm9B^h)jXL<%smA*`W4d*Ja^gc#%hEpeN
znw90lXPXArk6Ri3Hp%i|f*9OZ7saW@Y;w6mr=gj*)FM7T3HOmupZHl>2-_Tk8CK$y5N|5{=^w6F&G5@msGexooB(p^_8b{mAv#4DPGTeNbl5Czmrxa
z@9v24bXe|Utw+O)N7|6$yd|>==Yl&Be4DDH59^-W*CkB+%M$3^>i|N)8W#(qwg>%7sp(vG{ud@{E*s{~{eTCnN>!)A5f#X3lL2
zJ1cu)7f808XNFEU;64lGg;=_rM-o=bqXsuU&*Fx9$a{e2-|8cr8|6W1ST0E7&pe(D
z%ckK&B!&j}AH1L^H=`Sz=abHTji;TFFNQ(#oG!2J5T}=a4u?MiccNObDzll3d21me
z-5D=4-CQy4N68u6y()a+dj8FB>aWhY9?N`t{F!er4YLlx>n!PWua(xPrEmx~Go`SC_kJWjEQN<~btfraE!S-E
zQfT2~mO@>ftdWate<|eq($w3?ZCMK4&fhGBzwmFj2JyV{CJY$1z-iH(%dST-|LKqM
zRGWp2aE>gz*ld2H3CYdBFAINQLhd0U!p48ZP
z<<^lKymo~gF1|Y(USI8-)bY373M??39CxnS$04v&!o
z2d60X!f&Ayi3IWD8UDiiXShL*SJ2`o+09K5}z8yp!fwdGijw#OxVKi+h*pOU<5<6eI08mHZE8&m6X|bJ%`O4nv8|
zt)jEH{=rJ6=(00&7Qf`X+iZpoFjyibyAARN*eGWGie6RqqjS|
z!#jF%w*wb*<$NkQwXzKVVyJW)`V>x1Sg|(I;hzRb#Umi-{};fD-pj_By!Tu
z`|aLNNe#yPa0rz)P@_NoB@0jf=-sc
z*DK|o*sqb0#9Qt?&h3{4axVF6B~ppZr-U$C(kJzqiBTM!6vbR$6!j9t8>q8{D2}``
zAr`3{kwBetBB|0aH@WPCu#3+sU}J_IT0mk`&zqzUVHN=$>K!!*-00
zZF@wHmR;(_;a&gDj>qb}MeDDOF=@~7o!(syM*NRZK17+}wttWn`tdK(Pw3pLzj53t
zJw1=wkv*Jdo+l?P4n^hOBvYpsz`w>J8HvxHJ@0A>>coA#-2b@9-5`Dj_@Z;G-uazm
z#6P#njjF-zExc?xy~StEv^o-nICKd9V|vKWs}g%i7RN0&OKIT>x+iw=!~RZ{Ygbq3
z+7pu3J`i7fQ1aTw_}Z@}ue~I`b_`FR;z{Lxi{oowOkVrl_}V9u*M1|u_O^tzos!AN
zaara+O>lQN;Tpg#g!8dUYzx$5{4^nHc;|>Wk1#C3MIe&~bUsn*J?4xc98dn~`;-
zbZi)#_oU#Dlpzd%T*@q_p>HeY1+1Y=rGG}&UbqmGIaeQ|C?vgT_EViw*~N+3AGiYp
zD+&Cx6BzqV=kbqhqHfZq)5hBSbgegiOFQ0g{R(}?weGHTisu$sifWL_Ifzm=8k(bV
zcoW2sFqv`YoH#MSP*m^1+%f&ed+n&E1eKZt=tuzlW1aKE0C-rQ$H&
z*v!qwUopHyVusI`xn#p-ZjHDZcej;^XR^X8f+uG>$-BH#K9;8CZUa8Ech~
zeb&HplQY)xKXbFspRx8J#$3FBGWQGS;C{g(+%G`KzKOY8PEI+`>M5M_AA1Q$DvqMO
z-EbsC^M8qdVge)+juCAy#g+1xF;KK;zOTaoqkL3w_G?nx(b)l|QpQYkM+%0l;nz*wbpf&7Zl
zF?c6hz8T~M&{;{&CI2waDql?i;~53V%Gm#4&KstF{XabcjQx%O*^@gf@e9rZy8;)_
zNwdJt!@^C?0`s1je8GL}JlQ_B@bi!g?ApR``Y8$wMf*iM7;;l)iD
z>&hdPuVJjXGWc
zcET-jJKBTYxn>`*=f*RNXx=&BaK=VQHQ~mGo2FDuPvpg6G$AE?E^&Cdo6_{TBk1AX
zeCk}Ym(G@p$Dx~isoEkvoF)5n3J(LlbdFNf=WfYVaK@RAf49Tct3HLAWcSS7bH?OY5t-*pPkTjei
znI>rot!H9k-KT-{Fn&N8E1G5{)$L&$)
zJYV2;d79}x>|+{snC_%uXQly*5W@pC2&L7w1FKEueCkoK3mSuSD*}6T=4VXa?k;92
zvrXkawyU$JTxa~TfM52CX5RBnSWu~EtintRP{q5$T7+!e6u#2Zr-}Pa6&&0Pd
z6&Hz^6eLTX)+v)PrSi0OE=Nnkfl)1ekX!IxIkG9r{Q|cK@FrnSsm${JOsm|%`!jvg
z#`T`02dR4r<&XGD9szmJqBvyDk@DEmt8(7;NoZWV%S$2gyFQh2bsi0S(H38Ya_z*i
zu`>Jt_JrQ+bhdP-_mV|!+Pys_
zahE9ZlRihFvWDaZSG{|qiM$cp4h^F~bd}RwzlV5yw_h~;PT2d9yoF=JZ}%DDU&lkh
zp@!t}FQN4f|0*5{TYZl#ER8ShlpH-M3*!^Iv?{Mb%)ure{PM(Ug_Y8SU{CQGkF~#$=KUEn9uGn`d@~-?KYzyK6y3s|@t7vl
zm%sds$1`q6eiCLpF5b!Mc~(VbjrX+Cx!H_Ue~L7u`|vErcg&8+SGO3X#xF28$;G8GyY^cAL$^NBjE>+t_>!lT^(
zANo0ZoB#U>k3rcrKdUG61rsJpPCnsr@;QocpXW6foj7nT4<2Wl?D$S>!)wFDIf|vjKaZbB&|dLwtPR-ha_}Z0N8!NqnE%r;zLhP2qDEYX%4X268kGr3oAqn>%cYi{MoN(N=
zob*MGyWb*|TLLMPi(3#)(sB1co`v|nJSA<|^gKUr0@z0-2pgZkc#S-S`^;I0*Wxk|
zy?F90#E0a<%+5mG9>pxzwU{s=S54m3wUfR;>b&W1r#PvbzLERo(rDgo+dF5D`Vfr*u`YC
z5Z6bTW`<3eg?KYpXmQLb)|RBR5RX1fw$)jPso1UQ(>FN_vHLgJ+&NAC5qD1YNYY$B
zj1!OV&Bhs-$wjyf`@Lx
zVKEm4i}UK2n1y%^x>_9CIGrZULi{tDLc*baBm?omH7~GU#RU#d!Sf}RXP+jik)s{s
zXP#vrMn1ix9m{%R51lBxaR&A0$cQiT;$V_lh_%?lmvv{;eXyyU?@=`7*tJq||D{=o
z^Q6cAKbwX4OCFm#3vsh;okR9tGA2%*h4^jsI=*pU<~a!E&O-bM_c8w0XCcl>k3Shc
z6@TlK;rJ}X-m|gaq*;iM%hIG-hzn(D(k#U5WNFeY#9zzOq*;h(%F<7ypTsL}It#H-
zmJWJL`LGmi@4K?}8TP54IScV2J(YddEX3hkrHti3(ZR&VY8HE^H1O-ucPGw5TyO(7
z@Ma+vZSB(1in9<`Rv}4F
z_je0!YiRf99CJ&gZ*|sIC$IhEWD!=yBm5CIi4DqKr~ma?h|i!CbowZ_&i*%NA->9+
zBRU~(=dGODJGO?khr4WY&j;^7Iw9w=xKaScAkv++)P*E-o+Q5g?JJ+^tVaQLOcL5
zxUFtWq{_6(Z%?+##4mM|=W%w5U4)YV(yb0>He7u9XR0R8LR>26!1yf0>$Y%;YmdvZ
zIJvkk#zEjKu2NnjI5X~oNV)gsNWJr}#Q$GsA>PAh06H`C@l>Zwc9gC%xlB$)N8u}z
zLfpAR6XMjtT-;dr&u1ZSix~WEiBbJqZi6^I*yFf#Gi_<@FDBXKq4*~C*d(^Qw5`c|
zFbsh{cNXFu(whIHS%}Myl`Z5h%A~Up>o8nMn1#6PDwHG!RhyoLcq>A=CDDfAP3$-n
zvYRb^yZMXFLYyLZhm&R@eu_(Kr%RrO#IFjOS%}dRc^&u*%tAa10r|8Xg_bZ2@fOs}
zQ~&ua#P?8r39}IEP`rupO!a2A$l3gPj{Uxxg@{Rt|MgjjbI?sE&qC}D*jb3{WZ>k^
zLOl8!`8#PAVk=I=UXalX@b_oG^}<<*t0j!nG5jfl!y*4dZewR5{-?7B5B{}8<2)GQ
zp*TFqd;VGm60iG0yx@j-1y7Wu1U^KsTpt|p
zh3Ilabhsh<7~)l5h*memEpCX17~-`j_s8>$*dx56U5-~<|AijsCAnqwN~}mms4{}`
z{R~azcbuDb$3#{vl`SRQQ`q>p$T~^bg}6Br+gff()vegyJd<^Pk8M$MJ>!zGCw7)>
z6b(Kpe_tlIc%sEmvYSKwZOnL{?sYAwB*=+&FJJ&9w>
z#Y)Ft8!zjNRI7g9GYHxd+>yK3^(~=d#r|uc#`4pMzkB-?#Z#u
z^Tl?SFSZb3OFWyT&&A!Alp!=-`+mnh*v@|%W7Tab$#F(;FX2vwcXn_`4IkkYlC;V5
zXXqw(CvUQHvQ1jzoBS$ylN%=6^3eH-LoMl0%!TBc=#t=su{9@_E+I|`T
zd&b8M#oa~uRgQUXmwdj{4TJdogewp#;=H5O6Gryr<59SW#6Lrab47ZcT(yT9nq)P0
z<;C-^vn@^wnt=7+V{{=|=*QxA|E=`xjo@OxgIloWW2Gm1k(_K|5#ltNmwgI<5gHs>|Dg;9_??VUynuP
zlBsruvw)%hb6_Z$QQ%!ycpP$5anN`Se-PK
zxiO3#ZPReJFNVWx43T&Yv)mXSNs8gyz8J>7>*m5s!w=&zq`NUxCdKfoTn_NHo1WMs
zUJU5aIkriS$MEL+PDvh+6vF~v43##9<+K*5g0%hRm8@fv|2PJqD*ev-ZyT+P#z4*2mYTC9gd%zV@BV
zl43qCzP2}c?Y{A~4<)ai8ec2FGhouZAy0F3Db~hzz#TgD%<{>1J?1uf6nS;OHTre8
z=6>_8Q}+iSDRKLcqC4dIw%d9xlRf*7q8=HkJ9Qs&V|cH?#&Cu&hJ(Eryt)s^W7x@!
z;lZRBru$-e?;tk~UJOUYW9Y|^t;o@SaZ(H~ODFB-;z1ijARfaKH->$aVz|{8!^Jj+
zCuIQdl*83-3~$Y{lYg?1oZWCX7UGmzuFa&T*qXKJV+x-l-uR+$n6+>ZSYS7G$
z61sgl|7n`Wf1*?IPtsX7d@)z{#2QMm32vPV@%*hWhUW-~3Ln^XmdP(2^u!i=)$4A@
zAvW5Iq~yb@6K0s
z3nqFaGGoAv65n4wobfS3Nca9SQouNfJH+q9AiMT<#mU1(TG<-S5=7%0RB4Xa;f(8F
z?nOLP%F$`@(O;sDXPyMtu8=zQeFw~Z0|(W7`ots^8?0e{p{<}JTp)jcLx%M7mAVG!
zHg`ii`WIQtkPQdPi`Q3R3Fd#uKhD#nGrXj&s=DZJP
z_H>~Xkn&~DqqN8i8}1Lu?~lkQ*8{%uHU_^_84sqfI!~WN_)7}r)SsI>o*MNm`Dg(u
z024SFR_@{I-}3NpEYve=x`eSQtF0cx&AF6Ir!K+W#1!YJ#XqbX!-uV~G{xksA@!Jm
z-Xcblrux5m=})($_BLs$*z;0Jn=Ht}^|Ei2@8mHx{fozV>JcW!zv8+r{yE7F=~Gib
z!hGI%qGicDT%w~Qo67oMm@@U1KDwD{lJNIV`}{D|3qC*0eP1A+wK&@*+|_0sr}j?Z
z8If~qev{>{Un-j?XKktX)CF$wU+yh&zw37SDQ*bl@Kuzof3GrjoQVpGMb={`{#tL!
zH9}6qH9C&>zr@oMa~~C?KT`a9JumBGZc5j>?;rjI+a!HYZ@8u;}<+nIj@Kxh2p{e>1UFj
ze^1(?^EZC6x-zJ^DilmFxQoFvU#
zPnzagNOQu?6z2<{XzudaW!BIB&JN`W@D`01Iy;b8KJ+WTi!iME>^i)sWK(NTJv6zr
zrXguD9OUa{_62snPMXhhNsRL#D25|*9%^A)!f40sowyzPCv*--IJZY!_nsSlD{#y?Nk0x{
z47L2{!rNH2k%IKTdmplHu>RI+>Mi51AzkbLhuAoYvY
zEXCnd-K7n3Jj!AoVwK;$N*0H{-cgNcqx9Z)8dqFLVujYOE^T4c!_JzBR@bF
z_@DI2KSei}d>)bUoavKGc&j6+Pu{{w>U=4p7Y}ioX+pZIjzLsO=aDbaC%+|E|ITrM
z1BoU47detqjtR%XPS}C3&b<-rm*`QhamVcFeKy^r6gk7@q^2*8F}X)M5d+`Ew*PrO
zO0E>@7wA#$-t7zZDA!BJo7kgVgsdi&`+RUV3&*K2wBTh
zGvD#Zk{2ap2Ce+~18)Z)MbScx)AUSmj|^wzcNd)Vwj5Ua6BxV5Il68|$XqozR6Q>Dbrf_J+50
zLuf0fMpE1k^C6trxCF_51A{{(GpWJ2Ib4N!J~J2m4M#bRq`1HE)HRl>J9YNy^w1AF
zT`SsYPwdW_CPqDnxDCc1oBzIrgwsAJg+q|8S5q-LDSknYGTa}HWUZWe{AV5KN^UK-
zS>qlmr^~4=f>Bx&KVuTrvDIIkbI^KwC6wMAP@)iR059cme>OiLL{>x^p|q>MHH@ArA$_nh}V
z=iJF8`ul%A|G&>i=AQFz&-?7p^Df6m%YdH-4&VD`s7>JMW};`@TF%?Zq)g-wVT*X6
z_nQjY&b$=6@ND5u!!1r=IN|)>z>E?G^vua)
z5N)SZLw=Xi*1{Mlb_K1<@*vQ0Ld@^?BuUXTon%aOTh^94peuBsi)HB~PJk#$y`qL@gSe7Q3ai2vHPDX~bb*Ei)kh;K{08
z`O9ZhEPwf2r=v}(i)Gg)L2}>+G*e-=BIJpC<8#^0jn%#Y8#;uHQSD&3a4yxz#dR1$
zxfYnba}#C8FuH#S0gdalfzgV={u1hU^5;88qe1Mu2qFH3z9I@MqxF=n`=a%RHjRY=
z{|dF$e_HRk@v72#&6F1Z@6dWW2(b{fUI1Fp2d(EOWqH2ZNnzt3Y{aSY77|)nd36Y1
z(dE%k1EDkV#oK|t1f%>7@tY$7Vdez@cmq4xm&Ps7y<}e&U|@hKgMKzj;Ft?Iz@_r4
zSSN4*G%&8DTO|9^wmEAelflOM!?IYIfkgAv^8t0)mc`Wu+ylg8YC@G}6b;Vik3h-z
zhHUQ8G1>fnwRi^0j&HN%2!R5rIkfd7`*{3}f=`r3-bF
zwL1jf`pydzJ28RMFew1Tem2}^*pQi$V_NNlR)2zVvu0b7x~^)}P~F5n|ApZK3gk<4
zNOEvdntBuhVS&fsf;mzX$-QJ@wB`66*fO+ImvcA5*hgU>ajbC|E?HgY`O1o5)VJ^!
zLxnqPE(9OR*m-_?3`8v)1#%UG7E&TN5Jg>loM6GiSb52609pap9aBskj>a15|I2-Qz)ZbZ4gyrmO~Z?MS6#_M169oqJJ7Poh|;U4#QJ%
zd4BZIN+ovDi9%4Rv}>T)pIsjf!U{qi)5igj|4`$Gp6GZ_u%)u%?k&w)=DcW-ybAQ69v2DAF%>v$KT{)pTaFm0`JY3LA#
z^Ga$8`Qn=hM3=UsNRsy?Z0dERRN&
z9*V&fVI*hOVFH*s;g|e+LyWCVGx>1*{Q7>$_T&du0Y<#_kE*U6H#Mc0!d4jD(XinR
zEzN9(M7e6T@ojw$Qacs3Xpo_`#lVynp(#lrYL5~J=ryzz8sSm?qO{*W=ydSj!v6au
zN6}00{gVCpD(ROj!j$H6imn5@2h5IxmHzl8b104pzvM9FQUHhRmpno)3NLO8SB1vV
zDy-Zu*+QtjdVa|dM`MUYKCnKN>Kx4%g{2s*u@S1~;s$&IKu`DF9Si=xn77b^x9y6a
zTnm24ld#~YLe+At(1M?z(HB4#fQT&kc<5cnf}cgFj&M=XvkeNa*qiLWrh{|~{tx&b
z+A7V0AEf>^`b@LncaDTzIB%cGE?mh_Ohx=mnutCu_)SP^{D0JfA3-}2S@7HFiX|-g
z2ej*^l5fFZWJ$t;SBkk?MGJlhscr`8(}E8K+XhcJMwEITc~wKHBGT;?bk9{kjG6AQ
zX~EwUk@PJ1(Ma(ro31yiE6lMHBwXnHifPGah
z>;&6%>TIQSL8xH4H4+aaQvu{V2qCbnK<4fLU453@{V&<^^Ozkqm>Q
z#q<-BV917@2nk<^R&A!vVSs2^=8;O2FQDGr2fQQV$|hK(D$Hc;Xg_$b`z^7!C?~|4
z@R!4j`uRDy3pL@5ObJTgUY2RAz%R597qw4j1s-oJcTy
zxhvNjF?XT4ytP%;b#gvSV3lg_BOe9WB4g8fA#=nsGtZ}FV7*)rxYK(!H`xn7Ei=0+
zX5fo)8fuN)lkljbR&u;G#9#G7#C+I+@a>
z?~w>dz2(pr7zx)uN}msyv$+Rc6JXy?PsI#=cpb7s%YblJ$-OQ3)`gEA!Wht|9ZeH=
zmzt%^Tj@MWXp367kBYGjD3%9LNR4MD&M5{vtRcuD&q~EOglwN?X1g!S0<>(V~-vTgrBq&K4mS7;NMO611B
zxsDnt&m;XElv&Ipt&?s=dWyk6Fl8Vq+7ZKkCy^Cy)ub@nV@XtE5LaIud~^;Xg9QC8rKquY^&bOVFkpC=*U-__(@iW!H)8Nw8BFj|W6Dm^H!lV^ZDU@m8{U;|dAr)cafL0?
zOcpwl=nvpd9iy07O6it#m&L>fS$vEho0TI^gUuR9X~&N{p>zz%LF!z#wi(~zKr&($
z=)>ua6X=lS_^Bihu7`iCy*wJ+F4hZkDh6|5GJ@^cPM3Tgx`Q2DW4v-%m_cv!Ysx~s
z&^sXuL&?lW778GELKaR&&NR|W(H#_+B>Wt%gv)YwBa+~}@`CXdcrK6Uv65>_fZJ(!0pR`(F
zcx=d$zvxH!tW6h#Wbg@LMRZb)dh83pO2z9@u{6T=xlz0-y0%@Oj+%6Z{L30Z%wA*c
zdR3r$*rd<*aYwD!j{fePwveqAYOW`YLti~)^rE;YqymP^atNS9
zF#9e%4Sg+}bBK5pAp_2DHA>sO(^i$v
zcf`}~w=4llMXmi96PEGw644W)G0uqNrznq)00lZ79&hJd_ZYll#R0j;;5vczUs2`r
z3DSSK;bUU%y@|QEf^N*Hv>An+^>VN9-PXuaOw550#o&UyF*w)A$A5SHF@3C1Un7og
zF?buI5J_K*Endt4lt^{seD1Sj
z=;Tht`j0w>z>}bF{;n=W5wF@z&Pp<@pVFO+v@*G~j|?mLPvLlds|b$Bn|=_%i$glC
zdOxcAm~C+NZQNs!*lSWF&<0BdK2>aS`2(k1pwGZu&|rIHdd}Hcer-q2CAY(a5rn+B
z2S5`i1Fs4q0GO2sz$k9O1AScIqK+&NvGk}q9S|-Avn}B2X#zr7CI!REa3j8;h)XcK
z$h_KsuOvemE~fqgnUA^gp?`@?X3Q5H5pp?aDHa}oxC&%eiU#XsJFG!xw07RQ!Ok>v
zV>4Ydy)T#|V4!HDhYEn$kzM>c)`^HK2vV(lKn0OeSH;Ea1s{Uz)M9sKf1ds1(^5TZ
zb@6Nw7P|g!3Ui&tulYa<#Iz8)I&==_<8?S6rgOo}_cYy&8p!1Tlzr6P%{FjB%xuEM
zKH(9t68ofUfskGl;eS;iL`G~!tClM{e)p+pT)eU=Y16F2=wHZib!dN^wTP|0(<&bk$M7ChW~TV^F56u`GQ>v^6-2AT0K4m{5@2jU2HA;}}pb2IpE*7MwnszxKUZy*7ZmZ!Poud5K1Bo1i
z=|Ow--#c0h-e=r9`Um!9MBdRJaCPI}(GX~A;~jmMa^DZ{XwWd!19l&TD;IHy^<0cI
z{y*`K{<*ua8|@gXt|yY0a%2PGNo>#sVCo2>RrZc||BRSB+oLzi@0T{k#y)1J#qnAa@lO8TV@Dicb
zeEp64MG#pjThBFF={3K>bFp_{I`i%dNlk;s#b6oova(}Mo&t$jGK)&LhzAiZ*=&x$
zMH(`H0C)o3Qdc^OC83czr7j|iPE3aS(=Fgw1Iym
zs1>;7`LPWMH^~RM;YTADcr}=Wmt}gL;`aJ2`)C!(42wih_+frEs9IIw+0Ge;^LW9FU5HB4zxN!vhaxx=0SJa$1EbN13q#yK<`l##EEQN#&mHbKo5kqh(%$-GT1c8^BT1$KZ@73-wP)@{c
z&7qoHuV!tJXMK{$GV5Z5NTcQV)Luo9**FP_#b_GTIAZ`X7{}xvb4`hrvzD116*H!S
zjGdTq2hl%X{A0=_7}(0>gIF=q8$uY{qaG83TK~*SVW?nZ|2V3*_Bf_7l9}qFMKX3o{G?V?({HBgDq>UtiInggb_77Gl5A1!Mz~Ti8PI
zaipZ8MAcxGqPOOpJz*rMcuclJnVIXSYP+n4dmm;>^o^uLq^nIeKZF{^po^{_jfNcz
z%dpP`KamtFlvLE{NQ6^!@$9T)>|sA4i}fsgja)0^{^<1(2=>Cr*&uNk4V4CoA7Jq)
zxRSlcZefdKxgDLL!icY*9Le;Q
z2646#wkbs;tnG{IwnFADC=XCeRLf3uh;%2>TjtfTxHy#K9bu>m{Qe606_VH6&#`s1
z_HU}4YpS8egII|Tj->nU=S>rO7hprtO2Rha{R(G)2XBOtMl$kX`W9j+OMEXYx8c4r
zI1EzapT+M57X-Utf1c&a{lyMTXQKcQ(;~b^GUUhl;-rdTRXJ%I
z;s!_MX}B~J*z$mj^CRpvXs<;3E_AKOi{v#(k}F}vbscyB7;L6lfZGZ4kdq}+Jkte0
zk*GivA=bO?4d9h4^(lMWL!>2~evA@>l-**#2v)!ZmEH-R^*;Beo`exC--pPX6<~JM
zz_8ri-+RUa*xR3|;)?e7ZuC02LS~8S9G0~wbjD*@+S%W`j|Gc0vki&_S%W#*^k~w%
z+DUXmr~5VAf3&}sEEQW0ZJ^Y-5=W=4b%p+SiD7l&$#$A~E*ll#4i|_tk;m6$ouDG_
z&8-3L;%Ku38HmZL)^6rH=HQclnl8`kUxYIw%}Nc<^w`ZGh^#1p;noaTJD52thsx)&
zV>@cD_&v0ec0hj7;_V=yu!4nQvWer;nRisoz_o)2xWGHOT}_l)WxICTZd#2%c-MaR
z2=fHu$iZ;-hj(yf)E8=ouyqf`^=zou;p`GYXVmVj?l;wD(~uDDelCP`DrSJX>Lo8S
z+eV%c{|FzH?8NK`0Phe1c1V#By#HKcadHKU>=bpMN|`AVq`;r14_!2|Ur-h4co_3A
z0N8}TL(R0mNuJbFaDhRz$f}(Q-vLSR^j-`WNahN#>oNov&mgh~_6i;=pD@$80JX@T
zQ_E_+U*ie8)S73dltc!g{doodOmaNc9HL6l_EkzqzLt1A_|L{PG0SY*Ib7UYJNOd
zpV|dA)Ct^SwD>ikYtuETS{@S-ggl^OsomO_U%w3yiBI}p)XGt>r?#OY$Z-vYrYW@tL(c0O?C<;9>kH18#6J76Sbo`=6e
zEi`356b3k3UN!QSpSC;(I&Urj_A;jJ;0TYpwHOv$L!(j*9zeP`VNqE2b-b6*+aqU;
zpk~A@J6!F^Sj+cEUi**C5VWWBAu~K!w%SDg$iu=Boh$Q4t~b>%yHWTV6zSNnwm-5F
z$(!nroB;B$6R(5cAXu@Ca6dy2WrSZK)=FUnrHIMHkt!2tlX9+Sdkv^anw6(y
z!z%kDPk-i#vHBxF2e$g{kNhGLy*H5BE~U%b!9_IONjvxti9I09epX`u!bNB9|Npdu
zUjikoVF#~3NWU^WxCDL#6F+6`;5x#k|3`LkxH@UDeayJV?cg#xp#8RkCrf~^GCQ~r
zYOSgrycp|E4v($e4(r0O^iG6g(^cJO3A
zugnhqj6w7&+rd3WQ^xJ!^(4ot+rcghuCar+AgHnGua#L&Re!%kG9*R)P4B-Qd`Xfc
zo*iuGE8h2&Ebw00&WO6`-$
zoG5quC;A4GiuJYJrfD$3PB-_+sS%U+c!7Bj3FJ^j7cn4bO_%f`AMsWe5J&-Y$*Ecx
z7IDp?7#uIr1};>VWS4JM;$a=eE(Ytmz3Z430&lEjWS6f4Nbt6c!Cp)Zkdt2xTIdeO
zf~bT}w|+`wj^e#bw?!npowzZOFjBrQ^R7_>jMZE!DK^yJ0tL8_LfSC--}8XDe}wXx
zU?!}%Bj2E}-x8btW^AGeF9r+V!<5ih@NZ5n(_3G9$#0vA*Hf2!D#RbcTQ8aWx35+#
z4mR&28~!xYZ$f^YzejC<_=p7nW7s%MYNDS?J1>m1dcDp#SzU^xHudCp%-t#PBm33k3uYN_!
zJNdJVh2J|@=C4Y=OcmrsOvrD@9TBVTuO6UzJzzebKYQd~0x=NY)B!f>G*Re?P8gk!
zAl_DC4VJnukvrzq?gCnw^=4gTRXUsAH;k_47q&?Su`IYlcsuVu6=J60)e!F2_UHPS0Yx0Y%N?41p=AR{(zEokL5To|45s~5@N#b6sy%25D5
z#*owc`g_h#Ky2&L)Qq8%`)5O43M95`L<3?E;GX
z*i4V+TB?FYq#iv8ZXW}{Tz_}4lI*32wVuFU1>cS|La(<2f!>5;hr*h^-74ky#)P}LC$
z_7?IcWqnU%c-+=L=YlJW!BJ3t9_RH_3*G!q98cwBz52QInub|F#l$1Bl;xH`4DpL>T@%oP=f`*!|2*&*V-Yrt30G|TDsiKRHM
z`pJENe2K$(+;=Ht$K}2@ru#tglbLwJ->#?e*W6xo0vyK_?wcth<4T?qnWSrJt7k9&
z^s{Y_u5q+5-=a;QZ&V&t>lhDz8e@1p6)PI!J<%A@gWSf;AVAhL76NDN-N9~hJj?kG
zMA1rq+i6j&&?Mc?oMi?;w4PYPXlQU1Kki%
zR^pS${7-!n+~LUO4bKX<&?*chez-pF&#^4*K&Tf0J%f;gT?}Eu0s&BCJOBzAD%iEi
zs#I6tTv?gy!5Yu1T|b9xe);R?aPr5weh%uT0W8|TyksZ*;gr1Ocp4}839<0xROtN(
zUsSJCF;Xk+Q5Nzl-TKrD4Tb;X
zS;$GWZvDLhfi?!u+AP@~~Q2>*s!
zlO461hj{^yPQs*!N7-2`Iglj^hguaLp0xkeA(U-(x%t0yKJzxqvAgOT6*t?{>Kh=C#Iafndk`&Rku@@@_W
z$>H4#@aXXFkMJ1r?q+o1JZ{?LpM|A2Qtf_%9ip)0dss0mnvbYv}7IvA@-;r)K!dEWDv
z()Cgo(#|S-r!u)_5+`@T8ab?W3AtErpdeE(z{a15*w-L4PfhM?!H~8h-o@Zaf0fe0
zZT&*@`UL!~m}eW8+8&O67!09TFD91>^&bai3$Si^6uyDU_3dSf?s$;=@92)x=(jn#
z<4NC}CQw%1YaF#`@nEoYMSGvbKM5#`ATJxS){3DDuY;_V$5;eBPED7a0xR2J8}(vD
z{(Iyx-XA@Pen!9xI(*zUEc0?ThR^pob7qi)A+YP(>--*85nz3dAi4n420%0
z!d%L9eVZ1iljEBtlTPjM0UfL+^K77GG1wBR1sW4`0f&j@M`_^P*XT(^roTy(OV%v+
z-kW2(R_!F<=Oa1pDA7~#=t$Agc#M?jF_Lm|eak%7p%PlPkI~ljNBhFhnZAq1Xtd3d
zruOagW@)2Aae9mgM(0LA+#i9fQJ8Jv;?|7K@wzwKn%IOiN4SD=pEbDt{Z<~)`!Pg=
zKLmzjO#TV5tXim&f50rVG`Wu*)7D`+oVRMN>ZpB9>|e4M$DQ|T4Y5iSJH?LK=fvVR
zQ>@ihOF(ePT0Pu`XD8?QO}J+fdeRJmaP;*E>6L}WZK#L89qc0FDFIS1t(P$Zp7QV{
zCeBr5w0B9o7q6Su)!vitb7v>^#LBiCH-2qyZzn1|Vfepiiph4&BvVAXG4wL3-u>|a
z#(lI|U=00Zu0FXy^IgI(7lU6sA1myE&5FTQ_v%a^Zs68ryx9IlqIfR%RMmEAOGrNvJwH3k)-4b5Pet<{XuL09p!{6SBwLs#k0Aty83_LAz=gU$5?o4O
z`FR{KSF3-sc^#mT9fY5py-~zJ$0C-(g6p7i(85~J&_N$OQk-8pD9+*DbQtoB(ak!(Xl7yfT4E5`0g@u({e2H@@_UU#JCG_?-mYFvY|xR1+JI
z(AA!Z#$6{cCT|C82CjEmV|Aq`m!50J2pW5@MXFJgho@3>fJ*R{0cH)!kFEsu?vB-qa)n+=(?;&zBqO?~r!_S&jprlhaVbPtI
z?IXaZWU`(?J_l{rZOOb-2`Lri-;N2CUd(6SfjDy^H2hZJhmf3pl_pemGS)dCfP=B0GJG*x%IQv_z5N7CEhMJ2scrLv2MpJ@>Hz!vnPX~y+n6Ik
z(Y++zp*Wo%>!|$Q_CDlqpXc$+@nYY1BqqlIlkG7zin{H@)9)q4=3;Tg8xbTAQeOj$
z@)e_63*W7PHTP(#>MuNfWM7^MEeUu$Rg?t#Akn3rLO<+h3-W)%0RH*85Mt2Y+XEnb
z`ej>6o1sb*1)4{0c&S@+cvbW{;Ed8F0QMrs>BKnTxlSCC#*GZkjBRD+J%7M^Q)d>e
zwtMbS8lFK@t|*=$eYhu{tAY-!vrAve^UL)>I34(a<7Xju{5zc*GW7R(yt216BwMJu
z^t4JGArB=bWnFf#>0t-Ahvs$BLzhXFsR|fjhy43XI^@3qc8;pGR}VT-b@Iv2%+vx}
zNTq7D8$jEbKGO0qQm1wnnYbIwfvOJVm)$2$ePWjjwL$su?}Y01RbXGgW;Do+O_V(Tt;ByQ;;Vs$6u!ZTjBTii*MGt
zlbu(c=!4ono_qEVY5Vqt-ZY)Ingt-s29FT<;8h?rOf3M#uLcj@Eq%PeJ}5_36Xcha
z9SX}y)@N=4Rkv(oY5=q;1{)#^VTB?w$OVZ(PKJktu3x*r4zhVP$UE>$ok1RYBpl=q
z@GI;fq5SHeRF|tQKayHVuIYvF`Wuk8e(deE;8)am(k+`4_ZwePYY;zl-U$3j*bjA5
zwbS~n@mcYRevd=H_Kn#m+wu_mQpfoa=@t96nf)!ylgH3;KIwvYj-JNtIKvGEhNy2poud>+k2U>`e_Z;TByZhNV8jzq0bqZex-&0RHX|5y
zcjAYf)I4>~2h62JMh4n*x@BZ^wHIu>69Ub)^ZtgUe#Hou41pzZ3cdBJSVP-k6M0&t
z`wwUsG(pzjbdzRqx+5`j?RIUS}z^Oo6OGxWI1W_)EK6sqGtitX_8ut49J
zmR2n2F`6u3WJ8d+$qNctif+EAjNTPodcB-`7dbX=)f=D{z+$OUgkrvV1GMVY3pzSL
z09+V;O_K_(FB1iEwr*S3`o0nCAg
znL@xKGFPTIpIN>~rWcp(kZDWXKq6SIaAT^_T>|$v1nw_dW`4m#2M!d*PeOljDN^#M
zyw$Oz$j0jGh;7|3Xons_uKCS;)0>=$+(2y3qrQM%A6Elqob8vuf%
z82jWNE$+)L;uYEAzIvHRao;-gTyOsBwgFha&Z4j%xT3DaZ*~Vr5aBlE!dff7Us>_M
z1lp6r=uHSwVb3G+CwTEbur@QCu`3S5do+4WW*x4V-z07|B<#c^5wN0
zK;WT*_h3sQvuPIEOiwB^z5alM&`gF>edu@%VSH~qJZ)!(dlF7T-|c{SYCb#QKm+H`
zOv4XrYBN0~PTCBqtEDM$TJi88({!pfh2Aa(*ks?H$@I(VPApC{4f!`jZ`%
z0LSZdkoFm1oubF>@5t2tLas%J!f}3Q_rp{H>@EU$A<_!61}aZ?!Vv050KO^-pkN|c
z)^yGYXODSDvp-5Zm)YO-8xE8*Tji{tIbfj>^Hm0Y8)*kn=2Mo>alg$o{s?;$e*=)!
zis8L`qdJj?MJB@JFIv^8wBm7S%j;jwnKTrIyeL`42fr!sHTShqc(491#%}2yTvJ#o
zKdNSI(b8L0bM-6oH1Lw4v)j(E>F$uHK{M*QAy5?DR?KaY=BDgEI6R6C{l0?IIJBj!
z66W9a;O`8pY}E(mLN*
z>r^UiN(^*}sX)H`cbqRBA$=op!JmPImdw)1(oc=!{xJ0_Lxe*j?|nJ4E?T@SJNu;>
zTeWgB6GzGiZ6+2*4Lo4%zhGJMfah
z;KEZ%xL|Hj^S&5>)eUmvNlx^PpHb?<0}mEo}|b-}zmTzD-HL
z27ZI|`{7Tp4EA?NS53=T>HTW42P>L%yg-yw@`g-i6xR|x2
z1V8H4U^Ap>O8*XvObgyp6Ro61ov9F=fCFU70g2b>
z5|MKlknm$?Cck&$&y{>D$(8MGszFqjA}9%trFi+dGJr)*4z;O@*O1ig;WxU8AJBu^
z6GrV4JvBwNv~lBFCE*a#7dj%B`2x^)8G=i@fG#w0C!*cxLJ!R&k>6DbmDGhl5+i^+
zzG93pw7l)|{8q{X#-aCHi@)@Kp{T{RoCRgz^qs~cXm;ll2BbVelaDQjZ%ywK24B{{D-5i+d
z{+#?S+BDSvKjtcl=e)i7oyd9X#BX)p#7*s{F=Yq3M`jUu9v<^A+PZH_Ex4wwdyXl9
zGXW9FEW+Q46Ki%{jFVd3NH!X9h;zVRF@|n`_vElMF(|`W$f0JpHP=VKXROhRdKKN&
z%?jP7VY>!YBU)5Rgw_UmSFtwT|E6(ar>sb%#VU58;!^N>8!O@`q@~TU!;}RYX>@Qw
zL$@b&8ejd?TNqLnw2pa?OqFbuVe?^D8mp-?E7=8=j^-@%!T1CL!vUANy|P`CfwZdqIn
zq~ZOxv6&9=1CU+O{fglNBMK6s+>Uo1lOGA3*a+nyqDdkYWvE|1z1=@|!|F2U<$g6%ygv
z-C%58x2qUz%{OBoZ61zVz$GW5JTH8EZo8}bwh;;nA74BLd^}$H_*5ta@bRtq6Kq32
zCw8~+bI8}j81==+Js7sv@bS+cjqx#ajm}bkdUlcQG;WZW+}oC}O_(ek4u~nZCm^GY
zx04ddy@L>I+5*&j2RZVjx8iNMnC|Kch9YY1as0wXnywFv
zPX~;dSse)qz`qeKZeC5$SD0mJ@v%Uvp#eFrfGi>6$Sz^wF0^IZ@VW3iN3|lZ+5Ai{
z7LT)6zdwegwx>-z+L}DF3#}MYlgu?{v8v|B%OR4U#<=P5NMp>yZAsQNt!ZR~mqw?`ooU^5P15da{q7EBcN5+2$T&iIi)mMPrX#2<*45}MEa>Z=^Uc+Vkl0nRr_$5jCM&!Sgo23l1fBH`V;c@D*XqInF
zO3}%a4@GWh$HOWsWUcW<&c))Zps8#`EzbnI(6@|wnZcgV5Dh6^i4HNlQbdQez@_az
zxQ_}SBDC+`KCQxu*_vrMzmD&b!pZAiL&3N5a1dezz#)%?(K8JtXCoPkx08qyZyV2P
z=)xAD$F-2WieyYMiMO}?5tTGrx~LtLrjP&Y~)p#M34c)
zE;pBv|7%0ox}L#LNTnOdod!BsE=cMF>QKsKHYdB1k^)BXs6!?100Fxbl|2FL06$oh
zyp+6Ql7^ws{OCr}+i;`Z6_(%9i3zE+o)M5&@0PbRWsgdX?;I+fL=|o|XGQmk$|M$*
zpTaNK9YXGiyLcl$bcl-N>E%Y8?2q_gif%OGa#Sd=v+I*TMK3B!T+dE6
zJg7{=pG6IOv1pZSxNez-M@0=ENp1KK`0Qzxb&IIs6=)c2aSuShY$@gCXvgAw5>|$4NtL(^odj#1WT@}cfeIPw*d`_CjaXAjWvI)!6dr9@+)83+%fj7QH@xsP&iwIJ=tYI-
zoyXH;VQ`s-2S*M6nA-3uXzR2QH;5WuklOItG7VoYgrIW$Jb0Nr5egBd*lychB|8MK
z-M2$i4~k@HB7XZal&|PM(`WE&f0@SMYpZ)Soi?{HdclFpU)kRQ<~07=@%K>y_^X5Z
zHDd4;9)o9v!)Yn9!saM6=Hkpu8mqTxKw?1I)qwKQ!e~U#Lf+!Q2v9N+D67xv6&?uB
z9iZ6Qy&MQz_#iC77K9k9--}6i-;RHh+Iuomm1&Iki#&Q!RxasDEZ=l__-;smL-`bwR0~y#_YljcV)uDYymi*Lo7~KCJofVtJdD{0t>1yHm$1yFnv8crV;v
zF?jrMBSd+Ub)XNg=zrf0>VvIkUYE{fkIlho%GTR@A&2#!CX{J-Wz_HkWJHo|y=Iw)
zher)t(J(liVjQxyn;}37J=)EA(d^hR3a@k;m@(Sju*#m$e2~zKCJx&#l8OEB+n0%a
z1*pGmTld{)7BMjr%;%9=P;ea!a!az$zRiV&p-cF7$%i#l+e()>ELJ*;`xi=B4-$7r
z-R3pGWL0NC%a$ffspmLV;*ErLjrE9fm+I
zO#|L=1)3|XtUwSD+(3Q|3CDg`%Yyzoj{9$5T2>#e!6|zBC|~iBp!mKd?zP~TG2HX*
zl8=DLZN=Gc-yuB-js|LKwT;byI|CPiW^MT6ReAZHa>2
z$T*b*&s>vEf(;=Ah6EQO3JNx)t_VpG%FZhDe?Crw=a6f*G+2h;9u2^#-M68IM0VYR
z?@*I-y?Y+kZ6Z`_atbfGA4?cr)$99@OJ4hiHrZkUUf1W$l9I>rgVc97`2GfA0lxQI
z5TVt>_tp*}P;VJktg9qvq~iNnL|ADoe_Kn4?_n^4!EKbZB))ZPY$Mm$a?O8=B`@-s
zKglA(mq@UAI%e5E5sn|gZ^iNW2Z1_h6)yMV{zxcCgzv-c^T$8?YK2AB1#8=1HM4Ft
zZ6wWHB^&CI)~`Ueg!>Pa8oF^~+@R)$EZ3uWvyZOKtOIEt{~$~*5^8dyu63MZdHynv
z-aL_`OV5Lw*B3~1jVU(^*uXyAQDONIuly8K&J{RmkG_Wdh2!AB1^%tb%zCqC)*#8!
zbAhZFym&S8Xdj93*ZJR<69~9!uMiAu-rPVCPj+m%dj&SrHrIt!tMKW$Xy7$u;O^_t
zxs2U?r8CUc@EFmy+%RrDxO{AXhS@P3W@~4dsnD1!2k|3dMnUYxFPSY+vuVHD-XFHT
z(`nlUHGy%3iJ1mPQsN0sdGPVh9f_}|m%s)kO-1&$tg7v8hT9!5@
zz9-7{g_L!L&M=EOq-NI7fF#+*bff&JGW(SZ@-%oxjhGBob950fPXH+j=qW^8>JuO2
zynPGoioG}32Y?0o0v0S(z}havYk9=^Ohm-?clIJyF9!8c>)6Us+D(QkaYe(9v-M@r
zOhny-djWMvE9&Nt71TYCKfz=M#IX}^705tE-cYzED{ENA;16&jzzy{n1#4QxU>~>z
zc&@e2AHx32W&?1p-A;gK9@LZi17O4CAXT{4z}o)!NLh>&!O?H4gu%dg#wWtE+29%9
zbsvX#*~~ZTg@j?qvOQIEeG{oyycH+bvkz4_Mg^Grt;~uNqf
z%gD*V6_H~ffh#xFTcm#wBIh4QtydyaO+`-N6aYCn2Aomf;E{1?)_{>89!zOKm2cBP
z7UuDtscBgLbdABK0QL524!dHrN07nH%^rnTEe~;i6|@^N36?H?5LN)uP(^+=3-^$U
z=WMP|g-LcKm93>P-Q639m2$VS-zvzsk~Wwky21c#tMKnvu+?d3TrKdE_+~>%INaZBBMpBw?#im3y|KP
zlg=nRQ(GvbT#qzR5Z;QbO#6u2;Qe|v&-mPIqs)ns|+Wkx7
zhN-pP+!T*}@K5bTb}9&z1%*I&($4@FSp?ww5rugIc42mPG@tPlz7SPfAe`PxRGEoJ
zApgJ&4QOPhK;o`g~5uo(f?EXauOVk2n}cMrf9ec(JS62(J;rs4*(uX
zHuCHXyu8ic*rBqb`zf$dejc?yI%*6tw4q~0L~2=Nr1o}Edb+Y-(6em?QQM|`4=4gN
zn(^VrUWzw4RrJP&72KTxL)jv&tDaj#ez6~6v(bRIv>t#QA&_8wR2ogKHE>hwZ9##G
ziOY=dmyU|qT~LLZFJ7Kb+RZs{CGD(5uAJ!ni^0PTd$q#xs1STbhD+7(&gw?Lx&2bQ
zDj~N&N6Q9aADAm|1$K|yZ-Plibtyo-eV_tUxP47^T)9cWT-A`u?MvwZr))PG1|4c<
zd?wt?V3^L>EQ(rgX9f|cX>zza@^t03mW(b$0T|Zdx2SC&pJ4#PboEZY8wNZ
zlH9#rsm76oj&Zb)<9wgBK|PG=!rr5w*j4d)DuN)3HV>bNI*0~7KP0X5vu)q5aU4Qp
zfhxa-yBcYHg;+Mbyr2SGZRjoSjPX%=%Ia8w8-EvEEf?Vq5jW*Vx57PCUIB^L7v;?GPp0=a=h%a(67yZK*=
zk&W!yEG7z_)BNB3v&CTol8sf2zh9Tf7AZ>Jso)6)_5)hRZu{Y;r>56m7Za14!0>1R619KPXnh^DcOa;Dk{mCs(
zM_HP5v{Fpt{-pA=uwek_CMF$^&1aLCbaa8rsAqQE==X*3On*{)D+UF&D@4*U^IK)4
zV>nnXoJhKKd~hoJvaYuy9VZig3F%muL-!>eml1c7bbQF@BxWxAl#ZJaFu6P|j02A8
z7QAwC+bM3uzhNUw-C6wJzMEG#DIu~%NIgAt|kj!wv>|KN(b^G;V#$Q
zl$W!)CT#nEIg0}+s{N{e%<*Ax3RUkSPlyZodYgHhN=IoB{_V};P_c;^#J(f<5M@(r
zuEm~?2Pmh&&lsCojx!Lk9jv`kJ^_|XCozvID(2~e?sa(U7%=-7GhkReqRz(k
zl($BXs%X7QbXR##a3>XO&dr#q9mRDn?+LCri4#b1D*ppUpyX+a)Aa*S;~)??ph-c)
zK5Gg>jIq=Gz-P|$`A!fG%xy?}ty=ja#1Iij+ac~_n4=YrMup&GFfbUC4B$li;GKGS
zM!Ngj9A|x!ri9;@<9EbmzdnlP4EdJK@z~pbnz;$LaVt2z!lDsB@|4jCrd)A=tAjjD
zj<|jg+}&nsXxI5#%KX9LJBHmwCA=oqv4%=qAQHvtPEht
z9`w?~AqVL^dUPIqjijZ_<5Y;a4{u!@32)H_iw^b9ry&w}yV&*PQc8G%8Vm3G=oN7F
z_1#2)>t(V~4!9*eqTSzylM%ran+qxxgZVIJ+C*D)Qa8&BbSZw(V8nP{AC2LZ_)!BW
zoQXKd1-gPH_^`LoT9DC1CnzK;l}>v?=^Q{g5~br}ydgeKar&O
zvlE^XY*<%7H
zB9##Fx79HLI_g44hM|kWj`R&9x$UBPisW`3DP5+_N7+U15Z_`@jo#xr#mSG15R-Cm
zz5JP1hd(Z>>%k8eI`+~&#_Z+ZWW3N`-b3FD!=FzXO!H`uqYjKb+DeADc?qI)sOE1X
zzWK{$=tUFVhJrtby6S#Gq94uD_yv^U=D;0F0hy-s?OWP`L
zLSDZt5R+0yt>SDW+Tt32RfK+wTW5(0mp8HbclR57%?jenLNNW$
zHxC9f;eVL!-xu1W9U45yK2+}Km~Q_;`^7F%yeHH`E^|jdb8RlOFrT>tH?oe+EIj+@
zJd_#aU!hz0ePnJj3k#EQI65<5-%UP`u+fGapgTV_B9LQ*q;rQK>Sy)-R
z0i$s7ChYw{^q%bIP0=S*b~-?`O<`MP-8=>LxJZ@m9C!%7G;>%Zm=ed4)%-;8qC|UZ9
z)Q94O^#BD>g<`I!A&2Jc!Mc#SjRUtGZB?WLU!IG{NC&PZr7_>74!vShp6^2aXX1rw
z5!8Dt@F&69vcTaeK2{Q5_cLAlspk*Y0O3dXz?0)VFJ)FJP4S&HGb%v6YGGJssOHA3
z2@mXLU>YpgPXpOPdsm5B1ws4=6VSa06BUuZ+MQ-0uPZgWzSByM%rUrbkg1ECcD$+?
zPS8XPhaSypstOBsMNyTjw0M@~UdPXfmWj2XtuV6lYql^Eb-}EIN>@jmM)|Ip^*hz-
zYLSY;GjybF#bQwLT>^wl@DNym1EPYr1X8TGQg^{)451Z*gm!S!B{IBH$(?%!TWivp@s8Iu$$YVg<&L_Q#;%N9cE+pbhz__#w7Qmo*$Wop2K}w;eqaOvm1;K-QV!C;tU3LER1+fPy;GyI4$0o-hz
z9ounnoq5Ym&X?lFOp{a?60vYjyL590j~Rm7a`nse6!IlwFZ+|m&GXF%Hu>52~-=WNGM)1CxX`IOrQfFxC2VBvpD1G0~
z=97->;$Uwd(I*2EAGU1_Z0Goh-s^t}+q$J6#DJQrusTeThPNefT#3yXY&Uu2@_Bg2>?V5TJs>LG
zat{tXs>%-RF&(!?b5*wG^mh7)GOByY6hnWxeH>mQ5*E({KSZXjbRc#20eG>}3!}Dy
ziuNyzx;9F^o=;a%zcc3F4F%aEN*
zd~4}bQR&Sn1teY~W(Ou{30>@la(b)tsq1qOolL8hyZ1Q!iQyy*4@L@$!C;61Y`WCV
z&tu(ep`e8_?QbK)#+cUD-w(N#xjrx>N?U|83+sJTaxyYG#>>IQz7Eh`P0>r
z)`PKH4Jar=;jkfZTA5U@UGOZQ*Usuzu&95fucSO>im>BaFkF2IA^m9V*6=HFJ&$TSaa}c__;N+?qPBQ
zPxPpcu9+u7hx#OLOSIT
zGkCg1y4vyLG4|)!OSaF?W6fO0;;sRe9hGf4=0aJm=Ha%=j+USyCq3bt#d9i4f6V58
zN!zJyz||&=`ThZzs4PXuE}6Cq>|-%l|3KnEXDMe0=D>ZdWVVzuJ;wKQnCj@()PY6o
zgvkbnBOy>7gs$Ms+^_`gVfP|wXtA|ZAK0RjAhxC=c94m6!)yqYglUK7HT31N<|Sx1
zKb*qw2t7=w>^T+wPw?wQ(Gl(!9HMA?&Y&qtF92f`pm#bD^OiJc_@=F>)mS?-Alf{NKg_e#$1QI`)J8kCmQ{
zQYSm2FddAZotNPd+h7RO)#otFG103Eu3(1fvZWLsCsRsYnuT8Kv@r@-@FwIk54uKK
z6Xxv%xL#d_E?}h#=*A?(yp08-5bE&?Lz&l5$;?&c8;6h0Jct8^D8ps;Fd(M9n^`Xg
z{lb)+fDse$zQFm!?|zFS2WJN$rqGBf06zcPRQ1~c4;K)iE&=}d^N1t{L*|)IC*3hl
zC;C|Y1z2z-!{0(~l-D@#cd}INK~sE4U^wys%~|{o*zFDQFXYHk^Ttvv1~yRCd=DC1
z$`U2FoFF|0r5(dQ2Q+VG`y9-Sr`{%tF$Bwp%U%c!X+Zi79G&i+$i{>t<|AGQ3G#fz
zNft+ta4761@1kkr;~HEE4L1N146gKG|)N5eHx*r$yM87=*
z_qFAE#&29^@iiTd>5ub`m{K_eAEx6sY{=4Sqwc5%;L9?
z)K8C*24z_FXtCm+58erFrif$QS`2!>1GF4ghE+=^kyROrGjH3Qo4Fj>fe&l8ZCZ}Z
zWTsd0d+Xsj(}SOx-m^UB(2qKnZ@4q&0t0Z~5IO%}+JLJFiNpVW_Y1-4fpQ7hLlXeA
zFs;uQ{M5lpfReWUbaoMRuNGJ|5|Xw+A~`qni(GRrz9CWByys;zd+Am*@A@z(4d0?_
z_<92>i2G4u#WpC6#bdr|ZF!3&_o^?})$*4?TtpAH--p@DBMc3KpMqe~DI}nw7tJE-XKP|ax(nT24^aUx~C4^Jnp(BOKg`-lcI4YPGhZdUEhSBzb9Ha7$Hlm@YrK4$j?
zv~OQypVruS`7kK{)bD$9vN2Xb$NyN^6rU{?>OQp5;HXi04>!9ahAusH)Y%TYDIw`Z*NM_-6gW;Wyoo$}3r>$<7cq&IQg5WH~jS>mj
zS6&fV)To8W0Wrk>=b@wK?7VNb$X;d0Gp@`}zVUJtNbGeqAah~wJ?*Gz>=_cggD
zL*Lm4WoLO6XW&i4x4?9gfuDkVQcfd)U%oongVa)Aw5qtImh69roH$b|UvV5bu3r_m
z+RI$GkW$-lb0eJe@}<{+Gn~>$+w|yt>HwYoRl3{|wZ&j_N#dkwI6FZ?qIKT@d-j3J
z$=~*6A=GP03-zgZ>`AziH7_Z{NMYM@K0zmEcNtw*5nix{F7Xfpi{tV1I>|+dj_vNsoP}J^|RQ+`qqc^O9kb>Ad3-n1INqMTlA&8+xpil4Ws7b
z+%5#u2j8Gsisx@EW{q^5H5PTu?`23Y^reXbG5BFLL7_6Y%Ju5q*+t|<9xF8j?#U=h
zC{;iZGq}N~veR=4t>*gnviYg-aU#Z%B(5WemS;ObcTyC8i@_A~Dn3_%51@b^I4`~D
zKR-td^(#`)RC$g8zpYX;3#WAvk!kCq$?XK+gg!%iri4L}aJTunk{t)#O#S_7GO?f`
zwWe3=U-U+6h5O_t!BgfgAav1K%{Tj#_Ob^NuRvM&+wumuv{R71_M6*`m>K6)IFpKT
zw9AI$XukhuajyhUlpY94ZBVd$2p+B$kzJh;wS^q2
z9*cZwvvfG(PonZ&j(83pWNf|-;LgsNM#31KBBV?_!f_KvUs&qfI5*{*&#H0{f
zkKteN+HL9hU0F(I@FKR2>12waXSzyv#UYUraG5i2XZ)lr2hzLBT%&qC?yI%*pb3sp
zwuz;F2u5`-$8e+gb{KRAUyKw8pAUt73*W4tuzAX57Lg%aX}psXO%#Wiz8Ndvgg$(f
zp=lfujcmVcT1ORUJf#kL9;Ff7@%R{KAdgRiPx*m+<8eHNQtPRp@?9vMnCqUHd)*vi
z*`5N-P?_JIbVi#@JyVOZK#ptQ)y{mSCt}+%d-Ncx_aJ$#0a1;lhu~(86i+9{mp8!&cl1W8<=LLX
zEuOHD_&tG|M-UCq*sY=&#JFWFQN(o|VX8$B_w~4>)phfQ#6v5UPL65_lalFwJd$s)
zK4_MrUqDt@YIr+pYWI^`z?sBnom?Nm8Z#g0wl^6x!M{h~SlSjP=8cST7}!_v8SP)V
zdwagZD!muH?Ni!={7Xo`x3jcyyIB+61lPerYn?}f-%|v2+rrhrQm`#EYO#~0#LO6A
z2DJ5;<(=IGH;bi3zD!r+k3W^&k`w@suPiAZ(Dh18S}Pt!M=ZG%{WCaR*lDm0=0@;4
zIh{wgV^t!)&4jZBWF!z^ag_-};CoK!Ox9G;eG^18I`MHhN#dU`w$_>I%q6uZZb2sc
zNUC}6jiT)yL-WJFg$~uN0B}O0&3ED}w1{!?iwBnBWTV$^14DrVv6P{+yIQ4CB+(B4
z8_d*^4x=u6F&8)`Vgzl???4Sg30R$`w*0zUqkfuhKq
zNW+0-LJ~UDIx+W}*_vGir_mLN$Fh6|^%=BqFdKTr3dGOBQ$`>zhG!FOgcTgn<~ZLn#B}j2h^(h+t^Kwq=s=S2
z_?-N%<;pG`Axjq!1U^7)VWC#u3Qes8E1WhPv7STIs1{w)T44Z*#_?o4X^p}8Y>MS?
zkG+HoO>7zXM%vi6cy3WoY{~H0
z_W>l=(yqX5zz_l0ohAwb*pw9ErVfyr%GDSH*hBFJ{ZA3@4$3)j8}H8*1+|WD=(Y_b
z%M^?L9yEN^m(`kp4*K2PsDNew30$ix<1{iC6^&7G<3w#TUcswoqdM_@PBrX-{ZeEx
zXrV7``+}}B=5->pcW^(X&vNr$CD#NHioqgvw#HyxBJ%di&6gles&l-UeMH|SL!Qq-
zAAinuA!S4t3NxWM4duoGXppQJED?L5&b&r;b`En8ouL++FsiGU-{48Pv02()5!xEG
zDF&Z_^)!EmM|)$)VW4$d#xUeeG`tvS{rXbtMKf`&Ej+y;rU2n4O`9N2;s_na(7@H;
zY4Tq$&{F=z5A$@uPvJeeIv}Qz&H@vp^`BiOjkJ1myEX22uIk)=yQe?5MEj&SsERJh
zXP<3K=1AkSODP%=pH(OM>|tq3pGNp>bBK3>&wjrZK#kjO!fW$2p*~Jk_Ms&9e@0W8
zpi7<6!Jz{Z=0gCuD><7=+i*r}!LTM~GzZd^I-|ICigBkR=~QvaY3gA>Xd;B$--PSt
zabq8P$B&*iE~9rYhn9%+4y{s5X9sP&kiPy}z(lWA+FHQL5V?gQ-U5i+e78#*0TecP
z<&BDphq3wmRq=;F!Fl>Ny6=vvPf_sxKX5^4>
zuotWi+~qU13gQF94Q7k<3NeojfP(|Kn;Uz&8ARj&LrbQ0gl#$8Z~2(CtUybEN@FMM
z4|kiEC4NI)u<)+&9nFAhkK+TLw_D19fAm{UP91PB(=wO>e^a-HZfS=;OFAH5!Y$zB
zgfG9K{Z-rp|A*CPw?oi{SY`321G5h}Dfeg5&bFD)P(s^u!8bBLTh(nM3DXF}yC#SO
zE_gtlg!!PFS-%D&b+DYp@Q(4P434c<>TrsDq6WoIt&u?0F64^joOStd({A
z+n9aY5&@ngzvwYVKf(p5bGk5QKvQMWShnY+pUiwLaM%MpKobeBo`ApNo6ULv8_<(<
zrQPn{kwrLZc$vB-UMla)aqOQL2KEP}{Z?e~)&1Q}ORM!3%YP-#}oftzIWRiGinMK{_>Rxob6f@k4zvO#9Qv*untxRP+3xx;j;8cZB
z$dnU_wtxfd=b+<&3!6+C`ew)D32
zyVwKFqa90LEwLH8j%%wUOJRO93!f8@}
zG06#!kH`14hhJm9^5!Ptun6lPZ-@e#W-oDD72L%kV`uLnob{MjKm&y~_>1$0qoiZb
zwTsW&!2S!mn)nJ;gde-slTn{PiDUq16A)*DV?!9_i!XV=V$K&%CIuBe
z-J*$N==qb1(uwGxjU!C1L48?)0@6lBSb@9gW9D|cYZf!ta9$#Aa0Mgmy+~bX>r9im
zd)RvmVPy9as?teN!QMV;V6G)#*324E27#N2){77rl6Mdb%98g#2>(L>`H>0`B}Cmw
z`Z|ibyU5|_C8Fp>C(s)5?|?CPWNC|59Px(GKb?N8Ahl{upOmdPoYmLbCLi5NY)THsAWDe
z>Twn|Ky2CJIP@Fo#^~#b?bcMp4-V4ax6Ev-kQG(bDh5x%ZNetER_?%%br@lV-PX0<
z$|6<@FnL+h6`A@Bp=(^Q=VV?5>VT7Mb`rr36s0b
z^d7^AD1rh!hN#=rqHZS9YClWoAg?yG1Q;U=_#!+c^eG)k(W9a{j{YWk)LjHdm&)ts
zshO!-6;AyPIK7+(tWRWhLZ3_XKqx5XRL_0yx4rp^w
ztO@E%J^SOgk$C`MRUlizVN(xN2)i6nkh-vFSqx@dL271$&ZZm?FCqLm>UPe%Wod&r
zoKc(u7}FvbH;OB>{Y5SZgU^Pn1u?1sUn4w?NWlN7-_ctT04M-|lhiCM(K(
zH5J7R)+&qvxdo=#X|Fc67l;In;O6AGYl8nXWs7$bJ{E&tt>Lxes2+7=>m(H6SfA|A
zON`~Qiq!`o#^BGRR?jh{H?W8mtbv7b$UN&8{;m=pT)vFh(PSgE%_>sQ#Iqr=ID
zohFedttiT&)T-jJ(LAv@k*7M*Gw`Q7xjE%;)p&0yiAaNAeG*fE)?)t51E@If3
zqG^^wEIqZC$lkv${+6G;zshU1n%VpMCmnq?ijmmLv-cUXj|qMCO)_y(Uww;SQ;NPi
zV*uZ)zA6lROw3V2VZBWzwF>K9cq6XDdbgTAgbM2_*#Hz*Sm$jn!;8YI7P$aj|LC`z
zEG^>-YcJC>Qdk%H%{EIN@GVvP{($@VE#EK!kGg(VL*8jx27@rsn8K=*4#(MRqOv}Kau2SgTbEQ>0LXP8{
zA~qMROHg{)z?gvF0nd)A=%>~HC&Kb@4eSUtbeIV(NdYIHA51&
z`qko#CanGkz(txAeMeG{Ol|`$X-h4MHL%?nx>}LieFtBpjxwIG@c}+3!t-&F`nReH
z;qVc5I`w|b#nLh^Qn#Cykw|q56+#*QN$P+zHkHZy1K#booRm7??xtmMC}cGzQqw{P
za7C&Y7*TRLKEO)Wz^-iw+azU-j$0aG?3z{5JxHv9-7*yYuhJUW0ElNKb+d#?;!?ME
zG*egViaSEGE{C^ZrS3XOmWtF}2+uqC##V$z*1$r~Ahf7aMC8RBkgq7>dyLb88Ppqc
zdiB;mJW-S2X}BYQ>1z|>v0;BB0F!lzW1vA_d1M6CQ!o;tDI&Xxx%VdK-U{{rsHM#a
zCF|v0;kzS&jEOlh?|0B;j+Q1O*lnaDwz`&J!Pj%+JL-ijJezi#J#cdqx>A6mV(=5m
z6EQU=k1x@C9{DKKVvIy_DE}HgQfJai2MrU^(hZ^!
z&0Ky<-8;7fmJ&)Smoqnnu=IcL+`9A)^8VhrukbFKrMSJGA>zD8#K*D|zH9_K6lw!4
z*gq(bMF+lqj8K>x^ie|
zq>JEI9TC%GPz1cWxgc>a3_c}V8KoW`nGpXoWhB`zRB4p^dUz!(R7)}VTOCmVE8EnD
zdaRGGah~e)FTn*21ottVE2dtW^iWIE+;c6ZX4V`cLERe{g5Sf_L#+Tk!bxDRMRua%
zxesVE9yDw#(ERE%fd+jDH251q^8*7-_vyMi*cEMy-+v%L2qz^z+qKB-1eYKlBtpTJ
z!Os{|s^fJYB{RM%W7I!Zn%oTvmb!)~4jz;yA81qW>6zM)roiw~AAcE_sq#6d&LlZKe;KaDCkkvLGYe)CW
zZ@)1M0+OzjMDjiAs3q3fzVj7`&ULmw+qSy_W%A}WVWMcA?W!-xA4zq;A7jfnMUzf*
z53zJA`~q~_D}L<&i@VA0+kL8i39kn|gIx2Q?yST8Bv1@Yyiow~6W@2Hzb10P&Qap0
z^&?q24n0tn7*ZtZP4wezK-ijA
zInvF`ARW=6tt@l$V;_hdl8Ohs6&
zV{RW3flp$o8IgrEb4UUE>&3J|L*`uBq!xehihqRvI{;?*c9Kg&YSWX^!F+U3Zb!uB
zyKzoP37CxmH?ucn?UrTk<|@V_u81BkKXf5=zW&Df35f{cnuZ%3iqJcAGIw7(^X>{c
z%Cd-jaTYXfX_##^`6FTRMWtK7D_qNKGx@RGKmBrrG@Oj8fVUV7)hMe2ZWI0wEACSz
zanBZb&9yHCVH7+u3b#=u+oi3U+NK!XLxZLpGcXwL+r&q16MH&_0dyoN(t17A?KQqO
z=B}*C`mh;3zQFSfB1=8*$SS5$7XVh!iAzxVZKfFPTaU^ihk!dAUbK8eW)TnG&FV*A
zgJ?kWPVfhis4FkH0lHPNXyt3J8uV5o?-m5J{1k&(jcJCYy8Da3)+&AItr*+}0aNM2
z0L37S3_??`$J=7GE2tUC;5nk_tm7my_y({a+%-Is!6l%Sk-^)jymUb)@kNJP!HTh8
z-$O;mzf0o1m+*~YcVja>dRazQ&9WRflT&BAk9%kR}zPj
zBAO|Wa1zP8i&Z5Bt&HkYR7wM;0zrqz4b2C02C+<-vr#Z65o}3+)j+j@gd+40(b+Qn
z*2g{Ku!@s-PNh1DBi#5Q;-j9B|5huaY7g0=o#;M=o(ZFbG7;6Mw2vkR+EcukFc{lG
z9)V~-qS_7XNVG_Nq^-`5WN^YD|$PO5thhfO1yGD6Mp@USN;OinDibX
zSB~Yv;LpP#`_)uXt!ubPre}tJehHQDUmFnM?;}J&OQv^3=_RyXss5ZE8^bWLvqX`^
zkCBggB@)eGe%T|{bT57?GE>Lk>HkJ9F8wbC72P0m@d39P^&uCpN$8@vfyY=kYI>hM
zCgfssvwOvtiySL^a`DM>0OHBTzwstrF8*4J)~h2IJ4^hXbbT&BhbxhbleqE8QU~{$
z%3~xK1LJaGeM~Y}YF^>KPcXgzQC{Jwl)S>Na6O_qS&J0e=p-LHa+;F_Xeg%_$YY9}
z-t!)%!{<$R=6-a3HoU671Tf0=ouYi!pIl#Z9!8$%A1Hr{y^%cMcyTbr-u#CP|K(se
zw)^#NN(atoLaLLv#0Kta=t+1uecdw@VH^&zqi}Tnz}-(VsK>RV3IDsyeu}5XZFgeV
zdaCq96yRmtZlK;xu@7e<|Le>%?yCp{j0C*3k3G?uuNj?LLe_x42ZAq2_(*$FEdq1p
za5Dwgo?(V~VRu4Me6HaP9qpcg=<`_qDi)QaZ!t!1N_K-mM5h_*b=6^ntxMfqiFA1E
zSdJPCRK>S&x_|SP7Mr5^y+w%e&qD?1$v>Bp9Mz7fu`^2x{Rplfj#1mXM3
z@WN+b(8V&`)FY;yV=v;^QF!(uEe%sV{||fb16Ng%KK>sJja*79D=XJ-t{EB`nU<*)
zniv@t`KQb*MM1$32rfpZhN3Qn7!|f=W>i*Y)|!!-sZp6&xkcp`+gh=$*+r?SwPH)S
z-}f_f&OPVcd(rmu`Tkz7@9*_mU)|pKo|$=O=9y=nnR(9PUR9f_VIOMub;0{sA(B6+
zu&C;66sI<`;ZBPP@k}x7l%38cM9BfCtsD~1H~rIH!1C#4atx;!v8Pz<$zjQ+*sv>x
zV~8zbYDXG6Jw9^X5DA$c?JN-U{t;$U9c6*|x0(*28>Q>nmpi%@JjKE<5LvGCq2;?B
zTVi@54zWIX(b{~G{^xqevBy_p#x%|SjN=^=Sz#d#3jI}aZ^_Z%aKjt4n#j6?KlmDP
zj`MiZ0cC!85cf@4o@eaftl=mp^AoX9$H}~dGT6X2>tAw)EDbuDuNIGQoy=`pmY!G#
zmyigHsnCGKYUkjdueQCmOqcm-Z&^X_Tq}3*kegn$kO-zTpLmIGfkjTdh`o2-eXev<
z#i#F+_*l@1QX7NrT`3d39kaez)*#ys$giBj``@eOjbGQ{28(ia>T)682X7SorxK~!
zrHpRD|9oLa@ype24!kwsy=s^A3L|q2S;<`~_?W%{%<>$V8OQjQfud
zmFvRMyTAK`UIfoYrTXPRxK;|Q#S_TBnW?*hh}v3=Tm9;t)AQBy7X;?RKK;elmFWj-
zm&l&IRQ_I}&eZ4*HWta{v)Ci*p!Fia
z`d17J+fm!vtl<#1ufO7iStdI==eZ)V^737o))p(+Ofk_~-)z}=So;$*Jb996RNuq?
zq>0fCGQxJ(E#|%a>k`k^;M{kLA&U8)veLQ
z`dHaT$NsN&(G7S2{C8j%ZEzTNRDYtXUdPY%>QgVHdZ4L%y2M|@
zoM1QC-rimQi*Vaaw}5p1o{CPWDKe~Hq}TecRytH$oadPl?KlqAIH&8E8{FmNzd%c-
zB9#M8X6dRBH91{#t!p9&do(21`VJ}YCA&-2wy)%4*zXgzv}#VJ=+Hg0bsp_v>%cYy
z%dML3&{nw>P&^NBuO7x?pHw`r#h8DV^u~Vpm(7(rqpIFsE`HdR%<(m%&S4@Ut}i42
z)c3DJt|Hi1Hj93$)pk4BCa;y4pSi2us2+-NE>{ih9RJi-+_f=#iYG(Va%ImGdo5zU
zidCKbpRZRBs{Md@cG#&OW1Pxv&s?vL;f$a=kJwum`^kGl=5b{pf~#g$5G`*
znH{#@Ye7r)(+r(i;_ah)9IjaH@a$FoAvO}eG!BoJlPOfUSCq55MeNdAG90#~-Fv8F
zzac;0YI&*Nn9IIGZ6rSCvW`}@w->G^&Tz!Nuxmj%)qT_ryKck=e1Li`#P$P?`?Vh!
zrn;&8z)0kwTf!+dF@e9)e+)+*vh!UPDWj-#GfdwB47v9s^FzM<+frAkyE7+!jcQ2X
zg!zK{D9aV%<;g$^`gE6Dl5WQr)}K_GuG18~SU$GnPlD&0@<)5riB0BPv$lOT-*06X
z>)Zg^lf>>`@M1rhb;;!r^vId#u=UDRYkebJ8;0<ssCAR
z6J;AtQDu0yurmy`UuQS$`8Qs-LhOd(X4KBS&-@ad3O=>m$1JvY@GmlY!8`cZSRBk9
zd{>FEg*mkZx%WptaIKV#V64@y{>yZ99%|NPyHCDJ@PGtp_}thm(uc^)p7jvG;enr{n(+l
zL>&Cg9SDrFOpm-c>t3o-{WIKBoS*t;C_d%)WJ#=7cOAmrL>2$z^
z|6mfkrz+#lexy|;{fq+;8h2HFer#Te(_feET+n`#PNiciLZW=}zQdvfcjr1v=Q4EX9;;NH
z`yBY*l5L9Fsy;M@xf0yD`{j6LX8Bm%fN*^4oHw*{8zqnK+#fmG_4J4m>(id>^Vd1S$;&g
zskUSSJ
z-}N+}+=(@k^7?j<3=4(iVSnEM?uV5oRyS_rgZ!v))$}g?607D!+wZ*tisr2{yvOnL
z)0tFv@L1lYNxkKxYnTnDxc7A%z9MvuxP!M(@A6%Z{3dbLY`geHR`CJt6@SVs-ak;~
zNmdzo6Sm4cU8ZZDa)%`bU}i~>%?IXU+lR|4m6-05M_c9hZ1sFg<%Xn)
z3;Js;(<)`u!+(w6=!PvP(iydTRpTd(Y6*i?OKb4lW!AX}m{
zUyG_=f94HZ_!{fM<>4UT_x&R0GPBU->anSIHJ}8ap>~9n=KdYq
zaNj*zYxN`|RkP`idMi-xPOt+KALX((>#dH0~=
zmZ&aEe?n=+zNq4sGrIio0Pjm{2t+LA4XW(;67tI;JIKU5}6WK$0f9l73mH
z6;dckSGbbCG?Q+Tq+XI#=1>Saul!MVQC$`_s=jN};PPcZD2;0q82G3uZmW@EjLz0
zgtKi*_)9ob%fiZ+tLErctVx{18t%7ku1+9v_weE`I&5907
zU-WwMx{QHqdFkjIt!@TtPqAQ!_{*DJ$HWA2^MS){@w|G29e?q>T^e;p!C9<~oB39N
zEuSjG8yL-Zny@l{$t7RBjG21oiN{#@T4wbvQgYO0M`C=hkY~nwN?=|jox#gi|
z(oRWw+m+PIOnO$5o_8fhn@JUt^nferP>EJYfg}~WlJ=TO6D8>uSJDnM=?Y02E=gKR
z=Dgy5=y$R@6!3@NN_lE(1s{w<){Y3=y=7PB1E-mF43U$T`1p=DvF4d;$HhCXi_!MQ
zv(-g&?O20j(~HE!A0@B3c5LGiqc2~{OwwzIJ(QC2iSJIi=WJQMbM4rm4t-(Pjv4aY
zqiw-0@2iiNtGxORbL|LJd#WyL7R;mS
zptZxANMqzYu08X)?2GI*!fNL*%7$Az`UG9K1V-2bKSpJ?z!aG__^xK!<`igEG>9;Q
z^Sage8tIE}q0IH9pta*f!h@DyS+GMqu5;~BG1HFQ%CQkUUPpMS-56a5eZFql9wjRY
z%}wQC6*fkvV|pFb>e6wDy9OFb{Hi8O1Z>c!iI$xSv4$&lXU2269ud?c59?ivigL<5
zO9{P+tnz`0Y$`?MEcU`IX*x-J@iSzFwR7IKMCW|*Q}eR^Iz@yk@3&hf1#NVmrWQ1<
zP+i`Z!6BT3$`lZMP$^q1SEUIPxf@&Da%`7B{>rlB+VHl}NXw-)NrRP3V~CVo-H{H9
zbo08>yvBoiQ*TMG`GmHWIuEd)`=zzIy!1mIZPlcVRQoo0+_cuWVmGoLb;}wcn=6;B
zo-*&l%GxYbUx{XY64#O_FXwf$LKYyJ6g<3|)EPsXChr20tG+w?6TeVA-TJ^J9eUviY%J^CBBy|JJ-lgjM
z^rB=b_7a-bWfNW|u|`|LNZH(m?ZtYBs00ypl@?_U;r5%&*)fg8K(A_j``GB0CN8Q?
zEF#?~ODr0axM<$!;(0~J{BBlFSitr;vv@CxmyItnCFoY=ZbhVYTMxLtI3E93oLCfb
z@LB7+h`GfS^BE_}#x-g&NBzQEwQ@H_jij&D&=7*Q`8@{sNkYQRZ(wP9eAWA=JQs)n$Vxz
zT3aFQy5UO^F5h2V6Zrb#M>t_6g&ngNafGJ*E>#f}rNAzm5@LxrOMq*_LNop`hBv55
zkLDYADK(k?s5iv~TVu#b7Bny-|Gn7VnH#rI%D
zMdRC~1(pSEu6sF1nLhrppB#&ZPTg*&7Kf%**{SKFsSEAYt3p%L?9@J?sUt~stVr5e
zzE`JKjt{lIpP0bRX=k9Qqi=zD+yy(tm$DGGyUx5L-lVMKn@e0P6T$-P#tPJBer7$W
z^<_xKIz2%?PcT2%CQKP6+9s(sAq{V%-tJ7uaIZEYk2t7R#lx!d-F%85@HCn9EFn@<
z$fA=#a-EsnBG%|$bk2D-ud;sR?^wjmqu(zLl{_
z|JmBKomr&TrWZN|txYA=ZLLjnr5$>0G7WUL%zNdkvAgntw_wDgmoKE_5><71q^o74
zU{1H+%W`T8iD3C^T*9JAcFXgABTlH)xupG$2M0oB{`j3O^KBH_c)43n`rcqUW5tDs
zwCy>EoCPB1C-+kJoS41Y_QzxxLL}VgkZ^@asJ54}l0eVYg4940T+5hu6lPL|1(i6K
zFmbLm<_(^|HH-HMR%narik|VicTnXpRb^t4jKSYk1c{YGq?8XFI#&-$9>+AJTh)l@$4BeR3k)a|n14*o@g;nw)QsopCgiy6ztR=p0Y
z3v1j`i%hA#2gzna#+
zsAB=^n)-%z=hEJw-9v?FVVpP=*F^c@pfoC20ZU(ztJ+qoI7m^Kx%7Cjj)z&~McO9i
zW91v+o%KDX*RCp6pKiZsU9~?F3(@tXKD8)z!0=c;S-FGd40?gp;UY^mzAdn;xmL9(
zIDZuR8$WWalhR+^4>eXTYRUyH;L|y}6RDi0LlscA*;c@#9GvKY5>l+fBp4pTui{`@
z(fAzZ5VYE6Qy^qryIM->V^$AZ5>#Y})S*+2(A3}Csb4Ztg39{EqwBIeLR0@?r#=;$
z`X;H)rm9g|{XsxrerS;jTj2Q6)Vv^pN^7GLcrZ7p*-7DY{y}n%49eLxO$eBjXG}(QsNt-U`OmmuD`kH#LB>bLkH1fFRjyNWS?`O#ReKEH%VClZZO2D&KdU71
z+1kYQ?0<~1@#|?-h3-U^_$&3ugSxM8^(}Lwd_&K(hPQ87BDtBZ#etphH`tBZ^9Fi$
zCe7lHRn3k0H!@=CD{})GW^!sNPFx>>upx=n{3Jb2L;u*2t)5QL>CvSLwZ5BlN0oY7
zwUe_(U&ivXja>3I$f%fY!hE)HP5N^+YOYP(
zpwyqZ0UhLDSIm!4dF4k|Wu(M0-)H9iJ$dE3nA}>wLyV-9gP)mS58v6iI|BEOBoI4JX2bp@fVR_FO3~~AjC`E6t2hsyU1~&MS6!T5@8ql
zSf)?V@n9;NH}8@=&j#^es3
z50NEg&_4A%nkWEC&1V1e+1wn|+SJD!D`6ChaYX~oM<1Y2+ju{`lLX+~#t%P(|R4qbkLv|wdST5~Jy$ezTOPK|-7CD|<8GP`fAivbNgPyJ26EkIO53Cn{FsVBCev&1nI&hY*tIfUHRz5rEkm=r}^sbIL$NF?tkDP
zvz61V$fYv8iT30gur8+s@S2hMUe3;ayPT9>Dz9D$MkZ0|Ww&Dk#0hjZpo|uch
zwv!hRJT_Nb!NZ(kXgSlg)_0Z!Tt&eI8l7Jr@+Z-YQoMd%Q1V_RSL{MhTefF#osLN*)na%bXAq>
zSf^wJx5{T*9Vd%T)1sT@h-2A|E~8pAOJIWc
z=c{V#pGAPywD-%9b^Ja%RpO^1`QZ-14dS%FP@?<
zTI#w>U39OLjupf9AC5n0ds(lIKE4X38(J1M2VDPM;^p{Un~-1z_rzf*ajC&vS&n;7
z=jgI2C8PMuwvv>LgZ(V+IRq_yQD>7uyI6#3#SQrfZ{2_YY(DYX;<)eB!c1*WDox?^
zD^FTm70D-aNB81PJ$iqaZH<-boes2yqT($Pr`DF4d#nrz8Fjwmh6uf|$vh-Wt#6Ka
zfg=fc1q}zuT=KjwqrN4%eBd3o>9(9Dr%@4W>eaO>{b!LxFKeBOB)%9NN$i_tM-qGR
z-W^Gdli6oS5>L+5En6;H3JGR>p>81SV8%x;NRC8h=PxrO8cW;}z$e&p>HtNJso2-W
z=Y_~DbI80KnT-i+>yj-GTTglaw8|+PzezZ2|sQ?
z!lrg3i4W3*|16St?_TT3%u`BCm`LIb_Nt8~
zk}3w_iX_f;xb7OVu{Z=Gi5pY}fjClWhVJ0$VLLd@(V81+4OOX#$PmV|(XS4F`ocuF
z)Qe52Z@wF@kDoc>%MlK#U%f_dD;US`DLt!51
zWKLVll4JGC%0b-A57F*NlKQk_jzGkJ{N)N@0NjIafY
ze++6&?;wF{=0qScB$jyiS$EYc=O+wpNG$O~$r&6=+!n6*3MpCBHnjE1q$FxDyKJ=q__s_D(*nL(r{1fm%m(*yY%*_a1niSKGpqzcq2L4hjkr|Bv$4XyG9Ijopf&T&+ED^=>2)%s3)#C|^;
z55cyiojBqIwZWI8kSmUOA0AM}5qs;Xqt)MMuooT1u&&f{ggAJeR4f65piK~&`2GvM
zp&^~EmbHtb!hlk$rAJDD?8REyW*sf&IQ2C119TohU)KD9LQf>c;X;jPuXRsDrQE}tMQFYB@dHlsL4M;~
z)+Xo7RYl&mi>wYU@@lvu586d;qX?aH1V1|Zen#D)C!P4T#?}t5hu4PPi9sJI+9X)2=F>&@B)d
z{95cqbyA=1^tR>tc1k;9pFysyMO3g(=Dk^iqb_N$-}}{I`i*7Sf&}Yg)K4+XWVa%q8MJOiJNM@TQHCq%
zml>_QL)JOv-@`8u<8U_0vj&Cgn)G>~hN-ui@|&gCC30SIgzCB}<0LTV4%MCgpxAtu
zMQ`Z2r9326sNKY0-?u_`+Cjc0Ueru`MW;DKb(_Qql}g0c6{>q}xtdk(P~AG&tE-Z*WHP&JCQU)oN6)7i-3}*0)toN+KV_RbqapUuHSF
zjk#ZR+wq0T5o|b8V)SJV^`(ckz7y23Rr!QiDe<{paR|;OIf8R3lx#51dRY&N%tT+=
z_`Rhmxk_YtN+GN>GhAb4NGh+8Ck08_Wu{zcr)<_KSb#b}o@S^Ydr5Zu3bg)emyW7k^fuv9=Wa#2#zIlU
zxnUAgB;kZG2}*H4uGVV7lQR6Zz9-e;Ru6-UPiUK3y;~W~prGd`Jpqf+PsO*et}ue?
zej5u)h*ARA*hyQ8lJz8(6Y;O(wY~iTD^kmoELGaCB*?K>Em1|H=5UK!x$GQN7G0@b
zf$RI4Hi?JQTMkS3m5=C>__HXIT9OvLp+;F({go_K(vsQ)`SSxqk_`Kvnyh#Wnku-)
zpA)O+osRaDelMC*6HB{>QOS^%~&uHv_7P$Pl);cvgReXx0
z%C{e;%88D^WxX8j%L9)+XouaWvMW{`hS*LUW&x3WMX2m5wJP2kUOhU=&G1
z4u}RyWu~K5wH*2M@O2B7b1UxA8PANu;r=)Vb3o2Q<>G>Cj-y257I!=|iH)hQuGY6#
zZra(VvHf~2EKzNHgH7Xoy-QVtSd3sx$P68dP@{GpCR))rhwXOI=4Ff&(96(iR2q~z
zz)t-)b3Q2bR6F(Wp{Xr@3P|1-n))fJ&X|Bw`b%pAMeYeL^0X~5D>St#!4LGuLUuQ&E|V=tpC{@|TG#$`W#m
zTRKSC!u8Z+7gU8G3wmhCd8`>oJ`<~(IE+BzbvnWcH{k49a7%c0(RwhUk0t
z5@TASHn6tvXT`ki%ZbTa$CX?T7c^~R+??(~8F#H%gmw?BSlxr1>nq`kRN6%{LyIg4
zS0vRgagUiO&)K7%(`p_0>ty!*!jc{Oe5U-6y7T!=w9E6>>^F}d
zIlZ%3dLJA)eL|gb?dLPcvMIsW1R|&TG~>5KPUY!PnqDs_T<7zd#j?Vv;Hi0%iO@%-
zc0;JMTp`pQ3#HMl&)62t3Jsh-p)xoFr;nix37ld<>IqHD0PmFTC8Ew|u353uGH27Q
z)a!MmXxxbMpp8%xuxm{XM6hn?|
z#Wg9?{5%FkPZPeIOyaW%QGo#K60xmPQHDN-YB$@=W-YALQWYEF6x;4OwBtQ$^i(a5
zcCJRER1)l3!`32=DNjkU8>PDXEbHD8W392$*@5DI)n-+KqpJTs<&qg|y%=}5x{r1A-|)GK9`xc&DzW35WuM{>y-YwgJa=0A?L%F4Z%80RYO
zsw)EFrX6(C480bcZaloY)oSx#3GJ3mLQwQIyUM)oh`x4~Lzg4^x>9_Nig&smlzgH{
zCXOrmiqB3|+ocl+(KVdA*}NH))M_Z)>!nA?Erq%Qap~ZD0tLYDEV4P~eUFE&=G0JJG$}Wo@*8W$S(RE8yCLEw@f;J~d
ztoAIc3F05V@YU)4pQ@{xNX5Z1K}vj7E(Sjca1R$v&0fdg1{KM&Q!gYnMCn^4OclBc
z2E1Kh0u|%Z%y?}}Ao!iFFRB|Y{s>?DVC|k9N!-6^O#Nn7_PX1;bq5k)d-Z
zx^ug7SkH8de`D;|$pG?xdyHuer8vpZ`iETYs{cq5>&s1v5~`CbE^$k=pZOFQNBSLV
z$Ja5|u7b<5@Q4G93aGR}mQ3@a6f+p0gO^wX=t%h5>l}BplKbzbwBAJB_%d%pp7Aut
zu;XJ%uAYi+q#07oER%KST^nz%^;si<5E@uXcNGfw?k1?}f7Rc`S;(|dT*}uI~OFuzn=kF`n
zot7*fC^fjmes1R5FWY|l*j6R^E)L1}u9j2&3yA0v3FcNhj%yUb}rOx5P2zIJU|*j)1Tmc
zmsGx7eNwbs@
zsA!uEis2QRlJ%U+b=J|yEZ!yxK5=&ETBYd|#RBb?m$|B`p=_gB&G+v1^rxEF8Yt|G
zlIdIeW|vJb$p|O&{jkZZ*3m^}%ViYJu9m5KZ@fWmCcp5Vlus#c4O^=IVX^d&)-pKz
z_4^`u|EYQ(h*7_*KU%umDj%8E{Ad_!WAr((G^op>Q(4#=qxqlZ9L%M58Mz$`LO{3E
zS+yG1Q8bW0kaUeC-5WM3o}`0QLyL5i>jULF_s6$4P*zr}{+068_WyKLub2N{uzBZ2
zrGT%3E-Fpbxi1D(vN`CwrJE|Qn;tKHBexq3wKGX?4hbPmV6VP5#Qku)8uj0-3h6&h
z%0UXt|7&W<$_GAb8frbWo69WMQbcWn5}%bzx`U@nGt573YDEdw`?KBBZZW0Z6DsXz
z{fJtPwC7zp4Vu#a?2x9P4-d4hyD4pGsI+Gs(&jm&r8=Z7CN|>e>3(zid@EZncTaD2
zNV~ux?PP~Ec|P1B?Kx9gRj9P%9n$`>(C+D557_S;aTgA0xu&!+q0(N{ab2ai2OQGw
zK$?4J(`C_6nKJ!Dr_9ZibDHOCG6)w-bM#vJJ6aQ%0(!t>!xcHkE>i#JkRm@W2vbX)
zoS1YiPlgtGBV3V3>>_!gMeYq(WTsu@iqImH!WFs1E)q=<-_z2!;J=Go(6md+I+sS8$TK#v5oNbcR;L8AYDqr0w7m~^}N*7O%Pv!b}@|<%0`h8#Z
zeeBAob8eMAe1)|?kbSlK$oGYa^^|JgQM))rs*>8v)Z3&XDxpj9tLoZvNp{HjPM1|T
zSj`4B%~Il$R15XZ6qTa9zy%MfMCFglm#aM1s;APs+^!bB5!5bAl4`YeFNq!gC%(^R
zw=KtLExAnhUAvecHcFcMHL26Y^ovywA{sALO)+!U`flSO%L%tqesmdq)cQt=OtbYp
z)WlSSAW46o$@as&mUyo|INUaGCEz#&IA_ELDY{2Z%7CPFB$=jrU_BPH_&z=_*dZ1X
zbniYUaPMBn8#qn|;w@e1qGQJ>`{qGp-xXp;MBd5=-ac4c(Va5u<*|wKfybGbX3v)9
z$UUk$GnBJWYk`lozRj7WN>cg2sb+zJwv1OU)nfaH$f$D2@R~9Lw*023R=1+Ul+aud
z+=^Qr68Z;ASYS(-Zc2DQL_&9mgysz0k3bu)uq9k-O2`V4@F{n&wPI?0&s!4IrU=y>
zKQGXWC{se;5D6{_Kgjn(|mHYBC@1gTB?x3}>7L8(3M)TcvJBkk1E(A51i
z0+MeFP2FXujt)&-XQy63s_z|Q7&te1=0sYkAK+WiBtIj-!xj_dohRNh{u2WLTRm^=T_xllc7W^2XT2RC9Es8zDMVafEa=;G09~e
z*bJ+0$Sf=>DRUB>_K$`*6moZLsaF`-cf$S1SwByvsNp2qukmO&B)V>N-gJ>
zh+6c+jAhC~13D=q#3jG{puT8cY2y}&c~P>~7w-@nDK;DI>s)^pu8Oph&Cy}KzVA{I
zJk{IdrMGJ(w&Py@O6MIeEodoAJp2de4}=D;{x0Y$8Go*`?aO))x3u68E~KT5uPr%L
z`Y}DYoazX-wUl;{>-O_M?H2e<{H~*bGeYgbmHPPI8btYc5V17zu)Jdt>c%gF=m_-X
zcSuP7u)_yalU1&i-_;EiNYD;ARat+yZcDZ;^1xl-yID_>ZLd<1v&VX^DeL(3CGAEyvI=!Uv6mS3
zaYu@9Y?!0-ZjYyGDRA8%WxcXG!D!PddsOAOE?VUGMOyyVW&ZIO4KR%9UB>O=LdQ$g
z`+l!?xxa>(bC*puEZECyoZk_sqgq|u?RLeWbdKd0yLv{BKx^bjp7^>7M}zD*RH^-A
znh)nlr@EoM2I
zx$Fbw=WET+waO)nZF0v&{phuF0~_S2ilEg>U>S%=e=pIUYb}0K%V;N?g2}U6bDq
zm9bGOspAPjMoUJAmu%jYhKAp!dd47*mfvg9p$UHHd5&w6IP8P&N9ax~MLTTB8ijyv
zMSZH0zu=#P)DVkES|)$G!S^BOiSlThxTG?JZ@TyPvC^)WRm8kUMb?e^(q87VimiL)
zC@Y0(ncIdTH3^)S9540XUCxueWrhQN)k=B~~v#
zLPp0?^|8;0=Jh(Ervx=9v;K>|O~P2QxbOh4V{FZphY47~=&P>~P{LN;V+wQq(&GSJ
zh;x35C&-|QYbjnu@fFUYk>5^}*iHE<-hM11Y*!3vW(unxt=DN{8JsC3Tba^yoqA8U
ztMv`N4cI@gM5HUzRQHQY)zjn@Av&ZlpNIJ)Nz~K;H^UWD*+;U~Q#z^V_p{NO{BUMN
zQiOm;EA8AXd!5=u_3*DRj~)`=y~QVeVp6!&WHI?}b!&th;1v*b0A;-7-z}
zm9ix38|UH^(M7Fqr@1988!e--%T!N=Sb`cL*#wS>Njh)*uB6w0>4*oivV10UUS~o3
zG3MLNVrsmv(V7>-MDqe_ONpuAjeX~_%OZJd-tkm?t?%g!q!!QHY!v)~tmgQ+r6`lg
zVOOFYyXr(lpc7&QG)Il`yQP5^VtD*Ev%cJmhWqZV2%M69Pbl>$Cs)G0*7paAZ@KS=
zV(xmj$cfroy<$Rl4bIJIVCQA|TC|-ZyL;2mbyx4j|HioIW{j%M%(W9Uv%O0|rkR?7
z@BwzRDw`(D!O~a1#YpSQ=r5(Sf
z>cKvIR}%lUe@(Su1|$D_*^5cO($AAizxLh!m;}Uq%AUoA*uSRQ?kaODR&WHh-_1mF
zuNJORskz0am!K7Fp#<^D_@jb$YcEnOq-=p$?`ZK6S~8HnIffvpsy`jEArH~XBedck
zI_VmHYv*FF)M4z%w7WVEz3n%uKipZ>yEv(W%}(`{TAE2_J!Z*b)|+F
zpDjPk*mOMcJlCFI&D4&vM#wm=(z~#hq`+V8++$rSt|^opbL`J4@_DBHIaWSTv_E4_
ze1C>^P|6DC}EtAYP&;J+I9
zuLl0Bf&XgYzZ&?j2L7vo|G#QLp4#&rqgy}BGdndaGtDz<>~+_A(sHI1%u3JpdS(^m
zdp%RrJ?WX=jPyKDYPKgeFE8~@PmX$@Gj(SAG_MpaNGBep{v{SpOHWTrPxIt^Q>WdQ
zoH;Ag>&eXa`egUT$A#?y;t>7^8CG>
z^zwGDOFh4=(e)iio@KmN{y*?qN1J|2J7&|?{bt@>P~QKR*Fwt8&JknE&&eJb2LY?_cxwj~}dYU-Jo@bdQv^v1=2P(;Sy)%
zdhhh4=TA$`P50!d-(HZOJuO|Dmha7@U&ip%v?HV%M&!0u|A8>CGlH(g2Yn7MGcqWB
zlKD9gmhi$zGQ}2Bvpo5kg`Q~{=nEH+m+!HhfybNU$xY46PxlmLXHLsWqdNt7kr}Dp
zbgpOW?ixC`j94nV5a%_ifReYRXG{61=`-j$mr=#Eoa{7DMrzh{PtJ677G9{*kCoJ}
z76*H#=M?05(lTdcdhG@){fmBoL-~yKLd(^2Q+K*IH8ZPUXJuUcFR{>@hau!-pMOV2rZ+u5m$_pauyXa5
z^UnCN)&J4^t^OZBX!Rd5d2wB<{}f&~@>1^fnu4x(2$RQIu3J!gKlAelIFVP-`oaDqE9VYt
zH8I4&PVD43sJsKyq0|z*{?~z)4VVi7nYTNeL)U$
z7g5%p%9ze9zk0fw-9}!z?88uiqZk{f%+#!rSvjfRd?QhIS)S>6IkVJ8jK$b`R
z(kQZ0t{otIh6^vkO0Hy0&<4g|WLp2s^h@l-;RTtZSTm2A9&e{R3L_*m{gRO^JUMxH
zy7O7}9f3tW*m^fFH80G3a!vl-t^Uvd^!4T|+e>G8k`50Zto9)chGpJk)q1V2#`YQP
z8HpXR+h$D@t5f!`2Sx9xJyQ#&PfyP?jCSP>%T7zlOP`)u7$n%7Ufvv5%gh;SZOK*n
zWVi4?koQ{~nwp=Vp6B(*M$IEeo~|t@xc&L*)_zU2U`;lCU}2gd;SSC$o(oL<8ZKpO
z?Kv)uyE8Xkc9Z{${UpZDDM+@H)7AL{Sx-LF=0Dzi{T`mjYaXvb=1b~xG{PL~ST&QJ
zqu;xaJKKD7^rigNoSZCY-ob-&a?{yj=Hv|xC&;6OQ?B1rw1e06yk_!R&1(s-;-~ei
zeYuxib|k^Cu5I(b#p`okKl8fenKu7fynZlW!Q+^kf2B4&8OA(3PG(+uzPTw?-8672
z>4qUAWNmEe!)$CMb81$)7{0c5`gHsHHvebOwfWn4o%MX1{{=o5^FCQzSibja4zxK1
zyrz5PZC+~jjC8|H8y_|?EvG>02q{Ees%`Bw2w7^+_soVi|L{Mz`Kx*L=KXG78+e7b
zM^)c$gB+>u7C91*)E>zu4Z8KkHvdmAwD~hOw)sEhwSdp*yhv(C4;K$G)#R=hd4Uuu
z%)cYmud>sCw_j@WZ>etczs+k1@0)nl@sjf4brPt>UB7fFkR+v#T))oV&+u%f&P{Fp
zTVHPT&*F6@pU>rWwDP+0e#VJ>zf;XCZT>yHB6&ZM*J-?tR(`sy!t{UKt8MOa+x)Na^1RmOU%_hfUd@~x+VAl7E3e&tBaYk;yB&If
zj?kLW{-D*Itl8;f(%D5w$iOv(I$B{3NmzY`lxKGy=Sj~_bGrNAActdSTC7zzPR`lw
zijX*p>_Lyxu30&=(?_e|&5`;Pyk5;n_v%8|67b27?GtD2v#dy|vnx0EGiI|fC%`Gj
znV!dRTc6o5v(uIx+vLn_+3+ak@xT9cU#-hEnES})D-5HEm-VmVb;GD(xB0~|!)Sot
zLHXD4re7hGtNhxNTS*t8Le&cf7TvZNctG(oYU`|
zv>C>=ggnH|jPtLyf*|K#n10@+{4)YqtP4l2N3St)9`WOGM2hk=XJoUlXYTef*osS=
zGT52eC&ea)qTLC(&dns=MITa-v%-#G1obiOzud~?z#)4|w$&)m75
zv$OkndiVCEP7@Oni}|&{@1HT-@4t}OLSCoxN;coi=l@%;x2UJHG1z19M|Ee+@%u03
zwV2ljyiU8z@4uhdXS|B$`u%s!Gww1xT@6YA6k=I=d{r)$2HSoIm
z7UO2)7H#{E^=hn_*hSin$}R^FR`#iu8s)FT?X8Vz860I*a{lCg_Btl-jGH}19I-#M
z8t1y`u7}_wYZ0+`J)EqK+abs28$cNvGU>u)Cl_?N--}eNQtV*82U|^LmI^$7kpZ
zuT$3f{TK0)1~}@M00NR_u>SMT{1!Qm&ggFFI|FQtrD^+bXF3$&37)j^lb~tdaiL?
zV7>ay>z5it{%6KH?sk9vF7R2e7yU14N68_}hqeAVjoO*XOphPQts8B0I#pl4*m+4c
z$;^MLb7Y+nBfCD^jKkE|-&x)nF^V|zm?3e!4P!?nEAW?x{YkuUKEKtU3*-B7uLE}G
zAwz>N!nl~HkTc*oSOOn}YvC7g7wk2!)gQ&QP2g`N;$g45Tm2K@23QEE7q$AUU>tu7
zvI|cAW2?UzZiO*@4dY9mgp7w{cj@*wSmb02E;Z-B#Bw)*Sglt(Csx9H9DtFbVFd$K9;V(!Zp!oA!V
ztb$|K(oVQ~9ql@wIrl96f%460g>WWZ0hhwf@Kab1H$K8jIT)U5auo>3ClfGh{;1pM+J;wysKe1`dbeN!NV|@e)j0l=C6Qxa05I9>*3mC+Wal>9au*{55Q*FITCsF
zt1pa)qhJc02`A9MQdkH-hAZGta5KE8W1GJLu7k!UhH-f(+6`C2WVjh-!Fsq9#vI$`
zUk@wb9=I1Cf+49|uQ3FPsf4;nT1h?ty#Y;LenX*TJs*b$gHB
zwfTp_%i$#WAzTFeMH3T%kHcNC4*Fo>@ooMn_BQKaEc`o6f>9?B3xe6O1TKPW;TpIL
z_U%Hv1Wt$1LkwdHjDtI13XG1S-7pST!ufDBdWm(a5kI(tKeMN
z`6TQD#=;sn4>rIGXz-;*8=wc)!2~$;Wb6uN!y;G(tKddh10%aq9*%^@<+LAq;8vIf
zV^5*qa3U;$OW|6$8t#J4&`E(}Z1vkJ+Fs3{GhN*BBEP-3$=db~`L4%XpxZg8gum&cSc`i6JF2DlU&S2J%fLf`Nym;g5qK;N*(K;|{P2(E!ia0grs_rdKjauoZ8OVAf=
zfXQ&&Ap9eoaVhf>&VkkNQ@97F45r>|n1|2fmbaP|$@H(Uc3!H?k@_`3<{3oe9BavetBzImS7kn0u
zfWN{Fn4F5<;Qeqtd1mEsV*xWoQ%DI5mZ!?AETyd5^d3K*TvyoGV_TbK-w&!ap%4=#mw
z!3}UX+yhU_NAIu~>^j{rZh`|~4jc#9Kreg;R>Ch~HH`359-a&j!6evq2KEmJzz5(s
zxCMIQZdeI_fz@zO0p;N+cnD5{T{EyhH~=nz@k~l1ulhq;dk&bOuqyF
zoQeM6P>@*+$2K&JZI00^eb6_1@37g>-7&D7`b2sH-1x$f8Fc)@S
zz&Z%G!WuYtA$9_{z^H8Oycj!!qhJ#B!VLI0EP-#pwXg~9g8dg!9u~r=9OfmAh20iY
zFPsQ-;XSYdu7?|-57xn6OK3MNg0nE3!#yR-k=9=hE;H5Ier&5!F{mjGUi`C{eZpT
z{cr?)52nE$_u{uWyFxHDc9>CsUN+tS-K3D_qSx$Rk9W)Bqk3bI`
z{viE;&##~!_$gcjJ3T}_FdpuJvmd4&_&AK3%{*PjxWoC6pntf(3jM*pYv>=$ewy|{
z&pPxDTh`;(?l6o~pF{6(0Gt3fJdgh5^9IHnu6cp+f)~GpKZL_KQLd2jgoEHaZ~|<8
znR0OE7UaWQw~_Bo`n{e0z~mb2310p>_5hc_4RG}i_H%G+Eqa)PzILGpm;e*txOXTA
z*TNFm{aySOoB(&jYS;{YFy=1Kue;F$Tn1BMhreKluo70n9q%z;Vf6dVSC|Wpx%iI{
z7%#XACc%{-Q4ZF_3fOfI?S;8;+&shh(zvETm^T+t?)~@7q-E}@Ql5bznk&+jCR4A2ZU=e%=R>8Pt%EO!C6y|jaOkm!wmCtY&EP_55#XLLdd&Uj+hieP5
zYgh;Oz&(uXA$Ul}`3L+F<90b505f1TdMJT$a4k%RyI>ad!KEg!W#5395%o-
zXcVIt=z&{d0{jwAfl-HOC+q{O;1E~?t6>A&2?@R#gMXwvoDCD;gK!Gm0~f)`KT$ut
z9qxt)U=utHqtXBDpJ_j=gvoFl%!2!2^b-2rLOSdZlVJ+Xf_ZQ$Tn*R58n_!az$V!F
z-<1C&=UNyCN5W)S0<+)?a4D>Z>tTmqC=dJpioW5kuxknZg@fP$I060w3*kMj*eP5K
zx5D?}UP*_CVSF3*S;~43hr+pV68sz%!QOuSCL9BIz&yAQ?toGE;0L(75eJ9EWVjM$
z!8*7U#zy%4>tP1m4d=rq*aoA^SYJ9&9zG9~;kPggo^%Z5VJut^N5S22CTxOpVDwV@
z2jk!&m<&5dQXbBMOJN0E51)d&CA}l%p$A5n+u*Y$Je+E1Rm%^;h)C=#2yI~D%f(Kyqz34rfdSMD22Nyyw
ztb~NfltC*
zxD{5wf5Q!MR5!{)FKmV-FlIS+0OR4cr=vHx8hYWkuo9-7f!<&ZY=ECb<3aoY^uR6M
z`E63T^Y?sfDBKGd!IeE|H{1_*!Fzi$-tbEp{U`P}f1qA?0H(kZy=XTa11sQMxB)JM
zb+8IH!;LUz1$sM&@rJ|UI5-}9;dWRF>tHo(gL~kB-q;Hq1G_$C7=MHV;0`zrc0HH!
zFsd*10#Acm;ni?2^uoii7emq<8
zuwncKj)0vnKyUEE{>&3N0~}Hs!VFjfAB1b+I=BngKp%`BguYkfhhaQSgDG$h%!Mmp
z1>6KTz+JEocDR)Bf`eepqu3vehaCo^Z}|+pa4oEadtf!3KLmZj_uyf8!cg>G#s1(j
z<`+B!r@+pa({C6Ht6--q&=>3lo8U|s{g`2V0OMh&1lkS9z+C8s6)Y^SUT_zj1fvtN6L=+D
z1y{kX@Oiiwb{fh2T7%x92hN5G@C`Tx`d|_CTt&a(wXg;*f(@_^8c!l8iSn>7On^h-
z6gV9g!4mWq^l_pV<9)?j3v+mV@6>wuqRA|DR2>72G_uk;SM>Q(*>N3QORJa4kFlcfr0lF<$U4
z81+2oRu~IEhDq>Sm;sH6l!r6mTDSu4g8za(=((Blf2Lj-3vYr+@Nt*{lP59H;C8qH
z?uB*mTi6Vz--6yY&<;2Vz6&S8s9WhbOoXf8M7R|e!o6@cJPe~JW2Y}*pD+Rb31-1f
za4CEju7{t&-SDI-_y-sZqc@@-7zek*WcV%2f}T{$!xWfO&9jLx7sgDbKX5o~h9xlO
zCG-#DVR9Pd4*R4t&)^(b1$V(3_}UEg2D@jVw@rreI*f;r*_4B?!a|tfr5v0JYvBFR
zcp3dc4?F}D;LHN-6TUNtae|}nVw_;7xr`I+UQ9dT{w3&nGk(4VJ;MWV0xT+}KDY(0
zfF<`(A3ULqeG2@1DSCQ^aazWFguCE4m~}7X15+v(ADHnc{D6FZ82!Qyk5Fz4`!E;>
z?}y3oTbKpAuSUOcE8GAps+bS3{xSObD(92O=_l;G277`hJc&KQPV3P>T(W_A1V?P7
z99#`s;33#;EB5jt{e&fO0*tMuz3|jc_$|2fW$XbSfK9O5X4<=rdSM)#36tScm<6}O
z^)TfX{0+Px9)fScuG`rsY{yT+s@KU6cfN_Af`?!=oVOFZg|F7K9=~Q7kM3ezu&Q2f`{O0*!6YxwQvBu_I>OKE`wh916%>)>ljzq>m%9?M?&Kb;xo_#m%#+M9!`Pp
zz#_O8R>9~!*e~o08(=at-eg^Z9+(Rg;C`3|JN}h+!(MPb91eHGG}r|1h0!~>?*rrD
zyD%9ZfLXBf$CQV?;CeV5?uJuf6PypD-!hDH7zZDP$#5IYf`5lg;WuzSG(Mp`d=NIt
zXa057Fe2uRF(L|MBF>CHHmV|mI=SARSMJus{`hNnb3)9>6S|G+^1C~tii|7H7~J=w
zUOlC#lpn#X@K~Ptf!05{K8aTq*X3TX^-pAac{SCy`cIXMi6_J?>2T%ookmkJA0@q#
z*O#Q93C^3WFX{b`P`;A%_#>1Tu@Q4plGTVE`|vGBgmI>G
z++^%JjA`|s*8$(}e}s*XspG`rV~#nygKCKA`7rhTj2=!Bfz~)&ZMU;KG6?vHIZ-9O|AZm
zBgywrP`+~_mB8-g+d;c#-qPy7$9w?*O11DIbaab(35DIj-{B
zU?sg5>A#T9R?;rt;qid{5u`7f(&`^bdu{n~O2NIjR874Pr?&ck=6&SJj(#u>9U5)D
z>?PmKsjdEg$cg;-!?r9LFOMECX-_rvo7Uco;{>*CViZ^ta`fijVWj(nn@&9;6HlW%G^^9@E$b>}-K=9obHWV|NaZpzDb
z=X1(SCf`rwJ4576bmWtM9B0e(lF#SmdpD$gw>$Dl`@Xi@w~Bn53iyr=kvGYm@0b;~
zydC6|?;oEndYK-SFT>VL6ZsbMwc5#&FC!@5X$)rC{`c=pYv}3+qK8y5sNI%<|
z?pQaLlD?bt(a!V^Ba{H?$9mF#Azj)Tkl*1wl`j40PCqx^-Rl3C_mR_A+IeK0cG>MX
zgq$fnyPe{ab5%f28geQ~A1>o~p+k&!o5KFUOHSm-P1hrI+-m
z``h=I`=lQan0|1rqrd3I=?AwWr&neBesC}8S){k;2M?28Px@$AKSu=m*}XI4^QZ8B
zP>nz7quNQAaa)g`myy1V{zU$3g*|SgmL5|adCXnMG9r?15BUzQHvQyaM}KA99Dee!
z$a~E6YZp55iM=@dWH0(9-^sR7{KlE?e8;S@{Yx_WHmxz`^>F8N%9HUL$KMbrKN;o7
zC+&0i$yMYV$=?_#KY5lTpR~{6CwGvq>ocaG?Cj3x^pj2GyPv;7P<~PZ%hoz0cHr=n
zT^Wal=S@F(YEV9hpKSUadu#qypglhs9Zd|Topc$exzw{`gXt&VbBw3-&*3M>A;TOsPky0T
z`9c4mZ2il)JN)2?$Ps;9Vy|Qu`$~*l>J0y4JXG>|nEMtDQAkK;kapZVO?!-xyj}t}{C%~@@j+ZHT9hzYH
zS?3q$UifQR)8XTHj~fLa1MW9BWD&zU?1a%jU8luybwYrr-WZwBkel<1$MuRt--1(_2QU9su36@KN$Q_j&O;z;hyty4U4I7h?qljAk^ZO*OkhMzIF
z=Ao`z;4=sQ#r9b4m@NZ;8{BWq)`I83{l;t?c*F1g$7DbFO%-_WI($SC+;2=qfG-92
z8C*I(WR~9})ac_63>0=x>dGLwges#o<
z1IbTA`Oxe|Zas5U9bvpb2R^glGfw(UG<5TiGIzH7#iV`j8-4t%CnXvbpkIQRu-4Bj`&
zezbr;1dc=AZG*9I*$UnSUT(}~`8@~Vbv;!1S!R4oEk?5Z5b##SKf&b2S~m$?e)rao
z&jH_Cq5X@&cY({fQXFSvp0t4X-i+%~li%phlUDGN;N|)+=gt`PUvin>(0%v2b;xm2
z+W^jd>fICb9)5m#7y-Tp+^?Tgz&BRl^T4-(`;Fr=@HfEy@~{?M{PD~7Tg^OJY9l|4
z_qKt{--g|4a@ogCZmz_knA6xp_FH4a;QhcaHDg$6(?-sPDEQ^zetn38PX<59EI-Sw
zKMDRlaJl{z$C_)89IFDxashaEd2ROby{-@X5v+Ev%{Cy;Ts$+FXU5^pgN!pAxo8C+
zE91Oo#F5v6C%JLD_QJI=z8`*LNt}e!VA4<24j;ey-4D5t+?n71T3C`ZbAInfoPOK<=XdYJu+I$cH@`=K-(G=F
z0bdO6H#g>i&jk4O
z-R?iXmLks3KXZOPXTnJc{yud@XncyyRSKsRx}h{xHSN?zV3PxGeA2zA4~w@RQB*YAF$6yf+VAwr{h^We&LqBm0ns&%pP}?`cS$
z1s?<+Gh^@|mpl(X6?~}4zvuQrU~uMu!_Cc+@eDHzKDz>sf+xWJau^4n27bI5e}-Fs
z@&NJEj9)UJjXm_PX!uiz@2qv-X>$AESu=McPAmK%t`DD;$~;wv6(4VMYn0PaATby9
zw4wYQybcA8dW`#(32;1j$CvFF!l!slSZcz_I%a`4f|qN9JV$Lq9g=U6=cp&|a$}$`
z!Hw=Yss(X|;I~Ko+S(5lOa*t^daDtKZAEdh7yo+(J_nn}x7wcy%9><*d-ug}nc=rh
z%B?k$j{tuXTwV_s`+KPx+c4gm0{#s6?IxGw!t=X~k%Uj}&M(^+m_F8RP7uk{;Maru
z&95wY19-foygDD(5*~W{6qf38gYzcX$)d)gHNSnsR2H(f8;-po50tB$IX0M?mXU$
zcC>*z^Z2iKxcw
zhL1Ck&oJ6+%;R~8^FDn1=D;%Wt>7z4+Ud^Ywct|<{_}Vncnf%?c`R_SulPs#Hpsq)
z!IywP?mZUncaMcJ@ag)g|8>T6@G5Y>b8I7c2)x`HC)=)Na14bzM%-VLZCnVR1NWOJtHIv@Kh7*~>|t*L-&Udg
zZt$((<{whQ!Ot&W3GlA}^zUy9
z{2*|@e97NE>K_ZWKT=90byk9N<(O>1m<<4T=FVTS8)n{T7;{JdF6c0;t?a#u%$5AT
z(EGs8FX^i~pe4_PzYOkoP8Jc|^MQ{u%Nx(NR7wje_?FkDA%uzX9&o
zzBS-)SBSp_{AF;z_U#4#EjTWZ-2Pwc&PVw>zP|_eTZ4y#%l?ls%j39~Pv4yWgYO2%
zGUvuOuGQy)?*sR{7g!1|>^9$f^flmP!2R;K1$-j7-|@5;JO++K*KHs7Wy5%@=SldT
z67ZPG$c=N{kATlT6?|kK;_z7mpRs0~@4Ick*`{4JP<*hr5$7L3L
zQkDNa%Y&Z*?w2Pq6nO&on`dG03oFErf{z9FYkwU48{mHPED3%Qc)4*3qt9vZ3&1Ol
z!+QAKR>4P(!%p}-10TO}sK!lDE4W`jh|AQj~l?JRj9uSd=j|d`K9>)d;>WiL%Q{!=jMMW__>H*Zl1~cQH_UGa(w)FJ-8fS
zKRyn89C#PA{xjYB8^DKx`?aqLJOb`_zGwzN0^IL7-T*!b+;9HwWc_~et8sxQ=a1j<
zQ4cQj<5zwh_^IF{%>EnKPz~T0fzLBJKc67;-vs^~c)4r#FnBZge(*}yiNg1*y95)cMQrl$loB}gZNjO<(+*<^&uU##``Fs}q`xST|d>**px+YG?^AB*pxflk26x{E;6a|08r~WXS90z|Gywdec
zBYa+|;3LPW89oL0`1NB0c=yi!dE5zJ4UWq}H;=~W(5jY!0W;L
zBYbh3jJ^E^@Il~yd2Ryl4}OGM-uQe%Gx*oR{pQIA@E+iP{o4sX5ZteS)uZrvo(kpb
z!H0qS^=};bNN~UQHGoIJ2bujd_NKck5=H-qp_xg
z`;AXM_<#z09JtJ1x&DXIr3UaiaKE)k`YeRc)CxZGILN@K89tZcb#b0q?z7t*_}{><
zFX8F~KeBuQd{h_z@?Fosek{0O`3U${aKGa)1}+ZrT!-VnQEpwx`V-&-!OP`I@)UR<
zaKCw+0Y4GkZyx8skEu|;06r4jZ=Ad0hJGmcWoS#e{6@fU1oz8N3_J&p>E@Q_=jy_E
zD*^rq`0*y^eYbo|=3p^=>Koh2K1Y+h1^gKB8d*S}6Gpk$+O6ORgZu40>;Vr~;B{wW
ztpfKu=L`WK2<~_NH3|GkaKE)|4*8{K`;E^OF9x5E^5t^W4`o7V|8~s5&*bZWVWf=T
z_ptt^@*w>N!tZJ1`gZ~NePH;>&tzuZ=My1JX8AXAoH5t2jPDKf1Ah?wFxg(sjkS3U
z_pgxyQ-1O|Sc`TotZQq>C5~IC@oaP(_$u(LO>U`!O_tvez7O0l
zuf6e5K=J`*d1H@o1bFBW|Kn^5csFpr`18p9;x7a5jq(^iw|~ao*;???75Fyr2A}rH
z@tA=AUk`o_UWdXs8ueNt_xX&y`+jHRISc$one8w>D?A4LUGQ?ptIYFs@K3<~=656b
z9`F%neB*v;C3x5F<#`xo>d?=D;FsfdXnNf3hjVX=wGQtOhtK!4&xHT%BimU!9(!c)
z>4n$DTo`*O@^Ae#gO|I8k@=M4^*s1%@;H!x&_d@^t~bxS>&+a*xv;1IdLjRIko=og
zh~UPs)Pf`1DgUO>a`4wm_`2fpEdSQf*hAaOK7W?w_kd3a$6@BiH-1;B?i_sQ0^INX
zF$Db6Tm0`ECxOpJ`J5Twdac;LIpFoZ+S=!ra5b@I`xb-W2kv)%X#sDnz+1s@0{1(|
z?*X3;?stBx!zN-B{qs9+ha7-Us=&kO-yHC+sDGc?e|gO9cGtG0@c95f*tT-Vh@Tyo
zIa&iQ4r}xMT=y36?%>1C^2X;@_JR+pzxDPXjNxuQNV(J{f$G
z4-X^cT=18{r<(C)4%E*!IoCnU;Ikh-QPanGwz?L)cW?hbZUf&kul)L5kC^grXVsy6
ztA*qB$|-I?&$%ynZ)l-?M^!LuVMt`Y>(9lpjacR8L>PP=__982?Za^F7ms^+{yWAv
z|DnFj5qt*N%cxKGo1e9jbuC6L`8VXA!0TcxYiaTLX#rmW?sxpQf^Psn)GTl0br1N<
z;1`+PI@gIG#(Q<&#CZ?=O5~+jzwFB;G8^g|RsQ|1(MS2O0rKy9om+v+zxQ=9_%UW1
zcugeRApZ{7bnr91Z5ZaZVJ&>-f4zJgrMEupfTw#<#T}F8!YO_|+;uSzjyaYxxHLwgg_g<9vQ`ocDki
zz>hZhRHOgM_g?Tina?{s^#tAHX~ZP?o7ebTC1xB;eGwy!_oe{!jJ362YjQcZ#=e*Q
zJAMuD8DaYH+E>Pqf8VbW{M#m%F^p%Y>*2E&K0{0&^)m|2yx#$y10Q4Zn^k{hzCst^
znh^X_lNGT
zl5I&LmN>usTnPhZ!0W*;!|USM%DT8GF6UD}^tS;%&UN@+oaKD3!}lXr^#z_-+)I;j
zW+Bc5@HW}z-y3mcn+tB6$6SbYkpZ?4F}*m
z$p^rd;MOJn`N@E{p}b%Ia^U-XxV+|#qW_^ZN!eA9;*lmuYS7Kg8?MhgdYt
zd_3&tqZ<8K2*2l~-y0skA1XhY4|&-*=^FoaLtxRV#KQ;R(F5@K0eG?km-&$6H5vVM
zez#!{PRvF=g2UAsEd6?-pVwc8xhU7CcMLyy4KzxvPhlAk^`&RDwf_XK%~<@YC+B=w
zHwDjnuJC`xFa$gd-VbxO7$bO?(-@iaN#Ok&a6eJPmlydQ@YUaKYY&>-+E<)oi^1aw
z|9z+yaQQbw`0=}t2`Bw0C;MbOvpIOZB9`J5BCQdcEvA0o&
zO^HE1$4nSy8j(NAPs8ibGq{M?bJFzE=RU(nu4~2~ZW47p4L`qJq`@Bt
z_sc~V{PPOs^WZxxlo!}!96h`IJ&(+F7(5DI?mk`eDEQeGcpUr{94jZoxA^SDc&?iS
z-v*9l&*jE%gr&jja4gAO7t0%a&sp#jz;XDyoEL+#eR=S=(f>h`>v1x!zeOBA;C)PP
ze7+(KzP$pEf^P%&o9l6w_d6Do;JYf6PlN9UKSJQ2Zol#DDNF7*K6!9CKm543RETzP
zzxgL03w#1T+N>XQSPr2x{@`_$#vlA}aKE)A3Et1AytDpe{04zL_YD_fLr>>GUV|I=
z4I2<==(YZz1=e0Ew2ZApEKgi@`)w&wSdlSHK
z0+)Y3qNJU-tMio1R{}mC;5y!KzNNr-fcxbu1HKE~Z$9O~KL_`_{wRRg;yV9Ww58a_
zY3{k9>t#5Xf|r|bVHA<$B{{-~&^BzO>+!JE154?%5>ZmQ6Z
zrQq`KK>M|$8V!&fTLL09#i)Y=D%&B)t3|hCgyCbfLrlk>7<~Nl6$bwZ9G9O)U)5fz
zGylQ+U+-T&4n6|hS>KAea=%xS1fK&QHREG$%hQpJp9WtHeu&A9&pKwo7l7Yta{dOG
zET0G81@6~=frn;C-r(Q9F!;sbQ8T{Lz9{%j;QdT){MKC@{1$M(_9wyTfFEg=H=cc`
z!LJ7|HxFe0vgGBCNvHqdGf>`-iy4@!;NLatH@+(u22X=`H@UI*5(QrZo-nzk9*)cU
zWtagBp
z!s}4#EH{R6zRw_rbz@umFX2;cgY~S_kucuMfiDLyX#?h~HQHU{#y&pDmcS}yAv(SYa0H?>v#{iZm4;y3$$e=!NZ2E0Gw75jsF&U)D(AUl2&i&J6W8FH`-uY138(B{^4uC!L{ExGG^1)_1
zjPEy$1F!mi`JBr54d8nbzg#;dZvwYaewG=ZA3~748T?%Ek~|srBpbjdfgf#_=bo-C
zzY}~4c)9y-$*b{D;979pZn`<*!$`^N!B>M%DB))~lS<}!DaK(7_>*`YI_yk0hMap3
zxpOapIFoMi%ugO8VU$gQH-az6YjZwWDK|z7eA?jSw)a{pZoDTu-1zzs>k-3@#UJLGb%{_9C_Mhb|jp1DQtUw)o;a?nQdCJf%{!APXV6+Uhdp0kC{yvhYP`-J>?Fg
z-8{&3_E2|Ec_rdpc!z(k)`L$5_nVJ9z{i98U2}(UavTR%r%NA8c~|riEjU=M(t&wQ(G{{LE)LF2}k7d?NVuW*z!Egy*v`SPFh=_)RhW)OCn+
z)hqkc0-r7LDc2v#TfsN`@G$ru@K*43IKLP3Dd$|qy-(|zKu+fSKT94Ce(_!9=Y*_d
zGI$L9CA>E4Fn=#-9(;DeXM*WtsdGvg?=1uG-qhCq<6vow;A8Hwk%iA=_muzr0~sR^
z{s#Ciye_sw<#VeXU74@YHMqxE=%3Gi;ETZh&W&ThH-UFC>p0V$JJZ2m1oxZ2jo|CS
z{f^(2;Llg!>%p6Sco=Qk0sbg>$vu+Ff%AzdnS<)txNnBfL1rI#Z!dX0_y^#A$JjXV
z{{Y8jhMQ;OKB58q$b0?!*aTh&KFBO@>{B(fyx&^80em>h`yCTI!H0tT-RD+gv-BKr
zzcs2Jya7CBwvXom=lTaZUJAa)!hE`Hgqs6-Tz%j^GfyDS^pt;|Q{d-=4>s#Dt}`>>
zmxKGwr5t#oLi_^wcPhm1I!B0WD#VX~-wfW(Y@e}r9RvR!xL+O<;0wUZ~QPzx*UfO-Er89IQKv3-;bWxVUHfXTt8$zO{ix%
zxO47)<&@HTjB|G!aUNgdUr!P|1&%utHwO2|>+zNxujj$xhRV(4FW|MA7wcU&MpvAm-hhwanj8V&2Y!J!hVi@cli)LOssFvk9Pl&1{npdP
z;Pb%C&9N}*Z2`Xuykt*Fp0AB_{ucPGfREpCvKM@{PaSd|_Phb(3x0;DpYr4NvJFkh
z<;&n05&WJB?iBPqGoE!%L5wZ%InIn>+`G;L{{Z}8lN)_l2EG-%yUDrtBIjT&`j7*6
zK0o$@;cgq`TsQu1&kn@t`Dpn#vag}Jc;*W3w|4deudPsi47gRH{B&?pfj5G;JyL$W
zW&2iw7rz-;8BzFGs9uLR{-Ay{l8Ss)d5%WWSj6=3z4ER>?a`&=f@af>&z$>l0P4H>{fu{~$3(Gp1
z!CS${;B|4_(T3~Uh7I6*!Tsj=PVimelRf3lHM4dezI&MVUo!`S*Ms}*F--tJ9(;sZ
zhw(j@S>O{YlwSybKDgg{xEg#cxL*!7fzJf@8;9NCv%o8jL)Y))I`RqsafpCV2ls13
z47>?^n3)6P_cRmWKLG!h$&G!s6!;c!zj4ffZv?M2j;-)%gOA_2Zx49&it@)yZ?voK
z7CdtV_nYrSz%K^(+l!n89tR(8_R;w6#T@Xt;C|Qoi^1oEV`XsXy73&c1$-HJN&Adr
zr4@VwxZm--2YfsDQD%JgNWoci>Tsj3OcC)@|oo620NG7Cslkrzc()*F^Pb
z(HX~W;OByu>q8ht_Jc>kugB|Rd6@_PEvJ5XJAqs+g3mATI`rW2rGDyTbxvL5Zo?ke
z5B=v<1NhP4<=P_q(gc1e_z`$rY>V+Zhi34e;C{#42Jk-Merxki@UMgWjaT*U_+B}<
z-!WGYem1z@F*gqUI&i;Zt^s@jxZm2|1pa++zx{(|@K?e8^0xte4S2cx$}m#86MQFl
zrR#v&J8<9fl>fEHK=1+Jetnz(9tHPXS7w2a0rwlDh2RswPci2J=A*onm2+e@_zdv6
z01SP8e)(F2)
zGw(^CHvG!mlg1nI`)}~|8@D8Q6ujJ8D(fnsuJPcn%Ql@;rmkPet2p({U=w0}2;XnR
zF6PIY=s3vy>;~`mWB<>N)ZU3}N$`GVdE;6BK=2{phnU>>EW!lvW57$+H016kj^8Zs
z^T7S)_(JeU!ToZz8hjzR-?i>0@Mpm*&G7duJSJ*
z1Fr`6Tay#u0=!%w!$2wUPf&lQH93Snj6n=%O+E`VM;{Avo*HZNHpKdaPhE08><8Zf
z?zg7(z6-ek_si7?@K3;xL9AjMjNdhw0=^%7tjWJVn{XWl?l+brz;6LBH71_|2&p
zc%zpa*L?}_Cw$r+m{sJZjSGOPTXq^d2FOdd9!KaquI-%jI0QB?;aGyxiDIo(As-eiB|6
z+hOc&Wx@M^cQ?85`K&y69r$G?H-0ZkEX1=qaKB?P3_cSaSH5ojGu$~91;436`8fE(
z3gwgFub*1}nk9@X)8N4o<-f}=bG_*k1N5ey0`mYH?9Zo3_j2-Z#);+0p1IIl*x_H
zl!flYXSu-r#<(B&UaT)i$@2R5e~ix-jRF4`_~RxwzOO$Wd@hcs!6rBE=NrNQhW>Yz
zT=(C2p0E=99q^LtVq>3uJ@|OUFFDT|-!a$$o&Zmn@%b4=xqeQP`3Ikb>*~-sN4jmm
z+7}$Fo{3ApdGOnfx%?-*4h=5#v)*)%iAnckjr*zpd3g@_+u-Mxv`0NKmi5T-5*a+h
zlI{7AzNPK?(0xX~7IEJES@}I@8D}8+UHdG*OC|r1oX)LW(~a*^O@iOu@H@jseRmpu
z^1DNWZKq@MI2)M4Ui=H5eRAs=hs*kwA1waprpB%yHw)L7b&8mEWh6^(+Q|
z6x?qv8Vr
zfO^(?>Iroy=DiO6>GyhD`)`Br8)W2N&fj0UpOx5+`d)pbt^KC~1lMyR_>?oDWZr5Q
zVLv5T{<9R$_=7J1e+a(C^47v)UMGNyw>SZ6jlaj|dZpiu9>1I1W2yQ<
z+}r=5{CB`*eRC0K7WhiM4xL{b$6BJ=E^`z^oSpF7f!A)1-YJe%7I9W@#@v%*+S7<5
z=T4P7raR%c>`!g&JLQ-zF#P10Zgs~ri~6SgrLFyEC1cuL9Me4bNAG&RqiU%K_OiWV
zG4=}I^Z!0?7v
zu6mu&sS>72?b@;*4JyydxBRzY3nRe=YF4s(^JMRHlE|
zgq(PCEEb}^SNGsEQ)Yd^mf~2h2A}@9|FeTl;LE`;Fmuhn6)WTK25$wwyo9Tb9m#8#
z;Q0K)e=G-r*Mq0c@}99wBlj!e^O4N$U?V4TEc5PIZh+s+f8rWj`t|YnUEz*F8g;JO
zSNs)_(Pmb3k9opMR%6W5`r@rId`Be|UpH{a!
z>u{)(;fHwEW;d_m5%jZDyYIeq7`y-;m313qqxWE<;9YCmefJpR;C0}KnB|QU4IsQHuy0nH};_N;Pb$5HMwyOA|A!Hb%pq0@crO^?T>
zM`Lex1AH3cgOPT9jD5|W;J1TcWODxImuzSCV_56KCzo*bFiG-y@K3;_Cg(VW@!nG8
zxm%ZZ=b2vU<-^=I7|-=)A;v`boMy)0-iXZ4HpEDPJD(wZ(uje2%+CW!NVI_siuF@G%wmB=FG{>YoEX1l(`UU3`G}
zEsWpSY`^i{fmW9H?LYWXpY}QXKgdr#_;rXMI;)pEmgV+;9>?(qU!1{QKjXPw9Q+z^
zzg#B46BT$G{3>w2zGhkeShN0V?)sJozqvwuu^hkWT!DwdZ>Yed;Maru_MaSCbn|nb
z+rA`t#r}iK{`WD<8^?7Pd{zaX2cHRkkXc@RT*^5X#1Dk{7P#MB34@6LQtm_G_w?7Yv
zbin>aK-_Ps_q+6l4zzz25L*K3otg=U-xClkY4vz3um~sTXG8WQws<{cH`?M^TRDzA
z&)#1pF0ubwC2kM=2b|sy_IR{|ctqCN9O|*AgV-it{w>sFa|iK^ZQorjHrn={4q|21
z9q>k@YR4ioEgi*0FIm}+qBUr@R*O%A_OGhNiqMJx
z-g>yoZmSm0RoNd_i@Q76c<1#F_R}53t`7E+j^ZC3RXYzm89HvG^^h&T2-;tU#DgJw
zXGpflX+)O@^sEz>1;o$UkilC5Z{b4Yg`oYYE&dt=-WRmj*kZNp&aXoDW?SUt%TGi0
z9$P$Tf5#`zsn^@T2#F^H_AXnj4fJ~37K<%=g)M$&*$Zs(mSuku5}#W3){uBJXoKzy
z+ArGT525E#IkI!m=>D$<#MM1u?qJIXeG}ET2JEM+#NPt;k}A<=y$|PqgzVo|iKlEi
z9xvH)Kz7^Ds385vqr|#^{YXgsAz(L##Acb==Ysa8kk}ZsUkG7nhdb5vo@IX=6n6yd
ztwE6t+ABih;h=qQNHmexT;A^|0r9FHtWyzYe!y-Hh+p%qvwj<}|Ao{9WRCX*WR6po
z{rix3+mi3^w(K9-;`X4u$d>)ZJ0Aq?4{VVP*>BlmNyuJn%K=rnRI_qJK>UTl>)#4A
zqDKz|?MJHcCl&2R^fz=GCZ=s~suHi;_6t?w*(%kOnbYh&9mQ4lpF4^toQc^O>anOs
ztdV2(TBt{+M*K^@TwwQjqeiTg)8Kb@kKHx+Yhrkrs_LXokr^dd$i&#}-|Gl%A
z-${meqm%v9F5>T<>_@wZykYHYG)Q~mlOOSL3>w7ERt#YVaRT>
z#rvUAY9#*C(ec%+{-4h3>I>{C;yN{Eolm!~7T>fl6iuAqU5DhcD6S0JF9pRP<&a=t
z=Z&{NkSpw4RbnX);SS9l9t-AxQLGgf`AZXaP2SQKp@!JrNGJInq(BrQmk&zvF
zCC~%=z@NyMcUnE3v}OBn&{;ixZHv$4%e#X;{%ngivV*S&dwgljr4@e*DAePzD*WZn
zKdMFR8WsL`whsR{yBPlNs$%#bRTabkrm7hJy{cmP+d34(|Dc0dD;xi2sK-kkM4Np1
zfZgLAB-4ISos4>&iTAEN@r9uHIAHxCD1L1P?+S|Fb0~TZ0i8Pb7nax%u%EExBD~NN
z+hv!K5A(m;dR+BPvcE0nC{}an@rwd-oPgF>^rQ$ZdvmZt0rxUXWdRa
zdHFB5tK*sWRpKrg$SHS7pmwl*W}w0Tp19TRg_FB+r(+{3V80d!JYd;NEYa*%i9Y?i
z;^=(+*Wx*+99$XPU>jEkM~pH+pSV(bx4IP>*Uiv#v{
zOJ3@{YKb>w!5x7<56fl4Znwk_tq0X{eb_$(XW|PJmW_o2XL9Ef3s(v2LUWvmon_s{
zp+WQNPPdm@;(|V32E_MmThlDa7R$cdmRDkOdFrzj7idBI
zWm|kETX;{X&x2LsxsbeGX|yw?!9H|?z2yd5;RM6QoeuVn6YLc%elpm?P@lzEvqJWM
zTimIG4Z9Hy`C*_>DkOe~V?8Jyl?};QeUPLrmi@DkcwCl!F4*UGTfF0(r&ot=aPlyW
zo%*@cj>mBVmqnYcJ|Bfd&ayX$#LKeimS7)TdEq+ieq433Xm?zuVGlLX2a{#FWw%&j
zr!0%)cK@p+Uk3X8UXGmoOG|vL$?qlkFwo~$mcZfgBTKwP(&^Hf`6}@j3m1(tMBOFu
zySC3~&LsL%Ksr0`51a&@*#~`G6tMF_b-|74f{WAL0r~q;cjF2eXOiI4D$ljY!(Xl;
zGgSE#RC%Nw<&k#hf*s|N@IA6=DeKt)a{bSs{j^N5x-LKXbdU@Bye#L?s(@G=_@>jA
zBUG%Xowhs}6zgRGBxRFa%kb$Bbi=3Q2^YZg%0Bnna)tgZB%YTg-wfE#*lL-63a$97
zE$$E5Z`$I=Y{dyv;556>gSL1SSIHsqk}QOyw8fSe$+#9np}*VWp^*ItTl|!Tj!=bO
z!JNP~e^6|fg>YrPBPjmNHg<7buD;V5Mb$A?2v-v*w80WD%YEFXR-fB~V!x$2)>ocr
zzH_fUqyH;#%&MUHjb-EYJJu1u3W~qWDTChkSKUlG-P{{O2>UO#cqMq+Z*dt5${}OKZ`>a2U|eA9yrQ*zwf02EQY?|{%$IEGn)c9v;CZN=jc}g^YF*3EqkLp*hdKQMaW)Mg^PF_7ZH!x^5}oh
zjyXYPo4jXX=e?s)&$sQ%#Vx8nXRZ70(GOb~!tWJJO3#x2oO8tCfx1yBb>5h_1A%`8
zDNp8wOgnEDHQly5F1w+yD#pa-m?uiC!XV%
z44(eyP++(8d(Q6LihHi|e)k4XuTZT_hkGuUZTPR8kDY4;T+7IV`057(Kd}O@Sv7B2
z;ypJp?T;NAIOsd}jKG~Zhy!AonH0&sc0cZN0|6Z8F9yUWmpbK+w{HkM5U6=9Ab#Q!
zXBcbcK##P~6jPxkZO6U{F1YUxh#$!!$P?=Ki&Lp>m|$`$Pq5Dya@f6fG+OpkmiQH?
zZl`+#HlDuY!qM^U^rN7ShxYICIO}+UeS=7m4V!AegUj}Sy}F~g!?G856i-_A{%Y}9
z@C)lp7*(mj`yIt=9qiwA6n9o1gSWn@mOr?P1`L~SKMpfse}s(@EdCwE3zogEqj)O#
zOz>AV;(ZkTQH{8}+P=R=yjFb--ugvH7QJBDHA1dPUsU6q+5^k5Wk1wW{Mh;$)-}t1
zuA|szor(wQLHjN2tpvLZxlDcB5$ElvQ1ut~OMw+N;Tlt7sv}R74+UhF
zuuZVNMh@<8YmfxQF9huU@Url7jb%UD3FkRfwa>EGbP_)d4ij<>+T2Mz5wh>D6)#|y
zr4w$TQ7sPkAJvK$JB(fZDtl|KSXyQOrdDjJvKu>#kE-mCYsEtyuEp*1Bh~gJoyD(^
z8hI~WBk!vpt+Ai!EWW70^@z;Y2zfMKWUs0cGwp|})OxfrVE?H~UR7+U61Q0!(YFtS
zcB%u;oIUY#rMLvZ(I_uSWch>6wpRv3TuvotDaTt~Bj*T|embxuD1OSp?Gx!M#ASBI
z5;xhn?s_tSg$v8a8y2>L@X!IJI$n$$LEPOrMloM`Ctt6-`D%0Xwam@ei*CNQIQhEA
z$=By@zJBcHYnzj=*PMLKck=ZQCtq8gd_5-f_2U4H`8D=$I*VmBcBZrVrzc<7W}0cY
zxcS0{6Y_-(r`xPgkT2XH{>hLoKDzSd!dt97P5DBk~^7y=p?qw>2#-UH`U@~i|O>G
zZU3@XJXmEvRV#j9Wxro5KCH5HwIbEwj=(QEi_&cm7L*5?^WG7s
zmE3_?T7_LVZ0gEx`tB&4IS3Vw>Vb7}HeTF`9fhE1kx6_FI|?COsN&__*ii_{6$5(*
z*ipbHqkMTUb`(NbO>rKOHPp!)p{dqgxF-(u{x~4lPv`xEIx@e26oSzx}pl_9GsHA`u9}^zRJK?8Tcv#UuEE{41AS=uQKpe
z2ENL`R~h&!17Bs}f1H6hp2f+3!)kF8jDKO;(N6dh1O91sjIaLpRR+Gwz`r#E*qUzU}?Yz=Wmo6qsFNTYLc3wrl}cfmYSpHsRgPCs2SLm
z8m305QEH4DrzWULYKoesW~f0KepeCs)YMPp%W~n)9o?4)aYSvE;QzO(U
zHAan76VxO%MNLyP)GRee%~K0h(UJ92!_){hN{vzD)C4t2O;OX-3^hy5QS;OSRn)M4
zYM2_KMyWAsoSL8}sVQojnxST?IclC-po&hcpBkn{s8MQ+8mA_xNotCkre>&FYL1$x
z7O0|@^;5&t2sKKLQRCDEHAziT)6@(#OU+U9)B;s>X8qJKHA0P2W7Ie`K}}Lq)HF3i
z%~EsJJhea-U06RgOpQ>Z)EG5RO;D566g5rFP_xt=HBT*2#X+o}8m305QEH4DrzWUL
zYKoesW~f!*gP5o(kg
zqsFNTYLc3wrl}cfmYSpHsRgR&#`>vYYJ?i4#;9>>f|{hJsA+13nx*Ebd1`?w4rcw-
zFf~GrQe)IOH9<{MQ`9syL(Nii)I7C76?Lqi8m305QEH4DrzWULYKoesW~fZ)EG5RO;D56
z6g5rFP_xt=HBT*2#i6X98m305QEH4DrzWULYKoesW~fQu*sWEDtnxH1BDQcRUp=PN$YMxr4
ziaxBL8m305QEH4DrzWULYKoesW~fm)HpRkO;S_TG&MubQghTiwLlepSwA&QjZmZ17&T5!P?OXY
zHBHS>v(y|lPc2Zzk*uE@rbehyYK$7ECa6hjikhZos99=`nx_`1;waWn4O1i3C^bfn
zQxnuAHAPKRGt?|KN6k|URMC(1Q^V8Qu*sWEDtnxH1BDQcRUp=PN$YMxr4ih9;h4O1i3C^bfnQxnuAHAPKRGt?|K
zN6k|URB;UJr-rE!YLptI#;FNvlA5BXsTpdPnxp2a1*#ap`l(@Rgc_yBsBvn7nxv+v
zX=;X=rRJ!4YJn<_W&PAJHA0P2W7Ie`K}}Lq)HF3i%~EsJJhec@k435dKWdm7p+>1O
zYMh#&CaEcEnwp_zsX1z%TA+&KSU)vPjZmZ17&T5!P?OXYHBHS>v(y|lPc2ZzAl6R}
zQzO(UHAan76VxO%MNLyP)GRee%~K0haXjm%hN%&1lp3SPsR?S5nxdwu8ETfAqvojv
zs)(?DYM2_KMyWAsoSL8}sVQojnxST?IclC-po$Y%KQ&B^P@~isHBL=XlhhP7P0diV
z)EqTWEl|Z^)=v#nBh)B0MvYSw)Fd@UO;a<}EHy{XQwvmaBI~DysS#?F8l%Rk32Ks>
zqNb@CYL=R#=BWj$7{dCgVQPdLrN*dnYJ!@irl@IZhMJ}3sCjCEDo$ek)G#$djZ$OO
zI5j~{Qd874HABr(bJRSwKovt-KQ&B^P@~isHBL=XlhhP7P0diV)EqTWEl|ZU)=v#n
zBh)B0MvYSw)Fd@UO;a<}EHy{XQwvlvob^+~)Ce_7jZx#&1T{%bQPb26HA~G=^V9-W
zoXq;EVQPdLrN*dnYJ!@irl@IZhMJ}3sCjCEDo$bj)G#$djZ$OOI5j~{Qd874HABr(
zbJRSwKozI5erlK+p+>1OYMh#&CaEcEnwp_zsX1z%TA+#%te+aDMyOG0j2fpVs7Y#y
znx&FYL1$x7N}wr>!*gP5o(kgqsFNTYLc3wrl}cfmYSpHsRgPS
z&HAZfYJ?i4#;9>>f|{hJsA+13nx*Ebd1`?w&S3r2Ff~GrQe)IOH9<{MQ`9syL(Nii
z)I7C76=PUGHB60AqtqBRPEAmg)D$&M%}}${95qiZP{o<7pBkn{s8MQ+8mA_xNotCk
zre>&FYL1$x7N}w@>!*gP5o(kgqsFNTYLc3wrl}cfmYSpHsRgPyi}h2()Ce_7jZx#&
z1T{%bQPb26HA~G=^V9-WjAQ-OFf~GrQe)IOH9<{MQ`9syL(Nii)I7C76=$=4YM2_K
zMyWAsoSL8}sVQojnxST?IclC-po;OVpBkn{s8MQ+8mA_xNotCkre>&FYL1$x7O3JJ
z)=v#nBh)Ch`OMPKX`OY(8K;EnFPL`SRdcQjpFHTqL6PH57YywcdAc(?dh#Pdxx)GJO649SN6fQ52qcWeJ*Y17mo4XT-x|OCgeqa@$DTr4x91kx=QG~hv~Qz5DXii>N4vVOvUT|Zv~~N&d+eDWdx6JZ<*_$<>;6~+6xaQU(ANFgLR+`L=2+#g?Ne#%_BYVh
z?SF%|ZvPJ2db~peRXiTvVgYUZPKfjGRodGB1KRk>PUm00<5c-^v}e)Q{tIcJN4}l*
z(X^`usq+1351@So?M1ZpcxGt#C*Mq4{sOu4?|2o@`L%JpF_X3~-$eTYy8nr`UM~u?
zb^E(UR6K1*XwPE#WwiBpyy3CM397t~-;K7;$8_4G8Sg3Dy1rLw>-P2@tm5hVn`rC$
zU-a0!Y3usiXzTi8C#rb2vi=v^8&`t@9f`
zRr%}uPW0G~v~_-$(AMqQNn7W)VT6jO^E>)9W$XMTY3uwf8L7C=Pq)*Rt@ATEs%)K~
zw`uG8j~b=8&c}G#y1!}KqnOWkX?J4&KN_vdPb80?p=_PMIPHV
zXzTjc(7sIje^dGE@gGlH=QB+kzXs&|`y=f-+Pi75pnYFV#k+xa)p^S9#{T!5sO%Z!
zx6nR>_Jg!_{ASvEJlbgM@#u5Dil@ip^GV9q;}N|;*?K%$XzTHK?Lx(MKDW}2vpuI=
zq`1y!hPKY9Dmil0S(A8lQJHEo^0bsjrMTdya7rmfra
zna8gEj;c?u&u7!t$H%p_2eUm-(bn;81PRQc=k?+DtO
zUrbxizZ*S#smFevc3-w<3+*$Q-`U`1G_1#TdufJ<(FQtF%3Kef5?QOJmd+HiW>pPLQZqMbk_58h&
zwmyEEY3uvlwY2r|^tJD*_&jN?Vs-MZ2G+3cN8(`Rn%V
zr>)yR=zEHv#PPiBDrM{Abt`S1?|rm&zK36}{B^#^(boCR)7JT&l~DdVzbk3$_^;5`
z?fZVYGEV(zJCxo~5nxvH9B4@}W7(*7Xggt@Cl^b&BhJyh~f(uMfRm
zaeaKwr>*aA-k?2@Ls(u|${)nUer`MzNY3uvbH)-qjd-#0iuh;7-P0B8|hjvf)X9aDY&lcKOkso=t
zDzEJnZN2`jr9DIYFHrvadVUyf9sg|FSJJ1rJ|FN|7
z@jsKco-d1N>wG*xTes&q+B)7_9=kwW=XdD+s(zinb7|}2=X
z>G-p0>-II$K8fS~3)*`9c++7{h)vx0Xq&;8P;vD-ZUT_05K(evjPkG-3=KHq(F
zvGTv3?fngH&Fdd3<;!X7@!LULuh)?!rTG|5Tj%!%+B(1YdicwqG1e@^>&+Fsd@h1e2%zh;SQ2lZd7;tiOiJY)Rj9)16Hpyz4V(7%Qi-Ar3wZ!~-C
z13hosOn-em?V+vLmzvJ%H$wD$9zgq2*1wRp?*A`o>-B4=r+jsn(s=bAdmL?jex2>%
zi)hbg{h@uKwJ7d&?Fuc`Lw^<%WhZlJB>d7r=CO|I9Q$7t*Q<+^SvzUKXDU(4}%
zl(v3;w3)UZkI!lA^=in$D&9RT|0~)${#&$l{p0IO>z_hf^Ubu2^PBcDjDPqcs=T(x
z($?$g9NN14B9EP+t@HObZ9N`s9v<$l>eKy?($@9Q^w
z-ot6@_|s?~A5Z}n$-f_ofBJghK+o&e(f>kKT+|(^$`7SIp0>UoxR|#5D=_lku3pMt
z=d=2-()JFbt@C#=ZM~kSXzTW_rLFV1jrKHEofz3$#n<=i^J(ky&(hZA-=?jfm-IWl
zwEQgEx;-msU&Q+Md3dCcDnFULiFTCs2HJYP-A?;f@~KCt@;d(Wv~|2LVa0X4b7}Wu
z`PsB}`~yAjJkax(CdSkEL#t@({B5MI$A7EG-bMSnY~Q55s{Q)>Jd<{Ue5;2SJa*NQ
zs=Pj5&!ny6C28yHlaFXOG5+;Osq(#PFQTolC*P&5`y1+~{72D$EbU*?w!W^oEaX8KHrDymA^iJji;@j2d0iuT#rwN_F&d`
zpyz4t(qFfK4{cpvp8+cVEXG?vTemkuTi-8upZ9MeAI9Ujz5RCj^9XI
z$6rTV$IsE$@!LGS>+z~S-M?pO_hozEq^;w<>+w%URC&!8(bnhR9BrM?@CnLaukRPq
z*8Q15`{o`uMg_QuS%OH*MXYZ_(EM
zSw&mV-&Wds|9&TJU4PY36~CGJeTKG<*XFU$m46rq|E{P1dfHQHhleY!{T)I3CC1-JTOTiDM=1Xvb9_FQe>DyN^#1nfsIqsl{J>Gl*6kZl
zTOW@rX?LOjv$Sf<#eA4HP()bbD
z`god3dnnt#n6~ckv$Xa3-TVCUujG1u^&6w=)AL~t?LC&Npy4dVb$@Q4J(%_Xn6}Pe
ztH=L6kN+X#R6Ol}I&GcL^Jwe#-A7xuZ#!+>|GKkF+t-iw7i|Aw6BO6+kE5;Q&!nx7
z{|CNV>c5iqSoU`p?dxdAW6EEz7q`v-d7pTYLrNBb1o8))nE_2;zp{H>X!>et6}nD*5?-cuKp
z@~3F)`MTc2w|e+qkKO%36;HRnp0;l9G}?OpFZKAZqWuE5M
z_4W|jtH`(0{wD1~-%|cj+E>xmpBJe8c4>Xy=WUb7bv|d(*7<6py`AyB&(CH|QSr6E
z_xVdBxt`A(X-^22t>^EvwDo*%rLE`t`l+hC_V4-~WshO}NwoF&&7iI4
z^E%pkKJTQhufGn8t9W|9dID|DucfW$=X~0_{*APC`*+jU?ca83Y5VJ^m9~EtZGF5x
zNn0PU`)TX`b-7HH*ZrG8TlX(TTaU+P+B$znPFLmi_2@X-!3knWTbDnHw!Z(FL|e~?n`rC#{{(H_zc*>?@wcy3_380HkG3BF`Ly-%
z^9XHyePYd0<#qd(VofnZ=!u2?NN!+{!XH;=kG1FU#I`s*C_vQ(_Tq?AnhD&
zy}z-C_95gQXRGphzMV%~=l@08I{%w!>-D4CwW_?%|4p=Y{+H6$`Tw1V@20Kib7)R!
z|GU%H^LZg{J)h6KuGD`rZ9U&s($?*Hnf5X4|8Cm4KZCDV@pOB}(~i=A0d2kC^$u-)
zJomgomDlwRrLE(gOIznNPFv^iHQFbzzP+^d_?|yk#nz_4G#n%aTFE8!_Wpl`^jNuM9bd+eDWdx6LHet*pS{L1_Ntp`}YK0hAld4uokXn(wo?YoHizHqn7_hj17(AMMi5$);Z2igz+-|l};{JUz8J|CrM>;0$3g5r9;
zc#5`O5C6aZzR!R6`#NjbetkXu5p6wxYX717tL*`_b$>_D*6Z;skH2?6+PnYg-Je{*
z@;bk(J@x&c-k)6OsV_%cUoUv~7rgrk2iiaQ|J(O9{@?yS#@J8PeAMUH%W3QR+32xX
z(AM+GyZ`uqdcVrMAL6~g{=fb6@!rqBuV+5>{^Q4vp#PAolm~wDtL;-P6Cr_ms{b@ADz=
z{q+C#^P8u#KHZ*gcx>-}v-f`XK%b}dejYN;_zy83pVQXoPrhB0J@}-fx}&IG6BzqO
zK!pC%L5Qn9!`~FEDmpnYei68K&UA6Q_+qaRivx8>TjHp?z^HTZL5xAe=363M`;AUt
z9wx*Q1O6mLb?uTaZ==-757guTedSxV%d8jhB_4U--h}@wabiFOq)%X+{A`o*`GIv;
z(h|$??&?yXPVg27f4V#%YM-o;r9|Qw1Z{ZI68{fh*8yHd(Y0rG_ufge2@nzz2njKv
zg9M}_z4s=9AiY;9QUnwbP^xrMiXcszAfia`O+-Zm6%j!YL=Zp3hE)CEb7psLF5;i(
z**m-QzUR!$nX#-?f75F#R*mCkQBKPOPl?5COH>r-D|)yU#YR5<3G;<
zsu>O^&rAn=Rvky3tt=`Fs0lhNWhY6SS=||0sAowm&d79q_mp|Qf{g4
z^^oEo2+_8m1xj6$ax`rU(o=c!0Fw?eVvcu0OtYN5V8f(8UqS}+Nc9=kn#&{K^i3`L
zu8=mjhSQ}gy;X=RfV%+dMKGHoY1cv|T2`vaMp96cV*$h_Klk+=tBDj!=jz6o*_Jxi)OC#9f~q%e^<_w*xDmOhKjEtbj}
zFGUq#^>OG%Tnn`=QYxYIL@$+UY*{Hf0HcM^P$vr2ur_B(yBe_8TWAj}Einz$MgOLY
z;D|aPZIJ5lx5&%;U~KbQq6K4HrP__5U4Dl6Z+uLTs9JchR9Q-cK#yH_4S{p437^7d
zDImmRxG#VsR3x2c9-TGyTd7W?7t2bZHGc?|?WCzcOI5QIwDtsT?0--*XY+5Vmd8N#
z>)@_4eAD_eQ)4U@oNEcWAG8zU)J%Czwp7^&D7*s3eZw-1F|)!#mfGJ93gd9&%Y#E(
zpaE5?E=)~J#a@E0(g152LL8>3nbp*_RQqgD^E4QJ42vwCnbpuzjT69n5saCJMTvQ=
z;dM~uvn&<=9imo(vC(Jg`r%qS(yz2He1y!jwN+;<)DlO=M&jR{;^4B29KRB|
zbD3-*ayMHY`T+wiII;?UY7v=pW=~vZJMO4wpEvVkVm(WRe;sXg!hL2^|o@m
zdUyw5-3%W5@-^T)Z1vq)G}n=cpF$W<08Eb*nsvlhZ7}tcOTc(Lj3t6sv8g2b7>cnP
zgna-%^a;W~`4_MYw)(t-mxT+!ek7c$DENCX;I~mlZzB8m5g*}Z&VmR&g6UB7Keqay
z0F>ten9nB&yLdMUD@QfjXz~41RsmLva8{nre_bvOw`M5}M)c=&l9N8Dd
zVLn-p{yBaliKk1}3`rDpRA7O{M7ap;)g)m|BuaE1BBCofD)n`#weAD{Nw`+#G#H%WM?dGN
zMdLjA2EdwyC
z0K#@d(!&>%mN}|kU61qy2;Ui!9=@2g!BOr<9_cm+4mr8lwt8ebw;yFXG^<4>)?@|2Vtfm
z@ePu*ukFV4sR8vv5ziWHLEUcXne4{Qg#lH)tEc!2u)Ygp3Y$sm0;+vck8~S^NURow
z`j(#jYvz%FI`Vcnt*CdEC2YV&ljewTu^(J)!3HahDZ9aKx#dineqtRMc(%-k4RW^Paws^=N?AMoSh
zv&>|LOqON(>Yz$_)5}Z-s8#+=7dA8Z2GvD8J97(Y4c0T^%m?jpBB=iAGGdnEo8ffXOJ+$AP-^Kj?^NM#dO1bMb#vsykjRWBOQ7
z7e0jkU@7h^)$6Dy^8xrr|3k(zRQ3pUaGgiL1nS=pp+8uPh7qc9v?r4jqh?7Q4>Se+
zw8&4A+FGq5)YufS_zNB)6M7of>GX?G1+iShCffx5
zv4_Zno{6>0%Mm#i1wEN7;NLeghADZ}N$N)vv(F;b#8sM}5RZF3j!eTssI73lCk>@$
ze=MXR*q7;2YL-=B3N%2rb*qiEYllCsoq$;Qade=8I==jn>hZ}4464HN{xEjW0nT1zF|I?S*9T58Pis>R0zFEz^PV9hs7DwanY=c;*9uSd%FK{#SaMxA$qWu0%h>cBQn=l7sW
zxB+#E!s*<;yhg@?@3`uV2A0lDZU_}Hf@C=_GlyOE*Bp;j4TP446w;oFe!*3J`gwUD
z0P5ubpzD03rEJD}`!V$zmUCBvxdTU_-2bGYo36eenbllbFF(wfb`rxnBqkma;%l(~
z=Sxr?v;|7eNA-B3lpM{fL6iYPos%76eCk#bcb;`!5x@P*OT2D9KPbN<#3w2m&57qR~*i8f97zOo0vlU
zSKZPazUDUMaK77}Cn0p=A$9Hbkogr6UlBql9#Yw^*%_;7D9H^%=)^
zQa9S0@TfqwR@g^09GOS!rKX3u-+S)w%aYu;U2dshx^9@5UpV~G&03h`kGKUm{K&1#;Ze62habC>IsC+3%i*W)eh!bh
z=e+Pfho8C0SWAga`^>G#;c@qAFC4+)=k7c&+`{1r_bV^FgRp3tD--fy4pcNPS|&Ws
zCowXiEuZ9;S*R>U)AGnHWbC48X)+60xhSeK3z@fQS|OQ5ix-wzw0IGjg~U^XLoqp(
zZKIYxBE)#fR~@nxhL2k=K#VmG9E?%V<9w%Fo)ghsk`^OaiinqFHLMb+myTJSjzyXp
zIFCqg>XIWmuH-Q((woOz!)-&nE(uC+k?m_V=-(mtHx6qO6idd_n!~4`-ZHxFA}O+`
z36T>A!y@f|f9w}%68d*|zMC
z=)MF|iXPNOWy6pnUqtj&ACj+z@b2ovL2DIeD!s9f~i
zmHv|Ij;9`34_FHymz1p7C3E0ToIW$#V_Q=asAyPXc22F~LAt_cQjKk7jUQ4FD04-IE97Jn53NZE8
zNl==vLUe~@eK0a+o~&B}XW64-CP;QT=sA+W
zu2BOij%T1EbvBkDWpdA`mne?NSO=2tToWRH$(Ta#^+%?ybQ%3ZK^U9XuC1a{^}j8}
z7BHptDBuYEh=dY#F~`j((`aVr5V%lwA0({eQtcU~om5vzg2-B8q3kzASf#K(0clbD
zk1P;|$J29wRZ*&JaDveOhYZ5AkUalTRf>4>1X|c~^5?5kP)vQFB;si$!fJv28ug_h
ziT*w$iKsIXzZ9EDtj^dZ1LMVmG>1rZk~xu2(_r-8*sfwBMPOSWMq=X(!fu?Y7L(2z
z5+_F{5%I;yN+YEDx~#<(yhWrWs1ylvaVN3z%QPygL-FymDF)k9zQv*#MdU{vc-fx&
z86fOM8Mi}^XtfCyYC{A$O2{Dog9{Rk8oJd{er^^ZZi%aciVAT(e1@y
zC3gsiRop_wNWQ9@jl=5hBOG7DeU!tRZg~!CxwSZ~;V6T8*+JEVeb
zL`)GO9>*cCKu9*inMk1BawFA{5F&=-
zuv%eJN79)jj^4dixSZCTiv?=L*4zco0>Ddr36Y2PW)!Zg-WntY3CeBw*+XzUC=_{U
zQ%&K9>Ud|JjQkqVIRlTNJu`)ysv9sEr~Mb8`v#8aSeusyghRDob>nDDRDE-gC1S?Z
z5u!-bv|7lhlLJ#
z5*n?-+~K`I4!U=lNf1^q&cXs`LHPGVhv+`;4R5*pbQxLMy4IS~7ZkI0D(=Z=QpzCZ%z@}&V)HSjcoC&}yE
zfgcO>xPhl2AHyi#qZ+0@al14AL|omE#=wmG0}T(LK1U#83=!v$eBC1i9SAhTQm}j#
z(Qo>Y9(}dw!9d|Ez&8QgEUmGdm|CL&G&{yv-%(Xr)Yf+`XxCHX`+
zWUNBh+EMe0j)+bu?l-TPh{U%@ZR!^I$Fs#9kM4m9Yh_{!JI-~G)K@O45^>+pu|?b|
zzKCdi?QcuO6_>F)Yay3ULtA$o)F|$9Y+*ZD>x!Ie^$>hBE>=6)E&+7PnfeU*E9AMPSzrP7)$zT|CTPPG)}!
z16edAl5wzs#?i!%b4+J)7=A>`v_)XIl+i!^g5^UnTlnl30JAwmViYCmk~*hv@F#tP
zlZgx6IPV#JBJ}9~41==)QgM*dEaghXSomx>2cax{Z_iQ3;Qs2Dfh_g$<)ETuhQ=-(n4OmBdrzP11J^`Xt?S
zFbUs>2od+fVkm7`_G`Kj`(*x}5YO2o80C<*{jz3^6gdY5i>KiVbK?ydno4AJb5~Rl
zB4!U}%o(p1&Q%|3Zb41P>#;RK6MdfPJWyn8QKRt4Amy`&8jiy%+y%)#&)8n|SQ%i`
z5WUEU11sr>JUS#{8aU=M=B2?=D3k7Ln4~+rCR$45iSG#)etHY
zp)V)=z3Q72I)i8ixp8ow6Thk5~KwntTiOg6DQaDz-XBEQK|Cd6$L5xf%1t@(}Tqe
zRLdEarD{G|it40Y{s_izK1;HNG^@H)QE@&i2J^n0IJ6nqOuVHvqp4K8c6zLmAXGLa
z%9pUoL7dTAsLOyb0`{
zk>?$;87s?ddV&(89kCgBFn{7LydeRO%v%~$8XR8EXh&?us>i<%k!MJ?V>PB9;K*k9
zX+>nt8Si+_n1|=YB%Pof2y7VPTuhB)v-~dPjOAwndo3hSJ7P25ma57lUdi7DwmF2;
zj@XP%Qk@&^;m3h}6~bvpY{o9B{=wM5`fmWc8Nz8tY{p@!X7tr%l-bH)NW$UepLTp^
zd?wX}jrw6(mH<}P;5_%sSW$dn3$h$d(K5b}>Lh&d#F6ds)76k|nzm+~mZ}9tAI3)k
z8*lI&qo+Z>S7K8d3LJ{(J){{wNp+*0B^pyh-hkNcBthnrEx2(7F|W<&nX?^>5vawm
zmA+pNPwX;ce>GxlNQ^d#W+YlF>jt4!N5N&214ky+%z4C8EwBL5krK=RUV%7NyE=K^
z`jwGptHCpc_<}}`79eymin?|JXh+3;;gRZt@T4J83LdGbqvrnQRd|08Mi>%TpH8l-
zqjuEsGByW<<%Yx=qaVG`B?DV_d%Xv1Yy;zZr>Y5{V;KdECEn=w@H_6wSMmmMHvLb3%(Ms2{l}WYToUr1B*R7y#~V42S~H91dwsn
zQE#Ms$?X8)Fp)AP$0RGD?icjNgYzIpoS7@wZMHt7Cr^7GCuVjuJ%hctvY53kQz>sbdu?(6dt8?LJ2kSIOo1Di@%Eu
zI>glquwYRATdiPQxGbw;1)QDuwabv+F{uh5b;2(G2VJzTya~)pQZ=%Wy1WCPz(m2S
zfXs*%3|^P22BKsFe$sqQ)*?b8Epxc5WYV+iL2wAwGIym)ZHK4^h2WE!0!4VvyknMjY{(jlIfE?}weDkEwqVm>s|%_x_;
zj1??(t}B)C9MG$V(TW&aMI}qcVRb|P12AhP&j^xK=(JNfn{_M|z}~NXAXG3U(!wNN
zftuOCQVY6aWeu#Z4`Fgm>6F`9Do0LaegtTf|4sGs*WXf)EkrtRg0aD{(m(c%8mvTh
zxg2jlNtEIc7{`5#=^MmWnS(rZ)h3R&W3j4gVW=r*#|P^_a7
zN!G_tQ(|*>N~Bq$yIhv}HNm=ptz!n*88t-YV
zd?*MdBDdgY7vWl-ritz#TTOW1%lj!{XG1tm6Wx)v`f8Df{{`%R2&ZYHJKk1(F(+XC
ziI}3L;PCX*G|_#E-#BS?L#=t{M>oA+KR_D#-9T=
z%HaIUle^MZ(cRH7<{*ACVPr{3bfF2`ZB_X%6n+!HgJA@z+ZVkU<$hzUFOEX+8!*oM
zEWs~Exfk))-S2vsl6QcKYNm)Z({+Eg)vndvOg9PGBL>e!FHRM&5lDOvs>>j{8bP5P
zCeoWs?qXT8Wdb!udilxChMP5342UUv;b-szBJ{eH`=%_{IV6&f+0E~gnQ|fMD@lav
z*t5g&vk<|I>Rq%1YbU@D!wEEFb*npSSWZi)dmi{T;)JrwoECVq>4?sfbgE+z#E~f>
zem%18hS`p7B|ZdbS;A350(H>@y=DTu$jPan$p0
zV#yy6f5Vsc+6oiib<}HDARMfL<#!y~O3%=E!S6h{haFXXH>$57z+yf@+e()hk*l;8hHVOzCm928MO?I8OoZ8OD)JO!*$I(2ZB>7v$&#
z5MD7Po>%eYTa!|iN?D0rP9SUyC-H2G9~4ju{d_=^QsJz@t-r~T7jZ@p+8IsZTp$l>
zH+XR>|Ak3!$b;JBbwKw>EimgTtTY-AYE(Q1ghWKA`;cr;xbH!2&;{NHTAGxVK&Tr|
z@;#`ZeU8Lh`h`o@-%j>i=`Id(^vr-ji>R6q4*37gje8@y(z8DI170i
zNsmL|!##~HVOtWv5+*L`@;^L{iES*Afb8hRNLHt4JdLUSEkSvBj7S5>9LCewsI<;#
zBLf+KB9)N+iTwDMaXv4EQ6GOGx^n$M=K2`;7Yg|b;%DQq-lPP4k9Mo(u-7U?zvn~p
zEyDf!=meL?+him82?(dcNq&8ds0<}ne9W&8%3qTn&G6-)+c-;I&;z8zVbS!|8OS$9
zKad8B_$Nz->8C_ds2Le3ag>Z63}yuzKO%|tNhOYz>iBKVYJ=F`IINA7x1VX9oqqHK
zEezy2H#I1c5
z*pGdL7p+BI7F?{R9zvSufn78BfsptTRVH4De*i@xWmYUdA~^6*H;W&<@i+>!-da?B
z344=tTResB8xfd2m#~*wkyg$IC_7nDR3M(HuowQch?LUJ;0s)BIY*zz;sP{xCGDS)
zVhwGuoDV+5_m2=g-iPFugg0i(9Rfq>nM
zV#-?TAGl_IB<1xH+muxOkFuii$1U~5c5JvLyf?4`gx@BdpQi0nmgmwSfEUs2DwbM*
zN-|Tvf!Jjsk!IIH+ARx=g#ycN_%SkoFLIRr37e#ebQC|w>4Y;7+_MKbzQs|7Y;YOz
zzxtRYx(K#Ofx1z6f<*ta6z-_>c_9||2xmLM5j)9JuT2J_5WrI5glco~RAGN&rILw+
zmB_y0oiaZ;1}!^lLx9IERRiteAIfnbNDuTih(vYmn^jh
zR^?3QgexHr4ln(qGa!G(QcnSAYnKOBg>bfZVgst1J+jCgt{Z0mY^j8$_(Tqodf=xY
zo#@h3PlvYOvG!cb5;Z6j6M(%!xNba*|7EG3Q$3Td1h&q|C(?t1UBb#6z^zCo(lUwt
zsFhPME^h~|^qUKiox7Im8igGsBzF}*lCmO7FQ1NT{l`+cd{WCa=I)Tnb@aK07A{cRPPXVD4ND2E`Fw4pcrhFioZa0P34~G^b
zbFxMBD3DYhA8fO0L9?WdB^9{+f=*{Y@Ka$NoqfLBCNcX}
z6&Si#+w=yQfo3Qy^+fIwT*dm{oOBr0vsb79O$f=7dB7}1Z0eV6kj%Q7y-5Ww4b{3E
zf!X=Lbhpmd4Z7ckFQ+L~$>HFQ_BD$jgYVcXu{OY05x>I6^j#^DOru%vVVMORVB~f%
z4jC5PP7|<9a^@HaX8>L{giIQC+iFsA5bgntZtjRA!#G
z)m-!ixf`@&|E7vyRx9T6RP?7uf{ZlfDwcerx+TTkTjXxkJnTz=jxk
zUUIZ=+G;Z%JJ~lr9oVZzUgLLcb@w^lz~no?HW_(dlC-PYWpHmZM6wluVLQm}h3g;gyZP^ioyJ8I2qnk46ex!ADT
zb!_8fLT?Q7@U6gh8=PN(x9y0)-K?m}FA)D7Vcct}c16m$FOi)ik%8pwmiPnMKL)4q
z)x*Dv4D`fi(s(>2=fk1pdHiJ(FQwS;J1Tdo9(rUIulI-
z>e(Y*j0`+l1M>}JMNR@?jv?{brIR~{g*puM+&tEUu*;A_84GsABf9-dWZ=&cP<0ZF
zi-vUzw|GfEdS%AG;iw*;fOQ*;e|#1OJ?vVy??eXN!(P#HwS*CHXd~zhF-b)QPCxCn
z=PDr7ClZgQnncb_J1#0P>uay7x`NRE0TTHsZ5dEg&^owilR%h5B(5{Q-PueE1k|A@
zulcVBVXM)kN#v)rBjKmSwnf%-0)(>fTV6zD4lz50u;SGnc2b8FS2TEX@4bCEZrG!Z%f`P`p@fZlgnQ#&hnY^50PY(tr
z9LF0hAP7tYbV`{t(ZY~Nei6w`pri&-H|@kwEOzSDl42pE
zSNf2oGm*g07*VnqZ3s=EC3oAF@wIUuNy>*6GCPM<1+fJ6KDeiGd`HsHkz!tFu^ky-
zfw+wlA(%_5o*!#Y0J(B;c-;NnsY%I#G+j#Cf$686B2_LdGLM3)$G|H`T+XnD^GS88
zB$nV1-3&)tAC~+j-lVHJpaL7V(y)L)Duw_b>2rjJ@j^cdElgHJ
z#5Hr{9Li$VBNy<~wg-%T2(%`&T3U50HvBXxu^xBs-;bcTW7VZk8?3r)#$&56
z?-AUB3q)FokHBFibOq+Gx|A7?VIu|6g?vb+5$>0O
zUsxOH^)PWsm;bQ}cB>NJ1w(dpVkE0mG^=1W+TpchM3*B{DKdvy1Lpt6_$bO(G7-%IP8@puam5!g>UP>@XVk7wX13^9f2%FEStSV(rBgX{8Z
zFl5L6BCWgdOr6RssPj)uz4}IJij2-!5TJIjur1obVLYgX+QFnwxQIf0HXPPyDwy96
zuEk>ll^@Y1d`M0v+;0b!T48$#BBX2pLd$ScF7JJkgS02M53r#=uG>OOYMWVJw|3yB
zBWC~$%zaIA**O!s#R-SZRA_5`=*Slv5xo;Uy=gXkL{7F$>iZ2LU*g5+SU7`XXhpTe
z_;@OQ-f3uMC1$I08!Yh=#D2jc=Ti1#?qlpJF(oUp{PR`-0!e-Fr3JEF%#+ukr=j}}
zWKxgJw!|Y&|L9U3@jP%g676nWjzzce8H9WwPJa{&h@-SQLmLjA0&`;MA<}svxfr5ztj46z85xlRHFom8&bZj1N?+A7Pk_*xWZxszF*Ha!
zlM)?VB-0q}yswrm(u^0t8W&`*VD|LsB=$HDrFm}DCd{ZRdYM{JV6j^nnE>Y+86MrY?UH50pPNkMD}Jj&zn6fk;5
zWd}+MiUWDvM?D4fX+`Iv+7GLff+qmCHxxP(F+ZO`hNmRcJ6_2dWQ3b)d<(5{EC{a<
zoy;Yfo?M+ue_x%(iV1040eAyZxW1W^RGzd*sh+{~oHBL<_{nfJN#ulfBBUy{T-*C+
z;D3d4QjX7u9^7y%U{_T%T6ZE2oenoCzSU4C3(SBsg(@-BLmaYylQ;3SQLi4R-OZfu
zqMO$5=FTE*xOoVv0-TSydI_0b^R(A|I6?j-G^U}-6wVFs%52OG4l`-`Is_(02#yz0ztJb
ztHdKxoJaIEACkuiZ_IcD%Q`a=Jx4-!G!B-PUxXAivaAkc(4>JqYVdCu|M4gic*0VV
z!V=YiH8S{l!UwiR2A<9oWeyY(evGcpkMV6AztBB%7V&|q*pEQ<&BIG{&e2BxkOi2gdZ3rXXlPVe}muC@wk+5Gw
z7}k2vMF6{vc&D?6@vEtxuw$vpo6!`L02VQXd(e=X6=A6@Xu+}?7!AW%o*I0f`jd~4
zPG^9F48g)vq25NPa~f-@=P!UY5scTvSvOroI#cjT2+g?80AwBGKPYEa!H^#k+SOl;h0oS$TgCzu_J`J2-lwqN3r
z7J#{g*t+ssV(f4RTB_;}=-!O@eLf~hr?5vfg}Ub~b#;{`s54n-5PjK@s7Hxlr8Xdq
zw$z!eSku1;Fd7|}Q;;O%)o{NIn2HoVX>ueueeFaV@1;XLEsal2&-@>v9z{$!Bb}eJstIRp
z_4E>yvoXNdhEOy_zz3=6ZD83S;Alf24LWJ9=8CNvke~KdFjg2AsmaX3x2dxR!P*YS
zQN#KL745Mqlj(~)>MPtYwR!
z3&s+|Vl{f;$A+dXSf!vAA-99Dmq_Kv&iZCD&@MvvO1&AR->D@Mmks|
zYyUp>up(NXz|Yr&bKW%mBkUG!Y5CuP-6EXrX4BS52a96Irh0kL-V4)h93D~s>_6QGu57<_N^Ug>oe?VP*9}VXi;!hJsW#|5_w@x}01L{r8^yDu9
z{|O^V8UO@;Q{L$qP-+zfbM(gRa5y{@(o(L|E1*&^=b+6`vJ9|_gzKiqQ~dsR$qu-Y
z>8+2>@PKj$N+!v!VD|U5=}fT)(-~lw>k|^05>O{*;&T~b%GdC-ltd^2uN<`X(ZN18
zCmr{kEdck26KGqbvnHUHjPcSv1N<^^LdIauj)2;Wg$YjRAK+1a!V==Gjn3hKT7YL!
zDy7T^LJ=bA7DZo%cRmlOSI~D@NiARvd?kA8qw{S*ZQN#Q`EJ1agydJFhdNgSYBE|L
z%fAF{ijfbNApQ5Ce-_HV1o3bCvR+*=!NrcP<{<0?_=zFZ;L2Q1DWnBe(J{#V_W=KA
z2)eeJP$H;kkyqM%@eqzf+evGf^ahMwJE&ssQ~3cF@d<)AMmp_+YL7yTtA_YG2IGy9
z*^dX#R`-UTj(`UEu;l*3Ip9r<&Kp5h_(|+xp>8!9toh+g&WdKP394O>c{<+*>p(bD
z50SJh)7c$VcfR(9DcT70TR1Z`mgRg0~c*4s{
z$3UnaM&e@OPPh!IS5WHCJE)bX!02LFbZ^kh?@mLdddGk;9N=i5Ab1C#(^07=GrS4J
zo4|NBrf+JzgU{)uRBA$3hbZ5$uI^q3lJisLoht
zv}%LV&}WI@+B(20T2Vjb2G$wzJwq66%FOWBP6EFkJzS;_$
zzYZ$>N0nXwNxiWP#c5>+%YK5%@k!7whEqwk2zI)FMqNEZ6&Q+q-3B8|f3MU!ZO#C%
zat5Eqwqd71g!%$=bSocd#lxr~NV_JTCnMC-&p@aRuvs{PcTHx$8mO19+l|#5_>gdp
z-L3|*Eo5MZ@JQ1^SR6*;oC)5bn!TM2Y|W1xZvtbFVUfiIZ&1xXLozcFfM0&CBr+ax!y{DFA-bzsc|a%}P6|GQhuiG^?7%Nq
zkV;j64IUtLK}XI0vK?5Q7uq`k?E3)W`cfn_J3>vm0m4{-uRK6_w;w8M0X}Gr$(OYZ
z;Q9v$^DxiNzSs^-?gqjEfG5KUk}M#C8CRiZO@vy6dzy6>jN69AlS=)B$*fHgYS3lm
zCM)I~sW^0BVU~6~S0P>aLU=W*?=oQ24rggy%sLyPzHz~73r62?7VApjRe)Z0vF_-v
z!R8;roZm^+Di1^!fxa3CFa6SmUi#I!;Z@&UUEq7mzDzw;8QuRAFi!b&y7(9UVNXb(
z;=WaN@)&&MWKm!Iw7?=p#+I5`z=`bY{_rfuR@qfVPLCxTy69#LUo2UoEHoEc3_har
zIIJdgTjq(f##gB7G$m~ethK>;j+}=k50U#+I@%o19R>k^jyP>-?BW-QBPVBYx94xX
zL>^Wr(lkXb0&jVUOY@A#i5YxP9x-IVKoNONy--e5fvbxwty(
z0Q&$(&0gqsR3)!S`oya)Wt$IBIb#|^&4-|z@YU$Y98>i*>!wN;70%yiBN;j8LI93{
z=Lh2nwiH?_9-O=nOBMeO7jcNsg~QswxnXFUTKOAtlY!_8J|wpjZX5yFPPrEmQnmo0
zLpaHI2vs2^1ANR|6?1+<#tZeo0f-zzpJD_v+oC5zqj3mzt1rcL2=Bll4^vv7;wC8!>nX4wNw)&l*~fJ?x1?qVU(Yq{Ba_bqV_y#yOQ*z*NjPMILbIDg2l;wd
zgJ*m_#1*O4sJ!s?+y~_QddLR8ujl9rOMC$A3=Ww=+4ucB#PZL7!8xyFQ>5|rEPzbv
z<~5dh1iqepc;NDVJ;$*So!Qq@au|jf&(}i<8DCEU0LIrt7sl5^7sl7~Y$o|1S>E&Y
z^Z=04_w~$lg;;`!cX3#y$?&8^5=Z#Ho}W5c;vgc9`Wz2grJ`Pj2MDoOeMD9zYxusN
z0w3cZMmnwMU;rFC1?Kp^o?M9beLay-V|+c2Z-glUR>4t=WE--fJzviv*wpv+oPR_!
zdV$qH#PobUWPRV)a~bEvn2lpzi0S!yD0$!4({-2>t&reOu=W#^Y-4;qm*7Sx`EPLi
z;G^Nbo<*Cqg8P7NtQ>j@JYUa0SV{;@n$|9CB*X1oX1))3R{AB9m8zkl@Ff|@~s--7i$
zG08Tje-r^q@^^3qU;}MA-l^jILTCJ=6{G;p>r;eA}=NkK&*b$m3ue?(%&K{@CE
zxVNFuSy=z@yT-X57Hgaa!aSmrxg^v5u8|ipr14$AJBY&d%@or$qE=}&UjY9uT#e}(
zb@pj{-vVx<1!qdibd7F*;u}}M@)FMJ=qB~zOL&G_9`QD|##95;5J#Zge#{MNgk>I&
zp5a}HDx13y)unK#p6adZ=($V(dhr2w>1^oyx4ZP!QJ8k|o!z)gDeAx6rOSYY+@*9C
za+k(+!Tv`iatDXij>b*nF8!*mC9;B?go7d3lW^lMor<*ySpr~1LwF{n0PfQ7F|}w0
ztgXQZGw!=fFFs<4fxwRT{=3}bnT!CiWl7B=q#%#JleF0kapGG*L%mmbFUZCMDkQa)AJ
zk9LQ`U3#xLR%?+{t1$>Id{W3=Iu|cnQd6>?0XCR$HokF}-k~Zq?$Q@=6J*jtFqdXx
zd+ySe%=X=-L+4wX^bwe!5nETD?=G!{mm{nn5P!qRBrC~?AOZnbT?ou94oPLn0_xeXP9>Gg`Yntcg
zq;j&qlZwJ8lx05I0Q2z)S({JDw0uJ5;}dEGd{W9kp|Vt_#9&|JEx>
z1ehx8c#QuzxWu}f`|eU_oe)P!c`4vke2(OD8F%TtfYhYcAape(E}Ld`Vk&Wh$P>~&o*Ln_b~2K6=K6(`e|KFk{7`Ik=UF!
z<1YOzRVOJW9upM~tYMsXX9rPv8j4>ri{CEcSr>8(uo`JwM`N^grDOi
zLJ4@~@ZF`2X`j+%fWL+le0OQ=YdUi>Y9j7`I5MT{yGvWQ)LD`lz$*|Zl#p?kmdNfY
zY5_tUUy;x_+@*bPc}fNY8{sPnxl6~Fk=g)rfXxrdukM6tGu)*&S9$X91KUP8o71>U
zUq-#i&k+9&VQf5ISH8Qn3O*t!Zveb&2xqu5ms1LGmyWy->%~sOqY{qH8khig>B#^z
zlmuAW5VQv0U0P=c^3Vcc8=oMIyEJ+`umOl4YB1kjx}}0QP)rB3*oP$zK)SsdcWIM0
z9&;;LN5Yw$72_^#^no{&eGk@e;Y>Y5`tH(-b3JDCWIQ+H&_(CeLqo1{mzKi<8x5qg
zBB*u3=plFM3)l$7q)s3V3?p%|a3}QKrQKs;^a)_hGAz2wgxsa^EnxIj0N4A3kh^r#
zLT>_b448J8@|3{1OVi=Nd(hn&N0b``k62@Ix=S5&M5&v2U^WCKbsRGv_
zexHv?HgBkYjJve!Hgxz?p#A)xRNr0t;wVt9sdxy$q07r!=|>oM=?{MaECfd7f3vg?
zz_?2*7KXwWpmhkNhTNqWTS3tPQ|Xfs#m_i*_5VOq8e~ch{vX+(Z5@W
zEZNvCNPb6z4LN+$9l+sJ?i3E&yGuFj;O^qEqkGm1?{V14&5c|}mh9wKeDsl}o{B%s*R8$lHeUENhuzP8j&&u6mhIH4i0?7?dsAM)-jFfr
zLAnv9ucGO5`azsp=>zVe#S76ngB
ze1*K>OIP_YuF?OZsy(+FBEAY1E`dy!sXYgq4Ad!om9_R$*fpb02a^elt=+8*68qLm
ztagoPU}yD}s6C<_uFm;atII&kcUp_p@wWxQzQ?|%Lz0v1cy1uzAA+jQAxwafhb6N1
zlZg3I3ydGWL@vO)LF$UW{&dt*`F#|wuj*^zES2j%Mpk~(*QI6c&&T5OXFq4xF5>Ec
z{?&q-xVr9N4Rw&0UxMYy$g=jX!?^m@%XLT8olt+`dt8vGY<2vF6x|A{=+j=t7n82L
zLABrVtT{Ll5q}3&RJs&1RejlD)d{x!Ex|ADNw!RXzf2#y$z`vSQ9almB
z>Jn**Q01rv=>-D)Z^K5lLp3Mwif)CvkIDWQ7OeLa8JHjE)B%(C6{Y^i?ziOqMGv9Q
zcx^lRK+$r=(JbrK!Cpl~;=ifRLmMJb-m}nSJbAgA088DAr&03ceMm`oZ*9>csqe}A
zayy*cz{r6hU99~Y@7+T^dAz>rzqQp3G8sM5HpvUxZ8q**d(f$badg+jtXJLx$pU7L
zC*{5u)Y%Ov5z*;BB&QSZdqK;gZN7>KDJy|cH=N`u6C+ujqH%QB#9m0s!(&8RLgp}UK2F7WLwRXrAmiwMt7RrfH)Yy5x~c5t
z>D@+hbk9SJT!#pDbdwB^;BO$N@F+@3=ZY*O`C7kX40R%-aehRiiU+=mDqe}nL#T?I
zufoN5Q1Sx~>l!KYtGIszpgV{TK#U=IlW@O^k2i;VoRX8NAQTBF`Ht?%t3jv=tbvc~
zYHmr*4vy~b7>i^#VC?9oV(FB)F$sq(Q0UxPWQ4lMEbvVCAg)MV`VZvMJuUbk=GPJPT$d;`vTk`h?tMVia=2$DUrkx
zzN7nCV@s?@#QQ$SLsqHZPfGD2Vo&&pj3aCKj_&@sERlyHuW8OFF&Rk&B1yq#Pl3_WPRV!{pn!IjOW1`8)ABn
zJWAeoEwJ7uCfUX~@;3jjp?PPGs!Z(H?IR`CseS}
zfF~1$E1fCEn|C-v=WZGB_2FuaH}9A7+USRYe;&>;-n{E^mbeV;SHd|RZdW`Pq@Ko(
zZmP*pH*u&EQtPaf?C5T`Fw{TZgtE*VK`Nr}`2C~S`b_=)&|5x-k9Y`AqW7
zSl;U&0|1!*@g62eYY?#whxH3tlaxr}nEr8jBeo(T;-t?p{evErenjkVJ|gc>GxGaK
zjuX&=h9=$lG(h_)Fvss7>4<)4|2Q&;MtIx?aWp2`AT$|AH;vYQ|M+x|W()%Bxe(Lq
zAJ1j#AI-6-O^k&&mWG&K|HzI~`28d2KHNZ%;32R+CMMa&^pDbewfsdO*L^g+e{5B_
z`$9o*0p5he;VJMof@}-o^P>>V2c)=bVIYhp
zI+;r{-R~Ml2WXA+0k0qm*Eds4*O-W2z=iB^Qx
z9gRb$qnlLcn|KCT9&xuX?!bUb<6uWObqmeo5jMOFQDt)%qPi3g)lma3AxAfvJLKr@irJ0j%!jCPbd#l|vkp|V?#JA+|m6<4hS9s<9Ha$OALgDX8VrrKWclV_rTmrY+ZT2qx<8$
z(0vT?r+rM4&XA+~y{h;g3RU{=i2mD2SQ)S$2cx!O
zg*&=Gt_DI|fPD>t)o^Dvj_%1Lk;YgsW<7*u9NjchWO8&*!|a-(wn1i(FBfuj)3BqT
zWBJ}rj&2@LoR*NO7ehN#$kBaao#&vYah)8}SKQn@`BJd_v~q6KVu}
zlI)*QSt?UvSkW?$?kR8)lZ8T#?y?1u&rwV85nLSB^Jp|7NB0|p&<^J#eua<82}CfC
zZr$$*HID9<_y~#o6ftLw44rv`;f`(svDiQ3O~8A>)1#oiJHUa4FfT-aqkGenluLlG83Jk0NozHD
zFL=@ru-1XG)38WQW)>XXXS0KK0*vns>oO|ZWBHEm`=udx3k-XiS7P1GeMfiHMtpdZ
zlqUl(=yN2O%Q(8%1n~4lr0O6vG9)gWadcn&)g$!)VUQtFo;(*e-V1*0EVN7n__`sO
z3h-EXFSrvngUj_`Y&9%aV;tS}mf_Q8RO2T=_?k#7kiC$jo9>PwNB5RV7L%k{j;!F&
zP0%>Hsb_^8-81fBiUg9(z)xvnvu@+){xuRGoI#SZ39u&#=LT&Y-5a}FTE0K9Ax7Rf
zy01|s8AtcWd+>=YkmMWqSw?KuW*pr<os?Gk(XXM2USAKgWs9c{7ggB|mxEegbxb
zaMorV-L=Mg@=+@=nZV)6`;P7yEaGz6ivTMT!hJ_~=^S3!8USk+!hJ{gh*+wFifL9LR(S3~KKf}*A;RN5&
z-4ZMNlsWl3e*Pv-$QZt(`(}0gBUR!guEg{dN2Y{~qq}~JSAa?&)F6^>QT}_uOR?>P
zm9zua#a9w?bk`{0W#k25;|SOCt2<%Z3`h4b=$kD62C!v>vpJ2Udqq`ba4X^u__AJI
z`Ht@Iu!Jv91H5Di8@Mu;Qwnf&-)sa8cK`;kMyAc6YnushbdSajUgic^z!08mw5|HjdMW(%~pMtlc@`Ht?Z5#B)Y9H5ClEV+Mi4veGwMlU^z$)#Xz3}LJp1bm!gU4SIiq6}8$gI;S2Qa*d<=8!XxLsFn}Z;$ifVqx-8b
zJW_oS+Jup~Shy2nV5awiOJliB4gh1MVbKjFs!Q&F?$9k90?LZeVFXE{vnQ
z%pZ^~hxoca7Md`G9Nin>bFkWj(bZ>#9No1a1vUclV?vnk=&p?Y)Ye?Yuk|s>br7l_
z04?^oT(C&s)Np;B4o$v-`t+8v->T&39!D;gkFWVYN_g0Mh
zRwdBthEauiFZlD;P|+S>uW*9z=sqz;w;O9L@K?e)#?hT8&AXMa1YvU+iLD}xqkA%$
z^b;^n85UVAu0Ks>3FDn8K+W{VWfZ#j2-N~nq8bU>5FxrQ+!X4df
zn?cuLFvf?oSeJ2h(^Jv|j_wNJlcW3W6EMvITpYu}ZW6lCZW3Jr_K=vB8U4>QX+g#L
z0aLoFweg5wbzEKi6dI53vPw9`*#8iVwMXNBD1mAgsmosn2LD43K)(NhmUevq!?dna
zE9eP@$U>0Fiqx
zc>_%1yXWX%kQw*fizDDIL#AuukhLkTmN*N!=SYu3;KSW>Gp=FH6zIe-aY>i|;hsxu
zh<6$dn`Cv0#ywa3J$!rf|494p_$rF-{h8f+xtp7t#!W~eBqSja5CQ=qflva35D1-1
zuK_`Nm)?7kB49x*6a}$?s30PWfQSVY6j4DzY*@g81rYJ~oHM&~6JGUwKi}UU+va)B
znVBa2
zHp#olU4q;%q-+!gM4^{F(}B_+az3aji^Et-DF5S_Oe9=8A(9+YjObu@pw?ixE1`lR
zjCTj(o8az1cf(KK9q29!RtiqR-GNrzp{n6Ya9xDM*hvP+hv$4!y8|gt$)Du<)DGbA0~^*KZs|9wFG-9cahbFzgLrAyCbd
z@>o!OgJ)SRUQPy-p<((LhTxrXI0UYHAY5ow#i)pO2RgMMpEmA#fu3l0pw7sV^(mP|
zed39mb_a^qUgJLnJ=kx!P9qI|2j)Q#*>6emvIGgc15H_hr3(sJBh68^D*yDtU
z<4Mf|(bhp!Hl>RIo&=z+gRW0Em?=-e^^>58vvm+<`{33==XYX?oJejA;6ibz0O+lQ
z`W%H*3f!wZm?XN;TL%q32|_b~ZEqqtTL<+#0m49lqe>I>)N|H(Mf%y@!*<5<-AhWzw+AagTs#c*R(lJbD>!6U4Qjs=-
zxizS*X(}o-Y#sDj1G~Bk
zy>(DZkyLV(o(D$Z4Q?G&4pZq=XBl}x?DhQ!7`6`j?Xn%s-h@#QgIfm;uVP1PGGS!w
z;MPHVp0G3H+Mt}Xb?6~W4#BO1R5}o8*pBbwrnfl)nSQSxurl+XrXspfmg7q_++V
zU1BTuV9XwiLj|gYoU?V%ssoVITL)#FSM8!=boSfpSn$TMZ{dfagrB2H0KsFqux3wbH5=z0``T*l@4d?
zpz7-l4$z;#%c99ru_lfRKIIvqw+`z0gRJ=^#oHbO#t+x(Zi4S8avOT~Y
z^^dxpt%JN}lT
z3)Zh-2;?gjZ?>J@I_Rl2Ad~}`q6sB5VC$gDuc0554X~vqkOt+C-a4p8Rj_1VP=;z+
zb}%H^I%rfccr**(%2EWSM{gZ;+QPIp2zyGCsIk6j>!2m=@l#%~KK~o08ml>52R%T=
z;woq%FFH1$psB`PZyhwgB4UsXMm2|}8hD=Fr>%oJokee$-xKv=eITowg3@RU5D0gCt}3qB!B;93u4AL05uoY#sFW
zF-4Lsz$_xRirXT*e@I&g-Rrlt4FWb?YvZYR6I%!U-U8o{!C5ZAX&K>4o_-lcTL)!+
zYJWiWD6l6q{tsIRy?LJ^$@jqgNVE0UL8}_uIDI~FRpWZ=pg1o=67doWJ`PnfD0PEd
z2MziLZzck3pmC}vgIfn(#Q$X51M61`mrUYGMcO*(sYpA$r+_uT6jMzq($+!03Oi9B
z0%4mbQ9iLrpNF_#y$g*Eq9G50a7>f9?o!_2uc&<=v^8A-;ff}41^wvSE-m#+=0M^gJRrRPy*gB}_qN?!Z
z6cBi|nQK!OYG>=9X8X{UqNqIt(l*jmg5+!+bSpll=8|&|gkwbFKy!ntw+?EKWm%5w
z1rRQ4O^W1f9TbiC(pgj3%XsMuM@dc2)~N(m2;wJSU|{*gD8ni1d90{Qw+F36r?W)LREVHpdXRfRJ07q%=8O
z2hBW)w|zk9Uz)_4GTv*5(To{qgdYJ~fu76+!?-gHb762;K_W4ukm1DaEV&VDVCzS1>VOvQpDqYx1-h+uEpywxe
z52m8CaCs9m;?&p#r*2%?7+_`W%qH6xNZ&H_;wn5e1AcbF76Euc`7iS2Rm628RdxLt
z>LEQ-z1SrQ&gl*$>CWDMsS~!osp079Ej_<|jJ^QiPMZ8ADJ#ca$2PJubsb#Dg>3&Pni22f6g-pxIH@ID^Q#$X)H)G(vg`upICL{4Rqa`fw;SD0sZ|bi)b>@zVj-
za$xlWpxU)*n)JN(qf*fdczcH<6g*dY!T^(sA%Mm^uu`Emb-GJNv2A(EmNTY{!kOW}
z%}`rrT|#}Lx6GGv7*4Ta-q65vql
zeX~r!#9xeKjRTi7G4{>sc2=o)68KJsW1ATJX1$7T0;zZl#|I8v(!|&|i%n6zgZ
z6Y;T4let(SXmU
zKWKvRZuK;|fHEwb!>JVxqdDc`X^idgOne_$UpS9)Ak`gjN2HkcSOoV@k5f}P#84{F
zdWsgH{L6dbvQf(gNJJ67_Pllv`MDe50Zr&hgyHP*WseU%PI(I0_Zm+{WJ>t1g7}AL
z$1L*eH6%O^4!z{iDNTQQs?LX3DZsKcPC-$mWs?0frRO9@{<091?wUpcDn$#Co*{q0
zZ8RveG>yZ>UUpxH6!2n8w&mq1O!t7Y(V?ks_w*aNU{sTyneQRflYaRU7_U1l$yQRV
zOzEkxT-vPjU|iHJHWjy`-iFds4Q~&!F3(|PYaGf76fO}{kPZ*0#&PeR`}5wG(la+3
zUmSuc>*LgfBnFf5V@}lpd74cg)*5-GNP2E-fX@nvJQ$}Dn#|L6-uBY-({O{chg=Bk
zPL0P<&FNiJhdVAj67Y7Ho-Di-MjZJpPJ1+&d-~pD?BLVT#@_?>k;Y?w4#dz9qcghx90M}JoY*J8ns^LjCRo0M?gYcpz(VbKt(A181t({xwT?cO!Z2NwT
zodBPK_)}>y_Mi+in;D+4nds7c-a!7xQ6m5I7{a^4@ce<^6{mG|5VAFiLZC(?-Y2oo
zJqin@gX{=GZ%vxPCZL_My_0Pd5U6w?Fg#t?+Ob;<*ZZ^>$BsQHQxX4M@P2~5&<7!y
zPlNHC!xAQq7rfYKy~g*p=f{A3L^u^n$)5Ab!<%4wT4H^Oqj4F88;+8aq$JbRw4B
zsk8`$)i-HkQa{u4-AOx4PlB-fCQUS`@XiJ4DFg!*zB~@XnVU2*X`$(Pf3`jH_zeV!
zO0GogbicB>(~IP_V_pDsd7wG-7~V06tXeZP205LpsH*k2`z8JDYNK!5plnU9HtAi{
zs&(V&byw*hgDg=s*WU_=l~M}}f>j$wO~5SHBseUh0L-I=qB}_(5kr}|YPQlF&jQV&
zhG2SEZUemCkr4c==&CI}u6qnYg7OGX#|U0RIWCE&SE?3yo=i8`8~HV$iyEFXXw+?@
zYJ1Q5NU7j5h>{P7lD7J_;Bkd;QA3d2>k?iJ^uOzCcoYM_ra0j%xKI~riVs4mrzZU8
z*OY|-hzb@XswC^pI~MQ7sg?@sVxTe#~eQgotz{+(h6mkpm^h^HrK(zMRi~1
zBd=0|znpm%YFfTAOA7x1cb#wHHV_U&aTqJf+m=TNI_N(2Ei}%A^AZPA?Yt5_!=Vz4;+Bg=9ke8a_->jRkcQ4&yY%Mj-=@Q8}0agX=vGB0poe2^KCwhZ*CW
zVFeJ-^BVq|;Kh=@I0+qRyq$;&P-7Pf6RxUo;1@SSyN0yFYDe;dIQ-W#bVm3NOw`op
zf?c0DB87m^*+!38Lqq~Ahr_tc{xh<`I30~?P`K805P2gA-)S6q0;Ld8K*O#P6gie&
zW%S)*h#`Q+YuFov*BS>9wnc#MEd@(fF=jr37S#@~0y&_{B_fPoJPZxQOogzEB9uUz
zvxQQ`CM;-Fea9NJb;v)BiE9m`(
zqDMOSUPY|-E(U=(lt5e82Ef=C__6zuZwlbvhA{T40%NJt^H66Yis3xMfn*i(OyO0e
zXCanr=K#A?<5X+fI0ilsV&t_E*fXVYr9=fFOM0qaKmc9`Mc2dU}6>6+mD=
zYn;umLXm@QnDJK-4{~-a4vv5%`I13xAw5smHAHm~8fp?ng_)v)Nw#P$J+mLc*O4If
zc1S9*>fViBVQ5Dg{W;~fgxArYg$B@J-GX&`xXc54g(IQ9G^tP#^>=75={d9v^&hZj
zHBJ)t=P03DK*AJ3=O<82y#dDin#Fe1?)t{IB}M@$P@0GY5h$h8qOyd=e6yOR)_n=yjq#9>((y`6~Fo^LS)CFKK<
z*hD_H#`sypGq%Q47IlH#4d(+6B<8tFku!*CeA$g89V0}#yhWj|knEr}_Xl>t>Jm_wrA2g=UOkYWSDEdUj1
z>3C{*A|Cck{0IT*59i^Iq#R7zc_t{Gx@W7DHU4z7Qc_m
zimj9K5%k2hiKJ(>y2iHz
z@y=0wssWFJe~CC)vwSkBzK3TZ<_>EC%G2t?#$mikP=AKH$*6El
zd|2?vkAop)wziD-lTp5oNQ$ZeZ`B0W{ko*KIBuYferk;&C?xGb=uw)a0x(#5z6rr#
z7uXbypQKQf$wh97dqR4Ce-XZ~1bDwDaO8qkn)zl6^y=75!nGXnNZyP7nH4wL_uL0g
zCYTx(jUxR4RGc9-r^ySIJ!VAp!TjQnaQ(wU@hoP?NAs!5}L~6U`hFX5T6s3
zu>fYM1uR$NKL^z>@=X6liuQo|Y53;svBC2JM)p@AGzA=agQQjV*zEc9K`AIWYY1U~
z{fS7jxJSddiqTfUyf5+!ySbi6M3R4d9aTu&9$!@yr}|_S(TLoIsWcz-y!*29^CD?>
zQ3+JYVb9LBnD~RA9t=dKmyodfc%35dm71i-Mb2pnm{^W`!}C5mypdqkCaO}x$lIPT
zrsCZLAZ@gg6wWxuqO3!P=nvPyIE+M6f3IZdL{tm66w~0m%z-#5?BdFtGf~4(i^>fk
zJfTS(M(zQ|or`|&Z8ZJRdJyoj(i9bf&ppj18R9&kiyE#%!BBY)^FJFNMayBraN#&O
zh$?PDYpXm*=5{jP9+)xX;T+@@>Pb>1rhAe#NO@u2!;~p!n4xV^0X8B!K8IL@x+m_W
z8TD&Fs@W$(Y7Ti>9}<$q6yuZ`wRb-;?gP46GwP6Hp0$d5-sPEyPG>#|?gQb7CN;#J
zO~M-D+UIT3c{pFxr2Yt#`X(Xn2bbqljL4)3r*Ir9Fr-+N8S{)O;_fkh%PS)A^#C@+
zF_;DiWD4BW=IV+?#DCg|tdjA329%SHMnP8Fh@+BGWjopLRkv@A#tyj4jey^}K@gc^
zx1nB&crx@aWCYb{>`bAyL6mW0rauC^Uq3z%!8-^Q$8Z?q$R;y5{4OFSNl!2IpyU?-
ze{cw@OTxB{K<|lmDVaxdAs?e2#Zf|wBB91jYG9KxL8z}u`%t3`vl8mS2+YrwABneH
z;ESZqXL}H72?a$p%g={V8!b)R*E|9%AXBsOg*Z5JHcs?|aYe3mJ0_MRu#z$L6{+wI
zz_w^Srmhe2yThmslrC~NDb*uJVkzS=HiV{#oPg_xBthn|@o~uNFQR58{AXZS2NTdtuhl>w)QkGSk
zI#`-D;~M&d5$_q_zl4B%2JCwr&D$2MmQ|%Ihe&6!!NEQU<-_DPwc&r_PG8X()P(%g
ztLIAm^lDd$pI+_0ZeyP+>%ujzdoR!UXi27SkZsyc`GGk6mPRT5NlFwj_!EvBf0*
z^IgUmzwMn1Hr8RHH~pE!Ukzk7-vvz=!fyh{8NzStfFM+cLv5dIY`iOZ&N
zZsS0uhw$E2@Us}$2nUykNZuL3H%Ha@CLHDiURj#LLwH)G;dux(gr|^aBqma1QK`^E
zsjgJMCbh|De#ZnACThO?6!k8#gA+BR>K`U*CR&J~2O?#07?+_*vN}Cc^B&rDnE|kl
zCR`-{)FcchYG!tm;s#vW0Pm(b&r<*t2NN~hFDcF#;L|kc3hsgvHNKICSOu5$8Yiuy
z!XT7PnyA^h0-b(fCvg0yfmF~d(nL*VoG4whgfgL?s3D_eoJDZigk{jQYZG#mGRBUz
zv&k(QL)N7_pR);dT}1LX2apD_Lw&sF>@32&=>>SozUaN;SC=w&xXbqpl+-6p_6zW%
zU7i^$@s%v{_GGxu!(n(Sz?|C?Xpj{<9_`!XXu8080QgqT;rAmr6zq$Oe9sv9B!%}G
zx9>EbR9tqtV{|D};c1R#JT67zoI^sSY}1V4=`N9R9lwBNQhG@e{#DG9H6T_*;^upTT42TavCQwfb9<>tziw0LoV4ke$dD
z8*vx>mgKXZLbwS0`)^5_-!57Fy;9wsX`?M2*`g!pAwzaL$@itmuE1R|vPUN%
zvIPEpWb^*S5pW|OS)QAf6HL(DzEIRs&rx0QZkWnQlZz;dm$|i{yO{l9T-OM>cJd>MkjYp<)GjGK?&;
z0e3-*&|l(Q1pd86?m=-S@e`%QB|ZLwMS7!^76^{=jAWIM+9Ju%VVDZ%@Kv#7gLe1*uP{utZbDrNUs}b*Okm
zdR!+l=B_ZrmzsqN2MLw@^sj{X^Cf;!0xwoL#Vx)b;zq^32n3EB6?^K0-Bj#
zMWC1aMf#owJ?D;4d@XiGhQwp4b|xG+h(E7|kNPBXM*RfEAk9IAzu6)2MmPE-vfCD@
z9vZwD?Sp)!d%V6gAlGl725+r?1*61IQHGd#b|@zEsk-D7*xvn!Cv_v_mrmNC0;G>Y
zxNe(HshmN7ePL4NlBD7NZPHvO-5-IdQI@9NQgxOlO*%_&J%@<`s3^uEH$X~`$6YW>
z(?>xr0{=csuiK);A1x&=>G2=3ba7Yw<3+Q{YvrTP(#^VI?itRP2--sN&^6j;7>7_;
zLJ%DV<%~ogrN2@xxsI>f;mq@N`S6`Tx2z2p^%|Ip8)q|qF)L^F4nsu!AdP`*q`1AL
zV2~-ez>oz*#u>bXF5|~bUzM*BpbvJU(>+NVs~^D5a%do)Vg-RQ;u01cfAj1i4p8C
zs;E%k<*@%Q)Njjb=+_c`$v(VBjG+BvkVTVAO%RxQjS!g5hI=jQ3^J36iSb};+)tnv
zMb7RW_Kl>c;7LTESPBoTNcT?|=@3>O3b$|v$pL|-d|=nOL4RTipnpD5+Y{}3H{1fJ}Y
z?hZqh0{=H9?eRZ^at8*{6`qvtyg!wKY$yoYLxpm|Gnj-)lJ3v&O)Pbm#(~2L_4mJ4
z~D|8qv~nuhQpy%wYVQAT~XRQNc8m3elAM~G_E%IiaYRAs#eq~k0?t^zbs34pv
z6?`@nIkTbYMwUK_=!U;S0SuM+v?@t%7>fe2
zX{W4Be`c4#lgipJ4#SA=sQWXl)Fy(Q`h%UdnfD}mr6Mhpipo;=^^U5jv?j`x&u=a&
zBKpVUnCeb-yFbCd-)VJW5s1NlvR=NZ`Bpl9@C!^$tgH2h=ye+)T*2**$yAG6FP0Pz
zu9J-*VYT>GFb5r1RJ>;z;N35<**er;;~{`Z`{F&UT-0AXhhe%t}0%f+f`yG@+>Ml2PDD)u55hc1sACw!^Yb`Jip#m}m
zod2P?4c(;bwL=j~YzM1G7vf(FSwSUq+hS(9qv{&see&pUMo-ZXA~h*QCyP}M4aF$q
zf5_NB-H(W%roDkR3(AGfAokz0bK0;fsCW*$M?<3eYV762QmActg_B$)okT%sHi!Is
z^lMg7fGFg8IA>SOlPK>lb^nHDg!1k#;!$1;W?Q-wVRi4vXklDvopTsd5GmT<5BVq4
z?Y?EWfgc`&@^i_|SCdu{uYp%JxT2$$UmQ)Aq`%_(~IaQuRzQ=GeATUD3s1Hs+8
zJpSr|sJefjY>4IPg7XN1=8{YNH6m?pDrewNG2KCPf9D{{#ek|rIb}V}koLl4rW`6X
z1kDkemuJq1VqVxQ9@
zk>edTlyBH)-K49Tf&Fk7X?YNi|J2=bu*#9w9i=zrNR?@j-nGzpd!EAPB)^nMZ^7wZ
z6Hfn`-Vv=~$y~gsldF=f3s`d1(+D!15M(@~kj`z1WpCWFL3zZePa-WHqchYjF0>*v
z$@l1h_7x=WM8jSFAFzNJ+gi5-!e)U-EA1G9`LXZO~Cewp#y_>XpG4DfK
zXTOgZJsho+rom(hrnO3z&-%00QCJJ7#fcS;R(g=J`=B*?K=-XMYqNt=eD6q7d6YbXUC>|_Ebx}wk9p>#-%2D42U#~AY6^+|B_yIJmsh>_
z1SB{WsvZ#2X5(gt?bYZD7tP5nZO5^0jUyWMve6@9!m2m!kATxjL|3>SMn@+&znhBwF-M0UTmGZbcP~Wau+Zhc?}S>E2*JeM
zztyGOuJ8&&^ws4kW$-n5g-Ysti0Zt|mitGeldrySV%=rSC|_s&7hm}sKyJvQS@e@w
z_pI?s^u_-o$^qtir?4)lFSFKF&Pb&85G_R3J(UgIr)@(zy84(;j8j_{d=HK4#kqFF
zC*l3K>?qjysNAvu)N(R(Up(p_8I7r#v^d#xGM(I4F)@~WBy=a*pOEAaL%&I)>*t~F
zWV(J4TAr_8hUW71>(E|&y%0JP*Iu^`ohXt|n!|eFn=QzXhA#O8ZulfZQvL`{LOHr6
z#U(=<@QquB_QK8m^2nn?)J+QwiLM?_uknRM*9fQGhBAxFLOQxZsP_-_GhRgP7~R2>
z62K(dA?SV+hmnB1Wka1kCuf3w7S7)~kW6QM4~h2h>|TTr{RPZ>%@$Rwm%Lyf-6Vkr
zbxA2lLGJBowGLkzfG2C=luH7)P(G$R5kucCMmJ5MRbUx&`xAzU&P(9*QPTZAgF521
z5Rx8+(-bXDcOvF{l5UoeP0~qkp2Wjo&qy@(?A^nlY$pMVnxs29BoUG14_%@gCGcDJ
z@o6g|HOVt)CX8_$oX@lbDSzepCfFpo#VB}H
zFWc7@jC#L6C`G*n{Z4K>-d
zy^F6SA#v?dOoWWLB(C-Us)`V$wSs5a#r`$7A@a^WkAbWDhHUxuYt>bxv2t;BI93t*8|lZxDj#G3DpK
zWIunq1@hy|*WajWqA>bsC%Zx2^9YtJ9AW48sIznHhQT3>k~q6z-5=R&>k!~tg>9}ob)s-b5`Y}P
z8G7Ib-ZWf|Oqx^9jH1jaj55>bpb<_r6D}P#DS%Bg79uF7nBZzU(&
z^sGXrA(G6&sj+68dwsxjO;4rcc*_LxvOBQ8gmd5&-puqgeHU-7lW&uO&2w<|v8GAe
zZsfEyJr__Fv62Tt*zAym!rPgi+Q3=KK43>2+*b1XIwZ{i$tP$NxD-%
zSIkK=b7;y(nzYwVPB+t&Qs4GB2Bxowg9EQb%*~kx#o$T`k=3Iy*C*d?hvvu~lR30BwLtfqs
z>_Ngga60=`?`w$H5pKB~*Z~K>Df@h~(NIdxfN_R
z^z5fBAX7l7P9%z#q`P4Dp`mFo`@Hg^?Qa02ek8(rSwv@_ulCq6m;%ClA_ev8?30vj
zo8ci4w%w%3$v(@vGf
z7k{tRoc_P6xx%4I8I1ZDZCR>;_}FdPyFi?_jPL)gEu-97c^|@D$Y9(|05Se=D4uIFPKvxZSDxr5JbsSU(3Z-KnY%
zvUECCw675HyMEy&8+T+xPh!hjmz`xOgDrZWj
zoN
z9Y}GdlW=-NkDs-BH+F9*bhhfE6&Sm(+9eeOoBplfs)I+)f9k
z4Z_GBn5(!^vr-g5k$DC$BT$Zdrc5wLouNL-a7d5EVcbE1baGV35r7uL`7Q^N(-^mN
z)VllO_ZDE!IC$wCHHV_@ZE6xi~p$O;EbO=dSsf?>t~s7bo}mmGBz&5oQ5&SEXWVJ0!1quPIs#WB*e
z5vQ$0q?nYjxQjAT<_|}dvFBSsV{dvJVjn`}Qxf}R0K^<)Z>j+3GMsNXki5XSZEVbg
z;{{L*?vrq^XlY~f5`$yxnb1KznU7O@61WOolJ2yzdCtHwws#<4XH4`dDxTgXJr}3t
zTAJ>(u_IZ)Hg@2e?cKAW93%mXnxwmbG4^lOP``Z%&aYa6!%Sk@*triWjWQf&jK;w+
z!AG%sF$=NE$iE0Ln!>pw4t^bkW}*0X5OS?bPj+b7Ks13V;(y&8nme;
zg;m&zt&)^gxOTy!$@g?e8lZAG9HJ_TH+rZ_VyS)o!@ef=L?tmA54w^#n2)&@NPhsI
zWD0DjD~b7c;wJ#)T7@i1CtXSWiDtj#km;|ncBNnsnFgArD~V6h_%q)gGQB>q^pL3&
zg5_$8uscJh83>{?G^!7uouN?^+$TpaL3mKJtRn$?Xw(lHxMpFaByUM3drS&{sRU(&
zLtzW@=!qgOGW)y&eW-jgLxbg^&u}QX0O?COj20Amr#v+O7ENZy1Fb{r%BLN=cEpnbocfVKF~M}F%fkqAamoX~)#H?h#2iD6AnDaOJ*cJW
zPM3$t?44a6POL(FN#Gz(?~wpSP14=Jl!vTcFvhRoxM3kB!AeL>mxt<)8mv(!fmDfz
z6cd#wY;hN5&dlh$p$o?T5Q9Hu(GH%ft>AqZi1Z?{iMK(_F?QElfX2Xinghu>jN8T@
zJ`UF!^Qov{sNe*ie+v;>El#Dd0NrZmcBaJ`F&
z6cfA|^Ev9GRmPAu@Zx1SAH%_w4^94Zy#;&M*kKGQ!Na^c#(8F9gp80z`_{0(xg70be)oq
zW~OAFGQsI+*mX+NUN&w|!z82ZmaJ3G#VOpGh8c)px$cHvPMxv>L3HYr6Y$=tQ$ECf
zvU?Imc2f9760qx(G0>nVanTWLh9H9y341t{84iWas5&$hagiCdMP>835y5PpivKFg
zhLCQC!}ydWoNPY-Wzf69d4L1SZy2|;dF;o)Cjp!5;H9%Ut+?uJe!7R^$;Uu`mISU5
zOm{k)y9dF=sZ;nxJ|~-7?WEWbs{9J4pKvH?y3^S_ilm)vJ_IxI6f7BwxK_czQImA{
zFWLN&1AtqB(?d(J5)#wdeBOSgQI3P_WFk^bRHCrOU6eTo?RXPoa(+R#ewOtlXsMe|
zftGrDDy){eV;CA*;aUXuWAfE2$gFiM5Xs0K_$m?vbxaJTadexz+mW-bf*)E
z)_8Ox(Oww3BlJc)L>pAO45xdvG~MY$;`KHsk)|332TQ&L%G)GBQImA{FNx&KgaI#s
zb3;o|+*nK}Qe*?AQO3fI6>xA&MEoYSx2TIQ(Z@Hf;oK7k*G04v!*vn4+S`zDXxKm$
zY?Z>q6RuZa@Z`Qn;VbGQ+O3@jL0H_R>wNqAt9>oEh6X`+&~?%DI%+e=UGPitemqWH
z)Cmjq$H|peoYmT;GYHysr`=z%2SG0v*maLx7j?$VTwM3qb!OFgQapJp$W2J#7{PR>v-wBl;?za_3bIod?S38KiGeD|;WR@_)1A)d
zU$S?0|7QI;+q=!6JWB!;HA#2>lFi%FT+c~xzSI&FHx|>`JQ-^stmg(G7fi`9QHjD9
zcTwideE&IE55}H`d1Pvhl2Arw6S@$)iE~ztk*I26!dTQkn~xczSYunr;Sak
zox0+Ga~SsHAc084wIU9VnxwmbG4{%GFm^L=I%x@3LSow3Q=d{A<#4!;B_hQ{8Cy+U
z)80SHSFlb`)dFoVL)F26r&YC(W?$FZSK0@szJ-&n7A~PHNWX143f*ciAg5Xw)>?=Q
zgOHS>!3^Dp1oa&T=h24*aegJUA%>5CAwel)6)
zg>deUqx4rH8lV-1I+vy!V^K8Q&L!ko!BbrIbB^;1e)|l5;r-D
zar-9OB|(UaR#Hvh1k6LL9gdQ6>QzU>WQmr~eSv9_2A=Lsp#LazzlXzU2u!3f)X4J!
zX4t-l>(34%_oX8HB)*2(jifx!`>PD`9lAsK`=*G*p@bEh@40~yGOajg0Ldh@C8KFV(;&r1!b+Sg8sf<22pQud$+>wW@$Wk{^$ydHQ_IvjUZYi|<{Y
zHMq~OXby#Bex&Q+0(@EOay@$&E|%+iG-z=A8kbpCZmxO!6yB7DR)1DwEb=!D;U($%4o3
z1+SnJOIX-I2;>&Ho8le{+M0LXDFwYHp@PuPPxr!B(4L=I!E7i9TMlk+2lrf1^6{U@
z&3JpzBBQuyVJBafNq+`rAS>oeD-ri$kA5IU!}ORR6r4m(A7lv8uyX7fIEB?%Xo!YY
z5@>lL-*6AhMHuNm?5&n?&q#ckI9ujIMb&7EysI*SWeed@tsH$(7j|VNlvR)Ch;8f#
z_ZsCX6~fkHAlC5KvY(TJKW9K$UH@-%-yN&<4eR+0(sS1laI&Kl=>F3+xX3%)lkZ712-Jb66n1cJlvh45Oskm>Y{Ow-`dhS!PZUnP%wH^
z6irbsdpA-e!;EMPH=orR=SO)-kqQr2OsaPBS)<@^T&6#hj;zz!@R2DO5r3{vt?2POU8
zVngJ1H6td1c{@3i_k0rRPp^m9_nREfd5#EsDAH$6gWRKL1bP1mVSFN;ir}*zhikse
zZFND;ru+0S7ed{GO5Lfy5gAzxlL5Jn&9JKkQhZh9f-!tg;uR#3JK6{fO9D!<6Dwrj
zS0MJ9m?(3fO<(J;@f+!f9!kUJVQ4A}ba>wA`7|v`%|hX(*&|72gLycp8>Rv%@skjC|V0aX9_k?!c_>Twhv$$7DT-DF>1vacW5*B^1+B8vx%7rBMX
zR*@AEJkA0ne+3~5X`Jn&vKP`g$48|tq;Y*8m9LP-4SZChLK-*pb+}6YHS~Ft)Rl@<
zNaMynDlQ?7^L$h^LK-*sQCSFSobRK2AJVvmZx>%%`Y7XuG%oZ}1`KK3+E<>hMLx=J
zA&uMk+Vi!ok1|q7<90sEFd>aQ_$Xh5H16m-itGDw>g)J(QxjpNNHJT^#AH?z!FhGI
zTsjo}34UkxG8^M=
zQfqX9nwIqwWm3!gg=p&c)`Ag)ztvVlG>!1E>HPFrb<=2fc}TcK*d(ZF8e@jzDQpVv
zo0W+nt*$}jFzHkLqQxCQ7x&4BdSQF!{46UZ4ej5JWcmk$t?&V?Ipo(1p}cPSuXn{m
zHa|rA=Rsk94nM^C2lvH8eSWCu@7e%WMFW1w@UKLG^K<#3mVW^J%x}mKIsRhg&HP6E
zkmqlU{FI-^4~71to$%0%OU+$io_|nh6c@%a`$IMo^}zj$~0~Bi$8m;M07Aotu+0oly5o1T9@80K9BOQRO|1K(58P)nHnBlLAa4
zf1#uo5`pR^r6T>^+VJq2Y85vT##Nh=JBHzS0lqvYRWB39UUQa9FTiqXLB7IHYm9_%
z$IF#10M0gi^>HQo^_vLkZi>$-6(WBnCon7I0?bPne4^ab8?FVZj^x&<8Ig3uB61NZrR?E
z|LJ*T%r8|C-y?1bW3F!t>^p^h>tG^1t|`>FQ?~Nad=iI{HQNR&ZihH5GJM@}C4+Fq{nWC3d7_Kz*AC`LF^=KK}pe7sUJpyoJ=fDkBH=c)Uwg_(CaRE-tg7HmHfE-
zZ>Z_96x4xA*Ipu&4yt5@(T}bN>m|eY0IsC!95Hop6)FAYPe8&icsT=Tf>Ln$b_98k
z;X8pV;fa+U1&pW1xnYkQDnS|%#;q<}n$sfdz7`-9bC&N;I0utLAhI@Ls9!LQy&bRB
zD(Dyd`=wwWLo05A-p49zK{r;o?Iwl&1_9d3`Rh<=sr1Z?h+{L=JNQ6De^2Kz6s
zBE?BLVI*F*^zeiK@uv;ZGQ_TJ2V!2mrI#OE{$J6>YZ=N9mVezGDO&pY!RLS5jfXIP
zi1c5?u(@S8KScYfXVFqM266u8=b#{xkwpJn7^=67;)ja-Bem<5`oj2?@AUvO2Mq{FM#_Bhp;_Sb)FOH*SZ0kBDse+
zTw`>H1fVddANd}PnUcFj%S$t|j?6|NKjJ_>MNlx3tRej!!k?7fy*yS*)~=zqVjxrS
zjO7014}U|*`d|zQi#X^JRZIE6W=gMq0X|ez6;x#+Pze|5srUrFz);RD$yrC)?!#Zl
zun}*=aL|YRo#J>G2%(CwE0G#U~^M8!OO-Lj0!#adjya{BSJ6Wa`9fjz!2@k+ui}lY-YO(1oOP3Dyy}
z;e)XRlXOolO&pQ-JH87oc%lMb$YF|>R>~RP7E2eBzE4Xl`0Yc8?YkA|Lejgnv{KIS
zu~@p0^aom6!NV{ySa7uhUC7~@mJZr8jXA%^(uGveXBjHP1v%*p5)q2ok~``Rh(Ow;
z%8Z$mmG(#;AJ7*ZLCnsKU6&$Z_DdchO#d6g2Xb#$8Z=LK(7_TNP
zq6?)cOi&XPoBQFuyqc7_2a_JHZi(xKzE@aJOmwuW9zUM$&tY<-RgL&%bboLTKF-RF
z-%R&^VPd3JR{ZUBzvc)ywG(F1eN{|=w5pSEFWomr`!>EK^Z4{i9Nqd$riwBv_P{xkVNI`Bhh|3}C@
ztvm5Uz(2YhXaRoc;y?8yRQKYCuKqR#9(wabH-8vu>&Fk>{U4IHVt(l1KS|mK@lXOw#y?mjE8
z1}YkAnhxQS=b$hJQ}z^24~IVor=qWV;h)?axE(Aykz;#?rk(~9#x
zakew(lw5YsMjKLhSk4Hel-@t2#HenGo5VS6m6HXOVPLJw6$HP?gwmx>I61L&$o~qSy-6)2pXQwn#7A9)h>3X}rWN
zgp|8Hob^e@`F&R@OqF-;=4_Q)(YtK>6dNro`xD&n
z<$B>clAsh4>F=W%Y&%O?g+|UwoINiRx8kMT8ft2`95l7h|Rpc<9WmVBm9+dNhR
z&OWOn+CZ1Ua!nO3yj+B6ZHJ3n1PG|y@a6+teAb`kNiG&)@K`>R&hdOE_bN>E@Y!ei
z@k+7JDuZcDkClRR*rM@5bf~P_l6i~qX=<&6*{riRqLj6_k|8=g%m&^FSMGJnA-EG+
zqvzoT+-x3lzNDcE42>n|*0S_)f*{VCS^G%W`Y4jVpk3$7Stx*=ibH$$$AZ>T)KW%g
ze`H@6>tk6wVua{i-XGDz5WkYZY3W*Nh|X#LJ=5_1FuBB&K<6svUC1yp7eY;O7^F%R
z-#Z@MY8G`(@Ymb3pM#jmPZD(wNe}8$fGU*VZ3^@%vjvi=aaji5Z8~Q`Tk2Vyjnros
zVT;Vv(6Nw7ZQBovys5vSfi9E!MlEd8AqF)W1VbtngUcKz6~CpB3eOmLn))C{I7VtV
zIHt&)4SQOFIgzdF;(ZHx2+Z@nkB*4E46z#&?vD{}WvisaXm0}x%&90XT)1N)Q~`%^
zj^dV-^$6fa5r6JC6kHEbLk;^kt;gOkOL_2yEJDG`oZA$?&pR)
zSvG!NC11zb;m;94Y2
zJi3e|I7EC5FaJ;uNywO(qzwEO`X$H%K7R|4kY!iFw*j{uN5rL!A#X%H1tjo|yY82;
z)-|}e>miC?kr{|=h61OWqAvFilO}<|l#gCe9U-
zV1JV68~VTx-VdkSoOgkrzKQeFw=mw1kq0kgmpMdJ{sR1(!x2f9HbKSDQQb3zN?boU
z@i^EUERK%?d^vnmp}|wgvNoWcAUui|F8ql5l}Y`r_f#?f#1Dzci`_3aGgj9
z8=PV-{I@lL^o=Mkuy;#JYfHE&_Ax&!K;-u&UPS(p84u=BUT$J|6LOF*=_!zBxX)qQ
zZa)+rCZ#t>Uxfz+R#hxNmM=mQ;%kjY>V=!91Z0-cOVe&|RKosFoagp7y6K)~?P%G`h`%rgYK
z7+y-b0Wb9et*g>FARS9mfo_K1Rg4hFOvCp9fxU@WDV{FU8FK*hoPn1rM71OrQXD(H
z0344@ua||~)HQJ_@K<87=OZ3kVy7Mdae8d$jGjr?grOLjm75;&$FVgj$>;rVj)m>X9g+%9OW1MkM9
z<6g$JN9GLdiFGraO>j4oe!pBk!Cjy41HB)phnRN6eIc#_a|aT4JF42ihp}UbTZXEP
zKm}>GeG1jUeQ?^0!=R4<^31)npcRB2(XGKP=IYhC21BBp%K7BP2g`9RUp%)`8*ms*%#nY
zP2gOv2$iLo*B{ZG1#o34f~t@etDZEUrmE;sFm`BGd04~_NVYVuV=N~R13az?1L|l(
zt~7h2c9dTO{8s7NapU347E7?ig}nH`IeUX7($`*nn&D!^MEf+|hC
zKSH3H^!7u=okHo<4ul>KNh&Q|1K<^e-`)XXG{C8vKr*7tc~tm;0%=9L5YSZs*Ow-k
z^fTc=p$zk4b%k<*d>(|oM5;mxOs*%3r1d3+d0bJR1a{8BRWQs7g~(lPq*d%uFLudm
zAh;XaN^H_!ZurzzTFXCBFPg|?5USlovQVc7+DR+_Ih&LZLi?LYTranm*4%hIOhZAK
za1&|ZPtepsS{sV&Fs%S#-A$y9FC*aC+h_BqYFbM^3&P7ck-Fe(_dsVE5u0aM;va(W
zsY4RxHT1dy0U6QuB~&?-Gp_)<5yZ#U0p49&A7a{)O&He*zTsdKOI~}RlQ8LTje$PW
z^V}_XZHTIiW?&UMOksAS`l2sV^E&p8L6MOIfDH-awK4Jw^p_!z&BBip2%igVaS(4q
zl|-@h=5&&Rik#d8?6DwTuMy-2%JAROfu-tF9sqVEi0`M`^EMgrZFecC@|5R+T?pc*
z(9H@Ak|FI^;?2l-;6`J#EjaAVbg>%r50>7?FnL5JTBZWa2;xuo0Dil))^)bitQoMv
zAinKQ_&-!y&%R+>asaR)L3}IOZjs=Y@^>vE_aexnKEkHe1txRua9T3SEX
zwDDA68A1FZ7v#rCD;gau&MD1+6$bH+PeXpJv}O-+;ty;{5dV2N@Nv?59(H8;xxf|&
z@!0Ob$4e^|jXUF;fISw(J5&HZL0VruVCz2s>_`w_{Wk13QCfZ5+w$juU375CEeY=o
z9GD`*>-4a@L>}}T!f@C|sCgTd%#hZciMEm|z-k2X6AciE+0t@lt`PdQU!JHyn#V
zSWP5u?v*CC!!GIFixRb9{4
zfpCY`L}60xjbfgbA#EJ9t_16m(#)IbXORk+{Nq%38PsE%PC>LAvPWJ-Cc7XbPY=U@
zoXm0otSg$yI+blqj6ee4%gAwK(b*wpSyU{kI8;)UU>-y(ANWOv>{x)=1j+*q!D?BG
zDNH8eNA_>lw@JkyjL;-yMJD|rt)zW+9$5&&J(|RRa$!;G48!_knO)jpbA(ag)u4uE8f;cI!|J#dtlz*0#Q>!Q
zizc0932Jr2IynnYDWGL(DjS?xrqu*xxQ1bkM0cI-QUq34VzONnX}}{0drc!Ea=P8`
z7z4tzn@HPQfs|!LEJKsSos+vkSnrV3p3s5klA6)D!90p~J5a|cd(bkNBM*RhM3ZaL
z*3N-jjk42Hln!|w*aeOA#?^smB<3+m=TNuayorh%~7CQs4uuZIyv-npzeYnwb?1eczMni-L?R$Y+R-PU9kJv=&Aqw@#xg(i?tf
zdGy$6Ko~U)VKh4IG>{b)K8WE0W_gUr$6?z>12HjyK^-{;E*j>bcVX|5&@~>1v3>x+
z{*3)>_*%EXkC5QJ#)0JBgvb7l`YiCBVJAG#nEYadc^3+?5xCq7`e7}yl|=YQL4n^4
zU&1-T>f|{PzSAVtEYg3b0@n>+6(kS&DcuNgBn}RjTD0V!O$7`ytP&Op*}G~W)N)9+
zPna_eyw;T0nEXASA5FZ2)m+6-7Tjh9HSL{k+l7olo^
zSj7x$d=sv+P0c~L9=l2I`xD3sj~WqVJZaJ|qXJJF
z{sE|6h$(-gQ&B0eY7HMW1#ONIa%sBVxhM}pibE16&mul=SX=V&_a`bfxxktRaX+e{
zz>7x2g@JZ0-V0c95Wk#^dT759adEFb$2<+#oSX1NMnsg`#@7Se;@~_46=r|xt-Nk{
z4^6;_Cure}{U986NTN(Hyvi7O!>}%*1Q=)Fex9(EWXm#Ts~~`H8P>6_0&|;izo9WR
zJsNUH4L@yd#I}q>5~blNkr?K2)S7{J4C@mtl~RfsjX)?YO)7IV1*GGKRpC`kWA_C(
zln4|8m85n3=wAljH&Xgw$SvyTqWTDY0INcuRfcj%;Iv^T{S5kg2yS$Q#W{Ed@QmSG
zfpuW{oCB!3Qn)CGd?wQ`Ad5+NO5{hKvEWd)*qLc}kGFE$qDZ@tFGT9$vnb-JhkGDk
zsjD%sYowrNHS4$pMOVnyn_IYL;e)lnUVq_z&jM?$HmUqja+b!8vC
zQ<2&Oh6odx$6DjfWB2@!@$jLTS|s|{f7D7827S|dCMax4e5>Q*?ZID+)QD-4e
z7O(FKY$dDBkv&Lk%nLBlX>h;7VbJI0lK+d)<6VHO&_k400GLqBpqkEFDM>VkIz43_
z1j`xp8-;kXtGlYXkSfnQ0P7Rs>p=*Nf-=p0$T_kdoO?Ks{F!ikwgu59<|It_aWNkU
ze39mGhl=YP0&R9@OMGH?5jTMOqGszZqP$t8r&X9^i@XQ=1ub#~fhfry_6&?QIAS#{
z#CFgJo3rn26C>RbsdzpvoFfd=p9SUTZxoRAd?hX+w;^_gND*C@rr7c|C|eFblHltRYzFBH6P*z6_$BNb~*H514}@^iLpW2PY*{&SgXM
zdTaiARPJ!CppnE$SS@isV9i6Pi{$D8$qk};M}R(PwXUeNb_UYdL6uPwudRUUhpeyD
z6lEgdIX6+T^D91lv&QaHv0exGk-wvCuzp&gg7FgIw@Xntp+#aP*xtR-+Pzcpz5wTk
zQaqco$x3OeD4vd3X220lNEtz?nOOW8LbcgKt-&#`2~LAjJe%@}^(v|aGEOJJ14>cs
zP~|@hRgYR*|5U1`g0r?XF9u$!j8L9EzikHMvCaB%lahE6?8E;q(X>4Lc*?psMMdjV
zurF%~E^CxY*$hn1ZAGFzpn!*B#<3g@Wdp9j632Hzx^1^c+tJSi++0(F`k0(@
zb_U2htu|A!0tQkahbR&^U58K4dMCZ1diQq#nHEIfpsMdV>zrE%s`%CbS*OvIX&Vrw
zUFOLoYzhX~1B6gnRfbBT=+H?dGI4iAdCpSJ)&2Y;`3@$hm4)hQeNcRq}VSA68(em^$~`}yIBpBhK^tNie;KNAZR?gRYr
zA^z14nS);HY@PGR-v-(t)^_0u`5lHl?$>;@#%{?cgKFIu(N&=QSR>&<1d
z%3MZhQrmrlDqR%5iN$=Mm1=rk2%w|D%l}p-v)tLok!e7aWr$#gutK%v*~rXw^`U9+@}tIAWP;@;lTPqDLY9T)ux&ii*-|ZhGQ-qsuGH
z7CSA!)!noTyZnDP{cF*I^rqf*m74yMX?O#KI|E_d83^ajKm>ONB1Iv02CNZg$b5L3
zN4)`Slo@dph7&T6x&zi|Gn_C>=26mHW7K0LDj@0*SOsQmJ}fL_sYhV7FzqhEYKRna
zm%tithS0{vdDJJc?l40sdQeWC0&Aja_X_f;S71$2%I$7}`w)0PgZ(ECBlwFF)h+O$
zZI6K71RM;O>=sP)BS=*p1lM4b{qT%_>Ys!+oZDsd)mb`fA1{BD{y{Ot2@Ow4V0~}
zrj_xK5NCmXTN+QGHr$$STJtxkFqz#@6W~zc{)BZpoTY(0Cdx^*X^bx7l*FgF{0#Qhu
zr5-!6nZz+sk0Jc)>X$=*g(0V)+5H~-^Sx60n}F0L0#Qhu2RwGyiV~*>@&`xYD9vc_
zx0iYBKU&Ko%mC8zNW?Q}d9wZR=wE?Ge|x#dZd_F=`aID0{m&#c{M#!%_Gmb6GUnGn
zzv7bccunn_rHBeN{@aguY!j}Wu>JkvgYYjc!7i%;O#tjw9=peKiBli>9b6pEk+Cb$
z48UIPu?sO5>JO}J2UAp_DS%z*DY*xpfF|!Vk(H;jX%1jN?y>Xnl^MCZRmgh6&8|da
zyZxlcGZ^oAw*h>BvdA4sgXvj71;$+CDb?(poCcf%=7k7sQHiDj_F9kq*=e|~J230P
zzbrI&Uru-)P>JRN_ER4F@$2}l24FRDG1*VV(L}&r@8Ow1W10!rPkTxbl8B?JfIZ7o
z_3V>a=F(iie#TR>C$h2{(`3MY)+1*FjcGPuZ}9j@?C!=qCOjvf4)9{x-YB1rG^PoG
z{k(koqA|?~>`fjyC1^}j0(-OMc|PB`6@$3_f-_9!^Blq6;wei*z2C^^NrL^79983u
z2aS*6$;(ZGJ!3F_vMr?d7v48OvB{`<9{i#X1}h_b%0SGlj2ei6*imOn81(@fSQ%!}Bpr+cgjk-W2`>Tqk%-`KXa!A0H|hg1-9dH~;wA1k!RuFLuOo#Rxu1h5
zUqtX|$I&u6&KOD((k7$+LCjsEt_Mlwb%PMiq#I%MBly!;#~SOw=0#$)31r5rMBAnT
z>MN?MQHsLZw&5dOd#BGh`7JO$0q&O$zBp&pqs%vb#?bO$I};hkZa+4H%C1@fLuv^o;RM_SA4#!7$gk|6kby1d*d`(X???f+GmmZ
zo)`>+(Ty-(;;hM7EE%7H)hQBofGqYgsV#F;5!*4YBIjQ>_Za0irb)B?j4wdHbe$MB40!s#?0R(2?U$Q2*DW^JH44&(}=nFPcBN;V=4G?1t2YRkc
zqUSuiDg0oZf{fq312R)Acd(sKNYGe{*V)yqQkBl)T_#pQdx2%R@eL8Xrw6o-wS4Qb
z*^m_biSnuUNhB>U<|vwp-5~Yf<3jvsB=5q*VP8y4HZa?bgEcM~3swNu+lZxlN+Gzr
zKoUP0r6xd5rx+5^F*5IG<1E~}FO6f+r_O3dF
zu^Xv(4gkq~YjNtg`(R6^W&g^lydPPgHdx1Dy6NZC`x3L2fP0ZS-`I-OZ-2q}HL+pP
zZ_|ccd?$sT;40-T-&^Yb5FnOKso$nU!7Y1uM@r@WdcJ=Nso$nUtSy_43isP|kT}k-z`dpJ
z{{h6ZDfQdK`2H%Vbnmw(ccOF#Qj6~`JGL`fhai4C8TXbQpGgq9Pqr)J-s046m*?CR
zKyX$I-pN>YTPz|i`#@Jpv$|6%;d7aT#HZA6(=JTQ-pJ{CyrE525Q5{|PCzXC?#7h9
zi!|BZ$@lr3j>9&EWP1=&zdaCg{r2|0gc*$#&7doleLW(%C@)gW9*ZEc-=;S{mQAm!
z&@zC7gHSqAN^cdQ38(ZP2&L#uX%bAFe0R%a6m0c1H3~xPYS-uGAZ@jr?6V{=5prhJ4g-zEW7joDt{%U-qoDha4>-h;J4}CyOqJ4
z1`=Qx0roQB!E7=#0g~ijPkK@iqlwvh87%1LH{*3XOQX1MIiYPQqpKf$#w!#G;3g>
z46u@yPVcpBI!4)VQ@Ghn5o`2e0K9Yw2kWz#vfew##i>8x3NT?K%bPGhwgiZ;Xdl)@00)OpLn+ahx+7aIV}
z{u}rBaB3Pd8*ygROac?YZ_~ZE3xiipC&2PK01RNjn|Mc=%z$Kj3+_=iWcuyj=K&=T
zD1Li9VJ~6qj~JT(7GuMA65g|%`QCg2w^=~xwFihTWm=s28R9(x#AG{-QGUOV8>=;P&nuOBXscsmn-=
z4SaeMziHzycO=d&0m7lLp(YXze-@>28hrK&_~i44E=wri9Ti25wg(YMc)*Y!0a6~3
zi5hoet=cTj(<{*hR^5W!!rL}o3s4+SWj
zm?n&JxN~;wGWdYrl?=WTc{=55g=Kz%5g+204~
zLe!7C)KdD(6=11mMl4;4{56-Hxih?X6C*(RM1Rbs=luD`OK9GiU+uw|eN(7D7?i-8
z-Y4iUvpQlAc4~+OmGHdN!D1-|V)NfNH%i5x({9g1q%bRMkVCK2AfNc;@&()p|wL;dy;zNZwU!9$SqBLi|)kOTr)
z_Bq`9ZTbyRuRVq+V^$HE0DivrR$=h`l?0f*8hG^?@N6MDSum>^rPR1sH#n|wWgg2Wrx2_>@?X{Gi+C&T~)8Z7P1R&n^K!g)zl#?4s6`H1c
zDe7j~yuPz32(_5Fpo)<_#0$6rCzR%*6P6Nefa7dvcQZF41iMdxi0qCSh?*sra
z0RzBGXJ%Rq_1hJ*kXN+}bjW?n>T
zF}>fm-T@KKpwR$ui*foO2_mq?DTZ=DydxQ9;QI#vht8i8E4uf-&vNM2Z@&Vt_c(LO=k(>zhzo%&n*>?v{x!hS`@W#m`kc}-
zNc}d!y%p~y%_T~=W5gg6h*(%4^)^Q)777gLN=36MvlO;<%*Dg
z#?P{^VkGn1^c#?v)Mzsy245wl<1VkjcpYC!Ps8oJdAZAts%LOI8Xo>d
zM)e9pyuleH4S#u;jUT6(;yucje|ZBb-as*uQz(de6-lW{Q?RuMUp#=k`}c^-AF_9GOJ1*lp%VV_2jcM
zL@(1dL~tJrhm%n$Qe_rQL^B-#eyN`GLQGfE<6P-~LpuN1A#qC~U7%|8Ay}<^vQbxx
z$QJRbAZ}Ys^{I$SY1Qq)ojbGY_TV1!Myh_FQ7%ID`;4Rr)$cRv%jZr3R(+Y_s-Ai$
zcnW#2w5E5EBtSaLE|{_Q#ZgP{Dg41^~S
zrsldD#&y-V=HS6OIMKQ^eavqbWKD_9uarWkRim9@SLs^Rd2MidLh(nShX0JhZh(gI
z84W%Y@N>l#-Uo$QkexycA+%)?KMYNwmLk_3U@OSE1JFFx?Ev&E0pT4$KI;xZ^Vu7A
zfX(Ot`&Ja~0Oh6>6M_y9Ap{*DLI^rQgpjZf5MO|j^iV={N#;00Xcg_2gnoM^yd?5j
zmxNZ^H!R6iLI_F{Ap|9f5E4-mw6$C%WP)3zou`Jk@&D?cBg|?M
zZG42O+O#U%2=ivu#zp*5$O#sc^HPMI|LRNIjra&T+l?CXS;^UMG;rjkmibArIgaw7XqrA@l;q|>j!MNPxLKt-tiSqM;W+yBBllRrzRU&v|z=%He`tsLA@?3_o7
z)R~_N@p>_3#sCj}WT=Q=SM>s>S;RKA4W?upi=nP?QSVCFp-{IPbYwe44t5}SRWX`<
zjv8$-tg#C&frivy;oa=kaq{${Zs8gzrCTUHc<>NW`m|ATjpTvn9D1%PeM9yz+@~q$
z&=pZ=fl9K3>R*9)axv8_V@6YCpdtz$sOZKWs3aeyItD8FtW?K9
zC7*9FP*wT?C!8p`y0i6yTvus#ppr~5L&*S9TSZjGt-gCf#G?RJU!CtSVI%O6GE{NY
zg45||Tb=<%ilWmUbQ_@DJU&slsoCJ~Rd~92l$@pbQzVs}2mKBlHxKgGZu4l(-dZ;g
z`3xJc2HV5=veoJ4u>fqfjoDF>tL5fFH*WKg4p=u2`K+6Ve7;fh_!VqYzk>AFlyu!Z
z_CY#Zny6Dqm+*hpW!MmngV-(2d(XBp=;8?fE
zMW=hx-+;1th3o<%xUnP-y_^gDWzv?qD%t?bxLu?!PF3&^PKH&*@ZX_g4v?d=(Ss=t
z+mlu}2}5i0J*{pMhIXKPBc}#RJ3Q%v5Q_=F=^lx1(9hh9_@6M6ex%gUX4wWzh@K+i
z_g5>41v`~6{wa*4+lrxn15{WLsNIcvF}alv{D#0Sz%3R11Dy4j(-OGFIUwyLbhFvO(osoaWG&
zi%+jWKSx7zXgQbeD}wYZGp_-;qhdh|ZTd3`KLymC<`?JnNGUaTiy-}C%T-|4QarRl
zjXb4>Gj|Anh)_p8KzBYM+kl=U_6L+#6OCr5umKU<$hUI-5`?YF}0jqfN+us){CR*1$U|D
zE3y6u#@C9jtSdDOP%cRgIq49=2Y@>f&>0GMq>DSp!3`+f_+`+gtHMil@jeEgJ5c`D
zJm;n&^PJSMdCq%a`}NYIwV6IYd^BJ`Nh5ZVc@Ad$avWEl3^RWDtVRRO_~mma5nu8r
zbp2v-){EnQ|E|4=w${6dLTJV>i7=s{pF8{=
zC><4{c7tB@Wv;XFs(#}qoe`ph!fWZ)!!5vznqE)NF6)q2D?27hHKsb`*vgJ+B_Fdz
z!nP2803HP9U?l83c7VG`BPPEkB8Y|SA4_DNXy>sM&=8Z6^H>58x)G3<6`uCShX7@j
zi7A>SS|~5T`RDP%ym9S(GTGKLjao4b}LUoVP4>mdw{Xl
zQ|@D6m<4SDM=(%^);Z6e0{ilj|FkD|Tn=&Ak=LTby;AH^rFP)hW>9SR1V{!3tU&jN
z@x0ShnkXoKCE}kPk2SzOl5C7y+Wyd%OY0qN)$YWW=@cmJNk8Ugl^U4D#DM`QtaqIA
zj7j+;sG44i*BqDEOW?&VnD*STclW}4yiB3^FvMULJIQGJjB8Y^VkaB*gtIEA
z*lK5W6>QmAQIB?=WW*uD7oBVlLtEvQ5qF?qBy27Q2SB|IrT8*~=4KW$1am2!~49F6Nrzc$IVx@*&Oz?!OGAKw5xu`(Ua^guL?oi~qg|`B^
z+rn>^kqNhjuLTLU@PxfS9BvFuvo{hh0!b5TL|r}u^B-Kh7AwL6KtoK1BBUNgJ4sVG
zc*VhgM&XCR;W;(!X5b3NoSN=oQLa!-tL0;M3eBv|0t9IO1*;^*D&VsEgILjYoA6UM
zscH1^Y8SD)d+=sbAv7(qXFC8BQ5mfLIV9jt+mAdy#_-eZ!DF=ek7mF`aO?*+H>cgt3#xqTMS
z&0uasKc2Wr9+jdRJJbI7k1_3kzZef=iL;v6ThXh`kg(@dAxa^`ERTe%@Dxw`33(bu
z?v}W2QLJ?JbO1EOWT?V~FR&u%1&BEi3G+BYJQ4|O;VQfy!!=*=(CfJS01Yu2c*O5S
zv2%*yya60`7wusyXRRma`Di-FKr=|uXzzbHoW>cjvl?>K5%F6QmP=JMX>J?2d8yOf
zKQ*f9NFHK>pBnWVfdtK6HvdnJRx+}OuG97$G88ZPZ~ik17l4<$P65#nQTn1$A%f{e
zBgtK?eD)%iXdpScK-M|EZKOY=@C88GlS~;al}{hL6~Ffi=plux3;m^o>#ixx-Po^v
zKTW+P->%G+_%;KS7dDh#n=C8EsD;fhhGzj!H6w_$1o|sA8c|I
zbM39SI7(!V=EA~i?5+8C*x{||SI%jO4z9z^VIZd{7JA&dQk(@(k|k-_TdKA&{jqtn
zcv)`odM-opD0)Ooh$5>ZM33acLe2aTJ(ACA=7;E!e8$XgCb-{MjQfk={$Fb$M2{l4
zBYG6U9nm9~JN-KPIK^E%$K&8GI~t-#YorB5{1#}Ep>TEYto)#=Mq0bbnL=Kbh-FP)
zb7xr-+>Is4%^;|t*ysuy0w}i{y(HlZ<6jg9
z$&(eW!ziTzbxA|atzdNM5OGCEiJx#fB04M=!8@Ifi8
z7J+GwK*Cy4a~5etT@IgcEyi_&;;oBV0BDHGXdK8z=PR#pbm#j4INbSYr>)!hcpq*=
z=aZ1|&PNdLeBJ!m?O1^GU~{EKbY0c~lI3I^QQ~ly@j{-T4lI{J&!B=zI~&A#}coSKvk(00Rb({PUP_DM$C!fKXm56OngQI~0R3W)G(#O1
zcSup(Wd7tJ7;9r=0rFNTiuNwWyMXd+ffhtODidC9dXlA+^LKai0P&jElvgEUv6R=`Su6z`p-;B~L0!d0cbnmWvisf0N{;pqF98~2dUAn7rV4QY
z5c6{+?8hh;!dxqjfD7CS)*_K;9!KSPu*Cg?zQo3#c7d^gx}+iI1{e4daU~Zx;1uQ=
zibyxNED*Uaa8MB!xC|uh0^7i63<9P(8VPGfPDP{<^@I4OtfjcVu6XMrt^hQ|WGG_r
zWJyD817wB5(K*vCT0qQ9By2Zooy>J1xEfWFh(w|}`-l+JaLra6waM=dCk-(-n7lop
zWVZAq^zvu$&|MLR+%~)oP%iQX)yw1mM0};9!b@}U{so?_9?al%NJh@!=gN=_@-bpz
z1}{T2m`>G!i>Ukvyvr=vM(%g{4FELEyL5_v_XIWwo-wP9$mRhh`pJC=fSfU#(=)|e
zc)I63YsN|hFn=3`nhiGBW=iH*3Gts%xS3f
zAA=4TbGRYh8=VjuxMF<%1P<)_++Pj`!}?E|g()1guBtSzab
z8qHKVIu<<}I8m7iLeSY|QNPc?DXlPe)L%2OF}4<_Ass^4-Fj<$OSuFa9X;U`w($0f
zZ|p9~>Xb!u1Cv`7YwhOV1eE(;rLk;eXEiiCmL9WH5MNF(=JlfA(wg^sCfZR!Cz+qO)O=D>yA>Vo&@ET
zVw68Ql(cQzp(J)hiO&G>veQdA!N+lzScp@tiWeKus4NU)?V%5s{|eLhjrJ!a2vE(8
zlY1t!u(rYc?>3;DGmu~s(?HOQpIh0h*_bL*Ft!Fq0nYOv8gnycraCTln=x
zT>qFRP2a{fz#HNGLM#HK#Xvw&{h_gZg@b))FQ%e+IHVZp#`!&!j(`M2{kth5j}pG}tK(38BzPddD?&ego+I#<%7-|vGRZUg4lyCl7S
zvGX0EVRi_6u_Nv9KfTzIhS4u}LF><|St36b9N
z352NE;Fr>s#vw&&6qW&$HSUL+BQFvE>IS?9Re1U(&|u)PmFXqWD~$VpcnMSsZLx&n
zrLDXTyx2igpoJYBZ;Io0%m*WbF$bMsOv(zb*}h`*ZEJ-1HAk8tY_0RnX(9G1aGG1Z
zxV27&qH*ZJg`5@+0ZDk{kbw+LpHo)gMFJ?zrbyVIQFuj9pA(7g>zE_;$926Ds;5lD
z01Yuc>=_&j+b;lQyuxedD)%6uVYWxh>hPoxF93RSqAcJ2F75>fceu2@J0G1}NQG$Q
z&PVAvVm>Mn;BbyXk?5xoKUK_Exy+jZ%8DrF++A)o9~}S|JRh}!*joT9vmX++5QTcQ
zh0=)Sr2Rt7!L^wZs24o<02*R?SSaDqhjDB*Am-ypm>KO65ov@q{avj8as6Y0v`8yg
z>GuE)F&Xjrt^iXnW)G`;8XWbSqkkrzXOy_zZt972+w(Sei6@UF5vF$dQL(h
z&uJ7fjq5oj0(nmV6e0c^FJbG|xG
ziY?|jm8D$INfgp^_R7PtJJ4;F(pY=WZjQ$Hpyt?f9=Z>E$rPUUoR0#}^_-^|_kZ`C
z!5KM1ybH?gF;eBjZo5AXC}S{4#B4*oL=cLK`IftIhKf<FI7NWy#IGJeMJlra@U9VpGu
zkg%_#(3f_;iNtn?*A&-rja5Rm(=#`~=`lUk!F)9Es(^eoO4flMp6UY1=93K^-FLt|
z{2nWySqfJVPfH!#d}sov25u^Zy*4
zCW8eHPpO}vV((LYut?!Qqp-qrsy=m)`s>Ib_1A8YI$<`JK(#<%rXyh^QzTCtIgPkA
zZHU*HxXx0t^awW!&=Awp=(GiIA*KRi<{@Ebw9`wZ5mw4r>|w&SrQ)GSxaR>4F&Xjr
zXA-u^17hw)!aQDqLL!l{nx~oK9Ih1=4_(<80Sz%3c*LJPDa7|9q&01&Nk4RAjOw7F>xfUeb>0Sz%dDeWJI^*puA7jFT4ScvtQa0=eqG~4~01{T3xh_2NI
z_=_R3Ann|O+yyAd+b9&rC8Bs6I(Quwa+4vtHg#0gjUK6cr%>b#n{qP4VsGTOA2NP|
zti|B^B5|IUEKe`t;<%AK{}s7?o_PANH0Ma(G?+;Qe?E%22MD(-MXS2yJPs)9H$<)Y
zgE1c?+zIF^g(F?^N_
zBy&EJkrWxB5F&2U1O@82xUKJml@p13zqb+G#kIeZtvktEHzW@+Yt&~#6evFgj`=MT
z=KAb76?pOVGiujBwn!r;3r69~_7~t}iWM&&&=B)Lkm57qg?&QSKCX64vBE+R^*|KycdTM(rKfjGy3q@1A
zAf}Vr_$u}Do^+#ue1_&PBCK*5nX?o<=0N;s6#fG!YpyoB
zh~T%c;$YzyG5;7WwR^+G9RO$;ZYQbfJ(k+---b)+xyPzY$AnOW2Vk7=EV4pWYzlaY
z^k-j2{2zRtQQUQ~dvPRpIOY{E;0rf}rycVrzysqU9NOsM+FLs2IFN)p=G*xh_P!m~
z>#TU`w|?ces98-_H!7M}h3;WR85PZIE+1jUZYWg~5cm}vJ#p*>XqaJSq{Xw?`3xc(
zUwWdte;p(Zs*9WlI%&kRp7LZgs_xVo!2PBe?(;5gB~JwhH{ty_d>Miqb1xEZ>+~&&
zNF(eu{W1RGdPMQk9{VDoAtvMI6*!6JH4_GUQ(=bODzE*LnjMVD)>Bm?mksm#Z$McH
z%1y;6hdGqq37V4F5oN+_dxW@)9u^~Ey(uWk!BJ0Xqxvyqi!@@<1#+Lqb(s>N`^xKp
zhL{KX=qx<&Sho6Wgg@y4-mBXJcvZ%Toymm
z+!!o6D!I3~Ch2}d#vv98P0mV9Lcj2}FM2N>91?7@TZnr=S$Cjp1pM9wJdMKN0d-@`
zQNOGgf(YE^r1}x!nLewc>{wfi{8oU}^%Shi
z3#?d!P8qN)GJ{!g3l_w)gePRh=;-@9RGV+1HY+M6bvtOVO|^se(AinCkmg*Q6QFQw
zV3@s;u!$3-Ri_9~1vCC;xL=V*EbecG(~fcdXMnVVuFWNYhL{Iz*a;6*o9Tn0(Q|k>
zukdx(*$*h&C}MZpL~l8{sS(|^?{*>10xRrstpQCv
z1@rP?92mT|9U|k9IRSu6O|eTm1`kX*g`Asgzub%dBw>sdo-{jH4*rvU-RLTqtv6B9
zW2JD^cd*nW`1&3yB=whygj2f1$^(eWjYQE}!6zCoum7vo}>%Q#b1!M}&;cNry{w+9e?2vHBy}=nSw%E85##
zTCrWJCylIE(LEj}+AM5)0h21gYN2TBy0obdt&%H(cf$-_0R60wR3Ecn{xb?kJGjye
zdV7sD16t^o^+MbWtSyRGkLoKN+Kp^NOsgxEHpD?dTPWPAuAE;1<&{0fi#cjRc(vz_
zMzi8-klQDzF=1aserdUpuMMB{K}h6agcx`d)bw)-)~l$rI3(PU>5w>sStXL39^J95
zLf)6XWoffrEiwTOF)jLUka(c~TJ}$0!KIY_6=54ipV|QR*k3vQJCH83${@08-??U5&m`Htd85KSGb97U
zqp%0-No)xQm)~xag~@bzzg2{{3=#ZlR#&`b1p7C$tbFd&BB0cB7VvO8=v>##@)7}?
zu!2dD_BHrc?j@yt;hL__Yhfk%|6746`R)o#=_e9yS&mmJ;A?hA!fl3P%zE*dNJ7uy
zcgpU<^`Bd%N>y9~%mOsT^fWCvuo~+iK+NSxm{}8a0Fg*oZ#-&>S8&~+c=UF8ya{NC
z$-rZDlbHydD;(`i(ubq&uL3bwWtDZwjh)IWJFs-*#&;dKiGao{+>tJB9S2v2;LuQO
z&cORWKz%)B(X=;T<>1N>*j#Vk85CjO{C0lKYOz2uDC*5+eqVU=X6Q%DvZNU8&96X=
z8;W-$bFMd+5%_R#E+OR2DLyB?c|%04Lc6g2sfT2*y?JXux%E>lKHQsMoiAIvxbM}&-%X>Yz3B<#)4!$vOwD^tj<}XmuAr3ya}LTX3*YTngQPY-FvXF
z5Ln9glIGcetcC0XhnrP)h*9nK-rs9c$K|5;njYQqFO9p?#Fe#x!jW|
zy*VLCZ{FuUP~-RVJ^`(H1_}2iI>lH1_+282`F*)tbd?$}aQW;5l+B|8{`jT^A^yn+hE9D%a)=uuI|uK#;fl<{bciVMJd5xC4zy!EK~X%XJ;
zsHk|mqoRE7)MABVQEXI{2sA3DL)umFUEfKTM30K?b}Q3SN&f#vMJ3-I6_tJ>VbEkD
zdV;Sx90}Jj#iheWMH1>Cf%zY<3zbS$+~%AQXo%@)RQzU+5KjPNZa~7!hEkwBk+3|d
zk%PF_RXp^l_z9pPCZqY(xuMwf2guG_idJO(w^i|Fd{|fHh-~(ta{7LQ>5bfniHht6
zH`xPRaujb}kxvxi?N+4X?N+3G?$lzjVo|IjB?2lkp&RzCZUSHPEhKCW+OZjCS`wNG
z1D(b-OYzgD{SnX*)01i6MH#OHVtV!{W@H7CNLY9GhARX3kB-u0deEr{Xo$(Mk!1LN
ze+tn7kXy-}G#%2g6LsTYl>{N~1ay5d>NS9Jkhe(qxG#r~5$BcR<17vzBh)J&JEcrZ
zqWZw(#^?#&uY${QhZ9AE*%TBm?m!!Hyfw8{mvR)(rJ*9(j{OEh#e49c?G>>e
zD&~Nghl*>!mP5s`Alt6XVZ#AqUzQUMJy3k-@s603r25j>2@Y8T`z
zQ208s+80ncBq69k@68j^-WFmcpypg8tOEt6d(f$lo&iR^O&lg6vfrwiVhyg@ifL6>
ziI)HkF%Kv)5f7|Hi#M?26c0<Mt+~ss3!u!cqO2~sh8z)nhf(SCLp)JqSApl+awUW!-w}&QKB&y`NVv$f
zeN}hXG-8=URaUd?`6dQ0sWz!G;^Gb+up%d+hRrVoma7K
z2GDs5S8siIDiW9cEn-bmtnw-l*J8CI>8#kx*wZY_{m>MzILaYv06ykkBy3g+`-Yj7
zgsg|#6`0vcj6;!*!a
zAu<3lyEr`75|2c}`VvvC3AnaVJhU&K4rqwUh{rD<;1g3o%w0%0bW5RQ4&74pnTvS@
z&6uOa6uPBsH*`xVB9S;ICE@fcTz_sWtLav^no1nF5#taGE$ACsL&6KPLYw)Do-lhi
zeoz54r!yp{Xo#RcqwsD(-Joq)2V12gu>AAohZ3ijt%aKD7tc)K06lAPXk~0*pQTQUDu0VE~7aqg=KR`1Tt{$g;bZ~#=
zFp^#zOId`M#BeEOveqkSUOhm4;h`pvpiN&
zKI4tDAM5yjU}8>0!siT72$5@$RDs*Yi5BZ>&@qf6jijB&puQT{qiv+6d%C)80@URY
zVy19?Ljh&i*A8*MgLvqx2xq#4*8pWh(K$?HR*W?WmHbwfqNy~^%cKvuz1M8|4FlAR
z2yWkqV>I4JlWZ-O=;&5=H$a&e#qvA_=X2T9g$5c`PplzkCv#h6`-BK=!8Xy*5Fc1pOt
zip*AZO04VUGu&QvsFVdJ=13&$v?$ib1tnD+w?`*Wi8PY-LrKJoaLrM==$5rEoI{A2
zqKWkbl-*wDSRwY{A*cwm-I_ZIC>Ne0AvELTb1J;wL`Cn$fWv;SKcZ>>0&Qh8X*umP
zQx7X*I-e`tXHv{E+-K5nIWeyf5w7e4s;s7xm-dRrInXR2?CrO%WS$Y=h9
z`h5!2U6qu^t`*(_)U99iPT4B!`zp6(^=R?6?kg<5N}_K!SJc`8U1uFJveOAu&f<&i
zc_xuE4gk<5C5JASX
zNJKCM@fUHIrNrwIB;}|omJ}a0f=Kb|4EYu(EWS?pdn^~?wx@L9zhyH#kF|2pzw7Cz5pm!gd4N&vJl&y0Ntr@
z^$7B%gDaacMv%V|`@0V4;$pbIkHaiMIwXXkLoA>o83~t-M20zQBKi44{B#zs6%|80
zg7gA3MD#p@{5BVdM$^MMBrY?NNLc&gO|cBu{SBmXv?G56&=8Z+2r?TyXaso1vybK
zCX;$*At4*kE~=s*(PjaW@bv%;1mIzgM8ay)`y!`ZP#hT3US#!Nh2zd}4Ji$DyLgPC
z%!1rL9=Kh25yg8A4?^MVcCjB&)>!TG#0&aS82kY}R9~7^w~JpKTp27!yEueW;ma^l
zSPZu^psppjU7Q&L?*gc3jfBfaBEzbHNY->S#ZX-9D~7sVi~}@8^wcf}cFmS`I+piRPH%}^e+*~=mZRNFcOx|0lDKF
zOyS>c)S{S+$RZXO7r-OpIvf8PM3K=Gi3sK)vbPR*iD1j6Yf)C!{{+6
zFv5T8
zj*=@#M8Xf(@l6LZ%(f0gdVis7EQ_dqY;THQxc0+;24RbY7eO})cjjG4*gQlhvIu1r
zLP!g6U5x(>LJ|p!q1j5@nLCg$y4L&2Fuk8lj%LFW=|o6<57%S(&miKACnjL!>Eya$j&lqzQ+P!T$ql4nV>h
zQgG5W#8u;0gTC4?Rn4#|!ijcBJl-FV{ol9>B?0xoe@5YJfQFc1L8sr0Ogyc^|L;au
z!oJ3U(u&9lG+yUS{w^nB?{UNdfoh&Z(yrSOEN?zi^H0(XwTx)z$7TD`_?yVG;J!o0
zuzRJh>=7xhCe;CTIfR%g9MLgij==#x4E#2_$YfY@iz2P*l8yi=&q_Q?j4H%O&Qh>{
zYKhT6KEvg_wjbxyBXhZ;*JdsNl+8ST9Mj?>z4sso&=iFW&&Gc^64Al!%($IcZpjLs
zigWq7jY#j_2It=Z%cp43t`%*GFO{6us2Zu`1Q8wdR_vcnlUpq0Zf=e9Z-Di69ci9q
zm$tD(J6h6;gqE;$J3!6eNVq9bkkoAoB9Tb`y^j5FxZbZAYJa}~&=Av;7dy8Z2UP)L
zu0z7i8jX!$M(7jznPNY#;}tXQ&JF__VtQisVoNwOK+H=>m>Cr~Ofy2?gcnw2jw5)c
zn00cCS`p9?(-X52JMlsg5c6gv%#1>wVay2KLPyHR^<1j7o1P<&0W`$)#4I0C!|8yS
zOOP-#iW-J7BlL&UO|co*{fe0`=5|0sOi#>4z9hsufS8AnFtd|jCK3tjhtGt#jO!A`
z0~O4FM&TcThL{XIg5wV0{r^`8K`6X?T)fVJa-*b%Mk^uN(tKvZbO!Ji!5mT2#^Kl}
zXnBLp&cRh^x1&M$?M>1STJ@>n>}VuR@As$>D*!#DaLc-)*E+a_qs2w;^uP4opfa)(u?N
zSp=o+e{$~{x_T^dCj$CKiZp}9ol^|=$a(|<0j;laH@JKcI=C_hhmRrYObc&~sQ43W
z$l&;Vq;(Vk$x*zqkT*gE^TF;15Sofz9hcqj4m)>?-M7!++y1Yy)ws4)6Gh-Zqp%^M
zTqGHaQERTMzUucQd_kTfI175-3am6mi}|0T%?_t!r4mlBML-N-b3PJosl+#|*%Qq~
z{IdLdT%V{VwL$z;aeM*L5YhA2orF>~sfe=CE^jHT`+7
z5Pbk`sc>}%n&RNfm8kAOJFt4A4iw)WHF7CQs@%nGfd@hNzqLUB_vM<((^sVBA}KNo
zF`3q2lcUs}=c<_<&OF5O@H**7l8e_#*ZA5g6a_4bnI&xUq5spvawM)UkT_ZRW6Ww=
ze2m#x&d5nXqG5=2xNgIL29ak>r(_`#oY^%A;a=P|Q@S;Cb^94mZh5kW(3yENM2Vlv
zkL3n~-Ok-W8Uw?`D^l$vDgYWripJF!4Y4_(e^i$>r5j>L2Y0a35DV_ZH@|>Bp>VZJ
zob2GrhKTLQ3D?o!<^yc5K*A=WyfBwYG`;Re{F`VMN9_{d1~f$U(k14iJs-xCc?^lm
zO(YW9!QQ6$3)dg2$s*|DMtut=Oa_;j@csx)hyXEbB4Hl1kPOp^(3iYsiq5$9R?M_U
zy#Ngnz0_zajGTifa~6_zqqiYsGfas4jn6A7=2SZfhah+CBFx5cZBk6ZSBleym?`P|
zcoe>W27>t^61P!_EF#+52>t-qZ}Fc&NchQ6^tbP;N)vQ*8%z4x|3iN}QBHY$)!)7@
zS6}u&^tY(m_{<7S%mGMP3kua~t7Vad1G)G`99$>kKZCGE!qc@-|F|=kB5~i2
zY#g8=rl)~--C%4TNs!er2?FTPC_Dz7(v!zb5Oy`I*0mATh`z{;4t2rsRLyEsbqE2D
z%Le8tzm
zMGp1=vUMK6Q=$m;*j58j_Iz7WHd-2v8!=PZKl{?8ZSk%*m;&PVK>MqdlvcxZr2XL#
z?`6Ym$c_FQZo)p{t0zUT$qgJQz&E~9JsMLfPv$0#nJ`V*r+h(Kw+C_qEheC7r+wwE
zchu0_h5+CCLJzcOYv(1Qb)5B;e4{))9?5O7At?2rwLSeMjS==aUn!ZtJGaHVD*pwU
zEt0rM-}&N)qV-by0=&;7nEXZ04McyBQddU8UF&+}0*{JUdJTF6@;4T1-kE@gn4X+c
z-abr-h}k%Y87-f}`U;`n1kf^EmlR|62%sURCuVhEil+fFUqr&15i^mU+NQTRA;qPZCy_BCw>E$J&h
z5j4>5UPsn;TN2<_5&VE#ZnU!9;mzL`jH>n?AA10^pi7|TKs39(zEW3uLGyyHh*!dQ
zTq6$AKdNF-gAXeP@%-~~Q`ANNA|W9Ttw8
z@FoP`1&El9gzZOyMIvEk_QUHQT(?-VgnCeY7SIrpQMjv5_5ci4XG-j#=RHW6O#uE&
zq!D8Ci->>YYAfqkbyfKp&=8YB?O+D1A9KMFw16N{tInxY2sbCrNzu7J9LhL|4q>vNf^;b5>e
zfM#chU;cQi212}24Zp~N>j1?@SHo05LrexXEtmAhZZluZBLGhD$|ALO9r$HHxh9T6
zPmFE3f#i}X#=|}y?7Ri5a(yi}Dysd;5eMS7ptY~`Rq-MGfWaoWmB6ea@NEvDkNVZLx0Q^wVFa)ve2Yog%<5xue>4ea!cp5H)95whb7H9ShpI=gB
z2jX#5uRYUw9^E2V6?~8qnuMWyj<4i$7BCo}?&LwiiN4a!pvokrpq@B(a1^A5MBbof
zHqh_%*`tt=rOHGOoiQZH2
za$cbEa4_sIYZ#t0Fa|3h`wm};PHdhm(Q+RIWciHVV6{*bt-cMB0`Qib3y|fjB?n)$
zDK0^luNjqq+EjF>yCE^l*GV=qOz-Nw1Cc#_F%+?*>75w(H}2?@&7ELxeu#v-GJUcc
z)|E+i6^sLyaBZggV0E|X*8vSNJ?d;=1@u8;7=0NG%OY_ZibTR}ThbKG0FEujCj-zB
zlTqC-hcO!Ze8T{2_K)nuT~)6%3Qqyb{YhFIK9kGd(AP+o9X^xWY9n8xGi(fepUu<6
z#m@7Ho$t--h%c>M>o>6?9i+3hyvwK@VQHRM*ZA$tm*&qL8$
z4u*blKA-0o{8rVUQom`ge&YeXfqrqmdXf5-^VN&gFWy&IR+gh*d0#_UzZ}x9*?!nJ
z$rt*xJXPT)=+g50zJ@pzL#hHnQ=S0JQ&G)J
zDMQG9ekO|hIe)p%w)@rrY=BYFJjp2MqPTZ^3LeXA6(sfQeF$C`qWsk7Jq4@tTD2i4
zo7(clNu>+PfN1Ve`->=F2Pjzccd75MZlhXsW3|7~Y6p%if~aFrYOMnI#O3%Zs)U>o
zqjk4zf=c=z%C`Z`{8y!j3a({JUX8HKs@c*qA2=fNXG_a`5YbcQNC12>v%;9-|rUljz}Hgbh&ok
zaddD>wNI9cLO(4FVYk94-&~NcxFi{Fbz5GeUn2_TRCl4n(5dc1r%)JrxT~yjY8Nr^
zMz5fhYopYv@3Fi<=Wa0d(@}9tno+GnsgEB7V1om|G?5MSoCDa9*CPG0RPAF`R%$KJ
zJFR7PUZAivIJ^*5I=(rvq$bgF1`4(!%GVo3ICQb7rS6F=m}99GPQe^YJsf7K+rV&Q
zlbFoWtr=gWo}^e4%oS26pu1k;?E6~X#_wcr^TXh
zT-wG?Y4b71A*F{mLs^JHC07=!k6Wy{T&#W$#dmW9H4{;aK@J7%
z`aJd65e~+=xr5q3QU-Jn{EmQt-99QtcHJYnqE!xgm^&wr5_YesGEO)Gg>8AL5Bx=x
zZw|;RC_@Y)e>x*7rPcZrFlw^%SrDC01gmnu`N$;;vh}&hanrBUfjqU=wb6(#X5Kd9-M!W3Z
zF2b(W5eOs}=fhcCz+~#U*Ej>@jwhu?bumSyKcleo^{~RynlhTBGRM7%a`ehq!|icz
zeF=acTDlTdeB9gd8MHr7!NR;(jQe+Dhd(%#@MPJTR^u;lc{Gf6!W$>&G#m0nfBM-1
zLgG0t_TH1|mbapOd%eDSxDS3Km22!OcLGp%@I_4oKBOV@9j}_UvhDYIRht+VsJa`i
zbiY?EaEG>dOfg)~8bK#k{IEBU6gLadT&C8B_#Iv!y@?qiI-4{H&)(C)tZ2YRm5n?yN#Ef6TPu%S-LOw_;`GsfSCJ~VZquB^LD9ydHWXdVid4{k{ah55YE?o411)^XxFmEjN1IEjosDkBu0
z5rjU+RYrVxMjK>YRT-7TGjfm-1EooLQdmZ-HOL@fJ+E?bn45@}y-_c_JiZQ~@O}gg
z{LPdX6#liy!ecVeaf4l+>M~4lDObh~UiTzQz^F**qF8=%}Iy(4*uRzZMLp0FUm
z6h##o1PFSnR9dKl09j}=G6+z{6G!iNRS=-<`R)*2(i2nuAAD1APzrZ8Ss8^j0d<9=
zZ;7^hZUw&KiRp}-kiyqdgVo{qyky}eyWwd%8S^n6H84Fzq6Vg?NYudV(NTkGkCM{0VP0xXuR>{%OxzIjtHj0Q8d}Y=ufi^@VJ+Jgnm^XdWm7Z@CZLjnM
z|3juP5!)p{J0SJf1H@oJxfziDI#h7TtW6AbsNk@vh6EKVIAWGaXA_~}>?aBPOk)9f
z{qt_oI{YM3f)gv)XV!>}73?z`QyFxuV4vARHZ4pGIaaXWjG>JTJelot4tF>Z7rw}4+`0L|7&Tz(>v5L;o;
z8;a`(#n_AkG{j`o<5!R^HkiI;fNtFgac+PB8mTlpL
z3O1Szr7fJL`17U?6(EqILIqn*9V$qKU!VbVn{3P~RM2)PDY(@1)q^T6_euqItYFoR
z6c<;;bHfn@u8v1$|}j*1>{)4gkS|MCd|hxx+CFf(6;69|sGDn11T{94yEu
zCrEvTL{OyB3=
zwrH1>p~D5uaqf3`LsH>_3`d3&F32$JM}`a9nnl6|?HnysxS+kM!v$^2krK^K-vEf)
zy;CZo;{{72m2g(U%^fA2Rd5SgE{YelT~DSfW%^zK?NhHxj+NyF1NDfgh+;WaUdrL<
zRCy_@ZsmB95mG-XX<_`<T^Y@v21_P2w%468}72b?YpE&uHh?Tn<7#1((CpnfVv(7nzZPm
zP{P;k^9(id!D!d^IpR0f@bv@bj_0Lrdf`5+2)|bOP@0N2J)Fl`n%s;vjK_h!WTWJv
zSMHt?VLIuR`&grr97~*)`&grn1UM`Au|~Vdm3tX*D&fgC!&mO(jUp>|LgJPC2;n8s
z@iB1x4?QQf!iG_0^;O7{A%xyWnv{zJYB}oM+sKrF4S6y;&_^~yK7LA0HTxN{gn}7$
ziz|wCAH|x79iya-v-E(4my(5B8@^qTIB0{^Lx&FH@p2-(#$@QAjiIKp96HEw+L8(#
zv^Ct&!Fk1Sy^=0N2VD#uI+!+$5#PbSt(yn4QCXQFJlLdWaYTAgGNS5MC_oc
z^fDAXnAVy2rx?D~;M7*}*TI7WMfkTEqfpv~*()`yHBGEZ{Lc7(0Aav`hB;(PN@v&sd
zI9p7tM4foGZ$9wur`0w7)VIFyY*)gmDR7X{4zf$9$gFVFRMy52`U(r0)ug
z8q^2;YXyH>!&_woPPp%Cn3#AkE&lHEmG$G3ipQl+`(0Dr4XE3)Xu@5G*YkI&)%&H~
zI=l^FlDnF(!@B?`yNmfcyqKTjuH|JJ7O65km?z74uj8}xuy3368SZ-;l7mVg#P#_P
zHj30|LtahZD>l5E+^e-FPs$%&SI%WtAa#pAr-Mk-ULM*%(tS
zER^M6>dLzlP`CW>g>`1a(b@y6$u(7$ls1rGw9t){MlNKC6-am?L945tyyu}$;xD)tiKIhc%zIzObQZ6wQ}oBPgz$)S9P?WCwnO0Sz%d);y^xaHFl2%nmNjqrj=dw(7)7
z11yefvaLFGlnydm{At7@jA^$j`P-vXmlb-3
zi{7Uu04wcthJxT#0+
z7V=evqjx601e`iIBfje$n9wtczEi`uL#^xLyFX;iQ0T4QvYY^vyY2#5o^TVs1Fs(e
zHGf6I<)JK*NSI$D01#i=6x|gcZ06-Zqp&KVAtnQl;Sbfs*Diqc_~lt}9b=S>O~r<#
z-{nKy03NWJeFEjAla3;_E(j_qrsS9D&nV0V3w%a38T*EeDnvyJ{%u?@gUoF)mnuPZ
zMFR-`8HHOxlky|FDsa^`Tl{0p&oqUxx$5D)C>%1cR+P4lbLlP7hyIT(=GZhe0Web1z&>MF)IT{LD!%LF-av*OriNI<}EYuycqxH2hoNw
z2*-%EQ56#BN%P)$rYHn-QzXvkz!qh%Jb_(n>q-)pm|Po7N3X-sZen!F!73y#>&i=loZZm0oH$z6=#}f-#${I53>L?^~d5E^`9hr&>pV_d*$hi==HY
z;H#XzX}1y&n?SpaQb&M0qH=XS82_rjvhAh-_)Kh1(1@~?@YX)&*$|=Ij~FB{m|FEI
zz_wazHk)EH;0QDc^Cze1B6Y(AWN)`_DJ=vXsd(JYW;NO~^-e2!D|V)V-7Co6MJU(E
z9PRJGuKt)etzExi8z^!=2J9H+5`U32>Urc2Y}}EGAW;ukx6H#w!pKA*RnQVbGDN&+Njpdq@6L4vt6-bpihiR{h!dZ5%+~
zc5)an=ncrK|x}&;_rqHQ+{0t1uGlYVfY=dANzuU(8*z=va1(eJ#|{FNdq%tIm(t;9?jhRxA2
zoek>%-iQ(SV_=>sjxAE!!*j;;G_1c*VSheq=r17AHdD!##WpQ-Cz$m&tgDy-(sy&l
zM6_QPB+cCPiAFHRFvCju3m-e&2;qhC;4t2>K3ap}&P8B-xel6^N7sqTGprxqG{jOD
zf$u2!e|%kcfE2a&pG)O^EhRtX6V`Yq+33XjU7tktQ_H?24A$yk%oAW?FmR2`YDEeqo2rh-F{BZ%q
zH-l9PbA@Vv%ZNIX;zVNW>BmZ4H4Mfr7s|#GwHm-0;?ON95w&flR>#GYuu7e7GHt;A6cKzc=}1E*liRxoyYEb9Trb_%tpEU=@9
zKj~q*L)F52h00M8gzEtRGz7L-6ON$FQb9M3I9QjHuJVnYZ9P(A-Ee2pDN~GRwUReZUM%3%mKtU2UAC%>
zVMSa9<8Q;_nxMuQopy0sz1sr{b1Bp!4!2vNO4XUEYpbM-&{Y9oT|;=OWUQJ8Y}FC7
z3DF*mzJ^659i3PcTRoT;tS7;kZCH7I*2o5^^0~Ika~6Uxg0aP8>ETV@t_H#)Tdl>A
zd>6?b0^u`{B)DodX|Jtre&>>|gYc&zaf{ca!?r5%2A1Jz3$Wu^$SVQ9Xf^4StyW@k
z%%uB3sAouIxur=3rCNthgh`!1=xaz+RFeUpK}VvPLpczP8Z(|
zY@d&xqs+{aY7^!LY~N{MU;Fq}vTu=8=c~B*EnqTi?7yGJht*Qi=+2i&DzJNed?QU#
z)=AY3b4A8$0IM5?_l5qKrEE}4W9VfLf~&ob@nux>nOxOO_-Tr=+RfR4ocM?
zQ!lXsj14g?EAczbjuMU{8|y&W3-EwPu;g)?!JL=s<4&##=YU-zoU17DXFQfq_ybk6
z0@d?3;*}F^f|Xbp{_})?q}pB-%2NT};}I-bwg-e&Ks9|8`}<&k5jB9-C7hLKT*ag!
z;n6DnXxx(TFT$U^0rdmi1;i2k@bkDw)`Mxr4U%}Id?#O`SU?3A+e{Qo!G4J(Oc7a?
zyAHP!ss~h||KUwaKw>X`4ikq=&{~<(GN9(ZrxO$xfnO(%uSZtGO|tY?3SA2v~Dpp7BWmm9LbW{l35k`|_R8
z%_qzWs7+Wkz+J`Dz~+1MZuiBcMFB-yeluw^2yYmY?!K6`I-nXp;F6AmaK?~y_r;`F
z0?PToCH)S9Oz_G?_e^KrMV|Ht)Mr_4AD0S3aYNEwDw94BsPS+juuXM9Xd6S)V-*jB
zlIa%$>e*yB;h~^TG;}kxS(TSwWTgfNSDj5RMs=8Q5HAIH+F8
z?IwH$tX~b2bDX$_YO#J$-HR7Wgp&hZ9}eA2bh*7ivz<0UbqqIIoZBoAsu_|l5+?Ns
zszLCSFzF!>x)_ok8<;dEsM0#Qq|qSEHY6S(*?e7YOrH@{-(<
z?iBU`5IPtV4?9shncg%`4O`_7c_Tob8cUB-+&fO~nB~^*O0c#VChOFN&N|1(sZ|?X
zI}d?%@!!no#>g@Y@FGV;w@`0`pF1(86rxI&>FeTD>I&DG(xBG(H{FuV+#9F9#=SGQ
zfVN-_h-GFkk5A&%&3h~(x`_dIQ-RvDGtHHADs^#+YtL>Fj~Fpd
zfPO5^OjqhgS+{;JgLT6&DFK&MNvUe+3V9+D!T5U@4t)Wz70gULRuk3TP^k?UaG8_`
z<6e(t$&oL>sIE#4!N|f{Zw0Kkhx?`Pc4l<5;eUHKn$U)oJ)j#6bXc(dRx
z2z`17!Ke!4#MUd-w5FTbHSlFFFNdbU^o^v>$~#I8YUh@3DyUWNK#!_QPU5&yGcYEy
zSuMfuWn@etMrZ%BQa$ImxtIXz;yci@=i-)9eGa)Y+rafgL>-@
z^z6B45>gLh8q2xJhhDQBj%-aq-!1Z;q%N(8Luw*ibu7~a{GNA^;jGY)*H}X8U>7%?
zC&6EI2O0lvSf?`}q>4T5rt=#3NA4iQy$=1j=}ZYFFNv8DZ`_05JvCPM**&h$7sx@>@8iL;K4kCU%W`0G(>xq#1v7v5_V?du_
zM0}z=k_O_pA+`QdcM|s^Si6YHlN`RAH%3{BHQ^&lxB)u+ec~8sUm2xTFP1EaIZndg
zA=M6jJ}2`l2!DC{ESW*Rxlp`%{&id9$r!8);&A6WzfT5UFkaQ$r5#4160mAM{sJ}{
zN+=nx7NC)_T@L~4=i&a{K3~oli->+-yt@2}o4v`P&Np;361vRx@oGt1cS61ytUZPq
zRb;HQU%bjW+hu+M*0+X9gSngf8cO|%c(ro0o4O4@aV{LXaHCRZ=Aw9Yu(Hc61y*gt
zG^s}`ekoqf-Q=3^D5(AaO}8W~-Wji^eda2j0@ebJ^Fiq-i$uhl3SoMYTk`-?Ub^pKV
zmSkq$+h^8C&rkwCRCi^_J~2Tb_0%3WTQk90YM4>Ro~VvC`*v7e@j8SZU>z{bsFG#o
zg|J$`-_>~ztX~Z?yRl6FF|5|5yY!p|;QGMvuV%nZ+fkEVa;xkv_YZY`LUKj(T2bf27z7!uy6~
z)VTvJ>s;!neQ&rr&x2~EcsYutbNg}|84GT9)TeluM1D_^0-+*CkV?)q=76JaKIf9|
z2ceB2`P!rC=N;8=fNT38P^bR~UE5JAbqCBnsutdc+Z)VXID%Dv!0T|oAP;;4%l$w9
zoGAjMO3{2D64MUi%Zp%N^(4p!Ey2~!KU$(h4^+|5@vr`hS9ox1c{dK;UG`3Ce33zE
z>`FmZ{T#n$0y=)MTX+(8N`oa*DIW<+#2;9R{jNYC?}^+Y5i6DQK!Mo5NX7TMlPC
z138@QJkQ~LXFG=roew!&DDCXb#snvp9UwS<2yB=M@fL
za*lDh&iRqU^-khV(zDSi#^ENX8HYdSErYTM6#6x9!iN<8mbV|r|DJa$hkxWf#o?cM
zmvZ=5-nTgXJMT?|t-E%6%qrYl263rBg8V-~o^v{Jk%weyAa#Dnw%>%%iHkIsuXnMm
z;h>Hogic(fiTo4un68LeKnR_<$OH0a$n-(PD}>OAi`0;Hkxnt>eqzOiPgFXR{j)vRc^yg0M(j}+jT}X97wC>oc{xbk@l?fB!{z|xqs3BInFu`=Q{g2
zoabEP@HxlEL!dy~eCKWs7dTZpTb&K>Y
zb1HDS+-c6?N~afxtDWf_u5s3L_=2;a!?n&;4%a(L=q&m2TI!vB!`>rN34cRIB=d;=a4JP1$Q?r^P*v8M*yvcvNA_8b^QZPB}{KK-@4y*frroMd#B7=g*5Z`GIyzS&o3%
zPt=0+Oc;Rf#@a0iN^hO`1-j=$5c>>=U5{L|
zjF)POXZ7h1MIMF6_&Y$?J=iLBYmjB7KO8CjFh;dBEOElYf>yniQ=zh5Li$-u-jGNd
zkYa>3CUc8$f?ZU7%%VkgMAspRQgoqiDiPO?Xp87>9wb`$cu#c%9h`Uq*d&8Lhm5)M
zebtysQ2jq(s}24z$(N)jKItRWZ)td^6cOT0;0Fwc)6ksJ>hVmhUM0?1;8zTX^%Tj4
z#{}sURVT9ZA7Ejm&RNh;mWt5*RQhDqGZ*kez%o5tkVl_t>GXtqKm<>^bu7MNN^+O3ou*MdEph&C0
zBzW}hu|?{=P|`T_J+zgT0MmY&4xJhIMGD=659`vp?2Kxq`+}16a}&J6SiLm4=Ifno
zjQE;K)!=>K2cgS2e!yW52WZtxkYLumt8Ygr;LZx8Gw`Ge}mFy
zrP+!nccO$S|CpJ0`LBci+{=G8oY#Ac%A#h{rmDyx6kNvf1En(|+KQeqmCztGp^tM>
zwt|#!{^^AB4_Z>AR8+|A6p9LEfWJtrUxH$OFFs+BcpwXBxxxwQyG}}&cQhP64#osQ
ze=|M`2Rpqdt$~PnjM7;`R!k6YKLYGnIC%V~Z9R?n`5vZQqAUDyI9Q~av^D_T?h(W)
z(y&+1HIea2IQ&BcX}uo{TA@aWm?#vAPTbu%oYoQTUflg;BnM`V?s}lRCq@GJSFIe{
z13r&K70*L*T1%`#A#T+eZdNuf55;M}57gXVG29N>xICbzot%QYbDD-{03AnvoTepP
zwZR2H84>nNlqu}(gY(6rZy{`f*1Qri(Uk^HfaJUp{s@1|QO2xy1jRYKax6p%?<4W8
z5Z47`g;pS9qBw&mej>GfIPF{X)FQQW_y&o8iXXJ*-lGZZ9*)CgupCc}t+aXYjEdCW
z;S`D^GTt#3o4-fzR6Ze{b}17@(?uk)IQ)X-C@)%4s6l@S>p{@PQA++(%0hvx2e8#a
zhDf6cXNbUNJ%?IF%L?`OIQ{5sJP8n23p5)r+$vfDizbi~U3tr5;dr_^DOydaL_C?H
zo0E45|B}S{huWeQPmd>yVjaw{^U?GXbJ`U8sUqK5VMPU@p
zLVZ!$=JK0Kq)Sj~69)b8s)K=rp0Ol)y$`r0nz8kD2>eOU2{l`w?Wu4I&{sP6a
zoT(g^bLMea-dWCJMQ3afvx;Jsoar1^cIIARR&|PVSk0-(VRfe#hc%sF
zIK1CE#bIsdDy$C_tK=!4gG=LrczQ)StHiHA8$G9CmyN^{Am|RppxC^+oh>
z57PH!y{Y%gIWJeu^0OZ4re1;)4EK1wI3icacc=
z4hdGd2dh@{ekRnS`)sS0VUw&*F@7T!Kji&GsCVDQHIL{=iL?tAS@CmU1Z3N4T`rpq
z9bupXG-b*AtVp1avH-2r%=?^3pquytizWftEVzb)=2pFGKe%TSGs`+lN@3umg>spd
zQ;08;o1qnDR?W4IZ0B{WnU(T$cauEieIV6x9|aOBm4%Bxvu0A@FdhgXA_6^jIy_B+
z&IEDvlDf<)T5k~+sFPH8H#lX$spv^qC27G(<^$@*q4ebjNIwXuHNnNnbybp9`eZgy
z$GYld!~j6U3_MBDN}kN->PM6qCq5I{JcGw|u5VGXSRtzZ#;=aYBL5X{W6|`J4WPSu
zT0Md`fWA;X-5=hWB`JAM=$M_vZK;O}^~zCic*11F?KoYjb9?@ieqIC%ok
zELoEN3I3tKR@-ggxXVtgr^F<*Nxh^w&^>en^3@Vr<5H;B61^0RJKI}Wg#$gqGt1zP
zsqxp3D?KU$WAr?`sf?o{M`#1!q_V3U2Q>_&)aPQ+6r-sT`d`+_a@fZhYqgFQ(1
z+*r-jM$b;b^@4(e(sPeEBV56(sEAl
zpHTDf(a4>$BI&JqFta3P_?2L->W%WzrDmj25c?Gqx4P
znx7%S#~98@GC*^t2=xY<6LIDPUtu_}z)~xfZc3eXLj8nA;oE?{ZE%vXQcsS6*$;`x
zD!d?m3D|EqxPbE4bqnanI+*vd=@cdCua&wf52~q($ki5|XC5S!frG_-Hl2wp%>Ef~
zdQ&2QUzAo8FdvO(b1h^Oi%O)v$Tjj+X^n!&(^{;&<+Dk@HVHQ&UahwAYL)6S{l{~l
zP_6EUxT#ex<+Qhs;%X~XK70YtIQmnje34f0^NOz!VLMbpR*2*liyl3NRin}6A!ZcmxQle8lU?nmZ9!KwOsZ|g
zK@f9*F7y~yr$hBYN$*P<%VvmTF9TVD&sc~eyV8{
zY^~JbURACVz@mt+>|x?b5JWHwEPhoW+&`uLU?dwNhO6|5>fex*c1Bb`Bj}Kf%lJ%f
zC`^orKxZ085-~=yT^CgU{Ls1z*balgJsnYg`mU8%l+^&bJ_PNAp|XKm)iu?xAFBB(
zu)hsX#^_vV(hb$4I7mqqEh`NN7lR;sqDjB2_2ogT3_=4#Vxu^@cKgPod`k&cqySi=
zBPe}5n(p{kamN;}Aymt!g_V!gi^-tO_Gp3&$)(j6DxBM+Z3Jb9p>av^isNu|p?1IJ
zvW|i9l_8O3mZazR;dVkj3NInmk@yvazlfAd#m&>G@ai((V1N=Kisv=T;ch~G`4Cm!j!-0)9$}~Ps
zsJpk|?KVV<`S@8(xHgX#EQi-t+C7#MqXo<1sY11S5g!I3@;mr>pUB*7dBJk{rK;ci
z>Kxei~JCh|4>{6b{b%nOpk&*P3cMJFh7R7N+5Lo3txDwHlPWBD?`DiW^cX~A-M
zqfj*qyE$(Ltc{P;g5~fwq0WqV@j<|b`#3FF4(}G~A9O;je-^O$K28gk!v}<#-CyTX
zYzDT?$7w-s_#>gtzpC8^;wZ3B4bHRR@C#)}jiZvI$!hphp^jsT1aZV)^i#!Th9>ag
zlR~vdKgW1MU}*-=82>Ef`{XO015GwW@w~)0d_|}qJK$XzYRL~GwjD`OU5GN=xZ*Iw
z5BJVriNy%iVtCVGK(Z?~8L_jCSVa<}HN4?`w#xYmCPAcn9q`u-hgCDDu&r9d5mS{o
z9|Au?9I73iJg>|Pr%CnL9Lw7IG&1}X2!9(zwJ5O+x(f;SEjeT$@DPDothiJ+PGZAA
z5-WZ$T>Ut7)*6slBCYxhSC=Y3mcoig0NWUXzVMjvh*YodbT6YpAdEL8ZtQG?!+A#oPyM-Oyitf=mTm-IwiFuEBQb#r=Yc^FHo
zKWT;X90_o|N3b#)z||J+cUQh)faFjt9S=VqP?s=D5l6g;pN&N3%dRo?@v>iIkj4en
z_jNQT4uNpYka(3*7z?a(pK*)e3b0=Z_Zz1stq-V1xOw2Luo)5Ih!UjFL^%i2Yw
zYc9+gQgK8V!Nf}v7l^bQV>^NhAAnQ~gcdl0Gq9cR#WFOrq)VR5kp5c1T($7JEG~L>
zDpRM?=ukH_FH|r;c&8ZyZgfz?HJ87S7mp*8gj1y@3#9Tlo5CbEQW{|~y=uEsVnFACMvM(W~2@IJv|
zKLul~2N=92R2|Ccw}}7Q!^A8iq>z&+@{&l|O&wf_P%ZP9P=z`m>aH5Ni^ReD1f98p
zL~`UuuGs2LY9S>7Rx<={4pgfyE1y(r@c==z
z1fzptv6>X}(?wQ_8qB325$&>C3{=j3(6E+^F!=(>p{
zw&G_eu{TlTJbR4bb-LbzU2UHL`+{)33N(&Sp8Va(mA?V(cO#!dv&+Z}B5MLB2zq)M
zX)4v@a77YH6t0Em9XPbM6nY;nvPM*z;nqNkSN;UO0*Y?f8w)r^CFC(L+`h1y-9|iWQkJJ1z
z@|0BlE4%uy0sF{iub&ueVK$HPi(Z^}Z7~B6MS7xP^h5mPgi+qPH?cHfmsB+{1rajFjuY&Qq$I>snMZU({lt1gfN_-6L1mU_0Xo?)UD%I|F?iBeaU^fk3gkFeCtP{-l
z1XM>bmB@!9%EA6jM%
zjEDFnG7LZCNQ4Y@%i-8*h+rzV1uemT4&d@w0!?)zwF7EIep{#eI`DUi;}<4#TH}qi
zgW4qV74S>3dib@sNT+~${Y6)ig`2iG9BzxG*WMz11FHK>c$*%!OC(+Gq7ht`7d0J{7c{ZS)c^A*)9prxku&KU0<8uRQ7{(u7
z?7kA%S|gvhhSFadP-E~MP`ris_dQv+tuSFrKrQ?h%1;CQ)(~Fj&Whe;i5v*1vU`xb
z+W-Ugyxf
zl)8=P+Y0gBJWS6T^kppCfmJI`jb4QfXhwqZR1C{XJk
zR7tl)a1$!|=;yyc0JDOB8am7JdL($Duh?lrCpya71U9QwDg=
z7>;0K>IJmINFJrG!=lz8bT=fPSMkJHlL{%7x)%H2fG|Clq-Rqlv43mg2BCIUl$QN6
z7`t)Ya~MTHe|XXuWunL%LE|hkau0+Csu82$Cp{0^RZoWgM9VN;wyrI$$oZhX_PXQ=
zww)7q9vL|J;nN|sW?cwWrh@+RkG_?`#iQ?FXx40nMq_ea^`}d?Ch%DN2vpR~^*Q2&
z_gH+?IhfQF@%?ewAC)3&`HA_n>Pi7X6A(SagT$AFdymC4YDnuGB7}Gmge|co@3Ht@
zq~skB^B#*=M@0In?*P%`<0_5eF!vrG)3Y@5_;^MxBmr(hBba=N(kg^A|M4;D2@!bb
z$H%$1Yw?yb;)4GE$K&H?KeVkU4V#kIDVoQ}yKdMP*|3;MSE)G6nWx+gY;lpY6FDGp47YN|##1M;UI-67qR+SM7qzl4+?kw)2QAmcw?JX5C
z`A8&6M%;~OCl)`Crev(Nlh^3xwPi$LGMo0(qj-rX(k{nUNG9i5fs6Bz@J~3ml50%B
zrTi%W2_>%`iHoHJ|4A%GGLcSp0qpNP6V!P)?Aw&6M!MT`7fEX^Vqf(T5nr0%`?o`|
zpFQn{wDto!X5gFz54d~?@G$#kBUF)rk_p0kcSI!dJ?_Kto4Oow46j2XHV&nqjdPc1qEu?O(|u>LqJ7JL>wPW<28hnI=P$ol;~7pHLq7gxV0FeC3^#
zL_yajMNz(}Z%{row-|sPBAYL2>{oi)F^wP|{(N6lk#ia|z9`O~@kL!&Dy>Bj`5a~1z8EnAO_TW_(d|Z)1OJKq3WLVZyb%=Zks@6Ex0yRbaJz
z-19~Ce8A1yBfz@&xaW&1fQG>OM+2MSq8e`3~Z&3d%mcS<0N+kVi&NzKJNLV
zc3i*??6{7_m%z>$-1wq?!JJk6hIoOSCf(+V?)#!X{v3pS0E@*Cgl=D+FG}SCs|FZ#
zJ(ll_DtW;*u_LhVgzF;od{Ogi=@CJU1NM}`Jzo^3Y7X
zriUam#bMAt&nDveq7L{X@I_62NitL120i{E*Fc?0qUVcBZH=+B5Wvh>g6E66`y*SY
zTNijU;`pX|zNoLhaTDqdd|0d=LbkIxMNxm=nW4RdBg?eYFU
z4sPPQz-V=~WqeT+G1!y6b}g_pfoD?27gf8eOXxs^m0Vw*FKW(6DknM=y}K&)ovH;z7LE>IM_Epf3$Bv3sK72H&Eos&g_eNg|6v=ppEoo=ufl^
zyAsTu2tO6)TklXD%A|4e8PaN8ARRxmY-v@k^&Zs0#gqkiLEUkuQ6R>}R0Yb%wwsjT}LWH06u?_>w;mEtWMFmn06k3(*e=92>PCi!?>7M!dS8;KRy0t$heql;Tf25F_F<#
zzC^!IE~dQk(rOC<_8t*UXOl|7s?rJm7jiMp4N7ZHG>Mzh1jOVcktiAQ8`i>FRXSru
zJqdn8hn<~*nT6GZnpofSME&lL)Q=49vR#!j+44i{t&o?!woV3Oo
zC=Wqa=p1t9`KBH|2g5zzR4+WhEyo!vM;zmus`NAVK8KbMNmB|Z@A{_fGk6sRvEO@$
zDB{C2?X$SS`v*`Midj&U^x-*n`%k2GH=q&*F6YDZ?MD|%s|KJ4V_>ar=*n+(dix}T2o@iH+6j!Oa)fQ;IY1`pKu4z
z7Fh2XTq`lYsc9H-#5gdf8&-Qi75Jw9m@2Jhz}6X@i{JRBhN6Gn4eW@)Nj}QXd}LFYEOG<(baJu*!4V#Y`&?R_e-li
zu)YQ-iEO^9&-!6dc@m6g49oXTQJ>&n$sy`qYaYkw$?K##40QcYg(1lfC^CdkC=Yx>
zZHP~v@J`;xNnKJD<(n$^k)CUWy23mj7|lAV&1fMs4Y`LP9u9rq)K+{8kuc+%;_MmU
zROSw8Rf5LI3$k)bnJ
zFxEFkfbmU5@a~fshnRV>f+MJWbh4griieaC@r-Y3ASRLGO~f29(qqX~lqb!ZFxC&c~|
zKj(-&ixM}!sVTUllcB;%EVRrhhvH&x(i
z$sK`s7+41%_k2@}KX>sFz{VQf_@@5E%v8)n{4&BQ?}D0-@0)su=G(6U+!sR-x_x=R
zsiGMB#Yr&EdMw{Jwd;y&!XLo?AzW91=bL)Hh3?u#f!??i#G!G|H(La;Ekkw
ziH5+Mc}jfWRP*Jod>>$ge0k3|m1}}4KONXCU*7Xg#kIwALh?PW1Gd?h_k2_Js!9D+
z`yjBRM&9_Q=HT{2TtxhJPu6WKYr4RB1>aPY&(NZRebL5n=u%q5ot5XCs(2n6iUKU<
z5sYu@T1mGnsSoHO4;Fldaf>v*so`jm-02Jk>&aLqCue+91B1=So++;48=&5bq5Hn6^W$AozJBok;?O0+IiermH`TTZilqh^
z4GoKi5Z^boHXjI`0QT?*zHcgdA)4=K#6RO<+`iqa@qAM~(Ln8$U~G(G`Rk{rl>5
zQcLl~+WriTZ*Z_vf&OTxg3bolHais(x1ZDwtuHsAqQe-QQ*f{l{m~AEC?R$z6zPR0
zGFV)-Hwg{8CTNX38Tu2Q5U0ToEt;~jLyPa%L#xr*G`j+`G^lDt`bE4Dyr=TMYxui`Wz1(wtP_#SLc`am-s$Pb)&O^g*
zUJ|EF60A(Cpskg}sh99W?>Sqm#T7j6dk0hZ5UL?J4yNfjbn4GJkUCxtZ-X1pa=>ci
zfRn47RSt%0eRL*TQ$A4d4!z&t*6d6fZ;cIu8@ltcCf?#a(e*LpCNh}|@%eGsttbJnJ|1p~@+yt!dp$^WB;2cyF3;OmcPb;%3WSca
zB(FY3)qs*g9_G~t*|$dYYGGRqLxC?M-vKYj8(q90j(5jC9G6QRzK)VETu)+Qec+1P
z1*bSw)SDo_L&}PfAsW4=Qs+tQ3eb~4&JtRi&|rl5ZHW
zjA!(#YQaqJWaS9`{+N~Cq5(=P&o~k31ZKHwkhL;t_q;q4g*x_!X4M1K28Z333V^O^
z{-G;j2)_eog(#i0DztPuFe~y8{v_AMl^B?lOn_DDG{&RAJXHvfrRO5ze>m*nWVc41
zSNq=))<(qc@DP3p-fF{w%hiniNb@kT&ka7s7hkC=<-s%<(60ub!KLy~54;9|I4jg0
zzcn|YePso<38(dBEUysMCu9Xy+3|MTaAcn9$tp)gtK8f&kV&oB0u{2(4jdX|Ta6w=
zFO0*UOPV$GiXGT~L|8o#J=lZ9Qo@_F=o@z6%3+l66o7LKVKou@FySpbFtM9$y$EcJ
z!Pof-?6m{q^I6t@V4oSBo3dk8RTwWxq>WMFiQAeZ@Ya29my
z4EiOM3$g_U#UaP9i=u6D-GqvQEBjDPWn29-(zZ5J%B>LFjuth^
z0UJs9e!|(g6sTakTPP5~@9PI@+Un&KSSO7L@gjaU`XVi^p|$K0MXBA}vdLi>fN!%^
zyn-e|q~rKGNhfST;@fWn$5+`ZHA2*N#Q*7Gg6LLa`&6hKhj-3!iQ9>f!~cbYg7KH<8!89#+L
z356?v9@u4HzJ5I9&)F)JX=`i52<#+;!0ozsJ50wE8O+!<@ft)je!$xf_TTWUp0!
z%`8;wKQ>m{V+M;(%g*tH!QS5sRmoD7e#&imnS_yvR(-|_NL3R30q48{VN_UF{X?aY
zUMgOjmrec=|ycwdg~EF#stIoOEvG)2mnfk1m~Xyv@yhE9QAkqp$7722Vn7Sj3#|IUYkb4%M=?lZ{HZXW-VqZcs)
zHDrYXQz4hR?-|IIj}JbxT`)Z|3WF35Ek>2iHLiPs%zN?a-awuBV9hEvv#WyHIF`-*
zNoEz4X`oenu=NdXMR$+}8KUMKN<%w&R;pvgbvu~`e4gQ4pkm}tg9aW`!9P=M>m^`Y
z4X$;}`U5&9tKc7FbvlQEpNrvW^Ld(`$?W+m`1oF3rhkB$V>B{L*EL@eT*Z3i&OFcz
zx?fPiwq1466a%w5v8k8g0*Thm>}@J|5k*F|^bnZ+{!4eeMBFk4He%a|=1?Ujf;Y|6
zY$YX0WL%Q%O0k;z4?}kMzgl!#mtYv+6Tr_!{V~j1iV=J)lm>=^RVlN5T#*{
zRMROx!7-SS;Ly1v4T4$P)cx3&Vhv_4q7*1q4DFh4$@@|zZv*2&fE{B9T2CtH>O-l%
zgz>{bm=;S~M=9!iUuJ$RRq+t!!eG662d2IOX68w$7T{VC?}K*Y-&89xCl&Susro$t
z`+fl9caNn9c=qoHPR9j*$%_|7$c|iSPN_Kj!mxNpiog|oSrV5&&6h+K5NZ%fj|xX-
zqsd>BYV|?gTtr)79X%x$yYd4!qN_#X)4OP8wHNMB+N*F;6ln7*zYi?ltfx2nUQNO`?5K
z0`b@v1$#cSrgI>CpG^~!5`wA=d;nZ*!3ii29NKWLiS|Va98keW>REd8luQsR5s7Wm
zxnt5L6|6PM-8`i^2#**|n)Lg_(3BnyR-5Qv0K-8T?UD3Xg9F>+f_d>?EHzItAJ_`Q
zIVJ9AQ+c<>{{@v*Q&`)8y=QP1(VZugM#TjmgnRoW2;aq$xZh+KWMEcYaOyE(-3B4Y
zL@%W%P4qrzU`br?8+e=U0ii-Hi8ZAkua29bKz=*N5}>K{FOXu}n_rRE!-(igBF)gE
z1?jcg)7Eo=Vs?c8$%En`RuTr%?LgyeHcu62gCA_+2#Xwg_T2UmWY?Y*qQny?;z>%N
zt8EW|53bAoi1`c$yDsTZKBnpdquGHLl?~yq4h*;L*B+C4I(i%2cvKb((w}HS)*%}w
zKxU3@S50l;iKu-_-iMBh+
z|&LvYE^?5p8YW(nw`~ygK=T+eLf=`c)ikE&aK(wS0YNH~EX7&?!OL
zT=?|4mq?xrPZthWMt`DBW)*C=+0@9mlY$#&VKpw=MetBJNMUN=d)h*@<6`=klkoA5
zKm!rUgE@EVatuU)hlDzM%eKZKoryT?8|0ww!%%yn;;?*bA);4#kf1ZG0N+)&5*28p
zSgognP-DNv_Z5+n~I_|(GL-r`A%2lxr0<_OX
zppi(SYalbD8mz?Yb9?X@l{iJF;0_Uo%O!7Vps`3HH(O@YeE8Exs3j{Ub6SGe*5|(4
z6RKK@(sZX1qWH`=BM=xsyBkR>2hyH|$mt}&#h~HGgxY%qtH=<&3dbf77PKS0mHAyV
zRE!bo!K+%ue&B~ajtfr`YW(+F#YI5ZJy@$~F=zvdW3EWjWy>Cw)}kccwX@ewy9&wZ
z^y3coa+Zip#&jw5J-UNR5UOH+xMESbb#T~Cv#0_Y!fU2?*ArG-M0fKbL1%6ShDB-G
z1X!216nUs!>GH-KsKxM}{a|nx;8;S^ZAmeErvm|zhn$|eyz%mBZ#d3~^A3*peJ+=G
zyeP&MPw~1y@j7aO3h-7!-wj0mP6BMThBJgZQ676FB034VybA}z(dCV|PSZwc6_tQj
z^EhsK9k82fe0Co1@=<=>3l5|mUc{?JbNNjnN(TxwD$Iqj^a4WhWbwqphZl7*h
zbTEO5o9o_#L2xUQHNE1oMdK
z)Kgd>jF`KC7c-oBuTazD{d}=kZ;2l@rxx%ghO?PC<`L01J*CwJSbu|)Rx6eAMce3p
zhsUk+fUU;C&s8WRI4N(@iMH$_Bn16XyDY~5KVabk2+^)?12@%$SAXYYC@buX{@T;n
z$-vzgovu%_FZzc_Extk>HYz4f2Cv1$NL
zQ%}O|i~ioH*m)X)q9>sK1Yf1j$=eq_b0WTef><#bKhGH0?2BIMoQuBzY=gmRUvzzW
z(k6=ovtCB-zt{#fc&5<|uAaJ!ufSIGjOn}9$ipQ_Uu6w+L3z(K>aPPNAQHi0Uj-y?
z67D_I=yn4SfGAcJ1)*Fl$$O@;9CK??$HTm58nih?`fsR3e#S(*)0t;XwC#;~#x!9R
zzIg`WSvZ8m-G*3+GyfSA=?M{d=Vwf_zZWe2NsPFlzyI}&sfmrJ&R$}av`*1HV=B89
zuiYWKAd%u>k^hV-^}1j~D;vnHj;}`vdRz9B(N*Sc!Fz&O9e?oyX*~`BUL8*~olPnQ
ztIEJV*yJCJ+gMC8U{7o>c9i`;3`&SHoy?;)Zn!}o7T%jsu7RtGyE
z0cvUBQUrU8+&{bvQ(*&@C&&uzN6x%O?v;Ol;oc&5+B2{mXRI7?%p&*p`7lX_mRCvB
zy_~$e$o;E4c>aOdV;&;v`tVHq;6~fJ2wXV(8^5;!L+>AuQ_7H88aYWKaj`pLJm|5gb?<
z^8qa;xEH}@kvm@t6mJ%}Px_xG?nmTdBhWms5^w)w#9Ox*t?fMGFB8UTnMLl)TVp{C
zqSY)H5<@95v&enwSbPc^STTcVWS~AYj-hZFM$_uRn#SN-i8cTmFqHTf26O{spkY1X
zr-DW99WLTCXuzH|I2XTJLsflg>Qn!u`zQn-nio!Zv^Ij-(x-$-FY0_48)9M!;1*(
z6e6xtx_Rghi_Qdb%s9q+y>YA$4Iw#@Y91UcVaBllHX9>BQ5sMMf>UVD?2TiailAr-
zZVITCfz3E}AyH_20I*>Or*Vu*zzWg+UyVO1h#k|q&qD%PB?8VzsKE+ZnE_`XP6}43
zBdx4QWid>#>GNDWphNI?x-`;OmIu-m$T33b#40#{D`W=At?z1?E4~aP{p4;SL=DU}
zGFg8>W}>`sL(AMvh)#!*aqPTLL1f9Y(5k&yho{
ztP3&+)-94*$Bd9h&dBg5TIPz8iO1LftgI{{d%{i<3P0y&N))e%X07p3LjGJ;i)Io|
z>AHAE5y;mSGC7YP;i1p`Jos0z^`u`%?9$s51i);Czp1ccvB;(m)SA}
zuTb!-U6@+AS!QUFEh8>ei6EV2h8EbexC^x)NVk$EW1;XhTV8R~8saH*wKD#SEgg(G
zl;9jstE-yvjkc_NSm$tyr`pv&7wccMj@U8_;}6Ln%ch_44{T|>_>bB2Grr%J_h1=0
z$tPm|&#GPhC0>U9%eH(T>$nNeBHX|7;~D?jmet@RBfJISR4T6hjGwjT{RK2WB%A)a
z*mDk@u-p%aCdtpqrl0X!w!F(NpDo$+GyaDy+qmU(ESvtv;pNCGDCMnfI{hEB>1RBj
zlm%YXc;cd1`x(y-`*vtNi*Tx1w|sJc4gHm*yswMKTM!;qK8%->@<>OG56PyV@zPSx
za^>e_)BhG-)b9plksG>~+34xF;u+c#kmUf8MF%`lD?X0K-cJK^6I>5u%z0mmp<@BL
z6A(%L?Ms!XvG-Cy7Iu5-e01ZWuXlzn1Y{|&Wo6wRlts^K`F)-|
z-b^AWB`C81k;EB4)hh2H)vTZ#`mHXPKa5m7L#2Xpq&r2+v&2g){vo=C>jY(mFLYXE
z3DV`lP|cvM35e2a>`T4S08(v&@|_V{s;4i-P>Y~E0*It0_)_OuL#kI$euU>dl*CF;
z%1w~*Zb3Q5or3Q5MBQ@fHL$CdH99C?I-uphiILYznlWiaP4%rPd1WPTy{^JK
zxU5-0*~hKdOd^pcj%55B@#ESn5#hLKbF#W1L3H9mCxfyzAWE>ZFEt!xkaayM592+gVn4$P;!82~eNcYk
zLIZrM=W0Mo#K{GnwA3_TilJLUxyFT7`%;ZD8fWE>lSyz!$y7jO;TOKt
z3DiPX(KvZuqR!XPz7#|0ak3sDlFG5%ltxV|!+Yc86D_q=34(NKFjO&4P69+y^?a$v
zsWckL$#>Cr(FasJ`%(-wh?7TMXtXaipGu=coGegSOD*uF7-|f*1RL5~zr@?b#Azh&h09T(%4l9w^_q@+(7d5ur_4f1)FJc+3;rGL|tx8fPf
zrQ{_*B${iL$?LAKV0CdNSFF=gr3up2$WVroZ@Jaf&`1T!J?MN_1CQqrCSa{Xpj;cL
z9EWY4rW|&3x^vjcd6L7<&I&i&!(kWav>V>yu&a|wizmxY+u!E*?Fn6mR~%Y2w}A;n#QZQtUs-=&8S-iIkGSI0x3TZj&U&yaSAc^{^{jk$$L
z1yU|AGtrC%;Z$!`xvLTkL_cLbBoM|$X89xHuAS0c$!q_iOg
zLb>&mDZI|W&z;g%?F0!1^#SKjM$mR?o)I75oQ3YXoh5JKyVk6RBCYgUSY*e=kn@G8VxTW2
zvsaS7L~W)2xd&-cSyhZC)q^~f?urnp5?+jAQu}BU6*iN)zColha6K?-d^G6+Tx(4F
zXeW_s7jsE#qDeR5Ib>4Y>qKgfTL#v2Fq%{c1;(V|J3vbN1+xN?r*DK8CD3vjdR7*s
z7h0%ATIv0tKwHW)CJ<@%A|5r6CijIF?3DN5Y-ufpYcm;8VI1~qa-8zg2mR8^Q+Q$6
z(VY8$*E1YmI>R4>(vRjS_4MaUxS1LWo^I}FZ$w~wS#Mfd+<%0UM@F82%emCa<9Jjv
zIw|EHY&Hv-6{P=V^0jJYT+%Fz=C2`kkB8{BXl+<m=I1k`L04XN;82Mg0=l|n6UWuzF>_ma36zdg{WxKYkiG1BFR`Ivf?E?0ih^M
z#&dGbg!=fD*1Czb9-{O#)Dl}S-`3Fk1RWzNbwC3c*;*vUcazpBL|?#Re@;*zhT4jx
zQgA-rq-Z3@kS@dKjCU4EwIC|;1H8u&Soa6~>B{8pBG30Nq(zq00HI+lNgL2hsA)r`
z)e%@9gP$iW605C7iQt=wpJBdfj|cd)A#mpWQtC?|Kh-ZuTA{HpIQ^L-)S%FR?uAUY
z{xek4#b}|G!MOjdc>v`UN_K4L_&Ss?sj`Ir?&<_P$=Luw5dxAMhkY4ViW_9AW=yh^
z;^;CLnLsNU1})msOZSrTiovJYM~&akY!1RBhO`x?xTI=QZNV&nNy9;S(vXf4Nq;7`
zom9`zW@`%ot~3Oau@dR4vdK;D+|$s=#9IL0$MK9PeH}~A*k*1|F=a+2kv{dL+iBba
z-&}<5i<(1pD@;F&i;#Pk^z~6BdM3nI>b7ODApQMsNYi67(gdV(8TY_!M(g3EFMXgP
zU)~6KR{Gn=N!$PM&08XpN}p(@7aL6IG8vghDCvqukHS+X^7gkQFA_=$q8<^Y58Q;B
z%Xl>yIRrpwW@|8+3^0~hHE&`@7fMnACm!tf^QK`S2nUk*fwP_14|lmqsR5O|AL-nJ
z7P$eH9-svl4=|P%Q1>4ORsiuC9wz9_O1aQST1kn4RMI8n+Pec*Qf5Hatc7(7z(rI1
zv?7t5q>i`5NJaT|+lf*hO
zHygI3MN~*U;vlf2gmYFjUL&CX!7P``N_-3KXAjqFawILIN~#}F6CQV!
zBy7Y*fWuY7c+-HgfU}a)!0z>MS4kPlSDS!JE$5P2fzXjiR0@L5tQ4B3B;^iNDab|9
z35!aT+67d3bmnaQ6p-eS2pO+M%qpHS7)C^z-EjNei4!Yb&2dSuM3d;1dM3S#
zNs*O)3OA^%>C8R
zU7___X6;ITc(PKVxiJn=hia|^&iu72^uB0_z&o#9xs9=y#An5b3;O#XYgbm{S=L*I
zO|m*gvv%e6z0x8ZP7u@(7Wr#e5({GE0Yu+0P?aBXHPhmg$KW$8iCppu6`Gy!;*)}i
z(Tjt1-u%4=s-!K^f<-@**2sSeb|S%SOMatNWLt|`iaipF^1Ub;gaHeFWd4Tj5VMiF;dpd!b_7mh(5JL0x@$}x7(
z7|E9vomlD39&|}1qe--En@PNWJAG_Jm((JfWUgX;v$A&(NVxW9fODrFrRSu10FA~cL5doU3Du)9Z^vP!*MrN4N8_7BB$YZZT8+3s
zC`RMtSAmkQXtWvKG16#UflyMQn-p*Bk=A|>uK8R&BU1t1f8dyHbSQw6MqXgYKMuS1thQE=kvwd+f&@{)L
z6sEs(7a5N-I32~tO)AxZE(6|U*GfOV(Jh0&h)BA1F1f1Giwt$kpukq3q$?VIkS-i5
zgDQlQ0$m2YS8w`v&yg%{mpcH}O%}JyRFB+XxI%0G13v`MNS17invrlv>(5B`ZHK1W
z(6RuB{Wo1qW=7(maK%Q%@9;1|Xa0Kp-SQLJc(}kN`=jA+&_v3B4Buq)1gjK@egC1pgGJ*gzCeX`%umMX&*i
zQba%nQL%uP?|07Z?!Ae=e*gEq&vR#I=KRi?K69q*tgDf1K{WgtN%VKP?S#&`W3}
z`RJNi$Ql4PI3S@k7HA}8L1!UvfOf>8m(WQ1YBuOg0KOv-<$@%eUn9AQ;Zy34M$#QM
zfx|6>9IAvrM_#eG8p(@QY`IMUXhR^sTvsC*g8fvMG!TF>B_uf-NxvWLoL>MyQE^HB
zvDl=PR*J{|KKG4#fOGpsZsV16WnYaj{Lzk$$ty4D-Dl(s9o|2IO5$-Dj~by(2d
z7l2hI0R3{aOh_$%3N
zlYV(9E+D6-lLA@;qH|K*COsQ;Dht^Gw4M&VM3X*T%@%Su08<^1ze!i0XA5}*w5J?;
zi6(sxb4L#8RRG>15aog-o4-l-!!YG<(#_Fdapb=N=x1V~$SW4NNtaz}%MC|1mcu_l
zuG^$1ZnY()0+2f@m~h_(5<}J(T;z?(W2l&UHkf$
zee40Ar3SQZTcS@88)W5sf$XDelYX{)j{mL;!3uIXVpXS#tl9^%*Wdv0yY1i+JW*OZ
zCSgZ_SHpA1Xq>Dt20z+Viy`XEs1jz*n$2;azMesm?;M@
zl*S#*&&ekTK!50*MdV#-K&Q5fmj$?n2<~!L6Y(!d<2+V9$$MzAkjO^_FU367SHUm}
zu}4IT%nD!z4Hz)8#Ij)jqd2{4uk{J)&38&;9X6v#$S41octzgu7*j{9c>P%{UQ`i9
z@GE#B&R5Ma9tu_Qs<%5ZUX^Jft|q*c-X(cKD!6G97DJ|ajMW#^h|n7VchHjE+ad*I
zh~OunLhC-vw1Kgl4s0h+#R;nEWET|2^DH>IqVWdCKR7k9`|I>pVQT
z29HKOBIkRI9Bf%q{c8@?KczFh;vNWHs2d4bahs)tPhjCZv7}IpYLDxJbZ5!(*`Uua
zh_Y)jf>#+99NG$_R`9$U5VTr1^gBw>JB~0l#c)1kN!i4eR~huFP!YU+E;2h-8h5u=
znSITPt&0}H&7e(E$;F~CpcKXIwNu2J_@^BqmJAX1D9)&$2;N4*Xn{W+IJaYwFBVXE
zP1ho>n{}fXMjT4d43b6TFFD-t_n#8(Pkr!TC>4tI_{~blS|>t`Aw$GHh+0&3qA?{?
zrR$Uv4%HYAhZ9($5(U?Q(ouGwZd}5CHUZ+Wt;5kHhs(y%<1f#-xfGD6S#6+5q0$_M
zZqyO{$bx!&a+@nn3;5VCsc`m{wkTV6VaJv#&8`h9i>FYy)a{hW;`HkCRi$Z!apM&w
zd;$ySN<%A~965UTK{78J^j4CHyHkdXXKWYT3y<;Ol*3LAxugfhV?M$U-7k$=sVW}k
z8+QEd1z@#38PGz4J6Awi+^ZW~8Yzy>;P|`t$gjJ0K88sBgBmG`AmVBz;7!6oMqY#v
zd$40Sn*Bn`SO>&L
z=m|$2?YHqwpvqA4c8$Vj$Z_K$Zl-z`;G2#-1`nYX^|+dgxJH!`s?t^4k0AfQnqzQz
zbfZ+Gibg56u@2k+roz7sZMI}%;tuTLr?@0$jvk7^FA+-}wTNW9A6sX#F8xW4Izv7Wi
zWX)ZJN$)`8vkWxjx9n6?v*Xq#;=cS4k*Q-GkJPy7W)y?)E^r)uVF4lif;Tm&UJe3;
zLn>Y`Mewo($Uqc&3zQ6H@+JpZY^uT~$k|?e&LVlB2=4Z!D)d9p*$MEG6Cq;ZLJyeb
zWDmr0?Kz_jP6N~)A;ljKmNp?J`LH2^LslYYEu?WDj+Ik&$$8sO0y+N6UNX2HG%XTx
z^Pno)1&)yaMg55D{yv0EG%jO=BDOt_jDMY%1@}Cu+GN%l#U>Bf@&DfhJ*q1D%R|Qa
zAu6+~Lk5>c$;`U`Dync>-H3wnO`~Ta1@`~bjYaT)V6bi1jqG<6+v@*@jeA#|D8w0R
z8XvPysk!@p;-yyOcD^_n1$COTe*qSxxGOqn=fVG?Uy6&jxLq|IpbOeTs0JCF2jq~S
z%%-N-@diWQ!_o!mN9`O4SJ_5$3G!4VLt3N5pvlZQ2f|(1o%;aE8u~p}iDnx=?8Y0=
z6j53Xq{`;kXGB&Zv^rppw$;T>2SbVRD^DV>`xuQng7C-i9;pT8*a@m7wcxr75L9rN
z*{a!n_>-y}@rUe;DORUAnaovu(l6Ceo3@;j^!*vk?y#Di0~yRg3&Qf5g_P>^I9iLS
z+`)Nl+8iF@KxkoEo@2;WL(qyi0guRA|P8D;$GzCNWTN2#cjzuTUl>Gg^oIE9LA}!C!CO|)L9hQ4u2isF)k}-
zE9$^eqx&&U9CkRU4loB-Ie(2%9b{It>LBAbs(r(sop?~;atG;O(21M>F~@l!6zwh8
zj}|&`rUM~|JiLy|EIbeA(DF+K?Vq4BzYj2y?=B%j
z1pkyNgr`TTpth(z)MMORoSv02o3kYv*8;oQ|6EgN2Mhs>dBqRCA|5`@Y57|iNPGfT}b`!zQAvZ^IB^|zE
z178oqBoBr2!w_8@gYQ@e=Z9oH--5+-UZRU4hfIgPBpvi(L&TNBx(&p9&|Vk);k(_z
z`5{?nYqFS&ak@C;km+EVq(fzFh`3!3aBRx1z)@?QNBiBu`5{?HRBS%S)Uo1GJ5j8>
z&;d5dr`Y0-V8sHlnftmfUWadU2j_>VW{@d^F7HzLI|vwAWj92SAyjqCl0kKY6#c&9
z^vG_H;+@x($+El<|B-`2(4ieNDj$Y2aouk3oHTMtGO+M3H_jKLa%mY_2Z>%KW2&MC
z#mby}$ao9VJrxg!)<*sDR6G+p>J~jOg)ZRdm!Yfqc{y|sKd**<#?P-pZ{gWx$jEy{
z#gFw-z3|Zw@YkY=4jpf2LwFK@4}DTcWD`9ybSGO38G0I)DTg=UL`mh)7r~JD9afU0
zo)oeij-&EoKimOdBWTA9D)9^8Y3zk2s21gIi`Fq8sq>HO!lbEG!$bAJTUXyUNEbY{
z@H>Ad9Yu`U%P@H!zOhJ`gj)L
zzfla1+a&n|(_bgnUO}%ufTWfKEyo?Gl^
z#hS{Ujc2__;VI(U(ik-``qAO4gWQJ*$QWdf$O?KFlp&Fa4nPMYUw<#(u*QcV4Ub#;
zr0O{vo;idIGe*Vzh~*pV1sk44pBpQ8gt&QoZ1*=C!9Ovs@jA8q8cDYd
z$7VFV2hlRCBkp{UMQmonb%)5nhWCRQN#zjRwBZHvr+N^Z-EcqDibyKe*qnxk
zU{AbnI?5$>igzUmnuqyG?9`lPVCIgM^V}T{M6;LT5oBbv9{TzF&YnwYJ(8z!TEq;f
zo{^RGayQ;WZ8!ySpW&|^gNiEJFfCaRYPJ$ta})l5IyA{k3u+goqF(jK>152Q>wiAsXMc80|9SMMSd^!kSx&ATY+deE}p6i9XfvX_fiyCgXNR|Szi2Yxvb
zv}r`=$SHbrJtzlWR2Sr8lN2kxS@!I$UDN+skq0QNZ`dl#jn9#kK67IFr(OAg%@
z!g~~5^q}{b*y;Kc029&TbV;(=yD0H`BU-YtcTsxiL5Yp+aO(n;Nh}n3#iH{Ous(WF
zL)1$Syc+<81fu-1L3~tefFAV8y|$$30L(8Ti4T1Z)`RZfW=mQFz;gr&ki_TihU-B+
zA&H7l9suBo15y(ssuV_A8EN0JK(T5zZ<<|w%6}A4eOSNnSDy(qj{819W5ZwTkJjq1
zK7~V(CH3In#Gy%ENph>t@%5Bve9{lq$LfJY!a&L)Fh&u}C=%yZpEnupRG%*&mkg4R
z0J*|NyVd6g^rQ*kmoJ0%8qqm&ZuP0vAD_BJCddy!``n?Is6L;s)0B`~0Q~8I{MF|X
zM2Urz`4Brt_;Vm7s!#6$DhFf}0NN0U(k02}uRgRA;;%k$?6Sih572aCp~x#1xB6Up
z-A=({0IVU9U#{AOL-mPIx3l4O01lLpMSi9ccJAu&e-#5@rohVB0*W+}iTahOoCi8|#^
z)VBeNV*9^|;kU9fzP*CHfl_thw4*uY2YvDdwlY&8Hv@ldK`pdrrEhf!I`{|Ro#5Tu
zA;}`9+e+1`a$p?~+H{9rT&d!zucK5w@tn>$xfbB(iQz@al4Nt0DxO$7N)>OJI!e{@
zEPR63QATjyGgLmYuR*Wz@WZtGle
z_T-?Ut#f5z#hCDp&b0&4GM_?Nj?Q%fF>-XPn+V>~t!~4fc#Dq7K)3pt7;N3@El6P9
zigG#N99y$rux!J+RpYY(gCm!Ke{dYJ9TMw*B19wnwdXMQ`Ul6LGN5&Ye=mn7X?NW|
zp#t4%@=M4gcX0gtw#G;~7w`v&WjCYwgbH-4k&Jc*$H_1043b-c+~K0#!O_Gd`4FiB
zCqVm{=o~qBaGcx@7nxESeFxfa4!y+Scxjj|B<52@8-H5}AA^T(wGea`k_uXuLoYEn
zhJ1)mKO+Fy3xFX6qI5~J`3J{<6DrWHhGW@?Bfl7+<-|gfS1j(}*sGBp_%;Cc5Xdjr
z9UK=I*^*8HaIu6WXK*|`*p~D=0Hsjcfs&lTF%>nH4@V>bknDhzZbg-X2ggz!ktmb0
zq}l1u?CLZ1^MLBZZ~XbIPx(!#B6mU96cU(#vDaUHN_~o!xdi?z92#z84Xi$$i>c;g
z9@ZHt_XB>2Sn4s_sXncXspffDH6oC_0plkZ?N*-*^p{OY74Uv0L=65aa&GlGfo0ET
z#9te<#tywi^;t5)7SaWPUJl5wTc!80g-ir(mP0R5ebP{Zlml`F08bN$(k02}uRa;Y
zRP$6+OOE_efKCw$<*Z_HtIvefcHrLw@H>J0a^324e6KCZheAxiKTwiWeXjj%OUeMC
z6@daIIn`(XgE+K7u^0frPzR){4^@hQ>O=XO(c}PX28P-P&pYF3e$bBA@LL1k4aC0@
z3(f9OyA^SeyWoA$A<1n_w};y2UIqPA&@Mal;zKR389PI5Q!LC7PKKVt)nE8)uhOD6
z+1#O)m${vxmKUm>p|(*Ed>|W8*%n4umz!+vP|Ld~&icjPb#`#m0a-*0lr%}Ue;H~A
z^+k$a0A`QN!Eq)wcc^^|LoLhs7`|r-NGTCXpKj!#_G2tz%U|K`K`y&zQdIDiBO<9k
zwpuXM#y^9=>H(A!2;`xbeC60<)gw3Z2OMXJhcgE>I
zv7PiY`O-dt+D&!F>0lhh3mm6UPPWHodu`+lnl97rae6lvQ`v2g)0x;>3LK|n`ywH&
z5O-&sZh1gZYfC(q#X#lpA
zkmPi<-QPe*O931P;5`SVI$Ej}+|jNtM50WR)vPl@W;HM2azOQAWzb)JYGaXKmc4|T
z0RCEY^yB{O^UYnLHH3e*Lz6U<@K>KDPa{*^>T?UbLWGnfV2mS{4kXT91DVTcr}~V+
zwm*U76EIf0Xt(;rcKaBv?y9KB|t)|%FP6TKcu~6g{
zi(7pnv1h<3SOLJ(1oF#u$LaS_!8rwc0XSSjl2d&~KV&E43jn??A<3yeU*Yr_PXvQd
z9m4Qe#lveLR4D?g55+2@-465y7^jz9aR%f3pr5hICfk6w1M$C88^!BPiTjU51`LAt
zScfE!GuHdRawb6c6OdA(`g?VK0(~Yo@y9EO4hF#~SJmLxc7l3_*w1_I=W0CbeK#HnaW)9f
zkCUPoJkCS5`fRQ<2*w=J#Bb!QVP~2R;S7S$owpbK?a6BB9JS!@Y!H06$Q~r^L2zP5
z@eP8SH1j__b4Q@`FBG3BQ%#
zUW30DLwo2>jVc%e(sp>i;gDoSrrR}Y<&y~eBhbz}^x`#&4$w=dM&WEEBAi-5`&Fgm*2WOHj&duFhAt~SlHgPR1%JYt}vNwWP*
zjXHh@mQTVgw=f37jzVnnbU=V!f#MRrEmn0DCu(*&k>?Ei?gfg
zT#sIqc3aW@v$~*nXOqCGK6dQ1qRKC$_a|Te;xQR+E9w$!tA=(fdI1A8tBSTN+2&gD
zR@AP9DyiW}BjH))qtHdhN81q+n#hRjPCLjCD*GV(_81o|zaU9(w>HxWK-;xv)d)KdZ{tHEeM3>P6wlFe-*eCWh!B7CQ|)9Fr2
zhMqv&!(iOya+A$%B7DfhnH(J%h1)EMVL6OV#6U@tWc!yUva~en#Jj+J;&QMMVso3w
z^cQjBlH}ZkahrgY5|Q-COW6Bet_{Yjh%Aj9PQ>3md#!?}91%(Mtpe2Ed3gYK1gL)?
zkS9mvtB!*E`PBCcxa(_)*a(yAVdCwd5fN0z2fkI6@x?{zInI8bx1Zu6RLU-JxRvt8
zbGZ0!AwCR+u+-NooJu(=4^5wZ`I8lVPRQxnccDk%N@!O~;}yFS+Ldx@Oz}#26N}}H
zx92y{W~;81Atfo$rcT?O^tpK#?OspCCB>qm5s
zoU5QdfHOT*=5h*X_c`1JWPL^aIr56dRZvG`-IfDy3_wc)`Q^F_YP84BhW-GI
zEFsBJQ1dVvu%!C|c({ZlM?r1YQ5RHvax(y19FUsdP^Dl6b$TW>ERvOXd@$KbMLOR5
z$Aa=m!qCy=Vync`Ga6+`h6p}|%0V2-7+$G5u5vhvm8ZN9IxHJ_p&5G<#PJ!HmS}>0
z+~FuT!=FJ%h2{`wi!g1mY8h!1U*W2I;xhPppQh(Wk-0{wAMtn$MZ@N
z9;W9y^m>zaaY4BX`!q8xQ-2?OSadGPSFf26X-$IpjL<{!?xABvT2pp;#4+hHMvj{#
zOd>{p0FJa~#=Wpli%4ss4;mx+(orR$rI$A`Z3(T|Wg>KA{u{W9fM}6}!I0M4*sBC|
z&=)V3f)2SU0Ue{sE^Gmv*u?_oKtSXYVAJxAzrdTV1yy_+$5BnH6(;SRXUkGa+hC`f
zlr7EjWbX-k&3BTrSsXMmE+Fgay`Ceo{xqfOjw%@~!5h>|_>D8AjB
zUafov**D$?5!GWT2h2_65tR#%8l@@2BX5s|uv%p~b?XMeKP8R|CGxQ_*i)m15dP1Z
z5Y{ky3fX(&OjLSW^!;QnIt)yD%qp^xT>9P=9azd0B7jOYVoUxjmM
z>6tMn$v$}+?72}K?&FnUZ>z#BECo3$RD7O-_Mg5ojxfii>E+BZ>6l97Cge(^SQWcE
z$bv>?Rg5+xsg261Sp0^RHHzbqQQa1zise%7z6t(zltdhHPk$9fQcVwk4}Ml{Kh{N?M6sey7z%r`F
z6hyI^9yXnblwOrMe+u81I7TYc#%o~@6NChbC9?k;U^^&T?x=p`ct?h9B>>fQk=(@t
zugP2nN642WNj8)qXhqskL;D^P%)wXK_i9-$Ie)d7fv
zlv?oKtgBl4HI>{7|GMPs`UdTdK%aCMxYXT8rSwxA$l4&u&6G28mC%R!90!AtQ3p}
z*%3y}61)fiXB#-_InaLIYd;^ipIhzcyLc{^0|!kMX}Kz|iYN|T1&DtdT%N}17PUQ3
z<3<*>Hc#Wm7PT)=;|z;hl&5hME9{thUShdTENW7o#?35hE}q8O7Bvk|;}#aR1yAFa
z7S(%C<5pHWKigPTaXpQ5EvkT?#(CCiezvoyzIhtAw@&i2gGCj|)3~EW6~@yz-=ccq
zXjtt@Gcczwc*n6vh{)ft
zaFZERhB&5~O}uh4ruQF1(hN_NNPQP9lk=eNHHnHQ#N;+l;s{!F$Tr9kzP6jNsSqB-
zxrWOafr>F!fCIPlO@WjqKK&uMBB#OLw3Ls8nit7q3bw+U8D;;1J@G&vO`OT9XU_i}
z0{^P0iL3^;z|}a>m6aAu)!g*`(H)L-c0~B@hrp~x?1=RZ>kmg`b|m<^V`(fagB{g;
zOK~JKE0Y~{eS;8YRugtK@(o0_%xcPxY+na-iCNj~$n_oX3`Y(-@_qHcf}=S*dio-|
zfv08ZL8cUizNg0_I;~?yz%jzNgkq4(v7X?&MoDPPj!C}7?}3sR+7(Hd>bnQ8N@aD3
zqQP{IuihtcbPT5f`99ya&2V%w$3fctzSB|QDF~kh$AiAqpF!yrRtN#hd?UYvqfeQI
zpses+tq54(vX8;B*0=IcIQnsPHv4w(fTMpf74=KL&$`1gAcT5|*L=gDhNF<I$x~JnIj1!CeuKQpK(})fumn*K
z#2>Xt>bI{Dkvnjz848w=1*IoH@ZNUtHC40>
zqH)k%v9L;KsC&8zd03;Zcp3^EuOC2HxfcZVa__^{=
zX!0094I~dt`v~NYNs^pMKGo=iT{>XZ6zm&<6(7G8HsN|OBv(;Gi$sx0G9cnx5>cid
zGNC|;NFgGNU>grvc5oDaLN;aQWfjFvgbm2dRUJUPrf9<)nn;MnWGJVj%Bu%m@hsWS
zuz?+sh6gmOC!UmH&k~ADLID!WK-tXEbglpgiAWX1F2Yt+6y25hD@5aBVs3IGkvRYd
zr$Ot^*`Zk}cv2XVfBhYrP==y9SjkE!0Oy1oRmlQ_H$a`p*`ryj@gz}w3F$^xffDw8
z4p4t3YN`uR0?rOclwa4Z5AY-bD~i(-Vh!X+iYk!TiN*si=QNi^@`_df4CE^R5z#rC
z6a$gG9xE?7qj(Vh&K0XjKShCbKa)aeh1rd=NdD+9kb1DdBq9X}95585-CPZ`i*qH^
z{uXI$t`vh|E}K8Q$Pf7+ETs5QP8us3H4kEk@3}3SXdZ0$wu3R^H4kBj$M-X|yXK+n
zFnufM;;kc#9hUEy0Y?}+B7EOs1FE@~9WlO_(Tz4&gF&pX#RUk6U`l!4(NUm8vLnH_
zXgvaru}Ckh=36)q6kj;i>AJ!kgNPYJG(e5>yAZo&eOs
zMM9R{TbmfVa06g;~50RmB;r&-g63
zWU{E{5Xa>A%Fu(jJG`|2w_OBJ_K_2(G-2VKGW6Z5G
z^dJ%RR-Hcr_N;7vdBkFlWF4K}wo_41m9aKerPn1-4d?|tKh3U;-4~%?_Dh}{-2Ml^
zM=~Lz;TjncaY7UH9f?gc{hBTsu9aal+c4p-M(%YooTdm75#nPR1!%+Pq)y@@PRZTf
zY4M|L0yVBxY!1h2p=FYp!af$8*;0!y2a&Y6d>NP7?CUYg56|2x3BB=qQ|lW~VEv?J&DhV7
zBaywaX40}&*`LUM0qZ0!Q_5P<@gm>G+DOaVWvh_=4%S#&)+_rJVIDmUO#O0#{HwnX
zOoMW@!}3b74=bGudt&wD
z(5_oGFgxSTLf@d*G|@`w{K7Y|B^*lUH+>TxmZDWNR?H)Otvca2WJ`9$`X;S_qZK<6
zeEms4Yj#xg^&g{A6$M5u%AUVc|Tn#8LfZ
zxV(A-V5epJUQEMkddJ?nkJ8x>eqNL2o4K@jM{_GqEk&a%9Ak%lNq~7|{jwtYE`^n`
z&pFs=5%~#XlG`LMr3RxcDJ+qE04i1P
z#|+JLeG}^VsKZxdIBAAwIcWxAy|dts;A=o*ZUCh3ulKO0y@v6$Pft+QpqgPSTU(i
zG@85yEY~Rk8GRALA1t74F##%568d2hmivN=<0t|Un_7XSXo!TR=$UdaD8K?2KsF>|
zCne$;OrCPLXQT>NHlABohNU}RoUtO|Mq5ZpRblrl
zMpNyb)uzpI6SURb7dg|C(?5rOH}?y3h=WQH|pi9bT(p^MKjUvZ?h@^^eFUeXJN!)Z9uJZMo
z$5W6D^6;9AYg6QkV44Tvk-}DsO|MzC4#oKpo65er9;NOoe7tO$zk$iJJ?Nu1V-7bu|$L8CgSxBV$;pXGz8{i6kRv0$O0^Q&>XN
zGSh*<4XktG(C-;@BPx6GuDc|caliEuv=Vs?e5di(C|)XyY97MiYs}ZDqv>!<{~q*T
z2;&1r)U5Xm$Pa}7xgTmI%1nkss1JWd_N`xqs4n7}A@Y^tm2qDV-d;DhMjWgNM~`Tz
zfW{ZWberC%@||;TBEAffBOxX;6kW5(e0>dKm-#_?9BvVbEoNxKWBh8Z1pPT#F%l8@
zErN2-qs7A`{8I$^yYh%fEuG;p?u70IcHpI>pa>Z?0)Y)2@;=fnrH?`pNfZy`Yop<1
zB;f=2e2%}CK)FC*oBoY4wJ!blKc5>6-ECk3g0Os;Y~mdpAW=cM9pc
z@oE!rGy$!RLsy50YW|gpNPZh0vRqvQBMU(v?O-H*YfRLn`*4gKA!~1|oo6`@^reJJ
zrxtE`8Jn~^=yBsi7V
zK>EQ?etsOtKYG{aV!WpGhd@LG{u~QYa~4&spF%eLZbzUxNOfFtt!C>H_N|cnUV
ztr-`vB)9?|{~@8xNnVB3M9R^OR_NJYf%iU#q_Vxj)F4Q0p@l3gEyRbQU2^EETjyRl
zKk6$8X{Cj7hbzpP(pq
zgpHtX!>Azj4lklBm<+Eu_-nl=nT^q{2nC48aq+j14Nri$&IM2+Y(Pb+-$j5|L43;v
zP|R&WB0kwpfHNRoasd=~8&C-oR|5PBFAo~CiUUR122_!HI|7sgG06q+Tjwg0NmAc|
z(NAWA*xChfRabyysb?1=nSDVVQw*RwWra$U`j#J%{QH1d;-ZF7y-|R4ssHgZ!g(6R
zEiRz8&{Z__3c09V
z?WH*|NF830rvdn)1n7=|kUB_n3C7__r~`rQpc?nBx@$o8lR?{S;=VaFDp?VzBnK(<&eUJ@M``|nwKSqLdorkVc)cxRu=L)7MoZnLTm#w$KYc&-o5bmo(>$aMBN2D?k0_XwdJL
z<__c|H?aYr4fWH@^aOpPG($1MGkrE_^ZoSv3ZPGt=9Sg9{57C$@Y5eThUnfS&HkNi
z{x?87;?UJdqGyc+Xqxmk=w<6gUjp!r0}^_jA)wEc=G=R1As(pLA*5of9_ND$L}HFK
zjVpF0Q~|AqOOHsv3Ysxrnu{>3%53u;_N6PI3o@M^|6a&nJRB|Ohb(8GUD#L@Eu&r!0&*%Lr6|h0P<~&^2Sdx
z_@(*S5v0(|mWQ^AzaJ@d2HlpyM;hCpW&pHxK`Iv+^t&|U_u6%2FaQ%>5QoW)MTyfi
z^Y@4B*1iO&r(7hbH~{I<%q`G|xZijcsADeDO@~zQ8LLrELpAda%nBHO1<+qyI8T-o
zGOh}c;hOm;7D*WyQ303a;~!YV7!;+M>mIRF)DVDd7o?KSpcu`p*2b398-P(R$c>_?
zQhyu5e7Opp+Lrpj5pY!0LSIIYNN8CEW4Xg7B6wm`O*89dL63V8{(Ff=kykStT5qsX
zH8ite6Hp%l@l|mY&3|M7w3cRmJR2hZ0?Zrl2;>ZBlx}9B4X0@4Sg7lqFV%o*KuE4e
z3N#3#oKZ&$kCQ@B)V+yHhI|9GgD$Cvjs$Oov83#3xFF-^6Q*SD%3Y7*%4iec2eAioiW7(F$Eu0j>h%hNRd>!pQ}TI?}n
z&FAI&?cmc}Q>!DgjF~Uu!O>TXpjmQ+FsbE6(hR#}IdvkKCZHYe3a1%dB+ceJj4MO?
zdXY2@?QnMl&DJ7m=GI|+0-YZGoM(?628GeU5J|Jc4ue@xv!^g!z)Fu6@c{C+#f2n9
zP)3la@vWv0J&D}QLkZ^NuPv$z;s~bQ)U3Q#xB&y+6C9G9NAz;H8X$MCX?DT$WaB3-
zEMx(`{|35T0r=A{%PL~ww@8d%G^^YN^n0Mmy)X{DAT=z~Ys|(UnpL%?3R8Xoz_ehHZm=5F*>dw};DjfaI#2tgc(XdNr0Q?*d?k3koQ+
zI=Z#-ZoGH{ntTGrx_<&S)Weodw1e9Xz?%-p4k<$qtBMsxj?P)oF1mD8X65uK9@$ly
zW$9s8AJ-TpgOSzY_-jWf-u!~T5vNCSPivQ1jviVC@(3kUU8pdryJ=SDD)a$kkQPDT
zpgkwYUc$nzS`;3mnUjIetc5#FMCPyWqlhw-d^*-bBZ$cursQLvk
zaO#&uKCiFdt$9g$LViRFXcINFBY3I|p@^Eel3mtC>N4@?NJ_r>go$;kgV+Ito-UDZ
zHaRa#gZ0mcKppN-)B=Mrvmv_Km6Lec$e61|oJF4!K`!HdP2bxD46DJgpO`k(Mvn97
zL^9<+7(zeO1)Phth)28XO2hjUoR^9FCE`|ECxaf+f?q~au$FTNfN%ut2ieGJKcZwF
z)OiHsNb(XDmX1f5k7;J7KX4B@XuXK;kL+#)EXr!9AgM^JMYlzngsAWs
zuJ17(hpJE)AGe0blYeKEZ&IWw??r|4lqV}S^TIw|Yz6d<;&5(4WslL!?h!3%eIZIR
z_dNu;3i=O_2y`kE*-T)GB*IvyMKrC3w#zFRn>8~8dzC!Co5^^)6Mt<4wd9H12Dppf
zs8yieUYbPJc~Rpz&3qoyDdx+DZ@UtF*FQj9HfZ4#Gs)kWGhWc52VwLhq?`z2R&kcJ
z(L<*}C(?p%%&?W;6#)Fl0STR#x_4;i#%#Q;iY`*V2HHM9JvtSA>Mkw(tHHLGaR#(=
ze)^9Ukt6%H@Nak9`yjVL`>O=~fEFHU*!0+{_$U_sDnHcfNFiy{?`Ry|0-S-o#eRSrD%ffMTGEG(Q^i
zALAn}@%L0}@tGIkI;HWE95aGyh;dfa<8J~Ui&_$ozl#0^>`j9BnPxqVgA1~rLr{YQ
zzFv$P@}e9#K^H;ERo~3Q4iUuv<8OsLbpfcVrSrbl#Ze$%ltFj}JSf#S9<{|(Jm0r?
zSiag4P1I-@LEp@4Q62eA79od_|HvBX9d;oS2Pq=iEfC*!Fhmj&gZ?A$M&~O(1?{p+
z=ML|p+)03SvMcpROF@(ZqC@d#DXL@oLVmCisHemJ!aXpow`&m^gHr%(K;Qxj?UMZF
zEGk5%kM=^Lu$qK)AHQXUP@gm>xt>!>TlNhSf8v!WQmCp~B>Ly4ZmApvD{Rlb5_(S+~f{p%2p-G(u
znjQ+xHZsKcGtxzCPzU|8dBe*uo1FO4R(BU&w-}nk_oKPP-6$VJ1?~sjm-12AN*xK^
z_ykf)oU#ChHu6^(j1`yV@1LLupZA1OGA9#+#EDrsRI=O3T+Yx*TQ
zf6>G`*LSP*;UHen;+XB^#ameL!c90qvtmw>7k9^8T|3-{le?_(Wp@EE(ns(g2*h+w
z?iHDX(h2IuH095`WZ3PdeO@yJ9h}#sO=gp}ioLvhXC}aEnY7)DqXwXP*>2LtrI$C<
zOqz*!&1qPiwM^Q$^75p_Bt6PvaTa@cnP`$q>}5s3B(2BG*OZ!ci>YPOy|Z4E-dHv1
zWm>OEniadfOf%^sRm=9+OfY&~)iTNIHR-Za^8|Ywht*;a%M5Ev_Ht~}O`?|hEKD4T
z$OHT@z;WaOR?EE3CfU8_pG1s9uWp&AFat|rj}-F=>=v6|Go2vK0P&iV2Ku&)PHs`PmonKRGnALU=zi$&T}xu$$$e
zkXYv3*riEfj}(($`LWpanjaE>Q$W1tQ-!eRGWsn>6AhdLNz{5G4rOBXLFB!b&Awwv
zED=$jFuf-Em=6P(Vm`u<+00L>j7b`n*Cc(>B;5{ifE7nrIuj#Z9b}nwL6g^{7rjlo
zip9$wNIpDp)@(dM$n=_Y3y)=f!=|#=z>y2fOo!>^8&piXi3O)mza|g5zQ?3XbdY3t
zm~_pI#lBwiYogH=ITl;t0U2gz_LvSDyjf`fyWu^OWeg_kBu0?0W!{0AVv;wS0wy|U
z5fc+9kvDmyn8~nPYsYw%2AexDomM0lU|v@6eg;
z0mo@RtPz+!nDZU@dQH+lO;T(i3d#=Z9u*|%D3)n9Bm~WYOU0W!8g~%|;+vW{)M51>})pwu9Yb(`&v)
z{CxoNn)fY*br_>JF`8&NTGWI@(UPEfKNDqB@}A0OI{L2^CR%Kwx1rAM1prgbQ4Hw;
z{>T%!KB3d&;k5A;nVJOq6A?7bJS+8I;V{%2mY)1%eqEEE{GKMB11sS44W9g-CZ3Pm
zZhlV_ZhB9X==?rrepPGrGICe7cH)_w-dq<24S7K8R3AeOk8DJ343{Urnst)V)vRv_
z{TQweDoAJ0%m8#XYdE8;Tb?44UEPYuGr2AzUeK7)&j+BZTaPokhSiACHLM@@hUd`1<0p!OW(=~hAmyNITE8&5mh~K?Ygq>gJ#pkX
zQIO4`i~w{ks|sA6{1oc~qf@Nk2|Z~b(9Ib=A^@FYb!K#JtMnt3)Y?{EJd^k0I*@`k
zjD8{jUE7+&=sH#&qw82h2_19+No~vM0|Dqd))q$BwdOFouCouv-kn0!X
zZ1o*D$1!KshIS4}vH?idn}8Oap8RyH^kd{sx6<$&I$``2QLva93tdLLL8M!)n5B``
zomm=Lcj1{Fz8PUHWtN8>76@!)O=WarYcZo6TN?>|&tjn0FnUh_8dOGSSo;~BVSP&I
zKDec^U_GP12|#C9A2B-9`iaq*R`}yU55p{?U<0FL)BNS0X=!kI@|##SfTCv}p$}dG
zdNZTjIcRn}R>$&+qML#7g4Nv+CNllM>;(2X;3
zWxBrrI$HO`<;m}49b$AR>ms2`Q5VpI(eDJHJ6YQpop1fY=zOaT_O_DiQy0*S(LV>E
z^R4rYF0kqY<;gFwIuLr^aiCW)x^g3bObV9W=Wb
zn#n9(tj)~Q#d;ghp+oN;CJMe}&^(6)=q}bcMt8N&F}kbuD+Q2#00CTP^veP0uGVTs
zce7$vQRKT>b?{8?HUsGU7=0lC-OW0}=0>Qo
zo<7!dcqTs?4xUFjm@*l59yn3!WBtJ_eXS$R($~67!8C0FmRQNB)LT0|h*e*!4qTr6
zewKKOQqs?g!!tSYalo&z%t-<0epY`*_qWm*-QOy}GhtFMpqog(7~|;xczyWO@HX=^SKL$1}MZWy?%P_YFV~vRX5Gu+@^$gRKF0CQPPu
zW=MWH;-LWeU~3Y?hgj1YKE!&Q;Ez!{vlV<-0DOq`G{c8lFEM&r#q81FZB)mNN!>wds>Diiid{{>-z%gtZ;!t2p
zSCIT^9l|tZo)OkC<{4ov;BY8f5sGKN%VQ6cBdn3kGt%0~JR_~6#IuhEn+A$!Uojp>
z$rx!p#f+n@@0oFw6}lFT_fTL$F@EbXBL1VSQw$$%B?IQkA8q9j{Bg?R8VX*%slRTF
zwhXvD`D3iU3?F07Ao!?@fLBuRd!Erj3^{^bSxx!tl#LeoXQy+=bkE8Nc4q
zp6I-^M21LceiTPymPmd{WiZh=c?n~22DEd&@}5oJv@FGZBDpu#NIE~tuO6)_MzUk{
z2J)fv$ryT282j81S#%te-}BOggnsUdU~=%oJ;7Z;#?X`4|8&_o!ipXzy+kMe3Rsv9
zh+W(#jlh2`h91Pwgvex32~*^+y+kJNJ}$QkeS10NR3jNfPvW}QWmlmyJxzM)N&Kr^
zex~<*EE4BbD~I*Ky?4R-$yPzgVj*$|KoTvr^E*9dgt-m&am_KgwoD>jl_Ove)>o8O
z_`VO2lxp6|Z;_O>j_+CWtr4odLcTpiOR?;}Uy*Ok(D$%<7_9eoe1oFkTg$o^J8Z#v
zq2rrOzO}=?zzS!uKEm;BK)!XtEGQ|#`UJbrXiwz*HMsZQA2UP
zXt4gE!?1;X)1!v7@MVtgZt`su{o!kbU19rr&HbqTNc?&-mHk8#&7A2y;S_uA=ZyzR
ziGKyteXmL188vTaQ;wa5)oaGkvW1?*Q+aH+V95cqb+36ZCazwy*;x=1n0SC!80k|l
zCVl+FVw%^y@&!Da!^3OR_3|cNU2d_j*Q8IVS!Np)jMt>^?^*1VORw$m|P>zOu{tS>Tc%0@~Zd0@SO%^C2)f**F8ye8SrQvjy0
z)oXqRZ}Td1ez=)9$-`pPYtpBoO;2+QJ@^G!!(qh=Cw%et*9CYau*Y0Z|3ykJ-R^HO
z4T~5rlB6Cmy=H^CAa-O)7q*c1?5$)f`wkRBiuvdR1SHd(!cvq6-D7FewV@V{u~JOl
zq%5IZHnHLZnwP)0W70Q*Eb}RjNnfp}sI
zoK1MIzAnG}UKi&>m48py|LK<4g?knKO3)31`&6xHOladRf$k9^hxV7SfwdiA?Hw3l
zcTd7~63D)=OVgxy0mGMwB}t!U;Tlmq=g=o+@vFloh5sXbLzus4gu;G=_>^vi7np2p
zJr`RMzAiS0_S~?kR~MdI3m6>spyFW@hk$Z94A1z#g*_g=A6x_AW7>oZk6
z{b8>P#Kw$#U5E#5%wRWuqP6{5XsVi_lk?EoPm!f*3q&jG89EV1$>6S`-1(tv@G=hE
z>9mug73D^?!24UlxKtvhI`*Rxq3Wj*$lZ1zrQJZ9A`tgF(|GzK7Qnb{0hb6>m9>?y
zLJ=c&;chXTxuMIv1I#@PWI1n5l^W2tE#Hb-YCtDtQITFK%P2W^q!-F6%56t_p{(mf
zI^rM_`LK+luL^5L<3;rxgj>@NH_8q7o4`niX6#03ydcXfAtOZXGJfjHZQ%1@g83(IlKE88Bdy@KrDx
z9zh>VGNM2JN{AwG+-J*~?8?~<-{RNN6HZ-6&+#aSz6YgMe!zeUxO+R2wlcJ$?B3DK
zD#X*r8uX&qX5$Op2VNH9Q!tLP1Mny4DtuW`n3JFtNYG#Rssv$B;h$XHDfhoAshu*m
zSV`@aNySQPr>tj}l!*BR;heF!L-X}^5^!uVDjg7
zi*#82QrHVzWLwQ&b*Xv|FvRU>R@Q#X>`
z+mzg5U;<(qG8(%~ex?djh$WRnZjogS|eN4H_YhJ2afc)Z2{;^0#o-K`Lhk
z?R-MeRNT?$sY{`Q7w%~ya=NFwa_5Vf-Vkzjx+=MRH?ns)vS?Y9i6vUr`_ikj)^1tv
z%Q)q>Th{xss#9LI>pv$%Jo=DBb_o8Qs|jDOLq3&cQMxNC&RF_{B{he%xdpCb{%NhsB;v_S_LreLlCwwI%eBOrl-@A#rViJ6pL6
zMf6(eUw=|GY>6md{>jzV+9SV?E>+}!zGfHqH9bSG0_qv4ReT=(AhM+&?6vJ0or}7B
z1<`zcs){Duw$P~%irCc?bf%A`_koZ4QX2POQF%V9=BU}dqw*5t>EIxQqw~6n&TBca
z&)72k74I4N7VErfXTKuE+wh%ZW2?B~pLDRA)6tdPBSaS)SIfouI{dB8&3D?I%Eib9
zPMgEH)*M1^Pf>~O;|iGpAzbE^SocG6Mm4N)(Jp)F+3UEDc%dGz5s>UeMNU2AZa#ZtQ*}e
z@a3BD3I~XBnLbb(YvcS4>r>#+6wpKeDwD6q33G@7Ht9y?)jR-qIy2=ohrTz~K0NhVd@7?*xQCOeS80L&TE&(tqJ1^L)I&Wrv>ahF%H2AuIzSU0}iaqBebi
zCkK@JHr`)89pTI6lU9dfH3Bo9<;O5RBLC)t=(XDz}MJ&OA|B^HxAnt
z7St6alt9%&>|p6NDi8qOMb%;KtfQQ{BIfFA_yUYA7j=(+a`kUuW^I#jO35tL!xYm9
zr5P9M<&?WnRFA+&^NcOTUzhR=5V?I{JCV!AC&wTy-jT9#E7l(R=&`mG+rOv%%!k&8
z4tN%1^t2_nccb?re7TDx^4~k)0iH=(>}rtgPB&jf{kQ>(kN0Tds!JY$5$P=?yn4)D
z+)8DO_qVdEVCCM4#sX(VqA+)aWMrLKl1!rawRU!}U5_Q~W4
zEmU)gF5R3MSN~h{?3!Tx6OKG
z)mi4MK4`O^sodE-ktzGEUd9Pl^`_72Db$nk
z2%kQ3KseS#sW(zgm?hAMM(Y4_eWJ=Ne{F99U#_Hkx&KCQM4#b2ZsYtlXasO>Z*>4*w}_{u6#g|`5*fFiB(nS-cuF8#4P2^R|POB&hCwyx9f(f_5ycuRC)x4jSG;g
z-Gad#K@AL!b!grandqs!5M)u80$#RL7v;K2G5v2zs0rT?mQge!!^+Wj*Ae4*THdCCw)SuBP!qaIvC9_WuMLs#Wf7g6
zg39iNJq;T-(k-Zdz;U5k-SOy>U1tmvmqHzgPXQipMMRrn}3ZbJN1NNu8R95(vrcdC@>2S35
z+FO9V4d0VC7IEaCTy1o>u_3l*AJY->e8$H4m8Lx4xTW|9NhnQfQ1mNJ%8kTMfsnSg
z5WmtyA4B7Ai4yC6V2Y~;9lmmvCY4~n(xlverHMZ5L}iIHlS#CSNTX>qeb?V7pBabo7t&m~bUO+QvCXlWo0d^K8y~d$z3?t)0!&ZHm5Lv|@JrZH%9K
z(X!d`ud>gBn1Gj#-Yi5O0@8ZH;Fk6+P?De`mSQk_x-Mqm+0~9;4L5#E;2XlcXklI8
zpcaO8P3qrYK}P1-9R8a64nUldv1rXs|4w44e~+e*)cpm=vGFP=Cc7b3>-o2w08V{v
z&Q1USu-HJKpi_$trT>F`OoJ$`6%4<+LxYWor7(Vu(8UNm2iY+g<;Gwdd_$NQYDE?t
zRGFjuK&@B-N0g2C&u#a>Hy~ziv!*Zo1vcxLQ^=@Y<5Yrsy1|9?;*9#osndR$Tx{yJ
zU*p;pa>3Pr(2Pk`+JEMx3gWvECYRu?H&
z`RF4k_MBJC;e+-OYE^~KP)RGTl7)OOLavG4xD?bDQq>hw1->Qn8Ou#m%ALQe@>%6~
zPfRLNx!MDqV2hw-X!^<3BjD>cv%kw)9&WFXh{Ddu-4#F^h0!?ukB+$sjripUC9|Do
zGvx=hBD*Y=4AF(Nfq#kc>2E2#`~ba`sJoWWRs>3ocx;&2)
zp1*7C!xJY8>&@T2yQ?CQJ^!^Z!~8AHl_4d}=h^byo4-|Y^!zP%xj7=P;EWKHp(I|Z
z_B#4=pmL+xASYjU{-!^35ANt03wxp?0BkA|-l+J#E8=!^1g@yh1_|-ZAX!lZv_~rT
z2%5i_GxqA5-$;w7ddP^#+>D;H^Q>i58WV%Nb0I55nu66u;MSj)OmZ
z;m6~9Ij`yQu}?m9ImeevuaC@aN$;{^DA}U-lIfM9utQO65ehLwp=6#
z3mU8mKlRm;#v*L6?sg%L4V2EiNf&k)xOp8HeZWY51`s%!Ey8(Sd7jS};k>y#@5=2U
z`VAv7pX)X+xm>#JcJV*vV!y9+WN00mpo14!3A>HdZ{&Io=R*X}>!!5h1|c$5+=&%8
zkYg0TH<*12D%Zo)Y9SZ557<9J?V_+WtkB0Ois)4g8~?>V1pgH-g;9jN891&I3iwq2
z?h+=ef;idEapmMXcq%I%uR#t8=0SrVCQ8&zIN;huf55pA2%-4Ak#sBbVZlP{BreD)
zUh&ZE#|=s?h(!EPFXP3&17sa}Te*t)szK3JTkgih;BMuJ7_^m>r+O<#$l$GXJ?aPET*Vifj!^
z@l~X3w))}##qfhK4&=#;1GJJv74SmREX+~sNV<@dus0LSZwNLIOMUeOt?{6^zPN-*
zkLLgp!*jrB5xC1JOWAelN&!wP5kw@Csf+Pf>;EAA=>b_~=xF>giV}LWykdeKR*ETN
zBPlP;cV6X`7TF8X$kJ!Q>qDo=xz_V~9?R-7lx=etqNIR_-_da7W~INW*1uKi4_b~-
z1w}4Gi@A?>7QyaQ*H&mLO6z|SPyb*%MQQNHkDnkMZxsE?Z(J%i)`Vy+Q`3tu@a<WPXcQkB&19p%D7OVown)kHc4)bfrTe~YSw9;|
zAwqvPs<`XhjI0qtJOGwiN|4vCMu5r#x-4vek$)WRZ#k&E0PxnrvnqOP;aQF7x5%eI
zJKaOjK)8bL7$J=QQ01uaemdbL~J*%QzX3Iryg;|Z{X&$1MmvJ#viSQcT
zQW8OBqkqw?uF58Pu&X_dh2S9|`YES+)8$z<7tJ8H~6@Me$
zQt}>9rqiNauX^=lFQZmif5|nwT#trsa0acv
z@(`Svq;z=WXGVXw>tOsmFV`!wt6=>#1uSy>Y;X_KDQq>3Jr;)b
zeSs*`0K5?I{^C_o7gX-g`cfs~2GkX%q5;h-E$bwYqd@YqC8pD+$yLy9@V1v0
z;5GAb;K`Y8jFT@#NhCF8ds$*Q(s{~=Hrn86pgPQpS+_k-$gA)$Z$NSY6h^pt584w^XA@**owr)e46wD}Ril!@$Yb
z{hm?Y-91o1Ao@L{wmg@1;Jk@Emv%%SGs?)_1$LR!I^y0}NE)onZ7BEMY9ckK*CZIYj1MT)2$wIr0dj{L%;mCPR;XSVvfvVdsFPsTimRho`
z3%Og?olQ0`+1Zj?k$7~r^rm$nU&)Tsw!9BXx+Nz|&i*QeQMF;zB|thTMsJH4|Db9J
zAzSrPNn=iNJ4lw74X_}{*@CfIu{Y6r?*Y4>DR{Pv9Z*G%5;DdVJD{07g%yi1bBzSU
zx4mSQdR8oPtq7U0MkSs9Tv{Q6AFv{CHl}{X?u`mxfSo-{&eo%XRgZk8md+RzW!rW$1kaFg&M$da_6H-dEsaw*ni|`)Xrr^S^uF%|LMP+xH`$4uBx@
zF&ucdm>b;tp5op|nzr3;iRY1SRd#s2?^RG8mVw?k8YkTQ(k`M~d2wx`b#FkKPym7@AH!CEHs#O@nN1IyZBd3)_40Thj}dkCNHH1g#a2RZhOUI()GMKQfo|SU
zS&*znY=j8eyKzfPR6VK_tcSNl|2xR(JX)&sMwLsT7PASTW(--i`^=gBX1RxSITy|SIRcKSIX8?gk$-0LX3b|
za~2NV3AVMstJ8b+>MzQSPv<*2GfDplYy~zV9jL7H9I^*gheeM}fs9nh{TwG<
z6yDodTmzMjUJpfbXdEr#r}|Rd>pcm-A?i|kI5HdIfFZTsje;$Wjfxas!DNYGOJk$X
z_taezN%&M-;NKw(ac!imiyZC9F~Ra2RsoxnNEKo%)j91d5~|b_VhNq>3C6>a|BCu}
zhUlmdsTzi-(XJwmRzC2eKG7qB3Z?}+tP~clCgrebGpA@9)kb5B2A(1J%C@l-Wu=c%
zG#6Ce1gyfDwCorpeAOZ|KC4SZ`Ob?}*gYZ7y7~7b-Z-A3_pIYy^n@SCnAxw-SPsib|dYrZ1Ec6(>E0Cuu@b*ZDdn5WOEAF
zmKY<%cAUI$w=C68U8<{~26-SC?GTZp=WKP`Y7WlP>YlSRWUJ!^GaBkzJC+6+Ze*Kr
z%~$XFA^q$O8?_%4#a`m3pF})P}I%6M*2!*i%gR72p+q6
z0_h)j$%^&H_hq0uECUUqJ5H!+#{V=5k2r*3k04uCd?Tv@RWx;lj0^bj9dZsTyf+v8
z25L~F!JS(>Aa`w;+)9tSa_a=iT?e`NTVXLTOz!QVhRBV36=T9kP*c0e@?qJy}
z2G(+QhIx{KA<|xi(0IS6RyRN5P3bUu-MWmkIX|h@0$}$vsEre5yHlOf-=2?
zoVg0`^?-Lk4feKlR9iDymJ+NRUedrg2U%w9FJqA4Mlnb#FE*
zV|<|p`9?uhma@egU#7XX%yGw;KG<(2s3o1Z-+YSW)U*09S$PCes@Hulsmi)?Pla*u91;k
z)G6-bMx5P?K*}(eyRnYncTk8Oon^c8Hni2pqmZ_EY_z-d{=YWby@B9%`Q?{*^bCT`pK;)JSxv4}5MxJ}s}`+OGD%b6
zQA@;5L>pChq-ify2GwC17{1PuEE@voa8yZuV5AqR+ii)5zy;z%q$_v44K8FKa&p~Atl}LIv^{~WYq-&HF-fs01P#xxl
z)yr{0R^#1v8xTVCAHqY3io;~+RbS!$b6mMV^?v*`mZ
zQR-!*BsF^SNbD87*}T*aNigx8$!WZAx71F_L01Fc#a;QOcDea^v76T;cJzuX02|Ku
zdoa}0QRX8MqpB-wa`Ebl0!5ZXjy$-CA2Rab2|qa`sH@QOLIB2{=*VX_!@V`&-ttP1
z=iXtg2kxay4X%4hIlDLhJ|R}%q)I#KUfhhM>}xbdxtFqof~6EF4sq|dor2u^KETNo
zG!1nxg?~fbOQG`+_sUqh=Uy2w_S~yt@7ldm0Nk7238Lba`6Z?G7=iAE`T91W`Nj-@
z&g9B6-lRcstvllnuYsJavhsA+Qc$_qxPkHbUvOchlfrq`_%CqW>nNPe&G9%W(qFn7
zL#~sc8fBbVRig|sb2VmDHQt75Y_9Zp)tEh1^%BzKRwF5=YK$KOo-&HZo6W|7hvy&C
zCnxQRDJn+IHzLMPRCm5(b=wog`>L(HWVptW?O7vrz5b`TDtic-Pu-w%8iGzgJPo;7Y^xc-4RRH
zV_7qRlPN|T+Sw@D8`9Zgu#OAqY(xki%Vd1m>ufUL8_T2sbhfx%(7zvQtEeJ)9p*hy
zxx=`z?D$7!<0@DySyZpXWIm=kOlveUF0%oOEVHZ@jC&!M5YS=N(o){ML?y=jPvhP;
z+)9?d11+UO4GLXrN->aYNpvnQ3^`Xaa$139Gma@GJ(0ba>
zRC?%Pm)9Blf8Q*daNv7{2f%4QfCD?6E;AUXaS)j#a`H4w%tE?KDfG6D&w}bOFC1Nf
z6L$0$DADj6tq
zqn<0lc1u22f*@$I$NuPUym*?VlHY_jrP{00GZ4nTg&v4;`yAOreJ(ok=a<0Q0-Qg!
zkhSb_CeBiv^pvX0N#Z2u5#sCv&d;SO(g|0Gx2ct~d^tiEy$;;Y(=zN1$@Uc4HWE
zKaLmTH&ELvthW!VJX>MiXe_N+eQ!slZ5+)T2^l;&8pVNZ9=MhuSX5id@dk%GAP4OX
z5w3JA*}VlW?ka=~K~BpY>25ST{uo7jgZ0wXAekFPCCfk$U&=@1r$JO5Nmx&aF+^xe
zQ3{Hw$1Yfb5PG914x!W2BJo#7V&C6f>bg_w`a#?FubCp_O4xr*g>B9p{BLCwiGNlcE`{v)60$hFzOSLWo5j7=ET@txIE{3(hc6PpSZ;s*i_1mM~A1+
zFi4HPh&O@xmPN+s7=N1=n@O0dV6ndvWK$4C#AQ##4gX-jc8kP%+sdn;a#y45@Yp(c
zuye>tmhto(JVhI~^-(;>_yl4)O8D#2T&!R_fvWw0orbKU>BXYU(~C!!9}9{uXFP%$
z845Yol=K8GeSD~Nj3_Y^aOWYYNjJ-4Mk|*XMehV-skQLj;`>N8Q(9_p>;QypSw*x`
zC^ZT3FEDn`lH&GgartwD3g%tEdCRUS!{YAso44&^*Kdy4`ua_q^lT}%P?adQI|g*$
z2X>rno(N1#2-F1DmdJ;>Iut&Y+
z&AXL-rDSwl-CkSSmm<&e9;HCsC@nyMce*|^iO=16t}#2_Y+?|
zd7dMsf9m7M*16vKfw510eD5&TyNFwgaqtABU%yF~$XgJ80cy}Vh(6x~*z2Hf3d08G
z6~{h^PS*g`2!+M2T9xHtQ2$5pda9Llt}eMcC-Bc7XaQ5LbQ!D0Uj7>1bM2dMsb|wgK<-&rZsNl*2svgO
z99V8w$ilVj0#WjbN2433t+5rYBo~`74Oa=;BFF561G^=OT}6c2Dx1t&k
zs>5v1S7=;B*m?m-yYcmptS;Y!$-;EdJ?5%>M3BPMF;}xW=>BmPG|c>NxG;JGj17mJ
zMf@BW5nc_TF5-G&#JLRe0j1n)H`hUBXX(iMHFVu}YKiI9SBs}$O=#qOVoFHlePXtb
zyeF3zVgMM{w2>>-yL7K9A~94b3aPVR8F}x@k$04f=%`Weui%rF=TDSL1g^+wGe;d*JkAjZ|xVkKzZWM
z7SzPBYD@VF3PCmN;J~_ak%h5WMo-_a4S|`&*8E*l*7BF7aC;V3ySm?x;w6y
z{9jQ^@)qyjGj9DH;gE%RlakWnwTL88*_y_xMZ_gNh_}sxdakate3>p(Z%}y+M%l%}
zz|eDFsUhXPH$ByfTug!J-H&PftDmVq|84JX_t+aUy7c@h2?F|24!LFJ-RcCiqw
zTQnIx#E@MlayS*O1&Ve(LpsST+9(L%qU}Q0af?R3c~8*?JjWG}x4}OO9vwYoW(qyZ
znA_3NFyc`+jHn*{#9J;---bt&Az@FLEx&`xm8))n7IEu4qPs7~y>AMett+<`sKHpC
zQKGvU6)(4^VJRQyxUSUANSC)yV@AL46r!}?GW+1b)kL93@8z7CBy#KqOUytzLMin6
z(L7Kc=BIIJG_))O#axdA3-h6Ah)hE5u<_r4NLwly^|jF_L3NmoWaJ@8dJYuxA`UF$
zLl`6y33dCorYQLg9wtySQnZXjP#tE2jQEA9pkM09O7$veFfck6$`!s2->e^OJMqp`|$}W;<7yl|dCmsD}|s
z8;rD{lHpa*BcM9WMl!ac|4jwOd;$lqpp#U|iG(VJKPA|Vw2hMCRnRM-I?M(caj&;U
zd=HfMwTll=#mqBDmM&@OEQy;$(cRg_S~A4Xg3uT*+F;d4;QO|Uhr;Ae_R0`$peic~-puYzj=s^a#-AkB*0cqN{?
zaO08gpSK3x1ggU#AooF>klZ?v0aS4`|J7LfuV@wL
z6rVSe`~)bsitYH}PCN9Q{1}&x`ifa*h`iR)=iaDtGpNPtYbXu#6^Fq^HyrlQeUJ44
zxXf-ia2YAy8#Jnr$m%H91f)4ip*O0`0M%iB8WH})g^Q;_F_+_@D?(%vs>69x96-8R
z71kS7j)Lki8_9SdPX7cH^D7**(?ueoUe3mUbuPzETuO#Fs+0uPVK#Ema_oWIg3`W*
ztdKUSDf$>idqCxt0cHPZjF)b74RC1e>8Ls~GP7c0FW=Kqx6A??M|~;2c7xXmA?}D^
z-=ZkKtBVGPHhYx~*p%@nmfpYYdp0U?p)L<4n88kDr%5gvU0khUh&v7<k|2^{FbQmD8={FsR&0D7#pA^1s{0
z0)RPSNo_-fw}eefkL!W(mJl6T@En$+iHETzRA6sRFjuKDfnuU^OlY4)mhzY|4z5W9
z!c=_T1lSBz?HW{x^o-%JOhI4{OpHSn^#H0(73qlG+O0*wyi{^-8@{ij_^p}h262Qc
zzKKeu_y0p$Z0SV^6X
z#kQ4=6fsFm`Ejdp!AD`e5~qS1Tw>fw4r7{wI#OXPXt^C+tb5TR{uX%ur%F=)OpTif
zoGg4^L?sy~ldpO9=Xh?o8+a!v-XWUzpys_NB28jxMS)wK?}@lc#oR>39N733
zkOLLJ7rMDr+{U;ek76~j2JJy%@7KDTfErwOY4a0Sin1}b^mvN+TO}GyruxB^#(NPr
z>ISY$X|l|o-u|JoFoVwkb_S@QhG7@DSl5pUcMKO|6{zMbIPgHe2vt{?fYEa=Z6U>LBvOxVl
zRTgf5mOUyIOO=VMKqKsO6bFZ%Hhv|(onn!fl*ZWlMV@%&#|0s#Lyox^2QDH-&w?gT
zQnKNgDRv|MRGHvSo(Dm7n4c!T@fe^_fMR}z0}C5NF3Kd-YuhdHFVZ7nG9uSP2D6cj
zf8e_WP|Q>uSO!HoMIxa#eQb$VNMBGgyvefzs1CD1Mxl|1SlIm_&A>N2oY#ej8M-uUfE@27vgn=s>Y*
zmEmpJDy~!Oa#{}S)v~*z4vFa(G71v+@
z-Uur`uPYZ<9(pR!tejq`;4aGCmn+0gfY)9GVy5ErB8VS@dcz1}z;&exAqHG;su-e3
z=!3TR4cN`d^{PHkzynP_K{JjiDtiLC?CO}J+A@wvsxDN)n?wOm$2W_Zvwo(-UpR;a
z|GPpoMuyqm6-c-JdM&myasANR6y1;(;G0Egk#OW4JpYJa=A$@p!y-P>nIMZ%>$8x~
z!#9gSB7w%uW%y<8!-3(R-OGdQUS9npiuQIU)`y_=eWYjc%_8Qkb#&N<1M1}u?9%d&
zqh2DOSGAB7$qfy6J>Fl6ev6FTzY?Mv9jekE(VCc
zLcEX69Vv2P>Z&E4arM(}v^<0ELo@gX)Se1^kH$JLsB&rSd;QUVK|PZ!+gi#nU
zNEpFiyJU*$$Ujj*dIbjX$0*7K)nR@Twi#NQfns)Yg;8uRNEpEl+*&XK=~gAon=rM%bEOF+bOHYn!PIB+r3I1WUp8LwMn7t+U+3|#C{2JHvcVK$Pn2`iXmpqS@yU>Q_<
zK?V_gVh>CBH{vR^66U$81gH-4ldvnja4QTbW?dXu7zN~lgb{ol{`tBy($C6ESM}DG
zbpzF5ei9bf4OfOhF~{M+!YIlWB#hvL@hs1Bq^~Jqo~zb_>M%bE+u8%qJ%D2F!-0jR
z!ZMLasG*ZB@fFf}N`~jEi=aBp1{ra0wZaW`n+$QE!g(#f2B_TfWz@=Rkvlm8gH7Oo
z>DU+pm7#cR>q2*NdF6wKH0t#MIQ{BjyvJ0by=~q?pyh&Tu8~5l7$70k4!GI`Zxd0f-&+WA7S#L7N$fnhg+4}6otHvNMYrJ(5v5v{RiU^x
z8x=<*#nF;>Af?*H%X>4swxsv3muj!#aM&cIAG!rE{8dceVyqL?1YHRF3!r!fx=ES>
zTM~{Vjxq{J^9dZd0-Nbj)12gX6lzKwfUMu~Zz!9Q?n#uz!6?EXqi8><4vWB=b`nl#
zO`Gu1T(o~WIfnzwr6oyFD**${J7tj+7)B|vqUpITYHS!n;Dn00YrVHCFt
z5=QVL_u_vIkq%bEye8WXREPOV*dmm804U~g9CV3ABB2HdODse>UzO5pvdckrn2nlj
zgT{DT1(e=pr8ny8%KZ^kZnD%6)CO~qaK1MxWiWxCKpr5RpN+s@4QXATBjVo8!uo#;
zmIg{%y7p~4s9GADBu5mSXkUWl%@^r$Z)4g}d|q?z3qIMLXBBJCvx1uQaYQ|)0r_o$
zEQP0cWih=h%bDk^K!u>GAg&^s)7wC;RlF^=&A)-_pZ%jHXj>m-d{=4w04uQ$x)B9UD!%0~GVH_EdC*c4DtD6BWG)poJ&xR$VKnh-aGYIeeb8#HA#q<cCy)%TQGnRaK!9l+bS>
z)E}FJm(!L|ow5dg@Y~1B4pVh@??ZgmXS8r$@@EBj*pM@-v)NxyoR
zyW{_h{C)n$A@cY8GhO*{XVEMlfV5Lehu4HhfXYqSZI;oIEitmhS380?ODZ&CEvm%t
z0L@!v!eGKK5G8h$BoSyNIPHzoa`H5f=jRgp1B9fCsS~+n4Mw&0klS9#jn#4^b}G5V
z>~6uOAX>5fUJ4dH2+sH8q>ns{db*s1aV;WoK^DnVZ4n`*MRUlaLde~#M%b|@jV{KC<2Pv%N0gZqaa}f
zf2NitrXW3~gn2{vY)~EMCt(eT?W0jkK4Ava#h^(wN!
zl}pTSMM^`RVYcsf&EPPr8PXg9v6@H88v9w7oADO&r_fQn1=Xf5l5DTgGktb
zx#KqcGRNV-5ATpwo+J)VJ#1Dbs*LkJY~DgAXubu&nF$0EL(xFv+TuqZ?
zZDGaycCc`V^`RYi0Tu1oDd05M8Nz9fNGL+7KBAMeIA~i$XA<*9LtMQ=`Uk#Q1QK!M
z9uuN0Chq>qd1+d26;OG+>LJHcRN+a0(_6yTEfv~Z0QLi#*H^w#w3Y9)iA_Hq_5+fMeJFV=`a@uk?>eEA&%mgc?Jg-
zN&DBJ;fJ_33`cW+9bpo+UGet*4yX?ElYNt5Um_@GI~zxHGXHo?wWT
zNY~+;MQD+b4ZfH0%iN2D<`bO>l8n&(aipj4%_5LU_#0*U8o$iHaL{FuUA%@_neKiO
zoe96AKki1^gG-h8W)Vl$k2r{gCv7YSK{K;(&;o+&B!$dpQrBS#KiH+Lo85L(sAz!#k$#vU2qi$FE
zPr3PQ)b?Pb?pi|ixzQgnAL>siqY@O}D0;~?>P6Hi2DIdiXiD?dyQ{j3ltIM5!XI%0
z$SR6|qvkKSUlmI7=PLf3lC94-qZ6+ty;y=b$`Rnax0;=fYIUua|*S@_nwVMqS
zMM^``G}#}~1Ts&UvgG(fPyQH1$AdLlg&$7{97}|R$^IH-vQ>C|0_&XYZz6Rbo)G&q
z#&LU!za$NGR^cBLYV;j~{n1pHFlk~eTQ$v}lz@I^6<(Tf_vRWx?1HA)*S<%CneC51
zl0w2SP7v8&A}cm<2s#)0dY~e6}3RzgUpq{XY
z`%|e^*Da_o>=Ewo2Eu;C{oPR5Bi-MPggr|Be#%&2kV8kKSHVdbHOU)wKf(V$LEjuh
z`l^j?YDYnJ$R3K)I6v@@6%(C5_{ZXjjt}|tjG0r4f6ScdRNx>`+wfRbgw2UZ@ei9
zs>5tF3AFEkZ5SwKbsSg*#mYq@p~@p7-5zOfn2b9?b(jq@T5P!uQKs=F`haMT!hyw5
zU^{3GB#x$6OtA!MjWBtuL3Nm)Z2G)Fh%KO)yK!J)6ye7I*yD5#8pauW~Z)e$^FTNW%O1jkd@YJ%fce9v35RELNr
ze~hB}pgJT2L!FbyX&=$_5fa|VZ>#}9Y{EgiMI;i(O2~U3=|LsWi{gI@szYqF7EHO4
z3^`r=rT+mTQ(+fq-OiiHrT@I|1%K1VFy#c{+xkn_K~B+iX{(37ISl_C;cxbr?SY(c
z|B?9ZTK*sxKN9k(+lK``@k4X8pBKVX15mSIXbxj(8(Vah-
z?_7Ra30(tQzsG={?y*w!|$$zVq*FmH#B6$gz|G>FG$!nqI{TnK;zm%8YuR={7
z^Qe@U;BO}7VLpAG>wEs=Y$E_U7{?ed^mbWkAxBDU*B4^>R5`R+TTNKCNbt~bw`Xc%uXNdF7zjSxpg4{f-H-cH=_(4InI0Ew
zb^u_OOPDtKm4*4|12V`TG`79cH67#nC6Q{UaH7x-!Tp
zkw~a{^(`?HX~QrX6G3&Djn)+PAp>iQc_5mrabQ#E!f4Q%f;dXAFvOckUkKYT9s|{3
zewy^kQ=O0WMO*=OgsSsy+PNj)4XSg**h=y`W27%#jkhA@w+e*tMbrl}OYy^1{4t8|
z2<7iD`G@&9I6!_)$szp@`XYt_dF_&Hb6)WDrBHsQ|3Q~OFEH;jW^W+J>)hB?OR#5n
z$fx#&DBn9|-yOb)6Oi=xPg4GMJzh_GkE}(^AGTHlsUQMY&1#0iJSHtwhszA7-
zgFi;mzTg7Ul}xs_y)Q#nSguIV
zNSREvQN?FJ3~jxY4fA!GR=75(^_DcDimxj9h{HD=7^&iG?8YEON)3{j>a*Vf?@!;!
zQlWwK$0)iKDp9qMR9`Zc0ZVonX-V~El0a&4DV<4Pd7mBkJ~mHEUV)ZZ0IHr8bbBlB
z$>R=M-pBv80(nw?d0$IuFy43YSrJ@RF{sD3$8yRp=Zl;M(YZ=tYprmlt5B{0`vE-T_
zJdCI>l7GLmN>l;oit|!lyy^OPPOv;0FQkFrS=CKLc4o@psq!wNHk)CQtI8vnopd4zewuv+Ak7A}61(f?U-Nds_RL6?q3FT|X;b
zRZ)k;K5^yC$>-y-(pAT#?-3FkD_wQWYD$%16&_ZuI_0`*l62L_mYRIN9UIF7!e>^6
zzp-mZjA)!R>Wt;c0Pi1Tv-7nx-w$zSV>0$NEAnrc_01V+Y*}sWBOfYfgc|#rXRNHo
z1I27RSlqV5#cewhWLu`T?e$>W?usSbwpkI2VZ}0Kn>X|y3bu_Zdf#!ZY`0ly*)d$v
zfnOfS7_-f)Lw}^etBzAt@f)lX--2_)=d!HWk*S80d`gv7u5@>elQqA=szP@kScTii
zWeaWS#$ZEJwvgcER*4o6vH7$V{I{M{7KaL+sRS>#YRPGT+PE4#$vo#eakH%8wLyL1
zcr|ynT@j*r4ryL&Mec@6@EQd7HO_qB-Li0blU~?5!_~<^4dlAP;JWN!KSqM
zZ3ynRIUfB4beb!0;KlDJ86k^bGHAgEmUsiHPc5eF>Z*MQREPO#K^})YLB0aTv_GaR
z-S|fnx`j(i#RV(;e*^x}gs3=?|7b$JT_lpA{djjz18~kSAwz7#w3-gV@*GxyOR*P8
z6)wg8$thMeZOFAFt%!#J&-+lic8qrI*PsTu7Omy4BWTwntrWMl#PU*etmQ5>#|@kF
zD(+eVUzD{kHiFH$yA+)H4oGr|HY&)W**VCPq4LRA87Xw}I6S0E|1C*UZlixDtS2JL
zl9ZZcY=0}F!Y78Pc~Tl%RX6PxpavPcYh3o1Ro#Xv+ZpkxvQy2U?6Cw8
zqpVEju{MslOem%vf#9Vut3mQ&_*aXFK;oKhij&Xb%AW@HvP
z795ds#%Vb{!sO&>IoHhK3H>>e^Mx5R2^=Gp9ItIW5iEy8w$lm!kr}-iIbFl>uZQ9L
z5`Mo~@=N4QdP~~*k?wG}e1=>v!m(@I-TSKGmTXXE-#KXdba6WSS=sZDCGFi4qP;3<
zUtq?32DVxIrS{gkb$0%|c-e3N~N?D77RNTD+St&YeNpRM2WZkT@mIh^I3vJlC
z5X1ar*aS2B5wNw{BMob%4f_Gq&`Q}{36H*M6_bNh-2El8cIm8X!C9qX*atdmMo?CE
z4zgq^3quUsT?VSVnK32K;31z^rD1p=oIi+VgBoPmig9=6L3>+JW2=tAdZV{lg6@W*
zxi$9e!yw#mmX_1`qQl|CeWKlXu
z0bWr$n(C@7#+FoFl6E29>qMH`m=PTy^VBY>$-5P2K(HoSv+-cq#;mIMakYs*$&8o-
zCKR%Jt3mDn)H*2GH#>_+Z+UhK%T7}T@PD5;Eyl9#Qu29KKj)!M*3n;v>Rq_+g6rsSm#|&c(LV-vH(f{9
z-SfQIC!0gJAuAO@30Y^RS7&XezAW|P85aJ;9&Z4SD2d<;U2!*#^30bLT;b4(cn&iJ_M0SFt&0C~>i?#eo!SXqt#Rk4*R3nG*?MSTQ
zu))zrRF!CYDGm}}GK~4)6))ky%XKnPN5G#pXc@eh0K8D6UtCLNL?m$}lHL_(OmP9}
z=*`lq#z51@DDr)cJpzfx0K3iDZal6K$qFG7+8~}33zS(E2i8x|)M))8kwiR%3-Gx}
zhpF9xcb7mXP#xySCZy>xD$rEJxF1yUHV(Q#4cQx0jq>CTS*TBt|FW?b#{~voOPp_%
zqOpB}!85^A2H)Buo-%eAd}(y8QGx~{I?wq4b+gV$IzxJtXGk1-rkaQ()zOhx5F1G(
z0}Jm(i$9OoG;WmsIjKAMJD@sbE#ICpn18I8__EOv^sUBJoHxX;p^xLo&_y_ioow*X
z_4vKh*g@o7M8=~Q?HZ!P+$~&1gb+a
zNchv7!ty6b_+Z2M4g|ayBuw~VBaI@AB9YiD_OV1|VBXsxeUJNG_=6h^L3Kz5`i^sj
z(>&3%4GHgO7;TU%28IZ45shZn&q$(`QNz2a&Gj?t(}_qVS?BOJ+$WGuP@3EU*(h2I
zszU;)7Kx!0;B<7WWOmPKiMwk-oTPPtJq+~y*
z@Rg5*cQ=eO$Q8A5C?>qSQHHLm;!hrt7q!k3cObp;qV&}*(p9L4d{7;dLBf+ch48Op
zA^dK`7zToP9EW1U?>5Th03s5J{cQ-}fb>-*+-pLwgX)kB5q45%+6pvYgl-
zhVXt!J1F6J8iqec(I`+Il0m{7af-%2iG=4G#^WG}6*v?Vo@>M&X5qxX^K-<1kj5(E
z*;@EXP#uy%!sl}e;k`(B9mDtr1Yv(4ESy7$b&N!s;p7lp7Wr~spA9CJN_%a&*ZWw+W;ggK$
zOUT&~hX1EHKIKWmmoy?$FJgJ7@Q-Qv4}uzGzgjMpH0slfv9LRnE7v%~-HpkGYrK2j
zU#>$Ff|gH%NS|p$%!B0o_0nI*wZ0!i_2tUtnQ7FM`f{Yc2v>ersn2%LyUTTOqmr!{k#N3e_=d?bFmZ$ExHr0
z@4n#6@J*W1JqcelqJ>|RBOek+UP~~FOcHt!LE?Q#A5$vbl@G3cg6fcHQaPH_d}kV`
z-JN-yb`>pNF9Cs{8&_~HB7Y7tp~-H#srvJ36et#%B<#08O;HPwo=O!iitxuMY67Z5
zB1qL=oc0kN_fRz+is*^Vg=>^UAd5am(JD~6739KuSXz#&zU@sE^H4on4PeVSt^zN3
z4>gnb&f&7)r8FVN@{I>agMx@HmXVfy#x}?kZ{ol{B%wjoP0IEoDDxfC{>l{Zf!`~j
zI>gV_J(c9`F|13F7lVVACo&1R3+wz$kZ)IFl4OBUqHItdVk0r}kJK{6cdKQo`)W)d
zWLJ1_I3AhUa*H
zV>F&`s0B!bl81*o`GfWkszV}ZuK$bEJkha!CCs@?OZ7zN$17#|y-{!ss9gSynQStT
zf{{zJ5ArF-hBIm4USiA!POQX%Jwjj}b|RNF*oEIBljO{8WQl`F=PNC3v|%5D>W~Pk
zl?9wa^y?&gk?{@A#oss-6TK*FD~l%P=keO(l&e^{g^A7t)gcii`e#ld`d<>gz-WO?
zaSsljXnMXQazU$UBs!6puU#<37^IbyXm7VQ8&roxkm&ZDLi9=!J>Mw8xmb&X7L7+>
zaa!h>CEg~i66Y;SPJrqV8?}s%6H*~&TA5#PesV?eS}FC5s+D;#6L488)2lqor!XRq
zxF;EDz=_5Quu_aS{jY4OT82vmneQ2A((P}N`HDSnESpxKPIE=aWhAX@#76K9TqbSVs-+zXm9}eQ%cd!ic5k`+
zOOao4Q18TkyL}PB)TNTW9Xw4RqbTaPprTN~QnKHn*)JJ~s)N5>L~S516-oX~$qxQp
zmwzJrRkfRT8N>M$E20&|-7;bzaGMo(j^=*M<(9RgxLelK++&Hmy0IR(B*nc@b6*YR
z&XsMpdPB*b({fl{I3hdlHk98i?B3>nCBVH&YAha8i@dp-`yv<7u@@<;6jA1PbkS#J
zLA|zC2~@6gRZ!8f6~U7uS|j7rFnFghcx8eoMGi;CE(P}{g-I@4IYP8Z#@HO0U=$)l
ztiypj1?iUkt*q>CnZ(#^xFwDtovXxp@%7W7IwXSn+Y(OE-%Ju6Yh1*+_zedwS|k!f
z&7VwB?hl0Pl{jy;Qwdau*rKp``Q-|K?NYE1M>3cAIyF@zn
ze$DVAFZ7mHseAWqb-ubYsU(TUJR_w~a<2u6_*0Nu{uwFvUEQ)P
z{^=SrP+gD0Qi~-Gij^0v){JYp27j_^595srUG-`C-KRJo9z}*D_J(^t)7+)kLqSWg
z_{-2(ZL!q&t1ig^t?{m#v`|SObg15jf4jMYml@=ct{Ew-DG5s>A%W5Fl&;o;&^;X-$PK(6;^<
zjBVPr3ZB=;A5GKipv>57N;y4o6{MV4e!$A25%Qg|4RAA}GC!1O{1$^f0Vuyj%Z;+P
zIUNWp_oMQVPK_gB2e6|-HRs~Mr7nf6CNzxsr}Dc3L?&^4gu9!zAU&mIdK>BkpgJr9
z&3rOWXgicq3Z6NOlhGArMK#xj{|QvK;b^q7VHXy~e-mTGU&;o`5{ZQTRG1uf}N0b0c0w2dJ>>x!=N)Ybf|{rS4a1I1sM&m
ztV5d{V3hq5fz^h;%ae>xae_N`hEUEe^v4?_|3Ec7^$iA)hl^_Mj172pAET(k-*}9Cu@w7vP7;?1y9XiI!N2G*20w
zrmcDbREOE%%;-pZ5MDoKI`0HR?L+B&2
zMen6TJYmG+f0!!78!fJ22&>=tF;k=lItGs5q+-p_AuF)3#0TKZ*i{wBG$I9x%$<$U
zs&GCNUvtPY%%g-czBr^Y%gq^+Oi_gM4WXDvfyUoeEyJHItagY?%r(*>wf|~UyyZg8
zyq%O&=7&pwbWP~Y+o6W1J6hQhP)aj_u=h6Voa&P20IZR8+hnzU^m81g#3Xv
zVkd!3aYPqowrw&+plkirB*aIg7mbp~f$f`I6(`2O>J!sy1c+0~yhvL=1lc?6wx#JRjS$OqHk;9uxnH%bZ#4uJ
zdndAAC&&_VNYie2!^l1MZfK(150P`)6(Gty@FH@1G+ML*_DbksyDjt+1f5ev;41~C
z9mnhxIAOOrgarerRVjy!WGmA8wuEO+*^}QFA{$wFKWuPz(|MJU{keS{l{Ou|?vCu<
z1d&EoM(YTiv!BN9hK!^;*k(~K%YTkMA(i}%&KWpw@6Q)v8S>Y-7?Bo>Tde{Y?aZ;b
zeFM}t+#Jam*EkglOv4`88XG6%;V)@|%riFbg4Ve1GXN@Y*njsk1OoaZ26t+BMU47(xpZ9(?^
z$QnS|?1u8MKZ`=#WY|$15dB3BOhMLsH=9dhJc8?zB5oCQ1#%4gAnr9r7+ky-3L;*K
zEPwwHAln)CVGOrK#s)&14@Zmgtp~vJPKN!@S-fcsHFO=IC=5PqniSS7?m-B<&#-@a
z(-bw4XKa66DUxn(wyYssalc{L{2Q;Uxe;K~U`QBj*zd2vRVxi(d$|spm8%RhCK~n+
zdkpb}2JkOBh%)b1fr_53e}M-KiJl5{E4;Q_qxlydM49n(ATB?$!D@}3Y2eX3#8EVw
z%RmPq#mzD7KASKKVtNfKANxK2c32fCH0(AXVDN;KY7&U8r-O)FISj@vGi-Az23h2_
z$5*zXozxlQnxOLpRvPx?n+(wld5`LREreaIT5b21@YZu^4{J>^7tm$laKtCDH4nUG
z*l&JD1_SY`ixPKn-Y&!5Qx|#1K|k&0$stuT?=$QY4FR}}%)d2&EtY_H;j@YW(Cv-Y
z@%4%%3(v!|gnnk&pP&~TO#$nC11S4RLN6M2t9(f957?CdfCig+-LO|f8x
zQ00ZD9giEEjCDY4by0GDv##F)z%!=3_7Mz)#P<#WAGsidt5$;cnfCABDbQsA{?;IF
z@e*{@w9{X~JDo^ULL_Eue5D7t(@M~1roE!4DM7aY&_;vUO%hbzve#n}VM+M_4ALNS
zm9XA@5*_4b%g(eG>%U;$(b@=Cy_af!<2wIOe_<{D8{aRU5@*hIp
zQOz&&J6rajHvR#VLfO>#o!kF@L@Y$2I{
zBJ!qt{ChF`2PRtflDm}U%aQk-mrsvL1!h?GL%US|UgRC}^1r0Q%(LtbyOsPekayn8
ze~j#V#-Utqmu_r?m6yHIoF-5QiX
z0P;6lHl_!e-wSztb-wfALgeqZ>@RSKr7;%t*_5Xj7;^TNsKb_hFP2`$N+33bpm68F
zQkd}`ih)!3#kf=v)k
zsvkD~YuPVXgYXn&R&@cws@n(5w$JXc#pL@jb%VTPaN7sqF%uW5oqGGQx+Lg
z>H*}x8!DACoqTrTL8;LA2KkpmCCzYaF
z$g4;BvaPSrM_V1`vzJa${I?;mlgH2bQ+#&W+N$`2koU01-xI@pV4lz3a7qmovyr#Z
zjThKgQQCs)W>fRK~RA~_W;magXG-6
zps{{Ct)~Kw1E5fYc!Ff}rQaAn+i#!8B_@{nBA~l9Jjid1eAaKbxL*nW5U4Lhkiufn
z2EW~-mI7S^z$xh#Hpp*`#B0b7zpRi|fU2vJvZd6o54T+R+c%9bNrIUZ94AB8&UuM1=kO
zK;@5_fG*Z>`lYsFV`*_eIGG%3TD@qkT++6`p04cK3*a%$#tP^lB(joiU#Y9==R2T&
z(MVFDK#gqs77T^F5GjHAHyK~)4Yq=j&hcib?p)h`;T*b2Lm+N;QNkL%21XUw_E5|$
z+)%q9Z-ATcd0!1_3?GFuU@^+@serEf54gvz^vtvE3{2k4_!^i_-GDKuYp}BCZM#D=
zrR);${#dt!+F^3-(*!FD9iEP%L!1vcY+KIu%zhK*a
z=c!Um0kr4_@ZzQT$F}<)Q9L_6ah_r8RDofHH@IE(S@#?YsX_{U?inK4~%GNj@@Fz5j2ejTz1Mu5O`}uBa
z5w{Mg*9b{#4_OD=9{lmiDp-F7a0L8}6M%iLg;Ko;s~*-kfxjc|t{C%K&F=vG?r%f301tu09~lzdL~rJd!y`U?@=}quvfvp&Ez-y!V}HPO9e6X!e)Lm?+yc~ojSMoDk>5qx^z;PF
zJPp((jVx{~!+(#mmtq2ExKmb$Bz&b8G+bDW3^?{_TwY>iL!eq~WRS5xje)UAj@>$1
zIiM#{Lo_nTSVlH=>^(zOgP94`QjOHwm1h}#n_~|^@RCi~3FuqlaA7gBmt$W-5Q>p!
zfx4`bLB=-Rk2d|FW4~r9WFQf-O?<K;|Bxj-$`$RJ}sYJxVq*Rj8M2ZUWf9oEPo&oc6yV?TdL$vg+t?;2U$
zScYG6?DdrtyfmJpNy9g+88Ffe*i+W2D!T=!+cYxB*lGo62C)JAs|V0dF#H&OfqFzE
z*@bivRwoKIRt?z8jtdSo8czbXL?fwK3N$5PFE(U6(%25b+Zv?BsR@>476t4#UQsf?
zB50CZqEI-uFV)DHaZ|uPiK|l-_cSVisk&w)&naWx4A{Rvr9dqJxLbof=|S+b0ej$J
zW&2P-XZ;6U+L2aq2Rh<=_QLB3djt6zz7dUo#9K)azLoQlj^-NY5wR3$A7EGq$Be^x
zQ7Oe>H-i9vMP?j~Tz+PD$KsMy}AczGs%l+TWSw1N=h=q7~n
zx73+~mJogQHryi6qz+v&X!=Qe(3_RM#WqDn;9B6@7GJXvnWAZo1!SuV1A1Wo1hp5w
zeRXbBuP#G5ZqlMxuaW!%=K7Fbaeao=d=)4EskzR}kln2Gyn4u=ZYlZfP-fZy|s=bwd}4@SkzGume2
zSF96L@ssH=FTR6w7=ZC~65pX#=Prm+?FYd;D#fkF??Pih3f^jTMS0PZ`O*oIgR&_zVY>;ej!fdA}2r3>x%_kyP@mIHfqOXJ92m~&*1%JoZVT+?bbH`aPG1iE%IS_ksXfHMGf<1u
zU4b^7z7mMvOY~O*H96fKXwT_ufq|U99+<`Hp1=-H_XghQbbsI~r*8yG?j!z#fx4U?
z3gmJ6X5e8?-wG6RdN{D2)3*cv4`<&2UPaM`J+r$vo7)I!q>(^K0wMH3=!6gmy(1mz
zy>~>V3Mf^IBA_4&BG@RR2r3;#z>0zjf+#ky7o;fs?>VzOH{nzN=l}2X?A_gY-*cw!
zv@<*V7N3v#FY)=f-+zGQPxveH`E7p_KELDd>zrrs`Cb1y=lnXK-}9e!&Nuk{zCRHi
zbWiE`{dM^Kfxnw`z8B}ZrTwzRdcFwA60h+^P?q?NFOp<2ic8(nDY6(PcHPpcvKXau
z-O}l@7$tAr(wVZD5-%@{De){>jKtG-U|LzGmXU#BWrWD3`IpoR(jJWkGn-1IAl?K=
zT89L_t5CI>6shSlmFhl=!0Cg=iPS36-ZxFn$etzv;wpjZBPWW~>afM3>{9J@r6?Rj
zZC+|UX&1+YAGLW&sgU%MIRDY3C}L>VI~C^DKVXbUA<_Q=~Q~SXnjAyYpNHd8<7ll2cAy4Wsm}U(u76A6tKan_T#=-Ku&|uOrO=9mT
zK}1X?N~5XL{Gu_pN81R(!L9=D=F*aN`zV>;VDzaU;Z$P
zS(&Q-96nd`H{x@)zYU*j_`lXd
z=X0*VAM+aeTkyG&zdO6<`v>v4v40$&oA{^kxv4*adCmM8d~WWq#^)CP27GSi-_5+%
z{v&*Dw_{}|nhIcY*Xh{KoxdC7Qc2dptk>m29_OUDL4TU=PA{yiEyigXE7>Vg#@
za6P1v2J7cRWw&6N^XPWMlQTdr5IPrXMJe{MuU&u=E3d%$FDnRll^H$m{yElb%H?YGlt}LRZXdWPKjy(vYaQO+ai!Lt7Tk(R7
zO+-MJ7XNyhD$(*L2o|ECl4z^Ee=_jZ_5n<3tfhb^YD`$2kzSs(7R7794HtD1$zhxP
zx*!|gse
z7#lzaa}ch#%MExiW&gx=I1xLr&BQ{hTP5$rlN+!vq6^Zh67^rQ+eLvF80&9Q7N601
zc`X#kQWL}Qro{sL`rm*qK=>OR#)n6MDQK}>GZ(zS;A}&TA!T(QNLdwF9+jJoCl~@!
zrh-thC~44rlME49ZGTlAga$6=th%zO6Y5FN@n43xC%vY>+M9H)rj2ZqU^wK>U
zGyU!PJkP(I&-48s^Lde@L~Q$J`eX->599MF{{lXb
z^FPJs@&4m{p6I{K=Slv+JEUi_zcQci@)z)Vs=pVXr~8NV`9A+NKF{&5;PYJn3w*xc
ze}K;q_&?$ELjNs3FZKs8IQ5i$&|e1U^x^lTC`3OX12mnOKnw4pm&zawbYkeuv*=f)
zjWQ!zXJR=F4%r1lav`on0`9*+v4deS2wB;l&b}X<#OV=0S}JFLsG6@^i&|>sa4UOmdlN_P;j1x
z!!8`gTa<8gC5fZfK9#Gb^p;|Q{K&?yNrad=mXq_5)dCc*Dg
zyfbJ?M!8n@d;OF*G7e!*#-ZScBrUlp*UtVKDaM}H0@gs|-aZ998Wk30f2-}&4bkfH
zeW)X5G{sWOcBxI^h1D7K#d7`#45J@SjClZe56jtfw>B|m1pQ5flNdqZU|bEJ{X1$W
zUbATo2;T;m%wQ)Jq0A1bU@^ElKSYYs#vtFA3TRsU+`t;x;W5idL*R!3tgaoBdI1p&
zcEh}bF{1b}0O7%#6LB+=Z;A(p*Tu~!zKM_X^@PY+&x$v&cOj^8&?)Ic1im3+
zWr{V$Q~D)?84ZXZ{;m;Yxvd-j3f_w
zS{*`}ssxAXMD&t;!=nTp^0eOzdUH5;av{|eDAB{7^0~l=0-NCCSV0Tor^NB6Ypx=U5r~IT!1ix5eikQ=U6W;#vO+&;~k&&-8K`4t=f;JpRIcSosP7$ig
z$lC2er~;c03*Zhn!S8SroRT>G=g*x4uLnIk!8rkvUwa3MRX*F-7tl1i
zDW9Fu5%W^AI~R3RqjB{od}seChEvcHUpix$44a8KT|lhm~e
z?8MDXNvT`DRYEqpS)1WtG=@4!^*m-KCc;4k?_CF-t!gfy8+?d3V+aUwgTs6lY1=6q
zW1UId*sv-mafjE+w_@p1)vSU3F17G<@58V!>!I?w&7kHg)MPyp`3I@#GpgTMk+sX7
zhG`Tj)2j%Pg~Q0fQz=FrZ%5k4U_NIBP`W)y8nKh@n)zZI6KE
zUCJqNnXTm-k%%IEWIt1y2&({Y(1d10=*u2|VULK1&R2lFt?@rF7%1es3gRVOG=-`!
z!1_TmIdn?XkM{84NPnX$MtwLqc9MdkqM%5>+5O`_lwCSA3+U^#?r4MHzX
z;xMsy9S==M(pHpqMgmxJ0w~j6nyM;BQ!ZyUkamapQnVrMay1wmT^0vRC{`nB`=VXe
zJ}{1H7AF(0LCk6=ZTd(d>$(WSPntyG5++&nvbssTC&pitJCF@US~a7
z*=PgEB6nW3nAKm}pLWJ4GT+c$
zgugRHRw1J$j9E|D4ey}I4@&#h&3FNT$OfvDa2zURyhJf;6(&0pm4~tnuuQ^PnZlny
z>LO$;pAW2gNS>B3W<4wI+|o|W`vV&q!f6R()=p`ko9^JVfjtnyX$fQ2>(ai3x`FjS
z32bu+rzMP8Z%F&W5h{-IAh4q$oR;X}^91&V?LsZl`vTav8t3;pvNl#($%#R|qO1?4
zeG*1f;>ZXLX<~6Wi9tQZtWTuf3AGR7ReVS(l{!GhTk^
zP6fFiTt|`wC7`}Z=-X@&&YFNy;hXTp7LU!tT4-d`LgpgodWAZ5vEY20KQQ0
zp+llKSHp7LSd$M9se)xcjGCM?yfg?EG>Ow#X~MTLUTx|GtN?`0n#56{KeaF+3u`Qg
z;e
z$KG@SE3~^H9VPVxa1;&`ldzoe#zw3lAW~Tnsu3xa1YuEmLeLY;MjfgF3Xb*10$Ai0
z+v2F@7uL7vO|)M3CTz>z+0y?V-0IRrh2G9ZJNF{ly?COR1I>0XKEOr(*&a}5#7x+R
z&f9a+o_dFx!8(9I$>&f|go0j@wmnN#d}j%|iYX%O1o$QjhIcn+pbsmoB#qF$kIC|n
z^aLrU)H&Q8l=k9AFrGrJLT$LxMWMeE*Kx}}CFG;K?R`X68Ha#b#8nC~NN;pjDH!>0
z3OGD5&pZkL-jR0McNBf)ztBa;20OvLDDBo*q#)(<;Jt{$D2c#`&J6x2?R<0|fct+y(GWO&}G@?`RHYQ^WRP$?5P-FUWeEdz{%FCg2su(Jv{G01RbM5CcOc|`)srpq8)(Ig5JzUqi}(tF9UU!4!H0w_l%aVW32I8d%StT@x&1VfI@2BU#yv6_)}RROio&hH_$C#gv0UAK{9KlJvfs_ep6F*{0dmOnVA)ib!$={#FyafIR1}
zpcik;3>o8SdlA@f!ucsscw^K43lU=ZlfXXF@+IkQ7w<+{byFYmjrxk-)}}oP6Ieu&
zvc3>D4yCOm^%cDvWX`i8c4yPB(g|;TgCwiqFNfG1Htr01dzJC&ER9k9-XbJ!F<
z#I(~fv}E})z$S&{sk7)EXWH{#bi)21u!lo9br!vMoA#--4!#xGOCg*(i{AT8djx8E
z*8eWBk3u+g7QKs1JLh{R{67KvBZO1`&%463r>5ccX{5i5!1Ec4!-*gD|GcYA`xOk@
z7_R~>N8|jaig%M~2L_>Fw1RsV!YJ-sn+QeNW7-Y=gwsfX_ZA^YRlewb7VoE~{UO%3
z%H?3Ja#`wq7VnpMS?V`cSIHf~ULjm%0rhvi-<$U9o1Omd2f#kocqw|{rC7cvZVFWY
z0OzX&g+f@8UO@4#liB;9M+mte>Mf2Y8?y$)l%;dg9N;J{LT|ZvAD6XGgha}qkMo;k
zrtAcIZxW#ZI_dDq;!bQE0c#eLr~HbVQUxmS1#4MRW~kETUbc6I$NpuUQ|~dQsws=w}i!D9~`@92CF
zgwKnRBt=Vg#l1&7_M>=fTwVb~qO+q)7d0WOEABmw*JV;chy$4H5`^#ZEy$IcVYYn}
z#kV@#8@rh5HK@l}qMPB(3$yQj0<*#0!5CPCC46UFA-SdWY}^6D-2fM80{1kOnk>qs
zzoq9nJhH}mFkaFuPPR}Q`M$(T+hPL@PnFhCcpS7-no2BTevO)?*jB?M(Q?uH2jgcD
zuDB#D7saxPVs}W-u_-F|jN1Hqa|OkE+U*A1%XUk3AHm|g5aryuq(ScUpwRX0=p`$L!=g;t4GZ6`t(
z&adB(AwYja7;UfdCfq+DFSxp(uB*uCh5KU9ddin_qDG^lE1E+|>2O~0Ozz`wBG5xG
zg+uA#@7bu0^7~B2{A*umF6HVgY5_gOhsg!LeZ<3-r2*Zk!RBx(Bq9ux9JBkz6
zO<^nnV;zo)$B_hdQ-;@k7V=)L0qxWXo9tfj7@K}Fxrc5X0QVG*uqjorHQ_=x#9TJ$
zR??pun@~5Dha}Vuh9Me>({|!aT+!G*yB(|hY{}Dk6ZS~&gO8CvL6T|i;`UX@w*r_$!RX8`hUWrfm8Y?sKnTw
z_&@=sn_YWi0W@lRV#i7No;HNv!XYP-UuSR?vL})ri@<-jCw4|gl6Vjvgv2G?{);^^
zuDc=XX*S6!AGJNP)M!ju!MO{O?xEz+_QcjTR6xgRNLvjlhHN$D5o7k}X%I$!Bw!$!
z|2Z1i&iZdm#PH3kmLaxd0TRs&O!-W~)A(^Fs-
zE-Gi@4>lSTo7T*d_Ip^`Mb*)CxGuqAyiQ^J`-=0Y$}J79g+=}(*P=SvSQ4m16ZMTV
zAh0x+0FnCH2;3~UOLf8vL2!7VlpUg&D`b^@DK5P?NPUHHmqa!7~(#to=@t}kY)vKHLRE3#z*Ynyv2p&1;X32
z=x)QhbR4O*58yFP_=X5wnDClm&FXK6^S~}?{D+VS`weS)9Nvlo7J(qL-;(5IA<`R$
zbpl58bP#H25*s;~R45TzLr=o!FhpvXEW3X*@~trh%%S8`)39&B8uS|}9|PA(r0N<4
zMd5V~yW<`yZV~<h8>=Tw=F0%DZtVRSMrQsH0*syRrWs@Sd)v~(Pr6Tm*u@+E1QVpKKKA`uf=k|t%0iblMe(Ec2>s*kUM(i?_7z-K7A
zh*n@yctzC>OOTzn40{hMZmO4z3L)&x{ZJKa+Li8eN?tR2Er%m~RbhB^6?A3KThXh@F3nPJ+sBb@l{3Sk`1@}~Vp0NWW+I8TN!
zUe!>^w0B;_G(08XPa*#p!>mKq1y17m$!?{>$x9Y;OuP3p=vt6mIl@%@7^{QXh7TOM
z##+vdN9}H8gnJ%-7?l#@D(?g~6o-1C;`os!+lNuXaEu>>ntwHfQ$e_gUVLG>hvB-u
zsGRv`J&+cLdwx2DH5wJ6d=Cg@Y*WhF?52F6=@lc_tUeu8F*aTP3U?R6JqkK~dLEr49M*R$XyoIx*-BUg)2VsMJ6Y9gsNcJ(syy`J1!ID^#{
z$B?3Iu1}I`Ax({rUQefARVZeHv``Zj=U6JR#ispUrYa{Jfp68EWJ<
    ~W`E)iV$eD!)~$Dtm4?g#x>ST}Lrd=>PsVBN>>?cC4u<)-O@;Bx?Q9@6I+
zyc#$!H;_m7`w=(~Uls!2Zzto=plOsprwguf={v}!ok4#s=;=f|5BSG|vkZV-vWvW^
z{e(e=S#OsJuJu!xSliKEi58ndk;c(6udq~GtK8Ib`#c_~gxZha8HD3l>
zV?A65oIww$S9}MYLEQ&|&v0o_mxgUuFUJRS#}hltsZ9|Gs$Z_0;Vb~8S7k}pEOX9DMDJV1voR*dTwUP=eS?-9>$-Svv54l7d(#7UqH`8nyiOW1@>JN
z?zjFd*|}eh;95U)LKzDD72rI4%)EA#iAm|{ge~I8{SFXZ>+NW7omdBY2K^rc`a6Kr
zIY+vO`}L3xqx|V4&+&c$a2`JV7VYvBa2_(R0iVGGj1QfsWcqNwv4U$kH@wDLob7cf
z=y`ZuhJ*XP>FDtgN(u)We+D0CJud;yU=Bm^&brdE^}85Uem?LXuL(bd*{9(}h
z^Y5#`>6FF(TqpuT`Sb8F%X6CG%Ktu354>D(U0;8`{yHv4QOn)$F7Tm~oHUdBtpd)=
zQ;q>Xc(C!`2A7syXTv6O3Gg2_vU=W;?IpODlRQOX^5=Tsdp=m4}yE><>P(fiw6p>F*TW^{cK{
zp6gMbSAkF3)aoIH`q^ktuf3>@u0tG0>upX~+L^6-!{<@_PQ8EpRm
z@V@{!4^55&{w;7`CUzX~elj5{e;(o+2YjL6`dy>o)O{=J|7OtBS&{Aj0dQUx#QG`R
z*Z4DNsth;xn=82L8>6>g*FA3ue6iq~?^Dpn-Ua>$@NKTNdVUc2r{K>^)5?Ia{Tt)+
z{5sZudH|myxPC8#7!dy(a0Z)ZyKgwu=oxH_^T-Z@YdJ5t*gD|0;9m@SI?Zhl{AS<`
zj?Z@d7&tF0Al`47<;$Qi+kwwa;Jj303GjP>(|J}N-EWorgKYuGCEq!`TVl~=R{qoR
z$H~JjUj`N6yH^UX-`f}Vy3wG26!@gItX;MT{sH(fxC85F$_V3A13s0YUm>`*3xm57
z-+rXw+;nGuK3{Mx&lAwEnD0u^Gl&PvpGX-WI`ff!8gO1hAmYpYZU@fGRLEy7DS(!9
z8Ju?6E*Zf|0~Rhh9rQc|*$;nw)X{fKtbVeyL)hQG%fn~G{VZR){jF&7|1w
zcO~${pEdr%*8T1UA0C2d|KC9xRKJVC)A(Hn0}n1m1E0%)^DygSz_%_jJ`9@Q2l!aQ
zwVZEVx3)tlCzk=g>QXD`yP$sx_yVkRrMtS{JK)bt8VZ3IiXx=t=jAxfz)t|q%aMrx
zS#T}SILzaNK>rHp8BBgB;QhuLe_sBxX(#(brQphE!HO;p7z}(K=o!R{a_@G~`|Imh
zfq(C>2Sp$&|JB!9y`6~i>?pW?FE4A7V!K~6=(onD$Pce&_@%^QKfeI<&w>vx9eNq%
z?>XN1^Dw#$EB9*Ty$QzW$kkSFGCjH9wu0+-F-XPs
zz?(t;K7x2|VcjKhG3a>-Ch6}3{YU6OJAlvMKu;$f&O7@}w0wPiW)^TdJ#&n|3EW?g
z>?{LW>*sFRt2ytN06z)q)-=jty5e$zSY4r5fFDCx_!9l%xb#J`8rq
z@jEXM{hvV3;7J@u8Zc
zyd-QF;5PtgkbTzktH6DGe(!S2m%-*ZA58?#OS3pGt_IHF3>?=V2(IPaQa5Vl_dUw9
z?*7J~!75qKG;jvZB)%LtFUzBx{{i^j+u8V?0{;CEF#Zf4!uj!5hl41TJSjNqBm^h6
zIxrsJJr6!paBVMMQptXDb{_g`K+j7a*uH-Q&ft?xDAXMJK;_S%^+mw%5j?K^pMsu2
z16ZCdq~j?c23uwS878>4*9Bi&d%Xbu2Z5fK%^eT?Y~Z}KiTv*bpXrdd><=%1op#++-0xY?^Dy^rz}Gv}=$~K9=u06dj}ct!lffFNf&MPw3>q>L_-?;7dVfE$S#Z_c
z8@5^3QEmzPi$TvIVAN+e62(CCR|a6fPc`QtdSu
zJcN?Z94`7c{GfW`yE<1G9|qaD7w?=2oR>Ya-(D}c>kqG3dA`B?{v7CesUYdU1HHc=
zx2<#lEk7@3U>_b0oR?Rz-kuU%^PTmO^{XzOte{;gjSnyRWxfXjXRuJ>3xM+yILeb7
z1y}xGoMZe&&2ztpLGSwmyb9dkH{Y$w%EL=z`l5a^!0E)!{`Q>Un(ya-uzW}3yLx4e
zk1zKo0%s5__LGZ%^KvwP?}Na332YMI^{wEVudg?*Ki%-X;V-lW==T&{+l$WRTLW(Z
z&Y&M`$5(;#avYA+ZD$xCULr>NQo*%6w_~62Ch)HXJrCI(1N_gx8DwlO@NH%qpVJ=d
z;*gP@?GHtQYxxNg
z1=sJ|=Eb!g<$0h#9`p<@%>M8+a9%Q22>Oj?86SWDcL#@qD3pvBT))>}*PjBMmmEoU
z?)Lz2UiK&E6!-hpY~#bAGJSwI1Lvi|qRzSBO5hBJ$$Iz#I4@rovEY8aYm7fH#oQ10
znSyJ*9sPneV83$A+k^ge;J%)`S)I}Il1M4^{1i@=R$oKK{P#$%1S7KmE|k
z*$n!npyy?6X93?<6iY1+4^8X=d?auNYiB#21l-r#-vI90<;tW0%AY}5WLj~*2Z8f4
z#9e`}Cmmbqd8rip$wQPsDder-%ALFeD516O?
zbAQ(euH|7cKvBco?_=P+oT>-#zVnTqhay@2dB6*Hv39uu^tS@%C10fPw!rxCa45^R
zKX6{+y%G34D7e>pMWzM1^K@YoI#OyvSvt>iK3!>{C<8da9-L;dG#4^2G`pM`OY}j`0!FQ
z>LFJFXK?>LP!FE~zpv1~D+xZ^9cO$P+imi5qgk?~>BuSW1W1UN6frkwcz_{Kx5
z9;SkRlM_*%BdkAj+%*GdFowRMe_n95H6WM#6ZHN*=FTS>e_mR`a#jK7C3x)TFAJ{y
z`AF>JU&TyLHhlA2J3C};D{kV~f@{CxrF%u7UjUq!yRiPxcYMe+o4yD7&9}4q>4QJ5
zbBg8b`^VN2$Glkq`ZERB^1Lv}_{eZ}zfXbla?9O-?|G`}6;nJvjmd&5AAkR77H|e_
zm;yfc1LtL<{NC+PGd{drfc^6d!L^=?zqN8+3O*}A&tUrW2fpTXIn{<*(}g6lkciZ{>xPH_ER2Fo0cS38{<&u8B}_!)vL9|jF&8P*a7MsWsz-5dN<
zf^U*r%*1@bwSLZf0`1tzh|UEc27Q!eg8MxLoR?i!1MhOS<;$Rq{H}uqXW2mNl0~5B
zWt^mWNbpUh-gw@yD_(j5^t@D?^nDgv`ThO4QG#nd@RA71hnpOIxFq)Pr@&|6f2|(w
z1j)PL!{9jluEKMSe?fuK*MNSi;98&leBA`x_q#p|d>A~I?VN=2+z)(;9xRfds3q?A18`nmu_^Gf-&y&O{=w+)0)C|6TAvJ(ya(`ef%9_d
zk-*;o&P!1^em51xK>6_UlD?qN0OzG6I{?24I4_5x-0O0_@fo<2m2*1ihYPOtf9HKB
zIQIo!2YLoU-w62Az^Wje4YtDFM^&yJ3a?K@IvFm%f?xr
z8NeB|xF6`R0PgR5z6G3@ycU6ew~LHFgU_>^Rf4Ph`3~oHcLx2Df@}GGzx2z%hr!hk
z0{uI{XYFD2OnKPvV#{~^T@6oy{EI(-EiJvH{d6Mo|m3;
z9={KG*Nv^;Qos5TI4=d-AAE*fZuv5J1nG|xoH7BVE_oUBysVrwSAM|$%uJz-eb9@){45~91^i!^~e0iD9
zF2K(O&Y({mkM96yFcE%l;nl{+-`AK4oR{Hk2mWsZe+uhCw%1R<8Ju@A=w~i5{vT%S
zdkcZz1f0QyCb1=H@X`kMx8DM1uwvrp39j{d*uU+2d!opvIwOr8A)4>lVXD1K%6?
zse)_&@%I6*0bW^W^*kT+KLY0^4+jC??^ff(%Q)TuzQGF1_ecc)#kO=}sNkCKEYA*k
zA?UBdKHc`*IJ`4Wq-eEW|H{2EYc;LMB
zW(x4@f&1q;HoDXJFo+rZ;WXe3j>md_S#a$?kKMGk<6Hs$8{cJoc$pj9eI9V%PQFrb
z<>UL;Jq!9*4zT*13jSY#z8Lx#`{yQiTfPkH6qFyhf8O?J;Jiem5d2pQuI0JvJhK7`_Aiy>|!wfxxF=z07>)3$E?;gx7B$1pSIzIy(+k;PX1@&)D7aoeaEirSb9i
zk46E1}!0s1Iamp>%6lP^UlV=mx7*`W|8NYzy8UID2qx>fe
zuJ!!d-PS=K1OFo(j)ze4B>3=hyN~d*WWSuwr?l<
z>k)!$J@7KdEAY~zz+anh<=+$d{*M~He@=6W;QC!pV4~X|^bdocm&37rKLySp#lHsq
z&_5Y}2Bl&91_FzbojU5ZvhrIPX9`;UnRd05|3o}2-k!M7_we?4#p!5s#?
z=U=Rz{qyyM1lRB4rP2#Q|1s!Sdv?E0PZ%HHZ?;%)<#XSeR{lEhc?~#&2<`)XvJ7OU
z?>*k=PXoSKaP1FUUuAeb@CShR^Yq@ogHP3tYdgxVP|p`UrF?RKuL`d1{ztFfzZ6`{
zGYoQj7reUT(^eio&d*fAm7bR_F|WmrJ~!WMKws?bFFXqT_h?_ry`O-81UmrbOu;i&
zp1$zMyBS%%DY%x$mm8g*HTuutXI=pMT?AKp1`pl?c-qnDmVYkjyJ9}&_}U_?U@Czdy>k#S8kqxxaG3^}Be9Amz`hJoNql
zX7m@s4nv-0g6nvh;+>Cf20brlC|
zEVb`tJfgFJKl7RO6V8Lb7hJ!W!KeF!Pp_AZ|D!({pCaJJf-C*+&yCjqJka}op{IfV
z#U`UC|L1}862_t6-|c1N&&xbN2R4tkGaF}1A)&6{>cm0j+CGG39fQ)
z1vw$(J!Es>J>D?>OW}un5bzS}w)|A2mSir~uU^Ql%I%9+jIR6e=C
zMu*FM@raGPc~}pw06zM5<8w7$eNJ%Yzv4i{`vL#eTZTUldAl9($%1SDY50%P{|e;2JqQ}D?Kme
z=nMQc&_9Ft0EYqZ`;O7SznhhRAK>Q!_xDL323~fe(H{x=t=>gBp(peKK2-3y_Bt2z
zyexzD{7>M#G=38Jl)h*DcRs(1L*@a09yl+3;r#fq;M!gOFOH87k*%ThW4<2`)lCG1HY%2m6Q2i0(=|HkCe~<5M0Z-1mkWt`tA3i
z|M5`c!~TExYNPM@p5^;4@;zU0ZFfJ;#_Pa+Kl3gh+Ppd1vqNqnxbpcN>s;1D8Sp*5
zb<=0S$1SpQQl9tz$oQNIy9ejBX~21D1i$Mx!L=Uz_!WO~I6g9z^!V8L`}=5Pfd8)4
z%0u~cf#AyDKfiM~=1qE{x*GquPU(mXaC$E_?}}eU;1s{4}2x;36ydR2I
z@R`y3`!bEd*TTAn_3$?EigSz)zi~@ZFtq*`B@7p}#QhEzT)%fwf2+?Sz#jq5%UT8l
z@AEIC_xAy(2(EhIP;Y;>PH@e4CiFCpyR*QDmqSwSt^0-XzhzLgeQSaLP-EpUM0xHN
zd{g{8oIDA7UhdBN`4PB(&TES=@mc^eYBN+okBc`0}4BxR#%nUKfM^?}5)keeMK&;J=OD->1GA_!gL#_Xho!
zf@?YFJz@33cG>)U#E(ShxSHs64-_8DO
z_4Cw?R-W!Gr{LNy+dyv51%5i{S0jGQzQC^s{W_2vHvk{{qw(RT=^S?#0q128=Y#$M
z;0vHX{08`2zNEuwaZJu2Lrzo
zaa4u@pD4I%uOe&TeSkj?`q!>BKKlayFX(xhVGrP2NZ@bfGijvJb3Qssa4mnAXAM6G
z<-Zy9o5GKMGWfjf=3c_$h@(pG0|H1n&FI
zj$Ft1@UmvM*U`XlK>0a;{T}$S(7RYC-Pbifyd-Z1@@)dX%_i0#C^zl}K4_kmlk@WK
zU5(GBpkD|+PYSN>e%7T%|7+lV)-!x(tOxf4et_UwKfLsfy#IO^V0ghpzphpmM8aDEV$;&ORjbW$s*vq
zoQU7`3h$xXRB}o;`CR=zTryGQqXp&cnGF%ERYCKOgHa%9+F_
zmao5$xu4+5XBpxf-;eKF0Q$2qkM9Zmd(dCsDBN!{V)|0OIy{JfV&G(}k%eM&hCj2S0==nt1b4g7XME_qUL
z9oJL6_;nu%uKD`@Z2h(|-1j>j3H$;0KQOO_z)zZO<>5NzA>cK&hI9N*>Sg6w?dfT=
z1lRJsHpA+N>ydkaPnm0cs6UU{*60V#H=KIN8G`Hg-r)JM-{f$)HwXJ=?4M7A&l6LP
z5BtN8+Zq4wPqXr{-K&6K2fd5q>qg*TVV>gr^%n5c&o(}s_t)=j{C&UcA%bhaT8Vjo
z2Q=nkpg*J8%6TvFzc~7Ei`&1q+}`*vfnLY<8V7th{f-7@s$=pTc!bqu^RUT~`}@6X@>;
zemM5QWth0%zre@$8{e|8@#iJqTwe?Tz7+ciY~MqGkLqjn&w1(*;LD)@Q;w~-qw(M6
zI4dXhqRGI0KjCG-7grj8(mxLT0q8j*PTg;de#U=tqtRCzoH!78732x^(n|%`aj^j7
zZe!5j0s3yejn7cvJ$ABs{^}zu{~pM9U%|C~zwc%A>^}>D=fq0^zO!dP{0#VNZ@**5
zovoa!yzx6!aLu>eqd!Yu0U24W~SL82Ck<
z4Sx~k`49M9hy9)5z#lKLeD}inDfYK5lg9sytE~SIGIoi9!2NjFiv-v5PtVx*_5uGV
zfHy8S2AnT`1pX%GedtUTv|9HzPzCtk3w)dR
zjGpV$7r@`w6Lu@Ie6KyizNTs;*L;@^wDQo7
zdNSz!_z%|u_xINBZ#~|1U&9L^uc&WS
z1OE}@t`2-|0{$ZWD=LA14Sc;hRvzl-g}*_6``YlHpdSnTqE8JcpDP8|a{BjEyb1i%
z9jqQs0iTgWjeozl4d*zz7`VSbc(35f|AJ!6m-fJKf&1|xw;5*i{yj1kg6lX+ylMF|
z4*&VUH$^;W&O1+n&okI(Wc_SB-1z(V`-}rVa5Lk7I==Td;IC|NIOmJ4Mp$`jAh)@`
z+f8u&UjH7J%YaW9Y<%W{{{|zC-oNK)AK(`uupo^?R2PmZK484j&$`0C_jce@1lM}-?{i!X+&|~_BJeMEvhSk&
zS$l%nTJivJz>uTXxr``C%b-`{7P1ALcrj1TK)CGc6}
zteiYYzuP3M2Y|74QCo3=6f^n<1v0|Z|ObR=>2={P5{2^mzFR2d@Hz~_dnE&
zKhv$$_vavU8EybJbaP6VIVf#18p=tl$J{6ORH`zszQxYo~W_CF822O
ztezi35$Xije9xH}t>=}%$6)_x1nBoY)ad=V6Q=?HbXb(n+rSTlJm`CIEJAKh->
zl>+~y;94I497ieWdtYw!GX1&VT+m;zui;06&)-WP%^|KYIfQa|6Y!uX$z@kss!zz=}Ei1knj{L#a#oSg6O0)8yk={?Xc
z>rS(Lw?E0~M_7_55M1kdTL8@WV$hc(9x}(*qHoh{xeJ^u(
zZamfJ1lRIhhV>EUz+P2``~D0If&2Hdz6|{6QtLmoV{Di)KK?x^`v|V>G7a|Ob5Z^?
zfe*UR_*@VCR`Bunum1!5AAPKXSr5afTfV+Nc8%bg@5|7usn0wD+&|Cq2KbDI9J>hR
z*?ETX?+g8zdcp$WRY@!VaM1rvaJDrdmz2%4@_cixmA?#syh(6vm!;^3v^Q>44IKV&
z%Ru{XF;!{pTh^h
z4>>wYzhkZOUpC8d#!;UsxbkoC{N+vpy?<`y3E+q0+y~3Ecb)NRgx?Fxf0*FfzU9!X
zxn6q*_&TryRN{Ll)EoU%*stMw@Lb@TnO1)KH$DfvpC=!F-C*Up^8=$V2mjv)uH{(;
zeS`96De%W2&)I*z1E1!98J|PIXY?FfFQ4M=6U`J{`TKr2R|(F(2No__3HtuE#$U{y
z_G`5A@9>iKlauYwi9+BjRvLaA=xd0tYlO4|pCP!G$B(1_H_$KmoAKEm*?tas|2*1m
zP4VR)A-M9NeyH)GUb+s+H>@saUoyPO8x
z-(P-KaP7~J-)Z!#Z8}M;KhO9q$GBj>nkcx^pL)E}vpfx;-@qG3OM&lml+hQVobLgj
zfc~=p_{{m1?`W)-Iq%#BeExpMrx5f%0zVgWgX61Wf$`b)L!+Mw`a6O9`|n>0uHWUi
zZ?}cU=Q_`>ezxFB|2_O{*^c*t-rt|
z^R9c8@mUT3`D5_v9N@cQpNRc!x!_vQ)8N-v3i|brHa`8l{ksDNkE@3{p!fIRF9z=4
zBk($K|9;6WkFk6goMCcfI?6KzxNqNk3iwMCjh=FNi(`$Czh5&CxW6C$DDduB$5Fq1
zL-4ro{T%fEz2v_>&g%2wbF4p5kKG6O)ElgvtMFZi39jw#-@|wnaQ{Az7lHftVRb(q
ze2Oezj_X4N*Y@@A#a;mV-@z`*Z+sZIe=qj;jt>eQN+z6O{O`klH|=!`1=sKL?^(D6
z_(}b&9yqR7fzRQdJ^w@C|9~9eIND&5<=gLD6R2OKOhbT|zist!>RR@P2EnyF{yp8#
z0bgquD-ZS3^-csm)}h=7pAOuQ=W{>s1ool&pgg@#GCsatZZE;LU6%aS@|^|xGSI&Y
zc|v_`Iq;dVf6~tLI&lAd^uUuX->soHvVG47erU1P&jXmRyPRV5CqbSMMR`sXT+3P4
z#mY&$^dCTfk;lK+sm8~*o1FyQzX#+?!PUT)czb&}d|L0!)
zcRtJL-@tls2K1I41=o5Q4gHpKvKhF44(Kf4AC0i`kbdp6jnCqv45!=}0leI^i{1p>
zzZdvD;Qqa<`z<#9zCX_ug0rnrH7tPPcXkM!Ak|_#PeA$xYo~R
zt8IMIfAW6dFGB8dALKLOJq|E>maXJmcdw4AR1Ujn}}`ax}czLn?4x2=79p*+RF
z*I8ot9PnQxxR&!O)HC;+o)cXA=MA2J`^Vt3@#V(&F7Vmp0^{S~1O6M}?@zb#p9cCH
zfd2#Q=nWtb%PurN|HS?R+vQx~pTO=-J!+kcjJ{-!@u$410e-`7hF^hvp9kKnm(@c7
z@GpTchkcCgwbR8`pBq1A^fE2F-!Q>9!MoukEx6X_Kj1IN^4|d5zu)RT$3M)${#|&9
z@j3Jq%a`M{7WiAR&zyl*9{}DJ^GJ8#1(zD1+vgY`uJ`8&-WxRGVfS$5BQu7jedO;^$NkYJpR4Uw}JjxoHt?r{1Ui-
z?tY6U#^-|Wmhak@B*qD@^?5M%c_}B)2JYWS`84q2Ev%gMf7tUHvz;LpPUg!Qx2jYjX^``ifpse0ox
z7v=c?_)^T99Ct&P86W?isX4&?d(-Y0oMixOm#lr0@$t_A4FkRv4q%;ymsSE#K(8jx
z-ph^8SJ+46I64BjZ+CiLaFqk+eQy2pcC14;xY_vJS7-Gw1^EsKKB~Lnln-YEKkL`l
zZ<|5?Eb!vKh8F`*R5ms@HP4+sy?X-qfQrYmde>oQG=bh@fOJ)@?6
zT18E|s=26jnfg~YG$hgomo<+|4r!>)RA%N^H)Yb5^>t0n
zjdLrT@uvY5H8u5>6;eXsGsD0^)idhq8#D4SVc-~HI4)UKSznczR9{`!TwcF_`KaR5
zEdAq*{n^1+$u6?1Ev)533dx}mgz^^6o-ntjCIlo0*H$dpzof2t(7<6$
zBkSi*tI34^T3Apuw?V3CQ<&Rl~JaqNxe;)H7Qzk#f_PoOhr>P@5*e>gG=g4E9z!sN~)_GFb5&1e5Q
ztEIm#SkTg6s~5)nHCa&7BvqD~(O6NFs*>^yl+Gkwrdb+DJ9xD=w>(MDuBfY$ZYHfJ
z9ax_Ws;d*}{l-lkK5U%4GIv_KB<)7PJgrza0NmsJ#%dXz7!d4h#nnwC>ScV@*Nl*s
zuc#D?RH!zRg>zkZM~yBlofQ7#AZe8eb89n=)s^F9_((HPsw@jvSK&YzX|5~hWFl>o
zt@J_}TJdxR+PgzdT`Zqn*D$SdHhO)y&lI>1F0Y?Fw_b#c6?sDR{ba$Yil*iRT}>nl
zT#Z=wD;+zbEL~*(?ys_-M(VplBp7;mvaqaqVNIs0Bd-?Qt5Tp$MQsNd6b=|Zx4Ncz
z4Y`a<24ca=@C%8B^r+Hd<5TI>gpp|(IO+W+?4M4J1~__Tsfzoi`t(fc#5I}3$OHS!
znC&kjbismjL#9#Wtkiq+!t^|u7jz0pxXzzQk349?u<<1${O&RR8%*Xj4dlni-3^lWI?)2L_=kB
zvZ=YGtVkh9y+V_E0;L9I>Z(%nv{yv3=!i@$N|!YcNtaZ~>?R)^%~5j~IjcDqr^lx=
zjUupAf+q*?v(j}k7dZ+kjEMGvbh;+9pt`bNz
zmBH53oK|U|Q=a?{b&;p421qf=2B$+aT~Rt+-_VpSN|)$-uXBUrCSt8TT{c`rX4!~z
zxtp@;Dr$!g-EUmU@DWp{qzCjLXmwXqm6qx)p3>r`Q(d~;)_DbqMFldi33
zNLMtcr^(!za)VtOHp%6Al}Qv;h9HrQ+}9T1;iIH{s}=CH;YBI)azQ>l?j_kHDM{B!AC>B6;{RAXa(
zqnqfZiO|4CGGyXhRNoLsR8lv+K4|TtX`(mQS(V9)?Nv?&qnoEn$4a$Dx?2CjWV9M5
zjb)LeU(`aC42)Dsb25-CuBluHRKX#=Y(aJH+*)ZnCxN7X3(})S`?4-Nu2$wT5$Z6JzU1d
z;OeH-oVlVl+rPot)AczzIVgG~=cvMG_YdY7{l1zBXM^S;;xb
zE#jIhW~5}U48JWs-M$A(UMe-IJUwZw_UmD3k$g^4h`QP!Q?bmmF3UjD<{Kp`ouX}g
z6zdSNa>un}iy|<1L0g34AiJ&<*)P&Y7kt?{d(zl^1Gky&fFUdr%*hyOsX-`U+l8}a
zt+SdfX)78URQ<`S+<6sK*D*RWJ&6*YEF4i^t22$$cL%2GM5;>r*#D-vrGTmc?eDEs
z6bsVVax|%q6jrL$rovxN9?Ey88>?r`YD070#(aeI8=M0yH$$r);OxMzSh((t->L$3d^a$$tYQKi%)1Jl3n}g_$yFN
zSyXV*l>&Jf!eMJDqf3H^TD|@N6xF=0xdcs!5Bsl8n^^w7|i%=O#(3
z(rD&RC3U*|5Ud@_W$h7JIygQN{i!2;M*4`(#=5+-$zzC$w^Arq)^j6cG23z1utSBF
zZTXg%MhvT`LJ_;x8BwU3;XIi_ZFEaN*7>r;tt-5G?!b`Jx=|Bjw#js0%gROSI%e5Y
zP8EHkEIL(Cg@w@!5iihv!_&V^vJiP?&cp_*0Os#Jb4x2-Z$z@BEL|cUG0=~shDyhl
zW6}+TcRqRGjec#OHdrJ=CIPLblCmLbRgQwG3B4&iGzX6oJ70a{!jT0X)sqK76_ABV
zbaih_E^Vh|x?Ie>us-PeXN*+1D~vZwhy+z7W2VdpB0Wu+v_cQgN^UiPi8Y_oP4H1!
zlN_dE$ypXSVlS1IfN8^d^dvDDg)_54Nw-*FePB(;S!5m4anp;ML)@e;-xXs4P!S^K
zEe|Ac&Qe_7%hQ{4R~A9Pb)zF(JD^P#G|jGVC~K$?ZJS+3lyq3y(z7!QX><||%ci!D
zh{tT_{a+c`WY!ojJ2vyR)6~xu9XF4yP2pf1XDt9CVYmni{`xbIay5xLGoUU$b?KAe
znx|9tNGEjMFhScDi7il#h_aO=5-Mx#o~HdhW;_ijbk=d`;=`uPfO6)AiFIYN59hX}
z!Zvf^B83_f^aa_y$~4NZoNQGzW@P)XLJUmP@>HLwE~RBr(@nNe1Lo;2MtQwS=;1|f
z=PFfY3jvuaDpM*HB6c5rIkb8jP?wpXoyKEy|JLlEwt@;&eGxDtb@!!yp)&+H8;)e>
zc4X=oicPZvQ(h`HPvp@Mo4#6XUCt8mvQ*kOl?oO*zmyf+4VOyM;F~jU5R{Bj!7YM3
z&#)QUAQm=lmB20-U5o34uLaL)n2~|+dZ#~Y1dS$dw!?t0Q;l2XPmr~ZOj5&Cy>lOt
zzxZM$7$w?e{LptFCVvxKMU`xSYd2Yk}RsKRy&niT+`0jDyo$J
zuSIJ{%U#+xZE%_lD?)=SbbE2oK#|)`4YCE&JRM^uUD&^{e^GY8g%m)VB7U*faOMTK
z8=-rd(Y`dVwa%1(h@*Gq&Tvjv1fM!2wV+Zq-(?FG>R`K#&seUmp|X%nhNm7~K}r#2
z@g@tUl5w@k)EJtMWe-vY9kvkjF0gbxE%uFOr+&$XgxXR{rbyS5(dWRDF(Vsf-60*`
zto@}BJT?p1M4>B7%MFThs9R8f6m_jyq#d_SJ0$qBjS=h-z=$EEQ=m~IWai3Vkk+)5
zi(#7{EQ0BZ!V;Cj90sv^x>&*3}oM>vpNB(o2L(P+}@YgVmHV!da^@TRPoH
z+CVf>-GQ2!sgbQs*OUVKE2`||8*1Cs7+E?afc^GSuaci#Z*kc_t~
zLA#37jcn}7mXU2%IO~PAWZa6pZKK{_lUs{qYa>^8$F7mES0@u0?6NOjV>;=FA+a
z-xl=cjx@I#q|soWxg)NvISypD3+=q5t16l+uxgz!wj+~Swg+iDlpnxBXpSQ0
z1d(WFv07Pnh)2w5?hV`Q@1U`lnw4Z5ZTLJ^2CYurL!|*P)SrXBQt1O~^VFUS8J4TK
z1WWU2+L?2g^v+F9X9Uq|tz-T|3(-&otckaTd~;ws6r)vM*TejSGx%bejf!<6&!+US
z%3Hl4CH_M?L3)jqpKIQN1pYW2u^8xKjZC_iKM=E1dZ08}iQ2veCoBE&XX%sFWyvkpcA2t7?u`|ZYojb+G{mN?dQlZc%aQ-e%#~m2XthS>FM1NyH0OUwBy)bb
zl9g8CZJ=d~mEw6ipmslOZ)Ht8!Kby+iF=S)h3$F)l8O&TJ`?PRtEap9K$xJn9bIDbTIsFb0aKh0*|_+${3gNzeQm|KU+pRtm%wMQfF=_BC8?6Xo3G()C;|uSRQnfnfkS4zpb6|+
zvLo0odqqdBT3M+f`gJ?qrrIDZMyWU#<;Jw(ka81vO{sp9XAdqrHHYTHQt6n^mqGin
zZVSl9pDHQJSmA^3fXqy$
z#6D1%ucTNDzqx|CN-TTU~J
z)D4zyVb#Rbgp!4JfXR$75r-)4_U)bPT|a?&CwCLQSa#H^rNpusm^I#N4ax_!V8Dv)
ztDYIl^sbm58fyIZD!dULH+l@Ga6ovEa(G7EGo)8wTwGg9pW7w?@AlEY-eRl(wpWW+N?i%K4Ln!;UCtP>73&+
ze`Y2Va{Fr3H7&^2D#JMp4i?jTea$@aTMM0k!uMM<=Jp@4B#IVY**soOpm<$Kx+;$>
z2t&sprc^Ds+lxw(J%J!P@*3`}3=EvXX$KU&kM0WGoa>m|A13nF8pYS}iUUtUQN(FJ
zZA&j`LA?yyJmfqdPFx1eeP8Cd8AP^%RO1O&rT#lD3zHRP1`V4MU{^(lnLZXf`&Y-lZ}NV{PGYT!l4JPfo-)#*ko7RM**Kqr%RSyQ`yBvV7A
zE%J?RzMj9gx_LLWiB}QXy33Uo&fF8-w+q~zqV*rrj$&4lMQ*B)EzA0_sLRd`F{ft+
z%GtFHJx*LTxMt5zgq+nJ?Br=OSzYI*S5?nCsJp{v`3o(_<-CI&*qh#xL%Eo-oQp*3
z`>Ae|fZM4mt*h%wX31xZ(kfl4&`qPRa*DZ+D}%(E@OWG0LJTt3tS9nwZNyQ#VPzOa*`=%GPMIuySsr_~&Q{g}K3$_zMk35vy4jBpDo~
z*ucqO@Qzh8ztsuytoU`pw+)A>ig}ibQ%APC!b2tZOjQe0U+#$L$f%bUNRCS7Do>XR
zx!W)3=fMthJ|(1eUvo27hlE0$92;BNp>GmB#@T$`^yHeXeVYX0TaoYZb7X+|T|eBG
zZPn7Hc)yf65lcVGLF%@7W@G()5lB_$%NaG$qoUeqHT0~Fxr@V5Y8jRo67FoxcsW{F
zF(cEI)dXbyQ#rFS$A9h@GoeR?g!GMEArb5*4{VxW(I6C|V^>)`PeS`5r8mnSTOlYA-hi>RrTxw!>*>Q-iHHG+%(oP|CZ
z=KRaB1uy1m4ICu^#gQ8px}*VQzC~
zBpkMNvNcsOzNFdO3Qdra&YAUUaGlfj%lsWEj|5DGm;D1}*)N_BvCDqz4AOFH<<8TO
zvO=)E)?=B@)kmIgm0}W=Lb#oEk&^|m?*%8(({k26D1{YF{BGnW1w&O3ryW_*Jrh}I
z85c1}Xd{K}%TVg&B&;)FmNJS7v$kFtvi#ElCzt>oMONGmoIkSy8_g|jUrGn@mT?_Y
z@Iv07W?yN+)(mr4xKOc`*#XN|sIEgx=7=eGs(dt5j9S1_LG9JdQ$lzEv6$i(8e%Kp;nI^v*a)f%cNvd_7^5(7BuVm
zMg2Mnw^v~*QCc<~DrXKID#4J34KGP2`w!4zl5K`Ok|EHIU_BA#t-b9+&)#_74^M?}
zr5G}o<~XvVWRdo8m0|-mXj9oH>rmt^CzaZM0?w*6)Hi~7zk=IbvZeR*oGsb*jD2_2~$Ol
zRpLnMc^}$fgkM5*$a4@#GtWzi7iwi~Lr$*wM*t1{CZdC-w@7F;B8VklW~L#Tx(W&4
zny#K+GNq|eT3p149O@M>EB$9(eY1o-(A7=4x+!f(&T6V>XLL;~lD;r0s0*bO=#$mL
ztVA_ic}q4c?XMM0P2xza`M5vHVG!9wQQK>9LTzB$-16kDNL;7r_EBuV*3861So~+Q
zC%;;633WP*w5zm&PHs5*3km8=58b1K>DEhStq_V77gmgls`ZSf=|h3R
zKfb}G#>J1gzQG-~WpQsUtt5Fw3&Sv_Ka)Y03CGEsxJd
z$j)0TO^T&|Fl0Hf)Hk8S9=;G`p;ZGXCRb-zb0&*rB6X%gaU3bNNIY&4-EO5U;^`9;
z!pDs)FNCC(F}9}%rUSO5D|Ox|UCE@|6NP0-`%hW3de+7YbKTq4!50mTCc_+I&sRBhqqw972IAlDU_*r|g?(43#R!)@H*1nNzZ(>q%#ZdUv2~kQwh%Yu}+0Yx{G~*IP
zAvF~#K6nimf-fz#KTR{U==ALY_9R^ib>~C(UxRDo?p&dFmZ+i}QN>c=kzvV!UE@GYt
zjX>h3S}r`u24jk9Gua?a
zZRyH|C8aSjA*AgCC7_LGVdQMRjES59;l3%aRHXw^$Wd}qS-leyaq_f7#R{rdM0ETt
zOnoH3Oz~=%FSw5jhrgF*b1EbL5Q-|CyL9hB73(CUdt)+6vWwZ42WjXmhenpsU7lJ!
zrDokI5=kLDCq#DnB{agC&I(o?F%D$y4~W!);Lllk1$7>;6vualkiAFM8?pDu0v-zx
zcA)rSoRwW@63ZZ#n7T;lfWA@N@Q;X?a0e@tb-ym@4jMLooCL;b5O?co)f(KN3mjPv
z#fQj_wy6clw%#foF>o-Bkp+|@c_PiZ{pFT?hlYiHhr$MTZ{D`==N42*JVreWLZzM7
zQnun?<+&_@b&+@>RL)c*IGh5h7k5Oua72do1V#O_b3XaSNqo->?^KC{s#D`~_Nu~5
z+d&mgdLs;*p5M`mp*h^;*tRmlV|=(J@?yS5S5v6^0_vW->~ajsBlxX153J)|Hj+>K
z_iQOt<>hGS)^OE1`YP)-?5LD-v8`2XhNSb5Fa=^El46auxUhLHUix@bO4LSb$CYC3
zq#8?6_YCR0BQ~)aa@SEtFA9)8?VDFxke7J}9H+O|6hKjd)jk*mTnS9v@iqv{k6Kh@
zV>auL4fA?7s!aY-B#rNF8?rm+>$PsZm9^&&R{2iZp0{Vl%I~aIz=K9i7Cj)X$915Bn#41;_h>u_eIw`aB;fc6&MU2%Q=nf%q!=PY+WiUJ)#Z7Fk
z0@U^(3Ta?^$j)b|_JJah$H{$r5=_(S2HI5C%VTT^y1*=UgV{y=qJ1H|%*?Ys2-$L5
zS{;m)rL<@?HHCnKlWX-2w-?BB-s$4pC)_*JS)o9v8
zEl9?WbTiLmZV)Z|>~zwzLt{1TN8q-r7>O<{FkOIoQ7@!9>C~0~baoO}8rjQ&l?Law
zZC9&3w)Z0Oanu!WD3q%!c-|R@(q4L0%-oo5>e$bBJNzMG<(a`d&=Oo9hz`pYd#I^n
zY~CF*TxC0_D&t}#uv0p&%ZDydi5yW#w&lK;&=Cdn7;oP|!qfUUzKH%I7Ir^SImKL9
zbO@mzxDi4wnDyGGJ7-sj(mzA~Y*~H6?#2)itM}A7p&2N*HWIR=aqfs3hJ?XC^jtau
zM&~YOqz476p`B*s&O&$<@2s%@E7c;qd}^;r&vn|Eop_N~YvSFlYexynqN{J|0YPN>
z`Eto#aG_A{WG!Y*X>+F
z!qec8ilz}^A!2_^#+>I@<5qTA5r~{N9~H&|L^qFBh3fcO3TLUoRa}L^A|e|=J}tIC
zi-MnL$E!4771L*0eCo5T#sG;@e`>
zAsO`-ak+Y`pMJI)Vw}mKa%M)ZW*1wei-qTA_DZ>4LME2*;@rkM?bIzUq(pnq4MHZ8
zQ1@io5Qa=llUlZL7_y&7T@agd&LLHABLlr7cSJ>Pym})o&sxO}hxW?{XBUeYRtJf_
z%vJ-kktHEr!|}RX*o%pF@SKAcYwF`5hglGjUq(h7#ZcIy&K{JDm4ja2RbO1GB%~peE2?Xt4`nZi
zkrKr$OIlRnvKm>-cg#yaaIR{F+1*(;gW5D4-z&9(evZXp#Iv~ACOXq1V%$KyZ6Zg9
z>9eIvO-0^Fzffn%=xxSw1$T$8E`gR4_P7#lSr#u=VeM6a<=t8}m=4H2%Rr-iTr*Q{
zxY9UJN~iI6WU8`5$eyLzyMZ>myrq>_tysb3=Hkw4qAFLR2~1s5xLjLU5T7~LgIBKS
zbSGY%dvvQAw0e5Rob_CtnJPa><0i>IpSGPfY&bFx{Io(^Zb#}@rwz4E2fB$=gYRkE
zl9NK%7}~zuX?~&ga%k*FPGm|~mJVST;DtNPV0XB}U4Z3`g1=C)WSGlMeG;2pj0WkM
za?h6TE67E;az|R*lnz}um+eQTLs}_rZ$MhIMMI1HJy=gjwsDa(qP97qiM4Mx1TH%<
zYuOgIX2O>QwO1HP%Z?Wh^JZP6iN8oH?uyaCR2|v3g0b4BnmjflRXM~JD9)9%1t%ii
zrHFGHm3j+0QaZR8Cr{Q91A`8BX`1#{4%EH~tH4$f6y@hNO%*1kL3Dq0f^4*BuTrF?
zP~-?sMdi5=5tCKq6o+k-IeV|%Tq71T@xWeCF|B%DQaXIPvPSd}cRij|>hyYvKNdYP
z9Uj=l6_Jpatr@1ArlBIj#jVV0b|!h_X1Q$4-&ijq9bVyUsM_DAvN5fqITGMexQd=<
zL62(cXUKg!dEKU50pdL=!&2M%QHCr^q0Oh_*%QR=O=2jx0i*(>y?R~?1|_t9*k{0Z
zU6CArp{^UOlI-kfV~Kp(aMcqQP3U`(h@|q%380Z1}^!N
zAG1aVk({nnZ$>#LDASN!K&OE`rpekLI`z-DV=N;!Cmw)qB3rC`Y1}s2O@hX1$;m)E
zr>FI|HsYNrI%}T|2j0!&;TbCh0u55`BG75i17R)*a}
zq!0S%?3!5#9c+0dpuLh%}>Zzk2G}4l11v?rjN#q+;OY%-ld>}RTRu
zkJ5xf>zb3CCyQ~s??{ct>QkXl#8Svx63Pe444#ttrUM`7q-l0=CkML&Wx2=6LjArY
zU&ghTC`J-V$=_}ej=B9MIyM7Q!yT}2f#S3&%~7i*>seP0dJv!NrE*a%*?Bipbs2=G>VbEwTJrXEGg^1-B!*Yw4u$@;_|^
z%|`0JqqWG@ldymQM>M0<-#O`iXTZ&x%A_pBKzCl^Wp@#O{gCgza
z3_;djxU>Shy?STGc)4aS(>Ot*l81tkI-9c`@y^;7gX@qZEuD%Rl0m=pNYSk*e%d&a
zLcK6ppBH2g7GibY7WLO{76r#~-AO<<6hn1YBh3+bcm}aH<10Ka+-4iUi6+kWuj)+t
z$HmdpPm$5!c^=9|-!amdqAR?7lJTOh6%g_5wIDe2ifRNk?h4vizlX4H`*ThAEh)f}
zgLhI3Yvy4sb%WbQRe1kGD@*V2dn+R;Sp9YIipuPq7QYvQ@tZqCgyUleo+)k^g}prg
zmk!_Fp0o^N=K>tDe#r0$wqf&Z9qJG$nP+E!M6_Y1rhY68+B+_snMds~Q6LjzKr~V}TOIcciicJ^YB)ASqJ})E|JJ6%mySaHt
zxhKt}?L`vDim0_$;e#Y)X|@MQq!_Tp5ah
zAFVH%3j)1D`!VIED(}8GRi3qT=n5pQ9hkHk4k>2{q|`>CadCB}kiDKSq*ipKT2XCI
z|3S3NW>dBGjfo>q&+HEa!mKRpv&-OKC>A6jr>?(_^({@P0
zI3pu;p!_4N{h#lQg;C*$YdVox(22!%P>VlBLuq7vscGlVip!vrhD3j?&KmS;^$QNg
zK8NR&TbfD-3t1rJHVQi=##&O;B+`9gsnp7Ks}A*knP1UZ6({~|RBL~abSo@)yn
z@w3B9Dke~AEI*r6d62ukv%PMFxN93H#rm$ww|RYY4MuY?9(AWEexoM38|!V=@SuQbkD#(KGXf1C!8k
z(jYu&s-iP499X{k6YWxNxOW27>6SY6x4#uoNm-++cVDCXx~#mVB7gzlHWb1)RLfxP
zNMnW6maKh9X336olK~c03%PWX_6X{ndVlL@d~?-37wyB1VY`#r6w|g2d(Xx!SC6|;
zG`c`BMj>_F)%DLMm35vAoWNbAgbsQl&5N-Esfr)?8DU&R&XHTtG
z*{EAk-JI3&3;P$ftE*88wjdg8uFDScux&bbpIj;~&IPRvb9rs8n;nDi&7D7OU!o>9
z7`BXPaabr-5iH8GIKb35xeMJSwzRZ@F1A~e7BaA;cS_vnRP^#f^OY)VZm5Y1z-@Wv
zmuP{XsJPk+dzpsK$3Y4iRTuLJ@jwj-s6&BWWkX-=_)!amO+M3Q;F{Zt_zOeK`357~
zH`njAJ}QcatW2c>toL~3%m0a$@-4|qxw(SjVk^}cB`p!y$68p4$-8T2x)ps>ID#mT~o
zCWOh6yaH{ad9VpMyZi)vrsT57*15=gmy69kqBMr
zi0(G1QLY=PuT57}R*G#ga_v+q6!OE<{nR!f5?buBqAKG=xfh!tydG$CWCC5$2BO=U
za9R`e>V>4Pv*it*<7``{eZCB2e#4s5!mj?1aqL<`qv-++sx24|W0^{wAakX;`MLXKf#kv#xa
zS;R?9yiHrbL^mwrV-8!%tkaP)ss#Pz>w#+x?YlAV(k+ZR_OKk85SdzG5tRz~IaCUF
zCGh`g?rUNr%d)hBzkwDEJq$wh2sM;o7>!^^Iqdwi*mPBvYsOWTl_oR$M?#t)Y=<+W
zE9`JZgq@i!7R?4Bjf9E?qZUF!{0KE0m>sk14H7%HBe5A^hcwd6VvrCL&3FFpJ@>wQ
zU%dBhmq?W>?1;GU-FNS~=l4731Vjb3aH*L;WYj^~dw+6{;6~{5(~+N~u~W=F^LTbn
zF=9WLEpeaC+y=#E2Y=JW)g>R8v_zK=3>o8+TwTPd!m>G9Bo%ImW-6G`BHIjrKx2Qn
zfbK{t`HZhO_Ti4WC8CQ@Cs&u3RN;MjMQTx#%@9G++hGdqhTx7k$}CS8M``s9QF0%2
zE^8
zo4moiRdOBE$aV#c_SqHTz7q5qD~bIrA46y*A=bN2A7UC&X&Ms$3&en=y$baRIfNm%
zo81J!so>f2kPW%wSxUF
z#ybV63ZeeYv%+lK!i=`$L(~%550b49P8PGNFcTO7p@c;6>m*RW+H(>&fR!sP*WfQ9
zuf*Z^0G)}*DTU939%@pD$uX)&lpds6Uojxi3|}j`86vCaL5$qE
z9@~SZaLl1UTRgzNbb_-mD?|5d>Q6ze42Oxer3&Br%8%GCiDNQ1mEBqx40cP5s;Y)Q
zgoHb&^yUyv6vm=bW4ekN6i!a(nM;
z!3`F@(l8z~Px`gx0`8eR1mYuzh{IO|;&YU@(RmSmgN_?Mj7tpTkXlNxkzl5{&*@H&Tv{k}!7Z^&|nYeiWun>21VcO37aJ*Z|69H46%
z7YgxP3X%|A#I#(;QA?W)GE(d(ad*TWuv`h)1B?-05kw$nY0|HyK!U6Zu2XVu^X1xI
zFUD?BaR?~HMi`?MOFAKmiOS8Hq6Wnv3d9(pmT;A`^yCB=xtn4GNuS~6tCoRo!(P)v
zH2XH^3JMHSO;);ilNL(|cP~wGJKvR=7pxUC%mcO7zG*z(2JljFr5L!iPfrO%ad`3m
z>J@9Z{UO^BYQZ}KEx6h%^11g16~jo>rttvE*=KNk-2a3e{IqtMe(lN98nT5Gcb^z
zRCU_2j8ExizVu#k-Mc4tIw-
zV{7#c&w(#oMiZzd*qhqgcDe4<+IA0LE9Ue-Y;6VWtG*G2{#K{ur&6ls|l;3nhZO2w9S#tFj@}Na{Y*`sHm=R1m
zIEF{`F?W)-nzqBQNrGDe64-0Q@n(u{OU(exDIjsNwPky%%Dh~X3--pW+nP_ZxzE8N
z$woaD>ru}Rd%7^4u-k~{!(bxwwBiFyJS4*2!r{hts4lL(w5
zojy({6>)~Yz`biwa4*6uKyZFeJ(TW>MVE?DQ(P1e_DUwbXC;2OLy@Jaut1TCMG+dA
zb%iMQ%US^x0YWI@%#;fw1os+0VY+l7Ck|wq#;hezA4$Y)kq
z(XQxoNN6aT4!_uP=^<34`VXk1V--;dB#9__l89T3#|WFl7flim2h5OEIr4Z#6a;5m
zDJGz^IpC_OV1BZH`~Clzd5Y(zl(9D9rtiqz({f6Ew<}
z=t6`Ju=|kKk`9i0b_>yjw@YoWKqpwYvY{Mw86(u-mpNe1zlhjwCk-Hz$>}oYZIN99
zNs0eR0iX%A){`;osmy&6K~VZiJN34*hyc=Ie5GzNR!sa6(3gUC-I1VZ;)9LUua`EOIn<-@u)g1=bKpi?m`btLgf_1I`k@`rVgLI92OO`fQg|hBS%L#htS<7j66W?rq8oV*qm@nmDkV!$}gtlvEY!I
z+tWBQu}o5btg?|@pn8m%$q!*w><80zV^Mei09FU()XRUznrR8Nxzz@nOef>RS{xas
zCZ@43?Yt-Rv%~MLS1_kB93=*i=bJb4nA=Mozk$%dKF~nI5n-#vP!0F@`O-P7*yoa5
zmzO+meFiZ_oT^pwLk(G|sIFp`#IG3#o>XQN9y53=gdYS(F)Y!gBX5equJjMly4#0_ya-6jABwriG+Enrb
zmz2@z3lYZ!A2{g~u4;O55`o*b1n#O2vFN8RVX7pj7xm5^8p|96NeNQ
z2*Qw`N0PYR8ZMw&SUe*+40ot;B}+_v7|Tvvm8Z3UBKcy;zN17LEIoRW_>3Ed0f{-=
zZoh!)XoW0LsOg5RLOWTt1mO`!Ob
z8P5%Wh|gk)!fAC40LVEL-zRR$c;^zO3{hO^e1QnW^@m#pQ>sf&5}2qUAN!&tQZTC$
zdW}Y1g~G59cdGtE(|T&SH{xX_`HZEiU`r~&DPW(-!HpCv-s{;HcCc04^i^JnrkW~(
zX^pa$4W*JXK4u^%a@TRQ8!MsX@nZQV;P@4p&$OjAScJA(8QaUm9UYm%V_-cFR;wjI
z?1Sn>cyAH3eW6)Dj-l!R1;3JfW5d4>CazXNuc
zRUz{XdwmuJl!hzY^0-pn?100BG_uIt&Nn1;HDfG8#S+_f#uaSU_{O=OIK;bs_-D+hF>@hQh
z$25}NwYTKmX>b*Sa8jvLtFERg1YQW$PKu8t5t_YFo8sH9I7NO0MNXE@J}}IN#uUtF
z)w0c&Fwrz_R+ZllZ47b#vJx>=N7}&0e@80AWXc~<-#@{9O^rN)#e
zpkku5_({=(B=M=Rvch|!!BW$XFd=m!Y<0X!7Pxb2l>#uIROER)m|%z`q2T1<5E!eI
zqSb_>+n+Ur#DYg^qO;bGC;%a7fY=cP>)e%4qBadA@rGHWu->wYfUNk#LOc=&uRkBb
zD7!D16na{>jG1q+wo{27j#f=rIM&b8lIi}w`|~xDh6!gVv9mj4Iix;Ov;k|`*&B}O
ze_-D5Z4#yzO*s+6=b{=}bqo7>zb{o+%6GPD6|ti!!DxTs*O|?sWzS2
z*$@X6jhP=wxr5Z|(Y$b$sg9~jhqEjbgUAFYFx`=OEfW}M6{pdF$;0gSwo=0A`w{`n
zPJGw4T&*uBz?J!V%qS)={sHsKmn`VGeTESIaCwEebqbqEfqs0icrgo#$)SrE+@(G(
zpHjOm@cd5+u5xkuWVyIHzo2{ZuPP^%ZQYe}{
zQNekfWRQsiaeBd0^KiMIe007!TTEZAU-0wc?Vvi#xw!#jZ+dPX2vpT`yzzrMinCo@
zqj~upTlsPc$iifw&77C-E@ujCYP#6#)-w))`B(eKsFC`Q(KW;7j?4ihY9ayRY(vq;
zqVt&#Gy(=LJRDjD)kF^oYt)p2bR&dBC|=TcK~($|6?ezEGI^K-2%2!CBH~%MG#*N4
zA*VQPsXhf(0sA8KpQZ5odcL&r(u1xE5))k
z6fUw~rTl80bXs=8Vw2l5+iH?1icP1`I_2Y*At+LB(AW{dDR@-|Iv9f$;@Hp-=G+mK
z{GOnp1-D9ERM!qlAHZU?zO(
z23JNB7h;_2mno$=!##KL3|T&DUwzJ@B~^TVuo3K`7AQ&sXrQwqxXGNNM2I)OR*cU@
zt0!e(vQ|yrzm=7B)<9KdHOsx~y%AduKH^F@81wEh4;40&XNy)vFV-^eDXmB_}M^cwK`F6UOXThd-E7BIG97VV}
zMdYKB@Y;E^g7=lJa+X^@l`^A~DEgiGX2fP&oGil~@)%QE4AXZHR>7Fakkx58de5ebx|5Ej1pi0~V7&N0MEvk4uR
zj(TLDgBlUw!bx$ts8t4}I#_F4lbj{DcK1!ZznUJj-oP8ZDhZC8AUDZBs=?o;*yuCI
zC@|n6qHW-{H}|yWrAaxN+^yOhCO`~d7&F0nU(XgOH_Olp)7VmhS!$!qBtVMhpRlX301E-I+;t49r=>;u<*8v{B~crtMwDnNl(?S+HG?Qg5oIb
za{TOS^${vsULow|BN3_kmuf*Khq3O6|3L%LdYDLEr3^~!HytAH`Ivoy(au?b4SM%=jVNf6%zU%=`~moLKT*r=6GKc
zY|Qow=s}TqjEGY;wha5}2H_Krit+#$ic)=)w+wn`cjfxMt|fP&PS2l>zFj-xCT$6>*o1$R=z&Egf=P;j>c
z_PLs!8JSWrF71fM^WnNkaQtlRrCHoCD)?z#(twJzPJVsaDZJ*~Pd%-;DezTnSzf@W
zwrg-Gh!De=Bz1SHrS>w(3n`HYWSKw`XHu&spBw-ZHDOQK8oEhgg9oTIzjNUxl9`s>W9L=>81_PO*%?`4kxBUt>}H>vf}Bj(Ggust=Svid!0&8Y
z1$1Yb?Zsr4JCac$fm-p|m^vLjb0U+t#yjdg^ULHkcTULyy+WwpBoy6@8`Wh+|4EWU
zX*(j%k@9>fV9&JdOW4*L0h?BVY;*Dtu3vKsBv;lXJR+}0EJGbnY)xol(Fwzd^On|f
z<2}Knf_=u?B$jlSPMso@LC%(7WH%PRbP{82
zLn<n8N!aPL^$Vc~D)!F^TA&UXGQSHw7;v{JONMu0)s>+u#=%j&fAG-kdO
zBXd|ufuP!sl!K+ner$90-bTP3galP#aWYv==b*FQhsX2NIj|Rm6-BjT!=+C)(^p^+
z2SCA`T$}4X`*{kL19oQyA
zcmTRoEWI@gh9?y@0qsruK8Z;NzS801;xv>$|7N;6MUkLPks$pxu`D`8H>$+c@C&in
z!5xlX=ByfAgbUm{vdzr3L7c#A33&cAT)1vjU8iB4x{
zQ&dWvOwp7NT?||y;ysSL9$LPq!Xv~SimO>iuv;t|hhJpK4GS4P)O_3LoI{JVl~
zKLm^~I7RT5V-?7dZyMd2Te=7VRX&9wvw6K*
zqD)Y1Rx2L$%Q{Ocs`;z0c3UG#X$%T*|x$(#+9z~F0V5y)L7@ebe(UaX3`}=3oV%^
zx?K9B8s!UYp9YZaFzh3MJkT
zrs+(Cz3Wm}HfEbXi1lE)4z)LgFO&x!tJMaxcwp%RRY|b~wh}sFh!I#1%|Pu03kH`@
zRxqJ>76{fuBE>m>I1ml3kd@^^;wtbg6$S$KRfv)%)Y{6Fx0HO0oKL+s<%{8ID56fy
zGD1W>Q9NPaeufszZqG##9H&8p;W`rTJA}?HBK%?_I>H?pR?@ny_WRnnaUM>z6e2PL0vmo^B7C00@n`(6lbbx^?gWJ*JNN5|9l43;h
zc<1a^oJ5IPJO+E1qprvdK19nu+8}2$|C4h;2fZw&P<&jH&`hFi&QBJD(_JdD*F
zc$YNi9Lh{h_#$%AD*Or(Se2914b8kx951zp>R^Xn%CQ5@OLjy^sXawBRUP7_igd?`
zlY4~BB>Eu=Op{#uUCN}#rFkK4MG0kwla;Py^>jet%2Z@LKnbhrlI$N)&
zuV!nD0XQucs(Z{@YZ{?NWslTHa`!dbnTroFfI_j%57qs$Tv?2f2H#SU-uc4G!iQ7r
zu>}SbInm!bB#>dJj#379a_o~TAuLd~V0Jp8rtMc}q%mAh=c{UM4dTg3QFbg)uqnlz
zUje#cEom^v%goVbb&JbuUs1Ua+*;BVv6lDaTJ|-rABAFWWk6uNXY6?PYJS0Ija$K=
zU^T|nS<5Ks1O-=!gs?K`#JYqNV>Ufk9}e4Zu~;UpPBH~yujQp_l4X~TOKZ}EB9TS@
zzJ(6RC1<|-gn)~hW|$mQ+aB?dX!9j_RSW4)LQ$bq>=$e@94mwV!)3NeWROAQem@5w$x)AN#mtbqN4Efeai_znN|Iai78v
zpP+6p(FGsTDmcN!L<`Bcsbe|KM+bMid@kx3BBY(4z2p(+R-q&af-o2LuT*;4pa`up
za1iArLNT@d?og)3SScA{!3U5faR&A)TOd@MVT{FeZPWEjl-kXkD)_#RNcq!J
zx9H-{`4MweVR7=gaBF@W+~BriJy@4Y*68-5#Bf^XzOn*+brZI*n3&a>(Y=Z!Rv>d+
zw`OX1n3ed2bREAs7eW!v5e=*AYMaeMl@$Bb2kJ4noa|)+7g8B
zBRF+Nz^uJVQdL%TJbvJDnnnOZ)QVI-k)3!n89>Hu1`(h7eP}P7W>Sd$!z3O;+X1Rh
zHYZLVgA7FCTd8=;e`LTkA1E`ix+bP!75!*SqcJ}1Abo}OG+yiye>Pjgtx4wVZ!^Al
zG~62WKn1vOyPpG^C;YD;6L#r<(&WKJx8>ENs0VS&$H=S4uLRPd{q#J&QBk^SnzgxH
zgGp|dqEq2W|3x=x0s#Vy3z@Pxd7Z%kWv#Yr5=_v+T()3$#*W(3=i!izmh+uC2e=}H
zX4)J0y5X!N8AH2(b6zWE(@llNzGyicoWG_k!B#0(twA|0E(XLl!a@npJSXfqCol#Z
zvve>VGS+XR)gb>xIg_g}NM=XHgWqmXByrD%8w)AhlYtL)e
z(*k~1h!twR{_5@92@3qIDJKT_oXPc0@x)|ez+_^bDX~zoa4aWz4q@8f%}FqGt0Tdr
zoGo>iJpu)jCh5qxO0+E`i}U12wp2(n>F)#bC)xmd$27y(|b)HG&M@e<>x&%ad
zm(Cj(ELeBjj9lW7ZHF=M60koxq^hSNjA6(Ia$Tw03KI_AFNX%rSgM68bfXf<@o2v0
zB4EL1cmG1VZcG+)@Qn50>A~aq#TgZN)uea|aplk^UF5{r!!%=^uG@$f`GmJV{;+QO
zzM`1zE19resFtDyj5KM4o{82T
zuY__A0&Pui5+GN+=obEZ`#2U_eh=7+6OBFKsWSi5PON*}P34M;3NDtNf^8&0;i;VH
z?@SXlN+}(KX6|bO%(bDsT#b@TMb(dv2t6L_zZOW183VWDmhpb&)(B{#g>&nv5}k>3SN}nxBYyAwTn#21*O@R6IU{s%$0^cgbtBAXG$xo+*ax`e(>ZJV%|4
zI@8_sLp7%?V~w@kz;d#6i$djLRuK
z=H2QkhCH?AWY-A$3z>q?ClN)oHWuHD;Xhndu^*@P8vHbBxDmJjR-THha6FDio&V
zxgB>j;XG{SeIwS1hXW((lF}TrfOi-&k4b$Jj@B*T_CJ*bBQ5Li!RM_!c%02JSk`PaQNbEF$j|4p4LIf
z&f$D;Uy0f#oc%VrC=Tz_$zu72l)mK^ij7oiyjB*A0HV484O6=&U890U26eTKUOX;v
zl@E&jIi=hM=eTEAL9v(g-=atTV4_LE+iZh@O}$h_0kuGHY1pbQx`ut5Q%=>ZQa_yH
zK5J=t5SKi!NLSlSmp^oV^htz~jLYukIcNpPkL$l0(y#D%ly{J*Uo6mE7?kR&_RSpJ
z9+ezhRPxjFodd)sDLVNavRFZ_5{0BnHynl}H4O9GolpU!x6U5<1A50gzz@&cnCuz&6>a?-UO;sYAb@$
z#7s##1gGR3sfwi3PR7_!dfmj!R$S_^f6
zVG+~CLcN@5G&s~)aAj>R(L~Dj;Y+HsxI&`98cN~Ir%x8ki`h$R6e%KU`-u-YggZF#
zaI{?>uRd?!BfJdBFc-|`lJKVKDwP^DWT+zb0Ju7@{@*fLWS4i^2M7l0UDl!5KVL!2
z!fF^qoRYTt?Ta@+*iW9%)(FyJX`eiq?A_au?cNqla1)QlCp$bf8j)D|MfwazKGl>l
zghX%OY<+*y=tNbx7Buf$a<2|86v&1@R%9{5NmRq1+{vVlH?`#uWGODPF$+?MDoSN>
zTwor;$3ja!2eb&$Y$TQCqU6nibXyHbB9P
za1(GV={)T8!x{#0%D%W*Li|>A0xXF@FP1B2o(bS^GD3W!SdX$9K!c%L=MQS+@E5EC
z(~eMiQCcskqpMkr&|Vtum~CvGbw+(QItHmt91D)77O<2YRXt`alPR8|c=m2G?Vv^Q
ziltx-CJQP)2{ppdUe7CQ--4FOkZ>6wq2g*I_DwM?bJzFRWGM0}tx*o1pO?Bu$dgo4
zfB;YChQH2ID!7Z{{JK{g-PdZ
zkX_a*xy@AXVT%veGCe&t?dh%piR1C?iz}49TTL&h&bx}XxJ*NLF76Cmmc(co32(Um
zf*~OOHmi0jloVOdZpZosapH*d=PCEMvJa)W(x3~I9s*pp{K5_EAhm(?6=_#MFiFrhA&0$RE;d3_5`ZqfROj&U&`Go|WU}phG(aEC`1C-wc%m6d2E2&2pm
zP+#df>V*h_L}|Q~BCHZzn=Z5&$e&%EAH(m7tqlr{t2#sH@0Qb?%>cx1He95s6FGSK
znx(Zlu3m7_RM4yg0_X2fv_7b}m&)8>2)zUsqBl7l=+-H3Tg*kDTEi5Sr=EO{E2*n9`q~b@IW&JqAits(gEK8F)ap=|7(C(9~YK^4lFXoO^
zwa8^UnUtW6Q%3hBHk55jPH9G%mh8(L)kdK6hd4JHWPrE4Pn8j5jlLrGLPB2p+E7J=
zFRoB+n`flzGR|DVLZh#6>ucT49xhuFIbvG^QRa;G
zI`X6G`lH2iD#b-!Vk@GKl1Oc(h0O6+WVvccV;5@aa3x-!oaj;@-A*Z3A&%+E+qdI!
zBeSCdu@{vgc^=J5!%T`MY|1Fons|HC0}(@$c$_>y^!vDHFh&F7H>W%EIXILl5du7)
zmUo+E8N!jBR_c6Nr!!Hd`*@eZDT-+D$*c3_#ROI8R+|YuhH0@;oUq#JL{V0MzxN_`
zv0VDoNM}Gk)^S3~?_BIS11A&fq^;zqef-gEy19bb9q&MMo}X-<8iHRwuOQ3bh6{+~
zzDZkU(CFi|6b=K{@OI{x9)wEd!pj10gL>rZ#x%)L%DLPhpxb-Ln7j+6
zYjM^LV3blh-C=_+2Th3ZMHO@r3*W3>k`^hZaBo8=Z((!X#EHX_QlgmFG0OiOh)F~k
z9IKqRye*c@k*Ea!cLaNlT}S=T`$KI>2sv6146-MbcJq3+K>Y``{{X*xC`!YppTK1xLqHNgaKScjxQxP(KPrG>6_^{g|26N&l3)Y@AMyt^t#XO%w0!
zhlPs=dfZ$RzhaLO7UeouoKDhPk4@Y%!2sy14IAfUIaT0&a`=Q8+;=sr-!b%Nn9?Y|
z0zqQgKx`;Phrzc4bOwrjJI*!RHTfnl~;hqfYCDxnIuH36IiPoxrezuZu3
zeZe6FT!Y{whl(;w;b>jTC|MvPx`ZV}R90$9<`WIztZ4H%+RX`}giSAT++b@2G^~JU
zFm8cZz4Hm)sI4vCnA76g+#Y$5b+8?i(=oQW~;w<1
zMwGa+Y3*V7GHmB??S#aXkOLndqu?5Ib_MhjF)Sd&;8!~N8~{AWQgN2_loBTei(-iJ
z{mZNMYt+ic$kDy^yYtQT7_Xa^yuP;IE>I)--m8nNdzY&v%(~6H(Y^52FPp(l85Fy;;j|n~l)@Vut^ta2!W^|8q>Crv>dhgXze_78?
zM)x+TEHJu9@lSkvNgQ=_Z}xg}wwj*LCa+I%HTw&Gn;F3J$>G>S@!kuXbc!zIuyk3v)q4^u-PvgDW@zpDgCk!3lmp@S@jxHb{9Ure|
z*Y+0$i|u!;sr{yLj^{{9nq`6KwT
z@!ycQM=$XD$M9q0AO9!$z+Nx@6^)Aj(!WNdzl)E4>gNA%U&)p1^&kHk8Ef;m``GJi
zeEfgi_{SUh#9n__hL33ebPb!ozCC)Q@7wjhaV5Xm>m@CYeurLdygmOv(9b@g5Ap9G
z{ZPi+>u+7k`*iPLz)wE@H}D><$p#KYe*DoVa$kG>mK#gI+BkdtXL!$#|5C@>>w8=7|F5(0zxA7Pe|x?9b=w)b
zd%VB=H5&ap{NnHb%YR5aJsR2T&+=dKfBE|T2Yf{1<6UegOnzwrS*zm5Nq
zj{lL4e{CP=1@i0t3s)+Nq=lZAF{YQUA$9-L2X>#tL-QQln
zj?ex4NAKylpOe=g|8+MQzuGu^{YEza#|Jv@fxOy0?J73T{{G7tPw(0D|3t_CwvPX0
z`=Y+)*ZXUF|DEi6HvVs9@6)r=KYRTZ9WU?3|NnQr|IUZ;J^IbY*}H$cGXCd(AkY8q
z(soWpHQ}8jb$z
zx6%`5
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include "cppbor/cppbor.h"
+
+// static globals.
+static double keymasterVersion = -1;
+static std::string inputFileName;
+static std::string outputFileName;
+Json::Value root;
+Json::Value writerRoot;
+
+using namespace std;
+using cppbor::Array;
+using cppbor::Map;
+using cppbor::Bstr;
+
+// static function declarations
+static int processInputFile();
+static int processAttestationKey();
+static int processAttestationCertificateData();
+static int processAttestationIds();
+static int processSharedSecret();
+static int processSetBootParameters();
+static int readDataFromFile(const char *fileName, std::vector& data);
+static int addApduHeader(const int ins, std::vector& inputData);
+static int ecRawKeyFromPKCS8(const std::vector& pkcs8Blob, std::vector& secret, std::vector&publicKey);
+static X509* parseDerCertificate(std::vector& certData);
+static int getNotAfter(X509* x509, std::vector& notAfterDate);
+static int getDerSubjectName(X509* x509, std::vector& subject);
+static int getBootParameterIntValue(Json::Value& bootParamsObj, const char* key, uint32_t *value);
+static int getBootParameterBlobValue(Json::Value& bootParamsObj, const char* key, std::vector& blob);
+
+
+// Print usage.
+void usage() {
+    printf("Usage: Please give jason files with values as input to generate the apdus command. Please refer to sample_json files available in the folder for reference. Sample json files are written using hardcode parameters to be used for testing setup on cuttlefilsh emulator and goldfish emulators\n");
+    printf("construct_apdus [options]\n");
+    printf("Valid options are:\n");
+    printf("-h, --help    show this help message and exit.\n");
+    printf("-v, --km_version version \t Version of the keymaster (4.1 for keymaster; 4 for keymaster4_0) \n");
+    printf("-i, --input  jsonFile \t Input json file \n");
+    printf("-o, --output jsonFile \t Output json file \n");
+}
+
+
+X509* parseDerCertificate(std::vector& certData) {
+    X509 *x509 = nullptr;
+
+    /* Create BIO instance from certificate data */
+    BIO *bio = BIO_new_mem_buf(certData.data(), certData.size());
+    if(bio == nullptr) {
+        printf("\n Failed to create BIO from buffer.\n");
+        return nullptr;
+    }
+    /* Create X509 instance from BIO */
+    x509 = d2i_X509_bio(bio, NULL);
+    if(x509 == nullptr) {
+        printf("\n Failed to get X509 instance from BIO.\n");
+        return nullptr;
+    }
+    BIO_free(bio);
+    return x509;
+}
+
+int getDerSubjectName(X509* x509, std::vector& subject) {
+    uint8_t *subjectDer = NULL;
+    X509_NAME* asn1Subject = X509_get_subject_name(x509);
+    if(asn1Subject == NULL) {
+        printf("\n Failed to read the subject.\n");
+        return FAILURE;
+    }
+    /* Convert X509_NAME to der encoded subject */
+    int len = i2d_X509_NAME(asn1Subject, &subjectDer);
+    if (len < 0) {
+        printf("\n Failed to get readable name from X509_NAME.\n");
+        return FAILURE;
+    }
+    subject.insert(subject.begin(), subjectDer, subjectDer+len);
+    return SUCCESS;
+}
+
+int getNotAfter(X509* x509, std::vector& notAfterDate) {
+    const ASN1_TIME* notAfter = X509_get0_notAfter(x509);
+    if(notAfter == NULL) {
+        printf("\n Failed to read expiry time.\n");
+        return FAILURE;
+    }
+    int strNotAfterLen = ASN1_STRING_length(notAfter);
+    const uint8_t *strNotAfter = ASN1_STRING_get0_data(notAfter);
+    if(strNotAfter == NULL) {
+        printf("\n Failed to read expiry time from ASN1 string.\n");
+        return FAILURE;
+    }
+    notAfterDate.insert(notAfterDate.begin(), strNotAfter, strNotAfter + strNotAfterLen);
+    return SUCCESS;
+}
+
+
+int getBootParameterIntValue(Json::Value& bootParamsObj, const char* key, uint32_t *value) {
+    Json::Value val = bootParamsObj[key];
+    if(val.empty())
+        return FAILURE;
+
+    if(!val.isInt())
+        return FAILURE;
+
+    *value = (uint32_t)val.asInt();
+
+    return SUCCESS;
+}
+
+int getBootParameterBlobValue(Json::Value& bootParamsObj, const char* key, std::vector& blob) {
+    Json::Value val = bootParamsObj[key];
+    if(val.empty())
+        return FAILURE;
+
+    if(!val.isString())
+        return FAILURE;
+
+    std::string blobStr = hex2str(val.asString());
+
+    for(char ch : blobStr) {
+        blob.push_back((uint8_t)ch);
+    }
+
+    return SUCCESS;
+}
+
+
+// Parses the input json file. Prepares the apdu for each entry in the json
+// file and dump all the apdus into the output json file.
+int processInputFile() {
+    // Parse Json file
+    if (0 != readJsonFile(root, inputFileName)) {
+        return FAILURE;
+    }
+
+    printf("\n Selected Keymaster version(%f) for provisioning \n", keymasterVersion);
+    if (0 != processAttestationKey() ||
+        0 != processAttestationCertificateData() ||
+        0 != processAttestationIds() ||
+        0 != processSharedSecret() ||
+        0 != processSetBootParameters()) {
+      return FAILURE;
+    }
+    if (SUCCESS != writeJsonFile(writerRoot, outputFileName)) {
+        return FAILURE;
+    }
+    printf("\n Successfully written json to outfile: %s\n ", outputFileName.c_str());
+    return SUCCESS;
+}
+
+int processAttestationKey() {
+    Json::Value keyFile = root.get(kAttestKey, Json::Value::nullRef);
+    if (!keyFile.isNull()) {
+        std::vector data;
+        std::vector privateKey;
+        std::vector publicKey;
+
+        std::string keyFileName = keyFile.asString();
+        if(SUCCESS != readDataFromFile(keyFileName.data(), data)) {
+            printf("\n Failed to read the attestation key from the file.\n");
+            return FAILURE;
+        }
+        if (SUCCESS != ecRawKeyFromPKCS8(data, privateKey, publicKey)) {
+            return FAILURE;
+        }
+
+        // Prepare cbor input.
+        Array input;
+        Array keys;
+        Map map;
+        keys.add(privateKey);
+        keys.add(publicKey);
+        map.add(kTagAlgorithm, kAlgorithmEc);
+        map.add(kTagDigest, std::vector({kDigestSha256}));
+        map.add(kTagCurve, kCurveP256);
+        map.add(kTagPurpose, std::vector({kPurposeAttest}));
+        // Add elements inside cbor array.
+        input.add(std::move(map));
+        input.add(kKeyFormatRaw);
+        input.add(keys.encode());
+        std::vector cborData = input.encode();
+
+        if(SUCCESS != addApduHeader(kAttestationKeyCmd, cborData)) {
+            return FAILURE;
+        }
+        // Write to json.
+        writerRoot[kAttestKey] = getHexString(cborData);
+    } else {
+        printf("\n Improper value for attest_key in json file \n");
+        return FAILURE;
+    }
+    printf("\n Constructed attestation key APDU successfully. \n");
+    return SUCCESS;
+}
+
+static int processAttestationCertificateData() {
+    Json::Value certChainFiles = root.get(kAttestCertChain, Json::Value::nullRef);
+    if (!certChainFiles.isNull()) {
+        std::vector certData;
+        std::vector subject;
+        std::vector notAfter;
+
+        if(certChainFiles.isArray()) {
+            if (certChainFiles.size() == 0) {
+                printf("\n empty certificate.\n");
+                return FAILURE;
+            }
+            for (uint32_t i = 0; i < certChainFiles.size(); i++) {
+                if(certChainFiles[i].isString()) {
+                    /* Read the certificates. */
+                    if(SUCCESS != readDataFromFile(certChainFiles[i].asString().data(), certData)) {
+                        printf("\n Failed to read the Root certificate\n");
+                        return FAILURE;
+                    }
+                    if (i == 0) { // Leaf certificate
+                        /* Subject, AuthorityKeyIdentifier and Expirty time of the root certificate are required by javacard. */
+                        /* Get X509 certificate instance for the root certificate.*/
+                        X509_Ptr x509(parseDerCertificate(certData));
+                        if (!x509) {
+                          return FAILURE;
+                        }
+
+                        /* Get subject in DER */
+                        getDerSubjectName(x509.get(), subject);
+                        /* Get Expirty Time */
+                        getNotAfter(x509.get(), notAfter);
+                    }
+                } else {
+                    printf("\n Fail: Only proper certificate paths as a string is allowed inside the json file. \n");
+                    return FAILURE;
+                }
+            }
+        } else {
+            printf("\n Fail: cert chain value should be an array inside the json file. \n");
+            return FAILURE;
+        }
+        // Prepare cbor input
+        Array array;
+        array.add(certData);
+        array.add(subject);
+        array.add(notAfter);
+        std::vector cborData = array.encode();
+        if (SUCCESS != addApduHeader(kAttestCertDataCmd, cborData)) {
+            return FAILURE;
+        }
+        // Write to json.
+        writerRoot[kAttestCertChain] = getHexString(cborData);
+    } else {
+        printf("\n Fail: Improper value found for attest_cert_chain key inside json file \n");
+        return FAILURE;
+    }
+    printf("\n Constructed attestation certificate chain APDU successfully. \n");
+    return SUCCESS;
+}
+
+int processAttestationIds() {
+    //AttestIDParams params;
+    Json::Value attestIds = root.get("attest_ids", Json::Value::nullRef);
+    if (!attestIds.isNull()) {
+        Json::Value value;
+        Map map;
+        Json::Value::Members keys = attestIds.getMemberNames();
+        for(std::string key : keys) {
+            value = attestIds[key];
+            if(value.empty()) {
+                continue;
+            }
+            if (!value.isString()) {
+                printf("\n Fail: Value for each attest ids key should be a string in the json file \n");
+                return FAILURE;
+            }
+            std::string idVal = value.asString();
+            if (0 == key.compare("brand")) {
+                map.add(kTagAttestationIdBrand, std::vector(idVal.begin(), idVal.end()));
+            } else if(0 == key.compare("device")) {
+                map.add(kTagAttestationIdDevice, std::vector(idVal.begin(), idVal.end()));
+            } else if(0 == key.compare("product")) {
+                map.add(kTagAttestationIdProduct, std::vector(idVal.begin(), idVal.end()));
+            } else if(0 == key.compare("serial")) {
+                map.add(kTagAttestationIdSerial, std::vector(idVal.begin(), idVal.end()));
+            } else if(0 == key.compare("imei")) {
+                map.add(kTagAttestationIdImei, std::vector(idVal.begin(), idVal.end()));
+            } else if(0 == key.compare("meid")) {
+                map.add(kTagAttestationIdMeid, std::vector(idVal.begin(), idVal.end()));
+            } else if(0 == key.compare("manufacturer")) {
+                map.add(kTagAttestationIdManufacturer, std::vector(idVal.begin(), idVal.end()));
+            } else if(0 == key.compare("model")) {
+                map.add(kTagAttestationIdModel, std::vector(idVal.begin(), idVal.end()));
+            } else {
+                printf("\n unknown attestation id key:%s \n", key.c_str());
+                return FAILURE;
+            }
+        }
+
+        //-------------------------
+        // construct cbor input.
+        Array array;
+        array.add(std::move(map));
+        std::vector cborData = array.encode();
+        if (SUCCESS != addApduHeader(kAttestationIdsCmd, cborData)) {
+            return FAILURE;
+        }
+        // Write to json.
+        writerRoot[kAttestationIds] = getHexString(cborData);
+        //-------------------------
+    } else {
+        printf("\n Fail: Improper value found for attest_ids key inside the json file \n");
+        return FAILURE;
+    }
+    printf("\n Constructed attestation ids APDU successfully \n");
+    return SUCCESS;
+}
+
+int processSharedSecret() {
+    Json::Value sharedSecret = root.get("shared_secret", Json::Value::nullRef);
+    if (!sharedSecret.isNull()) {
+
+        if (!sharedSecret.isString()) {
+            printf("\n Fail: Value for shared secret key should be string inside the json file\n");
+            return FAILURE;
+        }
+        std::string secret = hex2str(sharedSecret.asString());
+        std::vector data(secret.begin(), secret.end());
+        // --------------------------
+        // Construct apdu.
+        Array array;
+        array.add(data);
+        std::vector cborData = array.encode();
+        if (SUCCESS != addApduHeader(kPresharedSecretCmd, cborData)) {
+            return FAILURE;
+        }
+        // Write to json.
+        writerRoot[kSharedSecret] = getHexString(cborData);
+        // --------------------------
+    } else {
+        printf("\n Fail: Improper value for shared_secret key inside the json file\n");
+        return FAILURE;
+    }
+    printf("\n Constructed shared secret APDU successfully \n");
+    return SUCCESS;
+}
+
+int processSetBootParameters() {
+    uint32_t bootPatchLevel;
+	std::vector verifiedBootKey;
+	std::vector verifiedBootKeyHash;
+	uint32_t verifiedBootState;
+	uint32_t deviceLocked;
+    Json::Value bootParamsObj = root.get("set_boot_params", Json::Value::nullRef);
+    if (!bootParamsObj.isNull()) {
+
+        if(SUCCESS != getBootParameterIntValue(bootParamsObj, "boot_patch_level", &bootPatchLevel)) {
+            printf("\n Invalid value for boot_patch_level or boot_patch_level tag missing\n");
+            return FAILURE;
+        }
+        if(SUCCESS != getBootParameterBlobValue(bootParamsObj, "verified_boot_key", verifiedBootKey)) {
+            printf("\n Invalid value for verified_boot_key or verified_boot_key tag missing\n");
+            return FAILURE;
+        }
+        if(SUCCESS != getBootParameterBlobValue(bootParamsObj, "verified_boot_key_hash", verifiedBootKeyHash)) {
+            printf("\n Invalid value for verified_boot_key_hash or verified_boot_key_hash tag missing\n");
+            return FAILURE;
+        }
+        if(SUCCESS != getBootParameterIntValue(bootParamsObj, "boot_state", &verifiedBootState)) {
+            printf("\n Invalid value for boot_state or boot_state tag missing\n");
+            return FAILURE;
+        }
+        if(SUCCESS != getBootParameterIntValue(bootParamsObj, "device_locked", &deviceLocked)) {
+            printf("\n Invalid value for device_locked or device_locked tag missing\n");
+            return FAILURE;
+        }
+
+    } else {
+        printf("\n Fail: Improper value found for set_boot_params key inside the json file\n");
+        return FAILURE;
+    }
+    //---------------------------------
+    // prepare cbor data.
+    Array array;
+    array.add(bootPatchLevel).
+    add(verifiedBootKey). /* Verified Boot Key */
+    add(verifiedBootKeyHash). /* Verified Boot Hash */
+    add(verifiedBootState). /* boot state */
+    add(deviceLocked);     /* device locked */
+
+    std::vector cborData = array.encode();
+    if (SUCCESS != addApduHeader(kBootParamsCmd, cborData)) {
+        return FAILURE;
+    }
+    // Write to json.
+    writerRoot[kBootParams] = getHexString(cborData);
+
+    //---------------------------------
+    printf("\n Constructed boot paramters APDU successfully \n");
+    return SUCCESS;
+}
+
+int ecRawKeyFromPKCS8(const std::vector& pkcs8Blob, std::vector& secret,
+        std::vector&publicKey) {
+    const uint8_t *data = pkcs8Blob.data();
+    EVP_PKEY *evpkey = d2i_PrivateKey(EVP_PKEY_EC, nullptr, &data, pkcs8Blob.size());
+    if(!evpkey) {
+        printf("\n Failed to decode private key from PKCS8, Error: %ld", ERR_peek_last_error());
+        return FAILURE;
+    }
+    EVP_PKEY_Ptr pkey(evpkey);
+
+    EC_KEY_Ptr ec_key(EVP_PKEY_get1_EC_KEY(pkey.get()));
+    if(!ec_key.get()) {
+        printf("\n Failed to create EC_KEY, Error: %ld", ERR_peek_last_error());
+        return FAILURE;
+    }
+
+    //Get EC Group
+    const EC_GROUP *group = EC_KEY_get0_group(ec_key.get());
+    if(group == NULL) {
+        printf("\n Failed to get the EC_GROUP from ec_key.");
+        return FAILURE;
+    }
+
+    //Extract private key.
+    const BIGNUM *privBn = EC_KEY_get0_private_key(ec_key.get());
+    int privKeyLen = BN_num_bytes(privBn);
+    std::unique_ptr privKey(new uint8_t[privKeyLen]);
+    BN_bn2bin(privBn, privKey.get());
+    secret.insert(secret.begin(), privKey.get(), privKey.get()+privKeyLen);
+
+    //Extract public key.
+    const EC_POINT *point = EC_KEY_get0_public_key(ec_key.get());
+    int pubKeyLen=0;
+    pubKeyLen = EC_POINT_point2oct(group, point, POINT_CONVERSION_UNCOMPRESSED, NULL, 0, NULL);
+    std::unique_ptr pubKey(new uint8_t[pubKeyLen]);
+    EC_POINT_point2oct(group, point, POINT_CONVERSION_UNCOMPRESSED, pubKey.get(), pubKeyLen, NULL);
+    publicKey.insert(publicKey.begin(), pubKey.get(), pubKey.get()+pubKeyLen);
+
+    return SUCCESS;
+}
+
+
+int addApduHeader(const int ins, std::vector& inputData) {
+    if(USHRT_MAX >= inputData.size()) {
+        // Send extended length APDU always as response size is not known to HAL.
+        // Case 1: Lc > 0  CLS | INS | P1 | P2 | 00 | 2 bytes of Lc | CommandData | 2 bytes of Le all set to 00.
+        // Case 2: Lc = 0  CLS | INS | P1 | P2 | 3 bytes of Le all set to 00.
+        //Extended length 3 bytes, starts with 0x00
+        if (inputData.size() > 0) {
+            inputData.insert(inputData.begin(), static_cast(inputData.size() & 0xFF)); // LSB
+            inputData.insert(inputData.begin(), static_cast(inputData.size() >> 8)); // MSB
+        }
+        inputData.insert(inputData.begin(), static_cast(0x00));
+        //Expected length of output.
+        //Accepting complete length of output every time.
+        inputData.push_back(static_cast(0x00));
+        inputData.push_back(static_cast(0x00));
+    } else {
+        printf("\n Failed to construct apdu. input data larger than USHORT_MAX.\n");
+        return FAILURE;
+    }
+
+    inputData.insert(inputData.begin(), static_cast(APDU_P2));//P2
+    inputData.insert(inputData.begin(), static_cast(APDU_P1));//P1
+    inputData.insert(inputData.begin(), static_cast(ins));//INS
+    inputData.insert(inputData.begin(), static_cast(APDU_CLS));//CLS
+    return SUCCESS;
+}
+
+int readDataFromFile(const char *filename, std::vector& data) {
+    FILE *fp;
+    int ret = SUCCESS;
+    fp = fopen(filename, "rb");
+    if(fp == NULL) {
+        printf("\nFailed to open file: \n");
+        return FAILURE;
+    }
+    fseek(fp, 0L, SEEK_END);
+    long int filesize = ftell(fp);
+    rewind(fp);
+    std::unique_ptr buf(new uint8_t[filesize]);
+    if( 0 == fread(buf.get(), filesize, 1, fp)) {
+        printf("\n No content in the file \n");
+        ret = FAILURE;
+        goto exit;
+    }
+    data.insert(data.end(), buf.get(), buf.get() + filesize);
+exit:    
+    fclose(fp);
+    return ret;
+}
+
+int main(int argc, char* argv[]) {
+    int c;
+    struct option longOpts[] = {
+        {"km_version",   required_argument, NULL, 'v'},
+        {"input",       required_argument, NULL, 'i'},
+        {"output",       required_argument, NULL, 'o'},
+        {"help",             no_argument,       NULL, 'h'},
+        {0,0,0,0}
+    };
+
+    if (argc <= 1) {
+        printf("\n Invalid command \n");
+        usage();
+        return FAILURE;
+    }
+
+    /* getopt_long stores the option index here. */
+    while ((c = getopt_long(argc, argv, ":hv:i:o:", longOpts, NULL)) != -1) {
+        switch(c) {
+            case 'v':
+                // keymaster version
+                keymasterVersion = atof(optarg);
+                std::cout << "Version: " << keymasterVersion << std::endl;
+                break;
+            case 'i':
+                // input file
+                inputFileName = std::string(optarg);
+                std::cout << "input file: " << inputFileName << std::endl;
+                break;
+            case 'o':
+                // output file
+                outputFileName = std::string(optarg);
+                std::cout << "output file: " << outputFileName << std::endl;
+                break;
+            case 'h':
+                // help
+                usage();
+                return SUCCESS;
+            case ':':
+                printf("\n missing argument\n");
+                usage();
+                return FAILURE;
+            case '?':
+            default:
+                printf("\n Invalid option\n");
+                usage();
+                return FAILURE;
+        }
+    }
+    if (keymasterVersion == -1 || inputFileName.empty() ||
+            outputFileName.empty() || optind < argc) {
+        printf("\n Missing mandatory arguments \n");
+        usage();
+        return FAILURE;
+    }
+    if (keymasterVersion != KEYMASTER_VERSION_4_1 && keymasterVersion != KEYMASTER_VERSION_4_0) {
+        printf("\n Error unknown version.");
+        return FAILURE;
+    }
+    // Process input file; construct apuds and store in output json file.
+    processInputFile();
+    return SUCCESS;
+}
diff --git a/ProvisioningTool/src/cppbor.cpp b/ProvisioningTool/src/cppbor.cpp
new file mode 100644
index 00000000..3414b8e5
--- /dev/null
+++ b/ProvisioningTool/src/cppbor.cpp
@@ -0,0 +1,626 @@
+/*
+ * Copyright 2019 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include 
+
+#include 
+#include 
+
+#include 
+
+using std::string;
+using std::vector;
+
+
+#if !defined(__TRUSTY__) && !defined(__LINUX__)
+#include 
+#define LOG_TAG "CppBor"
+#else
+#define CHECK(x) (void)(x)
+#endif
+
+#ifdef __LINUX__
+#define ERROR "ERROR: "
+#define LOG(x) std::cout << x 
+#endif
+
+namespace cppbor {
+
+namespace {
+
+template ::value>>
+Iterator writeBigEndian(T value, Iterator pos) {
+    for (unsigned i = 0; i < sizeof(value); ++i) {
+        *pos++ = static_cast(value >> (8 * (sizeof(value) - 1)));
+        value = static_cast(value << 8);
+    }
+    return pos;
+}
+
+template ::value>>
+void writeBigEndian(T value, std::function& cb) {
+    for (unsigned i = 0; i < sizeof(value); ++i) {
+        cb(static_cast(value >> (8 * (sizeof(value) - 1))));
+        value = static_cast(value << 8);
+    }
+}
+
+bool cborAreAllElementsNonCompound(const Item* compoundItem) {
+    if (compoundItem->type() == ARRAY) {
+        const Array* array = compoundItem->asArray();
+        for (size_t n = 0; n < array->size(); n++) {
+            const Item* entry = (*array)[n].get();
+            switch (entry->type()) {
+                case ARRAY:
+                case MAP:
+                    return false;
+                default:
+                    break;
+            }
+        }
+    } else {
+        const Map* map = compoundItem->asMap();
+        for (auto& [keyEntry, valueEntry] : *map) {
+            switch (keyEntry->type()) {
+                case ARRAY:
+                case MAP:
+                    return false;
+                default:
+                    break;
+            }
+            switch (valueEntry->type()) {
+                case ARRAY:
+                case MAP:
+                    return false;
+                default:
+                    break;
+            }
+        }
+    }
+    return true;
+}
+
+bool prettyPrintInternal(const Item* item, string& out, size_t indent, size_t maxBStrSize,
+                         const vector& mapKeysToNotPrint) {
+    if (!item) {
+        out.append("");
+        return false;
+    }
+
+    char buf[80];
+
+    string indentString(indent, ' ');
+
+    size_t tagCount = item->semanticTagCount();
+    while (tagCount > 0) {
+        --tagCount;
+        snprintf(buf, sizeof(buf), "tag %" PRIu64 " ", item->semanticTag(tagCount));
+        out.append(buf);
+    }
+
+    switch (item->type()) {
+        case SEMANTIC:
+            // Handled above.
+            break;
+
+        case UINT:
+            snprintf(buf, sizeof(buf), "%" PRIu64, item->asUint()->unsignedValue());
+            out.append(buf);
+            break;
+
+        case NINT:
+            snprintf(buf, sizeof(buf), "%" PRId64, item->asNint()->value());
+            out.append(buf);
+            break;
+
+        case BSTR: {
+            const uint8_t* valueData;
+            size_t valueSize;
+            const Bstr* bstr = item->asBstr();
+            if (bstr != nullptr) {
+                const vector& value = bstr->value();
+                valueData = value.data();
+                valueSize = value.size();
+            } else {
+                const ViewBstr* viewBstr = item->asViewBstr();
+                assert(viewBstr != nullptr);
+
+                std::basic_string_view view = viewBstr->view();
+                valueData = view.data();
+                valueSize = view.size();
+            }
+
+            if (valueSize > maxBStrSize) {
+                unsigned char digest[SHA_DIGEST_LENGTH];
+                SHA_CTX ctx;
+                SHA1_Init(&ctx);
+                SHA1_Update(&ctx, valueData, valueSize);
+                SHA1_Final(digest, &ctx);
+                char buf2[SHA_DIGEST_LENGTH * 2 + 1];
+                for (size_t n = 0; n < SHA_DIGEST_LENGTH; n++) {
+                    snprintf(buf2 + n * 2, 3, "%02x", digest[n]);
+                }
+                snprintf(buf, sizeof(buf), "", valueSize, buf2);
+                out.append(buf);
+            } else {
+                out.append("{");
+                for (size_t n = 0; n < valueSize; n++) {
+                    if (n > 0) {
+                        out.append(", ");
+                    }
+                    snprintf(buf, sizeof(buf), "0x%02x", valueData[n]);
+                    out.append(buf);
+                }
+                out.append("}");
+            }
+        } break;
+
+        case TSTR:
+            out.append("'");
+            {
+                // TODO: escape "'" characters
+                if (item->asTstr() != nullptr) {
+                    out.append(item->asTstr()->value().c_str());
+                } else {
+                    const ViewTstr* viewTstr = item->asViewTstr();
+                    assert(viewTstr != nullptr);
+                    out.append(viewTstr->view());
+                }
+            }
+            out.append("'");
+            break;
+
+        case ARRAY: {
+            const Array* array = item->asArray();
+            if (array->size() == 0) {
+                out.append("[]");
+            } else if (cborAreAllElementsNonCompound(array)) {
+                out.append("[");
+                for (size_t n = 0; n < array->size(); n++) {
+                    if (!prettyPrintInternal((*array)[n].get(), out, indent + 2, maxBStrSize,
+                                             mapKeysToNotPrint)) {
+                        return false;
+                    }
+                    out.append(", ");
+                }
+                out.append("]");
+            } else {
+                out.append("[\n" + indentString);
+                for (size_t n = 0; n < array->size(); n++) {
+                    out.append("  ");
+                    if (!prettyPrintInternal((*array)[n].get(), out, indent + 2, maxBStrSize,
+                                             mapKeysToNotPrint)) {
+                        return false;
+                    }
+                    out.append(",\n" + indentString);
+                }
+                out.append("]");
+            }
+        } break;
+
+        case MAP: {
+            const Map* map = item->asMap();
+
+            if (map->size() == 0) {
+                out.append("{}");
+            } else {
+                out.append("{\n" + indentString);
+                for (auto& [map_key, map_value] : *map) {
+                    out.append("  ");
+
+                    if (!prettyPrintInternal(map_key.get(), out, indent + 2, maxBStrSize,
+                                             mapKeysToNotPrint)) {
+                        return false;
+                    }
+                    out.append(" : ");
+                    if (map_key->type() == TSTR &&
+                        std::find(mapKeysToNotPrint.begin(), mapKeysToNotPrint.end(),
+                                  map_key->asTstr()->value()) != mapKeysToNotPrint.end()) {
+                        out.append("");
+                    } else {
+                        if (!prettyPrintInternal(map_value.get(), out, indent + 2, maxBStrSize,
+                                                 mapKeysToNotPrint)) {
+                            return false;
+                        }
+                    }
+                    out.append(",\n" + indentString);
+                }
+                out.append("}");
+            }
+        } break;
+
+        case SIMPLE:
+            const Bool* asBool = item->asSimple()->asBool();
+            const Null* asNull = item->asSimple()->asNull();
+            if (asBool != nullptr) {
+                out.append(asBool->value() ? "true" : "false");
+            } else if (asNull != nullptr) {
+                out.append("null");
+            } else {
+#ifndef __TRUSTY__
+                LOG(ERROR) << "Only boolean/null is implemented for SIMPLE";
+#endif  // __TRUSTY__
+                return false;
+            }
+            break;
+    }
+
+    return true;
+}
+
+}  // namespace
+
+size_t headerSize(uint64_t addlInfo) {
+    if (addlInfo < ONE_BYTE_LENGTH) return 1;
+    if (addlInfo <= std::numeric_limits::max()) return 2;
+    if (addlInfo <= std::numeric_limits::max()) return 3;
+    if (addlInfo <= std::numeric_limits::max()) return 5;
+    return 9;
+}
+
+uint8_t* encodeHeader(MajorType type, uint64_t addlInfo, uint8_t* pos, const uint8_t* end) {
+    size_t sz = headerSize(addlInfo);
+    if (end - pos < static_cast(sz)) return nullptr;
+    switch (sz) {
+        case 1:
+            *pos++ = type | static_cast(addlInfo);
+            return pos;
+        case 2:
+            *pos++ = type | ONE_BYTE_LENGTH;
+            *pos++ = static_cast(addlInfo);
+            return pos;
+        case 3:
+            *pos++ = type | TWO_BYTE_LENGTH;
+            return writeBigEndian(static_cast(addlInfo), pos);
+        case 5:
+            *pos++ = type | FOUR_BYTE_LENGTH;
+            return writeBigEndian(static_cast(addlInfo), pos);
+        case 9:
+            *pos++ = type | EIGHT_BYTE_LENGTH;
+            return writeBigEndian(addlInfo, pos);
+        default:
+            CHECK(false);  // Impossible to get here.
+            return nullptr;
+    }
+}
+
+void encodeHeader(MajorType type, uint64_t addlInfo, EncodeCallback encodeCallback) {
+    size_t sz = headerSize(addlInfo);
+    switch (sz) {
+        case 1:
+            encodeCallback(type | static_cast(addlInfo));
+            break;
+        case 2:
+            encodeCallback(type | ONE_BYTE_LENGTH);
+            encodeCallback(static_cast(addlInfo));
+            break;
+        case 3:
+            encodeCallback(type | TWO_BYTE_LENGTH);
+            writeBigEndian(static_cast(addlInfo), encodeCallback);
+            break;
+        case 5:
+            encodeCallback(type | FOUR_BYTE_LENGTH);
+            writeBigEndian(static_cast(addlInfo), encodeCallback);
+            break;
+        case 9:
+            encodeCallback(type | EIGHT_BYTE_LENGTH);
+            writeBigEndian(addlInfo, encodeCallback);
+            break;
+        default:
+            CHECK(false);  // Impossible to get here.
+    }
+}
+
+bool Item::operator==(const Item& other) const& {
+    if (type() != other.type()) return false;
+    switch (type()) {
+        case UINT:
+            return *asUint() == *(other.asUint());
+        case NINT:
+            return *asNint() == *(other.asNint());
+        case BSTR:
+            if (asBstr() != nullptr && other.asBstr() != nullptr) {
+                return *asBstr() == *(other.asBstr());
+            }
+            if (asViewBstr() != nullptr && other.asViewBstr() != nullptr) {
+                return *asViewBstr() == *(other.asViewBstr());
+            }
+            // Interesting corner case: comparing a Bstr and ViewBstr with
+            // identical contents. The function currently returns false for
+            // this case.
+            // TODO: if it should return true, this needs a deep comparison
+            return false;
+        case TSTR:
+            if (asTstr() != nullptr && other.asTstr() != nullptr) {
+                return *asTstr() == *(other.asTstr());
+            }
+            if (asViewTstr() != nullptr && other.asViewTstr() != nullptr) {
+                return *asViewTstr() == *(other.asViewTstr());
+            }
+            // Same corner case as Bstr
+            return false;
+        case ARRAY:
+            return *asArray() == *(other.asArray());
+        case MAP:
+            return *asMap() == *(other.asMap());
+        case SIMPLE:
+            return *asSimple() == *(other.asSimple());
+        case SEMANTIC:
+            return *asSemanticTag() == *(other.asSemanticTag());
+        default:
+            CHECK(false);  // Impossible to get here.
+            return false;
+    }
+}
+
+Nint::Nint(int64_t v) : mValue(v) {
+    CHECK(v < 0);
+}
+
+bool Simple::operator==(const Simple& other) const& {
+    if (simpleType() != other.simpleType()) return false;
+
+    switch (simpleType()) {
+        case BOOLEAN:
+            return *asBool() == *(other.asBool());
+        case NULL_T:
+            return true;
+        default:
+            CHECK(false);  // Impossible to get here.
+            return false;
+    }
+}
+
+uint8_t* Bstr::encode(uint8_t* pos, const uint8_t* end) const {
+    pos = encodeHeader(mValue.size(), pos, end);
+    if (!pos || end - pos < static_cast(mValue.size())) return nullptr;
+    return std::copy(mValue.begin(), mValue.end(), pos);
+}
+
+void Bstr::encodeValue(EncodeCallback encodeCallback) const {
+    for (auto c : mValue) {
+        encodeCallback(c);
+    }
+}
+
+uint8_t* ViewBstr::encode(uint8_t* pos, const uint8_t* end) const {
+    pos = encodeHeader(mView.size(), pos, end);
+    if (!pos || end - pos < static_cast(mView.size())) return nullptr;
+    return std::copy(mView.begin(), mView.end(), pos);
+}
+
+void ViewBstr::encodeValue(EncodeCallback encodeCallback) const {
+    for (auto c : mView) {
+        encodeCallback(static_cast(c));
+    }
+}
+
+uint8_t* Tstr::encode(uint8_t* pos, const uint8_t* end) const {
+    pos = encodeHeader(mValue.size(), pos, end);
+    if (!pos || end - pos < static_cast(mValue.size())) return nullptr;
+    return std::copy(mValue.begin(), mValue.end(), pos);
+}
+
+void Tstr::encodeValue(EncodeCallback encodeCallback) const {
+    for (auto c : mValue) {
+        encodeCallback(static_cast(c));
+    }
+}
+
+uint8_t* ViewTstr::encode(uint8_t* pos, const uint8_t* end) const {
+    pos = encodeHeader(mView.size(), pos, end);
+    if (!pos || end - pos < static_cast(mView.size())) return nullptr;
+    return std::copy(mView.begin(), mView.end(), pos);
+}
+
+void ViewTstr::encodeValue(EncodeCallback encodeCallback) const {
+    for (auto c : mView) {
+        encodeCallback(static_cast(c));
+    }
+}
+
+bool Array::operator==(const Array& other) const& {
+    return size() == other.size()
+           // Can't use vector::operator== because the contents are pointers.  std::equal lets us
+           // provide a predicate that does the dereferencing.
+           && std::equal(mEntries.begin(), mEntries.end(), other.mEntries.begin(),
+                         [](auto& a, auto& b) -> bool { return *a == *b; });
+}
+
+uint8_t* Array::encode(uint8_t* pos, const uint8_t* end) const {
+    pos = encodeHeader(size(), pos, end);
+    if (!pos) return nullptr;
+    for (auto& entry : mEntries) {
+        pos = entry->encode(pos, end);
+        if (!pos) return nullptr;
+    }
+    return pos;
+}
+
+void Array::encode(EncodeCallback encodeCallback) const {
+    encodeHeader(size(), encodeCallback);
+    for (auto& entry : mEntries) {
+        entry->encode(encodeCallback);
+    }
+}
+
+std::unique_ptr Array::clone() const {
+    auto res = std::make_unique();
+    for (size_t i = 0; i < mEntries.size(); i++) {
+        res->add(mEntries[i]->clone());
+    }
+    return res;
+}
+
+bool Map::operator==(const Map& other) const& {
+    return size() == other.size()
+           // Can't use vector::operator== because the contents are pairs of pointers.  std::equal
+           // lets us provide a predicate that does the dereferencing.
+           && std::equal(begin(), end(), other.begin(), [](auto& a, auto& b) {
+                  return *a.first == *b.first && *a.second == *b.second;
+              });
+}
+
+uint8_t* Map::encode(uint8_t* pos, const uint8_t* end) const {
+    pos = encodeHeader(size(), pos, end);
+    if (!pos) return nullptr;
+    for (auto& entry : mEntries) {
+        pos = entry.first->encode(pos, end);
+        if (!pos) return nullptr;
+        pos = entry.second->encode(pos, end);
+        if (!pos) return nullptr;
+    }
+    return pos;
+}
+
+void Map::encode(EncodeCallback encodeCallback) const {
+    encodeHeader(size(), encodeCallback);
+    for (auto& entry : mEntries) {
+        entry.first->encode(encodeCallback);
+        entry.second->encode(encodeCallback);
+    }
+}
+
+bool Map::keyLess(const Item* a, const Item* b) {
+    // CBOR map canonicalization rules are:
+
+    // 1. If two keys have different lengths, the shorter one sorts earlier.
+    if (a->encodedSize() < b->encodedSize()) return true;
+    if (a->encodedSize() > b->encodedSize()) return false;
+
+    // 2. If two keys have the same length, the one with the lower value in (byte-wise) lexical
+    // order sorts earlier.  This requires encoding both items.
+    auto encodedA = a->encode();
+    auto encodedB = b->encode();
+
+    return std::lexicographical_compare(encodedA.begin(), encodedA.end(),  //
+                                        encodedB.begin(), encodedB.end());
+}
+
+void recursivelyCanonicalize(std::unique_ptr& item) {
+    switch (item->type()) {
+        case UINT:
+        case NINT:
+        case BSTR:
+        case TSTR:
+        case SIMPLE:
+            return;
+
+        case ARRAY:
+            std::for_each(item->asArray()->begin(), item->asArray()->end(),
+                          recursivelyCanonicalize);
+            return;
+
+        case MAP:
+            item->asMap()->canonicalize(true /* recurse */);
+            return;
+
+        case SEMANTIC:
+            // This can't happen.  SemanticTags delegate their type() method to the contained Item's
+            // type.
+            assert(false);
+            return;
+    }
+}
+
+Map& Map::canonicalize(bool recurse) & {
+    if (recurse) {
+        for (auto& entry : mEntries) {
+            recursivelyCanonicalize(entry.first);
+            recursivelyCanonicalize(entry.second);
+        }
+    }
+
+    if (size() < 2 || mCanonicalized) {
+        // Trivially or already canonical; do nothing.
+        return *this;
+    }
+
+    std::sort(begin(), end(),
+              [](auto& a, auto& b) { return keyLess(a.first.get(), b.first.get()); });
+    mCanonicalized = true;
+    return *this;
+}
+
+std::unique_ptr Map::clone() const {
+    auto res = std::make_unique();
+    for (auto& [key, value] : *this) {
+        res->add(key->clone(), value->clone());
+    }
+    res->mCanonicalized = mCanonicalized;
+    return res;
+}
+
+std::unique_ptr SemanticTag::clone() const {
+    return std::make_unique(mValue, mTaggedItem->clone());
+}
+
+uint8_t* SemanticTag::encode(uint8_t* pos, const uint8_t* end) const {
+    // Can't use the encodeHeader() method that calls type() to get the major type, since that will
+    // return the tagged Item's type.
+    pos = ::cppbor::encodeHeader(kMajorType, mValue, pos, end);
+    if (!pos) return nullptr;
+    return mTaggedItem->encode(pos, end);
+}
+
+void SemanticTag::encode(EncodeCallback encodeCallback) const {
+    // Can't use the encodeHeader() method that calls type() to get the major type, since that will
+    // return the tagged Item's type.
+    ::cppbor::encodeHeader(kMajorType, mValue, encodeCallback);
+    mTaggedItem->encode(encodeCallback);
+}
+
+size_t SemanticTag::semanticTagCount() const {
+    size_t levelCount = 1;  // Count this level.
+    const SemanticTag* cur = this;
+    while (cur->mTaggedItem && (cur = cur->mTaggedItem->asSemanticTag()) != nullptr) ++levelCount;
+    return levelCount;
+}
+
+uint64_t SemanticTag::semanticTag(size_t nesting) const {
+    // Getting the value of a specific nested tag is a bit tricky, because we start with the outer
+    // tag and don't know how many are inside.  We count the number of nesting levels to find out
+    // how many there are in total, then to get the one we want we have to walk down levelCount -
+    // nesting steps.
+    size_t levelCount = semanticTagCount();
+    if (nesting >= levelCount) return 0;
+
+    levelCount -= nesting;
+    const SemanticTag* cur = this;
+    while (--levelCount > 0) cur = cur->mTaggedItem->asSemanticTag();
+
+    return cur->mValue;
+}
+
+string prettyPrint(const Item* item, size_t maxBStrSize, const vector& mapKeysToNotPrint) {
+    string out;
+    prettyPrintInternal(item, out, 0, maxBStrSize, mapKeysToNotPrint);
+    return out;
+}
+string prettyPrint(const vector& encodedCbor, size_t maxBStrSize,
+                   const vector& mapKeysToNotPrint) {
+    auto [item, _, message] = parse(encodedCbor);
+    if (item == nullptr) {
+#ifndef __TRUSTY__
+        LOG(ERROR) << "Data to pretty print is not valid CBOR: " << message;
+#endif  // __TRUSTY__
+        return "";
+    }
+
+    return prettyPrint(item.get(), maxBStrSize, mapKeysToNotPrint);
+}
+
+}  // namespace cppbor
diff --git a/ProvisioningTool/src/cppbor_parse.cpp b/ProvisioningTool/src/cppbor_parse.cpp
new file mode 100644
index 00000000..b1803310
--- /dev/null
+++ b/ProvisioningTool/src/cppbor_parse.cpp
@@ -0,0 +1,389 @@
+/*
+ * Copyright 2019 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "cppbor/cppbor_parse.h"
+
+#include 
+
+#if !defined( __TRUSTY__) && !defined(__LINUX__)
+#include 
+#define LOG_TAG "CppBor"
+#else
+#define CHECK(x) (void)(x)
+#endif
+
+namespace cppbor {
+
+namespace {
+
+std::string insufficientLengthString(size_t bytesNeeded, size_t bytesAvail,
+                                     const std::string& type) {
+    char buf[1024];
+    snprintf(buf, sizeof(buf), "Need %zu byte(s) for %s, have %zu.", bytesNeeded, type.c_str(),
+             bytesAvail);
+    return std::string(buf);
+}
+
+template >>
+std::tuple parseLength(const uint8_t* pos, const uint8_t* end,
+                                                       ParseClient* parseClient) {
+    if (pos + sizeof(T) > end) {
+        parseClient->error(pos - 1, insufficientLengthString(sizeof(T), end - pos, "length field"));
+        return {false, 0, pos};
+    }
+
+    const uint8_t* intEnd = pos + sizeof(T);
+    T result = 0;
+    do {
+        result = static_cast((result << 8) | *pos++);
+    } while (pos < intEnd);
+    return {true, result, pos};
+}
+
+std::tuple parseRecursively(const uint8_t* begin, const uint8_t* end,
+                                                          bool emitViews, ParseClient* parseClient);
+
+std::tuple handleUint(uint64_t value, const uint8_t* hdrBegin,
+                                                    const uint8_t* hdrEnd,
+                                                    ParseClient* parseClient) {
+    std::unique_ptr item = std::make_unique(value);
+    return {hdrEnd,
+            parseClient->item(item, hdrBegin, hdrEnd /* valueBegin */, hdrEnd /* itemEnd */)};
+}
+
+std::tuple handleNint(uint64_t value, const uint8_t* hdrBegin,
+                                                    const uint8_t* hdrEnd,
+                                                    ParseClient* parseClient) {
+    if (value > std::numeric_limits::max()) {
+        parseClient->error(hdrBegin, "NINT values that don't fit in int64_t are not supported.");
+        return {hdrBegin, nullptr /* end parsing */};
+    }
+    std::unique_ptr item = std::make_unique(-1 - static_cast(value));
+    return {hdrEnd,
+            parseClient->item(item, hdrBegin, hdrEnd /* valueBegin */, hdrEnd /* itemEnd */)};
+}
+
+std::tuple handleBool(uint64_t value, const uint8_t* hdrBegin,
+                                                    const uint8_t* hdrEnd,
+                                                    ParseClient* parseClient) {
+    std::unique_ptr item = std::make_unique(value == TRUE);
+    return {hdrEnd,
+            parseClient->item(item, hdrBegin, hdrEnd /* valueBegin */, hdrEnd /* itemEnd */)};
+}
+
+std::tuple handleNull(const uint8_t* hdrBegin, const uint8_t* hdrEnd,
+                                                    ParseClient* parseClient) {
+    std::unique_ptr item = std::make_unique();
+    return {hdrEnd,
+            parseClient->item(item, hdrBegin, hdrEnd /* valueBegin */, hdrEnd /* itemEnd */)};
+}
+
+template 
+std::tuple handleString(uint64_t length, const uint8_t* hdrBegin,
+                                                      const uint8_t* valueBegin, const uint8_t* end,
+                                                      const std::string& errLabel,
+                                                      ParseClient* parseClient) {
+    if (end - valueBegin < static_cast(length)) {
+        parseClient->error(hdrBegin, insufficientLengthString(length, end - valueBegin, errLabel));
+        return {hdrBegin, nullptr /* end parsing */};
+    }
+
+    std::unique_ptr item = std::make_unique(valueBegin, valueBegin + length);
+    return {valueBegin + length,
+            parseClient->item(item, hdrBegin, valueBegin, valueBegin + length)};
+}
+
+class IncompleteItem {
+  public:
+    virtual ~IncompleteItem() {}
+    virtual void add(std::unique_ptr item) = 0;
+};
+
+class IncompleteArray : public Array, public IncompleteItem {
+  public:
+    explicit IncompleteArray(size_t size) : mSize(size) {}
+
+    // We return the "complete" size, rather than the actual size.
+    size_t size() const override { return mSize; }
+
+    void add(std::unique_ptr item) override {
+        mEntries.reserve(mSize);
+        mEntries.push_back(std::move(item));
+    }
+
+  private:
+    size_t mSize;
+};
+
+class IncompleteMap : public Map, public IncompleteItem {
+  public:
+    explicit IncompleteMap(size_t size) : mSize(size) {}
+
+    // We return the "complete" size, rather than the actual size.
+    size_t size() const override { return mSize; }
+
+    void add(std::unique_ptr item) override {
+        if (mKeyHeldForAdding) {
+            mEntries.reserve(mSize);
+            mEntries.push_back({std::move(mKeyHeldForAdding), std::move(item)});
+        } else {
+            mKeyHeldForAdding = std::move(item);
+        }
+    }
+
+  private:
+    std::unique_ptr mKeyHeldForAdding;
+    size_t mSize;
+};
+
+class IncompleteSemanticTag : public SemanticTag, public IncompleteItem {
+  public:
+    explicit IncompleteSemanticTag(uint64_t value) : SemanticTag(value) {}
+
+    // We return the "complete" size, rather than the actual size.
+    size_t size() const override { return 1; }
+
+    void add(std::unique_ptr item) override { mTaggedItem = std::move(item); }
+};
+
+std::tuple handleEntries(size_t entryCount, const uint8_t* hdrBegin,
+                                                       const uint8_t* pos, const uint8_t* end,
+                                                       const std::string& typeName,
+                                                       bool emitViews,
+                                                       ParseClient* parseClient) {
+    while (entryCount > 0) {
+        --entryCount;
+        if (pos == end) {
+            parseClient->error(hdrBegin, "Not enough entries for " + typeName + ".");
+            return {hdrBegin, nullptr /* end parsing */};
+        }
+        std::tie(pos, parseClient) = parseRecursively(pos, end, emitViews, parseClient);
+        if (!parseClient) return {hdrBegin, nullptr};
+    }
+    return {pos, parseClient};
+}
+
+std::tuple handleCompound(
+        std::unique_ptr item, uint64_t entryCount, const uint8_t* hdrBegin,
+        const uint8_t* valueBegin, const uint8_t* end, const std::string& typeName,
+        bool emitViews, ParseClient* parseClient) {
+    parseClient =
+            parseClient->item(item, hdrBegin, valueBegin, valueBegin /* don't know the end yet */);
+    if (!parseClient) return {hdrBegin, nullptr};
+
+    const uint8_t* pos;
+    std::tie(pos, parseClient) =
+            handleEntries(entryCount, hdrBegin, valueBegin, end, typeName, emitViews, parseClient);
+    if (!parseClient) return {hdrBegin, nullptr};
+
+    return {pos, parseClient->itemEnd(item, hdrBegin, valueBegin, pos)};
+}
+
+std::tuple parseRecursively(const uint8_t* begin, const uint8_t* end,
+                                                          bool emitViews, ParseClient* parseClient) {
+    const uint8_t* pos = begin;
+
+    MajorType type = static_cast(*pos & 0xE0);
+    uint8_t tagInt = *pos & 0x1F;
+    ++pos;
+
+    bool success = true;
+    uint64_t addlData;
+    if (tagInt < ONE_BYTE_LENGTH) {
+        addlData = tagInt;
+    } else if (tagInt > EIGHT_BYTE_LENGTH) {
+        parseClient->error(
+                begin,
+                "Reserved additional information value or unsupported indefinite length item.");
+        return {begin, nullptr};
+    } else {
+        switch (tagInt) {
+            case ONE_BYTE_LENGTH:
+                std::tie(success, addlData, pos) = parseLength(pos, end, parseClient);
+                break;
+
+            case TWO_BYTE_LENGTH:
+                std::tie(success, addlData, pos) = parseLength(pos, end, parseClient);
+                break;
+
+            case FOUR_BYTE_LENGTH:
+                std::tie(success, addlData, pos) = parseLength(pos, end, parseClient);
+                break;
+
+            case EIGHT_BYTE_LENGTH:
+                std::tie(success, addlData, pos) = parseLength(pos, end, parseClient);
+                break;
+
+            default:
+                CHECK(false);  //  It's impossible to get here
+                break;
+        }
+    }
+
+    if (!success) return {begin, nullptr};
+
+    switch (type) {
+        case UINT:
+            return handleUint(addlData, begin, pos, parseClient);
+
+        case NINT:
+            return handleNint(addlData, begin, pos, parseClient);
+
+        case BSTR:
+            if (emitViews) {
+                return handleString(addlData, begin, pos, end, "byte string", parseClient);
+            } else {
+                return handleString(addlData, begin, pos, end, "byte string", parseClient);
+            }
+
+        case TSTR:
+            if (emitViews) {
+                return handleString(addlData, begin, pos, end, "text string", parseClient);
+            } else {
+                return handleString(addlData, begin, pos, end, "text string", parseClient);
+            }
+
+        case ARRAY:
+            return handleCompound(std::make_unique(addlData), addlData, begin, pos,
+                                  end, "array", emitViews, parseClient);
+
+        case MAP:
+            return handleCompound(std::make_unique(addlData), addlData * 2, begin,
+                                  pos, end, "map", emitViews, parseClient);
+
+        case SEMANTIC:
+            return handleCompound(std::make_unique(addlData), 1, begin, pos,
+                                  end, "semantic", emitViews, parseClient);
+
+        case SIMPLE:
+            switch (addlData) {
+                case TRUE:
+                case FALSE:
+                    return handleBool(addlData, begin, pos, parseClient);
+                case NULL_V:
+                    return handleNull(begin, pos, parseClient);
+                default:
+                    parseClient->error(begin, "Unsupported floating-point or simple value.");
+                    return {begin, nullptr};
+            }
+    }
+    CHECK(false);  // Impossible to get here.
+    return {};
+}
+
+class FullParseClient : public ParseClient {
+  public:
+    virtual ParseClient* item(std::unique_ptr& item, const uint8_t*, const uint8_t*,
+                              const uint8_t* end) override {
+        if (mParentStack.empty() && !item->isCompound()) {
+            // This is the first and only item.
+            mTheItem = std::move(item);
+            mPosition = end;
+            return nullptr;  //  We're done.
+        }
+
+        if (item->isCompound()) {
+            // Starting a new compound data item, i.e. a new parent.  Save it on the parent stack.
+            // It's safe to save a raw pointer because the unique_ptr is guaranteed to stay in
+            // existence until the corresponding itemEnd() call.
+            mParentStack.push(item.get());
+            return this;
+        } else {
+            appendToLastParent(std::move(item));
+            return this;
+        }
+    }
+
+    virtual ParseClient* itemEnd(std::unique_ptr& item, const uint8_t*, const uint8_t*,
+                                 const uint8_t* end) override {
+        CHECK(item->isCompound() && item.get() == mParentStack.top());
+        mParentStack.pop();
+
+        if (mParentStack.empty()) {
+            mTheItem = std::move(item);
+            mPosition = end;
+            return nullptr;  // We're done
+        } else {
+            appendToLastParent(std::move(item));
+            return this;
+        }
+    }
+
+    virtual void error(const uint8_t* position, const std::string& errorMessage) override {
+        mPosition = position;
+        mErrorMessage = errorMessage;
+    }
+
+    std::tuple /* result */, const uint8_t* /* newPos */,
+               std::string /* errMsg */>
+    parseResult() {
+        std::unique_ptr p = std::move(mTheItem);
+        return {std::move(p), mPosition, std::move(mErrorMessage)};
+    }
+
+  private:
+    void appendToLastParent(std::unique_ptr item) {
+        auto parent = mParentStack.top();
+//#if __has_feature(cxx_rtti)
+        assert(dynamic_cast(parent));
+//#endif
+
+        IncompleteItem* parentItem{};
+        if (parent->type() == ARRAY) {
+            parentItem = static_cast(parent);
+        } else if (parent->type() == MAP) {
+            parentItem = static_cast(parent);
+        } else if (parent->asSemanticTag()) {
+            parentItem = static_cast(parent);
+        } else {
+            CHECK(false);  // Impossible to get here.
+        }
+        parentItem->add(std::move(item));
+    }
+
+    std::unique_ptr mTheItem;
+    std::stack mParentStack;
+    const uint8_t* mPosition = nullptr;
+    std::string mErrorMessage;
+};
+
+}  // anonymous namespace
+
+void parse(const uint8_t* begin, const uint8_t* end, ParseClient* parseClient) {
+    parseRecursively(begin, end, false, parseClient);
+}
+
+std::tuple /* result */, const uint8_t* /* newPos */,
+           std::string /* errMsg */>
+parse(const uint8_t* begin, const uint8_t* end) {
+    FullParseClient parseClient;
+    parse(begin, end, &parseClient);
+    return parseClient.parseResult();
+}
+
+void parseWithViews(const uint8_t* begin, const uint8_t* end, ParseClient* parseClient) {
+    parseRecursively(begin, end, true, parseClient);
+}
+
+std::tuple /* result */, const uint8_t* /* newPos */,
+           std::string /* errMsg */>
+parseWithViews(const uint8_t* begin, const uint8_t* end) {
+    FullParseClient parseClient;
+    parseWithViews(begin, end, &parseClient);
+    return parseClient.parseResult();
+}
+
+}  // namespace cppbor
diff --git a/ProvisioningTool/src/provision.cpp b/ProvisioningTool/src/provision.cpp
new file mode 100644
index 00000000..bf3f96e8
--- /dev/null
+++ b/ProvisioningTool/src/provision.cpp
@@ -0,0 +1,343 @@
+/*
+ **
+ ** Copyright 2021, The Android Open Source Project
+ **
+ ** Licensed under the Apache License, Version 2.0 (the "License");
+ ** you may not use this file except in compliance with the License.
+ ** You may obtain a copy of the License at
+ **
+ **     http://www.apache.org/licenses/LICENSE-2.0
+ **
+ ** Unless required by applicable law or agreed to in writing, software
+ ** distributed under the License is distributed on an "AS IS" BASIS,
+ ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ** See the License for the specific language governing permissions and
+ ** limitations under the License.
+ */
+#include 
+#include 
+#include 
+#include 
+#include "socket.h"
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+enum ProvisionStatus {
+    NOT_PROVISIONED = 0x00,
+    PROVISION_STATUS_ATTESTATION_KEY = 0x01,
+    PROVISION_STATUS_ATTESTATION_CERT_CHAIN = 0x02,
+    PROVISION_STATUS_ATTESTATION_CERT_PARAMS = 0x04,
+    PROVISION_STATUS_ATTEST_IDS = 0x08,
+    PROVISION_STATUS_PRESHARED_SECRET = 0x10,
+    PROVISION_STATUS_PROVISIONING_LOCKED = 0x20,
+};
+
+std::string provisionStatusApdu = hex2str("80074000000000");
+std::string lockProvisionApdu = hex2str("80064000000000");
+
+Json::Value root;
+static double keymasterVersion = -1;
+static std::string inputFileName;
+using cppbor::Item;
+using cppbor::Array;
+using cppbor::Uint;
+using cppbor::MajorType;
+
+// static function declarations
+static uint16_t getApduStatus(std::vector& inputData);
+static int sendData(std::shared_ptr& pSocket, std::string input, std::vector& response);
+static int provisionData(std::shared_ptr& pSocket, const char* jsonKey);
+static int provisionData(std::shared_ptr& pSocket, std::string apdu, std::vector& response);
+static int getUint64(const std::unique_ptr &item, const uint32_t pos, uint64_t &value);
+
+
+// Print usage.
+void usage() {
+    printf("Usage: Please consturcture the apdu(s) with help of construct apdu tool and pass the output file to this utility.\n"); 
+    printf("provision [options]\n");
+    printf("Valid options are:\n");
+    printf("-h, --help    show this help message and exit.\n");
+    printf("-v, --km_version version \t Version of the keymaster(4.1 for keymaster; 5 for keymint \n");
+    printf("-i, --input  jsonFile \t Input json file \n");
+    printf("-s, --provision_status jsonFile \t Gets the provision status of applet. \n");
+    printf("-l, --lock_provision jsonFile \t Gets the provision status of applet. \n");
+
+}
+
+static uint16_t getApduStatus(std::vector& inputData) {
+    // Last two bytes are the status SW0SW1
+    uint8_t SW0 = inputData.at(inputData.size() - 2); 
+    uint8_t SW1 = inputData.at(inputData.size() - 1); 
+    return (SW0 << 8 | SW1);
+}
+
+static int sendData(std::shared_ptr& pSocket, std::string input, std::vector& response) {
+
+    std::vector apdu(input.begin(), input.end());
+
+    if(!pSocket->sendData(apdu, response)) {
+        std::cout << "Failed to provision attestation key" << std::endl;
+        return FAILURE;
+    }
+
+    // Response size should be greater than 2. Cbor output data followed by two bytes of APDU
+    // status.
+    if ((response.size() <= 2) || (getApduStatus(response) != APDU_RESP_STATUS_OK)) {
+        printf("\n Received error response with error: %d\n", getApduStatus(response));
+        return FAILURE;
+    }
+    // remove the status bytes
+    response.pop_back();
+    response.pop_back();
+    return SUCCESS;
+}
+
+int getUint64(const std::unique_ptr &item, const uint32_t pos, uint64_t &value) {
+    Array *arr = nullptr;
+
+    if (MajorType::ARRAY != item.get()->type()) {
+        return FAILURE;
+    }
+    arr = const_cast(item.get()->asArray());
+    if (arr->size() < (pos + 1)) {
+        return FAILURE;
+    }
+    std::unique_ptr subItem = std::move((*arr)[pos]);
+    const Uint* uintVal = subItem.get()->asUint();
+    value = uintVal->value();
+    return SUCCESS;
+}
+
+
+uint64_t unmaskPowerResetFlag(uint64_t errorCode) {
+    bool isSeResetOccurred = (0 != (errorCode & SE_POWER_RESET_STATUS_FLAG));
+
+    if (isSeResetOccurred) {
+        printf("\n Secure element reset happened\n");
+        errorCode &= ~SE_POWER_RESET_STATUS_FLAG;
+    }
+    return errorCode;
+}
+
+int provisionData(std::shared_ptr& pSocket, std::string apdu, std::vector& response) {
+    if (SUCCESS != sendData(pSocket, apdu, response)) {
+        return FAILURE;
+    }
+    auto [item, pos, message] = cppbor::parse(response);
+    if(item != nullptr) {
+        uint64_t err;
+        if(MajorType::ARRAY == item.get()->type()) {
+            if(SUCCESS != getUint64(item, 0, err)) {
+                printf("\n Failed to parse the error code \n");
+                return FAILURE;
+            }
+        } else if (MajorType::UINT == item.get()->type()) {
+            const Uint* uintVal = item.get()->asUint();
+            err = uintVal->value();
+        }
+        err = unmaskPowerResetFlag(err);
+        if (err != 0) {
+            printf("\n Failed with error:%ld", err);
+            return FAILURE;
+        }
+    } else {
+        printf("\n Failed to parse the response\n");
+        return FAILURE;
+    }
+    return SUCCESS;
+}
+
+int provisionData(std::shared_ptr& pSocket, const char* jsonKey) {
+    std::vector response;
+    Json::Value val = root.get(jsonKey, Json::Value::nullRef);
+    if (!val.isNull()) {
+        if (val.isString()) {
+            if (SUCCESS != provisionData(pSocket, hex2str(val.asString()), response)) {
+                printf("\n Error while provisioning %s \n", jsonKey);
+                return FAILURE;
+            }
+        } else {
+            printf("\n Fail: Expected (%s) tag value is string. \n", jsonKey);
+            return FAILURE;
+        }
+    }
+    printf("\n Successfully provisioned %s \n", jsonKey);
+    return SUCCESS;
+}
+
+int openConnection(std::shared_ptr& pSocket) {
+    if (!pSocket->isConnected()) {
+        if (!pSocket->openConnection())
+            return FAILURE;
+    } else {
+        printf("\n Socket already opened.\n");
+    }
+    return SUCCESS;
+} 
+
+// Parses the input json file. Sends the apdus to JCServer.
+int processInputFile() {
+
+    if (keymasterVersion != KEYMASTER_VERSION_4_1 && keymasterVersion != KEYMASTER_VERSION_4_0) {
+        printf("\n Error unknown version.\n");
+        usage();
+        return FAILURE;
+    }
+    // Parse Json file
+    if (0 != readJsonFile(root, inputFileName)) {
+        return FAILURE;
+    }
+    std::shared_ptr pSocket = SocketTransport::getInstance();
+    if (SUCCESS != openConnection(pSocket)) {
+        printf("\n Failed to open connection \n");
+        return FAILURE;
+    }
+    std::vector response;
+
+    printf("\n Selected Keymaster version(%f) for provisioning \n", keymasterVersion);
+    if (0 != provisionData(pSocket, kAttestKey) ||
+        0 != provisionData(pSocket, kAttestCertChain) ||
+        0 != provisionData(pSocket, kAttestationIds) ||
+        0 != provisionData(pSocket, kSharedSecret) ||
+        0 != provisionData(pSocket, kBootParams)) {
+        return FAILURE;
+    }
+    return SUCCESS;
+}
+
+int lockProvision() {
+    std::vector response;
+    std::shared_ptr pSocket = SocketTransport::getInstance();
+    if (SUCCESS != openConnection(pSocket)) {
+        printf("\n Failed to open connection \n");
+        return FAILURE;
+    }
+    if (SUCCESS != provisionData(pSocket, lockProvisionApdu, response)) {
+        printf("\n Failed to lock provision.\n");
+        return FAILURE;
+    }
+    printf("\n Provision lock is successfull.\n");
+    return SUCCESS;
+}
+
+int getProvisionStatus() {
+    std::vector response;
+    std::shared_ptr pSocket = SocketTransport::getInstance();
+    if (SUCCESS != openConnection(pSocket)) {
+        printf("\n Failed to open connection \n");
+        return FAILURE;
+    }
+
+    if (SUCCESS != provisionData(pSocket, provisionStatusApdu, response)) {
+        printf("\n Failed to get provision status \n");
+        return FAILURE;
+    }
+    auto [item, pos, message] = cppbor::parse(response);
+    if(item != nullptr) {
+        uint64_t status;
+        if(SUCCESS != getUint64(item, 1, status)) {
+            printf("\n Failed to get the provision status.\n");
+            return FAILURE;
+        }
+        if ( (0 != (status & ProvisionStatus::PROVISION_STATUS_ATTESTATION_KEY)) &&
+            (0 != (status & ProvisionStatus::PROVISION_STATUS_ATTESTATION_CERT_CHAIN)) &&
+            (0 != (status & ProvisionStatus::PROVISION_STATUS_ATTESTATION_CERT_PARAMS)) &&
+            (0 != (status & ProvisionStatus::PROVISION_STATUS_PRESHARED_SECRET))) {
+                printf("\n SE is provisioned \n");
+        } else {
+            if (0 == (status & ProvisionStatus::PROVISION_STATUS_ATTESTATION_KEY)) {
+                printf("\n Attestation key is not provisioned \n");
+            }
+            if (0 == (status & ProvisionStatus::PROVISION_STATUS_ATTESTATION_CERT_CHAIN)) {
+                printf("\n Attestation certificate chain is not provisioned \n");
+            }
+            if (0 == (status & ProvisionStatus::PROVISION_STATUS_ATTESTATION_CERT_PARAMS)) {
+                printf("\n Attestation certificate params are not provisioned \n");
+            }
+            if (0 == (status & ProvisionStatus::PROVISION_STATUS_PRESHARED_SECRET)) {
+                printf("\n Shared secret is not provisioned \n");
+            }
+        }
+    } else {
+        printf("\n Fail to parse the response \n");
+        return FAILURE;
+    }
+    return SUCCESS;
+}
+
+int main(int argc, char* argv[]) {
+    int c;
+    bool provisionStatusSet = false;
+    bool lockProvisionSet = false;
+
+    struct option longOpts[] = {
+        {"km_version",  required_argument, NULL, 'v'},
+        {"input",       required_argument, NULL, 'i'},
+        {"provision_status", no_argument, NULL,  's'},
+        {"lock_provision", no_argument,   NULL,  'l'},
+        {"help",        no_argument,       NULL, 'h'},
+        {0,0,0,0}
+    };
+
+    if (argc <= 1) {
+        printf("\n Invalid command \n");
+        usage();
+        return FAILURE;
+    }
+
+    /* getopt_long stores the option index here. */
+    while ((c = getopt_long(argc, argv, ":hlsv:i:", longOpts, NULL)) != -1) {
+        switch(c) {
+            case 'v':
+                // keymaster version
+                keymasterVersion = atof(optarg);
+                std::cout << "Version: " << keymasterVersion << std::endl;
+                break;
+            case 'i':
+                // input file
+                inputFileName = std::string(optarg);
+                std::cout << "input file: " << inputFileName << std::endl;
+                break;
+            case 's':
+                provisionStatusSet = true;
+                break;
+            case 'l':
+                lockProvisionSet = true;
+                break;
+            case 'h':
+                // help
+                usage();
+                return SUCCESS;
+            case ':':
+                printf("\n Required arguments missing.\n");
+                usage();
+                return FAILURE;
+            case '?':
+            default:
+                printf("\n Invalid option\n");
+                usage();
+                return FAILURE;
+        }
+    }
+    // Process input file; send apuds to JCServer over socket.
+    if (argc >= 5) {
+        if (SUCCESS != processInputFile()) {
+            return FAILURE;
+        }
+    } else if (keymasterVersion != -1 || !inputFileName.empty()) {
+            printf("\n For provisioning km_version and input json file arguments are mandatory.\n");
+            usage();
+            return FAILURE;
+    }
+    if (provisionStatusSet)
+        getProvisionStatus();
+    if (lockProvisionSet)
+        lockProvision();
+    return SUCCESS;
+}
+
+
diff --git a/ProvisioningTool/src/socket.cpp b/ProvisioningTool/src/socket.cpp
new file mode 100644
index 00000000..b85e09c5
--- /dev/null
+++ b/ProvisioningTool/src/socket.cpp
@@ -0,0 +1,110 @@
+/*
+ **
+ ** Copyright 2021, The Android Open Source Project
+ **
+ ** Licensed under the Apache License, Version 2.0 (the "License");
+ ** you may not use this file except in compliance with the License.
+ ** You may obtain a copy of the License at
+ **
+ **     http://www.apache.org/licenses/LICENSE-2.0
+ **
+ ** Unless required by applicable law or agreed to in writing, software
+ ** distributed under the License is distributed on an "AS IS" BASIS,
+ ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ** See the License for the specific language governing permissions and
+ ** limitations under the License.
+ */
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include "socket.h"
+
+#define PORT 8080
+#define IPADDR "127.0.0.1"
+//#define IPADDR  "192.168.0.5"
+#define MAX_RECV_BUFFER_SIZE 2500
+
+using namespace std;
+
+SocketTransport::~SocketTransport() {
+    if (closeConnection())
+        std::cout << "Socket is closed";
+}
+
+bool SocketTransport::openConnection() {
+    struct sockaddr_in serv_addr;
+    if ((mSocket = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
+        perror("Socket ");
+        return false;
+    }
+
+    serv_addr.sin_family = AF_INET;
+    serv_addr.sin_port = htons(PORT);
+
+    // Convert IPv4 and IPv6 addresses from text to binary form
+    if (inet_pton(AF_INET, IPADDR, &serv_addr.sin_addr) <= 0) {
+        std::cout << "Invalid address/ Address not supported.";
+        return false;
+    }
+
+    if (connect(mSocket, (struct sockaddr*)&serv_addr, sizeof(serv_addr)) < 0) {
+        close(mSocket);
+        perror("Socket ");
+        return false;
+    }
+    socketStatus = true;
+    return true;
+}
+
+bool SocketTransport::sendData(const std::vector& inData, std::vector& output) {
+    uint8_t buffer[MAX_RECV_BUFFER_SIZE];
+    int count = 1;
+    while (!socketStatus && count++ < 5) {
+        sleep(1);
+        std::cout << "Trying to open socket connection... count: " << count;
+        openConnection();
+    }
+
+    if (count >= 5) {
+        std::cout << "Failed to open socket connection";
+        return false;
+    }
+
+    if (0 > send(mSocket, inData.data(), inData.size(), 0)) {
+        static int connectionResetCnt = 0; /* To avoid loop */
+        if (ECONNRESET == errno && connectionResetCnt == 0) {
+            // Connection reset. Try open socket and then sendData.
+            socketStatus = false;
+            connectionResetCnt++;
+            return sendData(inData, output);
+        }
+        std::cout << "Failed to send data over socket err: " << errno;
+        connectionResetCnt = 0;
+        return false;
+    }
+
+    ssize_t valRead = read(mSocket, buffer, MAX_RECV_BUFFER_SIZE);
+    if (0 > valRead) {
+        std::cout << "Failed to read data from socket.";
+    }
+    for (ssize_t i = 0; i < valRead; i++) {
+        output.push_back(buffer[i]);
+    }
+    return true;
+}
+
+bool SocketTransport::closeConnection() {
+    close(mSocket);
+    socketStatus = false;
+    return true;
+}
+
+bool SocketTransport::isConnected() {
+    return socketStatus;
+}
+
diff --git a/ProvisioningTool/src/utils.cpp b/ProvisioningTool/src/utils.cpp
new file mode 100644
index 00000000..41ad8a6c
--- /dev/null
+++ b/ProvisioningTool/src/utils.cpp
@@ -0,0 +1,96 @@
+/*
+ **
+ ** Copyright 2021, The Android Open Source Project
+ **
+ ** Licensed under the Apache License, Version 2.0 (the "License");
+ ** you may not use this file except in compliance with the License.
+ ** You may obtain a copy of the License at
+ **
+ **     http://www.apache.org/licenses/LICENSE-2.0
+ **
+ ** Unless required by applicable law or agreed to in writing, software
+ ** distributed under the License is distributed on an "AS IS" BASIS,
+ ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ** See the License for the specific language governing permissions and
+ ** limitations under the License.
+ */
+#include 
+#include 
+#include 
+#include 
+
+
+constexpr char hex_value[256] = {0, 0,  0,  0,  0,  0,  0,  0, 0, 0, 0, 0, 0, 0, 0, 0,  //
+                                 0, 0,  0,  0,  0,  0,  0,  0, 0, 0, 0, 0, 0, 0, 0, 0,  //
+                                 0, 0,  0,  0,  0,  0,  0,  0, 0, 0, 0, 0, 0, 0, 0, 0,  //
+                                 0, 1,  2,  3,  4,  5,  6,  7, 8, 9, 0, 0, 0, 0, 0, 0,  // '0'..'9'
+                                 0, 10, 11, 12, 13, 14, 15, 0, 0, 0, 0, 0, 0, 0, 0, 0,  // 'A'..'F'
+                                 0, 0,  0,  0,  0,  0,  0,  0, 0, 0, 0, 0, 0, 0, 0, 0,  //
+                                 0, 10, 11, 12, 13, 14, 15, 0, 0, 0, 0, 0, 0, 0, 0, 0,  // 'a'..'f'
+                                 0, 0,  0,  0,  0,  0,  0,  0, 0, 0, 0, 0, 0, 0, 0, 0,  //
+                                 0, 0,  0,  0,  0,  0,  0,  0, 0, 0, 0, 0, 0, 0, 0, 0,  //
+                                 0, 0,  0,  0,  0,  0,  0,  0, 0, 0, 0, 0, 0, 0, 0, 0,  //
+                                 0, 0,  0,  0,  0,  0,  0,  0, 0, 0, 0, 0, 0, 0, 0, 0,  //
+                                 0, 0,  0,  0,  0,  0,  0,  0, 0, 0, 0, 0, 0, 0, 0, 0,  //
+                                 0, 0,  0,  0,  0,  0,  0,  0, 0, 0, 0, 0, 0, 0, 0, 0,  //
+                                 0, 0,  0,  0,  0,  0,  0,  0, 0, 0, 0, 0, 0, 0, 0, 0,  //
+                                 0, 0,  0,  0,  0,  0,  0,  0, 0, 0, 0, 0, 0, 0, 0, 0,  //
+                                 0, 0,  0,  0,  0,  0,  0,  0, 0, 0, 0, 0, 0, 0, 0, 0};
+
+std::string getHexString(std::vector& input) { 
+   std::stringstream ss;
+   for (auto b : input) {
+       ss << std::setw(2) << std::setfill('0') << std::hex << (int) (b & 0xFF);
+   }
+   return ss.str();
+}
+
+
+std::string hex2str(std::string a) { 
+    std::string b;
+    size_t num = a.size() / 2;
+    b.resize(num);
+    for (size_t i = 0; i < num; i++) {
+        b[i] = (hex_value[a[i * 2] & 0xFF] << 4) + (hex_value[a[i * 2 + 1] & 0xFF]);
+    }    
+    return b;
+}
+
+
+// Parses the json file and returns 0 if success; otherwise 1.
+int readJsonFile(Json::Value& root, std::string& inputFileName) {
+    Json::CharReaderBuilder builder;
+    std::string errorMessage;
+
+    if(!root.empty()) {
+        printf("\n Already parsed \n");
+        return 1;
+    }
+    std::ifstream stream(inputFileName);
+    if (Json::parseFromStream(builder, stream, &root, &errorMessage)) {
+        printf("\n Parsed json file successfully.\n");
+        return 0;
+    } else {
+        printf("\n Failed to parse json file  error:%s\n", errorMessage.c_str());
+        return 1;
+    }
+}
+
+// Write the json data to the output file.
+int writeJsonFile(Json::Value& writerRoot, std::string& outputFileName) {
+    
+    std::ofstream ofs;
+    // Delete file if already exists.
+    std::remove(outputFileName.data());
+    ofs.open(outputFileName, std::ofstream::out | std::ios_base::app);
+    if (ofs.fail()) {
+        printf("\n Fail to open the output file:%s", outputFileName.c_str());
+        return FAILURE;
+    }
+
+    Json::StyledWriter styledWriter;
+    ofs << styledWriter.write(writerRoot);
+
+    ofs.close();
+    return SUCCESS;
+}
\ No newline at end of file
diff --git a/ProvisioningTool/test_resources/batch_key.der b/ProvisioningTool/test_resources/batch_key.der
index f490207337bc76f637d018d63e19616e2fc4c7eb..d7de570568afc8a92caf17af1534ec93872749e3 100644
GIT binary patch
delta 41
tcmb>IVw5*%Y-eI*Fc4;A*J|@PXUoLM#sOw9GqSVf8e~soQk`h*1^~r^37-G}

delta 25
gcmeBTtYk7MpD3@&vw(|@L#xf>oGmjW`$QKv096wPZ~y=R

diff --git a/aosp_integration_patches/cts_tests_tests_keystore.patch b/aosp_integration_patches/cts_tests_tests_keystore.patch
new file mode 100644
index 00000000..85ffb05c
--- /dev/null
+++ b/aosp_integration_patches/cts_tests_tests_keystore.patch
@@ -0,0 +1,176 @@
+diff --git a/tests/tests/keystore/src/android/keystore/cts/AttestKeyTest.java b/tests/tests/keystore/src/android/keystore/cts/AttestKeyTest.java
+index 0f064b645fd..452c034fcb0 100644
+--- a/tests/tests/keystore/src/android/keystore/cts/AttestKeyTest.java
++++ b/tests/tests/keystore/src/android/keystore/cts/AttestKeyTest.java
+@@ -144,7 +144,13 @@ public class AttestKeyTest {
+     @Test
+     public void testAttestKeySecurityLevelMismatch() throws Exception {
+         TestUtils.assumeStrongBox();
+-
++        int keyStoreFeatureVersionStrongBox =
++                TestUtils.getFeatureVersionKeystoreStrongBox(InstrumentationRegistry.getInstrumentation().getTargetContext());     
++        if(Attestation.KM_VERSION_KEYMASTER_4  == keyStoreFeatureVersionStrongBox
++        	|| Attestation.KM_VERSION_KEYMASTER_4_1 == keyStoreFeatureVersionStrongBox) {
++            return;
++        }
++        		
+         final String strongBoxAttestKeyAlias = "nonAttestKey";
+         final String attestedKeyAlias = "attestedKey";
+         generateKeyPair(KEY_ALGORITHM_EC,
+diff --git a/tests/tests/keystore/src/android/keystore/cts/BlockCipherTestBase.java b/tests/tests/keystore/src/android/keystore/cts/BlockCipherTestBase.java
+index ccbadf98a31..eca7b6c2abe 100644
+--- a/tests/tests/keystore/src/android/keystore/cts/BlockCipherTestBase.java
++++ b/tests/tests/keystore/src/android/keystore/cts/BlockCipherTestBase.java
+@@ -744,17 +744,27 @@ abstract class BlockCipherTestBase extends AndroidTestCase {
+         int blockSize = getBlockSize();
+         if (isStreamCipher()) {
+             // Stream cipher -- one byte in, one byte out
++            int comparingPosition = 0;
++            //Stream cipher -- one byte in, one byte out (unless when Strongbox is used)
+             for (int plaintextIndex = 0; plaintextIndex < plaintext.length; plaintextIndex++) {
+                 byte[] output = update(new byte[] {plaintext[plaintextIndex]});
+-                assertEquals("plaintext index: " + plaintextIndex, 1, output.length);
+-                assertEquals("plaintext index: " + plaintextIndex,
+-                        expectedCiphertext[plaintextIndex], output[0]);
++                if (!isStrongbox()) {
++                    assertTrue(output != null);
++                    assertEquals("plaintext index: " + plaintextIndex, 1, output.length);
++                }
++                if (output != null) {
++                    for (int i = 0; i < output.length; ++i) {
++                        assertEquals("ciphertext comparison position: " + comparingPosition,
++                                expectedCiphertext[comparingPosition], output[i]);
++                        comparingPosition += 1;
++                    }
++                }
+             }
+             byte[] finalOutput = doFinal();
+             byte[] expectedFinalOutput;
+-            if (isAuthenticatedCipher()) {
++            if (isAuthenticatedCipher() || (isStrongbox() && finalOutput.length != 0)) {
+                 expectedFinalOutput =
+-                        subarray(expectedCiphertext, plaintext.length, expectedCiphertext.length);
++                        subarray(expectedCiphertext, comparingPosition, expectedCiphertext.length);
+             } else {
+                 expectedFinalOutput = EmptyArray.BYTE;
+             }
+@@ -814,15 +824,28 @@ abstract class BlockCipherTestBase extends AndroidTestCase {
+             byte[] finalOutput = doFinal();
+             assertEquals(expectedPlaintext, finalOutput);
+         } else if (isStreamCipher()) {
+-            // Unauthenticated stream cipher -- one byte in, one byte out
++            int comparingPosition = 0;
++            // Unauthenticated stream cipher -- one byte in, one byte out (unless when Strongbox is used)
+             for (int ciphertextIndex = 0; ciphertextIndex < ciphertext.length; ciphertextIndex++) {
+                 byte[] output = update(new byte[] {ciphertext[ciphertextIndex]});
+-                assertEquals("ciphertext index: " + ciphertextIndex, 1, output.length);
+-                assertEquals("ciphertext index: " + ciphertextIndex,
+-                        expectedPlaintext[ciphertextIndex], output[0]);
++                if (!isStrongbox()) {
++                    assertTrue(output != null);
++                    assertEquals("ciphertext index: " + ciphertextIndex, 1, output.length);
++                }
++                if (output != null) {
++                    for (int i = 0; i < output.length; ++i) {
++                        assertEquals("plaintext comparison position: " + comparingPosition,
++                                expectedPlaintext[comparingPosition], output[i]);
++                        comparingPosition += 1;
++                    }
++                }
+             }
+             byte[] finalOutput = doFinal();
+-            assertEquals(0, finalOutput.length);
++            int expectedPlainTextLength = 0;
++            if (isStrongbox()) {
++                expectedPlainTextLength = (expectedPlaintext.length - comparingPosition);
++            }
++            assertEquals(expectedPlainTextLength, finalOutput.length);
+         } else {
+             // Unauthenticated block cipher -- operates in full blocks only
+ 
+@@ -1187,6 +1210,8 @@ abstract class BlockCipherTestBase extends AndroidTestCase {
+                 throw new AssertionFailedError("Unsupported opmode: " + opmode);
+         }
+ 
++        boolean allowZeroLengthOutput = expectedOutput.length == 0;
++
+         int inputEndIndexInBuffer = inputOffsetInBuffer + input.length;
+         int outputEndIndexInBuffer = outputOffsetInBuffer + expectedOutput.length;
+ 
+@@ -1195,15 +1220,15 @@ abstract class BlockCipherTestBase extends AndroidTestCase {
+         System.arraycopy(input, 0, buffer, inputOffsetInBuffer, input.length);
+         createCipher();
+         initKat(opmode);
+-        String additionalInformation = "";
+-        if (isStrongbox() && opmode == Cipher.ENCRYPT_MODE) {
+-            additionalInformation = "May fail due to b/194134359";
+-        }
+-        assertEquals(additionalInformation, expectedOutput.length,
+-                update(buffer, inputOffsetInBuffer, input.length,
+-                        buffer, outputOffsetInBuffer));
+-        assertEquals(expectedOutput,
+-                subarray(buffer, outputOffsetInBuffer, outputEndIndexInBuffer));
++        int bytes = update(buffer, inputOffsetInBuffer, input.length,
++                buffer, outputOffsetInBuffer);
++        // We make little assumptions about the size of the output. But we make sure that at least
++        // one block was processed.
++        assertTrue(bytes >= blockSize || (allowZeroLengthOutput && bytes == 0));
++        // Check that all that was processed was as expected.
++        assertEquals(subarray(expectedOutput, 0, bytes),
++            subarray(buffer, outputOffsetInBuffer, outputOffsetInBuffer + bytes));
++
+ 
+         if (outputOffsetInBuffer == 0) {
+             // We can use the update variant which assumes that output offset is 0.
+@@ -1211,10 +1236,10 @@ abstract class BlockCipherTestBase extends AndroidTestCase {
+             System.arraycopy(input, 0, buffer, inputOffsetInBuffer, input.length);
+             createCipher();
+             initKat(opmode);
+-            assertEquals(expectedOutput.length,
+-                    update(buffer, inputOffsetInBuffer, input.length, buffer));
+-            assertEquals(expectedOutput,
+-                    subarray(buffer, outputOffsetInBuffer, outputEndIndexInBuffer));
++            bytes = update(buffer, inputOffsetInBuffer, input.length, buffer);
++            assertTrue(bytes >= blockSize || (allowZeroLengthOutput && bytes == 0));
++            assertEquals(subarray(expectedOutput, 0, bytes),
++                    subarray(buffer, outputOffsetInBuffer, outputOffsetInBuffer + bytes));
+         }
+ 
+         // Test the update(ByteBuffer, ByteBuffer) variant
+@@ -1225,9 +1250,10 @@ abstract class BlockCipherTestBase extends AndroidTestCase {
+                 ByteBuffer.wrap(buffer, outputOffsetInBuffer, expectedOutput.length);
+         createCipher();
+         initKat(opmode);
+-        assertEquals(expectedOutput.length, update(inputBuffer, outputBuffer));
+-        assertEquals(expectedOutput,
+-                subarray(buffer, outputOffsetInBuffer, outputEndIndexInBuffer));
++        bytes = update(inputBuffer, outputBuffer);
++        assertTrue(bytes >= blockSize || (allowZeroLengthOutput && bytes == 0));
++        assertEquals(subarray(expectedOutput, 0, bytes),
++                subarray(buffer, outputOffsetInBuffer, outputOffsetInBuffer + bytes));
+     }
+ 
+     public void testDoFinalCopySafe() throws Exception {
+@@ -1485,16 +1511,15 @@ abstract class BlockCipherTestBase extends AndroidTestCase {
+                     0, outputLength);
+             return;
+         }
++        /*
++         * Strongbox implementations did not have the following restrictions.
++         */
++        if (isStrongbox()) return;
+ 
+         if (isStreamCipher()) {
+             if (outputLength != inputLength) {
+-                if (isStrongbox()) {
+-                    fail("Output of update (" + outputLength + ") not same size as input ("
+-                                + inputLength + ") b/194123581");
+-                } else {
+-                    fail("Output of update (" + outputLength + ") not same size as input ("
+-                            + inputLength + ")");
+-                }
++                fail("Output of update (" + outputLength + ") not same size as input ("
++                        + inputLength + ")");
+             }
+         } else {
+             if ((outputLength % getBlockSize()) != 0) {
diff --git a/aosp_integration_patches/device_google_cuttlefish.patch b/aosp_integration_patches/device_google_cuttlefish.patch
new file mode 100644
index 00000000..750eb6ff
--- /dev/null
+++ b/aosp_integration_patches/device_google_cuttlefish.patch
@@ -0,0 +1,58 @@
+diff --git a/shared/device.mk b/shared/device.mk
+index c0b6112c7..6d9362ea4 100644
+--- a/shared/device.mk
++++ b/shared/device.mk
+@@ -576,6 +576,9 @@ endif
+  PRODUCT_PACKAGES += \
+     $(LOCAL_KEYMINT_PRODUCT_PACKAGE)
+ 
++PRODUCT_PACKAGES += \
++    android.hardware.keymaster@4.1-strongbox.service \
++
+ # Keymint configuration
+ ifneq ($(LOCAL_PREFER_VENDOR_APEX),true)
+ PRODUCT_COPY_FILES += \
+diff --git a/shared/sepolicy/vendor/file_contexts b/shared/sepolicy/vendor/file_contexts
+index 55b8d964e..80732eb7b 100644
+--- a/shared/sepolicy/vendor/file_contexts
++++ b/shared/sepolicy/vendor/file_contexts
+@@ -86,6 +86,7 @@
+ /vendor/bin/hw/android\.hardware\.thermal@2\.0-service\.mock  u:object_r:hal_thermal_default_exec:s0
+ /vendor/bin/hw/android\.hardware\.security\.keymint-service\.remote  u:object_r:hal_keymint_remote_exec:s0
+ /vendor/bin/hw/android\.hardware\.keymaster@4\.1-service.remote  u:object_r:hal_keymaster_remote_exec:s0
++/vendor/bin/hw/android\.hardware\.keymaster@4\.1-strongbox\.service  u:object_r:hal_keymaster_strongbox_exec:s0
+ /vendor/bin/hw/android\.hardware\.gatekeeper@1\.0-service.remote  u:object_r:hal_gatekeeper_remote_exec:s0
+ /vendor/bin/hw/android\.hardware\.confirmationui@1\.0-service.cuttlefish  u:object_r:hal_confirmationui_cuttlefish_exec:s0
+ /vendor/bin/hw/android\.hardware\.oemlock-service.example u:object_r:hal_oemlock_default_exec:s0
+diff --git a/shared/sepolicy/vendor/hal_keymaster_strongbox.te b/shared/sepolicy/vendor/hal_keymaster_strongbox.te
+new file mode 100644
+index 000000000..40cb82c3f
+--- /dev/null
++++ b/shared/sepolicy/vendor/hal_keymaster_strongbox.te
+@@ -0,0 +1,14 @@
++type hal_keymaster_strongbox, domain;
++hal_server_domain(hal_keymaster_strongbox, hal_keymaster)
++
++type hal_keymaster_strongbox_exec, exec_type, vendor_file_type, file_type;
++init_daemon_domain(hal_keymaster_strongbox)
++
++vndbinder_use(hal_keymaster_strongbox)
++get_prop(hal_keymaster_strongbox, vendor_security_patch_level_prop);
++
++# Allow access to sockets
++allow hal_keymaster_strongbox self:tcp_socket { connect create write read getattr getopt setopt };
++allow hal_keymaster_strongbox port_type:tcp_socket name_connect;
++allow hal_keymaster_strongbox port:tcp_socket { name_connect };
++allow hal_keymaster_strongbox vendor_data_file:file { open read getattr };
+diff --git a/shared/sepolicy/vendor/service_contexts b/shared/sepolicy/vendor/service_contexts
+index d20d026cf..214576e3e 100644
+--- a/shared/sepolicy/vendor/service_contexts
++++ b/shared/sepolicy/vendor/service_contexts
+@@ -4,6 +4,7 @@ android.hardware.neuralnetworks.IDevice/nnapi-sample_float_slow u:object_r:hal_n
+ android.hardware.neuralnetworks.IDevice/nnapi-sample_minimal    u:object_r:hal_neuralnetworks_service:s0
+ android.hardware.neuralnetworks.IDevice/nnapi-sample_quant    u:object_r:hal_neuralnetworks_service:s0
+ android.hardware.neuralnetworks.IDevice/nnapi-sample_sl_shim  u:object_r:hal_neuralnetworks_service:s0
++android.hardware.keymaster@4.1::IKeymasterDevice/strongbox      u:object_r:hal_keymaster_service:s0
+ 
+ # Binder service mappings
+ gce                                       u:object_r:gce_service:s0
diff --git a/aosp_integration_patches/hardware_interfaces_keymaster.patch b/aosp_integration_patches/hardware_interfaces_keymaster.patch
new file mode 100644
index 00000000..dd6d8326
--- /dev/null
+++ b/aosp_integration_patches/hardware_interfaces_keymaster.patch
@@ -0,0 +1,36 @@
+diff --git a/keymaster/4.0/vts/functional/Android.bp b/keymaster/4.0/vts/functional/Android.bp
+index a7be660c4..dd91e9089 100644
+--- a/keymaster/4.0/vts/functional/Android.bp
++++ b/keymaster/4.0/vts/functional/Android.bp
+@@ -31,9 +31,11 @@ cc_test {
+         "VerificationTokenTest.cpp",
+         "keymaster_hidl_hal_test.cpp",
+     ],
++    shared_libs: [
++        "libcrypto",
++    ],
+     static_libs: [
+         "android.hardware.keymaster@4.0",
+-        "libcrypto_static",
+         "libkeymaster4support",
+         "libkeymaster4vtstest",
+     ],
+diff --git a/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp b/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp
+index 476eed8b1..823683d75 100644
+--- a/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp
++++ b/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp
+@@ -1079,9 +1079,12 @@ TEST_P(SigningOperationsTest, RsaPaddingNoneDoesNotAllowOther) {
+  * presented.
+  */
+ TEST_P(SigningOperationsTest, NoUserConfirmation) {
+-    if (SecLevel() == SecurityLevel::STRONGBOX) return;
++    size_t key_size = 1024;
++    if (SecLevel() == SecurityLevel::STRONGBOX){
++        key_size = 2048;
++    }
+     ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
+-                                             .RsaSigningKey(1024, 65537)
++                                             .RsaSigningKey(key_size, 65537)
+                                              .Digest(Digest::NONE)
+                                              .Padding(PaddingMode::NONE)
+                                              .Authorization(TAG_NO_AUTH_REQUIRED)
diff --git a/aosp_integration_patches/omapi_patches/JavacardKeymaster.patch b/aosp_integration_patches/omapi_patches/JavacardKeymaster.patch
new file mode 100644
index 00000000..cc06ca69
--- /dev/null
+++ b/aosp_integration_patches/omapi_patches/JavacardKeymaster.patch
@@ -0,0 +1,330 @@
+diff --git a/HAL/keymaster/4.1/OmapiTransport.cpp b/HAL/keymaster/4.1/OmapiTransport.cpp
+index 5aaefc9..9466c84 100644
+--- a/HAL/keymaster/4.1/OmapiTransport.cpp
++++ b/HAL/keymaster/4.1/OmapiTransport.cpp
+@@ -14,36 +14,214 @@
+  ** See the License for the specific language governing permissions and
+  ** limitations under the License.
+  */
+-#include  
+-#include  
+-#include  
+-#include  
+-#include  
++#include 
++#include 
++#include 
++#include 
++#include 
+ #include 
++
++#include 
++
+ #include "Transport.h"
+ 
+-#define PORT    8080
+-#define IPADDR  "10.9.40.24"
+ #define UNUSED_V(a) a=a
+ 
+ namespace se_transport {
+ 
+-bool OmapiTransport::openConnection() {
++class SEListener : public ::aidl::android::se::omapi::BnSecureElementListener {};
++
++bool OmapiTransport::initialize() {
++    std::vector readers = {};
++
++    LOG(DEBUG) << "Initialize the secure element connection";
++
++    // Get OMAPI vendor stable service handler
++    ::ndk::SpAIBinder ks2Binder(AServiceManager_getService(omapiServiceName));
++    omapiSeService = aidl::android::se::omapi::ISecureElementService::fromBinder(ks2Binder);
++
++    if (omapiSeService == nullptr) {
++        LOG(ERROR) << "Failed to start omapiSeService null";
++        return false;
++    }
++
++    // reset readers, clear readers if already existing
++    if (mVSReaders.size() > 0) {
++        closeConnection();
++    }
++
++    // Get available readers
++    auto status = omapiSeService->getReaders(&readers);
++    if (!status.isOk()) {
++        LOG(ERROR) << "getReaders failed to get available readers: " << status.getMessage();
++        return false;
++    }
++
++    // Get SE readers handlers
++    for (auto readerName : readers) {
++        std::shared_ptr<::aidl::android::se::omapi::ISecureElementReader> reader;
++        status = omapiSeService->getReader(readerName, &reader);
++        if (!status.isOk()) {
++            LOG(ERROR) << "getReader for " << readerName.c_str() << " Failed: "
++                       << status.getMessage();
++            return false;
++        }
++
++        mVSReaders[readerName] = reader;
++    }
++
++    // Find eSE reader, as of now assumption is only eSE available on device
++    LOG(DEBUG) << "Finding eSE reader";
++    eSEReader = nullptr;
++    if (mVSReaders.size() > 0) {
++        for (const auto& [name, reader] : mVSReaders) {
++            if (name.find(ESE_READER_PREFIX, 0) != std::string::npos) {
++                LOG(DEBUG) << "eSE reader found: " << name;
++                eSEReader = reader;
++            }
++        }
++    }
++
++    if (eSEReader == nullptr) {
++        LOG(ERROR) << "secure element reader " << ESE_READER_PREFIX << " not found";
++        return false;
++    }
++
+     return true;
+ }
+ 
+-bool OmapiTransport::sendData(const uint8_t* inData, const size_t inLen, std::vector& output) {
+-    std::vector test(inData, inData+inLen);
+-    output = std::move(test);
++bool OmapiTransport::internalTransmitApdu(
++        std::shared_ptr reader,
++        std::vector apdu, std::vector& transmitResponse) {
++    std::shared_ptr session;
++    std::shared_ptr channel;
++    auto mSEListener = std::make_shared();
++    std::vector selectResponse = {};
++    std::vector SELECTABLE_AID = {0xA0, 0x00, 0x00, 0x04, 0x76, 0x41, 0x6E, 0x64,
++        0x72, 0x6F, 0x69, 0x64, 0x43, 0x54, 0x53, 0x31};
++
++    LOG(DEBUG) << "internalTransmitApdu: trasmitting data to secure element";
++
++    if (reader == nullptr) {
++        LOG(ERROR) << "eSE reader is null";
++        return false;
++    }
++
++    bool status = false;
++    auto res = reader->isSecureElementPresent(&status);
++    if (!res.isOk()) {
++        LOG(ERROR) << "isSecureElementPresent error: " << res.getMessage();
++        return false;
++    }
++    if (!status) {
++        LOG(ERROR) << "secure element not found";
++        return false;
++    }
++
++    res = reader->openSession(&session);
++    if (!res.isOk()) {
++        LOG(ERROR) << "openSession error: " << res.getMessage();
++        return false;
++    }
++    if (session == nullptr) {
++        LOG(ERROR) << "Could not open session null";
++        return false;
++    }
++
++    res = session->openLogicalChannel(SELECTABLE_AID, 0x00, mSEListener, &channel);
++    if (!res.isOk()) {
++        LOG(ERROR) << "openLogicalChannel error: " << res.getMessage();
++        return false;
++    }
++    if (channel == nullptr) {
++        LOG(ERROR) << "Could not open channel null";
++        return false;
++    }
++
++    res = channel->getSelectResponse(&selectResponse);
++    if (!res.isOk()) {
++        LOG(ERROR) << "getSelectResponse error: " << res.getMessage();
++        return false;
++    }
++    if (selectResponse.size() < 2) {
++        LOG(ERROR) << "getSelectResponse size error";
++        return false;
++    }
++
++    res = channel->transmit(apdu, &transmitResponse);
++    if (channel != nullptr) channel->close();
++    if (session != nullptr) session->close();
++
++    LOG(INFO) << "STATUS OF TRNSMIT: " << res.getExceptionCode() << " Message: "
++              << res.getMessage();
++    if (!res.isOk()) {
++        LOG(ERROR) << "transmit error: " << res.getMessage();
++        return false;
++    }
++
+     return true;
+ }
+ 
++bool OmapiTransport::openConnection() {
++
++    // if already conection setup done, no need to initialise it again.
++    if (isConnected()) {
++        return true;
++    }
++
++    return initialize();
++}
++
++bool OmapiTransport::sendData(const uint8_t* inData, const size_t inLen,
++                              std::vector& output) {
++    std::vector apdu(inData, inData+inLen);
++
++    if (!isConnected()) {
++        // Try to initialize connection to eSE
++        LOG(INFO) << "Failed to send data, try to initialize connection SE connection";
++        if (!initialize()) {
++            LOG(ERROR) << "Failed to send data, initialization not completed";
++            closeConnection();
++            return false;
++        }
++    }
++
++    if (inData == NULL) {
++        LOG(ERROR) << "Failed to send data, APDU is null";
++        return false;
++    }
++
++    if (eSEReader != nullptr) {
++        LOG(DEBUG) << "Sending apdu data to secure element: " << ESE_READER_PREFIX;
++        return internalTransmitApdu(eSEReader, apdu, output);
++    } else {
++        LOG(ERROR) << "secure element reader " << ESE_READER_PREFIX << " not found";
++        return false;
++    }
++}
++
+ bool OmapiTransport::closeConnection() {
++    LOG(DEBUG) << "Closing all connections";
++    if (omapiSeService != nullptr) {
++        if (mVSReaders.size() > 0) {
++            for (const auto& [name, reader] : mVSReaders) {
++                reader->closeSessions();
++            }
++            mVSReaders.clear();
++        }
++    }
+     return true;
+ }
+ 
+ bool OmapiTransport::isConnected() {
+-    return true;
++    // Check already initialization completed or not
++    if (omapiSeService != nullptr && eSEReader != nullptr) {
++        LOG(DEBUG) << "Connection initialization already completed";
++        return true;
++    }
++
++    LOG(DEBUG) << "Connection initialization not completed";
++    return false;
+ }
+ 
+ }
+diff --git a/HAL/keymaster/Android.bp b/HAL/keymaster/Android.bp
+index 9bfe7fa..33f255f 100644
+--- a/HAL/keymaster/Android.bp
++++ b/HAL/keymaster/Android.bp
+@@ -47,6 +47,8 @@ cc_binary {
+         "libjc_transport",
+         "libjc_common",
+         "libcrypto",
++        "libbinder_ndk",
++        "android.se.omapi-V1-ndk",
+     ],
+     required: [
+         "android.hardware.strongbox_keystore.xml",
+@@ -82,6 +84,8 @@ cc_library {
+         "android.hardware.keymaster@4.0",
+         "libjc_transport",
+ 	"libcrypto",
++        "libbinder_ndk",
++        "android.se.omapi-V1-ndk",
+     ],
+ }
+ 
+@@ -100,6 +104,8 @@ cc_library {
+         "libbinder",
+         "libbase",
+         "liblog",
++        "libbinder_ndk",
++        "android.se.omapi-V1-ndk",
+     ],
+ }
+ 
+diff --git a/HAL/keymaster/include/Transport.h b/HAL/keymaster/include/Transport.h
+index c6674dc..b4f67c7 100644
+--- a/HAL/keymaster/include/Transport.h
++++ b/HAL/keymaster/include/Transport.h
+@@ -17,6 +17,16 @@
+ #ifndef __SE_TRANSPORT__
+ #define __SE_TRANSPORT__
+ 
++#include 
++#include 
++#include 
++#include 
++#include 
++#include 
++#include 
++
++#include 
++
+ namespace se_transport {
+ 
+ /**
+@@ -30,7 +40,7 @@ class ITransport {
+     /**
+      * Opens connection.
+      */
+-	virtual bool openConnection() = 0;
++      virtual bool openConnection() = 0;
+     /**
+      * Send data over communication channel and receives data back from the remote end.
+      */
+@@ -59,7 +69,7 @@ public:
+      * Gets the binder instance of ISEService, gets the reader corresponding to secure element, establishes a session
+      * and opens a basic channel.
+      */
+-	bool openConnection() override;
++      bool openConnection() override;
+     /**
+      * Transmists the data over the opened basic channel and receives the data back.
+      */
+@@ -75,6 +85,19 @@ public:
+      */
+     bool isConnected() override;
+ 
++private:
++    std::shared_ptr omapiSeService = nullptr;
++    std::shared_ptr eSEReader = nullptr;
++    std::map>
++            mVSReaders = {};
++    std::string const ESE_READER_PREFIX = "eSE";
++    constexpr static const char omapiServiceName[] =
++            "android.system.omapi.ISecureElementService/default";
++
++    bool initialize();
++    bool internalTransmitApdu(
++            std::shared_ptr reader,
++            std::vector apdu, std::vector& transmitResponse);
+ };
+ 
+ class SocketTransport : public ITransport {
+@@ -85,7 +108,7 @@ public:
+     /**
+      * Creates a socket instance and connects to the provided server IP and port.
+      */
+-	bool openConnection() override;
++      bool openConnection() override;
+     /**
+      * Sends data over socket and receives data back.
+      */
diff --git a/aosp_integration_patches/omapi_patches/packages_apps_secureElement.patch b/aosp_integration_patches/omapi_patches/packages_apps_secureElement.patch
new file mode 100644
index 00000000..68879424
--- /dev/null
+++ b/aosp_integration_patches/omapi_patches/packages_apps_secureElement.patch
@@ -0,0 +1,25 @@
+diff --git a/Android.bp b/Android.bp
+index f86ad26..afea5c6 100644
+--- a/Android.bp
++++ b/Android.bp
+@@ -42,6 +42,9 @@ android_app {
+         "src/**/*.java",
+         ":statslog-secure-element-java-gen",
+     ],
++    vintf_fragments: [
++        "secure_element-service.xml",
++    ],
+     platform_apis: true,
+     certificate: "platform",
+     static_libs: ["android.hardware.secure_element-V1.0-java",
+diff --git a/res/values/config.xml b/res/values/config.xml
+index 5811b10..da6e50e 100644
+--- a/res/values/config.xml
++++ b/res/values/config.xml
+@@ -6,5 +6,5 @@
+ 
+     
+-    false
++    true
+ 
diff --git a/aosp_integration_patches/system_sepolicy.patch b/aosp_integration_patches/system_sepolicy.patch
new file mode 100644
index 00000000..c2dd4c27
--- /dev/null
+++ b/aosp_integration_patches/system_sepolicy.patch
@@ -0,0 +1,28 @@
+diff --git a/public/hal_neverallows.te b/public/hal_neverallows.te
+index cd1591009..56f3ad1c4 100644
+--- a/public/hal_neverallows.te
++++ b/public/hal_neverallows.te
+@@ -2,6 +2,7 @@
+ # network capabilities
+ neverallow {
+   halserverdomain
++  -hal_keymaster_server
+   -hal_bluetooth_server
+   -hal_can_controller_server
+   -hal_wifi_server
+@@ -21,6 +22,7 @@ neverallow {
+ # will result in CTS failure.
+ neverallow {
+   halserverdomain
++  -hal_keymaster_server
+   -hal_automotive_socket_exemption
+   -hal_can_controller_server
+   -hal_tetheroffload_server
+@@ -35,6 +37,7 @@ neverallow {
+ 
+ neverallow {
+   halserverdomain
++  -hal_keymaster_server
+   -hal_automotive_socket_exemption
+   -hal_can_controller_server
+   -hal_tetheroffload_server
diff --git a/aosp_integration_patches_aosp_12_r15/device_google_cuttlefish.patch b/aosp_integration_patches_aosp_12_r15/device_google_cuttlefish.patch
new file mode 100644
index 00000000..c398e917
--- /dev/null
+++ b/aosp_integration_patches_aosp_12_r15/device_google_cuttlefish.patch
@@ -0,0 +1,60 @@
+diff --git a/shared/device.mk b/shared/device.mk
+index 8647d0175..6fc99ff94 100644
+--- a/shared/device.mk
++++ b/shared/device.mk
+@@ -538,6 +538,10 @@ endif
+  PRODUCT_PACKAGES += \
+     $(LOCAL_KEYMINT_PRODUCT_PACKAGE)
+ 
++PRODUCT_PACKAGES += \
++    android.hardware.keymaster@4.1-strongbox.service \
++
++
+ # Keymint configuration
+ PRODUCT_COPY_FILES += \
+     frameworks/native/data/etc/android.software.device_id_attestation.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/android.software.device_id_attestation.xml
+diff --git a/shared/sepolicy/vendor/file_contexts b/shared/sepolicy/vendor/file_contexts
+index 20538a50f..553232889 100644
+--- a/shared/sepolicy/vendor/file_contexts
++++ b/shared/sepolicy/vendor/file_contexts
+@@ -88,6 +88,7 @@
+ /vendor/bin/hw/android\.hardware\.thermal@2\.0-service\.mock  u:object_r:hal_thermal_default_exec:s0
+ /vendor/bin/hw/android\.hardware\.security\.keymint-service\.remote  u:object_r:hal_keymint_remote_exec:s0
+ /vendor/bin/hw/android\.hardware\.keymaster@4\.1-service.remote  u:object_r:hal_keymaster_remote_exec:s0
++/vendor/bin/hw/android\.hardware\.keymaster@4\.1-strongbox\.service  u:object_r:hal_keymaster_strongbox_exec:s0
+ /vendor/bin/hw/android\.hardware\.gatekeeper@1\.0-service.remote  u:object_r:hal_gatekeeper_remote_exec:s0
+ /vendor/bin/hw/android\.hardware\.oemlock-service.example u:object_r:hal_oemlock_default_exec:s0
+ /vendor/bin/hw/android\.hardware\.weaver-service.example u:object_r:hal_weaver_default_exec:s0
+diff --git a/shared/sepolicy/vendor/hal_keymaster_strongbox.te b/shared/sepolicy/vendor/hal_keymaster_strongbox.te
+new file mode 100644
+index 000000000..1412e07fd
+--- /dev/null
++++ b/shared/sepolicy/vendor/hal_keymaster_strongbox.te
+@@ -0,0 +1,15 @@
++type hal_keymaster_strongbox, domain;
++hal_server_domain(hal_keymaster_strongbox, hal_keymaster)
++
++type hal_keymaster_strongbox_exec, exec_type, vendor_file_type, file_type;
++init_daemon_domain(hal_keymaster_strongbox)
++
++vndbinder_use(hal_keymaster_strongbox)
++get_prop(hal_keymaster_strongbox, vendor_security_patch_level_prop);
++
++# Allow access to sockets
++allow hal_keymaster_strongbox self:tcp_socket { connect create write read getattr getopt setopt };
++allow hal_keymaster_strongbox port_type:tcp_socket name_connect;
++allow hal_keymaster_strongbox port:tcp_socket { name_connect };
++allow hal_keymaster_strongbox vendor_data_file:file { open read getattr };
++
+diff --git a/shared/sepolicy/vendor/service_contexts b/shared/sepolicy/vendor/service_contexts
+index d20d026cf..214576e3e 100644
+--- a/shared/sepolicy/vendor/service_contexts
++++ b/shared/sepolicy/vendor/service_contexts
+@@ -4,6 +4,7 @@ android.hardware.neuralnetworks.IDevice/nnapi-sample_float_slow u:object_r:hal_n
+ android.hardware.neuralnetworks.IDevice/nnapi-sample_minimal    u:object_r:hal_neuralnetworks_service:s0
+ android.hardware.neuralnetworks.IDevice/nnapi-sample_quant    u:object_r:hal_neuralnetworks_service:s0
+ android.hardware.neuralnetworks.IDevice/nnapi-sample_sl_shim  u:object_r:hal_neuralnetworks_service:s0
++android.hardware.keymaster@4.1::IKeymasterDevice/strongbox      u:object_r:hal_keymaster_service:s0
+ 
+ # Binder service mappings
+ gce                                       u:object_r:gce_service:s0
diff --git a/aosp_integration_patches_aosp_12_r15/hardware_interfaces_keymaster.patch b/aosp_integration_patches_aosp_12_r15/hardware_interfaces_keymaster.patch
new file mode 100644
index 00000000..dd6d8326
--- /dev/null
+++ b/aosp_integration_patches_aosp_12_r15/hardware_interfaces_keymaster.patch
@@ -0,0 +1,36 @@
+diff --git a/keymaster/4.0/vts/functional/Android.bp b/keymaster/4.0/vts/functional/Android.bp
+index a7be660c4..dd91e9089 100644
+--- a/keymaster/4.0/vts/functional/Android.bp
++++ b/keymaster/4.0/vts/functional/Android.bp
+@@ -31,9 +31,11 @@ cc_test {
+         "VerificationTokenTest.cpp",
+         "keymaster_hidl_hal_test.cpp",
+     ],
++    shared_libs: [
++        "libcrypto",
++    ],
+     static_libs: [
+         "android.hardware.keymaster@4.0",
+-        "libcrypto_static",
+         "libkeymaster4support",
+         "libkeymaster4vtstest",
+     ],
+diff --git a/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp b/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp
+index 476eed8b1..823683d75 100644
+--- a/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp
++++ b/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp
+@@ -1079,9 +1079,12 @@ TEST_P(SigningOperationsTest, RsaPaddingNoneDoesNotAllowOther) {
+  * presented.
+  */
+ TEST_P(SigningOperationsTest, NoUserConfirmation) {
+-    if (SecLevel() == SecurityLevel::STRONGBOX) return;
++    size_t key_size = 1024;
++    if (SecLevel() == SecurityLevel::STRONGBOX){
++        key_size = 2048;
++    }
+     ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
+-                                             .RsaSigningKey(1024, 65537)
++                                             .RsaSigningKey(key_size, 65537)
+                                              .Digest(Digest::NONE)
+                                              .Padding(PaddingMode::NONE)
+                                              .Authorization(TAG_NO_AUTH_REQUIRED)
diff --git a/aosp_integration_patches_aosp_12_r15/system_security_keystore2.patch b/aosp_integration_patches_aosp_12_r15/system_security_keystore2.patch
new file mode 100644
index 00000000..22956d5e
--- /dev/null
+++ b/aosp_integration_patches_aosp_12_r15/system_security_keystore2.patch
@@ -0,0 +1,13 @@
+diff --git a/keystore2/src/km_compat/km_compat.cpp b/keystore2/src/km_compat/km_compat.cpp
+index 64849c1..40ca554 100644
+--- a/keystore2/src/km_compat/km_compat.cpp
++++ b/keystore2/src/km_compat/km_compat.cpp
+@@ -1314,7 +1314,7 @@ KeymasterDevices initializeKeymasters() {
+     CHECK(serviceManager.get()) << "Failed to get ServiceManager";
+     auto result = enumerateKeymasterDevices(serviceManager.get());
+     auto softKeymaster = result[SecurityLevel::SOFTWARE];
+-    if (!result[SecurityLevel::TRUSTED_ENVIRONMENT]) {
++    if ((!result[SecurityLevel::TRUSTED_ENVIRONMENT]) && (!result[SecurityLevel::STRONGBOX])) {
+         result = enumerateKeymasterDevices(serviceManager.get());
+     }
+     if (softKeymaster) result[SecurityLevel::SOFTWARE] = softKeymaster;
diff --git a/aosp_integration_patches_aosp_12_r15/system_sepolicy.patch b/aosp_integration_patches_aosp_12_r15/system_sepolicy.patch
new file mode 100644
index 00000000..8f40193c
--- /dev/null
+++ b/aosp_integration_patches_aosp_12_r15/system_sepolicy.patch
@@ -0,0 +1,40 @@
+diff --git a/prebuilts/api/31.0/public/hal_neverallows.te b/prebuilts/api/31.0/public/hal_neverallows.te
+index 105689b8a..d7dc6baaf 100644
+--- a/prebuilts/api/31.0/public/hal_neverallows.te
++++ b/prebuilts/api/31.0/public/hal_neverallows.te
+@@ -2,6 +2,7 @@
+ # network capabilities
+ neverallow {
+   halserverdomain
++  -hal_keymaster_server
+   -hal_bluetooth_server
+   -hal_can_controller_server
+   -hal_wifi_server
+@@ -19,6 +20,7 @@ neverallow {
+ # will result in CTS failure.
+ neverallow {
+   halserverdomain
++  -hal_keymaster_server
+   -hal_automotive_socket_exemption
+   -hal_can_controller_server
+   -hal_tetheroffload_server
+diff --git a/public/hal_neverallows.te b/public/hal_neverallows.te
+index 105689b8a..d7dc6baaf 100644
+--- a/public/hal_neverallows.te
++++ b/public/hal_neverallows.te
+@@ -2,6 +2,7 @@
+ # network capabilities
+ neverallow {
+   halserverdomain
++  -hal_keymaster_server
+   -hal_bluetooth_server
+   -hal_can_controller_server
+   -hal_wifi_server
+@@ -19,6 +20,7 @@ neverallow {
+ # will result in CTS failure.
+ neverallow {
+   halserverdomain
++  -hal_keymaster_server
+   -hal_automotive_socket_exemption
+   -hal_can_controller_server
+   -hal_tetheroffload_server

From d20e4b2d3e44e63dc61cfb08f9996e03d05684b8 Mon Sep 17 00:00:00 2001
From: subrahmanyaman 
Date: Wed, 8 Dec 2021 05:52:10 +0000
Subject: [PATCH 168/169] Revert "Merged changes from Keymaster 41"

This reverts commit 4f93707e421227f4a5cb1418323cb4585bf9b7e2.
---
 .../AndroidSEProvider/lib/gpapi-upgrade.jar   |  Bin 12638 -> 0 bytes
 .../javacard/keymaster/KMAndroidSEApplet.java |  129 +-
 .../keymaster/KMAndroidSEProvider.java        |  417 +++---
 .../keymaster/KMAttestationCertImpl.java      |   64 +-
 .../javacard/keymaster/KMConfigurations.java  |   29 -
 .../android/javacard/keymaster/KMHmacKey.java |    6 +-
 .../javacard/keymaster/KMInstance.java}       |   21 +-
 .../javacard/keymaster/KMOperationImpl.java   |   52 +-
 .../keymaster/KMPKCS8DecoderImpl.java         |  223 ---
 .../android/javacard/keymaster/KMUtils.java   |   32 +-
 Applet/JCardSimProvider/lib/gpapi-upgrade.jar |  Bin 12638 -> 0 bytes
 .../keymaster/KMAttestationCertImpl.java      |    9 +-
 .../javacard/keymaster/KMConfigurations.java  |   29 -
 .../android/javacard/keymaster/KMHmacKey.java |    6 +-
 .../javacard/keymaster/KMJCardSimulator.java  |  205 +--
 .../keymaster/KMPKCS8DecoderImpl.java         |  223 ---
 .../android/javacard/keymaster/KMUtils.java   |   30 +-
 .../javacard/test/KMFunctionalTest.java       |  278 +---
 Applet/README.md                              |    1 -
 .../android/javacard/keymaster/KMArray.java   |    6 -
 .../javacard/keymaster/KMByteBlob.java        |    4 -
 .../javacard/keymaster/KMComputedHmacKey.java |    5 -
 .../android/javacard/keymaster/KMDecoder.java |   36 +-
 .../android/javacard/keymaster/KMEncoder.java |   10 +-
 .../android/javacard/keymaster/KMEnum.java    |    2 +-
 .../android/javacard/keymaster/KMEnumTag.java |    5 +-
 .../android/javacard/keymaster/KMError.java   |    5 +-
 .../android/javacard/keymaster/KMInteger.java |   13 +-
 .../javacard/keymaster/KMIntegerArrayTag.java |   13 +-
 .../javacard/keymaster/KMIntegerTag.java      |    4 +-
 .../javacard/keymaster/KMKeyParameters.java   |  161 +--
 .../javacard/keymaster/KMKeymasterApplet.java | 1255 +++++++----------
 .../javacard/keymaster/KMOperationState.java  |  103 +-
 .../javacard/keymaster/KMRepository.java      |  455 ++----
 .../javacard/keymaster/KMSEProvider.java      |   94 +-
 .../android/javacard/keymaster/KMType.java    |    2 -
 .../javacard/keymaster/KMUpgradable.java      |    2 +-
 HAL/keymaster/4.1/CommonUtils.cpp             |    2 +-
 .../4.1/JavacardKeymaster4Device.cpp          |  548 +++----
 .../4.1/JavacardOperationContext.cpp          |  154 +-
 .../4.1/JavacardSoftKeymasterContext.cpp      |    2 +-
 HAL/keymaster/4.1/SocketTransport.cpp         |   40 +-
 ...hardware.keymaster@4.1-javacard.service.rc |    6 +
 ...rdware.keymaster@4.1-javacard.service.xml} |    2 +-
 ...ardware.keymaster@4.1-strongbox.service.rc |    6 -
 .../android.hardware.strongbox_keystore.xml   |   17 -
 HAL/keymaster/4.1/service.cpp                 |    5 +-
 HAL/keymaster/Android.bp                      |   49 +-
 HAL/keymaster/include/CommonUtils.h           |    8 +-
 .../include/JavacardKeymaster4Device.h        |   69 +-
 .../include/JavacardOperationContext.h        |   11 +-
 .../include/JavacardSoftKeymasterContext.h    |    2 +-
 HAL/keymaster/include/Transport.h             |    7 +-
 ProvisioningTool/Android.bp                   |   68 +
 ProvisioningTool/Makefile                     |   58 -
 ProvisioningTool/Provision.cpp                |  509 +++++++
 ProvisioningTool/Provision.h                  |  108 ++
 ProvisioningTool/ProvisionTool.cpp            |  616 ++++++++
 ProvisioningTool/README.md                    |   47 +-
 ProvisioningTool/include/UniquePtr.h          |   39 -
 ProvisioningTool/include/constants.h          |   95 --
 ProvisioningTool/include/cppbor/cppbor.h      | 1113 ---------------
 .../include/cppbor/cppbor_parse.h             |  195 ---
 ProvisioningTool/include/json/assertions.h    |   54 -
 ProvisioningTool/include/json/autolink.h      |   25 -
 ProvisioningTool/include/json/config.h        |  119 --
 ProvisioningTool/include/json/features.h      |   51 -
 ProvisioningTool/include/json/forwards.h      |   37 -
 ProvisioningTool/include/json/json.h          |   15 -
 ProvisioningTool/include/json/reader.h        |  360 -----
 ProvisioningTool/include/json/value.h         |  850 -----------
 ProvisioningTool/include/json/version.h       |   13 -
 ProvisioningTool/include/json/writer.h        |  320 -----
 ProvisioningTool/include/socket.h             |   53 -
 ProvisioningTool/include/utils.h              |   30 -
 ProvisioningTool/lib/README.md                |   25 -
 ProvisioningTool/lib/libjsoncpp.a             |  Bin 2640366 -> 0 bytes
 ProvisioningTool/lib/libjsoncpp.so            |  Bin 1388960 -> 0 bytes
 ProvisioningTool/lib/libjsoncpp.so.0          |  Bin 1388960 -> 0 bytes
 ProvisioningTool/lib/libjsoncpp.so.0.10.7     |  Bin 1388960 -> 0 bytes
 ProvisioningTool/sample_json_cf.txt           |   12 +-
 ProvisioningTool/sample_json_gf.txt           |   12 +-
 ProvisioningTool/src/construct_apdus.cpp      |  584 --------
 ProvisioningTool/src/cppbor.cpp               |  626 --------
 ProvisioningTool/src/cppbor_parse.cpp         |  389 -----
 ProvisioningTool/src/provision.cpp            |  343 -----
 ProvisioningTool/src/socket.cpp               |  110 --
 ProvisioningTool/src/utils.cpp                |   96 --
 ProvisioningTool/test_resources/batch_key.der |  Bin 138 -> 121 bytes
 .../cts_tests_tests_keystore.patch            |  176 ---
 .../device_google_cuttlefish.patch            |   58 -
 .../hardware_interfaces_keymaster.patch       |   36 -
 .../omapi_patches/JavacardKeymaster.patch     |  330 -----
 .../packages_apps_secureElement.patch         |   25 -
 .../system_sepolicy.patch                     |   28 -
 .../device_google_cuttlefish.patch            |   60 -
 .../hardware_interfaces_keymaster.patch       |   36 -
 .../system_security_keystore2.patch           |   13 -
 .../system_sepolicy.patch                     |   40 -
 99 files changed, 2874 insertions(+), 9757 deletions(-)
 delete mode 100644 Applet/AndroidSEProvider/lib/gpapi-upgrade.jar
 delete mode 100644 Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMConfigurations.java
 rename Applet/{src/com/android/javacard/keymaster/KMPKCS8Decoder.java => AndroidSEProvider/src/com/android/javacard/keymaster/KMInstance.java} (55%)
 delete mode 100644 Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMPKCS8DecoderImpl.java
 delete mode 100644 Applet/JCardSimProvider/lib/gpapi-upgrade.jar
 delete mode 100644 Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMConfigurations.java
 delete mode 100644 Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMPKCS8DecoderImpl.java
 delete mode 100644 Applet/src/com/android/javacard/keymaster/KMComputedHmacKey.java
 create mode 100644 HAL/keymaster/4.1/android.hardware.keymaster@4.1-javacard.service.rc
 rename HAL/keymaster/4.1/{android.hardware.keymaster@4.1-strongbox.service.xml => android.hardware.keymaster@4.1-javacard.service.xml} (75%)
 delete mode 100644 HAL/keymaster/4.1/android.hardware.keymaster@4.1-strongbox.service.rc
 delete mode 100644 HAL/keymaster/4.1/android.hardware.strongbox_keystore.xml
 create mode 100644 ProvisioningTool/Android.bp
 delete mode 100644 ProvisioningTool/Makefile
 create mode 100644 ProvisioningTool/Provision.cpp
 create mode 100644 ProvisioningTool/Provision.h
 create mode 100644 ProvisioningTool/ProvisionTool.cpp
 delete mode 100644 ProvisioningTool/include/UniquePtr.h
 delete mode 100644 ProvisioningTool/include/constants.h
 delete mode 100644 ProvisioningTool/include/cppbor/cppbor.h
 delete mode 100644 ProvisioningTool/include/cppbor/cppbor_parse.h
 delete mode 100644 ProvisioningTool/include/json/assertions.h
 delete mode 100644 ProvisioningTool/include/json/autolink.h
 delete mode 100644 ProvisioningTool/include/json/config.h
 delete mode 100644 ProvisioningTool/include/json/features.h
 delete mode 100644 ProvisioningTool/include/json/forwards.h
 delete mode 100644 ProvisioningTool/include/json/json.h
 delete mode 100644 ProvisioningTool/include/json/reader.h
 delete mode 100644 ProvisioningTool/include/json/value.h
 delete mode 100644 ProvisioningTool/include/json/version.h
 delete mode 100644 ProvisioningTool/include/json/writer.h
 delete mode 100644 ProvisioningTool/include/socket.h
 delete mode 100644 ProvisioningTool/include/utils.h
 delete mode 100644 ProvisioningTool/lib/README.md
 delete mode 100644 ProvisioningTool/lib/libjsoncpp.a
 delete mode 100755 ProvisioningTool/lib/libjsoncpp.so
 delete mode 100755 ProvisioningTool/lib/libjsoncpp.so.0
 delete mode 100755 ProvisioningTool/lib/libjsoncpp.so.0.10.7
 delete mode 100644 ProvisioningTool/src/construct_apdus.cpp
 delete mode 100644 ProvisioningTool/src/cppbor.cpp
 delete mode 100644 ProvisioningTool/src/cppbor_parse.cpp
 delete mode 100644 ProvisioningTool/src/provision.cpp
 delete mode 100644 ProvisioningTool/src/socket.cpp
 delete mode 100644 ProvisioningTool/src/utils.cpp
 delete mode 100644 aosp_integration_patches/cts_tests_tests_keystore.patch
 delete mode 100644 aosp_integration_patches/device_google_cuttlefish.patch
 delete mode 100644 aosp_integration_patches/hardware_interfaces_keymaster.patch
 delete mode 100644 aosp_integration_patches/omapi_patches/JavacardKeymaster.patch
 delete mode 100644 aosp_integration_patches/omapi_patches/packages_apps_secureElement.patch
 delete mode 100644 aosp_integration_patches/system_sepolicy.patch
 delete mode 100644 aosp_integration_patches_aosp_12_r15/device_google_cuttlefish.patch
 delete mode 100644 aosp_integration_patches_aosp_12_r15/hardware_interfaces_keymaster.patch
 delete mode 100644 aosp_integration_patches_aosp_12_r15/system_security_keystore2.patch
 delete mode 100644 aosp_integration_patches_aosp_12_r15/system_sepolicy.patch

diff --git a/Applet/AndroidSEProvider/lib/gpapi-upgrade.jar b/Applet/AndroidSEProvider/lib/gpapi-upgrade.jar
deleted file mode 100644
index e4814bde4b6b21982103c55f9b1a3a4a58f0b807..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 12638
zcmbul1yEi~w=IghySuwPgy8P(?(XjHF2UV`gkZtl-Q6KTa3|P<{mahIIXCxKy-7hW
zinRvon>~B>izz?0X><$9HtpU3AhEfMm-{hYJV5zg}VnH-}a5?OzDJ
zeZRj16ac{6i+L*l^Aljd{nggNl-|_J)Ys
zA%jv|s@$PcJ>vU-=zypxIr)I79gt(CMRqYETXUFxgZHlPZdORPeTeAd3ak!pNs7$
zDsU3PfnzxpG(K@0n3_<~R*^JWQ&-Asd;ug~h*%8s?6!<ulJT_AFDwM;coA!sJVdE!jlhf
z3Vp9$(%m-{W3W{3Oq>@qRU+0OlYx|sXGdt$V#n|)eGaB7O@?@rhz24mLrnK8rjJ<7
zby1W0Xz|GyaU-XEKg_cXO5ej}###IG&!R*>rDqbNdC}zDx>##9AcZAuOrh318><7Z
zQouxNYyD^!JZe^Whz>BcyK9C^{HPABl-^`2iQ)pH1|i*bE%1<4L)R-vXQ4U~;#YoL
z=_Lv(6@Z9RvC^
zgUUJs5>8=Lv`?0$!%I3|1BSdF%9~xHtX^Uf8mG9MZs@Ll
zG7eI#xJy%$AS5E^$M)MVPcT#5@*ClHDS$
zv_TZ015iVNiIWnw^b|@h;l7P&BJd1M9r6OF>nFFkQ?iQnwM_$677`gRiUq7%l8c}y
z21=PfqV*aPOLs{?6#45Z9IV|n=~Q}!6Z(!nLH-XeKhTP`3HR~a(IEo11Z=lD>gmAh
zK(SCAdK;gN_D6lTmMoohe4ker&ae|*I-gH%>Ud81{czplOzZBi;d}_krq#L{y350v
zPo-aoN?NbHv7416#xs-;g@-@6v>6(Qo3H+Kx0DL@UC(URq&AO9<&n>LmWa_=X^jFN520gYRTy@W(MBwmQbqNs3AY-Mb1Y~%D7Q5LC4
z+wQRaMU-jz;42>qvNYq-s2XY(U)y`&%}JLvz$*b)
zkVxCv@oi1i7+;3jAQY?f=ZU
zS<`5{Q&$9%s%xn1LW>@t@>xpfqljzr<2>bUI>i{8DhdrGP@)AD28)IjgGC^{3S9jc
zmIrYMk9Bv!(&iJOO&CJk7&P^aNBBXOYZ44=Kiklx^gN=V)w4?;wBthM%?Am&nB9i-
zN+{JW5`7$pDc}z6-K(NH=Wn@J!Kf`NUeNClUXEK(Cge~TzO6RzLZ;e;rHANfY%*Mz
zRZ$+C?VO$SR|m5+tF%79()dOp&ycf}(dMk2uKZ3LYPEZKyc>3uWJbLc^01A;k_iLcI2qM
z@~ramR`TfxBrKk74}O=5L+@4-6>!FRNHk-S=Ql*DKt*q??<8_{W{PM~EqvmXgo{Lu
zl=fv5C+Iz|Sg^qA_0ai|BZ!)f{Ky;Rk>#2YaUF9u>p6JHe>STofbp~ZZfTg%u)$W0
zo`bHeD5*c#CL}P8lR7~
z7x-cy?Gdq}x^2okGmZL(O{RYI+RR2viTI&CObn#XfxCS#pIj{7@w~`
z3^5^cAZ4fNdEWVj>6YaB@WFm=t!W3!z2b1Ww(EFd!}rnHWNDNEu&A!o_A+^~-vED6
z;SqgzFA`3s-Y+jZd*bl0W9XoYqIn0C^RqabNi2r3NQ=@yoKqZ9T^lk|g?Z@7rIU)4
zRZfY>WOv_pLU1>n+}Fw*;ut^ta~^0fp0=%NI1^oLZDl7@Rc@_wg1Wo~;AIBXg7~u;
z*wvE@;rc~xM&^~($TQ(P!RZDJksnnC5mWn3t%;>{-pT5_ACqsAS8z3n55a^b>Gds!
zH~#AA^0%*IP~PY!73NpEDg2FY$p1_?zY@)fhV@%VhV+6*@Txxrgg%6@OU57B($9Fr
z0e6&N7R}LDbXTMnPaTe)Fmg&)SsMKMI5tA}jf7O#-a%TsmmeWRYkYK^`D*kyE?H`Q
zFc@i>rZ`e-!boRtdaRzZ*twp8Njdgxqs8~^d~@@K*PcK|=%kj%(K0?+CjFaKQfZ|`
z@Ju(R`tmm>1EalqB%3k`{Uqn*Qbw9anUor?WEm)4a&vK5SLi&`SLN`pM3vGibU`S|
z?8BM_pKIA>_O460`oFi5W|at=1k-4;dcZk6MUbS<%LuV4E4GIDhNllZf8%$SN#tQ@
zoXVK(FP+}AR11-8#XVGNRjT<23Pp3;Wa>*aqQLDI0+Nrc5N`r@>QBIFzzF22m9K|x^5S`IEQlt^ztG8aybO0wW#v=EmVhZ>4X>5oE+(zs%1$D{b
z5CltgkbRv;IY33d3c3^g35^A|E^5#=9hqADd)X##gak0jS1r&x_gqa~3{u=qcs-m0JeVYrBtdl=raw>35au(@L>8K?JTxQYRqL^vexsTs
zv@R8h>%LxNVON+czj8dx$*{#H~frD8+}T(F-$
ztSA}#6V=OjH2*|lpOcHm2=cTLlH=75=QE8F)wpDyemG!b21FOO#d
zmg$(qcVLHUEcwB517-qMjXSr{1TnW_VmL`IZg_O90k
zVCzh&Us74=Wc2k)HQmGZ*f%w)Mz0O3W7ECVpf_gGyAL~=IJ10>WaykHhQTn9xL{MGC(YGN(H&L?P%c-n1&L(1O4DVwhWIIrap-ktK
zt|(dXZ0jslRtjYMNM`b#N`0sy+UzbieXY67@*W=W{s)t};
zth!;HTdL8z*(-`iockO;k^p5uK{Y{amO7e~Wl4$9W)2iwz}hB3hImVYf-jugv{i@T
z74?H)LxRO8z~g&9|GX&`)pjX4$ii5jjG8u7PcMfeN?NXk99tgv08
zGizp;-2|sd_La{z3?IRd!FR2$UGFm1puw}&S<{Mf>b3EqfrEDk*YRjQfFj-bWP*s@
z5SuIN3E|Nj!*QL>fgnBqk&;PiUotll>l3yRh^AAHZkk=$C)1)cb3ssZ33O)jKzuZ5
zNmRIPkeaN?cxoa256P4@-|TO-S@@-q$_5Ds;$sPABc;>vNMZAJ`8gJwHv`w{p!>w6
z(G}@61vKQ>OLq%Q0gS&#P7U@94$_)(UTGj}R)9rm
zP!MMe<;w(sN*`p!i^*uFV0b9a%Zt7)gYke%qWvbtnv%cpptZitL;*#JnNi4&shE-2gyDNj%yjl}DXnc^bY?9hexKG#Dv*W#G95|aXZ)8Geq$NRd#I53i
zJS;cQI>p|w9+$C+mdlNT6Q|Q{jwwlt(@KDXU|KAX0)e>EQQt*_Z!_(&LUfs7If^xV
zW?m!f=bw=_l#=d7ls4CYFc>;80N-)J(ogNMrg;%tz0Mbk-$B8!$@D{ekX1X3a^Mxy
zHGQHXsmi8uczCo8WFQtRbA^wLy7~rtFA_A`L?VwQXyyDVe9I#F>SG0EubomLiLich
zu9Vf|y7p-4Mli%&ai_}*4w8UAF%SM}5pN6-qy9w>F(?2z&^*{vWDl_!-%nAE&u)$^
zrBxKr>;wm@%_JT-ZSZl+Og
zG)`VnHV%XazuX6&
zK}X%kqsV4M@OVe}CG@FX)oh4OSKq=*jf18
zjO;B{tA3}a^X19lH`?m3*VS}1vnnxcuks?diGhKbda`iY9h
zyJ+AEbQ*PXz%Qn_Sc1*Uo0Sl{=foSsA`k&_){`N9(GI-{hkU|+&l05;NFRLU|M?c=
zL5W0;kwHl|BlE+ZZAf
znt5LH%1t_f-KH~}<6_PgErf0T!9#R@&sqpEvkPMvA*LoQvh~A>YcbL158;J<1>1Ho
zHX%vr5usSPcn@$lt)9yRJ$yD8=ihoB@5(*E#?)qKSc{^Fj?XvwTQwYk%kN{XVli5gd1>9))a`RL{Ttp*
zsA{{)UE_!O62mUH6E}SemRO`ma0vo9saAVl%_{`RWI_*tMBp*h{|@eGKlf?a_T9x1!}q$!4%u2CDNH>sVTv
zCp4oLUt3$xSu=-;@7)i2nln4eee&4HTM0No7k3vide%rkVuY!7UD>4|dFU@4)7Fa^
z`VcZt!luHC&Q#(QzTD#!`9@Og5!9_h*uu?jX{N1&{E&<3JGanv7pDK_@T5_A=-JkE
z&pOb~$O>bk&6c;!J}CNi2JUBpHhsM35%8vOd?(!5)^jQmg}o)uovV3E-s+OvfOQU0
zoT0JmOPf)})WlCPz)*cMyX(pe+T8oC>pje%Pl3AT_aU~Bg`2Tk_q-R}Ga=-90`P~=
zPGt$~*E)%O`-gX9PxWJ-4Eo4av@*EiDp60=SM~S9zC1g+V>d}|?${k-osGbRez*Ir
zlONen!RFN6B4cvSybX#CZGdBu6M2oRqi_8`pWuCf(ur=G&^v)fYqG*G+{QaHD&Gtg$7@th4gLS(@?6txj
ztvM8@d=bj*f+M>03Y~Gv&M#D@4BCvir~*9o>kc>)pwA%
z1aZ9oHISF7)^PgdS?ws=TOmtfV%+veW0bBFUH
z#Cb^g5UrjM2L7I=c%$$Gk&U_y_<3iFP{@$zJ(3gma8Jw$J@mCOL;Y3Ri1qkGi}$wh
z3HB?#AsGU8-OcXh5TIG}Tq?KZ9v=AJ2Y5ekxChs%$HougujcI=XR|)wS@_clAEwKm;PR&)jxS!?G9K?3xRkl0ld;Xeh4DGnlb97YgePCW4SoBLQ@D^T0NMx?bLcvX$$WD>zha7T
zjtC|3VLtM~7T1(QJ{oRUb3~M}oSr2zQ&&?{(;}Tg(J2at_9fQ-liR=@l4Skps)Wa(Fa>e_+{O9nXqBBn~WN|FSdoUoS
zVPrq?fw-DsNNYh9m2&v+ni6>Zm%d
zuLN%j9Zr>h5dJhTj9?-Y#0>Ks$pPUJXyss_vq)eh&`E0TBozT60jDGXol4s>od~3P
zhSkZtnS2UDCfmbRiEj%7y*tJyBuFVa15bvqoNk8rc3iYwqDu9a=3sIsR@MHz3?x(B
ztqiMI^^5c7Nj^smsF!>|Wz%3XHFn7K#A1Y)M6NdG1(YTd^2jol69n_yi*
z3~i~D-jR4Y3;NwC3V%IUsn*v{tFjUu@zY{eeFpo~PxVH?4J4d8c!Q2w5UTq;;pe0FyGor=ae*u(PT)okp~HS8L60WT&Sdp#W%Bv#*A@az-6Hi0lq_ueujpu3u8-Uno%BI
zY5JJ8Z#A8cA~@4OduD|a#lDCIC^+J+jxpj!KG!h6AF~dJL1aQ0MGl=AG~-VjOMU)|
zCGD5!cIHI@+#wE4-{?EGyfV6cM(fDk2n96zQly`G=
z+#)MWt*d81j~mj329&tj1IO#xOpgr&U>td_bt&dZObwdr9?UpOE{au**_INYhxR2Q
zSPf(ALF7`d^wyk6l(OW>vDd*?S#0`4c4U4^Afivp>_#gy^lBvX&-x*5GvF`hBIcig
z9UWgJrAg`SZ>3MqQ)gz6(=4^^H`cB>+-(AouRz_`NmX&~KGmJ$N9lT>dZ^KW1!Nd#mhFw|2uak=0$*s7coymJ^H&~t~gzqP`AlvLj4B@UC9-F>BV88R@MP!D3*PA%i
z`wuM~@VDbenm_ZSoxY*v+j$|axs8eKUs5=0ETc^i1B|dMa67OmJRFm$c}adosE%I>
zMMfA6RN?mZee$f)(-S^?Y^pgHc$%I(=Tah|fE>>Or3X0VCef#Q$IH&LI4~zxDq))4
zJcy*M&3JZU**Ikj%d7)RyYfT=D3@F`yV7+%;R;ppb5!HLCMCHn9KCcLa2GYTgt4p(
z`vi^X^RHk1(eF4YlG{tY9EUBFAGF&2iRzDZor-W}(JF_eaM8C#oB5cNpM&-_zyTAip~ImJD&gUzd~LPiN`>
zoUY#vSq-i99UY?;ByDH-5wh!NLU<%r>f|(Z_D%r011#l0%|8k_;CIIXqlQK^+c!A7
zRE}{WJ(0oL32b-5Z;BH3!wZW?K=F+pk9%#fb2Go(JPybLxIw{}>-DTLty1@RgGEjR
zqnL#HpRjPlNVJrP!ldvLUJziq$an0lg%QEZg7O^M(N23J(xm%iFuLth;x_9SHuFRf
z+x(P(Un7BIJ?c~7N@Ur3miCxFc#ncMQ-RI47>#7Bo_~olsRZZ
zj~GMGjw{st!6f$M5~t1MiBjKw{y-;}jiP4x27aD?XIKkH9?X~@U6MK!i$h>F5l%h{
z|BU&g&s8fNlo|EOouZU=b-xBoFrwk=PRQdnbDu@IXMq2bvN+W;h66IptvimPt%CW$
zh0J|g3u0=XXIhu$ceLy+Mfc)q-pnbz8lq$#vHSztTloT*1KuApSGI%Y)kwITmhn}#
z)-LR_3SPJpHT;SXXVD5b4_w!Y>esPFy6G|`5OpBU-*zz{f(Gh1Zzj?OiZS*RW+m1_t72wvVXkTad*laU?@z_w$~
zm}a|STk!7BJZ%@fb?I-u`m1wMV^uMPd$S|Jyv@$P&+~sTHHtr%+J9u@f7MvRhzt-T
zMzHM1Q}heE^}dxF`|a^w)B_A@IS4_98b(m67);Yq4l^%SbUr_LV=Ku40y?9co6Hy9
zla1S}AJ4#@h;o|dZbK1z}2~Y+4k^mvu(k(_^>qF
z;n*hXeLj0<7JC>nhL^sR6E=L=o4g;CJfN}X-!8XSETdcPf~U6dA>HoKDV2*oKeYD8
zaugSce&ryy%7^jSE}J9_t?k-^x1U^302r3`B+qSj?M&t4GFZHD}AYIZ##*P+mG{16J?j
z^PfBkdOM^++=CeVl!d&AgucZ@A8;%{lK765^gDS74KOnIVe_NKWvYx)j*E>O$T;ZO
zf3%mkha5?8|14HzAnl+%W~-;@AbDur7qA^e@L{HkXJ(!KomBW|9vze32*nuqPb2+*
zac=zcJo2yc4vyo6>gGoX-snBBP(rx?Q4!xUAXl?Q{c;YHVWbU{fp4(AMZ@D4ip1XA
z51|1AY|F=ocjdNz3ZR0)%mE`9f~cQw^bOseu0RlBq=sZvdm^?^*^XABFT=^OQxaRN
zWh3*uY4Em$ssH3Rv^`2{B%Qr-g!o-eTIBS3rtfLW!W6Eiw2)s#9^2_G$-ADn9yTFo
zT%fzReIxPw_0kX1a@5$mM9>*pz)g?@I>s5@0N-=rPk^H$Srei(pt!bK-%|_R(PFuiut#l0T>F-Qi=X?_l(cW$1T=|I2FjUxa^~kLZlu?D~`}6=(QS
zcvn;@tj+kT0`67BP%CZaz2py~M(gU>!hn7BQfiX;7iU@eE;jBxpAcUVIu6$Aj3tym
z=VW?uw2-?_tb3lGZa*&A(gZBPl+{OD*pFyXs!9rjspw6n@+`qL!OVYKL6QgfjIE;c
zStW8LB7&i?GI?xUB~O786WJ$V^R@G0>OBtUj#5@Q8qIJZWS9fV0-KBq@JORB(1wzVFcR0}
zCRbP9OjU7uqR}8wI$Pbx=2|(!zX4ANSvR;mN4iR@KI*KG7uw<=R<=b@rLibd>
zBkxFd%&U)o{j9B}ZZbIv4_c8M6J(>f0z4%iPiTtv`D5(!A|d>78*)2S>(fGuodItd
z)^uV8?LuX^_7=2xqB!Kmm%cSJ!CTjDCE-()=a^7qx-yU2bIzXGoF3z7kRtjd5dC^)Af|dSh*88DBpi|9`T>qeBL<-jc)E8mx{yZ)AhQiLSkE!he1P6biK9VmVdQNoE(80Op#T5Q
z6AMHA6IE^76*d%a6~8BNJ}&wcBXVghTj1^a9-zf~{cn_?ctPr%PHOVRqYKwygkK-&
zgok7@;T5$fPYB@(?*+fF_wp%|y+3@Ms^$Dd6
zhZo1m!fTL?g&S&F530+*H}bXhtxli04jK0sV}<{&B||yE$;w=Yw#Ae~{R!})p#z=maSnCI*~oSP_pz7EbM;GJAerW_0;VO%JxL(a)P}GpISXNw!+4s-
z9~JacBzPRHC^V^yv#O*E{7H#pcf}}2mm|V{!Gl!)Ln&d0EG1L*x|F^Rl=bkY?W={hWgGaZ
zQfRJrZ`;Y;2E4r31)#lQnmTkpGr`0scVCjVDI@jC((!2j9)`!_=O+vOkB%U@sR
z-46V#{q4P}{5u}sF8=`Z+rIUE;r|u;-9Y!N*X7+n_ji!Kapxbf|JlC&4*hPH`Blk%
zH_QATNpDH|1N49PK)-{&i@?9iAMYaY-+_qnN6`P-V*U>QuA%%Y7rbjIe+MJ(AL0Lp
zqVj8^-}ivO?hfA@w7)|S?~lm84dP#o@$cZjZb;rYn19Cz!5_i@lj{E!_1D(^pLJJH
z^heZx*2e#e{cA7$zB%|ix`_XX{XfU?zxe-|e7~>r?;Z8uas2k{AByk2D*oMH|IH=u
zh`;s}{~SO%(*HNaU;6D|2k;&IR}%XtxXRmj{=dBLf56|G6gf%Ix48=d0RQ#{1_}Tm
I@K+`Of52({3;+NC

diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEApplet.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEApplet.java
index 7c28370a..7c6f31fe 100644
--- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEApplet.java
+++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEApplet.java
@@ -19,10 +19,6 @@
 import org.globalplatform.upgrade.OnUpgradeListener;
 import org.globalplatform.upgrade.UpgradeManager;
 
-import javacard.framework.ISO7816;
-import javacard.framework.ISOException;
-import javacard.framework.Util;
-
 public class KMAndroidSEApplet extends KMKeymasterApplet implements OnUpgradeListener {
 
   KMAndroidSEApplet() {
@@ -51,22 +47,10 @@ public void onConsolidate() {
   @Override
   public void onRestore(Element element) {
     element.initRead();
-    byte firstByte = element.readByte();
-    short packageVersion_ = 0;
-    byte provisionStatus_ = firstByte;
-    if (firstByte == KMKeymasterApplet.KM_MAGIC_NUMBER) {
-      packageVersion_ = element.readShort();
-      provisionStatus_ = element.readByte();
-    }
-    if (0 != packageVersion_ && !isUpgradeAllowed(packageVersion_)) {
-      ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED);
-    }
-    packageVersion = packageVersion_;
-    provisionStatus = provisionStatus_;
+    provisionStatus = element.readByte();
     keymasterState = element.readByte();
-    repository.onRestore(element, packageVersion, CURRENT_PACKAGE_VERSION);
-    seProvider.onRestore(element, packageVersion, CURRENT_PACKAGE_VERSION);
-    handleDataUpgradeToVersion1_1();
+    repository.onRestore(element);
+    seProvider.onRestore(element);
   }
 
   @Override
@@ -84,8 +68,6 @@ public Element onSave() {
     // Create element.
     Element element = UpgradeManager.createElement(Element.TYPE_SIMPLE,
         primitiveCount, objectCount);
-    element.write(KM_MAGIC_NUMBER);
-    element.write(packageVersion);
     element.write(provisionStatus);
     element.write(keymasterState);
     repository.onSave(element);
@@ -94,113 +76,12 @@ public Element onSave() {
   }
 
   private short computePrimitveDataSize() {
-    // provisionStatus + keymasterState + magic byte + version
-    return (short) 5;
+    // provisionStatus + keymasterState
+    return (short) 2;
   }
 
   private short computeObjectCount() {
     return (short) 0;
   }
-  
-  public boolean isUpgradeAllowed(short version) {
-    boolean upgradeAllowed = false;
-    short oldMajorVersion = (short) (version >> 8 & 0x00FF);
-    short oldMinorVersion = (short) (version & 0x00FF);
-    short currentMajorVersion = (short) (CURRENT_PACKAGE_VERSION >> 8 & 0x00FF);
-    short currentMinorVersion = (short) (CURRENT_PACKAGE_VERSION & 0x00FF);
-    // Downgrade of the Applet is not allowed.
-    // Upgrade is not allowed to a next version which is not immediate.
-    if ((short) (currentMajorVersion - oldMajorVersion) == 1) {
-      if (currentMinorVersion == 0) {
-        upgradeAllowed = true;
-      }
-    } else if ((short) (currentMajorVersion - oldMajorVersion) == 0) {
-      if ((short) (currentMinorVersion - oldMinorVersion) == 1) {
-        upgradeAllowed = true;
-      }
-    }
-    return upgradeAllowed;
-  }
-  
-  public void handleDataUpgradeToVersion1_1() {
-    
-    if (packageVersion != 0) {
-      // No Data upgrade required.
-      return;
-    }
-    byte status = provisionStatus;
-    // In the current version of the applet set boot parameters is removed from
-    // provision status so readjust the provision locked flag.
-    // 0x40 is provision locked flag in the older applet.
-    // Unset the 5th bit. setboot parameters flag.
-    status = (byte)  (status & 0xDF);
-    // Readjust the lock provisioned status flag.
-    if ((status & 0x40) == 0x40) {
-      // 0x40 to 0x20
-      // Unset 6th bit
-      status = (byte) (status & 0xBF);
-      // set the 5th bit
-      status = (byte) (status | 0x20);
-    }
-    provisionStatus = status;
-    packageVersion = CURRENT_PACKAGE_VERSION;
-
-    short certExpiryLen = 0;
-    short issuerLen = 0;
-    short certExpiry = repository.getCertExpiryTime();
-    if (certExpiry != KMType.INVALID_VALUE) {
-      certExpiryLen = KMByteBlob.cast(certExpiry).length();
-    }
-    short issuer = repository.getIssuer();
-    if (issuer != KMType.INVALID_VALUE) {
-      issuerLen = KMByteBlob.cast(issuer).length();
-    }
-    short certChainLen = seProvider.getProvisionedDataLength(KMSEProvider.CERTIFICATE_CHAIN);
-    short offset = repository.allocReclaimableMemory((short) (certExpiryLen + issuerLen + certChainLen));
-    // Get the start offset of the certificate chain.
-    short certChaionOff =
-        decoder.getCborBytesStartOffset(
-            repository.getHeap(),
-            offset,
-            seProvider.readProvisionedData(KMSEProvider.CERTIFICATE_CHAIN, repository.getHeap(), offset));
-    certChainLen -= (short) (certChaionOff - offset);
-    Util.arrayCopyNonAtomic(
-        KMByteBlob.cast(issuer).getBuffer(),
-        KMByteBlob.cast(issuer).getStartOff(),
-        repository.getHeap(),
-        (short) (certChaionOff + certChainLen),
-        issuerLen);
-    Util.arrayCopyNonAtomic(
-        KMByteBlob.cast(certExpiry).getBuffer(),
-        KMByteBlob.cast(certExpiry).getStartOff(),
-        repository.getHeap(),
-        (short) (certChaionOff + certChainLen + issuerLen),
-        certExpiryLen);
-
-    seProvider.persistProvisionData(
-        repository.getHeap(),
-        certChaionOff, // cert chain offset
-        certChainLen,
-        (short) (certChaionOff + certChainLen), // issuer offset
-        issuerLen,
-        (short) (certChaionOff + certChainLen + issuerLen), // cert expiry offset
-        certExpiryLen);
-    
-
-    // Update computed HMAC key.
-    short blob = repository.getComputedHmacKey();
-    if (blob != KMType.INVALID_VALUE) {
-      seProvider.createComputedHmacKey(
-          KMByteBlob.cast(blob).getBuffer(),
-          KMByteBlob.cast(blob).getStartOff(),
-          KMByteBlob.cast(blob).length()
-          );
-    } else {
-      // Initialize the Key object.
-      Util.arrayFillNonAtomic(repository.getHeap(), offset, (short) 32, (byte) 0);
-      seProvider.createComputedHmacKey(repository.getHeap(), offset,(short) 32);
-    }
-    repository.reclaimMemory((short) (certExpiryLen + issuerLen + certChainLen));
-  }
 }
 
diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java
index 4f4d4709..f64858f5 100644
--- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java
+++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java
@@ -31,6 +31,7 @@
 import javacard.security.KeyPair;
 import javacard.security.MessageDigest;
 import javacard.security.RSAPrivateKey;
+import javacard.security.RSAPublicKey;
 import javacard.security.RandomData;
 import javacard.security.Signature;
 import javacardx.crypto.AEADCipher;
@@ -113,19 +114,11 @@ public class KMAndroidSEProvider implements KMSEProvider {
   public static final short AES_GCM_NONCE_LENGTH = 12;
   public static final byte KEYSIZE_128_OFFSET = 0x00;
   public static final byte KEYSIZE_256_OFFSET = 0x01;
-  public static final short TMP_ARRAY_SIZE = 300;
+  public static final short TMP_ARRAY_SIZE = 256;
   private static final short RSA_KEY_SIZE = 256;
-  private static final short MAX_OPERATIONS = 4;
-  private static final short HMAC_MAX_OPERATIONS = 8;
-  private static final short COMPUTED_HMAC_KEY_SIZE = 32;
-  public static final short INVALID_DATA_VERSION = 0x7FFF;
-  
-  private static final short CERT_CHAIN_OFFSET = 0;
-  private static final short CERT_ISSUER_OFFSET = KMConfigurations.CERT_CHAIN_MAX_SIZE;
-  private static final short CERT_EXPIRY_OFFSET = 
-      (short) (CERT_ISSUER_OFFSET + KMConfigurations.CERT_ISSUER_MAX_SIZE);
-
-  private static final byte[] CIPHER_ALGS = {
+  public static final short CERT_CHAIN_MAX_SIZE = 2500;//First 2 bytes for length.
+
+  final byte[] CIPHER_ALGS = {
       Cipher.ALG_AES_BLOCK_128_CBC_NOPAD,
       Cipher.ALG_AES_BLOCK_128_ECB_NOPAD,
       Cipher.ALG_DES_CBC_NOPAD,
@@ -136,7 +129,7 @@ public class KMAndroidSEProvider implements KMSEProvider {
       Cipher.ALG_RSA_NOPAD,
       AEADCipher.ALG_AES_GCM};
 
-  private static final byte[] SIG_ALGS = {
+  final byte[] SIG_ALGS = {
       Signature.ALG_RSA_SHA_256_PKCS1,
       Signature.ALG_RSA_SHA_256_PKCS1_PSS,
       Signature.ALG_ECDSA_SHA_256,
@@ -145,14 +138,6 @@ public class KMAndroidSEProvider implements KMSEProvider {
       KMRsa2048NoDigestSignature.ALG_RSA_PKCS1_NODIGEST,
       KMEcdsa256NoDigestSignature.ALG_ECDSA_NODIGEST};
 
-  // [L] 256 bits - hardcoded 32 bits as per
-  // reference impl in keymaster.
-  private static final byte[] CMAC_KDF_CONSTANT_L = {
-      0, 0, 1, 0
-  };
-  private static final byte[] CMAC_KDF_CONSTANT_ZERO = {
-      0
-  };
   // AESKey
   private AESKey aesKeys[];
   // DES3Key
@@ -173,9 +158,7 @@ public class KMAndroidSEProvider implements KMSEProvider {
   private Object[] sigPool;
   // KMOperationImpl pool
   private Object[] operationPool;
-  // Hmac signer pool which is used to support TRUSTED_CONFIRMATION_REQUIRED tag.
-  private Object[] hmacSignOperationPool;
-  
+
   private Signature kdf;
 
   private Signature hmacSignature;
@@ -185,11 +168,10 @@ public class KMAndroidSEProvider implements KMSEProvider {
   // Entropy
   private RandomData rng;
   //For storing root certificate and intermediate certificates.
-  private byte[] provisionData;
+  private byte[] certificateChain;
   private KMAESKey masterKey;
   private KMECPrivateKey attestationKey;
   private KMHmacKey preSharedKey;
-  private KMHmacKey computedHmacKey;
 
   private static KMAndroidSEProvider androidSEProvider = null;
 
@@ -214,18 +196,13 @@ public KMAndroidSEProvider() {
 
     // Re-usable cipher and signature instances
     cipherPool = new Object[(short) (CIPHER_ALGS.length * 4)];
-    // Extra 4 algorithms are used to support TRUSTED_CONFIRMATION_REQUIRED feature.
-    sigPool = new Object[(short) ((SIG_ALGS.length * 4) + 4)];
+    sigPool = new Object[(short) (SIG_ALGS.length * 4)];
     operationPool = new Object[4];
-
-    //maintain seperate operation pool for hmac signer used to support trusted confirmation
-    hmacSignOperationPool = new Object[4];
     // Creates an instance of each cipher algorithm once.
     initializeCipherPool();
     // Creates an instance of each signature algorithm once.
     initializeSigPool();
     initializeOperationPool();
-    initializeHmacSignOperationPool();
     //RsaOAEP Decipher
     rsaOaepDecipher = new KMRsaOAEPEncoding(KMRsaOAEPEncoding.ALG_RSA_PKCS1_OAEP_SHA256_MGF1_SHA1);
 
@@ -240,19 +217,13 @@ public KMAndroidSEProvider() {
     rng = RandomData.getInstance(RandomData.ALG_KEYGENERATION);
     //Allocate buffer for certificate chain.
     if (!isUpgrading()) {
-      // First 2 bytes is reserved for length for all the 3 buffers.
-      short totalLen = (short) (6 +  KMConfigurations.CERT_CHAIN_MAX_SIZE +
-          KMConfigurations.CERT_ISSUER_MAX_SIZE + KMConfigurations.CERT_EXPIRY_MAX_SIZE);
-      provisionData = new byte[totalLen];
-      
+      certificateChain = new byte[CERT_CHAIN_MAX_SIZE];
       // Initialize attestationKey and preShared key with zeros.
       Util.arrayFillNonAtomic(tmpArray, (short) 0, TMP_ARRAY_SIZE, (byte) 0);
       // Create attestation key of P-256 curve.
       createAttestationKey(tmpArray, (short)0, (short) 32);
       // Pre-shared secret key length is 32 bytes.
-      createPresharedKey(tmpArray, (short)0, (short) 32);
-      // Initialize the Computed Hmac Key object.
-      createComputedHmacKey(tmpArray, (short)0, (short) 32);
+      createPresharedKey(tmpArray, (short)0, (short) KMRepository.SHARED_SECRET_KEY_SIZE);
     }
     androidSEProvider = this;
   }
@@ -302,15 +273,10 @@ private boolean isSignerAlgorithm(byte alg) {
   private void initializeOperationPool() {
     short index = 0;
     while (index < 4) {
-      operationPool[index] = new KMOperationImpl();
-      index++;
-    }
-  }
-  
-  private void initializeHmacSignOperationPool() {
-    short index = 0;
-    while (index < 4) {
-      hmacSignOperationPool[index] = new KMOperationImpl();
+      operationPool[index] = new KMInstance();
+      ((KMInstance) operationPool[index]).instanceCount = 1;
+      ((KMInstance) operationPool[index]).object = new KMOperationImpl();
+      ((KMInstance) operationPool[index]).reserved = 0;
       index++;
     }
   }
@@ -319,7 +285,10 @@ private void initializeHmacSignOperationPool() {
   private void initializeSigPool() {
     short index = 0;
     while (index < SIG_ALGS.length) {
-      sigPool[index] = getSignatureInstance(SIG_ALGS[index]);
+      sigPool[index] = new KMInstance();
+      ((KMInstance) sigPool[index]).instanceCount = 1;
+      ((KMInstance) sigPool[index]).object = getSignatureInstance(SIG_ALGS[index]);
+      ((KMInstance) sigPool[index]).reserved = 0;
       index++;
     }
   }
@@ -343,61 +312,44 @@ private Cipher getCipherInstance(byte alg) {
     }
   }
 
+  private byte getCipherAlgorithm(Cipher c) {
+    return c.getAlgorithm();
+  }
+
   // Create a cipher instance of each algorithm once.
   private void initializeCipherPool() {
     short index = 0;
     while (index < CIPHER_ALGS.length) {
-      cipherPool[index] = getCipherInstance(CIPHER_ALGS[index]);
+      cipherPool[index] = new KMInstance();
+      ((KMInstance) cipherPool[index]).instanceCount = 1;
+      ((KMInstance) cipherPool[index]).object = getCipherInstance(CIPHER_ALGS[index]);
+      ((KMInstance) cipherPool[index]).reserved = 0;
       index++;
     }
   }
 
   private KMOperationImpl getOperationInstanceFromPool() {
-    short index = 0;
-    KMOperationImpl impl;
-    while (index < operationPool.length) {
-      impl = (KMOperationImpl) operationPool[index];
-      // Mode is always set. so compare using mode value.
-      if (impl.getMode() == KMType.INVALID_VALUE) {
-        return impl;
-      }
-      index++;
-    }
-    return null;
+    return (KMOperationImpl) getInstanceFromPool(operationPool, (byte) 0x00);
   }
-  
-  private KMOperationImpl getHmacSignOperationInstanceFromPool() {
-    short index = 0;
-    KMOperationImpl impl;
-    while (index < hmacSignOperationPool.length) {
-      impl = (KMOperationImpl) hmacSignOperationPool[index];
-      // Mode is always set. so compare using mode value.
-      if (impl.getMode() == KMType.INVALID_VALUE) {
-        return impl;
-      }
-      index++;
-    }
-    return null;
+
+  public void releaseOperationInstance(KMOperationImpl operation) {
+    releaseInstance(operationPool, operation);
   }
 
   private Signature getSignatureInstanceFromPool(byte alg) {
     return (Signature) getInstanceFromPool(sigPool, alg);
   }
 
+  public void releaseSignatureInstance(Signature signer) {
+    releaseInstance(sigPool, signer);
+  }
+
   private Cipher getCipherInstanceFromPool(byte alg) {
     return (Cipher) getInstanceFromPool(cipherPool, alg);
   }
 
-  private boolean isResourceBusy(Object obj) {
-    short index = 0;
-    while (index < MAX_OPERATIONS) {
-      if (((KMOperationImpl) operationPool[index]).isResourceMatches(obj)
-    		  || ((KMOperationImpl) hmacSignOperationPool[index]).isResourceMatches(obj)) {
-        return true;
-      }
-      index++;
-    }
-    return false;
+  public void releaseCipherInstance(Cipher cipher) {
+    releaseInstance(cipherPool, cipher);
   }
 
   // This pool implementation can create a maximum of total 4 instances per
@@ -411,38 +363,79 @@ private boolean isResourceBusy(Object obj) {
   private Object getInstanceFromPool(Object[] pool, byte alg) {
     short index = 0;
     short instanceCount = 0;
+    Object object = null;
     boolean isCipher = isCipherAlgorithm(alg);
     boolean isSigner = isSignerAlgorithm(alg);
-    short maxOperations = MAX_OPERATIONS;
-    if (Signature.ALG_HMAC_SHA_256 == alg) {
-      maxOperations = HMAC_MAX_OPERATIONS;
-    }
-    while (index < (short) pool.length) {
-      if (instanceCount >= maxOperations) {
-        KMException.throwIt(KMError.TOO_MANY_OPERATIONS);
-        break;
-      }
+    short len = (short) pool.length;
+    while (index < len) {
       if (null == pool[index]) {
-          // No instance of cipher/signature with this algorithm is found
-          if (isCipher) { // Cipher
-            pool[index] = getCipherInstance(alg);
-          } else if (isSigner) { // Signature
-            pool[index] = getSignatureInstance(alg);
+        // No instance of cipher/signature with this algorithm is found
+        if (instanceCount < 4) {
+          pool[index] = new KMInstance();
+          JCSystem.beginTransaction();
+          ((KMInstance) pool[index]).instanceCount = (byte) (++instanceCount);
+          if (isCipher) {
+            ((KMInstance) pool[index]).object = object = getCipherInstance(alg);
           } else {
-            KMException.throwIt(KMError.INVALID_ARGUMENT);
+            // Signature
+            ((KMInstance) pool[index]).object = object = getSignatureInstance(alg);
           }
-          return pool[index];
+          ((KMInstance) pool[index]).reserved = 1;
+          JCSystem.commitTransaction();
+          break;
+        } else {
+          // Cipher/Signature instance count reached its maximum limit.
+          KMException.throwIt(KMError.TOO_MANY_OPERATIONS);
+          break;
+        }
       }
-      if ((isCipher && (alg == ((Cipher) pool[index]).getAlgorithm()))
-          || ((isSigner && (alg == ((Signature) pool[index]).getAlgorithm())))) {
-        if (!isResourceBusy(pool[index])) {
-          return pool[index];
+      object = ((KMInstance) pool[index]).object;
+      if ((isCipher && (alg == getCipherAlgorithm((Cipher) object)))
+          || ((isSigner && (alg == ((Signature) object).getAlgorithm())))) {
+        instanceCount = ((KMInstance) pool[index]).instanceCount;
+        if (((KMInstance) pool[index]).reserved == 0) {
+          JCSystem.beginTransaction();
+          ((KMInstance) pool[index]).reserved = 1;
+          JCSystem.commitTransaction();
+          break;
+        }
+      } else {
+        if (!isCipher && !isSigner) {
+          // OperationImpl
+          if (((KMInstance) pool[index]).reserved == 0) {
+            JCSystem.beginTransaction();
+            ((KMInstance) pool[index]).reserved = 1;
+            JCSystem.commitTransaction();
+            break;
+          }
+        }
+      }
+      object = null;
+      index++;
+    }
+    return object;
+  }
+
+  private void releaseInstance(Object[] pool, short index) {
+    if (((KMInstance) pool[index]).reserved != 0) {
+      JCSystem.beginTransaction();
+      ((KMInstance) pool[index]).reserved = 0;
+      JCSystem.commitTransaction();
+    }
+  }
+
+  private void releaseInstance(Object[] pool, Object object) {
+    short index = 0;
+    short len = (short) pool.length;
+    while (index < len) {
+      if (pool[index] != null) {
+        if (object == ((KMInstance) pool[index]).object) {
+          releaseInstance(pool, index);
+          break;
         }
-        instanceCount++;
       }
       index++;
     }
-    return null;
   }
 
   public AESKey createAESKey(short keysize) {
@@ -725,7 +718,15 @@ public HMACKey cmacKdf(KMPreSharedKey preSharedKey, byte[] label, short labelSta
       // This is hardcoded to requirement - 32 byte output with two concatenated
       // 16 bytes K1 and K2.
       final byte n = 2; // hardcoded
-      
+      // [L] 256 bits - hardcoded 32 bits as per
+      // reference impl in keymaster.
+      final byte[] L = {
+          0, 0, 1, 0
+      };
+      // byte
+      final byte[] zero = {
+          0
+      };
       // [i] counter - 32 bits
       short iBufLen = 4;
       short keyOutLen = n * 16;
@@ -748,10 +749,10 @@ public HMACKey cmacKdf(KMPreSharedKey preSharedKey, byte[] label, short labelSta
         // 4 bytes of iBuf with counter in it
         kdf.update(tmpArray, (short) 0, (short) iBufLen);
         kdf.update(label, labelStart, (short) labelLen); // label
-        kdf.update(CMAC_KDF_CONSTANT_ZERO, (short) 0, (short) CMAC_KDF_CONSTANT_ZERO.length); // 1 byte of 0x00
+        kdf.update(zero, (short) 0, (short) 1); // 1 byte of 0x00
         kdf.update(context, contextStart, contextLength); // context
         // 4 bytes of L - signature of 16 bytes
-        pos = kdf.sign(CMAC_KDF_CONSTANT_L, (short) 0, (short) CMAC_KDF_CONSTANT_L.length, tmpArray,
+        pos = kdf.sign(L, (short) 0, (short) 4, tmpArray,
             (short) (iBufLen + pos));
         i++;
       }
@@ -767,11 +768,9 @@ public short hmacSign(HMACKey key, byte[] data, short dataStart,
     return hmacSignature.sign(data, dataStart, dataLength, mac, macStart);
   }
 
-  @Override
-  public boolean hmacVerify(KMComputedHmacKey key, byte[] data, short dataStart,
+  public boolean hmacVerify(HMACKey key, byte[] data, short dataStart,
       short dataLength, byte[] mac, short macStart, short macLength) {
-    KMHmacKey hmacKey = (KMHmacKey) key;
-    hmacSignature.init(hmacKey.getKey(), Signature.MODE_VERIFY);
+    hmacSignature.init(key, Signature.MODE_VERIFY);
     return hmacSignature.verify(data, dataStart, dataLength, mac, macStart,
         macLength);
   }
@@ -798,6 +797,15 @@ public short hmacKDF(KMMasterKey masterkey, byte[] data, short dataStart,
     }
   }
 
+  @Override
+  public boolean hmacVerify(byte[] keyBuf, short keyStart, short keyLength,
+      byte[] data, short dataStart, short dataLength, byte[] mac,
+      short macStart, short macLength) {
+    HMACKey key = createHMACKey(keyBuf, keyStart, keyLength);
+    return hmacVerify(key, data, dataStart, dataLength, mac, macStart,
+        macLength);
+  }
+
   @Override
   public short rsaDecipherOAEP256(byte[] secret, short secretStart,
       short secretLength, byte[] modBuffer, short modOff, short modLength,
@@ -962,18 +970,14 @@ public Cipher createSymmetricCipher(short alg, short purpose,
     return symmCipher;
   }
 
-  private Signature createHmacSignerVerifier(short purpose, short digest,
+  public Signature createHmacSignerVerifier(short purpose, short digest,
       byte[] secret, short secretStart, short secretLength) {
-    HMACKey key = createHMACKey(secret, secretStart, secretLength);
-    return createHmacSignerVerifier(purpose, digest, key);
-  }
-  
-  private Signature createHmacSignerVerifier(short purpose, short digest, HMACKey key) {
     byte alg = Signature.ALG_HMAC_SHA_256;
     if (digest != KMType.SHA2_256) {
       CryptoException.throwIt(CryptoException.ILLEGAL_VALUE);
     }
     Signature hmacSignerVerifier = getSignatureInstanceFromPool(alg);
+    HMACKey key = createHMACKey(secret, secretStart, secretLength);
     hmacSignerVerifier.init(key, (byte) mapPurpose(purpose));
     return hmacSignerVerifier;
   }
@@ -1003,7 +1007,6 @@ public KMOperation initSymmetricOperation(byte purpose, byte alg,
         Signature signerVerifier = createHmacSignerVerifier(purpose, digest,
             keyBuf, keyStart, keyLength);
         opr = getOperationInstanceFromPool();
-        opr.setMode(purpose);
         opr.setSignature(signerVerifier);
         break;
       default:
@@ -1013,17 +1016,6 @@ public KMOperation initSymmetricOperation(byte purpose, byte alg,
     return opr;
   }
 
-  @Override
-  public KMOperation initTrustedConfirmationSymmetricOperation(KMComputedHmacKey computedHmacKey) {
-    KMOperationImpl opr = null;
-    KMHmacKey key = (KMHmacKey) computedHmacKey;
-    Signature signerVerifier = createHmacSignerVerifier(KMType.VERIFY, KMType.SHA2_256, key.getKey());
-    opr = getHmacSignOperationInstanceFromPool();
-    opr.setMode(KMType.VERIFY);
-    opr.setSignature(signerVerifier);
-    return opr;
-  }
-
   public Signature createRsaSigner(short digest, short padding, byte[] secret,
       short secretStart, short secretLength, byte[] modBuffer, short modOff,
       short modLength) {
@@ -1102,7 +1094,6 @@ public KMOperation initAsymmetricOperation(byte purpose, byte alg,
           Signature signer = createEcSigner(digest, privKeyBuf, privKeyStart,
               privKeyLength);
           opr = getOperationInstanceFromPool();
-          opr.setMode(purpose);
           opr.setSignature(signer);
           break;
         default:
@@ -1121,11 +1112,6 @@ public KMAttestationCert getAttestationCert(boolean rsaCert) {
     return KMAttestationCertImpl.instance(rsaCert);
   }
 
-  @Override
-  public KMPKCS8Decoder getPKCS8DecoderInstance() {
-    return KMPKCS8DecoderImpl.instance();
-  }
-
   @Override
   public short cmacKDF(KMPreSharedKey pSharedKey, byte[] label,
       short labelStart, short labelLen, byte[] context, short contextStart,
@@ -1134,50 +1120,17 @@ public short cmacKDF(KMPreSharedKey pSharedKey, byte[] label,
         contextStart, contextLength);
     return key.getKey(keyBuf, keyStart);
   }
-  
-  private short getProvisionDataBufferOffset(byte dataType) {
-    switch(dataType) {
-    case CERTIFICATE_CHAIN:
-      return CERT_CHAIN_OFFSET;
-    case CERTIFICATE_ISSUER:
-      return CERT_ISSUER_OFFSET;
-    case CERTIFICATE_EXPIRY:
-      return CERT_EXPIRY_OFFSET;
-    default:
-      KMException.throwIt(KMError.INVALID_ARGUMENT);
-    }
-    return 0;
-  }
-  
-  private void persistProvisionData(byte[] buf, short off, short len, short maxSize, short copyToOff) {
-    if (len > maxSize) {
-      KMException.throwIt(KMError.INVALID_INPUT_LENGTH);
-    }
+
+  @Override
+  public void clearCertificateChain() {
     JCSystem.beginTransaction();
-    Util.arrayCopyNonAtomic(buf, off, provisionData, Util.setShort(provisionData, copyToOff, len), len);
+    Util.arrayFillNonAtomic(certificateChain, (short) 0, CERT_CHAIN_MAX_SIZE, (byte) 0);
     JCSystem.commitTransaction();
   }
-  
-  private void persistCertificateChain(byte[] certChain, short certChainOff, short certChainLen) {
-    persistProvisionData(certChain, certChainOff, certChainLen,
-        KMConfigurations.CERT_CHAIN_MAX_SIZE, CERT_CHAIN_OFFSET);
-  }
-  
-  private void persistCertficateIssuer(byte[] certIssuer, short certIssuerOff, short certIssuerLen) {
-    persistProvisionData(certIssuer, certIssuerOff, certIssuerLen,
-        KMConfigurations.CERT_ISSUER_MAX_SIZE, CERT_ISSUER_OFFSET);
-  }
-  
-  private void persistCertificateExpiryTime(byte[] certExpiry, short certExpiryOff, short certExpiryLen) {
-    persistProvisionData(certExpiry, certExpiryOff, certExpiryLen,
-        KMConfigurations.CERT_EXPIRY_MAX_SIZE, CERT_EXPIRY_OFFSET);
-  }
 
+  //This function supports multi-part request data.
   @Override
-  public void persistProvisionData(byte[] buffer, short certChainOff, short certChainLen,
-      short certIssuerOff, short certIssuerLen, short certExpiryOff ,short certExpiryLen) {
-    // All the buffers uses first two bytes for length. The certificate chain
-    // is stored as shown below.
+  public void persistPartialCertificateChain(byte[] buf, short offset, short len, short totalLen) {
     //  _____________________________________________________
     // | 2 Bytes | 1 Byte | 3 Bytes | Cert1 |  Cert2 |...
     // |_________|________|_________|_______|________|_______
@@ -1185,28 +1138,30 @@ public void persistProvisionData(byte[] buffer, short certChainOff, short certCh
     // CBOR format:
     // Next single byte holds the byte string header.
     // Next 3 bytes holds the total length of the certificate chain.
-    // clear buffer.
+    if (totalLen > (short) (CERT_CHAIN_MAX_SIZE - 2)) {
+      KMException.throwIt(KMError.INVALID_INPUT_LENGTH);
+    }
+    short persistedLen = Util.getShort(certificateChain, (short) 0);
+    if (persistedLen > totalLen) {
+      KMException.throwIt(KMError.INVALID_INPUT_LENGTH);
+    }
     JCSystem.beginTransaction();
-    Util.arrayFillNonAtomic(provisionData, (short) 0, (short) provisionData.length, (byte) 0);
+    Util.setShort(certificateChain, (short) 0, (short) (len + persistedLen));
+    Util.arrayCopyNonAtomic(buf, offset, certificateChain,
+        (short) (persistedLen + 2), len);
     JCSystem.commitTransaction();
-    // Persist data.
-    persistCertificateChain(buffer, certChainOff, certChainLen);
-    persistCertficateIssuer(buffer, certIssuerOff, certIssuerLen);
-    persistCertificateExpiryTime(buffer, certExpiryOff, certExpiryLen);
   }
 
   @Override
-  public short readProvisionedData(byte dataType, byte[] buf, short offset) {
-    short provisionBufOffset = getProvisionDataBufferOffset(dataType);
-    short len = Util.getShort(provisionData, provisionBufOffset);
-    Util.arrayCopyNonAtomic(provisionData, (short) (2 + provisionBufOffset), buf, offset, len);
+  public short readCertificateChain(byte[] buf, short offset) {
+    short len = Util.getShort(certificateChain, (short) 0);
+    Util.arrayCopyNonAtomic(certificateChain, (short) 2, buf, offset, len);
     return len;
   }
 
   @Override
-  public short getProvisionedDataLength(byte dataType) {
-    short provisionBufOffset = getProvisionDataBufferOffset(dataType);
-    return Util.getShort(provisionData, provisionBufOffset);
+  public short getCertificateChainLength() {
+    return Util.getShort(certificateChain, (short) 0);
   }
 
   @Override
@@ -1226,25 +1181,18 @@ public void clearDeviceBooted(boolean resetBootFlag) {
 
   @Override
   public void onSave(Element element) {
-    element.write(provisionData);
+    element.write(certificateChain);
     KMAESKey.onSave(element, masterKey);
     KMECPrivateKey.onSave(element, attestationKey);
     KMHmacKey.onSave(element, preSharedKey);
-    KMHmacKey.onSave(element, computedHmacKey);
   }
 
   @Override
-  public void onRestore(Element element, short oldVersion, short currentVersion) {
-    provisionData = (byte[]) element.readObject();
+  public void onRestore(Element element) {
+    certificateChain = (byte[]) element.readObject();
     masterKey = KMAESKey.onRestore(element);
     attestationKey = KMECPrivateKey.onRestore(element);
     preSharedKey = KMHmacKey.onRestore(element);
-    if (oldVersion == 0) {
-      // Previous versions does not contain version information.
-      handleDataUpgradeToVersion1_1();
-    } else {
-      computedHmacKey = KMHmacKey.onRestore(element);
-    }
   }
 
   @Override
@@ -1252,7 +1200,6 @@ public short getBackupPrimitiveByteCount() {
     short count =
         (short) (KMAESKey.getBackupPrimitiveByteCount() +
             KMECPrivateKey.getBackupPrimitiveByteCount() +
-            KMHmacKey.getBackupPrimitiveByteCount() +
             KMHmacKey.getBackupPrimitiveByteCount());
     return count;
   }
@@ -1260,10 +1207,9 @@ public short getBackupPrimitiveByteCount() {
   @Override
   public short getBackupObjectCount() {
     short count =
-        (short) (1 + /* provisionData buffer */
+        (short) (1 /*Certificate chain */ +
             KMAESKey.getBackupObjectCount() +
             KMECPrivateKey.getBackupObjectCount() +
-            KMHmacKey.getBackupObjectCount() +
             KMHmacKey.getBackupObjectCount());
     return count;
   }
@@ -1302,20 +1248,6 @@ public KMAttestationKey createAttestationKey(byte[] keyData, short offset,
     attestationKey.setS(keyData, offset, length);
     return (KMAttestationKey) attestationKey;
   }
-  
-  @Override
-  public KMComputedHmacKey createComputedHmacKey(byte[] keyData, short offset, short length) {
-    if (length != COMPUTED_HMAC_KEY_SIZE) {
-      CryptoException.throwIt(CryptoException.ILLEGAL_VALUE);
-    }
-    if (computedHmacKey == null) {
-      HMACKey key = (HMACKey) KeyBuilder.buildKey(KeyBuilder.TYPE_HMAC, (short) (length * 8),
-          false);
-      computedHmacKey = new KMHmacKey(key);
-    }
-    computedHmacKey.setKey(keyData, offset, length);
-    return (KMComputedHmacKey) computedHmacKey;
-  }  
 
   @Override
   public KMPreSharedKey createPresharedKey(byte[] keyData, short offset, short length) {
@@ -1347,52 +1279,21 @@ public KMPreSharedKey getPresharedKey() {
     return (KMPreSharedKey) preSharedKey;
   }
 
-  @Override
-  public void releaseAllOperations() {
+  private void releasePool(Object[] pool) {
     short index = 0;
-    while (index < operationPool.length) {
-      ((KMOperationImpl) operationPool[index]).abort();
-      ((KMOperationImpl) hmacSignOperationPool[index]).abort();
+    short len = (short) pool.length;
+    while (index < len) {
+      if (pool[index] != null) {
+        releaseInstance(pool, index);
+      }
       index++;
     }
   }
 
   @Override
-  public KMComputedHmacKey getComputedHmacKey() {
-    return computedHmacKey;
-  }
-  
-  private void handleDataUpgradeToVersion1_1() {
-    short totalLen = (short) (6 +  KMConfigurations.CERT_CHAIN_MAX_SIZE +
-        KMConfigurations.CERT_ISSUER_MAX_SIZE + KMConfigurations.CERT_EXPIRY_MAX_SIZE);
-    byte[] oldBuffer = provisionData;
-    provisionData = new byte[totalLen];
-    persistCertificateChain(
-        oldBuffer,
-        (short) 2,
-        Util.getShort(oldBuffer, (short) 0));
-
-    // Request object deletion
-    oldBuffer = null;
-    JCSystem.requestObjectDeletion();
-    
-  }
-
-  @Override
-  public short messageDigest256(byte[] inBuff, short inOffset,
-      short inLength, byte[] outBuff, short outOffset) {
-    MessageDigest.OneShot mDigest = null;
-    short len = 0;
-    try {
-      mDigest = MessageDigest.OneShot.open(MessageDigest.ALG_SHA_256);
-      len = mDigest.doFinal(inBuff, inOffset, inLength, outBuff, outOffset);
-    } finally {
-      if (mDigest != null) {
-        mDigest.close();
-        mDigest = null;
-      }
-    }
-    return len;
+  public void releaseAllOperations() {
+    releasePool(cipherPool);
+    releasePool(sigPool);
+    releasePool(operationPool);
   }
-  
 }
diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java
index 7e5eb5cc..8abbd04e 100644
--- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java
+++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java
@@ -70,31 +70,6 @@ public class KMAttestationCertImpl implements KMAttestationCert {
       0x03,
       0x02
   };
-
-  // Below are the allowed softwareEnforced Authorization tags inside the attestation certificate's extension.
-  private static final short[] swTagIds = {
-      KMType.ATTESTATION_APPLICATION_ID,
-      KMType.CREATION_DATETIME,
-      KMType.USAGE_EXPIRE_DATETIME,
-      KMType.ORIGINATION_EXPIRE_DATETIME,
-      KMType.ACTIVE_DATETIME,
-      KMType.UNLOCKED_DEVICE_REQUIRED
-  };
-
-  // Below are the allowed hardwareEnforced Authorization tags inside the attestation certificate's extension.
-  private static final short[] hwTagIds = {
-      KMType.BOOT_PATCH_LEVEL, KMType.VENDOR_PATCH_LEVEL,
-      KMType.ATTESTATION_ID_MODEL, KMType.ATTESTATION_ID_MANUFACTURER,
-      KMType.ATTESTATION_ID_MEID, KMType.ATTESTATION_ID_IMEI,
-      KMType.ATTESTATION_ID_SERIAL, KMType.ATTESTATION_ID_PRODUCT,
-      KMType.ATTESTATION_ID_DEVICE, KMType.ATTESTATION_ID_BRAND,
-      KMType.OS_PATCH_LEVEL, KMType.OS_VERSION, KMType.ROOT_OF_TRUST,
-      KMType.ORIGIN, KMType.AUTH_TIMEOUT, KMType.USER_AUTH_TYPE,
-      KMType.NO_AUTH_REQUIRED, KMType.USER_SECURE_ID,
-      KMType.RSA_PUBLIC_EXPONENT, KMType.ECCURVE, KMType.MIN_MAC_LENGTH,
-      KMType.CALLER_NONCE, KMType.PADDING, KMType.DIGEST, KMType.BLOCK_MODE,
-      KMType.KEYSIZE, KMType.ALGORITHM, KMType.PURPOSE};
-
   // Validity is not fixed field
   // Subject is a fixed field with only CN= Android Keystore Key - same for all the keys
   private static final byte[] X509Subject = {
@@ -191,16 +166,12 @@ private static void init() {
 
   @Override
   public KMAttestationCert verifiedBootHash(short obj) {
-    if (obj == KMType.INVALID_VALUE)
-      KMException.throwIt(KMError.INVALID_DATA);
     verifiedHash = obj;
     return this;
   }
 
   @Override
   public KMAttestationCert verifiedBootKey(short obj) {
-    if (obj == KMType.INVALID_VALUE)
-      KMException.throwIt(KMError.INVALID_DATA);
     verifiedBootKey = obj;
     return this;
   }
@@ -284,8 +255,6 @@ public KMAttestationCert extensionTag(short tag, boolean hwEnforced) {
 
   @Override
   public KMAttestationCert issuer(short obj) {
-    if (obj == KMType.INVALID_VALUE)
-      KMException.throwIt(KMError.INVALID_DATA);
     issuer = obj;
     return this;
   }
@@ -356,7 +325,7 @@ private static void pushExtensions() {
   // Time SEQUENCE{UTCTime, UTC or Generalized Time)
   private static void pushValidity() {
     short last = stackPtr;
-    if (notAfter != KMType.INVALID_VALUE) {
+    if (notAfter != 0) {
       pushBytes(
           KMByteBlob.cast(notAfter).getBuffer(),
           KMByteBlob.cast(notAfter).getStartOff(),
@@ -476,27 +445,44 @@ private static void pushKeyDescription() {
 
   private static void pushSWParams() {
     short last = stackPtr;
+    // Below are the allowed softwareEnforced Authorization tags inside the attestation certificate's extension.
+    short[] tagIds = {
+        KMType.ATTESTATION_APPLICATION_ID, KMType.CREATION_DATETIME,
+        KMType.USAGE_EXPIRE_DATETIME, KMType.ORIGINATION_EXPIRE_DATETIME,
+        KMType.ACTIVE_DATETIME, KMType.UNLOCKED_DEVICE_REQUIRED};
     byte index = 0;
-    short length = (short) swTagIds.length;
     do {
-      pushParams(swParams, swParamsIndex, swTagIds[index]);
-    } while (++index < length);
+      pushParams(swParams, swParamsIndex, tagIds[index]);
+    } while (++index < tagIds.length);
     pushSequenceHeader((short) (last - stackPtr));
   }
 
   private static void pushHWParams() {
     short last = stackPtr;
+    // Below are the allowed hardwareEnforced Authorization tags inside the attestation certificate's extension.
+    short[] tagIds = {
+        KMType.BOOT_PATCH_LEVEL, KMType.VENDOR_PATCH_LEVEL,
+        KMType.ATTESTATION_ID_MODEL, KMType.ATTESTATION_ID_MANUFACTURER,
+        KMType.ATTESTATION_ID_MEID, KMType.ATTESTATION_ID_IMEI,
+        KMType.ATTESTATION_ID_SERIAL, KMType.ATTESTATION_ID_PRODUCT,
+        KMType.ATTESTATION_ID_DEVICE, KMType.ATTESTATION_ID_BRAND,
+        KMType.OS_PATCH_LEVEL, KMType.OS_VERSION, KMType.ROOT_OF_TRUST,
+        KMType.ORIGIN, KMType.AUTH_TIMEOUT, KMType.USER_AUTH_TYPE,
+        KMType.NO_AUTH_REQUIRED, KMType.USER_SECURE_ID,
+        KMType.RSA_PUBLIC_EXPONENT, KMType.ECCURVE, KMType.MIN_MAC_LENGTH,
+        KMType.CALLER_NONCE, KMType.PADDING, KMType.DIGEST, KMType.BLOCK_MODE,
+        KMType.KEYSIZE, KMType.ALGORITHM, KMType.PURPOSE};
+
     byte index = 0;
-    short length = (short) hwTagIds.length;
     do {
-      if (hwTagIds[index] == KMType.ROOT_OF_TRUST) {
+      if (tagIds[index] == KMType.ROOT_OF_TRUST) {
         pushRoT();
         continue;
       }
-      if (pushParams(hwParams, hwParamsIndex, hwTagIds[index])) {
+      if (pushParams(hwParams, hwParamsIndex, tagIds[index])) {
         continue;
       }
-    } while (++index < length);
+    } while (++index < tagIds.length);
     pushSequenceHeader((short) (last - stackPtr));
   }
 
diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMConfigurations.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMConfigurations.java
deleted file mode 100644
index 6e5090a1..00000000
--- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMConfigurations.java
+++ /dev/null
@@ -1,29 +0,0 @@
-/*
- * Copyright(C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.android.javacard.keymaster;
-
-public class KMConfigurations {
-  // Machine types
-  public static final byte LITTLE_ENDIAN = 0x00;
-  public static final byte BIG_ENDIAN = 0x01;
-  public static final byte TEE_MACHINE_TYPE = LITTLE_ENDIAN;
-
-  // Maximum cert chain size
-  public static final short CERT_CHAIN_MAX_SIZE = 2500;
-  public static final short CERT_ISSUER_MAX_SIZE = 250;
-  public static final short CERT_EXPIRY_MAX_SIZE = 20;
-  public static final short TOTAL_ATTEST_IDS_SIZE = 300;
-}
diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMHmacKey.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMHmacKey.java
index 98f623b2..b2a38b24 100644
--- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMHmacKey.java
+++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMHmacKey.java
@@ -21,7 +21,7 @@
 
 import javacard.security.HMACKey;
 
-public class KMHmacKey implements KMPreSharedKey, KMComputedHmacKey {
+public class KMHmacKey implements KMPreSharedKey {
 
   private HMACKey hmacKey;
 
@@ -36,10 +36,6 @@ public void setKey(byte[] keyData, short kOff, short length) {
   public byte getKey(byte[] keyData, short kOff) {
     return hmacKey.getKey(keyData, kOff);
   }
-  
-  public HMACKey getKey() {
-    return hmacKey;
-  }
 
   public short getKeySizeBits() {
     return hmacKey.getSize();
diff --git a/Applet/src/com/android/javacard/keymaster/KMPKCS8Decoder.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMInstance.java
similarity index 55%
rename from Applet/src/com/android/javacard/keymaster/KMPKCS8Decoder.java
rename to Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMInstance.java
index 7bf5bb4b..5178d4e2 100644
--- a/Applet/src/com/android/javacard/keymaster/KMPKCS8Decoder.java
+++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMInstance.java
@@ -15,22 +15,9 @@
  */
 package com.android.javacard.keymaster;
 
-public interface KMPKCS8Decoder {
-
-  /**
-   * Decodes the PKCS8 encoded RSA Key and extracts the private and public key
-   *
-   * @param Instance of the PKCS8 encoded data
-   * @return Instance of KMArray holding RSA public key, RSA private key and modulus.
-   */
-  short decodeRsa(short blob);
-
-  /**
-   * Decodes the PKCS8 encoded EC Key and extracts the private and public key
-   *
-   * @param Instance of the PKCS8 encoded data.
-   * @return Instance of KMArray holding EC public key and EC private key.
-   */
-  short decodeEc(short blob);
+public class KMInstance {
 
+  public byte reserved;
+  public Object object;
+  public byte instanceCount;
 }
diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMOperationImpl.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMOperationImpl.java
index de304d8f..aa133bda 100644
--- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMOperationImpl.java
+++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMOperationImpl.java
@@ -28,7 +28,6 @@ public class KMOperationImpl implements KMOperation {
   private static final short OPER_MODE_OFFSET = 0x02;
   private static final short BLOCK_MODE_OFFSET = 0x03;
   private static final short MAC_LENGTH_OFFSET = 0x04;
-  private static final byte[] EMPTY = {};
   //This will hold the length of the buffer stored inside the
   //Java Card after the GCM update operation.
   private static final short AES_GCM_UPDATE_LEN_OFFSET = 0x05;
@@ -88,19 +87,15 @@ public void setCipher(Cipher cipher) {
   public void setSignature(Signature signer) {
     operationInst[0] = signer;
   }
-  
-  public boolean isResourceMatches(Object object) {
-    return operationInst[0] == object;
-  }
 
-  private void reset() {
+  private void resetCipher() {
     operationInst[0] = null;
-    parameters[MAC_LENGTH_OFFSET] = KMType.INVALID_VALUE;
+    parameters[MAC_LENGTH_OFFSET] = 0;
     parameters[AES_GCM_UPDATE_LEN_OFFSET] = 0;
-    parameters[BLOCK_MODE_OFFSET] = KMType.INVALID_VALUE;;
-    parameters[OPER_MODE_OFFSET] = KMType.INVALID_VALUE;;
-    parameters[CIPHER_ALG_OFFSET] = KMType.INVALID_VALUE;;
-    parameters[PADDING_OFFSET] = KMType.INVALID_VALUE;;
+    parameters[BLOCK_MODE_OFFSET] = 0;
+    parameters[OPER_MODE_OFFSET] = 0;
+    parameters[CIPHER_ALG_OFFSET] = 0;
+    parameters[PADDING_OFFSET] = 0;
   }
 
   @Override
@@ -201,7 +196,8 @@ public short finish(byte[] inputDataBuf, short inputDataStart,
       }
     } finally {
       KMAndroidSEProvider.getInstance().clean();
-      reset();
+      KMAndroidSEProvider.getInstance().releaseCipherInstance(cipher);
+      resetCipher();
     }
     return len;
   }
@@ -214,7 +210,8 @@ public short sign(byte[] inputDataBuf, short inputDataStart,
       len = ((Signature) operationInst[0]).sign(inputDataBuf, inputDataStart, inputDataLength,
         signBuf, signStart);
     } finally {
-      reset();
+      KMAndroidSEProvider.getInstance().releaseSignatureInstance((Signature) operationInst[0]);
+      operationInst[0] = null;
     }
     return len;
   }
@@ -227,32 +224,25 @@ public boolean verify(byte[] inputDataBuf, short inputDataStart,
       ret = ((Signature) operationInst[0]).verify(inputDataBuf, inputDataStart, inputDataLength,
         signBuf, signStart, signLength);
     } finally {
-      reset();
+      KMAndroidSEProvider.getInstance().releaseSignatureInstance((Signature) operationInst[0]);
+      operationInst[0] = null;
     }
     return ret;
   }
 
   @Override
   public void abort() {
-    // Few simulators does not reset the Hmac signer instance on init so as
-    // a workaround to reset the hmac signer instance in case of abort/failure of the operation
-    // the corresponding sign / verify function is called.
     if (operationInst[0] != null) {
-      if ((parameters[OPER_MODE_OFFSET] == KMType.SIGN || parameters[OPER_MODE_OFFSET] == KMType.VERIFY) &&
-          (((Signature) operationInst[0]).getAlgorithm() == Signature.ALG_HMAC_SHA_256)) {
-        Signature signer = (Signature) operationInst[0];
-        try {
-          if (parameters[OPER_MODE_OFFSET] == KMType.SIGN) {
-            signer.sign(EMPTY, (short) 0, (short) 0, EMPTY, (short) 0);
-          } else {
-            signer.verify(EMPTY, (short) 0, (short) 0, EMPTY, (short) 0, (short) 0);
-          }
-        } catch(Exception e) {
-          // Ignore.
-        }
+      if (parameters[OPER_MODE_OFFSET] == KMType.ENCRYPT ||
+        parameters[OPER_MODE_OFFSET] == KMType.DECRYPT) {
+        KMAndroidSEProvider.getInstance().releaseCipherInstance((Cipher) operationInst[0]);
+        resetCipher();
+      } else {
+        KMAndroidSEProvider.getInstance().releaseSignatureInstance((Signature) operationInst[0]);
       }
+      operationInst[0] = null;
     }
-    reset();
+    KMAndroidSEProvider.getInstance().releaseOperationInstance(this);
   }
 
   @Override
@@ -268,4 +258,4 @@ public short getAESGCMOutputSize(short dataSize, short macLength) {
       return (short) (parameters[AES_GCM_UPDATE_LEN_OFFSET] + dataSize - macLength);
     }
   }
-}
+}
\ No newline at end of file
diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMPKCS8DecoderImpl.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMPKCS8DecoderImpl.java
deleted file mode 100644
index 921cae28..00000000
--- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMPKCS8DecoderImpl.java
+++ /dev/null
@@ -1,223 +0,0 @@
-package com.android.javacard.keymaster;
-
-import javacard.framework.Util;
-
-public class KMPKCS8DecoderImpl implements KMPKCS8Decoder {
-
-  public static final byte ASN1_OCTET_STRING = 0x04;
-  public static final byte ASN1_SEQUENCE = 0x30;
-  public static final byte ASN1_INTEGER = 0x02;
-  public static final byte ASN1_A0_TAG = (byte) 0xA0;
-  public static final byte ASN1_A1_TAG = (byte) 0xA1;
-  public static final byte ASN1_BIT_STRING = 0x03;
-  public static final byte[] EC_CURVE = {
-      0x06, 0x08, 0x2a, (byte) 0x86, 0x48, (byte) 0xce, 0x3d, 0x03,
-      0x01, 0x07
-  };
-  public static final byte[] RSA_ALGORITHM = {
-      0x06, 0x09, 0x2A, (byte) 0x86, 0x48, (byte) 0x86,
-      (byte) 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00
-  };
-  public static final byte[] EC_ALGORITHM = {
-      0x06, 0x07, 0x2a, (byte) 0x86, 0x48, (byte) 0xce,
-      0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, (byte) 0x86, 0x48,
-      (byte) 0xce, 0x3d, 0x03, 0x01, 0x07
-  };
-  private byte[] data;
-  private short start;
-  private short length;
-  private short cur;
-  private static KMPKCS8DecoderImpl inst;
-
-  private KMPKCS8DecoderImpl() {
-    start = 0;
-    length = 0;
-    cur = 0;
-  }
-
-  @Override
-  public short decodeRsa(short blob) {
-    init(blob);
-    decodeCommon((short) 0, RSA_ALGORITHM);
-    return decodeRsaPrivateKey((short) 0);
-  }
-
-  @Override
-  public short decodeEc(short blob) {
-    init(blob);
-    decodeCommon((short) 0, EC_ALGORITHM);
-    return decodeEcPrivateKey((short) 1);
-  }
-
-  //Seq[Int,Int,Int,Int,]
-  public short decodeRsaPrivateKey(short version) {
-    short resp = KMArray.instance((short) 3);
-    header(ASN1_OCTET_STRING);
-    header(ASN1_SEQUENCE);
-    short len = header(ASN1_INTEGER);
-    if (len != 1) {
-      KMException.throwIt(KMError.UNKNOWN_ERROR);
-    }
-    short ver = getByte();
-    if (ver != version) {
-      KMException.throwIt(KMError.UNKNOWN_ERROR);
-    }
-    len = header(ASN1_INTEGER);
-    short modulus = getModulus(len);
-    len = header(ASN1_INTEGER);
-    short pubKey = KMByteBlob.instance(len);
-    getBytes(pubKey);
-    len = header(ASN1_INTEGER);
-    short privKey = KMByteBlob.instance(len);
-    getBytes(privKey);
-    KMArray.cast(resp).add((short) 0, modulus);
-    KMArray.cast(resp).add((short) 1, pubKey);
-    KMArray.cast(resp).add((short) 2, privKey);
-    return resp;
-  }
-
-  // Seq [Int, Blob]
-  public void decodeCommon(short version, byte[] alg) {
-    short len = header(ASN1_SEQUENCE);
-    len = header(ASN1_INTEGER);
-    if (len != 1) {
-      KMException.throwIt(KMError.UNKNOWN_ERROR);
-    }
-    short ver = getByte();
-    if (ver != version) {
-      KMException.throwIt(KMError.UNKNOWN_ERROR);
-    }
-    len = header(ASN1_SEQUENCE);
-    short blob = KMByteBlob.instance(len);
-    getBytes(blob);
-    if (Util.arrayCompare(
-        KMByteBlob.cast(blob).getBuffer(),
-        KMByteBlob.cast(blob).getStartOff(),
-        alg,
-        (short) 0, KMByteBlob.cast(blob).length()) != 0) {
-      KMException.throwIt(KMError.UNKNOWN_ERROR);
-    }
-  }
-
-  //Seq[Int,blob,blob]
-  public short decodeEcPrivateKey(short version) {
-    short resp = KMArray.instance((short) 2);
-    header(ASN1_OCTET_STRING);
-    header(ASN1_SEQUENCE);
-    short len = header(ASN1_INTEGER);
-    if (len != 1) {
-      KMException.throwIt(KMError.UNKNOWN_ERROR);
-    }
-    short ver = getByte();
-    if (ver != version) {
-      KMException.throwIt(KMError.UNKNOWN_ERROR);
-    }
-    len = header(ASN1_OCTET_STRING);
-    short privKey = KMByteBlob.instance(len);
-    getBytes(privKey);
-    validateTag0IfPresent();
-    header(ASN1_A1_TAG);
-    len = header(ASN1_BIT_STRING);
-    if (len < 1) {
-      KMException.throwIt(KMError.UNKNOWN_ERROR);
-    }
-    byte unusedBits = getByte();
-    if (unusedBits != 0) {
-      KMException.throwIt(KMError.UNIMPLEMENTED);
-    }
-    short pubKey = KMByteBlob.instance((short) (len - 1));
-    getBytes(pubKey);
-    KMArray.cast(resp).add((short) 0, pubKey);
-    KMArray.cast(resp).add((short) 1, privKey);
-    return resp;
-  }
-
-  private void validateTag0IfPresent() {
-    if (data[cur] != ASN1_A0_TAG) {
-      return;
-    }
-    ;
-    short len = header(ASN1_A0_TAG);
-    if (len != EC_CURVE.length) {
-      KMException.throwIt(KMError.UNKNOWN_ERROR);
-    }
-    if (Util.arrayCompare(data, cur, EC_CURVE, (short) 0, len) != 0) {
-      KMException.throwIt(KMError.UNKNOWN_ERROR);
-    }
-    incrementCursor(len);
-  }
-
-  private short header(short tag) {
-    short t = getByte();
-    if (t != tag) {
-      KMException.throwIt(KMError.UNKNOWN_ERROR);
-    }
-    return getLength();
-  }
-
-  private byte getByte() {
-    byte d = data[cur];
-    incrementCursor((short) 1);
-    return d;
-  }
-
-  private short getShort() {
-    short d = Util.getShort(data, cur);
-    incrementCursor((short) 2);
-    return d;
-  }
-
-  private short getModulus(short modulusLen) {
-    if (0 == data[cur] && modulusLen == 257) {
-      incrementCursor((short) 1);
-      modulusLen--;
-    }
-    short blob = KMByteBlob.instance(modulusLen);
-    getBytes(blob);
-    return blob;
-  }
-
-  private void getBytes(short blob) {
-    short len = KMByteBlob.cast(blob).length();
-    Util.arrayCopyNonAtomic(data, cur, KMByteBlob.cast(blob).getBuffer(),
-        KMByteBlob.cast(blob).getStartOff(), len);
-    incrementCursor(len);
-  }
-
-  private short getLength() {
-    byte len = getByte();
-    if (len >= 0) {
-      return len;
-    }
-    len = (byte) (len & 0x7F);
-    if (len == 1) {
-      return (short) (getByte() & 0xFF);
-    } else if (len == 2) {
-      return getShort();
-    } else {
-      KMException.throwIt(KMError.UNKNOWN_ERROR);
-    }
-    return KMType.INVALID_VALUE; //should not come here
-  }
-
-  public static KMPKCS8DecoderImpl instance() {
-    if (inst == null) {
-      inst = new KMPKCS8DecoderImpl();
-    }
-    return inst;
-  }
-
-  public void init(short blob) {
-    data = KMByteBlob.cast(blob).getBuffer();
-    start = KMByteBlob.cast(blob).getStartOff();
-    length = KMByteBlob.cast(blob).length();
-    cur = start;
-  }
-
-  public void incrementCursor(short n) {
-    cur += n;
-    if (cur > ((short) (start + length))) {
-      KMException.throwIt(KMError.UNKNOWN_ERROR);
-    }
-  }
-}
diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMUtils.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMUtils.java
index e41663ec..c2b5c7f3 100644
--- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMUtils.java
+++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMUtils.java
@@ -52,8 +52,6 @@ public class KMUtils {
       0, 0, 0, 0, (byte) 0x9A, 0x7E, (byte) 0xC8, 0x00};//2592000000
   public static final short year2051 = 2051;
   public static final short year2020 = 2020;
-  // Convert to milliseconds constants
-  public static final byte[] SEC_TO_MILLIS_SHIFT_POS = {9, 8, 7, 6, 5, 3};
 
   // --------------------------------------
   public static short convertToDate(short time, byte[] scratchPad,
@@ -305,14 +303,6 @@ public static byte compare(byte[] buf, short lhs, short rhs) {
     return KMInteger.unsignedByteArrayCompare(buf, lhs, buf, rhs, (short) 8);
   }
 
-  public static void shiftLeft(byte[] buf, short start, short count) {
-    short index = 0;
-    while (index < count) {
-      shiftLeft(buf, start);
-      index++;
-    }
-  }
-
   public static void shiftLeft(byte[] buf, short start) {
     byte index = 7;
     byte carry = 0;
@@ -353,9 +343,7 @@ public static void add(byte[] buf, short op1, short op2, short result) {
     byte carry = 0;
     short tmp;
     while (index >= 0) {
-      tmp =
-          (short) ((buf[(short) (op1 + index)] & 0xFF) +
-              (buf[(short) (op2 + index)] & 0xFF) + carry);
+      tmp = (short) (buf[(short) (op1 + index)] + buf[(short) (op2 + index)] + carry);
       carry = 0;
       if (tmp > 255) {
         carry = 1; // max unsigned byte value is 255
@@ -421,20 +409,4 @@ public static short getLeapYrIndex(boolean from2020, short yrsCount) {
     return -1;
   }
 
-  // i * 1000 = (i << 9) + (i << 8) + (i << 7) + (i << 6) + (i << 5) + ( i << 3)
-  public static void convertToMilliseconds(byte[] buf, short inputOff, short outputOff,
-      short scratchPadOff) {
-    short index = 0;
-    short length = (short) SEC_TO_MILLIS_SHIFT_POS.length;
-    while (index < length) {
-      Util.arrayCopyNonAtomic(buf, inputOff, buf, scratchPadOff, (short) 8);
-      shiftLeft(buf, scratchPadOff, SEC_TO_MILLIS_SHIFT_POS[index]);
-      Util.arrayCopyNonAtomic(buf, outputOff, buf, (short) (scratchPadOff + 8), (short) 8);
-      add(buf, scratchPadOff, (short) (8 + scratchPadOff), (short) (16 + scratchPadOff));
-      Util.arrayCopyNonAtomic(buf, (short) (scratchPadOff + 16), buf, outputOff, (short) 8);
-      Util.arrayFillNonAtomic(buf, scratchPadOff, (short) 24, (byte) 0);
-      index++;
-    }
-  }
-
-}
+}
\ No newline at end of file
diff --git a/Applet/JCardSimProvider/lib/gpapi-upgrade.jar b/Applet/JCardSimProvider/lib/gpapi-upgrade.jar
deleted file mode 100644
index e4814bde4b6b21982103c55f9b1a3a4a58f0b807..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 12638
zcmbul1yEi~w=IghySuwPgy8P(?(XjHF2UV`gkZtl-Q6KTa3|P<{mahIIXCxKy-7hW
zinRvon>~B>izz?0X><$9HtpU3AhEfMm-{hYJV5zg}VnH-}a5?OzDJ
zeZRj16ac{6i+L*l^Aljd{nggNl-|_J)Ys
zA%jv|s@$PcJ>vU-=zypxIr)I79gt(CMRqYETXUFxgZHlPZdORPeTeAd3ak!pNs7$
zDsU3PfnzxpG(K@0n3_<~R*^JWQ&-Asd;ug~h*%8s?6!<ulJT_AFDwM;coA!sJVdE!jlhf
z3Vp9$(%m-{W3W{3Oq>@qRU+0OlYx|sXGdt$V#n|)eGaB7O@?@rhz24mLrnK8rjJ<7
zby1W0Xz|GyaU-XEKg_cXO5ej}###IG&!R*>rDqbNdC}zDx>##9AcZAuOrh318><7Z
zQouxNYyD^!JZe^Whz>BcyK9C^{HPABl-^`2iQ)pH1|i*bE%1<4L)R-vXQ4U~;#YoL
z=_Lv(6@Z9RvC^
zgUUJs5>8=Lv`?0$!%I3|1BSdF%9~xHtX^Uf8mG9MZs@Ll
zG7eI#xJy%$AS5E^$M)MVPcT#5@*ClHDS$
zv_TZ015iVNiIWnw^b|@h;l7P&BJd1M9r6OF>nFFkQ?iQnwM_$677`gRiUq7%l8c}y
z21=PfqV*aPOLs{?6#45Z9IV|n=~Q}!6Z(!nLH-XeKhTP`3HR~a(IEo11Z=lD>gmAh
zK(SCAdK;gN_D6lTmMoohe4ker&ae|*I-gH%>Ud81{czplOzZBi;d}_krq#L{y350v
zPo-aoN?NbHv7416#xs-;g@-@6v>6(Qo3H+Kx0DL@UC(URq&AO9<&n>LmWa_=X^jFN520gYRTy@W(MBwmQbqNs3AY-Mb1Y~%D7Q5LC4
z+wQRaMU-jz;42>qvNYq-s2XY(U)y`&%}JLvz$*b)
zkVxCv@oi1i7+;3jAQY?f=ZU
zS<`5{Q&$9%s%xn1LW>@t@>xpfqljzr<2>bUI>i{8DhdrGP@)AD28)IjgGC^{3S9jc
zmIrYMk9Bv!(&iJOO&CJk7&P^aNBBXOYZ44=Kiklx^gN=V)w4?;wBthM%?Am&nB9i-
zN+{JW5`7$pDc}z6-K(NH=Wn@J!Kf`NUeNClUXEK(Cge~TzO6RzLZ;e;rHANfY%*Mz
zRZ$+C?VO$SR|m5+tF%79()dOp&ycf}(dMk2uKZ3LYPEZKyc>3uWJbLc^01A;k_iLcI2qM
z@~ramR`TfxBrKk74}O=5L+@4-6>!FRNHk-S=Ql*DKt*q??<8_{W{PM~EqvmXgo{Lu
zl=fv5C+Iz|Sg^qA_0ai|BZ!)f{Ky;Rk>#2YaUF9u>p6JHe>STofbp~ZZfTg%u)$W0
zo`bHeD5*c#CL}P8lR7~
z7x-cy?Gdq}x^2okGmZL(O{RYI+RR2viTI&CObn#XfxCS#pIj{7@w~`
z3^5^cAZ4fNdEWVj>6YaB@WFm=t!W3!z2b1Ww(EFd!}rnHWNDNEu&A!o_A+^~-vED6
z;SqgzFA`3s-Y+jZd*bl0W9XoYqIn0C^RqabNi2r3NQ=@yoKqZ9T^lk|g?Z@7rIU)4
zRZfY>WOv_pLU1>n+}Fw*;ut^ta~^0fp0=%NI1^oLZDl7@Rc@_wg1Wo~;AIBXg7~u;
z*wvE@;rc~xM&^~($TQ(P!RZDJksnnC5mWn3t%;>{-pT5_ACqsAS8z3n55a^b>Gds!
zH~#AA^0%*IP~PY!73NpEDg2FY$p1_?zY@)fhV@%VhV+6*@Txxrgg%6@OU57B($9Fr
z0e6&N7R}LDbXTMnPaTe)Fmg&)SsMKMI5tA}jf7O#-a%TsmmeWRYkYK^`D*kyE?H`Q
zFc@i>rZ`e-!boRtdaRzZ*twp8Njdgxqs8~^d~@@K*PcK|=%kj%(K0?+CjFaKQfZ|`
z@Ju(R`tmm>1EalqB%3k`{Uqn*Qbw9anUor?WEm)4a&vK5SLi&`SLN`pM3vGibU`S|
z?8BM_pKIA>_O460`oFi5W|at=1k-4;dcZk6MUbS<%LuV4E4GIDhNllZf8%$SN#tQ@
zoXVK(FP+}AR11-8#XVGNRjT<23Pp3;Wa>*aqQLDI0+Nrc5N`r@>QBIFzzF22m9K|x^5S`IEQlt^ztG8aybO0wW#v=EmVhZ>4X>5oE+(zs%1$D{b
z5CltgkbRv;IY33d3c3^g35^A|E^5#=9hqADd)X##gak0jS1r&x_gqa~3{u=qcs-m0JeVYrBtdl=raw>35au(@L>8K?JTxQYRqL^vexsTs
zv@R8h>%LxNVON+czj8dx$*{#H~frD8+}T(F-$
ztSA}#6V=OjH2*|lpOcHm2=cTLlH=75=QE8F)wpDyemG!b21FOO#d
zmg$(qcVLHUEcwB517-qMjXSr{1TnW_VmL`IZg_O90k
zVCzh&Us74=Wc2k)HQmGZ*f%w)Mz0O3W7ECVpf_gGyAL~=IJ10>WaykHhQTn9xL{MGC(YGN(H&L?P%c-n1&L(1O4DVwhWIIrap-ktK
zt|(dXZ0jslRtjYMNM`b#N`0sy+UzbieXY67@*W=W{s)t};
zth!;HTdL8z*(-`iockO;k^p5uK{Y{amO7e~Wl4$9W)2iwz}hB3hImVYf-jugv{i@T
z74?H)LxRO8z~g&9|GX&`)pjX4$ii5jjG8u7PcMfeN?NXk99tgv08
zGizp;-2|sd_La{z3?IRd!FR2$UGFm1puw}&S<{Mf>b3EqfrEDk*YRjQfFj-bWP*s@
z5SuIN3E|Nj!*QL>fgnBqk&;PiUotll>l3yRh^AAHZkk=$C)1)cb3ssZ33O)jKzuZ5
zNmRIPkeaN?cxoa256P4@-|TO-S@@-q$_5Ds;$sPABc;>vNMZAJ`8gJwHv`w{p!>w6
z(G}@61vKQ>OLq%Q0gS&#P7U@94$_)(UTGj}R)9rm
zP!MMe<;w(sN*`p!i^*uFV0b9a%Zt7)gYke%qWvbtnv%cpptZitL;*#JnNi4&shE-2gyDNj%yjl}DXnc^bY?9hexKG#Dv*W#G95|aXZ)8Geq$NRd#I53i
zJS;cQI>p|w9+$C+mdlNT6Q|Q{jwwlt(@KDXU|KAX0)e>EQQt*_Z!_(&LUfs7If^xV
zW?m!f=bw=_l#=d7ls4CYFc>;80N-)J(ogNMrg;%tz0Mbk-$B8!$@D{ekX1X3a^Mxy
zHGQHXsmi8uczCo8WFQtRbA^wLy7~rtFA_A`L?VwQXyyDVe9I#F>SG0EubomLiLich
zu9Vf|y7p-4Mli%&ai_}*4w8UAF%SM}5pN6-qy9w>F(?2z&^*{vWDl_!-%nAE&u)$^
zrBxKr>;wm@%_JT-ZSZl+Og
zG)`VnHV%XazuX6&
zK}X%kqsV4M@OVe}CG@FX)oh4OSKq=*jf18
zjO;B{tA3}a^X19lH`?m3*VS}1vnnxcuks?diGhKbda`iY9h
zyJ+AEbQ*PXz%Qn_Sc1*Uo0Sl{=foSsA`k&_){`N9(GI-{hkU|+&l05;NFRLU|M?c=
zL5W0;kwHl|BlE+ZZAf
znt5LH%1t_f-KH~}<6_PgErf0T!9#R@&sqpEvkPMvA*LoQvh~A>YcbL158;J<1>1Ho
zHX%vr5usSPcn@$lt)9yRJ$yD8=ihoB@5(*E#?)qKSc{^Fj?XvwTQwYk%kN{XVli5gd1>9))a`RL{Ttp*
zsA{{)UE_!O62mUH6E}SemRO`ma0vo9saAVl%_{`RWI_*tMBp*h{|@eGKlf?a_T9x1!}q$!4%u2CDNH>sVTv
zCp4oLUt3$xSu=-;@7)i2nln4eee&4HTM0No7k3vide%rkVuY!7UD>4|dFU@4)7Fa^
z`VcZt!luHC&Q#(QzTD#!`9@Og5!9_h*uu?jX{N1&{E&<3JGanv7pDK_@T5_A=-JkE
z&pOb~$O>bk&6c;!J}CNi2JUBpHhsM35%8vOd?(!5)^jQmg}o)uovV3E-s+OvfOQU0
zoT0JmOPf)})WlCPz)*cMyX(pe+T8oC>pje%Pl3AT_aU~Bg`2Tk_q-R}Ga=-90`P~=
zPGt$~*E)%O`-gX9PxWJ-4Eo4av@*EiDp60=SM~S9zC1g+V>d}|?${k-osGbRez*Ir
zlONen!RFN6B4cvSybX#CZGdBu6M2oRqi_8`pWuCf(ur=G&^v)fYqG*G+{QaHD&Gtg$7@th4gLS(@?6txj
ztvM8@d=bj*f+M>03Y~Gv&M#D@4BCvir~*9o>kc>)pwA%
z1aZ9oHISF7)^PgdS?ws=TOmtfV%+veW0bBFUH
z#Cb^g5UrjM2L7I=c%$$Gk&U_y_<3iFP{@$zJ(3gma8Jw$J@mCOL;Y3Ri1qkGi}$wh
z3HB?#AsGU8-OcXh5TIG}Tq?KZ9v=AJ2Y5ekxChs%$HougujcI=XR|)wS@_clAEwKm;PR&)jxS!?G9K?3xRkl0ld;Xeh4DGnlb97YgePCW4SoBLQ@D^T0NMx?bLcvX$$WD>zha7T
zjtC|3VLtM~7T1(QJ{oRUb3~M}oSr2zQ&&?{(;}Tg(J2at_9fQ-liR=@l4Skps)Wa(Fa>e_+{O9nXqBBn~WN|FSdoUoS
zVPrq?fw-DsNNYh9m2&v+ni6>Zm%d
zuLN%j9Zr>h5dJhTj9?-Y#0>Ks$pPUJXyss_vq)eh&`E0TBozT60jDGXol4s>od~3P
zhSkZtnS2UDCfmbRiEj%7y*tJyBuFVa15bvqoNk8rc3iYwqDu9a=3sIsR@MHz3?x(B
ztqiMI^^5c7Nj^smsF!>|Wz%3XHFn7K#A1Y)M6NdG1(YTd^2jol69n_yi*
z3~i~D-jR4Y3;NwC3V%IUsn*v{tFjUu@zY{eeFpo~PxVH?4J4d8c!Q2w5UTq;;pe0FyGor=ae*u(PT)okp~HS8L60WT&Sdp#W%Bv#*A@az-6Hi0lq_ueujpu3u8-Uno%BI
zY5JJ8Z#A8cA~@4OduD|a#lDCIC^+J+jxpj!KG!h6AF~dJL1aQ0MGl=AG~-VjOMU)|
zCGD5!cIHI@+#wE4-{?EGyfV6cM(fDk2n96zQly`G=
z+#)MWt*d81j~mj329&tj1IO#xOpgr&U>td_bt&dZObwdr9?UpOE{au**_INYhxR2Q
zSPf(ALF7`d^wyk6l(OW>vDd*?S#0`4c4U4^Afivp>_#gy^lBvX&-x*5GvF`hBIcig
z9UWgJrAg`SZ>3MqQ)gz6(=4^^H`cB>+-(AouRz_`NmX&~KGmJ$N9lT>dZ^KW1!Nd#mhFw|2uak=0$*s7coymJ^H&~t~gzqP`AlvLj4B@UC9-F>BV88R@MP!D3*PA%i
z`wuM~@VDbenm_ZSoxY*v+j$|axs8eKUs5=0ETc^i1B|dMa67OmJRFm$c}adosE%I>
zMMfA6RN?mZee$f)(-S^?Y^pgHc$%I(=Tah|fE>>Or3X0VCef#Q$IH&LI4~zxDq))4
zJcy*M&3JZU**Ikj%d7)RyYfT=D3@F`yV7+%;R;ppb5!HLCMCHn9KCcLa2GYTgt4p(
z`vi^X^RHk1(eF4YlG{tY9EUBFAGF&2iRzDZor-W}(JF_eaM8C#oB5cNpM&-_zyTAip~ImJD&gUzd~LPiN`>
zoUY#vSq-i99UY?;ByDH-5wh!NLU<%r>f|(Z_D%r011#l0%|8k_;CIIXqlQK^+c!A7
zRE}{WJ(0oL32b-5Z;BH3!wZW?K=F+pk9%#fb2Go(JPybLxIw{}>-DTLty1@RgGEjR
zqnL#HpRjPlNVJrP!ldvLUJziq$an0lg%QEZg7O^M(N23J(xm%iFuLth;x_9SHuFRf
z+x(P(Un7BIJ?c~7N@Ur3miCxFc#ncMQ-RI47>#7Bo_~olsRZZ
zj~GMGjw{st!6f$M5~t1MiBjKw{y-;}jiP4x27aD?XIKkH9?X~@U6MK!i$h>F5l%h{
z|BU&g&s8fNlo|EOouZU=b-xBoFrwk=PRQdnbDu@IXMq2bvN+W;h66IptvimPt%CW$
zh0J|g3u0=XXIhu$ceLy+Mfc)q-pnbz8lq$#vHSztTloT*1KuApSGI%Y)kwITmhn}#
z)-LR_3SPJpHT;SXXVD5b4_w!Y>esPFy6G|`5OpBU-*zz{f(Gh1Zzj?OiZS*RW+m1_t72wvVXkTad*laU?@z_w$~
zm}a|STk!7BJZ%@fb?I-u`m1wMV^uMPd$S|Jyv@$P&+~sTHHtr%+J9u@f7MvRhzt-T
zMzHM1Q}heE^}dxF`|a^w)B_A@IS4_98b(m67);Yq4l^%SbUr_LV=Ku40y?9co6Hy9
zla1S}AJ4#@h;o|dZbK1z}2~Y+4k^mvu(k(_^>qF
z;n*hXeLj0<7JC>nhL^sR6E=L=o4g;CJfN}X-!8XSETdcPf~U6dA>HoKDV2*oKeYD8
zaugSce&ryy%7^jSE}J9_t?k-^x1U^302r3`B+qSj?M&t4GFZHD}AYIZ##*P+mG{16J?j
z^PfBkdOM^++=CeVl!d&AgucZ@A8;%{lK765^gDS74KOnIVe_NKWvYx)j*E>O$T;ZO
zf3%mkha5?8|14HzAnl+%W~-;@AbDur7qA^e@L{HkXJ(!KomBW|9vze32*nuqPb2+*
zac=zcJo2yc4vyo6>gGoX-snBBP(rx?Q4!xUAXl?Q{c;YHVWbU{fp4(AMZ@D4ip1XA
z51|1AY|F=ocjdNz3ZR0)%mE`9f~cQw^bOseu0RlBq=sZvdm^?^*^XABFT=^OQxaRN
zWh3*uY4Em$ssH3Rv^`2{B%Qr-g!o-eTIBS3rtfLW!W6Eiw2)s#9^2_G$-ADn9yTFo
zT%fzReIxPw_0kX1a@5$mM9>*pz)g?@I>s5@0N-=rPk^H$Srei(pt!bK-%|_R(PFuiut#l0T>F-Qi=X?_l(cW$1T=|I2FjUxa^~kLZlu?D~`}6=(QS
zcvn;@tj+kT0`67BP%CZaz2py~M(gU>!hn7BQfiX;7iU@eE;jBxpAcUVIu6$Aj3tym
z=VW?uw2-?_tb3lGZa*&A(gZBPl+{OD*pFyXs!9rjspw6n@+`qL!OVYKL6QgfjIE;c
zStW8LB7&i?GI?xUB~O786WJ$V^R@G0>OBtUj#5@Q8qIJZWS9fV0-KBq@JORB(1wzVFcR0}
zCRbP9OjU7uqR}8wI$Pbx=2|(!zX4ANSvR;mN4iR@KI*KG7uw<=R<=b@rLibd>
zBkxFd%&U)o{j9B}ZZbIv4_c8M6J(>f0z4%iPiTtv`D5(!A|d>78*)2S>(fGuodItd
z)^uV8?LuX^_7=2xqB!Kmm%cSJ!CTjDCE-()=a^7qx-yU2bIzXGoF3z7kRtjd5dC^)Af|dSh*88DBpi|9`T>qeBL<-jc)E8mx{yZ)AhQiLSkE!he1P6biK9VmVdQNoE(80Op#T5Q
z6AMHA6IE^76*d%a6~8BNJ}&wcBXVghTj1^a9-zf~{cn_?ctPr%PHOVRqYKwygkK-&
zgok7@;T5$fPYB@(?*+fF_wp%|y+3@Ms^$Dd6
zhZo1m!fTL?g&S&F530+*H}bXhtxli04jK0sV}<{&B||yE$;w=Yw#Ae~{R!})p#z=maSnCI*~oSP_pz7EbM;GJAerW_0;VO%JxL(a)P}GpISXNw!+4s-
z9~JacBzPRHC^V^yv#O*E{7H#pcf}}2mm|V{!Gl!)Ln&d0EG1L*x|F^Rl=bkY?W={hWgGaZ
zQfRJrZ`;Y;2E4r31)#lQnmTkpGr`0scVCjVDI@jC((!2j9)`!_=O+vOkB%U@sR
z-46V#{q4P}{5u}sF8=`Z+rIUE;r|u;-9Y!N*X7+n_ji!Kapxbf|JlC&4*hPH`Blk%
zH_QATNpDH|1N49PK)-{&i@?9iAMYaY-+_qnN6`P-V*U>QuA%%Y7rbjIe+MJ(AL0Lp
zqVj8^-}ivO?hfA@w7)|S?~lm84dP#o@$cZjZb;rYn19Cz!5_i@lj{E!_1D(^pLJJH
z^heZx*2e#e{cA7$zB%|ix`_XX{XfU?zxe-|e7~>r?;Z8uas2k{AByk2D*oMH|IH=u
zh`;s}{~SO%(*HNaU;6D|2k;&IR}%XtxXRmj{=dBLf56|G6gf%Ix48=d0RQ#{1_}Tm
I@K+`Of52({3;+NC

diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java
index 6ca72904..1f242f38 100644
--- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java
+++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java
@@ -160,16 +160,12 @@ private static void init() {
 
   @Override
   public KMAttestationCert verifiedBootHash(short obj) {
-    if (obj == KMType.INVALID_VALUE)
-      KMException.throwIt(KMError.INVALID_DATA);
     verifiedHash = obj;
     return this;
   }
 
   @Override
   public KMAttestationCert verifiedBootKey(short obj) {
-    if (obj == KMType.INVALID_VALUE)
-      KMException.throwIt(KMError.INVALID_DATA);
     verifiedBootKey = obj;
     return this;
   }
@@ -253,8 +249,6 @@ public KMAttestationCert extensionTag(short tag, boolean hwEnforced) {
 
   @Override
   public KMAttestationCert issuer(short obj) {
-    if (obj == KMType.INVALID_VALUE)
-      KMException.throwIt(KMError.INVALID_DATA);
     issuer = obj;
     return this;
   }
@@ -325,7 +319,7 @@ private static void pushExtensions() {
   // Time SEQUENCE{UTCTime, UTC or Generalized Time)
   private static void pushValidity() {
     short last = stackPtr;
-    if (notAfter != KMType.INVALID_VALUE) {
+    if (notAfter != 0) {
       pushBytes(
           KMByteBlob.cast(notAfter).getBuffer(),
           KMByteBlob.cast(notAfter).getStartOff(),
@@ -670,6 +664,7 @@ private static void pushEnumTag(short tagId, byte val) {
   private static void pushIntegerTag(short tagId, byte[] buf, short start, short len) {
     short last = stackPtr;
     pushInteger(buf, start, len);
+    //    pushIntegerHeader((short) (last - stackPtr));
     pushTagIdHeader(tagId, (short) (last - stackPtr));
   }
 
diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMConfigurations.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMConfigurations.java
deleted file mode 100644
index 6e5090a1..00000000
--- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMConfigurations.java
+++ /dev/null
@@ -1,29 +0,0 @@
-/*
- * Copyright(C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.android.javacard.keymaster;
-
-public class KMConfigurations {
-  // Machine types
-  public static final byte LITTLE_ENDIAN = 0x00;
-  public static final byte BIG_ENDIAN = 0x01;
-  public static final byte TEE_MACHINE_TYPE = LITTLE_ENDIAN;
-
-  // Maximum cert chain size
-  public static final short CERT_CHAIN_MAX_SIZE = 2500;
-  public static final short CERT_ISSUER_MAX_SIZE = 250;
-  public static final short CERT_EXPIRY_MAX_SIZE = 20;
-  public static final short TOTAL_ATTEST_IDS_SIZE = 300;
-}
diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMHmacKey.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMHmacKey.java
index 64837ace..65f1d02a 100644
--- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMHmacKey.java
+++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMHmacKey.java
@@ -17,7 +17,7 @@
 
 import javacard.security.HMACKey;
 
-public class KMHmacKey implements KMPreSharedKey, KMComputedHmacKey {
+public class KMHmacKey implements KMPreSharedKey {
 
   private HMACKey hmacKey;
 
@@ -33,10 +33,6 @@ public byte getKey(byte[] keyData, short kOff) {
     return hmacKey.getKey(keyData, kOff);
   }
 
-  public HMACKey getKey() {
-    return hmacKey;
-  }
-
   public short getKeySizeBits() {
     return hmacKey.getSize();
   }
diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java
index 2086620f..46bd03aa 100644
--- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java
+++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java
@@ -40,7 +40,6 @@
 import javacard.security.Key;
 import javacard.security.KeyBuilder;
 import javacard.security.KeyPair;
-import javacard.security.MessageDigest;
 import javacard.security.RSAPrivateKey;
 import javacard.security.RSAPublicKey;
 import javacard.security.RandomData;
@@ -73,12 +72,9 @@ public class KMJCardSimulator implements KMSEProvider {
   public static final short MAX_RND_NUM_SIZE = 64;
   public static final short ENTROPY_POOL_SIZE = 16; // simulator does not support 256 bit aes keys
   public static final byte[] aesICV = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
+  private static final short CERT_CHAIN_MAX_SIZE = 2500;//First 2 bytes for length.
   private static final short RSA_KEY_SIZE = 256;
-  private static final short CERT_CHAIN_OFFSET = 0;
-  private static final short CERT_ISSUER_OFFSET = KMConfigurations.CERT_CHAIN_MAX_SIZE;
-  private static final short CERT_EXPIRY_OFFSET =
-      (short) (CERT_ISSUER_OFFSET + KMConfigurations.CERT_ISSUER_MAX_SIZE);
-  private static final short COMPUTED_HMAC_KEY_SIZE = 32;
+
 
   public static boolean jcardSim = false;
   private static Signature kdf;
@@ -89,11 +85,10 @@ public class KMJCardSimulator implements KMSEProvider {
   private static Cipher aesRngCipher;
   private static byte[] entropyPool;
   private static byte[] rndNum;
-  private byte[] provisionData;
+  private byte[] certificateChain;
   private KMAESKey masterKey;
   private KMECPrivateKey attestationKey;
   private KMHmacKey preSharedKey;
-  private KMHmacKey computedHmacKey;
 
   private static KMJCardSimulator jCardSimulator = null;
 
@@ -118,11 +113,8 @@ public KMJCardSimulator() {
     }
     aesRngKey = (AESKey) KeyBuilder.buildKey(KeyBuilder.TYPE_AES, KeyBuilder.LENGTH_AES_128, false);
     // various ciphers
-    //Allocate buffer for certificate chain and cert parameters.
-    // First 2 bytes is reserved for length for all the 3 buffers.
-    short totalLen = (short) (6 +  KMConfigurations.CERT_CHAIN_MAX_SIZE +
-        KMConfigurations.CERT_ISSUER_MAX_SIZE + KMConfigurations.CERT_EXPIRY_MAX_SIZE);
-    provisionData = new byte[totalLen];
+    //Allocate buffer for certificate chain.
+    certificateChain = new byte[CERT_CHAIN_MAX_SIZE];
     jCardSimulator = this;
   }
 
@@ -547,6 +539,12 @@ public short hmacSign(HMACKey key, byte[] data, short dataStart, short dataLengt
     return hmacSignature.sign(data, dataStart, dataLength, mac, macStart);
   }
 
+  public boolean hmacVerify(HMACKey key, byte[] data, short dataStart, short dataLength,
+      byte[] mac, short macStart, short macLength) {
+    hmacSignature.init(key, Signature.MODE_VERIFY);
+    return hmacSignature.verify(data, dataStart, dataLength, mac, macStart, macLength);
+  }
+
   @Override
   public short hmacKDF(KMMasterKey masterkey, byte[] data, short dataStart,
       short dataLength, byte[] signature, short signatureStart) {
@@ -558,15 +556,6 @@ public short hmacKDF(KMMasterKey masterkey, byte[] data, short dataStart,
         signature, signatureStart);
   }
 
-  @Override
-  public boolean hmacVerify(KMComputedHmacKey key, byte[] data, short dataStart,
-      short dataLength, byte[] mac, short macStart, short macLength) {
-    KMHmacKey hmacKey = (KMHmacKey) key;
-    hmacSignature.init(hmacKey.getKey(), Signature.MODE_VERIFY);
-    return hmacSignature.verify(data, dataStart, dataLength, mac, macStart,
-        macLength);
-  }
-
   @Override
   public short hmacSign(byte[] keyBuf, short keyStart, short keyLength, byte[] data,
       short dataStart, short dataLength, byte[] mac, short macStart) {
@@ -574,6 +563,13 @@ public short hmacSign(byte[] keyBuf, short keyStart, short keyLength, byte[] dat
     return hmacSign(key, data, dataStart, dataLength, mac, macStart);
   }
 
+  @Override
+  public boolean hmacVerify(byte[] keyBuf, short keyStart, short keyLength, byte[] data,
+      short dataStart, short dataLength, byte[] mac, short macStart, short macLength) {
+    HMACKey key = createHMACKey(keyBuf, keyStart, keyLength);
+    return hmacVerify(key, data, dataStart, dataLength, mac, macStart, macLength);
+  }
+
   @Override
   public short rsaDecipherOAEP256(byte[] secret, short secretStart, short secretLength,
       byte[] modBuffer, short modOff, short modLength,
@@ -614,14 +610,6 @@ public KMOperation initSymmetricOperation(byte purpose, byte alg, byte digest, b
     return null;
   }
 
-  @Override
-  public KMOperation initTrustedConfirmationSymmetricOperation(KMComputedHmacKey computedHmacKey) {
-    KMOperationImpl opr = null;
-    KMHmacKey key = (KMHmacKey) computedHmacKey;
-    Signature signerVerifier = createHmacSignerVerifier(KMType.VERIFY, KMType.SHA2_256, key.getKey());
-    return new KMOperationImpl(signerVerifier);
-  }
-  
   @Override
   public KMOperation initAsymmetricOperation(byte purpose, byte alg, byte padding, byte digest,
       byte[] privKeyBuf, short privKeyStart, short privKeyLength,
@@ -1003,18 +991,17 @@ private KMCipher createAesCtrCipherNoPad(short mode, byte[] secret, short secret
     return ret;
   }
 
-  private Signature createHmacSignerVerifier(short purpose, short digest,
-      byte[] secret, short secretStart, short secretLength) {
-    HMACKey key = createHMACKey(secret, secretStart, secretLength);
-    return createHmacSignerVerifier(purpose, digest, key);
-  }
 
-  private Signature createHmacSignerVerifier(short purpose, short digest, HMACKey key) {
-    byte alg = Signature.ALG_HMAC_SHA_256;
+  public Signature createHmacSignerVerifier(short purpose, short digest, byte[] secret,
+      short secretStart, short secretLength) {
+    short alg = Signature.ALG_HMAC_SHA_256;
     if (digest != KMType.SHA2_256) {
       CryptoException.throwIt(CryptoException.ILLEGAL_VALUE);
     }
     Signature hmacSignerVerifier = Signature.getInstance((byte) alg, false);
+    HMACKey key = (HMACKey) KeyBuilder
+        .buildKey(KeyBuilder.TYPE_HMAC, (short) (secretLength * 8), false);
+    key.setKey(secret, secretStart, secretLength);
     hmacSignerVerifier.init(key, (byte) purpose);
     return hmacSignerVerifier;
   }
@@ -1180,55 +1167,41 @@ public KMAttestationCert getAttestationCert(boolean rsaCert) {
     return KMAttestationCertImpl.instance(rsaCert);
   }
 
-  @Override
-  public KMPKCS8Decoder getPKCS8DecoderInstance() {
-    return KMPKCS8DecoderImpl.instance();
-  }
-
-  private short getProvisionDataBufferOffset(byte dataType) {
-    switch(dataType) {
-      case CERTIFICATE_CHAIN:
-        return CERT_CHAIN_OFFSET;
-      case CERTIFICATE_ISSUER:
-        return CERT_ISSUER_OFFSET;
-      case CERTIFICATE_EXPIRY:
-        return CERT_EXPIRY_OFFSET;
-      default:
-        KMException.throwIt(KMError.INVALID_ARGUMENT);
-    }
-    return 0;
+  public short readCertificateChain(byte[] buf, short offset) {
+    short len = Util.getShort(certificateChain, (short) 0);
+    Util.arrayCopyNonAtomic(certificateChain, (short) 2, buf, offset, len);
+    return len;
   }
 
-  private void persistProvisionData(byte[] buf, short off, short len, short maxSize, short copyToOff) {
-    if (len > maxSize) {
-      KMException.throwIt(KMError.INVALID_INPUT_LENGTH);
-    }
-    JCSystem.beginTransaction();
-    Util.setShort(provisionData, copyToOff, len);
-    Util.arrayCopyNonAtomic(buf, off, provisionData, (short) (copyToOff + 2), len);
-    JCSystem.commitTransaction();
+  @Override
+  public short getCertificateChainLength() {
+    return Util.getShort(certificateChain, (short) 0);
   }
 
-  private void persistCertificateChain(byte[] certChain, short certChainOff, short certChainLen) {
-    persistProvisionData(certChain, certChainOff, certChainLen,
-        KMConfigurations.CERT_CHAIN_MAX_SIZE, CERT_CHAIN_OFFSET);
-  }
+  @Override
+  public short ecSign256(KMAttestationKey attestationKey,
+      byte[] inputDataBuf, short inputDataStart, short inputDataLength,
+      byte[] outputDataBuf, short outputDataStart) {
 
-  private void persistCertficateIssuer(byte[] certIssuer, short certIssuerOff, short certIssuerLen) {
-    persistProvisionData(certIssuer, certIssuerOff, certIssuerLen,
-        KMConfigurations.CERT_ISSUER_MAX_SIZE, CERT_ISSUER_OFFSET);
+    ECPrivateKey key = ((KMECPrivateKey) attestationKey).getPrivateKey();
+
+    Signature signer = Signature
+        .getInstance(Signature.ALG_ECDSA_SHA_256, false);
+    signer.init(key, Signature.MODE_SIGN);
+    return signer.sign(inputDataBuf, inputDataStart, inputDataLength,
+        outputDataBuf, outputDataStart);
   }
 
-  private void persistCertificateExpiryTime(byte[] certExpiry, short certExpiryOff, short certExpiryLen) {
-    persistProvisionData(certExpiry, certExpiryOff, certExpiryLen,
-        KMConfigurations.CERT_EXPIRY_MAX_SIZE, CERT_EXPIRY_OFFSET);
+  @Override
+  public void clearCertificateChain() {
+    JCSystem.beginTransaction();
+    Util.arrayFillNonAtomic(certificateChain, (short) 0, CERT_CHAIN_MAX_SIZE, (byte) 0);
+    JCSystem.commitTransaction();
   }
 
   @Override
-  public void persistProvisionData(byte[] buffer, short certChainOff, short certChainLen,
-      short certIssuerOff, short certIssuerLen, short certExpiryOff ,short certExpiryLen) {
-    // All the buffers uses first two bytes for length. The certificate chain
-    // is stored as shown below.
+  public void persistPartialCertificateChain(byte[] buf, short offset,
+      short len, short totalLen) {
     //  _____________________________________________________
     // | 2 Bytes | 1 Byte | 3 Bytes | Cert1 |  Cert2 |...
     // |_________|________|_________|_______|________|_______
@@ -1236,42 +1209,18 @@ public void persistProvisionData(byte[] buffer, short certChainOff, short certCh
     // CBOR format:
     // Next single byte holds the byte string header.
     // Next 3 bytes holds the total length of the certificate chain.
-    // clear buffer.
+    if (totalLen > (short) (CERT_CHAIN_MAX_SIZE - 2)) {
+      KMException.throwIt(KMError.INVALID_INPUT_LENGTH);
+    }
+    short persistedLen = Util.getShort(certificateChain, (short) 0);
+    if (persistedLen > totalLen) {
+      KMException.throwIt(KMError.INVALID_INPUT_LENGTH);
+    }
     JCSystem.beginTransaction();
-    Util.arrayFillNonAtomic(provisionData, (short) 0, (short) provisionData.length, (byte) 0);
+    Util.setShort(certificateChain, (short) 0, (short) (len + persistedLen));
+    Util.arrayCopyNonAtomic(buf, offset, certificateChain,
+        (short) (persistedLen + 2), len);
     JCSystem.commitTransaction();
-    // Persist data.
-    persistCertificateChain(buffer, certChainOff, certChainLen);
-    persistCertficateIssuer(buffer, certIssuerOff, certIssuerLen);
-    persistCertificateExpiryTime(buffer, certExpiryOff, certExpiryLen);
-  }
-
-  @Override
-  public short readProvisionedData(byte dataType, byte[] buf, short offset) {
-    short provisionBufOffset = getProvisionDataBufferOffset(dataType);
-    short len = Util.getShort(provisionData, provisionBufOffset);
-    Util.arrayCopyNonAtomic(provisionData, (short) (2 + provisionBufOffset), buf, offset, len);
-    return len;
-  }
-
-  @Override
-  public short getProvisionedDataLength(byte dataType) {
-    short provisionBufOffset = getProvisionDataBufferOffset(dataType);
-    return Util.getShort(provisionData, provisionBufOffset);
-  }
-
-  @Override
-  public short ecSign256(KMAttestationKey attestationKey,
-      byte[] inputDataBuf, short inputDataStart, short inputDataLength,
-      byte[] outputDataBuf, short outputDataStart) {
-
-    ECPrivateKey key = ((KMECPrivateKey) attestationKey).getPrivateKey();
-
-    Signature signer = Signature
-        .getInstance(Signature.ALG_ECDSA_SHA_256, false);
-    signer.init(key, Signature.MODE_SIGN);
-    return signer.sign(inputDataBuf, inputDataStart, inputDataLength,
-        outputDataBuf, outputDataStart);
   }
 
   @Override
@@ -1293,7 +1242,7 @@ public void onSave(Element ele) {
   }
 
   @Override
-  public void onRestore(Element ele, short oldVersion, short currentVersion) {
+  public void onRestore(Element ele) {
   }
 
   @Override
@@ -1352,20 +1301,6 @@ public KMPreSharedKey createPresharedKey(byte[] keyData, short offset, short len
     return (KMPreSharedKey) preSharedKey;
   }
 
-  @Override
-  public KMComputedHmacKey createComputedHmacKey(byte[] keyData, short offset, short length) {
-    if (length != COMPUTED_HMAC_KEY_SIZE) {
-      CryptoException.throwIt(CryptoException.ILLEGAL_VALUE);
-    }
-    if (computedHmacKey == null) {
-      HMACKey key = (HMACKey) KeyBuilder.buildKey(KeyBuilder.TYPE_HMAC, (short) (length * 8),
-          false);
-      computedHmacKey = new KMHmacKey(key);
-    }
-    computedHmacKey.setKey(keyData, offset, length);
-    return (KMComputedHmacKey) computedHmacKey;
-  }
-
   @Override
   public KMMasterKey getMasterKey() {
     return (KMMasterKey) masterKey;
@@ -1381,28 +1316,8 @@ public KMPreSharedKey getPresharedKey() {
     return (KMPreSharedKey) preSharedKey;
   }
 
-  @Override
-  public KMComputedHmacKey getComputedHmacKey() {
-    return (KMComputedHmacKey) computedHmacKey;
-  }
-
   @Override
   public void releaseAllOperations() {
     //Do nothing.
   }
-
-  @Override
-  public short messageDigest256(byte[] inBuff, short inOffset,
-      short inLength, byte[] outBuff, short outOffset) {
-    MessageDigest mDigest = null;
-    short len = 0;
-    try {
-      mDigest = MessageDigest.getInitializedMessageDigestInstance(MessageDigest.ALG_SHA_256, false);
-      len = mDigest.doFinal(inBuff, inOffset, inLength, outBuff, outOffset);
-    } catch (Exception e) {
-
-    }
-    return len;
-  }
-
 }
diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMPKCS8DecoderImpl.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMPKCS8DecoderImpl.java
deleted file mode 100644
index 921cae28..00000000
--- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMPKCS8DecoderImpl.java
+++ /dev/null
@@ -1,223 +0,0 @@
-package com.android.javacard.keymaster;
-
-import javacard.framework.Util;
-
-public class KMPKCS8DecoderImpl implements KMPKCS8Decoder {
-
-  public static final byte ASN1_OCTET_STRING = 0x04;
-  public static final byte ASN1_SEQUENCE = 0x30;
-  public static final byte ASN1_INTEGER = 0x02;
-  public static final byte ASN1_A0_TAG = (byte) 0xA0;
-  public static final byte ASN1_A1_TAG = (byte) 0xA1;
-  public static final byte ASN1_BIT_STRING = 0x03;
-  public static final byte[] EC_CURVE = {
-      0x06, 0x08, 0x2a, (byte) 0x86, 0x48, (byte) 0xce, 0x3d, 0x03,
-      0x01, 0x07
-  };
-  public static final byte[] RSA_ALGORITHM = {
-      0x06, 0x09, 0x2A, (byte) 0x86, 0x48, (byte) 0x86,
-      (byte) 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00
-  };
-  public static final byte[] EC_ALGORITHM = {
-      0x06, 0x07, 0x2a, (byte) 0x86, 0x48, (byte) 0xce,
-      0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, (byte) 0x86, 0x48,
-      (byte) 0xce, 0x3d, 0x03, 0x01, 0x07
-  };
-  private byte[] data;
-  private short start;
-  private short length;
-  private short cur;
-  private static KMPKCS8DecoderImpl inst;
-
-  private KMPKCS8DecoderImpl() {
-    start = 0;
-    length = 0;
-    cur = 0;
-  }
-
-  @Override
-  public short decodeRsa(short blob) {
-    init(blob);
-    decodeCommon((short) 0, RSA_ALGORITHM);
-    return decodeRsaPrivateKey((short) 0);
-  }
-
-  @Override
-  public short decodeEc(short blob) {
-    init(blob);
-    decodeCommon((short) 0, EC_ALGORITHM);
-    return decodeEcPrivateKey((short) 1);
-  }
-
-  //Seq[Int,Int,Int,Int,]
-  public short decodeRsaPrivateKey(short version) {
-    short resp = KMArray.instance((short) 3);
-    header(ASN1_OCTET_STRING);
-    header(ASN1_SEQUENCE);
-    short len = header(ASN1_INTEGER);
-    if (len != 1) {
-      KMException.throwIt(KMError.UNKNOWN_ERROR);
-    }
-    short ver = getByte();
-    if (ver != version) {
-      KMException.throwIt(KMError.UNKNOWN_ERROR);
-    }
-    len = header(ASN1_INTEGER);
-    short modulus = getModulus(len);
-    len = header(ASN1_INTEGER);
-    short pubKey = KMByteBlob.instance(len);
-    getBytes(pubKey);
-    len = header(ASN1_INTEGER);
-    short privKey = KMByteBlob.instance(len);
-    getBytes(privKey);
-    KMArray.cast(resp).add((short) 0, modulus);
-    KMArray.cast(resp).add((short) 1, pubKey);
-    KMArray.cast(resp).add((short) 2, privKey);
-    return resp;
-  }
-
-  // Seq [Int, Blob]
-  public void decodeCommon(short version, byte[] alg) {
-    short len = header(ASN1_SEQUENCE);
-    len = header(ASN1_INTEGER);
-    if (len != 1) {
-      KMException.throwIt(KMError.UNKNOWN_ERROR);
-    }
-    short ver = getByte();
-    if (ver != version) {
-      KMException.throwIt(KMError.UNKNOWN_ERROR);
-    }
-    len = header(ASN1_SEQUENCE);
-    short blob = KMByteBlob.instance(len);
-    getBytes(blob);
-    if (Util.arrayCompare(
-        KMByteBlob.cast(blob).getBuffer(),
-        KMByteBlob.cast(blob).getStartOff(),
-        alg,
-        (short) 0, KMByteBlob.cast(blob).length()) != 0) {
-      KMException.throwIt(KMError.UNKNOWN_ERROR);
-    }
-  }
-
-  //Seq[Int,blob,blob]
-  public short decodeEcPrivateKey(short version) {
-    short resp = KMArray.instance((short) 2);
-    header(ASN1_OCTET_STRING);
-    header(ASN1_SEQUENCE);
-    short len = header(ASN1_INTEGER);
-    if (len != 1) {
-      KMException.throwIt(KMError.UNKNOWN_ERROR);
-    }
-    short ver = getByte();
-    if (ver != version) {
-      KMException.throwIt(KMError.UNKNOWN_ERROR);
-    }
-    len = header(ASN1_OCTET_STRING);
-    short privKey = KMByteBlob.instance(len);
-    getBytes(privKey);
-    validateTag0IfPresent();
-    header(ASN1_A1_TAG);
-    len = header(ASN1_BIT_STRING);
-    if (len < 1) {
-      KMException.throwIt(KMError.UNKNOWN_ERROR);
-    }
-    byte unusedBits = getByte();
-    if (unusedBits != 0) {
-      KMException.throwIt(KMError.UNIMPLEMENTED);
-    }
-    short pubKey = KMByteBlob.instance((short) (len - 1));
-    getBytes(pubKey);
-    KMArray.cast(resp).add((short) 0, pubKey);
-    KMArray.cast(resp).add((short) 1, privKey);
-    return resp;
-  }
-
-  private void validateTag0IfPresent() {
-    if (data[cur] != ASN1_A0_TAG) {
-      return;
-    }
-    ;
-    short len = header(ASN1_A0_TAG);
-    if (len != EC_CURVE.length) {
-      KMException.throwIt(KMError.UNKNOWN_ERROR);
-    }
-    if (Util.arrayCompare(data, cur, EC_CURVE, (short) 0, len) != 0) {
-      KMException.throwIt(KMError.UNKNOWN_ERROR);
-    }
-    incrementCursor(len);
-  }
-
-  private short header(short tag) {
-    short t = getByte();
-    if (t != tag) {
-      KMException.throwIt(KMError.UNKNOWN_ERROR);
-    }
-    return getLength();
-  }
-
-  private byte getByte() {
-    byte d = data[cur];
-    incrementCursor((short) 1);
-    return d;
-  }
-
-  private short getShort() {
-    short d = Util.getShort(data, cur);
-    incrementCursor((short) 2);
-    return d;
-  }
-
-  private short getModulus(short modulusLen) {
-    if (0 == data[cur] && modulusLen == 257) {
-      incrementCursor((short) 1);
-      modulusLen--;
-    }
-    short blob = KMByteBlob.instance(modulusLen);
-    getBytes(blob);
-    return blob;
-  }
-
-  private void getBytes(short blob) {
-    short len = KMByteBlob.cast(blob).length();
-    Util.arrayCopyNonAtomic(data, cur, KMByteBlob.cast(blob).getBuffer(),
-        KMByteBlob.cast(blob).getStartOff(), len);
-    incrementCursor(len);
-  }
-
-  private short getLength() {
-    byte len = getByte();
-    if (len >= 0) {
-      return len;
-    }
-    len = (byte) (len & 0x7F);
-    if (len == 1) {
-      return (short) (getByte() & 0xFF);
-    } else if (len == 2) {
-      return getShort();
-    } else {
-      KMException.throwIt(KMError.UNKNOWN_ERROR);
-    }
-    return KMType.INVALID_VALUE; //should not come here
-  }
-
-  public static KMPKCS8DecoderImpl instance() {
-    if (inst == null) {
-      inst = new KMPKCS8DecoderImpl();
-    }
-    return inst;
-  }
-
-  public void init(short blob) {
-    data = KMByteBlob.cast(blob).getBuffer();
-    start = KMByteBlob.cast(blob).getStartOff();
-    length = KMByteBlob.cast(blob).length();
-    cur = start;
-  }
-
-  public void incrementCursor(short n) {
-    cur += n;
-    if (cur > ((short) (start + length))) {
-      KMException.throwIt(KMError.UNKNOWN_ERROR);
-    }
-  }
-}
diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMUtils.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMUtils.java
index 88b7b4d1..c2b5c7f3 100644
--- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMUtils.java
+++ b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMUtils.java
@@ -303,14 +303,6 @@ public static byte compare(byte[] buf, short lhs, short rhs) {
     return KMInteger.unsignedByteArrayCompare(buf, lhs, buf, rhs, (short) 8);
   }
 
-  public static void shiftLeft(byte[] buf, short start, short count) {
-    short index = 0;
-    while (index < count) {
-      shiftLeft(buf, start);
-      index++;
-    }
-  }
-
   public static void shiftLeft(byte[] buf, short start) {
     byte index = 7;
     byte carry = 0;
@@ -351,9 +343,7 @@ public static void add(byte[] buf, short op1, short op2, short result) {
     byte carry = 0;
     short tmp;
     while (index >= 0) {
-      tmp =
-          (short) ((buf[(short) (op1 + index)] & 0xFF) +
-              (buf[(short) (op2 + index)] & 0xFF) + carry);
+      tmp = (short) (buf[(short) (op1 + index)] + buf[(short) (op2 + index)] + carry);
       carry = 0;
       if (tmp > 255) {
         carry = 1; // max unsigned byte value is 255
@@ -419,20 +409,4 @@ public static short getLeapYrIndex(boolean from2020, short yrsCount) {
     return -1;
   }
 
-  // i * 1000 = (i << 9) + (i << 8) + (i << 7) + (i << 6) + (i << 5) + ( i << 3)
-  public static void convertToMilliseconds(byte[] buf, short inputOff, short outputOff,
-      short scratchPadOff) {
-    byte[] shiftPos = {9, 8, 7, 6, 5, 3};
-    short index = 0;
-    while (index < (short) (shiftPos.length)) {
-      Util.arrayCopyNonAtomic(buf, inputOff, buf, scratchPadOff, (short) 8);
-      shiftLeft(buf, scratchPadOff, shiftPos[index]);
-      Util.arrayCopyNonAtomic(buf, outputOff, buf, (short) (scratchPadOff + 8), (short) 8);
-      add(buf, scratchPadOff, (short) (8 + scratchPadOff), (short) (16 + scratchPadOff));
-      Util.arrayCopyNonAtomic(buf, (short) (scratchPadOff + 16), buf, outputOff, (short) 8);
-      Util.arrayFillNonAtomic(buf, scratchPadOff, (short) 24, (byte) 0);
-      index++;
-    }
-  }
-
-}
+}
\ No newline at end of file
diff --git a/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java b/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java
index bbba28ab..1e80f4b2 100644
--- a/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java
+++ b/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java
@@ -20,9 +20,6 @@
 import com.android.javacard.keymaster.KMBoolTag;
 import com.android.javacard.keymaster.KMByteBlob;
 import com.android.javacard.keymaster.KMByteTag;
-import com.android.javacard.keymaster.KMComputedHmacKey;
-import com.android.javacard.keymaster.KMConfigurations;
-import com.android.javacard.keymaster.KMHmacKey;
 import com.android.javacard.keymaster.KMJCardSimApplet;
 import com.android.javacard.keymaster.KMJCardSimulator;
 import com.android.javacard.keymaster.KMSEProvider;
@@ -88,13 +85,14 @@ public class KMFunctionalTest {
 
   private static final byte INS_BEGIN_KM_CMD = 0x00;
   private static final byte INS_PROVISION_ATTESTATION_KEY_CMD = INS_BEGIN_KM_CMD + 1; //0x01
-  private static final byte INS_PROVISION_ATTESTATION_CERT_DATA_CMD = INS_BEGIN_KM_CMD + 2; //0x02
-  private static final byte INS_PROVISION_ATTEST_IDS_CMD = INS_BEGIN_KM_CMD + 3; //0x04
-  private static final byte INS_PROVISION_PRESHARED_SECRET_CMD = INS_BEGIN_KM_CMD + 4; //0x05
-  private static final byte INS_SET_BOOT_PARAMS_CMD = INS_BEGIN_KM_CMD + 5; //0x06
-  private static final byte INS_LOCK_PROVISIONING_CMD = INS_BEGIN_KM_CMD + 6; //0x07
-  private static final byte INS_GET_PROVISION_STATUS_CMD = INS_BEGIN_KM_CMD + 7; //0x08
-  private static final byte INS_SET_VERSION_PATCHLEVEL_CMD = INS_BEGIN_KM_CMD + 8; //0x09
+  private static final byte INS_PROVISION_ATTESTATION_CERT_CHAIN_CMD = INS_BEGIN_KM_CMD + 2; //0x02
+  private static final byte INS_PROVISION_ATTESTATION_CERT_PARAMS_CMD = INS_BEGIN_KM_CMD + 3; //0x03
+  private static final byte INS_PROVISION_ATTEST_IDS_CMD = INS_BEGIN_KM_CMD + 4; //0x04
+  private static final byte INS_PROVISION_PRESHARED_SECRET_CMD = INS_BEGIN_KM_CMD + 5; //0x05
+  private static final byte INS_SET_BOOT_PARAMS_CMD = INS_BEGIN_KM_CMD + 6; //0x06
+  private static final byte INS_LOCK_PROVISIONING_CMD = INS_BEGIN_KM_CMD + 7; //0x07
+  private static final byte INS_GET_PROVISION_STATUS_CMD = INS_BEGIN_KM_CMD + 8; //0x08
+  private static final byte INS_SET_VERSION_PATCHLEVEL_CMD = INS_BEGIN_KM_CMD + 9; //0x09
   // Top 32 commands are reserved for provisioning.
   private static final byte INS_END_KM_PROVISION_CMD = 0x20;
 
@@ -536,8 +534,6 @@ private void setBootParams(CardSimulator simulator, short bootPatchLevel) {
   }
 
   private void provisionSigningCertificate(CardSimulator simulator) {
-    short arrPtr = KMArray.instance((short) 3);
-
     short byteBlobPtr = KMByteBlob.instance(
         (short) (kEcAttestCert.length + kEcAttestRootCert.length));
     Util.arrayCopyNonAtomic(kEcAttestCert, (short) 0,
@@ -549,17 +545,8 @@ private void provisionSigningCertificate(CardSimulator simulator) {
         (short) (KMByteBlob.cast(byteBlobPtr).getStartOff()
             + kEcAttestCert.length),
         (short) kEcAttestRootCert.length);
-    KMArray.cast(arrPtr).add((short) 0, byteBlobPtr);
-
-    short byteBlob1 = KMByteBlob.instance(X509Issuer, (short) 0,
-        (short) X509Issuer.length);
-    KMArray.cast(arrPtr).add((short) 1, byteBlob1);
-    short byteBlob2 = KMByteBlob.instance(expiryTime, (short) 0,
-        (short) expiryTime.length);
-    KMArray.cast(arrPtr).add((short) 2, byteBlob2);
-
     CommandAPDU apdu = encodeApdu(
-        (byte) INS_PROVISION_ATTESTATION_CERT_DATA_CMD, arrPtr);
+        (byte) INS_PROVISION_ATTESTATION_CERT_CHAIN_CMD, byteBlobPtr);
     // print(commandAPDU.getBytes());
     ResponseAPDU response = simulator.transmitCommand(apdu);
     Assert.assertEquals(0x9000, response.getSW());
@@ -606,6 +593,23 @@ private void provisionSigningKey(CardSimulator simulator) {
     Assert.assertEquals(0x9000, response.getSW());
   }
 
+  private void provisionCertificateParams(CardSimulator simulator) {
+
+    short arrPtr = KMArray.instance((short) 2);
+    short byteBlob1 = KMByteBlob.instance(X509Issuer, (short) 0,
+        (short) X509Issuer.length);
+    KMArray.cast(arrPtr).add((short) 0, byteBlob1);
+    short byteBlob2 = KMByteBlob.instance(expiryTime, (short) 0,
+        (short) expiryTime.length);
+    KMArray.cast(arrPtr).add((short) 1, byteBlob2);
+
+    CommandAPDU apdu = encodeApdu(
+        (byte) INS_PROVISION_ATTESTATION_CERT_PARAMS_CMD, arrPtr);
+    // print(commandAPDU.getBytes());
+    ResponseAPDU response = simulator.transmitCommand(apdu);
+    Assert.assertEquals(0x9000, response.getSW());
+  }
+
   private void provisionSharedSecret(CardSimulator simulator) {
     byte[] sharedKeySecret = {
         0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
@@ -672,6 +676,7 @@ private void provisionLocked(CardSimulator simulator) {
   private void provisionCmd(CardSimulator simulator) {
     provisionSigningKey(simulator);
     provisionSigningCertificate(simulator);
+    provisionCertificateParams(simulator);
     provisionSharedSecret(simulator);
     provisionAttestIds(simulator);
     // set bootup parameters
@@ -921,7 +926,7 @@ public void testDeviceLocked() {
     init();
     byte[] hmacKey = new byte[32];
     cryptoProvider.newRandomNumber(hmacKey, (short) 0, (short) 32);
-    cryptoProvider.createComputedHmacKey(hmacKey, (short) 0, (short) 32);
+    KMRepository.instance().initComputedHmac(hmacKey, (short) 0, (short) 32);
     // generate aes key with unlocked_device_required
     short aesKey = generateAesDesKey(KMType.AES, (short) 128, null, null, true);
     short keyBlobPtr = KMArray.cast(aesKey).get((short) 1);
@@ -946,9 +951,28 @@ public void testDeviceLocked() {
     // create verification token
     short verToken = KMVerificationToken.instance();
     KMVerificationToken.cast(verToken).setTimestamp(KMInteger.uint_16((short) 1));
-    verToken = signVerificationToken(verToken, KMConfigurations.TEE_MACHINE_TYPE);
+    verToken = signVerificationToken(verToken);
     // device locked request
-    deviceLock(verToken, KMError.VERIFICATION_FAILED);
+    deviceLock(verToken);
+    // decrypt should fail
+    inParams = getAesDesParams(KMType.AES, KMType.ECB, KMType.PKCS7, null);
+    short beginResp = begin(KMType.DECRYPT,
+        KMByteBlob.instance(keyBlob, (short) 0, (short) keyBlob.length),
+        KMKeyParameters.instance(inParams), (short) 0, false);
+    Assert.assertEquals(beginResp, KMError.DEVICE_LOCKED);
+    short hwToken = KMHardwareAuthToken.instance();
+    KMHardwareAuthToken.cast(hwToken).setTimestamp(KMInteger.uint_16((byte) 2));
+    KMHardwareAuthToken.cast(hwToken)
+        .setHwAuthenticatorType(KMEnum.instance(KMType.USER_AUTH_TYPE, (byte) KMType.PASSWORD));
+    inParams = getAesDesParams(KMType.AES, KMType.ECB, KMType.PKCS7, null);
+    hwToken = signHwToken(hwToken);
+    ret = processMessage(cipherData,
+        KMByteBlob.instance(keyBlob, (short) 0, (short) keyBlob.length),
+        KMType.DECRYPT,
+        KMKeyParameters.instance(inParams), hwToken, null, false, false
+    );
+    ret = KMArray.cast(ret).get((short) 0);
+    Assert.assertEquals(KMInteger.cast(ret).getShort(), KMError.OK);
     cleanUp();
   }
 
@@ -991,9 +1015,13 @@ private short signHwToken(short hwToken) {
 
  */
     byte[] mac = new byte[32];
-    short key = KMByteBlob.instance((short) 32);
-    KMHmacKey computedHmacKey = (KMHmacKey) cryptoProvider.getComputedHmacKey();
-    computedHmacKey.getKey(KMByteBlob.cast(key).getBuffer(), KMByteBlob.cast(key).getStartOff());
+    /*
+    len =
+      cryptoProvider.hmacSign(key, scratchPad, (short) 0, len,
+        mac,
+        (short)0);
+     */
+    short key = KMRepository.instance().getComputedHmacKey();
     cryptoProvider.hmacSign(
         KMByteBlob.cast(key).getBuffer(),
         KMByteBlob.cast(key).getStartOff(),
@@ -1006,28 +1034,19 @@ private short signHwToken(short hwToken) {
     return hwToken;
   }
 
-  private void deviceLock(short verToken, short expectedError) {
+  private void deviceLock(short verToken) {
     short req = KMArray.instance((short) 2);
     KMArray.cast(req).add((short) 0, KMInteger.uint_8((byte) 1));
     KMArray.cast(req).add((short) 1, verToken);
     CommandAPDU apdu = encodeApdu((byte) INS_DEVICE_LOCKED_CMD, req);
     ResponseAPDU response = simulator.transmitCommand(apdu);
+    short ret = KMArray.instance((short) 1);
+    KMArray.cast(ret).add((short) 0, KMInteger.exp());
     byte[] respBuf = response.getBytes();
-    short len = (short) respBuf.length;
-    byte majorType = readMajorType(respBuf);
-    short retError;
-    if (majorType == CBOR_ARRAY_MAJOR_TYPE) {
-      short ret = KMArray.instance((short) 1);
-      ret = decoder.decode(ret, respBuf, (short) 0, len);
-      retError = KMInteger.cast(KMArray.cast(ret).get((short) 0)).getShort();
-    } else {//Major type UINT.
-      short ret = decoder.decode(KMInteger.exp(), respBuf, (short) 0, len);
-      retError = KMInteger.cast(ret).getShort();
-    }
-    Assert.assertEquals(retError, expectedError);
+    Assert.assertEquals(respBuf[0], KMError.OK);
   }
 
-  private short signVerificationToken(short verToken, byte machineType) {
+  private short signVerificationToken(short verToken) {
     byte[] scratchPad = new byte[256];
     byte[] authVer = "Auth Verification".getBytes();
     //print(authVer,(short)0,(short)authVer.length);
@@ -1039,29 +1058,17 @@ private short signVerificationToken(short verToken, byte machineType) {
     short len = (short) authVer.length;
     // concatenate challenge - 8 bytes
     short ptr = KMVerificationToken.cast(verToken).getChallenge();
-    if (machineType == KMConfigurations.LITTLE_ENDIAN) {
-      KMInteger.cast(ptr).toLittleEndian(scratchPad, len);
-    } else {
-      KMInteger.cast(ptr)
-          .value(scratchPad, (short) (len + (short) (8 - KMInteger.cast(ptr).length())));
-    }
+    KMInteger.cast(ptr)
+        .value(scratchPad, (short) (len + (short) (8 - KMInteger.cast(ptr).length())));
     len += 8;
     // concatenate timestamp -8 bytes
     ptr = KMVerificationToken.cast(verToken).getTimestamp();
-    if (machineType == KMConfigurations.LITTLE_ENDIAN) {
-      KMInteger.cast(ptr).toLittleEndian(scratchPad, len);
-    } else {
-      KMInteger.cast(ptr)
-          .value(scratchPad, (short) (len + (short) (8 - KMInteger.cast(ptr).length())));
-    }
+    KMInteger.cast(ptr)
+        .value(scratchPad, (short) (len + (short) (8 - KMInteger.cast(ptr).length())));
     len += 8;
     // concatenate security level - 4 bytes
     ptr = KMVerificationToken.cast(verToken).getSecurityLevel();
-    if (machineType == KMConfigurations.LITTLE_ENDIAN) {
-      scratchPad[len] = KMEnum.cast(ptr).getVal();
-    } else {
-      scratchPad[(short) (len + 3)] = KMEnum.cast(ptr).getVal();
-    }
+    scratchPad[(short) (len + 3)] = KMEnum.cast(ptr).getVal();
     len += 4;
     // concatenate Parameters verified - blob of encoded data.
     ptr = KMVerificationToken.cast(verToken).getParametersVerified();
@@ -1083,9 +1090,7 @@ private short signVerificationToken(short verToken, byte machineType) {
         mac,
         (short)0);
      */
-    short key = KMByteBlob.instance((short) 32);
-    KMHmacKey computedHmacKey = (KMHmacKey) cryptoProvider.getComputedHmacKey();
-    computedHmacKey.getKey(KMByteBlob.cast(key).getBuffer(), KMByteBlob.cast(key).getStartOff());
+    short key = KMRepository.instance().getComputedHmacKey();
     cryptoProvider.hmacSign(KMByteBlob.cast(key).getBuffer(),
         KMByteBlob.cast(key).getStartOff(),
         KMByteBlob.cast(key).length(),
@@ -1191,142 +1196,6 @@ private short extractKeyBlobArray(short keyBlob) {
         .cast(keyBlob).getStartOff(), KMByteBlob.cast(keyBlob).length());
   }
 
-  @Test
-  public void testRateLimitExceptsMaxOpsExceeded() {
-    init();
-    short rsaKeyArr = generateRsaKey(null, null, KMInteger.uint_8((byte) 2));
-    Assert.assertEquals(KMInteger.cast(KMArray.cast(rsaKeyArr).get((short) 0)).getShort(),
-        KMError.OK);
-
-    // Cache keyblob
-    short keyBlobPtr = KMArray.cast(rsaKeyArr).get((short) 1);
-    byte[] keyBlob = new byte[KMByteBlob.cast(keyBlobPtr).length()];
-    Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(),
-        KMByteBlob.cast(keyBlobPtr).getStartOff(),
-        keyBlob, (short) 0, (short) keyBlob.length);
-    short inParams = getRsaParams(KMType.SHA2_256, KMType.RSA_PKCS1_1_5_SIGN);
-    inParams = KMKeyParameters.instance(inParams);
-    // Begin
-    begin(KMType.SIGN, keyBlobPtr, inParams, (short) 0, false);
-
-    keyBlobPtr = KMByteBlob.instance((short) keyBlob.length);
-    Util.arrayCopyNonAtomic(keyBlob, (short) 0,
-        KMByteBlob.cast(keyBlobPtr).getBuffer(),
-        KMByteBlob.cast(keyBlobPtr).getStartOff(),
-        (short) keyBlob.length);
-    inParams = getRsaParams(KMType.SHA2_256, KMType.RSA_PKCS1_1_5_SIGN);
-    inParams = KMKeyParameters.instance(inParams);
-    begin(KMType.SIGN, keyBlobPtr, inParams, (short) 0, false);
-
-    keyBlobPtr = KMByteBlob.instance((short) keyBlob.length);
-    Util.arrayCopyNonAtomic(keyBlob, (short) 0,
-        KMByteBlob.cast(keyBlobPtr).getBuffer(),
-        KMByteBlob.cast(keyBlobPtr).getStartOff(),
-        (short) keyBlob.length);
-    inParams = getRsaParams(KMType.SHA2_256, KMType.RSA_PKCS1_1_5_SIGN);
-    inParams = KMKeyParameters.instance(inParams);
-    short beginResp = begin(KMType.SIGN, keyBlobPtr, inParams, (short) 0, false);
-    Assert.assertEquals(KMError.KEY_MAX_OPS_EXCEEDED, beginResp);
-    cleanUp();
-  }
-
-  @Test
-  public void testRateLimitExceptsTooManyOperations() {
-    init();
-    byte[] plainData = "Hello World 123!".getBytes();
-    for (int i = 0; i <= 8; i++) {
-      short rsaKeyArr = generateRsaKey(null, null, KMInteger.uint_8((byte) 1));
-      Assert.assertEquals(KMInteger.cast(KMArray.cast(rsaKeyArr).get((short) 0)).getShort(),
-          KMError.OK);
-
-      // Cache keyblob
-      short keyBlobPtr = KMArray.cast(rsaKeyArr).get((short) 1);
-      short inParams = getRsaParams(KMType.SHA2_256, KMType.RSA_PKCS1_1_5_SIGN);
-      inParams = KMKeyParameters.instance(inParams);
-      // Begin
-      short beginResp = begin(KMType.SIGN, keyBlobPtr, inParams, (short) 0, false);
-      if (i == 8) {
-        // Only 8 keys are allowed for MAX_USES_PER_BOOT
-        Assert.assertEquals(KMError.TOO_MANY_OPERATIONS, beginResp);
-        return;
-      }
-      short opHandle = KMArray.cast(beginResp).get((short) 2);
-      finish(opHandle,
-          KMByteBlob.instance(plainData, (short) 0, (short) plainData.length), null,
-          (short) 0, (short) 0, (short) 0, KMError.OK, false);
-    }
-    cleanUp();
-  }
-
-  @Test
-  public void testRateLimitClearBufferAfterReboot() {
-    init();
-    byte[] plainData = "Hello World 123!".getBytes();
-    for (int i = 0; i <= 32; i++) {
-      if (i % 8 == 0) {
-        // Simulate reboot using set boot parameters.
-        // Clear the rate limited keys from the flash memory
-        setBootParams(simulator, (short) BOOT_PATCH_LEVEL);
-      }
-      short rsaKeyArr = generateRsaKey(null, null, KMInteger.uint_8((byte) 1));
-      Assert.assertEquals(KMInteger.cast(KMArray.cast(rsaKeyArr).get((short) 0)).getShort(),
-          KMError.OK);
-
-      // Cache keyblob
-      short keyBlobPtr = KMArray.cast(rsaKeyArr).get((short) 1);
-      short inParams = getRsaParams(KMType.SHA2_256, KMType.RSA_PKCS1_1_5_SIGN);
-      inParams = KMKeyParameters.instance(inParams);
-      // Begin
-      short beginResp = begin(KMType.SIGN, keyBlobPtr, inParams, (short) 0, false);
-      short opHandle = KMArray.cast(beginResp).get((short) 2);
-      // Finish
-      finish(opHandle,
-          KMByteBlob.instance(plainData, (short) 0, (short) plainData.length), null,
-          (short) 0, (short) 0, (short) 0, KMError.OK, false);
-    }
-    cleanUp();
-  }
-
-  @Test
-  public void testRateLimitWithHugeCount() {
-    init();
-    short maxUsesPerBoot = 1000;
-    byte[] plainData = "Hello World 123!".getBytes();
-    short rsaKeyArr = generateRsaKey(null, null, KMInteger.uint_16(maxUsesPerBoot));
-    Assert.assertEquals(KMInteger.cast(KMArray.cast(rsaKeyArr).get((short) 0)).getShort(),
-        KMError.OK);
-
-    // Cache keyblob
-    short keyBlobPtr = KMArray.cast(rsaKeyArr).get((short) 1);
-    byte[] keyBlob = new byte[KMByteBlob.cast(keyBlobPtr).length()];
-    Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(),
-        KMByteBlob.cast(keyBlobPtr).getStartOff(),
-        keyBlob, (short) 0, (short) keyBlob.length);
-
-    for (int i = 0; i <= maxUsesPerBoot; i++) {
-      // Cache keyblob
-      keyBlobPtr = KMByteBlob.instance((short) keyBlob.length);
-      Util.arrayCopyNonAtomic(keyBlob, (short) 0,
-          KMByteBlob.cast(keyBlobPtr).getBuffer(),
-          KMByteBlob.cast(keyBlobPtr).getStartOff(),
-          (short) keyBlob.length);
-      short inParams = getRsaParams(KMType.SHA2_256, KMType.RSA_PKCS1_1_5_SIGN);
-      inParams = KMKeyParameters.instance(inParams);
-      // Begin
-      short beginResp = begin(KMType.SIGN, keyBlobPtr, inParams, (short) 0, false);
-      if (i == maxUsesPerBoot) {
-        Assert.assertEquals(KMError.KEY_MAX_OPS_EXCEEDED, beginResp);
-        return;
-      }
-      short opHandle = KMArray.cast(beginResp).get((short) 2);
-      // Finish
-      finish(opHandle,
-          KMByteBlob.instance(plainData, (short) 0, (short) plainData.length), null,
-          (short) 0, (short) 0, (short) 0, KMError.OK, false);
-    }
-    cleanUp();
-  }
-
   @Test
   public void testRsaGenerateKeySuccess() {
     init();
@@ -1354,7 +1223,7 @@ public void testRsaGenerateKeySuccess() {
     cleanUp();
   }
 
-  private short generateRsaKey(byte[] clientId, byte[] appData, short keyUsageLimitPtr) {
+  private short generateRsaKey(byte[] clientId, byte[] appData) {
     byte[] activeAndCreationDateTime = {0, 0, 0x01, 0x73, 0x51, 0x7C, (byte) 0xCC, 0x00};
     short tagCount = 11;
     if (clientId != null) {
@@ -1363,9 +1232,6 @@ private short generateRsaKey(byte[] clientId, byte[] appData, short keyUsageLimi
     if (appData != null) {
       tagCount++;
     }
-    if (keyUsageLimitPtr != KMType.INVALID_VALUE) {
-      tagCount++;
-    }
     short arrPtr = KMArray.instance(tagCount);
     short keySize = KMIntegerTag
         .instance(KMType.UINT_TAG, KMType.KEYSIZE, KMInteger.uint_16((short) 2048));
@@ -1418,10 +1284,6 @@ private short generateRsaKey(byte[] clientId, byte[] appData, short keyUsageLimi
           KMByteTag.instance(KMType.APPLICATION_DATA,
               KMByteBlob.instance(appData, (short) 0, (short) appData.length)));
     }
-    if (keyUsageLimitPtr != KMType.INVALID_VALUE) {
-      KMArray.cast(arrPtr).add(tagIndex++, KMIntegerTag
-          .instance(KMType.UINT_TAG, KMType.MAX_USES_PER_BOOT, keyUsageLimitPtr));
-    }
     short keyParams = KMKeyParameters.instance(arrPtr);
     arrPtr = KMArray.instance((short) 1);
     KMArray arg = KMArray.cast(arrPtr);
@@ -1441,10 +1303,6 @@ private short generateRsaKey(byte[] clientId, byte[] appData, short keyUsageLimi
     return ret;
   }
 
-  private short generateRsaKey(byte[] clientId, byte[] appData) {
-    return generateRsaKey(clientId, appData, KMType.INVALID_VALUE);
-  }
-
   private short generateAttestationKey() {
     // 15th July 2020 00.00.00
     byte[] activeAndCreationDateTime = {0, 0, 0x01, 0x73, 0x51, 0x7C, (byte) 0xCC, 0x00};
diff --git a/Applet/README.md b/Applet/README.md
index 064fc9d9..3a859194 100644
--- a/Applet/README.md
+++ b/Applet/README.md
@@ -18,4 +18,3 @@ which serves to intermediate between Android Keystore and this applet.
 - set JC_HOME_SIMULATOR environment variable to the installed sdk.
 - Give ant build from Applet folder.
 - Download [gpapi-upgrade.jar](https://globalplatform.wpengine.com/specs-library/globalplatform-card-api-org-globalplatform-upgrade-v1/) and copy inside lib folder of both AndroidSEProvider and JCardSimProvider to resolve the compilation errors.
-
diff --git a/Applet/src/com/android/javacard/keymaster/KMArray.java b/Applet/src/com/android/javacard/keymaster/KMArray.java
index adf61723..bfa09269 100644
--- a/Applet/src/com/android/javacard/keymaster/KMArray.java
+++ b/Applet/src/com/android/javacard/keymaster/KMArray.java
@@ -92,12 +92,6 @@ public void add(short index, short objPtr) {
       (short) (instanceTable[KM_ARRAY_OFFSET] + TLV_HEADER_SIZE + ARRAY_HEADER_SIZE + (short) (index * 2)),
       objPtr);
   }
-  
-  public void deleteLastEntry() {
-    short len = length();
-    Util.setShort(heap, (short) (instanceTable[KM_ARRAY_OFFSET] + TLV_HEADER_SIZE + 2), (short) (len -1));
-  }
-
 
   public short get(short index) {
     short len = length();
diff --git a/Applet/src/com/android/javacard/keymaster/KMByteBlob.java b/Applet/src/com/android/javacard/keymaster/KMByteBlob.java
index d980bd9a..a6f4c529 100644
--- a/Applet/src/com/android/javacard/keymaster/KMByteBlob.java
+++ b/Applet/src/com/android/javacard/keymaster/KMByteBlob.java
@@ -130,8 +130,4 @@ public void decrementLength(short len) {
     length = (short) (length - len);
     Util.setShort(heap, (short) (instanceTable[KM_BYTE_BLOB_OFFSET] + 1), length);
   }
-
-  public void setLength(short len) {
-    Util.setShort(heap, (short)(instanceTable[KM_BYTE_BLOB_OFFSET] + 1), len);
-  }
 }
diff --git a/Applet/src/com/android/javacard/keymaster/KMComputedHmacKey.java b/Applet/src/com/android/javacard/keymaster/KMComputedHmacKey.java
deleted file mode 100644
index 9621b417..00000000
--- a/Applet/src/com/android/javacard/keymaster/KMComputedHmacKey.java
+++ /dev/null
@@ -1,5 +0,0 @@
-package com.android.javacard.keymaster;
-
-
-public interface KMComputedHmacKey {
-}
diff --git a/Applet/src/com/android/javacard/keymaster/KMDecoder.java b/Applet/src/com/android/javacard/keymaster/KMDecoder.java
index 7bd0e6ec..c2579372 100644
--- a/Applet/src/com/android/javacard/keymaster/KMDecoder.java
+++ b/Applet/src/com/android/javacard/keymaster/KMDecoder.java
@@ -435,38 +435,14 @@ private void incrementStartOff(short inc) {
       ISOException.throwIt(ISO7816.SW_DATA_INVALID);
     }
   }
-  
-  // Reads the offset and length values of the ByteBlobs from a CBOR array buffer.
-  public void decodeCertificateData(short expectedArrLen, byte[] buf, short bufOffset, short bufLen,
-      byte[] out, short outOff) {
-    bufferRef[0] = buf;
-    scratchBuf[START_OFFSET] = bufOffset;
-    scratchBuf[LEN_OFFSET] = (short) (bufOffset + bufLen);
-    short byteBlobLength = 0;
-    // Read Array length
-    short payloadLength = readMajorTypeWithPayloadLength(ARRAY_TYPE);
-    if (expectedArrLen != payloadLength) {
-      ISOException.throwIt(ISO7816.SW_DATA_INVALID);
-    }
-    short index = 0;
-    while (index < payloadLength) {
-      incrementStartOff(byteBlobLength);
-      byteBlobLength = readMajorTypeWithPayloadLength(BYTES_TYPE);
-      Util.setShort(out, outOff, scratchBuf[START_OFFSET]); // offset
-      outOff += 2;
-      Util.setShort(out, outOff, byteBlobLength); // length
-      outOff += 2;
-      index++;
-    }    
-  }
-  
-  public short getCborBytesStartOffset(byte[] buf, short bufOffset, short bufLen) {
+
+  public short readCertificateChainLengthAndHeaderLen(byte[] buf, short bufOffset,
+      short bufLen) {
     bufferRef[0] = buf;
     scratchBuf[START_OFFSET] = bufOffset;
     scratchBuf[LEN_OFFSET] = (short) (bufOffset + bufLen);
-
-    readMajorTypeWithPayloadLength(BYTES_TYPE);
-    return scratchBuf[START_OFFSET];
+    short totalLen = readMajorTypeWithPayloadLength(BYTES_TYPE);
+    totalLen += (short) (scratchBuf[START_OFFSET] - bufOffset);
+    return totalLen;
   }
-
 }
diff --git a/Applet/src/com/android/javacard/keymaster/KMEncoder.java b/Applet/src/com/android/javacard/keymaster/KMEncoder.java
index 1ae67595..14d8ef4c 100644
--- a/Applet/src/com/android/javacard/keymaster/KMEncoder.java
+++ b/Applet/src/com/android/javacard/keymaster/KMEncoder.java
@@ -89,16 +89,16 @@ public short encode(short object, byte[] buffer, short startOff) {
     return (short) (scratchBuf[START_OFFSET] - startOff);
   }
 
-  // array{KMError.OK, KMByteBlob}
-  public void encodeCertChain(byte[] buffer, short offset, short length, short errInt32Ptr, short certChainOff, short certChainLen) {
+  // array{KMError.OK,Array{KMByteBlobs}}
+  public void encodeCertChain(byte[] buffer, short offset, short length, short errInt32Ptr) {
     bufferRef[0] = buffer;
     scratchBuf[START_OFFSET] = offset;
-    scratchBuf[LEN_OFFSET] = (short) (offset + length + 1);
+    scratchBuf[LEN_OFFSET] = (short) (offset + 1);
+    //Total length is ArrayHeader + [UIntHeader + length(errInt32Ptr)]
+    scratchBuf[LEN_OFFSET] += (short) (1 + getEncodedIntegerLength(errInt32Ptr));
 
     writeMajorTypeWithLength(ARRAY_TYPE, (short) 2); // Array of 2 elements
     encodeInteger(errInt32Ptr);
-    writeMajorTypeWithLength(BYTES_TYPE, certChainLen);
-    writeBytes(buffer, certChainOff, certChainLen);
   }
 
   //array{KMError.OK,Array{KMByteBlobs}}
diff --git a/Applet/src/com/android/javacard/keymaster/KMEnum.java b/Applet/src/com/android/javacard/keymaster/KMEnum.java
index a55c243d..2b55a6ce 100644
--- a/Applet/src/com/android/javacard/keymaster/KMEnum.java
+++ b/Applet/src/com/android/javacard/keymaster/KMEnum.java
@@ -30,7 +30,7 @@ public class KMEnum extends KMType {
   private static KMEnum prototype;
 
   // The allowed enum types.
-  private static final short[] types = {
+  private static short[] types = {
     HARDWARE_TYPE,
     KEY_FORMAT,
     KEY_DERIVATION_FUNCTION,
diff --git a/Applet/src/com/android/javacard/keymaster/KMEnumTag.java b/Applet/src/com/android/javacard/keymaster/KMEnumTag.java
index f69aaf51..7493aa3d 100644
--- a/Applet/src/com/android/javacard/keymaster/KMEnumTag.java
+++ b/Applet/src/com/android/javacard/keymaster/KMEnumTag.java
@@ -31,7 +31,7 @@ public class KMEnumTag extends KMTag {
 
 
   // The allowed tag keys of type enum tag.
-  private static final short[] tags = {
+  private static short[] tags = {
     ALGORITHM, ECCURVE, BLOB_USAGE_REQ, USER_AUTH_TYPE, ORIGIN, HARDWARE_TYPE
   };
 
@@ -106,7 +106,8 @@ public static void create() {
           new byte[]{RSA, DES, EC, AES, HMAC},
           new byte[]{P_224, P_256, P_384, P_521},
           new byte[]{STANDALONE, REQUIRES_FILE_SYSTEM},
-          new byte[]{USER_AUTH_NONE, PASSWORD, FINGERPRINT, BOTH, ANY},
+          new byte[]{USER_AUTH_NONE, PASSWORD, FINGERPRINT, (byte) (PASSWORD & FINGERPRINT),
+            ANY},
           new byte[]{GENERATED, DERIVED, IMPORTED, UNKNOWN, SECURELY_IMPORTED},
           new byte[]{SOFTWARE, TRUSTED_ENVIRONMENT, STRONGBOX}
         };
diff --git a/Applet/src/com/android/javacard/keymaster/KMError.java b/Applet/src/com/android/javacard/keymaster/KMError.java
index e2c74dcb..0b4373d3 100644
--- a/Applet/src/com/android/javacard/keymaster/KMError.java
+++ b/Applet/src/com/android/javacard/keymaster/KMError.java
@@ -59,7 +59,6 @@ public class KMError {
   public static final short INVALID_NONCE = 52;
   public static final short MISSING_MAC_LENGTH = 53;
   public static final short CALLER_NONCE_PROHIBITED = 55;
-  public static final short KEY_MAX_OPS_EXCEEDED = 56;
   public static final short INVALID_MAC_LENGTH = 57;
   public static final short MISSING_MIN_MAC_LENGTH = 58;
   public static final short UNSUPPORTED_MIN_MAC_LENGTH = 59;
@@ -68,8 +67,8 @@ public class KMError {
 
   public static final short ATTESTATION_APPLICATION_ID_MISSING = 65;
   public static final short CANNOT_ATTEST_IDS = 66;
-  public static final short ROLLBACK_RESISTANCE_UNAVAILABLE = 67;  
-  public static final short NO_USER_CONFIRMATION = 71;
+  public static final short ROLLBACK_RESISTANCE_UNAVAILABLE = 67;
+
   public static final short DEVICE_LOCKED = 72;
   public static final short EARLY_BOOT_ENDED = 73;
   public static final short UNIMPLEMENTED = 100;
diff --git a/Applet/src/com/android/javacard/keymaster/KMInteger.java b/Applet/src/com/android/javacard/keymaster/KMInteger.java
index 2ae32ac1..aee6f9d5 100644
--- a/Applet/src/com/android/javacard/keymaster/KMInteger.java
+++ b/Applet/src/com/android/javacard/keymaster/KMInteger.java
@@ -101,14 +101,14 @@ public static short uint_16(short num) {
   // create integer and copy integer value
   public static short uint_32(byte[] num, short offset) {
     short ptr = instance(UINT_32);
-    Util.arrayCopyNonAtomic(num, offset, heap, (short) (ptr + TLV_HEADER_SIZE), UINT_32);
+    Util.arrayCopy(num, offset, heap, (short) (ptr + TLV_HEADER_SIZE), UINT_32);
     return ptr;
   }
 
   // create integer and copy integer value
   public static short uint_64(byte[] num, short offset) {
     short ptr = instance(UINT_64);
-    Util.arrayCopyNonAtomic(num, offset, heap, (short) (ptr + TLV_HEADER_SIZE), UINT_64);
+    Util.arrayCopy(num, offset, heap, (short) (ptr + TLV_HEADER_SIZE), UINT_64);
     return ptr;
   }
 
@@ -147,15 +147,6 @@ public short value(byte[] dest, short destOff) {
     return length();
   }
 
-  public short toLittleEndian(byte[] dest, short destOff) {
-    short index = (short) (length() - 1);
-    while (index >= 0) {
-      dest[destOff++] = heap[(short) (instanceTable[KM_INTEGER_OFFSET] + TLV_HEADER_SIZE + index)];
-      index--;
-    }
-    return length();
-  }
-
   public short getShort() {
     return Util.getShort(heap, (short) (instanceTable[KM_INTEGER_OFFSET] + TLV_HEADER_SIZE + 2));
   }
diff --git a/Applet/src/com/android/javacard/keymaster/KMIntegerArrayTag.java b/Applet/src/com/android/javacard/keymaster/KMIntegerArrayTag.java
index 558e44e2..e292c5e6 100644
--- a/Applet/src/com/android/javacard/keymaster/KMIntegerArrayTag.java
+++ b/Applet/src/com/android/javacard/keymaster/KMIntegerArrayTag.java
@@ -46,7 +46,7 @@ public static short exp(short tagType) {
     if (!validateTagType(tagType)) {
       ISOException.throwIt(ISO7816.SW_DATA_INVALID);
     }
-    short arrPtr = KMArray.exp(KMInteger.exp());
+    short arrPtr = KMArray.exp(KMType.INTEGER_TYPE);
     short ptr = instance(TAG_TYPE, (short) 6);
     Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE), tagType);
     Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE + 2), INVALID_TAG);
@@ -134,17 +134,6 @@ private static boolean validateTagType(short tagType) {
     return (tagType == ULONG_ARRAY_TAG) || (tagType == UINT_ARRAY_TAG);
   }
 
-  public boolean contains(short tagValue) {
-    short index = 0;
-    while (index < length()) {
-      if (KMInteger.compare(tagValue, get(index)) == 0) {
-        return true;
-      }
-      index++;
-    }
-    return false;
-  }
-
   public static boolean contains(short tagId, short tagValue, short params) {
     short tag =
       KMKeyParameters.findTag(KMType.UINT_ARRAY_TAG, tagId, params);
diff --git a/Applet/src/com/android/javacard/keymaster/KMIntegerTag.java b/Applet/src/com/android/javacard/keymaster/KMIntegerTag.java
index c4bab026..6ddec4bd 100644
--- a/Applet/src/com/android/javacard/keymaster/KMIntegerTag.java
+++ b/Applet/src/com/android/javacard/keymaster/KMIntegerTag.java
@@ -48,9 +48,7 @@ public class KMIntegerTag extends KMTag {
     ACTIVE_DATETIME,
     ORIGINATION_EXPIRE_DATETIME,
     USAGE_EXPIRE_DATETIME,
-    CREATION_DATETIME,
-    // Custom tag.
-    AUTH_TIMEOUT_MILLIS
+    CREATION_DATETIME
   };
 
   private KMIntegerTag() {
diff --git a/Applet/src/com/android/javacard/keymaster/KMKeyParameters.java b/Applet/src/com/android/javacard/keymaster/KMKeyParameters.java
index 709b604d..0ef85ae4 100644
--- a/Applet/src/com/android/javacard/keymaster/KMKeyParameters.java
+++ b/Applet/src/com/android/javacard/keymaster/KMKeyParameters.java
@@ -27,60 +27,6 @@
  */
 public class KMKeyParameters extends KMType {
 
-  private static final short[] unsupportedTags = {
-      // Unsupported tags.
-      KMType.BOOL_TAG, KMType.TRUSTED_USER_PRESENCE_REQUIRED,
-      KMType.UINT_TAG, KMType.MIN_SEC_BETWEEN_OPS
-  };
-
-  private static final short[] hwEnforcedTagArr = {
-      // HW Enforced
-      KMType.ENUM_TAG, KMType.ORIGIN,
-      KMType.ENUM_ARRAY_TAG, KMType.PURPOSE,
-      KMType.ENUM_TAG, KMType.ALGORITHM,
-      KMType.UINT_TAG, KMType.KEYSIZE,
-      KMType.ULONG_TAG, KMType.RSA_PUBLIC_EXPONENT,
-      KMType.ENUM_TAG, KMType.BLOB_USAGE_REQ,
-      KMType.ENUM_ARRAY_TAG, KMType.DIGEST,
-      KMType.ENUM_ARRAY_TAG, KMType.PADDING,
-      KMType.ENUM_ARRAY_TAG, KMType.BLOCK_MODE,
-      KMType.ULONG_ARRAY_TAG, KMType.USER_SECURE_ID,
-      KMType.BOOL_TAG, KMType.NO_AUTH_REQUIRED,
-      KMType.UINT_TAG, KMType.AUTH_TIMEOUT,
-      KMType.BOOL_TAG, KMType.CALLER_NONCE,
-      KMType.UINT_TAG, KMType.MIN_MAC_LENGTH,
-      KMType.ENUM_TAG, KMType.ECCURVE,
-      KMType.BOOL_TAG, KMType.INCLUDE_UNIQUE_ID,
-      KMType.BOOL_TAG, KMType.ROLLBACK_RESISTANCE,
-      KMType.ENUM_TAG, KMType.USER_AUTH_TYPE,
-      KMType.BOOL_TAG, KMType.UNLOCKED_DEVICE_REQUIRED,
-      KMType.BOOL_TAG, KMType.RESET_SINCE_ID_ROTATION,
-      KMType.BOOL_TAG, KMType.BOOTLOADER_ONLY,
-      KMType.BOOL_TAG, KMType.EARLY_BOOT_ONLY,
-      KMType.UINT_TAG, KMType.MAX_USES_PER_BOOT,
-      KMType.BOOL_TAG, KMType.TRUSTED_CONFIRMATION_REQUIRED
-  };
-
-  private static final short[] swEnforcedTagsArr = {
-      KMType.DATE_TAG, KMType.ACTIVE_DATETIME,
-      KMType.DATE_TAG, KMType.ORIGINATION_EXPIRE_DATETIME,
-      KMType.DATE_TAG, KMType.USAGE_EXPIRE_DATETIME,
-      KMType.UINT_TAG, KMType.USERID,
-      KMType.DATE_TAG, KMType.CREATION_DATETIME,
-      KMType.BOOL_TAG, KMType.ALLOW_WHILE_ON_BODY
-  };
-
-  private static final short[] invalidTagsArr = {
-      KMType.BYTES_TAG, KMType.NONCE,
-      KMType.BYTES_TAG, KMType.ASSOCIATED_DATA,
-      KMType.BYTES_TAG, KMType.UNIQUE_ID,
-      KMType.UINT_TAG, KMType.MAC_LENGTH,
-  };
-
-  private static final short[] customTags  = {
-      KMType.ULONG_TAG, KMType.AUTH_TIMEOUT_MILLIS,
-  };
-
   private static KMKeyParameters prototype;
 
   private KMKeyParameters() {
@@ -162,6 +108,14 @@ public short findTag(short tagType, short tagKey) {
   }
 
   public static boolean hasUnsupportedTags(short keyParamsPtr) {
+    final short[] tagArr = {
+        // Unsupported tags.
+        KMType.BOOL_TAG, KMType.TRUSTED_CONFIRMATION_REQUIRED,
+        KMType.BOOL_TAG, KMType.TRUSTED_USER_PRESENCE_REQUIRED,
+        KMType.BOOL_TAG, KMType.ALLOW_WHILE_ON_BODY,
+        KMType.UINT_TAG, KMType.MIN_SEC_BETWEEN_OPS,
+        KMType.UINT_TAG, KMType.MAX_USES_PER_BOOT
+    };
     byte index = 0;
     short tagInd;
     short tagPtr;
@@ -174,9 +128,9 @@ public static boolean hasUnsupportedTags(short keyParamsPtr) {
       tagPtr = KMArray.cast(arrPtr).get(index);
       tagKey = KMTag.getKey(tagPtr);
       tagType = KMTag.getTagType(tagPtr);
-      while (tagInd < (short) unsupportedTags.length) {
-        if ((unsupportedTags[tagInd] == tagType)
-            && (unsupportedTags[(short) (tagInd + 1)] == tagKey)) {
+      while (tagInd < (short) tagArr.length) {
+        if ((tagArr[tagInd] == tagType)
+            && (tagArr[(short) (tagInd + 1)] == tagKey)) {
           return true;
         }
         tagInd += 2;
@@ -190,6 +144,29 @@ public static boolean hasUnsupportedTags(short keyParamsPtr) {
   public static short makeHwEnforced(short keyParamsPtr, byte origin,
       short osVersionObjPtr, short osPatchObjPtr, short vendorPatchObjPtr,
       short bootPatchObjPtr, byte[] scratchPad) {
+    final short[] hwEnforcedTagArr = {
+        // HW Enforced
+        KMType.ENUM_TAG, KMType.ORIGIN,
+        KMType.ENUM_ARRAY_TAG, KMType.PURPOSE,
+        KMType.ENUM_TAG, KMType.ALGORITHM,
+        KMType.UINT_TAG, KMType.KEYSIZE,
+        KMType.ULONG_TAG, KMType.RSA_PUBLIC_EXPONENT,
+        KMType.ENUM_TAG, KMType.BLOB_USAGE_REQ,
+        KMType.ENUM_ARRAY_TAG, KMType.DIGEST,
+        KMType.ENUM_ARRAY_TAG, KMType.PADDING,
+        KMType.ENUM_ARRAY_TAG, KMType.BLOCK_MODE,
+        KMType.ULONG_ARRAY_TAG, KMType.USER_SECURE_ID,
+        KMType.BOOL_TAG, KMType.NO_AUTH_REQUIRED,
+        KMType.UINT_TAG, KMType.AUTH_TIMEOUT,
+        KMType.BOOL_TAG, KMType.CALLER_NONCE,
+        KMType.UINT_TAG, KMType.MIN_MAC_LENGTH,
+        KMType.ENUM_TAG, KMType.ECCURVE,
+        KMType.BOOL_TAG, KMType.INCLUDE_UNIQUE_ID,
+        KMType.BOOL_TAG, KMType.ROLLBACK_RESISTANCE,
+        KMType.ENUM_TAG, KMType.USER_AUTH_TYPE,
+        KMType.BOOL_TAG, KMType.UNLOCKED_DEVICE_REQUIRED,
+        KMType.BOOL_TAG, KMType.RESET_SINCE_ID_ROTATION
+    };
     byte index = 0;
     short tagInd;
     short arrInd = 0;
@@ -234,14 +211,18 @@ public static short makeHwEnforced(short keyParamsPtr, byte origin,
         .instance(KMType.UINT_TAG, KMType.BOOT_PATCH_LEVEL, bootPatchObjPtr);
     Util.setShort(scratchPad, arrInd, bootPatchTag);
     arrInd += 2;
-    // Add custom tags at the end of the array. So it becomes easy to
-    // delete them when sending key characteristics back to HAL.
-    arrInd = addCustomTags(keyParamsPtr, scratchPad, arrInd);
     return createKeyParameters(scratchPad, (short) (arrInd / 2));
   }
 
   // ALL_USERS, EXPORTABLE missing from types.hal
   public static short makeSwEnforced(short keyParamsPtr, byte[] scratchPad) {
+    final short[] swEnforcedTagsArr = {
+        KMType.DATE_TAG, KMType.ACTIVE_DATETIME,
+        KMType.DATE_TAG, KMType.ORIGINATION_EXPIRE_DATETIME,
+        KMType.DATE_TAG, KMType.USAGE_EXPIRE_DATETIME,
+        KMType.UINT_TAG, KMType.USERID,
+        KMType.DATE_TAG, KMType.CREATION_DATETIME
+    };
     byte index = 0;
     short tagInd;
     short arrInd = 0;
@@ -306,6 +287,13 @@ public static short makeHidden(short appIdBlob, short appDataBlob, short rootOfT
   }
 
   public static boolean isValidTag(short tagType, short tagKey) {
+    short[] invalidTagsArr = {
+        KMType.BYTES_TAG, KMType.NONCE,
+        KMType.BYTES_TAG, KMType.ASSOCIATED_DATA,
+        KMType.BYTES_TAG, KMType.UNIQUE_ID,
+        KMType.UINT_TAG, KMType.MAC_LENGTH,
+        KMType.BOOL_TAG, KMType.BOOTLOADER_ONLY
+    };
     short index = 0;
     if (tagKey == KMType.INVALID_TAG) {
       return false;
@@ -330,57 +318,4 @@ public static short createKeyParameters(byte[] ptrArr, short len) {
     }
     return KMKeyParameters.instance(arrPtr);
   }
-
-  public static short addCustomTags(short keyParams, byte[] scratchPad, short offset) {
-    short index = 0;
-    short tagPtr;
-    short len = (short) customTags.length;
-    short tagType;
-    while (index < len) {
-      tagType = customTags[(short) (index + 1)];
-      switch(tagType) {
-      case KMType.AUTH_TIMEOUT_MILLIS:
-        short authTimeOutTag =
-          KMKeyParameters.cast(keyParams).findTag(KMType.UINT_TAG, KMType.AUTH_TIMEOUT);
-        if (authTimeOutTag != KMType.INVALID_VALUE) {
-          tagPtr = createAuthTimeOutMillisTag(authTimeOutTag, scratchPad, offset);
-          Util.setShort(scratchPad, offset, tagPtr);
-          offset += 2;
-        }
-        break;
-      default:
-        break;
-      }
-      index += 2;
-    }
-    return offset;
-  }
-
-  public void deleteCustomTags() {
-    short arrPtr = getVals();
-    short index = (short) (customTags.length - 1);
-    short obj;
-    while (index >= 0) {
-      obj = findTag(customTags[(short) (index - 1)], customTags[index]);
-      if (obj != KMType.INVALID_VALUE) {
-        KMArray.cast(arrPtr).deleteLastEntry();
-      }
-      index -= 2;
-    }
-  }
-
-  public static short createAuthTimeOutMillisTag(short authTimeOutTag, byte[] scratchPad, short offset) {
-    short authTime = KMIntegerTag.cast(authTimeOutTag).getValue();
-    Util.arrayFillNonAtomic(scratchPad, offset, (short) 40, (byte) 0);
-    Util.arrayCopyNonAtomic(
-        KMInteger.cast(authTime).getBuffer(),
-        KMInteger.cast(authTime).getStartOff(),
-        scratchPad,
-        (short) (offset + 8 - KMInteger.cast(authTime).length()),
-        KMInteger.cast(authTime).length());
-    KMUtils.convertToMilliseconds(scratchPad, offset, (short) (offset + 8), (short) (offset + 16));
-    return KMIntegerTag.instance(KMType.ULONG_TAG, KMType.AUTH_TIMEOUT_MILLIS,
-        KMInteger.uint_64(scratchPad, (short) (offset + 8)));
-  }  
-  
 }
diff --git a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
index f549a30d..b41e48f4 100644
--- a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
+++ b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
@@ -34,18 +34,14 @@
 public class KMKeymasterApplet extends Applet implements AppletEvent, ExtendedLength {
 
   // Constants.
-  public static final byte[] F4 = {0x01, 0x00, 0x01};	
   public static final byte AES_BLOCK_SIZE = 16;
   public static final byte DES_BLOCK_SIZE = 8;
   public static final short MAX_LENGTH = (short) 0x2000;
   private static final byte CLA_ISO7816_NO_SM_NO_CHAN = (byte) 0x80;
   private static final short KM_HAL_VERSION = (short) 0x4000;
-  private static final short MAX_AUTH_DATA_SIZE = (short) 256;
+  private static final short MAX_AUTH_DATA_SIZE = (short) 512;
   private static final short DERIVE_KEY_INPUT_SIZE = (short) 256;
   private static final short POWER_RESET_MASK_FLAG = (short) 0x4000;
-  // Magic number version
-  public static final byte KM_MAGIC_NUMBER = (byte) 0x81;
-  public static final short CURRENT_PACKAGE_VERSION = 0x0101; // 1.1
 
   // "Keymaster HMAC Verification" - used for HMAC key verification.
   public static final byte[] sharingCheck = {
@@ -71,14 +67,6 @@ public class KMKeymasterApplet extends Applet implements AppletEvent, ExtendedLe
       0x6B,
       0x65, 0x6E
   };
-  
-  // getHardwareInfo constants.
-  private static final byte[] JAVACARD_KEYMASTER_DEVICE = {
-      0x4A, 0x61, 0x76, 0x61, 0x63, 0x61, 0x72, 0x64, 0x4B, 0x65, 0x79, 0x6D, 0x61, 0x73, 0x74,
-      0x65, 0x72, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65,
-  };
-  private static final byte[] GOOGLE = {0x47, 0x6F, 0x6F, 0x67, 0x6C, 0x65};
-
 
   // Possible states of the applet.
   private static final byte KM_BEGIN_STATE = 0x00;
@@ -91,15 +79,14 @@ public class KMKeymasterApplet extends Applet implements AppletEvent, ExtendedLe
   private static final byte INS_BEGIN_KM_CMD = 0x00;
   // Instructions for Provision Commands.
   private static final byte INS_PROVISION_ATTESTATION_KEY_CMD = INS_BEGIN_KM_CMD + 1; //0x01
-  private static final byte INS_PROVISION_ATTESTATION_CERT_DATA_CMD = INS_BEGIN_KM_CMD + 2; //0x02
-  private static final byte INS_PROVISION_ATTEST_IDS_CMD = INS_BEGIN_KM_CMD + 3; //0x03
-  private static final byte INS_PROVISION_PRESHARED_SECRET_CMD = INS_BEGIN_KM_CMD + 4; //0x04
-  private static final byte INS_SET_BOOT_PARAMS_CMD = INS_BEGIN_KM_CMD + 5; //0x05
-  private static final byte INS_LOCK_PROVISIONING_CMD = INS_BEGIN_KM_CMD + 6; //0x06
-  private static final byte INS_GET_PROVISION_STATUS_CMD = INS_BEGIN_KM_CMD + 7; //0x07
-  private static final byte INS_SET_VERSION_PATCHLEVEL_CMD = INS_BEGIN_KM_CMD + 8; //0x08
-  private static final byte INS_SET_BOOT_ENDED_CMD = INS_BEGIN_KM_CMD + 9; //0x09
-  
+  private static final byte INS_PROVISION_ATTESTATION_CERT_CHAIN_CMD = INS_BEGIN_KM_CMD + 2; //0x02
+  private static final byte INS_PROVISION_ATTESTATION_CERT_PARAMS_CMD = INS_BEGIN_KM_CMD + 3; //0x03
+  private static final byte INS_PROVISION_ATTEST_IDS_CMD = INS_BEGIN_KM_CMD + 4; //0x04
+  private static final byte INS_PROVISION_PRESHARED_SECRET_CMD = INS_BEGIN_KM_CMD + 5; //0x05
+  private static final byte INS_SET_BOOT_PARAMS_CMD = INS_BEGIN_KM_CMD + 6; //0x06
+  private static final byte INS_LOCK_PROVISIONING_CMD = INS_BEGIN_KM_CMD + 7; //0x07
+  private static final byte INS_GET_PROVISION_STATUS_CMD = INS_BEGIN_KM_CMD + 8; //0x08
+  private static final byte INS_SET_VERSION_PATCHLEVEL_CMD = INS_BEGIN_KM_CMD + 9; //0x09
   // Top 32 commands are reserved for provisioning.
   private static final byte INS_END_KM_PROVISION_CMD = 0x20;
 
@@ -129,13 +116,14 @@ public class KMKeymasterApplet extends Applet implements AppletEvent, ExtendedLe
   private static final byte INS_END_KM_CMD = 0x7F;
 
   // Provision reporting status
-  protected static final byte NOT_PROVISIONED = 0x00;
-  protected static final byte PROVISION_STATUS_ATTESTATION_KEY = 0x01;
+  private static final byte NOT_PROVISIONED = 0x00;
+  private static final byte PROVISION_STATUS_ATTESTATION_KEY = 0x01;
   private static final byte PROVISION_STATUS_ATTESTATION_CERT_CHAIN = 0x02;
   private static final byte PROVISION_STATUS_ATTESTATION_CERT_PARAMS = 0x04;
-  protected static final byte PROVISION_STATUS_ATTEST_IDS = 0x08;
-  protected static final byte PROVISION_STATUS_PRESHARED_SECRET = 0x10;
-  protected static final byte PROVISION_STATUS_PROVISIONING_LOCKED = 0x20;
+  private static final byte PROVISION_STATUS_ATTEST_IDS = 0x08;
+  private static final byte PROVISION_STATUS_PRESHARED_SECRET = 0x10;
+  private static final byte PROVISION_STATUS_BOOT_PARAM = 0x20;
+  private static final byte PROVISION_STATUS_PROVISIONING_LOCKED = 0x40;
 
   // Data Dictionary items
   public static final byte DATA_ARRAY_SIZE = 30;
@@ -201,9 +189,6 @@ public class KMKeymasterApplet extends Applet implements AppletEvent, ExtendedLe
   protected static short[] tmpVariables;
   protected static short[] data;
   protected static byte provisionStatus = NOT_PROVISIONED;
-  // First two bytes are Major version and second bytes are minor version.
-  protected short packageVersion;
-  
 
   /**
    * Registers this applet.
@@ -216,7 +201,6 @@ protected KMKeymasterApplet(KMSEProvider seImpl) {
     if (!isUpgrading) {
       keymasterState = KMKeymasterApplet.INIT_STATE;
       seProvider.createMasterKey((short) (KMRepository.MASTER_KEY_SIZE * 8));
-      packageVersion = CURRENT_PACKAGE_VERSION;
     }
     KMType.initialize();
     encoder = new KMEncoder();
@@ -365,10 +349,15 @@ public void process(APDU apdu) {
             sendError(apdu, KMError.OK);
             return;
 
-          case INS_PROVISION_ATTESTATION_CERT_DATA_CMD:
-            processProvisionAttestationCertDataCmd(apdu);
-            provisionStatus |= (KMKeymasterApplet.PROVISION_STATUS_ATTESTATION_CERT_CHAIN |
-                KMKeymasterApplet.PROVISION_STATUS_ATTESTATION_CERT_PARAMS);
+          case INS_PROVISION_ATTESTATION_CERT_CHAIN_CMD:
+            processProvisionAttestationCertChainCmd(apdu);
+            provisionStatus |= KMKeymasterApplet.PROVISION_STATUS_ATTESTATION_CERT_CHAIN;
+            sendError(apdu, KMError.OK);
+            return;
+
+          case INS_PROVISION_ATTESTATION_CERT_PARAMS_CMD:
+            processProvisionAttestationCertParams(apdu);
+            provisionStatus |= KMKeymasterApplet.PROVISION_STATUS_ATTESTATION_CERT_PARAMS;
             sendError(apdu, KMError.OK);
             return;
 
@@ -406,22 +395,10 @@ public void process(APDU apdu) {
               ISOException.throwIt(ISO7816.SW_COMMAND_NOT_ALLOWED);
             }
             processSetBootParamsCmd(apdu);
-
+            provisionStatus |= KMKeymasterApplet.PROVISION_STATUS_BOOT_PARAM;
+            seProvider.clearDeviceBooted(false);
             sendError(apdu, KMError.OK);
             return;
-            
-          case INS_SET_BOOT_ENDED_CMD:
-              if (seProvider.isBootSignalEventSupported()
-                  && (keymasterState == KMKeymasterApplet.ACTIVE_STATE)
-                  && (!seProvider.isDeviceRebooted())) {
-                ISOException.throwIt(ISO7816.SW_COMMAND_NOT_ALLOWED);
-              }
-              //set the flag to mark boot ended
-              repository.setBootEndedStatus(true);
-              
-              seProvider.clearDeviceBooted(false);
-              sendError(apdu, KMError.OK);
-              return;
 
           case INS_GET_PROVISION_STATUS_CMD:
             processGetProvisionStatusCmd(apdu);
@@ -513,8 +490,8 @@ && isProvisioningComplete())) {
       sendError(apdu, KMException.getReason());
       exception.clear();
     } catch (ISOException exp) {
-      freeOperations();
       sendError(apdu, mapISOErrorToKMError(exp.getReason()));
+      freeOperations();
     } catch (CryptoException e) {
       freeOperations();
       sendError(apdu, mapCryptoErrorToKMError(e.getReason()));
@@ -554,7 +531,7 @@ private void freeOperations() {
   }
 
   private void processEarlyBootEndedCmd(APDU apdu) {
-    repository.setEarlyBootEndedStatus(true);
+    KMException.throwIt(KMError.UNIMPLEMENTED);
   }
 
   private void processDeviceLockedCmd(APDU apdu) {
@@ -632,6 +609,12 @@ public static void receiveIncoming(APDU apdu) {
 
   private void processGetHwInfoCmd(APDU apdu) {
     // No arguments expected
+    final byte[] JavacardKeymasterDevice = {
+        0x4A, 0x61, 0x76, 0x61, 0x63, 0x61, 0x72, 0x64, 0x4B, 0x65, 0x79, 0x6D, 0x61, 0x73, 0x74,
+        0x65, 0x72, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65,
+    };
+    final byte[] Google = {0x47, 0x6F, 0x6F, 0x67, 0x6C, 0x65};
+
     // Make the response
     short respPtr = KMArray.instance((short) 3);
     KMArray resp = KMArray.cast(respPtr);
@@ -639,8 +622,8 @@ private void processGetHwInfoCmd(APDU apdu) {
     resp.add(
         (short) 1,
         KMByteBlob.instance(
-            JAVACARD_KEYMASTER_DEVICE, (short) 0, (short) JAVACARD_KEYMASTER_DEVICE.length));
-    resp.add((short) 2, KMByteBlob.instance(GOOGLE, (short) 0, (short) GOOGLE.length));
+            JavacardKeymasterDevice, (short) 0, (short) JavacardKeymasterDevice.length));
+    resp.add((short) 2, KMByteBlob.instance(Google, (short) 0, (short) Google.length));
 
     bufferProp[BUF_START_OFFSET] = repository.allocAvailableMemory();
     // Encode the response - actual bufferProp[BUF_LEN_OFFSET] is 86
@@ -710,72 +693,84 @@ private void processSetVersionAndPatchLevels(APDU apdu) {
 
     sendError(apdu, KMError.OK);
   }
-  
-  private short getProvisionedCertificateData(byte dataType) {
-    short len = seProvider.getProvisionedDataLength(dataType);
-    if (len == 0) {
-      KMException.throwIt(KMError.INVALID_DATA);
-    }
-    short ptr = KMByteBlob.instance(len);
-    seProvider.readProvisionedData(
-        dataType,
-        KMByteBlob.cast(ptr).getBuffer(),
-        KMByteBlob.cast(ptr).getStartOff());
-    return ptr;
-  }
 
   private void processGetCertChainCmd(APDU apdu) {
     // Make the response
-    short certChainLen = seProvider.getProvisionedDataLength(KMSEProvider.CERTIFICATE_CHAIN);
+    tmpVariables[0] = seProvider.getCertificateChainLength();
     short int32Ptr = buildErrorStatus(KMError.OK);
-    short maxByteHeaderLen = 3; // Maximum possible ByteBlob header len.
-    short arrayHeaderLen = 1;
-    // Allocate maximum possible buffer.
-    // Add arrayHeader + (PowerResetStatus + KMError.OK) + Byte Header
-    short totalLen = (short) (arrayHeaderLen + encoder.getEncodedIntegerLength(int32Ptr) + maxByteHeaderLen + certChainLen);
-    tmpVariables[1] = KMByteBlob.instance(totalLen);
+    //Total Extra length
+    // Add arrayHeader and (PowerResetStatus + KMError.OK)
+    tmpVariables[2] = (short) (1 + encoder.getEncodedIntegerLength(int32Ptr));
+    tmpVariables[0] += tmpVariables[2];
+    tmpVariables[1] = KMByteBlob.instance(tmpVariables[0]);
     bufferRef[0] = KMByteBlob.cast(tmpVariables[1]).getBuffer();
     bufferProp[BUF_START_OFFSET] = KMByteBlob.cast(tmpVariables[1]).getStartOff();
     bufferProp[BUF_LEN_OFFSET] = KMByteBlob.cast(tmpVariables[1]).length();
-    // copy the certificate chain to the end of the buffer.
-    seProvider.readProvisionedData(
-        KMSEProvider.CERTIFICATE_CHAIN,
-        (byte[]) bufferRef[0],
-        (short) (bufferProp[BUF_START_OFFSET] + totalLen - certChainLen));
+    // read the cert chain from non-volatile memory. Cert chain is already in
+    // CBOR format.
+    seProvider.readCertificateChain((byte[]) bufferRef[0], (short) (bufferProp[BUF_START_OFFSET] + tmpVariables[2]));
     // Encode cert chain.
-    encoder.encodeCertChain((byte[]) bufferRef[0],
-        bufferProp[BUF_START_OFFSET],
-        bufferProp[BUF_LEN_OFFSET],
-        int32Ptr, // uint32 ptr
-        (short) (bufferProp[BUF_START_OFFSET] + totalLen - certChainLen), // start pos of cert chain.
-        certChainLen);
+    encoder.encodeCertChain((byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET], bufferProp[BUF_LEN_OFFSET], int32Ptr);
     sendOutgoing(apdu);
   }
 
-  private void processProvisionAttestationCertDataCmd(APDU apdu) {
+  private void processProvisionAttestationCertParams(APDU apdu) {
     receiveIncoming(apdu);
-    // Buffer holds the corresponding offsets and lengths of the certChain, certIssuer and certExpiry
-    // in the bufferRef[0] buffer.
-    short var = KMByteBlob.instance((short) 12);
-    // These variables point to the appropriate positions in the var buffer.
-    short certChainPos = KMByteBlob.cast(var).getStartOff();
-    short certIssuerPos = (short) (KMByteBlob.cast(var).getStartOff() + 4);
-    short certExpiryPos = (short) (KMByteBlob.cast(var).getStartOff() + 8);
-    decoder.decodeCertificateData((short) 3,
-        (byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET], bufferProp[BUF_LEN_OFFSET],
-        KMByteBlob.cast(var).getBuffer(), KMByteBlob.cast(var).getStartOff());
-    // persist data
-    seProvider.persistProvisionData(
-        (byte[]) bufferRef[0],
-        Util.getShort(KMByteBlob.cast(var).getBuffer(), certChainPos), // offset
-        Util.getShort(KMByteBlob.cast(var).getBuffer(), (short) (certChainPos + 2)), // length
-        Util.getShort(KMByteBlob.cast(var).getBuffer(), certIssuerPos), // offset
-        Util.getShort(KMByteBlob.cast(var).getBuffer(), (short) (certIssuerPos + 2)), // length
-        Util.getShort(KMByteBlob.cast(var).getBuffer(), certExpiryPos), // offset
-        Util.getShort(KMByteBlob.cast(var).getBuffer(), (short) (certExpiryPos + 2))); // length
-        
-    // reclaim memory
+    // Arguments
+    short blob = KMByteBlob.exp();
+    short argsProto = KMArray.instance((short) 2);
+    KMArray.cast(argsProto).add((short) 0, blob); // Cert - DER encoded issuer
+    KMArray.cast(argsProto).add((short) 1, blob); // Cert - Expiry Time
+    // Decode the argument.
+    short args = decoder.decode(argsProto, (byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET], bufferProp[BUF_LEN_OFFSET]);
+    //reclaim memory
     repository.reclaimMemory(bufferProp[BUF_LEN_OFFSET]);
+
+    // save issuer - DER Encoded
+    tmpVariables[0] = KMArray.cast(args).get((short) 0);
+    repository.setIssuer(
+        KMByteBlob.cast(tmpVariables[0]).getBuffer(),
+        KMByteBlob.cast(tmpVariables[0]).getStartOff(),
+        KMByteBlob.cast(tmpVariables[0]).length());
+
+    // save expiry time - UTC or General Time - YYMMDDhhmmssZ or YYYYMMDDhhmmssZ.
+    tmpVariables[0] = KMArray.cast(args).get((short) 1);
+    repository.setCertExpiryTime(
+        KMByteBlob.cast(tmpVariables[0]).getBuffer(),
+        KMByteBlob.cast(tmpVariables[0]).getStartOff(),
+        KMByteBlob.cast(tmpVariables[0]).length());
+  }
+
+  private void processProvisionAttestationCertChainCmd(APDU apdu) {
+    tmpVariables[0] = seProvider.getCertificateChainLength();
+    if (tmpVariables[0] != 0) {
+      //Clear the previous certificate chain.
+      seProvider.clearCertificateChain();
+    }
+    byte[] srcBuffer = apdu.getBuffer();
+    short recvLen = apdu.setIncomingAndReceive();
+    short srcOffset = apdu.getOffsetCdata();
+    bufferProp[BUF_LEN_OFFSET] = apdu.getIncomingLength();
+    bufferProp[BUF_START_OFFSET] = repository.alloc(bufferProp[BUF_LEN_OFFSET]);
+    short bytesRead = 0;
+    Util.arrayCopyNonAtomic(srcBuffer, srcOffset, (byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET],
+        recvLen);
+    // tmpVariables[1] holds the total length + Header length.
+    tmpVariables[1] = decoder.readCertificateChainLengthAndHeaderLen((byte[]) bufferRef[0],
+        bufferProp[BUF_START_OFFSET], recvLen);
+    while (recvLen > 0 && ((short) bytesRead <= bufferProp[BUF_LEN_OFFSET])) {
+      seProvider.persistPartialCertificateChain((byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET],
+          recvLen, bufferProp[BUF_LEN_OFFSET]);
+      bytesRead += recvLen;
+      recvLen = apdu.receiveBytes(srcOffset);
+      if (recvLen > 0) {
+        Util.arrayCopyNonAtomic(srcBuffer, srcOffset, (byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET],
+            recvLen);
+      }
+    }
+    if (tmpVariables[1] != bytesRead) {
+      ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
+    }
   }
 
   private void processProvisionAttestationKey(APDU apdu) {
@@ -784,11 +779,11 @@ private void processProvisionAttestationKey(APDU apdu) {
     byte[] scratchPad = apdu.getBuffer();
     // Arguments
     short keyparams = KMKeyParameters.exp();
-    short keyFormatPtr = KMEnum.instance(KMType.KEY_FORMAT);
+    short keyFormat = KMEnum.instance(KMType.KEY_FORMAT);
     short blob = KMByteBlob.exp();
     short argsProto = KMArray.instance((short) 3);
     KMArray.cast(argsProto).add((short) 0, keyparams);
-    KMArray.cast(argsProto).add((short) 1, keyFormatPtr);
+    KMArray.cast(argsProto).add((short) 1, keyFormat);
     KMArray.cast(argsProto).add((short) 2, blob);
 
     // Decode the argument
@@ -801,8 +796,8 @@ private void processProvisionAttestationKey(APDU apdu) {
     tmpVariables[0] = KMArray.cast(args).get((short) 1);
     data[IMPORTED_KEY_BLOB] = KMArray.cast(args).get((short) 2);
     // Key format must be RAW format
-    byte keyFormat = KMEnum.cast(tmpVariables[0]).getVal();
-    if (keyFormat != KMType.RAW) {
+    tmpVariables[0] = KMEnum.cast(tmpVariables[0]).getVal();
+    if (tmpVariables[0] != KMType.RAW) {
       KMException.throwIt(KMError.UNIMPLEMENTED);
     }
     data[ORIGIN] = KMType.IMPORTED;
@@ -841,7 +836,7 @@ private void processProvisionAttestationKey(APDU apdu) {
       KMException.throwIt(KMError.INVALID_ARGUMENT);
     }
     // Import EC Key - initializes data[SECRET] data[PUB_KEY]
-    importECKeys(scratchPad, keyFormat);
+    importECKeys(scratchPad);
 
     // persist key
     seProvider.createAttestationKey(
@@ -863,7 +858,14 @@ private void processProvisionAttestIdsCmd(APDU apdu) {
 
     data[KEY_PARAMETERS] = KMArray.cast(args).get((short) 0);
     // persist attestation Ids - if any is missing then exception occurs
-    saveAttId();
+    saveAttId(KMType.ATTESTATION_ID_BRAND);
+    saveAttId(KMType.ATTESTATION_ID_DEVICE);
+    saveAttId(KMType.ATTESTATION_ID_PRODUCT);
+    saveAttId(KMType.ATTESTATION_ID_MANUFACTURER);
+    saveAttId(KMType.ATTESTATION_ID_MODEL);
+    saveAttId(KMType.ATTESTATION_ID_IMEI);
+    saveAttId(KMType.ATTESTATION_ID_MEID);
+    saveAttId(KMType.ATTESTATION_ID_SERIAL);
   }
 
   private void processProvisionSharedSecretCmd(APDU apdu) {
@@ -899,24 +901,17 @@ private void processGetProvisionStatusCmd(APDU apdu) {
     sendOutgoing(apdu);
   }
 
-  private void saveAttId() {
-    // clear the attestation ids.
-    repository.deleteAttIds();
-
-    short attTag = KMType.ATTESTATION_ID_BRAND;
-    while (attTag <= KMType.ATTESTATION_ID_MODEL) {
-      tmpVariables[0] = KMKeyParameters.findTag(KMType.BYTES_TAG, attTag, data[KEY_PARAMETERS]);
-      if (tmpVariables[0] != KMType.INVALID_VALUE) {
-        tmpVariables[0] = KMByteTag.cast(tmpVariables[0]).getValue();
-        repository.persistAttId(
-            mapToAttId(attTag),
-            KMByteBlob.cast(tmpVariables[0]).getBuffer(),
-            KMByteBlob.cast(tmpVariables[0]).getStartOff(),
-            KMByteBlob.cast(tmpVariables[0]).length());
-      } else {
-        KMException.throwIt(KMError.INVALID_ARGUMENT);
-      }
-      attTag++;
+  private void saveAttId(short attTag) {
+    tmpVariables[0] = KMKeyParameters.findTag(KMType.BYTES_TAG, attTag, data[KEY_PARAMETERS]);
+    if (tmpVariables[0] != KMType.INVALID_VALUE) {
+      tmpVariables[0] = KMByteTag.cast(tmpVariables[0]).getValue();
+      repository.persistAttId(
+          mapToAttId(attTag),
+          KMByteBlob.cast(tmpVariables[0]).getBuffer(),
+          KMByteBlob.cast(tmpVariables[0]).getStartOff(),
+          KMByteBlob.cast(tmpVariables[0]).length());
+    } else {
+      KMException.throwIt(KMError.INVALID_ARGUMENT);
     }
   }
 
@@ -971,9 +966,6 @@ private void processGetKeyCharacteristicsCmd(APDU apdu) {
     parseEncryptedKeyBlob(scratchPad);
     // Check Version and Patch Level
     checkVersionAndPatchLevel(scratchPad);
-    // Remove custom tags from key characteristics
-    short hwParams = KMKeyCharacteristics.cast(data[KEY_CHARACTERISTICS]).getHardwareEnforced();
-    KMKeyParameters.cast(hwParams).deleteCustomTags();
     // make response.
     tmpVariables[0] = KMArray.instance((short) 2);
     KMArray.cast(tmpVariables[0]).add((short) 0, buildErrorStatus(KMError.OK));
@@ -1142,7 +1134,7 @@ private void processComputeSharedHmacCmd(APDU apdu) {
             scratchPad,
             (short) 0);
     // persist the computed hmac key.
-    seProvider.createComputedHmacKey(scratchPad, (short) 0, tmpVariables[6]);
+    repository.initComputedHmac(scratchPad, (short) 0, tmpVariables[6]);
 
     // Generate sharingKey verification signature and store that in scratch pad.
     tmpVariables[5] =
@@ -1281,9 +1273,10 @@ private void processImportWrappedKeyCmd(APDU apdu) {
     tmpVariables[1] = KMEnumTag.getValue(KMType.ALGORITHM, tmpVariables[0]);
     // read key format
     tmpVariables[2] = KMArray.cast(args).get((short) 1);
-    byte keyFormat = KMEnum.cast(tmpVariables[2]).getVal();
+    tmpVariables[2] = KMEnum.cast(tmpVariables[2]).getVal();
+    // import of RSA and EC not supported with pkcs8 or x509 format
     if ((tmpVariables[1] == KMType.RSA || tmpVariables[1] == KMType.EC)
-        && (keyFormat != KMType.PKCS8)) {
+        && (tmpVariables[2] != KMType.RAW)) {
       KMException.throwIt(KMError.UNIMPLEMENTED);
     }
 
@@ -1393,8 +1386,19 @@ private void processImportWrappedKeyCmd(APDU apdu) {
     data[ORIGIN] = KMType.SECURELY_IMPORTED;
     data[KEY_PARAMETERS] = KMArray.cast(args).get((short) 0);
     // create key blob array
-    data[IMPORTED_KEY_BLOB] = KMByteBlob.instance(scratchPad, (short) 0, KMByteBlob.cast(data[INPUT_DATA]).length());
-    importKey(apdu, scratchPad, keyFormat);
+    data[IMPORTED_KEY_BLOB] = KMArray.instance((short) 1);
+    // add the byte blob containing decrypted input data
+    KMArray.cast(data[IMPORTED_KEY_BLOB])
+        .add(
+            (short) 0,
+            KMByteBlob.instance(scratchPad, (short) 0, KMByteBlob.cast(data[INPUT_DATA]).length()));
+    // encode the key blob
+    tmpVariables[0] = repository.alloc((short) (KMByteBlob.cast(data[INPUT_DATA]).length() + 16));
+    tmpVariables[1] =
+        encoder.encode(data[IMPORTED_KEY_BLOB], repository.getHeap(), tmpVariables[0]);
+    data[IMPORTED_KEY_BLOB] =
+        KMByteBlob.instance(repository.getHeap(), tmpVariables[0], tmpVariables[1]);
+    importKey(apdu, scratchPad);
   }
 
   private void processAttestKeyCmd(APDU apdu) {
@@ -1481,17 +1485,14 @@ private void processAttestKeyCmd(APDU apdu) {
     // expiry time - byte blob
     tmpVariables[2] =
         KMKeyParameters.findTag(KMType.DATE_TAG, KMType.USAGE_EXPIRE_DATETIME, data[SW_PARAMETERS]);
-    cert.notAfter(tmpVariables[2],
-        getProvisionedCertificateData(KMSEProvider.CERTIFICATE_EXPIRY),
-        scratchPad,
-        (short) 0);
+    cert.notAfter(tmpVariables[2], repository.getCertExpiryTime(), scratchPad, (short) 0);
 
     addTags(KMKeyCharacteristics.cast(data[KEY_CHARACTERISTICS]).getHardwareEnforced(), true, cert);
     addTags(
         KMKeyCharacteristics.cast(data[KEY_CHARACTERISTICS]).getSoftwareEnforced(), false, cert);
 
     cert.deviceLocked(repository.getBootLoaderLock());
-    cert.issuer(getProvisionedCertificateData(KMSEProvider.CERTIFICATE_ISSUER));
+    cert.issuer(repository.getIssuer());
     cert.publicKey(data[PUB_KEY]);
     cert.verifiedBootHash(repository.getVerifiedBootHash());
 
@@ -1516,7 +1517,7 @@ private boolean isEmpty(byte[] buf, short offset, short len) {
     boolean empty = true;
     short index = 0;
     while (index < len) {
-      if (buf[index] != 0) {
+      if (buf[(short) (index + offset)] != 0) {
         empty = false;
         break;
       }
@@ -1554,7 +1555,7 @@ private void addAttestationIds(KMAttestationCert cert) {
         storedAttId = repository.getAttId(mapToAttId(attTags[index]));
         // Return CANNOT_ATTEST_IDS if Attestation IDs are not provisioned or
         // Attestation IDs are deleted.
-        if (storedAttId == KMType.INVALID_VALUE ||
+        if (storedAttId == 0 ||
             isEmpty(KMByteBlob.cast(storedAttId).getBuffer(),
                     KMByteBlob.cast(storedAttId).getStartOff(),
                     KMByteBlob.cast(storedAttId).length())) {
@@ -1691,12 +1692,11 @@ private void processFinishOperationCmd(APDU apdu) {
     authorizeUpdateFinishOperation(op, scratchPad);
     switch (op.getPurpose()) {
       case KMType.SIGN:
-    	  finishTrustedConfirmationOperation(op);
       case KMType.VERIFY:
         finishSigningVerifyingOperation(op, scratchPad);
         break;
       case KMType.ENCRYPT:
-        finishEncryptOperation(op);
+        finishEncryptOperation(op, scratchPad);
         break;
       case KMType.DECRYPT:
         finishDecryptOperation(op, scratchPad);
@@ -1721,54 +1721,50 @@ private void processFinishOperationCmd(APDU apdu) {
     sendOutgoing(apdu);
   }
 
-  private void finishEncryptOperation(KMOperationState op) {
-    if(op.getAlgorithm() != KMType.AES && op.getAlgorithm() != KMType.DES){
-      KMException.throwIt(KMError.UNSUPPORTED_ALGORITHM);
-    }
-    finishAesDesOperation(op);
-  }
-  
-  private void finishAesDesOperation(KMOperationState op) {
+  private void finishEncryptOperation(KMOperationState op, byte[] scratchPad) {
     short len = KMByteBlob.cast(data[INPUT_DATA]).length();
-    short blockSize = DES_BLOCK_SIZE;
-    if (op.getAlgorithm() == KMType.AES) {
-      blockSize = AES_BLOCK_SIZE;
-    }
-
-    if((op.getPurpose() == KMType.DECRYPT) && (op.getPadding() == KMType.PKCS7)
-        && (op.getBlockMode() == KMType.ECB || op.getBlockMode() == KMType.CBC)
-        && ((short) (len % blockSize) != 0)){
-      KMException.throwIt(KMError.INVALID_INPUT_LENGTH);
-    }
+    switch (op.getAlgorithm()) {
+      case KMType.AES:
+      case KMType.DES:
+        if (op.getAlgorithm() == KMType.AES) {
+          tmpVariables[0] = AES_BLOCK_SIZE;
+        } else {
+          tmpVariables[0] = DES_BLOCK_SIZE;
+        }
+        // If no padding then data length must be block aligned
+        if ((op.getBlockMode() == KMType.ECB || op.getBlockMode() == KMType.CBC)
+            && op.getPadding() == KMType.PADDING_NONE
+            && ((short) (len % tmpVariables[0]) != 0)) {
+          KMException.throwIt(KMError.INVALID_INPUT_LENGTH);
+        } else if (op.getBlockMode() == KMType.GCM) {
+          // update aad if there is any
+          updateAAD(op, (byte) 0x01);
+          // Get the output size
+          len = op.getOperation().getAESGCMOutputSize(len, (short) (op.getMacLength() / 8));
+          data[OUTPUT_DATA] = KMByteBlob.instance(len);
+        }
+        // If padding i.e. pkcs7 then add padding to right
+        // Output data can at most one block size more the input data in case of pkcs7 encryption
+        tmpVariables[0] = KMByteBlob.instance((short) (len + tmpVariables[0]));
+        len =
+            op.getOperation()
+                .finish(
+                    KMByteBlob.cast(data[INPUT_DATA]).getBuffer(),
+                    KMByteBlob.cast(data[INPUT_DATA]).getStartOff(),
+                    KMByteBlob.cast(data[INPUT_DATA]).length(),
+                    KMByteBlob.cast(tmpVariables[0]).getBuffer(),
+                    KMByteBlob.cast(tmpVariables[0]).getStartOff());
 
-    if (op.getBlockMode() == KMType.GCM) {
-      if (op.getPurpose() == KMType.DECRYPT && (len < (short) (op.getMacLength() / 8))) {
-        KMException.throwIt(KMError.INVALID_INPUT_LENGTH);
-      }
-      // update aad if there is any
-      updateAAD(op, (byte) 0x01);
-      // Get the output size
-      len = op.getOperation().getAESGCMOutputSize(len, (short) (op.getMacLength() / 8));
-    }
-    // If padding i.e. pkcs7 then add padding to right
-    // Output data can at most one block size more the input data in case of pkcs7
-    // encryption
-    data[OUTPUT_DATA] = KMByteBlob.instance((short) (len + 2 * blockSize));
-    try {
-      len = op.getOperation().finish(
-          KMByteBlob.cast(data[INPUT_DATA]).getBuffer(),
-          KMByteBlob.cast(data[INPUT_DATA]).getStartOff(),
-          KMByteBlob.cast(data[INPUT_DATA]).length(),
-          KMByteBlob.cast(data[OUTPUT_DATA]).getBuffer(),
-          KMByteBlob.cast(data[OUTPUT_DATA]).getStartOff());
-    } catch (CryptoException e) {
-      if (e.getReason() == CryptoException.ILLEGAL_USE) {
-        KMException.throwIt(KMError.INVALID_INPUT_LENGTH);
-      }
+        data[OUTPUT_DATA] =
+            KMByteBlob.instance(
+                KMByteBlob.cast(tmpVariables[0]).getBuffer(),
+                KMByteBlob.cast(tmpVariables[0]).getStartOff(),
+                len);
+        break;
+      default:
+        KMException.throwIt(KMError.UNSUPPORTED_ALGORITHM);
+        break;
     }
-
-    // Update the length of the output
-    KMByteBlob.cast(data[OUTPUT_DATA]).setLength(len);
   }
 
   private void finishDecryptOperation(KMOperationState op, byte[] scratchPad) {
@@ -1793,7 +1789,39 @@ private void finishDecryptOperation(KMOperationState op, byte[] scratchPad) {
         break;
       case KMType.AES:
       case KMType.DES:
-        finishAesDesOperation(op);
+        if (op.getAlgorithm() == KMType.AES) {
+          tmpVariables[0] = AES_BLOCK_SIZE;
+        } else {
+          tmpVariables[0] = DES_BLOCK_SIZE;
+        }
+        tmpVariables[1] = repository.alloc(len);
+        if ((op.getBlockMode() == KMType.CBC || op.getBlockMode() == KMType.ECB)
+            && len > 0
+            && (len % tmpVariables[0]) != 0) {
+          KMException.throwIt(KMError.INVALID_INPUT_LENGTH);
+        } else if (op.getBlockMode() == KMType.GCM) {
+          // update aad if there is any
+          updateAAD(op, (byte) 0x01);
+          // Check if there is at least MAC Length bytes of input data
+          if ((len < (short) (op.getMacLength() / 8))) {
+            KMException.throwIt(KMError.INVALID_INPUT_LENGTH);
+          }
+          // Get the output size - in case of JCardSim this will more then input size
+          tmpVariables[0] =
+              op.getOperation().getAESGCMOutputSize(len, (short) (op.getMacLength() / 8));
+          tmpVariables[1] = repository.alloc(tmpVariables[0]);
+        }
+        byte[] heap = repository.getHeap();
+        len =
+            op.getOperation()
+                .finish(
+                    KMByteBlob.cast(data[INPUT_DATA]).getBuffer(),
+                    KMByteBlob.cast(data[INPUT_DATA]).getStartOff(),
+                    len,
+                    heap,
+                    tmpVariables[1]);
+
+        data[OUTPUT_DATA] = KMByteBlob.instance(heap, tmpVariables[1], len);
         break;
     }
   }
@@ -1925,13 +1953,7 @@ private void finishSigningVerifyingOperation(KMOperationState op, byte[] scratch
   private void authorizeUpdateFinishOperation(KMOperationState op, byte[] scratchPad) {
     // If one time user Authentication is required
     if (op.isSecureUserIdReqd() && !op.isAuthTimeoutValidated()) {
-      // Validate Verification Token.
-      validateVerificationToken(data[VERIFICATION_TOKEN], scratchPad);
-      // validate operation handle.
-      short ptr = KMVerificationToken.cast(data[VERIFICATION_TOKEN]).getChallenge();
-      if (KMInteger.compare(ptr, op.getHandle()) != 0) {
-        KMException.throwIt(KMError.VERIFICATION_FAILED);
-      }
+      validateVerificationToken(op, data[VERIFICATION_TOKEN], scratchPad);
       tmpVariables[0] = op.getAuthTime();
       tmpVariables[2] = KMVerificationToken.cast(data[VERIFICATION_TOKEN]).getTimestamp();
       if (tmpVariables[2] == KMType.INVALID_VALUE) {
@@ -1946,58 +1968,11 @@ private void authorizeUpdateFinishOperation(KMOperationState op, byte[] scratchP
       if (KMInteger.compare(data[OP_HANDLE], tmpVariables[0]) != 0) {
         KMException.throwIt(KMError.KEY_USER_NOT_AUTHENTICATED);
       }
-      if (!authTokenMatches(op.getUserSecureId(), op.getAuthType(), scratchPad)) {
-        KMException.throwIt(KMError.KEY_USER_NOT_AUTHENTICATED);
-      }
-    }
-  }
-
-  private void authorizeKeyUsageForCount(byte[] scratchPad) {
-    short scratchPadOff = 0;
-    Util.arrayFillNonAtomic(scratchPad, scratchPadOff, (short) 12, (byte) 0);
-
-    short usageLimitBufLen = KMIntegerTag.getValue(scratchPad, scratchPadOff,
-        KMType.UINT_TAG, KMType.MAX_USES_PER_BOOT, data[HW_PARAMETERS]);
-
-    if (usageLimitBufLen == KMType.INVALID_VALUE) {
-      return;
-    }
-
-    if (usageLimitBufLen > 4) {
-      KMException.throwIt(KMError.INVALID_ARGUMENT);
-    }
-
-    if (repository.isAuthTagPersisted(data[AUTH_TAG])) {
-      // Get current counter, update and increment it.
-      short len = repository
-          .getRateLimitedKeyCount(data[AUTH_TAG], scratchPad, (short) (scratchPadOff + 4));
-      if (len != 4) {
-        KMException.throwIt(KMError.UNKNOWN_ERROR);
-      }
-      if (0 >= KMInteger.unsignedByteArrayCompare(scratchPad, scratchPadOff, scratchPad,
-          (short) (scratchPadOff + 4), (short) 4)) {
-        KMException.throwIt(KMError.KEY_MAX_OPS_EXCEEDED);
-      }
-      // Increment the counter.
-      Util.arrayFillNonAtomic(scratchPad, scratchPadOff, len, (byte) 0);
-      Util.setShort(scratchPad, (short) (scratchPadOff + 2), (short) 1);
-      KMUtils.add(scratchPad, scratchPadOff, (short) (scratchPadOff + len),
-          (short) (scratchPadOff + len * 2));
-
-      repository
-          .setRateLimitedKeyCount(data[AUTH_TAG], scratchPad, (short) (scratchPadOff + len * 2),
-              len);
-
-    } else {
-      // Persist auth tag.
-      if (!repository.persistAuthTag(data[AUTH_TAG])) {
-        KMException.throwIt(KMError.TOO_MANY_OPERATIONS);
-      }
+      authenticateUser();
     }
   }
 
-
-  private void authorizeDeviceUnlock(byte[] scratchPad) {
+  private void authorizeDeviceUnlock(short hwToken) {
     // If device is locked and key characteristics requires unlocked device then check whether
     // HW auth token has correct timestamp.
     short ptr =
@@ -2005,10 +1980,10 @@ private void authorizeDeviceUnlock(byte[] scratchPad) {
             KMType.BOOL_TAG, KMType.UNLOCKED_DEVICE_REQUIRED, data[HW_PARAMETERS]);
 
     if (ptr != KMType.INVALID_VALUE && repository.getDeviceLock()) {
-      if (!validateHwToken(data[HW_TOKEN], scratchPad)) {
+      if (hwToken == KMType.INVALID_VALUE) {
         KMException.throwIt(KMError.DEVICE_LOCKED);
       }
-      ptr = KMHardwareAuthToken.cast(data[HW_TOKEN]).getTimestamp();
+      ptr = KMHardwareAuthToken.cast(hwToken).getTimestamp();
       // Check if the current auth time stamp is greater then device locked time stamp
       short ts = repository.getDeviceTimeStamp();
       if (KMInteger.compare(ptr, ts) <= 0) {
@@ -2017,7 +1992,7 @@ private void authorizeDeviceUnlock(byte[] scratchPad) {
       // Now check if the device unlock requires password only authentication and whether
       // auth token is generated through password authentication or not.
       if (repository.getDeviceLockPasswordOnly()) {
-        ptr = KMHardwareAuthToken.cast(data[HW_TOKEN]).getHwAuthenticatorType();
+        ptr = KMHardwareAuthToken.cast(hwToken).getHwAuthenticatorType();
         ptr = KMEnum.cast(ptr).getVal();
         if (((byte) ptr & KMType.PASSWORD) == 0) {
           KMException.throwIt(KMError.DEVICE_LOCKED);
@@ -2030,63 +2005,48 @@ private void authorizeDeviceUnlock(byte[] scratchPad) {
     }
   }
 
-  private boolean verifyVerificationTokenMacInBigEndian(short verToken, byte[] scratchPad) {
-    // concatenation length will be 37 + length of verified parameters list - which
-    // is typically
-    // empty
-    Util.arrayFillNonAtomic(scratchPad, (short) 0, (short) 256, (byte) 0);
-    // Add "Auth Verification" - 17 bytes.
-    Util.arrayCopyNonAtomic(authVerification, (short) 0, scratchPad, (short) 0, (short) authVerification.length);
-    short len = (short) authVerification.length;
-    // concatenate challenge - 8 bytes
-    short ptr = KMVerificationToken.cast(verToken).getChallenge();
-    KMInteger.cast(ptr).value(scratchPad, (short) (len + (short) (8 - KMInteger.cast(ptr).length())));
-    len += 8;
-    // concatenate timestamp -8 bytes
-    ptr = KMVerificationToken.cast(verToken).getTimestamp();
-    KMInteger.cast(ptr).value(scratchPad, (short) (len + (short) (8 - KMInteger.cast(ptr).length())));
-    len += 8;
-    // concatenate security level - 4 bytes
-    ptr = KMVerificationToken.cast(verToken).getSecurityLevel();
-    scratchPad[(short) (len + 3)] = KMEnum.cast(ptr).getVal();
-    len += 4;
-    // concatenate Parameters verified - blob of encoded data.
-    ptr = KMVerificationToken.cast(verToken).getParametersVerified();
-    if (KMByteBlob.cast(ptr).length() != 0) {
-      len += KMByteBlob.cast(ptr).getValues(scratchPad, (short) 0);
+  private void validateVerificationToken(KMOperationState op, short verToken, byte[] scratchPad) {
+    // CBOR Encoding is always big endian and Java is big endian
+    short ptr = KMVerificationToken.cast(verToken).getMac();
+    // If mac length is zero then token is empty.
+    if (KMByteBlob.cast(ptr).length() == 0) {
+      return;
+    }
+    validateVerificationToken(verToken, scratchPad);
+    // validate operation handle.
+    ptr = KMVerificationToken.cast(verToken).getChallenge();
+    if (op.getHandle() != KMInteger.cast(ptr).getShort()) {
+      KMException.throwIt(KMError.VERIFICATION_FAILED);
     }
-    // hmac the data
-    ptr = KMVerificationToken.cast(verToken).getMac();
-
-    return seProvider.hmacVerify(
-        seProvider.getComputedHmacKey(),
-        scratchPad,
-        (short) 0,
-        len,
-        KMByteBlob.cast(ptr).getBuffer(),
-        KMByteBlob.cast(ptr).getStartOff(),
-        KMByteBlob.cast(ptr).length());
   }
 
-  private boolean verifyVerificationTokenMacInLittleEndian(short verToken, byte[] scratchPad) {
-    // concatenation length will be 37 + length of verified parameters list - which
-    // is typically
+  private void validateVerificationToken(short verToken, byte[] scratchPad) {
+    short ptr = KMVerificationToken.cast(verToken).getMac();
+    short len;
+    // If mac length is zero then token is empty.
+    if (KMByteBlob.cast(ptr).length() == 0) {
+      return;
+    }
+    // concatenation length will be 37 + length of verified parameters list  - which is typically
     // empty
     Util.arrayFillNonAtomic(scratchPad, (short) 0, (short) 256, (byte) 0);
     // Add "Auth Verification" - 17 bytes.
-    Util.arrayCopyNonAtomic(authVerification, (short) 0, scratchPad, (short) 0, (short) authVerification.length);
-    short len = (short) authVerification.length;
+    Util.arrayCopy(
+        authVerification, (short) 0, scratchPad, (short) 0, (short) authVerification.length);
+    len = (short) authVerification.length;
     // concatenate challenge - 8 bytes
-    short ptr = KMVerificationToken.cast(verToken).getChallenge();
-    KMInteger.cast(ptr).toLittleEndian(scratchPad, len);
+    ptr = KMVerificationToken.cast(verToken).getChallenge();
+    KMInteger.cast(ptr)
+        .value(scratchPad, (short) (len + (short) (8 - KMInteger.cast(ptr).length())));
     len += 8;
     // concatenate timestamp -8 bytes
     ptr = KMVerificationToken.cast(verToken).getTimestamp();
-    KMInteger.cast(ptr).toLittleEndian(scratchPad, len);
+    KMInteger.cast(ptr)
+        .value(scratchPad, (short) (len + (short) (8 - KMInteger.cast(ptr).length())));
     len += 8;
     // concatenate security level - 4 bytes
     ptr = KMVerificationToken.cast(verToken).getSecurityLevel();
-    scratchPad[len] = KMEnum.cast(ptr).getVal();
+    scratchPad[(short) (len + 3)] = KMEnum.cast(ptr).getVal();
     len += 4;
     // concatenate Parameters verified - blob of encoded data.
     ptr = KMVerificationToken.cast(verToken).getParametersVerified();
@@ -2095,31 +2055,20 @@ private boolean verifyVerificationTokenMacInLittleEndian(short verToken, byte[]
     }
     // hmac the data
     ptr = KMVerificationToken.cast(verToken).getMac();
+    short key = repository.getComputedHmacKey();
+    boolean verified =
+        seProvider.hmacVerify(
+            KMByteBlob.cast(key).getBuffer(),
+            KMByteBlob.cast(key).getStartOff(),
+            KMByteBlob.cast(key).length(),
+            scratchPad,
+            (short) 0,
+            len,
+            KMByteBlob.cast(ptr).getBuffer(),
+            KMByteBlob.cast(ptr).getStartOff(),
+            KMByteBlob.cast(ptr).length());
 
-    return seProvider.hmacVerify(
-        seProvider.getComputedHmacKey(),
-        scratchPad,
-        (short) 0,
-        len,
-        KMByteBlob.cast(ptr).getBuffer(),
-        KMByteBlob.cast(ptr).getStartOff(),
-        KMByteBlob.cast(ptr).length());
-  }
-
-  private void validateVerificationToken(short verToken, byte[] scratchPad) {
-    short ptr = KMVerificationToken.cast(verToken).getMac();
-    // If mac length is zero then token is empty.
-    if (KMByteBlob.cast(ptr).length() == 0) {
-      KMException.throwIt(KMError.INVALID_MAC_LENGTH);
-    }
-    boolean verify;
-    if (KMConfigurations.TEE_MACHINE_TYPE == KMConfigurations.LITTLE_ENDIAN) {
-      verify = verifyVerificationTokenMacInLittleEndian(verToken, scratchPad);
-    } else {
-      verify = verifyVerificationTokenMacInBigEndian(verToken, scratchPad);
-    }
-    if (!verify) {
-      // Throw Exception if none of the combination works.
+    if (!verified) {
       KMException.throwIt(KMError.VERIFICATION_FAILED);
     }
   }
@@ -2159,7 +2108,6 @@ private void processUpdateOperationCmd(APDU apdu) {
     }
     // authorize the update operation
     authorizeUpdateFinishOperation(op, scratchPad);
-    short inputConsumed = 0;
     // If signing without  digest then do length validation checks
     if (op.getPurpose() == KMType.SIGN || op.getPurpose() == KMType.VERIFY) {
       tmpVariables[0] = KMByteBlob.cast(data[INPUT_DATA]).length();
@@ -2169,9 +2117,6 @@ private void processUpdateOperationCmd(APDU apdu) {
               KMByteBlob.cast(data[INPUT_DATA]).getBuffer(),
               KMByteBlob.cast(data[INPUT_DATA]).getStartOff(),
               KMByteBlob.cast(data[INPUT_DATA]).length());
-      // update trusted confirmation operation
-      updateTrustedConfirmationOperation(op);
-      
       data[OUTPUT_DATA] = KMType.INVALID_VALUE;
     } else if (op.getPurpose() == KMType.ENCRYPT || op.getPurpose() == KMType.DECRYPT) {
       // Update for encrypt/decrypt using RSA will not be supported because to do this op state
@@ -2179,27 +2124,41 @@ private void processUpdateOperationCmd(APDU apdu) {
       if (op.getAlgorithm() == KMType.RSA) {
         KMException.throwIt(KMError.OPERATION_CANCELLED);
       }
-      short inputLen = KMByteBlob.cast(data[INPUT_DATA]).length();
-      short blockSize = DES_BLOCK_SIZE;
+      tmpVariables[0] = KMByteBlob.cast(data[INPUT_DATA]).length();
+      short additionalExpOutLen = 0;
       if (op.getAlgorithm() == KMType.AES) {
-          blockSize = AES_BLOCK_SIZE;
-          if (op.getBlockMode() == KMType.GCM) {
-            updateAAD(op, (byte) 0x00);
-            // if input data present
-            if (inputLen > 0) {
-              // no more future updateAAD allowed if input data present.
-              if (op.isAesGcmUpdateAllowed()) {
-                op.setAesGcmUpdateComplete();
-              }
+        if (op.getBlockMode() == KMType.GCM) {
+          updateAAD(op, (byte) 0x00);
+          // if input data present
+          if (tmpVariables[0] > 0) {
+            if (tmpVariables[0] % AES_BLOCK_SIZE != 0) {
+              KMException.throwIt(KMError.INVALID_INPUT_LENGTH);
+            }
+            // no more future updateAAD allowed if input data present.
+            if (op.isAesGcmUpdateAllowed()) {
+              op.setAesGcmUpdateComplete();
             }
           }
-      } 
+          additionalExpOutLen = 16;
+        } else {
+          // input data must be block aligned.
+          // 128 bit block size - HAL must send block aligned data
+          if (tmpVariables[0] % AES_BLOCK_SIZE != 0 || tmpVariables[0] <= 0) {
+            KMException.throwIt(KMError.INVALID_INPUT_LENGTH);
+          }
+        }
+      } else if (op.getAlgorithm() == KMType.DES) {
+        // 64 bit block size - HAL must send block aligned data
+        if (tmpVariables[0] % DES_BLOCK_SIZE != 0) {
+          KMException.throwIt(KMError.INVALID_INPUT_LENGTH);
+        }
+      }
       // Allocate output buffer as input data is already block aligned
-      data[OUTPUT_DATA] = KMByteBlob.instance((short) (inputLen + 2 * blockSize));
+      data[OUTPUT_DATA] = KMByteBlob.instance((short) (tmpVariables[0] + additionalExpOutLen));
       // Otherwise just update the data.
       // HAL consumes all the input and maintains a buffered data inside it. So the
       // applet sends the inputConsumed length as same as the input length.
-      inputConsumed = inputLen;
+      tmpVariables[3] = tmpVariables[0];
       try {
         tmpVariables[0] =
             op.getOperation()
@@ -2214,7 +2173,16 @@ private void processUpdateOperationCmd(APDU apdu) {
       }
       // Adjust the Output data if it is not equal to input data.
       // This happens in case of JCardSim provider.
-      KMByteBlob.cast(data[OUTPUT_DATA]).setLength(tmpVariables[0]);
+      if (tmpVariables[0] != KMByteBlob.cast(data[OUTPUT_DATA]).length()) {
+        data[INPUT_DATA] = data[OUTPUT_DATA];
+        data[OUTPUT_DATA] = KMByteBlob.instance(tmpVariables[0]);
+        Util.arrayCopy(
+            KMByteBlob.cast(data[INPUT_DATA]).getBuffer(),
+            KMByteBlob.cast(data[INPUT_DATA]).getStartOff(),
+            KMByteBlob.cast(data[OUTPUT_DATA]).getBuffer(),
+            KMByteBlob.cast(data[OUTPUT_DATA]).getStartOff(),
+            tmpVariables[0]);
+      }
     }
     // Persist if there are any updates.
     op.persist();
@@ -2226,7 +2194,7 @@ private void processUpdateOperationCmd(APDU apdu) {
       data[OUTPUT_DATA] = KMByteBlob.instance((short) 0);
     }
     KMArray.cast(tmpVariables[2]).add((short) 0, buildErrorStatus(KMError.OK));
-    KMArray.cast(tmpVariables[2]).add((short) 1, KMInteger.uint_16(inputConsumed));
+    KMArray.cast(tmpVariables[2]).add((short) 1, KMInteger.uint_16(tmpVariables[3]));
     KMArray.cast(tmpVariables[2]).add((short) 2, tmpVariables[1]);
     KMArray.cast(tmpVariables[2]).add((short) 3, data[OUTPUT_DATA]);
 
@@ -2295,7 +2263,6 @@ private void processBeginOperationCmd(APDU apdu) {
     authorizeAndBeginOperation(op, scratchPad);
     switch (op.getPurpose()) {
       case KMType.SIGN:
-     	beginTrustedConfirmationOperation(op);
       case KMType.VERIFY:
         beginSignVerifyOperation(op);
         break;
@@ -2318,7 +2285,7 @@ private void processBeginOperationCmd(APDU apdu) {
         // While sending the iv back for DES/CBC mode of opeation only send
         // 8 bytes back.
         tmpVariables[1] = KMByteBlob.instance((short) 8);
-        Util.arrayCopyNonAtomic(
+        Util.arrayCopy(
             KMByteBlob.cast(data[IV]).getBuffer(),
             KMByteBlob.cast(data[IV]).getStartOff(),
             KMByteBlob.cast(tmpVariables[1]).getBuffer(),
@@ -2506,12 +2473,10 @@ private void authorizeBlockModeAndMacLength(KMOperationState op) {
             KMException.throwIt(KMError.MISSING_MAC_LENGTH);
           }
           if (macLen % 8 != 0
-              || macLen > 128) {
-        	  KMException.throwIt(KMError.UNSUPPORTED_MAC_LENGTH);
-          }
-          if(macLen
-                  < KMIntegerTag.getShortValue(
-                          KMType.UINT_TAG, KMType.MIN_MAC_LENGTH, data[HW_PARAMETERS])) {
+              || macLen > 128
+              || macLen
+              < KMIntegerTag.getShortValue(
+              KMType.UINT_TAG, KMType.MIN_MAC_LENGTH, data[HW_PARAMETERS])) {
             KMException.throwIt(KMError.INVALID_MAC_LENGTH);
           }
           op.setMacLength(macLen);
@@ -2544,9 +2509,9 @@ private void authorizeBlockModeAndMacLength(KMOperationState op) {
               < KMIntegerTag.getShortValue(
               KMType.UINT_TAG, KMType.MIN_MAC_LENGTH, data[HW_PARAMETERS])) {
             KMException.throwIt(KMError.INVALID_MAC_LENGTH);
-          }
-          if (macLen % 8 != 0
-                  || macLen > 256) {
+          } else if (macLen
+              > KMIntegerTag.getShortValue(
+              KMType.UINT_TAG, KMType.MIN_MAC_LENGTH, data[HW_PARAMETERS])) {
             KMException.throwIt(KMError.UNSUPPORTED_MAC_LENGTH);
           }
           op.setMacLength(macLen);
@@ -2564,24 +2529,11 @@ private void authorizeAndBeginOperation(KMOperationState op, byte[] scratchPad)
     authorizeDigest(op);
     authorizePadding(op);
     authorizeBlockModeAndMacLength(op);
-    authorizeUserSecureIdAuthTimeout(op, scratchPad);
-    authorizeDeviceUnlock(scratchPad);
-    authorizeKeyUsageForCount(scratchPad);
-    
-    //Validate bootloader only 
-    tmpVariables[0] =
-            KMKeyParameters.findTag(KMType.BOOL_TAG, KMType.BOOTLOADER_ONLY, data[HW_PARAMETERS]);
-    if (tmpVariables[0] != KMType.INVALID_VALUE && repository.getBootEndedStatus()) {
-    	KMException.throwIt(KMError.INVALID_KEY_BLOB);
-    }
-    
-  //Validate early boot
-    tmpVariables[0] =
-            KMKeyParameters.findTag(KMType.BOOL_TAG, KMType.EARLY_BOOT_ONLY, data[HW_PARAMETERS]);
-    if (tmpVariables[0] != KMType.INVALID_VALUE && repository.getEarlyBootEndedStatus()) {
-    	KMException.throwIt(KMError.INVALID_KEY_BLOB);
+    if (!validateHwToken(data[HW_TOKEN], scratchPad)) {
+      data[HW_TOKEN] = KMType.INVALID_VALUE;
     }
-    
+    authorizeUserSecureIdAuthTimeout(op);
+    authorizeDeviceUnlock(data[HW_TOKEN]);
     // Authorize Caller Nonce - if caller nonce absent in key char and nonce present in
     // key params then fail if it is not a Decrypt operation
     data[IV] = KMType.INVALID_VALUE;
@@ -2692,21 +2644,6 @@ private void beginCipherOperation(KMOperationState op) {
         }
     }
   }
-  
-  private void beginTrustedConfirmationOperation(KMOperationState op) {
-    // Check for trusted confirmation - if required then set the signer in op state.
-    if (KMKeyParameters.findTag(KMType.BOOL_TAG, KMType.TRUSTED_CONFIRMATION_REQUIRED,
-        data[HW_PARAMETERS]) != KMType.INVALID_VALUE) {
-
-      op.setTrustedConfirmationSigner(
-          seProvider.initTrustedConfirmationSymmetricOperation(seProvider.getComputedHmacKey()));
-
-      op.getTrustedConfirmationSigner().update(
-          confirmationToken,
-          (short) 0,
-          (short) confirmationToken.length);
-    }
-  }
 
   private void beginSignVerifyOperation(KMOperationState op) {
     switch (op.getAlgorithm()) {
@@ -2792,116 +2729,84 @@ private void beginSignVerifyOperation(KMOperationState op) {
     }
   }
 
-  private void authorizeUserSecureIdAuthTimeout(KMOperationState op, byte[] scratchPad) {
+  private void authorizeUserSecureIdAuthTimeout(KMOperationState op) {
     short authTime;
-    short authType;
     // Authorize User Secure Id and Auth timeout
-    short userSecureIdPtr =
+    tmpVariables[0] =
         KMKeyParameters.findTag(KMType.ULONG_ARRAY_TAG, KMType.USER_SECURE_ID, data[HW_PARAMETERS]);
-    if (userSecureIdPtr != KMType.INVALID_VALUE) {
-      // Authentication required.
-      if (KMType.INVALID_VALUE !=
-          KMKeyParameters.findTag(KMType.BOOL_TAG, KMType.NO_AUTH_REQUIRED, data[HW_PARAMETERS])) {
-        // Key has both USER_SECURE_ID and NO_AUTH_REQUIRED
-        KMException.throwIt(KMError.INVALID_KEY_BLOB);
-      }
-      // store authenticator type
-      if(KMType.INVALID_VALUE ==
-          (authType = KMEnumTag.getValue(KMType.USER_AUTH_TYPE, data[HW_PARAMETERS]))) {
-        // Authentication required, but no auth type found.
-        KMException.throwIt(KMError.KEY_USER_NOT_AUTHENTICATED);
-      }
-      
-      short authTimeoutTagPtr =
+    if (tmpVariables[0] != KMType.INVALID_VALUE) {
+      tmpVariables[0] =
           KMKeyParameters.findTag(KMType.UINT_TAG, KMType.AUTH_TIMEOUT, data[HW_PARAMETERS]);
-      if (authTimeoutTagPtr != KMType.INVALID_VALUE) {
-        // authenticate user
-        if (!authTokenMatches(userSecureIdPtr, authType, scratchPad)) {
-          KMException.throwIt(KMError.KEY_USER_NOT_AUTHENTICATED);
-        }
-
-        authTimeoutTagPtr =
-            KMKeyParameters.findTag(KMType.ULONG_TAG, KMType.AUTH_TIMEOUT_MILLIS, data[HW_PARAMETERS]);
-        if (authTimeoutTagPtr == KMType.INVALID_VALUE) {
-          KMException.throwIt(KMError.INVALID_KEY_BLOB);
+      if (tmpVariables[0] != KMType.INVALID_VALUE) {
+        // check if hw token is empty - mac should not be empty.
+        if (data[HW_TOKEN] == KMType.INVALID_VALUE) {
+          KMException.throwIt(KMError.INVALID_MAC_LENGTH);
         }
-        authTime = KMIntegerTag.cast(authTimeoutTagPtr).getValue();
+        authTime = KMIntegerTag.cast(tmpVariables[0]).getValue();
+        // authenticate user
+        authenticateUser();
         // set the one time auth
         op.setOneTimeAuthReqd(true);
         // set the authentication time stamp in operation state
-        authTime =
-            addIntegers(authTime,
-                KMHardwareAuthToken.cast(data[HW_TOKEN]).getTimestamp(), scratchPad);
+        authTime = addIntegers(authTime, KMHardwareAuthToken.cast(data[HW_TOKEN]).getTimestamp());
         op.setAuthTime(
             KMInteger.cast(authTime).getBuffer(), KMInteger.cast(authTime).getStartOff());
         // auth time validation will happen in update or finish
         op.setAuthTimeoutValidated(false);
       } else {
         // auth per operation required
-        // store user secure id and authType in OperationState.
-        op.setUserSecureId(userSecureIdPtr);
-        op.setAuthType((byte) authType);
-        // set flags
         op.setOneTimeAuthReqd(false);
         op.setAuthPerOperationReqd(true);
       }
     }
   }
 
-  private boolean isHwAuthTokenContainsMatchingSecureId(short hwAuthToken,
-      short secureUserIdsObj) {
-    short secureUserId = KMHardwareAuthToken.cast(hwAuthToken).getUserId();
-    if (!KMInteger.cast(secureUserId).isZero()) {
-      if (KMIntegerArrayTag.cast(secureUserIdsObj).contains(secureUserId))
-        return true;
-    }
-
-    short authenticatorId = KMHardwareAuthToken.cast(hwAuthToken).getAuthenticatorId();
-    if (!KMInteger.cast(authenticatorId).isZero()) {
-      if (KMIntegerArrayTag.cast(secureUserIdsObj).contains(authenticatorId))
-        return true;
-    }
-    return false;
-  }
-
-  private boolean authTokenMatches(short userSecureIdsPtr, short authType,
-      byte[] scratchPad) {
-    if (!validateHwToken(data[HW_TOKEN], scratchPad)) {
-      return false;
+  private void authenticateUser() {
+    tmpVariables[0] = KMHardwareAuthToken.cast(data[HW_TOKEN]).getUserId();
+    if (KMInteger.cast(tmpVariables[0]).isZero()) {
+      tmpVariables[0] = KMHardwareAuthToken.cast(data[HW_TOKEN]).getAuthenticatorId();
+      if (KMInteger.cast(tmpVariables[0]).isZero()) {
+        KMException.throwIt(KMError.KEY_USER_NOT_AUTHENTICATED);
+      }
     }
-    if (!isHwAuthTokenContainsMatchingSecureId(data[HW_TOKEN], userSecureIdsPtr)) {
-      return false;
+    // check user secure id
+    if (!KMIntegerArrayTag.contains(KMType.USER_SECURE_ID, tmpVariables[0], data[HW_PARAMETERS])) {
+      KMException.throwIt(KMError.KEY_USER_NOT_AUTHENTICATED);
     }
     // check auth type
+    tmpVariables[1] = KMEnumTag.getValue(KMType.USER_AUTH_TYPE, data[HW_PARAMETERS]);
     tmpVariables[2] = KMHardwareAuthToken.cast(data[HW_TOKEN]).getHwAuthenticatorType();
     tmpVariables[2] = KMEnum.cast(tmpVariables[2]).getVal();
-    if (((byte) tmpVariables[2] & (byte) authType) == 0) {
-      return false;
+    if (((byte) tmpVariables[2] & (byte) tmpVariables[1]) == 0) {
+      KMException.throwIt(KMError.KEY_USER_NOT_AUTHENTICATED);
     }
-    return true;
   }
 
-  private boolean verifyHwTokenMacInBigEndian(short hwToken, byte[] scratchPad) {
-    // The challenge, userId and authenticatorId, authenticatorType and timestamp
-    // are in network order (big-endian).
-    short len = 0;
+  private boolean validateHwToken(short hwToken, byte[] scratchPad) {
+    // CBOR Encoding is always big endian
+    short ptr = KMHardwareAuthToken.cast(hwToken).getMac();
+    short len;
+    // If mac length is zero then token is empty.
+    if (KMByteBlob.cast(ptr).length() == 0) {
+      return false;
+    }
     // add 0
     Util.arrayFillNonAtomic(scratchPad, (short) 0, (short) 256, (byte) 0);
     len = 1;
     // concatenate challenge - 8 bytes
-    short ptr = KMHardwareAuthToken.cast(hwToken).getChallenge();
+    ptr = KMHardwareAuthToken.cast(hwToken).getChallenge();
     KMInteger.cast(ptr)
-    .value(scratchPad, (short) (len + (short) (8 - KMInteger.cast(ptr).length())));
+        .value(scratchPad, (short) (len + (short) (8 - KMInteger.cast(ptr).length())));
     len += 8;
     // concatenate user id - 8 bytes
     ptr = KMHardwareAuthToken.cast(hwToken).getUserId();
     KMInteger.cast(ptr)
-    .value(scratchPad, (short) (len + (short) (8 - KMInteger.cast(ptr).length())));
+        .value(scratchPad, (short) (len + (short) (8 - KMInteger.cast(ptr).length())));
     len += 8;
     // concatenate authenticator id - 8 bytes
     ptr = KMHardwareAuthToken.cast(hwToken).getAuthenticatorId();
     KMInteger.cast(ptr)
-    .value(scratchPad, (short) (len + (short) (8 - KMInteger.cast(ptr).length())));
+        .value(scratchPad, (short) (len + (short) (8 - KMInteger.cast(ptr).length())));
     len += 8;
     // concatenate authenticator type - 4 bytes
     ptr = KMHardwareAuthToken.cast(hwToken).getHwAuthenticatorType();
@@ -2912,53 +2817,13 @@ private boolean verifyHwTokenMacInBigEndian(short hwToken, byte[] scratchPad) {
     KMInteger.cast(ptr)
         .value(scratchPad, (short) (len + (short) (8 - KMInteger.cast(ptr).length())));
     len += 8;
-
-    ptr = KMHardwareAuthToken.cast(hwToken).getMac();
-
-    return seProvider.hmacVerify(
-        seProvider.getComputedHmacKey(),
-        scratchPad,
-        (short) 0,
-        len,
-        KMByteBlob.cast(ptr).getBuffer(),
-        KMByteBlob.cast(ptr).getStartOff(),
-        KMByteBlob.cast(ptr).length());
-
-  }
-  
-  private boolean verifyHwTokenMacInLittleEndian(short hwToken, byte[] scratchPad) {
-    // The challenge, userId and authenticatorId values are in little endian order, 
-    // but authenticatorType and timestamp are in network order (big-endian).
-    short len = 0;
-    // add 0
-    Util.arrayFillNonAtomic(scratchPad, (short) 0, (short) 256, (byte) 0);
-    len = 1;
-    // concatenate challenge - 8 bytes
-    short ptr = KMHardwareAuthToken.cast(hwToken).getChallenge();
-    KMInteger.cast(ptr).toLittleEndian(scratchPad, len);
-    len += 8;
-    // concatenate user id - 8 bytes
-    ptr = KMHardwareAuthToken.cast(hwToken).getUserId();
-    KMInteger.cast(ptr).toLittleEndian(scratchPad, len);
-    len += 8;
-    // concatenate authenticator id - 8 bytes
-    ptr = KMHardwareAuthToken.cast(hwToken).getAuthenticatorId();
-    KMInteger.cast(ptr).toLittleEndian(scratchPad, len);
-    len += 8;
-    // concatenate authenticator type - 4 bytes
-    ptr = KMHardwareAuthToken.cast(hwToken).getHwAuthenticatorType();
-    scratchPad[(short) (len + 3)] = KMEnum.cast(ptr).getVal();
-    len += 4;
-    // concatenate timestamp - 8 bytes
-    ptr = KMHardwareAuthToken.cast(hwToken).getTimestamp();
-    KMInteger.cast(ptr)
-    .value(scratchPad, (short) (len + (short) (8 - KMInteger.cast(ptr).length())));
-    len += 8;
-
+    // hmac the data
     ptr = KMHardwareAuthToken.cast(hwToken).getMac();
-
+    short key = repository.getComputedHmacKey();
     return seProvider.hmacVerify(
-        seProvider.getComputedHmacKey(),
+        KMByteBlob.cast(key).getBuffer(),
+        KMByteBlob.cast(key).getStartOff(),
+        KMByteBlob.cast(key).length(),
         scratchPad,
         (short) 0,
         len,
@@ -2967,20 +2832,6 @@ private boolean verifyHwTokenMacInLittleEndian(short hwToken, byte[] scratchPad)
         KMByteBlob.cast(ptr).length());
   }
 
-  private boolean validateHwToken(short hwToken, byte[] scratchPad) {
-    // CBOR Encoding is always big endian
-    short ptr = KMHardwareAuthToken.cast(hwToken).getMac();
-    // If mac length is zero then token is empty.
-    if (KMByteBlob.cast(ptr).length() == 0) {
-      return false;
-    }
-    if (KMConfigurations.TEE_MACHINE_TYPE == KMConfigurations.LITTLE_ENDIAN) {
-      return verifyHwTokenMacInLittleEndian(hwToken, scratchPad);
-    } else {
-      return verifyHwTokenMacInBigEndian(hwToken, scratchPad);
-    }
-  }
-
   private void processImportKeyCmd(APDU apdu) {
     // Receive the incoming request fully from the master into buffer.
     receiveIncoming(apdu);
@@ -2999,29 +2850,22 @@ private void processImportKeyCmd(APDU apdu) {
     data[KEY_PARAMETERS] = KMArray.cast(tmpVariables[2]).get((short) 0);
     tmpVariables[3] = KMArray.cast(tmpVariables[2]).get((short) 1);
     data[IMPORTED_KEY_BLOB] = KMArray.cast(tmpVariables[2]).get((short) 2);
-
-    byte keyFormat = KMEnum.cast(tmpVariables[3]).getVal();
-
-    short alg = KMEnumTag.getValue(KMType.ALGORITHM, data[KEY_PARAMETERS]);   
-    if((alg == KMType.AES || alg == KMType.DES || alg == KMType.HMAC) && keyFormat != KMType.RAW ) {
-        KMException.throwIt(KMError.UNIMPLEMENTED);
-    }
-    if((alg == KMType.RSA || alg == KMType.EC) && keyFormat != KMType.PKCS8){
-        KMException.throwIt(KMError.UNIMPLEMENTED);
+    // Key format must be RAW format - X509 and PKCS8 not implemented.
+    tmpVariables[3] = KMEnum.cast(tmpVariables[3]).getVal();
+    if (tmpVariables[3] != KMType.RAW) {
+      KMException.throwIt(KMError.UNIMPLEMENTED);
     }
-    
     data[ORIGIN] = KMType.IMPORTED;
-    importKey(apdu, scratchPad, keyFormat);
+    importKey(apdu, scratchPad);
   }
 
-  private void importKey(APDU apdu, byte[] scratchPad, byte keyFormat) {
-    
+  private void importKey(APDU apdu, byte[] scratchPad) {
+    // Bootloader only not supported
     tmpVariables[0] =
-            KMKeyParameters.findTag(KMType.BOOL_TAG, KMType.EARLY_BOOT_ONLY, data[KEY_PARAMETERS]);
-    if (tmpVariables[0] != KMType.INVALID_VALUE && repository.getEarlyBootEndedStatus()) {
-      KMException.throwIt(KMError.EARLY_BOOT_ENDED);
+        KMKeyParameters.findTag(KMType.BOOL_TAG, KMType.BOOTLOADER_ONLY, data[KEY_PARAMETERS]);
+    if (tmpVariables[0] != KMType.INVALID_VALUE) {
+      KMException.throwIt(KMError.INVALID_KEY_BLOB);
     }
-    
     // Rollback protection not supported
     tmpVariables[0] =
         KMKeyParameters.findTag(KMType.BOOL_TAG, KMType.ROLLBACK_RESISTANCE, data[KEY_PARAMETERS]);
@@ -3054,7 +2898,7 @@ private void importKey(APDU apdu, byte[] scratchPad, byte keyFormat) {
         importHmacKey(scratchPad);
         break;
       case KMType.EC:
-        importECKeys(scratchPad, keyFormat);
+        importECKeys(scratchPad);
         break;
       default:
         KMException.throwIt(KMError.UNSUPPORTED_ALGORITHM);
@@ -3075,7 +2919,7 @@ private void importKey(APDU apdu, byte[] scratchPad, byte keyFormat) {
     sendOutgoing(apdu);
   }
 
-  private void decodeRawECKey() {
+  private void importECKeys(byte[] scratchPad) {
     // Decode key material
     tmpVariables[0] = KMArray.instance((short) 2);
     KMArray.cast(tmpVariables[0]).add((short) 0, KMByteBlob.exp()); // secret
@@ -3088,21 +2932,6 @@ private void decodeRawECKey() {
             KMByteBlob.cast(data[IMPORTED_KEY_BLOB]).length());
     data[SECRET] = KMArray.cast(tmpVariables[0]).get((short) 0);
     data[PUB_KEY] = KMArray.cast(tmpVariables[0]).get((short) 1);
-  }
-
-  private void decodePKCS8ECKeys() {
-    // Decode key material
-    short keyBlob = seProvider.getPKCS8DecoderInstance().decodeEc(data[IMPORTED_KEY_BLOB]);
-    data[PUB_KEY] = KMArray.cast(keyBlob).get((short) 0);
-    data[SECRET] = KMArray.cast(keyBlob).get((short) 1);
-  }
-
-  private void importECKeys(byte[] scratchPad, byte keyFormat) {
-    if (keyFormat == KMType.RAW) {
-      decodeRawECKey();
-    } else {
-      decodePKCS8ECKeys();
-    }
     // initialize 256 bit p256 key for given private key and public key.
     tmpVariables[4] = 0; // index for update list in scratchPad
 
@@ -3122,10 +2951,6 @@ private void importECKeys(byte[] scratchPad, byte keyFormat) {
       }
     } else {
       // add the key size to scratchPad
-      if (!(256 <= (short) (KMByteBlob.cast(data[SECRET]).length() * 8))
-    	          && (383 >= (short) (KMByteBlob.cast(data[SECRET]).length() * 8))){
-    	  KMException.throwIt(KMError.UNSUPPORTED_KEY_SIZE);
-      }	
       tmpVariables[5] = KMInteger.uint_16((short) 256);
       tmpVariables[6] = KMIntegerTag.instance(KMType.UINT_TAG, KMType.KEYSIZE, tmpVariables[5]);
       Util.setShort(scratchPad, tmpVariables[4], tmpVariables[6]);
@@ -3170,25 +2995,28 @@ private void importECKeys(byte[] scratchPad, byte keyFormat) {
 
   private void importHmacKey(byte[] scratchPad) {
     // Get Key
-    data[SECRET] = data[IMPORTED_KEY_BLOB];
+    tmpVariables[0] = KMArray.instance((short) 1);
+    KMArray.cast(tmpVariables[0]).add((short) 0, KMByteBlob.exp()); // secret
+    tmpVariables[0] =
+        decoder.decode(
+            tmpVariables[0],
+            KMByteBlob.cast(data[IMPORTED_KEY_BLOB]).getBuffer(),
+            KMByteBlob.cast(data[IMPORTED_KEY_BLOB]).getStartOff(),
+            KMByteBlob.cast(data[IMPORTED_KEY_BLOB]).length());
+    data[SECRET] = KMArray.cast(tmpVariables[0]).get((short) 0);
+    // create HMAC key of up to 512 bit
+
     tmpVariables[4] = 0; // index in scratchPad for update params
     // check the keysize tag if present in key parameters.
     tmpVariables[2] =
         KMIntegerTag.getShortValue(KMType.UINT_TAG, KMType.KEYSIZE, data[KEY_PARAMETERS]);
     if (tmpVariables[2] != KMType.INVALID_VALUE) {
       if (!(tmpVariables[2] >= 64 && tmpVariables[2] <= 512 && tmpVariables[2] % 8 == 0)) {
-    	  KMException.throwIt(KMError.UNSUPPORTED_KEY_SIZE);
-      }
-      if (tmpVariables[2] != (short) (KMByteBlob.cast(data[SECRET]).length() * 8)) {
         KMException.throwIt(KMError.IMPORT_PARAMETER_MISMATCH);
       }
     } else {
       // add the key size to scratchPad
-      tmpVariables[6] =	(short) (KMByteBlob.cast(data[SECRET]).length() * 8);
-      if (!(tmpVariables[6] >= 64 && tmpVariables[6] <= 512 && tmpVariables[6] % 8 == 0)) {
-    	  KMException.throwIt(KMError.UNSUPPORTED_KEY_SIZE);
-      }
-      tmpVariables[5] = KMInteger.uint_16(tmpVariables[6]);
+      tmpVariables[5] = KMInteger.uint_16((short) (KMByteBlob.cast(data[SECRET]).length() * 8));
       tmpVariables[6] = KMIntegerTag.instance(KMType.UINT_TAG, KMType.KEYSIZE, tmpVariables[5]);
       Util.setShort(scratchPad, tmpVariables[4], tmpVariables[6]);
       tmpVariables[4] += 2;
@@ -3211,23 +3039,26 @@ private void importHmacKey(byte[] scratchPad) {
 
   private void importTDESKey(byte[] scratchPad) {
     // Decode Key Material
-    data[SECRET] = data[IMPORTED_KEY_BLOB];
+    tmpVariables[0] = KMArray.instance((short) 1);
+    KMArray.cast(tmpVariables[0]).add((short) 0, KMByteBlob.exp()); // secret
+    tmpVariables[0] =
+        decoder.decode(
+            tmpVariables[0],
+            KMByteBlob.cast(data[IMPORTED_KEY_BLOB]).getBuffer(),
+            KMByteBlob.cast(data[IMPORTED_KEY_BLOB]).getStartOff(),
+            KMByteBlob.cast(data[IMPORTED_KEY_BLOB]).length());
+    data[SECRET] = KMArray.cast(tmpVariables[0]).get((short) 0);
     tmpVariables[4] = 0; // index in scratchPad for update params
     // check the keysize tag if present in key parameters.
     tmpVariables[2] =
         KMIntegerTag.getShortValue(KMType.UINT_TAG, KMType.KEYSIZE, data[KEY_PARAMETERS]);
     if (tmpVariables[2] != KMType.INVALID_VALUE) {
-      if (tmpVariables[2] != 168 ||
-    		  192 != (short)( 8 * KMByteBlob.cast(data[SECRET]).length())) {
-          KMException.throwIt(KMError.IMPORT_PARAMETER_MISMATCH);
+      if (tmpVariables[2] != 168) {
+        KMException.throwIt(KMError.IMPORT_PARAMETER_MISMATCH);
       }
     } else {
-      // add the key size to scratchPad 
-      tmpVariables[6] = (short)( 8 * KMByteBlob.cast(data[SECRET]).length());
-      if(tmpVariables[6] != 192) {
-    	  KMException.throwIt(KMError.UNSUPPORTED_KEY_SIZE);
-      }
-      tmpVariables[5] = KMInteger.uint_16(tmpVariables[6]);
+      // add the key size to scratchPad
+      tmpVariables[5] = KMInteger.uint_16((short) 168);
       tmpVariables[6] = KMIntegerTag.instance(KMType.UINT_TAG, KMType.KEYSIZE, tmpVariables[5]);
       Util.setShort(scratchPad, tmpVariables[4], tmpVariables[6]);
       tmpVariables[4] += 2;
@@ -3242,43 +3073,37 @@ private void importTDESKey(byte[] scratchPad) {
 
     // update the key parameters list
     updateKeyParameters(scratchPad, tmpVariables[4]);
-    // Read Minimum Mac length - it must not be present
-    // Added this error check based on default reference implementation.
-    tmpVariables[0] =
-        KMIntegerTag.getShortValue(KMType.UINT_TAG, KMType.MIN_MAC_LENGTH, data[KEY_PARAMETERS]);
-    if (tmpVariables[0] != KMType.INVALID_VALUE) {
-      KMException.throwIt(KMError.INVALID_TAG);
-    }
-    data[KEY_BLOB] = KMArray.instance((short) 4);
-  }
+    // validate TDES Key parameters
+    validateTDESKey();
 
-  private void validateAesKeySize(short keySizeBits) {
-    if (keySizeBits != 128 && keySizeBits != 256) {
-      KMException.throwIt(KMError.UNSUPPORTED_KEY_SIZE);
-    }
+    data[KEY_BLOB] = KMArray.instance((short) 4);
   }
 
   private void importAESKey(byte[] scratchPad) {
     // Get Key
-    data[SECRET] = data[IMPORTED_KEY_BLOB];
+    tmpVariables[0] = KMArray.instance((short) 1);
+    KMArray.cast(tmpVariables[0]).add((short) 0, KMByteBlob.exp()); // secret
+    tmpVariables[0] =
+        decoder.decode(
+            tmpVariables[0],
+            KMByteBlob.cast(data[IMPORTED_KEY_BLOB]).getBuffer(),
+            KMByteBlob.cast(data[IMPORTED_KEY_BLOB]).getStartOff(),
+            KMByteBlob.cast(data[IMPORTED_KEY_BLOB]).length());
+    data[SECRET] = KMArray.cast(tmpVariables[0]).get((short) 0);
     // create 128 or 256 bit AES key
     tmpVariables[4] = 0; // index in scratchPad for update params
     // check the keysize tag if present in key parameters.
-    short keysize =
+    tmpVariables[2] =
         KMIntegerTag.getShortValue(KMType.UINT_TAG, KMType.KEYSIZE, data[KEY_PARAMETERS]);
-
-    if (keysize != KMType.INVALID_VALUE) {
-      if(keysize != (short)( 8 * KMByteBlob.cast(data[SECRET]).length())) {
-    	KMException.throwIt(KMError.IMPORT_PARAMETER_MISMATCH);
+    if (tmpVariables[2] != KMType.INVALID_VALUE) {
+      if (tmpVariables[2] != 128 && tmpVariables[2] != 256) {
+        KMException.throwIt(KMError.IMPORT_PARAMETER_MISMATCH);
       }
-      validateAesKeySize(keysize);
     } else {
       // add the key size to scratchPad
-      keysize = (short) ( 8 * KMByteBlob.cast(data[SECRET]).length());
-      validateAesKeySize(keysize);
-      keysize = KMInteger.uint_16(keysize);
-      short keysizeTag = KMIntegerTag.instance(KMType.UINT_TAG, KMType.KEYSIZE, keysize);
-      Util.setShort(scratchPad, tmpVariables[4], keysizeTag);
+      tmpVariables[5] = KMInteger.uint_16(KMByteBlob.cast(data[SECRET]).length());
+      tmpVariables[6] = KMIntegerTag.instance(KMType.UINT_TAG, KMType.KEYSIZE, tmpVariables[5]);
+      Util.setShort(scratchPad, tmpVariables[4], tmpVariables[6]);
       tmpVariables[4] += 2;
     }
     // Check whether key can be created
@@ -3298,18 +3123,17 @@ private void importAESKey(byte[] scratchPad) {
 
   private void importRSAKey(byte[] scratchPad) {
     // Decode key material
-    short keyblob = seProvider.getPKCS8DecoderInstance().decodeRsa(data[IMPORTED_KEY_BLOB]);
-    data[PUB_KEY] = KMArray.cast(keyblob).get((short) 0);
-    short pubKeyExp = KMArray.cast(keyblob).get((short)1);
-    data[SECRET] = KMArray.cast(keyblob).get((short) 2);
-    
-    if(F4.length != KMByteBlob.cast(pubKeyExp).length()) {
-      KMException.throwIt(KMError.INVALID_KEY_BLOB);
-    }
-    if(Util.arrayCompare(F4, (short)0, KMByteBlob.cast(pubKeyExp).getBuffer(),
-        KMByteBlob.cast(pubKeyExp).getStartOff(), (short)F4.length) != 0) {
-      KMException.throwIt(KMError.INVALID_ARGUMENT);
-    }
+    tmpVariables[0] = KMArray.instance((short) 2);
+    KMArray.cast(tmpVariables[0]).add((short) 0, KMByteBlob.exp()); // secret = private exponent
+    KMArray.cast(tmpVariables[0]).add((short) 1, KMByteBlob.exp()); // modulus
+    tmpVariables[0] =
+        decoder.decode(
+            tmpVariables[0],
+            KMByteBlob.cast(data[IMPORTED_KEY_BLOB]).getBuffer(),
+            KMByteBlob.cast(data[IMPORTED_KEY_BLOB]).getStartOff(),
+            KMByteBlob.cast(data[IMPORTED_KEY_BLOB]).length());
+    data[SECRET] = KMArray.cast(tmpVariables[0]).get((short) 0);
+    data[PUB_KEY] = KMArray.cast(tmpVariables[0]).get((short) 1);
     tmpVariables[4] = 0; // index in scratchPad for update parameters.
     // validate public exponent if present in key params - it must be 0x010001
     tmpVariables[2] =
@@ -3346,11 +3170,7 @@ private void importRSAKey(byte[] scratchPad) {
       }
     } else {
       // add the key size to scratchPad
-      tmpVariables[6] = (short) (KMByteBlob.cast(data[SECRET]).length() * 8);	
-      if(tmpVariables[6] != 2048) {
-    	  KMException.throwIt(KMError.UNSUPPORTED_KEY_SIZE); 
-      }
-      tmpVariables[5] = KMInteger.uint_16((short) tmpVariables[6]);
+      tmpVariables[5] = KMInteger.uint_16((short) 2048);
       tmpVariables[6] = KMIntegerTag.instance(KMType.UINT_TAG, KMType.KEYSIZE, tmpVariables[5]);
       Util.setShort(scratchPad, tmpVariables[4], tmpVariables[6]);
       tmpVariables[4] += 2;
@@ -3471,8 +3291,7 @@ private void processSetBootParamsCmd(APDU apdu) {
     repository.clearAndroidSystemProperties();
 
     // Clear the Computed SharedHmac and Hmac nonce from persistent memory.
-    Util.arrayFillNonAtomic(scratchPad, (short) 0, KMRepository.COMPUTED_HMAC_KEY_SIZE, (byte) 0);
-    seProvider.createComputedHmacKey(scratchPad, (short) 0, KMRepository.COMPUTED_HMAC_KEY_SIZE);
+    repository.clearComputedHmac();
     repository.clearHmacNonce();
 
     //Clear all the operation state.
@@ -3481,15 +3300,6 @@ private void processSetBootParamsCmd(APDU apdu) {
     // Hmac is cleared, so generate a new Hmac nonce.
     seProvider.newRandomNumber(scratchPad, (short) 0, KMRepository.HMAC_SEED_NONCE_SIZE);
     repository.initHmacNonce(scratchPad, (short) 0, KMRepository.HMAC_SEED_NONCE_SIZE);
-    
-    //flag to maintain the boot state
-    repository.setBootEndedStatus(false);
-    
-    //flag to maintain early boot ended state
-    repository.setEarlyBootEndedStatus(false);
-    
-    // Clear all the auth tags
-    repository.removeAllAuthTags();
   }
 
   private static void processGenerateKey(APDU apdu) {
@@ -3511,7 +3321,7 @@ private static void processGenerateKey(APDU apdu) {
     // Check if EarlyBootEnded tag is present.
     tmpVariables[0] =
         KMKeyParameters.findTag(KMType.BOOL_TAG, KMType.EARLY_BOOT_ONLY, data[KEY_PARAMETERS]);
-    if (tmpVariables[0] != KMType.INVALID_VALUE && repository.getEarlyBootEndedStatus()) {
+    if (tmpVariables[0] != KMType.INVALID_VALUE) {
       KMException.throwIt(KMError.EARLY_BOOT_ENDED);
     }
     // Check if rollback resistance tag is present
@@ -3520,11 +3330,16 @@ private static void processGenerateKey(APDU apdu) {
     if (tmpVariables[0] != KMType.INVALID_VALUE) {
       KMException.throwIt(KMError.ROLLBACK_RESISTANCE_UNAVAILABLE);
     }
-    
+    // Bootloader only not supported
+    tmpVariables[0] =
+        KMKeyParameters.findTag(KMType.BOOL_TAG, KMType.BOOTLOADER_ONLY, data[KEY_PARAMETERS]);
+    if (tmpVariables[0] != KMType.INVALID_VALUE) {
+      KMException.throwIt(KMError.INVALID_KEY_BLOB);
+    }
     // get algorithm
     tmpVariables[3] = KMEnumTag.getValue(KMType.ALGORITHM, data[KEY_PARAMETERS]);
     if (tmpVariables[3] == KMType.INVALID_VALUE) {
-      KMException.throwIt(KMError.UNSUPPORTED_ALGORITHM);
+      KMException.throwIt(KMError.INVALID_ARGUMENT);
     }
     tmpVariables[4] =
         KMKeyParameters.findTag(KMType.UINT_TAG, KMType.KEYSIZE, data[KEY_PARAMETERS]);
@@ -3640,7 +3455,7 @@ private static void validateAESKey() {
     tmpVariables[0] =
         KMIntegerTag.getShortValue(KMType.UINT_TAG, KMType.KEYSIZE, data[KEY_PARAMETERS]);
     if (tmpVariables[0] == KMTag.INVALID_VALUE) {
-      KMException.throwIt(KMError.UNSUPPORTED_KEY_SIZE);
+      KMException.throwIt(KMError.INVALID_ARGUMENT);
     }
     if ((tmpVariables[0] != 256) && (tmpVariables[0] != 128)) {
       KMException.throwIt(KMError.UNSUPPORTED_KEY_SIZE);
@@ -3665,7 +3480,7 @@ private static void validateAESKey() {
             || KMInteger.cast(tmpVariables[3]).getShort() > 128
             || KMInteger.cast(tmpVariables[3]).getShort() < 96
             || (KMInteger.cast(tmpVariables[3]).getShort() % 8) != 0) {
-          KMException.throwIt(KMError.UNSUPPORTED_KEY_SIZE);
+          KMException.throwIt(KMError.UNSUPPORTED_MIN_MAC_LENGTH);
         }
       }
     }
@@ -3715,7 +3530,6 @@ private static void generateECKeys(byte[] scratchPad) {
 
   private static void validateTDESKey() {
     // Read Minimum Mac length - it must not be present
-    // This below check is done based on the reference implementation.
     tmpVariables[0] =
         KMIntegerTag.getShortValue(KMType.UINT_TAG, KMType.MIN_MAC_LENGTH, data[KEY_PARAMETERS]);
     if (tmpVariables[0] != KMType.INVALID_VALUE) {
@@ -3725,9 +3539,9 @@ private static void validateTDESKey() {
     tmpVariables[1] =
         KMIntegerTag.getShortValue(KMType.UINT_TAG, KMType.KEYSIZE, data[KEY_PARAMETERS]);
     if (tmpVariables[1] == KMType.INVALID_VALUE) {
-      KMException.throwIt(KMError.UNSUPPORTED_KEY_SIZE);
+      KMException.throwIt(KMError.INVALID_ARGUMENT);
     }
-    if (tmpVariables[1] != 168) {
+    if (tmpVariables[1] != 168 && tmpVariables[1] != 192) {
       KMException.throwIt(KMError.UNSUPPORTED_KEY_SIZE);
     }
   }
@@ -3741,27 +3555,21 @@ private static void generateTDESKey(byte[] scratchPad) {
 
   private static void validateHmacKey() {
     // If params does not contain any digest throw unsupported digest error.
-    tmpVariables[0] =
-        KMKeyParameters.findTag(KMType.ENUM_ARRAY_TAG, KMType.DIGEST, data[KEY_PARAMETERS]);
-    if (KMType.INVALID_VALUE == tmpVariables[0]) {
+    if (KMType.INVALID_VALUE
+        == KMKeyParameters.findTag(KMType.ENUM_ARRAY_TAG, KMType.DIGEST, data[KEY_PARAMETERS])) {
       KMException.throwIt(KMError.UNSUPPORTED_DIGEST);
     }
-
+    // check whether digest sizes are greater then or equal to min mac length.
+    // Only SHA256 digest must be supported.
     if (KMEnumArrayTag.contains(KMType.DIGEST, KMType.DIGEST_NONE, data[KEY_PARAMETERS])) {
       KMException.throwIt(KMError.UNSUPPORTED_DIGEST);
     }
-    // Strongbox supports only SHA256.
-    if (!KMEnumArrayTag.contains(KMType.DIGEST, KMType.SHA2_256, data[KEY_PARAMETERS])) {
-      KMException.throwIt(KMError.UNSUPPORTED_DIGEST);
-    }
     // Read Minimum Mac length
     tmpVariables[0] =
         KMIntegerTag.getShortValue(KMType.UINT_TAG, KMType.MIN_MAC_LENGTH, data[KEY_PARAMETERS]);
     if (tmpVariables[0] == KMType.INVALID_VALUE) {
       KMException.throwIt(KMError.MISSING_MIN_MAC_LENGTH);
     }
-    // Check whether digest size is greater than or equal to min mac length.
-    // This below check is done based on the reference implementation.
     if (((short) (tmpVariables[0] % 8) != 0)
         || (tmpVariables[0] < (short) 64)
         || tmpVariables[0] > (short) 256) {
@@ -3771,7 +3579,7 @@ private static void validateHmacKey() {
     tmpVariables[1] =
         KMIntegerTag.getShortValue(KMType.UINT_TAG, KMType.KEYSIZE, data[KEY_PARAMETERS]);
     if (tmpVariables[1] == KMType.INVALID_VALUE) {
-      KMException.throwIt(KMError.UNSUPPORTED_KEY_SIZE);
+      KMException.throwIt(KMError.INVALID_ARGUMENT);
     }
     if (((short) (tmpVariables[1] % 8) != 0)
         || (tmpVariables[1] < (short) 64)
@@ -4006,62 +3814,87 @@ private static void encryptSecret(byte[] scratchPad) {
   }
 
   private static void makeAuthData(byte[] scratchPad) {
+    tmpVariables[0] =
+        addPtrToAAD(KMKeyParameters.cast(data[HW_PARAMETERS]).getVals(), scratchPad, (short) 0);
+    tmpVariables[0] +=
+        addPtrToAAD(
+            KMKeyParameters.cast(data[SW_PARAMETERS]).getVals(), scratchPad, tmpVariables[0]);
+    tmpVariables[0] +=
+        addPtrToAAD(
+            KMKeyParameters.cast(data[HIDDEN_PARAMETERS]).getVals(), scratchPad, tmpVariables[0]);
 
-    short arrayLen = 3;
     if (KMArray.cast(data[KEY_BLOB]).length() == 5) {
-      arrayLen = 4;
-    }
-    short params = KMArray.instance((short) arrayLen);
-    KMArray.cast(params).add((short) 0, KMKeyParameters.cast(data[HW_PARAMETERS]).getVals());
-    KMArray.cast(params).add((short) 1, KMKeyParameters.cast(data[SW_PARAMETERS]).getVals());
-    KMArray.cast(params).add((short) 2, KMKeyParameters.cast(data[HIDDEN_PARAMETERS]).getVals());
-    if (4 == arrayLen) {
-      KMArray.cast(params).add((short) 3, data[PUB_KEY]);
+      tmpVariables[1] = KMArray.instance((short) (tmpVariables[0] + 1));
+    } else {
+      tmpVariables[1] = KMArray.instance(tmpVariables[0]);
     }
-
-    short authIndex = repository.alloc(MAX_AUTH_DATA_SIZE);
+    // convert scratch pad to KMArray
     short index = 0;
-    short len = 0;
-    short paramsLen = KMArray.cast(params).length();
-    Util.arrayFillNonAtomic(repository.getHeap(), authIndex, (short) MAX_AUTH_DATA_SIZE, (byte) 0);
-    while (index < paramsLen) {
-      short tag = KMArray.cast(params).get(index);
-      len = encoder.encode(tag, repository.getHeap(), (short) (authIndex + 32));
-      Util.arrayCopyNonAtomic(repository.getHeap(), (short) authIndex, repository.getHeap(),
-          (short) (authIndex + len + 32), (short) 32);
-      len = seProvider.messageDigest256(repository.getHeap(),
-          (short) (authIndex + 32), (short) (len + 32), repository.getHeap(), (short) authIndex);
-      if (len != 32) {
-        KMException.throwIt(KMError.UNKNOWN_ERROR);
-      }
+    short objPtr;
+    while (index < tmpVariables[0]) {
+      objPtr = Util.getShort(scratchPad, (short) (index * 2));
+      KMArray.cast(tmpVariables[1]).add(index, objPtr);
       index++;
     }
-    data[AUTH_DATA] = authIndex;
+    if (KMArray.cast(data[KEY_BLOB]).length() == 5) {
+      KMArray.cast(tmpVariables[1]).add(index, data[PUB_KEY]);
+    }
+
+    data[AUTH_DATA] = repository.alloc(MAX_AUTH_DATA_SIZE);
+    short len = encoder.encode(tmpVariables[1], repository.getHeap(), data[AUTH_DATA]);
     data[AUTH_DATA_LENGTH] = len;
   }
 
+  private static short addPtrToAAD(short dataArrPtr, byte[] aadBuf, short offset) {
+    short index = (short) (offset * 2);
+    short tagInd = 0;
+    short tagPtr;
+    short arrLen = KMArray.cast(dataArrPtr).length();
+    while (tagInd < arrLen) {
+      tagPtr = KMArray.cast(dataArrPtr).get(tagInd);
+      Util.setShort(aadBuf, index, tagPtr);
+      index += 2;
+      tagInd++;
+    }
+    return tagInd;
+  }
+
   private static short deriveKey(byte[] scratchPad) {
+    tmpVariables[0] = KMKeyParameters.cast(data[HIDDEN_PARAMETERS]).getVals();
+    tmpVariables[1] = repository.alloc(DERIVE_KEY_INPUT_SIZE);
+    // generate derivation material from hidden parameters
+    tmpVariables[2] = encoder.encode(tmpVariables[0], repository.getHeap(), tmpVariables[1]);
+    if (DERIVE_KEY_INPUT_SIZE > tmpVariables[2]) {
+      // Copy KeyCharacteristics in the remaining space of DERIVE_KEY_INPUT_SIZE
+      Util.arrayCopyNonAtomic(repository.getHeap(), (short) (data[AUTH_DATA]),
+          repository.getHeap(),
+          (short) (tmpVariables[1] + tmpVariables[2]),
+          (short) (DERIVE_KEY_INPUT_SIZE - tmpVariables[2]));
+    }
     // KeyDerivation:
-    // 1. Do HMAC Sign, Auth data.
+    // 1. Do HMAC Sign, with below input parameters.
+    //    Key - 128 bit master key
+    //    Input data - HIDDEN_PARAMETERS + KeyCharacateristics
+    //               - Truncate beyond 256 bytes.
     // 2. HMAC Sign generates an output of 32 bytes length.
-    // Consume only first 16 bytes as derived key.
+    //    Consume only first 16 bytes as derived key.
     // Hmac sign.
-    short len = seProvider.hmacKDF(
+    tmpVariables[3] = seProvider.hmacKDF(
         seProvider.getMasterKey(),
         repository.getHeap(),
-        data[AUTH_DATA],
-        data[AUTH_DATA_LENGTH],
+        tmpVariables[1],
+        DERIVE_KEY_INPUT_SIZE,
         scratchPad,
         (short) 0);
-    if (len < 16) {
+    if (tmpVariables[3] < 16) {
       KMException.throwIt(KMError.UNKNOWN_ERROR);
     }
-    len = 16;
-    data[DERIVED_KEY] = repository.alloc(len);
+    tmpVariables[3] = 16;
     // store the derived secret in data dictionary
+    data[DERIVED_KEY] = tmpVariables[1];
     Util.arrayCopyNonAtomic(
-        scratchPad, (short) 0, repository.getHeap(), data[DERIVED_KEY], len);
-    return len;
+        scratchPad, (short) 0, repository.getHeap(), data[DERIVED_KEY], tmpVariables[3]);
+    return tmpVariables[3];
   }
 
   // This function masks the error code with POWER_RESET_MASK_FLAG
@@ -4096,58 +3929,38 @@ private static void sendError(APDU apdu, short err) {
     sendOutgoing(apdu);
   }
 
-  private short addIntegers(short authTime, short timeStamp, byte[] scratchPad) {
-    Util.arrayFillNonAtomic(scratchPad, (short) 0, (short) 24, (byte) 0);
+  private short addIntegers(short num1, short num2) {
+    short buf = repository.alloc((short) 24);
+    byte[] scratchPad = repository.getHeap();
+    Util.arrayFillNonAtomic(scratchPad, buf, (short) 24, (byte) 0);
     Util.arrayCopyNonAtomic(
-        KMInteger.cast(authTime).getBuffer(),
-        KMInteger.cast(authTime).getStartOff(),
+        KMInteger.cast(num1).getBuffer(),
+        KMInteger.cast(num1).getStartOff(),
         scratchPad,
-        (short) (8 - KMInteger.cast(timeStamp).length()),
-        KMInteger.cast(timeStamp).length());
-
-    // Copy timestamp to scratchpad
+        (short) (buf + 8 - KMInteger.cast(num1).length()),
+        KMInteger.cast(num1).length());
     Util.arrayCopyNonAtomic(
-        KMInteger.cast(timeStamp).getBuffer(),
-        KMInteger.cast(timeStamp).getStartOff(),
+        KMInteger.cast(num2).getBuffer(),
+        KMInteger.cast(num2).getStartOff(),
         scratchPad,
-        (short) (16 - KMInteger.cast(timeStamp).length()),
-        KMInteger.cast(timeStamp).length());
-
-    // add authTime in millis to timestamp.
-    KMUtils.add(scratchPad, (short) 0, (short) 8, (short) 16);
-    return KMInteger.uint_64(scratchPad, (short) 16);
+        (short) (buf + 16 - KMInteger.cast(num2).length()),
+        KMInteger.cast(num2).length());
+    add(scratchPad, buf, (short) (buf + 8), (short) (buf + 16));
+    return KMInteger.uint_64(scratchPad, (short) (buf + 16));
   }
-  
-  private void updateTrustedConfirmationOperation(KMOperationState op) {
-    if (op.isTrustedConfirmationRequired()) {
-      op.getTrustedConfirmationSigner().update(
-          KMByteBlob.cast(data[INPUT_DATA]).getBuffer(),
-          KMByteBlob.cast(data[INPUT_DATA]).getStartOff(),
-          KMByteBlob.cast(data[INPUT_DATA]).length());
-    }
-  }
-  
-  private void finishTrustedConfirmationOperation(KMOperationState op) {
-    // Perform trusted confirmation if required
-    if (op.isTrustedConfirmationRequired()) {
-      tmpVariables[0] =
-          KMKeyParameters.findTag(KMType.BYTES_TAG, KMType.CONFIRMATION_TOKEN, data[KEY_PARAMETERS]);
-      if (tmpVariables[0] == KMType.INVALID_VALUE) {
-        KMException.throwIt(KMError.NO_USER_CONFIRMATION);
-      }
-      tmpVariables[0] = KMByteTag.cast(tmpVariables[0]).getValue();
-      boolean verified =
-          op.getTrustedConfirmationSigner().verify(
-              KMByteBlob.cast(data[INPUT_DATA]).getBuffer(),
-              KMByteBlob.cast(data[INPUT_DATA]).getStartOff(),
-              KMByteBlob.cast(data[INPUT_DATA]).length(),
-              KMByteBlob.cast(tmpVariables[0]).getBuffer(),
-              KMByteBlob.cast(tmpVariables[0]).getStartOff(),
-              KMByteBlob.cast(tmpVariables[0]).length());
-      if (!verified) {
-        KMException.throwIt(KMError.NO_USER_CONFIRMATION);
+
+  private void add(byte[] buf, short op1, short op2, short result) {
+    byte index = 7;
+    byte carry = 0;
+    short tmp;
+    while (index >= 0) {
+      tmp = (short) (buf[(short) (op1 + index)] + buf[(short) (op2 + index)] + carry);
+      carry = 0;
+      if (tmp > 255) {
+        carry = 1; // max unsigned byte value is 255
       }
+      buf[(short) (result + index)] = (byte) (tmp & (byte) 0xFF);
+      index--;
     }
   }
-
 }
diff --git a/Applet/src/com/android/javacard/keymaster/KMOperationState.java b/Applet/src/com/android/javacard/keymaster/KMOperationState.java
index bfd67ceb..d8705de4 100644
--- a/Applet/src/com/android/javacard/keymaster/KMOperationState.java
+++ b/Applet/src/com/android/javacard/keymaster/KMOperationState.java
@@ -16,8 +16,6 @@
 
 package com.android.javacard.keymaster;
 
-import javacard.framework.ISO7816;
-import javacard.framework.ISOException;
 import javacard.framework.JCSystem;
 import javacard.framework.Util;
 
@@ -29,9 +27,8 @@
  */
 public class KMOperationState {
 
-  public static final byte MAX_DATA = 63;
+  public static final byte MAX_DATA = 20;
   private static final byte OPERATION = 0;
-  private static final byte HMAC_SIGNER_OPERATION = 1;
   private static final byte TRUE = 1;
   private static final byte FALSE = 0;
   // byte type
@@ -41,23 +38,18 @@ public class KMOperationState {
   private static final byte BLOCKMODE = 3;
   private static final byte DIGEST = 4;
   private static final byte FLAGS = 5;
-  private static final byte AUTH_TYPE = 6;
   // short type
-  private static final byte KEY_SIZE = 7;
-  private static final byte MAC_LENGTH = 9;
+  private static final byte KEY_SIZE = 6;
+  private static final byte MAC_LENGTH = 8;
   // Handle - currently this is short
-  private static final byte OP_HANDLE = 11;
+  private static final byte OP_HANDLE = 10;
   // Auth time 64 bits
-  private static final byte AUTH_TIME = 13;
-  // Secure user ids 5 * 8 = 40 bytes ( Considering Maximum 5 SECURE USER IDs)
-  // First two bytes are reserved to store number of secure ids. SO total 42 bytes.
-  private static final byte USER_SECURE_ID = 21;
+  private static final byte AUTH_TIME = 12;
   // Flag masks
   private static final byte AUTH_PER_OP_REQD = 1;
   private static final byte SECURE_USER_ID_REQD = 2;
   private static final byte AUTH_TIMEOUT_VALIDATED = 4;
   private static final byte AES_GCM_UPDATE_ALLOWED = 8;
-  private static final byte MAX_SECURE_USER_IDS = 5;
 
   // Object References
   private byte[] data;
@@ -67,7 +59,7 @@ public class KMOperationState {
 
   private KMOperationState() {
     data = JCSystem.makeTransientByteArray(MAX_DATA, JCSystem.CLEAR_ON_RESET);
-    objRefs = JCSystem.makeTransientObjectArray((short) 2, JCSystem.CLEAR_ON_RESET);
+    objRefs = JCSystem.makeTransientObjectArray((short) 1, JCSystem.CLEAR_ON_RESET);
     isDataUpdated = JCSystem.makeTransientByteArray((short) 1, JCSystem.CLEAR_ON_RESET);
   }
 
@@ -85,12 +77,11 @@ public static KMOperationState instance(short opHandle) {
     return opState;
   }
 
-  public static KMOperationState read(byte[] oprHandle, short off, byte[] data, short dataOff, Object opr, Object hmacSignerOpr) {
+  public static KMOperationState read(byte[] oprHandle, short off, byte[] data, short dataOff, Object opr) {
     KMOperationState opState = proto();
     opState.reset();
-    Util.arrayCopyNonAtomic(data, dataOff, prototype.data, (short) 0, (short) prototype.data.length);
+    Util.arrayCopy(data, dataOff, prototype.data, (short) 0, (short) prototype.data.length);
     prototype.objRefs[OPERATION] = opr;
-    prototype.objRefs[HMAC_SIGNER_OPERATION] = hmacSignerOpr;
     Util.setShort(prototype.data, OP_HANDLE, KMInteger.uint_64(oprHandle, off));
     return opState;
   }
@@ -101,8 +92,7 @@ public void persist() {
     }
     KMRepository.instance().persistOperation(data,
         Util.getShort(data, OP_HANDLE),
-        (KMOperation) objRefs[OPERATION],
-        (KMOperation) objRefs[HMAC_SIGNER_OPERATION]);
+        (KMOperation) objRefs[OPERATION]);
     isDataUpdated[0] = FALSE;
   }
 
@@ -117,7 +107,6 @@ public short getKeySize() {
   public void reset() {
     isDataUpdated[0] = FALSE;
     objRefs[OPERATION] = null;
-    objRefs[HMAC_SIGNER_OPERATION] = null;
     Util.arrayFillNonAtomic(
         data, (short) 0, (short) data.length, (byte) 0);
   }
@@ -127,12 +116,8 @@ private void dataUpdated() {
   }
 
   public void release() {
-    if (objRefs[OPERATION] != null) {
+    if (objRefs[OPERATION] != null)
       ((KMOperation) objRefs[OPERATION]).abort();
-    }
-    if (objRefs[HMAC_SIGNER_OPERATION] != null) {
-      ((KMOperation) objRefs[HMAC_SIGNER_OPERATION]).abort();
-    }
     reset();
   }
 
@@ -176,59 +161,7 @@ public short getAuthTime() {
   }
 
   public void setAuthTime(byte[] timeBuf, short start) {
-    Util.arrayCopyNonAtomic(timeBuf, start, data, (short) AUTH_TIME, (short) 8);
-    dataUpdated();
-  }
-
-  public void setAuthType(byte authType) {
-    data[AUTH_TYPE] = authType;
-    dataUpdated();
-  }
-
-  public short getAuthType() {
-    return data[AUTH_TYPE];
-  }
-
-  public short getUserSecureId() {
-    short offset = USER_SECURE_ID;
-    short length = Util.getShort(data, USER_SECURE_ID);
-    if (length == 0) {
-      return KMType.INVALID_VALUE;
-    }
-    short arrObj = KMArray.instance(length);
-    short index = 0;
-    short obj;
-    offset = (short) (2 + USER_SECURE_ID);
-    while (index < length) {
-      obj = KMInteger.instance(data, (short) (offset + index * 8), (short) 8);
-      KMArray.cast(arrObj).add(index, obj);
-      index++;
-    }
-    return KMIntegerArrayTag.instance(KMType.ULONG_ARRAY_TAG, KMType.USER_SECURE_ID, arrObj);
-  }
-
-  public void setUserSecureId(short integerArrayPtr) {
-    short length = KMIntegerArrayTag.cast(integerArrayPtr).length();
-    if (length > MAX_SECURE_USER_IDS) {
-      KMException.throwIt(KMError.INVALID_KEY_BLOB);
-    }
-    Util.arrayFillNonAtomic(data, USER_SECURE_ID, (short) (MAX_SECURE_USER_IDS * 8) , (byte) 0);
-    short index = 0;
-    short obj;
-    short offset = USER_SECURE_ID;
-    Util.setShort(data, offset, length);
-    offset += 2;
-    while (index < length) {
-      obj = KMIntegerArrayTag.cast(integerArrayPtr).get(index);
-      Util.arrayCopyNonAtomic(
-          KMInteger.cast(obj).getBuffer(),
-          KMInteger.cast(obj).getStartOff(),
-          data,
-          (short) (8 - KMInteger.cast(obj).length() + offset + 8 * index),
-          KMInteger.cast(obj).length()
-      );
-      index++;
-    }
+    Util.arrayCopy(timeBuf, start, data, (short) AUTH_TIME, (short) 8);
     dataUpdated();
   }
 
@@ -317,18 +250,4 @@ public void setMacLength(short length) {
   public short getMacLength() {
     return Util.getShort(data, MAC_LENGTH);
   }
-
-  public void setTrustedConfirmationSigner(KMOperation hmacSignerOp) {
-    objRefs[HMAC_SIGNER_OPERATION] = hmacSignerOp;
-    dataUpdated();
-  }
-
-  public KMOperation getTrustedConfirmationSigner() {
-    return (KMOperation)objRefs[HMAC_SIGNER_OPERATION];
-  }
-
-  public boolean isTrustedConfirmationRequired() {
-    return objRefs[HMAC_SIGNER_OPERATION] != null;
-  }
-  
 }
diff --git a/Applet/src/com/android/javacard/keymaster/KMRepository.java b/Applet/src/com/android/javacard/keymaster/KMRepository.java
index 7032d258..6dfc2d0d 100644
--- a/Applet/src/com/android/javacard/keymaster/KMRepository.java
+++ b/Applet/src/com/android/javacard/keymaster/KMRepository.java
@@ -30,7 +30,7 @@
 public class KMRepository implements KMUpgradable {
 
   // Data table configuration
-  public static final short DATA_INDEX_SIZE = 33;
+  public static final short DATA_INDEX_SIZE = 22;
   public static final short DATA_INDEX_ENTRY_SIZE = 4;
   public static final short DATA_MEM_SIZE = 2048;
   public static final short HEAP_SIZE = 10000;
@@ -45,6 +45,8 @@ public class KMRepository implements KMUpgradable {
   private static final byte POWER_RESET_STATUS_FLAG = (byte) 0xEF;
 
   // Data table offsets
+  public static final byte COMPUTED_HMAC_KEY = 8;
+  public static final byte HMAC_NONCE = 9;
   public static final byte ATT_ID_BRAND = 0;
   public static final byte ATT_ID_DEVICE = 1;
   public static final byte ATT_ID_PRODUCT = 2;
@@ -53,8 +55,6 @@ public class KMRepository implements KMUpgradable {
   public static final byte ATT_ID_MEID = 5;
   public static final byte ATT_ID_MANUFACTURER = 6;
   public static final byte ATT_ID_MODEL = 7;
-  public static final byte COMPUTED_HMAC_KEY = 8;
-  public static final byte HMAC_NONCE = 9;
   public static final byte CERT_ISSUER = 10;
   public static final byte CERT_EXPIRY_TIME = 11;
   public static final byte BOOT_OS_VERSION = 12;
@@ -67,11 +67,6 @@ public class KMRepository implements KMUpgradable {
   public static final byte BOOT_DEVICE_LOCKED_STATUS = 19;
   public static final byte DEVICE_LOCKED_TIME = 20;
   public static final byte DEVICE_LOCKED = 21;
-  public static final byte DEVICE_LOCKED_PASSWORD_ONLY = 22;
-  // Total 8 auth tags, so the next offset is AUTH_TAG_1 + 8
-  public static final byte AUTH_TAG_1 = 23;
-  public static final byte BOOT_ENDED_STATUS = 31;
-  public static final byte EARLY_BOOT_ENDED_STATUS = 32;
 
   // Data Item sizes
   public static final short MASTER_KEY_SIZE = 16;
@@ -83,24 +78,11 @@ public class KMRepository implements KMUpgradable {
   public static final short VENDOR_PATCH_SIZE = 4;
   public static final short BOOT_PATCH_SIZE = 4;
   public static final short DEVICE_LOCK_TS_SIZE = 8;
-  public static final short BOOT_DEVICE_LOCK_FLAG_SIZE = 1;
-  public static final short DEVICE_LOCKED_FLAG_SIZE = 1;
-  public static final short DEVICE_LOCKED_PASSWORD_ONLY_SIZE = 1;
+  public static final short DEVICE_LOCK_FLAG_SIZE = 1;
   public static final short BOOT_STATE_SIZE = 1;
   public static final short MAX_OPS = 4;
-  public static final byte  BOOT_KEY_MAX_SIZE = 32;
-  public static final byte  BOOT_HASH_MAX_SIZE = 32;
-  public static final short MAX_BLOB_STORAGE = 8;
-  public static final short AUTH_TAG_LENGTH = 16;
-  public static final short AUTH_TAG_COUNTER_SIZE = 4;
-  public static final short AUTH_TAG_ENTRY_SIZE = (AUTH_TAG_LENGTH + AUTH_TAG_COUNTER_SIZE + 1);
-  public static final short BOOT_ENDED_FLAG_SIZE = 1;
-  public static final short EARLY_BOOT_ENDED_FLAG_SIZE = 1;
-  private static final byte[] zero = {0, 0, 0, 0, 0, 0, 0, 0};
-  
-  // Buffer type
-  public static final byte DEFAULT_BUF_TYPE = 0;
-  public static final byte ATTEST_IDS_BUF_TYPE = 1;
+  public static final byte BOOT_KEY_MAX_SIZE = 32;
+  public static final byte BOOT_HASH_MAX_SIZE = 32;
 
   // Class Attributes
   private Object[] operationStateTable;
@@ -109,7 +91,6 @@ public class KMRepository implements KMUpgradable {
   private byte[] dataTable;
   private short dataIndex;
   private short[] reclaimIndex;
-  private short attestIdsIndex;
   // This variable is used to monitor the power reset status as the Applet does not get
   // any power reset event. Initially the value of this variable is set to POWER_RESET_STATUS_FLAG.
   // If the power reset happens then this value becomes 0.
@@ -118,7 +99,6 @@ public class KMRepository implements KMUpgradable {
   // Operation table.
   private static final short OPER_TABLE_DATA_OFFSET = 0;
   private static final short OPER_TABLE_OPR_OFFSET = 1;
-  private static final short OPER_TABLE_HMAC_SIGNER_OPR_OFFSET = 2;
   private static final short OPER_DATA_LEN = OPERATION_HANDLE_ENTRY_SIZE + KMOperationState.MAX_DATA;
   private static final short DATA_ARRAY_LENGTH = MAX_OPS * OPER_DATA_LEN;
 
@@ -140,10 +120,9 @@ public KMRepository(boolean isUpgrading) {
     powerResetStatus[0] = POWER_RESET_STATUS_FLAG;
     newDataTable(isUpgrading);
 
-    operationStateTable = new Object[3];
+    operationStateTable = new Object[2];
     operationStateTable[0] = JCSystem.makeTransientByteArray(DATA_ARRAY_LENGTH, JCSystem.CLEAR_ON_RESET);
     operationStateTable[1] = JCSystem.makeTransientObjectArray(MAX_OPS, JCSystem.CLEAR_ON_RESET);
-    operationStateTable[2] = JCSystem.makeTransientObjectArray(MAX_OPS, JCSystem.CLEAR_ON_RESET);
 
     //Initialize the device locked status
     if (!isUpgrading) {
@@ -191,13 +170,12 @@ public KMOperationState findOperation(byte[] buf, short off, short len) {
     short offset = 0;
     oprTableData = (byte[]) operationStateTable[OPER_TABLE_DATA_OFFSET];
     Object[] operations = (Object[]) operationStateTable[OPER_TABLE_OPR_OFFSET];
-    Object[] hmacSignerOprs = (Object[]) operationStateTable[OPER_TABLE_HMAC_SIGNER_OPR_OFFSET];
     while (index < MAX_OPS) {
       offset = (short) (index * OPER_DATA_LEN);
       if (0 == Util.arrayCompare(buf, off, oprTableData, (short) (offset + OPERATION_HANDLE_OFFSET), len)) {
         return KMOperationState.read(oprTableData, (short) (offset + OPERATION_HANDLE_OFFSET), oprTableData,
             (short) (offset + OPERATION_HANDLE_ENTRY_SIZE),
-            operations[index], hmacSignerOprs[index]);
+            operations[index]);
       }
       index++;
     }
@@ -234,11 +212,10 @@ public KMOperationState reserveOperation(short opHandle) {
     return null;
   }
 
-  public void persistOperation(byte[] data, short opHandle, KMOperation op, KMOperation hmacSignerOp) {
+  public void persistOperation(byte[] data, short opHandle, KMOperation op) {
     short index = 0;
     byte[] oprTableData = (byte[]) operationStateTable[OPER_TABLE_DATA_OFFSET];
     Object[] operations = (Object[]) operationStateTable[OPER_TABLE_OPR_OFFSET];
-    Object[] hmacSignerOprs = (Object[]) operationStateTable[OPER_TABLE_HMAC_SIGNER_OPR_OFFSET];
     short offset = 0;
     short buf = KMByteBlob.instance(OPERATION_HANDLE_SIZE);
     getOperationHandle(
@@ -256,10 +233,9 @@ public void persistOperation(byte[] data, short opHandle, KMOperation op, KMOper
           KMByteBlob.cast(buf).getBuffer(),
           KMByteBlob.cast(buf).getStartOff(),
           KMByteBlob.cast(buf).length()))) {
-        Util.arrayCopyNonAtomic(data, (short) 0, oprTableData, (short) (offset + OPERATION_HANDLE_ENTRY_SIZE),
+        Util.arrayCopy(data, (short) 0, oprTableData, (short) (offset + OPERATION_HANDLE_ENTRY_SIZE),
             KMOperationState.MAX_DATA);
         operations[index] = op;
-        hmacSignerOprs[index] = hmacSignerOp;
         return;
       }
       index++;
@@ -271,16 +247,15 @@ public void persistOperation(byte[] data, short opHandle, KMOperation op, KMOper
       offset = (short) (index * OPER_DATA_LEN);
       if (0 == oprTableData[(short) (offset + OPERATION_HANDLE_STATUS_OFFSET)]) {
         oprTableData[(short) (offset + OPERATION_HANDLE_STATUS_OFFSET)] = 1;/*reserved */
-        Util.arrayCopyNonAtomic(
+        Util.arrayCopy(
             KMByteBlob.cast(buf).getBuffer(),
             KMByteBlob.cast(buf).getStartOff(),
             oprTableData,
             (short) (offset + OPERATION_HANDLE_OFFSET),
             OPERATION_HANDLE_SIZE);
-        Util.arrayCopyNonAtomic(data, (short) 0, oprTableData, (short) (offset + OPERATION_HANDLE_ENTRY_SIZE),
+        Util.arrayCopy(data, (short) 0, oprTableData, (short) (offset + OPERATION_HANDLE_ENTRY_SIZE),
             KMOperationState.MAX_DATA);
         operations[index] = op;
-        hmacSignerOprs[index] = hmacSignerOp;
         break;
       }
       index++;
@@ -291,7 +266,6 @@ public void releaseOperation(KMOperationState op) {
     short index = 0;
     byte[] oprTableData = (byte[]) operationStateTable[OPER_TABLE_DATA_OFFSET];
     Object[] operations = (Object[]) operationStateTable[OPER_TABLE_OPR_OFFSET];
-    Object[] hmacSignerOprs = (Object[]) operationStateTable[OPER_TABLE_HMAC_SIGNER_OPR_OFFSET];
     short offset = 0;
     short buf = KMByteBlob.instance(OPERATION_HANDLE_SIZE);
     getOperationHandle(
@@ -310,7 +284,6 @@ public void releaseOperation(KMOperationState op) {
         Util.arrayFillNonAtomic(oprTableData, offset, OPER_DATA_LEN, (byte) 0);
         op.release();
         operations[index] = null;
-        hmacSignerOprs[index] = null;
         break;
       }
       index++;
@@ -321,8 +294,6 @@ public void releaseAllOperations() {
     short index = 0;
     byte[] oprTableData = (byte[]) operationStateTable[OPER_TABLE_DATA_OFFSET];
     Object[] operations = (Object[]) operationStateTable[OPER_TABLE_OPR_OFFSET];
-    Object[] hmacSignerOprs = (Object[]) operationStateTable[OPER_TABLE_HMAC_SIGNER_OPR_OFFSET];
-    
     short offset = 0;
     while (index < MAX_OPS) {
       offset = (short) (index * OPER_DATA_LEN);
@@ -332,15 +303,18 @@ public void releaseAllOperations() {
           ((KMOperation) operations[index]).abort();
           operations[index] = null;
         }
-        if (hmacSignerOprs[index] != null) {
-            ((KMOperation) hmacSignerOprs[index]).abort();
-            hmacSignerOprs[index] = null;
-        }
       }
       index++;
     }
   }
 
+  public void initComputedHmac(byte[] key, short start, short len) {
+    if (len != COMPUTED_HMAC_KEY_SIZE) {
+      KMException.throwIt(KMError.INVALID_INPUT_LENGTH);
+    }
+    writeDataEntry(COMPUTED_HMAC_KEY, key, start, len);
+  }
+
   public void initHmacNonce(byte[] nonce, short offset, short len) {
     if (len != HMAC_SEED_NONCE_SIZE) {
       KMException.throwIt(KMError.INVALID_INPUT_LENGTH);
@@ -352,6 +326,10 @@ public void clearHmacNonce() {
     clearDataEntry(HMAC_NONCE);
   }
 
+  public void clearComputedHmac() {
+    clearDataEntry(COMPUTED_HMAC_KEY);
+  }
+
   public void onUninstall() {
     // Javacard Runtime environment cleans up the data.
 
@@ -402,9 +380,6 @@ public short allocAvailableMemory() {
   }
 
   public short alloc(short length) {
-    if (length < 0) {
-      ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
-    }
     if ((((short) (heapIndex[0] + length)) > heap.length) ||
         (((short) (heapIndex[0] + length)) > reclaimIndex[0])) {
       ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED);
@@ -413,115 +388,81 @@ public short alloc(short length) {
     return (short) (heapIndex[0] - length);
   }
 
-  private short dataAlloc(byte bufType, short length) {
-    short maxSize = getMaxLimitSize(bufType);
-    short dataIndex = getDataTableIndex(bufType);
-    if (length < 0) {
-      ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
-    }
-    if (((short) (dataIndex + length)) > maxSize) {
+  private short dataAlloc(short length) {
+    if (((short) (dataIndex + length)) > dataTable.length) {
       ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED);
     }
     dataIndex += length;
-    setDataTableIndex(bufType, dataIndex);
     return (short) (dataIndex - length);
   }
 
-  private short getDataTableIndex(byte bufType) {
-    if (bufType == ATTEST_IDS_BUF_TYPE) {
-      return this.attestIdsIndex;
-    } else {
-      return this.dataIndex;
-    }
-  }
-  
-  private void setDataTableIndex(byte bufType, short index) {
-    if (bufType == ATTEST_IDS_BUF_TYPE) {
-      JCSystem.beginTransaction();
-      this.attestIdsIndex = index;
-      JCSystem.commitTransaction();
-    } else {
-      JCSystem.beginTransaction();
-      this.dataIndex = index;
-      JCSystem.commitTransaction();
-    }
-  }
-  
-  private short getMaxLimitSize(byte bufType) {
-    if (bufType == ATTEST_IDS_BUF_TYPE) {
-      return (short) (DATA_INDEX_SIZE * DATA_INDEX_ENTRY_SIZE + KMConfigurations.TOTAL_ATTEST_IDS_SIZE);
-    } else { // Default buf type.
-      return (short) dataTable.length;
-    }
-  }
 
   private void newDataTable(boolean isUpgrading) {
     if (!isUpgrading) {
       if (dataTable == null) {
         dataTable = new byte[DATA_MEM_SIZE];
-        attestIdsIndex = (short) (DATA_INDEX_SIZE * DATA_INDEX_ENTRY_SIZE);
-        dataIndex = (short) (attestIdsIndex + KMConfigurations.TOTAL_ATTEST_IDS_SIZE);
+        dataIndex = (short) (DATA_INDEX_SIZE * DATA_INDEX_ENTRY_SIZE);
       }
     }
   }
 
+  public void restoreData(short blob) {
+    JCSystem.beginTransaction();
+    Util.arrayCopy(
+        KMByteBlob.cast(blob).getBuffer(), KMByteBlob.cast(blob).getStartOff(), dataTable,
+        (short) 0,
+        KMByteBlob.cast(blob).length()
+    );
+    JCSystem.commitTransaction();
+  }
+
   public byte[] getDataTable() {
     return dataTable;
   }
 
   private void clearDataEntry(short id) {
+    JCSystem.beginTransaction();
     id = (short) (id * DATA_INDEX_ENTRY_SIZE);
     short dataLen = Util.getShort(dataTable, (short) (id + DATA_INDEX_ENTRY_LENGTH));
     if (dataLen != 0) {
       short dataPtr = Util.getShort(dataTable, (short) (id + DATA_INDEX_ENTRY_OFFSET));
-      JCSystem.beginTransaction();
       Util.arrayFillNonAtomic(dataTable, dataPtr, dataLen, (byte) 0);
-      JCSystem.commitTransaction();
     }
+    JCSystem.commitTransaction();
   }
 
   private void writeDataEntry(short id, byte[] buf, short offset, short len) {
-    writeDataEntry(DEFAULT_BUF_TYPE, id, buf, offset, len);
-  }
-
-  private short readDataEntry(short id, byte[] buf, short offset) {
-    id = (short) (id * DATA_INDEX_ENTRY_SIZE);
-    short len = Util.getShort(dataTable, (short) (id + DATA_INDEX_ENTRY_LENGTH));
-    if (len != 0) {
-      Util.arrayCopyNonAtomic(
-          dataTable,
-          Util.getShort(dataTable, (short) (id + DATA_INDEX_ENTRY_OFFSET)),
-          buf,
-          offset,
-          len);
-    }
-    return len;
-  }
-
-  private void writeDataEntry(byte bufType, short id, byte[] buf, short offset, short len) {
+    JCSystem.beginTransaction();
     short dataPtr;
     id = (short) (id * DATA_INDEX_ENTRY_SIZE);
     short dataLen = Util.getShort(dataTable, (short) (id + DATA_INDEX_ENTRY_LENGTH));
     if (dataLen == 0) {
-      dataPtr = dataAlloc(bufType, len);
-      // Begin Transaction
-      JCSystem.beginTransaction();
+      dataPtr = dataAlloc(len);
       Util.setShort(dataTable, (short) (id + DATA_INDEX_ENTRY_OFFSET), dataPtr);
       Util.setShort(dataTable, (short) (id + DATA_INDEX_ENTRY_LENGTH), len);
       Util.arrayCopyNonAtomic(buf, offset, dataTable, dataPtr, len);
-      JCSystem.commitTransaction();
-      // End Transaction
     } else {
       if (len != dataLen) {
         KMException.throwIt(KMError.UNKNOWN_ERROR);
       }
       dataPtr = Util.getShort(dataTable, (short) (id + DATA_INDEX_ENTRY_OFFSET));
-      // Begin Transaction
-      JCSystem.beginTransaction();
       Util.arrayCopyNonAtomic(buf, offset, dataTable, dataPtr, len);
-      JCSystem.commitTransaction();
-      // End Transaction
     }
+    JCSystem.commitTransaction();
+  }
+
+  private short readDataEntry(short id, byte[] buf, short offset) {
+    id = (short) (id * DATA_INDEX_ENTRY_SIZE);
+    short len = Util.getShort(dataTable, (short) (id + DATA_INDEX_ENTRY_LENGTH));
+    if (len != 0) {
+      Util.arrayCopyNonAtomic(
+          dataTable,
+          Util.getShort(dataTable, (short) (id + DATA_INDEX_ENTRY_OFFSET)),
+          buf,
+          offset,
+          len);
+    }
+    return len;
   }
 
   private short dataLength(short id) {
@@ -542,7 +483,7 @@ public short getComputedHmacKey() {
   }
 
   public void persistAttId(byte id, byte[] buf, short start, short len) {
-    writeDataEntry(ATTEST_IDS_BUF_TYPE, id, buf, start, len);
+    writeDataEntry(id, buf, start, len);
   }
 
   public short getAttId(byte id) {
@@ -550,10 +491,14 @@ public short getAttId(byte id) {
   }
 
   public void deleteAttIds() {
-    JCSystem.beginTransaction();
-    attestIdsIndex = (DATA_INDEX_SIZE * DATA_INDEX_ENTRY_SIZE);
-    Util.arrayFillNonAtomic(dataTable, attestIdsIndex, KMConfigurations.TOTAL_ATTEST_IDS_SIZE, (byte) 0);
-    JCSystem.commitTransaction();
+    clearDataEntry(ATT_ID_BRAND);
+    clearDataEntry(ATT_ID_MEID);
+    clearDataEntry(ATT_ID_DEVICE);
+    clearDataEntry(ATT_ID_IMEI);
+    clearDataEntry(ATT_ID_MODEL);
+    clearDataEntry(ATT_ID_PRODUCT);
+    clearDataEntry(ATT_ID_SERIAL);
+    clearDataEntry(ATT_ID_MANUFACTURER);
   }
 
   public short getIssuer() {
@@ -561,39 +506,32 @@ public short getIssuer() {
   }
 
   public short readData(short id) {
-    short len = dataLength(id);
-    if (len != 0) {
-      short blob = KMByteBlob.instance(len);
-      readDataEntry(id, KMByteBlob.cast(blob).getBuffer(), KMByteBlob.cast(blob).getStartOff());
-      return blob;
+    short blob = KMByteBlob.instance(dataLength(id));
+    if (readDataEntry(id, KMByteBlob.cast(blob).getBuffer(), KMByteBlob.cast(blob).getStartOff())
+        == 0) {
+      return 0;
     }
-    return KMType.INVALID_VALUE;
+    return blob;
   }
 
-  public short readData(byte[] dataTable, short id, byte[] buf, short startOff, short bufLen) {
-    id = (short) (id * DATA_INDEX_ENTRY_SIZE);
-    short len = Util.getShort(dataTable, (short) (id + DATA_INDEX_ENTRY_LENGTH));
-    if (len > bufLen) {
-      return KMType.INVALID_VALUE;
-    }
-    if (len != 0) {
-      Util.arrayCopyNonAtomic(
-          dataTable,
-          Util.getShort(dataTable, (short) (id + DATA_INDEX_ENTRY_OFFSET)),
-          buf,
-          startOff,
-          len);
-    }
-    return len;
+  public void setIssuer(byte[] buf, short start, short len) {
+    writeDataEntry(CERT_ISSUER, buf, start, len);
   }
 
+
   public short getCertExpiryTime() {
     return readData(CERT_EXPIRY_TIME);
   }
 
+  public void setCertExpiryTime(byte[] buf, short start, short len) {
+    writeDataEntry(CERT_EXPIRY_TIME, buf, start, len);
+  }
+
+  private static final byte[] zero = {0, 0, 0, 0, 0, 0, 0, 0};
+
   public short getOsVersion() {
     short blob = readData(BOOT_OS_VERSION);
-    if (blob != KMType.INVALID_VALUE) {
+    if (blob != 0) {
       return KMInteger.uint_32(
           KMByteBlob.cast(blob).getBuffer(), KMByteBlob.cast(blob).getStartOff());
     } else {
@@ -603,7 +541,7 @@ public short getOsVersion() {
 
   public short getVendorPatchLevel() {
     short blob = readData(VENDOR_PATCH_LEVEL);
-    if (blob != KMType.INVALID_VALUE) {
+    if (blob != 0) {
       return KMInteger.uint_32(
           KMByteBlob.cast(blob).getBuffer(), KMByteBlob.cast(blob).getStartOff());
     } else {
@@ -613,7 +551,7 @@ public short getVendorPatchLevel() {
 
   public short getBootPatchLevel() {
     short blob = readData(BOOT_PATCH_LEVEL);
-    if (blob != KMType.INVALID_VALUE) {
+    if (blob != 0) {
       return KMInteger.uint_32(
           KMByteBlob.cast(blob).getBuffer(), KMByteBlob.cast(blob).getStartOff());
     } else {
@@ -623,7 +561,7 @@ public short getBootPatchLevel() {
 
   public short getOsPatch() {
     short blob = readData(BOOT_OS_PATCH_LEVEL);
-    if (blob != KMType.INVALID_VALUE) {
+    if (blob != 0) {
       return KMInteger.uint_32(
           KMByteBlob.cast(blob).getBuffer(), KMByteBlob.cast(blob).getStartOff());
     } else {
@@ -679,39 +617,27 @@ public short getVerifiedBootHash() {
 
   public boolean getBootLoaderLock() {
     short blob = readData(BOOT_DEVICE_LOCKED_STATUS);
-    if (blob == KMType.INVALID_VALUE) {
-      KMException.throwIt(KMError.INVALID_DATA);
-    }
-    return (byte) ((getHeap())[KMByteBlob.cast(blob).getStartOff()]) == 0x01;
+    return (byte) ((getHeap())[KMByteBlob.cast(blob).getStartOff()] & 0xFE) != 0;
   }
 
   public byte getBootState() {
     short blob = readData(BOOT_VERIFIED_BOOT_STATE);
-    if (blob == KMType.INVALID_VALUE) {
-      KMException.throwIt(KMError.INVALID_DATA);
-    }
     return (getHeap())[KMByteBlob.cast(blob).getStartOff()];
   }
 
   public boolean getDeviceLock() {
     short blob = readData(DEVICE_LOCKED);
-    if (blob == KMType.INVALID_VALUE) {
-      KMException.throwIt(KMError.INVALID_DATA);
-    }
-    return (byte) ((getHeap())[KMByteBlob.cast(blob).getStartOff()]) == 0x01;
+    return (byte) ((getHeap())[KMByteBlob.cast(blob).getStartOff()] & 0xFE) != 0;
   }
 
   public boolean getDeviceLockPasswordOnly() {
-    short blob = readData(DEVICE_LOCKED_PASSWORD_ONLY);
-    if (blob == KMType.INVALID_VALUE) {
-      KMException.throwIt(KMError.INVALID_DATA);
-    }
-    return (byte) ((getHeap())[KMByteBlob.cast(blob).getStartOff()]) == 0x01;
+    short blob = readData(DEVICE_LOCKED);
+    return (byte) ((getHeap())[KMByteBlob.cast(blob).getStartOff()] & 0xFD) != 0;
   }
 
   public short getDeviceTimeStamp() {
     short blob = readData(DEVICE_LOCKED_TIME);
-    if (blob != KMType.INVALID_VALUE) {
+    if (blob != 0) {
       return KMInteger.uint_64(KMByteBlob.cast(blob).getBuffer(),
           KMByteBlob.cast(blob).getStartOff());
     } else {
@@ -749,33 +675,33 @@ public void clearAndroidSystemProperties() {
   }
 
   public void setBootloaderLocked(boolean flag) {
-    short start = alloc(BOOT_DEVICE_LOCK_FLAG_SIZE);
+    short start = alloc(DEVICE_LOCK_FLAG_SIZE);
     if (flag) {
-      (getHeap())[start] = (byte) 0x01;
+      (getHeap())[start] = (byte) ((getHeap())[start] | 0x01);
     } else {
-      (getHeap())[start] = (byte) 0x00;
+      (getHeap())[start] = (byte) ((getHeap())[start] & 0xFE);
     }
-    writeDataEntry(BOOT_DEVICE_LOCKED_STATUS, getHeap(), start, BOOT_DEVICE_LOCK_FLAG_SIZE);
+    writeDataEntry(BOOT_DEVICE_LOCKED_STATUS, getHeap(), start, DEVICE_LOCK_FLAG_SIZE);
   }
 
   public void setDeviceLock(boolean flag) {
-    short start = alloc(DEVICE_LOCKED_FLAG_SIZE);
+    short start = alloc(DEVICE_LOCK_FLAG_SIZE);
     if (flag) {
-      (getHeap())[start] = (byte) 0x01;
+      (getHeap())[start] = (byte) ((getHeap())[start] | 0x01);
     } else {
-      (getHeap())[start] = (byte) 0x00;
+      (getHeap())[start] = (byte) ((getHeap())[start] & 0xFE);
     }
-    writeDataEntry(DEVICE_LOCKED, getHeap(), start, DEVICE_LOCKED_FLAG_SIZE);
+    writeDataEntry(DEVICE_LOCKED, getHeap(), start, DEVICE_LOCK_FLAG_SIZE);
   }
 
   public void setDeviceLockPasswordOnly(boolean flag) {
-    short start = alloc(DEVICE_LOCKED_PASSWORD_ONLY_SIZE);
+    short start = alloc(DEVICE_LOCK_FLAG_SIZE);
     if (flag) {
-      (getHeap())[start] = (byte) 0x01;
+      (getHeap())[start] = (byte) ((getHeap())[start] | 0x02);
     } else {
-      (getHeap())[start] = (byte) 0x00;
+      (getHeap())[start] = (byte) ((getHeap())[start] & 0xFD);
     }
-    writeDataEntry(DEVICE_LOCKED_PASSWORD_ONLY, getHeap(), start, DEVICE_LOCKED_PASSWORD_ONLY_SIZE);
+    writeDataEntry(DEVICE_LOCKED, getHeap(), start, DEVICE_LOCK_FLAG_SIZE);
   }
 
   public void setDeviceLockTimestamp(byte[] buf, short start, short len) {
@@ -817,139 +743,22 @@ public void setBootState(byte state) {
     writeDataEntry(BOOT_VERIFIED_BOOT_STATE, getHeap(), start, BOOT_STATE_SIZE);
   }
 
-  private boolean isAuthTagSlotAvailable(short tagId, byte[] buf, short offset) {
-    readDataEntry(tagId, buf, offset);
-    return (0 == buf[offset]);
-  }
-
-  private void writeAuthTagState(byte[] buf, short offset, byte state) {
-    buf[offset] = state;
-  }
-
-  public boolean persistAuthTag(short authTag) {
-
-    if (KMByteBlob.cast(authTag).length() != AUTH_TAG_LENGTH) {
-      KMException.throwIt(KMError.INVALID_INPUT_LENGTH);
-    }
-
-    short authTagEntry = alloc(AUTH_TAG_ENTRY_SIZE);
-    short scratchPadOff = alloc(AUTH_TAG_ENTRY_SIZE);
-    byte[] scratchPad = getHeap();
-    writeAuthTagState(getHeap(), authTagEntry, (byte) 1);
-    Util.arrayCopyNonAtomic(
-        KMByteBlob.cast(authTag).getBuffer(),
-        KMByteBlob.cast(authTag).getStartOff(),
-        getHeap(), (short) (authTagEntry + 1), AUTH_TAG_LENGTH);
-    Util.setShort(getHeap(), (short) (authTagEntry + AUTH_TAG_LENGTH + 1 + 2),
-        (short) 1);
-    short index = 0;
-    while (index < MAX_BLOB_STORAGE) {
-      if ((dataLength((short) (index + AUTH_TAG_1)) == 0) ||
-          isAuthTagSlotAvailable((short) (index + AUTH_TAG_1), scratchPad, scratchPadOff)) {
-
-        writeDataEntry((short) (index + AUTH_TAG_1), getHeap(), authTagEntry, AUTH_TAG_ENTRY_SIZE);
-        return true;
-      }
-      index++;
-    }
-    return false;
-  }
-
-  public void removeAllAuthTags() {
-    short index = 0;
-    while (index < MAX_BLOB_STORAGE) {
-      clearDataEntry((short) (index + AUTH_TAG_1));
-      index++;
-    }
-  }
-
-  public boolean isAuthTagPersisted(short authTag) {
-    return (KMType.INVALID_VALUE != findTag(authTag));
-  }
-
-  private short findTag(short authTag) {
-    if (KMByteBlob.cast(authTag).length() != AUTH_TAG_LENGTH) {
-      KMException.throwIt(KMError.INVALID_INPUT_LENGTH);
-    }
-    short index = 0;
-    short found;
-    short offset = alloc(AUTH_TAG_ENTRY_SIZE);
-    while (index < MAX_BLOB_STORAGE) {
-      if (dataLength((short) (index + AUTH_TAG_1)) != 0) {
-        readDataEntry((short) (index + AUTH_TAG_1),
-            getHeap(), offset);
-        found =
-            Util.arrayCompare(
-                getHeap(),
-                (short) (offset + 1),
-                KMByteBlob.cast(authTag).getBuffer(),
-                KMByteBlob.cast(authTag).getStartOff(),
-                AUTH_TAG_LENGTH);
-        if (found == 0) {
-          return (short) (index + AUTH_TAG_1);
-        }
-      }
-      index++;
-    }
-    return KMType.INVALID_VALUE;
-  }
-
-  public short getRateLimitedKeyCount(short authTag, byte[] out, short outOff) {
-    short tag = findTag(authTag);
-    short blob;
-    if (tag != KMType.INVALID_VALUE) {
-      blob = readData(tag);
-      Util.arrayCopyNonAtomic(
-          KMByteBlob.cast(blob).getBuffer(),
-          (short) (KMByteBlob.cast(blob).getStartOff() + AUTH_TAG_LENGTH + 1),
-          out,
-          outOff,
-          AUTH_TAG_COUNTER_SIZE);
-      return AUTH_TAG_COUNTER_SIZE;
-    }
-    return (short) 0;
-  }
-
-  public void setRateLimitedKeyCount(short authTag, byte[] buf, short off, short len) {
-    short tag = findTag(authTag);
-    if (tag != KMType.INVALID_VALUE) {
-      short dataPtr = readData(tag);
-      Util.arrayCopyNonAtomic(
-          buf,
-          off,
-          KMByteBlob.cast(dataPtr).getBuffer(),
-          (short) (KMByteBlob.cast(dataPtr).getStartOff() + AUTH_TAG_LENGTH + 1),
-          len);
-      writeDataEntry(tag,
-          KMByteBlob.cast(dataPtr).getBuffer(),
-          KMByteBlob.cast(dataPtr).getStartOff(),
-          KMByteBlob.cast(dataPtr).length());
-    }
-  }
-
   @Override
   public void onSave(Element ele) {
     ele.write(dataIndex);
     ele.write(dataTable);
-    ele.write(attestIdsIndex);
   }
 
   @Override
-  public void onRestore(Element ele, short oldVersion, short currentVersion) {
+  public void onRestore(Element ele) {
     dataIndex = ele.readShort();
     dataTable = (byte[]) ele.readObject();
-    if (oldVersion == 0) {
-      // Previous versions does not contain version information.
-      handleDataUpgradeToVersion1_1();
-    } else {
-      attestIdsIndex = ele.readShort();
-    }
   }
 
   @Override
   public short getBackupPrimitiveByteCount() {
     // dataIndex
-    return (short) 4;
+    return (short) 2;
   }
 
   @Override
@@ -957,66 +766,4 @@ public short getBackupObjectCount() {
     // dataTable
     return (short) 1;
   }
-
-  public boolean getBootEndedStatus() {
-    short blob = readData(BOOT_ENDED_STATUS);
-    if (blob == KMType.INVALID_VALUE) {
-      KMException.throwIt(KMError.INVALID_DATA);
-    }
-    return (byte) ((getHeap())[KMByteBlob.cast(blob).getStartOff()]) == 0x01;
-  }
-  
-  public void setBootEndedStatus(boolean flag) {
-    short start = alloc(BOOT_ENDED_STATUS);
-    if (flag) {
-      (getHeap())[start] = (byte) 0x01;
-    } else {
-      (getHeap())[start] = (byte) 0x00;
-    }
-    writeDataEntry(BOOT_ENDED_STATUS, getHeap(), start, BOOT_ENDED_FLAG_SIZE);
-  }
-  
-  public boolean getEarlyBootEndedStatus() {
-    short blob = readData(EARLY_BOOT_ENDED_STATUS);
-    if (blob == KMType.INVALID_VALUE) {
-      KMException.throwIt(KMError.INVALID_DATA);
-    }
-    return (byte) ((getHeap())[KMByteBlob.cast(blob).getStartOff()]) == 0x01;
-  }
-	  
-  public void setEarlyBootEndedStatus(boolean flag) {
-    short start = alloc(EARLY_BOOT_ENDED_STATUS);
-    if (flag) {
-      (getHeap())[start] = (byte) 0x01;
-    } else {
-      (getHeap())[start] = (byte) 0x00;
-    }
-    writeDataEntry(EARLY_BOOT_ENDED_STATUS, getHeap(), start, EARLY_BOOT_ENDED_FLAG_SIZE);
-  }
-  
-  public void handleDataUpgradeToVersion1_1() {
-    byte[] oldDataTable = dataTable;
-    dataTable = new byte[2048];
-    attestIdsIndex = (short) (DATA_INDEX_SIZE * DATA_INDEX_ENTRY_SIZE);
-    dataIndex = (short) (attestIdsIndex + KMConfigurations.TOTAL_ATTEST_IDS_SIZE);
-    // temp buffer.
-    short startOffset = alloc((short) 256);
-
-    short index = ATT_ID_BRAND;
-    short len = 0;
-    while (index <= DEVICE_LOCKED) {
-      len = readData(oldDataTable, index, heap, startOffset, (short) 256);
-      writeDataEntry(index, heap, startOffset, len);
-      index++;
-    }
-    // set default values for the new IDS.
-    setDeviceLockPasswordOnly(false);
-    setBootEndedStatus(false);
-    setEarlyBootEndedStatus(false);
-
-    // Request object deletion
-    oldDataTable = null;
-    JCSystem.requestObjectDeletion();
-  }
-   
 }
diff --git a/Applet/src/com/android/javacard/keymaster/KMSEProvider.java b/Applet/src/com/android/javacard/keymaster/KMSEProvider.java
index dbfa3710..167aa5b2 100644
--- a/Applet/src/com/android/javacard/keymaster/KMSEProvider.java
+++ b/Applet/src/com/android/javacard/keymaster/KMSEProvider.java
@@ -25,11 +25,6 @@
  */
 public interface KMSEProvider extends KMUpgradable {
 
-  // Provision related constants.
-  public static final byte CERTIFICATE_CHAIN = 0;
-  public static final byte CERTIFICATE_EXPIRY = 1;
-  public static final byte CERTIFICATE_ISSUER = 2;
-
   /**
    * Create a symmetric key instance. If the algorithm and/or keysize are not supported then it
    * should throw a CryptoException.
@@ -228,7 +223,7 @@ boolean aesGCMDecrypt(
    * This is a oneshot operation that performs key derivation function using cmac kdf (CKDF) as
    * defined in android keymaster hal definition.
    *
-   * @param hmacKey instance of pre-shared key.
+   * @param instance of pre-shared key.
    * @param label is the label to be used for ckdf.
    * @param labelStart is the start of label.
    * @param labelLen is the length of the label.
@@ -277,7 +272,7 @@ short hmacSign(
    * This is a oneshot operation that signs the data using hmac algorithm. This is used to derive
    * the key, which is used to encrypt the keyblob.
    *
-   * @param masterKey instance of masterkey.
+   * @param instance of masterkey.
    * @param data is the buffer containing data to be signed.
    * @param dataStart is the start of the data.
    * @param dataLength is the length of the data.
@@ -286,7 +281,7 @@ short hmacSign(
    * @return length of the signature buffer in bytes.
    */
   short hmacKDF(
-      KMMasterKey masterKey,
+      KMMasterKey masterkey,
       byte[] data,
       short dataStart,
       short dataLength,
@@ -296,7 +291,9 @@ short hmacKDF(
   /**
    * This is a oneshot operation that verifies the signature using hmac algorithm.
    *
-   * @param hmacKey instance of KMComputedHmacKey.
+   * @param keyBuf is the buffer with hmac key.
+   * @param keyStart is the start of the buffer.
+   * @param keyLength is the length of the buffer which will be in bytes from 8 to 64.
    * @param data is the buffer containing data.
    * @param dataStart is the start of the data.
    * @param dataLength is the length of the data.
@@ -306,7 +303,9 @@ short hmacKDF(
    * @return true if the signature matches.
    */
   boolean hmacVerify(
-      KMComputedHmacKey hmacKey,
+      byte[] keyBuf,
+      short keyStart,
+      short keyLength,
       byte[] data,
       short dataStart,
       short dataLength,
@@ -348,7 +347,7 @@ short rsaDecipherOAEP256(
   /**
    * This is a oneshot operation that signs the data using EC private key.
    *
-   * @param ecPrivKey instance of KMAttestationKey.
+   * @param instance of KMAttestationKey.
    * @param inputDataBuf is the buffer of the input data.
    * @param inputDataStart is the start of the input data buffer.
    * @param inputDataLength is the length of the inpur data buffer in bytes.
@@ -401,14 +400,6 @@ KMOperation initSymmetricOperation(
       short ivLength,
       short macLength);
 
-  /**
-   * Initializes the trusted confirmation operation.
-   *
-   * @param computedHmacKey Instance of the computed Hmac key.
-   * @return instance of KMOperation.
-   */
-  KMOperation initTrustedConfirmationSymmetricOperation(KMComputedHmacKey computedHmacKey);
-
   /**
    * This creates a persistent operation for signing, verify, encryption and decryption using RSA
    * and EC algorithms when keymaster hal's beginOperation function is executed. For RSA the public
@@ -454,43 +445,35 @@ KMOperation initAsymmetricOperation(
   KMAttestationCert getAttestationCert(boolean rsaCert);
 
   /**
-   * Returns the implementation of the PKCS8 decoder.
+   * This operation persists the certificate chain in the persistent memory in multiple requests.
    *
-   * @return Instance of PKCS8 decoder.
+   * @param buf buffer containing certificate chain.
+   * @param offset is the start of the buffer.
+   * @param len is the length of the buffer.
+   * @param totalLen is the total length of cert chain.
    */
-  KMPKCS8Decoder getPKCS8DecoderInstance();
+  void persistPartialCertificateChain(byte[] buf, short offset, short len, short totalLen);
 
   /**
-   * This operation persists the provision data in the persistent memory.
-   *
-   * @param buf buffer which contains all the provision data.
-   * @param certChainOff is the start of the cert chain.
-   * @param certChainLen is the length of the cert chain.
-   * @param certIssuerOff is the start of the cert issuer.
-   * @param certIssuerLen is the length of the cert issuer.
-   * @param certExpiryOff is the start of the cert expiry.
-   * @param certExpiryLen is the length of the cert expiry.
+   * This operation clears the certificate chain from persistent memory.
    */
-  void persistProvisionData(byte[] buf, short certChainOff, short certChainLen,
-      short certIssuerOff, short certIssuerLen, short certExpiryOff, short certExpiryLen);
+  void clearCertificateChain();
 
   /**
-   * The operation reads the provisioned data from persistent memory.
+   * The operation reads the certificate chain from persistent memory.
    *
-   * @param dataType type of the provision data to read.
    * @param buf is the start of data buffer.
    * @param offset is the start of the data.
    * @return the length of the data buffer in bytes.
    */
-  short readProvisionedData(byte dataType, byte[] buf, short offset);
+  short readCertificateChain(byte[] buf, short offset);
 
   /**
-   * This function returns the provisioned data length.
+   * This function returns the cert chain length.
    *
-   * @param dataType type of the provision data to read.
    * @return length of the certificate chain.
    */
-  short getProvisionedDataLength(byte dataType);
+  short getCertificateChainLength();
 
   /**
    * This function tells if boot signal event is supported or not.
@@ -555,16 +538,6 @@ void persistProvisionData(byte[] buf, short certChainOff, short certChainLen,
    */
   KMPreSharedKey createPresharedKey(byte[] keyData, short offset, short length);
 
-  /**
-   * This function creates an HMACKey and initializes the key with the provided input key data.
-   *
-   * @param keyData buffer containing the key data.
-   * @param offset start of the buffer.
-   * @param length length of the buffer.
-   * @return An instance of the KMComputedHmacKey.
-   */
-  KMComputedHmacKey createComputedHmacKey(byte[] keyData, short offset, short length);
-
   /**
    * Returns the master key.
    *
@@ -587,28 +560,9 @@ void persistProvisionData(byte[] buf, short certChainOff, short certChainLen,
   KMPreSharedKey getPresharedKey();
 
   /**
-   * Returns the computed Hmac key.
-   *
-   * @return Instance of the computed hmac key.
-   */
-  KMComputedHmacKey getComputedHmacKey();
-
-  /**
-   * Releases all the instance back to pool. Generally this is used when card is reset.
+   * Releases all the instance back to pool.
+   * Generally this is used when card is reset.
    */
   void releaseAllOperations();
 
-  /**
-   * This is a one-shot operation the does digest of the input mesage.
-   *
-   * @param inBuff input buffer to be digested.
-   * @param inOffset start offset of the input buffer.
-   * @param inLength length of the input buffer.
-   * @param outBuff is the output buffer that contains the digested data.
-   * @param outOffset start offset of the digested output buffer.
-   * @return length of the digested data.
-   */
-  short messageDigest256(byte[] inBuff, short inOffset, short inLength, byte[] outBuff,
-      short outOffset);
-
 }
diff --git a/Applet/src/com/android/javacard/keymaster/KMType.java b/Applet/src/com/android/javacard/keymaster/KMType.java
index 00704df2..f571275c 100644
--- a/Applet/src/com/android/javacard/keymaster/KMType.java
+++ b/Applet/src/com/android/javacard/keymaster/KMType.java
@@ -186,8 +186,6 @@ public abstract class KMType {
   public static final short USERID = 0x01F5;
   // Auth Timeout
   public static final short AUTH_TIMEOUT = 0x01F9;
-  // Auth Timeout in Milliseconds
-  public static final short AUTH_TIMEOUT_MILLIS = 0x7FFF;
   // OS Version
   public static final short OS_VERSION = 0x02C1;
   // OS Patch Level
diff --git a/Applet/src/com/android/javacard/keymaster/KMUpgradable.java b/Applet/src/com/android/javacard/keymaster/KMUpgradable.java
index 87204a06..0a241652 100644
--- a/Applet/src/com/android/javacard/keymaster/KMUpgradable.java
+++ b/Applet/src/com/android/javacard/keymaster/KMUpgradable.java
@@ -21,7 +21,7 @@ public interface KMUpgradable {
 
   void onSave(Element ele);
 
-  void onRestore(Element ele, short oldVersion, short currentVersion);
+  void onRestore(Element ele);
 
   short getBackupPrimitiveByteCount();
 
diff --git a/HAL/keymaster/4.1/CommonUtils.cpp b/HAL/keymaster/4.1/CommonUtils.cpp
index 476fe68e..090c8d0d 100644
--- a/HAL/keymaster/4.1/CommonUtils.cpp
+++ b/HAL/keymaster/4.1/CommonUtils.cpp
@@ -212,7 +212,7 @@ pubModulus) {
         return legacy_enum_conversion(TranslateLastOpenSslError());
     }
 
-    UniquePtr rsa_key(EVP_PKEY_get1_RSA(pkey));
+    UniquePtr rsa_key(EVP_PKEY_get1_RSA(pkey));
     if(!rsa_key.get()) {
         return legacy_enum_conversion(TranslateLastOpenSslError());
     }
diff --git a/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp b/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp
index 9df7b6d4..95de2096 100644
--- a/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp
+++ b/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp
@@ -17,12 +17,14 @@
 
 #include 
 #include 
+#include 
+#include 
 #include 
 #include 
 #include 
 #include 
 #include 
-#include 
+#include 
 #include 
 #include 
 #include 
@@ -38,16 +40,15 @@
 
 #define JAVACARD_KEYMASTER_NAME      "JavacardKeymaster4.1Device v1.0"
 #define JAVACARD_KEYMASTER_AUTHOR    "Android Open Source Project"
-#define PROP_BUILD_QEMU              "ro.kernel.qemu"
-#define PROP_BUILD_FINGERPRINT       "ro.build.fingerprint"
-// Cuttlefish build fingerprint substring.
-#define CUTTLEFISH_FINGERPRINT_SS    "aosp_cf_"
 
 #define APDU_CLS 0x80
 #define APDU_P1  0x40
 #define APDU_P2  0x00
 #define APDU_RESP_STATUS_OK 0x9000
 
+#define INS_BEGIN_KM_CMD 0x00
+#define INS_END_KM_PROVISION_CMD 0x20
+#define INS_END_KM_CMD 0x7F
 #define SW_KM_OPR 0UL
 #define SB_KM_OPR 1UL
 #define SE_POWER_RESET_STATUS_FLAG ( 1 << 30)
@@ -68,6 +69,45 @@ struct KM_AUTH_LIST_Delete {
     void operator()(KM_AUTH_LIST* p) { KM_AUTH_LIST_free(p); }
 };
 
+enum class Instruction {
+    // Keymaster commands
+    INS_GENERATE_KEY_CMD = INS_END_KM_PROVISION_CMD+1,
+    INS_IMPORT_KEY_CMD = INS_END_KM_PROVISION_CMD+2,
+    INS_IMPORT_WRAPPED_KEY_CMD = INS_END_KM_PROVISION_CMD+3,
+    INS_EXPORT_KEY_CMD = INS_END_KM_PROVISION_CMD+4,
+    INS_ATTEST_KEY_CMD = INS_END_KM_PROVISION_CMD+5,
+    INS_UPGRADE_KEY_CMD = INS_END_KM_PROVISION_CMD+6,
+    INS_DELETE_KEY_CMD = INS_END_KM_PROVISION_CMD+7,
+    INS_DELETE_ALL_KEYS_CMD = INS_END_KM_PROVISION_CMD+8,
+    INS_ADD_RNG_ENTROPY_CMD = INS_END_KM_PROVISION_CMD+9,
+    INS_COMPUTE_SHARED_HMAC_CMD = INS_END_KM_PROVISION_CMD+10,
+    INS_DESTROY_ATT_IDS_CMD = INS_END_KM_PROVISION_CMD+11,
+    INS_VERIFY_AUTHORIZATION_CMD = INS_END_KM_PROVISION_CMD+12,
+    INS_GET_HMAC_SHARING_PARAM_CMD = INS_END_KM_PROVISION_CMD+13,
+    INS_GET_KEY_CHARACTERISTICS_CMD = INS_END_KM_PROVISION_CMD+14,
+    INS_GET_HW_INFO_CMD = INS_END_KM_PROVISION_CMD+15,
+    INS_BEGIN_OPERATION_CMD = INS_END_KM_PROVISION_CMD+16,
+    INS_UPDATE_OPERATION_CMD = INS_END_KM_PROVISION_CMD+17,
+    INS_FINISH_OPERATION_CMD = INS_END_KM_PROVISION_CMD+18,
+    INS_ABORT_OPERATION_CMD = INS_END_KM_PROVISION_CMD+19,
+    INS_DEVICE_LOCKED_CMD = INS_END_KM_PROVISION_CMD+20,
+    INS_EARLY_BOOT_ENDED_CMD = INS_END_KM_PROVISION_CMD+21,
+    INS_GET_CERT_CHAIN_CMD = INS_END_KM_PROVISION_CMD+22,
+    INS_GET_PROVISION_STATUS_CMD = INS_BEGIN_KM_CMD+8,
+    INS_SET_VERSION_PATCHLEVEL_CMD = INS_BEGIN_KM_CMD+9,
+};
+
+enum ProvisionStatus {
+    NOT_PROVISIONED = 0x00,
+    PROVISION_STATUS_ATTESTATION_KEY = 0x01,
+    PROVISION_STATUS_ATTESTATION_CERT_CHAIN = 0x02,
+    PROVISION_STATUS_ATTESTATION_CERT_PARAMS = 0x04,
+    PROVISION_STATUS_ATTEST_IDS = 0x08,
+    PROVISION_STATUS_PRESHARED_SECRET = 0x10,
+    PROVISION_STATUS_BOOT_PARAM = 0x20,
+    PROVISION_STATUS_PROVISIONING_LOCKED = 0x40,
+};
+
 //Extended error codes
 enum ExtendedErrors {
     SW_CONDITIONS_NOT_SATISFIED = -10001,
@@ -86,20 +126,9 @@ enum ExtendedErrors {
 };
 
 static inline std::unique_ptr& getTransportFactoryInstance() {
-    bool isEmulator = false;
     if(pTransportFactory == nullptr) {
-        // Check if the current build is for emulator or device.
-        isEmulator = android::base::GetBoolProperty(PROP_BUILD_QEMU, false);
-        if (!isEmulator) {
-            std::string fingerprint = android::base::GetProperty(PROP_BUILD_FINGERPRINT, "");
-            if (!fingerprint.empty()) {
-                if (fingerprint.find(CUTTLEFISH_FINGERPRINT_SS, 0) != std::string::npos) {
-                    isEmulator = true;
-                }
-            }
-        }
         pTransportFactory = std::unique_ptr(new se_transport::TransportFactory(
-                    isEmulator));
+                    android::base::GetBoolProperty("ro.kernel.qemu", false)));
         pTransportFactory->openConnection();
     }
     return pTransportFactory;
@@ -173,11 +202,10 @@ static inline OperationType getOperationType(uint64_t operationHandle) {
 
 /* Clears all the strongbox operation handle entries from operation table */
 static void clearStrongboxOprHandleEntries(const std::unique_ptr& oprCtx) {
-    LOG(INFO)
-        << "Secure Element reset or applet upgrade detected. Removing existing operation handles";
+    LOG(INFO) << "Secure Element reset or applet upgrade detected. Removing existing operation handles";
     auto it = operationTable.begin();
     while (it != operationTable.end()) {
-        if (it->second == OperationType::PRIVATE_OPERATION) {  // Strongbox operation
+        if (it->second == OperationType::PRIVATE_OPERATION) { //Strongbox operation
             LOG(INFO) << "operation handle: " << it->first << " is removed";
             oprCtx->clearOperationData(it->first);
             it = operationTable.erase(it);
@@ -364,7 +392,7 @@ uint16_t getStatus(std::vector& inputData) {
     return (inputData.at(inputData.size()-2) << 8) | (inputData.at(inputData.size()-1));
 }
 
-ErrorCode JavacardKeymaster4Device::sendData(Instruction ins, std::vector& inData, std::vector& response) {
+ErrorCode sendData(Instruction ins, std::vector& inData, std::vector& response) {
     ErrorCode ret = ErrorCode::UNKNOWN_ERROR;
     std::vector apdu;
 
@@ -389,20 +417,11 @@ ErrorCode JavacardKeymaster4Device::sendData(Instruction ins, std::vector& oprCtx) {
     ErrorCode errorCode = ErrorCode::UNKNOWN_ERROR;
     cppbor::Array array;
     std::unique_ptr item;
@@ -417,7 +436,7 @@ ErrorCode JavacardKeymaster4Device::setAndroidSystemProperties() {
     if (ErrorCode::OK == errorCode) {
         //Skip last 2 bytes in cborData, it contains status.
         std::tie(item, errorCode) = decodeData(cborConverter_, std::vector(cborOutData.begin(), cborOutData.end()-2),
-                true, oprCtx_);
+                true, oprCtx);
     }
     if (ErrorCode::OK != errorCode) 
         LOG(ERROR) << "Failed to set os_version, os_patchlevel and vendor_patchlevel err: " << (int32_t) errorCode;
@@ -431,15 +450,11 @@ JavacardKeymaster4Device::JavacardKeymaster4Device(): softKm_(new ::keymaster::A
             context->SetSystemVersion(GetOsVersion(), GetOsPatchlevel());
             return context;
             }(),
-            kOperationTableSize, keymaster::MessageVersion(keymaster::KmVersion::KEYMASTER_4_1,
-                                0 /* km_date */) )), oprCtx_(new OperationContext()),
-                                isEachSystemPropertySet(false), isEarlyBootEventPending(false) {
+            kOperationTableSize)), oprCtx_(new OperationContext()), isEachSystemPropertySet(false) {
     // Send Android system properties like os_version, os_patchlevel and vendor_patchlevel
     // to the Applet. Incase if setting system properties fails here, again try setting
     // it from computeSharedHmac.
-
-    if (ErrorCode::OK == setAndroidSystemProperties()) {
-        LOG(ERROR) << "javacard strongbox : setAndroidSystemProperties from constructor - successful";
+    if (ErrorCode::OK == setAndroidSystemProperties(cborConverter_, oprCtx_)) {
         isEachSystemPropertySet = true;
     }
 
@@ -477,7 +492,7 @@ Return JavacardKeymaster4Device::getHardwareInfo(getHardwareInfo_cb _hidl_
     } else {
         // It should not come here, but incase if for any reason SB keymaster fails to getHardwareInfo
         // return proper values from HAL.
-        LOG(ERROR) << "Failed to fetch getHardwareInfo from javacard returning fixed values from HAL itself";
+        LOG(ERROR) << "Failed to fetch getHardwareInfo from javacard";
         _hidl_cb(SecurityLevel::STRONGBOX, JAVACARD_KEYMASTER_NAME, JAVACARD_KEYMASTER_AUTHOR);
         return Void();
     }
@@ -496,14 +511,28 @@ Return JavacardKeymaster4Device::getHmacSharingParameters(getHmacSharingPa
                 true, oprCtx_);
         if (item != nullptr) {
             if(!cborConverter_.getHmacSharingParameters(item, 1, hmacSharingParameters)) {
-                LOG(ERROR) << "javacard strongbox : Failed to convert cbor data of INS_GET_HMAC_SHARING_PARAM_CMD";
+                LOG(ERROR) << "Failed to convert cbor data of INS_GET_HMAC_SHARING_PARAM_CMD";
                 errorCode = ErrorCode::UNKNOWN_ERROR;
             }
         }
-        LOG(DEBUG) << "javacard strongbox : received getHmacSharingParameter from Javacard - successful";
-        // Send earlyBootEnded if there is any pending earlybootEnded event.
-        handleSendEarlyBootEndedEvent();
     }
+#ifdef VTS_EMULATOR
+    /* TODO temporary fix: vold daemon calls performHmacKeyAgreement. At that time when vold calls this API there is no
+     * network connectivity and socket cannot be connected. So as a hack we are calling softkeymaster to getHmacSharing
+     * parameters.
+     */
+    else {
+        auto response = softKm_->GetHmacSharingParameters();
+        LOG(DEBUG) << "INS_GET_HMAC_SHARING_PARAM_CMD not succeded with javacard";
+        LOG(DEBUG) << "Setting software keymaster hmac sharing parameters";
+        hmacSharingParameters.seed.setToExternal(const_cast(response.params.seed.data),
+                response.params.seed.data_length);
+        static_assert(sizeof(response.params.nonce) == hmacSharingParameters.nonce.size(), "Nonce sizes don't match");
+        memcpy(hmacSharingParameters.nonce.data(), response.params.nonce, hmacSharingParameters.nonce.size());
+        errorCode = legacy_enum_conversion(response.error);
+        LOG(DEBUG) << "INS_GET_HMAC_SHARING_PARAM_CMD softkm status: " << (int32_t) errorCode;
+    }
+#endif
     _hidl_cb(errorCode, hmacSharingParameters);
     return Void();
 }
@@ -516,25 +545,21 @@ Return JavacardKeymaster4Device::computeSharedHmac(const hidl_vec tempVec;
     cppbor::Array outerArray;
+#ifndef VTS_EMULATOR
     // The Android system properties like OS_VERSION, OS_PATCHLEVEL and VENDOR_PATCHLEVEL are to 
     // be delivered to the Applet when the HAL is first loaded. Incase if settting system properties
     // failed at construction time then this is one of the ideal places to send this information
     // to the Applet as computeSharedHmac is called everytime when Android device boots.
     if (!isEachSystemPropertySet) {
-        errorCode = setAndroidSystemProperties();
+        errorCode = setAndroidSystemProperties(cborConverter_);
         if (ErrorCode::OK != errorCode) {
             LOG(ERROR) << " Failed to set os_version, os_patchlevel and vendor_patchlevel err: " << (int32_t)errorCode;
             _hidl_cb(errorCode, sharingCheck);
             return Void();
         }
-
-        LOG(ERROR) << "javacard strongbox : setAndroidSystemProperties from ComputeSharedHmac - successful ";
-
         isEachSystemPropertySet = true;
     }
-    
-    // Send earlyBootEnded if there is any pending earlybootEnded event.
-    handleSendEarlyBootEndedEvent();
+#endif
 
     for(size_t i = 0; i < params.size(); ++i) {
         cppbor::Array innerArray;
@@ -551,7 +576,6 @@ Return JavacardKeymaster4Device::computeSharedHmac(const hidl_vec(cborOutData.begin(), cborOutData.end()-2),
                 true, oprCtx_);
@@ -565,12 +589,34 @@ Return JavacardKeymaster4Device::computeSharedHmac(const hidl_vecComputeSharedHmac(request);
+        if (response.error == KM_ERROR_OK) sharingCheck = kmBlob2hidlVec(response.sharing_check);
+        errorCode = legacy_enum_conversion(response.error);
+        LOG(DEBUG) << "INS_COMPUTE_SHARED_HMAC_CMD softkm status: " << (int32_t) errorCode;
+    }
+#endif
     _hidl_cb(errorCode, sharingCheck);
     return Void();
-}
+ }
 
 Return JavacardKeymaster4Device::verifyAuthorization(uint64_t , const hidl_vec& , const HardwareAuthToken& , verifyAuthorization_cb _hidl_cb) {
     VerificationToken verificationToken;
@@ -606,8 +652,7 @@ Return JavacardKeymaster4Device::generateKey(const hidl_vec&
     ErrorCode errorCode = ErrorCode::UNKNOWN_ERROR;
     KeyCharacteristics keyCharacteristics;
     hidl_vec updatedParams(keyParams);
-    // Send earlyBootEnded if there is any pending earlybootEnded event.
-    handleSendEarlyBootEndedEvent();
+
     if(!findTag(keyParams, Tag::CREATION_DATETIME) &&
             !findTag(keyParams, Tag::ACTIVE_DATETIME)) {
         //Add CREATION_DATETIME in HAL, as secure element is not having clock.
@@ -650,8 +695,6 @@ Return JavacardKeymaster4Device::importKey(const hidl_vec& k
     ErrorCode errorCode = ErrorCode::UNKNOWN_ERROR;
     KeyCharacteristics keyCharacteristics;
     cppbor::Array subArray;
-    // Send earlyBootEnded if there is any pending earlybootEnded event.
-    handleSendEarlyBootEndedEvent();
 
     if(keyFormat != KeyFormat::PKCS8 && keyFormat != KeyFormat::RAW) {
         LOG(ERROR) << "INS_IMPORT_KEY_CMD unsupported key format " << (int32_t)keyFormat;
@@ -659,9 +702,16 @@ Return JavacardKeymaster4Device::importKey(const hidl_vec& k
         return Void();
     }
     cborConverter_.addKeyparameters(array, keyParams);
-    array.add(static_cast(keyFormat)); //javacard accepts only RAW.
-  
-    array.add(std::vector(keyData));
+    array.add(static_cast(KeyFormat::RAW)); //javacard accepts only RAW.
+    if(ErrorCode::OK != (errorCode = prepareCborArrayFromKeyData(keyParams, keyFormat, keyData, subArray))) {
+        LOG(ERROR) << "INS_IMPORT_KEY_CMD Error in while creating cbor data from key data:" << (int32_t) errorCode;
+        _hidl_cb(errorCode, keyBlob, keyCharacteristics);
+        return Void();
+    }
+    std::vector encodedArray = subArray.encode();
+    cppbor::Bstr bstr(encodedArray.begin(), encodedArray.end());
+    array.add(bstr);
+
     std::vector cborData = array.encode();
 
     errorCode = sendData(Instruction::INS_IMPORT_KEY_CMD, cborData, cborOutData);
@@ -700,8 +750,7 @@ Return JavacardKeymaster4Device::importWrappedKey(const hidl_vec&
     hidl_vec authList;
     KeyFormat keyFormat;
     std::vector wrappedKeyDescription;
-    // Send earlyBootEnded if there is any pending earlybootEnded event.
-    handleSendEarlyBootEndedEvent();
+
     if(ErrorCode::OK != (errorCode = parseWrappedKey(wrappedKeyData, iv, transitKey, secureKey,
                     tag, authList, keyFormat, wrappedKeyDescription))) {
         LOG(ERROR) << "INS_IMPORT_WRAPPED_KEY_CMD error while parsing wrapped key status: " << (int32_t) errorCode;
@@ -790,11 +839,11 @@ Return JavacardKeymaster4Device::exportKey(KeyFormat exportFormat, const h
         return Void();
     }
 
-    ExportKeyRequest request(softKm_->message_version());
+    ExportKeyRequest request;
     request.key_format = legacy_enum_conversion(exportFormat);
     request.SetKeyMaterial(keyBlob.data(), keyBlob.size());
 
-    ExportKeyResponse response(softKm_->message_version());
+    ExportKeyResponse response;
     softKm_->ExportKey(request, &response);
 
     if(response.error == KM_ERROR_INCOMPATIBLE_ALGORITHM) {
@@ -947,7 +996,12 @@ Return JavacardKeymaster4Device::destroyAttestationIds() {
     return errorCode;
 }
 
-Return JavacardKeymaster4Device::begin(KeyPurpose purpose, const hidl_vec& keyBlob, const hidl_vec& inParams, const HardwareAuthToken& authToken, begin_cb _hidl_cb) {
+
+Return JavacardKeymaster4Device::begin(KeyPurpose purpose,
+                                             const hidl_vec& keyBlob,
+                                             const hidl_vec& inParams,
+                                             const HardwareAuthToken& authToken,
+                                             begin_cb _hidl_cb) {
     ErrorCode errorCode = ErrorCode::UNKNOWN_ERROR;
     uint64_t operationHandle = 0;
     OperationType operType = OperationType::PRIVATE_OPERATION;
@@ -968,20 +1022,21 @@ Return JavacardKeymaster4Device::begin(KeyPurpose purpose, const hidl_vec<
     errorCode = handleBeginOperation(purpose, keyBlob, inParams, authToken, outParams,
                                      operationHandle, operType);
     if (errorCode == ErrorCode::OK && isOperationHandleExists(operationHandle)) {
-        LOG(DEBUG) << "Operation handle " << operationHandle
-                   << "already exists"
+        LOG(DEBUG) << "Operation handle " << operationHandle << "already exists"
                       "in the opertion table. so aborting this opertaion.";
         // abort the operation.
         errorCode = abortOperation(operationHandle, operType);
         if (errorCode == ErrorCode::OK) {
             // retry begin to get an another operation handle.
-            errorCode = handleBeginOperation(purpose, keyBlob, inParams, authToken, outParams,
-                                             operationHandle, operType);
+            errorCode =
+                handleBeginOperation(purpose, keyBlob, inParams, authToken, outParams,
+                                     operationHandle, operType);
             if (errorCode == ErrorCode::OK && isOperationHandleExists(operationHandle)) {
                 errorCode = ErrorCode::UNKNOWN_ERROR;
-                LOG(ERROR) << "INS_BEGIN_OPERATION_CMD: Failed in begin operation as the"
-                              "operation handle already exists in the operation table."
-                           << (int32_t)errorCode;
+                LOG(ERROR)
+                    << "INS_BEGIN_OPERATION_CMD: Failed in begin operation as the"
+                       "operation handle already exists in the operation table."
+                    << (int32_t)errorCode;
                 // abort the operation.
                 auto abortErr = abortOperation(operationHandle, operType);
                 if (abortErr != ErrorCode::OK) {
@@ -993,40 +1048,44 @@ Return JavacardKeymaster4Device::begin(KeyPurpose purpose, const hidl_vec<
     }
     // Create an entry inside the operation table for the new operation
     // handle.
-    if (ErrorCode::OK == errorCode) operationTable[operationHandle] = operType;
+    if (ErrorCode::OK == errorCode)
+        operationTable[operationHandle] = operType;
 
     _hidl_cb(errorCode, outParams, operationHandle);
     return Void();
 }
 
 ErrorCode JavacardKeymaster4Device::handleBeginPublicKeyOperation(
-    KeyPurpose purpose, const hidl_vec& keyBlob, const hidl_vec& inParams,
-    hidl_vec& outParams, uint64_t& operationHandle) {
-    BeginOperationRequest request(softKm_->message_version());
+    KeyPurpose purpose, const hidl_vec& keyBlob,
+    const hidl_vec& inParams, hidl_vec& outParams,
+    uint64_t& operationHandle) {
+    BeginOperationRequest request;
     request.purpose = legacy_enum_conversion(purpose);
     request.SetKeyMaterial(keyBlob.data(), keyBlob.size());
     request.additional_params.Reinitialize(KmParamSet(inParams));
 
-    BeginOperationResponse response(softKm_->message_version());
+    BeginOperationResponse response;
     /* For Symmetric key operation, the BeginOperation returns
      * KM_ERROR_INCOMPATIBLE_ALGORITHM error. */
     softKm_->BeginOperation(request, &response);
     ErrorCode errorCode = legacy_enum_conversion(response.error);
-    LOG(DEBUG) << "INS_BEGIN_OPERATION_CMD softkm BeginOperation status: " << (int32_t)errorCode;
+    LOG(DEBUG) << "INS_BEGIN_OPERATION_CMD softkm BeginOperation status: "
+               << (int32_t)errorCode;
     if (ErrorCode::OK == errorCode) {
         outParams = kmParamSet2Hidl(response.output_params);
         operationHandle = response.op_handle;
     } else {
-        LOG(ERROR) << "INS_BEGIN_OPERATION_CMD error in softkm BeginOperation status: "
-                   << (int32_t)errorCode;
+        LOG(ERROR)
+                << "INS_BEGIN_OPERATION_CMD error in softkm BeginOperation status: "
+                << (int32_t)errorCode;
     }
     return errorCode;
 }
 
 ErrorCode JavacardKeymaster4Device::handleBeginPrivateKeyOperation(
-    KeyPurpose purpose, const hidl_vec& keyBlob, const hidl_vec& inParams,
-    const HardwareAuthToken& authToken, hidl_vec& outParams,
-    uint64_t& operationHandle) {
+    KeyPurpose purpose, const hidl_vec& keyBlob,
+    const hidl_vec& inParams, const HardwareAuthToken& authToken,
+    hidl_vec& outParams, uint64_t& operationHandle) {
     ErrorCode errorCode = ErrorCode::UNKNOWN_ERROR;
     cppbor::Array array;
     std::vector cborOutData;
@@ -1035,8 +1094,6 @@ ErrorCode JavacardKeymaster4Device::handleBeginPrivateKeyOperation(
     KeyCharacteristics keyCharacteristics;
     KeyParameter param;
 
-    // Send earlyBootEnded if there is any pending earlybootEnded event.
-    handleSendEarlyBootEndedEvent();
     /* Convert input data to cbor format */
     array.add(static_cast(purpose));
     array.add(std::vector(keyBlob));
@@ -1062,19 +1119,21 @@ ErrorCode JavacardKeymaster4Device::handleBeginPrivateKeyOperation(
                               errorCode = error;
                               keyCharacteristics = keyChars;
                           });
-    LOG(DEBUG) << "INS_BEGIN_OPERATION_CMD StrongboxKM getKeyCharacteristics status: "
-               << (int32_t)errorCode;
+    LOG(DEBUG)
+            << "INS_BEGIN_OPERATION_CMD StrongboxKM getKeyCharacteristics status: "
+            << (int32_t)errorCode;
 
     if (errorCode == ErrorCode::OK) {
         errorCode = ErrorCode::UNKNOWN_ERROR;
         if (getTag(keyCharacteristics.hardwareEnforced, Tag::ALGORITHM, param)) {
-            errorCode = sendData(Instruction::INS_BEGIN_OPERATION_CMD, cborData, cborOutData);
+            errorCode =
+                    sendData(Instruction::INS_BEGIN_OPERATION_CMD, cborData, cborOutData);
             if (errorCode == ErrorCode::OK) {
                 // Skip last 2 bytes in cborData, it contains status.
-                std::tie(item, errorCode) =
-                    decodeData(cborConverter_,
-                               std::vector(cborOutData.begin(), cborOutData.end() - 2),
-                               true, oprCtx_);
+                std::tie(item, errorCode) = decodeData(
+                        cborConverter_,
+                        std::vector(cborOutData.begin(), cborOutData.end() - 2),
+                        true, oprCtx_);
                 if (item != nullptr) {
                     if (!cborConverter_.getKeyParameters(item, 1, outParams) ||
                         !cborConverter_.getUint64(item, 2, operationHandle)) {
@@ -1082,12 +1141,12 @@ ErrorCode JavacardKeymaster4Device::handleBeginPrivateKeyOperation(
                         outParams.setToExternal(nullptr, 0);
                         operationHandle = 0;
                         LOG(ERROR) << "INS_BEGIN_OPERATION_CMD: error in converting cbor "
-                                      "data, status: "
+                                   "data, status: "
                                    << (int32_t)errorCode;
                     } else {
                         /* Store the operationInfo */
-                        oprCtx_->setOperationInfo(operationHandle, purpose, param.f.algorithm,
-                                                  inParams);
+                        oprCtx_->setOperationInfo(operationHandle, purpose,
+                                                  param.f.algorithm, inParams);
                     }
                 }
             }
@@ -1096,20 +1155,22 @@ ErrorCode JavacardKeymaster4Device::handleBeginPrivateKeyOperation(
                        << (int32_t)Tag::ALGORITHM;
         }
     } else {
-        LOG(ERROR) << "INS_BEGIN_OPERATION_CMD error in getKeyCharacteristics status: "
-                   << (int32_t)errorCode;
+        LOG(ERROR)
+                << "INS_BEGIN_OPERATION_CMD error in getKeyCharacteristics status: "
+                << (int32_t)errorCode;
     }
     return errorCode;
 }
 
 ErrorCode JavacardKeymaster4Device::handleBeginOperation(
-    KeyPurpose purpose, const hidl_vec& keyBlob, const hidl_vec& inParams,
-    const HardwareAuthToken& authToken, hidl_vec& outParams,
-    uint64_t& operationHandle, OperationType& operType) {
+    KeyPurpose purpose, const hidl_vec& keyBlob,
+    const hidl_vec& inParams, const HardwareAuthToken& authToken,
+    hidl_vec& outParams, uint64_t& operationHandle,
+    OperationType& operType) {
     ErrorCode errorCode = ErrorCode::UNKNOWN_ERROR;
     if (operType == OperationType::PUBLIC_OPERATION) {
-        errorCode =
-            handleBeginPublicKeyOperation(purpose, keyBlob, inParams, outParams, operationHandle);
+        errorCode = handleBeginPublicKeyOperation(purpose, keyBlob, inParams,
+                                                  outParams, operationHandle);
 
         // For Symmetric operations handleBeginPublicKeyOperation function
         // returns INCOMPATIBLE_ALGORITHM error. Based on this error
@@ -1120,26 +1181,22 @@ ErrorCode JavacardKeymaster4Device::handleBeginOperation(
     }
 
     if (operType == OperationType::PRIVATE_OPERATION) {
-        errorCode = handleBeginPrivateKeyOperation(purpose, keyBlob, inParams, authToken, outParams,
-                                                   operationHandle);
+        errorCode = handleBeginPrivateKeyOperation(
+            purpose, keyBlob, inParams, authToken, outParams, operationHandle);
     }
     return errorCode;
 }
 
-Return
-JavacardKeymaster4Device::update(uint64_t operationHandle, const hidl_vec& inParams,
-                                 const hidl_vec& input, const HardwareAuthToken& authToken,
-                                 const VerificationToken& verificationToken, update_cb _hidl_cb) {
+Return JavacardKeymaster4Device::update(uint64_t operationHandle, const hidl_vec& inParams, const hidl_vec& input, const HardwareAuthToken& authToken, const VerificationToken& verificationToken, update_cb _hidl_cb) {
     ErrorCode errorCode = ErrorCode::UNKNOWN_ERROR;
     uint32_t inputConsumed = 0;
     hidl_vec outParams;
     hidl_vec output;
-    UpdateOperationResponse response(softKm_->message_version());
+    UpdateOperationResponse response;
     OperationType operType = getOperationType(operationHandle);
-    if (OperationType::UNKNOWN == operType) {  // operation handle not found
-        LOG(ERROR) << " Operation handle is invalid. This could happen if invalid operation handle "
-                      "is passed or if"
-                   << " secure element reset occurred.";
+    if (OperationType::UNKNOWN == operType) { // operation handle not found
+        LOG(ERROR) << " Operation handle is invalid. This could happen if invalid operation handle is passed or if"
+            << " secure element reset occurred.";
         _hidl_cb(ErrorCode::INVALID_OPERATION_HANDLE, inputConsumed, outParams, output);
         return Void();
     }
@@ -1147,7 +1204,7 @@ JavacardKeymaster4Device::update(uint64_t operationHandle, const hidl_vecmessage_version());
+        UpdateOperationRequest request;
         request.op_handle = operationHandle;
         request.input.Reinitialize(input.data(), input.size());
         request.additional_params.Reinitialize(KmParamSet(inParams));
@@ -1155,14 +1212,14 @@ JavacardKeymaster4Device::update(uint64_t operationHandle, const hidl_vecUpdateOperation(request, &response);
         errorCode = legacy_enum_conversion(response.error);
         LOG(DEBUG) << "INS_UPDATE_OPERATION_CMD - swkm update operation status: "
-                   << (int32_t)errorCode;
+                   << (int32_t) errorCode;
         if (response.error == KM_ERROR_OK) {
             inputConsumed = response.input_consumed;
             outParams = kmParamSet2Hidl(response.output_params);
             output = kmBuffer2hidlVec(response.output);
         } else {
-            LOG(ERROR) << "INS_UPDATE_OPERATION_CMD - error swkm update operation status: "
-                       << (int32_t)errorCode;
+          LOG(ERROR) << "INS_UPDATE_OPERATION_CMD - error swkm update operation status: "
+                     << (int32_t) errorCode;
         }
     } else {
         /* Strongbox Keymaster operation */
@@ -1175,24 +1232,20 @@ JavacardKeymaster4Device::update(uint64_t operationHandle, const hidl_vec item;
             std::vector cborOutData;
             std::vector asn1ParamsVerified;
-            // For symmetic ciphers only block aligned data is send to javacard Applet to reduce the
-            // number of calls to
-            // javacard. If the input message is less than block size then it is buffered inside the
-            // HAL. so in case if
+            // For symmetic ciphers only block aligned data is send to javacard Applet to reduce the number of calls to
+            //javacard. If the input message is less than block size then it is buffered inside the HAL. so in case if
             // after buffering there is no data to send to javacard don't call javacard applet.
-            // For AES GCM operations, even though the input length is 0(which is not block
-            // aligned), if there is ASSOCIATED_DATA present in KeyParameters. Then we need to make
-            // a call to javacard Applet.
-            if (data.size() == 0 && !findTag(inParams, Tag::ASSOCIATED_DATA)) {
-                // Return OK, since this is not error case.
+            //For AES GCM operations, even though the input length is 0(which is not block aligned), if there is
+            //ASSOCIATED_DATA present in KeyParameters. Then we need to make a call to javacard Applet.
+            if(data.size() == 0 && !findTag(inParams, Tag::ASSOCIATED_DATA)) {
+                //Return OK, since this is not error case.
                 LOG(DEBUG) << "sendDataCallback: data size is zero";
                 return ErrorCode::OK;
             }
 
-            if (ErrorCode::OK !=
-                (errorCode = encodeParametersVerified(verificationToken, asn1ParamsVerified))) {
+            if(ErrorCode::OK != (errorCode = encodeParametersVerified(verificationToken, asn1ParamsVerified))) {
                 LOG(ERROR) << "sendDataCallback: error in encodeParametersVerified status: "
-                           << (int32_t)errorCode;
+                           << (int32_t) errorCode;
                 return errorCode;
             }
 
@@ -1206,50 +1259,43 @@ JavacardKeymaster4Device::update(uint64_t operationHandle, const hidl_vec(cborOutData.begin(), cborOutData.end() - 2),
-                               true, oprCtx_);
+            if(errorCode == ErrorCode::OK) {
+                //Skip last 2 bytes in cborData, it contains status.
+                std::tie(item, errorCode) = decodeData(cborConverter_, std::vector(cborOutData.begin(), cborOutData.end()-2),
+                        true, oprCtx_);
                 if (item != nullptr) {
                     /*Ignore inputConsumed from javacard SE since HAL consumes all the input */
-                    // cborConverter_.getUint64(item, 1, inputConsumed);
-                    // This callback function may gets called multiple times so parse and get the
-                    // outParams only once. Otherwise there can be chance of duplicate entries in
-                    // outParams. Use tempOut to collect all the cipher text and finally copy it to
-                    // the output. getBinaryArray function appends the new cipher text at the end of
-                    // the tempOut(std::vector).
-                    if ((outParams.size() == 0 &&
-                         !cborConverter_.getKeyParameters(item, 2, outParams)) ||
-                        !cborConverter_.getBinaryArray(item, 3, tempOut)) {
+                    //cborConverter_.getUint64(item, 1, inputConsumed);
+                    //This callback function may gets called multiple times so parse and get the outParams only once.
+                    //Otherwise there can be chance of duplicate entries in outParams. Use tempOut to collect all the
+                    //cipher text and finally copy it to the output. getBinaryArray function appends the new cipher text
+                    //at the end of the tempOut(std::vector).
+                    if((outParams.size() == 0 && !cborConverter_.getKeyParameters(item, 2, outParams)) ||
+                            !cborConverter_.getBinaryArray(item, 3, tempOut)) {
                         outParams.setToExternal(nullptr, 0);
                         tempOut.clear();
                         errorCode = ErrorCode::UNKNOWN_ERROR;
-                        LOG(ERROR) << "sendDataCallback: INS_UPDATE_OPERATION_CMD: error while "
-                                      "converting cbor data, status: "
-                                   << (int32_t)errorCode;
+                        LOG(ERROR) << "sendDataCallback: INS_UPDATE_OPERATION_CMD: error while converting cbor data, status: " << (int32_t) errorCode;
                     }
                 }
             }
             return errorCode;
         };
-        if (ErrorCode::OK ==
-            (errorCode =
-                 oprCtx_->update(operationHandle, std::vector(input), sendDataCallback))) {
+        if(ErrorCode::OK == (errorCode = oprCtx_->update(operationHandle, std::vector(input),
+                        sendDataCallback))) {
             /* Consumed all the input */
             inputConsumed = input.size();
             output = tempOut;
         }
-        LOG(DEBUG) << "Update operation status: " << (int32_t)errorCode;
-        if (ErrorCode::OK != errorCode) {
-            LOG(ERROR) << "Error in update operation, status: " << (int32_t)errorCode;
+        LOG(DEBUG) << "Update operation status: " << (int32_t) errorCode;
+        if(ErrorCode::OK != errorCode) {
+            LOG(ERROR) << "Error in update operation, status: " << (int32_t) errorCode;
             abort(operationHandle);
         }
     }
-    if (ErrorCode::OK != errorCode) {
+    if(ErrorCode::OK != errorCode) {
         /* Delete the entry from operation table. */
-        LOG(ERROR) << "Delete entry from operation table, status: " << (int32_t)errorCode;
+        LOG(ERROR) << "Delete entry from operation table, status: " << (int32_t) errorCode;
         operationTable.erase(operationHandle);
     }
 
@@ -1257,21 +1303,16 @@ JavacardKeymaster4Device::update(uint64_t operationHandle, const hidl_vec
-JavacardKeymaster4Device::finish(uint64_t operationHandle, const hidl_vec& inParams,
-                                 const hidl_vec& input, const hidl_vec& signature,
-                                 const HardwareAuthToken& authToken,
-                                 const VerificationToken& verificationToken, finish_cb _hidl_cb) {
+Return JavacardKeymaster4Device::finish(uint64_t operationHandle, const hidl_vec& inParams, const hidl_vec& input, const hidl_vec& signature, const HardwareAuthToken& authToken, const VerificationToken& verificationToken, finish_cb _hidl_cb) {
     ErrorCode errorCode = ErrorCode::UNKNOWN_ERROR;
     hidl_vec outParams;
     hidl_vec output;
-    FinishOperationResponse response(softKm_->message_version());
+    FinishOperationResponse response;
     OperationType operType = getOperationType(operationHandle);
 
-    if (OperationType::UNKNOWN == operType) {  // operation handle not found
-        LOG(ERROR) << " Operation handle is invalid. This could happen if invalid operation handle "
-                      "is passed or if"
-                   << " secure element reset occurred.";
+    if (OperationType::UNKNOWN == operType) { // operation handle not found
+        LOG(ERROR) << " Operation handle is invalid. This could happen if invalid operation handle is passed or if"
+            << " secure element reset occurred.";
         _hidl_cb(ErrorCode::INVALID_OPERATION_HANDLE, outParams, output);
         return Void();
     }
@@ -1279,7 +1320,7 @@ JavacardKeymaster4Device::finish(uint64_t operationHandle, const hidl_vecmessage_version());
+        FinishOperationRequest request;
         request.op_handle = operationHandle;
         request.input.Reinitialize(input.data(), input.size());
         request.signature.Reinitialize(signature.data(), signature.size());
@@ -1288,13 +1329,13 @@ JavacardKeymaster4Device::finish(uint64_t operationHandle, const hidl_vecFinishOperation(request, &response);
 
         errorCode = legacy_enum_conversion(response.error);
-        LOG(DEBUG) << "FINISH - swkm operation, status: " << (int32_t)errorCode;
+        LOG(DEBUG) << "FINISH - swkm operation, status: " << (int32_t) errorCode;
 
         if (response.error == KM_ERROR_OK) {
             outParams = kmParamSet2Hidl(response.output_params);
             output = kmBuffer2hidlVec(response.output);
         } else {
-            LOG(ERROR) << "Error in finish operation, status: " << (int32_t)errorCode;
+            LOG(ERROR) << "Error in finish operation, status: " << (int32_t) errorCode;
         }
     } else {
         /* Strongbox Keymaster operation */
@@ -1304,8 +1345,8 @@ JavacardKeymaster4Device::finish(uint64_t operationHandle, const hidl_vec& data, bool finish) -> ErrorCode {
             cppbor::Array array;
@@ -1315,26 +1356,23 @@ JavacardKeymaster4Device::finish(uint64_t operationHandle, const hidl_vec asn1ParamsVerified;
 
-            if (ErrorCode::OK !=
-                (errorCode = encodeParametersVerified(verificationToken, asn1ParamsVerified))) {
-                LOG(ERROR) << "sendDataCallback: Error in encodeParametersVerified, status: "
-                           << (int32_t)errorCode;
+            if(ErrorCode::OK != (errorCode = encodeParametersVerified(verificationToken, asn1ParamsVerified))) {
+                LOG(ERROR) << "sendDataCallback: Error in encodeParametersVerified, status: " << (int32_t) errorCode;
                 return errorCode;
             }
 
-            // In case if there is ASSOCIATED_DATA present in the keyparams, then make sure it is
-            // either passed with update call or finish call. Don't send ASSOCIATED_DATA in both
-            // update and finish calls. aadTag is used to check if ASSOCIATED_DATA is already sent
-            // in update call. If addTag is true then skip ASSOCIATED_DATA from keyparams in finish
-            // call.
-            //  Convert input data to cbor format
+            //In case if there is ASSOCIATED_DATA present in the keyparams, then make sure it is either passed with
+            //update call or finish call. Don't send ASSOCIATED_DATA in both update and finish calls. aadTag is used to
+            //check if ASSOCIATED_DATA is already sent in update call. If addTag is true then skip ASSOCIATED_DATA from
+            //keyparams in finish call.
+            // Convert input data to cbor format
             array.add(operationHandle);
-            if (finish) {
+            if(finish) {
                 std::vector finishParams;
                 LOG(DEBUG) << "sendDataCallback: finish operation";
-                if (aadTag) {
-                    for (int i = 0; i < inParams.size(); i++) {
-                        if (inParams[i].tag != Tag::ASSOCIATED_DATA)
+                if(aadTag) {
+                    for(int i = 0; i < inParams.size(); i++) {
+                        if(inParams[i].tag != Tag::ASSOCIATED_DATA)
                             finishParams.push_back(inParams[i]);
                     }
                 } else {
@@ -1348,7 +1386,7 @@ JavacardKeymaster4Device::finish(uint64_t operationHandle, const hidl_vec cborData = array.encode();
             errorCode = sendData(ins, cborData, cborOutData);
 
-            if (errorCode == ErrorCode::OK) {
-                // Skip last 2 bytes in cborData, it contains status.
-                std::tie(item, errorCode) =
-                    decodeData(cborConverter_,
-                               std::vector(cborOutData.begin(), cborOutData.end() - 2),
-                               true, oprCtx_);
+            if(errorCode == ErrorCode::OK) {
+                //Skip last 2 bytes in cborData, it contains status.
+                std::tie(item, errorCode) = decodeData(cborConverter_, std::vector(cborOutData.begin(), cborOutData.end()-2),
+                        true, oprCtx_);
                 if (item != nullptr) {
-                    // There is a change that this finish callback may gets called multiple times if
-                    // the input data size is larger the MAX_ALLOWED_INPUT_SIZE (Refer
-                    // OperationContext) so parse and get the outParams only once. Otherwise there
-                    // can be chance of duplicate entries in outParams. Use tempOut to collect all
-                    // the cipher text and finally copy it to the output. getBinaryArray function
-                    // appends the new cipher text at the end of the tempOut(std::vector).
-                    if ((outParams.size() == 0 &&
-                         !cborConverter_.getKeyParameters(item, keyParamPos, outParams)) ||
-                        !cborConverter_.getBinaryArray(item, outputPos, tempOut)) {
+                    //There is a change that this finish callback may gets called multiple times if the input data size
+                    //is larger the MAX_ALLOWED_INPUT_SIZE (Refer OperationContext) so parse and get the outParams only
+                    //once. Otherwise there can be chance of duplicate entries in outParams. Use tempOut to collect all
+                    //the cipher text and finally copy it to the output. getBinaryArray function appends the new cipher
+                    //text at the end of the tempOut(std::vector).
+                    if((outParams.size() == 0 && !cborConverter_.getKeyParameters(item, keyParamPos, outParams)) ||
+                            !cborConverter_.getBinaryArray(item, outputPos, tempOut)) {
                         outParams.setToExternal(nullptr, 0);
                         tempOut.clear();
                         errorCode = ErrorCode::UNKNOWN_ERROR;
-                        LOG(ERROR)
-                            << "sendDataCallback: error while converting cbor data in operation: "
-                            << (int32_t)ins << " decodeData, status: " << (int32_t)errorCode;
+                        LOG(ERROR) << "sendDataCallback: error while converting cbor data in operation: " << (int32_t)ins << " decodeData, status: " << (int32_t) errorCode;
                     }
                 }
             }
             return errorCode;
         };
-        if (ErrorCode::OK ==
-            (errorCode =
-                 oprCtx_->finish(operationHandle, std::vector(input), sendDataCallback))) {
+        if(ErrorCode::OK == (errorCode = oprCtx_->finish(operationHandle, std::vector(input),
+                        sendDataCallback))) {
             output = tempOut;
         }
         if (ErrorCode::OK != errorCode) {
-            LOG(ERROR) << "Error in finish operation, status: " << (int32_t)errorCode;
+            LOG(ERROR) << "Error in finish operation, status: " << (int32_t) errorCode;
             abort(operationHandle);
         }
     }
     /* Delete the entry from operation table. */
     operationTable.erase(operationHandle);
     oprCtx_->clearOperationData(operationHandle);
-    LOG(DEBUG) << "finish operation, status: " << (int32_t)errorCode;
+    LOG(DEBUG) << "finish operation, status: " << (int32_t) errorCode;
     _hidl_cb(errorCode, outParams, output);
     return Void();
 }
 
-ErrorCode JavacardKeymaster4Device::abortPrivateKeyOperation(uint64_t operationHandle) {
-    ErrorCode errorCode = ErrorCode::UNKNOWN_ERROR;
-    cppbor::Array array;
-    std::unique_ptr item;
-    std::vector cborOutData;
-
-    /* Convert input data to cbor format */
-    array.add(operationHandle);
-    std::vector cborData = array.encode();
-
-    errorCode = sendData(Instruction::INS_ABORT_OPERATION_CMD, cborData, cborOutData);
-
-    if (errorCode == ErrorCode::OK) {
-        // Skip last 2 bytes in cborData, it contains status.
-        std::tie(item, errorCode) = decodeData(
-            cborConverter_, std::vector(cborOutData.begin(), cborOutData.end() - 2), true,
-            oprCtx_);
-    }
-    return errorCode;
+ErrorCode JavacardKeymaster4Device::abortPrivateKeyOperation(
+    uint64_t operationHandle) {
+  ErrorCode errorCode = ErrorCode::UNKNOWN_ERROR;
+  cppbor::Array array;
+  std::unique_ptr item;
+  std::vector cborOutData;
+
+  /* Convert input data to cbor format */
+  array.add(operationHandle);
+  std::vector cborData = array.encode();
+
+  errorCode =
+      sendData(Instruction::INS_ABORT_OPERATION_CMD, cborData, cborOutData);
+
+  if (errorCode == ErrorCode::OK) {
+    // Skip last 2 bytes in cborData, it contains status.
+    std::tie(item, errorCode) = decodeData(
+        cborConverter_,
+        std::vector(cborOutData.begin(), cborOutData.end() - 2), true,
+        oprCtx_);
+  }
+  return errorCode;
 }
 
-ErrorCode JavacardKeymaster4Device::abortPublicKeyOperation(uint64_t operationHandle) {
-    ErrorCode errorCode = ErrorCode::UNKNOWN_ERROR;
-    AbortOperationRequest request(softKm_->message_version());
-    request.op_handle = operationHandle;
+ErrorCode JavacardKeymaster4Device::abortPublicKeyOperation(
+    uint64_t operationHandle) {
+  ErrorCode errorCode = ErrorCode::UNKNOWN_ERROR;
+  AbortOperationRequest request;
+  request.op_handle = operationHandle;
 
-    AbortOperationResponse response(softKm_->message_version());
-    softKm_->AbortOperation(request, &response);
+  AbortOperationResponse response;
+  softKm_->AbortOperation(request, &response);
 
-    errorCode = legacy_enum_conversion(response.error);
-    return errorCode;
+  errorCode = legacy_enum_conversion(response.error);
+  return errorCode;
 }
 
 ErrorCode JavacardKeymaster4Device::abortOperation(uint64_t operationHandle,
                                                    OperationType operType) {
-    if (operType == OperationType::UNKNOWN) return ErrorCode::UNKNOWN_ERROR;
+    if (operType == OperationType::UNKNOWN)
+        return ErrorCode::UNKNOWN_ERROR;
 
     if (OperationType::PUBLIC_OPERATION == operType) {
         return abortPublicKeyOperation(operationHandle);
@@ -1454,20 +1490,20 @@ ErrorCode JavacardKeymaster4Device::abortOperation(uint64_t operationHandle,
 Return JavacardKeymaster4Device::abort(uint64_t operationHandle) {
     ErrorCode errorCode = ErrorCode::UNKNOWN_ERROR;
     OperationType operType = getOperationType(operationHandle);
-    if (OperationType::UNKNOWN == operType) {  // operation handle not found
+    if (OperationType::UNKNOWN == operType) { // operation handle not found
         LOG(ERROR) << " Operation handle is invalid. This could happen if invalid "
                       "operation handle is passed or if"
                    << " secure element reset occurred.";
         return ErrorCode::INVALID_OPERATION_HANDLE;
     }
 
-    errorCode = abortOperation(operationHandle, operType);
-    if (errorCode == ErrorCode::OK) {
-        /* Delete the entry on this operationHandle */
-        oprCtx_->clearOperationData(operationHandle);
-        operationTable.erase(operationHandle);
-    }
-    return errorCode;
+  errorCode = abortOperation(operationHandle, operType);
+  if (errorCode == ErrorCode::OK) {
+      /* Delete the entry on this operationHandle */
+      oprCtx_->clearOperationData(operationHandle);
+      operationTable.erase(operationHandle);
+  }
+  return errorCode;
 }
 
 // Methods from ::android::hardware::keymaster::V4_1::IKeymasterDevice follow.
@@ -1475,10 +1511,11 @@ Return<::android::hardware::keymaster::V4_1::ErrorCode> JavacardKeymaster4Device
     cppbor::Array array;
     std::unique_ptr item;
     std::vector cborOutData;
-    V41ErrorCode errorCode = V41ErrorCode::UNKNOWN_ERROR;
+    ::android::hardware::keymaster::V4_1::ErrorCode errorCode = ::android::hardware::keymaster::V4_1::ErrorCode::UNKNOWN_ERROR;
     std::vector asn1ParamsVerified;
+    ErrorCode ret = ErrorCode::UNKNOWN_ERROR;
 
-    if(V41ErrorCode::OK != (errorCode = static_cast(encodeParametersVerified(verificationToken, asn1ParamsVerified)))) {
+    if(ErrorCode::OK != (ret = encodeParametersVerified(verificationToken, asn1ParamsVerified))) {
         LOG(DEBUG) << "INS_DEVICE_LOCKED_CMD: Error in encodeParametersVerified, status: " << (int32_t) errorCode;
         return errorCode;
     }
@@ -1488,11 +1525,11 @@ Return<::android::hardware::keymaster::V4_1::ErrorCode> JavacardKeymaster4Device
     cborConverter_.addVerificationToken(array, verificationToken, asn1ParamsVerified);
     std::vector cborData = array.encode();
 
-    errorCode = static_cast(sendData(Instruction::INS_DEVICE_LOCKED_CMD, cborData, cborOutData));
+    ret = sendData(Instruction::INS_DEVICE_LOCKED_CMD, cborData, cborOutData);
 
-    if(errorCode == V41ErrorCode::OK) {
+    if(ret == ErrorCode::OK) {
         //Skip last 2 bytes in cborData, it contains status.
-        std::tie(item, errorCode) = decodeData(
+        std::tie(item, errorCode) = decodeData<::android::hardware::keymaster::V4_1::ErrorCode>(
                 cborConverter_, std::vector(cborOutData.begin(), cborOutData.end()-2), true, oprCtx_);
     }
     return errorCode;
@@ -1503,17 +1540,14 @@ Return<::android::hardware::keymaster::V4_1::ErrorCode> JavacardKeymaster4Device
     std::string message;
     std::vector cborOutData;
     std::vector cborInput;
-    V41ErrorCode errorCode = V41ErrorCode::UNKNOWN_ERROR;
+    ::android::hardware::keymaster::V4_1::ErrorCode errorCode = ::android::hardware::keymaster::V4_1::ErrorCode::UNKNOWN_ERROR;
 
-    errorCode = static_cast(sendData(Instruction::INS_EARLY_BOOT_ENDED_CMD, cborInput, cborOutData));
+    ErrorCode ret = sendData(Instruction::INS_EARLY_BOOT_ENDED_CMD, cborInput, cborOutData);
 
-    if(errorCode == V41ErrorCode::OK) {
+    if(ret == ErrorCode::OK) {
         //Skip last 2 bytes in cborData, it contains status.
-        std::tie(item, errorCode) = decodeData(
+        std::tie(item, errorCode) = decodeData<::android::hardware::keymaster::V4_1::ErrorCode>(
                 cborConverter_, std::vector(cborOutData.begin(), cborOutData.end()-2), true, oprCtx_);
-    } else {
-        // Incase of failure cache the event and send in the next immediate request to Applet.
-        isEarlyBootEventPending = true;
     }
     return errorCode;
 }
diff --git a/HAL/keymaster/4.1/JavacardOperationContext.cpp b/HAL/keymaster/4.1/JavacardOperationContext.cpp
index 64c13c71..7319cb3c 100644
--- a/HAL/keymaster/4.1/JavacardOperationContext.cpp
+++ b/HAL/keymaster/4.1/JavacardOperationContext.cpp
@@ -18,7 +18,7 @@
 #include 
 #include 
 
-#define MAX_ALLOWED_INPUT_SIZE 256
+#define MAX_ALLOWED_INPUT_SIZE 512
 #define AES_BLOCK_SIZE          16
 #define DES_BLOCK_SIZE           8
 #define RSA_INPUT_MSG_LEN      256
@@ -50,10 +50,6 @@ inline ErrorCode hidlParamSet2OperatinInfo(const hidl_vec& params,
             case Tag::BLOCK_MODE:
                 info.mode = static_cast(param.f.integer);
                 break;
-            case Tag::MAC_LENGTH:
-                // Convert to bytes.
-                info.macLength = (param.f.integer / 8);
-                break;
             default:
                 continue;
         }
@@ -65,12 +61,12 @@ ErrorCode OperationContext::setOperationInfo(uint64_t operationHandle, KeyPurpos
         const hidl_vec& params) {
     ErrorCode errorCode = ErrorCode::OK;
     OperationData data;
-    memset((void *)&data, 0, sizeof(OperationData));
     if(ErrorCode::OK != (errorCode = hidlParamSet2OperatinInfo(params, data.info))) {
         return errorCode;
     }
     data.info.purpose = purpose;
     data.info.alg = alg;
+    memset((void*)&(data.data), 0x00, sizeof(data.data));
     operationTable[operationHandle] = data;
     return ErrorCode::OK;
 }
@@ -116,7 +112,9 @@ ErrorCode OperationContext::validateInputData(uint64_t operHandle, Operation opr
         //combine both the data in a single buffer. This helps in making sure that no data is left out in the buffer after
         //finish opertion.
         if((oprData.data.buf_len+actualInput.size()) > MAX_ALLOWED_INPUT_SIZE) {
-            input.insert(input.end(), oprData.data.buf, oprData.data.buf + oprData.data.buf_len);
+            for(size_t i = 0; i < oprData.data.buf_len; ++i) {
+                input.push_back(oprData.data.buf[i]);
+            }
             input.insert(input.end(), actualInput.begin(), actualInput.end());
             //As buffered data is already consumed earse the buffer.
             if(oprData.data.buf_len != 0) {
@@ -147,20 +145,20 @@ ErrorCode OperationContext::update(uint64_t operHandle, const std::vector newInput(first, end);
-            if(ErrorCode::OK != (errorCode = handleInternalUpdate(operHandle, newInput,
+            if(ErrorCode::OK != (errorCode = handleInternalUpdate(operHandle, newInput.data(), newInput.size(),
                             Operation::Update, cb))) {
                 return errorCode;
             }
         }
         if(extraData > 0) {
             std::vector finalInput(input.cend()-extraData, input.cend());
-            if(ErrorCode::OK != (errorCode = handleInternalUpdate(operHandle, finalInput, 
+            if(ErrorCode::OK != (errorCode = handleInternalUpdate(operHandle, finalInput.data(), finalInput.size(), 
                             Operation::Update, cb))) {
                 return errorCode;
             }
         }
     } else {
-        if(ErrorCode::OK != (errorCode = handleInternalUpdate(operHandle, input, 
+        if(ErrorCode::OK != (errorCode = handleInternalUpdate(operHandle, input.data(), input.size(), 
                         Operation::Update, cb))) {
             return errorCode;
         }
@@ -185,13 +183,13 @@ ErrorCode OperationContext::finish(uint64_t operHandle, const std::vector newInput(first, end);
             if(extraData == 0 && (i == noOfChunks - 1)) {
                 //Last chunk
-                if(ErrorCode::OK != (errorCode = handleInternalUpdate(operHandle, newInput,
+                if(ErrorCode::OK != (errorCode = handleInternalUpdate(operHandle, newInput.data(), newInput.size(),
                                 Operation::Finish, cb, true))) {
                     return errorCode;
                 }
 
             } else {
-                if(ErrorCode::OK != (errorCode = handleInternalUpdate(operHandle, newInput,
+                if(ErrorCode::OK != (errorCode = handleInternalUpdate(operHandle, newInput.data(), newInput.size(),
                                 Operation::Update, cb))) {
                     return errorCode;
                 }
@@ -199,13 +197,13 @@ ErrorCode OperationContext::finish(uint64_t operHandle, const std::vector 0) {
             std::vector finalInput(input.cend()-extraData, input.cend());
-            if(ErrorCode::OK != (errorCode = handleInternalUpdate(operHandle, finalInput, 
+            if(ErrorCode::OK != (errorCode = handleInternalUpdate(operHandle, finalInput.data(), finalInput.size(), 
                             Operation::Finish, cb, true))) {
                 return errorCode;
             }
         }
     } else {
-        if(ErrorCode::OK != (errorCode = handleInternalUpdate(operHandle, input, 
+        if(ErrorCode::OK != (errorCode = handleInternalUpdate(operHandle, input.data(), input.size(), 
                         Operation::Finish, cb, true))) {
             return errorCode;
         }
@@ -215,23 +213,22 @@ ErrorCode OperationContext::finish(uint64_t operHandle, const std::vector& input,
+ErrorCode OperationContext::getBlockAlignedData(uint64_t operHandle, uint8_t* input, size_t input_len,
         Operation opr, std::vector& out) {
+    size_t dataToSELen = 0;/*Length of the data to be send to the Applet.*/
+    size_t inputConsumed = 0;/*Length of the data consumed from input */
+    size_t blockSize = 0;
     BufferedData& data = operationTable[operHandle].data;
-    int dataToSELen = 0;/*Length of the data to be send to the Applet.*/
-    int inputConsumed = 0;/*Length of the data consumed from input */
-    int bufferLengthConsumed = 0; /* Length of the data consumed from Buffer */
-    int blockSize = 0;
     int bufIndex = data.buf_len;
     if(Algorithm::AES == operationTable[operHandle].info.alg) {
         blockSize = AES_BLOCK_SIZE;
@@ -243,43 +240,33 @@ ErrorCode OperationContext::bufferData(uint64_t operHandle, std::vector
 
     if(opr == Operation::Finish) {
         //Copy the buffer to be send to SE.
-        out.insert(out.end(), data.buf, data.buf + data.buf_len);
-        dataToSELen = data.buf_len + input.size();
-        bufferLengthConsumed  = data.buf_len;
+        for(int i = 0; i < data.buf_len; i++)
+        {
+            out.push_back(data.buf[i]);
+        }
+        dataToSELen = data.buf_len + input_len;
     } else {
         /*Update */
         //Calculate the block sized length on combined input of both buffered data and input data.
-        // AES/TDES, Encrypt/Decrypt PKCS7 Padding:
-        //     Buffer till blockSize of data is received.
-        // AES GCM Decrypt:
-        //     Buffer tag length bytes of data.
-        if (operationTable[operHandle].info.pad == PaddingMode::PKCS7) {
-            if (operationTable[operHandle].info.purpose == KeyPurpose::DECRYPT) {
-                /* Buffer till we receive more than blockSize of data of atleast one byte*/
-                dataToSELen = ((data.buf_len + input.size()) / blockSize) * blockSize;
-                int remaining = ((data.buf_len + input.size()) % blockSize);
-                if (dataToSELen >= blockSize && remaining == 0) {
-                    dataToSELen -= blockSize;
-                }
-            } else { // Encrypt
-                dataToSELen = ((data.buf_len + input.size()) / blockSize) * blockSize;
-            }
-        } else if (operationTable[operHandle].info.mode == BlockMode::GCM &&
-            operationTable[operHandle].info.purpose == KeyPurpose::DECRYPT) {
-            /* Always Buffer mac length bytes */
-            dataToSELen = 0;
-            if ((data.buf_len + input.size()) > operationTable[operHandle].info.macLength) {
-                dataToSELen = (data.buf_len + input.size()) - operationTable[operHandle].info.macLength;
-            }
-        } else {
-            /* No Buffering */
-            dataToSELen = input.size();
+        size_t blockAlignedLen = ((data.buf_len + input_len)/blockSize) * blockSize;
+        //For symmetric ciphers, decryption operation and PKCS7 padding mode or AES GCM operation save the last 16 bytes
+        //of block and send this block in finish operation. This is done to make sure that there will be always a 16
+        //bytes of data left for finish operation so that javacard Applet may remove PKCS7 padding if any or get the tag
+        //data for AES GCM operation for authentication purpose.
+        if(((operationTable[operHandle].info.alg == Algorithm::AES) || 
+                    (operationTable[operHandle].info.alg == Algorithm::TRIPLE_DES)) &&
+                (operationTable[operHandle].info.pad == PaddingMode::PKCS7 ||
+                 operationTable[operHandle].info.mode == BlockMode::GCM) &&
+                (operationTable[operHandle].info.purpose == KeyPurpose::DECRYPT)) {
+            if(blockAlignedLen >= blockSize) blockAlignedLen -= blockSize;
         }
         //Copy data to be send to SE from buffer, only if atleast a minimum block aligned size is available.
-        if(dataToSELen > 0) {
-            bufferLengthConsumed = (dataToSELen > data.buf_len) ? data.buf_len : dataToSELen;
-            out.insert(out.end(), data.buf, data.buf + bufferLengthConsumed);
+        if(blockAlignedLen >= blockSize) {
+            for(size_t pos = 0; pos < std::min(blockAlignedLen, data.buf_len); pos++) {
+                out.push_back(data.buf[pos]);
+            }
         }
+        dataToSELen = blockAlignedLen;
     }
 
     if(dataToSELen > 0) {
@@ -289,16 +276,17 @@ ErrorCode OperationContext::bufferData(uint64_t operHandle, std::vector
         //data i.e. AES/TDES Decryption with PKC7Padding or AES GCM Decryption operations.
         inputConsumed = (data.buf_len > dataToSELen) ? 0 : (dataToSELen - data.buf_len);
 
-        // Copy the buffer to be send to SE.
-        if (inputConsumed > 0) {
-            out.insert(out.end(), input.begin(), input.begin() + inputConsumed);
+        //Copy the buffer to be send to SE.
+        for(int i = 0; i < inputConsumed; i++)
+        {
+            out.push_back(input[i]);
         }
 
-        if (bufferLengthConsumed < data.buf_len) {
-            // Only a portion of data is consumed from buffer so reorder the buffer data.
-            memmove(data.buf, (data.buf + bufferLengthConsumed), (data.buf_len - bufferLengthConsumed));
-            memset((data.buf + data.buf_len - bufferLengthConsumed), 0x00, bufferLengthConsumed);
-            data.buf_len -= bufferLengthConsumed;
+        if(data.buf_len > dataToSELen) {
+            //Only blockAlignedLen data is consumed from buffer so reorder the buffer data.
+            memcpy(data.buf, data.buf+dataToSELen, data.buf_len-dataToSELen);
+            memset(data.buf+dataToSELen, 0x00, data.buf_len-dataToSELen);
+            data.buf_len -= dataToSELen;
             bufIndex = data.buf_len;
         } else {
             // All the data is consumed so clear buffer
@@ -310,19 +298,22 @@ ErrorCode OperationContext::bufferData(uint64_t operHandle, std::vector
     }
 
     //Store the remaining buffer for later use.
-    data.buf_len += (input.size() - inputConsumed);
-    std::copy(input.begin() + inputConsumed, input.end(), data.buf + bufIndex);
+    data.buf_len += (input_len - inputConsumed);
+    for(int i = 0; i < (input_len - inputConsumed); i++)
+    {
+        data.buf[bufIndex+i] = input[inputConsumed+i];
+    }
     return ErrorCode::OK;
 }
 
-ErrorCode OperationContext::handleInternalUpdate(uint64_t operHandle, std::vector& data, Operation opr,
+ErrorCode OperationContext::handleInternalUpdate(uint64_t operHandle, uint8_t* data, size_t len, Operation opr,
         sendDataToSE_cb cb, bool finish) {
     ErrorCode errorCode = ErrorCode::OK;
     std::vector out;
     if(Algorithm::AES == operationTable[operHandle].info.alg ||
             Algorithm::TRIPLE_DES == operationTable[operHandle].info.alg) {
         /*Symmetric */
-        if(ErrorCode::OK != (errorCode = bufferData(operHandle, data,
+        if(ErrorCode::OK != (errorCode = getBlockAlignedData(operHandle, data, len,
                         opr, out))) {
             return errorCode;
         }
@@ -344,9 +335,13 @@ ErrorCode OperationContext::handleInternalUpdate(uint64_t operHandle, std::vecto
             //update call and send it to SE in finish call.
             if(finish) {
                 //If finish flag is true all the data has to be sent to javacard.
-                out.insert(out.end(), operationTable[operHandle].data.buf, operationTable[operHandle].data.buf + 
-                    operationTable[operHandle].data.buf_len);
-                out.insert(out.end(), data.begin(), data.end());
+                size_t i = 0;
+                for(; i < operationTable[operHandle].data.buf_len; ++i) {
+                    out.push_back(operationTable[operHandle].data.buf[i]);
+                }
+                for(i = 0; i < len; ++i) {
+                    out.push_back(data[i]);
+                }
                 //As buffered data is already consumed earse the buffer.
                 if(operationTable[operHandle].data.buf_len != 0) {
                     memset(operationTable[operHandle].data.buf, 0x00, sizeof(operationTable[operHandle].data.buf));
@@ -360,14 +355,21 @@ ErrorCode OperationContext::handleInternalUpdate(uint64_t operHandle, std::vecto
                 //256 and for EC it should not be more than 32. This validation is already happening in
                 //validateInputData function.
                 size_t bufIndex = operationTable[operHandle].data.buf_len;
-                std::copy(data.begin(), data.end(), operationTable[operHandle].data.buf + bufIndex);
-                operationTable[operHandle].data.buf_len += data.size();
+                size_t pos = 0;
+                for(; pos < len; ++pos)
+                {
+                    operationTable[operHandle].data.buf[bufIndex+pos] = data[pos];
+                }
+                operationTable[operHandle].data.buf_len += pos;
             }
         } else { /* With Digest */
-            out.insert(out.end(), data.begin(), data.end());
+            for(size_t j=0; j < len; ++j)
+            {
+                out.push_back(data[j]);
+            }
             //if len=0, then no need to call the callback, since there is no information to be send to javacard,
             // but if finish flag is true irrespective of length the callback should be called.
-            if(!out.empty() || finish) {
+            if(len != 0 || finish) {
                 if(ErrorCode::OK != (errorCode = cb(out, finish))) {
                     return errorCode;
                 }
diff --git a/HAL/keymaster/4.1/JavacardSoftKeymasterContext.cpp b/HAL/keymaster/4.1/JavacardSoftKeymasterContext.cpp
index bbdfba28..8f9905af 100644
--- a/HAL/keymaster/4.1/JavacardSoftKeymasterContext.cpp
+++ b/HAL/keymaster/4.1/JavacardSoftKeymasterContext.cpp
@@ -35,7 +35,7 @@ using ::keymaster::V4_1::javacard::KmParamSet;
 namespace keymaster {
 
 JavaCardSoftKeymasterContext::JavaCardSoftKeymasterContext(keymaster_security_level_t security_level)
-    : PureSoftKeymasterContext(KmVersion::KEYMASTER_4_1, security_level) {}
+    : PureSoftKeymasterContext(security_level) {}
 
 JavaCardSoftKeymasterContext::~JavaCardSoftKeymasterContext() {}
 
diff --git a/HAL/keymaster/4.1/SocketTransport.cpp b/HAL/keymaster/4.1/SocketTransport.cpp
index e060262f..331a00b1 100644
--- a/HAL/keymaster/4.1/SocketTransport.cpp
+++ b/HAL/keymaster/4.1/SocketTransport.cpp
@@ -22,7 +22,7 @@
 #include 
 
 #define PORT    8080
-#define IPADDR  "192.168.0.29"
+#define IPADDR  "10.9.40.24"
 //#define IPADDR  "192.168.0.5"
 #define MAX_RECV_BUFFER_SIZE 2500
 
@@ -30,11 +30,6 @@ namespace se_transport {
 
 bool SocketTransport::openConnection() {
 	struct sockaddr_in serv_addr;
-
-        if(mSocketStatus){
-          closeConnection();
-        }
-
 	if ((mSocket = socket(AF_INET, SOCK_STREAM, 0)) < 0)
 	{
         LOG(ERROR) << "Socket creation failed" << " Error: "<& output) {
     uint8_t buffer[MAX_RECV_BUFFER_SIZE];
     int count = 1;
-    bool sendStatus = false;
-    while(!mSocketStatus && count++ < 5 ) {
+    while(!socketStatus && count++ < 5 ) {
         sleep(1);
         LOG(ERROR) << "Trying to open socket connection... count: " << count;
         openConnection();
@@ -74,24 +67,22 @@ bool SocketTransport::sendData(const uint8_t* inData, const size_t inLen, std::v
 
     if(count >= 5) {
         LOG(ERROR) << "Failed to open socket connection";
-        closeConnection();
         return false;
     }
 
-    if (send(mSocket, inData, inLen , 0)< 0) {
+	if (0 > send(mSocket, inData, inLen , 0 )) {
         static int connectionResetCnt = 0; /* To avoid loop */
         if (ECONNRESET == errno && connectionResetCnt == 0) {
             //Connection reset. Try open socket and then sendData.
-            closeConnection();
+            socketStatus = false;
             connectionResetCnt++;
-            sendStatus =  sendData(inData, inLen, output);
-            return sendStatus; 
+            return sendData(inData, inLen, output);
         }
         LOG(ERROR) << "Failed to send data over socket err: " << errno;
         connectionResetCnt = 0;
         return false;
     }
-    ssize_t valRead = read( mSocket , buffer, MAX_RECV_BUFFER_SIZE);
+	ssize_t valRead = read( mSocket , buffer, MAX_RECV_BUFFER_SIZE);
     if(0 > valRead) {
         LOG(ERROR) << "Failed to read data from socket.";
     }
@@ -102,14 +93,13 @@ bool SocketTransport::sendData(const uint8_t* inData, const size_t inLen, std::v
 }
 
 bool SocketTransport::closeConnection() {
-    if(mSocketStatus)
-      close(mSocket);
-    mSocketStatus = false;
+    close(mSocket);
+    socketStatus = false;
     return true;
 }
 
 bool SocketTransport::isConnected() {
-    return mSocketStatus;
+    return socketStatus;
 }
 
 }
diff --git a/HAL/keymaster/4.1/android.hardware.keymaster@4.1-javacard.service.rc b/HAL/keymaster/4.1/android.hardware.keymaster@4.1-javacard.service.rc
new file mode 100644
index 00000000..556ffd1d
--- /dev/null
+++ b/HAL/keymaster/4.1/android.hardware.keymaster@4.1-javacard.service.rc
@@ -0,0 +1,6 @@
+service android.hardware.keymaster@4.1-javacard.service /vendor/bin/hw/android.hardware.keymaster@4.1-javacard.service
+    interface android.hardware.keymaster@4.0::IKeymasterDevice default
+    interface android.hardware.keymaster@4.1::IKeymasterDevice default
+    class early_hal
+    user system
+    group system drmrpc
diff --git a/HAL/keymaster/4.1/android.hardware.keymaster@4.1-strongbox.service.xml b/HAL/keymaster/4.1/android.hardware.keymaster@4.1-javacard.service.xml
similarity index 75%
rename from HAL/keymaster/4.1/android.hardware.keymaster@4.1-strongbox.service.xml
rename to HAL/keymaster/4.1/android.hardware.keymaster@4.1-javacard.service.xml
index b82da1e6..83fccabe 100644
--- a/HAL/keymaster/4.1/android.hardware.keymaster@4.1-strongbox.service.xml
+++ b/HAL/keymaster/4.1/android.hardware.keymaster@4.1-javacard.service.xml
@@ -2,6 +2,6 @@
   
     android.hardware.keymaster
     hwbinder
-    @4.1::IKeymasterDevice/strongbox
+    @4.1::IKeymasterDevice/javacard
   
 
diff --git a/HAL/keymaster/4.1/android.hardware.keymaster@4.1-strongbox.service.rc b/HAL/keymaster/4.1/android.hardware.keymaster@4.1-strongbox.service.rc
deleted file mode 100644
index 8ccde380..00000000
--- a/HAL/keymaster/4.1/android.hardware.keymaster@4.1-strongbox.service.rc
+++ /dev/null
@@ -1,6 +0,0 @@
-service android.hardware.keymaster@4.1-strongbox.service /vendor/bin/hw/android.hardware.keymaster@4.1-strongbox.service
-    interface android.hardware.keymaster@4.0::IKeymasterDevice strongbox
-     interface android.hardware.keymaster@4.1::IKeymasterDevice strongbox
-    class early_hal
-    user system
-    group system drmrpc
diff --git a/HAL/keymaster/4.1/android.hardware.strongbox_keystore.xml b/HAL/keymaster/4.1/android.hardware.strongbox_keystore.xml
deleted file mode 100644
index 4418ca77..00000000
--- a/HAL/keymaster/4.1/android.hardware.strongbox_keystore.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-
-
-
-
-    
-    
-
diff --git a/HAL/keymaster/4.1/service.cpp b/HAL/keymaster/4.1/service.cpp
index cd7653d0..75ed2510 100644
--- a/HAL/keymaster/4.1/service.cpp
+++ b/HAL/keymaster/4.1/service.cpp
@@ -23,9 +23,10 @@
 int main() {
     ::android::hardware::configureRpcThreadpool(1, true);
     auto keymaster = new ::keymaster::V4_1::javacard::JavacardKeymaster4Device();
-    auto status = keymaster->registerAsService("strongbox");
+
+    auto status = keymaster->registerAsService("javacard");
     if (status != android::OK) {
-        LOG(FATAL) << "Could not register service for Javacard Keymaster 4.1 (" << status << ")";
+        LOG(FATAL) << "Could not register service for Keymaster 4.1 (" << status << ")";
         return -1;
     }
 
diff --git a/HAL/keymaster/Android.bp b/HAL/keymaster/Android.bp
index 9bfe7faa..92e3be8f 100644
--- a/HAL/keymaster/Android.bp
+++ b/HAL/keymaster/Android.bp
@@ -15,11 +15,11 @@
 
 
 cc_binary {
-    name: "android.hardware.keymaster@4.1-strongbox.service",
+    name: "android.hardware.keymaster@4.1-javacard.service",
     relative_install_path: "hw",
     vendor: true,
-    init_rc: ["4.1/android.hardware.keymaster@4.1-strongbox.service.rc"],
-    vintf_fragments: ["4.1/android.hardware.keymaster@4.1-strongbox.service.xml"],
+    init_rc: ["4.1/android.hardware.keymaster@4.1-javacard.service.rc"],
+    vintf_fragments: ["4.1/android.hardware.keymaster@4.1-javacard.service.xml"],
     srcs: [
         "4.1/service.cpp",
         "4.1/JavacardKeymaster4Device.cpp",
@@ -38,19 +38,23 @@ cc_binary {
         "libhardware",
         "libhidlbase",
         "libsoftkeymasterdevice",
-	"libsoft_attestation_cert",
         "libkeymaster_messages",
         "libkeymaster_portable",
-        "libcppbor_external",
+        "libcppbor",
         "android.hardware.keymaster@4.1",
         "android.hardware.keymaster@4.0",
         "libjc_transport",
         "libjc_common",
         "libcrypto",
     ],
-    required: [
-        "android.hardware.strongbox_keystore.xml",
-    ],
+    arch: {
+        x86_64: {
+            cflags: ["-DVTS_EMULATOR"],
+        },
+        x86: {
+            cflags: ["-DVTS_EMULATOR"],
+        },
+    },
 }
 
 cc_library {
@@ -73,21 +77,24 @@ cc_library {
         "libutils",
         "libhardware",
         "libhidlbase",
-        "libsoftkeymasterdevice",
-	"libsoft_attestation_cert",
+	    "libsoftkeymasterdevice",
         "libkeymaster_messages",
-        "libkeymaster_portable",
-        "libcppbor_external",
+	    "libkeymaster_portable",
+        "libcppbor",
         "android.hardware.keymaster@4.1",
         "android.hardware.keymaster@4.0",
         "libjc_transport",
-	"libcrypto",
+	    "libcrypto",
     ],
 }
 
 cc_library {
     name: "libjc_transport",
+    host_supported: true,
     vendor_available: true,
+    vndk: {
+        enabled: true,
+    },
 
     srcs: [
         "4.1/SocketTransport.cpp",
@@ -124,20 +131,12 @@ cc_library {
         "libutils",
         "libhardware",
         "libhidlbase",
-	"libsoftkeymasterdevice",
-	"libsoft_attestation_cert",
+	    "libsoftkeymasterdevice",
         "libkeymaster_messages",
-	"libkeymaster_portable",
-        "libcppbor_external",
+	    "libkeymaster_portable",
+        "libcppbor",
         "android.hardware.keymaster@4.1",
         "android.hardware.keymaster@4.0",
-	"libcrypto",
+	    "libcrypto",
     ],
 }
-
-prebuilt_etc {
-    name: "android.hardware.strongbox_keystore.xml",
-    sub_dir: "permissions",
-    vendor: true,
-    src: "4.1/android.hardware.strongbox_keystore.xml",
-}
diff --git a/HAL/keymaster/include/CommonUtils.h b/HAL/keymaster/include/CommonUtils.h
index 8fd247f7..b6612741 100644
--- a/HAL/keymaster/include/CommonUtils.h
+++ b/HAL/keymaster/include/CommonUtils.h
@@ -59,7 +59,9 @@ inline keymaster_tag_type_t typeFromTag(const keymaster_tag_t tag) {
 }
 
 inline hidl_vec kmBuffer2hidlVec(const ::keymaster::Buffer& buf) {
-    return hidl_vec(buf.begin(), buf.end());
+    hidl_vec result;
+    result.setToExternal(const_cast(buf.peek_read()), buf.available_read());
+    return result;
 }
 
 inline void blob2Vec(const uint8_t *from, size_t size, std::vector& to) {
@@ -69,7 +71,9 @@ inline void blob2Vec(const uint8_t *from, size_t size, std::vector& to)
 }
 
 inline hidl_vec kmBlob2hidlVec(const keymaster_blob_t& blob) {
-   return hidl_vec(blob.data, blob.data+blob.data_length);
+    hidl_vec result;
+    result.setToExternal(const_cast(blob.data), blob.data_length);
+    return result;
 }
 
 keymaster_key_param_set_t hidlKeyParams2Km(const hidl_vec& keyParams);
diff --git a/HAL/keymaster/include/JavacardKeymaster4Device.h b/HAL/keymaster/include/JavacardKeymaster4Device.h
index 617457b1..ddb6b24a 100644
--- a/HAL/keymaster/include/JavacardKeymaster4Device.h
+++ b/HAL/keymaster/include/JavacardKeymaster4Device.h
@@ -24,8 +24,6 @@
 #include 
 #include "CborConverter.h"
 #include "TransportFactory.h"
-#include 
-#include 
 #include 
 #include 
 #include 
@@ -34,9 +32,6 @@
 namespace keymaster {
 namespace V4_1 {
 namespace javacard {
-#define INS_BEGIN_KM_CMD 0x00
-#define INS_END_KM_PROVISION_CMD 0x20
-#define INS_END_KM_CMD 0x7F
 
 using ::android::hardware::hidl_vec;
 using ::android::hardware::hidl_string;
@@ -67,33 +62,6 @@ enum class OperationType {
     UNKNOWN = 2,
 };
 
-enum class Instruction {
-    // Keymaster commands
-    INS_GENERATE_KEY_CMD = INS_END_KM_PROVISION_CMD+1,
-    INS_IMPORT_KEY_CMD = INS_END_KM_PROVISION_CMD+2,
-    INS_IMPORT_WRAPPED_KEY_CMD = INS_END_KM_PROVISION_CMD+3,
-    INS_EXPORT_KEY_CMD = INS_END_KM_PROVISION_CMD+4,
-    INS_ATTEST_KEY_CMD = INS_END_KM_PROVISION_CMD+5,
-    INS_UPGRADE_KEY_CMD = INS_END_KM_PROVISION_CMD+6,
-    INS_DELETE_KEY_CMD = INS_END_KM_PROVISION_CMD+7,
-    INS_DELETE_ALL_KEYS_CMD = INS_END_KM_PROVISION_CMD+8,
-    INS_ADD_RNG_ENTROPY_CMD = INS_END_KM_PROVISION_CMD+9,
-    INS_COMPUTE_SHARED_HMAC_CMD = INS_END_KM_PROVISION_CMD+10,
-    INS_DESTROY_ATT_IDS_CMD = INS_END_KM_PROVISION_CMD+11,
-    INS_VERIFY_AUTHORIZATION_CMD = INS_END_KM_PROVISION_CMD+12,
-    INS_GET_HMAC_SHARING_PARAM_CMD = INS_END_KM_PROVISION_CMD+13,
-    INS_GET_KEY_CHARACTERISTICS_CMD = INS_END_KM_PROVISION_CMD+14,
-    INS_GET_HW_INFO_CMD = INS_END_KM_PROVISION_CMD+15,
-    INS_BEGIN_OPERATION_CMD = INS_END_KM_PROVISION_CMD+16,
-    INS_UPDATE_OPERATION_CMD = INS_END_KM_PROVISION_CMD+17,
-    INS_FINISH_OPERATION_CMD = INS_END_KM_PROVISION_CMD+18,
-    INS_ABORT_OPERATION_CMD = INS_END_KM_PROVISION_CMD+19,
-    INS_DEVICE_LOCKED_CMD = INS_END_KM_PROVISION_CMD+20,
-    INS_EARLY_BOOT_ENDED_CMD = INS_END_KM_PROVISION_CMD+21,
-    INS_GET_CERT_CHAIN_CMD = INS_END_KM_PROVISION_CMD+22,
-    INS_GET_PROVISION_STATUS_CMD = INS_BEGIN_KM_CMD+7,
-    INS_SET_VERSION_PATCHLEVEL_CMD = INS_BEGIN_KM_CMD+8,
-};
 
 class JavacardKeymaster4Device : public IKeymasterDevice {
   public:
@@ -126,39 +94,38 @@ class JavacardKeymaster4Device : public IKeymasterDevice {
     Return deviceLocked(bool passwordOnly, const VerificationToken& verificationToken) override;
     Return earlyBootEnded() override;
 
-  private:
-    ErrorCode handleBeginPublicKeyOperation(KeyPurpose purpose, const hidl_vec& keyBlob,
-                                            const hidl_vec& inParams,
-                                            hidl_vec& outParams,
-                                            uint64_t& operationHandle);
+protected:
+    CborConverter cborConverter_;
+
+ private:
+    ErrorCode handleBeginPublicKeyOperation(
+            KeyPurpose purpose, const hidl_vec& keyBlob,
+            const hidl_vec& inParams, hidl_vec& outParams,
+            uint64_t& operationHandle);
 
-    ErrorCode handleBeginPrivateKeyOperation(KeyPurpose purpose, const hidl_vec& keyBlob,
-                                             const hidl_vec& inParams,
-                                             const HardwareAuthToken& authToken,
-                                             hidl_vec& outParams,
-                                             uint64_t& operationHandle);
+    ErrorCode handleBeginPrivateKeyOperation(
+            KeyPurpose purpose, const hidl_vec& keyBlob,
+            const hidl_vec& inParams,
+            const HardwareAuthToken& authToken, hidl_vec& outParams,
+            uint64_t& operationHandle);
 
-    ErrorCode handleBeginOperation(KeyPurpose purpose, const hidl_vec& keyBlob,
+    ErrorCode handleBeginOperation(KeyPurpose purpose,
+                                   const hidl_vec& keyBlob,
                                    const hidl_vec& inParams,
                                    const HardwareAuthToken& authToken,
-                                   hidl_vec& outParams, uint64_t& operationHandle,
+                                   hidl_vec& outParams,
+                                   uint64_t& operationHandle,
                                    OperationType& operType);
-
+ 
     ErrorCode abortOperation(uint64_t operationHandle, OperationType operType);
 
     ErrorCode abortPublicKeyOperation(uint64_t operationHandle);
 
     ErrorCode abortPrivateKeyOperation(uint64_t operationHandle);
 
-    ErrorCode sendData(Instruction ins, std::vector& inData, std::vector& response);
-    ErrorCode setAndroidSystemProperties();
-    void handleSendEarlyBootEndedEvent();
-
     std::unique_ptr<::keymaster::AndroidKeymaster> softKm_;
     std::unique_ptr oprCtx_;
     bool isEachSystemPropertySet;
-    bool isEarlyBootEventPending;
-    CborConverter cborConverter_;
 };
 
 }  // namespace javacard
diff --git a/HAL/keymaster/include/JavacardOperationContext.h b/HAL/keymaster/include/JavacardOperationContext.h
index 0d452c67..53d08dd9 100644
--- a/HAL/keymaster/include/JavacardOperationContext.h
+++ b/HAL/keymaster/include/JavacardOperationContext.h
@@ -49,7 +49,7 @@ enum class Operation;
  */
 struct BufferedData {
     uint8_t buf[MAX_BUF_SIZE];
-    uint32_t buf_len;
+    size_t buf_len;
 };
 
 /**
@@ -61,7 +61,6 @@ struct OperationInfo {
     Digest digest;
     PaddingMode pad;
     BlockMode mode;
-    uint32_t macLength;
 };
 
 /**
@@ -137,14 +136,14 @@ class OperationContext {
      * reamining data for update calls only. For finish calls it extracts all the buffered data combines it with
      * input data.
      */
-    ErrorCode bufferData(uint64_t operHandle, std::vector& input,
-        Operation opr, std::vector& out);
+    ErrorCode getBlockAlignedData(uint64_t operHandle, uint8_t* input, size_t input_len, Operation opr, std::vector&
+            out);
     /**
      * This function sends the data back to the caller using callback functions. It does some processing on input data
      * for Asymmetic operations.
      */
-    ErrorCode handleInternalUpdate(uint64_t operHandle, std::vector& data, Operation opr,
-        sendDataToSE_cb cb, bool finish = false);
+    ErrorCode handleInternalUpdate(uint64_t operHandle, uint8_t* data, size_t len, Operation opr,
+        sendDataToSE_cb cb, bool finish=false);
 
 };
 
diff --git a/HAL/keymaster/include/JavacardSoftKeymasterContext.h b/HAL/keymaster/include/JavacardSoftKeymasterContext.h
index 8cdeab92..0fa2d711 100644
--- a/HAL/keymaster/include/JavacardSoftKeymasterContext.h
+++ b/HAL/keymaster/include/JavacardSoftKeymasterContext.h
@@ -18,7 +18,7 @@
 #define SYSTEM_KEYMASTER_JAVA_CARD_SOFT_KEYMASTER_CONTEXT_H_
 
 #include 
-#include 
+
 namespace keymaster {
 
 class SoftKeymasterKeyRegistrations;
diff --git a/HAL/keymaster/include/Transport.h b/HAL/keymaster/include/Transport.h
index c6674dca..25294102 100644
--- a/HAL/keymaster/include/Transport.h
+++ b/HAL/keymaster/include/Transport.h
@@ -64,7 +64,6 @@ class OmapiTransport : public ITransport {
      * Transmists the data over the opened basic channel and receives the data back.
      */
     bool sendData(const uint8_t* inData, const size_t inLen, std::vector& output) override;
-
     /**
      * Closes the connection.
      */
@@ -80,7 +79,7 @@ class OmapiTransport : public ITransport {
 class SocketTransport : public ITransport {
 
 public:
-    SocketTransport() : mSocket(-1), mSocketStatus(false){
+    SocketTransport() : mSocket(-1), socketStatus(false) {
     }
     /**
      * Creates a socket instance and connects to the provided server IP and port.
@@ -90,7 +89,6 @@ class SocketTransport : public ITransport {
      * Sends data over socket and receives data back.
      */
     bool sendData(const uint8_t* inData, const size_t inLen, std::vector& output) override;
-
     /**
      * Closes the connection.
      */
@@ -105,7 +103,8 @@ class SocketTransport : public ITransport {
      * Socket instance.
      */
     int mSocket;
-    bool mSocketStatus;
+    bool socketStatus;
+
 };
 
 }
diff --git a/ProvisioningTool/Android.bp b/ProvisioningTool/Android.bp
new file mode 100644
index 00000000..ad1ee2d1
--- /dev/null
+++ b/ProvisioningTool/Android.bp
@@ -0,0 +1,68 @@
+// Copyright (C) 2020 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+
+cc_binary {
+    name: "provision_tool",
+    vendor: true,
+    relative_install_path: "hw",
+    srcs: [
+        "ProvisionTool.cpp",
+    ],
+    shared_libs: [
+        "libdl",
+        "libcutils",
+        "libutils",
+        "libbase",
+        "libhardware",
+        "libhidlbase",
+        "libkeymaster_messages",
+        "libkeymaster_portable",
+        "android.hardware.keymaster@4.1",
+        "android.hardware.keymaster@4.0",
+        "libcppbor",
+        "libjc_transport",
+        "libcrypto",
+        "libjsoncpp",
+        "libjc_common",
+        "libjc_provision",
+    ],
+}
+
+cc_library {
+    name: "libjc_provision",
+    vendor_available: true,
+    srcs: [
+        "Provision.cpp",
+    ],
+    shared_libs: [
+        "liblog",
+        "libcutils",
+        "libdl",
+        "libbase",
+        "libutils",
+        "libhardware",
+        "libhidlbase",
+	    "libsoftkeymasterdevice",
+        "libkeymaster_messages",
+	    "libkeymaster_portable",
+        "libcppbor",
+        "android.hardware.keymaster@4.1",
+        "android.hardware.keymaster@4.0",
+        "libjc_transport",
+	    "libcrypto",
+        "libjc_common",
+    ],
+}
diff --git a/ProvisioningTool/Makefile b/ProvisioningTool/Makefile
deleted file mode 100644
index ca462cb1..00000000
--- a/ProvisioningTool/Makefile
+++ /dev/null
@@ -1,58 +0,0 @@
-CC = g++
-SRC_DIR = src
-# source files for construct_apdus 
-CONSTRUCT_APDUS_SRC = $(SRC_DIR)/construct_apdus.cpp \
-                      $(SRC_DIR)/cppbor.cpp \
-                      $(SRC_DIR)/cppbor_parse.cpp \
-                      $(SRC_DIR)/utils.cpp \
-
-CONSTRUCT_APDUS_OBJFILES = $(CONSTRUCT_APDUS_SRC:.cpp=.o)
-CONSTRUCT_APDUS_BIN = construct_apdus
-
-# source files for provision
-PROVISION_SRC = $(SRC_DIR)/provision.cpp \
-                $(SRC_DIR)/socket.cpp \
-                $(SRC_DIR)/cppbor.cpp \
-                $(SRC_DIR)/cppbor_parse.cpp \
-                $(SRC_DIR)/utils.cpp \
-
-PROVISION_OBJFILES = $(PROVISION_SRC:.cpp=.o)
-PROVISION_BIN = provision
-
-
-ifeq ($(OS),Windows_NT)
-    uname_S := Windows
-else
-    uname_S := $(shell uname -s)
-endif
-
-ifeq ($(uname_S), Windows)
-    PLATFORM = -D__WIN32__
-endif
-ifeq ($(uname_S), Linux)
-    PLATFORM = -D__LINUX__
-endif
-
-DEBUG = -g
-CXXFLAGS = $(DEBUG) $(PLATFORM) -Wall -std=c++2a
-CFLAGS = $(CXXFLAGS) -Iinclude
-LDFLAGS = -Llib/
-LIB_JSON = -ljsoncpp
-LIB_CRYPTO = -lcrypto
-LDLIBS = $(LIB_JSON) $(LIB_CRYPTO)
-
-all: $(CONSTRUCT_APDUS_BIN) $(PROVISION_BIN)
-
-$(CONSTRUCT_APDUS_BIN): $(CONSTRUCT_APDUS_OBJFILES)
-	$(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS)
-
-$(PROVISION_BIN): $(PROVISION_OBJFILES)
-	$(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS)
-
-%.o: %.cpp
-	$(CC) $(CFLAGS) -c -o $@ $^
-
-
-.PHONY: clean
-clean:
-	rm -f $(CONSTRUCT_APDUS_OBJFILES) $(CONSTRUCT_APDUS_BIN) $(PROVISION_OBJFILES) $(PROVISION_BIN)
diff --git a/ProvisioningTool/Provision.cpp b/ProvisioningTool/Provision.cpp
new file mode 100644
index 00000000..4251cd80
--- /dev/null
+++ b/ProvisioningTool/Provision.cpp
@@ -0,0 +1,509 @@
+/*
+ **
+ ** Copyright 2020, The Android Open Source Project
+ **
+ ** Licensed under the Apache License, Version 2.0 (the "License");
+ ** you may not use this file except in compliance with the License.
+ ** You may obtain a copy of the License at
+ **
+ **     http://www.apache.org/licenses/LICENSE-2.0
+ **
+ ** Unless required by applicable law or agreed to in writing, software
+ ** distributed under the License is distributed on an "AS IS" BASIS,
+ ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ** See the License for the specific language governing permissions and
+ ** limitations under the License.
+ */
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+ #include 
+
+#define INS_BEGIN_KM_CMD 0x00
+#define APDU_CLS 0x80
+#define APDU_P1  0x40
+#define APDU_P2  0x00
+#define APDU_RESP_STATUS_OK 0x9000
+#define SE_POWER_RESET_STATUS_FLAG ( 1 << 30)
+
+namespace keymaster {
+namespace V4_1 {
+namespace javacard {
+
+enum class Instruction {
+    // Provisioning commands
+    INS_PROVISION_ATTESTATION_KEY_CMD = INS_BEGIN_KM_CMD+1,
+    INS_PROVISION_CERT_CHAIN_CMD = INS_BEGIN_KM_CMD+2,
+    INS_PROVISION_CERT_PARAMS_CMD = INS_BEGIN_KM_CMD+3,
+    INS_PROVISION_ATTEST_IDS_CMD = INS_BEGIN_KM_CMD+4,
+    INS_PROVISION_PRESHARED_SECRET_CMD = INS_BEGIN_KM_CMD+5,
+    INS_SET_BOOT_PARAMS_CMD = INS_BEGIN_KM_CMD+6,
+    INS_LOCK_PROVISIONING_CMD = INS_BEGIN_KM_CMD+7,
+    INS_GET_PROVISION_STATUS_CMD = INS_BEGIN_KM_CMD+8,
+    INS_SET_VERSION_PATCHLEVEL_CMD = INS_BEGIN_KM_CMD+9,
+};
+
+//Extended error codes
+enum ExtendedErrors {
+    SW_CONDITIONS_NOT_SATISFIED = -10001,
+    UNSUPPORTED_CLA = -10002,
+    INVALID_P1P2 = -10003,
+    UNSUPPORTED_INSTRUCTION = -10004,
+    CMD_NOT_ALLOWED = -10005,
+    SW_WRONG_LENGTH = -10006,
+    INVALID_DATA = -10007,
+    CRYPTO_ILLEGAL_USE = -10008,
+    CRYPTO_ILLEGAL_VALUE = -10009,
+    CRYPTO_INVALID_INIT = -10010,
+    CRYPTO_NO_SUCH_ALGORITHM = -10011,
+    CRYPTO_UNINITIALIZED_KEY = -10012,
+    GENERIC_UNKNOWN_ERROR = -10013
+};
+
+enum ProvisionStatus {
+    NOT_PROVISIONED = 0x00,
+    PROVISION_STATUS_ATTESTATION_KEY = 0x01,
+    PROVISION_STATUS_ATTESTATION_CERT_CHAIN = 0x02,
+    PROVISION_STATUS_ATTESTATION_CERT_PARAMS = 0x04,
+    PROVISION_STATUS_ATTEST_IDS = 0x08,
+    PROVISION_STATUS_PRESHARED_SECRET = 0x10,
+    PROVISION_STATUS_BOOT_PARAM = 0x20,
+    PROVISION_STATUS_PROVISIONING_LOCKED = 0x40,
+};
+
+// Static function declarations.
+static ErrorCode constructApduMessage(Instruction& ins, std::vector& inputData, std::vector& apduOut);
+static ErrorCode sendProvisionData(std::unique_ptr& transport, Instruction ins, std::vector& inData, std::vector& response);
+static uint16_t getStatus(std::vector& inputData);
+template
+static std::tuple, T> decodeData(CborConverter& cb, const std::vector& response);
+template
+static T translateExtendedErrorsToHalErrors(T& errorCode);
+
+template
+static T translateExtendedErrorsToHalErrors(T& errorCode) {
+    T err;
+    switch(static_cast(errorCode)) {
+        case SW_CONDITIONS_NOT_SATISFIED:
+        case UNSUPPORTED_CLA:
+        case INVALID_P1P2:
+        case INVALID_DATA:
+        case CRYPTO_ILLEGAL_USE:
+        case CRYPTO_ILLEGAL_VALUE:
+        case CRYPTO_INVALID_INIT:
+        case CRYPTO_UNINITIALIZED_KEY:
+        case GENERIC_UNKNOWN_ERROR:
+            err = T::UNKNOWN_ERROR;
+            break;
+        case CRYPTO_NO_SUCH_ALGORITHM:
+            err = T::UNSUPPORTED_ALGORITHM;
+            break;
+        case UNSUPPORTED_INSTRUCTION:
+        case CMD_NOT_ALLOWED:
+        case SW_WRONG_LENGTH:
+            err = T::UNIMPLEMENTED;
+            break;
+        default:
+            err = static_cast(errorCode);
+            break;
+    }
+    return err;
+}
+
+/**
+ * Returns the negative value of the same number.
+ */
+static inline int32_t get2sCompliment(uint32_t value) { 
+    return static_cast(~value+1); 
+}
+
+/**
+ * This function separates the original error code from the
+ * power reset flag and returns the original error code.
+ */
+static uint32_t extractErrorCode(uint32_t errorCode) {
+    //Check if secure element is reset
+    bool isSeResetOccurred = (0 != (errorCode & SE_POWER_RESET_STATUS_FLAG));
+
+    if (isSeResetOccurred) {
+        LOG(ERROR) << "Secure element reset happened";
+        errorCode &= ~SE_POWER_RESET_STATUS_FLAG;
+    }
+    return errorCode;
+}
+
+template
+static std::tuple, T> decodeData(CborConverter& cb, const std::vector& response) {
+    std::unique_ptr item(nullptr);
+    T errorCode = T::OK;
+    std::tie(item, errorCode) = cb.decodeData(response, true);
+
+    uint32_t tempErrCode = extractErrorCode(static_cast(errorCode));
+
+    // SE sends errocode as unsigned value so convert the unsigned value
+    // into a signed value of same magnitude and copy back to errorCode.
+    errorCode = static_cast(get2sCompliment(tempErrCode));
+
+    if (T::OK != errorCode)
+        errorCode = translateExtendedErrorsToHalErrors(errorCode);
+    return {std::move(item), errorCode};
+}
+
+static inline X509* parseDerCertificate(std::vector& certData) {
+    X509 *x509 = NULL;
+
+    /* Create BIO instance from certificate data */
+    BIO *bio = BIO_new_mem_buf(certData.data(), certData.size());
+    if(bio == NULL) {
+        LOG(ERROR) << " Failed to create BIO from buffer.";
+        return NULL;
+    }
+    /* Create X509 instance from BIO */
+    x509 = d2i_X509_bio(bio, NULL);
+    if(x509 == NULL) {
+        LOG(ERROR) << " Failed to get X509 instance from BIO.";
+        return NULL;
+    }
+    BIO_free(bio);
+    return x509;
+}
+
+static inline void getDerSubjectName(X509* x509, std::vector& subject) {
+    uint8_t *subjectDer = NULL;
+    X509_NAME* asn1Subject = X509_get_subject_name(x509);
+    if(asn1Subject == NULL) {
+        LOG(ERROR) << " Failed to read the subject.";
+        return;
+    }
+    /* Convert X509_NAME to der encoded subject */
+    int len = i2d_X509_NAME(asn1Subject, &subjectDer);
+    if (len < 0) {
+        LOG(ERROR) << " Failed to get readable name from X509_NAME.";
+        return;
+    }
+    subject.insert(subject.begin(), subjectDer, subjectDer+len);
+}
+
+static inline void getNotAfter(X509* x509, std::vector& notAfterDate) {
+    const ASN1_TIME* notAfter = X509_get0_notAfter(x509);
+    if(notAfter == NULL) {
+        LOG(ERROR) << " Failed to read expiry time.";
+        return;
+    }
+    int strNotAfterLen = ASN1_STRING_length(notAfter);
+    const uint8_t *strNotAfter = ASN1_STRING_get0_data(notAfter);
+    if(strNotAfter == NULL) {
+        LOG(ERROR) << " Failed to read expiry time from ASN1 string.";
+        return;
+    }
+    notAfterDate.insert(notAfterDate.begin(), strNotAfter, strNotAfter + strNotAfterLen);
+}
+
+static uint16_t getStatus(std::vector& inputData) {
+    //Last two bytes are the status SW0SW1
+    return (inputData.at(inputData.size()-2) << 8) | (inputData.at(inputData.size()-1));
+}
+
+static ErrorCode constructApduMessage(Instruction& ins, std::vector& inputData, std::vector& apduOut) {
+
+    apduOut.push_back(static_cast(APDU_CLS)); //CLS
+    apduOut.push_back(static_cast(ins)); //INS
+    apduOut.push_back(static_cast(APDU_P1)); //P1
+    apduOut.push_back(static_cast(APDU_P2)); //P2
+
+    if(USHRT_MAX >= inputData.size()) {
+        // Send extended length APDU always as response size is not known to HAL.
+        // Case 1: Lc > 0  CLS | INS | P1 | P2 | 00 | 2 bytes of Lc | CommandData | 2 bytes of Le all set to 00.
+        // Case 2: Lc = 0  CLS | INS | P1 | P2 | 3 bytes of Le all set to 00.
+        //Extended length 3 bytes, starts with 0x00
+        apduOut.push_back(static_cast(0x00));
+        if (inputData.size() > 0) {
+            apduOut.push_back(static_cast(inputData.size() >> 8));
+            apduOut.push_back(static_cast(inputData.size() & 0xFF));
+            //Data
+            apduOut.insert(apduOut.end(), inputData.begin(), inputData.end());
+        }
+        //Expected length of output.
+        //Accepting complete length of output every time.
+        apduOut.push_back(static_cast(0x00));
+        apduOut.push_back(static_cast(0x00));
+    } else {
+        return (ErrorCode::INSUFFICIENT_BUFFER_SPACE);
+    }
+
+    return (ErrorCode::OK);//success
+}
+
+
+
+static ErrorCode sendProvisionData(std::unique_ptr& transport, Instruction ins, std::vector& inData, std::vector& response) {
+    ErrorCode ret = ErrorCode::OK;
+    std::vector apdu;
+    CborConverter cborConverter;
+    std::unique_ptr item;
+    ret = constructApduMessage(ins, inData, apdu);
+    if(ret != ErrorCode::OK) return ret;
+
+    if(!transport->sendData(apdu.data(), apdu.size(), response)) {
+        return (ErrorCode::SECURE_HW_COMMUNICATION_FAILED);
+    }
+
+    if((response.size() < 2) || (getStatus(response) != APDU_RESP_STATUS_OK)) {
+        return (ErrorCode::UNKNOWN_ERROR);
+    }
+
+    if((response.size() > 2)) {
+        //Skip last 2 bytes in cborData, it contains status.
+        std::tie(item, ret) = decodeData(cborConverter, std::vector(response.begin(), response.end()-2));
+    } else {
+        ret = ErrorCode::UNKNOWN_ERROR;
+    }
+
+    return ret;
+}
+
+ErrorCode Provision::init() {
+	if(pTransportFactory == nullptr) {
+		pTransportFactory = std::unique_ptr(new se_transport::TransportFactory(
+					android::base::GetBoolProperty("ro.kernel.qemu", false)));
+		if(!pTransportFactory->openConnection())
+            return ErrorCode::UNKNOWN_ERROR;
+	}
+	return ErrorCode::OK;
+}
+
+ErrorCode Provision::provisionAttestationKey(std::vector& batchKey) {
+    ErrorCode errorCode = ErrorCode::OK;
+    std::vector privKey;
+    std::vector pubKey;
+    EcCurve curve;
+    CborConverter cborConverter;
+    cppbor::Array array;
+    cppbor::Array subArray;
+    std::vector response;
+    Instruction ins = Instruction::INS_PROVISION_ATTESTATION_KEY_CMD;
+
+    AuthorizationSet authSetKeyParams(AuthorizationSetBuilder()
+            .Authorization(TAG_ALGORITHM, KM_ALGORITHM_EC)
+            .Authorization(TAG_DIGEST, KM_DIGEST_SHA_2_256)
+            .Authorization(TAG_EC_CURVE, KM_EC_CURVE_P_256)
+            .Authorization(TAG_PURPOSE, static_cast(0x7F))); /* The value 0x7F is not present in types.hal */
+    hidl_vec keyParams = kmParamSet2Hidl(authSetKeyParams);
+    if(ErrorCode::OK != (errorCode = ecRawKeyFromPKCS8(batchKey, privKey, pubKey, curve))) {
+        return errorCode;
+    }
+    subArray.add(privKey);
+    subArray.add(pubKey);
+    std::vector encodedArray = subArray.encode();
+    cppbor::Bstr bstr(encodedArray.begin(), encodedArray.end());
+    //Encode data.
+    cborConverter.addKeyparameters(array, keyParams);
+    array.add(static_cast(KeyFormat::RAW));
+    array.add(bstr);
+
+    std::vector cborData = array.encode();
+    if(ErrorCode::OK != (errorCode = sendProvisionData(pTransportFactory, ins, cborData, response))) {
+        return errorCode;
+    }
+    return errorCode;
+}
+
+ErrorCode Provision::provisionAtestationCertificateChain(std::vector>& certChain) {
+    ErrorCode errorCode = ErrorCode::OK;
+    cppbor::Array array;
+    Instruction ins = Instruction::INS_PROVISION_CERT_CHAIN_CMD;
+    std::vector response;
+
+    std::vector certData;
+    for (auto data : certChain) {
+        certData.insert(certData.end(), data.begin(), data.end());
+    }
+    cppbor::Bstr bstrCertChain(certData.begin(), certData.end());
+    std::vector cborData = bstrCertChain.encode();
+
+    if(ErrorCode::OK != (errorCode = sendProvisionData(pTransportFactory, ins, cborData, response))) {
+        return errorCode;
+    }
+    return errorCode;
+}
+
+ErrorCode Provision::provisionAttestationCertificateParams(std::vector& batchCertificate) {
+    ErrorCode errorCode = ErrorCode::OK;
+    cppbor::Array array;
+    Instruction ins = Instruction::INS_PROVISION_CERT_PARAMS_CMD;
+    std::vector response;
+    X509 *x509 = NULL;
+    std::vector subject;
+    std::vector notAfter;
+
+    /* Subject, AuthorityKeyIdentifier and Expirty time of the root certificate are required by javacard. */
+    /* Get X509 certificate instance for the root certificate.*/
+    if(NULL == (x509 = parseDerCertificate(batchCertificate))) {
+        return errorCode;
+    }
+
+    /* Get subject in DER */
+    getDerSubjectName(x509, subject);
+    /* Get Expirty Time */
+    getNotAfter(x509, notAfter);
+    /*Free X509 */
+    X509_free(x509);
+
+    array = cppbor::Array();
+    array.add(subject);
+    array.add(notAfter);
+    std::vector cborData = array.encode();
+
+    if(ErrorCode::OK != (errorCode = sendProvisionData(pTransportFactory, ins, cborData, response))) {
+        return errorCode;
+    }
+    return errorCode;
+}
+
+ErrorCode Provision::provisionAttestationID(AttestIDParams& attestParams) {
+    ErrorCode errorCode = ErrorCode::OK;
+    CborConverter cborConverter;
+    cppbor::Array array;
+    Instruction ins = Instruction::INS_PROVISION_ATTEST_IDS_CMD;
+    std::vector response;
+
+    AuthorizationSet authSetAttestParams(AuthorizationSetBuilder()
+            .Authorization(TAG_ATTESTATION_ID_BRAND, attestParams.brand.data(), attestParams.brand.size())
+            .Authorization(TAG_ATTESTATION_ID_DEVICE, attestParams.device.data(), attestParams.device.size())
+            .Authorization(TAG_ATTESTATION_ID_PRODUCT, attestParams.product.data(), attestParams.product.size())
+            .Authorization(TAG_ATTESTATION_ID_SERIAL, attestParams.serial.data(), attestParams.serial.size())
+            .Authorization(TAG_ATTESTATION_ID_IMEI, attestParams.imei.data(), attestParams.imei.size())
+            .Authorization(TAG_ATTESTATION_ID_MEID, attestParams.meid.data(), attestParams.meid.size())
+            .Authorization(TAG_ATTESTATION_ID_MANUFACTURER, attestParams.manufacturer.data(), attestParams.manufacturer.size())
+            .Authorization(TAG_ATTESTATION_ID_MODEL, attestParams.model.data(), attestParams.model.size()));
+
+    hidl_vec attestKeyParams = kmParamSet2Hidl(authSetAttestParams);
+
+    array = cppbor::Array();
+    cborConverter.addKeyparameters(array, attestKeyParams);
+    std::vector cborData = array.encode();
+
+    if(ErrorCode::OK != (errorCode = sendProvisionData(pTransportFactory, ins, cborData, response))) {
+        return errorCode;
+    }
+    return errorCode;
+}
+
+ErrorCode Provision::provisionPreSharedSecret(std::vector& preSharedSecret) {
+    ErrorCode errorCode = ErrorCode::OK;
+    cppbor::Array array;
+    Instruction ins = Instruction::INS_PROVISION_PRESHARED_SECRET_CMD;
+    std::vector response;
+
+    array = cppbor::Array();
+    array.add(preSharedSecret);
+    std::vector cborData = array.encode();
+
+    if(ErrorCode::OK != (errorCode = sendProvisionData(pTransportFactory, ins, cborData, response))) {
+        return errorCode;
+    }
+    return errorCode;
+}
+
+ErrorCode Provision::setAndroidSystemProperties() {
+    ErrorCode errorCode = ErrorCode::OK;
+    cppbor::Array array;
+    std::vector apdu;
+    std::vector response;
+    Instruction ins = Instruction::INS_SET_VERSION_PATCHLEVEL_CMD;
+
+    array.add(GetOsVersion()).
+        add(GetOsPatchlevel()).
+        add(GetVendorPatchlevel());
+    std::vector cborData = array.encode();
+
+    if(ErrorCode::OK != (errorCode = sendProvisionData(pTransportFactory, ins, cborData, response))) {
+        return errorCode;
+    }
+    return errorCode;
+}
+
+ErrorCode Provision::provisionBootParameters(BootParams& bootParams) {
+    ErrorCode errorCode = ErrorCode::OK;
+    cppbor::Array array;
+    std::vector apdu;
+    std::vector response;
+    Instruction ins = Instruction::INS_SET_BOOT_PARAMS_CMD;
+
+    array.add(bootParams.bootPatchLevel).
+        /* Verified Boot Key */
+        add(bootParams.verifiedBootKey).
+        /* Verified Boot Hash */
+        add(bootParams.verifiedBootKeyHash).
+        /* boot state */
+        add(bootParams.verifiedBootState).
+        /* device locked */
+        add(bootParams.deviceLocked);
+
+    std::vector cborData = array.encode();
+
+    if(ErrorCode::OK != (errorCode = sendProvisionData(pTransportFactory, ins, cborData, response))) {
+        return errorCode;
+    }
+    return errorCode;
+}
+
+ErrorCode Provision::getProvisionStatus(uint64_t& status) {
+    ErrorCode errorCode = ErrorCode::OK;
+    Instruction ins = Instruction::INS_GET_PROVISION_STATUS_CMD;
+    std::vector cborData;
+    std::vector response;
+    std::unique_ptr item;
+    CborConverter cborConverter;
+
+    if(ErrorCode::OK != (errorCode = sendProvisionData(pTransportFactory, ins, cborData, response))) {
+        LOG(ERROR) << "Failed to get provision status err: " << static_cast(errorCode);
+        return errorCode;
+    }
+    //Check if SE is provisioned.
+    std::tie(item, errorCode) = decodeData(cborConverter, std::vector(response.begin(), response.end()-2));
+    if(item != NULL) {
+
+        if(!cborConverter.getUint64(item, 1, status)) {
+            LOG(ERROR) << "Failed to parse the status from cbor data";
+            return ErrorCode::UNKNOWN_ERROR;
+        }
+    }
+    return errorCode;
+}
+
+ErrorCode Provision::lockProvision() {
+    ErrorCode errorCode = ErrorCode::OK;
+    Instruction ins = Instruction::INS_LOCK_PROVISIONING_CMD;
+    std::vector cborData;
+    std::vector response;
+
+    if(ErrorCode::OK != (errorCode = sendProvisionData(pTransportFactory, ins, cborData, response))) {
+        return errorCode;
+    }
+    return errorCode;
+}
+
+ErrorCode Provision::uninit() {
+	if(pTransportFactory != nullptr) {
+        if(!pTransportFactory->closeConnection())
+            return ErrorCode::UNKNOWN_ERROR;
+    }
+    return ErrorCode::OK;
+}
+// Provision End
+
+}  // namespace javacard
+}  // namespace V4_1
+}  // namespace keymaster
diff --git a/ProvisioningTool/Provision.h b/ProvisioningTool/Provision.h
new file mode 100644
index 00000000..68a7f1d1
--- /dev/null
+++ b/ProvisioningTool/Provision.h
@@ -0,0 +1,108 @@
+/*
+ **
+ ** Copyright 2020, The Android Open Source Project
+ **
+ ** Licensed under the Apache License, Version 2.0 (the "License");
+ ** you may not use this file except in compliance with the License.
+ ** You may obtain a copy of the License at
+ **
+ **     http://www.apache.org/licenses/LICENSE-2.0
+ **
+ ** Unless required by applicable law or agreed to in writing, software
+ ** distributed under the License is distributed on an "AS IS" BASIS,
+ ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ** See the License for the specific language governing permissions and
+ ** limitations under the License.
+ */
+
+
+#ifndef KEYMASTER_V4_1_JAVACARD_PROVISION_H_
+#define KEYMASTER_V4_1_JAVACARD_PROVISION_H_
+
+#include "TransportFactory.h"
+
+namespace keymaster {
+namespace V4_1 {
+namespace javacard {
+
+typedef struct SystemProperties__ {
+	uint32_t osVersion;
+	uint32_t osPatchLevel;
+	uint32_t vendorPatchLevel;
+} SystemProperties;
+
+typedef struct BootParams_ {
+	uint32_t bootPatchLevel;
+	std::vector verifiedBootKey;
+	std::vector verifiedBootKeyHash;
+	uint32_t verifiedBootState;
+	uint32_t deviceLocked;
+} BootParams;
+
+typedef struct AttestIDParams_ {
+	std::string brand;
+	std::string device;
+	std::string product;
+	std::string serial;
+	std::string imei;
+	std::string meid;
+	std::string manufacturer;
+	std::string model;
+} AttestIDParams;
+
+class Provision {
+public:
+    /**
+     * Initalizes the transport layer.
+     */
+	ErrorCode init();
+    /**
+     * Provision the Attestation key.
+     */
+	ErrorCode provisionAttestationKey(std::vector& batchKey);
+    /**
+     * Provision the Attestation certificate chain.
+     */
+	ErrorCode provisionAtestationCertificateChain(std::vector>& CertChain);
+    /**
+     * Provision the Attestation certificate paramters.
+     */
+	ErrorCode provisionAttestationCertificateParams(std::vector& batchCertificate);
+    /**
+     * Provision the Attestation ID.
+     */
+	ErrorCode provisionAttestationID(AttestIDParams& attestParams);
+    /**
+     * Provision the pre-shared secret.
+     */
+	ErrorCode provisionPreSharedSecret(std::vector& preSharedSecret);
+    /**
+     * Provision the boot parameters.
+     */
+	ErrorCode provisionBootParameters(BootParams& bootParams );
+    /**
+     * Set system properties.
+     */
+	ErrorCode setAndroidSystemProperties();
+
+    /**
+     * Locks the provision. After this no more provision commanands are allowed.
+     */
+    ErrorCode lockProvision();
+    /**
+     * Get the provision status.
+     */
+    ErrorCode getProvisionStatus(uint64_t&);
+    /**
+     * Uninitialize the transport layer.
+     */
+    ErrorCode uninit();
+
+private:
+    std::unique_ptr pTransportFactory;
+};
+
+}  // namespace javacard
+}  // namespace V4_1
+}  // namespace keymaster
+#endif //KEYMASTER_V4_1_JAVACARD_PROVISION_H_
diff --git a/ProvisioningTool/ProvisionTool.cpp b/ProvisioningTool/ProvisionTool.cpp
new file mode 100644
index 00000000..3ff242f5
--- /dev/null
+++ b/ProvisioningTool/ProvisionTool.cpp
@@ -0,0 +1,616 @@
+/*
+ **
+ ** Copyright 2020, The Android Open Source Project
+ **
+ ** Licensed under the Apache License, Version 2.0 (the "License");
+ ** you may not use this file except in compliance with the License.
+ ** You may obtain a copy of the License at
+ **
+ **     http://www.apache.org/licenses/LICENSE-2.0
+ **
+ ** Unless required by applicable law or agreed to in writing, software
+ ** distributed under the License is distributed on an "AS IS" BASIS,
+ ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ** See the License for the specific language governing permissions and
+ ** limitations under the License.
+ */
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#define BUFFER_MAX_LENGTH 256
+#define SB_KEYMASTER_SERVICE "javacard"
+#define INS_BEGIN_KM_CMD 0x00
+#define APDU_CLS 0x80
+#define APDU_P1  0x40
+#define APDU_P2  0x00
+#define APDU_RESP_STATUS_OK 0x9000
+#define MAX_ATTEST_IDS_SIZE 8
+#define SHARED_SECRET_SIZE 32
+
+enum class Instruction {
+    // Provisioning commands
+    INS_PROVISION_ATTESTATION_KEY_CMD = INS_BEGIN_KM_CMD+1,
+    INS_PROVISION_CERT_CHAIN_CMD = INS_BEGIN_KM_CMD+2,
+    INS_PROVISION_CERT_PARAMS_CMD = INS_BEGIN_KM_CMD+3,
+    INS_PROVISION_ATTEST_IDS_CMD = INS_BEGIN_KM_CMD+4,
+    INS_PROVISION_SHARED_SECRET_CMD = INS_BEGIN_KM_CMD+5,
+    INS_SET_BOOT_PARAMS_CMD = INS_BEGIN_KM_CMD+6,
+    INS_LOCK_PROVISIONING_CMD = INS_BEGIN_KM_CMD+7,
+    INS_GET_PROVISION_STATUS_CMD = INS_BEGIN_KM_CMD+8,
+};
+
+enum ProvisionStatus {
+    NOT_PROVISIONED = 0x00,
+    PROVISION_STATUS_ATTESTATION_KEY = 0x01,
+    PROVISION_STATUS_ATTESTATION_CERT_CHAIN = 0x02,
+    PROVISION_STATUS_ATTESTATION_CERT_PARAMS = 0x04,
+    PROVISION_STATUS_ATTEST_IDS = 0x08,
+    PROVISION_STATUS_PRESHARED_SECRET = 0x10,
+    PROVISION_STATUS_BOOT_PARAM = 0x20,
+    PROVISION_STATUS_PROVISIONING_LOCKED = 0x40,
+};
+
+using ::android::hardware::keymaster::V4_0::ErrorCode;
+
+static keymaster::V4_1::javacard::Provision mProvision;
+Json::Value root;
+
+constexpr char hex_value[256] = {0, 0,  0,  0,  0,  0,  0,  0, 0, 0, 0, 0, 0, 0, 0, 0,  //
+                                 0, 0,  0,  0,  0,  0,  0,  0, 0, 0, 0, 0, 0, 0, 0, 0,  //
+                                 0, 0,  0,  0,  0,  0,  0,  0, 0, 0, 0, 0, 0, 0, 0, 0,  //
+                                 0, 1,  2,  3,  4,  5,  6,  7, 8, 9, 0, 0, 0, 0, 0, 0,  // '0'..'9'
+                                 0, 10, 11, 12, 13, 14, 15, 0, 0, 0, 0, 0, 0, 0, 0, 0,  // 'A'..'F'
+                                 0, 0,  0,  0,  0,  0,  0,  0, 0, 0, 0, 0, 0, 0, 0, 0,  //
+                                 0, 10, 11, 12, 13, 14, 15, 0, 0, 0, 0, 0, 0, 0, 0, 0,  // 'a'..'f'
+                                 0, 0,  0,  0,  0,  0,  0,  0, 0, 0, 0, 0, 0, 0, 0, 0,  //
+                                 0, 0,  0,  0,  0,  0,  0,  0, 0, 0, 0, 0, 0, 0, 0, 0,  //
+                                 0, 0,  0,  0,  0,  0,  0,  0, 0, 0, 0, 0, 0, 0, 0, 0,  //
+                                 0, 0,  0,  0,  0,  0,  0,  0, 0, 0, 0, 0, 0, 0, 0, 0,  //
+                                 0, 0,  0,  0,  0,  0,  0,  0, 0, 0, 0, 0, 0, 0, 0, 0,  //
+                                 0, 0,  0,  0,  0,  0,  0,  0, 0, 0, 0, 0, 0, 0, 0, 0,  //
+                                 0, 0,  0,  0,  0,  0,  0,  0, 0, 0, 0, 0, 0, 0, 0, 0,  //
+                                 0, 0,  0,  0,  0,  0,  0,  0, 0, 0, 0, 0, 0, 0, 0, 0,  //
+                                 0, 0,  0,  0,  0,  0,  0,  0, 0, 0, 0, 0, 0, 0, 0, 0};
+
+std::string hex2str(std::string a) { 
+    std::string b;
+    size_t num = a.size() / 2;
+    b.resize(num);
+    for (size_t i = 0; i < num; i++) {
+        b[i] = (hex_value[a[i * 2] & 0xFF] << 4) + (hex_value[a[i * 2 + 1] & 0xFF]);
+    }    
+    return b;
+}
+
+bool parseJsonFile(const char* filename);
+
+static bool readDataFromFile(const char *filename, std::vector& data) {
+    FILE *fp;
+    bool ret = true;
+    fp = fopen(filename, "rb");
+    if(fp == NULL) {
+        printf("\nFailed to open file: \n");
+        return false;
+    }
+    fseek(fp, 0L, SEEK_END);
+    long int filesize = ftell(fp);
+    rewind(fp);
+    std::unique_ptr buf(new uint8_t[filesize]);
+    if( 0 == fread(buf.get(), filesize, 1, fp)) {
+        printf("\n No content in the file \n");
+        ret = false;
+    }
+    if(true == ret) {
+        data.insert(data.end(), buf.get(), buf.get() + filesize);
+    }
+    fclose(fp);
+    return ret;
+}
+
+void usage() {
+    printf("Usage: provision_tool [options]\n");
+    printf("Valid options are:\n");
+    printf("-h, --help    show this help message and exit.\n");
+    printf("-a, --all jsonFile \t Executes all the provision commands \n");
+    printf("-k, --attest_key jsonFile \t Provision attestation key \n");
+    printf("-c, --cert_chain jsonFile \t Provision attestation certificate chain \n");
+    printf("-p, --cert_params jsonFile \t Provision attestation certificate parameters \n");
+    printf("-i, --attest_ids jsonFile \t Provision attestation IDs \n");
+    printf("-r, --shared_secret jsonFile \t Provision shared secret  \n");
+    printf("-b, --set_boot_params jsonFile \t Set boot parameters  \n");
+    printf("-e, --set_system_properties \t Set system properties  \n");
+    printf("-s, --provision_status \t Prints the provision status.\n");
+    printf("-l, --lock_provision  \t  Locks the provision commands.\n");
+}
+
+bool getBootParameterIntValue(Json::Value& bootParamsObj, const char* key, uint32_t *value) {
+    bool ret = false;
+    Json::Value val = bootParamsObj[key];
+    if(val.empty())
+        return ret;
+
+    if(!val.isInt())
+        return ret;
+
+    *value = (uint32_t)val.asInt();
+
+    return true;
+}
+
+bool getBootParameterBlobValue(Json::Value& bootParamsObj, const char* key, std::vector& blob) {
+    bool ret = false;
+    Json::Value val = bootParamsObj[key];
+    if(val.empty())
+        return ret;
+
+    if(!val.isString())
+        return ret;
+
+    std::string blobStr = hex2str(val.asString());
+
+    for(char ch : blobStr) {
+        blob.push_back((uint8_t)ch);
+    }
+
+    return true;
+}
+
+bool setAndroidSystemProperties() {
+    ErrorCode err = ErrorCode::OK;
+    bool ret = false;
+    if (ErrorCode::OK != (err = mProvision.setAndroidSystemProperties())) {
+        printf("\n set boot parameters failed with err:%d \n", (int32_t)err);
+        return ret;
+    }
+    printf("\n SE successfully accepted system properties.\n");
+    return true;
+
+}
+
+bool setBootParameters(const char* filename) {
+    Json::Value bootParamsObj;
+    bool ret = false;
+    ErrorCode err = ErrorCode::OK;
+    keymaster::V4_1::javacard::BootParams bootParams;
+
+    if(!parseJsonFile(filename))
+        return ret;
+
+    bootParamsObj = root.get("set_boot_params", bootParamsObj);
+    if (!bootParamsObj.isNull()) {
+
+        if(!getBootParameterIntValue(bootParamsObj, "boot_patch_level", &bootParams.bootPatchLevel)) {
+            printf("\n Invalid value for boot_patch_level or boot_patch_level tag missing\n");
+            return ret;
+        }
+        if(!getBootParameterBlobValue(bootParamsObj, "verified_boot_key", bootParams.verifiedBootKey)) {
+            printf("\n Invalid value for verified_boot_key or verified_boot_key tag missing\n");
+            return ret;
+        }
+        if(!getBootParameterBlobValue(bootParamsObj, "verified_boot_key_hash", bootParams.verifiedBootKeyHash)) {
+            printf("\n Invalid value for verified_boot_key_hash or verified_boot_key_hash tag missing\n");
+            return ret;
+        }
+        if(!getBootParameterIntValue(bootParamsObj, "boot_state", &bootParams.verifiedBootState)) {
+            printf("\n Invalid value for boot_state or boot_state tag missing\n");
+            return ret;
+        }
+        if(!getBootParameterIntValue(bootParamsObj, "device_locked", &bootParams.deviceLocked)) {
+            printf("\n Invalid value for device_locked or device_locked tag missing\n");
+            return ret;
+        }
+
+    } else {
+        printf("\n Fail: Improper value found for set_boot_params key inside the json file\n");
+        return ret;
+    }
+
+    if (ErrorCode::OK != (err = mProvision.provisionBootParameters(bootParams))) {
+        printf("\n set boot parameters failed with err:%d \n", (int32_t)err);
+        return ret;
+    }
+
+    printf("\n SE successfully accepted boot paramters \n");
+    return true;
+}
+
+bool provisionAttestationIds(const char *filename) {
+    Json::Value attestIds;
+    bool ret = false;
+    ErrorCode err = ErrorCode::OK;
+    keymaster::V4_1::javacard::AttestIDParams params;
+
+    if(!parseJsonFile(filename))
+        return ret;
+
+    attestIds = root.get("attest_ids", attestIds);
+    if (!attestIds.isNull()) {
+        Json::Value value;
+        Json::Value::Members keys = attestIds.getMemberNames();
+        for(std::string key : keys) {
+            value = attestIds[key];
+            if(value.empty()) {
+                continue;
+            }
+            if (!value.isString()) {
+                printf("\n Fail: Value for each attest ids key should be a string in the json file \n");
+                return ret;
+            }
+
+            if (0 == key.compare("brand")) {
+                params.brand = value.asString();
+            } else if(0 == key.compare("device")) {
+                params.device = value.asString();
+            } else if(0 == key.compare("product")) {
+                params.product = value.asString();
+            } else if(0 == key.compare("serial")) {
+                params.serial = value.asString();
+            } else if(0 == key.compare("imei")) {
+                params.imei = value.asString();
+            } else if(0 == key.compare("meid")) {
+                params.meid = value.asString();
+            } else if(0 == key.compare("manufacturer")) {
+                params.manufacturer = value.asString();
+            } else if(0 == key.compare("model")) {
+                params.model = value.asString();
+            } else {
+                printf("\n unknown attestation id key:%s \n", key.c_str());
+                return ret;
+            }
+        }
+
+        if (ErrorCode::OK != (err = mProvision.provisionAttestationID(params))) {
+            printf("\n Provision attestationID parameters failed with err:%d \n", (int32_t)err);
+            return ret;
+        }
+    } else {
+        printf("\n Fail: Improper value found for attest_ids key inside the json file \n");
+        return ret;
+    }
+    printf("\n provisioned attestation ids successfully \n");
+    return true;
+}
+
+bool lockProvision() {
+    ErrorCode errorCode;
+    bool ret = false;
+
+    if(ErrorCode::OK != (errorCode = mProvision.lockProvision())) {
+        printf("\n Failed to lock provisioning error: %d\n", uint32_t(errorCode));
+        return ret;
+    }
+    printf("\n Successfully locked provisioning process. Now SE doesn't accept any further provision commands. \n");
+	return true;
+}
+
+bool getProvisionStatus() {
+	bool ret = false;
+    uint64_t status;
+    if (ErrorCode::OK != mProvision.getProvisionStatus(status)) {
+        return ret;
+    }
+	if ( (0 != (status & ProvisionStatus::PROVISION_STATUS_ATTESTATION_KEY)) &&
+			(0 != (status & ProvisionStatus::PROVISION_STATUS_ATTESTATION_CERT_CHAIN)) &&
+			(0 != (status & ProvisionStatus::PROVISION_STATUS_ATTESTATION_CERT_PARAMS)) &&
+			(0 != (status & ProvisionStatus::PROVISION_STATUS_PRESHARED_SECRET)) &&
+			(0 != (status & ProvisionStatus::PROVISION_STATUS_BOOT_PARAM))) {
+        printf("\n SE is provisioned \n");
+	} else {
+        if (0 == (status & ProvisionStatus::PROVISION_STATUS_ATTESTATION_KEY)) {
+            printf("\n Attestation key is not provisioned \n");
+        }
+        if (0 == (status & ProvisionStatus::PROVISION_STATUS_ATTESTATION_CERT_CHAIN)) {
+            printf("\n Attestation certificate chain is not provisioned \n");
+        }
+        if (0 == (status & ProvisionStatus::PROVISION_STATUS_ATTESTATION_CERT_PARAMS)) {
+            printf("\n Attestation certificate params are not provisioned \n");
+        }
+        if (0 == (status & ProvisionStatus::PROVISION_STATUS_PRESHARED_SECRET)) {
+            printf("\n Shared secret is not provisioned \n");
+        }
+        if (0 == (status & ProvisionStatus::PROVISION_STATUS_BOOT_PARAM)) {
+            printf("\n Boot params are not provisioned \n");
+        }
+    }
+	return true;
+}
+
+bool provisionSharedSecret(const char* filename) {
+    Json::Value sharedSecret;
+    bool ret = false;
+    ErrorCode err = ErrorCode::OK;
+
+    if(!parseJsonFile(filename))
+        return ret;
+
+    sharedSecret = root.get("shared_secret", sharedSecret);
+    if (!sharedSecret.isNull()) {
+
+        if (!sharedSecret.isString()) {
+            printf("\n Fail: Value for shared secret key should be string inside the json file\n");
+            return ret;
+        }
+        std::string secret = hex2str(sharedSecret.asString());
+        std::vector data(secret.begin(), secret.end());
+        if(ErrorCode::OK != (err = mProvision.provisionPreSharedSecret(data))) {
+            printf("\n Provision pre-shared secret failed with err:%d \n", (int32_t)err);
+            return ret;
+        }
+    } else {
+        printf("\n Fail: Improper value for shared_secret key inside the json file\n");
+        return ret;
+    }
+    printf("\n Provisioned shared secret successfully \n");
+    return true;
+}
+
+static bool provisionAttestationKey(const char* filename) {
+    Json::Value keyFile;
+    bool ret = false;
+    ErrorCode err = ErrorCode::OK;
+
+    if(!parseJsonFile(filename))
+        return ret;
+
+    keyFile = root.get("attest_key", keyFile);
+    if (!keyFile.isNull()) {
+        std::vector data;
+
+        std::string keyFileName = keyFile.asString();
+        if(!readDataFromFile(keyFileName.data(), data)) {
+            printf("\n Failed to read the Root ec key\n");
+            return ret;
+        }
+        if(ErrorCode::OK != (err = mProvision.provisionAttestationKey(data))) {
+            printf("\n Provision attestation key failed with error: %d\n", (int32_t)err);
+            return ret;
+        }
+    } else {
+        printf("\n Improper value for attest_key in json file \n");
+        return ret;
+    }
+    printf("\n Provisioned attestation key successfully\n");
+    return true;
+}
+
+bool provisionAttestationCertificateChain(const char* filename) {
+    Json::Value certChainFile;
+    bool ret = false;
+    ErrorCode err = ErrorCode::OK;
+
+    if(!parseJsonFile(filename))
+        return ret;
+
+    certChainFile = root.get("attest_cert_chain", certChainFile);
+    if (!certChainFile.isNull()) {
+        std::vector> certData;
+
+        if(certChainFile.isArray()) {
+            for (int i = 0; i < certChainFile.size(); i++) {
+                std::vector tmp;
+                if(certChainFile[i].isString()) {
+                    /* Read the certificates. */
+                    if(!readDataFromFile(certChainFile[i].asString().data(), tmp)) {
+                        printf("\n Failed to read the Root certificate\n");
+                        return ret;
+                    }
+                    certData.push_back(std::move(tmp));
+                } else {
+                    printf("\n Fail: Only proper certificate paths as a string is allowed inside the json file. \n");
+                    return ret;
+                }
+            }
+        } else {
+            printf("\n Fail: cert chain value should be an array inside the json file. \n");
+            return ret;
+        }
+        if (ErrorCode::OK != (err = mProvision.provisionAtestationCertificateChain(certData))) {
+            printf("\n Provision certificate chain failed with error: %d\n", (int32_t)err);
+            return ret;
+        }
+    } else {
+        printf("\n Fail: Improper value found for attest_cert_chain key inside json file \n");
+        return ret;
+    }
+    printf("\n Provisioned attestation certificate chain successfully\n");
+    return true;
+}
+
+bool provisionAttestationCertificateParams(const char* filename) {
+    Json::Value certChainFile;
+    bool ret = false;
+    ErrorCode err = ErrorCode::OK;
+
+    if(!parseJsonFile(filename))
+        return ret;
+
+    certChainFile = root.get("attest_cert_chain", certChainFile);
+    if (!certChainFile.isNull()) {
+        std::vector> certData;
+
+        if(certChainFile.isArray()) {
+            if (certChainFile.size() == 0) {
+                return ret;
+            }
+            std::vector tmp;
+            if(!readDataFromFile(certChainFile[0].asString().data(), tmp)) {
+                printf("\n Failed to read the Root certificate\n");
+                return ret;
+            }
+            if (ErrorCode::OK != (err = mProvision.provisionAttestationCertificateParams(tmp))) {
+                printf("\n Provision certificate params failed with error: %d\n", (int32_t)err);
+                return ret;
+            }
+        } else {
+            printf("\n Fail: cert chain value should be an array inside the json file. \n");
+            return ret;
+        }
+    } else {
+        printf("\n Fail: Improper value found for attest_cert_chain key inside json file \n");
+        return ret;
+    }
+    printf("\n Provisioned attestation certificate parameters successfully\n");
+    return true;
+}
+
+bool provision(const char* filename) {
+
+    if(!provisionAttestationKey(filename)) {
+        return false;
+    }
+    if(!provisionAttestationCertificateChain(filename)) {
+        return false;
+    }
+    if(!provisionAttestationCertificateParams(filename)) {
+        return false;
+    }
+    if(!provisionSharedSecret(filename)) {
+        return false;
+    }
+    if(!provisionAttestationIds(filename)) {
+        return false;
+    }
+    if(!setBootParameters(filename)) {
+        return false;
+    }
+    if(!setAndroidSystemProperties()) {
+        return false;
+    }
+    return true;
+}
+
+bool parseJsonFile(const char* filename) {
+    std::stringstream buffer;
+    Json::Reader jsonReader;
+
+    if(!root.empty()) {
+        printf("\n Already parsed \n");
+        return true;
+    }
+    std::ifstream stream(filename);
+    buffer << stream.rdbuf();
+    if(jsonReader.parse(buffer.str(), root)) {
+        printf("\n Parsed json file successfully\n");
+        return true;
+    } else {
+        printf("\n Failed to parse json file\n");
+        return false;
+    }
+}
+
+int main(int argc, char* argv[])
+{
+    int c;
+    struct option longOpts[] = {
+        {"all",              required_argument, NULL, 'a'},
+        {"attest_key",       required_argument, NULL, 'k'},
+        {"cert_chain",       required_argument, NULL, 'c'},
+        {"cert_params",       required_argument, NULL,'p'},
+        {"attest_ids",       required_argument, NULL, 'i'},
+        {"shared_secret",    required_argument, NULL, 'r'},
+        {"set_boot_params",  required_argument, NULL, 'b'},
+        {"set_system_properties",  no_argument, NULL, 'e'},
+        {"provision_status", no_argument,       NULL, 's'},
+        {"lock_provision",   no_argument,       NULL, 'l'},
+        {"help",             no_argument,       NULL, 'h'},
+        {0,0,0,0}
+    };
+
+    if (argc <= 1) {
+        printf("\n Invalid command \n");
+        usage();
+    }
+    /* Initialize provision */
+    mProvision.init();
+
+    /* getopt_long stores the option index here. */
+    while ((c = getopt_long(argc, argv, ":slhea:k:c:p:i:r:b:", longOpts, NULL)) != -1) {
+        switch(c) {
+            case 'a':
+                //all
+                if(!provision(optarg))
+                    printf("\n Failed to provision the device \n");
+                break;
+            case 'k':
+                //attest key
+                if(!provisionAttestationKey(optarg))
+                    printf("\n Failed to provision attestaion key\n");
+                break;
+            case 'c':
+                //attest certchain
+                if(!provisionAttestationCertificateChain(optarg))
+                    printf("\n Failed to provision attestaion certificate chain\n");
+                break;
+            case 'p':
+                //attest cert params
+                if(!provisionAttestationCertificateParams(optarg))
+                    printf("\n Failed to provision attestaion certificate paramaters\n");
+                break;
+            case 'i':
+                //attestation ids.
+                if(!provisionAttestationIds(optarg))
+                    printf("\n Failed to provision attestaion ids\n");
+                break;
+                //shared secret
+            case 'r':
+                if(!provisionSharedSecret(optarg))
+                    printf("\n Failed to provision shared secret\n");
+                break;
+            case 'b':
+                //set boot params
+                if(!setBootParameters(optarg))
+                    printf("\n Failed to set boot parameters.\n");
+                break;
+            case 'e':
+                //set Android system properties
+                if(!setAndroidSystemProperties())
+                    printf("\n Failed to set android system properties.\n");
+                break;
+            case 's':
+                if(!getProvisionStatus())
+                    printf("\n Failed to get provision status \n");
+                break;
+            case 'l':
+                lockProvision();
+                break;
+            case 'h':
+                usage();
+                break;
+            case ':':
+                printf("\n missing argument\n");
+                usage();
+                break;
+            case '?':
+            default:
+                printf("\n Invalid option\n");
+                usage();
+                break;
+        }
+    }
+    if(optind < argc) {
+        usage();
+    }
+    /*Uninitalize */
+    mProvision.uninit();
+    return 0;
+}
diff --git a/ProvisioningTool/README.md b/ProvisioningTool/README.md
index 35cbca19..9d65e5d1 100644
--- a/ProvisioningTool/README.md
+++ b/ProvisioningTool/README.md
@@ -1,18 +1,12 @@
 # Provisioning tool
-This directory contains two tools. One which constructs the apdus and dumps them to a json file, Other which gets the apuds from the json file and provision them into a secure element simulator. Both the tools can be compiled and executed from a Linux machine.
+This directory contains provisioning tool which helps in provisioning 
+the secure element by using the APIs exposed by Provision library.
+This tool takes the input parameters from json file.
 
-#### Build instruction
-The default target generates both the executables. One construct_apdus and the other provision.
-$ make
-Individual targets can also be selected as shown below
-$ make construct_apdus
-$ make provision
-Make clean will remove all the object files and binaries
-$ make clean
-
-#### Environment setup
-Before executing the binaries make sure LD_LIBRARY_PATH is set
-export LD_LIBRARY_PATH=./lib:$LD_LIBRARY_PATH
+#### Build
+This tool can be built along with aosp build. It has dependency on 
+[libjc_common](../HAL/keymaster/Android.bp) and
+[libjc_provision](Android.bp).
 
 #### Sample resources for quick testing
 Two sample json files are located in this directory with names
@@ -23,23 +17,18 @@ keys can be found in [test_resources](test_resources) directory. Copy the
 certificates and the key into the emulator/device filesystem in their respective
 paths mentioned in the sample json file.
 
-#### Usage for construct_apdus
+#### Usage
 
    -Usage: construct_apdus options
+Usage: provision_tool options
 Valid options are:
 -h, --help                        show the help message and exit.
--v, --km_version version Version of the keymaster ((4.0 or 4.1 for respective keymaster version))
--i, --input  jsonFile	 Input json file
--o, --output jsonFile 	 Output json file
-
    
-
-#### Usage for provision
-
    -Usage: provision options
-Valid options are:
--h, --help                      show the help message and exit.
--v, --km_version version  Version of the keymaster ((4.0 or 4.1 for respective keymaster version))
--i, --input  jsonFile 	  Input json file 
--s, --provision_stautus   Prints the current provision status.
--l, --lock_provision      Locks the provision state.
+-a, --all jsonFile                Executes all the provision commands.
+-k, --attest_key jsonFile         Provision attestation key.
+-c, --cert_chain jsonFile         Provision attestation certificate chain.
+-p, --cert_params jsonFile        Provision attestation certificate parameters.
+-i, --attest_ids jsonFile         Provision attestation IDs.
+-r, --shared_secret jsonFile      Provision pre-shared secret.
+-b, --set_boot_params jsonFile    Provision boot parameters.
+-s, --provision_stautus           Prints the current provision status.
+-l, --lock_provision              Locks the provision commands.
 
    
diff --git a/ProvisioningTool/include/UniquePtr.h b/ProvisioningTool/include/UniquePtr.h
deleted file mode 100644
index da74780b..00000000
--- a/ProvisioningTool/include/UniquePtr.h
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * Copyright (C) 2010 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#pragma once
-
-#include   // for size_t
-
-#include 
-
-// Default deleter for pointer types.
-template  struct DefaultDelete {
-    enum { type_must_be_complete = sizeof(T) };
-    DefaultDelete() {}
-    void operator()(T* p) const { delete p; }
-};
-
-// Default deleter for array types.
-template  struct DefaultDelete {
-    enum { type_must_be_complete = sizeof(T) };
-    void operator()(T* p) const { delete[] p; }
-};
-
-template >
-using UniquePtr = std::unique_ptr;
-
-
diff --git a/ProvisioningTool/include/constants.h b/ProvisioningTool/include/constants.h
deleted file mode 100644
index ffc0011f..00000000
--- a/ProvisioningTool/include/constants.h
+++ /dev/null
@@ -1,95 +0,0 @@
-/*
- **
- ** Copyright 2021, The Android Open Source Project
- **
- ** Licensed under the Apache License, Version 2.0 (the "License");
- ** you may not use this file except in compliance with the License.
- ** You may obtain a copy of the License at
- **
- **     http://www.apache.org/licenses/LICENSE-2.0
- **
- ** Unless required by applicable law or agreed to in writing, software
- ** distributed under the License is distributed on an "AS IS" BASIS,
- ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- ** See the License for the specific language governing permissions and
- ** limitations under the License.
- */
-#pragma once
-
-#include 
-#include 
-#include 
-#include 
-#include 
-#include "UniquePtr.h"
-
-#define SUCCESS 0
-#define FAILURE 1
-#define KEYMASTER_VERSION_4_1 4.1
-#define KEYMASTER_VERSION_4_0 4
-#define P1_40 0x40
-#define P1_50 0x50
-#define APDU_CLS 0x80
-#define APDU_P1 P1_40
-#define APDU_P2  0x00
-#define INS_BEGIN_KM_CMD 0x00
-#define APDU_RESP_STATUS_OK 0x9000
-#define SE_POWER_RESET_STATUS_FLAG ( 1 << 30)
-
-
-
-template 
-struct OpenSslObjectDeleter {
-    void operator()(T* p) { FreeFunc(p); }
-};
-
-#define DEFINE_OPENSSL_OBJECT_POINTER(name)                                                        \
-    typedef OpenSslObjectDeleter name##_Delete; \
-    typedef UniquePtr name##_Ptr;
-
-DEFINE_OPENSSL_OBJECT_POINTER(EC_KEY)
-DEFINE_OPENSSL_OBJECT_POINTER(EVP_PKEY)
-DEFINE_OPENSSL_OBJECT_POINTER(X509)
-
-
-// Tags
-constexpr uint64_t kTagAlgorithm = 268435458u;
-constexpr uint64_t kTagDigest = 536870917u;
-constexpr uint64_t kTagCurve = 268435466u;
-constexpr uint64_t kTagPurpose = 536870913u;
-constexpr uint64_t kTagAttestationIdBrand = 2415919814u;
-constexpr uint64_t kTagAttestationIdDevice = 2415919815u;
-constexpr uint64_t kTagAttestationIdProduct = 2415919816u;
-constexpr uint64_t kTagAttestationIdSerial = 2415919817u;
-constexpr uint64_t kTagAttestationIdImei = 2415919818u;
-constexpr uint64_t kTagAttestationIdMeid = 2415919819u;
-constexpr uint64_t kTagAttestationIdManufacturer = 2415919820u;
-constexpr uint64_t kTagAttestationIdModel = 2415919821u;
-
-// Values
-constexpr uint64_t kCurveP256 = 1;
-constexpr uint64_t kAlgorithmEc = 3;
-constexpr uint64_t kDigestSha256 = 4;
-constexpr uint64_t kPurposeAttest = 0x7F;
-constexpr uint64_t kKeyFormatRaw = 3;
-
-// json keys
-constexpr char kAttestKey[] = "attest_key";
-constexpr char kAttestCertChain[] = "attest_cert_chain";
-constexpr char kSharedSecret[] = "shared_secret";
-constexpr char kBootParams[] = "boot_params";
-constexpr char kAttestationIds[] = "attestation_ids";
-constexpr char kDeviceUniqueKey[] = "device_unique_key";
-constexpr char kAdditionalCertChain[] = "additional_cert_chain";
-constexpr char kProvisionStatus[] = "provision_status";
-constexpr char kLockProvision[] = "lock_provision";
-
-// Instruction constatnts
-constexpr int kAttestationKeyCmd = INS_BEGIN_KM_CMD + 1;
-constexpr int kAttestCertDataCmd = INS_BEGIN_KM_CMD + 2;
-constexpr int kAttestationIdsCmd = INS_BEGIN_KM_CMD + 3;
-constexpr int kPresharedSecretCmd = INS_BEGIN_KM_CMD + 4;
-constexpr int kBootParamsCmd = INS_BEGIN_KM_CMD + 5;
-constexpr int kLockProvisionCmd = INS_BEGIN_KM_CMD + 6;
-constexpr int kGetProvisionStatusCmd = INS_BEGIN_KM_CMD + 7;
-constexpr int kSetVersionPatchLevelCmd = INS_BEGIN_KM_CMD + 8;
diff --git a/ProvisioningTool/include/cppbor/cppbor.h b/ProvisioningTool/include/cppbor/cppbor.h
deleted file mode 100644
index 06976118..00000000
--- a/ProvisioningTool/include/cppbor/cppbor.h
+++ /dev/null
@@ -1,1113 +0,0 @@
-/*
- * Copyright 2019 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#pragma once
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-
-
-namespace cppbor {
-
-enum MajorType : uint8_t {
-    UINT = 0 << 5,
-    NINT = 1 << 5,
-    BSTR = 2 << 5,
-    TSTR = 3 << 5,
-    ARRAY = 4 << 5,
-    MAP = 5 << 5,
-    SEMANTIC = 6 << 5,
-    SIMPLE = 7 << 5,
-};
-
-enum SimpleType {
-    BOOLEAN,
-    NULL_T,  // Only two supported, as yet.
-};
-
-enum SpecialAddlInfoValues : uint8_t {
-    FALSE = 20,
-    TRUE = 21,
-    NULL_V = 22,
-    ONE_BYTE_LENGTH = 24,
-    TWO_BYTE_LENGTH = 25,
-    FOUR_BYTE_LENGTH = 26,
-    EIGHT_BYTE_LENGTH = 27,
-};
-
-class Item;
-class Uint;
-class Nint;
-class Int;
-class Tstr;
-class Bstr;
-class Simple;
-class Bool;
-class Array;
-class Map;
-class Null;
-class SemanticTag;
-class EncodedItem;
-class ViewTstr;
-class ViewBstr;
-
-/**
- * Returns the size of a CBOR header that contains the additional info value addlInfo.
- */
-size_t headerSize(uint64_t addlInfo);
-
-/**
- * Encodes a CBOR header with the specified type and additional info into the range [pos, end).
- * Returns a pointer to one past the last byte written, or nullptr if there isn't sufficient space
- * to write the header.
- */
-uint8_t* encodeHeader(MajorType type, uint64_t addlInfo, uint8_t* pos, const uint8_t* end);
-
-using EncodeCallback = std::function;
-
-/**
- * Encodes a CBOR header with the specified type and additional info, passing each byte in turn to
- * encodeCallback.
- */
-void encodeHeader(MajorType type, uint64_t addlInfo, EncodeCallback encodeCallback);
-
-/**
- * Encodes a CBOR header witht he specified type and additional info, writing each byte to the
- * provided OutputIterator.
- */
-template ::iterator_category>>>
-void encodeHeader(MajorType type, uint64_t addlInfo, OutputIterator iter) {
-    return encodeHeader(type, addlInfo, [&](uint8_t v) { *iter++ = v; });
-}
-
-/**
- * Item represents a CBOR-encodeable data item.  Item is an abstract interface with a set of virtual
- * methods that allow encoding of the item or conversion to the appropriate derived type.
- */
-class Item {
-  public:
-    virtual ~Item() {}
-
-    /**
-     * Returns the CBOR type of the item.
-     */
-    virtual MajorType type() const = 0;
-
-    // These methods safely downcast an Item to the appropriate subclass.
-    virtual Int* asInt() { return nullptr; }
-    const Int* asInt() const { return const_cast(this)->asInt(); }
-    virtual Uint* asUint() { return nullptr; }
-    const Uint* asUint() const { return const_cast(this)->asUint(); }
-    virtual Nint* asNint() { return nullptr; }
-    const Nint* asNint() const { return const_cast(this)->asNint(); }
-    virtual Tstr* asTstr() { return nullptr; }
-    const Tstr* asTstr() const { return const_cast(this)->asTstr(); }
-    virtual Bstr* asBstr() { return nullptr; }
-    const Bstr* asBstr() const { return const_cast(this)->asBstr(); }
-    virtual Simple* asSimple() { return nullptr; }
-    const Simple* asSimple() const { return const_cast(this)->asSimple(); }
-    virtual Map* asMap() { return nullptr; }
-    const Map* asMap() const { return const_cast(this)->asMap(); }
-    virtual Array* asArray() { return nullptr; }
-    const Array* asArray() const { return const_cast(this)->asArray(); }
-
-    virtual ViewTstr* asViewTstr() { return nullptr; }
-    const ViewTstr* asViewTstr() const { return const_cast(this)->asViewTstr(); }
-    virtual ViewBstr* asViewBstr() { return nullptr; }
-    const ViewBstr* asViewBstr() const { return const_cast(this)->asViewBstr(); }
-
-    // Like those above, these methods safely downcast an Item when it's actually a SemanticTag.
-    // However, if you think you want to use these methods, you probably don't.  Typically, the way
-    // you should handle tagged Items is by calling the appropriate method above (e.g. asInt())
-    // which will return a pointer to the tagged Item, rather than the tag itself.  If you want to
-    // find out if the Item* you're holding is to something with one or more tags applied, see
-    // semanticTagCount() and semanticTag() below.
-    virtual SemanticTag* asSemanticTag() { return nullptr; }
-    const SemanticTag* asSemanticTag() const { return const_cast(this)->asSemanticTag(); }
-
-    /**
-     * Returns the number of semantic tags prefixed to this Item.
-     */
-    virtual size_t semanticTagCount() const { return 0; }
-
-    /**
-     * Returns the semantic tag at the specified nesting level `nesting`, iff `nesting` is less than
-     * the value returned by semanticTagCount().
-     *
-     * CBOR tags are "nested" by applying them in sequence.  The "rightmost" tag is the "inner" tag.
-     * That is, given:
-     *
-     *     4(5(6("AES"))) which encodes as C1 C2 C3 63 414553
-     *
-     * The tstr "AES" is tagged with 6.  The combined entity ("AES" tagged with 6) is tagged with 5,
-     * etc.  So in this example, semanticTagCount() would return 3, and semanticTag(0) would return
-     * 5 semanticTag(1) would return 5 and semanticTag(2) would return 4.  For values of n > 2,
-     * semanticTag(n) will return 0, but this is a meaningless value.
-     *
-     * If this layering is confusing, you probably don't have to worry about it. Nested tagging does
-     * not appear to be common, so semanticTag(0) is the only one you'll use.
-     */
-    virtual uint64_t semanticTag(size_t /* nesting */ = 0) const { return 0; }
-
-    /**
-     * Returns true if this is a "compound" item, i.e. one that contains one or more other items.
-     */
-    virtual bool isCompound() const { return false; }
-
-    bool operator==(const Item& other) const&;
-    bool operator!=(const Item& other) const& { return !(*this == other); }
-
-    /**
-     * Returns the number of bytes required to encode this Item into CBOR.  Note that if this is a
-     * complex Item, calling this method will require walking the whole tree.
-     */
-    virtual size_t encodedSize() const = 0;
-
-    /**
-     * Encodes the Item into buffer referenced by range [*pos, end).  Returns a pointer to one past
-     * the last position written.  Returns nullptr if there isn't enough space to encode.
-     */
-    virtual uint8_t* encode(uint8_t* pos, const uint8_t* end) const = 0;
-
-    /**
-     * Encodes the Item by passing each encoded byte to encodeCallback.
-     */
-    virtual void encode(EncodeCallback encodeCallback) const = 0;
-
-    /**
-     * Clones the Item
-     */
-    virtual std::unique_ptr clone() const = 0;
-
-    /**
-     * Encodes the Item into the provided OutputIterator.
-     */
-    template ::iterator_category>
-    void encode(OutputIterator i) const {
-        return encode([&](uint8_t v) { *i++ = v; });
-    }
-
-    /**
-     * Encodes the Item into a new std::vector.
-     */
-    std::vector encode() const {
-        std::vector retval;
-        retval.reserve(encodedSize());
-        encode(std::back_inserter(retval));
-        return retval;
-    }
-
-    /**
-     * Encodes the Item into a new std::string.
-     */
-    std::string toString() const {
-        std::string retval;
-        retval.reserve(encodedSize());
-        encode([&](uint8_t v) { retval.push_back(v); });
-        return retval;
-    }
-
-    /**
-     * Encodes only the header of the Item.
-     */
-    inline uint8_t* encodeHeader(uint64_t addlInfo, uint8_t* pos, const uint8_t* end) const {
-        return ::cppbor::encodeHeader(type(), addlInfo, pos, end);
-    }
-
-    /**
-     * Encodes only the header of the Item.
-     */
-    inline void encodeHeader(uint64_t addlInfo, EncodeCallback encodeCallback) const {
-        ::cppbor::encodeHeader(type(), addlInfo, encodeCallback);
-    }
-};
-
-/**
- * EncodedItem represents a bit of already-encoded CBOR. Caveat emptor: It does no checking to
- * ensure that the provided data is a valid encoding, cannot be meaninfully-compared with other
- * kinds of items and you cannot use the as*() methods to find out what's inside it.
- */
-class EncodedItem : public Item {
-  public:
-    explicit EncodedItem(std::vector value) : mValue(std::move(value)) {}
-
-    bool operator==(const EncodedItem& other) const& { return mValue == other.mValue; }
-
-    // Type can't be meaningfully-obtained. We could extract the type from the first byte and return
-    // it, but you can't do any of the normal things with an EncodedItem so there's no point.
-    MajorType type() const override {
-        assert(false);
-        return static_cast(-1);
-    }
-    size_t encodedSize() const override { return mValue.size(); }
-    uint8_t* encode(uint8_t* pos, const uint8_t* end) const override {
-        if (end - pos < static_cast(mValue.size())) return nullptr;
-        return std::copy(mValue.begin(), mValue.end(), pos);
-    }
-    void encode(EncodeCallback encodeCallback) const override {
-        std::for_each(mValue.begin(), mValue.end(), encodeCallback);
-    }
-    std::unique_ptr clone() const override { return std::make_unique(mValue); }
-
-  private:
-    std::vector mValue;
-};
-
-/**
- * Int is an abstraction that allows Uint and Nint objects to be manipulated without caring about
- * the sign.
- */
-class Int : public Item {
-  public:
-    bool operator==(const Int& other) const& { return value() == other.value(); }
-
-    virtual int64_t value() const = 0;
-    using Item::asInt;
-    Int* asInt() override { return this; }
-};
-
-/**
- * Uint is a concrete Item that implements CBOR major type 0.
- */
-class Uint : public Int {
-  public:
-    static constexpr MajorType kMajorType = UINT;
-
-    explicit Uint(uint64_t v) : mValue(v) {}
-
-    bool operator==(const Uint& other) const& { return mValue == other.mValue; }
-
-    MajorType type() const override { return kMajorType; }
-    using Item::asUint;
-    Uint* asUint() override { return this; }
-
-    size_t encodedSize() const override { return headerSize(mValue); }
-
-    int64_t value() const override { return mValue; }
-    uint64_t unsignedValue() const { return mValue; }
-
-    using Item::encode;
-    uint8_t* encode(uint8_t* pos, const uint8_t* end) const override {
-        return encodeHeader(mValue, pos, end);
-    }
-    void encode(EncodeCallback encodeCallback) const override {
-        encodeHeader(mValue, encodeCallback);
-    }
-
-    std::unique_ptr clone() const override { return std::make_unique(mValue); }
-
-  private:
-    uint64_t mValue;
-};
-
-/**
- * Nint is a concrete Item that implements CBOR major type 1.
-
- * Note that it is incapable of expressing the full range of major type 1 values, becaue it can only
- * express values that fall into the range [std::numeric_limits::min(), -1].  It cannot
- * express values in the range [std::numeric_limits::min() - 1,
- * -std::numeric_limits::max()].
- */
-class Nint : public Int {
-  public:
-    static constexpr MajorType kMajorType = NINT;
-
-    explicit Nint(int64_t v);
-
-    bool operator==(const Nint& other) const& { return mValue == other.mValue; }
-
-    MajorType type() const override { return kMajorType; }
-    using Item::asNint;
-    Nint* asNint() override { return this; }
-    size_t encodedSize() const override { return headerSize(addlInfo()); }
-
-    int64_t value() const override { return mValue; }
-
-    using Item::encode;
-    uint8_t* encode(uint8_t* pos, const uint8_t* end) const override {
-        return encodeHeader(addlInfo(), pos, end);
-    }
-    void encode(EncodeCallback encodeCallback) const override {
-        encodeHeader(addlInfo(), encodeCallback);
-    }
-
-    std::unique_ptr clone() const override { return std::make_unique(mValue); }
-
-  private:
-    uint64_t addlInfo() const { return -1ll - mValue; }
-
-    int64_t mValue;
-};
-
-/**
- * Bstr is a concrete Item that implements major type 2.
- */
-class Bstr : public Item {
-  public:
-    static constexpr MajorType kMajorType = BSTR;
-
-    // Construct an empty Bstr
-    explicit Bstr() {}
-
-    // Construct from a vector
-    explicit Bstr(std::vector v) : mValue(std::move(v)) {}
-
-    // Construct from a string
-    explicit Bstr(const std::string& v)
-        : mValue(reinterpret_cast(v.data()),
-                 reinterpret_cast(v.data()) + v.size()) {}
-
-    // Construct from a pointer/size pair
-    explicit Bstr(const std::pair& buf)
-        : mValue(buf.first, buf.first + buf.second) {}
-
-    // Construct from a pair of iterators
-    template ::iterator_category,
-              typename = typename std::iterator_traits::iterator_category>
-    explicit Bstr(const std::pair& pair) : mValue(pair.first, pair.second) {}
-
-    // Construct from an iterator range.
-    template ::iterator_category,
-              typename = typename std::iterator_traits::iterator_category>
-    Bstr(I1 begin, I2 end) : mValue(begin, end) {}
-
-    bool operator==(const Bstr& other) const& { return mValue == other.mValue; }
-
-    MajorType type() const override { return kMajorType; }
-    using Item::asBstr;
-    Bstr* asBstr() override { return this; }
-    size_t encodedSize() const override { return headerSize(mValue.size()) + mValue.size(); }
-    using Item::encode;
-    uint8_t* encode(uint8_t* pos, const uint8_t* end) const override;
-    void encode(EncodeCallback encodeCallback) const override {
-        encodeHeader(mValue.size(), encodeCallback);
-        encodeValue(encodeCallback);
-    }
-
-    const std::vector& value() const { return mValue; }
-    std::vector&& moveValue() { return std::move(mValue); }
-
-    std::unique_ptr clone() const override { return std::make_unique(mValue); }
-
-  private:
-    void encodeValue(EncodeCallback encodeCallback) const;
-
-    std::vector mValue;
-};
-
-/**
- * ViewBstr is a read-only version of Bstr backed by std::string_view
- */
-class ViewBstr : public Item {
-  public:
-    static constexpr MajorType kMajorType = BSTR;
-
-    // Construct an empty ViewBstr
-    explicit ViewBstr() {}
-
-    // Construct from a string_view of uint8_t values
-    explicit ViewBstr(std::basic_string_view v) : mView(std::move(v)) {}
-
-    // Construct from a string_view
-    explicit ViewBstr(std::string_view v)
-        : mView(reinterpret_cast(v.data()), v.size()) {}
-
-    // Construct from an iterator range
-    template ::iterator_category,
-              typename = typename std::iterator_traits::iterator_category>
-    ViewBstr(I1 begin, I2 end) : mView(begin, end) {}
-
-    // Construct from a uint8_t pointer pair
-    ViewBstr(const uint8_t* begin, const uint8_t* end)
-        : mView(begin, std::distance(begin, end)) {}
-
-    bool operator==(const ViewBstr& other) const& { return mView == other.mView; }
-
-    MajorType type() const override { return kMajorType; }
-    using Item::asViewBstr;
-    ViewBstr* asViewBstr() override { return this; }
-    size_t encodedSize() const override { return headerSize(mView.size()) + mView.size(); }
-    using Item::encode;
-    uint8_t* encode(uint8_t* pos, const uint8_t* end) const override;
-    void encode(EncodeCallback encodeCallback) const override {
-        encodeHeader(mView.size(), encodeCallback);
-        encodeValue(encodeCallback);
-    }
-
-    const std::basic_string_view& view() const { return mView; }
-
-    std::unique_ptr clone() const override { return std::make_unique(mView); }
-
-  private:
-    void encodeValue(EncodeCallback encodeCallback) const;
-
-    std::basic_string_view mView;
-};
-
-/**
- * Tstr is a concrete Item that implements major type 3.
- */
-class Tstr : public Item {
-  public:
-    static constexpr MajorType kMajorType = TSTR;
-
-    // Construct from a string
-    explicit Tstr(std::string v) : mValue(std::move(v)) {}
-
-    // Construct from a string_view
-    explicit Tstr(const std::string_view& v) : mValue(v) {}
-
-    // Construct from a C string
-    explicit Tstr(const char* v) : mValue(std::string(v)) {}
-
-    // Construct from a pair of iterators
-    template ::iterator_category,
-              typename = typename std::iterator_traits::iterator_category>
-    explicit Tstr(const std::pair& pair) : mValue(pair.first, pair.second) {}
-
-    // Construct from an iterator range
-    template ::iterator_category,
-              typename = typename std::iterator_traits::iterator_category>
-    Tstr(I1 begin, I2 end) : mValue(begin, end) {}
-
-    bool operator==(const Tstr& other) const& { return mValue == other.mValue; }
-
-    MajorType type() const override { return kMajorType; }
-    using Item::asTstr;
-    Tstr* asTstr() override { return this; }
-    size_t encodedSize() const override { return headerSize(mValue.size()) + mValue.size(); }
-    using Item::encode;
-    uint8_t* encode(uint8_t* pos, const uint8_t* end) const override;
-    void encode(EncodeCallback encodeCallback) const override {
-        encodeHeader(mValue.size(), encodeCallback);
-        encodeValue(encodeCallback);
-    }
-
-    const std::string& value() const { return mValue; }
-    std::string&& moveValue() { return std::move(mValue); }
-
-    std::unique_ptr clone() const override { return std::make_unique(mValue); }
-
-  private:
-    void encodeValue(EncodeCallback encodeCallback) const;
-
-    std::string mValue;
-};
-
-/**
- * ViewTstr is a read-only version of Tstr backed by std::string_view
- */
-class ViewTstr : public Item {
-  public:
-    static constexpr MajorType kMajorType = TSTR;
-
-    // Construct an empty ViewTstr
-    explicit ViewTstr() {}
-
-    // Construct from a string_view
-    explicit ViewTstr(std::string_view v) : mView(std::move(v)) {}
-
-    // Construct from an iterator range
-    template ::iterator_category,
-              typename = typename std::iterator_traits::iterator_category>
-    ViewTstr(I1 begin, I2 end) : mView(begin, end) {}
-
-    // Construct from a uint8_t pointer pair
-    ViewTstr(const uint8_t* begin, const uint8_t* end)
-        : mView(reinterpret_cast(begin),
-                std::distance(begin, end)) {}
-
-    bool operator==(const ViewTstr& other) const& { return mView == other.mView; }
-
-    MajorType type() const override { return kMajorType; }
-    using Item::asViewTstr;
-    ViewTstr* asViewTstr() override { return this; }
-    size_t encodedSize() const override { return headerSize(mView.size()) + mView.size(); }
-    using Item::encode;
-    uint8_t* encode(uint8_t* pos, const uint8_t* end) const override;
-    void encode(EncodeCallback encodeCallback) const override {
-        encodeHeader(mView.size(), encodeCallback);
-        encodeValue(encodeCallback);
-    }
-
-    const std::string_view& view() const { return mView; }
-
-    std::unique_ptr clone() const override { return std::make_unique(mView); }
-
-  private:
-    void encodeValue(EncodeCallback encodeCallback) const;
-
-    std::string_view mView;
-};
-
-/*
- * Array is a concrete Item that implements CBOR major type 4.
- *
- * Note that Arrays are not copyable.  This is because copying them is expensive and making them
- * move-only ensures that they're never copied accidentally.  If you actually want to copy an Array,
- * use the clone() method.
- */
-class Array : public Item {
-  public:
-    static constexpr MajorType kMajorType = ARRAY;
-
-    Array() = default;
-    Array(const Array& other) = delete;
-    Array(Array&&) = default;
-    Array& operator=(const Array&) = delete;
-    Array& operator=(Array&&) = default;
-
-    bool operator==(const Array& other) const&;
-
-    /**
-     * Construct an Array from a variable number of arguments of different types.  See
-     * details::makeItem below for details on what types may be provided.  In general, this accepts
-     * all of the types you'd expect and doest the things you'd expect (integral values are addes as
-     * Uint or Nint, std::string and char* are added as Tstr, bools are added as Bool, etc.).
-     */
-    template 
-    Array(Args&&... args);
-
-    /**
-     * Append a single element to the Array, of any compatible type.
-     */
-    template 
-    Array& add(T&& v) &;
-    template 
-    Array&& add(T&& v) &&;
-
-    bool isCompound() const override { return true; }
-
-    virtual size_t size() const { return mEntries.size(); }
-
-    size_t encodedSize() const override {
-        return std::accumulate(mEntries.begin(), mEntries.end(), headerSize(size()),
-                               [](size_t sum, auto& entry) { return sum + entry->encodedSize(); });
-    }
-
-    using Item::encode;  // Make base versions visible.
-    uint8_t* encode(uint8_t* pos, const uint8_t* end) const override;
-    void encode(EncodeCallback encodeCallback) const override;
-
-    const std::unique_ptr& operator[](size_t index) const { return get(index); }
-    std::unique_ptr& operator[](size_t index) { return get(index); }
-
-    const std::unique_ptr& get(size_t index) const { return mEntries[index]; }
-    std::unique_ptr& get(size_t index) { return mEntries[index]; }
-
-    MajorType type() const override { return kMajorType; }
-    using Item::asArray;
-    Array* asArray() override { return this; }
-
-    std::unique_ptr clone() const override;
-
-    auto begin() { return mEntries.begin(); }
-    auto begin() const { return mEntries.begin(); }
-    auto end() { return mEntries.end(); }
-    auto end() const { return mEntries.end(); }
-
-  protected:
-    std::vector> mEntries;
-};
-
-/*
- * Map is a concrete Item that implements CBOR major type 5.
- *
- * Note that Maps are not copyable.  This is because copying them is expensive and making them
- * move-only ensures that they're never copied accidentally.  If you actually want to copy a
- * Map, use the clone() method.
- */
-class Map : public Item {
-  public:
-    static constexpr MajorType kMajorType = MAP;
-
-    using entry_type = std::pair, std::unique_ptr>;
-
-    Map() = default;
-    Map(const Map& other) = delete;
-    Map(Map&&) = default;
-    Map& operator=(const Map& other) = delete;
-    Map& operator=(Map&&) = default;
-
-    bool operator==(const Map& other) const&;
-
-    /**
-     * Construct a Map from a variable number of arguments of different types.  An even number of
-     * arguments must be provided (this is verified statically). See details::makeItem below for
-     * details on what types may be provided.  In general, this accepts all of the types you'd
-     * expect and doest the things you'd expect (integral values are addes as Uint or Nint,
-     * std::string and char* are added as Tstr, bools are added as Bool, etc.).
-     */
-    template 
-    Map(Args&&... args);
-
-    /**
-     * Append a key/value pair to the Map, of any compatible types.
-     */
-    template 
-    Map& add(Key&& key, Value&& value) &;
-    template 
-    Map&& add(Key&& key, Value&& value) &&;
-
-    bool isCompound() const override { return true; }
-
-    virtual size_t size() const { return mEntries.size(); }
-
-    size_t encodedSize() const override {
-        return std::accumulate(
-                mEntries.begin(), mEntries.end(), headerSize(size()), [](size_t sum, auto& entry) {
-                    return sum + entry.first->encodedSize() + entry.second->encodedSize();
-                });
-    }
-
-    using Item::encode;  // Make base versions visible.
-    uint8_t* encode(uint8_t* pos, const uint8_t* end) const override;
-    void encode(EncodeCallback encodeCallback) const override;
-
-    /**
-     * Find and return the value associated with `key`, if any.
-     *
-     * If the searched-for `key` is not present, returns `nullptr`.
-     *
-     * Note that if the map is canonicalized (sorted), Map::get() peforms a binary search.  If your
-     * map is large and you're searching in it many times, it may be worthwhile to canonicalize it
-     * to make Map::get() faster.  Any use of a method that might modify the map disables the
-     * speedup.
-     */
-    template 
-    const std::unique_ptr& get(Key key) const;
-
-    // Note that use of non-const operator[] marks the map as not canonicalized.
-    auto& operator[](size_t index) {
-        mCanonicalized = false;
-        return mEntries[index];
-    }
-    const auto& operator[](size_t index) const { return mEntries[index]; }
-
-    MajorType type() const override { return kMajorType; }
-    using Item::asMap;
-    Map* asMap() override { return this; }
-
-    /**
-     * Sorts the map in canonical order, as defined in RFC 7049. Use this before encoding if you
-     * want canonicalization; cppbor does not canonicalize by default, though the integer encodings
-     * are always canonical and cppbor does not support indefinite-length encodings, so map order
-     * canonicalization is the only thing that needs to be done.
-     *
-     * @param recurse If set to true, canonicalize() will also walk the contents of the map and
-     * canonicalize any contained maps as well.
-     */
-    Map& canonicalize(bool recurse = false) &;
-    Map&& canonicalize(bool recurse = false) && {
-        canonicalize(recurse);
-        return std::move(*this);
-    }
-
-    bool isCanonical() { return mCanonicalized; }
-
-    std::unique_ptr clone() const override;
-
-    auto begin() {
-        mCanonicalized = false;
-        return mEntries.begin();
-    }
-    auto begin() const { return mEntries.begin(); }
-    auto end() {
-        mCanonicalized = false;
-        return mEntries.end();
-    }
-    auto end() const { return mEntries.end(); }
-
-    // Returns true if a < b, per CBOR map key canonicalization rules.
-    static bool keyLess(const Item* a, const Item* b);
-
-  protected:
-    std::vector mEntries;
-
-  private:
-    bool mCanonicalized = false;
-};
-
-class SemanticTag : public Item {
-  public:
-    static constexpr MajorType kMajorType = SEMANTIC;
-
-    template 
-    SemanticTag(uint64_t tagValue, T&& taggedItem);
-    SemanticTag(const SemanticTag& other) = delete;
-    SemanticTag(SemanticTag&&) = default;
-    SemanticTag& operator=(const SemanticTag& other) = delete;
-    SemanticTag& operator=(SemanticTag&&) = default;
-
-    bool operator==(const SemanticTag& other) const& {
-        return mValue == other.mValue && *mTaggedItem == *other.mTaggedItem;
-    }
-
-    bool isCompound() const override { return true; }
-
-    virtual size_t size() const { return 1; }
-
-    // Encoding returns the tag + enclosed Item.
-    size_t encodedSize() const override { return headerSize(mValue) + mTaggedItem->encodedSize(); }
-
-    using Item::encode;  // Make base versions visible.
-    uint8_t* encode(uint8_t* pos, const uint8_t* end) const override;
-    void encode(EncodeCallback encodeCallback) const override;
-
-    // type() is a bit special.  In normal usage it should return the wrapped type, but during
-    // parsing when we haven't yet parsed the tagged item, it needs to return SEMANTIC.
-    MajorType type() const override { return mTaggedItem ? mTaggedItem->type() : SEMANTIC; }
-    using Item::asSemanticTag;
-    SemanticTag* asSemanticTag() override { return this; }
-
-    // Type information reflects the enclosed Item.  Note that if the immediately-enclosed Item is
-    // another tag, these methods will recurse down to the non-tag Item.
-    using Item::asInt;
-    Int* asInt() override { return mTaggedItem->asInt(); }
-    using Item::asUint;
-    Uint* asUint() override { return mTaggedItem->asUint(); }
-    using Item::asNint;
-    Nint* asNint() override { return mTaggedItem->asNint(); }
-    using Item::asTstr;
-    Tstr* asTstr() override { return mTaggedItem->asTstr(); }
-    using Item::asBstr;
-    Bstr* asBstr() override { return mTaggedItem->asBstr(); }
-    using Item::asSimple;
-    Simple* asSimple() override { return mTaggedItem->asSimple(); }
-    using Item::asMap;
-    Map* asMap() override { return mTaggedItem->asMap(); }
-    using Item::asArray;
-    Array* asArray() override { return mTaggedItem->asArray(); }
-    using Item::asViewTstr;
-    ViewTstr* asViewTstr() override { return mTaggedItem->asViewTstr(); }
-    using Item::asViewBstr;
-    ViewBstr* asViewBstr() override { return mTaggedItem->asViewBstr(); }
-
-    std::unique_ptr clone() const override;
-
-    size_t semanticTagCount() const override;
-    uint64_t semanticTag(size_t nesting = 0) const override;
-
-  protected:
-    SemanticTag() = default;
-    SemanticTag(uint64_t value) : mValue(value) {}
-    uint64_t mValue;
-    std::unique_ptr mTaggedItem;
-};
-
-/**
- * Simple is abstract Item that implements CBOR major type 7.  It is intended to be subclassed to
- * create concrete Simple types.  At present only Bool is provided.
- */
-class Simple : public Item {
-  public:
-    static constexpr MajorType kMajorType = SIMPLE;
-
-    bool operator==(const Simple& other) const&;
-
-    virtual SimpleType simpleType() const = 0;
-    MajorType type() const override { return kMajorType; }
-
-    Simple* asSimple() override { return this; }
-
-    virtual const Bool* asBool() const { return nullptr; };
-    virtual const Null* asNull() const { return nullptr; };
-};
-
-/**
- * Bool is a concrete type that implements CBOR major type 7, with additional item values for TRUE
- * and FALSE.
- */
-class Bool : public Simple {
-  public:
-    static constexpr SimpleType kSimpleType = BOOLEAN;
-
-    explicit Bool(bool v) : mValue(v) {}
-
-    bool operator==(const Bool& other) const& { return mValue == other.mValue; }
-
-    SimpleType simpleType() const override { return kSimpleType; }
-    const Bool* asBool() const override { return this; }
-
-    size_t encodedSize() const override { return 1; }
-
-    using Item::encode;
-    uint8_t* encode(uint8_t* pos, const uint8_t* end) const override {
-        return encodeHeader(mValue ? TRUE : FALSE, pos, end);
-    }
-    void encode(EncodeCallback encodeCallback) const override {
-        encodeHeader(mValue ? TRUE : FALSE, encodeCallback);
-    }
-
-    bool value() const { return mValue; }
-
-    std::unique_ptr clone() const override { return std::make_unique(mValue); }
-
-  private:
-    bool mValue;
-};
-
-/**
- * Null is a concrete type that implements CBOR major type 7, with additional item value for NULL
- */
-class Null : public Simple {
-  public:
-    static constexpr SimpleType kSimpleType = NULL_T;
-
-    explicit Null() {}
-
-    SimpleType simpleType() const override { return kSimpleType; }
-    const Null* asNull() const override { return this; }
-
-    size_t encodedSize() const override { return 1; }
-
-    using Item::encode;
-    uint8_t* encode(uint8_t* pos, const uint8_t* end) const override {
-        return encodeHeader(NULL_V, pos, end);
-    }
-    void encode(EncodeCallback encodeCallback) const override {
-        encodeHeader(NULL_V, encodeCallback);
-    }
-
-    std::unique_ptr clone() const override { return std::make_unique(); }
-};
-
-/**
- * Returns pretty-printed CBOR for |item|
- *
- * If a byte-string is larger than |maxBStrSize| its contents will not be printed, instead the value
- * of the form "" will be
- * printed. Pass zero for |maxBStrSize| to disable this.
- *
- * The |mapKeysToNotPrint| parameter specifies the name of map values to not print. This is useful
- * for unit tests.
- */
-std::string prettyPrint(const Item* item, size_t maxBStrSize = 32,
-                        const std::vector& mapKeysNotToPrint = {});
-
-/**
- * Returns pretty-printed CBOR for |value|.
- *
- * Only valid CBOR should be passed to this function.
- *
- * If a byte-string is larger than |maxBStrSize| its contents will not be printed, instead the value
- * of the form "" will be
- * printed. Pass zero for |maxBStrSize| to disable this.
- *
- * The |mapKeysToNotPrint| parameter specifies the name of map values to not print. This is useful
- * for unit tests.
- */
-std::string prettyPrint(const std::vector& encodedCbor, size_t maxBStrSize = 32,
-                        const std::vector& mapKeysNotToPrint = {});
-
-/**
- * Details. Mostly you shouldn't have to look below, except perhaps at the docstring for makeItem.
- */
-namespace details {
-
-template 
-struct is_iterator_pair_over : public std::false_type {};
-
-template 
-struct is_iterator_pair_over<
-        std::pair, V,
-        typename std::enable_if_t::value_type>>>
-    : public std::true_type {};
-
-template 
-struct is_unique_ptr_of_subclass_of_v : public std::false_type {};
-
-template 
-struct is_unique_ptr_of_subclass_of_v,
-                                      typename std::enable_if_t>>
-    : public std::true_type {};
-
-/* check if type is one of std::string (1), std::string_view (2), null-terminated char* (3) or pair
- *     of iterators (4)*/
-template 
-struct is_text_type_v : public std::false_type {};
-
-template 
-struct is_text_type_v<
-        T, typename std::enable_if_t<
-                   /* case 1 */  //
-                   std::is_same_v>, std::string>
-                   /* case 2 */  //
-                   || std::is_same_v>, std::string_view>
-                   /* case 3 */                                                 //
-                   || std::is_same_v>, char*>  //
-                   || std::is_same_v>, const char*>
-                   /* case 4 */
-                   || details::is_iterator_pair_over::value>> : public std::true_type {};
-
-/**
- * Construct a unique_ptr from many argument types. Accepts:
- *
- * (a) booleans;
- * (b) integers, all sizes and signs;
- * (c) text strings, as defined by is_text_type_v above;
- * (d) byte strings, as std::vector(d1), pair of iterators (d2) or pair
- *     (d3); and
- * (e) Item subclass instances, including Array and Map.  Items may be provided by naked pointer
- *     (e1), unique_ptr (e2), reference (e3) or value (e3).  If provided by reference or value, will
- *     be moved if possible.  If provided by pointer, ownership is taken.
- * (f) null pointer;
- * (g) enums, using the underlying integer value.
- */
-template 
-std::unique_ptr makeItem(T v) {
-    Item* p = nullptr;
-    if constexpr (/* case a */ std::is_same_v) {
-        p = new Bool(v);
-    } else if constexpr (/* case b */ std::is_integral_v) {  // b
-        if (v < 0) {
-            p = new Nint(v);
-        } else {
-            p = new Uint(static_cast(v));
-        }
-    } else if constexpr (/* case c */  //
-                         details::is_text_type_v::value) {
-        p = new Tstr(v);
-    } else if constexpr (/* case d1 */  //
-                         std::is_same_v>,
-                                        std::vector>
-                         /* case d2 */  //
-                         || details::is_iterator_pair_over::value
-                         /* case d3 */  //
-                         || std::is_same_v>,
-                                           std::pair>) {
-        p = new Bstr(v);
-    } else if constexpr (/* case e1 */  //
-                         std::is_pointer_v &&
-                         std::is_base_of_v>) {
-        p = v;
-    } else if constexpr (/* case e2 */  //
-                         details::is_unique_ptr_of_subclass_of_v::value) {
-        p = v.release();
-    } else if constexpr (/* case e3 */  //
-                         std::is_base_of_v) {
-        p = new T(std::move(v));
-    } else if constexpr (/* case f */ std::is_null_pointer_v) {
-        p = new Null();
-    } else if constexpr (/* case g */ std::is_enum_v) {
-        return makeItem(static_cast>(v));
-    } else {
-        // It's odd that this can't be static_assert(false), since it shouldn't be evaluated if one
-        // of the above ifs matches.  But static_assert(false) always triggers.
-        static_assert(std::is_same_v, "makeItem called with unsupported type");
-    }
-    return std::unique_ptr(p);
-}
-
-inline void map_helper(Map& /* map */) {}
-
-template 
-inline void map_helper(Map& map, Key&& key, Value&& value, Rest&&... rest) {
-    map.add(std::forward(key), std::forward(value));
-    map_helper(map, std::forward(rest)...);
-}
-
-}  // namespace details
-
-template >> || ...)>>
-Array::Array(Args&&... args) {
-    mEntries.reserve(sizeof...(args));
-    (mEntries.push_back(details::makeItem(std::forward(args))), ...);
-}
-
-template 
-Array& Array::add(T&& v) & {
-    mEntries.push_back(details::makeItem(std::forward(v)));
-    return *this;
-}
-
-template 
-Array&& Array::add(T&& v) && {
-    mEntries.push_back(details::makeItem(std::forward(v)));
-    return std::move(*this);
-}
-
-template >
-Map::Map(Args&&... args) {
-    static_assert((sizeof...(Args)) % 2 == 0, "Map must have an even number of entries");
-    mEntries.reserve(sizeof...(args) / 2);
-    details::map_helper(*this, std::forward(args)...);
-}
-
-template 
-Map& Map::add(Key&& key, Value&& value) & {
-    mEntries.push_back({details::makeItem(std::forward(key)),
-                        details::makeItem(std::forward(value))});
-    mCanonicalized = false;
-    return *this;
-}
-
-template 
-Map&& Map::add(Key&& key, Value&& value) && {
-    this->add(std::forward(key), std::forward(value));
-    return std::move(*this);
-}
-
-static const std::unique_ptr kEmptyItemPtr;
-
-template  || std::is_enum_v ||
-                                      details::is_text_type_v::value>>
-const std::unique_ptr& Map::get(Key key) const {
-    auto keyItem = details::makeItem(key);
-
-    if (mCanonicalized) {
-        // It's sorted, so binary-search it.
-        auto found = std::lower_bound(begin(), end(), keyItem.get(),
-                                      [](const entry_type& entry, const Item* key) {
-                                          return keyLess(entry.first.get(), key);
-                                      });
-        return (found == end() || *found->first != *keyItem) ? kEmptyItemPtr : found->second;
-    } else {
-        // Unsorted, do a linear search.
-        auto found = std::find_if(
-                begin(), end(), [&](const entry_type& entry) { return *entry.first == *keyItem; });
-        return found == end() ? kEmptyItemPtr : found->second;
-    }
-}
-
-template 
-SemanticTag::SemanticTag(uint64_t value, T&& taggedItem)
-    : mValue(value), mTaggedItem(details::makeItem(std::forward(taggedItem))) {}
-
-}  // namespace cppbor
diff --git a/ProvisioningTool/include/cppbor/cppbor_parse.h b/ProvisioningTool/include/cppbor/cppbor_parse.h
deleted file mode 100644
index 22cd18d0..00000000
--- a/ProvisioningTool/include/cppbor/cppbor_parse.h
+++ /dev/null
@@ -1,195 +0,0 @@
-/*
- * Copyright 2019 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#pragma once
-
-#include "cppbor.h"
-
-namespace cppbor {
-
-using ParseResult = std::tuple /* result */, const uint8_t* /* newPos */,
-                               std::string /* errMsg */>;
-
-/**
- * Parse the first CBOR data item (possibly compound) from the range [begin, end).
- *
- * Returns a tuple of Item pointer, buffer pointer and error message.  If parsing is successful, the
- * Item pointer is non-null, the buffer pointer points to the first byte after the
- * successfully-parsed item and the error message string is empty.  If parsing fails, the Item
- * pointer is null, the buffer pointer points to the first byte that was unparseable (the first byte
- * of a data item header that is malformed in some way, e.g. an invalid value, or a length that is
- * too large for the remaining buffer, etc.) and the string contains an error message describing the
- * problem encountered.
- */
-ParseResult parse(const uint8_t* begin, const uint8_t* end);
-
-/**
- * Parse the first CBOR data item (possibly compound) from the range [begin, end).
- *
- * Returns a tuple of Item pointer, buffer pointer and error message.  If parsing is successful, the
- * Item pointer is non-null, the buffer pointer points to the first byte after the
- * successfully-parsed item and the error message string is empty.  If parsing fails, the Item
- * pointer is null, the buffer pointer points to the first byte that was unparseable (the first byte
- * of a data item header that is malformed in some way, e.g. an invalid value, or a length that is
- * too large for the remaining buffer, etc.) and the string contains an error message describing the
- * problem encountered.
- *
- * The returned CBOR data item will contain View* items backed by
- * std::string_view types over the input range.
- * WARNING! If the input range changes underneath, the corresponding views will
- * carry the same change.
- */
-ParseResult parseWithViews(const uint8_t* begin, const uint8_t* end);
-
-/**
- * Parse the first CBOR data item (possibly compound) from the byte vector.
- *
- * Returns a tuple of Item pointer, buffer pointer and error message.  If parsing is successful, the
- * Item pointer is non-null, the buffer pointer points to the first byte after the
- * successfully-parsed item and the error message string is empty.  If parsing fails, the Item
- * pointer is null, the buffer pointer points to the first byte that was unparseable (the first byte
- * of a data item header that is malformed in some way, e.g. an invalid value, or a length that is
- * too large for the remaining buffer, etc.) and the string contains an error message describing the
- * problem encountered.
- */
-inline ParseResult parse(const std::vector& encoding) {
-    return parse(encoding.data(), encoding.data() + encoding.size());
-}
-
-/**
- * Parse the first CBOR data item (possibly compound) from the range [begin, begin + size).
- *
- * Returns a tuple of Item pointer, buffer pointer and error message.  If parsing is successful, the
- * Item pointer is non-null, the buffer pointer points to the first byte after the
- * successfully-parsed item and the error message string is empty.  If parsing fails, the Item
- * pointer is null, the buffer pointer points to the first byte that was unparseable (the first byte
- * of a data item header that is malformed in some way, e.g. an invalid value, or a length that is
- * too large for the remaining buffer, etc.) and the string contains an error message describing the
- * problem encountered.
- */
-inline ParseResult parse(const uint8_t* begin, size_t size) {
-    return parse(begin, begin + size);
-}
-
-/**
- * Parse the first CBOR data item (possibly compound) from the range [begin, begin + size).
- *
- * Returns a tuple of Item pointer, buffer pointer and error message.  If parsing is successful, the
- * Item pointer is non-null, the buffer pointer points to the first byte after the
- * successfully-parsed item and the error message string is empty.  If parsing fails, the Item
- * pointer is null, the buffer pointer points to the first byte that was unparseable (the first byte
- * of a data item header that is malformed in some way, e.g. an invalid value, or a length that is
- * too large for the remaining buffer, etc.) and the string contains an error message describing the
- * problem encountered.
- *
- * The returned CBOR data item will contain View* items backed by
- * std::string_view types over the input range.
- * WARNING! If the input range changes underneath, the corresponding views will
- * carry the same change.
- */
-inline ParseResult parseWithViews(const uint8_t* begin, size_t size) {
-    return parseWithViews(begin, begin + size);
-}
-
-/**
- * Parse the first CBOR data item (possibly compound) from the value contained in a Bstr.
- *
- * Returns a tuple of Item pointer, buffer pointer and error message.  If parsing is successful, the
- * Item pointer is non-null, the buffer pointer points to the first byte after the
- * successfully-parsed item and the error message string is empty.  If parsing fails, the Item
- * pointer is null, the buffer pointer points to the first byte that was unparseable (the first byte
- * of a data item header that is malformed in some way, e.g. an invalid value, or a length that is
- * too large for the remaining buffer, etc.) and the string contains an error message describing the
- * problem encountered.
- */
-inline ParseResult parse(const Bstr* bstr) {
-    if (!bstr)
-        return ParseResult(nullptr, nullptr, "Null Bstr pointer");
-    return parse(bstr->value());
-}
-
-class ParseClient;
-
-/**
- * Parse the CBOR data in the range [begin, end) in streaming fashion, calling methods on the
- * provided ParseClient when elements are found.
- */
-void parse(const uint8_t* begin, const uint8_t* end, ParseClient* parseClient);
-
-/**
- * Parse the CBOR data in the range [begin, end) in streaming fashion, calling methods on the
- * provided ParseClient when elements are found. Uses the View* item types
- * instead of the copying ones.
- */
-void parseWithViews(const uint8_t* begin, const uint8_t* end, ParseClient* parseClient);
-
-/**
- * Parse the CBOR data in the vector in streaming fashion, calling methods on the
- * provided ParseClient when elements are found.
- */
-inline void parse(const std::vector& encoding, ParseClient* parseClient) {
-    return parse(encoding.data(), encoding.data() + encoding.size(), parseClient);
-}
-
-/**
- * A pure interface that callers of the streaming parse functions must implement.
- */
-class ParseClient {
-  public:
-    virtual ~ParseClient() {}
-
-    /**
-     * Called when an item is found.  The Item pointer points to the found item; use type() and
-     * the appropriate as*() method to examine the value.  hdrBegin points to the first byte of the
-     * header, valueBegin points to the first byte of the value and end points one past the end of
-     * the item.  In the case of header-only items, such as integers, and compound items (ARRAY,
-     * MAP or SEMANTIC) whose end has not yet been found, valueBegin and end are equal and point to
-     * the byte past the header.
-     *
-     * Note that for compound types (ARRAY, MAP, and SEMANTIC), the Item will have no content.  For
-     * Map and Array items, the size() method will return a correct value, but the index operators
-     * are unsafe, and the object cannot be safely compared with another Array/Map.
-     *
-     * The method returns a ParseClient*.  In most cases "return this;" will be the right answer,
-     * but a different ParseClient may be returned, which the parser will begin using. If the method
-     * returns nullptr, parsing will be aborted immediately.
-     */
-    virtual ParseClient* item(std::unique_ptr& item, const uint8_t* hdrBegin,
-                              const uint8_t* valueBegin, const uint8_t* end) = 0;
-
-    /**
-     * Called when the end of a compound item (MAP or ARRAY) is found.  The item argument will be
-     * the same one passed to the item() call -- and may be empty if item() moved its value out.
-     * hdrBegin, valueBegin and end point to the beginning of the item header, the beginning of the
-     * first contained value, and one past the end of the last contained value, respectively.
-     *
-     * Note that the Item will have no content.
-     *
-     * As with item(), itemEnd() can change the ParseClient by returning a different one, or end the
-     * parsing by returning nullptr;
-     */
-    virtual ParseClient* itemEnd(std::unique_ptr& item, const uint8_t* hdrBegin,
-                                 const uint8_t* valueBegin, const uint8_t* end) = 0;
-
-    /**
-     * Called when parsing encounters an error.  position is set to the first unparsed byte (one
-     * past the last successfully-parsed byte) and errorMessage contains an message explaining what
-     * sort of error occurred.
-     */
-    virtual void error(const uint8_t* position, const std::string& errorMessage) = 0;
-};
-
-}  // namespace cppbor
diff --git a/ProvisioningTool/include/json/assertions.h b/ProvisioningTool/include/json/assertions.h
deleted file mode 100644
index fbec7ae0..00000000
--- a/ProvisioningTool/include/json/assertions.h
+++ /dev/null
@@ -1,54 +0,0 @@
-// Copyright 2007-2010 Baptiste Lepilleur
-// Distributed under MIT license, or public domain if desired and
-// recognized in your jurisdiction.
-// See file LICENSE for detail or copy at http://jsoncpp.sourceforge.net/LICENSE
-
-#ifndef CPPTL_JSON_ASSERTIONS_H_INCLUDED
-#define CPPTL_JSON_ASSERTIONS_H_INCLUDED
-
-#include 
-#include 
-
-#if !defined(JSON_IS_AMALGAMATION)
-#include "config.h"
-#endif // if !defined(JSON_IS_AMALGAMATION)
-
-/** It should not be possible for a maliciously designed file to
- *  cause an abort() or seg-fault, so these macros are used only
- *  for pre-condition violations and internal logic errors.
- */
-#if JSON_USE_EXCEPTION
-
-// @todo <= add detail about condition in exception
-# define JSON_ASSERT(condition)                                                \
-  {if (!(condition)) {Json::throwLogicError( "assert json failed" );}}
-
-# define JSON_FAIL_MESSAGE(message)                                            \
-  {                                                                            \
-    std::ostringstream oss; oss << message;                                    \
-    Json::throwLogicError(oss.str());                                          \
-    abort();                                                                   \
-  }
-
-#else // JSON_USE_EXCEPTION
-
-# define JSON_ASSERT(condition) assert(condition)
-
-// The call to assert() will show the failure message in debug builds. In
-// release builds we abort, for a core-dump or debugger.
-# define JSON_FAIL_MESSAGE(message)                                            \
-  {                                                                            \
-    std::ostringstream oss; oss << message;                                    \
-    assert(false && oss.str().c_str());                                        \
-    abort();                                                                   \
-  }
-
-
-#endif
-
-#define JSON_ASSERT_MESSAGE(condition, message)                                \
-  if (!(condition)) {                                                          \
-    JSON_FAIL_MESSAGE(message);                                                \
-  }
-
-#endif // CPPTL_JSON_ASSERTIONS_H_INCLUDED
diff --git a/ProvisioningTool/include/json/autolink.h b/ProvisioningTool/include/json/autolink.h
deleted file mode 100644
index 6fcc8afa..00000000
--- a/ProvisioningTool/include/json/autolink.h
+++ /dev/null
@@ -1,25 +0,0 @@
-// Copyright 2007-2010 Baptiste Lepilleur
-// Distributed under MIT license, or public domain if desired and
-// recognized in your jurisdiction.
-// See file LICENSE for detail or copy at http://jsoncpp.sourceforge.net/LICENSE
-
-#ifndef JSON_AUTOLINK_H_INCLUDED
-#define JSON_AUTOLINK_H_INCLUDED
-
-#include "config.h"
-
-#ifdef JSON_IN_CPPTL
-#include 
-#endif
-
-#if !defined(JSON_NO_AUTOLINK) && !defined(JSON_DLL_BUILD) &&                  \
-    !defined(JSON_IN_CPPTL)
-#define CPPTL_AUTOLINK_NAME "json"
-#undef CPPTL_AUTOLINK_DLL
-#ifdef JSON_DLL
-#define CPPTL_AUTOLINK_DLL
-#endif
-#include "autolink.h"
-#endif
-
-#endif // JSON_AUTOLINK_H_INCLUDED
diff --git a/ProvisioningTool/include/json/config.h b/ProvisioningTool/include/json/config.h
deleted file mode 100644
index 5ca32281..00000000
--- a/ProvisioningTool/include/json/config.h
+++ /dev/null
@@ -1,119 +0,0 @@
-// Copyright 2007-2010 Baptiste Lepilleur
-// Distributed under MIT license, or public domain if desired and
-// recognized in your jurisdiction.
-// See file LICENSE for detail or copy at http://jsoncpp.sourceforge.net/LICENSE
-
-#ifndef JSON_CONFIG_H_INCLUDED
-#define JSON_CONFIG_H_INCLUDED
-
-/// If defined, indicates that json library is embedded in CppTL library.
-//# define JSON_IN_CPPTL 1
-
-/// If defined, indicates that json may leverage CppTL library
-//#  define JSON_USE_CPPTL 1
-/// If defined, indicates that cpptl vector based map should be used instead of
-/// std::map
-/// as Value container.
-//#  define JSON_USE_CPPTL_SMALLMAP 1
-
-// If non-zero, the library uses exceptions to report bad input instead of C
-// assertion macros. The default is to use exceptions.
-#ifndef JSON_USE_EXCEPTION
-#define JSON_USE_EXCEPTION 1
-#endif
-
-/// If defined, indicates that the source file is amalgated
-/// to prevent private header inclusion.
-/// Remarks: it is automatically defined in the generated amalgated header.
-// #define JSON_IS_AMALGAMATION
-
-#ifdef JSON_IN_CPPTL
-#include 
-#ifndef JSON_USE_CPPTL
-#define JSON_USE_CPPTL 1
-#endif
-#endif
-
-#ifdef JSON_IN_CPPTL
-#define JSON_API CPPTL_API
-#elif defined(JSON_DLL_BUILD)
-#if defined(_MSC_VER)
-#define JSON_API __declspec(dllexport)
-#define JSONCPP_DISABLE_DLL_INTERFACE_WARNING
-#endif // if defined(_MSC_VER)
-#elif defined(JSON_DLL)
-#if defined(_MSC_VER)
-#define JSON_API __declspec(dllimport)
-#define JSONCPP_DISABLE_DLL_INTERFACE_WARNING
-#endif // if defined(_MSC_VER)
-#endif // ifdef JSON_IN_CPPTL
-#if !defined(JSON_API)
-#define JSON_API
-#endif
-
-#if !defined(JSON_HAS_UNIQUE_PTR)
-#if __cplusplus >= 201103L
-#define JSON_HAS_UNIQUE_PTR (1)
-#elif _MSC_VER >= 1600
-#define JSON_HAS_UNIQUE_PTR (1)
-#else
-#define JSON_HAS_UNIQUE_PTR (0)
-#endif
-#endif
-
-// If JSON_NO_INT64 is defined, then Json only support C++ "int" type for
-// integer
-// Storages, and 64 bits integer support is disabled.
-// #define JSON_NO_INT64 1
-
-#if defined(_MSC_VER) && _MSC_VER <= 1200 // MSVC 6
-// Microsoft Visual Studio 6 only support conversion from __int64 to double
-// (no conversion from unsigned __int64).
-#define JSON_USE_INT64_DOUBLE_CONVERSION 1
-// Disable warning 4786 for VS6 caused by STL (identifier was truncated to '255'
-// characters in the debug information)
-// All projects I've ever seen with VS6 were using this globally (not bothering
-// with pragma push/pop).
-#pragma warning(disable : 4786)
-#endif // if defined(_MSC_VER)  &&  _MSC_VER < 1200 // MSVC 6
-
-#if defined(_MSC_VER) && _MSC_VER >= 1500 // MSVC 2008
-/// Indicates that the following function is deprecated.
-#define JSONCPP_DEPRECATED(message) __declspec(deprecated(message))
-#elif defined(__clang__) && defined(__has_feature)
-#if __has_feature(attribute_deprecated_with_message)
-#define JSONCPP_DEPRECATED(message)  __attribute__ ((deprecated(message)))
-#endif
-#elif defined(__GNUC__) &&  (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 5))
-#define JSONCPP_DEPRECATED(message)  __attribute__ ((deprecated(message)))
-#elif defined(__GNUC__) &&  (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 1))
-#define JSONCPP_DEPRECATED(message)  __attribute__((__deprecated__))
-#endif
-
-#if !defined(JSONCPP_DEPRECATED)
-#define JSONCPP_DEPRECATED(message)
-#endif // if !defined(JSONCPP_DEPRECATED)
-
-namespace Json {
-typedef int Int;
-typedef unsigned int UInt;
-#if defined(JSON_NO_INT64)
-typedef int LargestInt;
-typedef unsigned int LargestUInt;
-#undef JSON_HAS_INT64
-#else                 // if defined(JSON_NO_INT64)
-// For Microsoft Visual use specific types as long long is not supported
-#if defined(_MSC_VER) // Microsoft Visual Studio
-typedef __int64 Int64;
-typedef unsigned __int64 UInt64;
-#else                 // if defined(_MSC_VER) // Other platforms, use long long
-typedef long long int Int64;
-typedef unsigned long long int UInt64;
-#endif // if defined(_MSC_VER)
-typedef Int64 LargestInt;
-typedef UInt64 LargestUInt;
-#define JSON_HAS_INT64
-#endif // if defined(JSON_NO_INT64)
-} // end namespace Json
-
-#endif // JSON_CONFIG_H_INCLUDED
diff --git a/ProvisioningTool/include/json/features.h b/ProvisioningTool/include/json/features.h
deleted file mode 100644
index 78135478..00000000
--- a/ProvisioningTool/include/json/features.h
+++ /dev/null
@@ -1,51 +0,0 @@
-// Copyright 2007-2010 Baptiste Lepilleur
-// Distributed under MIT license, or public domain if desired and
-// recognized in your jurisdiction.
-// See file LICENSE for detail or copy at http://jsoncpp.sourceforge.net/LICENSE
-
-#ifndef CPPTL_JSON_FEATURES_H_INCLUDED
-#define CPPTL_JSON_FEATURES_H_INCLUDED
-
-#if !defined(JSON_IS_AMALGAMATION)
-#include "forwards.h"
-#endif // if !defined(JSON_IS_AMALGAMATION)
-
-namespace Json {
-
-/** \brief Configuration passed to reader and writer.
- * This configuration object can be used to force the Reader or Writer
- * to behave in a standard conforming way.
- */
-class JSON_API Features {
-public:
-  /** \brief A configuration that allows all features and assumes all strings
-   * are UTF-8.
-   * - C & C++ comments are allowed
-   * - Root object can be any JSON value
-   * - Assumes Value strings are encoded in UTF-8
-   */
-  static Features all();
-
-  /** \brief A configuration that is strictly compatible with the JSON
-   * specification.
-   * - Comments are forbidden.
-   * - Root object must be either an array or an object value.
-   * - Assumes Value strings are encoded in UTF-8
-   */
-  static Features strictMode();
-
-  /** \brief Initialize the configuration like JsonConfig::allFeatures;
-   */
-  Features();
-
-  /// \c true if comments are allowed. Default: \c true.
-  bool allowComments_;
-
-  /// \c true if root must be either an array or an object value. Default: \c
-  /// false.
-  bool strictRoot_;
-};
-
-} // namespace Json
-
-#endif // CPPTL_JSON_FEATURES_H_INCLUDED
diff --git a/ProvisioningTool/include/json/forwards.h b/ProvisioningTool/include/json/forwards.h
deleted file mode 100644
index ccfe09ab..00000000
--- a/ProvisioningTool/include/json/forwards.h
+++ /dev/null
@@ -1,37 +0,0 @@
-// Copyright 2007-2010 Baptiste Lepilleur
-// Distributed under MIT license, or public domain if desired and
-// recognized in your jurisdiction.
-// See file LICENSE for detail or copy at http://jsoncpp.sourceforge.net/LICENSE
-
-#ifndef JSON_FORWARDS_H_INCLUDED
-#define JSON_FORWARDS_H_INCLUDED
-
-#if !defined(JSON_IS_AMALGAMATION)
-#include "config.h"
-#endif // if !defined(JSON_IS_AMALGAMATION)
-
-namespace Json {
-
-// writer.h
-class FastWriter;
-class StyledWriter;
-
-// reader.h
-class Reader;
-
-// features.h
-class Features;
-
-// value.h
-typedef unsigned int ArrayIndex;
-class StaticString;
-class Path;
-class PathArgument;
-class Value;
-class ValueIteratorBase;
-class ValueIterator;
-class ValueConstIterator;
-
-} // namespace Json
-
-#endif // JSON_FORWARDS_H_INCLUDED
diff --git a/ProvisioningTool/include/json/json.h b/ProvisioningTool/include/json/json.h
deleted file mode 100644
index 8f10ac2b..00000000
--- a/ProvisioningTool/include/json/json.h
+++ /dev/null
@@ -1,15 +0,0 @@
-// Copyright 2007-2010 Baptiste Lepilleur
-// Distributed under MIT license, or public domain if desired and
-// recognized in your jurisdiction.
-// See file LICENSE for detail or copy at http://jsoncpp.sourceforge.net/LICENSE
-
-#ifndef JSON_JSON_H_INCLUDED
-#define JSON_JSON_H_INCLUDED
-
-#include "autolink.h"
-#include "value.h"
-#include "reader.h"
-#include "writer.h"
-#include "features.h"
-
-#endif // JSON_JSON_H_INCLUDED
diff --git a/ProvisioningTool/include/json/reader.h b/ProvisioningTool/include/json/reader.h
deleted file mode 100644
index 9c9923a5..00000000
--- a/ProvisioningTool/include/json/reader.h
+++ /dev/null
@@ -1,360 +0,0 @@
-// Copyright 2007-2010 Baptiste Lepilleur
-// Distributed under MIT license, or public domain if desired and
-// recognized in your jurisdiction.
-// See file LICENSE for detail or copy at http://jsoncpp.sourceforge.net/LICENSE
-
-#ifndef CPPTL_JSON_READER_H_INCLUDED
-#define CPPTL_JSON_READER_H_INCLUDED
-
-#if !defined(JSON_IS_AMALGAMATION)
-#include "features.h"
-#include "value.h"
-#endif // if !defined(JSON_IS_AMALGAMATION)
-#include 
-#include 
-#include 
-#include 
-#include 
-
-// Disable warning C4251: :  needs to have dll-interface to
-// be used by...
-#if defined(JSONCPP_DISABLE_DLL_INTERFACE_WARNING)
-#pragma warning(push)
-#pragma warning(disable : 4251)
-#endif // if defined(JSONCPP_DISABLE_DLL_INTERFACE_WARNING)
-
-namespace Json {
-
-/** \brief Unserialize a     JSON document into a
- *Value.
- *
- * \deprecated Use CharReader and CharReaderBuilder.
- */
-class JSON_API Reader {
-public:
-  typedef char Char;
-  typedef const Char* Location;
-
-  /** \brief Constructs a Reader allowing all features
-   * for parsing.
-   */
-  Reader();
-
-  /** \brief Constructs a Reader allowing the specified feature set
-   * for parsing.
-   */
-  Reader(const Features& features);
-
-  /** \brief Read a Value from a JSON
-   * document.
-   * \param document UTF-8 encoded string containing the document to read.
-   * \param root [out] Contains the root value of the document if it was
-   *             successfully parsed.
-   * \param collectComments \c true to collect comment and allow writing them
-   * back during
-   *                        serialization, \c false to discard comments.
-   *                        This parameter is ignored if
-   * Features::allowComments_
-   *                        is \c false.
-   * \return \c true if the document was successfully parsed, \c false if an
-   * error occurred.
-   */
-  bool
-  parse(const std::string& document, Value& root, bool collectComments = true);
-
-  /** \brief Read a Value from a JSON
-   document.
-   * \param beginDoc Pointer on the beginning of the UTF-8 encoded string of the
-   document to read.
-   * \param endDoc Pointer on the end of the UTF-8 encoded string of the
-   document to read.
-   *               Must be >= beginDoc.
-   * \param root [out] Contains the root value of the document if it was
-   *             successfully parsed.
-   * \param collectComments \c true to collect comment and allow writing them
-   back during
-   *                        serialization, \c false to discard comments.
-   *                        This parameter is ignored if
-   Features::allowComments_
-   *                        is \c false.
-   * \return \c true if the document was successfully parsed, \c false if an
-   error occurred.
-   */
-  bool parse(const char* beginDoc,
-             const char* endDoc,
-             Value& root,
-             bool collectComments = true);
-
-  /// \brief Parse from input stream.
-  /// \see Json::operator>>(std::istream&, Json::Value&).
-  bool parse(std::istream& is, Value& root, bool collectComments = true);
-
-  /** \brief Returns a user friendly string that list errors in the parsed
-   * document.
-   * \return Formatted error message with the list of errors with their location
-   * in
-   *         the parsed document. An empty string is returned if no error
-   * occurred
-   *         during parsing.
-   * \deprecated Use getFormattedErrorMessages() instead (typo fix).
-   */
-  JSONCPP_DEPRECATED("Use getFormattedErrorMessages() instead.")
-  std::string getFormatedErrorMessages() const;
-
-  /** \brief Returns a user friendly string that list errors in the parsed
-   * document.
-   * \return Formatted error message with the list of errors with their location
-   * in
-   *         the parsed document. An empty string is returned if no error
-   * occurred
-   *         during parsing.
-   */
-  std::string getFormattedErrorMessages() const;
-
-private:
-  enum TokenType {
-    tokenEndOfStream = 0,
-    tokenObjectBegin,
-    tokenObjectEnd,
-    tokenArrayBegin,
-    tokenArrayEnd,
-    tokenString,
-    tokenNumber,
-    tokenTrue,
-    tokenFalse,
-    tokenNull,
-    tokenArraySeparator,
-    tokenMemberSeparator,
-    tokenComment,
-    tokenError
-  };
-
-  class Token {
-  public:
-    TokenType type_;
-    Location start_;
-    Location end_;
-  };
-
-  class ErrorInfo {
-  public:
-    Token token_;
-    std::string message_;
-    Location extra_;
-  };
-
-  typedef std::deque Errors;
-
-  bool readToken(Token& token);
-  void skipSpaces();
-  bool match(Location pattern, int patternLength);
-  bool readComment();
-  bool readCStyleComment();
-  bool readCppStyleComment();
-  bool readString();
-  void readNumber();
-  bool readValue();
-  bool readObject(Token& token);
-  bool readArray(Token& token);
-  bool decodeNumber(Token& token);
-  bool decodeNumber(Token& token, Value& decoded);
-  bool decodeString(Token& token);
-  bool decodeString(Token& token, std::string& decoded);
-  bool decodeDouble(Token& token);
-  bool decodeDouble(Token& token, Value& decoded);
-  bool decodeUnicodeCodePoint(Token& token,
-                              Location& current,
-                              Location end,
-                              unsigned int& unicode);
-  bool decodeUnicodeEscapeSequence(Token& token,
-                                   Location& current,
-                                   Location end,
-                                   unsigned int& unicode);
-  bool addError(const std::string& message, Token& token, Location extra = 0);
-  bool recoverFromError(TokenType skipUntilToken);
-  bool addErrorAndRecover(const std::string& message,
-                          Token& token,
-                          TokenType skipUntilToken);
-  void skipUntilSpace();
-  Value& currentValue();
-  Char getNextChar();
-  void
-  getLocationLineAndColumn(Location location, int& line, int& column) const;
-  std::string getLocationLineAndColumn(Location location) const;
-  void addComment(Location begin, Location end, CommentPlacement placement);
-  void skipCommentTokens(Token& token);
-
-  typedef std::stack Nodes;
-  Nodes nodes_;
-  Errors errors_;
-  std::string document_;
-  Location begin_;
-  Location end_;
-  Location current_;
-  Location lastValueEnd_;
-  Value* lastValue_;
-  std::string commentsBefore_;
-  Features features_;
-  bool collectComments_;
-};  // Reader
-
-/** Interface for reading JSON from a char array.
- */
-class JSON_API CharReader {
-public:
-  virtual ~CharReader() {}
-  /** \brief Read a Value from a JSON
-   document.
-   * The document must be a UTF-8 encoded string containing the document to read.
-   *
-   * \param beginDoc Pointer on the beginning of the UTF-8 encoded string of the
-   document to read.
-   * \param endDoc Pointer on the end of the UTF-8 encoded string of the
-   document to read.
-   *        Must be >= beginDoc.
-   * \param root [out] Contains the root value of the document if it was
-   *             successfully parsed.
-   * \param errs [out] Formatted error messages (if not NULL)
-   *        a user friendly string that lists errors in the parsed
-   * document.
-   * \return \c true if the document was successfully parsed, \c false if an
-   error occurred.
-   */
-  virtual bool parse(
-      char const* beginDoc, char const* endDoc,
-      Value* root, std::string* errs) = 0;
-
-  class Factory {
-  public:
-    virtual ~Factory() {}
-    /** \brief Allocate a CharReader via operator new().
-     * \throw std::exception if something goes wrong (e.g. invalid settings)
-     */
-    virtual CharReader* newCharReader() const = 0;
-  };  // Factory
-};  // CharReader
-
-/** \brief Build a CharReader implementation.
-
-Usage:
-\code
-  using namespace Json;
-  CharReaderBuilder builder;
-  builder["collectComments"] = false;
-  Value value;
-  std::string errs;
-  bool ok = parseFromStream(builder, std::cin, &value, &errs);
-\endcode
-*/
-class JSON_API CharReaderBuilder : public CharReader::Factory {
-public:
-  // Note: We use a Json::Value so that we can add data-members to this class
-  // without a major version bump.
-  /** Configuration of this builder.
-    These are case-sensitive.
-    Available settings (case-sensitive):
-    - `"collectComments": false or true`
-      - true to collect comment and allow writing them
-        back during serialization, false to discard comments.
-        This parameter is ignored if allowComments is false.
-    - `"allowComments": false or true`
-      - true if comments are allowed.
-    - `"strictRoot": false or true`
-      - true if root must be either an array or an object value
-    - `"allowDroppedNullPlaceholders": false or true`
-      - true if dropped null placeholders are allowed. (See StreamWriterBuilder.)
-    - `"allowNumericKeys": false or true`
-      - true if numeric object keys are allowed.
-    - `"allowSingleQuotes": false or true`
-      - true if '' are allowed for strings (both keys and values)
-    - `"stackLimit": integer`
-      - Exceeding stackLimit (recursive depth of `readValue()`) will
-        cause an exception.
-      - This is a security issue (seg-faults caused by deeply nested JSON),
-        so the default is low.
-    - `"failIfExtra": false or true`
-      - If true, `parse()` returns false when extra non-whitespace trails
-        the JSON value in the input string.
-    - `"rejectDupKeys": false or true`
-      - If true, `parse()` returns false when a key is duplicated within an object.
-    - `"allowSpecialFloats": false or true`
-      - If true, special float values (NaNs and infinities) are allowed 
-        and their values are lossfree restorable.
-
-    You can examine 'settings_` yourself
-    to see the defaults. You can also write and read them just like any
-    JSON Value.
-    \sa setDefaults()
-    */
-  Json::Value settings_;
-
-  CharReaderBuilder();
-  virtual ~CharReaderBuilder();
-
-  virtual CharReader* newCharReader() const;
-
-  /** \return true if 'settings' are legal and consistent;
-   *   otherwise, indicate bad settings via 'invalid'.
-   */
-  bool validate(Json::Value* invalid) const;
-
-  /** A simple way to update a specific setting.
-   */
-  Value& operator[](std::string key);
-
-  /** Called by ctor, but you can use this to reset settings_.
-   * \pre 'settings' != NULL (but Json::null is fine)
-   * \remark Defaults:
-   * \snippet src/lib_json/json_reader.cpp CharReaderBuilderDefaults
-   */
-  static void setDefaults(Json::Value* settings);
-  /** Same as old Features::strictMode().
-   * \pre 'settings' != NULL (but Json::null is fine)
-   * \remark Defaults:
-   * \snippet src/lib_json/json_reader.cpp CharReaderBuilderStrictMode
-   */
-  static void strictMode(Json::Value* settings);
-};
-
-/** Consume entire stream and use its begin/end.
-  * Someday we might have a real StreamReader, but for now this
-  * is convenient.
-  */
-bool JSON_API parseFromStream(
-    CharReader::Factory const&,
-    std::istream&,
-    Value* root, std::string* errs);
-
-/** \brief Read from 'sin' into 'root'.
-
- Always keep comments from the input JSON.
-
- This can be used to read a file into a particular sub-object.
- For example:
- \code
- Json::Value root;
- cin >> root["dir"]["file"];
- cout << root;
- \endcode
- Result:
- \verbatim
- {
- "dir": {
-     "file": {
-     // The input stream JSON would be nested here.
-     }
- }
- }
- \endverbatim
- \throw std::exception on parse error.
- \see Json::operator<<()
-*/
-JSON_API std::istream& operator>>(std::istream&, Value&);
-
-} // namespace Json
-
-#if defined(JSONCPP_DISABLE_DLL_INTERFACE_WARNING)
-#pragma warning(pop)
-#endif // if defined(JSONCPP_DISABLE_DLL_INTERFACE_WARNING)
-
-#endif // CPPTL_JSON_READER_H_INCLUDED
diff --git a/ProvisioningTool/include/json/value.h b/ProvisioningTool/include/json/value.h
deleted file mode 100644
index 66433f88..00000000
--- a/ProvisioningTool/include/json/value.h
+++ /dev/null
@@ -1,850 +0,0 @@
-// Copyright 2007-2010 Baptiste Lepilleur
-// Distributed under MIT license, or public domain if desired and
-// recognized in your jurisdiction.
-// See file LICENSE for detail or copy at http://jsoncpp.sourceforge.net/LICENSE
-
-#ifndef CPPTL_JSON_H_INCLUDED
-#define CPPTL_JSON_H_INCLUDED
-
-#if !defined(JSON_IS_AMALGAMATION)
-#include "forwards.h"
-#endif // if !defined(JSON_IS_AMALGAMATION)
-#include 
-#include 
-#include 
-
-#ifndef JSON_USE_CPPTL_SMALLMAP
-#include 
-#else
-#include 
-#endif
-#ifdef JSON_USE_CPPTL
-#include 
-#endif
-
-// Disable warning C4251: :  needs to have dll-interface to
-// be used by...
-#if defined(JSONCPP_DISABLE_DLL_INTERFACE_WARNING)
-#pragma warning(push)
-#pragma warning(disable : 4251)
-#endif // if defined(JSONCPP_DISABLE_DLL_INTERFACE_WARNING)
-
-//Conditional NORETURN attribute on the throw functions would:
-// a) suppress false positives from static code analysis 
-// b) possibly improve optimization opportunities.
-#if !defined(JSONCPP_NORETURN)
-#  if defined(_MSC_VER)
-#    define JSONCPP_NORETURN __declspec(noreturn)
-#  elif defined(__GNUC__)
-#    define JSONCPP_NORETURN __attribute__ ((__noreturn__))
-#  else
-#    define JSONCPP_NORETURN
-#  endif
-#endif
-
-/** \brief JSON (JavaScript Object Notation).
- */
-namespace Json {
-
-/** Base class for all exceptions we throw.
- *
- * We use nothing but these internally. Of course, STL can throw others.
- */
-class JSON_API Exception : public std::exception {
-public:
-  Exception(std::string const& msg);
-  virtual ~Exception() throw();
-  virtual char const* what() const throw();
-protected:
-  std::string const msg_;
-};
-
-/** Exceptions which the user cannot easily avoid.
- *
- * E.g. out-of-memory (when we use malloc), stack-overflow, malicious input
- * 
- * \remark derived from Json::Exception
- */
-class JSON_API RuntimeError : public Exception {
-public:
-  RuntimeError(std::string const& msg);
-};
-
-/** Exceptions thrown by JSON_ASSERT/JSON_FAIL macros.
- *
- * These are precondition-violations (user bugs) and internal errors (our bugs).
- * 
- * \remark derived from Json::Exception
- */
-class JSON_API LogicError : public Exception {
-public:
-  LogicError(std::string const& msg);
-};
-
-/// used internally
-JSONCPP_NORETURN void throwRuntimeError(std::string const& msg);
-/// used internally
-JSONCPP_NORETURN void throwLogicError(std::string const& msg);
-
-/** \brief Type of the value held by a Value object.
- */
-enum ValueType {
-  nullValue = 0, ///< 'null' value
-  intValue,      ///< signed integer value
-  uintValue,     ///< unsigned integer value
-  realValue,     ///< double value
-  stringValue,   ///< UTF-8 string value
-  booleanValue,  ///< bool value
-  arrayValue,    ///< array value (ordered list)
-  objectValue    ///< object value (collection of name/value pairs).
-};
-
-enum CommentPlacement {
-  commentBefore = 0,      ///< a comment placed on the line before a value
-  commentAfterOnSameLine, ///< a comment just after a value on the same line
-  commentAfter, ///< a comment on the line after a value (only make sense for
-  /// root value)
-  numberOfCommentPlacement
-};
-
-//# ifdef JSON_USE_CPPTL
-//   typedef CppTL::AnyEnumerator EnumMemberNames;
-//   typedef CppTL::AnyEnumerator EnumValues;
-//# endif
-
-/** \brief Lightweight wrapper to tag static string.
- *
- * Value constructor and objectValue member assignement takes advantage of the
- * StaticString and avoid the cost of string duplication when storing the
- * string or the member name.
- *
- * Example of usage:
- * \code
- * Json::Value aValue( StaticString("some text") );
- * Json::Value object;
- * static const StaticString code("code");
- * object[code] = 1234;
- * \endcode
- */
-class JSON_API StaticString {
-public:
-  explicit StaticString(const char* czstring) : c_str_(czstring) {}
-
-  operator const char*() const { return c_str_; }
-
-  const char* c_str() const { return c_str_; }
-
-private:
-  const char* c_str_;
-};
-
-/** \brief Represents a JSON value.
- *
- * This class is a discriminated union wrapper that can represents a:
- * - signed integer [range: Value::minInt - Value::maxInt]
- * - unsigned integer (range: 0 - Value::maxUInt)
- * - double
- * - UTF-8 string
- * - boolean
- * - 'null'
- * - an ordered list of Value
- * - collection of name/value pairs (javascript object)
- *
- * The type of the held value is represented by a #ValueType and
- * can be obtained using type().
- *
- * Values of an #objectValue or #arrayValue can be accessed using operator[]()
- * methods.
- * Non-const methods will automatically create the a #nullValue element
- * if it does not exist.
- * The sequence of an #arrayValue will be automatically resized and initialized
- * with #nullValue. resize() can be used to enlarge or truncate an #arrayValue.
- *
- * The get() methods can be used to obtain default value in the case the
- * required element does not exist.
- *
- * It is possible to iterate over the list of a #objectValue values using
- * the getMemberNames() method.
- *
- * \note #Value string-length fit in size_t, but keys must be < 2^30.
- * (The reason is an implementation detail.) A #CharReader will raise an
- * exception if a bound is exceeded to avoid security holes in your app,
- * but the Value API does *not* check bounds. That is the responsibility
- * of the caller.
- */
-class JSON_API Value {
-  friend class ValueIteratorBase;
-public:
-  typedef std::vector Members;
-  typedef ValueIterator iterator;
-  typedef ValueConstIterator const_iterator;
-  typedef Json::UInt UInt;
-  typedef Json::Int Int;
-#if defined(JSON_HAS_INT64)
-  typedef Json::UInt64 UInt64;
-  typedef Json::Int64 Int64;
-#endif // defined(JSON_HAS_INT64)
-  typedef Json::LargestInt LargestInt;
-  typedef Json::LargestUInt LargestUInt;
-  typedef Json::ArrayIndex ArrayIndex;
-
-  static const Value& nullRef;
-#if !defined(__ARMEL__)
-  /// \deprecated This exists for binary compatibility only. Use nullRef.
-  static const Value null;
-#endif
-  /// Minimum signed integer value that can be stored in a Json::Value.
-  static const LargestInt minLargestInt;
-  /// Maximum signed integer value that can be stored in a Json::Value.
-  static const LargestInt maxLargestInt;
-  /// Maximum unsigned integer value that can be stored in a Json::Value.
-  static const LargestUInt maxLargestUInt;
-
-  /// Minimum signed int value that can be stored in a Json::Value.
-  static const Int minInt;
-  /// Maximum signed int value that can be stored in a Json::Value.
-  static const Int maxInt;
-  /// Maximum unsigned int value that can be stored in a Json::Value.
-  static const UInt maxUInt;
-
-#if defined(JSON_HAS_INT64)
-  /// Minimum signed 64 bits int value that can be stored in a Json::Value.
-  static const Int64 minInt64;
-  /// Maximum signed 64 bits int value that can be stored in a Json::Value.
-  static const Int64 maxInt64;
-  /// Maximum unsigned 64 bits int value that can be stored in a Json::Value.
-  static const UInt64 maxUInt64;
-#endif // defined(JSON_HAS_INT64)
-
-//MW: workaround for bug in NVIDIAs CUDA 7.5 nvcc compiler
-#ifdef  __NVCC__
-public:
-#else
-private:
-#endif //__NVCC__
-#ifndef JSONCPP_DOC_EXCLUDE_IMPLEMENTATION
-  class CZString {
-  public:
-    enum DuplicationPolicy {
-      noDuplication = 0,
-      duplicate,
-      duplicateOnCopy
-    };
-    CZString(ArrayIndex index);
-    CZString(char const* str, unsigned length, DuplicationPolicy allocate);
-    CZString(CZString const& other);
-    ~CZString();
-    CZString& operator=(CZString other);
-    bool operator<(CZString const& other) const;
-    bool operator==(CZString const& other) const;
-    ArrayIndex index() const;
-    //const char* c_str() const; ///< \deprecated
-    char const* data() const;
-    unsigned length() const;
-    bool isStaticString() const;
-
-  private:
-    void swap(CZString& other);
-
-    struct StringStorage {
-      unsigned policy_: 2;
-      unsigned length_: 30; // 1GB max
-    };
-
-    char const* cstr_;  // actually, a prefixed string, unless policy is noDup
-    union {
-      ArrayIndex index_;
-      StringStorage storage_;
-    };
-  };
-
-public:
-#ifndef JSON_USE_CPPTL_SMALLMAP
-  typedef std::map ObjectValues;
-#else
-  typedef CppTL::SmallMap ObjectValues;
-#endif // ifndef JSON_USE_CPPTL_SMALLMAP
-#endif // ifndef JSONCPP_DOC_EXCLUDE_IMPLEMENTATION
-
-public:
-  /** \brief Create a default Value of the given type.
-
-    This is a very useful constructor.
-    To create an empty array, pass arrayValue.
-    To create an empty object, pass objectValue.
-    Another Value can then be set to this one by assignment.
-This is useful since clear() and resize() will not alter types.
-
-    Examples:
-\code
-Json::Value null_value; // null
-Json::Value arr_value(Json::arrayValue); // []
-Json::Value obj_value(Json::objectValue); // {}
-\endcode
-  */
-  Value(ValueType type = nullValue);
-  Value(Int value);
-  Value(UInt value);
-#if defined(JSON_HAS_INT64)
-  Value(Int64 value);
-  Value(UInt64 value);
-#endif // if defined(JSON_HAS_INT64)
-  Value(double value);
-  Value(const char* value); ///< Copy til first 0. (NULL causes to seg-fault.)
-  Value(const char* begin, const char* end); ///< Copy all, incl zeroes.
-  /** \brief Constructs a value from a static string.
-
-   * Like other value string constructor but do not duplicate the string for
-   * internal storage. The given string must remain alive after the call to this
-   * constructor.
-   * \note This works only for null-terminated strings. (We cannot change the
-   *   size of this class, so we have nowhere to store the length,
-   *   which might be computed later for various operations.)
-   *
-   * Example of usage:
-   * \code
-   * static StaticString foo("some text");
-   * Json::Value aValue(foo);
-   * \endcode
-   */
-  Value(const StaticString& value);
-  Value(const std::string& value); ///< Copy data() til size(). Embedded zeroes too.
-#ifdef JSON_USE_CPPTL
-  Value(const CppTL::ConstString& value);
-#endif
-  Value(bool value);
-  /// Deep copy.
-  Value(const Value& other);
-  ~Value();
-
-  /// Deep copy, then swap(other).
-  /// \note Over-write existing comments. To preserve comments, use #swapPayload().
-  Value &operator=(const Value &other);
-  /// Swap everything.
-  void swap(Value& other);
-  /// Swap values but leave comments and source offsets in place.
-  void swapPayload(Value& other);
-
-  ValueType type() const;
-
-  /// Compare payload only, not comments etc.
-  bool operator<(const Value& other) const;
-  bool operator<=(const Value& other) const;
-  bool operator>=(const Value& other) const;
-  bool operator>(const Value& other) const;
-  bool operator==(const Value& other) const;
-  bool operator!=(const Value& other) const;
-  int compare(const Value& other) const;
-
-  const char* asCString() const; ///< Embedded zeroes could cause you trouble!
-  std::string asString() const; ///< Embedded zeroes are possible.
-  /** Get raw char* of string-value.
-   *  \return false if !string. (Seg-fault if str or end are NULL.)
-   */
-  bool getString(
-      char const** begin, char const** end) const;
-#ifdef JSON_USE_CPPTL
-  CppTL::ConstString asConstString() const;
-#endif
-  Int asInt() const;
-  UInt asUInt() const;
-#if defined(JSON_HAS_INT64)
-  Int64 asInt64() const;
-  UInt64 asUInt64() const;
-#endif // if defined(JSON_HAS_INT64)
-  LargestInt asLargestInt() const;
-  LargestUInt asLargestUInt() const;
-  float asFloat() const;
-  double asDouble() const;
-  bool asBool() const;
-
-  bool isNull() const;
-  bool isBool() const;
-  bool isInt() const;
-  bool isInt64() const;
-  bool isUInt() const;
-  bool isUInt64() const;
-  bool isIntegral() const;
-  bool isDouble() const;
-  bool isNumeric() const;
-  bool isString() const;
-  bool isArray() const;
-  bool isObject() const;
-
-  bool isConvertibleTo(ValueType other) const;
-
-  /// Number of values in array or object
-  ArrayIndex size() const;
-
-  /// \brief Return true if empty array, empty object, or null;
-  /// otherwise, false.
-  bool empty() const;
-
-  /// Return isNull()
-  bool operator!() const;
-
-  /// Remove all object members and array elements.
-  /// \pre type() is arrayValue, objectValue, or nullValue
-  /// \post type() is unchanged
-  void clear();
-
-  /// Resize the array to size elements.
-  /// New elements are initialized to null.
-  /// May only be called on nullValue or arrayValue.
-  /// \pre type() is arrayValue or nullValue
-  /// \post type() is arrayValue
-  void resize(ArrayIndex size);
-
-  /// Access an array element (zero based index ).
-  /// If the array contains less than index element, then null value are
-  /// inserted
-  /// in the array so that its size is index+1.
-  /// (You may need to say 'value[0u]' to get your compiler to distinguish
-  ///  this from the operator[] which takes a string.)
-  Value& operator[](ArrayIndex index);
-
-  /// Access an array element (zero based index ).
-  /// If the array contains less than index element, then null value are
-  /// inserted
-  /// in the array so that its size is index+1.
-  /// (You may need to say 'value[0u]' to get your compiler to distinguish
-  ///  this from the operator[] which takes a string.)
-  Value& operator[](int index);
-
-  /// Access an array element (zero based index )
-  /// (You may need to say 'value[0u]' to get your compiler to distinguish
-  ///  this from the operator[] which takes a string.)
-  const Value& operator[](ArrayIndex index) const;
-
-  /// Access an array element (zero based index )
-  /// (You may need to say 'value[0u]' to get your compiler to distinguish
-  ///  this from the operator[] which takes a string.)
-  const Value& operator[](int index) const;
-
-  /// If the array contains at least index+1 elements, returns the element
-  /// value,
-  /// otherwise returns defaultValue.
-  Value get(ArrayIndex index, const Value& defaultValue) const;
-  /// Return true if index < size().
-  bool isValidIndex(ArrayIndex index) const;
-  /// \brief Append value to array at the end.
-  ///
-  /// Equivalent to jsonvalue[jsonvalue.size()] = value;
-  Value& append(const Value& value);
-
-  /// Access an object value by name, create a null member if it does not exist.
-  /// \note Because of our implementation, keys are limited to 2^30 -1 chars.
-  ///  Exceeding that will cause an exception.
-  Value& operator[](const char* key);
-  /// Access an object value by name, returns null if there is no member with
-  /// that name.
-  const Value& operator[](const char* key) const;
-  /// Access an object value by name, create a null member if it does not exist.
-  /// \param key may contain embedded nulls.
-  Value& operator[](const std::string& key);
-  /// Access an object value by name, returns null if there is no member with
-  /// that name.
-  /// \param key may contain embedded nulls.
-  const Value& operator[](const std::string& key) const;
-  /** \brief Access an object value by name, create a null member if it does not
-   exist.
-
-   * If the object has no entry for that name, then the member name used to store
-   * the new entry is not duplicated.
-   * Example of use:
-   * \code
-   * Json::Value object;
-   * static const StaticString code("code");
-   * object[code] = 1234;
-   * \endcode
-   */
-  Value& operator[](const StaticString& key);
-#ifdef JSON_USE_CPPTL
-  /// Access an object value by name, create a null member if it does not exist.
-  Value& operator[](const CppTL::ConstString& key);
-  /// Access an object value by name, returns null if there is no member with
-  /// that name.
-  const Value& operator[](const CppTL::ConstString& key) const;
-#endif
-  /// Return the member named key if it exist, defaultValue otherwise.
-  /// \note deep copy
-  Value get(const char* key, const Value& defaultValue) const;
-  /// Return the member named key if it exist, defaultValue otherwise.
-  /// \note deep copy
-  /// \note key may contain embedded nulls.
-  Value get(const char* begin, const char* end, const Value& defaultValue) const;
-  /// Return the member named key if it exist, defaultValue otherwise.
-  /// \note deep copy
-  /// \param key may contain embedded nulls.
-  Value get(const std::string& key, const Value& defaultValue) const;
-#ifdef JSON_USE_CPPTL
-  /// Return the member named key if it exist, defaultValue otherwise.
-  /// \note deep copy
-  Value get(const CppTL::ConstString& key, const Value& defaultValue) const;
-#endif
-  /// Most general and efficient version of isMember()const, get()const,
-  /// and operator[]const
-  /// \note As stated elsewhere, behavior is undefined if (end-begin) >= 2^30
-  Value const* find(char const* begin, char const* end) const;
-  /// Most general and efficient version of object-mutators.
-  /// \note As stated elsewhere, behavior is undefined if (end-begin) >= 2^30
-  /// \return non-zero, but JSON_ASSERT if this is neither object nor nullValue.
-  Value const* demand(char const* begin, char const* end);
-  /// \brief Remove and return the named member.
-  ///
-  /// Do nothing if it did not exist.
-  /// \return the removed Value, or null.
-  /// \pre type() is objectValue or nullValue
-  /// \post type() is unchanged
-  /// \deprecated
-  Value removeMember(const char* key);
-  /// Same as removeMember(const char*)
-  /// \param key may contain embedded nulls.
-  /// \deprecated
-  Value removeMember(const std::string& key);
-  /// Same as removeMember(const char* begin, const char* end, Value* removed),
-  /// but 'key' is null-terminated.
-  bool removeMember(const char* key, Value* removed);
-  /** \brief Remove the named map member.
-
-      Update 'removed' iff removed.
-      \param key may contain embedded nulls.
-      \return true iff removed (no exceptions)
-  */
-  bool removeMember(std::string const& key, Value* removed);
-  /// Same as removeMember(std::string const& key, Value* removed)
-  bool removeMember(const char* begin, const char* end, Value* removed);
-  /** \brief Remove the indexed array element.
-
-      O(n) expensive operations.
-      Update 'removed' iff removed.
-      \return true iff removed (no exceptions)
-  */
-  bool removeIndex(ArrayIndex i, Value* removed);
-
-  /// Return true if the object has a member named key.
-  /// \note 'key' must be null-terminated.
-  bool isMember(const char* key) const;
-  /// Return true if the object has a member named key.
-  /// \param key may contain embedded nulls.
-  bool isMember(const std::string& key) const;
-  /// Same as isMember(std::string const& key)const
-  bool isMember(const char* begin, const char* end) const;
-#ifdef JSON_USE_CPPTL
-  /// Return true if the object has a member named key.
-  bool isMember(const CppTL::ConstString& key) const;
-#endif
-
-  /// \brief Return a list of the member names.
-  ///
-  /// If null, return an empty list.
-  /// \pre type() is objectValue or nullValue
-  /// \post if type() was nullValue, it remains nullValue
-  Members getMemberNames() const;
-
-  //# ifdef JSON_USE_CPPTL
-  //      EnumMemberNames enumMemberNames() const;
-  //      EnumValues enumValues() const;
-  //# endif
-
-  /// \deprecated Always pass len.
-  JSONCPP_DEPRECATED("Use setComment(std::string const&) instead.")
-  void setComment(const char* comment, CommentPlacement placement);
-  /// Comments must be //... or /* ... */
-  void setComment(const char* comment, size_t len, CommentPlacement placement);
-  /// Comments must be //... or /* ... */
-  void setComment(const std::string& comment, CommentPlacement placement);
-  bool hasComment(CommentPlacement placement) const;
-  /// Include delimiters and embedded newlines.
-  std::string getComment(CommentPlacement placement) const;
-
-  std::string toStyledString() const;
-
-  const_iterator begin() const;
-  const_iterator end() const;
-
-  iterator begin();
-  iterator end();
-
-private:
-  void initBasic(ValueType type, bool allocated = false);
-
-  Value& resolveReference(const char* key);
-  Value& resolveReference(const char* key, const char* end);
-
-  struct CommentInfo {
-    CommentInfo();
-    ~CommentInfo();
-
-    void setComment(const char* text, size_t len);
-
-    char* comment_;
-  };
-
-  // struct MemberNamesTransform
-  //{
-  //   typedef const char *result_type;
-  //   const char *operator()( const CZString &name ) const
-  //   {
-  //      return name.c_str();
-  //   }
-  //};
-
-  union ValueHolder {
-    LargestInt int_;
-    LargestUInt uint_;
-    double real_;
-    bool bool_;
-    char* string_;  // actually ptr to unsigned, followed by str, unless !allocated_
-    ObjectValues* map_;
-  } value_;
-  ValueType type_ : 8;
-  unsigned int allocated_ : 1; // Notes: if declared as bool, bitfield is useless.
-                               // If not allocated_, string_ must be null-terminated.
-  CommentInfo* comments_;
-};
-
-/** \brief Experimental and untested: represents an element of the "path" to
- * access a node.
- */
-class JSON_API PathArgument {
-public:
-  friend class Path;
-
-  PathArgument();
-  PathArgument(ArrayIndex index);
-  PathArgument(const char* key);
-  PathArgument(const std::string& key);
-
-private:
-  enum Kind {
-    kindNone = 0,
-    kindIndex,
-    kindKey
-  };
-  std::string key_;
-  ArrayIndex index_;
-  Kind kind_;
-};
-
-/** \brief Experimental and untested: represents a "path" to access a node.
- *
- * Syntax:
- * - "." => root node
- * - ".[n]" => elements at index 'n' of root node (an array value)
- * - ".name" => member named 'name' of root node (an object value)
- * - ".name1.name2.name3"
- * - ".[0][1][2].name1[3]"
- * - ".%" => member name is provided as parameter
- * - ".[%]" => index is provied as parameter
- */
-class JSON_API Path {
-public:
-  Path(const std::string& path,
-       const PathArgument& a1 = PathArgument(),
-       const PathArgument& a2 = PathArgument(),
-       const PathArgument& a3 = PathArgument(),
-       const PathArgument& a4 = PathArgument(),
-       const PathArgument& a5 = PathArgument());
-
-  const Value& resolve(const Value& root) const;
-  Value resolve(const Value& root, const Value& defaultValue) const;
-  /// Creates the "path" to access the specified node and returns a reference on
-  /// the node.
-  Value& make(Value& root) const;
-
-private:
-  typedef std::vector InArgs;
-  typedef std::vector Args;
-
-  void makePath(const std::string& path, const InArgs& in);
-  void addPathInArg(const std::string& path,
-                    const InArgs& in,
-                    InArgs::const_iterator& itInArg,
-                    PathArgument::Kind kind);
-  void invalidPath(const std::string& path, int location);
-
-  Args args_;
-};
-
-/** \brief base class for Value iterators.
- *
- */
-class JSON_API ValueIteratorBase {
-public:
-  typedef std::bidirectional_iterator_tag iterator_category;
-  typedef unsigned int size_t;
-  typedef int difference_type;
-  typedef ValueIteratorBase SelfType;
-
-  bool operator==(const SelfType& other) const { return isEqual(other); }
-
-  bool operator!=(const SelfType& other) const { return !isEqual(other); }
-
-  difference_type operator-(const SelfType& other) const {
-    return other.computeDistance(*this);
-  }
-
-  /// Return either the index or the member name of the referenced value as a
-  /// Value.
-  Value key() const;
-
-  /// Return the index of the referenced Value, or -1 if it is not an arrayValue.
-  UInt index() const;
-
-  /// Return the member name of the referenced Value, or "" if it is not an
-  /// objectValue.
-  /// \note Avoid `c_str()` on result, as embedded zeroes are possible.
-  std::string name() const;
-
-  /// Return the member name of the referenced Value. "" if it is not an
-  /// objectValue.
-  /// \deprecated This cannot be used for UTF-8 strings, since there can be embedded nulls.
-  JSONCPP_DEPRECATED("Use `key = name();` instead.")
-  char const* memberName() const;
-  /// Return the member name of the referenced Value, or NULL if it is not an
-  /// objectValue.
-  /// \note Better version than memberName(). Allows embedded nulls.
-  char const* memberName(char const** end) const;
-
-protected:
-  Value& deref() const;
-
-  void increment();
-
-  void decrement();
-
-  difference_type computeDistance(const SelfType& other) const;
-
-  bool isEqual(const SelfType& other) const;
-
-  void copy(const SelfType& other);
-
-private:
-  Value::ObjectValues::iterator current_;
-  // Indicates that iterator is for a null value.
-  bool isNull_;
-
-public:
-  // For some reason, BORLAND needs these at the end, rather
-  // than earlier. No idea why.
-  ValueIteratorBase();
-  explicit ValueIteratorBase(const Value::ObjectValues::iterator& current);
-};
-
-/** \brief const iterator for object and array value.
- *
- */
-class JSON_API ValueConstIterator : public ValueIteratorBase {
-  friend class Value;
-
-public:
-  typedef const Value value_type;
-  //typedef unsigned int size_t;
-  //typedef int difference_type;
-  typedef const Value& reference;
-  typedef const Value* pointer;
-  typedef ValueConstIterator SelfType;
-
-  ValueConstIterator();
-
-private:
-/*! \internal Use by Value to create an iterator.
- */
-  explicit ValueConstIterator(const Value::ObjectValues::iterator& current);
-public:
-  SelfType& operator=(const ValueIteratorBase& other);
-
-  SelfType operator++(int) {
-    SelfType temp(*this);
-    ++*this;
-    return temp;
-  }
-
-  SelfType operator--(int) {
-    SelfType temp(*this);
-    --*this;
-    return temp;
-  }
-
-  SelfType& operator--() {
-    decrement();
-    return *this;
-  }
-
-  SelfType& operator++() {
-    increment();
-    return *this;
-  }
-
-  reference operator*() const { return deref(); }
-
-  pointer operator->() const { return &deref(); }
-};
-
-/** \brief Iterator for object and array value.
- */
-class JSON_API ValueIterator : public ValueIteratorBase {
-  friend class Value;
-
-public:
-  typedef Value value_type;
-  typedef unsigned int size_t;
-  typedef int difference_type;
-  typedef Value& reference;
-  typedef Value* pointer;
-  typedef ValueIterator SelfType;
-
-  ValueIterator();
-  ValueIterator(const ValueConstIterator& other);
-  ValueIterator(const ValueIterator& other);
-
-private:
-/*! \internal Use by Value to create an iterator.
- */
-  explicit ValueIterator(const Value::ObjectValues::iterator& current);
-public:
-  SelfType& operator=(const SelfType& other);
-
-  SelfType operator++(int) {
-    SelfType temp(*this);
-    ++*this;
-    return temp;
-  }
-
-  SelfType operator--(int) {
-    SelfType temp(*this);
-    --*this;
-    return temp;
-  }
-
-  SelfType& operator--() {
-    decrement();
-    return *this;
-  }
-
-  SelfType& operator++() {
-    increment();
-    return *this;
-  }
-
-  reference operator*() const { return deref(); }
-
-  pointer operator->() const { return &deref(); }
-};
-
-} // namespace Json
-
-
-namespace std {
-/// Specialize std::swap() for Json::Value.
-template<>
-inline void swap(Json::Value& a, Json::Value& b) { a.swap(b); }
-}
-
-
-#if defined(JSONCPP_DISABLE_DLL_INTERFACE_WARNING)
-#pragma warning(pop)
-#endif // if defined(JSONCPP_DISABLE_DLL_INTERFACE_WARNING)
-
-#endif // CPPTL_JSON_H_INCLUDED
diff --git a/ProvisioningTool/include/json/version.h b/ProvisioningTool/include/json/version.h
deleted file mode 100644
index d0f3dcb0..00000000
--- a/ProvisioningTool/include/json/version.h
+++ /dev/null
@@ -1,13 +0,0 @@
-// DO NOT EDIT. This file (and "version") is generated by CMake.
-// Run CMake configure step to update it.
-#ifndef JSON_VERSION_H_INCLUDED
-# define JSON_VERSION_H_INCLUDED
-
-# define JSONCPP_VERSION_STRING "0.10.7"
-# define JSONCPP_VERSION_MAJOR 0
-# define JSONCPP_VERSION_MINOR 10
-# define JSONCPP_VERSION_PATCH 7
-# define JSONCPP_VERSION_QUALIFIER
-# define JSONCPP_VERSION_HEXA ((JSONCPP_VERSION_MAJOR << 24) | (JSONCPP_VERSION_MINOR << 16) | (JSONCPP_VERSION_PATCH << 8))
-
-#endif // JSON_VERSION_H_INCLUDED
diff --git a/ProvisioningTool/include/json/writer.h b/ProvisioningTool/include/json/writer.h
deleted file mode 100644
index a7fd11d2..00000000
--- a/ProvisioningTool/include/json/writer.h
+++ /dev/null
@@ -1,320 +0,0 @@
-// Copyright 2007-2010 Baptiste Lepilleur
-// Distributed under MIT license, or public domain if desired and
-// recognized in your jurisdiction.
-// See file LICENSE for detail or copy at http://jsoncpp.sourceforge.net/LICENSE
-
-#ifndef JSON_WRITER_H_INCLUDED
-#define JSON_WRITER_H_INCLUDED
-
-#if !defined(JSON_IS_AMALGAMATION)
-#include "value.h"
-#endif // if !defined(JSON_IS_AMALGAMATION)
-#include 
-#include 
-#include 
-
-// Disable warning C4251: :  needs to have dll-interface to
-// be used by...
-#if defined(JSONCPP_DISABLE_DLL_INTERFACE_WARNING)
-#pragma warning(push)
-#pragma warning(disable : 4251)
-#endif // if defined(JSONCPP_DISABLE_DLL_INTERFACE_WARNING)
-
-namespace Json {
-
-class Value;
-
-/**
-
-Usage:
-\code
-  using namespace Json;
-  void writeToStdout(StreamWriter::Factory const& factory, Value const& value) {
-    std::unique_ptr const writer(
-      factory.newStreamWriter());
-    writer->write(value, &std::cout);
-    std::cout << std::endl;  // add lf and flush
-  }
-\endcode
-*/
-class JSON_API StreamWriter {
-protected:
-  std::ostream* sout_;  // not owned; will not delete
-public:
-  StreamWriter();
-  virtual ~StreamWriter();
-  /** Write Value into document as configured in sub-class.
-      Do not take ownership of sout, but maintain a reference during function.
-      \pre sout != NULL
-      \return zero on success (For now, we always return zero, so check the stream instead.)
-      \throw std::exception possibly, depending on configuration
-   */
-  virtual int write(Value const& root, std::ostream* sout) = 0;
-
-  /** \brief A simple abstract factory.
-   */
-  class JSON_API Factory {
-  public:
-    virtual ~Factory();
-    /** \brief Allocate a CharReader via operator new().
-     * \throw std::exception if something goes wrong (e.g. invalid settings)
-     */
-    virtual StreamWriter* newStreamWriter() const = 0;
-  };  // Factory
-};  // StreamWriter
-
-/** \brief Write into stringstream, then return string, for convenience.
- * A StreamWriter will be created from the factory, used, and then deleted.
- */
-std::string JSON_API writeString(StreamWriter::Factory const& factory, Value const& root);
-
-
-/** \brief Build a StreamWriter implementation.
-
-Usage:
-\code
-  using namespace Json;
-  Value value = ...;
-  StreamWriterBuilder builder;
-  builder["commentStyle"] = "None";
-  builder["indentation"] = "   ";  // or whatever you like
-  std::unique_ptr writer(
-      builder.newStreamWriter());
-  writer->write(value, &std::cout);
-  std::cout << std::endl;  // add lf and flush
-\endcode
-*/
-class JSON_API StreamWriterBuilder : public StreamWriter::Factory {
-public:
-  // Note: We use a Json::Value so that we can add data-members to this class
-  // without a major version bump.
-  /** Configuration of this builder.
-    Available settings (case-sensitive):
-    - "commentStyle": "None" or "All"
-    - "indentation":  ""
-    - "enableYAMLCompatibility": false or true
-      - slightly change the whitespace around colons
-    - "dropNullPlaceholders": false or true
-      - Drop the "null" string from the writer's output for nullValues.
-        Strictly speaking, this is not valid JSON. But when the output is being
-        fed to a browser's Javascript, it makes for smaller output and the
-        browser can handle the output just fine.
-    - "useSpecialFloats": false or true
-      - If true, outputs non-finite floating point values in the following way:
-        NaN values as "NaN", positive infinity as "Infinity", and negative infinity
-        as "-Infinity".
-
-    You can examine 'settings_` yourself
-    to see the defaults. You can also write and read them just like any
-    JSON Value.
-    \sa setDefaults()
-    */
-  Json::Value settings_;
-
-  StreamWriterBuilder();
-  virtual ~StreamWriterBuilder();
-
-  /**
-   * \throw std::exception if something goes wrong (e.g. invalid settings)
-   */
-  virtual StreamWriter* newStreamWriter() const;
-
-  /** \return true if 'settings' are legal and consistent;
-   *   otherwise, indicate bad settings via 'invalid'.
-   */
-  bool validate(Json::Value* invalid) const;
-  /** A simple way to update a specific setting.
-   */
-  Value& operator[](std::string key);
-
-  /** Called by ctor, but you can use this to reset settings_.
-   * \pre 'settings' != NULL (but Json::null is fine)
-   * \remark Defaults:
-   * \snippet src/lib_json/json_writer.cpp StreamWriterBuilderDefaults
-   */
-  static void setDefaults(Json::Value* settings);
-};
-
-/** \brief Abstract class for writers.
- * \deprecated Use StreamWriter. (And really, this is an implementation detail.)
- */
-class JSON_API Writer {
-public:
-  virtual ~Writer();
-
-  virtual std::string write(const Value& root) = 0;
-};
-
-/** \brief Outputs a Value in JSON format
- *without formatting (not human friendly).
- *
- * The JSON document is written in a single line. It is not intended for 'human'
- *consumption,
- * but may be usefull to support feature such as RPC where bandwith is limited.
- * \sa Reader, Value
- * \deprecated Use StreamWriterBuilder.
- */
-class JSON_API FastWriter : public Writer {
-
-public:
-  FastWriter();
-  virtual ~FastWriter() {}
-
-  void enableYAMLCompatibility();
-
-public: // overridden from Writer
-  virtual std::string write(const Value& root);
-
-private:
-  void writeValue(const Value& value);
-
-  std::string document_;
-  bool yamlCompatiblityEnabled_;
-};
-
-/** \brief Writes a Value in JSON format in a
- *human friendly way.
- *
- * The rules for line break and indent are as follow:
- * - Object value:
- *     - if empty then print {} without indent and line break
- *     - if not empty the print '{', line break & indent, print one value per
- *line
- *       and then unindent and line break and print '}'.
- * - Array value:
- *     - if empty then print [] without indent and line break
- *     - if the array contains no object value, empty array or some other value
- *types,
- *       and all the values fit on one lines, then print the array on a single
- *line.
- *     - otherwise, it the values do not fit on one line, or the array contains
- *       object or non empty array, then print one value per line.
- *
- * If the Value have comments then they are outputed according to their
- *#CommentPlacement.
- *
- * \sa Reader, Value, Value::setComment()
- * \deprecated Use StreamWriterBuilder.
- */
-class JSON_API StyledWriter : public Writer {
-public:
-  StyledWriter();
-  virtual ~StyledWriter() {}
-
-public: // overridden from Writer
-  /** \brief Serialize a Value in JSON format.
-   * \param root Value to serialize.
-   * \return String containing the JSON document that represents the root value.
-   */
-  virtual std::string write(const Value& root);
-
-private:
-  void writeValue(const Value& value);
-  void writeArrayValue(const Value& value);
-  bool isMultineArray(const Value& value);
-  void pushValue(const std::string& value);
-  void writeIndent();
-  void writeWithIndent(const std::string& value);
-  void indent();
-  void unindent();
-  void writeCommentBeforeValue(const Value& root);
-  void writeCommentAfterValueOnSameLine(const Value& root);
-  bool hasCommentForValue(const Value& value);
-  static std::string normalizeEOL(const std::string& text);
-
-  typedef std::vector ChildValues;
-
-  ChildValues childValues_;
-  std::string document_;
-  std::string indentString_;
-  int rightMargin_;
-  int indentSize_;
-  bool addChildValues_;
-};
-
-/** \brief Writes a Value in JSON format in a
- human friendly way,
-     to a stream rather than to a string.
- *
- * The rules for line break and indent are as follow:
- * - Object value:
- *     - if empty then print {} without indent and line break
- *     - if not empty the print '{', line break & indent, print one value per
- line
- *       and then unindent and line break and print '}'.
- * - Array value:
- *     - if empty then print [] without indent and line break
- *     - if the array contains no object value, empty array or some other value
- types,
- *       and all the values fit on one lines, then print the array on a single
- line.
- *     - otherwise, it the values do not fit on one line, or the array contains
- *       object or non empty array, then print one value per line.
- *
- * If the Value have comments then they are outputed according to their
- #CommentPlacement.
- *
- * \param indentation Each level will be indented by this amount extra.
- * \sa Reader, Value, Value::setComment()
- * \deprecated Use StreamWriterBuilder.
- */
-class JSON_API StyledStreamWriter {
-public:
-  StyledStreamWriter(std::string indentation = "\t");
-  ~StyledStreamWriter() {}
-
-public:
-  /** \brief Serialize a Value in JSON format.
-   * \param out Stream to write to. (Can be ostringstream, e.g.)
-   * \param root Value to serialize.
-   * \note There is no point in deriving from Writer, since write() should not
-   * return a value.
-   */
-  void write(std::ostream& out, const Value& root);
-
-private:
-  void writeValue(const Value& value);
-  void writeArrayValue(const Value& value);
-  bool isMultineArray(const Value& value);
-  void pushValue(const std::string& value);
-  void writeIndent();
-  void writeWithIndent(const std::string& value);
-  void indent();
-  void unindent();
-  void writeCommentBeforeValue(const Value& root);
-  void writeCommentAfterValueOnSameLine(const Value& root);
-  bool hasCommentForValue(const Value& value);
-  static std::string normalizeEOL(const std::string& text);
-
-  typedef std::vector ChildValues;
-
-  ChildValues childValues_;
-  std::ostream* document_;
-  std::string indentString_;
-  int rightMargin_;
-  std::string indentation_;
-  bool addChildValues_ : 1;
-  bool indented_ : 1;
-};
-
-#if defined(JSON_HAS_INT64)
-std::string JSON_API valueToString(Int value);
-std::string JSON_API valueToString(UInt value);
-#endif // if defined(JSON_HAS_INT64)
-std::string JSON_API valueToString(LargestInt value);
-std::string JSON_API valueToString(LargestUInt value);
-std::string JSON_API valueToString(double value);
-std::string JSON_API valueToString(bool value);
-std::string JSON_API valueToQuotedString(const char* value);
-
-/// \brief Output using the StyledStreamWriter.
-/// \see Json::operator>>()
-JSON_API std::ostream& operator<<(std::ostream&, const Value& root);
-
-} // namespace Json
-
-#if defined(JSONCPP_DISABLE_DLL_INTERFACE_WARNING)
-#pragma warning(pop)
-#endif // if defined(JSONCPP_DISABLE_DLL_INTERFACE_WARNING)
-
-#endif // JSON_WRITER_H_INCLUDED
diff --git a/ProvisioningTool/include/socket.h b/ProvisioningTool/include/socket.h
deleted file mode 100644
index 8f47325a..00000000
--- a/ProvisioningTool/include/socket.h
+++ /dev/null
@@ -1,53 +0,0 @@
-/*
- **
- ** Copyright 2021, The Android Open Source Project
- **
- ** Licensed under the Apache License, Version 2.0 (the "License");
- ** you may not use this file except in compliance with the License.
- ** You may obtain a copy of the License at
- **
- **     http://www.apache.org/licenses/LICENSE-2.0
- **
- ** Unless required by applicable law or agreed to in writing, software
- ** distributed under the License is distributed on an "AS IS" BASIS,
- ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- ** See the License for the specific language governing permissions and
- ** limitations under the License.
- */
-#pragma once
-
-class SocketTransport
-{
-public:
-   static inline std::shared_ptr getInstance() {
-       static std::shared_ptr socket = std::shared_ptr(new SocketTransport());
-       return socket;
-   }
-
-  ~SocketTransport();
-  /**
-     * Creates a socket instance and connects to the provided server IP and port.
-     */
-  bool openConnection();
-  /**
-     * Sends data over socket and receives data back.
-     */
-  bool sendData(const std::vector &inData, std::vector &output);
-  /**
-     * Closes the connection.
-     */
-  bool closeConnection();
-  /**
-     * Returns the state of the connection status. Returns true if the connection is active,
-     * false if connection is broken.
-     */
-  bool isConnected();
-
-private:
-  SocketTransport() : mSocket(-1), socketStatus(false) {}
-  /**
-     * Socket instance.
-     */
-  int mSocket;
-  bool socketStatus;
-};
\ No newline at end of file
diff --git a/ProvisioningTool/include/utils.h b/ProvisioningTool/include/utils.h
deleted file mode 100644
index 9eb991bd..00000000
--- a/ProvisioningTool/include/utils.h
+++ /dev/null
@@ -1,30 +0,0 @@
-/*
- **
- ** Copyright 2021, The Android Open Source Project
- **
- ** Licensed under the Apache License, Version 2.0 (the "License");
- ** you may not use this file except in compliance with the License.
- ** You may obtain a copy of the License at
- **
- **     http://www.apache.org/licenses/LICENSE-2.0
- **
- ** Unless required by applicable law or agreed to in writing, software
- ** distributed under the License is distributed on an "AS IS" BASIS,
- ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- ** See the License for the specific language governing permissions and
- ** limitations under the License.
- */
-#pragma once
-#include 
-#include 
-#include 
-#include 
-#include 
-
-std::string getHexString(std::vector& input);
-
-std::string hex2str(std::string a);
-
-int readJsonFile(Json::Value& root, std::string& inputFileName);
-
-int writeJsonFile(Json::Value& writerRoot, std::string& outputFileName);
\ No newline at end of file
diff --git a/ProvisioningTool/lib/README.md b/ProvisioningTool/lib/README.md
deleted file mode 100644
index d9ac780e..00000000
--- a/ProvisioningTool/lib/README.md
+++ /dev/null
@@ -1,25 +0,0 @@
-# Instructions to build jsoncpp
-Download the code from below opensource link:  
-https://github.com/open-source-parsers/jsoncpp/tree/0.y.z
-
-#### Unzip it
-
    -unzip jsoncpp-0.y.z.zip
-cd jsoncpp-0.y.z
-
    
-
-#### Build
-
    -$ mkdir -p build/debug
-$ cd build/debug
-$ cmake -DCMAKE_BUILD_TYPE=debug -DBUILD_STATIC_LIBS=ON -DBUILD_SHARED_LIBS=ON -DARCHIVE_INSTALL_DIR=. -G "Unix Makefiles" ../..
-$ make
-
    
-
-#### Check the generated static and dynamic link library
-
    -$ find . -name *.a
-./src/lib_json/libjsoncpp.a
-$ find . -name *.so
-./src/lib_json/libjsoncpp.so
-
    
diff --git a/ProvisioningTool/lib/libjsoncpp.a b/ProvisioningTool/lib/libjsoncpp.a
deleted file mode 100644
index 601854f494e9d1a8c8be89a22bef826b5dcc4cb5..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 2640366
zcmeEv3!G#}RrhR2NC*iN5F|c;0mTG_WO{aHAK{hFZpWGIBg4*a5+Ts(nYp{$Nl*8r
zr+XjhCL1?nb{q#*B^n=KRFnv)@d3n;geAme!3P0RqoAycy2GGEURe>z_divq9{1j=
z+ugTsPk?Xuu{kw;t4>v&I(6#QIj5>#{OV$DV$W;OzPK;^zkcganYRDi*Oyz}zkc;P
z%5>e?Jv~qVaL;Ky11tYlXt2TqD?G5m11mhR!UHQju)+i1B|LE6ho0WE@^6I(D?G5m
z11mhR!UHQju)+f?Jg~w8D?E@L54`ZVztFStZ-oXcJg~w8D?IQW#RG*mRQ64c?(HeO
zVX{2BcdUTKwy}CHH?gN!E7WVnQhjD*BEO~_RCd?*A|hMssO@g7k&L4{+zy_NxskD<
z!rr{@oa}|{8{=J{uhpuxk;<-WUUiL`I+V@%+dzK%=51pIO=!bTs?oV-IfkZ-wV6QV
zs;?~+Cid^o<#Ge##Tl>*jZS6v$V7ZrqoorVg6*iBhiF_+9a$W2f>CW%0aOvsl2(J0U8RXrp+X1ok3PlSEu!$w#-(8(~X%u`71$>D6!VpAe;6%#VIcIJlC^v3GcR8Xn!sNN7%W{B|pg(2}rY|PgcCnp6@r5{v{o27QBIRg`o
zS`AI{HMgJoa^?8-!9+c=oubbhYPI5l#B8~N$zTEkVq0TsJgBvlbxiPWVpdVPq+b#(
zA)!F~vFYMOFeAr1M2g(*puR2GU#I28@mWxU8xtSa9MOq~)mNB19V|t+^)s&}>|(v+Qk$xc@iJty
zHQCdZq6*rlI#w@?IaaS7g|T&o?VHC|liV7sPnZ2mg1?#_g&qBc9XYJrqnoiPUI~<$
zU?W5VW0Z;mOvRm*63LH^_%~WDfmuWJB(5GTY`;EMdaV>YTsl89QJfCONWrX3M25tN
z!Youucd&(r_0^$mn6FCBahJ8Uo7QxT^|S^R#-U?@`*|gzC9}2CgQQsNg|D?Tn5v?b
z(8t?ZoLAS?BD>k{{J@HO#(OVy>)j?%alo_j6
zf)SqrC0Jk-6w8kzNgJ?DVh>fS2el&hFe7@_j%^f5i!)Pm?5y8sBs#;w^68
zm}yqs1XJa5S2k+SO-=ZVJx4=dBAc7_K(}4&G%@Lgb{@(t)}_eMn<8e`yY~VnC$<9~
z?EKN08led{NYjP^p
zC`q4<=XNMkj!rexYAw8O#n#H;(QU09ZuQn=7!Vq+Z21^AlI7s_jcT2jj|dCpJle3q
zmJ`)6)y!_wWN_)k=4-NAY~^dB8CyBqR*tQ*teZH771~J$`mt3->ngHUs6BnvDyV1d
zvZ&Wq#qH_JEfsXktdz>6scxVHebQht3q(kzbY`$uELVn*V(HAl7}{AST2U`ub?Noa
zuVE$@3n`gWAv5{g(imGQrqn-PT4MF3)B#P^W}G!)lGMP&f-X(aSs+Vgut^2R-s@A~
znji@4aF%^PG%sw!f5?Dpu&Y_n4wI`*S7Z$f{hV73MbNk%&@5=!WIVC;P0|LnCn8+H
z7%-xkaz0E_^NnN=>3^ffUW;T0%ZyD}<&5xBUT3f+Qf{pw&Si~K**JnULEZ%s!t~#5vNwJ3*YDf9-n8zEXoJ3MYI1uDkSAu6$-O7^|-@j7-9+
z2=|oihNDZl)vB68X$l6ZvGs*5<2lPI1n*DX%2a{%Csl(iluvcn^m4pBBv$kJsUA`#
zxRJcw|MNwT<$Wpb<@+(`D;0keutR4X&}g0{P+S^D$ZDw+j})ztB6J{W>D
zjZ9L;Lh&F@1x{+SyRN
zr1zIxmwJwcGq*5%)NU`aU6wIW1wFMdWH9SsW{XB4q?1-#3u2kAH74qW6mfYXv_VS0
z+!{TlRQM{G!#AS&{Ca~6ynThRo*^b~?{+Zw=#Ijs=_?WNAW^r-Qix&QTG0OaLb0)b
z#Goa7gl?=pRr0n<&or7|v8kw?xw)aq(k_;X1tAa7`t=3&@#<;s>${pWxwS$72#ZUh
zI6Y1Ltkkl2?LKU}&C}(4IYh58SE^bEMeu^~yt_K-t%jlYBk_+cz_H
zgB$(S)hJr@mZxhU1lQIA>^}uETI5Gba)!tvduU9U4r6h$6l}3*h-(we7%A-%x`{@eBo`
zvm)K<6f)6?P`BKOMW0M{m)F9oMS0f*OUELw34X8CTOMm?*haoQbqWrb2K0j5V@d-P
z)UxSfsYVv;wZ_b?LbAvPHJ+Es0JvIZ&DfSOPW#vGo))Yryfx2H~>9z3I`{!(`VmA3Vjs1qC&qOhj%IsarlDVL1u54y%Qrl
z+9->{vYCkW4sChZj1He!p_j|mO{!Mx5Meipd9Y~iOIx
z7R}z;;0;V^t<^>{bN;_rkZM_(seZX=eIU(FX$>Dss)nU8Rxg*2pE9V_ZUje;US0ob^d4{wt
zB*y8ZJ0V^9!ik#DWg1*Mk6(fx{w;wRT<5qpYmL=_nDy6J)-%>2LzBPhp(RKWw6#uq
z6-6xCaZYRA{1DHz*nHH}kq@iYYN)SD1dywYL}*jrkM`%c$xS4zRb?@GL$L>u>lHKy
zG_~z6|*q|IEEvyb=RFtPmkc!RyOzv<+dOi=p4@O6lg@bG4
z3W!+p#~8=S+FjM!zG7{11d+I&8AYOC0<|H{;eCWcpQnG$&2k&4cvz;lD92p99pR~{CCSv3liCH_Ax%MUV96QM(G=NmpFD>x3y$a3!_t|aTaZ&)i}$zt4maDTE}Cl7OFSaGM|j6
zJ@qCLS0~L#To;K)QgzIdG|5W2Tyqk8m!zR56xY)Z)UoyM*vxAQhhL9MY`gH}Dz&3c
z9S6q1=-TY8E3@U
z$yl~sTOO9j3_CCg{f=!}b2HFc4uz1oFXpoA?Njk!Mi&yRHMLdOX-;ZE^
z!{GjXKX}RnCeZ9lb!5f_1<*2-6-vDa=uQ{|qwhX#jDD=AZz?K7VuV&2vhAo)4w2@g
zUhA;$ua$Q1sV7gV
zJf=aK&-I%PAy(ftu*PV&`ttAzZFAM_Uyz{7Qz`Vht%Y)RA1q|!)dm8=JuKl_nwDKp
z(tZnd7B92)S6l6uhwy746%dg|w<k`f4p)^rkgfF7wse=z6Q8`I@rXr+(8;J&RDx%$rA{R84RDVTL3+wQ&_O$TCIbaog?i>5}B0bM;}nQTI>_F)U5?N!Qu1ruNIND
zaW8*5AHTIXj;^<|n@%IV=1#>j&Lz!RRG(Nub)HqtSx!&uRu?uWmiXG{$)?R+u7%85
zM$@F7wX8WN?{el@fD$owum(Btwzdqpi+WZfXJ$=Xmq*UA7`c%+*CQbsUHN13)0wHc
z2z3=pAw`qXv?NHAQKXcmPNXTssRvKX64hB=@l7{`srtLuJI9QsQaZbgh!5}7%*f!~w-5RZJEt^R-?
zwI_NHVOR@oKeB44urYcqzW$9GNEHz;>Byusxn-LTcBFn2rxSX#Jd#rEQl}g0s+Kry
zjp&B;aTDK_MHl;Q8Slrv8T4kQ43STDAQoFv7;dDs)<5E@#y7NdkHU>bHl4A0x$b}a
zNnCL4i`db359P-;u%yV^qz|JzsnvSqO<;$VOz8~qh<=I~;z3W0`wp_|%hQqVo8;Lz
z2t+tIN0CE&f-;`&6vllvC4~G0S0Ja`Q9#iu6g?4Y5Lx%H0PDf7Pd5>Ykz?mUZh4#s
z>75n0Bpni}4Q~bATtx$HO#pZXN;8E@qg+N17M}b9W$CuBacPEvaF{IN(MGxukWMjD
zg+uD*O?CAbC>Xyb3$_Jq>yJ@y}!C$hs1=T6*IhqK1^(PHGAx1+UPZMZI_
zeq*DbV3)P19=W`@b`WsQmLox??SyA#fr#r*bmeX(()Eu=ghHjSC7fJ6%++Og!8%ILCyiD+26B+l@O(~U|3wNg4^
zw7uOi#`dYv&EmvX3fUClb#1iwpM%Ruof)G-ms7xmu1?6cX*(Yh5n05lt?15P3u7oy
zQ_{+5RDyX#1uUdAnKzY2Nwv2qXWdN?`Bh?~)?Fr9+PcfMEHt}PJi>}zvFolpBzY6$
zg1fX+G=znKvtT=NphW~tMS&BK#Uiar12>+?D0E36IP0eKA{3<=k_n_`W??8HEp%_O
ztmBq|H;W@K=3Gg0Lnh+#yJ?@bEMb||lVpY4U|H0nbvriyNvI;R0WFd8skI4Hn62ei
z#4QJcZyn=HA9R#Kmza6E>}&%R4MKL3Z8%qy^}5LPjo#U%g|+&0&RMJfkemWqHkF!iZ{>iPYR~psb~-b%=@Fv3t;b_-vGt9yRpk
z=zLl$RJj613BQqVFl6NG+?=?Xs-m?oL;;sU5ivw2SQal)1iPy>Y+aHJYHPKXP30$h
zi-;RSjs38OcVd@A6z`f^u`*emDikLsFfB~;IF{GHPYLe;4IgT|!q8R4aw7nTCTR0v
zBzl`|F{o2NRQokmg{4w$ho0BO`V+1+YCKYERNRt9$9kg%uLSx;s!@Gvy@c9`_)B;<
zoQmfDqTIUpj@P24Qcsg@MeR|=-{hv7Hh+^9r7$I$`HbA5fvm@}V8?S2;lb04DGc8*
zF45ygYG%UrN%jSBM%?_3xf*{YB8*!Zb|5~+l7a(0rP>Z-3F8Ud2ATIa``N}je8yly
z_6;!*g()JDT#wX@b?_T(3QFP+7I0-E3^U>lqT+xsU-(Ok9UX*jzirxqi_F47w=|K3
zr;rX=1t(HH45L}1#T&qAfrwcdnW{Fg*%wTt>e?v*jXgQnVgJ2aWXrLHk;4RLTyZGXL(HzHLGo&f+-mnZtkuG
zlZB~Z3KzVk+eSssrD+>PDr{IjLKY(0#;fC-BF#tBAw%VsSj58c#c9h_H7(QnAe{)a
zPXWX0kh+ULt%dx|pFu3DWn>7>~fI_)}*P@!E5fVKRvIx~Vs{S()YpP)&=C7`gM>ETa{f{MAC=
z-8$`Po;8T(Ay|;btYMHm0yT6PvWk
zhF2FW9zdw{NhQO}URaVz*%C5YMJlqyiQ7;W&hMPJ&CF9xQ4n3>#?odov5JspnrzF@
zuTy1|Y15&l&~_66;kY$xgLQQcoD8})6Ea0AX$#e2dfTPjtvs8qI%Ooz-V*n7bog)@rq`S$;BrZZcXTur-Q0w
zv_{A8c8y?%^}+s$V7gwaR*c!g`c1CpAv~o_CNB53JOf$H9syaPG0icY#+yYlOPbW0zr)~
zRHA1h^fO(t9BSJxhjd`9UaXfU#_F|FWjFA`_fEQs>myxvCO&Rxu7z_DU8%fM){
zzGp*icY~g)P|=xOGW3bnEsgX*Ihee@w
zB;Qi3?Z!z$M^*S-+@J7y(0rCH-E{RuwP4ppIG476e*uTmW~vn!$?FFSd;1M{t*!5=
zRrhUgRO+RvAYZE?77LH+AQ}$}(*FIqTy6lzqDq3Vz?=RvgQowvA%SvBb$4kZ8-#1G
zqL7Ud@L~~i>$2iZV9hx57H%Qq)Uf+~-n`W6N1x37?^`#1;8cEt{
zVVt(6XpdTw0R)((cOe-5vz5k
zfLz9MxsBB+(g8;*yQ(31h)a`CQ+dl+X2JBhKxi&9m^r2u_yBjLI>P_pZmF
zzyF)quwTCo+DdNiCfp`cLQp)68>3aEgq6jo;h;6`7ZXCsx==LI3kSJ$4+m%V;Zk3^
znoFpz;!hRmzdooG$LS)JT_e}b)Ueq{NL6LBfOsHER;qP89VKr4#)Ta6Qjc=!hJbEZ
zARB)Uzl!i!9ZggMvJrAVq0~C{wKy|_C@rc-e9GsC_KIlyz52#-oQD1}yLH#otsdQJ
z8%|*R+J;Y#whb1>@vr{uH*O4np%METc8A4~YTunfC
z3)+D1c!^DBE?FSFXj=|bvc<^
zZnDiipY}CQ%hGff3SFa_l4@P6z&9w6L_$yQTE(UU7@Vfr${i6h#Oh!GGQ5g6p#_J8
zdCxur)+wU6ga`Sd&8-*e*p36!L39Oz8KP8&r3fada6WM_vBiPtZ8$?@M}~?@(Vueh
zpW;gg3hs{=jQuo_KM>Cq`)MFQ8P65_DQq~FLx%qGX3p-k$jMvQ@b9U0Fk1|u(roZ3
zRX@H(54YMes(b-;r>rMdTlI{Fb{6<%MLPK_$i;U;imUuPnss7RB3m3L5>^^(ucFyQ
z|J-radcEkDv{zP<&RZInD5~)m%~W;PPq8hXB%@NSV)V`BNaY$W9w=AEAySb6l9PT7
zF;OljWZ7_4I1sz1^uWvQQ+k90Jf@H#>|)qf$U=_MkfNXOUaN6mr?1ucaf=mLQ}TRRD{6oXFjfQxf9W=i
zeL=ga7FQwcuY8|!1H~E3X&A$rTdlvl`+#aURU6o`IoevBxg2uMK`Bt=vTC&)FM|6S
zXJFOc8`SEwLEKSwXkYeVtuM`NgYUWqJ&u}AZ@l?^kYFso=Tc1vM31PDe!C(w0qI)i
z4z-4%U~0O~{*jK6=?Cu6H~&qmt!&4np5gXYVIN2uW~WtXS6ZitlyAr$Bb%)D@0e!f
z{Eu@RCewymt*AUzmdwYDxpMq^?2F@t)XcYX4^5PVqK+BvlsPP9Rvl{)Fj9I;5HmBC
z_RF6-=A$9F&u1V}Q5z-QX^GKNZ)hH#$3$V`3lOw{-E9}H}QAq((M&dqVw41l*b_x8N
zw3H!GESH-=)Sn$__D5ZCj{XU{a~0igk>)_A}BKc=HO;R7oS6t03IQspa2@JrjVciNDz
zQIQ>AFPykFIt5b8c;CGyYGZbWRlxEpwmDrSEi~!ut1w8j2(&d+$OKzgIy?YvWUVmM
zba$+-WQ`%yS}~bYuqQI|v4iL@Ns0)*PCStDWx_!`5j{coE*i}x
zs&u(ZC1_Qy>?C6xm3UXlm>xt1&Qs1mbe;k
z^f=vuK&4=pun)N9;a}JPmm9AZ+Z9^g<#k1Zc|{X(%Pg*Fql18;@m7O{HiB2%
zYOyhcsxBtZPL69JKl`062EQ!vh?5DKrhWhH0
zydOt{I5CnH?>B6
zclXSYTa_x>HyhA4P=@zF{xJ!;_(e9HguMad25Bmt13V+!HLGEPl&|LQDdFs-wx+dh
zo{Qko%fFI>X^e9;+7!BLS`}H&J3)#I;pL5#JEkK~G*Hl~dBZG)QIQ%=5ADE*g)ZQZ
zWFDIgTW^uXc
z(fmhW$lrk{WpLB~mEafhg^3t`oD-G~Gm7q)Ud1aR+3hmdw@^ZQySf&q>
zx~O$C{sVYJfp2!efme8DMW7h)%Ft&i&7v_-hJh?;*!1F@W~?PvR?XX~`=*q=t__QB
zVz+`o>2eLrXwtQgP(3na!gCd_)bqL(6D$IcFB1!O*ShGPLL!EkwS=zKPS>l|s#Olb
z`EIC&E+m7#C_}lme6^)SB+R$D*yYq5<9&4bOhb~^s^}(a
zVu3F0QT6zDM`?@~#uSpW`(|fk$SPf1?Qgt=kBP(=mcy-h-nv*WSLvlZTs%0WuYuOV
zS{>KYou=#dF>`SgjnQi%nsuIz`aoAy8&p(XE9&eM=8-B#RIjNB4Be
z$XEo~;!y}Pp3A#DO1r=Y@~&3n@k%3`L7mmYvPk!d(jAT?@|AAbe@Az)i6e{t!CYqu
zC$2A{9l0daiEpt9fH>-$vfn8hoYPDa2t!&Jmvh%
z<|#n*6cwdmHxEvm;k;RVEaxep+UaGwCgtL6$1kzQR=XyM;*8glxvasd{{83
z#D2KW+pwP&*`7iz+g*)R_Fz)O6%)L~Yx%ue@LHnG5n<70(1Zx}QOiGDncX6}xvg56
zL0Xb7v0jpdvU+L1Q_y)g2T84$${(0_4J%hTb5pMsOLbggG>cC{YlW<8nR}drZ+I8ICO#FB
zCX#pLs5c$1Ht>c9t6en-uL4*;??SP$-}ZY8$yL}@EMxCf$GuU)r`=&p0|zt^4_H$(
z{-_cpNunv7rg`WEQVUx)?qh2$B$ZtIwp+H;s|V7cVy1PC^BR_U-^?1*C0inPN`+c!
z_ntb8IJnXlzyo4nMrjhTCMysKavMCzJA&kFyY>)F0
z!DEFPagSo5T7mULx_Q;LU}>j}!TOLeoRGRK`?}V9(n#n62R1NwX>R5QQH_1)ibqm-*s1%2
zLhZwIBk10s$dyYFSL||pct%bIw;0j++S@HT07RpLQ5fZo*;!JY|s#N
zBfF>Q36UKZiT>sq`qI>g0;6LpJkw7LP)n(gY=Y6Xc8vojG@A@Qsml9ouxYT7CB^45
zZn{rSQ=#Po@EF0;&?KMhw?Z7qnW)1YvL8Ln3BEEU{RjfbGCBU~1`g?zqh&hc%1S|N
z%`s{LjvdhfTWGUlCl!#Z7%vJI#HEBFm<%39C)~!<6jkLz&!ewV9<5ATKZw>(R(-y1
z^dd2qfi$X!!#LG!!+u+t))9$Dk&U>OzJw#4ZwV&FCb<9skWpQj6{stZ{UG**cqn_l
zbYj55gasU3s+S(GK54uqKF6mmk%5G<|Lja3*i)qC&}qk7z{h8Q1~%sxs2EWH4Xzb;^aY
z`9kC@6Ff;=)>mA5O~Zo5mp4I{Kr?JEOMG}kp1Rc#7erhV7wC&yTzD|4fpJNMCPgro
zabF!b#O6BZq+d;*XZNIcEtn9PcgSlx+7vu%C-I_s
zt%^WU!lxoPB8q^Ee4hKG^aji311VsYZvfcZdOls)^%gwcXy8da+aqYI5tUxfM@c
zl2qf^W4WUZMMt!B2$WQ8V3D?+?D<3>XNP_ICW>?M>c-l%ZhwJ935ss9ZOHA9&a>OU
zi-vq~=yF`kkS4wWKC;V&pGQ;Mcz`(Uplg0QxF+D)MC8s?b*9@_9Z)1uVG2g3sm4^2
z=e>KKC4Ec;NiAD%i~F1RHo=45ViW^eZyn4dcDz`-3$W`!E{d~bi4OZF)d`_1;yMIo
zxLLtE&JYr@+;>_P8JS{XBw*Nr40xc}$xN$YoyB#7Koi1m7z|wkn*3s?xnV
zLZJi=yov#SsWuQ<;qicZ`f6O~GMW?=anZAoc;fA+*a8PdDXwXrWf+Fu2_fTN)s?rZM5D3we!$hz5zWZ1Z+wujk;(_Igbg8-1@M
zW=SZ@wgqt`FE-GA!v4Z=P@I$^o&pS%p(q+PDz;$IWzhu|cWuQcz+h&h$9gUNr
ziBsFX4xuUg`_=eV`%<;p%NT9Qdp!z)C{EmFTnXB)cQ;_hES;z^FD*TmQ>u(ip+@Ku
zu%yVF_%iO%IzB{$M;=BulMF_;pb4oH>2PhPvOdt7gbf;5!lmU021LvRWBJL(Gm8nz
z#_-&_u#L)hWH=Sel7?luWJw}qJPfvzbPcTPbeBTDJ@auIuc@(t$?+1^+Ds0CqOFK&
zDqtRvhOs0IZwJT|48Uoy>JBpx3!0>`59j&G<&aM6vQMUANi!^VD~3N@SC
z8HzSj0v9^4fTzXxMM&`D#`}(!S%&htb&=BRnCH
zTV)f9uT#1bOaO5Hi_JLim0Fd;zIIAV6F*ArLj;FeN|aO3dXVMwMwSvr6;hEbikv>>
zsJk1QX-r#jNI&TskjJcDpM`EMKU+fDxneqs3#)$!(M!v;_+l!Kl
znTv!-buaFZsqWx-=ZLw99Ez*d%Z}=!vy67vgK;8(leSwI?MMooMC)6)K*&jncod`{
zD7bf27%s3qZ6|`#RY#sC85mB^2+TIV=K%wkhLz2vASR|&D1rt2hu54dc$pkl5V|@G
zx1i#Y-f`8Tb(5u;dJ*pu3wJL>M{Y>nkEE_8*nzXBu?Pa{hG0vSfUTCitHI1nbyvE8
zcCk
zbuh|ZB9A%BpICcmhGQ(5;$)!igYkHhn1VPR^7@uWgbfqHJLQRv{6DnuLL53o-VO>$
zhuqbN&mkM-X=PDW1}B%}b;)ja>LeNPI7zVkRT1@IA(scHiHTVVnS`i9TszP_7PfsU
zAZ44e-I2KA8wRr#YW7|Yb}3q8WH_!6qvRn`*XA@g>ko`5^ddENVo*z<#)ExWa&m6iah{0XW^dzQ7M_2FRaNq7d>_xv^~Xm+(Av|Dy~
zFoaJAYMZ0l!Fo#39+s9j%&F)e*0!#oEgkP+eJzO39nm681H~up>|#B&5T?N^0L?$39@}lADF_G%RLS}kkg5nDDwd$30A|kGn4H0Gzi4oFQ+ZX6E
z`rXyqfn?Le+E{*aVk_GN7L|@H7+CMu;7*;%>QtdPF#!{XX&%S7TkAz+EeCO92L(f{#sK=F3*{Ya9Rx3t
zAckPFyxrJuR;OnWPd`GTlJumA7;m{dyiDv4Hx{IupI&zI#;;+L;e}ImnW8*qBd@@+
zD$8ZVFJ_;_@*w*v?0wQ&+9wfb3f44At?I02lS7tLycwC%<|MkSYIB~64Q9f=c7wgI
z&3xuXsR=%5VN*ex93FAzS6)agXxc;2ppjZduZ~|IOw6^0MY7qQVvrF3NJ5{3aHb$_A9kuU1DoHzarS8Oc>aKdS
z(gYEoCOZlN*5U5m)lAw$C|y;JiY@r{`s%rb3yn*>Co5vT?3UgWzm<>THL!lV>~#1*
zVx7Zs*O7S}cRH5H#Jy&`G+C-avg0fpuIbcjFZ59CcW^lZPIv_S%80;5(0m74kyvQ3
z0uoWtrN@{(c1(-dZ<0?gGzCnE-u_Pa?MN)vKFcm;2
zw_5F5tgyc!rG~64q&3F%W>+DV*$&Mf-HO(4~!9Zc8G8ybI@Z+r4%t#q7FXE)XL?oVAl94;Q
zOF+Bev2W`}i+tXMMWR=}Qx#sBfsvCU!>FfXt#M8rVGxS8nl{1etiF3Op`I4Dk0aVD
z;82xj^cU8RP!uEiw&`|63_{!+i3-~Cwnn+XC4SJ1*A;$1Odn45HM>(+JR-eXFjoQZ
zBuoW(8}b?&0GlmIY2fL&U0Un}W8%cRK0H0@ll5KG1<7TC$0J;e
z>g7sJunZO3|NoiaiuoZ`ch$7zWatkx+{a24lANJ8w)>*$96#q3k?)%q{U7E<(YSr4NetBn3`~yFZ#*%P*qf#$T1&%TUp--~Z
zjxlbhRTI^(e-9P1zl7Uc**7&x8?4Fl=-x54xj{fJ3sYLcgBo;8-h{#IAO5rs>pa3%
z1AQe%EC-ffd8)8j!RV|mj8ta|mrvDqm5aM)M2%y3NYwXbq8j@mWI=U1vAYvlahvB8
zgz&l&DyQ2W2GQbOw4R1h&>U%=OS(>>^NZ8}IL{rRMvYpuZ}pyFf8<9sUYEoAaCMDD
zCBNsl4!%AyHdE+_Ndr8b*7WNR|4UE+fl!M6-GF@@#qo~>h9)KQgs|?CI9&THx
zmZVRz;aI{kNc-pp0;2BBF1mC#n4}?+eO)c~P&>dOwNhpGWkW)($?xykboE8GVAn;E
zpZoV0AUtQt7KAs03w!&U6+X}`gSZbNsru`iVVE3mo~0R%ag$*^6XErZDu@#%g}g;?
ztd6VnC&22ti9JRAP~HT&+!4j@A70^+6DtQ@eGS>C^mv*&r8010{y?eYzeq_Cx4J2=
zV#bYgGT*N%sHnKx=2iYp2^~8h%aZsk2xZRon_1v3F@S49X*>So8@6uQNYDAyOXDSC
zlaRDFh=%sjoK;+gwRo%`uM999wCm0Fi~LuKZGJR21|#g$@Q;Fb;LOwX8WlNv^&6q-
zTwCV((k?bpU$CnJfja5FeU2>~sb%hqH6EX|Zavc?QbS?<5E~4#X@GwaZj5N|+LUFf
zhH(h09JJsciGr4F|IL<>SXyV?azy2AFdYU1Sj+Oh<0Yg9HEHdOt@{L92E8Wzbr7WrA=vVFD|w5
z&7^gEiZd)yF0aZt-lZ`T!T{UOi5pM>8!8M_lWMVfA`K6~0ozoM$hV|Nq^w^l4Yq^M
zr8T5PKV8n3Y4i-OTpCka;;{nK`SwU`jnwl%avrXeyKQX8g5uQGVzZC6GR+tp?sehJ
zWsg%XFmOav-OHS#8SSpm4ive#tnyN_g%#aVL+W+ifh)t+-GRON8t*5K9K8&eWk>r$
zi?g>W&K1&ut?4@Hts&Qn1Q(?TR$taAmFvz)NnGB(-a@;#0bV@>+QEDUclBx~zHQ`z
z;uI1Cv=S>LiMM5zRUuSf?eClPi(*^4+%Ip_l?1W0Wd(s;AF#Emy|Ycj`QyamCdCOB=F&FuHhYPJ8D
zvMy94W+*qzL}}`}@>tz*ea_`zz}^(>Dq?dslZOe--aX3!a20FbwvcGfxp0KX(wT$lxY^&3
z+z>)oZPKuN4Vz=Hu~_UAe5;%>^eZDjR*uymQmRt{aNE$CAaOiG`GJN)+q+CrLquSo
zSGOX3tQh4K3p=@z>+1_6w6}*dKz75?B`e@Wp0Qdl?=?_NKwT&AqVkrC3v1G>$aqLh
zdtaa8u4%jd^0Y$<4DvED8PjoOheN7n{&Ka$)R*Z@G33k^t>%hM(JnXBE76>>(S9B*_jg0U`Bk{Z8O#)t>unn$3g_7Dd*BAsxcA(a@EK{xFAbuFE+gr-5P
z_a(e-z{+Yx6G;1-TWgBiMs48Jv{52VSEp2lYV4L(?M;s}UED
zh;aEd8VHyk+q8+sN!=pFxk3>s&o~T1Sn274kr9d+gw?OjsM0G@Dz~N5f%E4dEMhBgX->vtPVXlZNt2
zDN`h|tgDg3)@iUCZ6$30f?iLu94WfV&U)KkziSU3%#fnobc>=cYj_&6npt3bu%IbG
z((*ZoWvkT+j?I*OW+X_X*6K=1KGNm09AWq$Vh?AtcAk-I%`DOxA++OT42zH_HI;$T
z&4?{HqJ}xRGz;gRc+4@V6=!gHXuS}Kx0h7>Z$|jX3JqXa_XVi%*G!OidNFt^`N8)U
zgwMs0SuxtNVsdpae97;{obv*{lW0piKla=A)(1Ql>Uj|g!WRtZ=2c?7mk
zA%1@&H^F_-OpHJ$GV~eq
zE_t`DWz@*!EFIiZJ5aX|ERPK(Z0TE`I&*6<+@aUXd_b>t0u|;5Z#Qlrv5q
z*UNm@I*toCaOtVL1&9URKJIuQZJEesjFTY?rdFJ?vtVkJbO(mAh~5w!fJ8#zbq#x9
zwy>rXFABXijUqc441nov7N*$jXruPo%Vk|u+rH(hj}8d=-V;t?Hz4WUihZ7{6&j-N
z3K2Q&muISl4P;<)|DE8eW`LCRZXp9PM_t8kVtM*%HZYiUsjW}A1}$t412SA@Lgux?
zbiGy(5{r$2A?sX%g-zSmI%$}hJ{`7)7A^Ed?JUxhDwm^kqSBZs(P_h+z6>ekF3dMK
zy~)iK*&w6VN+-?pcw;jY!zCS2W_MxUA885
z@3LjJLc{i$isr^8W{gA~8$eygoYpLO8Cp)H=oSZx?Tee-`+zjGGn+}C%|c<#qneL8@NaCJp=QkdQee
zBNHyBC*I+Sy`5@$G*wFJWzsX!mJM*DCLB$SzhecBZHVp`(diCyV0{D?`9{pp{w5W3(v#;C8UA-`diu<49Q5ke+pDtv}z%JR@to;J1Jeq?$Fx{Cg
zM0aeE@ts4LXk+%Dditi?R6z)YRvHot$_^{i%4GlCQnDXmjUT@F!PF2dtNkpi43iSI+Adomn9RfkBAB;`$aEaUZ3s=dwu
zFjFV%I-wfSpnHW!hjv}`Ntr^;rHO7sELssYuZqiY$!Cboz?gb6kft+sR{HwJHnF9=
z(-9ogAt{7{Y8$4>3(+CYsM&m=z;Tv^Vq?F2@Dy9L$zY~ltKwCpRBSJ7$MS7mYr7X&
z&QoCyS$XO5=ct7@i%OKHW3}C7IL^|DDYmcDh=~!-a3gNwl^}@NVzqjzREfQ;Zgn;b
z8X5zj{{b;5&+SG%vzY~}A=|?c3kE?XACI94myLA~k4`YHT7B~)6*p6ujAho7Qp)x0
zea3@hUjM?LO27W~lq|bXvBGBucVeZVE|zK|9zBaz7K%l2yr_|C@ICM0X10Z&no??P
zOWi{EbR-Q#g*-&DTr3ebI6)XngVXXk-9rta*F8wWI7XU&kA*yCHe|y5;WF)5W(LSO
zhe0Y82PPRgY}3D0d!mg4_wE@RM~3Yb8lhL=^vgzC4zjg;Xq~sK1_Nk#bl5^@VBa=d
zW6Ti5TQus;8YG@a==2;l++1=;oAurWdyB-qi+Vet%^dRKLS!f$C2Xnww
z61~mbjp_)sQ!c*VKiC*|^2xU2BjKz&Yg_kH@E8R_6{Rk>N;x1TE%ij$ML7#;Zf>hi;&hHYrc*WHpiUb~Mt#m(
z@eN`Jy&Xmfmf)zOyH$rwV4`A3V~((jY8+U@(VnP2;0{3*5A?C)BlcL2TNBtaj(3-|
zt1%0G$DCd6Sa*s(Ap}B1l_+}Fq($l^zY#NNy%FQ6ryn;{IBuqL4i1?a@E*-(*oA~|
zB}9k#i!`VW8z6NGudwngGd(o*9q=r(wQI!_rntalcO{rCOa)Wpjg;DG#IUcIy;Qm_
zmXMHALQ9JBgo!l!w#BZHq%Z{*D0|Z~RZSCIpNkX?7?Ce(!=j045z*AB)q3sgGW9L=
z5hXs}u2edgwf@jaOSOCGe!Zc^XB4ZRT6n^*yR{)$h0)Q!hP1hYne`*wAfE)5D_E*h
z*7_n|#>PN)w)|QM)f>D~g#B&r$qiByMCevf(lMeP#*355G|No9r#_cVkpd}wiQX3t
zMMz?3!<>;IC6bY4K#4Oqxw4wc)*JVv%&Ga*T^-UMH3VP7*(FC!Xt8?K>^QY<(Kb9y
z+m;)?ncFTRGffaQAUDzN=)k7}zcOxCVr5wYy~A*0URIKL}?3Zas~r-fQ$$Cd#SD9tZ4K{6b%>
zC(rEP9W^;`rnSq2hsgiM4Bo{T_qFxEp*1S|b!T6X=lQS!q-Q2CnwXxxsCu#d2^Pji
z5c);DW}-7)+^=v*X#XkG^1o{a2StYUYla5a4p8#Cvv1CCx%{+Mt9sP`R`tBL$NZ&!
z?diGW@VWYrOGWC^p3k2CnbRrn1NaZY4>Np_;YR@<;`E;}e3;=QfXDIgWBB)R{_W2J
z{{sL1694{+e|r@0lbrq(;9qn4(|~`&>Awa1J5E0a`1hRt2f)v8`m=!l$mxFq{2ZrG
z0RA(l{{`@0IsJLSf8+GO1O5l6PXaD-`U`+docwe4!2jd)w*a5ybkAv^J^cgyPXl}!r%wkwgVRq3Jd@LB
z0X~D%X9GTy)8_!5%jstU_Hz0>z-M#%Ie_28>E{AIkJH}^_fpioE`)m;`AE8wVYlDxSrFO0KSUTuLgV#r(X;BI!<58a0A2305@`a6JVaxmoxk^
zz+q000A9iA&461ty%lg9r>|r<3ix_XZwDOX^bWwCoW2V1YEEAR_~V>@1H(5mycY0H
zoPIN4fz#Ik7CAi*IKk;jz<|@c8181c2e8EH>j7`zbQy4p(-pufr>7a-2w3Cv3}Btp
z4Zyve-Uqm!(+2?G!s(v?{7Ft91iXpUH#0oM@D{+I;`Cv_TRA-o_|u%e4e$u3=Kz0(
z)AN8o%jpG%Z)Ny4z@wc0Il!Oi^e+Iuozu4i{vxM;3Gfb1|1#jOaQasPe~r`cVE9gk
zzYcgOr+)+RH#z-VfbZh;Zv*}gr{4{D7pH%h;d>aq7w~Eu
z@HnSG2KaGK|2g1aaQZI+|BBO}0DP3wp9K6Ar~ex8)13Yrz`y16-vK_x>Az?A4}hQH
z^k)J8k<we4!2jd)w*a5ybkEbUX3#%cHvpf;
z>C*wv;Plf0&*b!344(mbHm9Encn+t}1$-8#djZem^s@ny&
zoc=z*@8|Rn0RAASUjX<*PQM7SkJB#(dbNU8`Wxy#;R~S|S
zr#XEiV2#r=fOSqc814n!$Lalm2RQu}z@OmsPXZp~^i6;_bNUeAEu8)-hKCv63OLK@
zp9Z{*(?0br>HBP?+@SU9gb-+70{TqP4$?4w$d>5yG8}N5H{cga!IQ_eT@8R@&8NQF+iv!#@LjnA48{9_RGO06)&@KWF$CfPcy9zhd|az(+a#Nrs;S{A*5s8t`v8{kIJN
z4)8Hf|2^P8aQZWVpXKyF0{#=HKL>b%)BgDK_h
zmea2Typ+=$059Y8MuwXh<^eC~^p61!b9#i~6@Z&Ly@lachT8zIp8t0aE#MC
z0C#fwDu!1xyaw>cIsFE}H*)$~z&COF&42|?Uk6y^^f=%IrzZgePVZv4o8cb75~r^R
zyn)kYz$s2w7*+wNIejBwjngxLbxt<`_i}n4;C@aYVE7impWyUQGCT-)6Q^%xc!=RG
zfIr3Q!whc)oaOXSGrSG(2&d;5{tUx;z@O#x0^nOY{WgY28U7r@pJ(_B4ByW1cEDfc
z^e+M4!RcQH{1s0BD&Vhi`W=ApYKEU7O^zQ@y0jKW<{6kLv5#S$l`cDAgkAEM)zYp?n_W=GWr|$*)5U1}0yr0t#
zF#Is!F;0Jk;e&u5<@7@g{|xY9PCvr%Q-FVse>;cg{%vgd@E0!}o;T;tP|!}F)V
z^g;;6;ko?D+_B;L{A0s&kDSC0J%BA>pclh|BxsS#W&i%uY^XBuP{>aIvA3pJ-!^e+t7P|_{
zvbcq7coH@Iq`(6C?ybSD-L9coBhEQ|qWAFe6TU_~f-0$-PoCG)d)vKKKhXz-^)|$A
zq^BXywxS`;+WMTsC(b;4{BciPmtOdl-WPsjSbkN5H9V)s_b8fva&maJ9RKO9p>vJLsg=X8%0E8y!<6d%K+mhsu0K;H
z&uyG}5ApNTIm3tZr&cX}>K^>jWBNn0<9u}aBnq5Vy%6cc$3{bcpK&J&hJJbE&@uc(
z{}TlsIdok9rT%<0{O4ogKTp_yis3NG-*i$8&#t+{XQAY?^CE8H0H~
z22+v9^lq+k;@hf+Aol#u6TKgN&aSzmo%Im|*e?cb;Jpae@D1j4P45n~U}3x+$nVGg_}MWn^s
zMDJ_Rn0vsNccU?PQDfd^&li%q3;AQJ?C`?YW2pP?d!NMrhUflD{oeb5t?xp0cMUHz
z=sWPqy5>H5)Gm&JpMMk0>K~Mo?WINv*p(RmkR&+#&^7jq9~-{qi+2#E<_;b~!w(J5
z-M(KmXJHy()7-Hmvt=Zr-I&iG>HWYV8oa}gue$YE{mh3&HX`^Dv>j-U9wV&cPsVuk
zIRDc7f!hh^k)y=cGK
zMNTyIS)wfewDdVy`|Z?M4B4H-3-~wpx2nh^XNc-lja=$T{?|o5s>|dhOdtt$3H0c*
zni#5|CDIu}6d~hFM8<_9G&sZav(ykWTw**lKQQKJ2+X~={-MdK+9}821zbM-YqY|~
zBl$bYaR#gyrTkqeBnLcyH@NGasxW%^PW%mq4HK9MB>D2lp8^Zo$-08ga~2-a&!y9Q
zKLDc5ZzXm;N3!cBORGsz(V}G)T{_eJXxb9x;aeUemJP`|#l`pUiF50`7{=Go#`UI)
zQ5%L>HJW@Ln5AMj9i*D
zBWzZARomu1qJ9yjNdp13A8B0f
zF}(0R@zbhDU;E?`Q<;Zq?!jR(az>b2
z1G)G)A`X6dK=ewHPz_W|D1NPD6ie62CN^O%aFCcmqJN=D6p`>Ywx!~5l)KjRFT?XJ
zGMQjUNouNZniRK7p8cs4_{dCsl9{^q1MeXIr3J;Bp}n_$99b8S;Xh_h9#d1to~UL%
znTcwObnk1+jgb>3CN;2NpNDl1i@8)Jc}0`r8yW!VmLUQE_U|*pp70EG!JCir$@dnzEgj~j#Ho|^DL%&Xk|K*
z|JKqziQz1jO>EZU*+ylyXQ*r*Y%i19&PKK+tgS?oXHxpvGL2-<(is@9o}*aZz9psl
z+437Nu+VdrHbY~5o)GyT(;B+q5E_1+3rVq&7+(KiJr7j$H>pF|*nl?<9elE{{v7=G
z8TE7U-*f9v$A8am{GgR_cwv-wZr~_U@zR~xzS+Awd}y4Q+xb~pL}_HIn&Fo{IG_J4
zR)_Tu9z0X7+-3YQm;dH`{+kPL|6-TPh};m9uz;xmI~6?ZB;YK5MlW6$yKD1%TiLv9?5^@;ry3-
z4juf;%NsN<)>QiP((~~1#f{#`&ls#P^I(aVE#8MNP#(Q*_ul$0{PalvtN5>E<9VTp
z4$mH|UnsEg-?S%?0%G#NpM282uD@2a?ZvW~;s#ahmEK}!qI%3Ou3nUz-}+VTKtkP*
zFcfV;hQU?GG0G5*JMW3B?fAsY6YVU1loTBr2K=nGUi^t)F@iLTugc$37t=~`)*QBN
z#EPFgbntWMHeRW7oJT3K`)-_pz4i&>!Q&6m%u&@XJ*W49ouqCbHx(_tL#+~`0cw?g
zOqDr`>@Ks#aqM)5L)zcrFYZCN??SilM7Qsl+xqr+&+pRX+j!CNf`}cv_XZMREFczM
zL&GhX3epMZciw^Z5cq^5{>$Hj#wQfj{5^*czI|0=8ya^PrsoOj2U
z;!F6y0qyBtK2v?FxgXkAc08));rv;Ue|8-J9Rp(kG1*eHkW+pEiA
z>t!GD!Nd6{ZK*0-twy&_R`3Y#U)vy~f&OvnL2&3x!2S0gr9_D5$(nMCC_8umSa6c(@3$&H>&V6)|Lf+7k>ztI3
z9ew8fEPXzF>Y1@tj-zdd6gIKNb(sPrcDZ4rVWH46s|_KOoQ-giVr#kGx{|rrCU$Q2
ze5>{Iw~N2#Xp2ZjG(D^lL`P%9V=6C>Up@Z@u;4O}^fLHy|=q2BN|r(X!?;vaz256^xts#ztQ(Rc+qNq@`6zK{(Q
zk)9k8S(g4ncBOar6W@IDNx_jzMOqu|QSuMF;K%ldT~Ae>yw*gC?XN#VljMW=k5Yq#
zejy9m`)kdlOK(oj8KT}&E;+N|eXA~(Gx0XusR!EZ@ujYG%R?mb+%{!lje``VDHxZ6
zhaM1nJ;gyTYYnE9
zcSGWw&)-S%oMwVX)}Wc-=(sFFGXZ79WClDvJeiNo&Y%?`Y|l7!KmFEI55UehBBhD3
zaJ%@^ImSmhC5vnYBVVm!2(JcY5z^2|BhIs$okoM`lfZ`_krQz78X|?8$l>
zS)NhF!goj(Cd|rjzD{kV;*9%f*vz=F6Uwph3SF9t4A6jQ=`m`O~k6zq?ebG_ui;hHlGM|S6f9Y9Jhwn!F
z?xqdgE1}OE$-n2&!T0pkX)Aa4Dv>;QSlSHXTv@errut)!wn_MR?_d6f{NL~s|1v!H
z=1{P)X`uZwV$&6NO5VJ*-^^AQ-*)e-oZ5#U+8>z_>%I%-^(|lAL#prG{dfHz3Fr6U
zDZuS_07T~auHG*l`*QEIXYZjL3$w>WMixW!v!dMm=y{OZGC6$~RB@4MVfKWbH&S$A
zL3~}9y$&+_-m_>*n~6HSa64B=Uu`a*KX3T(7tSA^e~y?mvKh2v`3xb5RH2&WXzZWq6Xw;RBFsra}c^T-)#wRZk?(f5V-i){0=MANuiMj}xXoGUbcii*vj
zf`t6%((v%SA_)DyYq+=apc3?Gv&cI?OM_?ADohSuAq2fm+0Yn8R?6O6KMSfZehUB5
zlPo;`Mw2rc1PxTf&EhHP>-gR7x2;Ep2=F3o!e;$o$@;
zR=mhez><5+P;MtyuGk6_TCy*Lm_CL=ciMv@RwQP+x#(t2t>P%5_|jAv8J&8_|E)_{
zT{lG?%RCwMv|Ycob)M!CulFwl`#lPC`f1Ym8(N4|9xU{%7swS=8sF~$j=O11>Akf<
z5-7Tklj87_-dnH1H>9rZon5PPp-kh=SR5$I;C+TbJKrb9B{F5_cVd@D$|NZOf3I@K
z^hkqfkxskDTJv6^Eu3ofzHKKyA3k;M!Ctu0>gx}my10JD;s*NdQ^Z*8N&tYSK$_8&RKl6`qeg~Fa9r~
zqc#W!lgj&V>Q~{>QonwJeqA_7D$qS(<-6fKz)0rr7%|aHlHbo3D(d2UkbhndhuqbC
z=x<1*(nN`>DtaC*O?7QVmtFve!F#A~v&UMz3DV%Gm}Zgb)O+h&(fq|*@gFT~%mlJ$
zmEk=jO&mq6Ip_G=453f=*bmusm-12!&uu-rWiB7r$`OerWD_|c8h3&OclpNb=a@_8
zdtUP-{Hwh`{S(#?SX6s&yI%ePOkf<$DxUhM&bYZq%rHEEKIY$jYKCFB?{m*b-rT|E
zku)DQqQxhO`$Pp`!eRJ>(3!cjX@_wwcInO!4Hd4bV`8?0fA3461x$|@0@soGo{yY3
z`=veK?Cl|q{Jxjcagb*`x^R>Zg3$N5^Ogd^>h5%U=?oWZ)~A+sHDMu5w${1M
zRirbnBW4Km$kS{dx!2;6dpqF~jcD;j%&d=qSIFN=j#$K^-}kiMw+SPNi%X8=Kcq(d
z^f~feVsH-~{LsZW_2IwkZzez5k@@o=_dm4i(S^}RWroFf12Mi|CvxqI=K5XEb&Je(
z=}j*{-pg-(ei+xsWUeJFVrt&#u3+9|LzAUv9nRmkYViqZLn(R5v?)=(*%HiEB#DYFeksC+$%O_aUy9}e&o%Q
z^b^8N2rI>I2H@l87%rihx9vPtLrBBkb6p%C`
zzg%RuBCO$v6yca!y8vm=+$+=e&_)y}nI%M}D$Q+K7$sE&s6(-C_~{rJq4OG5k1t(^
z5SHFsf0npU{WiKzH0UX%LU^1OpN?g*i7KV3X)kbx6p5FnTP}Wi%Q=k|!{t&_!>?Ek
zQcxz3V%k`9RZ4nLU(A799-`@DSvHicwoYczw0ro{(=cKLpT_WXhG#H5Gjf8f-=1~y
z1Q+JAnsSKvn#+F?4V%j&*bFJeoWV4XurssB#?~Z~f#;)vCn4ZZP_Ha}C++1^d^_V#
z;xbd?NgV7rhM(wvB148}snC>#qvuF96D@-payI-ObC;b(6+L|De0=FK$7bx78yU&R
zsCF&8<`77h2U1jAGo9EWlA`WDK~{O1f|-*CO1L#R$_p7=Ke2PJz?{j6o%7`6IE2}G
z7i7d!a$=|XKGqDDnLbU#sH=!nd~~?JW9GR|`G73sPM_x^h4PO>&&3$5fAA;UJ@%uJ
z304+*puorH6`jXnVuyg3vEcd@Wrthft;`Pro!fgG-HFwTY17#$KI21oSP9KX#WQGS
zhBMHGU5Odq+APDA$k5RtpqDEYLiXqtMp9q>ITy9s4~spfTmTp8Qbqb9?BG|uR%>`7
zigy8pQr+)V(ogX~Ypp1Dj^c$1#aDW760y#^dawS7-PQJ5^a&w<1SKIdp9SQQghhoz
z?f*tiz>AEWZJUxX`{y;$x_X|f%8fTGK>G7kjB1{xg`$F#7QWL}mw||j>+qi@5>k`H
zX&n6S`+7{x8C!#Qbu+R|5E;cC2Jur}q;<(9ekWNPPT6}!*a+xUSMM^N>N?naTNPre
z6@d(U5ud`kj0Btb6N#S1)%s65xwQDh`cDeFT6~`V({&1qZgmAJI_z?uq{<5=W>@Bq
z%gks-ubBTvv&U(x#rNs2>d00|YA*gPR~0(eiD94vIY3E;7WZfz>QEROMyJe>4-04h
z#?I=ubGw@}0}HHK};z$*$+Ng_^U<4iffCcA>1XK|3_ac
zYOGYkoTJV;oLD)fhLK=;eA}K*(_*Tzr$)1|C
zRiDL7RkJAhyw>7za$b`QxY>EF&v|gJoYxZ4$JqSq%X?mH?(rje@?T&&>O)(H4t~C;
zPEnEc<8g>KI0R1BNd$_!e?|}oO*j3>4EiLJu%<84z33~4zIaSEZ6v9b{5NEMFyWjV
zj(dGuANslnBaLgGw7gN?jBcL%%CwFP)akMdLZ{0%>>%4Cscne-JShU^-hTqXw&=<`
zh7KtmdKiINA}$
zqo2h3BF>k&5gZY@#Q8Fvy?2%_w^O*}`7+&wsJ4f{`Fz>eh2)0OJ**xoJZIoYqVU!%
zgj%BG$wf>Vu
zUf26e$IynMHrhbTKQp-=w&#dpqjR2u?mEL98FfHW9cyJ
zY?u3scs1nAQ*_9Y&I=8!uADwJT8L{uY)-(&)ctTozdEOI7j*qQad6^}mD7jeV~H!L
z5A7Xe6Rul1eRyK!^r6}^S(dfD>nLFpUUC(&w@*}D-O02c)(S|jmD7io=SN!VS56Xdrv=G$xpG?2UMtTRC-Nv%N^{KfXsb0W
zexftYbT;p-aLfY#sERDDRf~7@gFf^qu*Gbrk+;a;XgCkeIi-%siWqEa!YOKks!jaO
zjg7pfAxn#5To=+0^ig-XfOWQ=;$-B*V8^3g4SAj)=X=8rWyWzN{~4)y;GF+_{_}@V
z;1-cN5rjs!0QgJMa|+2h{;_F}e`=cJb4_!cXp*CqzWj3&97pp1(lp1vez+fA3?}7A
z@!-N|u#^8Rg;soyf5h2;%UD?dktK0O*vQ;N4^T;!Z_C^XHM~kA?2q_h<(q4F#m5;N
zT`ed-Y|=YFECgy~{H2`%MV#?8C}Cl+(<|6u$fP@gR_OK}!6D%@=e@U{g&3p7Z(+tM
zF>fgw_O{M+&N!7
ziiQ@~k)_MbT-6Bd>3z2*YZz0^rhLmo#1Z!0lUlP=kMYvDiF-_DPQfaDWc33oFR`h{datvl6{9pbs_sEl<5|1CuuA^+0+O)vGsIK5*`3KM2GJp2)
z{QcB(T;3+=Fn_zmFYb1ix9Dzo@{@D)l6n{ccSyBR^;n{hYE;)Oymij>UfqK89yjBI^dc4T
z{Z92=umfES0L!W}mx-g4vZ)KRHxWWjvD?L;uA>g-Ou_K{JGd357OO?1Z-!LYH!oeS
z32m_0)U?}R{ciOlf}h)~$ju?q=%kuh!cHl**~d+^zxow-KN3YE|D)6WB<$&b8~XMZ
z%caS_E5@$e);C$5XiNo_df!xIrrtLm^aZ8*o}kuOtn?LYwc>%ksz_JIuMZ~bRIm|T
zB+>Nb_fG`DWH8w`Q!h^3u%$Frs`r&DeYK!Cc@^cm@MSXR*nvvDxW6x`)vC2iB#Kw`
zF+##FstNW_qk>>kA?G@hK&=t<6w5O~PorE;%D3{ZyA;@4C1#qbRxY_@JH|e!U2;ir
za&lvJiumfn@P{qciDJD}t-K;qAo@F(9xWFq0z&gLbm8JX)v4g(Vr8<13NJ2~#;-@6
z6VuZdGkj(LMF%c=%f&Ob3Hn%|U&W^aab!@t2w8h3s^v2HjM2{&ddkI_y5QDA--}<<
z*H4t%TAGc&U}_wHRfK5%%`huB>;&jkA
z6WrJcDiZ-UZKhsBzj`h!P9}U6O{jY?^vI*INyAVqc;>j8c*$?o>Z+%#fE(1L^)Zg8(xZwM+>emvNXuH$ErVxn4^
z?Auc;@9L}W0?ph=1%1>fFBLE8+f{AU`X)=eOLfy=L4Tre3+49&`@xnIr784ZpwZpF
zsAo&567;=v@)dm>tL4U21<9V5_w}6J)7RHC76g4gs2p_%^q6u)0jKVz(UlAgtscx2CVEVRZ8^(J;iNp6k5spT}J^+-e1|Mc}2eUEh^m;
zKE(z94Z(qOP}yDI)A!of^bNdub$`#M#&o%abtLG+w@dmiSVjs*)(_|(
zov3fGR_pS^rdoA+I+)xB1x2i6d#YtDL^JZ^w*SZ8m%!^(t^e<}-*=yBAF~_@A=N=R
z8A2k`sbeZ7rBOl|3Pq(sC57Xplm;4vT&WZdSDHkbnxx^DW@#dBsqQU`{J+ohthM&q
z@B1Frz1`pR=VPC}_xgUHXFcm#<6h5x-xupH(7O-1Oegfl5O)5c6D}Tsz6(`mP34`7
zUf%Uw?%m!+gJ>NF2RLF_I1TB4{xRo|=s$XtS4^v{dgop=;sRcXVKT0F;3$aE3@A%5
zZ$SUyG-nJzB3w9X^uWUpA4s!AJxo~Vfi-$C7JnD?AJcEtkjt@%^Umo%YRG_oGI<<+
zc)y=?-l-mO+#hPD7X`+R-M$-7LYG!v;$d<9G*L=^x_CRj
zh83y!a*tRk^vCYmoXWI9x2R*Yv6OOMN_LrqRLlQuZ5}?_t-=luCjOrACM59$h1-fX
zaV`v=Qr??Nr_{#zkl=act=B1eJ?fMxZ?3*8cthQSqCb`lW(3|V$>6%cdn^#qjwb{=
zv%E8dud=*r)q5a)ktnz`+nYgo%}*9A$@V^^%Pq-*ce1@lf}k|VdpQXHk?qaR8V@$i
z$?H1YF{RQluve=3*ZJN(zGTt4Bv_y8o${Q&EZ2KG5xkw_{g4Qr&++CY=O`rIkrn)!
z<2{}gY|imYvje2Ok{vvh>wTRa+@9-wmn%y4Ylm~m%l>VF_fsO+mGq`1gH1`YNPJR+
z^Rb8Ct-QbLGPihBtwsGlk_c`LypI!rze@xQ0&f--=ka9la^Ss9mtR3o;N2heD@RZJ
zOM<78-hC?gI`E!VwcZT8Tm4{8;63UGlLPM!KlncB{on`hC%xAb0nkl};OW5oTXHcn
zhj%I+bltzX18WWbjg!H!q<2crKs{*%~||
zN)GAlym%3Gx^2`8vvzVepq+hbo+!7qWgL6LudR^;EQe(+Y(d()@%t$uKS
z;9Z*tZV9NYNcl1md>MGxB!f2s@AhQyY(SMMev}ruMtPrV<%Msk>rk4T6Tyru@4-ZH
z9m<;QfJPYvuV#6#1i_P8-eXx(ilOHO|H$=*2cP76v$;`Tmn^s?&s#$EwK`d_D9`(a
zE++>CYxBIN)C67&3by8X<0$v3Sp}0rZyjBJl2tH2^j2o$^6l(`RiQUMC)g2sPviuj
zhu)33rFhJyDoSs%!@32ZRP;{$$X{L2dn3_lO}_V8GQc&O+xC297JQZuV}tn>yro&e
zvh8gBL4!pJoT^D|pxCJfx6RmKR)G(R(m2_`tQFc9xn*>lu4n^uN-gb502Q
zdKXH4RcId!^STEode`a3UAff;42E+P!E*`kU8)XL>XqGsFKJ|bBg>nPuAA*Wgsz+I
zeW`+1v%MWEcrx32!Vh+5d#nB6>ul;*kL7r`C4zf$ymg7-iyZH>M6fQ$o0$xz=X#GO
zgYmiE)@1NXuD3fGEY9_w4uW5EsVQ#G^(JKnkLG!IWd(QVdAqaLNwePP2-tD?{+kot
z4SuP5JK^0-jRS_AehAJ-7QB>15A(cns^F`nw}=YzqAIvP@V=+Z>-~cJ0%c{RW%c@_Q
zWz~O{Wz~<%w(9TA_MRo^VuRBJJo
zVViSKqoBy^3J(75zN?Pfr!yWcr>Wp2rG8MscI8c`Y~UJ$_r~pf6}+QVnIBB`y*UoP
zTUm8~f-W*K(nkfotG=pHN(K5v1>gE=Q6l(j!dp#V5(CLbaY)WFK~HZG0KWg1tKdn_t6`{j4rm0KJP_a>4emfJ_=w+M>W;NSx9>Zla#yOJY4
zZ;1+4D|NFU-0pkxqbyOTKTD7C*YDD2){@^>s>}t5)}HAp_H77Wic0Vxwla3tqvMz1
z72W@4PTD)U<*uG%-(Jrv_h1%k)0BWyoL|b~`wXR{H$V#M&E(Q;_!Q!L^A(Raijew>
za;3$6KA*&|l;Ed4_$N#e?YFO%{Epx5C`2&DeI6Kz%$MLJM2nC;UR>-s3qQd)-3^q<
z&wec_nKA|sEBK+)#hr30E#8K>#4J3!%tsP_u?e=X;t0Z|;@3;YkDcy~K8(0*VaA`?
zo*s)`(OWE1@pw1(b*Rqpi(iq=zrT($`1=pF$p1Qd)2U!yJri0%h2Z-q`5U@7#a{q0
zt)rBF@Nc{8O58@jGWAdbGwTRCq^H;f%
zu>Fl%7-)4(#ZCGz{ES~gKi=y&pfWq4{1KxQ@Ysv&@~b`TV9*-Z7xJs}ZW0+lO)K`x
zTzmG{o>6x!BX8D(X`9fQHqfuWBeM;W8|};9Q&T<*U`GI!!x(^0h_bLebeU>c4t3}z
z_@!ceVWWO+ybR>Bp2&l7*9GQ+T9aXorB6EX_`lcDr&D(Efy^5d<
zyB(c6VfUm{NxK(DA1VnY8bJGwOxN5Z3>=;Ky0ll(mTI~aY79&F)U^f4?p2xU8NETn~}@c)7((k%Ux0R2Gp)b1Ms^{Z0Vl9+R&+ha!hJhg{jR+4F&
z-~r{#CFsnHOz-67xA`0wy_ADh$P}FUh5ep5$Loz|ahbPiIEekMErx=Ul-0S6*^ZUS
z*^Uc*?R;L)9VdQk?UxCc=?&_g;V;VVx3nASvJx58>HRrpz>F#Sy`x>s$})c3!3^N(
zUu|E$J+PVTiKM&?qnfvKh@NCzZSIp1@$8u6@e*YD#sKf=#m4F)GxMacCDua*Gf(8p
zQmoRZU`anEzP6&J)^9xVm{pZi_bIcYwUoLv^x=m9Uch&y$843hWSO+^vc@^UN9r`VLaT=J3CO=ek~=HZNs
z->JxOPs=J@{ccTX@a}K5^>T4>PiHa$Yu*yO!YL~$=RX^}H-U_e`kw`v!mvY^a1-*PI?wlS)m!7u#V<7?+5gDLwyc5MTfYAWsV
zP&=rJGyI7s53k}3JVNSe_%
zS}A3fs5NeljN3YiUHY8-bnahA;*}S71fY&M{y9qZDqXjgsPx`=*=>}94-<%#<5B$+
zyrw4b*-ZLXhztcMf&6r=ScY1HnWs>xMtePa7GRnBmq^MWoQ=dE_NUt=XJuuZH
zmJoqEyw=eb{Xf>{_f%8RpP{3VTR|?1Kdbjbr$C*^Eav);cg<->lve*yLFwD1Q<6%l
znL>v{N}u?M65nsZi1hn*LCFB^8_wDIDbpsqU1$7RGkykzXtb53mD)vWY+k@{YxYpN
zpQA%_hu9!;n{Z2QA04}Ij`W-58_@KtQ|BkJve{s@T5V5@kC7IS#wXTb9Q0?c6}X@B
zvU%^i5Y;1f&sDmesy1a^I1<%AfA6|PTK1p1E~y94!sCBn0?*Jx_RiqWbCG#++&hEg
z8DQ@W{)c98(-(QAM}s1|rWqS$Z71{GHmnCVoN?^@A3MXEt-1KZ29dcOvmSAu*D*(*
zZASj|b<`{@ny?Ot9L$R*OcPEDt#fEg2pdz_p*j~!#QBg~=5SUOKd*q#GWnO3V!=%!
z2pmlrOV5t;?swd8ry|dh?{z1BO<$hzo
zkJclFb``{hDmR+U<<;xEN{gwXY{KgyW~zq!ZGJSkfwzw
z-N)C=<%wp)@ng4nqYETsda}ghY*gK@eN;DX;jT5b=yw~c>|7w(xP%^Uo!eD#0W~os
zy-`w%=N!XBdyNs{)+un-6xv|5&bn^d#RuV?fHj~Z*@)7U0~)y9Y{jE1-M0)H-k1wqyrDEk-4I0k53q;MM|#7T^Gt}q3{@#
zR(9*rNI9(NsW#I(-$66Ap~}?qZOJii;K$f2%Y!2x>+xxOx9)#K|DU;EonhtmAA2^@
zo=+)hQG5WR&Q9GJNBiRSqw4S#Kgexz>m9!~oU`S--REd)iK
z5FG-y(nzLK?tg4=nC*2wrn9$uFSr
zBk&R|4QQ!=932LB7)ogy2&j;0kEjXMzp<%g`Gy34%LI=(n6#>|L_Xw%^^%M+n%{Sz
zAqi^S2~S?;k^?6W+H
z6;Vw)Tdo7QoJmufQ(KgY_<(oB(u}rMz677F;wtBA5G`q2bW%kUhIQu7SPOM-
zqIQpRAg!;QZEe`E#-l<}V9IHu7{csKhGLme0o0D)ltb}^BcO9zRI}t<@Jc9)?T%+9
zxf8Z%xnBXo4mf_5IbAjyblma&H)h$M$dlF?I?#f_?*vpD;w+_|D|6QL7C6oO<6o#5
zcOis$Po6Al>*UzEkF@bZIAFcg#@Cp#b}e0rr4yR|$I;+}Z`SQm`c040uef1vsY8w=
zUg^gstw$*;LU#j-TX#OA^O?U9H8%VVbB0-4O&Li~AXGopRLTD(a>h=*-o{VpP5*YQ
zE`cW`t|HS#)coCf$E-@C!lgfXMHbO41;_rUc34r)bUV^k)27)*)VODhtbus=NnJ6}
z@LSfa6WoR~+G!&lBFW+qNht+RFoLx&-gZeXzG^}(ms&eUZFibn&q-6b1E8wy(1PT&
zwFS~PMLvWJN5aDSXl%16dYWb-he^@k-0bFKDqrL#apW|XG&NJ!&aOYzU7>B|R7#%V
zal+Ubxq%D2&P?d^v^J)yjNk2wH;m2Z4-DgT!!+~bfq}XYOmT$!3Lo0VY
zL%Exs{7MUH*uxS;m&Psz$R0LJULi3J$h3Vx+r=3;!5JxUnIaLmTOHg5Nh6Zw1P|Ca
zE2lX1t;aNYDH?LiYrBMLs?Ol0hUU{PO;C_uCY9+}yzcqUJ1k9|&+cK~S+c5lAw9h;qWDU0zCa=#
zt)|PhUheSnbE>l|J*jx%HDecgyfwYZJR|WNYxWM>7j2n~B>=r0v&>nku^{aqz+R&t
zn+LLXc8OTY)<-hr@iJoOSMIlr73F4G#&$!8(MyY4*zJD8?)PXt82fc=ctywibv>7r
zlRbT;4||ri4=eln`#g
z3%2-R?|gT-;8(oHF7qz#hJu5s{m`y>$>_E^)&Mz4#q%<1hdjI9shu9B8=ZQFvtkby
zlZxL>Zy56(aar~u>nSDpNHMWtXxYUZj3u%!Rfu&tH9J_?tB_ZTaU%e&FUPmN_{VV~
z@216!oJ|e>9wtw=PB)oiOGIruMbw<57nw
zP?%ea%8>=gomPYHvrSr(vsq#vn7EPs2D6^crj%l0Ixfc9*{9_+zYvU##i$rG;6o3;QXOFw){#$Z8?KurqG}rhhLGt&xmGW{7H%HOY5PXTc=G7aOcXg+lbe%Far`)1P$fV1=uX^|%
zg@8u!wk=62ZG7%4G;?3-*fyp3D-18_-0orxGN-`r3W=Qv^0uPKn!^Dyi
zO-o2ejqjVLjk_=#11-k_H_>+rvFtfiR?^$-Zp7y=Be#b>OQKWw6=zFxIK(~U6Ym&Xg4(L&`Js`kzO@%
zjr+=+l;NFrGjc#KdZ*pmr8k+Qrj~9gax(QtuKYjz37rh#&?4$}ZjYly+Y)?uh5lWw
zn|jp1DQq+a%i$^HG^am$@Eb*gVxQA?MzgePpxW+h=FQS|lZqFhewScNrbN!23QcT-
zKGS1f{=kzJbwJ(;NB<@PL@{V^P;ZvBTUTkqgBX=0o!X1QP0&H{PREpdeu?9nu?xJ>
z__+@}p5rYK9pAx+enjaSEmeph|C&*S`mThYyez_BpJTi5=3IQ{3K#|?`<4il(Y!#}
z$3>$h)aEy>rF}&;e-57FT+VAFUWrv;nWJND;+?a*9YMZHgB&
zZe6@!QUH3=JP`)=#5p$}{UdA83bdoSubPrj+L~BN;0%fEQ}7I3w%c|{!%r_e#i8ce
zH@>fL=Ume-QzN`i8%rO8HW?|$aAy)VqdP3c)4%&{&&xF=>tVgoi}dldcE!so-I4aO
zJDE19zK;!Tw%PL(#XhFwE1K$P`d
zU$XpDxT|)aHKr8(0fJlB$h@IVTwT0D>)OB}k3%>!ac75j1KFZYDHe_+)zhd=bpB1QO6w=6uQm%7H
zM|#%UyB^_X09@qs&i{s$t!WyWwr|sC`QO;XDcU;^(%`dq9>l_9?>uNGzPpl+TWc?1j>1de(R7<}ac*ZjJy>ScNv|gV-Y?=Y19JM{>&y=PAh%tX
zjhpPE#-wrp!O&aL^H@&nQJZJRyfQp})`SpN
z+geBT=@G0_WABuvJ=?GyY5N;BsoG%PhPYbV7>xW7{i?HhRfykWLgtYx&Lw(V*8
z>Ib{I>a259W@>sTX4~lfAOx3~(&;lkmr!rZ2XWbQ{Tin^#-+`*%Qx-s>}FegTnn7*
zOnMzSw&a&w{}q&~ZT#5nUh3CBQE|DR+;ty474tK%X;G-NlxMNu>|<%BqMT9f>Q+?V
zZuFja-}bIo?c0^>O`FazV5hWX8YT9$+mqgpZOcvRgQ+#??rZI7G|V8EHu!N?nO|>q
z+fRHoZhLly9HKUt_QV{G(~!$-Nm}1_n9;_#6B#sZQ^r2?(Ni<(+*7`=sAcV$$rp_U1Y?7qySm?J?Y%L*n+E`dAGp1=@&UeOad44L@ary`EqOzkd
z-DpXy^ZxJX>vky2*jWFp)?x;LKTBU!1L@h|BDx*$pWsAIG>uHRGJt+xPyO~biCdCS*IQjjy<%Yr2=AI_2^m+N;SPwXzAU5L~
zYs$m5NA;>N(~#guI-bd(_jjYn)A6WN(+DG^AejvM-RqG(jmuF#ME<|ATKcVinaJFJ
z%e5U1agPr`ol+lw?30b2!D+HY%jL-AHhLG$4ORW-*Uw=$zx=PC!zX{7ub)E`EyAqz
zpO4Sc@Y)wSEy4V_sB~{M4zI`JgNGcm*c*-0VShW}?{NSy6E;6PnK-ihYoL0>i$)-M
z3zr59cd5GGbZUO1*4>ARtz7xdTKjQdTEM2f^g4b;J$|{>*!5qVTij=9vl0I|gt5$W
zd2sR20z2_I!vR(dH+se2=|Aw>5L{WvHma1EF{P`b5R2KLFrUsd`x5$%AiNn=505$?
z&V~BSKi-ae{MsYZ^-{xmXhc@2GsS<;h##Ai>^l&9+ivES)ZVs>j~>OlN!ltp!zwNI
z4ZY6(P3CcF1Ky!<`W`={OD=z8Sft&Q_$c^0?dF<~Jx@n{B)!*eb2@j#ll7e)M)Qjz{vMPg+jM@LWBLymJ>sIvioH{-_+FAt%i*sP(l;55eM*fQJ(re@GZl-7J`jnJ^H+~Y`^Tyzq
zgv0k*Do+tdl{AMo;oQrdyOFve&I!Txsv*tGzb}uZypi;W{;k5n+Wf*=AbH%D^3N#R
zeM1A#jNJ_pcXg4qoseVD*h;BkO%HZYe&
zt&A+~B*b|jJQF98tT07o*GT2tV1Ay?)~21HRicJ=fs}(@&!&ko-t)>oO*oB!sc-f}
z)sRWzW+4m^Lbq}W=L=z&C9u6*2cqF>A>3dId_{kBi#_Y;Nz`J6Jzm&PTQ*_olgAj6qSozrR)wz0a76OeVjflk7(;wY}W(wXBSXUg4DLQ;=|@sweCy%}4gvDcCQzQJTf72#!?
zunpiZmcSMZ;WbUDg4=^|L`9Oq^XM$p4>k1&+@6qu%6<~+R!uz*x8us8x@P{W`FDW3
z!18VDbEy@4?&<0U(B6zw9b0Q_)+R7^Sr*p>HAYuqp{7=Y-nux%1Kp@nA&8-(izc)J
zc(f%{Yl8OSFZt+5T#UbsJgLxc>XyQ&Qqz@g^;UE-S61z!A`z4^?^Vp_-
zAPlu6a+S8}a3OK0zYc`ShNSVM1m|u(7ubV@^9WirX!t-cznde!0@%w|Uhoqg`OkrU
zZRKTjKc^@>1ob8spDtwLs4BUhSAc`dt_PR?tt&_5fkGyZ>WDu_6PYa&WfwTg&H^@&
zaGr?;zr>Nh3fOfi@>dJaC7%gwZVEop!IuJCk%CWk^nVQO^AvoBgZ~OFnHRTzj>ggK
zRb5~WQ}Fo?-VxZ*Dfq(;DR-T>Y=1nUc)e+dygtKyK
zS*N!-p5`s7>>5HQjv9tPml(24rXq1#i!PDG!6HFKbr1f`Ckg8!uc-fMFaHQf>vG_)
z5{FC>t;{*W(enlHZE-zfUVn#_mycyC4!5nI?_|^%SP|h)Tffwi?*^<_iu|>X{7_&c
zQ{<-#&O^myV7D20#WRx_Im00>1mS5*a)z%t4(V+WKCvWc_*&?Yc7Tw?x=wuSj7%#X
zQe6-lS(0PZI}WJ}2z_HDXSpCn*yzwN0`*!;w^N&LUEey)yTQ6Y#?&M)h(_4uAiQBo
zc4E`aJcqdjtRF3tODx@?SV$_rB8EO3;u6PiCplUU1>p!wa$GXdA)O3De@k-ahASM>
z6(CHtB%UDc3Q3z^=FlGm^=V5__1j$z^KGy`i7~ah1rBKk2)UI^VN?CK#$g@+Rx`_V
zTFS3N;yJ7YgflIP2k%s!J+ipgn0_g!6XSG8@p;1JZZR9IM=g_eI!?dJVZH*^7wOEj
z#(0|}vm5;C_?C=lgmKoU(st)N^k$%TOs8x2E_0ZD!MY&MO!dc`LT7(W1oaL}rz`hS
z?EJdqP+#n+lpQtxr68`gVw?f}(e^YDCTFk-tRF0sGSH;f4yi&Ftlx2nH`oehN;fGH
zrfLaBJHygi`a4GT1~%B>k@wvp?NWz+EvU20p-0j>pQ(=EGZ6Y)2Eo*>@qi=qE%?c*
zri9jE^6V%6UGC89g4#9%J+&&|a%4^f|2!*Wo#+<-D~CP~)Vng!Q%kYSk@+k5FP9^u
z9aS|aY9*h8`fCPyYAL!qGBvS@(*j3IQ;?@&ev%Y#o$Sc;0RP+!GF%k;V;YMia}D@+
zW{}}VOMkS?`HsvJ;IGXf!=n!U(K6TP@cM#>kxk(5vND#bc+`;{gx8}iYTzlj2!}H)
zL~Vs91`&BH66p&1fD9s0J&MS?k;s*x-(W=|qIh!%Wn`mL(2x
zZffo`9A;CnjDt(S4s!!o+blEH*b5wHUQO(6;>g?#raH`4V0E?3jK_&(ADOf*RW=3PTIrPf=V(SA(=4RlBQ8PFktZtT>
zYHU?u9*x0R4FqenWkv&+jB^JHleQYwjbP2NOe&W4(zOohaS+y6l2zwUuy;H3ji4%w
zy;7n$o!gh&$R2S7_k++uR**cWjalW8I)Tu~k|OO6{ZofN0@TuS=we5Gc+9J?mi;^r
z%x7?5ztZz))R*~)$AA7)av%U#Vm;V@HxgunNN~0DpGYGA2W)PcRah@?Z(s*v(d)$q3M|HX<1cqIZoo`yMbKHtY-;=o#-qpLMHOLH%?OblFhk
z@=+`8LZzMp$MFRR=91J*Z%6%lUSVzRigKvWFl$fByfG9HJPf*W_rE%9jU03Lzb3qd
z&lAFtwduYzyot{@gb(t0O1O;AH-_)<`KE9ypKlHe>Jb0duoa(g54-buMtB~d?+nND
z`L1v=pYI9Z<@2m?2cPc?E7T?Vzl8hod0yCz&-aJN^Lc(ag3k|xH}UzQa2}r*gs<^=
zTaCxq?tj+kwS&s@V~x$6zP(1UKk403<8(g%Tw^~z|5BqppLf={1n1NHpEJskcD=t3hM
z7Z9=Wr-VMAZwmK0
zfbOS;hw%C4uq&T$35W7|S~!8vw}x~0d|SAb&$ovk@cE8#C!eQ>)euw7tv@5I&*wYC
z5NY|7`kVOKuS3rF(#f$%myF9@IE
z^CRH~J}(M)^7*l__CX~7c-Vo@PlSE>{MT?4pBINW^7+Z|0X{DYSMd3%@Rox~?&)wo
zpPvcW@cG$r6Q7?8a|#Jx8n)u|^WpJ)ULIb^=NH2%d|nYg%;%NiT0XA|zvc7luu>zE
zUlSh0=a<4``TTM?n9r|-rF?!he2~wtg)i`VZTPW1@8a|8VeQ7G=k>5XpVx(_>GNfL
zej}W&&rkCC&F~$4{u$>c^+Q#oE;c=z)X!Hn4(E#ss>bPjv7f3)Woc5suBu4RZc@L#
zsz_dLf~u@Y?rl=PP*oK1MyjHSH&zu%oZl2s>h!$X^*nDpS|D2DS=gPy>CSqXx2^>T
zPpwzr`dLBG!3d9sW+Yt42@P6RnAt$Te~{DQ_;4z2@T`MC{|ObgP}J`Zq4lQ6e(#5R
zcpSvxPl95_czsH5&<9(Bo>vt&HE}R3lS_k>894;0Ei8h85;C;$=Xs>08<1Xv-bnUh
z(gk`pPh)Bjl7|sQIcn$}fv!PvnSs=;5k5%pS->8$_;VT}@VS`OzSoXaCl4!I16IED2{5ynYAg}_=GTq00{Unh78u-*n&l&$w14j3|(
zozC0k7l1H|NbI7eg3n+DkCCCJ7W0xT>S4fb(6#bBq~W4nElPM^L@4Y8{Xi6@dRXP-
zEfinXxe{8Aq?_c+0Ht9yY?t5d0MEOgMH{wn`Y*__HtdLv5v(yFRTbo#
zIQ%65HQI$qgcbog%%VB{P8#WvlCJ&wUBVa0`fWGsmEiuatcQR&1;;c}zBDy!LLb8M
zs72GWR$lUWz*4s3n#RoNfklipV;!aj+t)}smKtqwqn{|ULnOOmD;
zYUV-YiS^K=a>nM%L*au>z2eznC
zNO#I_pz^OgSiiF1H<8HrlVB?U5OkIt{E?RLH&pd$xt1jGE;Z;v&u=blYMPr#g2*Cq
zmpXs6=eLaT+=F5`c12Ls_JY$xNi)JLl05&Rs`P}UUpb+au7;$c-Xc#D!wsZ}C`O2U
ze<4)|X&RB}A}y045ot-eqzfa`N0!9dkxR5qmkEhdwiBrqveOPcP}QfRCMjKP)32vc
z!hxs**KGYR3i-B}AkrhsCaOUr&h`9>l2N3rEK0b@NXP>RRhyT4Q1fsHW{}*2io$@_
zy$2l{R^fAtunwPFg^Q3$?m?}?XZd_sxQ5Sd!ngU{F6_nU!^1Q9+&&!4=Oe<=eC`+)
zHYNEZ!^(W_9McfzQW=TlriPZs&8?Fv;@W!)y4yM|cCD
zdxq2bd|Wt}&%MG{%sU~hP3MDKhn@I*SU8~>-M0y6SquF=w^8#^9#y$NRCz|4aD~R6cQ_8U2|}s|t~9w!RUrQ)2^8^r
zRR!vSBK}e&epO6d(XE!4p(+eUb8kzwRQa1oEU;|KT5=SXJA^jD#^b{FAY%qv%QzM@zR6z1)Z!9mPu#btm9i
zMnV>KjgIB^O@itv{CS?>GoVnz-5F-(>j8ai;mhcqnMTJ)@K1ntSvaR(vBx7(l4}1*
zGMoQ!e{6hw{iBhP+y`Ee_kHv4s#U!NcXuOWyn}R4t?FawPb(yOV+cG5SIbntlUsOA
zj;(%=!k-h6l6%OB;b<6}dr0qaFrQD7C&)w22q*CUpl~*y2Zzt{c}Vys&eAp;J{sgN
zgBGr=hK~jN(D-W?L3;P%BM`U(sWe^4I@;*)2GNzg0h}0+vlAp)Q}AE?08%e8DDRo3
z`ne%7v^uGh0V#1_{b6S-d7wxPt6T%59IofY`FvAZZZ6;(S~+5$Y$RJj)B!jYU1(*4
z555G-gmo#ih*3%`y3oi~R{lOhSbiqEJ8``g5&&_!VPbyXDQLE0(1SGz&^Hfp
zXROCfGVw60_=Pls?OzFlJVBmdWFMr~Gl-fP!OIzL1?Wf%Pa${`4itMWnEwP9u4NUKHq7B;RWw8GQv`A@~!(o;SFfLGqWg>Xkga-;0EI
z0dI^`a{Bc-)T4^TMGL<0lH@Giyz+DMYcw~_t3pn}Uq~%`wQ{v}`R5j45+b&jVCPnQ
zCnQzk+-mRgO-@fXqPdd(dm6M2!r?y(qGEMIDAI&008X%khe#bi*H*h+Mz&{>axd@)
zEhh(8nsa@`c@e2=E$1>=D%*+G<_qUDVBc7rv}(MKVt?gBqBah8(6z&{XUZ1SmAV9f
zG`o+=r}A|Hv$tVi37Fj(iBXcGTk4#~;U^h~lZzvVPlO)n&u}<9fE})yw#a)JkSxKQ
zwm6XTRr8SIzd+V|NfMMLc+*zRiE5YNO^?+}@TOh!Y8-0T-c7sb`?!%-+O#{5vp7WA3Gh_SbF=c2r0oU1uQ@WSd41erZA@@cvw`8}-pZDN+O>eJ`YoLAc(M$Q+lnT}XF=@Sr8JO`IK!
z!?<#Yv~8u9gYv4O$zX9MGdc*PGig^}f$_azDfW=CI=ie2E%E4&L)^e_O0cfu9aakv
zI#?3fC1H_feT78TqfP}l%PuS=O&WiW+4*ywVX>5
zLLMe$;;6;=^DL2BJ-_kVY_y~79bg|4&dLNI>&X8IY^Rl%%;vRz;zXO-1R)bg9ncEv
z8yv1>_aDA7BHtur;;3Hub25?HGO>KRqiiIwO9*Gn1lKRiv;0(Gx2MQIK!$%^J<>KVg!nq
zewCiZzC`MGR_s&~qnAXR705!FIeCYnq2h2fVU$K)vjbOnbnsUX5Xff
zqc;d=Sw({)8;3M`i3czOMXb;fn~c=ktk^IT%VLilpI%Y1mPB%z)I>*wMU{1!zG|<962CgB3KvA9TcyKc-SxCS6X>rI
z)R>@`4*=AUrJjnQ0#3MFHF_6Xl}NrIaC=CNAxXM${Q{kY3+l>S!WJ
zDeqUcE_xV6NfL@d9}0ibGTo4Jnw6m|SMV>Y7H<&nkQQdkn5wP>QW>Aa7evV!M5@>UJBc{BO(^ykk6_`u4yh#w9W9A$
z(nf!+%{d9+Kuh43K((q_1$sKW9E|HNi`7UQo25ETtqEf!XFWv{Q$377j~fx)BIl^=
z+amU%qMS(T1N`}v*ym8@ya){S$F5l0FGT8SI)LC^9Qpl#)hC?g#kRSsXe-7RZCejv
z6G?T&pW}(m-AUN@sn*{`>^{OKlDZUs#uA%#OG(diwA}&h9>Q6h;O9B=PXc=`MgBs;
zx$N%(`zQs!+`)eWwkri6@8~bU6j%p`Yu^nH-Ue8Q6nvWCT;HbvJ2M5J?%&MVzo
z!0K6iUy!}#M{$2rt&!Y`pvXe0@R_PbpBlF5R+h<{m})TojLIZ(uWHjj5@{eJ#8h|T
z&pZ;LHsbn0uc-WI0j`b{XvG?KcJkc-d<$_RQ<>A-$tc+wgCGtkBi$k$MU6mcP9&#A
z4sn!p1$MkqqTM~(ksktVM2h^?j(jPwn^NSb2+p7WdH~qM6#1J4=a-^i0`|I0#s2qS0QjaQ@FF7`4Vv%LtW99-vMhFR$%~ZxeSr-&xU>kTp5KzfG4oomZYh`fo-oN)e*sv}64MR{
z^0}2(WL@~V!~6&=@hGpPgz$HVu!9JrqWan;m|v+F8>~2_?6lO>jr}3^4IA7Nct^{j
zB+Xe8aZUk#UW}udScgrmE}vz&5`-HpiPu%UCKl5ELYfW2qj3_iruabtrI6@>zBs0B!FU?6oS;U|$g9YGyH
zTa)St5RQ$L`Y=gHQ2QFpL{RA|hMq1Y(m3E)z57d%#&*!iOL-G%ycEK7ai}4b*J51h
zI2|I5q$f!rKRr~*6lo;!O)+srw^|}oq_GCfk<3U|aukbnq>*emlt?4U9Rle{BiYi!
zLShx-iB!UX%FB;$wm$xW9^qU@1+cQ#;vF$+V>;*F$1Z;5boB;L*yg%
zDhTh!NwNCaWH3`7WS_K`9k|+`EL8=UEq`qPh-n8~m6bQ~_SZx5d#o{kU;(}gtvXckBcEt1AEo+L>aoT`lLZeOAfdEekiNoZ9=POd)6{*LQs=t#df*&sU4}=c^HiGaS
zg!6JS(bCr;4FW`@qli#~x*LDyq=+n42aSUQU)cH^Ihgb^nCpnm24u0X^mlRiUn2cG
zgDIlRB$^m2+4BrAW`J11T`5?OP|(yUF6A
zkRE9?Xa_u}8dEe_v)>jrlcs|?li2JoDeZbk+Y(?)tv12+w{x)kdSD-?$Zv4uw*&h%
zMgDUq|C&88tKo3--y}GDyDhMegtND$?9Z#l)1tcBDr_d53+DML+I|rHC^BLKup6v4
zDa}ugHS>Tiu=0{yk$*sdT~8%-_>AdH-?u{w_2sVQ=Lf1KqmPLVrM92
zIuJpq$Q3(sBanJ|Tuw-34(V19DDWl9IRxh9&@s`n?A$sC?Y^dT8F>)t+L`DH&9~H3=1+#OU&Ets>PmGACfi%bx9nKW-F{NAu
zywq~4kQ-%|7?sWD%>?#<#T^~j2~Os}0Q}t;N6hEhR;;>J*yPD=Ul!IX|PC}xSND~+iKfYQv;>O_{T
z){LV8o)ja99;wP#g*60(tKuY@YMo8g#2dn#2G;xx%xDue@t)3kDQIicsoGN;HS2RQ
zzBMda`$^~dD2rR!0aWr_#B;0Tkg8^P3h8UnLMtNG41`uha%QD(1n1cHallS8N_6-C
zUU2Tl!-0*q^1S7k_|cKS5!kI(UhtnC`A2{~VdZ7S>6B>w3~Ee|2fqrNNa{oUp)fTU
zNsmvR6Rnp;Y+trFIF_Aqtict
z?Y1~ojK<#)ygD8&8sZRnt~e%%6_1ORT;CnR>KbF}N`KxV4FF-dC6SyaeJ0s)c_x7{
z&60TRlI%WqG(8N$bCwhtCdL0&)Ty_?_{_4lV~SVwM|X;CqEGDrW4B>xgMJnbT(o`h
z=+qF0IKeR}JC8dJ=iU*7u0-O|)FD+95*KX%2*Wdxlxz}lc9TGuMkKB?p6;alfsi=6
zhe23kH94eQN7I`ie3VI31xM3QL^#4zqf{040&jhh_q`;UNO27L
z!_MYEoW@tp2&G-Hp{HWkWpNe^itmE?NYBCH*BAgSw(C*{$%O_|^$Ev_VRyj}MuJjD
zfzUHfLgxZW?}D9WFth9O9?Dio41VAK)6;bA@cZ`gPIZFJF4$NIKZrv$rM#ZSl~iRF
z?1GV=B!OJH8F#@*{F|7#qFXJIX&0D{*jkz8aTRZ6(q4sN2l
zQQbi36DNrh-42EVyV&5;7Nnir!9`a$0pr1gO3Ow_i}RA?CTTDYtK{TA3m$v0Vbz?P
z>>1fZE4n7X${BczhssnmzB(2E0KS$jw3i_EEe>@XnJ=u#m561oPX@pSu;(PTd-w=s
zID>l0;rT85;dy|RCa>LxP84lmV)ClG#~^b~OpeK+jO0b>lQ;5BPBoHE
z-o!VRMgHo8COGoHMDkOsUk;#VeHM|TJb{E2IQ+ZF@uXf6#}m%&ys@_)2_GAdM($_i
zd!+6%h?+;<7{$sTs!68>q_f7E(1t^DV2+r1W$mU&mSSF>QwM4iwOM!}>n52Kar7nG
z$4Iq^O)5y@MwpK?lNeXxxHg43v4FfUOnGCN81rx}NMV-Mr|gCK4C{Ojd8`BL9b%Gi
zG`gBmlK%$B4ui_jDhgh=3aXriM|m8sf)A{M=0FZNsH@;JtKdYyXIctfX(vpsO`q|S
z{C>0=$ANGI(aBwk=|b6MHO>XRkSJW=OsU0AS2FKV$<_dWE3QU3Il>`-Zw3BSoKuJO
z=m|F;t-An+3Zrbp!8%5zd89Y~v+AQ~Qj^(CjD2K~(5JsC~&(
zDtRlCcuk!AQR5k01a>sx
z?0l&&%*gYo3Z<$B37bjhgLzR3`)gHnV#FRIY$n|a<}6}6l{Zpwe=*XR8%z;h8+WM?
zs5AK=Ao)v6q8_Eab(Pk#6JS0%Ea#v|#;xIJbU3^L7)>q9QL|AKx&Z8L39N?x=*<41
zSwq0MECZ_(m|n8XuSO$<=gXiqRV<{W*^s&4$muTev+CFukcy8^Jf0*w0MO&n35oD)
z^u;DgTu?drf{MZyWHMh|12^ymd7CfDwR}PD;|pp8e33L4RF)2undeVdT!zaM`_P#@
z!E;P5M=QORqQ$vb7EMvX)I4F*&D5<%M0C5c+n?+L|j1-x{>mia4E
zR$3Xlas@{xWK$(cfEe<)7W@V&i9y;B#e(}IM^}1SqJYMGl_Z`>o3ENa1SxH-^nqlm
z5I)lCdjjlh2~8q`{z7Us9N<-!KpG@#QL{;_xfP7LmPKk@micb#r@?sHvc5${yR7DV
zn_~kQTMSFOd0p~l)iVP+9ZJfR=i>b*99%t$%atH7St3f9)Ch!Dmc(Tf(&-NAI1o;?
zB(h0+Xt*{9ACLF0wgg)NnsujU-3G=i%VIT>mwus%T7-HUgk?l(Lw=SvGcwV5)Y-s<
ztzSDQlG=nn-w>Odps+7YG^d`W*^f%*L{c@*!$Jjz=;nRM4NtT<3lo{H-Z8=^k{W519TOdxpTa+-f6s#F>CYvJ62OQ?(V7(Y;Iz!}Ahxrj$-^ZEJkSmJyw`sEp
z`R8LC#UYL$V|8U7EU%(5=}-_l$4Fc(?Ur`JRHuM(j%CpVq6ytKVGO{l3_$|u$$o_+{v@Sy6RJ8_C4r$)f{PY)E`}-rkxxu0ZgU+FepGS82#b9(dERD6-SbwCSmx3Lt
zEgOsUTMVYyy;1#0A?EAl<9yJb+cWj#1dI4@f%aLPN~(1Qbe69{_IH3$ak%jc=goh3
zms6b3O;a0!);vblx=zxBVt~Ek1nCKzZBOur03RLaa0{&Ji8Cm3|3(mI#z^cH?b0)}
z+nxa9dCMY?Njt4NS_m{o`|pA9i6QBBJY4MMtaboPjxgnqlwkKNn<|w_bwOwpC$Vd)
zo}ZAmb0olSnF!Zw!r1_aWgsMP(Y_l8@PuiYg!`?*D2}rnT_0&(r-Lyp&SG8CUk4|e
z4m#U()lcMs-MnlBX4p)(S6^wTcoo>?TnVyhd8{ozaj-;%b
z(Vt$q1HvyZ!q}%=A7wBAWAc{L&2_n1o*^-uiyg}7`3yEJz*!>TeIupbU7;=oAPgy!@>q>==R#5W>w
z6cTz`iJ>G>rbd!=d3qaWAkd+PAZHCdYQr0NRk%qcl+ddwGh}}ade?Os*)SP
zFr_?|F6p0I4a%EFjXdVqs<)zE@>jGGu4@ViU4d=i4lP6Iiw6R#A$?yQ{z7Ywc@4K2
zlG_qzJTeq(I!HI*P`!_q*3RT+#>RRsa^$~?2j
zfrOV0Cl>4Z7^#~LqK+hQP;2*+66+}@o&Ke801nB4Iqaq6m9_Up@;=PJJSP`wVzC~Q
z>4@WKlI?CCot#u~4}2;y42ks+V=#{4Da?rl|zU4Ro~;tD>n3ibnXkU?DqpIHk!0`6)lbR}&m
zDY2d;rHIuM@FBY{LfTl8A)hIh5sCzS$gbM}&msy}I#Xm{R0n)W%~QZv#MKB#2Ykrs
z9|7MK=SXlw2Yhw`%Rw`je7IfltU*1Edk58I)J>993ATTncV+qg<3uQxhBGGTFE=~=
z;}`(8f6$HXA9Q2;$1RThqmlg7>JtFO`o}UPti$0~84Pcd5=ER?|M(mUUmH%WfBcHn
z+{=x0ZK#O#j|QZ(0q~}Aj_DumkX&y6Aepmp3?$h?QY~VW3TU*JDwqC2j7d0dOkqwe
zxX&`Be-Ps_97|G|W%V1OB%)LLM@wY*Ay^xUNxq5o50d{GM{tEHJHM$S3Z#FKf;xZ?
zFchso`Ufd!59AnwruPq0a2DVpmO@vt{vr8E*C35kK$uQ+a+hMdP^4>+#zlaiAqv+w
zQ))r0m(*Q@)VvM+leik;=&nKj-VQu*Wh|>$*Qg2X0Kz#Rr%BzHL)mo#)Ex(R4(b-d
z?C
z*WuEUz^<_PWrSl*D*q;#biFVv;G7XIrI9HLmy)}qaOt}hu!2Y~f~e3DE+tQ?jCR|zwT1!Kf`Vr^qaOrGV>h}bpw;^fg>u@PGCI13oqX=i`OMM|+`ZHCbXw%_R
zCfx<*>=ZV_rSl@T4wo|NB`{wnwo`c~T>1slw;4wKMI%9NRbjQrKEM&
z;QbdI;s$Xs!lg9qNVwF_?L3|&&xed2j}Rr@K1GK)shk||q@wTznamdp;Xb|~Z}SDY
zmM_SCd_j$XFIt)lDoY2-43?qep$z4ROK%;A?*hl+-;YL<5-weY^k)pF9wUMj65&$m
z_k{N5989?MbEN#k%FvZ7Xv3uhNF|tXX`O5Fg-%Y;i;fbqIzv6=)Mq{F4uBGhIOz9rH+^0TxVgiC35)G;d^
zE+vvGxDFE|4rzkIM!1xEmS*d4DUnn${&Xic>yCv>S=%6B!wBaF9SfJT{Pn=fti0rg
zaH)Tz%}s|(iKHIKpQnh;+Jud8X?Dcc;Zh>0Px0p~VzX`H7acBTZR&c@%f=zv1lQqG
zmah-&V8R`F9WG_tI|Dm51=rzH#`^<1F9p}(Qr15X*u)fEhf5is4eb6DT!%}!JuC;d
zItAC^QpP_8_Laq@=a_KmE~Mv7&}HZTty`7}m(~T?EJjc?0BDv8mmUp9H^b61iyJN-
z2y7_fPSZoU^f63i@o*`T)GhdP53#9w#VDy`giDu3B05}3Otlh!){zKh;FiOLOTPs8
zU7X;COF7@XiJ1RzIQhEaQqHIu@OH$BGLjaf!=C43N7rU{o;nS@6r9O4G2
zwoSOS1;7rL;Ak-6(%t}1H3Z#MOt^Fe(l54{46PC_<$>ZxKr;=jxc{&P;$$5zW#$sF
z*2I}?iZFG!l$jgB`aaHdhDaSQWoCXUo||z<(K+{M$Q8vpT*~zJpdJ&W>&n#OQYM`Z
z!pInji>2LS!le_yxY@F3ZqNi1F1;V%!-kL{T)Gw*uf}9jYsHO1hfApp{?|nKloZ!s
z4B=9GW=K*xHz6A?tvVS)KMtn>>`NjhT-pLyTZ3yeO}O+pq@QK5Xu+U!FyYeCU|eok
z8Z+V2sYt&)1vBB&1xR0RFvaeT>PHG;!lmzmwsp@`6E5}3P&OP=Ue-!~bjeJ(v=EFA
z=`4u>NFOxe(%zt*6{BihCR{oi;MH-0^aKf)QttkA;P=Hj+yYIwlu6Hl@LG(-UePW!
z;nL5*_{OrxW71Az;nJKNu*Hpoy`bB%4wrIPg}_=GT!vWb5jtGTq@E!3jgzEWOt^G7
zz{@fbOt|zWfOlpf*l_70fX`$im~iPE06)w?u;J403B*!M>YE!-hHz<3FbXY;7nRNv
zrU{pJ1mn0k>*WJ%+cDwNfnbb|vm9L}Tsj$yJL4?YCH)oQQhG{~negI79eR~siE~Zx
z^nD0_frG;&bR%IBDJMrr?9NOV*yzav(9UbpqM;QCJ#=z?`niSN7Cpm*&&7{6;M|?h
zCxs*Ud`dW(&u50S`FvLR9H0AzAL;W>KA#=#cOJ=~9k%Cl|L}BuzMRkJgfsN{DLS`2
zx%$LPbUvl}dwkzl-=C__r}23Z*%%~g+b;Y5oQ+uf-HWje{i*@|l|3ZI*FOJEc*#W|
zxnhfRD%_M&%u9X+DjWBkcKo34l=D&EOzR0N}2%iX(jM_)Sy_3vfXCaj9weW){&yN~2fYxy{K_laon
zCCiPeHhd8!%wi{He@
zR{Od9lTr8FA8J3}c;tcRdU+H3b49gZXtEM@CY%?Ww84)81yq@o=tS}^f*$V46v^B7
zIAHq|OCgfC+GK%99&M7+0OA!%B=2fq6hKfR_I@RkqH-d6yuZq36m<^=LZ%sKK;Qp$
z3+Arp(W$(6pnE4sJ}`egDd$PvL_rIX+`vHUM#9}F=&eXl>Ie{yjg$INo+i-U*I;@-
zGx-)Wlx{_V?#0tg)ibdx8zmR+=k!F!Q1Tx?M1*nIG#3}^3|I)_^bd%A7Aka-^
zZ_CBif$jxJ;6OLY@Cbf4QW}k=ti&qvkm7r8U!*Ro;*qzaisw}&vecvgk*rUk}B
z7E%vBjG2JMfxk=c2ag~e-IkSNuoptx{n0b&EQha(gbv%dmu12mx?7h
zabxn5lbm&22i3-
z?H-PY4EH|@bXS;OejsnZ+f0OOOb%sa1KpJX*gziL*gziL*g)Rtj{LeveromO0mK4%
zrAU~8!_Prc6e&@}i3Rc=M#AHU6AR?6M(UdeQPs#Bqo^`-
zxD;kteac>#63Ay6gwFY(La1zKP1z!T*YA9NP1oB8h@(z6d
z0f)HWi3CcZn-m-jxP_(Am9!-j=%y60TB3QR_H?A3OETm$#WF(K#V#PVR{<_13RgN)
zV$nQOGY9y?aW%1M9yxs#@HgU|I$VP~(ETN_?+E97xLxsDka`;T4ywthnHUKgWZj8R!r^cgNdF)O4S_T_sH;Hw2Prrf@QIc}SF!%#b`8>a2?*ne
zPVQ1nce@5@oB?<)QMkUDQi~g!4s?^6=YX#vPNYUSI?zr2{uKDuI49OM6k2ya4#~%9
zQWEHH1gI4b?i|!DgvTRnybDofGmGldOHw_Rkii`2-f(Y9p!*8wjpnL4y*k9zC
zy)~B=fo@7FFVI~EEDChfT|ChJ5ie-P@6zfB-|PJ>fk$OB3kc7hpq6
z=o~4~f$ny|j<)!*5v~K>rve*j@t%a+K=*|vT`vp^IA;X9X=I85-Q?~l&^-XF8$US%
zqC!WYn>?kG3y_px4LZgGo3fT28WZULC(?f*?5qg$rS0^m`WFa#Q0mI-wC1!F*rrEM^Q?#lp{TEYlY<7^$6K=-|1ER3_9tpgM2UJ1s!
z7)xhn0^MH%{3S+EsfL?Cca@naKMpRx)Q>n<2f8nYrT$?c9AQY>`8v=|P02qQ*cpVg
z^QFEJ=$=4TDB5(On@QJ!IXQ)mKzECXtpnXmdJN1Z#C9sr1iIHE{XK&zqHE)Hpqo0A
z{{xbLwInA(Z35lZ(ODbfkS0JfZVj72_u*g^Tb857d@lHOfWs_-)o^E)wrB#~|XE17-F*0^MV0;Y)CF_*bCOqy)NWAbqaE
z)C3|(J3^pa`aPk&J^Ztu3w{kLAK_qqimqHi8|WrLD!~N0vu5M1cN~u34am`zMxdKK
ziWlI)6KNCZJ{l>PN$#L~^{dibXU-7`sfZQutRj^c7j=hcC3CUpj(hb3{@
zgro!AOga~Y3oVIk(jGE_?uh{Jumr9-ssPP0f$oRFSYlbMM)J~u?zyN~^(F}Gi8PlK
zNSi^Rn`TEHZPbBoA}Q}aWP(GQps*3>rkx{0Lj#-BOFW^KYopnF@y)`4y!sh9C*9kJQA1Z&fQ
zZr1iSux*61HoU`g6fVQdi*51Y$=j2-66Wl;I=lcWjUx^dt>jt_xqk?%@p5kyak`|)_-K^*c5RM{}
z)1q{so0Xga>>Q&+yGsYUS^i33*QUtpKsU?Z4Q!5;&*Bzs0^LiH{vu&q2&b-0p!+?5
zpIgGhXfQE>?wq
zOm7Hk^B7%MrVey7sVfMl#zW`g
z-NT^Y^F9A}pQr0qo%5bkr%uJLzPAhXnZwKt9KZZsRx<3W%=QNb6
zZONhs-BoWwtH-4sOY)XLwrwSEKYGyJ3$Vc{sMQrc=spU}nQ4Ib1bxs=y_pr@pO?l+
z3ydCg3uqGnccwt%73opdn6D?rBMl8(Sze$c%G!n<(EV-hCxF^QHyo{+emnS;>=JiP(>086@qn2duKOd39asEWNu
z$)Ats+8>6|qoMHdcy0z*vJZ&IbKKh5j|}^Gt^s)5_B0=Jz){pbo}gK?RG%5FQSvsFHwlnE9jG1vtsRKoQ_v&GO+S6W9U39D
zaV8uz5Sd7q;?Y5WL$~qA11qy>bac@7RC)%e=TghBv{U)^=%8Q@_}7AW6ZwTm>CC{R
zgV;BXPlk%vqk~8=uON7{oCuB%Vzbu`$gDj&NI-epJg)$k8Xz-yHaa?}G3c!$o*`UU
z9q#C${$P%*2ynLUC}*aDIWG<9OZR1QbP!!+cf7L|9vxI0Mb2CY>3>8TtOF`MI!Hh-
z0Qnlx;x6@#JvvCVeFNT)PMh-W(Lo|#ay!N_TuJ$Nv@9au3B2y)C#vh;$`|=@;7uqe
zzeoAv?M2`%aq=?JXK{282OV2C_UIr1Z2D?}GP{
zlh@pEbWlS!EKT9)AdWc3{|>MNrDp8WK_b`m4)AD-<=LZyIA&$~mgCu@gQS>8l1CG*
zoIN^73bmL#nrC_T=pd21q?}yiYz{c}*lp$H?9oAD=Tqf)_UIt7b5A**JvvAn=--*P
z(;gip&TB+o!cKd1kjV8aCuffi61nkCPAepNbkIWZmf@1-gVVBHm&VaSS`Xx^T=M9k
zn?SuIEvKO5(Lv7u@U{anmdpW12feW!B$Z1Z9hAEZ0}C!Ss=OSI4qEdtK?Gik>uLu~VC>OBq}&7kBMx%_-KbND
zJv!($@c!-i2_5$6Am;Ncu4;Ejr6xwrXPePEJ8O>)qDKw@vMh?Vh2N9$X(lbB~fe>>vIgl{^~HHwOk
z4*CuV@1CgK;yVRIM+emev#|ptG(<-Sbp>;<15ktJGhR$}M+Y4Z$Seoz8e0+_9kd+G
z3sV5qqg82-4!RbAd(t3I))gEbvO5gi@W5QtV0
zN+)>jJof0I-jo{vz~~5M#GMMVM+b4aWM%;{pPC@>4#|A
z1HcasBrQS=)8a=*2Ngcxc@1!B@#S1?26p&}jt)8yh#nEj8f1?SlDx{mn-uYNcvOSz
z(Ls{?5&+I1NJi6y)%NHhDcauwxUnLTJvvCT+X28Xg4nury3_3J(Ls{k9ss^^nq<~h
zP`Avql3l(FgXnpO>$QpWJ@!JJHb`Gbut-RdO8RfP^88@
z)SvXZzEXnbnNU*MN6`e)@|)sgp-X>Wb4N7iW@BJ`#~mLja8ib
z{!rbE_?@}@6J_1Np>8s?dD#idssr-=5z8=UZ)Oj{(Kl@(Jx3~dFxZDU@MbEjDauBe
zW?VY@WU99&s{{$laGj1Tvo#hNYU;2jDE1h|5_2Q2TgzdGnK~Sv6gyL~#Jq%ScRB1>
z)8>usFobj!n5zPJBkxKuF~p^AQ1&8a6Td%L?IX7S08lYYV--WeA01(A4l837Gr?LE
zu~kK9anM>*ReUR3w$d|GvOB)PqfbLky+cI<{qkg_Ba#Onf;yXE|6b~ScWlM
z4dsu_8spq%kIecI*bq5Y!QfGjBeSHgNml`TZq~cd
zHw(o16cDSGZO_dj{%l+qN9?4F?YUW0u^IfW5ys|V&&{HWf8lyLVkcdUbF;)12^Z7O
zgXn(=MlmKqTgKW~KDwa(zwCZ?z?UYj8!XZLczHL=r2FeB}S4I&9d}IN4f%&ilOeA2A
zWc-Z+UIFhj$8UndByv|1f3~U~MaAP1>y22antoS)WAHjSK21^3Y9sk&wMm#EfQ)xA
z8kBIK?m>*(ZCS-q>oV3i=ybVqOyC1%k1TA@pm;Nc1;#>_x4
z*MU{pXyvo=%~{}`=lH7Z;!d*MQ1EyK6Jxd^xW|EIrC)hUg8u?|uQ|RdyR?Tav{l(`
z1ruYu$1z>v(qbszj(oyz1YWap{AG#E`hqv89RI8Ye=>M8%JDBuFnq
z-llT=zbju}C%YZI#~fb^dwDxqJZfP!Dwr7aIf8E-Sot?3_*HhIqvKL%RFYP5kMd1R
z&<`Y!z1*+?>cn07R|V903K@(7V1ff3AGeGpc58=B&9{>72#VO5pssOZC&jv(C`hXP
zCIIerAjV80gG-XFrFlZ^T>!sIi%AAry8enZxhK&6aV6Tnnt4G&RcipcIuI?eW!bDC
z@$pyyj&z`9u?rSk7m%sCA5Q2#8`LYDn3PU3P&41OX5IqC?Gegqv74om`7ZEYBcGkp
zNamVV9lg^QM}7mqZ;_HDsDXkc^U^0hZ$DgnY3iNO)Ej^y1WB7nWY;gDX(|B6Rix>N
zgr-#hTvU;!NeNAx0l2FoO)C{7HxC(|!c9G?mk-4#Dk817Qu-US6DSr@bIXz2;f)g~R;+B1?^6MlJ
zR?&ddSy7A`Vyxb-s<$?gE&Gdrxe@GJBMGm8umUQgr3uO9;YFSwGI3%F9#r9sIn
z1ssopksx>_?Ti|IG<43Q-X~ei2WgrD+FQVKFwb>>M+lImQOU_Vs=NfsM(}TOn6GJo
zV$O^)kAwfb!xZiUM%Iiac6j>;yssUfS}p%j6Vl?^(Ap9g{({-T^Kl=BNJnq_WbE;a
z=_KKVD2QPZ)xl%A5$Wi$%%0CdOqz!&d9dxesW~;0n$~qO~
zb0U_`^U8lj`F{uR#)xk&rTodF`q66qS_i^E!G0J=sDXQN(;spJ`bF<{DO&C*jKMW@(f&O*pGTy)5FGcVqT!Vc!JS9gh7G*=OT|;)TM0%<(=a&+}V?
zP(=WTYAdk?E30ubAFHxJ(j^M)
zeNZvKp@|!Dv1$gHoP#sY9;
z1k%dtEWR3Rs=v?Hrj9LBG&|1eKwl6^=s!)=wj&g?5xi}VPl?3eQ3~u9LFNe{UUVq&
zqr2ae!9-^=_HMc7lR&zJDe4&xe%_8uMLIv3QV<&8$}FKT8?yvOI-hg|wKqA->40;|
zmW&!4iJ1Rin9!E!plETy>KCG)a1<@gKNB+29gCJ#rj-2KokEyy7I>8N9)kwtqpv&35fj6V*u`N;sGjpkXa~etg@KLt7JVwmh`03ak||29OQ3sWu7E!vM4-USphOC!6htpn~X4}
zlay~-f_b0=i0;Rs1SU;0l0PjO1;B(fNDY{ww#@@?iQ~USD`bIR`VZx2E(G(h4j_e#
zy>u$GYbkE>{PR%`X(U1E;_&vDqegJD)Z)uf@dnlGW)_Xb%w@v)52!y!9P=UBgN1#X
zR(~-x)x{-}=Chc;Liz2%>*@Gk$Ld!}1&;=6l4F-|9#;$I2M8?z#{5QUZ5|tiLvt=B
zNAfKZyRNGuLyYr+Zte=rzXJuaKDZ}riSE>$Uh#U9?qyZ;4wvWW)aJI9CX_rSoSNW_a7r4B;k(3PlR=$l^Cts{#0j1Bs0%i;j1s(b19}VDCyp)PncLw)epL+_9U}3~h6E|0k1$
z;|g(!iCVU<%z{1B(>6zUM-A^DxG`QWauBOYG*^;ssC)=hLFuw=!N}K87leCeJc*?*
zWwlV|L`bb*mfay?L`)H{M2IWE-RKaVs5mP+?$DzM2Tkc&JAi_k^LjQ*#Q;1aAg+KC(E4uMGbUN
zG5-eh%Lt%L67gk`T|J#nx%}5Lj^avaQIH*R1=JRR?hf=olgQykc7N^^|;KFJXN)!=P%d{uT=6^?<%CtWojrzO3F
z1$iFSS1CbvSpGug|CRi&!TW)HF>fa@uLytxtIJVN=CMYZ0-KMBGaU|*Pq$Sph{(#Sr9-on%Jcu?Vk
zQa7l4M72_V+^G5BEsVQF#~U?Nr3=rBH)?VasfH`_4Kx{1C(ECbXrrbDn4KKpbLLk^
zieWcuegkC$_=h{p9W+2OcB6)v1>i4rm>&?+C0evmvj&uPj!y~8w;MGNgZDhHy&a^c
zH{wQ3GX$*H4xYNuZPd_du?s7`op7NPDQ+eQI3AiV$9!ofT)Nn9QfpS|o;kDC$~_h%
zHiKGo{BR4Dbf+fuL#_Ebm5dZA0bvqEf
zP~9_h(xh3sVi368+bEp>CF%FB&6xisISjp47BA6%Nv1;Cg}BTi^u-3mv?x{aUy^qx
zVj)JR6t2Sml2H5wT(P)e(n?hHUlIdz6ir#pQ7!sWhiTeSkD&2vNy@VSC7~@{9ZPDR
zHd+U=ux;Oq@aLo_7ut=&B9)QSX@{h{^gUo@4`}idrI6e`3Hsl!l5av
zIi?Cr8}ebZIcBfI(w3%EfUr0@HYf$#|5$d>ZR6sWj>
znarj~u0|~O2;UOtleuq?Q2hCnxMA`SJmSF|&5W{|W6C46p)NrS_VNgA>Ec-85!#sW
z$n>bN^oZ+ZG5|LO&@(lrhi?Egh>04r^7(Zc(xQv+Ni!};VeXAEJT%O>!21_m?G%X;
z{$RnlAR4gh&j^2kifc{Ie+eu5`ZL2O6oj;zRew@g@81dj6y*b={g~Z;H~>-;?Dkw$
zla#JExVdU-0Du-_X
z+SqsTgvRM)|2Ydbk
zS{Z}b$&ddqYGG*7)Rbz{2SUXZT;^&v=|zaeO`3lS^2ywHlcxA}DRIN(A2jI~9GbG4
zW2#BhhA+t4v{#d+E%_*pvZTJM+P6~n2U+&%1|au#xV(;_=+D5kY|_l+hgm9!xBL)x
zY*H{rYUR@d*59=knXvgsc8INgk_vNzxLFjGE%3gW3J)#>MFaBG*AbfI$?ga(UFU6f
zA_>S#qd6YuBSWcE=|lz7ftG;0L@RUcO}D4`_SeYj-kI87=WR$#TIRWw!X-#|H)pSAX(~5WYd9FVC###eo&CM%T85OggO~)=LDI~
z_IA{|2*cxpL@IUIq8!$#Cw8VB#g6bs%6yR}*+mRfagcVDAV0O{3vlJh7M*q!d4m9S
z!vKnehE1|KN@UYP+EL`qPUS?3#jJ=M_J#<;Hm%*PJu7r#G=^^6UZE}
z(F!_v>%m9}st|Cz2SE{NrwA#|^gC%AY6eP-IDV
zk+?@m%+`+`H;5dbQXnoT`Hy=`G;R<%9}3dhrTla;*y1Nvi~5NZlh%#(6A5=J&Q>3L
z%iezaDv6Oi|F~CKKe1tU{9-RZkt|9Wi93|U(taXfQA)x8u(L#dqJqnzAf25p;6iN(
zM;(ooJ}@%0@D@YB+ys({%(d}CZhXp*w!Kf`a|r`o3nVa_G6;9^+g!^MGB*>JmDn8FtA-;Ex#Z#$lcB*
zhh=SRY`b?xxVYIerjM%*Tv*WQ9o$n8r0u7zwx6%B0Oadr<7>w@_Y-g}<0m@$_@xRt
z(9{a|Q>vteD(QbEPOeBQF{0!kkdjK|v55-W*2}%Jl}SNu1Fq?xLJe%o*vV)A65;TW
zQgI-cQV#$iiDyw%iJZT`rEo7f@z#iB1Loe}JCKxaKs9E`I%rQqxJQ`%#zJ^wZnhDk
zcd7^J#M}aW$ZpWl`U15Y&3jA&<#=oX2J}+tGw1Z
zkyh4eTrF{3$JJts!-o?WL|U0JwH|=h>gQiKE1o8vR
zUU()Fb@vQ(ndG{WzT*Mr5?F(6t~@}#^7n}v5s7^*jI`3#fe$@vyf%>}7aB$$IVB<6
zUNYX82*T-9H}jK_^IpN?D1z|mmyt(c;+gEZaqqbp81wS0;4`pgNGyVPMLOKQ|6|6Nd5zCS4FDc>Iz93kI(
z3QolL5y#9r(QEjUh`9D&GR#fHxN735cM
zT}Zq0tG6lSX+v#ksj1$hpz_c5$8gohByprDBhIu((31iOupKj|Px!0%tHYHc+iaFYIPulkHQyQ=`Xl>#i9Va&{|heB#Lz3b3H`qs4SCuxbF
z1Lj>PAvRM?f74g}3;~IrpGbu(r6k(I**QG_8u&!F#JhA24+EkLfL@m#b=!lj@t%qJ
zLA7}#n9}=}5+m(jjuBBcT{~7j`xjIsz9+QO?>hE-wf)|V@9w|1L_X4NyG|)#o?PZ^
zgaKv`o4!AOxP@SS1WjnTv(Onfykm-h?k3*}rp346#
zQ+|Ktvn`m#;GG`v_0O6L8k|t_Hvl$9ApI#zw^0ct4}iBb;wP1iQ;?MF
zJpeu@h~+Yj*}^r*cH@1lb;aR{d~3k|b`o4U+(v
zU6H0~iDH}qz=aiQI#xlfK64`gw?-iCVr&#{uJL?YHH4KMu=yBc;^rfBOu6Rs6O?(s
z!~RXY`xr+-*L-S%-ZOpKU{^(&Z1Z9DnLPk}5rMSTuu&wM4|O$UD==M-2}h#!=#YM_4Cxx5ofzupB<!Rv!l-_}0my>49Evm-G0=lS@?7juWM|q`ahOs|eR5b&pi<1x~
z6!RL0TXaz+dPakKD1j`APVi3*1juJKY1LyDG&BzjXngO$ohZN0u;1U=@0x?L8k&Vf
zYBlr%6m5ZSa};%x>)F-NQ>0E~SsB>X&;P&GkhS}y!h>M9u6`Ex8vz?-0rMjwI*!o5
zxJ7NLRIWwMf%NgXGJm0wsTOq>$ZI2(SsL?gi`oRh%P&BnglEY((y!=!~G8vtNbCTNHb9D#TLG{s!dVB9_?`^R2T>a>i?b
zOGMMomPZUpXA@@zAQ(-7AEC=I=A12i29dKXPXk+})!9cPhy8xs<*L!QY%T
zW3E3ernCxZe~|2U0P+F_STw`fpY@0DfXRc0R6>+cEY%-GPXmCO63CKhrHIFUHcmJA
zyc(8s_Ms3tf?_8g1F@8|7l6DpVwn{&-#U8@c5G52#Ia~Cs
z26ZigEJ=Fsc@X4XxMc9*=C2Gsq}ns?#Ts!C&DNSC&htB=glbIg>x*QLGS5BHS*UYO@I@!!6yILq~b6iq1!`PoS^P#{@a1x?~VyR{>dKQAZm_U|9D@8o+
zvvE%6z^p&e?cO2S3|JFVG&B;=c>XHTcR?79wR3%fGHxt7rfRuLdKc`E2pKjL5~)i1
z1>{_@Wtl@`zOAHs;5Co<=}MAkoXJWe&WuDbo&qzV%P{6DiO+akCCMYAWF<|f^lAi`
zIcdgRCCT%)WF<*<_XF}21z0r0*q>F>7r^}HBt!|tQk5inYQc^5aY;$iW6>~>C*qQ^
zh)-fiv9NR352%j8bv
zW#l}bQd%
zqUmPNpP;0sT;j}u2o9paF0vVO&HOb|qOnMRf}CvTBPhKP!7?Y!m}}-A#M$ZkMzY%o
z$TkYFXoj&rYvwNj^MR8PB@|0FbJ6n~s6JdNCDBR|kNa$#ZcJHPqnxulL!>9gYRxY1
z>@gr85wT2@m~WlE0KBCUKkaP!VL)^INB=^h|R4GVm^$J5ZQX8|RLg*~Lofk5&kzY}x(KX_8a
z<8}OQuss?UcuG$+ER02gqhaB2#9g0X;{+D>`vC$nEQnJaWLpA~cdLc)KpGtuL0mjjD6@xMaU<#rq3M8H-gh1GVVwd$o_
zeRhF^SfvtN1E%LS3L3NvPr#=2MoBj4)}{44SfT&LZO}s=>zb#b`vqK?Uf_9+Dc7L4
zus#Cy>xg6IkL&e>-B;M3VoMos-}H)csjzYf2$xTsTY%G++`&|>+#$lH^@G3}QBHP*
za5*d;1I}zG8@F+vhcxX+GwNI+_wamlyB$=8>-FYy75JiFAgvP<08;&{~BM$
zY$Y|T^#({9Z(fIw7Y69B#C*n;-lE=v4%4za3-32`%vLq|k2(dmuI&oet4&?jg3=GH
z_P$flx#Yht-lZht^mMIW$Hlvq#QM8e@9OA1N)C4Mp4CUY_>gLGzC#oFUXifp%DTin
zYl1MKUwl4573+GJ#@6+&9b449PHaW*x{|YPUlXaIFFMANEMivwn%1*LwrC`1VK5Hi
zb@E7&oks>H9i75p9th8w{aGVD$7MpgauqQQAbCE%p4T_(^cN1aoZ#s17uHSYtnh3xjV>L=|p{27o2ES$H=@OL~t%d&-?q2fSd
zX^lQCRXrzX3hBq;XWVVBbh93`4YY$gGdiyU@2SZ5}BN;;t(i;l6O&mWz1<)Lne|sG^o(n7BYr%@OV4EU+N|$o~L~^80iR+4u7MbPL(r^80iT*}wAp^a$Cb^854($NWfqudp(f-~48m
z%J0)BWOvE$(>G+-$nSG-$i9%@XF$kypWkO-c&B_14%u+?`wR)$0Q36{3+u}F@R02-
zzt4zpw0w^Y*^u)4j0)Lc^81Vl*)Hf_^P&Fjcg%OGS>F5RD)Xm=@H@JyxJ=fmlf};13Cox``P(#K&OPl0bTOh*7e1j
z1G-A0Sh5<>O%kP==q`yyn&=^k7MkcOiT0Z4C5djD=q-u9n&>NuA)4qXi7}e!FNyJ*
z7*O-FcE+2mi9yxZBQaAGL&WL@niwjH6Ercb-~|+6u_i`VN#QME?3Xx~us%NZdbOfmzEJtqRD%x^MPIe5<|
zQ$}%_H3X)Bf2;Ia1aMqZ70UZbXT@vClc6mkhkqVZ)q~_o*3#ruZh-Q3J069P)!z{h
zIxQ2j^%DL|Ie<#Pq861jjf~M*V9=XNS5PM-vr~V9+{9#?|Y_ntjs^|kX@daYbJM&ZJeG>7k$SCzyxPN4!Xihq8
zRqU`fL`h93Ky%Gxr2z~jlMN(Ug@>v7+2lzzi8PZa2cYD8gm*6X1AV^!}E>C9D-sybR#{o()#1^2`X>NSfL2w!E}Xod79Pi9^5wA6*n
zn}eoElOIpMm`MwCh8r|n8to#dHo-bwSQk{pI$RXqSdqf}q!~VvmQp+W>+0YWClO@xvNHBm(p#hNITM0HK*WKgP!
zV&T-&L{&*N(nR%;i^CS0s8Pf=-QM&614GrRZ%ILKfW=aymO5QLvy)WkYF#6$)N$g}
zJ&}|)2KvFuA1U%di@oL5hlgujwk!l&pcU
zn+qi;;Q*5%)aOP~7(4@R7z{%J!r)N}M>OS)fNuI^iU}Ry%U2lqD8mZV4&fP+-TvJQ
zGOh7T3$uTZ(lc1TTyPh@kPkvwA)!+8n%m8jA*J!g#gN+ZX2p;?@dm|^y78vO&;v@3
zz}icey+d2qUgY9!YOi+jwzW69c!%1@x_HMr%U!%voy%SPz&f|Oc#oP~Hmd$!B^*gL
z-a8TRlZX#4bvr#n6PqMMhs7HvLx(5ghbLqwCg{^^+~;hVQS))cW%WLJSf}8uws!SC
zOxNh14DG{ojjmJ3us*Vo)>&iN07>XXF>IhDbZ!_nND?|X3>z$o_Nr}&B)Vy0s3iJo
zVwfa`Xkxf*^Ni8N2uY09#3)G|qKPq*7^jItBvGb`GD#e&i6bO&m?n;t#NnElB#H5w
zm?DV@nwTbuiJF)$i6b;IR}x2R;y6hhr8CN~lVw9?0~{$GNEVvj_0npGEvtD8=wZ;e
z4W7bsYI+1o*@MCs3>*CLs|s%iN#j?`JgD&vGFxbTQv!2K0&}ZiUXiSZSJPoW4ETp2
zpMOBg1^n+-C}B=a&dH8r81TO(DPTxJM}%?*WD`}2cq15S
zn;lV@Ed%UT$$P*7g`-#)CPMdPdE_^3MKq>2AR59`q0c&}Lvqw3b#A4$QFY7jeeR70U3
z$1;rkE>mSDK!$l~4Uc?Dpr<-2#~*Lx_d2ItT8{jqk~cfDOx`137ab2fs_OVaEA6#%
z`o7SAPP+t)cwbaq6Mq?}`}5(jSpRqrcjBBrddUFDYZe#bf?
zW*u0KiRa0Zrm4EtRi*SEN7c#ykSPTdC)+3dnQM<0muLd=x8bG>nOWuW?w0=uP^
zjN31!$kV)W%~4i7Z|w=8ez-DJt)vXb9O|1+g#Nav?1)O6Ac^%0
zJ`&pBHc31yp)X;cgq0-BrBuwQ^xPk)&|fbEWh;t@b;j>4m`~a1vIAnif!J@f`*ql@
zzLMV!l$|N%lFnTVLiKTF-eK94y{d>>gxv+KUXCsPDLYqg-q1v7mOPOzExWaN&mfy9
zE_*M3byvK+3i_NI{$1Iuff^}Y$`87p@XLM-w}XF!$dvt5%#BAs(;y=JtOS~eP0F(0
z3qAmND)r+pSk=}bH%%B*gW2el+_I1Jh%i5alGg=A{E%)S*z!M7ejV`IIldH|*_&Ch
zrcV_)0I1Op`58SX4W;ZeA7W~~6Vg4iQU>4JS3;s_L#%A+%Rc0flECHrAF3HBSzbPbJ%HI*J
zZspkD#s-W9>u|?zOtG@>g*^w<6Uh;Wv(&l{DEqA{^Ytz@tn0w@S$g@gK-mNJK1cg8
z{9~*alpU0*T&Ek_rReOdk0`f8;bT<#8}%uxpR#s?{9(jWw=4hPjM(!tcm>cWqB^I^
z$lF=;56l$EAnUyez07@VCVw%|+M*806vv5inX2bHPFW`8lR1SQnyJj1)5Kw_Q4@z}
zO8hC%tmV9~-j6J&Pn}A+zkb!hq)@Tknw90u{#`JpnZv}qhic)>$0+e|O?ETOd9?1C
zkgOaPkyELKJ+)=ZOU`xA4*k^0(kGTG(
zqwJnqdBX1M*e})`K(^|ASre-2?$Y{#o#wEw)>=TUJg+XRZ**|I0;G+&GW-*OnT8=n
zUnF1Fzyj_8^AQJNAuOPw1-uUC2M$2XEugUl{0vg19#Iyw-2$3eKs_*ayJ^psNKu2Ig}P
zFcp)H1@yFlkHGxe0c4I+4ZSTO=!qpdF7-FtmetV50$PH3U;$kDu9vE0n
zN9jvj*y~JxpoT<9%RgE*vD2BU;LR+@pRBJ#W}h=F!8^Mge~Pv#b~$qmcsG>ePct$f
zakw-OgSWFB{}?SP2T$`Jczeq6r)&OvB5g8#FzMh*Hl`VxKYO%k0$z)9{9_ZI>JQ$K
za{O5d{#5X0mgCP(@K=I&b~*l>1pgZFZYal}o8UhT-p+FT;}ZP$z}r)fKQF=09E9@Y
zN|t|qg5LzZ7UlR068!$)4JpSzKEa;~-pq3Rg$e#j@XjvBUzFfq1Kthg_$MUz4}-U}
z9RI`w|2^AHc&y9Gx2vy@QNsOx30&r_Zp!EsR69ByEKyuftnl|XsF0x$s0)QV0
z;=q~AZc_qO(hvXt#HAq7BkoZuBd(HFaglnb(bzBN*2Z=2S
z>sJAA5kWHDCp6ue0Br`~E(em?RI|G$Vf}Leyg`r@F#)nEp|AGGD5u?FmhF
z0cb{$Xi9*dPH5^2z;LHYre<~4D+y;!2jDMG6K&G@Mv=P{$P0nGHjOL~e>(wx5YSx?
zP7{+8*&Z#7n7;?89~@G2CVcZ*0$J@~+>qhYswj{AHj#TTpa!Rqwr1_y?xmqj0bs5J
zCA|1^qK%vdz-103c}i!|O37s8_lq*M-v-onhm;a0kbVOBI#6Faq$`I>zzY)a`~kS@
z!KKBP2Ax0_C6Jwf>O*At7FI0*8V|rU2TByXdIGczfb$*5nP_hTwl=-7J7#M2LBmV|
z*ZoAB+Y#IwiP`m23sq~L1^pfJXuRIkaHqkdT3OV8fhZW5Lh;teB%rM=v@u{E98?@G
zC^f51qBO&SI*ds1O9Ip`BkK}bcPs#4X+@w83DBhgtcyU_8@D&;&-(_=wv+xak{I(a
zf}IZBo<}>E9hl(12i_jX*PD=SwQn8bly%WZhQyd6+(*^GCGPW7S=R)=9eAA`UvDRS
zs1JsLJTYR)JY!^?T}STMdg(nUSGv}v+S??HgIr!J7FnV9mS(J^>
zyAc;|uP0=xa9QjJrGceP%;?UDsTHWik(pxNAQyW+JEg3o53LjbYWI-ii+Beo^h4&=
z;xGL)zOa~gYZ{;5h`;cATkakYnOcPtgEFRxq9L>eyF8iVo8a5t(}uw~dsFv$Mykym
z2VIMBW!6mvb20_WzEOhHU@s|WB4+aHp(eQK1*$uLin|U1~
z?@(+TbI@f+L(BUwbq=*Wb59ItWC69nY~lb95inVd+CM9sh+V*pQGK1uA8kUBkfI~pw9Yfoe^aYcTmsgaAWIi
zL#BB9h{!iLB*xFxz+Xn0)9I;m;ygBG>a#Z)pIkNTri9!MPvdf9g{mSw0O^o74fH$Qaf4lN!
zs#^-)igNr%68v@GZHoAE3u=vcJRT=A+W~ki0@+sngc_N71N8UEyO6%r9`G;A`vLUd
z98aD4bnKx_DXM5cT#3q1&@-{;Gra*Ak_Krm&)Hm#26Gkxv_Pv=$Kw|>jgRUCM{DZk
zj65g^RCu=?E!RPCLnQ3IqYdm09k$Hv5ktpH&u0sHS1`pUuW|8f<5CYC@)iX>M^?1a
z-h|b?&j${|4J6E$u(E^&66*O#RqS4W-WmCeki!(}%R8&+Mc8K_gXFC$BquP+J6lr4
zcB3<|X{}f2n;IgwUornyVf@p8mq!SF^H%5cBtsQFzkr2^)Lu}PD~eL9_CitH%}k&o
ze#~xQKg5;c-^-1>7a?Z;07e#yg{j+F7ecjuOtpxE#~FN$f^6sKwUicMI)T}pfRCm_
zLRoE0z0fn_1(_L*=lZxZzs1%rh}n(6YUbGTzpuPYTwZ;^8A>i)Ve)67yp8F?
zyh{ag6j;+Dw*F}>?=mO66r9x&*RYA`)T^0X?rDj2Ut=Sc
zJgnijIB>xs#;b`-eINsv7XMZUX$$tj4if7Vu(qGA0zMp|qavWqX`9<8{|h)v%W-cP
zISzamgL9?hs@6MY{J0s^hsj}IRYx^uaTwT4?s8rCbpSs|fo-V|n)|W}@Tuv3sQsmA-*BGJDnbhEOgHnq+f#mtmnGkN<+
z3ZVA5GTmn)$G$`b&9e4+zb2b&(ily)&}7CYTWT_EldUxA+vEY7%(KbXnyh4#Z8Vv)
z$+lVf4RwIx(bD(D1&vH_a5h)_NGy3Jtz{0zXM-V!{@+af;>bb?izF;or+4`()-DMyf{4^u-(XQTp9dGK
z^1oyYSiDI2iCMcUQ0_^pJh?3R8t7kfW#U(q#LI#r=&gfGn0qY?T1Ff!3;6O5S+4~n
zZ37t&?qNjSHw)%JhCtV=!KkcsB$@pe0C27YRWzSxJ$!;gvaTbWYk|LsGEY&bY&ryo
zYNii?{G?O&O3Xh@^L!h;PtttZj|fhQZOR^wkpP$4{bsCVnPT<>uVuv7t%~5(SiC=2
zheT|{n$>As^I0AP=Kyqk1hjfii`nObwWb_mSH|p}VC^c$K0RiC1lH%}
z*k{D-O5=@J6_>go-nI$Oj4`diZy#Z-`DexKpM
zj0S&F3X`<#f*80Mpo`ML_tEmS{mAUE`Ck-^`~&bu{|6$M#UgJ3{*4on`Ib
zkI~^oj6t~66Eb9}5m&^R_TUe6m{_BrwQH_Z^hBU0M@XC5`m9?6ECFkIIriUFl0)4U
zVEx^(Rq<8Y=eL2plPnGg>achfpax$Zj~?#=`B@5WN01GgnK=Th9$Z>z>An)kIzaQi
zMv(^q)x{yDh09zST$`1ZfZWRl*Jbkw(m%upCubXfaFxBy4K`&fj|FRt0`iG`o)zs#!E(tVsv+CTl1_oddy(O9^ZThxs4Nmo;vFR;3
ztCpGz1y31M1@ou)LPvkke*hAjRbSq}iW`7^!ckaRS<3tQraef{;EHFFLy?+{D-+B|
z4V55BFc*TcIAVG?i=MCM;mh12@w^XYc_nJiRRG=;fz_g074@;)c=9wUlPS*72D6jE
z+RV-KNr(;l5UH=oReai@EQ*tlOPCcI^t9|l8W!EO2e4-ZP8syJ{J=~mIT$412@y~q
zM96F>yJc^)yg1+o8r8Lp@_sC)$s3QxZYCpM;zs^jsJWG@HbczZMcKX(_wpK>BJNZL
zcBOW2C2IA|i@?4f;k^%q7(8g1OTaMyWq_A1S-jDn$=%zrnBKiSlt@HDn
zm1Odl;tl|Bbi_|QUkbjcBon{ftIq=91cIaxTnBp}X_h7@s?7P|s`MUZe4}|7C3-%M
z`B+%(O>kYM9NqW#NpKh=p4lQS@xaSa^)55pNsqlivlHBJ!TH^BUn5t$&!$R+Jj+9$
z83fl?s=~HktgDQYW$6@fbp-kA9Ok#J7#
z7Q)~caDASv9R~Nc;XTN9g#IZYG?!>j!Z0`-dtkZXI|(&Dqdk9MU9%m982Vd8trAv&
zxx#Ek7zVFOycvEl7zX@7F8(Klo)QN9ZDlUt4{>u64<#N3e*+~9)^{VFKPC(V_AH-1
z%ZX@C2%%;2b>_K%FO3fazTiBRc+SRmfszXth5=s+o(ql{#8BhcN_-2#FyKq9a{*r!
z9tM1oINo1@c+SRu10@$Q41;MB|5ifA!(b6^2f|=6!kol&LG_{Z4k=;K9PwOGI*b&?
zn+Np~&q){twT0UX6uhhDaMJq^XSj0&!!e^6Dt(z~P&~sh;IA-q!A%lg+nt(~!Vv%M
z1SJ=ojt-Rz9!JP`p#~=&?Qt)SA++-scc-80ovU34n6&?nx
zSfB6m4Ta$UC_GZpu%yx%h5=uz?AM$|!P%Hkaza3!62D8re);5%L>LBqFR;(|5a$BE
zf*CJEfnJ}lNe+eJPZ6GG{H^54Fbv+EhX9seeT4oxVRo8CG6`Y8
zxW84%n~x%48VNguaN%S+nuO-T3dC~~4}+c40QnG*Fz8M6SAxDq&?Mvp9R^PmSBQ<{
zT=3Up#FFU@KUqM9WacEqpHD#Xy8_re$O>fVT$;kI5q}iOVer91L??)<7KkLNt5
z1_EV(mwdjxHy7|V%3;9mW}iFO=))lRd>L>~sA#pL7-xulsr6Q2E?p$1iPrlhzEeWJ
zF*g@%Ko|ymxvJ0i)aC-d$2JU@h0k}*;@?#u_CZ|J8HY`9}W)NFK#3d5n@D
zAX)yUMLGR%%wZSHpRnFcvGiZrYSFV|H3fcgIf`m!?-GNlwC=Hyc43RyVfFQ$R21(?
zer&Mv>*}xRD1U^L7wc60r!M!Cop>Vmk6rFpI_X62-QwKuapIy~bMF%8{+g2){tB}N
z%^QO_?gtL2)*j~PXPMwfsjaIqqnL_udo7zpOSa;wGgk;#g}(zqCSa1n*
zAR!lghO(!`f*ChcrW(rTe<_eLVhRaiz_?#&HgOxSB!Mp{
z^=k=%?}0_RCFFZI{kB5R-a-RO$OQ*We2j#A8z}w;hY%Jb^!aK?ti4J}*m^7E`5sLy
zz(DZ%&di)p!=T=6;PEY)If;Tm@H!#fj3~$m@!weDwu+9+7=1txq~?N-Tj)EI!(brd
z{_DaVx0PfPng`<%&q){tT?zSBAk#s{iv+iWP>98FE?BmWxa=JaSKrByOt@NfQ8Fj;
zVUT+SLR>+k0U(Nb`d`e5zm-$+i3!k3W2Ey&v-SDr`7$qyk~15x-KyykKPH<2$<;44<;udxjQQ6fbn?8$;Jy|nB(^?oT;&4pYT-2-2WLJzY@hykguQRM{&P_dnE6oAenCw6w$<8D5pfY4)7X113Evo7U(zQ?HJ%=
z);9vRn#ix68DkGlV0$YR*bzx=Y3GkD179aP%obqe<+r^1DImFazf4^o0+U%gK1#RK
z^q45!i}y~MwL=O8KP*%Iv=%sP2nLld|Ilj2*EAb7>uVmrS0*Q!nyE}qGObdXoMgJD
zGQn$JqD*@7b;+HfGWwLdjQWFGnW^PyyJFD8iBflVxO;)?$`rRtygbI3n~P{c$7LF;
z4b~CkGVL^N9WgGGb_Cvx%AKmr+WBavM?zog>>jGtPfh!6*8hs!T~@7V3ry84o13
    T9a<&-|ISV@{~PrhY4)C5?85pYU!#owtOh=!1NDy*35m?w
z$*p)JgtqLJPD?a}xC3m3xO4!nQ?*>^06Zli*#R^icL1(uE9?L_SJ(k+ov>FX=m4oq
z&;e4JpaY~bNpyhHwH21+lqeJ4MZ1#l?3H9mG#!_OciR<~WOs!nd3WzjP?A(8C`l?4
zlq8i&sw9cFCgUtB)vO=-mt-4vtPvT;(o{Zon*B9x^SRS>i1KM&^094~_=@|^hsY;weErRF-|5Ly;POt4+jcyjRRdMp
z_U{;-IiB_830WN~#P*4>$I9S5(`&s13#8~18#4Bh#NVVOm>t@~n07JXvq
zB@TLg-McMxtKlo#xpQ!L!i-qv(a4PcnAT(n&QCO?cyelfQu$%w2T1C$P<7IzDPGn0
zOuegB2ht0eZl+_ydXu
zv}C%K;N}iqL3)YjH#8kIjnRH#LTxZv~8i7s5EUy
z`_x4B1k|+NmdHJxs5T*YmsKm;0@F21OjN28roWL8j!kc{Bx$;IE=tHm#fa*`M5TJH
z>6oZAZB55SrRfSLs`{Tq^_A>w6Z{{=&ElOgk%TTf2tkDEv3ldXR4q>6Ps2Tmd!tzGjtNJi_pd1x9w
zUYAfC`*>Ou
zm0%t7SB%AL0f|0?Y{aa;15~N%_jN3e)){i@XL6k}JCW}gCth-j&6jh97{G`cup*P5
zVOC_CrDm8FnNHCRQ@Wu-?Z-p=zUHszOrc6!A3kU5rnEn2nmg@0zcczYaJK&q+I1xT
z(KPF1r_)RWl8r6=()w*LSTed3<;CuY*vE!%)Z)+czSk2R@`8+Mkk^qRy>8bjX(6dnY0l&SY%H0w@EsEu1_HieIUPKRqXK%?ZZG
ztX~VNI8@i-Ttj0meo`GCN5eI=uBFF&#XM!^o`eeCX!B#%zXYmV=I^cR@*+ETd&NAl
z<=cdg*h^-)H6vO(6hDovj&`6%pLmTp5mdRGAUkn4k;TqgwBF55$uxX(D<}Ff(-3c)
zxS#kGu%)%by#Sn>D5YCfu+BN4+&ZUqVx99uLTy}|
zJy#@W1JTPF+eHd!Ky9q}bso1P8CLw7wzC0N{F)x(l~(@T+KjI_pN*+}_O&R%ia(VP
zR{W`au;P#MX+1oVPh4fMBA>MJT=ATaus1K=T$nS?+_hr1!=b)*u0R@!gIKk^}uzlm=
zgmmoazACNLP1HBIwvxUv<|NOX1Vr?S`^H>Q#ptoobaO4Rs}tC`Z(I>!dsuAgoe5jw
zzVRh+(l`ESk%zvKTI8W`xJBMq3AJ&XJ^YNl`UaOPQu~a!zM+elxNm4W?i-p$-{|;7
zxKIH&XeaZ$$aDUX;iuuCi~DPuh6)4HZJ);IYIdXU26F_l-uN
zN}XMSQp;p}?u57?ZEe)7KN2`yuHeS6%{0Lxtv7!6LxeYe#W&CQyrqeJnr2jiSzmaT
z&8Ir@$*#R&xp=tRRoTXm9)q9St-ab2x^Vw6yLSEZLdsU#kgfFs5Sg`oHN7!P>*}=H
zb=m537Er_8%khv!KhN85mAEro$UHD%Y5Lx5RZ4LG$}7D}dWYg?SuwMIBCM6t`ZIGa
zhlpo1JAZbr=%}V5EXw>jQ5uW#%fGM+@O6sQwFSDQ1@kvIQb#`AClT%sBOBbsE;L;?
zIj7<-c9ChXX{f!d!oliWs1+sb(QTMpjaf}?@3zT4n#5q$ybu+(3Rj3gMx%d2%Iioa
z{Iml(`ox1(H&CmI7zeB0pyTiaE*`9wf+}r@N)v-sb1Y1ggH_!Z@{M;6z?q8?NIqO_
zdL5~NpF8b08pN8Kad^}w2WoP1E3T|FYdx>^?+I0fstKxoN~&tL*)F4x
zY4Rn0U2;y;_T0+--1_m#{oKxsd&exn@@zl^OTAuss@ZqZ3IO$?p;~-6UAi_!$Cw9zk>O$hM71MNDbaO4n$BwpnRxX7
zDk&39*kd|L)A35Ten2bq)6srouV8i5++Q+H;+;I~3BF|79S9LLcWwSJnLfI+hpyBA
z!$=c;F6(rygf4fV0--5h)h|t*l+rIvQ+KoS@~wE221KF{pEmMi*53lEj3g(_R^xll
z-iq^H6WF-WuSZySPm$Sm4Clska-b?U*8a?;D%1P4)!5k^?+@H#5eQ&Xhed
zQ>6DgGx7AP2u^AJONAA%5Ta6PD=}`M0#5LXhjnA7oKf*(!hb`u;eV_-_=-!hIg&gj
zAxU+V?0Ndzp7$>#qEAg5G3)n$DxNBKBh_NB)*`=>>g>j1G
zWB15u=jrItCmz^#L%Vh~>>gdM9`s6YOIQ;3&IT9S;>EW$%NwR{YnFG9ZflCS;|8NQ
z1fow|VN*brRukWn$n?rnw>iD)t;u+=E{`Ce4{&BBf+8xSghb?Nd`D{H=Q{h%xUlh!
zF#yzRBF}+#7+TV!pk!V|AeF@3WI=xgt$I3qBg)8UO>B9*jZzg4Nuah)}lfQ$_d{B#@cu2*fHjXRjlr`8nHuGaeUl
zEvVH*jPt;$6?VQ)fDxnlOWUZc9U#BMO?5t{Bs(7|()mV)__gEO*duXWwgFY@@)WmX
zle%12AUE{IFTP$z5V3N4jzbI&-_d=K;u9%5a@_>py&75rK
zNVa!m)8hZf-gkg!Rb+qP^3KgmdftQ(NPy6L0-;Oj7OG+;fJzTUksu@>Dxkq$iDlRF
z3RqTALEUw2U|oB6UDw_zx@%pKU0t_)zjJ2h-g$?t$bSC!+yC=1&y#!So;l~tnKNh3
z%$zRDV#aCu<@d^b7M#_hsCImj)D<2OqN#epIBrvc^F0&R#`pM=+qo@DFf`aL|n
zK)WP;c!6r;!wd7fAFJhdA08yy}t4cR2sjP7#70~a_8fW<)e&c=nuJyCE*x8G=2B56+=(Pl^ybKhia`}1!D$fRBJCMC^ap8K1f-_R(#EDYz&*Yu*kvts%
zO)x#FynY(~XEPw)I9yn7WSxwC7Pz|YXxmy!G?bRAJLMylpKFpPm>X1nAfTkSAssQw
zZ#D=MM2+Mo?*^2c{J9$CMc*4CnF@&pyng~ub`MtYQAkFv;8)0y49YQMVFfQkG+0jc
zf{SSL^GF33h5U{MlFy~KfF;WbWnil4v$zZX>Aqqwl@uP3cn5GP7o)t&Og=z`=X
zKL<3yWYmveAjI=mK)l#hibo0e9AQ!F0S&rbh!elGJnvnhUEMVkW^zoLVh~Oh$d)U`W(cq5$VK
z;BcQ)K!h_FL)o06e~ZQABlC!&O1TA-Gj8UQMg7AqS+C}{Acs4X=H=_1EJ#A_or!B{i&1nsc~?P$fsO)gKRt&+4Wy!Ps4A!F~&%hULM~JKm$~L!>RN@pr(3Wu4;q|Mc1}|20h&!1Z@U
zxOn5l$xZfJtGYD`UkvxkWU%5q9ljXhwUm%Ebok;RdE(e_T(`=}oprn8OaLF9`m3y)
z+yp2~d}a;3uDD;lzc|P5^4@xy9`91`FD~?3d`0-}#3g}U(Zt^?S4K2*1nZ5lr*l@zudAw2VZW&0Rbv(ohOyb0c1IpDSrG?w^Dnjsm7m(Tkl=05$Yryx5U?_@Ng&QZdns9r+x+*jc@C
zZ!dO~rm{({1YYbA1(}31q;f631iC(wIH5#$llg$M#8c37>A+(x
z(@UUx823lK1nO$oVx;A}!HZoC1zOnAMTg>^PYuRAuY)n&ui&1oa^@ekK9a8>Y)8=t
zA4lMd5L|e@?ob#<6u6Mf!kHj3jY9@9uzc>0I7>%RdIND`e@5XI&hYZNl-N?5s_vAJ
zmQ1q&O)x$5nR^0s-(cVkB4i{tc`2ZV?qOL6t#h0^4BU$(DsVs7xO1fLd47#yJ-Q-E
zjToVy2h(%PdQ>97;k*SwGH!^B;Hr@MAV66V#hiyrQ|r-V!GhPLX}S0c1gN|zxUga<
z)Dvl_f>=^IUEL|q#kjl4vjI&oJv3B&^_7luIUwG3xG)l(5pgOAi_)X&PWfSUL2{GN
z0-9hl;_*qNNHyMNDDeO~C&w0rb;vRX<7x@{U^IBwdipF$p$P1n`;w3$&q=kLI3q4!{Or0Xn
z+3pu9dN4ev)WZ*XPN|s4bIRw)b6#`t-aMz$ROmU0LVC_4S7BiS*>s9L=R_^>+2}d;
zoG+cPu}sf-HSj{u`4Qvp-E-!ivdD3s2Bl6ftBjlc7|?QhqGBUZBtu(OvlAb>ZM)0R
z5Ow|XshWl3M2F)KyqOn2iyYd@Gq>h|NNy}F4#1bBY@=~FUdEo(;dogCCKvn)6@Ikm
zDr4|ON?OVFATCJt=mjZNP72HY%khqL9UgQ#T4mhiWCV^TY4%s!iax4
zLk^GQ>y-v=en|TdK*Nw4Gm$Ygb?ETtIjS8vN@>U(neq|0r~ywwFrJ<$#3VNo&!+~;
zp4Wl0?vL{D!SrG)Kdfo;&J*KBVI1>im4iKH9>8T7*R-ZI*4BunVz`u_*
zaHHwzLXEoylE5kH>8Sk`E2t6C^hD1o)00HN^z=0Zxy@i6O;2xF%>U)|v;-_@dg}R_
z(XnjZXq}sEb*t*nC`kQ&YLNQ_4jyhzCv#EsJN>P~qs#@$WM
z12n<(G&|jew-EJ!c&l(>Bs%HkR1g-W8`Pch(F}Jxpa~`;9{*VEI1d2gJ&p_WxCa6`
zrG!Okhq_Zf>g=xoO)wdF6n*$1mC6)Z;gH)5D~t|%NGqK6VX75g&(E;JqY)My3rg=;
zTv#58269GPA+e>jO5G_R33eW!38p72JYtsP++yHGR`_c`*$QO<5LUPzxW6-S2NGi>
zH~F>3Rj&kKD2trfBCqXYkYFf5i2*)<4=gY5b|owMhDhiNVnL}N%5~ymJRl|jXoBfU
z=*-#J{~LI3DiSw&JD@By2@)RgiajVJe00Ezr<&NqUV%J7B`2@gb2@yeW{4N`Gj`i|
zO-KKOulG1EEYh=Jj{a8?>`-@-`WPj;oBRsU1d~DHIZt=TK42rh+eYPio;Ui-3b4rC
z(h4v80M==A*pQO}<;4$$;LU_sduDYi2{xc1mJ5`3|5g-%PdR&&~QB
z!kq?gn-Di`lfs>(aPcV+!~=`|W_XPVdor-2gFNNLyW8%C{V|}H~b`MxswyP9}SX6nj}v!YxHNacnk+Zfa7h$g}L5xq6)nD
zQ`~NyQ0!C?6G~}!$UEhu<`n^&U>*okyiU9@PI8aG%W(!8_}sssbCYubWkuhA0^!nD
z8)q%fboE&aJTIr`UNX>!1>*}w@FJ>r4frsv-_37x``u(M6ipqEm`>0B-;j(lbyjyb
z`D#cp#BEFDvi9YUKg8`LpCS33n;qv*DAWmSAWm-bAAqvtGN6YkXWM=Fu<)G`?n5E&
zv49%5W2B^Kr>WEaBe<3R*=c3;nGiB~08VuLbJ7yjYzlZdLvHys;{OKsDA;{oDt9>M
zEACKL;}$vQ*MJAcGdZ+zP^fR|m-1X^r-HC4?NE2hb20Ale}E>KjLj?iLzvfcLqQ2b
zM{<+heyLUmb7w?LRU(&$`G*fcnQW4Bwx*0Nj3|j6Q5HY&8^<}B9?rvs1*4!O2S@!p
zx5HZ~b}EPkrQ6k=^3hm%5YPnkz!*Ih4?LG$`#!>-^nl-((t@{-Ls4H2X;R>rtNKn?
zm5-2SDZ~pynw|0BloDr3{lP+~LsSO8?rD;7f-8k2+odFloqVst=%o*b>i}`kbn&YSnBxkv~puW0}@hiSx9p3&4mzn
zI550paA6e}ORd&9ek-qNDBQ18K`baOS9i)sy?Ftk3FZMEj==-<=8)--=vD(i8aht_
z$~sCp-BufGArCcTxK`ckINJ?c9aVOdV}5N6SHJN*<)=Ew%Q`_)zwwM!P!1H{EuJ9d
zkU9Z?OYI)d(+cOMir*uiDbJ#>Ba9OqzapO70{)YI-TbzCwT_k+P;-&oWNyyS9cLv(
z&?%v^Zt^)TnEW}=7$|z76WiLp0uH5VAiR
zQ0^Lvdt-eA+e9l)iT8SMJvBqE;!cexKI7*Z&isEu4xJ1|-M<#=U!#hF3dc=8p{tOw
zIq7g|O?v@Ic&`2}bhOo=JvyXy?p5MRB}cpH!>%OSNjUZbCT)SGQ&~vcQ`4$?o!r$>
z!*~N1t6xrTa=yluYKV^4NHxGh@4Crx&NXPGS^Wx4dmF0|%j(v7uJgQsTOZc58&KZa
zQ@psGz=YRr#e6h?yFnhGBxAz4h&6fgAm0f7(gz`tgK?bWJ_I%WJB76S&}oIZ@HnQA
z#JS9>lfGa4|ICL{ZWN=3e`;>4k%YBJ6*oFjIH!K%OJ9{@0DJKJgA`T`wTB31H1kQ;%(d7D0peYT3-cI&0pOGp7NvXCo$|-f1<6f53}}MMz+?V^>2!NE{FpMv*)25#iduhO{k2W+7?9}5b@
zn;*@O|Js|&@+x@qLB=?Wy!kFv!^;MWwTF>8HXQQiG6HXUa|t1DPVqVE&HEy1mDm!s
zIP&Jh0cGo_SiI@Yzd1A2o67(*ym=wy&?)MG+?U~H>WwNQZ+@AsLdMA=Z+<;U*qeU}
z9sSavJv!`=mo%+Za^%gcAq9K$JHg}&gEsQ!f7P_AUVMiDYH0ajq=v|w4*=9qL*&h+
z8sN>JKHG7QHfSSnK1VUN`=ibzHwZj~jY(
zc_vYMb3&5deDbrP#{bKE4Yb}?TzD+eSA69^zbmC`C|8c;0&O)xE-`Fq5J
zo%u85%uh6oFcDH54hptCl0iFjV#DKU!y*K{jG8V8>8=KpTS>)x#O>$TC2lNMVS7lI
zTYeHwiW__yLOxFd%IZ-8fBdFpsw%{-dx)3*uu?CD-mx&jE)u^(Nr~y>cPKg*-t!Wp
zu~C1{WF{(p&qJ??-|OM4Gbz8;DDxHyxDJEco;
zzXpFJ33KEr1kL>%ntOn9Dn+wm#v>{A8O@4ct+r-G0_pe?2S8cr<3k2Jk+|;5|-Ng0C7_yu(>h@eXH2`TPU3qC}usaR_Sr#;7ft
z6-Pg+R7Wk@w^>ouAI^$OKBxHjC604A_AG-u?jNR?7LSKTS!mM%zcat)vf
zrl(o)gVP;nEg;?oT$sl!3Y3=;7NzIao$}GF_!^)ICZqM#j#)VLXW&I0+50iod>J2(
zI&$s|_Mme4-o)}op2I{(9tk&j7`W&Zb>v!$ci54Nci55g`3E{uBA_FSC*s`dM)36>
z!G*O!CpHb$Ql*qWR(Hxrs{IVm1k;mhpPqpiLV$SwZxj#Gf>TOZlsW^fQ#9$61Daqm
z93+`@{`dG02p~t0I~h2$?-&}!xowLb=cFd7*8|F4!wMhEQ=y3S%JA_d4nQH)D<8*n
zr)V$zr1Nt3aPYnlT;9=~Qo_ZDk-(X0ZhM022l=bb+;iSW{MV4GjcS~mOnY3J!KH|f
zu-9($D%uaIPURu)D2;nI0=U3sNpr@xpm;7#6h+Z;=ZPFbuhd52H<`SsP`={Y%ElSE?eZ}T;7(x
zP3x2r6{X@QqDBv32#v{}fF_s)CdJQ)RpSgN_vOvl{~7pEWVH&=bfPXmP=Vf?7gs#y
zIMsl9D{x^MC@{@EyRK$%;K>@K*5MNY;v
zxAhw@@j{JV1)jUfoe-KltpNXf2vptzT)4?}e3dio2P=prrAyVF@?4C&o4g9p1k+=%
z7JY8mQ?!cv95_6jC{W9WMKLNFy?s74nESjA=5`;>apNjy$YU?#{LfQSV-q9*lAA07
z)NHIXWXi7*|2J?8B`RJcRJ2UK)msq$MwXcl&~l*RCmfpzIYj+2__>RJ6~{|
zp9A7;!G%M&6guY6Ek&QX>Q`XK93`gEEft5MTS9S4i6f=2)t&N3&;<#VvoZ=mw`F@jcZikb#}Zx
z{bwHR`@;UMR&06o;LnfeQrwp#hfZ!AjOZJTnnx;JH+d(ZVTJ56Kfea={|ww{p88DV
z?&dI3v^lE1il=s`XPZCkw!znjb&PsejU);waWg4K!4`vZClaOr%!KH3*gbxgAAQX_+^UDu{g>r~hGqesOZ|y$#=g
zeopl<$_`dp{L~Xr=0&kQzwy(R?CBE6x$WLtPs~1CIgFTbPbOx%Suzy$^-65orx+T>
zI*yZ@ya^21SA`lrS!nsX1%Psc!}xK(8}a)$1GkT=1aqIpl^usZ-+`#i
zeNEy%VdEBme;o{faJS>a1COfYjNE__38napQNtF5mFEGPAbRpJ#UCW$wE^+E;Sw@)
zN(qb71a+r;c(Ad|46G_qj};
zNij>)XVU+2VqPy^i1jb1bc%fDnVOe8#B2CW3YqQcGi9KHedfzX_dunb+~k{J$UZad
z9{S=KtC^x;q0dbD&=)?Fq(AhPd(XuPc)b$I8u`q2fRWXx0fOfm-PGcVA)
zXHY~wb2VsFLw84o+(MrjodT9VQ~jn``b=2^`OGiSzc+wdr~WGACLaMb>|cyd+3emy
zn^7ztZN6@N7n`s2zi3+XrOS6LBSKdcvC^9_%JWL1`-zwkejC*~Gpw}}pk}T3^gLFy
z2O7A%;08Y4muTGZx8cXbNER8m(G0Lg<4PkjW&jzcq8Xt0(XNPp0MYw3Em-A?v
z>11Erp10eRh!LeHaeoDWBZ*+-Edka&92Dt-J
z?uamEJ^m~lcQSCJ8RTt^E6sR@llynX{=RDxH~5{Q36i1s&nvKX1=MSU3%8A`bV>=6
z(nxiueB^t_0h(Yka{8x%2RZ#?0rhHeVLlYS;*6Y$h=kH*>Q4E{>0b+Ig6YZWZ#~Iz
zHXC@O2pI{l1py5$l>A->!DCnqkl%}8{TD3;BxD1+vK>sH-tRlb?;i`N^cuu$i3>|d
zuXuD4}gOkzcgffxdB3k>|IE0+Vx603umc&9$kajr6O
zqptjg#+C7HbmdEE)e}wP{?^7V-a6B9J|NtkxNzI3N}~&igi`b0M-7V>18o3J5Is4G
z<0j0IecBsPZ!|8eE_46HHI5i^JwP&I&-hb8%rF)JUh4uqfT8
z?v#&s+zn`g$-tvad?oq3UQPPEFM!GO1|1F2K2Lx9s`zb8Am0PSOT4aXr^B3wQDvEr
zx?L$u;!GkIlsW*X41XhuVq^?CCwCQsamP?jrD!ay29&2KJJ83bNf9~~>C?~Z_uylk
zVyMJv1i5!NF07LPg0QV+CR@CUQds6pCo|box<9Il(i6D9hQEDD;{KxMQ
z|3c2&jSDlRR}P%vQ8}J9=(pZgmlg%LZQ?j_aXQjNk~rd
zc>s+?&N~qoOYU`s-0Qkzuwsdn(&@NggujtQJn{&-9FGe+b_zOn&Lni~FY(OXc&K##
z_=48#T*^DS)tFFTA#|0Zpy7Lf@)*-m&El8d!oOk!)XTve0G5#AiJ>CCad$JHoc3;<
zf|9U9;z6lGzcN5R3g;{UG{FoT$Nbs-J8;JX@)!4?MD;BLm>L%y8~lz7`KL6+kH6zM
zt3lvhjmv1l49~)nT4M}YUpF}>!i>-J4(U69=5%YY`Bo|rY;>^ScM;(d(^^PniD!Hm!;<-Zd(Gg{V`0GeQWVz%Z^m>eM9
zP+XV?1^NtTgidLOx>G)CW(}YTrYC0Azr=}fK)f??VICiXnNvzwlx|XY%Az*73{Y7
z-AE6S=v@H~+0jfmWXjc!bBKZ4JgoXCjhl(~5N_@!;4U$6F?(~uc+j{qNQXH0<;EE8
z8RESGyws3U6G1tA=Qt%OhwmKgpj_@z2sQlK5TQ@V+J8?qO&&MHP%i*(dq8!HaLf0=
zedQ*{In==25b|BAab?&{{eCglNff=eo)oTs@zF)_SwKF!kh=!#t~1z08;jdCyYN)p
zwwoR2Sp!$^%iQD+jVq%kYMaz9=x`At4&*6vPlcS~{iump|8c_4zX9c*mSW?0T=B=(
z<1GxpUO!yeQmM=^d!nHLN~$~M
zBLn;epa~{}K^47Z7|F|oh=kwbe4v&bue4H`JwHH_bxuruherMaE$iGEe}IJ4Ur21S
zE&u>``EX&ZZwrVOYX;UFOUSw?*0K-}*bB?&i(}3I2HE_^F@ZB=(W&_T4@z~421N~^
ztkyCaKfy~9;GSpTMuXx?jVnVqXm7J`HAnbkmBlZ>ftMN+Xd+~TL6H)&!JyC~o7@x6
z!uy{OBXJ``F9MXsm8W)KF+G4guu0ql_rSgDWXyjCZZuae(zr+Qh8@1)6Zou44cuq|
zJ)&{t{?r&i-<)X;AUb{}2hc5G_rAd{8bF_EcHu#!@6W~Si;tq_M+2w}pxk`9d5i|o
z{n)+H04h4r=#lYZkE{e8FM5B#0yF>6VxatB$_%;m{bP$lxfI4L!%bLEUkN7OQ<@VM
z@hFK_<|lid2znS*n|ZP~gdXrJ2rJ^nULh}uOGyw)JJp@?XV3)+WBg-dZJyxz@CIlt
z)r&VkxAT2W;(or5aEdnu82=#g4#Fjr1vM^lGP68h$II%oy#8`UP8Co(2KQ?GjU@7s
z-RUwA7kp-GF@6z1Ih6*fJ3jgcD63vt2z}=66sOsjEl*&B!2#uoAbr#zjeNw5siZKj
zDj4GD25w}C-)Y?G+7KJhNBn1NBvRxOI|CY81Djd#$}{nUK!CkrxUfpdQk+skr8HCB
zDIW=V0-y;dgA*%$Zm#2;0*H4ZF3f|rew^W5NhzUIx@vmVR-z<6OiXm?!DeDJ3dOdE4Zj@{xe80JUfn%#`H44wl^&2wnv)%#uvfnM6dC
zM&mvfeft@Sk#{0aqhx7PP{||?pGLX
z(pr20QL!*S-6^U&K2nj0k)p^_OCi4$$xW+}B4II9bg_Yakgt&^hRC~uJ|S}MVL)D>
z^#I&xHo5>%_9?$Y+h{X);@ss<{L7$1>UIX+{dEWNtp;%?PuDj6Q$_qZD`tc0x%Yx{
zS@n9=RUZU7hxMmcez>w@&BCQl{G%XO_U$tYG)4_BTKi
zOi#>uK^5tL0J8#ILS{}WVNn_guuc(=5r8I`jCdsP$A*A-RB0Zx;dDv~i_&T8PWgz(
zS%4;(3_OnO`73nE^=L!)6tLg@u{r+mcl_kbpt9t?}VGlu0fcE4od
z-XFDvzZ?u4&D+AOunTlyckNK5lg{GBII?WC((csjwfJuW_5fbvcsW2H4{~-L3CSBL
zIK^+ncN|9?7U9CulffI!AfA*iS9i*n(*?;*CIL+lJ?$e)HSQw@ZnRf_#>6dt7!|)x
zcpu^tR_v4#7A5~Pd8hmux*)m9Oh6MvMggkHGmgb%wY6Dm0KG1_Fq>@hq7{TlX`H%K
zzBOHt+~kpfCYTIj=Z=K-7aMr^tt%%t`5K_CQ2K}5v`d!`=dK`M`Y-j3oA_NpHwjQL
zY2v>OvgJ@;qey-kw3A-)Jn5Bx6{O1_=RJZATrmXr7*%<}=c*A@-(e&~{5FXwA8rqd
zo~l8^N=YzE-9Vtz3YBq_qX11XLo6FVBgTzKCBEhR80WZuOvAQhw4Zhqu)KM?#>c>y
z^(WUh#DdZV>Q4D1>4M}YF9$Ti^w8hrKT$V4pL-L4-W|9wn>7o-pn?!7{Z`#6A9cgq
zfF_s>Y$`7}#&xa;vi@eEjtU+4F<+>jcolMDZd3m8%77=kSmRYIqaRW|r5v%e_MZi9
zgB!_(-esJFiC-NQQiKA1N^Y<6nW+fz23e<|7M)&K8T|4wweB-imtGVcaMsbp;#(!m
z#X(wEp4QY4TH_Z7SrVZB8&LexAWqEqrOs5^gS?HWW9j226;AzH$WR{ye=}rwBb4E^
zFOBx=&$YzsgT5pJUUo~vTpILjS55rY8>aX&4N%|ni=Pr?N{Sg$JInR+{BZs_URBx=
zQ}^jX`ej_fbo@SM6$Gpe@~(p@Iz&ujN67_*B`$@SIY6(}HGWSUr=R$|q65q`=)`R1kGv*4Kvo
zv>}iJPYSxq$yeLdq+k%WfNV-*jFCpBmv@H;S#&ImmUqr^e@Bjf7ugor|y)G_}mO=g2|}w
zFM~4r2Ej81>V$B4bnu^2l%aiQ-=LptyY`v=f___B8Tb)2FBAJqbEntaQab~JLB(wE
z-XYgbf7t57qwfb!H#
z9s&E6)1*bbpsQFD0{Y4&^?9esI$sp&e`4)#P=J@T5U-rpv1W-Ae_0eh#rv06PIoF3
zkl_gtG#WBI6*lwHR2j6>eL~BiTlJ)D6`e_{OhRu-5qxYgyfw7EtG`KUl3XsrZ!A#>I&U3E!35Urj7!`S`lRKju`$X)YQFz
z8r}cq%I!=qQ(;I@{oo)i!gfVBK?`}8l6rF3tQFj>DVpLFMRB~Q(0ZM#F?Ourb;8Y%
zT}pYN$dW_%m6h^~XdO>lGS7)0De`qV0*$SFX)=yEh~OiT=`=@W+~nU(MPP+bR@X(u
z$Ig
z-{Y}hJMud94}}}`U26NJaXk@J%U0I?lQCrzvt{X1F}1;+6)N{8#aSY}94jQjy++tt
zeK%Bpe=L}TigdbNWf0!Bs+X#{U#bStcm3RpRv6(ra7&Dxi`Tfosm})cJ7U4(277cW
zCw%YDVjs#oTA`3J+-3IUACGaJaj_ur*GSqwhh{qgP}3NsbmL;}$r(ag;xxfWT5X%Tx0$h*{hE$Mg7j#ht3ASI|cas4Gl918~>Q4DD=z@eV;{%!?9`K`y!F-?O{MB`j!hcuuvm};zu<~BF
z07dG$eR`Ge_##k8M$?^9Z1jzN*VKU*N3<_xW*z|FIX}ZQ!?4O+yg$pGu7(ej(w%;{}~iqEi$p
zm}TM1arKVZFC|j&uGh60YzXEp%ir^Qyf%TJk8(!sIvo68@`AGs{A9a6HAHq<4@sExjy!%FCjkBk*E&@($$i)s1oB?j45xrQvX9XMe%Ao#-GocX&nYEDN>8ghW!LPhMLj`wBV^*PpQL{+E3%%e9
zh@w*zEBJfU0$%9#Ocn4VuRK-2i@mZ`0Wa~IiWOY#8L@&8%hKaKQ)N^sLD3Ky(RtwV(c(4{id*1_OyC_~T>LyZM
zju+&|qGlz+g~oG$HqqrdnxpRW9NjEE>*VVm)&YY8&k7h6c~-!nSOavxphN@yMZlnq
zwiq2SXy+LLgHdNv%hJ5y3!`O`u1Z8o%e1c2bj!4^;)bq{CypPx!En&(6om}_kjfDu
z134`8)^@9_tVz4i&)pvg8LR_0X_lY58RXgRkinO3YRKSg*9sZzj_4$#?==R63`Py1
z#@yuwnL*ST5xyII3{a!vzg?jkqeBG0ba}dgP->C%D_0GkHEP{>w{C9Ady#v!3}-94
zC$*GXP0#6eohL&fFKCK$6~%8gh1TPn8si*l*LGUs-Q)(_jCNsL#tGkqFx#be@xO56
za&=MbEcHn%m$*Uuv`8!3e%$1EKtrt%HMZ@Sy5_chjT>&;M?FoFtaO8g2Crz}eyznT
z+^U)T_A^|y@To=1ZY6&8Zt$?dFWR_&VDXdt3T)7pnLM`B;^qX`_2N0r5hWw2uY4uaw0z$!xI@IuF#hSLS)7*3!XE_WS
zzK}FL+zm>bMcRo%2P*&#wS(T5{71NIDa)aQk=mA2=wOt)m(am@HwqmrolW)kbA$Cp
z{n66!J*$4HlYX*u!q`DSw|h$LV4(Ce6gyZtmiTvf11CLdA1sR#{v#NmX8S^YjW+bv
z)3B!6&cttPaG1fav*PR~&#~C`A};Z*ZOJP_+8QW-haPw}bdu;3rK*KaZT691{8q5R
zU>rpbo=9aZzrYiJtBYhj!>MgegZSEDhe16cCfnd9t1^sMQs7`5%XOpjXJ4!5U!;Z&
zdVs11oAfPK)L^uNKNi7x;1TZA5zMJQmo|SV2d4sGr>8;Ou6z*%@ck^HsPo8#=Ga8M$>L3QAklo$_tzf`o4Z1DarZ
z?0I^2H{9q!5(PN_0FG4M7~UFSbKIGAHRfRHAZIw=y9Eei#)om=6XDp9x>vR*|93-t
zc;@cDG=i(0zquZvSBB^#L-fg=sbsJ_1!T@_T(~JSNU(}A1VcJU-6`LOE=c$vXn-b&
zj5hE0xhwVI926!Pg^=!ZPihigbgO;Y%*5^as&PV>4Fi1LWMQr{lh|>^
z@>5p$wa@S}{Mr!(It^DDoCN}u`@aF2r!Fi01iU5z>P^Lkn?XfRDPdAtq3)E&VO~y{
zEdWh08FeaX{3VNy#BOc1K@qiQO3#nuX$>{Vf1A$JxRmM$j1q=M}
zX^G>Fb=wjZ2`Hm!?%i1$pYHh~O^ZCw>Hb+UxVs2RIAc+fN4I`05iTrqhqv^z56BoI24^hH9-Cj0QQ2}%z6+dK
zXGRs}jt@9~nVO0kA*SUz85x8T2Wp%$&EgI?W(>|K!b7@X2K`!kML2j#53;tg`2@(!
zQN&q=vIJDbBDlkak^%LM
z^!#(#*}aq%g`CSgtGVUpHn;#0@7^q%5;xVv`-EaMCn$mRx^MmW4B5fAJQC6CP~H4jSVBjp%e0%Z{G0U0h?8GeIl+P#vi
zl3+A=t)3k!smV@q<7~5F2=*3zl7&5ToSAnfV!CO|53
zf;sf@&)~v}xKk=yh7}!}uQYI&vLEgqOclDvsq({3+rsbs6>}B<2Sihu(}0_;2I)~@
zk+Kjf4C_8RwN#E&{5~VqE(nYx>Z%*SXHLF!4OJmIH!6ko6j`<~yI)JmmYOlub;q)H
zr*SEnzY$GHH4X;3i-b_*AUfD5;@^{hWo_hp-janjMnj@fS%t(mgp(d}b!*+D%z(dbW%n$6*@hW%2r*Q7+MWSQ9u_<7d>G!>)!$dfKl)q^?PpSq_+
z7r4r@PfH~u)oPc=9MrUOBK2LNbp)#OU0wlQ2}ZK&pSk3dQ1WxE9t+3i|O1gVR4E-zEi
z#`P&0;E5=UD!+bDxFGlqt{jr*xyB0VMvaV0$L6Dm=H8pke�p!fmcR>&+>R(M`D}
z>NRFWHnbsybw);3MkaH=Rl~XGBKU1ldr=atS@6HOGzIgfzTU`PrH4>!?%Pd_MO{f#
z0)DL+@dMq$>KsrDX`uS@E-}VI_i|2j|E9_
z_R%f!++3`69w6i9!9+|qrzmYW&yporPi;|F?l=z`woB@k3yX)MhO^qFztqL@2wH#~^dJH{I@*A#!y7UQEhn{(e{gY9>
zs-xtb^i%}rcBJ^|r=!A-@iSIQkD&Eris+A%uLTQ2R)-m!wTL*K-Ke~WNbDZ58
z$~J?KzW~~Y_4F5%(0=P%hRDs`cMPMI>|fc#k_H0;y
zFNy=-+_1_b<$wQS6^>P53{~uu;2RJ!Qikzlq+Vwm56J4!lZHZ^l%&I88mMD!`dP>D
z^fSVCDM^P7HBg5f_4D4!b+lIF+s`_Bt;_WZo`3h*mgh*#NZnUh&v#qTHoYz1PyIa6
zs^8|XKlPx|>~j5q3SF*4==#~lAEXP^{S51Qy!EUTcJszb2#6>}UNU
z8(m(lGwM!LhnZeBACR}(XY0$>&%UGMg(;n!HtHvQ37`QH42-JS&&z1<)7v(4Yu$0&=RU7szl
z&EJ0BTYamn`rfvl?eR6!D!2Lfx5{n%D2(1xFy`qN{=ruHa;toX^=#|Uwg+2Zd(-Dn
z-Jg5Y?@z6tebvWEOP{n#G1C#|1M;^1_*I&LV?W#D&t4zc_Jdb?DaqzHIHeS;aqGFA
z^*qUX9$-D&{=j~=EE>aYj6DWEqr^t*#5J@s{aD(
z+1AettGwQNw(Fa1mD~Mq>u;ciUtm4oU_CFho)cF4tF7|p*0at3f4V>Zx9ii^*L9Y@
z3oZTbZM?Ox=nvUPdRw2iKe6SppKbqakB&q@5X4P-kXZzo)Ec}bC=Y5sOwqM&H+51`BKiT$X
z+t16EeD?fk(|44c?vTos$JVDl7^(?u|F^ID{!i=oKdldYKW>jtdp~3EuSRG^t9y7n
zRXyANX+P^zteTBYU#Sb!-QF+R^7OFq?eV|2XWM^OS^V~9KYOzm+g@#b*zp#7{M+rf
z%kA;8ul#KPZu^4+Eq&Pj+4kpqTi@9IVf#1R9_{CYEqQGHTw;~~PwUHWk1enLysz@N
zx7uUdt8GvA^8}0DF1PvH_E51GdV74>&#f$aTVH#7&bH`netYX*+dgc3yFcu5+aKBc
zciVsOZT>2<+GF>}LaW?SFtZT=@(`1{)a|2Fw;`?2Q(TYomb?JxIcFSb5y
ze)hAiUt53nc(Lhi|6xDd{B8OATm5bO54*gxg}*m>f9m>der1+C_WIJs-`lg@9{bs*
zx9!J%w&%O0mb`l_xBG8z{@U)Zz4fQvzP-s~>$lu$&;G~#8rZLa{TkS>f&CiTuYvs<
z*sp>88rZLa{TkS>f&CiTuYvs<*sp>88rZLa{TkS>f&CiTuYvs<*sp>88rZLa{TkS>
zf&CiTuYvs<*sp>Aj0S#RhcDYXX9oD*o%?-u7OpOxe8-<#UcY2I!nw;x>$B(2Ts*yQ@l2GI&8J_M
zFR5FA=ecvEr#W*^u2+wX=gyoncQJ~5eANj`onBX4y8w?d$5~Kw67>vNa)H7`pHLw&
zT~ar5_K6YKC3EYdhoy68*VPhV2rz5rlA77TUR<+qUK5bI*|Q02=7I&avuB1x^$Tkt
z#ipfc}OO?osn9@So9>s?wTQsvqkwGcbP0sj;3n9#|T?l#VXB!fu!i6<;H8U5~
zoH}<-)R5}>g|q8wY8OgKUHzg3b4ew{Waff-wP>3Xi+UlFO4U8b2kKQ;3f&Yd%TR(*9f_ZX^}y`*jqY)%R^XZp-piu>$kWCaACd&=y&
zi%9-RlNg9-esvA?1xBq=5fQL8qa;mouUS|}(Am^CvgK4~O)UWHN!{F&rq5lxxR%9%U{oJb*Dsm7B&BPVsh%`*k<@}RA=Rxggh;zUt*KptT39w&
zCuNtQ)ld=PMjcaMSF@m|ZaI}NLh0P<8d78JBBiT^^(W0;4Eqd+4D@Q5nAMr8li;7~
z7cZW>a5fnLqs#$wpN5-$(ku+NI@p&4SdY`EA3S!#L9$4iwE>8V*eHMnnG{ytNt$R5$yJ{s7#<|D
z?0cE7t2v393l`I-S1+nvq9tOZkOfPYFQE=6ivR$P#KXc`Sth%`mzD&D5+X}OvxGCM
zo;$Oye(_vV9G;fWT)-ZS3ThWGo4I(7Dv*6I$sK`z9|zNr$=~F{kFBwA1rZ5c5QuS@ewOik6QG{AY-KCXD&`HwgyYjUa9HjmTLi#1_fGLU<7f#Sd-~
zEyszH)uPon(R_7?8WXpgrUHrV2LF*jH%D*67p2ypkx#Bkh1l@vjU43q2y)X;LX
zX!W|RzlqXTJH58lHX*W1!fhZd+ALazgnN{>RD=P4qBUhKlKC*V3%aKLxcsyH5fRAWo2gcf1%MKThP5G`mDIm|dMHriXE&h;DTv
zd%W-$i}Yo}ozhnn#hU}_1@Vny1ZTY3JVx|(F`2hf6s-}(@oM2N6^F(rXk>f<8C2dy
zZoWA5QsKtuiNltmm$!({@kY@rK1GzpOGVBml)NFv4U0b`ay}Owwg97EbdRqQIc-Gu
z2L-g26F(U^HKO~AUU@`DZh*~gpP=|5u#p0mOpC}6IMPfDD
zOE`hoA%S}=-XOB+9>kZiwvk8Y&~CvWgkLS#l&I7vCc+Q4
zh=NZ<9O_J4DvDlDZIJ5FCL5F(FWRETZJr@T<;Cw5C0=;}{%PnYQ9PAzZBlM|(?kMF
zCX&3ZLOdiA)6`>vA2Xuz3Kngd|ntr$aAgJ0Sj0>XzIIC@vSRs)aa4
zWLLmydW+5z;9Z7_#1@geQM6c129p8n24C-VGZLq6@MRop3zha-XN*rYYQfm^$n}{v1hlSZ@plObD&Eh~^DE
zrZHLyNx$tx+C0%3H11j{K%GdRAev8wW_^Dd>@nTXBp=ug&gU&SDStcR2HV5|0X&P3
zKQWIXJL$O?-YPy!91y=yxQ~egFw`1gCnt&a4~q0%sxw+nq24bfqH00T&)q2d1==1X
z()x(z?M3lslDZ?hFokNq$e2$GgO4gD!Yb}b(3j9tCFv*aLI2dUQ6jyAvVoi}WR&?d
zNZg=0m?zS=iB`;^gXBQ^ayR4R1y#7ls@N&Tf+2lG{<jd9GG|JHc_%sG}|aT
z5vWQuqgx7Z>PhexeubPNs()N1k_-cl7(#3F#NMm=_XKnMh~i-)4(~o*^;ZG+7uFFl
zaDSFa>nn2F3%6eM?oG4G4$%^WA3mTpY$YG&ln&a$deO6*M1{?^3*O)yEP-0#26II-
zjM}v#|18m?S_~psmFPh?(o{G#5Hi_34Y76LTrNblC~Ab8+APv4Md^4^9*65c9>cOh
z6jzFlL@ehTpX!crcVhA-MrmMFIvyG6GRJTZf|3<^ZF!pT{Q7vEXy<2Fi7s)rE*Lq_
z;z7O010H5>euRk=)plMVdGYbw%Xp-EytSgucuc<#Y#IcsBEg6VZh$61e~9Qag;rV2
zXo@%#Fn5TY=O-f{Q(#?cc3WoOSsiM!5zePKoK;6poo_K(NIFpR^j?(m^}P>JX6qo5ct_~nzVUt
zC<**#(Inb30M$6GB$f~v=8W=hU>QZUPRM7o$l6Y0Fzt0(SY%HWnKYfQ7v0y3cH2bv
zZOnA-zp3h;r0Qcae{G6%(0orF^X*bH1%UbE_@!#r+%{)Oa(35)cydHU?
zWUA-^QrK>*c%{gIL-tRu^YdV0K!o2ZT*uXuO_HL#V6#A9wwNcnNG*9?6QU$|L!cR*
zX;y#+J7XUaycy=xv7&-!FZ54A3%g))>Wse}nxx|MMYjj{Nm*Ve>}j^sqP(p)jGm6J%iNYjN|z
zGM(9wMvv>bi`YUk=}?brlY&ISV7x*
zjF56=32l!NIrjtWpd|+5=$HA14aD2?a2{d{HoUA8#F}K}D~NW|acV
z+z#ttGYK{&KVHVp(8pe=H#CCohX~5qh9V?reM+V98d$APgA?mf%8OIK9%E{9=yF7d
zz;8>QB>p_m)uI%OiONUfJ4FZDWUxn}_0&3Ayz?Ret2RQe7CCo_EI9wQqEKn0JGM70
zRQzmSeR!=gmpmd8bu?kOspJ-5v(lZ&F%i%WaJorfL8`=-MbAr}Q7r^$JDxVqW7dj+
z4I-~WersmPU)N~%O>y1|W&5qW*Vsh<4DkoXB``Z~BNto6~<
zw!=jKonpXdF&GPhVImE+W2uT|`4o{+Pk9$Mf4~S#J@uH2R*Tj!T4JjlBKDl~cnD=+
zkq&zpFPcvg%~p%FYLU5#R$DTU1@Rh8ky&M;JA48}!gdw=@+RvtK=GX~tq!~1otPCq+jCRB;3;d<(q~7u^9G<+*iZLc14MYdpVXtR1f8c
z#3wRg40)m?SUT-~-FAMF*U1&7FavL3fhZleS#;Yb`fnD4$RPah9JF}P5XY5Kh@<>=I{Q(=v8BfMWlET<{Q&0&Q3BG3_p=2|I0u571TFaHzcJL&KZpNO|eJJ^b<2+A=3j#ViklvWti
zI)u_6VU&LOqk9%Pc2xZ$8J7`M>GOj@m2OQ2Rr0*vdyA;#BiMo{8bVLl*(1O*Eex<^
z$N&pGCE;MYMsz^jDDsb{wPW{4`g_t1nu>nCC#)6t*9GU-tU{0HVE0|OHe;drfwDMmV%sG7cza59^^l!ysy8Pe9
zVR|5#2ix>Kq5lDz*8M{AR^CRO(>3wK9)COAn5fPhieSQ>L
z-`?0E{ig#vSg5JM&T0$ZNMMj@=tS^i{MX^4LK2^);(~)%uK9%#B=g5j3e9HEZ
zgbB3tm*K?~MW6Y0L8v>paF4*$IIJvXU}`Wl
zUJ);#{p9}06m-#ZUm{bLO-H79%TdkmB(P=X-D8y~{EtSa{*B;M7v6xHfv29&VUO}-
zqjZ%Is=!n4|8U@`_dW!kdaJ+__wv36o<{8tJdvZ=A9!LWsZ^HV2<}iOv_xWddGF2l1ME(PgLb
zyzU6rjTJa-DYg}7>dcU$0kJNhKgax7B`6ALlL3E%f|+B)KGCOatQxb4iyI?
zhp_yxq2gfV+A`iiiB~Zc@4%}?%LXwZogXm9jHb211h5`zHFciT83KiDB
z326(qi!NK_u)_(IPBPacpO=)LcWA!oMS@nfIKuOdm?-cs<_#y&+n@
zL9f0lwulypSLYx)M=x3tgzpHf-UybKpo7|AiAe945O>eUK7dYgxOn79^{t}lCDC%5
zsGvh+E$^onDu~wN@IpC2%diq`86U%MS@14%%{QoJD8*-oL+R}i6Qo<5UkKtA5b=#+
zXzUxR1tEOWdkpv#q9r)>48i3y-tHe;aGT)($;e8v2dbGa(B3kXsvX2pz~;4P{Od
zowq@+1=v4eBE*KRY@2AY7MgbhS_<-eil9vH0o$@7-4Epfmyc!PXEJgKGmI~Wp)C@H
zxYK*V19o5>;6xo>mz3bupw|&WlC|`PxX|lPCu9(U#vU_0co4_dmeq;o4^E7iIIuw+(jX70TBUzM>8J*AkScAKdVKX`
z$K5HJ3cTJkPMKcdq99+MTm2UW@l=YPfu{JE1p-SAqmJiXcXOPoh^IE_H^gbQEJ!({
zy8&%!9=}51#df}EeyNDX=Xq%oFNN_PSuX6N3jfl(9=%)*S5qc39~Az0
zuds=>eXIrYQ=7J4Xf64vlHQi43(`{yZYK3{XITYTdAcA2Z(0mx{4MN>%+!J_LsprH
z)EX4;mb>tCOYtHa7QD?1s6owyXQEt-L&gE3N1Ns8p$V@m
zv9ORXOG7O?acZkc7SCnlG%|Kq9dH=HYat~_Il}!Y9dpKU*Ui#6o25!{J`Q+$yYWs>
zGPg><0BtjR`-BY~-iU4V*jO@C`{wJI3y=38Y@$;>hJ3Z?cqwkmE-a0Gsx;OEBeP6t
z%xdoXOc$egm}s|JbZZdaSkY#h=!94FICHQ=1PvnXVG-+vx5MR4s-rR86@zxs%Asq6
z7`0Kh*{b2DbQkXo6FX>O62m+F_!T|)?v)iZsX;o!p36F-v-5WM+|`Wa9g4Hw)zSj2
z+J2+Taco4Frx?*~=z#*Xw-p9P>&hkt-V6a^-v~r;gH0m0PIx$&FqL#c(>QMFOGVoF
zCMoG?e;!WX*U8eXRQo-<8O`p!|0tTnKHwoY$EV5(&1DQ^JhlHC-R#OZ2@@dLaq
z;%6~@@^*_}4Wa`E#&uwER+E*G<#ydd6LCeIn7CGs2aDIGar~5Iw`h;UQ}8oGC61-C
zs{?W#t?{ncD@({Z%)
zSfGe;Tf{{9%OTtQ?coqorqp|5dalKfZ%kwQ1-cxX#&M9g(?sk{ypD!JG~M9ZyP?S$=Fwa?zVQ!I
zRk75Cg4x^@A-+ea=iwb)GXym;;pbh7o0=g1S2S0|K80f#ny*`((zxG2A>%|}OsCsK
z0!X6uc#$}h&PU?(q=%DaUYC5Yq=}jH6U^0v^;|u=>ACtHS`F-`#ejFFD4j;L9oF(V
zqE|9br2Udt0&3~9PiA{3*tW$W!@8@>HrdU2sl)IibXg2*yFp(2ghWWBj>GqXkQF~d
zcsNXk!-C#Jc-xduVs&f~-Nw-z-DU)~H;7`46Tz>@@j&+BatU+3@MemlvqWDU=)uuF
zAiN>G`$XDbiK1%A2HqfQK}6BP}j<61gYMMZU@^;#TB
zm3}3WI^^ELKz~N0eIl~n#CqisY+>6VGE#LD
z9B%kggEGaRkW);2BTDN;SLIc$akT~rUVOq9`ZZbq2GP8VIw)9JPIFztkIv;O9ey~k?LHsPz^a`(G1dl+(sCb+hu~`hkFFH4i1J}v{Y%Leh
zhXd)jQ*>5~UQ6Icls0=<%36@>)8E8er*}w|GNN~8!^6M{$Ce^e`mBiUf(uJqAw+-O
z=#)9}6RdB>ZV?ky%*R@1k~1pAQb4Uq$VQB)0)jH|qsy=&Qd`^~5Yl4&HhZ~c^n=ZO
z%#WIZ)g#~K(}bP-3663M!i?p0C=l_nbg~UsKIV<~Q7F~jjJTT!#_R1sN((Wah{9c>
zH4byvHK~H{5SgKaxCg}7N-u9MOD{t+d%!XV;g`Of#c;(W2QRt}UC^eY_fGmL@Ia+X
zi_7N_qZG?&wb=gQMSw;79D2K1d=%zV4)$Tz3bxCpScspXk`nA+R3+95dM8hQ8J}W)
zQ7dR`?)ib$pJlk_9?Dt-;2jDg?5A*S+{e0#W@^MP=!Q`xmP)~`n*Wad9gYs{z*>jq
z<+=C)pI*YHM5!LeA{js9k9ni_zPGdFLcA2lH2M?K2WK%ii;{Ch{|D&TA!+emqT~+T
z@GIBTLiWJ`~uf7qchQN
zjEr&>e6ZT_7tE7&V(<>pc{Tm=sBEoB;MM5_icAi`8@sglI=Q4SOr0%u^APWVNV_*!
z1%NHah^gbN1QSHxI3W1Il2
zcTp)T(wyZSW`%^ms9OkJsF?wx6O4+TjE_fK@!7(W5Gd?1h4}E0i1_u0fB=gK!PBNk;M5EzyT!3HV`8r6-fpHBj2~y
z-uvu*&OWE=oIcgE9RcK>neM9d*n92u_|~`9+WOvKN1qO4#8?fBibO?(A>6L=-BeV%4L63zV>YKj=j
z{S_0+Ndv0P6VM0)F8}OWPhYMvGGWwz5AWrxF4haI`Co>=xBsoJTgKtYJkr08-|l_O
z1tgi@{;TlQUwi!?qeB~hW#YSkf*XG?NY^NFw4eBaa6|tmxP0G@#rY|u3}cJ(ZQSE0
zzXhU{-SEH_{`F6P3^X1{BU&rG#-j00JZ2952Veif)+hhb*5`I{+p}m$_x~_rYyTb!
ztW3m~d9~lxz3@^OnGgI2SQ*5GcTJp>5z{}1xB63fs~>|SEB;pI+y860)t?Q+|9=Dd
zn@@jd>xayaeKz!h{(X3ffBHLHUp9BnM3Mg%e1*MlE842J&V1l6;R6TX-r9e(b?4W%
z-Z4qo?+Z5tSzvhgU-$=GZ?cod$G(d}H0qR}#e3iV~kA{Nwzu~K&{zJCg`0iic`V{J#
z<9YW#ki;qi?>`Miu#YYO!Jni?`6QamfSmNn*Pq*+4^A$cBmw#P3&L}Q`ux7%6gT)|
zh?FUDi>*)o7DHiFQU51fTYqSw>kTey#x?#U9B(gv$*8pmY!!(0zloLmf!~itW2KQ+
zxl+#r%bU&GM3?;kAOQyjUAup0>(eN?evIAyWt-Lr_U7+G;O~EHt7FV`COz|SL%;nv
zm{srm+7=Q>oxig6nJ)Wfedf{DkNy^8Tck?g_}8{>!_-O}#V`FVTKtF}V&L|g=pg_l
zR7c-+M|g3cc%lFNwXHXvZ+-e#fk^zr|8(o8&;;UF(L(1x+PWq5nxFjLtxpZNe&AmL
z0DHz1)#vYS{m`!$T=r*`r}%rgL+Wn=i_m=dbKJ%+v
zpZt3;H9K1S2%7NU0Z6g+Rs03*6Zm%8qXo@@aH2l<8^ZSlrbf~v;@La=b)=Uxh9CK45zHmRs*4NDzRm+)$SPHuIGK
zFE0Pt*PnvA@x>ojWtaKDe}xZx0Sdf>@K8^IegdHrX%
zUNf1BjLY>0{5<=fIVx&~Ir=|te+=g0=fJ4=3Yw9r7yntbj`P-yJk8HDVm7&?OpNfC
zl^XhUCPv8oHWNW)e)}JW@x|vtr|>W0#-I5X(gXTfKNkKLz9hMG6P?$VYzEs?F%g0QjxgEB{%;{#;a{&EXcjhekAG&Qw$hIN
z^RZPK`^UnFFMMa~r@yVjl0mw@9RjlDrnmgJ88G)du)Ci|vhx$)+4^4ev9ggG$yUsb)Ne;;1cy0Q~DHRJ^GQ?zMGkv%m;|mh9Ai6
z{B;&ERnax1r+^xUJlf;ep2dOQYdR`_vRyKT=HsQNA+}vV5$gE=7CVYW=bq8=8MF4c
zAgKT1ceXkRnN4~rz@Hh6ypFbcH^9<=?c?9`+O3Z%A1iZ@|61?y6?2b_3(lD36R^KO
z5RX~%YC996@(q5-6f9&6*l*&}z$YJ?W19Kxe+SbTn7060rq}%Q-`;xS9y<7K1u4&H
zl1u=TvECWSpxm+Fyc?L&TYnKN_Nl*Fr1t&-)ZP!i{%Y$d4kaBb0+YGGzsC!tY4yx+
z|2D*l7x-yjV5Ab4QH*(NU%4VEU+v8O|7m=^%u)I;AnZ((8;Q<{OD+)4_@Vh!PUiAI
z2NvPCP@SS{pE)o87w)|S{4D-kR+!xV?X5@Vx8>VX{@YC(+aC=eh>fd_n}VnZ90FkUvPL@@+(jF9$_Tr
z!I8|!Z0`(){n=pnaCUJr9(InN9B(K4&t@MEr=1o)dOJxlDm3Z8eA(U&hE8@5^)mav
z$QgE>&cnUVCBGoo)*n9D>zueB+1uUf4F(;~O?-DcIKrJThx5+S<0r?C`ULNSE#%`U5fdV(~mVozJFAEERs%n$Iq#1I#q##K2^Pp_dr(`ARQ(D>*vB(8uAh
z>u<%a2fuPGgGxKc%RP<}?eaRu?F9dBZzspYF$SBq7fX3)d}KUaEadL?J+PNgkMAc>
z`R`?W*WM(VLUi;^@#CAAtvEcJ_sk&D-gMbLdH>;+773ZjGkOzm2crjA0(%vImVlY
zhqm43Svc&y8qazI*$?-D+fOg%MrmwwZ0?hb$q7#H3CC_OX9NA?w3T$9a++%b!Pg&s
zsDF%O7i#lD4`!3e5W+1A1j}Yri%}Wgk?1_w=~8I9R=w`C1cH^|jd)>hYx0b9Y?IOC
zeB6D1vfX)PF4W$BfC;Ml=oI)p3^eUsjF-s(a=(Q9@{*mKSdnFKG{#GFAIfxJ9gWa=
zxWgCJ*|0|b?_$2_ojdMS+@+qo_tp*hLtn}$E8W&~1H3h%m{E!Kj&VZwH
zpI{g?mjDkiJJ->@_ukx>ka3FSCkGDn-!vE__aUDF49U1-(I
zPUl$yorA~SmB&rbc)=#_@r0Yt@?h)wbNI2@{Jd_k=b*iVmFEJ89^EWK
zjQ(Hq(>Tt@IL|M791Z-9i{7|3y%x$h^TBq|~
zKN*b9IIdl!Z+&Gb?ushIP{n!f>6Lw=c6&T~;S}1DC|{iU^H(Z(6m!4^y=5=5GsS0fhi4N8dpO7O?AHqUfd5X>SjPo@2iY8QgKseN{uU-%sFWsy4@oUSAX3n)F_Z
z!sB<1NuFQymm)kW2yfcM6|pl>`(zD|^MHO?*Q@Jorei`=A^9A**y
zyq5tTQ}i3N1ZG|1_ECJe)6sa0b7~@*ygtGnA6eByKMK)mg4h#5CR8~B@@aqAJ?wYr
zukYJ{&PIc9=-c~)(dp?BQFDKoEE&t=3jE)4=V0EO4rY_2*Y86wI2{I`{Y(YaTl5Wj
zvitC#7sLDeghbjagF1b(s?vTNk~$tv&z8^CBS|GbzB7BGL>WFIb{&i^;e_;0hG(Ox
zuKf-`oZ&KgJ{-gUmdGd;7(K$4#3Q4lXWQ7+On~)E*sVu!{~w+|WB8;m8l1~wJFu@{
z1|L`iAxVZW`@{3)Xf{pGm-F^+@K5U!z>(FErRs9-0U%+-(Wgrf-S%PRVM`A>ZRoO%
zKwi8$_;d4Q3}KeQ%Q>nHXbK{Q=*8u5NU$(^*%`OgYln3-(jQpln9J}*b7rfq#z7BZ
z7}g{DM*WV95N~L7Os#26Ho|2F>I-YPTm9MO{9-wLXim1S>kgzvF{tFj;VXDVlk?sj
zQMQ4V;t)lLj>=OLd8hKeM&Nt1KNnedu6`Vb+U|7rRd*Vx+ev;Apw|omse~1ERE7ch
z5OSDH8AE`r1(c}5eRZRvXhikrvl}hA){Dt-f)ErtHXT5UXVc#J?s9$sr<r#B7A1
zTl0R{TQ^Q-v+=zz!f#Tm1eaqvTwL^@<1fhxod4nCiz?)v4Q;ng6itk@y`4tYa=vxV
zug4J3IeL72n^En%*zCjQ{I2@TT)TswPEb`cL0Vb*Qf{}7Y5cqd&0LGN(E
zs6sowDah&`Z$;FT2FF|1>Zhu+F66aC$cuJYy`|)0IwFX4J_7)&P_N0Bv~Q*obN^yA
z9t`I;oATJ(_u)7AJvD;CJ9wYDvTOjN4jx)y4Si-tkQP0ZqszriL2A5i0g})iclHxX
zHR0Occyu-$4icy%pb^b$72RRynXd&I=}F$z-~=Aj)g;lTe277{Y__YFaF3t0E~X24
zf8r|os8!AP`TNv#`rStJ6e4p7!Y8xA#dsEOZW~WY-GtPRb=nE+;Ve~s{7&cmTrIVT
zZR#17BqEWNOiZ4!^`gI6&c=h{ZBDP~0kbw@vpa3R?(Fu}U4Wau3y=^Q5g?Mu6#17X
zU6xF&w$wPZ2n;4mqz0d!d>x($9j(C-QSR)O1mE>vk$C_p!?+*h(s5OHPS*~&IJA(B
za|3_Bbmie18`P+`;1Os`wxaYYJ#?+L_;6Gcf=At>IP2J>*aw&>oOloj%MFGho*h;fTPo4#AH_r4R>t_u)ky?uv;zvhg=1{i9M5E5xD3%@*jNLlGrZ)<_`ZD4BZ1M
z=U|O!<`#~LAPjV8a^WN%&|TfRGiz={`v8{~Dgn`gq<8VM`v^x_2oRSK&yh}2fb3kD
z1Ps9{@F$?k?7O!2Y(il?ngF}+4g?CcuC4pncJd2YU5&oppAbsP!4JA#LHf2Mt}1i2
z+#7mCa7#{Sb0Y0`C7|G2z>FczM?yyYy(a3g2*dM}7>tVzzy=g91K}E^Z`b2KEA(Rm~-LnK&kP
zx>zQ}>VSwq5QcNe0nOe5T+9TazUTta(Qohc7Vr1wXNc;$mfuDV8Nr0}8p6h`?OlRM
z?#-tHW>HdM0+WCr!{uDI
zvSt(Szbh;WOOWUu9%k$f=!&%H3BW;S1SIAMUj+wpF&keFk8F-aEk&a!h~|o5l!>|{
zUkrN;T`!x=yLp>SkBvagaWWsBJrC_?k-z8ml-Qu8QcZN~Ql(-+Bk~aq(A?#iFr<_`
z1Eqr5d)QKwEO#b-ZAX0JC?>
zz}yy#LAnW{g*4he!ZI8_L+bn~)Z7M?7?wKzCQ37xyo)A7O8oUy3Opdy1!5N4zy+>H
zT5s80vOC3nqhLf)_vZ7SDS=o`quqSf49;!yi;}E0^qQoubx&WPE{$7Ry&-15?z~FnA16$MM68L?Ypd?qlDSJ2OGH5lR7e
zZ~AXHg-V&i7ZRt%ooJ-cY29r4(mMp6kKkR{-WPXZ#uDdqow^%1K!gI|Y0zzQyb4!#
zW7fEA$J7dwhecRS(@$oFwrx&wIX9c`16naePLi!R=h%CYCaf#ECIE?Jp>B?G3P=kB
zHAx-K7jvY4vyLEWk
zBQJ|6Wr-qvjZuK|`9FyJQ)2YM^ydBN^A=*HG#2D5@kr+o{*sgIY_Gs&s^hK#qT>OD
zf!EMk*!Ngio(gR5D6{PYB>ZdFdR|RmK?6P{6|#npp30S^Zc_`&&5I;hC#*Z`^e-n^
zT1%FA1GlD^^iY$#waO-U>_qTW4-y|-?{SI6}>vODfIs
z(LG^z_Ff4*?>Z*EZjQPhWrd(MM6}a6F^({m&8x+7I3Z$!l1xG-s@ls`XM1OeED_jt
z0Dt-)b|0w=WHW+ZQb1Kxe$B1hi(|(9N}*?uCEK)cBIf?a#Y{mLx|k}m3G)!Fz^Zf9
z;nmpsztlbLvGRXy=AW)h-AA7sA+mU)Ks*0z;0u8R0&(>vl@_q
z3zxEEpuAOju4m(!P@B(YQu>^LB%LgJlcD9L^uZX@0Mt`pljLxhE1t{tb{cFuKkkaxOkFsygq9jf
z!bVUCre_J=fi>CURe1n52UQkVRK2Ef3t&~f^X#b;XRl$o3@%VDK5w^`A&c6iGe#M3
zIBbI4lusZHlAs89c%GcRLJttwS;`#`Xf5AAUs%qte%8NzJ2`!^==Y{*z+idBw~$P~
z7(QUus%v^@sGW>@ac%`1+tOPdpgvHH0aBzXHs_rcWkHemD@YjMqqhRG)10+5<}e0I
zt0We3CWfAvc?M0>;4GY?CglY(Gxnuhl5^CjkR?fLTj6D9#ye4(2Pkk_T!erTF&Vu(s-I7fy}Q7
z-=tBOcyiaY2d;5|s_NtW#pcPl2_0r*22<#F${4%)WLBocf~W=
z-JNnb*pbB72L&bKHM9tuLh)2CnF3Z%4vTC}
zv9XqTs!*09HqkYxlyGtBod*4OcPYo0m0f5e0PrxR+WjFU5pqD+BF3`sH=6n-Fvfs7+zbh3oMm
zPUxGa2!o-36Tqt%A{8+u0`5{!MXOjPVv^#w@B6+=KPVzLt!)h74z0b0pn(ksC0;+z
zmP34^Qs*&;=z(6PafCT&g;0H36OL_YBf`-hd9%|(E_w$@JP90n<*I(Qc7Zb|2DqzU
z<*IReANg2E_^MxjFOXq%S0~kR^k5qlW{p;(dQN`@_6*@kZ4%Yq*2Qc>Z9^1}(V@t+
zj)7&xL(GRP(|dSv4qS2}+rNH9vkxMnGy<(?-t{%5dKnU@iPo$Z2HFo(Oj7csH~$a{
zT9?825TWa2<7Urocq(2)qC`Y8srdEv-%Kq7n6|mbSGMbw*Jhx&g^Nk|1ddN$+1kg4
z*B4Y1uItX?dnxoBX*B|Oo!u@1c0=5sft+XP7`5z9u1(S{DFH$pmz?(o`@v2I$pDX&
z6)cL>jx7LOE=ZRsn^F=T9c
zelkaknKi&N^#dG2X8zgofV>Q361A3B+kYQG+G9zwg2}o=`OXA3!;r2l8xD0|0%p1<
zH_!-ePOwYRLWzu|)ealTCM09JGl1rlM~{(P#|Cbqs@^s)LfDTctn;2x;?jalJ>3|u
z-nOVK{)9G0Nq2!2`k;6DBx|--J|S(uw>fchU}D*iBu~uGr~1G23v%V_f#+Ze*?}5c
z$!;qsMt+4(5~SUGt#`CU84sn>yNjhw*@o(Q(L-s%LBQjX%%;8xR;!6?dL(sRv8rb&
zHnIPFh}vG;I}8EICS=;`06b)j1B3J(IWS{YBn>T1>OQR!O;3phx=p&t)%0*JKO8%*
zje%JcKL-Iu3T7ydrURB&*uc~+FfOoK&4Fr^8<;6dwhd((l0>5qSWi9dO~o#uUBwxi
zM%fe~bwsFrnqnlT?6x(XLG_X06-ZY(EcWqoYWoC74W`rmz`|lKl0(6uZ(35Nt}3+Z
ziL}nUG?d2kQClML4K*sME0+M&(BhxKp*;R>?_|MZGGLVWn>ge(^Z|WY$R!#MsZH0b
zowZJS12-zc-DKQaT%5pnaX*+M-f^wj-A~2LvsqnlaO~LR06@{+F&_X3`pJ6z^6rgn
zmhFE#w?d4#L4XE${w|3Fco@l_=9xzQjvtD8;+bJhtdpEkRD=#Dd&F~HU^yyDq#~79
zdx~^4f`Cg2s6lL|7kQefq&wG;ZJkUXDl~pr85o#yG|0npc2Sd0WpyTP5Zw|II3&%x
zN`a@{AwkSW>D$FMc{x(h<>loVAZEgORwk^fSCaL1j}m>
zOGMV|QG&f+yB!8jwC!XF^^%!hauZLJ3}>hCI!B75>t;6LK*)_vSG6+REO)eZ9+CJ*
zTqPlYCfGXicAuUaQraPzf?PBLFJ1mIn&OXxz0CGNS2kr3RE;vVfjK2YZ^#_PQqkXO
zQw^G?1!=On`%;2Tgj*WTxSNaykuu9QV&3@*M29!oq}HEN@6g3|wPqKvvDO`U7mu9iey3klZN$L`micm-GGDNPRn7E)T0YEuFcQ$Hqvj)j
zzCU_wB;e6DmD5^zkid&t|x(N(c={d1U_LxJ&cv<_QAf>H%A+4bo_<3-R#~P~1
zsj5oEVA$76-kqOuc8)cVZyMgQMw9s
z>*{+2bqMHfjgv%QMg7n!re2>2Wr&w-q{Wg<=$V3kr+0A=#QtdE&i-dyjX+gaKaJ~G
z^pkA_hio*tm}tqUQ_;fNGH8WMaio)oNPJMQrGzW_)(xg|BvT{WCg*Ob0#x7|?xDVV
z6OOIp+SJfxhJpY?4a@No`B&@2_+dI;qWsGieXwSkzSao=ysWwkP$aS|@
zWIIJ?rRfY$N~wbz)z#quLEv*z`x4{_Tap%QP99DFG+)g{%_EB)(103>r%WXlITqni
z&GxR~aF*0OnRIN&HBUM>s9YqFV&3ZsIv!chwX~UW9B|9~6EcYVsUg9{@*G0y(d;$(
zjW7BHX;nKL2tWJI2Ec7XsYsOD3w?wL|2(JV94X5Am_jTSWsz^2BrhObA04y`ryucj
z%aj6tjUn{%`Dh^oE#{qAv&=ACh)gh4LKqPYQ7thhB@I&^yIvq*b63^`VA@d%APQz3Lv9SMKU#wlz>wu}}
zYwAU+Dnxu4z81cnmDD4ko5Q)+4Nt4E5L$XC&GWafYzJhrj>isEdyw@XLHREl`(uZX
zz3h4P2Bi#3WVxZ|PE-5DK)fcyxfQ$zxab@;n+wd8)7|nOX@g2j2ptCa>p-8tiqny=!nPSDp^WVF)P%EFD&8{H=)Dz3^P*5
z!i|1}YzxZ@-^F}DEz!J(uEp|o+p{oL5d4IB@r+yFq&_h21&8*rcddoD(#I&~1*G12
z>MOyICFwib#mm_+4<|{#8DkmI3K)j61QiRgasV_)Djd-V#sR_c*Y?b?bH2~12R|@k
z#m3doa_-Gj>I^NM@&d|8{u%t}pEiP7em_Hnh+HQ-T8dloeylav(FbqZ+widr
z*lwqcaqkYY0K7Pr?#vbWkk)vs!mvcbQg?I}P{9a2818q71)8)Zrznabb`*4aiB7BC
ztR3~n1{BpO73g)bq92L3W#Oc-wM{EnhLc3dia&`(&HDlPQ@+eyIAn>$sQ&
zX7P&Pp4Y_5iFw>J_1LU(bXC!WsxAIa_Ze~F=`Rmi2
zMnH%}Y6)cQqu!$l5220z@32#v0d{Q&=<@-l3k&bM%3RX6H}7#|FCPPf+|JHLGz2rx
zArr!rHX9(u=ymO9`TS@KJBaz{RVpW9@p8<%r#9L$+&1TtM#|m$Xt)Aeyg3di4b#rZ
z778e>`O&zlx|R`##>IVJBoVVb@b7Dt_NU++1i;ji#m_z6l*9OIB|oxc7kR7ooi;e3bVN<|KwAdF2sPP}PgOJ1
zGs)TXg5d-=(384Mw=-xs0Jj~P4Sznu7dROc86AZRuPC?yjcjXvQ
zUg93Qg?U8B_=QelYngEZm&@CU?FP@#ndgYf0sXrfed)Y(+sf<95;#?LZ&H(M^+pCl
zH05PYb-S0))tUK%dzx5}!3--W$$1e^;DO&zqxF&ejGI+_9!v{VdrMQ
z?@;%k8#r~%m`rf0`V*jK;Uo!D6s=bedkj~ZB$WFE~Wefs?UEawO^<
z3^QSu$sskUVS5`D<0klFP8|+t8Cr+ULSg5~3>}9OYszWog3}BsY;a}l#j*i$MFrO}
z4-O29o@Q@6ZIbc)vsAB`OYa%0>Y?BIT$nU{Mr@~Rr(D}^2gUDzT}i(yoz`oKjhUWl
z!UOL_5=9cH5m{F|xllD|RcsG>26ccr_OT02I05NTH1-&gY-(TbbSpcv@Sm;i-|dNe@-O1ahfP+d-oP
zAPJkd1>Vx_so@a6ezinzADEug{X9Ad8~Gg$Zy>VG|8DyMj{COK}=
zfoze&KGd3H(g&?_ulp=9xJ;7|5*<2#7DR$p^wDnA>-7ZBBkgqA<-pxXSe12vZSZjo
z5i%5z4Q`$%FR4t!SISzm?qR*^6BQ1djVuq(Kx$@J1XB`+$c`O^=@w7}dQX?}gz{d5
z!=Zh^(9<`T0FI-a$N+0QftQ511l=X<*opu_TBR9Xct9^moFBj(0}i!A=T(xwFWDqk
zwRwZGX;qRR(+B-Y!E0YYIf0c6o#c}>MDhEz#kqxDO(0J@Yf9K^d@$#-(*si;9`vR>
z0})+LbJbB|Zi*O?KgJj>()6^%EoNZC@HtWr;+dKa9vYkvzkX3X*GELB2&zTI5x>!~
z-*%{}?#N8H1pmb-;(BNOH
zCgNHz=Pk>W+IwX>DdX$f^l)*Pfh*?r_xrO8Ohjc5c*HM~jRp-BRMctT3=y|Qx}s{O
zaDfzY(TfI9c>pe!x{VevvSprHvz_}GVVUHiPGMPv`p9Pmug^(B3B+RjOfY1ic2i5C
z3@O#IRrBUIVSk2m6fPUD-|2H9Y=u&3{YJ^PJAjpn04EP>|9wsd#o#hlIlMasY%#u=
zpa95%-Yi9sY=_rGqy;A;ZPE>;APtbXFjZd!#>G=lu-saP0eB&xj>gj7$P?#VsC%Y2
z0%=O+Xr%ZXN45H++vvhK_c3S0l*2)N;2Wdm2(?1r#NasgHwQr7(mu^xVY8>izS*lQ
zQsR{}dd*-G>i95$8E=w<-#;Z}OySD-H}My)v6>xJ+G_2Bs5oPlcWx>_{%g}wp8|_s
z_UFT6q+qBLf?lRagxSDk`#K-6imsN|Azg?pyO_KRZg8r$aQGCLQn
z7_Srr`>8=sc{^!A3CBXqC<*mDq4NnAx7GqoESaW3Cti%0wIj{|9k|qqffl;7I}L%R
zUOU|*fZ1BhmGR#X=EFW(dCcFN&nAL`be=$G-F8iF5NX>%*eRK8MaNl*S3Y{L*9Y@m
zrw&y&6YYbP?aVG8sIt?J{G#U~RE^tEdGLOKz^F#Z3QI9Ev`3R+)ktaliWg((YT6Gi
z8}6HYeojrEP(aCWTSz?*UZV+L*tOT7nh#9HUXd?j3De}=h=y(cb)mY===Rja^Io2c
ziMS&rKBJ~v>8fP9P09;;=Gv}CFiJW5^dsxG1Rt0)8)$H`NP+o0Uu5gn1w#in-c6)PPLL0N9c
zF(9U4nf6H{CCYSmk2&y?rHV#*4VUCV^;8u?F>cG$ZIRxpBLoTcg64f)T-RL3;m01F8xOKhuGf6@!aN<{VxNMbNk0_u`n89k(p
zrj0WGme7@4V;jBSn!<$@j>b)7bb9uy3Bv+8j^7H1m{}tPW<{m`=nQU&ka#q4eL{Y5
zr^CFBKpQ#0y6H1)k&l0-sWLEha^f;w6>RHVh3WN7>NsaQe#e4OLNrLX@QC;~jSq(n
z7-3>nVn#~V8eY|M2QfW9A^uWg*DV;M%AQmk97CO_k{zdl1@HmySfpJq&oLQkmo2Ep
zD+X4+GseT?EVUN{)WQP7fxQ~9$zJF5nq_WyvXbG*DgQ<}Z$@7l5Kuf84%{HtjXIMB
zUIA$p{!9K6ilA&+owvd8KY|wq!+3zd9f&rz_&`VoYz&VrlNH;3M~dJDg)!s&|dA
z%K=+AJOieB3D277=J_kvgL-YZ%6h>#RynLW;4Z|C7K{)Y4bO)F&(R|0!Zb*%>IGTK
zar7SSoaAA*k`z+7!Haq_SW%VT#S->l$mJa`B03)v^g3TU`omR87VJvu+>w*@$aehAKQ{yWz8czN{9
zccN$2e(l!z4C6`_VL;j7*}OMFj^NT{56}YyT^y1r+9ernQdQU_KLKkPbdiCc49oHE
z=6vC|Zfqk3G&yHmZO(vLoFnkGF(UKZ>Rw3;tH#f|>wcAp4M}^oK#Z>|dkHurC{su)
z6d)y9flwm?y4lyR!ocNm8EtTGR#ioPO=%7$cdU-Jaui%l2Keh#d!~
zO$W%C&Cq22u8s_nXVxK^k9{YS}9>g>->&?%SC4PkN`WFlMhVmPkkw)#AJFz99tZcA2
zFiLkp*Fu72=thfq<}7Q+fxtmnoT69!DYPp_4wx6JcNgm>;W<5@&sQH00E&?~hF1>3
z7rYrNmjHqHmu+O->91ws8Zx4!k}>EM!Zpdz{`uw7j$5|FR_*1)i&}jz%$DvW6H57r
z2DddU1wt$ZFO#E;U~EJHc&W6w#K^nVC)cDcjlwW*k#|g8dk}9kA-DsyztdK!;m@VR
zVfdr3x6sSM&SPjo-MFbcc91sTA-rd{${SCtIl^My@Xo;ZCmIh4E08>d#q24fFr7Z?c`@Gso@q@PZM9o4*m?4*+;`d-NNn`RP%&{@Y+
zWt`B*ScI%5alWg%naZnY0AU86+%$DK-6Nc}rb@C{^@bo808`eAuo$Vc#}xu8Xdyiy
zeTO0P}zs|%W!zzXy)Pwc7`srdY7%`OgruJ-(`z`5>=)~0Q)yZb;~a8y
zkydU@RU2cSZ^zv)Ud2-Q&L_4os`2wsJ7NDb1F{y5Ic`E*rzJ7f6MY#1V%i9r1B{FY
zaM{*m**nX?hncOZ!z4U^pVmCe4%9St&3>!gPj_1d}td
z;RJL#yR1?*=0F6mHA1STWN
z{OSw>1wI=O|LnzV$#&U%%U1IK4D;~LXX8;{EOyq)-R8G5Exo8eHIO%0u8DKaR8=)O
z(LKaMAq9~JS>Z&?!imzZVnDU8!*ODkXq8`qaJ!@9KQa|wI><~yi@V!4?hh!`(tQg-
z5S!5m$g(-_J9V^!+FTK|hnv0kelROL6n`}*dHZM&0wmR&86=G>j5O5k0tE+tH^JNw
z?HqP}KqB6ohDQsTq}@}xC1lG;;H2-?gx1FGj#ICV=NFg|{-;TDwmnMQTo>CZ(~&td~m(v>DxV5qM(zhQhU#fwvM9;DGcrp$$4p;lRV4Y36&^fn3(
zc&5(0Ze^Yq`d9Vp9gGck*5a>KuVHg>lZg-rH}#4&;}!rET2x{OytdF~=HX1aj^yB$
zSH{uLl_dHpV6myTIqXaaPfuY!QR`(?StV=ia#Mcb5ZH|k#<5aSGMEE8r^+hSVuR7C
zsVqv_z#GGrq+^opx=l>UMM(0HVt;j^8|7i?^0Thv7vRvCyCi5$f~4?bcDfGuDIVOF
zSt4^3j#x~e4x-72O)Pw0dK_e*>n6`E
zC(G(r81@u$q%R-Y@LIf%la7kC?PpU}kt5LZ%z!(D8)Xi7_;Kjgx;a9Po_TAlWY*|D
z%9>7immb6;^D4cSFTzTY6`;b
z1}yV>i9pSlUeGnk)T5_r?;8mR;)*0YQ98n!e#G*xRfZBc>n1E%l-Km)PvH4BGTT)Rn%bJGurY2yW!ss>jJ9?&FN~a-^
zA3#$wm=#5fT;6gJs;Z^Hu3fgqEDII=8A!I$jZI%SVEL9!d;&)2yD~%OIar2sa*{xY
zGJ9JW3y?h(4do56&x^l9i`JT6Uk9YL;i_jqujm(AJfDe$?o+Z9)kQ^Nv_>Aud)@at
zrX>h}2qaH`Rj&bs>y6ZUcySKwPpaMz9SRuJ?7_aL`7CgGY+GqgQNcMTIJoSMWGXsO
zJJk8`Wq){1>I!vwdpGzelWnk=kTKd#rvOz}uE#G?PYSJ&WTdyY;G`vIMM?
zs9{poawao4gtLLb*(qa7tsMTx<_ZZ`A
z#>B{phKalN-mtg40B!(>1&X-8Jer}Fxy3OS-?$h-hdt>%QK8(~cG0~zc9}4g
z^og%`zErW;*}n}Iv*W@~r5lvG^tQuA09G{_bm#y!B*SDFFC;J`n_S1(J@Ks4-9pSu
zCIkr&zpqP-c_Os3CUBxBz>Np^$Wa9
z124(fc%yFGYvwW6jH-mjo*js3PY(~Wos{9?!;n~ehuuW>_VV<_IlQ5zly#JB
zL`1{cSUD)DXS6dR7xg?wYYOsA4JiVKn{@6v{5Lhy@u@7zS|v4VM)DiR}i
z#I#TV%BW=k!40(x!UVOD8I!OxULuZRpK?&ox~NSYE$*WT9p0v^4{V@VlxYB=EhRZR?eCUloNbf@C28$Q@GALhuPbdqljZ!%OaNT=ez!X
zLZ4la%=%g4OLho#sGv_Ka>(qyutrpM+B9U@_Sae^$q77_Y7)s%duZh!Uwud``T67&
zgm(pxoPG_@t2OSTuT9K?@(SYDxxkSSv&9_L6L4Ol4-wlscgOF$F3Gq$bzTl6d>YmT
zFI)cN73+&y0%QBk$uip*S1W6%ljTHPnJslB;ZLXdx!1JM0?^Grw}nC0i2KD2^;3V|
zL|$9}^2R$*@FDZ=T2i56f&!N#_42*o)t(Qy0obcNJrd_ZIWo2uDG!U9O7IMYDi&Pf
z7PV?db_nH}!>fgtT0r8!hYY?X5CaO(Q#76jc|(pR^hm6M6zoM4{HUebW
z^~G%3KR^Gf`Sb1Vue|!oH@|vvF&YoPD*okH7xO+pnD7(ONxk_nS)h{K?*NX$Na$9i
z>m;hX6krEd@=&fM`Ix0nZ_i{K<)45=UcPL%@7&Qo*P3Ohm0!4F2g5gcNh*ix1QGEl
zv>J~^o9=uDcBABMTFq-`$2OxcQ1RlL=4+0ishC0;qg4Z0YaL~YRykedr3&_PvYfr>
zn*tqne@Dv}gepMg*{uudjEQDYvKT|&HrYkqwq2uXPFHVU~HK=Y_k+#C;u?X63Ty<60!VZ?&{eJZsRn{Sq2(F@6cd0_3wl8d2{_*ZBr%}_^hF8
z0Pq}3b%Jc6o;5snG_Y*%jTXm1vqqTsCdxC3yOa
z>Kd3%27$89VPA?rv|bOYqc_Ji-{BctMl<|d4_?$LL&`GVV+~sXJhyXO&_Efo3UK`q
z+f$-ahOKlD!?~)ZZce@*MLel$j%i-wklq>C8#0Kg5Tick+
zO0l`}j%f|_H9fwru~u-f!oJ|1MpZ?sx-287`6su!S|-9WLPYQVXiHVy%{>P!iQ`f3
zUA4E}r)NSeK!yz?^&}NnUGRkdoNjm8P@gD%w44o(TpoUeYL|4t&Kihy%nYd-$S*HW
zyXj^m!FiB9aauW(@mlLzq8Gfk%P`jR2h2r*dihNAL6aZJbgfGB{TWns&({DLsIZvz
zZ{JQ{po#qynVak=E?^(Sv*BDD9N{1LT2EketJ&P56>1XJq(QX>BgFX@fVCm{%$3@w|*-QK@ptPChTS_h2+-Bag
z?}4Rf@F`6p(LWoE2h@)aU!pn1&p-LvjR#-;a(nN_?XT>9W&6h4ljX&9_|DmIN=gO(
z*~4s7@Q#@lB%-bR6|^d>h@>mNMn|
zZG@xj|7(BI$A&+*zXr1mzv!QO{}w*RU`WrAQM4=c(Bwrdr6e_5zTbl$Os2bo@u@1y
z5~$)@4$dV5>e$EGwZ~VT(3>K&T^xS;UiXm|YHv@5lat~634(si#bKj%uf)9(UaWAm
z!KsoH8Gw&@dt`MV;u(^sB&@UT%-8&CG$=VA(nOwUNLuR@nK{GmgF4mYg68)22zP+8c0vmq~5XF+gRr
zK8jQ%x|^ho#H#CHHXJVfq_{byejg^qIrAwsJ$uBPn^0tOac0{u=FCyr-#dh1Tvi=BYy%yC@45AckxG
zDP2fR*%DLMNVZ{G;Q%?I6*ER)k5guEP+w-Qmby>sB#TXwg5A|}u?89hV@fVxd3*~O
zvqJ|j0WfDg`rsU|{MZ%h^UKA+gHrFM-y)LEdC+Orwi
zlEI%)kvdc*&;mu!lGO)x4G|d#XqnS;8$39I@5!l_v{mVuW^D&}YEx7?F`h#8NZ9$F
z0U8d7*Ssqwg@;YNa>ed%x_(}fUl}KO%}8l|^h($HidAP4)1fDVpFe1QWLt-#*RIq!
zzbhrqHbmu(Gp=LGQ-MM^q4M>p&b^e6Oo6nvQy(w~STbl-=i8=SapHsO{Dx^tUX6Z)
zeYI=GgupZwmD6Om>HOS2xE*G~08
zsV-NWJ;n<8NG#{I?-W$>wmXlY=&~6@eb*qb2uG1GNH!WXsZcQ1mwNkccj?ri8GkAb
zXi}+kRrT0>!7${(u17-GEpow{>?FS^NSC6(briqdmGn|9pO?2jz`O>8oKoPZjo%*3
zrl`^cHkYpJJLzAm>8)U4H&r2_FMuM+p-$>5i(bn6{IIty9@(g>8mBHLHp!`*pxW8&
z9Tyy{EY7iM695Yc92qd@3ky(5WNMT0IRJ2qZnDZOQ1I-m!Ac5&4|`Uo>(DpU#%CHeo9h#{3Rn^U
z5)-f8%XJ0d@3{tZm{76ZF;@&++xJhl;eez~ui&{C!GUWG)5N?emXTx%gB9P8NKYqx%6*0Yk1(0D36w1W;24J
z=xLve6%5>|HL6|%Yb~)9
zzwf7}t?*hV!*X7Q>ZuC}lda*!@T^NxkN9|vfMh9?HG5u5gu-cO?u!>DGwep<3FV!m
z#RrmU*O#}MzQ!>Cq-F}HCXjr1bfU9KU?-je_-t_51oTFmx-+Qh=fnPoQj3KJL@q;v
z0M~{G1`gJuw1@!Fyk)dVh!dh`#iR=7zBUAHLVzXb5BYs&dJJ8c!z+3!u~jT3uWXxN
z#z`jUOi|9K?+>SEON1GjdaMmP?E5;5OqLHlUjTLzlrr%R>P*hqV+XbjQJRs$s@f&S
zof69LHNIt9(o~d8k%y`LYCC>EGs_dlEvjC~gDf=!uFtTCuR+ZwX-*4fc;2z+x?P#e
zM
zonqA-sAw``ISk*P=G-sJn%tTf2%W)ptX4u_D{v1xc3hbSE4`R05|Q;g{SGj<;{;r}
z^B#un4ihw5lR1k9;i@X5w!fV{yCO-kc4TS&@aC-NUKQ(k0c*Du+D46|+1~Z2pAZfm
zR8jWwW_^Q`5OuMgGa^+nc9tbWMSE~7TtjhxEqLmkqf_|+rhWMwBueCKki{FGqgDWu
zB70+u>6<4k9%vdKF?3T;#Sq(qcBlheJ10D*7Q%?kX$W;W{q}mH>#oK+QtD$>w{B~m
zetFv!bjr@)k-*L-*Z28wj3A}T)WJt!;J~G$^B2%Ie+jLHA0eUf@LYI|fJV=CTG|Sn
z;lRyS5H8D{0|uG%?@gC?Ptc;o4d5+BSEKUj*3|;6*X2~{cDy&6vl__HF$NFd$=Q`n
znTA03S;7c@PAzA^cv3#V2^Cw!1>!wC4W29A
zcS+;V2Hewt6tdH_6jM$xEs(92y63nyp(xc8r|6&f!r-Pc2J5PfxeQA>@5q!%Y;%MIyXF;)p{(0g-?DB*
z)SAkY;?$6OhL*c%kbe4%J-s8d-0c+iE7xaxWZir$tlggK)VCiP4*+kXgURb$B*h}v
zcSF)WxjO1A50C%YVFtldSdj`WBUFl)&QGHNj5TSv9XIqWCGPgJoyLn#yeSN8e8N
zrQ)6Fd1dH87&USWdnB-UDmd^}yKJYKOPa#DOsS)}sqxAXRGakx(XsBb&3&#W4X!);
z-E)6pj#536fh4P3rXV1+-UAttesMo&n-X$b!ob3+6k`;mLJFj0p$ys{(`#xaPtoTH
z4g@(g+Xm=YsxlyR-s(i1!&IO=PE**K)KM+aaiN8Fd~<
zAnA=?^w1nx`a5at>OcPhO6|trnhysFtJp41Ycb6_e(wkvUW8wgORF{mLPiVkiiq3#
z^e#g$L|O8~?jr?WpHq9;)JgGZ_fXB~!Bv(6NTlX?Gjd_1#CCl1VqYbGc7z0c`VPM-ETM@QY
z0Mf$N;hf^Ur86WAThJWH!!hP=Yq}*+C)zuY)#P4v^|fx+1yDs~hB#QAYJ@PG?Md>H
zd3dCFWpcf@>JigY$ID4=O@^&_x$s(j`+iXKewKRU%hB}J6t#rNTA;R2Sb*^3qe`qK
zI}!Gr*-0LW2S9d^C^x_B3^YsNWJE2$byd7c-`*i^QlS`}%Z{1fRP%GPPYh^P0H4@k
zqXN5zM|YJ2ON;0;RBn#g@cDpWB_6k8LJO7-vPdK
zjO@i2EO_;8G~Wnb3DIqX)w(AyVocd05I7ALCg5RRa4c^dR9M`8fbynEPz@{DOVp-4Tqf6w5M8yf}rEzbwVKrM9
zr?j0FMk2Ewew0JG$g@iQQcgIjmpC9_c@GG|Z2pSmdrkBb(9^knTt`nYj$YPGROO;;
zBN$;OyCiV1x#So##HEvCzmzIW*)f|VVXF{WWdbJxnbDMcp=2H<=mBA)9MJk$v<4=szclHEOw~1Rh|f*Lk8C4Yn<`;wGd8r6MJ^Kk~&K
zEpa(JUcMR+2MP!U*i2zrubM>JduIkSR0i!uPu%W^?J!d$$FUpUp;R0%hu9x)JiaRwvxM$L4{iOuq)iDK=gygb*^>
zSJx)l!V)$eP~&|0Eg5&kJtpFmX%msU#-Zns^@g#s@pfvF^XamYt1iAjoSZLT!7YT)
z!$V|mIysPBisBazAGBkc2UUFhXzL`YoeJX6@J@C~^7Tfv^edk?vQTMPBPqnR<}`I-
zQj?7{2t5KVbn2KmqMh42ewA_m5`u*FMAm%xLeM!miu%c$>4`RdYSok&c5Lwrlm%h_
zD*zVb)8$XU=Oi@2Gr;?WvA?QB&xNh-aIc*O#+p3^%JP)b5Y;whqs4Pls7`jAi8u{ZJZE$mms^9_D5}EA=|ehsTL2M4+(`J-HnHcYcOWj
zv3lMKh&uZ*1D5*x*e~zIH)$KPVo^C*>$`DjRG3#p2=;@ERRADGaYs5p^I);s1jrD*
z#-M%WYFQ>6D1}7N<`-<^)gRND{nGSeJVu<4-m6}-+>%&ZCd4K4ljIWZM^8bpL^E16
ztD;!=K2R(l{kUF28g)h5!yD}DA(YdrWN{9JUyrdRNXJN2wa%;8TqK|4myjXSb3}3(
zfJvIC0={*FAl+S=lMe~({G$IHe@RZz)qJ@4qBc6&(DGaAs*mWlcY6ynm&I>k
zU#{WIut_^xET|qssiy8{a7^+pv(?O%)upJJR4@5xh8zk56G}$~M1Waw&Zs$KUGmS@
zN&R8ARuM~6SqmBJ8Dl~ONX%x5O${J$n=!3=@uFHHs1-!fXdB)iX+`+vw6q!VXV%BF
zB@u5*J($Qk3xHWzok7_G-C*`gaCiww@IF=7O8TmSzou28H7?LTkje+@M;ckQ(`69H
zp4X@IAy5PnGZ@K54oqd!~8{cfB8*)doH=jy2IxNR9G)rxcbmnV#Q
zlpr!OXEUE(zvq%2)Z?P4k;rE_&^Z}Ni%jP1#r+<`&lB~sr=>=qzq=~MzWB#oEe}-
zMQO>!0#l?u3K^lb%+*cH1M=~c7UbuNa{?Ai>dZXya8PG
zUdyJQna+)<9qv!-Y1P+m@@Y
z*M|@4T5$?kzvXN!v2NhF?Ti+HSVw~{8l1lDd|e;7(Hv#F?akRTPg7H`gxO9Q;5EI&
zXo)`cYHn&y>4D9R%^?o(L4ujgbJqmBi4a@>MOawD!dud>E{VBOql+
zjdw}LJ9k{t&}8az&XME*oW7Q#`>fKa?*6R}34=Z(bHzrJi-{(ooU#)C)8J_zFil0y
z348{G-W#^>Gl`wo4%Y)
zdUntuNy0aF-cJdAu!`iqPz$3D;p-Pusa?UcBXA_KOxiCdy`3%_K^`+E4p0NDyd;#JU5b
zKfOVBl~QNkw?M$63Mf_7=LmXE`{NlB1n9CjS_~BWbEY}I4v09=?rDy+Le*v!jk+dc
zCLma&=^4uR4gc6?^Y7lMHIuiBSl{xr5!z`vZ4_95JlJ8S2}%nYJp&8_G2>e5&@=&s
zF?fJIW)8-Vlv4w;@Mf8j_`Bo;LtB(b2fYW)2kdW{FfBMT`5imLlN~Z_fbxPX#x8O=D|S}K
z-BZq|5s+pb^eeis9btAxd(RdsL{+lU%jL8qR?Lw6a_U9)K5uIyOqB?rw{}rfoU{r*
zSsc429B+vdEWpZ^Au9t|${RH!8XBj+i)Jq1Uq31yVl++TfypR}Trw(e>Dcgj+%rk+GQ!3o!%
zog(z5>M25wgSXyW_Rhx_i048+V^c8lV@*`RWHzCx#BDkq
zjmL0j@pQ|TZj)8MO#CZ@4tg|nZcJBl7+;uN7*xy$U?QNZUY4pU^JvyA6Mt-q|FT3b5sD_11Hvg8acDlRqEWu#~Yy>{<#h|6zMmf
z<}Fmf3oeTVuH%gPT|3Bhz$^HdZ|}J(z+jo{}vP1udQTsvce9AioWi}aTtu#2+<
z=Nq}dAe6GARX4>Fe*BOiwk~E+q?Ss;3|75QwppcuAW|yIT`}7xTD5DO7M6_dq85hh
zmh@71%{u4|n1=IQ7Xh5w)d>%DTp2Q3@U`iPe}ui_BkHj@39a7xyO{L78lOEd3*piLWKn9Em+Qu@@@7
z`(^7R%RK8LaloXsnvxIYF|v(ygNH5+KD
z)le`bws5S_8*0*|)}Jf9SH(-2`qJFvb|Nli9!@y0tP
zD$~XRF?G74G}{{ss$zwUh1wEX1EA
z-vl?BkL`O;84V5tkr{QfD##{F$>a5EJ4Nj*;~ehRoK0O4Y!3SECTI_BqChV^@bu}G
zi{QX^BR+pBQ|Bp+=u~JK)Nv#s3+1Jj6E9b-^_8^^#@Dc2Vx9;KDrmF-A3rfUUF?cv
z-MvI@Itg~ojIEs9eQ5`hi65Q9hu~SOhDktF5t!G0$u1vgn%07;k>=e3Lp}Y_9X5SN
zAnOc7)ZrR{=)*iAx+HdyRGXae+{sJavTmDwhP=-uNgoNGqDiLfZEt{gZ#t1|63?5V
zjpW#urtSd)>e}r)cM!ph`et)#C2S=R4l{W%K>{BE*x{wAX`
za+-@RfJx+$?q}qGuseKve=s^V+-m7zpoWC`0X(Rw5Tz$Y9pSV~i4wJ1hpA>EI<
zbje^gNqRD1+^qlrsIwONp)_YKF@n3oUOv{Gs}bDqL!RcUg|cx}s=Pd1VFiC*nJ8hr
zStP{vOJ;T*#rQnwFHkd$35ei+;h~O~Q`-nIZ(s$}UB9IYI(nYLK|7~Cm-Fmxe|67&
zeO_qlXl7Acaa&7z2v7^9hoqG}fhy8ShG{alXX%b;vnw?xX7@aY^JZ`H9yurc4V3tY
z)7gt@A`pfLbpR>@M}_sE$m`R{&AVtO(K$IpECnaxp)zE!HzDcR^*7P$3u+anJ!e;99s>tBY>U9o4&jjpA4^kXTNI4y@
zj0HXGPL^9g?-XA-Y_#$})7VDOq24hbHDWPR9Y%MkR_M;~*%5lt
z@S4EDt%PbtP#N`LcG;l5*e!RIIUHPDZdKzDmsVln(QFk~{{mcu+4y2IMXG;3k*Klr
z^nJ5dIlrzzKm@Q6gR{0w>8M~q(KFr14wR24F{)g1eYh|+>e3g;Kn2uFYX{T2%NeP^
zzMtmB@1e(*uYz3JWY~9v<7u5*n{8PukmD$fRpQX+3vPvbF6G$TT=>~JDoVZRAQS?t
ztwX=4QFA8Vrp9>K%c}Ow^||%eJ_DAOt&dmf4laDASjlH5L|ybWmE-v^JBqy+FUHRh
zn}Zjj+0>JZl&G@yS(XM|hQEORD2}ObBaC{g5tJEmnX!Ql*Q5*_mf#$Q5~o6B$&9+1
zNM}FoIp}*9JK*zXU=!o=p$zGkZDoz54gy=xZ0!q#hS#)!^}qBln{%_a_8|$wKzVZF
z8eS@=rybyv3Z)n7Aotg0?^|L8JyvA%H9QA8b9nN`b1kGi77fhlP1o$kQYiREsiI`_
z=YV#=Ff%AEfd~TRFwYxi`ASM5Q)0XH)}RI}KG>n54<^Q#ba(PvtLrZbN5z84R
z0*6XTqJlH6Tpw;bb8|fyh(UM+37~p#XCgTXAaV~QkFcT;
zAlI?;=(gy=mPRHTgfiWw7>U~mQkLClHx7mG4IW5$V#}YP6O9rBGx+pw+vGcJ0g{5`
zW^GcEw1Z-+x_NByX7bGFWMioY-sXFj`pN;OUufkw8o<(%C1ChYW%#|cr{zw;A==PG
zI&L=(3W-ogE^=qC#Q9AjfC;8JQl?7)_cg%kW3LA@y1PMWFl~ArZCRrPRAxCNmkCI2
zzP#ag+|Y&aR=s*qu{Jik!nGAX~!jd(>td*JUEV+bcU7}Gsnk&tL7rkH~
z2>gGD6YdUGjWxFiASG<8HTL7;ZBwUr*PpCZY;mIdyr5&yAY9ib6;X=>F
zo{xNSF5JrnyjntE%*iZRSA2Sk3LfzE{6bcjEPr-!J{~4CgOv?hIl#;@Pu}XbrKLdO
z@=AZwWC2_zS?uI0<}f;}DGC843WzhR6~zC>0~MH${P{J09D1>PVP_rh#!ykSB^B||
zRietl=xoIH+@ktPh*3M+*olrc=xhW)W?*qC%~Pn=78sN`MWY;?q(0C3d-K^uN)fDq
zXachiZz+K6funnQ^%ZI?^4naQRaIyXbpX=C;ra48G#sDAGtr*jzq0oh_OXFXyZiWU
zY;0iR&w|*+%3xVjF)8$f-S0c
zuUrex!`0VpNC1y-boP8Hu8zB>zs$LlRbVUDcGX9?$dVhN|8>=_F+L_1
z2lD|lp!3`9MB@=iS{SHTq~i(;6zGt{oT%1{!}mIp69oCXQgkM5I~wE2s@+`!;lMG*
zOJkr0@GVRPe1Tb>4)Tep5;P8Ej#E7x(tlKuV?2x+VATp$BSUEBV~xkz;$eYCr!0WC
z9TtiVTGYG*HjSmAhweJ1=6%n&Zo-vBL0K|}mcQUc8q3XkJ{)6aVlEth>js;UqPeD>
zUoCpDeN!Cku2-0Y94#KsjJU|4G5M9Y9+6GRd)l?lJ_@t(;pOE8@
zVVbSs);cSb=SoheNNXVKo6Q%f?c%t(bfs6iTm~n#N&B@wUkDl4CVOs1_sUDM7r8L6
z*D0F-+;2YZV$L;ga07Gdyn*0?{opuMH7a}kA-W-%X(4PQsUmqr+mfcYN^-2|t_AV6
zK4{ek2LW0V9BZp*aTLsHWe2dB67@Ozc6LQE900;>T0C(C$I}#0NM_lzl*5!*w6SzO
z=PGuV+lAubAU`&i(}ltoZ%CW%SabV?30NnJkPSfJPf)SQ1eHohVQ=NUZR_M4DB_EfxwTH2E)CZxV|0
z12@^xCTHwaD8}-J5MuJI?C_w>%zN64nH`i@nh|R%3r(N-06_!WREdAj8!Y*$mfLZK
zt7>zsX$GHI;m{Bw5nu@+a4^`wzy|^j$owkx5^GNW*oAiDX#m&af^%J}7m0aM0qS;N
z0>_pVheJKg9{KE-Rohm5Q)G^MDNttoxx74vXxOn-B11t#?-@^_;UaHVH9-?%TVZvnhKAPvMqK$TGP9G
zr*Em%OU!f=xa;~%nizpY7x)~5U`e;l9
zB+}ik9chu1o{kM|Rkg^(jD`18lcfBeBxTs&-@gsrEOYkI
zdSVGI?tQxVMs02Al~pV~oTEZ4ig~LJbLzFWBH@qff
zCW<{!*BA-VD%>j^Q_@JpLRAf$%y?(hJ^2{?;n{hQF$k;7#N*a-6g@FjuP)Jr0Xoq>
z-#p`nM1t%JW*VIg=M;nOLb(<|9$4;Y^*=~0xaTa|qiyW;RegV5<
z`b8r0)R|=$
zG9m<<*XY4*w>`j-rV%p2Di|H9hP&m>NdX>X`yBWh_-x2alKDov$oU^R5>zBS@rk0j
zUuTGhCK`g5d+##5QzedvIdThR^*|SRod%qR#imi
zo@_Aqy@j)2_`?(vx6CODW8O9|L8~2-k_jLM;+M8{Z|4EI+uyht!FoRFJ)s)CT=ozQ
zxE4}kVFJh}pKVAL&g2|G+$GW_2r4j2&;o>+bV=sN4d$`5E7jFYppx8@3
z<<{0A1fr3PGpJ?Znc7&yzC);Eh4l}r5K#|QXk{M
zR4xa+n@q)EyYmQ-u@}})8?4dqqKz(8B3tSFy2}^mXz{y54lzNi$lhESWio3D6HkVH
z=?`4pY`J-RpduY7gPB*_n?-!8UwrMejz)Kupz|suuwC|FHYhdkymLJ-=!+gfM
zY6M&LH}}4Xmk~q_i-!*Gi;Mnq{3SV=WAM-7iyVm^W-(i)16-<>*xOWf%i2AKcG17Z
z+L$X+8%ZC#K>ruf9ni#Vgi|Ya7J9p#ZEZWf`A$7*yT8_*nt-%MFq!oLpv5(auC9u1
zvHy*bk4Ut_@gaw$djt;wNW)W_257>N*TSAj+F|dhF$SrKmNb`IbkKJOwz=c6m$F>anc?zrDRVuS
z`qrXi4h2U8^)J%^&*~IONx9y8`Y)$9^q;ix=_mn#xqTN-emUzywplJrwx_PC%qll{
zXrx~Y9@-mN%8O(@8$B=vI2HSZ3bdo+Q8+RH`{22Mo*7HoGEQ$-OdksNyKdhnLCb5M
zXpicJ?|W}x53&5n1U-iEZd+)bnig8BOB#h997tzisq`GStC$L}2O!u=UYb+{33GW0
z@+G3|t2R3Djf@Xdh#;3wJ}iDcoUIf+ph>C~W%vzFnK->Xd?qG9HaFXXiD$#`9`K<{
zjMDl_daz{BDCUgfR13X89C|uwjc&i3PqCLx6X43nRO_G+$82h|H~1s$c{EXSwD?
zxIz=>b04h^q@V}BPQla@Pj%;$(wjUEuFve0M(Yz3LFQ5-8%pQKLMzR=rbMVXBn|Y|WfD+dIH6
zT`AwVdlabxt@XM`;LZsVqVx1wB2u1RNrlPXPm92b+MNb1BLb%;dy^QrA;}^KE~KJX
zwq84%TrUV<%*euQAR_$w6RdCh=0o(k8UfP;^l>=D-(Gbnx8B#p$Z*)@&M}zBBZP~b
zA|{`z0(|c5!0WNC*raXUQXMSGc&l5PFDi3xUC-d3c`w5aMusu3C1;LK#q(NnAGNk=
z!Cg`zyMSp%Dd0n=9L-5syeGg4`n}4UvM=!2(hd$?-+KuovS!b`CkW0-(}mE1u?-n?
z@julclIF;e&%masK$iM&Y28N*Vh`K#l=RKT%fU44yYntB_m&b=B^Qe!x(ALC1xkkA
z>cd7&3GOeZBykxK$)
z2)V?uEXxzh_#u!pE$hXzp}1Zq%6ZsP+-EIeXb0ss%nFygSz&NCezUNFeb~{fN=Gn3w$F=v?O3FC^FxCXqq6*{YIQ
zlWhC0t4h8M9Ks??i?T?;rTMu#k~)rwWteZ>VB3s)t@pa`%S$srDL4U9-H{#w%QwlG
zw7j{oA)}mAGhP60Xml)Q(z`}MER$gq0cAOKHW_);KZ3p$=k;)g>7Y`BD4IWAwf0R)
zzyqyrk#VCyH=jVF_vIgU`Af?H(W^vOoU|YsTdD-Fopmkq&HZ5Ygl$%x9-9K(&+@U;
zrUqVkyS~v)t2Jt&sN~H{g_oiHsROht$Y0k0?GQ06S2RvZ53-#{>z!f-hs2mL?ngW9
zG>^4Wz2yLW?gJiJd6pZ)xicIym;lgc!mP|))d~3mIjE#%l(9hy|oh(RDU{c19>fooBNQ(~$AAy^P-d2cd^RdXH^Dn~cJ
z*4}Hf0NeBeF1EF*i{yEXp=rirl?EB7Bh30s1yiPMK-mBpWEWq3s1%w;B1u+1WLlVQ
zPCw@2$3Qz2n+9pdX|Kt-lz^%v$_dUyb;(>C&6W1xhINx^LhkTa@%BV)BJny;a&`bx
z@s2X?HFbi84ys-JTmsXXCR_q#W=4>G|3p}k^h_M~NHUN_3~aWj-QuKKb^(np>ITZW
z%w!U8i1V7sC+ZL1G(sSH+HU6F4@*A&B=qRBKsy
z?7GAvI~gVhfXU9ocGyTg*EC(NvVBc0F#p$wnI5U~ejg
z2@)zp1qm(K)&ZF+{^bk}Y)~@|j{ATbOrFhkKFYt4^Hkj)uCl?_O*fpu7k#Yp80qHd*94}UrCmtyDOytq8sRmQ$Uc^m>aRROH(THdTtLL76n`yIif
zUpz!15~f~1!GPn#F_>i>NemvjJe>p%Soq=D99$PMY`y8Si_$_ijl4Y3gW&Tw#BTGMzHEi)I;UtvFH
zye^}Eg*PxokSli4f2sAAg3pQqB9}VbDs*u5(ykEQ_a{{-(elPj*#OB{!tkNNifx&a
zdA`(uM_n=bbdEM_@`r>^D>Qdteaj^))>)32W9W$2<%4)!1-ZS^kC|cU(l3giNo{xu
z+pzE0hW?ohuAi=iGq_kr8XRg(gKi<$dfK}f+lFgVw|W!kYH)^7hD$f*z{HNLJR!&I
z=uV#x=LnT0EsJke)!ms^G*}r^Xi_Ls*1x^3lb#VVrxDXgPxR4sJx&Iv5h8@hAI^5b
zuZe{rwVZ#;tP$A9y?(O>!LLFHRhJjHX#;EVq!@|c$v$?Oz|KlycXMc=k0lIANQfvqwmf<}>>
zCs}`HPuUSn{7<=*Hi}p*W;M&}4v}v&1q#72X!Jyqy-@gtuXzVB%ljt?GIDrR8PT;(9XI>LPdL{^JtNjc%U8wHjo!^Zc3NH>jN;M5ja7Su}{hOJNh+HeFW#iWNl&
z)t+KYR4~?m1i{i>R~zj^9aCSpw9{0Pd*t<+jbKwRt*S?8;tZ$wJ+a7C9Mlqtfa!2Z
z7OuY6h8&xowC2_>mssHD60_;02-{=Pj0vi`+$oE^c%jV^$?vuYy2aehG@TkZ8q7YV
zPu_%m-{~!FPNQ*WSPntkPzE#!#rSzQP~N3chjWGI}+6$xV3#>yvS2@v&C}bd~7EV
zX5he(=wt$ns3v_Bu(a`c{Ez#!QiP*d^Q72&Wp7PA5UGE-|;|%|%QB+5i6IIE=*Rt)Nt-AZ-UsN8S>n(
z$cf1CQ?5(=NE7)$vdu0z)J%9v`jU8M9bc6}8giw_fHtM`s-9)ox~t&2uxO{_-Wet#
zvmeWFuA_Y9N4&mugHtrw^hLde_-8ag$F`1_`cjINQR37b$qp|f>eP4;3cG4c;V`Eq
zn#ohb8?-x~0j?BxJHMicF5&c_*U4W&nG*hzb_~*$HmkI=4@>?YCTsVWz*i-8`+?4P
z@r=4GSQDPpzT`dOMVeE8e+cTWWL;Nb!NL&tx}m58hHo`miRywT=^af_A31l^lvj|+
zsyefMkTyZr5fMz|nrNW7PP10fA>0U9{zz$*g<#K!%5CI
z(H%#!%%j8|k8m)C$JCcI5Mhtjl2?~}B&}vRxX}l9To$_MMk>iY?TU9SOMToKrw4H#O$@v-N!Lmb$c8oJG6)_^wEwmmV!mX!3
z&9GJ_iSF*SYukf}+*Uw%GL4bjYut?|1F*6-UlrfV%{<^)VAUW#Z~$FDm`##iA5C}A
zhSxk`g4Q}6^hof(ZSw@th3G^lTwO7&mQ}Swfbs#0s8pTsTA#JLx(g8(@_M`&d0!hn
z2aDg6!4iiVd=nDac?NG0oU;QvXfvX(RQm>6%|mLuS8Fm#7VfFvi(XYVctvUVaS)!`
zyTLyNKgiT-uMu#`h%_qXIc9U1!b#g$qGwuC^JEvthZ*2F11y@!sttQVHh)#tK7k&E
zZLi@2So^}KZ&b1?WYDJbB$EUhJup|l)O~>_!2?Jl>)Q0U=)Cnaptir1x7+Q#C3@Uo3=*gzldXn3xLvpUzpy=-+wabRjvREDNtk9rpiv|Pz~$6zxlJ6%BZ
zExR_~0g3vPhk~Smn!$)vW|~qgJzu3~BQ-qvbOn=ynq@}1wb=KUAa`<3e8|)j!T2h9
zxvV_^r@S*ZM5hDKZdu1Pv2IRLyclV-&4m@16MUu*>z<%q^8;Y!1U``N4LeF
zSfetT;a9YTW^+-huyUN=1Cxnv0+Es&#Ns&$NIpzZ4RAVIs-j8psGhN^Dawqh+B9rh9}C3sEOnP9V1T?q_V)9p8+Bd*wmbN8siaEm+!5A5U=&oj-iVYW3
zJ1&Y@fst0T>lzf?519!Y?5p!eB*e0gF#LK4f~h|O*o0RX)*uA5D(J8$`rc%gH>56_
zDPJTysMRQ<+sZ0(9_)1m_xk^+dlN7_i(-HHWhO!t5QKmr0fu1<5Ma(^CJP44c0wkZ
zkTDZ5O625Z=1k_0*_b(#1%re|L_ikB3rY}_RY3(s)C)>PmVhXT28I)$B9xARtHq3|y$1N`Z-So(d?3%W&+8BpNL_b}qJiT?!5808==gFdCy*8jEk9
zW)wRrLZedSeRiq|Tw8E#7Mvk?_j57XRlOZa`Fu)jO2FOZX@mngcqSZ@31&lWaSRdZ`R6
z@O1r+w*UGYp0M#3OTz`5kE_EtnYEC%^MvD?qVx+j<9ca;u1q3Wb(*dyb*)gN#Dt7sVBB0c5
zftrT`=Oc)R^c5AxJ&494l|pVKrGE!j`BoHh>sf{dBlc|zoweTVNQ&C0;=EghFvf8x
z>me+nz7avaccfOaDKN}-AyYFS6fDvQSrZ+0
zo?I_i5kwnj@?I0#>3X-GsTH1#IhEXOq1J?*B#i9kgkI#J7bztg_lw0{MJBew3~F))
z2l(5(X`^})Hw$o!j_Qd@RSQrF;WB3k*`pm6D6?H9bQ)id?T0rc3%!G*BjBqX
zfpZFAc0%^7xDL&k*?6=j)03H^SU{inJVHJg#xWOzKN2a62G8PM~dSC}_h~`<$BF+>rC#uls
zDp*&Wqx<>F&z;0UDvXYTvcOX!)vw|ALw+%4n;*`kA&p#6bBuPTNRHdjS%y`1jum10_N
z<#Mj@
zXrNJ2+l|1r!jVI0y0b5AH4Nm|mDJ>wGT^PTbdeP$))Rq=wht-!-M@0
zm5|GFShap5LRNXI5^bx{9;B}KE=x6~+^CxB#mB~0S8AhCQ@{MafyoemrKrrX%pIQu
z9M@8{O;9hTutwmmbf9AGRIx`L1sD1kh6gw3u&40RIlTFxF9(x}<;4!_w*})`M68QGlH-M%AF&6FU>UqC1Xg;
zVR^kRRF^O-jYUl)bDI{0&yf!Y_l_{oc$Ee%U}?5!!Zb)amQ|b|Y%$S`gDoQo!V@fZ
zK3dIg^5#1GJ9>)8XnWQ%QEamY^W8eO%AULG{xo>v4|f(A>!WzLvh6iA0uLI{01d#i
zg*0b_(-Bl9e!QaOAVHuHUZ4VJmXzjSsbNjY5wPx)W&m4<9h6I9sh#NPV57C1bY3MQ
zeW%hEP19#^`}@)4G8WgkF*gMFh<5dHWVEqh@S7Bgje^+{s&%RI4JTU0fxswZ5P
zL7|Wk4FFNS{i6w$x@IOPP^KX+Wm*QVGzDuY%Cs_{!lQGbb^>x>PfxeD73_Y>^J=oYUYzLXn|
z_ku%3N6!}XqZ(IN(8~&LReX+2{EY_ig6_)iqFGF(Nd}`Dg7bgP|gC;
zjrYEjI<CquPO+QSweP?Zg
zzEX!2xVQZ)=0QJUx4+B6eE&CI!(Q=VBg5ujbaCrj&+z1ODALt4JA>_U6$D!i
zZ^-nF4s_vbgSFmIXrq-n>w3~juvX{0_+>qsUYr4CtUg{sW_53)L#TaR3V2)@z`F4E
zyS~2eJT9ZSR>nk>(cXPdM`te_WQ5x$-J^`LU4s%zflt8(fP?kY%AU1*i@`W818~EYJ?~`9dF2LpSIW9zQ1xExQhdP8
z3Y)^ow*Wghbw?+iXiLLG16A!Z%w}#;4&ovpIu)KsP?TyRl}-2t+>$iXm4z3}aFaJO
zMB=i>A-1lXli<=+v-?IA@D2uuQE=F@!PA$`2Zy|;ZNwg8hzr)_BYzNMmRp@0o=Hzx
zj}Gt^2Y`|v$59lL@##qo$BBQ5yIeXzGWC0c*$E>$=_LI$ijK{pMb?Ggx3(%+{LKy?
ztRa1ojtx5O54%;ZLP~z&8?wq0QBzWvC5S6W?
zv6K8i4edR1=~Sl<_gstTSs*40PSwDTKzK5?JK{&d$SDaSx9iuZQZ-nhby#}X*;tO+
z7`rD|zjJS+*j2}uIfzCik#S0WS_@G}yHyqaO-?S_DT4MP#s#UOchF1);v3qb@29{g
z6lia(uBwUcQWCpFLq@h|nrCCQl
zmC4oQ-O|zHe7zzF2;jdekMml0yY{h$_Iy=w(WTYcc;|Cg5cb5CBA>Ics}Z
z;ZVI0P~wX!i!nW(`U3VAg)F!%PRp%p&#R+b(7RKO-$ftd!!<@L>1u)Ze08`{aN@*N
zg{hvg(Jop+H9o*A7*@t^XI_(ux80?mn65HMwBDt4!r95LLJBTLs)7ja&FHft_tbg2
zx~j_2OH3^oNm~L-uE=QU1&biq!yrBwl$CW7F$})%Ooo=lKsXYsTd(cc4?iL+}c^Fvm
zi%u4`N`iw9cOQ6wjC2RGdDD?Zys(r+F8+)Dk{uq-ZlH;TWjQ*0;3oO_CM^wH;B@me
zC}IdKZdo{3m&-uxxT_hcrw>h`PyqHD+!-XDFM=a`T8jnQ;Yt`VI?$2WG+tCqhS{|+
zU-3EN#TgT9gK`RjEY!Q5qdgSK%GUn!1&-=NWlMzJ6n0Be%LLVmoVysML;hZ{aWrLS
zPz0lj{~>z}+`9lqkTM>_)tmcx2kZTOXvrf#GHbZ#Le7kiTaTV^p_^CoxH3&erD)ivk0`L3B~NqwUasJl
z+bGN7)Py;sNOX3ejis@+L*})mz?r$>lTIQ5f!D-yv@2*_v8c>ScN8F>^d)7$HS$x_GymbQwY^Odn5>(Es
z+OjykiHj^Qo=$L5Q1>wXR5J8M#V5gf5?hRAGt|^B^}fnlun2bNVa-K14LlyIH^q2y
zrZ(k}kHi~~D&%5CO6e#(cM4~&=~*=4fdb*67wzCwedBXDyeg6_k>B;+0t&snC{A(B-nLVMTUjd0do}mU^tcS5g04%hj4*
z#zSf&EjI4Hz+48wG4{aAW3_5}7c!C2BOw0e`D7T4qJY%(U?3%ux6d`xBTe`&GdXQ+
zAc7Oih{8S^0S#yXEvv4moeolIt_d5dtu>oZ)kBqG@2c-PR40M~4o`Zf%IiXJ}T|S!DlD!jCe`&tB
z0m#$%Wm@HHOo->8%-35J2q6mJv8S%Gca=3Q%DdqO5j;Q7vd@nfn2K*rj_{RbiOLk=
zZM@ShcGgt4rqWOnh>V@>oLq+Z26J*5w?ega&!kf7Zcusy0PWlSDp5?TIGwoT?s4#O
z53kCAZ8_hwL3hv?Nia0xxW<8{5SIcoxrEywYh0IGhuKRo&J{03`&pFYFb&s1m51MbNj0J0s;jUV-131t
z#+ou^zO6ueK(Ghw%>9S**Xke~mccgegGEDMP9G=9)o@P5-Br7iR*m3&JH*7Dg
zPL)cv#3SN#s$dx6ZAi7IJ~TJ+`Ae@lAVe%^G)uHSiYHmL)?jj@9%@+GQT+8aMS=MR
zl9CpY;T*hSlN;#D#V)k;K7cSkc+UjZSA32F_p&V*BL|^z37!ZA#Km^0Mb#i{y{Azq
z|3kB?pfX?S;7!x#CS092#Ike~6opiP104e^cBa^%gGD9=SMt#?zZRXKt>E&3H*WZF
zVma5QfClB=858hhh#TQ@JQ~`jziv1?6jQ5@Rqq2j`;S1;r97s1x)JOy^4q&))56|!
z%1P{VKvY{B>kgcni0_ubOiX)Xpq@fwi*^HdrS(m|u%YsAOsSl$%f3;=iF2&YBXaIj
zf=>4ahOwCb8D=61&E?}AB~HB*BTfrjP816_|7o>r#e5$CkfcojRqQVrkH@FiFU1FeQ<^BTSh`*Z$7r{nLMx0mZ7a(J-Rc#R9nyMg^t~c?H=^$rE~y8y
zur#7(*S0h+iqcEaLR>NJxZ5?=O0-VAo1yoq@H({f}U;-fpcq_ljj+P_P
zdy@MGPZ=h|pTnWmENt-nRXpAUUj^2@35tEpwV6sUgjOWa6)ARc&FT;(#&>jM*hN)4
z8FK?vKX?JVz%w$eLaOO}hP$1$rPFyZOq=Z
zWme1(F!xt8k0BfrABO?;%XvnVFF?hZlcBzBR}N!Jm5{52gM0=Zho#UJB}DNFKu`g&
zB3hKjwdqs}UPeI2HHJ3B%a_ec(%`
z2y>pLF$ozGq$(h8=^_XphiYK?j`YPCbBvRO=yDu46045vPwW}HoJS*g6IbEzqW?ul
zVyJ6}c;gASlw?{V9Rh+*yEaT9?|)DVa^j%(=!MyIS9OAca94|ZMFo_?IzJd5SWQn{t&FH}1aaR&oVbJV%(u_`?tnHx`J>G&&R
z042)xeX}r!`T3L5cLeK$1)jMpF|S#a6gA$C&5k1JPLN$o*iZaipPDAVABB&9fpVvU
zxlJ%YH$;K!&Re7<~w%s$$vgX#;M
z%;Oi}sy9cVo~%n#oTwHi&4l`VQfN7XzD=t2YBf?Mz#7m!I@FiP4NauBZi`_Ltlk`z
z$Hiw;6I=!YC;8UL>1`@N-Vw-Q?hmduMw2O_x{`H6DaXW(4zXddQh{PSR<;s+CJV_~J3Mm
z@9zhNe*|wiq#Mg{yBcNS^#dN63KkLXtXrW!v%0@9*n|2rh@#@pEGD*I=x_pk&AuiL
zf(z_{gB!%P|C9)0#i^(%*;OMw(Ffx(vLJ;LUM+JyKFqjSpje_VASzLvHJpy;zDb4S
z0M|-2uXqFv-*euNQjQ)933*L+8Y5GqfRX9u4IFbb-Id7pMGmgi*d66s{uI$l`^fb*
zpfKfocl44XuiJ3Ll6t-wtY)yDfC9ib`T$SBBR1?rZ=T+u59nk4T$6oLM#h=JIj%?g
zyWLdA^XXn{=~6zr5jsDI2Y~qeAPhEXy~afi?g-UYwb)n3yRXvDw|D43`~fb`>pH=k
z(wBSp=wJbk(Wq(y7uQPZv!sm2o2~(cfe*esUqqY0!|`#!q4wf}rsK0WXqkLfVSgSx
zE*Nh+s@73w{eU=?*n3I+aN&;lU{a;MPkRT)+LBiH{(06l?QbeidXbK=6)k*}gBBHK
z{tI5sUbTM6${}+}Ot2OkI2J2L5+f@BV}LFPOA_6o3DX(fD0sGA5wEysrvzSob(Yn{
z)R!b+Jc3SLfu3961@}PU9JZ^Dx3MnMexu@D&w*D0wdN}=dR2vBLEqtWVz1GyZXcZ7
z13;iNtcMWp3b9)_JRlioWZFRZ7T~4us`iBD2v+I0Rx3NyY|bNl5nI*8DZ+q}7}vMM
zDekO=9FJX40uz0w%3M6?mf<6vH7$#j4EF5Y-Rg#w|nR|(q8Ar3VvkE}7K<>NO+GE?C45_AG
zh(#Fer`PjpxkR831hrj=y;i&iPw?u%Tkz4tnnm|F;ROVA=S@{R1Kt6~AAOFXd+8w?
zRc@ujXf9pBL5p{K1ltAJhoF21^L1i)@_cw0PluD7-ocmzC(y`Yey}gAN2}x5*`SZB
zjhu=#7H=1#5YAduPv6!AZB1-$99xAsg=%g9SC$&IY|Lf1Gxt`dJa5n8Vg)MwdRpaC
zjG)3QgUpys9dvH+F;}Jjs41nLM8Kj#a5TNyt3*jHmP=BdlQ#vc&>Lqi2iy`>3=9V%
zmbl;nn9eCVp6%Sj?v5DecYd6Z_tKN3UfDj7p0b$z37tRzjW2p5<*|F1(
zH`ByGl!#=9@x;hT`-(Cj#nWns*{YNf>%0eYocbz`ka6xE=wHkMYk+gFD>5yNy0V*4
zEL8idrgSyWMhE%CdpX+jiaJ9{+zi@6jb<&a?Cc$f%~GWcLklT@YvJ0yLMAuJ@7`7A
zlhDpGB`B$nRn%6wGmG3W_%LcWJlp|y2&#P$c9*O4SYMKAd5Xk?(wA8;qTt;5cn@JA
zr(OzK3|BV7x#tmm&StH-da?l-q=EKb$0|7!mk41QNJ79)LJ|TU>Hr*6mji7A&)d`U
zFV;n_f|-iVw|Mc+gfnY1?@!_xwXC+roub+F0g3(%u>P)vcuI@9E`^Hfx(KYDY1XTP;;C^Y&#a5fV%C(PPE@Mx}qC4Nb=uVRBPG7c4(n{UtFxx
z@*WbdK=IG{s!RUCk)n+tEHOomw{p?QV-R$?b|tQsQ*KKTG=XTbt~BfL=(1B@NXY2;
z&MFsA<%ddy5BVZ9)K1XqSeq&@L7dxyJG-^8LQpIjyqg0r`>ZkU%dzRGR}neN?gm#l+gVoRk{|V87CymB+8(aZXpSRaR-16W2Rg$^YaIr^NEYtn
zLg8CElclDiRR~^NA08=ym@8xkd(vPa0+onQf6!v)M156$L8%Ql4R?D{Nv4lBKs7uE
z1h^SsDACsd=b8FZ51`Y|=EyTDb#SGNy~GU6UK9)tA~sgkpT3g=rwq!om*EzgKkPQ=M<{iQ{N*
z@8}}Wlv04ar9QsJvoU-A#d&zB0jxa@natWOSiN9?Am%atuSi|&TI}zejnRe~Crmk^>G;&NQTk`yDo+d@J~#ei8%cB#XofVLYuw1%EJgNVcLc>F`BciZ%Bh{Nw-{6nWNv*~Xj4!;xe51rm)({an{!(y!q3qp<$E59$x5g7EvhIejqp
zy<%8Qe~Q!Zilu+n(0`fJTd}@|{^VUS1GeKn?zexy-(&5-ariBfp?upo-w8k`nXkTq
z$dP>&o)Mq27UlB{c$fR%PbmC7_-~Xlpu)Pm*dUx#mGwJ&y0K1sm`z8>6
zlvUHf@q1N`3+B`P`fzBR@3rIn9MgLYzKPMp{`tD?pEo$)KJfo!zWQ=(?}Yy0J8&etBwcZ$kK
z{J$$y41R~>A9^g_r|O02R}@J<0@9b^A_l(~;6Ex-)4=|J!qRz;=}7b7RZc$@iD?=i
zwBJwI4HKg1F#JQOFSqF}oW9siubW31upP@d9qVbnulqiwV>>2t`Om}Oy>@K1Q
z4z^48>xNK$dM#f~8&2#uk>jwcNym!4COn^>fO(A{iShumD3ly?Q`^(
z31~2YU+8;kKiA`0$OBEYeT4G;63c%piqL6*&yL`Ftbo7A=+t!@p1PT7NPE{UMasaj
z+|KFK;qPWFp`K?mZ{Nvv*aXS3I$&FdZCfV24GBciBK$-1MBN-y&jp-bh^4PF>AjpD
z;wh}>rJR0e?E9O{_jhu-)DK%ZJ>`DiYwQ0~iS+SgT!6i}`+b-FeiEnmxaoE8H}zY<
z>HE3qN`<677l-Efb@wI;1BqH2>;ML
zkMm-k9j{rO=bdgIXWp#jbg7IjaZ=lR;-}3_M{4JTCDONXy421$I9+Pz!~?K_QFK23p~tyS8Q>cL
zn#t)ub!*uv?p?)QDR{Oz0`(vfj2?&Ln$
zKdDneJL<<q*(6
z#_3XDy}{`ce@{F}^}|o`e|pRl{5^~FNc=UP%P7TPmogoRzdD#sDgJtf>1=T8Txa>~
z6;7A>WN&0b_(}ZJ#OV_MG{CpIUuVPLWAe@MDXnKZyTg1jeOq5g69s8p&*@9y?2TiNhNiS&sFW8qO0TTAPdgAzZT$>}7{HGRiFx`NXs
z{@lpvCtxA^`<$)cW=@yt{~)K&aKBeW9W?;9jnkiZ)3Fa78*@a;h-~X_;Peic1}{?B
z2eUYRs+-<#+pv<;>3_P7j_+|(iS(N}UFyRvoPMHPzH*5Xk8CeNUu|;3x(>?qt=xyD
zWZeQ{!m!N5e(L4)g>F6TW>ZHs0M^9yEWqDmbEeMjA@61yXT)eIhQl(RDpCh*%e7p_
zkCST@@I?KSc8!|QfCWU6RM%}K>e>L`F2_IMx34?Dm0hVGOTzkYY``30S%c}D8!$DB
zP~SE4Bdd6;0iXx*5BOb(e`wx9{&s9&+Z!-3iY~)Hbe_5khzORUoIFt^@mIrPm??@@
z;veRFwH{9b=q2v+QTTgo+}b``f5o_q-o$Dv@nRp-3dvTi%N3m71%J0?DF+#*-_7YE
zdC>srPjPxN*?c`_gx@syFIL|H)vs92ghtH4u_3z6i)?xer+*eR>GZl!nm%2|>FZ+Y
zs(=Q-3Y@;rF3$JJgX1g@Ue9@YVl=G1;p?2fpPSD125iHRIi0plx{gj8UgLCWE*(I|
z_wanixwM`8y3|}+$#kT-G>PjW&HDx@>sF>wY%Xo(JQ5$j#OW)6o*gsG$M;U*le7ua)yD*dP`#Q_V1x}av_*zac#>cu}i}CR`rX%sd8=U^xSUoKtPdpM6qDbQ7
znVepXk5_V@P#qe8_9jlhF*z5mvUA~9&a*#OM)#+qXFS5`B$jo$v&O#2=^@_0I*g-%
zjH0)@bx^W;H>?HDr%9Yg@&zs6bg2%#oF1wJ(!aDs`kkCE=|WpMUFxHkN~Dh`qfZo_
z40SPm?5rb`I6br$Vf`0ydb9g|-pb5gP7l?u0lvAE)4%C{k89bNERDN4kEDw|#p%>k
z%?E5h!aBap>CzbOfeRY^q`mrNPM5xK=X6>Ub@?3Uh2{5^`2LC#>34HFiC#^g<1%n6
z7r1?Mfse;wLv$WoTbw=kt4t>(`;pFrOsAA=pLq-x5=9}NYyf;5ms3neZDJbJk&v#h
z<4e4m)1^M$!s!y5h+r;UiwF}cbIGxPRdOVd2
zIck9PAx@XpHl%Sa=aFRPeViVWRanMzoc=WY-S8C3l5g8_eU07lVeo|wmV#Q2*e@6;b{*T+YgPH3IR{(Ozn06Bc>F$2m)i3jr-%9#`{Pwkmw0>v
z4OkROC&3KlG7Ks-#dP*O`J}wq1);BU2o>}S?>3a|7{DWpX8>)
zTt^c))^9tfhsFZaRd9ZIo>TjqFjExG#XofYfIcn}4FJ8wC4oq9Z+Sl{)Wz8BCk{o&YVujlj-Phk09FY*14IbD(;uW`CmzXPUV#bmu_
zI;TtZTh8gEZs_)BEkCa3bV&wZ&*}5968d|Xcj$ei_H#OkIi1ciN|^p*PM7uquW`Dx
zM?ati3zpY_>6|Xjm*t#JQ&-oI?XnF(cRi%
zpSN?mG)_?~ei%hp;vc#mbssYGvVqejKApws5}&Q)bcxS4m7sq!r%UzU!s!y9ZRhmR
zI5l9Kr{W)=x8fhV{fTinqC_4XhXtHR8i!s^m)dbDr%U5-C#RE{O4swfcAU3z`u=V^
z92?0?oW75n?!+vN$4wgir1VLg-j11c`E_#*pDZZxeJ`g=^}m$UrE$EI(@AXU@*Vra
z))M8v#Oc!dGM<#pu)PzwTU83L1>C*hTw8Zy!a{5fS{f-W`mD4x6>2)dt_Ww(q
z9@5zxAbmV3kPwquWIs2V^GLF;ozo9+>!4H|<^SOH&>X`$T*2uB?)PMeR6$gj=bjRI
zu&vK=9!aNumD79Na-3Mk3Gc*&DB2JI(7f*W7Fswx)DA3v8K<8)~p-r#geW=$jm3!KjdT80mJPtgF-Oiq{j3G1+u^GIcE;&e$rxS7)>
zxwD1SC0^Oi=~5pl!=JqG(Pz)4`p-HA8VNs%msfJS#EY9aU0RoJ=JZ3b5Iq;!x6uI5
z7EUjwzr0u?502CLcflX3TYGXuX^+=_i+#`2J2#KME_U={vUl
zt(-3P^Glq5sQbNRn;$<56N>0RvnV-|+P8qyrS|of`2JE(m)dtHr%V06mD8oQ=_O95
z>7e`1@$ZbE9nnvsKdD6ef)eSyoGy*er6tnuEJD8lYQB}zC0T@dUM`Ub=fU1{;1Bpo
z`@$wpUyGS^Kh~*$AN;rbzQ3B&rFnP{r^obg*sq}Z6w7~x)1`5Ih0`TI-g_=K
zOuqA?iPNR;J2+h$=OIq-!a_{{S>O28oG$h6J)9om;|3u445y#y(&v3QLeg&+NEjFW
z`F}&{_0hj$viGZx9u)9z3i!7K{2>9~;^A+DTI>>8+|5uQJ?#F|)VDtRj(|Vv;i#)1
zeVw5HKb!G7rmAuLXMOaT`%lh+_~Qcpgn)lnz`y6=r$H%o&bZ(mBKlV!J?-U39SGY+
z_EY$~{y%Z6yu{FqiB{Z7F3O(dFv`hR`&MAX2et>`0^Tg(EdoAOz^4oNNdi7oz)unI
zSpq&=z~>0~JOQ6C;HL_Bn}9D8aJuQj4j})nK3XE=?-1~%0=`VZ&k*qC0{%V$KU2V0
z2>4k7zEZ$f33#`F_XzlE0q+&?vjx0Qzy}0;NWjk#@DTwY74UTezCpl0AmHZ-`1u09
zNx&}<@QVceLjwL`0sn}AUoPMu74Rzs{3-#zM!-KV;GYoi>jeCh0)B&l-zeap7Vw({
z{4)Z6i-6xI;CBf4=LG!o0)Cf(e?h>%DBxcb@OuUP%L1-%ii?Zr`sjWk|JMZk8v_1-
zfPYiK9}@5_0{(3Q|Biq^D&UU`_!9#DT><}|fIltZKM?RA3b@{VCCBRpA^%SV{HFr0
zZv;%z|GAKVyMX_vfd5Lse=Xp@5%Av%`0oY$4+8!t0spgr|5d>MCgA@N@P7*U>jM6U
zfd5OtVQU%q!G21>#|ikZ0zO{A-z?y}3;3P_zL$W%O~CgR@cjh*?E-$FfFC5_2MhS2
z0)Ci)A1>fW2>6i#ew2Vu67XXM{5S!hEa1lr_z41jqJTFEc(Z`F2>4V1pC;fl1pJ)>
zK2yL?5%5_8K3l-&3OL?W<^SrVQw6+Dz!wSlVgX+w;2i?KRKS-B_!$DeT)^Ka;AaZ>
z3ITt=fM*0eE8txMo)hrZ0-hJ}H3Hrz-~$3aDB$M^_=tdy3iw(9UoYV23iw6=|Db?x
z67UNJ{2~F@Hx0+jeCh0)B&l-zeZW
z3HWCO{1ySfO~CIE@XrbOT>`Fej!usI7liy@67YKk{3`|Y@b3!vQv&{d0e@P+e<0w`3b?*GJjo}|3;ACV@Sh0ye+c-`
z1pF5Q{+|N=D*^wtfd59oe=Fd>6Y!S>{Eq_uih%z`z+V;czX|w11pJ=@{2cXzNdh{RlxTW@V5#0J_0^L!1ovM0|fj)
z0Y6B<4;Ju41iV4O8wFgy5D*()*rXpR6Kto)YjW0^Ta%
z(*%5mfS)Ab?-cNp1^itCK3l-&3ivz$PYd{|0^TOz3k6)iD3Ro=#X|nm1iVAQmkRhY
z0Y5{)-y`751^j&izCysy67ZD*zDmHm1-wVVR||NrfS)bkeF8op;DZ8wj)0E{_^5!d
z6YvcJey)IT6!7x|{Col5B;Xea_(cMKv4CG9;2#$7j|li>0)DxGe^kJ)67Z`9{2BrO
zn1Fv=z^@hXPYC#R0{%$>zd^un6!4n_{4)Z6i-6xI;I|9-odW(j0l!PY?-uYc3iv$&
z{$&BbPr&aN@UIK_zYDm2nJKxxd`rmxkbr+%z#kUyM+E#)0e@V;w+i@^0{&eA|DJ$9
zE#N;8@Mi`5M*{x5fWP43Jrr5z!O;bT?-n0G_}8Zh*U_Ig`2oUrw*dd`PlWH`;d_z?
zYEKV8j_|j7IKG*}r?F#c{eEKEKTi*-yXy8A2X?oDJndcrX=ctF%19lcgp_`4?l(CLow1l{##G@!Eq4&bra!q
zdM1|k4B>~zF#N}XyW*b|J&u1dzr}<%nSblQTtN6t{ZI4%Hxujd;Uj~>nJ~inK#qey
zMK~W)aqxE#tIcu{_1E_iKHI~;MEI#5{yO0cJbdPx5u(!sv9vD27soLC$EOL$=-B$|AO$3c=$1NFz#v(e-Gi;
zc=$PlU+dxb6aEPg|0&@&dH5TIf5F4&k*NBjhp!?0J`cZ|@P|EIy{GZ0ho46x?=cVm
zFT$Vj@D37%Kl1P`gg@`$yYGw8e|Y$O!hh!B>j>ZO;U6RXmmYpU;lJ|mzY_kUho3+q
z`?nt6N%%iK{9M9c_wauw{J%Z?HNyR4F%7gN>_MxW`_Zk0ztzLH6HYfQy4j;+X$d*l
z%Ri6sLp*#P;fH(prwKp8!=EAiC=cJAmZ(V{K9lfcJbXRjGd%o$!r$rPzaxC6haW>r
zV26hf68>%vzlHGkc=&UKzt6*WrKNO*htDCr&%-Yu{5%ieO86H&90w21t2^2hF{J2FU|Xi*|qxEy4ku7S#Ywi(vqNvxgy2AJO9DrPW8YXasOt1Ohk-
z`v6YDJAjiA4d5gc1Gum6VWxU@t4AO|36%g&lRkjcBo5#-$pSb{f&fm;8^DR_0=TaS
zVy61&ATO`Nef?13zJ921Uq4j%q4+=VS06Qa7y|XtVFKPL;J*H;=o}&BKT^Pt67Zu1
ze3F14BjCph_;CV0S-_7M@Dl|5L;-IS@RWcz3-}ZPZxQfT0iP=1(*%6FfX@(czOW;a
zS|9O679Q^JM=(o$IHQ#tv;ILVJiPz0iP$}X#t-v
z;Ql@cGuB7`K1kth0-c2dzDU5^1$?o9pC;f-1iVAQ-!0(&z6>+gt6LqtZ|Vd4HI@H#
zFR#MS5b*a1_;LY%uYkW#z|R!$6$1W#0Y6K?GXlO+z_S9rO2E4Wyj#F?0^TFws|CDQ
z!1Ds`@1rqeeY8f%-zVVx0zM$%g91Jz;O7YVuz-&UctOBN1$?c5uM_a~0=_}O&lT_w
z2)J*Tz>M|Lc|v~QE}`w^g#vz&fL|=&9}@6O1pLDSeyM%vm!0#6DF9`S-1^i0_evg3P
zE8t%i@UIB?eFFYf0l#0szb4>c7w~Tg_`eJI0|Ne_fPYiKza`)g3HTNP|F(cXEa2Y}
z@J9svQ2~EUz#kXztpfgpfIlhV-xctu1pIpf{(S*|TEL$X@E-{HvjYA@0e?=wesdkOjX7Vx(TIK9w@BxApN^*Ut?!++FA69hW@2{^v)
z>;LN2i)vm%eRP13|3CqMhkzd>;1dPh_cLPU>LcIJsPIDtIt>DTn1DA5xbMeQ<@$b1
zg&!%<@%@`B|ItEz-|wmN`+iS_A1lx~PQWJ%`0)aMf`FeW;7tOa67XgLpCaHb0*{mv@C?{`-C$pW2I1pHkBK1;x73-}xXpDW<=1UxO^
z^9B4=0bd~CZ34bfz!wR4yMQki@Y4i*iGcg@18RKz_yL7473g#d_%Z=MUBJ%}a6fKA
z)n~bo|Gfh4$2llEXA1fK_y?8${X+h;1Uw_)D+N3&;Hw0@OTfDYJSX5i0=`dO#*&_fL|!!7YX>q0{$TZzeK=4EZ~<4_(uf%G6BC_z^@SSj|%ve
z0)CZ%UoGI*2>8bY{Nn!LBKZ)_>BVoX#u}Uz;71t
z&j|Qu1^gBPzg56*6Y$#w{0;%XQ@}qb;GY-py9E4h0sn%4e^J1{B;fZ5_`L%DWdZ++
zfZr$JUls8C1^jCQ{&fNWhKIj+U=%e*-!l0AD6rx8GT{#yd|w4ee1gEuk0|2vS*
zcMN_E<0--)HTb(2?-cS65dN6Se>~^Egz(1=elX)V0e)Cy&reNa{A)t~X9$17&^eLw
z{}%AQ`S0%k{#U?vI|$qRT|-CLXAPO}^wSx?7jUfqi#&m*azA~K@ptU0GQOAd{}14y`p;|(qr0{&kD
ze)Qq0{tKH_1+~ZP62L?C{J4Ps7t`6lSEJyO-bz~gun*YhOCKed;t&!GBW
zw4Cwj+z*QxU&r`(?uTy1Kf(C@+=$j)RKk6XkK0fETfcnpEaPwC{5pc+4~*|ULFMmd
z`ujkCA%CuCTu1iIVEmUXAWz_OhXD`u=a&T>$0L;gbpfA#w5rc9;s5x%yfgFuPcr^}#!pqr(JWZ_Lgij6;5Pt{{qQ>T)jnMA4}|=$2>9Nhcp#l;f#30`;8x+Qj(r$A;^9gMi;I;LiZw7`@6|
z6GfWO4>=C;U3r#7(IPIl5Aaa`oG;*81bqBt)!s`X9e-=Nr1^~h>v)B$^Ttv15x^Ur
zcW1bpqB{iqQNn+0+NJaVO2Bu4@){%i&PYKOADu$DeP@KL6^#(Shv}a?IsfMfx9^PT
z_2?IX{}@HbeaD2wS#&Sq2bz9(n)Bm(_Kng02Jd0~6u_|`
z9-F3s`HU|Y@L|UH;D!2h&VME2s~GMm7_VbMuY*@H-jl!|V0;A&e!V{ajPd&xssa~teg4JxJzSr=xIPns
zzp?&X+7!Uu8qH&T64SYY^A9lou>}gy>*MDcU%67@di~n7RnfmWuW()N9LBeEKkJtR
zJ^=XMDr@Y|8wLEQOsAduQ?G-aQ^Ry_0i5`g8BniN+Zey>OjWEN_qV{j!u-4PfM~h8
zi1Cd*D!-Pi*8tw=yw7zwx8lnJ{zJmId2;nt0pAbiXCv%Tb>|fLFQ*fJxWSKS{G)^)
zX>cu99|IiQHExZ{_yXtuAI7&auI1-cn9rF1%Y7=NmWKm?H#+Yb!Stlx9fTia%GLPK
z30JpaU`8zuPdEwboM`gzr^rM@gdcBk?(XPb!hdf14Yr5$ds4uEMfi4;zmxO7PWZuw
z{3j(A!y>w@TEGVM`z_&q{`bzt{4aa;xktcv
zn}hlP=;c3)aQi+NbPN5yFXTTG*0aXw6_3uPgwOQ)VXKh;xOs|Crmt7!X-V{cz(eDH
z3E+*@;@l|BS`s2@Hg;MX&q7cNlW|At3sZ>T_s
z&btNtd;z~#!2c%TQ$TMBm3t20jnS#5pO58!evt4*2G`^Dzl66LJkR-OgZ>ese<9%5
zpWnJjWz-(!%|iZL1pF?*8>7E?eEwG9L{Tt!--8a219|HPiV|0e8r^ed|Ut#b$T>sk%x9`pM
zG5#FkzTNdrry>27hR*4n|75~f8C;h;Ot^iQ?Wdgo2ZZ;T{Kqr?KZM(N*|Lluw*{D->9?71-#+kbz(eCZxg(693wUFsweKj>?R`?nzx%r}zkLr*%jX`#
z?R#+hGpBx)@O7sC8@c}bFGV^V3_hRpFDKl-2e*Oq{~O`wnfxmm-$MBL28ZJ4w=XD8
zjnO89AI11e!Y?qmZtoWW5B1xh1iX0}()ah9J%oSAqyHJgef{l6gn!iJ--qjYI8>}L
zy4>I?#@|c$M?Cx*!ml#;`JDg13IDLcHUCdN1LZ6K>y+)8qSh!tMKUdVCkW
z2kBgA=;-mioA6H>T#xUc3BSSMdVHIgBb^%!uE+6G!tMKUdK`aD_)R81G?RXl-ivfT
zWANFGZzlW}gYVA#cIx{u|7`{bcB0=83HSA%Gtb2QcbNQIzI~B!y*sow120CkglUpOfB?biQE9-Jj{)OZZ&|*Xz+KXJLMS-M@lx`#zoKw^s@OlA&_~
z(_ffDI;R+1kIPMj-)nH)uD=uR>s?bZ
z{)EX7>IePa(u3uG*Wd-lPb1u4f6*S%7@cYIYrgu5fd7v0vrK+n{}Wduou@s#lW;%(
z^@M-VBQ1A}V|@=?7=-`5AuB7C*Uuj_vk;oSyLG5u!=?=iUMhl63lHby?3
zvk15Ez@E=^9wqz*LuX%>W5=D1bnN?sdR)#W{3j;=QB3DS!hdS;V;TP!;oA&;A>%D;
zkp9mNei`EjmZzwihlPK{#%1<
zdG#;Ce{XO-U)uV^^v?vmk#8AA!qXJ_=uRR3{Q~|N(fN}pcLLLS+W^x4v%x>h`1=XB
z?-H(K{87T~yM+7j_|^>~oqrfQFdgXEO87qwz8~Xx!hOByLBd}*`E@_Xzl_gzsv~)${B9BS_!ApSTax`2yj)oBW#3$3w*$qdg6-`FtMX
zdl|fo>0C+p+YGMx`6q%}9}NXHM*Erkns3(;{&s^;VET^|exSiW%lL$~NarAf
zYd$=m@PiGm`S2maeLZbI_z?UiCciGXoAAR8zCV}yWx@|LxQ>iG1?(@4k$pc=uY=zr
z{792u_y3WgKsH848T{=$UtS^HzMpt1m;3&6G5@h9zo!2f;l3WY^aGgxIFnzO`vbx!
zd-$%P05?X*8+JWX>dJW4-jtOZ9JaojK2u;`}*NV!e@DOUMAev1E*e$bY`3Udb}6~ivAI9~(itsjr&t<;-2jPnheg@}nz69wkHn^6b=Me7e
zdp8lj#N^j}_zdBXdwlpi!tJ||)41H@KaAxrHFTykK18^E|55Y9R|sEb^6P&4KHKb27j9KzlZSuH2tuW@eP3Q
z&3||Q_cbB^PY74HxMO}@pCdnt<=XcvLEWWaj&S=<Vq;8{mzRum9`=jMNz2W$5g~bgm}+ZV!Ki
za9>|K{*y?@*K@8T{0oN8T&6$yQ<(ot2G{lfCgJxQd?x2V^ajjt-`_l%@rw!ns>!eW
z^J&8U_5EF&k&eHPUq<-X44vbc{&R$X!{B-yKjlWG^MHqck??PNc*CbL|3e1fpXo0I
zd~g1{`@hwce~Zb#oD)AUwdV5@ZT8x5YGQJ;lDNb
ziH!f6@ZT9+%lQNEz;a*q@b?h@M}yC2I-3c%@1p8{`!(TzG5N3L{44H6`mY*X_y4B|
z_w|i$6YlF9yL=Am`1;1X2>+X*ulwgx!vA6L!?`{W67K5>FB1MwlV8{K@XuqpuNz#q
zcZl#e46ga)vxM7sSM|93j&OSszwZCT?n3%?*K+3VU&Q=x_3%}Iht`FUQGQ=f
z_&(u#89MD;&w(!?{e29s>;EX>Z!@^A&%%2!{{(~Uae0*R{SB_==d61%{{aTqbgm-Y
zzTc|l{0o4G+Vyh*Km5x`-@f;%>EsEw@4dc*+j}G7{yP2}!tFb-ny*g!3es;d_1E~#
zgg1Kl9`|AXBMkmlE_VgtM;ct$XA9v+8C=hcKNIe+gS&qf>HF*8DTE(w=$ydio=f;K
z2G{)j4Z{8PYdhh`nf$sw``nM^`s>#`!u@sXe8MLiI(mLRO1Qti{GIRw)(Xo-+7G?uXsKj&$sMwRy&86W(g_>;1yHgikZL?$56hZr`gtfa$zO
z_(>-JK8#QP29|5zs~uo`h;aK}t;W9zc!>X>r~L0S^d~c&#(zip_PyHu7+*>FJdxbFX_314h*-QHcnkk}ZVW^moliwU>y;cEOw!k3!-x}RSr{0xKZem?$N
zNdG+s*X4E*zTDutpKm05nZb2G|BUeW8T=6L|C1j=`YQ~69OGXn+`fma>%U?P=3i;@
zYdQ}QzRKWwy`J)I%-?NrEg$Y8yvN{ry#7MCFK?$mjC6c?+ei3nLr3?|=Lom&=jwXC
zM)=t#zsB3YgY-j9<_8s019LIf8~iBF{}sYF8C>_z>xBFBcgEvL{{oX=_fIe3_I+Mcf5I;|`E`AMP531S
z*Y!VaE7Je4!FB#2!arhgUH^v&zs%se+=eHR&gBL_f!lj6;U6{l$&62Y67yeWa7||;
z;r_h%4&nCQUY&p6?;@RRJUZ_t{9^{!{d_s$_T65MKSKDmCcmctN5Vg0a4iQWJ%#07
z=izGzx9|3LaeIG4xP7;GE#qf=59!=!=;-{96MmDyb^cSokNH1i@cB&V0mALOz3q(8
zdK&ZJX7cNHolW@d2G`?$3*q+NUd<=Z68*++m!LDWU>wdnH@VgDJ+xr*7
zzi4pX-rNuHJi{6P=D3Gl|~K7(t1dw}r!4Spi`&kI8SzY_h2P5!+(|L)I*
z+j|J$heeNi`A-q@ucrL={ol7U{R;{IwxM$n
z$#my>vZH;44A5JX85-=%cWp>Rw)Rx>NFm#`raj-EFJ!O?jm*mp6?zGA${8qR^8+KN
z<<_<52Xg6-MO~e#j8l_ls9AruFMn<>y`C26b
zv~^C+AcX(JHUX(rYi8*x$e+t)da10rt?9L4Sg4@5|{wYwT?H>4K)zU?$b!Jj2z~|?(h0)>M2=y{G&LyvVOc&Ex
zn65{my5VijbQWf0+PZTCg?wQ{TW2c_vmSE%J9IbvFP)mAi^=5shx*z&XJpz}rR*q-
zRXuFGcbuc0=Itc1demXEG-uApA+Kj(-sP$rDm@g26pn-~qSC1iRho^WFVmX`VQJ}<
zKLzKuB6F-wt7&g$X=3v7gmnr~lUYr1Z*CIH;S9H9QfbSeULZE1Udu9_Fg+G^P9Xtm
zDyT}flhe-oK;bNU%J{~%@c(vBnvR2>FE|r-0G6<-IB)Eyx$VlSYiZh4Rc|f447F@k
zWXw`i(`jrfRY*0B4&-5Z%M2BU+Z3O&szs|7-MPM80T#j(O^`O=Y+&;a)({|L
zm85KCnBBv3*l-qT3z>PiBr9S`6Z5hhuhe6IZTLp=B7#YK_
z)o9)6RXCnYVM0%{dY7I6sDm$EMe0|2$+FCnWld^~YbWmQm^C+<^4H`xz~-rcC_4=D
zhgHO?+GbXEyM0Pc8OW{6n4MV7*DblEs#;(fv&O@&I5s@$pst#YR|Z!MTrZS1t|mj7
zi-x;g#Aakz6dPX1CM2)BEXL?a!cK49Vv@xnFMVeU61RFVTh$&JCQP6z!5Lm&ZGxZ1
zD-_D2#!=U4jMTvt>+`7RVFfzpuyj4O=9)47MqS(V@Ov+d`g@WzB0^|G_-cqW0x_OBSCF
z;Tdl7p!TC%E%$Gnh?xs8pE~3uac=AKpg)B5+20|$3p`nz9nqQ9FHbp2j
z*WI0})P~@96*nVD#jPawe~EkrB@cwjgfnAFm+{MRhN#7_
zy}v14=~UtAVaA>fjYcyGabujhy}=9cKdR)oQG=>y+m@;2TV_>h_Q+p|%xxx>X<&f4
zE3BPZn4U?c>KW!rzp7Hciu$tHbk!AxK~802jFd_*1TeYTR86C!%qsE`sb+<{Ot3Zu;^3Um&}>no>?+~
zeka&Dm(8Bjp2nWQE(upayAFy}L}v+CNT-SwGa0ag^WJm9aIWVB@Q|%vpBc&xgBuOp
zQiTnfwM}X~Dz@r!e^lPEC%MWyCmgYuA`*TqSd~VEx!dh!F%V}=L)JTuN2&F2c4)3T?jOvH85
zwF_x3Gk5}Z`O4%)H)x1PstH|$U4_MHuC(BWeZ}>u>6B>&vdk%Te{MzQaM_|<}#9_T$MX;mqOvJ-mI!_
z;$=HggJ~f-3;UKz=WQ!_nHBF;@wt}c*0s$2#=U|Laxi)(T1hM)&$zTRpU4Gm0dIL9
zxY=a~INIQ*C|`LVW!>cG&cF`Ln4t*FR(>P5IwV85$g_Tr9KScp#aswl27=oruEB%8eRuv59Hl3=XW(x?uT!9O#a_XT=e=3vc=*xEH
zu;QwkPC?W1BeRExvn=KpIVscgBTH7D4gN3gVT{PoGNy8Nf-ixcU?wYXsN3t)v)$bk
zI#Fdq-BHjiiW-MS_T
z5%;OVD3&eN+?~UCpwmYCSLKF19&~$FXYHgon{ZaeZ!kP0pPlhfrAF3ehdQzw`UbPz
zV9!%_ekVh$e+?O6yBX9I%Qg(l^~E9Z~ETYgP&b=V`h11&m?|
zBvXfToBes5!r{rM}SJfQ6no|n}Lp5+GFF(93Eg>U>a%B6IU{i
z2~(hwcMY!14bLAQ>{p@y1^Eo(%OKmPjEtH+0I_ZKaSf!ERH~Xxp!uWnwgc@obbM}=
zg$Q)9R@n@XD?+I${n_>H5T}?MDYWrg;>d$ki%mW~md+}J7Dw|2M_2WMM(M1cMGMUj
z$c2L7TA!$<(ilB)H5F
z#q1>mDZvI0USqU)Ov$tjj%1b$2L2ffp4F|Jj*BV>}lrj!{S>|4&g={Lc
zK$rbZ!V*)#KBJ)b8A?Ic_NOhu`dvo41&q?%NfzqIaeD6{7j{(vq7mw0uHK55)LF{HI*6S
zZ7dCSED$?3VdE+8WR0aHtZCMz0mRg@;e~o9hTeW+r@xuFAZx8+Y;&45$s_t~+nq2Iw}?#jygFdzu3RDx}BJE8|$
zDt0}Kt*pTe;dRbZh$+M&3W81?%4$~Ea@69Y1Z2&)=w~tISh1YVPikkmnr=Ct>1oL;
zp;um&DyuEpj*{uwVp?m_4?~J;@Pk_Ft|bbv{!mHZEI}ZyaysWFWAnm|A`$dHJqs$)
z-1Njq$kZ5|iU(gnwS;quCa59)fi?RjDS@q9P=l#HiR>|TwZj_6;IBJinsYl=M=ppx
zZ!)+NDK*U=;+!*@?}KA>Ou%%ApTp@CKM^ecxxzekj2O=C+NK(D9xAg$oiux>uJsFz
zk9i=S;!VJ0B@v+LecKhhE2Z4V{uvW93Z0rAnKL-ZQ3vi4+nOCgGa+tqAkqh$UW)_F
z&T&t7+frlFQ{n73*yKTH(MOR?0CQD`&w$L19nj?%5R6->O+aT_^V3+J`E|ljF+$m%
zJ!ZZit9oeRFjnPB?bfTnSk=RpSKBk!nllTvC2P2%rew#O>9tUGJ6I2kQ_-)3G_++5Ko$8v41WjQ4E
zx(Dp0J(+^5wsp9B)o72>dpigF=*FE?tMVs9S$8%t1?B+M<_A3bxb#u-sG~QKLW^t}K&|-uv{c%^n;Q?}r$lHt@StT%~k+
z34DcNLP!G6V)W!7z^^NZ$EaEg7}v%D4OP&Fd95wVU@<8>;Cya#Fi<>x{w5h7ZcH-a
zY*wo@hcJuWijkTD$5KG&$SfPOXXRPyXs>;^9Cvjt8j0^(=t|TbtX_-ZElytYMw{_6lc&srf*n<=6zVd##ssdR
z%N8=|j4#z?X#4=7SbWUlvD@l)r7#~%hj48b@PWn^GeP5-%b0rFwo$ZRjvZZxdRHz8
zVAg>&DHgX?rf`DY^kTf3FWaY>l^p1m*C#H3L6mgZkm{r1&?u7~UEgNOB0UwB)}I$^W#k902y!q=s$3r?v|i0ir%sD
zOvRmTV^bz^xbno&Ratmhi|cKyH?($rqwPpz<>0ex;MmMgyj{bIUmvSxVzIPp
z)4gJe!N<9;rhP5EEVf5$>1GqnKiGrwlqCi(>8pGjn#R`Sz7x*0!*Ywq+f`rGu=cu3
z1-4|t3k3D-
zgygXiQSPp%T8{)8jAPyn+BxsQ)tz8$g8RgHW>$OCvoUmn&Rcz5$f%>8PtdL^Ym>qQ
z1z<$RORa~=lAW|kx>0)NI0ckt64|JnYrMMpOqb#(RkmUZG(wxrfQ6CWFB*@
zfKaFA44m)o1B)@5wA9!awIo@^DsC}|+j#Y+s#
zn@=U}v?0Cx&+q^lh{I6(Bx9r=?08S>K`LSnmIku2f`lQhhzRtSHjc)Iqa+a=T)agq
z4*@;r=4fz(<64T4Q-R8j!11w;8JhSYYam!YwggqyXi-swMcd~zsp*zgV?0-8^`RU)
zH>+?DmRk(ARf_;D21RH|x0*dFT3N>yl{aK&7iN1&8;`!LIcy`0Q%$GgKsxzd)muo~
zJ5$E$K%=6afYenyt%|NGsb+97;sr+JJ8WABA{L!O)_XIpXK;93cDTC@qWUTN!Dnl<
zt6(HRz^9MeopS193yN$IB+{b|1vPA9DQ=`QaROE8Jv*g@NNTR#X-3fLqrx5NZWpKs$aF
zj1VpsdW1kH#p}98V#5S`9;G##6{Q>6$G$=gu&J@?=P+gkd-O4#m_c!4$NWm!}{FKNXeT
zii<0%;RMSLR@+fj0&81wI+ZC)MQQCwHHxmX$RkxX%#lOIRs1qWu9&`GgA*r;)sz^Mjy?r@G2vV@Y_&w5nhO_1HDRM^`lt@
z(cDLt(m9YW7N}!SuG&*fGY&sN38E`W+e^W1eAnsTV@EtxaWY
z>H?E;Hod-ysyi+R>a`w6z*g0(MK)RRYM9+*jg=i8UIIY-3tdx*F8I@+nX#tBHVqc^
z&?{%KDU_ZlSpbioWtQr9&x-o=tLjB^(eL#4jnJGgzHekB6>98dfwnbQ7JlIHr0^nL
zRh?W+N0{O8s#`ooXGm5AxNO@pxNJp$K2P|5tE;{-o!8FsZ-qmgUBG<=7MNj(`X>`n;87t#10Jn(T%UR^O>$jWJI8vEdWk=IRR>p$%hGDCl!|3}PKv$W{%G;!y!#
z9wJK!OVgO^NyZDJPyU8X2_DZt&K&0%JO)w=M;ftMF;L*3t0iTDOyxulRS?uDQu3Egd=j;ftA`K@r@ichiY0S+(A$@dJ?i50hn{2$8s1x<_>Y@QBD
z)=!y2eD|WRsc8)ja2YWUMvV_RK%~NqX|432N+jIjmGh{928n_<=i^-o5Tgm=MxUKB
zjddIxMY;w(^2TL|Ht^~^k4UBqE;T6RNU1Cyb0f9Qj2F%-tBEC|Z#?!aMXoAFm58QG
zu&nr<)mURz%pyY*@?gbPa>4fvyg-^a+*=P_sv~#H7BV)F06pgDFgGho!j>DKpJoOC
z3wo|&*i0BVLHx5~dw!^Z-M+)L4<43EkV~Fd#omBs$fs4~-y0^R6-!@+ug<74DIMb=
zjJ48E0;+?2A`?lhLg$|z(Lw4fptG<{OZN*F9X
zMoC-@g&A9v;ts4}LAvEFV&PAPbu5_K^hlXYS(r$0H6zg&%I`{FITH!lq9Qaz+gw^)
zz7#D^rYu2PoJ5tfG)S}xaVpR$TcQTP*L<@xgle!r)em2>$3v?DTVYkEx1~Uk-ugy;(B3FgGt-`qYST`%63udJ0~(Ij=EjC4K!J7~
z!C+!jj$kyx{2x@H3$E7%>#t-LhT($!0hnQCWb|9=?A*;l@aAxCRkkk+w{)$NI=l&X
zDZInbr>ko==;YW8Ic=TY2yL7LbfS
z;!xf3Uf2?Y;YeAFX0=v`O{tOtGtYy^!QJ1pBDrE)(`Y>7e;K$(Ve3yIf1H@T3
zJP41g9eF6QHm!M}fQE5>)f#lKe=8Z7E{qYSQiBm5c2c{|^wNH|-d0M346bgc&@6neEEMlkrpwP*$q022YhrzlYVS6Ryr1+K}mjH>kk~-3147VEM-(uDmut
zO_?#(2_J14ueeg^Cjq{IkV1PNM;l;@-R!CJB#bn1b7fJxOgyV+iUIc2WfZGNd4`dA
zS$YQtK10o&0mp#6?!>9No}Zv;FOfZIqjwB?p7|yIsi}97bhb#djPmv!ofma1gjWm~k>OCk-6W
zgw+q7G_c6p>qKFyvhh9st)8RKCHkeZN=G@ugeyC}5vEb(z(!Dli9C_Eb=RI2^!?@s
zlD=OsY~a#oyyialgC?2=l@HW@2t1M6*KoODly0BCD3Oc@pit=({-$h!yHh?-u%c>bK$8oUyV8n@XGb;b6$lH1Rv8(3+J~%nUo*F{viYHnw%zs=!4Iuwg55c*+eMV$4mBEIS;CiH7hzMMX6x0ohaKa7z#4k?ryjUV`Q+W
zx=?gz1sf;3C^M~Vuzx5!oU^f3(2FrUXnQ}HI{{3Z
zcGZF$GXRsR*XU_YnFYCQH%SlCCQBB4qXK#*H&tk8b+p7p8!DxQhQMB^KDZq91|ex>
zPT}Fqa(ZPU7(`?Xb4$#^yyLd)MOYNByRjY!S+miCYpk*mw47T#I1Jk+u=0uq+i6~Y
zWE={6gA(B?pdGUNg70+dFgQyG`!m_DE|_ArdK}0u?~&rWPj_39OewOHh-Wohe1}1U
zf=BNa^&NkXI=2*bOtJ!(UGtdm!CP>YDciTAp;skoY%5Yqyltj~%Kt)dg5)p6eX5?9
z@~2!of4A-QrB;oL+o>w+6}ieKH;i(Xbx*;RDCMvWN4ByK&5Hy){}LZO!+vJ*+z(4EI(AK3)b;KY(gI#W`U}2?z
zU)8#Socx3hcwXs&u`+Mj!<9pbYxO(JFk*L(mVNj(t{+M4O*)WWHs%fvz?FTYT?Mfj
zu!hEsqE%IMXh>-%r5Gx>!8JB0`D$1*In?gE(^qJv-`V|N-SQ{SFo`D}F&n2p{)vYj!~fmW4or*xi{3~2s>#on_~%^)
zU6p)u@!xpHh#wqVJ^92TF{YDG8~*q0$`yYNzv55cPw@`=i0?PkS6ShnCDV=I-@KjA
zxLL|vOy$Hce@{QTXLH`Z{}`DKVSdbSG@o3d;Z12pZQz=|GU)0CM6yiC0?-py<3h
zlRJ)#X0N%b``~}^7Q9j7Ib`~e#PHjl#M}PE-m3g3Mf|JZsrh$rNdE00JnYrM-yX_`
z&ysR9A3od%bjqE7`0v7n>A%?jhyC8eUYDjA0*6iTAB}>;W;$#se+`7ge#>8%a7TJc
zi?Q%uy2ePJDv}TM|9WhF*oo-Bb%}v_BKcmy9_^)={Qhfg@+ZQclUQPue4p~y3zdvz
zM*jzWoB0~zZ(h)(x~%wnX%2U3kh!dXacPtB&GA|9e|47CQ^a2^4zxvM1r@eoB
z(<=>OIyw9ktjzI;J#PQqbE|)wBKc@C@hs@C=V$3>k>r)>zkbNys78EGJo7xvRZ8-9
zGx0Hn#Ltqek00oic>C~IYw5o{AblNI@{;rjnoZn6@VozRw;VCJWeiI()DF7ttqIGZMJ;q8fYrV$mFa+$*q
zd+22};TLe3zvpkBurq)2|JPvR;Yjl7cJfB|Urb2Q_h|F8}e{!h&+a}xl
zL+rDvpP%^fMZ3gHJsU
znYZcE_R%gpV*}DoO|!3Ti9fO>{^!6U`>G2+8r~Xy4E$<1<8OyE{;3rHHk^5WfHO~l
zqwF7&_0y}T@UC#?9|dQg2U7T&6#iKXKLF2;e#@REqy8N5BJgA31K`KQZ-6uY2{_}o
zz!_gPYeqdMBLDgDli(M@Iewl>;j7?zkmpnQ3Gi>>?4M+9$*<%etg|efbykP7&S@$9
zWjO131I~K#9GzZHdOd{`F>xG~gcpHVhZlu+hZloC0B8MA!%HB36TA?72b|+D%P|@C
z({sbQz4_rBKfB$N!z+8@zZ{k}Z7J{evfz8-!W{7ZNR_(AyT@LJwc2}-L7Z{{BTnJe+{
z$*;DEKLhc7;g#US;oQID;b$WLNjT$QhBN*RILFC5aE_B)$J%zpeu@26+&xiBrhce|
z_+%Hhw{K572l4EO2Jp(*uBOP7Y$Mujo5HU^9*&2*;T#XE;Af%T58xap-@C{D_3ldh
z74bY?3gom6kN8F24<%A~ZTIB1RzW>o;8o$*!K=X^gr5yx1wRM=8l3&G1D>3dqyKlq
zYry}6Gk@;mY{L_wY0O_7&itptnZG`~CfaQSXZ{{=<{t=W{?TwA*SEUIejM%laVp|D
zo}Ym8xPBhaaNFQxfFgW^03`OaJD-N&iP>qoc(q$obivr8NVFP
z_*dbK-v(#=mvC;^0XVlSd+v;J$UM2=ocCJ5Yhk?gPvLjK&qe$b@Y?Xt-D6zs@^SS;
z3eR`E1w{N{zfLWh!f$dW19{Fz+
zKgILknj-%KIM1`|;7w4^Ryh0Z=MS6x&DSQr`Gk>j5>L~uIV22RP=FJAMre2cY`-ayMy2yZ`Z8Q}?6=YG(Qoa&-zFlS{WcrUetQDWetRCye)|Q^
zI!hML*e=#t**)r<=yldWJnOs!&N?rLv(BsFtn+#}uTQ4HndjLQz6H+wyWq@o0M7V)
zMKbz_@#Wx*uM21W7s8pRE1dIZPdMk#MR3kbtKd8?Ho-YB?SS(-Dtpn4?d3SB31|NE
z;Vp37^@H=c8wKZacRQTN-IH)0cbnm?Gp*R+>u&?+IPc*e<9v~i^S+4ZIKL6jaeg
    XY1)`P(9XI^x^GABA5C
ze;Uqycn{7zd*ICT8=QI4N~M>dmaMZq+AZv!pfu*M1ZVzQaOQ6fzXY3Sj_`T#OW~{FtmjKO>p9?_
zC9xUF=c3!P`u3E~*se~>g>Pzqm}!ndUG&r|sR6kfbS`sSryw{*jPX%BA#?*?aoUIpiVyxu+f
zGne=0&4}lIoDJuGd;-pPSHZa-x4^kyvY(!@z06Yt&OE2WInHarnWqt)@g3ld9{^{&
zBjC(42F~N_EqHhAugVoOwwL?mJonfy@&3LE;<;bC!nt1tz`0!`;oPo|;jFXl8Hca4
zntRl_!^cl;#Iw!|;jFU_~)YISV8H;$l!dc@E{6|9oulB4Uk&GV>3i@&
z$ny()Fg(xM8TAi=mxEsgZw2oM@8TZ)zt;P|H{yB!HB{o)$9#f#-hbTL7RaQ1&s_o)9hufHGS
z+5e*?ev8N7fOyt_Kb-YH0%!e8Q}_!hd^3C~`x(ys`%`${>KXma__8UyRtj&O!h5Cg
zktzJn6h0Hq`Qb@8kM}ccWNg=P^iL-^~Ny4SpZI0{jU$*J18~b9?u@$M)v(
z{g}0OM*ZC0B5-bRc{sPX8l2nP6VCV%aK=x7a~w{GGtXmi=2;GBo>g!jcPG`!=m+*&
zS@-C-_TF!2AfEkJ6V7#;{ox#+GvFK#YvALs-*>_}PWHJ+opGEVKs=ArQ|j7=M0~De
z?C)h$czyRoDQVZEo*wY=@Con<@Okiw@HKF*liUJlKYRk`^S5u|e4du|JlnoRlWEMK
zAI|(`;LKkc&iswxe2;JuocXVSGym0a<{tykg?_sk&gabc!rAUZINMzgXS-|Q$D!Sg
zaJKsaob7%KXS=_{*>2W)8T*Uv9_Jq8c4khCD~x#7QvuF;YQtGiQ#k9n1J3>XAe{N1
zgfsv1aOU3#=lt`5du;FMH2eAt@tl7S!8vaqU*EnjIsQ3+7J_sB>0$_1uI!=fZD>cZA;p9}T}1epd?L>>hPC^g7=`{AA?G(a7qI_-*#rw7l+#&@{$Z
zk@)Q%Un@m?XNmvN<9nruzgyy4c>NEgh<`)kV|(9A5kIMk6_DI6?%&z)Dd?YP;J3kV
zY?_hhcK87J~!G4hvgX6!0A$!CB|e?osC|-@ykF&pMB7o6$eKPpkmv_^b_|
zj(RS0k9IeCyH_Bd&p(Gte5|**9`SsBI0eprTLfo6uYxmv3!K~a3H$hNEg95&WFJ{4p+mue>b~FKgT-ocM#A0`!k&VlkLKc?PC9&0OvSt3um2U
z;jHsc_oy@0f!~LC*0}=CI$wda&UfIfb2psF`#w1Hl<@~CiCvh+_}XyBw}-Rc{&2=m
zgfo67obgYl@Rw8gM{wr<3C{e-U6irk8DARCey9Owp7Y^6zc+>R{C*dl=Y=_N9*;}m
zJP)pg^LqYUILBx4i!-*D`A>tl!13D_&f~osoX7hxIFI*x;5^=!!CB`QDg2yEGV15?
z)zm$XuULQH2Jt+;`onpAT?^;_y#>y3@+h3+WDA^mzJxQ+0XXwy?~t**99OyE99I{>
zIj(xZdA%_j&hc;?oa605IO|-W!neX%|J!iZU%jJkZ*o7j#W*}4-WvXtdvd%h5R+Q6Bo6P)n_;fx;%XZ&?=?)O!2j@vik+>d+U9JhbMId1cGK79Y2ox%Sk)dFd7SCD@Pez&Q`>gLgoD?k*YicZ8RMbG>&>IP2*RXFa3bWB!cm&+&-o`|f)r
zKGu8BMLe%p*TMPx^Bp+n$m*G2b(v;O}{eGi<+`$0Ij_tkX
z%lMKhym|_6nZkRf@R2F}0r-8W|4n!k_(yQ|=UzDX<01DfiOtTQ_%By-M<>3r_q0Eg
zf8~BG2Iqb}1I~79!nq$?!r9L^z?o+ToO$NMInGzWndc=qHmSnROq
zJ!isMPj5KmN5L6?1DySTFPwQ6!PX?|O*ukN6gFj`N;yj^{yej+3b=d={MhTp@X_#x;J3O*f5!Ulsfg$O)Le;=_0NkD&-pvUL`s>44f6Ej;9?t&1(>>~m_1pI$p8dZ-;$!{x
zQpB_VSK+MxZ8+=yB!z#Q!Vkb7Wj_zf=zr!vErr)j;TNXxJ}G=m3co9bKa#>Z&r@ALnq&UjTjEB{p=QPB#p0nVr=X}Yt!Sh^zc;>kf
z&OE&(&pV!H0OFZv7@T>=!`EPY?}0xFe*wHdyKQEluMaA8t
z|NlB35zp(TTJW{V-x$vMza5;{S6$((XMlUu6UXl`#Iv58;H+mFob}9xvz|q8*0ahz
z>WO*aCB(Cyci^n&Q#kAS4$gZ1fU}-shuZ#)dSX7w=bqRlnV#E}fwP{D?bU5po?;iEU{I(eJtY;0J^=yQ*p6zhfvkT68
zesYg`VxHWOc-C|Lu#DrE^%R1$o^o*3Qw7d?>bplhG2b>rJnQKUXFYx3tY;{k^^AkF
zp4;7{o|w1qK|JeO2xmRZ;jCvZob_ymvz`y#qn?=mKSw<4`3=r`vJKDJkE|yzob}X(
zGrldH@txs3FARb+&qO%$+zw}+xp3xr2F^Td;mq?koO!;6GtbX(=E-r*;rp{FoO#N_
znde+M>uCdLo=$M)83<>d32^4Q4bD7s;LNie&O9%|nP(fEdA@=(&ptTwWFK+(el7xM
zo>Sq>QxVSVlVNb)?>qv34c8T$;BUg;gTDnoab!mQ+u-HlZ^IkG-+}jrzYD(+z8yXn
z&UJ~4;e4O_D*Qdi}{D;`ykKpXjui>nJKb-9zbFKAHv>VrT$Gaz*Ok=wx;B2=dobA?u
zv)!id(QaJ7wLv`F?Ez=I1L16UES&A$;vVhBb=qBsXS?&@YVqsCn28gmWQ+5YH+sO2+nrfxJSEjJ<|d4Y_~6*
z?GA^t-AQn^dzX8(8`mu}5YKiO!P)K#INRNo!oP=ee#kN=W4|y@ZaCvhz!`r!obh$x
zjBf^Kd}lc0uYfat6rAxlz!`rpobeCA8NVFP_!r@fe;LmC_7I%oA?J0O=eM}8&+o4D
zTNyaVLuEMYtPf|qE!<-q#(dr$@f?Sj!`bdtaJD-E&USBek9K1|pN@F8y8zC1m%-WY
zdN|wN>K^UJe7+s=Z1-z8+x-R3cC(MoIF8tEe)niM=JP^`XS)^QY_|rS?KXq6-S+O$
zZp`PM5zlr9!rAU9INQAy{t?dm)7_)pxR0KNc(%I)&URPB+3qGdw|BdHv>WGAWpK!LDXWZfUZz1<+H_jua5YKk2!P#y-INNOt=k|7Xk9Olc(hKoycQ~Bwj)$||
z$5Z%9IOn~MaOQaz&iJq4jQ<(V_#D@#rGF*oL&l!~XM8z0KLC0cZRG
zIOE5`8GkFB@w4EJe-zI6)o{kY0%!b2IL}i>$7l5OP8`?g!#{y{fPV@f0{;v?4!#RM
z9sW7|J@^;!-S98rr%lMHe>c1aocG;L;9ntrFr0aAf-}!-IP*LPXa6sOv;TjBuRuMA
z;9Q?jbYjN#evJ4!@FMUg?pYGw_6@uhJbU8bzVi1eo!k?lX?qag7tZH$qurDFlX(t#
zo{5O(bGbX<{Ji8taQ5>PaK6WU2hRBK;CvpE^@c=oiLY#l{}`VK&isYo+>gcK+>cAr
zv!|v1{QqQM3_Z?ZnRum~1}ntl_w%h5zr^F$h)?wV>%`}H{08xf?ivnlJIekc+4sr+u5-^OKHfct_>Jzl
z#BXuWD}I}M{NCqiw}g8^iJ$IXM0|#O3GrF(WyI&YmluE7y`uO+_sZgryH^vx!o7z0
za`)Qe&$`zWf8M>J_*(a-;xD_m5Rc!V*G7D^$F~=M)4hZEJMNvu-*@jO{*ikx@lW0R
zh(GJ&xxe_=9v{EYFviIn9zRs#FZK8l;&B{}79Z&G>vE@i>mQiN|rYUHmoAze7BZqn+Y$9PJX1<7l_|`<{P~
zcpOK2#p5{IC;o-!`Az(5_XFa8`f-##>HFNDJjQF%Ay&x!s?UKl36lK-6iZ`^6g
zzon&B6YpEWJbBNR{EGO2?zP3^_d3)QAMWwV&vr4-DEFq~k9$2W#K(Jl8}S?6+l$}g
z-a&ku=TEL#Wj%L!d^hpw?!Clkxc3pC<=$U>uKQr|huw#YFLWOvp3{A__*3rV#Fx8I
z6o1zJCh^Mdlf~D%CqI+Oerx4EO}vkL-eWSyud8Q&FCbpEu6aT6jvik`ytBub5by5s
zWyBx$`10a6yH^yCpW|6s{G{`&&T8Ua+-r!>bFVG_je9-uDqes5+_E_CZg6ie@o9~%
zo(|%9-8+jHaPKBw(7l&<5%)ggCEWXqmvJ8~UfzAEct!US;+5S;i&t|WCtkySqIhlh
zo5bt6PZn?JeusEd_i5rS-0u}{<33Zoz58tO4({{BJG(Cs@8-TpyqEhD@jmX$#QVFi
z5FhNmT70Pc8u1bC>%>R9ZxA2nzEOOl`&RLr+_#BOcHb_3hx-oki4E;|*(rXn$L|uK
z>AqWhw)-COdG33~mwUVW#20z|Z{kbb4~Q>wPk#uN*p!$bR=8(NKAeKbcI6PS*~sE@
ziLdiKdBwAOd;#&Y?ghn9b1x!(hI-shIljg
z+TuIBf9i?<=H5{JfO}K%v?kX7EyT0Aw-L|b-d;SHdk68n?w!R8xOWpT=-x}bhU&waA^0&n*Y@unU>O}vHs
zz2a@$XNtFXpDo_OeV%w{_XXnJ+!u-Wa$h3e$9gEv
zeuH>-kKZUh(c`y@-{ihce6ss?@jKjih);9hDSof}F7cV}yTxa_?-7srd9U~akKZT0
z$o)6*CGH2rm$|3qu=(S!`QJU8_-gkY;%nSJfR`(*}+uTct
zZ+9;vzSiq0FTT^`D~j)OuPnaXy_)zQ_Zs4R-D`{QbFU}9$j5U-@dF;;RQx56-zENM
zciXSK#dr5G-y^=qeXn@@+>L$W`#kj@5@jU+OY3R%WE0Qkomb5z3P=NP2Q6W^DtKYQZ8$vLe-^=a;`Ge7bdL7jZROy_%2`jNzQ
zd)aTr&@S^=PT}?7i&1|I_z7_C$A$3d&t$(XNqF>EJLDOK_$%PQWB>Zc`_jh=-wR)a
z_-m2JKQ@sbKM#I0;*-yaV!z)FXa6jQ^Sv|sIn}sYhx{B5ucYt|DSTrJ-;%<=gGc`-
zC~YtNENs^g@blq6!dd@5czMMC0{6#Q>HYsJye;B?gZF{|4)>3RrRVtr&i%;!!a5Hi
zz7p~ugx81v3BMSgD*qwGv)#0#Gsaa(6$7A7aHz)jb&>)_MF9cxmL%gZP&4yl~FL`!Mg-Lpm8$9ZWu=gBf~
zj(^TG=VDxyMSNFyIXL?v)i^AV_%g_I8oV0(XB>~LzXIavXTbfnQ~GgN34RXpugCsn
zp2~riiQ+P+@ZwBuTZvyA>c)<~PZRAN+
ze=Fo+|F?m2Jhz4W>%;VM-Wtwv#q$O0zYy`Moco3GoM-60u)Q6SpXWjL1Fy#}LVN?{
zX%FXh7u)TR_)8E!72XlP1!rwFNJr8^Zt?7pFH1nL3|11=?dq3bs4-U
z;(49M{_KYMIv$@T@n`nLf4OoRu%Ejlp69zB@P3{rF;%7YgmeC9{nHT7>(Zt0UdZzX
zyf^%N_~r0@@GIbHN7+9l>+AzR4$kA^MC7>=@$KP#;XUCTw;bmjpB#tuN0Fx=@_z(p
zKV(P!9M8Gn?1zGI_Cskn`=JJ$#|6hB>*x6>`7=A?zP=OcXZ#>I^YggieJkgm0m$!<
zgVX1|fp8v=%wH4j4n{oB7gxbK4-bWN9v%kgJbX1g)jZ7e(KU$gh&o5Wd&8NZ^VKNC
zr*ifu<2j$xIiHV4evWhYGv^=PUvQq`{RQW9w#)gP_ZK{l*l(%k^AhN{F{q#8`8qh~
zRbKydyT&5^pUkV{kcac?^>EIste^8L?{_$_jz^v&nO7$u{(mvAPDFmrt2e+ouX6lw
zym6dxJkU9>-iZ81GOu!6{a?0`XJe)8V(lpM>8Ie-nNO{3|%)k4|yED~tHMkcaony#L~L{#3-X
zpQpij|8*~%_gTDet&e){LwpDL3^?ci`{CSQ55PIU&4Tkh#c{&p_d&$-d@&n-E$W;D
zza2goJ_r5~oco>mUq?L8N8H}|$iwq8<9Xfw2;%wNtPY&}cR>n&G=(pO^Z0rU-a5s0
zodREkcwV0@hV%NQ37q}F>p*VT6Nu+He-h5~=~HlCS1g5hME%R)1L52+tY7~_S%G-=+izJju46f0J&X8TQ0FT6PWWp0uW;V)^WeGm2Uyz@Ss=baDWM{?fb{VC5oJCKLx
zoe$wW?=TO~JB;Ufhw(h`FrMcf#`CB=hqw#HX51I6r@mc+Ptz;72k)^Em+bBc1*81@a%s{LFq}
zopjF6bk5J5XFkV%WPGZASsS+0%tv(
z_xN1sTEw$X_VX0fvk39u!g;^{9sEbcbHC(Fv0Wt)zZZFU9{B-Y8u9z!jQ<(V_+Q|s
zBhRmJURQA3@_7sUZ4mNs++GjoxMe@He|X;Eey@T&jOTL$#`8Ld_49euZ`fYO?@!?e
zQux6X{wJK*&xha_`F6$o(Aqf-F2(ky9h31KfaCcnIG;affzL;ttnd}^Z18pPqv7wv
zkAZ&+&kpDNO+Ftu8RI_(;)}qqK>w77^Z7tkIPa%Yy*K3k&53q7&X0rh`kDSuu9I^i
z|4#H9`r*I#OH-qg6D&C|DFKn{8j+Y
z_!Hq(k^g!0Phu_)Tz*+bM9)W2~nq>S>919$&rS9TCs#Jsw}f5YOXl
z9GrD>zwmhl_e&x45Bs?YocpCHJk@m<=j~#M=XG*%cnQ?c=R!O`mOwn;x0ZzSdao4x
zpS*7^jXeEOXBqe?IP0GV=W{S#2XcPk^R%+a-vW8c!F$3v4mZJ1MSM2Q!{yrP$$P>1vtk;H{|Dd;CiQq-am03
z@9*bv-UoF@o>u5jJ|FIy!Y9CcAkRuT=Z7tD&JV|+-}s!I=NHZo#SqW=;WRks2OeL1
zF2{bLcSfD3qyJOg4{|=KhlX?4k?5`u4x359`|6<e=$w~oqE7a6EjZ_;u^1fyY^@qZ-q(gfuBU(8E<
z9>sZy&Uxuv^na>(iPtB!5zp(BI&jVdJkS2!``i+k-_ApR&cpTKg%MvL&OD4SgLpm<
zITL<9@^E}MgmZj0f>%eL#&BL|GM@8%6U3K8o~CflZ_VH(5Z@fm=Oh=vIUlxwvwvE`
z8Q(gEw@Kk`;hYEB!Rw;_3*qhH99OKTJ>uD)TrbfWc`iXb&zoE?!Sg2lpPV;&JT`@aMFf#dU1cnQ?Qam9JQ3*wpQGI**y9G~40pX&Tu67}#tg6Chp
zH{m?i1Nk|Act6fMdm^6mXD|3ksE5x1*gw4y&vq||bGxp9^LYZj5!&s8_)3UO#iY`XT>C$lo8{1wH`Y8$J-u^W7jgk892|+>b*L
z&vAY=Jk|DcoDV}h$HQ*Sc8x+k91qvR
zIUYvCIUdHqIUcTqry393?_&{99|z}k0f=ktkhjw^oNnSMix
z_?uGr%_;mAIFFafaE>3&1N7Sv|98h#xitGqOg(9w2Y9`72lAhYcs^(2dE`#S|C9T;
zyO4+XaZ}+(avzrq@w|^?e%{CNc{uOm_&kmGadhs-X=s<@@NPKgb9#OBGo9}vrXx>x
z#NPw|U$lEK@*hdN_aUCwZ+tGt`vqQy@Vc&Niu20B<;>YJoh7?V;sqToQeI&d37%G(|O-l7UTRO#Phi0_^F0?
zo=47y^Zu0gO>DOt;^(1V);S-}^AXP@C6I^nIrBV%JoE){=6MwUcgH{T_fD~279xL1
z)c+Wq?b3N2vIz12B+p{xVLz}=*3%d9^-w>rxA`37am3S~fV1Cbq2Cz41o8AI;T*S5
z!MR-=w|t(n6!DxNmccnM(d(lh=&j*TBM;|?5u8;nA;im+*k}JaFcJE=B(5;mrR6ocW(Z{u8|2Gp68|dVEmOc)k?zEq}AX
zSbviAEr~qIdz<7}Ir}3m>G8XMl2ikpYZy`IhHd@g^S|#QN>1r~M+!^OnS~{L=D#
zCw~4~gG1uad}Hyk?kn==e$xWu=Rbs(dC~lI`?kOO;e&S!>WTk8(jeB6MxLgBn0J@>
zsS6DHh)-W`+dEGDiK`7Ji4V$Wbv`H_`QyGa>M60(0^@US;e)$cyK%o6KI3=G|AFN1
zvdrRli$|XC#Y^01aEyK1U;UZ$ka=$LG5!m$%8DOsVD-fBGm1JV`2dOED-`}|DT}{A
z@_g{Pc@Obt{CK%iyjMA^^A_?Qik9vsydRKP@k@z~bV+_Ax(QeDf`qr>gixe!_1q9`WtOTloZVrFg{$
ztiB=QAGWb}?-DOD*Wzc0KjaS%SBv)D74afIfn6Z}$N$
zev0@@)2+@K;*n>r_%=VV;#w=(-T$ZM-yrdkC;2nnSpP{mEdDF;h)@2^J;rx=+TwE_
zo!PtjcI6k(|Gvdn5dUSAZEqFv4{oyf=HgfTywpy7Of8EaDZa0P)t6jjko=1N`T22c
zH~AR>`VIT-?+=Ub_{coDRxSAzc_MzTc*DvTms}&1{L=W(#2@wt63I2>hl|hV*CUZ9
zTQQ3}RXplBQ+$Ds!{j^S!{txDqokkH-Tt0@W=@a%w}_vU&-y=k4}Q4#M{
z-x81fABex|7Y=`lNBl9_Gw1)RzvVA39`UD&XZ7ooM&c3QQv8jREq_1ph`(C=^`aJk
zr+ASjR`-44Uwv-<`IPwd+7|z;_}jzH-xZJekHx$1vH19X4Kc1FK7KDl_?c_0o|1lp
z5gzfUiNA8WZEs`oh;Jpn*yrtj;%ohQzgoPQf6(Ms@ra))KB}43vsAoRar3vtC;NE&
zM*R8O)(`Rf2%;aVHMczRdk4aQuVwulKmR{`wZCvHd#wF?c;q=l{KY-iZX@y2PqXiD
zDgKUM@AVds_yOXlRkZv!h=1wVw^PIiUTX34#e08dzF2(N3+C&^t0Zr35?`CdpIU4F
zxp=2Xte?LX|KnVXKRVfwiLdC-wKL6gi@#9U@{|?dbb-a6AwDOo#WxZ^=6ds%;s>v=
zJiWyiK4|d+#Fy=|_*=yzeyVuuXDrVm@!PUko@L^jp0xN4;_du~X{-4Bo|b2~_#Xqz
z_ljRT$NK%)?0pCX>sZxGKCf6}j4Yl@e@)$+F$kNA$_i>q4v5b+=K+V+kVe`>qcJzYHFXNlkH
z3lCR`NBm3TKQ^)aJH;b@w|KMHE&gbKU=;m%?L+3d#V6LV?X4gl@m0h}`3K87ibs5R
z@u&TT`2_KZzg7I_uGY^B#3O!*_zA78{x`)V{(bR{{-E?%@#)>Ie-4Sip4;jvc)b04
z^yg&1pDiK&oj+fyBOdXM#8>(CZ4dE??<<~mnbmQpc*Nf)zPXasze+sfUlOm@%ku9O
zkNDl02!DRHMLgo)75~mZsJc%);tz=T9c=rhm|vGgzb$HP
zUQT@GS5|*5@x}g&yBmmK({rhi%0xh>Ps#EA$8wh
z*?pdle%P7E;;V{B{&U3-`7f@&LOkLJiO=h8`R^Bx_=m(-`GeRk;t~I@_(6a0{HJ(r
zzfL};K<52^^%C2^XNjNiu*KCBzqh{C-%I?I^%mb>d`2_#DdJaEu{?K+kLhNGPIMZEe7tMg9ryN|N?S>jdqnXeY#@8_eJ#Mi%O`L~Kk
zp6|qq^tSk)#djRAcC+~NfauR$XIej$5FhFvKtEOd{PC8*nt0@CCm#KCsd&S=mgfrb
z$TLnn`sXI`)q^e1-Qtnwaq*jHTKsbH_`SdD#J~R9`t4KkYy9uui1+j7mixq8kFs{N
z6|p~~|7Y&BzvmW@{3nS={^H`1zk+z-S(g7y@yK68Jo48UkNll|!Ex08TX)MpT)adN
z^E<>Bdi+B1FZ{Y|o%n2z|495C&;Ofv9{2qIoFnSo;rBnIOITgun@8FHy(NX;DPF-B
zm@E)~xmK3+#7~H~E@Jstil5`pnb(UqpJ(xJicfvpe5ZKCe<^;KAHRphi@s}ljwzXz
z{uTZ3!b9e#h-dNRtAzM(7u)w&6|d&k3AMzVe`4`%)qQ(Ah_~_U%>LrBy;qB8IbiuG
zi%0xa@kPH`{37v)Un*X!j_u!#;_=??E%Ehbk4kS~uXx1&Dt=rQ%U__B)fM}t*H+6@
zSiFsIZ#D6_KRQ=@ir-&cBwokQ6P?AMonY+_6Mz32t8cV;@dg&ZK>WIT7XO6!j`9}&
zy!bGG9{9R=AAipOw)kteS)R|t$G&C$y?E8VR?mL%2^W}WDQ$m7|KERnmUK8pywEY0
zzl3z%Tdv3$|b4bQc|7Z#8DONn3Z{m@SQ7C#^K5-<3G^KT|y3
z3(ON=oc)Qx$NTQ;
z;uY_=?P@L_&tck$&uV4ygT$}&>&t7z>u0t2Y2xvmZKn7^D?e?ec=Yp&;ytI?H+&?%
z#^3LMA%2gq2l!q5v@%xbai?bP=kxt~=>+j7{kdg1@$SBExsv!zYb}3k@wd(}?;!rJ
zKi}&n-mkaSceQw2KMyOPx&EBTS^wN9{=45t+$G+`pR+wI{^K`R=VI}iM_c|E#Up-$
z_~yD+-zVa69kN?|T@{Nz=CsV)^_ia+a*Ow?W^rj1GRNn<+5UdKc&u+PEZ*7oduj1u
zK0ePCkM+GR#ml^C?OrM#`Fn_OTx0z_R{UIl&p289hUcxIY2qE~n=clRbu3SdZ(C>a
z8^p&vZoXB#NFnpj#N#}>S3K6S9~8gJ*MH{p?aP_yuH^g{_jd)vJNa{!lH#$RwvzZZ
zA3xE5kw5lJQ;C24Roh<|iJ#@iV`uROn=F2$c&y94Q9SZY5x;1i?e{t2v94)>_?F=o
zzeYUP#l0f_QV*;13-K)LZ9nGn=g`qVRVSI}6MuDs`AOnm`}4{2;&~fdo#%+(JlK4u
z_$^s2|3dK=FIoL-#k2W)y4S^HKHMfA&l5fp&;6_A-z#3UlhyN!_(Ogjc~E>pcFU9V
z4F5CnM{+#R@^$Ygin4lurQXuw
z2a89ZYs63T`R5k#6GmB{JH@w*w0@Z{9`TFB_xtmK7sY42V0ku+_a1Hjfq1R`=DWos
z&-dboJb#u-_I+_&MEtShU$(XFEh&C}F8luS;$M%q{;w~d?>UQaD*nTd<{iWvG_`hn
zi+@$Y^7j`X{+jtX@i{k`PZICp$MtOS$p47=uZ^spHR5r8e?|P-ITpWP{DtmT&#`A_
z?*EtvP8R>z*PWa$er
zcUk;n;t{`8e6Am-Tg2me%e&$)&$s;Fi(l*?$op0NLqBg8_50Bn|3CP1xw7Kl{o>aQ;Tou3~YiVyU4jBUjG&bK_h#H;)L
z^*He}YFhj(@wmQyM*QfO7QbD5fZtF3EO
zJl1tI7C+ISt9KQT>*2xTaeX*K{Bd9Be}{Nn$37q)dFG41d%kVwdhw%Mntv`{V5Rl{
zLGk$fMNYq;i*XX4o5(M|?lJ4P3gYqki|XQ$=REPdpRhcah{xwCE)y>r&ppH=eysRX
z-`;z~fQtS7FS(7?!Ov}$Nf$V@p1QBoxQ~4ezw2(H$D$f6rbYH{ich@`u|ztIeS~X
ztHj@GZR2E*;wSoAjciQ(~CLZ_WL&PJ`
zNby&8+ICGBkN8>Q1$;gHGvX2dg7|a(`Jhk4BmOJ#PyPPoxayhvC)UlLAYS4-i>oXi
z@ioLxdB@@}5|8*U;zR$i_)+2!KVE!ZE8Fk$#N#?`k$89ixdH3NiI;x
zm0zcQC%*VW+rPhv_xJht_!^ckj_WRd{GT9R-N%1n@d-ZvR~3)v$>)lnwbR<`ARh7E
z#5?-^_!#kNPgtHC#Ou#CpDVu5-^VW$|E`q9zak#-Tg1Ei^U6Kq^L$;|KJnU@+IYxU
z)7puCj`&l=fADpZ=ZK%<&jIR+-|O!|I*CVoPx1R6wmQa%FRW*Nm-ur%&F>eF=XDFk
zH*B@-{aL*KGd2zninr`&p0}2@6a5qM1;rm3Z*ixKPxJ9vRs5=#ExxvRJO^$rzHgV+
z(@wl>1Isf~{PP9ow~9xesp6M>Wbx067kSj$T`OL3tHtjU|K86Rd&E2XI>w{?eP;A$
z#2+jEzW=?HcwGOVEgpI5i2vEy>g*&Q=lv_iBhL`=S^mI%ns}Vo9ubc`Pl#XR?;SRX
zNBmatt$nQjzZQ@9AH}ozbLqUbZM(If3yL3A%ktL}kNge9r}}%JUg8noU%XC1tK$~&
zh`&qxT7Un(M7+)_t8<0;um0Tf4e_|I*)D#=D68jZ@rXYtKG2{46snWCKO?@B__Iqa
z?mY2$Z`ee<)2$ZYTRh?ii1)5-^Vp5zai29!JnoNXikE9`?Jg6K`>eI%k>@q>Jbs*i
zE#7~y_m_|N7>6HRW?o7>?z1Y3$Nf@rW?fv
zbhY|tiAVgy;{Ny{?RoLI&w5#W_S2UCBk{P;`a-<@gBJg%c-&_lnH10hd`r`5V
z@z&yT-*<`lY=15~R6IVUqk#?U#HPVJU)lsLHwN&N2NDBSUloKh?g#4@pp*F
z=cn!!->}ZMYl(QouMltB#p1V$$LFTEi(laDLw*pC_}|6v`u?c&2J$zscB22|^PYvo
zJFc;~O5$-JeYW_Q*JMfmhD*dF{xb0b1ug!1@rb`!yg?I-e@r~$mx|X)z7$P-y)Pd3
z(VvPRxGFt7?T~oHXFuQmJ^C$|kDt@T3%#h)kM!`Hbr5wGCyajq19te4d>M7)`QUVf^0^G;UJ{o+~n
zn?EOB_eb;f;$!Zxc0Uq-cZhA*7vdkbxA;HAt86mQ(#Zad{=D~e%Tri9evVlw@ulUw
zKgA=yvG@a5SbQJxFa0_`Ah#Uu6BZN<5weye3{?ylwwB@m0rKp55ZH
ze(Zbkb7$LjWo?|fKO;V;__C8Ne`)c!kEkGC+us8=6_531t;OGd%j)PW{&ZujbA)(2
zXShK;)`LwEFLbTdKVLlV$Da|8`|EY$k$$s8;xT^4ir@dI_5W1yh@TmRm@$9Vf#yos-`_(Qy32WvN5)6D(<>Ok{+;_LkWw~+X2?xn>C
z`StJ_;`@9Y)EAF+^3BBa9A)*46o0Y2`HkYSu6nBYJN_POhWLm6JbbZu#4i)y>(6O7
zibwog;u|*Fc-SKz@jr=oDPa5KxMrF6OF6%vDkT1?9~b4tbNhXLGx36_Sv_sV>rS-(
z>?I!Y{l!o6&vQ)_kNC;r_zvP7UbOs!#be%{ARh1cZxtW^k>zJmghn78NMF=5%C{xvG^Cn
zBmNcfJ=rY&WAW{|%)b<$b(W38L*fyi-R}=_CU!&e7AxOdmZ!M*4?g}+6@S#n&w1kO
z_u77KDIR$)62IvYYj=Qn-g4%{#5eo8ohjlGf46w{DOS&7@p!JXN<7{dY!*L$rsa7@
z{Ed9p&tHqz^Up{8DBjNB>mSq7@oEfd1LWo
za$CEXibs48@gIDi87?0EbDem%Jl5`A;?X}d#5?+Ww#UU|UGZ}9++SM$*Tf_KP4TU_
zTKpH{v99<#@g`4N|72-p-xvEU;&X~;dE4TOiI?@y*_9K|c8|rMFCObgE*2l!(CXbXTc?xXJ#A5qHcTqr*7
zfaQNm{W|mQ>K?yS{L!@*e@q+uGx}$Q#~m+z?&Vg0HSvhAEnfW^%iBY|+-mc_;(IQ%
z{A0xUw(Wmc{KD3j
zf3JAlpZ+F(RWXY{v0di=jCDjs#aH@#c(!=F$E+j1Z;RD`k$A*+5kF&r#g7qR=FcY|
z5N|co>V8^0-g~|z9`7q(7k{m}^}}c4@!s*6{CyUG
zmUzV16wm9|w{6Aay;w)_dr!3O8X_Lgk;aP0`^QP*1@Ewx
zJ%hv}{u=Qo8e2Wn#3O#Dc-1`?|Gap_zbxMLTC0DTc)ah}BR+4l#iw0le@1`CI=vj?
z%{EwES@DQJLws@k{50`c*Vj(`p7$;PAn{nIca8X;KF+6!NBm6jZ<8CC_*y9*>-1g}
zFYKSo_((kBzYwqO&xf;KZ0$sU#yY*@#DDbn3gyKkzOwkv36{5|_(p#}a*_DUH{19e
zARgz1Vd8rqwfMWl=JM1pA$UllFa=X@yCjf
z$Y=GG6JJ=*zW+?|S>?=Yh+pFOgZ0H@on&+IcrM*hy!WlvpIycGA7}0M7jIS3;)jYq
zKRhBH&s&y>$NGmC#aH`!xL3tn`SYKh;_)8jTk(U1te&66=Wnup
z$mQ=#<9Jzhx%nyLt^9tor1*)|Eq@L1h_5I9);Sj6S$xJR=Dozf^7l2@ibwne@$I85
z&x7K=XLRhKA&tA&+VTFd0YJ4CoKQ_;*Zy{`o9y8
z_ai@x-%-!<9NW?UjQtq#dBu;t&hnoo9`jOV@nZh@saE3gKIJ0uQf)2&VDT*9TYcAw
z$GE*!Jl?NO6`%X5<#|jzo&!H89@ky3iAVl7#orrj^?xrO@9z$X$NRf%muBw&i|bpS
zqT+G=R#yBZU!Pe+Jl@~c6Cdu+D=rj|=W^Y||?`0H0&zYQ0U<9&?y?|!{EN&JnOmS>K5KmR#GPl(6of}a!b;?G-O
z6OZHZ9r0hkvwr+geA^1^hrQz0`sY9or0^V_Gw+v@gKWFXn7`x$8mAHcwApi7q9f8ZSP|7
zxV~B`9@k52#NYRM{$25i|496NkN-nFu9uGLYTFn4rPoBOv!Hmy7Z?9xg2kUJ9=|`R
zf%xw}uDXi0s?n5&zMzZ>Nbr{;|a`5s%NMtPr1fuf=Z@kM+Yl
z#5c~fI)4*C?|$?6y*km)J^gcAB`>po55L2I-b)4Xm=9};kN4+hb;Uo(Z}oQ(@8R=d
zFY$@~d}pM1ms>5*B=Hx&G{0N?t4Hj3d`SGH8!i4x@o0CY_^ZvWUp9(I{5J8gOI!Xu
z;t{`3{Mwr>f9`IX`#<7O6#smj#hoEu*6*9n7H^u}`k|%xu%|6gTk%z;%`X>^^TJT^
zm?y`J$LHhj7LV)U1>&(TVu|?dcGjO8#E{7(zmD#1f5!Na
z_}t=kpR;;S7mxU=;#J?y$
z+&@RWOMG;jqtXlABmT2LzdgD~=Keh2?@w}zul>{F%8Ez)8RFmjbyp+t*9%%b7m6<}
zlqJ1^PU4@|w|1`1Yjv&_Z`t1bHSxEXWJyo-
zrFh=17XQ8Yju$OHcTa0S#&ec)%uf_wI>Ee>_~~cZ_n#wP!1J^h@88Yp=`8-}PnKtt
zc&z`qS-h-2ueeh@o8Q+g5RdoWFNnwe+Gg=yJFK3%y)yStT%R`<-*m6_PaE<4xy(C=
z=f2&%zj(wC74PQbd5U<qfS@soH5KaTSHbIs`Ih%YF9@+_<8Z1IS%BVNrvmvO0heD1Y}_{UwW
zKgWqj{7vHboniIN5s&luqvGpETK*TsF%KLRk32{F{2l$=
z<^wxk%8LKg$-I$xY2WW%#N+*PKk;}ke6{$p8kYZ7@p!*{pLpb%BYsU4>(7{(GH%7mv@?9@WRTBl>gT6#M%r;_g<<8!t3#Yg0{
z{oYYLK3Cgae6g=P9Vs5~wXYX{-tU+06OZSjbHpzmW!t+_JU%D;qWH(Ft^W7LBmPtI
z=jpAv3KKe;K)^+R`KlKvppMw1}_h-bH
z5P!?xYcvp#bvVt%e|p;T_Y{wHBmKk=__
z&lxt0$LDk7^Exr!K0V&@d@u3w`P^T`i~Q>SJ0NpE$LDkNi{I1J@>drBqOf@l@#X&9
zzJ>VIRujB_i{B~!zW*Ga-Qoq}dCQ>8{TaVcH@EmafA3#G
ze3Cy8tRnu+_qM$ki0AY9?LzTGrLB(s;^QAOA1Z!=KOdMP{>%_-_ipi#ejoI>_-)VF
zxLPj0q`&z#@d|q_{|@m2kDLD?9`W&e$zt5Tw%fL=#Nf>RU(55C7tiJ6v$1%@w-O(a
z$Ljg(=lvv_NuD?3dF)7uzx`FK<9hMDr7X|w;_-g`QSozpo!%1h@9S9p=fxw>C*tuO
zX0P~hH`#vqS$yNw=6{Ia<44dQV>GFiM#DchcT;&FYxLcD+oITx8HB$;edF@lGblo
zugct?t$ki9A|B6$Dv3v)v&EZDx4f5#_we&YKk>Lexmx^lOOrNPJl6&G4^zdDpKaSa
zM|`}`dyk3VS<>Q{i?8*cv-hm{X)UbX9pXp%`=D>c(`H&f9}DfJ;_=+z9PyL<=T|oq
zkM&e-#h+VZb@mdE<8Fv}tf#szh2JXP=xfVARXlzk{e1D5=hunHJil4|glnvSJ{6B~
z`;~axJ8T>t6p#39!!qx$!Y^2SQSlh(WyCM2WZ&OFJjQu5@ypg(d=K$Bey)D9_yoC6<@yC>f9k7>!Wt3@O|R(zU)u&
zSRa+s&l@q1Eqcn@Jy|^7zZ4Unzrf;86_52%RmEeSQa$llAJtMk)<<0`9_yp75RdDw
ztHq<;apJK)YKnNQUz#Sq;y4=*Pl`wU3h{it?)r7{h<{Uj;fNXq
z<2d$XJhv|-9_yn{6_52%mBg#Au<_hTJg#%vipTn>4&qfxTAhQ$-Q8$P`Q_zn0IpVQC>QV7tMXev!i^p^3
zP2!#We*7!(SReI+cnSY`Ao)jT?&nw^RaiXc!wTXZeI0Oh@tF7Oif8xFyEPGydGA8;
zn18y7$GkT{Jm$So;xX?{5|4Rrs(7?JTRi5y#o{q9EfbI5PyB{>#BUdW-|y4E5s&yE
z#eW{{`_JFo#PJgIUOw^9U$OW~;xX^l5|4SWiFnL=t;8#4xBR`uW8NDg9`oJ^@rEzi
z_`h8|=DqvHW8Rx9{%aYlXQg<|d+Wtx9@{8Bex>F4Og!Sh7H{bB$6RaQ7yBjVvE1S_
zv)J~Q5s&!O#oKs%6Y-e$T8Y0@%JTOWk9lvnc+7ia#B&d_dF(#%nD=IjR~TUJt`?7Z
zZ=LurPgwq);xX^-7VogZ@@I?VAkp2)=SVT{I#oQ@Pc9ITb)?J1V;$)_@mNRtrg*F)-6qu`A-{;q>bH!sGTOuCoNLPqApKJZORXo;_ZWn*wKOgjic&sD+UHsTB);}kW
z%iRC5jYbTRhg0HWc4e*!EW!@mNRNTl{kW9Mc5xSVwxR`0xI_@lo+uN4i2h
z){(9eUz{T?{p(%vSU>iics$oSDE`$}+ui}!r>9Gc@f_Fl!^F!SYw=^nWBuVI@l7Qx
z{(kX@e@Oh{ZdS)?@t7yKh)14x#h2!{arm=%JYUT*KJ)fQp1k6%&at?v;_=+Fv3TTZ
zC0@hV?_MDu@q@&3_&B^tJmT*Vf8FQ($HgOlx%iuhj!NIKZQ>EXL%jbI>xVzYV;yOh
z37PwIM$s(kP*^!P0!
zkN9WAo4#TBw~EJke7ktD+SWgN#pC+nPw`m)dCWv>Cyvw6ejQd!Jm!Il;*qDC_^a1g
zf3_F@YO48A@dN%|c(Qn`Bb^~0>p$m;zvk;XpB0aFq#MK|&sOnknp(f?7LRqId&L`;
zu=pG|WbV(1&nsTk*Qb>ik9DM##pjK;{o7PL){(XmU*YpiAMsd6I#~RmuQRzxJl2uk
zA>QmF+s*~z@!occ_!_^T-5?(CgSLwI@pa?7#baIQUh$U0Y+N1d&v9csM|?i<&-~|p
zpD7;eNUMu)dfEE_0`Yj?eWCb?JFT96;_)0~qqy@dKd+C)|1Li69^3ClCuJVzr7yO>*AoArn|TBA4*AV56_5BH;;r{v{3!8Q
z7dl>iY)z|whIqu!6~FIM%m1u+tP5Q$?#pS@J`j)i&%`_Qvi*2KJl2I~yUE&*al0~`
z#TONi__E?v{c{<0#bX_5WAQ7W^Zpl)b)-GS&s=Ts!^LCW<{0r4>stRmC?4^Th?nxu
zZM`ZU@o$J<{*2Z0lX%4M7hgEt;!E9Ze?~vYy3h*ZrTsl%6Y+>|Eq>a4w!emm$2yIX
z;#p4oe{|h-oL1Er?{T`3mTu`3q@=sMq@*RKK_mnOrMp`~kxnTE1Zkv{A0UD>2na}s
zG}mX=`rdoy^Sa|7jPsr~YscBA_Sw%F>z^rbts|WSf2Wz{Ujx@V(#`PKi!A?fxYm)L
zfuAgD`R~9r&+rPab)?b9gzwMd)htgsxYm(ofiL!PSPZUpq-Ehv@>qE-;aW%90luw|
z)n_1F>qv*gPx|_+nQ*NmT?kL;-|vBI9qD0sryp&*+=Zw5(c1M7yuombPck-qKWiOn
zYWUvg7FP6+5x_%vE?5M*SgS=@H%f>{-tomuY#xDY59-AwT|>O
z{BCsHzW3o;NBS>3{VmI%V4Qu8^WT@ye6QA#CWpU_Wc7a!u63j(;D>&m
zZ?DyV09@-xKZmE-XZ4v2*E-TA@H+9VK0m;4ynwI2stwn=(8loDejU;muK2<57k8}QbK#ng{T8n09h>3Lx>~>O
zgdfdl`G1CMz0iHQ=2c$9Gv>8%5_LlOe!h3wzK;dhdywP9$6vDe_3#yEt^RxAo6B3d
zhv66fJ^v@*k^MgRG<>h6k8~d1`i<4+Px#dL%wNE>eq{BDJkfrx{r9P#uVcbD_~*Zp
zz&HAPj5EUfc|D85yB)T2tHFnKG_McOcEJ)ggRk}TOFQ_8wHDtCUf-X04~3s-VC|m(
zf11?t%!B{W*GsQ}PbqHkTj3o_TD$hcOZaugF?bz+uhAL!+n-vVi}0BTtp2y)4Vzp1
zGx(&f=CLP*-|lsMUM?j(du?l1c6d*p2Pq6Mdc*QofETD>UJrgSrsZ!1e}2@w8@yT(
ztA9UumFt#&2>hVGpJ62YvacJN1TWUg^2~y#iDTt1g3nEE@yp@OGnsFIXZ7R5k8rKG
zJ_b*h#`2tp*C}iLa~mGFlKE43aUWL+CtE)4?{!;Sd|G(P*XB9kI&K$&Ydt_&xbD+y
z!f#iydNhVV@aHD&;aacQ8{W$2kA}ikpK)-lSDXs}eYdsu8@SdhZiv8l!u4F{AYAJe
zPr<+U=jeaJwI208e1p#$M4b|TJ1Ra7JnxSdml>}4*qrd=g)F`bToxh)|CS1=un!>eCyF&!t2R^Ks)q4;;wI5F=z;)fV
z8m{ZEE%3X(ZvO~ev$$Mvjq?KV=6+pK
z9j^Vi9(>VPwtbt!wNASq{4+nFj)3d9HwAtvhK;v{aP40!;X3YZfLD!d_1p*7aqnaV
zegUrI-c7iUdynAzTUq@hO%K1l^n5cWd~*ehPYBm~#WZlO8_WUMdd0$Utye4$*LuY|
zaNXB5hpXI9aIIJD2iJPS!SK3QtzYKA6~74nb3^N&O>o7358rjpw)?Me?Jwuxe`T=z
z|HAcLEUM27>bgSf6%)d>UNJd*ctvY(UbwCw-iK?wVp(|H0+#0kxb};7aIIJD0w4aV
z_0Q*Utyi1?*ZRZh@Uh)3&nmd$H^R$4vHBl}YyIJA__P(4|1MndkKuE_wfKa79ii=|
z^@_>i>wH~bLAb61E5Nm0u{!)~zdr8(*LuZn@U8y5W(-{G6{o=W`1@+s!1WwwGkjz*
z>*rtKTCaEx-qk-}{{pUchS6qOKJ}-Lhe_c1Hd_B@fa|!I4W8D^%@5acuLNAjpQ>;j
z_Zq=<+-nQhajyql$Gt&tl{*@)%(>2YYEqJ?<08UftKfUxQ=_H;n(|E{MT?D_g2G4`8th5a2@wf
z!W$*A{<;g-aqk~^u0<9fe{T4G9{0-XnH2uGtHou6Yn^r}xQ?Hd;W~acg14P)<@SYZ
zo%SHO)+bMfYn}E&xYlW}hHIVn_i(M#J_J{}C*kw_^IzBCivJ6q!`G!pn-{+S6(0}Y
zIhn;}fh#@_JXr#ZuL##V?V9i&>+L$QJzVRwJHfBFw)oHBI**Kl>$o}xuIHz#;hG2d
z5w7)J2jR8OS$i+RBi}Ut6JE*}D7=I#KH7ZyJ)QSY`g_IG!WEwdUVNkdetEd!tHTeZ
zvG{gy#dn2o@aG+4;EJCDUy;`GuY)UoEBxz}wm+VPEB-h5&psdh60UXH(H4a7&-+7c
z{G^3z-E|iD7ycZ!BwXJ7XUId@z^P=0}
zTBp4mJ|~;?|2eqUXT8m{ByR=D!~2)|R%+Vuxq^Q#Zw%JU4~)7J^4
zSrjSkKOHAEZ$LB{pB0T9RzS4HR*w2j_bGAVk+$3R$_`h2e)#g}mbWHc@eSeK9$S1b
zxYk_{fXBFI^`8Y-{8#WB`7Qr8xX$Cd;rUiZ3HycL;JSXe3D^4S`|#?MEl@EX
zC*fLm{TqDV1B-tESNt=0+L0EYXleL<);jH!@T6TV{$04%X%~ZUNMrq37p`^MP2h`?
zT0MHgwNCp}_?_DpKN+rd+Oy$h{XKH);d&ml4ZiCw%YPECb=SYa=l8e%c?ehhbNGbn
z);}q}4&VP;r=0zK#*#=h$K@Tor+%MAa$mBrhN{``Hr@5
zt-J05Uy{|z9S&FgSom;1?k$09-StX%i87XdFI@3I!~cqE#py@zp82ZWB7JZ
zKP&z%cptyc%m&vw?R@Y-KA&73u65eg;s0#2`m}^=UGzurLGi4;qu`341i#hE@^64E
zemnfpQpQAk^P6E$-%<|`lE50av@$VMj6s~pJZQxb?dEY>|
z)@cui*PLtlXTr5kdm((;5$n&baIMq+5#Hdn#h-#}p5X>u>$LB|3;BBqVlKCQ>SwLf
zehaR@Pml?&b=o=MtzK9^RDo-qb{%+pUl-I4u65d7;d%30{-JQK(;fxy=+h|0
zf@|G%5BSzeR{!yE#ZQO#$Y|}^0@ph2UGQGMz0Sh5PWuwPsXrHf3fDUANGrqlXP=c;
z|Fm$e)6N2a(bVF#f5iDO-O2w*>$IyOeuaPE7Or*LUEmdbo#zO+)@hG}zjFWAJ*uZu>8|)?Gh_S4n66n|M|DepY-cc#3>hpQ3QByDkGiP~Gx=
z2v__^@UEU{gmJ6!3D-KSd+;nnZ9B#G
z@ulO*j8W#v;o2_mz_s2lH~g``Z%yM@`87Y*2=SWlY71BXF7UArt-Yh*T2D9~uJwfT
z;j!x5c-{=x{o_t}nN8L|C*fL8_!~Uq6RYQ6aLvm-gKIrujI~yd`c0k$uKhYKysUqo
z{av`mTT%GRebx^(;EJygFZZLxcZF+w_J+UCYwei~*Z7KFG?g
z4xi`kY6(vj!{R%@?+v#4%!F6+_@(frS*)Jx;rcrqTj6ImTmB<(#s31Ybi?xBhAaL7
zJk@QBkF(yt{`Vzx{iFCq@Di!5A9BF6er)wD3h$P~@>YVM*lykdo+5|k?+(w?#`1p-
zSNs@wEr0*dVz}a0z<=@kpr7E1KLXEL+3J54uJ}9f;-6XlV{NeC)A2{~3E`urSwG~3
z$82a`06ut%<*f$Sc4-1HIoag%W**OID`~%?o
z{x%;4SDs1mguSdEzNKe1Uk9I?(flAhp~s(q&)jGA`4g^r<|lAn7sdY0eoy`X);#+@
z5&WKyt1R#`Gp#@Kz^5&+JZ0g(9k6y)g%5jT@h#wrZx3&f%kq2*uan2}41+J;VDZ!8
zik}aUk=Wwb!_`0A;8~JdKOBXtfBpy8^MG6M^#1p-9>A~qx|HbtTteGR@$un3yIVhG
zgeMtb^~?c(?~1jzBwX{m!auxbzuy3!*RSiE
z!}Iy)Vg|!AthaW30bjb@d=WfNCM$P2ykK1$5BuPn-#ZHb;E=^%hYx*e`R~Fb`+R1S
zt>ODk@u}hedth;8;r(lySA|C%ZuRL7SNtdNI58~Ge0bI$%)f@O@$1j+aK-O||M9lv
zxdd1IpYXx6EIzV7pV7Edd~CQr7nBLE_?+-M$E<&nmdT
zaaaA>xUl6(2iH1{+;HW25B|#u>z^8Mt-ELdFPq%T?Fv_XANVD|z8weGbN^}ZsMjt3
zD!As&w!^hvVh_C79BbD(xaPaAz_XXO_~&pve~jYCC-wh(q5t{sztr%J{$7a8@Ya7@
zyNbgVUmiZZu#KNqa6Lcm2>)L~tIrp3#gB(q^81$+aK&$c|2fm@e;ls(Gw_1nSpA>D
z6(4zr)mQ!5EvMyA57+bDZ15TFEPru$mk-U$!)Khd@>;1QrT%%km++Z>{g!fP_bzWEp|01LH|514Pc-H>^!AmEzav#DK
z{~W%iisebZD|~<6>}B7lhZpqE@0Wlpz5;ytVXIGTc$bovzk3A!34Bw0i=PPZ?B|_@
z@OwX6{4)4yUthNge)TP@=P~&3lh*&I;oaw3{%deOzl-YS>o}0zub<<>yY;vHY2nIK
z1YUoq)w48wc>hRY|J8x3T}|MVd|lBX__K&RhrAbHg2QeJ*kze2ER`
zNax}DT;x5tKIixZertvGPy9XMw~OMF!Jqp&n0Mj&oMSO~oky0p4qWjcz-K+Q_&#ub
zZg(>L{jO2MeqkZJR&MiU@ZICgx5E{`2Y%`ctIs*O#^Fu4#=~Q{#=}c^#n@583P|#k
zm81Pa;~@iF;~_hIdMEq+(r}Fjeg0MXwSAi){?LNRVTpRc72h9T+T*9ewSDKobKkK1
z8{vxo9zMgb=g+`39v;K1U$Xqq;Nw?Y|Gb7*_v2O6z2W=6LnGTRvEZMMxBSWA-TXbP
z8R0r_7J?VQZ+Ys%%l&TN9j@mrqu_VGw0bXxNA`6ihv8G+wfM*II>XG9?hD@!QN~z(
zio9-r_yWTN7Ty=TRHN3zW0|{1~q1YklDv`dIvUxXyQT
z;F_0M4DaNh+u8$&Wqgzsm~10;aIJHz@j8(g2)$On)4
zo5fd#>+>45;d^sfeLBGPd5!My4~kg5N5b`ajfwEIetcdA*F45r_yE6tJ^$ju_!*3VOW2AwnZDw(W;93V>65hI+#W#iPc~)1r^7MiC
z|IPADhAVzHJbhG){~oUA2nXTHa{_+E*JnP2EB-lr;+NL{Ne)^0I{#`OBQ?C@V(b5+
zaK)E_Z_HwOTfp^PraN4DK7sF>Zh2V$lT6x{znh)s*pLg80`&78%=fZ#V
zdB3f2&4>I5*Sf0C$v*Zw*5&Tz%|f}d$@
z`NzU_eKi&SiO)x^g)4pwyrsAISGdkczr!o}{oNyY?NV0H7w~uUSwELM8or+|_0C>2hO(m{&2+)
zfyXFj@iXB~{JHo7c--<9zXh)M)$D}FNNe$D;kw_y2A}Ek^RFWCXvZyIod3Rr)_I;u
zXZ@cXt~}}BQGNRshAX}#eCH<1-w>|&=J0B3Exr$2@dM$#Q`vqo3tlLV`8@bfwXFT?
z;riU%9=P7Sav1)W&%ulw}GaNVz^fdYhtDoz+hqe>@!R23Z(DtSg)9Dd`0^VT{|K)5
z7x0|^cPmo(^E&Mpiq8Q5xTLkWB)so8)~<^1hF@EJ3%J&Kc7f0H>$=`>eQtIlJfE*)
zoC)7L+3K?iK6sV+5AYJcUhWULuHWv$N2j+u58-+b^1tvSl`THnFSdQu&#f!k_i^Ff
z-?e^A57#>Utnj?UEl*AOF`v(G3U8d;;yb`~o*D`NGM?3E0z8w?dn|z~eg%9*IV<-k
zxQ^#1;FGFYzny`{cx8F+!xjGo{##$m^VYBSd+Pr@ZSDJH@E;~xd>**s--CC^ZSghW
zy6&nEAN0GG+ZC?)&&lx3Us?Yzgi=iOqQoFe3rkLV+cHdYm1)%
zzp&ccwFItmSHde?v-q8G#qWn#^L4Pl!4p=t`do(R^YvYi;fj9=kLUCDNqrn?zfgP{
zc%mjY4hzF|U0n)3c%H>Kg)4s>c;iGCKLDP|@5?@ir`lotFc+@v_%*zy&)02+KlAJR
zpWqswhv75*czyw{_-pWXU2MC*geyMkX={i2e{MI6PXkwcX7~@|t=~$(6<;2{?1klT
z1=l$20B_~b2M53vKMdY|spX#r|0b)|a}iwIYb9L!-FA4DtG^Sa
zepdWHi2r=P#m71me!HwrVxAIS?y|*YfS-zHUJ$PM_u*TITDxk(wZAlg7dUG5=?GVR
zclfMWmVX>v@l)YL{rX`QT>JY*_1f;KbGYKiz^@;&_@!|5^D21tZ!P{1
zT=6I2(|20@J-DtYwsesuCLa>j}Eo?&G2epSi6qH|Mv6I8F*vAzxx}m?eY{psh{OfcFw-)
zxTN^B@XhaA-1~5?mna8M+0Ejc!gamf0j~8D-QhWkS^rFgkK1qCWf}Zn0`qNf)o(X^
z_)&}h4X*gh@Sl90>vMR?RMy@oetoU}oYKbfr-D!S^Fk(gjKbc}@M8DP%faXS`LP*X
z`&V0dWZ&Ng!!-`SfH%Kr&=a0_x7B|LT=6sDPoi1=
zrEtZ655Fo%hHE}NC46v08xMKlns0v(UND*E
zuL)QF2JlZOTm3(VYkc;BSM~A#EqqR9D|a(o{jeAQ_8V*0S-76>T!-uV&O^AK*F1;E
z_Rrxa`NP_${#Sfz_-nteeh;pGC;_k6-0J@UT=A{o8~?HRL2w;sM!<{rwf>w3FXqR?
zrSOE4tetn@8@-;-;My)R{rIH*>DSBhB!eqHH$2JDR?lK^t>Y~R*ZV7K!29pDJgwlG
zH|q%h%iB8wuK02At{W}?7I^e-s
z9n^bp#W#e1GRVeNTeyzTJ>YtOPJeihRMxIZaLw~ChU@wDTDbCWfmiEl^*jaF`*|+I
z^?sgP@Z|npwJ4V(h5e^~);ga!@ZKk^+_Z4LpC=2v#Sn`x3fFwH?*CNokb2f{br7%q
zZvj{Tw1?04`{KcH_5Vb;`hOl=`Io{AM2Z~NU%TPz|6_3V|7m#XSC;2KT>bwqd_@W0
zPFKQjFZF+7`1TGKmj$l=&jT}cT~`0$@ZJS2&rJ9ZzaLxxA6eV-EQ2f05AZ^V
zEdNjN3&+e4!jbRu%wD7b3955GL{a*t<*q_ff
zh2QdZIBnpKeceeHxY|1e{_K&}dnA06zlUTJTzQtlFZulNTKLR(mj7q?+0Nz{;Asw6
zKi`3?f1+Fu-_KLNvhNeZ6`u|MR`MuezfcIS<4-xbjt|w~7koc&1K07V4_wEeVQ}Ri
z4KMMnwd)(Wjz1gWI{thQ&)wMaoPz84a~>Z51B<^8*YW3H_&J|nisR4EHU5YAaU(H&
z;2X>T4qTs)D-R#F&9+x{_?+1`PCCMM-0KBjztr*!h2Pv{^%(`fz1Z@vfnOeH@tfg4
z`hDej_~|y5=Nf!;MXOJoo0d=gHmZunCxx%+X>sY`MYmg??C?g7EWR*2`Zt!p6ueFw
zi*E-{Ud8fvg%8MQJ{7*x@89Rb=kB#~cfwoveB)2>%lY3@&3O9
zAK@PD&+z^K(Nt?!Jospz*GdW3yhXEg&7W4
zeWt+2$FcsO1CKP$d>LHzSr1o#ZilNse}$JmZ1w*g-q@eh{RvmONpFSUF7sB|c1Z&t
z;`2*6;Od8>@Xxkdd&|HZes1|2!S#3gTEg{y+TQRYgRR~J;g@~RpGCfnYV`LuWs$_1mD`idP<_Uu$ux;i`XS_@6hd+}iMbh0L47Ri7^K
zR&}l1-tZwleumQhxIG%Kep?KW;pfv8@QjnKAAW-uDs1(?1mEs|kN7G4vkX@MH}GBw
z&Ex%LU*r7uCA4lfPIAki1)h3gPmo
zZQoRIZQp|M&gHG#;_%iLY`a&1tK2^DN;#~4gWx;rTK>^+ZQoh&c6TiPEBKlkmVYx`
z{k#jVe*P8Sprz$G2miyLuiu30cooT?->UyNcCkD$;hV2o{gc9Vyvhu3HOu02!q?QZ
z{6*lmZ(DqI_z!2z>%%uJvhCOzuJuv9;os`>T=2Mly)g+MuYi@i46gj^;L5M}HmN_~
zd}Zz3gZMth&CkJa`+B&`@Ukhby|3U=b6cKhf7@4;JN-k8&j63-^Euhzr9E$Xc+2*d
zr#gIs&%b>D*M8a>uKjcX{P%CIpFf8;PGY_uo~g6>R``h$R?ppV&1?M+-pj}H1^CNO
zmghEH?Ro@PyW%|v-~apl1uIG6|N8o<^6(?s?Dwm|TX(Ydc7ew%Zr%&N&+q#N!qpEG
z;rmNko*D3me!aH@uKjcieCb@P|3Uc8wwC_{ylHRi=bLb?kBa;-e19r`eE7=fmM0nf
z7heaM8?OA7;5yFKg5OJI^=J>*aiAMq$ARJS**&Zu#=qYz|-Zl
z`s9c2X=Ztf!Ih^O{EF{KZQ-wewESJ+$}(BY{2~#cqQh1^R=0C!}@b{S+OHS_kX%l7M~V=rk#~r3_dN3#g~PDdD`+;gR9)G@K}ES>J5LI%koczUtD4J
znF(Ke#C$be*QJ}`x-LBoPwMBvlkix6UbqYYVWjsnJoZNOS8(-1`X}N0|4Al`&jvs1
zsV%MMq&-i51O72#@EO?dm*mcJ=n?P?2GySl>F
zuAy+1I|`odQ!95mT;(o+tK4O9mHRz>oIkHT0H2Y?`uSJ*>p?bt&cP!MG`|ZkJ=p61
z5PsO-@9_*?X{41K^O=3sc3j!SZYy0(o!WZHD
zxmtJoJ}tb{QrliR;BOx=F9d&H$nunhzg^MdYr>;dGH(q3EV|_x17E$w;wQt$b+q`U
z@Fu>#aV7kLUl;9yKk?)Cet0{-{y7eha>B;jY50LgR?my@5`JHE13oFQ#ove5jBV|D
z0w42}#lL|!_s>DZcxk_<Dea
zrf2Z-6Kz~2dS&^v9kpH3!}a;5Z1B(h`_gc|$F(v%=dV^?OSs}Yz$^b^@gv}RkLx)2
z;RuqKjHa%!}WLICc(2VwffA0=l1;T;CimH4Sv(>c@TbPfaO08
z*M4*zuKnUJyyp&UZ)9Izrtz%!*zhJFS-F|u+K=+XwI3CQU-IXAb>P~MK7?yO`UswS
zp4I;|xb}-L;n~wz{TIL${|&tUM>cMMf@{Ax0^hO1;;+ILe+Qn+$4M+-=dS+Oev}Yi
zxs}yF4_y0Eak%!Q^6a!oN`uqY{ea^${
zbhB}I3$E+of8e?vjvOWYc2_;)!*xBJ60Z7WhW|3%^5%!DJ|*C)PZhZ8(*Umew1TTX
zo#6>X1N*=KK7p$~!{MsWM7ZiR7q0p&gR4I4;k~0;|LlaTK8N9|&uO^oa|N#Y+=Ht=
zPvK?#y#&#{UOEowemNfeo77hS3~%6=GuKR_RaOK|suUggeABXFH;XGXT*H_^mx3xUcef^I5|DE0DiQ&4xP6?0x
znZ*}@>;AeFyy`xSZx6qJ*S7C0xb9~c!f*7p_ziH~&u)X4@_E#waNWNimcdWgQ;o2WRgjb(y@x9=R{}f*BV~d{x*Zw;j{=cuRy&K@#e|N#Pf9;2V
z9o5Rc3fKPoH(dMgE4cDUixGZ1b{=EjXM}72%?sE5TL@nHOYeWU_TP4J?Y~{%=lr-l
z8m|3!5`5b&D|ZV#&k^&zaBbfs@TfjNc@eJo8}Q~Ct>50jH6CKb4ByYWtU8g>!!;gq
z!?nE%!V|@@ymjCj4=vyt51rx4-xGe(&w~@-8V_^f8V`%%QzP5;*j~8C!%4Wt!&&&a
z0+#0qT;t&teDzZ6pJcJZ_y4~;Yy+f$mw9Y)1>sufSr5L+?~j_m^KG?yj)8YpZd-Ua6|p=L}rukw4&%##{b}aGgh3EvUN
z;xoZ@9?1bO=+7$)z;zxe2H)P!+FK5;dC~fC?O!e7+F!cBHO@bQ-}3vf5pbQS=D;7N
zw|XvvD}D!D=d}ay?)z;#oPz7P^gFy!S1b2ET=7rfDK1<71b$r6c+hd|ZFsq%7M~BU
zel7vmai%=Hw$B^1f@`~c4A*gN09^Tp!GAAp<8T37+jk{g$FU9YvQw--Pr-E@yA0QH
z>`!?0t(GT-KW|q*>o^u4o??yF|2_Ed8J4FkT-&z_{CrK@Ud`c(Zws&Yp2ZJ>Ydj2x
z_v>x-nFrT+SPs|rS_gl#(()XIYdoBTYdqY9EB`%sU4M=fH=eam{jc$m0Og{L(U)%AmJY4bB;A?)g{B7YnE_H@yKX38F;p*o}
za2+>h!qX
zgL4$FadirQsEO6*Pq^am!z-t^_*niNQvI)Sm;nCmAdAlq*ElQ$*ElHwpE=+1G=Xaz
zegxMz>-@MB9_2kNcMDwS$DQy&{<(=?;5tA4
z2Cp{V>VE~U^W!ae-Rjm~58*mLK7(hTXZfQf4&To@KgNbP^y|08aGf7h!jt%XX(qVN
zj|Jh{UrNI@{;R_^ZX3hj_Rp=fgX?@Z06ulGZO4&t#m|T9{J0FBHHY=%Cb*6>-^2g;
z*82ZAT=A#j@vm4t@56OmdIC@Jhs7sI5`O!tpVPo~+{g@{bJu>q3|!l#CS1p*rf}tN
z4gcqm)$=pBw(nTDj!RSEJ#Kpc!*yKR4cBq$AbgNNXS@N|ap^8RmapGSnlyYr-`i~M
z$_Ur?%?{t@>!3=&6<;1+pr4i39Io-u7T$cO#SemOJdB2GdrgAp|I^yF8m{rM9j@_k
z0IvMU;ODYh{yT7uho^9jhd1zNy=?!==<8~A9?^Kn3)grk1dpH2^3;cGJT!%O-DLed
z41UJf6K{g+{PI2g*(&RYV{n~c{s&K5-QsV-b$~kXe+Jk2CDPmB$McKttsi2;
zb$&?*f0EkbQ^IwA$p9bhpFha~*ZCzsJagR%R?eFiy`^C0$8^g6-+QD@^=?Pc<{_qFiSpMm7ZQsRk9Z#0SfA)2Z
zN8mc1oQ3OnauI$<&tc&@o*4p(6JeSWW
zjD!!JV)-Y*m46L<(Lu|<5&rf?Yu9f0nvc4L)R))u$+YRSokB@K?T$s}6i{JBx1)
z&*t~l9pMAMwEFac=UHMt6n^!%kGEs+T?4G%x8YCx^Zqe>K3MJg!_Nz8;N3e|o)Yl%
zew=R(Z|d#(1irhP)qgKM)>O;C$Df<2K1==cZpY!P`&yp!@X6gQ&niLAMmQaAKrlv
z^>#glxAyTCJyZDY7}LjnV)&xQ7MC8L_r7^<`0su^DMs&S{Zz|L|tNr{q03PF#)pI0#>{|0_@HdGq|04KdT@S?02>>DfhZFsI1mOl^t^9)x1YVgl8nsyd
z!hbGoGPty;Ek(U{CW5iUtf0(ezKyK`wG6IpXEvRj(t@>H1<51;PL!@iB;iA
z<63*W!()XK{`cQF__f+r-d6bd_7;B%Ua^+>9r$gZ4~d^8eEq-t*y@uE-l&mzUifIg
zp05U9>(@~|;ZOQno=@R9{Jv=hd`?BH-w*J%KL5EFeq)ivUxrV;X8sDkaiH~2^sM3g
z;fQ~(GcCM-Jga{x_^_JhP2eYcnD>EqOl3Y19?#cFu7FSQ?XnM^^Rdj2z)>UJ}d&C4Ucoc`v0p4d}{>0D*`_Qf9&_~e?;IfBJe1=!uP-O
zq=)ZHWA!f%|ERx>ljiVzlPvFN@QKaLm%~eEu>42iF?`+ZDR`!smgjf)I)6{yUHIeg
zEPuw_;oF;Jfq5Qye2*^%&+X@hitzn@9a0y5vX7P50^V@4c_;X+zE+>U@Vu3*pNGNw
zerkEf!^f7j_}TEj#V!78_^QlS?s|APf1lnC_-wzvJp`ZT{qsNgn@_CV%kWXlt)6$`
zZ#G$dp25?3{^)rupN{`qz5f%zfAo3LwD279t=t^&Q4g)$Lh!mipHLP)=9JZ=7X18T
z^JefZ`OQ1RZ~toE7yfT;tIy}~tFz4~!dvdPcFluVs$sqyK5&|qyBVJCGxML|nf<(T
z0zS~k!v**Xzka?A&+FHR|H8K{wsu9!YvpVE_VoTw1i$9@cj@49j@j?$f|v5^&Z6)%
z-VYVwJ^a3-9=vcCt7l7i>E>2$SNNgttp7iS&-V3oBjGcvSe_;Dcbi(CeejzXEdC^X
zUvsPH1^DDLmgg4yw`!K>ANV(;EIx8R`?{XNBP;J@~@yxrm7
zCbDt|!$;>e9|Nzt-+T)E#3;+Z4gSF$^S$tQGg$pE!YBLj;cs}=QdVvh-@nyA!+)~;
zZ^2Xgx`I^jp8g!60DPR^cb9@!TW9&J!SgS+`Zt1SzG3m5;77Wf4}q^vW9^y&&*j$}
ztKqv>Tb`fbRqC6cgSXma^?V7x;qhtTwck^JMmuHkMd1Tpntup?tF`_9XYeg?tX&J?
z>-;>j8(z!r-_OERG_!L5hClY_6tCd@{P>fwK=^hQ@Ogo(@ZA1+y0Y-5e_6Q=;Dg6m
z-mdVAb*;Tq;k*6*Xd%3zKR5gizQf1;N%+emR_+COe$U^jVEFdV>tprr3r{}T>Nyf#
z(f>~9VtAF&mUjodZ#(l};eY#jfZOmdef&RxxAOUuxbKCp|5HDoz71bL)9RlVK7N?}
zem1!B=cW5NDF^?{-)~t5p8JONXFGU>Rp$NR2Z~xf2f<4pw|agK?-kE{6uj~z%QFF<
z)%T-m@Z7DeK6BuO{JQQdcz>_wGI-kxR-bL~p*gHRyWsJ9TDkk+jeTDI2t5Bs7XJ(U
z(c4z;#R&WceEAZq&l~swzfOx$$nxpr!ueBcH1mhhqBeT4{)8Y
z_rkCFJlkdXmKs*iTkzd)S%1dx{a*d~Cc2gT7QBtmBjtjB<<}1d;T6BPa_hi#{qO;N
zMM^8TFZ|vk^TF^1^{xJM;0^qKd@;QLb*s-V_$~i@&-n-dB;rhFqJ>kt(TKz}ExB9%zWcZzh
z-v974yRF>y@V_cs{2};oe~xn!UgVa=--3VR*AEZi9gydSgFO{~ZHv`s9bEBS;U_)*e{jWLfcM#E
z{qr2I_$Xz=_j4w0=7Y*E-i*@SkQ_{1dqHzlKlr>)~{jtbFzJ5I>I>h9?e1E?F
zE?o5~1|R12sSDTV^jpI9_g^}|hxv8&5V+nOFafT=|1tv}f0Fh8I(W$;)^GbF@T2gx
zem!s*t~|Hk3w>TUiqB80pA{bm{_$$7PiDB{bHS@cvEx8_xW-!}xW?Ou@cb{W+<|ay
z-{J6&-?nnUf@{2e3t#W=1>FZ%{89MV{(S#BT=lsNpX<;2qWk(I^|QuX61c`&YWS7~
z)~M_FvVwS&*8VcrX_`K|%*QNDg=CS2Qh1zhuB8{qBJSh>gH`g=eZ
z;QISJ*Wu0lJQByR-__51KDYdt;Cil?6aIM>>*sRtVqaLEYVZVIExrwWuz&umGyKsW
z%kw#0@nhiaVp;q$c%iSX+_msWKEHPWp3k2j9fx1@Yqu_grrK;~RL*q~2A<@J#YeAc
zU$wo8`us^;c=l>G-V(vTXlB2k9G=-fzn>O4Qp>x_?`q-|JLvY9j(2i;EJCJPv`3czlSS+5ByS5tIsX?K!2~u-|(s4|FLRY
zebt}2{JBp8__OR*|7`H@>zU_;Ka6Q!4Sw&S)w3@Ag5S5cgOBNF@m=8SeSD0A=WJu~
zQ{gN9K79pz?KrFFdiafRtX~eoOANF8$KfS?9oh|eMX%3Yc#FhVZnQe#`+s3+^SJOw
zK5vr_-rJw=W`WQ1=VvA0Q;u7C<>9CNI-w%Q}A`$EdFn};{Sy&^?8aEb;I}n%&S(<^l;Nik&43=Uk?7epBLJ~
zKlJDOo#Ed^vU*I17aeXs4?cRS)#w1cTWa%T@ZCc!&trIlb>=VN8^5(Y$?MtAb$l4!
z!nS)lcz5rh3h?@V-l-1HFx2vX2)`WF^0$W{I$`mH;Kz5H4~Jj!=kIgi&lXul7r`fH
zvOGV*6@M7MafRi%0YC1~Iqt&COt$z0^{pKB=K{ZOe;Z!!mBr_U&xmTj|33U1-|s5J
z6IHbStPiiW)AF=}XY=`-kKwPsw)g>XU5AW>>$-Ouyp%r|SOnh^-SV%2$7^r>@B@6h
z&$AtYuRUn(y$i4Qx8;8f&!5Bc$8BIg*LFF$-o8%;SA1G{M*lp*yKt>1F9X+l^4jph
zzMkYm_*1`s`50bgt+jU${JPH%kA=VA(Aql(zSQ^Ytsi#5fA;h5ak%ayuE2F4
z@h4pO5%=J_k9Z8%eZ+IP?js^K48I+99}xqt`-pgO-A5#b>pmg{T=x;_;JJN0&pYrF
zk!*YAgqO%>_0A8!kkGs^T=yd-;JP0v2iN^bRk-d)8pCxz@)2D3BYojI4txRE{m4|f
z?nl0XU%zDIa}!+mBR|1)Kk^G)_am3#%6}bRe!rFb8m{}1D2>98t7u7WJEnmve+GDl
zSNJyz
zE&dK%_Y05UA1=50CukhLpLM^G9DY5X#pQ(SexU$-kk3ohhwFZ!8GN9xGwcP|{lWnF
zgC17@$#C5-%!a@C+4^T4T=xrG;WejQdym6UdY&`z*Ap!M9$fbqPv8Z-y@@{v-~YP5
zNCodc)$0E)T=y5n;H`X~v>{yg7cJmNYg_(L;ksWK27lq}XXe8d|1~_Juix7b*ZsmV
zc%lW?FSp@}e+Vz;_g_hxgzrz?FQkSi^W#quxZ+F0zf5EO(+aNpi;nQqm2G@Zh3o!e
zF8t{`R`31r|9gJ{Ka}0-^BAuCi;9q>{DHrBXeeCw7o*^<=39Lh!gar}4F1U1#~y+!{v>?zpVpsu;kv*02OiI_50m>m
zsIFsme~})3-mgQ7z;%C70j~RtdT`xew1n&a;$yh(F9yPOe=!=a>x!9h-CukS*Zsvt
zxb81@!*zdg0$$v&|1ZIH-|;tG_Z^X%hab=1p11F#!8d$jo&m0Ty#nxpA6a~b2)qhB
z?g1O0t>Mbk9-eKqQ75@aD@~G7(uCIgEev$mXwKq9D!2t7g@J~9KmxSwjtO9(*zgEwI@L}(nPmRE5
z!aw!<)phV!zgvBF!Il32{Fgfxe;z*U7xQcIG5$G%sD9m~e$#f03qRq{$8*7-_Os$VDUi@*=TWBR<@
zRk-rpgvavdS&>@Wc2Ga-c=8tf=jv9^G;rmA2d?Ya@^FpY>hKwU9W@j_y1&(L1pMJW
z^QG`3b<9`6Q~qVX7k;3zwd-g2cmDa%d+@zJo?pQ8_;c+9t*jjN=e9ZaeQtQ=epYT3
zcv8Qg%I?Qq9`Nm%G-)365gW;POTAq>c
zVg4L#3Vd~4Yu7?}lG~PNCA@knD|Z)th~>EgpX&4Nci>xwSpH}5?mmAWxrhBc^shg<
z2rD>?yN)wgnp=JH1mb_RUk&>~-GJ{1cu(XhSKEF#4F15^wN8eQ^3NA9g6CXm{jk|R
zl=X)|xu+4Ya&N#@?i0AmjnUJRsvlHtdiT&zzYmmK81dRJl>_nH1Mwdsew43A>tGz4Wm4CK!_qm6@+ZL$*dBoqY6gC_p-Gv|XgG7{G_RFDv
zw+8a0bXPyC9}20tK6<|l{?HmROI?Vxr-35
za@WIE?ryls)q6wP-W!2(*9FRb#XNr8h}qYIlt;&ngm4`dL9B|dY7+m$Q
z%ANf%I}q=e6#r%X?;L^nNq!%(2cFTdOa2bzSsExerr+nOT%8vZ!8OiP!8Oh^!!_Ot
z!ZqH?!!_RO!*w3%<{qm0l0f~xK)lA`47kpZD+75J2lDJey!zn}xY~6Ou6DhKt6gt>
zYK5tv)vnC$p`R`a)aQM~t6k;c+P^*s!yVAndt~_wHtDJi%+nhjs
znjl{7Y6I6e92m$mJCJ7z;x(?e2jXW1;!h%8+x;9|+x;qB{qqQ}{)sxs3RAzSe^R)I
zemXNypR$No{UTr-sX_y8SftYZc3m&TLV5h;MW2^Dc~tTvu{{`y>DAS
zdX&ZG^Z3wr69ah~2izZ}{}&M{Qnv{5&k4kj59HY%LHr+q_;G>wev;YQuH##jVO9yXOUJjkaP4=g;o9$V!FBv8;~pyI^FVtWGv4nbdc#%jaJb5y
z3Rk(`x`&GN{|)P(U5MBDgV1Ctuu1K
z)!w3TwYL#m<+g)w^Ys;7-9x4Mt{+yPX#w{`U6`*#9_9Zv5buZlu=q!a*Z!5r2W6;S
zKP866R}HvdVuX1sclD3T?Hh>qOT4i7aS_DN55)VWaajBg#B2ZB57++nIFQG0Wy12r
z^_^Dr)c%zWuKg<=T>DoxxVC!{xVC#`xW;*N_fS9ktzlR_do$kmuZeJ#yAZB&*TPlq
zUiVPBeybf;?(c}#{&fwm{p(dAk57Sws!=_~$ymhmT1Us#&B+N8s;GvHa)VLs6l6#<%cDcM*SNll|Zo
z{ENBfN&Ms#`p&0j!wPucUH!JGiOs85gSYNs^=TQ%<5T8gKNx~|?JuL?+Fv#Y^7s@$
zSe~PZ*KzMOT;uRMT;njRpQP0;jfX^V{e8-m?xFtiM_6I?DI4&Qtt-R)1LRTuF%kGI
zc#NHv?5jZju7Ugq1KuUz7m-Kh#`KGrP-y2sd`)-uLo@jLvSH1N)HaaEmzae8U}V5M
z2J$aJ9$kkogKK+jhHHEM;vP!fA&~zT;&pu<%`fuQuG{_`Ek0c3ri829eDH-)tsjcQ
zfAI5GRrgR8KMK^dGvf2NwmiMz-{!DiniEOlQv0uvS9{R3rAWs9tE06x}pYlJNZSCzG$kQf}XF|YR2Ye0k>;7?1Aih-~{z<@F
z2E3f#goNnBfR7D$i-0e7SN+wlErIyvf%sz)#9s}>Hw(l+N4&0cV*AY%%gqjNzsi!8
zcMpBnG>~6^_aj720{&ef{)2%3jQncvgFt-aKzuB}X=FW9x`#p=1>*A~UdQcXaP5!P
z;o2Wtz~A}K&PV;+Lq#?Wlsg{rYS*?ve1kyzi3sAK2IA`n;uHAIw)#QWX(`~kPRj^a
zd*6kty=CFLUTWkXs!F{;eTE=j`6t4ae<57?HwE(74dlNR@Hzqi7kRXOHA$iVQGF8l
zttPT|1D!6ymiVdqm)$!gW7C5?;*L&rEa=6!f$8%7Y{BM@IY5I+g=I?pbItK6Rh
zc}fNHTn%{1fImkb?JrS%Qd{lP_Du}e_RZ-YN?jt5zbxWa&)yOEAh?cuW8nSL+j(<}
zd#K3bfpULDypBtU;HuAg_SQXK2&=>D)IRAk{mxdq+TF7-nRxaw0I-oUS`
z8@q>67YgL>hIr+l6o`K>5WfuZDtBujzF;6e)=c{*^lyQHr*~JolqVN_-ZlHB;_ySq
ztlw(DbslN&9{TNf1LY1vyvm&g@9XOZx4;#@4_;#ae+B*b-%W6iHos`HulpgxQ;XJ;5yFq59H4i$UhPBy3d^j*M070c)`b(
zY!_Vpa1eg^fW@DJH|u161HNjRjfYq6p{U#z`rrRWij>YD)~cUt`bAAm_fTlAKzz3d
z;%5fpa|YtKB0hiXuwoojK3x6q3a;W(1uJ(T7?@_4=
z?=sB#tscDg0IPp9_?2W{lwIP)z?^_Lfbr+aE~
z@4JV-OBcvLBH(EQJ{NhEe^nqpO(6bkz*7hOKJsW>J%wvr#aUp#tafQ!rGdZQDAb$(
zox9ybzm+ObZcW6i{!QU}PfZv2qK%epEb{*vR_cFiSp%LjQ10u1rwDkdh4xM8-{b*r
z=&tsvo^9Z|Zto4(^NSI1J-?U+*Yk^|a6P~H&RzA4?{(decs;*34cGIFzXN&R4zxGs
zSN09to5DTxQ$OT|^>k^(>v>0QxSn^k3*<=}D0d*@H4ewaH4f*&H4e81@+S%8KOXSJ
z0nf6?zF~Xy_toXPUM+$6*crmQAyNhRP_{&Y{9OZ{FyOOSPxarLi&#|o5Nbg6w4`Zs34`v*Km
zz$dz^e^k$Ta2;1y!*yKU3DF
z^jp#GSO5FJ|K@NIulCjp#77Ine~Ne=S4YEjTwNT<6E%=$8{##ea}cij+zjN2637$t
z8~aB6pggtRLqClih#wj7NC97fJSukue4PJ%x1R!e-h}m}{c{!Z$`f^&6&CvUbs#>K
zyXvp~F*jWMV{y3l$HsyD{tCaaQo04)KPn&Qdyz-=JPOzG@OO9$|Gf6qK>injcE$bn
z|F!pdz%#k4y(+gzApTh(zE%YBP2oDfbcXBvG7zrw%QW{;ZT%JDVWqD`yy|%XuJgS-U4v-a~b%Kg4P*T+(X%(7=``Y5Amw!2zX}y`$yvfdHmHFVR^PA
zUU?3}|1M_tp(g@)9tZ04IN*;0UTwwyzaQ$u)eo)VFa2|%o!mp&9tQGH4)}wBe~Ub7
z*N#B^-+_4jog8kjHxcBCwK9CWRR6c(dFokQI``0b_XFit3b-F)!hYHUc~t+-@SI;*
z{(GA3)lX#9jKpp^uRwfOclE#K
zqw>L3pW<-MM^%GsKB^5|^HD?L@$y-}jfSh-DR7m$0IqVkx`*0(C(z#Gh*$n=f%w~j
z_!kkxCtm&k`tw#GzM#AMQ}b#4;VSn__>`Y4*@QrTe??T-4~`*Td2an5?(PJ>&N2W0
z|3MM7#2)*pT7n|oQ){|}bR*g#6gg>|HYIIO)0C7VD1svPpa_bf2#VNa8Nw8?jWEoF
z!F1@%gt3HS{O{|&KA)UdJ~^jN%h&Jm_~-Fx((}CE=W}28b+6~T&q<75RO;LJ73%yQ
z?d*MjqWz!4v&FUjT7L%e@++vqXWa<@6m|X#mm#ol>engiZ}>o>J)fY?&f>N`#mIk*
z{DKtuOObCy{(ZRoD)w+{o2jGM2|pOu>x8s=-+pbUUMEDw-PFHezC%o2`?&!5kC0yo
z{}BE}iaJfkADJxY5!CrJ>ih`*06y@+#CmxjUM8-~tL?wk_@2f7`PZOM3+jAi@>*y8
zhdTG?-tzbBdx^WL@1f3#@IS%JO&uLSJkxmfo&HG|7}xf^WPJLCzJ2c*-{Ll3XI&YW
za;bOGo*Z%8Zz%YAwfnW>OYS9TRz!&`_X>e-?$$C
zM~b^=$)89Gs};f@L;X`t9j$*O@{c0_P>TFB#`XCB9_l=TI{z|xo$q>2CANoU$Zs!h
zw}(B9>+%0k)Oi?njxl+i?Xt&x2b%o9Kso
z(4Kw7wI8%S#~Ro3U>tSiSK@}%E;M)Or1>aBZyZlLv@L79`
z>;9&oy4Tw{OqI;;vQl*4}XLPrz%?o;OV$?YFc)B$i8lMQQk~
zUBqqsk5A!KjO%_n$M~M>`$o+dcXPiM?Ys$o4SboY({X)kT+gTP8rSpbx2S(L>i2xf
z_k&&D-r{cRRmf+j$d5x_K6)KKYif#orOE60{lOIZCyZ-9HyK}F8rzKe@~7Iu_WaM}
zb$jUfa_4^7_Hh4rD{=Rz8vQWbKjyg3auXP%Y|7TC%o+i|}40X0>
z^3&b-OW}Ko>-yDk(f-DDzWK)W_gTeE{o`aFb4>oTbA3A&A-@Rix!vS-z75D;`$4aVw==HS!$%p{&rKh1T-#r6{Q2Yk%om8exnG3#TxIfF
z{}JS?kY8@{I^Ta7*U!DK^QvE7_x(cD$q?6m&^m+RZv;<@ZQ!4DApFh1C*0$GJnCP7
z`ei1s{d|UT?dSVY=X}(8(d6~@)Z50j{a>TbLe$yfkG>ytd9_Y~xSM(&^0Q4|>n||=
z_B>zrI@CEAb?!HLt@EUDJ#N2dT#wt|8`nCUFYmluAMNYUkK2j6spp_Qqu`bBn5m=n
z=OKSK@{3aBZ${&o=(cJilHpMEx_+&IjP9!(TFWbiQvH*W=#bQD;8tZ1{TT
ze$f3f-MH?LdB*j)bd+&z&nd>w+|+i>@~0vHg30TAn~m#n?;ogh
zD(XbsK`r>wwQ<
z*VhBab$xw|I&)E{-Q@MSw_$Vge%M3YO)W#6!%SZ5EJA(`^0%A3_Rp)x$B|#xbxQE%
zzRwQ-=f7}Nhn+*LaT?YRVgGW<4EN9#X^{0!t@Pm%u{
z@+HXsm?FRR+ntwJ=iA5lh^X)9eZ<|frlbCeCa-m-8Q0@>x$%F=-@RIZ`qNN<3A`Bo
zq^YCxZ8EOw_XFd)etXC`tFCvgv$OFlZ}$DQhq!w*7410&J_SD0)Y1CqB0m}V>r>?K
zN4^O8KcvXFrtp6l*Y)zf@tcqK>-`sTx4bdTx8J+IKWx7pU|j3x8Q=R_Uq4^mRVzgO
zvrJz5ZISVE8F#oEbxuN^XW%Eoe=>En{`!CFyj(9o=-aui@yq4ncZj%q)(NP8gvsl8
z+OfuUzEh0rc-ma!I-Yi=ajkQs@wen)(_lPrci-5*8P_^1jq7^+(fB)KegEw6Ugv((
zI(r$vS>DVt+PLN?7}xg4jTgv#pAdI*pM?H@)8w`O$`t;sab4bZS~@S6jw^0u{D*Si
z4?BvxXUR*`uvJGH-(1>yhN+V?*-uz#T-$%M@qBrc&Yh^QV+O9$(M`jd>GSLEwYLH+Tle}&0w{TqyH{W{~%$wh8G>K}#re=&Kj
z|99hB|6Akh4eg@YhTot-t<WzZug6R$d5rjFGc=D@Ca?X_^P@yR9FBY+aoZ2s$RCFMkty;g7$0-1pWjU5SEhNt5cP9W
z|7Mfd_CJjLNaSBlk^eXHBaq+VFMj@Zd3R0W`xw{lf2i@hH1SmU~#A8lN>^OKD0c0S9vZs(U8*WaIWt#Mu6
zTa4@Lf~Cgwb-^Ev$7B%VZE@ERgU}COn7p=U*H4o7=V;^m_VBsc;_lHv)W5*wb-C_A
zegN{%rO5vY`TofNGev&gzxj5#@BNV9PTU^12c_^4##>MF$Dc8%pN0DKOhF*GFPr?ikNAmi8o#2qU;aNC*Y{V?D4KK1pq-*mpc
zjO%>&GOqI-V*J@`U-t-c_h?_tx7g%$Kb>V<_tVpi>wa2kT=&yz7ReBajg?GuI-;?e6+mixzf1S
zxzV`Rx!d^1`}p=eDDEEh#rl00?za4AuC@Ae1Z&USHa=UZ|!ZL`1odb(T{
zauD5JT=R?M=G8$d^2eC`Ns^yw^12?cGWl$|iF8kj{A0!+JKeXt$@qtI9Q(rfp>p%#
zzsB#o&)3;uh5xC``>C|&K;!Gl&9^z?+HbmCryJMpv+cl!BNqy9dA(+R&nWAa-6
zW#d}^UE}@ZzWzt3zc=b{@((}VwtqY0U&-KQZ*ljmy-?>!lh<~hX#BBn{QQbhClht9
zGkL93Yh0K2e&cQOdg)Qr-xKvefV(~7L%9j|m8qlK$tGX;_PXyb|FzuI+Ev{4+y2J$
zWt{d<
    H{qZE@y1dhk>+;Ss-h8L8bEdeq^Lc6KttQ{|9KSqwoBTq_zi0B=p3jW$
zCWDLrGS#MFjZb;cKj{kN
zufOg6Hsg96e%QDkhyP|==eyFluJ<2|>w4d0W#|4`a-@H}rMP?4$2T$jezeK!d`~j2
z+exYMXX^cSQjYq&qW&Ewuk{}`o-2)d5_Ni`&gXD9$A{#m=+CB(*5CM_o%`X5UjFfp
z;_i{F^Dn8hugUj(+%MN5@bH$n+?O8#ceh@v#`yeXQ~yJGoig9#wVf9jKVqq0=+;=wH5`?qAxT?Tl-C_BO8VIna2i{C<)#
z#)r%Ap`9eI?JSUXUTFN$lYRf(Z0czHA2s=_CI4EA{AVUVR`Nfk$fy0gbN?Llf`6Q0
z{LGzvJ2Q>%ljrjz#dUdWZ2c|S0&%loDA-WU1y{AB#|1>U1={-+xrZ@n_|_`cQFKE$SCF{65Fz
zwf@=0>o@oN?}ezd3+g-scgY2EGyfG+N9+H|xc1NAjq84~(N~@O;eS8*nQsq&BZ$`TK{0aJN6!%6?r2cl)FE=T*jad6yVp
zcd~Ei^Wxf`SLLSb`zEi;`)}j=dCtgpu0rDdr9;p6k2g22{j)3FEmuUAYfrdau0A>L
zs1k`}8^8M`Uw@Qw?T3?%S46`yku!`hl;g}IczE2C_FMyZ?fLUGKi|9HE+3ctAH`kD
zwS1cN=O@U!I@+IU-}`!+Usv+Gh}-Qg*W{Ot_RDobihPOj&Cc}wS!?QKN}b0{UfcPC
z$xo2{zl}G_P45lb{c_p%Zvl7x*1Vo?e}8f9hb!f#_bBAqZ^szd@x2P;FE94(xY+mu
zPx<*?E$&hq2LJNYyx(N<(K)`~-ay{T33A=?xyft4eQkW3*L{1^fABxGe~y0M&o?UW
zrn>r{OZ|Q(ugi6W$=A!x{9=>W_RKL}SmKxK9OJRQefzF3uE(+a#I>C{GT#?XUgz6v
z^3x^%lkw3bd_QdYW9R&Z}~>_kNStI!_wc
zI?Ijg`uzy*w*N}s{gLmC%dkXbv;QXg!R1>epJ_Z@_M>6ObHtA~9v7c$yjJ{baqZ81
zxygJl^4uRAjO+N)E5>zv=>y|BzVxMW9WVOHxb|nSpA!A!+N1s7&$zCy1B~mq(^%sl
z%ZF4Zifcbi&i32YLgPKf?>2RGzK2Va`XI4;|t}!!@56rUS6%gnQMgGAZ`To@Yxj=4W?p{=b_1Hj@7?MSiniI`_}(a?^efaoa!rjq7;JaO1k4jyJC3
zLbJtnd3TlhUSRUNTvr*_I!lb}_|h`tI==L#xXyR9yoq3i$?JT-HLlCML3s8~To3E=
zZfjh}mokm(_|h2TI^T)Lb$n^E@x$bP_sQaJxnw9UJdoXJ@>>6H<0Irg$b+aOLxf?S
zkKpc*@jrR9z&ECj)?Y{7&#T*y_Rki^b-x&BT*n`B;qG`P!&8ybaCf}Y>y}AymygQv
z?JRNEKaQ&8X5%%;^L%%kac%#@#iE*e>-q+3J3rae
z=X;B5e`-JPXI$HPsBwM$n{Qm(Uj`5RP1<>Z@tF7}aMykvUs?=zb*d$QE8OL^f1Ve2
zF}LI^_wdX6zRBzIer{Zs_j}_yzLd6}?@#SF?T0C^%d6U=nykT71(`sDX^Rub{qYNHzC7#qi5C1ZG?T7yw*M8`^
ze)8>VFL7;8*^a(FIVP|5k1?*}C)17V@om1T|E<)&%;a@^sTS_`$2Q-b$Q^LEKWcxz
zWL%f`J>%<6_JzI^*X1qU)_boFI`@w*Zy)12zBJIdjxXgJ*Zw&M9v)X^xhBEga_RU|
zsc{`&I@7rJ!_CHZeCYw>I==L}xb{Pu^uuQ+ul>+-L*GA|@3FOCfIi}Oe=IQhimiNp
zc8dHNCV#u+>x`$1KbxY?AK~HgT>5#Xsq@Jee!_Zb$=7?jaUIX;Z(PScMjF@goFl|t
zzq#?8n4ewbSd-WBoO6+P(Jwdm?Y!RPwLMQ7*E+8m*W=qqrv4b|hmAMtynY`|_w(&7
zZrAU=#&sNNjB$NkJjvA0k>x5idF{`OO@3o(&#fk}+vk18bsXtw<2sJ?nsGf|eIc&f
z`3;--eppBTF0So|UgDa6PVz&Im-q5@@>A3~!MGmBt~7PFmpXTwy!OK*#ETXR5f?|4_#H
z&oFuIp9_t@zo}n;*BaOP-eFwlyUe&Ae?B#?^ZloB9oPDw@w;Vz+dzK5oi10qjQbrb
zZu@PV@vY_kH%FT~+e@7bOkUf0xp95ndXw>ZjcZvXatG?~;5W_i`zvtQ!|(cTjA1ib$PYl2Alk7$scd>x?Cm3ADrf&5I1%DN}X%qaw!ll*M0D9u)HtA
zr9?ROAL82n6XchIq;2L?>e|lDjcfn!Vtn`r|NK40UBAhxE1d5blW+amH+BN@a>@xO
zoMZCZo{NoZduoig#C>~eQD06`Vf`0P{*V3q_Ol#$IaP%DHu$E#>EZVc(>wRu$XUM5
zF5>RdCddyqd0nofQh1^9edPLJI_kT1reD=2uYaHBCgZd2_w9TNbvDu>!Ozc3zPDW0
ztu%i6?tb~(P)AM)VYTh#eMY)nm5ulLsPSGe`I%>myVl8}Ih>$1U7h8=>7na7b>u6D
z9EtiL5nD&kZ_c%*i{`j*!IyLPLw=~<+0QXJ*KZuo?W7XU?W!7{F8_BwYUTf~J=`zq
z;oQF(;XDpB!+G3jh4VPs2IqKP*fGI0*B*`sraK6}+z-BgEDDdhfP7`adn*P%bKtwe
z^Widt5l)T4cSAl7-yL2Fmm#olYBf9)`C9m1@Ot>(@J6@{1%^|b;rzTzD_n*?!+aZ@
zpWD)n+fCjd^OfB$;yeo;m7T$PKX?|rKRgG{&++BM2O=MX4}!Gwr{9xqU;QYLBM6Od@e;$gw-bZzw1CJs<44wra
z4$py)fak+U!ej7UxZbCA?KuoyiM+f;Ae>qam$y)aUJIAEXoOx5AC3Br@Gp(Degs_K@8g#1NO-zjUpvo-N8v}ov*6?5IdJ*NTsSo!J`wpCT;7ruPSyAIxb_@_
zd?oV7!mHu(*0gYHE&Mp->*4azk#K4wd=m1_@Dt#z@Dt%}@RQ(rGIq;V2-o+AI*-Al
za`JXw1kZv`hUdVi!1Li#;W2nIJPw}*uY^yBSHnx-weT76dicrkM))c4X1ILxBAnU^
zpNV`Md=^|UR$PD1hNsI#jPp1=3ZDbl-?QlQW$+y2=fd;hf0z4o7B0L8F13V6Y30?_*8D0%ycPZtybb;rc%+wq;QIfs@N{@9JPQ99
zo(2B|o&*0IJRklkJO=*^9*2JpuY~^{UJYLXuZ8~uUJw5Q-U$B^-V9#}Z-xI8-Uj~{
zJhG{O;QIgH@N{?^JPQ8`o(2CJo&*06JRklIJO=+39*2JiuY`XOuZFk7YvDh@>)}7b
z8{z+jH^YB|x59shx557hk8I{2xc>hIo(>OB&N3|uU&lR3zOvx!!gJv3!Smrg;4%36
z@Hl(}cqM#8cr`o?UJKs{UJu_G-U#0W-VE;vZ-w`Qx4}1sN78)-^5WLcs}yG!DH~<;c@sL@Jjfe@M?G_ycWI}ydEwe
zc?vtA5xx)d&G5ePR`|Z~Hu!#Uy_xE0e|Y*9iT=-mN8xg7GYn?I`y-zN9{|sX4}{0y
zgWz%aV0a~b2)r7e4X=d{h1bImfH%Sqgg3(vg15pChPS~Ffk(DX^z)(cba)Ot3Lgf~
zf)9u1z(>II;UnQOcrH8+KMY<8KO9~SmtWNpE@&-$6!P`((eOt27!n_5Fs9^5IeBkAi2x6wY?J8!+3<9D93F+wfoH+X
z;5qQQ@O*eVJO-Z!kHb%eSHe$&SHmmdweb1ydid$^M)(=kgGVwF{eL+;9bOHO!mog5!LNkpz^{Vm!>@+N;Mc(8@N40f@ay2!@EUk6
z{Capj{04X<{6=^)d@;NgeiOV6elt9>U84VQfv3Z3;ZgXl@GSUk@ErK<@O=0Zcnp3A
zJPyATUJ1VoUJb8<*TV0H*Te6DH^T3QH^Z00TjBS?+u--ZBikqX{{eV9ydEBfKM2o)
zKLpQ#KMc=@FN4S6kHF*bN8y$5$KciQ26!#}adE-$Y;{CpX2mEEqxZx_!p^}muj*~a&maq}GGS|`u=
zb5cKMe4x}RF^YR~tW2t}knhPZqB=K2^NVc(Hh+@&C#BqsjPovi_Ql
zKP28_e4`ybv>D%JClBq$_4DB23Jj*{_VDq}KA0xkjQXa#c#j&Nn&~~$_}hDX&obU3
zo^AYn@f_p7i02t!u#c}FGk&qOr^NVkQb(^j-DJ1@Ykj?zQ`h=>j#lp>b@be)K2^Nd
zLGY#CU)ot`JYT%g_{M$x^P7y9@9VwU_*LR9#=jPCGhV-+uhVY4aewb&rv(3XlU@I8
zk>y?9#@*qEh(}#0_|p7yQa{u9V^TlMxYo}$uJ!Yc?=Z;EufX^VgT2R$|3$pS_yt3J
zzS8)^hj_0t{*`#O@xKl8`5NQv4EJ7d{5z@BV0_@AKHq3u>oghPWw_6`8XqckRv14`
zyv?}QX*YiGa9=-tJ^xeJ?*gflVf+d4sBx{6X?&8@&oTb2)X6jcvv|I7ty5rpzSNH!
zUpL1uPlfTZ;+4j=PL=WNq<*dODN?7-_>1E8#r@zjR=m>q)l#R*_%q_Q#@9c_*RM0a_*n1t#$Oh1F#e5rv++-2
zzD|qrqo#OoHGYiv3ggF$w;4ZEyxsVZ;_2)A`RMkOR^%UN7(Z0t((L#$OkY8?Tz`>sJ{6y4ZWA@y(}suQDDNuQk5kbf2#?en^S;dgImN
z4aT1mZ#I6Y)Ne69Nb;@5wf+j@T0gRZZsJ`p`ql7t!#VnIHOBWn-+L`w
zx;&gvXIzH$BK2_jZJE-BzOT
zp;E*B$TVIj)3V?PAfIhq`#%S+*Bb6=dB%0!=fe*|{Q~2fkHHT{zQnlhOL4diJ%rDy
zFg{IcRl*NN{VL;f+c#1T&q2P%_!}~<7CsF5I^(*1*29M*-(Xz#$42-F$S&$wz%SONUn=pJ80LwS{2b)#jO+TUho6glgK=$ZBm6w%n~dx6p&7mq`4;24
zf3?E(8q+;(g>l`#+Ta(Ue!KCGbuWXYZu`Fw`84CYf2G5#kk2r#+j)3QNTwg=Gr?nW@{kIi<
z4eGBjzMo8MgI|k$yK!A!9rSmr?>gkuB%nT2rlrGckk2swCz%$7UyppI@!m2m3w{Ig
z*~ay?Uk?06pC;2{@TZY4F}}4-i^HEmzQVZnPbK_Wo(^w9KEt@~?@{z75N(D{bgD${A1+njBESr;h!MiU|i3IjqtxA-();rrZvMq
zMZU$j9zR>*pCP}(xNdK4@XwKNH@>e8U79OEylHe
zEBssJR~SD;rnSMpL%!X(_Ge^kA9CyEd*suM?=RER;qAz07_X6OQTPwYXByYB$SnAe
z$Y&eZ^_2tvFYhp$LA
zJbcrxJg3I^(c-o6b=*ppuR7yfh}Xl{MZUqfp1&I5>mlD{{0*t!4DW$_i*X%aZH2Fo
z{0igR{x-tKEry-wVT(_Snd?VyDjSrG(S@4aK&o-{t
z!#QvrgLg}oXS`$khxbJN0^@o-iNSjzUt(O3Cvo_u$X6KG<3lBUGvup`>+zu)o{oHt
zaXmiN!Z%00&banZJzQTyxc+P~uIslEuCG~LzR9>AADZD?p*=0eb$e@tZ;kv4;96CdQ#^rg81hEco`w
zXB*f3B?rC(@_EKja|;=K<->PGzQFhdACJV~J0V|UT(58A@STybFrFv%E8)8!UuC?n
z5G~;{vSR@^uiTWAFb$vzQdm*1`d>^Tw1>YO_Y~vl*
z|L}c~&oi$1e0X2v3yf<%2HzL?6611siNxXiAzxvzCZF+#`XAI4bMWp#<-rp
zYT^BmuQOgF?Wu?NN4~+ho{t*g1CVbruE)1#_(0@ajO+f=3fE(vYw8N)eWd+u@WH6x
zZd}jTk?s5wU33WYX~sLYe|R?X8OF7K6h0LBOyhdK$buh$e7132-W>RW$mbc?_T;6~^KMMIeR9B{c1Y|O&UcmVEgfEf
ze1>to9*Dw^Lq5~Ep6{~Y$0MI@T=O~bNyz6JA1m$8ho69afpM)LgP(|eiE-_pIQ%5!
zD~#**SqU#hzRGxiX@505hJ1~2ZGSDi2>CkWdVN(7pNxEiam_cvry$>CTsFT*GkhxY
zEyi_!Y=svizrwiY+u+lXZ#S;_$c~Bad^+-J#y8dNA6|ldhH+iqD0~L;na1^am<2x>
z`E28Qe9nQNf_$EFJwD{aOOY=yuI-7zXChx>T#r|A_$=frjBEW$_-y2>j31=iKRk|n
zjqwGNuZ7P+zRtLgpVY(4kZ&-q;~|akxyUye*Y(v5FGs$`xLmGBTH*7MUtwJL_cr*c
z$hRAxCH)iG$^XYiPeVSXOylw}k_EpQ`E27lUX%mB1o=GU+W-0RMaUNzmxqxU
z{8HpgjCWlB!!JX=!nmG~D&dzSUu9hPmuh%5@-@bFebvIRK)%knJdD)CuSCAVxaJ$-
zS0UeIT#paU@T-w;F|PY>EBqSdR~Xmpu{QX%$hRAphaG>E-9@iMK1~X$>+6?vcn$Iy
z#x);>UyppIaqXWh_zlQs8`t%l1HTdZJmZ7p_?Zu1jC_G{ef<)H--LXLajhSR-;8{P
z@jawHmGE1TuQIONLp8h>`5NQ$Fj5P@75O^j+Mo6C+mLTCuFKm9za9A|!SVO;yO4Spx`?Z$O^BT>I1T=XvF(~R%uW07=t9r78*50-osemC-&#;`_`S&I8P|M1d@1q;#&vs(!S6%9#JJ|;@cWUkFs|*Xgg=0Mm2o|PRm1C%
zuQ9IqTKI#=*BRIG%zF4k$Tt{2HR8V-;SVFgN8w!t4o
zzTLQvheUcu!Y>zn4EZ$Uy1vrk4ajF0*ZnsNe;oNt<9d9^f?9
z!prcDd?ft-clgHev<>|OS7#IW0Qjcxli_-e<|bFc(~-X&zB&9kxNd81@`rGJ%Z~GZ
z_H*C;`xbQDagR6Y@4n0X8T^04?|Z>zC@A#daCwOk`XqSAwNfyp94@DnFn=jL8jAmR
zCtOx(IN=$%jvcxQ@4@w&+W9Z=-5ki*kOBTbZhh^p82mgEz9+l{o(Vq(z8CxkxQe>(s^1YQBphA)N>g)fI60RIAhAbewKglmtE
z8Mw)N!}ZwXd>s4`2l90x{7}W<=N<4I_
zhu;F91Ah))2LA*;7d}=Fg04N~@GIf-;QxZ33g1Q!ny$`i@PptL@Y(SB@M`$!@TcHs
zz~6;0fd2wN6TVlDf8g4A7JL-^Z1@a#CHzA8Iq)ao=fXdPp9kN1n1A5fvk*QQem=Yw
zegXV*_=WJ{auRa&tKcWYFM{6$zZm`u{1W&V@I~;A1)PQ{mUa7sG4dAH%PQuPY~e*Pa{TyTWgT
z9}Zs(FM;0#zW{zSd4}LQIe)t{m2jHK=>*4FlMVp)N
zgYX^U55Y&lABLX{Uk1Mg{s{a9_@nTD!ykj|--mJSY=HNdi%aK^!)L&sfL{WC5?(aM
zKX7%Pg5L;#8vZ!^8TfnfXW`$&8{u2X#jcz0bMWio&%k?^nKh4BBt&xU^kzX|>={Au`i@D}*@@L%BV@IlA;2d@1;z)yq!2)`cwU-&Zk
zPw;o(Kf}L<{|~;!vHpQ;&oA(O;So1czK(;h13wMEF1!Z59{dY<5BQb^enyVghxdbT
z0N?qzM1Di~A@DT#N$`!}U&A+sZ+(2C{wDAN@SgAq@Lup)@J-=M;G4leho{5SCMDXl
zIlK>i3-}25mhd9@R`7G+Tf^^xZv$_FZwr6qghV?t;P1k>gMSO(9)8h@i8?#Lm%?|1
zH^X;=x50OYXPlI%zYF{zcobd;?+rf}zAL;I-Ut2+d^h-C;k(0iaLUmh@T|f_`}c$&
z1YO~AbcPA8}PpHf5P{LZxTzib3ge0@crTA;92mQ@P6>y;r-#C!3V(C
zFN%a;jt0W}zz4yH!w17pgb#tA1Kk$R#TTM@K@pa@RjhR;2Rew+BqJ+FMI+#A3hO&2K;FFV)!xe
zzrv4&{|qmH?=UUV&g0-i;m5;|g-?Q?1wR447=9xB3HV9y58#FHAK@|hw$l^sFMKj;M>khwEuE=e|R-K
zAASXV7W_*1BKTGC$KY4P--TZT{}23H_~x?{?Y|B_5MBd67JfbaT=)&}TKJ9d7vPKG
zAH#2g_lPIjc{6->_$}}e@LG5g{8sqc@Y~?G!Ec8*!k57R2EPN|V@{&|cfxmt-vu8I
zuY*s4-wm&X-vhrHelPqf_)_=>@cZEH@cZH0lqHty0r(JjJ-h(^ApCOpL-04?55qT@
zo0#u1_+juz;B(-Q!moor27d(J0B?am4*w4R1bn;lL_42^4}m`gp9Oy!em}es{xbYI
zxSy+kzt+Y*^id=dmH)0A{9Hf5ksSC2@ECj}cqM#ecrAPrcq4pMcq@D}ctn=PwKE+a
zg>Meefo}oVYaUl;J@i8*@@|@b={d#OR*Jz--3Og-18+i|ZQ(26?m2yBCTa51{c!(A
z%i~Pri{x>h@pt8M34904w+in5yZw58;uUbWT-w+5aQEMK$v+Nv`QE-vqy_H&`=Rt{
zyYUj)xYm(+ZnCR0K^1s7M^{^4s_F`D)|k
z;`PRFkPd1#zOihKZN?uJPnZ61^K}2dl#O&dxNGOlzB!R>xXXVc8}Bf<%P*CD4DRyj
zZes9NX}m(b)_9MteZJ9nnrytS#!JQj0e7XJ^<^SyvYvH$%Xah=Hix@>57{5G;O;pC
zck%h5aF_2R`2x7h|0ww)xXTZcd?noFd-e&w1z#7zU0#n1b#Rw|OY#rGU0$!no8d0M
za*yC!@by02<@K1}4tM!a_H^msxGdYdGnaou+8>3xX;u3K--55b;4Z(8n;3lM!5#f?
z-;g6m!CihI$;aV4`DplE->>dsJHzXdchg2^`H7FiUHvgqzXk4S*M2^)f7jlb`}ewd
z#)f{n`ZoRj<80&E;swSp5U((Pk{oExfxC7d=Vlaq>EBz|`3@ZDUH?wH`afbll{7XZ8oisTZW9H`feM~$CwxX0&
z#G!DP|5)+`aF^d+?voY4T|OemU;R70+MZU)Uu5!INWKp4o^!F>?|BgJ>K`n5{kykX
zKVMF$@0GGZ!p!RBax%v
zF8{XV<8YT>FwLcd_oc&K{%6VS-(z)IIkmWWME{Pe^QZ&)(!YP|-2H1R@e@8a^>>ov
zex#?LuKC&-{&Cd!*pt2I7{6LPX8cj{O5;6F@pWpAe<*%8-1Wmg(oX$5nA*;VN`0L-
zP5uDM>))?*`QAPneoyb^A2{C?o(1m%9}0KvIbZ4*z;{Ew0=_%E2JYtljf^AQ3U~Fd
zkox-f5M9>&TNn?%1z-Ai4Aq|(kI0J_^{>S@g1h>+N&QT?d(MYtu6iWW5AO1hN6Aldv4)FZn+LdzAyX`_*nR%@KSgVd>-8O&uP*>SHp)PzYIPc{xsax
zIbZ602p@s`XK_eaJ2ENaUmNTzC%rFnA1pIJ^=rmu}(ITKFjB8{wnjt?)5$
z9ei=^9}ADVg$%x&j|>0jzm0?+0iOy#621_g55E-d{(GtPr~VxZH{YX>f6(NwkoGzb<*Yax|{Dr*4a&s?Z;Y
zyLMhL?R*C=Z+!~$`uqG{`{mLz^b8q9b1s*dp=ZP8EkB_bz~wDAp;y4=(lhiLcq|nE
ztpQ#HZ-GySx5KBvGh|%EwSOu+8(s`AfKP*0z^B8{fxCXbN%~oTPq>?}TzZDj(%1P-+@;l{|)>i_*Ogm
z2X1*Uh7W{a0xy6sf)~MEd$OfH3*eU`zZiZQTz~(eYtQ9y{k?_GtKpHI`~&A#z@zXh
z;W_ZD;4%2s@JjeK@LKq_@J9G`@K$&YyoU^8y7pfW-wl2Pd?frv_*D2}_(J$i@Fnn@
z;V;5(fqx3Gh4O(GnH}cu=d*H+1uAOnIa{~O{!1b##>i_5J
zFI5bF)<*pU=lA*lhTj{b{(&{8{*pef)!UgCC9XgW%7>bK$NZ7D_)%g+Gt{Lih{tOX03goz$s=
zzli*D_#faa;V;2^?&cr3<$4*uHQdd2smwPU-h_Ms{1tcw{8e}j{EzUb;LG8EfV=iI
zNPAl0uOY9$Ovf$P>+tCA{(&xE_>>ba4hxCs6O^4Gv!en-hKga3&9JMjO)
zzk&Y*-)bNKz%B33@PY9E!6(9hftSN0>m(-Bz}JB{z}JPhz}JKS1lRX^xVh}u*U!tf
ze|_W+f^Pti!8e3g!qecj@QvVi!`*rrDC?yOzA^GE;G4kH_D!_ECp;703!Vqx6n+%k
zwP&KVCl22X`T1~{pDOtpcslY8@Xg^Z@Gao&@GapP`z4llD|j}1Yj^>C8+ZkLTlivl
z2K*`bcJL43+rvMDyZ%`q{nKOrMEiF@emD4z@R9JH;8Wo{!xzGLfiHna;V;5_!#{=Z
z3h$AXXurM(%E@l<-H;y%-yJ>9LyZkcA
z@7UihtzX^&$R7kB2tNU??{Ra_UjQGB{9^bJ_*3v~_=oVJ@SorZz;_(r=I+~nAp9Ws
zLGTmc2g4V@4}mX+9}0g8o&*07J`Da7d^mi^fr<8yfFA@O2|odz3ts>~3|xnIwX0kMKMVN=_}TClcqP0Yehxh2
zphWx6g&zbz4<3Urgjd4Phu6X{fH%S~gtx-0;QD41w>@73j~<+8|Hbee_$BbE@I~;2
z@Jr!K;FrN)gkKK-6kZMQaY&+_SHO3JUkM)xzY0DTel>g{{2KTY__gpC;n%@ez-!<=
z4^6cHdU#*>4e+t>8{wt!#qdS&o8U{~H^Z01Z-K9b*TQ?|B-(!~yf6GV_*nSu@KX2^
z_#*fn@TKrO;mhH7!B@iT;5~;$!Y{Y|-wp2zzXv`RelNTfz7)O)ejj`({C@ay_yh1Z
zcs+cp;feM?2pNm{8uY-;|P~vcmGRq8a6L
zM@`8cTv|M9dU;81{+KE99ApO-j-MPvi;D|Oii@TemyPJ3o0yR+W&_!U;|j})=N6YE
z7sLh^7EUdmGq1RC^1NwLIH7!K;i##_v&w^wa#Zj**n$R@7SEmQ{~v5Y0p<1^ptC8QF*9B|
zYQoUMv6K5H-LQVICME5S0l|S~?K&dKLjT{-A<1?cY$g2*k12MCq{3kPDPFs!(bd*b
z%B{7eb6eA`HE7+i($d*e3QJ}Lhx@K2CzJ=9N6KwI^)@=OaAH>B#D2lHmOm!g
zt!Jpj*{1skyb=A~c6(}WvZJOyJes4X94WglPtamHp!&mXmm^`W9%YkmF5P_Yped!r
zMP*%DJ0_TUw-54zif6`?o>#hGVnBR$yh|h2qzwb(^X8W19vK`I%|UI=4~xMn3=Xfs
zDx6ptYzyPZOc-El{`xJ=ZDirr)}^uCTx~<$;s(3vlv8qp26kC!xBC3nwz_R+pu6Nr
z*7Mza`rzQSDE`w*x
znp<2}9-K}Gbv=IlzrF5HcC8a!LY3on!mQa-*Y4u=|LLoWq(`yAr-s+#zv@yvS>d9!
zs+jE6{BQcI!8aABx!+>>I}WH?cS8AZQFcZ}l8c_-bT1qjjMq$cmv>!u!r(~$o6boO
z)Y3x}%8Tc?3!DCl*WOcR&zf6a*l~fA`qfm*7ht)$$u1K5WzCy4!;QYh%gf|?ivupf
zkU+nIQ;Vk+%_}VrhUrR+%Zo=%a4*%|%d7$JWmbOhu**gC+Ez`ntGH{ewQOTN9BJ${
zq_yTRMuJzp;|jyxFPk@|+`TXfURs7POgctYgJF}IvrjD^HGZwu%8~ApG`M7NC4%wM
zX~kv5v!)aWm$115%jd_7gL6RYYrEtxWs@DEgApjXNDhYRN!Ky;X*qkFo!
zdRJF3>2}u5m%Xc7<*S?b>Q?^hp5Je6HiJ|}J66={Hi%ROI@Zu{w`p{9J%k%$@Tz%k
zabZz;p?e{|x{c8s>=Q3)I`1U9NU6uB{L9ni&&m#lqx|SfV$bY2%yxcC?&=SqUC!UD
z*+cPiGU(Sv$tYGy2)bYVSojz0{npZI@F$Y)LRGv^ib4JRxc5KP+;L_!o)G@5mZ_v~k)8tH5
z7@nnqWg1$TY_z4j+u@M#py)3&isEs%CE779cPY@NO{u!4V@cwrxuvQ4w)2*xJvuNP
z)=O-7N&6z@eBEeZI5y=jkqX^yxQ?a-mrLWvxb=bSywt0rqtNd)$Q7I)#uWy)Q3~A)
zxZHeqitEyG9p?~#haw!HOZuW*JG0{nYjo0CWyz%HosRi*w_&TgOz|ssm5u1$32c=m
zx_1s+Wr<&L8cSNYV^i(knJj6Ijy3;(bTV80On=S!EI7uj;^>}q-oMEKK56BSu3Ylg_haS$^G-K56ZaCcqT$7SrA^vv5uKtXg*lqe}b@a|D#q)#VkD0-{UV@Py
zd8o7EYfvFMPkufLX<-C0>jF|6wfIz11x|2?fJrT}H;;X4Y{D
z7by~<-ymy+6Z3n{XYAK
zUWju;4Yruz#b$W+aAV{C&2RqVp_>EbDTc;>P0{c&u)OQLg@U%OopE_2Ub%Y_>dESr5}$yyu$5SdhF=QkCdV@1%Ne$L!s5x%X(#
zC@Kx!R244QuU;g#&#qP9cdNCD)5ogTLU#w@+!h4UqZGE)^!r}cX+1K5jOS9Q_
zyf$0yFxK!STVvAK;+?n3+}t73X8)dd9ainKBT6rHes;&YccT?L>Krb&{ro`3h-``i
z{eyR5mKIG3KFHwSn?E`jJ#%BcG6LJtKSQR?E<3HLZ0e}s?dK`p-sZ0N-Mz#lcLm+m
zkH0NwmM(cIf4=QpCAcIu467XY%f|yV~ip
zTq&Lz4ATFqt+8W>sv9df*?BzaXjI4XRJY&NoywC|>HgU~>C-zJvDPQ_RhRvh=k!$<
z@BYPAr^Dl_i~a^@_AY0xq;p*BlUK58YkB@kR_fQE!je|iEv?&Uu~k<2l_#=Q)(&3;
ztnIlhY2}VX*jk>>k`~nt?f0wCXi3W_+PsD*wWQUwvHgFK^IFmtgl{4Em8Z58h1cxt
z<}YTGms*n(&F?ef(|=%aA>u|pI^84)uK(xiJGwA<~lySNtfysa`5hC-T1V-Qor5}Ix_JdYqyuI
z-TU&*y{+GCJI@YYmzB+!UQ)i=RT!+Gj!k;47BSe1y7h7KAwiQ$i>IxkMdtO^@6)XC
zUEEX4f;Sb)E8{Nf-Hoht9#e5$HuBfps*;zQovQ|GBE=g_*5YPZ@bUbt#H;?`_&zvz
zog3an(oO&OTJP=^QId~w{%+e{@Dg@hVd?DCf+32@v*!hG9!zoLHN~+mcNwE(4}bh-CzE8KANYNiY;bTe2;M*7KG&c0lxp^jAmxAm#9EzB+*OuaiyV#)
z3jOwXFuS=l!2oFaym)ExsL?Wf)9Dsk&>{AgSopab_l}TY*e)0m^l$wz13ba!j)JS!
zQDbLj<*r%T@N79CY*3*Lyp1XdK4X$-<;b|ZnVu^r&+)KmhL`bL%1pZ5v2r7Rh|@Ax2A@auo3ckLz}`U;0`I}hIJE5?rTv{b`m
z-MVcU-iYgZ!%7eSsjquFH>x|MZJnRdu^8QamG0JWH+m&_-;sY=77pU`(>a~CmSFDr
zo!gUQ36kGEGEcSV(1GDtahF>Mt9XNda19;or`qe`eqw$hL8@Cl9m5fwOQc?LsR~I4
zbeuy51b0GL1>M4nv|a;
zFrC=l#`zJ^&PR;k*B6>Mc0qtnqV$ibLt|G=AD?$ixgycO9Y(wyED|Bq!yk9sRA36r*ZxM8kc;CCOM^
z(DF5XWgdKZHYm8tPsAj>r?XbG^6$zqhnQ|HEZZ1dly!OYU2tXg`>eCzFqgRdHzoMZ
zt-%O)s$tRKdb;Dw6LY?7N~Yt^Bvy4#bTxMc5o<-f|CJ;8`oii`c)>HfcXKQz@p4bqEtRb1C7NL?XwcIF%qKA6gs@2A7Sz8uTtk`Xh
zq3H4Fk^GxK4?{A4VkH{Fcs%U!cLA?zXiuIrrZbKmE4?(6JxpXB-e`F-!#YrD?<
z`F!5zeO=eN&UMb`eE!^>taR*1hVTqU*>E{TTctR&q_D*Nj#}|bXj5JaKNXvG<|yWL
zckt8+xY{e96R}^PmFquhzJa!a=L+y1h5Wq2xp~E6(U;CJJxj?a!;$=2GG464E4Cip
zaMkx@$OW+8i!XBWo|1*vmk0mH*O$Z8)=S&)9&d3+{_EmPRG2pYb$eJq&w+?vp>rfzE0|i<%9`b*4Zfvy;nWzq$GTfZd~dx
z=oQ-}J$h*wugG9efx#ReIE?Li!x)yQm9WzufYrfTQX7Iv%{AU!i*Z#lI@MtGcGeWp
zYf#?v2%(WT{t2qvX;{>*ot@H-q;mz?T{is7bMo^FTlgXOD>?bcVe
z2N=UHD`K2?=@rJY*#&btx%L8Axu+M+T@b#66&*$pLRm0$LoC7RpnhKhj&+C^Pq>ID
ziQIf)Sy3mkWVAZ6{yIDR6z$sdj?}01I&MkV{1C|Clf=vvS{E-I!&0jIc!=d1>QUmR
z8SEZ3Lya}LvI_|`bbC6APk!a=@ho{o(Tdv*^{2owjz?+4{?<$SR6KgYarfL;AvbDAIw4|?(jaN3&HW9(eenq@{K3>r^1cL?#&hQWwf3E{zKwd
zXJAw2PGVM{(1vFN@M=2z{0eu|z#prHCtnF2;2!(P$rM;Sc6ikethTR*WE1dha&^SjN;K{J5TY(!sdW
zB&J*Z>7%BK?HUeV?!uoDge87vzN@c;4aTQ8VzKjNIBPerfekUOf&Ko4w^NW62Of`K
zqL$vm*%t1;h}=^MucXeK1;0z!`O4BU;pHaxcwC`S?g0^vI`wxgQ^75dM;GVLnNc)*
zYVP#u&?_QJiW?vOC(7OvGOM|<23007XTV%bTiESnQl!=6Ndov(cq9RIR*6;%(+hTF
z)j>a>irJyj=XwU;`Yq)fZ?(a>b#xwscL#et5ng!2MWm=@j_{&+^g<{EYo~7v_R@q`
zDY7zX@nQ*T-K=V{+#Z_)SV&Ef7C1kb8tUWj0qLPGTTuWf+zo;L5yG9lm1&S0JYT
z?s_}>u`jqIOT2A=hu$9(6_Fc`@`mz6$%U$JVoRdfyIJ9qxcEIvm(Lvk!L86mvK1yqXw#B3pr+$H&weS$t>x
zQH@hryM%X*&6<-pW9sa@+3=E`9XsnVKmYQdIh7Un8Q`g`xCcUC82(S4P>ZoW@}fS}
z#Xa+%-}$M(X9l6<%Rjhz6ejIz4x~oyPK_NpZ&Y55b_||)!w};=Gwo!`yR%f#Cfq~S
z3AY&C)DzE`Pwm8gU~)`x^M6!j8Cf*IdCq>tS*&uxsdsXm$a+rO?9Qx}nz<{1TFpCt
zqRc$8Y7QrN#^+ugG@W;-sY#1Sa%J?aM_D`9I=;G&Z<@GpF$oR8E(AqQzr!@O|G?o(e<^|-J&cW&qB9pHU<
z?l$`511{sTXA3*76}(;26i9Y+6gOx12Ru8x+r&IyflS4WyFI6QJeHqscGB`}HPN$8
zMjKD#v(>2vdqp3c+@QrSIrZ#+2~Zal#S|L}^xd-I9g{ge^w5AeIo0=9XVx9w&b+K6tfHKyr?XNmUI&eD%Q
zVuS~~$Z2Y)c$p}}BR&HMzv!z=8Y!P?_%$UjG`a_S2WP*PB%9jgj4d+Mi17s{h@G!r
zXAO0SCwEPgncU!sAiVJb-fJ^TzFI;x1Bl@ft_X4Do*bNH#-IUoc@_OT^uSA3;f1~(
zb^x1G;i-ZD0w3&%DoQ%hX0JOdz3CHYPc;1T^lEZF29hhD)Oi;Em?4}d6y6SHSS|L1
zqdR-_BBMJt!%5QyFLK9c3f_8*8g!NpcUl0bdDPST!0Nyk6l0(hlV@Bua7M}r^ar25#C@m-i;XYo_DeTD8N{b^%7vc`HVg-1x
z_Za3@H1@EJ@a#)fK+!lOn%DoxW5(uAhaU}I;A*NN=nO?u84oTJM*{tsJj`(vv~^-*Uvs>g|%^QM)~f_FF0EOG|U5arxy(~9%lg$3FK
z*Q96V&7+kpxsBOWSTHBgtpzThxQDwDEW>xq*$~b%2f~v!Wo1+0F`Icsb6`QXWWm(=
z8O}iX;VXPaxifH1QAysw6HlFZI6U(){e1ckzh5ge+I+}qW{|#`d2XcCJX#6gjfCdC-9-$?yfYoe+`50X@OtE
z;QwWze?5bL#{$2Z!M|&PZ({K8S>U%Y`1dXF?F{|{3;cEl|Dgpw5st-=8b8ez_+AYD
z5sUaqWAGnY@DE_{A6wvuGWbs{@M9SK77Khfga6b5KbgUQW`WOV@Sj`YOBnpQ7VW>7
z!M9lOFJthn7WkD6{tFBIoecg!3;Sys{6QA@rx|=-3w#5EKiC5QCWCK-ZBT{yxY9KK
zV6MTBntvu+@NZ@CGcE8P41SgcJ|R9@|9lI4GJ`L$!1reGMHcvU20zyVKZL
z{4EUrb_;wBgTKoHzlOozZGo?6@b_5YH#7KqE$~f*SL46N0^iK=ueZQ&W$+s;@Er{P
zD~tF~fO9qcsN=`i7WiZa-)@2L&EUVWz^60#Z!Pdc82on@_)Nm9@$(Oh_6sujH!bkl
zjQ(#~;3qTqe_G)48U5e3z|Up)w^{iA5(fXh1-^p8e{P}wat7Zu5c~MGituXud}G01
z!|?xLVgDKi|Dy%Ip26ds5KIssSDMD}%^cps{w4S;O;K#Kpo&RSGdk|!Ed*)KaGZ?&Mp+BDM;79d;oCUs&;g7e#FJbVB7Wirg-`xU#
z3xn@rfycQfe$@W^Cky-<2H(>HU(euovA}O8yxRW1So9y9>)=PlCt2{n$LODIfp1~(
zzgp$vcf$vLrwf*+8zz<;XaTfLu
zA-w9peJuDh8T@`0_;C!rw*`I@gWul*KZC)iTHxn0_&yf+OBj5b1-^ptYW&1ow0|{&
zKhT1ICE?ZhImiNkCxgd65o`agW$*`E;GbsjT`c_9z~FIBHdg)LB)r;w0So+l48E%c
zehZ`jK-dKy1^!M3AGFZFmcgH7fq$C8_q5Qzfx+)$fq#?1pKhUlGlT!L1%4}o
zUuS{uVDLC6i#7fey2<>l_P=v1@I48y&Ogqzz^5?y$rkv&41S6QK7+CUFBbTr4F9ec
z@i&ISPqpCBX7D){_{j`@ngu?e!B4lqmoRudCx|tE7c=;o7WichzQ6*%lEI&6fxnZ%
zpKpP$W$=X-_@^2CYzuq?;nn;x#{%ET@XxitzsKN{Ec#yygU5R^VvWCT48GJte|O}!r;p-@QWGz5)1q?2EWt-zmmaUVS&Gs!Cz^CuVwHd3;fdzzS08U
zKzI@k-amhp1-_BN?{3lmnizbQ1%ET))%$7^!)ic3;h!r
z{Ph<2WCp*dh5jiF9@i9O&Hrf({;wAJbi%9cf0G4%2!p@b0-wp?Z?(XWW9nZa+iz&A1WzifeTX82#Rz;9*nuUgN8b{bLw>lLbDT!T-wwKbgTFXkmXogMY_@zl6c#
zJqfXnKZ_as`xf|R4E`ev{7S;B@z-pDU&Zi$Y=M7(!GB_buVe6dPe-i&-^k!UwZJzr
z_|Gix?=kq#E$}T2zQqE+jlmye(SO_<57qU9FD&?b5>UnWwct--@LyW+_a(d<|9DSN
ztno8|!GB|cAHwLr%>tjv;J>%Pk7MvZSl}ly_#Z9sGZ=h_1%57rKiDFEE@AN7E%+-K
z{4W;xmLIx_YvZ>=UVWWF!*T}_{9uV?&`sZ8V>lu831%5MwKi>l1#Ndl8@LLG4`X8TZi?#i?
zGWgjR_-%~-b1d*qa&-Q`zyjZs@T&bsS@i#241cKwe;UI--vXb`;4iemXE6GgS>Q)7
z_yrdDAcMci0zZMlUuuERA-vlD7hB--8T=&{__>V!3oY=MF!)6l_zDJ(&y>d6|CclP
z%PjD#82sfH_y-t#xdpzC!7s7EZzQ}LKSx{SkIf9e!h-)zM*olnzL~*aWr5$y;PIK_
zSmURIvHxldy!)dB>iT=N1->W!sDX;V)&ifx;IFg5_hsBzyP78b^qyJqN_$CH_j|IM&!Pi*eTNwPk
z7Wj4sf1d@ugTdc#fp>O~KL2>Y0^gIt|J?$g!r&jY!1rbF4_V+d7<{b-eguPm*a9D9
z@Q+yFCouR&E$}&nSI5sa7WjOI|1k@E3B$kE0)Gj^|F{Ldg5iI{0$-=>MgRix~*Arg-{ib6q&L7@n_N0fGlNHPtoW@Aew~H?I|#4#
zpXV*`&K}YE7vJd3ll$S
z&`j`JPY0^@e1e2Oe5q$MzQWV<*$=*9n`U~pI!;4Kwp@Lg+=0)ZKM6!`d#2Fw{Xil=
zy)K%zI!@`zaM4r1W7W?9_=0un_%gz~@#bRm?}K57uwOIG#qZ?;N$UK^8}L^XKe;hn
zi;h2&@EW~SOZZxP4#lm2PRre|&Z$u1{9h3-A3&_f27(XzzaGeS|DOx{IQw(%5HKf0
zitvA3|0@mnYQi5HM#_S2=jE_j=&$Vvrb_)&2#@+d$LL=J`#JreBz|lk^`p@^jj)r$
z|C{iKt6(}--SnLS-|tR&)c)$hP}cdsf^D4rIgI_A82k5zZJhpNh<}g||Ly?h_{)gj
zZGZItiwys<2L2M__p|?K1Ah%;|H};jECc^_G1@=Pz+cbU{|du@HSz21x{>%d({sRX
zGk_aCpSukDS3f8ZqhUCVfx|tYRj>i;%+wTUXZ+U)$Ljqbf2RxU#CMabpVcw)zh>Z1
z>=WI8-(dLhova-H8shJxDg|XtO~-vFwQheJ!;iM=_K!C3ze)TD`S6bfJm>$R3_t#U
zsm@<$;O~f$f0ltio8fO__*WSCdp{%%_p={==ZUjFpW(;f@6_#IZ{W|2k^gA}|6+z8
zf4@`b|I)xegZTaOSBrsvCBu)u->LKO)`gG%%ZVT72kHmtJfEI`=loww{5f^P
z|40M>Tg1Q6!xr8D1{(O2(`5fIQ~2@sH+B1G8~7*GO5meD{P;UPoc$FHKmPuv&i}rF
zKk;En?AQMIJ1rc)b3k>(e#GyW{}KSt@ux8S`1_eUKmN`G$3Hek
z{u>Sa84N%Eex}a9H#`%>@z0Ere|LJONYDR4h97@_Pv>7?;J+e9{t^R!4#SVXU#9cF
zYv8{-M*g=9{ACP3{(hOxe-fPdasGcHMt=96PTl|23_t#Una+>bR5<=miGRG-|M6J$
z<6e`}`D=(jNC#v7!{6W1`M)>tAMuC;`t`qdz;petov|N(ze?vH4)2NN>_3C}m#fA?
zSG4OY##6Q``{yPl(
zwZtD(?8o0f()sZ{pPc`v5r3)=|0f3i4#s}`{S}=b-*d_FFD8D!_&WsfT>B><6g~c6
z@aX)r4g9N!f2fcB_?}6QKb`p1^GE#s3!VQF1Ai0oFZSX8yMcca@vHL>JlD|qyMmiI
z|4*VHus=oP$79t`9N;Is)7Gb;xAFjpbS-bKIa(tQ~JUV_^AHJ
z-yhKV?=kSFJSJ)M^$(qYwShlK{A&Nl_t)$EpBwnc5`T?UBm7_I|JcBvL;Py{2btfj^Dm$M<*Y{G;GK6I}b>Li{sT
zawzNm9|3r-{f9FA`2Inif2n~#{&7jXrw{*Y2K?THe@(;d{(H%we>UmgM0m_!`2IXy
z|3l#hEzWk3Ew}b^WS6O
zzlr$$<}a%a{EfsPRQ!+cZ_@d{F!29C{C?xdrw0C%L!|%J@dMxAr1KvI&xvyFf8G;P
zali2+1Mpn?2Z=vLu^-?6qVwZ()*Syz;;$jRE1(L`XP$vShxp6rXpDb+e}~SG&lz+4
znNLcfU;cjFz~98!kMEz*`SCehj=wlY{+|u}?F>J@e?jLz!N7k9@elBLTk5KAIu7t$
z`zO*1fYtWL_aEr|w;K2xiQg}O<8zW6e;UJ&&rj?8_?#Z+|D&IhR{G`d!AU%R9O3=)
z=K#QS`VVFF$L9xi{ckkz7ZU$cwXvWKRd_zv8Thk_KZlOS{)5lI>HKlYy#3!2|FIsn
zX#VX6{#xP>D*X8Tn9h&)$#d;D@M#J3^Zzw~=ltKn_#f{-*ZIFS@SjTj$NAX*rGY>B
zP?^6~`-d|8vv=d|Uq<{c-crLVEA`~
z3v68bZzKNGJ=R9YAKoX(*h{y2u=|IEOj@{BaRpJqSCiuyUV
z7w^B3gzv8&3}sNk^EnCdod1H1{wFf}-)Z2_C;kEtTQvV|2L2r4&mlaS84F$Vs!82OJd@TW2SXE6K=4g4#KztH2o==d!&@DC+^
zcl^Tmoxt#~HSj0YOX9&k{0|%W7c=&s#qe)6@E;u`|K|q&l??wRhJU}k`S{Bxem#Dn
z3eRVn0e=zU{l?Eb4fxH3Kf%Km-Tt=$o{Rrl#{S8S{XJoVz~zr!*Gpo*{?`rg9Df7D
z{}+aTvVngf@%!bkvkm;s#Gga{!}!l(_-`}tFCl)v_`k`(pE)2p|4d`}KQ!>KjgkKy
z1OFt3e+I*!vJc<>EyV8^{{;s8PlWf2|HlmYaT{dAEu!{w1(@LZ)B>K1zqw?84jql{
zpU>ET$iBS&n~DD&4_kEqI}q?3e0|{epx)N;@7@@O(xAo@>7v
zM*j;K{mTvf3yJ?Y51Z6g-E^sezlq_W$MClr_@5;Hy)=jE_HQxpCk~YHlTCQ+Kcx)+
z=-#~l8=sd}UZNTcWlbGtB;Yy!PZ|^*zZWw64;lE!y&#FlYJ|G|_Zj%-5`Us%{{n`8
zyMh0@O_G0sX1~t=qk+FHL)xE1c=Z3p41d=Cy#ISPNT7?SYNF1+G6B!|zlq^r$ncjM
z_zQ{OFaN)4z^@~`-}z@hIKjdu((m8hLU_OV!vTQj>>oNfI{q$W?7!5&Km0}MaliS~
z0t0_G!(Yzuzi!|^hxq;M-)!K|Cw@16F#eV@{Ck6eod0Wy-|zfocffQ0Zy^341upVm
z$?#7x@b`X60{!N1lMMXHM?|-Oh~Zyl;6F7+{+kW_=?s4*!~dRve=+gv<0n+%`DCQ=
z?ROpF{rc}B1AYtP7kSvC=T8>_o@@V1vOkCL*#6fr_HP3`7k@KemcVxi?+V@iuK~~T
zuOfbR{&p?HpL+n$KXS8VJkBL1iMpzv$$;nhGmez;r_P_QXZT+-@Lxjwe&hf12L2r4
zSI2+6S3Z%Hhtm%6Ipjdz{_9?m`!Av6T%p^4AmBOsYv~6pT^?-z8yWr^4E(#kDjEI8
z|7#8W4aBdG|9@rpKQr)8cun&AjsG7R_#2Os?Vm%AL;G)L_zypb_y4QJ@7I4r27I4J
zN$fZNZZY7;65en8`4I42`)3>-oqum*>_5IQZ~raCKZ^Y43aG;K84h@kKS=!Q_;WkM
z|BQkE1LFUa7VtX%69)cj;%_2tvHkC0_)8Av?f>F+2|UANZFK%E0z7Ab{xQ=3s{MB{
z{C|P~K@;`)*N8VHF$_#12L8#!50^(hAD#b21HLdu{7AS!
z#o2!e;R`(M(f%I>c+UO?vOkCL*#7r3_P=i6|BU!ydDQdK?LRf0*MB?VclV&9^4_NsB-@I{1&>51o~<68{+HmQA-nHK~
z161&Q_5eKRzdF)iZNHBg{j&`GDep^~QV&~n`(+yV8;QS+@YsHzF#I(J{;P>!kAL0%
zI}H56<7N9nc#9A6f6DN0HSn(?{^^8wh0g!EfxnFSRsVm^@Q*x_Z~v4JBqIzjo{!Ey
z4Dek0S2OmvGW^#X_{S2z-~4Zxfxn)yzm4Jl+`xYe@gL){K05wBHt;tw_T#%k^!e}c
zLwNuHgZO)C{CfTz4tUQ0iJ8&k-`5QP3Il%&@vqkSp$gBZ+Q6Si{ObJY8-{l5Op}hUI#P2tM?+SR%{>8-Kr0{oT_%AZ>KliBw?oN1D=>6}X
z2K-xu&vAhyb^kRQ^q({)y8XH{`UhZvn2VpIKa+%|KKu^gIseTi{xZU2`~8XGKi|Or
z0P*|H|7IHaTZmts|Lwx?KVsm2gZQWW*#CC}e@a%g|C1R0Zo>`!|6CIL&Hv&7&-p)t
z_*MJyU1fUym}20cLHrYa?4M-d&tdG}gW+Fm;D3_%Aw76Ldi+0Z;4fqB-;?3r?O5Lb
z-w?mw_}LTiod0VW`}bz}&ol6MZINcL_E;Z1|Hw1&*Au@we(uBYZ#3}N5dVc5zn;II
zHSi~nmGPfLckX2K_d
z&(x3Zzq<_hcL}e@uNDr@&=Yw6Z(_v1X22(YCAEg`;rZzLzXW)${TDOspTV?$;b>m}
zEaLC)VVB3Mn`Qx?+^5D{j$dL`fnw?o_}R#1O6<+`>kKx1$fSXjg0=I82ufXAaeSb8uZuO?`H#l3&TH}
z;lJ3xzudsD`)@wrIs2VcWc;h~lg04AZQy@|_z&=jpEnHrDGdLK4F8~$c>lji{G&C8
z>-P5tJZFCf@vHN{lNkQh2L6<9rQv7!*ng{mzjj=Afdu!659Ys982%Om{~Y4?TR;26
zz~4dq>iXGuhW~I_AmieH>^7;l-~6M%fIo}ye&??<0MEAHsnUNLivO}1{U0~*Urqc&
z3GWI$ejYLK=P>+dF#Lg2c>ldX{C@e%0X%1aHSw$ccLKwIn1TOO;`f_>^fU0+F#KmR
z{0j{HDc?(v``KS&;IC)+Co%kY82E=0Kb+opK6?9qX28!UykGnuGLCQmrGy{kVVB3M
zn}P=X8p5ws4~DX?|7gH-@zX^9t0p|=pDB$0ZZhzX`#}Pi`S7nW@aLZ<`>)DBmEr%+
zz~4mte*O0=1AhnctNA0B;Xh?O-+swIO2hr)cP!vJ|EFh5`_=wCo#DUOz(0ui{rc~G
z1AivNpU3e3!@!?Q{JpgH*M?)~RRjMdhJO~rzyGPc|4WH~pbviv;5q-#W%vsi{wW6j
zJBfb}jbHD7_ZaYXgrDexUv1F8g3-T_(f=z0|1KSpcz2CoZ@=NE@&4~ac>Vlc#~%fF
z&i|`Of3^P=G5Rkz@J}ZG*EIcg|6gO^ZzTRE!ejosfZ_kxz<=1kC9pu_*X@7bz+ZE^
z?EmWgZyv*+p3VDzIq~c5r`x~CfWMpYeKmmg)wu}pT>G_?{`HFg<}>=gV&H%2X9*nW
zBy?1D^AL8S$qm{EHd>
za}4}H5WnC2Z--(s-8n(VJ89QuC=WB3KmRwW_)s7FR~Yzfi9bWJzk=ca-oU?#`2FIq-N4^W
z{A&DN#qg(3;QjwB@gJetucZU$Ai#6}?_l_sG5qBQ{%?riZ~k_vfj{}I==^&%!{2D&
z4~SI-$MMVmFB|yN8UAX9KLsXO=u>_D@krt?@bUj1fam<5N&M>geI3J}Yv8|y_;=U%
z_5S~q0skQ3{l@RL2K_5Y|9axb{IP=3zb7nkasGQFUPh{4`*j06=fB|D(eZO5!#~x)
z?{ty;e*Nbh1Ah*~|5t|p2?PHT#P2tLuQBkK5x+Wq-^}nQoz44yR)VzOZ~X27c+UT|
zlcfK1l=i=s;V(1re?a_@9z7qaRb@?O$i$Z(;m@FT+3M9NzzP
ziC@p(di=K-@R!GkKjd7Ve>vetd#sOM|2q)yT>Gb-6W#y*&e*@nz~2<3|2G);bBJH<
ze-API(
z{CoNMzruh&j_@!%dOmvll>?shUq0#Yj=wm5)ie6PW#GSo`1^R+qxY(
z@^51JUpDZk^pO01^ZyqN{4K<<=HC|?{ylPe|DR0!`uMNUKXMHC$%H@1@qTptxq#=|
z&zTaPzcw@aR~h&h6Tjd3)k_9^HR1inzvm75r!e}z#^|3sjrV_DjQXEtz;7bF-}&q5
zfam<5!RY@6qyIey{vU|nul-jW_=61pn+*R42L65N#bti&fADnP|NRN?*ZygM=lqw$
z=>ImO|3wD=(}};oxBJklNMvKFfxnF5{};o*#=w6u@%M^QiBg>Q{UHN?HN*cd!|%-C
z{a;P|V>G^a?fcIL{u<&}=il!${AU~Z-z5ISH9npH48SMAF`3$qCdU2`8U88*e|%5r
z>3%-^6$bux#{Q2O{!Iq{bm9m1dOn(&&ISX2+Fzpc_a_X0QXb#_%ZOjkUpjvez$bu)
zy8nj~zuNwvGW?Sa{7(|U-~97T1Ajha|K|+<9R~g;;veMkzVwy4X`=z(Z5J6o+3LYi
z*8A_X2K^V4{_6bm3r7DgGx_#AJ4XIr4g3uZ|5k>7oPocF_~G_m&qt4+69Lb~Px4e5
zzpDLTG5og}_`f24zwzTn1OFuASLbi-41c?Uf6rZIOJD7=KDzze4E%G6zlQKQfBu%?
zpFN9j|2v7_Z~R?rz&}cOz5na+`!L|S_Dji$&OhHX`uE7^_5Yao57PXn$4>z89DfGG
z|0Bac#=ze-Nm}aXzpD-Sy$J6Ye<6eZK}P?d82vvp@E=F~e)E@)4E#9^|8|D|paQ=A
zW)Z(%{!Rrv*M4OT|E~=Hd;|Yd;`htH7Z~`fi9e|HKU6f4zPov$&cOfA82KMH@Ha91
z@eF^$dA$GoCCm67>(hUJGw`S7b{9z1{se~qYy*EG@%zR98Gz^7KcDzrKV$yu%J4sE
z;J=>u{qpa<2L8pwU!$~tBEx^=`Mm!R+)eubKp+1P1UzSd`ZVc()&3p~|Fs7GF~qO0
zpXvGYGXwq{!t3h~dj8KZ$=Lo5c8U#%x~ymkj#r
z{@Z52zejk#_Wv62ocB*Ge!uvA+<-46yuN;``|lCJbN*{&^xuckzsFo&|78Y#J^liK
z=lEL~{{0yKvkd$X5dXef{OJ5E4EPra?>GKe8}xUkN9Vs(M*r^&{99t=|H{Ch!tkdt
z{4*}#+b^D8eB)>TRKRoXm%;EK$nd{q;7=p|UA6Yp<99$Yum3>8>+P@OZ!qA4g!h|2
zzhS_iP56O6`o98r&VND1e}^#s+h-nc{}sgVH-G5`c#c1Z;Xjn&|BHeD!5IB_vjP7M
z;r-@+HyHFUBmLF!a{#0N=LY_SUNTbr+J9gP@Bcjr?|1$EP{4EkuP6O8D1LDMIEc}I
zk%9j-;=jZv{w^}`w=?ZOnBo7(!2dGw!}Q$q(fi+f2L8ku(ew8s8U6!HdH)aDQ!@G8
z|F=Kjq1veRzii^KC+*SyM=|^}4g8bn#UXzEKi9yYoEJTQ9K-P6W8lAn_}%%p+X(vj
z*KWZ7jqtm>K$3d<4VusUzn1VYJ@R~Xe1E`m{!b_S%LtABKbEooQUiZ#ie&QRUtr*0
z#qb};@V{l?Uq<``Jl0EJsheIm@Tbg-ZvW#M{=+Zi{a;7?usrAa=8$vLD;D0AZ{vQqe
z`LksHQ2DbN{W{msPhwjbJm2E+fbfxm?K{qolX2L29)e*(k*
zqk;b&;`hs6BQNIt_ch`D;%|`wAJ<#@-!Fe%1bEK>$@#MV)%-Pyv45k1zmWL#^FMw3
zc-Fw5N&IU2pTqDEf(a^@Kd&PG!+iRGf53D0Ph#w!%;@twt)du`X!u#c)TLI6t
zUk79VWsLoA8~CRXzhC_AvxK+5i12>#*9-8R{>kS@&wrLM`sW$=?<9WT_%q<2j8Xr4
z01s+Kt-qu*`deBf7BJc{bv#XaX$Pb0MGGHB7XJ!sfyu$&A`7rM*kgkC9nV82E6XSN&~(w
zM*M3A{7Zy)?9(`I)U%qssK
z41fAE-u?jxOaJTRmmYsp4ET|R_nUuA0zBuxe9~X-KX)_w-(ujONBn;CkGBl?P>lM&
zZqR=*qyN2({;5^G|DPd#*M2t)_3`6o1O6?-`}N-&0MGeRs$JoevOhW}Xue^ZS7Pa62s=g9u6
z@;}1xe@p!O^)u%X>3@Cxrn$-a(!gIq{A&JK!|?BO4d4DFiGPshZ=Jsv;Gx>6`FkVr
ztMkXT41Xr^>+L_6`2E`dSOdRPB>k`Q*D?I(8TePm$e(B6&tUkUWcY6}@YfT+oX
zztO;-L;Py{Kh5xOB>s4{~4weMRE`gg>r|K|q%YZ(2XW%N&}mhr3WpPVlH
z&wiS|y8dGbug6~o;q~Kn{~r%{P%A3_+nM&?!02B<{JQ>`#NW$D|Emr9Pl{3hkU{^n
zxzYXSc}D-I4EoO{{@yIP-)7)%
z9o9wE*iV~4>HOWUmGP(1J4xdtK1~Zi9Ul*PP|L~GDyZq+Q*2pD2@v&vnbChg1OFg=
zSu%W99Uw&bpU%IRfj{#I$)Eif2}S-_82*6<{@3tji}3ju+~1~tbpAsP{MFTxf3af!
zYYhKz;?Gb?pj`8d)TzNyZsu#cY`mQ`c4Dk)7%3|>h|A5{5rmc@a?0$
z73lcYfCslYncl;kbn;)_P`LyB_cr4{v`6PgMAIHR7^QtJNO4K{Q5=5J*C*MWWNN5>BuJSfu{qOuBB3q;k9`9EJqdqUev0JNB%dW&PjWrU
z4IrPR@I@^>J&QTcn2KT!EckR4S1H_4ws{!HcVAb+9quONS;G6psjoj8&>N5DLV
z+Y&$qsEp?hxUCz=L@IYD*#qRCsN56eE>zwXWD=E=LEY7XDxVJW3@V=qasrhnf;@}LXM>zX
zhq#d#QXM$@@t@0P^otevsrt
zAZw}oFv&+iK1$^^Bp)NW7Ubhpt^@f5m7fIp6qTO_xsJ-ufP9w9^&r<%c>~DjsJxNn
z^CVvYxrxdRBwqyi5|v*DxtYqZkbIToYakn`{5r`uK>mZuZ<72c$hWBcHpwQE{{s0A
zmER@#9?18p`~k=hsoV_mBPxGP@)M9-sQf9(&q#g_vW3d6Aitn;8_2Cx{*vTZB)=xv
z4)Pl+e+%+EDsKb%J(YhT`6I~=kpHIgPauD$@^+BFQ2AGozfl<{E^+t=c^`k99%UDh
z_&f1f4uI@RhiTAo2HL
zvED;L_NVe;BnN;zoXP`94g#4$<-s72pz@I*hfw(_l1GC)hRQ=h;^`!E4JUalNc=rU
z+;$vD{B1-mA5St9r55f(%mmB$6kC#NUg8*az4llsa!^K0m+L%
zUQFdnKrW>6r6d=DTukN5KweJea*#`?ycFaWRK5~q1(ib}ucC4#$YoTn0(mu+uK`(2
zREVkatk|PLg+l
zyqn7RfUKeNy&&(S^8F+q0Qq++KM3+6D%XO1n97fUe3Z&-Kt4w0wIm-0Sx4n3NInVj
zDJnk=avhbQ0r@PI>p`xk@&=I4QF$ZD=Rv+e~z#evM=!
z$=5-?LFIpde3Q!m1o;+~-v-%4<$r;Ehsy7gd=KRNRQ`bEhaj7&{1M5IL4HEzEg(Oo
z@@F7Fr*aF)R+3+UY@_m4kY7^yE0SM>Y^U-!Ait&ZcOm$ls`pC-vBu<3QqjPq5qtB))?L%K?)3PLOU?#`kk{r!u}P<4;uX333-I
z?@AKi1(8hU-ALm5751PqzUyF5D&u8@C?>vM-en2HB6w_>6KomGODu{!~7UBtCauk(M06Chvf7jEt;;LZf_!_9OE*N@M*<2?`;u>Fo>Tze~_?8*L
zBYO(HN`|)``CU@#Pr=Z0qJFBZty^ScM2S$7TdUNyeB-2Zr#vT(zHBQlgat$EhJt~i
z$A-Xv&G^gK;l`iP{PDr6rE}qnTb=t=w{B@R9#pkL9{ZMZxY$9;RxZVg%j*N7rDLE_
zDgK9#4J{2~CFSc-IHkt|*J#|}x~*!3_(}>zY2Z<_Qq)zs0{KG8QU>M5U{x>yifDZ>
z^g=N7nsAZSrMx9Bw81@&+CggNX^I7H#bK{Y%cEPv>$XUPM1ZQoN;7(mjsRs#UbYci
zj~WvKI4#rx;oBYzO>7B<#y3}FZBJU8wY|JOZb^N~0T4v6N5(7KmDLhThX2jM%89T&
zxotl@pb|I99qqxYZ14>n5K69oQN#;SBtswRfUQ6ztAbr<1%?y18xMUUGcgVhs}3KB
zRiK_&4YF764jgo(Q$0mFk|BhCm)tq0hl{B}+n)g@K^G})R3pCwx_xCs?cZ6h~jZ53S~jtW*n7Xt5APHcqk2;L0GJYaV(&)OO%H%pJTyUw5_)XgHc}>AyD_h9!#$??Ux+fmWr;C={3w5)cYUm
zTfQ*}9WWf*=*gkr$%bezg1O`;UoS2PFP0>$`h}ir3q183d^{T=^3+j5h7qVV6jV~%
zR%irmTd!+XH4&=7(J1V72;^oM%9@?hU13jH=eBGhemiVICE%*Yza6YBh5QjYN6anA)%?c
zhSJ@khUVZVggdf}r*o9hc9^!}P+)4rZ)$Gy&o{|nO@}A{MZB-}VYenVQ$~*b<9Nf`
zjfd=vS-NY|TA2ETz6~bbxnXEz}SXq5E>8${kKK-jl`=b(3-+ASH3Yt?dd=!TQXcZ
zG^z*(7@@#j)YmassH}}U60PjVCVeIy6(xWvu9W&ck=|Kk1wCq7#F+^r73hU^jLTl7g
z6>@qVUyY#=8Du>Z=ede~>ipMZcVzGgkIuF;ZW)u8ZNxV7^k&FUEoUxh|v0^wI@JY+}^#R;)Fz)?i~yx_wgYy
zbX4_Rfyt;cJF)!ZF5O?!>vyw?%=%)s2Ngo&4FEDo#v&jgc3`fanYg|sUQ{Z!%duh5
zH^2P`;~*Ui>I6ga?l%bKy|Ii_NKq+F*HGIHZM!I&rJAAF%RlOZv&Hg{w|9RDri*xl
zLfOICVaiuh=~SqpgQ!Qum8zZUw(mrzig?-M1w2ClKYPYLJUc;^VED&m8=k(fIac_R
zt3?~RGaxH88O{Wx=S%kl&L(I(5RKrCVH=XJt8bexHp=FJu|@8}wt;zm)kOHiaVM-|
zr32>*;9|he-1b
zhN2aO0WH#iW@*6k`nJc8u9!@Ocg5=;)5&Q!7;9JX3x6iXYY!w|<+HoYjtv!&w;S
zM87-(i+w7z-F1{qqOyyAvK7ZHkvF|Iq=`7hT!QN>s18?WOYpF)cD26i+4{m!3kr&e
zV=HS8D~Qvo$hQx0`*2w?1QCp^d}M^J2fNMIv)1Cot|Qc5A<_YP9y^Sy5jr4g?Zj;r
z7+7wEjG8E?Z9@TE2jrf$geJL`Kr0Y+a!9FzuieW({|Lh50tUHC#|i=
zu6xb*z+B$ZHK}T&C%g*Fxw_Pf
z_e#Ph_$o%wTr2}a_wr_39Xmtr%J6K3(GmFJJhuU|cs+Q01$ex2Vm%zxAY
zsW`?;TV9F-TdLdgWR1zVU7i;xrna5v$sF=faBXDPEKn(JecYU|n$HOmnVAf;)TAZ<
z0u!H2gMV&D3U2BmI!o2)#8G%NjB`@x`SDA)lIXogQ|L?
z`Qixh9@dEqKkk;WvE^AC+MzEm|O3K*ABx
z(=0N_#Aac0#31}i?FYR!l(k*LMS}`l3r=Zay+Y(0oYHo$gvIgZI7kxBAjF&$7Mcl>eM-c7$H%DpAw6}g!==BrgFw}GK@*`6dvPFY
z3y4)KWt7Jj4RV=SuIf^P#a6^jh`ILA4WY(RRzvy12B&0KXx#N3eZVuVcr!2@rDo(S
z@ybIClPRH7D-Ld0K~P*@sKuCu8SE|ft+%r~uB&gYpdB!{Ll?-Z1?kL88niy?#`@Mm
z+LyEzeGa-iLvb43Iw4${$VfeLr_4^JX_0bC4>7H7#fK=RcKA9u*bmxepr9avb!<2P
z!&;}z|DR#H$4c?Q$nX(9uo({A2+?1N2SO2gL%k9XIP-7Biv*S9o1uax&)oUV@`Z0Y
z3rIPfcj9+<+J6ajz{;$R@^qsJwWQpHJzT80fKre)WtKhkxlmImYjgR+%}z;TW!C2P
zEq&TBKf^J}VQe@^BZEv5j1kPl6Z$otw)d8o9>bZ}v+k|MF!tSc#d5d?6`3Vy$F{?<
z9WfrO*Bg7ZyCE(|EjN^hWi>)Ppc7m14t;bEbp>(8a6fE|CCK40r}frw7@?EF*CNQ5
z*S9V)?Kq!yU~nS@gMDVw!1YNt*NdsHC}(YG9Zko10v;+pEL?F^!0&^mc)J?_egZw^
zjtmrhq&Gkm-Tz4pk-ixYyc`a!oY(+CHf)3I$>qR;QzRJbO>qwAh;4JFCgG@+Ylp&b
z6vx3~&z1ItqhMQd_~3BdMlxSN(SngU9<|frxE*MXv59Mc%H?x@wGYE-M8ZyAY?GI)
zA;gx}m(scUh@iWmm_ene_N@{Z)vH$E1$XfA^B-X=GuO1owjGbtF>(DX))lt41PPHT
zNY3`c7pTLt4CwnA;n6-c5oUCeTP@@@S21S;kC9bpLkqyHM>TYe+yqvJNBnTI#)zwe
zRl7|sEzKf?A<;UxjQ57TWCJ-jS>*p<uro^0Z2TUysuwH1RXEvM3nN+9V<
ze8wh*j1jDoUUvh%YK3SSYCw0b++FVV9NUVw>O-sHLN56w^Y>IYPOT0jN3IalMA#kL
zw8*La5Xil^WXPK)LYsn>k5QC~J2c3o(Cfhv#8cQJ^=6J%dK4ja(|W4k0f%!3%nT;Y+2C5!ia&=8#Oe~Z`!%X1v$56u
zZjFibJ>f~$Yuxg;?*Xc#l?&Jw6hdXvL0y{n*c;I;2)#1uJdL6tIv-#T#r_D_PtcU;
z4u)I9Lo#%*zr(??bTCS5q_?~WW@lgVpv>vC&Xhr-HpU;!xJ``Yt^&`%*}kyn{$*?OYfcWSlU7u+y5UABs;Yj{p5
zla_o1Hn(npf01~$4A=ibKzB^V{-R#HvhG6<{&(y{v;O0K2p1J8a$z9FKJ***AxHM1
zM^60X`%v)zI+5ip(;akoxZ7%-2Uvi^Sw^~b>I*8Ab#4#&@b9=Nk2_9DB8{m;ytj#N4Y^pU=vufa_(=t=p6KRi-l
zl~G(6p4S6zcpFgPiZ98436Hom`)$(X^UOg#eb&y*HUN
zYlmW8MxIVa_FB(`Rzee6oJ~|Z(E9!BTOR^gWaa>CFl87lu;T{Y5!w)Z{R_OX(0v1L
z-SBPFr24i+bUe!x4U|X>vOPH)LId7wOpKnjd*{Q2y}El#P*9~UHhhbamz#ad)9`wogVV)#mAi(
z@?n3=yB#v|8e6Dzjkb7EnYBh-M8MY@#E@e~Jq@mdtOCpSH1xvCS6}tJ>#B=(bxTQ0
z?k0>_W)6s(*kM`UfopkqM}TY%c}-(PLTN@2uSZo*1cvY``Y3#(5-eZA4)0>slKRqd
z$S!K`S_)5`crH3Ydy88V<^FE$e!K!F_CsCW@C{CIk@6|{?_@36lC&fN7aqk0GMUC(
z@f}5~y@0~2@{*xTX&=%+U+icc29F}vm!^ad4V0+FJp^&<4N$q@Ze12Tje0(~IwqPy
zVH$i%u4avoir;}}q>8Ojvcol<(1jU
zY$$x4RhcV6M@a(~xTYnwfbXy@u6~CLFA%xz?F5j6@Zq=c@sL&E(w%#&0k)Ir$-jsm
zF^@_>27yO&BDieUwPdpTwcF0Wil(kEw{$J3^V0EVvM{*9E?NjI)1^(+XnxmBM`H>BO=eOn<6g_T2_xd+y;$;M|vYq>>y`Vu0T_um6PFUrP&Dw8NF%+?ow+AEp?Qt
zBS}9PS}LlpS|NozEK(_SNO<_4wz?@E9+wr|%5!FLoStD*bX?V>t0TOzcWFJFfnodr8L
zu~v$^FQDac?1_YrcMh}@2N?9NyTbk7c6@cD
zy>_U;$Y;%}MA}yOyCXql@CwN>ipH=idIv=Kya+gCje1qkf8l-vp>5k9pd=1E?r;&5
zy+dI^qwQv$}PwgJU=7HjyBd
zBa~E1?F3q0uUv|@xG;2)Fb-lGlj#%KAKjf~A)W(qBc>RIiLa9pQyZ*l#FSgz-V*zW
z>A~TMi9?Y4Bv&URrf5eoVu~8vAzSVFY1pSLX)ISqOhS05#Vy}*bgjHqjJ}$m-6?=;
z;{U|)6Z?QZex^tDi(qI))BmFGfwlw>6TKv=cYy8x*E=A2{9o?~UbYc?g4#ROyIeyP
z--DMi!EOKV!4T7|O!)8#7x@foa9CDHDZas^u`NN2L-3HVa>f9gS|Y0{?y8Rav^tIa
z!?L!)GZ5MxtR0c{1h|7$PLWq&ii#eitsi1%qBE4k?tV51Q|D`j*ZgPq9zwJB_13)>`huBGjnGpn+c-E>pGQ7j%RQO68albz7
z4nNZki<kNX4BO$=H-&YA&^O`}p>O1?c)t|5#-p$4
zoiMsya{j5z#UlE+{TbXxO3QhIgsAxf=dkTcUhveB88!*-s>g&g4j$wR%7=|$!hsJD
zhn*2=R7^Szog|&`l`haSLuXKv2)!>&X$W{|s%J7(4>#{Ggt)*LO_esEgm0*$c@Q*E
z^nJo=rgNW21aly=LhypH(D>*l6P345i3WtDh(I)8@sbmC%2tG~k#=iQPKqS819Mb|7K_H8lmVu;-eERJR
zGWhVy3)BwXmta~>QP$t(Dg9&OEFiQ3hZ;51<%1u%Q#s*tzy1*?d~V%v!k6lv-^hh-
zr3G8x5@$bhl^%*t*iP^IdazO$Bs}k~-#;ctQ(E;?n;_^OqOXEf2fYjBJ7rNL0|#}t
zc_NE{m_(v8h14j#n61WKhMK9=rqi=j2vaIV9}Ig+b~GlYFbBqC8IY_Dl`e;HtWY`R
z!?i0hHehL-QouQQonqp0?3C(CMlAuSMJA
zPEWtDP!1MV((X{!1C?3JLs>PISr5QlPKRaH%saOdk{R^>NbQwbHC5U0aCFwn$Ts&RsD7(fNW{#0Wj+
zu!#@1Dv8hi`bQ)_w{A#$nL#=|kT2#5f6Gi1G3V}d-yT92J7jNY-47Qky!i?$z}l6I
z`r@6WbloyMu5yRT#8c&7Q53mT=^{+U8X`@kxd=!2ijr0pzDf07(X%Q0x}Do|!PJc(
z7zL}?9XMkQYdcqPd&WU}8qM{OqL=r%kX_#;Rm|u
z=C>>uc(_|P!Xu2BHNik6dm7wxq2A-7yh&n2K-=fOIgPMzBN)8sq$C&qC0%m|s08;o
zl=LX?h%Xu5iqC0-${pAVp2X(@@Mi1au*OSMXe-|2ycjktqzjgX@-~$`Z8yFG?R4BG
z@9&ehPZu9STN2&-TJiM_#k~nDeRK~*BTilGV0d)ec9GS0trjve`wM4GuTAF&oA9Mx
zVVjO@#XES20&mO3ms$(^LL0;@G~l%p7aEKq4`Zrs5jm_RqpYW_-yv!RWh_E^=U#X9;8%l>;_3%|q?iFe1*J&cp!Pz0aPZR2jOol?6DshWE
zE%ZD*uD(;pb6$uGt;$Q%X{SnG8xfflN5~`RUY+j+O_-50ylfKAc{sORiJ3XH
zE+5C3&|^6uG@k_F!C(P7WQ>pa`?4t?tzf`qgNEvwMWWL|J`&-7Wq;cx4_hnO_^yBxnkP0
zDYGvY)g0;0p4_aaxInz#I89c8Pu_WOZf+GLjM^+>fny3R?<(0!CK{RW-S>VgyJ3`w
zC<(>Bc=c54u$~o0E)}_Ve0#10SZRqp$~7OB^MwKM8V^V*|8bqmFtI?u*Fxv7!Bu2f
zu3tGWG#;G-jhs~x<#EU`uI}C}0dP}_S!Ld}(!8tMysN^r3)gWf$Jc`Ppk_EngNwr+
z*P459TmNu=jvOTM?ugywTI@Exx(b71N)3dOcT9mh5GFB0OXX5Ah`0^}{|2>9l@lxE
zOD#dqrC5c_4Hhp3wJL(gW>qIG!QZCEZ#W4$H)*MOe6>8Q0w+RZ+rgy+;Dw<85Ng0R
zOu;LMm{DSu?A9wzRW>cX1gO9YQ7KZC;3F@hszH|yb&JCm9bUNtj|?@gZ;p>^jH?gf
z$|W9_^h|wRV|hzPNYoTWUD_TER^EzZr^G-bsEdwb-7Ip|URg%N8ifjY$A1OP_~7@g
zCJI%ic;`8|FwrVjPrPnLA07%Fsu8uTQY=?OqP124U2hHU#9NpoTyF`(T1yn{z|tOa
z<5b!R4Ye|CLf?pcaQWjnbg_&gd|{S!(;MWbVAax#)dsJs5?|4p%F>nKKIldil2!0)
zUBYAG!9{-M{pmq^I9l(66S7GB*M|wXnOAtPvX&9iN!jS3Q06&W*9+eVj@?ID*Th^J
zguDdZE^@tXOepK==v>qgQ5a?=RpMowpk~-BaAJlp91Lp?lcUPazQeMfhP6;}8KV*g
z5bu6*vLN#?udnt?J7Of1XAa8!dSF5(>;e6}FEN$#HqZx``ypMr4I0Ap7teQTP8Dod
z%}H8vCq|>#?4~F2Qfhc7eqT6iFAYL9EpD~q0in`;VN-i$b{g)9)Ft+@dr-NyL1Guy
z8D9$T`;62HbH8@^J?v#+jiOTPU<_l#_{|ZsT^~UYhlD-e^P*;&Me76DJX{^ZtFy%}=~Y}&@wQY6ywyLd
z#x&{ii8qF;3WE~d6tuy6r6AL7C$$Uy{#Y*WJeChp
zJtRD*2l4L@)iXK`RlH#xS6Mqk3%5ZZ|2C=r_-(L`nAIUxS?y5F>L}Juz&i&X
zflCaqEZ9vvt>3mM`>1~B^+JQRLvm@s8peZSu1>vh1O8Bek5U5bHRnj-?j2GKhY&Ow
zC;6d;+e4)t@Cyuar9&=T*n!iE(!-vCmWHmVjDOzW<5Bj&NrPM6GYEbb&j?y>f_9qn
zoLH?FM7U<<{YfD2;tAM?X{tSXD`aU@#`?1uG*|?GVwyx~+=ib;;y?V8+uKK*_7}`a
zJ9%EwoZ-XI$}KF-8$NtS>DA59&XOVQ*o=F#Nm=7^hFs(2T17F5_CpL}CEuNJ(ujHgTC22*a@HaCJi^aKf
zX5~4wZz8*MMo}qpM1g=y=w?s|>KfRIIxeR|Dd>#~DSN#dDLXpT2M_C1AyAh0!_h;?
zO?xR3-8==-=7B9bNmsFrLetCH33Ur2-Pqu$S_7v|*_
zd;0kFqSa#0a^WY?Xg;K8uMUJz%p5*EqVJ&&>3H06X>;-}
zJQFGxcIkS$+4I~f=?d7SMf5nR;0qwh6rislvk93tJ$DY~uW5Op!mQkqg89*QD|m%p
zWNot&U`Z!-MD&mi)QL9H^?+B43g_pYkq5JgygAdMl@&FLrk$5Jy~J%2)}K-M^Ya!A
zNXwfu!?K>4;K6hkI{>C5rN%1KV5%~ww6M@euh~WO^Ty}Ro|fkgOU)+Tue0(>B|~`3C)VPaG&}~U>#j9$(gVlJi?QOYIFzie
zxzKfNSmaSLigxb0h({-Pzvpa1Xi#1c=e@Mbf*O_Ar)l34J>ThAwsv7
z59y!Zev3;wKk#y#b75d@oU1iK7BRCs*!G>>tQ-GW!UyT0UrbT;PLv
z=Z?6*3-QjY2;35vdSe%7S$yEPc;~M8>*2HvRNC#wxGcxn93R-2;9S$?O}Vkx@qv}`
z&cxJT;+%znPve~1NRvTVgRTMR{kXv00jD`Wuqog?*(J~taK7j=#c`SvQg83-EDi)h
zU7gzl_>(M9|H+Gy`i8jFmIUXSxIklq^DSt(S*Ry0cS~|R;#U5)b@I$w$-Axt0J|%D{6Z#;QWBKElWsU-ql%?
z5ZE4Ymb$eKy#`geD=xJ0q0)g9xxg97pGnyaBhkV{G8yd!{ec=tqC{}!0}%OoD~Uye+Ha~
z==go*@y|i)#|1#OpW*^rx;P(_Qay@`mWoyqD)y1bHpkXarC
z&7){gnW9ouk}1lNR63(!bRo~GG|KW442$%$Z&~V;u(f5_eb@K?UCo^YBsM)9NM0i%elzk`$JTwDCz$?B
zuI$;e=t~;&U1`~c>qTdmm8~g@E-zyT{-A6(QA#^2+BU{0RkmL=Np(wF3w++MY)o{r
zrpcHzw#}tERL9|7lFZZ*{W80Wsn;7ayZ3#?m@iG)w+4M5-_f7>Pw?^hep25x#>~l;
zU6YIM&fs-B0N3=>_-vRG-#w=x@Uvu_mr-F#)vEHmGi;Pq-Blr@{SUUUh2
zgd>vIn7m(d+rM3ER+h9yKQC+cGD{xNM4#|ZE!qCvQu7&kcb7GLtt|SeIPct&?bnhm
zosnlh8iP#4hJ8jy5vpTq&V0s#T#_rFn~UxWN(>&I2*1^5Cp_XW=C+)9I#>R3F8Uy$
z{W5z4Q+q_&!R8E8cD9M;giaw=2SeK>#-N|#?TF7OsK{+zcAUAul+QNNZ3!azR{&fC+UoJ6
z`Hb1Bm8G27gN2Tp{e$`W*XHlvg{M|6{&oRWd8>cL61T$uw+!5~N5gp!X}McP1UIgb
zyaM-4v8LkfBis~R=bx76riP*x$=d~z^^42&clqK!_4T^@a^0E#sZIZj#;DI*9n&c>U$+TwDB?QAKHT*ZKd7J`ilDY>L3&fx2cW!G)08Q~dq+01}C@{>jX8705gX56o-{yB|?
zH;*I!#&D|9&`zfQS&c@t{~_%+i6azgJ3;eysLUR++X40LtKp9)q79^etKQ`ww67wW
z7DtmYah3jBAxvkGqBL$tMmCf-XEjILaggj+h1gV
ztL*9kE^-ykF73qgZ@liDOI~n^44X?e)!1M6I)){%57&I|*4FUSwpBe9pC
zxOIgjJZJ9=_|g?2d3Q!ZKJ+-`WSOh-zO`FBkvb44REqvj5{nx+t
z9au)IZNJt5U7IgDIyfD_<$5Rd>kQjXf_kd9RF+#UUR|lB{?>Jr`NK>3TU$gYOjye@
zBa(J0G(q%?bFoyEMWSy~K+%4SJu>9SPG71&&Kiy)ztJ4mlCmQ?hHlpk8lf-e+
z1Qu}U-HpQNiM>by9*n`6GNRAQh=DU6^21M8cb2Z@ugtk<2*)h)@`&uT6&gmHmCf~&
zHH|~7Td;b$Ok4c3>aKdd|8=!+@mgvjaT`bPFa}s%O|e9%_G3`jMSdZglSaWs{Vb|p
zmn-L_)!W<)uIn)%AA{=WMVG5m-_GXRF!b)Ap`eJn7V?{Dc@
zZpD&nk?fgC^Gjd#?uI-Tq5@MFf3ml}*u@{*$`K*Bvg6|rycp9WqRx}9px1>Fm(|aZ@+LH2#k}hFBS84jdo?p=(#Dy?Fy|f=d|p_!`hu%@
zNxR}O1V<*tmp2cF57mHC_-r7rO7&H4%ed7APs?y*=jFvN)=k=QSGEUYQ<6OB&vW^J
zQILeMsmt0vE4N{r@|G5=k?SYrJfT;1$pcvWUEgTuXAOF0OLzu#n|{DZy@KShw*_BW
z6)=xpNma$VK7e#gYm|*%Se9f#$HN2u@)f<98-{$Ya?_2opQ!!5c1pRXs?utn6jo@pQv^#h0pizfaxRzi#U^%aH
zMY3F#Nw|4QPw${B;zQS>g7u`E6J36YJLr6Yh*?<1gvY$#q-uCBSC&$IipSZ+r(uUF
z_G4e2;Mo;$&T<*RaX&8XFEVKCvJ_Q=p$C+pYvWb0T%>PXJZ@&|8G}{&&04JE-@1ly
z-SX~%hgVwjU3B?Y&
z*>+u6UW~LecWd;!%G}7;4Bf5`6=%K3-4+f&mAM&8FCX-pH!OqHm|pKT)!M`LZl|;?
z7qXCXs^Bz!4d0DiESBmzq!ava9w(BTustRigR*1Jx?c-gr~H3YwgTT2u0Q|dc9#DG
z+ZpXG7`HRi3$hDmg+HN0ZU5jBiNSt`ENGo!XXI*o6-yY5OR3hV(nZIe-+R558MAfm
z{G0ER9Et&A9x4y3tGzA@Rk~{q-7EeGcL%yL1S2?y>Uk1{mvt6CO5_Vu5R&~E)epDR
zaAhYiW$+6}NMlN%G*;)SX<<2%F<9cthOg=MTDXp1#%naZh=VT-d2G1^&&fTvBBwc~
z?p-|HPhMvz9>D_rD5bc86EE%Thtj%P2BWNmY?g%YCZ`Qk`z>UP3W}4Fj35b9IoXAG
zW)`kIVy$9-e1=j`{e{%#>8#lc+RV&t|D5TiCTU;(<<35FVqm
z))rF@myboK$HXE>l|f0plwQ{s8K2RM8wC@xorW|xSg2V>{DSp7>TnfH5p?bF`oIo^
zT*(%=gv+OFfV03GY);i)d#*KWTZ^gdoTO$~i{Ytjgu)eVYT3#K8T!6!fgGlmAPGZN
zCftBxG1U<>3%QbCMVDe#*;ZL{=8tn^VhK&T2rcT+-?6H#_No9C^m}G27r$)_BjJbC
z)d9v2^^3-FG3dCjPol(ud+9ar#A0#W?7J>C)*y~yYm@7yK!pYskX*D{(y?0jyJ`9g
ze68&U{;SHayOX}hR&^-g%V5>4u*xz~4@`vfQD)Gbg`AY8%#UhMt1bHyhF=DFeggA~
zU={-%9P0G7KA8RLrb+$guY3Sut&Au~YlwznttKiblW~wqzxkgWhsW?N$YsDn7|M1J
zQXv`XzJ`HwD8?Aaej-dzyP@*XPEi27$tSEpjotYsjPfE}jipO={}9HwbQ~4c
z)Ek}(CDGFgufg@F&f#!hMo6Y!$Aa(acqD#CS{wsoL!nl*K;Km2n-?1aOz^aoPok>U
zIvu$Q0uldY+9(_~i~NSn)G14&NyFgpWyk_G>Y6y)FiZ{Gur6%)W+(8Zr3HNaeivT7
z7HUAsHPXT|Ugy#v6{_~t%b_%!-I}6)SICf&y5MG*hRX|QDpwp#0yS)p!Jb0b)8|3i
z++yqNa3Lz4hkMY173WsG+0IwL$(yi3L|=P49DOFBBk1I*+!BDWs=OFjo;IvH>uVA^m
z7SCMBa!Gf?QnVWHO^~t|dT(zX(pjN__lnkH?P9?px%_7
zzHl%{=XUMwaai|VFg&vRXK(T(v%Ic8dWBO(_N8x}@25^#6v;j0B|f9A`Yq(%7`gN0
zn}V)Z<~x!sPl7&`o&=`%dlwY~pY+eyzL%fnGIhQy2_f8H$5PG+Z3Y*Wa+$t7RlI5k
z%wFlW&{|hJZY}A@Q!XH79Q7jyh5?MD@_0Plog{N;RXg`SnjD$b`mEi^Acv?;RdYo5NDAhp~%i?
z+ym5ANV=*pWUQ?>NX?*D0-w89BlV?*KOj?2GUX(_$+jY`UEYtH!AoZzEViw2Yhxf~
zOPsWa)H@WiE)<foK=ltaTdq+mEAT<;f3nBgIqwu=t<(V8){^yP~jB#Y94UL`t
z|9A&N$E$NIo{|abPad%H|J4K5@5}H%9mG5WN
zWIj(#{RLNz=%e-x>8oeR`?&FqBMH8>3|8^Q?{5V0T)DR~9M%2Kqir!fNj>B0aL|m;
z2hI3czO8J+d7r!)@3^!h@65HKHhdgdnMYC{wHoUvVaiKr1O_tz_bx}50
zt#=y$B`f2=;{NTPU}%k3vs*omUmHXitODN_dV0u}3)?`GguNNeSr)7axmmyaM16QTKaxvo(V6R`|e$vv_7BF~@(!
zPCxhxmouwnTSEGoKHXNE)LGcx{wM7J^IgLEkZq=|FSq?+`&5CYw&51nZl1mci;_zjgM=@^(a
z*whoga&s1ve!{nHae4o#t7{+I6A?tV%w^di1dAkvOXPIJ2Z
zC((R^WD#aEEa+<6mQwaL^syrcoSrm#XZ;s8+)=X6qYCDDcTaV
zqn_L`0*W71uP
zr6R`*IJOEWB=Ho~p-tT_tV6cpL!sa@DEO_rS{C=agLk6l^O>|g<%8Y~zf3>d3ZKE2
zJ}YSH)BD|V>XbVo+3+ymwTqQpruuJaIP+Kj6-}J?V;2R!7QrE)!d|Bzy-J_53W-=p
zG_&_~xsi2gI4Q6na`VX)Rqh(5Y_5S0r#
z5DO+E*KvbRi=lEYZvt)VeXe~SHENsdR{d7#3v%rK7^;-}1&Sw`78@(&J%Q^wJR(c2
zyvKC6os552H53eVtal7Qx`z*wEC!2eCfVw*VuC^2|4jAbN1OUVJ$WRYOV`wuOA+V(
z-*q;tq+qiCFS^dg51|)*|47oSI2*MMTMb4FcGcy+ng7{Wv1=PCi}h=_U|s8#THDN(
z+B%LMwgCq>{tNvR_74}~So~-{=^u^$uU~MQ%|6rpKP&!}=@;(WijC|4qD{$4du<&s
zy>AF(#=1m+*WRCGtijN;IEnrSuOKPtSFYBAsoo7+$?PlhHyQ59Xw3KRu*Af}I7Q-+
z$;c>jZm^Lx+A3aEt!1g8>kbk5leXzpcPaBbrjvqUcbzu%IFGAeRyl8n&4gp<)G4c@
zqOW1$+9W#}hA(fBOIJjMk``F}n$;~|T;&GU=1dG4Mbh9t}UyH=&b!2`NF=f@0!7i)Rz%giGy(wh+?~oKJGID!+rIEQQgg6Lmp6E
zxk-u?$giBOKU`j9CAyYc{>|MpysDppdRuFyTh|xvmB+P15HoN^*6LoT*g>+l(y#Ja
zg}Ay~f+n!Uc~OHcOWjxZvP_pD3xG=mlqtQRlH;pxrt~eIMe%zagLdSL=$NegEzuiM
zv8g?uu!(UNRQNXimQLbB{;8@@`IVRdi}c2bi*DoD(q&EYXGK#!i~~*S=eY`V6)%9N
z@d@M=w!E#fEiaY5Z+R(}^*@$2;UEs>mR?fN&RqXCX1d0rO
zj<$~TVNk_R+5gw`8QU=m7%ceFjyYs6%M6SC7k1Tuf9_7-rhe5iLn4d5n(>R?nP>x}
zKj{aG|BK@eNzBZ85#0f^5bX-1Qr4kSUC(x(zb#L_>+;mqg9Q0MW^$WdExMt
zs+ody6|8NI27^uVa*GaY#zj?YDR(e_6|BO7l2qGEO8ol}vc058t!EaXoOWOwD`)EC
zp^?A#%L|!S;-a%{IllOLGBt1G4UK=$?iV*P%YY(FA>Yo?%uxy*`I0{CTVha$&f;O9
zFNDSO(YWVf#W5Evj?2Okav7e`k-dhtr_Ag(*Udbf(B*c3&tTBGhcm=ogRzo~rGm40Aq!buXd&2)KUn%!DZeUP?MdV5JHw!g6Uc>mC?@@o49n=d*$
zDM}@ygfBm@g^S)!ENpl_rLYQC`%)D2T;wY6FUj`TKRKG7^pb)e@}JLYuH&%*Soa3^
zRHaY)bw*P4k}h4?d9rZbt4~-h@s;fM!{%>1c)cCOOND4bY>`e&`Sg)%jY8!UngU0%e=<^#7D
zNiJ84T>CD3`lyZg-z2RlGk^@|)k{!Jr`9iVcr{pL;1J`ogU7jh;n~T8tsJvBx@Cvv
zWGKuSgjv>)I2_Ru+vF+dLTjpAwK};(wIF^(OMKuYf|Mc=5y`v*?2!N=+5^K`CvU>i
zBpc(gxRPtxaJmR!T;`gkfk6dBU(wLf+5|F_(VshACH*9si!fic6(9Uz^Hp0cMK#`(
zzNyG&=Pf8U-b?F9-^pI)TETzoP7`gDa>-n<4#3avY^4ixR;8avHO}?B*TTQn3kv3q
z^az735z^d!*DDwY0L%I}^$v`6Sos#*8D{t4?;f~Oxp24(JAL-HBZEVzWA2(wf
z&;RLo(o{wVH;&6%&^corBYvsk`Bfpy?I(Lzc#nqHVFj$>ZU1*QbzO!-)HghgsF@7}
zNna29-(G43+YQ8Rbnnl;YH^ch%6WcFaN~H|;nw`5g~7?4K$R&AS1!xeIrM;Hu0neY
zciv=FNvFxq5tDw`9Kj3nKlEQ=8>>(KFc}T8N>AFdaS@aFw1~^eeT1WQ(tv-1rT<-a
z4Blek(ML?^+-cAehm0NFZ{oxwCiYva)t297k7FiG8hiMdUzJe)R{bWA9&_ZRu}4hE
zYQOC#6O~Gi`TMzB+kPox!vp5%Ne4w+M+=_g&)JjEqMqs9a-#@o_}8>@m-wd*qo^6b
zgAzLIadp34pMJTbKU?ul9o|<
zT{)$qqxpyb7UK|YxxaqJ?=AVKa{o?SzXaWrYLxDT)XJMGzDDXcglb18RaM?vqX85i
z!|#>1t^YQ(>*w3oXS&rftjiwMk!R9_OpYqYY}^7L4B}4mPc6Ek-tGkT%Z+tO&tGbo
zVU-r^t{TLTM*7J(a{qEgx23*UV7_PON)L+}eJNJ?fWR#DJ%DLQZZ+MZ=p!C|6=`o0
zrG8t4;oWv*5tO<_sHFUiqZGbYMQY?Lf;K{G3nF5qSfTLi0`~yaCk?Caw*?+mYNCAs
zA4p1IWdCxT4=DLl56YaPe>=rcj?Me1V?QNbqSqnr`^bzmQ*a5L!N
zASh`=CH)9OToM*hNi9Xw&=yUAnLHVFBxScoQ{lt*@_A!bQCeZ5J|OgWYAoDb;c~zu
z0UbhE+@R9k6=s1?1vJaSQWDcUv9y;GuLt3QG>NjxRFwk~m9K*NK_T0kw!0EpLqCC3
zqtu$F%6drY_Ek<>VCD$4U%}MPN*Jw#0o4-5D`A``h`mw=s^JtR%=85L#6Pyh9?^P5mC4oD&L0+%)b3mO_NRO(-raP2m?gC?>V?{d&
zw$NfPBK=K=>42)ji!9*_fIoPGSgeE>ETL+>C~AcxDUudm24|(dWvSbMwp$UZ_(`ds
zS?a-{omvewH1lW6zXaS{Jf9U)U`1t4db)WGw3pM=z}Af{>tir}@+_$dHpVdTww78K
zdYj;|BOfbO3$ueIbOpGBC*0T}t!5|7+6RoWo<&cGneA*@r+{(3XEn&MF0icY!I$Y&rmhv7SU%S<==@l1@Jrgc*)x@ji-6H@^i6}&v<#o_Xy-a0QQNOZ%N}SM|GNu>CC9b`ze_mQ-uMb0S+m<9b86syFMWwq-1hT
zPyE?|WU)+@9Udqf4s0}WnTZuYHjtkJY-&dS6vd_FR|2~(gP#@P4+DE5gU<@|zYXkz
z41RfluK`w4p0@v5i=#eG6JRYe_`Cq`32cW9ep`SK2R7Q{+KV1k+#HYe8N~boLuX%Q
zEwQYt!MHiavYqioOIQSOu_M^V^Il-Wa$p}3mnu@_-&@(AkX|DWO|Z&;v4kc7TR4JM
zUZYf+H|I~&6W9*KMY*=D{d$b!yrq@hK*{8oarkqLBkN?U68m;JAdzUJ5+s^A_;VvA
zyo;jlBPT_b+Xh+}0e_AhnxI;RvwNWDL*QSe^{9Cx15(WjEQxW1ZFPK*Q9EFp6A#+@
zae@2*V7q4IPY>kB0y`ojKTB~LDrNw?$jOJp*X04}b`b9Oq+s~EHXywU!aJT63}1Hy
zq}3plR65@VBhym>sR;;eJt-JcUk^xqKp2`L>0Bk#p!)g!fPNIHr+K=c+HC9kB4Ex2
z>xLB5lA^L?gk1!}Qcv;|n`M><%um7k#xteF+8z2S$;7oV^x@Fv7Wi#QprsQC+jvso
zl7j-$ULYLkNx|H3Vn8|pg!4T~CP*rk268N#MAjHyc8S1F&&yydurE68vnx}zTm|q1OBo0G*_l%@G)3lc_uTkq;3JJ
z0@ryP;ZSdg6~ZJts_d^!(*=wz9m{GN85p$(utOZ4ct0G{jtl6gfjYMudLnJ}nH2~=
z0HN242xhy+O@Ykk;Fr{OCG-x{Yd`hxV*$Mhs6C3%vsL+OAhSF82YVUs#IX1u2lP`x
zy`l&`TZ%P-%mVPAsYb>+s%}1MB_DvgrU*S-ik$hO=1IU_HTC>cgR2LC57(voytl_L*}hV`Sqj=eyi%6kdgCW0NH*Vq@T1db@qA5bF@o2J<2J+*u5~t4
zoZ%qT4cImryo2Im*IvNJIXoFrr90c~whHLeK)uM*{Y+??`vlC}!Ft3qvo0GKFqeU~
z!ZTTCVeZET%v^&gs*6LNo6Y_5fVnAHy*<upzjCjVTE*Ctc3yd46rWt%&f7C
z1LhrIJ?fcRV?PO)Z-Vu?XBIW~yMUf=7)6b6s24ol8XK2OI?lCHCPR(pT(BGXhf
z7YI*#l2;c_uyX?Xd!R;*U5V0kXayK7a%9N?bdBjWWoEu#Erm=bcsnLWwuP{>(|x29=O%mp_R_
z<-Za9h@zUfRkbmWYV%mu(&b?#wgG!LCs8a9k?q}9D;>a6w`grY$bGpyo9RPbIIA0~p+(2?MqhWZN;f$r
zz7q|$bdyu#ujG7Y{3YtAbdwoz)i*q!6L*mFxp8kfpBE36^ZD`Na=swGOwJd@_sIE@
z_<1>B9;ge)H6HoA?GXOVRD`upCIS!;`8KueLP3bH^g_y`Nnvuoae=>vixPu5kSfr;QZBUYDi133&wiM(eP(L8T57C|njXgHnj7AhI+1yyUO{hcvm^kjSrUdwefU0Ul-pb=fB2J
z$@zx(GdbTB*ZG<9x5ho>e0#jVoae`r<$PCsnVj#A@0as}_%%7-6MrG+d*kw7D1Tqv
zO3n-8UUI%45fR)KZ}vdkQqB*?edYX6e2|+y$J~=OqU$^IPUjV>~|{mPGT
z8bwq1C3gVAE=Zf$6rZ<42o*t?A^3cm3_iJ07`mf~?Bn>M`4*MOG`HId^38XR55brE
z0_Y!au!uF^Q!db-ZHoIJIC6a%niX88hUR-!Q05arUpQDNjplm`QUW_`;t)Z-
zo8EjF0%cgdA(Li6+7KN`b2;He%@366$!v?{K7^Q~g+?hf6v?9;WOhsNF^V4t>~xR+
z1qHM6V->#?*tH(toAMnb>thAq9|`6`;EO#+@=(qR3FlqlpL&ky(IT9t`TPQ`9Jxyo
z^v;sv(-hwXSbK*XW*a?%13s7~PM0uvUl0b8BrbYX@ykWQ1R8pv$D;h~rcqSdd_dI{
zq~XI>jhS#VK1a>_;r>e$(HDk^5f?7lgJ7C$2_*yhB|jG+EC!?HRu!AHh@w;YrR6pq
z$AW^`20m}wkv4Hgi&}0cNl!rNV;uj&k(&h2qC0Fv645efig75q-iRSbMpQCt#E4_%
z19H9@G@tY3>zH#-@J8Y|gt|}2=1lYy9A|j6FlQ6xTLRXi4epq-ViT-PT>1N8Ja^^a
z2A@;qhk}oB{EPXVnziByq?SPw#yE?L6;vYS=LeP_G|8aF&yAUsZwdb8Qq?V=tXXM4
z)h(}tpIALFmY2T@#;MA9sa)0{ha=@^<};gCSZt|cGmw6f!?Yz@!plmy8Q?vRV6LHt
zMXLRk@^WVSbQ+BE1CVfrXeABBMTMfsptxRisD_nk?Drg`2O;j
z@U=4w7Cokn2V_Kjg5q~UTpbhTuSS9`dy{=^*_(_g|BB+T;g4(0O-7fmhs9uLSs2?E
z-sF(-#!MqQiXNAIT6M8C+q$`_sA_9>Qnc=%H|%!--Mq-`UtuNmvinspK+NI4dnG
zZL@iN0+;k{I>l$oxpRD>oV&zV$$5+Tq%y23+H{Mj%ei}ek(_(PbLG5Mypf!@j@!z4
zn|KR3ZyWcL^LFvqa^60EOU}LH&tQFNn?CVsIqwjcN_yY8O3pjRx5{~^c%hv8$4|<6
zK)h7WJI90MJSZL}=Uw81%T)6Exh9>`;6ZJ|*C4X|A`Y_vLS{KWS@KL%
zN&n;ts`%BWl08txpGm~)B7;QS@T--$+*E#o40}k1e^ZHGp3ST^M^*W~5@^GIBs~C&
zY;HN-J40KJ^^jV1uBl|7(=UH9mAvNHFSi@1Vd<7~sV*(Bs{Q8iY^-fL>P79lHdEx%W?8f!p#<$t}?aIdWj;+L>XOI*fOYlK_deV&8
zyGyj`PW9#({P_qer5*Q(d%@b$j(f&i$a#of{dU|x-b22Ri4T|aq49J%kBzUwxf$~`
zb&skT(NVYSB8YyBGy;|KSP0qDQ6RFMbwI4*1-;Dg>
z*JvoEIKZ1|s+3W;G?$LfzW{k%!pL81T+`Aq<>zc>ub4{5)nm>&ypo`9pq+!_>s*PBW(!5_;KNw0Z7=D#J4D}
z&=U$BgybU}q$9WDPbxkQ*!d1O?^Avn4(NVL=7tqWnFsvtG-tgLdv%Ujk@(O>K16vs
z%dWsH@)aNBn+zl^EAtIMr`~2%TNN*@n9~_E7}-&Y)OP%OOjYXK_zn4z-<9lmbEBQV
zL#HU}jwAO2h(^>Yp_3&H0yxwYzNR{icF=Hw4vS@#COQ)MiJtQ&4N%S*3Fji&ro57vERI+F~)TCpBR+*}VCwZtJ}
z37enHrwQ9;vNM?bg>0#Xj98FKKh5NLh|Ey2E>Xg!el-afA+A=3xLRdBCbjx7#C@%b
zmz%NFX0tBk?*o#{ip{#TlC*yyAs5p_QJ!*oS+Us`o0DnW6~bmam0J}9$_I9Fqt#|R
zS9Hf0=?Rez@nn$xafLYQcG+?iQGFL8|M0D`vYo3}J=ZUb_)iJoG4kjKI6mFJnXSiaXk
za=pzL;+xTRTBq`Z;$tu%)*-k2qIRW6TT9C?t@C%#qBG3lBae*A?~@70nDVZ$7Dw)f
z&7p3tf{PSvjr8sgGpB%H$~u81^KAKHjrTbM+2+ZxN?))_M<8jO7mO)m8QiK1A#)ng
zb3CIC8I#4X_myxBuzNlJ=yb>=`CBVLRqFGgz2T{1psM;@@y~$$K})=!O)(Nv|35sLDI2jx&l(}C|Aln>R>Qz;Fp-b@4Kd`C0l
zBuncZ(ry9eUQZKGm58!k1J+Uy{^3cqOz&Ei4^tBB$b19Bk0dpryR{Op-Rz%}S&2+n
zwWCym38qaqYy!ifjYB1_>v|g{lzfpA;yY1ndOj($W;463AZ!
z>_DHf&o9O*YSTb9o1$i7^6Ik!<;49
zE!Ac+z>^)p4ngBKYB&)!pm`pnd6HwU$DdnBmTo6kK}wpUBx2@S{8{QrirWp=;-^o6
zeM3BHoJzV$l}J%);{vlWj)Erih?2xlTY#{AG14bWlI->Y;UJQ-+2wTGtYmjG2s4Ul
zYM><1bR7t{7t_=}(6j`ESBq)dNlAY>3oiN>2&;=}vYVG5;Otr#YlbE`3S2O@B**Ed
z>oXwr0%12CvVi|^Gp;Pz<)u*kssKB^1eG~x44^P8SUzyYfD0Y0Lu9?wsN!@J_vjDp
z{7`nj{m{;R`0hNLa^ku6!~X8Wt@yCR!kJK~8v-hBO$Nl}Fwtz#4p>bbQN=w8^dq6G
zS|IgIm<#Ow1Zyk_b4TvcGh
zEtH#?mK9Z^KR72ObW5tKcH0F8mUcr%@3S*+3#E#D`xB}__c9=Pj1TE!_
zrt!lwP?S7TmHE-iY}6B1kvK%3;ipjWded0KD|rGk7FN{I!PxADlyPani|C&q+u5dJ
zUl?fetUI+M*Cs2jv-9+^4sH`7B
zs6y-0;!%r`v=)^)P?@d3+PVl+s!Ma;-{!msT<(^sKYc%GEyAb)99+
z0pmu;(&eMXl&Tg>x4VHBF9QCY;}~(4jA|8+s}dpo6NFWsB>qy;8v&_&dt4vjP$
zB$=kYqNp_v)u!z0Ot&)<_Fl>+$qdGyA!LhfTG9goZ4-b^A}+Qmen=pH9rOE4b1YrNRD2Ma@G`JBhzC{hnc}iU
z{u0=C9+xOVRUhe3rlJofC>()>TH#ljE`5@wTcxu+nPz+Z8CXo@YSUwIBGOz%$TSo2
zX9`7VVCV>^>LR4PIVb)Lg~Q
zLr8zx$%buZz9qa3aD^w_mkd^mE#YT?rI?4b^g6hnE{#Ekk|uyUI@m}LlonYM;a`P)
zxJ;Nkfi*PEl$Ma4M8{VWm%KK
zn3`g#nkr+;=-u4q0B`aHS!pC{s@7Q6qhP$|S>oWtN77oVM(4^z;isT|L}(9}x6;
zB-n~p_F=$W09LRLQ^LOj!cr0*PU>roV!4ly{w1@J;ezW;y*pKPOBpi}gUhk_tB*rD
zOtKulY{7Ci1HN5~V}z)yrF!~|(w-oU_9R(X$--Dkn%HE1_)!{XGGVg)*nUmp{P)6w5cit<@kxysjYU9eIB@QX+vo|>>
zNK@ih!#{c{gU+K@FkCf9`4ey%u{A!(ZSfbNVu!k~^P8CDZi|mW`e8V7FKz0qt!;0M
zpNiy}4l;iyehAgs+v3ZSV9fO(%uka>3(4LVf6QU-w)nP4XikRV?c*M}VwS5C-ah8N
zw3>w6?c?R(Rt^C5Bj&XUK3OtuA5%}Bpo$l}eN6G)Q{skStwgcg$ESEUWi`i|Vv)Ul
zOdGBs=`*@RA$$9nw%p?(wFcLoj5WgO^Zn{Skn7S
z>If%!lC-xbNNGrsK*ns0dnejVn2p{~YE-d%g&FL>46F4SBz0)D4W=9W?6Zk1WOFdkh@OY7)DDZL*
z)h86?`yxSZ3sme~^Y&%l@F}&P-5K{Zq+p%Nu{NA4TG|8agd?|MlKmNi^hN5f4l%70
z_#A;p1DfFBO%r&Qz^4N`*TY>B_#%O?0d!{yHlpHa7LflQaiDGdTCgGY-$lXlEKqy0
zD(dKvvL*C?jl>@)wH-54xW2+Pe*Hmcy*P3M2uri7sAU>RUtqclY@h;6=!;{Z7uZ#@
zYof3@5a|aKle}~Yv~Nc`5y@vd$P8g-inmeO*}!h_IA=hM+xrU-0(&lns}eP!vo+v7
zFh29FeUn_eS;8)G4h}KUi2K!wEfsGDth2`{ADY@vNjrkDwi$%SMlyB35$I(AQwunW^%#bHfrCls)6SUCwIHVY63Qf(#qIv@zuXN6R2pNmE1
zcE{Eo99qO#X!mMgm6XE8qS}Jd)v*d=Q8Q@qAmBqCN1dfhEgOpx(orCsPEwQ5-|7WFn5D?CfoXhTCR>K9B8=~xt*rfLtY8*pg5
zRW@Q#+x^3{Z7hl;vmO5QCHs74o{B|@wgZ42L|l47Di$U3Cj*=21K#6yCL1S92bjf2(V3xV1oALVo^Q8*uk;Vu_!TNIIz*g0~dy|s42jv
zdR(t!`pA@IE<^Hlgjm;Vp;kCzQ4b_d*T$mAG|%DB>%~M6i&~tB*jN;q=4bq=xtBFC
z^n;5L2=PsUbs;X*sV&OI
zqWU9!PbV9;6&H&d3viMrT#*b`E*5n*z*&x9FTGEf#vnt|31NQ{<|g&!Vo?*3K80DxaKSZYDi$RMUjqCZ&tXz37A2eqfIpk!7$NGq%EqGJ
z1>p-%l66&KEUFX}XgwTik&u$rl#fMi1;zjzE$9k<(b#|rF=vepv?A3R}axc>33fU0T
z2T1aypl#U&)PP`)Y4%t#B?<@HYYZt)x2?vLPng(g?*-NUcJMsaK02#6+Weh`lz%G!z07Jt9quNiU>BOtV6gG^10I
z(vTv7jQN&(ZB@ICO+8Z}cs~V~(Do!VBj3wt7VS%7Q&%47zYME2eYgup?OT2>KKs}d
zzxdb`zocSQZIQ4Uj@%k%x+&zM3XM(mLFz6JF?nwOP*`JABLR)~a4o{)MOtH1CwZtI
zp(wu`C95NZy=(5h+#5cn*1-oL5FrKYOin5`wHR8Sr>4e9_8Oa7j?|S7F|86sWx
zUP7s!%uHb$o1*b|0J?{8f5Or@8Jm($#B>#~u_-1j$MKOD;6gX5aIvYMm_EYg)kH8G
zn`(&U<_h`M@&B2eu*k
zaGd+_G(PM=MMYv$`H?VBCPon`YN{XkVHa67_ViPIK55b=i^nW@w#eR?{
zR~6XU6y@$t%Ze&dP#Bvc_I5S&Y;5Xl@P5FN8^ac-aV8g=sv3nSc5n!0jwGQmTozRz
zHpO0M@XogNsc~LCS?`!DH#4AX~(yWJ<}Cr_wGq^&nCf
zd+C#CD%N-~)$fyf8|VtpIGqet;bK!i1FVI4UQ0_Anz!~c8=GnY!j_&yEkY_1o7x4e
zQAL=^YRbo^CWAJ;kZSF7v8k)TxZSfxqTQ=~S_&7NdJ>G69IG%kHJui(0RC^sG2*Ne
zah8ou390fR^e`Oi4)K?gY-~zMT|nsRNwmot?P61V0vzoL(i~W;mgQno$AdA=vqX(H
zG{mNET#kZj&UT*^ndVmfxyy+p`=ma4-?MFOiX`)Q{8>)+dCWW&n-Xn50E@=h!dl$!
zlM?yHz?u>ld9@9(se@SwYMYHsk!1Sg&tS5pPbnL*slyVsjZKkcj>Vso$QIqI&Bmrg
z+a>SgztgN
zjZKkh4#A&^#Y7OBnvjUt*c6%O3jDdAA~Z1cgNsc)2yk(l5XPn?-*F2WW*)HHGx9bzCHF3t0DIBPYm0KRsSlCIp`F&*JQ02`)Bu0KkJB
z!D22pbpq1Qc9^v9uxeavYAzVJq*$uP$EF?w__8NRY$_QId~E7tFn;nZDPrOyX)S)A
zRNcd{*2fWa8F6ANHq`@!o{pscbFnEZ&kY53h{Lr-1odoVQ^GtAtP84T+Sn9r&D{dl
zgJk*vp~yZdVZH^HdQ?_Y{ZMgHg^f)KVKoU?C-voGQ?+nux&aO?JJ*z{*pwLD1$a--
zVNxnKC7iv1ADrSCA?muy#->gLVWua^x~ecXH5Y{WX;QM9^0BGEf$>iqEm%^1(V&7B
zgE?zZK`YvAt}4ge+!%)l@rwo&0wD<~=+JLBS8WH{04KvQVMY?TkboAKtOIC^T(9S^
zJur-A4J6Qvf7;?f>>)?svSiUU_~swP9$jT@SOO1X^U;wixoq?gVlP0xkK)L^iW)Sl
zSdB_>4`Tlf;Brq`-V22G%+EcD%_mg82VOeCDVcaJVCC2cvB_xyyshV)M~>8>dl0)P
zu>KyG=Uyaq5x=@V%OLKqf2QuiE4d29g*e3B$Kyl84vY|;g#(t|WxAe^wCRQ~m%^=c
z{+XfB-KMLS^yl6vZu3g~8F)Xcl#dsyJ@rq}Jl=zbZ(SB|`7A`4s^F`Y%v(3&51(_6
zu9X~^S02@{J`SPj8d{5L9}e#ftTzq>xjILkVYuq!C$lHZfqL&8vDEm`C1R~1tOp-&
zP3??aehTRwTK$vXq)EBR<>^SDjwAOiD^ejFxx5m|^BiP;B96J-Z;s3Hkt6ds2rr~b
zqlIK6m+v^t#$fXMAfY)K61n{3NEb*%uZOD;lDxKI#1_&^Lj+OSCspDL~3
zxH$vhEKj(W1T0rUct{D?1Do&hc}WI~6n_fX-#kuv6Oa}w=~EDX@FaPMfRK_gumYuQ
zh(n5?ty7wWdZ;dBrB9XKXIc;a80BvbZi(30Jtr={ojLD;)M3=JfOaarwc?Kwp9pL+
z@u!H(g;QzQoPC7?0TtO!MVMf&$Ddm=B9EBXZ1*{3+uvpr(yL&;NwyeJB?j7GWy^hm
z^dB5%NY`1abc$w|t2zepFB~Eq5~f>1XMo$L3HwME&*wIwix5heuMe44e4&c9Z>dTz
zrNu`>`go_oI^bc`o^R2y?AMenq-(&uk!*37mUda7?J;0adu@up70AB_?Bk65@<84k
ziyy(l5mwiSfqXMyZHNc?uTWgP-5c0WUS7-osAVod_MQ5iY=D89&@oRMp#a$@Hd8LXXRV&}aX
ztfOM$z*jQ)*@&1lrOz{R-2%Dt$?5WKrI^UICMM<63Tee3&P1!)9Lc?a?TkbF%Uh@i
z+oC(<>^l#Ls$9Q7ZZcA*rsb40Gay|F0^hNr%H?evK@QuMbRC9qT7z+=?*(#ygACv1
zQCzNPN!Ja|gq$pQOS{yR!jN8ZJSHg|Dn@rojq50&>^=#5YcL0<*)pCeagT&J8l(xH
z7;w&2A2a1F;1_z%`*fpDAxGB`^KJxom&XGg(-f!q&jDYa;;8wu%vP%|QZ_yLJ(#sl
zKw;UhrAJ5=>&&g}zb3ldfVnN%98<+11-cg`y7vNeTy?sKvF()JqGiYXZ@@dtX|{v$
z?H0Te>9;vdUwgBHuF*05F3WlXj2Asie5V8#F#HhU7oHGkc*JTbI}r;K99lYRFv3z(
zpK_*d3Q7-8`#iDaY0KCJ;P4bd^=MT-udIn6oRubV9u96Nl)kLYIbhvcgqd6bm%eFp
zej2nl3aQpp?_1Wtz*y~AI>BqFdwV@;Wna^dx+kIS;YgfeyYHu}g{uM61B9L=1+&8E
zinA%2p}>YaC070`#ibh`2W*O$m*9Nqw}Jenz^?T2ivJME-v{hrFW*?2RIie5GtNTZ
zTBM(qO_KR1{_u@BQY1S*^)BglUc%04s8e2>v;Gt;bZ~@avo9PGZC!zFMLbyGln3&A
z0^27eUrTX$0{3WO$9r6D@0_zQ6Cj`ksH-AOFgM`OtzJZN``eO&F9!C!$F=pB=zwV6
zNBX~rN!Mi++o5HN4pF(2u?Y@`;;bEuzpi+5U|mwU5t3SQw^}KcJ_xL#DW)yTqXFqC
z5Ki(W%30C}nw^yA5)iKOBpJXoyLSRj4}$QVCrPss!?gHcs5r=tkWM8P{RXFi*-zwm#4G`
zp&LnJQ&75(l=Q%KG}K)|*w62(?bDPSb29wE&@Onk1SehLSIBl&dux
zsOoK;%SHINHxfotWH8_BM+>8Um|of@S0Ud@mLLh=o9ne1C-n2dmr(kioeEwgGc39b{T_p`RzH
zt>i$JV8Zt}exXzenx7RIU>dUzDAztdM^39VaE}8=$Q@`JGt8#kLsc(1yW<#|;qGoa
z@=7JobQKt{0=1C$=}4ST0da%EM=MPJH8^f{u;Clwt%?&96;A*4e7mRVz^itN+G(heM%xOEOvN-Tm(=lg~oBEJqwxe*S5Lx0?qZ;ELF^Y?bymjULFFkw4A&iSO#Y2Q%vq%Wuawe~XArjiKTek(5;;ivAYS8_52B
zns6K^pu_MdbBky-z!K^ZlSBW=Xp
zB03P*VIHT1#qDc!F9dci4!N(wg5X1!h#%Cl4hrzm
zch9gd^u&A7**{Hv!gw$G^Tlvpt-8FS_7=1$MK?`CfGGo_xt-
zQhMHF8hkcd$`zj?10(jidrTie`ZLkM4yBO2$7CQHDQr8*6xm{E!{n&R$+I1
zU!NgvIML`HNboOUI0gc;JDxPnnO;b5a=$$!$wYh=QuO5=iHyGRqm0_+1su)zi7#L{
z{d{|erBTJOT8E!wM+dxsf$#9sp`v0x`I46|ffq0kNo{hkM8f(wavQSTn^LviN-e%Ku(K4bGdZbE
z?zce8oz%2tlD%$ne+sEf9b$G!VBO^YA)qfjJRpH}lY0sBtc64Lnq3oEH@Pkz;N@W~Q*6{%HI~fUY2XFkxw9
z+~h8Of$1t>=RhVrh2uFdATxpAo7}ep
zHrV5oD7MM{ATW;bEb*f(vN#$fJvq-&a%&_-oX1X_<>s62jpapPZXUY`ii*!;w*yJd
zV{akhGv-^5S6KXH$no=-=#|O9{k}&n9P~kflWU!OBeVGM{E-#(A023(_*Dd6|ug$nSw^K2yBRmKm9gyv$H16AI4q
zg2y^R`vae&abLL8Ltc88laBTjWT6+l*$GC2j~+WA>U5j&LQi=ig>F)aZdjg3O&STQ
zj}oaL6Dfh-Pox@LnD)p^KC4bd0*^fB?HlN2WG3yjD9LGz7gFeleYzW
zDG@!#iQ2wwT>*%E)}6#Y0!_{+JS>6!l2JH1fo{(z
zJTrlw$tXNMfj-PAJUM}W$tb)sff`?$F7o9G)QwP33=4{R~6I$RDxGsW=#+Ef1Kc*h$lT?8^Q+(z8i6RCA9zD
z1V6Hvep4ddl8ts&G5u>2`T524f1lt>i|OAm(Z8yg{)P!&b$Jo{*H7?H#AOx;>bF~h
z??yc9pUw$>WHJ366MR-N{g0RW0qqv2-}d)M6rwSUov4LgOQhb*NG(mIe#%IFlt?wa
z!j{DO^XnjMUeO)S(%v@-knp=}s!_7waj`eC9b(&2{jYi3dlWHcsT9
zaPoNkicsT3^c^Q^i_s~O`rb=vL*6uzsy91b!aj-A=7fTAaJximU`A?4A~hx>wOb-}
zYDVhdL~5>+3Nsv)h%R!X)-MMiJ~HZbLL&dql)Ne#ETm%-CFOH$SqobBd5Na>BxPIn
z*@=>YDJ9m|*Cz7gipgJ<$e&$I{@z6X=3?@9CGyV}lYdrm&aeM;^47G)2^3wKuIsmx
zTsI^X)b*Q5hTSt#Untb(-w1+aq*f--_>7cUPx=6*&dNxwNu;jLNUg6@H0Le#+*h*}vK2JpFIMEONd4hrE1n#T6+|JKys10p1{y|IW$V
ztm`JCb+1X6wQVBRkx)>LEfcB!UaGY7F7YQl@q3~;S8m7ikhrs)hsJ~CJUkvP=L6zX
zUBjYC9Q_skFTRD%4_p|2{dG4}x+z!j9tt0$1_+iQs*G9T6
z-u*D;`><^Vj@;wC`7ngM_z4L+nKekxgD;Q<#1ywbOxXljTZfw^l%IwJ3iO95Uqni8
z;Dgc}xtF7l!r)$xJ_^GpoSIYAw5*e_I28gL@LS8e`9`l%Z-UJUvA+{*CUQ+4uJ`~@
z9e!!@XnX!@xqg1Ega4i8CXaXE>zXwEi4G#aHFZkse5JsCW0?r3i$h`pj$?9JDoTyfkD_HIZ06Queths@Q~
ze;YE>`ylnF2y!=4A90B8MU!4z|5Sm^tH9pz_(F;+ewyO{2KKYZA4$}oRf7en3qzXY
zkc{y%eYi8~g7ggu*4JlgxUp+naLkjGR^&R7CbBmX$+y19Twf_0!G`jSJl*VOAoby{f{#$#Gy>Sd6GZnjPy*$nO+B7zNly^^r%7tS!D`!ZV267A
zJz7yEI_z&I=1vAU!xN-%iI>Kbst-v<`IBIf1*Q^LD<)m
z?t&?nw2f}Z71AUSPVuA{Nm92AQ8T5@L_U^ubV_L&*RM%MW#-)vh!VHau*4a$iB$*TN=hO_leoA*2Ws_v);m_@!
zt$BA>yfL?kECKc+aVd)8Jr$>~%nD%tcDU}zQBuD^N#!l*1UNz^g90TTfooNun1FKUr6-U)p2C#1+GWe9r)B7DZ^hil}iT0=+kba1Tj|UL}nVG`$4E--~G)
zrzG+G*C70o)+8gcG?6^r)r@s#n%q?}00zql(ImaRAXU>BcHmkdk+*FWzdk+&vf4)R
z>*LZjEQT5JY>#0^JN*ov3BnYZTZSWJ)|7=4T~L6O4*^p
z)kzB?8zMzF2W#1qcMYTjCl?4FK*7wG-#|rXFKSBJodwFSp)y%01uEpb3fk9Cz8(rD
zOs!CPZr5KQopOh}2zp$q+vJdt$C2BI4wIFVyFO}y6Wd@oL4tjq+b*a&iI(D&Hyr81Zp7%@N8
z?*{;Wa3sveZ-Nxe#ze=m0XLM_aX2Do;z9WChY};NFOorps|ZgLf=s0Tk1y3FhBcr*kaz3`KKPMD>ef<9RarIg!3K8$rLF>$KIlP|3bb(Y
zu3jsP%jNxnYLms~GV4(qj8v$uKe-~Ay&zbTh)*&rlJlYEVjQ`j*qPERl3S2|ufq&K
zB`XqfvQCF~MMB)XgFhcqq{a?V=T{`R!;JKbgd|gOH);n*$i|8!&}~;FB$=)8r1Yl=4JX}oJ6^SUh8ieZ|Nte=f?21H`JPPbthlfh+
zibO~sg75`N^n&51WJU5Grcdh%yCRW%8^S})aftCMq9w2^64ARY2s@FK=v9(kk%*>|
zAdD}j$*xGm^Jju^L0XgVKvABV*@lK?#Y5ovu~GWCVl`)#RMff0PI)yi*GmcBSzHf^
zqK(_x{RhKunLp7`xF({E%dlq0l8TXDX=i<6gM_`;MQNeFmKZh9gs2t(<8L~!WJ`&)
z&n=#Wk(@6QknXgKy`mY7G#m7<*!*65?Y+Su8F$!FKX-P~Y2JrM>P!AeuahfwE5+fb
zB{T_{i$D1wgOaSAe8$WvkS0c4i9^y?b4!TA_$WmDcz+-$%VkKba<%5c4;Bq2g2hd(F=y3k}f?Q
z(^R@kOTM3i^bJL5yo#i{wCJr3H#Wu*=uLHL(X<5!+mn>lWV^I@ejgAHN^6paB~2vH
z%#tpBK6t)M%aoOLgasZ$NAS-}G-Bl^q&Gtn->9X%1^fRkspim<3cfT-`bo_LlYU%<
z#PvoD7!ak0gXnsQg1(^%UUU_1Z8HRFDmwf-M(?*V2-k-d#~-FpX`
zp}7pqFbsnXAaTHfA!nE&$bbq%P*72VfPjLms9?l^Ie`&%%&TI~IiYLL>ng@obPa1<
zWlgKD{@?eUs_weiargIq&+q&9^W5sHbKZ06RMn}_)!|Bx?HUqAPda6KiQ)dplGT(r
zpy6MI+R83VD*H2MZH!io-*P1n`jg(9Q=pcC?rYm7;0FH?;NpSB+&InU*KU*A%7#C}
z>0%Y(gHer51Z1dr+bs~;2d>19w^PKsa3%?4B$wXa;duey0`L_%;Fr1V6NuG!
z=N0(kw}bG0n|ujWgWu@87T|3;;Dy{#7k$>F=yW|d+k*bbm1B-aQEa&rV?ykYBY8cY
zbnWh{q+ilYZ*xj=yjl7h`+S~TdtJTNn>sL2?p-K}MJ5F}q&Lu|?dAD=vF{g$K|4KtLg-&gb7g+M}F5o{60za
z15U?(ye`wM?I=$%^Vt8nYf9G5o`@@}5;~+U8mp{klac{)p35v}fXo{g?ZkXXBG&Lf
z5fd#|*7h3ave}pQFzsyh%Lw$itpiEW%j3xJj!RMpcEaZ!gr3kLb-;vqW3BTk3*q``
zCkGLi9ePY2gcma_97Kk)UylVud)?XsnspY~5}}VJ>zN$PT@J%CB#WnM?ZlR
zgU3U$sph}ws&m+GN9U+`!seIbQ;AgWMZfvYRLd`Q)Ix_ya6{Pqkss>y>y9^v7di+x
zmd!i)5bjBz=pb@Wpo}+j#oA_FlGWxz&f5QhcfFB_{rEo-Q_u0+qT)%f<0R`1Tey9s
znHHRf@&hO3=hR?ie$etOWYqa6zk_gd+sK_Q&FNXua-PeHtuCs>I}#u8mR>6Hl#`$j
zh=jOY;t|PO(hZPo%5R+=bcsoHIB8&dLQb)6!tQk0Q?^*V;ceuux8JP1?=r$cm@rRW
z?%FID6#m+x20jbKUr&^{@oc(M#?5_s;Ybv@}C%zw@(
zPDm!1m9h$XZ<7iB=^%W($;dNK;%k{R^id7kUHmlco_Q1a46NO!B>Vxn{C2F&uDEC^
z#r*2m6CWho2UxLRz7YN0txjKyj%Dga$nO$hB(XDAa1!a#-A4E{mMLOso`>=`}uPCpy|5Xm#)-ET%c%-)Er3Dcqds=>Cia{?BztQ)Taxd?rI&N;nq9
zHGKF=f*hxM4%Foimq2_q8yuStdl^3HB|(mwy+OUh;Sz|i=5@#BgJp&fl}V7JrU#x!
z`^n)Fh_9yOv$jyOc;N$VMxJ8xd-uJdj&-;MB5jlzk+{nOU`*Hhp@M;Rr!fit*j#=q
zw()=qx|{8S;1b{=p|kN9pWCh=MPte^Kt~o-mr~QbFA9B;rpiq1AzctW3hkMWPc`oY
z-^z4+z4@~5dH!4T6Xg6s^9DJ8*!%%Gf86|SIsd)+_c+g3xb%>qJLHQkcp~DB&
zB?vN|e`
zIhl7M{vm#;kMIm+(2cm_8Or*R7CdiR=IeyNyYkDy>*n}+^A}k{eoVQnp?gbWj(~|X
zJ0aMO0^dWIVNBn&F0L)-6PQM&Ys$s7RC=CB??dU65u6iCGiIg7mh&-IqXLVQ?Ct~P
z849pyhB5OAt}Lz8DE*$GmUy+6=yPCxjwQrqis_5o#p?tldfK2G+v6uC(N4}GDhMA$
zooTxc91{Hj2u%M$FmQPL8{mK%AK}Hvv|Ea%R(eetG1BDnP`0Wm>tA@~i)cukzv!js
zo9wwGN=$kU&i&2?QTuY){9@+G0rDXjU`kLqx>hP%C|&3cQj<|$oTqGG>A-Y6O)tw!
zFV9P_%uBC|(~?Ko@Ii;btgsTcD`CW-%VDC%M-Dm;OpT8kv^A#J4BCuYP3g6Rome)ytJJyF7)$FO>?%$-|LdRKJ(tpSE4hrb_guD5m$P!r7N~n0ztnSB
zqS|{d-R;A5+d%)f;~Cjn5TRBb)BRt;OlEH#3{W_crrS$!68uuHQ=OtarTagXpob`$
zATtBO?lD?=Z7ciu-#d^utH3*yd@)Y>V^yBMV9o~b636#%fJ{`7D7goKhaAY>MVaC$
zc^$mJIlixChJvJA{{|pLT}rtOW43S=>7l%6wpB69%eNY!5fq{EDxxLW)60BU0Ok?I
z`tm_@JxzxJaC~E$_VF}b3cz)ZX|n$Y#^y7R0q~3iX&0kYi06!_KZLB;(GqI~_u1|h
z&wXTlk>@^bUPfobFSU2=Z``LJ=p!A^$WBu1KF?nf*O_%6BF#bs%P6vp>SFhKBtcvE
zA;_GCU}KEVai5itH@AUz5BXwTj{CfiN-!^j_gBaFTi&{lDES_Me>+gF`-qaZf5D9$
z{3H`!iFF?-*GK>+62x*D#uE48PDrl%NWKREbQncwyo%(wk7Rxh0GAS!=v9z)AJKF#
z0FO1M$-0kddIx|{8q;Lmhs|fwaEE62Y4eEJ&?!9kp{~w!A2V=av;@%pObpythIEZD
z^M?BUJo^60urF^A#cFQ;zf~h|UdL*_`@dCl&^8posu>cEdes$bc>A&7XrV@U@!y%t
zxI2=lS?8&lfjV?*lKAhak)b}e=2=h8d7hdi{yS>U1URv#^%iHr@b+JLg-YVTqvj(P
zYB+wfsM`9PTRGW9)j;SSj$i5oto(BqRZ~IU!?DbUgl`vB2Y`2&hTwV%+z4HUv3OA>7uIf3CAUmfS{GIKQ2HGNpTyFP#fvJwmXounlI&WdtR3-_
zq8Y~i+oGx#m}#+uD4|%+qDu5E19c^VEQzhP^HV?u<_wT8z)$XZa34UkXN_3kdIdfK
z&=w!qh4Q4@KUQap=pIt;zpDo!ok1N8YpP#g*R|CSlkD27PS1PW^je(zy$oW`nu~j%
z{UK@Iq+xQ|WY=7~kjfnk-I~`m*8l#R>rR*zUW~k2vDjrJ25p5!8m}3&4cTkFcF+%q
z+rqBSej5v{seKe0WNpP-)*+6i@+QY&Z+VlWv_RhE*#8YY1dd(f#CsO481dX-T(gbZMM}o}F2=0v0s?Dygp5Rj8MetrF
zUyM_}U0bou%|F2V(eeFx%}$P@q~uMQji0Z?uB}ALK=8&mzOTeij#94O0a!>7%Vii#
zCP(iH6}z^Qd`|=De2UO`710vdwUuOkD*z7=l;~BEog78e769IBOp~1)Mbl3JG(l_s
zMw6W!<>81<0CaaCbr?E@OpZ;apim)oC2OlSfA!o)-uTONpFcp^YAWnh`y2N;9rTTk
zhp(~v?lb+$eD@*JY)0?|MfxRZxX+FW+PV)x=1TpmkPZ?bRW`(OB}amu&u
zGn(>!z#HcHe#=|;5hXJK*xiA0*H)rr6?jKEzOTf(kCba809O*kav8=F_ZglP&bp7}
z`z%0PD8iam5iNmrAIbbH0DdAU(W@ZqKBB1&8nF|8ztLpfM>GuwU;;t;nymY<`OI7Z
z7CDf54V}VsAL<&8(#ceN(z|ZJw^Qwl6p(8F@=?r|nv~~cv~BD>y#lbKej`k({g25+Sl(2TDT&+pL3kvZqBFBH
zn5VDVs`K)hd+NE~o*%L2_i^qw2tm*uzrgN|@c!1D$jiLJ;*Sx|LYW%BC6)IH^ls|^
zt9iO?4hk}1tDBog3>pU$-8}s@vUl_J_lVoVuFhT@3#_T_1`SE2NOxhWyn*(;_q~Bu
znlEpleG}@o;+N{giFG1`gH~=2^x1RsYKA1BK;CH
z2HGzYv>j*(GP4lu6{A&~8)!MXtp@K%^2Ipi+ky5P+IBv8S2(^uM!JEPN*(~fS@$8*EJ3gWztk>N
zr_KiVIp)e3ZQX|;a~^_*7@Zbv)_rC}-rNP=1LTWw%D3+G5h}rK0q;G>_gmh&k0|*G
z0P{hv66-#qq&;}u9p6`C-ABq*1HeuMv0R3+#C;CF5*eh$c=R$iv+@2e7?)Q%a
zfc7Ur-u-+Ry7g~!{YmggQd77yErGou@V|GlYVBT~T@Jf-qFYnTzonJ=jQ_r>qY@2F
zJnAo>IJdDLbpfO=#V=LDd+6POjXmlPkRNs|(=p*&k9q~XcO5_1qxb;5ZDQSIAGdT_W6x4
zsrj$EYN13;-m9)T3fDvQvfn5q)&BKLVvW4+s={`^=pn$K_Jxy7JueH{apGRYe+A&}
zw52!dxtBd(WY2uDxF27X&gn&bceWcO_0Nv|UQ|P>{Npi$|Mgx}07C-r&0P$-OFnlk
zYP-k-FyT@BQZH4mpAB
z^F}NoN+_1oMMTdwP=6qhC9z$^`c)}vxHEq7v)7tEYb3WXO#x_cAJ~NjAXOg)PvrFf
z3S{UTPfSQZ?93R4_7lHQXT0$gJ+H9mckMYi6;3$=i5#cofC#(6b{*bF44MxUHC{8QCB9g$@!COc5VwV0ojo!ZSW`O=8j?y8XJ@Ir
z1?nUJ@D`}j0(lG6`=D+!eyNkN{>@vUZUOy0$1`UW5MSR6xB+#fYbm=xCDJte694&u
zU+RJcjRk6t1Z@|n1eqZSM#X5=W*4Y`pcKICy3=Tj3ofhzfypz1r~C&sIYmcTAh
zCG%kbj3+43t022T6-|2su(UBvc7ZCIjsxI~#x&UlDx1%20^lYG(gg&aLOkcN5hzqh
zU6T>9|0UluY}+@w>Z>65BN`w5a_HbgYE2O82M*c}Z%U&11sXHJq)q@&KQh&Jl(5P`
z?czA*?CpV;{@b=j*!zEj+u&f=I*8?t7cQSe*&Up@6G9GNG(vvB#R
zJ?DaRQ7kL{MAwDS!rsneIc`LL4TRoc`#-!9DY|5>*nXo_AfF2<`P#0_cq>j`&(JZ)
zgA8#H-p=zL%xm@6w5Z`G_fm(+*(Ela{m_OC^f53eL3g~!N#wMrId%mk801Ru0{wX>
zk#mJ>K06W;46MYdY84CjtCQfBuGo6TJQQK?YazkFzV6uS$V5a?IeV4n!0P~KUBb&)H
zLZ_Mo7cCD4kCId-c+O-BmaaG`2+3?Ez|jSVBYtSn;BlgXH!fAf_^jN-v>GNzDuk(0
ztdKlauw%i4s$dsUz=zya!IWag1FK-Fq+$gsTVL=CWNT7V{A@_C2zlqc#x$XEAw8+a
zgc6^PxJV7@)@EgbQBwD|3A;x*Z{pUZ)KJD1({sDwalEpGH4t7C6MB`h!WFnfySQ{i
zs@k(rls>Ta!WciOcy$~fTzp&{A5wBr93NVo=pR;cPfQxQ;VEE-y#STVG{u
z>Fljw+(|60(b-P*9G1$m9-qrozgxQHHX#2_GPBojsjA3@X|Xf&9mup^G7OY=Rk|g!
z??#>k2_PHx2DL^XvzNGv;L{;AYIY+c%K{vON2gmHMkdRvg-c5KXO1Vq-~&=E&LD(}
zg431uxDmao<4M!vW&-Hxf!6lH(gx3vDn>Gf7G!NG;1;R)uW|sIgYxevr}Gqj?7J$3O-rOr*RDj8VRh`
zE4z}y2XuYcda9IEKCYV-)-TKR9j}8ae2lko{^40ZfWyao6TZ#xs1iO6)B1-TR%Td_
z=xb=q4C|dOf)izi^~tgkGs6Z%^u^4ufe{@nGi-2F)d6l%BtsUH6OrV3zC9mq&*$3n
z&G!5>&Zn9A3swb#>$I*m&<1e<${&hUX4sI3eJ?X?XvE%@88$3p|H=#-9-S
zUOZ#t>;|D1FVaD9L`hpp92$4?n8R_Xf?IhZO(wk{?@YBU?6=
zT5BVyl7fwp$f(wlZPKSACBy8fCT*xRe9sX^7qt5Y@y--`eN4ab_@Au8F#|k>V+J>)
zo9iFPjTs_|BFSpZP)U?&Vwfa4X=1n}dTL^XB&szrQW8ToF-j6Ony8UPohE7}QLl-y
zl9;WD@uds!)bBh^>{zk{i6xq-6RTHhVv-~d(!}KEGf{*!n%Jc^C)1-fF{LFZ?P)G(!}1)*wnXZVs0Tv
zhQ1FDSbvGab`T0JVQrx`GB6nV23TD4vrHlPEqtT46mE_9{_CvB^02!rqbd7kCRCU@tbfrRsRur(o7=FBnnvzu&ixr?@aP&^~-Oen$JF}
zYX|{S6S1jA6soER5><1EjLlV$s@hvst%(7if_oDM8*}+8Tcr(hFL^TIN=-{!$V6T{
zUtInb^2JPApp#qeGFe0XBUbCNjuTelufEAvYL+PMMpnMU`^61wa;4PHvAQr=9E&B@
zMH=eASzv;{n1hxFL&r9igp2@Vn|Y({*g{EUl+#=ip(Y|pM4D(Ji6Tv8B~hXYoeat}
zQ6!x0G|@^DoitGrab4I`6Kz`3r>lc-e;BHj`i>N|D=d~4wbVsYGvi5(Yev_PDz#iH
zb)l0|XJ9>8`8guLt`T{y!&%za*AXCXEitJ`+xggnn%Bc(;j=k;*-mz-k;UQ1F^@4c
z0BzQcjxw?$YG!Qtj389;8)9T7SxF&{+go2Q|r0=mZl>1-ZgC+*3j
z31Ieam|vIl;yn^xd)OY-UfzKxq7QW}87_5`rS{UcWV5O_=45NxkH^w?$I{eg*?)?q
zx5UyO`}$b=+gO@qveMVa(j|C>P21aJzZ6RkAe(x%J7~dPh^42;(q7*Gilq;UrIY$p
z72n4y_*PwFfOl0^d$f@?I^VWa6Fg_U*T|&-U%*RvzB6t%a&7QKBY;;-r=mfZnj%&|
z|3~5)bQ0Xnxy-cS)kf&jmz$QnL?|i>URA(#CQWrkTO^qcXLe%ex=6x(v0E6046B3^
zNmyf2R2_0ZDjQw}ZZ_=Lh2aGfcI?V)2-!=i(XH;9jF^=TCxI1(e?gcH7k9&h6zdUW
z!%Gparp|6do4)|94W`@hvT}B>DBK07DBJ^K)`m*Cpod)wk1I>|K*qI8_C3axCwm>^
z+9&%P<9nCAjT(_<^!OdxeG|v4+C^C7DZNj-u5r9yyT8Yn{^dbTA5dNv#|M^I$MNB%
zT!yNik;NRDH9pFVkM`md%i>L=@!o#R_{quM%lMtV_$*I$50Ad6&B)k>#iezKcV?Z=
zn=l}pjyDTsc9@`Rew)xWzfMULM$5unXQ2t>C7~0~gb9++xn{zSlF+$k!bC|_tLi#Q
z4AsOWNz`a!vLxy>v6Ji=)oWsBNleqk6iH0iM7<JvFhvB<5&hxg_?|8EV2|vNyAwuV~6LoRe&@NjlAh
zBTEkhJsU<%Oi;(EZatE+on?ZZ*#Uyu*+=77dzhO%%*}$~<}MVq
z)@dUvZ*YcuV>Al+vMlC9gprsW$qptcmFT6-a6uA~LU^BEO^U@ZsdsU#5V`?WBw(fhKBj@Ll|791!Fk9v+!Biu>zDnfPKm1@zEbSbrxs!fX_jwBW9
z>Ra>PD~G53U6xIoP&D|&jZ$f9&iyhj98C$fkX5u+Yo&qYq|L;ICs&Dt#`{P-3Sa2O
z{`r=Kd>1(i2O-Rc)1WbY4qB?D^GX-u?Ir1MEddx$04dqo$8}{f+
zo1c(S;|={-x{pE0N*MkKp~w>Wr#CA;Mvx6#^k>M=+(Z(tco0!pbnG&}dEpM&Dw4Ks
zn&G}&!JbWyY=Lj2pmK40l!1{jC1F~^jD!UeHj%Jtu8ze`uKf=>^og;s;FzK=*d%;I
zGA}qTlDwXS+-vxyXqQ$IS`20#j|RmW9F1bW0{=T=+5n>uhZLOHGG@1g(l+=hTgLf<
zQ{>7J^-8;j6IxbqbJ61+ZK9~){bu}{-kW|!d{AhXLXDI!rzUhF$rSu6x&Zv^)czlf
zSbLdNg(Li=gbL(!M5f@^<_`ippE(xN|J@>l#)omdM5
zTmGlY-v(aOmX0r#!raZ+MAK)A+zzN7F_PaawVFOx{z&j9I=((cr1kxURH%IUWghtZ
zIgH_#R&1qzS;+EmF>Ka>eVq^nNtP_re|r>J)OM!dYrv6BPW?N;>cP
zhD{v?Axn=nJOm%y?isj`!8HKfs$fj2a2w?1N~yr!`P>M?B~&_=`jl0xH$`s;`60*B
zYFGZal-TnZ@c!obI;_hmTrXKqNHv!MHwX^~<}E0v3DZ)|c5UU{YI>?DNz6#K+BfFR
zOhvrwH(xaEnkr=TX<|23tBF~u;$3LA7WV$_wy>}vbt>h74qpm|ipxb;Q`7DF{&2!Q
zCG~LI8T15AJX*@GW)qLMUjP}Kc+yWiz1>0Nylp1o4tc>{ZJKmKDtrnwRr6fQmPGOe
zO{g_@mKF>4+Zg*&n^bE^EBoHI?~Ab|AgQWXN;{LSi7lE?>^)^a3brQ3zTS2hV#P@d
zI_Psp=3tPH#xJ!yi#ZI#ivGV-L4^gJ2j=B5fQ7Jtjuvn?n2*K)T5bWIE#P%9{}uyi
zy9I1-0sjIiQ|xS@!4}Zf0?NVc76at1b1g+T3m5_Bjxj)7T>;%KU=Eo3=Kyq2R@7jN
zIu?l2W7I!26AXcJV+z1JJaM&B@m^#RGK)V28#)
zQ$5g*08DEPRPTZI1K^OxK=z;PWWl!{fQuRf%`nLg81N?K@#pEo6YO(lE_jRb
z`194L*yYSx@Q%;p?_*?A;&5p$1@Edn{z5G&2T$`bc#r4t7is>y+il(j@54O)V$GjD
z+WZP$LEBts+t;h9j^K66<1h92W5An`$6x00=YqE=kH4SCUkl#xdHnr7{-xkumB(N1
z@gD~7@jU(tkN+-sALj87@c6%iS5TH){*@lTBY55N_i8v^{L%47
zuWH5sH8}@q>-SdA`h@@-K#)xLGI6N&cX^-_
zzXWMp_6H9%8h}YL$g9PlJRjKyfK@R_@|4b^jgm^q1ClbepAOW;F;YtGAu}HGZlIov
zk#RYU2XF4dKLYf-7%qc?hivH~i#p&V`S|_D!&-ZwK>*amAg|aZ9%v5$mc^jhM0*Kv
zTUS1{t;?^1j;ZEc{t#_8AUNNN*#V`esx>!){vdfYUaxGp-(XR_Eb1>n{5==N>mTDm
zcd*c30LxZ5g;L>y(x$2MO4Adl0Yr+!d7!>2S(nJVV;2BsHwNnGfer*+D`^w}O#+;mH+mJwSWLK(>0Im{AGlAn@1a
zVD!46UX;yF74TE2!S(n-_wK0{Toz}-vd~iYNa^l~X&b7UiN;L@*Dn}lw1Xz3%=P1
z_?5B9MHEr*_)b+)op}(!Q!&V!7Jv3Y?*s5fW1v(z$*w6%)dD{?UUR}GG7BN*^Z>6a
z=Bx3aq{?L8Rdl3ig3PW6_9Xi9q^O^!%B1VufRdnDvuWw_M46*wXb`d=*vc+W7metW
zSJ@S5t?auY@*u^oVGg<^>1cU>0sS4vGq)vxP8RSDn7_t=dkE0x>Xw#`#FFhz&=EgT
z?l;$VY3*7exmxTVTI`3Q#Ow^}tXS?b>Qzvs>ZO$V1A-%Bkk@8?J}UPEvt5oQ8YoO8LGM^eyL|@x1!spTgymm+pJdGj3_fO
zh6W*r8)>ti1q)I|{14i9pdtwDrtto$@L-@Z+~bhY?h4y>TWmYfsQ_)DTKSrVw&}i>
zcMa&bIiBI>nH64Q0Z)PXmlz=9j%rwH0iS^RO$?AZOGl4Cq*`+D4m5RODogF1G_@)f
zPJv9iOPum-B7-pUG&Nfo_?
zF-1*2&YIi+fz1@Ust;;hW+&=2jRdy&PtgYlq+7lT$qy-g3#GkP=cy@qYE4$UzXH$_
z87Ckgc}6m3n@XSt#z@)R&>7+!ogpTHw>$ZXvG*fmeJ`P4Luv>1EjlzPxXo*rjR0KYKsMhyHDB4Sya&98^7!|8tBlvddnb>-S^2UQ`vJUP^7xN=
z{IVYSQ!MslZRo-%39U3f|Uf)%0@=ogDD*#qf|D1=F;9k4MJfp9F|+?AWNN9;IYH3#1hr
z*yaFui(Co>!B^wX5LnNGK}Gz}ym6JNXGQ{(3^w<{h{tJ2%{UZqCj@$Trs*XjYu*I!
z!PngY#aU8CDFIgjIDp`3%%|
z5EA1IpDKpG1@JhMeZyCQcoenFq2c>dRZ^<;U|bY4my_8I}n2TDSoL{wCku`yLy5#AZD&h?7BvBH+A66i23<;
zZKYlNI<~Wm)B~h&BTG04T@65!nev!;lU)O@M~!UK$vDDf4*C^Eb2$q%Pl}cpgB*0K
zx361ncqO`-%t2S@pe6qVEd%b=QtZ8e`#@q%o{{yOp`@9HAhq;g2m~8^D3GStXIikB
z2NObd!BO}HO>dRQ|4t=U>P@LP3ia}sdb8>{t>g}px_3bJ=rORD1-0kLl-mnl?6xonBnM2+x&dS}pkhl1vkhgpBr~!Cc
ziHE##nUx!AA+JQT;i1@^jY8hI%F0Da$aPdC>LMXzg&A^5oRx(@$W>2PK2sXT$j^F)FACv#L?aJ$4M;XL
zoaiSBy8F(=kq1eTv!Sd477O$AsU&AG3P<6odk{!wBw$%Ev4s=9*AMZ&CH
zK=Nf0&RI@{WTHJ0W^q-DFD
zd`~kbE$%QmTX;NrnP6fPuKRP3$QMmjxhKy&!qYw{=f*FOgPG=R6P!;ZkcqCyq
zyod680+J1nJrmKzg1$!3Dscd42~xeS@>Sr-`$?r-`$?
zr-?J)(K-QO>pgU3bgrO#MMDMME1DIfM+o{Ihj!-livA=by`w`!
zq<6F)=SBM*uqv1~T0qf&#Q5IPcY@v_x=zqLM2{1_YUzq#T8*HGd*~gau1IC-tD>!f
zu8Mvl`k?thj}`P14_y^a7j&Pf^eh&&PgISw7ImVa&-2iIqN4@fH<~QyzR{u>JxS1y
zdFZ~;O@gkDjuv!vbWx1nNzmIobanK$p!-F43A$hO63&YjtyvjNn=9x}1Cu)G7ZoCv
zm5(oE>ib8ZicJ5g@N8%O0+HF>$(Wvqp@99P(THT~2SmL9<#}=}vPeWui$!F;M93dR
zWMH&RL@mpJfMEpm1okM$p5e(*!*%x;jQ*D(DA1G`NBu9&Hx%
z@aWALeTASu_0YqkR|GvG`bN+rqL$}6ORf@h+2EwzM?@*4GW8>)UO@3YIYw_1^iB>f
zDS=dr$e3uEh>VGjx97{`Toc`I&s*&IYdP0O(Rs|GHtJ!|W92+H+RL8T*z?(P9v9tY
z&rjR)2XY=C{c6wU=TqPKXpo#IMD_N((w^7LdB^A$dw$8DzmoIBsAwbQCq~uwTrcOk
zXr(=`x93~rJSlp~p1-o^q6;WLIjXkjdV5|e=PA*8d%hlLb%kA}5-%8%G{BVTIHWT5
zQ==yYJvDkSM$Z!TlOB3%bgQ82qn`y`AGN*E>E2z?-+Ji!=v_fii~0kVsh<|@5~DW?
zy35eSl4(&3q%!r>qa}i#9-S1U9~1O$4lOBxju4R<(Iyd@5&a40MT-tx98CK_Kv^o*c)izW+t
zw`fs}UM=YCu%xKFML!67R&=zWXGNFc+=(;kv>lDW$2z#AkpHZxJ4l)O+0kZ^nH_zI
z^J!-B^7+BEsVa0tj*yd_9ql2KyGMl$EXnRsFPt^ENh)|tj-X)95t%)r$s)5yv@Dj{
zS!F)Rm)RqFN@VtoP7#?sqw8?i8arEzX*=B3firE-=w}g`6Fnm$bD|I9Y|4y0rM{z+
zfmL&&zDQ;2_lkmxS(3e?_Bd+}ABoO`JoH}C-h$pc8Z79&qiHy6xknoLCdQQ>eDCNq
zfzOTh7x>)h#27wS;V*mexzYUspBG&r@OjaLIIAs(Y57JZEj};$RM7LI*9AR4`e%$j
zUeJ9!^!%s{sZ9NXD0>OZxge^}dY@=6&RWjlMqZ9M)r0R7
z9VGCD(P08#7@Zr#YZQK;2VWRnDey(nEdpN@JsZQjt0#Qo!52j@3w&|(k-!&6O)hoD
zq!r#_WS$o+jtoed`hBDB!1BCfEK{H|(_$Ix)t>C>lS+8vSBF}RMlt2{L$pC(IaSQWEHQiss2?%%GEjmMqo%Ky*E@D5
zU$&MQs0GtcH}aCoKIBR9I#J#9dL^$VncGq#r$wB8w!C_DX%5S`=q0h5c{~*7D5}-q
z7sOyH{cEg3*v%y84ki}=cPuUjE5E%yGDi6h*qHXLQ}v(4;v>nH@_M;{66d~WEbZk!
zG|Bz&Slr8faFY8)vApo-oYM-=sdj0>LNt^60F2emMKy4%UEb+w8-%wazG5scuA`8w
zkIfRq6a1VLsimhF=~3SzwO8|8-E;mr;0mV;a8DZh!-A^Ft%NgZ08i_M0c;r%H56$~~0BKFR!hdbk0;?oT&-ur!*Su74M)EPCjVL_3LldlM*h`H
z$UpyxgqIEZiSTeN2-%RImk;^r@<^!Jkbj{Tg%i;**^vLg7YU_~ukiBQi_(Zaz~dJV
zLsIaH^jC=T>xofVw}Nt0t^(l-;jLlxM&Yf#nq?#b`vnpn0SY$!uAvO$;T8a^B$^H1
z208p#B>%FBk|abDW<&lpbeI{-+?(BiXiG$~!wD+h{@MxxzxW@8$4L444-6r{?jH#c
zn;17z(=3G9aKJHOP7zI8Zz6f^%?veuCmNwDJR3VhSqa0{qD2Y(j%CQthDPB(o70j<
zSS9?*CU$(l%gR6Qg#3@7D7;uK;eR%T{68RUpuJ86|L+jnSm?>wkbjmL38hN*rK0e@
zh)BLRRwa9;*loNG3VwzHyxw*PqD^ssBN8g!e#OQZ_9i8xzITDy70hh7;vPi%3XasQ
z-2Dl8FDeRozbY$X$U8;Zkau80-tMWADEv(jya5vOZcA0jDE4k~Pvh@~e$CN#F(Y?x
zk3eGmx?r?a8e+kjf*bMzzGH-A%_ou^hvcun{<>CR)8S{`*9-juLZr(1H?&qWUDlzn2ZlsENm?
z_RM%+1~^Q^KS3=N`3*}FZ0Ur=tSW^9+Y!_lTg!WH1yhTvK}?N9AXzTR&6^TD7TYu9
zN!|y5S}5|&+hNc0uu0w*`Ph=B_fnG{``EK-2zIo83r*M5p?b9`oZhS@INOVjl(
zJ%o2sQXA@YM8!uXN-Ft@)+IsZYhEU$aVDdXNdZ%otKdIk0j$b;m_Dj(UQiO;XC-hN
zWTU3xP6*FpN^VUxnLBBcsA)2Hszy}L$)>I9u|}V4x@y`QeX^<6v^Dw+)0+P(oZ4_e
zP+9BcD@8(Prr}fHXvw7F2D6hvGG#d}b(iUu(^7Ytezv88k~h43y2tsfLq4%PNz1hQGSi#m
zr_}bpJ)xwwpN3FU+Z_6Wdq8R{FG^~4_bjOR#a4Ia_E+2Na7t?88%UrU7X)oCYyX&q
zmTbE*fsV3K)3Dp5{8s4!ina=}n;(?EZ?+q&T>{iSWt2|4d@Iw|RQ
ze`EPv4y{rdyz>b~Yl2pXW~!MxWRX5JXmwboQq%Q8$sV4P`q^l0
zXnva+us3KY8R;R~Gfr04?Ph=so^QZ`2eKS(PHZBr=MuxWZ-M3YWQ<3qp+ER#w1CGp
zduDtM101HI{Z7`1=NmENZ@+Iup%h`m?7~BUNo}YvJWkGah3n-U6rQVRG~!2CC{=Fo
z>OUE4c17;;foggq9PFSVJ9#Kg5{KU4`C{VG$AFFY#V|3&Z0ClFk~=*82WsI^x))V{
zzkv7Lkx~DE&#j5KG=IW$<0ycf#9NTA(e%8a__Aa0bqmP41I;UkY3RALtuL~@vF1J*
zYt&UT^HUwKKZw1uelNuPSdXrQFMs5jiL_O^21;RFzktv5iA(GWivClYj9#rLx1pQE
zv-fB{xpM^{9E5TVUfVEuoe!)#k}ms4P;&;aJ~g)o!Jj;AS1V*1UUJx!8|d0S;56C~
zn4^gPEO!#`ro+cNT+i^N5
zIn^t{zOm|Erq~j2?I0zH7ZL3m((SCY8rqPyqlAtc?JiC?x1&bIR!Cz$lHSnn(sZlP
zEhe7ya!vZmvB)(phbV7W=FQ9e7v0MNaYtEf?oFUJW$Jdx5c4wspw=Bp$9fYubOnsi
z|1#Y_x7bK7WlBEtOiIT3Zd0vE{1%4vDvrU_p(T-?R%4;l_sOHBcf->gJ;~INrd>R8Brr~L)|B77wg_1i4t$NT?8-l`J
zaZYcjZ&J8G2vdX7I^^{l6JH__d)~%;r@1dSo!>(uD5HKJt?HBdt`Q1z-yYOL(Se+{
zisJg95C4Ft*25?5GX+#>pTT`;)e>Csoc|myk4P_`i`Xfi*p6{FcY-SZzzgv>B8p~$
zg%;>RY`Rwm0x(?IWM56z1tlNfW0m0q-;={M{0L!LZ4#$`HZR>mh3w*WUb#J
z?4Vm8NDs;!l4_|#@)FEQkD}m}B@a5~_;_=y{$q&B=)}3e%}C5sW~6)WOk`ZSO~dr*
zwy?YqmX_dHCDq+-=k6q86>5{CHCdy{UCN2%LUb$@x0~vQ`JiNoXWk*Pd2hL_C>LiX
zk!0}PlsR&A!CiYpyH#T}slB1yLGA5mto46Fd~sB|1k=V==uLf(Kn8+dm>m1^x}{a;
zOqY|v4yu_kkMfyGQIjI{2DMOhY**A#1ofynaPcytthI
zyAF#hxV_DZw$G0{VV`{0q@;;Av;tLBOmz)av%4)CPD|rb?ggAQYV<{u%F6_+*QL?6
zCM~P6AVEH&HTuS-QDf~NN^~WQrW>J47ER;9l@Vb*DEbddZqdYf2`XjLR2nhPMbkVi
z=bi)B9m%5U4N#>VZnfU$CSZT?u&_}M(@?OR#TMF?eaRHh&K+XhWZ9ug)bj?^
zTChi=q(`izE2w$(jP0h?<@}#T*0a|4Y+O{rxpwwcNPmJF)35~8xSRb}*ZD2&{zx!y
zI%;<#&{BoG*EW)NY`37h7oWhmY0@2xd24~c#mAeMF`z!};WC69Rhpw37
z`CF6m{H;rly5G#-=iU|smqBmpZUoZPcySxg-*R5N29Z`w2C6%25ghR;AP6df2{
zu0?{QOG(eo!j@oP8#N6J=GgMm9%-F8k}S+Hf2+CbVC^t}YdV>~HEkDen7{QZw5gI>F%9!UjW3|349OYB>{XO!RATO1j
zv+$GgJ-HG+G(+WyfJGp$+2B{o0na3?UCJE#>ABYl~1BURD=Z$
z)`V|ndaJS6k+^0`V(efWH4O(sS}cejH5C^Cf{J$OzM58xz#pS&^^@pNrfiK_dXu&q4@&+jQr$MbIlw)9|K>ow-W=dc5=|fr$<&4#
zyN=|IoYIG@@h2%zoO(+0>lbj1hm89NUt!XdIUr~ubHJLQ`L3od*?oDZ0Ez7h3Cd_H
zkAK@Ujn;a-=$g4wY;y}yW+21w
z8m}Tp(Fh!-;Wo|RTaF(GiY`L)s*hI|e)ZXVD_n|l{U4O@AB^3Rj2~Y@pK8MRk=&)x
z@na4|IDSOo0W8;zjh3tDKDM{>Ef!ZUs+Dqe^m^SXHha@>0%XMTb5@7yiv98yef{zl
zef`qCbP76d2`h^;|Z&LaT$WxbLfH{lk>!DE)`&>ejb?h8`3I`$EJW
z$tZOYs4}2yVV4B+UV{H!3aZpavi?1#gBKsfcrcHDcKVQm^6TlcY;M1?Lf9ogK$AO?
zd21U4;%ja&KR0dbIZ($+$I1uhgrpx!lTuhgonx%G=HKa_J
zI!$B!wZJodkX2+F>i4y#=Pcag$zB`~>#g3pX1CiCSbu3cS$}CZvnzD9i}lwvUUtd)
z>kMQUE5~9c2&f2NrRy)NB`6s;-xU>C+p)3RAT1Vg{WS;>w24di)pWA{(sZ)^nkxgR
zxBjYkn={a#jGuj$xUPfo^Fv*)Xjj4d>sW~B_&IhP#?M#0GA0kYtcC_DBk%pfgXRa#
z-YKD4Sc~KWB)e)73%QYtu@C~!9Yf>7UJ0r+=s9*pUpxocM?Gw^kbChr*vz}wWm=l(
zO`4!DsM4R~Tb0D=txC^TZJRpxM~9+>WNq?auaT@>USc
zMJDcOZ6l^(e^8}j9~o;$k+$y1FJRm*t7&)&IQ8ZiO#7UxhZoEanpQia7tBaas~ypc
zrj1@*;3{+7E_n9UvtvkX2mgLq>=^HPbu`nIckSxDnhz3|@Nb^o!9_R^(=Z#-x%I}k
zwZ&fioAVedciS$l-boMDbUk*haZ_(KnC?g%ah4*RJgzO*IUpc
zeP!_Jp6hcf&s#fUc2dt<+)d~9>$L~U1YL=B9j|%C2tTVfG#;Bl^J%*Or
zKP5_%QDL_gwkX6&nc_%t1&2{V)g+^Wrjt=Y)5)lyoAfn7AO5fX!N|lN$*91;HkaOb
zsT~y}dC<3nf1vJ;#E-W8#!$X19rr#e^LwAB(fgK-34(9E{FC07I>6?CvQ!y*-%}|m2^u8T%Y4e|Z-*6zL_ig?H-xz_S)CmY=wm8G@eP>JWV@^D-wP(gV
zGr(aQ?gO<@bfEXGK|*?8=g-ltJ$zEe@|B*CNbe&~Z!k&S>()Zt`)sqyR96~NJ$hfs
z37+dD3#WC^EgsXzKEtXWy0H-Ncxp1<@wDzTmZfT!+_5Zqz{_c0GI3x}*X2a9-*ZxI
zOsZDvq}Z6Wr4c7-hZ~DFSC{VXoV56;&v5_q4@tu()AVRiy^4zOKwJX})O~zovC=%I
z)-vpCqo&~)i07?@p2%GZJrS>jN`g}p6&10H8=*pbHy&we){kw1_3$0Y|2c5n(Idux
z1!|tfSjDU^Pg#rAa(Mg5V}qdQfr$!?Q*xMw#h{9_ke$EBA-eSfM!S3Rs923YDyDbJ
z?s0d@ZgF?YHgSjJ(yM~tAgE29fFDnFlzxX@msYF59E1QvYQM%d
zTZWhp++V?DiOrTFrs`96*D@;SF&~odsId{#aG0;JP_lr{<;)6uEIs5rJ1FhiF9#{%OyQC%Zn;L0-XP#f6e7EV`1J!=hW{4BzO!2J=5;+;Opu
znuaq#ja?wU;Uq3Q_6suI!#;2K<z!FLh>;;1=HPB4_3E1P&la_ec
z>tgKLph{07+q=_hcRQLBnDig}sHJXjq4A3EMGfBODefIBei+oa8DvB_>G&Xc$HVRw
zW7CIN><=|8Nm~!6uvqQFfxz{Z7Iya-dTa5lBbi4w(20Bhp=u)C$+_
z#}DG#ha)l(lrc9RN7ysti6frdsNzD&6wR;$*ldPjaz@o=4-0}jJWY2~9S*$70jgI6
zb?`&%99`AaKDJteG`#MrrhU}wWWfway}D^@4l?3ox8Rs+2D!oxYnF-GVu7Fl?UoDPE<2IX=F4f&OotBX9rfFR}Aw59T_T`3M((&^<();ODMNu+y$e
zmIS58pay0Dl3Ip9{Dn@34vMzf-BexN|82OMG!5_HXyFIN+#
zM}mC@Y;E{K>FwCi>AePeYr%0xqIU|Y
zIeLrl!GoDMfegk*V!%6$Ts3NqCx|BVaS|
zlZHCr8$0&#bwt^AEq}2Si8elfaq~_$ykRa?QvO<0%E&FI3&t0|$hR7*+>!L9bW}5Y5?@rJ
zNV?lvW0M1P9|7w)mJH8HjHMo1Ho2hr@HtGZP@0;GK-}Z=rf`q15d_nj8;^N7?}y(|
zB8N^QwWR+XVM&l|bKL?S<{I6}MVsO&ZtSxsJCM4~zVX1+9CCq0de4V;c{dxFc!K8K6qF4iOi|;BxzXhw`_%ZU#==
z9oty#2La+PT#?>E)5$iMrjuV`1u2Znbj%}{qT&Gks
zCmyZWCN_5#3Rf3hKrIv<7{1=4E)Gex*i+ua!(%>>1KYWv#=a{nKH}QS7qF%5y2n$O
zyQi!#@)5+MVpEwP*5;=2c@R!rg+Q#AO=VG4#(a1@WzUSeQQtJY0cxSh!s<(rpw;-c
z-3{16D|nn(JrbWSKALvp7B1DpIC*=CYGh4$%l??~fN)2Tw8l)s7Eq;_WP4lZY+^no
zDgIJ)z1e;p+=5R_&P8I-fdI>!KfG|zC)SH@H*MK)@pM*nr)f#2XN`!RMRzG7W#2O?
zx?3gO-N2%I9KT-i_c{f*;4GQt4K>(^k;60$Jtn`ont`I_(2)l>@pDEVyy2%qg1rl^
zHv%y3MBxRupn7{YTD=EKKB!*aYH-!d%%yru_6UN@kZ{NMDQDlHV{P@4?QNEFqd2E}
z|31yD-ai9e!A;ZL>gD!tPW5u@Jg0hfFJ0GwtX|zP))gtM*Y3T?)vF3ny_M6T${j6j
z#5C*<^W(>S&N3%@pusVyc>Hwy;Wd!%sE=6}gDSnoZH$+E?U;F
z5(HZync9j##t-gt2i4TZBfT!E@}$WkPzyzjMLMg|B25KGio~Aailn{5u0z(^hXGNf
zM{uXm9Z8Wcf{M6EIUNi|8V3=-NP4poMLOlL*bs$e>UIQDBo3!RHMQ~BV$X~xMS2(1
zLJ>oeicgw|Mcna8(Z7j1+ZCXS^N{WBjdEW&r?bt$UUEE^jRv@ad!)IYjk~=$ovj5H
zi8-B(1b-~k{o$muDL)y@Q~^3$@jb}@5w8eIhj{_irYybN%Pu+iR3`OEI!yHmw!@4E
zN6KtK(K5#!Cg&CcI*eUf>cdMcG3I}cd$(VU4s)01DKb7lv1wQ)`C!~*KCZ(sbLlW|
zcrt_3M991Wws=?0ezHtX)FLwqZ^Y|X@)DOGr|Ef`#)FV*?(7QP-Njw6H1=aYX5POb
z5bxpZ4t?EgFkQJ_Q_b9YbUrb0k>onFKd6PG0~704)U^RF-X1OKj$~Xr4_GmV_vp1T
z)mWtaYFdp&dW@!Z8OmoQkCY8w?;ib%Q(O+XcC%5uErdL@z3w-ilJ?SPoGyb1?dx;+
z=|S+dSDvJOegRedWq-*JJ^l{2ia;Jq<9sHcWb@(6E)NP;9rZuG>{9yZr`QUCWNKdo
zQsKPKVBSIyR8u97Q|y`X~Bx6Z$PzyzjW69UY2Ejfa4of#VOv4{R
zm3~F`f7&{im;BBKs6rnHtg-Kv;BrgfE5RnHv{&-lAD_l6;Urb@gv}49q)p#}GU+XR
zA;$GN+QU8gIXv$;15fY5XbItL=ZgV;j;<{{xwj=vE3d<
z@fSx1!FL`udEB7OsTP~F8~b##&Nr@M2ddZ2lV_XBMz#!G7dEL>n>ZQJfhpwfj%0Q{&DrGk*-OWsfB^y2)U60)44w
zb_2glrlY3q27Z@Jm8R>0l7~F)t~;8B+y8_1H!|B>Y0d48Og~N6X!^~JytW>w8vv?1Hra@2_yed?L5*)-
zAD1qFzb~s=&CeW{uGGD1do7*UbQs*I%MxLqbvV($5d8+IiC<>~X
zA&-0Qnen8Np8>T{bfA$>LV}H4dj5gf|6$@w1fuvb=o(4U%*N`qqL-39T5ZrX^p^br27!~>5rOEP4PCf*JwIr9`u2NKZy6agaSTo~)>j
z1hr7aklzOLIkv6O0qK7H#KE|yF3RFf_ZI(5UJ-2Z&tbCZ{(4s^owsLi^aBVEWEQ-M
za9?v|T|5^f&etHjBk`MGK$Xghciw;Wx^B{5wP#yvcu~=VdTBf5!Q3{Dx9s=E{0WG$G;&%P*YV1
zB(FNKF!t*1>C-zvO*O@M)Y~)Tof+W3J8_^EiVnDWM?U?S*G}bR
zdz+^Jc{g!0z!kcAdeZ+tyNQ)w%##vIkhpRk%=fmty39{NgKg9_6mMOK;SNZ5Bt88!
zP{k|U26@SPH#Y&Cbn!2N%iUyt7!<89ba(wOS?Lub7Jw>iFtYQufsxN1MJw7TUwWzvH*zDo;z?Hn{?$tZ6v)*J
z-;mQQiG7OP+j6C=--7=Gk$MDy_+)qACwn6iR8s|y5A2!o&J1vvhHpVF6dmx%+mR5T
zoP;gdF6SrJkQ8kcs8Tet^R{4J(RB9^4OtbgV$o_FE!t`*kfPm#uH%ZvxLi{#^kk9?
z{AVE}!ytDIMVMQUJy?|1&*p9;KI^s-?W>>o%Eend;ro}+;EtqmzX!D`$@UTGpm@_R
z=@X{YRS~E@R%VoFPt)P+$sCsEA&vV=dzwmpd>S+Q9$WAUBS@tdB9La{)}ut^
zT(OW<2Rf>p?9Pd5%MCkjo{Yq&6WC9T~VrP)!t%XYHBs{tR%KhF3r>6fx?k
z$0q6fprk%WAUa-!K|vW&JX&6$XU01+z+oE7KrIw8=qNd_(FWQd7-=Bxe@X)-uZBL`
zF=tcsS+^-_-wiBbPWAFm8fYV^Qt9^QT~IuJ9=-wVVUq^>AP*Zi(CK^qP6IuT
zUcU`ese%h#yP!_J2BJzHJ;8TJ(m?${EfjfHZV7T314?R=Q~GJECk=Ek
zsD&a%9k-+Z9S2J4bOd6@D{SO4qIle5&x|JxbT6odA_g7B4^G7Xo`*~Nu(`S3?6Lf8QURUCu+k|Lygvb=;u
zcX_X%GangtE9B_?f^q`m1wIG^m0+);q7MopyGt09JoThA4&PyjvwR;}iVKbhX%flQ
zfc*5GBD*1qPr=C&SjCcUkkJipzY@2jbM_-~J6hAp?PyIWx1)8xvL+}lI5P#m%3E2w%RrVR$FZacdde2
zwOY4Yt?du(qOHoJT{WP!F75yOote8$o}ktKKL6kU&p_^-J9EyNGiT1soH;Z1zO=*s
z>wkiM04(PuTx1>T@0AfX?2{zJ`TEXyFsfXF)TG4ci15$L@r&z7akk*%H-uG1D2B)M
zo$+8)c^0WjiAEZ~gwTJ36z2_Ge4$$+%X+M8LU7YHirw}w
zQl(|U>`(OZ@}R3+!^gjwIaGOOwq7tF592Nan)Le8zn126Lhw7n*>`QGJk`a4VY*}*
z7jID}8#(^n%&dKtawx$Jz7=cq7eUy03m4_?lojW9h~%=UXr`l%SC^1~hJvku6asbY
zjZ}r7l=Pr1C25
z=;hG3uZL&_o%6dMt=`Zg3H#;qEo(;z){_JF06bVVGOK|p{*!nyy^I)Sm82evXQ^k5
z+&OU8CvFI84wFR&yKN*=WgSS1az`cL>ijUX*gG+*&MAMKDbFeM-H6m*pe2h!)JlCV
zc?zjgOPFoACqG#?t^u%gSW-8v|3nkA-G$$WDO&QBt`}}n2)NsA&iC|~K%b}@6Y6Tn
zsT>p5LNq-A;e}uVoPbncG-whf8C&$G6IePX)}o0{3E}S4M6mb`vesW5d}i$~$5*%yNC<-;EEV2@Nv
z3ZEpV{M3!NC&r
zV-us*Gu|6MDTKSy$9>$#{c@tGf~7@)BhFt=jM6?gtKtgq_(q7wz|Hfv$zy8eIT(a*
z3hKVdFRK=*;kqlHuZ)#z9##8X70VsIj_re;#(D4?ofM)KlzV!V7H05E0DDPV*lRpk
zPmaaMG+Ea7km@{uiyY6cMblMEKk)5N|28~WB}8NRy}mQPnimAS?XO5pN*eg)*sXY=
zx>odGgW2=@LFEI6OOYC?JZ6HcA*h-VY=a^V+Gj;!*_hY`YR)L79~|ZQ1NRJ#qPCRI
z&G0|uiBEp)v#g6i$GHv{Sw(u!WJFD#EQDdFzB3+7o{u9nDe*b+eYFv@08*Ua<05IC
zOA%EOis9e-&Uiq>{Q+o5G}8DOvMWZ4(*qYtgI-Rngis7q^_}rx@|=m(q(lRaP4=uOVnrSC={>9899y8z5MaS}@|8I43kqJ4T>uYu
z+YF@2^0j#j)2!P~7=X8jxCo%v16mf&4=Q*@nfGyp)cKIwt)Wr^58}&6m2#wOP!^{>
zh|Q?CDN=3t|$3^*!TNOvYVOf2V?S!SQLNO38bk(uy{~9v6b`
z5AAG^^DB`
zYYA!_Du1qD{;OX3JVq;L&_|#KABSMS?87F1r0eCw{^E4#FH*e#vp@#BZMp}mJeA7K
z%ibFAy+)RUncxTT)GZ0&2J&n4a6P{wey!*g97FzhTABO|&{7oq{Sp}o-nRd0Y!Zq2
zGC4msMm<9&i)UNbo>2LLOxnHj)px;QRs0?G>~w2T&yjvTE08MNI#SO&;@!Wk>zV3<
za%P2a19_h4;rivwIRU>?6M_xO`IZN(4mxUiqMYx*3&NSTxZpT^5eiVwk8zQ`fS^HV
zD$qqex9kG}5>Y7R>WVabCwo(qQX_7$P`>*dEj_5LGTxlMK3FXB|eGW
zb&6%(hZN@#TqKPi;LIu^6vG?(&UhfIzaTX!(Lf{h=W9=QK01;J~u%=;FgmBI9NyPT*PC-Dr6
z_Um@FdPZqEVC~*eY27s`yX`TrG)pcMQLBGUwyf7eup4y+?Y5z}M{31m_$#gashzbe
z&bQM>YK$o?C4WYtI-5CHJ=SSI9F|1`pBSh4z%4MOjzck_ji3)hK%+D~zQFbZ{3vGu
z(zy~B*?<##SJM^UXVBGD(ts?6JM^7#j3P2X?~$66Bw*8ChzHuV#V>sw`p<{gaglUs
zl7zI3Xbj>GT}{M;-kpooq{OF|RbK}EM~YL4i=;unRfrhD8D{G{D28w8JL7@MZb52NqETgskH+_}LU5J34zTc%Dpi(>pcj~5v66qX
zdsWB;`37=>mHfM%^&yN+cm=G~b2YI4@6;qv>OdBaV7CoKs!t6nnZ@K}cDz{OF0cls
zo@SB?fjTb%o>J$_40XONq|PtE>#-qixi=W)N?OT{@iJC|Q$ea5)amIEuGC7fVYj`9
zR5?d-Ss!9v*$l~sSjkXyBPfX?+7KJ!y&%^%ghkvkkE2NcBQ6t_|^Ey>YGhwhfjw7OBp0xJZR&mR!li
zPqr&R#)DNwG=^qAFs8ha7WNen
zR(a5{CR!9~;9yNO;vTIx{GOatpx#hu8R?7Wl&YUoUNSyETei7+?orZNtu@dU&K?xV
z3p+V7*lk|}*~FJDzGj{{-ue;Ncx8*NjN0D(4PK~D*@}jhcpRW!Ltk9BV&U0%tRx)0
zeFJ|GB0AnD`l=$@ADn_HZ)u4#1CsQJsz(t0b%O(7a^)HPOCGMvos>;Br^39>93i{NWASxSXWUlU%{23^j(z#K$*}PSljOc<$-Y#mg
zuKp9b>C;9|A-hJq5r6;^5~~tgIX>FH7^7z+>BJI!k$`YyHhZ-
z6!v?@gN2=}qd52oXt`7-3?}S_R_=XyBmpJC<7s#-RgcHYkudksEJCtjhPrp&gi)<7
zM7O}FoA|M&OJr{et_aa$`A0rDS`oqwI6BqCB#g%q$%Qylk3L6)R2*GFjy8qp1{_`I
z(Iv9Sks^f2bNjiL^#d025H518p?|tkx|;5a^`KAADj^AmKk7Tls
z2T>X9w*C)j6_7n%s}|8i4XGaehE#oiF;r_A8}j84-Jl^CdUT2GHKZa$jyP-~3bcyV7qzFOIzrpxn??53XxJWtE
zt0bqfoJZ^d9QLi*B*8EcFeC6+LyVdvE>`iju9j7gn6nlaIT(>EgVLE!U#2RuXFB8f
z0QFsHfmF#Uk4a1G
z>^ETauW4aF=m2{QU`rni=mrw#ht!A!iu(h01X7&|xJco$NUMsF3=8$0@h-d|;C(Qp
zCM6oX_pJ&1d?QkvHeCD$f=V=5IXRB>WGem0aYibiB=H%x1S!r8TnzsHWqbUsv~vDs
zR~LhvV)ozoEnT`0XOkGiiMX%AUkz#1^yH<2mvOjQ#oxx<{#C@Bjkw4{c%(Dncs5ZP
zZovI!{M8WJDjoy8dl7Sff{Tx5%_a!L3%KvXUk!n*;*U_5-H16K;^Nmu^~C{BZ=Qa!
zW)q$v`(bQV;;)7nHGgGl@l|O5zDRRwaPbL*_#^_u4BU^wUk#zH$qyhY=Ucf8@ZdDz
zA~EQ}4Nyx6&hRaLXFQk_wjebr@zE&dd3~XZzZ33bA=sEghk}jxiB{D6umbWA(*VB9
z8L$cb7cw(`FOu`5kuY~U3uAa#-K+r(%~r-MqT5}IY26*==Qn!!3mcbN8Lx^`b%=5S
zlFRq>L9tJXj4z{jFVIKMfL|hrGNs?t0DP}Gk|}*a00|>if_|?j<7tt<+Tij?O;vLF
zOh+z1RE1gtB$v-dxO{|M-YIfF4snSj8L)N#NLta|DF!O0^f{!AyE-!U2d_|y?(U9E
zeZ$L_Ox+V^>iF-lJ-3U*)hONz#X4fQ-R?1UE7}tSTK9@<-WTX^SDkE?e}(v4MdHN}
z{&pX~^if?Yg@2UBpOnX?#|@(Y&WM_PPgFlD6TBw6Q4Be{H}z)Q1y=b8mb6YJYC+Qr
zvtufTA07>t6x;Oj`B}^X`~b2X+w{Wuvdnd&R+ahG`Eqv7Xcc*!2xFVxKYzfIl~^CG
z_Yy8tuT*7h5M7FA6XNajrR(Q@l%#Mk7lqH1llWiGx5ltIm3*B@DUvu2ZH>Q}t==f?
z*U9#@$8^V|JY?@jRyjGWTv%;oG>IP6>dJ+~tc+$aKHSP^@!}(_j5S_-q?K`&ihskt
z#->2eMz4a9Fltg745yOg)
zf@GPDTzElpfQ-C<{$2J6#D0vw)uV8+{wAMU)R}yCHci5qHTf8v|KZacxXAH_PIH|9
zAqGO?rR1&-cZ%$!oHHQH{l}b@UthCUs-Yvvnr{oRteD-3#*cr<0O+pb1xk~A>XC6AT&#n$*1
z5??Irn}~B8F1}c-5@Im?Qr{U5y!gLGYLaNQ1u^r&QPx!H-^C=5u1I<-<0WUBGDSc
z$LKBt<~t8xHG*>70(`KV_tdsNo~J2#Gp+J#Nv|05Ux?mhpWeTt^fW)kq7PLa^Qfv|
zv6!IfVLp9`^s+^w*HeLjynP$I(Sy{GlBjcb0N3;;ap0x0fc7UHo_=HI8P7D8z318lq@NtnS
zd^)HxmJynto=6R;1iFzRydx4vgy7)=*YL-6fZx*@@E^nz%^~=J{<;qEPY`}@JaJP9
z{<}W?J3GK%MEDouiC?FMf2{-j_X+>gcq0BxP~Yc#`kjy(t?v@T-xE)a2*Ll_ho5Z1
zA3u%ocf}KnL-0ZSp4kDuFX8WqC$32ge}f5McuL6Iy42_6cYw=-`E+Z%T=|#Pudilo
zizn6d0;~Ki>h`*L{=Y&c1#h1n|15GzPYqCSpQo&;OX68)01pQg*Gi-NYw;f3MZr7M
zYZbs{Uc$z;(g+){s;SA!XpP5OpC#BIakj8{GyG+XK;LP^MGoIwm)cu#u}WAl!#DMv
z@j<*G;Osk6lM)wm!g4&&k61htn|$~1;itGrg52b@&yoa*!mwB084n2l1F1=g3xW^f
zK@z+dCxOJz@sNj$&!JU9Xog`(_CjEnj6-TtqS2;!_DU@ONMnvigG^Z^gko5u?~DgD
zE0
z#1oAn{J?p7dlX-nzrw@ULDA6Yq06JkqgE8~lV}To21th!nw`cs6$!xMG%C|D|{rZhZRRoXD6L&s8Ma
z^fG0E!oaMlm|W;#+;V~H77bR$N%53Ix=y7j$dlu_EDM;BX?Y)3s4kvyBUtwWPISm%
zw>=WB5O*>qw{`If)nG?i<^S#q{E6|5H$wQ{+-SEAdOjkMjcXNwiShoN5ra-WJ)X&p
z754g2r=A?{)a6a&bX+_!3pBkDaC&aIBww}0#fL_w@^SGo$`Jw1XOQ0Lc;fmHy}&p1
zOq8Bhwb60?(y*S&N5^GDqCBhodeR#dPy97RuhLhIqhE+f0_U-%Cvb(PdwvHl;(x2b;NGl>hYlMEyY5gcwfpW
zaNqQakM?{JR`~!@>=DoSX^3L8Px0+2MXet_;`%3~w87FNUPXe`xboSg*EODz`enf3
zLZ9A3r23PBuWwxqdR^o4*H%DJ$*gO9iegxQ?;xXFsK?fI0m;(1yCGEI5q^O;cm*m8
zP+M%J@!pDIj3_ZOoEdi?58~5GvgJDWrczN0LvF~H~wN!;b27UiBwr(
zZGkF$;j67xzKZyE+&v0#qxf1)ZC_2T@>hxfK`eJe2*1ha|4t8Isl-vL{10No
zRkzWD%SSQKGiH@vLwW~dxxWt4`;t%3{*|teqNhjL1F<1gYBZ=Cg5LA!VMM)^@_j3o
z+Xt9lD0EcJZo48(kK=`6@U58ahxqXQTBQPS#dNoMU)vFXk9i}ivLoJ(X*=S&@Cftg
zSjcQB@5`#~izRLkvC`kK+RwwRV1=g&-WTi3F;*@%J}d?P>#>Z#hwxAK@rV36A{sr}
zydLYO@MkJ|ug9u&Us0lZBP6Pmu%^v;KIR?+N?z#ZyTpFu(N~kt%jYRkJ+EXBm)Lo#
zgy&=9)d=&H7S%3KR2M2yy&Th%&zlM;rf>mVU8xV
z560Y&LdOW@i_PEL0QzmcEq~-0QFmJ~fkhi;IiR-|H7lNVx
zi7;<|L*E_iIVMLov=Zapv7!7S1zL0EyV&sCV!3aI=(TIYc3bydx~|I7y_k?(dYTzHF
z?F(BYC11gkuZy`mLnQ}QddDkSHJ?|d>tfPVY*gvn5yHzz_|lkL_)<`%{eFL6i&TF+
zjBR>T>+Gefm&G>iK2KHY>t2<#&R*r|g}09QMxYlV75!S6mC5g|#A%xsvadv$&Q@Hc
z&HI~*i1AB?7=Ehnj92o4fYTC4O-g(k^g<#>?F4#xI)i2$xS48&>%J2K=H4
zQ}LjF(S*I-Dj^|;;lT7lqmI~ZGsE*m-yiDD3^>N6bBT22h&I$=s%30A^7b{XkuUm@^
zKmN8PsnqkA39BuaoRkkDv!}-rWxok(+*e2Kw#i5hF?)Zwi!_AFw91pDvow}i9HP_R
zm)w~i9W@_ezWGxL;OEB@*M#8D@ZoRh0RIf(kBVhK9)i#I`Aqy)^Qq@gDY0TC1`_kP
zwCZ&!N7$^6#_cezC*^Ja}P~KZ34Cs+5o#RlHrTezE=>
zred3Jx&4ymD%B5lz-(iTq?1M*`h
zvC%!;Skra>>3o?#ulo7pbc6JnjhJXCbqC`&mzi
zvO>exuOhXZ#?rSrxu*in3wQaYKajTci~S<*3>6_uzroMCCzKT`{ozRIeOdZ7PR{Q`
zr61vI=j>O~)jf_>RrhN{Maa_2{jBepS!4aI>qA)~#%_)yfD>g?9WK;
z*eKWgMXU=IAsM^h&)Q&S{mRd}B$O3mY*U1>okb}6Bqt~L)qt^OK4bHd8e(kgT3Py$
zNLAy-X-@8u?aEwG35%Rg%8t8#t=f)Ml3g8Q#VY?D%be{bT0>>ttfhi)Vus7)qPeNL
zk>GuXek`qZW$DazMyY4*4>{h+CMVM5{VwSr<>b5`qCed4sRREIsnadme4MEW&`eNO
zndRtR*~r*3BO<-ySkiPSF%vYs5FEv62$$sBY}1{-{yJ_5@w+&QD?<3w{N6I`k5Nwb
zYP^dg5cpxroeXtkbW$Ukm;$t5boEF2oti;ayJ23-dCSw`Uc!TVNk2k0rSEYX={@W9
z(ikUGm5PO{oGVza9KlCfE?FElc1^+G@tJBc5K
z@B`^SnHIk|B;ALIU+5(MlomhZwRGhdhVZW={$4vV2#{X*ir+e!uZQrtnWYqSuPrMO
zw9YX_fYs+kiW2V)I#fYC8ifuqdJ?GTjiZd|4G|D4wSrb
zwom`UF#W)v^`za80tt>IJ!MO8Bbv$@|8@!#Z@2BMN%3}Eq`6K8WrQB^Z_2WMLIBzM
z7?Z73WVysBVYv+Z^quk1DhX?Z_-?EbNFD?1-S#~?9pBURV#U+pPbvVE(-#+6EZ?c|
z%eP8Mg5fBAXFTx0ABWVW#K$6J{PV2PdfQ$^*r##vDGr=W}eo#+Ea|H*9&d#rlSQpJX882X-z8BLDejyUVLAM@xp}q-6S8E{o1~+u<82
zA%hGVd(@rr^?v96IZ~74Rvu4TE+bnnxYwSA^taQWP`dVD9A4`T;--7s$
z?faN~Ka+!>WU(JvRO1038DC?;dmhw#GSWr@!Qen8GWqqkj9X`SKS#8c8R(nH7RkiOY{b5Y+7KA
zzm08qzHL_$XF4uMTb^&H=!39Ih|bWU?~LPR9~tn2m`F{M28RA*jlAQW!*UXDwCyX1
zb0aPW@kYBBotRb$(HVZG?~G641p(jwMrx8YNc@}f4$iM6@#VJtmc-fDf%tN}Cq0Z-
z3DFsP1I7!d>Ie=PA~i`G=sU@Fc|X<~Kb^#v+V*tfoY9f^Qo9Q+Bc<<4?O}YdN=S?0
zN_}VC8<4T@htwnqvKq(8`-0@j@;=uZ-wbc%&vJJ_sJ4kJ%-o+)gYA!3OL56-brl(Rd7FXdvtOck+WEa@~a4+XD536C8+DgKK&I)4e_tdr968W
zKaAz?rKD_cHC8~(j6&~On@`0d^XV%r&#@C5L*>2Tm-p9bd3y8Cv8z>i+OAD_^!164
z4Db15Rle&zFHp~!Uiph*4jkQ%7dgKEtS%C_V2v^Aujbo9nLjHeOK3T~LUWpx`LjOi
zae+1KNLJ+Ig1Nx)!cZNt+ggw+<?7~ax%#)B7r+mV_izHILGr1!8LdmAV@xcKy}DgrW8F;9o!b)GRu
zO%jb{3R?yTFhQFvMt0eXCcH9n=UBCcI~QLdO$&OJ54ye911E5i5855JC
z0w7)p=uSjxk|ap?Uz%%vpWQAIh
zC=9pjJLAD#&;3YE5}(9MJlNlbV1o|6I}BU=1PX2^oZB8MSP6BrJo{vo5QAYbK)kR*
zN1*>mO_BuX`VZy(SZmg>Ubf|4pMPoyWvGvGE>dOvw^vD)rTV+qk9k}^Vr+P|C$PU`
zUry{BaFK!_u(tnqCkp4GGUt>=u%9n95NMAE`14)+IX8*bABBH#lEKu
zcH6&^Dz$EP(L1J&DumAiYrK7k`w8e}R;%
z)|(j>P4W>I(N|v``(b!X}eeCmy-QT_?g#9fadw&%BD5bOgM=0z`
zswQJn^{BtI>13}1tK~O{oQK!c+_C+<54l*g=CiO~iK2f56%BN)7gA-L>xx>lrV_k+
z;)t~1$8`YjP4F&mQwY45UzH0za4iUHa(9f)Zn3?I;5XwUI|a*D{jIa=Z&gHOct+nD
z5B%%DLu!&F*x$Y*@91w1Nf+3EAh+*=8-h!8U5((
z1zCl=LUfDthTf0zOs%gJ(4xdn^jfJR8I5wG!d)Nr+>}Yi;d=|4UaLZ;
zSK&LM65sV}(%_eP{3vD2U3Y%xzTNE8}Ec0^WYfb@^6`OWfkIh_xc(d=nSh
zDyzJRT7x#@k>P%QXFM@5`qgBr)MBFgXmpBoyt*sA7IZ$s`GVR
zWO@0>l4>s2%Wnl(Rm5VrQ{Nd67SxX+H7Q9z&DY_9%b|*VNanQ={6r!l*lmA9s^sC>
zY|X>{Fp57SV&X&11GB6WLNW|QvKNBxH4LdqiH3R%Jkc|(0XS3x+ij-+2FpZz2=@Fg
z`;g2k5A2c_^im&mwGX6!bS3G%h^6zky!wZzxM%5wgf5u31ZENIOpRcd02>uRkf5?gd6mo
z@ou~z*lj;TYEq&>nAtABcw^bZngPBY-bP?6DOO=mERE%k%^D}hWUb7dks6j&Te>)9
z119cTNX{CQRe}dmX~mF>w?Gkb8OabbWkjh17mV9alFc-!)s~V{Qdrd~f@Kj$l{G^q
zWanF1S)`WZQM0VvJe`(@G&c;LA0;2K+NoI41+yepFv2J%Rbd~QTAb=+7i3H-`PLN4
zR3XzMDMdLUDmB=nELLbevRH}Em9mN@6?S!MWv)T2R5Jh}l7TMa$6=t<)#n^6Qp`#)
zWx9rvZwjcJ4=0<$Yl`k{F6Nh$BP9}p1H4EYG^9trXUdM{W@V{nWF>m}382q}-j}r6
zfMK*xScqi0uTN4k9f-SMIKwNeziwN(p1Nc>vW27`P;TKl{T5B4*(yn@1q
zM6*1Mp;NThRH#N%Evw6^3~LhlO|%U)P<0uE%w``J)`N+qwdf|pWnTc3>@Nq$&?K;sfPx7bAo74y5nvfOCwXDgS267jt6pbmm10hN2-BcwTYQ+&za%_Gz
zUQF{dWWCf-LI$R1*=!Ab05b}~HeIBV;me;PN1YjJpy>`7);Xv&g<0PdEmMiIXNLJw
zEi)_3eWW`dElUeEfvWj2Q6_3jFSk)|@_DRociFB~gyXc@NHO4xAD-F}c#cn9O4aKH
zU-GHT@&J)<^r1|A4RCq>;?L60~BZWy(`Fzfc^2tUy@lteS)y?q*>8Sn^
z*RoC?Vabt0vc;j~6paGvuOSmy`mT)X5Rq)S&W>T^A!YQQ>A
zkF-*#wpx@
zH27Yb0`=<>wky`#aa7xs(}sY!Y$IxiPyQl<97W@+#l^Ni086%ri62X_l~O2avrd=V
zRTxI7vR`8!_*HrMhPur`heOWgHY)DxC&z#*f}%m))7dK{WvUXtZu=uIYS2w~o2zWC
z+%VcUdU0XlTmS4>YS_6Nv_h5$k7s1Tth)x_!TiZ%EP?Xj<3G069WeDZTejJ?;9cp%
zbrMwRAm<)6QhwVW6RPufLNMgNEXgMRZU_cs@$<^IR9IAq3VXfLNEGyDBTWfoixe^T
zW&`obW@XEHWBv^Rrf#@MyM9k+d)p#TY`oKzp5@j^h6~Al`wzgAxo&NtemWDS?sM|x`YkVw{>7gb#Hu~%cHK#
zE5oYeHoxjKp-A2c3ePsuy_%{@+<}xMQ!{+yR@*XnLWMZTP-b@_UM;opZX1HJ?!i^f
z$M+(K5chd3NTzv0hZtBt%e#Vo0QCCireHC2%{{(zCp#Zz$_^@_>@B3S)2q6y$V55p
zmtod_P|Mu19twm2n3b5@Jym$v$Wh~km-~~nxg2mG339+YDatVeUwjKP{GxQ$W1fy9
z0|x_CgR>Trf@<=|38TjW*$uRE
zvE=qwe0IIrhDHAxDOp*n!^sLT@qg^_3J00kPO`^ALfBIEvZQ!lwz>TMO;EUGKRgQj
zw!?Iw|1fq?
zr{^jJpZ>-$;0+^h1KG16y|t$vZQcpZU`WF8DZqx;M2ZIuz2C^3p;zHL+xiGwrVf+_
zUIlseF1?$)n7Vt84lmVnt9Z|-OC)&S94`@GrbsZKJqMNtNLe!LeUykgD#xn738
zPcoj(@%92E-=u#idfXNW2b2Es;Y`F${W71;{?N<7H}%1F8qrN(oa@$8+G_L9x|PWCeN-FwT*OE&RMd6pXeVV8%f?`Ij$X8$nfcXPg)
zZqPT|XP80XY@abkzRAB?-f{!p4-|P?n
zZThDC&HD8;>U$`7GvAzlO?i$o=$rcDeM`*)I}|_W_+#pmIX{@?nf=>*K2&|o@=W{M
zEdLg-V)|~%$9!I6z@Kb9oAk}+hmHQro#}8e>-$hR6LGV@{7}E!>w(SjBKrO(qbXLG!G+sHTd*&II(HGi1=nD&z?e;me*1bH+i
zlw#7G8p>mItnqBl*QWlO{dtv9zL{_8>!I>Zc$0sV-$UvDkB$17_VFo3zG-j&$jCp&
zc%EcDUvJ36EYE~LlssNF=$rP4DX&Tc-qh!1M!qROQ-43JzI$JZ^NKOs?@;<|*3Z;u
zGvCxtv;5D?{}>Vv8OX8lGP
zk4$~bHTX0Ag{FMW`kLc^p)uZ?`fBofhEaZt@oct-slU$}
z@FyA1LyYG``8P~`JCyv*@#C|~-)x`HtIwvqOno!U8)(SKtdGghBm>^`cbWa!EYGB8
z@@vYk+9>afZr>jn^c#(5lYf)nvkmwnX>d-p1x|u
zlFEfE7dNhISX{Zh;j}ZFR;^sLdUd6~53Q;=r{Y|n7*jtjPE+F|5}dDaI_G&aXO{Ha>-eIuYGmnlEq7wHmqE-c>b!@O)9IYdHMY2
z#wAPC)0&0LTNsVu3qg$y%}W|poZ_0V^3V=e9G^S#QwX)Nc~xUY!^-8%A;E>qm#sQ&
zVUs4xlobnC2j#6^*g(Qyj9F`zEF!vm22#VK`S`+o!^&kUWyPvBn#{uG%U3OuB}q_?
z*1TwuN66>IC%tIZO3-Rq)U0Sh3}7vwg0JC_fu$`g7X`9vZdtv238f_=A)AGetHNKn
zykQxIcUsHRrBXB?U_fb-Eh`&VHZ(T?;oK#Q(^O4!&DIJ^(70YT=2L=_xlmI@Gi7Tl
z@@SX&QF0LPqNe7>&_mV+vH1&6)07sSwdnMPjZF3xW&Y}B-3I8KklWG*HUN5Zh$s=H
zh9f5f)IlTQUKiJ}vYB9uC}kx_GSRS#iGfTS=Pz$)l7OnMm!74i)O1c$^O6FGC=H>rX@|0=0k}s%?-;Nn$M9Xu2|T7x{N52I=UDd&uGJ{CKSTh%9a&N8lh!=
z%SyQu4%Kp{q#!fIGgaj&v!qN$-G<_iok}GrIMA#;t)*c(GbeE5KMO$fsdHKQs@eP%
zr!_S%Y(_h)1mki3{OL1hPE%P*S3?OwmTWLUfhP^syuw3TOukwojNw56t7cH~=7tsQ
zN+2%Jhp1>)H4q{{ocmhbZg=u1$%M!XXFSdF+eMjESD?tI$uDbn
z%88mG#)MJ-$Fki55!)xSw}^@jBIb@4#Vr(1!s%TgG7}Grl)Fq6Z4=4y!mby^v2$FE
z3voN))(KozJnFUrTc+&5HSY8+z%7B)?8H7%u?G}^wFPOQIHW)fPP{2H_lUx!B6FMQ
z;`S8Xw}~E`CG{2&i#1B>BH=cR;)MIYq>DI8y6#Pp;jS04W-+*4xF%%$Qvwj
zmWs~HM0TsN*N71l#n>HU>W;W8?AXN@)Qa-`!gj~c6#Wl~LGD~JaHc5OFA8_CDt)Vj
zK<-Y_cczX^p5@kxj9BJw5o;ACEV~ZPgBvPSFH&nozZNl>&)Y83
z?{!c-v{(hYvlACBVrrErMYRAJ+bNPQB73_iTq6bnZ?gb1NU`f<$yza>T?~eBXNn%~
z1ku~A5Q8U5d1Sej8lro<=&2#bO9)7<`+m{W8D2mEdeKP}LU{3vu_6c3aGdIt$hk^5
zsENH^l(!>gP)gV{gu`auD++PjUnvT}s^cO)K8Q|01u9vmguBfJ0|~cUbdILPvcPcV
z4lxX3M)CWpYn|r_dykkp0ctHWpv;?@k_%bKUY3H|jB5;fo!BEEcd-Osgz5(w=m))^
z@!7cBTcF?Px~&9(eka`hh$X1$VCI{#oOW^KZc)c>HB;of^F;aW>?Pe%@50Tf-MpEi
z59-xvyO=OTjBFN1%oF`Li;4=-zgcwJ22ysSLUd2Gh;C~{L5rBll)0jqxAlU3(q4y)
zgC;IaJSqCRN6T(NvZ|(1HRg&OLT(d->P2TTwq6XKiC#Kh36g3a9_{TA0ZL%Y+S?~0Ua#U$
z6J@+O9_iIPL_xd8Y7xg`Ea`)B9Gnp-A7
z-%@)-!3NamfQW4q*-lM~5HE>hRH|9@S54Giwe`4JqNqi5T_;AmSBqkdC{Ul0T|)E~
zeFux;W?tt{$_6ZF8)jwPTB^`7U*>Q(W|PQ!N{r#$5KBD8ytyJT;r0-@
zJ4J6iV$`YJBF40eNlQ6Fmb8eBW|28hq*_InrJ`S*sHqqInnaiFyh_?X6r*D2JjJ$g
zn^B1@H^qvioIYKI*d|Krh1erf=)}#^9)QLX%XaIlVr$%8lO~CbzT_)+p6HA#v*wbk
zguBZ{cS<F23nAMoH|NmJ;+g`zq=Kh3axJyotBBrR*?t!?9`ngZ@b9Y
zCW@Dd+^0ktdnei*w;nSwE{sQitql4|`Ajijhp5~pDkeZq&|(ZQIrW(5aL0_oVH2&6
zd4OE>+(x?S30;r>%v~KSS%6B4rApQ7V1b}P
zw}{j=qMKxVY_k~ODuz-@^F)!79PLR6a6E6f;u1^LiE4SDClljCO?NUntdW`#7xXot<-5KQXt=&sC*IkoVI1%06AB)`(JF9o1D5b44jg!pLFI!El9E
zjrBq_TnQV6i`Xhx&gpX2eismInuP1cL@W_Yy6s5!YPL!AK5&Rym4I--w^?WAcKhU7
zl|YHQp;l}DmuuDcO;xLIR3ot$HSXA4rC_~#zYSx7K2q63KhkUVh2U>@iP=vrn^UqMP={hB-ayFx=r-jEDA4Tal(Bt
zeQz|m9&rGJ45TyBsVou2r-_LVi$2pu=?=-?W@*nliI?yrC17x!7+NoSt3=qga-^4O
zl6{QdoJyUg!h57K9IF?jd0WSIC#IU7t;$B8Cng}-UMGgs(<7SKa(TOxcrCS9S8kuMnBXEnWc`#011bCs`1cpyej=1p=
zx6h3|A7Kz@SBW02a(0AD_5g@O&N-bAk@vYW
zFs~KvHzyf)r7;pf~XVbn3Eq608UZVav^`aXT
zn?1+@`7#IvMsji!?0NWC+}PQ3MG2N@?zN(5j%)`9zPp#yPzF!YK&-Whnt0@^
z>g1SVBZVBel(gTYDena2om(#oc8if$i#%9O7?iV}F)5Lcl%qt^AHdlFh_Fcx{2tHm
zVU_j1C~{XJ_d3xxBur^wDFcRvVsA8v4d!C*Y82)fgV%_fy`QS4SY8zEgj|-1v8Wwa
zJF0pyXBZl}eiOMYny$^*zF>2W)Md$LQNsNP%KoOP4wdz(*@KRc=c+FUB87LYdNNGU
zgX)XdGTpVluw@49r8lIXyHia5oQ*TiZ=6ClPRVYO+%CqQDUL+@#4@o!jm6G1T4Bb|Lz8@V{`>8v=rm1>akd&DkqlW>hOZGg#9TF
zBWT#^sB(pLiC{fD@zYhh7s=I$kz2%^UC_0iVp2z4lPl3Wk<%hN?G|&6)Ed_ZVm~|3
zxH$=|5YUnLiV7%C83q{lY2`?27FifG>Z{=Cs27uV%RFa5Dv~J%Z$RmAhQJYmB@h;#
zl>nZwTTDWN(+7Ue4QLAZuR(MWT|JYbY181qnYmlo)mX&ufhUqKYB)e~HAJ%pZr5@M
zh_rgA+^f<3dhHR_yTxRt3`x1aMT%OTq0^1rD(1AxQ3XrPLO27u!#&FS$Q6G+{6{;m
z*sByJNZupn#LmUs!IED=T>EvO5d*L|$2e{~y;4+KVB5Y
znow;b#5(N~g;Wty4p$}8;WI#@yEF!AmO(xR&}n=91nCq7BWU<4=s9e$-O?e(X0N#H
zQw=>`>qV9`DJ8nVVYXSSam{8?NhKSjO-07b;85jaSn|1`{G3{h~E#Lj_b*evH!h+1|_YH}>GSsHLOVVDRL
zW(03@1@wwurDuFEh;~V|3OWVhm}TAIVxVmoyB-(XeRNs~SXCZ|5&EBlsLF?oePy8iplR;8Srg1tBXg|`V
zrZ8zo!g0VymQ&#mF6El7bxB0rCh9Nt!!E
zRjU|}cALQ6%F0$TZZ7NYryoB7PJ38<&|CP$wOcqY-NIP3J2-pR$dV
z%$Xu~BK@buScI_;EE6-ZTEfkC`lrOPGZBYhi{{MO4IDGz*JS5|e)Z$6RoQGy<^PfH#KyL&N`
zs%DY919Mgd7P7s^iew+GNCDh}
zQSZbK!0=%LxUwT~5BEfF)EmWW*kuaA%DbsXnx@x?@i205t#uZx{;J9JigF
zUf5=viA_Ol54zZEn2C{QAf1(JzgOyYf#>j6k_rI_>}r@!8NAjV2D
zc()jeZ5qTfU!vGE){89Z{4Ro1-WgIThJjXmi_)>po_}0wcAd;~l!9P|&-sg*AO}CC
zj!@K0rd}mV){v)!GpImxNj#`l=bPo2g*8hT<|z&13IPKK4Z+NCv;KU3s^{aVoj
zzT%~#aF*zdp#)0$G7LfNf?#KRBscY-^%d*Yws*U1eY+iNq%B;ZLguA#-eW$ll|B-T
zFcdk&Do3VWk`Jf0no|?EQ&8Sj+{B$nOU$2~s^Ky_H2?ss`2njrm}^3s^LE_Ey5>QFeUlUh+ohtX#esQLp1zTis4E
zOP{eba_^<~V||ddo8vSV;plleTX+>)oX*r{1K~4~!z2ZA>m|AMidFGn)Ig3|nOG$MWx~wAyedvN>cI;dm7$uG?_p2Zs&nAv1K>
z3^)<4fFhmY$U*4y)bR@zSsHT2u=J}KP8-tstCTAlZSJ3B*>J2*5CwIduX}Gx3v?TR
zy8A$VG*C{I(qweMQXC;!mA8L%#V`VzmXujVew;0vH
zj!ARc4*LNB4%Hvu=+ILPVg1>aO450UD#FP95pui3@aXAQq^;kZne1mg@1gSzMR^*1
ztItl+U-zw~aKgI%W`Y8|2#3&mrBv56ioXivyMcTUkGvtGuR*-gk;EWyIr#4j0s}k(
zM*dqd_@zY_Om8>}QarH9=@@1ht;zTfwO_GACdM%eFj3l%*g8QR3m^x#By3f8CRRPO
zOGG}5p?YT^$A#=@W&aIPqz;I<+j7W$Yz*vAqYXQ~D~7gm$aJnpuiT(Iv{Az47z)^-
zaprL%RPu-&BEDU9UxVQNF`V-)!}*bUYFan4Z-rC`T*6#==r}*B^^c++dG0K5Q6Y+9
z^zD?fLO2lL74SXe^5`OD`3AgKkBF{LZLuhN1BXwp;d#!&^#TT1r#498EYW8>Zau^Z
zY$G;{I6N^M6thMXy@uL{x{#p(S9Z_<1K`i;I*C!?+o5LV&=Tyc^xv&o#}Mro)p%~C
z^&*2on(6z$#KdRhA;M)^QAHr`NML<46n;LO@rA)B?Z!_d?+B5{G?7s|aOz4E=@iw&
zk1%+2g&q#Xa&3qN%X}P2c7l`?8;~S
zM8t<;xru>Ep366IKSd=!MHMc?419_8Rb4+^XZvFYO3TnDeFVG3Og%NPA?AKcf=
zK8?X*)N~{IPw`Gsu19e0Du(Q=XSfvaxP9BzP-56FUqf!6c6h+j
z;%-82=EEv06>Zp;F$PunSP_oeb8UDuCW-hOjD=5&_pY2nV2GK@O_J7NR!!j9UH*R0ix6!+k0dU4H(cxmRSc47jYjkWn;|>@Y?F
zn=p-)U>Z$dz^-ggavPwnb%jnAryc|Sc>ok*P>#dvARUEsVPj%-?9`}LX~gd`&&f!l5zPF@!#Z45s3Vw^LgAg#@B*d+!x-#}?Nq_R&;aC#MsEN=9}15_d1
za&}^aNHC#J)XsxO;0zucjwyJdz;UOE#0DfdKNcDPaI%#oBUSk)h{H*;59USi&8&hlKxF5Mul#BxCB@EhLHYxl-H&A={$t_%
zL#eHyc7NqyQ?mz~t$MJ@kE-=wAp1ht2Eo*h0i1LDZE|jZOvDFaw5%#t2B*=m#;jy;
z{KadXA=A$|;r^dy{@@+%b2X}ABYhusRA=-k{hHq+FCX&-hW|e$--&%
z+Q8=R936a~1VsLRQK7v$#;o)_aw~n)HPRMsP!-6bCcTw+4RS~96rE$#6Go*58vC_aZHGnxR!_`!xt7x?Ov#QNU_@2Co$@fGa
zO}>JCvU!glM)HB|a@V6ic#G~$ftMv6XF!37!w-ZP?eL0K#@|Gj;piI6Jcc8hupfFN=lK01
zi-)Dq=z1*?p?_H?4odlN@*F?j2+x3*C=Vuqdc$_EswmEqxEx`4Yy(o1+jcm|%XN*L
z__D~EDSGb~1Dydl9gp#KjC}ht$LUoha@UJu3}t8#oUpBc^MEIchv4-&?5NdZJi=kW
z9RlV;FKlXa4}750r%2Kmp=tCrXrLSnekoCn6@jMl4Bs*Yjq-XNgBl1LIBDA*r?3PY
z1zXsO-QLn5BK3b^(+*=X4#XDk#(_9B+Q*|S?mG)?oV#=16hoVMbc8Z+mf?b-wpzA1
zPRpSFohOSv>o8tc;UzKAWv6VBZfO=0w_sF(lesp%;y#(89W_PtUnd0GVXqv3K`?lW
zKf?c8(&AK2T7;Em$WgEh-KPlFa;ax68#A!6Ap1PIcy%~jveLPi;R%4wO_e$)7q|x*
zmy4qV`mZrbXJV1m8%C^L1R1C=qVrGHpJ6bJxxeI~Mf2Vg!(ZlEfq^){;HLMvaz`uV
zW-&O}0S
z#DCphec*pbQz|-WidXPKHRW^4`#*V*COu0EQ0JaT|
zu-7T`*r4-Y@ZUscbYrn(OdOA4;&8CbC-7>gV$YZx{)Txe4xdi3H|uwa&aC+C55$a<
zkArB&srRH~JSvP`Lhh{c6ku7s81oPeFueFb69&9UoQ_YHxWl<=T#5+~u2!6HoC~k(
zPU&?0r?RYY05Gf?Z(@q(?k$!`ENF}Jf4k#^vqnwnhCM$KnuIrR^rGEZaC`(Sw!}RK
z9;ALn%7bJ8{0sne4NilyDDuV}unqwE0O$<4B$Osc#2&UN4BCH&W!~>09M$wJ=Lq62
zu=|nYK8#k`BJv)lvkPA{aH+Ei9MWFTW6!y_;q>B`og#au!13Y~j-N9-wqE3~7m3)}
z?IJUV_urjw2Y&4L)2__$?ipQ>)&3G8!pJt*l@&~z
zn6Z+(7P+|(ibCCTM(*9{Qw8pwqV_l##A_652FOz=yudwM3_e!c%+ek*l;fvRCa%PN
z?T9R1ZuAyMP78d~Sly*x85w8beht36!p6i4H+Y#2*CYJ3bVRQ0*v+dD_@YDi?L3H;
zDGy?$+X8tED%O8LUefVp92qPBh-}yW9;`|XqOqh?gN_ZJp`}a6%G8{Fj*d@>Y`PGOB>85*Q{ge77dk#&#+rMKxANS#`**fUc6({6MtN2@xZ$`
z{C-+#8+GA1#-6AP4>3ZJ()c%aP+GZ*4AWXGgR$(v2}Yjq>E=tJV5)$B1-TcM>F}}N{0TNnlZk-k8!u#er%AXRdMeK=`J3U4jmyiO4)-_l2|)CP&mkW
zU@Q|Jy#0!zF%dk3epTlF9z)4Q?L9F7+Ci%zmV&n;FVwHn&fgdL^LMivT>o!R+@ynI9Xh8`{X=eC
zMmHtlv6U07F$cc_L!M{c%>l|7<^BV&NMsV~usLZAS{?i%hGKsUY|^^zq}};lqiz-Y
z%RBGHzOSldSu_{BjBv;Id{cCL0ER}D^7R=Dp$hnAc8URdYBBr-@aOX+M3?k?3HM@t
zkNA@!6Hf=b+>mSsABEvly9)MOFH8+R@udaY3rm;n6j`vpeRpnTy4nhpYTQn^@RcA8
zgZ4V)j@^mZC_Pn(;9iI0G26s|x5SVWF!7(I#FQCb_u(*>e1*@(9z!X1hqC3nzR7JO
zQHy;n(W8;`H%6bVYT?XNwyYs&!~1ARql2CqtDKITcn2r{X^oL|#qhXDjWe~tNv5$2
z)A=aUV@i9@dgy_F8y6I9JY~`R8=RD`w-tXk?(JmMi*Dy
z{3yaP-p&AxT_n%U@&l9d_<(ws)^V38PxTIwx5nS$hvEb~{DplpdiD
zr4mLVX&kbVw)i53o=$o%&M5jnbvYX|ep>6#-J~?j(4CIvpJDDC-2a^3IP4Z3FYy+V
zIAW(N-WW<>gZ_1XAKo~Xdk9T3>eEuRg#4)Ze`a
z%lYjX7Axedd^jH_57o%y;@(CaItV-(xrterH#^It`;#wXW$s!C@?rS%gm0C=Lgq)znRE#F!OKf~FTTh+H&B5a8%WGtayVK4-A
zP({d!?(*D*)oGn`{Ac#f8NJ&Wj*T_dI-bf@6M@mxZ~*e{){1=`?JM{i3%+X*bp^`T
z%nbFt6hq%g_dL;MH{3dvn2n!SD?P&@w}C4?O!r;T!rf|>*bP0u7yB%SI<31MFvE7@
zLs*J}F{`ucEgzqYOGofJ^a5sxgA`;4dd#Q
zHpvaE=eHPivf!HtTwM_p?+?gMVFc(7H;uHhV^JT%KsY9F+5jIh!m!hGn;O>+F7l!%
zg*|YNRAXSo!DxIpW+cjys%k*}Gn;nq#J7Uu=SH`BAN`>eWctEiKR}PK|7(izU3C3k
z*f{Nk6aP4wDUXAe!gq={!|-7Q(V|3W*gLPIk9OsuEpNZ{|K50FsNARZ1{$->6PRWA
zb{J+Ee7=Wo-ormnD-bvN83GJqe5#dSdylD?+x0hC`8^+I%1`zsaB^cZ9`FS=C2>QE
zo`b4QZpXKkRPMpMlYx6tj*TNv7mLv|#B`pO#z~FoS4nM@Q@JsW{Sey7<9d2@HYWNP
zP+@%D9(xwTsnV~keJXX1bj^#1xrsX??FW47P%Q9EFnSAPz2ojx+2*w%80t+jt6pznJJV8d=#HlI|X@B;P^9
zC(weyEh2(Tkz3%NBf5v2iAGcX04kHaA1}9hVu&=sd&uo2J*b89O!k--cKKrT{6gID
zLXhtHhI`}}d?8&Pqe+(`Z3`mT%ymoK&=k4vJDOXcI3
zhNfkWOYnm$_)#PL&{DV8MQpFj1|{
z=uw9sI2t?l1pXe<*s)W=1b?AqNH}>y5Bx)sN7v739;JSbXvWcVnn%x{zv%3BOyh0N$obQzjc8o5a`Ch^q!Hueo|OehOyEvc`qW
zRfQL>Y@Tu2%+so-O_Rc^u5M^rzND#X$(b$qwI0e7W!HEznxV=bDWy>331Qlt<`ERs
zjQTml=Fh2~|NpS}u03vCNfsb~iUtcbX54nSNL7_2Ll&S1-A!Az3M$P^?=BVz7MZM~
z#g|D|mC7Id+xMJ^8#ixe-efY9yg$FvqF8*~-h{
zBfRVYpYZS3>m|P=>3lUCj?&~7kCk9b((iZa;HOVm!CrSYO-Jd&6f=)x2RODV*{UaItghj(wcsF}czm4wZy=VS6`E8cpzh8a)oSgJk-<|b8UcF5|a%;EU
z>|qwmajKhLxiekandrj5>-8^x9{u(!*1Y@tJ;qc`F%AnezAl&e>aou$UsuyV+$MH=
z$$!aUEs^~}jU34XpC{OeGq*C`3qL8#O-dT5yuNThPy3&)o+fi$$D(MTjh3s&{^bbI
z%THWwvr{?2G5ySuPCPj;lLSN6%%y?h*8#w7tObdQIHlEV4^{4~L}
zM82cvze0_`5Ir5IfnqpIXo%)IJgx&BJjOJ<9Z=c}1*PRL8IvG!II6{+x>tFJf
zIxeBN@C}wG87}w&Ftq-Z9M`&cyR+p3J+0*(ycim5-Y+;}vYx+QCEeZ?#^Fuj57DE7
zw3$P8m@C$Sb0G^c9&U%7;reDHs`hr%QP(WD{<+n0QWa=CPK|V)Uhb2bzt>c?oy$r07O}gF=exhXc`}d*Mh{-uVhU3@otEbcL&WB&29x%Kzff)ai`B$Rc
zpNNY@AvvM*_W}y)p3XEZMO;4h9juWjn^B=c6g&(&{VcxVufbu;%0kGUjpXs
z*?4*n>odAeZ>Eb5#(A!KdgbnUlH>-CcAw?GJ)&1wtva4*A7<3b(lx?a7fULAi)AE7AbtKk}sh70FH
zeV)aG;^2Nn3=1^UT$sB6`J>z%RI<
zdBak_$W8jif~_7UbSa8mi`)0<-oYV*bM_{=dYN>}w^A|9-D?lYHO*Kj-OZobWYC3u
z&`zdgYxFr5RegSLUf?uzyUzU|EGEnD(<~g2L#{i0Du*Tu+qvxn?0|$2c+`(q?{~%a
z`dIenZNfMz1wuk{FQ6Pw-f*dB7^Ge0xWVWbU>A#+sb|D`~_-M
zLLt7&&%u7Azw=`j9Gz(8f!_R*AV79rk47{J1{RxJiPxOW5e255*_!TVXS&IJn(6f{
zji?`k?m~x-L4yUYPp+3sMofY6?wwV6;)7Wqrffc4^fA-g!D~>IE=KS>FAJ9sl?4ss
zR=oELtv&=qPzZ1q8q1Tlc{b^e(SF>RgC^I`rJk{7Cm%>D?RNpJZUAE$i65w?FkUx0$)6K{0-+=qk&3Cp~(2#c9p;tdksG9*~1QDKllPE}_k6e(Q
zem?{bd&&IrXJ^ox%E*QH#2I52gM4w%yz^ga;+zc(0C@wtB%TO@LBd~#^q(wxJ_mBP
zN#CAJ<^U>sH-KG;_%#AL+N&yDFhfG23K6V~j{y@_{;uN`EHJMj0F_%F2KyQ?s}E~*
z10_a7qPppvhQF&v$}a=ava1YrrrC{(lSgpqjHk^U(!JEZ#F3NfY?e6b
z<&h!``AY)h#pI0`pMzhx2*Ze<8u($+vq^V@HtFT+ZgUHLJNg0_2MD)ncBETGOwijp6aDxT1U>ojV0QSLBD^Rjs4*`iW
zRS|tthI#$ob6k71Uap2WNE0T@g}CjuF{+iS{(g8xeT%ipWh>m0giwS2s2Rd3YKCu%
zC)(f%kq?6oS5@0oOTrMnku!Wd9m4`5bu>~X4v7mwyBs#VUEcwktvtd6V5@)WP?dUb
zMwf7lP!qblh~sv!BVPfw4!6q*|C#b19F70d^AQHz1!$#>pB;#gWkMlITo8XTXD@lff%c^J!8DAV_0%RIDLeP;2
z{!BeXH*J(oXR3DP%Si_w?5o*waq}ef+*I`jPXEPp^A^sr>bt{ra+QjTXB;bDwcmg4
z+#7x0dm_%4pOX%g=<>EW06s0wHESau%%rTGS
zyH7t^R*r^iJ-xXV!3duI1r8h5|KhCQ8Eo){kTT%+!2B~=XL2C!kE+?yLG&Td8AA>8
zKN?$x3%n@9YwzT?y^@9p%y8z6aa7Y)oa5}|;QUg|Nb+z|4Sg4hrB*}4^vT0?dyAN6
zJDkqMCc5bQ)7@e_ou~cvdb!pI5_ke4{&cb$&FF4T9-T@EexiCX{ESco@MlHHxZ=tA
zka$`-{v`6KSrf-VQ(Kg$;d(t3U(>wGU3u!Wiad3;M)C9M4(AKpPr`^=vtw2V0c59;
zJn-H(&<#(Vsx*t`r?lU>d13V9$f%R(DpUSFxrCYH>W(%R~
zu3$d5x9jDDS9-!9!pX1TMkN5r=bPj@g_cS?u;q88B?%htcU&Nx`Q`?Wa+qJsYhN%d
z$c+#q(e$KR_^p2(w~r=R71#*<-G2Ys^NrB6)Yo0$2rZDRC0HHcX3GU#TMHOYgzdqg
z(*4Am@TB=<1Cw(Cd8$HG7>TbP`1mok(!v5^_p;^hft|^R0@a
z?7WxItMs{n?6X}s>0eY*0L@i3x}X^)?)cF(KH&~cL_wxv|Q@yV6H
z`mes@JpUX*~%
z;|6pG#s;8}GC1I2Pk%okVRsFatRU#;gdr&O5iB}b&_Mb8TMDtm?QoM%7(D|dvq?7^FFid^uBMAG@b+B-!}ceXY9FZe>1x*{
zWna*JbcpggRX5f1VmisssiM`vsdDN^XMeE}lIzE0vjXW^Vx{Hi<;!I90CTlq7Hv3DEHOCoHDU&R9rwEMlz1k-
zdo3dEFuckXu`tpA8#;@XQ!x&$T{>SR3wjjb~Qp^a4)h7@#YAsrV)AcU-vi%x)+
zhCQr@t4g5n8|Tc{grSXieltdGSya*aGh`Q14dR5CK&Uo$x<6))5>RLQRkdqVI}A1k
zkqe%)_r8drg-VtJ1NaI0ZhM9Wp;hD`23t_b{M11pJZ@QCkU|_35m+8afR&d79HEei
zfXc%G?beP=OP{_N>fT`Y$b6)YZMwc>&N|j+#+W-%Xx;7NW;h?f2Ot)NA*1L^E#lG+
zssLsOJvmw7Y?gA(6xD{RjGK&$1$;N2#_Xi-ElsSssc
    xlXW-=+g2
zMgqCRTi59|RxrZplLSfNXoXnoF+E97C1yCD5%)}ywb>zyp)z0Wm*frvZdX9VoK!Np
zTd$MNhmXu?
zl(K^P3X#LSS@k>vnaeShO*VEIt5Il*TwdUqt6ZieVqK_v*VFsya3+eD<+qAWyf~zo
zM2%iG`el6l5<9ns57d;KXAwrF``Pq@#;
z=uR@&89N0eT@SXx>+-hbV1Pq`Hp|y}4I06MJg|(sgWya?K8z<=p)iO#?xrPQCB;%@
z0n>Cl{lm2I#mq9oVZBN`GA7ZnTpU!Mc(}!iU1Qd))BAJ{=){ygAX)eoo52f
zE`_imT~8#8R!$~a2KxLv=(jbS&vdJ9Onm)N)sZK@NOy~zMKAfnhIaT>-L=K2v2*xZ
zGTbsr0bgJEU(hyn^>^@qNr55PQrNA7K^Kn4YB)aUvS=Mh_k}#)JMw%j&XzdSe?sNr
zrO)Fth#EmS==YA($?$H*$_~_nqaqdEDyEw^LXw!Lb0*;;PJ%W|pkIg}V0FFz((!nQ
zJ(b?m({c-dg+P8o#S@fH=coj^bq_TO;{M&P)NX~AsT0;h_P;XzzS=HOvZ*e9ksB{4
zf6_rjl5AZ5lVuiSyO_>)J;0WC
z38tJ*c?qnBgA;bF|BmIS+Yezr%NqT#<-r&npMXIu^%s2m;PDR7MmW<{n$WhH{~WO<
zvfRhHW5Dr(GHwbjh#DB(rlT*uHWw8aisod}gqj@?$re(cD;mEP;JRi(Bgg(c(yL{i
zj>6(Hr7tpSE$=Sm9$B@;XfAx*K%gTC0RFm&ZPaLOG1-7!`|x-o6kzd(0F{Fuy%=c*
zKS0DP%n{8Y8*8Ae4on)5qP|LF)15TNq+qeEYeoY4VGYA3EJ?lQ?urFa`_&|Q9J@$y
zi)$qXZ3K_>rl+|i`f4c$BpA%WJ`j(ybo}3Zm$kUe1XI%CLJSOFEZb(}P%oQhqWjRP
z>^2c`yd{$g%;(2bYDWPyMEx|~a41Tmf!J@@%s*W!lF3^%{Qyy-^8ibUyje%8
z53FxV(L7d|(lh$i?!fXn1^T9LEAvW5eIG{Tgsoc&0d}7+;>%fan-;cV+gLfT+v88q
zF8he*V~>wo@+PZK#MPcN=c+jAUCTtf=@wcBl8{$h@sYDOZNs~-oj;AGr!ND)JnL%1
zfWt60p%Tl@h*2#PO)`1f(@xx#&#OOxjgOpn7VlqGhhSWbjPzF5>oE&`6<^
zd|2L0N5YT?I+~A+U6%Fu*?HA=;}NOIIIFAY{0Dpx8dRGCw(g
zHA2}=CRdW*%}IPjR7U+#A1C1o34Qj>v?4?TFBYxWSJGL(9O=9=-3S%n-lzbgUz(cd
z3pKuALpx=khpQ^2k&q3IpmL6=c*xVQz~J&|JQb9RVDnN*#YJj1F?uwzFecZ5he=9A
z*Y(Lsn5#%5(>CuRMNSAUhNI=imqhbxM^r7~g*6+HeOfYA0{qj0p32Oy*@37r%D9$5{sD&hnWtu6d)NfLmOF3vYV@22RB_;FX2=p^tuY4on4`8>g@sH06&%T&`Rx
zPJSOmNwNO}80KH-62kwm4v?Sf$O{A%VW2X^2YAUb%Lh-!_$4+~)cie!aAlv{}t
zjzIrA9~q)ycGL=*7z0c59Qup@ysBdGK@sYkDbzQa|f
z#!F@+5csBe(%!}ObUZ~hy|y6rNddOJLoXu|KN6Jlqf~I)<;SyaklXps*KP=Nap=`0
z&0nDk-wHqI9Xp7E%K~B=MJ`WA6S@8;8r7t0u>?DgX`M9C0IM)4)2jJVMKngq$*_4a
zq(G|!l#DC@)R(khfX1IqQ5)#bY4^Ffm|+%v-yzJvN>QQ`8(?%)2+hW|x{WI&%TTlC8wxWN#MNv}
z3{8%6hJYK~8b+gUNEiLMxEjvW52y*mKI^H`6|X)vE)cB#fKYSb7or|Oy%3zMCb}es
zl=R_bQjM#!5Z+y;EKca=&`qDEldTpldS6PEv;$!Wn=5);Sin|pcef`M>C`|dNEi4o
z?tmX6NhpJj6L4}3PCJg9&-FZp{Ay>TJy0#!W~RzJ!_gMmoDb4a6lx&d-mMq3{Iawv
z7G;p<`E=7~5{U7WcBj)%<|~J###0l)yx_x#Og-)3Q1Nkz%a5}Vt{}r)0fVTJVYM%N
z9anz%p9A=c+uP|zXkgO%=2;KVd9#9aOa%KCXE^AfV$7pvmhS?L*TuMZu+c-V5o+Zv
zxL4ASPb_fL&{MHMb<*qLn^wobi!&S!My$%5anX9+9V~Q3DuL!=NKCkAqq+ujHyq*UUAAK4z!{zhR#dAV53Mr==8^+f;=hQpR6J!sO4^8%OHBMLiwEwyDaZyA4t1d?Ftz1YKN=ck9LiMVd)B
zr6(F6=tOekEcPWe8iJP$P#n)L@45TfqjRARASuspP!<>#PV|~qPGHL?E~Dta1o)-x
z`p_3C^o&$K2&Fi9tf_=(`cZ3Hq+5BeyKVO=&_9>3v0jYKAzu`eIDI@w7^=l$i}ooE
zQ7Zw)QNU~J&J+W|+&GR)m^yJML$ZZ0QPq~d20EWerXV7S8-oE673!Nm_K%P`*lMi|
zTggY|9Z{v`Lj}^QvwmO)4&=n5R~lG!#Z8HBc_S|YMnckv1zCz9TKnuc-I=-^lR&jo
z$9>a!&k#_Nh0IFitYfnLSmU|I8X0}HLW7UYZWx7Pvk?9(Bn-~raRupP||I>
z|AfI$)tAnVv?i&ABpkf8pr^Xx7rX2i!OfO8A+pX2*0HKq9yKy7xb|Sq>UqT
zLN2NhsNO+f;ASBFQxq;|eo6+S6_Q+}ulcAmludjK57gPpwr<0WVg
z`n_77Tg2%VdGkLNM^cIuphr;;#z|=MVDCZ#cIQv|85gVCZy5QW^TB?+gkMj%fo%zQ
z{&g#NTwVK|06-IP(`8%RBkft-AV5fyE=_m7But#C>UNe9RLLo6Mg12LIZu0g>a+
zLFB)lZe^baE#$C`UpBpL?2XcM5rvg6p`+ILTv<(
z*u!883(CLUcIs@#a=-}%n5JMZCrsq1LC9q6AaSKq%`Qc8h0;GFlrO|BEv}&d&I${w4w(k6
zeXURZ5nTpjmAhK3aw6oMH9`}8*~q$M9on5b-Jb&^Y2$*x&RLH7z$;2pr9^4;LxnL^
z;Qv`>uL&4v#0PXf+0tY|gOK>^VM~8AM5^1A;d0)tyZRDq1`}K`$
zBj^^{nT!x$34=PbEP^tGNE`ZI@e(9wvho
z=J!r8TzrdRw}Z3~Kun67(Q^%LRM2?-sY$GdJ&&7m^EI*J1ZP(9a0B}cV0pfihm1s!
zOtqZ$W8N&%)`HY;4T(o+h-Ph4bS855X?|0pMF;Kp-Rd_fULKr*<6tlrFlT^4RBusK
zp)CowFlZ#hGeL#>^&T(X=3r(|gUEyTmejelpN0&KIYb97*m(2ollvU9pbL_`hg6~k
zie<+DzNrl08-C^K!A-SWYl?2lZp^Sg%n>Efb|wr-UraZysWKrAoT#acdB#Z(^M9g!
zLLaasD!a`hbyC*83~S$!yKv9hs!E3=*jxnbSM^<8u;Tme?HAivD1p@96w|vVC~yGXm=5Kb20;(Afp}>9Cf5_Ex|+xB=>f*PavUj=0{GytamJ2SL>!LglTmfdK1gATK|
zQ}mOEPL--~0l9UpOr%9JGWt-9O?ZNiHOIduP9$iuOL&$XxU624SMm{n$+w#7KHJ>F
z>VHYLOLV)Gi5_J4uUH4&Nq)t}{*hW~|A9Kbn52fP=U}_iOuNiEjc%qn)q9_N*n9~X
z-S9r_NG=CT0dE^|$n%hS{pXU6E51{>3fgMuB8Af?K1rydX>-gpR
z9J{iHrebMllF=^4QM;>X+{CAixCY6fsxOxosW98}m(SOQy@T7sn8~U1X6D%J0Gc5nZ`Ivw^-j$$;?2p5bS#4Q6e>est@x}G{-
zJcfz&=z<}S!Y>_1l5><^`V)&iZ{p6s(LxO+!
z{qgkymLn(bP(YwJbZ9_1GpLewv}0f?p8Wter?j;?O@^57&e^%o7j*A2iwtt)fkJ_c
zbshl>?%iw=SqOrvqNiEU8F4MNDlddV;R6(^CV)J&k)8g0s_l=Vat;h7GEY(1Vev??
z&56mkqCkXV3*}O+`5AqHlL;iUl#x&>DAF4!4FIbAPQJ+hIaauRS|6)ss;xOIYVapi+7(F2Z!^*ehE1Q?{~KCDA*sUi+pn2p|%G(y8a$-ctUV$uS86k)7i8HTj=
zkLLp_RxWG-$Z{1IqQtKe4V&^4p^#I+k%(m#R%;?kb6~>vY_x=Nc**7#rG?1?Rs1|~
zZ9K2oOmOI${B-13h+S@SypM06z+2kRSIFc^gVxPTF&&Xur`n!o1NGR;C0$Xe`RspJ+f^xQ#h=w#(XMiR{75Vn=QlW~q%8a;zoPsR$pzBM$MmA{cUnOZ99bW{D6b_7Msq2n3va8Km+;
z|2{@|i7Dwmtaw$MHzvCcTDZkPS(G}8T|$$h{Ex+q0cD%Az;w05sqB0~FK{;&GE?bo
zY@`|Q7po=a%E5rZVhV-v;w;!tBriEOz~hQ1qand~!U%YTWbo_N+XN|tH@=r8Hl?a^
z@MrY%{q(sq%Xc)l9ss}wg8`8MM^_LiV4(U#OyiqwWlHDCmPVM46GVn6DwnOf&;hV)
zd%ia!$KXc{Q+wgUI3%IHYn{i}+JoFAoZwm{f~i7r>ZGDaGI*1t`)fTufs{lnYeY-bM3izukoS)i
zL`yiNZRK$96^b_VyIFMzaqfg0`T_<@Xlq#tDWI;MO#7cPE0;~8t)7A7`T%*6_eJo9
z%w*krmYm(3%-8(&OW!zNi=0hg2a1*{UC3+r!JWFS$_5(uitTmF$t;5M2{1z)MMcn~{7DTo%4Fuk|3EvZV81ik(
zYM4#Gu*{Tc(q0!o6|P_Q;4DI=?}@(x?^%DF%}sM|sjE=E_aq3otbM^l+(KjiZ5S?9
zZ(G%d@9a_#bF15>6fpZ{3XO-|bBw(y-oM%-tM)*@;V{VnZj=k|;73*hGmc1l2o@$t
zm}<+Wmd3K2^Er}{mAp10-g#PsE}%DgZPT`SCso$);A`fp1VOw43t@oXIC#0uMlN2+
z1Mk$k%2!ku1zY6(kjN4D6gl6Zt%cObP`NbN;kS`{)flWv)eN&PpI&UiYRAkVTGg>YL#=Uuui
zqSyj;Ij%t;<>Q|K8C|Ojme!HBfe}{ElFQ?O7Gj?+ZbEmicLRB82=2zbk;Se1ANY%YaD(cc0tfkGXo0_z@X48>B_$H&3(a
zkUOWJRH_^&nR~N9M46}wfR}|9-r!raiR+P)MFk2=o$umTCns6CvS*(=0@NI=HVVfS
zf~EtjLRNx?Ym5fNLw2~vp~4t51(xg#o0jj$JNx
zR5tD59_&}ngfXn3!Z?RYz_tso|IA7s048JuK~OFOO;t&9Urk{<^j`mP3k
zn;=|8c7nnj2|BQcuI*Y7auXAnO>Y(m$}v+EZ&T};OD!^#Ec5=VVuQ=YqVE==4GgV0
z7^LSTT;K{g5ZEW~2wnIwa0xVi_gU^+M`*!AB4?VlDS%}Zp9D>E)XUEE?#0~+=donZ
z5?fUt%2{|EB3QBI@WVTy3L+$6u{XAVk>-RBl^`ISRP~$79*qTR&QDy-rJjje=qcA=kYMwAJY4W{d$Y)
z3@Dy}I((p8;Ck8bbc~5QBnc^48s?76HbPMc^r_4RHexKY%AkD63>7Ou^Q1!|Qgw!A
z*O;6Ih*6sFRLUzHa3yw7$n#SNYqqX(#7{oj>ORfd)XBL8S8p;OPBd98viq|Cb(F41
zE`^qYn@0M6ri%%l?Fa@dfAzY9=nQ?OjKvd%fZp9ahrp&^RiEr>etijSGTtncTR<_O
zqelF|eF37s7?{LN$s*m{jc)OU)w0uizGF}r1l%|;0qk3|O`cH$w-JY~vBr@aH94jX
zmy3nY|41g_h~ex*+j0Kow&T86#Z#mglF=Y!RjjxL9RK!1USk~B_mO5Cl6X=DE_2V>
zXY_%NT`KrGv_!>;z^
zwO<8&$e2QX-PsdDzrLH!#(x+0AP1*ASED8*ge7~AY?68>|5Ny^E$0y-UwzxA&Y5Hk
zm9RWU*W@n`UuRoRnBywg{#2?gjrgIg@q@Lmu@?aUwFV}$Au={zT+jr=)0qN{=q
zRd!KTND)rheU7(^x>n+Q6Ui%~AbR~wqwKg}$=hs88-=SAGSiefBd+lx`pDb%pbK4UWlo&qk=@e-8<&xtbRL
z0j+kCSVOPg%Z#+Lrc7{y={M$#{@}9BT5AtnT(ES0c6xnC;Qp6%MNjxp!XCq01>8W#
zR?Urlg7PK64c{+Ew9qX%kxLhZ^SOddAfi~uVw*R366sC4W`|>;e}qUuOu$;Qi-g7)
zS@N2|L1VGABp6`fWkX`hHUeP&nl4C%=IEYriaDwcM_0n+D4LI&2X8opiP_*1@R;N4
z6e`Cfp+X^dsXkbki*%N`CfpE^a;#kXPgrX+Qsq5zb9xRgjJ)tIb
z@7Z*@y3eK8++?~2l;)bv;o_{FHwpOn|De0i44wmJvc~kdDNZ|8D;SNAx|6R9*=I%#
z(=W=yI_+k?_>w+KLJfvvTD{_*R7K6&@ozjn`_y!_jdPYRFDkgolDgW-K?GGxGH
z?p8ZJdh6)}^~a*5r95U}Ln6Rt)w#nN?xQc&RRTF&4R4r=VwVbl)#7twiXl+xOdeW<
zo!WkYis4s4vq65JS&Gfw4ESJ(%Fd^i>A`Fx@YM8$C7&mqDj;Zu!+`n-Iu>Q>CG-{|
z%^wl)Lm|}?#Weq37h6=UZv25|k_p}!E>P3+aR?6`wqiaqn+enh=&(4U1e?S85O6D}H@D&|G*dq;*AVgk}><$X@{H0CKO
zK{`Bq&6m)J{%5ZJjvnWTGH$
zOS;Rh2(F-~+B}Qlj7YcSl^7-OK%Nia_>V+;LWq(gpeFl#i)iT~Ye?BLD}gLFm?g{k
zn-L}&Z0K^Zg`7$nb4X-ADz&Ggl7#KttYA50{FyvykIcZf6=0hxts&k*q**Rm3-Um2
z7>uljWNC14cf~f95s~~=X+AlQqWveUQQgTw(8Oc8zeT@VLU$Av<;(SqviPk+e1
zWD~mNF-6Z@Yz#t%IEAX%akb0XaYL44!eWf85x
z);JL@qzbCsSvtXy?2fz-hB?q`IQ|y29bg-tExm*Jsugld1;CXtww5_E_+yXcMBSJE
zM`(yHvdm%uJawDJ>RQ+-MW*?kkGX~Ik~QGA%J8N@9AX#$x$3QbCNqpLg~^?uhTvh1
zTo@-v>neqN^w;a<`u$T2{E8NL=W%7>MAx*U-c+SVt6N@V_4#O&x4-p
zrra_THhU?ruYjP@O@8Y{3V~G<9Vlm_>yp8s2e*hW5kS>7U1S(-jQ>)P+`gW4goK&r
zc&XH|O2Y%u~>t{_aI8bgbX+hPwndcTwO!x>PCGMmfTBaFL079`3=HOXNnOL(x?&-
zTm}x?2m?J{Nriw__jx#FA%}t?l6#4fl
zP;@FQnbXAVS@qxX1FuxG6=bAlW_A0soE^4)ivvukS#6|i|4tp
ziIn6)BE*JopOD)vaEq$ENMWXgB8&9vb}0Vn9Te7<;BuR+Pxo1neJ_l8i{F}bImhL=
z-x!;N%VbI`>NQYhF{E^cc6*DgHDHuYvPoB+KYf`Id>o9UL^<*wY{3LBR9zCysfK`g
zqOMJe)+H#Gt2GTCw&tK>$_B`c#Sw;eB1P-x^(^5RfWNzY9Z9wk_^j4?xNuq-WAwIh
zsIBu6EsMW436w;iYOl|Lo1@LDnj_)P)*Q*;vI677@l91IBLe_^jRwPmeW&6=ZPRz9
zXIq#tzzI$MEd01!KMdF7Jl1w11*59@Es=6sOF2{p<-SwEcNE_>SIzqxc+G{d_7jbF
z4UDw&SSR9zZjA61WE>vHSMdE$hvt(g?D~dc*x63TJ-iofvkCD>{Unscp7oQMLon~k
z33_o*JEe~DlO+6_tnRiCY`>1RX>%B*g(*7=;tGLnDgX#kDN{W0&^t>2k7q}k-U=Hv
zsBs(KzJCl~O&!3h>=@Uq06{iC7v5#Zy_k2>@_D!{d&;~G7mo~4u~048n26I*ai-Wh
zw`$VEkxF8$#{`zK?68yhsdCxWrMz&HImIotK(n|}u^`M0yW0tp49tS`LP$&WDmK6A
zgMk9Rj7=-tl_emMOdlVm5c0@w1Wh++o5EU_63sP8`yifvPX)pn
z+lg$m^^`5ft+?h#h_)PbENwj9>w3opcibhe0WSlWRc=so;UqdUzhjdHOc=5VtVQH>
zzLw7JyaJ2STCA1lO}OVEdz>;w>+QTTI}Js8EGJt-oNAjv4FTy~jn+h)NsdKS_Nz}PgO&95eqd(4dfCY;TgdE
z4+!TmE(Cudx-(GxMT^{AK=RYPE|QzzX>3r2L8ut)Yuj+8oh!3*Q)
z7paadhcODOXC7A`Yr&4!+_GvJyfP{0(3IKBIQx|rN9(_WEpblIa-Iw&VedtOefLpX
zzU^yclp{ZqxLCn83!;RR)+RzMkF#Q_M{YuuPbQ)nRtNn$*U$ov^+(|k9x3A1)P<=G
zBda8wWL&5Omh$wQcVzMyEt4$7n1$~b$=etP6^yV%24_r&LOQbzPVXiv(M89BYl%M6#q
z<6gwb1o(MF*FwPI9NPdjotHn0p{PA)QN@=zYS4H%NL(r3VIY8Mq8OK{&5SqFca3H{
zVfVg+X+*lBI)ep^)?`SMqGgKc(BCMT{Wg(;^fLyvPIDRT->ogZ{fSn^gFc2W&$1|K
z1JU1t$%8Ay<6{aq_;TX;l&_@!SB+|m*IWjwG?V}bdNyAjL%lS}cGDfzA~)?esz?4P
zKntkGd6zn-`x`FMea9MR@!H{8X})S6CJjd@qF4$wK)kpd-Jr!EO-mcQiEH5u6kz!_
z7h;Wqm^QZlOE=(M>ilm^b>zHe&Er-hFDfEI!&b}=U11Ld*gF*_tGv=**cgzh(c)q8=K_}=6^Dt
zI>cyC*UnB-7zswj)<`3BHl5~}+i*f_
z`gdfm%tkJu{^=V0!_@V}^O#6GjcW9qV_p-Ly&Q9_v
zgNYg-k@SYW%qaH-zwzB@GRLrugTT;$_i52cN?nN)ElF@=}MtBTA;llL`lL9A~ty|GvPe0iX>30SmIePJsGNCy(A}V}w+m_72Ag)VrHp
zhd^f|cJxUtF}7OugMi(DT1r6mPI0^*lg$da7#^E6BSrs)hZ<4%q=B-C`c5s2ai(BG
zQ%*%Ysw>fbHr%)bl{hr_9k9wJkVBQ`aDDxVw-s0P46VDrri|lS94yQJ)63C=($rO|
zqNIv*iW707gJ%O@G?Ufha0Z14hB5IavUH5Y9e*gR^qcqF`OD^-OB2f&UHfSr{E~&uE7V_u86vs+R$I%|PW%9_g6KbPQ-__w)AggEy
zNJ3SgOm7I&t5O)~+|Ls!7XcLRRx45s(PemC)%v|+(5j>={>&(LutMRCKq_juGc_Oq
zIny}FaEgsTX1bv+S~x?rFqvXRkoHWgZK#pO`v>&C%K=Rwf`FSmym3a!9=wHp@=6V{
zlPEQG!rDG!L9JqzJdVK}%LD`ofTOa|>a29t3TEi_S=I_l>woKNS;{Ano%Ult#lvUw
zSs)9+!$#tdc)&wky|Tg97Z{sgF}6aqFW6`>Q!qSQVC=sw{I*zVyjR#&D4S=cVwRU+
zsSE@WNDZ@8aKqqJ-mAv~FZXL<&jt$ob!oI0>E^e)#Yk#i
zN*1n4*r9?5L}IOi-UNz4Ij1U+%)R6xt8nHyoU9TwdP90r_s}Z=hv|eZ0_Bub;Yke=
z4^3w>nvvUu`tIpw4A>I~CGv-X7eNGfy14_337%Fu9*=#P^6&rgzX$pfY}s{<(0zXH
zzLOIg1ksVz@XHAMRh&Z!u0MWwmaw20OBH8Qy2d$?ON-RPTLY~K0Uio;SbqW%LLLi`
zXFPV5pTNkw@)K)uNPwiW2+!Q)Q`&tky3L~-yTJ`4;=zG&;aE-z5td!JQJd|etDvPU
zTtLKBEGmOPD^1G5z!?&VV;fjbf$szv3@wJz&kF>m&OmI;P9<>c$S#2zh#06kKgKi1
z2%>E;ITTY^&ni+wt@U4VF|PAxddrpw1%iWQtN=+oHQeJA&E&&jh$mkM{17t_J?Kj{c~ZJjw7Y}
zmUhAKM--13=p8vfimnf$s!P;A(aUQ|6Ol2^ylMH_P>-C{frP<9^G7lowP{8>~Co)n@Lj-&f4N`&Mxu}Z#KtqFzrKa066JW>A@Gf)i$z_ZXXQp
z0gn35a;}a%L@C=^=~_zaRZ^qUzh7fJU7l{fTCcwMn~hLztD_LxIE_$3ODne8^Y~k&
z4P3<+WY4u3#Htrrggb64Pg*CT?Xpk--`Sk{3N>5LjJ1}Q%8kv05_?oGG-}vnj%|a)
zb~c4x_GUmS_^c%17F%3wt)Y=y4(W?6L&dIVsynAwq${B?z(M2eJ{85KfqOZZ@QjU%
zMRIC(qUj^Jb8{}m5#Rz;G{i(9XK!#XR+5F%x_hSktM2LWsc={>J9L@L$brr2T97`8
zZ-ry>3B?K2;E>yzUS6a7YgrLafWTSY9#;7-L^&XI&!C1Cw&7O-+321GlzeIN_vd`*
z$YG_!AH%rU&aEP#Pr2tic(IZOXpLrBp0Lcw2^KMS
zDw`=M_`B{*G*wR4LkVP0cAVVkDcLViq^K=?8H=NoZb{t#?QkK0tBWRit43H8AjNq%@TJhK6xBAo3!@k)TXCRTz=;h4C1YLawU6
zZ9{Vs?X1JNLi~uRzD`HWoAq#YJEa(rj0?2y)dcXTv}=Oy00X+*_dVg>l}>kswqxga
zI*gbu@|o@05&3_D56Ss5BKb8!8r2zr;RvYs>X0VO+1RzU1jPP_Ws9Irk$d5JK~q|^
zagJYCuSUFHA6Fjzlg-%(9<`v9xEx-8@82CMODjlo18fnwkUpB^`ed)#Mh_V-VvR)|
zuliIVb8K!`Bgb24cyb6V&&q%-*tp0k0zo*Ej4V;F%AZjX7+VL?mFTTk1@zLB==(n^K*F8htbC;r8;I-G!6dIIh0Ec+Y9*(zQg
zZTX&uIhlp_*q7{#;#>3!Fei?1l{xOk{XPJR7WXXIxcc1VdrivnD2{l%%>5C7u{w>&
zJfgmz2Yow8w2r6uwu~oI{sJbx#Q=2yiLWlb@&^2@JyepQf7
z!yHed33*RZ!|MrwaEIaE&|&rOTKC880I>N0+eL1cl%`=ff_*EvvTfWq
zP<%nqQle7Jm|Az`MB2+@)TO46@ozd5XE|7?*j`pxpG?-Fyr~fdF_#8HTcq(-6KeYX
zSx*$Rp*1IZKkGE`9y-?Z+^YIlLz7oHO%8-m}Q4_}9SlLo)w;DNVJ9Li9o|J%&Opqgd;vTP&4?%{h
za%}_Um&-<2G|~bS?!h9>JKI|*e;gY=Ufo(mmohjqK}Z9yBJj^nbU3U5H$?Mo0(V0F
zRmM3e|EeHJp&$H@Nfk?4E#BeX9HcRd`q=6;mjQ72hXi?dXNay`5w8zE`w|v(Y;<#e
z({`lS=KU85IGH!dal@UnmdKINTBY6(%%Y!MeZzC_UGxX#Iz0SMwZRx=YuGXtglX0~`Xvo6?cY-FSbEo2La%%cLwT913U
zWNv77pfV#&#ORjy3HsFaMbo^saM1HYUn2+5Ck#y{LkyfwTpwKr9{QD5mDG#Uo%Ps&
zLt7_(!VJHFHkuI(82?rgw_-aj_ZCo+P5
z8X=KfeM}SAI)OjOv$@XgTh`#f@T>SXS12zbuP)buD$G&m9?W129W9&5MzQ&cj49cp
zx#H@>^2NLS5vbApo*Whm7$2Iv`oT}?0Nnekd^klXTCt!O9eUv@rp0WDV!EdLI;0xD@)x7~H#m2pZW-1UfXJ2P1{lE=6v
zd*bLM6sI1Axc~k4mL-Edm`uQ724fPgnkIQ4!K}Uqi!JIDdFOt-9nxr~h2=d`d_3|QFWBK-G?YoIL1NBDu(Qgo`7|%=>L>9?1;C1#L
zu#q_`mHFG(;0!5vQ2h~jCYr9=cn?K$2FeGVB7gia#TX9xA-M#}R(EP&MQTu+>fXlL
zMi*%u$rCqLJHX~#KRjtq^8ZDTk|Mmj?R6tFv6F2OHAs@}>L1DACm_LbuzzHq=f);?(5QU@;X&lR?xu^IBMeA_vUS>#BaD
z!F0i57g4@hB!-xOm?MVBAXIM=k36J+QH>TDi>Z~2ioaK8eUYN9$hC;l-@Y`jW~=dM
z2qo*uESt)2Bn=JzfR4@rA3-#ik!g=PA`3toy$a)#Xaq;nuIss98j*#5{QrRW0|i3b
zZ8BK^8Y?>mHEOD9G((T#*q5x#m^Qb==&0_%PRMLim1s?Q#XKE~Ot=n1JIg0f!;JH-
zUPAN71%u8opD3{n+?lXE^r`i)hcr)6;bwjD8V@pnnsn;UAHw4v_#SD%Br^XBL_T9P
z(^4f8c^JbS^&34l!3vrI>QUdF%?wk@jz3U#BX`zgCi&9oC!%qbg
zpdWO*>F?ya=?s`pKTm;FyEShr)Xzuj0G)MA%W@hx*Hg`bb9*!Nl{dVFhbTG7{J$RZ^hJ{6y!H;A3CBze4p{F*nOEU$lK
zhmv8f16^w&%)!nAl^T-*rajzg?$e
zXUy9{cRn}q_?WS$FM_=S@oa*V&a@AgW%qfnLUQ<;q6f?^W0WR3e&0YY;;zLT%f&zt
zU?8lV(hhwbR*0lDa|&A>`75!
zJB>M_#;+SBzCjp~UOLBzb>iz#L2v?XK<+by>IRbU`5Rv8~?5wruJlqb&
zL3AoLoLvFm$H{TvoeRCqISHueSf@A1W{7qq(4I0@5x!n8aU?=|E`tx(03@I*ok~NM
zW^)+;^26!BWKD($L3#h74=1Y;lBFAVeuuX%sYm=(*4`wg6a7W$a7=g(Bft|14SAwqNeECBVJ}CYhtmQhtXSzmSuGI
zZnr^qke$vjaOjOhfX#2(uB=2g*fHL<`z*)((nwDZc~H^l2qCrBqk*2%YHkG*EJt}V
z=`4_-ptetR48-_jR@v=#zTA-9f6qBsh27favcg}IJSNogAJS?|k%h>gi1y7Y%@7}_
zzqiz=*Eor>+GZS2_>?fR7@x770_*&|?6603XOvE79aogsnTfxa4>StNLPW+AJloKE
zFSwES^1Wbz7H|fwE?&X&sd7^?A1rYBB@CdWo{Sdbo{LV+IH3IINmk(|24r`{7f6Wx6@BY+Z*5+|eV
zS{oyyF`CE#-a)pghjDx3<@LCs1s!gVq~y8KB#h1G5sg&DZq3}a#iNPv8gP7!Yq`Z~
zy2K$nt%VG`7KRMEq1xHD0_}nXYRWu-(C&wnW63r98iG4?HD)79ya#-KHsHLTZgoXZ5R;h+}I5{nt>PQhdJOmmG2a&r-FBdx6a}fnwwe~
zWI~MrqRVSHwFwdkOV4kihvz)M2-NPOyb3=>Xp><3)MjRKH#*KDyp)|MpgjPtgbAe*
zERjY{S{qj0bzZ3=5=k7Q8IaIOi<9g*k>%gK4roIQbky72jc$P%C)aCCqTKvN{2?eS
zEM^|9)Kts_AJy=)P2)XR9+I7*?GRZ@)PrIvXip*52XcML*0@9eLpd%u#aidvM#(Y#
zU=xc35BF^wYX@|`#^L59DeHc8B~9Xr=j>uC19*?7hM|Vk4{fd+UaXcJ_B;9_4}(L)
z%|=ZoySVo2TU)Eko@t34O$Rp8(|h<;0^sZ~KoTmaBcrAx3nhTP6T_uZ^9}rudPPxD
zwLyBjCO$r!Hdvq!ACtI4l$CZk0Mj?gYQB#MprDb^NxcXiw07knM|RG9oN1^y+Az4p{@-o8DY#xb;j6N^`Ice$g%04!OTfZ;UYv6vFa6}3!Cfp1s=*0>yook%L26h
z^BuD5;?51om)_9{oDsLn%@e}FxshzA&U1vB@=;Lp?e_`8mn+mls@k=dKEZ`WE~+NJ
zGRNVDNm$BEx=y3QhJ|`niI^^w9cG$u1{z(6Jj?K8R)qXo?K>W)cvjCh0fj
z)*x5q>`+Yit50`}?G&SDNwSi(LkrKi-(ed%CnOghOffGWMyAb0^Ne2%gt`2g=#6wV
zW)moy*hm`zoKGvF72nPkHK7X0!?KBC!`htX!jJ?$hvK8(F(gsKdTdqgSh>*_~&ZhJ$N7Y^Evnpu{6kOR$0
z=oe>i9GDHk@*dT1dw5gY+VYvUlEXH~M-sK!|3-aOtwYW+G#wx*K}hR%uvIV#dS(@g
zdH4OIT2VUjL^;v5@lZ8g0f(b9%(sJ+9gND4l6c!H_P1P@>GVwH3$L=mo>E;1$?dtd
zC8dGTZpb8CiiDtMYf2)w0-*Y}z@LF%;}ZigE{IZo`xOVJ`}{qOF?!XrGtK1^Up@A<
z6Hxg2=D^?tvClSx)3?jzEK=c!OLM$K((Q#*CWaY^DWTu>`S?}#blo!dUOXtSaZ9C-
zJT_nx&3XjVhrwsywcISw0#`lkTAYLnkB4~=JIFcJI?q(+XNm|k+(HhR$hy-?KOCIM
ze|-4(_RR+b;CI)_Ai;HmO*^wZB{a~}jC|M17HUJ60NRi}7A{|ll&T#j{nKdirZYBb
zJa-CI?vw6-!KXi_)(aLjJPD8!b=Qt`J4i&Ci^}qZ)nlFp;Vf_AY_)RR-5+J_xOSWh
zcNtQ!;}2))s7y(=kQ=78zW+Yx2uWA#&VZ+;Q5^V$TwKRV70Tl!&=T?$rO^x8UPyO$
zH{`@c_#QP@MQ&nNr-6~@PsU4M{~_lW`WOEZsKyD6l!Ur@f1)i8MAaNe4u}vjO1K^`
zJs75Cm%to0*E
zxsJUE6NV%0Oys_Vui_7VGEBOWpb7qCnblBsD$AeAjNQ)K7t%OnM~uo*5RW#22#*GP
zydKc0m;#Zx6bPa_OnkX8>Yx5VGTcC^~I*(5I8DZcyl?xl29C$LVfL
z#5Q@ezMXWqALga@Zq$1FrlD#|O
ziCLCq_pDIw9vuK_gRmI~rb`j=UgsrDk@u3HG}jk|k*b0GgR9)cn-~i@H6T$aAXRd9
z4zXt0DfB@41%PyPWfEn)|6?{96YZKmaVAtLoUC!(^8E<1ptt7FgsaaDeLF78>!H$oolZm#J55Nteyio|wm`)KFwDW)+VI~CkQtCI)N^nhx1A9ai
zek5Fx8vm>rY0_}N{H=e(09LeHoXaBwFip*Z8r+?~7)YeW_jv3Gm8rujMXYLdlYY5U
zAsI-E35{5|YKSoX*4g~NW|imFcDAizBtw6=;&-Z730m{zj~M#|u~1^p=Y+E~kx1o7
z+3^UMhT02?Gb^TX_5q6+v%9Is*rsYO&Vt}tRkmF@N3m1-)oGt|Ffq_2PyT>T4mK!1
zz;6I}g&nutfM%R+uTEl{W$;26<7Q8z6)7`M5-!RKKy%q?A%XMHaJdQ@JS3(vxjk8&
zB5%KQuH3G*F0NNraO>79e?V|Nek*lGP@k`|Q(#j!N()gV8!l$d%;I-DGeh!7E^Vqf
zPFYcY<5NF-^wpM1F?F~?4Rof>8gbf5%^)@vbKR?_3lN$D;0U$DE@=4A_v;t7B9B&}
zk_-M_m9%D4b3Ht>*Ezzo7l$%)u)9Eb{rkGu9Uqg-mNl4%0|2Vc?0U9HQR>KXs2695
z1~*$)4Dh&}s)UqO@_SZ|DwRBghm=dpCi@a>;~}tb^W}Ilxs?1>u+mVch4g$o$0^fb
z++H9w94F!1aD_Z2)M=?>AQS>?(;>3UoDSh%A=y-m{kKoZbQ2#CrlqMtD700;wmbfL
zuqqLTK$Q&QuPYMBnOsa{kYI5AJ>}aYT-l!jOJ1%vaD2&a0Mli&5tMfXIB*v!y(XsS
zW}z+}##(H&=*p9c?K#FZY#+r`p6+aPyV}(HnmHN;wPfh#bi*~%W7$-4V1Ptg@DIF^
zkUXT<^SY2JoDzd&m?*>{tKo*F)YGrx9wmgHQ7o4$Yilw5MwhA
zt`D;MCElg%tI|}&0QMt4thL3G=`2@cnw+Ry2mWbL$+bJr{a%8Nj*Axnz38b?E;jRxE@$5{`l3_6PR78*S-a_>kW^gW7_vk7!7USJM-vJ^_UC
z3UhdutKkhyrf+QIL^cCP>f3ll@JHD|>6A4dZijk+`JS*Gd$&bYbRUm6U1C_uV`q|D
zk1>DbV_RWvJ48Jj@`CIuzD3&gOa~Fmv9!xn7#UuOu&3pkbcDB_=mV3p@Y=QU8C-;Y
zP>ASzmRC}Q(7_B`Z27Y@YTz^C9Q{uq+o*m(u8)eTspLp7fF%@Fj4K49S$ELf08b@{P=*r>ji6euc%ih>NIr07T|WdzFf38PdH2FFW9EgpsG8`A!|L
zIzg66M?{5A_4DcG&3ZlbUe$qG!4!TNli`GxB83VW2!a79Iy}DA?ODIE@VUEZc%5Ga
zSN(N3Pd8RSA-X@n%%T}F)30GDFD_1jY)S2}9mPPXaK95~lTa+QG|e$=ssJd1O#wt9
z>e5Efp*iio%c>+GPWK(zCis~$a8c*bpvgR_c=+$6s)RWdnO+A&QznqmMOmk4(gW<>
zpygM{TrTd2YJlHV++#=nIv(cXKoWOyj*O_dix-Gq)vYj_A~qy}@&7twM?XzJF5W@9
zFob@%x*R^vmP1#Gs4&USE|wrf*|bHNu`cEbMBgFgZ%?aFL-k8{S~tnt=GvG^}>h%f>hZo?TT(h4}V~5FMSDaU%aJAkyWi
zQ#d&|dgzO#sXdw?_hNaP99mK)Jt$7G6@?)^#(1EwR;Mj1n5fkXO0*5sa=@w}>CUpA
zK^J1Z^$rrO(f^Mjd*_mQQcxi{gfZc(5;LFiU@T-Vf|yRxWbJ_px(+=0Ig#}2#0zg5
zf(osQXUrF20VR|oEElavRjGOv=lV63px+sBAiar&5_D;?FbMbYbzj^I=r#f10K`Gl
z0YPSBkCU&q2snKo@aE>Bdy(~#)&AJ5qnJzfbad;ykz+^&P)U!K*yLPf5~iDn5lOnL
zeo8@i)V1@-@!rbTcc{o~x#-o+aRjZS$czqSb4XDX
z5dh#N0RW@OoXU0(0Sp^;uG4EId#gi43z%!>gbNV{=X@A&7a$w?*uO%aD8TfMB6wG(
zLhVS`TtkMm*nsz}iEgRpt_Z8dkRT=H`65P<_rQ5Lm+TnK#&EPnpN*f>M|UEcqCeiV
zGH6M$BsOxQZi7&W0@ccYPQu8u_43MDf7!I++=UJm3cuYoVWKT4vzq!kAmX%sQ;$w2
zX|2(I3bkms^g*J|3uHj{=r^}RkzXlW!T&z^%Pye9a6*u)_{(oC@f>Ypta4v?c6>H0}`&b*6
z5bAwKcWcy~Z`EVLL~aOWz;Zm6If)u(22OY!*cdn6MDKPYTf?d_S6ojw(=>P+?|>$P
zsG(Gv6&rVZ_~OlCtbK-5-rTmLuQXY8bi`4~D)O0U$7GrP<25GTBD@}YU`0ZWGr30t4q+Ri=^G+24KNb7?=mg|EAk?7
zX_D%h<1E%BQ7Wsk@`JU?94xC!36lvWw6gqX#2O_YF6!!TZ@Wa#6O4x10oa-pmwfE8r7>ZBLU2z85#{r+oKaG7(HnhF^CA{ja*Ln
z6O{KQKonv$pkd+hPCg>062uf*(o5)enEYtU2R2DlP+bg80movB(L2NpI-A?&diw;g
zKv5DqBsuzSce=Po%ZV|ym6*E5Y6W!BKl2PJH^4nho#b2&=&l+ejQSy&`vHnG-=A{B
zGVBc-+Os}jgzOAnF1Yw{Qw8Pbp8^tRW7#0Wm~sSO3$=km4J2lXPO-MArA_mRBFqP9
z!3|V}Pk}{Xw-wHPV~WbYrV_EQg&P_dqCHf3R*;9I5IaH<*{r!NAr64B#6WGxiGe-&
zO2VCaHu~>c>3}C_R`)GrwNgs7GA4Hh-Q_mR)_gyMPZYqE%Eg(MbwHPTvr<)yVT;L=
zu>atxZn^r``gvv@77dLMx%GS78sso#qo_^y=_cK}{5jDZ_Tjm3-(OPQ&k_4Mx7uvw
zA--^9iY3IRjMy@`Dkzp%`lEr?a&~hs9#*A6E+Ntq_ZSl^8?flCXBitQ;#%H^391!z
z-<~r-|CCP1C@3Vx%AzlBYzy}^;C8^DWC~U_mV7zs=tyMl12!pEkzj{H_dy>#$h**7
zz*nr$A9~$m$lS^O(Og^5I?r1jd3xxTo;=pmzjq7(pqXID6KQsK2R4aK7bf7bLS$r_=Oju5Tl0#TehXNFOp_FhT~jz%z*T5Q4Zs@l?i0hXYz$Bs;;3%23zA
zMJU%4A~EUaW#JG?JI-$Jg=(<_({0+`csJq?sFXYzQN~RVkU_t5cK}Z$V4m2hYhP~R
z*F7h1>2908#|X(Gia2>PeKy`=JRH)!w4+is1GG(h6=I3tbEENL_o?&0l=
z?dv{WL_7)cIQIyK2oI*)d+j(57iuyerk?asY7;>4HR)_IL{z2KZ)ThKcQ3CHD}0cj
zu_BRaq`>N4dy4TBXkWc`JXVUjjfGH1W11E|RhZ}5`4BBuqXd&&BC^E4Cg!B+x7Ax4=Lo+hYNpJX#o7KTD*kGvm_EMHSTg#r!55V)OWaMI64)aO6eDP
z2)Y*KRpPXU%BNk|Q5tYgLWHAmjb5vS$6ZJIjcZ8n!$&`=AXH@g~m#$XqIKRdub6KnmQ`dT(UCK>f*tIF-UqgK#
zxYlmkB8?8OCpXtP7g<&IJ2szv&lm3YLX>^*lS`cXglJ~bi}jyq!=-?kIvNs&>0uLi
zz|KuIbLt!LV=KWm8{6IMMuAhkbzm?Y!f~_&WC^?z*QA=d>ps7CQ!S}0DD0q+WteJi
zj=wv%HRpltXhb@WHX`=e|+$m)Bp6@wu>e7lp_B^fDb)|(HsEPxC>l_qaE$upv
zMv80y<}2i@Q|5CE3*)O_hj&R*sF1!3{nD20+O0hUJbxje^?5c!Yc)bOYiYD73m6#CI3C$X-S^SsK`0>2
zkC`A>JJMuHz`sSFiBnm_z*D;Toi04fDu?m~YDB7{F(&c0PUxvuLHNOz
z7x2WW4D}0bQz1GcMPWw~3p2W9{Pb*r8oC^9IlKRST2Wq|iAX57+yJPEV)`9}ae*@;
z@x-t>MNR{JAjg424#y4FYpw+$*gCchRS8zRs*0s#eJbSGqMryeZgh=KiUxqto7}8W
zN?M!>Ado&RMX7k^bq5tE!}Vh_L0dtNyxF7k_4nUfJI`;Q5Q%ZNdr!C0X8w?GM&)`K
zk;`mTBruj`7w`TUcX8RNrpX7F+^DyBnkhsLa?avZ$OF$U5rp03W_$uyLptE_B0}Db
ze05(fEggi&mv<_z&=yJ^!<_Am?2z;lkyI~$eH=!?VY75E&3IKVDsLH&7KwXKYz57z
zo^~4aQl|^2g`Mz_9nq+hV5+5?lx+v5jZ@}v0>yW3{);?y(GucNxT3&lm!H)voCNscOv>RcG{*l~cNEBO7A)O{U
zuK0}E8f|D9Scv}t$Jb6OC7i$~_D@R#fP?I9uO*JK)IgO<)o>U+Pjj%PL?5AvRaT4q
z*oyrB_sq3Ao`hIzUu#MsL^M^1puxL=N3><5JN)n0$(k89>>?7@#wp_Pnkv^(10C8Y
z%|7G0Xba}D&zWOcBb6C_iryJ1!(t5tFA<72d!2}a;CJ%Hko}fq!+kRp(;)kTi`iXq
zMDa%lDtxjH1d&hzsx0F(%#~7JZx@Pd@7~17kMb%ZD
z=c^tFprv4zofxCt9vTj_LaW5k#BCB}GT$Be$UuPg6qZEnpWf>7b@x5Z;cn34HUov3
zIA@n2oL~*Q!c3lTnY&0v8}y+}M=4SVE%rh$oyo=yQqHW8bP?<z~VR&kNAh4;21J%|8HSVW)`Vto-O^^?I*JotU2U2xhzCrofE
z(QA>N@v$Z`eZOf{osqIn1=(sK&Asx`2L~FiR)2jzob~s%!`Te^?zxx#WVpUbwm8KS
zS7%aF^ov1EbAOZe#fdlfjQSJyQVXP9ErW8UbU~Ci_ySrMvhPXFDoXHTpV!0b
zw%J+o3?&Gh&80XIVNrOX?7;9VYYF|%a7WOT!LJCD8#5xNW!
zXsM;bjI2D%{#z+YWuBj4*LVsQN1zLR~EWJNNtDbo3=b
zGdsr(Bt<^YoOJypLAHg~s_Q3NVIl>naV{%ROM#T&slZ$7DJ4|CoX{m+U9X8na109-
z+=&FufK#aOmV_o(OM0>=3`|53Bfsxx#`J2tTn}$_0X>M2seWkt9RXD}OVPE~W21gA{T(5!&S&xU#MIpUxELEL$Q0|+<|w<7N@3MGIokfe&gKzm
zN^}>?Y3dhRbhb<3=d$T6gcThWFDFqqkp2+hL#-OeL2lB7l#6DFNHu8Ej&bAa{A=-*
z`un?L{b1SJ<=EH-1OuHcUh)X!uDA_ciA}mjkcFM7t~hN3W1!KXA!s2ppy@SCkd>2`
ztLJ(_O)AaH3US3w6BF-fg66B!n_JP@*#=0)sm;O7!k}Q9NsEM3Ke_s+^L(2oCE#$s
zkrvfjQgmh|MKW88$1QtJVkP1lm|~&gX{^Pw?x(~6Ht7r|n9caPNs1)%uBWp=Ea_ce
zC(sMi2^(31r?OpwL7}Rp>GJs&VU~~=8TQ^p%dlNibMU+HOt5n%zSdx`NsOdQQNfJR
zi#b$fNY#(D<12LQ&f%A#LHMRwPxBHFvf7g~O5<)xZDZGDmQ=a)o*UvoD$|}Pa+fq^
zXo+qdwiuTMfu;xwe@k@UPDaMthtiN(Hp3?I*J#bL4i9X4qFk1A9#|L+LaZw4WS*a7Sb)AwN0_Qb
z@>QrXsqa{%2^M
zeL4VQK1#;Kacl^xIknzY9twlBgh&bq()DZ;f3OzkGoAt9AvB4_gk9+*3f=k)wYVy?
z{AvQKvyWRB|wUsWzE1GCECxP5W
z9fRGwA}j(71cNUhpUP8Fl;j-fW13rMYAi(uPlTnl1_-n>;YjuhB-NRK53BoY4tC99
z3S3uuL9w0?dldfo3NNUZVpA_;iXfhnGT0E$YN3cM{0v*U<7XAGsr04c=ADMpoe#?!
zklWKEpV3an}P@-UG%{Ew)-id~ho9
z%yoqmZ!&*M;%3Vs|G8=@W^wVJwo7Q@g_8B<`f+eca^)7Kes1cDg)I;okcsSv_Hn1!
z+>A|qm|A`Kt|#L)uuAzsqtgw_bv;X+Ch<9jiV=AIx(0eJ
z{0#&Wcnk=rAkhH3ZXZ|6Eoz^m$+Ie!XrO8;1kikn7o*{7IKmh-^RVMQjuvkMcrFz3
za|k(8HO$aRVT@&Ha-r{@rw6MfNes=Z6^L-=u*J1{t2eO&1QYMd@L9B5I7tWS^!(U$
zr1juCjj`o-i2BfhL`xGhC9_DY)P6>hfcL;X7Pc>y`cC?7pLj7ar|BQ+rA6o(ZQgEY
zFM+bb>~_%wlL;nA0H)Qn69A|2E>D_mMdb;jTd^b=>jz_i(z&)%Q>9pFF9e?q=}>$K
z6GLR@iOTGDz8Kr7s1|&$AhJc!#Tj~<8J|vosit2?=_+uHA}w}A*Jbh$<5gd_5%fTO
z0;J3i6y>Qg4kZGp{;V$m0yM-1?b6wMP*MBG)N|+thrwMzON{#2=xEn)q~4;O#Vv|B
z7JIsoI3-0QDELZM3|dTxSB25kZIPnD@$_C`ARdoggUUb(BH;n4J9_{t4vW6Rkn8D4
zJw`P|`oxHB9Ih_C3S`^2$*5=*0F
zG{pd9u@*HjwMJMk+_2_Ju|Qg4Kq5q~yjf^$d?ypJ=+g0^Io%DHEVgoCNF$
zP2GOKTOv$ajyvdJ3G4D^eSko1GS_a4+$^>r5UrT2U$s6N<`IyNlu=}=z1SLel9Rm?k^>l#r=;7G=Y*_qKw=r}cMeNCi$vU)B
z1^_DRe8vu^wqpfxs4{wXCEsROq7?{(OSF1wrOP-%6?*E>!ABSZB<;>cY)*vXU_(D5
znX01cPv`-9XJ_B9n&ZXRnJwVT`JBm?6pjvR{c+YX%CM9Cib7$N-R{#23xEz&{kNSb
zH}maMQy(=C7FSu>sSg}ay}puaNYueN{Wx9L?@Zy95Sjw@4hE@3mxtyPXAY};YpAa4b!uWEs7t~wJw>&D?*iB
z7U0b`%7J@BcgVktDAT4(k(E_5c@$%lHa{ZOBd#^S0XuauyBW^W2M)LN-%L8Q89d{i
zQ?S7-!&=^{^aj?u*r<5U2)U|L@nIE{(8;XkC+BNWfhE!3LzHfwq*lc$k*vi|OJout
z6@BZu5vcY^v=BYeePRe;`&^MdKyw04v-lUf_Xn?x06FbLOLZ)@^H#c1mu8W2B@cTt
zM?&3K+riZ8oaQ>`3>z)UyiRh75LnmnL~5_cl#~^f-!gIp^YQmPHenStfc~FViSC`N
z2NmM`M>Rj{-Dk!5MaE0206OrL7v7{BxZFx$gkPLPB}p>}9I3EmNE}xX2AoyhA#(<+
zVjd_~UL3+mac1h=1-*%j<
zX*DmQ*HV|4m~W@qb;s1fKExTU
z5h=_q*0!m|K3}u-m(Gc$8d%A^5cIOyK)l&Va5B7`Z4>Q@$)C8QgKQKI-zu=3aH#VA
zG(cAwwakk&NIJ4Jl+kJEAZG
zvhsQom;y_j^H-{Q4cG--#V2u^9_llB)B6sHC(AWwt|sYn0$*VPRXv){Q4c0gU+2#Z
zlI)-!b~62H-FWSdYn~I!9W8W+eps#$n4ywL2C6$Ut^eV_|A)h*S_lTRDn=Ox2IQJo
z>FQ#RO5T&{qH>>EU0Nm-gWwcu*n8yACM(<|^gr*2-^WMFyr^idxFy!S`hW^M*9g4+
zCarv|3|0;j(&#{C%a>0u)JO@I-EqI?{$;wI0@eG&9i_pj
zpV@YELGi&Dd%WHU6V(hKY`U4Ho6U`knPWI{wSBq3Y=hwhh&PBp=*LcYe6Tgn*x!B79%tcYwN0Qm<##_xnH(vhm1Txkw0XV5*Sa)vLwLAvsc^>AT$3n6*<}11*l`39_bd1a+DamKc;
zj33+wf(lmU*}9)+k1pled>D8_aI*%Ar0*joU2trA8D$eot|>G}+v|mVlXFSVs9slx
zIns`j_SWqjYj7~~6iv{O7NCMSj!SPm4aUOItv?Pv5GjBPo|;A;|G(V533yfI@%Vqp
z#kEvXQBhH2L_tN&4PjHPY(WADkwisBub1Qkfox`hV5!xL`$pZZ)U8_gweC_&t!vdv
z>)O_>)>f_5($-qFeC>Z`-g)15&OK-DO>UC@p67oaO~Pm9%=^Cc?#np`-=PkrIceHy
z+Q|ck12>F@iM!Zi74yjM4xf@^s5xnXw-wpe1m*{@>p~9)W$$(3Q}k4&Wp5v|%AYUi
zu>RnhK-QW+jIi*z_NtyQ&{Hgq8uk7)iw%WSGG9uS08tKw8@
zS(*m5DLAqc{#RgLo0M-B-Q8LcsU2o1ws&h;5WWtdGUedn;YTfiJ*@tx|7P(2;j@nlih^JrvIP8(*C6vN=y%H8pkL>}e!C6W
zV$0S2f?x=6{2#B~@khlr1J5d&^3Ba_Kmq=VvI)rH+6jMH`4L_|A30n*;14UG;pHol
z!?iX3u<}V>z6Lp52jUMauk-S?$l=oDZy9m0AO5!YpXBe~#PY+We3_RI0YBii2mY}4
zALZo}SiYl_&+_v5EZtcB&TVlG{&P2*
ze?#FP_&;9%g8wnkgGro+6=x)hJ~4JsXBNufdI`b{=}kW)kyzJ{6fr&{pzz>Ti$AQb
zq7$8b7Rz^&a*^H!mJdU@^{2U=%F_ib*YfL5mY2x;kM;g|k>#4dH{_8I;7W0Yv|n_g
zOWz2VPn7cIKKxlMFO~8|Mvi`dfb+A``q}yb@*{DG@pCcgUB-4Uk#;c8R(V@kk@5N&
z{7-o%Y!%(-amy3Vbp9uMz$xQ`U!=A1NQsbZlVZIuw6copvu@
z%yO+RpTlykY~RZAangRXxBpxYc`@8m%6>?}-=TCIenH|40H{-wM+eJ8>E`eQu3hnm
zP3Mt59#t$KDdia>9}4Ud4&&MEI)H7>L%yxKitT7^#Um`o^tgBwnZ^d=`6kPs4auLN
zh@kunmTUPncniD{Ow$i;H&^;}j$?UTxk3B$SUy7DU+eGhWchk2FM8I+?<$s`6_T5R
zjrJd5xz_i*nMeKw%LhyQbA0>;Vu+DAp
zaa_wf><(pWp)u|y{;f+C{$tSS<5LB{pZ1wi%v%E^miw-9R%)^yA
zeMK?YYGC<6tKNKaxv-}kL%ola1ZIz>x-njc`D8>CLrRW2T{
zvRtdXpRs%wdB5=Kpl_fc2#&!YHl9VZ$$l}Qa+WW}KG@1J9Vd8S%wrw3{^yZj#q#|i
z2p0yAU5f!d!t#pjIE?jicq>O3*cMM^Ka7fNi%Wc4Jahmk!*vV(u<0$jmi&QsE?_&0
zpsx&-5p2_sPB=ZAZ&Tv*%DmoNY;S6u-YBovpVN1LcG<*mZ!mtq_>Ew_H{$f3@%|d{
zO-!KP=8ec9$8av=aBy57@xxN%Pt;q>dS}GxwR*h|Sg$!w??kURfb-}3+5V!wJ#jjE
z4BMLx9RC4e&*ftxL55I1U>o=W*Ao2U@;OcUhw>3DkLwdC{Tz>d;^I5V$9FC3of4NH
z^*-M|V7*odJLFGn1I0Y>DUMg%*b3ui^X;E;;l1y}t6~5ABRf1OPep$qH_)7FCF^a9
zOXnv(oi}yC9{P3Fw(tY4>G;F?{kuLqn{PX3=P#D?&3%0s#D3U4PH%wG!|*=i@aD_#
zimF{c55fflxQ5{m8y}vhp+8r0ID_K+neg>#KHI60c8X?FIK^m(50>^%_UXGf
z&;9FJuK8zU9{E6;P{Bf)44?gr`B=*G=cJs+!bK1Hc+O+JNm8%V$cuq>vV5+TV?CYf
zZLDFP!==utMvigm&uRH)O#LhRuh$#FdJp0~(iZk>H~H`e&_XV(Q%RkoJ4gZRz=%BZ
zSuDRSbpQG8{)RmA3s^o{-rwNkcPGooN_mr!qdx|*zix)VL+M1nUg`BFu-;GN^ltXy
z4cQq3(%XaydF1o+$XDi(ugN1{n?sKN7|Q;d7E?YF!t$XICubwE8$|}o*lL#F5|Ur*~D1Q3UY*
z^(>F;2Z}*Hj(vvxXQ+(ucnfU|qKTot##PSpy+GHc!3+mz9lM6*Bc#06`=~vS{4$pB
zEAKa50NH;akNj1Z$HfoJ#RT@zY4CT*2bh;){bC3$@&y5Poi;BkeL5zve1(i>ky(I2
zKhDo{|4Np(h3+>KeY}4S%MX!q5x=!8*YbKO`vJ!tp>*=PEc#+P>ztphgT4^!$it~a
z(0wtT<(e-R=ehr!Jon$q^0>Jd`sz8B$E_Ej{G&W_njnJSc=+G#?TGd3;b;V|dHBQa
z{rEY(G1&4Da{2i*(MbpU$>b%M}j)uQo
zUSfSVD%6I4!8&84j#wKWOc4kInwHt}FwMlX815Oza@;GIVI;n1`c;hPeAc0$tPQb$
zyprXb&)2YAE0b$ku8o)8V!7t)O)RHhHh#Qci)pN5A1#2t!@f3~uBdYk>*VTB>rfFc
zEgq|iNgTV!h@uS~My@;`$Z5$Hj}07-=C1)%x#QP;F+WGJT)Tf3%c+gD{wy+^DtLbb
z%O}F$vdmzYhVlzoPQz1szc^2DC(FMp?=M$sPWz)x2$o}gck<&+ok07uSgystf#pZZ`-@BhDg7+h+PFLO$X{f+)`x6hIsLNf
z6Xyp8?2QrA$NM8#9@i#N`t!&eSYD5T*zk+YqCTac<=WW!PL{WX?l%Vv@ctL`+`l1@
zd;n!^{CW@CAHnjt_@QVP%bR5U?A&<1Z#&yr?;NQ|Yt=!#xw(7n9)c{?djRvkch>1wrsQ{&4wqKP99X&;*u;;(-0kWM3yv
zVx71$jZu7#tayN(#5YV|f??gtc3y|SU0g7%=X_W%vd(g;Q)DK{=*JB#5A`=-
z1E(%1A3%cmvk)jB!Sc8@Figv3?DNQc)9gcx!PKCgcD57O@1XoLmY2cbF0J)Goe!{F
ztB0?$oW`;?-^9M~XDpA)6AXV4EqurCiK4umo(V9dh#?4KXO-~FWymbc4&K1>*n
z!XOBhf3AbYz~{64T2!*>L>sHUjni01D+|}NTq_IfSgw_Y_gJo#1#>u1pVt-BfHw%V
zK4l`ywfLXJaxMO+v0RJ)^(@!ozmDZvS$>b@TKvt%e|-8e4~wa?2SKhpoXR>hys-I<
zjSAe4<*kn8adE^jR&^naTXWdJFrH)iq42jWYhwQT5zFJsD&D^(4NikVn-2_Ud0akW
zomtI(j;!xPc~9(;AZK7WEo?{g)oPZ<`3mp9m*v_RYCX#-xi&A-J})-1oQBj^F6JZy
zX|fSN@4@g(SsphAKzUUjc?-+6d|J(NEuZdXxt6~5ET?S_n?7;ocq7Z>(q9bmA9x`A
zfa_NLVeiK_>j&P4<*cK{u_lKc%St=Tm&q{fIEnYQi$S)A_2x@GGftvGGx~cS>%^r8
zU&c`-z3Bg;c`NaF)KO^QAkR0==f+7^GN|w4z{zrUfwU}L6@;y^T7iwr|h)x6KjR9vRrG+KV!L8X9guPVnHw(e^~os
zAF7Ft2O`%4|$_tg4!
zYH&F!1VP+5r5N})mTyEQ8y5DH?|U2bSx0NrSF$`bmO&flh%B|o*Rzf`*ICDMtv!B^
z<=e}6av3W|MwOiRHDo%(m|-aE#Fb;rzYEy!Q=ktG`4z{0qkTWxz;-5JxHc?4%Y^0R
z0+z?c73Fube2Tmu!sq~(7Xur_X+0SJ4#h*9pV-JYXjow5z+(;!V<1%){h6&&mhS|*
zE)BfDi@vyu;}AKsh`vaBUv%cMgYmeEHI-MG!yueGc*UFwK^?6+8cf|QHr%Qmr`rUW*Q3ygit
z%R2Va?eKS~JelzVjfgR?rjEk^f?y8*uy%^ffC1%oET1Uld`7((*eaI)FnbJou`e&T
zvW}M4=W>LBarlVkJIOeRa|v701Ur7*hizvI`|2I|JLHR*7bPz2f5B#FY+m$B^c;p&
z!?tLd#ri|6@3iL#3-7;-N?k89_P;r>@yz6kzy`C;l-Crcy_TUf{>T7+)EZ6dKBFiVB5$h+>rk|AO{?k~#gS=nF?|PPNK3K$U2rEE7K^}BUiCp%g38oo+}@pW1YA@dI*I3
z5zFK149d5p!C96MM0p?1a#|X-X%uU^(^*cid@8!psQ*+K#aHkHgl&#D6%;wf1v5%R_l2_C6Q0JT8whe&?`U
zTSvV$&;8G_T+M%$mti7p`ox@d%fnCreHH$&@*=ajiSZlGay9*V0YQeNLemM6+1lf@;>j
z>33+86aCo2I)kN-*&?UDZ8gi|(pU`l+{^N1@V5&C{j}JW)uDiga5^7_zx!wFnd7V!
z)~1Ol)XV&kNk$$Q7fj0pmhXvbHobg)0_F2ruC*B}S+4ahYgn%3=USF)ZNghD*V=?l
zEZ5qEA(Js-`dnZF%e8f!`7GD`x02;m7>MrtOS>)6)u7@+k}(OgnM|GdZY5mGMJIm`pz{H_dpzc|xUT!A+R!H)RD%4zl8
z^otW&K3&Qo|4!ljJBj659XXBVny;>BdEB_A7{Xk~@?3S~1J=>%NPjY}uXhe*xpx0l
zmTPT#9n0g=h-p~G@?35DM$X54ZTk8gVPSdL$a1Ys9C$b=!KJ0Ol;!)Ok}VJ7oibG{
zr(moc$^#xN!SGvHuK8*;%O^_vaKAl+buY`0lyW}Ui1ydBJk-a-{Wuh*^s`(`-#{wJ
zL7>I2l;v@GiT0~lz9_{
z#RK9hpOt@)?ZlfAid{7|>HJZ<2D8A5`!#jE{1}VK~UE*iRkscgUZ%&k=n_`AiH*ZzF10uBEq~
z<#Bn7alMS?qcIShUa@xg0L!(x$g3=`mG|>=n`r+tmTPOkgQ#%~0&T8Z&T{SknmqTn
zvs_y*yo}|$$oTX784$%?I6Uef{QbXivPAG8iX&Gdcv#_&DEv`{Kd$h#3jb+@4}{qD
z3p|$!iQs4QpDrDVV4cE$uJ9)n{#1k?!11vH`+FkuB94XS_|HV}wEQP)Ab&>T_yltF
zN(9d<{DlZV0&YjYq5trre#`s`;l32nKM`c8Pvc?udrQ_`3BQX(Ir$fJ{FMk^j@Y?@
z^{t)_>1F0mvV*7&0{e>jJ_+~(uHDQp`k4sUN9>~@5&T-=uPFRAg}ZF75*=U|6Ac-D*P*jUD|~Z>Z=vw56uz~>2Pk|Sg%4Et_6o;0XGE_=u%p6vR`_6r
z@2c=23g1KF#R@M`_)vxKtMFk8-%sHODEvT$AEfZ4!pjt1uJADmAFJ^33O_{QhbsIq
zg-=rW6ou2l^)R`^j0KStrlD*SkbpP=xR!qW<`
zRd`0>ixgh3@FfawPaoD*RN1e^=qBDg1j1
z$G7H1uS9UB!p~Cp*$O{b;pZv*0)=0s@QW4xeT84D@XHl`rNXaP_zx7mM&Z{g{Cb7o
zsPLN<{$qvTs_@$teuu*ERQTNrzenNsDIDLN7rhd}0}6jo;SVYN5rsdd@U;qmLgDKa
z{-na6Quxyfe@5ZYDg1ebzo77!6#grPzpU_IEBrSKe^ueHDf|tEzp3!wD*X2fe@o%-
zDEvKzzpwB=D*R6h|FgnBRQSgV|3u+`Rrse0|C_=$D*PV`|4iYZEBxOI|3cwkDSVT{
zzg9R*rDLu{P^9pL!Z%a+77E`=;ae-*zA-)=*+j67qCZgK+bevK!go^mV1@6Z@ZA(X
zMB(^m$>@~`_E31S!uL}6-U=V8@O>4IC+VYCBG^yi2PoXW@jq-U5sXyy4^nti;iD8j
zTH#|9K2G5WEBp|JAFA-f6h2YmlNF9{^o?FH-&FYF3a?c7429b-GlauV1hW*$pTE>*bw
zf=c+FL~yyHf2G2&R`@jvU!(AA6@I{hF3g1TI+bVoJg>SF$
zK?>hV;X5mQ7lrSt@ZA)?yTbQW_+AR%TjBdCe3-)bQ}_W2AEEG(3b$X~3YWx0P^RdY
zD}1!V$0&T9!VgyXAqqcK;fE=FqQWODe5%4L6h2Mi(-l5L;WHI}gu-Vlyh`D76<)3I
zqZEFO!jDz>@d}@>@DmiCQg~Y7wF=KDe4)Y@DZF0cOBLRz@MeX#D7;nSZ3^#D_;Q7>
zQ1~edU#aj@6@Hq+PgnRE3O`ffXDR$_g`cbN^Avu8!Y@+zYK32-@XHi_g~G2=_zx7m
zM&UnH_;m`uUg0-J_#JQ}3(u`R&gbsvj4gCOc;XKE)@`OQqO-N!EhT~VBNqj30_%Czf9df`?4)cPV)&2aX(VhzN~>7;o`W<~;oLJa?5T5LMG
z9+Evr9-|ZIA-?-&_|Kg~4F9o|xIB$(RDMBRmOjG=ZH~X`DLVuB=RD%_w5$y1E
zhp(R!-#rZBUkS=Wdcq(iJA^nr!5QKW#EU}=|M39vy&}Ab4ic9{_*CNiMfiop>B-KJ
zY;!772Zb2^V>B0b3%yWKTak-J;Kd56DuR!d<&5uo)FS{D&qVg
zf#5F_uNK7oxdRpbng}l^epG}nA%1j(Urqd&2!EHjJ(cXmMc>4~kM)56I+(aTm23n{
zi8n;_?;_q9;hz$xCr?7M!>LO1VQC>T->O?Bi23tN(myN0$5RtE5dIe
zet(32Mf~9ipGYs-cqGElB>rfGe@^^o5k8xm&KD#6Y~sI;@OOy665->iseLoT&nNy)
zg#Uv0A0qt!h<_U4L#WB#7~!qNqmRqHOnmc5M>vw2czOe5$kw^Uw~OdMO?-z4PYlM}
z>1pPWox_Ol6wzNne9s8~l=uM=K8?DT@(8aZK0CsHLwrGmZ$@2FLxh(T$G2OBuUg`#
zMEF(2&yMil5I-lv523E^stA9AIF9bZ*Biv|ig46Q1ouV8IfloogFX#L!U2$-*yT6S
zk2MdRI{6qo)H%m+>QrMmb&@fhI=vW9om&j2PAP^{rxC-cQIFx&NXKw$bYnO*qA{Er
zxfo83Rt%>`D27v`62qx6h~ZSZV>ngT7*3TehEt`9;Z&$&cy#=RN(p+pG@=eXI({?y
z(eaz%(eaz%#rP|7CCpn5V|aA@hDwQG?})D9LlwS{!uM79Foh3S_fVj`d?tt0m&f^S8b
z(LYS#6BRy5;gc0UMd4EwUZL=53O`)o(Rm6gCW7cZ#qj7n#qgQ`*SrLXH5geiL
z*$SVd@G6BLsqnc9uU2@C!jDq;(F#9C;qw%Jtiq2|`0)y#ukaHTexkxt3O`BVX@xIP
zc&)!dn&Irto%!cPMRrq%mewxBhSNQi7eulzVDf~=@pQZ4#6@HGw&sF$&3O`@r
z7byHfg1=a)n=^@GBL5mBO!9_zx6*jl!erMW~nveyHeQ
ztMKa-e!aqPQ231s|B=FPQuxgZ|FObvQTVM2zfIw{EBp?H->LAs6n?kD?@{=@3cpX`
z_bdD-3V%T14=Vg2g+HwDM-=|3!XH!k;|gD^@SiID35EYm;p-IsbA>;t@LwqWDTP0+
z@MjeMtiqpD`11ukb%A`~!vmN#TE1_=gJrNZ}tV{4WasMBy70
z{#S*6s_?%le51nuuJC^-{GST{OyU1h_~#1$x5B?r_?HU*O5y)e_$Gz_pTfUZ_O(enf7l|(Q{(XUeYkqV!y@M?wEDEuge
zAFXhFi(~Xk1oISrtiq2|`0)y#ukaHTexkxt3O`BVX@y76fuL6sL9L=+r|^uz7b<*_
z!WS#NUg1j=zEt7S^DQR5jf#Gg!lUP5jGY!m|73-?D!fhM?F#Qu_%ekrS9qtwS13Gs
z{>S*?+lu~5g?~rkrz-rr3O`NZrz`w>3O_^Ps}z2w!p~Cp*$O{L;pZy+JcXaH@Cy`v
zp~5dx_{9oet?=(F{1Sy2CklTc
z!vC>b5R?RuI=(wLz;JCo1io!*{tW%x8F-xj0mL77c6Q>sMiF1@_zuh`5dWFuTQjdC
zzRvLjnO{Ww=Mnx0@h2VMkM&<6{*>c~G5?pMKM)dLBHqWo2kRfG@EOFParSp){UyYo
zb$n0eX9AD&=QRp{O|i3)`18*G32grx5aBrc`v5Nq{_XUqvwoYRe>Uky?cYfJ1!w0V
zw)0cP&R;-tyWkP0KbZBO2L0{Cd*-)f{w8z#Z~J>A@t^h^&U*d%_ZHyT?clxiBeM7&
z%uBQQ80O=cTl;gEPt4+rnNQE+-(x;6i{HTfq%6LU`Qj}89`L=2{PS5hKAV8Y*(*L>M=Jbs;Fzupv(oiv
zMSoaHy#0|19|aukPfP@K4Ku%jYTzZom;Lyk?#Zjm75xX9+c!DccIlgY8~fQj!~7Bs
z7jCEPJm4k4S1w#gCS5PFzI_u6xSg(lk^Uy9Z|ld{p(fl{*}m0J0WT5nrMLPwu)ck>
z#T9J-HPZJ7-}hy{+djs=eKK_-^J&0Kf__E(&%o+m!1}-JZzQ(9{)G8g%qux1uali3
zXUF-?X5f7#wBj$!@5%x7(Dz@f~`nNQu^fJ>Mk%lvibKV!a%`KwzP
z(9HaP;BoEA2H+)u|6agptUr3ViRTq;=UdEAVs4(#3j$kyPFMJi%7e=958T_6HzKbto)H_s6U!8DHNjS7E*`K+ysqSgPm
z!goHvgnJ3=+jNa(zK(e#hkFL_y#oInH@J(gtAWSm;~NV9M6o{>DmeOKJT9KEv;GsTZ~NhW!6ADE{<(6S-ig35p4s}VnSY*T=N+=+
zpL4f%K3DXoj*O4z3BXGN|2#X~PFE-Jy#oInx@`w8QS4l+@Sl)<|J=Q`|03D<&&6B&
z9{@)`Z1{$W$F3Zo{*V!Id?@qH2N*@Tovx`0uVZeWD-8lWa{WH@P2V*4LvumbT?&7m
z`Os~QUW)aDQWMW?K9+fQyL}Av?DnvY`FYzK!xe1*a^NMw7Or1d!F*H_`PPoNF@G62
z`fWYivHt%n>93FUn~5@`|26BcXFEfI59Gh)uLD^BS1de>g|mQ{i0>2GcI;{5+qigI
zzQw3`{nLoQ;^Jxb|3KV-hvg6s_qcMj6V-p5_-he6{YRsIlpg^c{q_*|Yj)?pk@<_9
zA=5eBD}cxOXN|&dSM2|i`Muj4!{gch+X~;vJiDJwK!=O*FW$izu~^A}maiqmzT!mneVJ>Gbjc>|9_PGmd(1s>=B!^Xz*?*K>tWZQX~
zdG@&I6Xsj*820Da3f~SKUJ|_F%G>@N&l8Dn@5=xA%zvTi4}=1M@tn-z+Al^710I*&
z0~P(Lz)OPPy7<_7bRlv7eInaGeyZq?J=nzOnVn6<$Fjv4z~kaGSJBTf|9Y^o)5(5V
z$$apx2Do;Q`LbOMzk&510$w7%i?o9IQYerm!C>cS%lDdK;(sFBXLG?g=AF!sVLL}N
zU(b9gTWn%}+3rRWhGBG_1-vBK)rD)v+piEG;<(ix2@c2noxpZr*g)4b=8LoViOip1
zUcnZZ0WS&mh}i!%>-R4zruW~&1VEzaXh^DgsSmsxqU=&|s{VL|0
zVEl;J{p`Ud%om<$_%-HNu!{NJJkYRTKDdr~Q7Wwe81u8Bzr|}0^DFor^P95xf0#eX
z-0lGFG|{B@TceBtyW>*I{7LBF@UlB?l@pDA8MKRd**D~_m}vM;Cm{{o6N8se#PU<@
z%8wmKy$>Ay|I~O;hHC(qlP@Qteu>k!={kH8a{rw#%P%3muhZw^75t0%Fvo5AJajVJ
z+0SvSe-?0z&w8l$cr7u%f@_&yz~x~#<_|M(ImrOae{J=%_y*<&A7b=v{DUbb+1X6S11|{BJFzwz2RVSfLP`G`vMZ~Fy;
zqQi}y8M6%MViD}l{Kw4gIR8-QzhXX!V|*<0_h%bBHRe~)%zVro1KOBB!u)pToc+N|
z%>T^%c-G$$29TKE$yEk$H4YA8zKl7$BRGcnW6aZRXF2mBM;g%1{4(aNnP0;E1Lh@j
z4LFEP%mDCXNia5&Un_uPJm*#$eYl;jYnlImc`ftLnSagP&a-x&VeC9}lu@+$OPTL~
zwBcWKd@clD68P`p*?9hz^@qL{pPc^wY`>BC
zB$tou*5DOI{{SeLCBcUgJ1Z6b5^yXJU$Z}laee%p^ryLSSF^<#P+m&{|9wE)u3kxe
zhST4dsy3`2;A(C4qU18ln-*R{^mX$_>D7EWDBVwJ8I*IS$q_
ze~USHGr{kf*PLYZt)0)Uedf;@aWDev6^7fAHeeF-H1qqJbM*_JXWoB-QH17#u1(Bm
zG5;p}a}3lgw0|5|pa)q$1w76VrzrdmwllEK7k;O^LpksABz=!2=muje=OTSTHz-%-)50fyqWbcQurOrA7K5Tu>OA(J`>uh67fA>
z+YVez{76?mEx%XM|BU!2oO`~V!S=2snB(l&_MwS*RR1R8e~s9AMd3v-ktqrO7SW$h
z+<({7#($}ze;@I`N9=q|{Fq4m4}x}~B#7!SBL2^aovRf7Ja8=Mix-=Wn#OmQ9*g$<
z_cTXyJ~jYH{k!W8n9J?b`=sx`%W33Wy-gGTf3
zyO>`D9ZgB#zvF4+`5bVHC+qLT`ny3p6<2>tfR_Xr7cRJkuA_-Ba(p85$BEZFz9aMP
zVE$7QEOGq1%x3||_&mk&8OnZcA$|WnP@CSHh&MSqHa@Qt_um7x@fm+2hTG=!ZG0{y
z-s<>Jj?a6*F+LwP8E^~7XN#2Kt6L0DFdqiIB={Hq%h#`F;Bo$3spvmNJbHd$`;*ZA
zau?6-Ii9Bw?{s`5^Yz3Ja~!$}y7oz?>YOn-t~k2rX)Dcac(|>?-Gx$*L^_TuEqrc
z7sntC{Yr`Weyg?rJn^%fealOsT`LLBb{yPA*EPiLECkEEx&BOiXQyv@8AP}wIM;D&
z|4QQLInLE7*hKsS$IoH==_T>yjpsY-c+0OC6uY{4U~`JN`KH9ijay39fY9#%C3A|J_*Yx8D>0fz#impD}b5II1LA
zz2o~be~tK!jvvUpKNOgf;3miIxP3hFA3JXQyP+qeesmsj
zHgW$wSzC{uC4RfJQ^w&Q)QWcQaNO3TvxrCMJI@fm)9H_AJ0sfAPPBbHo%kfDe>CfV
zNc?Wcw`bnbj&|;G-1^~B;`ccY*-h8b4%DCG_!#D=6Su3OL15GMf5h#oUf|ASR4-dkD
zzeW5B$8C9@v?4zKt-woyWlrDv`3>Uh9KV+BA9@PvN5`M16Mxd_+j4ay@uwUwV>_P^
zf7)^D|GmGB_M_wEsl=fivGWeN5^mbuEcQtcX+KInu$N}?A!kO
z$Hb%K*bT&AaQfB{+kOY_zvQ^}!*Rra<+%03WyGW7?T3l`@5tM6!rzF$?Ce-Sj5`&>
zjq0}$kB)C|ApUD-$NFId@!vRZ{jkq>(f+HBTm44juQ`4#=gULH-*9{{=G&fzcHVT{
z+Bu5&ZymRG))4=_<5vG)#NTrK(7;?roR0S2aopC6Q;Gl4al0<@8Sy_kZsR%gduZp+
zj@xi=B>th}cKoyX8L0oUszlK3Z%@4@lBj`&|4x8>mr;wv4uG#o&UB&m~-e%%MoW8B6&k)}&!UtV~cJ^=_nkl+o
zC0^|Kw#*N>6!oLysHMcC&s$;;7B
zbo{f1xc{!P^}}XYp#D&2ABOjIEg)`N!62~h{4a>_=k&+0{`4!+&H;|weE$LQ5sr^$
z{avp@{gIB__?%AsAjfSx^EvUPv}yBh6`a{M#)$Zv^{cHHLIc0WM<==h|JcyxU7
zZQ{}K$xn!narSL~Z6ZF-ahos0ufcE+cHG8i0rBWK;Y{Mual(4y(Q(4oYta57&c2P$
zQN;cCmu-B`Anw1vZ2kWdaeJyeaBqy==Z9#2va@gfKacp~j@uUeSHz?J`><=#PNmbg
z;WiWZ-&wZ#{xtDfPT!Wu@zeXwBxpYK7{x@$B$zDdx;<{aX+PJc>2V`wAsjN=p7{@k0;&LYQcJZ~T#9k+Z%
z+@9tSf+=k0w42e6|6cRK%!_`EyusPG^WQUw+gct3HeJsXZ*uy!o!s{pv=h~DARZlu
z+(+D&Vt?+U1O^@@L9?^J6UXy>;{JQk_8i3_x1oM(ME@4zZI0V^a`^42-{H8me>w4G
zj$8em?m+#{2=5@i!f~4~FB3n-aqH))ccPt@j@$P6CgRcY&nDuhI(=(@)?H}Fe<%83
z_Rj|5r#t=W%n!dC_0Mqp1m+hLKhyC8nE!|P*^Yx-==%OWXy;tV=P>_}`1y`cWWM*k
zsPDfMZJ!9ej`+n+-^TN8;`S6w5Li3A+=q59b^12Hjs-rD!;-(QQTUr==Q3x<=I{3R
zqy6YOXD0E>o&Gx<$hJR0{pk2)A#wj5>S3(^0`cg$V&4bQ&ehJojnCP{uW|e!w(~>c
zYaE}({A=RZI=+Z``a!fG9Vh&R`1MZTmcyYBq5h4I+jjK|;^ymAXnHTU{|zX3CBe;3
ze@kz!vh~j`~ExEHoe~?{;1Qp{`?(r
zdm1hX#;|{OU5j?6IsI*!uOR-I&L{Ob=>CH--*BAxQ*x3pP~IZj@xoxtMKm;kB&FqB<{bX
zy)UP0+jVIFWoLgJ^U1{hceHK2n@9ZDPT!8te?a^d$8CNEKS%qoId0Q+JaPXWZCmfw
z6928!-<#u8^d#E(z2iGE9|1hB-K!-1x17H9{{@QvdWCQIi+KA-EBs1@|4HE^o{G2M
z0vy(h5}Zu8pYk)}{yX4%vceWmqy8Tv`rje`zT>vMeMtNR$IIBxkLC;{N;K
zb*w-8S=9I62eZatUqJn6Ki)$8pHAP}f1LPdj@y2GzZcO?w0~bjJleni
zht7-%h=9C#5Xw(
z-3nb3UyhH@cYwqGk<+*B{6C0)?fBko=a}`V??1?7<8wA~|2=eD{_iCo?MJr!HQGt^
zXR~fUWfJkt9Jl?~GUEO_>9(9aM%;fVeGD5c`3>6N+S!@K{JX>lIBwgw_la-gxa}YJ
ze+BJ4@BCof`RNK@NZfxv-TLQV;{JQ<^&Fp1iEr=1tzusKDuz4A@kPwriSOk29?Wkc
z?!T*U)Ac3sU7Y?ltY7&W+TYdjU76oS+<#Zy=KG-6QGa)*Z}a8b#P@XkV79aM8>sKU
zt3Ifo5&W3=-cH}P|8EoD$8qb2iEpAE|NZn1w*MgUXuaP1x2W&Gt8V>&5%H1EJ~Rt-
zC4YzdrH&uZ{7T|wj*nozk+}a(`i{&e{T}U%ar(BMxsrIf<3m~hL*nM^sEBMlN4>%y;_(>Q^~#{dqC*xsKcPZX`a;@g;0$&-c+zl+PwU!s+kN`rje$zt29A
z`NN9-pNaeLwjas*bN-0o`tP>e{_$4g$GUK>A2ty8-)*<)8uf>=PX2;;hvT+9{2y`uU3klv{RP8a;q+~|4-=2Z
z^WaZV{}iWh{c|O8|GoHqIkI07_uq?eVm@I5+BwbHvEiOf{B*}VSpP%fXE<)d{nlU6
z&Y6x|I~~OR_u_4S-9r3qr$3tQe?;7WFMcQHdwz=c&vW{<%+CkDS8%=KwjSL;`js+Yj5qS
zZD-M_bVEaPZMwa=HI;5%WZ;h{+9rbS0%d@8DD);4+*W#gUFq^7#6*382C&MfUE
zLc6psQ`=mZF?yLgqgk;4Y*sC)s!pc7YI0m_rXiDV3x{3n6~?D8skZiXdwp%HzNx;wKHX4%
z3j7N)Fx^y_s>_&+!he_6*9WP?XU&;BX%^hlu^?5MvY9iQoLk;xGpM?Ke5SKD(}H%U
zjILOQ>8@^1j!w;8kZNzuWKxSW>AFm-6;TE!%c?0F#;YI#w>p0%%c|1tizl@%>S)X~
zwNGV}?!FZbnYv?I>)SJ}R#e?S&IVR#3XqB8xG7K=u{cyzx0ko1>su>lR+pt9@8I9b
z(o{9%T5Wr>t-Z2(G@|l`Oj}zeXjD|E2~{LVS-YwF#+HW4>hY;r3z8KTeIBrNR(1QR
z#&nC8sAMWT(pkx@sOU{Yb7w;OP44zER^ES{ElRFIPI=X2S?XxWFK9OwKwYbZGB!4q
zs_pDdCX;1ApiD#Yh0Lz3h1^ZnE>5>X@k`gYw^i0+hSpY8_}r*c&_(-g*V
zD@0Kp)%B?6u@a4Jmv889p@-y6!X7uZxE@+zU)G(MdQgwNwd7deQbNm&-Fu~Lbd}l-
z4XtROx|^;kqbs4)SXNO{ld6X1e`fV4F3JDnzQAQA^cn43lwzIJi2fVcrW(_A~y@^U_@SKH7kW!v%?Ud
zf4ykbo5D61(me;NQM`9^wWAR;X8f1tF-uk}n!`W20`U%Ttyb66eeAm5wu_>mG|qZz
zlp8QZu@i}=r>i#<+{n1pw3n5-rg~{+1vcyI}{G*h|Ik8X!4WTtY)T<-s~rx56Y%4IbCuc$6J
zH$f>cp!XD=URL=m#F}j+puyzfF(xuqmu^qnJlC_VkN|y#6`p+X`)H-HDZrt*UEta^
ztxd9Sf=(x^TglbP6z1JLVcs=uj)W2iLbGaNrM_hw;o4`y*(i4KE8X6mUh+dEB`D=|H3jv;z>@>O_~
z?9$kGYamIUKj45Cz3Rq!u|qVw0ukShP~L!%DyVC&wTBW^m!U~L4?mKr8f=Trn#-)l
z(u$movTcp^TrQ}Uvw7V6W<|y)M>RGtgM``va#f*Gt&UWntdbsEbzHNeCsL`)?#`G7
z4GYQ4YO};C497JUv9S{EM5IESNuIEpmCWu>!9*iuSGRgRfvLg?j9R|Unipuq&6!h`
z%J_q-4rDWUz7l@He`YK)rzSOr*OTppTd7^R@Ci51h2Q2@$fYFQ%pI|bR{ndTQSEWa
z5GV!C6}~hz9oC4=x*pbdZ45SRK`FKD(RMwya1}C?@SO?x7@Bu*xa~|#Yc0xNT%byQ
z5oJ2k_nDDUd_|hW^{9(ki@E1#-)0FyFHx8_Um8LMDcUf_#LwhKS*ZMIrI*T{?~<$A
zyE5K}IjI{aX1A1zqp@M);sL(sW>4aS%eyWO6=}v?oXpL@b>;T5WXz6Ns@*4ZYD*1x
z8>ZNmGvLos_}i5IZUlri1A@Z<=Vlw83u6hgjLWHz@Um28Q(dMr#gm$OZ6?f$>cc?|
z|3!l&jDpG6(pk-m>T4@nTbtbyA!qp9j;8kd#!N^Q+VUx*EuWgBB{XRh`$9=lYFge{
zh3f-#4OPpkvqpTQQ>o^bw&a);^@b^&i_%|iLn)>`#Z8=4BWz_gb~M76f(v3?%WE{#
zomrZZO)8TZ=!GNuSL0Ggq*^m=nRXYU$jv5^woeP~aFu24aD{|PE1bzbm(tO+uVDg>
zse@A~#=KKEXWF!CSP!k4G_tEd)OCUdScg4*m-n
z;$TY*i+>fND2(AKJVIu(Q?287pJTqXM!M6^wVg;n}x9!(HDr3wG9FGdCs*AWnDY5SM!~
z?zUG1Q;!)5JLMx`(WkRB)skt2-FetGZeNjFRvN&x4>lI4uH*jN6fQd5?{?u%Sj&eI
zff?SJoE+P}xV3q?Y<_TD(0$_-L1U(|wq=EjrzsUjH7&1)P4BsxHrQqkXkWZ`X{vVd
z($vCqeS>MhT;&;WHW-`D4kP@`q#N~pMs`GXdjo7INA@DI@lKBN2FVn34p6{(7aT^9
z1%^Bdq9&V)(d0wlwioI_+R`sDPULQgS3{;LSP16<(6yYybdsQwCqI*6S9c26W$;kk
z;J7Q3%TW6@HX1@cc^M8;@&sR<%3d9$W!;=9OZLnzcMZ`5jfP!4Xs~G6J#WOx?~%CU
zSfGXbH7#ex*EiL+X7E6U2`Zn9a)i_(OK3Df89EY<`GR?tJ|A0`OATxNZw0Pb8T#WTgAy8a4g3Mm^rx@0@PAkUfbNV!UZ;4jn^pH
z66kSRs>_HR&MIxtHbOGZ@hKCFEQNAhxt95sB~O;ux5@EQBq$1Dc6BOz#)$gK*Z{{s
z!?dVCJ3UQ|fd%1d?Xr(i`SQhS9-+ulbQgUY
zGuM{$52!~4&Om$?CCj8mQ947s=Z;N^6`fv*x3DK-Eocwo3`-PgdypWLa;J&?csk@9
zE)q5Fh)I@5$r??3U|NTkan=!MRYX49rV#nmn!Y@loYLHg1L4Z1h0UR+HBK&@*BE)I
z)W^y5+@CCk6)BDn&Y}HUhB4-jKtn{;K?&rXE~AyJC9`43mK-~kPuass@2X}vZ@(hj
zH$FI;(RcqgYG1|S`m9vMxXT4u-nKm5LhIR3ZeYC}|A|A73K+DE&orgsk%3hG!peDV
zt*{uMq7(0xGw9Ez=Jpg$)L{v-zRfI|rW)#(W-4jP7S?uw(mtJgmZ2Vu(cS>uHO@-Y
zZEf%z1BS!f2BVkJV+hMC%G+18z}y12Z4Srbq>bH@zKa`dYiV%8`?n&Z^QMMMtn3Rei)rOne}Lu!7cM@r{3)%
z0EP~$-H^&29p$$x4h3)J+cMdAJMex-Cv<+vc8z@&ux;G>EC8`r6-pU2Nah$}Up?62
z1L)zC4BkaOH56^=!8VLf$J0>01{)C9ADY?;OEUHCuxbYTHetO5pa@$n(ECA?lxb~u
zE1IHeg9pMlWf_OS;Rzrf@tN@8mI#XWDsW?G^u`D(tDpthaEv0Tj2>GuLq!(}e3B`I
z!ka5jk0-k_2-4&>E6fWX*v&3roEchjDBymvMj}&TW;8t*jkD{_FgI=iMTS;Zf#oce
z5lMr3{?rl;1MG2(KI##mI79bj53TpS`hqbNk4sfoMix)aP}uBN
zh&&yO3-NFa9jm0tK)K>-Mv_s!h(?&qdt8Oe+v-m-E7!1d*RBmeyYSHE0!W0Z&-AEo
z4V*%OEfzEM4-J9gA?DchE>gG|DRcSFoczCtVv`b;@#(fH)#l;aNM?>-l!22k^x!S7
zIPs2`E1t-d#<54v4s%Z`f;fEl}cm+TDP!wq3A(JsW-G-aw
z5eJN}kLP33ZM3T%xnWGbA{a{{zyW~BEwFWm}d
zJer>~7V-=p4UOVA!QC@>JqyC^&Gs~|cC%6Dk#wu%P|fJQ643%$-!`eWHEp*(MaKj+
zX3l~o@C0|Xh}xPjv`5#%iy-&}MvwDT8WUlRfm3MMQDraL)pr`y^Kjv5%{FNEVYv!N
ztoG<>u9KZfI8|Kcj|D?}Olx@1pf7B0U7l{OtDGx`EN;!Nq5@9>Ll8+w6)myBSq3=I
z09*0&c!(J-bTJlw2%Ps&r5#oF*jLG9L-XL-VwNMvre@%RC9mv(PvefzpgrT&oD~n$=0w*6p@`86fUHx!R_w|b!gjiK
zA-3N*it1S-6FP-qCIdDJqC#QWYin*;mVpC)rtI1Cn0b|AmOn?q;HP3q?659bR^J9Q
zjQTn{n`>&TbfxhCj+mmWst|8p&yaTj&DE8u9booSlD96B+>6FBl6lq>#-v+Xumg+r
z968lECZ}8%7Um{rPq-ynW}2!a=v)Qn3S?Im&suuipp2%**A9#IN}RQp5RH_LkskBH
zT$0}|m($)3I6K8jlMP&#Y_xiu0a)s}=aV%J#sQ%W$JnTHU09gU(H<0qtfy1EKV8yZ
zfaCW-AQ*Sdvx}SNa4Os0--l6jI|9Av1z4)4kzgOX)^9ZQX1tv5&b8+j<
z1eb|774@QBZwj}cAg|oB;=Ngt$*z6Ww^w{D-O(!sG36$PvQ0~t!&t_&dU$-W&Gt%M
zX?i2%vG_<$>#|G*EspoN@gBV(v#7p_R{+cj-d-6&!ZCqfc#GHgmX5Z?@RVciQgF9@
zu&rnDYr(_Rjm>onv%4IaA1DherL=HlUJ4kQ2tzlgE#iPkF8ImrJ^K&}4)(_Is&rLD
zy4IW<$0+8wtNS+<)|u+zgvx&DVp!oc2YqnqNl8!m7N{)eMytBL=7Ax`Lr0|j@
zWe>S5{P2?PRboV=m*cAuZSd$JepZ2o{4%(sAKS5TEajtQ
zSqTV<qFn(=Tz6cp*)<7k1@u)M9>DBhU02+
zMJmS#Te(3AsKDr|+1IVmeOCC4g{R;$TB2zzx>XmBFZ2vcR~!%Pi8fk!icqAxBbUP#SzR4Esj>;)PTa?SpF2Cxn5RX!6JPs4eY)AgaUB@W!0geL2oU=OvP5?f$8>w~uT*4o9b7^ki~-VZ2z
z>R~6Zo9~pWpbb7aupE6m747c9D-x!elL%1F6AN^h+V%!ej65udG2oDPP^|hY7V}$*sG~by-H;kifQ#g{%N#*3;`5
zY!rKQ`6M|W-n;=bt5i*keMY3Ym8baQQd9Az_020P3wm=FMtT{XV~340NCLi<#k8PV
z1C(BJN!)gvJZY8{L|tNfcO3aZ0L_>Edj
zX$2KIde<&&t>dP5
zS7f1Gh`x}@hLxktS2zm=zpj>>BGDi8&a2|wEV|&d*->wwJyzkO*jJBF;Jc9gN-LDx
zJ}O@rjya4H_hK`55~+_ur%9kYAl^rTh&Da@5f~U0@;Ir_96S~r+}hmChnxQY5R84#
z1)b}6ZKZ5#vQByDZ+2;=-kHjE_By{UbEFDJ<9$?|{OLqI!we;;uL3ef(;n05qty8F
z-`!5!ohRqR2z}=WdDgJcyzQrDJv|a-8nyVdVWvS#JaySesVFPM
zt{pbrVRI0^Ow-h!>S(GzxdY$7Pcun;tT%4H1VuDw4FLJn7D%0$$MsR->wRKXq|IUQ#|24Ut+V9yRQ^opcrXsHLczDL`T(#WhVGe;3z>DSG`#s{0lfh}Yip+`6$W-QJ5%EM
zOZXy2%EZLHoe!1);MLTAFy9;A99NreN!P-=Y+aAn8&>@ctoJGkbn+GOF7qSo`nNkS
z*BcQA!__{&v895?Cg49l1q}m>vQ!E;G|W42>K8&GF|TOy->oPp>tWK6_4NxH`oS`M
zl^wwKM*5&AdB@Rfe{hX}7AE6@uYlduM%WYJW~Q%(C}MLCs+b$7iZywhRe3HaT(T+d
z?!>q&Ev)?xTyJ$7b+PbiRv=Tc_`&BPeDQNlwsKP!#=Z7wTwCiDOE$YA
z4KJ28(eR3mG3Y~j`VlvJV4Py;Qfd|svQCwCA)R(r#ildX4yKaY>g?_Xp-5%kBPN;`
z{UMWb|E;=m>^$tga&nCO^rijKIK(P8wiOlQ-KzsJ-tav$ihad0d~6y6Qz^U2_y|^_Uqc3^M5HVjqosXU!nC)K;6c!?P%S5C!K{!nydO
z$_99=WTq|!Z&6&(u@J_sxtDjbnq%bci4SS5cXq&G3T;keLkYcRtKE@5bd-uo$Os!I_^@|p_=l%v_AB7Gtl7cTQE&P8IIMf+f6l-m6p$|S%`m=Y9
zcs0AvHfh8*6^`mE;f-yyl3`Yb%x=3VQ{`CuV5LR0@7*u)xR#6`{=#`hb*e4X0520s
zH8;Uxiuodgea&5=Re|1>XFJV4DmSo3U``_9G!z@`zCIR#y%kNuZ}AwWeDZ*W>9nepec_zJ)(Lh}{IfTx0=^
zRL7-Y@L^tF2;Y^<;CD%S*S6V>i`~%6)0^Q40gvFRYaz4ckf9fP%RVbN$s{>8)tYX?
z*Sqn6r|*KJ4OV=S4-Q`PZkoE!p!ZR&!4ZjgJyjotk}QW{
zEBDj~y4`Lio^H6^XT=2GNS?w^{?Hd||JS{7nLXKU<|FbPK&qv=EpMUy-{coZ4tqYW
z9fI1Uk0*p(#@uBiE{w}RJtK-9kQB96BInWEb
zGdZ!h>(S0-Rvz^cX7SXZaz-MTH5gI2NcLSBrY1hzgzC}t{>?tpp;TAb;EG8=*2J=q
ztuDVdT!JNdsr$?)irCI>5vsUk5YgF58>R}o2
z6j(*XNp;FB+-2>47ZeuM3J9wL=8rIsoP?7|+Vp@`cv=&6r&0?to})*EFlA@co5e#e
z)sIfu4Qpy&l!f{p6nMXy&`T94ZkeC=+~rDe+?Efh;fjDiK%1i(joX_D^>XnFYBv_A
zj*SBC@f6fg#aYbX5yjq>-P7Rf9?jM{4%Ph=sIfPjo#?D({j4#CvI!*}s;X!%Rc=71
z;@VH#A&0!3zhX15TebVL9a|2LHJigB$7;8mUDj|zqv_^oOJIREe_Nv24ejiWg60C9
zi~D+zmiXpEv1BtQu0_am3*;p{#+9|V#}Ua}=||yCb$q3dYb0iBadG`Wq#V;i%id;P
zo%e-(XAoOaa^#Sl|3FWowDz%9L-_+cuRYv%jd!)#bk6JQtWDI=lq+^)GuL!0RBF51
zQp-NBjJBg`D|T6^$O@xzB_TG(z88yb@tQZ-c#U`iw$aaf)HN=@Yer8(h&TL2S4-BckU{<&t|$9J-T^&?dbbgXf7)=(s9WDrj)ZVcba%yTfr+*tH9f
zdCfpqoLhw#ZN>ZAco?g*8PP%^1k3ON7wo^g+3<|5<5yEqlVeYMWDNx3+!y~2FkiYt
zH7m6H2iEAD;K?q&x|i1E{K*u23jx2J0HzM5{6v{M<(q0xFJeEGrFhgsCnIJpD1{R)
zDR|(a2k+uAA)C!m(ef0wrGp(JysN3z98?hIvIbs|rP+(#c{Zd>x8??2eY8Fa2mSH+
z5pw7M!`*VM`Yj#pU5G(^m)w2#(&(vT)L6Mq-qfD1Z-Q?u(A3qHR`>=jwrYG<85*l@
zXC-xcW`ttac6z^@Q0?Rm{=%b32c+x^gbO_;AWm8J*#<*sqaHoW#{~Lrr~H5QCW=DN
zBfy^8G};$(jfCH7;bRJYnG>)R3MYLUo7?*O?GE_;-4uKkxW2KYQQILi{f2WyA8akr
zp{oB`YSW$hQ(O4q3~ZV3)B~>GI-mK%1I`2iEbYO%9)5cUHu-yeUZVom@A#cWuq_Kk
zC-%q*b@zR8>;#&QlsO=QXDxd*2p+SbKg>=~M7XoIg{Q%Kj-G^~IIqDM|b|I{ZiH?r?(ZPd@jo!ochL=;K6v
z=RzC~;fv_#C;-2V*j3M7ZqiJL(*z^H4md7|A-cmN%ap8ho0qsD>W8%jeE*Fe*)aFj
zrhWfmvR)}6ILm>|oeRHB*23T{37OlsuVN^}VvTvir!>r4BKuc07%!bkL
zP!3%A^tYv8VrO2frQC0B#`$h(YI-JJXL^`fjivZ1Qkt7*ACI6JAPo4xgWTG7>u3aQ
zSlJt0eE%2q2`fsnr9M-eSzZqZ<=osN1)nc<@3VlY$(KRot$q3|0zBH?89I#vsHy2?
zv!TuNDrk>sAGDVP!IQ#n<6K*|EyO7m{&{f-fY+Bt!5Fl%5kiEa3@qfBcOUk0iu~R&
ztomWTKqY~Jn0+1}c2)~}5h-+uFh9hFc(d>X>z7ay{K8Z3Yz#vMWnU%7g_p?atTm*i
zSHi(vM6n}`EkZA6gIvEJ1B?3jCW(sftzH*U?8FkB$uA047IJ7%+#+Tn0dN^G>vFjk
zn0sJ6$NF<2R$YQ26R-@EPYPI`uHbK+hlbQ~%cF&~qCQ(>EdAnhmsgDo@ld|H-HS(}
z{F*a1C9viUhoZ~~EJp>5TW!bbXTEMH_P(rsrOckMfg+uI$vD;;KS-Oq1yOb+yO0F!
z&a6a~tBFX4*S$4+@z3^Utwn1$%eJl@+B#Z+?p9l;SQeE+ZrM_wZ4av1)=V=26`oEL
z+;#pw_}&*e!b1qZuHHf@NEIjB7Eb)e5!y38vI@gTJh0Bwpr5seLKx!
zY+8Kd2@P^riwPd@vtuP#R)Mnz&^V5P*$NH+yV?qC@id;s@@PgMbT&;4qGB6b#aKm!
zZ%fglJ<*Z7DT>`y3>`s$-F8|F$r`Q1w0>r1!aNloC#HI8#G-MJ?J;9+hleX{rr}^2
z3XRwfF+25gFcWJ5Zo;inKNhDRqpP?17bQWy!&>c#AY>ve{xxx?4aVt3cSZA&T
zz?t&wbDMHk8RC)a+$O{xW&rtKkQ5t!bi7Rth0<$!ZJ3^R=KyD17!_E_AZtyHfZE2d
zrGShpq$vAJfyD)Tp)4y<{@}~xO&tvlun2=M4r{H%UF8KfLGW%3`(m%=MfJ7vy7Vustq7jK&r2bUQ3qw6~_~+uJH@;5pjJ=>|-rJzdh>88#kiHqR4O%x&aS
z(_I_5SXY;BPs67I&>h_$B*N-9#KOLgjA8-RsNiT&J?#Gdu~k{w20USOLOK8ZuSeG-Axp%L4kAY+u(t)3=K)4RKQ*V?(S#W+L{+u7T|7pgcz3T
zpyPqu!sTKfnHFZsR)RiTcP_K*&a+_^*uDaeKY@aEB({+R?w5dR`M4`Dj*z_`PUN81
z8)s(_y&Y0$kWJx0QOmOm)%{f2^BS;BWFNHet0hK!=Vxt0a}z(?*^MXHX{Wfaw}i!;
zC!lRn_7$N#^^tr0t0!`X-m{Gh7&GPAG=;>KjaK(ID`^oM4v#g|_GteRXWmfOpwFwp
zM#UAe*P_DX3m}(mooN>3@2Wi%kB(}lhAyc~86W-bORJM@v70&)fx
zXZdSja$^NX){)ov6<}Ph42UItvmBA{pkyK8iIo-_bGoTwc$gnMyQOhFAN&^M_*h*#
zP#2XX&SlDikXSD<>r7^3NhdtbYAIA@yQHGo;I+AMz3Rs2QT>_;I6A&zQi6tM8u8ex
zThZ=fgkx4nuTFt4>wa90sIBIsU<~L7r$C&fqhVRm&+Bq%YVy%1@
zJMV^ioHbGG^d0lK8)4B3S0!g!h#o8&)BuAu@QYdB0-B+a0~QEJz4^T!NeGN!BkyyV=7%+3+p33
zdi?N)X#BE92w2nHaicD+7*Gr7OFBL~Y)g8t2NPN?sDf1qyGYhY)78*X_S%L@$Rr$u
z#f^l4!&s9F#3;x>?dYs|;b0F==3%o34U_2dVKUp?(gqKURN^_{2Akhz>N%OFo>Nlh
z5D9*%O+B0ml?=X^Z5N2lGi1D6((4)NyCH55M0%3FQzYdiY%ET~uw-U!xY)!hGbn6#
z;Eg}MH1o-xvURhbVaDg0(oK?6x?az)Y;SgL#)2a`_&Pm*K?$1$H(P;*1|sRk_st8I
z;2SXud#?)i+t5p3)xN0jgyEHYWna}zbvNB+4i9R=J8Rvr7sjD5-+?!Oz-mQic>_FN08fPUU{pjM4fKFmt|sGuP%p&Cd%7MY
zc+$AGsSZ}Ydl(rz`oc;ns+2NTgP~;ChKEhYF
z^b=e%vOX??u7}b&KGT$5&;XCjEUcW@)(ZImx5Jr~1@-Oplm`zyQ3XzuEUOs3EZxw7
zuXcr&#O#bfj+p<%2VAg!?Q%yi9)wYQ8aO)Ig+*q~IW(m)BLI5q8uc~GusW`@g87YI
zU5Otz$K7NmiP>(zfw5T@jvW}s8d65Sak}P>J^6>Warai(v1_00YSa6G{BuM6oF4a>
z`5qO*PqY^@Cx@cgoi-0oCoP7@xL{L`E0h?Nn2}xf^IW-Rn=s0e8;ISC3T<3;y*(}K
zh4!>d-IZ&&@gX;8zOezH>z@HL4K=PKP)m(#lGKh>Hq~W1Q|%os(3H%W*Jj#q^Wk9p
z7oDi2E;*+0fOvKHC{#s-J#-7-g2CM=s`cgCvpZ_r5t%&D;*c_2S0}^vg%t7A4oq?P
zRugHJBXm|4H_-9vF360?mM6By-P+R4t_58x7p?&INx6W15qNa95^Y05m6}*F7n3@Q
z3Rwz19@3bB@2}3oM%O)}$b$#2mUGR@9o&S+QgPgEp5Ls}%EQ!}+J>-hZ9`rA!j_aN
zZB*8?x;_Zr^f=J9(ra00Z!}#7XK3KH1xi3L9;|@1862O}IaIY~#5U!&=;wTxtox-7
z;uQWm7cLm$GmBX0s=}*Q;7@$icyXoy9;2sh({c^kkGYUeXhOoxBjy{f)j*D6Bcgdg
zaiFXIcFVmhxhsZIu%|6DtGjt+3Y2-}#B%r+Nu`$0FcSk0!or+w=)ng*U{V32WYRrf!`6H
zT529{iVFDCR$Kz-b~LruH)dk)DGQ0rT{TC~##t>a0;U(#FH7RcudN7`A^JGW?YR*plk3Zx7)5
z7XE;%Km5Nv{Mhtga~(z0@EruNV_pQmw}k&2_}}(7+8HGDJ6Vo=N5L-^d?&%57JO5}
z$LDu~?=1BHB=}&#|04Jn{YcNe@>@I3^-Sa9j*
zdjyw$eu}w`&j9}Si$Y)e`S*fLKYtSqzy(nWq@Sw=mwsL<_?{yE%LJExzCdtk=O)2r
ze%&LuwDW-AGQU0*yja9%Jd_Q*FkO2IK2Pwy1;1VJ;ex*?`2K=#5PXE-$H3os;jfW`
zFBM$cStYnk*DnMw6?XRBjLeh$QG$;Xyj<|9f{zybM8U@h-XyrxKTYs2AnmptxK!}5
z!p;qXOFQ=pK2GTWTyUxXy5Qr5{s)2|Ecj=FA0l|Lx%b-y!G|jRAi-rhEEinnSA*a(
zUrrTV=F544%k*9^xJ=iBg3I{7Ah?XrR$KV=9wyRTEcishM+z?6nQ4Mg68dumm-Tm%
z!dnHG{ya-?8UMQlm;QW6aOt;SF~{Zr`<*&&?=}j3Y3B>UrJcR-X1E}!fz;nma9M8W
z3tl4pbGG372!5a7Nx@$gT-y1s;L^^6TTwJAp3=_Sf@2$H>*)u~(LZw`+yUnHplEAv
zr&`2kXTfU(FA-ek<0R(U_U8$G+5XoFF72-p9NSVG|H}pMFZd&ZA1C-91V2*nkCkR{T-y1o;Ih5FYg=*;`KMj@^Etsg1plYtZGtZy=zVlGCotc^LC{ETY}@*$+iz)GPn6yihsbh+4kmlHlN5GOax~NJFS9$Pw?}z?5yQ-
za%C3(fcdpqd>F^)N5cMD!v1T5%XDqKgNZ-JQ}SsFKULumEBqe{|61^35zlFZ;^T9v
z!mktja$)B#!LJZ}qu?^Vn*{$-^lQl-O?-_7FI
zpC1VO(w|=lF8w*I*r)3O5uX;p7hFeL0T0PH;Jnx?6BLjvBUCKo^z=
zIsQ3Ja5?^|5?r=>M+q*|yIG01FZl_~ZMv@Kbk!^TRAEPsV=v9puj^;RyGH2CaqR7a
z%kkk$f=m1FEB5~)^rihT1()_G@9q5{?KcYkm?#e`1($YK3oh;4%)AJK!SVdEgbDBN
zEN;u~v%-#y|LcOwaQ`j%<077ehx&A_75osve=7JK!DTr=fw_(U%7n3-5&E*6pDMU4
z=NAet%lVH4m+87&a9N(85?t!PEV$JFli*T+qu^41^L@PEr2ck-OZ{Pjhw7=|vYyTm
zT-rHNa9JOpU~c`7YomDmQsM6kJ3j+mJAU|=;4*&``x<-J{v({f-(Zfx$^0EExXj;C
zg3J6pQg9icMS{!tbTGH^d6nby9icDdbA{kCJ~s<44Hl;CkZa?EEQbZIbCpR=W4;Fotp%gc5V|~*1MwpOnPm;tmAyy
zM&WxiN41~B4_oiX3oi5h@GLvi+5Q}%FY|q|;4&+i16@%dPA8J`jR`|=~hJ(#%-_Y4kqve1{|9xu2IcZuLK+nW%;ZTT-s?6T-sSKxU_Sj;L^^`f=fI1
z3NGzDBe=Blj^NVH$AU{cp9=o}v3HkIb!^+VfFbVgN}MrJu
zF4qqnms=AYmpc<2m%CiumYYiZb3Np7xyQkAx!1sPxlwY3tuKy;G~hTMvV!AyC=QNw
zYJ+2)Cg5172RPQ50FHHLfn%Nd;5a_Ns#|~V)BcQO>ABORn8yvS+QL0l<
z>z9T+Zm$O5xV_qg|o(Ztd@_%e@MDT<%+NT<#xmTy6r7@clC-hWwn_iFa0a
z^c%LbKjmj@JBLFa+c_T`+qn)L+j$!t$ImBl96v63WIY`1#PO2^9P8u)$2#8NSf>g&
z)@ccjb-I9Koxi|wJkJF`0ORu?@I&CS^2++!II-spk~#6wuH_UkjH*F437P92^{<32RQaa!UAFA2m2unIQByZaO{Up>NZZUY5V&)@hMQ}6zq?S
z!H{xBGGl)E)hN8uEF-@xHFV6CVtY{Wb-BFVz15j@Kzoyu$h!*LSWH
zzv0B2dWT=%+1k$?$?bk}cXGQg*IV7uKX^ZRDLAh025=k?TfuQW(343)}LFUKKADcaO|IF;FqEO
zU%{_{M=KoGpI5=%!OwtK1IPMX!SOugkh=9lj;OM{Q;^5w&tq^r{(J<-<4>w0VeP*G
z?JNV1?u!JSlh)@Z8|oo)YTTpJTK?E0f!P
zRFiy<=IcOx+>bhe<2V@sj^ku9IF6GQ;MmWb!7+aV9Q)xiIOd;&<2bBTJZ${nIIOE~
z{dP(Fp(*5X9QFanaX1W5F>$N8S1}mWzCCh5Q|;a~&LCciw|PgnTq#sTV@wo-a)aejoDLz;XQ4
z1;_Cm1dijmA2^P;Dd4!h=7D2=3plp(G&r{N8aURu4UXeHM~Sfh!Es(l-L^}jXp$=d
zc^v0;!Ev0o0mpGZ5d0SO|8j8b=Y8PV&nLlgeb0g8`g)f9uh-XCJwnJoJ65%Zu5UTW
zf1P91bN&~_kurx{<#Z|<3He7|0p=-Pl4lhPfAdED;h
zz;U|=fa7)#c_UfqSEP{te;o3Ec7J#(IQGw4aO|HQ;JChfz;S)s_=PPO*SCkdt?wgU
z-vN-v^_>BZ>$@Br*Y_kizJ5Id$Jeh9;CMWYP$sPX_&i=(@J`U5g~9Q4tp+&m7hS>e
zb!|8}zD~^s$Je#J;Fv$FZvAZg(KE>3f%eBN8@9f9QUJH
z;5ZI9f#W#b1CHbH5;$(hyWp7r1di>DT`sI2u${@ku}*4m9RDN1ar{qHx9yTKx-4%V
zQ+5;%_YCEz%Ic7o$L
zzYUK0SL)WEHqN6|2wPtq=UKsVoR0-_!@zO5)75#oM<9>wzX$#t+8?oM*m~h|6M$no(}82Y065lf0FLjE
z=mZ`N?U@9Q``1G7Tae!jj;|N5z_H)r`-iPB?$=eovERCYe}v@@1IO`m2ps$8A~^Qv
z18~g$0mtPgtQOXOTyB4GJP!N~j>m!J;JCl<1^0mUy#nqI9t@8C{|Edlh&Qaj_x-bJAUl-O(${%ml}uLsBR^9j5T^h3;AVe9(?JS{lZ=?dNf@}t0Uf1Cr3`{QPC
z+#kHg
z$p&z&zuSpFbmCu~cd7^z&YDJpP;k$K%y)
zaLm64$NDt_!`2s%S54IIc=b__S8X7l3fegs9FJF%!0~u>3p{${u=_u6op^*gVeMQG
z%S{R%59(wEj}KlB9M5m-g5&ezm?I)?n*lzg+gM}zSBf7Ex9A5uR>
zZqM(vY8bxGDa~(H57{K)p36M~j?Y87G?F@wd{S87Tu!_gcrwV}1fK`v;SV^z@3>K8
zm(VZAa@#?EJUAXdSAwU2JdT~A1&m6_FT|Q$YcGl;8;I))3ElVCj-avpB)_Y1;8<19vsL2ByczAw~gTG
zzz={&fbIU=iGKpe_IwA&_5?Ny>j!*Y=mhQu%bf&X3VaVZ){oshtUkVuWCX|he&ATY
z3pmz4436!;1zrK#`5L?&c!U;V?ZoL`#^i%Iq_mG!`g}a
zg+Dls|N7uKZl^o(Mc_DomV;yaAAw_g-h$)tByy{;_G3HagJU}@I`P`z*v@+3*v{49
z`6Gv&Uu_333Vsp1IQVNP9=&zgdSO1J6EE(>Yk@o7Q)2UgO~8G@hdc4f;3XhG7aaR-
z5jghSD{$P7E^Wfr7hgwGfIB|p&f4Dvyfk<)cvkSQ;C|qd+J-InSH!UTrNFVBt-;Gc
zo%!I{o=58T`r;8omKO~9vQQ^xyRi1)_|FXP3;VSj;kf
z(Qt6AGYK5W!xC`J?*zx?UI54C-Ui3|@4<1rd9@Gg&vMW|Rlv)Ghy2~R(65j#cBuf~
z--(X}uL${t;Mkro;FTdCwL{o)tAM8guL_(K~
zf=*%Ug>|xkW54B9x8p-B`E{2HkjFZK;MmWd!7)D+9Q*$uIQIWVaP0r*;Mo7a!Lk2S
zbPnqW?El>0x1gUZfn$F*0)GejPT<%NW5IEKA9a!TIQls<)CpD(As4()`xf#sqlUdM
zd;!NgzrmM6{fI$f{SXW4#1(dNwC7dG>yB;rd=3cta(r|AZ&?DzPcANAp1?|@jv_gBlnPP;rKH5O(Q?&Ag`kCLEcV1ANfdiFY?psMaXxk`;bpaEA6q*
z-LZB~QD02?p!AYoPW~{1_-gWK8O7I==TzTJeo*V%=Vw@ZW@!CX}_oAHOS{`{Q&Y|
z>W9cncu3u2qvB-<5$0P5e
zo``&zdNT5{>ZQm(drEuCk}p)RNWN3OD)~G08sypXN&NuwcNO2=e0UW5@&4
zCy;kgpF%!UeL8so^;_h_3P^kIkxwWn{)pV(7x#?3g_q=Cl0Q&?OTJS5BY6&Qsq>Y*
zmU?>mXBWrr`YGgCXV;s_!0|dIp}J#y{t3z3>$vXTp>;4{$Vr{@;ErFi=X|v3?(@gWlhX4*=JffzbBM2FE%J!81v7
zLi2aQ^>7gCj@K0HpE8i253bV%p?Sw^isf5E9-H(=Wp(i$2!>lh#|)=tB)SV
ziAM&<{)y?tV}N7*+)g~N6VKzs3p(*aPTbpx*K*>4;Ch${?dLk+zR=Hg!SysQG+*C|
zJO0Lj^*`ntI&rLn`%7cU7lZaR0j~+(6ub?1ZSZd3INq{@H-kJb7hNA43GD~;AgF`a
zJ6OLt)Gq>g^r}u=Z&!pa7wh9VYzg%)by6Q4>!UlX
zkK3gi)W_pkcPIXr6Yl|z^?N$;Uf{UD_i^HV!LfcnaBP2nCq4i?6Kvms;CfmUIt~Yc
zWBtKSdJ4kv^Ufx?B$!|9D&)3iZ1~9Z$%Q0UrkWZQ#SfPk`g|8xPeT
z=S7Zl3_Cu*hWrSq^BWx7lh$!!67m(&#BiT8lM&q6acLCP$K$|ga2yX~z;S;Z2VOq3
zHPW6);HkkUg6m~ZX!|FD7k84!`ja7#=O=%I<8ci80oyYb^41>PE}k)@A$WYA26-Q7
z=XCJ8;4{FRflmSN4L%cmG&r6otN@<{`CZ_S&p@(qb=ryBICPAkIgtMVd0cKh7*}|H
zQW_k`1CF1$P#=#=^T2UC&Iiv0?O6bh^%sHTcwP*S`6b|0p#E}j+>RdLSZ5VDp1-XI
z_l5e)z_HF+aBTlNaLlg<$Ng~=IPNcA;8EPF
z+#mV}_fxFD3-Vb1A8@>W#QN2o)W_q%Zm6TTheF$l?gMr9K)wn1Uhp2^`@pdu_Jcd?
z2V5`A|C{wX0QGUb(6RnO$m4#2+eL2|hW5`P$m8}p436XN2spm(p8&^ki08354o^Zp
z0Q%W+&&`f|dRr>AooB#HL;fsyO>jI9Zv&3~fb|{s^lZ81Ab%dbJ~-A%2Yvza`1*Ab
z9A6(XUm5CPz9IM}sFM~P&sTB(LdWG|eOxZK2iF(#I=vsdT`og=us^SW<8ci84aeJ6
z$m4kXH`hlv{_(yRw&xnu$Lk>MpT^Lic)o|%LFoAUejVyhgF0A$3pn-z9>;D#9o*ls
zA4)@=n~=xxhUe`iAb$(;)xd9qw*tQdJ`wyb_)>7(e|Lc6c(?(659+)E$2#x9??WEX
zs~>jooEPEsX&i9uf9z-M|H80b?0>wj#Qtvv`CibT-r#usG9LUP^P48O9rq^JL&yCp9>Z^Q_=F&hhX3
z;yCw)JZ>*MuD*o+!Q)Kby<9NnA
z?$EO5>al7ESa`t+P`R~yFictRt
zcn5II(QYs5#b&4vzU4;Mfl_
z!Lc7OkNx17d$r|aKg0&d<;DfaL|thdOSsT@rxfedC1S*iOeB
zv9-t9xWeqrl0u!P(0<3(mCvI<3L6P7iRbGY&j8v}X}G*4YS-
zb&i2!o%7(>Z}z!{j`J?8{~hwH;rNitaicEe%aOqk!;CS3l1&;d#p69qh`<-2H=h-j>k0L}oOl^0UdxHM1kVTcal7DhvHj@2PzN2yVScEOwL3{9eX8<_fUz!Szb(Vu;oqgaZp`CcWiT(@nxZLD$9P@&H
z$PbR!gH^%3A>SSx&+7&_@oC^#XA?N?r}p~mIPT4b_4R}Ga(3PKG~}0T|7s2SUQlNM
zIM%`IDXg;z^8KLBG4KT7x4{cRzr6v+>(eMs`T?&maGc=vJC2i%P#?#`KyVxnGr@5?
zZUo2eg6C0%VZCra8VLPR0_qfjJRVnzf|r6k?spBq@qSbgI37Ryf#ZD%+`iavxP7q>
zUN0AecD{r9#ldkq;&SnN8JFt?+Z|so{GE6sC*BR*@wXjp{7(YU0sF-qaBL@@M`1e;
zKpw}>3vle8xNv@g?a2*}{btX-JN9>MPax#6Jw3s3drflU>%p;|r@`_5l0Em%?RgG)
zY|nRa?4Jw~WuQ3f;BxKxaED|6G=@C(&meGL*uHbYaX-cD%D%8adP{Rc&&NtYol4+X
zrzkk?kJZ6(do=;ajcDu3|g!^&OXs{ZI<(7lZnzpno!emxesn
z!Q&o2PlEUT{Gblr_rv*}=dfJ7jxGbs%?@?Sf#dvC1#rAhuL#~0>R`XQgI9t)9-k|N
zGL$LA}agX8_WZ{W3{J#pckzXY!X{e!PNct5i_9G~%ed@OhXtk*1XTacs|(#@_78g_5C-;fu>Lgj|0uX@i@>N9FGGn!0|YM{cr~Q2k*z?{kq0b
z=LO`q!npko-V*Zoyi+UiOfdej4$h}wo$`>!I`zP@PFrxSGZ4Hrv}Y#6Mb#{Sc
zokQT*Z&$&w{wr{NUML>yFPosBTY}?pU;=m>Sg*O@xZKU)xZIQAxLkYRrQ>`Lj|28T
zN{8cd;3?F>!gwUYJ1
z`?O!d@qX$5-rxQc`t`r}x1}HcyZ5*8b+CHK&SclonP9x(ybNAXy@?o>F9Z4ZFrM-L
z;akYJfIRN+_&V4T>fn8$PT&op&NMjgwFSpKz7C?}>tJW7zsyOU9pKo`lTQ3GI3CAx
zf#bZMA2{YygX6pp-j71h2Kg?qUf7>O;CP*j%f<1~74rC;HacEkcY{2Rx9;G$-Twl&
z>qp1SgX21=SqxdBIjl09^1Z>ggZBYH1l||?26#X4SK$4@W5Vk=
zzAh&P9{~AO;P`s#4vw#Gz}-{CkM40*h7Fa#XW
zhcWL7?HLMr96wpXar_Ji4}>}+z&nBCeAXE7k&wsx!&v_*vRn$8qikJ`UQ6=Z)xIke>(jYlCBb>^B_GnIJzNmW%hJ@bwh?
zc_1veB-FwEt{ONlw-NXRST5dw!|^r{@;L823>?SXByb#WbHH)DS4`%53lZsW-nYm7Wdr1Kf7uF-`^y1v++R+ED|x&2X7B}&$MszZ?yL@uE4-iSY+T{^Sq$}Y{44?gH{%EM
zIDXLo&G^AQjvs6%jvw@YGk)+swjcCAjyD`Xc%Ku;4?13lE`@%>{#*wBZ>~d^LmtN=
zI*!8?kjHVj(uw2o1ji5F$8$D*e4yV}Lw!7MuK~w#yA~YJ57&X?_*@T;`^5%uKWGnb
zM?4O1ggjoC;pd}fhdP@ekMql$!STElmy7*?pGSn-Wee27ZIH+D
z`7UDE{i{-t-wyczaBM$r7km!N3-TA?^%U=qp=1B-faSJ>I*DMtdN^@x&rYc026?=W
zz}N9zPV&3KF^}hUxLxo(tq?31&(rWcAJ5a8KzuQ5j*m=b#SOKM#)mZ~+{TV|d)d
z>#vKD9|_C71is3N}ui%{amS
z$Ipwy^Pl;!+#0Z4{G2yD&&2&b6XfwY?+uREO}HJe!g}HH^WV(ZV1HhRIz?c)c$_Z_
zj;{+i{%=5?Hju~H7rY;c>xJX(Ce*?EQMg{qp+5HKKj3&=as!_augkc<7KWINX?k^7^kNxln9Q)xhcoir0alM{Ez6Io;g8!TI
zjfjx{pE%zr4E6DR8((*Dzjy|D9RGOS#_KOUf5v`BFAV(?4E3?jbMUN?e*uoym8HRP
ze7**+0Cn)Vf&1?p$YcMYq~c(ee2I74kUVzJcTZh3*FJ!SRFp^>?U){rSU*{{+YSzrb<(;_Fvl
zXb-xt6UWz!-%!6Xvu=#
zS|R^u&tF-6hdY*Qj;~YrdD__irjB3IFKmAkaI5d=he-d;_SXxk^WSN|W4Zsg_FH=$
z?THf79&0zQS5#=H{ktQN
z7A`LKdTJhAQS!~Hj(I!smipkTU9WMS36#H|NtU~Y{7nN{?oRRsdj~-bBJpgL-!oF6IC%qoP)ob@KlSS^m7u*Z
z(&}GsEZ&mp{Lnv`)1N$pJ|H%XyuA*}GAS3xrJt5U${hvAyHcLB8QvR;)SmnvL
z{w?{&Z!;@Nei7xj>xtn?^5ktKe}MdN-RVz|$4Vs2
zwde3{xm|Ne@D1f%a%n$Dl;v3d^>^_!#A=ctoB)xA;r)+4_M2(eyRi`ZJrJ
z;Kw8X-az^@EBS^5oz321YgVB@LxcTk^7Bq)rfd$DWcOL++hN+Bt*V
z>MS5n`cCTXB(JXf^-*%GbCx{LJ!$7Na?8IZudQzYiXK^h&-&lDhqNa?`R=jeS;?0r
zk@d|(?(HY}a^xfWiTjf`i6-8I{DK~@29U4TH$7e4)zHGfx>FeVTa?9^0
zZ<#@U{|33`9oM#wFROo4Pc$6&LeVYnxCez^HmUrancVWZ$fM~v^e4A`Ai0|!KOOgA
zak-XvJd2CoDp-DY+>1cBykm|VJ-Ys(JjYxKy5$}Bw9(r{-13vipXdqEM)I2{WW6qs=hX4`oZL%KV84(Tej|1Mko)Tmm88+7z1E)|rR3*~
zl3lZfXa|FmAb
z6#0czGR`ZKcgZe!d;g8&pB>kUI|@j?9pyVrk^Crf%TFTDURmm_BA<36boE^}k-sP_
z`J?17lgV<=lHboF{*>HB&&S@79~vRcjTTeBJO0_RzTP{fPCW9adcB;HJYEjT=O8~=
zRoY*Q{B2Ij`;&LpH+BS)PtXgm?&P0pO8vp)R%bMMszQ=qM?Oi%+ePxEE2LlElE>25
z*{|da^g=40-Z--Uw0tu1wBw~8Jjf&I`LGwcTNY`5RdUM*kpI*R&`#u)gJr#XkT=)+
zEq{|+eh&GL#8PJ`x#bU#mnkUuyX2OCO8#uM&Uekz0NgdA3Yae;K*u*O8z7DEaf`mcLH^F^;t7GkKp%;=jpEu0rN`5D~jc7G
za?3v@pP5eTM~^Gtxqsr5|E&{TxyZ-llm09~p43OYKDp(alb6?7xyL)
z_$=;AUQ6#&wIa8CC-SX&y}E$h@+-(+>UH{Ma?9T)-4f!C&$%$t~ZJe3pLj-Yjy>lK*(LddPpo
zKEbh}L%x2Juh4m!NP6C67P{OB@RfPjO5klix(lE8TuE>U0h0$f6?=Rw&a!%
zVjm;x`!~DRpF{4e`|np;K`7`AA_5RXZa-ZJP
z&adQ4ZcBSoB$MyfKbB8V-d4}s%aL2&pZwZ)sT)LY`QGG5^aD`mke7Wf?O#IPOpjMb
z$t{1DJh9H3d?vU2Z}O~HWVvq1!}pKn-O0VjORhZmd%f$YXDk
z{0wr-FCg!JOY+CaEq{*Ob-v_Xb)M74gXN=>7y2swlbPJ|xyXBZ%5khFx#jDVAI~fG
zN0L9+>x&8G3$IK2=aAQ2Aa!<;+kKV;
z^?p%W@+|KqmzjKIdvQ;4tK&~@{S!!@d!*E9L2h;WlUx4`Cy&}t>P#WGI%~*R4w3v8
z@?JXsagf|w=P&M)&(PPu=j44;%eeYL{|6^se}D@|ka3Lcb=E7pWxMaW?tv22y7QdD{`<+sG}yhrG1zUsuQv>T@`^
z$yd~u`ftf!)^`d0`a)i&w0Mkk`aR^Ed4dCyb0@d<=O+K7_jOB>TfRJb
zwM$aJDY@m_kY_$8`N8CtA4PulzH8_&EF!mgv6bX4KTG|iBIgS?SmpLmkzEg{RTNM5hG)TvIsT(8&qk-zbf{7~|>
zU&W`8x7OE}1>~caOMVr(TSaN-cJe60#1E05JuY?5k@qhoewF;XUgy3h|9o5WpU7L3
z6VH@EzT0-WtJk4<$*rBm$gQ2_$#Zv-_3|g*wL+HHirm`SkvwBvsWXrKL9z&;g;tUG
zo+tIUlUw@_kz4!Ek>5=z%e_iICx_I3O>XV~MBY;SAyY>AJ?m$8J?}3_o>E^2eaU}o
z-SXrU3QOHUC*GKR`g>WgZsa?%iT5Q>(p2hCCAa0yCGQho>TDyo1DsTLcUq&weON=(dXPgkjG0ab)set-=9D9eswDH_eUj{
zkvymNXI}On(hr5mm#-18Ozz)A>bE3+l1|z=jC_~2XD+#2*DNIu()qZ9DiHznszZubd2$QMMEd?j+5KdMRoQU4H17xG|z
zKA{(RT78~jEP3QlvfO#()cEBVUnQ
z+SiTTj;nph7wGYECi%qV(*Fy{C+m2fk}Z5c-0LDgFC@3;^VgBz)a|~FJV?jqS#oVGDW+*SHBVfOItx9bWw@?15fAKb}D>I3h-H=*U1rY}ry#dF>Bw*VCF_-++@8xSLjFC!o~6XsP5YkpI&2|3>6vQ%XDAlb`)9?deKBL(d-ulG}ZxQRKGVMdW3QOFP$*A2}_)
zpM3K#Y0pveZ+ai<40-e@Qs*Z5v2{}C8TqHJ;vdNu>3vbxTvE@*b78%26NkKLY^jry
zyjdja=k(-#21q_X`RNbhzT{S?EO|h6sb80TN@DRQ+7&>-!1b)
z<1Wd_E1VQ}CvW{)wJu+MfLvYG4iZiq#wSp
zzY_mLen?;6Gv$$gw|@4%E&Z00e1LBEdgNKPelzm3XQj?U^7>Q7*OS{g*+X7-y|nM7
z6Sw!@So=rn^U}eTU#HLUekGrkRQlO9Z}@&VtoK9Wko(M*TuOF5UZf}QtNmV-{JGvg
zuRz|nqx4T8xs8*?&VO2kUD$Ge?JpH
zL!N(w)VWE%NUyt}l7H0x`AMEf?~^3=l;zlVe;7sT7bLgq3xD#8$s`{{{!OoEr;x`;
zsOw7}Pp_Bnk|&HO<0?|V@a=r3^Nd-^eRN)?4Ea@k-Kj!e`INN34Y?hEx{&wM`_B`}
zEkA?&!3$~kHge1FB|qC;+H;HCo(p9R?PeLA?UY47S+^!=E
zlUtpVgz>%@^n>X`{pCJ_m31I57PVRf#ipDUZX9!)d?c^()SfkBaby*)@K)aM18;Q
zHFA3{`X2d+-csimx!n(m>lMD=tWHw$wEEmyK61+!AwLpH`m-jv^ikHg1i77u
zlqWCOLGn$>?fqG8$+P)NJNlES)$`jiJ0KGaL<+#)Zn^HAT&E$^zY!`5$i#!CCskO%5K
zS7!2AD`mM}uMSpVFJW{_Y`PRzf?a1xEYj5%q4dwWMg#3)2pPwN=l1|!rpWO1n
ztJ0pP!0+?G$NGM)H!{KNZNcjhE%sC$~Dy$(!j1
z0*xX6)mWB0g?z|5slS!nUtf3jkZ059A1;zx{wDdOoKpWIxm`y@EgHT*txjC>Vr3RZu#Tnef56YQ*z6{
zA>R^J>c=nkU-xHna=)sQD@<ew*Z%liT&t
zI`ZnRq&=s|Eq{spd1k5qj@?7wYzw+^*MVkXxMvmo^2Pq&Pq*Q_lxB6liPJx
zQSwiE|EDIoeI7!6@(g8NLl@AU-17a%>z+AAYa{Ii6KjftfyM`_xSqWK=^}l_NL1uEhe#}LFWuermKyII_5J+xy
z8k3(~CUyFeH`Mc!VdN>lO1qbm-#ICDPLR8=mi$w4`#gj<peqCByfR<>Qhk
z@sNBLa{D}l+~hF}N;}JtTfPeUyyw!6mgM$6zK-PH%OpRX-16he*XjApGID$W{yOp(
z`DJ~Nkz4*8`O7)7zQN@7zTo`9-}x97DcP-)Fs&JdfU2-$;I4
zk8hXB*XjE!ZEC^Q9zy;rl;|J|B{X+*RkTe8_{U$nTdWf2hw@
zwjpnwLE71cywGy-DdZ*QiO(jl&`XxPg?w0C*)F@u*X#ayo_y{asdJsY{}oy8dvcr4
z`$qoiyyTOV3E!WVPfhL{RoYpcyh&sE{W9d!b-kLATfQCn@ut$Ak>rOSh)*P6azmCo
zk9?>0^B(eS`W)I}^3RQ={zY=D^NKvqCt2<%^5y!zo~U|Ux7T-j4ks76-QOrm{@|6=
z_b0dK7z4;#>+4`Ua?1yiKUpR9$B^4~&}8!U+MW&M_T1xk^7vZ+B6&M~pVxhIyHE0(
z{6Ehnl6Rjg?T@49@7B+DKf#UM?hoW7xBB_XTU?g$P>uYGn=H2>xjpyTk~}D?B)8`q&yjoT`QA11$7!WKpU6*-68}Y>Lg!iH
zmY09G?PB{;E^-_HUgRzP<@ZaI=g@IbjXbS>&P+q{4<)64+L2FbDfN4jTm1p#QEy0{
z$>f%wNxo7)FJdEk(K)i*9po4F`LXll6ZJTMjl5}eY0rCd+mC*ekM1q`q(|CoeZ#^5e)Y|2KIS{XBt<dC4R4^J%2c4|2;#tSHO3{{MDNeojGd$FUsbB@ReFANwlt
z3gpT4{Hi+ni3^f%NpAU$p^emJ@1$CGE#`pd{IzmB|>KKFZy-13*mKj{Acirn&_
z$hYWoU$HC6dRYHkJ~6pxM9JkPw|pV;8&@P>o4iIt84nG~TdflRi~Qzf@uB2%$BU08
zzwtztyMjDYRmpE4Z@*Oh4EZ)a@47nI%7x+~#E_lH2oAGs*2Zxt!eQQ`VDv>O9v~ayvc*lUtp4CdC&mOo2gGQQM*MQ-^|wH;0a=TtA
zOuj(hpAtZB`9|dXw@Ul_l3RW#xl0%6pM~T$&$5#I*HNi|jNJ0)$T!87@e@pL^Dd2f9`VA5*RUh8L@m&rtKb#juQn;^emiTp+kS+DlwFZK98l-%ZJCX?HI$}IBQ
z`u>GYY?Sxy{S0AV1ntw)=i^yRJM=eyX6X
z?|pKcX9*@xepTv6s1d&ZEgyq?sD3VuJGsrvc#xOZ>!4EPHZN0=d|*D=ADfZeyi7at
z@gJn!L&$AjW;FQ$y`Qs~+~#FAlG}XBPV#vAe9l#Jo0oY^ZgpOf-`^qqAERdY{X@EJs-$zp5+JmWnalBtQEdLEuWHn*$K&clG{8>Ve*OFrG5=^%hw|xq1S8O$ZcMx
zFL`Hu&TS&O&4WxQ&s9wJm!0I6KR`ZDKiBaQx#eGycbh8x6GxAuc6_#c67n=DrGJW&
z+dNBY@_PE*brW*Sw;_M7^O9r8ZC+*ydCOSRKWoTsUSW+i#o4w64bZu2si$S>cM{AY5Tm-$V8vaht?El_^X`qSoR+{w%7=NtHv
z+q_IU@*0n&Zhdl_muXJkMDGLiBe!{$q2#G`o^c_$qlJ_TX@>{$ixz!m&Zucc7lKTyo
zI#bCD?2`7+B5&GHd_MU^z5l$K+~!$!kx$q8%CqE_ze2uU=SSX<+jY=q@}N}G&O~+P
zyNz?3mq|&UR?qVakmoERzh8>n?vwbF+q_92`N5A;r!%?TPZ&&Y_Xj4BTm9+e)00a5
zE#z0+#1D|$yvzymJo@uPayx&1LH_lNjGy1+HZK#Uo-E(`zwRgbIXSuA$H+`>^D>^~
zsr5XtFnRkiQa^w^e^hB_Bk~r*B;SSH_M?g9(Uwbo2Ki2%cU#5YOY$ekZGXH(URJM9
z?~~hn%4>3)-}ymq^E=V%%kr)NZGI;)xz$faURtj=bCX-%{?3)vj~!F`xiaN#ey1jR
za=ri1p4{elx{|lNEbB9l-1f(rvQJW$St3TeXjOD`H|PMylUjFi%PyFx!u3*L2mOk1IRPpkvh}J
zEkBREhl}L5lH2j{7`e^woFiX8PS)!wxy?tsAs^X9mK(8Q`2M$iO!7necZD*LTRuB^
ze63%S-0~I3J4crGv?8~BC-N%&BtMee@)OCc>HOvja?5WZ-=)`6XUHvog?w@(>BkS`
zHoxcHFRheDWeX50#1B=67XR63wOxvzWo#O`m#SbYejB#I*~6-6Ct$FWO6$%T1swp){<}1>(is;
zmOo3LN}o3fCb#@M@^t!sx42Ei_owBPlBZlF{p?L{d0+C$@g(1r-12S7|Ll_dNOH?h
zB>$oJ+t-oX{LVJ=wTWas&ym}8$5ryanXr>?gN6$H^0)mO8=Y^L|M`
zL~kCx-_~pYrz5xdo!sO$FH?|wp_|mLLT>Xr^~tSHbMiAfPt=#(=4*zM|2QtookMQ<
zCFEc9{AV}0&F>s0e>_3@^ESE7?>r`-sP`v-k=y)E`bIC2glsrR8Y5yT|o8LJ_K5ne!
z?~&X5&NK2`C8R%H^tn7cPq6u&XynKBb9LOvZGI;Ud5Vlu--q1hcPf+Hyi6_fe350n
zg2-)tXCS%N8OiP{?O950^E+$F|Jowk>kN5@CDNYv+?<>$u0jE`Q`Rfe>}O(*GwaynO5@a$SuE(JpEJYm$T$H
zUvrf_OEjtfmfZ4R$xEb^`te(b?|+-$Nlv~%KhGp5xy`5KBkyri>eeE+d;{{bdi)$f
zZut@9eGW+dmE@M+NWQnSvt!&`5g~(pZoIr
z<;ZP*$Dh3Ra>+L*xA)z&Coiq{A4Zeg{LWCArPlbR-|YL-J$DEkA|4W-Q5XAiq;u`e6sT{oV1S=o0sfH{9T_-Lff3MH+ZYQ^S%zfmMvq*nkB)9p>d*pUpeNNtGlGOQ4ZsR9%=kVJl
z{%Yy}oP5-CsXvgsi7t04`DT6IW-Gjoc-C|GVh%Cl2{WeU3dDdC>y$
z`#H$%?>FTm-@aDb-;6wu<3&E?t24QOYN_9ke62nYF_io-U&&7=xBNWv#l2;@+sG}y
zhkSN_$zLV6{2lVvaiu+<$;ay7A&ML%|8B?gz6oV~CL;f$^Q`&F%YT#KFG_yWP3lx7
zw|oHkYrRj~iQMu%$TO~$Z@Y
zimxZ{uJf?R$Sr@4eD^JB=QHv$kHz1Tm$)v=jn-ZM-P&*Yc;wS{Jh+p$^_Myx2
zcgb(IZp{o?pfNEBtop(M#$iCAag}?BtgBB+t@F>Xsqjm|naJ`4k;L
zP020amVBZfXZn*{{|qN@8&j4$i`@EW5qZvMlHW#de}`o+`IkeIzesNRo8(b+KY2rL
ze~0A@d4krmU1Ii-<=B2?`Gn;AV@o~@x$7PI{oLd+`ioa2x6hYuNS-~u)Ne^XEuqvI
zLcU1bGlo3BzVCP~xy@t#Ltb%~EcXz3v0LI#$ZcNrBYE6PlK)9QrjvO3p5gm>e?>X|
zXCn`IEcpuLopqj~I(dRqQnw>{)fD1?k+1n7KAGI^*Uch-cUs!BiG1&6sk4i`joxRx
zPj2~O@^(w4PF#KN(#GMlBH~HOlk4?$QF6a-;uBsTYf9K>ln$OCAa)l@_hPt58sko{wsMLeNHb)Z&^Rp%=O3eaK7b
z{ptqfmTy5GDCJ%3bKJQ-6DWW3AL*ZsMb`fwd0d@O{6=oq*RFlS
z_uJCrQa=s3ecpIx@-})rEJkk6OZbs5A1L)3kXyb5dA-JxA4b0JoA^@l+d4nJhuog8
zI7M#HMO-3(_D1TzB)8`)zLQ&>2z|r%XNmMuCk45Oo8;1y=cz9FLgbb&K_271?sF
zS&sFmeV%`E@?`lWSAg8|#mLijlzd(C5&C>cQ}UIWWqkG~x7UTiME
z*U(>RLT-Pbs|)!OeScyv@@rLPxx>j*KNVj<-a+rHuOMIh-Zk_WwvpTX=@s%S`aIPg
z@;d=i=PkL_i7`mpW&M15lKh;2eBvVUjO3TciWepSvQ4}+dFSTh)yb_r!^pq=CG8(a
z?vYM>Ho4W=MLvDGU1Et_3BPOX^_+zPHyWppFH^)Y0q+UT`iZLE9oTI^@6Z
zpUmX;cS-ENh4rV+r+865Q19pXlH1=gDNk{>V54&r
z-a4XemxbhZUvwS0)!9bgsg(5NS#rCszfT@d@AC(fUwR_#aTywZyV!G>vB@{(lw4x+
zz@_3j$Zek2n>_Vv$@`M`UnlJeAh*xoX+xe~??-hZkEEX$G?Lu%6Upc5eB2uHtFNS;
zTgadLMF{wf>xs8*diwmM7vB(2-
zoV$}--h;ezW!dj4lG}A_4f3GkvfbN}TfcQBPpaopyU5#k%KGdhUz1eYbDG?a=QqfA
zWt2Kk$?baoBl+D`l6M^$zCS1E`*fm_zsN4ROyqX|IWM`@@g}$D=_`@j{f8Rl0V!m;
z?a1vuQV{vrj%_@0M@}hIZ
z3z6I3O|M37pZ^d@UNMQ(2_m=ss6V-VPQr92K94-+3F-fhkLY=RL2}O`(*BC%_Wthr2TwieJg?Ii)D$!}qg&{zDw{K`$g{&Wf(`X6#TZ#+(J=X>YK8+?=Yydt;rM*I70
z)^AqFbwc?5e?3cnPE2m+jj70o<(KiFkKE213zI+B&zGo6{_eRfcOZGkGcw+Wk!R5P
z!a3wSK1-d&pOKIMlyiqw>o)7t?*5U!=mTySz(N6OH$dkvAewa?4L46bX$`X=4L%vx(
zn0%(5pGVT`JR8r8)$RJvJf|)<4dtJ|mGr>E{*X@AWy5f5Q5mrlUCZfjNI~T$*XC8KY5WhQvVpaz3=)ax#b^_ztrR5C-Ovk
z-}M*y=#SF=czU11#=qs0kx$cncJev;c{`ru2@*;D3gnirPCh@e=I7dL=hXIhCbxV~@(X$%IFa1)Gsq7{lm%=ckMAe#+(G_9
z&jZhsTmCwE;<8fz9l7PdkvFd-`S{c2yKS#_2c!x#eq-=hA#@@|Sx4)0zB}J_j|D-0~C2H|z5r8_477
z``S*Cr%=C3KJuNc*HiLq_l+d~N1uONKyLXJ7$;<0}&?<7vZz8X#pCfUSJm8!3*G2NL`gc^HkX!yWc_h6b;;Qp7*8d**oO5*Y
z8v2|}DsszbByX(wg5;YsOFtJU_tX2g)yOShhrGJx+mr8kE&bDt{Efc8j3BrC1oB^+
zUqoI)&+}K2@5m<0-9v8qBjkrQf1Nx+H|d}I>wP=ME;nvQ?HlmE7`k$scNd
z19>7n&g>x1lSAsCBDee{a$n6qB~S26>bxPZqUUu{^?r=)kCu;1zDD~e3%TcD*^ar%
z4>T4pLvHyhct
zulv_K@?!zg&Tr%glZeNfFW;^IEuV-yP8-Q(Az#~6JU4lrZ1TERg52`u$y;c?K6z$O
zsneW%_g?9rzT}o4N`862=3wm(Z`r&RR3g)gN}^o8=>*4OICBd-)7xoqV2{8AqBmd{WA
zt%1}pNpAT%zeyF?T_IXyp
zBudgm3+;3>4(zf?)tu!8suG%NxliW^+Qkci+Uey
z7UfeL8zprMlNbIV
zUY*>|#~PE{`^#FBzt!XCKyo|Z8&7WUFPlc5JdLz}9l5?ir=x>7&Us_@&z@~Oxd>%^fq`R<(Z`@ZB!E{iuHxAW(AVwhkVj{sehB){;tPE@>zwYoi3~8dyJ58j`xGu`FvdR8M~!^
zDst-wcXAt7`N(bD`jFdl%abS4ehVPC{k;YGnxfLquH=>TBTH4VAd&rWXdKk_8cT1$>&70B&<
z0rko4dFeLfR=*2*JUu@dPkzNs+CQ7z-ruyCJdeIla5uTVzv(dfDSdwC8o9l{=^lB&
zdTGxG@}_z`|3N-HpX6h&mG8E_>~%8-xyLdYhxy2#rjY*kBeyy|$-VTx^g!~;<)qGJ
za;vkEJWeuc&rb3s`(%BtlH2R`ee&h{oWN^xyPx)n{Kqw^AAMc;ezW^^@yH)||l6I~mxBPDMzaq)@I!SK%2jnro
zNd33umXE6A*T!K`Jjo{}w|owA*C>)NL~eP1@|=|=-+*mZvGD|v05Urw?i{J6b#Qhv@xZu?6<@`^pA{l4UD
z;!2&eFDo*}xlzb(04NAx1M>w-b#
z&#uUFr;=NKF1dFcS?)G+yN)wnvS
z(~;YCL{{?PFY^1oHA+!
zlG}B}Me;oTr2TKn?RfZ`+^!>{Y!2VgGj#lCAh+v??Bq{(%kP&Zx9fxgdTo&4qaGl|@e&kM-^==)jLk=uT^o4miDwC5zbUuyA-Xz{R+-8Z?PeA@b?ZtW>XZtbZ}ZtZD8p0}8^yA!$f=Wy~0
zBP9Pfx#d@rFSsV{-$6b+hxk77a;L>llY7q;zd~-WFK@_q>2p?}$y4cbH4(Rl-(FTf
z7P-~WL|#VkYk82b953xGMsCOXO5}Fju1P*qpYv=@Zu!pS?J~;xj3T$={B&|V&d(=*
zR!!<`C%5DL5pp}upCK=oQ17|*7iB|Zar(Y6wogB<7i0^~T)*CFpRTk^Ce_ew17_8?EG-|yXz9N()o
zmpnyE$+MJvg}=1Bo_x1{AInbiP+dl1sbW$s6f@xt~0pe*fWP
z@=haVJYSLL4i)##
zk>vSxem)XO!Bn@#ZQt~>MQkxk;l{Dzqmz?e!U>?rPs^v$pgkq{up|FfN@5i
z)a3K^_hmAXpL`&BN|U$N@1yV~Po7%#pL*n&uQn&ge6>9}#(y|@2mO8FapeE(kvgZ7
zqrXeYlb@CCvYLGD6Y=fjsQ&;t>c2uBuY%;cL*Af`jL!>lnmk^N|58YYd}7-kksFTyunV%)0rIOJea(TuI~kr|8rFGFCa(1wvo45Bk_C5
zXXt&}SIEEbkUH;>C%7(o5*(DjF>W(-Jt8^z+WQihg&gyo+~k<&_>klKhntW;PA~ae
zlP63f{v-M17ve$WJxWV|Cy-y!f4_bv`4C+fT}IwixBFW1mpWhENsfBL$X5)IdajV)
z*Y%bM(e7k&wEG8n!XOXVpS|RX_49)BEzz}{f!&Ref9jao%~y*4%;PlL3x~xys2JqXC;4gOzJ5|z9W&iA9*F6&om%Mot?<943#`R$wS*qorB4d
zXB0X1ht=dhrDM7hZ6+UkQrZnA$8m9qJZ3(LzeyfeQ2ZPD{bk~D^nDNG|2&KID+M|F
zm606%%1Ms>+>d-r3CUlZ-2bE0(}EoB`jeyG?&N590(qk3((Y99`JUnn$kFa{amiDO5Xl&$y13O
z^NO0}m{)Wl-#c0IbSF>oue3Xm9Qj9*BmYA3ijv-A1^J6iFXPI4qMMLo
zy}l254qX=-NFJ=$rz6SH-x=in_4l3Ulb1>${aQwjJUhu->Tz^{yl+#GMcJPx
zlH+r(VDcDAC4M0}j<1#EIKB>&Zz?2tPLLl8lX196j{LXCk^c+%#_uu?F;7Gv=TW8P
zaU$~n-!A0EuwBR>yp}wE>VWjBl)n5;@`-928pNFbyn>E8T5U~i~R4F5?`KtVg}hy
zs*)$xcfT@~2+Xug>KC
zwn=<1^0wg;KZJZgY@>e0p@l}U>#65}cM2_RPC;9hDGR|YjXEl*L!Q>^U
zO8gx1Sl=Xm2l>vv5`T<5^s2qSY(3;rbac$4FPjAG<>$4maQr0OOgUPq*1=1|?
z2wewQN{-(PSVO*CucuCvOR?vT&QF8%#Rj^7K2eNM&|AFor@`&7$r!D!zC$hb|kuOdz-jBRf9LckSJpT_8zn*-DUS}O7PcmBK
zL&+155Wh~IO4p0-lK0a4ke`v?)_Kbt^7dYm|6lUny8aX6ujt#Q>{oqEo;#j+a`M>&
zC4UC;s-4BNk#9*O`$;}>yswud$8lGK9LGx&a_qP5$#LBEB**bGh&+E*sdFrOu~jk-
z^T{zESWccboy2b?$9-;x$*b${x%^4KTt7FtMUMD~JdQ`)pO%Vz
zP<|PQ0_4~(Wyx`WnjiTvJ+51m<9@S_xD`_sCU
zr_y!)@#MJwZ7TWcdD5SCY6}{P)RMbQ6C=j^oHf*EO*}
zHhX*Yx%$I)u?BY7nLI601^v*f?#lyP`Qj^pSp
z`IUJRpYWozgZ|<;N=c66C_DL}iSqiwrl@qiT>B()X7ppylB1rN`9LKa3*rpnTH(n;o{_|ry_ZcMzX!?kfWX!*19ptFz2s!FGLw^2-)N_p-^*kg;J#WZS&o^?^lR)QF*dI_&
zO7dNmr5-PGTrcM)FI+z>)+qVW9j!m
zt|!O)@@{fmFNBgK|5@^xZ>7#>b#ZbZofkDG
z$Mtn9@`QR`?Mq&4rX0V6$q#iCpHF`F7pZ#*`I{oLpX?&XeSMF}2c(xg>90l~2V6&c
zk@tx$^%Nt=b#z(sdJ84KJ~^(Vn~^{LS>oG~<2t$v`LB(o?f`OJM-Lz$c30v@kmEXf
z9Qj!Np3;77LnsRdJ{R0uf60rUQUo>Kfge}>6(mNI61D1Ka%6R*yCFC
z?H+hX9w#Nod_FTd=I6P{_d1KmQGd#iBfc^@zVECxImV$IIp*_$>!@$@bb$j`{p?@@c`+uY2T}
z&p#s%EHCl#^!*>>fcbnf@?v^E$<1C;>hvMUe7+KSvph1M^~iA?wI#=K(V4vOZmEAT
zIpTxJSLBd7=aJ($T1AfIXcKwSU!>g=fbJMgBuUspkVZj*D;PKfICn)HmgC
zY%j!TCZC||KV`{rT=PE}Ur$r1mQ{GhH6$Gq#|
z`h)F`aquL^JRu$Vlz#GhA99RyMRLp&s*~ppis4GsjvVj%UCFaFmv%>xBYr%2n$|H~
zFIYy7_x*L`GA&IgX>@
zM;*y;=zSw2$#EP_ARn#QgUiWr9IYq6HDBudlN`skX5=s0N__$3
zm~RgtUw2H#VJbO}iv{GE4=*J@Hdfj_NRH$53_0f8*T|7SoIFlx$^VTU^M{0wwBHyF;&&(j-t@pu(l4HJlmOQAKY_D)~
z%vT?i2kHG$U&t|Ejj5maV%!GJlKhFtF<(tVe!rKDLq>AUSF@AX)8D_yPmcL&QS$0Z
zq@Hr*n6LVgcU&Uzb;u9JljE)>Ip&iA^k2*
zM2_S41o@^`x<8QP_7^;lA8@+a~)_6HolS;%qx<|jw~qU0NO-qL^^$8TG5
z9KW5&)AW`4#*yRrolcJ9cOH3ZT^HL)j^po@%_v_$;0)y9!-usOUUv4%&W;e`AI$3$a_qc{w97Fy{FTXZ9;-=yca7B1h#cp!mgF6Dp4@>P=do_&DQZjpzT`NM
z4JOa2*WIJYaUPpUJ|$A}Pb0^9X#shb1Tvnh$#I_9MBei!$$yj_@u$c;m5}kjPmc4_
zGxDK&e_brS&plyObIwOrI4^mUHVNf$Z;N6O+I_1)VG%$=Yb>So@FKeGC9rzx5#hn=R}X#
zbzbz6{DS^|&_{Bd2fmT743+VT`!f1C<2;areAyX^OGA$HKxXo~=Hy1@!^tOINy4>%;_aF`tNf08de
zEbZPS$2dfgW8L5%@-F)O2%dT!hT{n1oP`|g2HxZ;bpBnD9P0qp$v^3Ro9)OE-<7;v
zJL&Hja;yXVO74|c;+K&lejWMO+!BA19P0*QJ?j`&*S6aJO_{^S`_ivLJ{Mt^U51Ucfzkw@m1{;nfGJ4y2IBFBBO$H;NNVi-B@
zgS|isr9kyqB=*B(qh*Guw@CEuG*_W$YRL-qGkeiv7^$s-oa>vNIE?jv4={D%Jias~2|S!A4Rk*B#V^)w^@`>y2gK%Tg-_|N2J
zGD)5Z!rk$+WhNghMj4Fbrw>Un$zdC788-&yhx4thdB=^vDhW+Ge^*n!ze2DhXad|_*e4<;{iLh4&e
zeo?PyHnZ&ED%g(Gb^K3KJnoabOnyP{Yr021@3z$Wjy&UGsq;JepFhZWCjK}2
zI8VJGdD4?t)%&!)$%6~X>x+@s$RK%q$&>4RtR8t@{XDBRIj$3aB%gao+U-vsr2E?_
za?DewlArOCIv0@N(cd3gP2QlYw7Z?$PygMPBjhPJNdCXbxBo4ElRUnj$DWd3Z7T5}
z$vvlw$ND05VZXYe?{}W$)04?|&rI&6zsHx4{6s;?Uy6LqH}R_E_&tzDC^@(ffY0
zlArxu;>wZ7OC$MPlBcdN@&4qQN{A03zoPs3H1gP*XA${C~*zRUz8L7k-VbrZ+iQtBfq8V9&5=H=zKnuyk@Ah`;vTD
z3K@qFdQD!AotSaaVGh_
zvQozq^6>TI`2I-jhXd}4@1^)Wx_)|+JgZ)RULv2U`{zCK?>c{YO}<_4U;RqnQ9s8|
z<{{ewbw=!zI&+cx>*rF{$P?C<_%7sm+lY@N-=_1xE#&JKOZ*w~-Y3Ohk?&Pc7$bW9
zjjGDyeB>?F>yY=+`+<9rC(!+BGWlpd&o3j-dq>(mM&3$4kA6sAMvsfQdOpVZr>H0W
z%}rii*H!Sn;E0dV&lhS?{NWptrw#cM{eJb1ZhWX4ALYj9k!SLf<0!<9?{eb@-S`#q
zGrI0^+l_y8R8eDpT>H>K_)j|+>MuW<4wp1>GgYSH$KRXk8tA)$V;V>?Y@&d
zhVIW-$;a=Oc#qi8$Dv9h@r2~Ls>=4wKptB?Kluu8$y1hmU=C@o3;C(^5K7|e@VVw*Q-C1C)M~kaiWjU1|84jIJCKdj@k
zgnU>@$+Lm{--@zd?I!oo@jp(!So5DJzpvwei+qEwyFMkav`6asKwj>&^b7x6-UVQ(a`FUvU6Y0UjUF%g$qVF^yrsz(*OmIKkq_P_@lD9H
z>F1<<$cqn`_-W)tb)A19d2ug^UqfE#k@$AG^8LEb+?>3({=RBEa&UBW
z{rkxC+?PD($bTCsew}=S&Nm*B57W;nBFVkX2_aA@Lo_v+I0j2zj0^68{_d`^@4i$&;**aXv}jBa6g8CI7Zv;$!Q5Z5W4B
z7sd0D@AZ~EwaFjrao3alhVF+`$Ul^m{L9Hx=;!$R$luSF_&>=r43&CrlJET>@o&jj
z>Uw69MDjZHx00^wdXcxNEpesEYkU%KPrgjAzj~5SJ}C8!BG07nUkk}w==^C7c?!*6
zLhq+W{cSo*{>tQW3(9$>3Hcq}-vY?z>gS1*$jjuB{w^k8wnW-3lti9KJ@0h?FGn7#
z=eK&~Y4y6V3Hj7flD8H4mIu;qd-Br-q`zIrTj+k+ll(;;$oI
zLtd+=#BU?7TuOW|`Sm}=FOaXPEOlNd|CU|i-;#e!BjfOyyyQpmvZIO
zu1J0#^4Gdwl_DQGPvRSpm(t^~J9({s5ykIyC0-%|0!ms0!{U5DR9-ZP)X
z?<0>lK-#@YeygqY_bK^#eLwn0zDm!x@l!}X)OknG=c&ny>ijG>`QAoSXL0iFxg~F9
z@}>Iz(u6$hy2SgF<9(+a`DMMX97T@!N#wH*NdBedh+j+YwMzPRlpOJ=$!BW(19HT_
zAYY~NarAl@KMqFGM~=*WYT8BfbIo7QK(UH#y=5koVX3uc_pSpG}@t
z*R?j0BYr3OQtfXTIpVL9C)0KQH{{+w$+&$czo_dZDN;q>|MC8qf&8ZaUO*{woc}A4
zub3oxTaq9BOZRi~M*4a25b|U?4x`9#){=hBBggyo67pHP9(aJfw|;L!D0#_!Qs;g0
zb^5;WoIH83#K%u9e`9~Ht@8&@@(X<=t{^$)4<*P)rj-6RCda=A)SA5XXURW^{EJ@C
zjwIhdQ{sOopX?*&)#c=Ii%32D$j|Bf#WC_DOCPW8$6>-$t!@&tcNo&fUYy8bqvywx)q=c(kyvPqtm
z{+qe7~-H1dw0RdFgoae!4zCm3)l8KdmG$d|vvskv!L2
z@lf*1I)6Ave&>+HKO)~WRQmObyqeDcVf_8{b7cIUH@uWyuX$7aS6z=PMBcxV
zR0>Tw!CUi^&YA5UI5t>m9dUT3`cO7auqCC^6kZ#wTiO`f;8
z#9tuKTwU@%C-*EM@$bk}>gNuL(#!K0=R^f1PfGGqdVfxS@-lnm^~J~wHW05tzFY6t
zZ9pDJ@1O2Qj^E=8B>&P&@=qa0{4DY(8o!ks@q5S%>hCFEAxHcj^7I-XJ45vGynRz1
zdz1Il`@ss4uO2SrUx)ngFXBze=arN5RUkR)988`?KX;o&j`)S-TfC*+J>-Z#LjFz9
zvvS-d0lQ
zW%50`u5z3FKnbbGBa{4%e$B^q8TsM9l0O$Y;tP@&&oA+{$r0a}y!9Zdqdz&~hmju`
zB>5MSBYq|M)%g;Cmb^<_Y4;L&%eWH%i9Gz1_;>OtW5qM+Iw-~y@j1!wHkNiPlOw(s
z`K=BT-;;c4Z}Gw8H42Fbk-yOQg}LNdZwVoP^Fs0*AV+*C`Fy=!{V6%(-;n=WMe--h
zB7bAt`uWIsrX}C1pKBB+@6=IVU!MGj9+IaOc{4rEJCJ|5C3%LBH(4(}o_zL5@u}op
z_ls{NZ=|1thmx1ke;?rjIr85iznxRg4`0Yn>HB!ftkOQlvwSsqoRNHle*Z~n@+H}2
z+REgpRVs~1(b5jpa-BHz(O#-}g&Bpv^efpPtWe&PEQ)>HhOBhv1l^W<;7O8hHw#D663rJs8y%@%!sMm=fBTOO7C
zg~;*!73InC{S{ToC+NJoEjhlwq9-}Nzv3tI6LqETDdgFENu5jG_*(KF-zEM4Ir4;(
z&%Z0}-XTZ)WAdD{B)>;?8fUFDKDplziT5JM{#J|}`&&8kAiaN}B{{aQKlztj((Z6_
z>_6kkOLUa@rR0cTOWs-IkC3CDQ{=Vv^S*oJ*xw?^vA_L8-n~RjSD~JIpC*nw>~C4g
zvA^XepQZ0FmC5Jcl5uEAepJt^oydz7l>MMP`2bx9>qDMeuj_H2De6bNBPc$}dZ}kR
zIpXJ&A6qB!e~=@7FZt9s5`U2#@i)n@ZI<{CB#S#l(-V)uk^aU0{QGf9XImidOu+=a(}&_tv~s)
z3zBC6c^&<|p=IP_pGcjD$XAz_?S7WLq_cxX{kcnCP1mPhlViR56ZsjPucY#hKAt!~
z=O)KGc46{8W##pC$?<(et;zBIKOM;{>F?)GAkSM_@-HUG=klw_SMQbhgXBZ1h@T+e
ztlv*^hkVQhiGNI9WT5zWa>U2e&lPbVxTW_yw$S@F8$K99+>AC^2H
z$W!S2EtZZe#u@v6BJzzZq<$}Q#OEPT|4rhnlF!oh*dF9-^t!Asd1}26nrEa-^mfbj6A=7{<@#MxZclpnEa#8+wYO@
z(D%)M-FPJV!>=-KY4b%NXXMF9o;If(7sbgDUygiz9Ld{^{K^yYR^&-4hz}v38z8=l
zd`-C2bBTP4t^>!)FR#P?Gg04nijt@5BYDb`x6|XO3VGATlD9qi#q5%2Ai1wz{|+ZF
z_d?<)lY4)b{4>bs{UGtn$lvIFj629Z=SrR{(&^zk9r@@5c0Wuq`g(-H^+-#A}`-VJXXo*b*9qu
zLlN?YI)58mDtdf|)^c9jN?t+F|Ka2dLS!70mX4n1p8h^{dGZ%p&qDG^Z{+o-$y;<4
z|4d#crg-i$(c4Y0^Z8lilhaGT{v;o$_se}Fuczw?K01HI_Gd2wB*T27uNm9%?-JeAJBW0sHJZVG+>
zElFN%jKuXIKdSv*L_S;hw=3i)_4+8T9)B3;jh&><66D_cxn6hj!Fr#}Lh|D6B+qH`
zLi#=A&&Z$Zy4f2yp0r~0@j-lQH(r#yK~vce>ydlMki4DAC+mGpLFDmuz7#^9Pw#(N
z<;D-X@lZE@n>mm9C(#;dyVw&c(B{@%`Re3%;_
z>&BOnXZ}U{xklZ26i2tA)3a;F;~IZTdDgs=Jg-fBJQM$&;urlb@o{|RZ|7%x6Q5cg
z$Jf`p5|`1$Cou8(DLz{!i7#T}6PozS6u(#JIW|s)@{B@N4^%#i{BmaAyhe10=YIKL*9$VKV|?)ax&_J4>oM|iVfLs-zFp_rolKrxCeIj($G=Z8ogDQXGkJEJJU86L
zzcBGTOnj`G@&NtCcFanS?O2!`+p!WkwqsLurc@UkmVB^&o>H6qk$%qDo_wUncOie7UK$S|N4tZ_J3W#3vE(g(6b~VP
zH$#r2)#^^vMhSI2aggHCufNFAuLtDl*E4eT%e#&==KS1X+HGxoz47tJbqeCD^Q!T+
zCjPZLwioudNOFv4LR|+%{EV5d^d1G(oz!bg{(2OT{G&|#Y7;+~;?eE~6TiyDA9E9b
z$;7WT@h>PI$4iEK66E|`VdAT(qra6G$dh%+2iK7KOk46gx_|Z}|3j}UN2xnmmz#Fy
zQhb^D^5hcoZ~8gQT5=rMyUB4}pCrd|eN)|OZJDVjPJMZRaX|jmmXQtI4y()W4MCv0wdR;zLaQL*t8$f2BOAr?`I3jPb#F
zpb9yT_nPFWr#U&sxf6N$Ia1UB@{_s_KV033T4d^?hCFM3
z*JkwiqVANk(A1M(e-Fl?-;MjJV?5DrM-#7yqN{-+6n{nM|D(z8ssBoj{By{+_mHAi
zlJ8aDqwYlMA?m8lo(*FWV=j$-8EhLUl^Zl+Kts%9-v=1za=Ke`7Jd$#xo~5
z#>{lJhF%JF6F%F~2F%Hwov0trIcS@gX>OVs97@t=reu{~Y(@Y+qzlcwx?mRo$
z#8;sB$S?9_J@WPXc|=E(=U0;wPE-&u-!qHkTmh=R^~q
zO&#Naa>s-qhIiL
z|s&S^>xyHvD4>LZ-cm(DD|2oN0PbpnbcsngVRF3hmnPp)KPq9=pUUJfHcKOo$T3goK;A;{
zW5n;bp`PN?B>yOiAENhbtx$Jb(`#vOqcP-oUtU6v?Yob>
z)*k7^F?HwBVAHP%g;Ob`NOeCik<)Kium
z_0%RuJ*~;HKMYcLn(SlR-Dy0)_&Lgh@xO24dz<)w-NYwqFG0@FUM4=jI{G`Uv^-hK
z#P>AugN*B?byP+Vk2#bFb?!9r-A$fz6p#Jn3OV+ZaB^&y*W}nPk>uDeN&Te=^cUA(
z+0~tAyO}!6P(14NBS)Qe$Z?)&N{;$FlcWCr7=_a&3Rv&o;W;CgnNcx}oR|Jk^9-Q@+fF{gFi^;}+69r-aotVfRdVRLfK1G|!A
z9ypL3^T1!#oqBZ0T=guac+|6w9QAA?M?J^LQO`wk)boHG^U}}iPMvzHcGa0nH>%_M
zR_5|H#&v4o@_y_NzJME%kHpRpeMV+o$f-qfr$L6{u{-kUvc#$i~iz$AsspTn};0zElrN|e=~JwoOQ|8RnGv5$2@0-iPxoT
zSNvLvM?HJUQO_xI)N`F2??<21ojUa+1y{Re^v%_A{fNfpLB{o?Etk(x$9Q79tT*xc
zQK2jTsGIn!CSE@>b;bWf@pwOqr;`0#74P2G7^Tgc^;jMp-L&Uj7Z
z57ki*_P1B$*xx>pV;Za@4t+9Chv@N1f-@ohGZ9cAro@>P)7SU?;SyiT75=cw!!ff5#h+e}B9*#dmw|
z+8sP%}D3pM)Iehcx8qmp3{3
zRgxUXU3GFCckR`k(#x3o2U0x7VTy^@OH)?^7NecW=qj
zZdP3!aZ(gBc}l9IU)bL&k>hx&Nsj%h1v&PsuH@LS29RUDagw@IVo_6P2*sn$HRPys
zD>;sfz2vC>G&$I0$>dvDArk)eV^BccSd5}Ma
zE^eZJcv0aA;_tYLe@Bk%{hYd3&;6}SzWRVP(p24fl-;zu$aps6+bIv~kD(uOIH6u9
zKAk$(lh?#&HSxX_k9D3}`8Agse!^u%+1Uc5D@Zl528TF^u52c*aGn@Jgs3RWpkP_rrM{P=u?cRs{p?+`n
zAa$q7Os3ss#xokfU_68IXOti9elhXsO?-a+aM7W3#{JaMU*u_F;?tV=0E)-D+#qt~
zSx%01x$WdL^!oO=y3?f7?&7Gwoj(!A)0leV4V4F6e|9%sf;^KRWEIq%Y^hED?#5FY
z528GnXU;S6DNX!lipTg|GVv)){0lenX@8a=^tag(dF(}w{CUYycM0+|`X*e1e1l#O
zc2IX(OK$2MOz~)Ul8N^;@gWqCdDGI0$s4HdJW6Wn-)=mK@iUYM^WID37|+|}nD;&=$2fl?$2i9u
zE=6D*Fz-!Ej(M+-y7Q{Urv4ffkMU_~;uD$pJ`|5SN0Ot?-^fwtVsg~EOWkQQp=tLo
zibtIvO?(0qpJaqQ!1&<(A`LmNTeFhmy0tJl&L=h1omS$TcH2`t>g;dgmT
zJNZbxFa0?AOZ{H58|qG1W0?Map?GYUDx)OG_0z=vY+QdO##PXCbso1R*RL{h`83Lp
zaad~NznJ_-C?4A-;TY+c^HXopbG@pfasAa(mp4<#IN<%F9XZaoy~%OD9cA+WW9qy@
z@#xn>^4EG_-%FE6ztY{6E&160^-I4>$>n*}x&9*LsNa_y^*1&7^`D+~*<@o)~}U68Z6+@?bkA9Vh)oztC<*avT?x$Z=dWB*$^lfgHz0UveB5
zqsVbwOe4o}u}~Ha`H!*_&&y88y~NZ@x*-T
zH*)O%OUSYRY$3<~bC?|SjVI*jZ>$N?w{P7#@;H&Y^GLr+$<>Qe#`P;-U0$E^pw4#W
zs55{Zb&ep%yl8>CQ;!~^u6A!2*N?bd{+9Cme}5-R|D2!CT#@o4pE|Y+?qe)Vj{6u}
zkt2UE@{xM|-(THn_o-<&#P}2AA1M#=$DSnhqt3Oz%Hzc9&Lh2r+Lf)i@kb_q9m<3K
zxidN1ok@=Mt4${VLzDlh@dw6p{37)_KkpmwppJf_-5%s!Ps)pik-x7edB>Xk_e}n6
z#_t+GO?l96xQP!p@t@qp$I|V9`f)zYqwZ99$K+{g{I>Bvln3=}B9A>uUUbalxn=Ua
zH-6K2qRBE&s1y0qk)!^y+7mJkDUBDg*`e@yhjOX{3nXlRxE@{~n*#>dv#*OnhHA@#9VWRTIC^P5fGNoIm%H
zXZBH`dxRE=dx)xh~m-i0yn;c
z-0!v2cfjPoWb!{Ve$jZ0-{f_uAM3ga$+51Rk{s*0ImofDTZ|m*x;53E)-RZP+EYC0
z=|+xv`jVrbQRJv+8ae7&N{)5redl#D8}apDI|!-}xD4;`6Ix
zyI?)GI62yFNdBXKe^CeWuKT3DAadkcKz>mtFU!=OSN~<|yhicJbB`RKf4w8`dQ9s1
zV)CCe`HM`G=P?e*Ux&P?eqTfrb>~$$MxAscjh`|3HyS@}{5a)DyN^u#DHES!y430X
z)UTFyJzGu*keW2U^moyntb)vi2~DgNPAiJwJ|Iv0^+{c|lj)<2JvW1Z@Ty3?9|
z#fGb%w-k?dW6hAdoS&htNcoXL9pixcc@A=%w~LbFyj|PmKW_4Opm>Z=4|3EwkR0PP
zjvV8&jvRT8lb8EL`u|Yfd34Ow`IX|4C#`OOj1RmhdH(p4tgO0|Uw=i=^+XTjM@+k;
zC=cHEgUQkELUPP!4wL^CE{*(6j_cF=^$ShHmOFb=prO-YXH)4b}=s}7s~
z);E60cz5FmjR#SFjKee&f560Vp?HkvClkNl#3!8{y=1
zJbO)^b#CHA$$#l3FFI%P>@j&Fjqf&|dQS9yq0XG-sI#WJ^Qv7Y&oJXVjnAMwIB%>V
z$9ZELInEmwP5vDw|8t5*o%m7@r_SvrKJDD-{Y89ZH{OOE-%r?`{J~+#+gIIrw9T};
znBvjy2J$4o%8Ry}Jb#!x_bDEE-jFBJ?``;O@@zGEGS8EGou6Bb7gxvei|tjN9NViI
zIkwjTlYg_xKbhiD{}L0w$;9t+6aUVQezR9!R%^WDU6GV#kze5jlF8zz34iGS-R
zKFPx9!59CD=CeQCC
zPrAi24$e>g3J=$_h1Id2Wlz)J>y@BHKy|w4ay&KC5E|8<$o8&We
z()Wryq_Xt$qq_5GzSiRWl{7@2M}N_70d?ouc_zLJ#iO3VCVsAo|IJPOauYwt#P4+z
ze}WwI_ABH#|3sMlvrYbZOQQD|^;cAPo}FdlaX${m2m3>3H+lM!V}Dpl`D<$%J1HLf
z!vzzsZ-K5?;NOXI>eR0sb$Rxs|J|<|>dv#%U6JymotyZ{dvclDc|)(TZ+dx_cieoO}i7_#4mH>2gu`Ikh()n
z{s|`kN8{s-Ct2~|{mriKJUhpw%uvHr7C
z-D!7}X?H)xBmX%QA7tVmQat9ppU5$vjJqoO_+UQit?oQK(&Vo|@u;V%i63F&CmSDb
zd>Q4zc&;Z${$1o4&y(aB&&TA*6G48ag%p)!b@XwFm07$rIr3B{$9~>`e7Jtj7f6mg
zBgk{=#pq&k#IGht{m03tzLEYUTO)rvKZlv|_g2UIDe{*y@jsjR#%|)foA{w7K8WIR
zf8!)_+}}8z9QQXaCC9q)UUjEmLrlAWQ#|_h*u)Pu@sV!gQ?C8rxD7J#`P6yb8kqQj
zCcdki_~9lVb5iGJGbtY9wvZg-wvrsE<=xbcnTI3D+rSJw|2j;T9!2AX!?QvCmq13B_1SRZ{H
zhBT98$<>`_`=#lfXP3Z;*ozod6`F&XQ|24+vEwOc;vZ8
zjyfNcA1f^RUz_~BO#aLpJc=
zlfQ?_zmwvT|2X;cK9c9G$JeJH?%d0!t+ME16C?5F-
zlRwcn&mfbhoyoJ>_z%VpQXb_0XyV(N_#|8YyT9qlv7S&!-Fa0TlPADA^ODI^!{qVU6@5IBCjmL$N79n7UoOeAsyo@L
zoBZ`C9{HP-BY$V|o2MjMFO$ET$v>ask$*M$!%Om_%_dJ(ljpkeD#p|8jy^uvE=ARy
zXZ=ikFXNSsuXU5>n2Gl_@iF&AZx{VaM1D^Dm6?2+UNlr8$L}N5B}e{dUl(-C``sB#$Nq9Dz|>rLE@p8tGxXFLT#FsVkuiV7P((5p%7iCO*26e8#gd49y?p;yFrH;v8+Ta
z}Bcsz`e~
z$dTt5`EH#QKO{%|D{>r<9tWcL>-R$P*qa=A3X`M$3gjbwW$-$XBTo-<=NBVo0{K!dZi%-u8fz*-s-4-qb_Dt
zpm@|%oBW5hvj6lX&vr-hPa#J=i;Vvr6&ev&@~kp`G0H3J$!WK7C*CWb#2+y3#8-P4
z^&{%feR9Ehdk%#kcA8<8z8fp18-O_qWJlX*{XA^Q@C6sphFk@yOGN9LG^7
za=d@{r2LolJiLP9k^c|!FZ#Z_m-2*Yp2y^g)gvhn@}~`zaX^0u>!M~MbsVRNuR-z0
zbWszZe{%d_iucs`-`wP1L-DP3@$!(H__O2%brJ44<*D0Iwr|W6(qFDKDS4sh5?4SS
z;}cu+RH1l`PXlt~=|y?Ac943;P(1SdMt;%H*&Cz2pNSm#_fh^p&3}R7k^c@k^1miW
z{=_F`JTMNc{axjF;
zK8?nw{!_+*`&&pI<8xEz&(++-x1;z)8b82I{8WmMsqrh^#2=veu6kTtauffG;^*q3
zb(~ZG-QO(g=q-U5TP2pbipHIJOR&ycIvcn1mOEHTi?4Qs-uqKcC5e)3`G-OLe=yqdaIg(^<*q{B+{GYJ4$uJ`c2|_&gf_lbiV8
z$S=>3_7;=J9WTC*^5@fe;{}RG{o&-8pS&R-KT-xM$2n;S{dzH5yf}HqF%nmm{6L7r
zH#6?+|313^cPIB(4>0Z=7ne&*{weCtBWL_Wn@RrV6p#L%rT9qw5axlK_?Ul5JLoUQ
zA*FGreh;m)lsf8}ulehnczay;AV>ZQl&7)gSw!*Z*B)}@xk7oe>xVzDC?0td>pCL(
zi~TJ#Ir0}Ge|ufVs}0s8b-M&NlI_xu;?eGJFJldT`j^lbG1IRIMBgrvtA>^oM3pwgJV%!<$5FO`7
z>ZmhSbs7I}Cf@m9)S2;;6ZyY!Kt1KjQBOT`)YHzmQ%|7QGg=+>oT(=D%ro(}o)zS;
zl1lt`^2b3^_urKNx_&74l;Y9fkL1`N;$8mVI5_qDYW?}uQU7f}smIU6+xi=jBmXGl
zPJU0#zk>3=s4V&SnRuK3PjckHZrsTq9$WH6QvQGR!>-gfsVIiic!Wz=~bsvCFm1Z$oilxMl-8D-*aJ@YAkyvA>F6Mu^0
zH|oXxT{rQsj5~FDXq^deN`IYxIqsvLliXjurn>VgXM26si|_U(-uA1PaVLME^P;Ff
z6Ual^?yKHj-Fdk~
z{c}0lqyCL)6L0GoW8A4HLc%>3k$Y)9yU81>UnCDw|3}?<=+u)qyEKsOwgm8go5{FS
zPq5aL%eYg2>yGmJlH})_i`O*nZBLA31+C4-0
zeY_<9eTv6VtmlA6vmx?`Ad3_lIrMJY;CumiMRb~MUM02K+1CpnUtrS=2=Ja$g`6ic`j0(@|x#4#Usxr
za^y*MSGEuO6_!Ezn_nH{hCHRok*5}U8(n8>O^)r}SsmMbu5R}L;|`t4DD{k?JlO6t
z$+6v6kmESoPLAzF67`H8%B>oe{kGm?K|6cTQ9<1Z+r_SSCpB&@d
zlk&9FJfkTd+iL;Er_=bYZsHG+qum>nXJC5i*ISB5yOHF`lk~of1Nw{eLl*MGNhE(c
zb&PXlI`PI7k9OOWquoGqv^#?wd44Cy_0dXl?9YFapVtp1&a0#T(6mzjJMt^)DIY{1
zAJmhH9QEWQzy7o2FRJcj%OT|Y*_q;zzc)F??PqfIcP%+S58XpvDUCG#l>Ag~>E|1D
zjE|q*r&0f*JP+@o-kChM=ATCHspGksJe&Frb?k>2hgamcTSy%rO`hy#JbfO?^PC62
zR|m)XOdX1^vs+%@L>>K2sQsNn@u+h)Ir6V2-+-AwsU>F0*eC?5IWkt2Vc$I<(H
zyu3V4qK^7|Y5p1%kNgeE^G=gGe;`kkOY-+2ufI=xkUHAUr0wpec(i+j9R0dTe&i>q
z=O*PplTtj*6KNmY7x}Z2BYzR{cDmimsH6U1&Hod{BmXdR>YqW5{42Zi1BhPX2<2pWPO&%|k=R3tCPyFZ6`-}IfG~}l@NL&_m=TTOZzqWCwM{{)?
zI#3?8JCx#sG=7?!__Y+@L*oy-iN8+qO*Q_FoA`t;q<_v&r~Y%E(z$HveBLNXj`!aR
zXS~E+j`i8^}@5esa`vmK^iyTjZ$oA9bfrz2tKh
z>i07Gc!p{Ht<-ruyO5*)QIzKw%`=zcF%HYgk>@x$;?I#||G!E8q?YvOfjYKJU9Bhe
zD|w##m4zJj6ejO=P_}O=b>ttbpW_5lJnA1uK2`6dm_~l%wd7w){$5T$9&6RnZcc6Y
z9mS*FujJ=yNd6?RqmRR)uHvcHk^ie+FVrM2o>=1BQy#S2i+u1WX>YP|XT8No(s*n$
zZr4@zlViJ|Chw=~R2S4ye_X9Ic7(Lg+dTz&@8MEV26g0lkx0BE`4si;K+ucv`v2=$xPVt2_{vE}m&LnT89Vg7$e;TKk$EnrP?jfDG*Cd~=-k$Ox
ze@}9pA10F{eik|6SCS9D<=VU+8`V)~U9IOa#Up{m@G&o7#%C&ix0$?P3OPP6`<)!^ZdS)Qe2{K=oNyC=g&g@GlfUU8i9V5U$tfQ1v-HCm
zhri{2T~B0JM?Df9^}F6C{$kXVsJ|9D>S;xecE^xo`%Wguyk$OlKu0Ndsk-w>mkwQ}
zhEn|bI?{u4CSI4!ko0GPy7Ndc-CgaTHm;W_F26^4P|r6vp6E;TaVx%49;Z}y9_b~DD}O2D
zI`wyXN8>s*clmV6U$u+mUrb(0{j$m9Y)kxk#_@W+`G$N_cX`DJlSki@T~B2B8oj^I
z^?a0zyuoV8Q&8P`mA;j_o)|#!80RtMdwNNGznVOH>z*qQayoteOF~_)%Pt-c=_$pZU0*Tma#(9^Cfza3|P6K}U;pmDq1gN)n#B-ps!KSPY${du!-dwd--
zZjZ+>mz`~4^W#><-cK;wD~qwCoq<9h3-
z%Y%(qFnL0ZS2VuacqQY9jQbi7GhW$vxN$$@5yq<+$Ng*0cvdy;sq-wys~Pt)UfnqE
zcXQ%v7{@%$@tVdPnmo0P`x~!qJkYpK1zgVt8Lw;NgN@fS9%8({@y*5?7(ZmZq46-|
zjf{sIZ)`lmcoX9udVS!GPgCQb#+w<(eYH+}bK^cHzJ+mL*N=8w?r*%c
z$rEV2jqxDk`m3IIZVB$lJw==%kczffAjQbl8Gv2{?xbcq0BaC-4?xAm@&Ukh<
zj{EB!?_%7`#CJ9BWBfdl5dl?^S9KYA-#1As=YvKnR
zZ)kjoaew1OjRzXnTUA`o1{oh_;)9LrlDF&G5aT0E{AT0&(S_^TL&k$le30(|
zHXdPojB(uO?u^@5FbX9%%em<3YwJ
z8xJ-<#dwJEsm3=O|IPRzd~jC&cM
zZQRHB9OJ&m=NfNle4cTCM$oTKZgN-jV9%6iv@y*5;8$V<`#CVwTCC0;z
zFEt)ve3@~N1oFTc=jFydjju57WqhS^ALFZx`x;+uyrJx~B+
z-(Wn%_(tQKjc+o3$oOXCVaB%@4>!Kmc!cpkjJtk;GU~B2{@aXuCX@$`Z#V8`e1~x#
z<2#M}8sBBSq4C|u{f+N29%y{8@gU>-j0YRvZ#=~K0ppvEA2fc*_#xwA#t$10H-5x;
zgz=-sJrc!z<37eu822@P(s)DTe;W5Ue#&^D@zchGjGr+cZ2YY8
z5aZ{JZ#Mpy@k7SLjE5ONZ#>-i-^L@1Uoh^GSROdzf6=(7@k_?Nj9)hHWBiJ7U*lJe
zH#C0DxWDo1#siJtFdk(5rtx6ow~U7vzioW8@jJ#384oueX8f-4aO3xkM;O0v9E+RI
z_&+f2nM58q{?NFW@khpej6XK+Yy64vhQ^;7_c#8`c%bp;#)FK%Fdl6DrSTBsuZ(Xt
z{@VB<;}OQgjK47+Zv3tB2;=XJdnA2V#
zL$Qr}8joY#%XnPlKE~r2_cb2hcthg}jQbl;Xgtt(BI7~E6B`dUp2T>F@ubE#8&78Z
zka17rVaAgi4>z8|c!cqk#yvd$H~y)Ndm2w|+{<_x<37gI8uvAx&Ui!P>5cmv&tN>z
zct+zv#xofYHlEpdi194OHyi&y>fQ&w&hh^LKcfhWn6jWqDT1n#Hf@8Nv>FmEj;07&
zCux#4Ax(}Xty7AiEa)twCaehS2s#Uju(Hf*g3e;=w%E+Ft+v>@&tmJyw$6Unbzkr6
zoY#5hednAjO?)4}^Pnf^dB0!R`+Z&abzk@O=l*jP@J`^Fz`KD@0NxAyXyE<8j{$BM
z)ijz2JpI7yczf+;H|)~0NxHf47?L~3Gi;1Req24g6~0y};{$_XDp79ylak&JDoRfiDN1348_cAn_&jkJr;6dQ`0nY>80z3r#e&8j*9{?T!
z{!QSGz}Eq92L2%MR^Sf-ZwLM`@J`^Zz`KDz0=yUaqrm%te+ziv(0KW;2c8c6+rTq{
zKL$Jq{BhuUz}tX_fIk7e1o)G{Bfy^m-UxgH@MhrO0p1GyY2fX^zYDw*csuZJ;LiZ>
z1^z7Xe&Ejm4;&UR|Bb-Yfjz+VO44*UneJAuCjyc_st;Jv_K2X0E)th4NesWe=UaeBRE
zfDWS=ze$VKCuqK6e1PU#a~aR4dB8lzUnX9__;%tYj8|kDP|5hS#3PK4pI|_g@dd=2
z8Gr6*16mlr^%w(M8GmV_0d0)`hj=IBbBK2_-a@>a@$ttR(8Kuo#QPclGw}h&XB-DW
z{i&;g-i2=;Z+IHj3(Lo38J@}bLP{r#@h6A}8Mo==GJXc7A7cDBluj|@CsLdxjN5c7
z8DBx^H!>ckbeb67K-`||^=9w5pmgjx)bcjswr#Y0@(HHgY@1{Gb;LV0P#??FPcpx|
z7%wE=%XllL)5rKEtqQ??26B+@@2&_#8^Vgz+U5kG=Ic4)5oT}Gi88)|(r;$GWs1pH
z3*#RWZ)NA@WvWT1lkvlI4DVvRl6W`cjl_Exf0lSZ<9ALo=?^g8Lp(6XY`5js
zPdttBqo*6YOvax&-S8~N2Z#q5pE=Xm=Q3VHJj8ex@nXggKEtF_!g$4(4XxgU
zf1lE6VtgXmH#7cy;w_B7N4%Z!*=L$~IvD>N@lM7=vy6Qgg_z{#)1UMCmw22eHY^=(6(;i`-6QC
z<8=B8^a7`)T~F1=_>q)WKX6)#^tKEzez5hOX8zFSY0FrXG{%oIW`T6z7;TQpG4{B0k<*gO$ChGZ6V;9l!pE)X58AB0G|N%m5f{a
z2=Jr9KFausw5<{NF<{@sxJ|zqcox{VFkVO7T7la-s5iASZp*(NxQ$WUcQ9__=>&d~
zHl$A%h+IOY=`LauPXqfl#%*0}2TnsQ
zPu0P=weJK@Ln+U`i}B;gcQYfDhfYT7jvoB!W
z?#mGHe2P(j6*F$@a|!UX!M>7lyDuZa&jI@=<9E`wM&S0C(3_eVx8>6eyb#iFVceE~
zEAVr{zKwC4emn5FVBf*GO}`WPJh1O#+@8z3fu9HVJ&d0~+j@c9A(r0M$GElc2Yvyh
zKfrkG+(4Z|UH?O1pT@Y2KOOjmV4uObwa)}TAMCRjx5sY~coEp=GH%^i&0m
z+w?=gX-MhW7c(BK|G;Ue>DgB@Zp%LcoQ8;=eUx!)-w3?evo!xSF>dQ;Gw@5nzJ+ny
z*0ch@4D8z&xAC+Cry-@M>R{Zq&z-;*Li$~d+w{AE+di_E^)P;lu8``}3;YU$ynp)`
zKZ&;W0}q4!0ONN52F4mA?XCpu(-^mPJso%{*k>?q>q;i@#bBSsxb0g6ftP`OF5?H#
zwmjhFU|+zvU1tgbuK@dE#_jQ20(=SBS2AwvLj?Fzu#Yl6iMBNYuLS!h#%*7%8F&@g
zw=iz&Lo4tr!M=@gTOZniUj_CZjN5(L3A`HYyBN3Uwr=3dz`loZ8-FkG8nEwU+{WJz
zycX;S7`OE~K!bK&|07_Z#<-0?9r)E?pTW4@Uzxz`z&?v{+g1jF+dht#^m5rNZUGruLAon#%=j@1HT^Zdl?)G;PZSelyr-F>a6FAn;qjK9})W
z`wx6I*cUKv?L)wC1^Z&gZQEJ`{5G(!Wc(1?76JYhu#Yls+nPq;O<>=|xJ|zq`0Zfd
z!nn0>1%3zEw=r(dwe7&~1p5xgZTg+S*MNN&<2AIc8~9hjzK3yJ7QMjl0{cG3$J4fc
z;9mp#0mfr}eX1C`{x^et8soM;rvv{w*k>?4i?(F~zZ>kc82=t^3j)6f>~k5n@#g_w
z3-$$!+v7b1{9dpxX8cfHAnH>B{2K;&|5h^o3)&U|ejnIJ8Mo(#M&K=A-^94>Uo`{2
zAM9HgKbf|*0)GJP+ZaEQwzUKQCfIi{ZtuzI1ilXJyBN3aTQ~3r!M=y_DYUH@_(Ndd
z$2k2A^aFnw><1V>)ox2Sf9T!aYMJ^@W8BuCbl{JGeFo#UJTrkm3ierySJSp2@Na>A
zF5|X7;E#cQCF3(_TLk#yU>{}Nj$Ippw}E{V(CzJ+mHcCEml1p79|L$s|O_)}ot!MLr9oxnGMeHY`g`Vag&VBf=dto{Rk8tnTR
zkJW$R-v#>t#$)yWKx3rqe>>QxF&?Y`z@Gv848|wZwoKs9f_)a_wtRxXp9A|`#%=lJ
z0pAGr1&rJB2?2i|?28$<Lu1+cGV+?G!S_={j4W!#oeBk&HeZ(`i0-wgaEuy0}9
z*3VYpFN1v>;}d9GJ8*kW)|)yQxAAlW-vsG*F>d4O2L1}z_b_hL?*;xU*!MAh25svH
z{(Z0?U_4~Ekt1FIJ1tY+X^c;&ZRx;&0QMP-+xnIX{57!8V*L2s&Bh?`AA)@@<92`L
z0pASv1&q_rKnVEjU|-C*9ez~2S?490DKGlBmU?6VlR_Cer31N&UYSJ1XR
z;9J4IfboU2Ed>1MU~k|1r}L}1EuRvw{{`4rGH&f7z<&w$QO4~(IgP-3z`lv`u{tpI
zX$JnDLEgVDjNAI$3j9}K-^RFYi`#+!8tgk5xBanB;O~Qd7voP*`_>KoH(=kxcoA*u
z1^xlp_c8uw+SU*Jw_rcOxZPiYamGj&Z!g%VF@7m+O9%ctu+Lz8f7+G_{P$p=#kf7*
zgTVg)_PLDH;T*^Vz76aP7`OHz;2(m0G2_<01o$7pzLN19X8%t1^XVx
zr_;7x;Qt5qeT>`s+zltmvQ?Zy*%JMz`lTSTi-&!{|WZRjNAHF0{j!OuVmaFzY*Y{f_;>68&4zf
z0kCgk+{V)k{9j<-!nlp675KlwzKwCaf7^lo2kbi-xBIsf_)f6zV%+ZEZs7j~`yR$)
z^&j|WVBg2MEzf@7{{#C0#y{PSHqwdGJH2}U7@o$sEuVDYUjX|I#%=jz0^benvlx%{
z|AFrg_PLDPc=CXc0s8{R&!+5#fbRkJ#f&c}`x4-Lf_)|96UaUSd@rz%GH%Z!`nn8|+&czlh>#1-=j1w=r(#uiAm{3-%q1+x|c&aN9@IuDckw`>PxHevp0-
zItv|iMj|BTZ#%+D*2YwXT4=_HB>W_WUfHutp`?L&WV7ZMa9ry&W&tUvTN~k5n$8R3+9I!87-1Z+rz^8$IG2;^`o)X~G!M>7l+n#5dqZjy>!M=}in|?p=Gr@jA+`!eFozb
zs5~=)&j$M}#%=ux0+034R9d-=+xn9Sd=8{vz_^V+1Uw(?iy5Cm@s|L%YyNsuCF7Tp
zeFXS9kbabLTR$6t7l3^ecGh8~7ry?_u29_X58H?E4tMg5v219tQgX#_u5ez@Fieh$#@3YM}RK{
z`zYf!{zl-HVBf^}3QE5jcoo>UF#ZzRw*tQs?AsW(?MXZEtH8d4aT|Xp@M^H{V%#3@
z-N2WDeGlXIe9;TM2JHJ7kM)0m+c^eZ6a$Rg`WZOF6qHUn0_mqQKHZoF(t%$M_8E-F
z+JE46V4uZ!to;XG5B9l?+x}Y~@CL9iVBD_ngn%yx`(noJ{w)D+pINAjqLT3tl}`lt
zHIROkaXa2=1Re$ZCdTb}tr_@Auy0}9mS-#QYr(#a@%<_OcHq~6eFx*zod|RSUj_DE
zjN9X@8~F8L-@~}A&%MBJ0Q)}1Powzzf!_%B1B}P!3aMbVX(QODF>d<<>A-IS`wYfy
zeaHlUGuUS_ekH{p1bz$H=Q6&W?DK%H2KxfWZG8>_zZL9@8Mpn165zLieI?`eTA2v&
zuYi4&@yjXxM&M0g-^BPNvTp`{JJ`1{K9THOf!_i4ZHymG_U*v$1p5xg?fJA5_!_Y9
zV%)Yr-N3&J_C1W-{nZQnF0k)o+>T%RfqxC`2N<{Qk9`@rHf;v`G&*5fPVzuH@UMe?
z2IIE<$pn5k*k>_r(+>i_2kdhhxBZPg;A_FYfN@)%A>j9deKF&su%AbztAc
zxZPjf!0nu_cHP5x9>voO{2@rckMRr1z90C*U_Ze48Dt;GG=FH*RrXfE?|^*|mtcfo#uaa*2&2}Y+)+rd7Kaoe9s2mTD$
zXE1J$uT0?2f_)a_);jqTR^Ts#eH-I8o_65h1N#ofZT;*7z6tER
z7@tP*cLRR~?0XoG&Hn&@73}*MFQfGPf&T#P2N<{40|bsXLT&mQ*rzdW=U3B#ZwC7e
z#%=nUz+VUZEXHm6=k6JgXAjDg{#pv0{`9uq3VbiH$LB`w1N>#M-xv4};A4SLrbKn<
z`vJcIxE(v{&DR1y5bW{!gtqSJ%`bqx9n)+66X0~|qQ-&00k?Hl^L^6vzwzgsn_q#z
zN*c)M`0X*Fx3vPNu7M|c33#SQ%s)Q`J^}b&fYUDZw(da-?%J;%`|1rx0?+a+%|G*i
zp8&i9IJxq+-T<8b^!R--nPho!=?I
zPXRs^cmePn;HAKAo1r&f3*62{X?_oIyJn^N^T2a8pwG{MpK77{-T~asCFso=R9HG+
zr)xl;nZRdSsJ<5gx92py`3B%$2K$GBp9%bJ;CaA50zM1)VYKsfoU?)F0zV6Q6>z&Y
zs5jpZJRj`W13w%14}qTp{4?OTFQzw-r-n|)SqS#$0Y4Y`Rlw&0Uk7|1@Rxy~2mH6d
z&j&t+Dz}d30^r93w|yVIIUo3iU|$A&KJeARi-5NQUjY0~;1>b^6Yz_H??nfpj{g$i
z#{(}0o)7#|;7fpC2K+YQc1)l*KMs5$*uMdM5%4M0DCjt^0Dd9xFz{;NCBWALF9rSz
z@WsI22X6Zadh@@5+qEpsucSsw$628PeVTwTu~2H3gGL2
z-vazW;NJrN5b#%lKMZ^u@K)fvQD;lX^9b;xfjByao8Pz+V9V9PnQN-w6C;;Lij95_OJs{4W5X2K+_f7Xj}8UJv{w;O)R)2L2B4
z?*ZQqd=u~!^2`q%=PSU^0sboRO5ooIekbrw;7XMzXrYt`1`;wIy-Lv8{jK}e*nA-_-}##5qK}~gU>NPbUeQU
z9t8e-;343D0A2%p8}K#2KLq|H@IL~77xF13_Jwt9`Jty{}lLtfM?7#KXm*%fu9cizrZg8{u%Hn@c#iX
zoM(RM^aI{M=J!(IUjW_&d^g|=&x@zCJMe3Pj{&|G_#VK20DMp2zXiS*@H5Yk`%MGB
z82H}6zXE(8;6DPsFYrGB9}9es3*vtF1AZLv{ehni`~cwJ1)dK4x4;hsz7zNtfgcfy
z$8!+yF9VNVi=<4i0DdsouLOPw@cV#&3HWXo#{Fgh&jfxb@Gk>D4ERFehXcPB_;}zg
zz>fg_0`Mb&zX$v%;5&h50zYhiJYN%lhkzdqJPQ06;Ew>G2)q;cvA{nCejM<_isJDc
z5ByBvS-@Wfegg160zVP>-V5UCp9K7P;FEyo13ww~^}r_se+c*~z&8O80{;W>Y~cG}
z6pwQX@KbkzYIM6l6ahF0zV0O9`GXIvw&X>d^YfRfu99@2k<$-Gm7K!n0B;3e4E$B#mjeF)_+`L91AaO1Nteg-
zwGjBZz!w3p1bzkZHNeBb-vM3%d^_+`;A0oY<5>*+WZ-4M=K?PWUJtwi_`SfF0Dlhn
zQsD0buLM4JQ9RBn;3dGX1b!p%tAMWqUJd+Z;LCvj8h8!x{{gQBe$*B5I3vK%1b#K}
zFz`CyHv+E*{s8a>;6DVu9Qf~muK>PZI3DLUz$XKb0-pzbCGe|(UkiK<@aup-349gs
zH-TRd{LjE|0KQ*IJpLPjKMcGP_@9B_1pJWFcse%&4+6gh_#)t|fnNvwR^aynzYX{n
z;9mj$58zF}4_O?K^LF5;0lx!yG4MNq-vE3K@W+9F75MAG?*iTr{A<7uEQ`n44Ez+}
zUkAPb_}#$kfZqeW8TeY@PXoUf_(#CM0sM^ec%1hEzZ`fA@SB0(5Bw3}4*>rG@NWYD
z5coRayH~{Hc@X#sz#jsBF7SteF9Y5R{7&GH0Dl7bqrl$){w?4;fv*QXen~w3Zv#II
z_+!AA0Dm0#9l+aww*h|w_&dO#1ir`8csx%5uK~UR_!{8f0sbWLr-AnX|1R)PfVTrb
zv@#ygGr(s8e-`*6;LicS4){jk_XB?(cn9zofWHU)Mc|(T?*KlrDjxq!z-I%08F&fs
z?*YF7_$J_w0DlGe_kq6({1f0m0Di!g@i<=to&|g}@L9lL2X0a^Q%Hx6vA+U=O!{*-
z^}R-db9q22mKB*eg~CZi1D|GM;QM%@s+@J
z`Aj$24YUB)e&4H;pLM`>`a7wS+r;=pYUJK$d^Pc%jL$p3OFl53>Z8r?
z9mHocZr{JM5crWM3Gd%kz;#-mQ9A1we<$6DHZi_{8sqmFzmoV)#v6%`r+RJUZy`Pt
z_)!q&Lg1OeR{@^@d>wG@;{{6JzQ5c0wa7>-kcs23OjK4*E8{_-XNo))qPdfgip?oF+*V|^3{mH;}eSVBIA>hYA
zIuYPHogaP4Y+TFuXBmcfFuvkY!+RLd(9YFofblDcXVCGged_Vd#2#w&@hV|*>~O^m-v+`hNe#xo|$6QdA;w=LekpLB-@|l*>JtU7(U+%sIB*ki
zZJ$H-_PvTWp4W1W{S(aoe6qLiL$vl&sN?c3v#%t3`yNAUzxh;?emb28Ebl(e@F3%-
zoo;xD@nYha0@wLkL4KpaHM(J@N#`cu+Ws!GZv{?O#1lLLT-$FVd;4BI{qqFR()?rJ
zXQ#RTf8fi8f6UU^Lg}Q_dCA&upJnV11+M+>B>P<88htR^*v|s4?GK{~9xK8W$=bQBHd%JA<(=RZ5J+pt3_-4lcNZh{1%BC|r
zWYS5a^RwkEh-WeWGVub&$6sjDsbsvF_!`EKruE%>f$MVk5tYM6;5w%HMJD~Nj6Xo!
zzHi9J{~7TwP(MO*oxUA6WdhgResqyZKacSfX&tc;xK8I&in9{9PA7}j&zcxtLcERf
zM~QC%exeD*`*%BVYT`XU_8?=VeNHledjC!WelqZRz$XK*2CmckjN(}iT<6!0z1ITQ
z_Q%q?%SOi65Z}sp8}S{CZzevD`cpb>{eR0M^^f}GFusJ=Cl)Zi8_oMSF#ZtnwT!<{
zd?VwBlz46fTNz(Kd?()pO#UqJThhnVfwKE2%h4l=%(c!=?6g|Uw?K6Z)W
z&5XAaZ)f}$#Jd^af2m35J>WXOB^1AX9=nZyBiVm}`pcSY`(m6c}WN5FOb*HQdw8D_i9@6%Q0_kqB*y`2{d0@s?r
zGGo7h@u!J5Fus}iTE_coOgbAGZ;lwg75H?6ynlB9p8@>8z;*o3Q+_jO9HV2;1^Zm!
z)TQ&b76U&G?4!V`>*j530X`G#JAj`7yazaSt-P%Rz|RExFX+sukB(pe`I4=N!1ENh
zpFH5y74tTg0H1A*)psNCvw*h(p98!TICZVOt-ZjhYvu8efa^csr1-}iZW7h`I>-F!
z{ktD>hP*Z`cmVjkZD{6dqo_wRP#^MQ}0akGxS
z2>2x63xLl9ei86$;1>g51N;);8-N!B-vazn;M;*;27D|{qUrcA2R;e-Lg4d&F9LoM
za9t07L-nu$_!VHk7C3bsysaC7mw^2%z;*h6qx9|b$8`L3YWGw-!G1BMGyW*^L)+7-
z+52sq@ZizrhvwG-4*_2VJOccB;LX5q0NxJ#M&RAR8-e!&
zzX^EyG3Li^>g#6ULEyIl4*_2dJOcby;LX5q1Ktk&E5N&fHv#Vlemn5=iROon{|?|m
z;CBKK0bc_=3jC|U*8#r^_$J_A1O7hnX5c%4e;xQ9$C@8Heto>`zK8jp3H)w@ynpk6
z-vhiH_*&qrf!_=KtH8D2v^~tm4Zyzv_T9km1Ktn31$g>#=7-ML{lJ639{?T#{!QSQ
z0@rb7QJhiW>%hJR_=CVZfIkGh2l&Il2Y|N%&p6)v(D`}Lfp{|NXF;BNpQH_80aadrXE0sbcN1;F0|
z-T?e<;A??z0lpFVkAZIm{toaRz<&aK+{xyLj=vjtF7S7O7X$w(@F?(~0dEDq75HZ0
zKL@@I_%DEunQVUOIDZK|3wRIk0^sifuLS-p;A?>Y8u$j_?*s1!{u|)^z&`*!?iBMw
z$NyX4Ily~?F97~K;0?fk4}2}~KLFndd>insz&`}O1Na|-X9Ud;9si$z=K}8oUJU#r
z;8Eaz2HpbvFTgv1ZwKB3{I9?Vfd3!xjBN8m$Nx9rxxo8@7X$wocog{Gfwutv2k=LL
z>-MUd+N)0BJHWmd_&j4g5^t>w)J1-wb>f@NK|n15cY7kN+&-
zS-|H2F94noyb}1?z?*=d1H27*0q`xr3xRJ3elGB_XT;;53w#prdBEoZKM!~{@biJM
z0e%7S4ZuUdw*bEo_;%p)fsg%iJpLl!lYrZ63AN=s;1_{?HSmjpuK|7u@D0F=fo}nR
zDe&#UF9SaI%y|5l1D^zZA@F&?7XhyZeg*I~z{9}pbIEjjUIM%u>`Q_7178e0Jue=A
z8So(Ra^NB06~G&SF9E(5_)_2-fmZ_W0bT|Ccfbz|sOxR0-44uBKh#H;!P}>#$G1wZNR?^_G8YC=c^rf7Vu|)7XW`2cqQ=XfHwi(2)qsW^T4}+zW{tY@E3uP
zog0t81Ngzfbva~FIphL=3G9o3zYN?yXKy!^#`l1?fc+-m9l&1!-UIwq-~+&a06b$}
zJYTN?&jr32crozTfk%ORd8jk#wlKa=z2Sk$^(&V(lrC1^4Rz+b(*9LfQC&K@p(5H4
zm|R}kP#T!LxV}CxIYuXkFFU`e;na#~Sw*Cwss%om1Enk)&(ynakL)n)`mLUYUF0nQa{rj>=&PS6P@ghiI2
z(uT@ebxW5otEg$1;}yDORn)Mux}yA&I$e}0S_NYs^&Zl`C)d?ZuC6UBtqx3HT2>Y|
z`#P-ZNp(dm2Sp82Rmm4#nLmH-f^g9k{U3|Fs3Eq?3eWd4G40~g>g5%=XI*B>B)_O3
zCsJBfS2$Pev%~7Q-lG-O6=e^{Wj;TDl+v6(R~68peY1~EqiciNs|$sXHN-VtSU}zo!2xJs)Kb#ST`@(+1XQ6V^QTDTKjuvk*MevP&_ako!j;pJtQvLPlsg2klLzo2Nw
z;Qcp3v5RT*@P)?F+l{KS<;QJP-i<>gCl+Tcug=PNbox|Q7@BJio9rpr(0h5AI;^}T
zNpQ&A3`gsFw5j~hs#a&2aAlP`(TWFItZ;YXST+emzhFlEY7wu$z)l~-PAn2TgYSAimo0;yOi@Ekg=(XRoz0?L)jCj2MGX~K?{ZoR
zCAJHJl~)Kw=30Z#nxc-{vK9IHssp6DI&+JrVs3Mm)vl;0oUbhMFVH>5>2(#FsNUj|
zin@xLvWmh5;ryJ2m5~b7isrCZRMp7(YgA`KtCjfFiW=Sd3Rf*DEUvFBYEXUU(wg#c
z;kn+QHMI?4RfkpIG+b35Zde{smeo~Pc@9(uYD%`Ep6jyO8r8vEUe-{h5-Tj4?)A8G
z?bg!z`l_X#A8%8B{7OV
zY(J>7|C~FqQoF4By$#Um)#IO(+N{sDM=ZABqf~gRkksKeTd0fJf@f!YCWV%m@43+Ar
z6-lmtk*G~Vk>rMp3RwouS0{~K9Qx$cS6w^k^ikAM-LMNozs35@=*6`lydW4}kR4v2
z2fVtq#Z#U>hkj08d`C$tRJDhF&XqR$d^OvlhVO~dk3iW^t5_CkSSg&lcX6Lit*9x7
zeviuFl=virciQx(q+EK7zI`1vtHH`;SG}1&8&(uu)Vr1gv4^yar97>yx}tRO1lKMf
zk<(N^zP=(~cTfhE>@J3!on2jfjhdBQT)SM=5aS`%p`Ed$w(gqJy7I#L*vQ7`x4bD1
zRhO~{_x)6lkGfSO9r5(4n)-^m1~t*5&l5spoIPFj_*hqPM)+LS8?`+?6|pp~(dn5E
z>yVX8nOz`tq;_#nrpW+py#pjQ-LUayCedX~Py
z>x{%l{v+bzROLdAD=X`2uZg?S6}hUWp<-!WX|-uVN>x{Ku{WJNs49;{7&G+JO5KWz
z{AGiZ-^JEs+Tx0(RW)$Rw^JP>-FC$I8c9$#R`!A~bGI$2?!VQ&IXPAqO5$
zFqKK+A@lCzSC^ZfP~H`7Lesr>Z}vOV*oM%J+syVRh11O=#UR)mG}&Sa0m$jgQnq)7h%fY>PcN
z?n{z5Iv4xxc7LQ=o@(qeRDlkejL%Mm{V}9G$=;~(Unz<23$>c8_Jy9c&re}r%z=H8
zY*)yki=Iuxo$^k0NLk#)J_B;!4xMUg&Wn!%you)g72ZU4tY)g|FEfWdto~f`NpDyj
zP###*HyodOudC5@e)g#hH(Z3YkPhcjubV^+g{&{!G1CSip-jCw8k^5iTLaKB#QLEL
zr=L-C2{lr8Sz_1Ds0yMQeQXLQlI(ucck(F$TLQlz!
zQi1x;Nb5PsQS#~46)aG@zB`)!>=8M7+47xW9;IxF-5r%ZI8IYu?i=dNFDqtKO2im{C4?dficd$(!!#2=l>e*3`_cveDG2
zWowG=0IKDb>e8|bbq!8ULwI>j)z!-@3eTPIb)x*HE!C-U$mw6TeNIGW^z+JxofrQ6
zDuk(nNoIGw9t5_JBe43FYx`=vFRRlw*U8G2FTbo>pN-VGNSNrE=3OzOb~{~xCUyG?
zSD0%y2VJN#dWYQ*^;6|`N_M2GqO9VYDm4unTgwPH6g9+hxWcDbF3c18ihKzV$(&t
zP#trZl}5w%N(q~zkxIL)G*VhtWiA95;k3oRv_5B#;E|fGYIdw%4_?|BiQ>;z_Z!3)
zZuGIER-^P)ii6h3)nezAaClkiRTbtU!Kx){){<`dh|OCLr-jg+SnsmKSSmUUb+u$L
z91^+*Bav%0tr0I-?-EHp5c8%Zq)76MW`&oj8Jxk#@M!fVeI`do=8(&tV!LyCRYzSM
zs!Kb6h1eTYjg+)DlJo>6iS)FTw+gfiXCNuv)J`#yG8WOGb4WIvLxiJx$i&=d6~*LK
zQR!(zb$yY~w4wi+QQ`@GP^09xN}=|TcMrkv_m5A?DeWO2t=>moRD<@>)FJm#vgDli
zl3#)4B^fe}5xiDpNI%}Z
zu^AAA=_0pyLBb8i;wq{tZ?o=g<|a}-PQ=|AFI+vOR=dGlYBWcQuGu#6r1j7tb-!BZ
zyzVz$b&+C~F#+GVz7fMBW
zcv;1=#mko@z0X0nemYCEUS^9P+P{%mo8qV5QJQR2o%C>B)zZoaHQp8Pd5_nwQJWc5
zcM_<(@Rtk`Lc+Y(sKud%TxtfOt~TP`@$VH#{Gx0#D?WIZ4R(Bvu1xw4L%PpbAF0k0
z>)yho8aU;vR;4Ih@7J|8`>#A~@9iBgE0IH@YM(L3D8S{;vL#acc
zr|hdMqE%(J>f+5vWtDokgQ~)I)qnVxDC*`{UueEq^^|kkk#wyn;hKX{D-PX5pj&)Cr}EEH9`V)@pVr8y0)DPLOov)lSD`K>
z_fE921wfyW#rdSsYCNad;k@ba<3eRPQd^(2dVQV+scw%Bs}(wZ>)YUN#^9dHs8#lC
zy+f(IymO&XB~yo<&n{*i^ihj6p~PbCkyi`7r?`AxaX7YF@srQ!oy7gudR668w}*On
z`Fode&07}CA9C?FA3K70$%2aBXB~B@JJ-~?*j}kX{ZvR37GQmslZQ$iE`t~6CQ
zK((eCgjHO<{*<_qi^KmB%8%;ekJ4j_yk)i6%BJ!IlcM?}jFDU=v}eAdE@IY87$dl=
za$~EKdOwZQ%4Ci@O_taCEl#Qo4RMc|JqDB&Ut1h*!l_)k9HJ&cA%&+h02Pige4N-(y(unS46fu?@iqnT8)Gtjikip`j`;-bv-IN4qs
zXDjj$jkz=z?$la~3Gn7vEkCHKadxQd4qtqtS4_t&VaBQ}W}mgU7S@BDPXC_Bw
z##=qa(|$r`{8BP2eX;Do(dVZa;s8@;b*BT&&qczj(NuK|>1hzXW~B0&^ceC96em_)@yMO37lHYa3pGSs#Tj1z)TaR!kHCc5q1F^f
zZbeaU=gd-T($W&w*`T!SWv1*_;-SjR?|2f5#Vo=NT1s_oX7S`T#apiRX6RSIVJEcU
zQtc5dNBnd&cmZ*!`)TFG)Ddmg#`Qc-WkuOlYW1cjf0_5ZVQdKTEGQIR?75jf6V~xE
zTvny-m=jZoon|p#>LDaU+zgvNt-NXpJrd7bbJSNVt3Hvw7l}pBd)HzJwlq?`$Sz4D
z30Kjnx~+PzIjXm&pJ!)l08S6@VigcqdDRtqYAGwRLuz`VaH*cUXh_~AW`$Z;5YydM
z{ScJ_^@ORx#Vd~_qyoy%pHWWtPI`6EUdJ#fO;sLF&*1fDVq(kFiA&Q{f^@S*?0#zX
zOzNeBT&g6f@8Yd)&s!W+mtTa{rNp~%uctces-C)D>$5vOel+MOmk(pnTAz_h%gYDd
zm#U7^*i4w;v%c)DCi*B-dsdBxQhILoH06?t!DUHx^a9eyXk>YVTQKrDQjZ8@%Rpvv
z*p`wxF8FN?rZbg4bq22K)-;q>)u_ikdE>oUHB^te*Nqb1uME4Nb$8tZ@s^m)i3@Ak
zD9$aaV*i})I~~qSt(r$a+nb?|9S`xDVQ&G~9*d(}LG`5&%WCVTC-%ky8{q>r@x2EB
zudV~}+G6iwl>ZmmkG-ZLY4(S|daXNkdKFmD+{N}~ypqLQd$n0j390!Y{Uo?j^|bC?
zUCTC)3{E_CsWerq;fzJsOZ^vnnSyu)>8>3c>KP_g
ziIsE|dndXxpdZ@dEm;nFkkY7iip-gb9*pfdk1c?&@Y&7M3b(
z_Xex(3tgBQE-Mw!HYN?9I;Q)9s!q&T-=;>W4oi0UbG#3Ciatj4{-c#=b2qWKNIyjV
zPo5h!S{b^EyA_L`wlhyRvb_i0_$PFqQ`lMNep+_3UNBssUK(Uh5PDJ8&UEmer#B)|
zryZ5E&+Xt6Yq_qouJ_Tp925SXWYvtgjttpCVn{W8Y}Q&ODvu3@$dJrgxg;ynmbEl~~cQAX-aLdz#+
zl0Z$&s{YWRNdo09H*p@q@BX@BWmNZ1U`>o293xztaEfobnmyIG|K<;8f^QgA8Rq{?
z$$QSt5OC1SwK_^iWbw*-;8%*%gTu)aRiM;n4~OF*Rt#!i>FVkg+At;;^AnzwpU@!{
zr|(8A)?J(38%`K09@it>a>nNd^}30g8&ubP47%WYh{IW&aZI?3B%~T$q4iHT^Cu=u
zclo8<+W0IrC9Xw=)X7~1X!{smGo3gqsa{y8iXb*C>6dEKTV~i9#xEUg?s8Of=S?~d
zqq*}*Ki)>El=Z<0lUjqGIRY)3Uver1y*g*6gHvm?k|dQG4YkUtT8rswZ9{iUZN
z-la8zyDq*>oKL#A!l4tltM06s5Ly&<8o!`uq*oxlaeqShB%uz$5hbqzsk)<=fZ}~x
z)sKwre$&U`z5mwEf%bHTWqpKI#2Dk6AZjeywvDHg;^)tV|443Ux
zNJCs-hJ~8igE7QV249`#mAUz$N
zpUCyJlRjI-YYn8O8V2=BiJIlr)oQq}9}urz>8jqRxmd_-Zh2LGL#clI8NJ#pdz!sx
z$KIy5K;3IMXiZpWG2!)UdahD0pQ)F_)-D;|!GJPN&u
zGIi-gb=fX0M(9C^TDw;b(gJ<8t!gHvTU1peX6{q;ypF&VQpQGT5us`SziTw)tm8
zpD?Au#;59#S4W!DH9>N>RaK(IHQ8a!eCmZ*KI5iRR*jBor)W+!oISd;s=5^n@(aAY
ziB+#DQs-&9_{+O2MYRnhbMJ%KB$_^>8kXvpX(lwy(7zjrUC8vGw?#l6Il~{6iSmcv{
z&5STG!ZE)JYa|Coe!&c`yxv65t`CiT9OmmAFVtj|spzVcM6YY`21j-T>|fXYQjJ$<
zJ<%mpvJ}VEgKj8GxUf|16ZY6isgCO%tOxfgz4l_L#VILqsC_A|K1pe)!KsbW>;||7
z)$Rh7)j@Z3NoncpbyRwZjg=Cox-KQAsjHxg%o{yJKTVZsY#Cpz%d2;v)z+!^g_zfJ
z%VXCWwig$(*B1{a4qjDrze@vQb;g*k9_>(GyDVHoX*AJob_e`eykKSz-@G_bDy!DoEiifFr(3c~PY{=+MI>^+s8GlDlqi?0^Gz
ztZK|uyo#7^d+p*YE6N(w6%oT3ap+EiI;-jfUAqgZlf!)Bn9*+|8&2}(aN;LCHSy_n
z!-qO04rlbl-bAJw{gJqdxx9iu6jP-f44+j?*U}BE;LUx)e!Ezeb*i0RHRrD$YE6$I
zS8aB}qLvCYv0vrW&5L!NQ@R)5|7h_^-m!1xlZwikjnnjDUO;vy=XJqZldRGgheYCX6ix@I9h=Z$_TL3^Qqlm=s~mW-w|rxjo;l$6>M7~q
znFFcEIaH4r+cZ_-cXet&a<2zPcDZ%QXl9lPK`SsT5
zLf-gMlB*}1)kD*&^n~;D#Z~21b?PLd?*D<8cz@Rm*%Iv
z)0;YZ>l!s%|ECTV`I+>o2dA#AFRLk6*NE>z-_o01^(M^+O%B0j0Y3dr)l=S8-)gSj
z>$R%lh>ggGnp#vxpJR{88_guN0qo#Yoqwk%EeU<7WCxMzT&wH0Rj*NX@ARu`RH-Gq
zCU;Imbrtf}D5&sU^{1+eY@JuXifuGHCcJROHrwwE0M{Py)3JZ6?Uz`>K8rP7d_vey
zt&TH(O_J1dQ)ijosIK>uYL-u}s3~1sT@kKYQdnGHr*@iZ_|+o#;;IJkokY|P)h2}t
z!YlHptthQtu3uuK4l1**pmv}6FaCIWR=&P1zq)ix)%0YO!hX3|!$sTndyk$;JQu5i
zkbBY6c|=V+*@>N`-DFAc-w#fF3hv+ztC(5}9bHkEyeBKk%mWvO=&Fv^S(eY=KgeRcagKmL3+)6VMgyw}j`IaZb9DdEDJ@``AfUYk~2Z<=8995?+-cZ=c=
za`GMvHX;KqpUdZR{I0?GZ2(k}`S!)>+#yx?p^sLqTB?1NJM=>3Owz~nCOr}!b)r{(
z^$i)iw$tS&b~+&5kyD*BhnsO&#l)?sE600!pW-i!HMA{d}q+X1<#K(EZZH339n|i3=lwO}8
z5m2>yI*3h0Jx<1&+e&9@+?-2P4O}u=H7n6*ShXqjdip@UtuVYI7?`Xcy06a;fyp(s
z4Hc8mIsc-Q)%CDtSJCgKHOnVQ)Eh4<>KbhL6_w#7b*0Oc+og52%Oio2_&oouK;S?j
zp*&(^>HCE-fxvrT2n5uZ_p#r8`gvrRM&DZhx7}0MFA((o4*G?H{$mGyxuE~MgT7kO
z|HDDwKzc0yUpbV2qu~Fa4*r`2{jVMTHw*fIIrwiOJ?8&?2mk9yKaRe2{rioBzC(!r
z8kL6n&->VKzxv-vb{PK$4*s_Y`rkU}djx&2gMOQ!|DA)rU(o;FLBCVbf8bF5Y08)W
zVEO;S!T&fxzs*6PDd<0R&`%Qde{|623i>}e=;sLfJ_mhB(0}BhUnuDR?4Yj{^nY>C
zHwgOe4*Etx|5pe78bSYm4*C{B|2GHydO_dspl>HVp8r2~(02&_vmB29&4T_!2Yt7o
zpX8v|=PLcd{7-h!>$ZmLgARIKSM>+mzo`!T0YU$F#Z(gB$A0^r|HkZQ>@ff3d!()(
zOL~mI!6E((!GDE=|4hOEatHsD1pPl8$}d;Y?{Lu15%m9b(1!&5Cl30Bq{sbV?@<2b
zg8wHS%0D9bZ*cG*75qQt;D5ECZ+Fl)3;Jgq^y>uu^A7qpLH}b1{YF9m69;{#pzn6j
zZy`O_zfT?N?^eP8PaXXC3i_Wp=(h{{UpeRp1pRLu^kdXmO@FZc{k?-eo%C4#zje@O
z2>$=zpr0t{|LC9(3i1ERL7yx5A8^pm5%ixq=tF{DpVL(m-p79Xoxc|f`hPj-D+T?(
z9rO)?{yz@-MnS*Uq5WS&daS?qI_TF5{?i@wt%CkQ2mJ;i{x3S{Hwym8Ip{kD{Xq`;
zErNch!~X9P^#66xZxi&NIq3TZ{r?>FI|Y3}wdwY_wcmcnZyFh3`~3w6{Ww9tn}a@6
z(C_Y`*JCaH!T8T~s6V-aevX5Fj-Wr=K_3$Ig%0|Kg8p0weI@C!{hI5bj|l$fIp|jj
z`tu$1O@jUc2mM+>A9B#Qk{-)%zJtC^&|m1F*JA}<|H~Zon*{%@4*Jc4{!$1179sx2
z9P~YcevyNIo1oWo5`<&le(h&J8RGum!$Gh6disOPFY{Z~8a
z^|_w=-^(HXOu>J|!GD&ZzuG|`Bt4d2or8X+;D5P;UY~1t`K@r!>$ZyPuW`^XBt7o`
zl@5A6SI7Nd>!8>Bn(ME3(618oH#q2<1pSQ;dOcR)@i#i?bz7@HSpGLT=-UMUH#_Jz
z3i?|d^qqo!wS#_(pug2Y-y`U6bI@-S^l1+5SHGawbt={K$4)`Nw}bz*JqOpHeH`@Z
zf_`5IeFo{V{k+Q|{}ToOUw69P|qW{rwL5
zg+lxfIOr<{{Wl%-4T651gT7JFKj@%eBj_J;(6XxRLEjve}jX*SI{5mkpJyM{9km??-29{Ip}u^@jvH~|FpdZ
zpFdu3(5I6g+y56G^y3Bp9S-`5g8!Es^g+S@IEV7j74+Y8@Si8dzsW&APw@YWgMNYF
z|5XQliJZ~(Er>)UqE{L
z3h3*X4|6F0kl_E94*nMkdOapjwf9PISb84yX|M7zVBOLrs6#W0w!GBQj
zzr#VFEBOD!K|e>(f9jwQ3GpB4P=3XN|9?67FBkm(+d*F~`2UZCJ}T(-oNTJ~Z?&NR
zuY$p29e<=-Os-_2qCvtH2e?x1fM;@8(ir&@j;f`2`yovMDbpx@g;-z~(ykAuEP
z@V~Evew&~l>!9x!^ra5^okIQ>JLt#kW7>agzxQ*{r<0yeL*DuO00(`B;9sw4q*{L_
z3i<;b^g$v1FFNRR1^*Kqj-NS#{vZecAtC;w9sCyy{=eklzg*DkHKkPdUqsL!>Y!gG
z=nr$yHwpUj4*IpE$NGP`gMOXh{|EDCGubdX{5*Y|6~XKIKls92mN@#|0xdo
zEWv-!K_3+SXFKR;3jQZL?7umJeyW52c|!a-4*Ft2Kg~g3F2p~>L0>KS*K7Kz9=}mR
zf2>3KuNL&DIrwiD^rt)M*9rQW4*E7he};p8qo6;|q5L`p{h1E_w+Q;<9sKtQ`YZ?i
zHqztyXSPH9+Xejz4*qut@t@=1-(EP1?RTMrek=)5Ki5H@K|(CQc@Fwa!T)&<`bmQR
zd9rPj6WBHxvP=AUA|3wb|%LV-c2Yp1)U*w=)CFK8N2mNZn|0NFk
zW9PJ@;h^sl{D&R%TLu3oIn@961^;CZ{`&-d
zxr2U(ps#Sy2lg90|FXnEKUUD|Yx+{{KV^^}_y1A{eWu{Q%0WL#&|m4G&lU9gnGC7s
ze~zHP%E5m~(APTX7m^;!KjNS-7xY&<=&ObJ>m2k^L0|8nUoGex9Q4hCez}8wouFUg
zpl>5R?!Rjs^zDNGl@9t%g8!Qw^qU3$H#_LN1^>4==z9eJs~z;)1pTcJ`hG$G6$kxJ
zA^%Md`Z4K|hxCbQ<#J-|uwLX9)T=4*H2g{C7F%Ckg()=Ah3N^vw?XIYRt*
zJLu;L{!ex|{}c=Q`yBk23-RCYpsyD6-*nJ72=T9T&^HSD2Oacl1bwT6zD3CYBM$mj
z!T+NU`VE3!-&2rk|D{8S|Jx4wPQm|U4*D&E{&5F=kDzaJ&~Fp;PdMoNNss66Cmr+y
zg8!!-^kWVf-2Q*ZK|hxC*#3XlL7yS$+a2^1h4?2sw11NX|Ia%3&lUVX=b+CM^cx-Y
z1w#DKJLne(`WGDZC4&A%2Yt1m*Y^~q+WtfZ{Ywt|)q?(I2Ys`kKgFT`trPU$bMW6r
zdTc*lanQF5{(}zjZxZycI{5Dr^xt>TZx!_Vp0ZTyPcP}Q{C?=5?-TStaM1S)@xSJv
z-zn%{chIM$4{rZAJLuC%kL~}D9Q5M_{TmMYEFu1Ehx!{7{J-hof2N>+%Ryft#Q(N~
zJ|yV3IOvOo_xKA#
z?x5cw_@Cl%{B#KVsSf(hg8qGn_`3!DZyfaRlOEgu4;=K{1pRLv^xK8_^*zO@p1%eJ
z{qG(0W9X$E*na=PL7y(@w>jv?lOD_ePY(Ktg8oAX{Ujm&KRW1h1%01`evY93$Uz?x
z^nZ5HFC;yd|6d&R<%0hlhvPpY`2U-O|ES>qV+Z|eLH~CLeY2qdhl75dkpCSH`t^eU
zPaO2^g8own{U$*_;Gpjk^8YUfeYfEM-wyis1^s^<^nF77J00}>g8sh_`T-&S&m8n)
zzBsu5|33%)SkmM9BcSdHPWAkiA?W8TajN=>f4&n2mcY$WBb3C!~Tm3{>vQvuNM64XNsg+erp8(UvSX32>$nW(6+-0zbJm_GiK$+7>^P)DN8|*LRcN`mq}7mfD|z>FO^p|14uxe?-jE{K3ou
z*$R94XB+yKn4DVwI{z;T`49Q{|0~6R2=mYLe}#{J_uGu{pd|V_(zEabnWXQb>+o$d
zy!@7_4buJ(EH(MJ&mqzIe?`duwd7wv8x%hS&E^+#@9itJYg0d@{kPlKjn&C$Oty&h
zd%`6BDJkmrQ({TKkn|^@GxayiWIN_t)Y-xU1ocS@=M2IW6W{!dBb-@el;k5#O!T9eZt_D}8>z
zkM@Nh{hl7pxIW_nW0kD_U83|-{cEE9+v8O4|96G__xkwHP0|0aef+ly{(mO;pQm=b
zl>g!s{hy=sQvN#x|34S}xBB>xlK&HNXQ{tcb`w6|^zq*<`2VHgf56B8qbcU!zSEQ+
ze|>^~{r*^c{MdRiPZge2{;!e$x`f;g&i^?|FO`2FVmx8{qu*c3{omu`Kj)jqakBR3
zE+79<@{jG0e*Y-<|E7=sa`K<-_|wm6SN{cg`L~gOTh99U)9(-E{%5FX8c5~8Iz|6e
zlwR`RDfrj#59R*v^YOnvMgMpE`0o+?>-T?h|N5CEQvNrS|76FXeWnU8|9-*0e*Y);
zU!(>elK=lp(Z9W?h5Jvt+IYhKuiyX4{p)K&B>x%fO#M$*|Lip}+<&IvU%&s8``2?K
zlKUI0C-+!mfy^n1d`W2AMKkq?fcNp2*FW&z+
zLp^6i(qBgU306qoT%W7-(*8@YGm+Xjb^QAMVLbjjef+N?|GfXp{om%}KTGhh-#^9u
z>*vHs`EN_n|Id8<=L!Dx`=_}7Of^9u`QJ+Zk7MPpZShm>qyKk``d57PnGYE+6VRFZ
zo0orw(o6flSjfMA{}j*vzUn?%DgU#{e`6B=dn&!;KSKVaq}TONzdwfizs$$~Yvlin
z%s(&x`+f9VNxw3QeyvaZeH4EQ#IN7q!s9
z(o5xEP;Vl|`1Sh_c>EL8eHK#uKPCUCqciolN+RJiUg;(OZREdzto8oa?;qg)zwP6H
z|5hVR)_-dC@!wDWvHjD}kLUjX?&E(l`9Fi=w_iN}fA#U7Mi1b`{Ojk(bN^SU>zt+X
zuO|O@TF3Ow{a>o|Qu&9-KTU&r_pj*ZuXF!z`uP8p{3olwN2%-dr1-19jUzDQ%r+oZ(3;y-<8@c~OR0Waz-$4E+V`kOg+7>?tD!r8dKEZ#c;J?Pl{|54(
zZ2wpJ_z$cwImP|2pI^rF|AvqMw^H=~nvees!M}cf5BHy;7MP^+?<4;cu&~wNDv5;8
zZ9e*azGcjk^Yo*-hS}?*XZLvD)`s;|8f7lKK>s~(f_Y~{5K2!_5Bar
z{~2n5N-F=i$-g>058kjG4pFSHq_Z=V1Aef&2G`9D+e|Cx{f
zO7eek69515@!vuIOGvNx|180O?V)n{ze@h6GykkQ2Ch_ksr)lm4&MJ~3I2cT<9`SF
zSKaf35BGnmnjn+v&zQ%JteFY;{#&5*Qv3xJewUEU0>S^jhs*hYmi!+_di%wSBe2*<-$VLj{hvijFO^@H5dT~u{^x!Ck9opG
zJk179-+ceI`}prA|JeSVC-^^fyj*^#k^f}v-#De0@}GX4*?;K&0>OW!kN+j)KUw=%
z=How){A2yOQ1HLj$Nz2Qe{quX|C*2gVj=%Ug8!fU`0peC1xfsO`}l7n|5mS$pNjAK+MhI~m-c_NkpHmYe}RwxdF20+gxn79zhB_vzfKtss;a7`uHy)|HcHO{|!R^k33q=|5wO=viXzS
zee@6b=v4>_pPfGX4Wyr(U~OVW^r_NI`ER29{U$M$Z4Q$iGTH;iHmB
z_!KL>2>_K2=O1T2B>2Bw;N%y_;2^o&rVVQA0K@&>C2Mj{}ZK`
z^50DP$Mfe`g#1?@FXw+#it)eiqyH)CYgqictnu?prI+IGq4=X@toPp?Lj3cxQ(7x`Di!-S7YBH@#Df*k)g(uWeP2iN~&
zlwOLzm*Nlpf9$;td=y3UK0Xt&5Hdg_AVgFMD)OR2KzRoZ%IYehQH-LZyaquL5E9>!
zV2Eao(fER*f^xnfDk>^sM8E(F_;$v3e7i&MJQL$-e9tM$|EcbpnV#Mr7Ciml-T(93
zPd3#vUDZ!jb#--5&+IPClm0gt^uIL(|A;4~-~mbSZw$fDoG<;S&L1}#@M}ZxPhCJx{-4G8%N6{E2K<*p@K1eG3MT9S%^~<%
zS4sb?_TOf}&ppI!|9y;~Z2fXii2Q1n-$xs8P$BSI0(q1F#!CCq~OI#@ZSx=pS3{Zk5};TGT=`?
z%xr(h)lv}CL*S+R|6ItM?5|;bb^I
z<70RPUON6SA^29Q^uKEVeFpraL+}?f{;^5oe<Cj8>76YXDaz`rsCKc!0I_X&7Ear}J|B7X$SXC#q75fhxL|A({uz$Eg=L*8Wn
zB7^-a4EC=H!Jo_c$@1su-e&zPSw30(o(Or9{wodoKW5N>NeKQL#-E!jJq
z;-}RBv;PLLe6si%9U>oN`DF2PBIHf}A7HTmHG}>4gy3Jr_{rj@F+~0rmQNNx--hU)
zXVCu*gZ};DAXEHq4AEbY-)lqU-(vY>`Lh)ACjU=m{V(CsL-WVm2L0a)!JoZe3U&^R
zzQp`7V367Vn^|7(Ki&R#i2O2^PiFrD$eZlnZm|D7gZ=M>;17RJ8m{Y)CIYWPgU$Az
z#_~f0+>%#4)fe(6{l{FJxc>Rjp#PE({9715+5EpK1i#FH{}%)Pdm;FLXM9W#ftTL@
zZ-wAj8Su9o@b@2L_J45d5akOTmsw>@N<%j~Vdm4fyYc;2*^JdiOV|G>$ftrMSF0Frh@S?7|K5PSY5Xi<
zd_Di^@$+g3ex(8b8w396VP^a<8DEcI%}nb=$eZl1HpI_&2K>82@UvckQ}JpeiT7W}
z|2#zgP?k>?|5J`O+kXPfFZYmTLC2o}d6WIy*nU@@#&08pWmfU;|EC{g#{Y)#_5RoK
zBak=Y7vGSWzkV{{Umk*g^k!*qGW?4|@K+k}cNp+L55d2Q@h{T+Z)?Y&hTv~!e0BZ!
zs{w!VaI^o@wn(6{8lH|n4)P}dkExXYAJ6jC|MVqkdjD?R6ms9FE3c2mAH
zKL!SJvA%x1mhm5ijQY~?kAb`iKgRguS)S}~
zWx)R~1pn~YBtgk}wm(v%^;Du`OBK%AP{uRfY?Z2AwKWBND==NU>d6WGO
zjK7=(3BR=g|KJnM__J!Hpq_tp`#VG4guiH!v|r61Z4LO3hTvb%_-D9=Gu7>XFa&=k
z}9jxgI_%lNI5;I9gi|AFOuB$0m%@+SXnH~4QKgZ|%!;Ag)sf%WSrz5kBG
z05^@lKD#M@Ux@th-IV__ME*3EpO?gcb&xmtuaW(y&i@?^{#!N5Z2voqpX~aj-HB%T
zPg%Z?roZn0y&!MWf7b1ZEZ
zb^Mm6nDw8@^7{3=E}sT@lm1z(e-2wu^Jg!E{uLqkD;OW$6L{(VFAKqs8Sr}>@M}Zx
zcQ8I(bE_}y(E3{l{v~ez0h3;2|KSGw`J>JLZ+J(_CCi`Bhsf__`9884@4w!E&q3bQ
zf0auTA&qE_}dKlLk;-*V1t+XM8AI6!uYMd$dLuT|7L{9zsK^)^2apD
zoBF?j^;h#pu0j9TL-5;ellmshAFqVqXWu2`U&TM#fS+-i*?&_QKiT}14tbOPc?SI9
z2K@XG{Kbr~$G_fx&xOdZVEG@lgr^-^YeMudX8qOsAIBN=AAGvmfA@YM`!8AiT^}O<
z6w4=zzc}Pg{$KQ`#Qs0Qp#N7P_}?%-t$Ea!?!V7N@V7F)>OcCfc&U}YewsGM?7w~f
zx_kaxA0mG!%VT>a@Y3~v2J$BVZND#Z{y52?e{Bfop3N|E>zZ>!<|INBz`p=ao{ZBRM|78gNPmGVtyTD8D
zzq%0o@yin9|1<;sp=X-?ckIU!7U?zc((_MO$eZl1G~kah;I9b5U(ERZ1L%qI^FRoG
zHREToJo*1j1Ab!&{+o;s_Xb|N{ojV*Z!_3G)_@;9%k2L{KasF{{?z+_S&00RERW$8
zcf8z}LJGenWZR+cfTNyvu`mrhGP560?ulC;r1OB)W{A$KO
zMl)FV-q+MI>D^}qb%Q1Hsk%*%&`VQ-lYHb
zhh+S!{Wr&;|MMaEuk5D&LnfN_|717y?+pWgr7CYkl`
z$ntvr(fwZ$BA>(Z`uNx7%OG#EKl9_JcIt17KHe(RtmK
ze>eoc-{%rGH-Mh#|79Wg#f-1!|8fKVHzD{JG5!)QVd(b%GX#GT3IqP7Q_cQw
z`-L<-mc;%-$eaA1^;n|+Z!q9*48b4E_{sdgE(AZu_^SVJG~lP=1|7Lrzy4Uv_{r7}
zCxpm9!Sc!GzZ*j2Ygqm-N&J5;BM
zuay0-`u{cq{+~ne-)4N>f7)=cUJSusWWc}OfZz9gv;E&PelN{_9sjft`2)U`g2!s|
z`uIH=@+SYSWc_0-PyM&pp#R1Y{HctO^bmOI`mYPYZ)E)OEKT@#8SrzaoBj71<0o7H
z90GZh{bL?ajGv_j{1qYisb5LOM+U4<%-;`$;Ll=w)&KVx@DIAcY=0i(cTR$TUx@r{
zmUrh*w;4Tt?uNX{e^so%D^LA*zd`?&GtBx=WWi+qOM|=#fB6%#|8iJy!hgVke_jaw
zql`b?HJqs)zXc)q+YI>hES%KJ-#<^CX}13x#@DYubpJ01kx%_vDm*5M{_`Mj@?YAM
zQd2elRv7e8n`PF2EaUe`g5L!4Cj30cSM&Fy2K>uI@ULe4Wb?;GA^1}b_$v+guY}+~
z!uZMd&$fi%7c+hi`;X%H2?KtI3(fxjd^hdi8}cUquQb@d%78yL1b?q@q~iMik3N2?
zLgWu(`Qcjp=<)w#i2hp*{(IV>f1BB6|4n85Wcl-=5cz9az9EVJ7ee0T|3=o|m8bq+
zW6*zN2>xZ?O5kMqb6p62?W)B5xz>Q6GRN${&5W=2pWgq!gy3gAm59IIfWIIFKm9vt
zf3o{8^B`~Xe~j_f{8MefeHGnClm9ANe|7$N!JvPA2!87KQt@Q-$3H^ww;B3xivfRFk=cJe89&+jc?jf9_BR;t
zUo_yK7lL2N_{qj^K?r`@YB_#X|G#X&-x`8n&G-i=iJwg&_<4-4&R?$@@FN$Q{r?Zf
zACLt9$PoFCKS;q|n!KKW#)Zg_V)>p)ssD@Fel>r*Zm@qv2>#`a-!BRN10nc}
z4ES#v@b|yi?El9ZUyncCe_4<>*}u}z|8E=cOG5B}Vf?;H?7uPuf4jl{cMbSoh2Z!3
zQ34;R;p^*<&qMGV4fyXF@CRRF_J2O(x6|--|IZ4MKcD5tB#}QK@}~aFd^$0Id}z@B
znGpOy8dl0HQWC-%Xdnme=EqF^dH0eXR$o3pZ;ple?kcUcOm-g{r^dbeA7k=
zoNWI3C`A8R2K_%V=zscUX8+|dexD@%I|cG4|CJf=|8Bs4B?NyW<4@M`b^mP%!C%Vw
z>iqE!1ODvG&Gv6*{AALj3N!vUEPqZC`!9#Q$^SKMzdC<^Zm_@kTr+;&
zza;Rr8ooaMQXy}`&#IE+zmnx?{Cr`+za#|zea25V{u@H%zhL=f^KX5K{>xeaEJgpX
z4EmpQrP+TSev*Pillbop$ea9E&G>5ker>@2Fa-Z}#!u$IKJ(1_pU3iU{J3W5MHT|A#~HpJ4o1E-+I){+5N{XFnt3Z#>IU{QY3SKfTy&{{cTsLAU?8nS|$m
z)`rLrV)96W@M{@g%|A^H_(znO`|k(FPqu$r7$U#_
zFVbDYS4dE2>uAh@0X~!TuHo{AQ(Q`%`|Ej&Gy+KSet}GemxGmdEYo
zz)K&0`H+WN3I3~O{nh-LVbK4s5d13{U(X-9{@;ekSF(IwK>Nh|e_w{^zs;b3YlHr|
zSDXF6o$-_1e;o{YlmD{U%JDaz^{4#X)_{L)2!3p*6zrJ9{;eVMQ&>J({B8=-znJw`
z=a2RV{j;wz`|nQ1Z>8z4$KORE@(;3nha~c!hR8q9@&{`2di-sNys7^d8SLNJVE^f5
zX8UUyziSfwQy_1`UunSK-+=#O2!5t`D#o$~CBc6_1b-{ztNF8&0e@25Z2t+2-&X5z
z?a(?0@+SKm8Gjq=PvfVv0Y4oVXw;_u{LeYIL>i;nuj5A`Z^ExxmnI}t`wukWj|{x=$zeK_BZor>eZtnk28DF1&^#1=eM81*bdnD0+JLI8O!u*;2oa{d}e;#VkzteSQ
z{SRm&HGMe=eh0{#@CPuyI(~W@@LvtV|0m<0rQz%T+ZuwOSuO1!&+;^Wa}4-LR+#ON
zrAnkjli&}8yvhDqjIa8?j{$#42!0{sAEe>yy|4}!X{Wpu{
zk98f#RF{uI-sHcm4KjXJ{|z?izc>VcHRGSF;p_c(TL}Jm#vjk})PF+___ZPU9h*v|
zWb4Onm1h49Vfke1#{(g6@?SOUua3W5gZ|fq;9nS`zwW=QLh!d4@Q*g&zZQaD$@s4R
zZa3=jv-gc=|1D>EJ$`ll^Frj;uza%puMvisth@+SXv+mtx|M;P>Pb+cLj7=Ll1
zKK}Ine>g;b3d?ub^w;H=LEfbQEY{zRU&_v_=9gX`+qItCyW1nkVmr#>*q@t-|c_0
z{|p0uX$b!NjPJ_3ZqWPx)e!k_SUy?)Nx#i(e`>n)bh7zB0(q1Dl?MCIHrRh>2>$tu
z-`h2usowv$hTtzZ;Eyxlw^?Mie=*}HyMAZ|d6WIsj6a_Brv9H`z%K~F|B>;NT|bNu
z!Owm{j=wAgf06zUSl%Ui{CyZAA7lBwT|uV0{64pv{eL#g$257p|Jy$@1SI$fMZ=|5q`-8h;lU@JmDRw=;gS{PjVI{5LFriRM4O
z|K17FzlQb4@>;woer6f;pM0m;f9JK7J(Vo}H-*U0WBEKyf4%?LL*C^7@mmu6e~v-_
zHjB;rzsC5<=HFJ3H{ma5e0BaWGT@I1!Eez@TAB=hbO`=71OCMZ{C7j}k7szPg^xxtT`PW!JS^j=6ME+xz@2mM=AAfH_-sJx=
z2K%ou*q^=B?EiL|5~*Dh{D~p*hqC;nB=ToN-lYF5gZ|eV^nZ`>n`nVq$@twgd>Iw~
z$+trA%NTz=v(osx&Vb+SPtt!ne${T`r$F9hf2{%kdINrc#@FwkZD;($d{ae9bCcC4
z1V8qY^pu+aDh>E&h2Xc^%NBUOlHi{ff`5qt|0V4p7p2x
zzr}$6IOFU7pUU{j{J$auKkem2|KDoBe>VjG*4^~~8zJ}u4ET!-_`fi|?*FZf@6O+D
z80h1#F$8}q
    L-(kQ%;2t^tQnbL{&iHLzV5XVc@o_A#>)*JW`X3E>sFg7Ptu*Mr
z#GwC-5dAY-+d@-4|LXcL4AH+E%O~@HWr+Tb2K|>B^sfrhKbP_K`A^sX1IV|6rA@Sc
z8N>2=ytv0MeaF>blh1uca=7->_`TPl{}-&kCT@*q{Kt35esJr9N0#+j2>uwxAAe4Y
z5GDNk4fu^A_-nd$Yf~ZT#<|;wetf*Ee-Or6`M%U&
zjsM3C`d=2J|02de#06&R>h01Jme<&GPr^k4>@t7H#Xu1pNp*ZHMpmT%k;^b$7~L;t8D}a7-=y$g~mkUtIo)
z>Ca4eF#Uz;ub?}*OpTB#)D|^NkH1iv9)qA;`BbJ`vUFRK%5-~)ZV^zKwwh_XleWxg
z+XsIZUB1&L7%ih|DS$tVrUasG@Q(RKOnZUmaJe^VA1)sbdIXpIg7)Kb
ze^C0aPyAT}nGRw)7<34ihk_o-<)c7zxjc;N(M*p49nR$_=&@Wrj%f_^crKp+I)ck1
zK}T`7uXM&!^<*}e=bNL+5aamnpx1D@3^dN=YeCDod>zvYrq_es
zz~xHN8@YTF=*?Wd1#}^oZ)JKL(?y`SbNLRYcY-eF@)D+Zf!@vKrJ#S}@;#vUa``^c
z`?trcgFeXRhd>|Z@(R#Lxcn&7$C$2U`Z(wlTz-=2D$u96yc+arE>|&q26PRV
zpJlohbRC!1gFeUQYS0Z_-Uzyh%g=+pz~#-LTe!TH>5EKXV)`=ZD_njR^v_&=jcElFWzv6NO)2~6l;qtej-*NeS&>y(`BhyCEe{uOI(4V=y
z1N0Xz{|dU3%QT_e^hPeE>q=UiQ8^Vf!ezSNr*qAirhzu+ayqEPKv=?U=R)&EoPtOgk{$7j!=^?+@CM%bh^8x!jrQ0Zb2MdJt$AE+5Ra
zD`+<^cL(jk;mJ-OVAX%1*_F82XFoXbam_T_Rv(EeN=06LJ%gP0CxIs|km
zmyZNJip#m6!?=7j=rLR#4jSe1v7pCsIR<(>mrr0ig6T-mQCvO|^dv6lfu79eQ$R;^
z`BbL)pr>*9bkH$eK7;9*OwVFE7W8Z`)1@HA%s9~TT%G_rk;{{qP6jRD@)Xc>xjYqg
z8kf%lJ)g_dK`+322HrFI+$_)wxjY+m4wnl-i@1Cd=*3*Vgz2TAmvQ-WrdNQ@~j^epHtSejMf2VoP
zD8X9wkt+PR&fY{UvH0A^SiGnqRvyLMidE$86vcQZpV^F`E-fF`7+dq|EAkbKZ;k!<
zNo>RCO=9ty*oN&XF}o&aSI4?5SFZkVA`_QE{`?GgcC9wCg{D#J3q8e-b8@e32&1lDrG53l9>Y
z6?t|no=@T#>#O5iYTy5L=T1~^Q=Rgn+DbNBsf`!?y*&T#XrPwtBqhm!!O_~nBk82q
z+I6C}B8N{ds4fb48$f*A0vgxa^;M!1e7w=Ik}t*pa5;Ko>Eu{>YL{;4Bmma-u8vhi
zt79eA`{1Z5Rvw|=iw%q}E$ZbSkZBdDi*Js_->p3esz8mZSV=7`CXr~>X6vx}82r1`
zy0j;bm&ShF7K?9GgueR4EYwDDSLCDdcVh6`7Qu%@(rMtvIh|q^ElHs@<4LOuahoMp
zAujf6={)$JCOJ_q9|gJmr_m(L{IhpDz!I&U96MZEU)ZI-BlT)5zA4a59Jy{2176Z<1l;4r$!yJIDzJ(f|A-yHKYA0Uh`HRrAYuvbr
zZxN%yRdMN*SjLQMafI=62=dTUgb%o*)l{=#eKvIqgea{Ews>?^-8vk6laU!+IwhlL
zbm?U+{Bq$D#d8;1h0S9XVhq(c<3g-rR5eBeH}{&a1DdP9a7xBk)l)KhMVDUmTg3b9
zIb_M)Ro126xVn*SOdMC`(N!_{F26cv(=dkqVtBsr6C$`G`lLHR!11IoFJZ{}EC?4r
zJ_19|=P?htsmhRZgNS;4yV~1`OA(RfqqeW1U6%EDTcZCwC6Q8n4NMVAG1Uz*wJqLI
z7JW-?U8cv++@^}>zGdv-{Lc_QNE=9yugUPLh`CAaC8B*aeG~mr_e^
zY`C1I)kXWeRXF#L#+^G$8f<_5k+c7T>Wl?J
ziQ!d;hgW4$mFf`q{EqKw{gkobBVoJVvoZwaa=`7NpxJuh#y34joBuM8W1Rj~j#HdQ
zuqU407}Q6se85L8$rHh`P^h5HTonst1xJk-&=a;NPB#nYz9za5US$P9YwlIA`EVamM;`3+&!Bxx`KHp;35$)ayIeigDi4pd8r_SMP0@M+P2_x{}(gDw(wL;o1igc
zmZ_ut+>k2TnhvR&9$s~FcvU~Dl1}1rwWYS~E1D6CTKVS_FN6Q1^96M&Yx~E}7aov#
zzMyKmZqe^OU#Npe$;SS?5SGUCDB=zCNYVzw1jB%G6d*-IO1J(3T%Ru}%c}DQZCUa9
ziuPjSnb`cPBqMqEClj+tBbr2&yYCQf6kns@o_H|{f1q{IQb~21D@@0mbGuoUYAcM0
z^R}iYlTvvpopr4$X>68p&Ci%(c4I+{@h#d-G^DOxF51ko==`HQ^JrgUfN0^oM!vu
zQQDDOsvMg|3qyT?{$AvYW8+deip4je?dtgZd{O*3uApMOH5QmFV|8vfT*)VHV3jYF
zy}1!t${$R$yXHoz??6*`KrPP&bsH#2EAcTm#Le|~W!;OY^X3?*nazo=HZ6jFN_
zmkP4;F{Tak(ER5qmtq3i^&FFQ&OqMJc98&tyB*cJ>hYG`@h6a{QMDy^GBS-QZqA(=
zoN46dFXpzujFO!&qeL4>6s^&OlbcX&m~eLQlxWWchiNHW*yWFMI#g!K-#jlpj%UDj
zXI@eVu1M2}$l&51X`tGTZADLYDo`4!yIStEsVUJgoh5Cv?#SP%9s1^4Z%A{-3h189
zx;pyp9iGC;-!TW(jKLH*}5H
zNL~HzOo+*qyH7MDXPJaqs*disLRB~+VIES#1S$D6aCsRNK9O$v4F-CR)X@_azk91O
z*G4aRmU`V1M;BEn-4w^Vr5v-SVG6+vCnpy%?I;6@);iu)s@|ADI)gRI!qZicQl;iR
zGoI25JnMTAA_pq`=}m~}C(PPnQq=UWKU_gxudZm!{B>_CbEIqU?;Qc?46k!4>*zr%
z!(5tdPBV!7rzU4rRi&4_>35G+RU7oiP5mrGJ7&&fO`N?=C;h!uf0V0jdi|vMc6V13
z?)_3M8jC6uF4Fw*gqx9cXRv5A;^IMXkX7VAh~sK~w1|;L>rj8)7nmpf7U~WVa|(^~
z0DoEZq2jp@;W~z%7W{o7B@$;KLZu5y9!0oURTh1COLPS#jPm>y;H^}Q5RWs6d-ker
z#d9CF3VW1C!Hv;f5?lqxarqIjtiDrFfrREtqAP4PHaNN}$y6CoTXeIZYdpZZ3DiNF8_V-o#Rk?Cdi&<|_@Nsk>eCrg
zOi#93qAP{_qbuQqIVY9OU1=4zclCFhVO7ebD|g{_vF7z+uq3+Du75D3p*nm6MY0U%
z8Lf=7B;)mW5`of*TT~^_(;aa2x**59lOgUg$nc0qzbnuGE?#3-<6eDvbX$4u_<&c-JzPmFlZE2IgoF3hYmJdGlR#X)4cjp
z?-?X{4;b(z^eECz8LLsEd&C(F#Qhc03EL6n(eH34)1N*`S6owIXna>vZQIrH=oed}
z4Kh#~NZpIe^BcevP*fPKq#+Ea)XmY)?A>6cOBY&az(LxGmTtA9Ux*tt^I0)VxTFOg
zk%yySToHH#3+9rc%Jm5DJjuO6`2ZXq4a=Ph{lrsdyvc@LJ8$_=PeTA(kK!^%tqAM{
z^20e`twqOXyPYHN!Jnv~Mr*j%c3HiFf=%kO=+5G~JF^Q1;D37I-Y(PnbU55?RGh5H
z%XKRiKjY$j7nUjwgcwAliuO}!b{d1AUarqf718IER+g9NPL54#K-zjv=Bd}$WCs;p
z4pVbwo##<4rFjijl0p84@Sys`lMHfCQppSQ_Hp8KVOg+7-WgObz{Mm{3nK<@oa-gc
zeZ}hEaI+EpRWZi(damz={MzzU;D$G1-D^bL$XnRBL;QS}nkSOY_~Ho}w^cbXOAGxZ
zuV-sG3&Yf#iK=OnaSaVi<=G4AY56Rm#~Y6>g>02_yb>LVH_rRXhSI{5)S9v!l{Zm1
z?`Qi%MB^EfUUZs2
zi<+l5G+XWR)ps(4mJ&r;DDu4tnfTQ)G8It;MT{%BfL%y1=Lq|$m!!eo<+o5wY+M9y
zyOJ4{c7)zxqsKEHR#&b^=z6ZC9$ZVuyKo0-BV~MTb_3SjV*SYmrzTr38$|Z7AGCbl
z5Ew_89ecn54O(XuQD$w>+~q#2E9XfikJ8A^68R%uv>k%AZWxL3mfS3OncN&m{dBw~
zH7sHPkt@Sn_Az~b%miJ572*ngVT!}jZiTgDmE%RgpC-f
zn6UD)0EAi21)?J{N9mW^%=A(Uw1FsPOEl-rPO_EUsWr7F+if|q(KrMPCm|Olya8jI
zvGUw3ZFMP{WxrxVb8Y<1JBd&Jr*;y{ey1J4+~294#(#S!arN)GllZ`g?j?_Yqe#uw
zb;tZ6JBk0KY2MxBk`bJEYc1*4RoybtOxR8$eO3duERFpKb`t6HSittSNH7JL3BPLN
zKBy{$a6~&*HR`3HNzZFD7y1Qd2wiePisH-9@f@{r~MH
zx)YwVFjMA!L#?`)Q2J?`+hqok-EYtvDF1ISk(M)iu$L%q^@w{0fvqcVFOfcFi=pK2
z$^6^fmslVyaywluV_EVW_Yn`4yN+npU+^FS2psQB{Yi9!HVm{yP(T^6)N&U=Raz6W
z0a}awf@Rhpvge2oh`~F?M5Jp|w~eyU9(46-)Rl_!^&Q8j#Dr(Mcs6Mi+;POSzuu0c
zNqaJCOjbEARfD~vTy%@AMp>WO!vE}6qr3ja8b1eXe55-(Grh~5#@xV8BTsPu>0QR{
z@+xT?c13BoL>Xw)#+V4*Xe``~-NQZHXcQltgFn3y?j{v?mvI67EOiqXY3g2M
z?r+>{#MKkDqzlkSd4cAE^Hw88uDEjZDwJy=?`l_w=Vk?W21Uk_S9kuh#U!oleQK$!
z(RG1TFhLhOEiWc1ftlJS&E(ZCYhtov*r{|?ohh!W^$XrOJwHVk(=kt%ft&o#oPHmg
zV{nx{CYxn(H7r;4$H$-7n>)Vy^CRQimApZlb(v=k8yoyA=~QTk%x>P@K`>h`1n<^e
z%*k<=69g@Ge*dkyjdE;>45=<^{pX(fgEhhJygz=cZeREwT8S`Pge`q^ix&>6qIGR}
z=gyBUR9Cwm{&zO)ygM}%aR{loRp`@|`p!1)Xla{7g(IMQ73uDN5&7ZCCkj)AlZpsUNb(%VK5G?Cz(>
z)Mv4ScToPI9k&4@H(aa@QlPR*
z4oCF9ckxIy8LKO|p@ug6L?LkQ7xi5JwvtcmiWUpOZFy2ZH-E|JDbLS}SAK}pD5GF*!iJ?}0&=jjn9eb|%qP@_}~G
zJl`ppV5Fn4igq1Eb4j;^eL`{T5l#C!MNCh{5DdmJFw8&dyE4^xPPmzftsZ
z5IVLcHx1AhRaySdCCzs8zo^8yJ$^dBayR!bdH=zUN_|JI?#16}3z5EtJQmzH`%Mo=
z4wUWCBU!`Cmr@|3RXWO8EqbrIHU%rCjMW(FfsZUuejFbEB>opSUghPBZZEO99Cfe$
zj+>U>Y;mucb_sdrAF^qgO05R{@mn@6*U<`!wIu&c!
zKj87lb`rbHMM3BOPiKAq=cF@7%K}C^h+(-P8x0M`c+JjU(=ihoN
zQrXK)OH8el?9?`2+wrM5fgDI;B3xcr~i`jctkQQB>8AndU+YJ=Wj_^;oX
zqzP`1uA*H3{83LiZWH-3x~M#NR!L(DJs6en#3S;U_P`K70ZHG#hcWd>?pi8~so%bH
zsXPIRrJ29pj3?|~o`dz~BA#Bg#nB?SCnSr$`bu~ZQf0$VrsV%49-wqLGYy%jij+{&
zV%-aSxS1)wfrHvm`a$2&d`-;bVH=u>T8Y-YwY0oVE+3+#bRN9*wk7bu<;cMHr_L*E
zEgzHSKX@7JZ12KQY=PpD*ga81HlCp0|LlgTcg2ruj~rZkAP*cje{d
ze|p!HF2K=0+pwjUX?ix(yOOcxC=A^`y}+=2DoxzOO;fA@#M7C<0F+I+`=;fjva6bV
zxvTD;;;Za_!;_lg%0OMQk~~^wj8hc
z&M|qN7qYpED`GFr8e5GQHBb}gRNLr+xhR^RQc`AAH??`_$J-I31*&kE)S@)(ZG|pJTr^jot&)SV;z2^LVR6aUbiSLE!dcYX9VS(?(NZ<_Ay1U9G?WQP{*Jmm{vP<0EYK^w%+~$?m
z{AWBVCA#pQSvW;z(GF@_z=iHfSERnb+sDl9Rd}B!Qvm|oru4YDo45Jqn8~xs=ca_G
zS=rDz!Zn6`nQgXS?oZZ;%5~ka372qpq?FE*_3n(|wi?G%Ql+_6sic?kU9%^CyF+N}
za;hpT?Mn!|Xx8QHx0`(ZcZ)AxIsklIN{8UT80QsoFEY4}M`mi_^VFXOhX@P9xZq|B
zPmEQR9zjaDj;vTH4k>*E1%v4-M5s7HD8N{}jvQ#=wli%|1lzAa*y};*McC8Ez!$3U
zQmsLav3MPIiY40ASxeTDgZH{9eT(okeN(6=9ovOp0wzAU9m4WZhoON8&qP
zN7AHRF{-$HA@w4gS}t%;KTWLU_--9;0S8?TIj?izHLtAgM|1SMiz;kbkD__7h4?P#
zj0Np5iPg2hKQ}R`)2f#gg27Pt5Nz@I17_CU5L#6~(JWHmm(F8-ww_$%-kls7|C>7Z
zRJ-=6Cp`zKCp}LnCj%}~&&$l<`-Yt;`>CR!Az`~{4A$idA3GA?W6O=GA3<_IcoYn1
zc}F0+T+K*|)6vQPCx-%M{utB$YfW7!dV%rB`7OAL$yhLihD@KNLq_RFe;)OQfU+ehi>w!mKb3<_s88|unqHg@E^bQJ5vPSO_mj2wDn>dHE0-i*
zI);vv&uh8m9^yOIMNY@Y1+CXBgQF3LZc>oBV@qisL6Mr}q8J-2Dl$r*73UUGwcbu#
z-YHQPh?mBMhVsUVsPUsYE^~FoLcx=;Zo$Mi9OyJ939a3GW8T%ixMY?smrL7~MUQez
zvP4*5*Yy^vFsHN^SF^X!7u)*|P_=j6EO`;t>ReKIeErdWczX>f>DK??oY!Hlm$$hN
zmk~1md5Q?_K7FQlpPts>)NjGP6>Ysd0PI^6!U#`FXbF@akDl@kWgkTzva(dA
z3H+8eg0cKR+k#jWxua!It|j}juL`1@FmX}>Vg-)fI@cw%JC;p#JB9k^Qm-UGgUO{ClL1xI}9Qv
z8#70ir(l&TzWuVif?(xGaEI-zL4!gmuJw~erPsC_@&V0)y;hi8KhWzCR!NE}Lq8y|
z>>o&}fO3%|2ny%o&3QT{K~OQNgJ*M~ida
z_FQqk<$1v3h>j~tpkv1rPag4uhjPrgv7OP8KqCZB7a
zIN?NVM$z=?)?vrbm@;j~w8BfR!+IASG7vAzJL8^6YWL)sMH8nN9GX3G=FI7bW*5zv
zGws|N1(UO_ltq6l?4Z
zYwT=mY@s!_Nca99dpv38j5&qblcr9X-GloTojhaK#M$R}Q>qTl4jjyxc3HtV7}#x2
z_7zuTcb?Hb`{0AKCrp}DFsty7)i$y9bZbzyH7N1Ce&+JI*5y_1i|&*jsWKh%*Oww?
zIjvjw?4d)msbrm%Z5^6zWiw1TPSK2MGbSVYyU7uS!0IMX$bsj!+npkfE2wuYG%qdK
z_5TF>&}_kk3--iH0g$8}%?kXcm@q16gKxrw!f7*SxTfve0IpT=k1m=vy-;@6o*T0}
z?I^}bGlaU6!3$O~r-8#VHnnHS6g!^CORDb*kk&N>mhGzUJgh9Oa%ICBOPhkU6Z*%uUH>`pAm
z?h3B1*)wNncO}-YR&(p3f=PulXAc@QyI@Yi?28J#<8hB*M7_V4*
z(`%lKCl9}x=Pn$SwQhsIoN&)#FIg;+^lz8mBAUaxxY3=GuzZ_qr^(bV){fHx$BY(;&agWyvjW<gTHseb1^KVl!PTh(V;&-+1yIUJFZmPyT*^JfIxX4{tjS++|ymx-J
zBTG}PXHvjLhZT0@G27Z|^Wg(cA}=)-TN>CF$0)Y29(^k>)I#-~U4T&DqG0Y1T(}
zdwc_JN@QVk>%kOUg}s&%d9u0nQ_5h=dZ|g|_2$;+P1@midQ&4`HMiEM((mW~7+GiE
zlWx7(EK-qfU7L0W%9YLOM{%LkLc2eVyxNZZB^|%j8+kDuPC)w&c4P;*Qc$c)iQM5>
z+X(8Xlt`6h-QT1?e#f;*QQQ)(pM!g@M2@||P-EfuiWMj{WiuvSH~E$gbLk@s6z
zi<(AWXkl$@8d=cN`m$-{s}|P6W^=Z+v~Ev}+}_f94z9t$g7nCymew8Vkw;rvKc>??
z4QMvx5GZzf|eB=h394DI0%o$-p`eFOlCe~xzxgB#lTh^q=$`tFe$ek(p4dNk|
z^|c-ObBc9K$`~Ql{LIKqYY{i$`D?rI*UP@Ye)ave*!R~O-(TB=zsiNbe(?SEpzp5_
zg}=54e_bv7^|kQV`@&y$lD{6bad35dcq@gd@K;vzDaLZ^DGzKwj%zBvkk
z^96kKcoQ0A!u(E0Va0e^WJwBsUps=Y)Of;%ufDe<&!$+b*+VS{N6xoKL{705aP*8A
z+5tZ!-eDWkg{
z2}O&ji1q{>)*d-=HVUP7`_GzKtH`D;cKgy){5Ug;@s#%Wrc$=Btd~>TZ%CzVVObST
z+W$2bneN6?pxfEV0Z{8cSTKuuOT3wt=yX#e&6u
z%0*ewKxw5NtV-0+dL@3n{BEiwe#RJI-KZ=;)b(A`{w}8#w^X}3{R~HJLt}*Y^u#%7
zQK&g;ACo<}o$LQJulQw4m{mcK9jg9pz-AZyqNTj?TPPoZO7Kl$TVnN`w#V)HPpsfG
zk}%7EYNed6FSffLqK+H53F|Ta8^hdd71VoQ;xByWFZo1YN-u_75BVtm3RjEb9JI16
z!Gn0B)r$mplAdt&kKtWJa|PL?cz9Rd-9vBOV)O<-w@DtOXGb@D62UKpnYHOKIFZ9WB3Tk!-zLLku=E`G?{9dl%PH*zsQWWA61b
zJ$)+pyfYY`;yG>T_nyzE_0U(k*i{0
zsDe?6-v@AZ6;xR1hoS%YXq;|6;3q39=us_nF8z?SxSOfQVGX(o5u-c`!~+@OLLa90
z{cTtW1bUppMcHdmE%5vyQjFZ}NLKGof@)^nb?y%Bb3GyKS;z0v14=Kt>j^PzC?FbW
zAmZ~Hw_uCG&4QjMyirF3%Zm(cfXI9)hBogIQPk4lN6Yxe?CvQ0Ns^zFcSj&tXrGIp
z8Y3aODd;AGJ+TWmDK_v3P|lbac^LX8%P7{h^>Ma{e|L#kGPgl~r90&v*g6U>@?tg+
zH@?r|Z1OoE=@<8W+f2Ida%OaY
zX@=UvhTRz4!_=F&29dp8i}6NND>?|u9D?ajEL|xJ%x$y^`-mzx7~?b#fm6(e+m-H=
zr)gHpOH-oX8z)M}aC4kC=EQh2tfJK@aB~+$n20Xp_Zqq1sOvh4J60MRN1DXfdn8OM
zqiSRZWnZ`km(Qi8(Gc^}2n|!jC$6!7!+b=&Ie@~C(x1rp`0^2W6-hlY?*-BY&CuwQ
zBI4faI+yyR{wVT*az?g=NkZv3vFMU~o8)THf4B{Ehx+UTn~Sjt_s0nnq2M}-A_D_l
z^s_q1-A*9;roz7EkX{PuMQRV!_9o?*^K<=y&j(<5$T~3uw+c22)Hoj6ArTKBlV{@h
zih~VCgRLCD3gl-ooZgPph*tW>9r{?Oo0sJ}ORULgfr&L45x{sh#kNGND08^0)eB|4
z+WWeY8Z%SRbl;QdU|9@#0souxWqH4L;ota%Y>7>23*j5B>t
zjq*J-?CX-bRaVh~VBKbF#hbyz0#`GFf&l91MpQ#__4KaBiX1z^?`%i7%fTWR5o9b5
zf5W^MvW5y@rHyw7nmWkjP68fICsRFl$hP4ReK5R?LOpqRWqu!&rAz&?9;DxHIBFz^k6#4$0d3ew(A!6!MU#c=C`S
zhvjal9D0Znw6+Q2&ApU$y1^N>Vv-X^olSWQ9&lAt*H+uy(;2I&w`$8UnT1_%DKnbB
zmeE%(fn#;nEt$LB65so!=tCI@>iP}{Xp0Dv2}NUpucO=RAJsKMTM)?2^w)UqJhK%Z
zsaC^7=3tz59YYt)%Hd`JQ^(>IE^+bmqAs7vunHrbTY;Qcf%Co<`0UrgvGTJie|t`r
zp@*>Yx&Rmd_+f7!wLVqwn=fkuQ&aMh7B*MI+47NL%xS9A8_c2Q&Swa$Ol5q-|LhMX
zF5odVnwexhq^yJ7HkCG%+VC~7yb5Wc(V9UE=#q_Tv=>1S76u|>*X_HtqBUqPwD4RK
zv?ANHT`UB6c`qcqv8_r#_rNGf-d`qbbAXz#KChCGTI_6sAwXkWi7#BcnRfP&XLgx2
zgl(|JA2q?=mg}4~vPiT;f$O&i=^tou$
z=y$D2VThLzhvm!9Xm=x5Lctob)>Ova@$nZhP;vS%&t=0vF|XmnJR{>@j*NdMj_UWP
zK|p-*zqsc{#%sM1KpRxU#tu7MS-Dfzi2)I50_)Uxe$^gip6;6{-IQbg!A1B@a)Xh+
zDbXKrXw^+dTGB!=i1{Osi|DG`hV4jHirx5%fbFwe>t`-X%tzFfv>FM_IlRr{W(Tr2
z3--b(`UOQ6Ahvr7Llv?QOBUQOkU!z0w$aUNgRffx!rD$jd<(*+1{|;rDH^vS{^G7m
z!gmaJHO|S3snB2%tf)-vF`RbYj>UIi86BK;1k|u(Rb0X(#I4S%auO!hHFJE4fpB5
zEv}B-2fBn-<+FLx_08@ho-Uxt8fTZnJ-#AgG&Jc-cHhEp05`VB}}G_ioX;Xu#U
zS+RHu&epnT<(jdP){N>iR&EU+!f?DxTZ$T9@wc!jFlRza12}xcT9XImQvV-J9
zYz6qEHT6#>ocR;<<_igLOoIuD**I!wp{RO<`W2%~yT|%l*MWil&4e0oa`=9+aJF=Y
zGEFDMnj3GPdAlD`?kY|}QWs)|YPD@+wHJDZS{NHJL;yVPMP~tP_5OsX0UD)7i9PEM6A>*ei*%elQJ0PkV9MOZIsPB0eNf*j
z3pKtHW=G?-e^9~{u)beeU-y2p60@#WN~kN|{`YFbb7Yv08@xaw4(b6fj!fp7U5Qnu
zy3TQJM^4|Zr_tPrC3za%>~EXk0^C(SJeTgaj{~>G6kANI4-vYXpUZVOaNssCne2Kg
zA{QX4+6jx0gs3va29HLs9YtTmn#=29^k*PG4c9%tTbSyBsN^>q>{wyYq~Z;BCDimF
zP$Vf)`co?&guKOl^eqC5%dw|K8J^V
zNH&^GYboEmkNRQgT?sLN&ao5b6v_`3o4F-lzg@8i)wsQZ>L+{27JQD@*s!m!|FLEx
zBO7kw?|Ht3~xKsJh#$7HSL?
z(rZLDnf)}X*AdGd?GM$YL6
zc0!$^lc@@;T_n#j$noh%uthkgZ9bBuJMnr!Sy
zVcnUMrw8inRqGf?x>+(zk_;n48Kz5y=^lg7SM-5wVV-2D@EAmi{&B>fGyJ=yK$hGk
zlKWYYTa@S@bB|9u{9cc{Omf$G+`XUXQSlMLyRfPKR6ZNX$YH%bP|Bt3{pXixvR
zU+$9iN1^TnyyYNyng*lnw?E1Haj3i0tM?iau2!S=e#w44Sno>n@0^6HGRz=tSn5zyPzj|Dv
zCny+I>~7537VUPzTY6v}b*ePx7-r~;%BaV13OW@NQ
zRI7hPsUL^B0u@AZ-T<)V3D&I-fFB)SAY&dU2m#aV*O%8egx`H*5t2J@q2Bn`rQP}5zwZvohrZ$eQuN2ND;94HwWF{-(
zXV{Hkc*A4zCN}0wS2(`_*N+~juviXcW$=+C@F#QCE^bFTn
z-EUhJ&V#_!%i~lcH*}c^Y=NaId5#-eU
z@rGm<{wM?MB9EO)>ZRE9j^xl3sZT~TKlq;m<7=Ln0HA-Y&jFHC0Mvo&JCBn9n5nPA
z)Cym<(-Cj!4WWhLl*1$@Iqf6BG05fORwgJ)or=0?ZoTh)HKkpwu$O@Ko)C6lnsF)>
z!L<;2#~`Q=jRzH(2JlB(yB2y5lh=OIzZ(?xPGB8qVAs3yO+{uj_@{a@o)cB`KU3JR
z0_$P}yKcoVip*;8zZ@dNj%uCeN6DvP-DzOgtr(%m?1SsL!|~QaL0%1uD@p0C(-fIe
z;6K+OBTS)xZm=ja^TB_oK}G~E{bQNwip*2sf6X8xvJU-YnbI_|z7T1o4*b7*G9ITb
zvX0zAc+H1skE`I`cq?haj}-FiQxis8&~0~PkG!FsF5?#+bEd4|Hd5?s|Dr|z=z
z6wdd-^|{AMeWs#ctZ>qIKDEVLI#)-(UE%Bru46n-4_$5e0fqf+uwIbJ&Sq69oY#Qs
zHjh(RcC*6yIJh==oVv1g3g-vlYVbIX%KoUZr?)Rlcs;j9AJR*zHn>?aE6C*b`f(<(5$=rMWCsT1sCh5c{D+QGFb$S&eb4YEfS!TliA)e|Jou`-(#reR<>
z&13RgSJ*#R*k^(D+7NcBM`yrT9sVr*`~W!D;*EVf%c86==OdB-#lKJYM};c!9=N}B
zB}fM;K_!`neF^7VY<^%f0Mk-7-k}&j)4U}xSYjwnoZ?EDFoXo=S~T9w79g|0UhIk(
z4B=g4=DrJ@kGk9j0I4fQT$Dhr$mT*-7aXNh$gQA7@GjY`^Xax-KX6@6toHsVq?0c#
zd*6XAF5M4}(!sui54#Rwi7RE4ha5&*9z#X>NGu~ULxOJ@-pApcaw96a_81(?+Hoiq
zc(u*PojS{+Muv?WcabPS-BeV2$lv1N3KC9&d>ioeJPCP82#ih{a3f7`G8h7pQfpWlp@D0QJIJ{Gq=vwTLv*YkC@M?t?)QGU33S>X3
z1;Bp4cA!(KSK>sa=)ZlRZ{Ctito!&8363BM%YhHsD0c%d)w9QNB?~
zw>_yZaoXI$9natn?l>;}UpU|ML;Q1H-*HlU%Z@lFMhACC$8*y=(>Y?sEh^Dwr#>ws
z*}2XO2)#&lg>#&sH#o%@UXkod=QcrabXEy^lkygjy~BA<&^w(^1zqfYOgRD6)#nQ~t$RbE+eq1CyUWTwpWF3t&FDRAZVLaX!Pe)SK*YFq)J
zy}`1cCg6QLLp&W&@*fRFOEU58RXWqpW#X#QQl7-la;t1&lsZWH36d!jOvS`Rg#?gk
zKGXf7Oc(l0FL_J?jvT@|T`HOA%%{ZE4sh(gE_P=!HI>dw-S}24ooJ07P}S!9uH@Q2
zR7LH`#vZW?W=^p>Un7D1#>)K@<6H@UCbA+2^m4jCk1#tR$LT9*Z)cdGeVkE(9^upp
z+SmDB(0-2n0`d2ES_(SQiHq}toP~l8cK#&j5a$s=k8~yozN4Ju1s&#`A+B==j&r&Q8gqIJdb~4K&=Jlvf^Verf}o?E*9AS%`AE<_=K{fZvXc)w
z4}P`|JfdZJjmOk9z6l(
zd@(QFi>e3RYPk?O@HA1g4re!cHA98W7=c5Le1MvdskRi&TAf7g_+~`xA8>kyCn&2X
z%BsB%vaJ2^mdcd-q6MOf-Vv4c3uOI!sQbHHZxgKbsC0Uza5_b_{VNz!
z0WDpG?;$5eZx;2aeu062>ogr?yLfEiSAX9;0l5Vnxx^?{2RVpn)BM0?$>LDIEsGrk&3(@}0
zNTOZlIs0xUTI}QrdbRV6pmArLpw~Iy3R>Ybf06jEcRC4rgVR^g8=dij-r~#^^j7B<
zL2q|f3VMh0ilBEo{}gnI)9NK^XQ`7T=)KNxLGO1?5p@d6_5D#d)T?hkE^3imtW@g$5!9IY*MdsjPU<`yBsCxG@_A9`&JJzM
zaI{b)IcG_Sw&&BoLY%VBr^+cPO(9wN%x21@w3Rr6?!Zg@w`D5LPAN#Ac?eIfDd)Al
zky;R-Dd%?n7={UdrktPo5-QT!i?`<7c{|Ke9~5Y@G)`qry%QUeKk0u?R&S=6UO1=%Q1
zDQ(yHd=Tf3BA&Jz1&@6gP8?2*%}HKXZIV?noF45~$*DlrKQHU2qHc~`Z)cGFbkXz+
zVy@X6C(2QMYmlY+xcuH0btDRXM8QfWXUTlCZ;P}RFX2cGzr@h%M(iUvgM#@br@R1JEbdHvPE-}A%_`yp>mMN(3$Y|
z6)jvQ(@7tk8IAgLJf5|rfaEFlc`io%RUXe_&{XaKwOuZGZbRKYUOlzS_5E$(uWHoQ
z;4K{VEw1sU##FLD!$0QEw_A{QKZ3IvFa-BMQ7zo*i_s~Y4pDKc>+n-uhm(tahYv05E0
zn;X$$6%L9;jCQAORy+!U6Dh}_Ih*o4b|wmOLUw2O5&f>E1M5j4V7H&rG(DACTP2R$
z&uZH1O&r-WxN~|;c24Whqr1l~-H$wuo9S`eUf)wQ<1Uym%j)s8$al7VP%k_Lf_F;a
zM$}y(>Z)bkQ8;~)TV=oaBOnG76Yje}=KKzg$KXsVamXfLIF1;`3*b*ALlx>?_3FPr4KO~sRPl4k`3boG>2V6}WJ_Pl`ji}8_2Dh7vq=?c
zf@JzeGIa$*e~*dOQJESg(?~Fk^_YZC0`3&yj6-E)+x8r=TE=7E_x$S+6Tqn^A3Th{meJP+(@$xJ-<+xYhZF)NxqFevS0kNF14Ogwf<
zAIyz-OU(O4WO$E4MAL#NTk@PwfZI`DPdpTN5?+FJmQOhTM42OU1U{gGx76`MU&m>O
ze0dD&Q>jvlbyLKK;Oudp*u^B4jF))laG1W;X0e1lyE+Hm=EJ&SF)r5pWccsDOZAMnDu535r?F85J{TF=N7<
z69&*{dKjKLJTvl?zxO%S)pf7qdw>1)?^@lr>g;_^oeEu5-PK{FlD^s(MPxV+!1foP
z?Cp%-lhhi7E+i#IASZe}f@M*MJ-~3*0c%SF9QlLv=a@}kK;Rwat4-k-ko9Gt-TpSP
zR~%>*2d#<3htFTQ2wR_
zqcq50XLh@II!LPegu>rKtzBPDASnRz`Gk;*bvU>gD?5tTJU+u-;6QSh6K&!ji&PQDeyf_bdng{
zX?6a9q_~f@XBhGouQ!!?5ubo`Z21}OSxrw!_RLo7!1D2uz1)=ZwAZA`Q|;DPdkG{f
zoOU<5su}HL3Fac8S35=@GStK#mT^D8XB~kiH0?T)zY)rM4}^a^60HbHYf+hFlv$&1
z5H!Fh1#1$fRF|ea!=~H?w84L+TK^8WtjS=^cdXmcxYa+kb**JB2jkS3r87Y`<)G#>
zdHfsrJJhZQerwDzQdrVw2(pMn-;z;z#I{l?}r>Gy=3^pwV
zX%4Ja%PO~nT30aoJC>NyhPK}HZ+kmD)|Bl)Nv4^H-664xZI;)V%=|kYyNenp$()bf
zrDP9h;xZM?w@=H6wY!0BA}&XP;zK?CH-Nq4^wqcPOy?VBy41!hnwn&;QtS;Vxhg5cjI!YsF>0`#P|<9o_^@D5yC^
zjwkaC#J>?rJZwlj|4P&KvD;kpDAggGOw)7#h68MWQMtXhxar)Y#)+=tVfP6!&
z>$jCVE#Xms&pSd@(pf!Y2_FLdG$!a}-kPhWF-TYPC!m^x;!>6)P+FuGqkVQnm~Fx8
zoz0Zwl-WQhRKnZ`tOK%{(n%__yT?2ptaG!ONvEsy^F8`4px&27x7B&OM|ur}e`b*k
zvt^IOrdk}t!
zNfw`|Y0-FCIwT01V$A4A~p~I=jX)qR|p+26`G|%mE
z(F0_xAD;%=khM23)`YTn{g{h4ZLo!NeuY#ayMDX}#3N(K97KGssOtLh5fB(N8-zo%
zN%Mqc*N>OSSiFAB6Q`DB$a>f7qmXY~42>;0@%@dNX
zk7A@Nw&VJsf7)Ie18PLBskgLS;PgVbB4ZJ(?Y
zAYF?se1yLJ@r&JQyQSeE&2%);aBWeak@iA;cupAsy8?Ee9851lu!Y8+gfWX;BFLwZ
zejg)pom>~M!Yc(fc`#dwO*GA`iTZlMTLS9j;I|0Zz$WMVLHY_9mQ(!B;XS5s8O|^-
zGDJIvSBLrGfKkXii!kU&BGxS0;c~0=6yb(2P2!0#eHzWbOUnw~q0p5O-xNb;JMk*2
zgqsvMn*qMy2%nLF>lGk8tb`ANed+LTk^~-8d>611xF~5G>Kl*rjFMV{(A|+_nL$Wi
zA&i9`Y0=^RruAbRP;Wz_kP=sV>gm;wG=2o6N72*{x}tbr#di@u8`y=!^L_&^lhd$U
zXqQn4sLB9Up#UG=#P#1Cl}AnMvtUji7!2)e8-(;dn7@!M4#)r++7~v2MWeBli%l>?
zx(?ala!oGm0I+v;gi|eHJiw{h1RV6R_)^$}MTBuhq7R!^T#B^*y{6iQ$Z~iNv@eP+
z*aCRO?9TOP%YIYYLV6U;r^uG#(z1Emv-Sb7Pnb6^z<78Yf0Rz
zu1~!52LKzEqyM?$Qri0io9py7@0-o;S0#1xwX%hDCYa~tSo=}&1eW|FGBt-73)^CiJiQe;diI*U=v|(p*Gl!o&--(*-4qi)-^jr_C?*B?T~2!T
zs)ICzLiAz2pFKRiHpIOA^-)aphB`g1kXBJ1n>ZJZ&3?cZVABJtJUOJ>g?90SsOk;(
z^e%*SeYT#G&hSVNg22T#H7?6;UJ3(J-A+JPtQTX#?VjEb)WNb|^?LnN-A<%l17;%Z
znlG6leK%|aoEi&5N<_N}We-W%lfj&y&6fT|iTfnPl^~trh#u!GEn`Zq1Ad3&G-5I8
zD6u#r?mY$URfl^vPEwrie~#^sERMR*HlyQmc!9E6lJzj)x5Fm=iX0KrG-QOf?CTQS
z!@!(MHhT#vkiXczC$YT<%v1i(wp<4dZ_&IPb0v7!#g=Vne7gl7g#3jV)5Y%=ESdsr
zL3o#C{S%C@981bh3Gqc4vlk{v*wlH?!lTwgbAVkPffkIg)YYeBS4V>~(b0BGJbBhK
z4hDE^7D4T3RlcOGvq88no5Z2kyJQ<~QRXJFUa5weoMeRW*pxp3?Wey|ZApD(Sp}F`
zlwp&C(8-@3bnn-YR@R9*?*u~Mm}I0lmGq@r;iSw=1YsIU-l+7g;B|Mq@E1@29$*hTeZ_zG^xp*b52vp^|DaTl?U)(a{@_n#lVrlZF(Jby
z`L-kO;8c%)CG1cyrpWqvXE1w`?d8p`Jc_j{VEa02S~dlq{z70&bM$K}&Iz$O2N>6;
z)xP@PCDerowN_i%B$-FCd&;pDw{M&g`~zU0I9wZkO8Y|dJLGw2#M-9J3ml1hmh`bEC;7P@giVel
zeU~QpfoJIr5I%M!X;I>sX8$`iXLf**KOxS3J`XbP>_PFp+A~eSXce=pL%*v9$=X0*
zV`5ypM|CJupu-@F&CCVi2$I-ld{P}HN!CsS;ezT&MlVT8a<_x9i6rT1Ww_Ji@{}Z*
zeFKCKoF$Kx?^*f{gw(`pEERi}8iCN3Byrrc^o(}rvVb}SgmKQ2S112ck}ROk2Vs%3
z93OOGT}0{^luOh
zM);)J>msRITC1dbAhgaVd6q6$Qa=#(%qB_aE2l*hx7d?J&NoFe`3mo}Q6#!V%$v_J
zK-n|qD8$v6_t5vKKgD{kd;^lXl}RnHXkHk>Xgw~=yBgQ>~j?MJRS
ztZ++(X<{k1RWWS%G?F!8ZxW-4%Yd(sITp50a?!*lY){3on&2cm2#1(jQVOyz&(aUl
zbP-cuyOY9}oya6~pP9LD*Pz|Vx)&SlcERp}{mhsKcj!4{-yOV(!WyuYpQ>$cBd$h5mDM)B9{_iCD0IFH@kxGe#M=U_#G3Z
zYk_#F2%1f?C(Nm#rUAt|)}^l0tG~}s@-23MVhdl|A9s9;h`V5wSV*1aQOjU1p`j?+
z?^F0QswJ=egu*Z6f1*DA*?vZ0W(Vc-3Y*LSg2Mjte^B8B{I{gDroqO%q7z`TK4T5;
z$}8gmFEzw~%>l1Z%7Jm)1A$(#JiaNwuGr)fW&5ePB=+vjjAdP-d$`
zC4JaI=$aicq>#NtNnh$BI||houkgqNuVH8e*DL9?i?lc(e&FIGBNwNaKpS@#FAS*D
zo(ASZ(ws4y2U!)9H-ceR4(0TnDqiX+Uu!g_ae{vyFocG!!=g7g>2S`kC}`{v(soAZ2mP2P9Y
zQF7Li9P7kNvGN+MY^9|wN&0I9`4ZBfW5m3dz-J1a52JOliK6)^fzJ`REud}={yc#%
z5O^e@$yu0Q2wnG=ae-O}P
zgm)3HFWNOtJvpW*R|PwMQScSEe>(+C{ZX=Z$TFGzQ2*F8Eg5_B?JJy{L);;TOu_F^
zQ@o9iXG4IEb2!)WEN;iL1Ar~c!qtd6&_#`yQ^7dju}YIvdMIH7u)7^D<*#1!R{S|&
zZ#$g&zN^EP^bH7qI1;mByp+Z$sWuN1Y*G|jSu(KZ?``T{i}qs+cA~O*gt*HR&6|5
zC9COj4CB$N2VuxQ9F_BE)tf-F9<2&tqc*m1)E_7hh737YyO-K+0znWzTGbt#zOja`
zA=*c)sAwhtno4*)3|d$ptrFvl03GAttVgQ^KM&X?4(Fp)(s`!2h@MPhi`xnlX{{e-I9%Xz`;bK&BUdO?OE9HMk;pOr_wD5lUA6EE={0}euLjFe-
z=ItbZWMKpRH)5tub-zpB@-;U4vsr-R<&pmCcjKbK=
zBSqIZGn+j#k9%gGXm`|uv6&~^y%L+D(3)vomp2r`rE%`rmn6;X>m0zd-&c7Cs>VlMCOF
z|NRQTl>hw;Yy5}2nT4(G|8V)ARXErFpCtdY3$L^PPs;xRg&*1f@DH@1%x>wzjuO~C
zUDzA}$%LtKS<%h2<4j!En6sf|UKAJST}7XQQ(aAP*oXOXr&(gRNO9(HY0v3u)B!2A>L5*u{g>Zk4Y0y6}vb}f%y=-
zPjghTILdaPy*MhQ;sa4U*wg{NUKTHo?gn}H7&D~XOJ(um=oo;Lsw2dUqlW-onoSrc
zdEnwGis-*Cj&?3*ewO&w#w;ibz*Upy^gILyErPOo4~vy$C_On
zUBgU15A0QEO><)xN5z{jfPLrmH8m`b_GZJ<7#2raA13_=Xq}~I?Bb~CwO;^?u4FHc
z^4u#Nm4n&EQOV|9VstTkaa1z3k{I2~UK|y@bvb%=aa8mk$kDTlqvGeAIhb7>6+gev
z!R+Fw6kyRo*?!u^Q7OE(#5_Ok;;85i%h9uoqoOy<>1l=di=)Q^TZ2swHZveOq_H@v
z^*~hh{Ke6`AbliTPf7mb=r#~Ob0miR6tFn@3Hs@37Dr1C#=wnDoyyh2;^-wuL9c-{
z4!bx?`Uq^(of?ZpYFxVsW!uG3vX@{xDVr_*i4yJND2Z2K+u(>E$1aXi@;LC99A_Ad
zQG0m1IJzC!*ADk=*u_z%lXplERASRylcVm-bp`dxE{?K9x`8>0Z1xLsL`c)nkz3hz
zag?@agSqs-+qR3Nw0$<1*ZrOCeWcjk;^;%*Jsw-OopHQ4x()KrVoXMSGloS|ASU9)
z(Lcb54vq6IWv7IAakMeO-5kNQ5HF4n1h|(Y(1NC;uDZq113@{`(W(+p;>FQZ0A8F$
zP&-ptadazKUsc1bW^vRUhOZuA)4Hc?I=E{=#EYYCz~~yYbb!}`
z&MuDbOTDomOpZxLic?AP;^-WZjs)RolDtvHE{?Lfm~(+$92>ERzg--a!*L_9`<;H)
z;;86v0k+NQXDyD3{=b3!>h!he$KvSDrAS-7wTq)9nI?zh3>KS|PO>-}9PQY4ag-!8
z4!a3tdwH{qqhjqaV2g=+6CArZD*9&uJ3mL?UmU#+*xe3S->Y35CCR*t-FC;;yxGN3
z!FQ5$MC`5Bcf2@S4taB8^wh9+ZLeY%M|%Mq;&2wM#qHwgWMK2Na3du3!Y+V7$S#gbS~Gynk8$lD)gik$Dygpm;Y^aGH}$->i=&dY8$j4t
z9my_^N^&oPu$3gKGZ|1dIlDM2$$byPPG`v@*~L+@RCXk8g2(n3OLlQoEcFFpI7#BT
zXUQ&(=J6Pr3Btk7l9xNXI9fo`Ng$lMO3*N%UycRaUO&M4vXk-ka|E)xWeXo?#6NYDe!BML}qw+Z79mp
zLXc+S+Nfu%`S5p27TZ+`Ms!s|^D2YBsA`*8qDmBp-JmoeR%FCi6dfJ)^YqStHlc&S
zIuV=mO#(@QBvT~nn{5q|GfjB9-kx#mT8M9eg^j)y^;MG0w#@8{WWqV#$+<{mp&&hA
zu3fTBhGosht^0
z-V5+FN8UtZdgeRUwC20JqyCz($i%p9`;l&D*-vLnX81|Q~k4sGK4SaIU
zu_>%hOe_R+Tnzim*5{g9QnucuANtu6C5Yn%>z}`1gx0dQHw8QdGmq2MJRC3CHwA2k
zczX;PhHN$D-W0&=gPKjdvhppsb&*mfws0X0YyIJ-0A4v$u3c0iXArg#Ib7TnAazZ-
zD%fR~rLcD-ghx|ByjIxW89@Fy*e;J@zliN>3QgPt{K1%GQ?Pdi(8L?qK8Rtzh;e6t
z6opsB^m9)ZvFye(B)hH*buQSyu+<6nVrs!jZFvk86DU|yt06k>VCLd^OM-$MGn5&#
zCq#Q=3umwuA12tHiX8~?(iqa|_?enF3BgNUUEHb6{9{n@*u;Ay-l?Tsith%jkHhJTlGYhXFQrY~
zRDm+f(dbYXE#K0P2IUk-6Tc+MeWXBa`@;R7pxhMGblQzc8;WdqwX=-&%~N2!8ncX)
zlCnDbtS`a%*|DUkq{l7T!(){!L(|8mr6A8OY8@S0!K=lP=W-sm}lSj?WwdyQ6=4b47I9fyt!n-+%5A__LCzUcz_9>jQ*8#X{4xC{PJ!tN(Pye|l|9qII>Wh}Fob_i;^
zH9|SQMC~j{FL7$;B(|F?NlNlA5T0-(hK!fM1%7L3>S+XA=6`#%q;j-#1&GanY1H$I&EUi|OoK(C6!Y9>PI@u%r2}1q}
zS-Erb%HgQifSsNMbQW2HPO1^*e81w@6*&Fd8@uHFikz|N5Q+CI^0>@-zvAIYYZ=qq
z#(H@XJ6+GI8^2%iY=DNn_bYw`$=$#ob)0ae5&9GN@C
z?^pbl7+hCJs9|yY#>Cx#^}!}@OuQ6x4tZnZyO;r~21SNZ-o(}=V7?LPs^7Fo^I(=4
zguz=hzk`{9AiB3`E{0$kws0MjRmi?Yb1lS|#*mJ8ircqn-VSV2jGJqykE>iTt#8rX
z0Kpc(?`2aY6Y3(~qA9DBY1W&}Ee+qIS-R5B^Y|7`sg?w5?_*LU(gI9LzoO-U1|s>O
zMBh?t#zQa>TlhI$YlbZ-(OVxDK)M)P_$?5#gRo4)#(jlQnrTRZMJ2}+KE5hm@hmwm
z{~;hnpadn$3#cXcmQe{eMl1}d7i_{L6}T>f8uL12Z(|EL?Si-owxHyEox^+s@o(4!
zG7RZ}U22!fJJYxD0ZXq(1xr6o4CrSN3}Q`z(fG?efQOiJO)1#U*|8GsJR
z(dL)#kOtx70IhP`O+En1g}XUUBXR-TNAE4uud!)z&}SFenVt$cLR
zqpLAoOX)PD-SV-u`1cJ={z$WFT2y2&K{DXi#wLiNds?yO`v`2>0PE`TvIL)?_()*;
zIJ`k(eyU{XKtM|!%vXV$<=6$~*n;vSg~K8{2OQIe+KMa@gznr-MADs4o!!y580o4c
zlj&!WD{ZpnIKBPXiRhUq3Q~2+E+4OBGn4p{hB`0_h4xm6Y1D+8=|)KUit-8i($^Lc
z?}jbxLug-YLHT5b20%PIhP2qK1fQw6nF;VkX
z><)(yqZcw9mfP1XhED^0%@HJXNhvL0a?Pcfg7lNfy&S$#`7uRbo)kBNW2F|05U-6b
z9K$5Ec`O&CHKbi)#7rVQkY>wQYW0r*wztElC-^GG4+M6k!)GVvPmu~<1L#5r=Qa<$
z31L2z?f}OeMr~~#*NQgXd7g-*E5}Ls^~KV~xKhxIBO*(Gg_5#mu&HP!4yTSRm0$?v
zK}sz@DVCXLi#4#kI7#yvmu7z=%ZNw^Rld0s?W8GIBhL$U1sDr*jJzbs8X&8k5iRdm
zq`)qMbRD+v44T)EMU=lT&_;+Kk0GfF|8RXz%X=#b+Z{=KlyRc`pVH`=ogIMF$h;(>
z*-#HY7T+oWwQ%r7bVJ*mJzEO<037BBQb6-Tk|Q(FHpk+Q8{T)Qpq9jCykRF+pD~U%
z>u7u|V^R6?RN;xIpe{%c%sv#Bzm?KVnOmWCKa<=54I^sG*cLNh0s4+(TtmYtv2m|H
z&vQ2we+1!AM_PoCCD|+PLaKllEwE`?7a?TxZ@Wx(>Roj3g@-dpxh`d51lbSMOb?Qw-P
z7lb1mX?!dAq9l7Zdly_Wr-5)bNx#t*Ie{y=w^)W*CEM$TBCEwno{^G
zGb%G0;9icP3D^^4ap@pnM-XRuYf~vX!xr@#$j^x}L%JngYza32+~^1_)Zk%t!JY$~
z=YYQ97$tByctjaj85vBZCcXt@M>gvUWxWx?CcY4gM$-b@aK>0(+C0Q1*T$wLlMXgS
z+br+RE1CsOZL;^}mGL78qQdWpc%(HxX&4|O@j|5b%BJxnMUR0aM^WSKyF&9Quf;>vWz
zgK)#LJ1UzbQ*kC%g0T7QvMk$Ol}(Zvf!$cgmd0P)Q}J;;dJY73C~?V(;{6qumld51
z?A#dFOSVcH?islSgpDyt57FYWo{<-UZH;l?$V89yJqSBVVksDgY*Exn_quay=YeoVwk2ui(nQiMF5A#>
z-u4`LZj6xjZ802--#82h;|n;8mg7uT7rV0Zd2V{f+V}+Yi9C^&Kv0G)oWMphkg~e=
z+;n${d&E#R=cZ$TO^R_dmHLN@zMh-Tgy1m1$7ECF+>}@0a&9@ci!g;Qb4h&h?DyDJd2V6!1MC9Gz8Syv#=holGa
zL5_1J%vp}T0zuAH;By^kJ3{sfgT2tW43d)^P7RCOD-gE;dkEWK3rIb?7aHavs-a%H
z1X_gd3Iq!+DZ=ky#}%PuDQPBk&xtWK6HZg4nQ-Q7yJOrB-VL0;-Vd&q0qPx8`H@jTio4!o<*>b82mB7lkrpgY
zN-Allo@D1^#5AkOjxCgh0Wa5hr086a#5O19J^j9YihyZqn!uo^j7F{
zBCcgnYhKZTU_XjPa5K?C`TTRotdag$j^5Y>3=wC<*7-1`^HW-H;=+S5i7s$7&T(PJ
z6-Y>3C>vE2oo7!x%EpQZO!5y{5Kq`|BrZv(D?9OPJ{^{0FZS@Ff})-<7muSO4iBE6
zZR|M83eZRHVm5l4>0rBZKjjZwr2MdmM_TEV^s_D#7Y08jBtB00;`!DRAE%@xIc13-
zr(6pY4`DMq*j`>nNR#E`lr0WG=Rr^$sZ-tKlvLl9rEVCt8r3~c*#YioV${_X)uSCc
zIinAwNZQ4GC=}{-YWgzAK?7LIb?lRj>mZhES!~4ZiJS?E-dLc?NwbkYT@~$fl8^g}
z2~#VVC7?^0;z#kav~=sN+8xkK8o)_;C_V0i=}f!U7~!?QKWnI){`BUu6j!)$Vatht$08#BQ3kO%62A?T1$*#C@
zOm6(Lkeh+LJ&W9HXH2p7mVi?8LhCahF49j!OXx557J%F(i#(C`>S7DZo99WIyaaJL
zILYxT`C@k}#kc^No(b!jwkkJLaXq_drnHkw>7gu&j2GHcG$q#T$8k#8HLE8MT^AMBL!X!?No%2_
z*20bw6Lh%PuR^K0HV`#WE@bFcha%QJEL{pqYNV|i8C`0EMZOUuMh?v}B3BEt+JIc$
z@)h-Xat-JvTHpv^uSJP+;XV~oEM>Ttk!N
zF}y6dl>RS^%X-Tpz7=eUw~Uypo4RzmBwvRDs%34gFSX`&
zw&dmrXU|q9*cki54;_S<&Id7vIXX}EDPMOn!M-u&)2BhDZTys$}f7;lW7
z`)`M_JPs?V*SKD?bnMd1h3KsPKz&;jmOn*4eE8jdeCJeKoVHzMrU$`5&s%
z*UD@~I>!!|wtlsN&0nUcKF-7=Kmt)^-N(I@~_{%Y*=9iAHv;2sGTQ-ZY>J)n(i#r
zFQunVp?)bn&lK`Y>3Ox=*W{D&d9^##T;D2QWUk$}u<=!Psk3%fhRK+>VekWN;YPN@
zCY05lpwN#H{~1H(;RM&UI#cILT>8N#s(PYdCi(*_W$Z?}Fg8Psk!OZsw-*(jfGxw2
zUcaq9xROtT8`U19A1PJsS)x6I+N-fU%V{%YwTD#l0dQTEt$kpU+})r&Nd;!jFr?oD
z)MWbWyV5krM{ABh1?Oj{AwE+rP+v|GlGv$af+@h5GH_j|=tN!JicBH-kSd
z)NclVR(R%%(X!VvfH5zyVZkU5$TXxpH9$gE5S`Q`sU(#0pr`rD)
z?EhEz?>GQEJt%t2uEV@=mQVss{SNeWih9hg#lPLxLz?tyBPi=JA4j*IGivTv*iER_%Lu>fJM
zqaH`s{L&dZW^g|!OW!SZDK){|#@Ax&qzXG;8()j9m#QVxQhP17d8!gbtVv&unKHJp
z%T7cmQC8eqZ=^9pAs-)OMou;w3ZY4=>+o4nmKrPWrgSpRQtXbWN`IPDcGFbXJ_);*
zvPm-6VRy4*tF?ZL4~4#Y3fK$8#W}@?D9*NEJ^}V!jQbZxM|wu`uR;A|^No!6jO+%i
zdyM-=CMZerH6DbiBr#uxA)C3zsop$^vqdr4OLrAWXHtdEtBU5p-WDY}xB-NXBqes0
zWN(X-Vt5gRt<_nY<7MM}5O!8)$$q7V)o04C#g!^-T0PQW*eE2xaWqKNtFa74#b`c<
zUGFs?8J%;Q&w(&@C=HH=`JCpn8uGJZ%*eT=Yd&Yra%E>i@ZG@5hGXJx{+
z&4(oOF?L@#b_yCnv28x{nA_BKI6SbabBf#M(+z5-1+b1W?$^9+K4N4P2;*aty*O{1
zj~H11Y;lbHMr`wue4PctB_uIlhM}bSEJ-qFn~$XX7)UQtg(a&hngiQ>B=Ju{_@1Q1
zu99r?5laQA#4>Duv1FT%Sn32qUy^by+2+IQGZR6W7L&Bquu*u;hqml+GPh_Gs5*qq
zm!U$#2YW-vA)fruWH>nieScymxZ(fNj7-OzHzWUF%`Ei1=~cupNoYp;Hkb=U!~MMQ
z-;9y_(M(rtfx*1ymmA~Bi=Efp3A^`U3;X;EN)z(pdCiLuZ;c@{Fv0D-<||;o#CZ0+
zhVMJH6Ahi$kY^eq@iy4PJqa`9<~4koqMO%DPPBDi(;ZYZ4ZC?xn;|!^*)LJhd5t7@
z1}K+Pfmt&Q{jYh=BjCL3G{gwivgS2n=UYem8HWB>iz;F1U{eh-Lba?GC3bp)G=N0r#4GVM8I+ahmDp56j8HAB>cvhskou6woY+#+mjs#v
zAzq5jUEXgGMnI`9BB*UCAh}kcMSgKembn15t9<2zot?@{Aid`k+f$!X`}HKrv!uep
z(bmasD@d~?x&Dq{Yh-_S##H?uYyTgy|9q2X$1d1q^>@79*!wp4d(I9Zet$QCQhBAQ
zT%sSYYIsnO4RA`sgL~YLu`AW}*$>!)8263XNw4HFO1k%g^cYp>ysBsp?4(x`{|5-4l9bq0lAZL5rClHtpd$Zb$xeF3QcDmzk(6u6
zPI_5=W;6(U#UyPoY!o$+oq(Sl3(~ZeG@q;Q@|us_!j;o}E`zc4G+2g9;W^FcKFA-B
zG1HU;*L-e19o}e8ZSx`1e1Y9}RB4^C(R{8<*tYqQWXd<<(7~o`wPu@77wDT_!1@yx
z=M=ZiXFl~O13Mtb{hGJUM~oZ~!s?im-F(EzI$$@(xNpQZAIaC_AiP8p^JN%Hn$LMj
z=4|tkbbkVA7ggxIs%Q>u^O3~sqkdXq^Xw|gHXpGx0EE#buJ9GvYc-8x+IT(YtZz62T_hG
z&Wz(`q8KsfI5~vKxBbNMv2!8H8NTvOEfa3aL1Fl!&W2XYPUdPt<=c)lKzOS*2rE_
zDXg8Sk-bZrB66xmrWWTtg+~!IGQGSVkV`Z&qkd0B)@x)xac6@@_RnWaxKkrD3w}pB
z4`^hT`1Y7a4v6-Efv2>-24=tO}^AN9SrT9d_KJ3_ezACeY1
zB3nyc9+DF5P^XrZ9A&7AlFdQzj9GG6(0g!3BGN|;&iDG`!37dYD^e(tNFzlODbh%>
zL`pSMQzCUWqC-iAMoI-~sF7L{X{wRBMI4sfYNV`$&AW4uUIa(AP(P5&><*8ma;
z%N}pbObM5FzHt~sr~vw`37ueSaviDUF`GXl3^n|YIN6C%l1af;_f}JjWmlD@>v!B6
zO(jR{BdZ~33a5zc=VqrM#iS`T)xK&22|U=X)1iu=cXs8l^Ym&MasA7`HC(8K!pF1n
z=2<9FLVHJ$*UUAw}
zoVJ(t4yS#*(@x4$P5kOi@ZKkFa0y47!%9s`28aT;{{~sN?cAyuTM7;Dtw4xC$TcmD}(!Nf{2`(+f}bbf2FN*y4zDAINkm7~
z5yK^-gXoA66460)#7K#BR%@dq(pw{=B{E1OV#9k-arCULyNwq)H+a
zG_sFGCTe7&L?&ruxeV9EnWR$UKQm*T|s~nW2%xB(k3l
zy(5mT$-#Ln3Q~F+y(%nsoe;tSLvA$i(piyPAv%bpp7#j
zl+#-ijAV-#eO1llA=2=AnN4W;Y8i7ie1pfi-Q(OLoU6o-(Y1B3l#}QmU{X?Pg46Rc
z{ZdS+!E?45jM*b!PHWbfMe_~|#`Kq1T3sD8Adk9>O2-Tpr7EX1tR@eiz$y)wSY(w(
zj
ze&19H3;RxrS<)vfDw7XA$}nY}T4J^>H8(}kKZ{FN|Uie^Bn
zxHCcKPO~DJlKi|VZEMUCVev3hq}}M5>zJpty{V07P4PSud(TKY|OlO*Kb14$#jHw@+R5zbMdmwMtFyB_4sizFXx@V32s~G
z2{H?MA{&x!y>!ol(k~&GqioM2xgKOA#U;EfW)HGGYo@6FlGNgWb~VSd!lP&xWKqPc
zWzt*l%8>LHl>P$D(pp1qgIy35?%0@HN00rn6Km6vH09D+jXkaAK?p~3{Y@pOi$ud`
zB;j$D(lGZp4h{AysJv{u#BmKO&yTH*Yb+em9oIzU(%{Da92Rc{$uKP~uCZ?k^=l`U
zRxhuG-sq)Pr&oBGHc@w;kcPAoPIA?GX$RqU?E`srjy
zTa?bg^Z6Gkj_ZlbLBgHYJvo$LFvJ7aUs0X*Ik43N8>}%g5$FUOr
zsf4zUzz{Mq#bsh+Cs6+PH+oaIcork11ZjKce-_Qyz
zl>rndbtcVld5OTPcfG~^%
zN}`A_Z%A|9BopE3H0+C0+*it;U>jj)WFJNQ>_(*#yOT3p_G{2RMG?P@mgZB}QFKH*
z?w4Sn{sDqE63oaxiVE9P^CsDAxUwTTFF*okuur#njT9B|bzKYRVHZWGGx#=kE8u*v
z*X+Wte#u&Ft(sor3TUD*@RPk=Y?W|I_WDufJPFs3ea2s}tvayAbN|JJef?3@s?s4_
z@EQ%27DoLOi}+{0g5EFKLVBg`2(w|}YfzAQHz$Y35@?lS3;zv{E?8EbQsUr_fVw-l
znDVOA<&qH!g?`BjaYfY~rSE@aBc)Xz<*$ANFQ*k>bkVu$lLB)p%t-dK3PLC6>8c$?
z4*8f3Y?}0l-oWV`Arywzn7*obnbYZpXi##&SzajY#
zw(wV$0?8KtQt?`^SlIg=__US18an1$~WDcFo~+K6`v05z!=ws?N)++
zBL$lJ6;@XOKRxD{iA+N|-xiR{hHI_`emgn&)R1(P^IgJu7WnJcalS959cI&f1^nMJ
z$0qYbEy9w^0&q&PNir7xu_j^3|89Uf<-k8B4vYdc-oeeNR`sjE2S9ol5h-xyS_kB+
zKWjp3#0!l|n-mtX<}|XeTGYtouud60)_gwH@LT3HO`9rtxKWLdDWTzp;!wu4`W!uq
z*;`_p%Ns!5MxLn0qs&I0Zg4zwY~)!#@_fU!L|!wau^wA>Us+>G;Umb@=1X`Mac`N3=R@M+ptu0|Gz>~8G+8-;cr)8}J
z<3`77!*-*DUY76(z~>y{EsSKA(9aS+0QiL?uuWP*e@oZ}uwYx9SGFxn7+?ua0k(??
zdNfH*RSnUa>i`uq9E7TvWIQXwOazN~{}sR^9f3MFnGu$73c&NS37X6(Bclvkg1Hrh
zyGZKxD-0;Ury5|^%uB$w#kjhmq_H09-yr;_I?_0gRPSxv;DSw3@-2<`Nc}(vojWQ%B`;*)kq5q$^j=Nx>B
z=Sj&s7!I*%#%1l3J8Nk_eUO_+o#_MCz?f4J9)2mXt8(x|J$w_e%{lmC9{vun
z4|DLtJ$whST{-v>9$x=lpAr#=u(U;43|R0I*>W*Uov3
z;$|A;vxsphv)$d97F!DWsu7qYIeXg02g7^@u?;KNXdS&yq$ISl_*PO9wj&hkld8u~;Yd{v$*6eQ{X$lB)
z9LX!ion9MR4#HWEBx%aQqLmVcGI@}p{YJ3vcTCB#$4q<7Enxl2FOp313#;vs_5xv=BYD}b>yeg#aFQcA7wsv)T`l>zfKI=vnuLV`
zeq@_lu-k}D9IzcqTQzH*g?t+^I9S?wRgClPWII@
z7!2{=F(l)RVT;u_Jyz|Z=bW7J9t_e^j>uZKoc;-CE$}O|IC@^7=cZG_Je~*#i?Ib&
zQ^R7;iqla=q=IRoUKTOsk@9DRr93?@4btqp0`Ex;Du
z_#41|sZjNUmhEzgPmLjSHSvame---G{!=LD0Ji}*cY^+qQ@NWeDN*@FP12ls3%h?h
zk~b*+$0Pj?LLQtJzjR?DC6>Zel3WuITE!%r5-#16C+-XcHr(Or{1;(`jJj&ANZBNr
z!?0US_NFAOUxpQO;H)x|c+Hd?@MM`w95qPuD6oZHCsjHD<(yU6jZ>1Ec@-*eQEf9*
z&JZJiC)IwQ-Bb<`lu&c@c+)nVzqpU2tW
z;Psv>!9RmKXS1X(Owza^Y{a90KX|u<&e7ZVjcgBGY_@-7ncH
zT@IPIEU3CGl+!Yq;FW$B1og0qKQ`TaHC?$D)EQXM9Q;AA53d5YZw~&L;xf=J1hzB>
zf6Bwp0d{$e8}Hon*`${Y?*-wZm}Fb|^Xg={1@djgE@xTl5%8kLzJdHlhiRd{oRm;l
zj4GjB&lgTcvSX8BU
z$7F5IrwE)LAVtsDiJGu9qz~p768EC1AWcEyP+fT31Y0QlNu>A*U!x{>m$HtuTZ#r-
zKdPX&Z>$@rkHam-(lAE?JU%95`Pf~i%hGwnM($6M@9*fH$@_KXSY
z`KeMAQB_)8kBe8>Q^A}`c0Hyn-Dq@dx&~ci%Qwq_ofPBV*;#Z(IwDDi<10b9i6qH`
z^j}*w$#c|{QOzLDG`9)#&uBMos;_;ION}h6V6_0W`W=k@PJ`1~Ctjs&S2f(;
z5*`BhOg5pj6kl&8NajBRL6v3d77b2G@0l7V%%Q0g5=w1!SW0@#wl+FEC0*ty8y%r&
zRq7oxXYtG+8kwrc>R)K#Q3@YpqoXx?iH(lY=mV+Kv`y@pio4vmW6{`HRKtnJ#iG2o
zt)1~HImvr3^$)SbTo^W}r_k7?{`9~M(iBQ3u`vB?>9`;9q8@BR81OrZT~I6dH&hq#
zcv#LRuZ4UhgP=AA*g7Tz*NQOxLZM)9LD>ujI5s9^^$JUL>4rxwJ6&NP0p_tW+Z!~a
z75WJ2*}yKV4u4SbJAgfyjZ4oSeX2O?{0-nAWOMW|HlZ9=KLY#H;mLF$iWIN&1FnQ&
zlQOYAKpllTLfj{Yw6Uw{3dP3*n;7F(wNjyjAU+}oYNF6d5T6}GexY^N-U1#ECvv6Us@Spd$D!K^V?2hz5-
zQL+`A2eErPCT9(#=St4wb|>VIW1#!v{v&Ccm7#Le%2s^;)$4B>9r!V~H3S|+cD
zM+fW4K!C$zLVS2!t%t`?NW#nlct}i8FV#Y4ZLnq)z*AyEUdU**HAD;3#ghogH{g#F`=8Y%eIccC3MfOPLhsb2{?xTor
zqRT|5VeHM=@bePhihUIE&1sp4@2A6~93!}A7!P+yxCQo^i2EoybvVQIMZ$0tT_W-;
zM8a?;>NAq}>`{XIP7%&T14dE8aGPi-!Wr2|(EvfKAi+BaCQ-g%H22?*;eP2@?p1!R
zSWrIqQN&wwGSQ4q-0$0qmQ})iB$7dw=bDp
zu#X~MF3Log{)=Ir=4YaYT^Qztz)Zx;oEhOn5wE=B0RikY63#@tJeY}iSuGO{$3C)>
zhbP;HxlillnVbooEAbf>rt+k{VR)abz2xEJ{to&%fx6db
zWC9^JV^!Ga@>d;~!zn%al^FNV?}!Hn$T5G3j0AhwD26iRQ=e-M?K
z<~5j1bmvSO)#r1RCs&G1WLuq+Ogeihf$p{5<#w
zwL4zRFeOpMm%FCBwJK>0P6VH(b`v!68L8YZNrryM}jAZpoVpP)`q9<0VxW<1VmToj@
zvJ=mj`^#HrL3*2XxtM%Syr#l%awJ7Dt?(=2FpbW2CIl9>iH-D`9BQ59)FpMr8|eKB
z)W6Q@3$EtBa;ZP*)Vj#Lj!E_e@f6PCO|a8PO(PSi-w!G<;Dh
z2UmT{YEqs)JQ78>;XsO_tEHLqm1k+bq%9L&_$tMGXTfxfq<`d!a#r^1SH=hf_o5z7<-Hc|1u3&JhFet^i
zFqa1>#TXY5PX8$2^m!Ch&?cINa7OkR97w5$>qeRAFo>h*!^IG^5y6@RDK1>V{rQ+o
zW(3SckBKd6V$i`J&-)(@B~FPl(TNCVqE;s`A&T+*KlUgHNYX2Wa`Ue^C
zuVDB)*)tqPpU{olg+6}?1?OWfk%>M=I1`NprA@RuEJm_VZxf;l+OMQ|IriyqA&%s-
zUYgf#qUf1bkfwLh1__zy(bcp>aVDZ-#)kQ&XLR2uQc1r0%x{CYksu!UgE-A^XlJ5b
zk}yBC-A2TjhzVtE_&dlm5kEnliTbbMel+$`M0uK@er_W{6xt~auLLoYeR_jfSHWs#
zWs?YgLokXSXD;|jddzFYXI=z~B7Uniy{%`P#lTUp1EzEQQN&L(W+HxMG9zKMOw>|(
zp0IyeO7RHU^FxkpB7U?ml6{(AXUs@2BRV)P&VeRB5{M)hA$T)_Z3Js0Q~EvlfG*$6
zWglS5vB~ipzd*MDO+WZXJ$V5EAG7%q!$VB`~TPAuAdyGq8gUE|*nTQt^BiZ9J
zJ&o`JW181!GZ8P~u9xnV*J5V?9ESh*^}=>nVUv=Hc=0!icr7B$D{gHhn2C644liNA
zKFtdcnDzZg0nbU&Jk`oXJRL*Rq=09NX#5D`;KsMw8e%7*GY~Q=YXsTpGM;w63NQV^
z@0brHx(A}WcI{drv}>=&#f&pV{w0FljfT72fbpe{s!v3i>hfFhp>StG1{?gTof9yF
z86*~OLuiF+-i?;Aa^(qXax)^kR-9=zGNZU2xgaz_cpP>$nT6TNkp%ca);_0EAHJF{Ja-f-Eg$wz
z@a&Ip_OF4|v$Ftp4i9P{SlJaC;kmQ=a8eMSJ0!!jI^bQEhuWdFRJqlfEw{&$(
z#0!xf^(03gpMNZV*-5Lu`_L;
zaUi}dC_Xm5o5rhxihk4L1nv6-5jE?&)W|KF5R#mdStkwPf0j&(HAxDMZP2Wn0effy
zOM>!enlH2UTJg5m1QP10pu%xb$D4*7;^uN;wJqyzHH((DzQJLZTKUc@91sA)7qOH6
zqySLRlVtwBwf_v4aEG5+_ba5OqQ>KXAda$nnWTE!C=I;6kmekhIKGdrAdu*s+M7_T}S;f`J(^&`a1VIuyubA~%XD*me_lpEhiIo{(Y
z4o{D{akH-Ar$^%-`a=1cb+>?rw^e!{8(j;DdM%w#tubX`BSrr7`{yYQE
z(|c)`Ih)(!wBwGj+t@R4(}%}x>A0zUo2UM9Z^F-?#=rKCHwwI*18+@y;PD{Afp>Cz
z;LQpu_$}1n!$%s8*7Fa#PN2vfyD8Fe6ctOgK_+t>W8ss
zJW1)tw7MM7+6xb7*vJP>$MN&2zxsUrP|-MkDYZ?3%^}Z&Vmn@VIK$QsKbtzx=j#`1
zD)@!e_?NVWv%vhjZ=xO#taSy{NE@xm;_rC-&u|m&@H6YyKw2tluu)Ou9VuOv0?rn2kUflBZy8*aVvlco
z=eJBJew7&A5paw?Z;@Aq
z2`e4~<~jsPCtMnqXt%ZiljVa@DDC)7-T0UI!mr@Uk;u>HN<%0e)0>HMvVupbsrhuZ
znuB6ZeoZ&lq&aGK<44SAA`<`V*??JhJfu=m*So4aCcyX28}Z`=oG8@ViBi7Y(@jcw
zL#%s~E#-=5#aHvFB{vMLQF$#bbv+&X>?pAD?4@W11rV|
zd#||D#hqYYG2k>!erDaeI4SD6q;k5l4XGB|hDK@EwIS6{r{pHWqYX-_#|;dRYHaETNdAg691Cf{~wS_g{;(>PB4z&
zFK%06i!kXyPjBRfdoUb~+jcMBXAx8Rt|jR(dtK64;0k``IQ}I^`EgKi-M^H3t=V;A
zPuuac$MG-8-W|RUn%knFv{St&Uu8`$2*&X{$p47lNc!s28+qX#3z7-yC+Rq>POL(=2&d&WusEr(@qh`cZ1YPZ`lujM*)c6tc$E6Nppu#10*y-R(2
zM(mwhoxQesjroOL+N18Tug#6aCG+eHq#eE)4YE>^mXVi`#kdA+e=Ham>FZslp
zG)K)SdTkM|Y>-pydW5bMephu*3M)
zC1Ce1_1ob!TLfl45(#T{0Hn@dsU&gkg3=Gf
zk6EQ($v@5kE?*i1`*{YEW^pj2;`<>;jd`zp4ZfZZX?S~Vn*$0G=~|uBlT0~bb$XI%
z&Kv}-X_dc^?LWiG)cQZw8ZMPY;r;o5G47PEmw$MF^kG=<;McnC50h;9nRRU;^;=I+
z(SCsi@i)N+&AN%;p=BL|<0@>jYCaEL*yX2yj`!>)XGZ)sxSNJZ0(#kjS3hu;m7E!2
zIS?(c9lt;x|2nx;w~LjD3j@AD5t_4uiVy12G|Cy#0}ySgQB2IIcqV!{6ML4~Hdf8R
zxwwsvlvAX~E?YcMqg5JR(m*@#Q95p(T$`VK4bMFysNgrw;~$DberDYhaY|H^X6*vW
zDZrztW@=U2I6i^iN8?q}f0S)b+2PratD95p^ps#wP;2uoL9iW(#J>?XVAkc;v$dEM
zvRq=44@7yFnA-6(>+vrs=21|WP9Q1fXR?d=nWUKc(WLm7bk|E@0__7+*d3|*UbK#bw5HXN7`$4WUVz6+}e_PB_-9>1XAH{cBA^ooF(k^+DF1Z0_>bw!u}Bb
zWtQNL>XpMz!IdnK!b`E6#txgqHv(M)j@**v+ht^?b^czl{|q8!Tt-R1?_OK2b1Bn8)ZxH%2dv!wX)v3GD~Qdkjx82+-x~-%FLr~
zlb&x?eh%F6p8};%@=8A%E*%c1D^bi>0%=!yX@72{MMcnX-lE-HH(HA~2H@-0;ZD`?
zofw%ytt9v^zCC5yDlhHyNTE(!Sn(j%%;Al*2|tWnG#6l1Q)&u5>Pq)H^n+jz?nP{j
zv!T9B_kUnGF5Vs(PhW@nB2qHr{TV=}btuX%G2y$Eb5F{gFY25hfV!Y_QgM{C@M}=X
z{zMPC(^R`jIgvz>YtMNWudQk-frz6#iLV>Hc#1K>)p{EI7uMq9xsUO{&cs
z___n&rOCqF)o?dtPxt$w8KgaUJ7S|$H0hXpLm50GP>2h?CYm`-V)Ew+lYwB-%*8U|
zlN7Pra@@=;(nlkQj~?K`cE)99Q*$GS-!E-iCp$Bfz~CIdd|^C(tL5Znj`y|j*S#I1
z`N5Q`vCw40AJ|l5pW2ch}dU2i`-ld@I3CyVs{*YGjjM|N^z6rRJgI3U|7st
z3X<1yhxuoby0r%<&1A&vUU1@P8FN78s8mULo{}BgPey{NWp4m0NEw
zmx_T>5v8QB
zL=Jya;`5kaMDwO11*Q_LT>5h7o$71*>Ex$6xmu}}ZUkZnCQ#S%
z1gex34li>1;p?R7k_m(MrK_Z7DGQq{=8gDv`D5b_Qb?)2b?>5*m_z+F46@v}1Kd>yZ?
zYO0;W-ResBK0SUEu`wW4>V*Ou~p`_-gKlhr)pZT(IdHT|;obb3N*i#B$s&@`**xckV|PYG37t
zug63fQtIH3PY+^ws0G)DF?kPRqYAtZ9ryO&ab3@t|B5cWiqmf7QpTK)=Dck>)w4rB
zzoeg0Z}%7B3rkt=3%cGV7y)LM^hL>+5$lYbqXuWHH#o(SMMZeP{$5pBDbnaLOWlB6
z5F6t%FgSmsvJOM^{rc0G5W^d1hc1}V+N!416yBh&bkDHq>;df``-sXrmf-rr*FTae!Q3Ne>oU1jDA}PLjXC)&mGn<$~xoE7G<5OVZ-Rp
zQ&H#U=t7+PgN*D(%6FXg*MA?;1vh<=S|o$dQrmS6#LlEmbYP}rZOTMCpp00UNJS|B
zACTcbooT3vgl2gr5}L&(5;v>x1z_nHkqb&L+Npf&3*JO;9m3OdrIRITnw>{pnp>aPww{Hu?QuQwv;j;*n^Ea?MskXKq~HX
zPUB=UUKl40EoxOCQ05
zRZZC_d`eyEeir>8*n`Iq8{;z2h`o5=My%__Xa~}tkjatWov#`pRSj)}{CUhIZG%X?
z;jd#@Z=jVrmCdk8<|CgDlf2TZf~E0reHY3`Qy{I+$nFlOC9f+~nq=k_rSEy1yj~SA
zRh(Nhy-6&qunX43QIz96h#v+RSr>f6>!zxy5(+2OmF{!s2f-fvC1PWopH%*bV6Ofb
zVw^wVhs*dmn<|uwLg50x%YGSi5F6ucRK{{lQuFkhuphCWZNSJZ@#y_Z;lIJ1
zE*1VmO22P$XVaO;&f&G*__oPrNnOR+<;KXoUOqg3{1?Afa>p@>5VK5pY_
z*_}vTBWdw12PBNLAG9ZvQt8bEW`D`fA+?1RQ|@*4mt_RNET12eIY7Sh`C23ZRh`6TmDk^f#f*f~EZ~kzMU3o-l)YFo7LvW@k}>K9IlZmiBY;vLa_fN6
z;9w7a4Y7<+q(k!f5`55Z7T;r@6|+d;M!y(bV}2zHDIs-SM^woOHAy<=q!_0(I;-Fd
z0eQ2@tMc#MF=)nQK-5t*m4N!7jQ%u3tuKKKs&j?Pf{WHd?7{1nXx;LA_SBH>_&s}x
ze3sVCnD5!O@>yClW4>=sl)B|wD|hkhvFQ~h>7a?j9(*5S84iDXg>hHHVY^+pe>y!w
zw|hUv=*xk;^Hm}C;5T$$vRarOPej^Z1=1FKY5#jj+Al!=%wFoZsnttMU!x6-jnb9>
z8l9>7t6OhvR$0KhVJ-bV8k2(u|52t(%cKkFE4ezXRW~q)P(C9;=u5af!1!S9TB_c&
z-}XmpQ?SV96kZ6DIU7)X1ySNkhw+QRAAp}{4nG#5XTt79;%
zYD!6=3eh@Ls2h856=GwYjkx;f(3nOl<4Rq|+o_CVN=0F>y3)Nb8QzH47-u66M_-sf
z8c4^qi}d#31Bm4jx%sbhqzjurivw^F>--Qu+~#ZX%HweKL3*p2vQc#DWzjqb
zI1U&}rahZt^@Ccl@bbMl_5rzAO7>4Urm)oMzZ2H!
zzoT_}W%y!&@-EV`A9Q%+?8?@#>h16U*d6Tq`tXDp?+zv>5
z1u34xKSLs9LFmrUrda(T7eW*gjsFjFIr-&kK$5875^6%$;N&0S!Z6AjTp~>gs)52>
zB(K7MDP=DG6a7T-XchkL9{7K8=Uj;&9t@hL@ke+g<)YArYbX9oDYaGj4dlBOcg~&o
z@$y+4DG7!5;QAr_mr^3D5JrLZDcm{V!4D_*+kJ1K-S^JlhyGX_DJzAa}R>0oY}V9ju*rkRLOU%D@FS1^LG&&;{p$F{FQwJo<4*B=j=G8
zKFJZ3fr2(UPVq~Yz=f~86*J>V>b!y<7J5r=SIwbzNxSDq6W>LEEvC9C%&YYK>KnJ!
zi1kW{aiQQBFH+&)7ucr(t7h?40W|i7&R%2%SAgFCHhg&y4-is#h9~oFcDZ~8$NAbm
zeD63=wGZa|5X)e`>u*ZHJ$oAtJqx6Tslve?d`73;$!XFC#Kt&3@%#6|61W60&K0^avIGK!QF02ms4Lyi
zq#p!(@K(geI6oEE4Z3^_Vw}72!)3gJ!mMISMd3^8O7~2xxY~pNjMx}wLm9dKZ@~JO
zK)SmqF@ilfewl(IL55tHJS1bI&eTI3!QSOwYpm;((f%V=&2x_e&`Xd}2fyhx!Qx2k
zDA*ks{1TPH9z29}%$?4*8fa$0DycR~hh0`t!DM1vtoZ!qqd4>;(1f{O(U0mTkXFx%
z&v)*#te*waVstpzgMZX%rEwq?&GFYoX1yO-plDi^A3{BotNpG{^zzO{EaRUxEU*Re
zV^C|}m{P6Ti_{)F=9>*DDThiM|MtjQD$G-B-Vv#h&+wN12x;F$FCW4Wk3I=Bi1KbL
zYnn5IW@howLJx}wmUw8UhgFhCQ?(Qx$MtFamr_}!@1mbU`uP-otlT%R!J+qbr@{es
zwFjpxSDloaI1%VxYs}G%IZIiq1c5#UB3OY`Ivi5BaNdRUk^{Tj%3eQNDe<17s7I!O
zipZ{?AbsXL|7QY;7$G;^W%>cwy~
zp=!Nc3yHVF?~<=n7a*3$Tr1U;(bYKgGLY8C!|gh)4?5_G;KE0*gZM+N^E`eStDa)vv79=()pCJ8nFx|t&mp!0%>mur1hb6lTJ$-Dl?2zDWUQ(
z(hUa{&`$^|pdSw^AGibue+6pR^3WbUscV+wgY{UANE=z{_uMxVV~FJ*>9mD^y#fAF
z#5(2pVF;3q#y70J7E=}q+trosUq?R(_TUYOjd6Zr@j2Jv6d1%f`|-nNkbMv+jFMCM
zu)5N{&vZYH*cj)h!hR+!>tVz=-^UM^;j6%3wHFXawKh@~3eVvBpZG7O9Hn2Q*u`J?
z5WnJ|e06IN&b%bRu|di$R`g>Nh~qeiJF!F~kf+hhvpblFNAI>Gh0_nuQ#73Qo5{=N
zI>j5A8)p5V$&)0PhmG(6GTn(noKND%>kD{Xzm+xKVI@{Fyz$O5$?&L33XkCW1pZ4Y
zd+9sr=Y#mM3XcFhPvXvb7C&B*)<#N9;WVy)#D6IzvI^T*qQSLDJ_SFVoKS#oemDo|_<^jHoWd7yeF*=hl-eqI`6Z6!pOfkqJ0MppzYPvI
zT0rL+c|JHqTtdg~kq?gTGxxrX$+YX)^S8Ml%a}svAd#+Q70kk&4k(m^J-Ej!e=wt(
z&OnMB{_1T!Zth^lCRzT&x5@JF$(Ymtw1^yjMnxRahM<2op_&D{-KO2
zI%=4FU{>y(Nc;`m3glX0nH==(
zd9{5Rv7C7t_vDlNWlwI+D3?_q-7kA`TLvE-iJt6V*wMY)a`$J%=$OXH;m1{q0~u53
zGy__*AhWzNBk#^TR&Ad3p*_Ljto9}1JLx}e^$Te
zF5Q_?@E<^o$l<5dvWv~n(sV`AI26^bA7ZaroK`5le*Hq&sZaCLA{)x80#`L
zJr^;~RQz~_S;dr!!fJJ;d%uj!5gX%dRK|TbTh^6`apL&lGRVxZiYXO^gX&86ei?5^
zY>cy^jCa^o32@yHJ7bO@+W7*0xFE6$0zIQV6n?C(bnln=G-6|%pZF4;)uqGL5qW11
zj=fY(NZ25-XR^_*{rrI=neUXLts&0YrJf8ue`%e8LzgNJTX1h#%}4;D4U)YPCRPNOoe9$4NaR0)Ve#_mF
z!KW=o4&SdTxlvd0I~CEUBQ#~-tRt}2u8@v4{Vny%UZ>zmq!NH9b&kSZyw{;r-N61s
zY>e`g3RA4p;wxA>X~3C&O)zcYOJFYTle^~461e7?SZs@#Ww`g7Sf5hH&eR(_~H8KV30t?l$^qc)s^o3ia(9m
z80F`Rb=rRmr1dL45lmaS5*44Mbic)qSFu%1sVL-bkXO3*ErvqG#wZ)rSMaU>rnfTO
zpsx1dWk{1lPwtA0HN^2LZ7v;Hnh2CRpo)jFgjl8>I{bl_eaXyAGB!(baXayMO8jnw%)KI-*m4r0C50p*(L
zO(i17C~kqrTG~5BaeTr^iIqW_a_Q{Xt8t@4iMp`|TM-*56VRbEWbX*11)Jkw4<0qr
z=1{ylE@K__hWr7!Imr8!K;A25R^a$|jl5V!@LNpx2hu|O=71UT%ffAv^}G_P_3EMH
zbmt?L4v%?b@VjtcInm=j9btV!PsX{wkcY-Phg;={{8Ap_>Kwj$pDuDh-FyZG%0$n~
z!;=7bPb^-m63GO=isWe=v%Dm~4kh`|2!F5MIefjB0A3spvWyoa*>n&TK@*5i=L+Xs
z?)US6$K}6|SZ~~XO#N)6HjHbZi;SbA93zMCJHY7jOXTy>Wf|2hD}FG-pTmqC{@{Vv
zQ|zaaP`-I6qE;||Na+g?%j0b$hX)S?3OE*-B&&u-=6C-(Dhojt^~1xSL?p-?K(1C?LH(TzTbf^D&zZK}p-H{1WAvz>GxUeH>x$ln@$$8=5?GGgV
zU}T!4<=Yi-KBU2bxnhJ|I*a;;f$n5@sQUL{cfgn=nzu&EB@#&!1LsoLbwM{K2~$Yt
zUXQOw0k_~Mn~EnswVrO=*F_4cAyp)Xw?zu+&|~?cNxqN|+k+2R1|P1Hqb!qM9htxf
zfEH65DZHC%RpC2c51vG9j2eX2#U}A}Yitf*H^oZ%x;9peD{02DdcOJmf!J02W@D^{
zudcO)PT+SZMWTN~gbvN>26jS&8upzG2L-1|k(CNg))qS9-_43dS0bej8ss?eC77QK
z1_|h_$VQ1az{M@|sDxLX=xu=#e&qG@v2Y1mEWF~dOd-8lqW9k%gRx_una9|-jHNnW
za-z=!>Nx84(rOI#QZn}#B7JI=1VeF5Fbk~=%Cv>Pn&6&xqAT#ALy1>z9b%bi6!feu
z^Z^F%1qyspHUy4;eX3X!SJ6^U6W;e-xFPf?WdhpVTt|8Pn*LkRwFlgqQ>dqeD%_{8ST2Lu7?nXxy8ze7;jQpI(Anj;1~N2z8QzCj#=5-_HlCbX
z?NrI8LG61N@_spx_bsYkd+$b5+?3*Z$+PP#*GdWJ$5^Fd#KNv-5#))NU~Gx_M6Bo
z+3g|QV7G^LgkraM>rRK+?GZZ#yS>j&#cn@t8|?NI8VpL$rq5ffM8kDBu5RqXtApL~
zSZmTQk*Es2nm(?Ppu9c!VXjK7&MKyy6z*16x_<-xAlQQ+LTrq(fpD$D_pZSD7kYRQ
zKU@Y)QCP*4ioywXrF-84_)EmbI2)DmKTyN|3o*_g@WW-$be2_2sVEd)DX(I3KYw%0{@jm%iPB4|}XYq_Yk`T+9clm}*K$A)&5x@B8Jt5i7G1
zI^K(7ZliSX!jD%*0DhF5!WY$*?n~(h0sEv78>9TxrfQw`7lE{X#V-WY7SP8jblB(N
z@BSUOoJ?_F;I(qVmN)R^iu*#H^eVjgh6c*!{!d{68U}aTZSwhya(y4YZ9C)f?{jEw
z6TJVhiZ&7&^eG!U2ng5PH``kV;LCWL8yFOdwcdNn
z{Y4I8v~zg7ms^j+_GZidrJBpVk#ZE!mppV>?m_oBx*?(Y!KD&9zf;h>PeJqj3Ys7H
zpy@&HQwn;A6hIkz-wpwfz73+o$JC8I_`Fx^`-|kR;|*2;eJn%=-jX-=Uv3OU!wTJXp+qgZrz0CCvEzf$g0M
z4BTyOHj?*DV$yz>%8nfVv>eE<;=z~lRxN2=pGO=ES|N2uO2f~W-~(v5FQD(5=x~L)
zu?K&LSF(+LMf5=vjHOjTpEuFrbzah`*Xg9)GwBN_oRq$IqQlc(Qu?xqEVXrh6iEpZ
zvL}g2^c@uHseEo5L(6i>J;Dm&2a(b2+1n7uJt>eqqcr?nVP(*}g6jiq&{mH<_&2y?$ShWJT-)Y~bTdKsQA^
zpbeMOfCFNZ>Kd675Q8e9PrK-FnOD%8y@J+NNP@=k3s(*5gwQ#>qz@t~uguDAiR>((M;YoLk
z>2otW+~ein;pJbmlu!WqWpQgRp`yvtyqG>nqr)68=Rv$KYT0Fp(j|I{Ng;h^>=0%9
zD1KNJkg61r36zP#x73yHH7~LUzmM1$=Lg7(b=uQ`v^P)&1bgt$!L)_+0jDvqN5#|d
z!}XC|3{*_XDXhVJ9sG(nA~wePsbZb>=0Mt2Dicl(38pQ0dtd;UcxjFzO%6RpGBa|Y
z`y+$ZD)@LH?R+oocfGXVj7-*PU6(%el0olse~i1|<3@)zFKcC7=@vi4Yap?#@`#iF
zEo1=}>*sm$S?(o@9Cc#yxzo!18xn3qDLO3o%07^??00%)vkDe@mtR(<`w$AtbaU}r
z@U=i!%e^wci86uL%~qs+`dzpuWTi8%BJE|A3x=Ro@Jz~_fA?~>gmbodIT!yukds@7
zdhNkQH|jd$Q)MNfr74;KkYtkAyjCyi)jFwc-qj^CCkS>$%A7~MoK4}JOWOZlP=T~IaPHD}zkp`c0prpdJ@HVR^s{jwtQY(T)
zC@zMBap}g*Q8#1o%B7gG;UfJ4vjk_Zn&K4TQz?`1APc5Ubz)4%(XDJ@
zeLm%l39FoMur=xO{MP(jJ1=u>!F$(Dp=Re*8L9Kb?a|$v5RR_TujT9$gYBw7Lnfhi
zH(2{*FC&0LAd?vjs4bzEOi@Jvved;w+1R2iYUNa~5CwPLtZBhaRR8pRJCdE1B|$}5
zX9TnA+Gl!^+$bODMXLFTmcW}8PO0miUCN_9C-_zuKG$mk8cR)>7fcn#n&J|>Jij~J
z7?k2w69%(cs4wS(Ktq(*6t#%w;8(*(Myu
zqzI1(L=NCa4HE);eYi-=Y6xZ^cr-dd4jTAP-Y}qk%Db6{fo`tIS4p-|j3i3~*S2~f
zP;l`;@VYRH5s^Srhm%vJm!XMTNQ|e-D$
z-$^uS_NoE&Bu?$DvbwV`&nJXwk>o(7w|WV=bSXJJ$R)yWWsk7oEd%tmI*UYy&(PX|
zkbp9kzf00L_I!C5fYQMNQQ=L&(W77$DG!EFvA8BjMM}-Ko#tl(o4)LmQjQ{P(I|!S~dk
zw{nRRz3TJz5K`H1vlTHw1$?`{2Qj|`W%~R`j>$W11trw-R-3hpe>6G{M<1$^-8f{|
zpc}GMeD)ND2QgyWSQ@CibsBUGXC(R^@y1P3@w??459xz?-FtKyvRT+?YzO6g1vA|D
z*-Tz2mdNYxUAVeUe4p9wX1
z4aikqK)0+1BtcLq3`j{5pEWuqM_YsOb1B~v8Ghb)^JW{=NDcWypgW`>NooE?
zBe|^nL1a)222HZ8|3~NLv8tUS5%)_zB?lV*WkN-Tq@WPXdPpJ~i0fg$GA{$Q`4K;!
zah?#ylRC%zmtH1M4jdoyGKg%C8gJ>Hm-R8@r3A3|`k(#R+$LgOUkMODf%K~~O@JaL
zsK2Jc#h3$d0fb-o%k#Q{9S*iqAziHP_eqw?^_w=CVQ>LaysNoA)%&mZB}_t(+r>~7
zp0Fq4_uGD3P(BSKrTk8)Ru31xYx@=v&Q!L^j{P2xH!Q~`*Z4k;TlR5*3jG1)R-GoO
zS=PUYVz5##RBd;*9u$1HJzNW#idFrDAT9yvKbRU)s+Gj^7Zqq;Rh@X%nR5@O3)0eTK^$gnxdG19C!#c`xOKMx8E7@!uM6=9()ZBxa-
zer>$0SEj3aZM_H*lpA4yZGkYpJ@9~A?ZnWrXkI92M~aTr4jTPz<~N_U&q=4(ey`!4
zm+Kems{ML8dcM9P@6GYiN2lpz=j#8ZI-$Cf1PO+1!3W%%@G{|VKAYoh^5+vq`DS}fdN=9I
z#2@q79Pd)2J~O?EuO>d2{WIHZ)@SzLd~f3Ox%#)vXunzBfbsr!#`6Z_*~DkF|MwX9
zV2+;&KeIiPjr^Az^`9%hS)K`hvpwdsNgw9>$Bg!v_-4|t+1{l_e)GLaFXnsm*~F(>
zqkNNpnE6fozRbvP@^2HL%=~kV{7uHQ2`^LroBGjOBfqKNnB#3euRlkAvp!SaoA5f<
zvsu46p5#9b1~dKc;7i;;Vm!|_o=yBT%QK%%`Cz^`%Qxw}!l>WuU!n2-T<|jA>&;}k
z7;}6~{l(OGOnfrSH^;YISER0HdJ~^bdNTQo2~V>;^V#G#=CfIz$^Xxl-pp@4oA_YD
z)8q$cdJ~@y8}KywgYo*c$JZe68U$X0z-thA4Fa!0;57)m27%Wg@EQbOgTQMLcnt!t
zLEtqAyas{SAn+Ol{x5{Uk#*S1VYNiD!^8e__IUi-G;@Q0yL6zxue77PrE{P)QQES2
zacPY;G^%uGN3!24-PO~TC~fX;?d$1iE$!^sc~gH+cS~qsX0@Fs#q%>ZFM+0)aB#|%o?)!f~I4M13G-PN4jMK_#8<-u4`GAey{q9xfwrJ#Iz
z?oTA;11johiDM^bM|Zo7Y3}UoX=x6nrWW`ys;p#73zas|-Eqr6BHo)+rFZr0RxPJ`
zT6(%s_CSlO4gHM=%g0(+enjt^0Y<-lz0Dng)}oH?j$}u3XUDCHRzFeOKzB>Bqo-TO
zBnNss6B?S$o$Wn743V+DJJA~7IndU|utdF~j;p@VD5|C~P!}&o``bDQFrXEHGag9c
zw?l)6M~#!Ho-mprT_!T`Y1!4>$ED&L>TgSbvbCc-N$(PSTN1t0B_EzGG#avFlo063
zg;1Uzy7M8^7w_!o=VIh=w(U`{8t6~-hrq6opsTr8bz)zCGSL-J^!4?~ChlpWj&kum
z{V0d4Om=ih_@V;4}*jTN`Yh`+0ogN+(+qfLTziJt%C-pr&qo1
z9_UK+0UXf?!Kh%*eP5!xg-{I<;bB1pz=N{!(#7VOodX@6$)z3LtBDow0jT4I
zj$^RrA>OsKKiQnbpvws3F&@9Hep8)%CDAw#;lJXcMXIq>FClw8*(EbkyQpVb+#=MB
zRwM~u{fGfGMiwMTUEUMmbqfg{Zq^U~8KHpmK5B*3-AAxv!P_fG3F-OLc!yf{c+xNDPqo#E#^hC9p{x2q#12
z0oxX1Pm7!e$AQ=p>x1vUh={t=P6RJ993g_Q?#HXbmqgCJLL5(-;NOs7>Z8ZSlm;>F
z4pG=3Cf?yCjfhCFtRG=tOH=Z_Dl%l{-@AeGYFYxg{dz7Kws3
zF>QiXc_4q>C5GLd<&$Ui8upAce|t}~SG9!__ym~gMiJSHX_6mxOo=83t;
z1Za7gLLm5NCJH|z#<}?-(x{6KrFgTeQe5Mu$PigUFdhZOr<@jr&Z0ayA}QV%o_1!^
zXd17cpusvVra29%v(o!%DytA>!CFgfvG$PVWZ2O*{6^>}BPq7v5{>Q<8zQk15j`#t
zmE9ns_)UuP)nd7`I8V4cC?eJ%+@#3EO^L`V6?yIhB65qcE5xexB6eJi0mzW6QHb3l
zvR&9!8Ln6!>8TZC&xov~nAIqz9TQV)g*ZZq#_ksOHR7@|G1V;
z9}x@CB&R{lrb`k(k!S;c(J+AvwUsIv5Rogz*h(s8X_?y~3ZEBa4vNW*B7!!yi`=A$
zqU6{?5pAHBkG)3B7?82E{Mg)UMZ_&bsdn^nF*fQxDQu@SUyOD81-_IeN?!5`&OyO$
z>98q_e-GSUcnY~1#eDZ}JS?JzSz?F#ZufDK`D-zDkH~R9Dk3LDK3eZAo+u`|16&>r
zghK;^9*&E;Pl$;RnDJ5f+h&xAMBUHJNHLFEp1%X_z9!s(h17wqCqZaOO<}dJ#G}
zQO0=s0X0pGx=)D-r^GBO;GoFASL7tcq;?6ZgJKRvCq-5xbvbqo(}&Y4o7E@A-bTc+
zxzw4Pr^Yjf#+l>5^u<_;~_714>|KDiCoB>6T)r~6HbFw
z{6@?>BNjLnd1A>XarrT^<)En81eP%X@U=snl>)!onJbm=0)b9ECGwn0CJ5mk7BjCE
zRj7if$N@GHmvoL(?6Q=xWx!1%?Tpu>pi^Qqa@voJ61toa+vo!RL5~@#+>GO5$#r7p
zNl^khX%v!ottdour=Aqqt0YM$MdlrZu0#b6UUAEug*hVcX4E$zDz1eTxkgmuwvj43
zEtn=xi`ni`G4qVbJ`FM}5tACl)kw17n7EcwIkP2miJ(mr5D_^ps_Ak+y<}0LxoK_`
zrH_l;>MXW}ctqqy#_SLkkpT>Xh>SZHX)OW$%_tHxBTdKL@3`MVr+y%2y5AKGA`<}O
zipW0n9y?ClHjGZq8By!($`e&`Q1ab&=t>xo@fevoBxwR8RJmJ@P&P&gjdG&SoIG4J
zz>Ww68Bz3R+O;B^@Pgi}cnsQEV!_nHY1N>SY_t!F#dJ9#Cea1Wrbn;7M@9bCcuv`l
zh1ZE`7%>c|QT&8!F-CXL7)=5c#W4}1F$$J3De69IM2)9vse6^D#N3y}(leq62)YCX
z6yS{wuq?qff(}zdF>?8MJqxdMPK&&g0v}Xf+$gf}JgH19L@~tqbMSNuse@Hl@N?uQ
z8cMp26dV)wY>^#lIEF{?TIjM-8dHqwVvK6O`$QoAyBMt>=x6j|lfGXPbzdhYMY3E5
zDwR?ZMJ0pj&>~>`Gn*>zCb4D~$j3zCPT#u2aUfgRW^58?N1c-@5
zX~t<0qYLzn-2hjk7z0#V+79eG2+&Uu6OTie9rL(^43wpLV$yMEUN+zZzK^5?Nrxx{
zfcKg)9?i&%?B0QBmOK+kMVJVDEvA^H7;}dxXqTE6B8i7WXy=FtH-p7=0FKvsa0Gn5
zD@$pJMkczCt9xNbBjW*+_em@!hjfeMi8sENsu|wgJMy%9o28*
z;dk1^M2bEp>TtJbTQr6id&4lZ<0mZQlcM&RSe6uogbrBqGO87TCB-}gZC&Ob#2usb
zmMG$9J_=PKUq&4hlWANR9TcUf#pENxep0Nt8z?&Y6l#RjuNASoP-DATbsQoB3eg!N
zw0!qok#|hwLp3LCLm{QbJ_
zy92BMRDgt}@K8b?C_sxJcY!qb9pX&H;%0$U6S7_c3@ijxE1_`|Qo;sS`kcQ@{cRJE
zdgSkTBc%g|)Q(Z%XWjY4~YEZPqO$ed{Vfev`i?*
zwXESnYLCY|V*DBS&pjx{L*G9xYF59-`On4q$6_SF`3c7&_ltaJw<-Al*fKHsezK_k
z?~(wk&qD$%0RAqHTssm80O1N~q>uoxT_FK-9v4})l5@j5bNorS^eIyyh_NIRCLfd_
zJ1?P7D_j-|2Tuir!nk%Z<)EM;a!!ebbU7%cgZq$hZx#~|3i}0!haIWK!{j02VHGsF
zRN~?It0W#8MZuFJ6b}t4#KV*4D;~h%Sv=e?#Y4G>E+r?FeM&4?Ei(Q^?~j7_
z!_$=y+XL+Xi3{NV?qlVx9}XXg((FuT3|<=Vf;blxkikI0J}!4E`=uqW?K%KZP@@6yhCSE_fwe$r6=GzfUk_S8$(ZVRk;$+vcP
zTVN3odP-!+4pEsD8_+KYcXV;dr1l&bq~nr)NorMe)rH#(EHO@pB!;`nErq|zFe0SP
z0C!?BJB-Z8K_4Pz|iu!$k!I_bm(v6R-#+Oy*I~wJ`Z_
zG2`Zx`JtquaF#JwosW#kfs(lHf8PWF(GRgfz&J)^f}jjC2hYO>S+9i532lQw$mFn)
zS-MFS{!v*WQCK7_Z6=8NO;XwfITfVMc!+)*)h^g1E;%jgA#4_%Q`j_+u*rm0pA?f}
zXhCgBUNo2ZAYAWdU3<#pxkz0}7ULY=WKPL*$
zjM(VNCDZTjMll`!il;Wd1azNuOgNZ#s29!|ygDTo0i@YZ=>%b)5sTi5cEa={5#)9Z
zh{dOc<1EVeQa_J3Rj0%n_ZZytvtS7w6Xm$puw=7gcC#xFrgt^>o8%qEF5+vus0hWf
z2MK8oSry+aRy!-m(1(Own_w*FvFcf<-n=`q?iJ~&2doyg9)y(9H?6b^y+>wm-vMXmmw6v85np0
zT$l+99$E(ZFlhdQ=O;cT3ce?%oP;}b?+)lUBIhBz7t>MrESDW2m_DItpbU@*=^hz)!_Png^66zju_QQUAftTV!FnFW6YHmV
z()-9MDWC6Ua8kT{hNoYZLsmS+%jX>o?F<+av!D;66__Ghg8zm1pNIb$__y6%V%ww6
zygYI^tT+V<$b;&2hFqJmBOu~-#QdX}^qk0lLD)nfx4<6(TyWowd9Q1M8Bm{VFo%hv
zFiVLnW1&~qY!s6p5n~?{KrzZO*{w&8o1AepFB=7P1C#U5V%|0Helf9DP6=m*-+np6
z7Be1)CX2qp`A_rrnAnX43wVcZA9E>w3`i|d@Lw$Zw38!WWCmXhI>WqpE}~y#z>*0R
zwOrNUh%v$Fqe7>5VCn_Ze>zjY7#n`^aeJ5-@Aul21$8D+)Xz(8fNwW^J10f?Nhg}3
zKOezt{Ir)v&U0Y!|0H{C6!L3T$YPL5i7F%-uID}s!-OZqWVL)?T)5ru$J_a-q4|Vk
zi`*ciJ*oz(_1F2>@cjq1~B9R
z)@mkc+Ht;vIk)6xk%6@Yo4`%=_#!V&tsfaJ~mipW?B_w?+1
z*--=J=Ybc-m>U@J)2L1Q5b!f8mI6h|ecYx;H`L6O_+=2>kun>$>}rToEN)Qib_`bV
zb5JctZt^kNALH#^5JL^3?0GS#QItJ``4cS4f%n6iN(k?Wj3Byx0wqoQy@)ys6l~5y
zyauCs7AS^B%yb`@G;6ft0}K?HYDG?oLUkj>Gobz{kQT=z1{uY_75Fvb3^9f!kIMu(
zVM_ZU_{uoQ%`CT6f*~hNYWJXc*PTR@BB1BoYiN!Xv%gULG9QpQWMudyGK_y2-gQ}B
zER4~=0!B9+7n>E6GwAIQ@=n6^uX>vs&iidNH3!HnbW`)fO??Vwm#M)t3jQeyc93-f
zydVuABGp#|13w0?fr*f*Cp3bGu2dC3kO?=5InM!$
z;LtoOCf*6uZWkF33Fi+|kmZMo<5^Ho21Ne~IC~^;vco9%DKrc#w<4JQ&2c~bfT)D3
zOCGMAMwC14ZKS79`wUUvv<8v!pjdJjvF-Vr#q8&V>l9BE3$CNvxsfr>0$W5>@!J%P=V6E0cG2x9O^Z5tFGLj2LLcpetbV8lZxKm8n
z?N_|+J0c%M%kw>$FOBSl!X24#TIzxqLIMV_`EN)M=Ow72nP()hjMbb!jS+)iM8KNu
zUX2EIh)hfpTnn#cxyagxHC81P;7ENLR8OW#b$;}u9F+-TT#(!T7|661)B95!#9A0w
z_tWo&Ba#^zjMtz_qrrzkvt#~Qw)HH$#OTK9Y{KQWA_E{sXEV+Ku$liL#4_FK5Z8dt
zF6xhqO^SAmvR=t2ArpH+Jo%HDWGMiNqJnZ`eKyw
zBAQVIQKJOW*%`l)_uJr)W88IMNR0PD_UI|u6(ivbsAL+%rK-e`5Pw54S&^~miYFuT
z!vyEq+L?55Akm(wBfn
z>yM%JMG)3=Tu*HdVZzt&z7WnGVw0>-8eKRFotFgM{j%>9!}9g>sCyp#k?Q~(&TS0g
z6M)U!<6^!NfO%nF`7Yo`30N$a!eCiMEgW(ghj7{9WTmh(o*GYlGxvG47H**buDP|G(%){LO07SW*QE6j`0#;m*hfyy5#cVf8i)geFEP_p1LmB-!WD@EB3upo1
z;s(h^jP8CN-F2Wh3#V#AO78z#=KiZ;ZI@`W3JIP2z|Sz@_G^)gHPvTG=gzoWWZi+~
zpY!BwzTGBg^G`rqgje7gH#*}o5v#%om5On@NFl%kJ|>aemqaE20Nn)YHjMvS_$M}K
zJM)PRavvv!QTexWt@cDU98P#RJ^-^Fjf$zEKKoD_eDTg~%=6`mu@QK{7W9*sZ)`i9
zb0zRBkW&t`Pvkv;w9mw{mg#H76leBCG4qX(uw`U7z~z(awmZ{l+*7dbsUSb%+eZ}N
zRtx__h)jwg)YgLYYW>;!b`}CRx;+R552AF1$Erh3dN8(Y=f=~20!T}rctCSVWjylLPt0;
zFVX0DP6nVz+$iTWz^fTA3Fo93i?n{M5%uo3BH8{vmvnSz)xiZ4L8NVvzuZK`LC^ri-pIN0rMT4NC6=%d6g^|WvgT{=v4}>Yu=sPyu%sVa?q&CK%
z0p4Yv5rqm>3=F>mZC?7A$oz;zY6BhLhk?s}R7_AM8yNiwpnO4O9M~bv-#A#REJ>Fn
zzU`FditNXTu-Nf9F--2?L8B&OLXX#H-Nn=M4h%6iFky61ac%-1tHbq}$l2}LfLICV
z+knOp{ujD3`;3@(T6V?YkEg>z*nps+F`fObA;8Z7b=XeD79{xGgrkVSXx^8QETAwN
zZ+{bRykXuBQE&`qH$+)BF!P5P#}IoD;q5CJ4799J5%}b=_VRVK?9$U>V`{WLJ5ql*
zjPeHlyao8P%zc9>JPFz?1y6iJ(v6`a-l=?@g`m9Yit-F~`AZnwbNR6!KpISNEmI1)
zVUQ34tin`c5g2BJXaotf+jUA97KFCgmsh1=VT|F|F~alDh&r%1C4oas`x(4;-H*U7
z!01NCIxB2vEXfI@j(?SPl&Crk<=y1`200HEiv}i85Av17GzR)!3^aUJ8x*k{Z~qM_
z6hecL&PDR{^3&o9)o25Khk9p>A^s!AW(v6fJQyPj6!$m4@(nbcv^v!~g8+uuTjy+n
zQT!U%M8`#W>c0ODbyq-krGEPn^c}0K8`N84z@)WxmuGD$#4-^0Q^cL%vQ)@vjOy9c
zkn^j~DA3^gE;wyKjzQ5p?Yz+@+)VX`c8tcay`riCryVT2iuNL}ud3T=A*!({SuIZ=
zsK25qxjY_k*}J#Ayu2c~m%qNHDOp}lo9)#m^7@v#re^%q(WPlwysoYaJI7n=cGKw#
zO*nR;x$9~^V}WXDO0I}++licsM18OYE7o6&q}bqI*OaWH!wKpen=0Z><#9Zhm&KbB
zoj72jyg$hmAW3JUzrP+SygJc^ElumbACQZEQi^P4S+Vq)b?eV+4o4U&C8n(*DmRAI;CcLb|5eUr#oymAB&@%}%1G=L5@y&5+11cvt#nBb3J(1kg
zLKO@TtaJ#jZbJnDK%PCJP_`Ba60BV5A#yEI>gpx>^Wc4Z@x)3#{L-5Pu
zP05;geQTmSi9;vC#2G-X@+!b&pcj?LclHc`H*5u`Nkya_?{NqwUOodu;T-Xgk#eQw
zeTm-A=9WZVR~JgDig$Hc>wCJo&|=0X3nZkTtq{}TdL>RshO`w;PSG?P^z{|>+i+!8
zQnzJ$92J%Om@9c~d3j%g&TgsiZcXg1yJ;&JiGdL4S$9ug7r2u?-J^bMV;VgMYHBXt
zR2?Vst|q+f?XBy0)oWB7O}8hl-YBV3PJ{(%LdWOCC9kS)V8lS@b_Xdd6(B*2P0Im>
z4ZRp2kW5c!YaC~zboB2cj@sP0rX&xHT~CZL1)UV<)ETn
zIQWLnOR3);udAYCNg$3u{tyhwW;Av^u6;e7>p_LhEjaCm24X~u&o;@Br+XlWOdpuI^w7vqoumxCLi2{^j
zS_+!l29=c%hf%YlavdF{G*r!5LFaRkjFs9BuzI9uwv3M;Q`rMLNGeV_iXx{q
zK~-+{Pbp*UkqEMADBwqvKv#gP^EpdW*YG%zuTxk|Sd7OW<+pni9-rUjxQuL@k
zo@{QH%*1Q-MP;AMpc3{c)-7XO@0{9ydTg!+NYI(+Zcpy2>#|yQCfYl?sURN{y8*<;
zmh^<&&TT;1IMjn7>eKf4_A~FQRX4}&53=W
z)vjKgKL_JY8ri8WwK~!WSi>PLqB$)Dl}ZKWAI>r_tE*ckiI|!i)R$5W_Gs$L9eeAv
zJy;RHiqCdrwvbjowSisk6-BlsasNhW=I9yv&n(_Mf)Rtz3u_7{5({$8R_eE=MIfa2
zf)2LFn=Xwv)x_yUN&mD*u1X?ksIK$CS$e~
z3Xr8V%1O;4lMJd!E1=xd-P~D=lLQm03n?T4D={8VJ{L4bt|u)i+KF>UR~JLCks=7p
zt2@y@(6S3R@tx3P6aB@-EF%MAvAkT_s`cG%J>_M-?aDky((|h$H6;4hkg0pA;;w;;
z15LhgRoi#7@xTLx+0bSNwBc+XKM9Y~usyl1<0#=;-6x*p>9(uu#J3@ZIVcRzQDOnq7VNHv$6KUA+)qOem5)3frlQSeoo6x)s}GD^O3KDwB*8L5
z!)HY5(MY>W762wD_H@AhWWNn*2LQA-F(rgq9e`PKfwW#NEih@D?@BZS^~px>-Iqc?
z3OIB40PtGrg9=WC=z$Na&Z{WHK7lh+PCax2KF
zkvj9>&g)C;PW1I-LP{MHZ5tv0L()$YCC(n+lzuyT5^tn0#@D8zYZ*hcmVs!
zN1v!@5daDYtSe{|ln5BDY);RJRTEjXx2HsHkMcSveloCGg3D#Bf?PW(Xm#
z`g=NeC${MsQAtOmx>QBFS(RD3n?8*a)JI61_jR=If=<=$bGv#d1CtR$
z*rR8kR*^O)xg?lD`GqbHVO4<`OR8l`X^Dio<|Yzs%as#mq=p!fLE6zCA?eNrwC<53
z{CT?_*dpT5>gwrN6I>&&PMSM3hsrXrmu5MkOec52l!9}jQ)w)tiiD^W7?Hw-BiBf=
zw@A8hAf8?wV6M<=lo~@?mM75zkl7q>?(1vbC&}^LOIoT@Eosp@s9tMC6T@=y;=-+x
zVB_J30!7pJZa^!NGgUIrsaHy{T+9;3x~ndH%!zrD{H%(ezu<0C|Ct9unM|TIxhNo@
z1;NknxgkbMITGje#DD6wgYW~A#$Vr`FIA8+I_T8@D8cNASrSC^ESAw(e5lb}*m)4|3
z>LpBFU2+K%nl~C=-Q_KPJQXRag)n$DjgD~X=YUa~bDv%HG*6|Kh>L9szS?807LP$h
zjM^03P?sFYcni7OudMG*Ztsy?XB~gXjJg~2c$Zf+_it+MYlm|VX+5MF4NP1Xz{3DR
zmsiN;Wt-tSPV}+Ya>PqN;DIJPW~AJ$I!GFl0|&go($ZnWG1a2#E;5wrT6T8?=xd_sEF`VI^&V5K+Q6Cu)%?k`r7(3Dc;Y%9dmK()HMok~jy
zz+%>Uu9^U5t8b{)lT&}hcwWcrb&)Z}QcjGGTFYtm^B4SRssL-r$;#1S3r{G?_1Hvj
zqlb6U>~9(9k?sgmXe2hq+0oSL;mK{@-F`V#BPIC2I%%a60nGz?MjD_!->JtHWbD#3
z2-wB0W~`Ov<=L_uP($MW_Z7=9nc2~OGj!Umjicnb3Rd2iNbc(E+2gMfvf_;i)|i8G
zpaxBpaze_0R|`zM{<)`zB@cA@M7+PbE1{=elqSxmx`fj7q-&0pm&;jw
ztdne~tyi$M!gEYKGtmp|>W%N*7w_-Iq8T<(dRl5~;%$5STbjGE;fIzo1QtBWdAv5v
zVam0C@#b@RK3D4*uHlz6dr3Su$~g;V2P5Q){$!}thP8RLOGw+e7CTN;uK5Ps{as4d
z{@}W88WB=ZMrG-kT)=A#@kNvb0i$#1TAx%dGq5A<-XlNXUh241R6~<=%a|py?yP70
zw>I@iyd9~G#Hs~avk+8c)3R>sc4ILf)!kN|~Fd;||*|ctWUJgy3
zns%0{EYI68jF+PlV`R=;rDK!ODq^+b)n6GH0NCjA9#jT`^?8L!6|t1s(HwskhQ_tUC9mNoF+T5ZV$Z+APF
z7cVX2%D02m1TODHWH%nEP*7rN&;u9@j(joqK%(Z0;8gOIS&~_L0h-@+u!xZg8gEm!
zuN;Op(6Zt~pJIWi41(
zM@yzao$w&0z3WI7FjAK4b5g2)6q#ATJB)%y#p{9%1aZ$NCa3+R3&30p2t^PwobXEl=GI**zJ2s$84poBF5-D}iEnDS2eyD-G
z2zo2@OB`(y?`>{frdoY*Ti|>BeD9Dn9#=3QT~8CQ+7Q=PaL5VhO;Oivg)zeWw@Js9
z2ZH$i25_iLdDEpZ(%-{5*0_@?W2(gY0>2E}Vioi4q-o_ZugE~kqqkU`sYst|C5
zbZe~4-iN&$SXiVdB)x_G5@|<+_)#S-+Ltr^uro%Z%)lZhlsHn(iKUfT9=Iw$1sm{4EcXxWgmkbleeTcsVUCoQs*m3B**ALD?X(rplBK^*w4r9=bxMgma&_hGadb{{TLpYWNiMkXKO%d
zm?H(bCNvsHl0;YuO1cmxo?wV$G9cbOu-DqJXX@z%gNhbZ(JMK3rsgorL)Vsf_ax(q
zo;G-nJEXTnj^k+XV-_oFJ1IsZ^|5s1cf~n7SopD}O&PFTsZ(@xmDVaYGYRyFF7NZ%wG`M9WMLu$o6okvy26ZKd;gvlyWyDr6K
zS>KlKCak++rHgQZm*nxrKLasFlW~(&?M$>K&w>SMNz?KQ-W}G74bRvdhSKTaD%3@1
zAGCEOF2z`sui|XJ(qeDvR46<#B82bZz1j?PzGE>!^G=J36%6cpZpn8FsoS+VrHy
zsKA62f1-qu>ROO^?2zL221IWv)K8=M;cP@@I*^{6_HjJr<%Ds{DItN0@&X7yn!FZk
zUPE*3lINz_4K?gx)zDSRNZ8x#FC^xpAFX}OU7hUsNOtV(#DUp$-84-@3t^ahU!)HC
za~+Ce(q3XiC+?$j@|1$C<8{>3tH*;NPZ@UtmIIg_5OrNd`o51^!fp)d&*&d0QsSiAnkh#Fq
z383oo&|N&F59&>+PC4h*V9?a0D%u2$g_8~Y%6r=4I6SGZxjiw=#&&qU`*0)%&W5IA
z>4%?~$8LLaPhLu=;{s;zqmThqzbze3bRI`@%LU=1qfSW1N`?rXKgP!k;?`KkG$K#!
zNLMLbOVy24
z?$Izc%5icLgoE5@rjJEpg#})x@N#PUI1$YPnctXDUjsOYL>(z%&|$OW`3jtW*55Ob
zw1Shm%z!T*(;2$oCoM|{%LqJ6=b|;%cgX-(QfQPCD^sbVX{j_I$zgacMh!M8`zryh
z0J#nkLuq-ejTu}XkWrm;k<5l%;`%#M1iAn_F?PYzWN$}*9e=8&w*v>#?dibjcs?a3
zEnaX{AKnv`Vp$jKZG3WkNEngXuBPd{VZEp>6>s8Q@2*(P%Hl}r*TOd0rrtygmI7Z!
zlA#}4gh`tw?OUJM!Ysp!oS}LR
z1+7{^xwMP|M|bh0UpfC)$hy*W8c5?vH#h*`0D*g|EyQ42=hjH;^qdnV1hNZs!O;>yKXZtP(Pc-R?;S@)=mY4I|4l;%G
zfn@=@OySN+ixSDd!_0f=x<7EJj(%RG+MSTwV8FlqCRAW+lJO}?c4}dXc737_N0ag{
zsKnl0d>RMm)|RnZcJUM?y}za-<>xwIEzT-2TVfUZ>dSW)OzDge9X3nnWRzEu)!`{P
zQd3}DrBkf@rTgU-lIhWjOj|ZxfKEHQtxtJ&AJ!eP<=TStU-VXJ(hy!9E~GIggw>!0
zQ)*xjZaM>}Gza$eGb{sBll*P!)Q6F$T1$*2xR@8+)`%HS=px2R#yjw#!UmwohF(5M
zfcTkDq~)XIM*>16suAJ)LBk48$4K8mC#dmlCzSAaFjgB{7G#h)Z*^)}G`A)r6^vPl1+74*^K
z?|zbNjXn(^k44reB5QBc(sLP7-q}XyXLosKP72O43Vs^36^+m9l)DbNo?%@>3I#w
zpbF|M`a47c=^!UtgG&Tn9qxMWkj}{XS
zoja0V4Q(kA;<3fMh^K#sQO0UnE5rPdI=uCq97EdzBc1NYA(Z`zzTF9$>eud3TKB5>
zaoP*W)>qVHOWy7}%%PAlRXjv(XSL*pMGFdqe;6AOVdT~e1V(_W>EI20(wBKiT{@*}
z%ReZaQ^`l{MyI_75b~+E`C0M=t&z(3G@v1ODnZ-8+z#okMwO|Xo>o1)3bqp);i(EK
zc4~qPw&=UsSdYTruEVist=yDXkb^3mnv|656SvdLo6s1n-rU
zTVI(M)Rrq>=(!iT={*F*H_xWGjE>7Ew36`(bmH;^e@7Zad4Vj`JZe&HzaJi#R_s>a
z2Ezw|^j1GCLE53Z+X6v=2jn7ZFIpPzmdH;dN~z1)KUnHMTxMm!w7p_*zQQosQ%_yID@7
zKsAr@>NbPd^R&0Ozt*Jn(
zc{F$mX5&+;g=BduNMG32+KOgncVO6qRm8&WFWw|p6dR8S`d&+tAFsR=Ep!lk0|^qiPo9rE;m3)j-ZA~Cf(lMWlItMfHW
z2qLNc1;A~rlz_Vq8)10m1G!_cOtc@m6`Yy$#5WrI!7AZ-lbRV^270Ka1rZ>Ks1!r!v6>sZH
zVCNma4K{$aOleu$YHe~#__Tmq1}uH{yx|0=(p^1WiPGlo);@eOvb3{f=S}@R-7USn
zrRuu0tYlxwt)=~aE%Y)@vHU77w_ukbscfugs$JBDhZrzA-E0f_!~b9E-UU9ktF9N{
zJ*fq;LNAtD-Z`O`0&U6UBsmXGOV49Yn>IZsP0|NYm`)~>WKJhD>C7bOoKg<&hfuU2
zNadlufQX8US`{zgMMOnJtxy56C~^ye^5<49+N)f>-```cz4l{evUhgk=RcqJB>Ap2
zYp=Z?zx7+cXF@5@!bo0#+jsDfl9)g^UL|FbQ0^w*avCjzZTVuSits|MH8OcbzO+hr
z37%<{7M!(pA7#I9V3Ol1Gi>pwm3A`O?!|+{mm}2C3YhCUrHtvW;FfA6ZZX&V!ud&i
zBj-G}V$99HtJnoO?p(X!`c8qG5OBq?=;l>uRORLs(H?F*MsJSptgpfhUG&US5iUby
zek5BYh0}8N*1810Z#Y>XqTI6IXpL>S5Qlz#zN2B-d38Cb#UA5GY+RC{qinb4*)goz
z+)qIlE|!>GVj!2oy0d1$I?EKz5K(4c&aHl7q#wkHwGf=6wuE0Qa~;H*>XKC0tXy^K
zVrmM9#waYrKPm-EVJE
zgDQ%mbBdf}t8a~%l`fK^%-fD$hDdN5u}jLQ%0ui4(9~w7Rz-#txGe_@Ac}BxRI=(E
zR_-o11Sd{XPUSZ0B|q$l3mWJ}T#iVm)VhAyJq}0^TK4ILn#H?K8_kkR%MfyqL1(zI
ze;UbJ#{)PDnWWQ2uz@xbsL7;}d}f$P#dcOwVD;exa&0~v&jU<%sFtS-Lul5Rvd*##
znl|iS?pjN?PApHc{H@Qc=XD)rKPAM@qD2bMWkJ)@6fw~t&@+@cElk~|g2b#$5Z&l0
z;Yb%sW-Jzryv?_V?O2qN?0Q-FAPtdlthiS2eL^@HPuN7H9;>a*2@`3#laMhm=Tt<=
z>+Hi#+v{m=ay8Av5XJ0@3l`+M*2N%~q7UKs85gytp1L!Z%%OmKCb>s(Ne9`WytS#AKvuL}?tHB`{9Hz$Qf*mS2L(B!&B1X*U}+
zP(oz0gDs6-Gd0Iu1&+9Iu^?jVc?i}WMOUI4bd06!8|(Yx`e-=Ik#a>#gus|pq&#)2
zPT|m2J7VXJ_c=Cmcxz2xqZtF77u-VfkL|kAyiY}J96W9&B+=3Aib18_qzD@vZwTwg
zIfP<%VMq!}ejir4g6xos;u!8y0uFK{>u-C;GLl0$LU6Zm0+s%XlN`7lF;<6Vq2*qq
zLz#9-$tUL&W#Hy+*?h;A4V{(1SykFHhsktSOQElrlZ^o5?xq2iSRO2RTHmCR%vM>0
zy?{#@#3**NRH~Iy-`klH{jYPKH&yKB>Dy@N#5Ie>%r_PmAo6S>
z?6q8a=qz%2=$vrQsj?Y|OA`)=4mA59?j)O$$TBX}HAB2f$yc1>wCht?7E|wb+Y1|*
zI_=cvv|Moyk<{ZHkpt;rJnUXASV`Ek8ymeP_0q`ahAFRQCt*v)#+(mAWAd!OBynp{
zjua~-#s{a3S)MDTn>-xDo&971V`!-^t>oNBhVvx49)lGcAHCF4nCXFIix6)(X5@^<
z0tcq|C44EecgrwVr2l#&<0R&3FITEH2;;g@Hkc&SCQv^{y4MENnj&dr2{W7Br$i_-
z)UUs#7hL5aE>v-KilC4rg?#ooi?B$NV~tuR{vl>+lw#ZFTIuZnNgM(>Wm>}T36fB_
zgdQS8?25(S637_B$Rd!q4Vqc-2;}nLdA*2$a3?hEvH~R^X*l{WEAc>J27GLLX%8U(ZXp7XIEK*
z`m;j{A?TunP-o`tR2gXr)us&|jhKRU-FQ!^M#vTnIh=@TKtMPC3&e>HrYDY(B2~^?
zjjcw>6v2)inV2lA3s$cZ99~_)C7IQ4Q+i#F+*{H((HtZjeKeOZS8gcFodWS)3pqi9
zlZw#t?~?$HBz~Z!Al?yO-*z6U!qwnG7^=MKWz^r`~<>Z3Yp5v@!&*cuUOthv8!XjTr#Urm}U2JL-(H5qhV!7zTdaA+$R#iwRN`y@2p!al$
zxuJ&0*uY#n`FEwvuE=@$R&t@B%rUE>9M07)S=rkd_D20AxK8&h34<^|oNF8__=4tK
z760oDhJwnKl?7bY>qCo
zne(l9bZEM?^D?ZfnO?2U=h6hG?8tI&p;a}fi(3Uoq
zs0C5f*q>VSrSKWJ+Je!^{K!U4q36gm_qlu=M$DpdM#AW{(uMIZ3zo!Q64FXKgQcIm
z!<-BoNd8&cRX0f$`Nu>DxLwk{Es>Gsk!!QYO$_(QB;KsiA{PEQ$QT6&
z(wL#<0P|`&jOKaMQY+tz1#WUk!<7kvPp=MFop-jo{p`S&1{xKUzoSsTvzpL1s(w3a*AP&Axqj=4P_=Y^{I1oAhnGay6tHxc{$_uRJ7V
zCgod%6-pCt6lg%tcU!)xMAM@mWij0X8~~7jd=a%=vbMGSU57&jz1xh(gb7YEzMyCspGYL(>y1HfSqH)o)h(#d{lU|RI
z`S&)+2w3r1;awQI+Bo@$MZv*oTnlDlj2%<-8einp?J@5GVh;=1+g2OkQ|c$NJFh%?
z{otYJJf}1|xcAasmktkJvfNv3)h}DDw5R-iqi(>xtON2kgi_I~HXh=#4xSX^R?O)tM?X9Fx1^XbhSs~VOm+EqnT|i
zB5-p(><(nW;5Ia)*B%ktXQxBFbZR8)G1SC9yIA2di}_hbV9cFn4nhOtar7c%tvGGT
z{&E}k3v@^g$ujH^IKvINSx9l+GGkw^g
z0*jhj^cLL7ID
zVr#nM7F;3NVE6#r3r}eB-R;~bqi{i(SK$r`viiGsfWCmXSmtu8mHi^c1mBXPMkPZm
zwsPcfxN^1M%Cs
zF-Y9#ioh1nun)ymGaQf0!e4dwZ{^lXOH@w#x42^H#dvAr_
zG=Kn%4t=#M$C0SnMnUctNC#|gMG_WAIIU#t%ofR%NErYZ+~sOdq`9!buksh0pt1I>Y7jhdL$0TP15LOyqZV?1j;YZ
z_s1g4dC92N2}(sNZC%}|In?@CLld{BWNDiYZ}PZx{gUJ>qUTla89_)p
zBx+(Fq|cTWjz)AYqG>Bd6}KXn;4F~RV%D4SULq_|t@UsyEGze#wGGTN4ipaZ8@
zMqDpKV@V}kd&E+`NLO;aLDqh{_x`O4J0MAuR!-4DV$v?gm0G*%NDIIWtaDLGu_>*U
zVZu-MQfLiVs*B{YKrut%5v#(B%p+hjX`6*7bClx97upDK-O)6fO}b#nVrnMmS~0h4e|6m(i1v)ci(Fh
z9$+m~P-HUMiAAlY0H8KjY)nO$efMuzj4lN1NV{{Q+L`ytC!LFq^_Kweq2iEi_9GZ9
zCKvd}q>If;+w=hIC;HIDOLT@=`W)J$nUJ)6nd{W&V8Ecu+VD&yeJp;Zo3(DeTt~^*
zn>e{BBa`3=ikt+N(APWgfh4g69`0wxNlvMe#kdE4BPg#bkcTm
z6Q*Gcvt*N%65HEE_1?6A&P2_^c1Ye+NHZ-fAuGigmn>^UdHBZLX}8%Vant=3YBowq
zT#Y+t*1lmc9-ydb5|;uEPPvvMMO;wPCV7SOG-6V(r9h*I*Dq9wj(<)}P9fTUm|Q5F_&svDg%fymX43}TBd1X^51QsdQye3EVw!Q)Nn
z3KlVzT_TN^V=+sQJq;gDnr)3UwBsU*wd*
zeoKy4)0KGa)?^s6`M0e%xQSrxP+T6w#_rxqdx*|MTy)t1mMtBK5w$~aG>3f+lql*p
zvB>zgC1i1vzpShgT8ioEDgzBDI4MwU90ed=qDXGA7FV_gh1!{g-JJIkrGCzQkfi
zo#HR1D)j8!iMe9iyIMgD1E!BA0D~RFlAHM0_^E~zEEoOLC@*e=F^SDGLkWK{$Za?~
z1gA0I*7p?s!GapW)q)5OTNLJWcb=^D|K_0KhxqEnp{d~fqjA)mHazG?a!b8NG<{-DYeBhlm4l@c)!1ipWM=@;7;%DJd
z+&j`-@In@qfE$K;1
zUU52LDsm~~rimQvida}q5P6&F8S4xXxnXd0dcT_{^ZEFTZRzg5wlY^=Y_xO%_u-EV
zboCEC)0`>X!Z#fuAuXL&>g*ho-}F@gfhKQ648uzN{t^}UhJx&j6n={442!VU3LgM>QsQf9SaYTik!Iei$%Q|&>0z~g#
z+CdIB@@CFbE0S7-FDsA9di`=zArt?wNi*3oyPf_mAn!LW6s@2JGIeWU
zma+-{Mt5%wC8rjUMG#2H$~g#ba*F}!_JmPS*=V7+nX%Y(EkVQ&?eY!f=uK(dyn4S~
zjBCAa%K#z~J{he*hy+r(!xzM&Bg&$U+$kwm)U}AC0G$^{vSGo8ReU)L9{#T8GsIzv
z4a$NI6A+q?qL5itpT~UqCkPVP74;P(B(j;pWKfa@T%}=BqSZS`p%N@l5g9q1Q27$8
z8}Wk3DPcfo^jebjAhqgmSCgA2c2>hEaN9>AJ%)Z2GI?kgVZwMh-X9-
z!Q)j_Tp`LY>}nrU0uh~12>HqKac;6$&3>um1iT|@u=XPRDd!5rD$3C!#~X~~tBcCe6hU2?dxmJg
zzPy6e(-qCLNqk$QHL;90fQSqh^hl#ClP6S77Z#|#MRym6Uqci3D#
zzAUqk-G&81;yT+m)7rHpH6oRVk*4jutS{j=AuQL}ceHPH2^Up^jbd$$Y?+vIJ{g;V
z8FD?XcUsjZq}$zYzeckvCt=ITM=HdQn(Iz>NLI?l=7`)#>}P(F-|jdE0rMJ
zJX~L>;;=$wB`4AvuDI7)O0D9ftevrBbeRm_jGi!SD_FrCRf!@@ch+eCL2TBdLn7g>
z0!yMs_xNh7Mv<^>f>D?E*n)YZ0F5+RGRlsaegqzG6vyiY2d_b?UM8)g}DS9xN^lRIY6vOrfflpyBP7DAP>t-kHAIz1Sigk$4%t9kS
zuKAqM`y9OLZjxuCA!DrOn*SWEL-$q(#b0HDiPjyKeG91y331K6b!D}?q&?sS(nw4O
zse85K^2}hCXCx&Qk0tZY&IK*SK&Ia*XibYqdeh|~faHI{7X$19NwHFl;)dPjaC(r1
z1zR8YWmj+}q6cMcC>)L;XkyJrGIJ4U1st{-3s3o1vf8q1Ti6qvT73Is(+ydgcAA}$
zE5hy#kFq1?Fi7L`^<_9zP&f2&l&uFAJXBN}qjWz17C_}F93d$UD+stJ8CU2p!)arI
zrkKgr%Es}M55__b5smVYry>^4&GP(PW;h=i2!6RDIGT;R6PRT2
z3AA#%MhmP{gHo6D+RJl9_9+-aU<96Oww-pv>__9sb|m!m@}*Hzrxwp`f!c_qNE^37
zXH)LH8|)Fx&s2juErAR%@C6g4-I^d)%!Mepn&iynLyvqt1DZNttAr^E6S5!Of`X{Oct_8kHfMO=l6FU_zugeam@d^l0A
zMb(t_jXh_Gg2vtly@snCVwO-q0nPy(3jeo1(4reLx91f0gw$i9@i71V;;?sl{`2@_4UEG$mzdRvE
z=GmD;bCS9{J?*_!SR;3$9Q7q+BC=5+fe6|b5
z9DJXz@|6Qmj_2ax3!rN~%;bsKn?APAM&*Z^;ChWVjFQpk6ThiVCFD$HinLq7?tx>^
zH04Uf8{#ROA2VhT!N{IQ(sOQmndEQAySYAOJQ;M4qog)WvUE
zC^tRELNwYM-1asd5GD0Dqc^NIInX;xRa2~+j)6}Q-&hf<^64QKjH%lpv$0oBQ8$@0
zn4qMgjAq-$Pi!e@{4jS$uyNTIiTIf8$GZg0yq+&$T2L=6NrzUumj>p4s3?&|zJ-m6RWknE9VKJ0Z==!LTyoNKrv`8Q7@
zaW%96=u58r2WDp&Sz3xB7(p4vmGeo)5Zrb4&vWVn)sJtU|Dfp=&pOsML8OuziDCgV+qyn=_JPnLns&EZtr5Wu<$tAd6G0o?qXyjEw7WYqCG+CfMP^k~xZi~5MH`xa_M`Nnn-F;Yp1nV^%zqRMex8rdThuTXN%Ruq^th=S(Z%atleFt#Ir
zCA1ij#t-s%@UbiKGZky?2&o#YLHtDCqa?Unsnoh~wXE0bkVSxeaoQ*uSkn45pmQjG
zuOcTztFqW>udZM#CC-KHx3-Nd3d3_PehtT=wRinlCEs!-U=U;<#j=+}rV3>)y@YE(
zxm)u+5Elux%&o2ViI!vlckUA4oiX6VQ9}SuTOMhDDAx$dfk5DmE=>j~PGhn$b+X$@
zZHAm5Xgf*SnB*XRn}+sQ)d#I*7VhEJSLi}E_W*N>meN#;!n{a`pX{r`sth-HnU`DT
zazOfR>FR*Xr?!#b2rjMD8=VHw9tK2#!3@|wof;b8WdfRH&aq=|j(wrymD;OBD1
zCo;IMP;;_iB4#IB!C4LsQL)zv#P?aj!p9s
zw3ay-tG#FGu<^C7t#&}2o2$z$2;UKNx=ATUk4@@O6nNy?rif4)K?qK~n4i+P_~(fp
z4>Zu(FzIr$T+^`amiZ(FaV+z#gE`%8ASEK7NEz}%i6ZkB%93TLcOz98Y3M>oQG4VY
zcnXvxmz4sWG@=!Me5+iY<%_?Y6FD?2EiNjaF$gNK#mm{Rjw~Q(sF`f8=O(dUDl&gE
zCXyG9sJxKX3!`P+ZOXW*%YSpn1L7uE__Pmq@dyOCu{)4*3NUKgQ_zB!D3?X;Tt<7Q?w&k+69f}YJC>ImULnm1qbVg!`CatPW2R)-W*u&
zZQqesu;_!&^(ZTi+j<;+-##|%VlE6OQgAHCNNKdZPz9JNLm<~J)
zN|b11N|t7Va?*{O1!sla(J>xtVAd!<9=BR3DHhJjteSqI_#lp@Gn)-kDNb(#2ea_>
zc5B19iA=PjRy@>kXECOpn0ZKHXcMHW6AniKp@xd)coO<3aafv55s
zkU}5$?e<|dZ=-N?EDD^uu>`e}p&S;I?XD!|s4jNJx)ri!l0vXmV(7b=E<(eiOn3G+
z8KcO)7rD{t9}r>4VrXWtaU5}F_5*pt*HR5<-&<;Q!!#wv`z`x($rVlI@Ngg5+yJq_
z0i(mZtT2^sa(Ig5_Fc=n#5@%FAZy=(DJOLozn1#|dnYmmVo0T^&V9W2a1B9Bari_HIh)&^-r#DBtQYF@gE&|M@TPi}Q=qn2_wt{-J
z(k;#J2$AdwHGh`!)DB}{~bV}h!N6HyyZNmV!Ha=3QV9695{(>w=VnNBG%dN6h%
zKBjvL@-!p`QS!6}Pl%k?DJH$SUIK@-gby_KbhLEoeXNjOE}-I+!UA_*SkCF>60OY&
zTcYk1*lzYYqJOt5u+ZdxqymxjDaJj<+-B|La|u?+7Ob}yrlByMgTZ_>g*xQ*BrGDa
zy_36gy;sg^@Q_0ai6eW>gnY+5yE2v7btTtoi?}4&6()qT9|>f$KDhm!)QewfI1o)(
zK(|TScG=k#?9y0LZaQpX+kS7V?k}LlycW@_hQkK#C_~2;OKJNEyMqZhot3Zc<3xM
zA@2mGHcNjT;sOW`cba|$_NNepNye#4RVIZ`Yh&HhcR4*9eziO?esRj>{Ut86D#gQy
zEn#tRW!|OA020wHfN3(<3dr(!T)}&s77sE$nVj)l?1ifdt0aR(fQUXK=h0T*ADMH|
zh}voD&m5Z{hTCkfXzX=-0h^pm43RKRL?1D3De{eFvYm9~8_p@>jK3qviLoy{8`cCm
zdTc1eL&pZQsE#V!=L(Bx{T|<0S#f*K+21o0%e{=6kO=SQ(4Ho&ZD!ge5wtGhuE~k<
z{UTL4`BzmITDaOmZJrk8!oLNxGQJnuJ3m6+o-CF2?E}jIBMMR8FtyIyB&;6nS=E=U
z7^0%?dK<3q?XD$LhK=akBt;Bh%C-@M8jdf(wZk*5A6X=mmwo#jt3hLoQiyQP#OcmK
zOGj&Aa^p?kAY^Ajs^}LSlNTCJWaAB&mGncxp(2v>Ga4HCJx1-1%{E*?h(qr|1iRi3cwo4%W3+KDSmimEl8
zg>y!fMnt?TEC#W4Q_BCPw!k*wSRusJvQukNIgAPGv`=xiS!2Ux1xc0m+;Mo98wScx
zh7CpOUn3h85qEJi_vuU33}N*W%B*zVB;LuoYm=9TK7w?*268|RF-=7h8NSS73t>-r
zE*M+vJIPUjXT*~Zu_5Ye3RS2c0~`Y-Qx&;C#{=S!p?LQmOo0MWYADCZHTOsz0ZC6S
z&$SW7&`p%>1pg35rC)4rXXAv-m5Cur7DzCo;@!}9v6%#nanq;lE-~2bBJ-+DsE)9Y
z)+L``li}Pz7D|pI$b=_43fVV@UvbWo?Dv-qs~Qp#)oDbSL4Q*iXr!MZi7GpT)WI`?
zq>;UvT<}`(66{e#0-41P6P)byK`4YXU%rEa@)VlvgcLNF0@iw>CJ-+v*>Px1^NRIq
z+)I0sf>Nv|hvViOV`c(IXS@l`3`rLsqXq0R5*WLe!uoBu%RAVPLsM&_hq+Da5}1v4dY4&%IDeb61|s(c8x_?5p38Alg@MsL9slYJ8NMM@hm&H
z(4r{fT}!(n3U9FZI2$#sdFaq2bYY7Y!nSE!*`E|);Fo&K?JmVJhT?`|x*%{3Y}Grp
zDl}YXNsp+aT!}8zkFs
z?xnU{B8oN=Rmi?t6n+IS!V?$zVU<$cSHiPmi+Y}ooib5>T{7P29%fe}BYE~8YGHh{
z*b$#xrfjdP+W0<|bL}q{*>2@RmK7oCtFe^}y%I%28|PqCG_orvtt8?VNmNF$nbi13
zc6w&Mkl0ui93U_XHG)2F(ejPNl+P7kVxiOKh$Ori3Y{id0>e}S&rjDZfEOKiA1TAvWKliwsJ?6C@+IqU~PTemhE51
zW`P(UJ6Eoq#u{JKt>0Gx+D*fsb3A9EPg%EPJpKumAW{JH7I1F*1?3VXDo4zM9I<@(
zrUeEsNhq8f8@(kBw3N@%ep{&uofZ&a>UGz%1Zd9f+VI(PhUAp1(SwOE(@1v1B3S3Q}CkiQn$
z{|#B(p{}Bp|~>FK{(Lvg|Mtr*T!&HlB;=`eUxmiBq-bryJm_r4lH+!wyS_+
zht!s<5IFKS1pg%7Bsmy(uwr3!U+cN(?1b?Kr@xUY%kzL;j-~~YOlS=AW>4R<(xyZ>
zwOhF}ScxQlpO}WxBJ|S7K-Wu2e^CfJ#9j25${WJvy^cFqw+x3693||_)$foDJpmG;
zaMxTBdp#~C##rRKayl{Nyq(LMHoP*?f*z1mLgK>@_nccBD<`@^ud|AX7nFXI?=@LT
z7OpNdF$vvrO^+l>of5_fr%5a#fEh=B#mc70oFrg_x(4=nPPTD6VkNW}S$JEOjRy9R
zA&9uWazZNW`zm9xMSMgye=8VM>5-XrYC@BAVqBd)FSl4IxZ1V7dn;=TC%Uz2i=|5-
z0EJ%4to#6~nr6GTIH(r1QTvBfy;{}~oJ#StevQU9q#1GX5|(RtTcg`-zO&cytS1>h
zM?Zz!gVK9b*4&Ux>dyOWd4wk5Xb>?Jgkeu^NjdX?(T-E_8?Oo~W*X?_nDXju}T$2wZ+kX<`wpc?_-?
zh>K1-|CswXoWGEL03om(+NGw4&e^bq_m>zS$N?D;q;f%a+mRFV_CSX!t+g`OL8|lE
z4R{NCXGG%;{oKTrg00_-Ww3e$K}@%6#JHAkO*TA^RL+A|^`|#>YvjGhP
zw5U^U{B{aw=}d)u6yS=uRE-ejDT%}Ew8_H;`ysNS2$MGJaU8!2#<;w0Q!YqB?U%A
zzcAM7a<^4FoS2q4WDH^kRQYVNI2l7crrmxzE9uq%*KBM2H4P1j8{r_wA~50T$Wvxz
zfB!Tky2sc@E48-qxvN*;Lk
zlh~L^7W0xt9E4ChQ_2C(&0?ZH!61`wW&DusxfH@H!MX>AVG?}Km?=CyZMC3s5Clvj
z5izeF&xoOyyP00Az6F+v+c;ctace3?q!E!6y9Fi~GC~(@?zD&Ix@xI_2}Bv}#d7u5
zx;iN=K=>r)j`ncQcRD3(Nhty~CnK4fmE?B_Z~{>~C9-p*O=*he5jSinHg=vD4s2iq
zBB1SQ5Kf3>ClDOw$Z~I?i4a*J7ox)&A0?kbb{1Ud*6X(hh?FwlSXdzWK`g2k`9Wa`
zIvg!-&SLEklI31hPGD7#FapmI<3;)&O=#|$Bw5Ws*u=)c*TTUO*^nRu?r^d(*8Sp=
zND(S%Z;F`!?;8zXMoxD^
z7lmz<-{pS;GVe9ay-5t($BR4bA+BMYH?!3^mTt8>K?y6dtGd|Pb>bjq-k!#$rkAGm;2m(@!EYsNYI@A}dJjHScOfUP}v3`4n1>f8aURtH7sAXkE
zl)fQFPudYEi{Y}ImVFbUi{2Kn?XV5iQ>(p@ixQN)0SQ&7d%YdI>sE$fug(RTs{SZh2Wdq=l+9k$jj|kMrVWMV5?SCQB?oSI^uatA}uZ
zIGTD(iJbXqF+g(BRtl&Hi9pOZhxO-d@97OxQooIM7)EKKj_3%y!!{WM6D;>J%RuDV
z@WeLQ{qEmPxrV7U9A>nEsKjPXc8*+Ujcj^zh|Wlyy0D{*lNyIjkp($c9hohdtW`uM
zvyQt4Wajx#JMiu8$lXKE_>gKqx=|F3*5nS+OK=J+w_%nK63GQzx)EL&Z|O48yBl4$
z?iBJ3nabv3z#4gvf9YZ=6k<LnD4Lo-$mUFgi_NBhz$RT`%!RCcN
z7XJxtbe`-Cm9r7@ouVXC=0lX_x3R^+g4#|U9^4Ssn(NyBN@cONN>Par5-rZT6wSh!
zfRqx^vFO%y2giBR0wXRF1B&ertz|3>AnP$DY8@*$M0jDiVLR3Z%QPrb9;<^8HPGn+
zO=H3n;qqW!O)u)lT8H3k8_=OXRXqixG`>=2-vCCOmi?P~#)M8Q-0tRTa;DXM1|x;5}}VJ$@Q@tpnJepSkS;H
zEE37evz5lf=s^08!CW%o&1$m{*axvjDQy&u+Zf=bh|2In~q*eKo}Y&IQ9<^iGbg!Mt93&SQ^
zZoYP#n16hSarm??ById$x!y51n3~fQ_u)Kqx~2RkOKsf1L~`-#lOTy1Viu^7o5NDQ
zi5N!vOIa>pRY!eVutkxP>8OliAnIzS+kq1v;spnCMWRZD|ZS
zbm8383z$ozq?^`&je?rWMvXBsC9=TP%Q-v_1096RZ?zpi77EG^;pZmgK9DIvf@4@-I$`3Jr!>-Q!!;9mDCqux
zeaYEn@*LwFMuk;5cuH=oGjMQ18{%hkksG5J%Tyd>q-VWOwbAQRrgi8kBYGrCk$|+50bT32DU|K{{LbF>%+Yud3g*2_
z!)p}Slm$CDgj@AR7*E2Boo=H6LN7qfp*bBfMDP_$C6s9%DS0kV<+8BRny^a_J;+UI
z@(X@%)tbe{FhRAeIV&b4bEP*}46_;it(8;|mNr5gQOv26xDY7UxMy9*P}&Hv1G9^I
zd=!k545Gu-7fCo`CP{R0GQnWN;2rDPv24OgL35f7Biw@Op-7lUXWF>_J=H{LAPUx?
zCt4vVu4a4bClMy=EH*@0=V%U%wo>G7Y|LfUI5w6PN#vyD@_@KSNr%8UH!qzWBYylO
zc6mbflO)re?}4|SvtqKdwHp>Sr-?Ok9JW@PCaGR%(HCQP6lz|a@hEZ!g~47{I!Mah
zg}biwKC9RO2TUwQVc#WM!+tH7DX8%>LM``}+N<4aYaTbPIxZYEf|>g;q5(vg8uRrI
z#%`)+M5l)8ZG?brDajhupb=z>RMnf5@lY*T1V2}1`I~W#iwFD8=c@+xSeZ)c^*RH}
zPbb6RL*(olaU8-Pa~5>=ncnaQH^Y656A1C;R!sstHukVkA7kDGL>t;P1o9}2?2+ZT
z$xEm>6s<4aL71NzWBrqL^_#oANoVd1aFG-vYD1F37njDMF+`r!toC9Rru)nGMN
zn6x4Pr36}Kwm*@T=tfhEC4a4zBbi(cGcQNCz0Zdpk)8Sqo!OXfEJ@>ZjT5vegXZ4H*!Gho%lHeNNJIiJZ_a%viDfA=p
zjI!WE>!-dE_!_Np0JdvQvv6aA5?+YpqM`!jBG@hw3Sb#rLopS@Y3ab9y4#cFy4L%2
z5IRj5CP0hjvPanm)0ILB1xh!A&2ds9vr6nnI*#0%V-#OlGh2}yg&yikl3R8wZzGFF
zE2YzJlRURDwh9{>;VsqYLq(t(0LNMWMN&<@_(AB8GpM2JqigD?a2T0@dM2NBihPM}
zenLwwku?`+?xfNY%jR$O^Kd4cA#P{6^dv
zB@Bze17`fB?0sOQw9=^8>L(g7I%NVvL5V7wtJyhKini$44r@>vabu}QxvrR_`ct0j068&jgkebx9MvEd1?=7-
zvmvFQ#KM);8}Wvby}@E{hgIgtaP|b{{mjy$_4r-{j?u716w4H*i1QrFllf~rGoR1$DQ6Dt4xLqJKqpW;0?>V?(Ec#<&5M*i91~fxd4derg?StY_a`hiU4Y#wktP6Q8^e7
zFT|@5q!_ABKIMv#Q)G7;An8k|K8N!@MF}KO){6@%ADva{%X^VYmFXN$*xq861;H{I
zO7Klm?4j@))y}EP!fFe?Ywgw+ahk<(S|%DHR<2yRk>IlzG@J7cUSiHm?+KV0c@yC*d7I|Gtd`zm{j=7Z<`{89&Lfb
zJH~?MK5ovIqSuCTJ;^Gy$7+_aClCg)IRr8)7e^0lIwd%PNwx;!tGg>L%ISJ&snMKg
zG6eT2UPXl_aR`q)Pm~%7kM7#}UmnDFaB9RslSqgAzHgri^<{Sxl9Vj9PZ$ZNtdJ6O
z0>WCFWnm+Cg^{CnAE_d*LWkti*k__BDC>GIbaX<+E028EWuwZZ{%4%%Socco16Xo`
z>Qa)Z2+1!{k|^tF6PJxWDj0;Q8SIVZ2H^Z{unj^if4Y%!uzHzQnEoc`&KSiPqk>Q5
zuO)Vs&VJarBm(ZI@Xg>hZp6y_C}Q%=RlM(cVa&#+$t(xFLXX1b#5v6DSF{b=YcRD%VioeT
zpnKee1gQ6E1t@4e_w(dJXE`v*go>s)*1T&$V~27eA+iv)nMK8xmmJoazK~@v|5ELA
zs;8JwG5G=aZ%AfKLRd1Sv@Hrty-A4-g-Btkfy8B?8*`{gb559)bS$-Utqf(&3}&Ub
z)M=k!dj#Ua9cK-e^(M9BxmLg7xi)uF|6Nx)4BG#G5x|-y^dK))75}+L*9rr#{5b6&y?`RkmKgz$cUC;
z5r}@UK+aWN3_ELZRM;@}H!iO@*y9dbU<1~I(A9#rX*k4j**NU4EIZG9CIvANKAw%i
z#Q8z&#An%EB5~F@)4FMChCk>bq@5@#uwHkRu
zg|fx!t&H_>iILdKtv8C3fRhX$Ll1?cB&*JFJMuwH`ZABPCm1)l_TIMIfX2IivXSl|
zI9#4e^#+`r8|Fx0DQk^8;hZnS0bkH*4iHayp|?rH7o&SA-l6KixE_6r=tjw>D{)w_8+MC^#M~W=V=ClsdAJU(
zUi(zvn`r;%)72T2+i_7MszuY`>=DZ(BRURp>Mrqgg+sU8$fwNo+*y)#{#K1?axY-g?l*0iy3%4~AySzCQvv8LE0W`Y(A
zTXUTxo*EgiEIlz-HpTB)z;Y9+XRu9N|S7*E45|
zCPSK2Y_MENeJd-_FIVBKTCc!kiR{<){+zP@i`;7)&PBr`nsueBE`f4_LBYnd7qUu5
z>bG$mx=^DuYMOd*-5_xZsTZ@cbcf_%Cn8N+<=y1EY@|@}seBd$tX8L2Fa~tA13&LZdi&M24}|dFG7Aiw$N#FNS$i;kX%&Q7TXlG%)tBLUmCGEnOpZ5{
zq#)(M+`|13%eBGc3ij=!fiK)pg&dDD4M_Xvk{S_?^YbXQ4T;cfs;-Gt$q1T=$5SGb
z3ePPJqOg-Xj>6lf2qR0QjqbIpO(dhQOT_ZHS%deRdskMwOT56@6e9B>iabwUe7!MG
zw-L^omg6M09&pQ?&UbmPgM6(rXR+v0{iI9w5X!#Fz*m9=Km#VBNRh(9y_Q)a(_~e4
z8LRX#B{P;nfw=&78z(=KMX_&+7$1WO$$E$eYZAVSDO8G-B-aUQX^fkZj~GSuz@-Sq
z+2@&vi^Lk#x#G7m**!)K%_-tQCd8?b@w5N4Q6;JJSDRYabe>xD={L
zi#L2i-juKD>#95__IWAnq=@;-GgqoW&z`iom=bK?jroX>mc&ikl}Ag$&ixROLtBwO
zMl1~o6f-?G`G-7-O!X&jLRP++-WY=uS07#>320e;sz94y`X@|BaR*352P$OC1fReI
zO)NB#Jgsv#G!i7a9YzF|*|*My??!Q1ieE5>by22>q!5V^nXb%}Uw@;8&=yui$67nA
z3Iw_^VKH;x1i)m_Ou3XSW$EXN+LFG(_;wXNeT1Z925k}3vJ*rCX}#Mc2N<$1FNBpSU8L&0n(2V3aM$DegkVH&%s?@
zUMA)TcF|BY!nmYc$Fau_o|GGe)cHJNl-yu(xz}D;2u{0la(VS_BC?^{IjSio_Kh7;
zPe-i}vXhFaI){lFBGwQsO}uCtW0u#K0w*S~BNnF0ld{qZD~37kG6)DzG-#~oF|}me
zDB@{|>TvPvh@jeDG;D~kBG$6)5teTDnF!sLNcc=G6nV|D2OcdX9)0qb$7rm|OgocX
ziiPo8CjFu>j$hVUW1B|jVuRfXabO$jB?SJZ*LL=NjCaj3rscAGryQ?bjU$-Xg$g%JurSjG3<{6lhR3Supnr15tD`Gj3%;UE!9>~}R0>hmRSgpf
zadwf*L|Qfjb9dcpGC*eW6@)mK7c7wEFp)7)qGa)8UF>5WioHM*r)4$(
zUg4Oyn3668U-6(tgsA0=+)K==bx0ff6!jS7Rqa$L4KG2eF9#soRTM?{ILHzLpTJxK
z<8AjWNj-~OS{yst7#UU|PvO&!1Lnkh$%&okaFff}?1z+}%Q`)wLmhY}uu(ji+jVt;
zWCRz``a*9RhlfbB+@MLjHDx_Y5JbSS){&LCNwt8ZQ*ss$?hvB?iDJhgx7wKXk=Pj1
zyRcHGP9t$DTWxdXXYqM
zL~$FIxuJyy0t=||j(8Qx1DrdCv!FI@tHgBqAVu$kR|~E|)n0qKp&HpVH4T&tHV_Bt
za*zlhnWik8^AXm0m`PY(c9Uu#BR;`8!dBzF){fv*&HjuAD#{rYX=-S^Zo`YL1V!X`
zOp9EWi-#h)Hl|Nx#5pucqjYryVWhNol((894$mXt@iI)XSK4GP)kbbAtc%VdNqGmE
z5qdVg1FyrNu#ESK#eVZi3`YmrHgVDmKu951t=Srdb89+b(N8YypCIx1O}vNyZ8prZkRG)
zVjaOgi_{ujY<%oL`fd(_UD{1_11?cWrAM!g?fhe(pG3
zrEu-Qpl7$w*R#OfwY^T@**BrthTF3QLSdUnZ^bhu0}1_NsOlSIiKW~(q&OKXbJPTL
z2C<;Xtcxt!!kQU@|AWo_n9W7!>T-D+;+W|;T_J_n)nK2Y>LQJ|EY2;na~8$}B7@cc
zf5jFui>nCvjbSyxew}vI(@u`OfdA=puKWnjxP3Y}3{m1NB@)`d(P{29Qwht
zu0;j>NoD&9$LELWA5(sHSbj6%_&kgLG3B>}<#!N{&-3XYQ@$3KzngG;e9!-w6no1b
z(DKLAPt*QH*#7slyyTWIh2>AdIMByezF*6CQzg@WEByY=TE5_x?|3m+cnYvPwEUTF
z`Afp@zgx>McFSvF`Ny>UGPk@JmOr57&vnZe!t(EF`HS819kX14`u7wp7W(+UzhBFr
zL6r{Z`f&PxvzEWdE#GmsZT}7}A92ftSst
zZQiNB-=jwG`C0s*=*ooNO6ljBkFxa+YrQ|h&&d1G{`lyCeco&IdA~yI
zz&vl@1H53VKkwJ_8T@X`cgR6Q<)6~>w@1qFwCz8rV4FMVE1|CoN_U3Q$1I@H!4ZXgKm!@I=W8u(;L6K>IZZ%C_md$?Ec(PviOXYRO(
zA4t#pptkdV{La6+{rXAi7md+3wVeke?fjK(=OJz9htuZttZ+`x*R}J_v^o89IHxxe
zlYq~!;{EJc4Sdkf=}9f0rb?#IJLGVt{@$(S%>0=0)$n~jqUAS7zCXhi==)#N@=M+F
zx_o~S*dtngk6V7_odd5vbH`m&>jL0s>bm)S+8q6UIF}b|y{ppd?F;9!`Tg{;An?s)
zPuuz9w01rowsWtxb0+GAWB2d;a@6mSX*-YLCr_&xzpLr}2EKk4YEnJ3FJ6vHk$SX0
zZ#$FQqp`f;G580ckGszsxYy3*VJ&|FRWi@oF=f9$ujSWA$|r64YqY!`DZkm4zhBFJ
zbNMMPzsLQ4Y%cH9_5Yo;vHfZ|myc+@)wFtx;T-Jw0eV;vq@AHOW;bcMkM}*P<-W7*
zZY}qnWgqGD{V(m?v6{(8F;x2JMYQ6wf>E1^k*WZKVQ=4rk%AkKacb&KmP~mg@VBM
z{XOfH)A(JXYw|~Mrbot)&hm42*tPu%ZRZktm>Iu$8DDDW4cg9+#@nGi`ci3!>U~)2
zT^?Vz^t?;L_5CHS_aMF#=@*@2UkK;*{KujKKG)Jere8Y_bA>@bgSvjM!tarGULLk_
zv$k;!>V$0^Kfx^*(#QMf6U;aD%6y}&mhW}nVI>@=
zo|f-)%Y~)qxqO?J`}%*cmZz;Jdj9=dKH|3D2%rD3mfz@>?~scueg9k)3f>ecKgJDE
z`KXp(;g;)u8w9pr*Wx^WkIb`9BDHZ++elk0RDQRX`{>d~wA?3q`;wOXc+y9-JndY#
z0M8F}jl2)PM&5ze;@iWqyn=~JI{!oMT&3+ioOXVHBjf|#pzZk9#0RxJZA}c~IUm;N
z9EkV#WZ2hlYa2gs1}d3-F|dOPEwynr3tEF<8o%3edS5yAd2J4B9pBoU(sJM4Sm{%K
zmzGEN{|*rv)4KSumh%tu4l0u#MEQMM{ssIVd52Gj(0uaIcm>*L}Vt*S)__`wwe5(P2AAN`tBWbI+%OAQ+*4%oscL
zV^qt1b3Ci%zVYp8x$phnrscjhaBrXQ->>C9`u(t$`{wW5C(?@tfp7jswS0^!nel0c
z>uXla)86kQeC1|cf2;UCLR%)@JaFfkul~LrHEC-Q<@ab?58-$FEZUP_3!nEXt#de5
zhd87`U=M2fO|fznq4Bx1KtBe4Jmk|RwGO|Y85iA~w62<3
z?i<%TwLERys1F~~@*j5l!1w%tM^P{68TVuhZdJJ=CWU=RBFdsN~gUZ{N4h_XqJ_4{7vs&((=bo0Q-Fd0#ZGFCfua^7Hp!@rL|KUF6=RTEQJP3UBYgEhkQzbJ#
z-EjP7wcN+M^t9YJK5x@_+M(z5XLw$4A4?=g#?c
ze|xn28Ezk57>>bBT0Y~JJ2Lx|TJBq8cWXJx7wi~2vW1Um`NeLz(oK55FKPJ|Zn?_o
z`TezgpIeT7KxCZC&*#PErvrQXl;5P~hhpuM2zwCNE%Xq4==qT|K=qe{z+azcLd+}Q$p5I(;0!9gzemS3UeX*8RI2-nFgw49G*
zQ!ZBxUZ?l0(>@h_Ld)0iyIm(l&s2|p0pQQ-TK{eQ9vMff_lsd)&fZCl1i=vfWBMXu
z0Pf4hTJEFWlUnW@i)NqlJGDIRPC{e(p+4XLtd{%w|7|T#JL9SSv-yjDzVBi!_s!*`
zmh%y7#_zgte4ASCTWfdrDgRKP^3Q7di`@C!G0h#I_xrY%`)J15Ow3fTZ~E`Z9WK^#
zzDAjHN0v9Kr?1D3u)*X_w{+kLt4&1
z%sV)A`yARZ`1sDQVJ-LZH&a^f+XE|F?i+)<`jmfI%P*r&n*KX7tozc+F$Zm(gNL--
z*S~Xqgc|nCeulN&_xvd>_qD&$r~IxycGB+5D?2yyC%`3waAVt$SM90>k3^0)b8Ab7<58u>X8{9EL2`h#c`
zJ=Z+X{5+ue4yuHY!Rhyb;NR&-;xk|^dZI-G!T*f{`qx14A09mNI9q2R*x`1=!C6CX
z|2Dr21ZR2bKiY#o#)F^j!5{0v&q?4%(WxEI`cd*25RE0={QVy7{F@a2g#JCEKk3In
z@c2agzXY7-@l35}eoFlxO4Pp}1@v6Aa*ycuzNh#e{l<#o^kX1+LZY1uflxc|JzFaN
zmexO@_zQke0J6C_R^&1WDOOw^~c
zfndmk8;dm4g8Uo^Xf%?af#4z!{%j9^u?N4@gFn}Umpu3`4?gC>cYE-?9(%njE
z;5T{j7kcoUJ@`vJ_$?lM&V$!Hc-@09dhmt^KkmVA_2A1Myyd}HJos%MyyL-p9-OR(
zlAnR#ga<$6!C&gZU*^GI?!jN-!C&RUU*o}F=fU6L!Qbe?@ATkr_TWF}!P#0MG0+3S
zTRrvP=D~l`gTKRr-|fNQ>A~OS!C8u)(*K|K)W64rzt@Am--Ca^ga4cd|DXr|1rPoq
z5B|#@oGpG+#^J-B`fN>_QvcUI_3!oIzv;n0;=zC0gMZY6f6RmbjtBpQ2mho8|C9&+
z0}uXb5B^6U{4*Y$EK`%8f#6R(_@8<3`#kucd+^VBaI(xzeg=a3J@{XE@GpAsFM04U
zd+-N5_*Xpm-+1u9_26Ig;17E6Z+P%;dhoyZ;NSM(-|^rNdGLSq;Q#Ewzw5#O)q_9c
z!T-&Jf6s&ehX==1CFO(ruLnQVgP-NWALYRx?ZF@8!O!;KkM-c^c<{%2@N+%*c^>?S
zJ@^wn_>(;NlRfxTJ^0f-_)ZT#$`@A2UKJoxiG_u=d?!lWLyyd}HJb1^0_dNKT
z2S4e-PkHc{dhk0u_-PORau5DW5B@3-{u&SdS`Yqu5B>%Z{zeb}CJ+8*5B_5w{4Njv
zRuBF*5B_!!ezynzDG&b61TGw}BUDxXML4v_Cb*gJ=N4GI7b%mIjli8fI^&l|F#6+JkEVYQ(La&TD;O_FF#6-Wj9;0+$G)E+)@Vn{-oyCy5sd!$PsU%6
zz~A&3f?k-w|C({u*hk7P`vLk>l>$!5&oO?BgUGK>Wvv>=gPT*a}U!K4pVEk1H{0MKkI}`YCGXCZSK5z~}?@r*aXZ)uV`0p|P
zvkClhY^(o~1b!pqWHA%{yqWP&M?w7c1;)RUzzG-#-od**UN{h>Ub9d?wK{O#^zmkZ
zx>~iccz~mxgnyggpno*KMt%+iyqO{x{V@>m=19SLv8Uj?s8euWyeT*@#uQwYbg`0w
zAW65W%0Q5$+k*4t$6BHKJZUL-lFmyzNjfihlFkdBr1OF&>Ac`cIxl#V&I_KT^MWVo
zyx>o!ABoQZTX!X3jL%b(AdmsEhD($Uh_`48KA6A=7!V87L>cs(2~6rg!-HSo!GFYq
zC(kKq|Cyfp7kTh!dGKd@@aK5&i#_-y9{f@d{#*|}?7>SO+|}xbRR)4x;UCU#1Hq{C
zSNQ8dFc$vd{5BAbJAZ}04y5o2R5}nO`2@j}e1hQn=ttr+5Iiq|5inpQIYo;H#H%|B
za{VN~L6rt1l2c0kD-sw11Hl0ge$ay_`59^Fu%~{K&yo5^JoS_OkJL}{KY~wq+PT_;
zU*o|iJ@~aA{HO;%=E0{t_;nt9+Jnz{@L3O@
zlFt-8$!7}wV)~Kz3V6%T%k2d{eYIS*d*;PW25?!gy4_@W12^56{*p5(Ww
z;y{q(w*_x{+FADCEf3!I;42>dHV@wM;9U>i^WdumCO!qd(xJ@~6U_^UnmYdrXCJ^1T9`0G9R8$9@rdhj=T@Hctz
zJ3aWDJ@}7#@E`Z!cX{x)c<{G+@SpJDZ}Z@9_uxP2!QbJ*@Alw7<-y`t(Sv`;
zga48T|78#UD<1sA9{g85_^)~JU-#hmdhp-y;J@j?f6Ie^#Do8~2mc=){G%THV;=nD
z9{hJa`2Y0apYY(n>%l+i!GF(#f69aZz6bvU5B`T9{L>!%k39HiJoq1b@XvbiKk?vy
z>cRiagWu=D|J;Lr&Vzs6gWvDL|H6ZR!GnL%gMZ0`|D^~2vIqYw5B`7$|B46yYY+Z6
z9{j5w{BJ$@*F5ga3aX{5u}}e<$$o
z{WtRG{1=O#r@x)~c*6hH;y
z;IH=JZ}H$i?ZN-XgHx=bwEq0N2Osv}6qAV7!@um1xB7~{+$D;Cen5ch6hEr?1!oFy
zRPnar9mS0W;ah>H_4Az`{C(O^<1A^|te;OQ{s)R1&im_%-})%2PqDJ;^VlCwf9`p}
zhk}dkdbmca2lJl#w|elO_26Ik;5*Mx@6VhEf2Rlk4d6q;rMCarw*2{`r~cEQnEu>~
z2XA=rU-IDp;K46`Qu=cjJox*7@3axR5f4Y->okjgXXx8M
zdGNEIEbR~KK$i8nPxs(^6el`OA51rYmJ~m&_?qJH0G_t~Kd<#otT>8EPMmgy(02Ys
z+j*?M?`su5|3YcMiE{cF51dKhY3<(vd?+|z=gX{zU)FY3bR6C;%?0;!{e!l?76%vN
zm!Tl^_cVO`+x}hp+Zh-y8vk!AqgvJe>;*pL_<_D$@t**m_T0~T
z@Uzk3wEB}C{EZ&`k39JIJoxyt)1SNQ!G8_-P%vr7=L&t_L9F8;&Qv0Rp&Kt}{Ftpj
zr}h7u@#`#Z=6yfLcgXRZzE>)=E){_C7trT1_?y~4@A>k#Sur;#{swJlT8e{v75~nd0F>W=KL15a)s14>-jYB
zwEFjI{ZD9pu%Z+W&jB{x2&2=wkwWT>JC)
zia%Dz?ZsOE60E14L1<@g#`#L%Y4b9tczpa{ruel$+$imu_MZWKD0rH_Wne9$j(G5fwlkvb+@<||6Y!luXrFKT^C94A>-n?V
z&YTh?ihoa^f!*o#&jU{Vk3V;h;-A$1C|LrBLvCl*wqy9TA<&(nAdE9$_<>h4KA5Qg{a{Fj
zf)^(6n;B2me~|H^MEzON*`eSji!0d;9$-9Ke-dz|JUh1SnwZ=qQY0?OM!pGn|D!7a8Ou;u*u0OK#Q_@d%x;=CCO
z<}40&h(A@}Y3t6sr_dy2w=|rcLPrwpTFjI!gvvn*LDsa
zr1q0?xwkNW{0yyzXUXUPFdoK{F#GEm&YPj2Wb5lO5WF9FT7SOI^~1OmkJI+|AEtJa
z_uM-eZ`tDtbx81Gqp
zMDdHSq;^hN{3gX;#<)3kgWyKR?_)fSUvY)v(^pYDFSYH=EBg@DESEhU&k@
z;*(nc?To+9;_p-Zd{h_;%wkgqBz=C#6xDy5t#8)PuQDFS
z%`o$I4mQqE@D5ww;I}iLJV*Y7@g#k|3>_N^-f7!8Py2Z<<9A!Uq4)t@z=wi&S^Nu%
ze}wV(SbV4A7td1tpSCz&hd)2Vc#^(-oAG;WeY0-&Tu<#J>DwKQzt`3`^zbu`zdwOL
z@dj$=0~R;y;TFcjxE#;be!iXY58C>s{RbHT1&bT{{7h`vp&&`GPBZ=?TYp5`{|4hp
z`tu?XgrVS#
ziwXj>9?pId)xX!)H*|iP@i6YkxIXuv82^Z^Z^rZR&D2g9_XBJ*e?A2~Z9jg&gFooO
zALjNyYM*P~_r))!=YGuMtNPqOXZ&|8{*dC&eF@e7gvD{J@aOj!|D?qYJ>OrU`k%76
zStsvjJV}4fx`pb0+SWf$+n;6p4=iqW+E*D5XYkJb{0Z@y}V@tn
zJFj6pNmuV<{A;$pId`7gq;?*(xarT2GyaVP{x!zGY4M#p4y9#k=kG1PU-6${{M!~c
z{KF%RC+Xg?7PVufr{VklKI7l9?U;UE*rxgqS=`X`{fz&k#gAxz-oyAmTO89ZpA~8+
zNw20E|E{fX=+*Br{;w7{&;3irAF=o|wE4?#qxS#J;y6b6^BKm!XYnahzeDx^!{T7`
z`147|Lr1=g6@NmP>WA@Cu2B3s#*=j8&lx{cxhIL2PG4E>rPJYG0iH%To&rKT6r5$-
zF?8UajE8Yo4F0E#C+W=YHEJhGAO1VzkGAa}()SuaLG>SFaa@!6^M{OwaazpyJpLrr
zPwtmjF`nEPf5!M@ZTrvB_Md!;+BwJKW*xqs@y93d|HJsX34Hl>YA1~AV#eoVjE8Yu
z%sxHyrRnqX1HgxZC))PU*M1)N)PFVC597d?=YEdyC);)~?EKk%2elu@f%$F4f0ywv
z4$P3^Pkb5G-)Y-1^mB>v#K|>=j*&5rFO!2
zHD>)>&v+QG#`N<8j32enHTd@!pR)L6+MnCrNbOH2@Xs(lYjN}3=e&vPhw*9*-~Ka<
zhw*Am`_H_S>c1e-&g&UZj?aCJzc5jM=*`s5ixT)8<2PG;Qs3)-#=|%^W?fzMW7JL<
z$HtuF?`FK3XlLh-Q~fZGjiHA>0eolhDqG*+_c9*FIWc?o3&73q+C~2HEv_HNQ89G}
z?xOa?crvE_i+~RWVSJmnXk$kiZ`uAlSMi>w{yVw-Q?|Zo|6a!LNZ_AkJd7uEj<)|d
zz|HRp@sCHNV>^Q|?#)guyoB+W+V%}SzmoAVj?KARzXCk1{nv8+SK4+Sr}gh<{52MT
zs^Y)Rco>()JoodAztPq=`z1KuZMP~XI*nevb7^g5C8)e`rZ-vIyV9uF>L(iAdZpHG
zb$gxFT2G61Rh!Lrt=emMD%H-Sfa8tDR=ZQjA4f;8MuU^3J&o?6cB|KEHxDgUJJlMR
zFV~#%k<~`4H`|`+bsDY3@~P=5w{U!+aq{Tua=p{2P2y3_dU>igGhCss@2yl8TdS4Y
z$&-^KrAlSKzEE9l_A2Pnt(BE_vr#)$4xchIiq7|{jaITRQ`a~T92xV~8!n^b@vy}`
z7>d@)T<2E8XG)djuxMm>t=e3z&$h2yZTIT)@@7Y4-!JW1toLrHHXHLd@{nIsKh-Ty
z&GdG4>%EDiGripvdbLuiG%{E1Hfj|-4&yUXo9UHGH4J2>*Qqvo-HBRxriy>c<(b}S
zv)=7a%#2qEq8~f}_`+CadJgsL^~zGcI$!S`8Y{2a?v{p+RJ%Rt#NkN6$V~54v#$M%
z6pc%D(+(anQn{gCqm_W(*7NlreI7%f!=@U`D^2s*LLU+Kdwh+1y{QhH)_A>_Fle26
zby)^z_Yti3cIT9-GSk~*rXt@X$0{?uy_JdidaKvyo#Fwr^NzuzdFL_QWgb(ZL7bS`
zTbZ0ImCNC1ZcjhL_ul-nc3y9bnhi&%h-G10tLB<&XRg8>vFXiaJGFH?Hk_R8Sz{&7
zTDSecp6EH1TJ8CK1Zw-Yk271ttF6XutM$rCuQMShYn0M}{Fg?}88}~W)_e5{oJ!^L
zp|OdXU6r*m&Xy9No2Zz(G1H;&>@DqT)lXC`Be1!p?lgT(&9R6tHh^F&++M0J~mr9HY?m6O;tg=)(jwCYuG;j
z*7_;%v&$>h4)%$1PPyKVMv$2)XMSRPqNo=!yRY#1!7E@pq)!iyU1AkcI##I=5h4;K
zTt!AYWGRq;q;kzb$^@iQk8AQYKGXA)k3EK*?pkiI)x#~4i%!up!d8%>-ll`IR5?Hw
zI1t+TIxT^jgE2CYwqNs%Vwnj5=xxeAPhEAn9)efE{i$RJkKc>$BQ&c1MOW1JH0y9H
zw&xUWPtTjp^u~ItE6w`E)l->vBoXDAk;=@d+zo_^ffn)^;2B9`DTtO+ad<}LXQ`&q
zV3PK4tPk#2LB1?^Q>x6;a0rc>TpliG9~UzgrC3{~^3{0pIG>d|>bQ}I3!*e!xe7OL
zxg1lM(r0RNZg`zZcr-tV6MB6m?
zZ`V@&WDL|9bEPgatg|;Hi*WW{IeF~hfyv6TBS&V+vz6Hc2PexqKUqaYhh+xjDJsG_
ztWzq&3%65l<%o=EnCFoeN+|Q9%ZMW@ioH;zP}vD{uI3^2M$8d;p;#9p-H&wOu)F{$
z9VY)ogXalC%7sP?SB-g^dKrveD#a7|-N7*y$CXb8hi|;JQ(w3g;>VLGE0}mlIU&aD
zovN%2+b@qnvbS0S#fH(g#*iD4FvsN$je$D>ml}TDgv0m>Lv2+`+
z1i3W+h0xPKOqTdJA)ro3u)%tQ0*4K9Q?n3fj$z#7!R;ob<3~`>(pOMl+E92MqT!7u
zCJBUmPi02`qVF?LFw?_BQzkI&sXS@Kh`TLe`^b}WwF8kY$PAAjy##L!aC4S;XB)^}
z7-@6F+9o!rBEUR?7L3MEk8B+LnLMBHRc+0M#$79o-lTTbU=pw
zOyjCrkt2d%F#AwfXUvXGJgPLz&*Jk5%VD!m!VoxXsz6C~*c7XQbiQyP<{+Jr+?wwf
zDy*|gFYcl)y=!>LW%@>Yr&j7R=Pq0tsdk-npT$R!@?Ez4dg2=r74}rShuf=IV9BDr
zP%F-eE_DjTQ;&YP_3>)=V7uK+es#3lxILxC#z`ew&Wn{s@tAAt%X9V4(du%&YnCqe
zG!&ZTnJdHGjm^~;8!hQ&F)dB
zoJ)ih4w5VCo;Nd^or;WuS6S>W=|ai={ZSHMCzl!46OB@M0&egWU|P6sM5mR?AS
zHm!a$CkfacOFK5*XxJ2yA#)}b`iQX6BCc)WC=}9~d*nwif#yMS2u3b}=8aN{)<29>
zzA&Frp6tY;b2$!B
ze7^7(GxccACwMBAcys8Ko7pL1y*a#5F>f(eYu2lJm2<~xccUuMK-D7jdVXtHk
zrXt=eDjP_f=sinS7|k(hJJJ?flbGychJ=X{#Im(p@c`fNK|#dq1u{=kqO#9v%g$mx7$luQbanOx~i_g-_nR
zl$0f;Br2tCFNA1MQe6d>F7MUB-)5=!HiZv@h_M})v3R?Ym5odpos{#>`?w7-o+(er
z&3>k|RUi|Z(t3YZ)IT&bdj)cjDgBG^klwDOa$+g1_2b8ULU7hFts@DC#nw7^bqHl~
zPP39@-CbMS029GI%%mF#?e@LeZIFxg`k$f|kOAR?azu|nrb46T*6MN@@*J_uJq#w*0-k4>z>U5gt#?wC#9!zn77~dE4<(
zIsX^dlXdw=cyJJ?|qnNcsAGzc}*eeNvJJdaI@pLT}}M)KK^f|JOG_uFM9H
z?q1)nPKcYF4Ih_ZIYqAKD*7PfS)$}3y*H+kuUDqr==9_iijX5)rGHnH@+t3@+Ddd7
z_PTVB%#+A9Nfb5qebVZLuOnI(w2IrwUY0k_lETH3qEgz|OC>0b4~x4Pl*&;J7!QFo
z8y%IjmioU=gqo-JrvFpaUgfCV&{7*Ijll}v9Zi)?Id6k|t?JU*Y?T-N|{fVbWp5MpIve
z6P@F2>`{jy^g`u~`_3pg#R?|Gk5OXnS1BX
zeP-oBP3W^8V)FUQPT@9cg~sba0LGz9f|hc4(<}%At<<_v&d4`IN8K)
z_&f>nUO&By8~*(|iK5PD6r2Ye0d+cgKd|ZOmTK^wfpN0Q5PYq^}Os&lQEk1hYNXHj7}nBJ2YSCAEO
z&pdnP9FEoJP32j)WCOe~wj=L&+ne{_Uou|vacnK8(`SUo^LOvCCY%!Dqg8LibeER=
z#XP>xdwOR@z3nA7iNEp0w1O@(w_guad$iY?6m(8!=PdxvJBR|i1$eGyAvet7l)rXB
zcPD$7V9yJULRx#cBrh6J+gT0jndb0r!08(bJ0ETdZq>zk#ewHD_JJL`Rg}-ix+A=B
zY7Ir&2lfgGS=Q?eYx4vINJ(UEr&FuWjEhYSc@Or#Ia)=60y_l;g)DXt*Iv;1KxS3z
zyhA?E5-vw6uXB__4!_%9$a9`rPP2E8hjY)7FCd_O;D^Bh@?r0m&LIu%6%^d5oA-m?
zVX8FegD>>)acA59{>~VpMxAgxg`5NLt+;?d=d)iy9XmNM5c08k|JtPk+B*Z9vRZ_^
zg+gBOVK1I?20CHcVSoRkp62epN6dX$Q605x_PJcAkas|YTzkT@A*Xzv
znsk;@xF1dRls`b`+bViDik}OAUFYpKgu>48a7*Q>i~rT{hH;Swbh6&7c6hD=k+Flk
z=)<|V{L?{X;UIZghK(ZM)O1ql$=5eDJ6gzTG15{zZ@lR4yduOsC+)NG?zP*dX}xE^
z8`9i;g^5f-|97ua$@@=VrSg9~sT?vg3%^O_kd*(?D_wMq2WKMPD!JFqkR}lJ*B^L4
zmlS?=V|OKQ>I@CJ0enNv%ze{9sE-D{nTvwES{XVOdmC>_Qpx3}zltP|a6!(SS{yjp?poG&bqH{V|bzTk>?7Sk#nKty-
z2a3=Swr>;0=Vl>iuyaJ+2^-Hocotv3<}xWCq0d{eMVprT{4v1ueg)^8^$)1+nQ(UI
z=?ZZ3`_qJ7U>FN4Mbz0jr|mftyUq~US^X|U|M0wC6mFr9BRvxjHZ?}g=rvX3%;bjY
zoRY3OWOfK%F&?IL&hV|4Q*x=7H*=eiuYl7=-GOVUi5urH0XR?7?Zbp`>Xz7R()GobyJW!@tQYciw6kGEe5tkX3VbGt{m-*CV$B3YjPgd6l!<
zs(rm-vV!vtVCSsT*8uCQAYY#*Ott8|i_}^F@n64-)V(?Ui#K-uce8`}{@Lsxw8>iG
zSjm6YD;9;eiktULp8D!ao!;Hsz+p5^Hxte-(9}$r+6dlXgj>pxTaN$cHPnB;)A*0-
z=1os9Iv=?T=+dTD>u!I2O1+tG#ujy<(Qjo-b_zR4cJ
zor4N_$91XUE$7Zks{UVAg=c_@6WQ*vntz#-r`hub=*rQ6!0x>&dfwpe
z3{UL#Eli95oV$3>-KARxzK1$tI-x?%3fFLMw|PdG#tdQFh)u3S*RL+ISmI66%b*|XnxiUFN$vI2pt{HYVJnGOpVd%`ZxKq_m!*wRs
zY=x3Doff91rIqG;4kLVK1M`K<2IlpAZa4H?;OkZ$g{3X{yDM{G8qiZq`JJiU|N7u~
zXJ_2`DtF3FE>|IaV3<}$x&7SV`QvV(y50Zd0Uxe5wdFBBZhW0S$-VRbum5yJxDBS-
zx3@<`|NAduxJz>24_P>u3hRL1Op^#T>*8Jv^-sAt-QE8|0fL-QAG%ioCx9-}x#pbJ#ks>wzaZ>%}H3(j>6
z_y5h!wP)>fr|#YUSAm=t>2&+opVD_8tVy31-giGvOZv;ZpRnGsIHxV$u{cf5sj`3j
zw}50Rpp(iOeYuYpS_ijt{^p10KIrwUVP5wag518(-`}0ob|+aw70SI4s^nZQom(I`
zNX9U7r{(;$q1SK1$-#evNVnkb^FP1S`ZxD>?$U*Sw8_eHcju{xfWQ_loc9)X?btF*
zBPM@m
zLp1uAl*2U2cm7V0(}#JQQeNkAsQ0EJAn$*3+u(kzFi4_Cm5
zBHXs~SEHHIFf!q7hYV4@Q-^<*%K2+7A%h&}D&qa^7QsQz2b7)JrN0=f{GFQ=_YvCv
z>1f`a&~|pkd8>k_Mk>1fgVTS!raibn2>ED=dm#=PQipv}Iye3|HR#Icezwc)VyiiS
zkJ3Km<-88ab3JzU?X|Ny;k3{G{&Y`Y%b9Wxxv&3^HyvtH&a+|X>g}1BbFMp1KjHbq
zV|oAP+mAy&sN>v(7O-j5P$P~i?f>DQF_a;Y+t2@#KV#_qE!uh*{vcz>qtno1r?5;$
zyPpPY?ffl9TcG0X6_4!x!5>j`VZ$CW1ppS2T3*DBFLhr+TFtX=TqDd5IcK8vyJXE0r?xWulZrv
zMnWxub@{i`cFT6`;Jo9({oG+#szENoq1V^_c^AS~O8a9YIO;4E;9LXSwCdn2plt8_
zp`Gqw93s>6ijdwiOm*Nk1sn;v-H$!s^Zd87gwO4&oaQN)a<><<3-}w_w0nYwe8MzT
z|Jmbzb)YbZ|6kNTq^Da7w;hE;&kdcJ`$DZ;dGt4!kIdZe{f-yzhLXL
z5BY~Zn79AZl6{(|Pv#
z1Lh3Uyay}XMpEzzAK!ZsUd`Xz`t|YmUo3Mp91@Vvd6%B^cXR8ze@L{8y|vjs5!0!Am*9XNZMt;p9_aolkk|hbrt|q~
zY&YnCygl32hk9OS=QEML)%brz$p`=o?EN$2SYZ6KtmyEEVx4zNJL3`eZaT1en;v=H
zIm@nX0)pB(e{DmYeW3c;B~+&z9j{Af9&q>MER#*
zU2@ysCgcM&K2V+aw>>!S?+|d@-*Mo$zhC+A?clh-yTNgPqv!#3zg32MNDhwib-?RE
zd~0xwU!`vK`JL9!R)}u|dG>=>0)GJB7(9)8ken~e|AYL~FDv;`_0sBYI?U6Q;!kRP
zEAmU~1AOF}K=HRUeg^qN^{;&7*-h~;H2yHTwZoI-Mf7|=3;FT9dn<}0bn5}zVRCS6
zhnc~#9ai$;b-}S6HUh_X@&$N9IKErJG5#SqmftU`?3cBN(pnGE$;+#!RCntE_ctpz
z?r#+zULPFyw+T3we>pgof0w$IzlxS~AH-uhPlIDQ?@*qqn&%P32S7dNi}w2V@V>g0
zr>^Fy4)Iu?j^NE8{}3N}#`=h#16~sHtnlGm!Lc5WfCoaJU%{J$M~&{Sham7o>JEAO
z1*?Zt5Z?mgyHk88t+#bOqkNA5O-%R75_=t}g
zL+Z`yCrINHsJrJE)=y@NZ>jOQeZ-fh_%<3}(MSA8;K6WQhEbk&nrAG;w}kk~5dSXt
zY>00Kz7XPzfiL$FzX`lG#P0@g1AYX&BKR5bw&0J!KLn2*)7#G7F`kXbvVgY-F9eR~
zqd#~Dhz|zu2tH8Vp-|`12#CjaG7r2Hne+gm^AslYLR
zR&dN;0vz+y1IK#n0FLn=fn)wL;Ml($RkwORtL^+exs4yLktcJ1(fPUs`EmR(Ha*<90iPV?Q<2N1pLM;^%_n
z@ml4>w}a#U{tS-&kzX9|{$hU=Tb=heF~s9}G>qc&=<)r`hp#5L{^)BT`43RM^+(5j
z#Q#k3)*s#V5g#$G)PwD>^+z$(xqnGT@zx(@@)2Kz;;la_;MgB!0>}QS
z1UU9b^}(?}Y6*_#U3YN2u1*5S{%EzjwJW=Bd=2q<9vub8{^$}omgfaHp6^lPd+QCa
z=c&LkPeC7E6&&+70LT0tz%l<&aICl4;26II9P@7l$NuP&x?9hko&VEr#V=X{Z#{Hz
z+{Pivz{`Rc0q+K0Qr#iH_niN;{PiFnud8z*-n~V(ergHC_lEpiz&{4xPkCm#1#rHO
zK|HpfTi|^lPtJt$d+v2?0C;(IH?3RF1)9H>4{u9;RMPr&f&5sWq2L2yyHmk&UT6(C
zo{!tWv7HoYO_&A8K4UY8?0A3#A
zdxPVCeFBdC#Z+*NpAU}l>%lR8Cpg9*2gmpe;28e^9OM50$N0F(y!DLnnZU7r@_=I=
ze{k$K+ks<$*HztZ2L8_fS${VY;wQmznGTNq;8Gv{5b|UH_#EP~e~h18>cK4!#wS;I
z+abp10-pxuECoItyf*j@@aF2aUF(0_LOh-q1HrNX-3^ZY?|I69*xiuxb<2mpfIKyz
zoH0|#?^!vmUrwOz)(_sFW&?Nk$;L$m!LhxS2FGz=U2yE*TY+Q$-WMFVI|3ZHI}059
z_m$w-zwZIZ{71ks|21&z-|vGrf%=J>QtH{QPt2bH9P{S`$Ns%HIOZ7&j(Mhl<8fc4
zZpYomnJXY3kNa+L-0op;-0oR$Jnr|val8>BmA8IyypaSPx0?YRw_6%~7Sw+eaP0S6
zgS&m2wdY>oSZ~ABt=@LK|KWU%g?OyDh2U8J)!9R1KY(L-&Z%2@zSHttgLo{@
zbMQG%tnF{q)UqFL`^54j0LSvA2mc)Mw#zyl!6x$9~~ga2y}L1Rn?GjGIQbr~V(i|KWU%hIp+1
z`QUh+Uk{Gu`2igF_a|^XUf03#cs&RI0_rD5Mk%kA|Am%6F?n$b^Giiu^ey>8di6-o
zKdVFjycBQi+loRw_P-xcd;`rN>?8hTaBL^z!Eruh5#?{J`By+Zmgie=tmiY}SkKqN
z@w)UB9P`A^B=r}``G$Ftfn%PW;Fza0IOeGWj(M7a<8^X4I9?~$f-iyNdm0?)@$P~z
zh4@$C%fRDg_SOS#w>tQj5I+bUw>uGhIm9mq$N25wczrktj_v9K_!!7vJ&U*eE5KWW
zV>=uTz7pc+gJb?p;Hx115;$H@UV!6v(`WUT6R(p+!7;uyI9~Tgg0F`1%mv3h%fYeT
zehrT8_B=SoKLp44m*CjW-^%9QUu@?&z}GqBL7yB^jeAFc8AAwOOZ
zJA&hOhk>t!^6UZs3jBh)mD3$_xL-d*JYL5hg5z<95FQ$L($f-vrw|2#)#hfn)u=0N)IG;^vTgbI8+9tp1a#
zyY-3npAj6}b5S2&4jkKaLvU=*lfbc^tOm#9yF=Z|zfRljUWnfU`+ET#&+FUZxL?2f
z@Mt-u-rV}Za;8zY@>qRlfq1OXlHj;s^}w;5&B3vpoz;1}A3;2B_fv4pGv9}=0LSCF
z6CCp#0LS=C;CS3)<$8U6ruX56efWpqli;`y1IPLNCE$G^{xCT1*IDrL5dSkc?(aLf
zWxwpW*nDPTb+`TWhCB_xcYyZ--w8eqd>8na;NO66R(B}W`Th;Ww}klE?|6?3&huwg
zw>(?)yer_t%R?UQf9q1b&GUZ%@p#|S6?`|8vp+Z$L)>+-vjlw
z2ps46*MQ?Z!!B^Fw!B=%l{l4%O5qLGStvugp
zdES9|ERR3^p&;ovyWKM#B?fp-JP
zeq^}1m2-n$|HnZ*mU9s}=Gg?k7qbBj3?teI6=O7;2+e2`y|5xBx|1k?l
zK5qX>z{^89^MGR>e{gKKHNbJ45Co2SI)G#RKyZv74UX}1z%hO)IL2=U$N0VA7=H#F
zmTzZ1IPHB;22*T9JgB!9OFL($M^x@7(dB}F9pXu+rhE@>;uRB
zx&V&js`8C92IS+v2d3_2T%Xt+X%XtqR`;iym*e@q9?5%&C|IZ7K{Y6FaMNkio
z!Lj^(!Eu~F8yv6mhr#i>dJY_~t2e>1{-3B@{Xf?F_bcMvU#$Ol>K1R;|6~x~681MI
zIF_>hlHoKJa)&<#^ft+H-+q>O6kP3y$?%9vthrCOBTNT7YAokH9g{
z5OB;h1swBy366O-fMcHh;CTIf06rAzEm<*dJICh&CBcV5d|hySE)Wck&jq@J<9648
z<8y)A;JDpC!1qIW62I#$KgMST$Lq#>;MlJG!N)-UP2l)k;21cz!{^`!AWu9!(cE^3
z@fE=Fx)%VB@iV}2erzZB8rbe}AAV8Y3H6M(Gr9$HzV49gKm8t(+xs1!sJp+8*N3?8
zdD3~-dtiAo`0xVYYoYvI!EwHEHaOPXdT^Xq+y{>H;Xi@ny!3r=oR^MO!nRe{(px`x{dpf8
zk7F}%thbNB@i>kI$NicNj^$qrj@#V;j_v0pIBxekIBxd=IBqvnDQ`WX=K;rhD+`YC
z)xa^nHaOOEe{kI2i9URZ4}Spu1Duaf)!pmHA?N?zcD}n`aZAg0_c|~M;?sgR2QLGT
z^Upy(ysr{tMuPA^$z_hTu{BUtbUL
z!7+bc@F9@rBXBI|C*YW8GC1A`EmU_>hiZq*As+98z5&PW9sk>|Jo2m-Z{~
ztsk71P7IFQO%IOSEd_oG>a8(2&P%rf$NS%&;8<@%)vexaUiwpr$9h`;j^$qkj^*D1
zj`emB9LsZ7-OA(M+q+*^As)-~4E!|IPn7rN_aZspusrd>u{`O(e}X)@z(;_;2R<6S
zJ~+-xcLvAnUSDt=w~qqH&)Ka5$Nk+2j{AEV9IuB@!11~ose-rOM#6q21Rn>U8GIgi
zDR8_#*HL#uJ?E*-KQw{(mXN0lIOZ7&eg@(vfMdIwt8Ux1`R64NkL_wZIM(xiaIEK(
z;MlINfMY-V0vz*1t>~?P>}QjMV|*rXj4uL?@nyj=z8*Nn2ZCdKH*ky}0gm-B5ghX@
z2FE;Wz%hOgIL7}3j@!Kpj`5KydFvVDlYwJ=ZXaG29P=~)$KxIZj{DUM9LK|7fe(dt
z{yjLh^Hb{9&hNSZ;e1_$cx>kn!SQ-KesZwdSR6dcPLud26xupUx@
z<8jOej>oYCIL;eaRk!_G;5Jm}t0B3~3pFFRdE;QnkMly^DBjv_ABe|#7!AG>>SrG1
zvGs3DAs+MmK=C&J{G*TfN8s2FUxDLzAW=1`C%3w=oH^93KCPVjAs)+FhT^SVRq_$v
z92}2(PjEc$gTV3nISCx|ECt6r>%cM3UU1BF4jl8`0LMHp!0~#XvAVaOheCU(4vzEK
z-NA8wcog_j$TI^R=dqW8<92U@e+hZA*YK7Tx0?_A9K=@!$M_Gx@jBKW9NTAKa2yZ6
z0>^pmq&28xDT(O?u2^A
z$#?WRR)^fKV~xpee!Cgu$Lm-xa4gR#A3hU&EtLNj_*dXbYkTVf>n#uXI*2a^z8<^|
z_y+I~!Ev5>82Hx^KLs3*`+RVWUk{GkJqV85y$p`?+Yi7of5tlA`oZ>-2OQ_O>w@ET
zsjUz14vyEQG2nPzIt7l$@dY>@ub6eE{7w~n+Nbpk3Dn)@x&`V#Jvi=fZgAYMVm`bw
zIF>U29NSxea4i3);8>pN;8>oOK76+iKLn2Te;FL}{{oKj5$k!|2_CN;;8+i(e0W_S
z{;|4y9M3!d_qJ@#Z=nxA0C_IL@jVA#7W^UPxdQo<*Z1z%Rfx|4j(IABUx)Zw>JItc
zg!~;K{uadd1HTPE1^f>9m*AJdH-O{uI-%}_hAPh;h{ya-z%hT)2HyI)3){^Gj`h=0
z-Q8|v=YJ{O|8u@NK>P#9GZ_3K_$11cMf1#pc+9f~9P{j^JOwn*0f@&u$H8$P^$z8!
zqIn)cJmz@;j(HL`l=`sx3Di6()!pkA=E(?-d5Tk>E}Ewt#ABW+;E$l5+ftrBnx_lI
zKZf{m6hA=Yr}~KB0FL*4-&3B^n&$|_<9**b@ZX?3cfc|KOUnPfTj9=Elt%L1t!K=i
z2)q{L&!+DFx?4o|p4|P)3-S0|sSG%d_i9p}xtgaT#ABY;;J9DCDbGd^b4m*99N`%!kKs;;jeFlNB7Vx23?b9_sq=wmy8251;PC7lLEIvlJZ1
z2^YYhz;V0{j_vB1x_g?q=biN<5kK(O54NjB;7=icI&iF?T;N#GMZvK=71XUf)*sb?
zcq~s4IF_d)IF{#Qa4gR-a4gScbt{kcYqKF9%d;9B%d-_6%kw=rmgfXGmglOvmB;$W
zI}nfMc?FK;iP_Y9e6c)9z_C0Tz_C2})U7<$&lZDtEKgN%EKfslEKe{vmZvi~mS=#v
zmB;$);Si7InE{UFSqzTlSqqNkxd4vwkH9hh6*!*P@dI9eT(W>;o_ye##~&Qa(+C{%
z1cPIqUf`H#3^?YQ3XXY}fn%N>;FxDWIOaJIj(Hw}W1g4bnCGo#-g?ICXJv4_kLU{?
z;VthvmigfLTz(}u&R5?C$9b@q;87rdiauq|0M~C>q
z;4#4GfaCn(D)91|D?}P4xW1c9@z59!K5`kl$wBUGrGlAprZ48d}FhV_|
zvw624wDI|Ph<_XQYbM28KeYhjV?q3SaIEKD;J9B0DgSC6x1WG`EYC%Xw|@Kv#AA7$
zfn#~11bOQp%aa5=Htbh=^@v(;)<0&4c-(GraNKSMaNKS~aNKSSb=$7>gY6(5x7!aK
zw>uIXw>twIx4TH)wrl;}3W&$;?f}Q_9stMfo&%5bmiPR
    Er?e(fH_<8~vq@E%9p
zZftPeZZRM3502+o18~d}1dj1Nz%hOxIL1!|$M`wm7{3M_KLn2tz7V_}_Yl{^8_#G=4OBTlI0|9n>e1cTt~8-a~yRd2jX4
z$@{4Kn=J@0o2OpRVyc$nEc(?Ixe6@q5V^sUIL;
zs(zS!h5B*wHR`9x*Q=i;|3lkD0k`ovU)B!K#gTs(A+H)&yf}FZ^-|=W)XR}aQ?Ec?
zM!gDoA9eR$%>8n|x&IrW?w(Wbm-!I&2IRxln~;xIZ$>^&y#@J1_15H5)!l0>mS?7V
zC-TqLyOA$Y??wKFdLQyH)d!HTQXfM8mAZRRf#uw&KAL=s`Z)3(>J!O#t4}50t3H!F
zj=Fm{sUw|3$j63=|#T0MUYz;<&&d@1l;;QIK{vt4)W
zWbM2K#Ak!}kHK?;j{?W@VhQ*=5Wg8b5BNbJeg!-)#6JYb?Z(yn6h0sQ!STE(1$pv8
zeryjTp?-Qne13?><5d70+c|nU$WsvF^|9xl+Cv72F9h*;z7z(>c7@lscOg#^h}XwH
zp6$A8&#gW5hIl+LaJ%n9Jf5e;!Lfbjf%?Qe??F6zDRAs(OM_$o{sQvj^{NcSgaBNo%z)M1WLvUSA
z`=|31`_o1c@2fw>{l)8Qao8^IFK*X;H;ebN4eE?w9K=V83R7<91hr<97Fg<8}{%
zPFGHFz)Z
zHsF)N+k&qK{}B8rcsuZ$;20kn+5^^4CW!9_i0EGM>G^lK20#|y`$*x%v#i;l+y?`K2Z??CzW
zW3Qh2!SP!LD9>1k$L-?v0k3a(Jqd<9;~-B@a6I2fgX48B;~V|yqK<-~ff502$&503pWUZ1g?
zSkKtcehGOdLpiZMPXT`b@pxQf_}H(s5I+s_;JAG{cm{}{1&;Bv!SVWl?GXDltcQ+}
zAKT$TaBPQIZ@9l}ARdn+_EQ+|tDnOD1A>HQ*^Ael0lW!T5|2kJk;XpLLK2`?dAp*uQK5$N83x
z;8@QXpC8KeHNjGZ-b8GsGX1>&zD``
zrJx?Z0j~~@`LX@)hIkyO?E&u(d76Mv0LS^jDd2cNJ0BeHXIFsZ_z>H}x3FFG@4&IW
zVY@8@`S(IR=J_5x1H|tG$MO7raBM#ZeE1PSal6gH
ze}wH~IZuLP`@!=)E#&dlKc0p>nExkm%!B)d$Ndb%
zf3ci+pNq$<6vSgY!R=mv{CM5_JL81#Do->mr#sBO=#@
zd4cN((DAuBIzBf<@1Wap=P}Uxf#bTDk>H1&a@stG?XR21tq1dL5RdC~u>NmA{a}5%
z>u2oC^1H{q0(e>taNX7-x`g>}`pECDBeE~dUj{s_2Dte@0>}KfAV0=qd($+2Zl2pt
zyzM9ExdVCZ=WaZ<&%cxB7aw`BoPQ_Jum3R5T_5{(5Ayt-?cRrYtOq==F^{k9K7c%b
zC;lPCN6}x1;e5BbZkJ+#M|Td+fFA_nlh>OhkeEDhmq2pxs7{`Xkp=Aj(cNw|_u%VS
z5&iDEyWNVqK;G`l%&**+U$TDLJWgKmV9I0Oj{Lia0wc&RejNE~eL%FF{9$R??q>2}
zoxt8sJ|K#mWXH)Tc9J~z$aBtAkRSWm{vOc}Uc60yeUZc`Bd;?LhXVzgliw~Y(1!d*EZJZEwUGRYQcB=(iZ2#h%K16D?uI+Tc
zteneqAX$Zc)EJ2iB0r?(OIz}1S0sKE`LOa*PIoP(`(@j0uM-jr$vf#l-qyEUeAgE8
z`?k*9eCd42e}M8-cqQ@nT+-qvJdk)B3z_drDjr*}Y39Yg6;DgvPd{jqle|POi7!BY
zTyHEYlUsak^1G9z{B6m<9w6R@JW>?d?q}qG43YR5caF{!{W6zlqNvw>E#%qsy#Ait@*E+bbx6v2i`?QL
zkmsu`+l{IHq}4--dg2MlOSKfwLB9Qxcz*Kd*~Kf9pV5UIwaJG)lJfT^x4-W=h&)C#
zX%BPAC-0Fwi^(%+|G1gl;%z;S)x&fhIGptnf0aD84$S``xBQWH0A%@>C6jVyCAauI
zN~n@pDc?Z_>@8+p~~5}+y-a*^j9rDh<$#$QT$JOg_gy`~ftG7G3>xgx+~OyaZ_xq!a`NN*WdGNZ=ZPWp_C5J`
z5oNna$aBRPze)a+j>qnkHyyMmmS+rk@>h~)HTg%{-cFD|o+I`0fc#h$@n_`4
z^hPbdPCUBR?bfHoCnx_!$5;8tW9oRd82R;IrTn$XExr-?tYs44h5VfM`@PA3{8IL7
z3c1D4A+M|xep|>bem8jpeGq+#+~RMNZ=EOQi4se`TYWzNME)I{eAG(W-yGx?pPxL3
z&d)R=xA^AdZFGWa2)V_NCeNk|qL+|c{A%+0+ok-+$SwX1`S>_e4^PO0s*3w*KVbFN
z_?UPy@{hii?WQB|t>fns(%Pb;uDbnGEw65kQdPfTt&#YWs-UhAh-BdzxA;@!-{|=86?wH6vfZc&
zL$~vLI&YJYJlb%HD@H!;sdzBC-)!;rL
zex!l;GxB5yWxrDD{feD;7N3#4t&ZF6{)XdgQ~b0WlD|8-mNck6&
zkI?JY_v99TgnVRb$^V4h;{9}-Zu`}1p=>ujxy5HE?>|!Zw+i`cz3-?)KDd^|_aGmn
z3vl|8H`H<9404N~PagGvyr1
z$pZt$QhUbwh;Uh=X!k5_@btzMt2lh3FmdHR#z({bHsax3Rlax3Qo@^;l_
zzihpO)x*}$WxKm5-pcts`R)>u$KEGrdG=ivkE{z}&5P;vCqB8AKQ+0PKRfy6$dW%V
zdAZzD{tDz){_5llv>y7CkJ9Vrc=EgbCI1ZaQ<=pVkbl=se6zg)oe43OJKZ@Mui#{ViqR;mi
zlhzJ42TjGlBrox;bVbTpfc$b+i7%<&E&uiQ;#J9QopU4dKeRrZ
zlk4rZUvF|-=Q*0();UijxBPR-Z|gdWZRA<>`m&!qSAvM19Xm!IbDh-B9dcXG@Q8d<
z63G)ao79ul+XS7rj6)uz9c_AY8-Kn-ZtIzglh4d9<*Z0<_an8*f7>PT&B$$CWqa}m
z+J1VI+i@92etfR%|3vbb+MmuKuRmYnH%su3m=Ky({da_>^$!&eh&*TMCOZ+Qx
zTOSoAd+6i%MCV&Fli$$eUWGjVZOLDge2vaW)g$k$-kN;ib16p;@?*&*{{-@LJ0*Sr
zd9Lpzekplu9j~t@PZU}5Y$J~|RPyX6e=tJ)BzXp%Z@EgIT(9T%$%$51v(aU{XUT8reE4JX`%@+U
z1$oo$;&11a?{*xwd@c2pjJ)p+iAzgfsFB1MAkVL#<9L_+Mlw0Rb;vD$WAbx4KirMn
z`q_`ktG|@;tR$}+Pkbx+&6%=a`^h8462Cy+cD&@dL%t!h?AKHBqa!3wgk197>Uq%?
z$&;Mi;?tAg{#N4OCAWGgOaAlUw{T
z@@aJ?|2=Yh&i;fvgU(~b)%zPe?lvw>Pj2J1?Br2m$#%<-+jz1%x#g)(UcR90Z%^`@
z#l@$PFVYu_t|Yhh@LR}j9s6$bo#mwbXUT0n{7rJpbD#W0dC3!9&tt34ptMr{c;p9l
zejppU#pfmW*L6V^$!$G+O>%oq(}vvE!*?d{*-FYeg51`_k0)=e*TW^`wjO>p`Nleu
z|9f&dEyn2?^X|X
zUz~y5^5h^t-d46-f!yM2knedQ+iOE^@tw&_>O8||E1{s>0>~{-EAl2f&Kp2(
z@x#fR>*vMhkz4#y@;N&HvzOfB50fW)B=z!u+~S{+7pyMvDT{@!Pm9k;ZtH!^kXw8u
z@|z{3o?DYwttQ@y{OwWVBgpN(W*qrjK~nDJ+uIKhf)aA#%HKDnY)Zl9az5
zxy3gnPaxrbJ;?1os~`E|&*T>-liPjPZ1QghN&I?pyU*H2zB#+Z|4454S?9^u^p^Ja
z8+pk65&7t=l0Wf#^4*S0$o&!dO`W$XL~fr8EO{5|s7y51?8UjMA#>~q0!$=9cma%LsB_&nrWPD=SJklW{3YLKs-CGoAvExr@^
z0v*o`C%4bBjw4_7Ldw5{+~QZ0U+XFH`^fF{cSp&;pDyLUPHy+nzmNx9ko<8<$?sYH
zTYM7oIg=&6D7nR#CeNzRp@PUQ{zLM2^z&;I$n8FQI{8!%dm&onD
z`zHD9R1y8$uZX2R-$LH=VE5fI$R{k2`bkY5d9?g~X7aPcCB7Vao%bca3i+K#Ql4P)
zp?ckKPkt+&#E&Asq0a?ABQKR9f@j0)$vf!hjJC1wmiUw8UG(|F1@am?UizK9ysj60
zMP5grL>Dq^CkXwa*KaS{{AtEPg_>DZ|D1XJ&&@IPuKnO
zC%5>jpAafNo2^4jNZ$GnsfVoO7H{)&mZ$kolD`7Q+kH)S^16v6e|vIUht`dJ
z@E4MQEcuL$l4lmV&3h~*w{>D`$UCHyJp0IPe&8&*-S6KdxBU0X<7+#Nt>=@~o2^4j
zL2m2NGLSFSd9&i=HXbfV{?>WfulnS+4lRJZN;awIF66eZtUtN6!x7}uw7-}|ZtZ6Q
z`Okx;oEyn4emi;d?dxwW?o_+auc
zw@P`sl3SjS$y1hiQLzqc!^|OHdlecBN8_BJHc91tbA@Rq_ZJqO3^35A0{vNr-
zKOyg;M=@)>#`
zH-tPmvE-RcKJSV667s$6WWV;4+w+douARCA;}hsmRT
zCwWeh?+zA!NpA5`bbiI^v;0hn&q;3cl?BKbCzSFuBDeVFWJ7NuK@W7JrO9O|ay@LvHbp$YTXbynUY4>doR4>2q51vA;@r@{?QqyX1%U
z{Y!PpE&c=Y%KG_>kI5~5Fu6{*_$?&2_~qm$Kb8GGL~ijX$-ma~?lJjot;aver)-z}
ziEBtbS-si)X=?IE(ldk%Y(+@7D_ClB5%<&0i4biLVg*d*kZCk=VP+mfd+c~Dx(Tax^p!V+Jf
z+~NbsPi&F+p5*qNu0MJ3M2Vk5Zu3YB$?bXQa`KJ6rTn(O-rAMT{~Vlf)joh9W
z{6bz=pEpIRCBJ9+o41zo$0k2HMLaXP#pfnZcu(?HCb#DuwaLFoF7chnExs3d%==QF
zN#qtki#*mJl7ADq#qT1I+gPa?N*S@MW5GvOg{S;DgS5W
z)-TK;AFj{KY<;@zuYLY*2gSF1CgnLtZt>U1r)&L2)OkM3Z_h_!kbkG+ge>G1{|6UdUNe{6;+K%;)c8H*C-pu5
zm&xaSCENX(e6!ZW9rE0|e(XN^jDnKqH}Zs+rTsi7KQcz*1}L+X%!-bnVhG5MrZlBhX(
zCjH!Q8}gB>Bu^*udtD_@Px2MX#ru)B3Kai@+<(9LDDsqA{_*7J_e*)Ek&h@XdFGQ}
z7%je>{K_oxZR8Wmi+@Lc_oDa-@?w$1&yk;cPs-`1>np9jS$s6|U++qMBl60_B!6pi
z`#kIb@~!hFegwI_H)#U7y=QMG`Oo^ieigYrH{3v8DXx@%Ke@#pC7+@7e4E_*>j&hQ
z^n8q~^N3cT_M9;ZdDlx)o_ypnSBjS+x9fRTa(nJvm;Bguspt0O_I#v2x!sS9Cb#?(
z$*<`;lhx$*Tzeb2J=gx0yzMtq&I{yrU-L8h_6bry&&ch$c0@fdt^Qy2k^G6sZN54^
zxjpZG$A=duzgbW6mm|OTOuQa>)b3LL?&Qh!bCi9_0}n`^>Ew0vx-^eGcVo$K>&vVj
zY`e!O-o{Jk$g}Q~?cO3Usn1t_Cy%UucOa5(-?sZzR>>2OymWIZXKHfGpNTxEkHi-t
zxA>Cei*rhReez=y#ha4%E+F2MyqJ!Q`jID0Ch=3r?L1vT{zRWsZ1v&0$s5j)dOJyO
zdCrq(j3?#!jojk@Ag}#)M9(iIY9ha9$IIeVl2_69$rm8E_;<-aJ1cn`lK-IN&kx97
z==$0&z5^XyUN*|c5GBe(daoId_uVb@CXwJx4x6zTjiY^ML%QUf-UP
zr|mECu|JUSR{s{CnEbh}yU0y$@rB51-<0-Kjojkvkym;k<>*Ro@gI{v`C8&9l3V;t
z@}Lb8{}s8#Zz12V?ejFb#a|*Htncf4N#4DT)I$`Vr?+}u6hYd5YI1u%o|F8?R+6Ux
zdD_#mUp2^M7m)Y{S-r{oW|HzxCAa&mIpovyIr3)m_&N`8n7n>s+28Zzhmwe2BX9J+
z_zQB2x6g@Md)ut>$?f@ovpeo{0h|BKMn3kq5Al!tLrtao-IBpd8_;qUx++IH1T5OKk9vSEpj_9f#fN5
zJl2)m)|Y-vUTuro$(+j`U&rqpZuUH^)1<7qa>U-ozmPvd)a$Aqul)SW#TY8e)czYyRZxY&BjWaPObOZjt=+j`4_bK;N_58g-Zui%}k=uIIm*nv}N_o<@
zmG4$>HgAxd+}5KOB2ThTe!mI1tw(J^UV4P=?ATOOFqGtoYklXsw$K-?jBtFH5q3g}!Gmw|rCUF(XZGCA?@+Ln^`FoOEe1GzY
zktF{@a$DcHocx>X62FVw;`fpNm_XuhkX!sc@;o{(8oizTUJU1(+hi?19(lc95|^Fa
z;`5Qm)92ka$SuAB`JOMNKD&@xd~fnC6{I{<$u0hK@{waD|1NTi-$(vYREfVsZt;)E
zr%#gd#BVR(tv+o%YI5>h^Cf?Na=X8NmptQI$=iV3)}uCK&m!@?$Zei&0C_t7_f&F=
z|D1esS}Fey@|=&wFOvVE^EOY&Z9Qs~4x#JK){(|0Pp9irGLzeS)B@y|r#Si3g|fXm
zkt`Q&co7T<@w;5Mm;iR88(btd_T`hJzK$ZfuN7rD)^?jt|bN6LSh+@9Os
zB2Sl3;v;H5W9`<~qsAZ)j3)6J$ZdUT4)XH7q#nwWTYP2mb;~8bHMy_q-~EGf?z
za*Llt-f5)dUqf#3o5<@IlK7M47Jq@fg1-MeLMJJg)u+WrCy#hT;%t7%;%z!mglKNht+2odg4Y{p1-b`-u?Yqfsz41YETW|a$xjl!yMt&fN?AJr`HadUw
zoV@ybvcIvr$?w_mviQX0vyMqzZgQJ9dzakulqH|AQt~t=xBI^Ko8KG|`x
z_*CQ%M@oEAa$BEVntZ@^iElt|@y*C1YkVJaThBa=e2E^H#pJeLeIu#B~XsfQQj2XuZprOr=Sy>-bcn|({rp+UZQdXc`N7BX`xVIT{rq*w
z?fv{8kY8ITVn@4W*5=+TH)AjcI$j_~p{FljX{^2gU%^Unq
z{_`ox6Q_6RdbW9hB;?TxO8h(I_I}{P<=6j(^6I
z+xvm1kngS~`?-?b<}o&qFUTh4IYe&r7-z|C9^)!`F8!R{3v!#sh@|tE*3MV>$#zqc
z+dM`_@{{k&e!WL-?-BJUfB#*HZ%%H{v$~O6o<8LDb=}T1a*Ll!uG8dx-;mpLgu~>P
z=M;I{rBXl7$Sppi&Kp^McDN<+Dacnel6uHMzO28Xx#Tu~vV?r!Nh#-6a+}}SLw?L3Nsg&m$
zxyAoN{_>9GkI^r5ecJtF0&=?_Oi6C{gE`2zZk4ayiGn!KcD+n|IqdSNY{18
zBp-BJ;%brqI#WD=ysyrGwj}>zlf?HXx4$1cki4pX?rA!?<)2F)JXi8>BDZ?mNj~W(
ziGNJqahmvB1LV7%@Af&nc;vswm$)?K7N3hegVujB@{NTgPigWrJknLO{)2%aAVkz0IQ@(*>qJ&4@S#}VX3^zWh1
zBe(mt@5mGAJl;>_JC;iMFOh$IBZB7#kH{_lIk|maD8V4fXZ3IK$;mr^AaVK0E#B7e
zSe_z>CBC+g_(tTvuaxrlB#)X>^7JErq|X(`lUw{$@|iCr&oc7WX=JywzaSsiPvYa~^AoGjorR@5NyyjgymxkTi_b^?t$u#F61m0K
zBCioe%F~YAuD9LDhwHk~apacY{@$AHSMQp#U#lp7oBsXfjpP-3OL>lv+i^TYUQO>W
z?vSVJEP0-iTYL5!BIUAjwy!4f3CJxzIeGVI5}%LU;){}}Y%cM&$SuAhdA`LG--X=b
zKO#?}*N4gE)(&TpfAB)`uOhej4djh=o@yU?R9!D|lH88hC2~9O?y>8-{TQEwJ}y?C
zc;pd(k+_WH7N3Ls%re>E66CeD->go4evRa>N51cgcpGwy??j$4k8F1^xt%W~$@6BC
z{Ikg|ej#}z-LGBb7XLl@f-F*=%j9;x-y|R0P~syGm2%nnV)@@D5AG)M8OiN@&q-fvsb2okOVl48-8DzgQ
zliP90P5!oCPb!mJd~Nc}PbGgRa(lkhi#(y$^Eh%FZ_gsP=Q|6@Cy$eQ*h8K}?+eb6
zA3HAPyi2}Y%kw+=@HUb^j^2M;JzIPd@(xWUe;)GeNyLkgM~NxC+X^D&UT=?ux=k=){klCOCw`9CAK&wI`xxAwe@+@6PS
zAh*wZ?j+w^M#_1f+}3H_B0q6i${B4`==yw+PdqbuyvE|i$ZcM$9C_9;lD8JQ)mt0#
z{3#^9C%LV^97;Z}wZwl)zF6m%=8;?cQu0cNWxu{5Z=%l;j*xfKe(N-OnoCli`{Z^U
zUy<8&FY0Ldy%^57=uT12=>1U|a%(5K$nCmUkbI}!?^GqX=h1b^cO;N{XiskO-O2N7
z`~-4)9zC7Bj?T}oA-DKV!e|JMX?H
zU*1OYpCq^VU&+Vn{Lgc8o9B$E^Xpd68P7=m#N;-Qnu^?SqLjZ7x#fS4JXUwfUyt1S
zmk-F>e<|_f$uE2^+nqyh^{|}0+z^T1NpAD@KaktJ{TXtbhrdF8`-qhD1-ZpX8Y@4y
zdY&^#%9D!R>LC;P_*fEOn%v?mlF#WQ@xkOaPH0bF@|?tfLVhTo_!#nYy6){b`2#KI
zWpX<%_sDZ?lKd~pEk4n>(Dk-X*X`saxAz_tAitx}Q%aNDI>Soj_WAlcdXx?-vsPfZXDvj}Kj+y)VeWlaO0{
z5%P-lB!7AGdU`)zl{`vQiLXU&e;2P6`KWmk-<{mbGn#yjjt{4kTl{A7x3zxul289x
z>fsQ1Ms1g8$uD)4a$Y01{d!5hzqI6!J|T4d-;FN+&P<-Oj(B16+x2C;{^Yj5P1tpw
zu`T;d$v=?%*d)n6mfXfOGs*3}f(yvAd?op}klXsMAINRJ#~E_Ve}(*>-f#GQCfl*=
zs=c=`7P-B*FcEq3^78w+$!*<8A@Z3TUy
zMQ-mKTu45*upGx-Y-^YLTym3rJKklXn(gWS%SRpeKaOFe8PAEWohd&uoQY(M-z
z-tGlH=lcI2|CPiNnus}%(8_7flW5L!o>L~L4P(wTqlq%2R;VR3IkX%yDdvzvcV!&w6-#+W+^zegEJ8f47@muKW9OJ>ReQ>wSJ-?_C$UeO~kl
za@&7hBVSxj`sW7uz!#-GMN{tXfBRgshsjUq_1HS(NhPFC2zm1W@!sUOi^=#R$!DsM
zBDdvj0=cc%uaj>%E#rNQJSI@ayPVwWe@JfiH<8A9>GRlK+a_=GSR*n_u6N+x)usZ5faCbB%LSzYzI;J&vkIUb>Uy
zYmrawDRrBWTRU5kTRTUPU*9El;>epc7N10JbzUdG{+Ztiq|JUSwXHpG$BupllJr?
zxAkQJdFE46|5@_alcdfR@@q#WKa1S9+w;h6yS;?mw%hB;3w4tETgeNr7vD#2N@qATs8*eRg8*d|W8*c~lH}(9k
z7kSw-vYZScuT)CrZyb4d-L6g~|Kq0Q=aT39NcwXnc^SPf9o?>r{8hr|NNRm3Qv$
z|ML6gc^&c>n@jzs>iDP1qb+Zj_4;!u@>lfz@#^GNhDiOo(O#@Tb|R&ZGGHM
zZtKwj@-CNUy1ph~rQ4TlmFa>XUOfof*5kUuOOEE
z_AP1OY;wDwVIKL{T_wMs-0mybMjlmF+IfQ9?pruZUVM(!zfErUx8z?Y!>vC(TE85*
zUB|0Re&@8jzCL;6An_LDwjOmQxAmeo`Okx;&M0!rk0UZtbZ?ZtbZ{ZtZDCZtV#ppQP89dXn35aum58Cyyexc1|R>04ReHj`U^2l=$8C4Yk4&g0IIw|GnD*Kg#uUCpn@5jKDAJnI4S
zlqoXaAadKzHz2p;&lcoXza4q)C#3!may$MUM{ehF&yhdcS?Vkzx8vSbKq}r^SH0cU*9D8+vH;=NdMQ?_YbX~?fj@Ad1yJwwc^AY`OzfuM`L8Vrjy(G(Mq=*(`aUBe(VUWpZ18=aO6fh2*F7?;W;~+xq({xvjs4$&ZiF{wKHf_YZPg
zfAhV6cmJP1B+moMZT)?ey#7|ncP6izCH>!r-1aX+$!-5Kj@pep&tj^5@FS
z^j0Ca^`$zwr=jFqk=y#xmE4x+2=eeP(!TNJw!TawxAo<9a;ra|e6U_$+CXmWO9r{E
zFZ;=dek0TSJ-Mwfx5#aMxkLW?+ft{j-p5_YJNfSKCTxAFOg_E6{)WVU+x9+2le`VD!F|>?@IEPdf&wkavSe;@@uChcENZr3wEBDeK)7rCu>pOf4AVt+qs^K0u#8Sf>^+ws6{^2DEHy6#^i
zk570K=R;W6@=$@2O}X`>Gk>|nWb{!^!{Ma4Ihm+fNnBL@e9VUjnbDY$fKyK^N
z402m9W|OBJlsfN{TYeS!vd*&n?;GwP
zC+z*HKyK?rHS*m1e|oi`JjE9{G_!t@i^}CAamcCVB8{QolX9tw-I+A3rMjG32%$
zJxd-mU-GY$+j^8jZtKxX@}_=LXCt|tFJzG0`NCmxJ735mxATRIx^Y+X
zW(%ZF1o`RTWV~a@EkA)gZiM7#liTO-%_U!5TgJPZ-16(mTjWYUi~N+nA9t3#ewgI1
zlQ-AvV1JPRQbqFl^g6Efe>c6}@*ug@sX%^jqSUEIUjDlDPd#$moW?P3`qRii=_KucmHfq`;%|{#{Zw+Rzma@Ph=|B1YfuGhE7zuh72`Gb6BX{qC<
z=jFDXJQFC>Rf4>co|grZ`|01^)F6LY?*|JZ&+RAe2_tW+e-{=(-fNq*b2xdCW8xFY
zU(xfy7s=QA$#f-?+u!e}lP}WGd)Y?*u&$5$$bVWR({+NptsXC4AkRE1`5f|P`uTx(
z$T#Wx?}fI?bld#uq<;@sioCVnUtNWKR0nx|9r6Rei8mvkcSgJec`co;2=d>hn?2Fw
z51*AfapdD4kbam#KJ{7gS>&0z9xWj6en#@|k?+v^w>OX{Yd>d@uUH}N{G9yF5UGEP
z{L|s$m&tFm5&xBZ>?!ekbh)X|7ow?*wW=lIW
z$e;K`{2TJsdfomO`Pvl87u#|7^yX%Z*C1c7^QA5MYQ29ck^GOMvLT*Lo~`TS+vKO7
zly#%l6TeR{#Wt{b^i=`olRE(
z?f+o%BI;eqYv}#kapW)Qay5s1lI~|$k!S1YlOH1gT941Kk(bu>qVO({@5kDIvZFk&
zN&fP0vOKgVzohS*bRr+|nbe6Qe@2ggV)F3BJpAQ6{2lVWSMKqR_`N)QM;`uZ9{w%)
z0X^Tpn1|oa!|&Dou=TUmDN7!lD*aYD4}T&LZ=Q$uCVxV&Lq_J|&*$OO^YC}c3zwGm
ze?ord>^;5#XUH@4ebDlI$B=PkuoCNAlE#)@Hq`eEUMF|2X*_J&tNf
z{+~yrP7Ct4^gg}Lc2?HTf|Q>D%j@~8FuJ&rs;|4!-!^6C|&{jai@7oX2wM|>&y
zWBsH(YsgD%k^DCDo`K@~$eVp6{v~Xg(n|H`-R**V{_Uohf;ePKZU(n^G6nXz5
zGGD5Y2hEap)+N96r_}9CUZ9WUBgy@AJ2RHN%t6V|CjU+MzYECgx0CU%Apd%!)LBQ~
zu7LO_pNErMotMb_>3sup$Pek~{ca;~S5c<(BzfEs@pF0jujJucr;y&CV*S=r
zJ&^nv^@ij{&dPXSAV06?r}N0adP(x@$d^AQ{r@@nZwEqcO+7D@7r9sRE6HEc^Wy#F!Mc2&A@8Q!vA@WRSCV#?
z)$^)C-qE@3Nzbpv8z39A9hT{^eyH%E|F~Z2#FF>!
zDL$EeyDDNMN-#3&)DYILj|SIOvRcy3
zs{73%x?QyKKCH)wwaE)Llkv78|FW%kfAXcTiH{(ESC1cFAg`f5mwb=DPqdaiTCbb$
zCNHJiy;J1R?UsJHNAL5p=^d!&gGI>4>3-)C@}k#ex}GBc@P>E?@-OC#chU1d8*iL0
zZ+*xs&64~m@*{fvY8-h?f0?d{L&8qy(Pb$eAyZC-Q+8~h#w?Bd{X>G9)5=WqF!hCjr=n`
zFZh#usjk;0zmV}*|J2v_)60_|DJ$FO2IN`I|k&Z;@}(>mK*&^=#|^FLZz8PoAUO+sfqob$ec$e8eqj
ze{=Ho;o|mp12*1=ACh+Vq5SSd$&VuMy;}0mk=uS}8u>iE4zrNl^2^9yTrA_=PHy?V
zY&$W%=(YUucQc|C8ME1&+&bt5aU{70E6CD0!^5CzRasVdUNQI4X+V^25l7
z9FzWkncVWPlebTld>Xms)5!c
z{V{p_Lz2%TzpeYnZ1Q2RN&D}R|EAYZ?$h`AZFxSf*C8vDzpKX&kCXT8EcM%x+wnse
z@_Hqu{Ugaw?i7zFKf6cjzd=4t&mR|%XOEWrCi0(eitiw=Sx?4$oV{vBA>3;=R?V>Et5K7i${`|?I|8Z-csj#BKdG#Pm{wTE1uZvq887+PO_7}k5{9}AG{-VhLLYLC*z$)Zhs&8DtUoUQfDQ(<=2w`(oyn<$t{13ynw&#uzx1E
z{C~)A==QV1w|Dpdb05lhL&?kiE*?gn^ssm|`5!Z+?kINszLHnTt(|koE9mxQExF}4
zljrLG>lnG^Pm|Bmo|DxNU4&-${kbWCaK2Q69IeD)i
zWW4*xv-CLg2zkRElFuP;s>^dO`Pb#8J!Q_`J-rv~yo`K_ULSah-12S7Q*?hinB4Ls
z$$!`PM_wbh{Cx6TI$ySsTRww4P>=sFlULXKD}Ev$tk)lkW#8RDXD-U~(&Xc(h&Lp+
zd^7U14W3-OkJ*4=XMCx5+my7GF&RhNg@{U2$p2x@+)RouQA^%9vyE~IFY$bJ`Cf__*>Wm|g$S?UxBeZCg&#$HA0K12R(isUDd_tE?dnv~AwL&OgTCW3i%ENn-zo+N#!^o}9
zSn^6;rGH)_Uw%XUEpofg@DBME-Og_(x9e+r$x}8+{d45@IUC=TM_rSAfs68J{bu>1
z$@m)}NKu%XojwBmWoqU$dk=0pH1^)v@}4Eli`?e#JLGm9
zY$bUCJ?`8~Zl9C$CAobr%_;KVJ4pZhMZUY5c&W>G_p`mPSCQOro8%jj*V5yVr^sJ8
zF8N;MDa*tMkk``V*k{QtKZX3o;!7o;)v3p0;1=)FF?(BHoyM@iD2>mAtT?cl0LDjgvZK$%j8DbtaNe|BvM7kv~vQ
zd@=bB&3{B5s_W?|iub1)s|A3}b%jreHtqoc%MC4VPGd=7btUdLEL
zZr?|>o_v*_Pi2s2ej)XbkPjOw(|ejcZnosFl3&vP$tB-*Lh|?Pab+QI+55ee{DRak
zOMWN6_~Ya?b^p?syq~T|Pmv$d`_?*>uXs+{6G{F~3Gui*d;7CB`5~RZHOU9+
zeM(Kpt$s`L3#rnMUgX{GmGKTBFEK#;1#;W2&LBS)BK6miZ_?>Hn1_E(KDdF5_cHmc
zq2f2mt^OVII)!D&P)zrq*8f{|`7BM|<6~)m2)WJQQ1Y+dkbES0HC^6f$RBw{@-xWo
zdg*NPkX16htH~$V7vDf$Os{M0BOhNy@@Mn#3*;Riko;|OtK<1mro;L(Dp{TfkXt^G
zeB6^#zZbbJR|Cj@)$0*So?n92au2YLHef#x$Up(lMh`j^*fQ<{<ow%Pf0O)va@$`YCI3$UKI;Ox?SFqJxBah2mkaBE+s{5oZu{8^
z0*
zX7VpCiXSJhK3wYmn1|mWFRRBn5Bw~zv-Vh>;^f73dmBW4QjZ&JlOLKW?d(i$+l{Bm
zJ10qg61il0~DPjcIC^dq0F?-#_9+jb*?ytN+JC6n8B
zBZa)`RGHp%a@%ffA%9$tmyVI!asD^t1t-h&{zz`yncvB6J5%r%d7aG{JI*gbZrh(q
z&g@Kn
zLXY=GlJC*|S3LQ%dR+Pnx%I;v&M$fM?*4y5uOn3^@2_z)ep4lX
zlDzyR@vFJ=Xv@#eCi46i`7bx5zTbcD&X-y#{s?)7zP=gxGTl!0AaAok>W=^Y?)vBa
zrT$d%6OV{5BJZvH3rM$F>lUBOjs1CyC^j2TDFk-96JoY2So>K>1F4WqLP4UQda915ShMB|xA5LUpX2
zetI13#;ccXefc1D>u3AEfJWq2CkEs!Y@p9B6K1>u-bnMaZ90x4gBp+q~!lYHksc~KVBISq9@1^?-{Z@^2bbN!Z(KLz!5S
zM0xAaljJrZza!6`CB+K+{WHD#r%t{BkErwXhCu!}w5LlR`AEor4f#aMTl+Uc{utyx
zqr6R5Hsrs8{BL>W{qFx~dcTBxMRl8ATb?^X{tL)Yp!}71sXK*yvwpAQ>*O7D`|=L?
z$NIkfR`Qd&ubFvNW6Oko
zi>7=)CmA@J{1e?+&Vf2dq0R=%Tb)nHt$zRa-rH+%^dh{K+tw+C-H`R?z{-V+k*3PZ^ertfb8@dbH
zS)20K&Jc2IXLEAfjDoeh+dl6i&#&)m
zpMp9&q0Y~gx8<{--d|(=Z2jg>Zv9Y>-1?y|xqbgp6Y}lVWWIJ(ch7b}J4aGJMz57Aoe>b_c{|LFY|021y{|9nwe}27=;@ZC*+EZ2C`m?h~rnd*=KZgAHJn~B*
zua^vbui8m@+x{OQx9$Hea+~k@i%Gkzov}J!3ah)JTcMr7;9J1kQk@C`GBBLH{UsS+
zZ*u#d+=1i;biW@*{{8(@f2O*tx*6KDl=3#c`ysyx@@MkM->28rT>XzA{}lK}@M+*1
zz!#`nKilV|EG4>|5O#PtJ~$TmDb-p!;Ox1@!(_*Z%d;p0?n6$-_6azq+;4>d(x>
zH;~8adipWcPlxf|r}tsG_N)ajr_ST83HddU?+5-N`15(xSqAwJAb$y5Z*lMqy+d_u
zds5(G*K&`?+G+cd2gz+aQ-R#JGd0O=fAJ*w$=1HndBWA**xwiO{T@nrYiBIEwR0l5
z?eC_MTl?pbTl<%iTl?3O+y3q|b=Uq?(Ejt3x8jY
zR{vA-jru;$5pv6)ARiea?Yls}RiED^zm`vqdkd8MXS!BEJIkwEJ8gbdBe(g|fZXOw
zH*%YEypg$@FKcyJyRxA1+hg>fDC>GRPMXkb2f{
zmVaE`4P6TP4wSe3ax%HqSwh}PFK)dD_1}g1mnd&_?$P_^tev}ZrQP?dyJx9Tr!n|D
z;Neuq>Q9CI63A}=Ukv^W_#*H^`u?!B)9P1LckNsV`G$GqpNIV0ke{1Jeih^wKt3an
z{5i;{K)y&>=~wsrE%27=JY8MMFCCHB_l7$2q0Woo^T0m=p9}s6)wljEsrTJmdk*RT
zyMnrF#hXxP2<5HLYvg^7O8e(SojFkF68Ib7cc_jXpA;xB^{kz{ljKDYl3RPakiYSm
zygrhA>2#?xQ{APKp*;sFZ}l&dpC2mquS1>Jp-#C9GTi-s4ZNPZO_$Y=fc$L8kI5sy
zmVBWe3?7F%da2P@t!%}A+A|aC*HyRn*nYeTx$PHPk=uT}6S?g#`jOlIVidXU$Db#+
z{dkJHn~GPV{c9<2=cil9?fX)9k=t?p7vy%Fe^uR$_Z1lLJ%Q4n)^9c+gUP4sMYwkA
z?p3-d`>GA2yj{;pAh-G-K%JMNJ=x$df&WHzZ2o#G-Q9khzYmeye5_1v^RX_u&Bxy4
z*8X_%^xD#n$?ERe3}}BExURasp*yLLweu*sweu{wweu%(Tiyy+mUg+{FG71df=>e<
zq|VEO-M8rKOojYH%73$8#U=|a>*rf}c(F%hJl4)Zq4K=6x_dSS
z>UW{M)$d1sV6fDQhC2GEIKFDHfIkoQ&rqG1G^ul$+{T+jZpV$c$?dqYR28Xb(`)PX
zW9n|`WN1$)Mn@C5J`RL9!04f4-I{);^F
z*YofKdY#GU%j$=uSW$I1y%V5*Gw|`?J*keh)2?G#ee;Qwx9g=d$@i_0`SB)J2k$<1u?xWa3-d|@z2Goy*
z_WVeBo8H^xo}q)|D7&RlOaC>+VdvmZMt8q$uH
zfFckNSm?TLo=T%!DnJ~A-B_N&VehJ0Cdn_g>Ab#iM@6LM=$2XZ?O
z9IWoftBZnf?2{;O{gVp$fzZy)dE^g6J__;|^2p~xJ`(Z|)^siW=lZaVix8t$*)m?k~!+3X5-lpp~TbNfd}EYf
zA5z|qlQ)rDdv=oBaq?kuJ5K&p-HrEY81DnYPX1Y6Y`a&U+_on*$ZdPlQQcMR>8mKe
z22tMH{~Y9dKz=jjtsgSTtxbjy)(I>~^G4&Z`-ty|!4_3c9
zjU*W!gRetd8_{x`DOjP;CG--2dJ|jygm3Cs$=y_Huz`$wu5|4b?YC?
zH-mf_QK0uxOr#9qULB0*;?YO85xg8fpkXt{*kXt{zOm5S=oxDt7K3}UYsk^Cb3GKW?
zd8<>o(Lepr0`iU3xgUB^-nOC9lz;m)KMDC*%G>fVk=&MtY2>y%%ptesVYRwzXA>CjZpvFf
ze4B?~BY#dWCjA2SpMd&h8%w{r-;KfRs&jv~g?tF)`{$7#1Nlafe~I$epRbc!f2NRI
zf2NUJf9_Iu)722hn?-r+&mSP)0P^{tkpAI*sF;Tbk=y>IA^9USq;4~H_pCmQcO>Pl
zo#V-^{)^b^(U-dEawBb@L2kO^_`URWZ-EX#ksiN+N)`5JJ
zJo2r`ZGY5>-1bLLliPAKgxr>s8RXUvACh;!UmBZ5Zuv{(>)w^=FZkr${a|^2a+{A8
z$oJ_~wGmUHXR$&|PLoJDT^xtiRjcO$t??{4z{
z=yl!;@8`1QwmjD)UtC&V-<{mX+n3zhKb(BJ?wnsEw>oc;Tb&i;
zxAFEQw{{L8xA9I^xA6|ti*0XG{wKY@`XS}(Ykn`~t^co5zG$TM&pl7w-4B*8
zO8$VpuUwIQuzt=!bMk6>QKTFB7p-M{aq2d`+q6A%$WN+&N_DKAN62ltI!%7y8yW9K
zs9#IE!1wzhec#x&16Dtfyj6R7QINW;S`+F#O?j&`nEcQrY0pTgQv>R}LwT!{MsCx)
ziQF?x>hFO1)uH}*aJPPK*6rYxBe;A^6vf#
z-7Li(Qn&uer|oP=`Dahb>zh&jqF%flNqK9}cyepci{y>v-V$3*roJZA^#|1%sdXy0lHt}rMb#UsTb-yV$#tQ8ie9%ILV0V?ICkCN
z&89l<>qWTboY(oij$P~QCO@Fx7yK1@?lo!u59&6(g>=06b$f5qYwh)
zo%_81a`KBe2Y2h^X}!o7L3OPDD9TUJ{PaBX$>cU)R#BZmt&>4{8}HYY-=`NBuji4^
zCAaYwYa{(?{pqI{BZJhrKkJiQomS-by=Fbg+v;{>u)2-6yN-7vJdKmKiH{M>Kl$*tdNkz2n#MQ+P&
zJ9Re}x7?=ba@!5^1-%19-9Yb8FYx=lZv7tv?(&J69}DjC2lVEhY2?-qZ-Toz=~^cR
z+|{x9vRd6szWv=Ay{NpM@>c%`$|vjbfBrC6;h*=RY`rK(Zv9*tyrB1`iP~@d$k=t=pFu5HsH6^#>rS{}@ywr>Q?aI=Q!Q`KPEIxs};u7%})ZH`J
zKN+FkU*4aKQ0Sico)FZHY+Y&of-ZuLv*Mbjpfw>n|$+W$kSP7A#_`aI`#
z|M)7q)>%ky`^OK+ZU1;k-P*rYFS4GaytV%aa@)@Q26fz`9Hh&6-P3zqFXEO~=jp9V
zZgm=v+jhP+xow|&s#`yo*Ne)-DR0}!=O|xS^D`-L+nL3be^>KsC~y169h5(+`Jg+22v){CSE(`9PUhSV=E>l7!q{ZSQi+aEPk
zxBe-r7XR>RA1qlrNz9<9X!IliPgxgX+XS
z>Xs&t=b^6DZ`z*~z}zk^(XD(V!>-V6%O;;qjwR0lX8Clhh
z)%&-5l(#yI$gR!?tBmAFQr`M`BDwYRtKh!rmF9W&k!PrX2JZU7_Ft#LU7Z}w|4bgJ{csE1
z)v^6o!5;EL?w=~^Zm27fSz4yI3FU2i+p_C+cnG_0XX44fe_z@$S>49lL&y6*A4P$%iA4rmk-wbLr=?p
z-1It+R4)aN%Ue@&>z_8{c73}C`3HLcN?&z1I^9J2I%qn$n=dcud|60!Y`iPkb-B%;
zIzzP13C`>Cd?OF{^!lfNTt8IT<6b{?H`KK=Q0q6QytT6}`J&rWw+qzKU6HRJo~OLk
zd5PTmc`o^9bEWqT+$8TUwg
z9wCqZLA)OMBz=FOJGgK8l+k*IkSD9ZsP3w|>0Me_2CRg)YtJ|2
z)}CwR)}EW{)*e4!YdoHSzS02q+qEY|+Y?28L-Vu1E2_DNE#T$BFMzxH89MBDb(>$K
z^!X$G?rzT`ntwvw^434?$gLmxQ5`Mgd4uw{{ePR>w*P75@9F!O=}=z}#eAbUM){5%
zWz44`A7G8~J{IaP(`(aZ?I})f?WsgwRf|2Q?y8l7`kg4BnNP;o6Y_dU8}-+o2r?@v(wek<;M^w;|lto|jPh*IRO2Fr`es=KPT?Qug|QNG9?
z8E*&jD(^_0?odZ}?Y;psDgUj$U!FpKUR`&qzVqMwGD=?^n@5gxSK;$O-)}h`!13CC
zo~J7m^4M?T;5fe`!Eye^g5&a#2#(87GPu9~-#w)2|6MzA`Ai4L^&$ft*V9aJT;H?7
zal4TNj@ucJ_PKk&?Ug?`ZYKl5aeHg$TW&D!cS0eL`>Am7s@gX9po_V$S=GQ}A&=*|
ziQsr1oeZv*N`2K*!SVjOba1`I?8|3>*M#(ctfZY3El`i7CZzz5xg;YGPu6Qj%A6%Qw^?yc^{0{X>`U4jv47y%oLh~q
z22Tcm20RtK4|qCwU+@g@e&Ctl{lT-r2Y}~*M}o^qpzKeh!0o;p*FOWn1KmlK_s97l
z-~Z%SF!*5bQ1EE*aPT4Ek>EqYW5Hv<6TydpCxZ_MPX!+Vo(?_|JOg|bcqaI0@NDog
z;5p#2;2u2ya{W0L+#fs+JP>>wcrbW8cqsUI@Nn=6;E~|Zg2#d$1dzBbnsc=8Q`_&o4%@cH18;BSG)f~SBdf-eA127eno6?`FhI`|^+4DiL^ncz#n
zv%%j1&jC*b_uMZ}TtB}H?hn2cJP>>tcrf^K@KEp-;Njr!fk%R`1djzz15X5B1)dE4
zK6onlYVdUM55P0PKLpPNUjv>Ez7{+OJRRJ3;_H3x`hOj`e<69|d_8y|_y+J`@QvW1
z;2(j9gKq+l1m6rE3%&(B5qv9nGWa&|RPc|%)4{icXMleKo(aAKJR5u`cn)|5xaR?R
z;`(_PxIg%A@IdfA;KAT~!9&461rG<`2ObH&A3PTP0C*z!LGWboL*S|4pMj@?9|q3=
z{~SCM{0Mk9_)+j2@Jw(|VR_>E{|j(`@Grpw!M_3z20sQK3jQ^CIQVh!NbnQjvEW(Y
ziQp%}lfh4cr-FY2o(_H*JOlh&@J#SC;Mw43!E?Z~!97LfiR=G!;Qrv}!2`iBfCqzL
z1P=xO4m=$E5_lx|W$;+=E8vOX--9QEUj*B4m6p3bKL@xYtC{V;N?A4y*4L4g?ZmBj>N
z$p<|okU;*XdNTPE?SK^WiCRCE-0G*1Tm203-VX~LAU~#_Ngk~opG7`IJ)8Wn`W5o4
z>b@E79cJ@)cS#BQIq?3N57N9pxnF6?1(4TQ4<^si`u6^z)qhIshf?0^>z}#&-JbGV
zKa%p*OG$fT$ZKi+SaPeMKyLMu$;*|K`YGh!si%?;3zWRQf9nRj^=q4Y2IbqAm;3?p
zqZP$7$+NUh7WuSFlFuREr}cBm_h@}zFf9m8E_J`PE0nBgubKk0D=QMe?!aKdUE@hgX$+GI{69;wj|To>X$H
zpGI!=Gsr)!EcFkNN9lBBlFw1kBHyN-L;lvIQa_jcJ9W>!GTi2Sz94z-M}Dt*Ao-AB
z$p?|wt|J~y{!xAL5b^>I#KXzwYMlu3vRWsSyo%Pb`^s&)j;JS6-oLJlH;Mc~t)EQZ
zS?i>bZ&ptyPt^Kb$ltFgqw+{A2Y%^0&1;_IGAh$J!H2d8;2nZuP^-i!_ql`2-+FtV6
zAvxd$E$n^FCD+3`kEeiy+yKjZ_*AJbuh;DsO`ME;Zx3kKIyBHxe@
za%+Dmcu}YyMsE3Va6J|Ay()rSPcJ-?;CgD|%g2!GZp{-5uBRNnd;+=U6Txkq?gdHY
zx;gYDgWEiD`4sXY4!u9A;3b57zthO=@F5-iVaRVGuc5;-z^#wnpabMhHJ=HthyK1H
zS>&}fpA8BVml5ylwvg*?%98=Eht9sS93a=-sV5WM
zwgK)1S>(DK@nnPRp{K9@6>{4aPZqsWUeYgDUA+j&;r#l1lu0HkN9|*38
zu)ZMyG?gppU#d^orrBD+Bm2>zsny^l%cp*k!XyeZ^U$ZdL4!J9!ojr>s^mJa?D
z?!COH73b|eP$pLQ(`CRfTHcSs<+;ZN^%=_p^
z9;(Cq!CONYKCXK1ZhaNCBtK?&rxZX|-+HpAtU$gMre;I<8R`4niwJ~
z@GffZVGFrlHuGeF+cwPQ50KlwJQLiusV<*I{Z#S)5xvw(!mEn
zehYc14$AW!8$AxJPPtzDOklVH_5PS&agUFZZuwZc8Cb>Z&@`2%hSd4H0@M+y0Ur;vBkVX5GwA)iKW
z>tj0j7|3rSx9v{`cr4@(kXt?zd@SU%$Zg(agU3Ps3b~zo=YWrcd@lKM8&+8U#;&1jvVxTRt3oBIF~;ZF!Ca
ze-837*}yn@E0JTMsCYzI`|aGZy~qk
zAp<-S@(0MRKQqCnLOzT9@8utS8sx8#Tm2mH7a^ZZZpRy*A`)`T|8&Uvk=yd=4{pc2
z?qvbwHh%-bUxNBUFZ{tKs0UKt6&zM~6j%zY6&n@>V)5
z7JMe;6Ugm&BN2QS1M*qqrL_Io;Bz2-yeJ)rVESKE!_D9-o`Ckt8{d9peucX8L!B;>&fZVR-1%kf^`5d<^+e9Tp3|8uAI`w!cdR{{Zqy
z;*Dhw88#@C}g9CI9Faa
z4+lR8`3Q3BpGfdSkdGm^5(uK83uD4od|;0{Jv@
zTffr5k3xP6x#cs!Ga-L~-13>=UqC*K+^!vGgMSJ6E9AC)%K`ri^10+yY?v+>ZuviE
z=6&=de^`h4gMSVA0CL;k1%e-kd=RI_Bj+h3-V#)qjgv~_({k|kXw5q
z!B0UxhTM)fV!^+Gd;+;0?aa}kbCAy>w|qAEdB|TO*QbAfUZY!{FF-yQ^3H47u;TI`m%nJ{ee@%@
z_V|N;2l)VUYma@-rK^7l@5DR_{@(JYDo<#8LkWV7FH((FA
zc8M>K_Y0NqiTo;~6Ytt-%ZMBDB)A%sGZKUhtk
zxb~C>uL*9)4sLKbcvZ;9fa`yKL#Kj23i-FegTOa{KL&mX-1c2=@C9(&hdaLwZr56z
zKdg;#)BE=}%>5tSmSvak3Lfl0f5w5=G4wvp2d@jh5xgGwQSkcUzkxRZFQc91+TReo
zDR?9BNbnHw>EMmQmx9|lq8q#myb0vbgWEM5H~2oCd9Izd?RWkdcryq3(+T`3L+|5A
z@KErX;LX8TfwurJtq0hyJuSg|g0})s0B;RGAG{5C26$WWi{N441$7~I?P&*I6}&xo
zSMUztW5I2o;0DhE?*#eP;GMxg2k!!Y4LlsYu&!*b{awLpfOiA$2i_fg5_k{r1>ilw
zH-kS7egeD~_zmy~@BrN?xc2u3ZwUSjcn@$pw{U~w!23de4tPKCkHGtbXMqm@{{uV{
zyryovT>GQIJA)4dj{_eBz7Bja_?O_(;5WdBfIp@iP1l~G;O)U0>27A8r)Ae;;uboz#jpR1#bpE7JMXl9Qdo?Z&x@E5^Pf=>tk5BLo5Qo56N?SBcp5%|mCJ;9T}r-8o$ejfZ)aQk~u
zH{O}xkLtmJ^I70+!DoZ-1Ah(tBKYgz`Sc*e)lUWw1b+kE{{GVC=YTJT{F~qz;B&#x
zfX@TJ4L%>dlpgfB@xBG#06Yb}JNN?d@!)TRzX`q&{4n?;@ay1H=27e#?
zF!*ZlpTR!>572{G*Uk^Y8-cF@?*qOTd=hv%_%iTy;QPVXgI@*T0A557rd>NXf>#Is
z2)rHmCh+0lo55#-ZvkHez7_m)@NMANz&{4RUl00S`?rHX3jPUrEASoQ1HpHKCxT~y
zF9F{LeiD2)c+IBr#IHNS4+8%Ryd(HA@ZsQJgC~O@
z2VVnz0{nCEEbw2!Pl7)bDoH<1KL&mQydC&O@ZsR!fxirX348_kW$-=VSHQmq{~o+x3wd&n_u(pdUGQt*
z5#ZOsCxHJ9o(z5i-2Usv+cTd%^Zxy*{?}2#f7lZW?gt(Tem{63cp>mq@FL(D;6=f+
z!5;+oeNc_}xof9Cc%Yjg?~n6hzW>RuQ1FMqBf*P}E
z33c2s`@W=;;FY~z!TZns*yp8K9s53}fc!Gt+`iYT61b~VQ(~S_aQ7PfUaEHBF0Y4A
z9{b!9t8d@8WuH%CZr>O72Gtp_~lh#Rn;2q!T&yaVs!#_
zr3ogt?}G~`x9^*a1+ND6lfm6M?0W+jfLHc`
z$G-1)2Dr-?as$0T%fTJl_bl%vx9?^C9Ng8Zp>?i<-gLry>I27x_|cl@{=L&+`hkl5&0=S-`GwbpvU*8$>Y^;lP^^d
z)Sa=lr-dGWKL%de+n(aOy$b_(uPLd=i(SE8{!z`xg1dbGQ137APcnH%sE<7hz+IhI
zTF3rQ*41$TX0?#K{e7!>a!c`ZR3}>Nc=RB{@=5I_e?NF-Fa4zXAaM5@zb=vwBi|P;
z9z!13RXmA&f_fVHY4ro-g}O*VjN-voEZi%`^^)=427gS*_q$wSd1BL5SMycD-E1qY;
zUb9>CgULM+Qg=Feu=;FpSN~b9zY*Nk-`rQ~d;;$B`!s(Vyt+hvzi)%r0Jra}bhYgm
z!3};=500JJa-ctb!QHT;kuo3}+_k5q?*FEPyL|nDl3z|fQ2j%2SEshtISlUVTpKKP
zz6N*s1kL{n?(&Zfk^CKSm$&_WIX&oi+1e8I{eBWW7`!#OtFuza8wp+q@`>Pe!BfHO
zfoFi%2R{hz#=Ba_dl9?=JGBh|jBl>#oA*t-wQlBEJTMHwT{%-U8h2H+JLIO}}rb
z-6!n473A&yUgxdB{ffyG=WW1)z}td{fro*|fVTrr0&frg0eA=S!{8mkuY-32zX@L1
z>uYs+^Vj2aH(i|}9}M0FJRCe6JQlnw_(X6w-VHk5x!~O(Z}FiKH*$1Z-2=GYoDDcW&->m&V89WN|i@*nhZwDU)ei~di<-Vb}!J{ExPA_)2
z>C#QPZ)jC;*Us(Q&Q{<mL^2AN=DDe8=qrrQCj{%Pdj|HC#J{EibfKLS90{$F$7WgFaT=2=@0Ri&Fwf}kW5bzhkBfzJCCx9n{r+`ld-vT}j
zJPZ6q@Lcfe-~oE^&b5CAcnJ7Q;1S?2gC~F|flmdm>~%j~o|l8a0{H{ruYz9zp9x;L
zj68Aep9Nk6d^UJE_-o*?;ID%xgC~QhgTDcO415mwui$TjmnbVwT>IyO*9V^m-UEC-
zcs%%9;B&!Kz&C;~06zx)Hu$gL3&8`*$rIQ9Mc^Uei@_tnmw+dLzXP5Eo(jGN{9W)Y
z@TK6n;LE@R%F7ei{^j5y;48o*z~2K;0AC570-grG1$-5F7Wn(%x4~C~m#ZL8T>C!&
ze-ivd@V?+{z$b&R1z!Z74!#|H9r$VR_29R`H-ML`C{JAbH-bM2{tXYsRp2gf*IW03Z-x9t@NMAv1LcXEu8+a1fNuwH1^x;6VDKH_)4_Lw
zF9**6-wVDA{0jJP@Snk5Ka|sc^RFZ!H(h(=zrNqW;CsQt!9N9$1>Xmr489*c9sB@z
zCip?{9PmTn{%&HtKd$|s`Ti%rg24}ihl76(9t(a1JQ@5bcsh6{cqaH4;5p!5g8M%r
zPx5&mz5)*hKL#ES{xx_k_;K)L@Dt$a;920uz)ynz3VsT_L=}1B+W!rBeel!ZJ;1*O
zj|V>kJ{SBf_(t$-@MGZTz<&il4_>0GJaO&60A3&bB6tt*@4(~1FM-bmzYM++{0jIn
z@bAHY1-}YjqMAH$?Y{a
zw}AuVx88@KKsQ4ix
zqlS)iW783Jj~^5Fe?NTCnEx7ncU!$Bx^?@n3{R1_A)WuvDeq*34D+^hVAQzi`rauS
z()zy&-#zmG2QTOzOr6_3zVZ0j*yy-H-jR5l^!EtwuG~GoUQBdC-orcBZ$EC#=sLk|
zqQ=GdiW?Rm9oNb?gZ^F&ytDRSGQn=<{7a^8_xOn;qX+*VD&3v()%trzy8e20*xkk5
z)QuZ5Y_zv|gFUr|4jMEdI$=5){q7Ryo>XIc7vlw#}A92=@%2YWj~gfdxBjkYqZ!~jyj}Ok13C_@
z)4KJ)_Wb`pP5Rf~sOMdX|7RWXFBAR${TTkc`?|+_dpFPJKkrqh$ABKe1A5f)t{UMT
zylY68?jf|*^1k$cV~PF$qQ$PUzE;C-rIFiu4;$(23-2a8WI%U))?+~H?sfia%A)>9
zv;5x|-hZ|%ZYT0TDr_66|L&{*rJ2xRVD!*oqyKA9@V_&M>qUVIYn5$TORaU;YCp~HT6fQR_q>_=?)+}v
z++hfxeIL!6Oy2K(&pG$pzwZz6>Kc0*S~HhQ(NDj+vKU9GjB+&^T~WJWQC+NS8@N#c2xB*4fz5?KzQ}j^x7r;+cf#=Rgq=Q2i)x?dXoL?4s7A
zv9seQnzD3PukeN^#t1bxo|f|@sjD~6rEiRIbK&L8M9)nvG(v8?AzI5_xdBO4A#RBm
zG-i_!nKZjmt=SE0|FX0KGOM(i_!f=m}BRO|6`@NA!9=+YHDU
z&KWsCbIV+gb7$Dvg`85#T05xPbVnDb=k%eT#eja0M<~4R;jf`|bT(x-7(AqNBsc=i
zX{nad>Od20sHj8CDajv~CKoK?H&Xl9U6LvzuklX}AhT*2(Y&d+sHda##-4aA(cM)o
zYchceI#fmus;_U8rVN}5w_h2ZqIW=S{1O3jjSW8
z?AI8o%u#kKSF*ChUp1XU^^2A>XjatF9piNsu3^StE=Mt~Xm99?`IARK0dsZk#)d>g
zBdrgo*OQzs>K9YEl8w>9nOzkZ(;PB6Mdjk4{)qmor8Xg0Ff@EAiN)F*ZivUczO1#G
z=ALr-Be_VGRd&$0Qk~IX>S8mZQR+%+mKa9R`ExO+EGg0=8*AujqKR^XR{JfMMC)e9
z+Nq11n{G{US+ZyKFV0Xem`xa>(V59WhqsTXD2Io
zMp0`qh8EOo)v_0xgz8T2=CtNGhZ-0^Iyb~uQ|r>6Xy~FzkX%*Eu6+nXwCZJyt+^RX
z;{Sh6)cM{EZ=gUUgfwqB%~H+GSS^;YNw(`uV^b*uYYToWoAVjJYGAGP+vtC2L^U?f
z!!a`D#*CQPK=E3Hx)krYAYoaGIIz=l>q!Qo;bGQmC&k4)l~=1N-kBu>s7+DJ6E)ED
zX!rsI55fI(qVh~zy20mdY(t@Aebz2cClAe-9q{^uEKV4COJ?S9MjBu8d>x-#TpfLl@3QMyf!t%tGCX2IUbW@nOBuXpa$!wxkoaWB1RSjKD
z)qJOi`zr#+G>F
z4Y9U(N3@+T_FDaHZ_RQsJK3C2L8k7?8TFQ&;u%e?&9bf^^VamK0g1-y%tbU>Kq)m7
zFl{BJAxpcJwX$qN*+;hq(723lfHOkGiIck(i}EJ9a==6KeltS}somq5RUM$wPc1o}tk-msvGJ0+s@Z%khZf(O;@lzE%}H6IwJuqC
zHA>q;Ra{-LIz**g%u9Asvb+|ti2M%3f>z2Xxh<;_Jc~@0j~6=co@=V3>@r$b8*QB<
ztJr#L71TqROA>xkV&k(yQCe6WPUfqYDVFtPb0vd$S{kJQV*SE
z3NdQ;auqq`^37O$R<*Qh8Y@OB~ZexZ_BU8#DwCVgp$7mTVG
zwiiWRPwaIx(>Mzlpm%@S~@R5qXHUJsD7uG2Gm9okl#G&?lPyP!#+VOb!K;HjFw`q(0l9
zDISt~L7g_=LhALTA@h<$V;|pBmgwnru&u7Ut^0r<+o0v}v<8&&aS0C#)pgr!hH+|&
zt_M=}hP(>c5^tlI5_qFSJnEcJ$KqipF9`9fNWeZG9?qw#K?6g+l|ASU^-pRjT6_qG
zqDgob<6yo9QS34hUf_*{leLm!6l-W|qDR1P>TJ$xVI)d@E4te-bz6E?&5P=?{mGAh
zoiZ0!U{fQ*)Dn?OJ$^TYywD-5fmoDAlziv6k<@hMfWDC-Uaa`w4)Q4AbORH(R;K0(
z)OE|>thY^ORb-S|-d&#*fw?hnSz8YRKT(>KK?7fa?QLk2`!kXm5?Gzf%6@;^jXKVp
z4S7cEHfN_gzhnhXcAK6B$$>^{4Sci{PEVaMP!wY}V&SE%M!GSzJMI}=%?&V3$}NKy
z;|A2Rva*ExRPJ&X(IpxGhVAqxZ78P>LjD@%f~UVZB1fafw5XO=n9$VdAX^bw2Jmd4
zCNurEhG74_u$}s53WV9^uN$i@99##=hl!P$*Sn&Rfvm(E-io6GMO@Sax4Ch)2yx8F0Ot)P|B5VNgyWe44`
z(;jbM(Uavk)4m{@>=m<4A^m;=P9}f(-uo>1MH#NT3BGb~MwCK0Mpkeml6=r4(5v>2
z-mU7*js8f;K`tIG5sZ;L=XWmdb5C_@{1gjV>pS=+1bVa@>Q%LyN4?6XcRdabySF%Y
zAU&DZelgzt}fQRC9&bv%Q?Mo%=+uQ%no=7=$8uPriTA
zlOOZvwXwpk&O%-eYoph~F1cFfa5L+)w}j5=X>Fs|{Q3*Ex=@pp=o0_MqAnVAtZ7)u
zbT+12y^>Z3`eMKOc`rM)9u3}d5+X>w9aneXG_RO~ka}6JZ_}s>?KQpV_*8)9{kN8b
zzPZrPL=Yg2lG3lb;C)fy`d)PqaWA(b0W@_N9`jMWk@fAHQ=~m$8PI@!A_qk!k
zimrIFg-~C0HFT_u`!5Vvhk>u!T07$YS#Ij?k}fQnL8_+AyM|hv=0aLt>FbNpH6?ma
zHO)u6SI2sbB8Bv5FW)^BDWn(i#S1TAbk+Iv!o9{DHl%^yT7;TtAPFj2Yrp`$7}p!
z|0;7nx#exT{lyOaCZM10pl<{EQU|^NZ&&H|&v4M+EPOqFWe)oFKws{l_y3I{onPUg
z-vapjZxQ=>=kIO#_ZZM$=%Dxitrp$>iyZVX2>(RcbN%_4L;m{z_JyvW;Glm;xO)Cn
zJJ|m|h~In%eS~b~O^@Gk4)%`+`r{q+`9ObygMJdwpXi`30{W92^s|8eWCwi}(4XR<
zUjpak{SNxqf&NYh{a#@IC+IuB-uQc4{n-!n_c`!C
z0Qv_U^m%kFZ+iS5cF<1%`fU#Se9`Ou$0H8?p`2DuOxAot%
zfPSI_f1c>|_?FL2O51@uJ@`dvU@?4W-c=t~^*yMcbXgMP2*_3}H%q5ixB
z^xUTSdFStK`S-r)_4;4#p!Y$#zQRF2UJTUrQyl!y2l}ZF`bnbK{YIc);Go|O>|f}h-v;zoIOv}O`o#|VUBLfBhw>i+`U@QN!$5zPgZ;aK|JOL^
z_X7Ua4*GWhpT}hKb#ia3e5
zTY&x!2Yo-#|BZuwGw^?dgMKUEf7wAl2=x69`kg@k6$kwg(3d;Z-&cVCYYzN9Kwsg&
ze+TIAa^R1MUeEu#9rTeS)5rgt9Q1jj*W2%V9rPyx{e2Gl0-(R&K|c-XXF8N$1<*g}
zz@G>7TOIT@K>v_~e!1xN{CU_x-vs!7@1Rcr{v!_hKA?ZpLBAH*|CodRPN4sWgMI+$
zA9v7i1^z$bpnnYLzv-ZV3h1A7(C-BPKkc9&0{m|~=!XISTMqiyfqsXBejm_3Z
z=r43=zx)fwdi}r1L7yi=z5V|u2m4P1`hRxN7XUq9lgf1bI1T8(7`In>`lp#N6~{tjUOu!H^up#QOhei-O~;-G&W=zr><-zR$6dGUY6LBAjH
zf99b70O((J(B~bMKK_5rK|cZLf9{~q2l`()=nF)z_dmaM&`$&W*B$hwfd4B8eI?Mp
z;hKB@{~-Hf+9Uth
zmZ^wN5Qo`+ekRiN{}TGni@#w&-zo(-S?!WPP5&2K^czHfLQ<(dnEHB){sGZXHS~s=
zkx$XzJ^zhA^k1U<_sg06AE9GS|G!}2zbyPqL->za^vComVOacrXwgs1Q2#rNzFhRj
zD>ITm&G_?ks{Gv%M*ONp&-tZqrv6C!0>ytDi2sLlA~XJcPXXeu$&l~glUHfjzYFjg
zWb&6<_>T#{Tz8&68<5>1t0sk<-zsF~g|!@{q*G`;>E0ru~yP
zmj8zq{#xNziJs$sG~l0O;lD2Y3qts3ksg)*knoE%KG$_K{})*J7QWfvvaR~Y:%9})e9
z`oZ+s)IVske+#gmpZ_=G_nh!)7ufa+zd}{Rtp|GXxT_-iuc@3ipq0snNsKb3-q_?v_uR{kfE9>u>1@Xr8zeog@KcL+bM{O4Nu
zRe)ar_`kI9cW20d)xxg_e13k?EdQ%%nnGWv<=;q#{3}UMCPd8q>jQj#{?Fv|eTs;m
zzfM)Wu=xLjh2IbO{QREDKb5Kp;+G5m3S~y}Cm*YCCy^fczfJg6axk|){QQr}zsbVC
zMfkqnXVPf`TZe_eAMpA4ACv#Gh5xef7X)Z3R{B>zu<$G9&>v{??Pve_`5BYX_nB}^
z&GFAEU-aaWu=(2+7X7)R56hn_(xdWQEB5RC2R}by+RyhHAp7SF|4QXX@~2sTU$gKB
zgs+bu`2KB^KVso;7Cz69_08nJXWU!v&rxM
zD2`vH==%+US$;Q?9>uR->~9f0=Wi9T|7RBd@Lwy#KX2G?@`o+_p{OdqD$z54KHy(?
zEcSo#dL^th_(nJ)Gf0p8pKzJt>*co)@E^DE`-LCY{^e5vvrXps;bGCQFzh$ucLM2=
z{guG}#lZg0TKIXlDe$Ba{#zFPG|?9tdNcn2X0bmZ_UrYx7TABu1RTF*!Veoi%_KdF
z-+I93cjD!VKfYaCE&MgYmu4gx1+)C_xA3Z?kRHW<8{l6D_`k9654%Hw&j{haVd3uw@vjH`xirB+{uc;;vcczL
z_3crM{xZ>@s~=3C&HR0s^eBFLRVsh={AmRCA5J%TAo~--Zw=vpXyF$Kzh3m5zj45?
zweWwDVfkG_dgT9F;Qva%zt_Sa5k93yVB=WnTOM_AD1JxZsg5%BX8C=_qCZ{qVf{xh
z>5=~f!2cV7|F2p2^My~{Q(!agpGg-ek^jp?KQo|C&)-tgBl`z|{T;ymhb;V!!k-wz
zFE|C;|1HsnmERVNen|9T?f*TbNB$21|GR+yZ&~>JgkKWk|FzUWpz=HQZ?O4(y|0@B1
zHQ;Zt@Q>c0C`~$yKAZLL9t%GK_@4p%V@}2XcL?9?zfArSq(}a50sPMb{z?mfqwvG#
z&qEgdPSKZ##P7Qn`-jDTN-uBY{9Oy|pH4Rr(bs9?pZA1+t?2z7AFFSLq(|}F2jaI5
z@V8p{3%{%=3w0QMHu?8k`1$kG>kr>6V2*#Mo{s$=5dMP(-^`y$q(}Z&34fR9IsUf-
z{buz3tW6obN<>V{Pzuqjb9_Bq(}Z&2tWUDA^?#38^jkzfJ4sd_O#W8VBmZj_srXlkp8ekd
z{GUP{EVBRC!as)psBI?yY|bF_+YegS6
ze|eDfsQib;|9bL`H!lAHa?~vUi_XIKzb$+ko(48E{?A$Tk-L=a)qpxZe|C@_*st&-x^e|Fgn3
z`wu!rV7twte_8Yw1ddM6pC4NEA7tqN3#1=Mj7lT12Y~5=_YYLD=g`I`Mt0sC*Z@SB8hw!bESm4#mk_}>EjBdLP%InDgpB>b@Ux5=X4
zA^I61@r#ij#cwIF{~2Ka+ZO&Ggm0F=8Nch!!~RD$DZ_gV`_25nmh{N}gxKFFdd}aS
z!2VxZ_`Sm4AHv^l;qMc^uV?;00sdvvu>Z~XDDXUkZ^myn>5>1t>s0<1Y5wm5{C~Ib
zw+nx12!D@-pSMKu_4ea=z;8Vt`+wMG1*Y^0Y^MKBq(}bO2w$)NF981Q7XCEh-)jKP
z{Cmy9ZxQ}l(R2BKAMiVq?;@3|Jj_jXuzY<=q!|Aihzk~FMzw7Gs
z`tu{eKfD<86T%ORf0sqSLG)qq|FcEEB}08l3AX=9(T9zH9&DjAFFSx
zE&5*3oAuAscat93zenuX`;T9dI8WgI_Y=yo{Tqc(-9unA%l{bCBmM~BzX|w_7XI_X
zH~lyHZ&>tuM1N+$`tP%>2KY^eBG)!2S_n|C1K}T;bRGVA->;`t}VAf1B|2{P}OduciSSir-zr4;z2X
zBR%qezwq_;=L5hWvhd#$zHh(pvl;*ITKEOaRQ~Gx4*~z0OR)ci4=Ex|uLGOOuO&V5
zzef0a{_^C<9KSqm;V%<@Wq_XEehgapEr5R*;D2D@ZxTK=Pl3(!|IZfwS`hznfPdem
zIR38)KWzSWRwdTIm7%`Dq8}0c+<^D#@n24QRQ`kFzn{O{e&zxH|7te2f7Zha92Wl%
zEc_7=|Dyr_UJJih_-6i76$)$vq(}Zw`IM@Edj5|G{P!&U2ZT?{dx4Ek5!l|f@GFI{
z*Z*SyfBqaC{~rnei~vm?tA7^Y>KJBmalRf4%)W4fy|M3x7oT&xG)AxA60q
ztM+5R=(+v;1mI7)4Ez7&HYGgE;L|Ar+nJHWuR
z7X90z56k~+FUS6WkfHtwi~iV0l;I0Q?B7m$6u$zAUzO-Nev?4_uA&1_`?E~=rvG$`
z!1nJJeVgdd3LKpt|2?Ef_P2oY=Xd4g$@%=exV#$Mzd`t6*H7k<9`V-#{#3yKk%hlQ
z_$7w_X8Si};ST`*d4OLxAN&8d@Xhv@P7&A^kskR!2>9m%{?{%1qqi%}sR3Gg`TyFY
zpCtOQ{_j_$NA?c^`-_16a~9zE&B>5|G3gP158#&o{?itIeTMu&3x5RgO98)-8W>dn
zKPUW88Rci@?^Mzw|0i6h+V6VNbNf>U`1f1*KNtSA5dJ0$KOua-onU?i;D2c0AMvOH
zPcry)iomwy3LL+4MSoJ@==A&_wCFDtJvEPk&5Zw}q(|{zFaG;__J0=e|F}ii{`JB)
z>!0cWc+w;OFo^#pfPb@v|FH1S3wWO%zf~6gKH=;0557mt>^}}$jQ#(K@H;~If3fiM
zV=DjqM9=Y`1Nh&x@GBov!m#*1MtT(ge&Or+KM(LvtHJ(XC;YQR{6CrWh`$Z+F9ZDh
zEc|uCKPQBLw}rn8@T&m-^eeId+lBwJ5dIAo{WGFB$4_ScecGabN%UsI^8aArR{(x3;9p4#%fD7a}e`oTiTlg)F>GAIX{8r(c`9CQ9u>5bb@CSrnFNU-K3BbR{!rz@C|1JxE
z1n|26|0N4Q@=axUnE&6m@Rv5F$G;o!_gnZ=gzx8xU;cjn_`m<&!e1}^DlPuKfPdC9
zmH&KgRNpFvKT-dZJ{K6jFA=?&KP?&BznJu>{tN^AR|ES$W3hj&@Xht-35NX-SnMCj
z(EfWZ_UFgb`>&gU{XekSKPdbY4SP-d-?7*~Bzp6BGk<<-vAFwWoVE;#!QaK;e)EfTqa^j`iLC#Vqn3!YU9&i^}r{goE}BEHy5+Z4lKlV4}i_wvOe
z+V+3c+a-UP`b8G|mlmi@8dTg@r$5hT7>?wzRi^0n92@n_$T
zyF_ocUoG1?t5V}V?-%g
z>Tiq0Z$K`o)04k`rtqv+3vt3v`mi;6zt{r;z~1int@
YjsNX&^a1H3_bX4wecC@#?alcA9~9Ljj{pDw

diff --git a/ProvisioningTool/lib/libjsoncpp.so b/ProvisioningTool/lib/libjsoncpp.so
deleted file mode 100755
index a23ae279b4f61ca7a475bab45b8df3a5efca33d8..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1388960
zcmbTf2{cyU7dQSGLXs&B<{?RjqEKlAx2NvJd*L(#W7}unea<~+-*eA>EO&BumXweXagh=Y7O_vo
znNniPj((wM+>wq%B0Et(Q9Jl)B$6iT+z!
zf5pG!<^TR2)+d98ME@;~e<97w|NT3r8QoS^tPrjK-?E<>{#`JY{O_0-;u_kczDQe8
zqMITSm2zlC#C&8ZBwkqRksdFFe|Mh#PFNb!-|>>w!DP&f$iV+U^?B0Y`DtSug{7Gh
z+UF&&Zxs9;{ssR2|LZ3;yJ$4k*IGM7lTlvsp2_NEHdvo=88McHyPR>n*RW$X`pkac
zwWi53>gO2iaTEJ4Z(3L!GqvXZE%>!a78GYf84YL;5LH!3WVsEFuhq+uE_YBCbx@b~
z*Kg~es%9slu`kX}q+Hlh6eelzC#jljY-i^%W9p$%%I%NZ?GSmY#9xlq$ynd+`QmuP
z+1u-7RSiVSD@DN~z1*#a#?l69%9W#fncp1mBr=GJoc_mlnE%v&vU2eSmhpOa1_vVC
zs+1km6Z|Ws&qqu8+liv%T}M^MtGd*-Y3KT;yjT>Y+@{+@%Q1GjokXHI8P(x3ITp1d
zQLsXwtAq-KLDFus_s=YOe>?dnqBy(3deVV8@on@)ZH+9uwZF2ua(1y}Op;?x{KV8Y
zb`zrIrC&xDyE+X!u5c~RUZJ0zo@B6Ht<#8Fh0zKDS+4I_-|Hml&?(j2V$xW3$;6H^
z5(df;T{(3Ldj~r$kxuy_yOqb~Kcto$M{UTlQ|J(~Qc@}=)iBM@RxihK>{tt{qZ_8y
zn`B8w_MK}GQXXk1s*P$wy8EGkd7%NK$MvFw1iVhN@XvZ8Mxdg{N+vs?U*`BZMEDXxayC`SL8B4S|
zf4ba9)WpRvyoWf-c)sY#8S>L%SzHrGx;
zt|+IfpRF;!JStn+*m-D1f!k&|$%}f%(w-uFr+7I>J10@BNV!Xlf=EG1PCmLzvSCNL
z5R1UB#&(wdT}3_Gi0mR=d*>)ei}a+dH%TuvGwhVBq@F5gxkjlztV__aa$@P^u5j-NvKGkjCTB`)~QSTE|S*D7wjGv4w9UDx{LXC1LIgv
ziGk%Jy;XXi$rUPkiqYZHc7b|&F)=rM3?==dn`6_>*jT`179bQb7Z47J0L%j{05Dky
zSOi$YK7cI8LKFjKEFg|PucUGnl<|NBKq7HTP_6-_0@45(fK0#!0F!LMM!+V(R=_qu
z4q!WA2cQ736Ho{!0_*|o1?&Sb*$+4XC;=P<904#n3MdsHi9{!%ECZYdQ~;^~X8>mb
zOwIw$1FisS0M`IquERkc;4a_+;341<;4$DSfXOo~#6Mra&j$MZ2Fka9_kfRpPk=9g
zZ-5^FCT!~d1Ng^2FoD6Jr6z3vvH&>%leSdKQ`rv6_5fvoDxf2vGoTAV9iRcw0q6qs
z09^FxxEqv4ble?EV?Ymp3BU|s4(JK60Q3g@uk?Y>Hh{jw+d?^jjt5aWgi08yL_+~i
zfMLYBQ#k@kPrw-Z>;40Fs3;>haP|gK}10n#CfCYdkz(N3%
zMNlpVECDP9ECa*2}o{kf!OoTFtj!{b_N`}vC0BZqhfONn*z6tpbpRkaM7k?T`2Vd
z-2g@aV}J>Oi7Aw3bj&{YgyUX-J^&klEnpyEFklG49`L{7_&=YW;Mf%~4B!SB0T>M!
z3m69&5AX)~044%_0sa6cQ>hG~avGG=0l|P7fSG_$0FyaT&ILpQ<^iGr3jvD&O90CN
zOxT1N1Bj*1E1+BrNB|@O)&SN5(gEuM8vsl;Lb(O76|fz!1CS3W0C3p}$GhqCJ}8Un
z_yCoMp*#vW1}G)&1eIk_o(5C`&JuS4%8PV-8Op1G8o)Kcb-)e4O~4%hlY3OMTVCEyj{HGs=oIDYp(pWnmrCqUExa7_0LeEtUb3HS~83y_jRD{Y{Z
z0muU6h-1HzhvRktMSu#R1E3?IGe8}n0pOxV$2w5z0So}$0LFkG08@ZDpeKNd1(dx3
zeE`;gz5p)$;J81)mbigX4h9SX*b(Olr4zsfFq}9KDm|eb4e+AR%DUiSe?TB02rv`CBoxZIfN=WExOsHE2+E~^Wq{>?Xg~}g7O(=qBo4||bi5kMct9e3
zUIXP?Knft0xHKr!0qX!6fDHg9*-&n#<1J8b1LV+W_WN8oE&vn)iU7L-djU-LLAjrf
z4^YYYgK&HlPzpE!I0+~NlmjXORe*DV^MDJ0i-1c2CRd=m3aFva*P*;Y$G4!oO~*|4
zE*#&Z&-bBxK*tZMd<^9iI(`P_3&2ajE5IATJHQ9PM?fQh$!93P0)7B~0)7Mj0R94)
z{9~mwjK=^bl2A$k+R$eiDB1mCTYx;EJ%EWKl*)9>KC9BP8kC&?T>u&YO@KbY0MHF!
z1n2=U0hj`q^n}t9&>LU{um;!wxb%bL{(u1h2f$Fk|BB=Pe0G9kH^2zMNa8)A91R!)
z@B)klcmpN^d;$J|06-96I$#E17GMrwE`UimmFzeIj^_d90~Qj$2+GBPC4i-XWdJ72
zsbt5|aJ&Mr8W0ai1grt91*8C&q(hkj$Odd8j`3UQI0wq@fLuTxARkZwCR>;~)w
z>;vovFe!$zgpLnFc^GgMa13x9a1u}kr~ojjhVl&H9N+@rDxd~%4R8Z+6Ho`Z1-Jva
z3wQu{1mN-*j-S%!=TN?&DHHN*O>~
z`m6wDdw?Q98K44Sq6(!Npd)?m45d0i6QDz!K9mM@%>Je;92)|<5!ancxZ(T1(i4vR
z&}VBX`vUsW=l)RI((xcDhtRPdln#KQ04IPmU>JbOa4OxQ903>w@B)klj0boFm`s3j
z5@0gGkGQE&1^@y9GXNognSfb<*?=&>TtGM=5)cJovXIKfP%Z<+0Ac|v0r3DP2~Z}}
z@fs-C0#fKR`+X`Mr&E~$WhP()APbNU*aX-N_+QxypSJ;a0P+C&fC9iyz%IaUz#hO}
zzJfG+?hKcH*|{097GoD7Vm02x4AfC8XBKoOt>
zPzH1Wr~#OCrcxbBO@J1CW=oK|bj45o4jl=gJYcn3Ik0(5hol#cfv%-5&uPh`vI+CJ2}W7$JF#Xss>Zy%E)!;Gk$kR3-R2Vcqh^|wRc
zUW;yjH5_>U++`alNx8&Z}9&6KazOWsyK(@O3>De~J<&u-_cZVyZXbR%4&
zev{(Oy5GJL=E^A+A%jClxMep>YIq%7I&JWy;0|eN=~;U9um34_)z5n6V|lPF?^)^O
zV8si%n=Pt#Cdf8?a_Db*C@Adoh|)1(Cpt(=lqB3U8}Is0UOs8h-{GabisZh=7zPA7
z8lOIY)GN2c*1?&Rk2?Q&F!+~+Ow111`-4jc&JgRLz8o%27?W=5>!)j|2mF==}yUk^Q(S+J>B`x#$C
z-~X20qVLl=K+j?A$b(VN4i64j{gaKe+3TvGq|j%s*-ph*G2@(L+MeuC{r=r=&sPP@
zbcRpR{WNgg=%fnyIX#RAn!j(doZ&Ed?WI$x8opOw#XdZ`LNRsyHd(7tfqAF;Z2utH
zE&a={hw>NhH8|cKF?pH7yfMk|i{>6J%PXo=c(8xZ={uL}*Ds4Ww=-dRRMn1UChuNY
zJlK4vY`jX!N`nsHzYWvTc_-;!nlN&o-^vwz2YD@AUoq_0mbzQhj87jvJN9Fo+9sv5
zr5*(fUSICJcf0YQ-1`;2uVn7d&nz*{%^Y@neXduo=I*_-PIhrP^8Hbusr&33`%RZ^
zP`+Yz3s*sPvSN0s!GxgyxNpb9&p)aq5mtrFCia#kFH6(ey{pNQeAzM&%5WE
z+8?fO*3GD`vbDeLe?T$t^;w5=4(;j|`=2#=rglTe-Q}R2$>iW0W%-=~JX87)X}d+=
zakRC@`nhiud%e1H;h@D%#Yv0WCf({jE7D=z?0JJ`875|Fi#AxL4~lCTeQ)2d3zqvv
zP7Ii;9$cIENn5-BTAO+K@zDu;miJxWFD?GJ#{H_73(R*^9XY+`V#Sam8^iaPtyWD7
zS--2+QR7JOCz6A9_^7*Yj#Zc!aVF$_(8P>0T7NBec$7W;qdxG;&n;P@^%YC1b`0A2
zFe%&lRdvLRa0zXLdW+px{v{SosMtI8pMPTawBd!_y&Gno>9R>_Rr`C(+stuUu%qsF
z*6;w!8D_gaJ{)`gi}oAWaXR1gKA5P@-F`zS_FPH&4b{G-
zIsKn~$=L3(_ve{51*Io6qjggUHhQZhdhJrr|8nzYm96$@|DNTa#?G2__06k#hw
zMrC=PGb4MtEmPaOqUYq`A0f?4<
z{MIyC?Nr>ltZkChEn}qtS1tGTmKbNfY|o=jy%be7ui4JakDBlySM&VK1;YMp^
z>n+-BZZffasr$dQixq3`AM;sowESS-+|!eOq@2~vZs@VTeAw7u7lS-rPm;9UVXfGA
z#pK&zrR8bUbsQJ}c|3W{=4kVx`iiXs{123M`0jHx-^oUMwzb2-35yf#ww@ob+J0W&
zn`1s7=w34N=a#6=`Xv_sI=ZTf%x8YCn7emX!Hy2Y9QLeR^GH`ldy~@G=<@Fy+(JJ#_sHTWlcoYzQM1`
zKG?(_GwO7=%C`37)zd|HuIz0)>BMp4C&@RQ417veOw00=QZyb8nA5yOX1CVb_j6U3
z-F<6P7t?1>C$p92i#F8i9r-+7rFiShf%;3YTkgwh?pky=z2bU7hTHuOzvJefDi120
zBGv!>gbLll<*#-hRCasXyx?EAH&Ls*ZYq8-r_-v(-&ET^4JmkCnQ`;WvxP+-uFs7f
zG)uh3AE}vVIz@f4#E7xKp4gP6pBO#h$RGRV8y&7Behrh`GxX6A{{tyAMlH!bR#Q_r
zrN69Y$<@aj468K*sCZqUsO}H=l7uEnyq6d
z&$HfPlP1~RM=7fB%LOu3v(vV;Q7!D`w{K*#i=4`d6E&}1Ot-%`L*sqn&p8!;zPqFj
zH>zJ){@v(WzV{`=Q=7eexxSuuz@*$tJw{c;Iper<-Dzcp`;IP-VM?ZF>c
znVPN6+NG~MO?gd5LRag(pQp}W8h^_1N0QNsx6_h0Dp|YVoou_b>4Ns=N7^!X<}TYS
zy-g~tOtxg(JB?K<76g?a_RMNGTlV3X)UOZLs%9;3dRgBqTz^1G`t=?~ZKX!9?tX9c
zfpb+wUdaQUmv7wuGPd7-vzh*er_Y)gE6ME-ihQ`>#mSl)`RyBAr1hsQRq7S?)5>%I
z?KbiuCMS2~&uP>sYm@!x=MvvvO;%dTr*&(5F4VkF+MYG;pv~7*OV95yuEjHAbI1LW
zbx1ef^ZeIp{|-G0-4?@5niI?5kP9GkxHjpMq&9_HVs?c99T?2p5oeUbU4
z170qWE$!K3+dfgc@%My`BAxezzMFG*bS*gab98-4pT6#?!_WM)9#T9m@%!X+hwm@G
z9PuOQ%kT#^Z@Lc`4U;b4<|X&ktnF0O!n8rRq*Csr)E-~a!@K`(vk%vN-t5yVV#${QK_kZ&V3Cx{p@L~@3xpP`mGzdr{nxjTFN~}m>%*Py?J@l
z&UNy%;b%Q7XP#HTjLf`@&NnHtxTr{r>L4=I}m~tS()(zO-$m
z)cDd@(^C9AlCC^SS^Ma856$q$ceh>qtmUxoPD+>2LniG1^((z0idnD~%A}m8gxZ+v`HwX`tr9ox3_Y$oyLQl=t3M5#;zAeyI;ERx8mRy4g;e*O
zBM&xwH>>}qrJZ4Qp#0#t=1I=(o9pKVEU>&S?>F-Ns}IMfY&f0nV>-&f^!L-l({clj
zKh{%x{#5$(XH&0sCls5X98h!Vo>Ug-+39Vy>|9;1$Iou>^9#6Ky8cAUaId2c6`!iI
z*H>)$TG4sx=57B1X5Y+3qvx^G&atv>yNYQwY+?`yYv
z_VnNg%?rnuZLIAbwXjdO4|W&f`0~k4Ve`#Zvc@`OTO>>LEsqH|e4FbwM6codKC9W1
zTffX2_U~H_`y0UIi|?Hm%}tbQ?{f0XuXe?vL#kZ@-1GJK4BqPGpj}iFGN$6nP?eB12OWPYIC@}>YCuVm-y?5Ma6cT%R9e({h0nC^79tf7ak$0zMaVDo&e?0&-n
z@7pUZYHHZ$M|meLcdKo1v0V~=!u8K^wM$!fhOXZn7+m`Alx}?CuUi23Tyt
z_eNd(vOmKIzLDxa
zTNkSL7B{La9kh3!!lhy9?+S09P8n`-K70N9vEAGxbH7%Y{2FW<@ye-sh-2!}nw2xB
zT^s!1{-x;weViid^3T-j$$uK;eWYMkgyyPtRz=erbiY>nI)vYE?6WHR(27vIWhZW=
zL`Autj`}H4{UZ0ui3IN-yG|gP33vRlD4a5_rK|~!9~Y%N@(A{c?VZdOP!njS0O0v_JqH2e$zS|#U$%hw9Ee)
zSZMEe#rXNK3$u<5Tk=7wyJNwPx_)n6Z~QUy8Ch|z_(t0_|GbHB2k-Crb*N|0_Lqju
z*}tRh!#$2P2A-}69Pr10$CPMw=%pbaD84Hh$n?C8yK2-)XYT&;P%caOdiV~6f|dNV)$`;MM(E#jB2
zJ}S|9{$b^*!CfP#w0RJ&Il0FqJ>N_2<9%K^)%Kejbhb?6;pg-oRzq~(4!sm^WV2U$
z=#;3&ui+bin#+EwKIJ)Fw!4Q?!XBUeQ0)O7eGfZSO_(k@qw&H&>w!bt#=iAQxnW;-
z>-fbe^=#AasGypp96D`2RyE7l&~H;BAt?w0YDU%l=*Y5f`)
zH`L?ys(X{Ay31E;s%1`ay^-7TMqR=4X&U=7E3J-RwQvZSv0>xbcRRmyb$LEAQ^uq7
z=-c)4th#*Gsa}{iVbnQ?*o;z}Y0DzDw!KU^w`$OL<$~E)6uiuTZ?H>L{X1d*5F6QR
z1G3jI%$OJYZ=A|IHTf6Ei_1nW^03-tU#L-}(mX=(?||QxKdYbX_Rn(vGpa7Z?o-r)
zu|q?;?#_L`=hea3HtB``LL07yXJ1+UeE9>(XD@H&CoElHURk>*%YLNZw&&|o?>j#U
z*F1V$d8)#|Nv@t9&hP1QK;k*6b;_vl!P9DFq
zdLMOdyffx=;FC)cOEtT#@mGn@C{W$r|J1KLw!8Oz^?4qCL`!!_L1gjV2}3WvyJA&0UTdmU_hS;x$DXU-sJr9qdgJ59N-N39p$*dm>-V}&
zt}e@-q>&!yzQ01DVaHr^=jWG}g01g~RXb8IImEVqGp|EMl-9OE*_t)yuU)^gID60N
zioc3`iyCDYW|una7(7t!eRQYwn8j~0RsXy_Ub$i4mEn`B*9=dLQVsoCr2
zq@t;j2eQY1Qu-~W?p~7HxAWPBPe-1M)A}<(v}W=_t>r`aluaFE>Hc!OdH#`){q`=8
z`z$hfZGA|3V_wC&)YN#1p{H`>*DciXc^5G}DB3xou9L*BlY@eKvEwD`M@=+l4;g+z
z`sAIyPO054d#otgTiIyp<-4t+DP4WmS7%-MowJ&iQXYTTEzqsDxe*@l>EoP1PDY-e
z7uF73r#a-piRvR`ZGB=stIkYnIyOb_)X#giciy;eT6RNybaF;PXN$XI4wh=^o~)>q
zF7_RINvB(9D`%a5OK-jO8v5zC*5&juMeQ9wt69Gvtdo$bzw-U6b^|hccy!p*`EiY`
zS`X!^9pabQes*=zemDB>nVTkx~n>GYxe3}^(pX^rP(gu#FD0oo+Y_g{SRtw
z-&{S?cZu$x2+xhZinsObb}D0K_vK(Ka+LEYIjQrj;aTcOf;eWk&r&TqYjR`1%B
zzO$o=>1vbv_AgI6JRNVYJk{F6dH=Ev@BFK_eS7FKO}pyB%+Au`&r)tb?)ph_mQq-b
z?DgSpH5NOiMsKy=``BY@@GP~alF%z_>R)Wj8#n7gm-|aD>KsV;Q&&1HO(|ejN^rdY
z(hsxls%-K%o1O6K-!f%O--Hu8YbG0Y{&Cii5*bRDbtJ=Twn^h-@xR+_Z#j83nc
zhjkX5`xNM|bM(TYqJjg(zt$BrTTc9NMW?Z|l+Gqs6%#Gp`kd;K+oN>{iLzIA&-GWc
z9+axNsI$Aib&TJZgKHHltsdJyUmoX~FLUf!?6h*53-UegCTrxE&3b!GGwJzZ(Y^;!
z{XMh|W?DVXt~sIGZ=m)r+hI}PH5c`~pB;Gpg=E{yMN0;!yN^{FB_a9cN1*RJ&28GL
z`)9pssthrDI9rT)Xez8JM)*RxeGOg`6*`IS}B
zIHOW6qSx%A8%wH}{8~6aRrOH!oDtezUWYa2%vap2p_=h=?z_BGekE7`+IQTR5>{Q5
z-s6=~;PvCmDY{|ThWx#3-mm|RTkfl8kIWp|H|&?%wX2$2Jls_$MtvQ2Z^FvjSE?|k
zRUOEE_w-fA>O+@J8)H^K=@g`JMrK*ZMKcQ4$~r9GALm%L`Sk3%60I9&9qvSj+U@g|
zTiIP9$-VSId{~a^yf=FXglYRUPVZ!2f7few$)4Ad
z@3%dSj$i5@@FVc%L9P6Y!9PrsWa?(WI&HWk^Gbgo*NU6LJ3rT1ZmqtzNk8S@UoB-9
zofpTfuC9-bGa4Xec;-=Ex^;lAy|I7$SG^;3L(J7oo*nHGF>8I7L7yZOsxI67I-ard
z4wWDs)67-Qht*Y{P&(AdZ;xkjW8SGv*Itci_wVb$EuWPv
zzdD>fa&KSYXGizE5oPl2=bhR)uZLIUE8qA{FAk;soG5cn)-}7QP1=_gVUcEEAAVOe
z@adC2w)2hIF0maKZBlL8wQTjH}|-%Lw<-}Wu@b6es4qFb)F$Lf~tT!c-OE!BIhm40~c
zI6OCQp&i3kwrr=Qm3SWO+p@l1EA6!#HlDWRr`oEP`33V^j>C_YE%Se}TDFtZN<1rC
zxsFO&@pFt}%l0S0{=SyZ%chn1$FFZ$|6eQdY$xBc{>E0~cE1&#?GtBhqVO+&kXNIKcL1wp6cgEA1%zs%8D!
zR>oD6vn}fvx6)ogFdnvay*zGZe1q=O;`v%a|8MEM%v#ak(ywLxhHEYJm96AgV_O-Q
z*k0k5{JEgPctz2JdfdF1Ol|k20r|~;*=8wxhk}*b3t4`mD7rTec|S&iyodAEhd0L>
zQd$W+K|j
zW}B}-W{7{nemQkKuW(7!_aJ^Rykx-q*I}E9K!S;HqV{#BO`bhjhXv^kFTXH-!#K2~
zh_omHUeFNpj%de|_?t73_hK8sKum}ay^40^6p`oWb@MOslC<%S+Zm_C#&cy+YCG&F
zFdT_xxgOeoV2^fqUk&bnb{cii&#t5&120mreyc^Bv)FqEOxm7C{c2^j!{g~R9C;&W
zw8PtX=0%L>zMaSqLNlV5@In!bLk8P`3BvoW1B}CrugpZg3+XR|>y+`X6bBxkjZhKe
z*Rl<&Akb~Z@^(D(gKd%Lachpn^D<@|)C7C%Ph{L7u(y!9+MAX
z8tMm<{swAyy*>Y(FAkr^dNnqqolMe?g+Q_M&5}YM(qOR!=wZDBsDJY7^as4u#MiOa~JXpj2bPGJ-BBlM6rB>k^?$OlusLByNEh0p5M8-RZD
z>t(hb`V%(^?KqSE)jp^n$TpdSI1t|?&Wm7tNJD+-eqvFD7siuSet$@Bb&^r9S58prxp9P5Ni2V!eAPZ{cxRVUPNjY%?_o*Z;B}
z^
zCF=jcv=26;qo0pTQGYs4C!&H@@}D?GthbiVm(Od@w&6J0$QA@Zl&RjN&*+b@F4oKE
z-#5#VUrX07kAofL`7AH>qr4Qof_JGXZyZPY1|QFdzC!=^u@_4~c)sED82RMa$orE&
zBOwuDaflNk&-;I568a;|D=a7D`8v)<|9SsE`x@=s5g~t&>^pQr{S5X(2nau~p%Tbn
zrWa3)NZ&t`;z{%DJmL?~^(D*)7Sefrp!4E+tco~pokTg*Z+SjnYKrzX={|^GcNLVM
z_!eLs_<1RhL;X`UK6Cw55y;0b!SmvN1|7k;Sx_F%^%d#5$TCNLK7MLZ{PSpD@S*d)
zt%mVzpqK0Teaf9Mtk+a9UmLYSUdIIO&mue7e&|n68qYh^^`5yO`6ilAdHf$!o{&R%
zf~AA>!pe?JBFdAnSLKV;|o|6IQ`kN=~2oZE5Qg!YB`hPDgZ
z5#}4aO_5Kh`vq?2StFkBbs3CXC-UEx@)=?Na848TGw7ws5}HRGve2J6TCd>t<5iIt
z&ik1(KN`{eXh8M0>xlOIUB>u3(D(
zjTE#qpY9W9kpAq$sK0eRo)_=`@0TKPOXthS=PVjmXVJLIdG$GH-);VXjqyHMW3uZu)iwDZ6p?eqDx0tQlcecftC
zJEO5$(M5{GUy1{t*Qy_){f16xhhOhnl+V1YL!Mv1Z^}_WSOs}~vhTM5`6qNgm`wb>
zRODaMeP~zW9*TbQcCnp`{0E2s`ah>H@?nO^N0XgB;TVTIG~OB!KcDgqCCWGW
zxSbk+`j^Aef8Or0f6>0QA@cTQr;74ww=u{MC4L=r0M?Gey!Y{DwO>w0}z#{m~_U7mPE^pJr|3t%=XSfcAy+
z=Cc^o??nA=AnAXQ!uXu(f_9+$iRE`Yv{TGpOb6lq7s4O1dgJJNC=8<6MyaD_bD5zg21lrSI5608$8^g#WNuILY>
zyJC5L0PPp0|F__k3g!+6QS$Tr;ZNdGu8Qn)*7OXdx|3UjtyP_RF4(}g^e5@1J
z%k6Ii`{Mo}nBV0)!|*PaRU^>8swLXz_r=@KqMaz3mw7+$
zHI|NQ#8qlM=cN%uz+Nna288#~`z_N5FUI#`G#&9Gi`%41>L5=#K}
z!$`Uxfj<{Z60P&((>TW4(fv8N7^q=?hXGk9
z@#N!=c`n*7r1^r!ClCIR#o2WSo)_0|xQF_BG=K5-DhfwlWd`c=@g$h?Mqxgnv>D?W
zC&&ZK+GD+$r?Fw#_jNE?tc&`3#@H@A&fc_+Wb_>szoNS6LK)gwy9xd2L3}kV(6IA5
zREl;66CY}h`Ua|~4JJHXpq+k0K^{uFX^7t=*j(jBX+|E)MKv@6WvkcFR&%aY>
zogqF5?fa7b<`t-aO^_GmHzV(+hWb1XsTmlDfuE4)<3l$ZPeLk?mzKZ^R$8K+i~8sf
z_rDFTA9~UH;WYB+?q$>$&cE(=u)UNoqaA2gvE*!L>kP^wJNo`kJ`dVfqrN1qgYkO%
z3_$x0w4TPVyI)PHuONs1?x
zmNUmt{}9cy_N0IQ4C>3!d;w;~vT8f(_hnxk0>a}zv@PoUvMrL=aV!K7I#Gd
z^@%S}K|A+CQJ=?QJbYyR#Kz#i{6Ko1ICT!%2_ZX*t<1kZ?XW*Q&_sPmFU8_xi1we;
zdOokW53SebjYNIkKXr;w|JqvghqvP@YF|BSU!Kq0e}r*}dV%`gsor85H%jPvCBH6?
z(Yj>>ty{wBh($FY>wT1rcKE!I*vdREIUn_f^SH|>5&;%8Ujc{T6)ZyY?SA9_+hjUxu#3!D_{4h$8AKJ7s&q~6L1B=f$FSO%Ec4A@u
zkntX0Fh2ZzD`{QvJgqBsA^mF`QQuTBzs!dQWp-{Ep?w~I)hhHqF$a0xKQB{Wkw*QK
z*BeXMk#OGp_!I5RP+r92@TdU!Qi>9@w|FbyZnekUbufF>H_+inTLL!
zBmFh7FwN|wTc91D|IDL(9lR=6xN$fc{`8i`UX6&B6{w5g6y0Up&c(;7lqqiv1l$r
zenbP>*C&1vtz$G;BhSYTV{Npr@C6(I(ZE8ae+qeFp3uz;?SGh#c3jDRfi?Q?*$3ml
zocN*tkRMI^DEN6DqWB2&fp#l#e*a8)$Rx6(9)xxjrl5V^j;cQB&!Q0YhmUVvTFD1u
zYVf?aK0-U({~8*{-q8GFK=sN*qy0vDzQE6G#}D);L?7!7BmFoF}%iW>@5OXq}wLQx-ZB%Zp+)@w{L;LM%PMqCaYsUvd4b
z)6hfvz^OLR6PZ*y|`&D>I?IM
z3OCfhMeEXB|Iabh7v?95^c*>su8W@JXBu3OtX;g)F`h6jiY1HY<-he9A8oqs!WHnm
zjT<{|J6$l`Vkr@WW<
zH}z|1$EpMRpG5U~z=g@$J=h!l=k4_x1}GKCwrZVZ#hQFPj5v+@jnq%f$j&7gc-eES
zc)>haJr4bGp7G!QIbayt@uT$$-ruBXTovXIi~6AcRl1LcZY-8$6|}$B3hi?{ZR}A0
zx*eX^DAJGJiM+8O?`jM|eju$I@NsodFxu};>#;lzBNgd7WnYR2;zIV{%|iV#QRokk
zkJ)Fm|40XUKK@Jxp7pB+8RQKm(2#Fmv~zDP^4y=|`)DU!5qY@W#PZ_^@@wch6b$2H
zv7>cDW%dP&ATUgcA_xrrR+4-SA_F-7BD(QbdhwE46g8cwj
zLs5Sqt#@(#?W2(oqw9-3hKlGosyAuS8*%$63t%mbs`redp@Op>B1J+X2@NvG$3hlh3JfFAMzf`m{`aPa6pT~Q^N9Lz+{aLn^d}bk>
zAoH`IE}k#c}eqoXY9VBp^!i_eYMe8FD&DWB^Q1&K1v(y3?ZJ4uZ-6w9;S7%
zboWI&1r!H0>L)4G|1+rnJCc4FjoZ^+VZHpiu7=+;`yp!dHkmvo`rx5i+Xx#3O=0(dWuZW_&g2%JNJkA6~Ch0P3IeMSWG$Pn5wp
zE7Nm_!^A)FLH$g6?!)KnyK-pX+YIgVJX4nL>%W*I-;?ZkpTs;QSdfPVZbthPXa7rZ}se@FXXbRW@)>~y}2=j&I9^+H-J
zmf8K$j&PrC>JhZ#AehH($0C25#sNMrPfbQUVS@X_(=-n{?8FO^U%zPw(ayVd=npiL
zSiGq}AE&&Sy-DdU-$G_z(F&
zy028H>ux;V7cVoydT)_G6SC31^JnCFK9Jyxc5Ei1eIB3XFd(q@+G>n^2HCmr8~OCE
zXovT!yI+wP<{Q6gKFXo>H#JE#bS44k{h$kIhaNMCEa^T)xDV=?G1`A=hW_w*v-vvq
z6Jg#WGZN4D+ZeRpf&6zaMmuJ-zQOzRFjv%nN9%r#q^~~$^(`oWo<;n^c;r*rmpp?c
z6F-#lnPSRk?1|q2?Ze_}L-_`TS1gU!(EmKzZ^^#no=GYBIf4A-=j*Z`?VJ*fSJDCK
ze`z?LFYiBT&|z4;ednT|{C<3N4)TZMkq;Hu3g7Yj7WoDxw8Q(!@$JYDqjhE&-o@e#
z6A-g6%tLBu{>`E5j^`U|rlI~<8sGT!{_Q66x74s+KCji?#`xU)j(%>UdIJhje=V(>
znG&DX5944=<2+nGVtF@VSaVO82u6EIg_CdrY}$PGQWpT(!43mHyr5t%AxCvUw0O?EXOYnT*G8D_p#TXx(`N;G0Ix-LK>j<99r|&}j
z?UV=ddY8a7$MVKQ?4Kln@ODu@j`ycglz;MmuJ;q|+!M^#Z(OimwPAQ(N@8p9{rdT+
z-;|7g@_O~?c}+2WsWm^}!<45@9glXP8;C{P2JNTPeLdIrmPPwpyQ2L`r0?d4{8^eW
z_&C<-4W6%X|E=N^)bB^@?fib^Q#0}*v~JJqT}gSxI~w0|sa}yf+E;jw@nrwwgvlV7
zKv}!5qW0qFwFw+%{3%*T;^X8Qx{nT`@u4@G5nWx5{rv21jE_I@Lt4pa{?U5rVOr1R
zv!mk`kiVqKH!E}A_t;O-0#mMzr2!hB%(X|&(G3Ht+Y_lIQX9j!Zg
zke%W+6#u2D&*vReE98aqzJ4q7`&5V%i<@wM_cz6O3irL_l%t=Go3UOC^2h!b^0$s5
zZ$`Y*TeL5nm&;|)ez6J0xjX5P9*(@9C-VBlC!fdb+L-oDbs_%tbF{ye=6$}7kp}ZJ
z8y_s_JvivzVzH!n&Z4}fAMt+o(T-gwte0O$uc2L7e6(o4#Q(i-QbGHlcjNgEAUjv>
z(Ep3{-qv*Dcg{mQ0imeBfOvUG-BQ%IB>hA3=)cAx^q-Hz18*ar`4#*m|tDnZ|QF;@`l;$NZ0_{=?hxY9#7krF9kPu3|BTiIwS>
z3iO+39y#(H{SPGlnq6q;AkE`^y!sr5{DbLuUcBB*5O5ZskS6qBgX~PD`>(tjzuVIM&fEP@BF5no#fS6k9}Tkp@T36a
z&+lKXD6fmBejY&eo~G+vZ5HbDabVspJTDu1KWiuHw{Kc^v+HK;Dp^Q*eK}(l~RG*5!C!I%yT!?{^yG=1=wqJ;pe=zDE0w#Cwzf
z*5p4wuc)PHXGsp)q4YvD1|~ihheZAV#-SfQ7kf7k^_|K7Kj?={Ke8k8ydSo|f&RRq
z{NIW6@Abm?4UfL(2j6^_ozVrGVNdLNcy()+^Ul11s(_W=jf+!KfL8O
zjDaIp|3Ke}INy=j-8)=f&Io*(LP9
zcOmlpI;zM(eP6*kWbhf(Pv4IEynlwrVLzW*itP^FNi1g+QU6#2>Q5woEj`E7p}dH<
z;|~e+-_029@cRx=T0a>@;|Xuafsg>O^IB$%_W5-e3JDwI-2~THemwg5m*%yxENn2q|)
z^j<3WGesNgt^9@a{(QQh`Um%SY+lg1g>i%C6U#HQFU%hv!9>jTkH}%%-bkSS1p};C
zj^YO0SS%N*KMTKyM0o(lr-<&y*?JI@HI&B+^NP+5SZ~-bthYVY+X*@Vi<>Y{D5ZQX
z`W))trt=*@>r2A@Mfot$F*}EBQJ=5JR?>XBC(*9e1Ul~FEJQDch
zLiuC@#j_W$_XpY$?uYTE{#GoD_45AdLF;nDd0dX(2N%xQ0l(4ye0sj1MfGZaLtZ$K
z&!+n|t!-HEY0}T2aprS(yk7XY*KR-BDWvsto^ND6#&}MBgLcx%P5=ao#k064@_bzV
zWruu@J@UN0l8uoU&ihTYPe6&DFYx=LGc=!eS%7}>aZ&{aURJMgUhdcn%2_tJiKQ+Tr8v8d>CYrW6&Vmx;uhM!H=i56W
z|AzeM=k+2G_S)lv
z_44aIGZ6VOiUYSZg!;)uK|fgmH->Dy3Vb9b_5{*+vE30L*{+_84bAzCEM;ki~T0p-T3{N2C5$%By3E
zkMEECO&j!ww>!(@nEfwW$n)z|4NjcJKTEKmCju@6rZ3!=J}njP99@of__*-~`m;E%
z5X`f~A@N{#dWE1q&!6X7BOl)zdA>e&c`nu~T(?Z}LB59Wb8YB+Cx66xh0hC)!MMcg
zHGPTkNueF#Jb0it`YC+xEQOv^@1p&9{Jbt*!}AsHqfnsd2to85fyeU+
zwYzYB+**fr6pvthcpmbi3i+F~uaEa<8)#@2hgnlGK7A>kTj{#!NY@1)2M!&@^SYOb
z_5(=2mh=aaKEF;6zDNCFWwg)xPa&<#8PK|@5!q4IMSt?_QD2dGr3mEzE=Hb@t7Xw>
zKWhQ{17Q)%-Mz@0P@c^D`G;=A)BPj&$C~oq5CK1Z8|wF4h4%UPtgeB9f?baTtE9yB
z@%!8t`%zy*@SL$0ZX{WpuWO7=4mg~-%9*Fny(l6p?%)}k1R*~t0-=K+*5^$n4cCVs9#8SZbAUr`7WdHomdO`
zG!v^<=A#qxc)lm;evSJ-GZ*b2N<{m7d^_!m`o`1`9nrifiPkaH_G6se;OU9pPC`3h
zX&(-MFILC%`tlI%&mn&5BD60ZiGIT6ES7e(
zkGG%^9pQ27@Cfx)==nSE&khHW&l2>9DjJtcL(z^m*`Kx@^JEdd2MXzjSRPXTaFW(P
z{fN&CL;If7(a&V!}?R*@9@c}ilI8i%Z
zrgr4#)i@XJEDT0FeEw}*f$L7id(lp3>bKgokA2@e&+G`_pY?>Ww3H9{ZAASBnt%EE&UQmyxIZ}$
zCRS#@h`#5FkMqB2{QOSeW5(@_)JOeEy68WA6iZPx`Xiiw&p}6J_I+vnisg$;LMU%J
zNza3LKZ&Dt{ybXe=hw@(Ahcsg`=hx2sS2$3DXpvXILA}mY=@(t@K{7FkNTmV7;EHt
zo?PD<`_DcbY+v3keK#O~jILjvhbXK^K9TY|9*1*@*neJLK|5ts@AFsar!lP)x}ZBE
z-(BcWF}0Tl@mm+*{e_<3{^HUb)ITp6=i5O3$;L5dT4&HAJEz*ApHI!vA0E&CebA1`
z663)6l`wI$_OhaN2?)Db7C%A%4d0=@EAd~~p#FoU$oC>Xwv~B&9PQ_ED?oqNlfD!6
z!`eP*=N|Eew4Sz+o?F#WJU>!CRz&xYJTK}53j)l4*Ewh>i|q8F>rVI{V(khi=H52=WI#
zdcO88ALGNvv8#0dcxn{#{5q0>e!|W-hw><%kByT<{*Wo^?;wB9r(wM_DG%q@^)<@t
zcF=t4L;8ha{cvMy$8JVEt_-&C3_*fg!(M-kPAkA?>64
zPIkII!+M4J%*a;qqV(aY?@03(@6T-@p=JJ?(0b-{Ih)sgJ0TOcNzc5dzq5gc6-k;**$#&{*k@SBb
zg2~S{E76WUJx}*0z8j6VVL#BH!Ni~bjQU4((SNQlITCr{JU(F{p6?^N9|twD9O;65
zbzii@ulEDj(N4G`@;o0*aacT)MAsru%w6KJ=t@7~%IEYAizgw<0iZJTF>J*IisswBMiN&;XY|^Jkm^
z>Squ?ItKX%biZIr{3Js>UkiFKhTFG+0fE^O<`ol~kw4u5>*d#}Q6lof{GtCqMi0RAvLye9-a|WoJEA{)96Lhm
z!S}ZP&Otk=31}aNDX|=1gZYE#G1~7&v1q$k1!pG<@FehoACcTY#xF9*=gucZ_>X&@t;NeF8Fof
zR*HUl(sjY(`EV54c^QOupt;3Ty8-!WpONS7)tlqcWc^7&%bJLHW8>lm6>kZ%yI$9{)_m(8c;
zH8`J+CI5H(;rT8LLq9JOf8hw)SwQP5eB7=CH&{QH?~4BL>v7Ivv?KQ#?eOvEZ8++8
zrFCXL{ut|_{s&rD;r*oh4zf@A10Uz@EsziCh4u1wNq#_lC#;uW7Y39EI_Dw3pZe_w
z+HdJb`z^Wsn{jBTJ&p6+e#TbhJJUP`m#tV9p2Bz@+l2lY5br|c_6Qoc=M(<{_QSBa
z<)rDZ`On0U4@LWX=si#fyI5j3p`G4z
zAFV-r@k6vzd>`%nrubayjdsqD!MO4JwXf7JzVzIXw^uCPr|hBo6wcSK!u~JJtN+mc
zfpFSC!28v|2=p_H*4w$Au$5?M#0m6=kLNu`yuxxR>I?UmE($YvW&=dzpVr;!Z)!Jc(k
z?+3aM<$fA_Bj1&tBk*>Sy^i*Uc}OzMUo1YkH_)FD@}~$cOxFK}d4;Yc+V`4*=gaMn
zqxndfSDaEn`-w&9Kisy6rSUfM-WRc6?*B_8tT)l@|FHKa@R1eO{&>qG0YxJZAp&Yx
z4T#vCZ4yw(EIlN{EFlRPap`oDo=HO|-E=xL8AOeHeQ)oPn|mFR9(g|QT$}p
zzH&+NdAItv;UG^2m!z%9aO2y}vLGHJ2J2%w!^NA!tG4F4C0^>hd^O9EU;Ek`~`F)?F
zQ>*6J?{7TtL#Fe;YfMM47oYws_xqc(n9ii4bGn-MCoB5TQ~0eCdbBoM}bpvBZX$-w!{D`O$QKsMfomD0_a6YJVa*2BN*+54rpEJg)D(
zi|Jgd+D|`<@iX41-bdw+oon%1{;KTB*Ofide%(<@&aZwc%jZf(|D!iBKg}v`tm6Y`
ztM>P+_Ip+PRb^+6R^zHxc=k4?vsmC6wgbO;^*^?jQjnZ6W*Y3pMP@YIODgfeZB7Ycv4is=cklkq38WWZH(_y_Tehk
z?}LpjhZB03PrW{VjW+m#&KdR0XG*pI?zdU~y%XG?(w*{8M76(h7q{P~+8^A-^!KYe
z98y>L=YJKQ55I)zd|%<$T*mEh-p06|_gDRf`~CV+jCZm6hO)|D`R@sjD*v`ity9|m
zyk5l*{ph~5E=ked$AEOsj@Doz;Z7sLYDEg09^!2*=Rpp1Z@)-zzx9fKtJ3p3mE0(7BLDpGPUio9
zwO(ueY)SEWzohJ>)~jEw7$^7>#`nSJ_`SE|J;3eA`_pjrbQ@LONdD17G!1Vp=
z>04F%WA0-CA69a{mi!r^Cx7|_^P}y2%?G*PDV2}V<2r92GM!Jofaz%c
zd`P`V|Dx8Zi}iS^f6=dhy?)>|j4!J?K)tV-S>f@fRNi4g(FrBE{SThc^QGMRu_ym@RdM^z-^vsFY=wXL
zc*g(nCC0y_@K>doj(`2VPQ`Wo=V!ls2J^r38O;9&nOvymUZzv$i*p|SDdX3u{X3;i
z<)3pCOy`)KR}QBQGVcGr&+w0!&doL4Ufc5@O)>6Y$0KiN+`o>W*vzWaG@t_
zDqf-W`Sb|$)1vm*dcLmz9k-uU@&7g@&x3oo{eBg9I$PndJ(F?&y1Y}>^Bhw3Jj90l
z^Epy5p+B7`@w`WsoV(u5`TbROZ-Ca%`R6b{-&Xse0Y&Gpa-UKino#Y}RQUNyAGZC4
z>7TCf&pd|t{D+F`>hTW$koo!BZ@B$G)I2tPf$`gB7}x&Ex_V#!N4+nzivC?;rtiOZ
zv0KF%PEm0N?dP9;DYy66gZ<*kjEB^Er}_LM**7td_2)A`&sF`-?PL5_m6u;u{Qv7b
z*K76p>e&weoX2&8k`JXt_(`fKMf|5q>^`iat?sq?wL*3Tb)fZOj>>+jjB{R@?U-lx``0}Ai_I=BDRNlfRN
z3LhqeAoT6pKXJcbRd`yBYxY8J|4xM;^J}K_N)^x1@8f+m(L(-yf8dWqP~f+yelJmU
z?xzJp;72LH>uCxXWmf|KrOG4d@!oz8vEr3m*1@Lj<+%$|GK=77C0fdTUFju?^8armvR4kJx4FBnD@Vl
zjWhkx`Gwy+$nC3q@rqwP!1xg?~N0dzJfb{5$u1
zyK28X$@K5(V_dJxe^&nUx0U~_{fe{xz;tdup8KV8O8Mu;YnhJ!p4fJZ>x%LI{teu|
zL-l*@r@6g<{XPCkJgy5>+*|j1^!vGe=C#bH#=Fzp-hV#y|31#`_q~bRYyG+RYmEEX
z%`fd_{3N9(7b!kJcs1iMQuzgKCx3ht_v>FD-=_4|U+?sBr6>ON?t&hsf5txMQ}_Fm
zX*DhtH$GGGbG&+A{PjzBe2eGh;yakmg{u9(R*yzqEzvpK>+Ni`J{{XE8rL
zwM>V^DF3`m)nEPQSKNM3;pbe#?fv%wzQ(dnZ6`j(`|^jAna=r&&i{Oq`QNYj*Z8?A
zKYrT9-2Tx@-xg?qLa(Y;nNKnc^3TtH!1y12$@tS%`z_Dm@g9}(j(4}Ej^&ON^La;{
z>1g?%T+Q_c&-K+COn#C3^`B$?;4c{We}AWm-fO{s=eL;t4M#EmC#t%Lel;&mYFw?#
zPq@?PCw%5Z%;)gynT~!h_9^@0{|?msD$aB1Z7hdLC7&dXOU#S^J8LKQv)ul0J-65T
zKd0=&tg;V!9oebstNrWd$7`AX*PhCJYC3~d@FV)YU&Zu-*G-v!2Rp~jPf5^{>=Tp
zO|>6Z^E)!j^R=Yrx9^Wio<4uz*^P|**ZrGMXL&yN5lo-dO#b=)ml=QM`x%cZ{0`~&
zo)Vh$op0Kw_7~Hm%ukbQe}LixVqBAIy*o|eZ+It<_lau#)%twmE!_SdwJ+BA#1zTWSLT&dQ<7yXU-|AgxIOywuv(ZziBD*P|XkG)&%yRTCCg(q^qA5;FA
z_LrXaIhK$AyI1d3a`>u}gXaGQs^7<`{f_4Ufp745pR4So_Ge;ObH7VN%;!PH&)v#?
zzUSjSuIrRNdA!;mh1LE@%m2ZDWBL~=dDbgB?^E%Ub>$a5N8!(UG>_|J>Yh@q4?|QR
zD8DD}tFJiaam?rb2=nR@=P~`CtHK1`?@7BEpHTJKdcEGO>XyIqVdm#2
zil6s3Fh6e(Ge6q?Y*qH*US%Kjyqv1`(YL60xYnz?k7GJDYM-L<*6qyCUC-x!cdLG9
z-o@>oJIVcOK0}m`6Lxa-1Kj=U93Dcq1S^k;c
z!|gL_zqU)^ryR%amoMPVXrO
z{`c-+#_v}2A9}XpN1gl7^YRw854!QwOn*kTzwq-+=RZEc{AhhUkrqV3&z<)({(IGa
zkMbYx`3~a`srP+n7x(MG&+yaZJl^Bgc(p!Ur|jEBYM*|!qW^Sd|Ib+Gap~{hJ@^);
z^R<_9zuIqnv*PoWpXT=ZyEaQVD}8tgw||PFpWe#&kG3*SX%6}4xqo8Z?+-ls9G1iF
zKj-#6iq3u4aQiP^&A8_02V@ZB{JxxVVo(10Z)zaq`LQoDpSzXZ63XA3j&pl$pI@o=
zBfHdo@!#|R(`uftr7*YG`?%MBlIzLm
z)VY{b6`eP$eZhNv&+X4t_@!h(#CSiY@?YA{#P8+t`tP4PL)A0*>*`Owhuizt_l|$%
z_i@%|=ePZV`}MEmH#IWuUpHT_+be(XEXDu8ueiN`J-udu@okUe@#^>PD{p7HEj+}y
zp07|Wc3?O?5*y9Mv$S&-PS$B+(P^PbK&_^DnW1@px>1
zawMKg-arkn896lEd651&nCd*(O;oSh+ntL<28QCF`c#}cvrvHh`8
zVsKaxZQM1Q9*Kmv6Hi^Tw;kMD&(--qMa>Uz5Bbe^gk{%a@aC?z?2HfO(%HiWy3|d~
zUF%Yu1RWoM|XXUW|96s8jUI?
zqlr{M`kqnkv?@`v(n;emn)x--11^Wo_DDx}Q|w^W861y-$EN7EMzh&;wqs;}I;w}}
zs;C-Su?O@RQ{NqI?dTq=Df12=KVJ?b3Xsw3SrI=96;zM`>u-)t&UUqOlxEHcAxoLasm=nvdi3T+niYx8RD2*I7-u%2
zqbZYY~R)HODeOAaSC(w$#vBJ~4f*(}M{rZ{1tRZ5h|tDjJ-XvdRLs9B_b
zFfl+2=-#p6{zNuU2hsNErrpv-GB;&?qv?_M8RkC{89fxwbjA;-((%D)7iqe~FhApw
zuS15^u2o8+=Wr&Gx7^4v@(WXNjA8Mzb!SLxNBIT!3@bv0b8liiCwyMR&r;xO%=zze
zM2K0xTKPZAhm~yeer+0#=LV#wpLB$wY)52^q}!c4oJ!cK%kgi|WQsHk(<`Bg@DgKx
zo69%t#OY`vdoZwLo7qiYkBY_OqeLaAoKdm4Dc2?t9cO9x%&*dLgW8hPl-*695=O|e
zA4nfeWOruM!)ywKA#as>X;j;YW23f?40iFu6|h#eUioFB{X;OP%TY~-PQJFo4q1F;K7>(}FS9yNduZZe&M|zC5;U05Tu+!v-y;Cw=<32Xo
zW6U#G&BUFDE5~FVb_f(_R5UGL1!-SEuQBZldScxzF=rJ7LanZsN4r_&>sg&M8nyJ=
z^Y*~BU1|_sAGwXOj`V13UnVg!OpAqNJDDYyWl;PpIV!rtG=(tox6V40`#L9XaN8g)ge2||*h7zOAa2}BMoutd#^*#_S~rB3xq@2?t3iiLYS
z{jW2fBnjgZ*d^?IW3201XJq>6Exg{Vr=z0-@l2vy#DPWzd@qrWguCU`n_4ut@T*}9
z>Hezs-{xnv0G-`=u{~_7aKmH$6w?r^06XKPmnH5s8f9cgF3=@EL=tzcwTDko~7xEw9
zna+|Ql3=HKPhxa5P8L}|E=A&fris|(X9_=5vLKuKDXcoeo>%Ep){qz(R7QpNyf*ca
zy3i@CSU>%%2$=4WG0!ALapM$g&Z?#RvwtLZ6u*d(Y>VGw%B&k
zZK=13g?5zrtqtC}VNk_3d_dQ{=Ys~8Z6CBS@BG{b^>XvaoOhF-l}cPWmd>eIv~R*A
zmW`rIErNSRcl+!%Fl`szUkmRTpFiW^KBFz0&tx@KDJ+6<+k%t8a;q
z@+^CnMeq(wOdio*VxJ13`sL*qgw5U(dd8I;-IL(BPoQ|b;SJSqe~G)Y{FyO4Xy_)O
z6YO?ZzX3nkrQ)t<9#`1d02f$O1CK*&Y@jHVv#6Eg7MuEVmS?+XT<|fEbIdB|wy!V8
z(=FvO{aUJ(Ft5LWF00$MJI{__3VE#sA2d0x#s@0tyB6udO`zKR%_0Q6E+>=^c-{-F
zDPU2KD=wPN9SM0XOXDr$n)CGbMJ^
zea$`YYNs0Ang$SBZ}LW3X^V5j)<5%
z`7BLxZ`_@uXd{;*1!KP{Mv=l;#~`J*sCa~jVHgrc8+FA~a+o59-L0|R{SheHpxO)(
zlGKexCNFW?!7=b1vOVv#4~07ahZj)^d>Q
z`35P%>tBO$nTiOPocDrz=Z+EWwpp5>w3{v)|jDPLby>k`SCv=3eM$Q%7<$K=hrujq*5b
zAmYl~1{x&>)*8va#e+YM*}q75Y$Pel;xoCdN-N>+N+iP@2YFXR_4BDjF455~N+U(F
zZi6V+?WDg7{UcEXrIpcDa)Bx6_XEE?V7QZ>%ggm%wY=;e=$&
z&729OBP}Y+DqS6O>qsjdRUw}v){}`*eZNS1r`7vkq#s!QE7N$=edZ!p{;%8{Fqg
z?8xP;ypBql!(z-DX0zBM#(6FFP-SPhSZ}UGOPm799+f1FCSvhiOq4bhQ$V%E6n+D|
zmGFFg#Qd_fQ1LsL&xlZ!WA40-OE6?QQdE#H$V%wK`SQ&w*)X!rg{t66w9gbt+7lBN
zD8;Y73`>{Kk9XxEquJ>es0X69CnmQ8*|C9~7%3eClJ$OK;>)Mk9M4ek-k^I5Bhu`c
zU48hF42Vs!qtRBE8L~3FWO9OzQ620eBiPv!+mYEvCrOyMQgyzW5H5Th@p1F3a1|v;_$^B~4jmZUxQ
zbcLsv*Sn3H!*eDTrDJzuE(^XZjk2aq>0}w*h$1*y_#_Rs?Txk6UVMJr)GT>+OqDU!*umvMS;3K(Of
zRD#=MBRR*!m1&ZV#2hsmmkNCtZ86C&qcr7zcVd?oS?XCZ5cS#3CJrRrf8pJ3mSd^henvA+6R;D;&A)
z7eOR(NY}(cb1d4`FVmoc57*f`LSl1c)Si^Av*=YWCF_vP)rXy#xGr&+yy0OwJWk;@
zl`^J@C^xD@4yz{LN;e*ijLFL%M9SX{LR3DtTshh3sN50D+&OW$Bco>G{t`G1aHNJQ
zx|OT840gM!E(;4pT96&mO606uucDF}L2EEgNN@+owdhie056Ofz1Vk>NuuReTo%Bx
zs37-RB=$El2;=SrA3<}sPVBgXW0kRn!Gzj+({_jCt2QeY?Bz(C32$DLW~;&rBL!1v
zOJ-gd)!Ruw9~l#cyPlx=9T9%_SJ_TK1C5@5z;CllB7K!dbEUeMR~0qioU8DU;G$!tOORkL|t=S%A-OJ
zb+kY%%+`8FGXAoRrB{SCrhAbvm
zTw<1_@~9gUa&nFHT8x{(43wv$#n@2M=@ON-7_~xbYkRh21ujm&qspG}TY(7`POyIE
zMGjY(%%W*Du9gy|SiVc+oY52w!fewf#Tdl%zU0v;oja0gX3o{>^hpWkn+yS^OH`Il
zj!h*63Z@St^^^k?_ch7nUdJx7fg)?;rdPJ?PiGIsvx6OUh{5v8h=7AAd@z(Si0uK_
zFo+Qp@ZfEvF|E`f(@NsTiReL3N{LqB5|yBZuH}%IS;|$H9MNzrCa-FW@wJ+?&7-dJ?_5=0+F_k)xGqnLq|ZF6_>GDzhHtr*~)`WgP+;JpX_VG+7yPTWLFX*zfQ
z%9tTx&GigXRhGD&Y}7MNqzmj~J0^dS#;1~bBIZ*D&y?{b|2-=HXWSc?K}t;{U0$S;
zf%$xREr?^6hKHSkx00Ws1Y7y4<_5KC+hWTk3iD9I<4$Q(GUpoj+sSXj+m
zIaJMSEBVrJ1e0{B{2Us^#=0B}cx0lk^^N4;iHM*lbxYeJs!VsS@sZ($UcRleZe6(U
zVmauRJ3x}8-bw|MYJp7_<$m2w){zQyN5Uj>C2o-;-%G>v44t-VWQk0F##UcmeE{gB
zrLG{5kPG<;t)Q#ey)2)wMG@!#jjQ1HC<5t}FF6~GeJ8eExy-!lG;dDTg4$wizHD6o
z*m-?}o%$^Cuzw5f`?JXdL%G7Q)RAFk3o(;Q?Eim)7s~HY1SU%XKN%tt2FIuTBKSrI
zXTv#u6~rhK!3*LkxXNUya125;8VS3BDO!D-DH`Ks(T|Lth;6REf09hlk?EBDIdM+m
z5JkxP(_^BR->edrrRj+KNlvC*A9SwR`s>_|d1M6NOjdyk(CF-h*{KmP4*kS;vjkd^
zghwshSZ81r_8e%zBl=cnjlGsi_bI;7U>6wuvZ0cPdQyKrXiH)I+*l@+=-8zqrJl+F
z>c^k&m*;imfn7=nH}c&wDqkQH_8q&2!_o3+Nx!B+auHL}=Z;=F-s!ToBO_|3qRP$b
zqT?ql^bH9?y6AieS)H8}0^f*Og<+!#6dfflcW)@yET?7xPc4a5jM^SK_Z!4=@dHW<
zp4@~t;H_f?PRyfF*4OfAsnJpMmH(uzd0FoCjmN*@Hp=`5C%&ywQ6`xca37lSg8+O>~W)ktC0C6=06;YD8(TAJ7Q)eUNh(_doos^-dLkX676l4bI
zriffZI+fm{m^_6l##JEIvJs`Lcf4+$Psyy$x$0J8HrE&z^E%O%Y&FfE^p)vieVQ3v
z3|q2Ua8v&x$1PIa&Kls;Uhf;_=qxEsUb2_me<$wbeXP(fofvR8-1PpGRJwq%dpZIt
zq(Q^59{}~TB`cj^GiY=0+d2P{DXouC{)F>PE#7@NbN{hUC
zy{1*-n8+*L6B7qCY+3yVSvZ@Y)en}_hrO_WedS>qgYJ%QYn72cihl_+K3c*mW_->u
z3Z*V&Mk@JhnWfnVQrzXNUB=!W=>}Q83R2v_3TC8R+9GCt)Uu8l8#@v)W#9};nVE=j
zHIt^%)E=#`y^%Ds1x=`lwsWg;g^niELRo?#EzC(kTWTa4z?@p>lx$Ir&uhKe45Mo7
z(8;)Z?CL)uY-0|c9BoK(VDRB4{`_TCrf9u0zwuVv7t5
zxgifndvixdCCDy7>Xw3HoVpd!yMF=$19Y`9h45{0TuPME{(u4}tU8nJ$x!0Gg?{>Z#eNLFmpWh&B?W`*4d`A>%Aa3CEnw3TUrtqk;DFyBa_IM4Q{
zQhd@HX_*bN)3a|BNmM=q6--Rp7d&F>EIcw@b6+G)b;N9~+$Cqm^o26{vQ>FAVu<3E
zJJhXj;`*W8{b9OTBc?|b?8Gc>i7C{>@m>3j2by2c;@?S$FA)Xm&ZTmu`#5Q>r#qwM
zw+U=DKF$qE(eAA(7E$RW0KE_*uH;x(w-kh9AHhQRR4?TV-HXYL#Ck*?fR9g>AH=7Z
zR}@D}t&p`wLy1%-k(KEH70U2r7Islfb811p+om@*CoQEiu9H0#LjrIT{-oOQoo6i#|t4k`Y}E=u=yDR3m*L
zIe;fM$eaz*7wg4pCvysdn~#SjAh*r6D#E
z@;=E<`Hi;n)7{dT(KkBd1N6lNj{4I36qpTF{a^0$v^sUu{Tms&go8ekO=05!IzmIs
zKfl8PsBsvR&*bP>cG+Y^W`p#CiU8eX4LSf*=vb$2;|tPw!<7Z>x?np&0q}}j|o24>4KON?3
zp^7^O;LVLenZw0Oius*;0~|^?G(!6WwyCwsq=ZS{lxK|-Z-}uOgd!Y4eUTu&uq7sW
zOffxNNDIHwn53Ztm9+YaBn>UH?hT#vs;c0-_pQ+HDBSX2tf}qrg_&@9=Pk@M3LLR8
zS}?0lL|xu>rbT3HlOz6YEd@5j(&yy4^Cy}nIZ7@c%{G+^sc$<(8svH@j)}_SwK_{)
z%F_jA+d3RKUqe@x%Vj>m`|s0rC+}lFIvL?j6U~aazJ#(c`cP$=>6a#1#3xj>l+BYh
z{_NiG<(OAvT#_Pey2d5{#bg;9pDWwQ8mW}J?3y3;q~`KWt@)Y4*4F$?$p&{*9`~st
zkJDgw&7FHJZvnete%fdnyhgzIU^#Z6L;^)kfsqcVNU7GqOvg71n`97-eTySTqOjLv
z6NHypiAb67LJ!7MPN^Hwt;DG)_b5{F5I-H|*vt?=ghDIUPoXgERtTy3`!+;>3X#I%
z6q;}M>A?i;$Hme90zuYN(h%Yl4J1X5d>TSjazh;!UCSZ$+@KHQ2d6A%la&8RMT_f2
z`I0!qx0epi>2fyrs~_eqM}@|W7q8H9I#IUNBJQo{2*xIN?XjY=V~U+{?3Us?vH0L1
zU0pGn-XG|oO_W9<4nfF(qI=t8pa8R~NgGUcN)M8(V!1(?E$Wt5x7La#&=UvUJxt+F
z0{x*=_PRU~RxgYp=mH6|+~`0$Lc=W^@1!AsmAB@qZ5BK9fes5c07
zf17w2oG5cd9H%TrD!V8kVvjI4dLqo?mN-u@VfqZ9be}zvHcg0(yokb83TBIS*CPQ_
zG+RV)ov19`Jd-$(&eFDtqP*6C?UuauLUCl-8}&$+_iQNcOS#kLEG0|R!?F0l0KH-^
zd#d!@zDM%zK3zR@VjBFJIMUDpI|(n5yv+j*(de7%y`t^{+_^6DF=Z^eWX?UtN8DS(
zq3rx9nmC2-54IKP#XB}fK&3ySgH84)teagebNi!;yZqfY$Wpt;h2vD^NyW}`(WsoA
zWi2VvmtqM^`DzIY(!ICV?
zQ)O3SdFgoLl1lflu&a%A`rKfVn0r-fA({PO5V=p(uoO>%Ul#C!3?%8?iPEJ}Qk
zGdlFF*FUl_#XgX`Y-|_bQI#J~vh_r3s5dAYh|Nrfqe#UR%DBOGRu22qN}0`%=STcp
zLuP)WObgGlvymz`@`AjVYthV1xJGSn(RbQRp~TnP{BVhHw(;Q&yxgVJb6#WPBNcp;
z3)3(7G8-Q)_C6aQD&v(lKJUmwztyNy6yK(MVh@ZY24lmCVetvvKpQOI`AR3W5r`VC
zE1s~Gh!yB#$nxLmdJ7R(AREg2ZdsuvcXmf=%TFr|MLM)KmYHfD>^N8~+5u*9Go%mX
zeHk@c3Mvs}gsWb+h=>F2(|si|o7At*<8M(Ozkdf^@_tiR58F4@Wo_r(%~I*x`2f$r
zc3YpJ^6p>Di$VZ7C!g!t4wqkT=91JwW4l87eA*IrKfWjOU4;Uj`JUCip*8d=u6n}Y
z{Cd~d0?7l32Rs}lTdNXjNm=nEZKT}
zh%y}-n_E#H8Fw8geO1{cFI(n_yUbL$59_nug;rVb>HBL`r@OGHFZmge%vd%NJDAMo#^T~@7N(|KcE$&Clopnp
zU%gkPcn8ME~5}8~wJ)#06Jy#AbY9YJ2C72=xTPe
zr?siASJ^#ecA&1aYt$%Cr@7=?uG>q0?@H`>E1oHDl4tLBi=%f@@r@*^!ywHqxBMp>qAuuIS7?7Wk#H^0maF5bu|x;W
zY@A;HZSm0rgcA*iuXPch`Xm)gy=6O%QD|#aUKgcbB~~9p4<7Y0{9fQrO!b9tl0Yo4
zZ*ica;K<|^D8{qz?yw5bRWDgS!*pgNOS;I;K22&sxndIDY&s&nC(d%hFgbowe
zSD-_iP-U6A)7f4tUk&0$+l}gy%IvY_^}Q+de$p`2RX~zkUxP+@FqT;`{T^vdj^ZN4
z+(Jv)1HGaV&srv5P9CM!Pc|h-1{32Z2Cj8Xfv+>Y@>nMT
zX<8dKj>Lx(+nUHliYRktZ5j!S#AG77m!6={lzLX|d}HEi?FuB)A}zJ7pU~!7n`$XB
zV*`(+HB%_A@dZp`p`JH~aJ-w8SEyFLPSXYKfVB`rs1|6R@=n|FS`H40vOK*xsmGs+!xsmWoZfA4X3
z-FC`S1#qYICeEd0=|bBZIdjljdAV#hT)gqnP~77P)OU@ISS!Wn+|sIBSuBF{&{qluj2N9;#sszWL}6LWS4
z#He*qrkS(rs>~gyu#+@5I5yNCQTfBN2XC2#N~{z
zar6+~041drLi|;i*|#P};{DPVN`S@{&ggsqwkE#E8^)c
z7QU}OmAoz??p6?i^a!D{IMpfHNfNORk>R1ITJ*0JprKMI(U1Ho8f`i#_IJ^P&h_?m
z4*GKB?pkpKU~_n*v)4A>=qCejjj`^iboESfr=>&7Rh|XEmJA`qV4a)0*^c^DE|sHJ
z;xVxqAI@0a$i(%kos0@O;Tjd+^AV*{@gYL-K{p~UMoDoWx(0V37a7gT(k^Nu0!H#%
z(xT8>R(rX%OX7l)4yw?W1w2}#M7z8KC#Nr?j`N1wxirI5JZ2JN#aUOjVbeO+#%w?9&iAHu>~=sG(PwO$Mz#4qP4ej;9>m%xp?pJ6;wKleRr+{66!`ToL==)p
z<|t}Jp($@WdABuaAQ4JBYbn1^hUI{u@%&aIhKAZttp@WUwXecHo$x4vaxqa`N-rMR
zvGOs;Zgu|F*V~)A{d=QxCRZ!{&5}(rT+*#l7jnw)CTvJuFHtY#|VZo6lT+(jo186;TVL7{%o+w=^
zA-pQXxGXq(VY0pWGT8>!#FAMYv9Qt_AKk8U8hMl1O2>B9Zz7tML(}&GAv06U+Z0Y58GGTu`Fa
zSKcEOW4HX$!o8RtqTP&O!1Pn3K0dlTo;^TU!y0*yG&sMT$3WfgNRQF}$iQoSbZ089
zV=pKvy3%r#0eQR=bFXdRXGTTD
zI*JwXW}yv~z0P|%^vefpc+)^C5qBz7H#*Ni4EkuMD=m^YB=X`d$#I4@tP)L>Os0!J
z)zud?X==A@U2&-Pn(lq6cQ3=|J-c{woG&PKnV&9nTMY#n@GkM9Txg%F1coc-+C?Jx
z-B4F#8=U%PzK@=yDm*Tl0)K=jLRv{>km@il$C9WLPDGoOdq(!klwB6|SgHlzA!@cy
z1#|FSsF;p5?x)0`Rx$k<(~a35PrjJ9sKl;+*BTM8PdarlK~*M{^{0!Ebqx-@V&+C_
z(~0sB*FHzDH9AR=`s672>&d|mnc)YIKkRJyoFW>JN>X~><*udI-@(teg*>&5z0kSWcPy-_fc6sJoP
zDa>84j{P(vJPk@8HCr2=0HLjXOOnTlA}`Q0;es2~f6wpYN1D3&*wqw+O{=RP2r0Wt
zO2=v`#-#kC3KDfm$qTNX2&0S3OQ|=+w?nk~pcF;0^UEq??Mk5{)EwR_IpBI)X!L#O
z6{PEuQggLWtq+w|vj}is5gDU6DnhW*9B!fYGm$-*(3i_^(9?nMH+AQ@V5}l;0A=MW
z@B+1F^yf5bo_YUP&}}N>DvR%W$~zE-(}Vl{29Z3vZRxaOpAiYmU3lU^mWti-b|GX(
zZ98K631c9*u=#VoqL8FnC4oCr@d0@mq(58W&lKAqLPH-34^c3N^W9?OZRyAR2>Dg&
z5xugP_+(>_A}^w(*&Bb6Vv_<8HEnLmGi_RJKQ$c^71O$V>5#EkDaC^9f)0C@ICpOi
zqQ}Mn``Si4wcgr}s{vrGw{HNRpD>QXKsm7|IHsN*BEAP`F3pC@0r>g>Ax|8KtAA!s^KyFaFFO
z)$QerO(qYixNRpVQQclljmzv-$LC!&D|HGe0L62_4w{?<0;rq4$vEdZ#(23fjH|SFrA`D7j
zC!mX)_lbBH#iC_VD4jmzShOe?<>>rAdjIH!cb>VngeN$VylEA0)>1p|C6L+%tABK-
zg^ntB_0t(ksl~|sTlC=8(1FhSZt5tXGim?8qb#3-e24YQ
zylKQzW-Z
zomgKXSyZQN`KD=#xD+RwPOF-c|37piu92Ztou|#Qm1re=MRUc?uDTRNn`$pD6_XOj
zHligMWO*&P?;GfH3G`bqXZ0!Xjq#R*ksLP51awQ))Op%XdO5fgA+B=MK2CX_%A{?c
zAh1Ye)1>XXjvEa&vr#iw0&q9?}W
zh_?o3vpUf=GWu$=P3p&AU!t5sx2(po9B8Oq*GTRo_R;;3W_MGRmtc*}CXGUVo|3B8
zL}DQ}lpM*4Pa0lN_g3r@A8nz14r!aIScQHo_y*AL@Cm0)VqTZ3Z1PNV)s;>+*af0q
z!40O}TC{hq5=x{-g&gbwdCLNMb2Mg_pm5M-o-%AY&vp7ToSqAxH@gD-bYlVL;ga=4^q@ZQ~Q1tIEu
zO@5#jn@FX_H>&h*u_DCjV>sfB?NBy-
z$n8KFNm@)~Vw~UYI320(msUra$x3wYy9|sLoW_)bBNn>k4
zfGrwP^~}lfdXrS4laatZWGt(t`W~0mmz$kMx-f3+&2f
zc|c62>?nx3S!kldS)15Y&hmif(>jqwo})d#Pwmu4-|}3pB82i4uh;|H<@LL)MV_Ot
zW|pFSHYzl!Lj9Uh{TxTr@=(b!LDwo^N(pHtMJw`FOx+|j9Wd3BH
zi*<)*z36n6K^GFBn+rkCRYfH3)#c~`DOhL6Y`LQ=0Vk>Q1P+3
zM%!^eD;u??ZA2`aJTR1_YnRc-^@N@`EoMwN7{pSE{r{ZK$)TZ@HJi@RW@(U)qZyQk
zHrQ-cHc9%Rt->RBt~Mf-CgZ|+Nzf_!ScP;y^<~Jy2$ZeyGQUoH$0*sf?%1fjekqn7
zp^ZG}^z@}DL0<*Qx?Y7gOKy?a))a+1K7
z*2UXo+9+<4DBPuN^ZI}~ERh#TCB~BjX*w2>8KNuYQY08%EfV|)iC88?R-~U?zZUt4
zV5x@`E>4KchDpyWNSohj(*G`1^Wuazimhg1$t8U&U@LJAuE1)!X?hchNWsSFbMgno
zq4UjtV}-Gm$-7v5Y`kcCN!h+l8@=#I#35dFSaFly%}674g9p_umcpV=n?EUnKT17Q
z)L2?lCogE>)A3(7abCJb0U8}vHY{wLy&Bi+jVn9&m@$oI(xXL{_Q=eaV$Shd9Nm>u
zD9Z)t?Xk?@rg}4UN2WV@2DUb}bLq{MZeRp2o3~*4(!7xLwC8Q>^YXUjXY|mut#tRP
z@D1e`SqtQS>s7)RF8^@*B`>8wH3F?_PBnt@aeKFg$YPNLkR`v!mK`ocjXVU0N!qD7
z`c>KekTls|lW1qxm9Kd9$$@c_*_PMOF`(eo`!>Nr(ll=HG-w9Y7Ss&Fjo6jQ%%mYQ
zTXdfsq(d=$QYv+tJ-7&n#t}*ai^Jh9GGHavIbZf*BQ*H{eWoJ^|XSb1W6%zLB^eOxrT4G>U?GZQ+vm(viW`
zmA>()g1zFC!c>z*x4|aqw9*ZULAlF}@xHziebHM%eMKoeN*gQs7-TDl)hT?cHbE7f
zH;mFY(dPk$5fGnIZ5GL5V~lnKn&|F(E2P<`2(KDK(fBUq<7u&Ti{c8HcT=*@W53M}
ztOnZDTv%WcAUD;Y6t}=8iq1ht>zi(TDjEqx#*{y1%vn>hfEUg~swAXPQ@c1VSsWCo
zwTVrnmIs7TMU*0tP%Siziq-aq+V~khu`T73PA*Vm22RN_t{U7NN)^G?)2l9mNQ0ohkQ4&7^rS`E;iC}YC@{t
zF)JTuq{ZvZt|loVQSRY0;bj`0ErY5+Ntzs55$M`NPNNigvCO4Ku6R%n*uZks8^{I=
z*^6a_ZdS;0JQ>LOHuofmGV{|iTSpm(O%7By(Eyax|B2a9@xstIElc3QypWYIUg>j0
z8@6B?bR-u~jwG_Y6Lar+O^*m$z`J%~Ez6!txlmxJqVjqo;~*-58=OU1jim1e44MX(
zL^eCAgo#)oS(OIf#K10Ts9P0G9@Qp=A%oC%qLvI?tw6;*Diz+#W
z)1#Yx&e`{|@FQQfB2x{rXy%BG*7@Lhfzbv}kPFKsvf3gTX;2=yPozP|C`?6mQPwzb
zG#?+8d45Tm(r%D=;
zJcA%o%VTs?Ht9=xj56((jEH5dZYq_phq1^r)?vw~k*7!L7z%vSaY*_H{g=-~(zeho
z72VhiLznBwOU^e>gujzK0MMK2iKz{!qqNbLdvj|PDDg$=RSY^|L^+K)1oTw~3pQo190e+P&
z&NuCl^0ZQzV9!Sp^_?!f?aI5rLg+c45>^*z)H@@mG)I3t6{oBAWBVy9BXi>xrn;d-Th&C{SS>n*}Jlm)sz9z4?6r-cBW*!$?@K`MhjIf_h52S
z{kQw^v<}cVUw-U7Qcvqoqn>SE__>H;;HK_wm
z2v(T)7L{D2+pjyX5W=Cig!~bG
zQ=&88MP5Kt=veH+irIeSbDlhFCwaf_$yAkPm0KyfYLijW0akM`mxe&QGcJX(TM$cX
zt%M=ip7af((K?8TxD(PHgpHmY1}}K!4+CvoBiT9`h%L+3S=e%I710#Sj}GyYIn(7w
z+M3x&&{HxMT`bj8?D>r*dy3I7W>AYfZ?~DY2VJuWvJGGs>0)BOUspOB_;nmx&w5JA
zPx{y>8pq-qPx28;RTELPrF|vZh*RQPZi&^7rBo|y2~nXU{s7Nrr~j_A=i_ZpN!%(FFG?u
z3Z!Ww&*pmFa>Xe1G5795QXtDNz|<{u=s4jbBc~P^JsNXXP_arywf?$0Og<7Hh3f7|
zKTEjX#KbcZ_IvPBbfl-9GEhLf!Ey@lOnpSf>qNV7)_r=f)WLO{q997^s=wITi}glO
z*|Zo_y^b;M6;};9C7e3lXx0xQR_ExH2u@Lmw(u>^oMv;!CcIU8wOe#v*QSX{rJVu9fys5k*HL#&{hS*+^uF(bcJ))YIY>vu!$_)~ql$2dn
z;M8P(Uu=ms8j!EI1mtN56s9~B&kl;*dVuVSG%^M1zUatv@oL4O76%u{7QHxD)_kHr
zL(vyeSIq^J(u}&*XWAHBV!bkOUQeI6H3!a13c3r@{w2VkixGUf-FZ?l#d~8;X_J%}
zDkmPwi&jI>d2?rmtWXJ2X8D3e_4Su}Idta{bA7(GimXlfab>T=NYe9WbOS|DMH*M`
zu!$U*H@(S-#bc4p3CU79imygZ#!#ivBb8LY@mYPLq!l?sAuKNYceF3uCOtCnBaFU(
zfC+-F0meDuY!h@^35D?aW7;LAS`JyvmKYsP?^j6~e|asnb;<_aLVn{Wz;R-Mdy~j4
zJ3^2OZ!|evBBjFN64?3JXsFG(_YElHqdp~Unk-#=w@pq+OK+PjPl>RQSk4R^C)~V~
zf^T@^WaA+J-H{vx+&Wo$iPCO~OuKry$cv<9pT1Pk;h2lD>dn5BqX$s8IgPI!h33A@ypwpN^9b3jX1@nwZ<;-fZcd@
zrJc0Wu+7>vVtM31szU~tt=H9X=>!E^XoasdWMvY!_NKDeEDV-UO
zG{rhZZJD?XUDl597H6B>;%tv`Mpk?W!&>k|3foTuRDlSt=2zSDich5L?5lSR#uM?q
zodIPw&b7(5w=Zj=P)gzm~olPh|)}9CNV-(t0mbhvZjvlC|s73NOA~7lbCi3x4;v
zhra8;?yFeU@(g(ZpEWv|kg-A{7mjUDtNO7(V&L<_9x2nvE5oJpAv_}JUCb?xgyVpf
zvYZ#A;a||X^2x5`7J8*D>6S;y$I>I>wbY-Z@#}(xj$GCy`y|K`mvtK{q43O%^!qrt
zWZsvX_Z5%pnX@H9PP<;2tfBV#yIxa2mGY{nl!ymP25f^n
zVH2CeAJ=}Lo)t9w&iY!Y?6!cF_l4j#%kRm*)=H$-Y5g=UT=aue$tqkiiqX=gXh{*L
zZSGGFCbMMOlj#xoa&0UZKR~+!I)hCm@rgqzDp{o};|+L4a-pFWP()MYcb4hBfXnSm
z=ZH$e2Sx@d!n#3bwD%=mN_eF#z8blf8|{#S*|JX>xUbI&`BUEaoEDbC2`lm@IT6gZ
zx|HUg15eIJZY(c~texFQN~z3VS;ezr>#CnDp(C-E)y<2KIwI=6$xRm@<)K+ERxG
zQu3yC!g5%ZL{Hk;niz@qi<`gpcl3^CX&z{qNsh+)lR5c8CFOXECiLmrgVCmg@zhv?
z%o|w}&T-I;@PB=m_?NuU>+8gb8S6?zbyy|DTy4UUTN?HN`
zq(XR&`F^wMA-iMDg*ht9Y`I_4D-3i5AThp^q?YnMXn80}UL#>#_ir>3)sa%jf
zIlU3(*gV1F5FJdQJd%2$oMfTxghHWfF=);Aqyo!fg(6$!*wgw7*wd1hE5~q)V;f|?
zg#qt!Z>VEKE#e5$Qj52S=Ab^-F*2AKkLAQYgB`niN7;t+O?KjMq6$UEVvR3GkR792
z!A7g9tpMI?Gic`6WVr4r1%)hbx(o>UcaUNeT=*0O$)(IFq6lkIO{#O;M5MUI=K+Lc
z=M=hN;HJFHrC<9?(g#QJHboyOPDsa~id{-6KY!UEl`BRUjSna2J7K+I0-Ub^DyKoc
zj$O|2Oi}UWo;I~EuseDNQX-G(wjD?f=Jsb|tYuQieM=s7&npcrsY3nulUeb4s?ne$
zuolH5*C9$V8B#r(Q{_z=-w2}#cU6A#1BK#DgitzK5gmn-FSQ@oNx&k&s4D~J#+|Vao6yB}NV`vz+J(s~cdocg_Sg>5
zz2$|vq}P@La@t`Q$xx?b*{x6$@`;-1;_Sina4bGBpkvnJ18HJ!7^O`lKV$vcQB*iA
zVyeXDGV)G|9+hcrjgAi_GGfOmMa=pX-km;>9EfJK>Fka$7w6^wpgz~5G_Y%IB$pgc
z7@n#3{KQZ7bgLK(^d$OsaL+^diP*^st*mXZvL!o%f5RmF^NcY9tolYx#*RXG@Yg7iZWTM-#dIViEL`
z5Q<&A6=w%&u=0#Eomx#$j}B?cU&Byh+y`nQ@1&5yv$Ddzsn0_7T%G?D&Obb$PKc=a
zhaXrmXi=qc9TG>A1w*6z#pRNTK`|8tvt$HsKK?xC=B*r8yd|J
z&D{QCP5a#jt%{o~$I`^5mnU&M6djk$^k=UV50vk0WOh@@-hg~Iof?gH?!@U35ghu7
zs0uwurcxaPqzvR%sK1G2N?u`r=F=I3m?*6+&8$PNq9{OrHAc>-#?Wpkj6xi;b{yO36G*HJVOPIAjU)JjO(W~+
zMn17cefHKpySIyPMC6kF$&~Zy&Ac9(4vAMnYb32t-7!9P><$q7jf7?UtL4_$-`b6?
z2Th?s;R%%Ei2Wn+MfHhvq&PbaQ9(8L!gUstg;54W<3Q07GfRVKQl7y2
z?%d&2VvtqQt0bPE>Ko*Aks=5;a9e_kJrm}+GtezK*M{~D_1M|g{bXrnU;9S72D;56i8YvC$!y$MS3Lgd!NYi?F6|&1U0=UGk{xDJE2vy!O0XW_iN=Fb283aB*MN@h;>0W_{1&
zw=$f_7lWLrf$OLP$5$q+Q`S`nwA2g_(DTl@r*aA4`9OMO%6;6uFxIVb5GynHE9vw*m>zyQZ}8nnLa%IaSWe5`?g8flV|c
zBGz86+JHA=pvk74e8aSPfiXN%?#gH&VX!%DAxv!x`AycR0lUq93XMMxAv1BS|G#7>Vw_m>_ocnsUib}GL(UGxXk>TY3
z(k>UBI*)-8YrWo^SvdpqL9T}Ty#7FRk#UJMvwdDFGA=9Y+O~n`+}WLW!U&Kot0qajGncN5-ne`=PPIatUcx1Kx6h5
zZ&&bIX=)N_qG~b}4M*n+JkfHHz8W-0@%7S2n;hSu&&#`8ViTgr($)2Z{ActednBGPx{&Z_^Fjy33i!7FrCGW0E#v
zk@P~dVSdE-jcFvjfNX@LNJQLr%Ql$FQG!t%s_y7=if%lnJGzhFs7P}*Ax~as6Y66s
zlpRqu9=do+m~Ou;jWQSa+g8Nhi;5MNh->c5F{~g)!EFCnW!1MHk6gFzt4LdTeXT~Y
zjbouYI!`@6jLvrkE{Hg-)l^v6vRQUUo-TLn%mz(^xX@jH2S=A{o8KM78zJ2u>G#kV
zcJw6}BF=yXSY=WRSd}H->y3$ms@}wBW`sYdOp`DI8>8v5bfAJ1)%7Q6E9uwJc7>KA
z^)(o$nyt)<5bKa{T7{7Ft5M6QE6p5{qS82FzoG2QOllXk^&4YWy%KA|9CeIDcbU7e
z_aMd`q)5=MKrFXM;oz3lrF+Ade|BiRhLM>UGI{DlB?R*-K+R*27n|q}Hg&Xd-B4Tp
zO3?Dxr4miQ!iieBJk2sor*Pq6BNQGQ`U%qxn0MBmD28!zlww~YsvLy@^2pRs=15Jv
z7Y&s$D0ypi&(9l$>($hED6uoll}#2-tY-SPxdL&
zv^-OU)GSf7P%7C!nj0K=>QgToO<&Y3{yOaZ+kpZ4u7vnoMBoDse(h*_WFV6fe-DQ)
z-`%lod#wJV`iq)Emv7%5YXGd#`8A^cwYQfVG+tES9NOO7yLDSfEOJr9MXm4`enK~k
z;9o=waw`1v-W90wzZ^z0OqOEvJ{C2ebcY%x6M};1#aBd-59;ezc
zQYHW9?d@oK_L$J|iXKxI)C9d_=s(9w+M?A_#PKnq6X>6h0;(bUB}9K0J&FH3;^F^1
zEP;n5@UR3PmcYXjcvu1tOW5SCGh{e1jvb(Jl^;2M}(^B-)rfAW2YsL4+(Go
zJ&&Nj@$V17@15rzepHBd1dnxoKRWaa^?Mt&KRKB^F%+r_ol3t8ns0i;TOJvrUCNp2
z?@XU|GS2hIhCZ*Jr{;FcZj^jfYs`iKP`v~=ST<8+@_iudUI@)|38){d7zh1UK
zI@GQHo;&~MDzVGzr@xCo6Hho!{*yrYr|;j6mj9ge;aeUp_B5f;ln<{}?WcWs+oNb$
z^k>F`&qlrd>c7va_JX^YahH#H1NyH5{xcT5
z9q=8*pU_?Lr_X{{13%cl&VsjD@C@*ebS5qMj0In`;GMw##jLV&Ttk3A;TQ?Y{~HJV
z9741lCN20p^o#9REcluQp8)zJE<2$qz;^?mGk~84@cXMxTT=>Htxrvg3?
z_-_DTvEWtEFScKV_P>MowEfAf&tgc3FG2f9LHiK2M|>IDe-7T$HNbxjcoon=d>z`~
z3FDoD_K1gIycuX;1Ni#^4+DN1jH?~+&q4c6z~i7NeSm)j+7AK#1{iM!@CLxg0ly9K
zNx&b1ewRU?5ubzhYoNCi&>rz+Xg?2fSONT9V8>Pg-wXH};O_uAgrMJFLHjDepAUF7
z;Ex5o2JjyM{W`!KL2hBdzXx(?0sO^)w*h_}(CGyHeSl9}@Hq=U4)`G$*A(E3Kz|nS
z&p`VHz{dbz0{l!E*DBz5fZWyrS1yaxu4;I{`k;Lc;O_wXwSYek^s^4|i(p(~z#j*A
z3*gU%e%k>58PM+pd>8Q33;5TeeIMX;(C-l7{{`(cfZq-8#W>)XLHh~7zYgsu0e=Ln
z7t?@W4s>P!?*Tq%0slPEp9B1TAcuLtzX9|Y0RL~$pGCl*4egfzZv+090Uv<&D}W~e
zUj_Vf7}px$uYmUJfd31$pHu#=P>~*JUsKELm-zqp!?HTrz&{53F9O~K_!8jX27DRt{lL%)
z;4v82D&QZ7_G^G&1@zYe9|b&grmMGAK&J}uKSBFyz)u3a2JrJi-)aHJ{Z}2}T`(_U
zz+VOQTLAwh$iEHnGeJJ>fPWvx)d~1(fqpOGF9Ux10AGZDhXDTrw9f$kRp@sd@DD-z
z3BW%C_$1(WLBCUgKLOfL1Aa5Kp8*_(8=3|DxxnWf;9FoG=K-$<`U`-+66C)K_|d@U
z65xjcUk3a$z|RWcUxa>F0Z%}`Yk+?P+OGo+a42+^tN&YoP8HxFhEO%&-O#=U@V9}W
zYXSc(w66pFRFFd$@Q0v%3*cV{`fY%J00!0$_zfV>PQZEOyqNR?{wAQ`2lyjF5JQ0f
z9_VKPzYX{w2mCWYe**9WfKLLx4)_${SHO6u0e>0rGXwZM@G}ee@gV;>z*PuL3TPhi
zCqw%Mz`qFe7Xe=fK9>ML9mcf`_$1&ffIk!HuLAyNXuk&d>p>3dfY(F&(Alp3-vWGA
z0j^_+LJ-w}9}Vqm06!M^tOfiKo=0sKqQz76nK!FbyNKOX3G0)7*;
z?*)7a=C=>(`sXukmXeK4*?z|V(yUjlpy=qv;NOu$zFKNalHD&W^b
z`!&Gd19DpjJPCY;&T;ksMBuXu@CBe#4fst!rv`8e+&h120skn-zYg#W@E->JL(p#v
z;O}>+Q#={)e}VSxfPWvx)d~2|0Ph9-0+4eb-~%w;A;5nQ{AU0k2KwWGw*Wo?_<2Bo
z67c^4d2AoRZoIf>yf80SS
zw+8qdfPNj|j{rOj_;X;qEr357=(hoW63}S}{FTtY6Y!^je0l+If^qc$-T?H60AB?>
z1NdQ(^ElwUpx+6=FNXG$fJZ?7Q-J>~$Y&aGN<=z;W&p2;am@n$7^ih8Gza)Mp#41H
z7XiKi`02p^BH+IR`78ncR=}45KOg9?0RCxczY6#nAcr-;4+6dp_}xG!be^mKe}Q?a
z0{m$p|7yU00&=SX{OLfa7Vv)oI(2|Q3FHR{@`$fRBJ2
zdIA3)(CGtw5bzoq%5q^63Tqdw}-=ej?yQfZq#v2Jmel=W)RQ2ii{nek$-e3HTSF{S@F&
zgz-)T9*6cbfIkV^&jNlH@Hq$gDKPKzfG0uz3xLl7{YAi+f&LQUw*Z}Gz&{E23gG7f
zz6$sWFy1x5{}1H34)`-*T%kHw|NkA@R{?$x(60u(2HMvEelp0R7Vs}a`#QkC3wRjt
z`+-gi;A6ml8{jVjydCi40Ph6+F)%N^fWI5s_W}N1;ByG@zW|*K;Ew|S#{s_s=u80q
z6lgyQ_*i5BMcOX94hkb9xPh76CsS
z+AjhAUFdfi@H0T)Rseq-;H!W?0s377{4Qv}4)_&-ht7BP|C7K^72p@cyi@~z9pE*9
zp9bTt1^fp3Ujh6y;C~hHG_+p>{71mgI^d6kenS_y`hObC
zZx!Iz16~dIZ=l~Az@spawSaE}ybkb30H0yNdjW3&{B)2*8{mHeKHC9*F|_Xl{CSZ>Ir&9rQZ`_yfTI
zEZ|4Myvzaq59oIu@b?0p1;D=m?H2)mA&hGY@NWYD%YZ)v_*ntG8TwrX{3saj8sJAm
zzw3bC1AK;_>gxZMFfUbr_W)iE_#xoG2Jl7bw-)es0H1Y$e**9@;5&hS3*hI19NGYX
zGK{Mo@GnC9PQcHCetQ9bE#Q5CpAGXe1o){i-VESx20G(_-v;uW0K69Xp9K6bfKLIw
z1ml_p{GGth4B%LYHVgQTz~>y`TY%0y;A=213xNL&#=1v2mI&2
z=LFzag1$`xz7zPL0=x{j1bjQl
zVF~b`0-wu(Pe8vbfIk)JtOEW7z}En$Bkazfb-*73atJ-m)qgyHQ3ZG#%x^W|{{{4G
z0DqIyE5-i-|32_p2l)R29tJ!P^jiS`IpA%8e+K$(2mH0be<$F-fcCwBe;L~M0X_nJ
z4gvlwz%zh<9Q0uv@E3#rOaT65z$XEJ3h+4vcrWld4frEKJ~M#VLHk+2_X0i#cnJ8J
z2fP;aX94gZ0H2G1p9peT0z3}%mjRCgKP!Om06DJ$9tQerfcHWBb--&tKB0?T{l6ag
zuLAtdz-Kk!bC7?eE_ys_J3h-ZnoTmZ*Z@^~&{{iqb
z3-}+P{T$%;!o17_{$Xgp0C)uWUj+P@(C-r9#{r#Xz`qCMT><z)hpfe8mPk^5Zz^4G81pE(xPXYcA
z$YC1rb3qO>fbRtUX952f@IMFmnpB2DY
zq5Uf0?*#g5fL{gpI^eZ{hr+J@{~hF61$YYjtp@xpz-JBMw*sA7z`qT69pXSI4EVc2
ze_8-PANXklJOT644)`;Hekb7Tz)vsWD}eU_J_T|c0{mORPX_QMz{df<2k;5N`vIQ>
z{HcIX0saOU?=;|_fc7(hKM(ky1^iQh&jG#_)jIIY2beu
z@RtMsD}bK~bXEbs2>M+E`~je|4)`>TD-?0{|LH)d3h>85`)a^%2KqIC{|?4g3-}PU
zuLJy#KtBxluc3Vl;2#3K4e!fPVw{nF9O-Xg>}3Ht2T-@GGI;S->X%p94G$;b0RKDiQw{hR
z0j~jkH|js&4KQDIfIk)RFyIZqPYd8Tz_{7~kAocA0lyyFcLM%yXx|I?aln5c;I9HY
zLxBGn=wtxj4fr_VjWDhWz>kCZodmoI+D`%gKfup4;P*hkGk|{^+Rp;M4D&b#_!|MA
z2mHH0X94inL;FR*zX|vf;EOQcWx#KQ@vZ>g4EQSGS(vXizz+fab->R8enJhd{@)FF
z72xNBepUm%1^B4}{6e5p3;2_PpE|&w2J#F8J`D6*0KW_HHo$wJ-*&*i2lP7uPec1&
zz)yhoeSlvM?S}ww27Su_-U57%16~DmCIJ5|(3u200r(W)*MmH#0e=DDGk~`OKeK@E
z2mP4?{562j1AZOQSpfVfXuk;fO~C&W;6DL;8Sq)4zXJHhfUg4nahR_)z*9hf9q`A4
zK8G4z{l5(OuLAsbpkEF6hk>6Oz<&q*)&l-~!0Q12B=j2w{BMA_0DeF4(*}4W;O&5)
z4gGckemb=81^n-T_W^zhjCTm|ZO}dg_(ws{#{s_w#x()>>7cihfVaYYO#!|Q=uZRw
z9vJTo;Lia5X93>|{LBIVOlUt3_yDwD0Q@l^heg1zhH)(cJ_GHS0e?C4y8`%~fUg4n
zzksg+J_Yhw2fPO48ESI%{~>5!1^B0cel_4bpnVPC&j$I|0)8pbsRR5!p?w(eagbXJ
z;C}|WwE_NLK&Kt>9WdTbz@Gs0djbCh(C-8MYQTp8e=+Do2Jki*?>OKuf%X%CzZu$3
z0{&F!cM9;Y0sqs0Zv{Ftfd2^aS-_tKa+?GE<1oMTfPW6~1;Eb+eii}W2K1KzzXAAJ
z2K>K){tDn906DAzejLp28sJ%IzYh2TkbkJz)&E}uKUILY!?>ye9|t~b0RMNuYXQFo
z&jLOT_#EKdfzCYOGr;Ep;NJv%
z5%5`%&l2F@f%eOQ{}kG<0RCveR{{SX@V^H5FzCZN;J=6Vp)IcdF92Qzcq_aw)quYi
z_^AQB9r~>W{E2|q0e%d~Aq@CC0dE032K=-E{zGWr4)}XvT%Cab0{HI*{C1$<2l#t|
z{~^G?4(&65w*vifz`qLoOaT5mpfd^hUC{3o;J*NT8t~@;of*J)f_!EHkAj}h0p0`c
z=K=pM&|d)jrGPI2{wBbe0KWtHUk3aKAh#93-wAxK0{(QMvj+IfLC))de-_$@T3r1<
z7w{^;cS66_fPV|dRRj1a@Lvn~%R!!XfKLLSVZa{`?OOo93Fx;0z7y8LcEH<#|4zVf
z1UkKde+v5T1N_Ut=Mdm81Uv(H8_*vI{4mIQ0`PADJ_-2kfKLHF1^rF~{yrG*4B#ID
zI6>44)E^)9tQj%@Y4eLr67kkz^?#0
z?SOBG_ML!_0^SSw4bX2N;5Wi}hXB7D@C@KD2YejxH-J1R0RJ2GI|=yJ(0&T=7_^@T
zJPQ5J0RDU!?=0Y_0sT3^_XGWTz`q3a7XZH!=6wwupFb~1FatN(uh{iy={T`;a{z~2t^YXH9y_^btd0_fKPeg@DF1AZ3p
z*#h`OFy1!6&jEhg0q+L96Y$-@PcPurK)(<0H1IhDcoOs>1Nbc@T;Ny0^rXBeii}W1Nwq5yI-yHk{r?KksRH~E(5VLegD~D2z(XLPTEHiP
zP95NH06Jm7TVcLh0RJ=4Zv(s<#?=n^lYmYq;E#au_5%I_;Ij|#FwhwS{5Q}(1Ne7=
z{y5+fz$XCz0gP)B@CQLYQ-JS7)y-X*{M?w2_zz;(E&@){9uLFBq1^7pR|7yVh
z2J~wHZw5NGfWH{zQwR8aU|zz2zYgfP0RABG(+2oSfVTtwMd-H^@Y4bB1^f%pZy(^l
z2R?@Ye>~910DdXx$vEII1U@GK|0}eg1pFn?ehTm>K>KOHZv}p40I!4gvw%Ma#ybai
z70ly2;2prv0^olId=c;`gT5^Rz7OQN4ETxA?+W0Z(0�N5Xj50Dm>KUkChUfQO#x
z>i-Xc&nmzt0Ivr8T`=An!1qA=TEJfda;^jXH9#i}_}c()0el7cZv%V*=(huY4B(xB
z9|k(TfZq#x(g*k)jB5z+0cf8A{HuVE1AZTjYXb1!!aPm_UIXo?0KX9QWE$`p;ByA>
zPXL`+!1n;3bATTUbmjs79LQ|}@GAjd1pE~s|0TfR1>;=?{C&XZ3gF*?_N#!u5%4v@
zUjXA;2mH-2uF$2f{=Wd|Q~|yP@M^&0K&J-qM?$}~fS&+#>HvQu$Sn-`F)+U^fPW17
zZ3Daw=(hvj1@t=sKLz;g1-u*D_W`~H?S}y01$YMVOM(A!z&{20Fah{i0G|Z>GSG)9
zz&{Q6G~oXL`OEq81e+EBFy2nU`=Q@nz@G(t_5uD97}pTs^MGdnzZ&pyz+*sv
z0`PakxF!L=4BAftek<@l4R{9H&j3CI^k)Ho6Uc22@YA6EJm9Yec`g8cEa=-J;J*ca
zmH=-6d>QZ=;AaK!e}{fo0UrlBuL1s2puZ0Ig)pvAo2&nih4xi|zYyqG1HJ=mJ`H?M0NxAjClQB!rvU#m=)*MNr+|EB0KWppH4FGvKxYo{{m_0M@JZl*
z0q|*PzXi_S7P8HyH
z0G(>U&w+8(0KNcns0I8mw66pFvCuvY_%*<13*ct}KW%_N0Cd^`Z-;Sp0{$GJ-wSvc
z==1^pcHn;q@M{3i0DcqD9|!!ofKLEk1AI;b{%fE=1^6M5!!+P^@IKA}{x_gA3;6SZ
zpEae+|rg72rPvI@N%`7WkIepFNXH*fcHVaoq&H8@Ls@o1N}b0t3Yl;fWIB^4B&SFopHc#gMKFfzX<%6Nx(l3
z^D+haGlBjz;Cq0d8Ngo;^D+zg4ro6I_#WVM9`JtPX94h&fd56nx5B(E0X`4(mjQng
z&{+XI0{pN3f9%~0TpZQiKYlifcOD>wG^l8*5+Mm8+NK7Tnp)AIQWp^o@rD<||MUIK%y(zMi_!W#
zeO|x+>t$chV|dS;Idg7v=FH{H`j+qED~I*I}-#TU<3zU6=S
z#WU5n{1sohP4g|k!57bT-|`21;b;1mZ{;hW{e8=K_oed?-}3docxL&Q|I(MvkZ<{?
zzU8xh%g^>LKiRkZFkii#?puDpFJE(f%hP=6yx6xq;>*`%zU7Db!q@ngAK+VF?_2Kv
zl;-BhUew8ntX};y#`od55EpPXwXQprYxxVH5`;ph35-{mWZ`M%}X`O>+-x4gy|zc0vFe|}X0UzNaDCGb@Vd{qKpmB3de@Kp(X
zRRUj?z*i;kRSA4m0{_pKz`NpEKYpYO0>Qi`b5ej!!PMKH}s#~$ua;AME?^P_`
zFfrpb{FA$rz*Q&oxSE#4arE2*Bn+-!n>Tl8o>YeFa^|$D3brzkW
z-h~dR<%a<_42_O^`JYY?sI%!_^=@>RdUv`_{cXBMJ%eske}}GB??G3nXVRtWJ?SF#
zUUY$aZ#q}K51p;fp)=I`(gF2;^ysHv{`aQ`)bb%Vw14#hbeCE_M27aSmJfKL{j2ln
zMzwsX3hiJ0UAjVj2wkd{4-=vO)rZjq>ci<=wS35B!%((bKGd>dC`0{yI-ov+9{t42
z|15eyT|oD$kEFZQN6~HSqv;lPkZx4}fUZ^lkgiaN=u-7DbdmZ;bb(qXHf|WoRm;RJ
z5NsFT~D{wVZ%943(PzVg
z^<{LaT3*CQ{?)&s3)H`*bJf42v(?pfhWc_kpuU10{m{#Q4LzW)rF+#^(p~C0x=lTo
zZc&HnM)g&6t@>)ZLS0Xnsv~rf`Wm`G-9YE6ucfoqQ948Ydpe-LjvoEM%l|xjK;209
zs;{TJ)Hl#=>Ko}6brapFzKO0?-%MAi=hLO?KhQ<$Khg#2Tj*T%t#r1!na)t(MhDcl
z)1&Wu`CmW}s9We>^`Gc2^`GfB^&NDJdLiAYzLTz1-$hrb7ty8ayXhkJJ#>NkUOHEO
zADyjkr8Cs`(*gAZ^yqtD{uk2&>NdJp{UF_?eu!>UKTNl%+v!I2BXq6$QMy9Cgf3P8
zg)UM*Mi;0br*qX$(Anw^Izzpb4yd1`N8k1G-$@UsyXao^GP+B>oNiOEpj*`4bfbDD
zU90Y)E7Ys#QuR}Gk@{)6K>b%bSN%6STfLgjQ2(6{sGp%nH+cD9Ll3BX>0b4-beH-$
zx=sB&-JaT|SN#&5t?s8Y)GyNk^(*w~sF(kB
z^niMR?p41^cd1{a+tjbqE$TtKQT=baR{aKDp^nj|>LI#F{U%+Y9;S2EZ_(N65jsQt
zHXTsELyxZa^1q%QP><5R>J4<4`dzwB{T|(-exGhse?Zr&Kcp+vV|1zdBf3caFR|Gw?zUna^U
z|7v+b0^@)64s@4#N4iZdA1*-t)tPjoS|*ku|LU*P73yhpsahuTV*IE6CS9Q3na)+q
z2Q!d=wY->$@xOW(I-r&xRzm(qy!=n62h`bguX;DSOT9bYrj{2qkbkxO;0CUL)Zd|N
z)iRL-*FS2Rh>ZGI?@1S__o55bd(*kf3DkZOxLQvOIN55p-a{Bp)}OLT3+Nt`&S=M=c>O)XRGt+
z47E%=NBdVFL5~i5`JY7(sO1Gkw12gH&=&buA4RvRkEUDHLAp`>1G-lIL%KpO6M<0w
z>SO34wM?i){?#&Z1=s)TLR*VeFEL3K9O!y
z|AcN)7t@XEpVGDJljsWd$#kjuXLOPJ=X8NuCL|&M>Qm`#bqSrJmJeQ{{?)&rM~A%p
zpH2^`OX*&W?tiGyqFdBubfa1(4x#^3pF>xu=g_6I>rldO%%4_o{zMcd6xrcF4cFl5SDUL^2%zYI$)R`Bz^`
zSEw(eOVz)oi`2iN3)H`*bJf42v(?pfhWc_kpuU10eZ$Lt4LzW)rF+#^(p~C0x=lTo
zZc&HnM)g&6t@>)ZLS0Xnsv~rf`Wm`G-9YE6ucfoqQ948Ydpe-LjvoEDm;ZV6fVz?H
zRbNkcsc)d$)Hl*C>L$8TeG^@)zL~C2&!45qHdh~TK|BLAXbsOEQevs}`KSZ~wAEsN>?R2C15xQ3WC|#jmLYJ!l
zLKmqYqYKoJ)4A#==xlWdouOVz2h>l}qpx}S@1zIRU39N{8QrB`PPeI7&@Jk2x>3E7
zu2uKY73x)Vsro6pNc}Wjp#CeJtNt6EtzJ!MsQ*p})X&hPuX_1kLl3BX>0b4-beH-$
zx=sB&-JaT|SN#&5t?s8Y)GyNk^(*w~fS3Pu
z^niMR?p41^cd1{a+tjbqE$TtKQT=baR{aKDp^nj|>LI#F{U%+Y9;S2EZ_(N65jsQt
zHXTsELyxZW^1q%QP><5R>J4<4`dzwB{T|(-exGhse?Zr&Kcp+vV|1zdBf3caF2!uUtM
zC0(JGiDVf6tGA|$)bgPijQ`c!(z$B+U;xH{YWaa(jQ`d0p>vFX)iUuBtaZH@Zu`JKd(1i8#3aRm+Dck$?4f=vwt2
zbcK2*U8SO34
z^^fQR^|5rW`ZzjUEfYSGfA#TnK>cHS^hGcKv*`hK5#6gkf$mbDNVlnfLbs@k=|=TW
z>00$kbcOn4x>Wr$x=1ZQl!5lIK84OzpGs$|<-@DUzgm813H_h?7xd^qz5Jg}52#D&
zUiBGtm-fRI7pTvtbJZ8n+3IpSLwz9~
zP+vrkuJ!US6XnqU)fIHFT0Z27_OF(S=eYh?%ZDM*{?%15OI=5|sprxy>M-4?
zzKX6@Urkr2>*-Q;gf3EFLl>wU=v?)+bhbK5XQ+Qq2h`WmqyO;oKaU*+4_
z4Ro9OM!H4aL^rB$qHEPR(-rFZbgB9ebdmaxbb00$&bcK2mU8=sDE>hn^7pU*0bJh3J+3Hq0
zLw!FTP(MJAKJVp!F+HGeqkGj4(p~C@=r;Akbc?#3Zd5-)*Qy_-E7VKqQuSZxBK2c*
zf%K?j6
zy^1bXKSdX*pQa1cf2DKPf1|V2tLY5&-|2w*8G7_tFaK-k0d+6ktA3X5Qa?wxsh_7?
z)O~cL`X6+y`USc|y_POj|C26KzepFT|3&AjU!t?s{d9)R0J5^=ovS`gOWRJxDjI|4rAb-=HhhF}hSeL>H;wqzlx;bgud>I$J$LXQ(X-7pXs{3)G*`x#~~p
zZ1p&uq25Rb)D!gRGhY5vHk0wifLcBTkLQ1C`G5q*KkCisHnsd<6~;g6RJu{U1zoF_
zA2!DLN4*tYs@|F|Qg1^SsJEqa)!Wh8>NGk-y*(XJ%MZBY`v31<{-@Fd>I}M9Egup`
z{?$9uZR(xq7Pb6P5w3sL@NII$NDZ
zXQ+3f1L|Gr(bZo5r_%%KY`Ryy8{MVeoo-Xhhwo7T>KSyS`a5*3T0T&N`d81SOVxYQ
zMe4oi0`=Z>u3A25iu)hx96Ce2FC9?tN00u^%m4oLfLeZ#0PSCW0NtfNkZw~SM7OB(
z=tlLybglZkbcI@eumbh3K9nv}A4V6b52th0@&PF1Uo9U(!u6k8ejo_ff9fOX(Z726
zpG6O-3+P_;k#v{(D7sC3G~J>O(v52Qp*6IB^$+O^wfvwY@~@T;%A@_O<%3wb{!t%G
z=c?rcRmi`(kj_vaPY2XLrbnOl@;{p%P#4j?>J#WLwR~^|*MDmHVK}sZwR}Jm$G`fg
zbglX%xWU8I%|DkA@C`7jgi|EN!;v(+VZhFX5;2=%X)54@rOd&
    f9O=Y|r&X
zLmUS7uEv#)CD(w@u|3!BRsMVn{O=+h6?`f)B8k}#*`7)JRhpK-%vA*(T(9sG!9{~x
zXp!^=AscN^*M2H#n&7@Wx#@bdux@7Wv^^ImDc$42yr0-qXWg#5WATANo`wCW9ol8N
z4!n)7X5nM-1=Efz0JsP4$6QPqztbpb6l(`2b+F_{eh$WE&Em9E1Wd}D!Gc^V+hP76
zhYEZl4SP-d0rah98GzZEKpG^oR8Wt=KD7az6WIckJ2b6)C?s#1cI-|th6B922tnzI
z=2)FD?N2493_#deltfLfGiA%n_f0!9+z`9LdgmXQYLLOqPfYt^JPYz7Xutn26}ul$
zV&lWc!XgYl
zKhCycPBykQj@qualm|isLuS!>-l3USl7VtV$`6XdoMj?
z^rz;5jGrxg@Ci84xFW-42{xb_*S#M98&1?30&D5ws(Mr;+voYDhf|&hf-r_iT;r)w
zlL6I;_IZ|l>}1t^5FWaXM7B{wdh7)#9UQe6K-f(ru4%csV*{$;@z_UvPVqkp!a1!;
zk;pb`cwrm8;Uv;k5KPRf6xPI~pvUfu!8a#cG6wr%U^EwqzBP0nKt@
zNpB;Gr0-&(0*k~_F@r!V)&O7cavT_MauuJXRO|+H*oBpf7Neg*lI6=tP6f8hQ|b$g
zg4pWl1^o3KjKn?yTHEJ_p;^o$5`VX#ckq^YOL!~_n^`A(
zS64g2_y4BZA)00&r3^$XZlK6qIl+;7!{Px?0wA?d70Efo!PaY$3j`_
zdVejPjII|O;$(Gg6^T=L*FzO>D&F-Gh>Fr($CSq@FSCA4OKi)$17a<^HjIS_a+Q1}
z1CWqnl{{D364-5a#x9vy%@Q;5!>-7Y2-s>_4p3@044D6dUuI*OM9$Jo!^XnqI>S@L
zu*4hW@+1Ck;xJD1Mhn1B^e1LXrY<%-%MfdJkA=Dr4JDvrNBTw&grfGf>%k~J%Q=as8){d@Wj&W59bhFAO`yoC7Pf7
z-&dAJ_QyLBbWDj=?2ak1GtW?RxUaZ;*9poGL+%(3V=nyDQ(^_10iB2QB^Q!Q33sQ&
z`u~bX1rAbL&>Mk+Dq-TvDYWh+CR(`=GeKI$pTDmyUg
z2Ip%8J$Vg^^b}?CPuQ&$&M}CNg7hm7O~^y{Ee8s;zDYxUmOE-M-hcQ)8Uw#D#Y9MB
zb@5o<_<(1%2g0QcX>j7eRx#cYEO$B95Jvwbjf-!YVs&9b6^~!OjWaQL4B+~Qi^#Jfc#&}wivhe)8iRucRJR=DwfDO2wNn2AA?-fd58kMis+8muMjhfVw5xv
zdF4f`<{gJt6COMYM_LVK{7$|p7){q%bh9b+djRbx_!hzZ8j-h{EWytdxhK&QUoYCP
z*^emVWjOw#1=?Hd0i(&sPD3D2@+N622UNt29opR&nKNkrBPsyGi(H$bjXj
z7*;i~M5V>4)TnwY*Z0$lW1h+l{C)VG>mR?D?(_T;kjb9Pjr=qDobP{>&yD@N_}s*Q
zlFtSH@A%x*@3}$zX8t6clUHOTJSjT@J^RALC|I9Tc4pBw5rOYNz&?2|S6GkUHP=un
zyDIE_9oN*?OnIfk(Id#RrcDKJry`Q4^+HRW@_OJ&t!7^#H3tf*Iap!R9#_qw3h%gT
z$WbJVMhH#v;J^W>8Kd3|OCB1?tcGa^%$y{DVxz+pcG`CqaPUv`n!-+(;GU)MROu4)
z0~$V0m98-(D1KGCIrrV2a}RZ{+QvVYaGW3F^Bw+I_}tZhlFxVgFY&pzKkP5!_3@W=
z&INq#>mTTx=kU3of1`6g#OMD0FPyW1vQgJAZ}}_pMV93+gNx*I=nu-UHGyaPArjA0
zB-W%n{|aKS`$ZzT;TF6sgIxIvoPWv*YBt@RpzY5%C%7$5PKbtjB%y_7`yZ0IO%@a>em3ZhI>aG#!f^<_rn_P0yG59<6TJZ
zBi!wW-BnqLBXGbMi$Qp#D9P=IMIhPbW*2k&VHD0avea-X^1_Xe18D=$F7o?xkIIt+
z@MM2e{wki=@X`%T8UtOjeOn|i%J~CwH%Qt26cB~}Xx|Hz9`IvKp
zkz{W_M2GC3V6gp@>nE~*@2{CjLV9&n1)8kas#xIU5XHi^f09Pm{&@lO&&T2LJ}Emz;dbqx*S^FGAh`bQBJu*kuKjb{
zH}KN~wLD`;lJc97_XHZ=_kK9_j)uR0H0uklHjc(d;5}jTc@bQfla>+`PHh}LI3Br4
z_;bK^5MGXOZ5*W@kF*HT#?imfFChnc9)DkjL|o%2mHUu!^ot!ZkrOF67|DY}1wb1|
z?|d6h<>6k##U#-~#?iqafzT3Q=i3ObakK~83u6Sp$wdhv<0z8oUyY*+@=*C8%Et4M
ze$mzNZ^qGAFa~1M889ypo0Cf$M@=-LtnCIcIRv;$Zr3>aI;LD%J_%SV;Y!{$jwV!b
zLQ@Y|qmaC794*<%k?#qtUr63Hj;_1pWXV0iW@&kC9Hm;vFkR!Qca&75Ensd9X=CFj
zjH4Hlv66x!`4+HuwKkJ+7)QGwa+2&jU_WVjZ5*vl1xp)8n;;jY^*3nRIGWl@D!Gb7
zfl+uv#?caMF(HRa%V-|L-rSF>7RJ#lzd6wyNEih%WE>rVodG%KGYO-_4jD&xqc6yX
z@v)E`O{W<2!cs9u?v;?7YaHDkFjP1{3}LQu^t%mCIDZadu5mOQqZdxV044{WaJt6P
zk)xf&%Op&N(>0FvfgO_NnuO$B!v
zDjx{d#?jil9l0HFeZ8ohHjd_ZaEzm;LHI_K=*scIHI80HJsmQR`sX{!BZi~l#-RdL
zNX|8mu9^fnZ5++~LeZN-q^B06WZ{%l)r2;V{*2X=q0`7N+v5o)0Wz)xsS6G}#H9Id?H5Ep=buW_ZrHI7z%)ZhSlMhKCJL&cgn
zD)>CFppBzFeo|>#9n9v$rh0*&2re3`<<`d02k%z8`++(6Uv<02QD2zS{UDed|4p|x
zj=qm!iqIY6GHa`e543L>Cwi~
zGng2E4uk_mNz_>1W*nX04&S%~>+(M^iyB8Cdl|xV6ux?ZL*+dMO*QV?I69#;Vo(l@
zY?q}Pcx@c*cwUGuB-a{*t}aP(a%$t~8`aQ5KnF;U17Ql0RIB0|M;p&mPm){)>=9Q<
z$T&J1W*2@Ow*%Xy<+XA2mxZdh$@hVs*7Djon((+I{|m4`wY)Zt-k6NAY2#>5%+nJ|
zmO>4ffrC>gWE>S!G#kdz6YnUJYy)N|Vyn2h#?eQj9c`n4O(0ygxQxR%`X`K|O=4ipp^iPH7U?UD`O>d#$7CXAs2L{|%TnjxH;Ux}^jd
zWi^XuKOrgvLIIID;7XHg9NqdoJ_t(BNFNY}YfUP4u5mO0V`d+b=78{^
z)}%lqsj^*+gYNX&$N|;pCIJ$Y3A*zGWxG1Tpadi42DY}6$v?z%+rJt;iHphrJioFLk
zn(mB5!&nr=GAKB#B#~z@pQE0+CbTJsQO*cZP=xu4JiHfp8N>Q}mg*%Q20yI5U-IDF
z7##&cHZ2H?Joj}!3WH!j!?^Y+#IBPIx;<<+pc`eCP;uo(pGD1=pM;+i4Ws5*)x$8V
zLnzl3q?^KmER)n`7i2uPT^0FBWq%l0_ubQgxYOZ#pgKC=$zN-iYn$}uo^l+|fRBc-R8w6A=M
zz5w7Jn!KBoC2-fVwJb|rM~lFu1DHcG`bxXy0E5|c;kb~b_OSq4tXs%LdJ>ey8gs;-
zuaeB!4&JU1m+T`(OUbjp%3?iK+E|dqoX^1fGQ?$zbq86A`o0#qE4%baeClrt=Ahtr
zF$6INhe`$oPmp%k%}P%tK($@Cu-W<^X&?DnsptT_tIKiB*0ZG@1WaCz1$2)K7dBfj
zlaZXZg{FQeoaxa6v2qBNZQu%8XuT+)(j0sm4QdXMszG>OLW=@w%t18>=L;?*>FQq=
z1{F@AY
zcWMS7}k`o=aq_`!1uVE(8_=V=q8YglQ_<~aN#7z$^cG^
zLP<>FY&97hTC|$|ELH{_#v{>oSX=DTwEli<6Xfgd&zO$MRN5xUHz$*xA>Jm)H#f2*
z9(2)X!k~%5_q5&cThu$U6`VTYFnUob9>v%;d-8|C2E%!>3#sn-5F+t5LB4zA)f5gf
zl*;pVtGRgo0mL=nERkE|p=_W?Yn2@{CWmp%T?4pf7N^T2-BIGGR%`L2R^
z!`?On&fdF_@i;j2l0&C7-LlKWkS5CmtD|uWiXuHG**{a-AMFRNJt%!OjRI7J=9TtP
zEJ2b}K)GMjI9%*y$JNLIAB=X3lOQSAfwIM=sctuK0_4k*_Vkn3OOW)-!(hDYvLvUH
zVpW!Q@?vaw$E-_W{GnN#RNRI4)t7b_)}AmcVk(L?4wVZ0-XibA;k!GYd+*$z_ceo2
zu@=6N3!-dfC+gErop8v8dWOgE{h55D#cF_w;@JV3n)y;Aenc&^T`y`zqh1E~Vj99Y{BPA_iz
zuq9F5GEQKI0vjE|>BVgyb|KndQ-x7J0BlJJrx&+<*o7z^)eMJkGq4vzI1LSa_y+3}
z=m&83=qRvvG|s#H_#Uakokw0a>Dz!UkJcN^k$-@ALz8)A;KRmieVR&z$KHdA3x`S!
z9vS#{V@snRNT_OXuTK~~<&p}G;5S=+e@lB;3n8+m!?_Cx{WNI-mkfFV!8bLYnrvwi
zsKmkyd;DofY%yF{X|bgt-DM1$zC}z$L+$|KpeE6kR36aOj_)C-w9uQrzH)f6rGk?I
z-+_3os2F>|JNEeU4Ldj;txUwdDE~MLm46;X_?8&;mERP)hckM;^XJ({5JL@#+Q$VbllWoGe62G3|z5OHO228iWc&
zDx`@<9=-;q{ZxM^K?*=K74$1{2NX#JqW^@+cYt$
zk7-|q*_{()CkXp)(?o*`-)xYchelNR@)Hm)-lmC3^RUmrOr#f)Zi3*QULV6+b+Hd>akFrjmcBZ^HNE
z_!D}6#Shwn@F2i7n(#gm^!|$H>kIJ(TwVmeS96S+nuGlnFJf3poYTO+(3}+F==~LU
z+-HbC2}96TKu7``*4D)Si`X%-c?Ikz2&@hc-Z61Cx-Gn8;u-XSlmt0Rx}`;I)da;G
z7uj4F35)80?2QKyMeL&a6V$l7XjZ=jw+V2VioN}NNTv_Bt_KB)kOc`;P|G+F1vLC9D7x#Ey1rnf;MNIRN6t68K
zAuNm-D@ac4mSsKI7HYY@6e|Fv`~Yqr<1lvL0$7T%6}BA*><2hsbseLK(n+oZ(bhpxV5hS+HYdZWvUS1D37v*bv?+@(dQL%4WbiYCI{VzPtTVbqkyMqW`O5+6q)o!=H%z
zxHSI8*|A=gWJ|%3_b~=Pr%|`%9Y4b1~FNkpy-iJ5rj@MvO}sR
z(%@Vkhf#;1E(~>*k#(`SHW$tevtHzs9D17yv#3sbpW-%RMH;w>&PZKzDp;Q`rtN?>}P9|X;
zLhO^Hu=Y4S?ykTkj1*NNxI6OqvX%(oJ_?7?lDtsJw8;E=mM9C?YAzx>6Re8I%*cDO
zbXhh9)Tp{?M^Q6#O3
z#|C>x8B0)b-Xetk4VJ`y4{=Wgxr))LfLW5h=>Jf)V_il{C6~uS>F~JSfj)SgDpRV6
zd~z42(tOBHz(Q#9GmQpf6GDEzVRu1+CO;bxGL?`(9T*?u_EjN07CFZyp2y!?_I^C;
zGr$-cQo_gy`&R^fE|A$;Nh%kdcOn-HORR+JV>pb3q<)2D=!3}f*_PN2=L0UpS>Zgc
z%sCr*zBJPN6bKhIiNnb4MBL{wKb5ltMdun|3z26pR5VlwzO>&)`G^OUrs0(o3{~bZ
zTAGJ7?nWJeO*DZMD3sc&%u#Z?1@9+hQ2OwjXd|e-p-N1*H;<9>)^|lxhDKdp|NGf5JL@DW8MXF7k3SBqWO|#%VLMJ<6|??*RQoGoB>HJjRQA$+F)I
zx5SGi_!|f}HEBGq91>>S|H6_hCdDHZX*iT$D{-Z^kcq?hnYV!?>%ggrCXkHqjoogF
zxRqw$cd9Z+0vwN{2kl`^Nr8)OuC7?8_}?_5R7rogIAke}HbPdX5l1CG94(7XI^YSs
zrLlva5@+Cds4dNYvIaGy&-rUEa2t&ssk3KN@H`vPOiF3@LqjXCL51}IB6xw)Ui39a+5B-apxmM%$Y;RKIBjT?)qn@Iyf7^6vTGY}S&
zUPOt&Xm$ajy8}Uy^Fer!NLMK+s#$(1$jz)tZ=ytCzOWy>C60UiNL(y
zuXqiD@l(LgYCJXvZ>L1;3RXlaNQ>Of`X9slQCLij+6!^T_;)_Wzc@HK9DKaA7a}LU
zgl7V)OgIPcRsNDl#AI1~S2CVsYK&R{Y^MpP7(-nae8ecn3DPiNV+g187QSEh0ADEW
zt7u^4T(~cFF-b8{g)QO{X@BxJ!nXU2;+OkdI(
zJ@=%SJb}KDR7Lh>Pb_^6fko&$A|n0zUL+Ec<`yP30mLMlh!n~1qN1mjqWi&7OB;)>
z4kaU$TH1K10?iKd(nhvSrN8+V1!963_ztp_>C-4mG5Ii*cGoGx)8-<5-$|;39x(&<
zLJ-NP5K*L;8$;+?Gmt?j=_-uAb3f4N5k{afp`@VD9DDkx=O~JJ(}nilQR#p;U33)b
zLbU$#B<6F2w&j0%F)EPdNWY-Zisa>)hHv-{Lj;p8JN5|tc@$cnz+u#)-0aL)s%1Ak
z4r~|P54xD7D^c=`p{58Hw~|ShG&iMKBA8{_xp^itX!R2va
zr(E1oQW@1u@D9sPuI7+_2H^&gC>11KiITLMIT&r#+J!PN&E9ymFWAkpv+r~KO+yM*
z#=(JCB4%yU+sCrYc5w7I2cZ*@LVC?cluQFGyXF&)rcof=b(^L)v9WJ(xMlDC(n<7@eq)xMS0OuzAWXIOn)f(XpuyMkm=4SZ5cP-AUdZn>Id$
zd22X~0(@6d3Xe@`7M=&#YHUg&PcK;#eo`FC5~kyLFR4vF`zMzFV+P_KJl6Td4$VN2
zs(+b*m>iA>{tRt5CI;abM
z;bH5KiqjqVK+U;;tI!NYU=+SC1D81(C#@oS(4Fd=4NpMhv%p@(@xKYALiQ4c|5Xx0
z{aH<@B-AqylxXSa5nN8fpP)x4Ax9~_0oo-lCNao6g`t>GH-)QX>iObJ3>cu$dhqJt
z{O@}3H!SZFvpU*b+j$4Qj2f~IRk`d?)o
zQuwk$Br0>Pj;C|d$Cp5y;{u*QEteEmOeG9H+Bu8|o{G)`@#OA%smu%t3@
zPQ$zpy(tB6%*Iu*{zDMfr%({kL@ac*C!vYZ;pEbr{v7pXDF}O95(R;JFSiAu*ILS@
zGcThyh;1GSUyd1!_W_+m1FJE#B$}CFh5s9ia#9)j1|8zX$@9E^XrtyS3ncBH}pCsY0|G#KK(gt1W@rR4tWhy@@-s&UZ+g!
zk1j2N|NJ`T>P<@gRuOSYxBv1wWxp;keIq!^GxA#bs9&ed?Gve(|Ao;VoOv#b3Nf!pSOgcfut0go#fIy2{hs826?osfuwaO(`XQ78qScQL
z5suvV(3O~KdEytDoVC{=r`r)Z$Ai?PKhd*Unkgb%dXBF#MMccQBj2j=^UHxsg^LrY
zP&nMDB^{@07Pa)(U)p666a+u7!t@d9`j3
zWm0d}_wi|%;6N$%u%nM&E>fR{<}0Od&v0~q-u7I88EYuW)rd^`m~sc{i)n<0Hm;1v
zQ_82N14e@rdOr1hL&f76&;d-1gw;qpW&uX>amgM}OrDyRda|%^Xku%fBxyBW6}Pqm
z=G|L*W_H0|YA9+)Ai@tB-N+N@a*4S41!x#sdfxpWpL~Jqw=RW0@DqlPjfhzaLsIN!
z(=+=^RYO!-iKtNxLFun+h=0l!&LGa4nD*#%#m7s};f_j42U60sDMoNm!Z|78DwjsO
zE%5x+LFM06*Pl?<(Us^q3$;UJKhN2^uzi8UQKE;!QFHMmVqL}acBH||UoAr6_9AWy
zLgEIs2vSQ_-9ift)p%#2oK0fjZG5Qp{zHi{dJKJm1#0#I*=1Dm_v-3oFvZ
zSvfeB2~A|ESqE3sYG{fn7Xu}k$VyDywkR&e_`*sgD;as45}qwk1qfweRgyEiRah`I
zVZ{Y#3u&Mhz?qARSv~?=ymgHC)NG^Hhg||ezatjreifV-0MS6K(7Q!(v&(QfI(G#X
z6beajm6Pby0LbfDDkkDyft?)X=x}pGP(P!pOQH5j*1#$&5toPdApV@E*4L??5Ctb1shf*3hyd2*2
ze#0{cwqgp)jeiNEDh9~G4=`g}Dqe~jtN*7MREAUGVxV#`0``5Q9$xdsXn<1h4zT3r
z1jL>GL|jI1ejF`WPzU#BlHLt?PsWpz31D%L6Qt~^aF*I4~|1QoG6{fo65s&@1b}C+KYi1?-
zS)6Ca1SQ(?|02qDE%#OeomZeHU0wEF#3H8A6;s$X4Kt^gir+Y>kyG%fpvuJ47IwjG
zjXBK&eK80igx}YlK6KDs!n7^(bwusUt3qrdh%Q9Tc$%*}Vw$m-=_8i|8jAZJ^{_d_
z+>FW18GWSqoRGP=khB*HKHdlkbAWjWCxUO?2Cqe_H~W~IV5%g3!dgfx!4-sbH9Nt8
zNDj4K#DP5ocQV`H#a)7FmmfwH+;+qitS!qy4KMb|O>;4{EFt}|yI}5+G3D?<-+0+*
z1pSSL*m8OFDQvQk=J%Ao;a`6c?+2H*r2jR(@JRn>xbQ?(EJkm}d!i~8TaRizyA|qU
z8CBPxf=0B|p1yd6yuF=@-7e(EP
zC~A_f)b{{+(N9zZwO3jx`U-5+6nhq}YWWJBKePlZAu*9b8>U6gu?M4_V?D)?j5J!|
zn5gHSpCpSutejjh8eY|?6&Mai)}Po}y++-nZph0lYd@~*sq6kZcu%rn!Xk2Ckq7s@
zc;bZ3Y9#p!^TLyH)Iawq@-X9LzxsCYmwxr_;ER6s&ET*6>YKse_!k`~-nV}GcJO{V
zaM)y#@sT;ayAY({Ac7%>K{x-26P&=l;?r$WKVB^8})S&9U+8VUEd?u7g3+eG@&enO%q3JiA)Uw3l92B)JjHXEa;Qp4P)hRo=(y1IWw6z>X2lfm3+CX*YTg
zYd_ZmzX}y-o&IZm($^)z6;*JuYyX<7z?=N=Z
z)fR;AM51^}x)N%3HN~t=gE(h)wX12T)^Yru1=1oCp};E8EDBZYIa8hDGwP{A#fMwxQ1Kc2GK$Y&C>u!%TR?rN`1BnF&t}7Yv5QF_
zTk7Joh|`R0WkD350Os?EDPO|ht0dBc)al|gli6p_r(4ZfAj{dV(a4bV-hyy
zfxI*~;_<+t0;h{l#ol<;gXGhIRd(^)iqB_H7)nWV5ZbyVXL26JXE~CZl?(+o!NqSY
zK0W%V6p)KSSVbg?m!zvu@tMexmxpM85AfA@oQoJ1&Pm544rU+;Ee@D&I@6Dg!u
z7oU_`PBQqAiLp2eYjTUv!fxmRQd(32p)QdMX>yCtN(`bY`{W%U^l(XPTugi>Bx?)|>;^Tf^9yJyhHz7n#ZAa?)r2gYi0@5|Q0~v56{s;X)SOI5?J1I9dO)cW
zoBlu5aCa>Ef$x=?X8*rx#&T!|3sO@nKwpw@+sJ`H+%}T0|ErC>lhkCldI{Ay`ZZUc
zb~`Wa?LYAJ$!*a4G7h88pWwOun%<+3?8o7J%7tV@#+`o6@BM&Z26n~8i}q`1zeDNv
zYic~Ic(NosFNecuMKE3IehqD=sQWctL(+Zi$D1RQK$Si4H%LpR>#+s0AJZ!>t9X?F!WbeEnaw0L>zaSfhwQI-wrKJ
zS32u?dd3|j9UE?Nu;j;}d`kipHAz?hk@XLjKz8|%I*B-x1jUWTbk^VfJSLRMwK_<3
zh)6LJrD*rZsHMi7masw%hVx_`dU~IY2;{1a2ue365YH8qq8%Wk9x(br&A
z)w#8Ee%(3KPMVdg;ZN6hKSG?|)vEnGH1KYsZhberCG7v?O0!35qRXxC_I&HqZ%%#Z
zdC{rgoPp9^F-7aUUw?J@&Om7kMv;XFO0+?zwE=#)10~w$(;X0PhWGA(=mlIS|20$%
zh;ER8GayQZ20im7l8<11i|Wx7q=!qX>{524c`CHXrFE~ZPN%p3wnCj=N^BA8^p1QM
z`Pmcd`r$C{_#2=eGo2_4Yzo|GyO``l1l{Rx`>JrW}9??w0!T4>R-o9rI
zrKAA}ja^cx)BDpIN6DSQhPwD|o!&CvIPsbd!eSy(yd+(PI=#C%a&D*h-me{hUjk`A
ziBRB`i0<@`xaxTRDF|N?DWq3-dZR5T8E%2#Lq-m{U;JB%WSv!tYfxYe41c2ACY7n#*4`~
z6k8Xc9@kA#4f3)Uum*&4;B@i%7As@^{xiqE@-rIg$Y!fclmDn54tXC;pT
zd)mcsD?S3t0x1RL0T50QiQ*;cDpY)ybL8COvltV`9QfZsxf+Ns;AqMPp#_l&X>yCtP)y--GzNe$`Zi5&@tGL31ZAIm0E8tjNfjR|6orZp
z=}P|HizuTq$;cj`riLZIp+}**3+?SUN+I~o0JkB^WIPMHC*i^9SN4bV
zC>N5m7
zNzB}+G|Fjky^n|#6Wx>O>_>ubgY$kIMSBwD>hvTiq1m{jHhge<64Sqd@Hx=FD=e(S
z&W#ked)%m5w1wpw**Q^&(%}hJ0w27D#+^5gOsHM+019QeXt?vD6bW_hZVjQe0`O`$
zjQ4?wRE8SZuZ)DX39jv3MDhaX21j0n6(P_5aH%1hpvyWG@MxDJ6xzhT`Kc6JjtDUi
z$Ra||lIjNZ8d5@YyIXx_P~QmTnUE}_t?lmY_bj^POPjCmD>i2JdUAj%|kws~0fvO}TXwPOuBh4v!&ndvEe#^koD9dTTH
zzkWvLVtN$lPsIF=dL%f_^sLEL>!WA65=EYB*`^XC=ntkMR8PT$re`^7YzoJVu0)Z!
z6PaEU67(lxR;MaI=9|iouUrYr=zj{;LHR7LiiIabVDTqU{xcGywq>tCx2d)aFNx~1
zHeSNrAVuwPdkGvZ8lvEOJ`=)HnBW;+4;2U1F^8n(88&*N;13AY4)@I62Y}`_a6J>(
zwToNdVAx$d-1?qQmi6K?I7%Z0rO~30g@;cqN&mm`|I}ni7Pk|hB1uooViNI$cLsMm
z=`@PRTI5uG7Hq}g;Tymn`!@b&e2OAosc*#H##_`bZ4N_bBM6T-HAJ8V
z>3%McKc)aUHMH6Fqvo%80i}n#g1Y10f?`uZb
zYy%9^uD*T{d4e@bqweVqk;Mq;QC6rs;@$4~7vgOwF(j0Gi@Gq>d$*sjV#e?@jVQy`{
zi4P9$jhi}rQ##lMk6&(GzR3(eh*|R7dVEtg*dKo8*5{kr!G0EQ8t_eCuuURpd3@76
z_;yF!G~%1~!R&8wlg~HZg2j=qxlKw~Cxqx5+%Ou!X&U3h&CuXt3PE!Y_1NHLib4y%
znHXI34v?1qYlpDHHaHne1#;U&r6I9q2CIF7o3;@Ra5Fo&eKT&_g%^jm`+}#VAk!hD
zG;SUU*7yTR_n_x6UPTBFL$#ONGp+)VRl#pcfz~UbCT`XTSO1NhJ2^O;gRi1C$?ff>
zlCUjEA1%r4*Ylsu(HnWy9O+Mu3E(QDsa1b3A#4q~Ad`n%6)va)`mf;8L2>6w@JjO%&Eq
zW2B;&h{?xPRNhP@PzPtCPq>Yc;-R>mR^eLUg5o|ow;KdMQ|>AC9|EbmjG%PgO(aS!
zNq3TNkrY(WQ}&pkWh&ZNMB}8mjhphl7n;*0$M!E`(H~U2Pb%VCAt^d26`8NOD)_3f
zcce2VkCOB&6~varEtI5>wgGloVf|c8q{KIZ`nD>q?$hd7vy))`+9D438-Z>(Q-W?@!I5BllB`b`1>QS&>GXjs{OscvPQwLX(QuclZ622V41wa#&f-^%9
zp-Jod=nGgfr_?~YD(gRjX#Hi;*69G9v==Ql5a`}7d#11V*=DH
zX9nlb0TLTQ#k;Do#v`C<3x*(~=QuK12r*}_NNa#K7kPs?Wm=M}P8ohGF>3(RX5J`H
z)Zwm_Di@RvB5hUy@Lnvx;2-2u+B871=&G`P8xc6~`HB^D(!yL~60e{R1KG)L0Pi=b$eu>H{ZJN<}n@d8JidwV4R?u#1#3
z*w`e`P|j~@z5LiIxxdf_%L|hn^h^JwIKcwJuL%AFMdGG3yc>&jiBN=!n!wMUA~d7A
zrj>fAn-GD#M~zSKxa7^jZgn`*1Kl@-#XZy&zCMvmCt}ZVA+9-vf*sp%b9QY8kNcyanR`8#9Li*WcI+4Q-ElqI}aSU(a6G$QpyCuMF)
zgkq+Q8H*slrj@9|Sec5_ZoG;D?6V@6Qy9A}K*sEsrD}q3^B)Ly_@>gB5eR<~|KZNR
za``nCZNyWjBtCc$OI@hIsZ6|cR5q?8T~|UG&o7rq{r$l4X1LBQNqw%srrF?^kD(%9
zwMLID5Y-$GStY2?8@M_O3MwYhgA;h758Nvy(K8ZwD2VGCQ6-80_cSQWiO!_!ZfkH|
zGr9&{FFOiOt(ZKzJ_qx0e(h-1Uv4*a)`_{3+z-scb=~M;bp0sSOy$>$nMBueM5Yv(|AbrN%0dMuIun7TfMMRob>6WRS~Bu3+S70xP1fW`?b
zY?~43#)&FC*Ad6YNh%BGn18TdFjCg!rx0^)a;C1znZwTXfw+xlcj*7YvHMKw)?U>0dCo#1FWBQ@+{-Qw`yr
z)2QgBW>7Jt|8neNJMMkq5*|K?|F<5&fM14()0#Ak*1*}}wEQoe|Lt(<6WH9b4iBeA
zUDk(8X#rD`%?`=s--AAoMOEoe*G=
zVkk;iPy_@-P)tz4f{oZ-OB7H?n3cMX+Jx|2${r-rY@nzrW9aKcBtj
zoadaGIWu#n+FdP|8Hm;
zE%Av0;
zqr$<>bh$Y?BZJyz$W3L&yVN#IZl+|sO>J}JW@^TX)HY9Ure(ZIZ42dQdd5g4XEd4uy61fd`=>vP8Z;uD)9e{!2>0kouR!%0
z8P3fHp+9w82%-#cv6)s5CL>2}%v=r9h%cvMiglCpCPuu`+fk!7OPf2Q0Wn(*=4)c^
zFqpT9xl=G3^<~$9kz*Q58AKoOLn*@Wyu6?L`fj}G^a6@OmjU>Yzkdo{mRhHm&O1q!
zA0c;G7UT_p$_FG-c4?%1h&y{Bnzuk`XeO(VFEmWIJZ}q*o5aQs;Ywy8%`{};T`1$_6HH^g
zi##46@eWQe>IQ|F7%8uGa(HIy4hE1``zbk3I!GxmLhux{J*w3&q|O&(7R9K&QGLo!
z6tngSsD;DO&n)lmW^x2PlVncjnFD(YW|&sP_`D=TM6
zs_=_*AdHXP8HG&Dh1UhlYJVysG{DX1OeRxjk|K$c^t`NF(6Ec0jG=@`xj9=Oi{54V
zv!=YwI)*pT>x_8>$ShK;2_cY95sR-Ol@`~$LVn3GW;p@d#mrk1049W1edd6FuXHM(
z`xk!U@FT#Fn1p@g15{zh4j^wc2Kk3%=~7E4#`NfZTaLtRHgbF^H#XE#g*%xGQ{6(A
zUcRUs_s(sr;jA`GTC*_o-CbLR&X^5tFGzQUZ}P^HX;X3eSoH6sm1d6p4XwB59R|(wI9n#(f-^(nlSus)ys^i9PFOMMV?Qq$OQqpRr$@(@xJKj98e3Fj|KG$Q`ASq$Q_d3d5(@g~wp7sN!}L$8^ja3fcG;smFzvpgU9Xi2<|?0K7sX
zDw&8aV-S(M9I2?oe1s}Ig+}?(7-f1uK3jkGU%>ZSzi@L4fWmIZ83ahWS}kr4(xqbJ
z%VN~sn3k=$T&Q>WR3k8J|2I&0zmxG~5Xh`8@M#sDb;f%>NertBe;5TV-A&ks6L?Y^
zjmuoCZ$_c7_^%kPRj-e5{fKzumUxt46}?r80IH2u29O-fvk|JhR%1Jg#E3@FG`5pm
zhrLy8+3h+ru>puq
zOTG@0ZS%W0IDX>cNlx26I67_bIoDBc+ccEBP}?yx@H$T0pV7TeZu??qM}^gK1Lq+;
zqvE*a7pUUb7E}>lf^2Ae9cJI1w!MIHRo695;Gv>tMh2r6U8i{$Jv;p^j3e}Skoy&X
zhp{r{sLgZeyhhi#r=i?RHOqojL;RhefKhF_Yytb+tiPXd47(Fp-2-;U4c8(~>t)Ia
zMq#|Vo`tEy{OFyLkM`o`=v;h57Tue2)|*(DR6qZ5kciJy^?6X!HVuAJwS8zKV%PSK
zrdSkRH5;-T4~n9P(jNqWvo6X;1pbK7cp;|{gsk@wVJ^kzX4MX
z{(2vyCo+sSKNIsq>Zae#BTIcF_;(PKLJ0|{4Zo|4{+RmiYKwUu{5R@g9{m=!+aG!Q
zdn`4LWa{t0|H;RwHmz@fiUZk|D6W#qRA3_bOE7p=y$I}snK$6mAW45au*zcWDi*At
zQ*ZjyMqngZV*_@J0XHD*-%`)oj@LjyJ&7DKI8&`M=Jtj3KiT5^F44?tPlcHJhCi-D
z;vZ|e7sW@nzHSi9@<1mw`z_49@Gd&YN%{nj4IY5P$EY-m`f_W@I?_oRHXddG`6HiY
z%$~b446Q?))bkrDb$~qR6H(K+NFQia&eu>f%t>Q=gax(r2{Z64F*@E!SqyaLQFyW+
zJ<5s5&3N8SaI()NXIU@EO?1*Z(O8*{$<62_CzURz^3iF4O*R@U+nkCx9PQ*bWQ-f0
zekWLuH2s0;3{hvpr|t#+(Pqh?kwV2yPaFBZ#i(xdP^HhO=e$X>=(%>
z97yyvbJK9*v$(mhQK?|F-UfCOTFvOLhD~v;8;(Qaj6Rh2heW><*+*0Qtw#OG9)I64
z(EEXE+79L;0f33HfFkXlOu*}4ei#54a|>vp-7g3@0Mg$9fN{5gmfHQDfZTV`z~gV@
z5CgQG
zuBaA>n*&q{%Z&l_((Ye(Bb>*;d?5h5jh4&;`e}DMZuG}seiHy#CN1Cy?JmG`UVRwM
z)ZKnsS+?*x+_}iF0ov_~N87qNn590z)FxTrE;?AJ&Vb+U2oXIDfT$1BMvHiWq1yX(
zC$t;~=E(toGAea1{C#w|_VAG_{4ki8CIVcpdK(?7Gg6Pm=Oicz`gQ>BCaBwQP~eK6
z9Id@C{+g3hm7bo0m-WPXPQ?2Xr_IA&t@AMVQ*7k#wVX@q!Ef
z5|Y*A!KX*ZYH#Sh7Ss=b;dMabm&a-Etj0D@GXXfU4rtC#&=l3)rqMP|>j2nL2Q(h9
z6-Ti+>y01d%sAZ&z%d<}&l)L#mAdk`EdrKX~TBrK}HPA;Y_bB>{W09MG
z;aLi*jGhACj2OQwhG5Z|I%Qk6qgdzkD)6df{EFWpKTD_f##;gO5&CNIHpcipkAVCf
zo%tJ5L3gPi0&ho*&v&Jwb9L6Y_)>|^Q@;n^o)~{Ox>?bAI%OPQ{NVE*eF(h6G5+`M
zq5n9Yx(%ax)@a=r9gQOVZDG4(3i!us@9GIQ&-#EjFvh>-C4|2~d-q_vL5k26@MgsL
zH`9J6Xz!aXw)Ct5uR6xxgWh}eMD5*qwdG$8-o_aJz~hi#sJ#V4EdL?!cEtFHnjwBC
zX>ZtG%YP5NJu!X-z4s#R9Za+FKLp<47=P&{(7#xF2g)qJ@drph{x<#BiS`p#Q2xK0{gAd-m&AX{CnVi?(IMV*Qt-7
zMu;751mKPUB(14Q;zK$zsVC-dnWz^4c#|MWVjSpEo!WPV)$~08zXzJ6y)>Gh(2?KK
zy%J417^XDC-)M>hy^7_{P>Uo^y#N?YkVL$MIc$uzTc=#x!5V8i01E?6jFV|f4Dth=
zQsJBR9H6dEMAn7xK`wN}L=bb~K0u!h;EbYeqqaPZLiV+ed~kwNVu(FJ{TLucr?HKT
z5lD2Ojx0SHUv|=fDSI&IjK4`y9P(+j^3k7l%Jy}bdSd9^fEtj1RIY%2*C{Xcv7kx-
z<^&*PMFIV(y~4+A894)hivo~@DV4>ja~$u_3v6w_8K?&Wq@*|w8FIWk&>xa=_c~Bt
z2FM^C+Q3)WqL`*R-VO{11g<{8s0V+OY$?zN*`zg)S&sMjH5S<(s2)Vdl`sM2INs(<
zZHmSLFf{;~WDBT)k!y^){Z^Pj(
zUkv+*APLd7j@M-%`f<;LzMDKo-VACu(_m5U9dG>2Kz&cdrwJ&T(T;<5aJ;vx;i2*Y
zYa2kt;DU0!fe5yv#^9P-BP`yBN@Hv~tlhCo8hr_B)OTU}+uDEu#SH;$&Tb
zCPz9a7Xomp4^j=epG)-K!d@IVxZEc++Re#%+H(Y>9|CYk0G8cfXc`u$w;VMp-W>U0-K(=wk3X1pM5-XCg9v9j|gW
z-k$+^yw8$$M$;^+Nl%OfqWzuJ({hc^I02wj0w8nUVvcZ9AG*_csEfhBJ^^FK1*3XH
zNwm^Q;y_p}+s)D66eokd;*gi`Eqi@52vhMEEJ6>2KX&+wUBk?f>+Hrk|aR)N}9xEckjm;Ex0%_fSN>K8gP7q!)Z*)akbY_#^Wkf$DN#!><(Qlo6sW@k9euNXvbkn-8*Mibl
z1yB`YEvUHv3>rJvjZA=@ePfdtEp*)n(K_gz5P6$oI~YQ$@QPgb7G$^n4)kAro_;n4
zXzseRZ-YhBzrf2d_=~W9nSjZnp^clK_NP`I!0Q$80_w&Ki=i_jB0E)}AGByA2cIBKIJuPuG#-I?mCXoGcno%M#7e+nwCm@GV5@?{N4v
zQKZX>^H!n7aZ-L*ZMzncuas(pzr;tmGKYAd<82+}D47fD3|`L|KNs`<(TAO^ujg1F
z9tCf5jDN5Qe&`7&>w8Q@Nkg{;ycKo$&p27xNtV9>ylZ{FHe=73?5jNQq&~A8i_rXr
zxZMZ9BR&WlNd1Czzvy`1qXsyygT9-*YiY~WoDxLvWygE%W{|!I{b0az+cbdOt4?lD
z)Ge`P2C^t0|G3O>Utb5%PRIKQ?-kJUPFDbqNCc(6+5({09k1Dwn8Tg`=CK4Y1|~~K
z<)U{PeamT))di6n)$bGBz2kV)=cTfQL_cuc!UL$l8z6Y4FRb3s!u-%lzZh>+=v#b-
z@s%pX5>hdudq^z_CFw}PcStbrLSgL=X^HOyKZd|J6q^1AqQXX2rS`xQVj)kv^YE>n
zJ`85+Hx^)~cT#W0ie8~?ObYaXhUQ>)_5u2Ms*!GbZY%7k6KbHn608?I41j0=GWw;?vz
z8e{&li&8;o=M$3WtJWW|pm@z)Zw$)UoBC#?!90udTDo4_&RE$_wS54F(QoM^7cRsz
z9Pa*$lCVpMp05LAY-x2&ILe9}AfolT3K}S2nM(xGco`WrwvEj&(A^kjZ
zM@Jzy*_Tzz*JI^7Z&*lAM5WWThCUh0)jq(Fqg1)>S@)vmiStGr1$>PUl=7vSxri-U
z3vPtPn}?2$FzP$-h-WY_FzrVA<*g9f`;h&D@<~X5jxZHB=q_)gm@LU+f6&vZ#Cqi+
zeGZmx)u~Vt!C&xd`3>Za4e4XBBB0(5J-QUko<6|D{5-L)7Y$|ogUaHYSI|>{oI!LW
zhU{L^3L%~rO8!30lzhDkytO{xj?Osr_bv!|J+L~kG{@Hia0@|_2Jv6-=#3Z(cpE~=
zjSxd^BvpuE?$(3h{66v8nWDODKb9|`t<+h<_?sU$L)jlxIE_X*j!`qrw-EpIAJG57
z-!K=FnM;jc)YXeyhg1jfCIx&M6SakUshn{KsY>jLt9Las)|=}l?Sz-~bM_g8e=5|R
z8>o`*qGWC=-Kw|DO@07{+Pw~lZ3!rqO26ve;U*t$0Kns5zL*Gb=~%sw+~i+Skr@^D
zGXQ=_1f|lmdWYQPldvg}8~PD*w)mTLi+@a|YsE9Ug9xzr{nC-26Mg-P^t8;UV~8b0W59mR)M}Y#-n@n8i$gPbRl;Q
z=r{R1<6l$hU%d{YvN5_k2y4>y37Om-{YAbh=)JPf8|f8gj-PQ4||%KC5yi+n1X-pN`IX3cL7X0Z=YH|onM`BK`}E8&~phOj;o%nBdidj%=>
z%XLO)+lJBU3VJb+r}=2xXiAZ<*2%r_P3k4!T~miICH`TZyd6dHPVgR10;b|xNIvDyOc>e_aSWm+9oaENcLn`+GX2S3no0y)2m+K@yj0I3T
zf!xPunZlkcg+1R%J_qI+3*JPZZ+a45fs=eYc1&9U^5Pgvih7Zg+zc(?T97aCS=K00
z(z`jy&!DN<0^Xg8eCbJe1Dxc1@R{frz<)CllP5iiJ&m4*L!j&Y9&8imbm>TZDm5WP
z`VpUHk?UnhH{x^CZ^)2d#20ciC__3CUrL3TnNfviE%cS#%*~K4#Me@s=c^F2dBGug
zOD}Yhl)E2Mpjf-?q%ROirj63zWT$EpYEMGUAA
z#CG^QXEU}JOZ6br>!@{8Ht7Sw9OeU1JywGm+MLz`t%?2_LFk!ap6CNiEK>)*m+?U|
z;&!{_Q(G0H&Iaw-J-IQIwFBKA_U#*DBo)`mPoIO*XPy4M^D#u!JvfW8~e&
zM&=sq4P`>R)yJs3PuZqkmGK)oEmZsrIjjPfb7e;UK*RZ%9C0=@eYRiP;W==PbzD`5X`FBcu$RQYIz>t5c52~brbgZhE`avJ-PP0
z%R%wH%ibcLubFrrJB?wH3d^-;>0CoE>~W<+&*Q3kcvTkHVS9ZLl(5I6=lw3%=MN>t
zT)!yS@8IZpTsbZ5aeX>`$}yZrUgP5qxo(AH*yGXj&Kt(-#zNt>=UpZA>x9DVu-9h<
z-`OJt@15d0>w=@_ak?n%
zUHv7mIm{1xO}p@#6MJA0+GrA?!`*!{aw7&n3bP%MlR*B{U4c
z5^uCXdW$@lKnrmWChTpWL4`c7)sxZajT#wQ@;r<+4gP-ASot*IS^zaal97XIRgIp-
zsH3t-xr;0wphG^!8%Ueb?=66(dg}%}Q{4I6kGu(8_&s44@G0Mt
zd|sI9oWAozS53Mii*L`QcW;C1D%EhWu4Fv;1UFa
z?-jzmxCB{nR}uHJ=(vuT?+AiavOjnJ71
zdnbYHd3)eKLnT63cO1!S^Le~%0gq&cy(dH$CDG{Mi0}PRg%G<$Vef2QhP^gb42WcW
z|BoXK0ZOP^Ad5~Xa~6*9Q>)1wU(M?u<;ZK#`<&6ZL*U0RC*iVF2>A@xVXp#^60bcp
zdU6cy7N8+?SVQs|IEH=z*^_C#5a(_@@3}KU<>u&cnE-^n$IqfBlEWSa!}j`V(BZz%
zrVy_~+#9?^F7d%1$RX~b9rg}Oz~8PVljN|+fWr3rN6^C_x1bJtN37#<6po%pdWc&;
zm&hfIb}p~i0O-jvv`w@d!dXnpLqhl+m!9_|Q^76i(XWv>a}vn&xL0e4yU&)$Wmt}$
z$IfktyV{1m56|QA8#$8fd0ccY#Kqmh-XNfWU1%J@4j=a5-3b
zqk5*G%aI#7mU!H>(34|`yEBI6GAuHv7aJhCQ6%Rt
z#pSKIED>Ibbm{x^16{7nC0|e!K@r!#3X$S@T-pooIZ@|VNJiLW1q*xp7$WR($GEWf
z0*+{xFpY*s2?TOd(UT*l>8XShjF^2Uj}y3?#GP_@HXY2NIDe$QYaFe*3Yw6x$H`yM
z<6K0DGj1hv8TL3ehea503~}NCy}pAaa7+^7P%G?lIEJE00!NA{{J5NbZv$+d(^TPV
zCEks`09ShUfTKWb2HJXE__(7wZ&Ydxek(uLKjK}z{SAH_E|_uNg%sta_B&$QZso5R%?>bsaw%ty|LU7XW#$XtpVItwYv{A?9=
zjY6KO;z^+2kJ04yIRE-{5=eN}UXDm#?aiP@M80Oe!5&0^;3ZIJTI>}8_RV-~H?Bc<
z0FaeC%M&m!!1QqUC=
zPR-0d>=ZaPm8#n=)Tt){e(p45qK1Kr*L)QtQN$%VT%R{7q}6f97;G##oj^@Y4smhG
zS$s&s`#+OYdM7;87;FBVARbeo339Vl-i=
z{BXa7_r?6w3g$i)*IjMCRpL?7wU^?}7aKySAcP4B!DxC!H;-vrge5L?88?K4CUukM
zf`81uQvolimz=erN^cbbAC@%`abMcb5tc6W>T$OH$J_kxk)>rV>&Mc?si+Q|{o{H;EaX#uG$StAbVyn0`
zP+SJ8#NTLw-MAj*SWuT(Y%Idle5_xr^SSkC%2Jd4@P+czwYLF>)hgpQ8@(756Kiok
z+2sw5eJWREm$$I-jN--4f8YpT0`}*Vjn0OFPQK+X@$?;Gw~7n#(g&!!EVgxkbyF<%
z2;ZA<`_nBJ*CD`-1g=iSTjy6iRuWXabNq@oQ{_*Bl2KO4v_Q$7P!cT785D_Nm(8pX
z_Q^)6g(kuCvrfjwn%FqC)E1De>UMHJkgJQcF&M+$RQE7u{+6iyPQfQ}U1k?^z|wCS
zUYF}Kdl;{^Y-l=$+o%3UeB!RCV?G7FB-QHSILOx{*H#a&tsZWhI*|Cp-B9znL+TUt
zs`y1f{;xezSA*BG!y1^#IDwW){Q`%pXf9qT}ih!}L_r=zBHINMa~t^wwCV30htTW@PjO3~w6
z@BFqdyZBO;h?(G{^?6$lFs)Ce%I6Nlj@8vZ(A6kC&LtV8Kk9-6r9bM{fnWM)HeULL
z$R}r+NVN^<1NVWK22?GmXIX5lf5MGy#fOny
z--m70&T=RJ5%2@C*H`OnwjtE&aZ@jVoTk(-GsS#O{3j`Rr)D~dT9LpQV|t8>GO
z0p@m4$Bp<5vEi5kX0}`NV0C#XEOygyobPn;CK$}HYrY8z!!-Hn+FCy-$_1Nu#$1_%
zxy@~5%FxIx33Qv=&)g5nl2C7P^Za0qZ@b0qNZ;nxY_HCdc--se8;MF)$~}r7w-Jez
zs@EBj;pj*cm(>?<*kMcJrbYzl>A>G~eLR%3SGhd2BQ^;c2u_ch)f>~&S4u=Bai@e*6>VzvBq2n6oG<2QKkHG5XB
zAJbB9dwi^wi6!sOco`J8rPv0!(bH07=BqK>2l;(J#xcLWzFEv~ukXQYHHK?Gb9ZBj
zF&A9*V=QcpETJm@XBsmNFQ-!#Ta(*8iGV1BO
zI$odI8~MC{)7LhskUQ*BUq1I!{_%h*g|S}7SMi$aY?k~ERmQa}XcPiZf7UvsegWS(
zjDvXk8U&<@sqeDpA=NTlt7mLzvHnjfs1XrkjP68?R;@G+G1gBw3z+|7>(;DcIVg2U
z<@YzWety=XPtoQ~$nOz&f!yPi+6*Nho@!M0l?ulp@Z+FLfwleFG+Qj^t@e5F|$ET_D#6jjElbYlMQNe6pi0dq(;)PT;waW
z(o3MHrPIiaucNBqhK_jnOXeXQ(7)=U=-wrNJMO|v2ggeddg*4Q;${_ZI(~&4Rs1+4
z&JN=>M=V|N#|mTmL4o-OfEwtFNDwviBOgmVW=6h~GsXbdu2AY2Kwq;8V#VSFP$ljs
zA~dGGU>D-L9#rQJUpE^R1k&~2B0Wjxk!>P9Nw;JQR57(4+^^MVIG`y%j&pR4u)zfN1CtH5Hwk@dfrAOs=n2(wDQ;eA=1h|R7p=7N@
zy>g1qJf2k-dbt(QYH-vEruxQ4M%<4(=mtvwX4-+X9~foDMn-rXh>};z9mvl=&V*VP
zg!-vynYcu80Yym8!j9w(s2X<0?QGn(Hn-@QS3*S>I~~#^P%#>xMf|UZb6JULDJxCG
zxon`hjhcpYc@yKnN0yJCgf|Dy$>El-PR(MKe=$OOX}U==Od&sA`;;FN#r{{j`MBG{
zXstBu=HqT3b00PB<__03&m&Ef`muTkaVrJ&1Nyph3#N73As6hEZ7xs`YzQH!T*}ovh
zmw|JXb*8bw_XG7~EQ4>^atkpwF|Sl})}uTAD!>{ak0kf{UdxjksrP)~(r@Pzn0eXR
zT$=F(b9vp3*ZPZQO5Ln?U+<`b-RbzI04>%~__9VeBK?D08%n+Y4&~CH%3ff*$MdCF
zWG@(Ca%iTS^C%)S6#^Igkzos4FEY|X+sN?xUm{b$t($A1#kma!(eS{tK+0y#BdNaU
zt6DvZ^Yi$Z5m|N<4l29#nfUw>TR59M`e@hoe{9>aswcp>z
z{VIj~j;7_uQ0*=F)crH-hPw@Vj8ARn7T$vf-n6+B(A1Q6zZx#aN)!hne;Y{j(?t}A
zgoNhw(_PFxV*UWUeF_#XJk83-ynQ23CFXX*NM-Lk0pmYVADv-hhq_}^xjYd&(!_LK
z*iJ4DGU2WZcj8k*4lh7BQ90*?bC_)Q^HsMy;T4Uqd@znMD3VxnglgFKux#U
zBLeJ)b+8BsJ)HCWX|9>7bR_Ki%dsW}u`s+QzI_|IjTuYYx0E07@2Q9F9$=ff1wOW*
z>pgg94jiWf2Ps^97NB|(y=khW7UR6j>dFe@yAsrhh#|bN_Y($=r4x~#k6UD{_jNar
z;&?xR$^1SP#Z5_gg_5U2^7eX?`+Ui(Rcx$Eb(Ac45?!)Cc$3}K#+#iJQz^1_t53mJ
zJ*i^!Opt-O*ai@*6vIG`hz?W=7dNaF1#2&Xf8fpeI7qjNy+7&NumdS3y4Vk@0lGH#
znH%)S(6xC4H>#ML8)D(0$8jER!yOSAZ}-0{j!2-0$s(}XwK-kRl`t04mh#pXtU5
zvE0lBH6l7-!`DUeOx5jpl&`Mfd~NZusxuB$u~EX5#^O+(8K1(*%*6Wui-0PhX2QBI
zu=wk~ES-#7bDnh!#a^cYLReD`@zQJ>re+n~}dg(N$TeFdf
z6Yy!87b$|n66cb?d@8Ec4ATpXoBzV{6G6ul`Gy_|=D!jidBn|s}~epfCm?}_9$yC1LS+rWpKuo3vD
z4BVgg2zEJ=;U%_c8pybDuAjrpjE~*k=02*j%LhY6bFJR8ec=6p#zCM;ZjSzg#uHb)
zNTs}&T$s_vSQCa?MnW0;D{jrU>YRai@Rag#a!wN<@F+oLbLY-ep=j4n#^m%N{OQ`w
zpav$FsXgM%R-F>8>6MN|!H#=?I!GR%nzrJ>YCcPU=OR=P=Njay4I)-SK9C?V5Fp;K
zAPkokB)<)0?zYdudYD)tTIDTlCbCx_bn${}mL>C8U397G^v^f_@h*CZxu0qJ<6X5s
zOV!6@9>$`Zp|29koy9mvedH4cc-I9gqeZCIQ(&u}487;lFZAJhLad_{?QrAFfd9x
zXr2~vERuGxj|`0dY=UsdB)7x5KM)*3FOusxL#Cr%sr(bJ!LuzJznDuso*^U-k*bS~
zYqLY7YCDL<5UDxzp8D>@?Ucf=p^8T}!ccB+g
zzo_LNT&s~(e8S&ay@&JX_?J=7JP_M_*)d$rMOq0Q4+g^PeH1@s>~;K`o21}~w2
z+TUW!pqxKlJKD$ojP?qJsv{?WvqtA}0K=kC;{AOIJk`Z8R{MG-avg-l#~hDjrWVB#^O2ABM{fo1u2JecP#s-t4M!FX
zw?t)KR`ff#s+dyC@H&2LKpwO@V_v2Qs1Z?tLjN;WA*I>7F_f4H&RN4uD<6d-{&eju
zP{p7f#VVDmpf846i$QhH!9g;QBe5Zzw|A!NvWIY^dQ$9HEW>;Y&NHpjSj~GF)QIRn
zBv#@^A~ARg);qw>`k^Kg??@CF2@lhR5((4Q@W&v3rZn=$Ag15&cZ&2I_@+*`Ss0U)
zKuKf*n3kw8OW7z+V9}J#OjN=mOY?GM4ny#2QXay9u(&{97NfN
zGE^bz^1+xGX$ynb)6ojlh=@@~FFdB|0*ccQ2hs5`brciz{=Hfqi}N6>qbM-j@t{UT
zj5?fZeC`8^a~lpaLf{BRMhG0_h}Mr#6l5^M5dzt`F(U**R53NuJAH!l4}(oM9TkLk
z=wB5_B+#15$Of>{;zh2L^GLk;g|R`4c3SN{(rChbv;1`JGEjrDL0mby%69mV@tTArj|m{FG*;7EgBlSXsA+qti`9L>5PUiT&W7)e%lX+cvCy?&gDPD+vg5jTEzyQ^
z{F9aQhodrY(=CtaN5Y2ctr~Yd)&kwf)W!3vm2@gI@6mbeRMJK{>rQZ0=6yPg-4=FC
za}K-=HTN3=%$)PV2e^O0NTB-WygCR15BmIQ&h~96QxEwHwpFYAtEVCjHvUHhMl3It
zLbya8HAq65fMOD2+FraemeBUrePxWP;H0<8z8+Ru3h8@Gjg^oa^3%0Xf+{T~`;d~q
zv=8Df&3DSDNiEpnM!HOYZf{ZnflRpR(Ctm?ZU`_9AETyxo|JBTbSnQYv^Vo@kQG6Y
zhb3X?84m?%*j>LliW(3eI-~E0?E58{f?C)c&rq#2x)k!$wbMHIeaqK$6Tk1s2f8V*
z=?>=JjAn4(-`tzgOv+B((DW?_sqE5Y@zE>4{v)CE<|
zc#po_Rmh|Jf!c0mO9I)aeOZoL#2q&Tb}y*wEw(to{#Xxt7y6%>9pOLrnK;c2u-uI{
zE^jKcxRpZ6-^oQby}cY;dd650xNeM=4kt%U=3)LQ?C~|}eD0Eaht)qQ(7ze_W&D<~
z6RsJ*o#75*@WJ@4%I#zBF~E8VHRlO1CtHoN;pnS=jEyDW(^dhy57d9YGpRc|2>no9
zY(cYWh;SzanvH|;>c|Y$lgNrM9Mv7I7pnQ
zf)#i;Zb+|sQtTdVPyY+fciTa4%)=#@A#l+F5BCgpp}1v_Ls4x5PSo}#`UH_U3e-A9
zb%{!urkni-_Jgb`y3=$!Q*_bcX>}VGz=V{u3L%Uf{Ey)+
za%`A!W$^#Vo>9ahd%P6_2?r<
zuEk^PGSlwH(6<0Bfpa#=?<4zfKFnDIOY8vRGyLn1AOcHp*brEPH>!Yj{3l2`xm|3A
zEJpzS-b1%7tv2sXaK%PxwH?e*f+2j>8Y3aVyW?L*;j%w?NXD%y_~$yz|KiG-goEVp
z1JB0i@JLF1H`Gzb;k*$4GNM(%(~vt2SI$}-0y#C3kgHx(>I$5%#lMUoRe(W(x&>Fx
z%Qy%;7VnL5@!nXn3h7ZJDY_V;eu(ov{L3g@b~g`?;{fB2g7L?6gYmPwT2p_4h$HpO
zRb)-I_5?N15D}&D
z7yGCj{sP}=KxgS>SaN$OQ;cJc&Ps^FE1=)M9y<@>28|T%F_XDocQN9RZJCO_=(owe~E7-`8z_6%=3<*Mnsnr0(AWj+KSM+n#
z$v8h}l@$fbP6IU}@>I46_3}JWoJ(<#OgaQ*s+g#6F_^m#=k-=czd*<1phiRtI3zXx|2Eo}WigB^{q{&~3aEO4`~Y**Zwk
zqka_FtCxYodYNk)N*p-N%~2f$3;wOmkaY1rc;KRkv#qPF_zm@m98B
zAln*LDS!UJ0-pfhgl^55=+-Q@=s^K`CD78XVG3kgdMJ3NTXTUsh{}R)&4q3sbC225
zH)Pn;EWrApZpYSr-%lM&hPq7w85YHDL6
zy8#OM)3s|8WjTSpNM#Pmvz_=}|Fsgx1NoI_{|BR!Q4P$Td1X1@Tg@!DJ$U%B(yizj
zms_DMBZFYJA(&u-_DlUCKn*OYX8_99N8-69kk8p9whLJM5~GQ()-V0h;`PSI5gkK<
zigl{FrYY9IEXTi58{*&z6eX>Z^n6{RTgu)w}KiGc`Ew=k$(^rXD1GU#~AX#HbrU}0N$8C2ytD*2`c
zymo39;uQ_Z>~C$V%jiI6MZ8S%Zz~#AHrD&4eUsPAyr($Ryz}{OUL)h>
zF-G_=yx&?Vakk+Qqy;{1nM%uWS`ud*UWU_S&$CPzgKVy~dI;wi@h_uz*+o2DgM%u#
z9_HDNE9X-j0+nhc!B3-!Jb?4>_?Ho+3XboK2=@oPF%AM}5s1qgVsFPBS%2_b+pHNG
zSYQ~a5s_zGm{p7QHd`1g`NLzpF%C>%+5cswkMiWzWwd?9N+0KSHdcd`I-pZ^E0j2o
z;UID3ynif?BN@UARp?RT{1*OYM5}^VkOzBlDkW(WGDO`ee7;$!w0GuFn=aCuN
zxOLj%5LnI>thP=oMn{b#{{H#!$T$zhzl;)P1vsdJnlR>;aOKRyAy5z(PYPUh6jp%6
zc{ToJM5~n#L2=rZnHS;4*@T0LvX37pO8D=Xti2282kz_x2^gWTRzO=)P@{4b3%BNz
z)j6X7dS5?w@5<-uh7&(E`pG`ck}ROR$tgxFSx8gn%RzO#@sh=emkIcq;5
z0dF-dQr=miRIcpd*6gb4b-Rtn`!*5n7AWuRkSx6cYgYAo+49k{$giCwX>BO~Z4?Z*
z=G`h#3(ke7c?QvUcH9X_%{Z^OH8bW|-9f0mB2UNK15wWg#c6^=
zpiC7Lm4oJB0L~}W(=h_nh=@_gmJ^kl1d1~Q2hqV{hAJlNk?--O2D(5vU
zb>~g+3A?J=&094`c@smjMuA&%Q&qdUi3P8t&YnB9oK;xp%_Q>E4e%_7SFwd_YdMAYDzSe
z_9Rd@52+7uUSb>d7J-`2L5+wQ3+LTXa{v^TG$c+(oDB#s$_c5q;O~38t_`|?8lgOG
z(39BrdWF85Cp7x5;YtXZ`ngp9j%U-H!T1)LNSJy&oxH(y=9C6
zFCaf%I~m3?Mk56ni7c89z&Wbk;{uBhw9|lXHO5Ne&4}9&*G#4F0V@z|g
zhW;JWHv)Iw>qh#AK>G84mu?&y>PzR`{VmpuD+)C-?h&sj-HIn9Uh`1VBdEV@?o>9H
zVReV$g|=Nr|0anWW7i7QAa*En6E1vMscs;qxHFreTfkp`emg~)tT56Ei%;V^n`^%w
zjf;n^&Q1mlopV8r(+TTv4cW6nooKQ10_>(bSYz4r&|s#9^8wjhpmqmP|LinzpA^Wx
zQb!iA5&VG1{h)5KSoFT-hbQ906XRsUIpp>a!r^kdB|v@ostM<@AP@E@%8oR$AGy+>
z;KR6q3()?5Y!;1mYUbwr!tTW$vxKWtbM&e%uNjr6*y!8_g*jYd-}}@oo&>}98g4;T
zEhuLcRtE9*x;cIsQ@!r9kgt76H>~XFedo%4^-j(7Ui&NnvpDiIf$VcLxeyesiFS_b
z3TKVL3K=h&NL2@3ekZ6wzDY@yVt$9)KPYRG(mUOBF6HRfY^j#wvIlZ0ZoVxpJqC@!
z47-@%9#^)*bZf4uK6VYLw*r`RJk}-j9&qg&jMrA1I6i2Ww{>f3t9xvx0!jVDZX**k
zdSt5Cg|C7mQn!KW5N)XL@d>Ey7A(hNmTq(NTzG#~j|fxEZ56z0+@_{3uc
zxYjoVo)t3-xfb;sh|vj8n&gCnqIx(!IdDwI*UWXhm_jtu^o{4b!%q5x1p-41u6vy^
z3JOlfK^!Ih)DUUk$GZiLNOv~FN4W)D^mvFg!4nK)h%~kw)
zxj^XAZUb2Ww3u=1ghf6tM}XJtFe%s>q+mCw5k?5Hi!_pRG}21W6_GMI4~q21nLXpk
zD7n~P9hoegk&!ua_S878!0$D3lm7srw+&^MEjSn_l-q2dEq0i1a=nq;*V;*q;|l*?
znw#7g$o-F*SR&%`)3sCLp+>Et)I|X`&ff}cGz8c337`%N>@_cX(JZ$1IJ;1N4gE!XR
z=N#cX-*MdF!Ta1v-Uj5oR(?Pre_tJWHI5rbcpo{*?}9Vi;xW9GpRWC-4&FL!r&kaj
zH>L2N#45@a=*K;1;(J$+H=lwUmp<$8pLBYf(qSF`Q;w{I960=^&AuLV_`g||zQeDD
zLgVM2HQT7u;io@j!cBDe&pB}p|8xua#3n6A9R5xxaQL@az}Y@PT9sW+oWmc-4LZEb
zo#fCM%oW^g!u&cI3p@jAkk**fzud775am#u{uNH5(|-$cDQ?sjqaL4(fcIJ*LOs9Q
z?13y!zd0P;MgWb|zs{-S^shG?SBcY)(o>4l-{izQ{qr9%F+MsWg%3FOoIWEYWq2^w
zK*#mC&P?|dC;2bjZ2zy(l81>3{&el_V-wQtJN_w7S5t%G_?sh5lL0f1{{*Lw<3G_S
zSjWH6PdFWal=cwEztV|0{xzVAG;<;bsYbhzA233AIBYAywOhbPQ>b!
z+f9-_Hz`7r{)$f$oPVRmr=X1)?R4Tq2RXs=mJ2=wBD4YU=HGc|WLuwai$Z>(svu@+VtO1o{Tx1M%R%w7D_o
zm(4Zsv&UonV`Z-hWV?eJ1cb=<*gqV_ID9n9W~!5F=7bkRn5*nh0QT3LOz0B=4NDR=
z*o@Uq7vJ?}a~1zffEvEV$le)bP32Jup}1M>O{BumD#d}Znws&^xbYQ
z6dJetjh2OC>2|kTP@>!YR>!&BhBjI6+hiHHdr${%caQ~~;{(L){;cENZZ>x_I293C
zy~(8W#lYqEnh=-Hn9F@wOD|2DesQ^v=tP%00&*$t5?hLTM430@a(C!hKYIhI02-J3
zw65cFpV4-91^w(N2o;z6oQ`+7c{iFEADfW64|F}3%Lqvk?yo{jRQ72|^NF}P?rNi<
zVc4k9wM`}_q}g}3)w+YJc5t^FhGAWQ2pf01LDzA&H9o<*+e`gK)7?G+S>tZ6*D-gy
zA5?L-TXf9bHfO4(pS@Mrakn@7X0ZKiZg0^S5x?~+lblDaL3HiW@yQ8X>vG-66jk)A
zxw*zXpwwa<#H-TPsbWe#(-rT3;N0Hom0mq`>)LBUjZh2~R~1~@8?$%3xd#W)!ABIT
zn5gDYyXqaBCuW(r6$NqI18PLXsN*Me!@dW_`3(or!N*yun5Ye1T~#m%Gg|d@v;s9E
zV$hMz-3JDP^3tUytQqEn_?Aw#*?K+_$GKVK$ouH_LAE|I6kl{h*ko(DpNp6mmf_QA
zpJ21KA}(83{c^bp>3W;EFQLbDM<$ud=+^vP)vM?VgYr9^rpiw?wb8BFUxiP3)iA$+
z92-|aI)f?&WTtLq24cTg^_VHp?(liDwTypQMHzvWMEUrBLAZ8*j
ziu4B28H|IdxrS)ZHtiiUkx*}3j0nkKNb7Wcs~{7Bi5KsTV1}H^J@p~)c2;<6Qvygn#E_9Xq;E~
zn28cU5tHA)$tD*lJ*#_c0IA*LWf(_er6&KW5Mr9o-7)4~VB&*075VAfVNY!DOY
zoPxQGk0gR@6koUe{sA8oT3KAB)~T7;>toCH^I_sFOmEp|xicw|&z(G4oMVzPB(Uxy
zNQSZQH64w0_FHRivDUoGT61e)%^rMVo7TI%Ej_QlOkz
z?I^PxD?6EwaWAayC=(qk$C#3HUUm5#yb0!=?(Kb^C1ZQ_#D(*aajT{O!r8O(d5w^(
zRUUP_HMg3Kd;&LU
zvH#NM+|UGhsq(qK$@vyKK7clv=0g`1afcIua=(+?&oo*;3ZUHC#Auyc!VO1g36s)!
zjkpgAQ(At-xfoa+m%`U_IXxo1;A#h#$jb6-@2UICQZWZqC!-h&wX0Ht~O!fX}Jw^
zI$+IZ4zRqNsfU%#B}2=PWQN0Hrq+!XPe2Ei&#hfcPbb%uP+(66*0tD3fc=~h$i0R0k
zwUa7JnMH_fb9%9)ir(gyZ+P;ml-td`S!GOdT_9gcdAiM{fgM={Am5QWo;0u@Rdc4f
zlpE4)x00;_$+N(2K4-p4D(m3CVp70u#x_vwMjWI~U{@)wO`uSx(_Hl&&KG8w$oRfU
z*X{&0BJwbKF|o7uIqCq;?Jagz5d5F<*aB|glyWQrZi++DF2)5+c&mS0H4yx_zN#DW
zNKhjp&wz=Y*CeD)1ocvjJu(P*c|11%0%YJki|G(xHUX2hr4T#Zg+tk&{Vrxz`CEY<
zV6i0u_LTtptefX!J&zl`gviT&3s=A5;@vMzw2uo!yUnnDi#NcA^Upd4UdX-P$$btY
zD8*TMNCocOnEPnXf3SC&yUB@|`-Lj|9{`VnmQ7Z7uRwS8zv{jy&~0>G64Mp-9)Pm2
zmyKiolSt|!tFud>^I7Obxt^um#88UA(uZ=<+TD|}znP;_Efy5{>Ds}-_Tf6^$OC(xslL`{mSd0N
z|F+oqv{}UbXKXOYUo53(QqFuI!n|7o^pQr*Of_ar3w+!Rz>otsYt>?b&Wk|Lkl)Nr
zr&QeFO|V7e^rH$jrU?XIgn+y))?$<{A_iq>{2ZKgk{X2wJ3Mu73_saP4{Ypa_D$=T
z)F*9G=BV7RY5g0|&DFqQI|o9O%9IN_-UdsA#(?1n7Re>T1JvV1il?A4txsA$Zc>v(
zLHEW^K3-?yjR|d3E(z&bRyd=P;XsNiGP~CSVi3l7Fw&7udPMHr+-#i_9+ZFO;Kqz?
zHrQUg;+!PaMMB8Uh*R7<4R6UNCS+7@f6>q|J_22VYh($q3}ciRe@lKoqmdAa#(`#}
zVo_$yL`>sYNtq6S}a%eF9CQzWrfBHuSvYh+G>vD*YVF_tlCvCR_6QRa2YV4K%%gV+Ji
z*tIK@veur(lE_jiKwz=}b%@#dKPIy~+ENr~?&Q=-ZrQnKX^^P9v&79tH?fF!38F2U
zOtiZuTFM65t&_49#oD?*3L?INt6zHv`Ez{V8r)maKO&D=XtkBLX0
zrZ5I&`=)7@GJIMQU+!(Z`jf`WTPJ6aFw!ii1Jd-QJiO!PAUp;Q1;*L(BiVyJ+Wj17Y{tizEi~j-
zxkLcdx{1nJ;pW&%Ix%3`5<+GWHokz2FF&TH;sHuxxgZ(ujo55}p1HZkHB<)TlBfjL
zQw(oWX7|QMEt4@->rrCeX~Jdkx6v}$F}(#!R~amPOnjc3z>Z~sp^_Ovp_fou{qgN$
zVpL)Vm=&Lv-f1jXv*QbhQghBjtu*Be<9Y_nQ09eDQwOB64T<@y<4jw^0(U$df|}n+
z#W`E-oM&B-UV$>aG@Lj*wEgI6gxXJpK|R
zN88hR;yr#8kp9`3k
z>&vDX*+);hD$x${t^H~BW3*n|l6`uj7)|RJ`qhD$Eg=bZKO^8uGUElSjDyBDLAly*
zrxuC7UZedK825Lk?vAYIhU9qxlEvn1ov59W5+mZ(dEEy^Dpr`*1uEH;(`(R8odYeg
zMiT2!XesV-Ed`7FdG&%}HlMHK@)=1t*}C3nsMDQN>H?!9&`d*^0(haOV`VA7h;g*l
z)Fk}k1Z}4BU1DPstLzvY`l&-aAc=l-4NN9wHv=n4_}8Fc25I)3XuivR8$s%PEj^$s
zpvVM$rKV3d_257C4B%(}Rk{x%@7L$65s+_mMz(1xjeL!dk>Y%99YgpXidr9KB7;p&
zw3J&2vD{u?Cknf?`&(Nx*6YF@2C*lv$D1EUu$}XC3aS+={d@`91>E6fwSyO+24v
z=`M@#OJ(3W?gnE-?x>)%Zhh1}8a~br5wIzvHXR&lx=#ubyZH-cyl}rLFb>c(P7lDo
zeoFv#_@V~Aqc)kj=#VtYoRpWXBk1cq#KJ9=iAo<%Fxo(AC7Yr@^@uIyN&h!!(Xh!B`*+tsSeW^
zFJQkMV@sS^OdwKB+?8&Sy-|BxA754u@-S}
zES}cX%shM^A47u9a6eCsp{0J2;B~sfpAh?HofstgnXl?_86u^={uesF7fXnV(f_SQ
z8V}}ockxm)=zc?Fbnc6z_@4QDpJodV!~UTT4QpaZ@i9{#`;qI?j$%IiC;u9b;{g4a
z?Z{HgLBDi}X1rSikB0RGeX5ih%r}DCMeOt&I2>>NE)+AkJ0vvrWd9HkN1qpTHSuf`
z5tXqSf(XbA`!7M8oDCTGh7I`m0f%8(|NBoJ<|sRjVcGw`W{KjbdSY`${!CDqqba&`
zCd@N4N-06ikVIAmlVzAEG7~oS=ZO3XCQMlSb3mE?ybLr|vhe@zGZvnNHis32u^hVhsMirL23-y#^FplmVGEdv5H
zkkBeNo6Ub>>Ic&Cb6&+kSW+uYCYLY=O<^@NJ#FncF35#;F^k*c*gjAMkSQ-F
zLrVjO1RXz|!JJXNDg7eQ(Vv0pWHK$GR+Pn;B$+pg&qEuTF8-`c*Z6W^8ia1~vsT@0
zN+n^K5ekOVHm>xxJtda5^!km0Nn5WV0g`BAJ@ohJHjpWt(CHh@n?NPAsh>Y>*FWCM
znEH<|52ldwH~f;ZWplsP&!
zZ}@-C3MIyqRds6o%)+$9@=G%-HJw9kQ#}`DGE0w%HFQ{H*q<$#5u-Adm=Q8FIkV!!
z?Stu)`2kmoPpt4P
z@Mj#%OpzV8n(RIiNmUC2Nm~WjbvntPGsJWdXCW{Z6mwukc!_DuPv(g>Tgvhm8^YMR
z9>1fGO_AcJ4iFM8cuIU`;5+d6Nt;s>=Q38tTPNP%uBtnca+#9$^w!$}skL@OYVD*6VC(GwXl=jy_51(UUVEMM
zo+*GGzCQn3o`;-s-nHJn*WP>Wwbx#I?X_Y%CZaySODo`E;)%w4>)WHcg&ly1&c6#y
z^&4Dz1l2b^gfF;9dSlg2+fTcrg_|*A?uZnBM_h4SScEO^j4I%UEPj(sKEf2DKXAQw
z1sY%jVbk+_7$&O~-au}qh^gkiar?0ma21b?3UHNY-yc(_)cAoI#aYzad!YKMxn_@k
zH)b53STZU08Z|GXo3Jg1bH!g&*!Ws5;qo&-+oI
zC5EjxT%4}gx*z=)ACB3^ek{gX^YOSr;*L&b!Qn1u`%R?#%&_vvsmy;MTACfWm~nm3
zf^~ZF7=9v|dFLS>v`AB|dFNjf3TI-GOcIk^CikcGH8ZaEwNFO}*32e;=`-3@22qxs
zhxKKH6}9g~tT+ZY`usowIWi#-d_+sP^_68rtvd0$A-3meOQjKP!AW9<`7Bt7Ig0!2
z@yO=n-veNFHp+}(7@K5pBODlCP!bH$BSw7DyutPt-qr~26G?0_{V}$fftW6d+F}mb
zKF4`}v=a<7L|GxZ#YGt<-s+<2Ae&tx0t~eCk&uxYY<`IVB2`(?lgi@&Ai9JMc#N9B
zHkdeb&ezdT(Ovt95#NaEGMzr(j9MK)j_mgn4J~52i8ryt2)v`d>CGb)Z&P7pUc;XD
zSx3HYts~Dw%$VOXc9Lg}o#eaG4gqNqLI1rd#b&wsKL3ufldvTvGgIuTrjMDPAF6=_
zPmD#?Z%>KtBjA={Y$rd8R&GYaF9n`YSPrD$ew<(@c_GFs!fMY?VxF)iCC26g;+WW<
z+1jJJ$nX}GSk8&Hbile2v;By*sB&#D#Y_V^EE|k_D_SOURRLz^wCPHj)og9ic`l2~
zN$}fcMh7`%IFE%oA55_|C2Gm|rGCfchUEktJ8QIWVG+}b?-A4cU#2`=2-t4Ilb&}W
zzlltL#``U3QVmiyZL7fk&bNZ$5nEAWdr4@p*k|H^e~yX5I|F-FF{a{rc)HLyH2c_7Aaf=5d-
z`$Tl}&QeS?1DGiMkC_vg$V7J*yH7D3#I=u%ylAGIz6jezoXI2JZXv|VMlx!%Fr6eK
zhwCqkw{Ae!i7J1L5p`ejF*R%#{*8OI(<}VjEGEA)7E`;UN-Qujo-5k4>Iey_kx7U%
zUg(m+Aeb-w+kb2QiMp`pUVD;X0b{x*`#C`L02nH?OD%g(6}^)yN_1vX69WtqyxkWE
z7Q0_jD*?YL?km1UDcV~zBKv!cE#uDgbC@N9O%(QRX5HChR)A5$-*Ah2k#5iDMr{J~
z)ZjGVZ}?bXxf~U9sg1g4hZVvL^R|fEM?Gx_GWwAvjb5c>8#PY~6ScWr(2reY*i^2mV
z`wtbEme=5x;-A>Q&CHu)S&WC>7#{rS{4mmIS4DRP%%WFYo;5?n52D^FW(fFQRjaOz
zr$PbOnHhj>N}InwMvO@Ajv_*p54y!6#cJX##<)9f01+b)jN5NX@wuUJM?|)XF)b5s
zlo*(Z#WjAqrIMSXHU!usbY}%WlvuuuDPN2c5o#I6Dpf~}3SsA1XVfyYUgkIaR3aPz
zB-!rW>>oW2favqkh_gZPB#G>A#YZKksX7*$BW*C_7iSXL5^HdP%e&YzZc##HLkK?=
zJ^B()j4uDcMt3RU*vg`63J)Y4R{S~%Kicj$JMD;?j^LbPc^_S)M#Y`cEy-=M_KCMg
zbZel)dZEPojSuItVOVJwwZy$E*0|y`UZ4_LV@HhG71c$2-OFrXEf~gtr3(=JQq)xt
z*gS&lkP>-@a^;zEO0lCU18}EN3i-Pn+ruFxjy3%U?=h|^mM%Y>yZ$|@W*SO#2w5q<
zTa`e#PrO&ZV=}WPBPx$%jeoyypJB}i@J%tK>9!j;)=-r+V~=i~P^tK$_&Gw{LiQ?-
z8B6v{@z24i^tn$U5vKRA&>zw=P>(S~d^oyI!6Vrqd?dy+alg2X;5hH2zCHdw+xKMq
z0*bin{zbda44B>ce=JH4YVcd%;*B1D5!z=hNr?8KYBb(fi_8AVPAuZCVye{9Vs{lk
zugfC#iMTF{orMnps+}&fk1ZWZOaPyZJIVZ%5@<+Z&y_^yiqFJs=pV*zD&FHQV&5>O
zL^t{3tHKlFpiGFE`53imM2%AZZcOx3QEBY+P(h8Gb0Qnp&-$9flU`PH_Db=yo6N_5
z$Ef=^@1N6m%~G}vR?N`fsvOY
z>%c$)(BDgk;-CzRyy~;9*m7gQ@dg$isjv7ZKhFzmO!3V~VX&`icbPFqcVX^78ApqB
z)_?lU5nqc=Su^XtZp{l=re<$kr7^aTCEWv
zkiAOSUE`TpQve_$HNKNzR(LkXh`B<-M
zi5*lnrtm(QceHFsi5eAtrr%*y_&H1h>~v!FXq3j-FB(Gu570}1@Wy5^Vme?0haR86
ztPyeWf+mdI4ABOHjLkVQb^@RChylji38r`BlFNu)kobYX|IW$A-vC>j@jp=C-L$Yv#u&#dNhMR8g+Om1=)~)sS
zb6P{)&br$oh4It#eWz>NS}t(4ypupuefzE9Sh8-NJ7@KrS<^Od*xY^Vw9d`lLb|0h
z@%?q}H+6SP38<#NbM4ytgc9Z{ujNLb;4mAKtmOy=%mX&Fwq5*VnFJ
zvu$;F+ZsUX*5lUIh_3KP{BCcL{#w_5OSk>Gt$oe9_H6*UaPUT_t`2Y6vJpRVgKFc3
zO*}Fv(f}+b#)N@fXjgd6+P6hZ?P?E4e{64G8{Wd@f`FUWbZuA*>}?x1cP4ofUb~jD
z)@%jUl(miNB8En;SF0h%ad^T){X7lC0xjwjh$Q2HcJ+dLX;|7
z&xUaOHg3~u##_y0`35BxXhusH^?-O*u23{|Y{3at
zuer&VzIF$50Y7fPb#41rra#(~n22b8#|9n?%vxVX{DR?TKp^W!aEs`0Ke&@I75RnCrrUl62@abSm?c
zJiz$jJBVw%se8l5Fn}iT+zueEX7e(wBIkr*+2=h980~V=v#s8#ZxsQN-%i9b30_DMj3}EduD;*~J6S9DxUD
zBz|nRFd6=7N(q4SMBa?BC4^B&`S!T8s7**9%EW7f`r6Z|VRS#0dKE%|fJ3;s&Hr2mm!5XU
zG4Vv%cyo?|1_2t?Potx6GPunT9&O(YfuMBfW@Jt=h2{s)l|$qnrh-n&_6jN2E1(Rw
zpv~RVMg{j$10L0OP<9*D0+3rrbLy#~gK8ViBW@Z$=Fd9H;14&a&h5J3S7-C9^>Bm4
z2TJD;)W9F8m_OocNw0HnMJ-QV5P@^JB+$)hzSRwoGeo6L
z{WN}%ruI{P3srjS`zdRP#thJ?R?29lKr6L+|3rCA%^6Au<8^pfs1rU29rOmL-l*5kIOx-+z$YW89^M$Ee~t${Qs2N0c!H!HZVkOLN?1
z-ZAqwIv_vfjsbHNc+XHK{ug=AFp_kQn}L3*I|1^Wcv$k516)s~9Yohs&J1u(1Jx{t
zm}#Pd0m?f-BYT-)GQs93*Leq;yN~kG%!I#1m>ok5DwZ#9R-1@we#SD}!zKYZoy2?rVKI)I-$7IH
zfk992G)(^s3e2W?%MI_M6fitk&~2kE41PD|c2YW~LIIlDM%5iO3Ej}gb2UfI{4l@%2d6n0h0kML+Jn&_n0}2*;2y&TS;l1G#2j!
z`h8D|z%w_@xeFDHu2)CKNxWaizZ$uJ(hj+|)h(fn@sd*^S~|+HE{{1?5sg5J3#3NXaYZKqjdg=DVs+UWs^HY
zmWqz^t3+PIMB@U{Yn^oNs@@o3f$21+nLJ4MRy$rrX1t(KfWh6HC~YR?R#Bjv8X9<2
zIYFZ_`5^#Q`P8oQ&q?@L8Fsb0#%FuJ>8#sYm5eT(YI%aJj74D`f9WxavtiYeBfaTH$TDR{ML|B
zlpL?sj52<5Jx(8$w_^DPVb_DOHYSW;f*4?Bz+FJoSF*Zg3R+25;8|dSEcn;qd(bXw
z-0q4McmQ%I6{v)NDwf<%uMd;640=;HisX{;R+aX4Tco#h(c6ubb1$X2H-;~vGPlgM
z+AMIFnmW)CJb};=qup!J3Ary(z^%jL;dYvpg4ctPo8$4KZPtdekeeP|L`R44Rtq$V
zE`AMbM*UfE#wgYk3JqIi5AhsKJI0Dd&I-!n<#azy-cOZ-Gpy*C;a6%y>w=&~=o)o|)2UsV!7-FZYM(d~P)Kv`FXYdSB-L
z%=jRUa#y#Z#Z}x_8-)E@lppwwXSD?+My;RVng4{4^2bFfx
zB-Au=C2wx>8;P1I?GvK8^ogYJ!A=E@>LeC{j`WM;Ov$IRRWt>!f_F>3M#_Xhc5ey0
z`Cu_1Lhh98Gu1m&3rt5jp?<MUmhHaA18osV-`c(3ymy12)P?*Iy_=oOXGSx`WW
zK|m0KgO^Lz?RlvUIn_l55Gpr_nC?6=@R9AE#20Wn_qK~7Gx#$!MC07s+Nch*!z-o5
z&Z2Dd9*-5j=<19JQ#Pxd<1ngqJSV*Sg$=O&77h5gU|ct5NWJBRao1Ar7b)-pUb_WN
zxeTvuq=iRO`RF04>7nu-ng$+#HVhd%9&7^b6Oyrq)!q^;!Yq0B^J0<)fbIK<1!TFm
zM`Tt7rX%kGu;{l?k+ZxAtXD`yt1j@P`g(NHF-mVFsJY|!foBQ~E4f~s5r!@{MGfc?
z3_nP)!Zt!e0qds>h17tydOd{LlnSGqy4{#l*F{7QjSsowSdw_(0=iX7p-eP>#XC*o
zd6Quz3hPt*Sa~-}0JJtn?x5U9C>z4Rk4kKBOvd)c5ar!rv=3)2){?JKL6{fp@sSc*1JC(GWCeF6wk*0X)u37sFs_w%(3khoMLm??LwUQYWIGVibkxUhLv}>!
z%kVy=4J~oED8E3qW_m}sBD*EoNQ=3N5Sy701ASB!Z2>PFrbMIoaSIOf@@Nz|2=0AU
z0`9|@68_ss3(YkHdqSgCqFdsBm3ZqT^v3s(4AXY#nHg^G9$xf|+_y!@h7fXd;|O2=
zWy~@V4z;TgT6`{cbVa?WALfXwDB~-<-*$i5mfwiXZvpY>3KxE}t#z*}Kn4B|V#$!J$Q~@?{
zE-Ipm=6;$qNVEHCE;EGt2LuC6V&eEv)Wk9Q-G2ci1yt7Z=h#S*kMRJHq|(Lhcd6PXQKaV&{N;lb;ry
z{d+WZ%#PYVW*ghbtmuPT=E2PCX*QS@qJa%4f&`_Ij#1hQ$~^{wSZNfnN?vbwP6Q}nlWb0Xp#c>-Q$|6ZyfCv6>@1g~94OauW}&UHvlO|7
zZ8Wl~umD&A$~%PsRvD(qWy?mwS;f>=DFLf-g;P_At@;_7T~0af
z+xlUA8htL~(=pk|VL@YkZg}gHX}{n4)NZU#cJ^88Q~UW^pW=Gu24j7iDAp&n^+l{t
zQClBdpE|_)bX6F}r+PEzjb$a?_>|*b1r`|X?!dtnTcGA)#Cbai^Gb%5#XfnNtCdny@%dIS7kf6E)-Om>z0q
zf`tl)k3DpC6WxGsF#k0+(Ixl>vwU+CEycHS2Ja%lo6&?b@D3W?LvtdfENY_5@vNeU
zX0x5m4MDSEgMu4sg0X;2h26(NZP5@-9FS=T50nY=ZAzh0DIMpELYl>o_=_>V@s~;Z
zgw;+1G6y>hGVk-3$qM2s4bDV&yC;WlFwjlF2^RoHiK_B_pXK{r>-#>*_uY>_-uK*J
z=49Vd(-qXK3^w&0ue`(O=>N6@U_AWQ4EI7;Da~8EU
zv3+(SI=u=uLH_W}fgp~6xZEIA`!W0pi202z1{+s{Fg)`aB0rbkZKj|3Id4JuIrn=I
z_-vx(=R7j}Tz=zp*FNVn3w|!Yaeix`voV#Q%Wv!o>~kJielEXp{Ahmfrz*4$RO1M2
zI{r_<{~G+S!2c@zpNRiBVEYzctUiIK_=vRB)PR=8*C;LC_gCwIROSDrd!`!a`h%ty
z;(LdG$Mw*Ye6(3&oZQNt1?-U3i_Tn0HG}BaBJ3Zq5MsktH%KG<(DU%l!x^MGrwG-_
z9&nuL$iUCV!R18({z@!|U_);k7;P(+;FHe<=byklfJYsUOUiIG=v2c<(#I#nCC)VV
zkbwyrd(4c`A-JvW2vhMBFv7#_F3^M$ZZQO4?&gO0_?dwL*c&^XT=pqVGY+%wR;SUk
z*#Wwwhc4?8UsZvARH45IbV(0gYN6@Ill6c?UmOuQErk+}_tKrG6>xU|fI{(LWx#I}
z0iJoIXk1VnR8NQW4FSwe1Q1k>bms;I91R5eono%TGc9_j0-ofeE*1d$>wZrGpGISf
zz56KWEGnepdno92I%$H(C0|`(X?Y|&0LCagNppIr3>#Jmn1*f)a|dKi9c3LNx78_$
zHqNto8r>Ho6uG8xlNGR^w4YoR7dRY;U_a^?
zPvxK?@>+#H;<3MOBb*fmap>Jt;M8&vg7iy8+M9-2PQ!1@Uqr@u?doBQ=u@PlIq+VF
ztHgNt3^*f&Om_PIqayqV`$fY&wqJNS-H<_dL@_#%W$kdq|;=
zr8B)v@D1+}HWBzSg+FQG@Gem}b6VO&Tl&Kofg-fG6w_yHqo3eeiqa1Pf@cZF-q1nH
z3zGx?g;m@ayxQX_j_`rrI#eUmQ(UVWo}_D8d_J0B5o-ei#O5P@HozfKYT?
z@lyL)BtM~`
zUqH-(2zaH4*v>R>R!_53JcyFZUS;bgoUjE$%HF6L{<7ue_bKQpOrQK$X<84B$He$J
zirDS1-CH}~aAZ3N>EFt%JxP0;|Rl&y!a;8aeq{}8N&PPKmJjM>e
z4qaCuE1h8MRg9m5qS5dTv;tT9;xUE3$HjC%!^BQKA{FGCW#yP6d=LG|2RfN5;c`uH
zji|RoejLSnUI}HLVS$hjm+e8y?SzfqVU-%hb$c~CHk=}PH^iC%LEhu;r
za=uffU!D;XKT!neG1M|ZE99<`UBP~<&;)_N>uw&B44c*E3qf6waa#v~1_k^ph8#T&
zuaR-rQ*aj!ugE(p<0fKS0a_SCet|-vO0e*o
z+D%isXezEk^w88EUT*NWp~t_%tkYNiBQM|`cv-qCXtaq>D#+hlCgK|k_}>`xd>rMa
z!}bZSApahG*acELrfh~K_naMbmtv;qn0|$)=$Ka&p0s2Bq|o#4m@8*m(oM%u@DxNy
zQ=#?`cf+%a@qKh%3(dsBJ4gjUqOq-1u!|io;g0FRHO-k==#;VS5hi$emM!`uR`q$h
zs$U$lsvlRJAG6-@Dyt37E~>bm*F|g&;PY43LTR5hI)hbmgu&;{wuL8U@Z}196vd9i
zbc7l=aZnf{-%QwDit!5!ZV;;CT&Jo)5DLtUJ*)^n1wyv>7INU72Jb`X%Q(I&WU{Jz
zXi^KW=H-j9UxHbrg+hX>`Q%kPqBQjvr@2t<5}%KC9~T1!fU4#VGj@-Z}|YBV#4oMc+v^~VTGRmgg>RPq@3{U8!gG_KjCFg
zEorhZrkYc?E5cuWPJOu9lJaNGse*;Jl)u89YFlK>9%fGQZ26wzo&RhZzt|R?YPPf}
z!mzVNRGLK_bk!QUoWvl{{S<15lm2HT4+%}Ex=vTe!8SjCa@@$i!QdP
z?|}fRK20@NJr;uBs?d7@O+PHO78#koRYAw06*WZOVhMA*f==f^!axWIx5M=M6a~*f
zgr)s2qS@MLUK4+**e9V0EgPWa)`%n;>4-}#ecZhzP#UcE!g4p=DNrb^JdmS1pgY;k
zun@UO;eH~e;42mMypeJ{_y%Yp)<-QsM&xeA`a>Zv*m)=68!{IwmNUMHyk+bvhrh;e
z9PMM8JPNhy#(`V-)=O<0!1`2jhQ`7>JnZj+9!2;A3_a}GJKyUQDK84__Y}St
z&71V{CV!SMf>>D+hmIR?&7LTx#yum;MiSf?>9a
zj5F(UJ8lH33dcsTy31|7hoMd*L_pBFIA#~PTjBnln$Y!-f?$9JGhKX=ro*|jpUUo}
z*-!9wlQeG{l|6zFT$_D6mEl@e4_(y4_h^ci(WLE+8+;Vku+qH_SSRMcZ!V+?>-+mS`3{Y2MLdTW}%W^9_9|W%m>yra`(h
zzttB0!w|FT15}FZMZJ{WLu1!d-b=jYtZJjY7Hr&Zr=p!y)5C``qu`PI5{}D1$R8o^
z!!&jpBZshq&4?1dV!16lQ5MUh*`)}-Hi~F7jNElH#;}2dxITqHjIkT-6{Dv+>0;9Gk(Kp2)en_D(h@EGq$o$G@Zq_vW*SyP3_3*d@$^@(qI;6y$aat^(=Z{)tic
zCQHI8X82cW%n=TEfgQHb1lXcD!!CkC#D2y74azGbmuum+J$yw
zX4G3Vg%t6MLVu5SGEDPMP)#piWvYV@5zbJG7hu&;4V53KvgXJ_c%-k>v)AXRZOM#0$d~qhg$9!&x-PUlUhvf>pIOFDe
zPM9)V2+zvCEco5BI_#2z)JM!O$e=8|0%e+44(BsmN(g3H^Ld4N80;}u%rMj;eu^_1
z{_ra0{I6G@;vP9az0MqS2K(e8Y@j>X25L?$q*bHdVq5hLS`|8*%x;Pm8YYyCgK^f=
zcj}vQrZpL)4=OZakXTTDTA?Wf<)0LuC@9OXvIPIX6_l@CZOOP0LAmG}`_efC<>wUd
zFDfWS+I;g`OGBKrku$UB6^g^OSZOo=I{V)FNSntLIhC|IrU(}zZRWRG5{8jB>lNob
zq|IT)9ZuT3sz?cp%<5alN=wp(Nt*-uT1shCy~-B+{~Kw;qI=HuwpDSRDGGIqLLV{~
zu!2*Rk7yTX_#$Xcv3V-#d5hfDkXv6S*=L9W+R)_SO3aBwMY
zg_>{{N*YbWBGQ5-{|r^)KbvI&u%cmSWOSdAX4i7+220$pVc^a?gM~+yG1siNe^Tg2
zu{43GyaWC*d|t7+g}~tz4ho%9-F+Lcs?V
zkEaC;>!V_*KcLV!>P2E4P63r|)Uyix4z!p0$X<^p$Ile>G3a}<2WYNUIE18E6?z|_
zvj!p?5`ku|whenX^mNB-=G~!gzhr;6Ofmk1iZkKGjXRTyk#7dHOEG=`l`kEgGaiSF
zzE1h1!cU`)aRczY(g9~x_>e+-a|7@T0yiR7gTuGbgROj~U*J_y+OMf}CaUf9Z|QD(
zt0nza-my&|!i_DvW0R&GRd~OQh3}9<5Pqu&pGMDMPuOVpNy4T%Yi#kiqg6#{)fgzU
zM&FXR8x?*$cBn_0?f)u;eh4Q$xo4=*j@T%p1?^Pmr=TTPpP?zXX4ysFuh4&nt}yGg
zSX-rPLHL3qd=vK~|GKb~}gm}~Fvg3Yc>&*h)>@5T-(Xjt7xgnIr4OMjfmm(B8cg{HDFzf}?bEDN*0%j<8p
z1f6789o!I``5fiq4tFa?ccmU{@Yvk1h(8CzFBzaq?J_OLGY>2Dg
z`)K4c4!||Cg+@Qhds`f;R_>*FSZYm(#@Ypl8D!)TZ`>RshhQjSaTJOq?~rjzY_-7PClX<+en4IDT-Ynj-QX3a3{fC
zCR|kzRuNOFca*Efp6knO&FP^QV}L*;4(T(QzRzs5eb$eqpaOG$yk}il1peO&PvAu9
zth!D1{oSUsR=_B8nmeYXl`cL+Guvosn02U;yD04hmYNxInG$}-&%sDR_4tB#4BR>i
z`hsXfm{Fy>jRPrcYV3uH{p@`HXrU$iVILllATd9LM-I-wUY9n>MttpNOB2L4mh^&O
zUP0u{vnQn@m7Z6Wq*CdR3QZxE=5DbS_@$Bvw96HALE`4;`qmp3HygKFl2VGBhZG}G
z-2A745(Zhs&8rGeDsIwmu~jFC8|jjZ6n?I0xnB{JPRqv?`afY>9_zAwnqpc8!xo+}
zVlpk~DE#keTE4B@(wuBsisJdAqWlTIsx;DtIkIGsZFlBOT5#rUx5fMy>&A135YWTw
z#Bz*>?Gn_hF67GslO3}muUh7~1lp%mzyDWF2-{R;hW6hF#)6I?fHibdE7!V8M<
z4IorOfM1I3p)Bde#(lKpR!iV1Y;p=&f_lyP8`vi*jJJRsdr~1P*IN|-HOA*aY7wVZ
z@iE=02;Xf8V7XWbkBT}(Hxn&>6k^e(JD*e(_UIhTJ7#;9BzuJKD)?jKM7q%K5d``h
zg~sh51e(3mHs@gM{-V?K0LKGD)))g_tWZdOEDV*WXzUZ%dNl}p$;$B0
zJ{F0)JiM7bO1o+-BSK2E@NC(`9eBB_zlLq3a5T$BEV)W0-iWLRlf4
zjh?y4Zs~+0b}QJw+zIGD1tl_zARJNz|K46`{+5CgWSmg-M};S+s{9?c$%$0eDJYRD
z(U7lEgd`h(S@Pbc7;$DMIXAgap<>CrgJ3@@Xf#JBr~Mk~am5?PSvK^)Y&%jJI;Sea
zg%~>b=u1froiYH273X#6ewd{db{fk5>IH><9ZZpIeXsu8t#DjQG`tnD9R9oP6m9u9LN;tjg#DToB^MaNi3+R6*X~iON_u9{Vq$<
z?_Hkd#V3r+n{G}sINlW>gkS^5X0pKVjH4BPIdkL`R_ge)7LmxcUsO;Eu05gfYfBZB*f8PR#fp%GYh^^=rWi>_^gRkqJybtZl+;5td6#X$xrb`2q9(RThUz1V
z@J5D8*1wt_OAcS5s5(OvP7AY$rR#Eqo{lxh%F=tILX$4cTT?*AnA@Y!Ggx@*J`XgXgNZC66Ujr
zg1Z%-$iss0xFYz=7SNLlI`>rZ?ywE_mm&(>NCll!ffK9bRf_)x9qL45_>Pv6de$D)is5R^}jfznzh?Ony$Gp9gdt
zd+IwaB~Ch@)CfY=du-*r$B#vjk>8^TsqeuYQj`n62UB&otv&9rUS!Qh3QZ$`N{@kx%-i&yN!&d<>eaFpk<_5$cOX{fofF;VPsL(#BLUSg-IK>uB#-^S7yv%Ils`MU~b
zt@*OkbVY<{hW=Ke=jQS`_t@6Qv8JekS12@Y^%liolR}fKf$vplYBli3ijrCloVv%-
zH(XOhZf#T4kD$kL4#kPR-3q-6Vz0p4N#$3X<50seQos|6@<}crdaN$c?rf%M+6(wo&4l6Wu^Uf$r
zV)JAwmF~6e|4%SGACy~;wtA#O6BaemLsuz0@hC@%zh4m+!i#VKw^O9=WxhPDz~7?o
z8L*$lKo2RDedZhcsl`HNSe{X6+^`7rL<*=ZwtrG+Qt6%dLE9s#r1v`&AyImdHb#?I
z6yY^6WtFj$74=XM{*FkR!j2-yG=vZM1$Rq#$ZK!9&sO{&;8y=@i_B}dMpfB@3-Kn*
z1HTWq$(Z-QuJ2!1wY495qt!}Z_v!n?O?Q#ZgNmxg5p^mJi)ln=O~Z#RK}l!L5{0Io
zH9Hg~>8yFbLX*uJY0{I5631LJPR}d!!uq-CBX6{yC4R)`^!zoeln;Z55LK(*Ce{Ozp2oPF4Jl
z%c+VdHbE-B`SYFPr!S8tesQf4N=%#ii9a7IkWyq#_2ohZlH@`)nMsi$GMYaVAS6*u
z$W@v=r)GTCRlFS2G|v9Xb)A25RbczuD4AFJea;vOU}ADrekch$C0(v2Qsw88NEMBY
zFp5p2%D~i#RPn+(P791G(|{P0lGj#;^qO3qW>)2|CW$6LOvtQ?XOihsGOMBpWZ8^n
zR^^v%W>tJm$gB!=uFOK}S^RUGp_25&LCWR?br2USWinLc
zJWZJn)kVOwbmtZ=7UzWH><&=$@wY4FH@x{``}`q^^NWxGY?g1sCKDh1l!FK<5qBP@$x5zLfpGeU&Yysdy@M;
z#4eRV#1F$q2v4&@C#enz0uiLhmu6{7=#)txg)D^!5Ll;@$`4Ql@_wOoq~63$F~}zb
znZ_A%NyvNMl#B1E>3&2nz|B$Q8=TTg*~nFjL@A%8+$ofe)KEwthaiaCY1TrT-%l6!
zLj?-BcfPBU#^I`j*R-4_p2hWH60%FeRTmDs`zfP^
zFL5IFd7zSJH?R+P;d7J;TDz&H*=rfXO;tEKRZECqR@^3)LT{38T
zpr4kSPxjY#LW8)gR}pHU288`Z!C%D}4wuGh2`3^RG-C3ZVvA8MlANGe9E*)XoNc6*
zy@mqMqu{MTzL}(eKS@0tbFZ1nvXuDGz3wjty1pBOF53@g3J0=y8y6
zh8YnV$pS-kaWluvLmCbQy2Fzkbh~@pbQ(MKxd^})8Ztjkj#BkmZlZCzs_lzsd
z9N}W6rG`D)#P1I2J>i}Q!g^`ia!lbS%5LH8U1JXNtxBGU2MIHdr-6(vH8*2kAz>c6
z%v34SCBberKccKYn%KmD5n+@a%WE5H45&bwsOMw~BE=m19hp+(v_(P`*ktH&V}
zwH}~VoDeSu(eq4eR^m2D{YavN9OMhRhl(IV4pQ}WJZ{9<22%FoL3e|@i6f!9#TC2p
zUOjHhucTa%-M!rWEWppaM*M6xrRL&i;2^pHHSov=4lcxZq}1c@Pw^{FbPc{whrrPLAPK96~o
zxd;La(MsT1g~U}WsSr00JE*3G=C)Ez7nL65zoz`pAoK4|6w6gQ)yyK8FkDC45uP>g
zaH@*XLIj{ht`?^n?mkGRhAc5io{H%mHd+MQ$wdXc)&>NRJ+^2OrA=UhbC3j3k}aE?
zm6(#p&}oQ{IirxK?Zq@i|M8_CX7IwxDHEBeo3Kzy=IMzrSfcka8S;^63ynno4cJMN
z3-4N!oGa%DJcTiP!58?bSPr?-g!znYVmgP$EvH&st3N<>&FDvPIRsF4D;7z7VmV^b
z3a-E+!o*aX46v9fNR~LhgYPY6aYm}b{VV|raciX3e)Qm1GylrRbz_Wn12^BMoek3{
zB(g;K6?ul-d-EQmYY}A@BZ%9pZRXo7d@I33<*Z|7O+emYNNv+NK&~SUzw$(NgmxsB@AfOQI7=9&fYY9?{hgn$8dpx0$1!yF)
zJea8flNt3`8$Sh?i
zgmyz4$s9s2&o81pXA$_O&uZNv4lg?|1ed;R`)D*)22fJ%Tv1GggNSIvC73HV&K`UX
zhS7q`5V&tbAN>2)Q%&T9yxl-R>Mo-^67aG@?q=v~6A)5lviBMmw^zY%f80vf~=rX*}1K-Am&+wb^j3
z8ij(RbjP=up&UX=+MLj;QE1gzv}*g`xK$HQNvp;(8xi|hfj^nEeLX%Jq?boYuQylF
zqoX+*q+`GEXOg}x$$%sqhKVQ6F$|?b?Kmu((i~(5jcrdU2p$K5omr5@e+Cb2^^yF0
zRAHuf63(f8mGWPsz#*F4Kn3PY1xpn0(nRj{DNwc^ps85?otlx9b(9L%NBO$aj0n=R
z;u8u!|HKW7RDA7vT|kKPY`N{M8m?z@AJsg-wbeM2M$#0SLcXeaq683{!dAsUFQBS2
zJ3R`ys;m>d$W@|Ak5Coz8r{Lw5n|pZosIES&pHbsgWg%_)Q_T)n`q%-s$NQ?`_OwfGqf?VwpF&Y;v}V+4d;cFR=kQ;R1PnX
zp=4zY_ikq41F<5^!pF2Ad6cB&g!tr#_}~Q-AAk1S%Z9Dn^iimlmT_&|y=kC?SMD?{
z&-@U9Zuln@=Bx%nMgv}A(GGU`beM8p&ZnBsHuEr8XMP6T7$2j`ODpirq)~iU5L~p4
z9|E6$0^h~*54C%m+hI)|*kOd+Qq0ndlZdN_g_`BX64TAWNHaak>~tF?z!HWQ{E7kh)O>k&pCo^&9m3aUuA
zXydYCV*|a1YR}?UbG&}z+YYBeUZVZkt;p-#Xr_vT;>*w}P?9t5#ik0z8IQ9ejKUVq
z`v?_ZB`H~9_(Qq{UZN$!yxAaxUiu&&V3p}(@!kb(fyriakk9&6?E3$RGVY_P-tlu$
zh33Uj#W}Q#k>?lo2Hbovf+~zv3-{|Q@O%Q-iJNNtfhYW7@_8lncMd{qB3tZUID-zc
zP|m`YGs?r0%c=NhpsW^M*kuI2()=2BVXq@b4QE%spCpOwgguvCZ!79o
zW$-?ld*ZxWitPoi{ZB;!^U*rq^honuX9fnj^i!T-
z_tkaY*jiG9`1gzd%)wa@8Jr>>oKd*(
zbC4F?LYHBDaDZQdrr#1bLJPb<&}BSAfbV$?LvrEt*PNiG$NsAHFCCu#rAj|tdKNat
zeK1C}Vzb1o9O}SdhyOs9@O%nF37WAUO|CO06YOUfo?oM@xVRRYy^pRs23{MWMTxv-
zcA_nm-A(y}bk${+k03Kz8(;}(rA5e%
z02pVpHdZJLq$#^mJB%eTlwb>ljVI@RZXV=#76Hy*F>^PDf)lGeg#d^!1uX`rT?zxw
za^zu|j!irQ{CoSjEg|lpxUSg_3+*^`5SKN+5V^AZscHym3urMvnOf*Qk0-J_!=#(N
zpRVdLQUzPgA{Yb8VM68hm>qu}>`MsVfyblpc!;iYZJH31(*wEJ$B;{mvq
zH{fz@FU`lDIR0H*xci(VW5h2gN%xLokJd!F;CN0cl+U`;(KDtMPW+1yAqEDuKEuXy`>39oY@SsW
z`Fj}xz)V2UTCgB=syZs;1(Y>l=ENW;PU0ge-mtPt9P++tnu^6d;|7EoxfRb{@1qRi
z#S1whWygq&OJL$qWU^MdW1I^qg2DSiguqPTB(kEGLjA|C4Y#zTGPZ>W+Fu
z7$T}%#wdubl7PvXEC$9A`fXTTz
z`uv(^@>r&@^%&-JYdt1oJ$8-N0EShr0X*O$DHOiqK!MHAoUS%~Ik^ZD&6@_e<-XsE)u2p0{eUfhh?na`?g0adnARzJJ;;rOBw@`?par874l0*n(`bwW;a
z;-oy7bvT#n@Av~JhIuBd(q4#_^|CcMMtRq>)wX&iH6XuqKNdDbclE~4r;KWBTTxUu
zMB}OiWEeVuT%U+s;jIEU^R7dSE?>#}N*vaaw_-jOR7H7MWzI0V^)zLW
zrs1py-_oDsZb#UTOk*K0hUMOwiu_q93$Yyy_w|Wo5GG}=pvAxt!;l%oZ8eJ=bApkL
z!l>ASr!(*#8nvB2L!6ef6sfUz2jTQd;0wEp6LH5|e8`hDeDI8$*^9vUd;pjSB_s=y
z2ysi8iSu9)2NsU3_jCAAv-^kT2XBF4jr0T|I9f@&j!GJM{bWh)pmr`kWTJv$=`kx(
z2-*kN=H84=)F>CJhDzLQa4G}cXqsZ|u|9}gU_Zuyk4EyZ(?(^hS{a`Bl9nvFc$h;>;Zg4V$vv`*B9ek`N~(3fBY0M8%z3)Bh61#_H
z{UU}Oke`ND!XE${1_;XoKjD-muTz9SNNkCcm;(|4uYoFsUOQLMprtWYrEEDD3!ZhK
z4a4At@cGF8%{Cew@R@~+MVD*zSFo1~u%f9+Fr8}VlBBrM^$MZ1`HJOjLQ+(?LBtXu
zTi1A8_p!`66P*s*4xCK8pAYYWc*fbO`z_>5Z|w2d+cn*IBn_yqi(WqN=X?q=!JRmx
z+bKnh<~EbtYhI3ZvWd@aR;z$7L=uu^m>VsZD*$&35w@~~X%Waag&ovvoYS?p5e)Z4#!lw`-ASU@$uHpD&3ik&ul3sdELGj721U#$I68c#apbGm~
zIB;R%dIau86$GPQkf$r6z?HoZJ^(k%6$NSISM=4SZTzl6#`dZdhX&x
zEFIGqzK?rTrEDRVYbF_HxX&u|E18JxfK%E6+$zC_&8GAbq_M@8qDO$lsQ?A3+9G9}
zl9nn`p9%K@1s`khq&BULr%YH;o&hOikUl6v3PblQ^bFY8m#<64=P`vQW-kzg?sLLUZ{Qw&yWJWP4}W`&E((28p{Ee6Z@hO0eAcRLd<-f6lp@@N;>V)+3N2oGAb+GKJ~5@46fjp2-V6FC
zpnzH}K;Sni{AEPMK)`>f-moJSvUi+05@|8oBx0DDLk$Uy5k%NItoK2qKjM4^-?0I5
z@R0#s6>*L-oVSdkJSao0&LmmP_-^OkQI^*K%l^5@U!c+6WgaI@G$$+6xf9K0neIHS
zHM|#YvaEw$0@pFH(`^ui9RK8TMBnuW7Qq=AE>X1B;18KPg7T4H|z4)#qU;Q()pg}xuOCRvNO
zNKVA#3Qi>AdkTsrB7uhLvBS~8B5R{!B<(83cu+AOL!Mun24f(+h@tQqy-}L_M@30l
zNJF_Lgp&nxA#?iSnq>>gH+*=PqWm|6#~AS8By88FTE$YXZyr&U$AJQUXRLKM7bRxn4^o{n=Mc-ZmCY#*tm#y>XnSFLfiopeU)EkW*nxxf?5R@+MrN
zDE(+c@K9W`0BPnn#ffXCs6xY}Sri$aD$Sy_bi^e=xdFj(PkmupB*aDPJU}u%?^4p@
z!nlacdsv}}I+hqw?5INhIgkpC((}B6{IP<9hAn=npmXFv68f&Lv?G9HM1KyXAhGUs
zvqB%iUKMGf;3Wl1%4CE}Mt%#E=vYd5Uh%$C>UB!!fzeA_Zb9nUtEarT&#op`pcPMi@TkJZSLfrB;n
znDj%DnMkJGtOQm@i;!5PlFKh7M5vuB2bnO*i&{b4E=PzvtI+pBcyV}1
zX#cuIu)bG5*%HrhBiF(dSggBf3Y>|1Xo|TGKM{HvJU8*Z2f={#U0y@))^|UGg`qws
zp^!A-F-3S02#`3%xKINpDVwZEaE8x2EI7xtobN-r7r?#Mo-b4~8_OXG4#`+J;0T9#
zo2)JYs1V3$rCj_W!Unu6=@S9l`VeOf^>%v`zNlD97u>T7O$aG0#8=e~
zNBk0nrXW77@I>NwD`;5a4=Ywu;-6J$0`W58{-p4@2`7V^S8tnkVS_3<(j)rvze0~1
zi5YcF=9^Uf9fc;X_(g@jk&16`uvDKw#W>U{vtc|+%$9AhLK6ds2sb>d2v4vgJaLFm
z6K6uu__XPY>9&UCySZx>oUohYnbe`s&tL{a7_r}3uJ_16nmIrtS)%8*Vgi=kO+`4e
zL(0YRCYf>YCo~nIJ=y}SC%E_oU0+^=EBzy
zH&Gj@8HXk~)4|yY&X|zvyvW;yKu05bJK`e3NGd74-6@BY5XRQ01PXT4!z%B3!=)nl3GrWH?f8
z>3mDm522^xSo9>7J97%eb)rQaLGT;XFXHXMOE{mX!f~1oQ~p#li5zDDFgLD_!V*va@?*oWgO+J
ziYQ}TD}1FUp$xd=mcvzxcu;&vvV@a=v(UCXX^?m6n8aHc`~M=qx7U67XzoNTjn0NxHZ$CXq$b+IijE*+9o)}qjF7P20-geLAH
z!Z@5T0vH974G$-UJ*4O_8?98fhs7rD`Qr*YhUrrbZF#h6%d!H$pzyd2nLvL%EOf*Y
z+lIJzh35(sDm-^w!qHxA!qKMlUPI*aUPbfE{O1+)
z3W63bYJgf>LEV2GF+vY@W+M%F?*ud`96(Vp&V!KTwRs
z!e3HQio%O8w{#^bTn2lgV#G}*8SFPJG}T~#KoOD+wlM2Y6(za8ij2!*a7?PNRx9*;
zIOU1I4X4y4aEewuET>3+k6CV;o3y_XctAQMvA<>J+^h)a(;t8L`nz<=y>Ck1B@!j(
zA%!AJ4E!}_hzMsr^Op)4K8vb|#J65)D~a1A2#@wC^msOFAo*;SMX(LHhP6^9GF}eC
zs}Y+cWHx}aIzpSU*#uYO*ayym$0t5q_6b4|0An=?g<3;49j27O?aj9KPuXo9lE%+a
zwN^|ghZW@oET()oPz&7#{*x`D9!ohzZ?WaPG5bxczMjl}!`s7$6d`W2Bn!tE6#66<
z4hN@vg!`XDo`{Q_t1Nj5aoS7G%KA6RR|p3{wB!6!y@)Jivklf&j`W?
z6d^J5jI8HJ6k!+4s+?DFB*s1zRYqP@xL>1?vNNu>UHU6%<~4|;ZNs?>v_hfJcN%_db%d}FRy<3=iIJu$=-$>r-W_aW`2snw`**=V)z^Lo$2(dw
zL@i-jp>j)n|LRuSioXV-FcUtab;peFU&PmpgOzPoq`!4GV(D$%-;~Zt+1t{VVY6Jx
z3Ch)4R1cpbL$$W{J=yl$tWfy=uv-#6f}H*OTNqvBzh
zL{uVQI&QG-iwkotEPl@XHKJzj)HlO2I*ooP
za0_9r$o0)DG#cH}p-3shA=3C(7)2azOd$;16zC3a04p}*+#{AV+z?P^z~E<
z*?%iSQpU+yYbi{{I30?Rz&N5@?@@Sya(zr8I*M_ztEKr>>ns7O4lXZOguTW@#5cWW
z@DgHAE=53{Gl8*4x!bj@6jqT(6rRK?!i&(L!V?ZBMQAm&+r}i=MXbD1czmLTF|hBY
zJE=16NyeUYW!&QuZq$rGvAHP3PLL{1k?09`D{XPvl|(Q9m_ifSKzjBY3QsU2i1zTh
z!ta6pRt2+aCBiYVzR=M*K$*xF9*IoKn}{1aY(MUYO0{4BCVamxxJ{w=13G^Iw=7j1
z<9F|hK;a&9fNEc+sn^1~wL=cT(#^VYLUG`XWp4NdaKFU
zA_D1?Ih~x9qRYyTb8DxiFkutUG#~<(XbTB^CcXKX!V@>?ws=iu6<53{Bfr+yQz|1;
z&7Ad?3{#CWzKG^J7Z*rg5RuZKRE)T|?J}zlD>P0u7G{4|p`XIU9EH1|xBhu&tJmqPTsS>Y)}&z%bA?$Jc$QuRj_bS{&#v(eHJXL1%^DpF`t?a#Yc
zCaLhwI>k*?|72-@S`m`kpMR;)frMy
z#HzF3XbX*m@Awlm@~x%}bE`3~409>hcT;^jE>>5{h-4D49Q~VZqrZX!0rqGf)j|^n
z&8240Gn1!s4^7~Y7_v+rahwlIQPM#LTWnFoGD4;~<+(|5AHnXl#knSGn|oRz!`tR$
zb}!y)tBjMEvZuOQp}W{CQx*al>USyxm2d=zx|1yJ>-ZWAq8%WPMS-ah5ieseiaT*^WhbU+veRI&3rU$r??r0zz7scG{nZ_Z|X}gLf;t!?U%1N
zn68z%^18x@mnT=
zRfcbeVUKA@?9YH3
z*PYxIAP~0Z&zMT%Fb-(TCXUH`vqz4zbb;J*|S6-AT6)$3XRJGFZCZ+
z=zn3ADm@F26T3o53;v|w#Oz+u0UO_8>5uCGSz&t=I{Y#&g#KQU;}Y6RMJ4|$c}3->
zky8{Jm!nKt(WKC1Nw5TEo1(-e!4m0smqO1shn1K|UeVW{8G-BNm8{+fp!}V-F$Q3+
zunXV{1>me8=8fB90Q|=1mvGjqwda?$YD9f^*S31iJ%wC3_48~ZtMywpwb!rNyl&f;
z4eRPRZn%k4Bq1wLz5SflP`9)0w#b|O^n5d2b!}VA1+JEN66KtRh$DTnvx2sVm55)
zGRcmRLI%GQvQmY&Y}p79?n-UgvT4oc4O>kzB$EpWMRAX4f`HML1t)ym0^0GvBI0=B~4eB$&hu(6gCb2
zHv<-Z&>jCo3X)Nm@7(c9A+y8V^ale3ML0vguU_4;6(Yno$uNpV+S#?becQH;8@d<<
z67Xa57J>P*S^09}b;KmL61JG8?L`Ul#1?NjK)&0=SLl%u2!4|?e^u)2RgPJkhshTu
z2|G*C~wLx|SG&$Q=pO9Qj;7OBf!Cf4bKc+eitgwqX^sPiq71yV*
ziBZVT=9jp6briw{Jp^aN-C6t%BcBJN0Zl0&xGCU49(=fwVg+C7D3j9{9V8byMrKgc
z#jJ#G3F=^B8PVFEiZZ7?Sixwuk$
zkjnOPY(a!guLY6VlNfg`iTY@-ys|?!)5?_~ZNxQ{F_WVdPHTXBcK=ApBlN2(IM;r@j#3C6KlTHu1W%
zk%DnD;hH2&$uVnQ1Mf~km^>JRCL%sv9ZlvRmDJ|l2dDM4Q(3Y40(4NE4WH#IVW$%f&Qc5;x#V1gnJ;I+N8#
zi|zGT6F7sp0f{i`s0ESL7GrQ*VCO^>dX93;DcEwHMMa34XJcI=`VH4NXgucv3-DbH
zr4p451CzhoTxf7O5eJWA&>IYSgUIz%!69?Ao$({7c#ujLQ0^lfjF96h7lCFDpB6YK
z7Ffh7#Wl$zNMdvud^Z5Z7@g+_?t~zOV;`mUQ5kF{NZw!~D2oS1
zGJL2BKhcf+lv8(b5P0B-<+YDWpE79dT3E`6_%s3Deqs8-{S_5X<#2atFfwvfI>&9R
zplo*v7ztG8x^D(P0&~JnQjS|8e39EVQG!7Z;=+a8Y4BAnLz13c_Xa!&xDAL%-s0f8
zf@}D~F#*tA=6_5p#IZikx4X=hPxyhsUkrirI;G2cOyp8T)5}E2J;dKzi3I@ktP`@f
zQN}xXmaM2}*F+iETprkYII1({*?~n5aJbPoGO{^5vIXcTjO<<=*|FRWh?E9NX{tGf
z@osv9LpzR#7Gb}uBhrDb5{?aHimwn`%$+P9{tm|e%5#i;U1aR9H)B8D+v7|qp?pri
zS3xlT7vV~e_cBf3dqub`G<7*$)=zK3F+48h!HUQcLOF0>20mF(O<#{WTa2K;&H`jJ
zLEva)0hxt5Oh8remEng0emXnp(*|&99B%oIC}@aQFh?AbsEx%pm393K_qQVZx0b$Y=a;05X(0lX9uxZK$uCW~{=(vXbWD
zD~EE0|C*Vdr(yTo&-oK`PGiEEP&U^ArM6%4%JAU<%NrLoar9WE|C_@f2e=4-(jQJ+
zfvgJdZO)Vc(G&1;N^heX2znUC1;wm>cO5eQx#bl!&b_MN`KCqil>^A;6UYBXB3&S8&x8*-A3;8__{0p%`8aa`9^@uAUj@H$sDA
zDEX^93c)?AD93H#OJ|U}2%Hw;F~z7(!KfB`Px+odjnR7c|6}i6gCxnW^RV98?cG^`
zz`|I73y=gj3liXR_SMzT>A~y(^Qa|yc6O%OJ)l8|ag7o8$=DReXTMM0ezg_k_LT3AiA~
zSS~W4zqeIqmWmj62?G}pI-dffjVFKA+;&&_%n+ic^fLGhjsk2TSu(V
z|EO2F_2lCpJ^x$g?;IWS0j$Xex|2QzRSyc_?|p6YQ(vXq2<`)n8>P~Ij3(_IYMn1W
ziBYadC2;#umd}YND9dl+4qm^k6&JVs?RxM
zAO9J;Rf`|{>BXn_IXBPf9PrLQ#ky&9F^l54Er$Uul_1o|ub;yMO8oj>9;ztLI
z-~ZFH6?igHYJ6%WbMar88eW8^=6zR5WO_-bfTBJd{Oeq+55Fv0`BS&q#`P5VXRmOl
z8t*{>zHxu?Bh=luu}^19Hk7~g9A-P{)wwNbs%O(Ya#~pPzcXKHIu`aiRZiW
zCpdkrUvq2m?vwcW_hZ1&c@_v_U%!qiW7t>BVR`jE&OdqVn~R_0jKJqOBM|l<%@99}
zJ02{)_6?W__(mzjNi7T!9g4Hvnh+`LG7^SZbc|G;1xyvR$q9Of*4|CPn(
zIIRXesj_T~Sdb6ny-=zC*B3uT#rhf)D+cnNd+CEXEg!nD_yzFDg4O|t1yAxr81RC1
zzltlI!?!51e8(T+pD1hLD<(04;LK?m^MpQtByTXy~NKf#aGI$%p5d-BWIP!b?Z{^Yq^;6COrpf%*V
zuOd+Up${*p9K>xpQiQ@$kWc{0E0j|zr0bYRozW6xCx6W??U|g{%
z0SiFN=8r6bgZ}-P(5Q0v(Qkb7{Hy;kZ4f|l2$KNj8deu>K_bU%2~76E=e
zi{Jz5|L>eY`=kF2(m)3UD{dxs8|M>cq#g9M!@146SCgjO;
zKgqp)LZ)6md7hBSc|;NX?EI7Ge*7bgAOAJ{6|j-Snre9Ag`t6e11y?Pi$#Dz;K1G2
z#QPVkAU5Aw1$<)70;WJb4c&&>0SL*jz6x*zVcRnd+dhbe0$^0&?uSBySHU`uiVXzd
z8E^gnKf%CHU_~&rUC7!Q%Ds#gXFy=g0zI3@zlQJRScPY+ScUI<{7sGUO2h&$7smoO
z&J%7cjs-44pg;cjmoP2?bJ6i$n6{!GC_`$8r`^Io=wH$seG;RJPZ~3b#lRd6&tjZ^
z?fk1iu2MmS+6-u?BAf9H-r=dor!J5Xn*lZT$!{;dAL02Gg`;#tAu1Rl;0a>_6=96Y
zr?~*unEb27Pre=eeK@JOxY(EVRKyj1`L2wO*gLA|nH;j?_
z2Q~(Qk$Fap47$_5=l?cQ$diaj#M*phaqG5P8(&kw+I#?}|1sS5h1-jteGkJaerfUI
zOk;D4#s(!th`*jgpar)bE-_7xf9;IP0W^<+9GE?SQj-JWNSPcc#7~`j3H;v(&uDgb
zCGOBC{O+HYzyihxX&$z?5y)m-K`rwH21WA^7k{wJ787Sc28eG`pTkByd;WFxRPffH
zgdzHrj&6AYbxZ#Znas-u9pJou?EG(I$RsD`eCi8-1bKh{>*xu7e(|xb#dF`m4>|t@
zbF|K_d}Q&l?<`*Yvv>|fdNe}kdq;~eqUW7c(d@T>51*`JiY!9GC0yjQ__KjOH^sJb
z%$F1^BlspncFz6uqFnVrC&jp*5;S@Y-&G|=>u3js@uw0S{<4JNk3nA}bi|~__vzoh
z+W=3j`RRxM9JT}$W4!oR7eDjMAo9E<|9JA;
z=Rd5v_0%}B7t#aoAI|7pA|gf+_^i?
zDq6w6NS2C!d7fYAU&No_Uw!~r{}!KuxBfw-bnM?>_5KcE$^HBV@9)ohf5!z5ejVZC
zGYpvlsPH-f_%U1*$PGHO5i$WRdj<}d*v_vllHGmjJU~OZf}h03b9y;wjXnrJgD3`b
z8Ir5`uNFV{cNag7LHC?q`te^|eCBV$Dt!QJ_bPt$fHvy<7x+U$onQSU+=U|t4?c$l
zdLHw-aq;JMSoV|O5(@Swa7YM6f^J>^4G|!$Lke5X0|CR9e}73lJ^q}^{|Q`>o*!XQ
z{r4}+a`NZ;Z=n9>I*iBpbN#o@8hiqw#Pje7@f66Ly@db$F#h*x{O^S9xdW;9;9Uu~r1+brA!&Dw|pf{1&#HEnB
z#IL*$p7rJz7N7fDi|_l}ix4sX#&h87cnpIVzKeBcPhxeSKKJ`&!leB|$-PFPo2>+^$T{(AS>Wd8cS!bW5BA~%gNgt&HeM8#jRj~QYZ|9~w1
zx9nGf4CDG8WF)kHKE*Ju#gw^|4fHWTX@B{jlfv&~--ZEQ`LMQa=tKUT{X&SzU9a)v
zD`rRjQ&!dfF^55cGx8}@e4*bd=DXGJ{HDFtKLFqC)87H-%9pgoLqEX@VRd;K4m6>=r8=P{RQxOEPmjR
zfv~F@`;bU<-edrkzlED-&B=)AQPyc4dj4bp%oKu-{k;8cpK4eyJd2%MAdQ{(ys3o`e_j)Zg|MSOIakK3FkvxPGTHDY*W60V%k?`TZBo;$)g%b^S||f@^QW
z&c8I5&9+s1P(<#l_6zfHrCGASe=}JIRmgwl56v5=7&G+KU$vj6s3KI?{N-!r^kyb5
zXbtB-vY-DiAEJW4NMh(uo&Wbi{Mlne;)lKrWU{gN{x6{P>XnZGO#NeM3XJkI
zk*`biHU1;}(Ts5*dXIl*zYVY59|xk>`gyCes!eV%uhBFwnVssTU-&8eg$$jss_b90
z+xm;J0WV@}E@9v;LRB+B0Oc-Rb^9gSu%-7FK`*yqcop<2-}QeO(fJqHmJ8om`~kzy
zrHcQe{gfSU-bg(C-7EIf-^Qm;gBA81LB+=aDn9k(w|#Tew_p4xxXJf@XYu>ZP1HgZ
zF==c6VLtJy?t754RfYfO?X81H<7@WQ)X`7{HV0{|eld@SDN4*X!b5Zg66iQn@@p+8S0SWf^|HtqnmpJzdpbw`GeS(g%s_xhS
z19RmpG089KG1n*f1^YcZf*v)xKKeFVn0t&Cq5^Z`t|pWN%-^VLwE+0i%o>}oWufM`)R7{
zRPD{r*iZj+*qhb&7FU3PI(tKd^egrYe-U3mu6Yf^WqxY$HOHP%j-*qiqkslaHE}QzcbEgQs7ZL4&8yHIw~HRrrFXm`O9_=wAP$BO?nzE_waV`my;=
zW{i$1fS|Q*Utf5eP!_lBg4<3bPqFM`2Vl1G
z%k&ieEBkS(C0aklAb3Mlfw5&jh>=moU(!!sw4eUh$xn4-#JD>W_;-}wJFh(7mb3bi_FT>fU%I+omd4{u1
zCG(aQpT7?)olx(T+qdke{}21%zOnc{=71~X?a$axe*;f;?Y+e>Bn0zU?59DY{_pIk
z{{?69eP{7==66+oW^(VSi&)6LqwaDs_l|xik9$W?$t>=jj|+-$_-D;Nq(;5y9{z&;
z^fywpyDBGNw;yMTHk8Os@A1Mfn0x#W*bOxNy<*l(HUI1O)3oN-%WJP{K$KYcg#bp_!f+b&@C?H
zfzf68o?kS}k|JI<2f%)s;bhY%__F;xix27L|APHOlJr~O?z8so{t%0{{Po3+#LB#B
zKm8TFJ1VSinNM}YW)a(}aQ>zx7fCU1=&t_KpEvJb#MPv?`1+v@Zll^SyIF`xv7F{p9~ld_v-i=*xFjZ-L=peW%;%bjOY5
zPPaYkbZ?H1_WIrC&Yj(*XzkwU?e4I-fUj;w(ZTR2YCn9~SV=GsY;Egh)_$zjKk7D{
zH&>g-`~|tT{_w_XbI<+A-tJPX(`k;!qw%$2X9ssa?v9%~Z`|3PZbWjIMq}Bh71(O;
zP8$uc-+!y!+->1M&BUYfsW;`R?}2|no_u$@hQ9Rn+o=b|k2_tkEo|*BN4OCFi%YFe
z9<&adJG<-A0_ZQgeCRiJr|ZhnuvO*Zc_pt>w+#=_-jKws@W0MudMimZIHmzuTTRCR2H6e5K!=OyutNJ+PN|
zcdtix`R{3C#oi;=@Pw`26t|GA
zykve3@xwk2%f$4he`
zigaHUjnKTg%omJ&Dvm2)mbiS`or){eb5~!wAb;pf8D*tA6mNjHCKNL&vDPk5=&C$;
zLccc-y3;!#`{5Gc0Y-=2acepnUww@?fR^(VMg=8|rP`ftMq3^1A9PSse|U$Wv5M6_
zI>gPRJu0u}Hf|l#Bl2_iOrl?eBE_5zY;?nVAO6+DB4gdM$UC-RSj=r6#{QdiG-~0
z;7?JY&Aay^T)Yu)ubS8f&JWpwwuYVV!{%GtP@h%!p@eP(-X
zg&sGX_aZ15Jno7-ZhW9~c5Ic$*?gC$SQnerLuRM5iogneV;RfL1&~8;cRqQIq@!Yg
z69&yF`#Hajv%8DK`=CVzn0Jm^eGu*Rq0@F@fO}IIc5(ql6PR~7SY@<#C3TWg=R)7Z
zr-AC-$0?Hs0T&M+4q7Kk3WP_7q3({aOzw}y(+l|5Ro!wYiq)*&oXWtuTh~=StVcG7
zk`p&Xm0VJFc^2%%zD}djA3bo2YDbhR&hp_Sm9#xLmEw4{mapu$`jhTU7wAu4zU<87
z<;%{CyLhqqQ?u?RRE%gCD10mho@`s5&bWL|L8)D#pLa!EC-Z>fs$afreL?$V^5d%)
z@F?aibz0Mw%0t5Z}LO
zmoNK1znH<7E{JWUDKyTawT>a1c>$0A85qvda5B|jtnbRFcHJ{QbI@|v`XIg%iwfD<
zfj6&v9Cpj~FlM*B*=#Izx}L+n0vTL(PJ3CKvDS{@J*wiyiB8B{&|FykeQD5oC`yjM
zYfLTK#Y9R}5H8xo6)-7<*LD_xo}{Q8Yn?p(Sf|Fh1igJMade*hvml3AL_ZOGiEjiQ
zllO^P0<*4RQz*XKeyTHuk}+HN=Lhp##2
zIuqr=QE#kudbCUAn~P|xnz#c0f4aOr2LI(~5VhKE=mn?4;ENxerBPagUp(nvUnA7f
zm>I0;la-bBO-O3LJ3N@)SLY*^`0&oGiV|g5gqXC`JBGi}-s>LphPw940B5?>=zg~k
zzgi-mP{4BwTM~|VcJ3`$pvr54p$~6Tk_`o6vQIud~
zY^)^yY25($tQv}xUCvbiAB-g0bk#}f7kJphgH9VdZ6H7w2M(^=I3ly31XRu^WuTH1
z0R%5DheLvZ-os{pK^=5hMo+0|HYA-uwR1mCFLbdlc$je4myt;t3h
z%m931?KapU2Zu+~?oD&DbzPSsEs8BgZ+9QTBN`ln#S(as!bLuc5c^!d%K20&FcHLKW_l8x=(v
z$_L$cqXn;eFz5~tT9VJR11TO2Tm37b*@ROnCLv%pl3-f>e%MPF_CT+D^)v9B)GEQ{
z7Kla5Nr71JT=1jNW^AD-fTViWsd2rw9aw
zcM$ME4&coq>{gez4!m3LwZXNs2W18EKpqy|fc;Nm%@)U`Yapl`E*Mm3yBmU-uJTqy
zGih+Vbv;G-SSFN3yQ|((WZ9cX09F;kHGpbkBbJ!!N4-A46`Lh_!`t`nJN!L0f{AzV
zzH?&P0Q8)AXhAR{aNHsgKs;?xK{>iy%ox7F>*k;bTm9x5=zn|66ag9O9SlKf40Qwq
zqJFKSJM293xzHg!$txP1z=JxOB-&JtO<*lV+}?ZoU}cT<;ce
zhlBo9r;A{A^hjcC^KfO|1W}-?(2KLOX=S%e7Y(pBl#LB%6K;LslEVWw;81Ha!AWmO
zvZ3%PCvSsSU-WX>M_t!@n0!WBWF^9PA+IKlYXOk-VLc;Krvfe+UXHtah;58ZApqS)
z182DOSa82gmI*1i2fa>LWL94*vDNtzoKyT`qkFaX;BLV{5M*@RyTM)5j-`t@ZovwQztq_n>QbJ=%otlHE-zc*k?
zz9Rsiby(fkmZC3Ubp>t$(m;SD11jixC6cX8aX^__<=)WGfwN%<@vlgjz_)<860Uxg
z)DsF<8ogIPRF1O$XmOq}yKnj;0a0=3Jt$M6p4;$3CFg>?p#dL~#w-l$xbM(S7lVxe
zwg+n?sUwGihJRT+IhNw2gLXhli3%O#gV~Usl^Xh^vUve!1^_?}db#O1C*_Lzq_U;=
zBH&B}ld>Qn1Y$GVy&?X4xl`-5Lh3q@!HR}adlF$FM!O3$tfExb@W9wBNPZv6a|{vL
zZmYEf4#LqK_;0rbtm#c305MWqXUT{f3lmO2EFLn4#|XzLkFaFGd!Y-Wr40rQ8Z02$
zzt8{lc!hFnED{clBRCc=fovyCQQ}GF(2+5SdFPEdtVoxWRdPb(iWZGGcd`GY!`1=E
zkzj@o-8Omag4>E>$R2esyIRFvf_^w&KxA~KKN=ofI2zJr>UK<`l@X&u96NT$%yCVg
z9peBf>fognZR#%b0YDc8D>9#4lnkGUz$s{03Z6|0Irlde8@SRx2zHh2_G=RvJOMm?
zz1x}|Nd-{EAuyNVk24~jGJ6X&KX3WOmokd6?oidCUXn761M};wt+RqKud81^wx%=S0>P|+vKUYu7b(ABp^`lpUVdDnxml($`1Z*f
z0Oq=+mdZyp9b&mk6veDasCc-FC6H=Iydb@Ax&rU=s|!g
zk^;9mc@b>3RtUI&$aKo!bzvVh{VaMHaAz`ogprt))Tgd8ZYsYWKAJ9v=^Jim6j=R(
zlKYhn|6PVqAVYXI;-a|oicM4ZNX`di@cFs6rJfnSIlPh5M8
zS<#~XQJc%UC<0m<@tGA`vN^)(*kC9=6cxhKB>A~9#!e%QDd|sOd(^2hE&$84P%5Nu
z0FB@#37D&#^{6Ou>bR=0e8wZ?r<%W4aMZZ&lf$1_?_iJ+G02<*~LoE;_
zb!WHd<@u!jPo%H5lALUY4&r{7=sLi;ar^#w0fnJ)WXD(Hk8ayKav9p+yas6-2bz+%s-3m5q%1CO(4JM*<|O+KW_YW4ViT
z531h)<)AJ3mbySTm*=7Ts+zKEZjCOE8TTv3kiDwax`h)F_B%%-g;?lNs>nu6D6sjd
z%2D5l`|M&T!E@_QG476K_ITlbYho%6`5L|{YXq87=@drs5cnndO1b%=MT_s1h72_Lq*hb#+~y>gI|?b=t<^hQ^c$ld|l#OkOLw$5ic
z*Z>!1H)>dUqbVH9Tczi0HlCTW@n|G1#u18^qe*MfwS^??G173;Q((nx2R3_5MV){Q
z!(J0ArxhiX-l#N8ScfS=565oQ8KI(EFvu>_(-2Ygm0*2|e2h|}!|7N%
zsP#>Dw@y*D;bu5hlInyV
z&Bq_>MZGL9jUazSPx30V!#<7kdrWT>7%rychx_9J{zQCpC7oRiq1_eat_g1j=|^}w
zroacr0HFA09OPb*!M|Zurs#>Da$|`LY^ycB0Z*F@@WDs1wJjSVN{Vx68#&
zuVX@*9|Dy4)|52Z^oXZyndP?{x+B>bFSWg}Z>nPeFbtymqoeTxQW4!D0~RUgOKz-#
zy`Ye?HgnD*z7ywMRxF?_(YxjXM19zrg{ZZ>#rVNiE`&FTbqwGGf}Cg}gJ`_@H+Iui
z-ZJ-KdY${zd^WPZqLL=Jc1?DaVGmws6UKDfRVK7I(e~UzCCY-BRs{F
zQH0XD#sp`AZf=3jX8ULinw3X`J=R5*3)q)iQ&j7YyCA=t#I!=DGHTumK*Q$X3PaQAhePwS4y@+IA#@bJ1?642s->u08ic!
zlvn+bs7Fflt|}sl$Rq#l+rE#|PPFbCLK#yd2coPlinzL+8NR*4bv(&+6g0M2Mw))$
z#hiq$!5p+)KtAro#x^t%$0+06Xg{}fya~LWMHzbKvi`Jks`2ohG$L;!)9MPhs&~2z
z7+Bt|iS-)arA7hPI5eo+^dnmZQ-^lOj_-p0$MCYiaN@q>E}P?S9vuQ?oX9TEAF!;U
z22j{DOR86WGieQmU}@Ggt!x3^!_u-|c+eWZ4LzLD;YrWP;;f!ma95myNNWgL1jS#U
z|IO3@pa?d@DrG69ydM61eiRegC;XbMPPLB@r!LXMH?Oyf--~f%;)5w34|wCGl1P*)
zgxwa1cB;0bl6lE+5M7c^9E54nVXL#2*vSO4AE-Z*MUfURl3y79j0|Fg-FEJ=UjCF{
zFwRuOP^N^ujR4r>D#E;=c+*uK!BYlefrB8$yr_hZn?&Li653eB&Ed;=hAR}b$xX6S
zru9hxodFreBzZ(kvjwvBf#v)$W<1;*qjzc!$V=_K!@0~q1G^oxf{9a5dc%DvXqBD6
z3I*$yWc&PWejr{-()TnUK3sr{>QhPPp?Q|eEXRGD?cNzF%}8Z?!1A_xM<>9i*GCo5F&W6l#W|QVGEa+zI~{?J-I%iZz#h^ya7n4vo6c8g(i*k
z9{i7l2!&O@2}|FV1TViI>-xf9ko7tnqzzV&6wTO0(w3n0_Yo)=SRJ2kY3Jjs;I3fd
zVvdT~nX1DXz~itAO92%Z6I!;44y-NX#*QmqDL
zpla1CsXk!K%uR6HOo
zh-=1RIPeO(WkH(2`J&}dpLNQGU0I$?T3C|Wll3LXz`?+GPrMIzLS)z4o3MXN|0a%h
z`MZmc3K<0Bjhb$~+QGtJtK;SdxSRABCP#a4P23NLh+`a2x%;VDb27ZOI=imG8@MGn
z5wniHfR=2BFQz;sbF}~4sMS?vZA&&7Fr!KtnD;ei_wg{2wVQra=?P}4v|*l{
zih>$+97&kYb%6wwl0^j?PxcfkY$!tg4jJeIPZN}M=K(UcYsj0xtH5HajMV$SkLeJD
zJWNMN6^ov%ex$vj3&JW3sj8Z#tYb<=)K-}KF+4Qi*;~wjpPmvM=^mhWJ{)Of5J7dE
zwRdfqA>w3V;h$XZf}o)b!SYyD38;D$AlUo4*(PwJE&U%BIyK5;15XomNBeLtr9ZtM
zTPU|QBxFSvSOmw?$p<1DafqZgGs32^toH7{sTtd5As;ytS#FFDQZ{?zkM-5m#=u9Z
z%Lu3fWiA5aI;8p_bp#8Aez_5h`{;tClKgxFO6A-;yau_PKEjpK7>fb4PovBv9DW;_
z4{T+bRuihK-3LsoJum=|EQxpALc3a#Mys!F0p7&}XSv;M=e7QDB!DeUIgSfcuz_XW
z<8`%p7=K_SpjLOx$MSrybF(+W9Fgw0*QO|{Evu{aIUf0vFja-;#Ae0wjDqrxAP21o
zAnl+R-gy9wSJYFnR>9X{i3dzB4tYs9%X>e0h^pG`;
zd5D^GByIFlUIc+Vz(A%ZNB~emiFFTgnq#fQObulBN8?ASXaeHn?SP{P7Ob|4&uWFi
zH?^U&4}1*?XDRLRznXHi(w-bv+lu^&vllk{v%1!{Y|=gIO?>Y(Z$pEp0wIAJXhOcN
zTu8{%Ua5D+F-jr6v)oNCB*OsQ8juj-L?N7`Zt!kXQ-1;O!;Y0*@wlz}so1S&QCROO
zGmBwrAAOJB(-W*-(l@W#*xt%%4FLT!P7nPP^*YO#cYPvs1|E~7id~Y>Ejg5+S8xwR
z^YL#fI5?r<07@VCw6
zI~W7>dAKo3ZW;4Pe5+YEHZu3S`_qEG+M4XLf`kf8heqk(yb7*OV_B$B`k2H7CKUFj
zs*?llbo#Xd83K4kwPW1%qGfz9bZUe88Esg${7Z_WrDg)hPb#Kj#aT~SWmw64H5@dC
z>^uNFGgMAOWv7&3o*R*zB-vOIY|U014+c%kW9G@_DXJ9-n~<%F?to0l7DEfei&=N@
z%=uA;K_K2AmruTc31tnuzI5@-s+(&PSD#-c$a#$fY6u~P{>`)!O#zsOsuD2##
zToSVu)U$E{auN)2FU11)$$c>Uy-k{^{hss(3A8nL@ViQ|(i91zrmuZpU#wBliGTsO
zQ~b(HHGUcEqevUHq<2C*uh{c9s%dT+7vmM*sRmDbd8nb!n`L7sYCUXuWd&M^EAihc
zJ$IZ^CsN_j>+S%*?T$Tmy{iCq4$=5H!EiL)PVbS*Z%Y{;#sQNgq`m{l9S854>u!Z-
zOgt-gT}-!$uvh1e68u60vRICK;j5gUSj2vcsxxoqrh1UJ(kL|VPzt)?HmUcvi$?|8
z3G%YhKE^|h#;A_Xp+-Z7N&0OJ)RfBx4U#x^D9KWqbuhXotQve_5ihn5Ev)C0zI_@L
z^y66Dot678<_lWCBy)7-*DZ~oGfetZeeskdUZ*}VZUHCJ875b`dhD;jmt=Kxkjl#0
z6%U_?e=}6CL!E6(dd0DypuPn`swA2b0bptkoNwhDhVAkFK0V3_lap`o{MFskNSo{l67ftb}*aufGc
z8=f&*VJ{(zNyN>&;S)(LyemKBX62s;L-Z+us&gzPqMFzFP-)J;L)C+BFw8lFE`gS+
zPa>9ulT1h68NP-5$99tb_iW^NnUjKuBb&Oj`?TTl5WXU+GSX4NxwQJG4xhzVqp`9L
z*EQ0|BBy>I6z@_*(2)Nws{!#A$x}w2ezoeCkvJy3&~C9z35L7DdAfK7ce=s+%BYYe
z8w&f(OxjUTCnPB3oXADVDhqs!Sw3^lWFCEUAWW2goQsm$qL%G8-XK-0hKEM_4BF3x
z;-+;Y(3yyR4yGuK!`)3u3~nCXT_F2e8NE}&_$XQpM>yx_E3iZh%T
zld+{(xS|5+n1BYpt(InJJZ+K+71Bjlp%}okZslXe`LjE5$U@9#%Z_KZgaP^QfL)1y
zS18FViH(^JY2pd*L=tuqFB4FW9nPmZs4V6OJ%eI~OdYU`W;pog-)U@&S)7%zF*;j3
z`m+&F4L#X9C^{-(&OKR)X(cSQ4^PU}iq;wmmm8RhOsRUR^Ovn_=3dHplXDYudTs?9
zbG}wygke|3>MNYx48j1F3^m5WN?@l0(PwmVy?yrFv=ckoMf1uX#+BIaeDBTh7T{@Z
z+eA<_Sj8xjU#!!XK_UR?frZ{C9FAlh1*k5!x=nz$LLAY3csLp&5N<39%5ZufwATZf
zSol-a|9ZewPVr)OR-Ogtkbx8?zR%IR}996QWJTWOCr?`2Zyu>mMpD%6AwzjMFfv9lUEM;*#hgobSATVud
z2n9*COSga;(0jU+CzSOftegFYk1%@r#+G8^C`U4*+0LA0*;)hw2Rq*(;PB_`5C>4v
z3lirCxJZYy-nwIS7VbvJWK&gbUZZSUmE?l}2~tnAf=-~E(B=o7B=-4&0I4RJFIw2y
zW!*6;rG%}<2XihvJut17gWi;9AOy_$r8;5D4c7ux$QZ+{PR6n%4}6SRhpKr`@w5m8
z6Qj`LvfdKJ2k=`!4uJ*fNNe4Kk?sNhi)p*n@LoDGz7g$B?(UI@NX?S>NnEycR(4>X
zQA4y3^KP!~JHYSM5y*PUZ&{|;z-#$ZsE+J3MXBMJRlss74vLpOVUmBXJvzeVPqL#U
zV3B+^>PAsJI&7Oc*{;lv@+yhTDKRNmA;}*Q5x|kQC0U)R6BMrKsYa
z@#>_EV~NZ>^lWSzv`9+TM%m2z1`JMjjBa7u5|&W+NtI*WU&+Qh2$lq%|~=S8xR03rAsr=VqNK3ZT#RH^pLw@TF;;_@Eg5p4?Q|x!3;I772s;FrP)3B
z*BDVcwY&=cb!R#X)!+v8X_(9m^UdJ%y9Pe?7B>8nm7c(M3y2;wwsv_#Ytz3t?6oPC
zpmIO#?vj%U=RQI5xkK;_6>D$t`O7F|W$PFihYY{z1$L*ZDWhn-7lBi>x6f{D5xcXw
zb;6{%TZ&KW^67{=xuoXYjl@TZ>w;Sma6+>`z`mYqbkP50sqeB6I
z@k)v4J!lr3Ugr2?8KR($By{>*;D@cGsnH=9`(#aovn}f`4Psz|Ek1fp0BE9H>QZE@
zKz#ksSRZ%WpvD-#J{}DO>}uYDlG=16G0>@Y)^l7*HiLjwVvl!UZ!vqMqjt*cfyR1V
z%S_e`^sy;1y*z!OPGb{_4vr1b6jcUkImwUER>{3%HArDBiWg%TYUq5XHPZ+m9@@k%&V#}dfbR){O{?~=pHq*&tW6pbd+9lw4X!ssH
z_xY@h<&x?GB61^;)2B#H=t}I5M-VP8z4o3krPA||QjY|g0wi;b?4YXh
zWFbT(w07lBqSm}h!p|RHdkBtjJCa<_WU_Zr-64cene<39*CKJVqdJ%sC6uj%l2our
zZ^CHgD+7)C*i^5w(-T6S<{bof3OHS2
z*Z~w6n}bwI)tZz^IX@DOI|3KI-<)EFwGGBBNQ>|oS&LGKs)q!JZw1)NtPx_Py!Li*
zTHCrrQ@NC?b!s-56%iaE0|(cAdjG8`M1l5^vz98-wM4KAg6nD2sls%{b_EQCXt0>U
z>n+?cUKKW=hfzwAp~RcXN;#Q69)w0hnKHC6L0WWh1iK_BTkA6Ni?IzTAmt(HX?
z^ps5s3h|`qnC0{mQxPU6s1%bY=f-OABzv9FYql=Jla*A-npU@H30kr!PpTQ%hy`IO
z&3LD~cXVK`pU}lY|Io&TzB^218H&OT(igl=a2{|_>sDEClTYTz)rHo?O!xjGs;Ugn2nenk%_7)x$6Wx_
zU_&`F{C{QL9$WYuyobVtE^Q-;7mfS#o%?i(In|g6SDcIFAMnPqPY#hl+;lx1esrph
z1vva<%f1^#7bI1sPm|rO#M=asca2+%p!lv6mkvi5mZ_mWn)fg*Z2%np*dX*E#sK|6Gz2pcSE7oK%`#;e!31pz^klLr?n=f5
ze(Ayz(kz2Razk@y!Q>FoovTEHZdI>J*qUlT>yGFt64N1Vb}P%4HS26-6SzX6Ss?Bc
zfRwoWSJ|__(N?-#5Io{C8YE{xfP5kIrKO@gWXn{d?VaYmdp{n%{>3{t?rq(@6G^fF
zvR1Y2tBm)1P;$bq0w(0)Xez@>>Zs+f+$PVNVkHKZpYvQ7bGBl%
z65BnI5Ibs5O{P)(9y={c|5dJTjeROI9fL7b&`^nok=bQ$znh}_8iXBO~@
zMbbyDBMMLHj{=t>&%n|PR0U{T8D99|Sphba=u&?VX6BqMe{GH;Bxb@{O=f$Sge+h3
zUsBzM^E6L!8!6)XraXSJ7v35lL{t0-rnb~Y1$1#BTPxe7|z7J&z#(eWa)$U@QAv~vNJ$i}o-SQ6AytvT7Ce{nN?Ml6=m%`9iplkxJX^xVB9egoj}!C+hb3VGvLQf;7hb999H
zbeTXa_3b#2!O}pofx-zvA($m(JWD-UH)yI|Dlm?VW1PXNAnaB7mC{0V1_x$J$A)QK
z+1kM|tE*{@ZDKokIwpmai41n{G*`JoO&}5iMaX+JR&9~HFyKzMI;g`MqtdLy3ML_r
zG&(y>4+7oaKHjsdlBd|S2Qt=0ny)DW)|B1C)*5>P>m3Ye&@>#o70bk5#j0XB8qXAs-5KUVL
zDQGaYHB~gv;cXi7aIu|MJXIq&m3(rbfmAbLelhbpGj4r1JuI1_2$y3*SV=2N)tCWb
zEGv=dFSh9%4ddd24r1y3)=_^NH6#luojUpj`w6RaO1Xw`#kK`u6E14h2eSHIT|gkb
z2mS7k9*w4Cedb#(M7Kv6*mgMT_u68yQ+BJd$=|+_B+b&WhtayhX-!OPMtmB7HnfLW
zC}b7lfGRnyF?WiwtF%|`>oA&-C7R_|Ahd4k%BhS>mKxm)-{_G!YfR;z`&awIvbHOKAB?3@iFMc
zu|GztB>}}90jv_-$XIl5qv}gudq6>DXd51x1!v1%!{+A(1F7yityioV?*RDGW)3^K
zbOHP?H%D5C$O75o7Bu?Dl26|UbT(WN0>b97b9WzR7d=)+O_Z|YE??yb9A~Ed=m>Vk
zz}2O-B&Vlrq0`$p9X)ZWuCJc!40w_h)q~Lf$0?}6Mu>`
ziJQXGgX_ErrxHcnKpO1b%|av{x_l;_91;NJ4RSt_sSaWy?6LGE?Gz0YobMzf_6%pB
zqN8KWv#frFVUJNt#sGm0uK?^|B6m|o+7icF9$ci1)F)_Ufx
zt&+i-YnUuA`DyF{CePYI%bcW!)&<07_5|353UvNA@Jk8R$U1TU|8#ksDU8t|YDpHr
z9Ulp%z1*tty+Yo13_-@AV$9B#O#-K#xH`46>+-Z>Yy7rwm~7XTt7dDt+=zt`X$RDN
z;RPLirKnh3l)?2o5vRY3oM^Z*SC$}s{^oQ*LCqYu0Q$xIQur}gP=7)KHqYfrmGGO@
z$|_)WDmrYROJ$%Xuj>5u#D{TXYpJ*dp`~?H%Kn~lx@yJ%@jy^CLB*Gdy%H=JOU;tG
zA)E6|iH=#(IQ%csfShpP!&@CZ!!GMnQ)mc4D(Z~#qC>81F<4dBGGN2vM2Qh*tuQu3
zX~6nz0r4KHIj_m!mHVhL#1NywAxfc)qg>I1s=$aQ@}{z9PnAQH<{HUf1;n&rsb?rp
z=>J)~pNWU9yR1-DR}_878ev4QZ{2Phjt%}0NS}UGjo{(t(IF5)=_TKG*kDL+=OIFF
zku@Dc$nH%TxtV-Sv=ru{0#Msz#$|NoKjj`CoDn1
zoTDvq9aZ(@Zrn{RDxIx$d^2Q!Gf`FdW3+#Nq&r8d%811hwuU?L%eg;LqX)7)*Y3;bkB8>?$2
z+7`jqvY(8lN3L_75)FSrL4l%4_Wa=q{hp$fS669YB1;U5Daf(
zOru!)EkXN9JT+$sBwRG%F^>|t6dg#LH^R0l-x@q7WMq%`9~{DinMxZ*!MX>u)eNLo
zIM-5TMNDp=+OY-9VmV&}+3~s$vnq)=Y%Z{^cInr^VleEe4)$D}I(xaZ^NXa%M+fK{
z?O)=I3s|p}dTq3x;Q|E9279m$V7WsrIviwXtqoX92Yy~rCf4Vjl;zncWsI31wkEY~
zzyx>GksYM*zM6w+DX1|Xqtn2rirKN!-KF%*Fxv;?)}e{4LmlnxC?tOEip`QrzNlOb
z0JSL>6V;U-F0kC60!$!TH_FMj(Ad_STt}BUJV)2hS3^%HA$nA==K5Ml&b0B$N~UQ`G)VN7TRGcI*V)!%C*FXeY1vJBigf8);4CZm}yN
zcVtZpKU81Yj9}4jS6Ui@=kH44nV
zP8Q3ZNft8e9LGL;ASDAUkG;xP!@2Sl+bWbrDp>`aHQFKFgj-Z`LUYC2Xg_UJvN^8kviDo%O
zEZ-CuL_1&5S_vIZg$$S*oXX4(3^XN?4)n7Y#4hie*B~8qZY4lsTM|PeElJ0&`jz3K
z$4+_{PAB3>Sh!w<3YvA+5yBfQ^|dOIB)6O9W%Tpe2U08XhyZZmJTFcqJgeq&-U3eG
zE;DVYaf?Kn)CbiE+=wmUb!wL`5?Belh?4-{ge17`w$-Z>Xr+-O)6*pnV79uk!3G{P
zk4i{1Cz)0>A3y^{ks1(Gb)VfO&OoEcTE2XEcgh}iNZYJ^OZr-I^d;{P@!{*;lRz_4%OfB50?4iwmSatdgn
z|B)qd2qz}ZG0iHuWU3L=8{2Ojqf3Jfnyoe}whk~6DrWZ)o^z~@e~gw5Yt9$-#5&HY
z#92x*R?DwzepPj+RZnwbjWV*7(Hf}V^JqV@QL7Ha5yxW7EJ85iz`#%U?GcDHfOg3U
zH%V+&Fzu;!FvsUkz&zLuhE**N1(KSURdIpg_8D+EWO)+X=S5vO;D+cY5h$m!M|1tQ
z9DeV8Qc0ieDRMEGUS5U6YxR`mLyE#FPK>AKp|1MJ91Q-GQG0VUdH_Q8Az-=muqQ}+
z_ncSlc&1!lIPhV+9l2XcdNjOc_`H)#)qL#{PJ>Wmkc2;*|;gQ%IFa<9V
zzZ=99J{0#N1g%^McuQq(oF?@#m+>%3PYrlGT`d@gsbV+l{&X;sw1%uz9igtm2+{F$
zuP?=s0w?y7JCO#|XyIL`37vXVVT~Fa!koR|8&B9RCDhs2Dsq!qq~?VmrYA<@XrKm`
zX&!aacF5w5V;x9j!&WbGu5st-Fi~j@MiNo1b2Bg5_kgKqI4KN?V0A{t0Nm>C!=5Eg
z3YzFbHJ{*F=Q^_zq0^;f$B5STCMc#K%Cu<1vH!ZQi6JsDE>GE$f;bQZT1nlwMqqUW8T)P!BipIB=;HQf5ORad@>0oWkx@7aBVTANwNMJqZJzH($#nMB3BudktD
zc?09m$0~c|@cIL16d^?l0AmsBYZbvQu*;}nXiZ-4k6Ke9d=;Y+I2A!5v3oUl?Z3?H
zL}H?Ma9`{oZzTF7zI;W+q_&^H`nq#q$(K_Rz-Kf<4_4DVZEzg#PZGH}1hndlQrbCWL`0
zzzD>J2t&Aet1^CgzDCVe!l__(1Hml1=@87831qPtWy?nnVJo|+Y3+CE&5Bk^k0ij8qsMgcYbHN!PdAYS^xf-|lJME~G&_eo=_rNe
z-=d}1sXBs4Z)_3wKAX_4q;`!x)Ul6}CbQ`WRf?HLtn?nwa^~&I!Jii-Fr(W}@wfn|
zFa|*qKZPfmO$R8t8lvfjQ4rc1lC*3;=+e29
z4?MPrT5BJ3D{XwLo<(Ko2alx_5;{Hl(
zA?3WlXz!0l4=A>pnG7IvLok|ZMqaCxj|LL*N#2_y
z_9l=j2ETavNelTwOKtx34yks*jcImrWQH}!@$>i{}<9O|i;D1}n4+=L%|nhsVf
zW0FkYbBn!AN}-|o9)q>W(DE6Yn@FYrp^)qHO9V`U0vQD1VcLBOJ;`iI$j`c3;W($
zIP7)X=)D33l`BHgd!A511|%>gBQP4Ns^}{2QNGbn%Ak$BoMT|TD41ugvJz*T#ZHby
zSZbOJ`4zd%+k5Emw3~WjYa*_ej-a1;rh?9}dz4i8R&|cNCn|AjMSkd-xMhP6g)ZEz
zTQCD#WF8U;*qBaXMwKJN6XR1k$17Rps3mnE)3ptSg(tpjC|(xvWIY=SuE`?5GcfE8
zWv_v?mS~B;@27{Yz}h;1>DXY*30cKK3r=*118}vz{?t!O@M2#
zn;k$S-|u3=Ib{Y5xH0akzwh{6pf2Hd7ghu}Q|MQIDTDJ(YXT%8vXW`X)88|6HD~3`
zie`#z&qcv2Tb9IdX~!WGi{s(#?(kqLGu_YX`PX!^l`J2~L;zM|t_}%XV5Jat8Cff<
zLqhdMQu`_%#@Tpcanns++Cv_u^s6oVBv`g!8n-BWArEup1LAN|vsNO)14cysB?(Cj
zN_dOx8Q2royAe@inuRvPCN}1b69i`zaUpumwV_cC+0C
zcD5T~bmd_S(^(ja)5bBadLyrcz*0;b=Bi
zyz)p0hfY5zdU>aXdRAVC?!@b(F?(SAj9}scJP|vw-GWev#lnA3HdD#+
z8&}DPC!tUCN_2P+PhF?*2vznW?8Zc2`iO;sp|7-R8V|?aJ#bx^!*1)c8OYRs{zU`m
z=@@1!`U5ZJ%K1-idnIdcd<)^P$Pdw&;1W+4fzG89QA4xf1>|z0M|mED$$@#USa~;b
z?mC}XPwazv?}0%*LxrWY^4l_Q=TPSqVw(e{sdHYz=Eo|M!`fmP5w*Hfn>aPB2m^)Q
zZnwXGPe@v_lfLbY?-QeKUJY$F*fs3`6%6OPG52_rcx-i9?=FTE=l40{JvljMD-VzV
zSX%qUQ)JbMMQgmGrt-%LisD+#VGLo|_RF#BfTD2CyVzKfF`k}`)#h|Dr7LZ9yt?eN
zyT=e`a76wzj4!tidIe{9ZA@pENdO{#Gc=k-ZpuC^03|JOHIE96vQKmkfKsb%QHELz
zOZ;9QnBpo6)TIlC@z-l^Z7D-&{hs-^oiZ8Wne*r;r23qt-xD()0
z?+5vIyyssBrq@S-cDEC;b?a!q5{F>Z=QDs=L|lY`sBD9mjE-Fqp|uUvTa1a2DU}~?
z-9lu9Sv5^V4Y-4$vJ06JTwx3qi_2imv@70c{kY9lEF#-J6
zMkD2r(V5mo2~eiN8vE@*n$8#m5{z~~L;s*|el}>!f2{II13MfJfi$qe%K!~vyg9TE
zVlb1Iygv%Umg4jXs@pkZXxY+(m$e0gR;KL1JTZig?zfWJA_#N>BNe%>G_<^O$CXkgpV2Zpif8+iDT59R-UP6-
z8~JXFX7x~`L0B0&D5V1H6m_f%j^!pDZ@{tQ(H}l?tm{g>R|dqy4ode!voC3D@onUJ
z<0IWzVo;?6ViFud`l7YK8ALMfjeEzvR$s(c;3bVd>kV!Pt%n}J*$ktQS_nU2p&Vq3
zFa1_V7~5kUh*w@moIV;qVre?tnp{7KCl$Si*wiW}2QB1B-phI%^Vg3?O^E(?|VoM`4!)Fp}H0swPg2
zh&5}e0stivCjhoXHbuMRuW`qBr`>moreTP4Ap=)uPA0p7AsM92K}1OOA`T*Vly&WtCDLS4JU$sT)^iqU0Aw$`Lb?=ysq8u
zt0Em0a6&Q3T0I9Dk_~NH&NmAXSlHat)InG&a0+~Hc165dVm~RCgV>Wz8v3;JDyftZ
z4_DyEE^9aI;%nW(;q(!_I9Me(bR;#C^Twsff8peVHf?ggj7y%w_KBBFgoepG*(J$#
z)zDDSeBQu9#iTrT)_ShRWtja2mCQb%DlJdZGrGL%aagvGAxKzHWS6@S1Sg9fnnsqz
zR1JbD49$OmqL|5l1prihy6mx+C(U%j+Gbe*LU=J&HlYMbz_7+-ngkz^Smf%n!w}Dm
z_e+N3stcX3TnVPc#peP)aR0l&JMQv%f@+2@63*Rl*wVW$Fq3{gNKOJRsB@)QL15XONYFJ5C%#UNmlliCAy?ZCvEqiEFtSe$EH8l7ltdJ|YWMyH79nh2c@Zk1!piot}4RV6I@`%S?VW-ir`;_x3Tk7A&UVTB2C^
zK2Rvv`$n~7Z-=QCIN%XVlDkk&kD|$8t8EmNts1V;m}!|P5SeWLTw;X)lLm{~$XQi?
z$=pj9h^bxu48RBlw{Thkbsx3w<1f)3IIp{t&nSJzDJ{P(@$>=M#!72)8~q-rV)F^k
z3+GAj8zi(4K7((%-P6A3)6>#+yt%HAXG;R!
zlsX=Pbr$?Fw`GB{B?XoOn@d1~_bIy(LJNjEFKvjdaDm3Uv;$B-(#V3%l|dXyeD}v)
zzz2qIcD_o17;3{c;FDOLW4QkPnKlNls>4BmGGtL&Ko?3axhkcAMvS?Itm5)fdGRnW
zUY)CkC~$H6>a)}>zUjj9iv4ONwMZ#I35jjzDvX~?qVKE7h|xuQ0k&HFYnG3g%qBf{QQkBN!fGa
z57$Ece`U#{>M?dWe_fgC%p?voPxxVhn?%RF!tv{?B!Y}Rq`b{ClA2ETWj0l^eu-I`
zZxlRX(fmsQ8i`4!fn;H|paUHG5F_ViiyG9hZZg3*p?4E>bJfh$hONZ$!-25d2bG7S
zv(4xZ3ePZtM*oSL5x{;~oYg2V_w4l&l1k&UUp5gKb4r{kXZa+>K0LBK=0;f8oyd5D
zS8|VFIy=DuCUg`CC>66ukv~qoQy>wrZ_`m9>={Wgp|RYX07UI|w!pyo(9Tq^HHp}0
zcypF$(G(Y{U?5|gCQE=TB*LVu-M9WYKzGc!V^@MxxHs4&uhGr}y~v14hj!-fiE
z2pcMB_kxg7+>qg3Zh(ut<4%>L9AXR
zrc;!Uaw}_p!6;I@FTy@q=Z=b!E>0B-#Fgza1guD>mJx3Si{52zGC~z6w=@%LLN?M
zf(9Kxc(KkQ(VZykDM(SHT#0q9rv3zP8C0O#Nu(^9)rAvn^=1KXTiJMGCxg}#+nwND
zx}sii&dGJOni-@v_v|=kq`?-Lk>E`!jR=Qkn7m5aHFtJ;z{tC5P>TGM^pcw)R=WK;
z`=&2vGnmZ{6N`}rJ}#z%>rCnuDqQr^y>&E{ZVoIvqCgofqLBIW7D*qu0*Zp>X1hgN-fW1jaaXhER!s~$W0klP9*psq!
z47GY8lJ|uZ)Ege4U7Y}2f8w(GS1!mpm0i>_Vx6inaoT834+hC5q~{FE3;2s`siU)`
zwiqP%WKmh~cY4Q4V_(6&@+MlbNQGxDbVq&b#B&D)#~y^n%H%$l9h2%us6{dPMLeFf
zkCiedIL31&U|BVhfa#Z&0RYsuYJ-L-k0$8y*wBG5*iV?c%{ekzpK}LK
zwvGR>b^=}(`$}+D?A(Sc`<#^`9?U#YR&ZgPQdP-@9Gi-v@*})JPNlFyR3#g{Tt+)$
z#rjGRlu<9T_wc-uN4;qs$l_O;6|cBnqj13}Tw?L(>hQ58Ah2jDNik+drIa_0{jh*a
zzDNWYS)47Y-x5nLFH(qqqsS2_&`Sj7`2hBqS^7isTPatt92E>zw(?nv2cW~)6#qI2
ze^A`orHUAVCvr=8Nl$K4(0MhNOsalWUc7|idZ#-8Lp*B?>G{(Bvju}Cn9)8!R|S6b
zHM33B?dEDs{ziu{MlgYz6PRP706!u)~
zqU`Y9L;)a5-8&BhA{<;G`yweRuH#MOKJJqbTNC~=;rE8rmKFj?9sAjuc0O{vze#;+
z7b8$Q2KN{JU5EXn2?ig);ZwAcCdT9xBc|jJP(dvo4YIG=Yb4}*+zj0FYz(gx$pIW9kDS89@1wR%n@GLwot81mn$2^+#hRt=cqxlvtAV=;H+*r*W;C6;sT+G2tSaJ(a
zc+7A|@=1BS`B0=19oGa)u*)d7QRq7$@Gsw3bxmu#
ztaeeiBHyjbbKs%<$^u4)*F(S}>w6}+$jY}F(EUVfd!NFnM?l^+P?Bt`x&7jcP*SN{
zDG@w}iCIc{0LK%JDU(1F+S4~l;450!Tk87mABPHMH^tTm`kr;@xy+nD?d+?t`Dq42
z#SNsh5fYj^LSzL^AY8Yo6(dp>{bJnF9cTL4akgfs2ClMD4SVv%VUK?_F%kW+y9*D9
zN%4Ss%xW^{da?Z1Ad%v738O(sC&Hm~R@_hwsSn{1008iBtRy%COg%tY%_gGKXbQ(*q#N8+i%C$H9U9T|SDPqO1p%}VT(@I}a)3al0-CSau
z)m-F9Zqj{5bx?02tj(29Dy|@{#v;zDwQ!v|157{lidHQY!Lgeb8Rf*ON{Ws>OE#P>
zZ(A&PF@^qmYtqwBmefNR#*_9683IKpA1OLIKv@;g?17BAk?^Qi*xB_gQ5~LD=mqh=
zCgfv$!#4aMqLDe33m|((TP!&pm9j!y7;Q<_Bb&^Pl*5sb27;CcLD8T!ep}}%l@|hP
z;uh*q4usYQPFD9J;u3f8{CcPj(>*N5nLUO0;xLB!pMR~OQrU(8Ax%1?x7R4QutTYS
znoDo_ZFV4yARN#PP(~od3r$iD84qxMDD8UT?_dYTrf?bi`A}_7UN`6_c)|~lGIk{^>
zT#*VLo$iF-S^bPbD^wAfw0%rI3NUvqz|=@`L>MsczU>a1J|nPc#vtlzbx;ArtQuJM
z(3FX8UY?_PJ>)npV;r^q6c
z>oq0+m_XKOT)qq+tJgN0Qz^Zvd?j?R(7Vw#wQ7+hu(01(I-{e#emAEWM>Icx_3lA{
zNLrfcuNt#swo{N7rG1n$6I=D=1_?EGMaXt><9_!?k49)alDO-{Z8usVH)~E&BG~pd
zLY&r(3rvt1sB^}GiJ~sa3f*8`&6dG>1xFS)3|%>LqAeFm1i_tqERY~wcw?>8
z+c%ZO(yFhvg9ty=r|E~JL7-Z23Z+1AT1CTLtW*N9Wh{e{`hgU$Twt2=x5Fna$&~Ph
zOnc@K6~t3QNX@mYaRMsy`X1*UGslQ{Jmud?PH+yrLrh{6{uE~v7i2+})u9U;{kT-%
z)Qm5@jv39*>TNcbFR3Wi>hs`a-(~upC6F{s?301xK_+HMm*-@xwfmT#s0z<|))+eQ=w^M6w-L9iETt0$(cJJxb4KB?4{EMR(7cXEH!
z?<}ab#T*P6t3jc;RV@NRt5w=vpi7lp7B1WRoJv>jxIo|e29i7qi>b(x8C5h`Al00b;Q3C(
zGAd+Kn1=E0&{1>AG9n}6f)LcRSZjiBL2pxLYF0-bm)$C6UzWpeYTq72pXVq%{iwMs3(dN3LQ^7Wj+GQNR{1w1oQo4iGIM
z5atP!$+Uto>~RIQ*lX${ZxvHVG^q+b
zu`7}+>#&hR%%pR{m0~mc-sXEY_ry`6-~Hn^x?|}naHgWD2s0M~RPIz#LhF1;S1FBy
z!s>1#7nw6x;Ks&r`~dUxDANU5vN(jvg^PDRdSCE|L1-}KcOLy{geTKDl!4j#4ag9{
zFd3nXlp%1m@$`bvp{onwiAMSGVDA3yWj3dn+=iCSD{BE?IB13-tAZNVk|jX!1susPMvOMT7OJZOT=RypXuTwR0yQ*|D-xl7m2$54@q
zE_qtK1G3(mTn8(eb?D}g^_O{kZ3`l(UKy}X5}l8XTTjTlmtX=DxABeRk?k18j3Gc*%#}>o=eoa-1{hSr`Hht>9ewZUu-}bn0ZZGm
zVnCQwdYL>zatDkl5a~7#-RtAgK&tMormp{%
z)IeqRWyva{T)PBPA5;e2>>f_6+khEmP
zT(bOBsvZ@7DF~md2uvc#)&-(7XE{oYBdK<84om^37w@`^3vpkg2bi1afR(ICXx?M+
z4T%yDgU(l{cYsE{#*%7*vLP9g_PZJg(<`5V!;&r1w%;H=uK3;TAyujswThIq7F2C}-2J|1K^@o;8(
zfpb9AwazZFbwzCY+S8^D_9&0~$K4%Ew`e=cMFoeA0d}_z+f%9nl~bZ(N6gZ7FUSB?
z6_grI7dI?XO@kGaPF8Ql@T0dx!i6HWK(KlGS%hYJdX&vbv<|}WJVDIvo{NgG=w^-?
z`l6-V-dZ9T7lrhqHAbP&oIMJC=uA?MdpG;c*fdJnGfcpc;DL>@PUx%I^Qd__*-Nv`
zGt*mVV<-`)X$&m^x~!Tz)ZwVYRt%^wn&cF5LAxO>e~AnEWjM=%OxSlYhcJ;v1E
zklPZ#tp`7x$&;8N*_ZZ^O>5XmysC
zGYI=zm3GKH5T4$7ESi%wPZX3lI4$C@6y+MzZOI}D#OMbgxQh0N$Rh|J<^)E^E%HqF
z%3zO{Uv2L1V~TUQklwPax!K1vFG*%;sm`CL69AxS1}>dZ+Am1z<;z~%m*6Zgnq}?C
zYP$=H95efYJc25XCp0H>Z{z9U=_b0L**`
zO?Y&|RXTEcbhBm+Bi>z+%}C}glGoXr4#BI#dGB>J-hZR}h~>CFOBa*qAP#Fl;kAe>
zi3Os77FP0G>~g9Yto{jd{Y2v0Ly8(r7-96Q~x2M;J*MKly7~?B=b1fb#HvyP(4@
zP!BP;ih{Cy)6M3y$qzf%hao%dA~dwgW0Ipl%NMUI0WWEDXWAxf9&^o|`2w*4R~X0a
zUB*c98=BL@W|lWSSkn{?F#|6m1R{75BHaWNT?v<@E#5rVtH2u4r5d<>a4R0k7
z7qHanc=Tx2E?*^}Kom>YdH&RChIR_#p9${5-i>D;!gWRg`DiS~_7SHOL^R}0sLUC`z)HvXSG<_7yndRymLQXY-PyffoPrg7Sz>ojz)mBRrjw47gUe>l
zmc|s0*;}3FhN&M_1(uEpmpqPRdhXWw#5P%;|1MQmZ*p=_RJ{7}X!;|zAAh5M}ueowOS
zU;v-MzZkF_<9heN7B|i>zVlL}a|J!0&@^sAldVYAo^9H2fN~IbNMp+5?m;wZfih1E
zF(jH>_B|+NfrjofIvT!R1zn*r8sSr~9^qu8j>ah6)4_9G82Z63DD%p6%+U@g=|pfU
zDmoJGTj^N>>$M57JRRvR{)ut1xXR6GhJ|+%<+_D$mDE_NjutVg9?3Rp&JQlQf)FD_
zWRr4|Y&=
zt@kghb~Y-tfY$e}*_t1Z-}d@ZuMbi<)H{p?|D!KXMHc(wrzEs~{V2{H9M4m_k?`F~
z;(subJe3Li&2ARvPBE32ozvn_mgB1HO~5CCI+b2sNkSfvBDKxN@
zfppNGP{M*9+hKqD7PD{QhM5p4pA}c}qMjMGc~#UQ3`st(hCCCQ?OmnmVMP
zWuY@_gQW*eR_=C<0AEaeWKU_U$^|}VJh)#fjF$78LMt@eH;qSaVYn%}le+D-wM|$E
zna0L>cR=)RGmbzS7kI+SjEe1UdBgNg@tK{gDp@~@u{uqkXAN!HH
z2dLr{{58z>O1v|_nsm7jXr$c;70jTslHxqoD^=EW%&?r{ICj^>U0s=Yp|OD2YMpX*
zBvUVNk6Kr~(eUSxV(lRsY*Eo6T)0~n-%G|!PO>bMfUkHDnE8?n3(esr#DbYZsZ7k1
zEFR5#oGLEOd@hxx)2|F&j@i@D<>h^Ta4yH`(sns?mI}q(>1v3;U=Iqow*a2YaN@}O
z5{`hWDW;gXyGZz?V}4a1W+iC0AJVs&c=nfb#4lzw4?upK?;Q0I*xhN};YmFf2i2R^
zhv!eInk>p;3pX9{?zoEp2gBzq?3l{6q<&mu5=?oXPTrrSB?@RZ(S(0~FqEmD5y!c*
z1xa(eLq8Z?pN@h7bG71Lq&0spEaQ@2gN-3;Nb(;HLCMBs_|bl)vic@%Eq!3?FFN6_
zbU7vzr<<;Pl5&8Wi^^0Dk-S5!HdXX
zYF7HtY%%r(o_qKRxJq+vSgClH*O
zGHv&L+9DzGf9KzNn|UYf_D7i5Hz<_Bp@S@
z!nDRfOX23Vh6h~?{OGoYBe%TSa`UcGyR;j1Mqb}-+C?pY@wsiHQSw%S397XHi3x|QfV7TJt6tvh)__ehU1}I(!bA?8rlD@)1U4y0PFmEV<
zhWU<5uM^?bPp*CjFJa0chhQ(C9JTMmgNgRWn2|8~j52TdD5y~%0tDFl90OiDF9I2G
z>o7D|z>8wd$O+3GSyFb?>Z^KyvL(Tc9Otr;)nDAgdt>JO`OI;$bj1(vFVQ@l(ab`y`guB%KP7pi}ysk>|ReJq6qG)ViYZtjqi#EKnN9C@|+c;@xs%WUD;;SjSt!yqHt)-7`X)=1xG_$
z{-G
zj@z(gfVDw71AHlXXb45tWzl0|fKV|!Xg}N8?Iro}PcJko$D$;Ve5G^j6@VoztUbEE
z2W_g}Eg{vuA*50bQY)t5KsOU4c;}#u4e&Vhkcst@uOdDeI%CTQMSZ)ZwMJrP=>>c%
z;y15~_!dv}%YQwbs2CQY&8ZYV_}rjO#~yFr6U8r^nGJjvp#p%5~EDJq%LJu@m4^}&p_5cVp+9u&-=^){)ArqS`J
zhj7*l8I$;veQZUqZFCu~p{ewYo-0g`&(4D&444i~VVj{YS4q=s4#I`QcIq)jls-4CXBr6)8)pN=$VSrt_!m{M8oj?m{
zrPtj-owF1)kQ7{`JH3+XZMmQ3p$#l#lf5V#@7T%)o)$Y?L9e7TRJ0Jwr@0V#n~>Fn
z9YA3B)*UQdW8)?`qk5Q}4zOZ-gugv%^3lCt6RW||jLW;ILhd0~&Y4&8Ee9qPWOc3a
zS*FWi8O?kP%u-i4Kdohu$}H3#kJ83>DrhI3N`QPC2jFS*5PrA)k7J=3j-l?;`|;C&_dQ=x6bA(D`dlTL^RA6hA`S+tH*85KMuo1Yw
z*oesG{yb)!Jk@p48m(+9GEbZ#@}#JNXCTfn3JxSGs$yA94~mdWV9M@0w&ZPXqliX3
zcCmtJnV0!z9t0G2LX9^QIP2)4_1bNi%i$|Pg(Mp+Or|sS!~9}LiwlLoWrq@lKD?+#
z18T>Pv)C(|O|fJ_zlBWV$M6-acIEoVUeGcyzZ}1HYrlzACnAV)$wOenL-hKoZVs_h
zSkwH5ui)LeZbBm9Ct95=N8juLru)9#JCp(I6UDP^OG$`M+P<9Gh8i==FJ0IJpQb{W
zJf^9AH_AI0yu|`kNgiNM4N-lP+kpDZ-uh4s@${
zpxYzNt(3Mx+3I-J8XMg08`|e0gD?S2-a(Dbn*2lL3yQz6z
zq!9+~Y{hoWP2k0*^P85qfuj-x%2Imi>@xLt>g=otY-hteh!~bD7;MCc)=odqkUKP17&!sEauLd06Z{>wiv#g8cvg_{DQjAHW2#?p{(a_r||%f^g3fWFwa=p
zB52jXvBGPjrX}_5Y@4{Cz-3`y2}{&`qNW$se1>r*74tii8E7rr9FUCk^IQR|<~$fv
zj&63Xz1L(t%(9Dk?KL@P5jc}XG>J1&AuPcGo2wv47`06;Op3SL9ZK=+L~H^<
zH&1eU`cM9j($TzWI=J;)*?Jhe_?b_fX)+l@O$pc_GY7
z_SuWUGpypO$?L#dUDaFIpjC>}JH+o;>or7)#la9b%S1+t_+BcOedi586_;KIYyT0z
z2Juw#y#(Fi*zfU%u6dBQbs6w7*+y+N@8M~XDIOl!(oNrW&-f)NrENVKn0}*hl3%c@
z*`wFdvWN9mk_WK>Vqt&M?Me-n_o4yZG^skzz#5bj(4>sD&Qvjm=bZ
z|Cj>mlZBp*3FT`}feRm?0+QIQ%3ea}2Dino$EKU)W3xBqVgZSLp=YEb*LL14Xba19
z1mYRANNagH?r2sn`zlSleQx)XI>U9zJGExLa8s!FppDfX>@7$|mqr%vkSksb6D9NJJo_Cvz6vhpW*1JiKm^i)^`{Fj>0r=kN2q=IwnqcMR
z4vi$*cj(5~dhc7_X3kw@l22$F=efe{5n6U`qg!S!>j(8^7Fu#FU9QVbi_U}+(0CYj
z)Urs3SAOZBCPfz*RaqA>RhqX(>IDxa@h-kzj7$%cZ#s0NzjPfw;0jGB&%hxI5-PY5GVhf^%L}rP)8q`>!iVL8;
zrCkhOGu^i6fezFjg9ULqAQxIbp4fxW&K7{N5589V}*$T$tI5swW
z9BeZ$dpWrpjy6OT)etThjYYu2Q9KOhm|vZt6~`bdHLVy-Kl8<6R|^FKn!Nvise2PR
z$+EIeG*v)gR1|q`fR=zQG);F!*4`Ek)m2e+R#$hGmBk_|VN_&fWmIKmWJg41RiU=1
zh%ADDK0#;14Us`dP#F|O98ghFKzy=@zzCy&D~#K3L?841-*(Tr=bjUHiO71R0$-hs
z8#nGf%eVZ$ZPoxQ?AkPRLUReoAg^F+?1-4Hq87D^!7lxKh$ms|toE~NpE(OVx)fyJ
zVCLFZzML0x#w;EfV`p$v*%;Lyfx+;sMvT;hj_m~8I^$1~-zai3dq=06)ip2GuE^NE
zw=DwKVIv(T7nX3AVqoRHJn`-w!4I?*#8
zTz5cHszQ{9WT#O!mgdBG)7#pQrBjlk+c`c&<}yVkO^XmYm5Y(a_4p61SLqgx&Z)PHy;t_;bY?C<
zaRtn6fn&x|i9#iln7N)$6pUQ~Yv0c|id|v>Xj4%_4iL+bdy>%LFSv7%D=WX{eC2r?
zWY>d>vbUArg&kfS)@jfbBridC3&jf$=aCWknrOGhn3;L(
zH0Zcl8tSA&p;u=y33v<~c8kYGoPy6Vd~u6>Av_oGo{;^s!%(U-K!PD58SRl4vcqW7
zK-L$^6@lXh*wC&1gRJtXcz}qG7^p
zl$!__;zp~7mzEdvp^3acnhU?LS;@J+UR_?ZvjL8Y9oIe&4H5Ac2d$@NghvU-&2cgh
zk?~$_p4Ko2iTZWqdCNmYc!k6fy42d|>WX8?I6;sRUBR$|R4-&RTKR^q7ILPOowfr5
zfH(jUwTbDRH6Qa%O)FABT7(s`@PVoW9FakIpm)H#(sM0oj+Iu;YZ57h;zGU42256G
zY1r!)7|~vz_<6eiYjVdkgw_cV&s)gbue)eOcu^%}4n!*Avy&zwC(>{^hjh7oIgTiR
z(qO>8_hR!rh>K)gUuR7sc0LP(HIy
z&dZpD&7VFKs;p0?nEdL0(4;^eJ%YySk5WKgqx
zMKTW^up2r-#qiAjsuD1U1!@k3ze=sW0}ANk2u3@)VTM{(a#2=uV_~&BSVw~6RdDG@
z-cR19F{OO|(Fvrgo$GH&(yDZ#cnZaW$+oJiA0E^k5!ou62>0}EmSbj9jy0N!amwcy
zJKVxyi{*rfP0~Y>=f9zyQOJ~xpBpDvie3lu^@+0>UemN{&vxqu&gxwq&FdMXISbG6
zw3K}6mrmv$stb5x$@I>SX)!4iFs{$cu0+P)6DS*|VwY3qsL+5GyQ#vm;!i5Z7Wd0b
zO`R?(vIt6B=N(r^@?1=QdcW}+N>E(xAW(mGFcEg*przCUXH1?%yaWPJuR8iVPE(eH
zFpr0vZplK%@t$=-4O8uOiFV?H%zWEfL)BruGA)?x0BFIZ?#h6pCa^6sPcS1J5NUN;
zogaCP-Ey$Qb-Xu+Ud53GHl{k7igXm6LOc_T|7odp(zvf+c0tqt?^LYkXql4=tQQCT)=I_Md@(P6~zGwC!&L@44
zfIdkV;fI};GIMZ$^@
z0ou`_3SG~HYtWs{NJtOd`)#U+tARbVlG)_AgY1Kn#}|w9gYTrcnpUq7m7X_7#JkdJ
z0WCZsQQ#;%<5GrXYsJAs1ia;p(sPJRI!jGJc5ydOH-e6UgG8%ZPYm
z?w>3)2{H~5fn5Ec(aP?kVqU4UR?rqhw~w5Sq7E!KjGp%lpvJR=?RvW7)7{ZUY{aXXe6_a(Wu~qzc8r2)1PQe
z6}c9{z*`4(%-Mp}0FOD~e1Zqep7Y_$Sm*#%P2<>sxD_FaZn*guHNEu7n*%D=eH{Ni
zI|ReZx$n;r27pa`DF-)Rm;yRb0Fv7^3Iq6g3+$mYm_Bpn5zHf>u){|%i-;gUKunFo
zm00{`o_o=a1HIf6=fq&?EKNt2@_Vh2|oC)78lK0IVMK}GGA
zvL0d&?KU+>-9Vef$r^gQb~jhXNFGqYxArqEc8+ly-L-*K@HpGE)(jSLTu~IIoj$!R
zD3rH&R;OYgU{&EQc~-zz6@;_NZXBH&`OjHOrAz4H9F;CqMJmjR3{m`pa8#=-LFu=o
z?3Y$CWhWYm;o}r$+qu1qrepA}(YN#OQ=iLJW^ML*5(~y>*LuvxJ>*DrXUHuwtp>45spo|y?+si5N*}iX>%3Aa`p?}I}(A_
zVCkS{PYFXh>>ENk1$P%u62&PIFD7{_DJE`hrlhM&Yns7ko0^yIP>&Q*mCzjb0<`0P
zpM#%J8;K%U=78^l1Z)nXI_d#RMM?x+x5Rz#X}%(BHm!Wf^<>~-@8Ed=@tlxm5OP+X
ztq_sLR$8_SvSrBaw~I(uhC+a6#PPQf`3x5~D}75(SzT@89E^wqCFJCBPoFDzRMg}{
zL(emVGL!>{)tOMU1e&Yh=xD2;v33fI0Q>9|$XZ&>-#@HAi;T73z|NIdBCp$-2BRWqG3E9`xcMMnN;hIw?N5c(-3G};)0$cg(bU;TV
ziFkp6#iR&!CH0f9CiT+_52K`?D$^iBzvt6z`KjEu8PeDB};If3!&70{f%g@;Gyzj3CQ9KM}S_$}-
zXbE_p2>`tph$mSn@x1*Z+i*({!>cc%T+=hjj_uOXcahpWUh-A!4pR&%O
zeE4x8@HLFl)&@2Fx5)k5A1PFa=kd-W*mxmhyrHoX@nCtDdBAA(iwR_|i~}4rwRB2V
zzg$ij7;7}UmDGLcGDz0kqJ;I4tMe|_4nCF?0iEq)Rd#SE_0{{kRtslSbk63Q=0?WQQ
zLU})MJ`Q>T;)MmH1MUd{?^~WyWw=Q_$Ev3tgqp?lctuvB{4$FCR8cLL;-t=*t8ALk
zY_hf6cmscZh2KM|uZ|HqI6E0ZvwstXqg;AX2G;Ff=FUQ)i1q)BA^K|Da{^f#
z75aGt)wL-y)9ubaA{!7yimn23r+IMYEC7Q|x$zdW$vH>B`Wj8JJ6nr>&m`;_iss@-
zuJgkupFas#dO@+sbuP#=)Ud%FX#^Lc6L4SV?M=c~`zsXJ%5E7?K?vi;LuJPELgYOt
zXJJ%t6d1A>`g7~8$HC!9`L%c&7OwuE{oYe4he(m1IXfM2$NGZB^L+K=rzmyh6}Ymp
zRq_f^-S0NqDrm4tYePmmJhhFCnG9k?h#y&Z6oBmll;q|)=24skGYTzk17+TOmrwM!
zCTpFGTvV>ZI()N(rvVq`ilhV)9T7By($6A6(-tfp?*BuC>Ky0fNsGdbQQM
z^;RIwgPyLLn3Q-PiUQfUXfaC_cQyO0EYw@86@o!v|20gfb>4IHoW^XuM!V=j+W=6@
zFP+Ev!%3i;2?*ig;2L>()500jpCWFJ!{=c?0>NNPOuBGI+}*!&dLS88nAGMts0-}!
zo-?<|QKi}*P?iN-gyO)|hpeKwAn|#x)$=NwQI@r+5m`|0CVQ-zb0qae&EcpVLNaB>EiXtYkYo4D0>=vqzrrBG1!Ko+g?0`J8uD3>mtjo-$9JG
zuLoo^G@B=!3OkD*{H~6m-gs7GMF@&O#S&zOY_D>3siO6Dr%BL3*hw@6q5cS^iT$z^
zRl^t&P>a2tBOG05fjW2=R5k#tQK9Xtnd|wfUh!K8RaG*6LDPc
z&7u|PdBI$?dv^n-+LqqlcmvZlt`n1XZnz@QcA_*nn9rXeg{~bCM>;EOS4cI_rJNt%Li`LMR@pQV$O1
zv(UQaJST%u7P6&#$9)JE6%gIE3zWAiWh2lM8+?g8OjB=BhYq@U{sFM*pqevR`L=W
z1ZXJr-1B=pth(StQ*CEn>9qo<1v5BhS_`(9Ie!ZuWPXprC*}eX#o*9!aD2Ju_U!?+
zbw@oHxRiR6yEqTV1s3V6SMDgl_8i5)@1jyBu2hTLpaW_Uc_tj$|J&>ssiSrSdX(X>
z&=;UCaDsWkl~Y%Q%0o>>ie!Iq!D0cPx0xgOiR3YB6g7D2$B?x-M30e06}&Nwp`Z_>
zPcv%>8oEQdFZ8~U7Im3f&?K9~`bP+XVbz)EFe_SDl(>?dBhtIMo|$cBPqDXhKaukV
z1&w8g>)7NozQPv}d510@5UbRXfo#?N6t;$FwZM#u#i-@1(5Pu^N{>U>c@?UEF%u?q
zj_WSoAxm5+1yHnP%8?GdzU27bO}4>FJy}?6%8#P^b?N~<0JjV}yD;K!aSaJ;nW~|5
zxePaDgXUnMh|?iy=vHz+C@6nr)ZNM{(G*`@`qTCv+M7l+VNaW*bVA@N=`OQuQ3byf
zST$hP4lkV{Z6R+P0rF*=m+(W+l0n&1D|!p_saS@j{;3JAm;Zqc7z>Czd^E49U2n-`9JMsXJ57)Oh
zHYs-c+(2VVX>+va1V;l2)ltHYA63arH90#zzEpM?xa&f#q*{Ugov0LmYUygDz_e
z9fWG0S#^T1Haj+#H^oiB{Rc5BEwISmP?e9@tNw|QoI9()I+bTaNkcs?a$PYR2<&Au
zYkn~!AjE=N8^j_~X*Qo;uEO#3H!7CLB=J>}ZmsxRWhgl-)KtX($*Jb**o*Y^HYq&D
zi1(u))edz&++J-ISJ@`~7T$TTN**Zn^*2mq7TRhN#)4ew;Wi|#V9s0-i*{^6TdZ84k=0*lL73V>L#tE>mA#Mu^NDAE2xx5C}K106;&v;(Dqe9UVvS!YofZeqY
z7xSI*A`R53TryL^As^V0UbJxL7!PWb=}>S1eo7Q{l%)!1sE!Xt+1IE0MGT2VD=|i;+YubJ~M%9w1=&N_T`%mfD4T@nGQwYC&G!-M=~^V?8wqb^Wb$
znx*3(XEX6(s;l0E-;%(#I%ydz%by!Ne9(S1S)A;^8WxBvp_Y9u{tJxkQv1OXDo=y^
zXMsf8tWz+LeZ1|Lbnmj+E1MzG+ONqWMYJRJK7k75HGpI!nf{^{5ru3D2b+h(`UoeM
zGKMW25|e;uFcz6thFdN403ff2#@Y6e1G$0vlyo)EP@wW--L#iuxNJp(+t%6(hykY5
zmwIbd4@T>KM1P2W2C2x-F_qW<bjCoekfS?;@N9l2}dkOsXPlFSGD-Ge2qCVzJ(|)
za=oqf*SGp3j@{PdlVgrC9?A;>rjEdD>?`_xkMUCUHiaT0ZkyJPIjX011SUhzYmcBd
zSk2`nuZhJ+NV_n#yJPo>$`;$5*%!!WXr5%t#ivLaP$S!6sT6?4P@#Ahts*6#F5SQ_
z?m&BdYb!|7z#;S|F=E*D+Pz2sV!?P5UbnbBftA%0TTIwB=W6Q{7q+W&O-DYGz3lsY
zc2n=8s8?V0YZRQ|M6x;J>0s+A2IjUh+~{jAF&IS@0W6UYt>{
zCQu{&oHjS*I$0=`$I7h+E6%XBlN3HY1*x;02CY2yhIQH_zQiNwQ}Nz@z_CSt__I
zuxga`vcN#1%Ikxf^zw^t@{>l{T00l=w6CMFV=Giobg;R#jc$jgsAF$uV!qV^!hcdL
zI4~D9OosFnEP5>ukE;xbc-!{sG#hQqCMM&Cjf$F9*T
zkjirnSIKnOz{2;qiH8N7I!87%bO5Xw3^#-{_a-gsi%rKYDELMk3M+U94s}_nd8oe}
zXK2ULg^`HX?@7~`v#epkj*Sgb@X0P+=%D03y-lbeNB2gigcNedCL5iL8oA&+|bJ^={NbGAkZJ-+uf=e%C(yJ-o!yIv_gIcQJ)aM)ha54#Cv!E;bEhMJ
zoz2qzp7_$n%s?osMsxA7*sR{N8`yq;>yn;PJrb0m1TH6*85+-
zJ)HC@Z-u4N{Iol#D6;KB@`I~}V&S7b(x<2+lwY3b8O*^_Dot^FL!H!`ej5Ywj9`_v
zz2;s5BZU2dHV{&hY!Fm;_Bl}BLsZ&QAg_R+)#F~Q%x9J+a3mHa0`Y-S7FEHMS-?(q_YH;I~h!_
zH8T0KWT*0`p>;ED4d}8E!fc{BJgx5Cuwcx*t(=9g^&%#G3|WaPaAve_ZDqAyD{3!r*b;1=XNage
zlvV5%l*YETr*h%7!0m(b?tTz=YwsE&1%?~kBW|98fgYLp;912Q(M#60GF<79R9x_g
z0BK5EZ+7|=;XvW%9%{otDdEOKm|pJP(v0tB)k+`(WJ1`*7B;E3cnZc$=}R
z94E?|ZDhhJumsc;h+KblvN5!f_q0IBt9b20YK<%r^wHiqiwt#?8ueO8V$<`+Q7r>I
zCtp;Xl413dR^EYwOUaqqX&q+2&T%RQx1@LngVHgbIC#9GCXC+QmNQQ#_H3a9UKo&f
zIshLJSPta>b_rUzSZ)#toXpwa0817lGd`Y`Il=^Ic*Qim5&MB6Zv==TSL$)~7W3QG
z-+?aUl^&oj<2zJ8#t@3Dc!00l(IMZ3CX|Z$BUr8Z!>~mYq08KhR#?eA#3d`tVIf_K
znDNeX#Ou&tVKhvzyjFtu%Yj;nd6`R`pkd!fLD+o)9b7c0E&!{u5is;^$JUB?rDoKpgk%IiU8aQ
z@@l2nJ+_en9c9VF^*NzVe$;E)gKsqJ!U<+Ao=0f(kyx)@TlI8uy@?|c7iNO5k&Osj
zs-kTb&90@Xos$aWHeb^Ufyeig^|k|n0AC-MCPIwWWl5U9ZWDEYF=mQ0HNISNceY}H
zW|Fb_yx1MDDJ65HT@-Z~6;@C+Qp+?`OkiEZr*()BAG8f0jVIt{lg@CpZ4vlj`d*|~
z{c@cyIy64dQ+bx98DQ%c-0-j*v3BG(Knl?Y$$74#%>M(}3NYb1xsP4puR_{!X|)5D
zeuiKs?dSTO#&VCZ4^MEer9|kHY_&$p4feN1t7}p8T%_0m_Hl}|k~30lN5^T3bPz3?
zqgAYrun!;)?vl3)rlgE!ho_#V#l8=Y$|t9o3E5rC5Etga^~GSov&xNv;kC~%8sOkt
zt*HqG`XhKjFQ+f-WDq@tZB*kY?nnoh3s;{e+Yp7TxBq>$cd)}Y57@(Wc`+*rT;G$8
zGxANllam=hT*M|ee>`OR6yt$o!`QNh;lN1`=b##!k5`K?BjKTzQB1qDR_$fVz@<)i
zl$?hMQVRsTK73D(R|b%DHX-H)<2B+9O{C;OmXh=~CM3y6g341AxXTc0U|mah<>@PE
zz+G9AY_O8R!YsFWu2EY-BT-R~f(#nwk69tn2KKdG~HijvYOa591abJR(E
zQP_nb)t>RHEYyO`9e@Wosh94Cz1BK(Lc?X@r#w4E;Ow1E32s)_&Dnp#*2gVx5746<6G-OnBCcm7oI`LLxdxu<`Mh6b2656iNYyf%Be?
z*O5vrNTG(*evUEUpn!`Nl$)b+la~9yT&~_Jz5&Ui${aU`oBi>2Zw&Qe7PpJnpk3kkf?ZoZ7G`KoE4o|5ehsOwaY`{nSE)gDRv9{opC$>?KV~e!Z0GA
zJxR$7?{x7alD|1;F|`*^(P#Qho|ABzA~tS@yFdQ%WzzjN*-51+
zbbQL9r)6sbTX%=lDDX6k8j#(c+jJ7@-8!5PUL=PR!;9hjHZf(1^?`$dn;l~vxA;>s
zKe^wkFl8C{Np?_?X?4e>WRrqbX!(oFK+l$t#z}d&*eRPN=fCDzm0B$UpFlgczO?@htTF4%`f%~
z|C_y>P&*?&jWP~MaXh({pGq4Rn)+SPpU@uHYsV~(OLq>VOF^Q7giy<+slVAk_mSfVT^PP
z37$2pl^zpJxvn#ZN~+O2P=1`e1M1)bZjV%cn)f>GwxjI!@%z^Y>Y3`c`bXBMyEGBpL&kr-E1QpNg{kp
zcGg^f(AC5U9l$B2&e!P3X~c@f`tV|l%nDL6_}>B_lC$cbZKSB4Md)(nGpLr2+jAvL
zolnVYsMcWDBPj8JHUK%Y+3$`nTvN>ya8)+8(^LbQawwK2;W17{TdUN%OTD??nThUGIc9+Op4AV&e7_qe|4)*Cx`A9e?R;^
z2%{`h;R$(xLhZf&!49F&%z-cghe=Jb2{2X&>tq!iTArjL112#NwK4Dn3fh&baOE4d
zg2CTN>xVFqR&`tzw?rtF9^<&sbcfi3G`Wv9R-6p9P+~XX{8Fe}Zdh^UTnHR?;u1+_
zI$*W4zS
z>$_@8>>`RrCVi#@ca!=iRZvRruEN$$URs2In-~>pQ2?_(LyB2gyHby%`Iijylt0&V
z6i7!HW^92Zo#DBGYI~+SXY}D!u!+x)20H^S0#E%Y$3@((L?r4;RF1eWH0N()**;9;w%O
z^eJ_!vY+#{lH<@NsI)dCPl}4hpB7-kLaq@xyPtEctH7cQVOJ52DKihbQUW^JLD@kM
zB`V(`vBB4c4V+;tcxkBx#+-+aq!^xXu{_S3-0@R^*J&)Bz_#VdW>%g&5SMLfDHsU;
z^U#|)77d07cru!MQ;m$+BXj}4
z0*nGVvLy!%_7AHl1f%eoEoySHW76Kzn#KAdmwH@z>WJj589Hv#`uBiuq#oO;mY#h`
zn~OZr5x9y?Gz6BM)CaDMM`C|bkQW#w2VWGITzp4S-77j3$jKRVQQYd>T07^J;Wfm|
z+1%TZcG=8)=ID14fL{Dg@@mCkXg-dji+Vwle04!i*j`h^8dF=PXc}T6j&Z9uscOKwn%K6Zia9|U6WvirG
zSN6imP2JLaCj4-e8B48AMkG%UFAjQH$pEnREb|MD0}5+7izYq{ZJ^w1W5LXp0OQao
zPV`N@kHM&dc364jggz&_vzZ07ZT1vN0jt1Ol|h>mhB&$p(DqoSH|xv2?wG7_NI
zEChauw((;auIlFVgQWP0w3Vs~SsON;OAr6`wd0;FVIB?kp;kzYz@UpQiV`c*+lUmylVt^F3`6qNZwCqp(A
zyy2>%(}wEyCfnWh)BVkh6Xb!M>rb{vn*{p^nn`v3VFVJeN&mDsJ};`lMOf9@bm*JY
z+gw?kdB3&W7kIbP8kZr
zp>TOf$J#OVI|LcyGOPCW09#Iz|
z6%Vkv&6YJ;UtWO^X)03(qQ~v_uToW4eh2=i7|i=AR!{yZzb9s02`8#&r9y6E0TBw3
zgJR@K2nJIvs-pVCv1j#SjlfsPRN_2>uzE=(yi*nN(hB*<7njaKw~=T}ykV=uR+lHqm11|kBxgvGK!%x(n-i1U7ikh1TNVpJD;rg33eIhc90I$Ts`nkAnp^%qE81=
z-~lY9y5=`svb`kku}iDsa#-!Q3drulz2wo!Oi}7UbX3~h2&Ct`w>qtqsZB@=rshb0
zvy15H&R})vY2y*591IGf(-#JlD+A~Hrc2N&Y^Qx-r@OvQ8C}r7B(4m&p8Utd;lQPc
zM=WuAO<-I!QGT$INZ-rb9$*Btv{Tcrp%C(%RE?OA9T?JQd}W3X2Yz=xuSNXK-HM}7
zB(i&+=a2oNcZMcoCyW;1hgkCf{g2}vZ4MNuS?(egMlLRB
z_$?U8nQKxKJ9@>Dyt1&3_IIq4qh!=&^jzbhdM{=-^C%~+L0yfC?2e^B|B6PQ6U)U6
zAHupy?gjsl#sId|A(zR}*jCP*Sz=PkJE-h{5Y9(
zt$7F?eoDvBP9MQc{i}oC5Q%YHYiQTBj#I(4w^{#`X);FxPkV;tHG%4>F6R92SuZA{
zP-qMZ2S=@iil=}WzmKkh;pSFL%Qx?00x5HXYDNu5#Ra-%M32jaU#rlKh-^7$mrZ?0
zGeYDmd3R<7e$ZPdfIuV9wZskD*``gcM)hp+?~@QlX5}8>eyz|VEqo@$ig29yQbmY5
zgitF0Y3p0^Q&2myN(#hNqneD=xPZcKH=Vj3;B;Zde@o1^qF7Ph-C0Vh!(M}>oo`E=l|;eT@)_%g
z@GcbX!v=9HW!O?|gqcueTW%5uVVJD)0>xPb7
zK8YvFr?&5B-!Gv|Ggwa$#VPw~-`4O791`T1SX&rOPD9o~zbmo)MIB34;Utq{PM}8~
z?I_N$e(o50@e(#~S=|Gxh3gmjI+U&h#0sxo@QnmGJDudL%M5$2%DmAW;pnIC9OBfS
zD$Xu;WVfw=6uF%&$0z3sh{RAu&j<$-Ln&BBiy11wD(&}B>|AU|`1PTHdwp8?~pH4HYdnii1lr8xb9X6*hHey9%69rb=vUh;CAMO6J|I;N@(9?KD
zEPNfPjbGdO0DYD#@1iO1aD?tX1j&W5ZhCeFX&UrErg^eC_6E-ZCEb=)(^El|MpxW(05Cj4Lx1
zadc0P%LJybxtI9Qbxujdy*s5MWai!l;(P~sw(wb4BD^dmj~Rd=kqic(?S>92cXlTD
z69F@0H0|b3_Rh;HwGBFdCp;h3x+W(n{710wu%=rRR+B5kdEjA~r3fkp_Jbyn6pO%$
ze%a|V1UGr8^@7T|*?d@`8!SRQ^K+)`Zn45B=&sSGH8TGRyuoMUY~u(}0Uq!etf(1a@B
z<45i#pYRk%Yz2;2!~1&B9sdbZ5GG^FE@K{`aDjv#m#wPkx6buRGSzCXpdzsX#V=yEvzj2T
zE?xsGg~FIHv&3Eq%k#?Sk@0fRhzqLfKUD#-Ou;N>ob0wR)GVcnp)?trvlPZr^*htz
z0U7Qw$ATHUi65sIrHv~XnuuFvE(j+BPoV0u5Wj3^xr%_I6d{DQy6T}Y5>z#>B3-hK
zB;^E2G&IdhJq&|HD$)`==eOj22xn0zS&O62WN`6#F
z&C2}sot5#hvj&Y22co8$gyLJ)x1Fqy!KNJ`Sqi~d6Sp4?1xo6=ijdI1aau>{8{$E7|0
zFG2kf%+7J^wYSip-yQRW5f}999QNF#O>xg>!an{Yd8|W)k@uSZcK568IxfTi%C=q>
z$?7if&tmWcc?+l*l{DMk_S}}eygVchMp(X=SszJ+T6_$)5moTV*ATuaEh)(@F^h+R
zI6XWSoC9~56y}AEYbVg`r;94Dq#QMP#2txXm@@yE9|Q;#_Pl(f!3xT3GW+Jlp4K8X
zE=tAW+RSnx8tk$9GwZerClqM6+L(sW
zp~99v4w^0wAoo3rGvXx{0+M338TBqcDOqV5(a1o}XyT2Qb^55dni1Isc#sI3q`vs3^-uq=$4WQBCg|$zCr_oH6>IdKoftF$rgzb~md?;Yxw>KbH
zeiNQ&H5l<-`_-vWD&B%P=#8b8Y%zDQk~e@_y^MgltDQ0W?$K6}ypFPc(&R;fp*6B1T^#5Ud3Py)9aj3!fIrbtwQEYp|k*3$3fH`{=;vZ
zj-2T((@rk1?~3oy+Pl)vw$fP~h>Zm-A$eV8l6Omo_v`7AKf>NKw3w%Ihlq8eilWC~
z65H1VZHC4{xwQQEn7pizw=Ueo+egk8WeVK)-gq-WW_aZ9VF;%4I0wr&SZ!le$+t}o6+Or5vz-KY6e?WPi&xY
z<#?S#fTfCwkk7p#Dl@GTB!1b#$>gL3cv?)p+6)8#O8D}s%XHTB%`=Qd1soYpn-r{)
z@O8K(r5}j^go(4ME=lB}Y_t|u2cz+Xjm%)l0^u0lKjg3HrN(c2mGMM(6Af<$tC4(e
z_yJ%M(Evqy-s&O^P5R6>oW3tplSYO+c2z8w#j0He0Bv;2Y(wD1Tw#!iK7r4hIRH`)
ziXwl~{!J3bto36grY2YThQNwKX{PxEIO9ao+M0J$%CAU(Gd@Dx`VLokaskdL=CS10
zc__Y=ImvvqEx@Rzu8SA?4>qjL9$kUHM427wxGr2X*aeCGWCAjx?BfP`R|I$b14IMu
zK(sFUm$N^0&Gtdd^}8SDIdFKK8@QIjeozv!lg|=!071!n`*Fy@j7?pi$b8|baNKbI
zg=1Dq>X|as28Wy$hA}!ZQaGQMo$p-NOr)$T79#{X3^zL69@^GR=Oc>H=uEm7(YJZh
z7Gu-nHuHF-P_hQ=isRHosut4)34Z6Op)3P1FeHsrc-m5xDrgz6tf;1vrC4yevX1X!
zkg@P?-%Z^;yj3tkgt1|&O6nq%MyxvsrlP9EzmFQUhSA{}Jh{m{f0^ax^#kub1F>YQ
zHnBh5y7+)0K_gUeh#02GzI-})L&?YcpmyB0bCAk<)4s?QQ;VrsT2ALYke))kP?m3c
zv8np!ld$uAM)qN8HjcL~-6c_#)NwnnE~eK}&i3-uljI-*b&8(f-csX)qvfYmS`qco
z1;rIOK@-^|amj>sk@YBIlK)u=Qi{K7e4>aWX)3LlrS+me1$`(vYH=^5cbNQ@<9;xm
z;b=e^Gx8>0I3OLhCMOs7!e$LDiY7NAbAt{A7ux8LxsXkDy`4RV5VRNjo!(l%cUeP;
zv}bHzI$wIGUo>B-f;)bi;fK=hYWM-F8Lsd27gkpW6w>60os?=}UZ%=@XA}rQ-x*0;
z^rkAlOVx(=3>-f7BA*XwZQC|I?VbDq#~KmnL~p{IL)(tw8Z^E}jcUY;KeON2s`Y}x
z{4&wz)Fu>`R?TUeGd%qnly~G;$VtoCGGFf8>Bi}@I0W`g0kpWNz>SEctloK`)5f?
z;0W)QGl&9UcvJaR=QRQ*mQ@MIW29_M^ra0&$eLPPj0|$<@+dr*IOS5BSJjQPy{g{7GnhEq|4TF%yvyrY|CBqMAe7UnS%#w@Xh(P=i{C{eLKM%W-H6KUY*YSFBw0mv~qY-yGN!_g#bM>=Fd>7WO351aZ;h2b2|Ksh&Hm@|ea
z2u26jEUGeyN=5%-bxMw==hyHe1Phj0RMlbYg(h2(xWewVrVM|FCKH~JaRs=nk
zZ?wc#s-jxpf2S
ziP$JLdY>kCA;p$s$NJ&rS$k8mze-MObh+KuC*>R4oHNx$&U8>!+KbyHFyF$5I*7cE
z-%svBQDG7V&yRdgQ!$`NW`d%EP+DaEIdLo^7H8QRWSNuOb9$?oEaFNa5k6U)+jc
zjwir*&>Y{csP{sJ6+A10Gh|AAS>TkkgP9RmrPX$gFk};r^{fv}C%)*oJJ&Hv+t7$1
z8;sAQp32~=LRR=Wt{jArnBi)o#XVGO!V2)!NZm^{N9S3{%Q|K*bUa8m!h0%nnP{MO
zYUf8>>xoN=f0MsI3yuOhO@)C(wcvk}Gd0aFYuLLeO;=$F>acvUj*MyS
znqx}*Qd`$**FR5G3Oy%=GPK|g)Wa2N6iCN5VT1_H08?NMg*LhwbELPBx}lvR;7QC3
z+e7T{SyEN=_U^bZplm!s$8Lzcv%=5Qsmi*PMo#{9#{vnf!8@0Lfu3a(m-3iLnmgGy
zl6c~Y_L#08zmMYwp0;3yu@{1n;wQ?upgJK$Lk+o5duk@&)raHa+RNm_ZBim|UJ8bq
zQ@#mR&+kJq<2k<%*G$q@lR8xuH46l$rFt;g9pcNI+a{7!DO@ws-%ZsZ*pHkcAhJjP
zy(%?w@)&8;5|DdtyD=;AWq2#yi!o_!d04WS>#$ZQ5CpPGFf%$%)Py^BFw-G`Q_3D!
zfHMU0EJiMPX-AezR2q^>C7Z!f1sV||c`
zu)sQmrlqP5vpl)B-d}m@i1cq~chtPI@{|f2&+jf?iGkEC<3kpp7xL^Czq%2mabGJ!>|dIMx*!B
zs`L?~oxl7f>mwFZr66TZnlhFWsfCl7bDkmYyg-a|XB|~*3t-2jl(T?Cc)7Dv0WXd#
zfr2G|S
zLNl#Bd3uquWxtP
zY2@0Yc*d*SB2w@;q}ZJM|aU?$$qty3LjLZARQ`gQ4M2s1?e?zG;;
ztc5i}&oirD)Uvg%V{==CUPbE$&ZT_qMPX$M=lFp+nk&w=ew!iTTn0D<)e(|_>E$GX
zgt`3uv1I=IP9&X{-Twe
zsDy5^E+XEMIUEQ?r4&MFi)@_L3l<%^M`UY+s;ix*=FXO4!s{&eVm--$v`MEu%OeDX9mGn1{V#vJUKv7mFn2NwIQW}Oy_
z>nrxyE1aaLUeo4>wxR{e#bO!j%~f#f>pwH$Kx8=bxu5%u!=g1@GCr(Xvk#_3z6*|k
zg{!F5E&yYrP)KyN$26`K(npeWi-WL&udMVfSW0w9+6>;r#CB(NMV*MJ@Cis|3Hz)T
zF<9@8;o`-fv6hBK2Wb6bcVhz`6^^a1qcsn*Y-u9gOU0kid9hK_mFzTOr{;(83XX~|
z#+%rh1|&I9!gVWiT_R2dI+A0*qXwXlgctHUYDqd0-1v;qs
z0yaeizD69uf)?L6xc}Jr#BdwMJ2B-@V`=X$ox4<__Hq?qq#;{|pGBae?)sJPwXp!5
z1x_6~H_@}nDb9>Mg|{o^zG<5ei<;)Ag#}GsnqhnHBuHdOI$DkI
z0GFwi6_tN$bd3KT#+tC|gcJ~4x_vlYKaZXcycPB#y3_rOH6V{^HEZ1oE%pSLy2i%H
z192%m$6mNljCvo{UB8y;tSyg2l
z3&v%TGVa%|#r}#H;?p$GnFC9;?JEMK$XJK`I+A7oEIn;J!tWmhz?*GJs8jJ6jtvxhEfYtH%9*d|qOl(9%=S;G|2#&r}+chhI--Qh(9LOe$
zvbtFbwtCX(Gq)c*-RX?CFLahVm&T|VvqR;OZ|-ebLg*Y@(HWl+t=~&kYOeERW5ps7
zSXzn*G*rvdjb@UB1@_$RZn*%5NDEZxa8~>U4eBXULM3tK016TV-pQ%7!F;S^v2#ky
zeNUglEvo`j(Ta-Lt0v5&JKW?;{R&TTkWlgkWyFc~>OE(P-f*ZlGVClTFG{|~ehr);
zf0;;o)p)w#z?&D1|4azj@?^7*FBU`nB#h$5&ZNe`swOh4M;H;^vvJnYVrB6(Vrp{9X&O~&2dy0#`lcKdAvMX
zpUjXS#k-4htgKPvd7yq2^Tjq=7Pl+LZTx}G(`n@E4y}*U?5lf(H8Gln{9M5W
zPOl2(WjJI{Iao$wleH}@RfNr=4+HVi*(u1mMAB_s>M~$)lE;61Cu19rn+i;@0MncZ
zQLT$7;>HYls1S?KnSbW4nlZc#2`p4@`=Cn$IYT|N=|p%(FAzMb#d7sE6*H_VDhT~V
z@;@QGNLi)E^-HJ<&1Oo47O*NeEJ~DoNWJd*h4sxoxnCGXTUlK_8)7Cge$s@OyO*Sy
zgmuL+m%?kZdR)Bl`NllSy8S*S(nvM@b{S;l@^X1WR1=Mty$cT)mby%5XOLat^7A
z9P#!k-hg@43E#^bv{B}n=|Dwb5MLM6NV|tyeSZj`f=EuSuNYNG6&#?H_eAAPCC1D_
zC}uMT_4s6J?KX+urZ*!c%@FOZ9A`CEB{t2G7w3t`qN^_ARioZd%24}UmblxVmZ}@I
zep&g5{AS{X#UYBiFO+{IQ?y(5f377Ym^?-6Bs5cB4&JE!##FXdlr-M?1zr{UO_Iqx
z9<%e}K+MYbw5X})A|H*9(;PtmgsLu`zJR1KfFk-CL#;UCg;Ns!C2r2@m(S6v@{)ga
zR5w9+ekbKfwp2K>L_(q@3zfxvi5|!^F+Dn31QlL@_I0>}6F~jjOXUDfO2!ZgdL>Rs
z#`BW;Eec8Q>~3ejPTqZaq(hsoi^^2BxIu;``kvXufie!_=T0$OkcT{oK>Vf63C=Yn
zcWa+;{fk@~XoPC2ojdy76{$s8g3jEuCo9PWiLqN}*3Ekkvx9Dm-Ga&$g}5GpGyLKr
z@|R?WL@~Rf>^W~j8=n_vUpNwrpGFLt`yR|Rp*
zm^Rx28M59Cj#T+S*Lxz8G_f1ICr#o6#MRoyc@kPf>1NsQP}&
z9{^6Zf-Xq|1U&VRZLUZpm_!CJ`p7&dmC9S2$8fQb(EesMzk>Cxb@|Qu_Lu%3Rz8#E
zQY0$s8!b^*XstNcHv|dv5G6%tU9>06>?&au^=n9rHb>gXiT-#p8eU84*=_0*Nf?jw
z@MT$VMfk{&Y2Pf+m(QeV#5-Z9soV%*qtu)UAx?P7Rg}vI$hbsGsq39vIAtYE0==sqyT@6vDqeMe%bkBxvFw-2
z*i-5S9D{B)@FQZk!`AwAf;1VZgnlP_KS-2R)-!
zXrnglHa1we*AFywd@^8Nr1g{f
zsB~XdoY)eWe^?W=a#RFHBBTW2%fBV?K>p28Djna9yLdW!{YfCJ7mW+E!l5voq<9Bz
zRW}zK$3Fx!(pskSNQF#de3fT7d&@Wv6|v#%jF?_hW4r08uY{;2*-1f#XL;^0HBUo3
zMA<>-`m61twOX7K(!s#t2_mpi6su#6)rv(vRgmsro{1t`VqBT6)CisjGbN+V7<8F<
z5^0Amm=Yc9$PubR6Eo95Dnhh9+P*RkE>%_^1@W>m-%3H;61yACx-tp+o}G
z!%|aK?oihfv0owZl^Gl!8tv2iz-J~XXr@aP6#!9I7w~rpSFd=Epd~5>GFcl9ujIr(
z&E_I_Zvu@aTYFa!Szoa
zD0#!tMpsk8YwKFr5*CIqdqLlwB7c%qo}%O$N;oe`fqA4IK0j3sN(UxM5{13HHe(nj
zyS=?vvd9NuGN3AFVC}_~I{&RJftx{~A@c{Q@p*r_d+Ciqs*gmbOc7@@Y!1Qq9jKF`
zF2BS9O^9w-8LTQ~zCQlhUVW)v$VCxP9b7!c~yezV1
z%+kr;*h(L!qvCF}oX857I9sKP8*;(JdtjJzkiFJLvn5QNOj<8F(dES=Py>;-en)V~{;2J#~}%UxJE_+Mf!p*pE*A
zHaO(6mU5yaD)pS06DuFAq2~p7rmMDvd5r2Vv?7_esS?^HKu@l_EH$q`i;xHQZ~97g
zg!iY4e>gJ&%SIcA!BZ>g;66?47u#xJwwO9|@04QV5(zgg!ms3n)OAmIae-BLR~Q#x
zPsJk(WexEbk?JUwrqaZt+gTiNJbg!JJC;#(s~5z8z+88suf81YP`GK8dZnaqBR_BH
z6d{(Rd1LpU?~qADhFW0Lv%{MzYqFjyygFV+pMHHhc$Vx`L2ND`&^@axM!{yqU#o62
z2i?|GG0d>X`&%`gN_-DTRnkQ8MOdYkebl@VWn89SQi1jC!K|m^*br9%PU#!Gu{gHG
zk>YqTl}pfYIUWocCYAVB0G9qKu+sX3HqtI3d!}52zt(2_;%*n`94uZf-+&ugxH}Hh
z6rUiz?$jYZN9;~w>#7MzhK7-_E&|Z@c8YzI|A_F6yE{cnkYgePRq1k1No!`^9R#!8
znkX9NWY$z>c?jpHKic8wptOIeZVs;%*YM5ny7wT{;4tw&DrICbU6qb@izZ^ch9U@;
zQ34$*BY7)x6U>%m1Kh+-s)D2(sNcZQY;(yr&Wg!D8R?royuU=MMeW1lf-_0G8*?c$
zDltRTNg9f>fNXlDh%bu)FRn1&P>mjl^jz7+0_getaMr!cW$U<6rXWi$rYQ;8)eB!P
zgf%4Zi|7V5#YjH7wBDuD8+$R0aI-quB{%_
zUG1rIS``IcyHvq8ltlv!_rd2S(@6hXT}UAQ8q9F+0$gnUzSL@PyHLQyTHLHy4v)9o
zjQ7OWq?+TjksMztnNUA$o)pFiEK@S8B!{z>fp=q}62E9}Gp#`yg&C45tf>6WO$Xsp
z4%lOWE2e(jSIze$g_#**9#?d87T?Iq=6uJ8CWXn2%jQcsoryzIXD3kncGe)tGUJ@q
zlHwxm@_?xWYuC1h6G%oY7|ol?GQ?8OTu&iSOr9OS!@cfSw}W8MSCAgOCF1S6*;XFR#R%7jLfNpUj8OOIR;
zh%OTY(@vt~;KWa&sg$XG0X{&W6Bi@!1F9(K56d1$f~gr5^JPdd4b)^mGG`=VinKgt
z0!;)gzz`zcqWXEYm;ua)lbcnFkKxEziN1=aqsq+O_N4<28?1uiT@^QFZRazgP1sd!?++S=(BLJt_(>M~&
zo-S;-CNhD<4)Hy#+8Lm^wD(16@aw}czA6bbWsD}Kak%a6I|^+#XFqw^ln-}^E1N~^
zZMfI(t!KshhoeNu)-?Nro(VG(RZ-LgLtGAf(Ek0Xt;n|C=x?&a)MIbaccfiG=2A`>
zVLP_7kq+=6wzA&uj{CWYUWl}-;+^ZPgW32)N%KD_m14z2&;b-sW#AE!XR#u)`BkOU
z4h|(Mb|j2SngiCBMe7t7wwUogZWI9zqO&R$H1mm@9G=44ZALe-HL<0otBqV3%m=na
zJb(oy9*XMZFsE|vqPz)(pPFtB(v209c3dDjIoXy2id3zi9BKKaBP?{z!Y-6K+$Gz5
zk&^!{@_ucwIU!8=9yqv9QQ2Q$prn#yE;U27nX^s>_3>Sasxs&<5#oW{N3DSRD=nTp
z-wq%j3UIZESEPo8Yv2VKOTpV4U2gI9Lj4F#%|#TYNOV*v-E6EdqF@^JZRcPB6(lCs
zXOWMuf-qJkAo;PDx^yq?-=&@xj`3sgH+9=c)Ut!fC`x
zouyUEP72U)&EcaXr1IMjXH%FIk{--
zoaZpBQ&M>+nd(JUT>-V{Q?b-n;s
zz>cA+DV*;}oKaOYFk__o6JzFDoe2QB%%&=4+sc#xrp}6+XbI%~-K=~u|5G8*>_kP?
zJyjko4$0Mpb0VPR5wYL#s!+=TOQUf7y{Cs42fg-agnw@#VcT2!qO8Cc6FS%B}qz`NI-$QKp8^&8|X>TO$k^+C8m%J}9Fx|6^Mj{4ZBk
zg3rMbYB|+iMW7iVIYea>hmkUNonxbmW8|?B;m{>-&H_{`e&BrrrOc46=X&OzH-qsi
zh5nG*o2%KiyLK}FG!>y;xi^C
zYG_L%)`xk5aIF`KmQ4G_Mkh8+8i+)q!2@_uBGHV&pp>X+cLC~Wc|!bWoxbZ(@|(7u
z=_OOlpW`jS>5C3a$C;)YpK!}V|X?#5G57^@Fu9=$nwY^uujhsCt_udx6_`l-%&B;EHr!a;GiQIkRY$x{0=1?~1K4|T|
zLadLa07W@i++dp?H7K%;zo6DJyTm06Py~zrd=?p=XLl-r{0k9lfo|X49bI@7EJH07
z!2&uq&xcOpFbzl7pevc0INSQEbLry5t+?Je>zx+u&4R9%&5C}fv1<$iM75f_1wyR_W)m$J9B53
zhYLHD!D163Gi*VR@m-T*IqEPlC)44_K*9MRnkfJb(Zj_lN*!O_3p*-awSJg
zqZy7X9SVe(N$2_gB6AB~$fP)}dNzCot$$C$?CYpltsn`xG`DibBf4e2ej5QID|&(s
zuwKaRqiMYd>+9T6z_l3oYH2YbEZErgl!P7xAPvUHMx*YvyHM(Ea9Zj)T*uY(8hHd9
zr-e|vswx$SGKvGd(?gX71dY-$CC~ZlpiiD6gi!Vd;BkZ1f%Q2*m}N0}bxRuYnlKcG
z;U?(imXqs(VTk{`>Xk4rS}{8!CLG&s4nfLrgmo;{>Hg-$3EAFw>bcxk5Ehb@jipqp
zMM0Kg5K$cSweH3`B+?dy%Y}7{MB414U($*~*^QYXftgt_2+qG3+DRQ-X47GGMrYF&
zM2lJOPp+tVl`|Zvz>w3I_=Mkjt8e)=>KXzqYdqYZETHnp@>ah$=&qlnX3}Gx`02co
zn>je$vA*z~Nx)@r?L4-%m%N0%z1AHcUmL8i@Vn7NCRM3ci{&^WJ8Xds#>^i#`^+oB
zGml3sz)Y2J%`sbx5&=!cJI|bEwV=^-;zSn1m*bj4jB5%ofw~b0YNpejW3^#avnYdn
zM5zm>n(viq?c0I~heCtomB>5l$Y6TF2v*)96
zS@TrMwCDBoK3Js
z+k5l1o1b~hc+{g0xfvFJ)ZtS-vX)ra5p(dW$LYJ~%my=kV=tR+$K3g=uF%T#%%AnH5tS*
zjJq>f?S{u^8!x#Rl)bU??F`JZY8ymn)pxq#x?y
zMqcE^G=FoN%+&Sjb4
zUtaf0tu(i3fuo#2kVNQ0ucmC*m3_inN#mJ`(K)zAqP-B`KfWw(7v)=KH5@&v${X{o
za^u_MN-f`pCb23C&N48X&H~at+>yWr$1BYNc&U?2PW~jPeTjtzBboGA`kyNcy$r$<
zFt5lUYD4ERU##*<$ZVS2i(zCa#n4w8MbL0pfPJi-n}}K>lqwgB#X(jQDSJ-SD6XSy
z_nMtGKcc;z3)p_9b|vi?TSj;oPDS7fb;!5R
z0Tz)7PacVHICj@*^HU7iQGt~~;ci4#q6A=`FDMkaaMy4=5$;s0V3yoZc{|E3Bv3W#~(tVI)wWds6=Ld&v@)_It)={EcG=Hd-S>7%X;2=*!%*O
ztrtU!qPcs6F(nevrZ4_tZC2)*`vRoemEArYN^pQG|4j1sbSuIVaDJOubUD`Hq@v*s
znBcs$--~0IZBchU9G8fu^+kJ1*3{o#bXU=sTovNkB$&9L#1We2KABiXsUHIdHjoIHu0v2WM$$u_fTIlwA{VllXISNV8P`ABbcTGc!v~f4IpUfySA7<3gNk{qqSce-V2+R8y7J{
zbm)k%zlQf@Z37QS&Qgh8J~jW0gGTt;5AtE?Bni;88%-9Nj<_BBJhyD{Z_L
zG($gUusPc(d-;5Po}e4h>$bM~BXq%H)VuaR%g!-ROr(4V
zQsfhh?+e4>dUt(mt-Ii}iL(>S*qC`b6;(|>Yu#;R_|~_PS7do|B;!-(JUlkX+ng;p
z-I`18^!ddo4bR~zBW8D?MxllWy}?XjhJ-BvI~ffwu1)UhjxG+w=#!VkZgJ*^S)eoh
zoWVV_@HJM}Xro~JMf_808I(hrH|^O$)QhVoZGi%QGKd3iAgUz9W|l{1Uc`GG(8}HM
zMeY!n;-a6#__K_fS>BYi#BlFOwM1U$q};`l@0$6d28!>?T##T*fI+nDrbcVxjaXNA
zff~wvYgp2}7-B-pc8|eh$Z=|B^810b)nnUycpazD@gzHa*nI)7Z6pyn&IbSE^V`_#
zThz=ve%41WB<~{QGVVS7Si2rdhGY^ZzpxF$z3~bMvRDJ44HrA`;eyFhPrTPpjDu|!naDBLG
zVIFuh;Jt$t!8Fk7omD~ED-k`~eBgn>X!^Zz^<0pr2i=N}M67)o4dgCuj}h2JnGTFX
zQ3cUbz%oeGOTqYc5i3kJvp5A0V$RbAFU6VyTB@(R|HavN5lTFG0fIc06gx&~BeY3m
z=_C>y8U>}W`2l-*!_wU62@4~qlGwG(r3_u7_>3#v(MmN3?QNK5lrFh@d!s)Z^iGp!
z$USpXFq&^axhcV}n~4oX;J896b#P(q<4PQk_muim=9BNTvj9buT1sYXot(GO%aU!5
zoUAK}QYzQ%kj8>7*;!{D1C=7Ix7k{M9cV?A@k(P6@nCcQCSC@W7|2mPP)0XfJWV2W
zA__lDjn~iSEW!)tl1zYYloz&B{Sm@Ht(j$=Z#sQIo#uR+OylN&0yr?K8?P0M+#Sz=
zvj76uZZhZwOW?pfO6qTN*5h%06|g+cZk#15fS|`#ov;Ayl28(i<{aiwayZs?;a-v9
z3qw)q=^(j@EA(G$lAatE&AU^p=ACtYgm8{Ef&y4f+_Q%H2%~N_)u--MX#|A`hL}c;
z^TMGD#H?p3nqdA9UxkmmeJ*5-xfQ>_%T0=3z${SSDSpAFvY)u7Of)cF>Y-y|1X*A@
z;v33-bp?L1XzWo9`(b($i~U&>i+f!fzOT=cUb)g&S6AJNG}`N_{&p#S?p
zrH^~1jPF#+AA0}u!+PEOl-hNJ#PuK4>%QWrezd!o7<$F(3`YNU2^Q^p0uABUh(6=f5
zd!^y^+j{-wir2sE59GdA-YN8@N^gCajKlk1e6Rfdr$uUmM(+|RDNGjaWw
z>UCF@+I54(^*{Czx$oPQ{;tyBQyR|agFhzMKl-nQzF6r?l)gjhkNu5&9)5q%$K~(u
zFsj#oLTPyY{r^&~A1l2>?>kD||BZhu*Ps2Q&~H`xYNg@*U-7@>y3hYtp$}I2#Y>
zeS^~Q`@f~%|JP5;_sg!oO|N@}(sjM>^AqE9?l^2GT4FTG6O^B*53pBsJP!)0vr;W{>YmyYjNdPV6~rN11|Ki9F*`+lX|
z|9(mjC_Sk3sY;)w^m_yP!#XzlvpW7crN6KA50rjV>8F%_@mI<3KSb#vrH7S%qtb6u
z`t3^ZRr+qFf24GIkKFIP($D>B8Q)*&W0c;gbV=zcr30mxls-@C^OgQ*rLR%?drIG~
z^e+Q?@DcL+MxU(XrzriafIi@na{U99z9OKX*0Iqqdz4&n^pK7ZE8Pm{r*v%e>%K<5
ze^lw~0{S5xe^}{rZjkGZzEa0V-=pLAD*fEAmFtb})A4?#KN8T_>e%SLkCyKn{ZSpi
zLh0gT0sS93{&S_DbCcZf
zK1!db^!ZAETj|@B{)N(yDShPQe%SQEpk7j107#d`rLqiNXJG$spC&6eb8RH-xn&qMd@Cp|0$sF(D6H!{%@rV
zExFHw1KQK^iqcmF^tW~VHl+_;l>0nP>2m}6MjijE(!W;vH%dPf&@=nwerJ`wOX(jf
zea(LP-01ss{C=fJ4#?+5@6_>WrQaFQH|yBwA0L$O8$GLX%;*oP{4)BWBXa#0D%}d`
zTXbyn<2wF?(#PK_-@i@iH!FRH(qB^gdZl~5POdll^*TPM^t+WlTj>u4^y51Igwl&g
z<$h~QZ-2aujeduYpQZGNZj;ZAKKKbTHu^M`*GAv1<3CdR$YXN7(Ip+9Qu<>`e_ZKD
zlzvp{-`+0Y|2w5mJT7CS9UXs*(xK8VrQf0SSxWy>>0c>bI3f2l`d}R!eWH$yp3(7H
zrO#9Pe5K#gmirm~P91-j(mx95{ZGpEMsLuu(Gxm0`V<`-{T>}ZN9ijA`Y$^Ew9+$A
zlHWV4bf|Po>8}R#<~!tiqtDi{(Vx=sE0uoRDY@S0+jMO7);r~Mqj#N_vC*-PjsB>P
zU!io*U2?tA*XY>jn{;gSVRy^*Mqi@imn!|0fIjq$Ua$02Kz~ffKd$tB0sU(o|BccY
zot66;z3%Jz4fW`xzX3^_;pI(8_*+9)9aP41@zZ-{AQ*96wn8JgM9yiN`Ee(
zk9@j({wSpfzfs0UPwCj`$G=HF|Af-d1oUCwET0>_S;t1(&ydegDt)2S7b*R@fWBGB
zM*mR9M*q8xjsBC4jsAy@{NCp&T?*(}$3}lz$FEZQrhs1i7P;RumA*ZopVG0>FX+nk
zM!!zSN0mN3px1P4^kq7JxzaZT^nE&hztV^H^<$gv#sAHoKS(DF=?$fc+zK)Gv)3MQ?
z(ebO5{+iM^DgB~>+~4RUb!_xobZqpNOLD!@m+RQ*YjkY%o$GSF(SOsi(VI8qbECaY
z85{k8j*b3{jz6vR@KCNd`Xn9Sq4duJy1pgX8-1mYjsB*NjsBC4jXvNW`M%LZIyU;_
zIyU-?IyU;=v3%d?eI_zCdQitkFK^4|Mn9@!qX%~6^MgvC6VP|+*yyKqZ1mPE@_nNd
z9UFa)j*Y%t$438D#~)PsC0FHsM$hTk=rtW1{b?P)O6j`;`bixd{rqckf1{7pvC(5X
zHu}Rl{t=~bRQjt*|5rd?{7kvO(T9DjjE&x{W24`qW24`#<7X@V0i{2v^w*TWN$Kwg
z^j~!RX{8VUHu?RpRQfojH!FQ|K)*xBMt?xZKdAKm0ln|H%l+@C^rnD*zm8w5^vwbN
zppK3HhkNCIM!!+VMt@evKd1EX1N!CPA>TLpGdg~?(q9hfU+DN_N+0kn`Thfye!0@G
zP7sepfA(0(XaU~x&8*FcLekqIySncW24`tW25iX
zvC%)%vC+@|Zuvc?-$41|zW229FzFx2NP(YV-Z1nXyHu`BD8-2hFe%Q&$Cs48MCnVF{zO23NykRttz)B~)bXd39{hg!eWQ2l*yx6ijlMv~M*mdD
zMj!iPx!+AnM*)4dj*Y%i$41|!W25(ZiQLcVjXE}ZyN-=^b!>F3W23LuvC%i{*yum#
z*yxwPRDS;}l-?B3r|a10%XIv5rLPI-n{;gSojNx9F&!KIjE;?d;Sb337`<1=M*l{~
zM$i19TyONZb!_y}|F?W@^c6Zb`sX?}y7!0VdZV}N*yt4<8-1aUjlNaKMn9lqqmO@?
z+~4Rg>G<_Z|4HdTEB%_6%k`mu?aU9$-~W@+%^#8R&nOMAfBH}B=Sm;;DjDCcG`#-M
z8|Cw7EB!mAH~gynJ-q&Veog-V)Hexz!LJK_htlx+FVVkWQu=pF_q;iN|2OI1AMhLU
z`H%iLq3=~1-v4I3?pu}Gbq{(={Qj@i>;6rtU3W*~`j-Cgy-Mx6XC|&+c&q>}nUt
zn=*drZ^fTyq}Tn1QoHVa;`)Ek>z=6hwd-D(xPC{k`%R^G-ESnWU;b@*&L3C$jks1h|6Be0t?!V}&nbPj((w7e`JHmzYm~lK
z=|3tBumAQxmh0cH^b6i2<0mQ&um2JK`^S|YdY@dsr8K<$CGVBb|5@ov^tzu-T>p^w
z%k^EQkNAL$zfoy;|9{ZGKk-lHx}nmaP#RwUY5n_?J}B3p`jF7?RvKRa5&iqkAC~LB
zS?TvH4X>{rmL#n<`%a(7%`at|>k9k1~F)
z((wL&{8{(qKRy4mh5nS%*D4LK|FO@J>u$P_UVmSqZ&4av|8c$UWx;j#y`Ow9y#5B2
zvu8g~J~w)gj?3av?7DB&>y5rz$41|y(HSNgR|AFcFBO7BoQ3g}C8{8FX&d63-C=sq2X@gn>6@5@ThD;+DH
zD1Ajhe^wYqzzp3Nj
zQu?WYKJ1I+`HbGKW20+2Hu^jrTO5nUt=QlHqkeAmArF@O8@)ltMt@kxKce(KO5dyW
zpOpTy(tTen_uH@ZHv;-@9UDFM5V_vyH|f~udvyF>rT-YvhyP#leWNFJY;>Yyqc7F5
z(bwtN=(~0NM@l~v(69Ou`Mo_#pP=-KN(V|WDgA+f{MN-gds74Pz9z3w4jF5fqLO2vRr393DE+TW-=Oph_Q>Z(@7A%=k&cai
zuZ}Hl$l`>ITD;K036ZB3w_w!b7M`p3c}+lnPseXp`X@?1p!6@5{*}_@ua@UOuk=zt
zKcHiypVG0>`#nOwZ*-vJOG=*=(7)5M(Va)i_l>?($3{P@W25(Zlw5DLt>cqQKkIAc
z^Uqd#E}$zqHu~*1$o2OsJ^!^bHv0QI{sX0dAJDIQv|PVO>8XIe_%ZUi(bwwubxJ>~
z)Ydf>k7C#Tqh4?HD{qwh8-2cxjlNFDM&GC7FkbHc`u7JtR_zV(n&zSTgT5<`s+&H
ztn?29`WYP?{lZ)1_l*9$j*Y%c$3{P**ZrAZZ}gKoHhSL!@_R-fs^f<#{f2=4
zXC1#r=^qF5<2wF?()%5h`y2gv9UJ|Oj*Z@ZNUk^fTRJwn=dgTk^fnzE{U#k7{fb-V
zdZRados5kh)v?ik(ebC1o;)ho8~x-HWNh^IC;orjeFvOX#TEBMP_YCnSP(@)G#1>q
zu&~%dd&tt+T@_1wEV~a_*v9VC>;-#6WA7q1M8%GpXe=?tipHq18yl9WvBwzw&YAQ7
z-*@l4`?jI^zTfwLiNpQxxo751IdkUBnKSmxbhlyl%ybN%nO=kErATl0(%10J^iw=D
zO$;~wOgF_d({u2AF4C)!vR}|2WeM=RymZ?U#-C{co|ztoXQt=jnd$9#X8Hl1eg7Te
zeMee;Oq=n{bmo5ccc%04%=AV)GyN-`UqJefmv$d*{Fwd*&rB!dndw=0X8H!6nQmTU
z{FwH^b6=!A$JyVR?v7`sv+&IHoQX!y^cp-bMf#DKrY9NwRHVltJsxS}WcxeQ2k^{v
zvr_x}=19kS=~6s1y&KO=yOr7dOpEdC`w#j43ZxqYdZuUM`7ET5d+FDB{s!rK<(B{Y
zNPBzf+56ky7bCsSOCQBE(^v4!^gBE=?QwwdW4be*nNGtq(+lx@5z=K|T5+K9n}&3m
zm##a-{@xYo0HgzvzTu_2A7u3Xk=A+X28Y<+H$+;F)c02*J_~#&rGM|ndt*~X1W^B
zOgEZp{Fsi#^EjkUUV0LqnLdGMrXS<^6Qr+I7=NZaPqSyHHF#!v4W60)fM=%ND(!uy
z)A7u7F`k*eh-aodRN4DXN8_34v3U0V?}*=mzcYOo&rAz4#-C{h&(o2finKNVqt^T_
zP6MCIy!0_VGyM+FOb?xI%8>7I^)lD(|UVmIt|ZEpTaZKVGTylv<%PXNRRf?k~v1tbSa*huEI0Zukg%ty+(VV
z>0~@Jy${b!pTaZKO`Gt2NEaeK9O*?~`ZS)IevIc&kalS{eoTAdndupLW}2F7^h^)L
z^Aw~@z4T!`GyNFPpCB!qXZ)Cs!86m-@XYj8JTu*LzP-2fdK_Hg?<)4lP`bON54K89zeui}~Mu16R@
zrZe%(^jbVKy${b!U&b@jAMwnz=1Aku^f){pkMvtF?S7Qe_dvRDNeiJl&ps`o5`Bw{r$!(EWI6chhAmRKK)go
zzZ~?hfj*Uoe&frHPci7%0bS2L^j)tu`bU>o`WK{UTw~8qBHd-FJ^SU`*?Ye=`YS=d
z7xJk=dLB}r|D5YA-v^PthV*r$KK;;JjeflqmY#iwrEeki>FYrE_3cLYBj|3p)1H0$
zk3jz+=ywL)IeF+0zRmb70(~jyX5^tSzsuX)zo6Gq4PTcf`g^v6DF@7;#<
zRir-u6_EQsy=U~T`7gBQk3c@%-#30tcf~W)eele*4$n-l#Pd~1Uqbpa(tSTL{!BA?
zW_k{u&qexIq%R=tyxQJx%^!kvn}MF`csx%)T9357{tFFw?;NDNY;WtY5~O30RwJE-
z^i-s$A-xglhe#Pm!}mv^UjXA-FyE!fzqS2i-@f77Ps!(9@MGHbL#uD5z3}YsUvCTi
zBrkmo&whLce?N+JpMk!;``e%6z50)=yi9M!^9rPYLi!leoj*2ursMEDs=MLzL-@Jl
zT`*2XTjNu(T=P&qrf=f;Eu=ppZSVeaYx|MD{mi$AwYJ~Ma_#?#)$0LBZ}HMk@yxXJ
zpGM!>{^pwQXEL9&k>6sZi$1sfnO=+M>yWNQ`hPqAL3`sDu-u=b{7g6emwhkOUGU6w
zZ#*-djprJqry=$C7ybPtf4_1CfxzEIu`%27b
z74l=6`oikNw-@{N;nwWI|G%AI|6iX^ABA?vcQIDT_>94-D@xgRgJToo9b8GhYHMK|ozjmH;48FS>=`5s+ymSeknf?*a
zOy9us&uyRmrO)@V-2X)Rnf`=lroFzh{=;-HJX0=HPxbAiYkHoI`HV+?Ow)Mw_YZyh
zWNYWk{PST`!S`#V-yq%bYx{nGeb?%9=R~K(4Qu6+bxy36csv&GocKHz?~+*DKaS7Z
ziQ+%S;p-%>n~}??b7I{@adRBrHL>N~IDEatDaXd)>r1A&K{GoiHc0f2#Wze$8XHId
ztHk11yjx<$1#$EnC3cQ!jLwOTr9A88R7B^*CW)!N;_yuqi$}!an&j>ET3+>naHdnW!Ei*J)tb_F^odgZ~l
z&4X{32k)H+-#!n%Lk`|akS>XT{p9~)Ljl%GEO_BDWoD1y?>(Jw6K^eQtlaNbtDw-{9!8{ge4V0=yIYE%BFuujS$I39jW~
zkk(x>EZ343J4yfV0(vuXBoe;{-qpkRa(K_gqv$83A1}D_|IH;f?oyJU{_27M?ncAE
zH8^n=@T=B04u?QS>gz4lL%{|%zT|cHV?882ob^!X;s2Ev^?Qc`myzRs-K0JgKNfgb
z;JXQ~-^Ig4Ujv^EyeAItK8*q$1AO%*_Fa{rUj}^arH1ze{v_~w*0%~60{lbZp97x)
zd|jy@Ezjr;jD8>BI|4ru_`$$O0RI+;xTXU?1o)evC;!ud58lxDiv)2$ZN8S;rJ+ZB
zyUg)$wo9Xj--~={^z4ItHP*L&?_XgIy&U*Az#ERSauxz-e{KeU_RlTlAIfJ5=ylxc
zZz%B9z#9xs%mQ9@y79jU_=&)Ko?-ZjmL!$|f8tyN(!k#VKK)_?x96*n8c
z1#o>&@w$f%|IVs4aV_v0Up4$d`F{Orw~K3+&E>sLiA@tVG4oLz{SGdl-1)A^@yVSp
zh67&#Il%F9nBZ$Aa_8A9hv&}wvmBq?d94ZjS9DZ;HUeibvtrMI{g+DzkRQwQ
z1n3!TjWcD>^^8A*gzXPLhXQACD37-eNKaTm8@nJCC
z8sNtR=b=Q_|Kq?JM0Yai*As<9%frKvy8u5JID<*d1O7B{I!UnqY`T&0VQ|R<$OkwN
zEo=|`4&V$1I|}vxo#5Iompo|w=UL!$H#YtZiqoBZfHSBozjvKYjGl)F*xwcjuKdsF
zWc-=$$G~s7-rAS**SgXuN?&lJ;U^*Aoq-?yo(a6OAScTO*ZO48Q`W=9z!{8#{oyX)
zG*T9Vf3MAq4-duiyQT}S`0O#Q(%8hTpXXQ=CXC~--_Ax#*da^tx0B2BI
zsTTKp1~{Eq$^XB=d3g62&=>bL{yc0Z;@AC-0?uG(vw`0uxYonY%dOuo1-`+K#)r
  • GXiQ
zlP@hldsxP3k)#Y@C
z`a(LOzK9-O<>g;K)QIz+x`OUi|B~)fUqZL3E9n+>72T-*6ol&(-;MwhDP!=PyY
z>fg`>>fh42>fh1X>S{VeeK{RaUqO%dc=@lP2h_E6ulh>5OI=5|sprxy>M-4?zKX6@
zUrkr2>*-Q;gf3EFLl>wU=v?)+bhbK5XQ+Qq2h`Wmqbt4q&!Y#_jdZX2db&$}1Kp;+
zk#12p(T(bx=vwv7bcK38U8?>AU8MdaU7)^&&Q;$^XRDj(4E1evKz%zs+U@0k0X?8@
zp?lSTqPx_8rrXqa&@JkPbffxCx>kJ`U7=n?m#Xiki`4hf1?qe0T=ji)wz`$hP~T4n
z)DO_3E4=(KrU%q*bg%kBx=Z~K-KKt+Zc(?>jp|3}TJ@uJg?b5Hs{RXIq<)MpP(M!R
zs-K{<)g5$(dMO=HKS_@+_wwIK52(B7UiC7%OTC<}?x8ExtLReo
zQ*@E~X}UoDS2|byH#%Frn$A%FoerpBy{XE^G?xP#k
z|DbEtFVGe0wREZapLCJ>MY=%!FFIHK5}mE?r!&+q(*gA>^k|ot|8?|$dVua#ze;zh
zU!&X9uhT8+LAp`>Z@O0f23?_!(WUAkx=8&dU7#MObJcIr+3FEGL;W@#P`^Wuc6#|=
zPY0b2)x=Z~o-KKtzZc)EaH>y9NYt0Gt^a3;q8YWX2qT>q%$2dyyvRm%?>VEnt(%l}k*K%GJNs&}Bf
z)H~8`>YeBobtc`Y{u*7Y{yJTuo<^6dzd;wNO&XRGCh#gTut{NNw*
zua*y5BmW&<{^f&;82_rX>0b42beCFwNEG9LwfxW~>R&BC9F6h6`a5*3dJnonEgxvd
z^`ClAx=1ZQREhkn_oj2z`_S3y96Ce2FC9?tM~^
zd-K9cTI%LiYPfA!IHi#kX*s((P&s((mVs6%wA`WU)M{Uf?SEkEdp
z>tFS8bhcVP)QtA8KAsM!e@u@)=H-7jJ)kb4d(|h#{+6S_rROgF0K2aD1F
zspSWCaQ{nvGF__v8C|6QIbEPWh0ax%4QlCc`sO5(eQ2*)+=xlX4ouQTw{G$I;
zUqp{C@$xS}5QO7jT|xJ%Z|Bl_0@ER
zx}GjoN9ZE;HFSZxfzDN5OJ}R2bcXu(bU=L_J^F~3|9SL)x{>ZxUr%?bZ=l=MH_|QY
zCc0656J4vmnXXXJr%Tm;po`Rhqzlxy(7Ebc>1=f~ouR&s4ybRZN87#pFQ5n1Ep)H?
zPjr|1&vcvm4!T9XkZx4pN!P0HqAS#k=u-9FbdmZVxh;~e7|
z##zRh#%ac>#^ZRUC!zk0M~nxJ`;GgIR~vU5cNn)Dw;C@rZZ>W*jv9xJtBtFS%ZeZulX28IY+P+zWn6AtW?W)iY+Ps@
zG|o59GtM!dVVq^0X`E)9YCMitf)ncBc*J
z4&!#?R^x@n&Bjf}QRA?2wQ-ekxpA3siE*)Up>fbS-#E`W$9RTumT{(WnsKV}IHn9F
z)W7kF@t|?Pai8&O<8I>)<96d#s#g~rXsO~z54&!#?R^x@n&Bjf}QRA?2wQ-ekxpA3siE*)Up>fbS-#E`W$9RTumT{(W
znsKV}IHnvX)W7kF@t|?Pai8&O<8I>)<96d#s#g~rXsO~z5<
zuyM64&!#?R^x@n&Bjf}QRA?2wQ-ekxpA3siE*)Up>fbS-#E`W
z$9RTumT{(WnsKV}I6hgBQ2)jw#)HQF#(l=Cjk}FIjN6S{jTag>8#ft8jl;&(##P4U
z#%0DO#>K{k#zEtJ<2>UW;~BBB7aJEE2aWTM^Ne$hXBcN0XBwv&ry7srlO_rEZ#-f=
zXxwkyXS~|D+qlEH-MH0wp>eZulX28IY+P+zWn6AtW?W)iY+Ps@G|o59GtM!dVVq^0
zX`E)9YCMil+$7Y$@rd!Daldh&@oM94;|}9?<5uH^#?8h}#!=(2akX)kak+7safxxU
zaiMY0INvzWILCN~ah7qWahh?e@i;ztlu-Z1BgTWq{lkCC0_Zg~mbSeB(Uh9OD_rS;m>hX~wC>IBZ;PTxDEtTxMKiTx?uu95l{1
z&NI$2o?)D2oN1h9oN7G&u&ICJ5#vGQe&asl)yCb%9meg(t;P$Dn~j@{qsC$5YU3*7
za^o`N660dyLgS!uzHy#$j`0lREaOb$G~-m`@rO+P8;=+d8uuIb8Lu|(HtsNPH*Pgv
zXxwbvWE?dP8&?}w8J8QE8J8Fr8y6Y}jq{E3jB|`<7-t!08mAej8jn9{>fd<8c+j}t
zxX*aCakp`Yal3J=@j~Nf<0j*%aoD)pxXQTPxXif3xY)SRIB1-2oM)V4Ji|E4IMX=I
zIMsN(&D6i~i1DCtzj2@OYU6I>4&!#?R^x@n&Bjf}QRA?2wQ-ekxpA3siE*)Up>fbS
z-#E`W$9RTumT{(WnsKV}_+nH4#v{gq#{I^9#;c9HjXR9nja!Wu8aEp^8Apx7#?{7E
z#^uIk#wEtZ#)ZZ~<9y>h;~e7|##zRh#%ac>#^Vo|`Zpdi9yIPZ?lWF(+-=-p+-}@z
zywJGWxXCzb95${tt}-q+E;BAME;cSS4jShh=Nac1&oIt1&NNOlPBk9C-_*b7P&7Y)
zu%T$`$5<3PbgVKn)R4Nd9)E{BE4Q9lm%eLF3jVj;{TJbTC15n~Y58Z*jiJc;P}kc>
zgu2Ey3k6n&dN)??gb4cF2)3G7cQ&s(z3tyk-{s?){3dLhQnhz+s4oA_tMO+jGFZ7?
zs3HGsERTHy-~Ec6H8C-fV|eid3(SR6T!IsA2ON
zGm+F#BpA!>3^fGTh9W(&WB)xdQCI!^6_@TKOXQch5uhjb-r&Rp7f9x0!HF9uCK`&L
zub(<3zgAvb{rtq1DJhr!jA8I|Jq+_CHfjhyU$^dvx>YrivpYM)#(QDcCmik2{Lq?yN3zv;dhJ$Wxzd@OtJ@W?``hp-X11N#P9tzk=l=Q0~ll@Ei;LB@F$n&o!XVpvOO#fbxRbN89w5IxlAR)dWUJbnZ
zsjt9xs9U#X-KzB_txvi^hIf%_4>@b4vR2|#`k@Hxx8Xgs1tdLoR_H*d{wq^sU;C$1
zyP>)jGfyd5K2J86_JXD|hOlERQv&>FRv=|w$#Pv=_tsQ@D;h&9iUvQB9p>S;yV4)U
z-wnlM*wIdGXxLHf+KGv$eDQyF4DaICuT};>NLd;DFfdt6XEG*DiX=2rwO&#gIy|`k
zl5fjj>5rs*Z=1?(y+6~cwv=D4PZ{1WR2Liz3_rUBNQvi1j*e-_ats^9Bp27=3#9zJ
zu5-5dh;^=07hpqKlJ%Oqq^G76i{yXYpr>Y)Badqmxi*pO{7j8O5_#vV5_w51wnzWO
z#MzO$t&n($ePzuy%*HA4T8@Qus~7Rve5N6Ffg8^%Z;6|Y`j00jhPU)@jGgT+ft)5X
zX9NDMTQSYw65?eOsanVAvCT#JLMi`tBi{8DyX)}*cgcUFd=_|-Hx#c+e{_elBlBzt
z`Hllt==YZ+IZh_)M)9YUNo_=RZ|%?Omn=q#*G5*=2cKvDqVrgm4M8kl8H&6Rd;bBO
z)7S8|Ui75W0#O-W(KoZ(EM6Z9tieh&$ZAAbxK<8}Py?H5tRRAxi}HUk;mDBkJ{gHw
zf>ym4iCH9xxx;_7NuM1JcFMLlOS_B~c4FU)(PSkdf0yMG@8T$Yr0@>xZc!*&CF>Di
zPwX6gSv9hJp11iTd}tqqf|iCu^;^!NIwRhPxI4KLq1>|j;d-2LUPV`k0z5gfmDIj9
zpRKOC9tp1rMVc;Sa-tXGpQ9t4_2CQfhs{Pqus;2f8mYXx^?|vam0PZ4Flp@dNIRmL
z*D0}*ZjAHf0Fx!@k2Fb~_4DMQaDv1`N9M_a$E7_rzJsnl)Kjw#Yvg}i>l{AOyvs_b
zq(~9{1cw|~xJ`Q}^zSs*)uY`x3EkdXGy}g?Hv9_J&?I?9l`RNG@&A#3NObKVPE7Qq
zK69s>65Ksv>FtQ9K6pFBN#2~W=f<2}p-3c4D39rkSdZ|N-}LtH_GhW=$PjQh28`CT
z2WbdPLgcqNkt4Q;^e&BgYsQ>Dw~fhRNJ(e)kQa4U$k|?&?txz-a%;xvKy`;zJ;4QO
zPL5DZ!A01}sqo-pw65D^c0S!H;OAcAViXeFW&K|e3rqf+@5>6O
zVQ-J00Py13ux4U{`5fLn{Sg#eL!mU+?VRR%*zkc~f97ub+>`!J&P~hxh{HSnN6?0M
z!D%W~yF!{Qnz7dpoEY+2amO5#plPiQsoO2wEG7R9RORLSA#teUo>&;Mu^MIX(Y(ul
z;bijde=+@?668w!oKZvSnmaa2sp||xQhV?Rwx|g;gk>jg-IrtZwK9AK7T|=-74cTE
zyBAa&!jI8XCa;%cy|CEvq4*uOP^8OS!mVZeg3?A`_Dt*}d}lvlB{EQPnv;RT7iCye
zQ#ZDC`qkxVG7;o%r!Y5;rmjbzhRvsh=7*x0ugeC3HQ%3Dmz=2(YO$V~8VbuXnw0BD
z@ugcgz*&<9_y9iz<_0)w(g1nr&D{XIF+gyE4qeZcp580vp4eXaS+!7PS%@{q&U`I?
zXwhL$?4?B$6GN{^;b8qzr<8hP-${((4J0QqiY8wae~>6{wNadiuNnJNaYs@VC-|cH
zDWVuY)l1XNVM(9#Cv05DlsI+MD1$aBOCCXNEP4?2A;G>LekDGo@5OcxepYa})J;mf
zbsg$12{pJ~rrRv%Nw4XxLu(pFUl3|&n!`4GpzCG{FOVNd0F*&T+uXEdk##t1-0rcMXH3f(@q
zz9FSv~e~N6HWnO;S!uLp$nPIV}!tu9Sjs;*q%li@=|}3<({&tTKqG
z#4;ShWf9s&P4&d|${q0Ett+>~f72?rz<;-?`j#(XC^}oN`%v&~WWx(^@#nub#EPnQ
zk>Zz}O}r7Ax0}$O%Nl|&;p}kevg$3JGxr5p5D9+T5d1Vcdm>W&X}B}JsS`&?t{a1-
z4lA)uU`_fXxHs@==*(4Ew=NV|g;XE1ta61D5zd90Q)efEWnAQ>lttrDYu#JU5fm?k
z5IQUwk~>@V#5P+jwf^qP;D(f%>Ua05l6ql_+Xj7ceQ?8YCKm5kmF_M6Gsf#!jLO>J
zRu)q>^aQdXVYFvWpL+)u^#tF;f4K&=z&;iCi)J!5*K$qZbP#g7nf$!|eWoqj*~~lg
zz0KZP|5=-DiQUT)=-aNL@I73CX!egrFKil=T!Mtqs#c+v(K!|`F#{n)hE+YWZ^(s!
zTv_ZbgEpxKEas?pR~h~^$Wqjx)Z*d6C6zp^*s>zHY?G$=N=@}EX;nEIVygVbYxk;D
zT&b^)k$gKR@^ObExiTo5}*|*{Ys)_U0Wg(n0a+5&fduk$C;$_qK^2_@not
zC^wro9GGVgjCg*zne-yKOSOMZ^@saiek}fb=oM~nD+jc1r@lYE{a+&8%$R#L$o;Be
z=hCV^_~Gyah-%;T@Qr%h{*R*jZ=|lQavMY&Ob@^Izm~?m*#2^%7r~VeL%E&8zvQ+~
zv}wBRpur8w&U?2PCMM=~rqA6O1DciLOso$yge8~^TK7wTgo}8Vs>+@;f`NY^&kQxZ
z(jPoMyaK~NFRm$7Uq_#Wj4yIIoo&RoAna+Q=ODeoM
zXp=ih8nE-jUXrXgkH_yuo5`5m+%^=5zS&Ni
z-$L8+j*dyHy&Bi5zG~lv$#&Y&6ggVGL$xP%)O?|HpnQlkT+;P*mmDOI;y>On$UW0P
zjllj(S~k*!9awmp3ArFKq?X=g5;)fcz9ccQljh?kq&``QC;qCN6P7!<$VCk9=;8w$
z`LRaHaP11|@g~2g%)4=+NV^5lG1)9(paA}L63N<*{!6+J2t;Ue9rC-(Rf)YZ$<
zuxokDI`>E2)HS#_v!&0%|2s!$gtrIW+b`%(&~em?TBUF~gkI*@gK9D>S
z&vS5uO6roc@dI25J8?Dy7f63DM}kIHB}anE_)fZo90}Nl2Q&WNJn>+z4_|^*B*eCL
zO@}N?sVqZtuE1YX7(ZEyf1^#LbCmz7&^clrlR+l$cFB!l=eCyjl=XPjtnYAnN6v5Y
zIM?9W$8ZKyw|RQ_+>LHkh1`BL(3Eu4RGu(=tZCP`AWnZ1_7Z%FL>_P2PJ6%qM#;@u
z$pb7sS9cS{LA-Rw`#JiA6Zn$goHsgMOV%9M@=Chnt?wEc)Zo)dXyyfH4*oI}$
zij_UF(;kuiOVh^VB{uEtkODSPXIW2dTO`r+6_p7ieQeni8@xd?avsihu~f-O-HJne
zBYnxmWyr;RTo=v5by2;|Nkb3=_*q+FIJ_9?TPzoFIT+8>2k)t=z9*$pF69;n_~+D6
zL+ZQdY=#qBN(eW@hjE`Hb#K=Zxmd#gKeqaB&i_Imz8Z?G33bIbL(Ho}JwaY)BaG~A
zYUohxsgBpv*rz*?mVMU;@2#o6cfZRqoV@qY%W+quxE{rdZGy-EM+5XzyuU6j@b9VWz=kRWLhZzp7g;4K?0OT)Ln_xzkw<-j&d{D+
zp~%yrL;vxs$##7euEgA%W5r7nw~OGW$$b(BE)9p|pPU;Q*(YxmS`
zuyfQKZtDb>TzU}7b%`$>g~^fJovA21-
zO*qCYb$Duz@!vcsN%J4$GqL-GV|)*!@AHrGKs*;$J&Rn(?@uNjqVfkg@5)XcL!4^S=E<=PY%Qd%4AxQ7261)?CTX
z<#jnTG&HdoqV2OJSVLIKR3FhCfHNS^Wnr$xQ97LmkF!HC!y$JJPI1U01Ydgyhf)Z;
z@Rk4Bq4W!v$?^Ux=c0~b8^Tg~ZdqkqZ`tu}GJD6i#2`I|?o;*kW@RB
z3D3g0#g^E@S0v7+4`NfdqAo>aj_n{7=iJ=Wd;DMQoG(YYd+y&8&2J5Etxu6W#9wLn
zn)K&h7@YBOa$D>g$1QKfFM$`!IVF8=mGnUNY%YU{-O}gcrmCF8PE8Mg*9(Phs!qen
zLEbpHPYPuWXIB*QeJrGCUgRj}kS&$*cSA9**!ac)h5`SS(Dyv=9*0h`+;Y2Y>_l|M
zVw^VLl51R>ntM5B7^_OZt{AK9#!jtH$0N1ML+i%&tNhVWfh>!iS~vEM^sDpmcfv!q
z!;l>BsrkN=H0P-~3Tx?Z(pe!%Cm{_(=Q{hXU%H>Wv_O`g=q)|fUAng{&G(i%{bf%q
zQG+e>d-w1-{4e-bA?mU#|pxMqNA0$kFeO;sHb5k!{z=O
z{m$RGfmfq16gV~Nyq}j;qib;r@?9l7g;Rl7qpdi+hO_YS;2znxlbRu{AG#d9!8{&j
zNuAyAk^G^#_>cBAPD`o4cK)M^ZSOc9zZhEe#IkWpH=BH4l7byz?Pkeqr%x8)C#|~4
z8r=VgoiBHWlE)sGp>JB`J+TNy3g;ac2_}!w@m3c5CV3c9wE#u1$gQ(XT#F~vS)8+E;tq@^s`x^bS%v^r5sq?f{K2gl9v@Ok^9m+Bg+g
z?31pj@?QMZ_m)mT`+edw%3^DbCvY2bCgQ4ZNa!(^F(z{=|$4+zj1%O>|xg
z9%#$@$kgF7HuB*!on33DFX4@!VlUJ09pPm9B^h)jXL<%smA*`W4d*Ja^gc#%hEpeN
znw90lXPXArk6Ri3Hp%i|f*9OZ7saW@Y;w6mr=gj*)FM7T3HOmupZHl>2-_Tk8CK$y5N|5{=^w6F&G5@msGexooB(p^_8b{mAv#4DPGTeNbl5Czmrxa
z@9v24bXe|Utw+O)N7|6$yd|>==Yl&Be4DDH59^-W*CkB+%M$3^>i|N)8W#(qwg>%7sp(vG{ud@{E*s{~{eTCnN>!)A5f#X3lL2
zJ1cu)7f808XNFEU;64lGg;=_rM-o=bqXsuU&*Fx9$a{e2-|8cr8|6W1ST0E7&pe(D
z%ckK&B!&j}AH1L^H=`Sz=abHTji;TFFNQ(#oG!2J5T}=a4u?MiccNObDzll3d21me
z-5D=4-CQy4N68u6y()a+dj8FB>aWhY9?N`t{F!er4YLlx>n!PWua(xPrEmx~Go`SC_kJWjEQN<~btfraE!S-E
zQfT2~mO@>ftdWate<|eq($w3?ZCMK4&fhGBzwmFj2JyV{CJY$1z-iH(%dST-|LKqM
zRGWp2aE>gz*ld2H3CYdBFAINQLhd0U!p48ZP
z<<^lKymo~gF1|Y(USI8-)bY373M??39CxnS$04v&!o
z2d60X!f&Ayi3IWD8UDiiXShL*SJ2`o+09K5}z8yp!fwdGijw#OxVKi+h*pOU<5<6eI08mHZE8&m6X|bJ%`O4nv8|
zt)jEH{=rJ6=(00&7Qf`X+iZpoFjyibyAARN*eGWGie6RqqjS|
z!#jF%w*wb*<$NkQwXzKVVyJW)`V>x1Sg|(I;hzRb#Umi-{};fD-pj_By!Tu
z`|aLNNe#yPa0rz)P@_NoB@0jf=-sc
z*DK|o*sqb0#9Qt?&h3{4axVF6B~ppZr-U$C(kJzqiBTM!6vbR$6!j9t8>q8{D2}``
zAr`3{kwBetBB|0aH@WPCu#3+sU}J_IT0mk`&zqzUVHN=$>K!!*-00
zZF@wHmR;(_;a&gDj>qb}MeDDOF=@~7o!(syM*NRZK17+}wttWn`tdK(Pw3pLzj53t
zJw1=wkv*Jdo+l?P4n^hOBvYpsz`w>J8HvxHJ@0A>>coA#-2b@9-5`Dj_@Z;G-uazm
z#6P#njjF-zExc?xy~StEv^o-nICKd9V|vKWs}g%i7RN0&OKIT>x+iw=!~RZ{Ygbq3
z+7pu3J`i7fQ1aTw_}Z@}ue~I`b_`FR;z{Lxi{oowOkVrl_}V9u*M1|u_O^tzos!AN
zaara+O>lQN;Tpg#g!8dUYzx$5{4^nHc;|>Wk1#C3MIe&~bUsn*J?4xc98dn~`;-
zbZi)#_oU#Dlpzd%T*@q_p>HeY1+1Y=rGG}&UbqmGIaeQ|C?vgT_EViw*~N+3AGiYp
zD+&Cx6BzqV=kbqhqHfZq)5hBSbgegiOFQ0g{R(}?weGHTisu$sifWL_Ifzm=8k(bV
zcoW2sFqv`YoH#MSP*m^1+%f&ed+n&E1eKZt=tuzlW1aKE0C-rQ$H&
z*v!qwUopHyVusI`xn#p-ZjHDZcej;^XR^X8f+uG>$-BH#K9;8CZUa8Ech~
zeb&HplQY)xKXbFspRx8J#$3FBGWQGS;C{g(+%G`KzKOY8PEI+`>M5M_AA1Q$DvqMO
z-EbsC^M8qdVge)+juCAy#g+1xF;KK;zOTaoqkL3w_G?nx(b)l|QpQYkM+%0l;nz*wbpf&7Zl
zF?c6hz8T~M&{;{&CI2waDql?i;~53V%Gm#4&KstF{XabcjQx%O*^@gf@e9rZy8;)_
zNwdJt!@^C?0`s1je8GL}JlQ_B@bi!g?ApR``Y8$wMf*iM7;;l)iD
z>&hdPuVJjXGWc
zcET-jJKBTYxn>`*=f*RNXx=&BaK=VQHQ~mGo2FDuPvpg6G$AE?E^&Cdo6_{TBk1AX
zeCk}Ym(G@p$Dx~isoEkvoF)5n3J(LlbdFNf=WfYVaK@RAf49Tct3HLAWcSS7bH?OY5t-*pPkTjei
znI>rot!H9k-KT-{Fn&N8E1G5{)$L&$)
zJYV2;d79}x>|+{snC_%uXQly*5W@pC2&L7w1FKEueCkoK3mSuSD*}6T=4VXa?k;92
zvrXkawyU$JTxa~TfM52CX5RBnSWu~EtintRP{q5$T7+!e6u#2Zr-}Pa6&&0Pd
z6&Hz^6eLTX)+v)PrSi0OE=Nnkfl)1ekX!IxIkG9r{Q|cK@FrnSsm${JOsm|%`!jvg
z#`T`02dR4r<&XGD9szmJqBvyDk@DEmt8(7;NoZWV%S$2gyFQh2bsi0S(H38Ya_z*i
zu`>Jt_JrQ+bhdP-_mV|!+Pys_
zahE9ZlRihFvWDaZSG{|qiM$cp4h^F~bd}RwzlV5yw_h~;PT2d9yoF=JZ}%DDU&lkh
zp@!t}FQN4f|0*5{TYZl#ER8ShlpH-M3*!^Iv?{Mb%)ure{PM(Ug_Y8SU{CQGkF~#$=KUEn9uGn`d@~-?KYzyK6y3s|@t7vl
zm%sds$1`q6eiCLpF5b!Mc~(VbjrX+Cx!H_Ue~L7u`|vErcg&8+SGO3X#xF28$;G8GyY^cAL$^NBjE>+t_>!lT^(
zANo0ZoB#U>k3rcrKdUG61rsJpPCnsr@;QocpXW6foj7nT4<2Wl?D$S>!)wFDIf|vjKaZbB&|dLwtPR-ha_}Z0N8!NqnE%r;zLhP2qDEYX%4X268kGr3oAqn>%cYi{MoN(N=
zob*MGyWb*|TLLMPi(3#)(sB1co`v|nJSA<|^gKUr0@z0-2pgZkc#S-S`^;I0*Wxk|
zy?F90#E0a<%+5mG9>pxzwU{s=S54m3wUfR;>b&W1r#PvbzLERo(rDgo+dF5D`Vfr*u`YC
z5Z6bTW`<3eg?KYpXmQLb)|RBR5RX1fw$)jPso1UQ(>FN_vHLgJ+&NAC5qD1YNYY$B
zj1!OV&Bhs-$wjyf`@Lx
zVKEm4i}UK2n1y%^x>_9CIGrZULi{tDLc*baBm?omH7~GU#RU#d!Sf}RXP+jik)s{s
zXP#vrMn1ix9m{%R51lBxaR&A0$cQiT;$V_lh_%?lmvv{;eXyyU?@=`7*tJq||D{=o
z^Q6cAKbwX4OCFm#3vsh;okR9tGA2%*h4^jsI=*pU<~a!E&O-bM_c8w0XCcl>k3Shc
z6@TlK;rJ}X-m|gaq*;iM%hIG-hzn(D(k#U5WNFeY#9zzOq*;h(%F<7ypTsL}It#H-
zmJWJL`LGmi@4K?}8TP54IScV2J(YddEX3hkrHti3(ZR&VY8HE^H1O-ucPGw5TyO(7
z@Ma+vZSB(1in9<`Rv}4F
z_je0!YiRf99CJ&gZ*|sIC$IhEWD!=yBm5CIi4DqKr~ma?h|i!CbowZ_&i*%NA->9+
zBRU~(=dGODJGO?khr4WY&j;^7Iw9w=xKaScAkv++)P*E-o+Q5g?JJ+^tVaQLOcL5
zxUFtWq{_6(Z%?+##4mM|=W%w5U4)YV(yb0>He7u9XR0R8LR>26!1yf0>$Y%;YmdvZ
zIJvkk#zEjKu2NnjI5X~oNV)gsNWJr}#Q$GsA>PAh06H`C@l>Zwc9gC%xlB$)N8u}z
zLfpAR6XMjtT-;dr&u1ZSix~WEiBbJqZi6^I*yFf#Gi_<@FDBXKq4*~C*d(^Qw5`c|
zFbsh{cNXFu(whIHS%}Myl`Z5h%A~Up>o8nMn1#6PDwHG!RhyoLcq>A=CDDfAP3$-n
zvYRb^yZMXFLYyLZhm&R@eu_(Kr%RrO#IFjOS%}dRc^&u*%tAa10r|8Xg_bZ2@fOs}
zQ~&ua#P?8r39}IEP`rupO!a2A$l3gPj{Uxxg@{Rt|MgjjbI?sE&qC}D*jb3{WZ>k^
zLOl8!`8#PAVk=I=UXalX@b_oG^}<<*t0j!nG5jfl!y*4dZewR5{-?7B5B{}8<2)GQ
zp*TFqd;VGm60iG0yx@j-1y7Wu1U^KsTpt|p
zh3Ilabhsh<7~)l5h*memEpCX17~-`j_s8>$*dx56U5-~<|AijsCAnqwN~}mms4{}`
z{R~azcbuDb$3#{vl`SRQQ`q>p$T~^bg}6Br+gff()vegyJd<^Pk8M$MJ>!zGCw7)>
z6b(Kpe_tlIc%sEmvYSKwZOnL{?sYAwB*=+&FJJ&9w>
z#Y)Ft8!zjNRI7g9GYHxd+>yK3^(~=d#r|uc#`4pMzkB-?#Z#u
z^Tl?SFSZb3OFWyT&&A!Alp!=-`+mnh*v@|%W7Tab$#F(;FX2vwcXn_`4IkkYlC;V5
zXXqw(CvUQHvQ1jzoBS$ylN%=6^3eH-LoMl0%!TBc=#t=su{9@_E+I|`T
zd&b8M#oa~uRgQUXmwdj{4TJdogewp#;=H5O6Gryr<59SW#6Lrab47ZcT(yT9nq)P0
z<;C-^vn@^wnt=7+V{{=|=*QxA|E=`xjo@OxgIloWW2Gm1k(_K|5#ltNmwgI<5gHs>|Dg;9_??VUynuP
zlBsruvw)%hb6_Z$QQ%!ycpP$5anN`Se-PK
zxiO3#ZPReJFNVWx43T&Yv)mXSNs8gyz8J>7>*m5s!w=&zq`NUxCdKfoTn_NHo1WMs
zUJU5aIkriS$MEL+PDvh+6vF~v43##9<+K*5g0%hRm8@fv|2PJqD*ev-ZyT+P#z4*2mYTC9gd%zV@BV
zl43qCzP2}c?Y{A~4<)ai8ec2FGhouZAy0F3Db~hzz#TgD%<{>1J?1uf6nS;OHTre8
z=6>_8Q}+iSDRKLcqC4dIw%d9xlRf*7q8=HkJ9Qs&V|cH?#&Cu&hJ(Eryt)s^W7x@!
z;lZRBru$-e?;tk~UJOUYW9Y|^t;o@SaZ(H~ODFB-;z1ijARfaKH->$aVz|{8!^Jj+
zCuIQdl*83-3~$Y{lYg?1oZWCX7UGmzuFa&T*qXKJV+x-l-uR+$n6+>ZSYS7G$
z61sgl|7n`Wf1*?IPtsX7d@)z{#2QMm32vPV@%*hWhUW-~3Ln^XmdP(2^u!i=)$4A@
zAvW5Iq~yb@6K0s
z3nqFaGGoAv65n4wobfS3Nca9SQouNfJH+q9AiMT<#mU1(TG<-S5=7%0RB4Xa;f(8F
z?nOLP%F$`@(O;sDXPyMtu8=zQeFw~Z0|(W7`ots^8?0e{p{<}JTp)jcLx%M7mAVG!
zHg`ii`WIQtkPQdPi`Q3R3Fd#uKhD#nGrXj&s=DZJP
z_H>~Xkn&~DqqN8i8}1Lu?~lkQ*8{%uHU_^_84sqfI!~WN_)7}r)SsI>o*MNm`Dg(u
z024SFR_@{I-}3NpEYve=x`eSQtF0cx&AF6Ir!K+W#1!YJ#XqbX!-uV~G{xksA@!Jm
z-Xcblrux5m=})($_BLs$*z;0Jn=Ht}^|Ei2@8mHx{fozV>JcW!zv8+r{yE7F=~Gib
z!hGI%qGicDT%w~Qo67oMm@@U1KDwD{lJNIV`}{D|3qC*0eP1A+wK&@*+|_0sr}j?Z
z8If~qev{>{Un-j?XKktX)CF$wU+yh&zw37SDQ*bl@Kuzof3GrjoQVpGMb={`{#tL!
zH9}6qH9C&>zr@oMa~~C?KT`a9JumBGZc5j>?;rjI+a!HYZ@8u;}<+nIj@Kxh2p{e>1UFj
ze^1(?^EZC6x-zJ^DilmFxQoFvU#
zPnzagNOQu?6z2<{XzudaW!BIB&JN`W@D`01Iy;b8KJ+WTi!iME>^i)sWK(NTJv6zr
zrXguD9OUa{_62snPMXhhNsRL#D25|*9%^A)!f40sowyzPCv*--IJZY!_nsSlD{#y?Nk0x{
z47L2{!rNH2k%IKTdmplHu>RI+>Mi51AzkbLhuAoYvY
zEXCnd-K7n3Jj!AoVwK;$N*0H{-cgNcqx9Z)8dqFLVujYOE^T4c!_JzBR@bF
z_@DI2KSei}d>)bUoavKGc&j6+Pu{{w>U=4p7Y}ioX+pZIjzLsO=aDbaC%+|E|ITrM
z1BoU47detqjtR%XPS}C3&b<-rm*`QhamVcFeKy^r6gk7@q^2*8F}X)M5d+`Ew*PrO
zO0E>@7wA#$-t7zZDA!BJo7kgVgsdi&`+RUV3&*K2wBTh
zGvD#Zk{2ap2Ce+~18)Z)MbScx)AUSmj|^wzcNd)Vwj5Ua6BxV5Il68|$XqozR6Q>Dbrf_J+50
zLuf0fMpE1k^C6trxCF_51A{{(GpWJ2Ib4N!J~J2m4M#bRq`1HE)HRl>J9YNy^w1AF
zT`SsYPwdW_CPqDnxDCc1oBzIrgwsAJg+q|8S5q-LDSknYGTa}HWUZWe{AV5KN^UK-
zS>qlmr^~4=f>Bx&KVuTrvDIIkbI^KwC6wMAP@)iR059cme>OiLL{>x^p|q>MHH@ArA$_nh}V
z=iJF8`ul%A|G&>i=AQFz&-?7p^Df6m%YdH-4&VD`s7>JMW};`@TF%?Zq)g-wVT*X6
z_nQjY&b$=6@ND5u!!1r=IN|)>z>E?G^vua)
z5N)SZLw=Xi*1{Mlb_K1<@*vQ0Ld@^?BuUXTon%aOTh^94peuBsi)HB~PJk#$y`qL@gSe7Q3ai2vHPDX~bb*Ei)kh;K{08
z`O9ZhEPwf2r=v}(i)Gg)L2}>+G*e-=BIJpC<8#^0jn%#Y8#;uHQSD&3a4yxz#dR1$
zxfYnba}#C8FuH#S0gdalfzgV={u1hU^5;88qe1Mu2qFH3z9I@MqxF=n`=a%RHjRY=
z{|dF$e_HRk@v72#&6F1Z@6dWW2(b{fUI1Fp2d(EOWqH2ZNnzt3Y{aSY77|)nd36Y1
z(dE%k1EDkV#oK|t1f%>7@tY$7Vdez@cmq4xm&Ps7y<}e&U|@hKgMKzj;Ft?Iz@_r4
zSSN4*G%&8DTO|9^wmEAelflOM!?IYIfkgAv^8t0)mc`Wu+ylg8YC@G}6b;Vik3h-z
zhHUQ8G1>fnwRi^0j&HN%2!R5rIkfd7`*{3}f=`r3-bF
zwL1jf`pydzJ28RMFew1Tem2}^*pQi$V_NNlR)2zVvu0b7x~^)}P~F5n|ApZK3gk<4
zNOEvdntBuhVS&fsf;mzX$-QJ@wB`66*fO+ImvcA5*hgU>ajbC|E?HgY`O1o5)VJ^!
zLxnqPE(9OR*m-_?3`8v)1#%UG7E&TN5Jg>loM6GiSb52609pap9aBskj>a15|I2-Qz)ZbZ4gyrmO~Z?MS6#_M169oqJJ7Poh|;U4#QJ%
zd4BZIN+ovDi9%4Rv}>T)pIsjf!U{qi)5igj|4`$Gp6GZ_u%)u%?k&w)=DcW-ybAQ69v2DAF%>v$KT{)pTaFm0`JY3LA#
z^Ga$8`Qn=hM3=UsNRsy?Z0dERRN&
z9*V&fVI*hOVFH*s;g|e+LyWCVGx>1*{Q7>$_T&du0Y<#_kE*U6H#Mc0!d4jD(XinR
zEzN9(M7e6T@ojw$Qacs3Xpo_`#lVynp(#lrYL5~J=ryzz8sSm?qO{*W=ydSj!v6au
zN6}00{gVCpD(ROj!j$H6imn5@2h5IxmHzl8b104pzvM9FQUHhRmpno)3NLO8SB1vV
zDy-Zu*+QtjdVa|dM`MUYKCnKN>Kx4%g{2s*u@S1~;s$&IKu`DF9Si=xn77b^x9y6a
zTnm24ld#~YLe+At(1M?z(HB4#fQT&kc<5cnf}cgFj&M=XvkeNa*qiLWrh{|~{tx&b
z+A7V0AEf>^`b@LncaDTzIB%cGE?mh_Ohx=mnutCu_)SP^{D0JfA3-}2S@7HFiX|-g
z2ej*^l5fFZWJ$t;SBkk?MGJlhscr`8(}E8K+XhcJMwEITc~wKHBGT;?bk9{kjG6AQ
zX~EwUk@PJ1(Ma(ro31yiE6lMHBwXnHifPGah
z>;&6%>TIQSL8xH4H4+aaQvu{V2qCbnK<4fLU453@{V&<^^Ozkqm>Q
z#q<-BV917@2nk<^R&A!vVSs2^=8;O2FQDGr2fQQV$|hK(D$Hc;Xg_$b`z^7!C?~|4
z@R!4j`uRDy3pL@5ObJTgUY2RAz%R597qw4j1s-oJcTy
zxhvNjF?XT4ytP%;b#gvSV3lg_BOe9WB4g8fA#=nsGtZ}FV7*)rxYK(!H`xn7Ei=0+
zX5fo)8fuN)lkljbR&u;G#9#G7#C+I+@a>
z?~w>dz2(pr7zx)uN}msyv$+Rc6JXy?PsI#=cpb7s%YblJ$-OQ3)`gEA!Wht|9ZeH=
zmzt%^Tj@MWXp367kBYGjD3%9LNR4MD&M5{vtRcuD&q~EOglwN?X1g!S0<>(V~-vTgrBq&K4mS7;NMO611B
zxsDnt&m;XElv&Ipt&?s=dWyk6Fl8Vq+7ZKkCy^Cy)ub@nV@XtE5LaIud~^;Xg9QC8rKquY^&bOVFkpC=*U-__(@iW!H)8Nw8BFj|W6Dm^H!lV^ZDU@m8{U;|dAr)cafL0?
zOcpwl=nvpd9iy07O6it#m&L>fS$vEho0TI^gUuR9X~&N{p>zz%LF!z#wi(~zKr&($
z=)>ua6X=lS_^Bihu7`iCy*wJ+F4hZkDh6|5GJ@^cPM3Tgx`Q2DW4v-%m_cv!Ysx~s
z&^sXuL&?lW778GELKaR&&NR|W(H#_+B>Wt%gv)YwBa+~}@`CXdcrK6Uv65>_fZJ(!0pR`(F
zcx=d$zvxH!tW6h#Wbg@LMRZb)dh83pO2z9@u{6T=xlz0-y0%@Oj+%6Z{L30Z%wA*c
zdR3r$*rd<*aYwD!j{fePwveqAYOW`YLti~)^rE;YqymP^atNS9
zF#9e%4Sg+}bBK5pAp_2DHA>sO(^i$v
zcf`}~w=4llMXmi96PEGw644W)G0uqNrznq)00lZ79&hJd_ZYll#R0j;;5vczUs2`r
z3DSSK;bUU%y@|QEf^N*Hv>An+^>VN9-PXuaOw550#o&UyF*w)A$A5SHF@3C1Un7og
zF?buI5J_K*Endt4lt^{seD1Sj
z=;Tht`j0w>z>}bF{;n=W5wF@z&Pp<@pVFO+v@*G~j|?mLPvLlds|b$Bn|=_%i$glC
zdOxcAm~C+NZQNs!*lSWF&<0BdK2>aS`2(k1pwGZu&|rIHdd}Hcer-q2CAY(a5rn+B
z2S5`i1Fs4q0GO2sz$k9O1AScIqK+&NvGk}q9S|-Avn}B2X#zr7CI!REa3j8;h)XcK
z$h_KsuOvemE~fqgnUA^gp?`@?X3Q5H5pp?aDHa}oxC&%eiU#XsJFG!xw07RQ!Ok>v
zV>4Ydy)T#|V4!HDhYEn$kzM>c)`^HK2vV(lKn0OeSH;Ea1s{Uz)M9sKf1ds1(^5TZ
zb@6Nw7P|g!3Ui&tulYa<#Iz8)I&==_<8?S6rgOo}_cYy&8p!1Tlzr6P%{FjB%xuEM
zKH(9t68ofUfskGl;eS;iL`G~!tClM{e)p+pT)eU=Y16F2=wHZib!dN^wTP|0(<&bk$M7ChW~TV^F56u`GQ>v^6-2AT0K4m{5@2jU2HA;}}pb2IpE*7MwnszxKUZy*7ZmZ!Poud5K1Bo1i
z=|Ow--#c0h-e=r9`Um!9MBdRJaCPI}(GX~A;~jmMa^DZ{XwWd!19l&TD;IHy^<0cI
z{y*`K{<*ua8|@gXt|yY0a%2PGNo>#sVCo2>RrZc||BRSB+oLzi@0T{k#y)1J#qnAa@lO8TV@Dicb
zeEp64MG#pjThBFF={3K>bFp_{I`i%dNlk;s#b6oova(}Mo&t$jGK)&LhzAiZ*=&x$
zMH(`H0C)o3Qdc^OC83czr7j|iPE3aS(=Fgw1Iym
zs1>;7`LPWMH^~RM;YTADcr}=Wmt}gL;`aJ2`)C!(42wih_+frEs9IIw+0Ge;^LW9FU5HB4zxN!vhaxx=0SJa$1EbN13q#yK<`l##EEQN#&mHbKo5kqh(%$-GT1c8^BT1$KZ@73-wP)@{c
z&7qoHuV!tJXMK{$GV5Z5NTcQV)Luo9**FP_#b_GTIAZ`X7{}xvb4`hrvzD116*H!S
zjGdTq2hl%X{A0=_7}(0>gIF=q8$uY{qaG83TK~*SVW?nZ|2V3*_Bf_7l9}qFMKX3o{G?V?({HBgDq>UtiInggb_77Gl5A1!Mz~Ti8PI
zaipZ8MAcxGqPOOpJz*rMcuclJnVIXSYP+n4dmm;>^o^uLq^nIeKZF{^po^{_jfNcz
z%dpP`KamtFlvLE{NQ6^!@$9T)>|sA4i}fsgja)0^{^<1(2=>Cr*&uNk4V4CoA7Jq)
zxRSlcZefdKxgDLL!icY*9Le;Q
z2646#wkbs;tnG{IwnFADC=XCeRLf3uh;%2>TjtfTxHy#K9bu>m{Qe606_VH6&#`s1
z_HU}4YpS8egII|Tj->nU=S>rO7hprtO2Rha{R(G)2XBOtMl$kX`W9j+OMEXYx8c4r
zI1EzapT+M57X-Utf1c&a{lyMTXQKcQ(;~b^GUUhl;-rdTRXJ%I
z;s!_MX}B~J*z$mj^CRpvXs<;3E_AKOi{v#(k}F}vbscyB7;L6lfZGZ4kdq}+Jkte0
zk*GivA=bO?4d9h4^(lMWL!>2~evA@>l-**#2v)!ZmEH-R^*;Beo`exC--pPX6<~JM
zz_8ri-+RUa*xR3|;)?e7ZuC02LS~8S9G0~wbjD*@+S%W`j|Gc0vki&_S%W#*^k~w%
z+DUXmr~5VAf3&}sEEQW0ZJ^Y-5=W=4b%p+SiD7l&$#$A~E*ll#4i|_tk;m6$ouDG_
z&8-3L;%Ku38HmZL)^6rH=HQclnl8`kUxYIw%}Nc<^w`ZGh^#1p;noaTJD52thsx)&
zV>@cD_&v0ec0hj7;_V=yu!4nQvWer;nRisoz_o)2xWGHOT}_l)WxICTZd#2%c-MaR
z2=fHu$iZ;-hj(yf)E8=ouyqf`^=zou;p`GYXVmVj?l;wD(~uDDelCP`DrSJX>Lo8S
z+eV%c{|FzH?8NK`0Phe1c1V#By#HKcadHKU>=bpMN|`AVq`;r14_!2|Ur-h4co_3A
z0N8}TL(R0mNuJbFaDhRz$f}(Q-vLSR^j-`WNahN#>oNov&mgh~_6i;=pD@$80JX@T
zQ_E_+U*ie8)S73dltc!g{doodOmaNc9HL6l_EkzqzLt1A_|L{PG0SY*Ib7UYJNOd
zpV|dA)Ct^SwD>ikYtuETS{@S-ggl^OsomO_U%w3yiBI}p)XGt>r?#OY$Z-vYrYW@tL(c0O?C<;9>kH18#6J76Sbo`=6e
zEi`356b3k3UN!QSpSC;(I&Urj_A;jJ;0TYpwHOv$L!(j*9zeP`VNqE2b-b6*+aqU;
zpk~A@J6!F^Sj+cEUi**C5VWWBAu~K!w%SDg$iu=Boh$Q4t~b>%yHWTV6zSNnwm-5F
z$(!nroB;B$6R(5cAXu@Ca6dy2WrSZK)=FUnrHIMHkt!2tlX9+Sdkv^anw6(y
z!z%kDPk-i#vHBxF2e$g{kNhGLy*H5BE~U%b!9_IONjvxti9I09epX`u!bNB9|Npdu
zUjikoVF#~3NWU^WxCDL#6F+6`;5x#k|3`LkxH@UDeayJV?cg#xp#8RkCrf~^GCQ~r
zYOSgrycp|E4v($e4(r0O^iG6g(^cJO3A
zugnhqj6w7&+rd3WQ^xJ!^(4ot+rcghuCar+AgHnGua#L&Re!%kG9*R)P4B-Qd`Xfc
zo*iuGE8h2&Ebw00&WO6`-$
zoG5quC;A4GiuJYJrfD$3PB-_+sS%U+c!7Bj3FJ^j7cn4bO_%f`AMsWe5J&-Y$*Ecx
z7IDp?7#uIr1};>VWS4JM;$a=eE(Ytmz3Z430&lEjWS6f4Nbt6c!Cp)Zkdt2xTIdeO
zf~bT}w|+`wj^e#bw?!npowzZOFjBrQ^R7_>jMZE!DK^yJ0tL8_LfSC--}8XDe}wXx
zU?!}%Bj2E}-x8btW^AGeF9r+V!<5ih@NZ5n(_3G9$#0vA*Hf2!D#RbcTQ8aWx35+#
z4mR&28~!xYZ$f^YzejC<_=p7nW7s%MYNDS?J1>m1dcDp#SzU^xHudCp%-t#PBm33k3uYN_!
zJNdJVh2J|@=C4Y=OcmrsOvrD@9TBVTuO6UzJzzebKYQd~0x=NY)B!f>G*Re?P8gk!
zAl_DC4VJnukvrzq?gCnw^=4gTRXUsAH;k_47q&?Su`IYlcsuVu6=J60)e!F2_UHPS0Yx0Y%N?41p=AR{(zEokL5To|45s~5@N#b6sy%25D5
z#*owc`g_h#Ky2&L)Qq8%`)5O43M95`L<3?E;GX
z*i4V+TB?FYq#iv8ZXW}{Tz_}4lI*32wVuFU1>cS|La(<2f!>5;hr*h^-74ky#)P}LC$
z_7?IcWqnU%c-+=L=YlJW!BJ3t9_RH_3*G!q98cwBz52QInub|F#l$1Bl;xH`4DpL>T@%oP=f`*!|2*&*V-Yrt30G|TDsiKRHM
z`pJENe2K$(+;=Ht$K}2@ru#tglbLwJ->#?e*W6xo0vyK_?wcth<4T?qnWSrJt7k9&
z^s{Y_u5q+5-=a;QZ&V&t>lhDz8e@1p6)PI!J<%A@gWSf;AVAhL76NDN-N9~hJj?kG
zMA1rq+i6j&&?Mc?oMi?;w4PYPXlQU1Kki%
zR^pS${7-!n+~LUO4bKX<&?*chez-pF&#^4*K&Tf0J%f;gT?}Eu0s&BCJOBzAD%iEi
zs#I6tTv?gy!5Yu1T|b9xe);R?aPr5weh%uT0W8|TyksZ*;gr1Ocp4}839<0xROtN(
zUsSJCF;Xk+Q5Nzl-TKrD4Tb;X
zS;$GWZvDLhfi?!u+AP@~~Q2>*s!
zlO461hj{^yPQs*!N7-2`Iglj^hguaLp0xkeA(U-(x%t0yKJzxqvAgOT6*t?{>Kh=C#Iafndk`&Rku@@@_W
z$>H4#@aXXFkMJ1r?q+o1JZ{?LpM|A2Qtf_%9ip)0dss0mnvbYv}7IvA@-;r)K!dEWDv
z()Cgo(#|S-r!u)_5+`@T8ab?W3AtErpdeE(z{a15*w-L4PfhM?!H~8h-o@Zaf0fe0
zZT&*@`UL!~m}eW8+8&O67!09TFD91>^&bai3$Si^6uyDU_3dSf?s$;=@92)x=(jn#
z<4NC}CQw%1YaF#`@nEoYMSGvbKM5#`ATJxS){3DDuY;_V$5;eBPED7a0xR2J8}(vD
z{(Iyx-XA@Pen!9xI(*zUEc0?ThR^pob7qi)A+YP(>--*85nz3dAi4n420%0
z!d%L9eVZ1iljEBtlTPjM0UfL+^K77GG1wBR1sW4`0f&j@M`_^P*XT(^roTy(OV%v+
z-kW2(R_!F<=Oa1pDA7~#=t$Agc#M?jF_Lm|eak%7p%PlPkI~ljNBhFhnZAq1Xtd3d
zruOagW@)2Aae9mgM(0LA+#i9fQJ8Jv;?|7K@wzwKn%IOiN4SD=pEbDt{Z<~)`!Pg=
zKLmzjO#TV5tXim&f50rVG`Wu*)7D`+oVRMN>ZpB9>|e4M$DQ|T4Y5iSJH?LK=fvVR
zQ>@ihOF(ePT0Pu`XD8?QO}J+fdeRJmaP;*E>6L}WZK#L89qc0FDFIS1t(P$Zp7QV{
zCeBr5w0B9o7q6Su)!vitb7v>^#LBiCH-2qyZzn1|Vfepiiph4&BvVAXG4wL3-u>|a
z#(lI|U=00Zu0FXy^IgI(7lU6sA1myE&5FTQ_v%a^Zs68ryx9IlqIfR%RMmEAOGrNvJwH3k)-4b5Pet<{XuL09p!{6SBwLs#k0Aty83_LAz=gU$5?o4O
z`FR{KSF3-sc^#mT9fY5py-~zJ$0C-(g6p7i(85~J&_N$OQk-8pD9+*DbQtoB(ak!(Xl7yfT4E5`0g@u({e2H@@_UU#JCG_?-mYFvY|xR1+JI
z(AA!Z#$6{cCT|C82CjEmV|Aq`m!50J2pW5@MXFJgho@3>fJ*R{0cH)!kFEsu?vB-qa)n+=(?;&zBqO?~r!_S&jprlhaVbPtI
z?IXaZWU`(?J_l{rZOOb-2`Lri-;N2CUd(6SfjDy^H2hZJhmf3pl_pemGS)dCfP=B0GJG*x%IQv_z5N7CEhMJ2scrLv2MpJ@>Hz!vnPX~y+n6Ik
z(Y++zp*Wo%>!|$Q_CDlqpXc$+@nYY1BqqlIlkG7zin{H@)9)q4=3;Tg8xbTAQeOj$
z@)e_63*W7PHTP(#>MuNfWM7^MEeUu$Rg?t#Akn3rLO<+h3-W)%0RH*85Mt2Y+XEnb
z`ej>6o1sb*1)4{0c&S@+cvbW{;Ed8F0QMrs>BKnTxlSCC#*GZkjBRD+J%7M^Q)d>e
zwtMbS8lFK@t|*=$eYhu{tAY-!vrAve^UL)>I34(a<7Xju{5zc*GW7R(yt216BwMJu
z^t4JGArB=bWnFf#>0t-Ahvs$BLzhXFsR|fjhy43XI^@3qc8;pGR}VT-b@Iv2%+vx}
zNTq7D8$jEbKGO0qQm1wnnYbIwfvOJVm)$2$ePWjjwL$su?}Y01RbXGgW;Do+O_V(Tt;ByQ;;Vs$6u!ZTjBTii*MGt
zlbu(c=!4ono_qEVY5Vqt-ZY)Ingt-s29FT<;8h?rOf3M#uLcj@Eq%PeJ}5_36Xcha
z9SX}y)@N=4Rkv(oY5=q;1{)#^VTB?w$OVZ(PKJktu3x*r4zhVP$UE>$ok1RYBpl=q
z@GI;fq5SHeRF|tQKayHVuIYvF`Wuk8e(deE;8)am(k+`4_ZwePYY;zl-U$3j*bjA5
zwbS~n@mcYRevd=H_Kn#m+wu_mQpfoa=@t96nf)!ylgH3;KIwvYj-JNtIKvGEhNy2poud>+k2U>`e_Z;TByZhNV8jzq0bqZex-&0RHX|5y
zcjAYf)I4>~2h62JMh4n*x@BZ^wHIu>69Ub)^ZtgUe#Hou41pzZ3cdBJSVP-k6M0&t
z`wwUsG(pzjbdzRqx+5`j?RIUS}z^Oo6OGxWI1W_)EK6sqGtitX_8ut49J
zmR2n2F`6u3WJ8d+$qNctif+EAjNTPodcB-`7dbX=)f=D{z+$OUgkrvV1GMVY3pzSL
z09+V;O_K_(FB1iEwr*S3`o0nCAg
znL@xKGFPTIpIN>~rWcp(kZDWXKq6SIaAT^_T>|$v1nw_dW`4m#2M!d*PeOljDN^#M
zyw$Oz$j0jGh;7|3Xons_uKCS;)0>=$+(2y3qrQM%A6Elqob8vuf%
z82jWNE$+)L;uYEAzIvHRao;-gTyOsBwgFha&Z4j%xT3DaZ*~Vr5aBlE!dff7Us>_M
z1lp6r=uHSwVb3G+CwTEbur@QCu`3S5do+4WW*x4V-z07|B<#c^5wN0
zK;WT*_h3sQvuPIEOiwB^z5alM&`gF>edu@%VSH~qJZ)!(dlF7T-|c{SYCb#QKm+H`
zOv4XrYBN0~PTCBqtEDM$TJi88({!pfh2Aa(*ks?H$@I(VPApC{4f!`jZ`%
z0LSZdkoFm1oubF>@5t2tLas%J!f}3Q_rp{H>@EU$A<_!61}aZ?!Vv050KO^-pkN|c
z)^yGYXODSDvp-5Zm)YO-8xE8*Tji{tIbfj>^Hm0Y8)*kn=2Mo>alg$o{s?;$e*=)!
zis8L`qdJj?MJB@JFIv^8wBm7S%j;jwnKTrIyeL`42fr!sHTShqc(491#%}2yTvJ#o
zKdNSI(b8L0bM-6oH1Lw4v)j(E>F$uHK{M*QAy5?DR?KaY=BDgEI6R6C{l0?IIJBj!
z66W9a;O`8pY}E(mLN*
z>r^UiN(^*}sX)H`cbqRBA$=op!JmPImdw)1(oc=!{xJ0_Lxe*j?|nJ4E?T@SJNu;>
zTeWgB6GzGiZ6+2*4Lo4%zhGJMfah
z;KEZ%xL|Hj^S&5>)eUmvNlx^PpHb?<0}mEo}|b-}zmTzD-HL
z27ZI|`{7Tp4EA?NS53=T>HTW42P>L%yg-yw@`g-i6xR|x2
z1V8H4U^Ap>O8*XvObgyp6Ro61ov9F=fCFU70g2b>
z5|MKlknm$?Cck&$&y{>D$(8MGszFqjA}9%trFi+dGJr)*4z;O@*O1ig;WxU8AJBu^
z6GrV4JvBwNv~lBFCE*a#7dj%B`2x^)8G=i@fG#w0C!*cxLJ!R&k>6DbmDGhl5+i^+
zzG93pw7l)|{8q{X#-aCHi@)@Kp{T{RoCRgz^qs~cXm;ll2BbVelaDQjZ%ywK24B{{D-5i+d
z{+#?S+BDSvKjtcl=e)i7oyd9X#BX)p#7*s{F=Yq3M`jUu9v<^A+PZH_Ex4wwdyXl9
zGXW9FEW+Q46Ki%{jFVd3NH!X9h;zVRF@|n`_vElMF(|`W$f0JpHP=VKXROhRdKKN&
z%?jP7VY>!YBU)5Rgw_UmSFtwT|E6(ar>sb%#VU58;!^N>8!O@`q@~TU!;}RYX>@Qw
zL$@b&8ejd?TNqLnw2pa?OqFbuVe?^D8mp-?E7=8=j^-@%!T1CL!vUANy|P`CfwZdqIn
zq~ZOxv6&9=1CU+O{fglNBMK6s+>Uo1lOGA3*a+nyqDdkYWvE|1z1=@|!|F2U<$g6%ygv
z-C%58x2qUz%{OBoZ61zVz$GW5JTH8EZo8}bwh;;nA74BLd^}$H_*5ta@bRtq6Kq32
zCw8~+bI8}j81==+Js7sv@bS+cjqx#ajm}bkdUlcQG;WZW+}oC}O_(ek4u~nZCm^GY
zx04ddy@L>I+5*&j2RZVjx8iNMnC|Kch9YY1as0wXnywFv
zPX~;dSse)qz`qeKZeC5$SD0mJ@v%Uvp#eFrfGi>6$Sz^wF0^IZ@VW3iN3|lZ+5Ai{
z7LT)6zdwegwx>-z+L}DF3#}MYlgu?{v8v|B%OR4U#<=P5NMp>yZAsQNt!ZR~mqw?`ooU^5P15da{q7EBcN5+2$T&iIi)mMPrX#2<*45}MEa>Z=^Uc+Vkl0nRr_$5jCM&!Sgo23l1fBH`V;c@D*XqInF
zO3}%a4@GWh$HOWsWUcW<&c))Zps8#`EzbnI(6@|wnZcgV5Dh6^i4HNlQbdQez@_az
zxQ_}SBDC+`KCQxu*_vrMzmD&b!pZAiL&3N5a1dezz#)%?(K8JtXCoPkx08qyZyV2P
z=)xAD$F-2WieyYMiMO}?5tTGrx~LtLrjP&Y~)p#M34c)
zE;pBv|7%0ox}L#LNTnOdod!BsE=cMF>QKsKHYdB1k^)BXs6!?100Fxbl|2FL06$oh
zyp+6Ql7^ws{OCr}+i;`Z6_(%9i3zE+o)M5&@0PbRWsgdX?;I+fL=|o|XGQmk$|M$*
zpTaNK9YXGiyLcl$bcl-N>E%Y8?2q_gif%OGa#Sd=v+I*TMK3B!T+dE6
zJg7{=pG6IOv1pZSxNez-M@0=ENp1KK`0Qzxb&IIs6=)c2aSuShY$@gCXvgAw5>|$4NtL(^odj#1WT@}cfeIPw*d`_CjaXAjWvI)!6dr9@+)83+%fj7QH@xsP&iwIJ=tYI-
zoyXH;VQ`s-2S*M6nA-3uXzR2QH;5WuklOItG7VoYgrIW$Jb0Nr5egBd*lychB|8MK
z-M2$i4~k@HB7XZal&|PM(`WE&f0@SMYpZ)Soi?{HdclFpU)kRQ<~07=@%K>y_^X5Z
zHDd4;9)o9v!)Yn9!saM6=Hkpu8mqTxKw?1I)qwKQ!e~U#Lf+!Q2v9N+D67xv6&?uB
z9iZ6Qy&MQz_#iC77K9k9--}6i-;RHh+Iuomm1&Iki#&Q!RxasDEZ=l__-;smL-`bwR0~y#_YljcV)uDYymi*Lo7~KCJofVtJdD{0t>1yHm$1yFnv8crV;v
zF?jrMBSd+Ub)XNg=zrf0>VvIkUYE{fkIlho%GTR@A&2#!CX{J-Wz_HkWJHo|y=Iw)
zher)t(J(liVjQxyn;}37J=)EA(d^hR3a@k;m@(Sju*#m$e2~zKCJx&#l8OEB+n0%a
z1*pGmTld{)7BMjr%;%9=P;ea!a!az$zRiV&p-cF7$%i#l+e()>ELJ*;`xi=B4-$7r
z-R3pGWL0NC%a$ffspmLV;*ErLjrE9fm+I
zO#|L=1)3|XtUwSD+(3Q|3CDg`%Yyzoj{9$5T2>#e!6|zBC|~iBp!mKd?zP~TG2HX*
zl8=DLZN=Gc-yuB-js|LKwT;byI|CPiW^MT6ReAZHa>2
z$T*b*&s>vEf(;=Ah6EQO3JNx)t_VpG%FZhDe?Crw=a6f*G+2h;9u2^#-M68IM0VYR
z?@*I-y?Y+kZ6Z`_atbfGA4?cr)$99@OJ4hiHrZkUUf1W$l9I>rgVc97`2GfA0lxQI
z5TVt>_tp*}P;VJktg9qvq~iNnL|ADoe_Kn4?_n^4!EKbZB))ZPY$Mm$a?O8=B`@-s
zKglA(mq@UAI%e5E5sn|gZ^iNW2Z1_h6)yMV{zxcCgzv-c^T$8?YK2AB1#8=1HM4Ft
zZ6wWHB^&CI)~`Ueg!>Pa8oF^~+@R)$EZ3uWvyZOKtOIEt{~$~*5^8dyu63MZdHynv
z-aL_`OV5Lw*B3~1jVU(^*uXyAQDONIuly8K&J{RmkG_Wdh2!AB1^%tb%zCqC)*#8!
zbAhZFym&S8Xdj93*ZJR<69~9!uMiAu-rPVCPj+m%dj&SrHrIt!tMKW$Xy7$u;O^_t
zxs2U?r8CUc@EFmy+%RrDxO{AXhS@P3W@~4dsnD1!2k|3dMnUYxFPSY+vuVHD-XFHT
z(`nlUHGy%3iJ1mPQsN0sdGPVh9f_}|m%s)kO-1&$tg7v8hT9!5@
zz9-7{g_L!L&M=EOq-NI7fF#+*bff&JGW(SZ@-%oxjhGBob950fPXH+j=qW^8>JuO2
zynPGoioG}32Y?0o0v0S(z}havYk9=^Ohm-?clIJyF9!8c>)6Us+D(QkaYe(9v-M@r
zOhny-djWMvE9&Nt71TYCKfz=M#IX}^705tE-cYzED{ENA;16&jzzy{n1#4QxU>~>z
zc&@e2AHx32W&?1p-A;gK9@LZi17O4CAXT{4z}o)!NLh>&!O?H4gu%dg#wWtE+29%9
zbsvX#*~~ZTg@j?qvOQIEeG{oyycH+bvkz4_Mg^Grt;~uNqf
z%gD*V6_H~ffh#xFTcm#wBIh4QtydyaO+`-N6aYCn2Aomf;E{1?)_{>89!zOKm2cBP
z7UuDtscBgLbdABK0QL524!dHrN07nH%^rnTEe~;i6|@^N36?H?5LN)uP(^+=3-^$U
z=WMP|g-LcKm93>P-Q639m2$VS-zvzsk~Wwky21c#tMKnvu+?d3TrKdE_+~>%INaZBBMpBw?#im3y|KP
zlg=nRQ(GvbT#qzR5Z;QbO#6u2;Qe|v&-mPIqs)ns|+Wkx7
zhN-pP+!T*}@K5bTb}9&z1%*I&($4@FSp?ww5rugIc42mPG@tPlz7SPfAe`PxRGEoJ
zApgJ&4QOPhK;o`g~5uo(f?EXauOVk2n}cMrf9ec(JS62(J;rs4*(uX
zHuCHXyu8ic*rBqb`zf$dejc?yI%*6tw4q~0L~2=Nr1o}Edb+Y-(6em?QQM|`4=4gN
zn(^VrUWzw4RrJP&72KTxL)jv&tDaj#ez6~6v(bRIv>t#QA&_8wR2ogKHE>hwZ9##G
ziOY=dmyU|qT~LLZFJ7Kb+RZs{CGD(5uAJ!ni^0PTd$q#xs1STbhD+7(&gw?Lx&2bQ
zDj~N&N6Q9aADAm|1$K|yZ-Plibtyo-eV_tUxP47^T)9cWT-A`u?MvwZr))PG1|4c<
zd?wt?V3^L>EQ(rgX9f|cX>zza@^t03mW(b$0T|Zdx2SC&pJ4#PboEZY8wNZ
zlH9#rsm76oj&Zb)<9wgBK|PG=!rr5w*j4d)DuN)3HV>bNI*0~7KP0X5vu)q5aU4Qp
zfhxa-yBcYHg;+Mbyr2SGZRjoSjPX%=%Ia8w8-EvEEf?Vq5jW*Vx57PCUIB^L7v;?GPp0=a=h%a(67yZK*=
zk&W!yEG7z_)BNB3v&CTol8sf2zh9Tf7AZ>Jso)6)_5)hRZu{Y;r>56m7Za14!0>1R619KPXnh^DcOa;Dk{mCs(
zM_HP5v{Fpt{-pA=uwek_CMF$^&1aLCbaa8rsAqQE==X*3On*{)D+UF&D@4*U^IK)4
zV>nnXoJhKKd~hoJvaYuy9VZig3F%muL-!>eml1c7bbQF@BxWxAl#ZJaFu6P|j02A8
z7QAwC+bM3uzhNUw-C6wJzMEG#DIu~%NIgAt|kj!wv>|KN(b^G;V#$Q
zl$W!)CT#nEIg0}+s{N{e%<*Ax3RUkSPlyZodYgHhN=IoB{_V};P_c;^#J(f<5M@(r
zuEm~?2Pmh&&lsCojx!Lk9jv`kJ^_|XCozvID(2~e?sa(U7%=-7GhkReqRz(k
zl($BXs%X7QbXR##a3>XO&dr#q9mRDn?+LCri4#b1D*ppUpyX+a)Aa*S;~)??ph-c)
zK5Gg>jIq=Gz-P|$`A!fG%xy?}ty=ja#1Iij+ac~_n4=YrMup&GFfbUC4B$li;GKGS
zM!Ngj9A|x!ri9;@<9EbmzdnlP4EdJK@z~pbnz;$LaVt2z!lDsB@|4jCrd)A=tAjjD
zj<|jg+}&nsXxI5#%KX9LJBHmwCA=oqv4%=qAQHvtPEht
z9`w?~AqVL^dUPIqjijZ_<5Y;a4{u!@32)H_iw^b9ry&w}yV&*PQc8G%8Vm3G=oN7F
z_1#2)>t(V~4!9*eqTSzylM%ran+qxxgZVIJ+C*D)Qa8&BbSZw(V8nP{AC2LZ_)!BW
zoQXKd1-gPH_^`LoT9DC1CnzK;l}>v?=^Q{g5~br}ydgeKar&O
zvlE^XY*<%7H
zB9##Fx79HLI_g44hM|kWj`R&9x$UBPisW`3DP5+_N7+U15Z_`@jo#xr#mSG15R-Cm
zz5JP1hd(Z>>%k8eI`+~&#_Z+ZWW3N`-b3FD!=FzXO!H`uqYjKb+DeADc?qI)sOE1X
zzWK{$=tUFVhJrtby6S#Gq94uD_yv^U=D;0F0hy-s?OWP`L
zLSDZt5R+0yt>SDW+Tt32RfK+wTW5(0mp8HbclR57%?jenLNNW$
zHxC9f;eVL!-xu1W9U45yK2+}Km~Q_;`^7F%yeHH`E^|jdb8RlOFrT>tH?oe+EIj+@
zJd_#aU!hz0ePnJj3k#EQI65<5-%UP`u+fGapgTV_B9LQ*q;rQK>Sy)-R
z0i$s7ChYw{^q%bIP0=S*b~-?`O<`MP-8=>LxJZ@m9C!%7G;>%Zm=ed4)%-;8qC|UZ9
z)Q94O^#BD>g<`I!A&2Jc!Mc#SjRUtGZB?WLU!IG{NC&PZr7_>74!vShp6^2aXX1rw
z5!8Dt@F&69vcTaeK2{Q5_cLAlspk*Y0O3dXz?0)VFJ)FJP4S&HGb%v6YGGJssOHA3
z2@mXLU>YpgPXpOPdsm5B1ws4=6VSa06BUuZ+MQ-0uPZgWzSByM%rUrbkg1ECcD$+?
zPS8XPhaSypstOBsMNyTjw0M@~UdPXfmWj2XtuV6lYql^Eb-}EIN>@jmM)|Ip^*hz-
zYLSY;GjybF#bQwLT>^wl@DNym1EPYr1X8TGQg^{)451Z*gm!S!B{IBH$(?%!TWivp@s8Iu$$YVg<&L_Q#;%N9cE+pbhz__#w7Qmo*$Wop2K}w;eqaOvm1;K-QV!C;tU3LER1+fPy;GyI4$0o-hz
z9ounnoq5Ym&X?lFOp{a?60vYjyL590j~Rm7a`nse6!IlwFZ+|m&GXF%Hu>52~-=WNGM)1CxX`IOrQfFxC2VBvpD1G0~
z=97->;$Uwd(I*2EAGU1_Z0Goh-s^t}+q$J6#DJQrusTeThPNefT#3yXY&Uu2@_Bg2>?V5TJs>LG
zat{tXs>%-RF&(!?b5*wG^mh7)GOByY6hnWxeH>mQ5*E({KSZXjbRc#20eG>}3!}Dy
ziuNyzx;9F^o=;a%zcc3F4F%aEN*
zd~4}bQR&Sn1teY~W(Ou{30>@la(b)tsq1qOolL8hyZ1Q!iQyy*4@L@$!C;61Y`WCV
z&tu(ep`e8_?QbK)#+cUD-w(N#xjrx>N?U|83+sJTaxyYG#>>IQz7Eh`P0>r
z)`PKH4Jar=;jkfZTA5U@UGOZQ*Usuzu&95fucSO>im>BaFkF2IA^m9V*6=HFJ&$TSaa}c__;N+?qPBQ
zPxPpcu9+u7hx#OLOSIT
zGkCg1y4vyLG4|)!OSaF?W6fO0;;sRe9hGf4=0aJm=Ha%=j+USyCq3bt#d9i4f6V58
zN!zJyz||&=`ThZzs4PXuE}6Cq>|-%l|3KnEXDMe0=D>ZdWVVzuJ;wKQnCj@()PY6o
zgvkbnBOy>7gs$Ms+^_`gVfP|wXtA|ZAK0RjAhxC=c94m6!)yqYglUK7HT31N<|Sx1
zKb*qw2t7=w>^T+wPw?wQ(Gl(!9HMA?&Y&qtF92f`pm#bD^OiJc_@=F>)mS?-Alf{NKg_e#$1QI`)J8kCmQ{
zQYSm2FddAZotNPd+h7RO)#otFG103Eu3(1fvZWLsCsRsYnuT8Kv@r@-@FwIk54uKK
z6Xxv%xL#d_E?}h#=*A?(yp08-5bE&?Lz&l5$;?&c8;6h0Jct8^D8ps;Fd(M9n^`Xg
z{lb)+fDse$zQFm!?|zFS2WJN$rqGBf06zcPRQ1~c4;K)iE&=}d^N1t{L*|)IC*3hl
zC;C|Y1z2z-!{0(~l-D@#cd}INK~sE4U^wys%~|{o*zFDQFXYHk^Ttvv1~yRCd=DC1
z$`U2FoFF|0r5(dQ2Q+VG`y9-Sr`{%tF$Bwp%U%c!X+Zi79G&i+$i{>t<|AGQ3G#fz
zNft+ta4761@1kkr;~HEE4L1N146gKG|)N5eHx*r$yM87=*
z_qFAE#&29^@iiTd>5ub`m{K_eAEx6sY{=4Sqwc5%;L9?
z)K8C*24z_FXtCm+58erFrif$QS`2!>1GF4ghE+=^kyROrGjH3Qo4Fj>fe&l8ZCZ}Z
zWTsd0d+Xsj(}SOx-m^UB(2qKnZ@4q&0t0Z~5IO%}+JLJFiNpVW_Y1-4fpQ7hLlXeA
zFs;uQ{M5lpfReWUbaoMRuNGJ|5|Xw+A~`qni(GRrz9CWByys;zd+Am*@A@z(4d0?_
z_<92>i2G4u#WpC6#bdr|ZF!3&_o^?})$*4?TtpAH--p@DBMc3KpMqe~DI}nw7tJE-XKP|ax(nT24^aUx~C4^Jnp(BOKg`-lcI4YPGhZdUEhSBzb9Ha7$Hlm@YrK4$j?
zv~OQypVruS`7kK{)bD$9vN2Xb$NyN^6rU{?>OQp5;HXi04>!9ahAusH)Y%TYDIw`Z*NM_-6gW;Wyoo$}3r>$<7cq&IQg5WH~jS>mj
zS6&fV)To8W0Wrk>=b@wK?7VNb$X;d0Gp@`}zVUJtNbGeqAah~wJ?*Gz>=_cggD
zL*Lm4WoLO6XW&i4x4?9gfuDkVQcfd)U%oongVa)Aw5qtImh69roH$b|UvV5bu3r_m
z+RI$GkW$-lb0eJe@}<{+Gn~>$+w|yt>HwYoRl3{|wZ&j_N#dkwI6FZ?qIKT@d-j3J
z$=~*6A=GP03-zgZ>`AziH7_Z{NMYM@K0zmEcNtw*5nix{F7Xfpi{tV1I>|+dj_vNsoP}J^|RQ+`qqc^O9kb>Ad3-n1INqMTlA&8+xpil4Ws7b
z+%5#u2j8Gsisx@EW{q^5H5PTu?`23Y^reXbG5BFLL7_6Y%Ju5q*+t|<9xF8j?#U=h
zC{;iZGq}N~veR=4t>*gnviYg-aU#Z%B(5WemS;ObcTyC8i@_A~Dn3_%51@b^I4`~D
zKR-td^(#`)RC$g8zpYX;3#WAvk!kCq$?XK+gg!%iri4L}aJTunk{t)#O#S_7GO?f`
zwWe3=U-U+6h5O_t!BgfgAav1K%{Tj#_Ob^NuRvM&+wumuv{R71_M6*`m>K6)IFpKT
zw9AI$XukhuajyhUlpY94ZBVd$2p+B$kzJh;wS^q2
z9*cZwvvfG(PonZ&j(83pWNf|-;LgsNM#31KBBV?_!f_KvUs&qfI5*{*&#H0{f
zkKteN+HL9hU0F(I@FKR2>12waXSzyv#UYUraG5i2XZ)lr2hzLBT%&qC?yI%*pb3sp
zwuz;F2u5`-$8e+gb{KRAUyKw8pAUt73*W4tuzAX57Lg%aX}psXO%#Wiz8Ndvgg$(f
zp=lfujcmVcT1ORUJf#kL9;Ff7@%R{KAdgRiPx*m+<8eHNQtPRp@?9vMnCqUHd)*vi
z*`5N-P?_JIbVi#@JyVOZK#ptQ)y{mSCt}+%d-Ncx_aJ$#0a1;lhu~(86i+9{mp8!&cl1W8<=LLX
zEuOHD_&tG|M-UCq*sY=&#JFWFQN(o|VX8$B_w~4>)phfQ#6v5UPL65_lalFwJd$s)
zK4_MrUqDt@YIr+pYWI^`z?sBnom?Nm8Z#g0wl^6x!M{h~SlSjP=8cST7}!_v8SP)V
zdwagZD!muH?Ni!={7Xo`x3jcyyIB+61lPerYn?}f-%|v2+rrhrQm`#EYO#~0#LO6A
z2DJ5;<(=IGH;bi3zD!r+k3W^&k`w@suPiAZ(Dh18S}Pt!M=ZG%{WCaR*lDm0=0@;4
zIh{wgV^t!)&4jZBWF!z^ag_-};CoK!Ox9G;eG^18I`MHhN#dU`w$_>I%q6uZZb2sc
zNUC}6jiT)yL-WJFg$~uN0B}O0&3ED}w1{!?iwBnBWTV$^14DrVv6P{+yIQ4CB+(B4
z8_d*^4x=u6F&8)`Vgzl???4Sg30R$`w*0zUqkfuhKq
zNW+0-LJ~UDIx+W}*_vGir_mLN$Fh6|^%=BqFdKTr3dGOBQ$`>zhG!FOgcTgn<~ZLn#B}j2h^(h+t^Kwq=s=S2
z_?-N%<;pG`Axjq!1U^7)VWC#u3Qes8E1WhPv7STIs1{w)T44Z*#_?o4X^p}8Y>MS?
zkG+HoO>7zXM%vi6cy3WoY{~H0
z_W>l=(yqX5zz_l0ohAwb*pw9ErVfyr%GDSH*hBFJ{ZA3@4$3)j8}H8*1+|WD=(Y_b
z%M^?L9yEN^m(`kp4*K2PsDNew30$ix<1{iC6^&7G<3w#TUcswoqdM_@PBrX-{ZeEx
zXrV7``+}}B=5->pcW^(X&vNr$CD#NHioqgvw#HyxBJ%di&6gles&l-UeMH|SL!Qq-
zAAinuA!S4t3NxWM4duoGXppQJED?L5&b&r;b`En8ouL++FsiGU-{48Pv02()5!xEG
zDF&Z_^)!EmM|)$)VW4$d#xUeeG`tvS{rXbtMKf`&Ej+y;rU2n4O`9N2;s_na(7@H;
zY4Tq$&{F=z5A$@uPvJeeIv}Qz&H@vp^`BiOjkJ1myEX22uIk)=yQe?5MEj&SsERJh
zXP<3K=1AkSODP%=pH(OM>|tq3pGNp>bBK3>&wjrZK#kjO!fW$2p*~Jk_Ms&9e@0W8
zpi7<6!Jz{Z=0gCuD><7=+i*r}!LTM~GzZd^I-|ICigBkR=~QvaY3gA>Xd;B$--PSt
zabq8P$B&*iE~9rYhn9%+4y{s5X9sP&kiPy}z(lWA+FHQL5V?gQ-U5i+e78#*0TecP
z<&BDphq3wmRq=;F!Fl>Ny6=vvPf_sxKX5^4>
zuotWi+~qU13gQF94Q7k<3NeojfP(|Kn;Uz&8ARj&LrbQ0gl#$8Z~2(CtUybEN@FMM
z4|kiEC4NI)u<)+&9nFAhkK+TLw_D19fAm{UP91PB(=wO>e^a-HZfS=;OFAH5!Y$zB
zgfG9K{Z-rp|A*CPw?oi{SY`321G5h}Dfeg5&bFD)P(s^u!8bBLTh(nM3DXF}yC#SO
zE_gtlg!!PFS-%D&b+DYp@Q(4P434c<>TrsDq6WoIt&u?0F64^joOStd({A
z+n9aY5&@ngzvwYVKf(p5bGk5QKvQMWShnY+pUiwLaM%MpKobeBo`ApNo6ULv8_<(<
zrQPn{kwrLZc$vB-UMla)aqOQL2KEP}{Z?e~)&1Q}ORM!3%YP-#}oftzIWRiGinMK{_>Rxob6f@k4zvO#9Qv*untxRP+3xx;j;8cZB
z$dnU_wtxfd=b+<&3!6+C`ew)D32
zyVwKFqa90LEwLH8j%%wUOJRO93!f8@}
zG06#!kH`14hhJm9^5!Ptun6lPZ-@e#W-oDD72L%kV`uLnob{MjKm&y~_>1$0qoiZb
zwTsW&!2S!mn)nJ;gde-slTn{PiDUq16A)*DV?!9_i!XV=V$K&%CIuBe
z-J*$N==qb1(uwGxjU!C1L48?)0@6lBSb@9gW9D|cYZf!ta9$#Aa0Mgmy+~bX>r9im
zd)RvmVPy9as?teN!QMV;V6G)#*324E27#N2){77rl6Mdb%98g#2>(L>`H>0`B}Cmw
z`Z|ibyU5|_C8Fp>C(s)5?|?CPWNC|59Px(GKb?N8Ahl{upOmdPoYmLbCLi5NY)THsAWDe
z>Twn|Ky2CJIP@Fo#^~#b?bcMp4-V4ax6Ev-kQG(bDh5x%ZNetER_?%%br@lV-PX0<
z$|6<@FnL+h6`A@Bp=(^Q=VV?5>VT7Mb`rr36s0b
z^d7^AD1rh!hN#=rqHZS9YClWoAg?yG1Q;U=_#!+c^eG)k(W9a{j{YWk)LjHdm&)ts
zshO!-6;AyPIK7+(tWRWhLZ3_XKqx5XRL_0yx4rp^w
ztO@E%J^SOgk$C`MRUlizVN(xN2)i6nkh-vFSqx@dL271$&ZZm?FCqLm>UPe%Wod&r
zoKc(u7}FvbH;OB>{Y5SZgU^Pn1u?1sUn4w?NWlN7-_ctT04M-|lhiCM(K(
zH5J7R)+&qvxdo=#X|Fc67l;In;O6AGYl8nXWs7$bJ{E&tt>Lxes2+7=>m(H6SfA|A
zON`~Qiq!`o#^BGRR?jh{H?W8mtbv7b$UN&8{;m=pT)vFh(PSgE%_>sQ#Iqr=ID
zohFedttiT&)T-jJ(LAv@k*7M*Gw`Q7xjE%;)p&0yiAaNAeG*fE)?)t51E@If3
zqG^^wEIqZC$lkv${+6G;zshU1n%VpMCmnq?ijmmLv-cUXj|qMCO)_y(Uww;SQ;NPi
zV*uZ)zA6lROw3V2VZBWzwF>K9cq6XDdbgTAgbM2_*#Hz*Sm$jn!;8YI7P$aj|LC`z
zEG^>-YcJC>Qdk%H%{EIN@GVvP{($@VE#EK!kGg(VL*8jx27@rsn8K=*4#(MRqOv}Kau2SgTbEQ>0LXP8{
zA~qMROHg{)z?gvF0nd)A=%>~HC&Kb@4eSUtbeIV(NdYIHA51&
z`qko#CanGkz(txAeMeG{Ol|`$X-h4MHL%?nx>}LieFtBpjxwIG@c}+3!t-&F`nReH
z;qVc5I`w|b#nLh^Qn#Cykw|q56+#*QN$P+zHkHZy1K#booRm7??xtmMC}cGzQqw{P
za7C&Y7*TRLKEO)Wz^-iw+azU-j$0aG?3z{5JxHv9-7*yYuhJUW0ElNKb+d#?;!?ME
zG*egViaSEGE{C^ZrS3XOmWtF}2+uqC##V$z*1$r~Ahf7aMC8RBkgq7>dyLb88Ppqc
zdiB;mJW-S2X}BYQ>1z|>v0;BB0F!lzW1vA_d1M6CQ!o;tDI&Xxx%VdK-U{{rsHM#a
zCF|v0;kzS&jEOlh?|0B;j+Q1O*lnaDwz`&J!Pj%+JL-ijJezi#J#cdqx>A6mV(=5m
z6EQU=k1x@C9{DKKVvIy_DE}HgQfJai2MrU^(hZ^!
z&0Ky<-8;7fmJ&)Smoqnnu=IcL+`9A)^8VhrukbFKrMSJGA>zD8#K*D|zH9_K6lw!4
z*gq(bMF+lqj8K>x^ie|
zq>JEI9TC%GPz1cWxgc>a3_c}V8KoW`nGpXoWhB`zRB4p^dUz!(R7)}VTOCmVE8EnD
zdaRGGah~e)FTn*21ottVE2dtW^iWIE+;c6ZX4V`cLERe{g5Sf_L#+Tk!bxDRMRua%
zxesVE9yDw#(ERE%fd+jDH251q^8*7-_vyMi*cEMy-+v%L2qz^z+qKB-1eYKlBtpTJ
z!Os{|s^fJYB{RM%W7I!Zn%oTvmb!)~4jz;yA81qW>6zM)roiw~AAcE_sq#6d&LlZKe;KaDCkkvLGYe)CW
zZ@)1M0+OzjMDjiAs3q3fzVj7`&ULmw+qSy_W%A}WVWMcA?W!-xA4zq;A7jfnMUzf*
z53zJA`~q~_D}L<&i@VA0+kL8i39kn|gIx2Q?yST8Bv1@Yyiow~6W@2Hzb10P&Qap0
z^&?q24n0tn7*ZtZP4wezK-ijA
zInvF`ARW=6tt@l$V;_hdl8Ohs6&
zV{RW3flp$o8IgrEb4UUE>&3J|L*`uBq!xehihqRvI{;?*c9Kg&YSWX^!F+U3Zb!uB
zyKzoP37CxmH?ucn?UrTk<|@V_u81BkKXf5=zW&Df35f{cnuZ%3iqJcAGIw7(^X>{c
z%Cd-jaTYXfX_##^`6FTRMWtK7D_qNKGx@RGKmBrrG@Oj8fVUV7)hMe2ZWI0wEACSz
zanBZb&9yHCVH7+u3b#=u+oi3U+NK!XLxZLpGcXwL+r&q16MH&_0dyoN(t17A?KQqO
z=B}*C`mh;3zQFSfB1=8*$SS5$7XVh!iAzxVZKfFPTaU^ihk!dAUbK8eW)TnG&FV*A
zgJ?kWPVfhis4FkH0lHPNXyt3J8uV5o?-m5J{1k&(jcJCYy8Da3)+&AItr*+}0aNM2
z0L37S3_??`$J=7GE2tUC;5nk_tm7my_y({a+%-Is!6l%Sk-^)jymUb)@kNJP!HTh8
z-$O;mzf0o1m+*~YcVja>dRazQ&9WRflT&BAk9%kR}zPj
zBAO|Wa1zP8i&Z5Bt&HkYR7wM;0zrqz4b2C02C+<-vr#Z65o}3+)j+j@gd+40(b+Qn
z*2g{Ku!@s-PNh1DBi#5Q;-j9B|5huaY7g0=o#;M=o(ZFbG7;6Mw2vkR+EcukFc{lG
z9)V~-qS_7XNVG_Nq^-`5WN^YD|$PO5thhfO1yGD6Mp@USN;OinDibX
zSB~Yv;LpP#`_)uXt!ubPre}tJehHQDUmFnM?;}J&OQv^3=_RyXss5ZE8^bWLvqX`^
zkCBggB@)eGe%T|{bT57?GE>Lk>HkJ9F8wbC72P0m@d39P^&uCpN$8@vfyY=kYI>hM
zCgfssvwOvtiySL^a`DM>0OHBTzwstrF8*4J)~h2IJ4^hXbbT&BhbxhbleqE8QU~{$
z%3~xK1LJaGeM~Y}YF^>KPcXgzQC{Jwl)S>Na6O_qS&J0e=p-LHa+;F_Xeg%_$YY9}
z-t!)%!{<$R=6-a3HoU671Tf0=ouYi!pIl#Z9!8$%A1Hr{y^%cMcyTbr-u#CP|K(se
zw)^#NN(atoLaLLv#0Kta=t+1uecdw@VH^&zqi}Tnz}-(VsK>RV3IDsyeu}5XZFgeV
zdaCq96yRmtZlK;xu@7e<|Le>%?yCp{j0C*3k3G?uuNj?LLe_x42ZAq2_(*$FEdq1p
za5Dwgo?(V~VRu4Me6HaP9qpcg=<`_qDi)QaZ!t!1N_K-mM5h_*b=6^ntxMfqiFA1E
zSdJPCRK>S&x_|SP7Mr5^y+w%e&qD?1$v>Bp9Mz7fu`^2x{Rplfj#1mXM3
z@WN+b(8V&`)FY;yV=v;^QF!(uEe%sV{||fb16Ng%KK>sJja*79D=XJ-t{EB`nU<*)
zniv@t`KQb*MM1$32rfpZhN3Qn7!|f=W>i*Y)|!!-sZp6&xkcp`+gh=$*+r?SwPH)S
z-}f_f&OPVcd(rmu`Tkz7@9*_mU)|pKo|$=O=9y=nnR(9PUR9f_VIOMub;0{sA(B6+
zu&C;66sI<`;ZBPP@k}x7l%38cM9BfCtsD~1H~rIH!1C#4atx;!v8Pz<$zjQ+*sv>x
zV~8zbYDXG6Jw9^X5DA$c?JN-U{t;$U9c6*|x0(*28>Q>nmpi%@JjKE<5LvGCq2;?B
zTVi@54zWIX(b{~G{^xqevBy_p#x%|SjN=^=Sz#d#3jI}aZ^_Z%aKjt4n#j6?KlmDP
zj`MiZ0cC!85cf@4o@eaftl=mp^AoX9$H}~dGT6X2>tAw)EDbuDuNIGQoy=`pmY!G#
zmyigHsnCGKYUkjdueQCmOqcm-Z&^X_Tq}3*kegn$kO-zTpLmIGfkjTdh`o2-eXev<
z#i#F+_*l@1QX7NrT`3d39kaez)*#ys$giBj``@eOjbGQ{28(ia>T)682X7SorxK~!
zrHpRD|9oLa@ype24!kwsy=s^A3L|q2S;<`~_?W%{%<>$V8OQjQfud
zmFvRMyTAK`UIfoYrTXPRxK;|Q#S_TBnW?*hh}v3=Tm9;t)AQBy7X;?RKK;elmFWj-
zm&l&IRQ_I}&eZ4*HWta{v)Ci*p!Fia
z`d17J+fm!vtl<#1ufO7iStdI==eZ)V^737o))p(+Ofk_~-)z}=So;$*Jb996RNuq?
zq>0fCGQxJ(E#|%a>k`k^;M{kLA&U8)veLQ
z`dHaT$NsN&(G7S2{C8j%ZEzTNRDYtXUdPY%>QgVHdZ4L%y2M|@
zoM1QC-rimQi*Vaaw}5p1o{CPWDKe~Hq}TecRytH$oadPl?KlqAIH&8E8{FmNzd%c-
zB9#M8X6dRBH91{#t!p9&do(21`VJ}YCA&-2wy)%4*zXgzv}#VJ=+Hg0bsp_v>%cYy
z%dML3&{nw>P&^NBuO7x?pHw`r#h8DV^u~Vpm(7(rqpIFsE`HdR%<(m%&S4@Ut}i42
z)c3DJt|Hi1Hj93$)pk4BCa;y4pSi2us2+-NE>{ih9RJi-+_f=#iYG(Va%ImGdo5zU
zidCKbpRZRBs{Md@cG#&OW1Pxv&s?vL;f$a=kJwum`^kGl=5b{pf~#g$5G`*
znH{#@Ye7r)(+r(i;_ah)9IjaH@a$FoAvO}eG!BoJlPOfUSCq55MeNdAG90#~-Fv8F
zzac;0YI&*Nn9IIGZ6rSCvW`}@w->G^&Tz!Nuxmj%)qT_ryKck=e1Li`#P$P?`?Vh!
zrn;&8z)0kwTf!+dF@e9)e+)+*vh!UPDWj-#GfdwB47v9s^FzM<+frAkyE7+!jcQ2X
zg!zK{D9aV%<;g$^`gE6Dl5WQr)}K_GuG18~SU$GnPlD&0@<)5riB0BPv$lOT-*06X
z>)Zg^lf>>`@M1rhb;;!r^vId#u=UDRYkebJ8;0<ssCAR
z6J;AtQDu0yurmy`UuQS$`8Qs-LhOd(X4KBS&-@ad3O=>m$1JvY@GmlY!8`cZSRBk9
zd{>FEg*mkZx%WptaIKV#V64@y{>yZ99%|NPyHCDJ@PGtp_}thm(uc^)p7jvG;enr{n(+l
zL>&Cg9SDrFOpm-c>t3o-{WIKBoS*t;C_d%)WJ#=7cOAmrL>2$z^
z|6mfkrz+#lexy|;{fq+;8h2HFer#Te(_feET+n`#PNiciLZW=}zQdvfcjr1v=Q4EX9;;NH
z`yBY*l5L9Fsy;M@xf0yD`{j6LX8Bm%fN*^4oHw*{8zqnK+#fmG_4J4m>(id>^Vd1S$;&g
zskUSSJ
z-}N+}+=(@k^7?j<3=4(iVSnEM?uV5oRyS_rgZ!v))$}g?607D!+wZ*tisr2{yvOnL
z)0tFv@L1lYNxkKxYnTnDxc7A%z9MvuxP!M(@A6%Z{3dbLY`geHR`CJt6@SVs-ak;~
zNmdzo6Sm4cU8ZZDa)%`bU}i~>%?IXU+lR|4m6-05M_c9hZ1sFg<%Xn)
z3;Js;(<)`u!+(w6=!PvP(iydTRpTd(Y6*i?OKb4lW!AX}m{
zUyG_=f94HZ_!{fM<>4UT_x&R0GPBU->anSIHJ}8ap>~9n=KdYq
zaNj*zYxN`|RkP`idMi-xPOt+KALX((>#dH0~=
zmZ&aEe?n=+zNq4sGrIio0Pjm{2t+LA4XW(;67tI;JIKU5}6WK$0f9l73mH
z6;dckSGbbCG?Q+Tq+XI#=1>Saul!MVQC$`_s=jN};PPcZD2;0q82G3uZmW@EjLz0
zgtKi*_)9ob%fiZ+tLErctVx{18t%7ku1+9v_weE`I&5907
zU-WwMx{QHqdFkjIt!@TtPqAQ!_{*DJ$HWA2^MS){@w|G29e?q>T^e;p!C9<~oB39N
zEuSjG8yL-Zny@l{$t7RBjG21oiN{#@T4wbvQgYO0M`C=hkY~nwN?=|jox#gi|
z(oRWw+m+PIOnO$5o_8fhn@JUt^nferP>EJYfg}~WlJ=TO6D8>uSJDnM=?Y02E=gKR
z=Dgy5=y$R@6!3@NN_lE(1s{w<){Y3=y=7PB1E-mF43U$T`1p=DvF4d;$HhCXi_!MQ
zv(-g&?O20j(~HE!A0@B3c5LGiqc2~{OwwzIJ(QC2iSJIi=WJQMbM4rm4t-(Pjv4aY
zqiw-0@2iiNtGxORbL|LJd#WyL7R;mS
zptZxANMqzYu08X)?2GI*!fNL*%7$Az`UG9K1V-2bKSpJ?z!aG__^xK!<`igEG>9;Q
z^Sage8tIE}q0IH9pta*f!h@DyS+GMqu5;~BG1HFQ%CQkUUPpMS-56a5eZFql9wjRY
z%}wQC6*fkvV|pFb>e6wDy9OFb{Hi8O1Z>c!iI$xSv4$&lXU2269ud?c59?ivigL<5
zO9{P+tnz`0Y$`?MEcU`IX*x-J@iSzFwR7IKMCW|*Q}eR^Iz@yk@3&hf1#NVmrWQ1<
zP+i`Z!6BT3$`lZMP$^q1SEUIPxf@&Da%`7B{>rlB+VHl}NXw-)NrRP3V~CVo-H{H9
zbo08>yvBoiQ*TMG`GmHWIuEd)`=zzIy!1mIZPlcVRQoo0+_cuWVmGoLb;}wcn=6;B
zo-*&l%GxYbUx{XY64#O_FXwf$LKYyJ6g<3|)EPsXChr20tG+w?6TeVA-TJ^J9eUviY%J^CBBy|JJ-lgjM
z^rB=b_7a-bWfNW|u|`|LNZH(m?ZtYBs00ypl@?_U;r5%&*)fg8K(A_j``GB0CN8Q?
zEF#?~ODr0axM<$!;(0~J{BBlFSitr;vv@CxmyItnCFoY=ZbhVYTMxLtI3E93oLCfb
z@LB7+h`GfS^BE_}#x-g&NBzQEwQ@H_jij&D&=7*Q`8@{sNkYQRZ(wP9eAWA=JQs)n$Vxz
zT3aFQy5UO^F5h2V6Zrb#M>t_6g&ngNafGJ*E>#f}rNAzm5@LxrOMq*_LNop`hBv55
zkLDYADK(k?s5iv~TVu#b7Bny-|Gn7VnH#rI%D
zMdRC~1(pSEu6sF1nLhrppB#&ZPTg*&7Kf%**{SKFsSEAYt3p%L?9@J?sUt~stVr5e
zzE`JKjt{lIpP0bRX=k9Qqi=zD+yy(tm$DGGyUx5L-lVMKn@e0P6T$-P#tPJBer7$W
z^<_xKIz2%?PcT2%CQKP6+9s(sAq{V%-tJ7uaIZEYk2t7R#lx!d-F%85@HCn9EFn@<
z$fA=#a-EsnBG%|$bk2D-ud;sR?^wjmqu(zLl{_
z|JmBKomr&TrWZN|txYA=ZLLjnr5$>0G7WUL%zNdkvAgntw_wDgmoKE_5><71q^o74
zU{1H+%W`T8iD3C^T*9JAcFXgABTlH)xupG$2M0oB{`j3O^KBH_c)43n`rcqUW5tDs
zwCy>EoCPB1C-+kJoS41Y_QzxxLL}VgkZ^@asJ54}l0eVYg4940T+5hu6lPL|1(i6K
zFmbLm<_(^|HH-HMR%narik|VicTnXpRb^t4jKSYk1c{YGq?8XFI#&-$9>+AJTh)l@$4BeR3k)a|n14*o@g;nw)QsopCgiy6ztR=p0Y
z3v1j`i%hA#2gzna#+
zsAB=^n)-%z=hEJw-9v?FVVpP=*F^c@pfoC20ZU(ztJ+qoI7m^Kx%7Cjj)z&~McO9i
zW91v+o%KDX*RCp6pKiZsU9~?F3(@tXKD8)z!0=c;S-FGd40?gp;UY^mzAdn;xmL9(
zIDZuR8$WWalhR+^4>eXTYRUyH;L|y}6RDi0LlscA*;c@#9GvKY5>l+fBp4pTui{`@
z(fAzZ5VYE6Qy^qryIM->V^$AZ5>#Y})S*+2(A3}Csb4Ztg39{EqwBIeLR0@?r#=;$
z`X;H)rm9g|{XsxrerS;jTj2Q6)Vv^pN^7GLcrZ7p*-7DY{y}n%49eLxO$eBjXG}(QsNt-U`OmmuD`kH#LB>bLkH1fFRjyNWS?`O#ReKEH%VClZZO2D&KdU71
z+1kYQ?0<~1@#|?-h3-U^_$&3ugSxM8^(}Lwd_&K(hPQ87BDtBZ#etphH`tBZ^9Fi$
zCe7lHRn3k0H!@=CD{})GW^!sNPFx>>upx=n{3Jb2L;u*2t)5QL>CvSLwZ5BlN0oY7
zwUe_(U&ivXja>3I$f%fY!hE)HP5N^+YOYP(
zpwyqZ0UhLDSIm!4dF4k|Wu(M0-)H9iJ$dE3nA}>wLyV-9gP)mS58v6iI|BEOBoI4JX2bp@fVR_FO3~~AjC`E6t2hsyU1~&MS6!T5@8ql
zSf)?V@n9;NH}8@=&j#^es3
z50NEg&_4A%nkWEC&1V1e+1wn|+SJD!D`6ChaYX~oM<1Y2+ju{`lLX+~#t%P(|R4qbkLv|wdST5~Jy$ezTOPK|-7CD|<8GP`fAivbNgPyJ26EkIO53Cn{FsVBCev&1nI&hY*tIfUHRz5rEkm=r}^sbIL$NF?tkDP
zvz61V$fYv8iT30gur8+s@S2hMUe3;ayPT9>Dz9D$MkZ0|Ww&Dk#0hjZpo|uch
zwv!hRJT_Nb!NZ(kXgSlg)_0Z!Tt&eI8l7Jr@+Z-YQoMd%Q1V_RSL{MhTefF#osLN*)na%bXAq>
zSf^wJx5{T*9Vd%T)1sT@h-2A|E~8pAOJIWc
z=c{V#pGAPywD-%9b^Ja%RpO^1`QZ-14dS%FP@?<
zTI#w>U39OLjupf9AC5n0ds(lIKE4X38(J1M2VDPM;^p{Un~-1z_rzf*ajC&vS&n;7
z=jgI2C8PMuwvv>LgZ(V+IRq_yQD>7uyI6#3#SQrfZ{2_YY(DYX;<)eB!c1*WDox?^
zD^FTm70D-aNB81PJ$iqaZH<-boes2yqT($Pr`DF4d#nrz8Fjwmh6uf|$vh-Wt#6Ka
zfg=fc1q}zuT=KjwqrN4%eBd3o>9(9Dr%@4W>eaO>{b!LxFKeBOB)%9NN$i_tM-qGR
z-W^Gdli6oS5>L+5En6;H3JGR>p>81SV8%x;NRC8h=PxrO8cW;}z$e&p>HtNJso2-W
z=Y_~DbI80KnT-i+>yj-GTTglaw8|+PzezZ2|sQ?
z!lrg3i4W3*|16St?_TT3%u`BCm`LIb_Nt8~
zk}3w_iX_f;xb7OVu{Z=Gi5pY}fjClWhVJ0$VLLd@(V81+4OOX#$PmV|(XS4F`ocuF
z)Qe52Z@wF@kDoc>%MlK#U%f_dD;US`DLt!51
zWKLVll4JGC%0b-A57F*NlKQk_jzGkJ{N)N@0NjIafY
ze++6&?;wF{=0qScB$jyiS$EYc=O+wpNG$O~$r&6=+!n6*3MpCBHnjE1q$FxDyKJ=q__s_D(*nL(r{1fm%m(*yY%*_a1niSKGpqzcq2L4hjkr|Bv$4XyG9Ijopf&T&+ED^=>2)%s3)#C|^;
z55cyiojBqIwZWI8kSmUOA0AM}5qs;Xqt)MMuooT1u&&f{ggAJeR4f65piK~&`2GvM
zp&^~EmbHtb!hlk$rAJDD?8REyW*sf&IQ2C119TohU)KD9LQf>c;X;jPuXRsDrQE}tMQFYB@dHlsL4M;~
z)+Xo7RYl&mi>wYU@@lvu586d;qX?aH1V1|Zen#D)C!P4T#?}t5hu4PPi9sJI+9X)2=F>&@B)d
z{95cqbyA=1^tR>tc1k;9pFysyMO3g(=Dk^iqb_N$-}}{I`i*7Sf&}Yg)K4+XWVa%q8MJOiJNM@TQHCq%
zml>_QL)JOv-@`8u<8U_0vj&Cgn)G>~hN-ui@|&gCC30SIgzCB}<0LTV4%MCgpxAtu
zMQ`Z2r9326sNKY0-?u_`+Cjc0Ueru`MW;DKb(_Qql}g0c6{>q}xtdk(P~AG&tE-Z*WHP&JCQU)oN6)7i-3}*0)toN+KV_RbqapUuHSF
zjk#ZR+wq0T5o|b8V)SJV^`(ckz7y23Rr!QiDe<{paR|;OIf8R3lx#51dRY&N%tT+=
z_`Rhmxk_YtN+GN>GhAb4NGh+8Ck08_Wu{zcr)<_KSb#b}o@S^Ydr5Zu3bg)emyW7k^fuv9=Wa#2#zIlU
zxnUAgB;kZG2}*H4uGVV7lQR6Zz9-e;Ru6-UPiUK3y;~W~prGd`Jpqf+PsO*et}ue?
zej5u)h*ARA*hyQ8lJz8(6Y;O(wY~iTD^kmoELGaCB*?K>Em1|H=5UK!x$GQN7G0@b
zf$RI4Hi?JQTMkS3m5=C>__HXIT9OvLp+;F({go_K(vsQ)`SSxqk_`Kvnyh#Wnku-)
zpA)O+osRaDelMC*6HB{>QOS^%~&uHv_7P$Pl);cvgReXx0
z%C{e;%88D^WxX8j%L9)+XouaWvMW{`hS*LUW&x3WMX2m5wJP2kUOhU=&G1
z4u}RyWu~K5wH*2M@O2B7b1UxA8PANu;r=)Vb3o2Q<>G>Cj-y257I!=|iH)hQuGY6#
zZra(VvHf~2EKzNHgH7Xoy-QVtSd3sx$P68dP@{GpCR))rhwXOI=4Ff&(96(iR2q~z
zz)t-)b3Q2bR6F(Wp{Xr@3P|1-n))fJ&X|Bw`b%pAMeYeL^0X~5D>St#!4LGuLUuQ&E|V=tpC{@|TG#$`W#m
zTRKSC!u8Z+7gU8G3wmhCd8`>oJ`<~(IE+BzbvnWcH{k49a7%c0(RwhUk0t
z5@TASHn6tvXT`ki%ZbTa$CX?T7c^~R+??(~8F#H%gmw?BSlxr1>nq`kRN6%{LyIg4
zS0vRgagUiO&)K7%(`p_0>ty!*!jc{Oe5U-6y7T!=w9E6>>^F}d
zIlZ%3dLJA)eL|gb?dLPcvMIsW1R|&TG~>5KPUY!PnqDs_T<7zd#j?Vv;Hi0%iO@%-
zc0;JMTp`pQ3#HMl&)62t3Jsh-p)xoFr;nix37ld<>IqHD0PmFTC8Ew|u353uGH27Q
z)a!MmXxxbMpp8%xuxm{XM6hn?|
z#Wg9?{5%FkPZPeIOyaW%QGo#K60xmPQHDN-YB$@=W-YALQWYEF6x;4OwBtQ$^i(a5
zcCJRER1)l3!`32=DNjkU8>PDXEbHD8W392$*@5DI)n-+KqpJTs<&qg|y%=}5x{r1A-|)GK9`xc&DzW35WuM{>y-YwgJa=0A?L%F4Z%80RYO
zsw)EFrX6(C480bcZaloY)oSx#3GJ3mLQwQIyUM)oh`x4~Lzg4^x>9_Nig&smlzgH{
zCXOrmiqB3|+ocl+(KVdA*}NH))M_Z)>!nA?Erq%Qap~ZD0tLYDEV4P~eUFE&=G0JJG$}Wo@*8W$S(RE8yCLEw@f;J~d
ztoAIc3F05V@YU)4pQ@{xNX5Z1K}vj7E(Sjca1R$v&0fdg1{KM&Q!gYnMCn^4OclBc
z2E1Kh0u|%Z%y?}}Ao!iFFRB|Y{s>?DVC|k9N!-6^O#Nn7_PX1;bq5k)d-Z
zx^ug7SkH8de`D;|$pG?xdyHuer8vpZ`iETYs{cq5>&s1v5~`CbE^$k=pZOFQNBSLV
z$Ja5|u7b<5@Q4G93aGR}mQ3@a6f+p0gO^wX=t%h5>l}BplKbzbwBAJB_%d%pp7Aut
zu;XJ%uAYi+q#07oER%KST^nz%^;si<5E@uXcNGfw?k1?}f7Rc`S;(|dT*}uI~OFuzn=kF`n
zot7*fC^fjmes1R5FWY|l*j6R^E)L1}u9j2&3yA0v3FcNhj%yUb}rOx5P2zIJU|*j)1Tmc
zmsGx7eNwbs@
zsA!uEis2QRlJ%U+b=J|yEZ!yxK5=&ETBYd|#RBb?m$|B`p=_gB&G+v1^rxEF8Yt|G
zlIdIeW|vJb$p|O&{jkZZ*3m^}%ViYJu9m5KZ@fWmCcp5Vlus#c4O^=IVX^d&)-pKz
z_4^`u|EYQ(h*7_*KU%umDj%8E{Ad_!WAr((G^op>Q(4#=qxqlZ9L%M58Mz$`LO{3E
zS+yG1Q8bW0kaUeC-5WM3o}`0QLyL5i>jULF_s6$4P*zr}{+068_WyKLub2N{uzBZ2
zrGT%3E-Fpbxi1D(vN`CwrJE|Qn;tKHBexq3wKGX?4hbPmV6VP5#Qku)8uj0-3h6&h
z%0UXt|7&W<$_GAb8frbWo69WMQbcWn5}%bzx`U@nGt573YDEdw`?KBBZZW0Z6DsXz
z{fJtPwC7zp4Vu#a?2x9P4-d4hyD4pGsI+Gs(&jm&r8=Z7CN|>e>3(zid@EZncTaD2
zNV~ux?PP~Ec|P1B?Kx9gRj9P%9n$`>(C+D557_S;aTgA0xu&!+q0(N{ab2ai2OQGw
zK$?4J(`C_6nKJ!Dr_9ZibDHOCG6)w-bM#vJJ6aQ%0(!t>!xcHkE>i#JkRm@W2vbX)
zoS1YiPlgtGBV3V3>>_!gMeYq(WTsu@iqImH!WFs1E)q=<-_z2!;J=Go(6md+I+sS8$TK#v5oNbcR;L8AYDqr0w7m~^}N*7O%Pv!b}@|<%0`h8#Z
zeeBAob8eMAe1)|?kbSlK$oGYa^^|JgQM))rs*>8v)Z3&XDxpj9tLoZvNp{HjPM1|T
zSj`4B%~Il$R15XZ6qTa9zy%MfMCFglm#aM1s;APs+^!bB5!5bAl4`YeFNq!gC%(^R
zw=KtLExAnhUAvecHcFcMHL26Y^ovywA{sALO)+!U`flSO%L%tqesmdq)cQt=OtbYp
z)WlSSAW46o$@as&mUyo|INUaGCEz#&IA_ELDY{2Z%7CPFB$=jrU_BPH_&z=_*dZ1X
zbniYUaPMBn8#qn|;w@e1qGQJ>`{qGp-xXp;MBd5=-ac4c(Va5u<*|wKfybGbX3v)9
z$UUk$GnBJWYk`lozRj7WN>cg2sb+zJwv1OU)nfaH$f$D2@R~9Lw*023R=1+Ul+aud
z+=^Qr68Z;ASYS(-Zc2DQL_&9mgysz0k3bu)uq9k-O2`V4@F{n&wPI?0&s!4IrU=y>
zKQGXWC{se;5D6{_Kgjn(|mHYBC@1gTB?x3}>7L8(3M)TcvJBkk1E(A51i
z0+MeFP2FXujt)&-XQy63s_z|Q7&te1=0sYkAK+WiBtIj-!xj_dohRNh{u2WLTRm^=T_xllc7W^2XT2RC9Es8zDMVafEa=;G09~e
z*bJ+0$Sf=>DRUB>_K$`*6moZLsaF`-cf$S1SwByvsNp2qukmO&B)V>N-gJ>
zh+6c+jAhC~13D=q#3jG{puT8cY2y}&c~P>~7w-@nDK;DI>s)^pu8Oph&Cy}KzVA{I
zJk{IdrMGJ(w&Py@O6MIeEodoAJp2de4}=D;{x0Y$8Go*`?aO))x3u68E~KT5uPr%L
z`Y}DYoazX-wUl;{>-O_M?H2e<{H~*bGeYgbmHPPI8btYc5V17zu)Jdt>c%gF=m_-X
zcSuP7u)_yalU1&i-_;EiNYD;ARat+yZcDZ;^1xl-yID_>ZLd<1v&VX^DeL(3CGAEyvI=!Uv6mS3
zaYu@9Y?!0-ZjYyGDRA8%WxcXG!D!PddsOAOE?VUGMOyyVW&ZIO4KR%9UB>O=LdQ$g
z`+l!?xxa>(bC*puEZECyoZk_sqgq|u?RLeWbdKd0yLv{BKx^bjp7^>7M}zD*RH^-A
znh)nlr@EoM2I
zx$Fbw=WET+waO)nZF0v&{phuF0~_S2ilEg>U>S%=e=pIUYb}0K%V;N?g2}U6bDq
zm9bGOspAPjMoUJAmu%jYhKAp!dd47*mfvg9p$UHHd5&w6IP8P&N9ax~MLTTB8ijyv
zMSZH0zu=#P)DVkES|)$G!S^BOiSlThxTG?JZ@TyPvC^)WRm8kUMb?e^(q87VimiL)
zC@Y0(ncIdTH3^)S9540XUCxueWrhQN)k=B~~v#
zLPp0?^|8;0=Jh(Ervx=9v;K>|O~P2QxbOh4V{FZphY47~=&P>~P{LN;V+wQq(&GSJ
zh;x35C&-|QYbjnu@fFUYk>5^}*iHE<-hM11Y*!3vW(unxt=DN{8JsC3Tba^yoqA8U
ztMv`N4cI@gM5HUzRQHQY)zjn@Av&ZlpNIJ)Nz~K;H^UWD*+;U~Q#z^V_p{NO{BUMN
zQiOm;EA8AXd!5=u_3*DRj~)`=y~QVeVp6!&WHI?}b!&th;1v*b0A;-7-z}
zm9ix38|UH^(M7Fqr@1988!e--%T!N=Sb`cL*#wS>Njh)*uB6w0>4*oivV10UUS~o3
zG3MLNVrsmv(V7>-MDqe_ONpuAjeX~_%OZJd-tkm?t?%g!q!!QHY!v)~tmgQ+r6`lg
zVOOFYyXr(lpc7&QG)Il`yQP5^VtD*Ev%cJmhWqZV2%M69Pbl>$Cs)G0*7paAZ@KS=
zV(xmj$cfroy<$Rl4bIJIVCQA|TC|-ZyL;2mbyx4j|HioIW{j%M%(W9Uv%O0|rkR?7
z@BwzRDw`(D!O~a1#YpSQ=r5(Sf
z>cKvIR}%lUe@(Su1|$D_*^5cO($AAizxLh!m;}Uq%AUoA*uSRQ?kaODR&WHh-_1mF
zuNJORskz0am!K7Fp#<^D_@jb$YcEnOq-=p$?`ZK6S~8HnIffvpsy`jEArH~XBedck
zI_VmHYv*FF)M4z%w7WVEz3n%uKipZ>yEv(W%}(`{TAE2_J!Z*b)|+F
zpDjPk*mOMcJlCFI&D4&vM#wm=(z~#hq`+V8++$rSt|^opbL`J4@_DBHIaWSTv_E4_
ze1C>^P|6DC}EtAYP&;J+I9
zuLl0Bf&XgYzZ&?j2L7vo|G#QLp4#&rqgy}BGdndaGtDz<>~+_A(sHI1%u3JpdS(^m
zdp%RrJ?WX=jPyKDYPKgeFE8~@PmX$@Gj(SAG_MpaNGBep{v{SpOHWTrPxIt^Q>WdQ
zoH;Ag>&eXa`egUT$A#?y;t>7^8CG>
z^zwGDOFh4=(e)iio@KmN{y*?qN1J|2J7&|?{bt@>P~QKR*Fwt8&JknE&&eJb2LY?_cxwj~}dYU-Jo@bdQv^v1=2P(;Sy)%
zdhhh4=TA$`P50!d-(HZOJuO|Dmha7@U&ip%v?HV%M&!0u|A8>CGlH(g2Yn7MGcqWB
zlKD9gmhi$zGQ}2Bvpo5kg`Q~{=nEH+m+!HhfybNU$xY46PxlmLXHLsWqdNt7kr}Dp
zbgpOW?ixC`j94nV5a%_ifReYRXG{61=`-j$mr=#Eoa{7DMrzh{PtJ677G9{*kCoJ}
z76*H#=M?05(lTdcdhG@){fmBoL-~yKLd(^2Q+K*IH8ZPUXJuUcFR{>@hau!-pMOV2rZ+u5m$_pauyXa5
z^UnCN)&J4^t^OZBX!Rd5d2wB<{}f&~@>1^fnu4x(2$RQIu3J!gKlAelIFVP-`oaDqE9VYt
zH8I4&PVD43sJsKyq0|z*{?~z)4VVi7nYTNeL)U$
z7g5%p%9ze9zk0fw-9}!z?88uiqZk{f%+#!rSvjfRd?QhIS)S>6IkVJ8jK$b`R
z(kQZ0t{otIh6^vkO0Hy0&<4g|WLp2s^h@l-;RTtZSTm2A9&e{R3L_*m{gRO^JUMxH
zy7O7}9f3tW*m^fFH80G3a!vl-t^Uvd^!4T|+e>G8k`50Zto9)chGpJk)q1V2#`YQP
z8HpXR+h$D@t5f!`2Sx9xJyQ#&PfyP?jCSP>%T7zlOP`)u7$n%7Ufvv5%gh;SZOK*n
zWVi4?koQ{~nwp=Vp6B(*M$IEeo~|t@xc&L*)_zU2U`;lCU}2gd;SSC$o(oL<8ZKpO
z?Kv)uyE8Xkc9Z{${UpZDDM+@H)7AL{Sx-LF=0Dzi{T`mjYaXvb=1b~xG{PL~ST&QJ
zqu;xaJKKD7^rigNoSZCY-ob-&a?{yj=Hv|xC&;6OQ?B1rw1e06yk_!R&1(s-;-~ei
zeYuxib|k^Cu5I(b#p`okKl8fenKu7fynZlW!Q+^kf2B4&8OA(3PG(+uzPTw?-8672
z>4qUAWNmEe!)$CMb81$)7{0c5`gHsHHvebOwfWn4o%MX1{{=o5^FCQzSibja4zxK1
zyrz5PZC+~jjC8|H8y_|?EvG>02q{Ees%`Bw2w7^+_soVi|L{Mz`Kx*L=KXG78+e7b
zM^)c$gB+>u7C91*)E>zu4Z8KkHvdmAwD~hOw)sEhwSdp*yhv(C4;K$G)#R=hd4Uuu
z%)cYmud>sCw_j@WZ>etczs+k1@0)nl@sjf4brPt>UB7fFkR+v#T))oV&+u%f&P{Fp
zTVHPT&*F6@pU>rWwDP+0e#VJ>zf;XCZT>yHB6&ZM*J-?tR(`sy!t{UKt8MOa+x)Na^1RmOU%_hfUd@~x+VAl7E3e&tBaYk;yB&If
zj?kLW{-D*Itl8;f(%D5w$iOv(I$B{3NmzY`lxKGy=Sj~_bGrNAActdSTC7zzPR`lw
zijX*p>_Lyxu30&=(?_e|&5`;Pyk5;n_v%8|67b27?GtD2v#dy|vnx0EGiI|fC%`Gj
znV!dRTc6o5v(uIx+vLn_+3+ak@xT9cU#-hEnES})D-5HEm-VmVb;GD(xB0~|!)Sot
zLHXD4re7hGtNhxNTS*t8Le&cf7TvZNctG(oYU`|
zv>C>=ggnH|jPtLyf*|K#n10@+{4)YqtP4l2N3St)9`WOGM2hk=XJoUlXYTef*osS=
zGT52eC&ea)qTLC(&dns=MITa-v%-#G1obiOzud~?z#)4|w$&)m75
zv$OkndiVCEP7@Oni}|&{@1HT-@4t}OLSCoxN;coi=l@%;x2UJHG1z19M|Ee+@%u03
zwV2ljyiU8z@4uhdXS|B$`u%s!Gww1xT@6YA6k=I=d{r)$2HSoIm
z7UO2)7H#{E^=hn_*hSin$}R^FR`#iu8s)FT?X8Vz860I*a{lCg_Btl-jGH}19I-#M
z8t1y`u7}_wYZ0+`J)EqK+abs28$cNvGU>u)Cl_?N--}eNQtV*82U|^LmI^$7kpZ
zuT$3f{TK0)1~}@M00NR_u>SMT{1!Qm&ggFFI|FQtrD^+bXF3$&37)j^lb~tdaiL?
zV7>ay>z5it{%6KH?sk9vF7R2e7yU14N68_}hqeAVjoO*XOphPQts8B0I#pl4*m+4c
z$;^MLb7Y+nBfCD^jKkE|-&x)nF^V|zm?3e!4P!?nEAW?x{YkuUKEKtU3*-B7uLE}G
zAwz>N!nl~HkTc*oSOOn}YvC7g7wk2!)gQ&QP2g`N;$g45Tm2K@23QEE7q$AUU>tu7
zvI|cAW2?UzZiO*@4dY9mgp7w{cj@*wSmb02E;Z-B#Bw)*Sglt(Csx9H9DtFbVFd$K9;V(!Zp!oA!V
ztb$|K(oVQ~9ql@wIrl96f%460g>WWZ0hhwf@Kab1H$K8jIT)U5auo>3ClfGh{;1pM+J;wysKe1`dbeN!NV|@e)j0l=C6Qxa05I9>*3mC+Wal>9au*{55Q*FITCsF
zt1pa)qhJc02`A9MQdkH-hAZGta5KE8W1GJLu7k!UhH-f(+6`C2WVjh-!Fsq9#vI$`
zUk@wb9=I1Cf+49|uQ3FPsf4;nT1h?ty#Y;LenX*TJs*b$gHB
zwfTp_%i$#WAzTFeMH3T%kHcNC4*Fo>@ooMn_BQKaEc`o6f>9?B3xe6O1TKPW;TpIL
z_U%Hv1Wt$1LkwdHjDtI13XG1S-7pST!ufDBdWm(a5kI(tKeMN
z`6TQD#=;sn4>rIGXz-;*8=wc)!2~$;Wb6uN!y;G(tKddh10%aq9*%^@<+LAq;8vIf
zV^5*qa3U;$OW|6$8t#J4&`E(}Z1vkJ+Fs3{GhN*BBEP-3$=db~`L4%XpxZg8gum&cSc`i6JF2DlU&S2J%fLf`Nym;g5qK;N*(K;|{P2(E!ia0grs_rdKjauoZ8OVAf=
zfXQ&&Ap9eoaVhf>&VkkNQ@97F45r>|n1|2fmbaP|$@H(Uc3!H?k@_`3<{3oe9BavetBzImS7kn0u
zfWN{Fn4F5<;Qeqtd1mEsV*xWoQ%DI5mZ!?AETyd5^d3K*TvyoGV_TbK-w&!ap%4=#mw
z!3}UX+yhU_NAIu~>^j{rZh`|~4jc#9Kreg;R>Ch~HH`359-a&j!6evq2KEmJzz5(s
zxCMIQZdeI_fz@zO0p;N+cnD5{T{EyhH~=nz@k~l1ulhq;dk&bOuqyF
zoQeM6P>@*+$2K&JZI00^eb6_1@37g>-7&D7`b2sH-1x$f8Fc)@S
zz&Z%G!WuYtA$9_{z^H8Oycj!!qhJ#B!VLI0EP-#pwXg~9g8dg!9u~r=9OfmAh20iY
zFPsQ-;XSYdu7?|-57xn6OK3MNg0nE3!#yR-k=9=hE;H5Ier&5!F{mjGUi`C{eZpT
z{cr?)52nE$_u{uWyFxHDc9>CsUN+tS-K3D_qSx$Rk9W)Bqk3bI`
z{viE;&##~!_$gcjJ3T}_FdpuJvmd4&_&AK3%{*PjxWoC6pntf(3jM*pYv>=$ewy|{
z&pPxDTh`;(?l6o~pF{6(0Gt3fJdgh5^9IHnu6cp+f)~GpKZL_KQLd2jgoEHaZ~|<8
znR0OE7UaWQw~_Bo`n{e0z~mb2310p>_5hc_4RG}i_H%G+Eqa)PzILGpm;e*txOXTA
z*TNFm{aySOoB(&jYS;{YFy=1Kue;F$Tn1BMhreKluo70n9q%z;Vf6dVSC|Wpx%iI{
z7%#XACc%{-Q4ZF_3fOfI?S;8;+&shh(zvETm^T+t?)~@7q-E}@Ql5bznk&+jCR4A2ZU=e%=R>8Pt%EO!C6y|jaOkm!wmCtY&EP_55#XLLdd&Uj+hieP5
zYgh;Oz&(uXA$Ul}`3L+F<90b505f1TdMJT$a4k%RyI>ad!KEg!W#5395%o-
zXcVIt=z&{d0{jwAfl-HOC+q{O;1E~?t6>A&2?@R#gMXwvoDCD;gK!Gm0~f)`KT$ut
z9qxt)U=utHqtXBDpJ_j=gvoFl%!2!2^b-2rLOSdZlVJ+Xf_ZQ$Tn*R58n_!az$V!F
z-<1C&=UNyCN5W)S0<+)?a4D>Z>tTmqC=dJpioW5kuxknZg@fP$I060w3*kMj*eP5K
zx5D?}UP*_CVSF3*S;~43hr+pV68sz%!QOuSCL9BIz&yAQ?toGE;0L(75eJ9EWVjM$
z!8*7U#zy%4>tP1m4d=rq*aoA^SYJ9&9zG9~;kPggo^%Z5VJut^N5S22CTxOpVDwV@
z2jk!&m<&5dQXbBMOJN0E51)d&CA}l%p$A5n+u*Y$Je+E1Rm%^;h)C=#2yI~D%f(Kyqz34rfdSMD22Nyyw
ztb~NfltC*
zxD{5wf5Q!MR5!{)FKmV-FlIS+0OR4cr=vHx8hYWkuo9-7f!<&ZY=ECb<3aoY^uR6M
z`E63T^Y?sfDBKGd!IeE|H{1_*!Fzi$-tbEp{U`P}f1qA?0H(kZy=XTa11sQMxB)JM
zb+8IH!;LUz1$sM&@rJ|UI5-}9;dWRF>tHo(gL~kB-q;Hq1G_$C7=MHV;0`zrc0HH!
zFsd*10#Acm;ni?2^uoii7emq<8
zuwncKj)0vnKyUEE{>&3N0~}Hs!VFjfAB1b+I=BngKp%`BguYkfhhaQSgDG$h%!Mmp
z1>6KTz+JEocDR)Bf`eepqu3vehaCo^Z}|+pa4oEadtf!3KLmZj_uyf8!cg>G#s1(j
z<`+B!r@+pa({C6Ht6--q&=>3lo8U|s{g`2V0OMh&1lkS9z+C8s6)Y^SUT_zj1fvtN6L=+D
z1y{kX@Oiiwb{fh2T7%x92hN5G@C`Tx`d|_CTt&a(wXg;*f(@_^8c!l8iSn>7On^h-
z6gV9g!4mWq^l_pV<9)?j3v+mV@6>wuqRA|DR2>72G_uk;SM>Q(*>N3QORJa4kFlcfr0lF<$U4
z81+2oRu~IEhDq>Sm;sH6l!r6mTDSu4g8za(=((Blf2Lj-3vYr+@Nt*{lP59H;C8qH
z?uB*mTi6Vz--6yY&<;2Vz6&S8s9WhbOoXf8M7R|e!o6@cJPe~JW2Y}*pD+Rb31-1f
za4CEju7{t&-SDI-_y-sZqc@@-7zek*WcV%2f}T{$!xWfO&9jLx7sgDbKX5o~h9xlO
zCG-#DVR9Pd4*R4t&)^(b1$V(3_}UEg2D@jVw@rreI*f;r*_4B?!a|tfr5v0JYvBFR
zcp3dc4?F}D;LHN-6TUNtae|}nVw_;7xr`I+UQ9dT{w3&nGk(4VJ;MWV0xT+}KDY(0
zfF<`(A3ULqeG2@1DSCQ^aazWFguCE4m~}7X15+v(ADHnc{D6FZ82!Qyk5Fz4`!E;>
z?}y3oTbKpAuSUOcE8GAps+bS3{xSObD(92O=_l;G277`hJc&KQPV3P>T(W_A1V?P7
z99#`s;33#;EB5jt{e&fO0*tMuz3|jc_$|2fW$XbSfK9O5X4<=rdSM)#36tScm<6}O
z^)TfX{0+Px9)fScuG`rsY{yT+s@KU6cfN_Af`?!=oVOFZg|F7K9=~Q7kM3ezu&Q2f`{O0*!6YxwQvBu_I>OKE`wh916%>)>ljzq>m%9?M?&Kb;xo_#m%#+M9!`Pp
zz#_O8R>9~!*e~o08(=at-eg^Z9+(Rg;C`3|JN}h+!(MPb91eHGG}r|1h0!~>?*rrD
zyD%9ZfLXBf$CQV?;CeV5?uJuf6PypD-!hDH7zZDP$#5IYf`5lg;WuzSG(Mp`d=NIt
zXa057Fe2uRF(L|MBF>CHHmV|mI=SARSMJus{`hNnb3)9>6S|G+^1C~tii|7H7~J=w
zUOlC#lpn#X@K~Ptf!05{K8aTq*X3TX^-pAac{SCy`cIXMi6_J?>2T%ookmkJA0@q#
z*O#Q93C^3WFX{b`P`;A%_#>1Tu@Q4plGTVE`|vGBgmI>G
z++^%JjA`|s*8$(}e}s*XspG`rV~#nygKCKA`7rhTj2=!Bfz~)&ZMU;KG6?vHIZ-9O|AZm
zBgywrP`+~_mB8-g+d;c#-qPy7$9w?*O11DIbaab(35DIj-{B
zU?sg5>A#T9R?;rt;qid{5u`7f(&`^bdu{n~O2NIjR874Pr?&ck=6&SJj(#u>9U5)D
z>?PmKsjdEg$cg;-!?r9LFOMECX-_rvo7Uco;{>*CViZ^ta`fijVWj(nn@&9;6HlW%G^^9@E$b>}-K=9obHWV|NaZpzDb
z=X1(SCf`rwJ4576bmWtM9B0e(lF#SmdpD$gw>$Dl`@Xi@w~Bn53iyr=kvGYm@0b;~
zydC6|?;oEndYK-SFT>VL6ZsbMwc5#&FC!@5X$)rC{`c=pYv}3+qK8y5sNI%<|
z?pQaLlD?bt(a!V^Ba{H?$9mF#Azj)Tkl*1wl`j40PCqx^-Rl3C_mR_A+IeK0cG>MX
zgq$fnyPe{ab5%f28geQ~A1>o~p+k&!o5KFUOHSm-P1hrI+-m
z``h=I`=lQan0|1rqrd3I=?AwWr&neBesC}8S){k;2M?28Px@$AKSu=m*}XI4^QZ8B
zP>nz7quNQAaa)g`myy1V{zU$3g*|SgmL5|adCXnMG9r?15BUzQHvQyaM}KA99Dee!
z$a~E6YZp55iM=@dWH0(9-^sR7{KlE?e8;S@{Yx_WHmxz`^>F8N%9HUL$KMbrKN;o7
zC+&0i$yMYV$=?_#KY5lTpR~{6CwGvq>ocaG?Cj3x^pj2GyPv;7P<~PZ%hoz0cHr=n
zT^Wal=S@F(YEV9hpKSUadu#qypglhs9Zd|Topc$exzw{`gXt&VbBw3-&*3M>A;TOsPky0T
z`9c4mZ2il)JN)2?$Ps;9Vy|Qu`$~*l>J0y4JXG>|nEMtDQAkK;kapZVO?!-xyj}t}{C%~@@j+ZHT9hzYH
zS?3q$UifQR)8XTHj~fLa1MW9BWD&zU?1a%jU8luybwYrr-WZwBkel<1$MuRt--1(_2QU9su36@KN$Q_j&O;z;hyty4U4I7h?qljAk^ZO*OkhMzIF
z=Ao`z;4=sQ#r9b4m@NZ;8{BWq)`I83{l;t?c*F1g$7DbFO%-_WI($SC+;2=qfG-92
z8C*I(WR~9})ac_63>0=x>dGLwges#o<
z1IbTA`Oxe|Zas5U9bvpb2R^glGfw(UG<5TiGIzH7#iV`j8-4t%CnXvbpkIQRu-4Bj`&
zezbr;1dc=AZG*9I*$UnSUT(}~`8@~Vbv;!1S!R4oEk?5Z5b##SKf&b2S~m$?e)rao
z&jH_Cq5X@&cY({fQXFSvp0t4X-i+%~li%phlUDGN;N|)+=gt`PUvin>(0%v2b;xm2
z+W^jd>fICb9)5m#7y-Tp+^?Tgz&BRl^T4-(`;Fr=@HfEy@~{?M{PD~7Tg^OJY9l|4
z_qKt{--g|4a@ogCZmz_knA6xp_FH4a;QhcaHDg$6(?-sPDEQ^zetn38PX<59EI-Sw
zKMDRlaJl{z$C_)89IFDxashaEd2ROby{-@X5v+Ev%{Cy;Ts$+FXU5^pgN!pAxo8C+
zE91Oo#F5v6C%JLD_QJI=z8`*LNt}e!VA4<24j;ey-4D5t+?n71T3C`ZbAInfoPOK<=XdYJu+I$cH@`=K-(G=F
z0bdO6H#g>i&jk4O
z-R?iXmLks3KXZOPXTnJc{yud@XncyyRSKsRx}h{xHSN?zV3PxGeA2zA4~w@RQB*YAF$6yf+VAwr{h^We&LqBm0ns&%pP}?`cS$
z1s?<+Gh^@|mpl(X6?~}4zvuQrU~uMu!_Cc+@eDHzKDz>sf+xWJau^4n27bI5e}-Fs
z@&NJEj9)UJjXm_PX!uiz@2qv-X>$AESu=McPAmK%t`DD;$~;wv6(4VMYn0PaATby9
zw4wYQybcA8dW`#(32;1j$CvFF!l!slSZcz_I%a`4f|qN9JV$Lq9g=U6=cp&|a$}$`
z!Hw=Yss(X|;I~Ko+S(5lOa*t^daDtKZAEdh7yo+(J_nn}x7wcy%9><*d-ug}nc=rh
z%B?k$j{tuXTwV_s`+KPx+c4gm0{#s6?IxGw!t=X~k%Uj}&M(^+m_F8RP7uk{;Maru
z&95wY19-foygDD(5*~W{6qf38gYzcX$)d)gHNSnsR2H(f8;-po50tB$IX0M?mXU$
zcC>*z^Z2iKxcw
zhL1Ck&oJ6+%;R~8^FDn1=D;%Wt>7z4+Ud^Ywct|<{_}Vncnf%?c`R_SulPs#Hpsq)
z!IywP?mZUncaMcJ@ag)g|8>T6@G5Y>b8I7c2)x`HC)=)Na14bzM%-VLZCnVR1NWOJtHIv@Kh7*~>|t*L-&Udg
zZt$((<{whQ!Ot&W3GlA}^zUy9
z{2*|@e97NE>K_ZWKT=90byk9N<(O>1m<<4T=FVTS8)n{T7;{JdF6c0;t?a#u%$5AT
z(EGs8FX^i~pe4_PzYOkoP8Jc|^MQ{u%Nx(NR7wje_?FkDA%uzX9&o
zzBS-)SBSp_{AF;z_U#4#EjTWZ-2Pwc&PVw>zP|_eTZ4y#%l?ls%j39~Pv4yWgYO2%
zGUvuOuGQy)?*sR{7g!1|>^9$f^flmP!2R;K1$-j7-|@5;JO++K*KHs7Wy5%@=SldT
z67ZPG$c=N{kATlT6?|kK;_z7mpRs0~@4Ick*`{4JP<*hr5$7L3L
zQkDNa%Y&Z*?w2Pq6nO&on`dG03oFErf{z9FYkwU48{mHPED3%Qc)4*3qt9vZ3&1Ol
z!+QAKR>4P(!%p}-10TO}sK!lDE4W`jh|AQj~l?JRj9uSd=j|d`K9>)d;>WiL%Q{!=jMMW__>H*Zl1~cQH_UGa(w)FJ-8fS
zKRyn89C#PA{xjYB8^DKx`?aqLJOb`_zGwzN0^IL7-T*!b+;9HwWc_~et8sxQ=a1j<
zQ4cQj<5zwh_^IF{%>EnKPz~T0fzLBJKc67;-vs^~c)4r#FnBZge(*}yiNg1*y95)cMQrl$loB}gZNjO<(+*<^&uU##``Fs}q`xST|d>**px+YG?^AB*pxflk26x{E;6a|08r~WXS90z|Gywdec
zBYa+|;3LPW89oL0`1NB0c=yi!dE5zJ4UWq}H;=~W(5jY!0W;L
zBYbh3jJ^E^@Il~yd2Ryl4}OGM-uQe%Gx*oR{pQIA@E+iP{o4sX5ZteS)uZrvo(kpb
z!H0qS^=};bNN~UQHGoIJ2bujd_NKck5=H-qp_xg
z`;AXM_<#z09JtJ1x&DXIr3UaiaKE)k`YeRc)CxZGILN@K89tZcb#b0q?z7t*_}{><
zFX8F~KeBuQd{h_z@?Fosek{0O`3U${aKGa)1}+ZrT!-VnQEpwx`V-&-!OP`I@)UR<
zaKCw+0Y4GkZyx8skEu|;06r4jZ=Ad0hJGmcWoS#e{6@fU1oz8N3_J&p>E@Q_=jy_E
zD*^rq`0*y^eYbo|=3p^=>Koh2K1Y+h1^gKB8d*S}6Gpk$+O6ORgZu40>;Vr~;B{wW
ztpfKu=L`WK2<~_NH3|GkaKE)|4*8{K`;E^OF9x5E^5t^W4`o7V|8~s5&*bZWVWf=T
z_ptt^@*w>N!tZJ1`gZ~NePH;>&tzuZ=My1JX8AXAoH5t2jPDKf1Ah?wFxg(sjkS3U
z_pgxyQ-1O|Sc`TotZQq>C5~IC@oaP(_$u(LO>U`!O_tvez7O0l
zuf6e5K=J`*d1H@o1bFBW|Kn^5csFpr`18p9;x7a5jq(^iw|~ao*;???75Fyr2A}rH
z@tA=AUk`o_UWdXs8ueNt_xX&y`+jHRISc$one8w>D?A4LUGQ?ptIYFs@K3<~=656b
z9`F%neB*v;C3x5F<#`xo>d?=D;FsfdXnNf3hjVX=wGQtOhtK!4&xHT%BimU!9(!c)
z>4n$DTo`*O@^Ae#gO|I8k@=M4^*s1%@;H!x&_d@^t~bxS>&+a*xv;1IdLjRIko=og
zh~UPs)Pf`1DgUO>a`4wm_`2fpEdSQf*hAaOK7W?w_kd3a$6@BiH-1;B?i_sQ0^INX
zF$Db6Tm0`ECxOpJ`J5Twdac;LIpFoZ+S=!ra5b@I`xb-W2kv)%X#sDnz+1s@0{1(|
z?*X3;?stBx!zN-B{qs9+ha7-Us=&kO-yHC+sDGc?e|gO9cGtG0@c95f*tT-Vh@Tyo
zIa&iQ4r}xMT=y36?%>1C^2X;@_JR+pzxDPXjNxuQNV(J{f$G
z4-X^cT=18{r<(C)4%E*!IoCnU;Ikh-QPanGwz?L)cW?hbZUf&kul)L5kC^grXVsy6
ztA*qB$|-I?&$%ynZ)l-?M^!LuVMt`Y>(9lpjacR8L>PP=__982?Za^F7ms^+{yWAv
z|DnFj5qt*N%cxKGo1e9jbuC6L`8VXA!0TcxYiaTLX#rmW?sxpQf^Psn)GTl0br1N<
z;1`+PI@gIG#(Q<&#CZ?=O5~+jzwFB;G8^g|RsQ|1(MS2O0rKy9om+v+zxQ=9_%UW1
zcugeRApZ{7bnr91Z5ZaZVJ&>-f4zJgrMEupfTw#<#T}F8!YO_|+;uSzjyaYxxHLwgg_g<9vQ`ocDki
zz>hZhRHOgM_g?Tina?{s^#tAHX~ZP?o7ebTC1xB;eGwy!_oe{!jJ362YjQcZ#=e*Q
zJAMuD8DaYH+E>Pqf8VbW{M#m%F^p%Y>*2E&K0{0&^)m|2yx#$y10Q4Zn^k{hzCst^
znh^X_lNGT
zl5I&LmN>usTnPhZ!0W*;!|USM%DT8GF6UD}^tS;%&UN@+oaKD3!}lXr^#z_-+)I;j
zW+Bc5@HW}z-y3mcn+tB6$6SbYkpZ?4F}*m
z$p^rd;MOJn`N@E{p}b%Ia^U-XxV+|#qW_^ZN!eA9;*lmuYS7Kg8?MhgdYt
zd_3&tqZ<8K2*2l~-y0skA1XhY4|&-*=^FoaLtxRV#KQ;R(F5@K0eG?km-&$6H5vVM
zez#!{PRvF=g2UAsEd6?-pVwc8xhU7CcMLyy4KzxvPhlAk^`&RDwf_XK%~<@YC+B=w
zHwDjnuJC`xFa$gd-VbxO7$bO?(-@iaN#Ok&a6eJPmlydQ@YUaKYY&>-+E<)oi^1aw
z|9z+yaQQbw`0=}t2`Bw0C;MbOvpIOZB9`J5BCQdcEvA0o&
zO^HE1$4nSy8j(NAPs8ibGq{M?bJFzE=RU(nu4~2~ZW47p4L`qJq`@Bt
z_sc~V{PPOs^WZxxlo!}!96h`IJ&(+F7(5DI?mk`eDEQeGcpUr{94jZoxA^SDc&?iS
z-v*9l&*jE%gr&jja4gAO7t0%a&sp#jz;XDyoEL+#eR=S=(f>h`>v1x!zeOBA;C)PP
ze7+(KzP$pEf^P%&o9l6w_d6Do;JYf6PlN9UKSJQ2Zol#DDNF7*K6!9CKm543RETzP
zzxgL03w#1T+N>XQSPr2x{@`_$#vlA}aKE)A3Et1AytDpe{04zL_YD_fLr>>GUV|I=
z4I2<==(YZz1=e0Ew2ZApEKgi@`)w&wSdlSHK
z0+)Y3qNJU-tMio1R{}mC;5y!KzNNr-fcxbu1HKE~Z$9O~KL_`_{wRRg;yV9Ww58a_
zY3{k9>t#5Xf|r|bVHA<$B{{-~&^BzO>+!JE154?%5>ZmQ6Z
zrQq`KK>M|$8V!&fTLL09#i)Y=D%&B)t3|hCgyCbfLrlk>7<~Nl6$bwZ9G9O)U)5fz
zGylQ+U+-T&4n6|hS>KAea=%xS1fK&QHREG$%hQpJp9WtHeu&A9&pKwo7l7Yta{dOG
zET0G81@6~=frn;C-r(Q9F!;sbQ8T{Lz9{%j;QdT){MKC@{1$M(_9wyTfFEg=H=cc`
z!LJ7|HxFe0vgGBCNvHqdGf>`-iy4@!;NLatH@+(u22X=`H@UI*5(QrZo-nzk9*)cU
zWtagBp
z!s}4#EH{R6zRw_rbz@umFX2;cgY~S_kucuMfiDLyX#?h~HQHU{#y&pDmcS}yAv(SYa0H?>v#{iZm4;y3$$e=!NZ2E0Gw75jsF&U)D(AUl2&i&J6W8FH`-uY138(B{^4uC!L{ExGG^1)_1
zjPEy$1F!mi`JBr54d8nbzg#;dZvwYaewG=ZA3~748T?%Ek~|srBpbjdfgf#_=bo-C
zzY}~4c)9y-$*b{D;979pZn`<*!$`^N!B>M%DB))~lS<}!DaK(7_>*`YI_yk0hMap3
zxpOapIFoMi%ugO8VU$gQH-az6YjZwWDK|z7eA?jSw)a{pZoDTu-1zzs>k-3@#UJLGb%{_9C_Mhb|jp1DQtUw)o;a?nQdCJf%{!APXV6+Uhdp0kC{yvhYP`-J>?Fg
z-8{&3_E2|Ec_rdpc!z(k)`L$5_nVJ9z{i98U2}(UavTR%r%NA8c~|riEjU=M(t&wQ(G{{LE)LF2}k7d?NVuW*z!Egy*v`SPFh=_)RhW)OCn+
z)hqkc0-r7LDc2v#TfsN`@G$ru@K*43IKLP3Dd$|qy-(|zKu+fSKT94Ce(_!9=Y*_d
zGI$L9CA>E4Fn=#-9(;DeXM*WtsdGvg?=1uG-qhCq<6vow;A8Hwk%iA=_muzr0~sR^
z{s#Ciye_sw<#VeXU74@YHMqxE=%3Gi;ETZh&W&ThH-UFC>p0V$JJZ2m1oxZ2jo|CS
z{f^(2;Llg!>%p6Sco=Qk0sbg>$vu+Ff%AzdnS<)txNnBfL1rI#Z!dX0_y^#A$JjXV
z{{Y8jhMQ;OKB58q$b0?!*aTh&KFBO@>{B(fyx&^80em>h`yCTI!H0tT-RD+gv-BKr
zzcs2Jya7CBwvXom=lTaZUJAa)!hE`Hgqs6-Tz%j^GfyDS^pt;|Q{d-=4>s#Dt}`>>
zmxKGwr5t#oLi_^wcPhm1I!B0WD#VX~-wfW(Y@e}r9RvR!xL+O<;0wUZ~QPzx*UfO-Er89IQKv3-;bWxVUHfXTt8$zO{ix%
zxO47)<&@HTjB|G!aUNgdUr!P|1&%utHwO2|>+zNxujj$xhRV(4FW|MA7wcU&MpvAm-hhwanj8V&2Y!J!hVi@cli)LOssFvk9Pl&1{npdP
z;Pb%C&9N}*Z2`Xuykt*Fp0AB_{ucPGfREpCvKM@{PaSd|_Phb(3x0;DpYr4NvJFkh
z<;&n05&WJB?iBPqGoE!%L5wZ%InIn>+`G;L{{Z}8lN)_l2EG-%yUDrtBIjT&`j7*6
zK0o$@;cgq`TsQu1&kn@t`Dpn#vag}Jc;*W3w|4deudPsi47gRH{B&?pfj5G;JyL$W
zW&2iw7rz-;8BzFGs9uLR{-Ay{l8Ss)d5%WWSj6=3z4ER>?a`&=f@af>&z$>l0P4H>{fu{~$3(Gp1
z!CS${;B|4_(T3~Uh7I6*!Tsj=PVimelRf3lHM4dezI&MVUo!`S*Ms}*F--tJ9(;sZ
zhw(j@S>O{YlwSybKDgg{xEg#cxL*!7fzJf@8;9NCv%o8jL)Y))I`RqsafpCV2ls13
z47>?^n3)6P_cRmWKLG!h$&G!s6!;c!zj4ffZv?M2j;-)%gOA_2Zx49&it@)yZ?voK
z7CdtV_nYrSz%K^(+l!n89tR(8_R;w6#T@Xt;C|Qoi^1oEV`XsXy73&c1$-HJN&Adr
zr4@VwxZm--2YfsDQD%JgNWoci>Tsj3OcC)@|oo620NG7Cslkrzc()*F^Pb
z(HX~W;OByu>q8ht_Jc>kugB|Rd6@_PEvJ5XJAqs+g3mATI`rW2rGDyTbxvL5Zo?ke
z5B=v<1NhP4<=P_q(gc1e_z`$rY>V+Zhi34e;C{#42Jk-Merxki@UMgWjaT*U_+B}<
z-!WGYem1z@F*gqUI&i;Zt^s@jxZm2|1pa++zx{(|@K?e8^0xte4S2cx$}m#86MQFl
zrR#v&J8<9fl>fEHK=1+Jetnz(9tHPXS7w2a0rwlDh2RswPci2J=A*onm2+e@_zdv6
z01SP8e)(F2)
zGw(^CHvG!mlg1nI`)}~|8@D8Q6ujJ8D(fnsuJPcn%Ql@;rmkPet2p({U=w0}2;XnR
zF6PIY=s3vy>;~`mWB<>N)ZU3}N$`GVdE;6BK=2{phnU>>EW!lvW57$+H016kj^8Zs
z^T7S)_(JeU!ToZz8hjzR-?i>0@Mpm*&G7duJSJ*
z1Fr`6Tay#u0=!%w!$2wUPf&lQH93Snj6n=%O+E`VM;{Avo*HZNHpKdaPhE08><8Zf
z?zg7(z6-ek_si7?@K3;xL9AjMjNdhw0=^%7tjWJVn{XWl?l+brz;6LBH71_|2&p
zc%zpa*L?}_Cw$r+m{sJZjSGOPTXq^d2FOdd9!KaquI-%jI0QB?;aGyxiDIo(As-eiB|6
z+hOc&Wx@M^cQ?85`K&y69r$G?H-0ZkEX1=qaKB?P3_cSaSH5ojGu$~91;436`8fE(
z3gwgFub*1}nk9@X)8N4o<-f}=bG_*k1N5ey0`mYH?9Zo3_j2-Z#);+0p1IIl*x_H
zl!flYXSu-r#<(B&UaT)i$@2R5e~ix-jRF4`_~RxwzOO$Wd@hcs!6rBE=NrNQhW>Yz
zT=(C2p0E=99q^LtVq>3uJ@|OUFFDT|-!a$$o&Zmn@%b4=xqeQP`3Ikb>*~-sN4jmm
z+7}$Fo{3ApdGOnfx%?-*4h=5#v)*)%iAnckjr*zpd3g@_+u-Mxv`0NKmi5T-5*a+h
zlI{7AzNPK?(0xX~7IEJES@}I@8D}8+UHdG*OC|r1oX)LW(~a*^O@iOu@H@jseRmpu
z^1DNWZKq@MI2)M4Ui=H5eRAs=hs*kwA1waprpB%yHw)L7b&8mEWh6^(+Q|
z6x?qv8Vr
zfO^(?>Iroy=DiO6>GyhD`)`Br8)W2N&fj0UpOx5+`d)pbt^KC~1lMyR_>?oDWZr5Q
zVLv5T{<9R$_=7J1e+a(C^47v)UMGNyw>SZ6jlaj|dZpiu9>1I1W2yQ<
z+}r=5{CB`*eRC0K7WhiM4xL{b$6BJ=E^`z^oSpF7f!A)1-YJe%7I9W@#@v%*+S7<5
z=T4P7raR%c>`!g&JLQ-zF#P10Zgs~ri~6SgrLFyEC1cuL9Me4bNAG&RqiU%K_OiWV
zG4=}I^Z!0?7v
zu6mu&sS>72?b@;*4JyydxBRzY3nRe=YF4s(^JMRHlE|
zgq(PCEEb}^SNGsEQ)Yd^mf~2h2A}@9|FeTl;LE`;Fmuhn6)WTK25$wwyo9Tb9m#8#
z;Q0K)e=G-r*Mq0c@}99wBlj!e^O4N$U?V4TEc5PIZh+s+f8rWj`t|YnUEz*F8g;JO
zSNs)_(Pmb3k9opMR%6W5`r@rId`Be|UpH{a!
z>u{)(;fHwEW;d_m5%jZDyYIeq7`y-;m313qqxWE<;9YCmefJpR;C0}KnB|QU4IsQHuy0nH};_N;Pb$5HMwyOA|A!Hb%pq0@crO^?T>
zM`Lex1AH3cgOPT9jD5|W;J1TcWODxImuzSCV_56KCzo*bFiG-y@K3;_Cg(VW@!nG8
zxm%ZZ=b2vU<-^=I7|-=)A;v`boMy)0-iXZ4HpEDPJD(wZ(uje2%+CW!NVI_siuF@G%wmB=FG{>YoEX1l(`UU3`G}
zEsWpSY`^i{fmW9H?LYWXpY}QXKgdr#_;rXMI;)pEmgV+;9>?(qU!1{QKjXPw9Q+z^
zzg#B46BT$G{3>w2zGhkeShN0V?)sJozqvwuu^hkWT!DwdZ>Yed;Maru_MaSCbn|nb
z+rA`t#r}iK{`WD<8^?7Pd{zaX2cHRkkXc@RT*^5X#1Dk{7P#MB34@6LQtm_G_w?7Yv
zbin>aK-_Ps_q+6l4zzz25L*K3otg=U-xClkY4vz3um~sTXG8WQws<{cH`?M^TRDzA
z&)#1pF0ubwC2kM=2b|sy_IR{|ctqCN9O|*AgV-it{w>sFa|iK^ZQorjHrn={4q|21
z9q>k@YR4ioEgi*0FIm}+qBUr@R*O%A_OGhNiqMJx
z-g>yoZmSm0RoNd_i@Q76c<1#F_R}53t`7E+j^ZC3RXYzm89HvG^^h&T2-;tU#DgJw
zXGpflX+)O@^sEz>1;o$UkilC5Z{b4Yg`oYYE&dt=-WRmj*kZNp&aXoDW?SUt%TGi0
z9$P$Tf5#`zsn^@T2#F^H_AXnj4fJ~37K<%=g)M$&*$Zs(mSuku5}#W3){uBJXoKzy
z+ArGT525E#IkI!m=>D$<#MM1u?qJIXeG}ET2JEM+#NPt;k}A<=y$|PqgzVo|iKlEi
z9xvH)Kz7^Ds385vqr|#^{YXgsAz(L##Acb==Ysa8kk}ZsUkG7nhdb5vo@IX=6n6yd
ztwE6t+ABih;h=qQNHmexT;A^|0r9FHtWyzYe!y-Hh+p%qvwj<}|Ao{9WRCX*WR6po
z{rix3+mi3^w(K9-;`X4u$d>)ZJ0Aq?4{VVP*>BlmNyuJn%K=rnRI_qJK>UTl>)#4A
zqDKz|?MJHcCl&2R^fz=GCZ=s~suHi;_6t?w*(%kOnbYh&9mQ4lpF4^toQc^O>anOs
ztdV2(TBt{+M*K^@TwwQjqeiTg)8Kb@kKHx+Yhrkrs_LXokr^dd$i&#}-|Gl%A
z-${meqm%v9F5>T<>_@wZykYHYG)Q~mlOOSL3>w7ERt#YVaRT>
z#rvUAY9#*C(ec%+{-4h3>I>{C;yN{Eolm!~7T>fl6iuAqU5DhcD6S0JF9pRP<&a=t
z=Z&{NkSpw4RbnX);SS9l9t-AxQLGgf`AZXaP2SQKp@!JrNGJInq(BrQmk&zvF
zCC~%=z@NyMcUnE3v}OBn&{;ixZHv$4%e#X;{%ngivV*S&dwgljr4@e*DAePzD*WZn
zKdMFR8WsL`whsR{yBPlNs$%#bRTabkrm7hJy{cmP+d34(|Dc0dD;xi2sK-kkM4Np1
zfZgLAB-4ISos4>&iTAEN@r9uHIAHxCD1L1P?+S|Fb0~TZ0i8Pb7nax%u%EExBD~NN
z+hv!K5A(m;dR+BPvcE0nC{}an@rwd-oPgF>^rQ$ZdvmZt0rxUXWdRa
zdHFB5tK*sWRpKrg$SHS7pmwl*W}w0Tp19TRg_FB+r(+{3V80d!JYd;NEYa*%i9Y?i
z;^=(+*Wx*+99$XPU>jEkM~pH+pSV(bx4IP>*Uiv#v{
zOJ3@{YKb>w!5x7<56fl4Znwk_tq0X{eb_$(XW|PJmW_o2XL9Ef3s(v2LUWvmon_s{
zp+WQNPPdm@;(|V32E_MmThlDa7R$cdmRDkOdFrzj7idBI
zWm|kETX;{X&x2LsxsbeGX|yw?!9H|?z2yd5;RM6QoeuVn6YLc%elpm?P@lzEvqJWM
zTimIG4Z9Hy`C*_>DkOe~V?8Jyl?};QeUPLrmi@DkcwCl!F4*UGTfF0(r&ot=aPlyW
zo%*@cj>mBVmqnYcJ|Bfd&ayX$#LKeimS7)TdEq+ieq433Xm?zuVGlLX2a{#FWw%&j
zr!0%)cK@p+Uk3X8UXGmoOG|vL$?qlkFwo~$mcZfgBTKwP(&^Hf`6}@j3m1(tMBOFu
zySC3~&LsL%Ksr0`51a&@*#~`G6tMF_b-|74f{WAL0r~q;cjF2eXOiI4D$ljY!(Xl;
zGgSE#RC%Nw<&k#hf*s|N@IA6=DeKt)a{bSs{j^N5x-LKXbdU@Bye#L?s(@G=_@>jA
zBUG%Xowhs}6zgRGBxRFa%kb$Bbi=3Q2^YZg%0Bnna)tgZB%YTg-wfE#*lL-63a$97
zE$$E5Z`$I=Y{dyv;556>gSL1SSIHsqk}QOyw8fSe$+#9np}*VWp^*ItTl|!Tj!=bO
z!JNP~e^6|fg>YrPBPjmNHg<7buD;V5Mb$A?2v-v*w80WD%YEFXR-fB~V!x$2)>ocr
zzH_fUqyH;#%&MUHjb-EYJJu1u3W~qWDTChkSKUlG-P{{O2>UO#cqMq+Z*dt5${}OKZ`>a2U|eA9yrQ*zwf02EQY?|{%$IEGn)c9v;CZN=jc}g^YF*3EqkLp*hdKQMaW)Mg^PF_7ZH!x^5}oh
zjyXYPo4jXX=e?s)&$sQ%#Vx8nXRZ70(GOb~!tWJJO3#x2oO8tCfx1yBb>5h_1A%`8
zDNp8wOgnEDHQly5F1w+yD#pa-m?uiC!XV%
z44(eyP++(8d(Q6LihHi|e)k4XuTZT_hkGuUZTPR8kDY4;T+7IV`057(Kd}O@Sv7B2
z;ypJp?T;NAIOsd}jKG~Zhy!AonH0&sc0cZN0|6Z8F9yUWmpbK+w{HkM5U6=9Ab#Q!
zXBcbcK##P~6jPxkZO6U{F1YUxh#$!!$P?=Ki&Lp>m|$`$Pq5Dya@f6fG+OpkmiQH?
zZl`+#HlDuY!qM^U^rN7ShxYICIO}+UeS=7m4V!AegUj}Sy}F~g!?G856i-_A{%Y}9
z@C)lp7*(mj`yIt=9qiwA6n9o1gSWn@mOr?P1`L~SKMpfse}s(@EdCwE3zogEqj)O#
zOz>AV;(ZkTQH{8}+P=R=yjFb--ugvH7QJBDHA1dPUsU6q+5^k5Wk1wW{Mh;$)-}t1
zuA|szor(wQLHjN2tpvLZxlDcB5$ElvQ1ut~OMw+N;Tlt7sv}R74+UhF
zuuZVNMh@<8YmfxQF9huU@Url7jb%UD3FkRfwa>EGbP_)d4ij<>+T2Mz5wh>D6)#|y
zr4w$TQ7sPkAJvK$JB(fZDtl|KSXyQOrdDjJvKu>#kE-mCYsEtyuEp*1Bh~gJoyD(^
z8hI~WBk!vpt+Ai!EWW70^@z;Y2zfMKWUs0cGwp|})OxfrVE?H~UR7+U61Q0!(YFtS
zcB%u;oIUY#rMLvZ(I_uSWch>6wpRv3TuvotDaTt~Bj*T|embxuD1OSp?Gx!M#ASBI
z5;xhn?s_tSg$v8a8y2>L@X!IJI$n$$LEPOrMloM`Ctt6-`D%0Xwam@ei*CNQIQhEA
z$=By@zJBcHYnzj=*PMLKck=ZQCtq8gd_5-f_2U4H`8D=$I*VmBcBZrVrzc<7W}0cY
zxcS0{6Y_-(r`xPgkT2XH{>hLoKDzSd!dt97P5DBk~^7y=p?qw>2#-UH`U@~i|O>G
zZU3@XJXmEvRV#j9Wxro5KCH5HwIbEwj=(QEi_&cm7L*5?^WG7s
zmE3_?T7_LVZ0gEx`tB&4IS3Vw>Vb7}HeTF`9fhE1kx6_FI|?COsN&__*ii_{6$5(*
z*ipbHqkMTUb`(NbO>rKOHPp!)p{dqgxF-(u{x~4lPv`xEIx@e26oSzx}pl_9GsHA`u9}^zRJK?8Tcv#UuEE{41AS=uQKpe
z2ENL`R~h&!17Bs}f1H6hp2f+3!)kF8jDKO;(N6dh1O91sjIaLpRR+Gwz`r#E*qUzU}?Yz=Wmo6qsFNTYLc3wrl}cfmYSpHsRgPCs2SLm
z8m305QEH4DrzWULYKoesW~f0KepeCs)YMPp%W~n)9o?4)aYSvE;QzO(U
zHAan76VxO%MNLyP)GRee%~K0h(UJ92!_){hN{vzD)C4t2O;OX-3^hy5QS;OSRn)M4
zYM2_KMyWAsoSL8}sVQojnxST?IclC-po&hcpBkn{s8MQ+8mA_xNotCkre>&FYL1$x
z7O0|@^;5&t2sKKLQRCDEHAziT)6@(#OU+U9)B;s>X8qJKHA0P2W7Ie`K}}Lq)HF3i
z%~EsJJhea-U06RgOpQ>Z)EG5RO;D566g5rFP_xt=HBT*2#X+o}8m305QEH4DrzWUL
zYKoesW~f!*gP5o(kg
zqsFNTYLc3wrl}cfmYSpHsRgR&#`>vYYJ?i4#;9>>f|{hJsA+13nx*Ebd1`?w4rcw-
zFf~GrQe)IOH9<{MQ`9syL(Nii)I7C76?Lqi8m305QEH4DrzWULYKoesW~fZ)EG5RO;D56
z6g5rFP_xt=HBT*2#i6X98m305QEH4DrzWULYKoesW~fQu*sWEDtnxH1BDQcRUp=PN$YMxr4
ziaxBL8m305QEH4DrzWULYKoesW~fm)HpRkO;S_TG&MubQghTiwLlepSwA&QjZmZ17&T5!P?OXY
zHBHS>v(y|lPc2Zzk*uE@rbehyYK$7ECa6hjikhZos99=`nx_`1;waWn4O1i3C^bfn
zQxnuAHAPKRGt?|KN6k|URMC(1Q^V8Qu*sWEDtnxH1BDQcRUp=PN$YMxr4ih9;h4O1i3C^bfnQxnuAHAPKRGt?|K
zN6k|URB;UJr-rE!YLptI#;FNvlA5BXsTpdPnxp2a1*#ap`l(@Rgc_yBsBvn7nxv+v
zX=;X=rRJ!4YJn<_W&PAJHA0P2W7Ie`K}}Lq)HF3i%~EsJJhec@k435dKWdm7p+>1O
zYMh#&CaEcEnwp_zsX1z%TA+&KSU)vPjZmZ17&T5!P?OXYHBHS>v(y|lPc2ZzAl6R}
zQzO(UHAan76VxO%MNLyP)GRee%~K0haXjm%hN%&1lp3SPsR?S5nxdwu8ETfAqvojv
zs)(?DYM2_KMyWAsoSL8}sVQojnxST?IclC-po$Y%KQ&B^P@~isHBL=XlhhP7P0diV
z)EqTWEl|Z^)=v#nBh)B0MvYSw)Fd@UO;a<}EHy{XQwvmaBI~DysS#?F8l%Rk32Ks>
zqNb@CYL=R#=BWj$7{dCgVQPdLrN*dnYJ!@irl@IZhMJ}3sCjCEDo$ek)G#$djZ$OO
zI5j~{Qd874HABr(bJRSwKovt-KQ&B^P@~isHBL=XlhhP7P0diV)EqTWEl|ZU)=v#n
zBh)B0MvYSw)Fd@UO;a<}EHy{XQwvlvob^+~)Ce_7jZx#&1T{%bQPb26HA~G=^V9-W
zoXq;EVQPdLrN*dnYJ!@irl@IZhMJ}3sCjCEDo$bj)G#$djZ$OOI5j~{Qd874HABr(
zbJRSwKozI5erlK+p+>1OYMh#&CaEcEnwp_zsX1z%TA+#%te+aDMyOG0j2fpVs7Y#y
znx&FYL1$x7N}wr>!*gP5o(kgqsFNTYLc3wrl}cfmYSpHsRgPS
z&HAZfYJ?i4#;9>>f|{hJsA+13nx*Ebd1`?w&S3r2Ff~GrQe)IOH9<{MQ`9syL(Nii
z)I7C76=PUGHB60AqtqBRPEAmg)D$&M%}}${95qiZP{o<7pBkn{s8MQ+8mA_xNotCk
zre>&FYL1$x7N}w@>!*gP5o(kgqsFNTYLc3wrl}cfmYSpHsRgPyi}h2()Ce_7jZx#&
z1T{%bQPb26HA~G=^V9-WjAQ-OFf~GrQe)IOH9<{MQ`9syL(Nii)I7C76=$=4YM2_K
zMyWAsoSL8}sVQojnxST?IclC-po;OVpBkn{s8MQ+8mA_xNotCkre>&FYL1$x7O3JJ
z)=v#nBh)Ch`OMPKX`OY(8K;EnFPL`SRdcQjpFHTqL6PH57YywcdAc(?dh#Pdxx)GJO649SN6fQ52qcWeJ*Y17mo4XT-x|OCgeqa@$DTr4x91kx=QG~hv~Qz5DXii>N4vVOvUT|Zv~~N&d+eDWdx6JZ<*_$<>;6~+6xaQU(ANFgLR+`L=2+#g?Ne#%_BYVh
z?SF%|ZvPJ2db~peRXiTvVgYUZPKfjGRodGB1KRk>PUm00<5c-^v}e)Q{tIcJN4}l*
z(X^`usq+1351@So?M1ZpcxGt#C*Mq4{sOu4?|2o@`L%JpF_X3~-$eTYy8nr`UM~u?
zb^E(UR6K1*XwPE#WwiBpyy3CM397t~-;K7;$8_4G8Sg3Dy1rLw>-P2@tm5hVn`rC$
zU-a0!Y3usiXzTi8C#rb2vi=v^8&`t@9f`
zRr%}uPW0G~v~_-$(AMqQNn7W)VT6jO^E>)9W$XMTY3uwf8L7C=Pq)*Rt@ATEs%)K~
zw`uG8j~b=8&c}G#y1!}KqnOWkX?J4&KN_vdPb80?p=_PMIPHV
zXzTjc(7sIje^dGE@gGlH=QB+kzXs&|`y=f-+Pi75pnYFV#k+xa)p^S9#{T!5sO%Z!
zx6nR>_Jg!_{ASvEJlbgM@#u5Dil@ip^GV9q;}N|;*?K%$XzTHK?Lx(MKDW}2vpuI=
zq`1y!hPKY9Dmil0S(A8lQJHEo^0bsjrMTdya7rmfra
zna8gEj;c?u&u7!t$H%p_2eUm-(bn;81PRQc=k?+DtO
zUrbxizZ*S#smFevc3-w<3+*$Q-`U`1G_1#TdufJ<(FQtF%3Kef5?QOJmd+HiW>pPLQZqMbk_58h&
zwmyEEY3uvlwY2r|^tJD*_&jN?Vs-MZ2G+3cN8(`Rn%V
zr>)yR=zEHv#PPiBDrM{Abt`S1?|rm&zK36}{B^#^(boCR)7JT&l~DdVzbk3$_^;5`
z?fZVYGEV(zJCxo~5nxvH9B4@}W7(*7Xggt@Cl^b&BhJyh~f(uMfRm
zaeaKwr>*aA-k?2@Ls(u|${)nUer`MzNY3uvbH)-qjd-#0iuh;7-P0B8|hjvf)X9aDY&lcKOkso=t
zDzEJnZN2`jr9DIYFHrvadVUyf9sg|FSJJ1rJ|FN|7
z@jsKco-d1N>wG*xTes&q+B)7_9=kwW=XdD+s(zinb7|}2=X
z>G-p0>-II$K8fS~3)*`9c++7{h)vx0Xq&;8P;vD-ZUT_05K(evjPkG-3=KHq(F
zvGTv3?fngH&Fdd3<;!X7@!LULuh)?!rTG|5Tj%!%+B(1YdicwqG1e@^>&+Fsd@h1e2%zh;SQ2lZd7;tiOiJY)Rj9)16Hpyz4V(7%Qi-Ar3wZ!~-C
z13hosOn-em?V+vLmzvJ%H$wD$9zgq2*1wRp?*A`o>-B4=r+jsn(s=bAdmL?jex2>%
zi)hbg{h@uKwJ7d&?Fuc`Lw^<%WhZlJB>d7r=CO|I9Q$7t*Q<+^SvzUKXDU(4}%
zl(v3;w3)UZkI!lA^=in$D&9RT|0~)${#&$l{p0IO>z_hf^Ubu2^PBcDjDPqcs=T(x
z($?$g9NN14B9EP+t@HObZ9N`s9v<$l>eKy?($@9Q^w
z-ot6@_|s?~A5Z}n$-f_ofBJghK+o&e(f>kKT+|(^$`7SIp0>UoxR|#5D=_lku3pMt
z=d=2-()JFbt@C#=ZM~kSXzTW_rLFV1jrKHEofz3$#n<=i^J(ky&(hZA-=?jfm-IWl
zwEQgEx;-msU&Q+Md3dCcDnFULiFTCs2HJYP-A?;f@~KCt@;d(Wv~|2LVa0X4b7}Wu
z`PsB}`~yAjJkax(CdSkEL#t@({B5MI$A7EG-bMSnY~Q55s{Q)>Jd<{Ue5;2SJa*NQ
zs=Pj5&!ny6C28yHlaFXOG5+;Osq(#PFQTolC*P&5`y1+~{72D$EbU*?w!W^oEaX8KHrDymA^iJji;@j2d0iuT#rwN_F&d`
zpyz4t(qFfK4{cpvp8+cVEXG?vTemkuTi-8upZ9MeAI9Ujz5RCj^9XI
z$6rTV$IsE$@!LGS>+z~S-M?pO_hozEq^;w<>+w%URC&!8(bnhR9BrM?@CnLaukRPq
z*8Q15`{o`uMg_QuS%OH*MXYZ_(EM
zSw&mV-&Wds|9&TJU4PY36~CGJeTKG<*XFU$m46rq|E{P1dfHQHhleY!{T)I3CC1-JTOTiDM=1Xvb9_FQe>DyN^#1nfsIqsl{J>Gl*6kZl
zTOW@rX?LOjv$Sf<#eA4HP()bbD
z`god3dnnt#n6~ckv$Xa3-TVCUujG1u^&6w=)AL~t?LC&Npy4dVb$@Q4J(%_Xn6}Pe
ztH=L6kN+X#R6Ol}I&GcL^Jwe#-A7xuZ#!+>|GKkF+t-iw7i|Aw6BO6+kE5;Q&!nx7
z{|CNV>c5iqSoU`p?dxdAW6EEz7q`v-d7pTYLrNBb1o8))nE_2;zp{H>X!>et6}nD*5?-cuKp
z@~3F)`MTc2w|e+qkKO%36;HRnp0;l9G}?OpFZKAZqWuE5M
z_4W|jtH`(0{wD1~-%|cj+E>xmpBJe8c4>Xy=WUb7bv|d(*7<6py`AyB&(CH|QSr6E
z_xVdBxt`A(X-^22t>^EvwDo*%rLE`t`l+hC_V4-~WshO}NwoF&&7iI4
z^E%pkKJTQhufGn8t9W|9dID|DucfW$=X~0_{*APC`*+jU?ca83Y5VJ^m9~EtZGF5x
zNn0PU`)TX`b-7HH*ZrG8TlX(TTaU+P+B$znPFLmi_2@X-!3knWTbDnHw!Z(FL|e~?n`rC#{{(H_zc*>?@wcy3_380HkG3BF`Ly-%
z^9XHyePYd0<#qd(VofnZ=!u2?NN!+{!XH;=kG1FU#I`s*C_vQ(_Tq?AnhD&
zy}z-C_95gQXRGphzMV%~=l@08I{%w!>-D4CwW_?%|4p=Y{+H6$`Tw1V@20Kib7)R!
z|GU%H^LZg{J)h6KuGD`rZ9U&s($?*Hnf5X4|8Cm4KZCDV@pOB}(~i=A0d2kC^$u-)
zJomgomDlwRrLE(gOIznNPFv^iHQFbzzP+^d_?|yk#nz_4G#n%aTFE8!_Wpl`^jNuM9bd+eDWdx6LHet*pS{L1_Ntp`}YK0hAld4uokXn(wo?YoHizHqn7_hj17(AMMi5$);Z2igz+-|l};{JUz8J|CrM>;0$3g5r9;
zc#5`O5C6aZzR!R6`#NjbetkXu5p6wxYX717tL*`_b$>_D*6Z;skH2?6+PnYg-Je{*
z@;bk(J@x&c-k)6OsV_%cUoUv~7rgrk2iiaQ|J(O9{@?yS#@J8PeAMUH%W3QR+32xX
z(AM+GyZ`uqdcVrMAL6~g{=fb6@!rqBuV+5>{^Q4vp#PAolm~wDtL;-P6Cr_ms{b@ADz=
z{q+C#^P8u#KHZ*gcx>-}v-f`XK%b}dejYN;_zy83pVQXoPrhB0J@}-fx}&IG6BzqO
zK!pC%L5Qn9!`~FEDmpnYei68K&UA6Q_+qaRivx8>TjHp?z^HTZL5xAe=363M`;AUt
z9wx*Q1O6mLb?uTaZ==-757guTedSxV%d8jhB_4U--h}@wabiFOq)%X+{A`o*`GIv;
z(h|$??&?yXPVg27f4V#%YM-o;r9|Qw1Z{ZI68{fh*8yHd(Y0rG_ufge2@nzz2njKv
zg9M}_z4s=9AiY;9QUnwbP^xrMiXcszAfia`O+-Zm6%j!YL=Zp3hE)CEb7psLF5;i(
z**m-QzUR!$nX#-?f75F#R*mCkQBKPOPl?5COH>r-D|)yU#YR5<3G;<
zsu>O^&rAn=Rvky3tt=`Fs0lhNWhY6SS=||0sAowm&d79q_mp|Qf{g4
z^^oEo2+_8m1xj6$ax`rU(o=c!0Fw?eVvcu0OtYN5V8f(8UqS}+Nc9=kn#&{K^i3`L
zu8=mjhSQ}gy;X=RfV%+dMKGHoY1cv|T2`vaMp96cV*$h_Klk+=tBDj!=jz6o*_Jxi)OC#9f~q%e^<_w*xDmOhKjEtbj}
zFGUq#^>OG%Tnn`=QYxYIL@$+UY*{Hf0HcM^P$vr2ur_B(yBe_8TWAj}Einz$MgOLY
z;D|aPZIJ5lx5&%;U~KbQq6K4HrP__5U4Dl6Z+uLTs9JchR9Q-cK#yH_4S{p437^7d
zDImmRxG#VsR3x2c9-TGyTd7W?7t2bZHGc?|?WCzcOI5QIwDtsT?0--*XY+5Vmd8N#
z>)@_4eAD_eQ)4U@oNEcWAG8zU)J%Czwp7^&D7*s3eZw-1F|)!#mfGJ93gd9&%Y#E(
zpaE5?E=)~J#a@E0(g152LL8>3nbp*_RQqgD^E4QJ42vwCnbpuzjT69n5saCJMTvQ=
z;dM~uvn&<=9imo(vC(Jg`r%qS(yz2He1y!jwN+;<)DlO=M&jR{;^4B29KRB|
zbD3-*ayMHY`T+wiII;?UY7v=pW=~vZJMO4wpEvVkVm(WRe;sXg!hL2^|o@m
zdUyw5-3%W5@-^T)Z1vq)G}n=cpF$W<08Eb*nsvlhZ7}tcOTc(Lj3t6sv8g2b7>cnP
zgna-%^a;W~`4_MYw)(t-mxT+!ek7c$DENCX;I~mlZzB8m5g*}Z&VmR&g6UB7Keqay
z0F>ten9nB&yLdMUD@QfjXz~41RsmLva8{nre_bvOw`M5}M)c=&l9N8Dd
zVLn-p{yBaliKk1}3`rDpRA7O{M7ap;)g)m|BuaE1BBCofD)n`#weAD{Nw`+#G#H%WM?dGN
zMdLjA2EdwyC
z0K#@d(!&>%mN}|kU61qy2;Ui!9=@2g!BOr<9_cm+4mr8lwt8ebw;yFXG^<4>)?@|2Vtfm
z@ePu*ukFV4sR8vv5ziWHLEUcXne4{Qg#lH)tEc!2u)Ygp3Y$sm0;+vck8~S^NURow
z`j(#jYvz%FI`Vcnt*CdEC2YV&ljewTu^(J)!3HahDZ9aKx#dineqtRMc(%-k4RW^Paws^=N?AMoSh
zv&>|LOqON(>Yz$_)5}Z-s8#+=7dA8Z2GvD8J97(Y4c0T^%m?jpBB=iAGGdnEo8ffXOJ+$AP-^Kj?^NM#dO1bMb#vsykjRWBOQ7
z7e0jkU@7h^)$6Dy^8xrr|3k(zRQ3pUaGgiL1nS=pp+8uPh7qc9v?r4jqh?7Q4>Se+
zw8&4A+FGq5)YufS_zNB)6M7of>GX?G1+iShCffx5
zv4_Zno{6>0%Mm#i1wEN7;NLeghADZ}N$N)vv(F;b#8sM}5RZF3j!eTssI73lCk>@$
ze=MXR*q7;2YL-=B3N%2rb*qiEYllCsoq$;Qade=8I==jn>hZ}4464HN{xEjW0nT1zF|I?S*9T58Pis>R0zFEz^PV9hs7DwanY=c;*9uSd%FK{#SaMxA$qWu0%h>cBQn=l7sW
zxB+#E!s*<;yhg@?@3`uV2A0lDZU_}Hf@C=_GlyOE*Bp;j4TP446w;oFe!*3J`gwUD
z0P5ubpzD03rEJD}`!V$zmUCBvxdTU_-2bGYo36eenbllbFF(wfb`rxnBqkma;%l(~
z=Sxr?v;|7eNA-B3lpM{fL6iYPos%76eCk#bcb;`!5x@P*OT2D9KPbN<#3w2m&57qR~*i8f97zOo0vlU
zSKZPazUDUMaK77}Cn0p=A$9Hbkogr6UlBql9#Yw^*%_;7D9H^%=)^
zQa9S0@TfqwR@g^09GOS!rKX3u-+S)w%aYu;U2dshx^9@5UpV~G&03h`kGKUm{K&1#;Ze62habC>IsC+3%i*W)eh!bh
z=e+Pfho8C0SWAga`^>G#;c@qAFC4+)=k7c&+`{1r_bV^FgRp3tD--fy4pcNPS|&Ws
zCowXiEuZ9;S*R>U)AGnHWbC48X)+60xhSeK3z@fQS|OQ5ix-wzw0IGjg~U^XLoqp(
zZKIYxBE)#fR~@nxhL2k=K#VmG9E?%V<9w%Fo)ghsk`^OaiinqFHLMb+myTJSjzyXp
zIFCqg>XIWmuH-Q((woOz!)-&nE(uC+k?m_V=-(mtHx6qO6idd_n!~4`-ZHxFA}O+`
z36T>A!y@f|f9w}%68d*|zMC
z=)MF|iXPNOWy6pnUqtj&ACj+z@b2ovL2DIeD!s9f~i
zmHv|Ij;9`34_FHymz1p7C3E0ToIW$#V_Q=asAyPXc22F~LAt_cQjKk7jUQ4FD04-IE97Jn53NZE8
zNl==vLUe~@eK0a+o~&B}XW64-CP;QT=sA+W
zu2BOij%T1EbvBkDWpdA`mne?NSO=2tToWRH$(Ta#^+%?ybQ%3ZK^U9XuC1a{^}j8}
z7BHptDBuYEh=dY#F~`j((`aVr5V%lwA0({eQtcU~om5vzg2-B8q3kzASf#K(0clbD
zk1P;|$J29wRZ*&JaDveOhYZ5AkUalTRf>4>1X|c~^5?5kP)vQFB;si$!fJv28ug_h
ziT*w$iKsIXzZ9EDtj^dZ1LMVmG>1rZk~xu2(_r-8*sfwBMPOSWMq=X(!fu?Y7L(2z
z5+_F{5%I;yN+YEDx~#<(yhWrWs1ylvaVN3z%QPygL-FymDF)k9zQv*#MdU{vc-fx&
z86fOM8Mi}^XtfCyYC{A$O2{Dog9{Rk8oJd{er^^ZZi%aciVAT(e1@y
zC3gsiRop_wNWQ9@jl=5hBOG7DeU!tRZg~!CxwSZ~;V6T8*+JEVeb
zL`)GO9>*cCKu9*inMk1BawFA{5F&=-
zuv%eJN79)jj^4dixSZCTiv?=L*4zco0>Ddr36Y2PW)!Zg-WntY3CeBw*+XzUC=_{U
zQ%&K9>Ud|JjQkqVIRlTNJu`)ysv9sEr~Mb8`v#8aSeusyghRDob>nDDRDE-gC1S?Z
z5u!-bv|7lhlLJ#
z5*n?-+~K`I4!U=lNf1^q&cXs`LHPGVhv+`;4R5*pbQxLMy4IS~7ZkI0D(=Z=QpzCZ%z@}&V)HSjcoC&}yE
zfgcO>xPhl2AHyi#qZ+0@al14AL|omE#=wmG0}T(LK1U#83=!v$eBC1i9SAhTQm}j#
z(Qo>Y9(}dw!9d|Ez&8QgEUmGdm|CL&G&{yv-%(Xr)Yf+`XxCHX`+
zWUNBh+EMe0j)+bu?l-TPh{U%@ZR!^I$Fs#9kM4m9Yh_{!JI-~G)K@O45^>+pu|?b|
zzKCdi?QcuO6_>F)Yay3ULtA$o)F|$9Y+*ZD>x!Ie^$>hBE>=6)E&+7PnfeU*E9AMPSzrP7)$zT|CTPPG)}!
z16edAl5wzs#?i!%b4+J)7=A>`v_)XIl+i!^g5^UnTlnl30JAwmViYCmk~*hv@F#tP
zlZgx6IPV#JBJ}9~41==)QgM*dEaghXSomx>2cax{Z_iQ3;Qs2Dfh_g$<)ETuhQ=-(n4OmBdrzP11J^`Xt?S
zFbUs>2od+fVkm7`_G`Kj`(*x}5YO2o80C<*{jz3^6gdY5i>KiVbK?ydno4AJb5~Rl
zB4!U}%o(p1&Q%|3Zb41P>#;RK6MdfPJWyn8QKRt4Amy`&8jiy%+y%)#&)8n|SQ%i`
z5WUEU11sr>JUS#{8aU=M=B2?=D3k7Ln4~+rCR$45iSG#)etHY
zp)V)=z3Q72I)i8ixp8ow6Thk5~KwntTiOg6DQaDz-XBEQK|Cd6$L5xf%1t@(}Tqe
zRLdEarD{G|it40Y{s_izK1;HNG^@H)QE@&i2J^n0IJ6nqOuVHvqp4K8c6zLmAXGLa
z%9pUoL7dTAsLOyb0`{
zk>?$;87s?ddV&(89kCgBFn{7LydeRO%v%~$8XR8EXh&?us>i<%k!MJ?V>PB9;K*k9
zX+>nt8Si+_n1|=YB%Pof2y7VPTuhB)v-~dPjOAwndo3hSJ7P25ma57lUdi7DwmF2;
zj@XP%Qk@&^;m3h}6~bvpY{o9B{=wM5`fmWc8Nz8tY{p@!X7tr%l-bH)NW$UepLTp^
zd?wX}jrw6(mH<}P;5_%sSW$dn3$h$d(K5b}>Lh&d#F6ds)76k|nzm+~mZ}9tAI3)k
z8*lI&qo+Z>S7K8d3LJ{(J){{wNp+*0B^pyh-hkNcBthnrEx2(7F|W<&nX?^>5vawm
zmA+pNPwX;ce>GxlNQ^d#W+YlF>jt4!N5N&214ky+%z4C8EwBL5krK=RUV%7NyE=K^
z`jwGptHCpc_<}}`79eymin?|JXh+3;;gRZt@T4J83LdGbqvrnQRd|08Mi>%TpH8l-
zqjuEsGByW<<%Yx=qaVG`B?DV_d%Xv1Yy;zZr>Y5{V;KdECEn=w@H_6wSMmmMHvLb3%(Ms2{l}WYToUr1B*R7y#~V42S~H91dwsn
zQE#Ms$?X8)Fp)AP$0RGD?icjNgYzIpoS7@wZMHt7Cr^7GCuVjuJ%hctvY53kQz>sbdu?(6dt8?LJ2kSIOo1Di@%Eu
zI>glquwYRATdiPQxGbw;1)QDuwabv+F{uh5b;2(G2VJzTya~)pQZ=%Wy1WCPz(m2S
zfXs*%3|^P22BKsFe$sqQ)*?b8Epxc5WYV+iL2wAwGIym)ZHK4^h2WE!0!4VvyknMjY{(jlIfE?}weDkEwqVm>s|%_x_;
zj1??(t}B)C9MG$V(TW&aMI}qcVRb|P12AhP&j^xK=(JNfn{_M|z}~NXAXG3U(!wNN
zftuOCQVY6aWeu#Z4`Fgm>6F`9Do0LaegtTf|4sGs*WXf)EkrtRg0aD{(m(c%8mvTh
zxg2jlNtEIc7{`5#=^MmWnS(rZ)h3R&W3j4gVW=r*#|P^_a7
zN!G_tQ(|*>N~Bq$yIhv}HNm=ptz!n*88t-YV
zd?*MdBDdgY7vWl-ritz#TTOW1%lj!{XG1tm6Wx)v`f8Df{{`%R2&ZYHJKk1(F(+XC
ziI}3L;PCX*G|_#E-#BS?L#=t{M>oA+KR_D#-9T=
z%HaIUle^MZ(cRH7<{*ACVPr{3bfF2`ZB_X%6n+!HgJA@z+ZVkU<$hzUFOEX+8!*oM
zEWs~Exfk))-S2vsl6QcKYNm)Z({+Eg)vndvOg9PGBL>e!FHRM&5lDOvs>>j{8bP5P
zCeoWs?qXT8Wdb!udilxChMP5342UUv;b-szBJ{eH`=%_{IV6&f+0E~gnQ|fMD@lav
z*t5g&vk<|I>Rq%1YbU@D!wEEFb*npSSWZi)dmi{T;)JrwoECVq>4?sfbgE+z#E~f>
zem%18hS`p7B|ZdbS;A350(H>@y=DTu$jPan$p0
zV#yy6f5Vsc+6oiib<}HDARMfL<#!y~O3%=E!S6h{haFXXH>$57z+yf@+e()hk*l;8hHVOzCm928MO?I8OoZ8OD)JO!*$I(2ZB>7v$&#
z5MD7Po>%eYTa!|iN?D0rP9SUyC-H2G9~4ju{d_=^QsJz@t-r~T7jZ@p+8IsZTp$l>
zH+XR>|Ak3!$b;JBbwKw>EimgTtTY-AYE(Q1ghWKA`;cr;xbH!2&;{NHTAGxVK&Tr|
z@;#`ZeU8Lh`h`o@-%j>i=`Id(^vr-ji>R6q4*37gje8@y(z8DI170i
zNsmL|!##~HVOtWv5+*L`@;^L{iES*Afb8hRNLHt4JdLUSEkSvBj7S5>9LCewsI<;#
zBLf+KB9)N+iTwDMaXv4EQ6GOGx^n$M=K2`;7Yg|b;%DQq-lPP4k9Mo(u-7U?zvn~p
zEyDf!=meL?+him82?(dcNq&8ds0<}ne9W&8%3qTn&G6-)+c-;I&;z8zVbS!|8OS$9
zKad8B_$Nz->8C_ds2Le3ag>Z63}yuzKO%|tNhOYz>iBKVYJ=F`IINA7x1VX9oqqHK
zEezy2H#I1c5
z*pGdL7p+BI7F?{R9zvSufn78BfsptTRVH4De*i@xWmYUdA~^6*H;W&<@i+>!-da?B
z344=tTResB8xfd2m#~*wkyg$IC_7nDR3M(HuowQch?LUJ;0s)BIY*zz;sP{xCGDS)
zVhwGuoDV+5_m2=g-iPFugg0i(9Rfq>nM
zV#-?TAGl_IB<1xH+muxOkFuii$1U~5c5JvLyf?4`gx@BdpQi0nmgmwSfEUs2DwbM*
zN-|Tvf!Jjsk!IIH+ARx=g#ycN_%SkoFLIRr37e#ebQC|w>4Y;7+_MKbzQs|7Y;YOz
zzxtRYx(K#Ofx1z6f<*ta6z-_>c_9||2xmLM5j)9JuT2J_5WrI5glco~RAGN&rILw+
zmB_y0oiaZ;1}!^lLx9IERRiteAIfnbNDuTih(vYmn^jh
zR^?3QgexHr4ln(qGa!G(QcnSAYnKOBg>bfZVgst1J+jCgt{Z0mY^j8$_(Tqodf=xY
zo#@h3PlvYOvG!cb5;Z6j6M(%!xNba*|7EG3Q$3Td1h&q|C(?t1UBb#6z^zCo(lUwt
zsFhPME^h~|^qUKiox7Im8igGsBzF}*lCmO7FQ1NT{l`+cd{WCa=I)Tnb@aK07A{cRPPXVD4ND2E`Fw4pcrhFioZa0P34~G^b
zbFxMBD3DYhA8fO0L9?WdB^9{+f=*{Y@Ka$NoqfLBCNcX}
z6&Si#+w=yQfo3Qy^+fIwT*dm{oOBr0vsb79O$f=7dB7}1Z0eV6kj%Q7y-5Ww4b{3E
zf!X=Lbhpmd4Z7ckFQ+L~$>HFQ_BD$jgYVcXu{OY05x>I6^j#^DOru%vVVMORVB~f%
z4jC5PP7|<9a^@HaX8>L{giIQC+iFsA5bgntZtjRA!#G
z)m-!ixf`@&|E7vyRx9T6RP?7uf{ZlfDwcerx+TTkTjXxkJnTz=jxk
zUUIZ=+G;Z%JJ~lr9oVZzUgLLcb@w^lz~no?HW_(dlC-PYWpHmZM6wluVLQm}h3g;gyZP^ioyJ8I2qnk46ex!ADT
zb!_8fLT?Q7@U6gh8=PN(x9y0)-K?m}FA)D7Vcct}c16m$FOi)ik%8pwmiPnMKL)4q
z)x*Dv4D`fi(s(>2=fk1pdHiJ(FQwS;J1Tdo9(rUIulI-
z>e(Y*j0`+l1M>}JMNR@?jv?{brIR~{g*puM+&tEUu*;A_84GsABf9-dWZ=&cP<0ZF
zi-vUzw|GfEdS%AG;iw*;fOQ*;e|#1OJ?vVy??eXN!(P#HwS*CHXd~zhF-b)QPCxCn
z=PDr7ClZgQnncb_J1#0P>uay7x`NRE0TTHsZ5dEg&^owilR%h5B(5{Q-PueE1k|A@
zulcVBVXM)kN#v)rBjKmSwnf%-0)(>fTV6zD4lz50u;SGnc2b8FS2TEX@4bCEZrG!Z%f`P`p@fZlgnQ#&hnY^50PY(tr
z9LF0hAP7tYbV`{t(ZY~Nei6w`pri&-H|@kwEOzSDl42pE
zSNf2oGm*g07*VnqZ3s=EC3oAF@wIUuNy>*6GCPM<1+fJ6KDeiGd`HsHkz!tFu^ky-
zfw+wlA(%_5o*!#Y0J(B;c-;NnsY%I#G+j#Cf$686B2_LdGLM3)$G|H`T+XnD^GS88
zB$nV1-3&)tAC~+j-lVHJpaL7V(y)L)Duw_b>2rjJ@j^cdElgHJ
z#5Hr{9Li$VBNy<~wg-%T2(%`&T3U50HvBXxu^xBs-;bcTW7VZk8?3r)#$&56
z?-AUB3q)FokHBFibOq+Gx|A7?VIu|6g?vb+5$>0O
zUsxOH^)PWsm;bQ}cB>NJ1w(dpVkE0mG^=1W+TpchM3*B{DKdvy1Lpt6_$bO(G7-%IP8@puam5!g>UP>@XVk7wX13^9f2%FEStSV(rBgX{8Z
zFl5L6BCWgdOr6RssPj)uz4}IJij2-!5TJIjur1obVLYgX+QFnwxQIf0HXPPyDwy96
zuEk>ll^@Y1d`M0v+;0b!T48$#BBX2pLd$ScF7JJkgS02M53r#=uG>OOYMWVJw|3yB
zBWC~$%zaIA**O!s#R-SZRA_5`=*Slv5xo;Uy=gXkL{7F$>iZ2LU*g5+SU7`XXhpTe
z_;@OQ-f3uMC1$I08!Yh=#D2jc=Ti1#?qlpJF(oUp{PR`-0!e-Fr3JEF%#+ukr=j}}
zWKxgJw!|Y&|L9U3@jP%g676nWjzzce8H9WwPJa{&h@-SQLmLjA0&`;MA<}svxfr5ztj46z85xlRHFom8&bZj1N?+A7Pk_*xWZxszF*Ha!
zlM)?VB-0q}yswrm(u^0t8W&`*VD|LsB=$HDrFm}DCd{ZRdYM{JV6j^nnE>Y+86MrY?UH50pPNkMD}Jj&zn6fk;5
zWd}+MiUWDvM?D4fX+`Iv+7GLff+qmCHxxP(F+ZO`hNmRcJ6_2dWQ3b)d<(5{EC{a<
zoy;Yfo?M+ue_x%(iV1040eAyZxW1W^RGzd*sh+{~oHBL<_{nfJN#ulfBBUy{T-*C+
z;D3d4QjX7u9^7y%U{_T%T6ZE2oenoCzSU4C3(SBsg(@-BLmaYylQ;3SQLi4R-OZfu
zqMO$5=FTE*xOoVv0-TSydI_0b^R(A|I6?j-G^U}-6wVFs%52OG4l`-`Is_(02#yz0ztJb
ztHdKxoJaIEACkuiZ_IcD%Q`a=Jx4-!G!B-PUxXAivaAkc(4>JqYVdCu|M4gic*0VV
z!V=YiH8S{l!UwiR2A<9oWeyY(evGcpkMV6AztBB%7V&|q*pEQ<&BIG{&e2BxkOi2gdZ3rXXlPVe}muC@wk+5Gw
z7}k2vMF6{vc&D?6@vEtxuw$vpo6!`L02VQXd(e=X6=A6@Xu+}?7!AW%o*I0f`jd~4
zPG^9F48g)vq25NPa~f-@=P!UY5scTvSvOroI#cjT2+g?80AwBGKPYEa!H^#k+SOl;h0oS$TgCzu_J`J2-lwqN3r
z7J#{g*t+ssV(f4RTB_;}=-!O@eLf~hr?5vfg}Ub~b#;{`s54n-5PjK@s7Hxlr8Xdq
zw$z!eSku1;Fd7|}Q;;O%)o{NIn2HoVX>ueueeFaV@1;XLEsal2&-@>v9z{$!Bb}eJstIRp
z_4E>yvoXNdhEOy_zz3=6ZD83S;Alf24LWJ9=8CNvke~KdFjg2AsmaX3x2dxR!P*YS
zQN#KL745Mqlj(~)>MPtYwR!
z3&s+|Vl{f;$A+dXSf!vAA-99Dmq_Kv&iZCD&@MvvO1&AR->D@Mmks|
zYyUp>up(NXz|Yr&bKW%mBkUG!Y5CuP-6EXrX4BS52a96Irh0kL-V4)h93D~s>_6QGu57<_N^Ug>oe?VP*9}VXi;!hJsW#|5_w@x}01L{r8^yDu9
z{|O^V8UO@;Q{L$qP-+zfbM(gRa5y{@(o(L|E1*&^=b+6`vJ9|_gzKiqQ~dsR$qu-Y
z>8+2>@PKj$N+!v!VD|U5=}fT)(-~lw>k|^05>O{*;&T~b%GdC-ltd^2uN<`X(ZN18
zCmr{kEdck26KGqbvnHUHjPcSv1N<^^LdIauj)2;Wg$YjRAK+1a!V==Gjn3hKT7YL!
zDy7T^LJ=bA7DZo%cRmlOSI~D@NiARvd?kA8qw{S*ZQN#Q`EJ1agydJFhdNgSYBE|L
z%fAF{ijfbNApQ5Ce-_HV1o3bCvR+*=!NrcP<{<0?_=zFZ;L2Q1DWnBe(J{#V_W=KA
z2)eeJP$H;kkyqM%@eqzf+evGf^ahMwJE&ssQ~3cF@d<)AMmp_+YL7yTtA_YG2IGy9
z*^dX#R`-UTj(`UEu;l*3Ip9r<&Kp5h_(|+xp>8!9toh+g&WdKP394O>c{<+*>p(bD
z50SJh)7c$VcfR(9DcT70TR1Z`mgRg0~c*4s{
z$3UnaM&e@OPPh!IS5WHCJE)bX!02LFbZ^kh?@mLdddGk;9N=i5Ab1C#(^07=GrS4J
zo4|NBrf+JzgU{)uRBA$3hbZ5$uI^q3lJisLoht
zv}%LV&}WI@+B(20T2Vjb2G$wzJwq66%FOWBP6EFkJzS;_$
zzYZ$>N0nXwNxiWP#c5>+%YK5%@k!7whEqwk2zI)FMqNEZ6&Q+q-3B8|f3MU!ZO#C%
zat5Eqwqd71g!%$=bSocd#lxr~NV_JTCnMC-&p@aRuvs{PcTHx$8mO19+l|#5_>gdp
z-L3|*Eo5MZ@JQ1^SR6*;oC)5bn!TM2Y|W1xZvtbFVUfiIZ&1xXLozcFfM0&CBr+ax!y{DFA-bzsc|a%}P6|GQhuiG^?7%Nq
zkV;j64IUtLK}XI0vK?5Q7uq`k?E3)W`cfn_J3>vm0m4{-uRK6_w;w8M0X}Gr$(OYZ
z;Q9v$^DxiNzSs^-?gqjEfG5KUk}M#C8CRiZO@vy6dzy6>jN69AlS=)B$*fHgYS3lm
zCM)I~sW^0BVU~6~S0P>aLU=W*?=oQ24rggy%sLyPzHz~73r62?7VApjRe)Z0vF_-v
z!R8;roZm^+Di1^!fxa3CFa6SmUi#I!;Z@&UUEq7mzDzw;8QuRAFi!b&y7(9UVNXb(
z;=WaN@)&&MWKm!Iw7?=p#+I5`z=`bY{_rfuR@qfVPLCxTy69#LUo2UoEHoEc3_har
zIIJdgTjq(f##gB7G$m~ethK>;j+}=k50U#+I@%o19R>k^jyP>-?BW-QBPVBYx94xX
zL>^Wr(lkXb0&jVUOY@A#i5YxP9x-IVKoNONy--e5fvbxwty(
z0Q&$(&0gqsR3)!S`oya)Wt$IBIb#|^&4-|z@YU$Y98>i*>!wN;70%yiBN;j8LI93{
z=Lh2nwiH?_9-O=nOBMeO7jcNsg~QswxnXFUTKOAtlY!_8J|wpjZX5yFPPrEmQnmo0
zLpaHI2vs2^1ANR|6?1+<#tZeo0f-zzpJD_v+oC5zqj3mzt1rcL2=Bll4^vv7;wC8!>nX4wNw)&l*~fJ?x1?qVU(Yq{Ba_bqV_y#yOQ*z*NjPMILbIDg2l;wd
zgJ*m_#1*O4sJ!s?+y~_QddLR8ujl9rOMC$A3=Ww=+4ucB#PZL7!8xyFQ>5|rEPzbv
z<~5dh1iqepc;NDVJ;$*So!Qq@au|jf&(}i<8DCEU0LIrt7sl5^7sl7~Y$o|1S>E&Y
z^Z=04_w~$lg;;`!cX3#y$?&8^5=Z#Ho}W5c;vgc9`Wz2grJ`Pj2MDoOeMD9zYxusN
z0w3cZMmnwMU;rFC1?Kp^o?M9beLay-V|+c2Z-glUR>4t=WE--fJzviv*wpv+oPR_!
zdV$qH#PobUWPRV)a~bEvn2lpzi0S!yD0$!4({-2>t&reOu=W#^Y-4;qm*7Sx`EPLi
z;G^Nbo<*Cqg8P7NtQ>j@JYUa0SV{;@n$|9CB*X1oX1))3R{AB9m8zkl@Ff|@~s--7i$
zG08Tje-r^q@^^3qU;}MA-l^jILTCJ=6{G;p>r;eA}=NkK&*b$m3ue?(%&K{@CE
zxVNFuSy=z@yT-X57Hgaa!aSmrxg^v5u8|ipr14$AJBY&d%@or$qE=}&UjY9uT#e}(
zb@pj{-vVx<1!qdibd7F*;u}}M@)FMJ=qB~zOL&G_9`QD|##95;5J#Zge#{MNgk>I&
zp5a}HDx13y)unK#p6adZ=($V(dhr2w>1^oyx4ZP!QJ8k|o!z)gDeAx6rOSYY+@*9C
za+k(+!Tv`iatDXij>b*nF8!*mC9;B?go7d3lW^lMor<*ySpr~1LwF{n0PfQ7F|}w0
ztgXQZGw!=fFFs<4fxwRT{=3}bnT!CiWl7B=q#%#JleF0kapGG*L%mmbFUZCMDkQa)AJ
zk9LQ`U3#xLR%?+{t1$>Id{W3=Iu|cnQd6>?0XCR$HokF}-k~Zq?$Q@=6J*jtFqdXx
zd+ySe%=X=-L+4wX^bwe!5nETD?=G!{mm{nn5P!qRBrC~?AOZnbT?ou94oPLn0_xeXP9>Gg`Yntcg
zq;j&qlZwJ8lx05I0Q2z)S({JDw0uJ5;}dEGd{W9kp|Vt_#9&|JEx>
z1ehx8c#QuzxWu}f`|eU_oe)P!c`4vke2(OD8F%TtfYhYcAape(E}Ld`Vk&Wh$P>~&o*Ln_b~2K6=K6(`e|KFk{7`Ik=UF!
z<1YOzRVOJW9upM~tYMsXX9rPv8j4>ri{CEcSr>8(uo`JwM`N^grDOi
zLJ4@~@ZF`2X`j+%fWL+le0OQ=YdUi>Y9j7`I5MT{yGvWQ)LD`lz$*|Zl#p?kmdNfY
zY5_tUUy;x_+@*bPc}fNY8{sPnxl6~Fk=g)rfXxrdukM6tGu)*&S9$X91KUP8o71>U
zUq-#i&k+9&VQf5ISH8Qn3O*t!Zveb&2xqu5ms1LGmyWy->%~sOqY{qH8khig>B#^z
zlmuAW5VQv0U0P=c^3Vcc8=oMIyEJ+`umOl4YB1kjx}}0QP)rB3*oP$zK)SsdcWIM0
z9&;;LN5Yw$72_^#^no{&eGk@e;Y>Y5`tH(-b3JDCWIQ+H&_(CeLqo1{mzKi<8x5qg
zBB*u3=plFM3)l$7q)s3V3?p%|a3}QKrQKs;^a)_hGAz2wgxsa^EnxIj0N4A3kh^r#
zLT>_b448J8@|3{1OVi=Nd(hn&N0b``k62@Ix=S5&M5&v2U^WCKbsRGv_
zexHv?HgBkYjJve!Hgxz?p#A)xRNr0t;wVt9sdxy$q07r!=|>oM=?{MaECfd7f3vg?
zz_?2*7KXwWpmhkNhTNqWTS3tPQ|Xfs#m_i*_5VOq8e~ch{vX+(Z5@W
zEZNvCNPb6z4LN+$9l+sJ?i3E&yGuFj;O^qEqkGm1?{V14&5c|}mh9wKeDsl}o{B%s*R8$lHeUENhuzP8j&&u6mhIH4i0?7?dsAM)-jFfr
zLAnv9ucGO5`azsp=>zVe#S76ngB
ze1*K>OIP_YuF?OZsy(+FBEAY1E`dy!sXYgq4Ad!om9_R$*fpb02a^elt=+8*68qLm
ztagoPU}yD}s6C<_uFm;atII&kcUp_p@wWxQzQ?|%Lz0v1cy1uzAA+jQAxwafhb6N1
zlZg3I3ydGWL@vO)LF$UW{&dt*`F#|wuj*^zES2j%Mpk~(*QI6c&&T5OXFq4xF5>Ec
z{?&q-xVr9N4Rw&0UxMYy$g=jX!?^m@%XLT8olt+`dt8vGY<2vF6x|A{=+j=t7n82L
zLABrVtT{Ll5q}3&RJs&1RejlD)d{x!Ex|ADNw!RXzf2#y$z`vSQ9almB
z>Jn**Q01rv=>-D)Z^K5lLp3Mwif)CvkIDWQ7OeLa8JHjE)B%(C6{Y^i?ziOqMGv9Q
zcx^lRK+$r=(JbrK!Cpl~;=ifRLmMJb-m}nSJbAgA088DAr&03ceMm`oZ*9>csqe}A
zayy*cz{r6hU99~Y@7+T^dAz>rzqQp3G8sM5HpvUxZ8q**d(f$badg+jtXJLx$pU7L
zC*{5u)Y%Ov5z*;BB&QSZdqK;gZN7>KDJy|cH=N`u6C+ujqH%QB#9m0s!(&8RLgp}UK2F7WLwRXrAmiwMt7RrfH)Yy5x~c5t
z>D@+hbk9SJT!#pDbdwB^;BO$N@F+@3=ZY*O`C7kX40R%-aehRiiU+=mDqe}nL#T?I
zufoN5Q1Sx~>l!KYtGIszpgV{TK#U=IlW@O^k2i;VoRX8NAQTBF`Ht?%t3jv=tbvc~
zYHmr*4vy~b7>i^#VC?9oV(FB)F$sq(Q0UxPWQ4lMEbvVCAg)MV`VZvMJuUbk=GPJPT$d;`vTk`h?tMVia=2$DUrkx
zzN7nCV@s?@#QQ$SLsqHZPfGD2Vo&&pj3aCKj_&@sERlyHuW8OFF&Rk&B1yq#Pl3_WPRV!{pn!IjOW1`8)ABn
zJWAeoEwJ7uCfUX~@;3jjp?PPGs!Z(H?IR`CseS}
zfF~1$E1fCEn|C-v=WZGB_2FuaH}9A7+USRYe;&>;-n{E^mbeV;SHd|RZdW`Pq@Ko(
zZmP*pH*u&EQtPaf?C5T`Fw{TZgtE*VK`Nr}`2C~S`b_=)&|5x-k9Y`AqW7
zSl;U&0|1!*@g62eYY?#whxH3tlaxr}nEr8jBeo(T;-t?p{evErenjkVJ|gc>GxGaK
zjuX&=h9=$lG(h_)Fvss7>4<)4|2Q&;MtIx?aWp2`AT$|AH;vYQ|M+x|W()%Bxe(Lq
zAJ1j#AI-6-O^k&&mWG&K|HzI~`28d2KHNZ%;32R+CMMa&^pDbewfsdO*L^g+e{5B_
z`$9o*0p5he;VJMof@}-o^P>>V2c)=bVIYhp
zI+;r{-R~Ml2WXA+0k0qm*Eds4*O-W2z=iB^Qx
z9gRb$qnlLcn|KCT9&xuX?!bUb<6uWObqmeo5jMOFQDt)%qPi3g)lma3AxAfvJLKr@irJ0j%!jCPbd#l|vkp|V?#JA+|m6<4hS9s<9Ha$OALgDX8VrrKWclV_rTmrY+ZT2qx<8$
z(0vT?r+rM4&XA+~y{h;g3RU{=i2mD2SQ)S$2cx!O
zg*&=Gt_DI|fPD>t)o^Dvj_%1Lk;YgsW<7*u9NjchWO8&*!|a-(wn1i(FBfuj)3BqT
zWBJ}rj&2@LoR*NO7ehN#$kBaao#&vYah)8}SKQn@`BJd_v~q6KVu}
zlI)*QSt?UvSkW?$?kR8)lZ8T#?y?1u&rwV85nLSB^Jp|7NB0|p&<^J#eua<82}CfC
zZr$$*HID9<_y~#o6ftLw44rv`;f`(svDiQ3O~8A>)1#oiJHUa4FfT-aqkGenluLlG83Jk0NozHD
zFL=@ru-1XG)38WQW)>XXXS0KK0*vns>oO|ZWBHEm`=udx3k-XiS7P1GeMfiHMtpdZ
zlqUl(=yN2O%Q(8%1n~4lr0O6vG9)gWadcn&)g$!)VUQtFo;(*e-V1*0EVN7n__`sO
z3h-EXFSrvngUj_`Y&9%aV;tS}mf_Q8RO2T=_?k#7kiC$jo9>PwNB5RV7L%k{j;!F&
zP0%>Hsb_^8-81fBiUg9(z)xvnvu@+){xuRGoI#SZ39u&#=LT&Y-5a}FTE0K9Ax7Rf
zy01|s8AtcWd+>=YkmMWqSw?KuW*pr<os?Gk(XXM2USAKgWs9c{7ggB|mxEegbxb
zaMorV-L=Mg@=+@=nZV)6`;P7yEaGz6ivTMT!hJ_~=^S3!8USk+!hJ{gh*+wFifL9LR(S3~KKf}*A;RN5&
z-4ZMNlsWl3e*Pv-$QZt(`(}0gBUR!guEg{dN2Y{~qq}~JSAa?&)F6^>QT}_uOR?>P
zm9zua#a9w?bk`{0W#k25;|SOCt2<%Z3`h4b=$kD62C!v>vpJ2Udqq`ba4X^u__AJI
z`Ht@Iu!Jv91H5Di8@Mu;Qwnf&-)sa8cK`;kMyAc6YnushbdSajUgic^z!08mw5|HjdMW(%~pMtlc@`Ht?Z5#B)Y9H5ClEV+Mi4veGwMlU^z$)#Xz3}LJp1bm!gU4SIiq6}8$gI;S2Qa*d<=8!XxLsFn}Z;$ifVqx-8b
zJW_oS+Jup~Shy2nV5awiOJliB4gh1MVbKjFs!Q&F?$9k90?LZeVFXE{vnQ
z%pZ^~hxoca7Md`G9Nin>bFkWj(bZ>#9No1a1vUclV?vnk=&p?Y)Ye?Yuk|s>br7l_
z04?^oT(C&s)Np;B4o$v-`t+8v->T&39!D;gkFWVYN_g0Mh
zRwdBthEauiFZlD;P|+S>uW*9z=sqz;w;O9L@K?e)#?hT8&AXMa1YvU+iLD}xqkA%$
z^b;^n85UVAu0Ks>3FDn8K+W{VWfZ#j2-N~nq8bU>5FxrQ+!X4df
zn?cuLFvf?oSeJ2h(^Jv|j_wNJlcW3W6EMvITpYu}ZW6lCZW3Jr_K=vB8U4>QX+g#L
z0aLoFweg5wbzEKi6dI53vPw9`*#8iVwMXNBD1mAgsmosn2LD43K)(NhmUevq!?dna
zE9eP@$U>0Fiqx
zc>_%1yXWX%kQw*fizDDIL#AuukhLkTmN*N!=SYu3;KSW>Gp=FH6zIe-aY>i|;hsxu
zh<6$dn`Cv0#ywa3J$!rf|494p_$rF-{h8f+xtp7t#!W~eBqSja5CQ=qflva35D1-1
zuK_`Nm)?7kB49x*6a}$?s30PWfQSVY6j4DzY*@g81rYJ~oHM&~6JGUwKi}UU+va)B
znVBa2
zHp#olU4q;%q-+!gM4^{F(}B_+az3aji^Et-DF5S_Oe9=8A(9+YjObu@pw?ixE1`lR
zjCTj(o8az1cf(KK9q29!RtiqR-GNrzp{n6Ya9xDM*hvP+hv$4!y8|gt$)Du<)DGbA0~^*KZs|9wFG-9cahbFzgLrAyCbd
z@>o!OgJ)SRUQPy-p<((LhTxrXI0UYHAY5ow#i)pO2RgMMpEmA#fu3l0pw7sV^(mP|
zed39mb_a^qUgJLnJ=kx!P9qI|2j)Q#*>6emvIGgc15H_hr3(sJBh68^D*yDtU
z<4Mf|(bhp!Hl>RIo&=z+gRW0Em?=-e^^>58vvm+<`{33==XYX?oJejA;6ibz0O+lQ
z`W%H*3f!wZm?XN;TL%q32|_b~ZEqqtTL<+#0m49lqe>I>)N|H(Mf%y@!*<5<-AhWzw+AagTs#c*R(lJbD>!6U4Qjs=-
zxizS*X(}o-Y#sDj1G~Bk
zy>(DZkyLV(o(D$Z4Q?G&4pZq=XBl}x?DhQ!7`6`j?Xn%s-h@#QgIfm;uVP1PGGS!w
z;MPHVp0G3H+Mt}Xb?6~W4#BO1R5}o8*pBbwrnfl)nSQSxurl+XrXspfmg7q_++V
zU1BTuV9XwiLj|gYoU?V%ssoVITL)#FSM8!=boSfpSn$TMZ{dfagrB2H0KsFqux3wbH5=z0``T*l@4d?
zpz7-l4$z;#%c99ru_lfRKIIvqw+`z0gRJ=^#oHbO#t+x(Zi4S8avOT~Y
z^^dxpt%JN}lT
z3)Zh-2;?gjZ?>J@I_Rl2Ad~}`q6sB5VC$gDuc0554X~vqkOt+C-a4p8Rj_1VP=;z+
zb}%H^I%rfccr**(%2EWSM{gZ;+QPIp2zyGCsIk6j>!2m=@l#%~KK~o08ml>52R%T=
z;woq%FFH1$psB`PZyhwgB4UsXMm2|}8hD=Fr>%oJokee$-xKv=eITowg3@RU5D0gCt}3qB!B;93u4AL05uoY#sFW
zF-4Lsz$_xRirXT*e@I&g-Rrlt4FWb?YvZYR6I%!U-U8o{!C5ZAX&K>4o_-lcTL)!+
zYJWiWD6l6q{tsIRy?LJ^$@jqgNVE0UL8}_uIDI~FRpWZ=pg1o=67doWJ`PnfD0PEd
z2MziLZzck3pmC}vgIfn(#Q$X51M61`mrUYGMcO*(sYpA$r+_uT6jMzq($+!03Oi9B
z0%4mbQ9iLrpNF_#y$g*Eq9G50a7>f9?o!_2uc&<=v^8A-;ff}41^wvSE-m#+=0M^gJRrRPy*gB}_qN?!Z
z6cBi|nQK!OYG>=9X8X{UqNqIt(l*jmg5+!+bSpll=8|&|gkwbFKy!ntw+?EKWm%5w
z1rRQ4O^W1f9TbiC(pgj3%XsMuM@dc2)~N(m2;wJSU|{*gD8ni1d90{Qw+F36r?W)LREVHpdXRfRJ07q%=8O
z2hBW)w|zk9Uz)_4GTv*5(To{qgdYJ~fu76+!?-gHb762;K_W4ukm1DaEV&VDVCzS1>VOvQpDqYx1-h+uEpywxe
z52m8CaCs9m;?&p#r*2%?7+_`W%qH6xNZ&H_;wn5e1AcbF76Euc`7iS2Rm628RdxLt
z>LEQ-z1SrQ&gl*$>CWDMsS~!osp079Ej_<|jJ^QiPMZ8ADJ#ca$2PJubsb#Dg>3&Pni22f6g-pxIH@ID^Q#$X)H)G(vg`upICL{4Rqa`fw;SD0sZ|bi)b>@zVj-
za$xlWpxU)*n)JN(qf*fdczcH<6g*dY!T^(sA%Mm^uu`Emb-GJNv2A(EmNTY{!kOW}
z%}`rrT|#}Lx6GGv7*4Ta-q65vql
zeX~r!#9xeKjRTi7G4{>sc2=o)68KJsW1ATJX1$7T0;zZl#|I8v(!|&|i%n6zgZ
z6Y;T4let(SXmU
zKWKvRZuK;|fHEwb!>JVxqdDc`X^idgOne_$UpS9)Ak`gjN2HkcSOoV@k5f}P#84{F
zdWsgH{L6dbvQf(gNJJ67_Pllv`MDe50Zr&hgyHP*WseU%PI(I0_Zm+{WJ>t1g7}AL
z$1L*eH6%O^4!z{iDNTQQs?LX3DZsKcPC-$mWs?0frRO9@{<091?wUpcDn$#Co*{q0
zZ8RveG>yZ>UUpxH6!2n8w&mq1O!t7Y(V?ks_w*aNU{sTyneQRflYaRU7_U1l$yQRV
zOzEkxT-vPjU|iHJHWjy`-iFds4Q~&!F3(|PYaGf76fO}{kPZ*0#&PeR`}5wG(la+3
zUmSuc>*LgfBnFf5V@}lpd74cg)*5-GNP2E-fX@nvJQ$}Dn#|L6-uBY-({O{chg=Bk
zPL0P<&FNiJhdVAj67Y7Ho-Di-MjZJpPJ1+&d-~pD?BLVT#@_?>k;Y?w4#dz9qcghx90M}JoY*J8ns^LjCRo0M?gYcpz(VbKt(A181t({xwT?cO!Z2NwT
zodBPK_)}>y_Mi+in;D+4nds7c-a!7xQ6m5I7{a^4@ce<^6{mG|5VAFiLZC(?-Y2oo
zJqin@gX{=GZ%vxPCZL_My_0Pd5U6w?Fg#t?+Ob;<*ZZ^>$BsQHQxX4M@P2~5&<7!y
zPlNHC!xAQq7rfYKy~g*p=f{A3L^u^n$)5Ab!<%4wT4H^Oqj4F88;+8aq$JbRw4B
zsk8`$)i-HkQa{u4-AOx4PlB-fCQUS`@XiJ4DFg!*zB~@XnVU2*X`$(Pf3`jH_zeV!
zO0GogbicB>(~IP_V_pDsd7wG-7~V06tXeZP205LpsH*k2`z8JDYNK!5plnU9HtAi{
zs&(V&byw*hgDg=s*WU_=l~M}}f>j$wO~5SHBseUh0L-I=qB}_(5kr}|YPQlF&jQV&
zhG2SEZUemCkr4c==&CI}u6qnYg7OGX#|U0RIWCE&SE?3yo=i8`8~HV$iyEFXXw+?@
zYJ1Q5NU7j5h>{P7lD7J_;Bkd;QA3d2>k?iJ^uOzCcoYM_ra0j%xKI~riVs4mrzZU8
z*OY|-hzb@XswC^pI~MQ7sg?@sVxTe#~eQgotz{+(h6mkpm^h^HrK(zMRi~1
zBd=0|znpm%YFfTAOA7x1cb#wHHV_U&aTqJf+m=TNI_N(2Ei}%A^AZPA?Yt5_!=Vz4;+Bg=9ke8a_->jRkcQ4&yY%Mj-=@Q8}0agX=vGB0poe2^KCwhZ*CW
zVFeJ-^BVq|;Kh=@I0+qRyq$;&P-7Pf6RxUo;1@SSyN0yFYDe;dIQ-W#bVm3NOw`op
zf?c0DB87m^*+!38Lqq~Ahr_tc{xh<`I30~?P`K805P2gA-)S6q0;Ld8K*O#P6gie&
zW%S)*h#`Q+YuFov*BS>9wnc#MEd@(fF=jr37S#@~0y&_{B_fPoJPZxQOogzEB9uUz
zvxQQ`CM;-Fea9NJb;v)BiE9m`(
zqDMOSUPY|-E(U=(lt5e82Ef=C__6zuZwlbvhA{T40%NJt^H66Yis3xMfn*i(OyO0e
zXCanr=K#A?<5X+fI0ilsV&t_E*fXVYr9=fFOM0qaKmc9`Mc2dU}6>6+mD=
zYn;umLXm@QnDJK-4{~-a4vv5%`I13xAw5smHAHm~8fp?ng_)v)Nw#P$J+mLc*O4If
zc1S9*>fViBVQ5Dg{W;~fgxArYg$B@J-GX&`xXc54g(IQ9G^tP#^>=75={d9v^&hZj
zHBJ)t=P03DK*AJ3=O<82y#dDin#Fe1?)t{IB}M@$P@0GY5h$h8qOyd=e6yOR)_n=yjq#9>((y`6~Fo^LS)CFKK<
z*hD_H#`sypGq%Q47IlH#4d(+6B<8tFku!*CeA$g89V0}#yhWj|knEr}_Xl>t>Jm_wrA2g=UOkYWSDEdUj1
z>3C{*A|Cck{0IT*59i^Iq#R7zc_t{Gx@W7DHU4z7Qc_m
zimj9K5%k2hiKJ(>y2iHz
z@y=0wssWFJe~CC)vwSkBzK3TZ<_>EC%G2t?#$mikP=AKH$*6El
zd|2?vkAop)wziD-lTp5oNQ$ZeZ`B0W{ko*KIBuYferk;&C?xGb=uw)a0x(#5z6rr#
z7uXbypQKQf$wh97dqR4Ce-XZ~1bDwDaO8qkn)zl6^y=75!nGXnNZyP7nH4wL_uL0g
zCYTx(jUxR4RGc9-r^ySIJ!VAp!TjQnaQ(wU@hoP?NAs!5}L~6U`hFX5T6s3
zu>fYM1uR$NKL^z>@=X6liuQo|Y53;svBC2JM)p@AGzA=agQQjV*zEc9K`AIWYY1U~
z{fS7jxJSddiqTfUyf5+!ySbi6M3R4d9aTu&9$!@yr}|_S(TLoIsWcz-y!*29^CD?>
zQ3+JYVb9LBnD~RA9t=dKmyodfc%35dm71i-Mb2pnm{^W`!}C5mypdqkCaO}x$lIPT
zrsCZLAZ@gg6wWxuqO3!P=nvPyIE+M6f3IZdL{tm66w~0m%z-#5?BdFtGf~4(i^>fk
zJfTS(M(zQ|or`|&Z8ZJRdJyoj(i9bf&ppj18R9&kiyE#%!BBY)^FJFNMayBraN#&O
zh$?PDYpXm*=5{jP9+)xX;T+@@>Pb>1rhAe#NO@u2!;~p!n4xV^0X8B!K8IL@x+m_W
z8TD&Fs@W$(Y7Ti>9}<$q6yuZ`wRb-;?gP46GwP6Hp0$d5-sPEyPG>#|?gQb7CN;#J
zO~M-D+UIT3c{pFxr2Yt#`X(Xn2bbqljL4)3r*Ir9Fr-+N8S{)O;_fkh%PS)A^#C@+
zF_;DiWD4BW=IV+?#DCg|tdjA329%SHMnP8Fh@+BGWjopLRkv@A#tyj4jey^}K@gc^
zx1nB&crx@aWCYb{>`bAyL6mW0rauC^Uq3z%!8-^Q$8Z?q$R;y5{4OFSNl!2IpyU?-
ze{cw@OTxB{K<|lmDVaxdAs?e2#Zf|wBB91jYG9KxL8z}u`%t3`vl8mS2+YrwABneH
z;ESZqXL}H72?a$p%g={V8!b)R*E|9%AXBsOg*Z5JHcs?|aYe3mJ0_MRu#z$L6{+wI
zz_w^Srmhe2yThmslrC~NDb*uJVkzS=HiV{#oPg_xBthn|@o~uNFQR58{AXZS2NTdtuhl>w)QkGSk
zI#`-D;~M&d5$_q_zl4B%2JCwr&D$2MmQ|%Ihe&6!!NEQU<-_DPwc&r_PG8X()P(%g
ztLIAm^lDd$pI+_0ZeyP+>%ujzdoR!UXi27SkZsyc`GGk6mPRT5NlFwj_!EvBf0*
z^IgUmzwMn1Hr8RHH~pE!Ukzk7-vvz=!fyh{8NzStfFM+cLv5dIY`iOZ&N
zZsS0uhw$E2@Us}$2nUykNZuL3H%Ha@CLHDiURj#LLwH)G;dux(gr|^aBqma1QK`^E
zsjgJMCbh|De#ZnACThO?6!k8#gA+BR>K`U*CR&J~2O?#07?+_*vN}Cc^B&rDnE|kl
zCR`-{)FcchYG!tm;s#vW0Pm(b&r<*t2NN~hFDcF#;L|kc3hsgvHNKICSOu5$8Yiuy
z!XT7PnyA^h0-b(fCvg0yfmF~d(nL*VoG4whgfgL?s3D_eoJDZigk{jQYZG#mGRBUz
zv&k(QL)N7_pR);dT}1LX2apD_Lw&sF>@32&=>>SozUaN;SC=w&xXbqpl+-6p_6zW%
zU7i^$@s%v{_GGxu!(n(Sz?|C?Xpj{<9_`!XXu8080QgqT;rAmr6zq$Oe9sv9B!%}G
zx9>EbR9tqtV{|D};c1R#JT67zoI^sSY}1V4=`N9R9lwBNQhG@e{#DG9H6T_*;^upTT42TavCQwfb9<>tziw0LoV4ke$dD
z8*vx>mgKXZLbwS0`)^5_-!57Fy;9wsX`?M2*`g!pAwzaL$@itmuE1R|vPUN%
zvIPEpWb^*S5pW|OS)QAf6HL(DzEIRs&rx0QZkWnQlZz;dm$|i{yO{l9T-OM>cJd>MkjYp<)GjGK?&;
z0e3-*&|l(Q1pd86?m=-S@e`%QB|ZLwMS7!^76^{=jAWIM+9Ju%VVDZ%@Kv#7gLe1*uP{utZbDrNUs}b*Okm
zdR!+l=B_ZrmzsqN2MLw@^sj{X^Cf;!0xwoL#Vx)b;zq^32n3EB6?^K0-Bj#
zMWC1aMf#owJ?D;4d@XiGhQwp4b|xG+h(E7|kNPBXM*RfEAk9IAzu6)2MmPE-vfCD@
z9vZwD?Sp)!d%V6gAlGl725+r?1*61IQHGd#b|@zEsk-D7*xvn!Cv_v_mrmNC0;G>Y
zxNe(HshmN7ePL4NlBD7NZPHvO-5-IdQI@9NQgxOlO*%_&J%@<`s3^uEH$X~`$6YW>
z(?>xr0{=csuiK);A1x&=>G2=3ba7Yw<3+Q{YvrTP(#^VI?itRP2--sN&^6j;7>7_;
zLJ%DV<%~ogrN2@xxsI>f;mq@N`S6`Tx2z2p^%|Ip8)q|qF)L^F4nsu!AdP`*q`1AL
zV2~-ez>oz*#u>bXF5|~bUzM*BpbvJU(>+NVs~^D5a%do)Vg-RQ;u01cfAj1i4p8C
zs;E%k<*@%Q)Njjb=+_c`$v(VBjG+BvkVTVAO%RxQjS!g5hI=jQ3^J36iSb};+)tnv
zMb7RW_Kl>c;7LTESPBoTNcT?|=@3>O3b$|v$pL|-d|=nOL4RTipnpD5+Y{}3H{1fJ}Y
z?hZqh0{=H9?eRZ^at8*{6`qvtyg!wKY$yoYLxpm|Gnj-)lJ3v&O)Pbm#(~2L_4mJ4
z~D|8qv~nuhQpy%wYVQAT~XRQNc8m3elAM~G_E%IiaYRAs#eq~k0?t^zbs34pv
z6?`@nIkTbYMwUK_=!U;S0SuM+v?@t%7>fe2
zX{W4Be`c4#lgipJ4#SA=sQWXl)Fy(Q`h%UdnfD}mr6Mhpipo;=^^U5jv?j`x&u=a&
zBKpVUnCeb-yFbCd-)VJW5s1NlvR=NZ`Bpl9@C!^$tgH2h=ye+)T*2**$yAG6FP0Pz
zu9J-*VYT>GFb5r1RJ>;z;N35<**er;;~{`Z`{F&UT-0AXhhe%t}0%f+f`yG@+>Ml2PDD)u55hc1sACw!^Yb`Jip#m}m
zod2P?4c(;bwL=j~YzM1G7vf(FSwSUq+hS(9qv{&see&pUMo-ZXA~h*QCyP}M4aF$q
zf5_NB-H(W%roDkR3(AGfAokz0bK0;fsCW*$M?<3eYV762QmActg_B$)okT%sHi!Is
z^lMg7fGFg8IA>SOlPK>lb^nHDg!1k#;!$1;W?Q-wVRi4vXklDvopTsd5GmT<5BVq4
z?Y?EWfgc`&@^i_|SCdu{uYp%JxT2$$UmQ)Aq`%_(~IaQuRzQ=GeATUD3s1Hs+8
zJpSr|sJefjY>4IPg7XN1=8{YNH6m?pDrewNG2KCPf9D{{#ek|rIb}V}koLl4rW`6X
z1kDkemuJq1VqVxQ9@
zk>edTlyBH)-K49Tf&Fk7X?YNi|J2=bu*#9w9i=zrNR?@j-nGzpd!EAPB)^nMZ^7wZ
z6Hfn`-Vv=~$y~gsldF=f3s`d1(+D!15M(@~kj`z1WpCWFL3zZePa-WHqchYjF0>*v
z$@l1h_7x=WM8jSFAFzNJ+gi5-!e)U-EA1G9`LXZO~Cewp#y_>XpG4DfK
zXTOgZJsho+rom(hrnO3z&-%00QCJJ7#fcS;R(g=J`=B*?K=-XMYqNt=eD6q7d6YbXUC>|_Ebx}wk9p>#-%2D42U#~AY6^+|B_yIJmsh>_
z1SB{WsvZ#2X5(gt?bYZD7tP5nZO5^0jUyWMve6@9!m2m!kATxjL|3>SMn@+&znhBwF-M0UTmGZbcP~Wau+Zhc?}S>E2*JeM
zztyGOuJ8&&^ws4kW$-n5g-Ysti0Zt|mitGeldrySV%=rSC|_s&7hm}sKyJvQS@e@w
z_pI?s^u_-o$^qtir?4)lFSFKF&Pb&85G_R3J(UgIr)@(zy84(;j8j_{d=HK4#kqFF
zC*l3K>?qjysNAvu)N(R(Up(p_8I7r#v^d#xGM(I4F)@~WBy=a*pOEAaL%&I)>*t~F
zWV(J4TAr_8hUW71>(E|&y%0JP*Iu^`ohXt|n!|eFn=QzXhA#O8ZulfZQvL`{LOHr6
z#U(=<@QquB_QK8m^2nn?)J+QwiLM?_uknRM*9fQGhBAxFLOQxZsP_-_GhRgP7~R2>
z62K(dA?SV+hmnB1Wka1kCuf3w7S7)~kW6QM4~h2h>|TTr{RPZ>%@$Rwm%Lyf-6Vkr
zbxA2lLGJBowGLkzfG2C=luH7)P(G$R5kucCMmJ5MRbUx&`xAzU&P(9*QPTZAgF521
z5Rx8+(-bXDcOvF{l5UoeP0~qkp2Wjo&qy@(?A^nlY$pMVnxs29BoUG14_%@gCGcDJ
z@o6g|HOVt)CX8_$oX@lbDSzepCfFpo#VB}H
zFWc7@jC#L6C`G*n{Z4K>-d
zy^F6SA#v?dOoWWLB(C-Us)`V$wSs5a#r`$7A@a^WkAbWDhHUxuYt>bxv2t;BI93t*8|lZxDj#G3DpK
zWIunq1@hy|*WajWqA>bsC%Zx2^9YtJ9AW48sIznHhQT3>k~q6z-5=R&>k!~tg>9}ob)s-b5`Y}P
z8G7Ib-ZWf|Oqx^9jH1jaj55>bpb<_r6D}P#DS%Bg79uF7nBZzU(&
z^sGXrA(G6&sj+68dwsxjO;4rcc*_LxvOBQ8gmd5&-puqgeHU-7lW&uO&2w<|v8GAe
zZsfEyJr__Fv62Tt*zAym!rPgi+Q3=KK43>2+*b1XIwZ{i$tP$NxD-%
zSIkK=b7;y(nzYwVPB+t&Qs4GB2Bxowg9EQb%*~kx#o$T`k=3Iy*C*d?hvvu~lR30BwLtfqs
z>_Ngga60=`?`w$H5pKB~*Z~K>Df@h~(NIdxfN_R
z^z5fBAX7l7P9%z#q`P4Dp`mFo`@Hg^?Qa02ek8(rSwv@_ulCq6m;%ClA_ev8?30vj
zo8ci4w%w%3$v(@vGf
z7k{tRoc_P6xx%4I8I1ZDZCR>;_}FdPyFi?_jPL)gEu-97c^|@D$Y9(|05Se=D4uIFPKvxZSDxr5JbsSU(3Z-KnY%
zvUECCw675HyMEy&8+T+xPh!hjmz`xOgDrZWj
zoN
z9Y}GdlW=-NkDs-BH+F9*bhhfE6&Sm(+9eeOoBplfs)I+)f9k
z4Z_GBn5(!^vr-g5k$DC$BT$Zdrc5wLouNL-a7d5EVcbE1baGV35r7uL`7Q^N(-^mN
z)VllO_ZDE!IC$wCHHV_@ZE6xi~p$O;EbO=dSsf?>t~s7bo}mmGBz&5oQ5&SEXWVJ0!1quPIs#WB*e
z5vQ$0q?nYjxQjAT<_|}dvFBSsV{dvJVjn`}Qxf}R0K^<)Z>j+3GMsNXki5XSZEVbg
z;{{L*?vrq^XlY~f5`$yxnb1KznU7O@61WOolJ2yzdCtHwws#<4XH4`dDxTgXJr}3t
zTAJ>(u_IZ)Hg@2e?cKAW93%mXnxwmbG4^lOP``Z%&aYa6!%Sk@*triWjWQf&jK;w+
z!AG%sF$=NE$iE0Ln!>pw4t^bkW}*0X5OS?bPj+b7Ks13V;(y&8nme;
zg;m&zt&)^gxOTy!$@g?e8lZAG9HJ_TH+rZ_VyS)o!@ef=L?tmA54w^#n2)&@NPhsI
zWD0DjD~b7c;wJ#)T7@i1CtXSWiDtj#km;|ncBNnsnFgArD~V6h_%q)gGQB>q^pL3&
zg5_$8uscJh83>{?G^!7uouN?^+$TpaL3mKJtRn$?Xw(lHxMpFaByUM3drS&{sRU(&
zLtzW@=!qgOGW)y&eW-jgLxbg^&u}QX0O?COj20Amr#v+O7ENZy1Fb{r%BLN=cEpnbocfVKF~M}F%fkqAamoX~)#H?h#2iD6AnDaOJ*cJW
zPM3$t?44a6POL(FN#Gz(?~wpSP14=Jl!vTcFvhRoxM3kB!AeL>mxt<)8mv(!fmDfz
z6cd#wY;hN5&dlh$p$o?T5Q9Hu(GH%ft>AqZi1Z?{iMK(_F?QElfX2Xinghu>jN8T@
zJ`UF!^Qov{sNe*ie+v;>El#Dd0NrZmcBaJ`F&
z6cfA|^Ev9GRmPAu@Zx1SAH%_w4^94Zy#;&M*kKGQ!Na^c#(8F9gp80z`_{0(xg70be)oq
zW~OAFGQsI+*mX+NUN&w|!z82ZmaJ3G#VOpGh8c)px$cHvPMxv>L3HYr6Y$=tQ$ECf
zvU?Imc2f9760qx(G0>nVanTWLh9H9y341t{84iWas5&$hagiCdMP>835y5PpivKFg
zhLCQC!}ydWoNPY-Wzf69d4L1SZy2|;dF;o)Cjp!5;H9%Ut+?uJe!7R^$;Uu`mISU5
zOm{k)y9dF=sZ;nxJ|~-7?WEWbs{9J4pKvH?y3^S_ilm)vJ_IxI6f7BwxK_czQImA{
zFWLN&1AtqB(?d(J5)#wdeBOSgQI3P_WFk^bRHCrOU6eTo?RXPoa(+R#ewOtlXsMe|
zftGrDDy){eV;CA*;aUXuWAfE2$gFiM5Xs0K_$m?vbxaJTadexz+mW-bf*)E
z)_8Ox(Oww3BlJc)L>pAO45xdvG~MY$;`KHsk)|332TQ&L%G)GBQImA{FNx&KgaI#s
zb3;o|+*nK}Qe*?AQO3fI6>xA&MEoYSx2TIQ(Z@Hf;oK7k*G04v!*vn4+S`zDXxKm$
zY?Z>q6RuZa@Z`Qn;VbGQ+O3@jL0H_R>wNqAt9>oEh6X`+&~?%DI%+e=UGPitemqWH
z)Cmjq$H|peoYmT;GYHysr`=z%2SG0v*maLx7j?$VTwM3qb!OFgQapJp$W2J#7{PR>v-wBl;?za_3bIod?S38KiGeD|;WR@_)1A)d
zU$S?0|7QI;+q=!6JWB!;HA#2>lFi%FT+c~xzSI&FHx|>`JQ-^stmg(G7fi`9QHjD9
zcTwideE&IE55}H`d1Pvhl2Arw6S@$)iE~ztk*I26!dTQkn~xczSYunr;Sak
zox0+Ga~SsHAc084wIU9VnxwmbG4{%GFm^L=I%x@3LSow3Q=d{A<#4!;B_hQ{8Cy+U
z)80SHSFlb`)dFoVL)F26r&YC(W?$FZSK0@szJ-&n7A~PHNWX143f*ciAg5Xw)>?=Q
zgOHS>!3^Dp1oa&T=h24*aegJUA%>5CAwel)6)
zg>deUqx4rH8lV-1I+vy!V^K8Q&L!ko!BbrIbB^;1e)|l5;r-D
zar-9OB|(UaR#Hvh1k6LL9gdQ6>QzU>WQmr~eSv9_2A=Lsp#LazzlXzU2u!3f)X4J!
zX4t-l>(34%_oX8HB)*2(jifx!`>PD`9lAsK`=*G*p@bEh@40~yGOajg0Ldh@C8KFV(;&r1!b+Sg8sf<22pQud$+>wW@$Wk{^$ydHQ_IvjUZYi|<{Y
zHMq~OXby#Bex&Q+0(@EOay@$&E|%+iG-z=A8kbpCZmxO!6yB7DR)1DwEb=!D;U($%4o3
z1+SnJOIX-I2;>&Ho8le{+M0LXDFwYHp@PuPPxr!B(4L=I!E7i9TMlk+2lrf1^6{U@
z&3JpzBBQuyVJBafNq+`rAS>oeD-ri$kA5IU!}ORR6r4m(A7lv8uyX7fIEB?%Xo!YY
z5@>lL-*6AhMHuNm?5&n?&q#ckI9ujIMb&7EysI*SWeed@tsH$(7j|VNlvR)Ch;8f#
z_ZsCX6~fkHAlC5KvY(TJKW9K$UH@-%-yN&<4eR+0(sS1laI&Kl=>F3+xX3%)lkZ712-Jb66n1cJlvh45Oskm>Y{Ow-`dhS!PZUnP%wH^
z6irbsdpA-e!;EMPH=orR=SO)-kqQr2OsaPBS)<@^T&6#hj;zz!@R2DO5r3{vt?2POU8
zVngJ1H6td1c{@3i_k0rRPp^m9_nREfd5#EsDAH$6gWRKL1bP1mVSFN;ir}*zhikse
zZFND;ru+0S7ed{GO5Lfy5gAzxlL5Jn&9JKkQhZh9f-!tg;uR#3JK6{fO9D!<6Dwrj
zS0MJ9m?(3fO<(J;@f+!f9!kUJVQ4A}ba>wA`7|v`%|hX(*&|72gLycp8>Rv%@skjC|V0aX9_k?!c_>Twhv$$7DT-DF>1vacW5*B^1+B8vx%7rBMX
zR*@AEJkA0ne+3~5X`Jn&vKP`g$48|tq;Y*8m9LP-4SZChLK-*pb+}6YHS~Ft)Rl@<
zNaMynDlQ?7^L$h^LK-*sQCSFSobRK2AJVvmZx>%%`Y7XuG%oZ}1`KK3+E<>hMLx=J
zA&uMk+Vi!ok1|q7<90sEFd>aQ_$Xh5H16m-itGDw>g)J(QxjpNNHJT^#AH?z!FhGI
zTsjo}34UkxG8^M=
zQfqX9nwIqwWm3!gg=p&c)`Ag)ztvVlG>!1E>HPFrb<=2fc}TcK*d(ZF8e@jzDQpVv
zo0W+nt*$}jFzHkLqQxCQ7x&4BdSQF!{46UZ4ej5JWcmk$t?&V?Ipo(1p}cPSuXn{m
zHa|rA=Rsk94nM^C2lvH8eSWCu@7e%WMFW1w@UKLG^K<#3mVW^J%x}mKIsRhg&HP6E
zkmqlU{FI-^4~71to$%0%OU+$io_|nh6c@%a`$IMo^}zj$~0~Bi$8m;M07Aotu+0oly5o1T9@80K9BOQRO|1K(58P)nHnBlLAa4
zf1#uo5`pR^r6T>^+VJq2Y85vT##Nh=JBHzS0lqvYRWB39UUQa9FTiqXLB7IHYm9_%
z$IF#10M0gi^>HQo^_vLkZi>$-6(WBnCon7I0?bPne4^ab8?FVZj^x&<8Ig3uB61NZrR?E
z|LJ*T%r8|C-y?1bW3F!t>^p^h>tG^1t|`>FQ?~Nad=iI{HQNR&ZihH5GJM@}C4+Fq{nWC3d7_Kz*AC`LF^=KK}pe7sUJpyoJ=fDkBH=c)Uwg_(CaRE-tg7HmHfE-
zZ>Z_96x4xA*Ipu&4yt5@(T}bN>m|eY0IsC!95Hop6)FAYPe8&icsT=Tf>Ln$b_98k
z;X8pV;fa+U1&pW1xnYkQDnS|%#;q<}n$sfdz7`-9bC&N;I0utLAhI@Ls9!LQy&bRB
zD(Dyd`=wwWLo05A-p49zK{r;o?Iwl&1_9d3`Rh<=sr1Z?h+{L=JNQ6De^2Kz6s
zBE?BLVI*F*^zeiK@uv;ZGQ_TJ2V!2mrI#OE{$J6>YZ=N9mVezGDO&pY!RLS5jfXIP
zi1c5?u(@S8KScYfXVFqM266u8=b#{xkwpJn7^=67;)ja-Bem<5`oj2?@AUvO2Mq{FM#_Bhp;_Sb)FOH*SZ0kBDse+
zTw`>H1fVddANd}PnUcFj%S$t|j?6|NKjJ_>MNlx3tRej!!k?7fy*yS*)~=zqVjxrS
zjO7014}U|*`d|zQi#X^JRZIE6W=gMq0X|ez6;x#+Pze|5srUrFz);RD$yrC)?!#Zl
zun}*=aL|YRo#J>G2%(CwE0G#U~^M8!OO-Lj0!#adjya{BSJ6Wa`9fjz!2@k+ui}lY-YO(1oOP3Dyy}
z;e)XRlXOolO&pQ-JH87oc%lMb$YF|>R>~RP7E2eBzE4Xl`0Yc8?YkA|Lejgnv{KIS
zu~@p0^aom6!NV{ySa7uhUC7~@mJZr8jXA%^(uGveXBjHP1v%*p5)q2ok~``Rh(Ow;
z%8Z$mmG(#;AJ7*ZLCnsKU6&$Z_DdchO#d6g2Xb#$8Z=LK(7_TNP
zq6?)cOi&XPoBQFuyqc7_2a_JHZi(xKzE@aJOmwuW9zUM$&tY<-RgL&%bboLTKF-RF
z-%R&^VPd3JR{ZUBzvc)ywG(F1eN{|=w5pSEFWomr`!>EK^Z4{i9Nqd$riwBv_P{xkVNI`Bhh|3}C@
ztvm5Uz(2YhXaRoc;y?8yRQKYCuKqR#9(wabH-8vu>&Fk>{U4IHVt(l1KS|mK@lXOw#y?mjE8
z1}YkAnhxQS=b$hJQ}z^24~IVor=qWV;h)?axE(Aykz;#?rk(~9#x
zakew(lw5YsMjKLhSk4Hel-@t2#HenGo5VS6m6HXOVPLJw6$HP?gwmx>I61L&$o~qSy-6)2pXQwn#7A9)h>3X}rWN
zgp|8Hob^e@`F&R@OqF-;=4_Q)(YtK>6dNro`xD&n
z<$B>clAsh4>F=W%Y&%O?g+|UwoINiRx8kMT8ft2`95l7h|Rpc<9WmVBm9+dNhR
z&OWOn+CZ1Ua!nO3yj+B6ZHJ3n1PG|y@a6+teAb`kNiG&)@K`>R&hdOE_bN>E@Y!ei
z@k+7JDuZcDkClRR*rM@5bf~P_l6i~qX=<&6*{riRqLj6_k|8=g%m&^FSMGJnA-EG+
zqvzoT+-x3lzNDcE42>n|*0S_)f*{VCS^G%W`Y4jVpk3$7Stx*=ibH$$$AZ>T)KW%g
ze`H@6>tk6wVua{i-XGDz5WkYZY3W*Nh|X#LJ=5_1FuBB&K<6svUC1yp7eY;O7^F%R
z-#Z@MY8G`(@Ymb3pM#jmPZD(wNe}8$fGU*VZ3^@%vjvi=aaji5Z8~Q`Tk2Vyjnros
zVT;Vv(6Nw7ZQBovys5vSfi9E!MlEd8AqF)W1VbtngUcKz6~CpB3eOmLn))C{I7VtV
zIHt&)4SQOFIgzdF;(ZHx2+Z@nkB*4E46z#&?vD{}WvisaXm0}x%&90XT)1N)Q~`%^
zj^dV-^$6fa5r6JC6kHEbLk;^kt;gOkOL_2yEJDG`oZA$?&pR)
zSvG!NC11zb;m;94Y2
zJi3e|I7EC5FaJ;uNywO(qzwEO`X$H%K7R|4kY!iFw*j{uN5rL!A#X%H1tjo|yY82;
z)-|}e>miC?kr{|=h61OWqAvFilO}<|l#gCe9U-
zV1JV68~VTx-VdkSoOgkrzKQeFw=mw1kq0kgmpMdJ{sR1(!x2f9HbKSDQQb3zN?boU
z@i^EUERK%?d^vnmp}|wgvNoWcAUui|F8ql5l}Y`r_f#?f#1Dzci`_3aGgj9
z8=PV-{I@lL^o=Mkuy;#JYfHE&_Ax&!K;-u&UPS(p84u=BUT$J|6LOF*=_!zBxX)qQ
zZa)+rCZ#t>Uxfz+R#hxNmM=mQ;%kjY>V=!91Z0-cOVe&|RKosFoagp7y6K)~?P%G`h`%rgYK
z7+y-b0Wb9et*g>FARS9mfo_K1Rg4hFOvCp9fxU@WDV{FU8FK*hoPn1rM71OrQXD(H
z0344@ua||~)HQJ_@K<87=OZ3kVy7Mdae8d$jGjr?grOLjm75;&$FVgj$>;rVj)m>X9g+%9OW1MkM9
z<6g$JN9GLdiFGraO>j4oe!pBk!Cjy41HB)phnRN6eIc#_a|aT4JF42ihp}UbTZXEP
zKm}>GeG1jUeQ?^0!=R4<^31)npcRB2(XGKP=IYhC21BBp%K7BP2g`9RUp%)`8*ms*%#nY
zP2gOv2$iLo*B{ZG1#o34f~t@etDZEUrmE;sFm`BGd04~_NVYVuV=N~R13az?1L|l(
zt~7h2c9dTO{8s7NapU347E7?ig}nH`IeUX7($`*nn&D!^MEf+|hC
zKSH3H^!7u=okHo<4ul>KNh&Q|1K<^e-`)XXG{C8vKr*7tc~tm;0%=9L5YSZs*Ow-k
z^fTc=p$zk4b%k<*d>(|oM5;mxOs*%3r1d3+d0bJR1a{8BRWQs7g~(lPq*d%uFLudm
zAh;XaN^H_!ZurzzTFXCBFPg|?5USlovQVc7+DR+_Ih&LZLi?LYTranm*4%hIOhZAK
za1&|ZPtepsS{sV&Fs%S#-A$y9FC*aC+h_BqYFbM^3&P7ck-Fe(_dsVE5u0aM;va(W
zsY4RxHT1dy0U6QuB~&?-Gp_)<5yZ#U0p49&A7a{)O&He*zTsdKOI~}RlQ8LTje$PW
z^V}_XZHTIiW?&UMOksAS`l2sV^E&p8L6MOIfDH-awK4Jw^p_!z&BBip2%igVaS(4q
zl|-@h=5&&Rik#d8?6DwTuMy-2%JAROfu-tF9sqVEi0`M`^EMgrZFecC@|5R+T?pc*
z(9H@Ak|FI^;?2l-;6`J#EjaAVbg>%r50>7?FnL5JTBZWa2;xuo0Dil))^)bitQoMv
zAinKQ_&-!y&%R+>asaR)L3}IOZjs=Y@^>vE_aexnKEkHe1txRua9T3SEX
zwDDA68A1FZ7v#rCD;gau&MD1+6$bH+PeXpJv}O-+;ty;{5dV2N@Nv?59(H8;xxf|&
z@!0Ob$4e^|jXUF;fISw(J5&HZL0VruVCz2s>_`w_{Wk13QCfZ5+w$juU375CEeY=o
z9GD`*>-4a@L>}}T!f@C|sCgTd%#hZciMEm|z-k2X6AciE+0t@lt`PdQU!JHyn#V
zSWP5u?v*CC!!GIFixRb9{4
zfpCY`L}60xjbfgbA#EJ9t_16m(#)IbXORk+{Nq%38PsE%PC>LAvPWJ-Cc7XbPY=U@
zoXm0otSg$yI+blqj6ee4%gAwK(b*wpSyU{kI8;)UU>-y(ANWOv>{x)=1j+*q!D?BG
zDNH8eNA_>lw@JkyjL;-yMJD|rt)zW+9$5&&J(|RRa$!;G48!_knO)jpbA(ag)u4uE8f;cI!|J#dtlz*0#Q>!Q
zizc0932Jr2IynnYDWGL(DjS?xrqu*xxQ1bkM0cI-QUq34VzONnX}}{0drc!Ea=P8`
z7z4tzn@HPQfs|!LEJKsSos+vkSnrV3p3s5klA6)D!90p~J5a|cd(bkNBM*RhM3ZaL
z*3N-jjk42Hln!|w*aeOA#?^smB<3+m=TNuayorh%~7CQs4uuZIyv-npzeYnwb?1eczMni-L?R$Y+R-PU9kJv=&Aqw@#xg(i?tf
zdGy$6Ko~U)VKh4IG>{b)K8WE0W_gUr$6?z>12HjyK^-{;E*j>bcVX|5&@~>1v3>x+
z{*3)>_*%EXkC5QJ#)0JBgvb7l`YiCBVJAG#nEYadc^3+?5xCq7`e7}yl|=YQL4n^4
zU&1-T>f|{PzSAVtEYg3b0@n>+6(kS&DcuNgBn}RjTD0V!O$7`ytP&Op*}G~W)N)9+
zPna_eyw;T0nEXASA5FZ2)m+6-7Tjh9HSL{k+l7olo^
zSj7x$d=sv+P0c~L9=l2I`xD3sj~WqVJZaJ|qXJJF
z{sE|6h$(-gQ&B0eY7HMW1#ONIa%sBVxhM}pibE16&mul=SX=V&_a`bfxxktRaX+e{
zz>7x2g@JZ0-V0c95Wk#^dT759adEFb$2<+#oSX1NMnsg`#@7Se;@~_46=r|xt-Nk{
z4^6;_Cure}{U986NTN(Hyvi7O!>}%*1Q=)Fex9(EWXm#Ts~~`H8P>6_0&|;izo9WR
zJsNUH4L@yd#I}q>5~blNkr?K2)S7{J4C@mtl~RfsjX)?YO)7IV1*GGKRpC`kWA_C(
zln4|8m85n3=wAljH&Xgw$SvyTqWTDY0INcuRfcj%;Iv^T{S5kg2yS$Q#W{Ed@QmSG
zfpuW{oCB!3Qn)CGd?wQ`Ad5+NO5{hKvEWd)*qLc}kGFE$qDZ@tFGT9$vnb-JhkGDk
zsjD%sYowrNHS4$pMOVnyn_IYL;e)lnUVq_z&jM?$HmUqja+b!8vC
zQ<2&Oh6odx$6DjfWB2@!@$jLTS|s|{f7D7827S|dCMax4e5>Q*?ZID+)QD-4e
z7O(FKY$dDBkv&Lk%nLBlX>h;7VbJI0lK+d)<6VHO&_k400GLqBpqkEFDM>VkIz43_
z1j`xp8-;kXtGlYXkSfnQ0P7Rs>p=*Nf-=p0$T_kdoO?Ks{F!ikwgu59<|It_aWNkU
ze39mGhl=YP0&R9@OMGH?5jTMOqGszZqP$t8r&X9^i@XQ=1ub#~fhfry_6&?QIAS#{
z#CFgJo3rn26C>RbsdzpvoFfd=p9SUTZxoRAd?hX+w;^_gND*C@rr7c|C|eFblHltRYzFBH6P*z6_$BNb~*H514}@^iLpW2PY*{&SgXM
zdTaiARPJ!CppnE$SS@isV9i6Pi{$D8$qk};M}R(PwXUeNb_UYdL6uPwudRUUhpeyD
z6lEgdIX6+T^D91lv&QaHv0exGk-wvCuzp&gg7FgIw@Xntp+#aP*xtR-+Pzcpz5wTk
zQaqco$x3OeD4vd3X220lNEtz?nOOW8LbcgKt-&#`2~LAjJe%@}^(v|aGEOJJ14>cs
zP~|@hRgYR*|5U1`g0r?XF9u$!j8L9EzikHMvCaB%lahE6?8E;q(X>4Lc*?psMMdjV
zurF%~E^CxY*$hn1ZAGFzpn!*B#<3g@Wdp9j632Hzx^1^c+tJSi++0(F`k0(@
zb_U2htu|A!0tQkahbR&^U58K4dMCZ1diQq#nHEIfpsMdV>zrE%s`%CbS*OvIX&Vrw
zUFOLoYzhX~1B6gnRfbBT=+H?dGI4iAdCpSJ)&2Y;`3@$hm4)hQeNcRq}VSA68(em^$~`}yIBpBhK^tNie;KNAZR?gRYr
zA^z14nS);HY@PGR-v-(t)^_0u`5lHl?$>;@#%{?cgKFIu(N&=QSR>&<1d
z%3MZhQrmrlDqR%5iN$=Mm1=rk2%w|D%l}p-v)tLok!e7aWr$#gutK%v*~rXw^`U9+@}tIAWP;@;lTPqDLY9T)ux&ii*-|ZhGQ-qsuGH
z7CSA!)!noTyZnDP{cF*I^rqf*m74yMX?O#KI|E_d83^ajKm>ONB1Iv02CNZg$b5L3
zN4)`Slo@dph7&T6x&zi|Gn_C>=26mHW7K0LDj@0*SOsQmJ}fL_sYhV7FzqhEYKRna
zm%tithS0{vdDJJc?l40sdQeWC0&Aja_X_f;S71$2%I$7}`w)0PgZ(ECBlwFF)h+O$
zZI6K71RM;O>=sP)BS=*p1lM4b{qT%_>Ys!+oZDsd)mb`fA1{BD{y{Ot2@Ow4V0~}
zrj_xK5NCmXTN+QGHr$$STJtxkFqz#@6W~zc{)BZpoTY(0Cdx^*X^bx7l*FgF{0#Qhu
zr5-!6nZz+sk0Jc)>X$=*g(0V)+5H~-^Sx60n}F0L0#Qhu2RwGyiV~*>@&`xYD9vc_
zx0iYBKU&Ko%mC8zNW?Q}d9wZR=wE?Ge|x#dZd_F=`aID0{m&#c{M#!%_Gmb6GUnGn
zzv7bccunn_rHBeN{@aguY!j}Wu>JkvgYYjc!7i%;O#tjw9=peKiBli>9b6pEk+Cb$
z48UIPu?sO5>JO}J2UAp_DS%z*DY*xpfF|!Vk(H;jX%1jN?y>Xnl^MCZRmgh6&8|da
zyZxlcGZ^oAw*h>BvdA4sgXvj71;$+CDb?(poCcf%=7k7sQHiDj_F9kq*=e|~J230P
zzbrI&Uru-)P>JRN_ER4F@$2}l24FRDG1*VV(L}&r@8Ow1W10!rPkTxbl8B?JfIZ7o
z_3V>a=F(iie#TR>C$h2{(`3MY)+1*FjcGPuZ}9j@?C!=qCOjvf4)9{x-YB1rG^PoG
z{k(koqA|?~>`fjyC1^}j0(-OMc|PB`6@$3_f-_9!^Blq6;wei*z2C^^NrL^79983u
z2aS*6$;(ZGJ!3F_vMr?d7v48OvB{`<9{i#X1}h_b%0SGlj2ei6*imOn81(@fSQ%!}Bpr+cgjk-W2`>Tqk%-`KXa!A0H|hg1-9dH~;wA1k!RuFLuOo#Rxu1h5
zUqtX|$I&u6&KOD((k7$+LCjsEt_Mlwb%PMiq#I%MBly!;#~SOw=0#$)31r5rMBAnT
z>MN?MQHsLZw&5dOd#BGh`7JO$0q&O$zBp&pqs%vb#?bO$I};hkZa+4H%C1@fLuv^o;RM_SA4#!7$gk|6kby1d*d`(X???f+GmmZ
zo)`>+(Ty-(;;hM7EE%7H)hQBofGqYgsV#F;5!*4YBIjQ>_Za0irb)B?j4wdHbe$MB40!s#?0R(2?U$Q2*DW^JH44&(}=nFPcBN;V=4G?1t2YRkc
zqUSuiDg0oZf{fq312R)Acd(sKNYGe{*V)yqQkBl)T_#pQdx2%R@eL8Xrw6o-wS4Qb
z*^m_biSnuUNhB>U<|vwp-5~Yf<3jvsB=5q*VP8y4HZa?bgEcM~3swNu+lZxlN+Gzr
zKoUP0r6xd5rx+5^F*5IG<1E~}FO6f+r_O3dF
zu^Xv(4gkq~YjNtg`(R6^W&g^lydPPgHdx1Dy6NZC`x3L2fP0ZS-`I-OZ-2q}HL+pP
zZ_|ccd?$sT;40-T-&^Yb5FnOKso$nU!7Y1uM@r@WdcJ=Nso$nUtSy_43isP|kT}k-z`dpJ
z{{h6ZDfQdK`2H%Vbnmw(ccOF#Qj6~`JGL`fhai4C8TXbQpGgq9Pqr)J-s046m*?CR
zKyX$I-pN>YTPz|i`#@Jpv$|6%;d7aT#HZA6(=JTQ-pJ{CyrE525Q5{|PCzXC?#7h9
zi!|BZ$@lr3j>9&EWP1=&zdaCg{r2|0gc*$#&7doleLW(%C@)gW9*ZEc-=;S{mQAm!
z&@zC7gHSqAN^cdQ38(ZP2&L#uX%bAFe0R%a6m0c1H3~xPYS-uGAZ@jr?6V{=5prhJ4g-zEW7joDt{%U-qoDha4>-h;J4}CyOqJ4
z1`=Qx0roQB!E7=#0g~ijPkK@iqlwvh87%1LH{*3XOQX1MIiYPQqpKf$#w!#G;3g>
z46u@yPVcpBI!4)VQ@Ghn5o`2e0K9Yw2kWz#vfew##i>8x3NT?K%bPGhwgiZ;Xdl)@00)OpLn+ahx+7aIV}
z{u}rBaB3Pd8*ygROac?YZ_~ZE3xiipC&2PK01RNjn|Mc=%z$Kj3+_=iWcuyj=K&=T
zD1Li9VJ~6qj~JT(7GuMA65g|%`QCg2w^=~xwFihTWm=s28R9(x#AG{-QGUOV8>=;P&nuOBXscsmn-=
z4SaeMziHzycO=d&0m7lLp(YXze-@>28hrK&_~i44E=wri9Ti25wg(YMc)*Y!0a6~3
zi5hoet=cTj(<{*hR^5W!!rL}o3s4+SWj
zm?n&JxN~;wGWdYrl?=WTc{=55g=Kz%5g+204~
zLe!7C)KdD(6=11mMl4;4{56-Hxih?X6C*(RM1Rbs=luD`OK9GiU+uw|eN(7D7?i-8
z-Y4iUvpQlAc4~+OmGHdN!D1-|V)NfNH%i5x({9g1q%bRMkVCK2AfNc;@&()p|wL;dy;zNZwU!9$SqBLi|)kOTr)
z_Bq`9ZTbyRuRVq+V^$HE0DivrR$=h`l?0f*8hG^?@N6MDSum>^rPR1sH#n|wWgg2Wrx2_>@?X{Gi+C&T~)8Z7P1R&n^K!g)zl#?4s6`H1c
zDe7j~yuPz32(_5Fpo)<_#0$6rCzR%*6P6Nefa7dvcQZF41iMdxi0qCSh?*sra
z0RzBGXJ%Rq_1hJ*kXN+}bjW?n>T
zF}>fm-T@KKpwR$ui*foO2_mq?DTZ=DydxQ9;QI#vht8i8E4uf-&vNM2Z@&Vt_c(LO=k(>zhzo%&n*>?v{x!hS`@W#m`kc}-
zNc}d!y%p~y%_T~=W5gg6h*(%4^)^Q)777gLN=36MvlO;<%*Dg
z#?P{^VkGn1^c#?v)Mzsy245wl<1VkjcpYC!Ps8oJdAZAts%LOI8Xo>d
zM)e9pyuleH4S#u;jUT6(;yucje|ZBb-as*uQz(de6-lW{Q?RuMUp#=k`}c^-AF_9GOJ1*lp%VV_2jcM
zL@(1dL~tJrhm%n$Qe_rQL^B-#eyN`GLQGfE<6P-~LpuN1A#qC~U7%|8Ay}<^vQbxx
z$QJRbAZ}Ys^{I$SY1Qq)ojbGY_TV1!Myh_FQ7%ID`;4Rr)$cRv%jZr3R(+Y_s-Ai$
zcnW#2w5E5EBtSaLE|{_Q#ZgP{Dg41^~S
zrsldD#&y-V=HS6OIMKQ^eavqbWKD_9uarWkRim9@SLs^Rd2MidLh(nShX0JhZh(gI
z84W%Y@N>l#-Uo$QkexycA+%)?KMYNwmLk_3U@OSE1JFFx?Ev&E0pT4$KI;xZ^Vu7A
zfX(Ot`&Ja~0Oh6>6M_y9Ap{*DLI^rQgpjZf5MO|j^iV={N#;00Xcg_2gnoM^yd?5j
zmxNZ^H!R6iLI_F{Ap|9f5E4-mw6$C%WP)3zou`Jk@&D?cBg|?M
zZG42O+O#U%2=ivu#zp*5$O#sc^HPMI|LRNIjra&T+l?CXS;^UMG;rjkmibArIgaw7XqrA@l;q|>j!MNPxLKt-tiSqM;W+yBBllRrzRU&v|z=%He`tsLA@?3_o7
z)R~_N@p>_3#sCj}WT=Q=SM>s>S;RKA4W?upi=nP?QSVCFp-{IPbYwe44t5}SRWX`<
zjv8$-tg#C&frivy;oa=kaq{${Zs8gzrCTUHc<>NW`m|ATjpTvn9D1%PeM9yz+@~q$
z&=pZ=fl9K3>R*9)axv8_V@6YCpdtz$sOZKWs3aeyItD8FtW?K9
zC7*9FP*wT?C!8p`y0i6yTvus#ppr~5L&*S9TSZjGt-gCf#G?RJU!CtSVI%O6GE{NY
zg45||Tb=<%ilWmUbQ_@DJU&slsoCJ~Rd~92l$@pbQzVs}2mKBlHxKgGZu4l(-dZ;g
z`3xJc2HV5=veoJ4u>fqfjoDF>tL5fFH*WKg4p=u2`K+6Ve7;fh_!VqYzk>AFlyu!Z
z_CY#Zny6Dqm+*hpW!MmngV-(2d(XBp=;8?fE
zMW=hx-+;1th3o<%xUnP-y_^gDWzv?qD%t?bxLu?!PF3&^PKH&*@ZX_g4v?d=(Ss=t
z+mlu}2}5i0J*{pMhIXKPBc}#RJ3Q%v5Q_=F=^lx1(9hh9_@6M6ex%gUX4wWzh@K+i
z_g5>41v`~6{wa*4+lrxn15{WLsNIcvF}alv{D#0Sz%3R11Dy4j(-OGFIUwyLbhFvO(osoaWG&
zi%+jWKSx7zXgQbeD}wYZGp_-;qhdh|ZTd3`KLymC<`?JnNGUaTiy-}C%T-|4QarRl
zjXb4>Gj|Anh)_p8KzBYM+kl=U_6L+#6OCr5umKU<$hUI-5`?YF}0jqfN+us){CR*1$U|D
zE3y6u#@C9jtSdDOP%cRgIq49=2Y@>f&>0GMq>DSp!3`+f_+`+gtHMil@jeEgJ5c`D
zJm;n&^PJSMdCq%a`}NYIwV6IYd^BJ`Nh5ZVc@Ad$avWEl3^RWDtVRRO_~mma5nu8r
zbp2v-){EnQ|E|4=w${6dLTJV>i7=s{pF8{=
zC><4{c7tB@Wv;XFs(#}qoe`ph!fWZ)!!5vznqE)NF6)q2D?27hHKsb`*vgJ+B_Fdz
z!nP2803HP9U?l83c7VG`BPPEkB8Y|SA4_DNXy>sM&=8Z6^H>58x)G3<6`uCShX7@j
zi7A>SS|~5T`RDP%ym9S(GTGKLjao4b}LUoVP4>mdw{Xl
zQ|@D6m<4SDM=(%^);Z6e0{ilj|FkD|Tn=&Ak=LTby;AH^rFP)hW>9SR1V{!3tU&jN
z@x0ShnkXoKCE}kPk2SzOl5C7y+Wyd%OY0qN)$YWW=@cmJNk8Ugl^U4D#DM`QtaqIA
zj7j+;sG44i*BqDEOW?&VnD*STclW}4yiB3^FvMULJIQGJjB8Y^VkaB*gtIEA
z*lK5W6>QmAQIB?=WW*uD7oBVlLtEvQ5qF?qBy27Q2SB|IrT8*~=4KW$1am2!~49F6Nrzc$IVx@*&Oz?!OGAKw5xu`(Ua^guL?oi~qg|`B^
z+rn>^kqNhjuLTLU@PxfS9BvFuvo{hh0!b5TL|r}u^B-Kh7AwL6KtoK1BBUNgJ4sVG
zc*VhgM&XCR;W;(!X5b3NoSN=oQLa!-tL0;M3eBv|0t9IO1*;^*D&VsEgILjYoA6UM
zscH1^Y8SD)d+=sbAv7(qXFC8BQ5mfLIV9jt+mAdy#_-eZ!DF=ek7mF`aO?*+H>cgt3#xqTMS
z&0uasKc2Wr9+jdRJJbI7k1_3kzZef=iL;v6ThXh`kg(@dAxa^`ERTe%@Dxw`33(bu
z?v}W2QLJ?JbO1EOWT?V~FR&u%1&BEi3G+BYJQ4|O;VQfy!!=*=(CfJS01Yu2c*O5S
zv2%*yya60`7wusyXRRma`Di-FKr=|uXzzbHoW>cjvl?>K5%F6QmP=JMX>J?2d8yOf
zKQ*f9NFHK>pBnWVfdtK6HvdnJRx+}OuG97$G88ZPZ~ik17l4<$P65#nQTn1$A%f{e
zBgtK?eD)%iXdpScK-M|EZKOY=@C88GlS~;al}{hL6~Ffi=plux3;m^o>#ixx-Po^v
zKTW+P->%G+_%;KS7dDh#n=C8EsD;fhhGzj!H6w_$1o|sA8c|I
zbM39SI7(!V=EA~i?5+8C*x{||SI%jO4z9z^VIZd{7JA&dQk(@(k|k-_TdKA&{jqtn
zcv)`odM-opD0)Ooh$5>ZM33acLe2aTJ(ACA=7;E!e8$XgCb-{MjQfk={$Fb$M2{l4
zBYG6U9nm9~JN-KPIK^E%$K&8GI~t-#YorB5{1#}Ep>TEYto)#=Mq0bbnL=Kbh-FP)
zb7xr-+>Is4%^;|t*ysuy0w}i{y(HlZ<6jg9
z$&(eW!ziTzbxA|atzdNM5OGCEiJx#fB04M=!8@Ifi8
z7J+GwK*Cy4a~5etT@IgcEyi_&;;oBV0BDHGXdK8z=PR#pbm#j4INbSYr>)!hcpq*=
z=aZ1|&PNdLeBJ!m?O1^GU~{EKbY0c~lI3I^QQ~ly@j{-T4lI{J&!B=zI~&A#}coSKvk(00Rb({PUP_DM$C!fKXm56OngQI~0R3W)G(#O1
zcSup(Wd7tJ7;9r=0rFNTiuNwWyMXd+ffhtODidC9dXlA+^LKai0P&jElvgEUv6R=`Su6z`p-;B~L0!d0cbnmWvisf0N{;pqF98~2dUAn7rV4QY
z5c6{+?8hh;!dxqjfD7CS)*_K;9!KSPu*Cg?zQo3#c7d^gx}+iI1{e4daU~Zx;1uQ=
zibyxNED*Uaa8MB!xC|uh0^7i63<9P(8VPGfPDP{<^@I4OtfjcVu6XMrt^hQ|WGG_r
zWJyD817wB5(K*vCT0qQ9By2Zooy>J1xEfWFh(w|}`-l+JaLra6waM=dCk-(-n7lop
zWVZAq^zvu$&|MLR+%~)oP%iQX)yw1mM0};9!b@}U{so?_9?al%NJh@!=gN=_@-bpz
z1}{T2m`>G!i>Ukvyvr=vM(%g{4FELEyL5_v_XIWwo-wP9$mRhh`pJC=fSfU#(=)|e
zc)I63YsN|hFn=3`nhiGBW=iH*3Gts%xS3f
zAA=4TbGRYh8=VjuxMF<%1P<)_++Pj`!}?E|g()1guBtSzab
z8qHKVIu<<}I8m7iLeSY|QNPc?DXlPe)L%2OF}4<_Ass^4-Fj<$OSuFa9X;U`w($0f
zZ|p9~>Xb!u1Cv`7YwhOV1eE(;rLk;eXEiiCmL9WH5MNF(=JlfA(wg^sCfZR!Cz+qO)O=D>yA>Vo&@ET
zVw68Ql(cQzp(J)hiO&G>veQdA!N+lzScp@tiWeKus4NU)?V%5s{|eLhjrJ!a2vE(8
zlY1t!u(rYc?>3;DGmu~s(?HOQpIh0h*_bL*Ft!Fq0nYOv8gnycraCTln=x
zT>qFRP2a{fz#HNGLM#HK#Xvw&{h_gZg@b))FQ%e+IHVZp#`!&!j(`M2{kth5j}pG}tK(38BzPddD?&ego+I#<%7-|vGRZUg4lyCl7S
zvGX0EVRi_6u_Nv9KfTzIhS4u}LF><|St36b9N
z352NE;Fr>s#vw&&6qW&$HSUL+BQFvE>IS?9Re1U(&|u)PmFXqWD~$VpcnMSsZLx&n
zrLDXTyx2igpoJYBZ;Io0%m*WbF$bMsOv(zb*}h`*ZEJ-1HAk8tY_0RnX(9G1aGG1Z
zxV27&qH*ZJg`5@+0ZDk{kbw+LpHo)gMFJ?zrbyVIQFuj9pA(7g>zE_;$926Ds;5lD
z01Yuc>=_&j+b;lQyuxedD)%6uVYWxh>hPoxF93RSqAcJ2F75>fceu2@J0G1}NQG$Q
z&PVAvVm>Mn;BbyXk?5xoKUK_Exy+jZ%8DrF++A)o9~}S|JRh}!*joT9vmX++5QTcQ
zh0=)Sr2Rt7!L^wZs24o<02*R?SSaDqhjDB*Am-ypm>KO65ov@q{avj8as6Y0v`8yg
z>GuE)F&Xjrt^iXnW)G`;8XWbSqkkrzXOy_zZt972+w(Sei6@UF5vF$dQL(h
z&uJ7fjq5oj0(nmV6e0c^FJbG|xG
ziY?|jm8D$INfgp^_R7PtJJ4;F(pY=WZjQ$Hpyt?f9=Z>E$rPUUoR0#}^_-^|_kZ`C
z!5KM1ybH?gF;eBjZo5AXC}S{4#B4*oL=cLK`IftIhKf<FI7NWy#IGJeMJlra@U9VpGu
zkg%_#(3f_;iNtn?*A&-rja5Rm(=#`~=`lUk!F)9Es(^eoO4flMp6UY1=93K^-FLt|
z{2nWySqfJVPfH!#d}sov25u^Zy*4
zCW8eHPpO}vV((LYut?!Qqp-qrsy=m)`s>Ib_1A8YI$<`JK(#<%rXyh^QzTCtIgPkA
zZHU*HxXx0t^awW!&=Awp=(GiIA*KRi<{@Ebw9`wZ5mw4r>|w&SrQ)GSxaR>4F&Xjr
zXA-u^17hw)!aQDqLL!l{nx~oK9Ih1=4_(<80Sz%3c*LJPDa7|9q&01&Nk4RAjOw7F>xfUeb>0Sz%dDeWJI^*puA7jFT4ScvtQa0=eqG~4~01{T3xh_2NI
z_=_R3Ann|O+yyAd+b9&rC8Bs6I(Quwa+4vtHg#0gjUK6cr%>b#n{qP4VsGTOA2NP|
zti|B^B5|IUEKe`t;<%AK{}s7?o_PANH0Ma(G?+;Qe?E%22MD(-MXS2yJPs)9H$<)Y
zgE1c?+zIF^g(F?^N_
zBy&EJkrWxB5F&2U1O@82xUKJml@p13zqb+G#kIeZtvktEHzW@+Yt&~#6evFgj`=MT
z=KAb76?pOVGiujBwn!r;3r69~_7~t}iWM&&&=B)Lkm57qg?&QSKCX64vBE+R^*|KycdTM(rKfjGy3q@1A
zAf}Vr_$u}Do^+#ue1_&PBCK*5nX?o<=0N;s6#fG!YpyoB
zh~T%c;$YzyG5;7WwR^+G9RO$;ZYQbfJ(k+---b)+xyPzY$AnOW2Vk7=EV4pWYzlaY
z^k-j2{2zRtQQUQ~dvPRpIOY{E;0rf}rycVrzysqU9NOsM+FLs2IFN)p=G*xh_P!m~
z>#TU`w|?ces98-_H!7M}h3;WR85PZIE+1jUZYWg~5cm}vJ#p*>XqaJSq{Xw?`3xc(
zUwWdte;p(Zs*9WlI%&kRp7LZgs_xVo!2PBe?(;5gB~JwhH{ty_d>Miqb1xEZ>+~&&
zNF(eu{W1RGdPMQk9{VDoAtvMI6*!6JH4_GUQ(=bODzE*LnjMVD)>Bm?mksm#Z$McH
z%1y;6hdGqq37V4F5oN+_dxW@)9u^~Ey(uWk!BJ0Xqxvyqi!@@<1#+Lqb(s>N`^xKp
zhL{KX=qx<&Sho6Wgg@y4-mBXJcvZ%Toymm
z+!!o6D!I3~Ch2}d#vv98P0mV9Lcj2}FM2N>91?7@TZnr=S$Cjp1pM9wJdMKN0d-@`
zQNOGgf(YE^r1}x!nLewc>{wfi{8oU}^%Shi
z3#?d!P8qN)GJ{!g3l_w)gePRh=;-@9RGV+1HY+M6bvtOVO|^se(AinCkmg*Q6QFQw
zV3@s;u!$3-Ri_9~1vCC;xL=V*EbecG(~fcdXMnVVuFWNYhL{Iz*a;6*o9Tn0(Q|k>
zukdx(*$*h&C}MZpL~l8{sS(|^?{*>10xRrstpQCv
z1@rP?92mT|9U|k9IRSu6O|eTm1`kX*g`Asgzub%dBw>sdo-{jH4*rvU-RLTqtv6B9
zW2JD^cd*nW`1&3yB=whygj2f1$^(eWjYQE}!6zCoum7vo}>%Q#b1!M}&;cNry{w+9e?2vHBy}=nSw%E85##
zTCrWJCylIE(LEj}+AM5)0h21gYN2TBy0obdt&%H(cf$-_0R60wR3Ecn{xb?kJGjye
zdV7sD16t^o^+MbWtSyRGkLoKN+Kp^NOsgxEHpD?dTPWPAuAE;1<&{0fi#cjRc(vz_
zMzi8-klQDzF=1aserdUpuMMB{K}h6agcx`d)bw)-)~l$rI3(PU>5w>sStXL39^J95
zLf)6XWoffrEiwTOF)jLUka(c~TJ}$0!KIY_6=54ipV|QR*k3vQJCH83${@08-??U5&m`Htd85KSGb97U
zqp%0-No)xQm)~xag~@bzzg2{{3=#ZlR#&`b1p7C$tbFd&BB0cB7VvO8=v>##@)7}?
zu!2dD_BHrc?j@yt;hL__Yhfk%|6746`R)o#=_e9yS&mmJ;A?hA!fl3P%zE*dNJ7uy
zcgpU<^`Bd%N>y9~%mOsT^fWCvuo~+iK+NSxm{}8a0Fg*oZ#-&>S8&~+c=UF8ya{NC
z$-rZDlbHydD;(`i(ubq&uL3bwWtDZwjh)IWJFs-*#&;dKiGao{+>tJB9S2v2;LuQO
z&cORWKz%)B(X=;T<>1N>*j#Vk85CjO{C0lKYOz2uDC*5+eqVU=X6Q%DvZNU8&96X=
z8;W-$bFMd+5%_R#E+OR2DLyB?c|%04Lc6g2sfT2*y?JXux%E>lKHQsMoiAIvxbM}&-%X>Yz3B<#)4!$vOwD^tj<}XmuAr3ya}LTX3*YTngQPY-FvXF
z5Ln9glIGcetcC0XhnrP)h*9nK-rs9c$K|5;njYQqFO9p?#Fe#x!jW|
zy*VLCZ{FuUP~-RVJ^`(H1_}2iI>lH1_+282`F*)tbd?$}aQW;5l+B|8{`jT^A^yn+hE9D%a)=uuI|uK#;fl<{bciVMJd5xC4zy!EK~X%XJ;
zsHk|mqoRE7)MABVQEXI{2sA3DL)umFUEfKTM30K?b}Q3SN&f#vMJ3-I6_tJ>VbEkD
zdV;Sx90}Jj#iheWMH1>Cf%zY<3zbS$+~%AQXo%@)RQzU+5KjPNZa~7!hEkwBk+3|d
zk%PF_RXp^l_z9pPCZqY(xuMwf2guG_idJO(w^i|Fd{|fHh-~(ta{7LQ>5bfniHht6
zH`xPRaujb}kxvxi?N+4X?N+3G?$lzjVo|IjB?2lkp&RzCZUSHPEhKCW+OZjCS`wNG
z1D(b-OYzgD{SnX*)01i6MH#OHVtV!{W@H7CNLY9GhARX3kB-u0deEr{Xo$(Mk!1LN
ze+tn7kXy-}G#%2g6LsTYl>{N~1ay5d>NS9Jkhe(qxG#r~5$BcR<17vzBh)J&JEcrZ
zqWZw(#^?#&uY${QhZ9AE*%TBm?m!!Hyfw8{mvR)(rJ*9(j{OEh#e49c?G>>e
zD&~Nghl*>!mP5s`Alt6XVZ#AqUzQUMJy3k-@s603r25j>2@Y8T`z
zQ208s+80ncBq69k@68j^-WFmcpypg8tOEt6d(f$lo&iR^O&lg6vfrwiVhyg@ifL6>
ziI)HkF%Kv)5f7|Hi#M?26c0<Mt+~ss3!u!cqO2~sh8z)nhf(SCLp)JqSApl+awUW!-w}&QKB&y`NVv$f
zeN}hXG-8=URaUd?`6dQ0sWz!G;^Gb+up%d+hRrVoma7K
z2GDs5S8siIDiW9cEn-bmtnw-l*J8CI>8#kx*wZY_{m>MzILaYv06ykkBy3g+`-Yj7
zgsg|#6`0vcj6;!*!a
zAu<3lyEr`75|2c}`VvvC3AnaVJhU&K4rqwUh{rD<;1g3o%w0%0bW5RQ4&74pnTvS@
z&6uOa6uPBsH*`xVB9S;ICE@fcTz_sWtLav^no1nF5#taGE$ACsL&6KPLYw)Do-lhi
zeoz54r!yp{Xo#RcqwsD(-Joq)2V12gu>AAohZ3ijt%aKD7tc)K06lAPXk~0*pQTQUDu0VE~7aqg=KR`1Tt{$g;bZ~#=
zFp^#zOId`M#BeEOveqkSUOhm4;h`pvpiN&
zKI4tDAM5yjU}8>0!siT72$5@$RDs*Yi5BZ>&@qf6jijB&puQT{qiv+6d%C)80@URY
zVy19?Ljh&i*A8*MgLvqx2xq#4*8pWh(K$?HR*W?WmHbwfqNy~^%cKvuz1M8|4FlAR
z2yWkqV>I4JlWZ-O=;&5=H$a&e#qvA_=X2T9g$5c`PplzkCv#h6`-BK=!8Xy*5Fc1pOt
zip*AZO04VUGu&QvsFVdJ=13&$v?$ib1tnD+w?`*Wi8PY-LrKJoaLrM==$5rEoI{A2
zqKWkbl-*wDSRwY{A*cwm-I_ZIC>Ne0AvELTb1J;wL`Cn$fWv;SKcZ>>0&Qh8X*umP
zQx7X*I-e`tXHv{E+-K5nIWeyf5w7e4s;s7xm-dRrInXR2?CrO%WS$Y=h9
z`h5!2U6qu^t`*(_)U99iPT4B!`zp6(^=R?6?kg<5N}_K!SJc`8U1uFJveOAu&f<&i
zc_xuE4gk<5C5JASX
zNJKCM@fUHIrNrwIB;}|omJ}a0f=Kb|4EYu(EWS?pdn^~?wx@L9zhyH#kF|2pzw7Cz5pm!gd4N&vJl&y0Ntr@
z^$7B%gDaacMv%V|`@0V4;$pbIkHaiMIwXXkLoA>o83~t-M20zQBKi44{B#zs6%|80
zg7gA3MD#p@{5BVdM$^MMBrY?NNLc&gO|cBu{SBmXv?G56&=8Z+2r?TyXaso1vybK
zCX;$*At4*kE~=s*(PjaW@bv%;1mIzgM8ay)`y!`ZP#hT3US#!Nh2zd}4Ji$DyLgPC
z%!1rL9=Kh25yg8A4?^MVcCjB&)>!TG#0&aS82kY}R9~7^w~JpKTp27!yEueW;ma^l
zSPZu^psppjU7Q&L?*gc3jfBfaBEzbHNY->S#ZX-9D~7sVi~}@8^wcf}cFmS`I+piRPH%}^e+*~=mZRNFcOx|0lDKF
zOyS>c)S{S+$RZXO7r-OpIvf8PM3K=Gi3sK)vbPR*iD1j6Yf)C!{{+6
zFv5T8
zj*=@#M8Xf(@l6LZ%(f0gdVis7EQ_dqY;THQxc0+;24RbY7eO})cjjG4*gQlhvIu1r
zLP!g6U5x(>LJ|p!q1j5@nLCg$y4L&2Fuk8lj%LFW=|o6<57%S(&miKACnjL!>Eya$j&lqzQ+P!T$ql4nV>h
zQgG5W#8u;0gTC4?Rn4#|!ijcBJl-FV{ol9>B?0xoe@5YJfQFc1L8sr0Ogyc^|L;au
z!oJ3U(u&9lG+yUS{w^nB?{UNdfoh&Z(yrSOEN?zi^H0(XwTx)z$7TD`_?yVG;J!o0
zuzRJh>=7xhCe;CTIfR%g9MLgij==#x4E#2_$YfY@iz2P*l8yi=&q_Q?j4H%O&Qh>{
zYKhT6KEvg_wjbxyBXhZ;*JdsNl+8ST9Mj?>z4sso&=iFW&&Gc^64Al!%($IcZpjLs
zigWq7jY#j_2It=Z%cp43t`%*GFO{6us2Zu`1Q8wdR_vcnlUpq0Zf=e9Z-Di69ci9q
zm$tD(J6h6;gqE;$J3!6eNVq9bkkoAoB9Tb`y^j5FxZbZAYJa}~&=Av;7dy8Z2UP)L
zu0z7i8jX!$M(7jznPNY#;}tXQ&JF__VtQisVoNwOK+H=>m>Cr~Ofy2?gcnw2jw5)c
zn00cCS`p9?(-X52JMlsg5c6gv%#1>wVay2KLPyHR^<1j7o1P<&0W`$)#4I0C!|8yS
zOOP-#iW-J7BlL&UO|co*{fe0`=5|0sOi#>4z9hsufS8AnFtd|jCK3tjhtGt#jO!A`
z0~O4FM&TcThL{XIg5wV0{r^`8K`6X?T)fVJa-*b%Mk^uN(tKvZbO!Ji!5mT2#^Kl}
zXnBLp&cRh^x1&M$?M>1STJ@>n>}VuR@As$>D*!#DaLc-)*E+a_qs2w;^uP4opfa)(u?N
zSp=o+e{$~{x_T^dCj$CKiZp}9ol^|=$a(|<0j;laH@JKcI=C_hhmRrYObc&~sQ43W
z$l&;Vq;(Vk$x*zqkT*gE^TF;15Sofz9hcqj4m)>?-M7!++y1Yy)ws4)6Gh-Zqp%^M
zTqGHaQERTMzUucQd_kTfI175-3am6mi}|0T%?_t!r4mlBML-N-b3PJosl+#|*%Qq~
z{IdLdT%V{VwL$z;aeM*L5YhA2orF>~sfe=CE^jHT`+7
z5Pbk`sc>}%n&RNfm8kAOJFt4A4iw)WHF7CQs@%nGfd@hNzqLUB_vM<((^sVBA}KNo
zF`3q2lcUs}=c<_<&OF5O@H**7l8e_#*ZA5g6a_4bnI&xUq5spvawM)UkT_ZRW6Ww=
ze2m#x&d5nXqG5=2xNgIL29ak>r(_`#oY^%A;a=P|Q@S;Cb^94mZh5kW(3yENM2Vlv
zkL3n~-Ok-W8Uw?`D^l$vDgYWripJF!4Y4_(e^i$>r5j>L2Y0a35DV_ZH@|>Bp>VZJ
zob2GrhKTLQ3D?o!<^yc5K*A=WyfBwYG`;Re{F`VMN9_{d1~f$U(k14iJs-xCc?^lm
zO(YW9!QQ6$3)dg2$s*|DMtut=Oa_;j@csx)hyXEbB4Hl1kPOp^(3iYsiq5$9R?M_U
zy#Ngnz0_zajGTifa~6_zqqiYsGfas4jn6A7=2SZfhah+CBFx5cZBk6ZSBleym?`P|
zcoe>W27>t^61P!_EF#+52>t-qZ}Fc&NchQ6^tbP;N)vQ*8%z4x|3iN}QBHY$)!)7@
zS6}u&^tY(m_{<7S%mGMP3kua~t7Vad1G)G`99$>kKZCGE!qc@-|F|=kB5~i2
zY#g8=rl)~--C%4TNs!er2?FTPC_Dz7(v!zb5Oy`I*0mATh`z{;4t2rsRLyEsbqE2D
z%Le8tzm
zMGp1=vUMK6Q=$m;*j58j_Iz7WHd-2v8!=PZKl{?8ZSk%*m;&PVK>MqdlvcxZr2XL#
z?`6Ym$c_FQZo)p{t0zUT$qgJQz&E~9JsMLfPv$0#nJ`V*r+h(Kw+C_qEheC7r+wwE
zchu0_h5+CCLJzcOYv(1Qb)5B;e4{))9?5O7At?2rwLSeMjS==aUn!ZtJGaHVD*pwU
zEt0rM-}&N)qV-by0=&;7nEXZ04McyBQddU8UF&+}0*{JUdJTF6@;4T1-kE@gn4X+c
z-abr-h}k%Y87-f}`U;`n1kf^EmlR|62%sURCuVhEil+fFUqr&15i^mU+NQTRA;qPZCy_BCw>E$J&h
z5j4>5UPsn;TN2<_5&VE#ZnU!9;mzL`jH>n?AA10^pi7|TKs39(zEW3uLGyyHh*!dQ
zTq6$AKdNF-gAXeP@%-~~Q`ANNA|W9Ttw8
z@FoP`1&El9gzZOyMIvEk_QUHQT(?-VgnCeY7SIrpQMjv5_5ci4XG-j#=RHW6O#uE&
zq!D8Ci->>YYAfqkbyfKp&=8YB?O+D1A9KMFw16N{tInxY2sbCrNzu7J9LhL|4q>vNf^;b5>e
zfM#chU;cQi212}24Zp~N>j1?@SHo05LrexXEtmAhZZluZBLGhD$|ALO9r$HHxh9T6
zPmFE3f#i}X#=|}y?7Ri5a(yi}Dysd;5eMS7ptY~`Rq-MGfWaoWmB6ea@NEvDkNVZLx0Q^wVFa)ve2Yog%<5xue>4ea!cp5H)95whb7H9ShpI=gB
z2jX#5uRYUw9^E2V6?~8qnuMWyj<4i$7BCo}?&LwiiN4a!pvokrpq@B(a1^A5MBbof
zHqh_%*`tt=rOHGOoiQZH2
za$cbEa4_sIYZ#t0Fa|3h`wm};PHdhm(Q+RIWciHVV6{*bt-cMB0`Qib3y|fjB?n)$
zDK0^luNjqq+EjF>yCE^l*GV=qOz-Nw1Cc#_F%+?*>75w(H}2?@&7ELxeu#v-GJUcc
z)|E+i6^sLyaBZggV0E|X*8vSNJ?d;=1@u8;7=0NG%OY_ZibTR}ThbKG0FEujCj-zB
zlTqC-hcO!Ze8T{2_K)nuT~)6%3Qqyb{YhFIK9kGd(AP+o9X^xWY9n8xGi(fepUu<6
z#m@7Ho$t--h%c>M>o>6?9i+3hyvwK@VQHRM*ZA$tm*&qL8$
z4u*blKA-0o{8rVUQom`ge&YeXfqrqmdXf5-^VN&gFWy&IR+gh*d0#_UzZ}x9*?!nJ
z$rt*xJXPT)=+g50zJ@pzL#hHnQ=S0JQ&G)J
zDMQG9ekO|hIe)p%w)@rrY=BYFJjp2MqPTZ^3LeXA6(sfQeF$C`qWsk7Jq4@tTD2i4
zo7(clNu>+PfN1Ve`->=F2Pjzccd75MZlhXsW3|7~Y6p%if~aFrYOMnI#O3%Zs)U>o
zqjk4zf=c=z%C`Z`{8y!j3a({JUX8HKs@c*qA2=fNXG_a`5YbcQNC12>v%;9-|rUljz}Hgbh&ok
zaddD>wNI9cLO(4FVYk94-&~NcxFi{Fbz5GeUn2_TRCl4n(5dc1r%)JrxT~yjY8Nr^
zMz5fhYopYv@3Fi<=Wa0d(@}9tno+GnsgEB7V1om|G?5MSoCDa9*CPG0RPAF`R%$KJ
zJFR7PUZAivIJ^*5I=(rvq$bgF1`4(!%GVo3ICQb7rS6F=m}99GPQe^YJsf7K+rV&Q
zlbFoWtr=gWo}^e4%oS26pu1k;?E6~X#_wcr^TXh
zT-wG?Y4b71A*F{mLs^JHC07=!k6Wy{T&#W$#dmW9H4{;aK@J7%
z`aJd65e~+=xr5q3QU-Jn{EmQt-99QtcHJYnqE!xgm^&wr5_YesGEO)Gg>8AL5Bx=x
zZw|;RC_@Y)e>x*7rPcZrFlw^%SrDC01gmnu`N$;;vh}&hanrBUfjqU=wb6(#X5Kd9-M!W3Z
zF2b(W5eOs}=fhcCz+~#U*Ej>@jwhu?bumSyKcleo^{~RynlhTBGRM7%a`ehq!|icz
zeF=acTDlTdeB9gd8MHr7!NR;(jQe+Dhd(%#@MPJTR^u;lc{Gf6!W$>&G#m0nfBM-1
zLgG0t_TH1|mbapOd%eDSxDS3Km22!OcLGp%@I_4oKBOV@9j}_UvhDYIRht+VsJa`i
zbiY?EaEG>dOfg)~8bK#k{IEBU6gLadT&C8B_#Iv!y@?qiI-4{H&)(C)tZ2YRm5n?yN#Ef6TPu%S-LOw_;`GsfSCJ~VZquB^LD9ydHWXdVid4{k{ah55YE?o411)^XxFmEjN1IEjosDkBu0
z5rjU+RYrVxMjK>YRT-7TGjfm-1EooLQdmZ-HOL@fJ+E?bn45@}y-_c_JiZQ~@O}gg
z{LPdX6#liy!ecVeaf4l+>M~4lDObh~UiTzQz^F**qF8=%}Iy(4*uRzZMLp0FUm
z6h##o1PFSnR9dKl09j}=G6+z{6G!iNRS=-<`R)*2(i2nuAAD1APzrZ8Ss8^j0d<9=
zZ;7^hZUw&KiRp}-kiyqdgVo{qyky}eyWwd%8S^n6H84Fzq6Vg?NYudV(NTkGkCM{0VP0xXuR>{%OxzIjtHj0Q8d}Y=ufi^@VJ+Jgnm^XdWm7Z@CZLjnM
z|3juP5!)p{J0SJf1H@oJxfziDI#h7TtW6AbsNk@vh6EKVIAWGaXA_~}>?aBPOk)9f
z{qt_oI{YM3f)gv)XV!>}73?z`QyFxuV4vARHZ4pGIaaXWjG>JTJelot4tF>Z7rw}4+`0L|7&Tz(>v5L;o;
z8;a`(#n_AkG{j`o<5!R^HkiI;fNtFgac+PB8mTlpL
z3O1Szr7fJL`17U?6(EqILIqn*9V$qKU!VbVn{3P~RM2)PDY(@1)q^T6_euqItYFoR
z6c<;;bHfn@u8v1$|}j*1>{)4gkS|MCd|hxx+CFf(6;69|sGDn11T{94yEu
zCrEvTL{OyB3=
zwrH1>p~D5uaqf3`LsH>_3`d3&F32$JM}`a9nnl6|?HnysxS+kM!v$^2krK^K-vEf)
zy;CZo;{{72m2g(U%^fA2Rd5SgE{YelT~DSfW%^zK?NhHxj+NyF1NDfgh+;WaUdrL<
zRCy_@ZsmB95mG-XX<_`<T^Y@v21_P2w%468}72b?YpE&uHh?Tn<7#1((CpnfVv(7nzZPm
zP{P;k^9(id!D!d^IpR0f@bv@bj_0Lrdf`5+2)|bOP@0N2J)Fl`n%s;vjK_h!WTWJv
zSMHt?VLIuR`&grr97~*)`&grn1UM`Au|~Vdm3tX*D&fgC!&mO(jUp>|LgJPC2;n8s
z@iB1x4?QQf!iG_0^;O7{A%xyWnv{zJYB}oM+sKrF4S6y;&_^~yK7LA0HTxN{gn}7$
ziz|wCAH|x79iya-v-E(4my(5B8@^qTIB0{^Lx&FH@p2-(#$@QAjiIKp96HEw+L8(#
zv^Ct&!Fk1Sy^=0N2VD#uI+!+$5#PbSt(yn4QCXQFJlLdWaYTAgGNS5MC_oc
z^fDAXnAVy2rx?D~;M7*}*TI7WMfkTEqfpv~*()`yHBGEZ{Lc7(0Aav`hB;(PN@v&sd
zI9p7tM4foGZ$9wur`0w7)VIFyY*)gmDR7X{4zf$9$gFVFRMy52`U(r0)ug
z8q^2;YXyH>!&_woPPp%Cn3#AkE&lHEmG$G3ipQl+`(0Dr4XE3)Xu@5G*YkI&)%&H~
zI=l^FlDnF(!@B?`yNmfcyqKTjuH|JJ7O65km?z74uj8}xuy3368SZ-;l7mVg#P#_P
zHj30|LtahZD>l5E+^e-FPs$%&SI%WtAa#pAr-Mk-ULM*%(tS
zER^M6>dLzlP`CW>g>`1a(b@y6$u(7$ls1rGw9t){MlNKC6-am?L945tyyu}$;xD)tiKIhc%zIzObQZ6wQ}oBPgz$)S9P?WCwnO0Sz%d);y^xaHFl2%nmNjqrj=dw(7)7
z11yefvaLFGlnydm{At7@jA^$j`P-vXmlb-3
zi{7Uu04wcthJxT#0+
z7V=evqjx601e`iIBfje$n9wtczEi`uL#^xLyFX;iQ0T4QvYY^vyY2#5o^TVs1Fs(e
zHGf6I<)JK*NSI$D01#i=6x|gcZ06-Zqp&KVAtnQl;Sbfs*Diqc_~lt}9b=S>O~r<#
z-{nKy03NWJeFEjAla3;_E(j_qrsS9D&nV0V3w%a38T*EeDnvyJ{%u?@gUoF)mnuPZ
zMFR-`8HHOxlky|FDsa^`Tl{0p&oqUxx$5D)C>%1cR+P4lbLlP7hyIT(=GZhe0Web1z&>MF)IT{LD!%LF-av*OriNI<}EYuycqxH2hoNw
z2*-%EQ56#BN%P)$rYHn-QzXvkz!qh%Jb_(n>q-)pm|Po7N3X-sZen!F!73y#>&i=loZZm0oH$z6=#}f-#${I53>L?^~d5E^`9hr&>pV_d*$hi==HY
z;H#XzX}1y&n?SpaQb&M0qH=XS82_rjvhAh-_)Kh1(1@~?@YX)&*$|=Ij~FB{m|FEI
zz_wazHk)EH;0QDc^Cze1B6Y(AWN)`_DJ=vXsd(JYW;NO~^-e2!D|V)V-7Co6MJU(E
z9PRJGuKt)etzExi8z^!=2J9H+5`U32>Urc2Y}}EGAW;ukx6H#w!pKA*RnQVbGDN&+Njpdq@6L4vt6-bpihiR{h!dZ5%+~
zc5)an=ncrK|x}&;_rqHQ+{0t1uGlYVfY=dANzuU(8*z=va1(eJ#|{FNdq%tIm(t;9?jhRxA2
zoek>%-iQ(SV_=>sjxAE!!*j;;G_1c*VSheq=r17AHdD!##WpQ-Cz$m&tgDy-(sy&l
zM6_QPB+cCPiAFHRFvCju3m-e&2;qhC;4t2>K3ap}&P8B-xel6^N7sqTGprxqG{jOD
zf$u2!e|%kcfE2a&pG)O^EhRtX6V`Yq+33XjU7tktQ_H?24A$yk%oAW?FmR2`YDEeqo2rh-F{BZ%q
zH-l9PbA@Vv%ZNIX;zVNW>BmZ4H4Mfr7s|#GwHm-0;?ON95w&flR>#GYuu7e7GHt;A6cKzc=}1E*liRxoyYEb9Trb_%tpEU=@9
zKj~q*L)F52h00M8gzEtRGz7L-6ON$FQb9M3I9QjHuJVnYZ9P(A-Ee2pDN~GRwUReZUM%3%mKtU2UAC%>
zVMSa9<8Q;_nxMuQopy0sz1sr{b1Bp!4!2vNO4XUEYpbM-&{Y9oT|;=OWUQJ8Y}FC7
z3DF*mzJ^659i3PcTRoT;tS7;kZCH7I*2o5^^0~Ika~6Uxg0aP8>ETV@t_H#)Tdl>A
zd>6?b0^u`{B)DodX|Jtre&>>|gYc&zaf{ca!?r5%2A1Jz3$Wu^$SVQ9Xf^4StyW@k
z%%uB3sAouIxur=3rCNthgh`!1=xaz+RFeUpK}VvPLpczP8Z(|
zY@d&xqs+{aY7^!LY~N{MU;Fq}vTu=8=c~B*EnqTi?7yGJht*Qi=+2i&DzJNed?QU#
z)=AY3b4A8$0IM5?_l5qKrEE}4W9VfLf~&ob@nux>nOxOO_-Tr=+RfR4ocM?
zQ!lXsj14g?EAczbjuMU{8|y&W3-EwPu;g)?!JL=s<4&##=YU-zoU17DXFQfq_ybk6
z0@d?3;*}F^f|Xbp{_})?q}pB-%2NT};}I-bwg-e&Ks9|8`}<&k5jB9-C7hLKT*ag!
z;n6DnXxx(TFT$U^0rdmi1;i2k@bkDw)`Mxr4U%}Id?#O`SU?3A+e{Qo!G4J(Oc7a?
zyAHP!ss~h||KUwaKw>X`4ikq=&{~<(GN9(ZrxO$xfnO(%uSZtGO|tY?3SA2v~Dpp7BWmm9LbW{l35k`|_R8
z%_qzWs7+Wkz+J`Dz~+1MZuiBcMFB-yeluw^2yYmY?!K6`I-nXp;F6AmaK?~y_r;`F
z0?PToCH)S9Oz_G?_e^KrMV|Ht)Mr_4AD0S3aYNEwDw94BsPS+juuXM9Xd6S)V-*jB
zlIa%$>e*yB;h~^TG;}kxS(TSwWTgfNSDj5RMs=8Q5HAIH+F8
z?IwH$tX~b2bDX$_YO#J$-HR7Wgp&hZ9}eA2bh*7ivz<0UbqqIIoZBoAsu_|l5+?Ns
zszLCSFzF!>x)_ok8<;dEsM0#Qq|qSEHY6S(*?e7YOrH@{-(<
z?iBU`5IPtV4?9shncg%`4O`_7c_Tob8cUB-+&fO~nB~^*O0c#VChOFN&N|1(sZ|?X
zI}d?%@!!no#>g@Y@FGV;w@`0`pF1(86rxI&>FeTD>I&DG(xBG(H{FuV+#9F9#=SGQ
zfVN-_h-GFkk5A&%&3h~(x`_dIQ-RvDGtHHADs^#+YtL>Fj~Fpd
zfPO5^OjqhgS+{;JgLT6&DFK&MNvUe+3V9+D!T5U@4t)Wz70gULRuk3TP^k?UaG8_`
z<6e(t$&oL>sIE#4!N|f{Zw0Kkhx?`Pc4l<5;eUHKn$U)oJ)j#6bXc(dRx
z2z`17!Ke!4#MUd-w5FTbHSlFFFNdbU^o^v>$~#I8YUh@3DyUWNK#!_QPU5&yGcYEy
zSuMfuWn@etMrZ%BQa$ImxtIXz;yci@=i-)9eGa)Y+rafgL>-@
z^z6B45>gLh8q2xJhhDQBj%-aq-!1Z;q%N(8Luw*ibu7~a{GNA^;jGY)*H}X8U>7%?
zC&6EI2O0lvSf?`}q>4T5rt=#3NA4iQy$=1j=}ZYFFNv8DZ`_05JvCPM**&h$7sx@>@8iL;K4kCU%W`0G(>xq#1v7v5_V?du_
zM0}z=k_O_pA+`QdcM|s^Si6YHlN`RAH%3{BHQ^&lxB)u+ec~8sUm2xTFP1EaIZndg
zA=M6jJ}2`l2!DC{ESW*Rxlp`%{&id9$r!8);&A6WzfT5UFkaQ$r5#4160mAM{sJ}{
zN+=nx7NC)_T@L~4=i&a{K3~oli->+-yt@2}o4v`P&Np;361vRx@oGt1cS61ytUZPq
zRb;HQU%bjW+hu+M*0+X9gSngf8cO|%c(ro0o4O4@aV{LXaHCRZ=Aw9Yu(Hc61y*gt
zG^s}`ekoqf-Q=3^D5(AaO}8W~-Wji^eda2j0@ebJ^Fiq-i$uhl3SoMYTk`-?Ub^pKV
zmSkq$+h^8C&rkwCRCi^_J~2Tb_0%3WTQk90YM4>Ro~VvC`*v7e@j8SZU>z{bsFG#o
zg|J$`-_>~ztX~Z?yRl6FF|5|5yY!p|;QGMvuV%nZ+fkEVa;xkv_YZY`LUKj(T2bf27z7!uy6~
z)VTvJ>s;!neQ&rr&x2~EcsYutbNg}|84GT9)TeluM1D_^0-+*CkV?)q=76JaKIf9|
z2ceB2`P!rC=N;8=fNT38P^bR~UE5JAbqCBnsutdc+Z)VXID%Dv!0T|oAP;;4%l$w9
zoGAjMO3{2D64MUi%Zp%N^(4p!Ey2~!KU$(h4^+|5@vr`hS9ox1c{dK;UG`3Ce33zE
z>`FmZ{T#n$0y=)MTX+(8N`oa*DIW<+#2;9R{jNYC?}^+Y5i6DQK!Mo5NX7TMlPC
z138@QJkQ~LXFG=roew!&DDCXb#snvp9UwS<2yB=M@fL
za*lDh&iRqU^-khV(zDSi#^ENX8HYdSErYTM6#6x9!iN<8mbV|r|DJa$hkxWf#o?cM
zmvZ=5-nTgXJMT?|t-E%6%qrYl263rBg8V-~o^v{Jk%weyAa#Dnw%>%%iHkIsuXnMm
z;h>Hogic(fiTo4un68LeKnR_<$OH0a$n-(PD}>OAi`0;Hkxnt>eqzOiPgFXR{j)vRc^yg0M(j}+jT}X97wC>oc{xbk@l?fB!{z|xqs3BInFu`=Q{g2
zoabEP@HxlEL!dy~eCKWs7dTZpTb&K>Y
zb1HDS+-c6?N~afxtDWf_u5s3L_=2;a!?n&;4%a(L=q&m2TI!vB!`>rN34cRIB=d;=a4JP1$Q?r^P*v8M*yvcvNA_8b^QZPB}{KK-@4y*frroMd#B7=g*5Z`GIyzS&o3%
zPt=0+Oc;Rf#@a0iN^hO`1-j=$5c>>=U5{L|
zjF)POXZ7h1MIMF6_&Y$?J=iLBYmjB7KO8CjFh;dBEOElYf>yniQ=zh5Li$-u-jGNd
zkYa>3CUc8$f?ZU7%%VkgMAspRQgoqiDiPO?Xp87>9wb`$cu#c%9h`Uq*d&8Lhm5)M
zebtysQ2jq(s}24z$(N)jKItRWZ)td^6cOT0;0Fwc)6ksJ>hVmhUM0?1;8zTX^%Tj4
z#{}sURVT9ZA7Ejm&RNh;mWt5*RQhDqGZ*kez%o5tkVl_t>GXtqKm<>^bu7MNN^+O3ou*MdEph&C0
zBzW}hu|?{=P|`T_J+zgT0MmY&4xJhIMGD=659`vp?2Kxq`+}16a}&J6SiLm4=Ifno
zjQE;K)!=>K2cgS2e!yW52WZtxkYLumt8Ygr;LZx8Gw`Ge}mFy
zrP+!nccO$S|CpJ0`LBci+{=G8oY#Ac%A#h{rmDyx6kNvf1En(|+KQeqmCztGp^tM>
zwt|#!{^^AB4_Z>AR8+|A6p9LEfWJtrUxH$OFFs+BcpwXBxxxwQyG}}&cQhP64#osQ
ze=|M`2Rpqdt$~PnjM7;`R!k6YKLYGnIC%V~Z9R?n`5vZQqAUDyI9Q~av^D_T?h(W)
z(y&+1HIea2IQ&BcX}uo{TA@aWm?#vAPTbu%oYoQTUflg;BnM`V?s}lRCq@GJSFIe{
z13r&K70*L*T1%`#A#T+eZdNuf55;M}57gXVG29N>xICbzot%QYbDD-{03AnvoTepP
zwZR2H84>nNlqu}(gY(6rZy{`f*1Qri(Uk^HfaJUp{s@1|QO2xy1jRYKax6p%?<4W8
z5Z47`g;pS9qBw&mej>GfIPF{X)FQQW_y&o8iXXJ*-lGZZ9*)CgupCc}t+aXYjEdCW
z;S`D^GTt#3o4-fzR6Ze{b}17@(?uk)IQ)X-C@)%4s6l@S>p{@PQA++(%0hvx2e8#a
zhDf6cXNbUNJ%?IF%L?`OIQ{5sJP8n23p5)r+$vfDizbi~U3tr5;dr_^DOydaL_C?H
zo0E45|B}S{huWeQPmd>yVjaw{^U?GXbJ`U8sUqK5VMPU@p
zLVZ!$=JK0Kq)Sj~69)b8s)K=rp0Ol)y$`r0nz8kD2>eOU2{l`w?Wu4I&{sP6a
zoT(g^bLMea-dWCJMQ3afvx;Jsoar1^cIIARR&|PVSk0-(VRfe#hc%sF
zIK1CE#bIsdDy$C_tK=!4gG=LrczQ)StHiHA8$G9CmyN^{Am|RppxC^+oh>
z57PH!y{Y%gIWJeu^0OZ4re1;)4EK1wI3icacc=
z4hdGd2dh@{ekRnS`)sS0VUw&*F@7T!Kji&GsCVDQHIL{=iL?tAS@CmU1Z3N4T`rpq
z9bupXG-b*AtVp1avH-2r%=?^3pquytizWftEVzb)=2pFGKe%TSGs`+lN@3umg>spd
zQ;08;o1qnDR?W4IZ0B{WnU(T$cauEieIV6x9|aOBm4%Bxvu0A@FdhgXA_6^jIy_B+
z&IEDvlDf<)T5k~+sFPH8H#lX$spv^qC27G(<^$@*q4ebjNIwXuHNnNnbybp9`eZgy
z$GYld!~j6U3_MBDN}kN->PM6qCq5I{JcGw|u5VGXSRtzZ#;=aYBL5X{W6|`J4WPSu
zT0Md`fWA;X-5=hWB`JAM=$M_vZK;O}^~zCic*11F?KoYjb9?@ieqIC%ok
zELoEN3I3tKR@-ggxXVtgr^F<*Nxh^w&^>en^3@Vr<5H;B61^0RJKI}Wg#$gqGt1zP
zsqxp3D?KU$WAr?`sf?o{M`#1!q_V3U2Q>_&)aPQ+6r-sT`d`+_a@fZhYqgFQ(1
z+*r-jM$b;b^@4(e(sPeEBV56(sEAl
zpHTDf(a4>$BI&JqFta3P_?2L->W%WzrDmj25c?Gqx4P
znx7%S#~98@GC*^t2=xY<6LIDPUtu_}z)~xfZc3eXLj8nA;oE?{ZE%vXQcsS6*$;`x
zD!d?m3D|EqxPbE4bqnanI+*vd=@cdCua&wf52~q($ki5|XC5S!frG_-Hl2wp%>Ef~
zdQ&2QUzAo8FdvO(b1h^Oi%O)v$Tjj+X^n!&(^{;&<+Dk@HVHQ&UahwAYL)6S{l{~l
zP_6EUxT#ex<+Qhs;%X~XK70YtIQmnje34f0^NOz!VLMbpR*2*liyl3NRin}6A!ZcmxQle8lU?nmZ9!KwOsZ|g
zK@f9*F7y~yr$hBYN$*P<%VvmTF9TVD&sc~eyV8{
zY^~JbURACVz@mt+>|x?b5JWHwEPhoW+&`uLU?dwNhO6|5>fex*c1Bb`Bj}Kf%lJ%f
zC`^orKxZ085-~=yT^CgU{Ls1z*balgJsnYg`mU8%l+^&bJ_PNAp|XKm)iu?xAFBB(
zu)hsX#^_vV(hb$4I7mqqEh`NN7lR;sqDjB2_2ogT3_=4#Vxu^@cKgPod`k&cqySi=
zBPe}5n(p{kamN;}Aymt!g_V!gi^-tO_Gp3&$)(j6DxBM+Z3Jb9p>av^isNu|p?1IJ
zvW|i9l_8O3mZazR;dVkj3NInmk@yvazlfAd#m&>G@ai((V1N=Kisv=T;ch~G`4Cm!j!-0)9$}~Ps
zsJpk|?KVV<`S@8(xHgX#EQi-t+C7#MqXo<1sY11S5g!I3@;mr>pUB*7dBJk{rK;ci
z>Kxei~JCh|4>{6b{b%nOpk&*P3cMJFh7R7N+5Lo3txDwHlPWBD?`DiW^cX~A-M
zqfj*qyE$(Ltc{P;g5~fwq0WqV@j<|b`#3FF4(}G~A9O;je-^O$K28gk!v}<#-CyTX
zYzDT?$7w-s_#>gtzpC8^;wZ3B4bHRR@C#)}jiZvI$!hphp^jsT1aZV)^i#!Th9>ag
zlR~vdKgW1MU}*-=82>Ef`{XO015GwW@w~)0d_|}qJK$XzYRL~GwjD`OU5GN=xZ*Iw
z5BJVriNy%iVtCVGK(Z?~8L_jCSVa<}HN4?`w#xYmCPAcn9q`u-hgCDDu&r9d5mS{o
z9|Au?9I73iJg>|Pr%CnL9Lw7IG&1}X2!9(zwJ5O+x(f;SEjeT$@DPDothiJ+PGZAA
z5-WZ$T>Ut7)*6slBCYxhSC=Y3mcoig0NWUXzVMjvh*YodbT6YpAdEL8ZtQG?!+A#oPyM-Oyitf=mTm-IwiFuEBQb#r=Yc^FHo
zKWT;X90_o|N3b#)z||J+cUQh)faFjt9S=VqP?s=D5l6g;pN&N3%dRo?@v>iIkj4en
z_jNQT4uNpYka(3*7z?a(pK*)e3b0=Z_Zz1stq-V1xOw2Luo)5Ih!UjFL^%i2Yw
zYc9+gQgK8V!Nf}v7l^bQV>^NhAAnQ~gcdl0Gq9cR#WFOrq)VR5kp5c1T($7JEG~L>
zDpRM?=ukH_FH|r;c&8ZyZgfz?HJ87S7mp*8gj1y@3#9Tlo5CbEQW{|~y=uEsVnFACMvM(W~2@IJv|
zKLul~2N=92R2|Ccw}}7Q!^A8iq>z&+@{&l|O&wf_P%ZP9P=z`m>aH5Ni^ReD1f98p
zL~`UuuGs2LY9S>7Rx<={4pgfyE1y(r@c==z
z1fzptv6>X}(?wQ_8qB325$&>C3{=j3(6E+^F!=(>p{
zw&G_eu{TlTJbR4bb-LbzU2UHL`+{)33N(&Sp8Va(mA?V(cO#!dv&+Z}B5MLB2zq)M
zX)4v@a77YH6t0Em9XPbM6nY;nvPM*z;nqNkSN;UO0*Y?f8w)r^CFC(L+`h1y-9|iWQkJJ1z
z@|0BlE4%uy0sF{iub&ueVK$HPi(Z^}Z7~B6MS7xP^h5mPgi+qPH?cHfmsB+{1rajFjuY&Qq$I>snMZU({lt1gfN_-6L1mU_0Xo?)UD%I|F?iBeaU^fk3gkFeCtP{-l
z1XM>bmB@!9%EA6jM%
zjEDFnG7LZCNQ4Y@%i-8*h+rzV1uemT4&d@w0!?)zwF7EIep{#eI`DUi;}<4#TH}qi
zgW4qV74S>3dib@sNT+~${Y6)ig`2iG9BzxG*WMz11FHK>c$*%!OC(+Gq7ht`7d0J{7c{ZS)c^A*)9prxku&KU0<8uRQ7{(u7
z?7kA%S|gvhhSFadP-E~MP`ris_dQv+tuSFrKrQ?h%1;CQ)(~Fj&Whe;i5v*1vU`xb
z+W-Ugyxf
zl)8=P+Y0gBJWS6T^kppCfmJI`jb4QfXhwqZR1C{XJk
zR7tl)a1$!|=;yyc0JDOB8am7JdL($Duh?lrCpya71U9QwDg=
z7>;0K>IJmINFJrG!=lz8bT=fPSMkJHlL{%7x)%H2fG|Clq-Rqlv43mg2BCIUl$QN6
z7`t)Ya~MTHe|XXuWunL%LE|hkau0+Csu82$Cp{0^RZoWgM9VN;wyrI$$oZhX_PXQ=
zww)7q9vL|J;nN|sW?cwWrh@+RkG_?`#iQ?FXx40nMq_ea^`}d?Ch%DN2vpR~^*Q2&
z_gH+?IhfQF@%?ewAC)3&`HA_n>Pi7X6A(SagT$AFdymC4YDnuGB7}Gmge|co@3Ht@
zq~skB^B#*=M@0In?*P%`<0_5eF!vrG)3Y@5_;^MxBmr(hBba=N(kg^A|M4;D2@!bb
z$H%$1Yw?yb;)4GE$K&H?KeVkU4V#kIDVoQ}yKdMP*|3;MSE)G6nWx+gY;lpY6FDGp47YN|##1M;UI-67qR+SM7qzl4+?kw)2QAmcw?JX5C
z`A8&6M%;~OCl)`Crev(Nlh^3xwPi$LGMo0(qj-rX(k{nUNG9i5fs6Bz@J~3ml50%B
zrTi%W2_>%`iHoHJ|4A%GGLcSp0qpNP6V!P)?Aw&6M!MT`7fEX^Vqf(T5nr0%`?o`|
zpFQn{wDto!X5gFz54d~?@G$#kBUF)rk_p0kcSI!dJ?_Kto4Oow46j2XHV&nqjdPc1qEu?O(|u>LqJ7JL>wPW<28hnI=P$ol;~7pHLq7gxV0FeC3^#
zL_yajMNz(}Z%{row-|sPBAYL2>{oi)F^wP|{(N6lk#ia|z9`O~@kL!&Dy>Bj`5a~1z8EnAO_TW_(d|Z)1OJKq3WLVZyb%=Zks@6Ex0yRbaJz
z-19~Ce8A1yBfz@&xaW&1fQG>OM+2MSq8e`3~Z&3d%mcS<0N+kVi&NzKJNLV
zc3i*??6{7_m%z>$-1wq?!JJk6hIoOSCf(+V?)#!X{v3pS0E@*Cgl=D+FG}SCs|FZ#
zJ(ll_DtW;*u_LhVgzF;od{Ogi=@CJU1NM}`Jzo^3Y7X
zriUam#bMAt&nDveq7L{X@I_62NitL120i{E*Fc?0qUVcBZH=+B5Wvh>g6E66`y*SY
zTNijU;`pX|zNoLhaTDqdd|0d=LbkIxMNxm=nW4RdBg?eYFU
z4sPPQz-V=~WqeT+G1!y6b}g_pfoD?27gf8eOXxs^m0Vw*FKW(6DknM=y}K&)ovH;z7LE>IM_Epf3$Bv3sK72H&Eos&g_eNg|6v=ppEoo=ufl^
zyAsTu2tO6)TklXD%A|4e8PaN8ARRxmY-v@k^&Zs0#gqkiLEUkuQ6R>}R0Yb%wwsjT}LWH06u?_>w;mEtWMFmn06k3(*e=92>PCi!?>7M!dS8;KRy0t$heql;Tf25F_F<#
zzC^!IE~dQk(rOC<_8t*UXOl|7s?rJm7jiMp4N7ZHG>Mzh1jOVcktiAQ8`i>FRXSru
zJqdn8hn<~*nT6GZnpofSME&lL)Q=49vR#!j+44i{t&o?!woV3Oo
zC=Wqa=p1t9`KBH|2g5zzR4+WhEyo!vM;zmus`NAVK8KbMNmB|Z@A{_fGk6sRvEO@$
zDB{C2?X$SS`v*`Midj&U^x-*n`%k2GH=q&*F6YDZ?MD|%s|KJ4V_>ar=*n+(dix}T2o@iH+6j!Oa)fQ;IY1`pKu4z
z7Fh2XTq`lYsc9H-#5gdf8&-Qi75Jw9m@2Jhz}6X@i{JRBhN6Gn4eW@)Nj}QXd}LFYEOG<(baJu*!4V#Y`&?R_e-li
zu)YQ-iEO^9&-!6dc@m6g49oXTQJ>&n$sy`qYaYkw$?K##40QcYg(1lfC^CdkC=Yx>
zZHP~v@J`;xNnKJD<(n$^k)CUWy23mj7|lAV&1fMs4Y`LP9u9rq)K+{8kuc+%;_MmU
zROSw8Rf5LI3$k)bnJ
zFxEFkfbmU5@a~fshnRV>f+MJWbh4griieaC@r-Y3ASRLGO~f29(qqX~lqb!ZFxC&c~|
zKj(-&ixM}!sVTUllcB;%EVRrhhvH&x(i
z$sK`s7+41%_k2@}KX>sFz{VQf_@@5E%v8)n{4&BQ?}D0-@0)su=G(6U+!sR-x_x=R
zsiGMB#Yr&EdMw{Jwd;y&!XLo?AzW91=bL)Hh3?u#f!??i#G!G|H(La;Ekkw
ziH5+Mc}jfWRP*Jod>>$ge0k3|m1}}4KONXCU*7Xg#kIwALh?PW1Gd?h_k2_Js!9D+
z`yjBRM&9_Q=HT{2TtxhJPu6WKYr4RB1>aPY&(NZRebL5n=u%q5ot5XCs(2n6iUKU<
z5sYu@T1mGnsSoHO4;Fldaf>v*so`jm-02Jk>&aLqCue+91B1=So++;48=&5bq5Hn6^W$AozJBok;?O0+IiermH`TTZilqh^
z4GoKi5Z^boHXjI`0QT?*zHcgdA)4=K#6RO<+`iqa@qAM~(Ln8$U~G(G`Rk{rl>5
zQcLl~+WriTZ*Z_vf&OTxg3bolHais(x1ZDwtuHsAqQe-QQ*f{l{m~AEC?R$z6zPR0
zGFV)-Hwg{8CTNX38Tu2Q5U0ToEt;~jLyPa%L#xr*G`j+`G^lDt`bE4Dyr=TMYxui`Wz1(wtP_#SLc`am-s$Pb)&O^g*
zUJ|EF60A(Cpskg}sh99W?>Sqm#T7j6dk0hZ5UL?J4yNfjbn4GJkUCxtZ-X1pa=>ci
zfRn47RSt%0eRL*TQ$A4d4!z&t*6d6fZ;cIu8@ltcCf?#a(e*LpCNh}|@%eGsttbJnJ|1p~@+yt!dp$^WB;2cyF3;OmcPb;%3WSca
zB(FY3)qs*g9_G~t*|$dYYGGRqLxC?M-vKYj8(q90j(5jC9G6QRzK)VETu)+Qec+1P
z1*bSw)SDo_L&}PfAsW4=Qs+tQ3eb~4&JtRi&|rl5ZHW
zjA!(#YQaqJWaS9`{+N~Cq5(=P&o~k31ZKHwkhL;t_q;q4g*x_!X4M1K28Z333V^O^
z{-G;j2)_eog(#i0DztPuFe~y8{v_AMl^B?lOn_DDG{&RAJXHvfrRO5ze>m*nWVc41
zSNq=))<(qc@DP3p-fF{w%hiniNb@kT&ka7s7hkC=<-s%<(60ub!KLy~54;9|I4jg0
zzcn|YePso<38(dBEUysMCu9Xy+3|MTaAcn9$tp)gtK8f&kV&oB0u{2(4jdX|Ta6w=
zFO0*UOPV$GiXGT~L|8o#J=lZ9Qo@_F=o@z6%3+l66o7LKVKou@FySpbFtM9$y$EcJ
z!Pof-?6m{q^I6t@V4oSBo3dk8RTwWxq>WMFiQAeZ@Ya29my
z4EiOM3$g_U#UaP9i=u6D-GqvQEBjDPWn29-(zZ5J%B>LFjuth^
z0UJs9e!|(g6sTakTPP5~@9PI@+Un&KSSO7L@gjaU`XVi^p|$K0MXBA}vdLi>fN!%^
zyn-e|q~rKGNhfST;@fWn$5+`ZHA2*N#Q*7Gg6LLa`&6hKhj-3!iQ9>f!~cbYg7KH<8!89#+L
z356?v9@u4HzJ5I9&)F)JX=`i52<#+;!0ozsJ50wE8O+!<@ft)je!$xf_TTWUp0!
z%`8;wKQ>m{V+M;(%g*tH!QS5sRmoD7e#&imnS_yvR(-|_NL3R30q48{VN_UF{X?aY
zUMgOjmrec=|ycwdg~EF#stIoOEvG)2mnfk1m~Xyv@yhE9QAkqp$7722Vn7Sj3#|IUYkb4%M=?lZ{HZXW-VqZcs)
zHDrYXQz4hR?-|IIj}JbxT`)Z|3WF35Ek>2iHLiPs%zN?a-awuBV9hEvv#WyHIF`-*
zNoEz4X`oenu=NdXMR$+}8KUMKN<%w&R;pvgbvu~`e4gQ4pkm}tg9aW`!9P=M>m^`Y
z4X$;}`U5&9tKc7FbvlQEpNrvW^Ld(`$?W+m`1oF3rhkB$V>B{L*EL@eT*Z3i&OFcz
zx?fPiwq1466a%w5v8k8g0*Thm>}@J|5k*F|^bnZ+{!4eeMBFk4He%a|=1?Ujf;Y|6
zY$YX0WL%Q%O0k;z4?}kMzgl!#mtYv+6Tr_!{V~j1iV=J)lm>=^RVlN5T#*{
zRMROx!7-SS;Ly1v4T4$P)cx3&Vhv_4q7*1q4DFh4$@@|zZv*2&fE{B9T2CtH>O-l%
zgz>{bm=;S~M=9!iUuJ$RRq+t!!eG662d2IOX68w$7T{VC?}K*Y-&89xCl&Susro$t
z`+fl9caNn9c=qoHPR9j*$%_|7$c|iSPN_Kj!mxNpiog|oSrV5&&6h+K5NZ%fj|xX-
zqsd>BYV|?gTtr)79X%x$yYd4!qN_#X)4OP8wHNMB+N*F;6ln7*zYi?ltfx2nUQNO`?5K
z0`b@v1$#cSrgI>CpG^~!5`wA=d;nZ*!3ii29NKWLiS|Va98keW>REd8luQsR5s7Wm
zxnt5L6|6PM-8`i^2#**|n)Lg_(3BnyR-5Qv0K-8T?UD3Xg9F>+f_d>?EHzItAJ_`Q
zIVJ9AQ+c<>{{@v*Q&`)8y=QP1(VZugM#TjmgnRoW2;aq$xZh+KWMEcYaOyE(-3B4Y
zL@%W%P4qrzU`br?8+e=U0ii-Hi8ZAkua29bKz=*N5}>K{FOXu}n_rRE!-(igBF)gE
z1?jcg)7Eo=Vs?c8$%En`RuTr%?LgyeHcu62gCA_+2#Xwg_T2UmWY?Y*qQny?;z>%N
zt8EW|53bAoi1`c$yDsTZKBnpdquGHLl?~yq4h*;L*B+C4I(i%2cvKb((w}HS)*%}w
zKxU3@S50l;iKu-_-iMBh+
z|&LvYE^?5p8YW(nw`~ygK=T+eLf=`c)ikE&aK(wS0YNH~EX7&?!OL
zT=?|4mq?xrPZthWMt`DBW)*C=+0@9mlY$#&VKpw=MetBJNMUN=d)h*@<6`=klkoA5
zKm!rUgE@EVatuU)hlDzM%eKZKoryT?8|0ww!%%yn;;?*bA);4#kf1ZG0N+)&5*28p
zSgognP-DNv_Z5+n~I_|(GL-r`A%2lxr0<_OX
zppi(SYalbD8mz?Yb9?X@l{iJF;0_Uo%O!7Vps`3HH(O@YeE8Exs3j{Ub6SGe*5|(4
z6RKK@(sZX1qWH`=BM=xsyBkR>2hyH|$mt}&#h~HGgxY%qtH=<&3dbf77PKS0mHAyV
zRE!bo!K+%ue&B~ajtfr`YW(+F#YI5ZJy@$~F=zvdW3EWjWy>Cw)}kccwX@ewy9&wZ
z^y3coa+Zip#&jw5J-UNR5UOH+xMESbb#T~Cv#0_Y!fU2?*ArG-M0fKbL1%6ShDB-G
z1X!216nUs!>GH-KsKxM}{a|nx;8;S^ZAmeErvm|zhn$|eyz%mBZ#d3~^A3*peJ+=G
zyeP&MPw~1y@j7aO3h-7!-wj0mP6BMThBJgZQ676FB034VybA}z(dCV|PSZwc6_tQj
z^EhsK9k82fe0Co1@=<=>3l5|mUc{?JbNNjnN(TxwD$Iqj^a4WhWbwqphZl7*h
zbTEO5o9o_#L2xUQHNE1oMdK
z)Kgd>jF`KC7c-oBuTazD{d}=kZ;2l@rxx%ghO?PC<`L01J*CwJSbu|)Rx6eAMce3p
zhsUk+fUU;C&s8WRI4N(@iMH$_Bn16XyDY~5KVabk2+^)?12@%$SAXYYC@buX{@T;n
z$-vzgovu%_FZzc_Extk>HYz4f2Cv1$NL
zQ%}O|i~ioH*m)X)q9>sK1Yf1j$=eq_b0WTef><#bKhGH0?2BIMoQuBzY=gmRUvzzW
z(k6=ovtCB-zt{#fc&5<|uAaJ!ufSIGjOn}9$ipQ_Uu6w+L3z(K>aPPNAQHi0Uj-y?
z67D_I=yn4SfGAcJ1)*Fl$$O@;9CK??$HTm58nih?`fsR3e#S(*)0t;XwC#;~#x!9R
zzIg`WSvZ8m-G*3+GyfSA=?M{d=Vwf_zZWe2NsPFlzyI}&sfmrJ&R$}av`*1HV=B89
zuiYWKAd%u>k^hV-^}1j~D;vnHj;}`vdRz9B(N*Sc!Fz&O9e?oyX*~`BUL8*~olPnQ
ztIEJV*yJCJ+gMC8U{7o>c9i`;3`&SHoy?;)Zn!}o7T%jsu7RtGyE
z0cvUBQUrU8+&{bvQ(*&@C&&uzN6x%O?v;Ol;oc&5+B2{mXRI7?%p&*p`7lX_mRCvB
zy_~$e$o;E4c>aOdV;&;v`tVHq;6~fJ2wXV(8^5;!L+>AuQ_7H88aYWKaj`pLJm|5gb?<
z^8qa;xEH}@kvm@t6mJ%}Px_xG?nmTdBhWms5^w)w#9Ox*t?fMGFB8UTnMLl)TVp{C
zqSY)H5<@95v&enwSbPc^STTcVWS~AYj-hZFM$_uRn#SN-i8cTmFqHTf26O{spkY1X
zr-DW99WLTCXuzH|I2XTJLsflg>Qn!u`zQn-nio!Zv^Ij-(x-$-FY0_48)9M!;1*(
z6e6xtx_Rghi_Qdb%s9q+y>YA$4Iw#@Y91UcVaBllHX9>BQ5sMMf>UVD?2TiailAr-
zZVITCfz3E}AyH_20I*>Or*Vu*zzWg+UyVO1h#k|q&qD%PB?8VzsKE+ZnE_`XP6}43
zBdx4QWid>#>GNDWphNI?x-`;OmIu-m$T33b#40#{D`W=At?z1?E4~aP{p4;SL=DU}
zGFg8>W}>`sL(AMvh)#!*aqPTLL1f9Y(5k&yho{
ztP3&+)-94*$Bd9h&dBg5TIPz8iO1LftgI{{d%{i<3P0y&N))e%X07p3LjGJ;i)Io|
z>AHAE5y;mSGC7YP;i1p`Jos0z^`u`%?9$s51i);Czp1ccvB;(m)SA}
zuTb!-U6@+AS!QUFEh8>ei6EV2h8EbexC^x)NVk$EW1;XhTV8R~8saH*wKD#SEgg(G
zl;9jstE-yvjkc_NSm$tyr`pv&7wccMj@U8_;}6Ln%ch_44{T|>_>bB2Grr%J_h1=0
z$tPm|&#GPhC0>U9%eH(T>$nNeBHX|7;~D?jmet@RBfJISR4T6hjGwjT{RK2WB%A)a
z*mDk@u-p%aCdtpqrl0X!w!F(NpDo$+GyaDy+qmU(ESvtv;pNCGDCMnfI{hEB>1RBj
zlm%YXc;cd1`x(y-`*vtNi*Tx1w|sJc4gHm*yswMKTM!;qK8%->@<>OG56PyV@zPSx
za^>e_)BhG-)b9plksG>~+34xF;u+c#kmUf8MF%`lD?X0K-cJK^6I>5u%z0mmp<@BL
z6A(%L?Ms!XvG-Cy7Iu5-e01ZWuXlzn1Y{|&Wo6wRlts^K`F)-|
z-b^AWB`C81k;EB4)hh2H)vTZ#`mHXPKa5m7L#2Xpq&r2+v&2g){vo=C>jY(mFLYXE
z3DV`lP|cvM35e2a>`T4S08(v&@|_V{s;4i-P>Y~E0*It0_)_OuL#kI$euU>dl*CF;
z%1w~*Zb3Q5or3Q5MBQ@fHL$CdH99C?I-uphiILYznlWiaP4%rPd1WPTy{^JK
zxU5-0*~hKdOd^pcj%55B@#ESn5#hLKbF#W1L3H9mCxfyzAWE>ZFEt!xkaayM592+gVn4$P;!82~eNcYk
zLIZrM=W0Mo#K{GnwA3_TilJLUxyFT7`%;ZD8fWE>lSyz!$y7jO;TOKt
z3DiPX(KvZuqR!XPz7#|0ak3sDlFG5%ltxV|!+Yc86D_q=34(NKFjO&4P69+y^?a$v
zsWckL$#>Cr(FasJ`%(-wh?7TMXtXaipGu=coGegSOD*uF7-|f*1RL5~zr@?b#Azh&h09T(%4l9w^_q@+(7d5ur_4f1)FJc+3;rGL|tx8fPf
zrQ{_*B${iL$?LAKV0CdNSFF=gr3up2$WVroZ@Jaf&`1T!J?MN_1CQqrCSa{Xpj;cL
z9EWY4rW|&3x^vjcd6L7<&I&i&!(kWav>V>yu&a|wizmxY+u!E*?Fn6mR~%Y2w}A;n#QZQtUs-=&8S-iIkGSI0x3TZj&U&yaSAc^{^{jk$$L
z1yU|AGtrC%;Z$!`xvLTkL_cLbBoM|$X89xHuAS0c$!q_iOg
zLb>&mDZI|W&z;g%?F0!1^#SKjM$mR?o)I75oQ3YXoh5JKyVk6RBCYgUSY*e=kn@G8VxTW2
zvsaS7L~W)2xd&-cSyhZC)q^~f?urnp5?+jAQu}BU6*iN)zColha6K?-d^G6+Tx(4F
zXeW_s7jsE#qDeR5Ib>4Y>qKgfTL#v2Fq%{c1;(V|J3vbN1+xN?r*DK8CD3vjdR7*s
z7h0%ATIv0tKwHW)CJ<@%A|5r6CijIF?3DN5Y-ufpYcm;8VI1~qa-8zg2mR8^Q+Q$6
z(VY8$*E1YmI>R4>(vRjS_4MaUxS1LWo^I}FZ$w~wS#Mfd+<%0UM@F82%emCa<9Jjv
zIw|EHY&Hv-6{P=V^0jJYT+%Fz=C2`kkB8{BXl+<m=I1k`L04XN;82Mg0=l|n6UWuzF>_ma36zdg{WxKYkiG1BFR`Ivf?E?0ih^M
z#&dGbg!=fD*1Czb9-{O#)Dl}S-`3Fk1RWzNbwC3c*;*vUcazpBL|?#Re@;*zhT4jx
zQgA-rq-Z3@kS@dKjCU4EwIC|;1H8u&Soa6~>B{8pBG30Nq(zq00HI+lNgL2hsA)r`
z)e%@9gP$iW605C7iQt=wpJBdfj|cd)A#mpWQtC?|Kh-ZuTA{HpIQ^L-)S%FR?uAUY
z{xek4#b}|G!MOjdc>v`UN_K4L_&Ss?sj`Ir?&<_P$=Luw5dxAMhkY4ViW_9AW=yh^
z;^;CLnLsNU1})msOZSrTiovJYM~&akY!1RBhO`x?xTI=QZNV&nNy9;S(vXf4Nq;7`
zom9`zW@`%ot~3Oau@dR4vdK;D+|$s=#9IL0$MK9PeH}~A*k*1|F=a+2kv{dL+iBba
z-&}<5i<(1pD@;F&i;#Pk^z~6BdM3nI>b7ODApQMsNYi67(gdV(8TY_!M(g3EFMXgP
zU)~6KR{Gn=N!$PM&08XpN}p(@7aL6IG8vghDCvqukHS+X^7gkQFA_=$q8<^Y58Q;B
z%Xl>yIRrpwW@|8+3^0~hHE&`@7fMnACm!tf^QK`S2nUk*fwP_14|lmqsR5O|AL-nJ
z7P$eH9-svl4=|P%Q1>4ORsiuC9wz9_O1aQST1kn4RMI8n+Pec*Qf5Hatc7(7z(rI1
zv?7t5q>i`5NJaT|+lf*hO
zHygI3MN~*U;vlf2gmYFjUL&CX!7P``N_-3KXAjqFawILIN~#}F6CQV!
zBy7Y*fWuY7c+-HgfU}a)!0z>MS4kPlSDS!JE$5P2fzXjiR0@L5tQ4B3B;^iNDab|9
z35!aT+67d3bmnaQ6p-eS2pO+M%qpHS7)C^z-EjNei4!Yb&2dSuM3d;1dM3S#
zNs*O)3OA^%>C8R
zU7___X6;ITc(PKVxiJn=hia|^&iu72^uB0_z&o#9xs9=y#An5b3;O#XYgbm{S=L*I
zO|m*gvv%e6z0x8ZP7u@(7Wr#e5({GE0Yu+0P?aBXHPhmg$KW$8iCppu6`Gy!;*)}i
z(Tjt1-u%4=s-!K^f<-@**2sSeb|S%SOMatNWLt|`iaipF^1Ub;gaHeFWd4Tj5VMiF;dpd!b_7mh(5JL0x@$}x7(
z7|E9vomlD39&|}1qe--En@PNWJAG_Jm((JfWUgX;v$A&(NVxW9fODrFrRSu10FA~cL5doU3Du)9Z^vP!*MrN4N8_7BB$YZZT8+3s
zC`RMtSAmkQXtWvKG16#UflyMQn-p*Bk=A|>uK8R&BU1t1f8dyHbSQw6MqXgYKMuS1thQE=kvwd+f&@{)L
z6sEs(7a5N-I32~tO)AxZE(6|U*GfOV(Jh0&h)BA1F1f1Giwt$kpukq3q$?VIkS-i5
zgDQlQ0$m2YS8w`v&yg%{mpcH}O%}JyRFB+XxI%0G13v`MNS17invrlv>(5B`ZHK1W
z(6RuB{Wo1qW=7(maK%Q%@9;1|Xa0Kp-SQLJc(}kN`=jA+&_v3B4Buq)1gjK@egC1pgGJ*gzCeX`%umMX&*i
zQba%nQL%uP?|07Z?!Ae=e*gEq&vR#I=KRi?K69q*tgDf1K{WgtN%VKP?S#&`W3}
z`RJNi$Ql4PI3S@k7HA}8L1!UvfOf>8m(WQ1YBuOg0KOv-<$@%eUn9AQ;Zy34M$#QM
zfx|6>9IAvrM_#eG8p(@QY`IMUXhR^sTvsC*g8fvMG!TF>B_uf-NxvWLoL>MyQE^HB
zvDl=PR*J{|KKG4#fOGpsZsV16WnYaj{Lzk$$ty4D-Dl(s9o|2IO5$-Dj~by(2d
z7l2hI0R3{aOh_$%3N
zlYV(9E+D6-lLA@;qH|K*COsQ;Dht^Gw4M&VM3X*T%@%Su08<^1ze!i0XA5}*w5J?;
zi6(sxb4L#8RRG>15aog-o4-l-!!YG<(#_Fdapb=N=x1V~$SW4NNtaz}%MC|1mcu_l
zuG^$1ZnY()0+2f@m~h_(5<}J(T;z?(W2l&UHkf$
zee40Ar3SQZTcS@88)W5sf$XDelYX{)j{mL;!3uIXVpXS#tl9^%*Wdv0yY1i+JW*OZ
zCSgZ_SHpA1Xq>Dt20z+Viy`XEs1jz*n$2;azMesm?;M@
zl*S#*&&ekTK!50*MdV#-K&Q5fmj$?n2<~!L6Y(!d<2+V9$$MzAkjO^_FU367SHUm}
zu}4IT%nD!z4Hz)8#Ij)jqd2{4uk{J)&38&;9X6v#$S41octzgu7*j{9c>P%{UQ`i9
z@GE#B&R5Ma9tu_Qs<%5ZUX^Jft|q*c-X(cKD!6G97DJ|ajMW#^h|n7VchHjE+ad*I
zh~OunLhC-vw1Kgl4s0h+#R;nEWET|2^DH>IqVWdCKR7k9`|I>pVQT
z29HKOBIkRI9Bf%q{c8@?KczFh;vNWHs2d4bahs)tPhjCZv7}IpYLDxJbZ5!(*`Uua
zh_Y)jf>#+99NG$_R`9$U5VTr1^gBw>JB~0l#c)1kN!i4eR~huFP!YU+E;2h-8h5u=
znSITPt&0}H&7e(E$;F~CpcKXIwNu2J_@^BqmJAX1D9)&$2;N4*Xn{W+IJaYwFBVXE
zP1ho>n{}fXMjT4d43b6TFFD-t_n#8(Pkr!TC>4tI_{~blS|>t`Aw$GHh+0&3qA?{?
zrR$Uv4%HYAhZ9($5(U?Q(ouGwZd}5CHUZ+Wt;5kHhs(y%<1f#-xfGD6S#6+5q0$_M
zZqyO{$bx!&a+@nn3;5VCsc`m{wkTV6VaJv#&8`h9i>FYy)a{hW;`HkCRi$Z!apM&w
zd;$ySN<%A~965UTK{78J^j4CHyHkdXXKWYT3y<;Ol*3LAxugfhV?M$U-7k$=sVW}k
z8+QEd1z@#38PGz4J6Awi+^ZW~8Yzy>;P|`t$gjJ0K88sBgBmG`AmVBz;7!6oMqY#v
zd$40Sn*Bn`SO>&L
z=m|$2?YHqwpvqA4c8$Vj$Z_K$Zl-z`;G2#-1`nYX^|+dgxJH!`s?t^4k0AfQnqzQz
zbfZ+Gibg56u@2k+roz7sZMI}%;tuTLr?@0$jvk7^FA+-}wTNW9A6sX#F8xW4Izv7Wi
zWX)ZJN$)`8vkWxjx9n6?v*Xq#;=cS4k*Q-GkJPy7W)y?)E^r)uVF4lif;Tm&UJe3;
zLn>Y`Mewo($Uqc&3zQ6H@+JpZY^uT~$k|?e&LVlB2=4Z!D)d9p*$MEG6Cq;ZLJyeb
zWDmr0?Kz_jP6N~)A;ljKmNp?J`LH2^LslYYEu?WDj+Ik&$$8sO0y+N6UNX2HG%XTx
z^Pno)1&)yaMg55D{yv0EG%jO=BDOt_jDMY%1@}Cu+GN%l#U>Bf@&DfhJ*q1D%R|Qa
zAu6+~Lk5>c$;`U`Dync>-H3wnO`~Ta1@`~bjYaT)V6bi1jqG<6+v@*@jeA#|D8w0R
z8XvPysk!@p;-yyOcD^_n1$COTe*qSxxGOqn=fVG?Uy6&jxLq|IpbOeTs0JCF2jq~S
z%%-N-@diWQ!_o!mN9`O4SJ_5$3G!4VLt3N5pvlZQ2f|(1o%;aE8u~p}iDnx=?8Y0=
z6j53Xq{`;kXGB&Zv^rppw$;T>2SbVRD^DV>`xuQng7C-i9;pT8*a@m7wcxr75L9rN
z*{a!n_>-y}@rUe;DORUAnaovu(l6Ceo3@;j^!*vk?y#Di0~yRg3&Qf5g_P>^I9iLS
z+`)Nl+8iF@KxkoEo@2;WL(qyi0guRA|P8D;$GzCNWTN2#cjzuTUl>Gg^oIE9LA}!C!CO|)L9hQ4u2isF)k}-
zE9$^eqx&&U9CkRU4loB-Ie(2%9b{It>LBAbs(r(sop?~;atG;O(21M>F~@l!6zwh8
zj}|&`rUM~|JiLy|EIbeA(DF+K?Vq4BzYj2y?=B%j
z1pkyNgr`TTpth(z)MMORoSv02o3kYv*8;oQ|6EgN2Mhs>dBqRCA|5`@Y57|iNPGfT}b`!zQAvZ^IB^|zE
z178oqBoBr2!w_8@gYQ@e=Z9oH--5+-UZRU4hfIgPBpvi(L&TNBx(&p9&|Vk);k(_z
z`5{?nYqFS&ak@C;km+EVq(fzFh`3!3aBRx1z)@?QNBiBu`5{?HRBS%S)Uo1GJ5j8>
z&;d5dr`Y0-V8sHlnftmfUWadU2j_>VW{@d^F7HzLI|vwAWj92SAyjqCl0kKY6#c&9
z^vG_H;+@x($+El<|B-`2(4ieNDj$Y2aouk3oHTMtGO+M3H_jKLa%mY_2Z>%KW2&MC
z#mby}$ao9VJrxg!)<*sDR6G+p>J~jOg)ZRdm!Yfqc{y|sKd**<#?P-pZ{gWx$jEy{
z#gFw-z3|Zw@YkY=4jpf2LwFK@4}DTcWD`9ybSGO38G0I)DTg=UL`mh)7r~JD9afU0
zo)oeij-&EoKimOdBWTA9D)9^8Y3zk2s21gIi`Fq8sq>HO!lbEG!$bAJTUXyUNEbY{
z@H>Ad9Yu`U%P@H!zOhJ`gj)L
zzfla1+a&n|(_bgnUO}%ufTWfKEyo?Gl^
z#hS{Ujc2__;VI(U(ik-``qAO4gWQJ*$QWdf$O?KFlp&Fa4nPMYUw<#(u*QcV4Ub#;
zr0O{vo;idIGe*Vzh~*pV1sk44pBpQ8gt&QoZ1*=C!9Ovs@jA8q8cDYd
z$7VFV2hlRCBkp{UMQmonb%)5nhWCRQN#zjRwBZHvr+N^Z-EcqDibyKe*qnxk
zU{AbnI?5$>igzUmnuqyG?9`lPVCIgM^V}T{M6;LT5oBbv9{TzF&YnwYJ(8z!TEq;f
zo{^RGayQ;WZ8!ySpW&|^gNiEJFfCaRYPJ$ta})l5IyA{k3u+goqF(jK>152Q>wiAsXMc80|9SMMSd^!kSx&ATY+deE}p6i9XfvX_fiyCgXNR|Szi2Yxvb
zv}r`=$SHbrJtzlWR2Sr8lN2kxS@!I$UDN+skq0QNZ`dl#jn9#kK67IFr(OAg%@
z!g~~5^q}{b*y;Kc029&TbV;(=yD0H`BU-YtcTsxiL5Yp+aO(n;Nh}n3#iH{Ous(WF
zL)1$Syc+<81fu-1L3~tefFAV8y|$$30L(8Ti4T1Z)`RZfW=mQFz;gr&ki_TihU-B+
zA&H7l9suBo15y(ssuV_A8EN0JK(T5zZ<<|w%6}A4eOSNnSDy(qj{819W5ZwTkJjq1
zK7~V(CH3In#Gy%ENph>t@%5Bve9{lq$LfJY!a&L)Fh&u}C=%yZpEnupRG%*&mkg4R
z0J*|NyVd6g^rQ*kmoJ0%8qqm&ZuP0vAD_BJCddy!``n?Is6L;s)0B`~0Q~8I{MF|X
zM2Urz`4Brt_;Vm7s!#6$DhFf}0NN0U(k02}uRgRA;;%k$?6Sih572aCp~x#1xB6Up
z-A=({0IVU9U#{AOL-mPIx3l4O01lLpMSi9ccJAu&e-#5@rohVB0*W+}iTahOoCi8|#^
z)VBeNV*9^|;kU9fzP*CHfl_thw4*uY2YvDdwlY&8Hv@ldK`pdrrEhf!I`{|Ro#5Tu
zA;}`9+e+1`a$p?~+H{9rT&d!zucK5w@tn>$xfbB(iQz@al4Nt0DxO$7N)>OJI!e{@
zEPR63QATjyGgLmYuR*Wz@WZtGle
z_T-?Ut#f5z#hCDp&b0&4GM_?Nj?Q%fF>-XPn+V>~t!~4fc#Dq7K)3pt7;N3@El6P9
zigG#N99y$rux!J+RpYY(gCm!Ke{dYJ9TMw*B19wnwdXMQ`Ul6LGN5&Ye=mn7X?NW|
zp#t4%@=M4gcX0gtw#G;~7w`v&WjCYwgbH-4k&Jc*$H_1043b-c+~K0#!O_Gd`4FiB
zCqVm{=o~qBaGcx@7nxESeFxfa4!y+Scxjj|B<52@8-H5}AA^T(wGea`k_uXuLoYEn
zhJ1)mKO+Fy3xFX6qI5~J`3J{<6DrWHhGW@?Bfl7+<-|gfS1j(}*sGBp_%;Cc5Xdjr
z9UK=I*^*8HaIu6WXK*|`*p~D=0Hsjcfs&lTF%>nH4@V>bknDhzZbg-X2ggz!ktmb0
zq}l1u?CLZ1^MLBZZ~XbIPx(!#B6mU96cU(#vDaUHN_~o!xdi?z92#z84Xi$$i>c;g
z9@ZHt_XB>2Sn4s_sXncXspffDH6oC_0plkZ?N*-*^p{OY74Uv0L=65aa&GlGfo0ET
z#9te<#tywi^;t5)7SaWPUJl5wTc!80g-ir(mP0R5ebP{Zlml`F08bN$(k02}uRa;Y
zRP$6+OOE_efKCw$<*Z_HtIvefcHrLw@H>J0a^324e6KCZheAxiKTwiWeXjj%OUeMC
z6@daIIn`(XgE+K7u^0frPzR){4^@hQ>O=XO(c}PX28P-P&pYF3e$bBA@LL1k4aC0@
z3(f9OyA^SeyWoA$A<1n_w};y2UIqPA&@Mal;zKR389PI5Q!LC7PKKVt)nE8)uhOD6
z+1#O)m${vxmKUm>p|(*Ed>|W8*%n4umz!+vP|Ld~&icjPb#`#m0a-*0lr%}Ue;H~A
z^+k$a0A`QN!Eq)wcc^^|LoLhs7`|r-NGTCXpKj!#_G2tz%U|K`K`y&zQdIDiBO<9k
zwpuXM#y^9=>H(A!2;`xbeC60<)gw3Z2OMXJhcgE>I
zv7PiY`O-dt+D&!F>0lhh3mm6UPPWHodu`+lnl97rae6lvQ`v2g)0x;>3LK|n`ywH&
z5O-&sZh1gZYfC(q#X#lpA
zkmPi<-QPe*O931P;5`SVI$Ej}+|jNtM50WR)vPl@W;HM2azOQAWzb)JYGaXKmc4|T
z0RCEY^yB{O^UYnLHH3e*Lz6U<@K>KDPa{*^>T?UbLWGnfV2mS{4kXT91DVTcr}~V+
zwm*U76EIf0Xt(;rcKaBv?y9KB|t)|%FP6TKcu~6g{
zi(7pnv1h<3SOLJ(1oF#u$LaS_!8rwc0XSSjl2d&~KV&E43jn??A<3yeU*Yr_PXvQd
z9m4Qe#lveLR4D?g55+2@-465y7^jz9aR%f3pr5hICfk6w1M$C88^!BPiTjU51`LAt
zScfE!GuHdRawb6c6OdA(`g?VK0(~Yo@y9EO4hF#~SJmLxc7l3_*w1_I=W0CbeK#HnaW)9f
zkCUPoJkCS5`fRQ<2*w=J#Bb!QVP~2R;S7S$owpbK?a6BB9JS!@Y!H06$Q~r^L2zP5
z@eP8SH1j__b4Q@`FBG3BQ%#
zUW30DLwo2>jVc%e(sp>i;gDoSrrR}Y<&y~eBhbz}^x`#&4$w=dM&WEEBAi-5`&Fgm*2WOHj&duFhAt~SlHgPR1%JYt}vNwWP*
zjXHh@mQTVgw=f37jzVnnbU=V!f#MRrEmn0DCu(*&k>?Ei?gfg
zT#sIqc3aW@v$~*nXOqCGK6dQ1qRKC$_a|Te;xQR+E9w$!tA=(fdI1A8tBSTN+2&gD
zR@AP9DyiW}BjH))qtHdhN81q+n#hRjPCLjCD*GV(_81o|zaU9(w>HxWK-;xv)d)KdZ{tHEeM3>P6wlFe-*eCWh!B7CQ|)9Fr2
zhMqv&!(iOya+A$%B7DfhnH(J%h1)EMVL6OV#6U@tWc!yUva~en#Jj+J;&QMMVso3w
z^cQjBlH}ZkahrgY5|Q-COW6Bet_{Yjh%Aj9PQ>3md#!?}91%(Mtpe2Ed3gYK1gL)?
zkS9mvtB!*E`PBCcxa(_)*a(yAVdCwd5fN0z2fkI6@x?{zInI8bx1Zu6RLU-JxRvt8
zbGZ0!AwCR+u+-NooJu(=4^5wZ`I8lVPRQxnccDk%N@!O~;}yFS+Ldx@Oz}#26N}}H
zx92y{W~;81Atfo$rcT?O^tpK#?OspCCB>qm5s
zoU5QdfHOT*=5h*X_c`1JWPL^aIr56dRZvG`-IfDy3_wc)`Q^F_YP84BhW-GI
zEFsBJQ1dVvu%!C|c({ZlM?r1YQ5RHvax(y19FUsdP^Dl6b$TW>ERvOXd@$KbMLOR5
z$Aa=m!qCy=Vync`Ga6+`h6p}|%0V2-7+$G5u5vhvm8ZN9IxHJ_p&5G<#PJ!HmS}>0
z+~FuT!=FJ%h2{`wi!g1mY8h!1U*W2I;xhPppQh(Wk-0{wAMtn$MZ@N
z9;W9y^m>zaaY4BX`!q8xQ-2?OSadGPSFf26X-$IpjL<{!?xABvT2pp;#4+hHMvj{#
zOd>{p0FJa~#=Wpli%4ss4;mx+(orR$rI$A`Z3(T|Wg>KA{u{W9fM}6}!I0M4*sBC|
z&=)V3f)2SU0Ue{sE^Gmv*u?_oKtSXYVAJxAzrdTV1yy_+$5BnH6(;SRXUkGa+hC`f
zlr7EjWbX-k&3BTrSsXMmE+Fgay`Ceo{xqfOjw%@~!5h>|_>D8AjB
zUafov**D$?5!GWT2h2_65tR#%8l@@2BX5s|uv%p~b?XMeKP8R|CGxQ_*i)m15dP1Z
z5Y{ky3fX(&OjLSW^!;QnIt)yD%qp^xT>9P=9azd0B7jOYVoUxjmM
z>6tMn$v$}+?72}K?&FnUZ>z#BECo3$RD7O-_Mg5ojxfii>E+BZ>6l97Cge(^SQWcE
z$bv>?Rg5+xsg261Sp0^RHHzbqQQa1zise%7z6t(zltdhHPk$9fQcVwk4}Ml{Kh{N?M6sey7z%r`F
z6hyI^9yXnblwOrMe+u81I7TYc#%o~@6NChbC9?k;U^^&T?x=p`ct?h9B>>fQk=(@t
zugP2nN642WNj8)qXhqskL;D^P%)wXK_i9-$Ie)d7fv
zlv?oKtgBl4HI>{7|GMPs`UdTdK%aCMxYXT8rSwxA$l4&u&6G28mC%R!90!AtQ3p}
z*%3y}61)fiXB#-_InaLIYd;^ipIhzcyLc{^0|!kMX}Kz|iYN|T1&DtdT%N}17PUQ3
z<3<*>Hc#Wm7PT)=;|z;hl&5hME9{thUShdTENW7o#?35hE}q8O7Bvk|;}#aR1yAFa
z7S(%C<5pHWKigPTaXpQ5EvkT?#(CCiezvoyzIhtAw@&i2gGCj|)3~EW6~@yz-=ccq
zXjtt@Gcczwc*n6vh{)ft
zaFZERhB&5~O}uh4ruQF1(hN_NNPQP9lk=eNHHnHQ#N;+l;s{!F$Tr9kzP6jNsSqB-
zxrWOafr>F!fCIPlO@WjqKK&uMBB#OLw3Ls8nit7q3bw+U8D;;1J@G&vO`OT9XU_i}
z0{^P0iL3^;z|}a>m6aAu)!g*`(H)L-c0~B@hrp~x?1=RZ>kmg`b|m<^V`(fagB{g;
zOK~JKE0Y~{eS;8YRugtK@(o0_%xcPxY+na-iCNj~$n_oX3`Y(-@_qHcf}=S*dio-|
zfv08ZL8cUizNg0_I;~?yz%jzNgkq4(v7X?&MoDPPj!C}7?}3sR+7(Hd>bnQ8N@aD3
zqQP{IuihtcbPT5f`99ya&2V%w$3fctzSB|QDF~kh$AiAqpF!yrRtN#hd?UYvqfeQI
zpses+tq54(vX8;B*0=IcIQnsPHv4w(fTMpf74=KL&$`1gAcT5|*L=gDhNF<I$x~JnIj1!CeuKQpK(})fumn*K
z#2>Xt>bI{Dkvnjz848w=1*IoH@ZNUtHC40>
zqH)k%v9L;KsC&8zd03;Zcp3^EuOC2HxfcZVa__^{=
zX!0094I~dt`v~NYNs^pMKGo=iT{>XZ6zm&<6(7G8HsN|OBv(;Gi$sx0G9cnx5>cid
zGNC|;NFgGNU>grvc5oDaLN;aQWfjFvgbm2dRUJUPrf9<)nn;MnWGJVj%Bu%m@hsWS
zuz?+sh6gmOC!UmH&k~ADLID!WK-tXEbglpgiAWX1F2Yt+6y25hD@5aBVs3IGkvRYd
zr$Ot^*`Zk}cv2XVfBhYrP==y9SjkE!0Oy1oRmlQ_H$a`p*`ryj@gz}w3F$^xffDw8
z4p4t3YN`uR0?rOclwa4Z5AY-bD~i(-Vh!X+iYk!TiN*si=QNi^@`_df4CE^R5z#rC
z6a$gG9xE?7qj(Vh&K0XjKShCbKa)aeh1rd=NdD+9kb1DdBq9X}95585-CPZ`i*qH^
z{uXI$t`vh|E}K8Q$Pf7+ETs5QP8us3H4kEk@3}3SXdZ0$wu3R^H4kBj$M-X|yXK+n
zFnufM;;kc#9hUEy0Y?}+B7EOs1FE@~9WlO_(Tz4&gF&pX#RUk6U`l!4(NUm8vLnH_
zXgvaru}Ckh=36)q6kj;i>AJ!kgNPYJG(e5>yAZo&eOs
zMM9R{TbmfVa06g;~50RmB;r&-g63
zWU{E{5Xa>A%Fu(jJG`|2w_OBJ_K_2(G-2VKGW6Z5G
z^dJ%RR-Hcr_N;7vdBkFlWF4K}wo_41m9aKerPn1-4d?|tKh3U;-4~%?_Dh}{-2Ml^
zM=~Lz;TjncaY7UH9f?gc{hBTsu9aal+c4p-M(%YooTdm75#nPR1!%+Pq)y@@PRZTf
zY4M|L0yVBxY!1h2p=FYp!af$8*;0!y2a&Y6d>NP7?CUYg56|2x3BB=qQ|lW~VEv?J&DhV7
zBaywaX40}&*`LUM0qZ0!Q_5P<@gm>G+DOaVWvh_=4%S#&)+_rJVIDmUO#O0#{HwnX
zOoMW@!}3b74=bGudt&wD
z(5_oGFgxSTLf@d*G|@`w{K7Y|B^*lUH+>TxmZDWNR?H)Otvca2WJ`9$`X;S_qZK<6
zeEms4Yj#xg^&g{A6$M5u%AUVc|Tn#8LfZ
zxV(A-V5epJUQEMkddJ?nkJ8x>eqNL2o4K@jM{_GqEk&a%9Ak%lNq~7|{jwtYE`^n`
z&pFs=5%~#XlG`LMr3RxcDJ+qE04i1P
z#|+JLeG}^VsKZxdIBAAwIcWxAy|dts;A=o*ZUCh3ulKO0y@v6$Pft+QpqgPSTU(i
zG@85yEY~Rk8GRALA1t74F##%568d2hmivN=<0t|Un_7XSXo!TR=$UdaD8K?2KsF>|
zCne$;OrCPLXQT>NHlABohNU}RoUtO|Mq5ZpRblrl
zMpNyb)uzpI6SURb7dg|C(?5rOH}?y3h=WQH|pi9bT(p^MKjUvZ?h@^^eFUeXJN!)Z9uJZMo
z$5W6D^6;9AYg6QkV44Tvk-}DsO|MzC4#oKpo65er9;NOoe7tO$zk$iJJ?Nu1V-7bu|$L8CgSxBV$;pXGz8{i6kRv0$O0^Q&>XN
zGSh*<4XktG(C-;@BPx6GuDc|caliEuv=Vs?e5di(C|)XyY97MiYs}ZDqv>!<{~q*T
z2;&1r)U5Xm$Pa}7xgTmI%1nkss1JWd_N`xqs4n7}A@Y^tm2qDV-d;DhMjWgNM~`Tz
zfW{ZWberC%@||;TBEAffBOxX;6kW5(e0>dKm-#_?9BvVbEoNxKWBh8Z1pPT#F%l8@
zErN2-qs7A`{8I$^yYh%fEuG;p?u70IcHpI>pa>Z?0)Y)2@;=fnrH?`pNfZy`Yop<1
zB;f=2e2%}CK)FC*oBoY4wJ!blKc5>6-ECk3g0Os;Y~mdpAW=cM9pc
z@oE!rGy$!RLsy50YW|gpNPZh0vRqvQBMU(v?O-H*YfRLn`*4gKA!~1|oo6`@^reJJ
zrxtE`8Jn~^=yBsi7V
zK>EQ?etsOtKYG{aV!WpGhd@LG{u~QYa~4&spF%eLZbzUxNOfFtt!C>H_N|cnUV
ztr-`vB)9?|{~@8xNnVB3M9R^OR_NJYf%iU#q_Vxj)F4Q0p@l3gEyRbQU2^EETjyRl
zKk6$8X{Cj7hbzpP(pq
zgpHtX!>Azj4lklBm<+Eu_-nl=nT^q{2nC48aq+j14Nri$&IM2+Y(Pb+-$j5|L43;v
zP|R&WB0kwpfHNRoasd=~8&C-oR|5PBFAo~CiUUR122_!HI|7sgG06q+Tjwg0NmAc|
z(NAWA*xChfRabyysb?1=nSDVVQw*RwWra$U`j#J%{QH1d;-ZF7y-|R4ssHgZ!g(6R
zEiRz8&{Z__3c09V
z?WH*|NF830rvdn)1n7=|kUB_n3C7__r~`rQpc?nBx@$o8lR?{S;=VaFDp?VzBnK(<&eUJ@M``|nwKSqLdorkVc)cxRu=L)7MoZnLTm#w$KYc&-o5bmo(>$aMBN2D?k0_XwdJL
z<__c|H?aYr4fWH@^aOpPG($1MGkrE_^ZoSv3ZPGt=9Sg9{57C$@Y5eThUnfS&HkNi
z{x?87;?UJdqGyc+Xqxmk=w<6gUjp!r0}^_jA)wEc=G=R1As(pLA*5of9_ND$L}HFK
zjVpF0Q~|AqOOHsv3Ysxrnu{>3%53u;_N6PI3o@M^|6a&nJRB|Ohb(8GUD#L@Eu&r!0&*%Lr6|h0P<~&^2Sdx
z_@(*S5v0(|mWQ^AzaJ@d2HlpyM;hCpW&pHxK`Iv+^t&|U_u6%2FaQ%>5QoW)MTyfi
z^Y@4B*1iO&r(7hbH~{I<%q`G|xZijcsADeDO@~zQ8LLrELpAda%nBHO1<+qyI8T-o
zGOh}c;hOm;7D*WyQ303a;~!YV7!;+M>mIRF)DVDd7o?KSpcu`p*2b398-P(R$c>_?
zQhyu5e7Opp+Lrpj5pY!0LSIIYNN8CEW4Xg7B6wm`O*89dL63V8{(Ff=kykStT5qsX
zH8ite6Hp%l@l|mY&3|M7w3cRmJR2hZ0?Zrl2;>ZBlx}9B4X0@4Sg7lqFV%o*KuE4e
z3N#3#oKZ&$kCQ@B)V+yHhI|9GgD$Cvjs$Oov83#3xFF-^6Q*SD%3Y7*%4iec2eAioiW7(F$Eu0j>h%hNRd>!pQ}TI?}n
z&FAI&?cmc}Q>!DgjF~Uu!O>TXpjmQ+FsbE6(hR#}IdvkKCZHYe3a1%dB+ceJj4MO?
zdXY2@?QnMl&DJ7m=GI|+0-YZGoM(?628GeU5J|Jc4ue@xv!^g!z)Fu6@c{C+#f2n9
zP)3la@vWv0J&D}QLkZ^NuPv$z;s~bQ)U3Q#xB&y+6C9G9NAz;H8X$MCX?DT$WaB3-
zEMx(`{|35T0r=A{%PL~ww@8d%G^^YN^n0Mmy)X{DAT=z~Ys|(UnpL%?3R8Xoz_ehHZm=5F*>dw};DjfaI#2tgc(XdNr0Q?*d?k3koQ+
zI=Z#-ZoGH{ntTGrx_<&S)Weodw1e9Xz?%-p4k<$qtBMsxj?P)oF1mD8X65uK9@$ly
zW$9s8AJ-TpgOSzY_-jWf-u!~T5vNCSPivQ1jviVC@(3kUU8pdryJ=SDD)a$kkQPDT
zpgkwYUc$nzS`;3mnUjIetc5#FMCPyWqlhw-d^*-bBZ$cursQLvk
zaO#&uKCiFdt$9g$LViRFXcINFBY3I|p@^Eel3mtC>N4@?NJ_r>go$;kgV+Ito-UDZ
zHaRa#gZ0mcKppN-)B=Mrvmv_Km6Lec$e61|oJF4!K`!HdP2bxD46DJgpO`k(Mvn97
zL^9<+7(zeO1)Phth)28XO2hjUoR^9FCE`|ECxaf+f?q~au$FTNfN%ut2ieGJKcZwF
z)OiHsNb(XDmX1f5k7;J7KX4B@XuXK;kL+#)EXr!9AgM^JMYlzngsAWs
zuJ17(hpJE)AGe0blYeKEZ&IWw??r|4lqV}S^TIw|Yz6d<;&5(4WslL!?h!3%eIZIR
z_dNu;3i=O_2y`kE*-T)GB*IvyMKrC3w#zFRn>8~8dzC!Co5^^)6Mt<4wd9H12Dppf
zs8yieUYbPJc~Rpz&3qoyDdx+DZ@UtF*FQj9HfZ4#Gs)kWGhWc52VwLhq?`z2R&kcJ
z(L<*}C(?p%%&?W;6#)Fl0STR#x_4;i#%#Q;iY`*V2HHM9JvtSA>Mkw(tHHLGaR#(=
ze)^9Ukt6%H@Nak9`yjVL`>O=~fEFHU*!0+{_$U_sDnHcfNFiy{?`Ry|0-S-o#eRSrD%ffMTGEG(Q^i
zALAn}@%L0}@tGIkI;HWE95aGyh;dfa<8J~Ui&_$ozl#0^>`j9BnPxqVgA1~rLr{YQ
zzFv$P@}e9#K^H;ERo~3Q4iUuv<8OsLbpfcVrSrbl#Ze$%ltFj}JSf#S9<{|(Jm0r?
zSiag4P1I-@LEp@4Q62eA79od_|HvBX9d;oS2Pq=iEfC*!Fhmj&gZ?A$M&~O(1?{p+
z=ML|p+)03SvMcpROF@(ZqC@d#DXL@oLVmCisHemJ!aXpow`&m^gHr%(K;Qxj?UMZF
zEGk5%kM=^Lu$qK)AHQXUP@gm>xt>!>TlNhSf8v!WQmCp~B>Ly4ZmApvD{Rlb5_(S+~f{p%2p-G(u
znjQ+xHZsKcGtxzCPzU|8dBe*uo1FO4R(BU&w-}nk_oKPP-6$VJ1?~sjm-12AN*xK^
z_ykf)oU#ChHu6^(j1`yV@1LLupZA1OGA9#+#EDrsRI=O3T+Yx*TQ
zf6>G`*LSP*;UHen;+XB^#ameL!c90qvtmw>7k9^8T|3-{le?_(Wp@EE(ns(g2*h+w
z?iHDX(h2IuH095`WZ3PdeO@yJ9h}#sO=gp}ioLvhXC}aEnY7)DqXwXP*>2LtrI$C<
zOqz*!&1qPiwM^Q$^75p_Bt6PvaTa@cnP`$q>}5s3B(2BG*OZ!ci>YPOy|Z4E-dHv1
zWm>OEniadfOf%^sRm=9+OfY&~)iTNIHR-Za^8|Ywht*;a%M5Ev_Ht~}O`?|hEKD4T
z$OHT@z;WaOR?EE3CfU8_pG1s9uWp&AFat|rj}-F=>=v6|Go2vK0P&iV2Ku&)PHs`PmonKRGnALU=zi$&T}xu$$$e
zkXYv3*riEfj}(($`LWpanjaE>Q$W1tQ-!eRGWsn>6AhdLNz{5G4rOBXLFB!b&Awwv
zED=$jFuf-Em=6P(Vm`u<+00L>j7b`n*Cc(>B;5{ifE7nrIuj#Z9b}nwL6g^{7rjlo
zip9$wNIpDp)@(dM$n=_Y3y)=f!=|#=z>y2fOo!>^8&piXi3O)mza|g5zQ?3XbdY3t
zm~_pI#lBwiYogH=ITl;t0U2gz_LvSDyjf`fyWu^OWeg_kBu0?0W!{0AVv;wS0wy|U
z5fc+9kvDmyn8~nPYsYw%2AexDomM0lU|v@6eg;
z0mo@RtPz+!nDZU@dQH+lO;T(i3d#=Z9u*|%D3)n9Bm~WYOU0W!8g~%|;+vW{)M51>})pwu9Yb(`&v)
z{CxoNn)fY*br_>JF`8&NTGWI@(UPEfKNDqB@}A0OI{L2^CR%Kwx1rAM1prgbQ4Hw;
z{>T%!KB3d&;k5A;nVJOq6A?7bJS+8I;V{%2mY)1%eqEEE{GKMB11sS44W9g-CZ3Pm
zZhlV_ZhB9X==?rrepPGrGICe7cH)_w-dq<24S7K8R3AeOk8DJ343{Urnst)V)vRv_
z{TQweDoAJ0%m8#XYdE8;Tb?44UEPYuGr2AzUeK7)&j+BZTaPokhSiACHLM@@hUd`1<0p!OW(=~hAmyNITE8&5mh~K?Ygq>gJ#pkX
zQIO4`i~w{ks|sA6{1oc~qf@Nk2|Z~b(9Ib=A^@FYb!K#JtMnt3)Y?{EJd^k0I*@`k
zjD8{jUE7+&=sH#&qw82h2_19+No~vM0|Dqd))q$BwdOFouCouv-kn0!X
zZ1o*D$1!KshIS4}vH?idn}8Oap8RyH^kd{sx6<$&I$``2QLva93tdLLL8M!)n5B``
zomm=Lcj1{Fz8PUHWtN8>76@!)O=WarYcZo6TN?>|&tjn0FnUh_8dOGSSo;~BVSP&I
zKDec^U_GP12|#C9A2B-9`iaq*R`}yU55p{?U<0FL)BNS0X=!kI@|##SfTCv}p$}dG
zdNZTjIcRn}R>$&+qML#7g4Nv+CNllM>;(2X;3
zWxBrrI$HO`<;m}49b$AR>ms2`Q5VpI(eDJHJ6YQpop1fY=zOaT_O_DiQy0*S(LV>E
z^R4rYF0kqY<;gFwIuLr^aiCW)x^g3bObV9W=Wb
zn#n9(tj)~Q#d;ghp+oN;CJMe}&^(6)=q}bcMt8N&F}kbuD+Q2#00CTP^veP0uGVTs
zce7$vQRKT>b?{8?HUsGU7=0lC-OW0}=0>Qo
zo<7!dcqTs?4xUFjm@*l59yn3!WBtJ_eXS$R($~67!8C0FmRQNB)LT0|h*e*!4qTr6
zewKKOQqs?g!!tSYalo&z%t-<0epY`*_qWm*-QOy}GhtFMpqog(7~|;xczyWO@HX=^SKL$1}MZWy?%P_YFV~vRX5Gu+@^$gRKF0CQPPu
zW=MWH;-LWeU~3Y?hgj1YKE!&Q;Ez!{vlV<-0DOq`G{c8lFEM&r#q81FZB)mNN!>wds>Diiid{{>-z%gtZ;!t2p
zSCIT^9l|tZo)OkC<{4ov;BY8f5sGKN%VQ6cBdn3kGt%0~JR_~6#IuhEn+A$!Uojp>
z$rx!p#f+n@@0oFw6}lFT_fTL$F@EbXBL1VSQw$$%B?IQkA8q9j{Bg?R8VX*%slRTF
zwhXvD`D3iU3?F07Ao!?@fLBuRd!Erj3^{^bSxx!tl#LeoXQy+=bkE8Nc4q
zp6I-^M21LceiTPymPmd{WiZh=c?n~22DEd&@}5oJv@FGZBDpu#NIE~tuO6)_MzUk{
z2J)fv$ryT282j81S#%te-}BOggnsUdU~=%oJ;7Z;#?X`4|8&_o!ipXzy+kMe3Rsv9
zh+W(#jlh2`h91Pwgvex32~*^+y+kJNJ}$QkeS10NR3jNfPvW}QWmlmyJxzM)N&Kr^
zex~<*EE4BbD~I*Ky?4R-$yPzgVj*$|KoTvr^E*9dgt-m&am_KgwoD>jl_Ove)>o8O
z_`VO2lxp6|Z;_O>j_+CWtr4odLcTpiOR?;}Uy*Ok(D$%<7_9eoe1oFkTg$o^J8Z#v
zq2rrOzO}=?zzS!uKEm;BK)!XtEGQ|#`UJbrXiwz*HMsZQA2UP
zXt4gE!?1;X)1!v7@MVtgZt`su{o!kbU19rr&HbqTNc?&-mHk8#&7A2y;S_uA=ZyzR
ziGKyteXmL188vTaQ;wa5)oaGkvW1?*Q+aH+V95cqb+36ZCazwy*;x=1n0SC!80k|l
zCVl+FVw%^y@&!Da!^3OR_3|cNU2d_j*Q8IVS!Np)jMt>^?^*1VORw$m|P>zOu{tS>Tc%0@~Zd0@SO%^C2)f**F8ye8SrQvjy0
z)oXqRZ}Td1ez=)9$-`pPYtpBoO;2+QJ@^G!!(qh=Cw%et*9CYau*Y0Z|3ykJ-R^HO
z4T~5rlB6Cmy=H^CAa-O)7q*c1?5$)f`wkRBiuvdR1SHd(!cvq6-D7FewV@V{u~JOl
zq%5IZHnHLZnwP)0W70Q*Eb}RjNnfp}sI
zoK1MIzAnG}UKi&>m48py|LK<4g?knKO3)31`&6xHOladRf$k9^hxV7SfwdiA?Hw3l
zcTd7~63D)=OVgxy0mGMwB}t!U;Tlmq=g=o+@vFloh5sXbLzus4gu;G=_>^vi7np2p
zJr`RMzAiS0_S~?kR~MdI3m6>spyFW@hk$Z94A1z#g*_g=A6x_AW7>oZk6
z{b8>P#Kw$#U5E#5%wRWuqP6{5XsVi_lk?EoPm!f*3q&jG89EV1$>6S`-1(tv@G=hE
z>9mug73D^?!24UlxKtvhI`*Rxq3Wj*$lZ1zrQJZ9A`tgF(|GzK7Qnb{0hb6>m9>?y
zLJ=c&;chXTxuMIv1I#@PWI1n5l^W2tE#Hb-YCtDtQITFK%P2W^q!-F6%56t_p{(mf
zI^rM_`LK+luL^5L<3;rxgj>@NH_8q7o4`niX6#03ydcXfAtOZXGJfjHZQ%1@g83(IlKE88Bdy@KrDx
z9zh>VGNM2JN{AwG+-J*~?8?~<-{RNN6HZ-6&+#aSz6YgMe!zeUxO+R2wlcJ$?B3DK
zD#X*r8uX&qX5$Op2VNH9Q!tLP1Mny4DtuW`n3JFtNYG#Rssv$B;h$XHDfhoAshu*m
zSV`@aNySQPr>tj}l!*BR;heF!L-X}^5^!uVDjg7
zi*#82QrHVzWLwQ&b*Xv|FvRU>R@Q#X>`
z+mzg5U;<(qG8(%~ex?djh$WRnZjogS|eN4H_YhJ2afc)Z2{;^0#o-K`Lhk
z?R-MeRNT?$sY{`Q7w%~ya=NFwa_5Vf-Vkzjx+=MRH?ns)vS?Y9i6vUr`_ikj)^1tv
z%Q)q>Th{xss#9LI>pv$%Jo=DBb_o8Qs|jDOLq3&cQMxNC&RF_{B{he%xdpCb{%NhsB;v_S_LreLlCwwI%eBOrl-@A#rViJ6pL6
zMf6(eUw=|GY>6md{>jzV+9SV?E>+}!zGfHqH9bSG0_qv4ReT=(AhM+&?6vJ0or}7B
z1<`zcs){Duw$P~%irCc?bf%A`_koZ4QX2POQF%V9=BU}dqw*5t>EIxQqw~6n&TBca
z&)72k74I4N7VErfXTKuE+wh%ZW2?B~pLDRA)6tdPBSaS)SIfouI{dB8&3D?I%Eib9
zPMgEH)*M1^Pf>~O;|iGpAzbE^SocG6Mm4N)(Jp)F+3UEDc%dGz5s>UeMNU2AZa#ZtQ*}e
z@a3BD3I~XBnLbb(YvcS4>r>#+6wpKeDwD6q33G@7Ht9y?)jR-qIy2=ohrTz~K0NhVd@7?*xQCOeS80L&TE&(tqJ1^L)I&Wrv>ahF%H2AuIzSU0}iaqBebi
zCkK@JHr`)89pTI6lU9dfH3Bo9<;O5RBLC)t=(XDz}MJ&OA|B^HxAnt
z7St6alt9%&>|p6NDi8qOMb%;KtfQQ{BIfFA_yUYA7j=(+a`kUuW^I#jO35tL!xYm9
zr5P9M<&?WnRFA+&^NcOTUzhR=5V?I{JCV!AC&wTy-jT9#E7l(R=&`mG+rOv%%!k&8
z4tN%1^t2_nccb?re7TDx^4~k)0iH=(>}rtgPB&jf{kQ>(kN0Tds!JY$5$P=?yn4)D
z+)8DO_qVdEVCCM4#sX(VqA+)aWMrLKl1!rawRU!}U5_Q~W4
zEmU)gF5R3MSN~h{?3!Tx6OKG
z)mi4MK4`O^sodE-ktzGEUd9Pl^`_72Db$nk
z2%kQ3KseS#sW(zgm?hAMM(Y4_eWJ=Ne{F99U#_Hkx&KCQM4#b2ZsYtlXasO>Z*>4*w}_{u6#g|`5*fFiB(nS-cuF8#4P2^R|POB&hCwyx9f(f_5ycuRC)x4jSG;g
z-Gad#K@AL!b!grandqs!5M)u80$#RL7v;K2G5v2zs0rT?mQge!!^+Wj*Ae4*THdCCw)SuBP!qaIvC9_WuMLs#Wf7g6
zg39iNJq;T-(k-Zdz;U5k-SOy>U1tmvmqHzgPXQipMMRrn}3ZbJN1NNu8R95(vrcdC@>2S35
z+FO9V4d0VC7IEaCTy1o>u_3l*AJY->e8$H4m8Lx4xTW|9NhnQfQ1mNJ%8kTMfsnSg
z5WmtyA4B7Ai4yC6V2Y~;9lmmvCY4~n(xlverHMZ5L}iIHlS#CSNTX>qeb?V7pBabo7t&m~bUO+QvCXlWo0d^K8y~d$z3?t)0!&ZHm5Lv|@JrZH%9K
z(X!d`ud>gBn1Gj#-Yi5O0@8ZH;Fk6+P?De`mSQk_x-Mqm+0~9;4L5#E;2XlcXklI8
zpcaO8P3qrYK}P1-9R8a64nUldv1rXs|4w44e~+e*)cpm=vGFP=Cc7b3>-o2w08V{v
z&Q1USu-HJKpi_$trT>F`OoJ$`6%4<+LxYWor7(Vu(8UNm2iY+g<;Gwdd_$NQYDE?t
zRGFjuK&@B-N0g2C&u#a>Hy~ziv!*Zo1vcxLQ^=@Y<5Yrsy1|9?;*9#osndR$Tx{yJ
zU*p;pa>3Pr(2Pk`+JEMx3gWvECYRu?H&
z`RF4k_MBJC;e+-OYE^~KP)RGTl7)OOLavG4xD?bDQq>hw1->Qn8Ou#m%ALQe@>%6~
zPfRLNx!MDqV2hw-X!^<3BjD>cv%kw)9&WFXh{Ddu-4#F^h0!?ukB+$sjripUC9|Do
zGvx=hBD*Y=4AF(Nfq#kc>2E2#`~ba`sJoWWRs>3ocx;&2)
zp1*7C!xJY8>&@T2yQ?CQJ^!^Z!~8AHl_4d}=h^byo4-|Y^!zP%xj7=P;EWKHp(I|Z
z_B#4=pmL+xASYjU{-!^35ANt03wxp?0BkA|-l+J#E8=!^1g@yh1_|-ZAX!lZv_~rT
z2%5i_GxqA5-$;w7ddP^#+>D;H^Q>i58WV%Nb0I55nu66u;MSj)OmZ
z;m6~9Ij`yQu}?m9ImeevuaC@aN$;{^DA}U-lIfM9utQO65ehLwp=6#
z3mU8mKlRm;#v*L6?sg%L4V2EiNf&k)xOp8HeZWY51`s%!Ey8(Sd7jS};k>y#@5=2U
z`VAv7pX)X+xm>#JcJV*vV!y9+WN00mpo14!3A>HdZ{&Io=R*X}>!!5h1|c$5+=&%8
zkYg0TH<*12D%Zo)Y9SZ557<9J?V_+WtkB0Ois)4g8~?>V1pgH-g;9jN891&I3iwq2
z?h+=ef;idEapmMXcq%I%uR#t8=0SrVCQ8&zIN;huf55pA2%-4Ak#sBbVZlP{BreD)
zUh&ZE#|=s?h(!EPFXP3&17sa}Te*t)szK3JTkgih;BMuJ7_^m>r+O<#$l$GXJ?aPET*Vifj!^
z@l~X3w))}##qfhK4&=#;1GJJv74SmREX+~sNV<@dus0LSZwNLIOMUeOt?{6^zPN-*
zkLLgp!*jrB5xC1JOWAelN&!wP5kw@Csf+Pf>;EAA=>b_~=xF>giV}LWykdeKR*ETN
zBPlP;cV6X`7TF8X$kJ!Q>qDo=xz_V~9?R-7lx=etqNIR_-_da7W~INW*1uKi4_b~-
z1w}4Gi@A?>7QyaQ*H&mLO6z|SPyb*%MQQNHkDnkMZxsE?Z(J%i)`Vy+Q`3tu@a<WPXcQkB&19p%D7OVown)kHc4)bfrTe~YSw9;|
zAwqvPs<`XhjI0qtJOGwiN|4vCMu5r#x-4vek$)WRZ#k&E0PxnrvnqOP;aQF7x5%eI
zJKaOjK)8bL7$J=QQ01uaemdbL~J*%QzX3Iryg;|Z{X&$1MmvJ#viSQcT
zQW8OBqkqw?uF58Pu&X_dh2S9|`YES+)8$z<7tJ8H~6@Me$
zQt}>9rqiNauX^=lFQZmif5|nwT#trsa0acv
z@(`Svq;z=WXGVXw>tOsmFV`!wt6=>#1uSy>Y;X_KDQq>3Jr;)b
zeSs*`0K5?I{^C_o7gX-g`cfs~2GkX%q5;h-E$bwYqd@YqC8pD+$yLy9@V1v0
z;5GAb;K`Y8jFT@#NhCF8ds$*Q(s{~=Hrn86pgPQpS+_k-$gA)$Z$NSY6h^pt584w^XA@**owr)e46wD}Ril!@$Yb
z{hm?Y-91o1Ao@L{wmg@1;Jk@Emv%%SGs?)_1$LR!I^y0}NE)onZ7BEMY9ckK*CZIYj1MT)2$wIr0dj{L%;mCPR;XSVvfvVdsFPsTimRho`
z3%Og?olQ0`+1Zj?k$7~r^rm$nU&)Tsw!9BXx+Nz|&i*QeQMF;zB|thTMsJH4|Db9J
zAzSrPNn=iNJ4lw74X_}{*@CfIu{Y6r?*Y4>DR{Pv9Z*G%5;DdVJD{07g%yi1bBzSU
zx4mSQdR8oPtq7U0MkSs9Tv{Q6AFv{CHl}{X?u`mxfSo-{&eo%XRgZk8md+RzW!rW$1kaFg&M$da_6H-dEsaw*ni|`)Xrr^S^uF%|LMP+xH`$4uBx@
zF&ucdm>b;tp5op|nzr3;iRY1SRd#s2?^RG8mVw?k8YkTQ(k`M~d2wx`b#FkKPym7@AH!CEHs#O@nN1IyZBd3)_40Thj}dkCNHH1g#a2RZhOUI()GMKQfo|SU
zS&*znY=j8eyKzfPR6VK_tcSNl|2xR(JX)&sMwLsT7PASTW(--i`^=gBX1RxSITy|SIRcKSIX8?gk$-0LX3b|
za~2NV3AVMstJ8b+>MzQSPv<*2GfDplYy~zV9jL7H9I^*gheeM}fs9nh{TwG<
z6yDodTmzMjUJpfbXdEr#r}|Rd>pcm-A?i|kI5HdIfFZTsje;$Wjfxas!DNYGOJk$X
z_taezN%&M-;NKw(ac!imiyZC9F~Ra2RsoxnNEKo%)j91d5~|b_VhNq>3C6>a|BCu}
zhUlmdsTzi-(XJwmRzC2eKG7qB3Z?}+tP~clCgrebGpA@9)kb5B2A(1J%C@l-Wu=c%
zG#6Ce1gyfDwCorpeAOZ|KC4SZ`Ob?}*gYZ7y7~7b-Z-A3_pIYy^n@SCnAxw-SPsib|dYrZ1Ec6(>E0Cuu@b*ZDdn5WOEAF
zmKY<%cAUI$w=C68U8<{~26-SC?GTZp=WKP`Y7WlP>YlSRWUJ!^GaBkzJC+6+Ze*Kr
z%~$XFA^q$O8?_%4#a`m3pF})P}I%6M*2!*i%gR72p+q6
z0_h)j$%^&H_hq0uECUUqJ5H!+#{V=5k2r*3k04uCd?Tv@RWx;lj0^bj9dZsTyf+v8
z25L~F!JS(>Aa`w;+)9tSa_a=iT?e`NTVXLTOz!QVhRBV36=T9kP*c0e@?qJy}
z2G(+QhIx{KA<|xi(0IS6RyRN5P3bUu-MWmkIX|h@0$}$vsEre5yHlOf-=2?
zoVg0`^?-Lk4feKlR9iDymJ+NRUedrg2U%w9FJqA4Mlnb#FE*
zV|<|p`9?uhma@egU#7XX%yGw;KG<(2s3o1Z-+YSW)U*09S$PCes@Hulsmi)?Pla*u91;k
z)G6-bMx5P?K*}(eyRnYncTk8Oon^c8Hni2pqmZ_EY_z-d{=YWby@B9%`Q?{*^bCT`pK;)JSxv4}5MxJ}s}`+OGD%b6
zQA@;5L>pChq-ify2GwC17{1PuEE@voa8yZuV5AqR+ii)5zy;z%q$_v44K8FKa&p~Atl}LIv^{~WYq-&HF-fs01P#xxl
z)yr{0R^#1v8xTVCAHqY3io;~+RbS!$b6mMV^?v*`mZ
zQR-!*BsF^SNbD87*}T*aNigx8$!WZAx71F_L01Fc#a;QOcDea^v76T;cJzuX02|Ku
zdoa}0QRX8MqpB-wa`Ebl0!5ZXjy$-CA2Rab2|qa`sH@QOLIB2{=*VX_!@V`&-ttP1
z=iXtg2kxay4X%4hIlDLhJ|R}%q)I#KUfhhM>}xbdxtFqof~6EF4sq|dor2u^KETNo
zG!1nxg?~fbOQG`+_sUqh=Uy2w_S~yt@7ldm0Nk7238Lba`6Z?G7=iAE`T91W`Nj-@
z&g9B6-lRcstvllnuYsJavhsA+Qc$_qxPkHbUvOchlfrq`_%CqW>nNPe&G9%W(qFn7
zL#~sc8fBbVRig|sb2VmDHQt75Y_9Zp)tEh1^%BzKRwF5=YK$KOo-&HZo6W|7hvy&C
zCnxQRDJn+IHzLMPRCm5(b=wog`>L(HWVptW?O7vrz5b`TDtic-Pu-w%8iGzgJPo;7Y^xc-4RRH
zV_7qRlPN|T+Sw@D8`9Zgu#OAqY(xki%Vd1m>ufUL8_T2sbhfx%(7zvQtEeJ)9p*hy
zxx=`z?D$7!<0@DySyZpXWIm=kOlveUF0%oOEVHZ@jC&!M5YS=N(o){ML?y=jPvhP;
z+)9?d11+UO4GLXrN->aYNpvnQ3^`Xaa$139Gma@GJ(0ba>
zRC?%Pm)9Blf8Q*daNv7{2f%4QfCD?6E;AUXaS)j#a`H4w%tE?KDfG6D&w}bOFC1Nf
z6L$0$DADj6tq
zqn<0lc1u22f*@$I$NuPUym*?VlHY_jrP{00GZ4nTg&v4;`yAOreJ(ok=a<0Q0-Qg!
zkhSb_CeBiv^pvX0N#Z2u5#sCv&d;SO(g|0Gx2ct~d^tiEy$;;Y(=zN1$@Uc4HWE
zKaLmTH&ELvthW!VJX>MiXe_N+eQ!slZ5+)T2^l;&8pVNZ9=MhuSX5id@dk%GAP4OX
z5w3JA*}VlW?ka=~K~BpY>25ST{uo7jgZ0wXAekFPCCfk$U&=@1r$JO5Nmx&aF+^xe
zQ3{Hw$1Yfb5PG914x!W2BJo#7V&C6f>bg_w`a#?FubCp_O4xr*g>B9p{BLCwiGNlcE`{v)60$hFzOSLWo5j7=ET@txIE{3(hc6PpSZ;s*i_1mM~A1+
zFi4HPh&O@xmPN+s7=N1=n@O0dV6ndvWK$4C#AQ##4gX-jc8kP%+sdn;a#y45@Yp(c
zuye>tmhto(JVhI~^-(;>_yl4)O8D#2T&!R_fvWw0orbKU>BXYU(~C!!9}9{uXFP%$
z845Yol=K8GeSD~Nj3_Y^aOWYYNjJ-4Mk|*XMehV-skQLj;`>N8Q(9_p>;QypSw*x`
zC^ZT3FEDn`lH&GgartwD3g%tEdCRUS!{YAso44&^*Kdy4`ua_q^lT}%P?adQI|g*$
z2X>rno(N1#2-F1DmdJ;>Iut&Y+
z&AXL-rDSwl-CkSSmm<&e9;HCsC@nyMce*|^iO=16t}#2_Y+?|
zd7dMsf9m7M*16vKfw510eD5&TyNFwgaqtABU%yF~$XgJ80cy}Vh(6x~*z2Hf3d08G
z6~{h^PS*g`2!+M2T9xHtQ2$5pda9Llt}eMcC-Bc7XaQ5LbQ!D0Uj7>1bM2dMsb|wgK<-&rZsNl*2svgO
z99V8w$ilVj0#WjbN2433t+5rYBo~`74Oa=;BFF561G^=OT}6c2Dx1t&k
zs>5v1S7=;B*m?m-yYcmptS;Y!$-;EdJ?5%>M3BPMF;}xW=>BmPG|c>NxG;JGj17mJ
zMf@BW5nc_TF5-G&#JLRe0j1n)H`hUBXX(iMHFVu}YKiI9SBs}$O=#qOVoFHlePXtb
zyeF3zVgMM{w2>>-yL7K9A~94b3aPVR8F}x@k$04f=%`Weui%rF=TDSL1g^+wGe;d*JkAjZ|xVkKzZWM
z7SzPBYD@VF3PCmN;J~_ak%h5WMo-_a4S|`&*8E*l*7BF7aC;V3ySm?x;w6y
z{9jQ^@)qyjGj9DH;gE%RlakWnwTL88*_y_xMZ_gNh_}sxdakate3>p(Z%}y+M%l%}
zz|eDFsUhXPH$ByfTug!J-H&PftDmVq|84JX_t+aUy7c@h2?F|24!LFJ-RcCiqw
zTQnIx#E@MlayS*O1&Ve(LpsST+9(L%qU}Q0af?R3c~8*?JjWG}x4}OO9vwYoW(qyZ
znA_3NFyc`+jHn*{#9J;---bt&Az@FLEx&`xm8))n7IEu4qPs7~y>AMett+<`sKHpC
zQKGvU6)(4^VJRQyxUSUANSC)yV@AL46r!}?GW+1b)kL93@8z7CBy#KqOUytzLMin6
z(L7Kc=BIIJG_))O#axdA3-h6Ah)hE5u<_r4NLwly^|jF_L3NmoWaJ@8dJYuxA`UF$
zLl`6y33dCorYQLg9wtySQnZXjP#tE2jQEA9pkM09O7$veFfck6$`!s2->e^OJMqp`|$}W;<7yl|dCmsD}|s
z8;rD{lHpa*BcM9WMl!ac|4jwOd;$lqpp#U|iG(VJKPA|Vw2hMCRnRM-I?M(caj&;U
zd=HfMwTll=#mqBDmM&@OEQy;$(cRg_S~A4Xg3uT*+F;d4;QO|Uhr;Ae_R0`$peic~-puYzj=s^a#-AkB*0cqN{?
zaO08gpSK3x1ggU#AooF>klZ?v0aS4`|J7LfuV@wL
z6rVSe`~)bsitYH}PCN9Q{1}&x`ifa*h`iR)=iaDtGpNPtYbXu#6^Fq^HyrlQeUJ44
zxXf-ia2YAy8#Jnr$m%H91f)4ip*O0`0M%iB8WH})g^Q;_F_+_@D?(%vs>69x96-8R
z71kS7j)Lki8_9SdPX7cH^D7**(?ueoUe3mUbuPzETuO#Fs+0uPVK#Ema_oWIg3`W*
ztdKUSDf$>idqCxt0cHPZjF)b74RC1e>8Ls~GP7c0FW=Kqx6A??M|~;2c7xXmA?}D^
z-=ZkKtBVGPHhYx~*p%@nmfpYYdp0U?p)L<4n88kDr%5gvU0khUh&v7<k|2^{FbQmD8={FsR&0D7#pA^1s{0
z0)RPSNo_-fw}eefkL!W(mJl6T@En$+iHETzRA6sRFjuKDfnuU^OlY4)mhzY|4z5W9
z!c=_T1lSBz?HW{x^o-%JOhI4{OpHSn^#H0(73qlG+O0*wyi{^-8@{ij_^p}h262Qc
zzKKeu_y0p$Z0SV^6X
z#kQ4=6fsFm`Ejdp!AD`e5~qS1Tw>fw4r7{wI#OXPXt^C+tb5TR{uX%ur%F=)OpTif
zoGg4^L?sy~ldpO9=Xh?o8+a!v-XWUzpys_NB28jxMS)wK?}@lc#oR>39N733
zkOLLJ7rMDr+{U;ek76~j2JJy%@7KDTfErwOY4a0Sin1}b^mvN+TO}GyruxB^#(NPr
z>ISY$X|l|o-u|JoFoVwkb_S@QhG7@DSl5pUcMKO|6{zMbIPgHe2vt{?fYEa=Z6U>LBvOxVl
zRTgf5mOUyIOO=VMKqKsO6bFZ%Hhv|(onn!fl*ZWlMV@%&#|0s#Lyox^2QDH-&w?gT
zQnKNgDRv|MRGHvSo(Dm7n4c!T@fe^_fMR}z0}C5NF3Kd-YuhdHFVZ7nG9uSP2D6cj
zf8e_WP|Q>uSO!HoMIxa#eQb$VNMBGgyvefzs1CD1Mxl|1SlIm_&A>N2oY#ej8M-uUfE@27vgn=s>Y*
zmEmpJDy~!Oa#{}S)v~*z4vFa(G71v+@
z-Uur`uPYZ<9(pR!tejq`;4aGCmn+0gfY)9GVy5ErB8VS@dcz1}z;&exAqHG;su-e3
z=!3TR4cN`d^{PHkzynP_K{JjiDtiLC?CO}J+A@wvsxDN)n?wOm$2W_Zvwo(-UpR;a
z|GPpoMuyqm6-c-JdM&myasANR6y1;(;G0Egk#OW4JpYJa=A$@p!y-P>nIMZ%>$8x~
z!#9gSB7w%uW%y<8!-3(R-OGdQUS9npiuQIU)`y_=eWYjc%_8Qkb#&N<1M1}u?9%d&
zqh2DOSGAB7$qfy6J>Fl6ev6FTzY?Mv9jekE(VCc
zLcEX69Vv2P>Z&E4arM(}v^<0ELo@gX)Se1^kH$JLsB&rSd;QUVK|PZ!+gi#nU
zNEpFiyJU*$$Ujj*dIbjX$0*7K)nR@Twi#NQfns)Yg;8uRNEpEl+*&XK=~gAon=rM%bEOF+bOHYn!PIB+r3I1WUp8LwMn7t+U+3|#C{2JHvcVK$Pn2`iXmpqS@yU>Q_<
zK?V_gVh>CBH{vR^66U$81gH-4ldvnja4QTbW?dXu7zN~lgb{ol{`tBy($C6ESM}DG
zbpzF5ei9bf4OfOhF~{M+!YIlWB#hvL@hs1Bq^~Jqo~zb_>M%bE+u8%qJ%D2F!-0jR
z!ZMLasG*ZB@fFf}N`~jEi=aBp1{ra0wZaW`n+$QE!g(#f2B_TfWz@=Rkvlm8gH7Oo
z>DU+pm7#cR>q2*NdF6wKH0t#MIQ{BjyvJ0by=~q?pyh&Tu8~5l7$70k4!GI`Zxd0f-&+WA7S#L7N$fnhg+4}6otHvNMYrJ(5v5v{RiU^x
z8x=<*#nF;>Af?*H%X>4swxsv3muj!#aM&cIAG!rE{8dceVyqL?1YHRF3!r!fx=ES>
zTM~{Vjxq{J^9dZd0-Nbj)12gX6lzKwfUMu~Zz!9Q?n#uz!6?EXqi8><4vWB=b`nl#
zO`Gu1T(o~WIfnzwr6oyFD**${J7tj+7)B|vqUpITYHS!n;Dn00YrVHCFt
z5=QVL_u_vIkq%bEye8WXREPOV*dmm804U~g9CV3ABB2HdODse>UzO5pvdckrn2nlj
zgT{DT1(e=pr8ny8%KZ^kZnD%6)CO~qaK1MxWiWxCKpr5RpN+s@4QXATBjVo8!uo#;
zmIg{%y7p~4s9GADBu5mSXkUWl%@^r$Z)4g}d|q?z3qIMLXBBJCvx1uQaYQ|)0r_o$
zEQP0cWih=h%bDk^K!u>GAg&^s)7wC;RlF^=&A)-_pZ%jHXj>m-d{=4w04uQ$x)B9UD!%0~GVH_EdC*c4DtD6BWG)poJ&xR$VKnh-aGYIeeb8#HA#q<cCy)%TQGnRaK!9l+bS>
z)E}FJm(!L|ow5dg@Y~1B4pVh@??ZgmXS8r$@@EBj*pM@-v)NxyoR
zyW{_h{C)n$A@cY8GhO*{XVEMlfV5Lehu4HhfXYqSZI;oIEitmhS380?ODZ&CEvm%t
z0L@!v!eGKK5G8h$BoSyNIPHzoa`H5f=jRgp1B9fCsS~+n4Mw&0klS9#jn#4^b}G5V
z>~6uOAX>5fUJ4dH2+sH8q>ns{db*s1aV;WoK^DnVZ4n`*MRUlaLde~#M%b|@jV{KC<2Pv%N0gZqaa}f
zf2NitrXW3~gn2{vY)~EMCt(eT?W0jkK4Ava#h^(wN!
zl}pTSMM^`RVYcsf&EPPr8PXg9v6@H88v9w7oADO&r_fQn1=Xf5l5DTgGktb
zx#KqcGRNV-5ATpwo+J)VJ#1Dbs*LkJY~DgAXubu&nF$0EL(xFv+TuqZ?
zZDGaycCc`V^`RYi0Tu1oDd05M8Nz9fNGL+7KBAMeIA~i$XA<*9LtMQ=`Uk#Q1QK!M
z9uuN0Chq>qd1+d26;OG+>LJHcRN+a0(_6yTEfv~Z0QLi#*H^w#w3Y9)iA_Hq_5+fMeJFV=`a@uk?>eEA&%mgc?Jg-
zN&DBJ;fJ_33`cW+9bpo+UGet*4yX?ElYNt5Um_@GI~zxHGXHo?wWT
zNY~+;MQD+b4ZfH0%iN2D<`bO>l8n&(aipj4%_5LU_#0*U8o$iHaL{FuUA%@_neKiO
zoe96AKki1^gG-h8W)Vl$k2r{gCv7YSK{K;(&;o+&B!$dpQrBS#KiH+Lo85L(sAz!#k$#vU2qi$FE
zPr3PQ)b?Pb?pi|ixzQgnAL>siqY@O}D0;~?>P6Hi2DIdiXiD?dyQ{j3ltIM5!XI%0
z$SR6|qvkKSUlmI7=PLf3lC94-qZ6+ty;y=b$`Rnax0;=fYIUua|*S@_nwVMqS
zMM^``G}#}~1Ts&UvgG(fPyQH1$AdLlg&$7{97}|R$^IH-vQ>C|0_&XYZz6Rbo)G&q
z#&LU!za$NGR^cBLYV;j~{n1pHFlk~eTQ$v}lz@I^6<(Tf_vRWx?1HA)*S<%CneC51
zl0w2SP7v8&A}cm<2s#)0dY~e6}3RzgUpq{XY
z`%|e^*Da_o>=Ewo2Eu;C{oPR5Bi-MPggr|Be#%&2kV8kKSHVdbHOU)wKf(V$LEjuh
z`l^j?YDYnJ$R3K)I6v@@6%(C5_{ZXjjt}|tjG0r4f6ScdRNx>`+wfRbgw2UZ@ei9
zs>5tF3AFEkZ5SwKbsSg*#mYq@p~@p7-5zOfn2b9?b(jq@T5P!uQKs=F`haMT!hyw5
zU^{3GB#x$6OtA!MjWBtuL3Nm)Z2G)Fh%KO)yK!J)6ye7I*yD5#8pauW~Z)e$^FTNW%O1jkd@YJ%fce9v35RELNr
ze~hB}pgJT2L!FbyX&=$_5fa|VZ>#}9Y{EgiMI;i(O2~U3=|LsWi{gI@szYqF7EHO4
z3^`r=rT+mTQ(+fq-OiiHrT@I|1%K1VFy#c{+xkn_K~B+iX{(37ISl_C;cxbr?SY(c
z|B?9ZTK*sxKN9k(+lK``@k4X8pBKVX15mSIXbxj(8(Vah-
z?_7Ra30(tQzsG={?y*w!|$$zVq*FmH#B6$gz|G>FG$!nqI{TnK;zm%8YuR={7
z^Qe@U;BO}7VLpAG>wEs=Y$E_U7{?ed^mbWkAxBDU*B4^>R5`R+TTNKCNbt~bw`Xc%uXNdF7zjSxpg4{f-H-cH=_(4InI0Ew
zb^u_OOPDtKm4*4|12V`TG`79cH67#nC6Q{UaH7x-!Tp
zkw~a{^(`?HX~QrX6G3&Djn)+PAp>iQc_5mrabQ#E!f4Q%f;dXAFvOckUkKYT9s|{3
zewy^kQ=O0WMO*=OgsSsy+PNj)4XSg**h=y`W27%#jkhA@w+e*tMbrl}OYy^1{4t8|
z2<7iD`G@&9I6!_)$szp@`XYt_dF_&Hb6)WDrBHsQ|3Q~OFEH;jW^W+J>)hB?OR#5n
z$fx#&DBn9|-yOb)6Oi=xPg4GMJzh_GkE}(^AGTHlsUQMY&1#0iJSHtwhszA7-
zgFi;mzTg7Ul}xs_y)Q#nSguIV
zNSREvQN?FJ3~jxY4fA!GR=75(^_DcDimxj9h{HD=7^&iG?8YEON)3{j>a*Vf?@!;!
zQlWwK$0)iKDp9qMR9`Zc0ZVonX-V~El0a&4DV<4Pd7mBkJ~mHEUV)ZZ0IHr8bbBlB
z$>R=M-pBv80(nw?d0$IuFy43YSrJ@RF{sD3$8yRp=Zl;M(YZ=tYprmlt5B{0`vE-T_
zJdCI>l7GLmN>l;oit|!lyy^OPPOv;0FQkFrS=CKLc4o@psq!wNHk)CQtI8vnopd4zewuv+Ak7A}61(f?U-Nds_RL6?q3FT|X;b
zRZ)k;K5^yC$>-y-(pAT#?-3FkD_wQWYD$%16&_ZuI_0`*l62L_mYRIN9UIF7!e>^6
zzp-mZjA)!R>Wt;c0Pi1Tv-7nx-w$zSV>0$NEAnrc_01V+Y*}sWBOfYfgc|#rXRNHo
z1I27RSlqV5#cewhWLu`T?e$>W?usSbwpkI2VZ}0Kn>X|y3bu_Zdf#!ZY`0ly*)d$v
zfnOfS7_-f)Lw}^etBzAt@f)lX--2_)=d!HWk*S80d`gv7u5@>elQqA=szP@kScTii
zWeaWS#$ZEJwvgcER*4o6vH7$V{I{M{7KaL+sRS>#YRPGT+PE4#$vo#eakH%8wLyL1
zcr|ynT@j*r4ryL&Mec@6@EQd7HO_qB-Li0blU~?5!_~<^4dlAP;JWN!KSqM
zZ3ynRIUfB4beb!0;KlDJ86k^bGHAgEmUsiHPc5eF>Z*MQREPO#K^})YLB0aTv_GaR
z-S|fnx`j(i#RV(;e*^x}gs3=?|7b$JT_lpA{djjz18~kSAwz7#w3-gV@*GxyOR*P8
z6)wg8$thMeZOFAFt%!#J&-+lic8qrI*PsTu7Omy4BWTwntrWMl#PU*etmQ5>#|@kF
zD(+eVUzD{kHiFH$yA+)H4oGr|HY&)W**VCPq4LRA87Xw}I6S0E|1C*UZlixDtS2JL
zl9ZZcY=0}F!Y78Pc~Tl%RX6PxpavPcYh3o1Ro#Xv+ZpkxvQy2U?6Cw8
zqpVEju{MslOem%vf#9Vut3mQ&_*aXFK;oKhij&Xb%AW@HvP
z795ds#%Vb{!sO&>IoHhK3H>>e^Mx5R2^=Gp9ItIW5iEy8w$lm!kr}-iIbFl>uZQ9L
z5`Mo~@=N4QdP~~*k?wG}e1=>v!m(@I-TSKGmTXXE-#KXdba6WSS=sZDCGFi4qP;3<
zUtq?32DVxIrS{gkb$0%|c-e3N~N?D77RNTD+St&YeNpRM2WZkT@mIh^I3vJlC
z5X1ar*aS2B5wNw{BMob%4f_Gq&`Q}{36H*M6_bNh-2El8cIm8X!C9qX*atdmMo?CE
z4zgq^3quUsT?VSVnK32K;31z^rD1p=oIi+VgBoPmig9=6L3>+JW2=tAdZV{lg6@W*
zxi$9e!yw#mmX_1`qQl|CeWKlXu
z0bWr$n(C@7#+FoFl6E29>qMH`m=PTy^VBY>$-5P2K(HoSv+-cq#;mIMakYs*$&8o-
zCKR%Jt3mDn)H*2GH#>_+Z+UhK%T7}T@PD5;Eyl9#Qu29KKj)!M*3n;v>Rq_+g6rsSm#|&c(LV-vH(f{9
z-SfQIC!0gJAuAO@30Y^RS7&XezAW|P85aJ;9&Z4SD2d<;U2!*#^30bLT;b4(cn&iJ_M0SFt&0C~>i?#eo!SXqt#Rk4*R3nG*?MSTQ
zu))zrRF!CYDGm}}GK~4)6))ky%XKnPN5G#pXc@eh0K8D6UtCLNL?m$}lHL_(OmP9}
z=*`lq#z51@DDr)cJpzfx0K3iDZal6K$qFG7+8~}33zS(E2i8x|)M))8kwiR%3-Gx}
zhpF9xcb7mXP#xySCZy>xD$rEJxF1yUHV(Q#4cQx0jq>CTS*TBt|FW?b#{~voOPp_%
zqOpB}!85^A2H)Buo-%eAd}(y8QGx~{I?wq4b+gV$IzxJtXGk1-rkaQ()zOhx5F1G(
z0}Jm(i$9OoG;WmsIjKAMJD@sbE#ICpn18I8__EOv^sUBJoHxX;p^xLo&_y_ioow*X
z_4vKh*g@o7M8=~Q?HZ!P+$~&1gb+a
zNchv7!ty6b_+Z2M4g|ayBuw~VBaI@AB9YiD_OV1|VBXsxeUJNG_=6h^L3Kz5`i^sj
z(>&3%4GHgO7;TU%28IZ45shZn&q$(`QNz2a&Gj?t(}_qVS?BOJ+$WGuP@3EU*(h2I
zszU;)7Kx!0;B<7WWOmPKiMwk-oTPPtJq+~y*
z@Rg5*cQ=eO$Q8A5C?>qSQHHLm;!hrt7q!k3cObp;qV&}*(p9L4d{7;dLBf+ch48Op
zA^dK`7zToP9EW1U?>5Th03s5J{cQ-}fb>-*+-pLwgX)kB5q45%+6pvYgl-
zhVXt!J1F6J8iqec(I`+Il0m{7af-%2iG=4G#^WG}6*v?Vo@>M&X5qxX^K-<1kj5(E
z*;@EXP#uy%!sl}e;k`(B9mDtr1Yv(4ESy7$b&N!s;p7lp7Wr~spA9CJN_%a&*ZWw+W;ggK$
zOUT&~hX1EHKIKWmmoy?$FJgJ7@Q-Qv4}uzGzgjMpH0slfv9LRnE7v%~-HpkGYrK2j
zU#>$Ff|gH%NS|p$%!B0o_0nI*wZ0!i_2tUtnQ7FM`f{Yc2v>ersn2%LyUTTOqmr!{k#N3e_=d?bFmZ$ExHr0
z@4n#6@J*W1JqcelqJ>|RBOek+UP~~FOcHt!LE?Q#A5$vbl@G3cg6fcHQaPH_d}kV`
z-JN-yb`>pNF9Cs{8&_~HB7Y7tp~-H#srvJ36et#%B<#08O;HPwo=O!iitxuMY67Z5
zB1qL=oc0kN_fRz+is*^Vg=>^UAd5am(JD~6739KuSXz#&zU@sE^H4on4PeVSt^zN3
z4>gnb&f&7)r8FVN@{I>agMx@HmXVfy#x}?kZ{ol{B%wjoP0IEoDDxfC{>l{Zf!`~j
zI>gV_J(c9`F|13F7lVVACo&1R3+wz$kZ)IFl4OBUqHItdVk0r}kJK{6cdKQo`)W)d
zWLJ1_I3AhUa*H
zV>F&`s0B!bl81*o`GfWkszV}ZuK$bEJkha!CCs@?OZ7zN$17#|y-{!ss9gSynQStT
zf{{zJ5ArF-hBIm4USiA!POQX%Jwjj}b|RNF*oEIBljO{8WQl`F=PNC3v|%5D>W~Pk
zl?9wa^y?&gk?{@A#oss-6TK*FD~l%P=keO(l&e^{g^A7t)gcii`e#ld`d<>gz-WO?
zaSsljXnMXQazU$UBs!6puU#<37^IbyXm7VQ8&roxkm&ZDLi9=!J>Mw8xmb&X7L7+>
zaa!h>CEg~i66Y;SPJrqV8?}s%6H*~&TA5#PesV?eS}FC5s+D;#6L488)2lqor!XRq
zxF;EDz=_5Quu_aS{jY4OT82vmneQ2A((P}N`HDSnESpxKPIE=aWhAX@#76K9TqbSVs-+zXm9}eQ%cd!ic5k`+
zOOao4Q18TkyL}PB)TNTW9Xw4RqbTaPprTN~QnKHn*)JJ~s)N5>L~S516-oX~$qxQp
zmwzJrRkfRT8N>M$E20&|-7;bzaGMo(j^=*M<(9RgxLelK++&Hmy0IR(B*nc@b6*YR
z&XsMpdPB*b({fl{I3hdlHk98i?B3>nCBVH&YAha8i@dp-`yv<7u@@<;6jA1PbkS#J
zLA|zC2~@6gRZ!8f6~U7uS|j7rFnFghcx8eoMGi;CE(P}{g-I@4IYP8Z#@HO0U=$)l
ztiypj1?iUkt*q>CnZ(#^xFwDtovXxp@%7W7IwXSn+Y(OE-%Ju6Yh1*+_zedwS|k!f
z&7VwB?hl0Pl{jy;Qwdau*rKp``Q-|K?NYE1M>3cAIyF@zn
ze$DVAFZ7mHseAWqb-ubYsU(TUJR_w~a<2u6_*0Nu{uwFvUEQ)P
z{^=SrP+gD0Qi~-Gij^0v){JYp27j_^595srUG-`C-KRJo9z}*D_J(^t)7+)kLqSWg
z_{-2(ZL!q&t1ig^t?{m#v`|SObg15jf4jMYml@=ct{Ew-DG5s>A%W5Fl&;o;&^;X-$PK(6;^<
zjBVPr3ZB=;A5GKipv>57N;y4o6{MV4e!$A25%Qg|4RAA}GC!1O{1$^f0Vuyj%Z;+P
zIUNWp_oMQVPK_gB2e6|-HRs~Mr7nf6CNzxsr}Dc3L?&^4gu9!zAU&mIdK>BkpgJr9
z&3rOWXgicq3Z6NOlhGArMK#xj{|QvK;b^q7VHXy~e-mTGU&;o`5{ZQTRG1uf}N0b0c0w2dJ>>x!=N)Ybf|{rS4a1I1sM&m
ztV5d{V3hq5fz^h;%ae>xae_N`hEUEe^v4?_|3Ec7^$iA)hl^_Mj172pAET(k-*}9Cu@w7vP7;?1y9XiI!N2G*20w
zrmcDbREOE%%;-pZ5MDoKI`0HR?L+B&2
zMen6TJYmG+f0!!78!fJ22&>=tF;k=lItGs5q+-p_AuF)3#0TKZ*i{wBG$I9x%$<$U
zs&GCNUvtPY%%g-czBr^Y%gq^+Oi_gM4WXDvfyUoeEyJHItagY?%r(*>wf|~UyyZg8
zyq%O&=7&pwbWP~Y+o6W1J6hQhP)aj_u=h6Voa&P20IZR8+hnzU^m81g#3Xv
zVkd!3aYPqowrw&+plkirB*aIg7mbp~f$f`I6(`2O>J!sy1c+0~yhvL=1lc?6wx#JRjS$OqHk;9uxnH%bZ#4uJ
zdndAAC&&_VNYie2!^l1MZfK(150P`)6(Gty@FH@1G+ML*_DbksyDjt+1f5ev;41~C
z9mnhxIAOOrgarerRVjy!WGmA8wuEO+*^}QFA{$wFKWuPz(|MJU{keS{l{Ou|?vCu<
z1d&EoM(YTiv!BN9hK!^;*k(~K%YTkMA(i}%&KWpw@6Q)v8S>Y-7?Bo>Tde{Y?aZ;b
zeFM}t+#Jam*EkglOv4`88XG6%;V)@|%riFbg4Ve1GXN@Y*njsk1OoaZ26t+BMU47(xpZ9(?^
z$QnS|?1u8MKZ`=#WY|$15dB3BOhMLsH=9dhJc8?zB5oCQ1#%4gAnr9r7+ky-3L;*K
zEPwwHAln)CVGOrK#s)&14@Zmgtp~vJPKN!@S-fcsHFO=IC=5PqniSS7?m-B<&#-@a
z(-bw4XKa66DUxn(wyYssalc{L{2Q;Uxe;K~U`QBj*zd2vRVxi(d$|spm8%RhCK~n+
zdkpb}2JkOBh%)b1fr_53e}M-KiJl5{E4;Q_qxlydM49n(ATB?$!D@}3Y2eX3#8EVw
z%RmPq#mzD7KASKKVtNfKANxK2c32fCH0(AXVDN;KY7&U8r-O)FISj@vGi-Az23h2_
z$5*zXozxlQnxOLpRvPx?n+(wld5`LREreaIT5b21@YZu^4{J>^7tm$laKtCDH4nUG
z*l&JD1_SY`ixPKn-Y&!5Qx|#1K|k&0$stuT?=$QY4FR}}%)d2&EtY_H;j@YW(Cv-Y
z@%4%%3(v!|gnnk&pP&~TO#$nC11S4RLN6M2t9(f957?CdfCig+-LO|f8x
zQ00ZD9giEEjCDY4by0GDv##F)z%!=3_7Mz)#P<#WAGsidt5$;cnfCABDbQsA{?;IF
z@e*{@w9{X~JDo^ULL_Eue5D7t(@M~1roE!4DM7aY&_;vUO%hbzve#n}VM+M_4ALNS
zm9XA@5*_4b%g(eG>%U;$(b@=Cy_af!<2wIOe_<{D8{aRU5@*hIp
zQOz&&J6rajHvR#VLfO>#o!kF@L@Y$2I{
zBJ!qt{ChF`2PRtflDm}U%aQk-mrsvL1!h?GL%US|UgRC}^1r0Q%(LtbyOsPekayn8
ze~j#V#-Utqmu_r?m6yHIoF-5QiX
z0P;6lHl_!e-wSztb-wfALgeqZ>@RSKr7;%t*_5Xj7;^TNsKb_hFP2`$N+33bpm68F
zQkd}`ih)!3#kf=v)k
zsvkD~YuPVXgYXn&R&@cws@n(5w$JXc#pL@jb%VTPaN7sqF%uW5oqGGQx+Lg
z>H*}x8!DACoqTrTL8;LA2KkpmCCzYaF
z$g4;BvaPSrM_V1`vzJa${I?;mlgH2bQ+#&W+N$`2koU01-xI@pV4lz3a7qmovyr#Z
zjThKgQQCs)W>fRK~RA~_W;magXG-6
zps{{Ct)~Kw1E5fYc!Ff}rQaAn+i#!8B_@{nBA~l9Jjid1eAaKbxL*nW5U4Lhkiufn
z2EW~-mI7S^z$xh#Hpp*`#B0b7zpRi|fU2vJvZd6o54T+R+c%9bNrIUZ94AB8&UuM1=kO
zK;@5_fG*Z>`lYsFV`*_eIGG%3TD@qkT++6`p04cK3*a%$#tP^lB(joiU#Y9==R2T&
z(MVFDK#gqs77T^F5GjHAHyK~)4Yq=j&hcib?p)h`;T*b2Lm+N;QNkL%21XUw_E5|$
z+)%q9Z-ATcd0!1_3?GFuU@^+@serEf54gvz^vtvE3{2k4_!^i_-GDKuYp}BCZM#D=
zrR);${#dt!+F^3-(*!FD9iEP%L!1vcY+KIu%zhK*a
z=c!Um0kr4_@ZzQT$F}<)Q9L_6ah_r8RDofHH@IE(S@#?YsX_{U?inK4~%GNj@@Fz5j2ejTz1Mu5O`}uBa
z5w{Mg*9b{#4_OD=9{lmiDp-F7a0L8}6M%iLg;Ko;s~*-kfxjc|t{C%K&F=vG?r%f301tu09~lzdL~rJd!y`U?@=}quvfvp&Ez-y!V}HPO9e6X!e)Lm?+yc~ojSMoDk>5qx^z;PF
zJPp((jVx{~!+(#mmtq2ExKmb$Bz&b8G+bDW3^?{_TwY>iL!eq~WRS5xje)UAj@>$1
zIiM#{Lo_nTSVlH=>^(zOgP94`QjOHwm1h}#n_~|^@RCi~3FuqlaA7gBmt$W-5Q>p!
zfx4`bLB=-Rk2d|FW4~r9WFQf-O?<K;|Bxj-$`$RJ}sYJxVq*Rj8M2ZUWf9oEPo&oc6yV?TdL$vg+t?;2U$
zScYG6?DdrtyfmJpNy9g+88Ffe*i+W2D!T=!+cYxB*lGo62C)JAs|V0dF#H&OfqFzE
z*@bivRwoKIRt?z8jtdSo8czbXL?fwK3N$5PFE(U6(%25b+Zv?BsR@>476t4#UQsf?
zB50CZqEI-uFV)DHaZ|uPiK|l-_cSVisk&w)&naWx4A{Rvr9dqJxLbof=|S+b0ej$J
zW&2P-XZ;6U+L2aq2Rh<=_QLB3djt6zz7dUo#9K)azLoQlj^-NY5wR3$A7EGq$Be^x
zQ7Oe>H-i9vMP?j~Tz+PD$KsMy}AczGs%l+TWSw1N=h=q7~n
zx73+~mJogQHryi6qz+v&X!=Qe(3_RM#WqDn;9B6@7GJXvnWAZo1!SuV1A1Wo1hp5w
zeRXbBuP#G5ZqlMxuaW!%=K7Fbaeao=d=)4EskzR}kln2Gyn4u=ZYlZfP-fZy|s=bwd}4@SkzGume2
zSF96L@ssH=FTR6w7=ZC~65pX#=Prm+?FYd;D#fkF??Pih3f^jTMS0PZ`O*oIgR&_zVY>;ej!fdA}2r3>x%_kyP@mIHfqOXJ92m~&*1%JoZVT+?bbH`aPG1iE%IS_ksXfHMGf<1u
zU4b^7z7mMvOY~O*H96fKXwT_ufq|U99+<`Hp1=-H_XghQbbsI~r*8yG?j!z#fx4U?
z3gmJ6X5e8?-wG6RdN{D2)3*cv4`<&2UPaM`J+r$vo7)I!q>(^K0wMH3=!6gmy(1mz
zy>~>V3Mf^IBA_4&BG@RR2r3;#z>0zjf+#ky7o;fs?>VzOH{nzN=l}2X?A_gY-*cw!
zv@<*V7N3v#FY)=f-+zGQPxveH`E7p_KELDd>zrrs`Cb1y=lnXK-}9e!&Nuk{zCRHi
zbWiE`{dM^Kfxnw`z8B}ZrTwzRdcFwA60h+^P?q?NFOp<2ic8(nDY6(PcHPpcvKXau
z-O}l@7$tAr(wVZD5-%@{De){>jKtG-U|LzGmXU#BWrWD3`IpoR(jJWkGn-1IAl?K=
zT89L_t5CI>6shSlmFhl=!0Cg=iPS36-ZxFn$etzv;wpjZBPWW~>afM3>{9J@r6?Rj
zZC+|UX&1+YAGLW&sgU%MIRDY3C}L>VI~C^DKVXbUA<_Q=~Q~SXnjAyYpNHd8<7ll2cAy4Wsm}U(u76A6tKan_T#=-Ku&|uOrO=9mT
zK}1X?N~5XL{Gu_pN81R(!L9=D=F*aN`zV>;VDzaU;Z$P
zS(&Q-96nd`H{x@)zYU*j_`lXd
z=X0*VAM+aeTkyG&zdO6<`v>v4v40$&oA{^kxv4*adCmM8d~WWq#^)CP27GSi-_5+%
z{v&*Dw_{}|nhIcY*Xh{KoxdC7Qc2dptk>m29_OUDL4TU=PA{yiEyigXE7>Vg#@
za6P1v2J7cRWw&6N^XPWMlQTdr5IPrXMJe{MuU&u=E3d%$FDnRll^H$m{yElb%H?YGlt}LRZXdWPKjy(vYaQO+ai!Lt7Tk(R7
zO+-MJ7XNyhD$(*L2o|ECl4z^Ee=_jZ_5n<3tfhb^YD`$2kzSs(7R7794HtD1$zhxP
zx*!|gse
z7#lzaa}ch#%MExiW&gx=I1xLr&BQ{hTP5$rlN+!vq6^Zh67^rQ+eLvF80&9Q7N601
zc`X#kQWL}Qro{sL`rm*qK=>OR#)n6MDQK}>GZ(zS;A}&TA!T(QNLdwF9+jJoCl~@!
zrh-thC~44rlME49ZGTlAga$6=th%zO6Y5FN@n43xC%vY>+M9H)rj2ZqU^wK>U
zGyU!PJkP(I&-48s^Lde@L~Q$J`eX->599MF{{lXb
z^FPJs@&4m{p6I{K=Slv+JEUi_zcQci@)z)Vs=pVXr~8NV`9A+NKF{&5;PYJn3w*xc
ze}K;q_&?$ELjNs3FZKs8IQ5i$&|e1U^x^lTC`3OX12mnOKnw4pm&zawbYkeuv*=f)
zjWQ!zXJR=F4%r1lav`on0`9*+v4deS2wB;l&b}X<#OV=0S}JFLsG6@^i&|>sa4UOmdlN_P;j1x
z!!8`gTa<8gC5fZfK9#Gb^p;|Q{K&?yNrad=mXq_5)dCc*Dg
zyfbJ?M!8n@d;OF*G7e!*#-ZScBrUlp*UtVKDaM}H0@gs|-aZ998Wk30f2-}&4bkfH
zeW)X5G{sWOcBxI^h1D7K#d7`#45J@SjClZe56jtfw>B|m1pQ5flNdqZU|bEJ{X1$W
zUbATo2;T;m%wQ)Jq0A1bU@^ElKSYYs#vtFA3TRsU+`t;x;W5idL*R!3tgaoBdI1p&
zcEh}bF{1b}0O7%#6LB+=Z;A(p*Tu~!zKM_X^@PY+&x$v&cOj^8&?)Ic1im3+
zWr{V$Q~D)?84ZXZ{;m;Yxvd-j3f_w
zS{*`}ssxAXMD&t;!=nTp^0eOzdUH5;av{|eDAB{7^0~l=0-NCCSV0Tor^NB6Ypx=U5r~IT!1ix5eikQ=U6W;#vO+&;~k&&-8K`4t=f;JpRIcSosP7$ig
z$lC2er~;c03*Zhn!S8SroRT>G=g*x4uLnIk!8rkvUwa3MRX*F-7tl1i
zDW9Fu5%W^AI~R3RqjB{od}seChEvcHUpix$44a8KT|lhm~e
z?8MDXNvT`DRYEqpS)1WtG=@4!^*m-KCc;4k?_CF-t!gfy8+?d3V+aUwgTs6lY1=6q
zW1UId*sv-mafjE+w_@p1)vSU3F17G<@58V!>!I?w&7kHg)MPyp`3I@#GpgTMk+sX7
zhG`Tj)2j%Pg~Q0fQz=FrZ%5k4U_NIBP`W)y8nKh@n)zZI6KE
zUCJqNnXTm-k%%IEWIt1y2&({Y(1d10=*u2|VULK1&R2lFt?@rF7%1es3gRVOG=-`!
z!1_TmIdn?XkM{84NPnX$MtwLqc9MdkqM%5>+5O`_lwCSA3+U^#?r4MHzX
z;xMsy9S==M(pHpqMgmxJ0w~j6nyM;BQ!ZyUkamapQnVrMay1wmT^0vRC{`nB`=VXe
zJ}{1H7AF(0LCk6=ZTd(d>$(WSPntyG5++&nvbssTC&pitJCF@US~a7
z*=PgEB6nW3nAKm}pLWJ4GT+c$
zgugRHRw1J$j9E|D4ey}I4@&#h&3FNT$OfvDa2zURyhJf;6(&0pm4~tnuuQ^PnZlny
z>LO$;pAW2gNS>B3W<4wI+|o|W`vV&q!f6R()=p`ko9^JVfjtnyX$fQ2>(ai3x`FjS
z32bu+rzMP8Z%F&W5h{-IAh4q$oR;X}^91&V?LsZl`vTav8t3;pvNl#($%#R|qO1?4
zeG*1f;>ZXLX<~6Wi9tQZtWTuf3AGR7ReVS(l{!GhTk^
zP6fFiTt|`wC7`}Z=-X@&&YFNy;hXTp7LU!tT4-d`LgpgodWAZ5vEY20KQQ0
zp+llKSHp7LSd$M9se)xcjGCM?yfg?EG>Ow#X~MTLUTx|GtN?`0n#56{KeaF+3u`Qg
z;e
z$KG@SE3~^H9VPVxa1;&`ldzoe#zw3lAW~Tnsu3xa1YuEmLeLY;MjfgF3Xb*10$Ai0
z+v2F@7uL7vO|)M3CTz>z+0y?V-0IRrh2G9ZJNF{ly?COR1I>0XKEOr(*&a}5#7x+R
z&f9a+o_dFx!8(9I$>&f|go0j@wmnN#d}j%|iYX%O1o$QjhIcn+pbsmoB#qF$kIC|n
z^aLrU)H&Q8l=k9AFrGrJLT$LxMWMeE*Kx}}CFG;K?R`X68Ha#b#8nC~NN;pjDH!>0
z3OGD5&pZkL-jR0McNBf)ztBa;20OvLDDBo*q#)(<;Jt{$D2c#`&J6x2?R<0|fct+y(GWO&}G@?`RHYQ^WRP$?5P-FUWeEdz{%FCg2su(Jv{G01RbM5CcOc|`)srpq8)(Ig5JzUqi}(tF9UU!4!H0w_l%aVW32I8d%StT@x&1VfI@2BU#yv6_)}RROio&hH_$C#gv0UAK{9KlJvfs_ep6F*{0dmOnVA)ib!$={#FyafIR1}
zpcik;3>o8SdlA@f!ucsscw^K43lU=ZlfXXF@+IkQ7w<+{byFYmjrxk-)}}oP6Ieu&
zvc3>D4yCOm^%cDvWX`i8c4yPB(g|;TgCwiqFNfG1Htr01dzJC&ER9k9-XbJ!F<
z#I(~fv}E})z$S&{sk7)EXWH{#bi)21u!lo9br!vMoA#--4!#xGOCg*(i{AT8djx8E
z*8eWBk3u+g7QKs1JLh{R{67KvBZO1`&%463r>5ccX{5i5!1Ec4!-*gD|GcYA`xOk@
z7_R~>N8|jaig%M~2L_>Fw1RsV!YJ-sn+QeNW7-Y=gwsfX_ZA^YRlewb7VoE~{UO%3
z%H?3Ja#`wq7VnpMS?V`cSIHf~ULjm%0rhvi-<$U9o1Omd2f#kocqw|{rC7cvZVFWY
z0OzX&g+f@8UO@4#liB;9M+mte>Mf2Y8?y$)l%;dg9N;J{LT|ZvAD6XGgha}qkMo;k
zrtAcIZxW#ZI_dDq;!bQE0c#eLr~HbVQUxmS1#4MRW~kETUbc6I$NpuUQ|~dQsws=w}i!D9~`@92CF
zgwKnRBt=Vg#l1&7_M>=fTwVb~qO+q)7d0WOEABmw*JV;chy$4H5`^#ZEy$IcVYYn}
z#kV@#8@rh5HK@l}qMPB(3$yQj0<*#0!5CPCC46UFA-SdWY}^6D-2fM80{1kOnk>qs
zzoq9nJhH}mFkaFuPPR}Q`M$(T+hPL@PnFhCcpS7-no2BTevO)?*jB?M(Q?uH2jgcD
zuDB#D7saxPVs}W-u_-F|jN1Hqa|OkE+U*A1%XUk3AHm|g5aryuq(ScUpwRX0=p`$L!=g;t4GZ6`t(
z&adB(AwYja7;UfdCfq+DFSxp(uB*uCh5KU9ddin_qDG^lE1E+|>2O~0Ozz`wBG5xG
zg+uA#@7bu0^7~B2{A*umF6HVgY5_gOhsg!LeZ<3-r2*Zk!RBx(Bq9ux9JBkz6
zO<^nnV;zo)$B_hdQ-;@k7V=)L0qxWXo9tfj7@K}Fxrc5X0QVG*uqjorHQ_=x#9TJ$
zR??pun@~5Dha}Vuh9Me>({|!aT+!G*yB(|hY{}Dk6ZS~&gO8CvL6T|i;`UX@w*r_$!RX8`hUWrfm8Y?sKnTw
z_&@=sn_YWi0W@lRV#i7No;HNv!XYP-UuSR?vL})ri@<-jCw4|gl6Vjvgv2G?{);^^
zuDc=XX*S6!AGJNP)M!ju!MO{O?xEz+_QcjTR6xgRNLvjlhHN$D5o7k}X%I$!Bw!$!
z|2Z1i&iZdm#PH3kmLaxd0TRs&O!-W~)A(^Fs-
zE-Gi@4>lSTo7T*d_Ip^`Mb*)CxGuqAyiQ^J`-=0Y$}J79g+=}(*P=SvSQ4m16ZMTV
zAh0x+0FnCH2;3~UOLf8vL2!7VlpUg&D`b^@DK5P?NPUHHmqa!7~(#to=@t}kY)vKHLRE3#z*Ynyv2p&1;X32
z=x)QhbR4O*58yFP_=X5wnDClm&FXK6^S~}?{D+VS`weS)9Nvlo7J(qL-;(5IA<`R$
zbpl58bP#H25*s;~R45TzLr=o!FhpvXEW3X*@~trh%%S8`)39&B8uS|}9|PA(r0N<4
zMd5V~yW<`yZV~<h8>=Tw=F0%DZtVRSMrQsH0*syRrWs@Sd)v~(Pr6Tm*u@+E1QVpKKKA`uf=k|t%0iblMe(Ec2>s*kUM(i?_7z-K7A
zh*n@yctzC>OOTzn40{hMZmO4z3L)&x{ZJKa+Li8eN?tR2Er%m~RbhB^6?A3KThXh@F3nPJ+sBb@l{3Sk`1@}~Vp0NWW+I8TN!
zUe!>^w0B;_G(08XPa*#p!>mKq1y17m$!?{>$x9Y;OuP3p=vt6mIl@%@7^{QXh7TOM
z##+vdN9}H8gnJ%-7?l#@D(?g~6o-1C;`os!+lNuXaEu>>ntwHfQ$e_gUVLG>hvB-u
zsGRv`J&+cLdwx2DH5wJ6d=Cg@Y*WhF?52F6=@lc_tUeu8F*aTP3U?R6JqkK~dLEr49M*R$XyoIx*-BUg)2VsMJ6Y9gsNcJ(syy`J1!ID^#{
z$B?3Iu1}I`Ax({rUQefARVZeHv``Zj=U6JR#ispUrYa{Jfp68EWJ<
    ~W`E)iV$eD!)~$Dtm4?g#x>ST}Lrd=>PsVBN>>?cC4u<)-O@;Bx?Q9@6I+
zyc#$!H;_m7`w=(~Uls!2Zzto=plOsprwguf={v}!ok4#s=;=f|5BSG|vkZV-vWvW^
z{e(e=S#OsJuJu!xSliKEi58ndk;c(6udq~GtK8Ib`#c_~gxZha8HD3l>
zV?A65oIww$S9}MYLEQ&|&v0o_mxgUuFUJRS#}hltsZ9|Gs$Z_0;Vb~8S7k}pEOX9DMDJV1voR*dTwUP=eS?-9>$-Svv54l7d(#7UqH`8nyiOW1@>JN
z?zjFd*|}eh;95U)LKzDD72rI4%)EA#iAm|{ge~I8{SFXZ>+NW7omdBY2K^rc`a6Kr
zIY+vO`}L3xqx|V4&+&c$a2`JV7VYvBa2_(R0iVGGj1QfsWcqNwv4U$kH@wDLob7cf
z=y`ZuhJ*XP>FDtgN(u)We+D0CJud;yU=Bm^&brdE^}85Uem?LXuL(bd*{9(}h
z^Y5#`>6FF(TqpuT`Sb8F%X6CG%Ktu354>D(U0;8`{yHv4QOn)$F7Tm~oHUdBtpd)=
zQ;q>Xc(C!`2A7syXTv6O3Gg2_vU=W;?IpODlRQOX^5=Tsdp=m4}yE><>P(fiw6p>F*TW^{cK{
zp6gMbSAkF3)aoIH`q^ktuf3>@u0tG0>upX~+L^6-!{<@_PQ8EpRm
z@V@{!4^55&{w;7`CUzX~elj5{e;(o+2YjL6`dy>o)O{=J|7OtBS&{Aj0dQUx#QG`R
z*Z4DNsth;xn=82L8>6>g*FA3ue6iq~?^Dpn-Ua>$@NKTNdVUc2r{K>^)5?Ia{Tt)+
z{5sZudH|myxPC8#7!dy(a0Z)ZyKgwu=oxH_^T-Z@YdJ5t*gD|0;9m@SI?Zhl{AS<`
zj?Z@d7&tF0Al`47<;$Qi+kwwa;Jj303GjP>(|J}N-EWorgKYuGCEq!`TVl~=R{qoR
z$H~JjUj`N6yH^UX-`f}Vy3wG26!@gItX;MT{sH(fxC85F$_V3A13s0YUm>`*3xm57
z-+rXw+;nGuK3{Mx&lAwEnD0u^Gl&PvpGX-WI`ff!8gO1hAmYpYZU@fGRLEy7DS(!9
z8Ju?6E*Zf|0~Rhh9rQc|*$;nw)X{fKtbVeyL)hQG%fn~G{VZR){jF&7|1w
zcO~${pEdr%*8T1UA0C2d|KC9xRKJVC)A(Hn0}n1m1E0%)^DygSz_%_jJ`9@Q2l!aQ
zwVZEVx3)tlCzk=g>QXD`yP$sx_yVkRrMtS{JK)bt8VZ3IiXx=t=jAxfz)t|q%aMrx
zS#T}SILzaNK>rHp8BBgB;QhuLe_sBxX(#(brQphE!HO;p7z}(K=o!R{a_@G~`|Imh
zfq(C>2Sp$&|JB!9y`6~i>?pW?FE4A7V!K~6=(onD$Pce&_@%^QKfeI<&w>vx9eNq%
z?>XN1^Dw#$EB9*Ty$QzW$kkSFGCjH9wu0+-F-XPs
zz?(t;K7x2|VcjKhG3a>-Ch6}3{YU6OJAlvMKu;$f&O7@}w0wPiW)^TdJ#&n|3EW?g
z>?{LW>*sFRt2ytN06z)q)-=jty5e$zSY4r5fFDCx_!9l%xb#J`8rq
z@jEXM{hvV3;7J@u8Zc
zyd-QF;5PtgkbTzktH6DGe(!S2m%-*ZA58?#OS3pGt_IHF3>?=V2(IPaQa5Vl_dUw9
z?*7J~!75qKG;jvZB)%LtFUzBx{{i^j+u8V?0{;CEF#Zf4!uj!5hl41TJSjNqBm^h6
zIxrsJJr6!paBVMMQptXDb{_g`K+j7a*uH-Q&ft?xDAXMJK;_S%^+mw%5j?K^pMsu2
z16ZCdq~j?c23uwS878>4*9Bi&d%Xbu2Z5fK%^eT?Y~Z}KiTv*bpXrdd><=%1op#++-0xY?^Dy^rz}Gv}=$~K9=u06dj}ct!lffFNf&MPw3>q>L_-?;7dVfE$S#Z_c
z8@5^3QEmzPi$TvIVAN+e62(CCR|a6fPc`QtdSu
zJcN?Z94`7c{GfW`yE<1G9|qaD7w?=2oR>Ya-(D}c>kqG3dA`B?{v7CesUYdU1HHc=
zx2<#lEk7@3U>_b0oR?Rz-kuU%^PTmO^{XzOte{;gjSnyRWxfXjXRuJ>3xM+yILeb7
z1y}xGoMZe&&2ztpLGSwmyb9dkH{Y$w%EL=z`l5a^!0E)!{`Q>Un(ya-uzW}3yLx4e
zk1zKo0%s5__LGZ%^KvwP?}Na332YMI^{wEVudg?*Ki%-X;V-lW==T&{+l$WRTLW(Z
z&Y&M`$5(;#avYA+ZD$xCULr>NQo*%6w_~62Ch)HXJrCI(1N_gx8DwlO@NH%qpVJ=d
z;*gP@?GHtQYxxNg
z1=sJ|=Eb!g<$0h#9`p<@%>M8+a9%Q22>Oj?86SWDcL#@qD3pvBT))>}*PjBMmmEoU
z?)Lz2UiK&E6!-hpY~#bAGJSwI1Lvi|qRzSBO5hBJ$$Iz#I4@rovEY8aYm7fH#oQ10
znSyJ*9sPneV83$A+k^ge;J%)`S)I}Il1M4^{1i@=R$oKK{P#$%1S7KmE|k
z*$n!npyy?6X93?<6iY1+4^8X=d?auNYiB#21l-r#-vI90<;tW0%AY}5WLj~*2Z8f4
z#9e`}Cmmbqd8rip$wQPsDder-%ALFeD516O?
zbAQ(euH|7cKvBco?_=P+oT>-#zVnTqhay@2dB6*Hv39uu^tS@%C10fPw!rxCa45^R
zKX6{+y%G34D7e>pMWzM1^K@YoI#OyvSvt>iK3!>{C<8da9-L;dG#4^2G`pM`OY}j`0!FQ
z>LFJFXK?>LP!FE~zpv1~D+xZ^9cO$P+imi5qgk?~>BuSW1W1UN6frkwcz_{Kx5
z9;SkRlM_*%BdkAj+%*GdFowRMe_n95H6WM#6ZHN*=FTS>e_mR`a#jK7C3x)TFAJ{y
z`AF>JU&TyLHhlA2J3C};D{kV~f@{CxrF%u7UjUq!yRiPxcYMe+o4yD7&9}4q>4QJ5
zbBg8b`^VN2$Glkq`ZERB^1Lv}_{eZ}zfXbla?9O-?|G`}6;nJvjmd&5AAkR77H|e_
zm;yfc1LtL<{NC+PGd{drfc^6d!L^=?zqN8+3O*}A&tUrW2fpTXIn{<*(}g6lkciZ{>xPH_ER2Fo0cS38{<&u8B}_!)vL9|jF&8P*a7MsWsz-5dN<
zf^U*r%*1@bwSLZf0`1tzh|UEc27Q!eg8MxLoR?i!1MhOS<;$Rq{H}uqXW2mNl0~5B
zWt^mWNbpUh-gw@yD_(j5^t@D?^nDgv`ThO4QG#nd@RA71hnpOIxFq)Pr@&|6f2|(w
z1j)PL!{9jluEKMSe?fuK*MNSi;98&leBA`x_q#p|d>A~I?VN=2+z)(;9xRfds3q?A18`nmu_^Gf-&y&O{=w+)0)C|6TAvJ(ya(`ef%9_d
zk-*;o&P!1^em51xK>6_UlD?qN0OzG6I{?24I4_5x-0O0_@fo<2m2*1ihYPOtf9HKB
zIQIo!2YLoU-w62Az^Wje4YtDFM^&yJ3a?K@IvFm%f?xr
z8NeB|xF6`R0PgR5z6G3@ycU6ew~LHFgU_>^Rf4Ph`3~oHcLx2Df@}GGzx2z%hr!hk
z0{uI{XYFD2OnKPvV#{~^T@6oy{EI(-EiJvH{d6Mo|m3;
z9={KG*Nv^;Qos5TI4=d-AAE*fZuv5J1nG|xoH7BVE_oUBysVrwSAM|$%uJz-eb9@){45~91^i!^~e0iD9
zF2K(O&Y({mkM96yFcE%l;nl{+-`AK4oR{Hk2mWsZe+uhCw%1R<8Ju@A=w~i5{vT%S
zdkcZz1f0QyCb1=H@X`kMx8DM1uwvrp39j{d*uU+2d!opvIwOr8A)4>lVXD1K%6?
zse)_&@%I6*0bW^W^*kT+KLY0^4+jC??^ff(%Q)TuzQGF1_ecc)#kO=}sNkCKEYA*k
zA?UBdKHc`*IJ`4Wq-eEW|H{2EYc;LMB
zW(x4@f&1q;HoDXJFo+rZ;WXe3j>md_S#a$?kKMGk<6Hs$8{cJoc$pj9eI9V%PQFrb
z<>UL;Jq!9*4zT*13jSY#z8Lx#`{yQiTfPkH6qFyhf8O?J;Jiem5d2pQuI0JvJhK7`_Aiy>|!wfxxF=z07>)3$E?;gx7B$1pSIzIy(+k;PX1@&)D7aoeaEirSb9i
zk46E1}!0s1Iamp>%6lP^UlV=mx7*`W|8NYzy8UID2qx>fe
zuJ!!d-PS=K1OFo(j)ze4B>3=hyN~d*WWSuwr?l<
z>k)!$J@7KdEAY~zz+anh<=+$d{*M~He@=6W;QC!pV4~X|^bdocm&37rKLySp#lHsq
z&_5Y}2Bl&91_FzbojU5ZvhrIPX9`;UnRd05|3o}2-k!M7_we?4#p!5s#?
z=U=Rz{qyyM1lRB4rP2#Q|1s!Sdv?E0PZ%HHZ?;%)<#XSeR{lEhc?~#&2<`)XvJ7OU
z?>*k=PXoSKaP1FUUuAeb@CShR^Yq@ogHP3tYdgxVP|p`UrF?RKuL`d1{ztFfzZ6`{
zGYoQj7reUT(^eio&d*fAm7bR_F|WmrJ~!WMKws?bFFXqT_h?_ry`O-81UmrbOu;i&
zp1$zMyBS%%DY%x$mm8g*HTuutXI=pMT?AKp1`pl?c-qnDmVYkjyJ9}&_}U_?U@Czdy>k#S8kqxxaG3^}Be9Amz`hJoNql
zX7m@s4nv-0g6nvh;+>Cf20brlC|
zEVb`tJfgFJKl7RO6V8Lb7hJ!W!KeF!Pp_AZ|D!({pCaJJf-C*+&yCjqJka}op{IfV
z#U`UC|L1}862_t6-|c1N&&xbN2R4tkGaF}1A)&6{>cm0j+CGG39fQ)
z1vw$(J!Es>J>D?>OW}un5bzS}w)|A2mSir~uU^Ql%I%9+jIR6e=C
zMu*FM@raGPc~}pw06zM5<8w7$eNJ%Yzv4i{`vL#eTZTUldAl9($%1SDY50%P{|e;2JqQ}D?Kme
z=nMQc&_9Ft0EYqZ`;O7SznhhRAK>Q!_xDL323~fe(H{x=t=>gBp(peKK2-3y_Bt2z
zyexzD{7>M#G=38Jl)h*DcRs(1L*@a09yl+3;r#fq;M!gOFOH87k*%ThW4<2`)lCG1HY%2m6Q2i0(=|HkCe~<5M0Z-1mkWt`tA3i
z|M5`c!~TExYNPM@p5^;4@;zU0ZFfJ;#_Pa+Kl3gh+Ppd1vqNqnxbpcN>s;1D8Sp*5
zb<=0S$1SpQQl9tz$oQNIy9ejBX~21D1i$Mx!L=Uz_!WO~I6g9z^!V8L`}=5Pfd8)4
z%0u~cf#AyDKfiM~=1qE{x*GquPU(mXaC$E_?}}eU;1s{4}2x;36ydR2I
z@R`y3`!bEd*TTAn_3$?EigSz)zi~@ZFtq*`B@7p}#QhEzT)%fwf2+?Sz#jq5%UT8l
z@AEIC_xAy(2(EhIP;Y;>PH@e4CiFCpyR*QDmqSwSt^0-XzhzLgeQSaLP-EpUM0xHN
zd{g{8oIDA7UhdBN`4PB(&TES=@mc^eYBN+okBc`0}4BxR#%nUKfM^?}5)keeMK&;J=OD->1GA_!gL#_Xho!
zf@?YFJz@33cG>)U#E(ShxSHs64-_8DO
z_4Cw?R-W!Gr{LNy+dyv51%5i{S0jGQzQC^s{W_2vHvk{{qw(RT=^S?#0q128=Y#$M
z;0vHX{08`2zNEuwaZJu2Lrzo
zaa4u@pD4I%uOe&TeSkj?`q!>BKKlayFX(xhVGrP2NZ@bfGijvJb3Qssa4mnAXAM6G
z<-Zy9o5GKMGWfjf=3c_$h@(pG0|H1n&FI
zj$Ft1@UmvM*U`XlK>0a;{T}$S(7RYC-Pbifyd-Z1@@)dX%_i0#C^zl}K4_kmlk@WK
zU5(GBpkD|+PYSN>e%7T%|7+lV)-!x(tOxf4et_UwKfLsfy#IO^V0ghpzphpmM8aDEV$;&ORjbW$s*vq
zoQU7`3h$xXRB}o;`CR=zTryGQqXp&cnGF%ERYCKOgHa%9+F_
zmao5$xu4+5XBpxf-;eKF0Q$2qkM9Zmd(dCsDBN!{V)|0OIy{JfV&G(}k%eM&hCj2S0==nt1b4g7XME_qUL
z9oJL6_;nu%uKD`@Z2h(|-1j>j3H$;0KQOO_z)zZO<>5NzA>cK&hI9N*>Sg6w?dfT=
z1lRJsHpA+N>ydkaPnm0cs6UU{*60V#H=KIN8G`Hg-r)JM-{f$)HwXJ=?4M7A&l6LP
z5BtN8+Zq4wPqXr{-K&6K2fd5q>qg*TVV>gr^%n5c&o(}s_t)=j{C&UcA%bhaT8Vjo
z2Q=nkpg*J8%6TvFzc~7Ei`&1q+}`*vfnLY<8V7th{f-7@s$=pTc!bqu^RUT~`}@6X@>;
zemM5QWth0%zre@$8{e|8@#iJqTwe?Tz7+ciY~MqGkLqjn&w1(*;LD)@Q;w~-qw(M6
zI4dXhqRGI0KjCG-7grj8(mxLT0q8j*PTg;de#U=tqtRCzoH!78732x^(n|%`aj^j7
zZe!5j0s3yejn7cvJ$ABs{^}zu{~pM9U%|C~zwc%A>^}>D=fq0^zO!dP{0#VNZ@**5
zovoa!yzx6!aLu>eqd!Yu0U24W~SL82Ck<
z4Sx~k`49M9hy9)5z#lKLeD}inDfYK5lg9sytE~SIGIoi9!2NjFiv-v5PtVx*_5uGV
zfHy8S2AnT`1pX%GedtUTv|9HzPzCtk3w)dR
zjGpV$7r@`w6Lu@Ie6KyizNTs;*L;@^wDQo7
zdNSz!_z%|u_xINBZ#~|1U&9L^uc&WS
z1OE}@t`2-|0{$ZWD=LA14Sc;hRvzl-g}*_6``YlHpdSnTqE8JcpDP8|a{BjEyb1i%
z9jqQs0iTgWjeozl4d*zz7`VSbc(35f|AJ!6m-fJKf&1|xw;5*i{yj1kg6lX+ylMF|
z4*&VUH$^;W&O1+n&okI(Wc_SB-1z(V`-}rVa5Lk7I==Td;IC|NIOmJ4Mp$`jAh)@`
z+f8u&UjH7J%YaW9Y<%W{{{|zC-oNK)AK(`uupo^?R2PmZK484j&$`0C_jce@1lM}-?{i!X+&|~_BJeMEvhSk&
zS$l%nTJivJz>uTXxr``C%b-`{7P1ALcrj1TK)CGc6}
zteiYYzuP3M2Y|74QCo3=6f^n<1v0|Z|ObR=>2={P5{2^mzFR2d@Hz~_dnE&
zKhv$$_vavU8EybJbaP6VIVf#18p=tl$J{6ORH`zszQxYo~W_CF822O
ztezi35$Xije9xH}t>=}%$6)_x1nBoY)ad=V6Q=?HbXb(n+rSTlJm`CIEJAKh->
zl>+~y;94I497ieWdtYw!GX1&VT+m;zui;06&)-WP%^|KYIfQa|6Y!uX$z@kss!zz=}Ei1knj{L#a#oSg6O0)8yk={?Xc
z>rS(Lw?E0~M_7_55M1kdTL8@WV$hc(9x}(*qHoh{xeJ^u(
zZamfJ1lRIhhV>EUz+P2``~D0If&2Hdz6|{6QtLmoV{Di)KK?x^`v|V>G7a|Ob5Z^?
zfe*UR_*@VCR`Bunum1!5AAPKXSr5afTfV+Nc8%bg@5|7usn0wD+&|Cq2KbDI9J>hR
z*?ETX?+g8zdcp$WRY@!VaM1rvaJDrdmz2%4@_cixmA?#syh(6vm!;^3v^Q>44IKV&
z%Ru{XF;!{pTh^h
z4>>wYzhkZOUpC8d#!;UsxbkoC{N+vpy?<`y3E+q0+y~3Ecb)NRgx?Fxf0*FfzU9!X
zxn6q*_&TryRN{Ll)EoU%*stMw@Lb@TnO1)KH$DfvpC=!F-C*Up^8=$V2mjv)uH{(;
zeS`96De%W2&)I*z1E1!98J|PIXY?FfFQ4M=6U`J{`TKr2R|(F(2No__3HtuE#$U{y
z_G`5A@9>iKlauYwi9+BjRvLaA=xd0tYlO4|pCP!G$B(1_H_$KmoAKEm*?tas|2*1m
zP4VR)A-M9NeyH)GUb+s+H>@saUoyPO8x
z-(P-KaP7~J-)Z!#Z8}M;KhO9q$GBj>nkcx^pL)E}vpfx;-@qG3OM&lml+hQVobLgj
zfc~=p_{{m1?`W)-Iq%#BeExpMrx5f%0zVgWgX61Wf$`b)L!+Mw`a6O9`|n>0uHWUi
zZ?}cU=Q_`>ezxFB|2_O{*^c*t-rt|
z^R9c8@mUT3`D5_v9N@cQpNRc!x!_vQ)8N-v3i|brHa`8l{ksDNkE@3{p!fIRF9z=4
zBk($K|9;6WkFk6goMCcfI?6KzxNqNk3iwMCjh=FNi(`$Czh5&CxW6C$DDduB$5Fq1
zL-4ro{T%fEz2v_>&g%2wbF4p5kKG6O)ElgvtMFZi39jw#-@|wnaQ{Az7lHftVRb(q
ze2Oezj_X4N*Y@@A#a;mV-@z`*Z+sZIe=qj;jt>eQN+z6O{O`klH|=!`1=sKL?^(D6
z_(}b&9yqR7fzRQdJ^w@C|9~9eIND&5<=gLD6R2OKOhbT|zist!>RR@P2EnyF{yp8#
z0bgquD-ZS3^-csm)}h=7pAOuQ=W{>s1ool&pgg@#GCsatZZE;LU6%aS@|^|xGSI&Y
zc|v_`Iq;dVf6~tLI&lAd^uUuX->soHvVG47erU1P&jXmRyPRV5CqbSMMR`sXT+3P4
z#mY&$^dCTfk;lK+sm8~*o1FyQzX#+?!PUT)czb&}d|L0!)
zcRtJL-@tls2K1I41=o5Q4gHpKvKhF44(Kf4AC0i`kbdp6jnCqv45!=}0leI^i{1p>
zzZdvD;Qqa<`z<#9zCX_ug0rnrH7tPPcXkM!Ak|_#PeA$xYo~R
zt8IMIfAW6dFGB8dALKLOJq|E>maXJmcdw4AR1Ujn}}`ax}czLn?4x2=79p*+RF
z*I8ot9PnQxxR&!O)HC;+o)cXA=MA2J`^Vt3@#V(&F7Vmp0^{S~1O6M}?@zb#p9cCH
zfd2#Q=nWtb%PurN|HS?R+vQx~pTO=-J!+kcjJ{-!@u$410e-`7hF^hvp9kKnm(@c7
z@GpTchkcCgwbR8`pBq1A^fE2F-!Q>9!MoukEx6X_Kj1IN^4|d5zu)RT$3M)${#|&9
z@j3Jq%a`M{7WiAR&zyl*9{}DJ^GJ8#1(zD1+vgY`uJ`8&-WxRGVfS$5BQu7jedO;^$NkYJpR4Uw}JjxoHt?r{1Ui-
z?tY6U#^-|Wmhak@B*qD@^?5M%c_}B)2JYWS`84q2Ev%gMf7tUHvz;LpPUg!Qx2jYjX^``ifpse0ox
z7v=c?_)^T99Ct&P86W?isX4&?d(-Y0oMixOm#lr0@$t_A4FkRv4q%;ymsSE#K(8jx
z-ph^8SJ+46I64BjZ+CiLaFqk+eQy2pcC14;xY_vJS7-Gw1^EsKKB~Lnln-YEKkL`l
zZ<|5?Eb!vKh8F`*R5ms@HP4+sy?X-qfQrYmde>oQG=bh@fOJ)@?6
zT18E|s=26jnfg~YG$hgomo<+|4r!>)RA%N^H)Yb5^>t0n
zjdLrT@uvY5H8u5>6;eXsGsD0^)idhq8#D4SVc-~HI4)UKSznczR9{`!TwcF_`KaR5
zEdAq*{n^1+$u6?1Ev)533dx}mgz^^6o-ntjCIlo0*H$dpzof2t(7<6$
zBkSi*tI34^T3Apuw?V3CQ<&Rl~JaqNxe;)H7Qzk#f_PoOhr>P@5*e>gG=g4E9z!sN~)_GFb5&1e5Q
ztEIm#SkTg6s~5)nHCa&7BvqD~(O6NFs*>^yl+Gkwrdb+DJ9xD=w>(MDuBfY$ZYHfJ
z9ax_Ws;d*}{l-lkK5U%4GIv_KB<)7PJgrza0NmsJ#%dXz7!d4h#nnwC>ScV@*Nl*s
zuc#D?RH!zRg>zkZM~yBlofQ7#AZe8eb89n=)s^F9_((HPsw@jvSK&YzX|5~hWFl>o
zt@J_}TJdxR+PgzdT`Zqn*D$SdHhO)y&lI>1F0Y?Fw_b#c6?sDR{ba$Yil*iRT}>nl
zT#Z=wD;+zbEL~*(?ys_-M(VplBp7;mvaqaqVNIs0Bd-?Qt5Tp$MQsNd6b=|Zx4Ncz
z4Y`a<24ca=@C%8B^r+Hd<5TI>gpp|(IO+W+?4M4J1~__Tsfzoi`t(fc#5I}3$OHS!
znC&kjbismjL#9#Wtkiq+!t^|u7jz0pxXzzQk349?u<<1${O&RR8%*Xj4dlni-3^lWI?)2L_=kB
zvZ=YGtVkh9y+V_E0;L9I>Z(%nv{yv3=!i@$N|!YcNtaZ~>?R)^%~5j~IjcDqr^lx=
zjUupAf+q*?v(j}k7dZ+kjEMGvbh;+9pt`bNz
zmBH53oK|U|Q=a?{b&;p421qf=2B$+aT~Rt+-_VpSN|)$-uXBUrCSt8TT{c`rX4!~z
zxtp@;Dr$!g-EUmU@DWp{qzCjLXmwXqm6qx)p3>r`Q(d~;)_DbqMFldi33
zNLMtcr^(!za)VtOHp%6Al}Qv;h9HrQ+}9T1;iIH{s}=CH;YBI)azQ>l?j_kHDM{B!AC>B6;{RAXa(
zqnqfZiO|4CGGyXhRNoLsR8lv+K4|TtX`(mQS(V9)?Nv?&qnoEn$4a$Dx?2CjWV9M5
zjb)LeU(`aC42)Dsb25-CuBluHRKX#=Y(aJH+*)ZnCxN7X3(})S`?4-Nu2$wT5$Z6JzU1d
z;OeH-oVlVl+rPot)AczzIVgG~=cvMG_YdY7{l1zBXM^S;;xb
zE#jIhW~5}U48JWs-M$A(UMe-IJUwZw_UmD3k$g^4h`QP!Q?bmmF3UjD<{Kp`ouX}g
z6zdSNa>un}iy|<1L0g34AiJ&<*)P&Y7kt?{d(zl^1Gky&fFUdr%*hyOsX-`U+l8}a
zt+SdfX)78URQ<`S+<6sK*D*RWJ&6*YEF4i^t22$$cL%2GM5;>r*#D-vrGTmc?eDEs
z6bsVVax|%q6jrL$rovxN9?Ey88>?r`YD070#(aeI8=M0yH$$r);OxMzSh((t->L$3d^a$$tYQKi%)1Jl3n}g_$yFN
zSyXV*l>&Jf!eMJDqf3H^TD|@N6xF=0xdcs!5Bsl8n^^w7|i%=O#(3
z(rD&RC3U*|5Ud@_W$h7JIygQN{i!2;M*4`(#=5+-$zzC$w^Arq)^j6cG23z1utSBF
zZTXg%MhvT`LJ_;x8BwU3;XIi_ZFEaN*7>r;tt-5G?!b`Jx=|Bjw#js0%gROSI%e5Y
zP8EHkEIL(Cg@w@!5iihv!_&V^vJiP?&cp_*0Os#Jb4x2-Z$z@BEL|cUG0=~shDyhl
zW6}+TcRqRGjec#OHdrJ=CIPLblCmLbRgQwG3B4&iGzX6oJ70a{!jT0X)sqK76_ABV
zbaih_E^Vh|x?Ie>us-PeXN*+1D~vZwhy+z7W2VdpB0Wu+v_cQgN^UiPi8Y_oP4H1!
zlN_dE$ypXSVlS1IfN8^d^dvDDg)_54Nw-*FePB(;S!5m4anp;ML)@e;-xXs4P!S^K
zEe|Ac&Qe_7%hQ{4R~A9Pb)zF(JD^P#G|jGVC~K$?ZJS+3lyq3y(z7!QX><||%ci!D
zh{tT_{a+c`WY!ojJ2vyR)6~xu9XF4yP2pf1XDt9CVYmni{`xbIay5xLGoUU$b?KAe
znx|9tNGEjMFhScDi7il#h_aO=5-Mx#o~HdhW;_ijbk=d`;=`uPfO6)AiFIYN59hX}
z!Zvf^B83_f^aa_y$~4NZoNQGzW@P)XLJUmP@>HLwE~RBr(@nNe1Lo;2MtQwS=;1|f
z=PFfY3jvuaDpM*HB6c5rIkb8jP?wpXoyKEy|JLlEwt@;&eGxDtb@!!yp)&+H8;)e>
zc4X=oicPZvQ(h`HPvp@Mo4#6XUCt8mvQ*kOl?oO*zmyf+4VOyM;F~jU5R{Bj!7YM3
z&#)QUAQm=lmB20-U5o34uLaL)n2~|+dZ#~Y1dS$dw!?t0Q;l2XPmr~ZOj5&Cy>lOt
zzxZM$7$w?e{LptFCVvxKMU`xSYd2Yk}RsKRy&niT+`0jDyo$J
zuSIJ{%U#+xZE%_lD?)=SbbE2oK#|)`4YCE&JRM^uUD&^{e^GY8g%m)VB7U*faOMTK
z8=-rd(Y`dVwa%1(h@*Gq&Tvjv1fM!2wV+Zq-(?FG>R`K#&seUmp|X%nhNm7~K}r#2
z@g@tUl5w@k)EJtMWe-vY9kvkjF0gbxE%uFOr+&$XgxXR{rbyS5(dWRDF(Vsf-60*`
zto@}BJT?p1M4>B7%MFThs9R8f6m_jyq#d_SJ0$qBjS=h-z=$EEQ=m~IWai3Vkk+)5
zi(#7{EQ0BZ!V;Cj90sv^x>&*3}oM>vpNB(o2L(P+}@YgVmHV!da^@TRPoH
z+CVf>-GQ2!sgbQs*OUVKE2`||8*1Cs7+E?afc^GSuaci#Z*kc_t~
zLA#37jcn}7mXU2%IO~PAWZa6pZKK{_lUs{qYa>^8$F7mES0@u0?6NOjV>;=FA+a
z-xl=cjx@I#q|soWxg)NvISypD3+=q5t16l+uxgz!wj+~Swg+iDlpnxBXpSQ0
z1d(WFv07Pnh)2w5?hV`Q@1U`lnw4Z5ZTLJ^2CYurL!|*P)SrXBQt1O~^VFUS8J4TK
z1WWU2+L?2g^v+F9X9Uq|tz-T|3(-&otckaTd~;ws6r)vM*TejSGx%bejf!<6&!+US
z%3Hl4CH_M?L3)jqpKIQN1pYW2u^8xKjZC_iKM=E1dZ08}iQ2veCoBE&XX%sFWyvkpcA2t7?u`|ZYojb+G{mN?dQlZc%aQ-e%#~m2XthS>FM1NyH0OUwBy)bb
zl9g8CZJ=d~mEw6ipmslOZ)Ht8!Kby+iF=S)h3$F)l8O&TJ`?PRtEap9K$xJn9bIDbTIsFb0aKh0*|_+${3gNzeQm|KU+pRtm%wMQfF=_BC8?6Xo3G()C;|uSRQnfnfkS4zpb6|+
zvLo0odqqdBT3M+f`gJ?qrrIDZMyWU#<;Jw(ka81vO{sp9XAdqrHHYTHQt6n^mqGin
zZVSl9pDHQJSmA^3fXqy$
z#6D1%ucTNDzqx|CN-TTU~J
z)D4zyVb#Rbgp!4JfXR$75r-)4_U)bPT|a?&CwCLQSa#H^rNpusm^I#N4ax_!V8Dv)
ztDYIl^sbm58fyIZD!dULH+l@Ga6ovEa(G7EGo)8wTwGg9pW7w?@AlEY-eRl(wpWW+N?i%K4Ln!;UCtP>73&+
ze`Y2Va{Fr3H7&^2D#JMp4i?jTea$@aTMM0k!uMM<=Jp@4B#IVY**soOpm<$Kx+;$>
z2t&sprc^Ds+lxw(J%J!P@*3`}3=EvXX$KU&kM0WGoa>m|A13nF8pYS}iUUtUQN(FJ
zZA&j`LA?yyJmfqdPFx1eeP8Cd8AP^%RO1O&rT#lD3zHRP1`V4MU{^(lnLZXf`&Y-lZ}NV{PGYT!l4JPfo-)#*ko7RM**Kqr%RSyQ`yBvV7A
zE%J?RzMj9gx_LLWiB}QXy33Uo&fF8-w+q~zqV*rrj$&4lMQ*B)EzA0_sLRd`F{ft+
z%GtFHJx*LTxMt5zgq+nJ?Br=OSzYI*S5?nCsJp{v`3o(_<-CI&*qh#xL%Eo-oQp*3
z`>Ae|fZM4mt*h%wX31xZ(kfl4&`qPRa*DZ+D}%(E@OWG0LJTt3tS9nwZNyQ#VPzOa*`=%GPMIuySsr_~&Q{g}K3$_zMk35vy4jBpDo~
z*ucqO@Qzh8ztsuytoU`pw+)A>ig}ibQ%APC!b2tZOjQe0U+#$L$f%bUNRCS7Do>XR
zx!W)3=fMthJ|(1eUvo27hlE0$92;BNp>GmB#@T$`^yHeXeVYX0TaoYZb7X+|T|eBG
zZPn7Hc)yf65lcVGLF%@7W@G()5lB_$%NaG$qoUeqHT0~Fxr@V5Y8jRo67FoxcsW{F
zF(cEI)dXbyQ#rFS$A9h@GoeR?g!GMEArb5*4{VxW(I6C|V^>)`PeS`5r8mnSTOlYA-hi>RrTxw!>*>Q-iHHG+%(oP|CZ
z=KRaB1uy1m4ICu^#gQ8px}*VQzC~
zBpkMNvNcsOzNFdO3Qdra&YAUUaGlfj%lsWEj|5DGm;D1}*)N_BvCDqz4AOFH<<8TO
zvO=)E)?=B@)kmIgm0}W=Lb#oEk&^|m?*%8(({k26D1{YF{BGnW1w&O3ryW_*Jrh}I
z85c1}Xd{K}%TVg&B&;)FmNJS7v$kFtvi#ElCzt>oMONGmoIkSy8_g|jUrGn@mT?_Y
z@Iv07W?yN+)(mr4xKOc`*#XN|sIEgx=7=eGs(dt5j9S1_LG9JdQ$lzEv6$i(8e%Kp;nI^v*a)f%cNvd_7^5(7BuVm
zMg2Mnw^v~*QCc<~DrXKID#4J34KGP2`w!4zl5K`Ok|EHIU_BA#t-b9+&)#_74^M?}
zr5G}o<~XvVWRdo8m0|-mXj9oH>rmt^CzaZM0?w*6)Hi~7zk=IbvZeR*oGsb*jD2_2~$Ol
zRpLnMc^}$fgkM5*$a4@#GtWzi7iwi~Lr$*wM*t1{CZdC-w@7F;B8VklW~L#Tx(W&4
zny#K+GNq|eT3p149O@M>EB$9(eY1o-(A7=4x+!f(&T6V>XLL;~lD;r0s0*bO=#$mL
ztVA_ic}q4c?XMM0P2xza`M5vHVG!9wQQK>9LTzB$-16kDNL;7r_EBuV*3861So~+Q
zC%;;633WP*w5zm&PHs5*3km8=58b1K>DEhStq_V77gmgls`ZSf=|h3R
zKfb}G#>J1gzQG-~WpQsUtt5Fw3&Sv_Ka)Y03CGEsxJd
z$j)0TO^T&|Fl0Hf)Hk8S9=;G`p;ZGXCRb-zb0&*rB6X%gaU3bNNIY&4-EO5U;^`9;
z!pDs)FNCC(F}9}%rUSO5D|Ox|UCE@|6NP0-`%hW3de+7YbKTq4!50mTCc_+I&sRBhqqw972IAlDU_*r|g?(43#R!)@H*1nNzZ(>q%#ZdUv2~kQwh%Yu}+0Yx{G~*IP
zAvF~#K6nimf-fz#KTR{U==ALY_9R^ib>~C(UxRDo?p&dFmZ+i}QN>c=kzvV!UE@GYt
zjX>h3S}r`u24jk9Gua?a
zZRyH|C8aSjA*AgCC7_LGVdQMRjES59;l3%aRHXw^$Wd}qS-leyaq_f7#R{rdM0ETt
zOnoH3Oz~=%FSw5jhrgF*b1EbL5Q-|CyL9hB73(CUdt)+6vWwZ42WjXmhenpsU7lJ!
zrDokI5=kLDCq#DnB{agC&I(o?F%D$y4~W!);Lllk1$7>;6vualkiAFM8?pDu0v-zx
zcA)rSoRwW@63ZZ#n7T;lfWA@N@Q;X?a0e@tb-ym@4jMLooCL;b5O?co)f(KN3mjPv
z#fQj_wy6clw%#foF>o-Bkp+|@c_PiZ{pFT?hlYiHhr$MTZ{D`==N42*JVreWLZzM7
zQnun?<+&_@b&+@>RL)c*IGh5h7k5Oua72do1V#O_b3XaSNqo->?^KC{s#D`~_Nu~5
z+d&mgdLs;*p5M`mp*h^;*tRmlV|=(J@?yS5S5v6^0_vW->~ajsBlxX153J)|Hj+>K
z_iQOt<>hGS)^OE1`YP)-?5LD-v8`2XhNSb5Fa=^El46auxUhLHUix@bO4LSb$CYC3
zq#8?6_YCR0BQ~)aa@SEtFA9)8?VDFxke7J}9H+O|6hKjd)jk*mTnS9v@iqv{k6Kh@
zV>auL4fA?7s!aY-B#rNF8?rm+>$PsZm9^&&R{2iZp0{Vl%I~aIz=K9i7Cj)X$915Bn#41;_h>u_eIw`aB;fc6&MU2%Q=nf%q!=PY+WiUJ)#Z7Fk
z0@U^(3Ta?^$j)b|_JJah$H{$r5=_(S2HI5C%VTT^y1*=UgV{y=qJ1H|%*?Ys2-$L5
zS{;m)rL<@?HHCnKlWX-2w-?BB-s$4pC)_*JS)o9v8
zEl9?WbTiLmZV)Z|>~zwzLt{1TN8q-r7>O<{FkOIoQ7@!9>C~0~baoO}8rjQ&l?Law
zZC9&3w)Z0Oanu!WD3q%!c-|R@(q4L0%-oo5>e$bBJNzMG<(a`d&=Oo9hz`pYd#I^n
zY~CF*TxC0_D&t}#uv0p&%ZDydi5yW#w&lK;&=Cdn7;oP|!qfUUzKH%I7Ir^SImKL9
zbO@mzxDi4wnDyGGJ7-sj(mzA~Y*~H6?#2)itM}A7p&2N*HWIR=aqfs3hJ?XC^jtau
zM&~YOqz476p`B*s&O&$<@2s%@E7c;qd}^;r&vn|Eop_N~YvSFlYexynqN{J|0YPN>
z`Eto#aG_A{WG!Y*X>+F
z!qec8ilz}^A!2_^#+>I@<5qTA5r~{N9~H&|L^qFBh3fcO3TLUoRa}L^A|e|=J}tIC
zi-MnL$E!4771L*0eCo5T#sG;@e`>
zAsO`-ak+Y`pMJI)Vw}mKa%M)ZW*1wei-qTA_DZ>4LME2*;@rkM?bIzUq(pnq4MHZ8
zQ1@io5Qa=llUlZL7_y&7T@agd&LLHABLlr7cSJ>Pym})o&sxO}hxW?{XBUeYRtJf_
z%vJ-kktHEr!|}RX*o%pF@SKAcYwF`5hglGjUq(h7#ZcIy&K{JDm4ja2RbO1GB%~peE2?Xt4`nZi
zkrKr$OIlRnvKm>-cg#yaaIR{F+1*(;gW5D4-z&9(evZXp#Iv~ACOXq1V%$KyZ6Zg9
z>9eIvO-0^Fzffn%=xxSw1$T$8E`gR4_P7#lSr#u=VeM6a<=t8}m=4H2%Rr-iTr*Q{
zxY9UJN~iI6WU8`5$eyLzyMZ>myrq>_tysb3=Hkw4qAFLR2~1s5xLjLU5T7~LgIBKS
zbSGY%dvvQAw0e5Rob_CtnJPa><0i>IpSGPfY&bFx{Io(^Zb#}@rwz4E2fB$=gYRkE
zl9NK%7}~zuX?~&ga%k*FPGm|~mJVST;DtNPV0XB}U4Z3`g1=C)WSGlMeG;2pj0WkM
za?h6TE67E;az|R*lnz}um+eQTLs}_rZ$MhIMMI1HJy=gjwsDa(qP97qiM4Mx1TH%<
zYuOgIX2O>QwO1HP%Z?Wh^JZP6iN8oH?uyaCR2|v3g0b4BnmjflRXM~JD9)9%1t%ii
zrHFGHm3j+0QaZR8Cr{Q91A`8BX`1#{4%EH~tH4$f6y@hNO%*1kL3Dq0f^4*BuTrF?
zP~-?sMdi5=5tCKq6o+k-IeV|%Tq71T@xWeCF|B%DQaXIPvPSd}cRij|>hyYvKNdYP
z9Uj=l6_Jpatr@1ArlBIj#jVV0b|!h_X1Q$4-&ijq9bVyUsM_DAvN5fqITGMexQd=<
zL62(cXUKg!dEKU50pdL=!&2M%QHCr^q0Oh_*%QR=O=2jx0i*(>y?R~?1|_t9*k{0Z
zU6CArp{^UOlI-kfV~Kp(aMcqQP3U`(h@|q%380Z1}^!N
zAG1aVk({nnZ$>#LDASN!K&OE`rpekLI`z-DV=N;!Cmw)qB3rC`Y1}s2O@hX1$;m)E
zr>FI|HsYNrI%}T|2j0!&;TbCh0u55`BG75i17R)*a}
zq!0S%?3!5#9c+0dpuLh%}>Zzk2G}4l11v?rjN#q+;OY%-ld>}RTRu
zkJ5xf>zb3CCyQ~s??{ct>QkXl#8Svx63Pe444#ttrUM`7q-l0=CkML&Wx2=6LjArY
zU&ghTC`J-V$=_}ej=B9MIyM7Q!yT}2f#S3&%~7i*>seP0dJv!NrE*a%*?Bipbs2=G>VbEwTJrXEGg^1-B!*Yw4u$@;_|^
z%|`0JqqWG@ldymQM>M0<-#O`iXTZ&x%A_pBKzCl^Wp@#O{gCgza
z3_;djxU>Shy?STGc)4aS(>Ot*l81tkI-9c`@y^;7gX@qZEuD%Rl0m=pNYSk*e%d&a
zLcK6ppBH2g7GibY7WLO{76r#~-AO<<6hn1YBh3+bcm}aH<10Ka+-4iUi6+kWuj)+t
z$HmdpPm$5!c^=9|-!amdqAR?7lJTOh6%g_5wIDe2ifRNk?h4vizlX4H`*ThAEh)f}
zgLhI3Yvy4sb%WbQRe1kGD@*V2dn+R;Sp9YIipuPq7QYvQ@tZqCgyUleo+)k^g}prg
zmk!_Fp0o^N=K>tDe#r0$wqf&Z9qJG$nP+E!M6_Y1rhY68+B+_snMds~Q6LjzKr~V}TOIcciicJ^YB)ASqJ})E|JJ6%mySaHt
zxhKt}?L`vDim0_$;e#Y)X|@MQq!_Tp5ah
zAFVH%3j)1D`!VIED(}8GRi3qT=n5pQ9hkHk4k>2{q|`>CadCB}kiDKSq*ipKT2XCI
z|3S3NW>dBGjfo>q&+HEa!mKRpv&-OKC>A6jr>?(_^({@P0
zI3pu;p!_4N{h#lQg;C*$YdVox(22!%P>VlBLuq7vscGlVip!vrhD3j?&KmS;^$QNg
zK8NR&TbfD-3t1rJHVQi=##&O;B+`9gsnp7Ks}A*knP1UZ6({~|RBL~abSo@)yn
z@w3B9Dke~AEI*r6d62ukv%PMFxN93H#rm$ww|RYY4MuY?9(AWEexoM38|!V=@SuQbkD#(KGXf1C!8k
z(jYu&s-iP499X{k6YWxNxOW27>6SY6x4#uoNm-++cVDCXx~#mVB7gzlHWb1)RLfxP
zNMnW6maKh9X336olK~c03%PWX_6X{ndVlL@d~?-37wyB1VY`#r6w|g2d(Xx!SC6|;
zG`c`BMj>_F)%DLMm35vAoWNbAgbsQl&5N-Esfr)?8DU&R&XHTtG
z*{EAk-JI3&3;P$ftE*88wjdg8uFDScux&bbpIj;~&IPRvb9rs8n;nDi&7D7OU!o>9
z7`BXPaabr-5iH8GIKb35xeMJSwzRZ@F1A~e7BaA;cS_vnRP^#f^OY)VZm5Y1z-@Wv
zmuP{XsJPk+dzpsK$3Y4iRTuLJ@jwj-s6&BWWkX-=_)!amO+M3Q;F{Zt_zOeK`357~
zH`njAJ}QcatW2c>toL~3%m0a$@-4|qxw(SjVk^}cB`p!y$68p4$-8T2x)ps>ID#mT~o
zCWOh6yaH{ad9VpMyZi)vrsT57*15=gmy69kqBMr
zi0(G1QLY=PuT57}R*G#ga_v+q6!OE<{nR!f5?buBqAKG=xfh!tydG$CWCC5$2BO=U
za9R`e>V>4Pv*it*<7``{eZCB2e#4s5!mj?1aqL<`qv-++sx24|W0^{wAakX;`MLXKf#kv#xa
zS;R?9yiHrbL^mwrV-8!%tkaP)ss#Pz>w#+x?YlAV(k+ZR_OKk85SdzG5tRz~IaCUF
zCGh`g?rUNr%d)hBzkwDEJq$wh2sM;o7>!^^Iqdwi*mPBvYsOWTl_oR$M?#t)Y=<+W
zE9`JZgq@i!7R?4Bjf9E?qZUF!{0KE0m>sk14H7%HBe5A^hcwd6VvrCL&3FFpJ@>wQ
zU%dBhmq?W>?1;GU-FNS~=l4731Vjb3aH*L;WYj^~dw+6{;6~{5(~+N~u~W=F^LTbn
zF=9WLEpeaC+y=#E2Y=JW)g>R8v_zK=3>o8+TwTPd!m>G9Bo%ImW-6G`BHIjrKx2Qn
zfbK{t`HZhO_Ti4WC8CQ@Cs&u3RN;MjMQTx#%@9G++hGdqhTx7k$}CS8M``s9QF0%2
zE^8
zo4moiRdOBE$aV#c_SqHTz7q5qD~bIrA46y*A=bN2A7UC&X&Ms$3&en=y$baRIfNm%
zo81J!so>f2kPW%wSxUF
z#ybV63ZeeYv%+lK!i=`$L(~%550b49P8PGNFcTO7p@c;6>m*RW+H(>&fR!sP*WfQ9
zuf*Z^0G)}*DTU939%@pD$uX)&lpds6Uojxi3|}j`86vCaL5$qE
z9@~SZaLl1UTRgzNbb_-mD?|5d>Q6ze42Oxer3&Br%8%GCiDNQ1mEBqx40cP5s;Y)Q
zgoHb&^yUyv6vm=bW4ekN6i!a(nM;
z!3`F@(l8z~Px`gx0`8eR1mYuzh{IO|;&YU@(RmSmgN_?Mj7tpTkXlNxkzl5{&*@H&Tv{k}!7Z^&|nYeiWun>21VcO37aJ*Z|69H46%
z7YgxP3X%|A#I#(;QA?W)GE(d(ad*TWuv`h)1B?-05kw$nY0|HyK!U6Zu2XVu^X1xI
zFUD?BaR?~HMi`?MOFAKmiOS8Hq6Wnv3d9(pmT;A`^yCB=xtn4GNuS~6tCoRo!(P)v
zH2XH^3JMHSO;);ilNL(|cP~wGJKvR=7pxUC%mcO7zG*z(2JljFr5L!iPfrO%ad`3m
z>J@9Z{UO^BYQZ}KEx6h%^11g16~jo>rttvE*=KNk-2a3e{IqtMe(lN98nT5Gcb^z
zRCU_2j8ExizVu#k-Mc4tIw-
zV{7#c&w(#oMiZzd*qhqgcDe4<+IA0LE9Ue-Y;6VWtG*G2{#K{ur&6ls|l;3nhZO2w9S#tFj@}Na{Y*`sHm=R1m
zIEF{`F?W)-nzqBQNrGDe64-0Q@n(u{OU(exDIjsNwPky%%Dh~X3--pW+nP_ZxzE8N
z$woaD>ru}Rd%7^4u-k~{!(bxwwBiFyJS4*2!r{hts4lL(w5
zojy({6>)~Yz`biwa4*6uKyZFeJ(TW>MVE?DQ(P1e_DUwbXC;2OLy@Jaut1TCMG+dA
zb%iMQ%US^x0YWI@%#;fw1os+0VY+l7Ck|wq#;hezA4$Y)kq
z(XQxoNN6aT4!_uP=^<34`VXk1V--;dB#9__l89T3#|WFl7flim2h5OEIr4Z#6a;5m
zDJGz^IpC_OV1BZH`~Clzd5Y(zl(9D9rtiqz({f6Ew<}
z=t6`Ju=|kKk`9i0b_>yjw@YoWKqpwYvY{Mw86(u-mpNe1zlhjwCk-Hz$>}oYZIN99
zNs0eR0iX%A){`;osmy&6K~VZiJN34*hyc=Ie5GzNR!sa6(3gUC-I1VZ;)9LUua`EOIn<-@u)g1=bKpi?m`btLgf_1I`k@`rVgLI92OO`fQg|hBS%L#htS<7j66W?rq8oV*qm@nmDkV!$}gtlvEY!I
z+tWBQu}o5btg?|@pn8m%$q!*w><80zV^Mei09FU()XRUznrR8Nxzz@nOef>RS{xas
zCZ@43?Yt-Rv%~MLS1_kB93=*i=bJb4nA=Mozk$%dKF~nI5n-#vP!0F@`O-P7*yoa5
zmzO+meFiZ_oT^pwLk(G|sIFp`#IG3#o>XQN9y53=gdYS(F)Y!gBX5equJjMly4#0_ya-6jABwriG+Enrb
zmz2@z3lYZ!A2{g~u4;O55`o*b1n#O2vFN8RVX7pj7xm5^8p|96NeNQ
z2*Qw`N0PYR8ZMw&SUe*+40ot;B}+_v7|Tvvm8Z3UBKcy;zN17LEIoRW_>3Ed0f{-=
zZoh!)XoW0LsOg5RLOWTt1mO`!Ob
z8P5%Wh|gk)!fAC40LVEL-zRR$c;^zO3{hO^e1QnW^@m#pQ>sf&5}2qUAN!&tQZTC$
zdW}Y1g~G59cdGtE(|T&SH{xX_`HZEiU`r~&DPW(-!HpCv-s{;HcCc04^i^JnrkW~(
zX^pa$4W*JXK4u^%a@TRQ8!MsX@nZQV;P@4p&$OjAScJA(8QaUm9UYm%V_-cFR;wjI
z?1Sn>cyAH3eW6)Dj-l!R1;3JfW5d4>CazXNuc
zRUz{XdwmuJl!hzY^0-pn?100BG_uIt&Nn1;HDfG8#S+_f#uaSU_{O=OIK;bs_-D+hF>@hQh
z$25}NwYTKmX>b*Sa8jvLtFERg1YQW$PKu8t5t_YFo8sH9I7NO0MNXE@J}}IN#uUtF
z)w0c&Fwrz_R+ZllZ47b#vJx>=N7}&0e@80AWXc~<-#@{9O^rN)#e
zpkku5_({=(B=M=Rvch|!!BW$XFd=m!Y<0X!7Pxb2l>#uIROER)m|%z`q2T1<5E!eI
zqSb_>+n+Ur#DYg^qO;bGC;%a7fY=cP>)e%4qBadA@rGHWu->wYfUNk#LOc=&uRkBb
zD7!D16na{>jG1q+wo{27j#f=rIM&b8lIi}w`|~xDh6!gVv9mj4Iix;Ov;k|`*&B}O
ze_-D5Z4#yzO*s+6=b{=}bqo7>zb{o+%6GPD6|ti!!DxTs*O|?sWzS2
z*$@X6jhP=wxr5Z|(Y$b$sg9~jhqEjbgUAFYFx`=OEfW}M6{pdF$;0gSwo=0A`w{`n
zPJGw4T&*uBz?J!V%qS)={sHsKmn`VGeTESIaCwEebqbqEfqs0icrgo#$)SrE+@(G(
zpHjOm@cd5+u5xkuWVyIHzo2{ZuPP^%ZQYe}{
zQNekfWRQsiaeBd0^KiMIe007!TTEZAU-0wc?Vvi#xw!#jZ+dPX2vpT`yzzrMinCo@
zqj~upTlsPc$iifw&77C-E@ujCYP#6#)-w))`B(eKsFC`Q(KW;7j?4ihY9ayRY(vq;
zqVt&#Gy(=LJRDjD)kF^oYt)p2bR&dBC|=TcK~($|6?ezEGI^K-2%2!CBH~%MG#*N4
zA*VQPsXhf(0sA8KpQZ5odcL&r(u1xE5))k
z6fUw~rTl80bXs=8Vw2l5+iH?1icP1`I_2Y*At+LB(AW{dDR@-|Iv9f$;@Hp-=G+mK
z{GOnp1-D9ERM!qlAHZU?zO(
z23JNB7h;_2mno$=!##KL3|T&DUwzJ@B~^TVuo3K`7AQ&sXrQwqxXGNNM2I)OR*cU@
zt0!e(vQ|yrzm=7B)<9KdHOsx~y%AduKH^F@81wEh4;40&XNy)vFV-^eDXmB_}M^cwK`F6UOXThd-E7BIG97VV}
zMdYKB@Y;E^g7=lJa+X^@l`^A~DEgiGX2fP&oGil~@)%QE4AXZHR>7Fakkx58de5ebx|5Ej1pi0~V7&N0MEvk4uR
zj(TLDgBlUw!bx$ts8t4}I#_F4lbj{DcK1!ZznUJj-oP8ZDhZC8AUDZBs=?o;*yuCI
zC@|n6qHW-{H}|yWrAaxN+^yOhCO`~d7&F0nU(XgOH_Olp)7VmhS!$!qBtVMhpRlX301E-I+;t49r=>;u<*8v{B~crtMwDnNl(?S+HG?Qg5oIb
za{TOS^${vsULow|BN3_kmuf*Khq3O6|3L%LdYDLEr3^~!HytAH`Ivoy(au?b4SM%=jVNf6%zU%=`~moLKT*r=6GKc
zY|Qow=s}TqjEGY;wha5}2H_Krit+#$ic)=)w+wn`cjfxMt|fP&PS2l>zFj-xCT$6>*o1$R=z&Egf=P;j>c
z_PLs!8JSWrF71fM^WnNkaQtlRrCHoCD)?z#(twJzPJVsaDZJ*~Pd%-;DezTnSzf@W
zwrg-Gh!De=Bz1SHrS>w(3n`HYWSKw`XHu&spBw-ZHDOQK8oEhgg9oTIzjNUxl9`s>W9L=>81_PO*%?`4kxBUt>}H>vf}Bj(Ggust=Svid!0&8Y
z1$1Yb?Zsr4JCac$fm-p|m^vLjb0U+t#yjdg^ULHkcTULyy+WwpBoy6@8`Wh+|4EWU
zX*(j%k@9>fV9&JdOW4*L0h?BVY;*Dtu3vKsBv;lXJR+}0EJGbnY)xol(Fwzd^On|f
z<2}Knf_=u?B$jlSPMso@LC%(7WH%PRbP{82
zLn<n8N!aPL^$Vc~D)!F^TA&UXGQSHw7;v{JONMu0)s>+u#=%j&fAG-kdO
zBXd|ufuP!sl!K+ner$90-bTP3galP#aWYv==b*FQhsX2NIj|Rm6-BjT!=+C)(^p^+
z2SCA`T$}4X`*{kL19oQyA
zcmTRoEWI@gh9?y@0qsruK8Z;NzS801;xv>$|7N;6MUkLPks$pxu`D`8H>$+c@C&in
z!5xlX=ByfAgbUm{vdzr3L7c#A33&cAT)1vjU8iB4x{
zQ&dWvOwp7NT?||y;ysSL9$LPq!Xv~SimO>iuv;t|hhJpK4GS4P)O_3LoI{JVl~
zKLm^~I7RT5V-?7dZyMd2Te=7VRX&9wvw6K*
zqD)Y1Rx2L$%Q{Ocs`;z0c3UG#X$%T*|x$(#+9z~F0V5y)L7@ebe(UaX3`}=3oV%^
zx?K9B8s!UYp9YZaFzh3MJkT
zrs+(Cz3Wm}HfEbXi1lE)4z)LgFO&x!tJMaxcwp%RRY|b~wh}sFh!I#1%|Pu03kH`@
zRxqJ>76{fuBE>m>I1ml3kd@^^;wtbg6$S$KRfv)%)Y{6Fx0HO0oKL+s<%{8ID56fy
zGD1W>Q9NPaeufszZqG##9H&8p;W`rTJA}?HBK%?_I>H?pR?@ny_WRnnaUM>z6e2PL0vmo^B7C00@n`(6lbbx^?gWJ*JNN5|9l43;h
zc<1a^oJ5IPJO+E1qprvdK19nu+8}2$|C4h;2fZw&P<&jH&`hFi&QBJD(_JdD*F
zc$YNi9Lh{h_#$%AD*Or(Se2914b8kx951zp>R^Xn%CQ5@OLjy^sXawBRUP7_igd?`
zlY4~BB>Eu=Op{#uUCN}#rFkK4MG0kwla;Py^>jet%2Z@LKnbhrlI$N)&
zuV!nD0XQucs(Z{@YZ{?NWslTHa`!dbnTroFfI_j%57qs$Tv?2f2H#SU-uc4G!iQ7r
zu>}SbInm!bB#>dJj#379a_o~TAuLd~V0Jp8rtMc}q%mAh=c{UM4dTg3QFbg)uqnlz
zUje#cEom^v%goVbb&JbuUs1Ua+*;BVv6lDaTJ|-rABAFWWk6uNXY6?PYJS0Ija$K=
zU^T|nS<5Ks1O-=!gs?K`#JYqNV>Ufk9}e4Zu~;UpPBH~yujQp_l4X~TOKZ}EB9TS@
zzJ(6RC1<|-gn)~hW|$mQ+aB?dX!9j_RSW4)LQ$bq>=$e@94mwV!)3NeWROAQem@5w$x)AN#mtbqN4Efeai_znN|Iai78v
zpP+6p(FGsTDmcN!L<`Bcsbe|KM+bMid@kx3BBY(4z2p(+R-q&af-o2LuT*;4pa`up
za1iArLNT@d?og)3SScA{!3U5faR&A)TOd@MVT{FeZPWEjl-kXkD)_#RNcq!J
zx9H-{`4MweVR7=gaBF@W+~BriJy@4Y*68-5#Bf^XzOn*+brZI*n3&a>(Y=Z!Rv>d+
zw`OX1n3ed2bREAs7eW!v5e=*AYMaeMl@$Bb2kJ4noa|)+7g8B
zBRF+Nz^uJVQdL%TJbvJDnnnOZ)QVI-k)3!n89>Hu1`(h7eP}P7W>Sd$!z3O;+X1Rh
zHYZLVgA7FCTd8=;e`LTkA1E`ix+bP!75!*SqcJ}1Abo}OG+yiye>Pjgtx4wVZ!^Al
zG~62WKn1vOyPpG^C;YD;6L#r<(&WKJx8>ENs0VS&$H=S4uLRPd{q#J&QBk^SnzgxH
zgGp|dqEq2W|3x=x0s#Vy3z@Pxd7Z%kWv#Yr5=_v+T()3$#*W(3=i!izmh+uC2e=}H
zX4)J0y5X!N8AH2(b6zWE(@llNzGyicoWG_k!B#0(twA|0E(XLl!a@npJSXfqCol#Z
zvve>VGS+XR)gb>xIg_g}NM=XHgWqmXByrD%8w)AhlYtL)e
z(*k~1h!twR{_5@92@3qIDJKT_oXPc0@x)|ez+_^bDX~zoa4aWz4q@8f%}FqGt0Tdr
zoGo>iJpu)jCh5qxO0+E`i}U12wp2(n>F)#bC)xmd$27y(|b)HG&M@e<>x&%ad
zm(Cj(ELeBjj9lW7ZHF=M60koxq^hSNjA6(Ia$Tw03KI_AFNX%rSgM68bfXf<@o2v0
zB4EL1cmG1VZcG+)@Qn50>A~aq#TgZN)uea|aplk^UF5{r!!%=^uG@$f`GmJV{;+QO
zzM`1zE19resFtDyj5KM4o{82T
zuY__A0&Pui5+GN+=obEZ`#2U_eh=7+6OBFKsWSi5PON*}P34M;3NDtNf^8&0;i;VH
z?@SXlN+}(KX6|bO%(bDsT#b@TMb(dv2t6L_zZOW183VWDmhpb&)(B{#g>&nv5}k>3SN}nxBYyAwTn#21*O@R6IU{s%$0^cgbtBAXG$xo+*ax`e(>ZJV%|4
zI@8_sLp7%?V~w@kz;d#6i$djLRuK
z=H2QkhCH?AWY-A$3z>q?ClN)oHWuHD;Xhndu^*@P8vHbBxDmJjR-THha6FDio&V
zxgB>j;XG{SeIwS1hXW((lF}TrfOi-&k4b$Jj@B*T_CJ*bBQ5Li!RM_!c%02JSk`PaQNbEF$j|4p4LIf
z&f$D;Uy0f#oc%VrC=Tz_$zu72l)mK^ij7oiyjB*A0HV484O6=&U890U26eTKUOX;v
zl@E&jIi=hM=eTEAL9v(g-=atTV4_LE+iZh@O}$h_0kuGHY1pbQx`ut5Q%=>ZQa_yH
zK5J=t5SKi!NLSlSmp^oV^htz~jLYukIcNpPkL$l0(y#D%ly{J*Uo6mE7?kR&_RSpJ
z9+ezhRPxjFodd)sDLVNavRFZ_5{0BnHynl}H4O9GolpU!x6U5<1A50gzz@&cnCuz&6>a?-UO;sYAb@$
z#7s##1gGR3sfwi3PR7_!dfmj!R$S_^f6
zVG+~CLcN@5G&s~)aAj>R(L~Dj;Y+HsxI&`98cN~Ir%x8ki`h$R6e%KU`-u-YggZF#
zaI{?>uRd?!BfJdBFc-|`lJKVKDwP^DWT+zb0Ju7@{@*fLWS4i^2M7l0UDl!5KVL!2
z!fF^qoRYTt?Ta@+*iW9%)(FyJX`eiq?A_au?cNqla1)QlCp$bf8j)D|MfwazKGl>l
zghX%OY<+*y=tNbx7Buf$a<2|86v&1@R%9{5NmRq1+{vVlH?`#uWGODPF$+?MDoSN>
zTwor;$3ja!2eb&$Y$TQCqU6nibXyHbB9P
za1(GV={)T8!x{#0%D%W*Li|>A0xXF@FP1B2o(bS^GD3W!SdX$9K!c%L=MQS+@E5EC
z(~eMiQCcskqpMkr&|Vtum~CvGbw+(QItHmt91D)77O<2YRXt`alPR8|c=m2G?Vv^Q
ziltx-CJQP)2{ppdUe7CQ--4FOkZ>6wq2g*I_DwM?bJzFRWGM0}tx*o1pO?Bu$dgo4
zfB;YChQH2ID!7Z{{JK{g-PdZ
zkX_a*xy@AXVT%veGCe&t?dh%piR1C?iz}49TTL&h&bx}XxJ*NLF76Cmmc(co32(Um
zf*~OOHmi0jloVOdZpZosapH*d=PCEMvJa)W(x3~I9s*pp{K5_EAhm(?6=_#MFiFrhA&0$RE;d3_5`ZqfROj&U&`Go|WU}phG(aEC`1C-wc%m6d2E2&2pm
zP+#df>V*h_L}|Q~BCHZzn=Z5&$e&%EAH(m7tqlr{t2#sH@0Qb?%>cx1He95s6FGSK
znx(Zlu3m7_RM4yg0_X2fv_7b}m&)8>2)zUsqBl7l=+-H3Tg*kDTEi5Sr=EO{E2*n9`q~b@IW&JqAits(gEK8F)ap=|7(C(9~YK^4lFXoO^
zwa8^UnUtW6Q%3hBHk55jPH9G%mh8(L)kdK6hd4JHWPrE4Pn8j5jlLrGLPB2p+E7J=
zFRoB+n`flzGR|DVLZh#6>ucT49xhuFIbvG^QRa;G
zI`X6G`lH2iD#b-!Vk@GKl1Oc(h0O6+WVvccV;5@aa3x-!oaj;@-A*Z3A&%+E+qdI!
zBeSCdu@{vgc^=J5!%T`MY|1Fons|HC0}(@$c$_>y^!vDHFh&F7H>W%EIXILl5du7)
zmUo+E8N!jBR_c6Nr!!Hd`*@eZDT-+D$*c3_#ROI8R+|YuhH0@;oUq#JL{V0MzxN_`
zv0VDoNM}Gk)^S3~?_BIS11A&fq^;zqef-gEy19bb9q&MMo}X-<8iHRwuOQ3bh6{+~
zzDZkU(CFi|6b=K{@OI{x9)wEd!pj10gL>rZ#x%)L%DLPhpxb-Ln7j+6
zYjM^LV3blh-C=_+2Th3ZMHO@r3*W3>k`^hZaBo8=Z((!X#EHX_QlgmFG0OiOh)F~k
z9IKqRye*c@k*Ea!cLaNlT}S=T`$KI>2sv6146-MbcJq3+K>Y``{{X*xC`!YppTK1xLqHNgaKScjxQxP(KPrG>6_^{g|26N&l3)Y@AMyt^t#XO%w0!
zhlPs=dfZ$RzhaLO7UeouoKDhPk4@Y%!2sy14IAfUIaT0&a`=Q8+;=sr-!b%Nn9?Y|
z0zqQgKx`;Phrzc4bOwrjJI*!RHTfnl~;hqfYCDxnIuH36IiPoxrezuZu3
zeZe6FT!Y{whl(;w;b>jTC|MvPx`ZV}R90$9<`WIztZ4H%+RX`}giSAT++b@2G^~JU
zFm8cZz4Hm)sI4vCnA76g+#Y$5b+8?i(=oQW~;w<1
zMwGa+Y3*V7GHmB??S#aXkOLndqu?5Ib_MhjF)Sd&;8!~N8~{AWQgN2_loBTei(-iJ
z{mZNMYt+ic$kDy^yYtQT7_Xa^yuP;IE>I)--m8nNdzY&v%(~6H(Y^52FPp(l85Fy;;j|n~l)@Vut^ta2!W^|8q>Crv>dhgXze_78?
zM)x+TEHJu9@lSkvNgQ=_Z}xg}wwj*LCa+I%HTw&Gn;F3J$>G>S@!kuXbc!zIuyk3v)q4^u-PvgDW@zpDgCk!3lmp@S@jxHb{9Ure|
z*Y+0$i|u!;sr{yLj^{{9nq`6KwT
z@!ycQM=$XD$M9q0AO9!$z+Nx@6^)Aj(!WNdzl)E4>gNA%U&)p1^&kHk8Ef;m``GJi
zeEfgi_{SUh#9n__hL33ebPb!ozCC)Q@7wjhaV5Xm>m@CYeurLdygmOv(9b@g5Ap9G
z{ZPi+>u+7k`*iPLz)wE@H}D><$p#KYe*DoVa$kG>mK#gI+BkdtXL!$#|5C@>>w8=7|F5(0zxA7Pe|x?9b=w)b
zd%VB=H5&ap{NnHb%YR5aJsR2T&+=dKfBE|T2Yf{1<6UegOnzwrS*zm5Nq
zj{lL4e{CP=1@i0t3s)+Nq=lZAF{YQUA$9-L2X>#tL-QQln
zj?ex4NAKylpOe=g|8+MQzuGu^{YEza#|Jv@fxOy0?J73T{{G7tPw(0D|3t_CwvPX0
z`=Y+)*ZXUF|DEi6HvVs9@6)r=KYRTZ9WU?3|NnQr|IUZ;J^IbY*}H$cGXCd(AkY8q
z(soWpHQ}8jb$z
zx6%`5Ax2NvJd*L(#W7}unea<~+-*eA>EO&BumXweXagh=Y7O_vo
znNniPj((wM+>wq%B0Et(Q9Jl)B$6iT+z!
zf5pG!<^TR2)+d98ME@;~e<97w|NT3r8QoS^tPrjK-?E<>{#`JY{O_0-;u_kczDQe8
zqMITSm2zlC#C&8ZBwkqRksdFFe|Mh#PFNb!-|>>w!DP&f$iV+U^?B0Y`DtSug{7Gh
z+UF&&Zxs9;{ssR2|LZ3;yJ$4k*IGM7lTlvsp2_NEHdvo=88McHyPR>n*RW$X`pkac
zwWi53>gO2iaTEJ4Z(3L!GqvXZE%>!a78GYf84YL;5LH!3WVsEFuhq+uE_YBCbx@b~
z*Kg~es%9slu`kX}q+Hlh6eelzC#jljY-i^%W9p$%%I%NZ?GSmY#9xlq$ynd+`QmuP
z+1u-7RSiVSD@DN~z1*#a#?l69%9W#fncp1mBr=GJoc_mlnE%v&vU2eSmhpOa1_vVC
zs+1km6Z|Ws&qqu8+liv%T}M^MtGd*-Y3KT;yjT>Y+@{+@%Q1GjokXHI8P(x3ITp1d
zQLsXwtAq-KLDFus_s=YOe>?dnqBy(3deVV8@on@)ZH+9uwZF2ua(1y}Op;?x{KV8Y
zb`zrIrC&xDyE+X!u5c~RUZJ0zo@B6Ht<#8Fh0zKDS+4I_-|Hml&?(j2V$xW3$;6H^
z5(df;T{(3Ldj~r$kxuy_yOqb~Kcto$M{UTlQ|J(~Qc@}=)iBM@RxihK>{tt{qZ_8y
zn`B8w_MK}GQXXk1s*P$wy8EGkd7%NK$MvFw1iVhN@XvZ8Mxdg{N+vs?U*`BZMEDXxayC`SL8B4S|
zf4ba9)WpRvyoWf-c)sY#8S>L%SzHrGx;
zt|+IfpRF;!JStn+*m-D1f!k&|$%}f%(w-uFr+7I>J10@BNV!Xlf=EG1PCmLzvSCNL
z5R1UB#&(wdT}3_Gi0mR=d*>)ei}a+dH%TuvGwhVBq@F5gxkjlztV__aa$@P^u5j-NvKGkjCTB`)~QSTE|S*D7wjGv4w9UDx{LXC1LIgv
ziGk%Jy;XXi$rUPkiqYZHc7b|&F)=rM3?==dn`6_>*jT`179bQb7Z47J0L%j{05Dky
zSOi$YK7cI8LKFjKEFg|PucUGnl<|NBKq7HTP_6-_0@45(fK0#!0F!LMM!+V(R=_qu
z4q!WA2cQ736Ho{!0_*|o1?&Sb*$+4XC;=P<904#n3MdsHi9{!%ECZYdQ~;^~X8>mb
zOwIw$1FisS0M`IquERkc;4a_+;341<;4$DSfXOo~#6Mra&j$MZ2Fka9_kfRpPk=9g
zZ-5^FCT!~d1Ng^2FoD6Jr6z3vvH&>%leSdKQ`rv6_5fvoDxf2vGoTAV9iRcw0q6qs
z09^FxxEqv4ble?EV?Ymp3BU|s4(JK60Q3g@uk?Y>Hh{jw+d?^jjt5aWgi08yL_+~i
zfMLYBQ#k@kPrw-Z>;40Fs3;>haP|gK}10n#CfCYdkz(N3%
zMNlpVECDP9ECa*2}o{kf!OoTFtj!{b_N`}vC0BZqhfONn*z6tpbpRkaM7k?T`2Vd
z-2g@aV}J>Oi7Aw3bj&{YgyUX-J^&klEnpyEFklG49`L{7_&=YW;Mf%~4B!SB0T>M!
z3m69&5AX)~044%_0sa6cQ>hG~avGG=0l|P7fSG_$0FyaT&ILpQ<^iGr3jvD&O90CN
zOxT1N1Bj*1E1+BrNB|@O)&SN5(gEuM8vsl;Lb(O76|fz!1CS3W0C3p}$GhqCJ}8Un
z_yCoMp*#vW1}G)&1eIk_o(5C`&JuS4%8PV-8Op1G8o)Kcb-)e4O~4%hlY3OMTVCEyj{HGs=oIDYp(pWnmrCqUExa7_0LeEtUb3HS~83y_jRD{Y{Z
z0muU6h-1HzhvRktMSu#R1E3?IGe8}n0pOxV$2w5z0So}$0LFkG08@ZDpeKNd1(dx3
zeE`;gz5p)$;J81)mbigX4h9SX*b(Olr4zsfFq}9KDm|eb4e+AR%DUiSe?TB02rv`CBoxZIfN=WExOsHE2+E~^Wq{>?Xg~}g7O(=qBo4||bi5kMct9e3
zUIXP?Knft0xHKr!0qX!6fDHg9*-&n#<1J8b1LV+W_WN8oE&vn)iU7L-djU-LLAjrf
z4^YYYgK&HlPzpE!I0+~NlmjXORe*DV^MDJ0i-1c2CRd=m3aFva*P*;Y$G4!oO~*|4
zE*#&Z&-bBxK*tZMd<^9iI(`P_3&2ajE5IATJHQ9PM?fQh$!93P0)7B~0)7Mj0R94)
z{9~mwjK=^bl2A$k+R$eiDB1mCTYx;EJ%EWKl*)9>KC9BP8kC&?T>u&YO@KbY0MHF!
z1n2=U0hj`q^n}t9&>LU{um;!wxb%bL{(u1h2f$Fk|BB=Pe0G9kH^2zMNa8)A91R!)
z@B)klcmpN^d;$J|06-96I$#E17GMrwE`UimmFzeIj^_d90~Qj$2+GBPC4i-XWdJ72
zsbt5|aJ&Mr8W0ai1grt91*8C&q(hkj$Odd8j`3UQI0wq@fLuTxARkZwCR>;~)w
z>;vovFe!$zgpLnFc^GgMa13x9a1u}kr~ojjhVl&H9N+@rDxd~%4R8Z+6Ho`Z1-Jva
z3wQu{1mN-*j-S%!=TN?&DHHN*O>~
z`m6wDdw?Q98K44Sq6(!Npd)?m45d0i6QDz!K9mM@%>Je;92)|<5!ancxZ(T1(i4vR
z&}VBX`vUsW=l)RI((xcDhtRPdln#KQ04IPmU>JbOa4OxQ903>w@B)klj0boFm`s3j
z5@0gGkGQE&1^@y9GXNognSfb<*?=&>TtGM=5)cJovXIKfP%Z<+0Ac|v0r3DP2~Z}}
z@fs-C0#fKR`+X`Mr&E~$WhP()APbNU*aX-N_+QxypSJ;a0P+C&fC9iyz%IaUz#hO}
zzJfG+?hKcH*|{097GoD7Vm02x4AfC8XBKoOt>
zPzH1Wr~#OCrcxbBO@J1CW=oK|bj45o4jl=gJYcn3Ik0(5hol#cfv%-5&uPh`vI+CJ2}W7$JF#Xss>Zy%E)!;Gk$kR3-R2Vcqh^|wRc
zUW;yjH5_>U++`alNx8&Z}9&6KazOWsyK(@O3>De~J<&u-_cZVyZXbR%4&
zev{(Oy5GJL=E^A+A%jClxMep>YIq%7I&JWy;0|eN=~;U9um34_)z5n6V|lPF?^)^O
zV8si%n=Pt#Cdf8?a_Db*C@Adoh|)1(Cpt(=lqB3U8}Is0UOs8h-{GabisZh=7zPA7
z8lOIY)GN2c*1?&Rk2?Q&F!+~+Ow111`-4jc&JgRLz8o%27?W=5>!)j|2mF==}yUk^Q(S+J>B`x#$C
z-~X20qVLl=K+j?A$b(VN4i64j{gaKe+3TvGq|j%s*-ph*G2@(L+MeuC{r=r=&sPP@
zbcRpR{WNgg=%fnyIX#RAn!j(doZ&Ed?WI$x8opOw#XdZ`LNRsyHd(7tfqAF;Z2utH
zE&a={hw>NhH8|cKF?pH7yfMk|i{>6J%PXo=c(8xZ={uL}*Ds4Ww=-dRRMn1UChuNY
zJlK4vY`jX!N`nsHzYWvTc_-;!nlN&o-^vwz2YD@AUoq_0mbzQhj87jvJN9Fo+9sv5
zr5*(fUSICJcf0YQ-1`;2uVn7d&nz*{%^Y@neXduo=I*_-PIhrP^8Hbusr&33`%RZ^
zP`+Yz3s*sPvSN0s!GxgyxNpb9&p)aq5mtrFCia#kFH6(ey{pNQeAzM&%5WE
z+8?fO*3GD`vbDeLe?T$t^;w5=4(;j|`=2#=rglTe-Q}R2$>iW0W%-=~JX87)X}d+=
zakRC@`nhiud%e1H;h@D%#Yv0WCf({jE7D=z?0JJ`875|Fi#AxL4~lCTeQ)2d3zqvv
zP7Ii;9$cIENn5-BTAO+K@zDu;miJxWFD?GJ#{H_73(R*^9XY+`V#Sam8^iaPtyWD7
zS--2+QR7JOCz6A9_^7*Yj#Zc!aVF$_(8P>0T7NBec$7W;qdxG;&n;P@^%YC1b`0A2
zFe%&lRdvLRa0zXLdW+px{v{SosMtI8pMPTawBd!_y&Gno>9R>_Rr`C(+stuUu%qsF
z*6;w!8D_gaJ{)`gi}oAWaXR1gKA5P@-F`zS_FPH&4b{G-
zIsKn~$=L3(_ve{51*Io6qjggUHhQZhdhJrr|8nzYm96$@|DNTa#?G2__06k#hw
zMrC=PGb4MtEmPaOqUYq`A0f?4<
z{MIyC?Nr>ltZkChEn}qtS1tGTmKbNfY|o=jy%be7ui4JakDBlySM&VK1;YMp^
z>n+-BZZffasr$dQixq3`AM;sowESS-+|!eOq@2~vZs@VTeAw7u7lS-rPm;9UVXfGA
z#pK&zrR8bUbsQJ}c|3W{=4kVx`iiXs{123M`0jHx-^oUMwzb2-35yf#ww@ob+J0W&
zn`1s7=w34N=a#6=`Xv_sI=ZTf%x8YCn7emX!Hy2Y9QLeR^GH`ldy~@G=<@Fy+(JJ#_sHTWlcoYzQM1`
zKG?(_GwO7=%C`37)zd|HuIz0)>BMp4C&@RQ417veOw00=QZyb8nA5yOX1CVb_j6U3
z-F<6P7t?1>C$p92i#F8i9r-+7rFiShf%;3YTkgwh?pky=z2bU7hTHuOzvJefDi120
zBGv!>gbLll<*#-hRCasXyx?EAH&Ls*ZYq8-r_-v(-&ET^4JmkCnQ`;WvxP+-uFs7f
zG)uh3AE}vVIz@f4#E7xKp4gP6pBO#h$RGRV8y&7Behrh`GxX6A{{tyAMlH!bR#Q_r
zrN69Y$<@aj468K*sCZqUsO}H=l7uEnyq6d
z&$HfPlP1~RM=7fB%LOu3v(vV;Q7!D`w{K*#i=4`d6E&}1Ot-%`L*sqn&p8!;zPqFj
zH>zJ){@v(WzV{`=Q=7eexxSuuz@*$tJw{c;Iper<-Dzcp`;IP-VM?ZF>c
znVPN6+NG~MO?gd5LRag(pQp}W8h^_1N0QNsx6_h0Dp|YVoou_b>4Ns=N7^!X<}TYS
zy-g~tOtxg(JB?K<76g?a_RMNGTlV3X)UOZLs%9;3dRgBqTz^1G`t=?~ZKX!9?tX9c
zfpb+wUdaQUmv7wuGPd7-vzh*er_Y)gE6ME-ihQ`>#mSl)`RyBAr1hsQRq7S?)5>%I
z?KbiuCMS2~&uP>sYm@!x=MvvvO;%dTr*&(5F4VkF+MYG;pv~7*OV95yuEjHAbI1LW
zbx1ef^ZeIp{|-G0-4?@5niI?5kP9GkxHjpMq&9_HVs?c99T?2p5oeUbU4
z170qWE$!K3+dfgc@%My`BAxezzMFG*bS*gab98-4pT6#?!_WM)9#T9m@%!X+hwm@G
z9PuOQ%kT#^Z@Lc`4U;b4<|X&ktnF0O!n8rRq*Csr)E-~a!@K`(vk%vN-t5yVV#${QK_kZ&V3Cx{p@L~@3xpP`mGzdr{nxjTFN~}m>%*Py?J@l
z&UNy%;b%Q7XP#HTjLf`@&NnHtxTr{r>L4=I}m~tS()(zO-$m
z)cDd@(^C9AlCC^SS^Ma856$q$ceh>qtmUxoPD+>2LniG1^((z0idnD~%A}m8gxZ+v`HwX`tr9ox3_Y$oyLQl=t3M5#;zAeyI;ERx8mRy4g;e*O
zBM&xwH>>}qrJZ4Qp#0#t=1I=(o9pKVEU>&S?>F-Ns}IMfY&f0nV>-&f^!L-l({clj
zKh{%x{#5$(XH&0sCls5X98h!Vo>Ug-+39Vy>|9;1$Iou>^9#6Ky8cAUaId2c6`!iI
z*H>)$TG4sx=57B1X5Y+3qvx^G&atv>yNYQwY+?`yYv
z_VnNg%?rnuZLIAbwXjdO4|W&f`0~k4Ve`#Zvc@`OTO>>LEsqH|e4FbwM6codKC9W1
zTffX2_U~H_`y0UIi|?Hm%}tbQ?{f0XuXe?vL#kZ@-1GJK4BqPGpj}iFGN$6nP?eB12OWPYIC@}>YCuVm-y?5Ma6cT%R9e({h0nC^79tf7ak$0zMaVDo&e?0&-n
z@7pUZYHHZ$M|meLcdKo1v0V~=!u8K^wM$!fhOXZn7+m`Alx}?CuUi23Tyt
z_eNd(vOmKIzLDxa
zTNkSL7B{La9kh3!!lhy9?+S09P8n`-K70N9vEAGxbH7%Y{2FW<@ye-sh-2!}nw2xB
zT^s!1{-x;weViid^3T-j$$uK;eWYMkgyyPtRz=erbiY>nI)vYE?6WHR(27vIWhZW=
zL`Autj`}H4{UZ0ui3IN-yG|gP33vRlD4a5_rK|~!9~Y%N@(A{c?VZdOP!njS0O0v_JqH2e$zS|#U$%hw9Ee)
zSZMEe#rXNK3$u<5Tk=7wyJNwPx_)n6Z~QUy8Ch|z_(t0_|GbHB2k-Crb*N|0_Lqju
z*}tRh!#$2P2A-}69Pr10$CPMw=%pbaD84Hh$n?C8yK2-)XYT&;P%caOdiV~6f|dNV)$`;MM(E#jB2
zJ}S|9{$b^*!CfP#w0RJ&Il0FqJ>N_2<9%K^)%Kejbhb?6;pg-oRzq~(4!sm^WV2U$
z=#;3&ui+bin#+EwKIJ)Fw!4Q?!XBUeQ0)O7eGfZSO_(k@qw&H&>w!bt#=iAQxnW;-
z>-fbe^=#AasGypp96D`2RyE7l&~H;BAt?w0YDU%l=*Y5f`)
zH`L?ys(X{Ay31E;s%1`ay^-7TMqR=4X&U=7E3J-RwQvZSv0>xbcRRmyb$LEAQ^uq7
z=-c)4th#*Gsa}{iVbnQ?*o;z}Y0DzDw!KU^w`$OL<$~E)6uiuTZ?H>L{X1d*5F6QR
z1G3jI%$OJYZ=A|IHTf6Ei_1nW^03-tU#L-}(mX=(?||QxKdYbX_Rn(vGpa7Z?o-r)
zu|q?;?#_L`=hea3HtB``LL07yXJ1+UeE9>(XD@H&CoElHURk>*%YLNZw&&|o?>j#U
z*F1V$d8)#|Nv@t9&hP1QK;k*6b;_vl!P9DFq
zdLMOdyffx=;FC)cOEtT#@mGn@C{W$r|J1KLw!8Oz^?4qCL`!!_L1gjV2}3WvyJA&0UTdmU_hS;x$DXU-sJr9qdgJ59N-N39p$*dm>-V}&
zt}e@-q>&!yzQ01DVaHr^=jWG}g01g~RXb8IImEVqGp|EMl-9OE*_t)yuU)^gID60N
zioc3`iyCDYW|una7(7t!eRQYwn8j~0RsXy_Ub$i4mEn`B*9=dLQVsoCr2
zq@t;j2eQY1Qu-~W?p~7HxAWPBPe-1M)A}<(v}W=_t>r`aluaFE>Hc!OdH#`){q`=8
z`z$hfZGA|3V_wC&)YN#1p{H`>*DciXc^5G}DB3xou9L*BlY@eKvEwD`M@=+l4;g+z
z`sAIyPO054d#otgTiIyp<-4t+DP4WmS7%-MowJ&iQXYTTEzqsDxe*@l>EoP1PDY-e
z7uF73r#a-piRvR`ZGB=stIkYnIyOb_)X#giciy;eT6RNybaF;PXN$XI4wh=^o~)>q
zF7_RINvB(9D`%a5OK-jO8v5zC*5&juMeQ9wt69Gvtdo$bzw-U6b^|hccy!p*`EiY`
zS`X!^9pabQes*=zemDB>nVTkx~n>GYxe3}^(pX^rP(gu#FD0oo+Y_g{SRtw
z-&{S?cZu$x2+xhZinsObb}D0K_vK(Ka+LEYIjQrj;aTcOf;eWk&r&TqYjR`1%B
zzO$o=>1vbv_AgI6JRNVYJk{F6dH=Ev@BFK_eS7FKO}pyB%+Au`&r)tb?)ph_mQq-b
z?DgSpH5NOiMsKy=``BY@@GP~alF%z_>R)Wj8#n7gm-|aD>KsV;Q&&1HO(|ejN^rdY
z(hsxls%-K%o1O6K-!f%O--Hu8YbG0Y{&Cii5*bRDbtJ=Twn^h-@xR+_Z#j83nc
zhjkX5`xNM|bM(TYqJjg(zt$BrTTc9NMW?Z|l+Gqs6%#Gp`kd;K+oN>{iLzIA&-GWc
z9+axNsI$Aib&TJZgKHHltsdJyUmoX~FLUf!?6h*53-UegCTrxE&3b!GGwJzZ(Y^;!
z{XMh|W?DVXt~sIGZ=m)r+hI}PH5c`~pB;Gpg=E{yMN0;!yN^{FB_a9cN1*RJ&28GL
z`)9pssthrDI9rT)Xez8JM)*RxeGOg`6*`IS}B
zIHOW6qSx%A8%wH}{8~6aRrOH!oDtezUWYa2%vap2p_=h=?z_BGekE7`+IQTR5>{Q5
z-s6=~;PvCmDY{|ThWx#3-mm|RTkfl8kIWp|H|&?%wX2$2Jls_$MtvQ2Z^FvjSE?|k
zRUOEE_w-fA>O+@J8)H^K=@g`JMrK*ZMKcQ4$~r9GALm%L`Sk3%60I9&9qvSj+U@g|
zTiIP9$-VSId{~a^yf=FXglYRUPVZ!2f7few$)4Ad
z@3%dSj$i5@@FVc%L9P6Y!9PrsWa?(WI&HWk^Gbgo*NU6LJ3rT1ZmqtzNk8S@UoB-9
zofpTfuC9-bGa4Xec;-=Ex^;lAy|I7$SG^;3L(J7oo*nHGF>8I7L7yZOsxI67I-ard
z4wWDs)67-Qht*Y{P&(AdZ;xkjW8SGv*Itci_wVb$EuWPv
zzdD>fa&KSYXGizE5oPl2=bhR)uZLIUE8qA{FAk;soG5cn)-}7QP1=_gVUcEEAAVOe
z@adC2w)2hIF0maKZBlL8wQTjH}|-%Lw<-}Wu@b6es4qFb)F$Lf~tT!c-OE!BIhm40~c
zI6OCQp&i3kwrr=Qm3SWO+p@l1EA6!#HlDWRr`oEP`33V^j>C_YE%Se}TDFtZN<1rC
zxsFO&@pFt}%l0S0{=SyZ%chn1$FFZ$|6eQdY$xBc{>E0~cE1&#?GtBhqVO+&kXNIKcL1wp6cgEA1%zs%8D!
zR>oD6vn}fvx6)ogFdnvay*zGZe1q=O;`v%a|8MEM%v#ak(ywLxhHEYJm96AgV_O-Q
z*k0k5{JEgPctz2JdfdF1Ol|k20r|~;*=8wxhk}*b3t4`mD7rTec|S&iyodAEhd0L>
zQd$W+K|j
zW}B}-W{7{nemQkKuW(7!_aJ^Rykx-q*I}E9K!S;HqV{#BO`bhjhXv^kFTXH-!#K2~
zh_omHUeFNpj%de|_?t73_hK8sKum}ay^40^6p`oWb@MOslC<%S+Zm_C#&cy+YCG&F
zFdT_xxgOeoV2^fqUk&bnb{cii&#t5&120mreyc^Bv)FqEOxm7C{c2^j!{g~R9C;&W
zw8PtX=0%L>zMaSqLNlV5@In!bLk8P`3BvoW1B}CrugpZg3+XR|>y+`X6bBxkjZhKe
z*Rl<&Akb~Z@^(D(gKd%Lachpn^D<@|)C7C%Ph{L7u(y!9+MAX
z8tMm<{swAyy*>Y(FAkr^dNnqqolMe?g+Q_M&5}YM(qOR!=wZDBsDJY7^as4u#MiOa~JXpj2bPGJ-BBlM6rB>k^?$OlusLByNEh0p5M8-RZD
z>t(hb`V%(^?KqSE)jp^n$TpdSI1t|?&Wm7tNJD+-eqvFD7siuSet$@Bb&^r9S58prxp9P5Ni2V!eAPZ{cxRVUPNjY%?_o*Z;B}
z^
zCF=jcv=26;qo0pTQGYs4C!&H@@}D?GthbiVm(Od@w&6J0$QA@Zl&RjN&*+b@F4oKE
z-#5#VUrX07kAofL`7AH>qr4Qof_JGXZyZPY1|QFdzC!=^u@_4~c)sED82RMa$orE&
zBOwuDaflNk&-;I568a;|D=a7D`8v)<|9SsE`x@=s5g~t&>^pQr{S5X(2nau~p%Tbn
zrWa3)NZ&t`;z{%DJmL?~^(D*)7Sefrp!4E+tco~pokTg*Z+SjnYKrzX={|^GcNLVM
z_!eLs_<1RhL;X`UK6Cw55y;0b!SmvN1|7k;Sx_F%^%d#5$TCNLK7MLZ{PSpD@S*d)
zt%mVzpqK0Teaf9Mtk+a9UmLYSUdIIO&mue7e&|n68qYh^^`5yO`6ilAdHf$!o{&R%
zf~AA>!pe?JBFdAnSLKV;|o|6IQ`kN=~2oZE5Qg!YB`hPDgZ
z5#}4aO_5Kh`vq?2StFkBbs3CXC-UEx@)=?Na848TGw7ws5}HRGve2J6TCd>t<5iIt
z&ik1(KN`{eXh8M0>xlOIUB>u3(D(
zjTE#qpY9W9kpAq$sK0eRo)_=`@0TKPOXthS=PVjmXVJLIdG$GH-);VXjqyHMW3uZu)iwDZ6p?eqDx0tQlcecftC
zJEO5$(M5{GUy1{t*Qy_){f16xhhOhnl+V1YL!Mv1Z^}_WSOs}~vhTM5`6qNgm`wb>
zRODaMeP~zW9*TbQcCnp`{0E2s`ah>H@?nO^N0XgB;TVTIG~OB!KcDgqCCWGW
zxSbk+`j^Aef8Or0f6>0QA@cTQr;74ww=u{MC4L=r0M?Gey!Y{DwO>w0}z#{m~_U7mPE^pJr|3t%=XSfcAy+
z=Cc^o??nA=AnAXQ!uXu(f_9+$iRE`Yv{TGpOb6lq7s4O1dgJJNC=8<6MyaD_bD5zg21lrSI5608$8^g#WNuILY>
zyJC5L0PPp0|F__k3g!+6QS$Tr;ZNdGu8Qn)*7OXdx|3UjtyP_RF4(}g^e5@1J
z%k6Ii`{Mo}nBV0)!|*PaRU^>8swLXz_r=@KqMaz3mw7+$
zHI|NQ#8qlM=cN%uz+Nna288#~`z_N5FUI#`G#&9Gi`%41>L5=#K}
z!$`Uxfj<{Z60P&((>TW4(fv8N7^q=?hXGk9
z@#N!=c`n*7r1^r!ClCIR#o2WSo)_0|xQF_BG=K5-DhfwlWd`c=@g$h?Mqxgnv>D?W
zC&&ZK+GD+$r?Fw#_jNE?tc&`3#@H@A&fc_+Wb_>szoNS6LK)gwy9xd2L3}kV(6IA5
zREl;66CY}h`Ua|~4JJHXpq+k0K^{uFX^7t=*j(jBX+|E)MKv@6WvkcFR&%aY>
zogqF5?fa7b<`t-aO^_GmHzV(+hWb1XsTmlDfuE4)<3l$ZPeLk?mzKZ^R$8K+i~8sf
z_rDFTA9~UH;WYB+?q$>$&cE(=u)UNoqaA2gvE*!L>kP^wJNo`kJ`dVfqrN1qgYkO%
z3_$x0w4TPVyI)PHuONs1?x
zmNUmt{}9cy_N0IQ4C>3!d;w;~vT8f(_hnxk0>a}zv@PoUvMrL=aV!K7I#Gd
z^@%S}K|A+CQJ=?QJbYyR#Kz#i{6Ko1ICT!%2_ZX*t<1kZ?XW*Q&_sPmFU8_xi1we;
zdOokW53SebjYNIkKXr;w|JqvghqvP@YF|BSU!Kq0e}r*}dV%`gsor85H%jPvCBH6?
z(Yj>>ty{wBh($FY>wT1rcKE!I*vdREIUn_f^SH|>5&;%8Ujc{T6)ZyY?SA9_+hjUxu#3!D_{4h$8AKJ7s&q~6L1B=f$FSO%Ec4A@u
zkntX0Fh2ZzD`{QvJgqBsA^mF`QQuTBzs!dQWp-{Ep?w~I)hhHqF$a0xKQB{Wkw*QK
z*BeXMk#OGp_!I5RP+r92@TdU!Qi>9@w|FbyZnekUbufF>H_+inTLL!
zBmFh7FwN|wTc91D|IDL(9lR=6xN$fc{`8i`UX6&B6{w5g6y0Up&c(;7lqqiv1l$r
zenbP>*C&1vtz$G;BhSYTV{Npr@C6(I(ZE8ae+qeFp3uz;?SGh#c3jDRfi?Q?*$3ml
zocN*tkRMI^DEN6DqWB2&fp#l#e*a8)$Rx6(9)xxjrl5V^j;cQB&!Q0YhmUVvTFD1u
zYVf?aK0-U({~8*{-q8GFK=sN*qy0vDzQE6G#}D);L?7!7BmFoF}%iW>@5OXq}wLQx-ZB%Zp+)@w{L;LM%PMqCaYsUvd4b
z)6hfvz^OLR6PZ*y|`&D>I?IM
z3OCfhMeEXB|Iabh7v?95^c*>su8W@JXBu3OtX;g)F`h6jiY1HY<-he9A8oqs!WHnm
zjT<{|J6$l`Vkr@WW<
zH}z|1$EpMRpG5U~z=g@$J=h!l=k4_x1}GKCwrZVZ#hQFPj5v+@jnq%f$j&7gc-eES
zc)>haJr4bGp7G!QIbayt@uT$$-ruBXTovXIi~6AcRl1LcZY-8$6|}$B3hi?{ZR}A0
zx*eX^DAJGJiM+8O?`jM|eju$I@NsodFxu};>#;lzBNgd7WnYR2;zIV{%|iV#QRokk
zkJ)Fm|40XUKK@Jxp7pB+8RQKm(2#Fmv~zDP^4y=|`)DU!5qY@W#PZ_^@@wch6b$2H
zv7>cDW%dP&ATUgcA_xrrR+4-SA_F-7BD(QbdhwE46g8cwj
zLs5Sqt#@(#?W2(oqw9-3hKlGosyAuS8*%$63t%mbs`redp@Op>B1J+X2@NvG$3hlh3JfFAMzf`m{`aPa6pT~Q^N9Lz+{aLn^d}bk>
zAoH`IE}k#c}eqoXY9VBp^!i_eYMe8FD&DWB^Q1&K1v(y3?ZJ4uZ-6w9;S7%
zboWI&1r!H0>L)4G|1+rnJCc4FjoZ^+VZHpiu7=+;`yp!dHkmvo`rx5i+Xx#3O=0(dWuZW_&g2%JNJkA6~Ch0P3IeMSWG$Pn5wp
zE7Nm_!^A)FLH$g6?!)KnyK-pX+YIgVJX4nL>%W*I-;?ZkpTs;QSdfPVZbthPXa7rZ}se@FXXbRW@)>~y}2=j&I9^+H-J
zmf8K$j&PrC>JhZ#AehH($0C25#sNMrPfbQUVS@X_(=-n{?8FO^U%zPw(ayVd=npiL
zSiGq}AE&&Sy-DdU-$G_z(F&
zy028H>ux;V7cVoydT)_G6SC31^JnCFK9Jyxc5Ei1eIB3XFd(q@+G>n^2HCmr8~OCE
zXovT!yI+wP<{Q6gKFXo>H#JE#bS44k{h$kIhaNMCEa^T)xDV=?G1`A=hW_w*v-vvq
z6Jg#WGZN4D+ZeRpf&6zaMmuJ-zQOzRFjv%nN9%r#q^~~$^(`oWo<;n^c;r*rmpp?c
z6F-#lnPSRk?1|q2?Ze_}L-_`TS1gU!(EmKzZ^^#no=GYBIf4A-=j*Z`?VJ*fSJDCK
ze`z?LFYiBT&|z4;ednT|{C<3N4)TZMkq;Hu3g7Yj7WoDxw8Q(!@$JYDqjhE&-o@e#
z6A-g6%tLBu{>`E5j^`U|rlI~<8sGT!{_Q66x74s+KCji?#`xU)j(%>UdIJhje=V(>
znG&DX5944=<2+nGVtF@VSaVO82u6EIg_CdrY}$PGQWpT(!43mHyr5t%AxCvUw0O?EXOYnT*G8D_p#TXx(`N;G0Ix-LK>j<99r|&}j
z?UV=ddY8a7$MVKQ?4Kln@ODu@j`ycglz;MmuJ;q|+!M^#Z(OimwPAQ(N@8p9{rdT+
z-;|7g@_O~?c}+2WsWm^}!<45@9glXP8;C{P2JNTPeLdIrmPPwpyQ2L`r0?d4{8^eW
z_&C<-4W6%X|E=N^)bB^@?fib^Q#0}*v~JJqT}gSxI~w0|sa}yf+E;jw@nrwwgvlV7
zKv}!5qW0qFwFw+%{3%*T;^X8Qx{nT`@u4@G5nWx5{rv21jE_I@Lt4pa{?U5rVOr1R
zv!mk`kiVqKH!E}A_t;O-0#mMzr2!hB%(X|&(G3Ht+Y_lIQX9j!Zg
zke%W+6#u2D&*vReE98aqzJ4q7`&5V%i<@wM_cz6O3irL_l%t=Go3UOC^2h!b^0$s5
zZ$`Y*TeL5nm&;|)ez6J0xjX5P9*(@9C-VBlC!fdb+L-oDbs_%tbF{ye=6$}7kp}ZJ
z8y_s_JvivzVzH!n&Z4}fAMt+o(T-gwte0O$uc2L7e6(o4#Q(i-QbGHlcjNgEAUjv>
z(Ep3{-qv*Dcg{mQ0imeBfOvUG-BQ%IB>hA3=)cAx^q-Hz18*ar`4#*m|tDnZ|QF;@`l;$NZ0_{=?hxY9#7krF9kPu3|BTiIwS>
z3iO+39y#(H{SPGlnq6q;AkE`^y!sr5{DbLuUcBB*5O5ZskS6qBgX~PD`>(tjzuVIM&fEP@BF5no#fS6k9}Tkp@T36a
z&+lKXD6fmBejY&eo~G+vZ5HbDabVspJTDu1KWiuHw{Kc^v+HK;Dp^Q*eK}(l~RG*5!C!I%yT!?{^yG=1=wqJ;pe=zDE0w#Cwzf
z*5p4wuc)PHXGsp)q4YvD1|~ihheZAV#-SfQ7kf7k^_|K7Kj?={Ke8k8ydSo|f&RRq
z{NIW6@Abm?4UfL(2j6^_ozVrGVNdLNcy()+^Ul11s(_W=jf+!KfL8O
zjDaIp|3Ke}INy=j-8)=f&Io*(LP9
zcOmlpI;zM(eP6*kWbhf(Pv4IEynlwrVLzW*itP^FNi1g+QU6#2>Q5woEj`E7p}dH<
z;|~e+-_029@cRx=T0a>@;|Xuafsg>O^IB$%_W5-e3JDwI-2~THemwg5m*%yxENn2q|)
z^j<3WGesNgt^9@a{(QQh`Um%SY+lg1g>i%C6U#HQFU%hv!9>jTkH}%%-bkSS1p};C
zj^YO0SS%N*KMTKyM0o(lr-<&y*?JI@HI&B+^NP+5SZ~-bthYVY+X*@Vi<>Y{D5ZQX
z`W))trt=*@>r2A@Mfot$F*}EBQJ=5JR?>XBC(*9e1Ul~FEJQDch
zLiuC@#j_W$_XpY$?uYTE{#GoD_45AdLF;nDd0dX(2N%xQ0l(4ye0sj1MfGZaLtZ$K
z&!+n|t!-HEY0}T2aprS(yk7XY*KR-BDWvsto^ND6#&}MBgLcx%P5=ao#k064@_bzV
zWruu@J@UN0l8uoU&ihTYPe6&DFYx=LGc=!eS%7}>aZ&{aURJMgUhdcn%2_tJiKQ+Tr8v8d>CYrW6&Vmx;uhM!H=i56W
z|AzeM=k+2G_S)lv
z_44aIGZ6VOiUYSZg!;)uK|fgmH->Dy3Vb9b_5{*+vE30L*{+_84bAzCEM;ki~T0p-T3{N2C5$%By3E
zkMEECO&j!ww>!(@nEfwW$n)z|4NjcJKTEKmCju@6rZ3!=J}njP99@of__*-~`m;E%
z5X`f~A@N{#dWE1q&!6X7BOl)zdA>e&c`nu~T(?Z}LB59Wb8YB+Cx66xh0hC)!MMcg
zHGPTkNueF#Jb0it`YC+xEQOv^@1p&9{Jbt*!}AsHqfnsd2to85fyeU+
zwYzYB+**fr6pvthcpmbi3i+F~uaEa<8)#@2hgnlGK7A>kTj{#!NY@1)2M!&@^SYOb
z_5(=2mh=aaKEF;6zDNCFWwg)xPa&<#8PK|@5!q4IMSt?_QD2dGr3mEzE=Hb@t7Xw>
zKWhQ{17Q)%-Mz@0P@c^D`G;=A)BPj&$C~oq5CK1Z8|wF4h4%UPtgeB9f?baTtE9yB
z@%!8t`%zy*@SL$0ZX{WpuWO7=4mg~-%9*Fny(l6p?%)}k1R*~t0-=K+*5^$n4cCVs9#8SZbAUr`7WdHomdO`
zG!v^<=A#qxc)lm;evSJ-GZ*b2N<{m7d^_!m`o`1`9nrifiPkaH_G6se;OU9pPC`3h
zX&(-MFILC%`tlI%&mn&5BD60ZiGIT6ES7e(
zkGG%^9pQ27@Cfx)==nSE&khHW&l2>9DjJtcL(z^m*`Kx@^JEdd2MXzjSRPXTaFW(P
z{fN&CL;If7(a&V!}?R*@9@c}ilI8i%Z
zrgr4#)i@XJEDT0FeEw}*f$L7id(lp3>bKgokA2@e&+G`_pY?>Ww3H9{ZAASBnt%EE&UQmyxIZ}$
zCRS#@h`#5FkMqB2{QOSeW5(@_)JOeEy68WA6iZPx`Xiiw&p}6J_I+vnisg$;LMU%J
zNza3LKZ&Dt{ybXe=hw@(Ahcsg`=hx2sS2$3DXpvXILA}mY=@(t@K{7FkNTmV7;EHt
zo?PD<`_DcbY+v3keK#O~jILjvhbXK^K9TY|9*1*@*neJLK|5ts@AFsar!lP)x}ZBE
z-(BcWF}0Tl@mm+*{e_<3{^HUb)ITp6=i5O3$;L5dT4&HAJEz*ApHI!vA0E&CebA1`
z663)6l`wI$_OhaN2?)Db7C%A%4d0=@EAd~~p#FoU$oC>Xwv~B&9PQ_ED?oqNlfD!6
z!`eP*=N|Eew4Sz+o?F#WJU>!CRz&xYJTK}53j)l4*Ewh>i|q8F>rVI{V(khi=H52=WI#
zdcO88ALGNvv8#0dcxn{#{5q0>e!|W-hw><%kByT<{*Wo^?;wB9r(wM_DG%q@^)<@t
zcF=t4L;8ha{cvMy$8JVEt_-&C3_*fg!(M-kPAkA?>64
zPIkII!+M4J%*a;qqV(aY?@03(@6T-@p=JJ?(0b-{Ih)sgJ0TOcNzc5dzq5gc6-k;**$#&{*k@SBb
zg2~S{E76WUJx}*0z8j6VVL#BH!Ni~bjQU4((SNQlITCr{JU(F{p6?^N9|twD9O;65
zbzii@ulEDj(N4G`@;o0*aacT)MAsru%w6KJ=t@7~%IEYAizgw<0iZJTF>J*IisswBMiN&;XY|^Jkm^
z>Squ?ItKX%biZIr{3Js>UkiFKhTFG+0fE^O<`ol~kw4u5>*d#}Q6lof{GtCqMi0RAvLye9-a|WoJEA{)96Lhm
z!S}ZP&Otk=31}aNDX|=1gZYE#G1~7&v1q$k1!pG<@FehoACcTY#xF9*=gucZ_>X&@t;NeF8Fof
zR*HUl(sjY(`EV54c^QOupt;3Ty8-!WpONS7)tlqcWc^7&%bJLHW8>lm6>kZ%yI$9{)_m(8c;
zH8`J+CI5H(;rT8LLq9JOf8hw)SwQP5eB7=CH&{QH?~4BL>v7Ivv?KQ#?eOvEZ8++8
zrFCXL{ut|_{s&rD;r*oh4zf@A10Uz@EsziCh4u1wNq#_lC#;uW7Y39EI_Dw3pZe_w
z+HdJb`z^Wsn{jBTJ&p6+e#TbhJJUP`m#tV9p2Bz@+l2lY5br|c_6Qoc=M(<{_QSBa
z<)rDZ`On0U4@LWX=si#fyI5j3p`G4z
zAFV-r@k6vzd>`%nrubayjdsqD!MO4JwXf7JzVzIXw^uCPr|hBo6wcSK!u~JJtN+mc
zfpFSC!28v|2=p_H*4w$Au$5?M#0m6=kLNu`yuxxR>I?UmE($YvW&=dzpVr;!Z)!Jc(k
z?+3aM<$fA_Bj1&tBk*>Sy^i*Uc}OzMUo1YkH_)FD@}~$cOxFK}d4;Yc+V`4*=gaMn
zqxndfSDaEn`-w&9Kisy6rSUfM-WRc6?*B_8tT)l@|FHKa@R1eO{&>qG0YxJZAp&Yx
z4T#vCZ4yw(EIlN{EFlRPap`oDo=HO|-E=xL8AOeHeQ)oPn|mFR9(g|QT$}p
zzH&+NdAItv;UG^2m!z%9aO2y}vLGHJ2J2%w!^NA!tG4F4C0^>hd^O9EU;Ek`~`F)?F
zQ>*6J?{7TtL#Fe;YfMM47oYws_xqc(n9ii4bGn-MCoB5TQ~0eCdbBoM}bpvBZX$-w!{D`O$QKsMfomD0_a6YJVa*2BN*+54rpEJg)D(
zi|Jgd+D|`<@iX41-bdw+oon%1{;KTB*Ofide%(<@&aZwc%jZf(|D!iBKg}v`tm6Y`
ztM>P+_Ip+PRb^+6R^zHxc=k4?vsmC6wgbO;^*^?jQjnZ6W*Y3pMP@YIODgfeZB7Ycv4is=cklkq38WWZH(_y_Tehk
z?}LpjhZB03PrW{VjW+m#&KdR0XG*pI?zdU~y%XG?(w*{8M76(h7q{P~+8^A-^!KYe
z98y>L=YJKQ55I)zd|%<$T*mEh-p06|_gDRf`~CV+jCZm6hO)|D`R@sjD*v`ity9|m
zyk5l*{ph~5E=ked$AEOsj@Doz;Z7sLYDEg09^!2*=Rpp1Z@)-zzx9fKtJ3p3mE0(7BLDpGPUio9
zwO(ueY)SEWzohJ>)~jEw7$^7>#`nSJ_`SE|J;3eA`_pjrbQ@LONdD17G!1Vp=
z>04F%WA0-CA69a{mi!r^Cx7|_^P}y2%?G*PDV2}V<2r92GM!Jofaz%c
zd`P`V|Dx8Zi}iS^f6=dhy?)>|j4!J?K)tV-S>f@fRNi4g(FrBE{SThc^QGMRu_ym@RdM^z-^vsFY=wXL
zc*g(nCC0y_@K>doj(`2VPQ`Wo=V!ls2J^r38O;9&nOvymUZzv$i*p|SDdX3u{X3;i
z<)3pCOy`)KR}QBQGVcGr&+w0!&doL4Ufc5@O)>6Y$0KiN+`o>W*vzWaG@t_
zDqf-W`Sb|$)1vm*dcLmz9k-uU@&7g@&x3oo{eBg9I$PndJ(F?&y1Y}>^Bhw3Jj90l
z^Epy5p+B7`@w`WsoV(u5`TbROZ-Ca%`R6b{-&Xse0Y&Gpa-UKino#Y}RQUNyAGZC4
z>7TCf&pd|t{D+F`>hTW$koo!BZ@B$G)I2tPf$`gB7}x&Ex_V#!N4+nzivC?;rtiOZ
zv0KF%PEm0N?dP9;DYy66gZ<*kjEB^Er}_LM**7td_2)A`&sF`-?PL5_m6u;u{Qv7b
z*K76p>e&weoX2&8k`JXt_(`fKMf|5q>^`iat?sq?wL*3Tb)fZOj>>+jjB{R@?U-lx``0}Ai_I=BDRNlfRN
z3LhqeAoT6pKXJcbRd`yBYxY8J|4xM;^J}K_N)^x1@8f+m(L(-yf8dWqP~f+yelJmU
z?xzJp;72LH>uCxXWmf|KrOG4d@!oz8vEr3m*1@Lj<+%$|GK=77C0fdTUFju?^8armvR4kJx4FBnD@Vl
zjWhkx`Gwy+$nC3q@rqwP!1xg?~N0dzJfb{5$u1
zyK28X$@K5(V_dJxe^&nUx0U~_{fe{xz;tdup8KV8O8Mu;YnhJ!p4fJZ>x%LI{teu|
zL-l*@r@6g<{XPCkJgy5>+*|j1^!vGe=C#bH#=Fzp-hV#y|31#`_q~bRYyG+RYmEEX
z%`fd_{3N9(7b!kJcs1iMQuzgKCx3ht_v>FD-=_4|U+?sBr6>ON?t&hsf5txMQ}_Fm
zX*DhtH$GGGbG&+A{PjzBe2eGh;yakmg{u9(R*yzqEzvpK>+Ni`J{{XE8rL
zwM>V^DF3`m)nEPQSKNM3;pbe#?fv%wzQ(dnZ6`j(`|^jAna=r&&i{Oq`QNYj*Z8?A
zKYrT9-2Tx@-xg?qLa(Y;nNKnc^3TtH!1y12$@tS%`z_Dm@g9}(j(4}Ej^&ON^La;{
z>1g?%T+Q_c&-K+COn#C3^`B$?;4c{We}AWm-fO{s=eL;t4M#EmC#t%Lel;&mYFw?#
zPq@?PCw%5Z%;)gynT~!h_9^@0{|?msD$aB1Z7hdLC7&dXOU#S^J8LKQv)ul0J-65T
zKd0=&tg;V!9oebstNrWd$7`AX*PhCJYC3~d@FV)YU&Zu-*G-v!2Rp~jPf5^{>=Tp
zO|>6Z^E)!j^R=Yrx9^Wio<4uz*^P|**ZrGMXL&yN5lo-dO#b=)ml=QM`x%cZ{0`~&
zo)Vh$op0Kw_7~Hm%ukbQe}LixVqBAIy*o|eZ+It<_lau#)%twmE!_SdwJ+BA#1zTWSLT&dQ<7yXU-|AgxIOywuv(ZziBD*P|XkG)&%yRTCCg(q^qA5;FA
z_LrXaIhK$AyI1d3a`>u}gXaGQs^7<`{f_4Ufp745pR4So_Ge;ObH7VN%;!PH&)v#?
zzUSjSuIrRNdA!;mh1LE@%m2ZDWBL~=dDbgB?^E%Ub>$a5N8!(UG>_|J>Yh@q4?|QR
zD8DD}tFJiaam?rb2=nR@=P~`CtHK1`?@7BEpHTJKdcEGO>XyIqVdm#2
zil6s3Fh6e(Ge6q?Y*qH*US%Kjyqv1`(YL60xYnz?k7GJDYM-L<*6qyCUC-x!cdLG9
z-o@>oJIVcOK0}m`6Lxa-1Kj=U93Dcq1S^k;c
z!|gL_zqU)^ryR%amoMPVXrO
z{`c-+#_v}2A9}XpN1gl7^YRw854!QwOn*kTzwq-+=RZEc{AhhUkrqV3&z<)({(IGa
zkMbYx`3~a`srP+n7x(MG&+yaZJl^Bgc(p!Ur|jEBYM*|!qW^Sd|Ib+Gap~{hJ@^);
z^R<_9zuIqnv*PoWpXT=ZyEaQVD}8tgw||PFpWe#&kG3*SX%6}4xqo8Z?+-ls9G1iF
zKj-#6iq3u4aQiP^&A8_02V@ZB{JxxVVo(10Z)zaq`LQoDpSzXZ63XA3j&pl$pI@o=
zBfHdo@!#|R(`uftr7*YG`?%MBlIzLm
z)VY{b6`eP$eZhNv&+X4t_@!h(#CSiY@?YA{#P8+t`tP4PL)A0*>*`Owhuizt_l|$%
z_i@%|=ePZV`}MEmH#IWuUpHT_+be(XEXDu8ueiN`J-udu@okUe@#^>PD{p7HEj+}y
zp07|Wc3?O?5*y9Mv$S&-PS$B+(P^PbK&_^DnW1@px>1
zawMKg-arkn896lEd651&nCd*(O;oSh+ntL<28QCF`c#}cvrvHh`8
zVsKaxZQM1Q9*Kmv6Hi^Tw;kMD&(--qMa>Uz5Bbe^gk{%a@aC?z?2HfO(%HiWy3|d~
zUF%Yu1RWoM|XXUW|96s8jUI?
zqlr{M`kqnkv?@`v(n;emn)x--11^Wo_DDx}Q|w^W861y-$EN7EMzh&;wqs;}I;w}}
zs;C-Su?O@RQ{NqI?dTq=Df12=KVJ?b3Xsw3SrI=96;zM`>u-)t&UUqOlxEHcAxoLasm=nvdi3T+niYx8RD2*I7-u%2
zqbZYY~R)HODeOAaSC(w$#vBJ~4f*(}M{rZ{1tRZ5h|tDjJ-XvdRLs9B_b
zFfl+2=-#p6{zNuU2hsNErrpv-GB;&?qv?_M8RkC{89fxwbjA;-((%D)7iqe~FhApw
zuS15^u2o8+=Wr&Gx7^4v@(WXNjA8Mzb!SLxNBIT!3@bv0b8liiCwyMR&r;xO%=zze
zM2K0xTKPZAhm~yeer+0#=LV#wpLB$wY)52^q}!c4oJ!cK%kgi|WQsHk(<`Bg@DgKx
zo69%t#OY`vdoZwLo7qiYkBY_OqeLaAoKdm4Dc2?t9cO9x%&*dLgW8hPl-*695=O|e
zA4nfeWOruM!)ywKA#as>X;j;YW23f?40iFu6|h#eUioFB{X;OP%TY~-PQJFo4q1F;K7>(}FS9yNduZZe&M|zC5;U05Tu+!v-y;Cw=<32Xo
zW6U#G&BUFDE5~FVb_f(_R5UGL1!-SEuQBZldScxzF=rJ7LanZsN4r_&>sg&M8nyJ=
z^Y*~BU1|_sAGwXOj`V13UnVg!OpAqNJDDYyWl;PpIV!rtG=(tox6V40`#L9XaN8g)ge2||*h7zOAa2}BMoutd#^*#_S~rB3xq@2?t3iiLYS
z{jW2fBnjgZ*d^?IW3201XJq>6Exg{Vr=z0-@l2vy#DPWzd@qrWguCU`n_4ut@T*}9
z>Hezs-{xnv0G-`=u{~_7aKmH$6w?r^06XKPmnH5s8f9cgF3=@EL=tzcwTDko~7xEw9
zna+|Ql3=HKPhxa5P8L}|E=A&fris|(X9_=5vLKuKDXcoeo>%Ep){qz(R7QpNyf*ca
zy3i@CSU>%%2$=4WG0!ALapM$g&Z?#RvwtLZ6u*d(Y>VGw%B&k
zZK=13g?5zrtqtC}VNk_3d_dQ{=Ys~8Z6CBS@BG{b^>XvaoOhF-l}cPWmd>eIv~R*A
zmW`rIErNSRcl+!%Fl`szUkmRTpFiW^KBFz0&tx@KDJ+6<+k%t8a;q
z@+^CnMeq(wOdio*VxJ13`sL*qgw5U(dd8I;-IL(BPoQ|b;SJSqe~G)Y{FyO4Xy_)O
z6YO?ZzX3nkrQ)t<9#`1d02f$O1CK*&Y@jHVv#6Eg7MuEVmS?+XT<|fEbIdB|wy!V8
z(=FvO{aUJ(Ft5LWF00$MJI{__3VE#sA2d0x#s@0tyB6udO`zKR%_0Q6E+>=^c-{-F
zDPU2KD=wPN9SM0XOXDr$n)CGbMJ^
zea$`YYNs0Ang$SBZ}LW3X^V5j)<5%
z`7BLxZ`_@uXd{;*1!KP{Mv=l;#~`J*sCa~jVHgrc8+FA~a+o59-L0|R{SheHpxO)(
zlGKexCNFW?!7=b1vOVv#4~07ahZj)^d>Q
z`35P%>tBO$nTiOPocDrz=Z+EWwpp5>w3{v)|jDPLby>k`SCv=3eM$Q%7<$K=hrujq*5b
zAmYl~1{x&>)*8va#e+YM*}q75Y$Pel;xoCdN-N>+N+iP@2YFXR_4BDjF455~N+U(F
zZi6V+?WDg7{UcEXrIpcDa)Bx6_XEE?V7QZ>%ggm%wY=;e=$&
z&729OBP}Y+DqS6O>qsjdRUw}v){}`*eZNS1r`7vkq#s!QE7N$=edZ!p{;%8{Fqg
z?8xP;ypBql!(z-DX0zBM#(6FFP-SPhSZ}UGOPm799+f1FCSvhiOq4bhQ$V%E6n+D|
zmGFFg#Qd_fQ1LsL&xlZ!WA40-OE6?QQdE#H$V%wK`SQ&w*)X!rg{t66w9gbt+7lBN
zD8;Y73`>{Kk9XxEquJ>es0X69CnmQ8*|C9~7%3eClJ$OK;>)Mk9M4ek-k^I5Bhu`c
zU48hF42Vs!qtRBE8L~3FWO9OzQ620eBiPv!+mYEvCrOyMQgyzW5H5Th@p1F3a1|v;_$^B~4jmZUxQ
zbcLsv*Sn3H!*eDTrDJzuE(^XZjk2aq>0}w*h$1*y_#_Rs?Txk6UVMJr)GT>+OqDU!*umvMS;3K(Of
zRD#=MBRR*!m1&ZV#2hsmmkNCtZ86C&qcr7zcVd?oS?XCZ5cS#3CJrRrf8pJ3mSd^henvA+6R;D;&A)
z7eOR(NY}(cb1d4`FVmoc57*f`LSl1c)Si^Av*=YWCF_vP)rXy#xGr&+yy0OwJWk;@
zl`^J@C^xD@4yz{LN;e*ijLFL%M9SX{LR3DtTshh3sN50D+&OW$Bco>G{t`G1aHNJQ
zx|OT840gM!E(;4pT96&mO606uucDF}L2EEgNN@+owdhie056Ofz1Vk>NuuReTo%Bx
zs37-RB=$El2;=SrA3<}sPVBgXW0kRn!Gzj+({_jCt2QeY?Bz(C32$DLW~;&rBL!1v
zOJ-gd)!Ruw9~l#cyPlx=9T9%_SJ_TK1C5@5z;CllB7K!dbEUeMR~0qioU8DU;G$!tOORkL|t=S%A-OJ
zb+kY%%+`8FGXAoRrB{SCrhAbvm
zTw<1_@~9gUa&nFHT8x{(43wv$#n@2M=@ON-7_~xbYkRh21ujm&qspG}TY(7`POyIE
zMGjY(%%W*Du9gy|SiVc+oY52w!fewf#Tdl%zU0v;oja0gX3o{>^hpWkn+yS^OH`Il
zj!h*63Z@St^^^k?_ch7nUdJx7fg)?;rdPJ?PiGIsvx6OUh{5v8h=7AAd@z(Si0uK_
zFo+Qp@ZfEvF|E`f(@NsTiReL3N{LqB5|yBZuH}%IS;|$H9MNzrCa-FW@wJ+?&7-dJ?_5=0+F_k)xGqnLq|ZF6_>GDzhHtr*~)`WgP+;JpX_VG+7yPTWLFX*zfQ
z%9tTx&GigXRhGD&Y}7MNqzmj~J0^dS#;1~bBIZ*D&y?{b|2-=HXWSc?K}t;{U0$S;
zf%$xREr?^6hKHSkx00Ws1Y7y4<_5KC+hWTk3iD9I<4$Q(GUpoj+sSXj+m
zIaJMSEBVrJ1e0{B{2Us^#=0B}cx0lk^^N4;iHM*lbxYeJs!VsS@sZ($UcRleZe6(U
zVmauRJ3x}8-bw|MYJp7_<$m2w){zQyN5Uj>C2o-;-%G>v44t-VWQk0F##UcmeE{gB
zrLG{5kPG<;t)Q#ey)2)wMG@!#jjQ1HC<5t}FF6~GeJ8eExy-!lG;dDTg4$wizHD6o
z*m-?}o%$^Cuzw5f`?JXdL%G7Q)RAFk3o(;Q?Eim)7s~HY1SU%XKN%tt2FIuTBKSrI
zXTv#u6~rhK!3*LkxXNUya125;8VS3BDO!D-DH`Ks(T|Lth;6REf09hlk?EBDIdM+m
z5JkxP(_^BR->edrrRj+KNlvC*A9SwR`s>_|d1M6NOjdyk(CF-h*{KmP4*kS;vjkd^
zghwshSZ81r_8e%zBl=cnjlGsi_bI;7U>6wuvZ0cPdQyKrXiH)I+*l@+=-8zqrJl+F
z>c^k&m*;imfn7=nH}c&wDqkQH_8q&2!_o3+Nx!B+auHL}=Z;=F-s!ToBO_|3qRP$b
zqT?ql^bH9?y6AieS)H8}0^f*Og<+!#6dfflcW)@yET?7xPc4a5jM^SK_Z!4=@dHW<
zp4@~t;H_f?PRyfF*4OfAsnJpMmH(uzd0FoCjmN*@Hp=`5C%&ywQ6`xca37lSg8+O>~W)ktC0C6=06;YD8(TAJ7Q)eUNh(_doos^-dLkX676l4bI
zriffZI+fm{m^_6l##JEIvJs`Lcf4+$Psyy$x$0J8HrE&z^E%O%Y&FfE^p)vieVQ3v
z3|q2Ua8v&x$1PIa&Kls;Uhf;_=qxEsUb2_me<$wbeXP(fofvR8-1PpGRJwq%dpZIt
zq(Q^59{}~TB`cj^GiY=0+d2P{DXouC{)F>PE#7@NbN{hUC
zy{1*-n8+*L6B7qCY+3yVSvZ@Y)en}_hrO_WedS>qgYJ%QYn72cihl_+K3c*mW_->u
z3Z*V&Mk@JhnWfnVQrzXNUB=!W=>}Q83R2v_3TC8R+9GCt)Uu8l8#@v)W#9};nVE=j
zHIt^%)E=#`y^%Ds1x=`lwsWg;g^niELRo?#EzC(kTWTa4z?@p>lx$Ir&uhKe45Mo7
z(8;)Z?CL)uY-0|c9BoK(VDRB4{`_TCrf9u0zwuVv7t5
zxgifndvixdCCDy7>Xw3HoVpd!yMF=$19Y`9h45{0TuPME{(u4}tU8nJ$x!0Gg?{>Z#eNLFmpWh&B?W`*4d`A>%Aa3CEnw3TUrtqk;DFyBa_IM4Q{
zQhd@HX_*bN)3a|BNmM=q6--Rp7d&F>EIcw@b6+G)b;N9~+$Cqm^o26{vQ>FAVu<3E
zJJhXj;`*W8{b9OTBc?|b?8Gc>i7C{>@m>3j2by2c;@?S$FA)Xm&ZTmu`#5Q>r#qwM
zw+U=DKF$qE(eAA(7E$RW0KE_*uH;x(w-kh9AHhQRR4?TV-HXYL#Ck*?fR9g>AH=7Z
zR}@D}t&p`wLy1%-k(KEH70U2r7Islfb811p+om@*CoQEiu9H0#LjrIT{-oOQoo6i#|t4k`Y}E=u=yDR3m*L
zIe;fM$eaz*7wg4pCvysdn~#SjAh*r6D#E
z@;=E<`Hi;n)7{dT(KkBd1N6lNj{4I36qpTF{a^0$v^sUu{Tms&go8ekO=05!IzmIs
zKfl8PsBsvR&*bP>cG+Y^W`p#CiU8eX4LSf*=vb$2;|tPw!<7Z>x?np&0q}}j|o24>4KON?3
zp^7^O;LVLenZw0Oius*;0~|^?G(!6WwyCwsq=ZS{lxK|-Z-}uOgd!Y4eUTu&uq7sW
zOffxNNDIHwn53Ztm9+YaBn>UH?hT#vs;c0-_pQ+HDBSX2tf}qrg_&@9=Pk@M3LLR8
zS}?0lL|xu>rbT3HlOz6YEd@5j(&yy4^Cy}nIZ7@c%{G+^sc$<(8svH@j)}_SwK_{)
z%F_jA+d3RKUqe@x%Vj>m`|s0rC+}lFIvL?j6U~aazJ#(c`cP$=>6a#1#3xj>l+BYh
z{_NiG<(OAvT#_Pey2d5{#bg;9pDWwQ8mW}J?3y3;q~`KWt@)Y4*4F$?$p&{*9`~st
zkJDgw&7FHJZvnete%fdnyhgzIU^#Z6L;^)kfsqcVNU7GqOvg71n`97-eTySTqOjLv
z6NHypiAb67LJ!7MPN^Hwt;DG)_b5{F5I-H|*vt?=ghDIUPoXgERtTy3`!+;>3X#I%
z6q;}M>A?i;$Hme90zuYN(h%Yl4J1X5d>TSjazh;!UCSZ$+@KHQ2d6A%la&8RMT_f2
z`I0!qx0epi>2fyrs~_eqM}@|W7q8H9I#IUNBJQo{2*xIN?XjY=V~U+{?3Us?vH0L1
zU0pGn-XG|oO_W9<4nfF(qI=t8pa8R~NgGUcN)M8(V!1(?E$Wt5x7La#&=UvUJxt+F
z0{x*=_PRU~RxgYp=mH6|+~`0$Lc=W^@1!AsmAB@qZ5BK9fes5c07
zf17w2oG5cd9H%TrD!V8kVvjI4dLqo?mN-u@VfqZ9be}zvHcg0(yokb83TBIS*CPQ_
zG+RV)ov19`Jd-$(&eFDtqP*6C?UuauLUCl-8}&$+_iQNcOS#kLEG0|R!?F0l0KH-^
zd#d!@zDM%zK3zR@VjBFJIMUDpI|(n5yv+j*(de7%y`t^{+_^6DF=Z^eWX?UtN8DS(
zq3rx9nmC2-54IKP#XB}fK&3ySgH84)teagebNi!;yZqfY$Wpt;h2vD^NyW}`(WsoA
zWi2VvmtqM^`DzIY(!ICV?
zQ)O3SdFgoLl1lflu&a%A`rKfVn0r-fA({PO5V=p(uoO>%Ul#C!3?%8?iPEJ}Qk
zGdlFF*FUl_#XgX`Y-|_bQI#J~vh_r3s5dAYh|Nrfqe#UR%DBOGRu22qN}0`%=STcp
zLuP)WObgGlvymz`@`AjVYthV1xJGSn(RbQRp~TnP{BVhHw(;Q&yxgVJb6#WPBNcp;
z3)3(7G8-Q)_C6aQD&v(lKJUmwztyNy6yK(MVh@ZY24lmCVetvvKpQOI`AR3W5r`VC
zE1s~Gh!yB#$nxLmdJ7R(AREg2ZdsuvcXmf=%TFr|MLM)KmYHfD>^N8~+5u*9Go%mX
zeHk@c3Mvs}gsWb+h=>F2(|si|o7At*<8M(Ozkdf^@_tiR58F4@Wo_r(%~I*x`2f$r
zc3YpJ^6p>Di$VZ7C!g!t4wqkT=91JwW4l87eA*IrKfWjOU4;Uj`JUCip*8d=u6n}Y
z{Cd~d0?7l32Rs}lTdNXjNm=nEZKT}
zh%y}-n_E#H8Fw8geO1{cFI(n_yUbL$59_nug;rVb>HBL`r@OGHFZmge%vd%NJDAMo#^T~@7N(|KcE$&Clopnp
zU%gkPcn8ME~5}8~wJ)#06Jy#AbY9YJ2C72=xTPe
zr?siASJ^#ecA&1aYt$%Cr@7=?uG>q0?@H`>E1oHDl4tLBi=%f@@r@*^!ywHqxBMp>qAuuIS7?7Wk#H^0maF5bu|x;W
zY@A;HZSm0rgcA*iuXPch`Xm)gy=6O%QD|#aUKgcbB~~9p4<7Y0{9fQrO!b9tl0Yo4
zZ*ica;K<|^D8{qz?yw5bRWDgS!*pgNOS;I;K22&sxndIDY&s&nC(d%hFgbowe
zSD-_iP-U6A)7f4tUk&0$+l}gy%IvY_^}Q+de$p`2RX~zkUxP+@FqT;`{T^vdj^ZN4
z+(Jv)1HGaV&srv5P9CM!Pc|h-1{32Z2Cj8Xfv+>Y@>nMT
zX<8dKj>Lx(+nUHliYRktZ5j!S#AG77m!6={lzLX|d}HEi?FuB)A}zJ7pU~!7n`$XB
zV*`(+HB%_A@dZp`p`JH~aJ-w8SEyFLPSXYKfVB`rs1|6R@=n|FS`H40vOK*xsmGs+!xsmWoZfA4X3
z-FC`S1#qYICeEd0=|bBZIdjljdAV#hT)gqnP~77P)OU@ISS!Wn+|sIBSuBF{&{qluj2N9;#sszWL}6LWS4
z#He*qrkS(rs>~gyu#+@5I5yNCQTfBN2XC2#N~{z
zar6+~041drLi|;i*|#P};{DPVN`S@{&ggsqwkE#E8^)c
z7QU}OmAoz??p6?i^a!D{IMpfHNfNORk>R1ITJ*0JprKMI(U1Ho8f`i#_IJ^P&h_?m
z4*GKB?pkpKU~_n*v)4A>=qCejjj`^iboESfr=>&7Rh|XEmJA`qV4a)0*^c^DE|sHJ
z;xVxqAI@0a$i(%kos0@O;Tjd+^AV*{@gYL-K{p~UMoDoWx(0V37a7gT(k^Nu0!H#%
z(xT8>R(rX%OX7l)4yw?W1w2}#M7z8KC#Nr?j`N1wxirI5JZ2JN#aUOjVbeO+#%w?9&iAHu>~=sG(PwO$Mz#4qP4ej;9>m%xp?pJ6;wKleRr+{66!`ToL==)p
z<|t}Jp($@WdABuaAQ4JBYbn1^hUI{u@%&aIhKAZttp@WUwXecHo$x4vaxqa`N-rMR
zvGOs;Zgu|F*V~)A{d=QxCRZ!{&5}(rT+*#l7jnw)CTvJuFHtY#|VZo6lT+(jo186;TVL7{%o+w=^
zA-pQXxGXq(VY0pWGT8>!#FAMYv9Qt_AKk8U8hMl1O2>B9Zz7tML(}&GAv06U+Z0Y58GGTu`Fa
zSKcEOW4HX$!o8RtqTP&O!1Pn3K0dlTo;^TU!y0*yG&sMT$3WfgNRQF}$iQoSbZ089
zV=pKvy3%r#0eQR=bFXdRXGTTD
zI*JwXW}yv~z0P|%^vefpc+)^C5qBz7H#*Ni4EkuMD=m^YB=X`d$#I4@tP)L>Os0!J
z)zud?X==A@U2&-Pn(lq6cQ3=|J-c{woG&PKnV&9nTMY#n@GkM9Txg%F1coc-+C?Jx
z-B4F#8=U%PzK@=yDm*Tl0)K=jLRv{>km@il$C9WLPDGoOdq(!klwB6|SgHlzA!@cy
z1#|FSsF;p5?x)0`Rx$k<(~a35PrjJ9sKl;+*BTM8PdarlK~*M{^{0!Ebqx-@V&+C_
z(~0sB*FHzDH9AR=`s672>&d|mnc)YIKkRJyoFW>JN>X~><*udI-@(teg*>&5z0kSWcPy-_fc6sJoP
zDa>84j{P(vJPk@8HCr2=0HLjXOOnTlA}`Q0;es2~f6wpYN1D3&*wqw+O{=RP2r0Wt
zO2=v`#-#kC3KDfm$qTNX2&0S3OQ|=+w?nk~pcF;0^UEq??Mk5{)EwR_IpBI)X!L#O
z6{PEuQggLWtq+w|vj}is5gDU6DnhW*9B!fYGm$-*(3i_^(9?nMH+AQ@V5}l;0A=MW
z@B+1F^yf5bo_YUP&}}N>DvR%W$~zE-(}Vl{29Z3vZRxaOpAiYmU3lU^mWti-b|GX(
zZ98K631c9*u=#VoqL8FnC4oCr@d0@mq(58W&lKAqLPH-34^c3N^W9?OZRyAR2>Dg&
z5xugP_+(>_A}^w(*&Bb6Vv_<8HEnLmGi_RJKQ$c^71O$V>5#EkDaC^9f)0C@ICpOi
zqQ}Mn``Si4wcgr}s{vrGw{HNRpD>QXKsm7|IHsN*BEAP`F3pC@0r>g>Ax|8KtAA!s^KyFaFFO
z)$QerO(qYixNRpVQQclljmzv-$LC!&D|HGe0L62_4w{?<0;rq4$vEdZ#(23fjH|SFrA`D7j
zC!mX)_lbBH#iC_VD4jmzShOe?<>>rAdjIH!cb>VngeN$VylEA0)>1p|C6L+%tABK-
zg^ntB_0t(ksl~|sTlC=8(1FhSZt5tXGim?8qb#3-e24YQ
zylKQzW-Z
zomgKXSyZQN`KD=#xD+RwPOF-c|37piu92Ztou|#Qm1re=MRUc?uDTRNn`$pD6_XOj
zHligMWO*&P?;GfH3G`bqXZ0!Xjq#R*ksLP51awQ))Op%XdO5fgA+B=MK2CX_%A{?c
zAh1Ye)1>XXjvEa&vr#iw0&q9?}W
zh_?o3vpUf=GWu$=P3p&AU!t5sx2(po9B8Oq*GTRo_R;;3W_MGRmtc*}CXGUVo|3B8
zL}DQ}lpM*4Pa0lN_g3r@A8nz14r!aIScQHo_y*AL@Cm0)VqTZ3Z1PNV)s;>+*af0q
z!40O}TC{hq5=x{-g&gbwdCLNMb2Mg_pm5M-o-%AY&vp7ToSqAxH@gD-bYlVL;ga=4^q@ZQ~Q1tIEu
zO@5#jn@FX_H>&h*u_DCjV>sfB?NBy-
z$n8KFNm@)~Vw~UYI320(msUra$x3wYy9|sLoW_)bBNn>k4
zfGrwP^~}lfdXrS4laatZWGt(t`W~0mmz$kMx-f3+&2f
zc|c62>?nx3S!kldS)15Y&hmif(>jqwo})d#Pwmu4-|}3pB82i4uh;|H<@LL)MV_Ot
zW|pFSHYzl!Lj9Uh{TxTr@=(b!LDwo^N(pHtMJw`FOx+|j9Wd3BH
zi*<)*z36n6K^GFBn+rkCRYfH3)#c~`DOhL6Y`LQ=0Vk>Q1P+3
zM%!^eD;u??ZA2`aJTR1_YnRc-^@N@`EoMwN7{pSE{r{ZK$)TZ@HJi@RW@(U)qZyQk
zHrQ-cHc9%Rt->RBt~Mf-CgZ|+Nzf_!ScP;y^<~Jy2$ZeyGQUoH$0*sf?%1fjekqn7
zp^ZG}^z@}DL0<*Qx?Y7gOKy?a))a+1K7
z*2UXo+9+<4DBPuN^ZI}~ERh#TCB~BjX*w2>8KNuYQY08%EfV|)iC88?R-~U?zZUt4
zV5x@`E>4KchDpyWNSohj(*G`1^Wuazimhg1$t8U&U@LJAuE1)!X?hchNWsSFbMgno
zq4UjtV}-Gm$-7v5Y`kcCN!h+l8@=#I#35dFSaFly%}674g9p_umcpV=n?EUnKT17Q
z)L2?lCogE>)A3(7abCJb0U8}vHY{wLy&Bi+jVn9&m@$oI(xXL{_Q=eaV$Shd9Nm>u
zD9Z)t?Xk?@rg}4UN2WV@2DUb}bLq{MZeRp2o3~*4(!7xLwC8Q>^YXUjXY|mut#tRP
z@D1e`SqtQS>s7)RF8^@*B`>8wH3F?_PBnt@aeKFg$YPNLkR`v!mK`ocjXVU0N!qD7
z`c>KekTls|lW1qxm9Kd9$$@c_*_PMOF`(eo`!>Nr(ll=HG-w9Y7Ss&Fjo6jQ%%mYQ
zTXdfsq(d=$QYv+tJ-7&n#t}*ai^Jh9GGHavIbZf*BQ*H{eWoJ^|XSb1W6%zLB^eOxrT4G>U?GZQ+vm(viW`
zmA>()g1zFC!c>z*x4|aqw9*ZULAlF}@xHziebHM%eMKoeN*gQs7-TDl)hT?cHbE7f
zH;mFY(dPk$5fGnIZ5GL5V~lnKn&|F(E2P<`2(KDK(fBUq<7u&Ti{c8HcT=*@W53M}
ztOnZDTv%WcAUD;Y6t}=8iq1ht>zi(TDjEqx#*{y1%vn>hfEUg~swAXPQ@c1VSsWCo
zwTVrnmIs7TMU*0tP%Siziq-aq+V~khu`T73PA*Vm22RN_t{U7NN)^G?)2l9mNQ0ohkQ4&7^rS`E;iC}YC@{t
zF)JTuq{ZvZt|loVQSRY0;bj`0ErY5+Ntzs55$M`NPNNigvCO4Ku6R%n*uZks8^{I=
z*^6a_ZdS;0JQ>LOHuofmGV{|iTSpm(O%7By(Eyax|B2a9@xstIElc3QypWYIUg>j0
z8@6B?bR-u~jwG_Y6Lar+O^*m$z`J%~Ez6!txlmxJqVjqo;~*-58=OU1jim1e44MX(
zL^eCAgo#)oS(OIf#K10Ts9P0G9@Qp=A%oC%qLvI?tw6;*Diz+#W
z)1#Yx&e`{|@FQQfB2x{rXy%BG*7@Lhfzbv}kPFKsvf3gTX;2=yPozP|C`?6mQPwzb
zG#?+8d45Tm(r%D=;
zJcA%o%VTs?Ht9=xj56((jEH5dZYq_phq1^r)?vw~k*7!L7z%vSaY*_H{g=-~(zeho
z72VhiLznBwOU^e>gujzK0MMK2iKz{!qqNbLdvj|PDDg$=RSY^|L^+K)1oTw~3pQo190e+P&
z&NuCl^0ZQzV9!Sp^_?!f?aI5rLg+c45>^*z)H@@mG)I3t6{oBAWBVy9BXi>xrn;d-Th&C{SS>n*}Jlm)sz9z4?6r-cBW*!$?@K`MhjIf_h52S
z{kQw^v<}cVUw-U7Qcvqoqn>SE__>H;;HK_wm
z2v(T)7L{D2+pjyX5W=Cig!~bG
zQ=&88MP5Kt=veH+irIeSbDlhFCwaf_$yAkPm0KyfYLijW0akM`mxe&QGcJX(TM$cX
zt%M=ip7af((K?8TxD(PHgpHmY1}}K!4+CvoBiT9`h%L+3S=e%I710#Sj}GyYIn(7w
z+M3x&&{HxMT`bj8?D>r*dy3I7W>AYfZ?~DY2VJuWvJGGs>0)BOUspOB_;nmx&w5JA
zPx{y>8pq-qPx28;RTELPrF|vZh*RQPZi&^7rBo|y2~nXU{s7Nrr~j_A=i_ZpN!%(FFG?u
z3Z!Ww&*pmFa>Xe1G5795QXtDNz|<{u=s4jbBc~P^JsNXXP_arywf?$0Og<7Hh3f7|
zKTEjX#KbcZ_IvPBbfl-9GEhLf!Ey@lOnpSf>qNV7)_r=f)WLO{q997^s=wITi}glO
z*|Zo_y^b;M6;};9C7e3lXx0xQR_ExH2u@Lmw(u>^oMv;!CcIU8wOe#v*QSX{rJVu9fys5k*HL#&{hS*+^uF(bcJ))YIY>vu!$_)~ql$2dn
z;M8P(Uu=ms8j!EI1mtN56s9~B&kl;*dVuVSG%^M1zUatv@oL4O76%u{7QHxD)_kHr
zL(vyeSIq^J(u}&*XWAHBV!bkOUQeI6H3!a13c3r@{w2VkixGUf-FZ?l#d~8;X_J%}
zDkmPwi&jI>d2?rmtWXJ2X8D3e_4Su}Idta{bA7(GimXlfab>T=NYe9WbOS|DMH*M`
zu!$U*H@(S-#bc4p3CU79imygZ#!#ivBb8LY@mYPLq!l?sAuKNYceF3uCOtCnBaFU(
zfC+-F0meDuY!h@^35D?aW7;LAS`JyvmKYsP?^j6~e|asnb;<_aLVn{Wz;R-Mdy~j4
zJ3^2OZ!|evBBjFN64?3JXsFG(_YElHqdp~Unk-#=w@pq+OK+PjPl>RQSk4R^C)~V~
zf^T@^WaA+J-H{vx+&Wo$iPCO~OuKry$cv<9pT1Pk;h2lD>dn5BqX$s8IgPI!h33A@ypwpN^9b3jX1@nwZ<;-fZcd@
zrJc0Wu+7>vVtM31szU~tt=H9X=>!E^XoasdWMvY!_NKDeEDV-UO
zG{rhZZJD?XUDl597H6B>;%tv`Mpk?W!&>k|3foTuRDlSt=2zSDich5L?5lSR#uM?q
zodIPw&b7(5w=Zj=P)gzm~olPh|)}9CNV-(t0mbhvZjvlC|s73NOA~7lbCi3x4;v
zhra8;?yFeU@(g(ZpEWv|kg-A{7mjUDtNO7(V&L<_9x2nvE5oJpAv_}JUCb?xgyVpf
zvYZ#A;a||X^2x5`7J8*D>6S;y$I>I>wbY-Z@#}(xj$GCy`y|K`mvtK{q43O%^!qrt
zWZsvX_Z5%pnX@H9PP<;2tfBV#yIxa2mGY{nl!ymP25f^n
zVH2CeAJ=}Lo)t9w&iY!Y?6!cF_l4j#%kRm*)=H$-Y5g=UT=aue$tqkiiqX=gXh{*L
zZSGGFCbMMOlj#xoa&0UZKR~+!I)hCm@rgqzDp{o};|+L4a-pFWP()MYcb4hBfXnSm
z=ZH$e2Sx@d!n#3bwD%=mN_eF#z8blf8|{#S*|JX>xUbI&`BUEaoEDbC2`lm@IT6gZ
zx|HUg15eIJZY(c~texFQN~z3VS;ezr>#CnDp(C-E)y<2KIwI=6$xRm@<)K+ERxG
zQu3yC!g5%ZL{Hk;niz@qi<`gpcl3^CX&z{qNsh+)lR5c8CFOXECiLmrgVCmg@zhv?
z%o|w}&T-I;@PB=m_?NuU>+8gb8S6?zbyy|DTy4UUTN?HN`
zq(XR&`F^wMA-iMDg*ht9Y`I_4D-3i5AThp^q?YnMXn80}UL#>#_ir>3)sa%jf
zIlU3(*gV1F5FJdQJd%2$oMfTxghHWfF=);Aqyo!fg(6$!*wgw7*wd1hE5~q)V;f|?
zg#qt!Z>VEKE#e5$Qj52S=Ab^-F*2AKkLAQYgB`niN7;t+O?KjMq6$UEVvR3GkR792
z!A7g9tpMI?Gic`6WVr4r1%)hbx(o>UcaUNeT=*0O$)(IFq6lkIO{#O;M5MUI=K+Lc
z=M=hN;HJFHrC<9?(g#QJHboyOPDsa~id{-6KY!UEl`BRUjSna2J7K+I0-Ub^DyKoc
zj$O|2Oi}UWo;I~EuseDNQX-G(wjD?f=Jsb|tYuQieM=s7&npcrsY3nulUeb4s?ne$
zuolH5*C9$V8B#r(Q{_z=-w2}#cU6A#1BK#DgitzK5gmn-FSQ@oNx&k&s4D~J#+|Vao6yB}NV`vz+J(s~cdocg_Sg>5
zz2$|vq}P@La@t`Q$xx?b*{x6$@`;-1;_Sina4bGBpkvnJ18HJ!7^O`lKV$vcQB*iA
zVyeXDGV)G|9+hcrjgAi_GGfOmMa=pX-km;>9EfJK>Fka$7w6^wpgz~5G_Y%IB$pgc
z7@n#3{KQZ7bgLK(^d$OsaL+^diP*^st*mXZvL!o%f5RmF^NcY9tolYx#*RXG@Yg7iZWTM-#dIViEL`
z5Q<&A6=w%&u=0#Eomx#$j}B?cU&Byh+y`nQ@1&5yv$Ddzsn0_7T%G?D&Obb$PKc=a
zhaXrmXi=qc9TG>A1w*6z#pRNTK`|8tvt$HsKK?xC=B*r8yd|J
z&D{QCP5a#jt%{o~$I`^5mnU&M6djk$^k=UV50vk0WOh@@-hg~Iof?gH?!@U35ghu7
zs0uwurcxaPqzvR%sK1G2N?u`r=F=I3m?*6+&8$PNq9{OrHAc>-#?Wpkj6xi;b{yO36G*HJVOPIAjU)JjO(W~+
zMn17cefHKpySIyPMC6kF$&~Zy&Ac9(4vAMnYb32t-7!9P><$q7jf7?UtL4_$-`b6?
z2Th?s;R%%Ei2Wn+MfHhvq&PbaQ9(8L!gUstg;54W<3Q07GfRVKQl7y2
z?%d&2VvtqQt0bPE>Ko*Aks=5;a9e_kJrm}+GtezK*M{~D_1M|g{bXrnU;9S72D;56i8YvC$!y$MS3Lgd!NYi?F6|&1U0=UGk{xDJE2vy!O0XW_iN=Fb283aB*MN@h;>0W_{1&
zw=$f_7lWLrf$OLP$5$q+Q`S`nwA2g_(DTl@r*aA4`9OMO%6;6uFxIVb5GynHE9vw*m>zyQZ}8nnLa%IaSWe5`?g8flV|c
zBGz86+JHA=pvk74e8aSPfiXN%?#gH&VX!%DAxv!x`AycR0lUq93XMMxAv1BS|G#7>Vw_m>_ocnsUib}GL(UGxXk>TY3
z(k>UBI*)-8YrWo^SvdpqL9T}Ty#7FRk#UJMvwdDFGA=9Y+O~n`+}WLW!U&Kot0qajGncN5-ne`=PPIatUcx1Kx6h5
zZ&&bIX=)N_qG~b}4M*n+JkfHHz8W-0@%7S2n;hSu&&#`8ViTgr($)2Z{ActednBGPx{&Z_^Fjy33i!7FrCGW0E#v
zk@P~dVSdE-jcFvjfNX@LNJQLr%Ql$FQG!t%s_y7=if%lnJGzhFs7P}*Ax~as6Y66s
zlpRqu9=do+m~Ou;jWQSa+g8Nhi;5MNh->c5F{~g)!EFCnW!1MHk6gFzt4LdTeXT~Y
zjbouYI!`@6jLvrkE{Hg-)l^v6vRQUUo-TLn%mz(^xX@jH2S=A{o8KM78zJ2u>G#kV
zcJw6}BF=yXSY=WRSd}H->y3$ms@}wBW`sYdOp`DI8>8v5bfAJ1)%7Q6E9uwJc7>KA
z^)(o$nyt)<5bKa{T7{7Ft5M6QE6p5{qS82FzoG2QOllXk^&4YWy%KA|9CeIDcbU7e
z_aMd`q)5=MKrFXM;oz3lrF+Ade|BiRhLM>UGI{DlB?R*-K+R*27n|q}Hg&Xd-B4Tp
zO3?Dxr4miQ!iieBJk2sor*Pq6BNQGQ`U%qxn0MBmD28!zlww~YsvLy@^2pRs=15Jv
z7Y&s$D0ypi&(9l$>($hED6uoll}#2-tY-SPxdL&
zv^-OU)GSf7P%7C!nj0K=>QgToO<&Y3{yOaZ+kpZ4u7vnoMBoDse(h*_WFV6fe-DQ)
z-`%lod#wJV`iq)Emv7%5YXGd#`8A^cwYQfVG+tES9NOO7yLDSfEOJr9MXm4`enK~k
z;9o=waw`1v-W90wzZ^z0OqOEvJ{C2ebcY%x6M};1#aBd-59;ezc
zQYHW9?d@oK_L$J|iXKxI)C9d_=s(9w+M?A_#PKnq6X>6h0;(bUB}9K0J&FH3;^F^1
zEP;n5@UR3PmcYXjcvu1tOW5SCGh{e1jvb(Jl^;2M}(^B-)rfAW2YsL4+(Go
zJ&&Nj@$V17@15rzepHBd1dnxoKRWaa^?Mt&KRKB^F%+r_ol3t8ns0i;TOJvrUCNp2
z?@XU|GS2hIhCZ*Jr{;FcZj^jfYs`iKP`v~=ST<8+@_iudUI@)|38){d7zh1UK
zI@GQHo;&~MDzVGzr@xCo6Hho!{*yrYr|;j6mj9ge;aeUp_B5f;ln<{}?WcWs+oNb$
z^k>F`&qlrd>c7va_JX^YahH#H1NyH5{xcT5
z9q=8*pU_?Lr_X{{13%cl&VsjD@C@*ebS5qMj0In`;GMw##jLV&Ttk3A;TQ?Y{~HJV
z9741lCN20p^o#9REcluQp8)zJE<2$qz;^?mGk~84@cXMxTT=>Htxrvg3?
z_-_DTvEWtEFScKV_P>MowEfAf&tgc3FG2f9LHiK2M|>IDe-7T$HNbxjcoon=d>z`~
z3FDoD_K1gIycuX;1Ni#^4+DN1jH?~+&q4c6z~i7NeSm)j+7AK#1{iM!@CLxg0ly9K
zNx&b1ewRU?5ubzhYoNCi&>rz+Xg?2fSONT9V8>Pg-wXH};O_uAgrMJFLHjDepAUF7
z;Ex5o2JjyM{W`!KL2hBdzXx(?0sO^)w*h_}(CGyHeSl9}@Hq=U4)`G$*A(E3Kz|nS
z&p`VHz{dbz0{l!E*DBz5fZWyrS1yaxu4;I{`k;Lc;O_wXwSYek^s^4|i(p(~z#j*A
z3*gU%e%k>58PM+pd>8Q33;5TeeIMX;(C-l7{{`(cfZq-8#W>)XLHh~7zYgsu0e=Ln
z7t?@W4s>P!?*Tq%0slPEp9B1TAcuLtzX9|Y0RL~$pGCl*4egfzZv+090Uv<&D}W~e
zUj_Vf7}px$uYmUJfd31$pHu#=P>~*JUsKELm-zqp!?HTrz&{53F9O~K_!8jX27DRt{lL%)
z;4v82D&QZ7_G^G&1@zYe9|b&grmMGAK&J}uKSBFyz)u3a2JrJi-)aHJ{Z}2}T`(_U
zz+VOQTLAwh$iEHnGeJJ>fPWvx)d~1(fqpOGF9Ux10AGZDhXDTrw9f$kRp@sd@DD-z
z3BW%C_$1(WLBCUgKLOfL1Aa5Kp8*_(8=3|DxxnWf;9FoG=K-$<`U`-+66C)K_|d@U
z65xjcUk3a$z|RWcUxa>F0Z%}`Yk+?P+OGo+a42+^tN&YoP8HxFhEO%&-O#=U@V9}W
zYXSc(w66pFRFFd$@Q0v%3*cV{`fY%J00!0$_zfV>PQZEOyqNR?{wAQ`2lyjF5JQ0f
z9_VKPzYX{w2mCWYe**9WfKLLx4)_${SHO6u0e>0rGXwZM@G}ee@gV;>z*PuL3TPhi
zCqw%Mz`qFe7Xe=fK9>ML9mcf`_$1&ffIk!HuLAyNXuk&d>p>3dfY(F&(Alp3-vWGA
z0j^_+LJ-w}9}Vqm06!M^tOfiKo=0sKqQz76nK!FbyNKOX3G0)7*;
z?*)7a=C=>(`sXukmXeK4*?z|V(yUjlpy=qv;NOu$zFKNalHD&W^b
z`!&Gd19DpjJPCY;&T;ksMBuXu@CBe#4fst!rv`8e+&h120skn-zYg#W@E->JL(p#v
z;O}>+Q#={)e}VSxfPWvx)d~2|0Ph9-0+4eb-~%w;A;5nQ{AU0k2KwWGw*Wo?_<2Bo
z67c^4d2AoRZoIf>yf80SS
zw+8qdfPNj|j{rOj_;X;qEr357=(hoW63}S}{FTtY6Y!^je0l+If^qc$-T?H60AB?>
z1NdQ(^ElwUpx+6=FNXG$fJZ?7Q-J>~$Y&aGN<=z;W&p2;am@n$7^ih8Gza)Mp#41H
z7XiKi`02p^BH+IR`78ncR=}45KOg9?0RCxczY6#nAcr-;4+6dp_}xG!be^mKe}Q?a
z0{m$p|7yU00&=SX{OLfa7Vv)oI(2|Q3FHR{@`$fRBJ2
zdIA3)(CGtw5bzoq%5q^63Tqdw}-=ej?yQfZq#v2Jmel=W)RQ2ii{nek$-e3HTSF{S@F&
zgz-)T9*6cbfIkV^&jNlH@Hq$gDKPKzfG0uz3xLl7{YAi+f&LQUw*Z}Gz&{E23gG7f
zz6$sWFy1x5{}1H34)`-*T%kHw|NkA@R{?$x(60u(2HMvEelp0R7Vs}a`#QkC3wRjt
z`+-gi;A6ml8{jVjydCi40Ph6+F)%N^fWI5s_W}N1;ByG@zW|*K;Ew|S#{s_s=u80q
z6lgyQ_*i5BMcOX94hkb9xPh76CsS
z+AjhAUFdfi@H0T)Rseq-;H!W?0s377{4Qv}4)_&-ht7BP|C7K^72p@cyi@~z9pE*9
zp9bTt1^fp3Ujh6y;C~hHG_+p>{71mgI^d6kenS_y`hObC
zZx!Iz16~dIZ=l~Az@spawSaE}ybkb30H0yNdjW3&{B)2*8{mHeKHC9*F|_Xl{CSZ>Ir&9rQZ`_yfTI
zEZ|4Myvzaq59oIu@b?0p1;D=m?H2)mA&hGY@NWYD%YZ)v_*ntG8TwrX{3saj8sJAm
zzw3bC1AK;_>gxZMFfUbr_W)iE_#xoG2Jl7bw-)es0H1Y$e**9@;5&hS3*hI19NGYX
zGK{Mo@GnC9PQcHCetQ9bE#Q5CpAGXe1o){i-VESx20G(_-v;uW0K69Xp9K6bfKLIw
z1ml_p{GGth4B%LYHVgQTz~>y`TY%0y;A=213xNL&#=1v2mI&2
z=LFzag1$`xz7zPL0=x{j1bjQl
zVF~b`0-wu(Pe8vbfIk)JtOEW7z}En$Bkazfb-*73atJ-m)qgyHQ3ZG#%x^W|{{{4G
z0DqIyE5-i-|32_p2l)R29tJ!P^jiS`IpA%8e+K$(2mH0be<$F-fcCwBe;L~M0X_nJ
z4gvlwz%zh<9Q0uv@E3#rOaT65z$XEJ3h+4vcrWld4frEKJ~M#VLHk+2_X0i#cnJ8J
z2fP;aX94gZ0H2G1p9peT0z3}%mjRCgKP!Om06DJ$9tQerfcHWBb--&tKB0?T{l6ag
zuLAtdz-Kk!bC7?eE_ys_J3h-ZnoTmZ*Z@^~&{{iqb
z3-}+P{T$%;!o17_{$Xgp0C)uWUj+P@(C-r9#{r#Xz`qCMT><z)hpfe8mPk^5Zz^4G81pE(xPXYcA
z$YC1rb3qO>fbRtUX952f@IMFmnpB2DY
zq5Uf0?*#g5fL{gpI^eZ{hr+J@{~hF61$YYjtp@xpz-JBMw*sA7z`qT69pXSI4EVc2
ze_8-PANXklJOT644)`;Hekb7Tz)vsWD}eU_J_T|c0{mORPX_QMz{df<2k;5N`vIQ>
z{HcIX0saOU?=;|_fc7(hKM(ky1^iQh&jG#_)jIIY2beu
z@RtMsD}bK~bXEbs2>M+E`~je|4)`>TD-?0{|LH)d3h>85`)a^%2KqIC{|?4g3-}PU
zuLJy#KtBxluc3Vl;2#3K4e!fPVw{nF9O-Xg>}3Ht2T-@GGI;S->X%p94G$;b0RKDiQw{hR
z0j~jkH|js&4KQDIfIk)RFyIZqPYd8Tz_{7~kAocA0lyyFcLM%yXx|I?aln5c;I9HY
zLxBGn=wtxj4fr_VjWDhWz>kCZodmoI+D`%gKfup4;P*hkGk|{^+Rp;M4D&b#_!|MA
z2mHH0X94inL;FR*zX|vf;EOQcWx#KQ@vZ>g4EQSGS(vXizz+fab->R8enJhd{@)FF
z72xNBepUm%1^B4}{6e5p3;2_PpE|&w2J#F8J`D6*0KW_HHo$wJ-*&*i2lP7uPec1&
zz)yhoeSlvM?S}ww27Su_-U57%16~DmCIJ5|(3u200r(W)*MmH#0e=DDGk~`OKeK@E
z2mP4?{562j1AZOQSpfVfXuk;fO~C&W;6DL;8Sq)4zXJHhfUg4nahR_)z*9hf9q`A4
zK8G4z{l5(OuLAsbpkEF6hk>6Oz<&q*)&l-~!0Q12B=j2w{BMA_0DeF4(*}4W;O&5)
z4gGckemb=81^n-T_W^zhjCTm|ZO}dg_(ws{#{s_w#x()>>7cihfVaYYO#!|Q=uZRw
z9vJTo;Lia5X93>|{LBIVOlUt3_yDwD0Q@l^heg1zhH)(cJ_GHS0e?C4y8`%~fUg4n
zzksg+J_Yhw2fPO48ESI%{~>5!1^B0cel_4bpnVPC&j$I|0)8pbsRR5!p?w(eagbXJ
z;C}|WwE_NLK&Kt>9WdTbz@Gs0djbCh(C-8MYQTp8e=+Do2Jki*?>OKuf%X%CzZu$3
z0{&F!cM9;Y0sqs0Zv{Ftfd2^aS-_tKa+?GE<1oMTfPW6~1;Eb+eii}W2K1KzzXAAJ
z2K>K){tDn906DAzejLp28sJ%IzYh2TkbkJz)&E}uKUILY!?>ye9|t~b0RMNuYXQFo
z&jLOT_#EKdfzCYOGr;Ep;NJv%
z5%5`%&l2F@f%eOQ{}kG<0RCveR{{SX@V^H5FzCZN;J=6Vp)IcdF92Qzcq_aw)quYi
z_^AQB9r~>W{E2|q0e%d~Aq@CC0dE032K=-E{zGWr4)}XvT%Cab0{HI*{C1$<2l#t|
z{~^G?4(&65w*vifz`qLoOaT5mpfd^hUC{3o;J*NT8t~@;of*J)f_!EHkAj}h0p0`c
z=K=pM&|d)jrGPI2{wBbe0KWtHUk3aKAh#93-wAxK0{(QMvj+IfLC))de-_$@T3r1<
z7w{^;cS66_fPV|dRRj1a@Lvn~%R!!XfKLLSVZa{`?OOo93Fx;0z7y8LcEH<#|4zVf
z1UkKde+v5T1N_Ut=Mdm81Uv(H8_*vI{4mIQ0`PADJ_-2kfKLHF1^rF~{yrG*4B#ID
zI6>44)E^)9tQj%@Y4eLr67kkz^?#0
z?SOBG_ML!_0^SSw4bX2N;5Wi}hXB7D@C@KD2YejxH-J1R0RJ2GI|=yJ(0&T=7_^@T
zJPQ5J0RDU!?=0Y_0sT3^_XGWTz`q3a7XZH!=6wwupFb~1FatN(uh{iy={T`;a{z~2t^YXH9y_^btd0_fKPeg@DF1AZ3p
z*#h`OFy1!6&jEhg0q+L96Y$-@PcPurK)(<0H1IhDcoOs>1Nbc@T;Ny0^rXBeii}W1Nwq5yI-yHk{r?KksRH~E(5VLegD~D2z(XLPTEHiP
zP95NH06Jm7TVcLh0RJ=4Zv(s<#?=n^lYmYq;E#au_5%I_;Ij|#FwhwS{5Q}(1Ne7=
z{y5+fz$XCz0gP)B@CQLYQ-JS7)y-X*{M?w2_zz;(E&@){9uLFBq1^7pR|7yVh
z2J~wHZw5NGfWH{zQwR8aU|zz2zYgfP0RABG(+2oSfVTtwMd-H^@Y4bB1^f%pZy(^l
z2R?@Ye>~910DdXx$vEII1U@GK|0}eg1pFn?ehTm>K>KOHZv}p40I!4gvw%Ma#ybai
z70ly2;2prv0^olId=c;`gT5^Rz7OQN4ETxA?+W0Z(0�N5Xj50Dm>KUkChUfQO#x
z>i-Xc&nmzt0Ivr8T`=An!1qA=TEJfda;^jXH9#i}_}c()0el7cZv%V*=(huY4B(xB
z9|k(TfZq#x(g*k)jB5z+0cf8A{HuVE1AZTjYXb1!!aPm_UIXo?0KX9QWE$`p;ByA>
zPXL`+!1n;3bATTUbmjs79LQ|}@GAjd1pE~s|0TfR1>;=?{C&XZ3gF*?_N#!u5%4v@
zUjXA;2mH-2uF$2f{=Wd|Q~|yP@M^&0K&J-qM?$}~fS&+#>HvQu$Sn-`F)+U^fPW17
zZ3Daw=(hvj1@t=sKLz;g1-u*D_W`~H?S}y01$YMVOM(A!z&{20Fah{i0G|Z>GSG)9
zz&{Q6G~oXL`OEq81e+EBFy2nU`=Q@nz@G(t_5uD97}pTs^MGdnzZ&pyz+*sv
z0`PakxF!L=4BAftek<@l4R{9H&j3CI^k)Ho6Uc22@YA6EJm9Yec`g8cEa=-J;J*ca
zmH=-6d>QZ=;AaK!e}{fo0UrlBuL1s2puZ0Ig)pvAo2&nih4xi|zYyqG1HJ=mJ`H?M0NxAjClQB!rvU#m=)*MNr+|EB0KWppH4FGvKxYo{{m_0M@JZl*
z0q|*PzXi_S7P8HyH
z0G(>U&w+8(0KNcns0I8mw66pFvCuvY_%*<13*ct}KW%_N0Cd^`Z-;Sp0{$GJ-wSvc
z==1^pcHn;q@M{3i0DcqD9|!!ofKLEk1AI;b{%fE=1^6M5!!+P^@IKA}{x_gA3;6SZ
zpEae+|rg72rPvI@N%`7WkIepFNXH*fcHVaoq&H8@Ls@o1N}b0t3Yl;fWIB^4B&SFopHc#gMKFfzX<%6Nx(l3
z^D+haGlBjz;Cq0d8Ngo;^D+zg4ro6I_#WVM9`JtPX94h&fd56nx5B(E0X`4(mjQng
z&{+XI0{pN3f9%~0TpZQiKYlifcOD>wG^l8*5+Mm8+NK7Tnp)AIQWp^o@rD<||MUIK%y(zMi_!W#
zeO|x+>t$chV|dS;Idg7v=FH{H`j+qED~I*I}-#TU<3zU6=S
z#WU5n{1sohP4g|k!57bT-|`21;b;1mZ{;hW{e8=K_oed?-}3docxL&Q|I(MvkZ<{?
zzU8xh%g^>LKiRkZFkii#?puDpFJE(f%hP=6yx6xq;>*`%zU7Db!q@ngAK+VF?_2Kv
zl;-BhUew8ntX};y#`od55EpPXwXQprYxxVH5`;ph35-{mWZ`M%}X`O>+-x4gy|zc0vFe|}X0UzNaDCGb@Vd{qKpmB3de@Kp(X
zRRUj?z*i;kRSA4m0{_pKz`NpEKYpYO0>Qi`b5ej!!PMKH}s#~$ua;AME?^P_`
zFfrpb{FA$rz*Q&oxSE#4arE2*Bn+-!n>Tl8o>YeFa^|$D3brzkW
z-h~dR<%a<_42_O^`JYY?sI%!_^=@>RdUv`_{cXBMJ%eske}}GB??G3nXVRtWJ?SF#
zUUY$aZ#q}K51p;fp)=I`(gF2;^ysHv{`aQ`)bb%Vw14#hbeCE_M27aSmJfKL{j2ln
zMzwsX3hiJ0UAjVj2wkd{4-=vO)rZjq>ci<=wS35B!%((bKGd>dC`0{yI-ov+9{t42
z|15eyT|oD$kEFZQN6~HSqv;lPkZx4}fUZ^lkgiaN=u-7DbdmZ;bb(qXHf|WoRm;RJ
z5NsFT~D{wVZ%943(PzVg
z^<{LaT3*CQ{?)&s3)H`*bJf42v(?pfhWc_kpuU10{m{#Q4LzW)rF+#^(p~C0x=lTo
zZc&HnM)g&6t@>)ZLS0Xnsv~rf`Wm`G-9YE6ucfoqQ948Ydpe-LjvoEM%l|xjK;209
zs;{TJ)Hl#=>Ko}6brapFzKO0?-%MAi=hLO?KhQ<$Khg#2Tj*T%t#r1!na)t(MhDcl
z)1&Wu`CmW}s9We>^`Gc2^`GfB^&NDJdLiAYzLTz1-$hrb7ty8ayXhkJJ#>NkUOHEO
zADyjkr8Cs`(*gAZ^yqtD{uk2&>NdJp{UF_?eu!>UKTNl%+v!I2BXq6$QMy9Cgf3P8
zg)UM*Mi;0br*qX$(Anw^Izzpb4yd1`N8k1G-$@UsyXao^GP+B>oNiOEpj*`4bfbDD
zU90Y)E7Ys#QuR}Gk@{)6K>b%bSN%6STfLgjQ2(6{sGp%nH+cD9Ll3BX>0b4-beH-$
zx=sB&-JaT|SN#&5t?s8Y)GyNk^(*w~sF(kB
z^niMR?p41^cd1{a+tjbqE$TtKQT=baR{aKDp^nj|>LI#F{U%+Y9;S2EZ_(N65jsQt
zHXTsELyxZa^1q%QP><5R>J4<4`dzwB{T|(-exGhse?Zr&Kcp+vV|1zdBf3caFR|Gw?zUna^U
z|7v+b0^@)64s@4#N4iZdA1*-t)tPjoS|*ku|LU*P73yhpsahuTV*IE6CS9Q3na)+q
z2Q!d=wY->$@xOW(I-r&xRzm(qy!=n62h`bguX;DSOT9bYrj{2qkbkxO;0CUL)Zd|N
z)iRL-*FS2Rh>ZGI?@1S__o55bd(*kf3DkZOxLQvOIN55p-a{Bp)}OLT3+Nt`&S=M=c>O)XRGt+
z47E%=NBdVFL5~i5`JY7(sO1Gkw12gH&=&buA4RvRkEUDHLAp`>1G-lIL%KpO6M<0w
z>SO34wM?i){?#&Z1=s)TLR*VeFEL3K9O!y
z|AcN)7t@XEpVGDJljsWd$#kjuXLOPJ=X8NuCL|&M>Qm`#bqSrJmJeQ{{?)&rM~A%p
zpH2^`OX*&W?tiGyqFdBubfa1(4x#^3pF>xu=g_6I>rldO%%4_o{zMcd6xrcF4cFl5SDUL^2%zYI$)R`Bz^`
zSEw(eOVz)oi`2iN3)H`*bJf42v(?pfhWc_kpuU10eZ$Lt4LzW)rF+#^(p~C0x=lTo
zZc&HnM)g&6t@>)ZLS0Xnsv~rf`Wm`G-9YE6ucfoqQ948Ydpe-LjvoEDm;ZV6fVz?H
zRbNkcsc)d$)Hl*C>L$8TeG^@)zL~C2&!45qHdh~TK|BLAXbsOEQevs}`KSZ~wAEsN>?R2C15xQ3WC|#jmLYJ!l
zLKmqYqYKoJ)4A#==xlWdouOVz2h>l}qpx}S@1zIRU39N{8QrB`PPeI7&@Jk2x>3E7
zu2uKY73x)Vsro6pNc}Wjp#CeJtNt6EtzJ!MsQ*p})X&hPuX_1kLl3BX>0b4-beH-$
zx=sB&-JaT|SN#&5t?s8Y)GyNk^(*w~fS3Pu
z^niMR?p41^cd1{a+tjbqE$TtKQT=baR{aKDp^nj|>LI#F{U%+Y9;S2EZ_(N65jsQt
zHXTsELyxZW^1q%QP><5R>J4<4`dzwB{T|(-exGhse?Zr&Kcp+vV|1zdBf3caF2!uUtM
zC0(JGiDVf6tGA|$)bgPijQ`c!(z$B+U;xH{YWaa(jQ`d0p>vFX)iUuBtaZH@Zu`JKd(1i8#3aRm+Dck$?4f=vwt2
zbcK2*U8SO34
z^^fQR^|5rW`ZzjUEfYSGfA#TnK>cHS^hGcKv*`hK5#6gkf$mbDNVlnfLbs@k=|=TW
z>00$kbcOn4x>Wr$x=1ZQl!5lIK84OzpGs$|<-@DUzgm813H_h?7xd^qz5Jg}52#D&
zUiBGtm-fRI7pTvtbJZ8n+3IpSLwz9~
zP+vrkuJ!US6XnqU)fIHFT0Z27_OF(S=eYh?%ZDM*{?%15OI=5|sprxy>M-4?
zzKX6@Urkr2>*-Q;gf3EFLl>wU=v?)+bhbK5XQ+Qq2h`WmqyO;oKaU*+4_
z4Ro9OM!H4aL^rB$qHEPR(-rFZbgB9ebdmaxbb00$&bcK2mU8=sDE>hn^7pU*0bJh3J+3Hq0
zLw!FTP(MJAKJVp!F+HGeqkGj4(p~C@=r;Akbc?#3Zd5-)*Qy_-E7VKqQuSZxBK2c*
zf%K?j6
zy^1bXKSdX*pQa1cf2DKPf1|V2tLY5&-|2w*8G7_tFaK-k0d+6ktA3X5Qa?wxsh_7?
z)O~cL`X6+y`USc|y_POj|C26KzepFT|3&AjU!t?s{d9)R0J5^=ovS`gOWRJxDjI|4rAb-=HhhF}hSeL>H;wqzlx;bgud>I$J$LXQ(X-7pXs{3)G*`x#~~p
zZ1p&uq25Rb)D!gRGhY5vHk0wifLcBTkLQ1C`G5q*KkCisHnsd<6~;g6RJu{U1zoF_
zA2!DLN4*tYs@|F|Qg1^SsJEqa)!Wh8>NGk-y*(XJ%MZBY`v31<{-@Fd>I}M9Egup`
z{?$9uZR(xq7Pb6P5w3sL@NII$NDZ
zXQ+3f1L|Gr(bZo5r_%%KY`Ryy8{MVeoo-Xhhwo7T>KSyS`a5*3T0T&N`d81SOVxYQ
zMe4oi0`=Z>u3A25iu)hx96Ce2FC9?tN00u^%m4oLfLeZ#0PSCW0NtfNkZw~SM7OB(
z=tlLybglZkbcI@eumbh3K9nv}A4V6b52th0@&PF1Uo9U(!u6k8ejo_ff9fOX(Z726
zpG6O-3+P_;k#v{(D7sC3G~J>O(v52Qp*6IB^$+O^wfvwY@~@T;%A@_O<%3wb{!t%G
z=c?rcRmi`(kj_vaPY2XLrbnOl@;{p%P#4j?>J#WLwR~^|*MDmHVK}sZwR}Jm$G`fg
zbglX%xWU8I%|DkA@C`7jgi|EN!;v(+VZhFX5;2=%X)54@rOd&
    f9O=Y|r&X
zLmUS7uEv#)CD(w@u|3!BRsMVn{O=+h6?`f)B8k}#*`7)JRhpK-%vA*(T(9sG!9{~x
zXp!^=AscN^*M2H#n&7@Wx#@bdux@7Wv^^ImDc$42yr0-qXWg#5WATANo`wCW9ol8N
z4!n)7X5nM-1=Efz0JsP4$6QPqztbpb6l(`2b+F_{eh$WE&Em9E1Wd}D!Gc^V+hP76
zhYEZl4SP-d0rah98GzZEKpG^oR8Wt=KD7az6WIckJ2b6)C?s#1cI-|th6B922tnzI
z=2)FD?N2493_#deltfLfGiA%n_f0!9+z`9LdgmXQYLLOqPfYt^JPYz7Xutn26}ul$
zV&lWc!XgYl
zKhCycPBykQj@qualm|isLuS!>-l3USl7VtV$`6XdoMj?
z^rz;5jGrxg@Ci84xFW-42{xb_*S#M98&1?30&D5ws(Mr;+voYDhf|&hf-r_iT;r)w
zlL6I;_IZ|l>}1t^5FWaXM7B{wdh7)#9UQe6K-f(ru4%csV*{$;@z_UvPVqkp!a1!;
zk;pb`cwrm8;Uv;k5KPRf6xPI~pvUfu!8a#cG6wr%U^EwqzBP0nKt@
zNpB;Gr0-&(0*k~_F@r!V)&O7cavT_MauuJXRO|+H*oBpf7Neg*lI6=tP6f8hQ|b$g
zg4pWl1^o3KjKn?yTHEJ_p;^o$5`VX#ckq^YOL!~_n^`A(
zS64g2_y4BZA)00&r3^$XZlK6qIl+;7!{Px?0wA?d70Efo!PaY$3j`_
zdVejPjII|O;$(Gg6^T=L*FzO>D&F-Gh>Fr($CSq@FSCA4OKi)$17a<^HjIS_a+Q1}
z1CWqnl{{D364-5a#x9vy%@Q;5!>-7Y2-s>_4p3@044D6dUuI*OM9$Jo!^XnqI>S@L
zu*4hW@+1Ck;xJD1Mhn1B^e1LXrY<%-%MfdJkA=Dr4JDvrNBTw&grfGf>%k~J%Q=as8){d@Wj&W59bhFAO`yoC7Pf7
z-&dAJ_QyLBbWDj=?2ak1GtW?RxUaZ;*9poGL+%(3V=nyDQ(^_10iB2QB^Q!Q33sQ&
z`u~bX1rAbL&>Mk+Dq-TvDYWh+CR(`=GeKI$pTDmyUg
z2Ip%8J$Vg^^b}?CPuQ&$&M}CNg7hm7O~^y{Ee8s;zDYxUmOE-M-hcQ)8Uw#D#Y9MB
zb@5o<_<(1%2g0QcX>j7eRx#cYEO$B95Jvwbjf-!YVs&9b6^~!OjWaQL4B+~Qi^#Jfc#&}wivhe)8iRucRJR=DwfDO2wNn2AA?-fd58kMis+8muMjhfVw5xv
zdF4f`<{gJt6COMYM_LVK{7$|p7){q%bh9b+djRbx_!hzZ8j-h{EWytdxhK&QUoYCP
z*^emVWjOw#1=?Hd0i(&sPD3D2@+N622UNt29opR&nKNkrBPsyGi(H$bjXj
z7*;i~M5V>4)TnwY*Z0$lW1h+l{C)VG>mR?D?(_T;kjb9Pjr=qDobP{>&yD@N_}s*Q
zlFtSH@A%x*@3}$zX8t6clUHOTJSjT@J^RALC|I9Tc4pBw5rOYNz&?2|S6GkUHP=un
zyDIE_9oN*?OnIfk(Id#RrcDKJry`Q4^+HRW@_OJ&t!7^#H3tf*Iap!R9#_qw3h%gT
z$WbJVMhH#v;J^W>8Kd3|OCB1?tcGa^%$y{DVxz+pcG`CqaPUv`n!-+(;GU)MROu4)
z0~$V0m98-(D1KGCIrrV2a}RZ{+QvVYaGW3F^Bw+I_}tZhlFxVgFY&pzKkP5!_3@W=
z&INq#>mTTx=kU3of1`6g#OMD0FPyW1vQgJAZ}}_pMV93+gNx*I=nu-UHGyaPArjA0
zB-W%n{|aKS`$ZzT;TF6sgIxIvoPWv*YBt@RpzY5%C%7$5PKbtjB%y_7`yZ0IO%@a>em3ZhI>aG#!f^<_rn_P0yG59<6TJZ
zBi!wW-BnqLBXGbMi$Qp#D9P=IMIhPbW*2k&VHD0avea-X^1_Xe18D=$F7o?xkIIt+
z@MM2e{wki=@X`%T8UtOjeOn|i%J~CwH%Qt26cB~}Xx|Hz9`IvKp
zkz{W_M2GC3V6gp@>nE~*@2{CjLV9&n1)8kas#xIU5XHi^f09Pm{&@lO&&T2LJ}Emz;dbqx*S^FGAh`bQBJu*kuKjb{
zH}KN~wLD`;lJc97_XHZ=_kK9_j)uR0H0uklHjc(d;5}jTc@bQfla>+`PHh}LI3Br4
z_;bK^5MGXOZ5*W@kF*HT#?imfFChnc9)DkjL|o%2mHUu!^ot!ZkrOF67|DY}1wb1|
z?|d6h<>6k##U#-~#?iqafzT3Q=i3ObakK~83u6Sp$wdhv<0z8oUyY*+@=*C8%Et4M
ze$mzNZ^qGAFa~1M889ypo0Cf$M@=-LtnCIcIRv;$Zr3>aI;LD%J_%SV;Y!{$jwV!b
zLQ@Y|qmaC794*<%k?#qtUr63Hj;_1pWXV0iW@&kC9Hm;vFkR!Qca&75Ensd9X=CFj
zjH4Hlv66x!`4+HuwKkJ+7)QGwa+2&jU_WVjZ5*vl1xp)8n;;jY^*3nRIGWl@D!Gb7
zfl+uv#?caMF(HRa%V-|L-rSF>7RJ#lzd6wyNEih%WE>rVodG%KGYO-_4jD&xqc6yX
z@v)E`O{W<2!cs9u?v;?7YaHDkFjP1{3}LQu^t%mCIDZadu5mOQqZdxV044{WaJt6P
zk)xf&%Op&N(>0FvfgO_NnuO$B!v
zDjx{d#?jil9l0HFeZ8ohHjd_ZaEzm;LHI_K=*scIHI80HJsmQR`sX{!BZi~l#-RdL
zNX|8mu9^fnZ5++~LeZN-q^B06WZ{%l)r2;V{*2X=q0`7N+v5o)0Wz)xsS6G}#H9Id?H5Ep=buW_ZrHI7z%)ZhSlMhKCJL&cgn
zD)>CFppBzFeo|>#9n9v$rh0*&2re3`<<`d02k%z8`++(6Uv<02QD2zS{UDed|4p|x
zj=qm!iqIY6GHa`e543L>Cwi~
zGng2E4uk_mNz_>1W*nX04&S%~>+(M^iyB8Cdl|xV6ux?ZL*+dMO*QV?I69#;Vo(l@
zY?q}Pcx@c*cwUGuB-a{*t}aP(a%$t~8`aQ5KnF;U17Ql0RIB0|M;p&mPm){)>=9Q<
z$T&J1W*2@Ow*%Xy<+XA2mxZdh$@hVs*7Djon((+I{|m4`wY)Zt-k6NAY2#>5%+nJ|
zmO>4ffrC>gWE>S!G#kdz6YnUJYy)N|Vyn2h#?eQj9c`n4O(0ygxQxR%`X`K|O=4ipp^iPH7U?UD`O>d#$7CXAs2L{|%TnjxH;Ux}^jd
zWi^XuKOrgvLIIID;7XHg9NqdoJ_t(BNFNY}YfUP4u5mO0V`d+b=78{^
z)}%lqsj^*+gYNX&$N|;pCIJ$Y3A*zGWxG1Tpadi42DY}6$v?z%+rJt;iHphrJioFLk
zn(mB5!&nr=GAKB#B#~z@pQE0+CbTJsQO*cZP=xu4JiHfp8N>Q}mg*%Q20yI5U-IDF
z7##&cHZ2H?Joj}!3WH!j!?^Y+#IBPIx;<<+pc`eCP;uo(pGD1=pM;+i4Ws5*)x$8V
zLnzl3q?^KmER)n`7i2uPT^0FBWq%l0_ubQgxYOZ#pgKC=$zN-iYn$}uo^l+|fRBc-R8w6A=M
zz5w7Jn!KBoC2-fVwJb|rM~lFu1DHcG`bxXy0E5|c;kb~b_OSq4tXs%LdJ>ey8gs;-
zuaeB!4&JU1m+T`(OUbjp%3?iK+E|dqoX^1fGQ?$zbq86A`o0#qE4%baeClrt=Ahtr
zF$6INhe`$oPmp%k%}P%tK($@Cu-W<^X&?DnsptT_tIKiB*0ZG@1WaCz1$2)K7dBfj
zlaZXZg{FQeoaxa6v2qBNZQu%8XuT+)(j0sm4QdXMszG>OLW=@w%t18>=L;?*>FQq=
z1{F@AY
zcWMS7}k`o=aq_`!1uVE(8_=V=q8YglQ_<~aN#7z$^cG^
zLP<>FY&97hTC|$|ELH{_#v{>oSX=DTwEli<6Xfgd&zO$MRN5xUHz$*xA>Jm)H#f2*
z9(2)X!k~%5_q5&cThu$U6`VTYFnUob9>v%;d-8|C2E%!>3#sn-5F+t5LB4zA)f5gf
zl*;pVtGRgo0mL=nERkE|p=_W?Yn2@{CWmp%T?4pf7N^T2-BIGGR%`L2R^
z!`?On&fdF_@i;j2l0&C7-LlKWkS5CmtD|uWiXuHG**{a-AMFRNJt%!OjRI7J=9TtP
zEJ2b}K)GMjI9%*y$JNLIAB=X3lOQSAfwIM=sctuK0_4k*_Vkn3OOW)-!(hDYvLvUH
zVpW!Q@?vaw$E-_W{GnN#RNRI4)t7b_)}AmcVk(L?4wVZ0-XibA;k!GYd+*$z_ceo2
zu@=6N3!-dfC+gErop8v8dWOgE{h55D#cF_w;@JV3n)y;Aenc&^T`y`zqh1E~Vj99Y{BPA_iz
zuq9F5GEQKI0vjE|>BVgyb|KndQ-x7J0BlJJrx&+<*o7z^)eMJkGq4vzI1LSa_y+3}
z=m&83=qRvvG|s#H_#Uakokw0a>Dz!UkJcN^k$-@ALz8)A;KRmieVR&z$KHdA3x`S!
z9vS#{V@snRNT_OXuTK~~<&p}G;5S=+e@lB;3n8+m!?_Cx{WNI-mkfFV!8bLYnrvwi
zsKmkyd;DofY%yF{X|bgt-DM1$zC}z$L+$|KpeE6kR36aOj_)C-w9uQrzH)f6rGk?I
z-+_3os2F>|JNEeU4Ldj;txUwdDE~MLm46;X_?8&;mERP)hckM;^XJ({5JL@#+Q$VbllWoGe62G3|z5OHO228iWc&
zDx`@<9=-;q{ZxM^K?*=K74$1{2NX#JqW^@+cYt$
zk7-|q*_{()CkXp)(?o*`-)xYchelNR@)Hm)-lmC3^RUmrOr#f)Zi3*QULV6+b+Hd>akFrjmcBZ^HNE
z_!D}6#Shwn@F2i7n(#gm^!|$H>kIJ(TwVmeS96S+nuGlnFJf3poYTO+(3}+F==~LU
z+-HbC2}96TKu7``*4D)Si`X%-c?Ikz2&@hc-Z61Cx-Gn8;u-XSlmt0Rx}`;I)da;G
z7uj4F35)80?2QKyMeL&a6V$l7XjZ=jw+V2VioN}NNTv_Bt_KB)kOc`;P|G+F1vLC9D7x#Ey1rnf;MNIRN6t68K
zAuNm-D@ac4mSsKI7HYY@6e|Fv`~Yqr<1lvL0$7T%6}BA*><2hsbseLK(n+oZ(bhpxV5hS+HYdZWvUS1D37v*bv?+@(dQL%4WbiYCI{VzPtTVbqkyMqW`O5+6q)o!=H%z
zxHSI8*|A=gWJ|%3_b~=Pr%|`%9Y4b1~FNkpy-iJ5rj@MvO}sR
z(%@Vkhf#;1E(~>*k#(`SHW$tevtHzs9D17yv#3sbpW-%RMH;w>&PZKzDp;Q`rtN?>}P9|X;
zLhO^Hu=Y4S?ykTkj1*NNxI6OqvX%(oJ_?7?lDtsJw8;E=mM9C?YAzx>6Re8I%*cDO
zbXhh9)Tp{?M^Q6#O3
z#|C>x8B0)b-Xetk4VJ`y4{=Wgxr))LfLW5h=>Jf)V_il{C6~uS>F~JSfj)SgDpRV6
zd~z42(tOBHz(Q#9GmQpf6GDEzVRu1+CO;bxGL?`(9T*?u_EjN07CFZyp2y!?_I^C;
zGr$-cQo_gy`&R^fE|A$;Nh%kdcOn-HORR+JV>pb3q<)2D=!3}f*_PN2=L0UpS>Zgc
z%sCr*zBJPN6bKhIiNnb4MBL{wKb5ltMdun|3z26pR5VlwzO>&)`G^OUrs0(o3{~bZ
zTAGJ7?nWJeO*DZMD3sc&%u#Z?1@9+hQ2OwjXd|e-p-N1*H;<9>)^|lxhDKdp|NGf5JL@DW8MXF7k3SBqWO|#%VLMJ<6|??*RQoGoB>HJjRQA$+F)I
zx5SGi_!|f}HEBGq91>>S|H6_hCdDHZX*iT$D{-Z^kcq?hnYV!?>%ggrCXkHqjoogF
zxRqw$cd9Z+0vwN{2kl`^Nr8)OuC7?8_}?_5R7rogIAke}HbPdX5l1CG94(7XI^YSs
zrLlva5@+Cds4dNYvIaGy&-rUEa2t&ssk3KN@H`vPOiF3@LqjXCL51}IB6xw)Ui39a+5B-apxmM%$Y;RKIBjT?)qn@Iyf7^6vTGY}S&
zUPOt&Xm$ajy8}Uy^Fer!NLMK+s#$(1$jz)tZ=ytCzOWy>C60UiNL(y
zuXqiD@l(LgYCJXvZ>L1;3RXlaNQ>Of`X9slQCLij+6!^T_;)_Wzc@HK9DKaA7a}LU
zgl7V)OgIPcRsNDl#AI1~S2CVsYK&R{Y^MpP7(-nae8ecn3DPiNV+g187QSEh0ADEW
zt7u^4T(~cFF-b8{g)QO{X@BxJ!nXU2;+OkdI(
zJ@=%SJb}KDR7Lh>Pb_^6fko&$A|n0zUL+Ec<`yP30mLMlh!n~1qN1mjqWi&7OB;)>
z4kaU$TH1K10?iKd(nhvSrN8+V1!963_ztp_>C-4mG5Ii*cGoGx)8-<5-$|;39x(&<
zLJ-NP5K*L;8$;+?Gmt?j=_-uAb3f4N5k{afp`@VD9DDkx=O~JJ(}nilQR#p;U33)b
zLbU$#B<6F2w&j0%F)EPdNWY-Zisa>)hHv-{Lj;p8JN5|tc@$cnz+u#)-0aL)s%1Ak
z4r~|P54xD7D^c=`p{58Hw~|ShG&iMKBA8{_xp^itX!R2va
zr(E1oQW@1u@D9sPuI7+_2H^&gC>11KiITLMIT&r#+J!PN&E9ymFWAkpv+r~KO+yM*
z#=(JCB4%yU+sCrYc5w7I2cZ*@LVC?cluQFGyXF&)rcof=b(^L)v9WJ(xMlDC(n<7@eq)xMS0OuzAWXIOn)f(XpuyMkm=4SZ5cP-AUdZn>Id$
zd22X~0(@6d3Xe@`7M=&#YHUg&PcK;#eo`FC5~kyLFR4vF`zMzFV+P_KJl6Td4$VN2
zs(+b*m>iA>{tRt5CI;abM
z;bH5KiqjqVK+U;;tI!NYU=+SC1D81(C#@oS(4Fd=4NpMhv%p@(@xKYALiQ4c|5Xx0
z{aH<@B-AqylxXSa5nN8fpP)x4Ax9~_0oo-lCNao6g`t>GH-)QX>iObJ3>cu$dhqJt
z{O@}3H!SZFvpU*b+j$4Qj2f~IRk`d?)o
zQuwk$Br0>Pj;C|d$Cp5y;{u*QEteEmOeG9H+Bu8|o{G)`@#OA%smu%t3@
zPQ$zpy(tB6%*Iu*{zDMfr%({kL@ac*C!vYZ;pEbr{v7pXDF}O95(R;JFSiAu*ILS@
zGcThyh;1GSUyd1!_W_+m1FJE#B$}CFh5s9ia#9)j1|8zX$@9E^XrtyS3ncBH}pCsY0|G#KK(gt1W@rR4tWhy@@-s&UZ+g!
zk1j2N|NJ`T>P<@gRuOSYxBv1wWxp;keIq!^GxA#bs9&ed?Gve(|Ao;VoOv#b3Nf!pSOgcfut0go#fIy2{hs826?osfuwaO(`XQ78qScQL
z5suvV(3O~KdEytDoVC{=r`r)Z$Ai?PKhd*Unkgb%dXBF#MMccQBj2j=^UHxsg^LrY
zP&nMDB^{@07Pa)(U)p666a+u7!t@d9`j3
zWm0d}_wi|%;6N$%u%nM&E>fR{<}0Od&v0~q-u7I88EYuW)rd^`m~sc{i)n<0Hm;1v
zQ_82N14e@rdOr1hL&f76&;d-1gw;qpW&uX>amgM}OrDyRda|%^Xku%fBxyBW6}Pqm
z=G|L*W_H0|YA9+)Ai@tB-N+N@a*4S41!x#sdfxpWpL~Jqw=RW0@DqlPjfhzaLsIN!
z(=+=^RYO!-iKtNxLFun+h=0l!&LGa4nD*#%#m7s};f_j42U60sDMoNm!Z|78DwjsO
zE%5x+LFM06*Pl?<(Us^q3$;UJKhN2^uzi8UQKE;!QFHMmVqL}acBH||UoAr6_9AWy
zLgEIs2vSQ_-9ift)p%#2oK0fjZG5Qp{zHi{dJKJm1#0#I*=1Dm_v-3oFvZ
zSvfeB2~A|ESqE3sYG{fn7Xu}k$VyDywkR&e_`*sgD;as45}qwk1qfweRgyEiRah`I
zVZ{Y#3u&Mhz?qARSv~?=ymgHC)NG^Hhg||ezatjreifV-0MS6K(7Q!(v&(QfI(G#X
z6beajm6Pby0LbfDDkkDyft?)X=x}pGP(P!pOQH5j*1#$&5toPdApV@E*4L??5Ctb1shf*3hyd2*2
ze#0{cwqgp)jeiNEDh9~G4=`g}Dqe~jtN*7MREAUGVxV#`0``5Q9$xdsXn<1h4zT3r
z1jL>GL|jI1ejF`WPzU#BlHLt?PsWpz31D%L6Qt~^aF*I4~|1QoG6{fo65s&@1b}C+KYi1?-
zS)6Ca1SQ(?|02qDE%#OeomZeHU0wEF#3H8A6;s$X4Kt^gir+Y>kyG%fpvuJ47IwjG
zjXBK&eK80igx}YlK6KDs!n7^(bwusUt3qrdh%Q9Tc$%*}Vw$m-=_8i|8jAZJ^{_d_
z+>FW18GWSqoRGP=khB*HKHdlkbAWjWCxUO?2Cqe_H~W~IV5%g3!dgfx!4-sbH9Nt8
zNDj4K#DP5ocQV`H#a)7FmmfwH+;+qitS!qy4KMb|O>;4{EFt}|yI}5+G3D?<-+0+*
z1pSSL*m8OFDQvQk=J%Ao;a`6c?+2H*r2jR(@JRn>xbQ?(EJkm}d!i~8TaRizyA|qU
z8CBPxf=0B|p1yd6yuF=@-7e(EP
zC~A_f)b{{+(N9zZwO3jx`U-5+6nhq}YWWJBKePlZAu*9b8>U6gu?M4_V?D)?j5J!|
zn5gHSpCpSutejjh8eY|?6&Mai)}Po}y++-nZph0lYd@~*sq6kZcu%rn!Xk2Ckq7s@
zc;bZ3Y9#p!^TLyH)Iawq@-X9LzxsCYmwxr_;ER6s&ET*6>YKse_!k`~-nV}GcJO{V
zaM)y#@sT;ayAY({Ac7%>K{x-26P&=l;?r$WKVB^8})S&9U+8VUEd?u7g3+eG@&enO%q3JiA)Uw3l92B)JjHXEa;Qp4P)hRo=(y1IWw6z>X2lfm3+CX*YTg
zYd_ZmzX}y-o&IZm($^)z6;*JuYyX<7z?=N=Z
z)fR;AM51^}x)N%3HN~t=gE(h)wX12T)^Yru1=1oCp};E8EDBZYIa8hDGwP{A#fMwxQ1Kc2GK$Y&C>u!%TR?rN`1BnF&t}7Yv5QF_
zTk7Joh|`R0WkD350Os?EDPO|ht0dBc)al|gli6p_r(4ZfAj{dV(a4bV-hyy
zfxI*~;_<+t0;h{l#ol<;gXGhIRd(^)iqB_H7)nWV5ZbyVXL26JXE~CZl?(+o!NqSY
zK0W%V6p)KSSVbg?m!zvu@tMexmxpM85AfA@oQoJ1&Pm544rU+;Ee@D&I@6Dg!u
z7oU_`PBQqAiLp2eYjTUv!fxmRQd(32p)QdMX>yCtN(`bY`{W%U^l(XPTugi>Bx?)|>;^Tf^9yJyhHz7n#ZAa?)r2gYi0@5|Q0~v56{s;X)SOI5?J1I9dO)cW
zoBlu5aCa>Ef$x=?X8*rx#&T!|3sO@nKwpw@+sJ`H+%}T0|ErC>lhkCldI{Ay`ZZUc
zb~`Wa?LYAJ$!*a4G7h88pWwOun%<+3?8o7J%7tV@#+`o6@BM&Z26n~8i}q`1zeDNv
zYic~Ic(NosFNecuMKE3IehqD=sQWctL(+Zi$D1RQK$Si4H%LpR>#+s0AJZ!>t9X?F!WbeEnaw0L>zaSfhwQI-wrKJ
zS32u?dd3|j9UE?Nu;j;}d`kipHAz?hk@XLjKz8|%I*B-x1jUWTbk^VfJSLRMwK_<3
zh)6LJrD*rZsHMi7masw%hVx_`dU~IY2;{1a2ue365YH8qq8%Wk9x(br&A
z)w#8Ee%(3KPMVdg;ZN6hKSG?|)vEnGH1KYsZhberCG7v?O0!35qRXxC_I&HqZ%%#Z
zdC{rgoPp9^F-7aUUw?J@&Om7kMv;XFO0+?zwE=#)10~w$(;X0PhWGA(=mlIS|20$%
zh;ER8GayQZ20im7l8<11i|Wx7q=!qX>{524c`CHXrFE~ZPN%p3wnCj=N^BA8^p1QM
z`Pmcd`r$C{_#2=eGo2_4Yzo|GyO``l1l{Rx`>JrW}9??w0!T4>R-o9rI
zrKAA}ja^cx)BDpIN6DSQhPwD|o!&CvIPsbd!eSy(yd+(PI=#C%a&D*h-me{hUjk`A
ziBRB`i0<@`xaxTRDF|N?DWq3-dZR5T8E%2#Lq-m{U;JB%WSv!tYfxYe41c2ACY7n#*4`~
z6k8Xc9@kA#4f3)Uum*&4;B@i%7As@^{xiqE@-rIg$Y!fclmDn54tXC;pT
zd)mcsD?S3t0x1RL0T50QiQ*;cDpY)ybL8COvltV`9QfZsxf+Ns;AqMPp#_l&X>yCtP)y--GzNe$`Zi5&@tGL31ZAIm0E8tjNfjR|6orZp
z=}P|HizuTq$;cj`riLZIp+}**3+?SUN+I~o0JkB^WIPMHC*i^9SN4bV
zC>N5m7
zNzB}+G|Fjky^n|#6Wx>O>_>ubgY$kIMSBwD>hvTiq1m{jHhge<64Sqd@Hx=FD=e(S
z&W#ked)%m5w1wpw**Q^&(%}hJ0w27D#+^5gOsHM+019QeXt?vD6bW_hZVjQe0`O`$
zjQ4?wRE8SZuZ)DX39jv3MDhaX21j0n6(P_5aH%1hpvyWG@MxDJ6xzhT`Kc6JjtDUi
z$Ra||lIjNZ8d5@YyIXx_P~QmTnUE}_t?lmY_bj^POPjCmD>i2JdUAj%|kws~0fvO}TXwPOuBh4v!&ndvEe#^koD9dTTH
zzkWvLVtN$lPsIF=dL%f_^sLEL>!WA65=EYB*`^XC=ntkMR8PT$re`^7YzoJVu0)Z!
z6PaEU67(lxR;MaI=9|iouUrYr=zj{;LHR7LiiIabVDTqU{xcGywq>tCx2d)aFNx~1
zHeSNrAVuwPdkGvZ8lvEOJ`=)HnBW;+4;2U1F^8n(88&*N;13AY4)@I62Y}`_a6J>(
zwToNdVAx$d-1?qQmi6K?I7%Z0rO~30g@;cqN&mm`|I}ni7Pk|hB1uooViNI$cLsMm
z=`@PRTI5uG7Hq}g;Tymn`!@b&e2OAosc*#H##_`bZ4N_bBM6T-HAJ8V
z>3%McKc)aUHMH6Fqvo%80i}n#g1Y10f?`uZb
zYy%9^uD*T{d4e@bqweVqk;Mq;QC6rs;@$4~7vgOwF(j0Gi@Gq>d$*sjV#e?@jVQy`{
zi4P9$jhi}rQ##lMk6&(GzR3(eh*|R7dVEtg*dKo8*5{kr!G0EQ8t_eCuuURpd3@76
z_;yF!G~%1~!R&8wlg~HZg2j=qxlKw~Cxqx5+%Ou!X&U3h&CuXt3PE!Y_1NHLib4y%
znHXI34v?1qYlpDHHaHne1#;U&r6I9q2CIF7o3;@Ra5Fo&eKT&_g%^jm`+}#VAk!hD
zG;SUU*7yTR_n_x6UPTBFL$#ONGp+)VRl#pcfz~UbCT`XTSO1NhJ2^O;gRi1C$?ff>
zlCUjEA1%r4*Ylsu(HnWy9O+Mu3E(QDsa1b3A#4q~Ad`n%6)va)`mf;8L2>6w@JjO%&Eq
zW2B;&h{?xPRNhP@PzPtCPq>Yc;-R>mR^eLUg5o|ow;KdMQ|>AC9|EbmjG%PgO(aS!
zNq3TNkrY(WQ}&pkWh&ZNMB}8mjhphl7n;*0$M!E`(H~U2Pb%VCAt^d26`8NOD)_3f
zcce2VkCOB&6~varEtI5>wgGloVf|c8q{KIZ`nD>q?$hd7vy))`+9D438-Z>(Q-W?@!I5BllB`b`1>QS&>GXjs{OscvPQwLX(QuclZ622V41wa#&f-^%9
zp-Jod=nGgfr_?~YD(gRjX#Hi;*69G9v==Ql5a`}7d#11V*=DH
zX9nlb0TLTQ#k;Do#v`C<3x*(~=QuK12r*}_NNa#K7kPs?Wm=M}P8ohGF>3(RX5J`H
z)Zwm_Di@RvB5hUy@Lnvx;2-2u+B871=&G`P8xc6~`HB^D(!yL~60e{R1KG)L0Pi=b$eu>H{ZJN<}n@d8JidwV4R?u#1#3
z*w`e`P|j~@z5LiIxxdf_%L|hn^h^JwIKcwJuL%AFMdGG3yc>&jiBN=!n!wMUA~d7A
zrj>fAn-GD#M~zSKxa7^jZgn`*1Kl@-#XZy&zCMvmCt}ZVA+9-vf*sp%b9QY8kNcyanR`8#9Li*WcI+4Q-ElqI}aSU(a6G$QpyCuMF)
zgkq+Q8H*slrj@9|Sec5_ZoG;D?6V@6Qy9A}K*sEsrD}q3^B)Ly_@>gB5eR<~|KZNR
za``nCZNyWjBtCc$OI@hIsZ6|cR5q?8T~|UG&o7rq{r$l4X1LBQNqw%srrF?^kD(%9
zwMLID5Y-$GStY2?8@M_O3MwYhgA;h758Nvy(K8ZwD2VGCQ6-80_cSQWiO!_!ZfkH|
zGr9&{FFOiOt(ZKzJ_qx0e(h-1Uv4*a)`_{3+z-scb=~M;bp0sSOy$>$nMBueM5Yv(|AbrN%0dMuIun7TfMMRob>6WRS~Bu3+S70xP1fW`?b
zY?~43#)&FC*Ad6YNh%BGn18TdFjCg!rx0^)a;C1znZwTXfw+xlcj*7YvHMKw)?U>0dCo#1FWBQ@+{-Qw`yr
z)2QgBW>7Jt|8neNJMMkq5*|K?|F<5&fM14()0#Ak*1*}}wEQoe|Lt(<6WH9b4iBeA
zUDk(8X#rD`%?`=s--AAoMOEoe*G=
zVkk;iPy_@-P)tz4f{oZ-OB7H?n3cMX+Jx|2${r-rY@nzrW9aKcBtj
zoadaGIWu#n+FdP|8Hm;
zE%Av0;
zqr$<>bh$Y?BZJyz$W3L&yVN#IZl+|sO>J}JW@^TX)HY9Ure(ZIZ42dQdd5g4XEd4uy61fd`=>vP8Z;uD)9e{!2>0kouR!%0
z8P3fHp+9w82%-#cv6)s5CL>2}%v=r9h%cvMiglCpCPuu`+fk!7OPf2Q0Wn(*=4)c^
zFqpT9xl=G3^<~$9kz*Q58AKoOLn*@Wyu6?L`fj}G^a6@OmjU>Yzkdo{mRhHm&O1q!
zA0c;G7UT_p$_FG-c4?%1h&y{Bnzuk`XeO(VFEmWIJZ}q*o5aQs;Ywy8%`{};T`1$_6HH^g
zi##46@eWQe>IQ|F7%8uGa(HIy4hE1``zbk3I!GxmLhux{J*w3&q|O&(7R9K&QGLo!
z6tngSsD;DO&n)lmW^x2PlVncjnFD(YW|&sP_`D=TM6
zs_=_*AdHXP8HG&Dh1UhlYJVysG{DX1OeRxjk|K$c^t`NF(6Ec0jG=@`xj9=Oi{54V
zv!=YwI)*pT>x_8>$ShK;2_cY95sR-Ol@`~$LVn3GW;p@d#mrk1049W1edd6FuXHM(
z`xk!U@FT#Fn1p@g15{zh4j^wc2Kk3%=~7E4#`NfZTaLtRHgbF^H#XE#g*%xGQ{6(A
zUcRUs_s(sr;jA`GTC*_o-CbLR&X^5tFGzQUZ}P^HX;X3eSoH6sm1d6p4XwB59R|(wI9n#(f-^(nlSus)ys^i9PFOMMV?Qq$OQqpRr$@(@xJKj98e3Fj|KG$Q`ASq$Q_d3d5(@g~wp7sN!}L$8^ja3fcG;smFzvpgU9Xi2<|?0K7sX
zDw&8aV-S(M9I2?oe1s}Ig+}?(7-f1uK3jkGU%>ZSzi@L4fWmIZ83ahWS}kr4(xqbJ
z%VN~sn3k=$T&Q>WR3k8J|2I&0zmxG~5Xh`8@M#sDb;f%>NertBe;5TV-A&ks6L?Y^
zjmuoCZ$_c7_^%kPRj-e5{fKzumUxt46}?r80IH2u29O-fvk|JhR%1Jg#E3@FG`5pm
zhrLy8+3h+ru>puq
zOTG@0ZS%W0IDX>cNlx26I67_bIoDBc+ccEBP}?yx@H$T0pV7TeZu??qM}^gK1Lq+;
zqvE*a7pUUb7E}>lf^2Ae9cJI1w!MIHRo695;Gv>tMh2r6U8i{$Jv;p^j3e}Skoy&X
zhp{r{sLgZeyhhi#r=i?RHOqojL;RhefKhF_Yytb+tiPXd47(Fp-2-;U4c8(~>t)Ia
zMq#|Vo`tEy{OFyLkM`o`=v;h57Tue2)|*(DR6qZ5kciJy^?6X!HVuAJwS8zKV%PSK
zrdSkRH5;-T4~n9P(jNqWvo6X;1pbK7cp;|{gsk@wVJ^kzX4MX
z{(2vyCo+sSKNIsq>Zae#BTIcF_;(PKLJ0|{4Zo|4{+RmiYKwUu{5R@g9{m=!+aG!Q
zdn`4LWa{t0|H;RwHmz@fiUZk|D6W#qRA3_bOE7p=y$I}snK$6mAW45au*zcWDi*At
zQ*ZjyMqngZV*_@J0XHD*-%`)oj@LjyJ&7DKI8&`M=Jtj3KiT5^F44?tPlcHJhCi-D
z;vZ|e7sW@nzHSi9@<1mw`z_49@Gd&YN%{nj4IY5P$EY-m`f_W@I?_oRHXddG`6HiY
z%$~b446Q?))bkrDb$~qR6H(K+NFQia&eu>f%t>Q=gax(r2{Z64F*@E!SqyaLQFyW+
zJ<5s5&3N8SaI()NXIU@EO?1*Z(O8*{$<62_CzURz^3iF4O*R@U+nkCx9PQ*bWQ-f0
zekWLuH2s0;3{hvpr|t#+(Pqh?kwV2yPaFBZ#i(xdP^HhO=e$X>=(%>
z97yyvbJK9*v$(mhQK?|F-UfCOTFvOLhD~v;8;(Qaj6Rh2heW><*+*0Qtw#OG9)I64
z(EEXE+79L;0f33HfFkXlOu*}4ei#54a|>vp-7g3@0Mg$9fN{5gmfHQDfZTV`z~gV@
z5CgQG
zuBaA>n*&q{%Z&l_((Ye(Bb>*;d?5h5jh4&;`e}DMZuG}seiHy#CN1Cy?JmG`UVRwM
z)ZKnsS+?*x+_}iF0ov_~N87qNn590z)FxTrE;?AJ&Vb+U2oXIDfT$1BMvHiWq1yX(
zC$t;~=E(toGAea1{C#w|_VAG_{4ki8CIVcpdK(?7Gg6Pm=Oicz`gQ>BCaBwQP~eK6
z9Id@C{+g3hm7bo0m-WPXPQ?2Xr_IA&t@AMVQ*7k#wVX@q!Ef
z5|Y*A!KX*ZYH#Sh7Ss=b;dMabm&a-Etj0D@GXXfU4rtC#&=l3)rqMP|>j2nL2Q(h9
z6-Ti+>y01d%sAZ&z%d<}&l)L#mAdk`EdrKX~TBrK}HPA;Y_bB>{W09MG
z;aLi*jGhACj2OQwhG5Z|I%Qk6qgdzkD)6df{EFWpKTD_f##;gO5&CNIHpcipkAVCf
zo%tJ5L3gPi0&ho*&v&Jwb9L6Y_)>|^Q@;n^o)~{Ox>?bAI%OPQ{NVE*eF(h6G5+`M
zq5n9Yx(%ax)@a=r9gQOVZDG4(3i!us@9GIQ&-#EjFvh>-C4|2~d-q_vL5k26@MgsL
zH`9J6Xz!aXw)Ct5uR6xxgWh}eMD5*qwdG$8-o_aJz~hi#sJ#V4EdL?!cEtFHnjwBC
zX>ZtG%YP5NJu!X-z4s#R9Za+FKLp<47=P&{(7#xF2g)qJ@drph{x<#BiS`p#Q2xK0{gAd-m&AX{CnVi?(IMV*Qt-7
zMu;751mKPUB(14Q;zK$zsVC-dnWz^4c#|MWVjSpEo!WPV)$~08zXzJ6y)>Gh(2?KK
zy%J417^XDC-)M>hy^7_{P>Uo^y#N?YkVL$MIc$uzTc=#x!5V8i01E?6jFV|f4Dth=
zQsJBR9H6dEMAn7xK`wN}L=bb~K0u!h;EbYeqqaPZLiV+ed~kwNVu(FJ{TLucr?HKT
z5lD2Ojx0SHUv|=fDSI&IjK4`y9P(+j^3k7l%Jy}bdSd9^fEtj1RIY%2*C{Xcv7kx-
z<^&*PMFIV(y~4+A894)hivo~@DV4>ja~$u_3v6w_8K?&Wq@*|w8FIWk&>xa=_c~Bt
z2FM^C+Q3)WqL`*R-VO{11g<{8s0V+OY$?zN*`zg)S&sMjH5S<(s2)Vdl`sM2INs(<
zZHmSLFf{;~WDBT)k!y^){Z^Pj(
zUkv+*APLd7j@M-%`f<;LzMDKo-VACu(_m5U9dG>2Kz&cdrwJ&T(T;<5aJ;vx;i2*Y
zYa2kt;DU0!fe5yv#^9P-BP`yBN@Hv~tlhCo8hr_B)OTU}+uDEu#SH;$&Tb
zCPz9a7Xomp4^j=epG)-K!d@IVxZEc++Re#%+H(Y>9|CYk0G8cfXc`u$w;VMp-W>U0-K(=wk3X1pM5-XCg9v9j|gW
z-k$+^yw8$$M$;^+Nl%OfqWzuJ({hc^I02wj0w8nUVvcZ9AG*_csEfhBJ^^FK1*3XH
zNwm^Q;y_p}+s)D66eokd;*gi`Eqi@52vhMEEJ6>2KX&+wUBk?f>+Hrk|aR)N}9xEckjm;Ex0%_fSN>K8gP7q!)Z*)akbY_#^Wkf$DN#!><(Qlo6sW@k9euNXvbkn-8*Mibl
z1yB`YEvUHv3>rJvjZA=@ePfdtEp*)n(K_gz5P6$oI~YQ$@QPgb7G$^n4)kAro_;n4
zXzseRZ-YhBzrf2d_=~W9nSjZnp^clK_NP`I!0Q$80_w&Ki=i_jB0E)}AGByA2cIBKIJuPuG#-I?mCXoGcno%M#7e+nwCm@GV5@?{N4v
zQKZX>^H!n7aZ-L*ZMzncuas(pzr;tmGKYAd<82+}D47fD3|`L|KNs`<(TAO^ujg1F
z9tCf5jDN5Qe&`7&>w8Q@Nkg{;ycKo$&p27xNtV9>ylZ{FHe=73?5jNQq&~A8i_rXr
zxZMZ9BR&WlNd1Czzvy`1qXsyygT9-*YiY~WoDxLvWygE%W{|!I{b0az+cbdOt4?lD
z)Ge`P2C^t0|G3O>Utb5%PRIKQ?-kJUPFDbqNCc(6+5({09k1Dwn8Tg`=CK4Y1|~~K
z<)U{PeamT))di6n)$bGBz2kV)=cTfQL_cuc!UL$l8z6Y4FRb3s!u-%lzZh>+=v#b-
z@s%pX5>hdudq^z_CFw}PcStbrLSgL=X^HOyKZd|J6q^1AqQXX2rS`xQVj)kv^YE>n
zJ`85+Hx^)~cT#W0ie8~?ObYaXhUQ>)_5u2Ms*!GbZY%7k6KbHn608?I41j0=GWw;?vz
z8e{&li&8;o=M$3WtJWW|pm@z)Zw$)UoBC#?!90udTDo4_&RE$_wS54F(QoM^7cRsz
z9Pa*$lCVpMp05LAY-x2&ILe9}AfolT3K}S2nM(xGco`WrwvEj&(A^kjZ
zM@Jzy*_Tzz*JI^7Z&*lAM5WWThCUh0)jq(Fqg1)>S@)vmiStGr1$>PUl=7vSxri-U
z3vPtPn}?2$FzP$-h-WY_FzrVA<*g9f`;h&D@<~X5jxZHB=q_)gm@LU+f6&vZ#Cqi+
zeGZmx)u~Vt!C&xd`3>Za4e4XBBB0(5J-QUko<6|D{5-L)7Y$|ogUaHYSI|>{oI!LW
zhU{L^3L%~rO8!30lzhDkytO{xj?Osr_bv!|J+L~kG{@Hia0@|_2Jv6-=#3Z(cpE~=
zjSxd^BvpuE?$(3h{66v8nWDODKb9|`t<+h<_?sU$L)jlxIE_X*j!`qrw-EpIAJG57
z-!K=FnM;jc)YXeyhg1jfCIx&M6SakUshn{KsY>jLt9Las)|=}l?Sz-~bM_g8e=5|R
z8>o`*qGWC=-Kw|DO@07{+Pw~lZ3!rqO26ve;U*t$0Kns5zL*Gb=~%sw+~i+Skr@^D
zGXQ=_1f|lmdWYQPldvg}8~PD*w)mTLi+@a|YsE9Ug9xzr{nC-26Mg-P^t8;UV~8b0W59mR)M}Y#-n@n8i$gPbRl;Q
z=r{R1<6l$hU%d{YvN5_k2y4>y37Om-{YAbh=)JPf8|f8gj-PQ4||%KC5yi+n1X-pN`IX3cL7X0Z=YH|onM`BK`}E8&~phOj;o%nBdidj%=>
z%XLO)+lJBU3VJb+r}=2xXiAZ<*2%r_P3k4!T~miICH`TZyd6dHPVgR10;b|xNIvDyOc>e_aSWm+9oaENcLn`+GX2S3no0y)2m+K@yj0I3T
zf!xPunZlkcg+1R%J_qI+3*JPZZ+a45fs=eYc1&9U^5Pgvih7Zg+zc(?T97aCS=K00
z(z`jy&!DN<0^Xg8eCbJe1Dxc1@R{frz<)CllP5iiJ&m4*L!j&Y9&8imbm>TZDm5WP
z`VpUHk?UnhH{x^CZ^)2d#20ciC__3CUrL3TnNfviE%cS#%*~K4#Me@s=c^F2dBGug
zOD}Yhl)E2Mpjf-?q%ROirj63zWT$EpYEMGUAA
z#CG^QXEU}JOZ6br>!@{8Ht7Sw9OeU1JywGm+MLz`t%?2_LFk!ap6CNiEK>)*m+?U|
z;&!{_Q(G0H&Iaw-J-IQIwFBKA_U#*DBo)`mPoIO*XPy4M^D#u!JvfW8~e&
zM&=sq4P`>R)yJs3PuZqkmGK)oEmZsrIjjPfb7e;UK*RZ%9C0=@eYRiP;W==PbzD`5X`FBcu$RQYIz>t5c52~brbgZhE`avJ-PP0
z%R%wH%ibcLubFrrJB?wH3d^-;>0CoE>~W<+&*Q3kcvTkHVS9ZLl(5I6=lw3%=MN>t
zT)!yS@8IZpTsbZ5aeX>`$}yZrUgP5qxo(AH*yGXj&Kt(-#zNt>=UpZA>x9DVu-9h<
z-`OJt@15d0>w=@_ak?n%
zUHv7mIm{1xO}p@#6MJA0+GrA?!`*!{aw7&n3bP%MlR*B{U4c
z5^uCXdW$@lKnrmWChTpWL4`c7)sxZajT#wQ@;r<+4gP-ASot*IS^zaal97XIRgIp-
zsH3t-xr;0wphG^!8%Ueb?=66(dg}%}Q{4I6kGu(8_&s44@G0Mt
zd|sI9oWAozS53Mii*L`QcW;C1D%EhWu4Fv;1UFa
z?-jzmxCB{nR}uHJ=(vuT?+AiavOjnJ71
zdnbYHd3)eKLnT63cO1!S^Le~%0gq&cy(dH$CDG{Mi0}PRg%G<$Vef2QhP^gb42WcW
z|BoXK0ZOP^Ad5~Xa~6*9Q>)1wU(M?u<;ZK#`<&6ZL*U0RC*iVF2>A@xVXp#^60bcp
zdU6cy7N8+?SVQs|IEH=z*^_C#5a(_@@3}KU<>u&cnE-^n$IqfBlEWSa!}j`V(BZz%
zrVy_~+#9?^F7d%1$RX~b9rg}Oz~8PVljN|+fWr3rN6^C_x1bJtN37#<6po%pdWc&;
zm&hfIb}p~i0O-jvv`w@d!dXnpLqhl+m!9_|Q^76i(XWv>a}vn&xL0e4yU&)$Wmt}$
z$IfktyV{1m56|QA8#$8fd0ccY#Kqmh-XNfWU1%J@4j=a5-3b
zqk5*G%aI#7mU!H>(34|`yEBI6GAuHv7aJhCQ6%Rt
z#pSKIED>Ibbm{x^16{7nC0|e!K@r!#3X$S@T-pooIZ@|VNJiLW1q*xp7$WR($GEWf
z0*+{xFpY*s2?TOd(UT*l>8XShjF^2Uj}y3?#GP_@HXY2NIDe$QYaFe*3Yw6x$H`yM
z<6K0DGj1hv8TL3ehea503~}NCy}pAaa7+^7P%G?lIEJE00!NA{{J5NbZv$+d(^TPV
zCEks`09ShUfTKWb2HJXE__(7wZ&Ydxek(uLKjK}z{SAH_E|_uNg%sta_B&$QZso5R%?>bsaw%ty|LU7XW#$XtpVItwYv{A?9=
zjY6KO;z^+2kJ04yIRE-{5=eN}UXDm#?aiP@M80Oe!5&0^;3ZIJTI>}8_RV-~H?Bc<
z0FaeC%M&m!!1QqUC=
zPR-0d>=ZaPm8#n=)Tt){e(p45qK1Kr*L)QtQN$%VT%R{7q}6f97;G##oj^@Y4smhG
zS$s&s`#+OYdM7;87;FBVARbeo339Vl-i=
z{BXa7_r?6w3g$i)*IjMCRpL?7wU^?}7aKySAcP4B!DxC!H;-vrge5L?88?K4CUukM
zf`81uQvolimz=erN^cbbAC@%`abMcb5tc6W>T$OH$J_kxk)>rV>&Mc?si+Q|{o{H;EaX#uG$StAbVyn0`
zP+SJ8#NTLw-MAj*SWuT(Y%Idle5_xr^SSkC%2Jd4@P+czwYLF>)hgpQ8@(756Kiok
z+2sw5eJWREm$$I-jN--4f8YpT0`}*Vjn0OFPQK+X@$?;Gw~7n#(g&!!EVgxkbyF<%
z2;ZA<`_nBJ*CD`-1g=iSTjy6iRuWXabNq@oQ{_*Bl2KO4v_Q$7P!cT785D_Nm(8pX
z_Q^)6g(kuCvrfjwn%FqC)E1De>UMHJkgJQcF&M+$RQE7u{+6iyPQfQ}U1k?^z|wCS
zUYF}Kdl;{^Y-l=$+o%3UeB!RCV?G7FB-QHSILOx{*H#a&tsZWhI*|Cp-B9znL+TUt
zs`y1f{;xezSA*BG!y1^#IDwW){Q`%pXf9qT}ih!}L_r=zBHINMa~t^wwCV30htTW@PjO3~w6
z@BFqdyZBO;h?(G{^?6$lFs)Ce%I6Nlj@8vZ(A6kC&LtV8Kk9-6r9bM{fnWM)HeULL
z$R}r+NVN^<1NVWK22?GmXIX5lf5MGy#fOny
z--m70&T=RJ5%2@C*H`OnwjtE&aZ@jVoTk(-GsS#O{3j`Rr)D~dT9LpQV|t8>GO
z0p@m4$Bp<5vEi5kX0}`NV0C#XEOygyobPn;CK$}HYrY8z!!-Hn+FCy-$_1Nu#$1_%
zxy@~5%FxIx33Qv=&)g5nl2C7P^Za0qZ@b0qNZ;nxY_HCdc--se8;MF)$~}r7w-Jez
zs@EBj;pj*cm(>?<*kMcJrbYzl>A>G~eLR%3SGhd2BQ^;c2u_ch)f>~&S4u=Bai@e*6>VzvBq2n6oG<2QKkHG5XB
zAJbB9dwi^wi6!sOco`J8rPv0!(bH07=BqK>2l;(J#xcLWzFEv~ukXQYHHK?Gb9ZBj
zF&A9*V=QcpETJm@XBsmNFQ-!#Ta(*8iGV1BO
zI$odI8~MC{)7LhskUQ*BUq1I!{_%h*g|S}7SMi$aY?k~ERmQa}XcPiZf7UvsegWS(
zjDvXk8U&<@sqeDpA=NTlt7mLzvHnjfs1XrkjP68?R;@G+G1gBw3z+|7>(;DcIVg2U
z<@YzWety=XPtoQ~$nOz&f!yPi+6*Nho@!M0l?ulp@Z+FLfwleFG+Qj^t@e5F|$ET_D#6jjElbYlMQNe6pi0dq(;)PT;waW
z(o3MHrPIiaucNBqhK_jnOXeXQ(7)=U=-wrNJMO|v2ggeddg*4Q;${_ZI(~&4Rs1+4
z&JN=>M=V|N#|mTmL4o-OfEwtFNDwviBOgmVW=6h~GsXbdu2AY2Kwq;8V#VSFP$ljs
zA~dGGU>D-L9#rQJUpE^R1k&~2B0Wjxk!>P9Nw;JQR57(4+^^MVIG`y%j&pR4u)zfN1CtH5Hwk@dfrAOs=n2(wDQ;eA=1h|R7p=7N@
zy>g1qJf2k-dbt(QYH-vEruxQ4M%<4(=mtvwX4-+X9~foDMn-rXh>};z9mvl=&V*VP
zg!-vynYcu80Yym8!j9w(s2X<0?QGn(Hn-@QS3*S>I~~#^P%#>xMf|UZb6JULDJxCG
zxon`hjhcpYc@yKnN0yJCgf|Dy$>El-PR(MKe=$OOX}U==Od&sA`;;FN#r{{j`MBG{
zXstBu=HqT3b00PB<__03&m&Ef`muTkaVrJ&1Nyph3#N73As6hEZ7xs`YzQH!T*}ovh
zmw|JXb*8bw_XG7~EQ4>^atkpwF|Sl})}uTAD!>{ak0kf{UdxjksrP)~(r@Pzn0eXR
zT$=F(b9vp3*ZPZQO5Ln?U+<`b-RbzI04>%~__9VeBK?D08%n+Y4&~CH%3ff*$MdCF
zWG@(Ca%iTS^C%)S6#^Igkzos4FEY|X+sN?xUm{b$t($A1#kma!(eS{tK+0y#BdNaU
zt6DvZ^Yi$Z5m|N<4l29#nfUw>TR59M`e@hoe{9>aswcp>z
z{VIj~j;7_uQ0*=F)crH-hPw@Vj8ARn7T$vf-n6+B(A1Q6zZx#aN)!hne;Y{j(?t}A
zgoNhw(_PFxV*UWUeF_#XJk83-ynQ23CFXX*NM-Lk0pmYVADv-hhq_}^xjYd&(!_LK
z*iJ4DGU2WZcj8k*4lh7BQ90*?bC_)Q^HsMy;T4Uqd@znMD3VxnglgFKux#U
zBLeJ)b+8BsJ)HCWX|9>7bR_Ki%dsW}u`s+QzI_|IjTuYYx0E07@2Q9F9$=ff1wOW*
z>pgg94jiWf2Ps^97NB|(y=khW7UR6j>dFe@yAsrhh#|bN_Y($=r4x~#k6UD{_jNar
z;&?xR$^1SP#Z5_gg_5U2^7eX?`+Ui(Rcx$Eb(Ac45?!)Cc$3}K#+#iJQz^1_t53mJ
zJ*i^!Opt-O*ai@*6vIG`hz?W=7dNaF1#2&Xf8fpeI7qjNy+7&NumdS3y4Vk@0lGH#
znH%)S(6xC4H>#ML8)D(0$8jER!yOSAZ}-0{j!2-0$s(}XwK-kRl`t04mh#pXtU5
zvE0lBH6l7-!`DUeOx5jpl&`Mfd~NZusxuB$u~EX5#^O+(8K1(*%*6Wui-0PhX2QBI
zu=wk~ES-#7bDnh!#a^cYLReD`@zQJ>re+n~}dg(N$TeFdf
z6Yy!87b$|n66cb?d@8Ec4ATpXoBzV{6G6ul`Gy_|=D!jidBn|s}~epfCm?}_9$yC1LS+rWpKuo3vD
z4BVgg2zEJ=;U%_c8pybDuAjrpjE~*k=02*j%LhY6bFJR8ec=6p#zCM;ZjSzg#uHb)
zNTs}&T$s_vSQCa?MnW0;D{jrU>YRai@Rag#a!wN<@F+oLbLY-ep=j4n#^m%N{OQ`w
zpav$FsXgM%R-F>8>6MN|!H#=?I!GR%nzrJ>YCcPU=OR=P=Njay4I)-SK9C?V5Fp;K
zAPkokB)<)0?zYdudYD)tTIDTlCbCx_bn${}mL>C8U397G^v^f_@h*CZxu0qJ<6X5s
zOV!6@9>$`Zp|29koy9mvedH4cc-I9gqeZCIQ(&u}487;lFZAJhLad_{?QrAFfd9x
zXr2~vERuGxj|`0dY=UsdB)7x5KM)*3FOusxL#Cr%sr(bJ!LuzJznDuso*^U-k*bS~
zYqLY7YCDL<5UDxzp8D>@?Ucf=p^8T}!ccB+g
zzo_LNT&s~(e8S&ay@&JX_?J=7JP_M_*)d$rMOq0Q4+g^PeH1@s>~;K`o21}~w2
z+TUW!pqxKlJKD$ojP?qJsv{?WvqtA}0K=kC;{AOIJk`Z8R{MG-avg-l#~hDjrWVB#^O2ABM{fo1u2JecP#s-t4M!FX
zw?t)KR`ff#s+dyC@H&2LKpwO@V_v2Qs1Z?tLjN;WA*I>7F_f4H&RN4uD<6d-{&eju
zP{p7f#VVDmpf846i$QhH!9g;QBe5Zzw|A!NvWIY^dQ$9HEW>;Y&NHpjSj~GF)QIRn
zBv#@^A~ARg);qw>`k^Kg??@CF2@lhR5((4Q@W&v3rZn=$Ag15&cZ&2I_@+*`Ss0U)
zKuKf*n3kw8OW7z+V9}J#OjN=mOY?GM4ny#2QXay9u(&{97NfN
zGE^bz^1+xGX$ynb)6ojlh=@@~FFdB|0*ccQ2hs5`brciz{=Hfqi}N6>qbM-j@t{UT
zj5?fZeC`8^a~lpaLf{BRMhG0_h}Mr#6l5^M5dzt`F(U**R53NuJAH!l4}(oM9TkLk
z=wB5_B+#15$Of>{;zh2L^GLk;g|R`4c3SN{(rChbv;1`JGEjrDL0mby%69mV@tTArj|m{FG*;7EgBlSXsA+qti`9L>5PUiT&W7)e%lX+cvCy?&gDPD+vg5jTEzyQ^
z{F9aQhodrY(=CtaN5Y2ctr~Yd)&kwf)W!3vm2@gI@6mbeRMJK{>rQZ0=6yPg-4=FC
za}K-=HTN3=%$)PV2e^O0NTB-WygCR15BmIQ&h~96QxEwHwpFYAtEVCjHvUHhMl3It
zLbya8HAq65fMOD2+FraemeBUrePxWP;H0<8z8+Ru3h8@Gjg^oa^3%0Xf+{T~`;d~q
zv=8Df&3DSDNiEpnM!HOYZf{ZnflRpR(Ctm?ZU`_9AETyxo|JBTbSnQYv^Vo@kQG6Y
zhb3X?84m?%*j>LliW(3eI-~E0?E58{f?C)c&rq#2x)k!$wbMHIeaqK$6Tk1s2f8V*
z=?>=JjAn4(-`tzgOv+B((DW?_sqE5Y@zE>4{v)CE<|
zc#po_Rmh|Jf!c0mO9I)aeOZoL#2q&Tb}y*wEw(to{#Xxt7y6%>9pOLrnK;c2u-uI{
zE^jKcxRpZ6-^oQby}cY;dd650xNeM=4kt%U=3)LQ?C~|}eD0Eaht)qQ(7ze_W&D<~
z6RsJ*o#75*@WJ@4%I#zBF~E8VHRlO1CtHoN;pnS=jEyDW(^dhy57d9YGpRc|2>no9
zY(cYWh;SzanvH|;>c|Y$lgNrM9Mv7I7pnQ
zf)#i;Zb+|sQtTdVPyY+fciTa4%)=#@A#l+F5BCgpp}1v_Ls4x5PSo}#`UH_U3e-A9
zb%{!urkni-_Jgb`y3=$!Q*_bcX>}VGz=V{u3L%Uf{Ey)+
za%`A!W$^#Vo>9ahd%P6_2?r<
zuEk^PGSlwH(6<0Bfpa#=?<4zfKFnDIOY8vRGyLn1AOcHp*brEPH>!Yj{3l2`xm|3A
zEJpzS-b1%7tv2sXaK%PxwH?e*f+2j>8Y3aVyW?L*;j%w?NXD%y_~$yz|KiG-goEVp
z1JB0i@JLF1H`Gzb;k*$4GNM(%(~vt2SI$}-0y#C3kgHx(>I$5%#lMUoRe(W(x&>Fx
z%Qy%;7VnL5@!nXn3h7ZJDY_V;eu(ov{L3g@b~g`?;{fB2g7L?6gYmPwT2p_4h$HpO
zRb)-I_5?N15D}&D
z7yGCj{sP}=KxgS>SaN$OQ;cJc&Ps^FE1=)M9y<@>28|T%F_XDocQN9RZJCO_=(owe~E7-`8z_6%=3<*Mnsnr0(AWj+KSM+n#
z$v8h}l@$fbP6IU}@>I46_3}JWoJ(<#OgaQ*s+g#6F_^m#=k-=czd*<1phiRtI3zXx|2Eo}WigB^{q{&~3aEO4`~Y**Zwk
zqka_FtCxYodYNk)N*p-N%~2f$3;wOmkaY1rc;KRkv#qPF_zm@m98B
zAln*LDS!UJ0-pfhgl^55=+-Q@=s^K`CD78XVG3kgdMJ3NTXTUsh{}R)&4q3sbC225
zH)Pn;EWrApZpYSr-%lM&hPq7w85YHDL6
zy8#OM)3s|8WjTSpNM#Pmvz_=}|Fsgx1NoI_{|BR!Q4P$Td1X1@Tg@!DJ$U%B(yizj
zms_DMBZFYJA(&u-_DlUCKn*OYX8_99N8-69kk8p9whLJM5~GQ()-V0h;`PSI5gkK<
zigl{FrYY9IEXTi58{*&z6eX>Z^n6{RTgu)w}KiGc`Ew=k$(^rXD1GU#~AX#HbrU}0N$8C2ytD*2`c
zymo39;uQ_Z>~C$V%jiI6MZ8S%Zz~#AHrD&4eUsPAyr($Ryz}{OUL)h>
zF-G_=yx&?Vakk+Qqy;{1nM%uWS`ud*UWU_S&$CPzgKVy~dI;wi@h_uz*+o2DgM%u#
z9_HDNE9X-j0+nhc!B3-!Jb?4>_?Ho+3XboK2=@oPF%AM}5s1qgVsFPBS%2_b+pHNG
zSYQ~a5s_zGm{p7QHd`1g`NLzpF%C>%+5cswkMiWzWwd?9N+0KSHdcd`I-pZ^E0j2o
z;UID3ynif?BN@UARp?RT{1*OYM5}^VkOzBlDkW(WGDO`ee7;$!w0GuFn=aCuN
zxOLj%5LnI>thP=oMn{b#{{H#!$T$zhzl;)P1vsdJnlR>;aOKRyAy5z(PYPUh6jp%6
zc{ToJM5~n#L2=rZnHS;4*@T0LvX37pO8D=Xti2282kz_x2^gWTRzO=)P@{4b3%BNz
z)j6X7dS5?w@5<-uh7&(E`pG`ck}ROR$tgxFSx8gn%RzO#@sh=emkIcq;5
z0dF-dQr=miRIcpd*6gb4b-Rtn`!*5n7AWuRkSx6cYgYAo+49k{$giCwX>BO~Z4?Z*
z=G`h#3(ke7c?QvUcH9X_%{Z^OH8bW|-9f0mB2UNK15wWg#c6^=
zpiC7Lm4oJB0L~}W(=h_nh=@_gmJ^kl1d1~Q2hqV{hAJlNk?--O2D(5vU
zb>~g+3A?J=&094`c@smjMuA&%Q&qdUi3P8t&YnB9oK;xp%_Q>E4e%_7SFwd_YdMAYDzSe
z_9Rd@52+7uUSb>d7J-`2L5+wQ3+LTXa{v^TG$c+(oDB#s$_c5q;O~38t_`|?8lgOG
z(39BrdWF85Cp7x5;YtXZ`ngp9j%U-H!T1)LNSJy&oxH(y=9C6
zFCaf%I~m3?Mk56ni7c89z&Wbk;{uBhw9|lXHO5Ne&4}9&*G#4F0V@z|g
zhW;JWHv)Iw>qh#AK>G84mu?&y>PzR`{VmpuD+)C-?h&sj-HIn9Uh`1VBdEV@?o>9H
zVReV$g|=Nr|0anWW7i7QAa*En6E1vMscs;qxHFreTfkp`emg~)tT56Ei%;V^n`^%w
zjf;n^&Q1mlopV8r(+TTv4cW6nooKQ10_>(bSYz4r&|s#9^8wjhpmqmP|LinzpA^Wx
zQb!iA5&VG1{h)5KSoFT-hbQ906XRsUIpp>a!r^kdB|v@ostM<@AP@E@%8oR$AGy+>
z;KR6q3()?5Y!;1mYUbwr!tTW$vxKWtbM&e%uNjr6*y!8_g*jYd-}}@oo&>}98g4;T
zEhuLcRtE9*x;cIsQ@!r9kgt76H>~XFedo%4^-j(7Ui&NnvpDiIf$VcLxeyesiFS_b
z3TKVL3K=h&NL2@3ekZ6wzDY@yVt$9)KPYRG(mUOBF6HRfY^j#wvIlZ0ZoVxpJqC@!
z47-@%9#^)*bZf4uK6VYLw*r`RJk}-j9&qg&jMrA1I6i2Ww{>f3t9xvx0!jVDZX**k
zdSt5Cg|C7mQn!KW5N)XL@d>Ey7A(hNmTq(NTzG#~j|fxEZ56z0+@_{3uc
zxYjoVo)t3-xfb;sh|vj8n&gCnqIx(!IdDwI*UWXhm_jtu^o{4b!%q5x1p-41u6vy^
z3JOlfK^!Ih)DUUk$GZiLNOv~FN4W)D^mvFg!4nK)h%~kw)
zxj^XAZUb2Ww3u=1ghf6tM}XJtFe%s>q+mCw5k?5Hi!_pRG}21W6_GMI4~q21nLXpk
zD7n~P9hoegk&!ua_S878!0$D3lm7srw+&^MEjSn_l-q2dEq0i1a=nq;*V;*q;|l*?
znw#7g$o-F*SR&%`)3sCLp+>Et)I|X`&ff}cGz8c337`%N>@_cX(JZ$1IJ;1N4gE!XR
z=N#cX-*MdF!Ta1v-Uj5oR(?Pre_tJWHI5rbcpo{*?}9Vi;xW9GpRWC-4&FL!r&kaj
zH>L2N#45@a=*K;1;(J$+H=lwUmp<$8pLBYf(qSF`Q;w{I960=^&AuLV_`g||zQeDD
zLgVM2HQT7u;io@j!cBDe&pB}p|8xua#3n6A9R5xxaQL@az}Y@PT9sW+oWmc-4LZEb
zo#fCM%oW^g!u&cI3p@jAkk**fzud775am#u{uNH5(|-$cDQ?sjqaL4(fcIJ*LOs9Q
z?13y!zd0P;MgWb|zs{-S^shG?SBcY)(o>4l-{izQ{qr9%F+MsWg%3FOoIWEYWq2^w
zK*#mC&P?|dC;2bjZ2zy(l81>3{&el_V-wQtJN_w7S5t%G_?sh5lL0f1{{*Lw<3G_S
zSjWH6PdFWal=cwEztV|0{xzVAG;<;bsYbhzA233AIBYAywOhbPQ>b!
z+f9-_Hz`7r{)$f$oPVRmr=X1)?R4Tq2RXs=mJ2=wBD4YU=HGc|WLuwai$Z>(svu@+VtO1o{Tx1M%R%w7D_o
zm(4Zsv&UonV`Z-hWV?eJ1cb=<*gqV_ID9n9W~!5F=7bkRn5*nh0QT3LOz0B=4NDR=
z*o@Uq7vJ?}a~1zffEvEV$le)bP32Jup}1M>O{BumD#d}Znws&^xbYQ
z6dJetjh2OC>2|kTP@>!YR>!&BhBjI6+hiHHdr${%caQ~~;{(L){;cENZZ>x_I293C
zy~(8W#lYqEnh=-Hn9F@wOD|2DesQ^v=tP%00&*$t5?hLTM430@a(C!hKYIhI02-J3
zw65cFpV4-91^w(N2o;z6oQ`+7c{iFEADfW64|F}3%Lqvk?yo{jRQ72|^NF}P?rNi<
zVc4k9wM`}_q}g}3)w+YJc5t^FhGAWQ2pf01LDzA&H9o<*+e`gK)7?G+S>tZ6*D-gy
zA5?L-TXf9bHfO4(pS@Mrakn@7X0ZKiZg0^S5x?~+lblDaL3HiW@yQ8X>vG-66jk)A
zxw*zXpwwa<#H-TPsbWe#(-rT3;N0Hom0mq`>)LBUjZh2~R~1~@8?$%3xd#W)!ABIT
zn5gDYyXqaBCuW(r6$NqI18PLXsN*Me!@dW_`3(or!N*yun5Ye1T~#m%Gg|d@v;s9E
zV$hMz-3JDP^3tUytQqEn_?Aw#*?K+_$GKVK$ouH_LAE|I6kl{h*ko(DpNp6mmf_QA
zpJ21KA}(83{c^bp>3W;EFQLbDM<$ud=+^vP)vM?VgYr9^rpiw?wb8BFUxiP3)iA$+
z92-|aI)f?&WTtLq24cTg^_VHp?(liDwTypQMHzvWMEUrBLAZ8*j
ziu4B28H|IdxrS)ZHtiiUkx*}3j0nkKNb7Wcs~{7Bi5KsTV1}H^J@p~)c2;<6Qvygn#E_9Xq;E~
zn28cU5tHA)$tD*lJ*#_c0IA*LWf(_er6&KW5Mr9o-7)4~VB&*075VAfVNY!DOY
zoPxQGk0gR@6koUe{sA8oT3KAB)~T7;>toCH^I_sFOmEp|xicw|&z(G4oMVzPB(Uxy
zNQSZQH64w0_FHRivDUoGT61e)%^rMVo7TI%Ej_QlOkz
z?I^PxD?6EwaWAayC=(qk$C#3HUUm5#yb0!=?(Kb^C1ZQ_#D(*aajT{O!r8O(d5w^(
zRUUP_HMg3Kd;&LU
zvH#NM+|UGhsq(qK$@vyKK7clv=0g`1afcIua=(+?&oo*;3ZUHC#Auyc!VO1g36s)!
zjkpgAQ(At-xfoa+m%`U_IXxo1;A#h#$jb6-@2UICQZWZqC!-h&wX0Ht~O!fX}Jw^
zI$+IZ4zRqNsfU%#B}2=PWQN0Hrq+!XPe2Ei&#hfcPbb%uP+(66*0tD3fc=~h$i0R0k
zwUa7JnMH_fb9%9)ir(gyZ+P;ml-td`S!GOdT_9gcdAiM{fgM={Am5QWo;0u@Rdc4f
zlpE4)x00;_$+N(2K4-p4D(m3CVp70u#x_vwMjWI~U{@)wO`uSx(_Hl&&KG8w$oRfU
z*X{&0BJwbKF|o7uIqCq;?Jagz5d5F<*aB|glyWQrZi++DF2)5+c&mS0H4yx_zN#DW
zNKhjp&wz=Y*CeD)1ocvjJu(P*c|11%0%YJki|G(xHUX2hr4T#Zg+tk&{Vrxz`CEY<
zV6i0u_LTtptefX!J&zl`gviT&3s=A5;@vMzw2uo!yUnnDi#NcA^Upd4UdX-P$$btY
zD8*TMNCocOnEPnXf3SC&yUB@|`-Lj|9{`VnmQ7Z7uRwS8zv{jy&~0>G64Mp-9)Pm2
zmyKiolSt|!tFud>^I7Obxt^um#88UA(uZ=<+TD|}znP;_Efy5{>Ds}-_Tf6^$OC(xslL`{mSd0N
z|F+oqv{}UbXKXOYUo53(QqFuI!n|7o^pQr*Of_ar3w+!Rz>otsYt>?b&Wk|Lkl)Nr
zr&QeFO|V7e^rH$jrU?XIgn+y))?$<{A_iq>{2ZKgk{X2wJ3Mu73_saP4{Ypa_D$=T
z)F*9G=BV7RY5g0|&DFqQI|o9O%9IN_-UdsA#(?1n7Re>T1JvV1il?A4txsA$Zc>v(
zLHEW^K3-?yjR|d3E(z&bRyd=P;XsNiGP~CSVi3l7Fw&7udPMHr+-#i_9+ZFO;Kqz?
zHrQUg;+!PaMMB8Uh*R7<4R6UNCS+7@f6>q|J_22VYh($q3}ciRe@lKoqmdAa#(`#}
zVo_$yL`>sYNtq6S}a%eF9CQzWrfBHuSvYh+G>vD*YVF_tlCvCR_6QRa2YV4K%%gV+Ji
z*tIK@veur(lE_jiKwz=}b%@#dKPIy~+ENr~?&Q=-ZrQnKX^^P9v&79tH?fF!38F2U
zOtiZuTFM65t&_49#oD?*3L?INt6zHv`Ez{V8r)maKO&D=XtkBLX0
zrZ5I&`=)7@GJIMQU+!(Z`jf`WTPJ6aFw!ii1Jd-QJiO!PAUp;Q1;*L(BiVyJ+Wj17Y{tizEi~j-
zxkLcdx{1nJ;pW&%Ix%3`5<+GWHokz2FF&TH;sHuxxgZ(ujo55}p1HZkHB<)TlBfjL
zQw(oWX7|QMEt4@->rrCeX~Jdkx6v}$F}(#!R~amPOnjc3z>Z~sp^_Ovp_fou{qgN$
zVpL)Vm=&Lv-f1jXv*QbhQghBjtu*Be<9Y_nQ09eDQwOB64T<@y<4jw^0(U$df|}n+
z#W`E-oM&B-UV$>aG@Lj*wEgI6gxXJpK|R
zN88hR;yr#8kp9`3k
z>&vDX*+);hD$x${t^H~BW3*n|l6`uj7)|RJ`qhD$Eg=bZKO^8uGUElSjDyBDLAly*
zrxuC7UZedK825Lk?vAYIhU9qxlEvn1ov59W5+mZ(dEEy^Dpr`*1uEH;(`(R8odYeg
zMiT2!XesV-Ed`7FdG&%}HlMHK@)=1t*}C3nsMDQN>H?!9&`d*^0(haOV`VA7h;g*l
z)Fk}k1Z}4BU1DPstLzvY`l&-aAc=l-4NN9wHv=n4_}8Fc25I)3XuivR8$s%PEj^$s
zpvVM$rKV3d_257C4B%(}Rk{x%@7L$65s+_mMz(1xjeL!dk>Y%99YgpXidr9KB7;p&
zw3J&2vD{u?Cknf?`&(Nx*6YF@2C*lv$D1EUu$}XC3aS+={d@`91>E6fwSyO+24v
z=`M@#OJ(3W?gnE-?x>)%Zhh1}8a~br5wIzvHXR&lx=#ubyZH-cyl}rLFb>c(P7lDo
zeoFv#_@V~Aqc)kj=#VtYoRpWXBk1cq#KJ9=iAo<%Fxo(AC7Yr@^@uIyN&h!!(Xh!B`*+tsSeW^
zFJQkMV@sS^OdwKB+?8&Sy-|BxA754u@-S}
zES}cX%shM^A47u9a6eCsp{0J2;B~sfpAh?HofstgnXl?_86u^={uesF7fXnV(f_SQ
z8V}}ockxm)=zc?Fbnc6z_@4QDpJodV!~UTT4QpaZ@i9{#`;qI?j$%IiC;u9b;{g4a
z?Z{HgLBDi}X1rSikB0RGeX5ih%r}DCMeOt&I2>>NE)+AkJ0vvrWd9HkN1qpTHSuf`
z5tXqSf(XbA`!7M8oDCTGh7I`m0f%8(|NBoJ<|sRjVcGw`W{KjbdSY`${!CDqqba&`
zCd@N4N-06ikVIAmlVzAEG7~oS=ZO3XCQMlSb3mE?ybLr|vhe@zGZvnNHis32u^hVhsMirL23-y#^FplmVGEdv5H
zkkBeNo6Ub>>Ic&Cb6&+kSW+uYCYLY=O<^@NJ#FncF35#;F^k*c*gjAMkSQ-F
zLrVjO1RXz|!JJXNDg7eQ(Vv0pWHK$GR+Pn;B$+pg&qEuTF8-`c*Z6W^8ia1~vsT@0
zN+n^K5ekOVHm>xxJtda5^!km0Nn5WV0g`BAJ@ohJHjpWt(CHh@n?NPAsh>Y>*FWCM
znEH<|52ldwH~f;ZWplsP&!
zZ}@-C3MIyqRds6o%)+$9@=G%-HJw9kQ#}`DGE0w%HFQ{H*q<$#5u-Adm=Q8FIkV!!
z?Stu)`2kmoPpt4P
z@Mj#%OpzV8n(RIiNmUC2Nm~WjbvntPGsJWdXCW{Z6mwukc!_DuPv(g>Tgvhm8^YMR
z9>1fGO_AcJ4iFM8cuIU`;5+d6Nt;s>=Q38tTPNP%uBtnca+#9$^w!$}skL@OYVD*6VC(GwXl=jy_51(UUVEMM
zo+*GGzCQn3o`;-s-nHJn*WP>Wwbx#I?X_Y%CZaySODo`E;)%w4>)WHcg&ly1&c6#y
z^&4Dz1l2b^gfF;9dSlg2+fTcrg_|*A?uZnBM_h4SScEO^j4I%UEPj(sKEf2DKXAQw
z1sY%jVbk+_7$&O~-au}qh^gkiar?0ma21b?3UHNY-yc(_)cAoI#aYzad!YKMxn_@k
zH)b53STZU08Z|GXo3Jg1bH!g&*!Ws5;qo&-+oI
zC5EjxT%4}gx*z=)ACB3^ek{gX^YOSr;*L&b!Qn1u`%R?#%&_vvsmy;MTACfWm~nm3
zf^~ZF7=9v|dFLS>v`AB|dFNjf3TI-GOcIk^CikcGH8ZaEwNFO}*32e;=`-3@22qxs
zhxKKH6}9g~tT+ZY`usowIWi#-d_+sP^_68rtvd0$A-3meOQjKP!AW9<`7Bt7Ig0!2
z@yO=n-veNFHp+}(7@K5pBODlCP!bH$BSw7DyutPt-qr~26G?0_{V}$fftW6d+F}mb
zKF4`}v=a<7L|GxZ#YGt<-s+<2Ae&tx0t~eCk&uxYY<`IVB2`(?lgi@&Ai9JMc#N9B
zHkdeb&ezdT(Ovt95#NaEGMzr(j9MK)j_mgn4J~52i8ryt2)v`d>CGb)Z&P7pUc;XD
zSx3HYts~Dw%$VOXc9Lg}o#eaG4gqNqLI1rd#b&wsKL3ufldvTvGgIuTrjMDPAF6=_
zPmD#?Z%>KtBjA={Y$rd8R&GYaF9n`YSPrD$ew<(@c_GFs!fMY?VxF)iCC26g;+WW<
z+1jJJ$nX}GSk8&Hbile2v;By*sB&#D#Y_V^EE|k_D_SOURRLz^wCPHj)og9ic`l2~
zN$}fcMh7`%IFE%oA55_|C2Gm|rGCfchUEktJ8QIWVG+}b?-A4cU#2`=2-t4Ilb&}W
zzlltL#``U3QVmiyZL7fk&bNZ$5nEAWdr4@p*k|H^e~yX5I|F-FF{a{rc)HLyH2c_7Aaf=5d-
z`$Tl}&QeS?1DGiMkC_vg$V7J*yH7D3#I=u%ylAGIz6jezoXI2JZXv|VMlx!%Fr6eK
zhwCqkw{Ae!i7J1L5p`ejF*R%#{*8OI(<}VjEGEA)7E`;UN-Qujo-5k4>Iey_kx7U%
zUg(m+Aeb-w+kb2QiMp`pUVD;X0b{x*`#C`L02nH?OD%g(6}^)yN_1vX69WtqyxkWE
z7Q0_jD*?YL?km1UDcV~zBKv!cE#uDgbC@N9O%(QRX5HChR)A5$-*Ah2k#5iDMr{J~
z)ZjGVZ}?bXxf~U9sg1g4hZVvL^R|fEM?Gx_GWwAvjb5c>8#PY~6ScWr(2reY*i^2mV
z`wtbEme=5x;-A>Q&CHu)S&WC>7#{rS{4mmIS4DRP%%WFYo;5?n52D^FW(fFQRjaOz
zr$PbOnHhj>N}InwMvO@Ajv_*p54y!6#cJX##<)9f01+b)jN5NX@wuUJM?|)XF)b5s
zlo*(Z#WjAqrIMSXHU!usbY}%WlvuuuDPN2c5o#I6Dpf~}3SsA1XVfyYUgkIaR3aPz
zB-!rW>>oW2favqkh_gZPB#G>A#YZKksX7*$BW*C_7iSXL5^HdP%e&YzZc##HLkK?=
zJ^B()j4uDcMt3RU*vg`63J)Y4R{S~%Kicj$JMD;?j^LbPc^_S)M#Y`cEy-=M_KCMg
zbZel)dZEPojSuItVOVJwwZy$E*0|y`UZ4_LV@HhG71c$2-OFrXEf~gtr3(=JQq)xt
z*gS&lkP>-@a^;zEO0lCU18}EN3i-Pn+ruFxjy3%U?=h|^mM%Y>yZ$|@W*SO#2w5q<
zTa`e#PrO&ZV=}WPBPx$%jeoyypJB}i@J%tK>9!j;)=-r+V~=i~P^tK$_&Gw{LiQ?-
z8B6v{@z24i^tn$U5vKRA&>zw=P>(S~d^oyI!6Vrqd?dy+alg2X;5hH2zCHdw+xKMq
z0*bin{zbda44B>ce=JH4YVcd%;*B1D5!z=hNr?8KYBb(fi_8AVPAuZCVye{9Vs{lk
zugfC#iMTF{orMnps+}&fk1ZWZOaPyZJIVZ%5@<+Z&y_^yiqFJs=pV*zD&FHQV&5>O
zL^t{3tHKlFpiGFE`53imM2%AZZcOx3QEBY+P(h8Gb0Qnp&-$9flU`PH_Db=yo6N_5
z$Ef=^@1N6m%~G}vR?N`fsvOY
z>%c$)(BDgk;-CzRyy~;9*m7gQ@dg$isjv7ZKhFzmO!3V~VX&`icbPFqcVX^78ApqB
z)_?lU5nqc=Su^XtZp{l=re<$kr7^aTCEWv
zkiAOSUE`TpQve_$HNKNzR(LkXh`B<-M
zi5*lnrtm(QceHFsi5eAtrr%*y_&H1h>~v!FXq3j-FB(Gu570}1@Wy5^Vme?0haR86
ztPyeWf+mdI4ABOHjLkVQb^@RChylji38r`BlFNu)kobYX|IW$A-vC>j@jp=C-L$Yv#u&#dNhMR8g+Om1=)~)sS
zb6P{)&br$oh4It#eWz>NS}t(4ypupuefzE9Sh8-NJ7@KrS<^Od*xY^Vw9d`lLb|0h
z@%?q}H+6SP38<#NbM4ytgc9Z{ujNLb;4mAKtmOy=%mX&Fwq5*VnFJ
zvu$;F+ZsUX*5lUIh_3KP{BCcL{#w_5OSk>Gt$oe9_H6*UaPUT_t`2Y6vJpRVgKFc3
zO*}Fv(f}+b#)N@fXjgd6+P6hZ?P?E4e{64G8{Wd@f`FUWbZuA*>}?x1cP4ofUb~jD
z)@%jUl(miNB8En;SF0h%ad^T){X7lC0xjwjh$Q2HcJ+dLX;|7
z&xUaOHg3~u##_y0`35BxXhusH^?-O*u23{|Y{3at
zuer&VzIF$50Y7fPb#41rra#(~n22b8#|9n?%vxVX{DR?TKp^W!aEs`0Ke&@I75RnCrrUl62@abSm?c
zJiz$jJBVw%se8l5Fn}iT+zueEX7e(wBIkr*+2=h980~V=v#s8#ZxsQN-%i9b30_DMj3}EduD;*~J6S9DxUD
zBz|nRFd6=7N(q4SMBa?BC4^B&`S!T8s7**9%EW7f`r6Z|VRS#0dKE%|fJ3;s&Hr2mm!5XU
zG4Vv%cyo?|1_2t?Potx6GPunT9&O(YfuMBfW@Jt=h2{s)l|$qnrh-n&_6jN2E1(Rw
zpv~RVMg{j$10L0OP<9*D0+3rrbLy#~gK8ViBW@Z$=Fd9H;14&a&h5J3S7-C9^>Bm4
z2TJD;)W9F8m_OocNw0HnMJ-QV5P@^JB+$)hzSRwoGeo6L
z{WN}%ruI{P3srjS`zdRP#thJ?R?29lKr6L+|3rCA%^6Au<8^pfs1rU29rOmL-l*5kIOx-+z$YW89^M$Ee~t${Qs2N0c!H!HZVkOLN?1
z-ZAqwIv_vfjsbHNc+XHK{ug=AFp_kQn}L3*I|1^Wcv$k516)s~9Yohs&J1u(1Jx{t
zm}#Pd0m?f-BYT-)GQs93*Leq;yN~kG%!I#1m>ok5DwZ#9R-1@we#SD}!zKYZoy2?rVKI)I-$7IH
zfk992G)(^s3e2W?%MI_M6fitk&~2kE41PD|c2YW~LIIlDM%5iO3Ej}gb2UfI{4l@%2d6n0h0kML+Jn&_n0}2*;2y&TS;l1G#2j!
z`h8D|z%w_@xeFDHu2)CKNxWaizZ$uJ(hj+|)h(fn@sd*^S~|+HE{{1?5sg5J3#3NXaYZKqjdg=DVs+UWs^HY
zmWqz^t3+PIMB@U{Yn^oNs@@o3f$21+nLJ4MRy$rrX1t(KfWh6HC~YR?R#Bjv8X9<2
zIYFZ_`5^#Q`P8oQ&q?@L8Fsb0#%FuJ>8#sYm5eT(YI%aJj74D`f9WxavtiYeBfaTH$TDR{ML|B
zlpL?sj52<5Jx(8$w_^DPVb_DOHYSW;f*4?Bz+FJoSF*Zg3R+25;8|dSEcn;qd(bXw
z-0q4McmQ%I6{v)NDwf<%uMd;640=;HisX{;R+aX4Tco#h(c6ubb1$X2H-;~vGPlgM
z+AMIFnmW)CJb};=qup!J3Ary(z^%jL;dYvpg4ctPo8$4KZPtdekeeP|L`R44Rtq$V
zE`AMbM*UfE#wgYk3JqIi5AhsKJI0Dd&I-!n<#azy-cOZ-Gpy*C;a6%y>w=&~=o)o|)2UsV!7-FZYM(d~P)Kv`FXYdSB-L
z%=jRUa#y#Z#Z}x_8-)E@lppwwXSD?+My;RVng4{4^2bFfx
zB-Au=C2wx>8;P1I?GvK8^ogYJ!A=E@>LeC{j`WM;Ov$IRRWt>!f_F>3M#_Xhc5ey0
z`Cu_1Lhh98Gu1m&3rt5jp?<MUmhHaA18osV-`c(3ymy12)P?*Iy_=oOXGSx`WW
zK|m0KgO^Lz?RlvUIn_l55Gpr_nC?6=@R9AE#20Wn_qK~7Gx#$!MC07s+Nch*!z-o5
z&Z2Dd9*-5j=<19JQ#Pxd<1ngqJSV*Sg$=O&77h5gU|ct5NWJBRao1Ar7b)-pUb_WN
zxeTvuq=iRO`RF04>7nu-ng$+#HVhd%9&7^b6Oyrq)!q^;!Yq0B^J0<)fbIK<1!TFm
zM`Tt7rX%kGu;{l?k+ZxAtXD`yt1j@P`g(NHF-mVFsJY|!foBQ~E4f~s5r!@{MGfc?
z3_nP)!Zt!e0qds>h17tydOd{LlnSGqy4{#l*F{7QjSsowSdw_(0=iX7p-eP>#XC*o
zd6Quz3hPt*Sa~-}0JJtn?x5U9C>z4Rk4kKBOvd)c5ar!rv=3)2){?JKL6{fp@sSc*1JC(GWCeF6wk*0X)u37sFs_w%(3khoMLm??LwUQYWIGVibkxUhLv}>!
z%kVy=4J~oED8E3qW_m}sBD*EoNQ=3N5Sy701ASB!Z2>PFrbMIoaSIOf@@Nz|2=0AU
z0`9|@68_ss3(YkHdqSgCqFdsBm3ZqT^v3s(4AXY#nHg^G9$xf|+_y!@h7fXd;|O2=
zWy~@V4z;TgT6`{cbVa?WALfXwDB~-<-*$i5mfwiXZvpY>3KxE}t#z*}Kn4B|V#$!J$Q~@?{
zE-Ipm=6;$qNVEHCE;EGt2LuC6V&eEv)Wk9Q-G2ci1yt7Z=h#S*kMRJHq|(Lhcd6PXQKaV&{N;lb;ry
z{d+WZ%#PYVW*ghbtmuPT=E2PCX*QS@qJa%4f&`_Ij#1hQ$~^{wSZNfnN?vbwP6Q}nlWb0Xp#c>-Q$|6ZyfCv6>@1g~94OauW}&UHvlO|7
zZ8Wl~umD&A$~%PsRvD(qWy?mwS;f>=DFLf-g;P_At@;_7T~0af
z+xlUA8htL~(=pk|VL@YkZg}gHX}{n4)NZU#cJ^88Q~UW^pW=Gu24j7iDAp&n^+l{t
zQClBdpE|_)bX6F}r+PEzjb$a?_>|*b1r`|X?!dtnTcGA)#Cbai^Gb%5#XfnNtCdny@%dIS7kf6E)-Om>z0q
zf`tl)k3DpC6WxGsF#k0+(Ixl>vwU+CEycHS2Ja%lo6&?b@D3W?LvtdfENY_5@vNeU
zX0x5m4MDSEgMu4sg0X;2h26(NZP5@-9FS=T50nY=ZAzh0DIMpELYl>o_=_>V@s~;Z
zgw;+1G6y>hGVk-3$qM2s4bDV&yC;WlFwjlF2^RoHiK_B_pXK{r>-#>*_uY>_-uK*J
z=49Vd(-qXK3^w&0ue`(O=>N6@U_AWQ4EI7;Da~8EU
zv3+(SI=u=uLH_W}fgp~6xZEIA`!W0pi202z1{+s{Fg)`aB0rbkZKj|3Id4JuIrn=I
z_-vx(=R7j}Tz=zp*FNVn3w|!Yaeix`voV#Q%Wv!o>~kJielEXp{Ahmfrz*4$RO1M2
zI{r_<{~G+S!2c@zpNRiBVEYzctUiIK_=vRB)PR=8*C;LC_gCwIROSDrd!`!a`h%ty
z;(LdG$Mw*Ye6(3&oZQNt1?-U3i_Tn0HG}BaBJ3Zq5MsktH%KG<(DU%l!x^MGrwG-_
z9&nuL$iUCV!R18({z@!|U_);k7;P(+;FHe<=byklfJYsUOUiIG=v2c<(#I#nCC)VV
zkbwyrd(4c`A-JvW2vhMBFv7#_F3^M$ZZQO4?&gO0_?dwL*c&^XT=pqVGY+%wR;SUk
z*#Wwwhc4?8UsZvARH45IbV(0gYN6@Ill6c?UmOuQErk+}_tKrG6>xU|fI{(LWx#I}
z0iJoIXk1VnR8NQW4FSwe1Q1k>bms;I91R5eono%TGc9_j0-ofeE*1d$>wZrGpGISf
zz56KWEGnepdno92I%$H(C0|`(X?Y|&0LCagNppIr3>#Jmn1*f)a|dKi9c3LNx78_$
zHqNto8r>Ho6uG8xlNGR^w4YoR7dRY;U_a^?
zPvxK?@>+#H;<3MOBb*fmap>Jt;M8&vg7iy8+M9-2PQ!1@Uqr@u?doBQ=u@PlIq+VF
ztHgNt3^*f&Om_PIqayqV`$fY&wqJNS-H<_dL@_#%W$kdq|;=
zr8B)v@D1+}HWBzSg+FQG@Gem}b6VO&Tl&Kofg-fG6w_yHqo3eeiqa1Pf@cZF-q1nH
z3zGx?g;m@ayxQX_j_`rrI#eUmQ(UVWo}_D8d_J0B5o-ei#O5P@HozfKYT?
z@lyL)BtM~`
zUqH-(2zaH4*v>R>R!_53JcyFZUS;bgoUjE$%HF6L{<7ue_bKQpOrQK$X<84B$He$J
zirDS1-CH}~aAZ3N>EFt%JxP0;|Rl&y!a;8aeq{}8N&PPKmJjM>e
z4qaCuE1h8MRg9m5qS5dTv;tT9;xUE3$HjC%!^BQKA{FGCW#yP6d=LG|2RfN5;c`uH
zji|RoejLSnUI}HLVS$hjm+e8y?SzfqVU-%hb$c~CHk=}PH^iC%LEhu;r
za=uffU!D;XKT!neG1M|ZE99<`UBP~<&;)_N>uw&B44c*E3qf6waa#v~1_k^ph8#T&
zuaR-rQ*aj!ugE(p<0fKS0a_SCet|-vO0e*o
z+D%isXezEk^w88EUT*NWp~t_%tkYNiBQM|`cv-qCXtaq>D#+hlCgK|k_}>`xd>rMa
z!}bZSApahG*acELrfh~K_naMbmtv;qn0|$)=$Ka&p0s2Bq|o#4m@8*m(oM%u@DxNy
zQ=#?`cf+%a@qKh%3(dsBJ4gjUqOq-1u!|io;g0FRHO-k==#;VS5hi$emM!`uR`q$h
zs$U$lsvlRJAG6-@Dyt37E~>bm*F|g&;PY43LTR5hI)hbmgu&;{wuL8U@Z}196vd9i
zbc7l=aZnf{-%QwDit!5!ZV;;CT&Jo)5DLtUJ*)^n1wyv>7INU72Jb`X%Q(I&WU{Jz
zXi^KW=H-j9UxHbrg+hX>`Q%kPqBQjvr@2t<5}%KC9~T1!fU4#VGj@-Z}|YBV#4oMc+v^~VTGRmgg>RPq@3{U8!gG_KjCFg
zEorhZrkYc?E5cuWPJOu9lJaNGse*;Jl)u89YFlK>9%fGQZ26wzo&RhZzt|R?YPPf}
z!mzVNRGLK_bk!QUoWvl{{S<15lm2HT4+%}Ex=vTe!8SjCa@@$i!QdP
z?|}fRK20@NJr;uBs?d7@O+PHO78#koRYAw06*WZOVhMA*f==f^!axWIx5M=M6a~*f
zgr)s2qS@MLUK4+**e9V0EgPWa)`%n;>4-}#ecZhzP#UcE!g4p=DNrb^JdmS1pgY;k
zun@UO;eH~e;42mMypeJ{_y%Yp)<-QsM&xeA`a>Zv*m)=68!{IwmNUMHyk+bvhrh;e
z9PMM8JPNhy#(`V-)=O<0!1`2jhQ`7>JnZj+9!2;A3_a}GJKyUQDK84__Y}St
z&71V{CV!SMf>>D+hmIR?&7LTx#yum;MiSf?>9a
zj5F(UJ8lH33dcsTy31|7hoMd*L_pBFIA#~PTjBnln$Y!-f?$9JGhKX=ro*|jpUUo}
z*-!9wlQeG{l|6zFT$_D6mEl@e4_(y4_h^ci(WLE+8+;Vku+qH_SSRMcZ!V+?>-+mS`3{Y2MLdTW}%W^9_9|W%m>yra`(h
zzttB0!w|FT15}FZMZJ{WLu1!d-b=jYtZJjY7Hr&Zr=p!y)5C``qu`PI5{}D1$R8o^
z!!&jpBZshq&4?1dV!16lQ5MUh*`)}-Hi~F7jNElH#;}2dxITqHjIkT-6{Dv+>0;9Gk(Kp2)en_D(h@EGq$o$G@Zq_vW*SyP3_3*d@$^@(qI;6y$aat^(=Z{)tic
zCQHI8X82cW%n=TEfgQHb1lXcD!!CkC#D2y74azGbmuum+J$yw
zX4G3Vg%t6MLVu5SGEDPMP)#piWvYV@5zbJG7hu&;4V53KvgXJ_c%-k>v)AXRZOM#0$d~qhg$9!&x-PUlUhvf>pIOFDe
zPM9)V2+zvCEco5BI_#2z)JM!O$e=8|0%e+44(BsmN(g3H^Ld4N80;}u%rMj;eu^_1
z{_ra0{I6G@;vP9az0MqS2K(e8Y@j>X25L?$q*bHdVq5hLS`|8*%x;Pm8YYyCgK^f=
zcj}vQrZpL)4=OZakXTTDTA?Wf<)0LuC@9OXvIPIX6_l@CZOOP0LAmG}`_efC<>wUd
zFDfWS+I;g`OGBKrku$UB6^g^OSZOo=I{V)FNSntLIhC|IrU(}zZRWRG5{8jB>lNob
zq|IT)9ZuT3sz?cp%<5alN=wp(Nt*-uT1shCy~-B+{~Kw;qI=HuwpDSRDGGIqLLV{~
zu!2*Rk7yTX_#$Xcv3V-#d5hfDkXv6S*=L9W+R)_SO3aBwMY
zg_>{{N*YbWBGQ5-{|r^)KbvI&u%cmSWOSdAX4i7+220$pVc^a?gM~+yG1siNe^Tg2
zu{43GyaWC*d|t7+g}~tz4ho%9-F+Lcs?V
zkEaC;>!V_*KcLV!>P2E4P63r|)Uyix4z!p0$X<^p$Ile>G3a}<2WYNUIE18E6?z|_
zvj!p?5`ku|whenX^mNB-=G~!gzhr;6Ofmk1iZkKGjXRTyk#7dHOEG=`l`kEgGaiSF
zzE1h1!cU`)aRczY(g9~x_>e+-a|7@T0yiR7gTuGbgROj~U*J_y+OMf}CaUf9Z|QD(
zt0nza-my&|!i_DvW0R&GRd~OQh3}9<5Pqu&pGMDMPuOVpNy4T%Yi#kiqg6#{)fgzU
zM&FXR8x?*$cBn_0?f)u;eh4Q$xo4=*j@T%p1?^Pmr=TTPpP?zXX4ysFuh4&nt}yGg
zSX-rPLHL3qd=vK~|GKb~}gm}~Fvg3Yc>&*h)>@5T-(Xjt7xgnIr4OMjfmm(B8cg{HDFzf}?bEDN*0%j<8p
z1f6789o!I``5fiq4tFa?ccmU{@Yvk1h(8CzFBzaq?J_OLGY>2Dg
z`)K4c4!||Cg+@Qhds`f;R_>*FSZYm(#@Ypl8D!)TZ`>RshhQjSaTJOq?~rjzY_-7PClX<+en4IDT-Ynj-QX3a3{fC
zCR|kzRuNOFca*Efp6knO&FP^QV}L*;4(T(QzRzs5eb$eqpaOG$yk}il1peO&PvAu9
zth!D1{oSUsR=_B8nmeYXl`cL+Guvosn02U;yD04hmYNxInG$}-&%sDR_4tB#4BR>i
z`hsXfm{Fy>jRPrcYV3uH{p@`HXrU$iVILllATd9LM-I-wUY9n>MttpNOB2L4mh^&O
zUP0u{vnQn@m7Z6Wq*CdR3QZxE=5DbS_@$Bvw96HALE`4;`qmp3HygKFl2VGBhZG}G
z-2A745(Zhs&8rGeDsIwmu~jFC8|jjZ6n?I0xnB{JPRqv?`afY>9_zAwnqpc8!xo+}
zVlpk~DE#keTE4B@(wuBsisJdAqWlTIsx;DtIkIGsZFlBOT5#rUx5fMy>&A135YWTw
z#Bz*>?Gn_hF67GslO3}muUh7~1lp%mzyDWF2-{R;hW6hF#)6I?fHibdE7!V8M<
z4IorOfM1I3p)Bde#(lKpR!iV1Y;p=&f_lyP8`vi*jJJRsdr~1P*IN|-HOA*aY7wVZ
z@iE=02;Xf8V7XWbkBT}(Hxn&>6k^e(JD*e(_UIhTJ7#;9BzuJKD)?jKM7q%K5d``h
zg~sh51e(3mHs@gM{-V?K0LKGD)))g_tWZdOEDV*WXzUZ%dNl}p$;$B0
zJ{F0)JiM7bO1o+-BSK2E@NC(`9eBB_zlLq3a5T$BEV)W0-iWLRlf4
zjh?y4Zs~+0b}QJw+zIGD1tl_zARJNz|K46`{+5CgWSmg-M};S+s{9?c$%$0eDJYRD
z(U7lEgd`h(S@Pbc7;$DMIXAgap<>CrgJ3@@Xf#JBr~Mk~am5?PSvK^)Y&%jJI;Sea
zg%~>b=u1froiYH273X#6ewd{db{fk5>IH><9ZZpIeXsu8t#DjQG`tnD9R9oP6m9u9LN;tjg#DToB^MaNi3+R6*X~iON_u9{Vq$<
z?_Hkd#V3r+n{G}sINlW>gkS^5X0pKVjH4BPIdkL`R_ge)7LmxcUsO;Eu05gfYfBZB*f8PR#fp%GYh^^=rWi>_^gRkqJybtZl+;5td6#X$xrb`2q9(RThUz1V
z@J5D8*1wt_OAcS5s5(OvP7AY$rR#Eqo{lxh%F=tILX$4cTT?*AnA@Y!Ggx@*J`XgXgNZC66Ujr
zg1Z%-$iss0xFYz=7SNLlI`>rZ?ywE_mm&(>NCll!ffK9bRf_)x9qL45_>Pv6de$D)is5R^}jfznzh?Ony$Gp9gdt
zd+IwaB~Ch@)CfY=du-*r$B#vjk>8^TsqeuYQj`n62UB&otv&9rUS!Qh3QZ$`N{@kx%-i&yN!&d<>eaFpk<_5$cOX{fofF;VPsL(#BLUSg-IK>uB#-^S7yv%Ils`MU~b
zt@*OkbVY<{hW=Ke=jQS`_t@6Qv8JekS12@Y^%liolR}fKf$vplYBli3ijrCloVv%-
zH(XOhZf#T4kD$kL4#kPR-3q-6Vz0p4N#$3X<50seQos|6@<}crdaN$c?rf%M+6(wo&4l6Wu^Uf$r
zV)JAwmF~6e|4%SGACy~;wtA#O6BaemLsuz0@hC@%zh4m+!i#VKw^O9=WxhPDz~7?o
z8L*$lKo2RDedZhcsl`HNSe{X6+^`7rL<*=ZwtrG+Qt6%dLE9s#r1v`&AyImdHb#?I
z6yY^6WtFj$74=XM{*FkR!j2-yG=vZM1$Rq#$ZK!9&sO{&;8y=@i_B}dMpfB@3-Kn*
z1HTWq$(Z-QuJ2!1wY495qt!}Z_v!n?O?Q#ZgNmxg5p^mJi)ln=O~Z#RK}l!L5{0Io
zH9Hg~>8yFbLX*uJY0{I5631LJPR}d!!uq-CBX6{yC4R)`^!zoeln;Z55LK(*Ce{Ozp2oPF4Jl
z%c+VdHbE-B`SYFPr!S8tesQf4N=%#ii9a7IkWyq#_2ohZlH@`)nMsi$GMYaVAS6*u
z$W@v=r)GTCRlFS2G|v9Xb)A25RbczuD4AFJea;vOU}ADrekch$C0(v2Qsw88NEMBY
zFp5p2%D~i#RPn+(P791G(|{P0lGj#;^qO3qW>)2|CW$6LOvtQ?XOihsGOMBpWZ8^n
zR^^v%W>tJm$gB!=uFOK}S^RUGp_25&LCWR?br2USWinLc
zJWZJn)kVOwbmtZ=7UzWH><&=$@wY4FH@x{``}`q^^NWxGY?g1sCKDh1l!FK<5qBP@$x5zLfpGeU&Yysdy@M;
z#4eRV#1F$q2v4&@C#enz0uiLhmu6{7=#)txg)D^!5Ll;@$`4Ql@_wOoq~63$F~}zb
znZ_A%NyvNMl#B1E>3&2nz|B$Q8=TTg*~nFjL@A%8+$ofe)KEwthaiaCY1TrT-%l6!
zLj?-BcfPBU#^I`j*R-4_p2hWH60%FeRTmDs`zfP^
zFL5IFd7zSJH?R+P;d7J;TDz&H*=rfXO;tEKRZECqR@^3)LT{38T
zpr4kSPxjY#LW8)gR}pHU288`Z!C%D}4wuGh2`3^RG-C3ZVvA8MlANGe9E*)XoNc6*
zy@mqMqu{MTzL}(eKS@0tbFZ1nvXuDGz3wjty1pBOF53@g3J0=y8y6
zh8YnV$pS-kaWluvLmCbQy2Fzkbh~@pbQ(MKxd^})8Ztjkj#BkmZlZCzs_lzsd
z9N}W6rG`D)#P1I2J>i}Q!g^`ia!lbS%5LH8U1JXNtxBGU2MIHdr-6(vH8*2kAz>c6
z%v34SCBberKccKYn%KmD5n+@a%WE5H45&bwsOMw~BE=m19hp+(v_(P`*ktH&V}
zwH}~VoDeSu(eq4eR^m2D{YavN9OMhRhl(IV4pQ}WJZ{9<22%FoL3e|@i6f!9#TC2p
zUOjHhucTa%-M!rWEWppaM*M6xrRL&i;2^pHHSov=4lcxZq}1c@Pw^{FbPc{whrrPLAPK96~o
zxd;La(MsT1g~U}WsSr00JE*3G=C)Ez7nL65zoz`pAoK4|6w6gQ)yyK8FkDC45uP>g
zaH@*XLIj{ht`?^n?mkGRhAc5io{H%mHd+MQ$wdXc)&>NRJ+^2OrA=UhbC3j3k}aE?
zm6(#p&}oQ{IirxK?Zq@i|M8_CX7IwxDHEBeo3Kzy=IMzrSfcka8S;^63ynno4cJMN
z3-4N!oGa%DJcTiP!58?bSPr?-g!znYVmgP$EvH&st3N<>&FDvPIRsF4D;7z7VmV^b
z3a-E+!o*aX46v9fNR~LhgYPY6aYm}b{VV|raciX3e)Qm1GylrRbz_Wn12^BMoek3{
zB(g;K6?ul-d-EQmYY}A@BZ%9pZRXo7d@I33<*Z|7O+emYNNv+NK&~SUzw$(NgmxsB@AfOQI7=9&fYY9?{hgn$8dpx0$1!yF)
zJea8flNt3`8$Sh?i
zgmyz4$s9s2&o81pXA$_O&uZNv4lg?|1ed;R`)D*)22fJ%Tv1GggNSIvC73HV&K`UX
zhS7q`5V&tbAN>2)Q%&T9yxl-R>Mo-^67aG@?q=v~6A)5lviBMmw^zY%f80vf~=rX*}1K-Am&+wb^j3
z8ij(RbjP=up&UX=+MLj;QE1gzv}*g`xK$HQNvp;(8xi|hfj^nEeLX%Jq?boYuQylF
zqoX+*q+`GEXOg}x$$%sqhKVQ6F$|?b?Kmu((i~(5jcrdU2p$K5omr5@e+Cb2^^yF0
zRAHuf63(f8mGWPsz#*F4Kn3PY1xpn0(nRj{DNwc^ps85?otlx9b(9L%NBO$aj0n=R
z;u8u!|HKW7RDA7vT|kKPY`N{M8m?z@AJsg-wbeM2M$#0SLcXeaq683{!dAsUFQBS2
zJ3R`ys;m>d$W@|Ak5Coz8r{Lw5n|pZosIES&pHbsgWg%_)Q_T)n`q%-s$NQ?`_OwfGqf?VwpF&Y;v}V+4d;cFR=kQ;R1PnX
zp=4zY_ikq41F<5^!pF2Ad6cB&g!tr#_}~Q-AAk1S%Z9Dn^iimlmT_&|y=kC?SMD?{
z&-@U9Zuln@=Bx%nMgv}A(GGU`beM8p&ZnBsHuEr8XMP6T7$2j`ODpirq)~iU5L~p4
z9|E6$0^h~*54C%m+hI)|*kOd+Qq0ndlZdN_g_`BX64TAWNHaak>~tF?z!HWQ{E7kh)O>k&pCo^&9m3aUuA
zXydYCV*|a1YR}?UbG&}z+YYBeUZVZkt;p-#Xr_vT;>*w}P?9t5#ik0z8IQ9ejKUVq
z`v?_ZB`H~9_(Qq{UZN$!yxAaxUiu&&V3p}(@!kb(fyriakk9&6?E3$RGVY_P-tlu$
zh33Uj#W}Q#k>?lo2Hbovf+~zv3-{|Q@O%Q-iJNNtfhYW7@_8lncMd{qB3tZUID-zc
zP|m`YGs?r0%c=NhpsW^M*kuI2()=2BVXq@b4QE%spCpOwgguvCZ!79o
zW$-?ld*ZxWitPoi{ZB;!^U*rq^honuX9fnj^i!T-
z_tkaY*jiG9`1gzd%)wa@8Jr>>oKd*(
zbC4F?LYHBDaDZQdrr#1bLJPb<&}BSAfbV$?LvrEt*PNiG$NsAHFCCu#rAj|tdKNat
zeK1C}Vzb1o9O}SdhyOs9@O%nF37WAUO|CO06YOUfo?oM@xVRRYy^pRs23{MWMTxv-
zcA_nm-A(y}bk${+k03Kz8(;}(rA5e%
z02pVpHdZJLq$#^mJB%eTlwb>ljVI@RZXV=#76Hy*F>^PDf)lGeg#d^!1uX`rT?zxw
za^zu|j!irQ{CoSjEg|lpxUSg_3+*^`5SKN+5V^AZscHym3urMvnOf*Qk0-J_!=#(N
zpRVdLQUzPgA{Yb8VM68hm>qu}>`MsVfyblpc!;iYZJH31(*wEJ$B;{mvq
zH{fz@FU`lDIR0H*xci(VW5h2gN%xLokJd!F;CN0cl+U`;(KDtMPW+1yAqEDuKEuXy`>39oY@SsW
z`Fj}xz)V2UTCgB=syZs;1(Y>l=ENW;PU0ge-mtPt9P++tnu^6d;|7EoxfRb{@1qRi
z#S1whWygq&OJL$qWU^MdW1I^qg2DSiguqPTB(kEGLjA|C4Y#zTGPZ>W+Fu
z7$T}%#wdubl7PvXEC$9A`fXTTz
z`uv(^@>r&@^%&-JYdt1oJ$8-N0EShr0X*O$DHOiqK!MHAoUS%~Ik^ZD&6@_e<-XsE)u2p0{eUfhh?na`?g0adnARzJJ;;rOBw@`?par874l0*n(`bwW;a
z;-oy7bvT#n@Av~JhIuBd(q4#_^|CcMMtRq>)wX&iH6XuqKNdDbclE~4r;KWBTTxUu
zMB}OiWEeVuT%U+s;jIEU^R7dSE?>#}N*vaaw_-jOR7H7MWzI0V^)zLW
zrs1py-_oDsZb#UTOk*K0hUMOwiu_q93$Yyy_w|Wo5GG}=pvAxt!;l%oZ8eJ=bApkL
z!l>ASr!(*#8nvB2L!6ef6sfUz2jTQd;0wEp6LH5|e8`hDeDI8$*^9vUd;pjSB_s=y
z2ysi8iSu9)2NsU3_jCAAv-^kT2XBF4jr0T|I9f@&j!GJM{bWh)pmr`kWTJv$=`kx(
z2-*kN=H84=)F>CJhDzLQa4G}cXqsZ|u|9}gU_Zuyk4EyZ(?(^hS{a`Bl9nvFc$h;>;Zg4V$vv`*B9ek`N~(3fBY0M8%z3)Bh61#_H
z{UU}Oke`ND!XE${1_;XoKjD-muTz9SNNkCcm;(|4uYoFsUOQLMprtWYrEEDD3!ZhK
z4a4At@cGF8%{Cew@R@~+MVD*zSFo1~u%f9+Fr8}VlBBrM^$MZ1`HJOjLQ+(?LBtXu
zTi1A8_p!`66P*s*4xCK8pAYYWc*fbO`z_>5Z|w2d+cn*IBn_yqi(WqN=X?q=!JRmx
z+bKnh<~EbtYhI3ZvWd@aR;z$7L=uu^m>VsZD*$&35w@~~X%Waag&ovvoYS?p5e)Z4#!lw`-ASU@$uHpD&3ik&ul3sdELGj721U#$I68c#apbGm~
zIB;R%dIau86$GPQkf$r6z?HoZJ^(k%6$NSISM=4SZTzl6#`dZdhX&x
zEFIGqzK?rTrEDRVYbF_HxX&u|E18JxfK%E6+$zC_&8GAbq_M@8qDO$lsQ?A3+9G9}
zl9nn`p9%K@1s`khq&BULr%YH;o&hOikUl6v3PblQ^bFY8m#<64=P`vQW-kzg?sLLUZ{Qw&yWJWP4}W`&E((28p{Ee6Z@hO0eAcRLd<-f6lp@@N;>V)+3N2oGAb+GKJ~5@46fjp2-V6FC
zpnzH}K;Sni{AEPMK)`>f-moJSvUi+05@|8oBx0DDLk$Uy5k%NItoK2qKjM4^-?0I5
z@R0#s6>*L-oVSdkJSao0&LmmP_-^OkQI^*K%l^5@U!c+6WgaI@G$$+6xf9K0neIHS
zHM|#YvaEw$0@pFH(`^ui9RK8TMBnuW7Qq=AE>X1B;18KPg7T4H|z4)#qU;Q()pg}xuOCRvNO
zNKVA#3Qi>AdkTsrB7uhLvBS~8B5R{!B<(83cu+AOL!Mun24f(+h@tQqy-}L_M@30l
zNJF_Lgp&nxA#?iSnq>>gH+*=PqWm|6#~AS8By88FTE$YXZyr&U$AJQUXRLKM7bRxn4^o{n=Mc-ZmCY#*tm#y>XnSFLfiopeU)EkW*nxxf?5R@+MrN
zDE(+c@K9W`0BPnn#ffXCs6xY}Sri$aD$Sy_bi^e=xdFj(PkmupB*aDPJU}u%?^4p@
z!nlacdsv}}I+hqw?5INhIgkpC((}B6{IP<9hAn=npmXFv68f&Lv?G9HM1KyXAhGUs
zvqB%iUKMGf;3Wl1%4CE}Mt%#E=vYd5Uh%$C>UB!!fzeA_Zb9nUtEarT&#op`pcPMi@TkJZSLfrB;n
znDj%DnMkJGtOQm@i;!5PlFKh7M5vuB2bnO*i&{b4E=PzvtI+pBcyV}1
zX#cuIu)bG5*%HrhBiF(dSggBf3Y>|1Xo|TGKM{HvJU8*Z2f={#U0y@))^|UGg`qws
zp^!A-F-3S02#`3%xKINpDVwZEaE8x2EI7xtobN-r7r?#Mo-b4~8_OXG4#`+J;0T9#
zo2)JYs1V3$rCj_W!Unu6=@S9l`VeOf^>%v`zNlD97u>T7O$aG0#8=e~
zNBk0nrXW77@I>NwD`;5a4=Ywu;-6J$0`W58{-p4@2`7V^S8tnkVS_3<(j)rvze0~1
zi5YcF=9^Uf9fc;X_(g@jk&16`uvDKw#W>U{vtc|+%$9AhLK6ds2sb>d2v4vgJaLFm
z6K6uu__XPY>9&UCySZx>oUohYnbe`s&tL{a7_r}3uJ_16nmIrtS)%8*Vgi=kO+`4e
zL(0YRCYf>YCo~nIJ=y}SC%E_oU0+^=EBzy
zH&Gj@8HXk~)4|yY&X|zvyvW;yKu05bJK`e3NGd74-6@BY5XRQ01PXT4!z%B3!=)nl3GrWH?f8
z>3mDm522^xSo9>7J97%eb)rQaLGT;XFXHXMOE{mX!f~1oQ~p#li5zDDFgLD_!V*va@?*oWgO+J
ziYQ}TD}1FUp$xd=mcvzxcu;&vvV@a=v(UCXX^?m6n8aHc`~M=qx7U67XzoNTjn0NxHZ$CXq$b+IijE*+9o)}qjF7P20-geLAH
z!Z@5T0vH974G$-UJ*4O_8?98fhs7rD`Qr*YhUrrbZF#h6%d!H$pzyd2nLvL%EOf*Y
z+lIJzh35(sDm-^w!qHxA!qKMlUPI*aUPbfE{O1+)
z3W63bYJgf>LEV2GF+vY@W+M%F?*ud`96(Vp&V!KTwRs
z!e3HQio%O8w{#^bTn2lgV#G}*8SFPJG}T~#KoOD+wlM2Y6(za8ij2!*a7?PNRx9*;
zIOU1I4X4y4aEewuET>3+k6CV;o3y_XctAQMvA<>J+^h)a(;t8L`nz<=y>Ck1B@!j(
zA%!AJ4E!}_hzMsr^Op)4K8vb|#J65)D~a1A2#@wC^msOFAo*;SMX(LHhP6^9GF}eC
zs}Y+cWHx}aIzpSU*#uYO*ayym$0t5q_6b4|0An=?g<3;49j27O?aj9KPuXo9lE%+a
zwN^|ghZW@oET()oPz&7#{*x`D9!ohzZ?WaPG5bxczMjl}!`s7$6d`W2Bn!tE6#66<
z4hN@vg!`XDo`{Q_t1Nj5aoS7G%KA6RR|p3{wB!6!y@)Jivklf&j`W?
z6d^J5jI8HJ6k!+4s+?DFB*s1zRYqP@xL>1?vNNu>UHU6%<~4|;ZNs?>v_hfJcN%_db%d}FRy<3=iIJu$=-$>r-W_aW`2snw`**=V)z^Lo$2(dw
zL@i-jp>j)n|LRuSioXV-FcUtab;peFU&PmpgOzPoq`!4GV(D$%-;~Zt+1t{VVY6Jx
z3Ch)4R1cpbL$$W{J=yl$tWfy=uv-#6f}H*OTNqvBzh
zL{uVQI&QG-iwkotEPl@XHKJzj)HlO2I*ooP
za0_9r$o0)DG#cH}p-3shA=3C(7)2azOd$;16zC3a04p}*+#{AV+z?P^z~E<
z*?%iSQpU+yYbi{{I30?Rz&N5@?@@Sya(zr8I*M_ztEKr>>ns7O4lXZOguTW@#5cWW
z@DgHAE=53{Gl8*4x!bj@6jqT(6rRK?!i&(L!V?ZBMQAm&+r}i=MXbD1czmLTF|hBY
zJE=16NyeUYW!&QuZq$rGvAHP3PLL{1k?09`D{XPvl|(Q9m_ifSKzjBY3QsU2i1zTh
z!ta6pRt2+aCBiYVzR=M*K$*xF9*IoKn}{1aY(MUYO0{4BCVamxxJ{w=13G^Iw=7j1
z<9F|hK;a&9fNEc+sn^1~wL=cT(#^VYLUG`XWp4NdaKFU
zA_D1?Ih~x9qRYyTb8DxiFkutUG#~<(XbTB^CcXKX!V@>?ws=iu6<53{Bfr+yQz|1;
z&7Ad?3{#CWzKG^J7Z*rg5RuZKRE)T|?J}zlD>P0u7G{4|p`XIU9EH1|xBhu&tJmqPTsS>Y)}&z%bA?$Jc$QuRj_bS{&#v(eHJXL1%^DpF`t?a#Yc
zCaLhwI>k*?|72-@S`m`kpMR;)frMy
z#HzF3XbX*m@Awlm@~x%}bE`3~409>hcT;^jE>>5{h-4D49Q~VZqrZX!0rqGf)j|^n
z&8240Gn1!s4^7~Y7_v+rahwlIQPM#LTWnFoGD4;~<+(|5AHnXl#knSGn|oRz!`tR$
zb}!y)tBjMEvZuOQp}W{CQx*al>USyxm2d=zx|1yJ>-ZWAq8%WPMS-ah5ieseiaT*^WhbU+veRI&3rU$r??r0zz7scG{nZ_Z|X}gLf;t!?U%1N
zn68z%^18x@mnT=
zRfcbeVUKA@?9YH3
z*PYxIAP~0Z&zMT%Fb-(TCXUH`vqz4zbb;J*|S6-AT6)$3XRJGFZCZ+
z=zn3ADm@F26T3o53;v|w#Oz+u0UO_8>5uCGSz&t=I{Y#&g#KQU;}Y6RMJ4|$c}3->
zky8{Jm!nKt(WKC1Nw5TEo1(-e!4m0smqO1shn1K|UeVW{8G-BNm8{+fp!}V-F$Q3+
zunXV{1>me8=8fB90Q|=1mvGjqwda?$YD9f^*S31iJ%wC3_48~ZtMywpwb!rNyl&f;
z4eRPRZn%k4Bq1wLz5SflP`9)0w#b|O^n5d2b!}VA1+JEN66KtRh$DTnvx2sVm55)
zGRcmRLI%GQvQmY&Y}p79?n-UgvT4oc4O>kzB$EpWMRAX4f`HML1t)ym0^0GvBI0=B~4eB$&hu(6gCb2
zHv<-Z&>jCo3X)Nm@7(c9A+y8V^ale3ML0vguU_4;6(Yno$uNpV+S#?becQH;8@d<<
z67Xa57J>P*S^09}b;KmL61JG8?L`Ul#1?NjK)&0=SLl%u2!4|?e^u)2RgPJkhshTu
z2|G*C~wLx|SG&$Q=pO9Qj;7OBf!Cf4bKc+eitgwqX^sPiq71yV*
ziBZVT=9jp6briw{Jp^aN-C6t%BcBJN0Zl0&xGCU49(=fwVg+C7D3j9{9V8byMrKgc
z#jJ#G3F=^B8PVFEiZZ7?Sixwuk$
zkjnOPY(a!guLY6VlNfg`iTY@-ys|?!)5?_~ZNxQ{F_WVdPHTXBcK=ApBlN2(IM;r@j#3C6KlTHu1W%
zk%DnD;hH2&$uVnQ1Mf~km^>JRCL%sv9ZlvRmDJ|l2dDM4Q(3Y40(4NE4WH#IVW$%f&Qc5;x#V1gnJ;I+N8#
zi|zGT6F7sp0f{i`s0ESL7GrQ*VCO^>dX93;DcEwHMMa34XJcI=`VH4NXgucv3-DbH
zr4p451CzhoTxf7O5eJWA&>IYSgUIz%!69?Ao$({7c#ujLQ0^lfjF96h7lCFDpB6YK
z7Ffh7#Wl$zNMdvud^Z5Z7@g+_?t~zOV;`mUQ5kF{NZw!~D2oS1
zGJL2BKhcf+lv8(b5P0B-<+YDWpE79dT3E`6_%s3Deqs8-{S_5X<#2atFfwvfI>&9R
zplo*v7ztG8x^D(P0&~JnQjS|8e39EVQG!7Z;=+a8Y4BAnLz13c_Xa!&xDAL%-s0f8
zf@}D~F#*tA=6_5p#IZikx4X=hPxyhsUkrirI;G2cOyp8T)5}E2J;dKzi3I@ktP`@f
zQN}xXmaM2}*F+iETprkYII1({*?~n5aJbPoGO{^5vIXcTjO<<=*|FRWh?E9NX{tGf
z@osv9LpzR#7Gb}uBhrDb5{?aHimwn`%$+P9{tm|e%5#i;U1aR9H)B8D+v7|qp?pri
zS3xlT7vV~e_cBf3dqub`G<7*$)=zK3F+48h!HUQcLOF0>20mF(O<#{WTa2K;&H`jJ
zLEva)0hxt5Oh8remEng0emXnp(*|&99B%oIC}@aQFh?AbsEx%pm393K_qQVZx0b$Y=a;05X(0lX9uxZK$uCW~{=(vXbWD
zD~EE0|C*Vdr(yTo&-oK`PGiEEP&U^ArM6%4%JAU<%NrLoar9WE|C_@f2e=4-(jQJ+
zfvgJdZO)Vc(G&1;N^heX2znUC1;wm>cO5eQx#bl!&b_MN`KCqil>^A;6UYBXB3&S8&x8*-A3;8__{0p%`8aa`9^@uAUj@H$sDA
zDEX^93c)?AD93H#OJ|U}2%Hw;F~z7(!KfB`Px+odjnR7c|6}i6gCxnW^RV98?cG^`
zz`|I73y=gj3liXR_SMzT>A~y(^Qa|yc6O%OJ)l8|ag7o8$=DReXTMM0ezg_k_LT3AiA~
zSS~W4zqeIqmWmj62?G}pI-dffjVFKA+;&&_%n+ic^fLGhjsk2TSu(V
z|EO2F_2lCpJ^x$g?;IWS0j$Xex|2QzRSyc_?|p6YQ(vXq2<`)n8>P~Ij3(_IYMn1W
ziBYadC2;#umd}YND9dl+4qm^k6&JVs?RxM
zAO9J;Rf`|{>BXn_IXBPf9PrLQ#ky&9F^l54Er$Uul_1o|ub;yMO8oj>9;ztLI
z-~ZFH6?igHYJ6%WbMar88eW8^=6zR5WO_-bfTBJd{Oeq+55Fv0`BS&q#`P5VXRmOl
z8t*{>zHxu?Bh=luu}^19Hk7~g9A-P{)wwNbs%O(Ya#~pPzcXKHIu`aiRZiW
zCpdkrUvq2m?vwcW_hZ1&c@_v_U%!qiW7t>BVR`jE&OdqVn~R_0jKJqOBM|l<%@99}
zJ02{)_6?W__(mzjNi7T!9g4Hvnh+`LG7^SZbc|G;1xyvR$q9Of*4|CPn(
zIIRXesj_T~Sdb6ny-=zC*B3uT#rhf)D+cnNd+CEXEg!nD_yzFDg4O|t1yAxr81RC1
zzltlI!?!51e8(T+pD1hLD<(04;LK?m^MpQtByTXy~NKf#aGI$%p5d-BWIP!b?Z{^Yq^;6COrpf%*V
zuOd+Up${*p9K>xpQiQ@$kWc{0E0j|zr0bYRozW6xCx6W??U|g{%
z0SiFN=8r6bgZ}-P(5Q0v(Qkb7{Hy;kZ4f|l2$KNj8deu>K_bU%2~76E=e
zi{Jz5|L>eY`=kF2(m)3UD{dxs8|M>cq#g9M!@146SCgjO;
zKgqp)LZ)6md7hBSc|;NX?EI7Ge*7bgAOAJ{6|j-Snre9Ag`t6e11y?Pi$#Dz;K1G2
z#QPVkAU5Aw1$<)70;WJb4c&&>0SL*jz6x*zVcRnd+dhbe0$^0&?uSBySHU`uiVXzd
z8E^gnKf%CHU_~&rUC7!Q%Ds#gXFy=g0zI3@zlQJRScPY+ScUI<{7sGUO2h&$7smoO
z&J%7cjs-44pg;cjmoP2?bJ6i$n6{!GC_`$8r`^Io=wH$seG;RJPZ~3b#lRd6&tjZ^
z?fk1iu2MmS+6-u?BAf9H-r=dor!J5Xn*lZT$!{;dAL02Gg`;#tAu1Rl;0a>_6=96Y
zr?~*unEb27Pre=eeK@JOxY(EVRKyj1`L2wO*gLA|nH;j?_
z2Q~(Qk$Fap47$_5=l?cQ$diaj#M*phaqG5P8(&kw+I#?}|1sS5h1-jteGkJaerfUI
zOk;D4#s(!th`*jgpar)bE-_7xf9;IP0W^<+9GE?SQj-JWNSPcc#7~`j3H;v(&uDgb
zCGOBC{O+HYzyihxX&$z?5y)m-K`rwH21WA^7k{wJ787Sc28eG`pTkByd;WFxRPffH
zgdzHrj&6AYbxZ#Znas-u9pJou?EG(I$RsD`eCi8-1bKh{>*xu7e(|xb#dF`m4>|t@
zbF|K_d}Q&l?<`*Yvv>|fdNe}kdq;~eqUW7c(d@T>51*`JiY!9GC0yjQ__KjOH^sJb
z%$F1^BlspncFz6uqFnVrC&jp*5;S@Y-&G|=>u3js@uw0S{<4JNk3nA}bi|~__vzoh
z+W=3j`RRxM9JT}$W4!oR7eDjMAo9E<|9JA;
z=Rd5v_0%}B7t#aoAI|7pA|gf+_^i?
zDq6w6NS2C!d7fYAU&No_Uw!~r{}!KuxBfw-bnM?>_5KcE$^HBV@9)ohf5!z5ejVZC
zGYpvlsPH-f_%U1*$PGHO5i$WRdj<}d*v_vllHGmjJU~OZf}h03b9y;wjXnrJgD3`b
z8Ir5`uNFV{cNag7LHC?q`te^|eCBV$Dt!QJ_bPt$fHvy<7x+U$onQSU+=U|t4?c$l
zdLHw-aq;JMSoV|O5(@Swa7YM6f^J>^4G|!$Lke5X0|CR9e}73lJ^q}^{|Q`>o*!XQ
z{r4}+a`NZ;Z=n9>I*iBpbN#o@8hiqw#Pje7@f66Ly@db$F#h*x{O^S9xdW;9;9Uu~r1+brA!&Dw|pf{1&#HEnB
z#IL*$p7rJz7N7fDi|_l}ix4sX#&h87cnpIVzKeBcPhxeSKKJ`&!leB|$-PFPo2>+^$T{(AS>Wd8cS!bW5BA~%gNgt&HeM8#jRj~QYZ|9~w1
zx9nGf4CDG8WF)kHKE*Ju#gw^|4fHWTX@B{jlfv&~--ZEQ`LMQa=tKUT{X&SzU9a)v
zD`rRjQ&!dfF^55cGx8}@e4*bd=DXGJ{HDFtKLFqC)87H-%9pgoLqEX@VRd;K4m6>=r8=P{RQxOEPmjR
zfv~F@`;bU<-edrkzlED-&B=)AQPyc4dj4bp%oKu-{k;8cpK4eyJd2%MAdQ{(ys3o`e_j)Zg|MSOIakK3FkvxPGTHDY*W60V%k?`TZBo;$)g%b^S||f@^QW
z&c8I5&9+s1P(<#l_6zfHrCGASe=}JIRmgwl56v5=7&G+KU$vj6s3KI?{N-!r^kyb5
zXbtB-vY-DiAEJW4NMh(uo&Wbi{Mlne;)lKrWU{gN{x6{P>XnZGO#NeM3XJkI
zk*`biHU1;}(Ts5*dXIl*zYVY59|xk>`gyCes!eV%uhBFwnVssTU-&8eg$$jss_b90
z+xm;J0WV@}E@9v;LRB+B0Oc-Rb^9gSu%-7FK`*yqcop<2-}QeO(fJqHmJ8om`~kzy
zrHcQe{gfSU-bg(C-7EIf-^Qm;gBA81LB+=aDn9k(w|#Tew_p4xxXJf@XYu>ZP1HgZ
zF==c6VLtJy?t754RfYfO?X81H<7@WQ)X`7{HV0{|eld@SDN4*X!b5Zg66iQn@@p+8S0SWf^|HtqnmpJzdpbw`GeS(g%s_xhS
z19RmpG089KG1n*f1^YcZf*v)xKKeFVn0t&Cq5^Z`t|pWN%-^VLwE+0i%o>}oWufM`)R7{
zRPD{r*iZj+*qhb&7FU3PI(tKd^egrYe-U3mu6Yf^WqxY$HOHP%j-*qiqkslaHE}QzcbEgQs7ZL4&8yHIw~HRrrFXm`O9_=wAP$BO?nzE_waV`my;=
zW{i$1fS|Q*Utf5eP!_lBg4<3bPqFM`2Vl1G
z%k&ieEBkS(C0aklAb3Mlfw5&jh>=moU(!!sw4eUh$xn4-#JD>W_;-}wJFh(7mb3bi_FT>fU%I+omd4{u1
zCG(aQpT7?)olx(T+qdke{}21%zOnc{=71~X?a$axe*;f;?Y+e>Bn0zU?59DY{_pIk
z{{?69eP{7==66+oW^(VSi&)6LqwaDs_l|xik9$W?$t>=jj|+-$_-D;Nq(;5y9{z&;
z^fywpyDBGNw;yMTHk8Os@A1Mfn0x#W*bOxNy<*l(HUI1O)3oN-%WJP{K$KYcg#bp_!f+b&@C?H
zfzf68o?kS}k|JI<2f%)s;bhY%__F;xix27L|APHOlJr~O?z8so{t%0{{Po3+#LB#B
zKm8TFJ1VSinNM}YW)a(}aQ>zx7fCU1=&t_KpEvJb#MPv?`1+v@Zll^SyIF`xv7F{p9~ld_v-i=*xFjZ-L=peW%;%bjOY5
zPPaYkbZ?H1_WIrC&Yj(*XzkwU?e4I-fUj;w(ZTR2YCn9~SV=GsY;Egh)_$zjKk7D{
zH&>g-`~|tT{_w_XbI<+A-tJPX(`k;!qw%$2X9ssa?v9%~Z`|3PZbWjIMq}Bh71(O;
zP8$uc-+!y!+->1M&BUYfsW;`R?}2|no_u$@hQ9Rn+o=b|k2_tkEo|*BN4OCFi%YFe
z9<&adJG<-A0_ZQgeCRiJr|ZhnuvO*Zc_pt>w+#=_-jKws@W0MudMimZIHmzuTTRCR2H6e5K!=OyutNJ+PN|
zcdtix`R{3C#oi;=@Pw`26t|GA
zykve3@xwk2%f$4he`
zigaHUjnKTg%omJ&Dvm2)mbiS`or){eb5~!wAb;pf8D*tA6mNjHCKNL&vDPk5=&C$;
zLccc-y3;!#`{5Gc0Y-=2acepnUww@?fR^(VMg=8|rP`ftMq3^1A9PSse|U$Wv5M6_
zI>gPRJu0u}Hf|l#Bl2_iOrl?eBE_5zY;?nVAO6+DB4gdM$UC-RSj=r6#{QdiG-~0
z;7?JY&Aay^T)Yu)ubS8f&JWpwwuYVV!{%GtP@h%!p@eP(-X
zg&sGX_aZ15Jno7-ZhW9~c5Ic$*?gC$SQnerLuRM5iogneV;RfL1&~8;cRqQIq@!Yg
z69&yF`#Hajv%8DK`=CVzn0Jm^eGu*Rq0@F@fO}IIc5(ql6PR~7SY@<#C3TWg=R)7Z
zr-AC-$0?Hs0T&M+4q7Kk3WP_7q3({aOzw}y(+l|5Ro!wYiq)*&oXWtuTh~=StVcG7
zk`p&Xm0VJFc^2%%zD}djA3bo2YDbhR&hp_Sm9#xLmEw4{mapu$`jhTU7wAu4zU<87
z<;%{CyLhqqQ?u?RRE%gCD10mho@`s5&bWL|L8)D#pLa!EC-Z>fs$afreL?$V^5d%)
z@F?aibz0Mw%0t5Z}LO
zmoNK1znH<7E{JWUDKyTawT>a1c>$0A85qvda5B|jtnbRFcHJ{QbI@|v`XIg%iwfD<
zfj6&v9Cpj~FlM*B*=#Izx}L+n0vTL(PJ3CKvDS{@J*wiyiB8B{&|FykeQD5oC`yjM
zYfLTK#Y9R}5H8xo6)-7<*LD_xo}{Q8Yn?p(Sf|Fh1igJMade*hvml3AL_ZOGiEjiQ
zllO^P0<*4RQz*XKeyTHuk}+HN=Lhp##2
zIuqr=QE#kudbCUAn~P|xnz#c0f4aOr2LI(~5VhKE=mn?4;ENxerBPagUp(nvUnA7f
zm>I0;la-bBO-O3LJ3N@)SLY*^`0&oGiV|g5gqXC`JBGi}-s>LphPw940B5?>=zg~k
zzgi-mP{4BwTM~|VcJ3`$pvr54p$~6Tk_`o6vQIud~
zY^)^yY25($tQv}xUCvbiAB-g0bk#}f7kJphgH9VdZ6H7w2M(^=I3ly31XRu^WuTH1
z0R%5DheLvZ-os{pK^=5hMo+0|HYA-uwR1mCFLbdlc$je4myt;t3h
z%m931?KapU2Zu+~?oD&DbzPSsEs8BgZ+9QTBN`ln#S(as!bLuc5c^!d%K20&FcHLKW_l8x=(v
z$_L$cqXn;eFz5~tT9VJR11TO2Tm37b*@ROnCLv%pl3-f>e%MPF_CT+D^)v9B)GEQ{
z7Kla5Nr71JT=1jNW^AD-fTViWsd2rw9aw
zcM$ME4&coq>{gez4!m3LwZXNs2W18EKpqy|fc;Nm%@)U`Yapl`E*Mm3yBmU-uJTqy
zGih+Vbv;G-SSFN3yQ|((WZ9cX09F;kHGpbkBbJ!!N4-A46`Lh_!`t`nJN!L0f{AzV
zzH?&P0Q8)AXhAR{aNHsgKs;?xK{>iy%ox7F>*k;bTm9x5=zn|66ag9O9SlKf40Qwq
zqJFKSJM293xzHg!$txP1z=JxOB-&JtO<*lV+}?ZoU}cT<;ce
zhlBo9r;A{A^hjcC^KfO|1W}-?(2KLOX=S%e7Y(pBl#LB%6K;LslEVWw;81Ha!AWmO
zvZ3%PCvSsSU-WX>M_t!@n0!WBWF^9PA+IKlYXOk-VLc;Krvfe+UXHtah;58ZApqS)
z182DOSa82gmI*1i2fa>LWL94*vDNtzoKyT`qkFaX;BLV{5M*@RyTM)5j-`t@ZovwQztq_n>QbJ=%otlHE-zc*k?
zz9Rsiby(fkmZC3Ubp>t$(m;SD11jixC6cX8aX^__<=)WGfwN%<@vlgjz_)<860Uxg
z)DsF<8ogIPRF1O$XmOq}yKnj;0a0=3Jt$M6p4;$3CFg>?p#dL~#w-l$xbM(S7lVxe
zwg+n?sUwGihJRT+IhNw2gLXhli3%O#gV~Usl^Xh^vUve!1^_?}db#O1C*_Lzq_U;=
zBH&B}ld>Qn1Y$GVy&?X4xl`-5Lh3q@!HR}adlF$FM!O3$tfExb@W9wBNPZv6a|{vL
zZmYEf4#LqK_;0rbtm#c305MWqXUT{f3lmO2EFLn4#|XzLkFaFGd!Y-Wr40rQ8Z02$
zzt8{lc!hFnED{clBRCc=fovyCQQ}GF(2+5SdFPEdtVoxWRdPb(iWZGGcd`GY!`1=E
zkzj@o-8Omag4>E>$R2esyIRFvf_^w&KxA~KKN=ofI2zJr>UK<`l@X&u96NT$%yCVg
z9peBf>fognZR#%b0YDc8D>9#4lnkGUz$s{03Z6|0Irlde8@SRx2zHh2_G=RvJOMm?
zz1x}|Nd-{EAuyNVk24~jGJ6X&KX3WOmokd6?oidCUXn761M};wt+RqKud81^wx%=S0>P|+vKUYu7b(ABp^`lpUVdDnxml($`1Z*f
z0Oq=+mdZyp9b&mk6veDasCc-FC6H=Iydb@Ax&rU=s|!g
zk^;9mc@b>3RtUI&$aKo!bzvVh{VaMHaAz`ogprt))Tgd8ZYsYWKAJ9v=^Jim6j=R(
zlKYhn|6PVqAVYXI;-a|oicM4ZNX`di@cFs6rJfnSIlPh5M8
zS<#~XQJc%UC<0m<@tGA`vN^)(*kC9=6cxhKB>A~9#!e%QDd|sOd(^2hE&$84P%5Nu
z0FB@#37D&#^{6Ou>bR=0e8wZ?r<%W4aMZZ&lf$1_?_iJ+G02<*~LoE;_
zb!WHd<@u!jPo%H5lALUY4&r{7=sLi;ar^#w0fnJ)WXD(Hk8ayKav9p+yas6-2bz+%s-3m5q%1CO(4JM*<|O+KW_YW4ViT
z531h)<)AJ3mbySTm*=7Ts+zKEZjCOE8TTv3kiDwax`h)F_B%%-g;?lNs>nu6D6sjd
z%2D5l`|M&T!E@_QG476K_ITlbYho%6`5L|{YXq87=@drs5cnndO1b%=MT_s1h72_Lq*hb#+~y>gI|?b=t<^hQ^c$ld|l#OkOLw$5ic
z*Z>!1H)>dUqbVH9Tczi0HlCTW@n|G1#u18^qe*MfwS^??G173;Q((nx2R3_5MV){Q
z!(J0ArxhiX-l#N8ScfS=565oQ8KI(EFvu>_(-2Ygm0*2|e2h|}!|7N%
zsP#>Dw@y*D;bu5hlInyV
z&Bq_>MZGL9jUazSPx30V!#<7kdrWT>7%rychx_9J{zQCpC7oRiq1_eat_g1j=|^}w
zroacr0HFA09OPb*!M|Zurs#>Da$|`LY^ycB0Z*F@@WDs1wJjSVN{Vx68#&
zuVX@*9|Dy4)|52Z^oXZyndP?{x+B>bFSWg}Z>nPeFbtymqoeTxQW4!D0~RUgOKz-#
zy`Ye?HgnD*z7ywMRxF?_(YxjXM19zrg{ZZ>#rVNiE`&FTbqwGGf}Cg}gJ`_@H+Iui
z-ZJ-KdY${zd^WPZqLL=Jc1?DaVGmws6UKDfRVK7I(e~UzCCY-BRs{F
zQH0XD#sp`AZf=3jX8ULinw3X`J=R5*3)q)iQ&j7YyCA=t#I!=DGHTumK*Q$X3PaQAhePwS4y@+IA#@bJ1?642s->u08ic!
zlvn+bs7Fflt|}sl$Rq#l+rE#|PPFbCLK#yd2coPlinzL+8NR*4bv(&+6g0M2Mw))$
z#hiq$!5p+)KtAro#x^t%$0+06Xg{}fya~LWMHzbKvi`Jks`2ohG$L;!)9MPhs&~2z
z7+Bt|iS-)arA7hPI5eo+^dnmZQ-^lOj_-p0$MCYiaN@q>E}P?S9vuQ?oX9TEAF!;U
z22j{DOR86WGieQmU}@Ggt!x3^!_u-|c+eWZ4LzLD;YrWP;;f!ma95myNNWgL1jS#U
z|IO3@pa?d@DrG69ydM61eiRegC;XbMPPLB@r!LXMH?Oyf--~f%;)5w34|wCGl1P*)
zgxwa1cB;0bl6lE+5M7c^9E54nVXL#2*vSO4AE-Z*MUfURl3y79j0|Fg-FEJ=UjCF{
zFwRuOP^N^ujR4r>D#E;=c+*uK!BYlefrB8$yr_hZn?&Li653eB&Ed;=hAR}b$xX6S
zru9hxodFreBzZ(kvjwvBf#v)$W<1;*qjzc!$V=_K!@0~q1G^oxf{9a5dc%DvXqBD6
z3I*$yWc&PWejr{-()TnUK3sr{>QhPPp?Q|eEXRGD?cNzF%}8Z?!1A_xM<>9i*GCo5F&W6l#W|QVGEa+zI~{?J-I%iZz#h^ya7n4vo6c8g(i*k
z9{i7l2!&O@2}|FV1TViI>-xf9ko7tnqzzV&6wTO0(w3n0_Yo)=SRJ2kY3Jjs;I3fd
zVvdT~nX1DXz~itAO92%Z6I!;44y-NX#*QmqDL
zpla1CsXk!K%uR6HOo
zh-=1RIPeO(WkH(2`J&}dpLNQGU0I$?T3C|Wll3LXz`?+GPrMIzLS)z4o3MXN|0a%h
z`MZmc3K<0Bjhb$~+QGtJtK;SdxSRABCP#a4P23NLh+`a2x%;VDb27ZOI=imG8@MGn
z5wniHfR=2BFQz;sbF}~4sMS?vZA&&7Fr!KtnD;ei_wg{2wVQra=?P}4v|*l{
zih>$+97&kYb%6wwl0^j?PxcfkY$!tg4jJeIPZN}M=K(UcYsj0xtH5HajMV$SkLeJD
zJWNMN6^ov%ex$vj3&JW3sj8Z#tYb<=)K-}KF+4Qi*;~wjpPmvM=^mhWJ{)Of5J7dE
zwRdfqA>w3V;h$XZf}o)b!SYyD38;D$AlUo4*(PwJE&U%BIyK5;15XomNBeLtr9ZtM
zTPU|QBxFSvSOmw?$p<1DafqZgGs32^toH7{sTtd5As;ytS#FFDQZ{?zkM-5m#=u9Z
z%Lu3fWiA5aI;8p_bp#8Aez_5h`{;tClKgxFO6A-;yau_PKEjpK7>fb4PovBv9DW;_
z4{T+bRuihK-3LsoJum=|EQxpALc3a#Mys!F0p7&}XSv;M=e7QDB!DeUIgSfcuz_XW
z<8`%p7=K_SpjLOx$MSrybF(+W9Fgw0*QO|{Evu{aIUf0vFja-;#Ae0wjDqrxAP21o
zAnl+R-gy9wSJYFnR>9X{i3dzB4tYs9%X>e0h^pG`;
zd5D^GByIFlUIc+Vz(A%ZNB~emiFFTgnq#fQObulBN8?ASXaeHn?SP{P7Ob|4&uWFi
zH?^U&4}1*?XDRLRznXHi(w-bv+lu^&vllk{v%1!{Y|=gIO?>Y(Z$pEp0wIAJXhOcN
zTu8{%Ua5D+F-jr6v)oNCB*OsQ8juj-L?N7`Zt!kXQ-1;O!;Y0*@wlz}so1S&QCROO
zGmBwrAAOJB(-W*-(l@W#*xt%%4FLT!P7nPP^*YO#cYPvs1|E~7id~Y>Ejg5+S8xwR
z^YL#fI5?r<07@VCw6
zI~W7>dAKo3ZW;4Pe5+YEHZu3S`_qEG+M4XLf`kf8heqk(yb7*OV_B$B`k2H7CKUFj
zs*?llbo#Xd83K4kwPW1%qGfz9bZUe88Esg${7Z_WrDg)hPb#Kj#aT~SWmw64H5@dC
z>^uNFGgMAOWv7&3o*R*zB-vOIY|U014+c%kW9G@_DXJ9-n~<%F?to0l7DEfei&=N@
z%=uA;K_K2AmruTc31tnuzI5@-s+(&PSD#-c$a#$fY6u~P{>`)!O#zsOsuD2##
zToSVu)U$E{auN)2FU11)$$c>Uy-k{^{hss(3A8nL@ViQ|(i91zrmuZpU#wBliGTsO
zQ~b(HHGUcEqevUHq<2C*uh{c9s%dT+7vmM*sRmDbd8nb!n`L7sYCUXuWd&M^EAihc
zJ$IZ^CsN_j>+S%*?T$Tmy{iCq4$=5H!EiL)PVbS*Z%Y{;#sQNgq`m{l9S854>u!Z-
zOgt-gT}-!$uvh1e68u60vRICK;j5gUSj2vcsxxoqrh1UJ(kL|VPzt)?HmUcvi$?|8
z3G%YhKE^|h#;A_Xp+-Z7N&0OJ)RfBx4U#x^D9KWqbuhXotQve_5ihn5Ev)C0zI_@L
z^y66Dot678<_lWCBy)7-*DZ~oGfetZeeskdUZ*}VZUHCJ875b`dhD;jmt=Kxkjl#0
z6%U_?e=}6CL!E6(dd0DypuPn`swA2b0bptkoNwhDhVAkFK0V3_lap`o{MFskNSo{l67ftb}*aufGc
z8=f&*VJ{(zNyN>&;S)(LyemKBX62s;L-Z+us&gzPqMFzFP-)J;L)C+BFw8lFE`gS+
zPa>9ulT1h68NP-5$99tb_iW^NnUjKuBb&Oj`?TTl5WXU+GSX4NxwQJG4xhzVqp`9L
z*EQ0|BBy>I6z@_*(2)Nws{!#A$x}w2ezoeCkvJy3&~C9z35L7DdAfK7ce=s+%BYYe
z8w&f(OxjUTCnPB3oXADVDhqs!Sw3^lWFCEUAWW2goQsm$qL%G8-XK-0hKEM_4BF3x
z;-+;Y(3yyR4yGuK!`)3u3~nCXT_F2e8NE}&_$XQpM>yx_E3iZh%T
zld+{(xS|5+n1BYpt(InJJZ+K+71Bjlp%}okZslXe`LjE5$U@9#%Z_KZgaP^QfL)1y
zS18FViH(^JY2pd*L=tuqFB4FW9nPmZs4V6OJ%eI~OdYU`W;pog-)U@&S)7%zF*;j3
z`m+&F4L#X9C^{-(&OKR)X(cSQ4^PU}iq;wmmm8RhOsRUR^Ovn_=3dHplXDYudTs?9
zbG}wygke|3>MNYx48j1F3^m5WN?@l0(PwmVy?yrFv=ckoMf1uX#+BIaeDBTh7T{@Z
z+eA<_Sj8xjU#!!XK_UR?frZ{C9FAlh1*k5!x=nz$LLAY3csLp&5N<39%5ZufwATZf
zSol-a|9ZewPVr)OR-Ogtkbx8?zR%IR}996QWJTWOCr?`2Zyu>mMpD%6AwzjMFfv9lUEM;*#hgobSATVud
z2n9*COSga;(0jU+CzSOftegFYk1%@r#+G8^C`U4*+0LA0*;)hw2Rq*(;PB_`5C>4v
z3lirCxJZYy-nwIS7VbvJWK&gbUZZSUmE?l}2~tnAf=-~E(B=o7B=-4&0I4RJFIw2y
zW!*6;rG%}<2XihvJut17gWi;9AOy_$r8;5D4c7ux$QZ+{PR6n%4}6SRhpKr`@w5m8
z6Qj`LvfdKJ2k=`!4uJ*fNNe4Kk?sNhi)p*n@LoDGz7g$B?(UI@NX?S>NnEycR(4>X
zQA4y3^KP!~JHYSM5y*PUZ&{|;z-#$ZsE+J3MXBMJRlss74vLpOVUmBXJvzeVPqL#U
zV3B+^>PAsJI&7Oc*{;lv@+yhTDKRNmA;}*Q5x|kQC0U)R6BMrKsYa
z@#>_EV~NZ>^lWSzv`9+TM%m2z1`JMjjBa7u5|&W+NtI*WU&+Qh2$lq%|~=S8xR03rAsr=VqNK3ZT#RH^pLw@TF;;_@Eg5p4?Q|x!3;I772s;FrP)3B
z*BDVcwY&=cb!R#X)!+v8X_(9m^UdJ%y9Pe?7B>8nm7c(M3y2;wwsv_#Ytz3t?6oPC
zpmIO#?vj%U=RQI5xkK;_6>D$t`O7F|W$PFihYY{z1$L*ZDWhn-7lBi>x6f{D5xcXw
zb;6{%TZ&KW^67{=xuoXYjl@TZ>w;Sma6+>`z`mYqbkP50sqeB6I
z@k)v4J!lr3Ugr2?8KR($By{>*;D@cGsnH=9`(#aovn}f`4Psz|Ek1fp0BE9H>QZE@
zKz#ksSRZ%WpvD-#J{}DO>}uYDlG=16G0>@Y)^l7*HiLjwVvl!UZ!vqMqjt*cfyR1V
z%S_e`^sy;1y*z!OPGb{_4vr1b6jcUkImwUER>{3%HArDBiWg%TYUq5XHPZ+m9@@k%&V#}dfbR){O{?~=pHq*&tW6pbd+9lw4X!ssH
z_xY@h<&x?GB61^;)2B#H=t}I5M-VP8z4o3krPA||QjY|g0wi;b?4YXh
zWFbT(w07lBqSm}h!p|RHdkBtjJCa<_WU_Zr-64cene<39*CKJVqdJ%sC6uj%l2our
zZ^CHgD+7)C*i^5w(-T6S<{bof3OHS2
z*Z~w6n}bwI)tZz^IX@DOI|3KI-<)EFwGGBBNQ>|oS&LGKs)q!JZw1)NtPx_Py!Li*
zTHCrrQ@NC?b!s-56%iaE0|(cAdjG8`M1l5^vz98-wM4KAg6nD2sls%{b_EQCXt0>U
z>n+?cUKKW=hfzwAp~RcXN;#Q69)w0hnKHC6L0WWh1iK_BTkA6Ni?IzTAmt(HX?
z^ps5s3h|`qnC0{mQxPU6s1%bY=f-OABzv9FYql=Jla*A-npU@H30kr!PpTQ%hy`IO
z&3LD~cXVK`pU}lY|Io&TzB^218H&OT(igl=a2{|_>sDEClTYTz)rHo?O!xjGs;Ugn2nenk%_7)x$6Wx_
zU_&`F{C{QL9$WYuyobVtE^Q-;7mfS#o%?i(In|g6SDcIFAMnPqPY#hl+;lx1esrph
z1vva<%f1^#7bI1sPm|rO#M=asca2+%p!lv6mkvi5mZ_mWn)fg*Z2%np*dX*E#sK|6Gz2pcSE7oK%`#;e!31pz^klLr?n=f5
ze(Ayz(kz2Razk@y!Q>FoovTEHZdI>J*qUlT>yGFt64N1Vb}P%4HS26-6SzX6Ss?Bc
zfRwoWSJ|__(N?-#5Io{C8YE{xfP5kIrKO@gWXn{d?VaYmdp{n%{>3{t?rq(@6G^fF
zvR1Y2tBm)1P;$bq0w(0)Xez@>>Zs+f+$PVNVkHKZpYvQ7bGBl%
z65BnI5Ibs5O{P)(9y={c|5dJTjeROI9fL7b&`^nok=bQ$znh}_8iXBO~@
zMbbyDBMMLHj{=t>&%n|PR0U{T8D99|Sphba=u&?VX6BqMe{GH;Bxb@{O=f$Sge+h3
zUsBzM^E6L!8!6)XraXSJ7v35lL{t0-rnb~Y1$1#BTPxe7|z7J&z#(eWa)$U@QAv~vNJ$i}o-SQ6AytvT7Ce{nN?Ml6=m%`9iplkxJX^xVB9egoj}!C+hb3VGvLQf;7hb999H
zbeTXa_3b#2!O}pofx-zvA($m(JWD-UH)yI|Dlm?VW1PXNAnaB7mC{0V1_x$J$A)QK
z+1kM|tE*{@ZDKokIwpmai41n{G*`JoO&}5iMaX+JR&9~HFyKzMI;g`MqtdLy3ML_r
zG&(y>4+7oaKHjsdlBd|S2Qt=0ny)DW)|B1C)*5>P>m3Ye&@>#o70bk5#j0XB8qXAs-5KUVL
zDQGaYHB~gv;cXi7aIu|MJXIq&m3(rbfmAbLelhbpGj4r1JuI1_2$y3*SV=2N)tCWb
zEGv=dFSh9%4ddd24r1y3)=_^NH6#luojUpj`w6RaO1Xw`#kK`u6E14h2eSHIT|gkb
z2mS7k9*w4Cedb#(M7Kv6*mgMT_u68yQ+BJd$=|+_B+b&WhtayhX-!OPMtmB7HnfLW
zC}b7lfGRnyF?WiwtF%|`>oA&-C7R_|Ahd4k%BhS>mKxm)-{_G!YfR;z`&awIvbHOKAB?3@iFMc
zu|GztB>}}90jv_-$XIl5qv}gudq6>DXd51x1!v1%!{+A(1F7yityioV?*RDGW)3^K
zbOHP?H%D5C$O75o7Bu?Dl26|UbT(WN0>b97b9WzR7d=)+O_Z|YE??yb9A~Ed=m>Vk
zz}2O-B&Vlrq0`$p9X)ZWuCJc!40w_h)q~Lf$0?}6Mu>`
ziJQXGgX_ErrxHcnKpO1b%|av{x_l;_91;NJ4RSt_sSaWy?6LGE?Gz0YobMzf_6%pB
zqN8KWv#frFVUJNt#sGm0uK?^|B6m|o+7icF9$ci1)F)_Ufx
zt&+i-YnUuA`DyF{CePYI%bcW!)&<07_5|353UvNA@Jk8R$U1TU|8#ksDU8t|YDpHr
z9Ulp%z1*tty+Yo13_-@AV$9B#O#-K#xH`46>+-Z>Yy7rwm~7XTt7dDt+=zt`X$RDN
z;RPLirKnh3l)?2o5vRY3oM^Z*SC$}s{^oQ*LCqYu0Q$xIQur}gP=7)KHqYfrmGGO@
z$|_)WDmrYROJ$%Xuj>5u#D{TXYpJ*dp`~?H%Kn~lx@yJ%@jy^CLB*Gdy%H=JOU;tG
zA)E6|iH=#(IQ%csfShpP!&@CZ!!GMnQ)mc4D(Z~#qC>81F<4dBGGN2vM2Qh*tuQu3
zX~6nz0r4KHIj_m!mHVhL#1NywAxfc)qg>I1s=$aQ@}{z9PnAQH<{HUf1;n&rsb?rp
z=>J)~pNWU9yR1-DR}_878ev4QZ{2Phjt%}0NS}UGjo{(t(IF5)=_TKG*kDL+=OIFF
zku@Dc$nH%TxtV-Sv=ru{0#Msz#$|NoKjj`CoDn1
zoTDvq9aZ(@Zrn{RDxIx$d^2Q!Gf`FdW3+#Nq&r8d%811hwuU?L%eg;LqX)7)*Y3;bkB8>?$2
z+7`jqvY(8lN3L_75)FSrL4l%4_Wa=q{hp$fS669YB1;U5Daf(
zOru!)EkXN9JT+$sBwRG%F^>|t6dg#LH^R0l-x@q7WMq%`9~{DinMxZ*!MX>u)eNLo
zIM-5TMNDp=+OY-9VmV&}+3~s$vnq)=Y%Z{^cInr^VleEe4)$D}I(xaZ^NXa%M+fK{
z?O)=I3s|p}dTq3x;Q|E9279m$V7WsrIviwXtqoX92Yy~rCf4Vjl;zncWsI31wkEY~
zzyx>GksYM*zM6w+DX1|Xqtn2rirKN!-KF%*Fxv;?)}e{4LmlnxC?tOEip`QrzNlOb
z0JSL>6V;U-F0kC60!$!TH_FMj(Ad_STt}BUJV)2hS3^%HA$nA==K5Ml&b0B$N~UQ`G)VN7TRGcI*V)!%C*FXeY1vJBigf8);4CZm}yN
zcVtZpKU81Yj9}4jS6Ui@=kH44nV
zP8Q3ZNft8e9LGL;ASDAUkG;xP!@2Sl+bWbrDp>`aHQFKFgj-Z`LUYC2Xg_UJvN^8kviDo%O
zEZ-CuL_1&5S_vIZg$$S*oXX4(3^XN?4)n7Y#4hie*B~8qZY4lsTM|PeElJ0&`jz3K
z$4+_{PAB3>Sh!w<3YvA+5yBfQ^|dOIB)6O9W%Tpe2U08XhyZZmJTFcqJgeq&-U3eG
zE;DVYaf?Kn)CbiE+=wmUb!wL`5?Belh?4-{ge17`w$-Z>Xr+-O)6*pnV79uk!3G{P
zk4i{1Cz)0>A3y^{ks1(Gb)VfO&OoEcTE2XEcgh}iNZYJ^OZr-I^d;{P@!{*;lRz_4%OfB50?4iwmSatdgn
z|B)qd2qz}ZG0iHuWU3L=8{2Ojqf3Jfnyoe}whk~6DrWZ)o^z~@e~gw5Yt9$-#5&HY
z#92x*R?DwzepPj+RZnwbjWV*7(Hf}V^JqV@QL7Ha5yxW7EJ85iz`#%U?GcDHfOg3U
zH%V+&Fzu;!FvsUkz&zLuhE**N1(KSURdIpg_8D+EWO)+X=S5vO;D+cY5h$m!M|1tQ
z9DeV8Qc0ieDRMEGUS5U6YxR`mLyE#FPK>AKp|1MJ91Q-GQG0VUdH_Q8Az-=muqQ}+
z_ncSlc&1!lIPhV+9l2XcdNjOc_`H)#)qL#{PJ>Wmkc2;*|;gQ%IFa<9V
zzZ=99J{0#N1g%^McuQq(oF?@#m+>%3PYrlGT`d@gsbV+l{&X;sw1%uz9igtm2+{F$
zuP?=s0w?y7JCO#|XyIL`37vXVVT~Fa!koR|8&B9RCDhs2Dsq!qq~?VmrYA<@XrKm`
zX&!aacF5w5V;x9j!&WbGu5st-Fi~j@MiNo1b2Bg5_kgKqI4KN?V0A{t0Nm>C!=5Eg
z3YzFbHJ{*F=Q^_zq0^;f$B5STCMc#K%Cu<1vH!ZQi6JsDE>GE$f;bQZT1nlwMqqUW8T)P!BipIB=;HQf5ORad@>0oWkx@7aBVTANwNMJqZJzH($#nMB3BudktD
zc?09m$0~c|@cIL16d^?l0AmsBYZbvQu*;}nXiZ-4k6Ke9d=;Y+I2A!5v3oUl?Z3?H
zL}H?Ma9`{oZzTF7zI;W+q_&^H`nq#q$(K_Rz-Kf<4_4DVZEzg#PZGH}1hndlQrbCWL`0
zzzD>J2t&Aet1^CgzDCVe!l__(1Hml1=@87831qPtWy?nnVJo|+Y3+CE&5Bk^k0ij8qsMgcYbHN!PdAYS^xf-|lJME~G&_eo=_rNe
z-=d}1sXBs4Z)_3wKAX_4q;`!x)Ul6}CbQ`WRf?HLtn?nwa^~&I!Jii-Fr(W}@wfn|
zFa|*qKZPfmO$R8t8lvfjQ4rc1lC*3;=+e29
z4?MPrT5BJ3D{XwLo<(Ko2alx_5;{Hl(
zA?3WlXz!0l4=A>pnG7IvLok|ZMqaCxj|LL*N#2_y
z_9l=j2ETavNelTwOKtx34yks*jcImrWQH}!@$>i{}<9O|i;D1}n4+=L%|nhsVf
zW0FkYbBn!AN}-|o9)q>W(DE6Yn@FYrp^)qHO9V`U0vQD1VcLBOJ;`iI$j`c3;W($
zIP7)X=)D33l`BHgd!A511|%>gBQP4Ns^}{2QNGbn%Ak$BoMT|TD41ugvJz*T#ZHby
zSZbOJ`4zd%+k5Emw3~WjYa*_ej-a1;rh?9}dz4i8R&|cNCn|AjMSkd-xMhP6g)ZEz
zTQCD#WF8U;*qBaXMwKJN6XR1k$17Rps3mnE)3ptSg(tpjC|(xvWIY=SuE`?5GcfE8
zWv_v?mS~B;@27{Yz}h;1>DXY*30cKK3r=*118}vz{?t!O@M2#
zn;k$S-|u3=Ib{Y5xH0akzwh{6pf2Hd7ghu}Q|MQIDTDJ(YXT%8vXW`X)88|6HD~3`
zie`#z&qcv2Tb9IdX~!WGi{s(#?(kqLGu_YX`PX!^l`J2~L;zM|t_}%XV5Jat8Cff<
zLqhdMQu`_%#@Tpcanns++Cv_u^s6oVBv`g!8n-BWArEup1LAN|vsNO)14cysB?(Cj
zN_dOx8Q2royAe@inuRvPCN}1b69i`zaUpumwV_cC+0C
zcD5T~bmd_S(^(ja)5bBadLyrcz*0;b=Bi
zyz)p0hfY5zdU>aXdRAVC?!@b(F?(SAj9}scJP|vw-GWev#lnA3HdD#+
z8&}DPC!tUCN_2P+PhF?*2vznW?8Zc2`iO;sp|7-R8V|?aJ#bx^!*1)c8OYRs{zU`m
z=@@1!`U5ZJ%K1-idnIdcd<)^P$Pdw&;1W+4fzG89QA4xf1>|z0M|mED$$@#USa~;b
z?mC}XPwazv?}0%*LxrWY^4l_Q=TPSqVw(e{sdHYz=Eo|M!`fmP5w*Hfn>aPB2m^)Q
zZnwXGPe@v_lfLbY?-QeKUJY$F*fs3`6%6OPG52_rcx-i9?=FTE=l40{JvljMD-VzV
zSX%qUQ)JbMMQgmGrt-%LisD+#VGLo|_RF#BfTD2CyVzKfF`k}`)#h|Dr7LZ9yt?eN
zyT=e`a76wzj4!tidIe{9ZA@pENdO{#Gc=k-ZpuC^03|JOHIE96vQKmkfKsb%QHELz
zOZ;9QnBpo6)TIlC@z-l^Z7D-&{hs-^oiZ8Wne*r;r23qt-xD()0
z?+5vIyyssBrq@S-cDEC;b?a!q5{F>Z=QDs=L|lY`sBD9mjE-Fqp|uUvTa1a2DU}~?
z-9lu9Sv5^V4Y-4$vJ06JTwx3qi_2imv@70c{kY9lEF#-J6
zMkD2r(V5mo2~eiN8vE@*n$8#m5{z~~L;s*|el}>!f2{II13MfJfi$qe%K!~vyg9TE
zVlb1Iygv%Umg4jXs@pkZXxY+(m$e0gR;KL1JTZig?zfWJA_#N>BNe%>G_<^O$CXkgpV2Zpif8+iDT59R-UP6-
z8~JXFX7x~`L0B0&D5V1H6m_f%j^!pDZ@{tQ(H}l?tm{g>R|dqy4ode!voC3D@onUJ
z<0IWzVo;?6ViFud`l7YK8ALMfjeEzvR$s(c;3bVd>kV!Pt%n}J*$ktQS_nU2p&Vq3
zFa1_V7~5kUh*w@moIV;qVre?tnp{7KCl$Si*wiW}2QB1B-phI%^Vg3?O^E(?|VoM`4!)Fp}H0swPg2
zh&5}e0stivCjhoXHbuMRuW`qBr`>moreTP4Ap=)uPA0p7AsM92K}1OOA`T*Vly&WtCDLS4JU$sT)^iqU0Aw$`Lb?=ysq8u
zt0Em0a6&Q3T0I9Dk_~NH&NmAXSlHat)InG&a0+~Hc165dVm~RCgV>Wz8v3;JDyftZ
z4_DyEE^9aI;%nW(;q(!_I9Me(bR;#C^Twsff8peVHf?ggj7y%w_KBBFgoepG*(J$#
z)zDDSeBQu9#iTrT)_ShRWtja2mCQb%DlJdZGrGL%aagvGAxKzHWS6@S1Sg9fnnsqz
zR1JbD49$OmqL|5l1prihy6mx+C(U%j+Gbe*LU=J&HlYMbz_7+-ngkz^Smf%n!w}Dm
z_e+N3stcX3TnVPc#peP)aR0l&JMQv%f@+2@63*Rl*wVW$Fq3{gNKOJRsB@)QL15XONYFJ5C%#UNmlliCAy?ZCvEqiEFtSe$EH8l7ltdJ|YWMyH79nh2c@Zk1!piot}4RV6I@`%S?VW-ir`;_x3Tk7A&UVTB2C^
zK2Rvv`$n~7Z-=QCIN%XVlDkk&kD|$8t8EmNts1V;m}!|P5SeWLTw;X)lLm{~$XQi?
z$=pj9h^bxu48RBlw{Thkbsx3w<1f)3IIp{t&nSJzDJ{P(@$>=M#!72)8~q-rV)F^k
z3+GAj8zi(4K7((%-P6A3)6>#+yt%HAXG;R!
zlsX=Pbr$?Fw`GB{B?XoOn@d1~_bIy(LJNjEFKvjdaDm3Uv;$B-(#V3%l|dXyeD}v)
zzz2qIcD_o17;3{c;FDOLW4QkPnKlNls>4BmGGtL&Ko?3axhkcAMvS?Itm5)fdGRnW
zUY)CkC~$H6>a)}>zUjj9iv4ONwMZ#I35jjzDvX~?qVKE7h|xuQ0k&HFYnG3g%qBf{QQkBN!fGa
z57$Ece`U#{>M?dWe_fgC%p?voPxxVhn?%RF!tv{?B!Y}Rq`b{ClA2ETWj0l^eu-I`
zZxlRX(fmsQ8i`4!fn;H|paUHG5F_ViiyG9hZZg3*p?4E>bJfh$hONZ$!-25d2bG7S
zv(4xZ3ePZtM*oSL5x{;~oYg2V_w4l&l1k&UUp5gKb4r{kXZa+>K0LBK=0;f8oyd5D
zS8|VFIy=DuCUg`CC>66ukv~qoQy>wrZ_`m9>={Wgp|RYX07UI|w!pyo(9Tq^HHp}0
zcypF$(G(Y{U?5|gCQE=TB*LVu-M9WYKzGc!V^@MxxHs4&uhGr}y~v14hj!-fiE
z2pcMB_kxg7+>qg3Zh(ut<4%>L9AXR
zrc;!Uaw}_p!6;I@FTy@q=Z=b!E>0B-#Fgza1guD>mJx3Si{52zGC~z6w=@%LLN?M
zf(9Kxc(KkQ(VZykDM(SHT#0q9rv3zP8C0O#Nu(^9)rAvn^=1KXTiJMGCxg}#+nwND
zx}sii&dGJOni-@v_v|=kq`?-Lk>E`!jR=Qkn7m5aHFtJ;z{tC5P>TGM^pcw)R=WK;
z`=&2vGnmZ{6N`}rJ}#z%>rCnuDqQr^y>&E{ZVoIvqCgofqLBIW7D*qu0*Zp>X1hgN-fW1jaaXhER!s~$W0klP9*psq!
z47GY8lJ|uZ)Ege4U7Y}2f8w(GS1!mpm0i>_Vx6inaoT834+hC5q~{FE3;2s`siU)`
zwiqP%WKmh~cY4Q4V_(6&@+MlbNQGxDbVq&b#B&D)#~y^n%H%$l9h2%us6{dPMLeFf
zkCiedIL31&U|BVhfa#Z&0RYsuYJ-L-k0$8y*wBG5*iV?c%{ekzpK}LK
zwvGR>b^=}(`$}+D?A(Sc`<#^`9?U#YR&ZgPQdP-@9Gi-v@*})JPNlFyR3#g{Tt+)$
z#rjGRlu<9T_wc-uN4;qs$l_O;6|cBnqj13}Tw?L(>hQ58Ah2jDNik+drIa_0{jh*a
zzDNWYS)47Y-x5nLFH(qqqsS2_&`Sj7`2hBqS^7isTPatt92E>zw(?nv2cW~)6#qI2
ze^A`orHUAVCvr=8Nl$K4(0MhNOsalWUc7|idZ#-8Lp*B?>G{(Bvju}Cn9)8!R|S6b
zHM33B?dEDs{ziu{MlgYz6PRP706!u)~
zqU`Y9L;)a5-8&BhA{<;G`yweRuH#MOKJJqbTNC~=;rE8rmKFj?9sAjuc0O{vze#;+
z7b8$Q2KN{JU5EXn2?ig);ZwAcCdT9xBc|jJP(dvo4YIG=Yb4}*+zj0FYz(gx$pIW9kDS89@1wR%n@GLwot81mn$2^+#hRt=cqxlvtAV=;H+*r*W;C6;sT+G2tSaJ(a
zc+7A|@=1BS`B0=19oGa)u*)d7QRq7$@Gsw3bxmu#
ztaeeiBHyjbbKs%<$^u4)*F(S}>w6}+$jY}F(EUVfd!NFnM?l^+P?Bt`x&7jcP*SN{
zDG@w}iCIc{0LK%JDU(1F+S4~l;450!Tk87mABPHMH^tTm`kr;@xy+nD?d+?t`Dq42
z#SNsh5fYj^LSzL^AY8Yo6(dp>{bJnF9cTL4akgfs2ClMD4SVv%VUK?_F%kW+y9*D9
zN%4Ss%xW^{da?Z1Ad%v738O(sC&Hm~R@_hwsSn{1008iBtRy%COg%tY%_gGKXbQ(*q#N8+i%C$H9U9T|SDPqO1p%}VT(@I}a)3al0-CSau
z)m-F9Zqj{5bx?02tj(29Dy|@{#v;zDwQ!v|157{lidHQY!Lgeb8Rf*ON{Ws>OE#P>
zZ(A&PF@^qmYtqwBmefNR#*_9683IKpA1OLIKv@;g?17BAk?^Qi*xB_gQ5~LD=mqh=
zCgfv$!#4aMqLDe33m|((TP!&pm9j!y7;Q<_Bb&^Pl*5sb27;CcLD8T!ep}}%l@|hP
z;uh*q4usYQPFD9J;u3f8{CcPj(>*N5nLUO0;xLB!pMR~OQrU(8Ax%1?x7R4QutTYS
znoDo_ZFV4yARN#PP(~od3r$iD84qxMDD8UT?_dYTrf?bi`A}_7UN`6_c)|~lGIk{^>
zT#*VLo$iF-S^bPbD^wAfw0%rI3NUvqz|=@`L>MsczU>a1J|nPc#vtlzbx;ArtQuJM
z(3FX8UY?_PJ>)npV;r^q6c
z>oq0+m_XKOT)qq+tJgN0Qz^Zvd?j?R(7Vw#wQ7+hu(01(I-{e#emAEWM>Icx_3lA{
zNLrfcuNt#swo{N7rG1n$6I=D=1_?EGMaXt><9_!?k49)alDO-{Z8usVH)~E&BG~pd
zLY&r(3rvt1sB^}GiJ~sa3f*8`&6dG>1xFS)3|%>LqAeFm1i_tqERY~wcw?>8
z+c%ZO(yFhvg9ty=r|E~JL7-Z23Z+1AT1CTLtW*N9Wh{e{`hgU$Twt2=x5Fna$&~Ph
zOnc@K6~t3QNX@mYaRMsy`X1*UGslQ{Jmud?PH+yrLrh{6{uE~v7i2+})u9U;{kT-%
z)Qm5@jv39*>TNcbFR3Wi>hs`a-(~upC6F{s?301xK_+HMm*-@xwfmT#s0z<|))+eQ=w^M6w-L9iETt0$(cJJxb4KB?4{EMR(7cXEH!
z?<}ab#T*P6t3jc;RV@NRt5w=vpi7lp7B1WRoJv>jxIo|e29i7qi>b(x8C5h`Al00b;Q3C(
zGAd+Kn1=E0&{1>AG9n}6f)LcRSZjiBL2pxLYF0-bm)$C6UzWpeYTq72pXVq%{iwMs3(dN3LQ^7Wj+GQNR{1w1oQo4iGIM
z5atP!$+Uto>~RIQ*lX${ZxvHVG^q+b
zu`7}+>#&hR%%pR{m0~mc-sXEY_ry`6-~Hn^x?|}naHgWD2s0M~RPIz#LhF1;S1FBy
z!s>1#7nw6x;Ks&r`~dUxDANU5vN(jvg^PDRdSCE|L1-}KcOLy{geTKDl!4j#4ag9{
zFd3nXlp%1m@$`bvp{onwiAMSGVDA3yWj3dn+=iCSD{BE?IB13-tAZNVk|jX!1susPMvOMT7OJZOT=RypXuTwR0yQ*|D-xl7m2$54@q
zE_qtK1G3(mTn8(eb?D}g^_O{kZ3`l(UKy}X5}l8XTTjTlmtX=DxABeRk?k18j3Gc*%#}>o=eoa-1{hSr`Hht>9ewZUu-}bn0ZZGm
zVnCQwdYL>zatDkl5a~7#-RtAgK&tMormp{%
z)IeqRWyva{T)PBPA5;e2>>f_6+khEmP
zT(bOBsvZ@7DF~md2uvc#)&-(7XE{oYBdK<84om^37w@`^3vpkg2bi1afR(ICXx?M+
z4T%yDgU(l{cYsE{#*%7*vLP9g_PZJg(<`5V!;&r1w%;H=uK3;TAyujswThIq7F2C}-2J|1K^@o;8(
zfpb9AwazZFbwzCY+S8^D_9&0~$K4%Ew`e=cMFoeA0d}_z+f%9nl~bZ(N6gZ7FUSB?
z6_grI7dI?XO@kGaPF8Ql@T0dx!i6HWK(KlGS%hYJdX&vbv<|}WJVDIvo{NgG=w^-?
z`l6-V-dZ9T7lrhqHAbP&oIMJC=uA?MdpG;c*fdJnGfcpc;DL>@PUx%I^Qd__*-Nv`
zGt*mVV<-`)X$&m^x~!Tz)ZwVYRt%^wn&cF5LAxO>e~AnEWjM=%OxSlYhcJ;v1E
zklPZ#tp`7x$&;8N*_ZZ^O>5XmysC
zGYI=zm3GKH5T4$7ESi%wPZX3lI4$C@6y+MzZOI}D#OMbgxQh0N$Rh|J<^)E^E%HqF
z%3zO{Uv2L1V~TUQklwPax!K1vFG*%;sm`CL69AxS1}>dZ+Am1z<;z~%m*6Zgnq}?C
zYP$=H95efYJc25XCp0H>Z{z9U=_b0L**`
zO?Y&|RXTEcbhBm+Bi>z+%}C}glGoXr4#BI#dGB>J-hZR}h~>CFOBa*qAP#Fl;kAe>
zi3Os77FP0G>~g9Yto{jd{Y2v0Ly8(r7-96Q~x2M;J*MKly7~?B=b1fb#HvyP(4@
zP!BP;ih{Cy)6M3y$qzf%hao%dA~dwgW0Ipl%NMUI0WWEDXWAxf9&^o|`2w*4R~X0a
zUB*c98=BL@W|lWSSkn{?F#|6m1R{75BHaWNT?v<@E#5rVtH2u4r5d<>a4R0k7
z7qHanc=Tx2E?*^}Kom>YdH&RChIR_#p9${5-i>D;!gWRg`DiS~_7SHOL^R}0sLUC`z)HvXSG<_7yndRymLQXY-PyffoPrg7Sz>ojz)mBRrjw47gUe>l
zmc|s0*;}3FhN&M_1(uEpmpqPRdhXWw#5P%;|1MQmZ*p=_RJ{7}X!;|zAAh5M}ueowOS
zU;v-MzZkF_<9heN7B|i>zVlL}a|J!0&@^sAldVYAo^9H2fN~IbNMp+5?m;wZfih1E
zF(jH>_B|+NfrjofIvT!R1zn*r8sSr~9^qu8j>ah6)4_9G82Z63DD%p6%+U@g=|pfU
zDmoJGTj^N>>$M57JRRvR{)ut1xXR6GhJ|+%<+_D$mDE_NjutVg9?3Rp&JQlQf)FD_
zWRr4|Y&=
zt@kghb~Y-tfY$e}*_t1Z-}d@ZuMbi<)H{p?|D!KXMHc(wrzEs~{V2{H9M4m_k?`F~
z;(subJe3Li&2ARvPBE32ozvn_mgB1HO~5CCI+b2sNkSfvBDKxN@
zfppNGP{M*9+hKqD7PD{QhM5p4pA}c}qMjMGc~#UQ3`st(hCCCQ?OmnmVMP
zWuY@_gQW*eR_=C<0AEaeWKU_U$^|}VJh)#fjF$78LMt@eH;qSaVYn%}le+D-wM|$E
zna0L>cR=)RGmbzS7kI+SjEe1UdBgNg@tK{gDp@~@u{uqkXAN!HH
z2dLr{{58z>O1v|_nsm7jXr$c;70jTslHxqoD^=EW%&?r{ICj^>U0s=Yp|OD2YMpX*
zBvUVNk6Kr~(eUSxV(lRsY*Eo6T)0~n-%G|!PO>bMfUkHDnE8?n3(esr#DbYZsZ7k1
zEFR5#oGLEOd@hxx)2|F&j@i@D<>h^Ta4yH`(sns?mI}q(>1v3;U=Iqow*a2YaN@}O
z5{`hWDW;gXyGZz?V}4a1W+iC0AJVs&c=nfb#4lzw4?upK?;Q0I*xhN};YmFf2i2R^
zhv!eInk>p;3pX9{?zoEp2gBzq?3l{6q<&mu5=?oXPTrrSB?@RZ(S(0~FqEmD5y!c*
z1xa(eLq8Z?pN@h7bG71Lq&0spEaQ@2gN-3;Nb(;HLCMBs_|bl)vic@%Eq!3?FFN6_
zbU7vzr<<;Pl5&8Wi^^0Dk-S5!HdXX
zYF7HtY%%r(o_qKRxJq+vSgClH*O
zGHv&L+9DzGf9KzNn|UYf_D7i5Hz<_Bp@S@
z!nDRfOX23Vh6h~?{OGoYBe%TSa`UcGyR;j1Mqb}-+C?pY@wsiHQSw%S397XHi3x|QfV7TJt6tvh)__ehU1}I(!bA?8rlD@)1U4y0PFmEV<
zhWU<5uM^?bPp*CjFJa0chhQ(C9JTMmgNgRWn2|8~j52TdD5y~%0tDFl90OiDF9I2G
z>o7D|z>8wd$O+3GSyFb?>Z^KyvL(Tc9Otr;)nDAgdt>JO`OI;$bj1(vFVQ@l(ab`y`guB%KP7pi}ysk>|ReJq6qG)ViYZtjqi#EKnN9C@|+c;@xs%WUD;;SjSt!yqHt)-7`X)=1xG_$
z{-G
zj@z(gfVDw71AHlXXb45tWzl0|fKV|!Xg}N8?Iro}PcJko$D$;Ve5G^j6@VoztUbEE
z2W_g}Eg{vuA*50bQY)t5KsOU4c;}#u4e&Vhkcst@uOdDeI%CTQMSZ)ZwMJrP=>>c%
z;y15~_!dv}%YQwbs2CQY&8ZYV_}rjO#~yFr6U8r^nGJjvp#p%5~EDJq%LJu@m4^}&p_5cVp+9u&-=^){)ArqS`J
zhj7*l8I$;veQZUqZFCu~p{ewYo-0g`&(4D&444i~VVj{YS4q=s4#I`QcIq)jls-4CXBr6)8)pN=$VSrt_!m{M8oj?m{
zrPtj-owF1)kQ7{`JH3+XZMmQ3p$#l#lf5V#@7T%)o)$Y?L9e7TRJ0Jwr@0V#n~>Fn
z9YA3B)*UQdW8)?`qk5Q}4zOZ-gugv%^3lCt6RW||jLW;ILhd0~&Y4&8Ee9qPWOc3a
zS*FWi8O?kP%u-i4Kdohu$}H3#kJ83>DrhI3N`QPC2jFS*5PrA)k7J=3j-l?;`|;C&_dQ=x6bA(D`dlTL^RA6hA`S+tH*85KMuo1Yw
z*oesG{yb)!Jk@p48m(+9GEbZ#@}#JNXCTfn3JxSGs$yA94~mdWV9M@0w&ZPXqliX3
zcCmtJnV0!z9t0G2LX9^QIP2)4_1bNi%i$|Pg(Mp+Or|sS!~9}LiwlLoWrq@lKD?+#
z18T>Pv)C(|O|fJ_zlBWV$M6-acIEoVUeGcyzZ}1HYrlzACnAV)$wOenL-hKoZVs_h
zSkwH5ui)LeZbBm9Ct95=N8juLru)9#JCp(I6UDP^OG$`M+P<9Gh8i==FJ0IJpQb{W
zJf^9AH_AI0yu|`kNgiNM4N-lP+kpDZ-uh4s@${
zpxYzNt(3Mx+3I-J8XMg08`|e0gD?S2-a(Dbn*2lL3yQz6z
zq!9+~Y{hoWP2k0*^P85qfuj-x%2Imi>@xLt>g=otY-hteh!~bD7;MCc)=odqkUKP17&!sEauLd06Z{>wiv#g8cvg_{DQjAHW2#?p{(a_r||%f^g3fWFwa=p
zB52jXvBGPjrX}_5Y@4{Cz-3`y2}{&`qNW$se1>r*74tii8E7rr9FUCk^IQR|<~$fv
zj&63Xz1L(t%(9Dk?KL@P5jc}XG>J1&AuPcGo2wv47`06;Op3SL9ZK=+L~H^<
zH&1eU`cM9j($TzWI=J;)*?Jhe_?b_fX)+l@O$pc_GY7
z_SuWUGpypO$?L#dUDaFIpjC>}JH+o;>or7)#la9b%S1+t_+BcOedi586_;KIYyT0z
z2Juw#y#(Fi*zfU%u6dBQbs6w7*+y+N@8M~XDIOl!(oNrW&-f)NrENVKn0}*hl3%c@
z*`wFdvWN9mk_WK>Vqt&M?Me-n_o4yZG^skzz#5bj(4>sD&Qvjm=bZ
z|Cj>mlZBp*3FT`}feRm?0+QIQ%3ea}2Dino$EKU)W3xBqVgZSLp=YEb*LL14Xba19
z1mYRANNagH?r2sn`zlSleQx)XI>U9zJGExLa8s!FppDfX>@7$|mqr%vkSksb6D9NJJo_Cvz6vhpW*1JiKm^i)^`{Fj>0r=kN2q=IwnqcMR
z4vi$*cj(5~dhc7_X3kw@l22$F=efe{5n6U`qg!S!>j(8^7Fu#FU9QVbi_U}+(0CYj
z)Urs3SAOZBCPfz*RaqA>RhqX(>IDxa@h-kzj7$%cZ#s0NzjPfw;0jGB&%hxI5-PY5GVhf^%L}rP)8q`>!iVL8;
zrCkhOGu^i6fezFjg9ULqAQxIbp4fxW&K7{N5589V}*$T$tI5swW
z9BeZ$dpWrpjy6OT)etThjYYu2Q9KOhm|vZt6~`bdHLVy-Kl8<6R|^FKn!Nvise2PR
z$+EIeG*v)gR1|q`fR=zQG);F!*4`Ek)m2e+R#$hGmBk_|VN_&fWmIKmWJg41RiU=1
zh%ADDK0#;14Us`dP#F|O98ghFKzy=@zzCy&D~#K3L?841-*(Tr=bjUHiO71R0$-hs
z8#nGf%eVZ$ZPoxQ?AkPRLUReoAg^F+?1-4Hq87D^!7lxKh$ms|toE~NpE(OVx)fyJ
zVCLFZzML0x#w;EfV`p$v*%;Lyfx+;sMvT;hj_m~8I^$1~-zai3dq=06)ip2GuE^NE
zw=DwKVIv(T7nX3AVqoRHJn`-w!4I?*#8
zTz5cHszQ{9WT#O!mgdBG)7#pQrBjlk+c`c&<}yVkO^XmYm5Y(a_4p61SLqgx&Z)PHy;t_;bY?C<
zaRtn6fn&x|i9#iln7N)$6pUQ~Yv0c|id|v>Xj4%_4iL+bdy>%LFSv7%D=WX{eC2r?
zWY>d>vbUArg&kfS)@jfbBridC3&jf$=aCWknrOGhn3;L(
zH0Zcl8tSA&p;u=y33v<~c8kYGoPy6Vd~u6>Av_oGo{;^s!%(U-K!PD58SRl4vcqW7
zK-L$^6@lXh*wC&1gRJtXcz}qG7^p
zl$!__;zp~7mzEdvp^3acnhU?LS;@J+UR_?ZvjL8Y9oIe&4H5Ac2d$@NghvU-&2cgh
zk?~$_p4Ko2iTZWqdCNmYc!k6fy42d|>WX8?I6;sRUBR$|R4-&RTKR^q7ILPOowfr5
zfH(jUwTbDRH6Qa%O)FABT7(s`@PVoW9FakIpm)H#(sM0oj+Iu;YZ57h;zGU42256G
zY1r!)7|~vz_<6eiYjVdkgw_cV&s)gbue)eOcu^%}4n!*Avy&zwC(>{^hjh7oIgTiR
z(qO>8_hR!rh>K)gUuR7sc0LP(HIy
z&dZpD&7VFKs;p0?nEdL0(4;^eJ%YySk5WKgqx
zMKTW^up2r-#qiAjsuD1U1!@k3ze=sW0}ANk2u3@)VTM{(a#2=uV_~&BSVw~6RdDG@
z-cR19F{OO|(Fvrgo$GH&(yDZ#cnZaW$+oJiA0E^k5!ou62>0}EmSbj9jy0N!amwcy
zJKVxyi{*rfP0~Y>=f9zyQOJ~xpBpDvie3lu^@+0>UemN{&vxqu&gxwq&FdMXISbG6
zw3K}6mrmv$stb5x$@I>SX)!4iFs{$cu0+P)6DS*|VwY3qsL+5GyQ#vm;!i5Z7Wd0b
zO`R?(vIt6B=N(r^@?1=QdcW}+N>E(xAW(mGFcEg*przCUXH1?%yaWPJuR8iVPE(eH
zFpr0vZplK%@t$=-4O8uOiFV?H%zWEfL)BruGA)?x0BFIZ?#h6pCa^6sPcS1J5NUN;
zogaCP-Ey$Qb-Xu+Ud53GHl{k7igXm6LOc_T|7odp(zvf+c0tqt?^LYkXql4=tQQCT)=I_Md@(P6~zGwC!&L@44
zfIdkV;fI};GIMZ$^@
z0ou`_3SG~HYtWs{NJtOd`)#U+tARbVlG)_AgY1Kn#}|w9gYTrcnpUq7m7X_7#JkdJ
z0WCZsQQ#;%<5GrXYsJAs1ia;p(sPJRI!jGJc5ydOH-e6UgG8%ZPYm
z?w>3)2{H~5fn5Ec(aP?kVqU4UR?rqhw~w5Sq7E!KjGp%lpvJR=?RvW7)7{ZUY{aXXe6_a(Wu~qzc8r2)1PQe
z6}c9{z*`4(%-Mp}0FOD~e1Zqep7Y_$Sm*#%P2<>sxD_FaZn*guHNEu7n*%D=eH{Ni
zI|ReZx$n;r27pa`DF-)Rm;yRb0Fv7^3Iq6g3+$mYm_Bpn5zHf>u){|%i-;gUKunFo
zm00{`o_o=a1HIf6=fq&?EKNt2@_Vh2|oC)78lK0IVMK}GGA
zvL0d&?KU+>-9Vef$r^gQb~jhXNFGqYxArqEc8+ly-L-*K@HpGE)(jSLTu~IIoj$!R
zD3rH&R;OYgU{&EQc~-zz6@;_NZXBH&`OjHOrAz4H9F;CqMJmjR3{m`pa8#=-LFu=o
z?3Y$CWhWYm;o}r$+qu1qrepA}(YN#OQ=iLJW^ML*5(~y>*LuvxJ>*DrXUHuwtp>45spo|y?+si5N*}iX>%3Aa`p?}I}(A_
zVCkS{PYFXh>>ENk1$P%u62&PIFD7{_DJE`hrlhM&Yns7ko0^yIP>&Q*mCzjb0<`0P
zpM#%J8;K%U=78^l1Z)nXI_d#RMM?x+x5Rz#X}%(BHm!Wf^<>~-@8Ed=@tlxm5OP+X
ztq_sLR$8_SvSrBaw~I(uhC+a6#PPQf`3x5~D}75(SzT@89E^wqCFJCBPoFDzRMg}{
zL(emVGL!>{)tOMU1e&Yh=xD2;v33fI0Q>9|$XZ&>-#@HAi;T73z|NIdBCp$-2BRWqG3E9`xcMMnN;hIw?N5c(-3G};)0$cg(bU;TV
ziFkp6#iR&!CH0f9CiT+_52K`?D$^iBzvt6z`KjEu8PeDB};If3!&70{f%g@;Gyzj3CQ9KM}S_$}-
zXbE_p2>`tph$mSn@x1*Z+i*({!>cc%T+=hjj_uOXcahpWUh-A!4pR&%O
zeE4x8@HLFl)&@2Fx5)k5A1PFa=kd-W*mxmhyrHoX@nCtDdBAA(iwR_|i~}4rwRB2V
zzg$ij7;7}UmDGLcGDz0kqJ;I4tMe|_4nCF?0iEq)Rd#SE_0{{kRtslSbk63Q=0?WQQ
zLU})MJ`Q>T;)MmH1MUd{?^~WyWw=Q_$Ev3tgqp?lctuvB{4$FCR8cLL;-t=*t8ALk
zY_hf6cmscZh2KM|uZ|HqI6E0ZvwstXqg;AX2G;Ff=FUQ)i1q)BA^K|Da{^f#
z75aGt)wL-y)9ubaA{!7yimn23r+IMYEC7Q|x$zdW$vH>B`Wj8JJ6nr>&m`;_iss@-
zuJgkupFas#dO@+sbuP#=)Ud%FX#^Lc6L4SV?M=c~`zsXJ%5E7?K?vi;LuJPELgYOt
zXJJ%t6d1A>`g7~8$HC!9`L%c&7OwuE{oYe4he(m1IXfM2$NGZB^L+K=rzmyh6}Ymp
zRq_f^-S0NqDrm4tYePmmJhhFCnG9k?h#y&Z6oBmll;q|)=24skGYTzk17+TOmrwM!
zCTpFGTvV>ZI()N(rvVq`ilhV)9T7By($6A6(-tfp?*BuC>Ky0fNsGdbQQM
z^;RIwgPyLLn3Q-PiUQfUXfaC_cQyO0EYw@86@o!v|20gfb>4IHoW^XuM!V=j+W=6@
zFP+Ev!%3i;2?*ig;2L>()500jpCWFJ!{=c?0>NNPOuBGI+}*!&dLS88nAGMts0-}!
zo-?<|QKi}*P?iN-gyO)|hpeKwAn|#x)$=NwQI@r+5m`|0CVQ-zb0qae&EcpVLNaB>EiXtYkYo4D0>=vqzrrBG1!Ko+g?0`J8uD3>mtjo-$9JG
zuLoo^G@B=!3OkD*{H~6m-gs7GMF@&O#S&zOY_D>3siO6Dr%BL3*hw@6q5cS^iT$z^
zRl^t&P>a2tBOG05fjW2=R5k#tQK9Xtnd|wfUh!K8RaG*6LDPc
z&7u|PdBI$?dv^n-+LqqlcmvZlt`n1XZnz@QcA_*nn9rXeg{~bCM>;EOS4cI_rJNt%Li`LMR@pQV$O1
zv(UQaJST%u7P6&#$9)JE6%gIE3zWAiWh2lM8+?g8OjB=BhYq@U{sFM*pqevR`L=W
z1ZXJr-1B=pth(StQ*CEn>9qo<1v5BhS_`(9Ie!ZuWPXprC*}eX#o*9!aD2Ju_U!?+
zbw@oHxRiR6yEqTV1s3V6SMDgl_8i5)@1jyBu2hTLpaW_Uc_tj$|J&>ssiSrSdX(X>
z&=;UCaDsWkl~Y%Q%0o>>ie!Iq!D0cPx0xgOiR3YB6g7D2$B?x-M30e06}&Nwp`Z_>
zPcv%>8oEQdFZ8~U7Im3f&?K9~`bP+XVbz)EFe_SDl(>?dBhtIMo|$cBPqDXhKaukV
z1&w8g>)7NozQPv}d510@5UbRXfo#?N6t;$FwZM#u#i-@1(5Pu^N{>U>c@?UEF%u?q
zj_WSoAxm5+1yHnP%8?GdzU27bO}4>FJy}?6%8#P^b?N~<0JjV}yD;K!aSaJ;nW~|5
zxePaDgXUnMh|?iy=vHz+C@6nr)ZNM{(G*`@`qTCv+M7l+VNaW*bVA@N=`OQuQ3byf
zST$hP4lkV{Z6R+P0rF*=m+(W+l0n&1D|!p_saS@j{;3JAm;Zqc7z>Czd^E49U2n-`9JMsXJ57)Oh
zHYs-c+(2VVX>+va1V;l2)ltHYA63arH90#zzEpM?xa&f#q*{Ugov0LmYUygDz_e
z9fWG0S#^T1Haj+#H^oiB{Rc5BEwISmP?e9@tNw|QoI9()I+bTaNkcs?a$PYR2<&Au
zYkn~!AjE=N8^j_~X*Qo;uEO#3H!7CLB=J>}ZmsxRWhgl-)KtX($*Jb**o*Y^HYq&D
zi1(u))edz&++J-ISJ@`~7T$TTN**Zn^*2mq7TRhN#)4ew;Wi|#V9s0-i*{^6TdZ84k=0*lL73V>L#tE>mA#Mu^NDAE2xx5C}K106;&v;(Dqe9UVvS!YofZeqY
z7xSI*A`R53TryL^As^V0UbJxL7!PWb=}>S1eo7Q{l%)!1sE!Xt+1IE0MGT2VD=|i;+YubJ~M%9w1=&N_T`%mfD4T@nGQwYC&G!-M=~^V?8wqb^Wb$
znx*3(XEX6(s;l0E-;%(#I%ydz%by!Ne9(S1S)A;^8WxBvp_Y9u{tJxkQv1OXDo=y^
zXMsf8tWz+LeZ1|Lbnmj+E1MzG+ONqWMYJRJK7k75HGpI!nf{^{5ru3D2b+h(`UoeM
zGKMW25|e;uFcz6thFdN403ff2#@Y6e1G$0vlyo)EP@wW--L#iuxNJp(+t%6(hykY5
zmwIbd4@T>KM1P2W2C2x-F_qW<bjCoekfS?;@N9l2}dkOsXPlFSGD-Ge2qCVzJ(|)
za=oqf*SGp3j@{PdlVgrC9?A;>rjEdD>?`_xkMUCUHiaT0ZkyJPIjX011SUhzYmcBd
zSk2`nuZhJ+NV_n#yJPo>$`;$5*%!!WXr5%t#ivLaP$S!6sT6?4P@#Ahts*6#F5SQ_
z?m&BdYb!|7z#;S|F=E*D+Pz2sV!?P5UbnbBftA%0TTIwB=W6Q{7q+W&O-DYGz3lsY
zc2n=8s8?V0YZRQ|M6x;J>0s+A2IjUh+~{jAF&IS@0W6UYt>{
zCQu{&oHjS*I$0=`$I7h+E6%XBlN3HY1*x;02CY2yhIQH_zQiNwQ}Nz@z_CSt__I
zuxga`vcN#1%Ikxf^zw^t@{>l{T00l=w6CMFV=Giobg;R#jc$jgsAF$uV!qV^!hcdL
zI4~D9OosFnEP5>ukE;xbc-!{sG#hQqCMM&Cjf$F9*T
zkjirnSIKnOz{2;qiH8N7I!87%bO5Xw3^#-{_a-gsi%rKYDELMk3M+U94s}_nd8oe}
zXK2ULg^`HX?@7~`v#epkj*Sgb@X0P+=%D03y-lbeNB2gigcNedCL5iL8oA&+|bJ^={NbGAkZJ-+uf=e%C(yJ-o!yIv_gIcQJ)aM)ha54#Cv!E;bEhMJ
zoz2qzp7_$n%s?osMsxA7*sR{N8`yq;>yn;PJrb0m1TH6*85+-
zJ)HC@Z-u4N{Iol#D6;KB@`I~}V&S7b(x<2+lwY3b8O*^_Dot^FL!H!`ej5Ywj9`_v
zz2;s5BZU2dHV{&hY!Fm;_Bl}BLsZ&QAg_R+)#F~Q%x9J+a3mHa0`Y-S7FEHMS-?(q_YH;I~h!_
zH8T0KWT*0`p>;ED4d}8E!fc{BJgx5Cuwcx*t(=9g^&%#G3|WaPaAve_ZDqAyD{3!r*b;1=XNage
zlvV5%l*YETr*h%7!0m(b?tTz=YwsE&1%?~kBW|98fgYLp;912Q(M#60GF<79R9x_g
z0BK5EZ+7|=;XvW%9%{otDdEOKm|pJP(v0tB)k+`(WJ1`*7B;E3cnZc$=}R
z94E?|ZDhhJumsc;h+KblvN5!f_q0IBt9b20YK<%r^wHiqiwt#?8ueO8V$<`+Q7r>I
zCtp;Xl413dR^EYwOUaqqX&q+2&T%RQx1@LngVHgbIC#9GCXC+QmNQQ#_H3a9UKo&f
zIshLJSPta>b_rUzSZ)#toXpwa0817lGd`Y`Il=^Ic*Qim5&MB6Zv==TSL$)~7W3QG
z-+?aUl^&oj<2zJ8#t@3Dc!00l(IMZ3CX|Z$BUr8Z!>~mYq08KhR#?eA#3d`tVIf_K
znDNeX#Ou&tVKhvzyjFtu%Yj;nd6`R`pkd!fLD+o)9b7c0E&!{u5is;^$JUB?rDoKpgk%IiU8aQ
z@@l2nJ+_en9c9VF^*NzVe$;E)gKsqJ!U<+Ao=0f(kyx)@TlI8uy@?|c7iNO5k&Osj
zs-kTb&90@Xos$aWHeb^Ufyeig^|k|n0AC-MCPIwWWl5U9ZWDEYF=mQ0HNISNceY}H
zW|Fb_yx1MDDJ65HT@-Z~6;@C+Qp+?`OkiEZr*()BAG8f0jVIt{lg@CpZ4vlj`d*|~
z{c@cyIy64dQ+bx98DQ%c-0-j*v3BG(Knl?Y$$74#%>M(}3NYb1xsP4puR_{!X|)5D
zeuiKs?dSTO#&VCZ4^MEer9|kHY_&$p4feN1t7}p8T%_0m_Hl}|k~30lN5^T3bPz3?
zqgAYrun!;)?vl3)rlgE!ho_#V#l8=Y$|t9o3E5rC5Etga^~GSov&xNv;kC~%8sOkt
zt*HqG`XhKjFQ+f-WDq@tZB*kY?nnoh3s;{e+Yp7TxBq>$cd)}Y57@(Wc`+*rT;G$8
zGxANllam=hT*M|ee>`OR6yt$o!`QNh;lN1`=b##!k5`K?BjKTzQB1qDR_$fVz@<)i
zl$?hMQVRsTK73D(R|b%DHX-H)<2B+9O{C;OmXh=~CM3y6g341AxXTc0U|mah<>@PE
zz+G9AY_O8R!YsFWu2EY-BT-R~f(#nwk69tn2KKdG~HijvYOa591abJR(E
zQP_nb)t>RHEYyO`9e@Wosh94Cz1BK(Lc?X@r#w4E;Ow1E32s)_&Dnp#*2gVx5746<6G-OnBCcm7oI`LLxdxu<`Mh6b2656iNYyf%Be?
z*O5vrNTG(*evUEUpn!`Nl$)b+la~9yT&~_Jz5&Ui${aU`oBi>2Zw&Qe7PpJnpk3kkf?ZoZ7G`KoE4o|5ehsOwaY`{nSE)gDRv9{opC$>?KV~e!Z0GA
zJxR$7?{x7alD|1;F|`*^(P#Qho|ABzA~tS@yFdQ%WzzjN*-51+
zbbQL9r)6sbTX%=lDDX6k8j#(c+jJ7@-8!5PUL=PR!;9hjHZf(1^?`$dn;l~vxA;>s
zKe^wkFl8C{Np?_?X?4e>WRrqbX!(oFK+l$t#z}d&*eRPN=fCDzm0B$UpFlgczO?@htTF4%`f%~
z|C_y>P&*?&jWP~MaXh({pGq4Rn)+SPpU@uHYsV~(OLq>VOF^Q7giy<+slVAk_mSfVT^PP
z37$2pl^zpJxvn#ZN~+O2P=1`e1M1)bZjV%cn)f>GwxjI!@%z^Y>Y3`c`bXBMyEGBpL&kr-E1QpNg{kp
zcGg^f(AC5U9l$B2&e!P3X~c@f`tV|l%nDL6_}>B_lC$cbZKSB4Md)(nGpLr2+jAvL
zolnVYsMcWDBPj8JHUK%Y+3$`nTvN>ya8)+8(^LbQawwK2;W17{TdUN%OTD??nThUGIc9+Op4AV&e7_qe|4)*Cx`A9e?R;^
z2%{`h;R$(xLhZf&!49F&%z-cghe=Jb2{2X&>tq!iTArjL112#NwK4Dn3fh&baOE4d
zg2CTN>xVFqR&`tzw?rtF9^<&sbcfi3G`Wv9R-6p9P+~XX{8Fe}Zdh^UTnHR?;u1+_
zI$*W4zS
z>$_@8>>`RrCVi#@ca!=iRZvRruEN$$URs2In-~>pQ2?_(LyB2gyHby%`Iijylt0&V
z6i7!HW^92Zo#DBGYI~+SXY}D!u!+x)20H^S0#E%Y$3@((L?r4;RF1eWH0N()**;9;w%O
z^eJ_!vY+#{lH<@NsI)dCPl}4hpB7-kLaq@xyPtEctH7cQVOJ52DKihbQUW^JLD@kM
zB`V(`vBB4c4V+;tcxkBx#+-+aq!^xXu{_S3-0@R^*J&)Bz_#VdW>%g&5SMLfDHsU;
z^U#|)77d07cru!MQ;m$+BXj}4
z0*nGVvLy!%_7AHl1f%eoEoySHW76Kzn#KAdmwH@z>WJj589Hv#`uBiuq#oO;mY#h`
zn~OZr5x9y?Gz6BM)CaDMM`C|bkQW#w2VWGITzp4S-77j3$jKRVQQYd>T07^J;Wfm|
z+1%TZcG=8)=ID14fL{Dg@@mCkXg-dji+Vwle04!i*j`h^8dF=PXc}T6j&Z9uscOKwn%K6Zia9|U6WvirG
zSN6imP2JLaCj4-e8B48AMkG%UFAjQH$pEnREb|MD0}5+7izYq{ZJ^w1W5LXp0OQao
zPV`N@kHM&dc364jggz&_vzZ07ZT1vN0jt1Ol|h>mhB&$p(DqoSH|xv2?wG7_NI
zEChauw((;auIlFVgQWP0w3Vs~SsON;OAr6`wd0;FVIB?kp;kzYz@UpQiV`c*+lUmylVt^F3`6qNZwCqp(A
zyy2>%(}wEyCfnWh)BVkh6Xb!M>rb{vn*{p^nn`v3VFVJeN&mDsJ};`lMOf9@bm*JY
z+gw?kdB3&W7kIbP8kZr
zp>TOf$J#OVI|LcyGOPCW09#Iz|
z6%Vkv&6YJ;UtWO^X)03(qQ~v_uToW4eh2=i7|i=AR!{yZzb9s02`8#&r9y6E0TBw3
zgJR@K2nJIvs-pVCv1j#SjlfsPRN_2>uzE=(yi*nN(hB*<7njaKw~=T}ykV=uR+lHqm11|kBxgvGK!%x(n-i1U7ikh1TNVpJD;rg33eIhc90I$Ts`nkAnp^%qE81=
z-~lY9y5=`svb`kku}iDsa#-!Q3drulz2wo!Oi}7UbX3~h2&Ct`w>qtqsZB@=rshb0
zvy15H&R})vY2y*591IGf(-#JlD+A~Hrc2N&Y^Qx-r@OvQ8C}r7B(4m&p8Utd;lQPc
zM=WuAO<-I!QGT$INZ-rb9$*Btv{Tcrp%C(%RE?OA9T?JQd}W3X2Yz=xuSNXK-HM}7
zB(i&+=a2oNcZMcoCyW;1hgkCf{g2}vZ4MNuS?(egMlLRB
z_$?U8nQKxKJ9@>Dyt1&3_IIq4qh!=&^jzbhdM{=-^C%~+L0yfC?2e^B|B6PQ6U)U6
zAHupy?gjsl#sId|A(zR}*jCP*Sz=PkJE-h{5Y9(
zt$7F?eoDvBP9MQc{i}oC5Q%YHYiQTBj#I(4w^{#`X);FxPkV;tHG%4>F6R92SuZA{
zP-qMZ2S=@iil=}WzmKkh;pSFL%Qx?00x5HXYDNu5#Ra-%M32jaU#rlKh-^7$mrZ?0
zGeYDmd3R<7e$ZPdfIuV9wZskD*``gcM)hp+?~@QlX5}8>eyz|VEqo@$ig29yQbmY5
zgitF0Y3p0^Q&2myN(#hNqneD=xPZcKH=Vj3;B;Zde@o1^qF7Ph-C0Vh!(M}>oo`E=l|;eT@)_%g
z@GcbX!v=9HW!O?|gqcueTW%5uVVJD)0>xPb7
zK8YvFr?&5B-!Gv|Ggwa$#VPw~-`4O791`T1SX&rOPD9o~zbmo)MIB34;Utq{PM}8~
z?I_N$e(o50@e(#~S=|Gxh3gmjI+U&h#0sxo@QnmGJDudL%M5$2%DmAW;pnIC9OBfS
zD$Xu;WVfw=6uF%&$0z3sh{RAu&j<$-Ln&BBiy11wD(&}B>|AU|`1PTHdwp8?~pH4HYdnii1lr8xb9X6*hHey9%69rb=vUh;CAMO6J|I;N@(9?KD
zEPNfPjbGdO0DYD#@1iO1aD?tX1j&W5ZhCeFX&UrErg^eC_6E-ZCEb=)(^El|MpxW(05Cj4Lx1
zadc0P%LJybxtI9Qbxujdy*s5MWai!l;(P~sw(wb4BD^dmj~Rd=kqic(?S>92cXlTD
z69F@0H0|b3_Rh;HwGBFdCp;h3x+W(n{710wu%=rRR+B5kdEjA~r3fkp_Jbyn6pO%$
ze%a|V1UGr8^@7T|*?d@`8!SRQ^K+)`Zn45B=&sSGH8TGRyuoMUY~u(}0Uq!etf(1a@B
z<45i#pYRk%Yz2;2!~1&B9sdbZ5GG^FE@K{`aDjv#m#wPkx6buRGSzCXpdzsX#V=yEvzj2T
zE?xsGg~FIHv&3Eq%k#?Sk@0fRhzqLfKUD#-Ou;N>ob0wR)GVcnp)?trvlPZr^*htz
z0U7Qw$ATHUi65sIrHv~XnuuFvE(j+BPoV0u5Wj3^xr%_I6d{DQy6T}Y5>z#>B3-hK
zB;^E2G&IdhJq&|HD$)`==eOj22xn0zS&O62WN`6#F
z&C2}sot5#hvj&Y22co8$gyLJ)x1Fqy!KNJ`Sqi~d6Sp4?1xo6=ijdI1aau>{8{$E7|0
zFG2kf%+7J^wYSip-yQRW5f}999QNF#O>xg>!an{Yd8|W)k@uSZcK568IxfTi%C=q>
z$?7if&tmWcc?+l*l{DMk_S}}eygVchMp(X=SszJ+T6_$)5moTV*ATuaEh)(@F^h+R
zI6XWSoC9~56y}AEYbVg`r;94Dq#QMP#2txXm@@yE9|Q;#_Pl(f!3xT3GW+Jlp4K8X
zE=tAW+RSnx8tk$9GwZerClqM6+L(sW
zp~99v4w^0wAoo3rGvXx{0+M338TBqcDOqV5(a1o}XyT2Qb^55dni1Isc#sI3q`vs3^-uq=$4WQBCg|$zCr_oH6>IdKoftF$rgzb~md?;Yxw>KbH
zeiNQ&H5l<-`_-vWD&B%P=#8b8Y%zDQk~e@_y^MgltDQ0W?$K6}ypFPc(&R;fp*6B1T^#5Ud3Py)9aj3!fIrbtwQEYp|k*3$3fH`{=;vZ
zj-2T((@rk1?~3oy+Pl)vw$fP~h>Zm-A$eV8l6Omo_v`7AKf>NKw3w%Ihlq8eilWC~
z65H1VZHC4{xwQQEn7pizw=Ueo+egk8WeVK)-gq-WW_aZ9VF;%4I0wr&SZ!le$+t}o6+Or5vz-KY6e?WPi&xY
z<#?S#fTfCwkk7p#Dl@GTB!1b#$>gL3cv?)p+6)8#O8D}s%XHTB%`=Qd1soYpn-r{)
z@O8K(r5}j^go(4ME=lB}Y_t|u2cz+Xjm%)l0^u0lKjg3HrN(c2mGMM(6Af<$tC4(e
z_yJ%M(Evqy-s&O^P5R6>oW3tplSYO+c2z8w#j0He0Bv;2Y(wD1Tw#!iK7r4hIRH`)
ziXwl~{!J3bto36grY2YThQNwKX{PxEIO9ao+M0J$%CAU(Gd@Dx`VLokaskdL=CS10
zc__Y=ImvvqEx@Rzu8SA?4>qjL9$kUHM427wxGr2X*aeCGWCAjx?BfP`R|I$b14IMu
zK(sFUm$N^0&Gtdd^}8SDIdFKK8@QIjeozv!lg|=!071!n`*Fy@j7?pi$b8|baNKbI
zg=1Dq>X|as28Wy$hA}!ZQaGQMo$p-NOr)$T79#{X3^zL69@^GR=Oc>H=uEm7(YJZh
z7Gu-nHuHF-P_hQ=isRHosut4)34Z6Op)3P1FeHsrc-m5xDrgz6tf;1vrC4yevX1X!
zkg@P?-%Z^;yj3tkgt1|&O6nq%MyxvsrlP9EzmFQUhSA{}Jh{m{f0^ax^#kub1F>YQ
zHnBh5y7+)0K_gUeh#02GzI-})L&?YcpmyB0bCAk<)4s?QQ;VrsT2ALYke))kP?m3c
zv8np!ld$uAM)qN8HjcL~-6c_#)NwnnE~eK}&i3-uljI-*b&8(f-csX)qvfYmS`qco
z1;rIOK@-^|amj>sk@YBIlK)u=Qi{K7e4>aWX)3LlrS+me1$`(vYH=^5cbNQ@<9;xm
z;b=e^Gx8>0I3OLhCMOs7!e$LDiY7NAbAt{A7ux8LxsXkDy`4RV5VRNjo!(l%cUeP;
zv}bHzI$wIGUo>B-f;)bi;fK=hYWM-F8Lsd27gkpW6w>60os?=}UZ%=@XA}rQ-x*0;
z^rkAlOVx(=3>-f7BA*XwZQC|I?VbDq#~KmnL~p{IL)(tw8Z^E}jcUY;KeON2s`Y}x
z{4&wz)Fu>`R?TUeGd%qnly~G;$VtoCGGFf8>Bi}@I0W`g0kpWNz>SEctloK`)5f?
z;0W)QGl&9UcvJaR=QRQ*mQ@MIW29_M^ra0&$eLPPj0|$<@+dr*IOS5BSJjQPy{g{7GnhEq|4TF%yvyrY|CBqMAe7UnS%#w@Xh(P=i{C{eLKM%W-H6KUY*YSFBw0mv~qY-yGN!_g#bM>=Fd>7WO351aZ;h2b2|Ksh&Hm@|ea
z2u26jEUGeyN=5%-bxMw==hyHe1Phj0RMlbYg(h2(xWewVrVM|FCKH~JaRs=nk
zZ?wc#s-jxpf2S
ziP$JLdY>kCA;p$s$NJ&rS$k8mze-MObh+KuC*>R4oHNx$&U8>!+KbyHFyF$5I*7cE
z-%svBQDG7V&yRdgQ!$`NW`d%EP+DaEIdLo^7H8QRWSNuOb9$?oEaFNa5k6U)+jc
zjwir*&>Y{csP{sJ6+A10Gh|AAS>TkkgP9RmrPX$gFk};r^{fv}C%)*oJJ&Hv+t7$1
z8;sAQp32~=LRR=Wt{jArnBi)o#XVGO!V2)!NZm^{N9S3{%Q|K*bUa8m!h0%nnP{MO
zYUf8>>xoN=f0MsI3yuOhO@)C(wcvk}Gd0aFYuLLeO;=$F>acvUj*MyS
znqx}*Qd`$**FR5G3Oy%=GPK|g)Wa2N6iCN5VT1_H08?NMg*LhwbELPBx}lvR;7QC3
z+e7T{SyEN=_U^bZplm!s$8Lzcv%=5Qsmi*PMo#{9#{vnf!8@0Lfu3a(m-3iLnmgGy
zl6c~Y_L#08zmMYwp0;3yu@{1n;wQ?upgJK$Lk+o5duk@&)raHa+RNm_ZBim|UJ8bq
zQ@#mR&+kJq<2k<%*G$q@lR8xuH46l$rFt;g9pcNI+a{7!DO@ws-%ZsZ*pHkcAhJjP
zy(%?w@)&8;5|DdtyD=;AWq2#yi!o_!d04WS>#$ZQ5CpPGFf%$%)Py^BFw-G`Q_3D!
zfHMU0EJiMPX-AezR2q^>C7Z!f1sV||c`
zu)sQmrlqP5vpl)B-d}m@i1cq~chtPI@{|f2&+jf?iGkEC<3kpp7xL^Czq%2mabGJ!>|dIMx*!B
zs`L?~oxl7f>mwFZr66TZnlhFWsfCl7bDkmYyg-a|XB|~*3t-2jl(T?Cc)7Dv0WXd#
zfr2G|S
zLNl#Bd3uquWxtP
zY2@0Yc*d*SB2w@;q}ZJM|aU?$$qty3LjLZARQ`gQ4M2s1?e?zG;;
ztc5i}&oirD)Uvg%V{==CUPbE$&ZT_qMPX$M=lFp+nk&w=ew!iTTn0D<)e(|_>E$GX
zgt`3uv1I=IP9&X{-Twe
zsDy5^E+XEMIUEQ?r4&MFi)@_L3l<%^M`UY+s;ix*=FXO4!s{&eVm--$v`MEu%OeDX9mGn1{V#vJUKv7mFn2NwIQW}Oy_
z>nrxyE1aaLUeo4>wxR{e#bO!j%~f#f>pwH$Kx8=bxu5%u!=g1@GCr(Xvk#_3z6*|k
zg{!F5E&yYrP)KyN$26`K(npeWi-WL&udMVfSW0w9+6>;r#CB(NMV*MJ@Cis|3Hz)T
zF<9@8;o`-fv6hBK2Wb6bcVhz`6^^a1qcsn*Y-u9gOU0kid9hK_mFzTOr{;(83XX~|
z#+%rh1|&I9!gVWiT_R2dI+A0*qXwXlgctHUYDqd0-1v;qs
z0yaeizD69uf)?L6xc}Jr#BdwMJ2B-@V`=X$ox4<__Hq?qq#;{|pGBae?)sJPwXp!5
z1x_6~H_@}nDb9>Mg|{o^zG<5ei<;)Ag#}GsnqhnHBuHdOI$DkI
z0GFwi6_tN$bd3KT#+tC|gcJ~4x_vlYKaZXcycPB#y3_rOH6V{^HEZ1oE%pSLy2i%H
z192%m$6mNljCvo{UB8y;tSyg2l
z3&v%TGVa%|#r}#H;?p$GnFC9;?JEMK$XJK`I+A7oEIn;J!tWmhz?*GJs8jJ6jtvxhEfYtH%9*d|qOl(9%=S;G|2#&r}+chhI--Qh(9LOe$
zvbtFbwtCX(Gq)c*-RX?CFLahVm&T|VvqR;OZ|-ebLg*Y@(HWl+t=~&kYOeERW5ps7
zSXzn*G*rvdjb@UB1@_$RZn*%5NDEZxa8~>U4eBXULM3tK016TV-pQ%7!F;S^v2#ky
zeNUglEvo`j(Ta-Lt0v5&JKW?;{R&TTkWlgkWyFc~>OE(P-f*ZlGVClTFG{|~ehr);
zf0;;o)p)w#z?&D1|4azj@?^7*FBU`nB#h$5&ZNe`swOh4M;H;^vvJnYVrB6(Vrp{9X&O~&2dy0#`lcKdAvMX
zpUjXS#k-4htgKPvd7yq2^Tjq=7Pl+LZTx}G(`n@E4y}*U?5lf(H8Gln{9M5W
zPOl2(WjJI{Iao$wleH}@RfNr=4+HVi*(u1mMAB_s>M~$)lE;61Cu19rn+i;@0MncZ
zQLT$7;>HYls1S?KnSbW4nlZc#2`p4@`=Cn$IYT|N=|p%(FAzMb#d7sE6*H_VDhT~V
z@;@QGNLi)E^-HJ<&1Oo47O*NeEJ~DoNWJd*h4sxoxnCGXTUlK_8)7Cge$s@OyO*Sy
zgmuL+m%?kZdR)Bl`NllSy8S*S(nvM@b{S;l@^X1WR1=Mty$cT)mby%5XOLat^7A
z9P#!k-hg@43E#^bv{B}n=|Dwb5MLM6NV|tyeSZj`f=EuSuNYNG6&#?H_eAAPCC1D_
zC}uMT_4s6J?KX+urZ*!c%@FOZ9A`CEB{t2G7w3t`qN^_ARioZd%24}UmblxVmZ}@I
zep&g5{AS{X#UYBiFO+{IQ?y(5f377Ym^?-6Bs5cB4&JE!##FXdlr-M?1zr{UO_Iqx
z9<%e}K+MYbw5X})A|H*9(;PtmgsLu`zJR1KfFk-CL#;UCg;Ns!C2r2@m(S6v@{)ga
zR5w9+ekbKfwp2K>L_(q@3zfxvi5|!^F+Dn31QlL@_I0>}6F~jjOXUDfO2!ZgdL>Rs
z#`BW;Eec8Q>~3ejPTqZaq(hsoi^^2BxIu;``kvXufie!_=T0$OkcT{oK>Vf63C=Yn
zcWa+;{fk@~XoPC2ojdy76{$s8g3jEuCo9PWiLqN}*3Ekkvx9Dm-Ga&$g}5GpGyLKr
z@|R?WL@~Rf>^W~j8=n_vUpNwrpGFLt`yR|Rp*
zm^Rx28M59Cj#T+S*Lxz8G_f1ICr#o6#MRoyc@kPf>1NsQP}&
z9{^6Zf-Xq|1U&VRZLUZpm_!CJ`p7&dmC9S2$8fQb(EesMzk>Cxb@|Qu_Lu%3Rz8#E
zQY0$s8!b^*XstNcHv|dv5G6%tU9>06>?&au^=n9rHb>gXiT-#p8eU84*=_0*Nf?jw
z@MT$VMfk{&Y2Pf+m(QeV#5-Z9soV%*qtu)UAx?P7Rg}vI$hbsGsq39vIAtYE0==sqyT@6vDqeMe%bkBxvFw-2
z*i-5S9D{B)@FQZk!`AwAf;1VZgnlP_KS-2R)-!
zXrnglHa1we*AFywd@^8Nr1g{f
zsB~XdoY)eWe^?W=a#RFHBBTW2%fBV?K>p28Djna9yLdW!{YfCJ7mW+E!l5voq<9Bz
zRW}zK$3Fx!(pskSNQF#de3fT7d&@Wv6|v#%jF?_hW4r08uY{;2*-1f#XL;^0HBUo3
zMA<>-`m61twOX7K(!s#t2_mpi6su#6)rv(vRgmsro{1t`VqBT6)CisjGbN+V7<8F<
z5^0Amm=Yc9$PubR6Eo95Dnhh9+P*RkE>%_^1@W>m-%3H;61yACx-tp+o}G
z!%|aK?oihfv0owZl^Gl!8tv2iz-J~XXr@aP6#!9I7w~rpSFd=Epd~5>GFcl9ujIr(
z&E_I_Zvu@aTYFa!Szoa
zD0#!tMpsk8YwKFr5*CIqdqLlwB7c%qo}%O$N;oe`fqA4IK0j3sN(UxM5{13HHe(nj
zyS=?vvd9NuGN3AFVC}_~I{&RJftx{~A@c{Q@p*r_d+Ciqs*gmbOc7@@Y!1Qq9jKF`
zF2BS9O^9w-8LTQ~zCQlhUVW)v$VCxP9b7!c~yezV1
z%+kr;*h(L!qvCF}oX857I9sKP8*;(JdtjJzkiFJLvn5QNOj<8F(dES=Py>;-en)V~{;2J#~}%UxJE_+Mf!p*pE*A
zHaO(6mU5yaD)pS06DuFAq2~p7rmMDvd5r2Vv?7_esS?^HKu@l_EH$q`i;xHQZ~97g
zg!iY4e>gJ&%SIcA!BZ>g;66?47u#xJwwO9|@04QV5(zgg!ms3n)OAmIae-BLR~Q#x
zPsJk(WexEbk?JUwrqaZt+gTiNJbg!JJC;#(s~5z8z+88suf81YP`GK8dZnaqBR_BH
z6d{(Rd1LpU?~qADhFW0Lv%{MzYqFjyygFV+pMHHhc$Vx`L2ND`&^@axM!{yqU#o62
z2i?|GG0d>X`&%`gN_-DTRnkQ8MOdYkebl@VWn89SQi1jC!K|m^*br9%PU#!Gu{gHG
zk>YqTl}pfYIUWocCYAVB0G9qKu+sX3HqtI3d!}52zt(2_;%*n`94uZf-+&ugxH}Hh
z6rUiz?$jYZN9;~w>#7MzhK7-_E&|Z@c8YzI|A_F6yE{cnkYgePRq1k1No!`^9R#!8
znkX9NWY$z>c?jpHKic8wptOIeZVs;%*YM5ny7wT{;4tw&DrICbU6qb@izZ^ch9U@;
zQ34$*BY7)x6U>%m1Kh+-s)D2(sNcZQY;(yr&Wg!D8R?royuU=MMeW1lf-_0G8*?c$
zDltRTNg9f>fNXlDh%bu)FRn1&P>mjl^jz7+0_getaMr!cW$U<6rXWi$rYQ;8)eB!P
zgf%4Zi|7V5#YjH7wBDuD8+$R0aI-quB{%_
zUG1rIS``IcyHvq8ltlv!_rd2S(@6hXT}UAQ8q9F+0$gnUzSL@PyHLQyTHLHy4v)9o
zjQ7OWq?+TjksMztnNUA$o)pFiEK@S8B!{z>fp=q}62E9}Gp#`yg&C45tf>6WO$Xsp
z4%lOWE2e(jSIze$g_#**9#?d87T?Iq=6uJ8CWXn2%jQcsoryzIXD3kncGe)tGUJ@q
zlHwxm@_?xWYuC1h6G%oY7|ol?GQ?8OTu&iSOr9OS!@cfSw}W8MSCAgOCF1S6*;XFR#R%7jLfNpUj8OOIR;
zh%OTY(@vt~;KWa&sg$XG0X{&W6Bi@!1F9(K56d1$f~gr5^JPdd4b)^mGG`=VinKgt
z0!;)gzz`zcqWXEYm;ua)lbcnFkKxEziN1=aqsq+O_N4<28?1uiT@^QFZRazgP1sd!?++S=(BLJt_(>M~&
zo-S;-CNhD<4)Hy#+8Lm^wD(16@aw}czA6bbWsD}Kak%a6I|^+#XFqw^ln-}^E1N~^
zZMfI(t!KshhoeNu)-?Nro(VG(RZ-LgLtGAf(Ek0Xt;n|C=x?&a)MIbaccfiG=2A`>
zVLP_7kq+=6wzA&uj{CWYUWl}-;+^ZPgW32)N%KD_m14z2&;b-sW#AE!XR#u)`BkOU
z4h|(Mb|j2SngiCBMe7t7wwUogZWI9zqO&R$H1mm@9G=44ZALe-HL<0otBqV3%m=na
zJb(oy9*XMZFsE|vqPz)(pPFtB(v209c3dDjIoXy2id3zi9BKKaBP?{z!Y-6K+$Gz5
zk&^!{@_ucwIU!8=9yqv9QQ2Q$prn#yE;U27nX^s>_3>Sasxs&<5#oW{N3DSRD=nTp
z-wq%j3UIZESEPo8Yv2VKOTpV4U2gI9Lj4F#%|#TYNOV*v-E6EdqF@^JZRcPB6(lCs
zXOWMuf-qJkAo;PDx^yq?-=&@xj`3sgH+9=c)Ut!fC`x
zouyUEP72U)&EcaXr1IMjXH%FIk{--
zoaZpBQ&M>+nd(JUT>-V{Q?b-n;s
zz>cA+DV*;}oKaOYFk__o6JzFDoe2QB%%&=4+sc#xrp}6+XbI%~-K=~u|5G8*>_kP?
zJyjko4$0Mpb0VPR5wYL#s!+=TOQUf7y{Cs42fg-agnw@#VcT2!qO8Cc6FS%B}qz`NI-$QKp8^&8|X>TO$k^+C8m%J}9Fx|6^Mj{4ZBk
zg3rMbYB|+iMW7iVIYea>hmkUNonxbmW8|?B;m{>-&H_{`e&BrrrOc46=X&OzH-qsi
zh5nG*o2%KiyLK}FG!>y;xi^C
zYG_L%)`xk5aIF`KmQ4G_Mkh8+8i+)q!2@_uBGHV&pp>X+cLC~Wc|!bWoxbZ(@|(7u
z=_OOlpW`jS>5C3a$C;)YpK!}V|X?#5G57^@Fu9=$nwY^uujhsCt_udx6_`l-%&B;EHr!a;GiQIkRY$x{0=1?~1K4|T|
zLadLa07W@i++dp?H7K%;zo6DJyTm06Py~zrd=?p=XLl-r{0k9lfo|X49bI@7EJH07
z!2&uq&xcOpFbzl7pevc0INSQEbLry5t+?Je>zx+u&4R9%&5C}fv1<$iM75f_1wyR_W)m$J9B53
zhYLHD!D163Gi*VR@m-T*IqEPlC)44_K*9MRnkfJb(Zj_lN*!O_3p*-awSJg
zqZy7X9SVe(N$2_gB6AB~$fP)}dNzCot$$C$?CYpltsn`xG`DibBf4e2ej5QID|&(s
zuwKaRqiMYd>+9T6z_l3oYH2YbEZErgl!P7xAPvUHMx*YvyHM(Ea9Zj)T*uY(8hHd9
zr-e|vswx$SGKvGd(?gX71dY-$CC~ZlpiiD6gi!Vd;BkZ1f%Q2*m}N0}bxRuYnlKcG
z;U?(imXqs(VTk{`>Xk4rS}{8!CLG&s4nfLrgmo;{>Hg-$3EAFw>bcxk5Ehb@jipqp
zMM0Kg5K$cSweH3`B+?dy%Y}7{MB414U($*~*^QYXftgt_2+qG3+DRQ-X47GGMrYF&
zM2lJOPp+tVl`|Zvz>w3I_=Mkjt8e)=>KXzqYdqYZETHnp@>ah$=&qlnX3}Gx`02co
zn>je$vA*z~Nx)@r?L4-%m%N0%z1AHcUmL8i@Vn7NCRM3ci{&^WJ8Xds#>^i#`^+oB
zGml3sz)Y2J%`sbx5&=!cJI|bEwV=^-;zSn1m*bj4jB5%ofw~b0YNpejW3^#avnYdn
zM5zm>n(viq?c0I~heCtomB>5l$Y6TF2v*)96
zS@TrMwCDBoK3Js
z+k5l1o1b~hc+{g0xfvFJ)ZtS-vX)ra5p(dW$LYJ~%my=kV=tR+$K3g=uF%T#%%AnH5tS*
zjJq>f?S{u^8!x#Rl)bU??F`JZY8ymn)pxq#x?y
zMqcE^G=FoN%+&Sjb4
zUtaf0tu(i3fuo#2kVNQ0ucmC*m3_inN#mJ`(K)zAqP-B`KfWw(7v)=KH5@&v${X{o
za^u_MN-f`pCb23C&N48X&H~at+>yWr$1BYNc&U?2PW~jPeTjtzBboGA`kyNcy$r$<
zFt5lUYD4ERU##*<$ZVS2i(zCa#n4w8MbL0pfPJi-n}}K>lqwgB#X(jQDSJ-SD6XSy
z_nMtGKcc;z3)p_9b|vi?TSj;oPDS7fb;!5R
z0Tz)7PacVHICj@*^HU7iQGt~~;ci4#q6A=`FDMkaaMy4=5$;s0V3yoZc{|E3Bv3W#~(tVI)wWds6=Ld&v@)_It)={EcG=Hd-S>7%X;2=*!%*O
ztrtU!qPcs6F(nevrZ4_tZC2)*`vRoemEArYN^pQG|4j1sbSuIVaDJOubUD`Hq@v*s
znBcs$--~0IZBchU9G8fu^+kJ1*3{o#bXU=sTovNkB$&9L#1We2KABiXsUHIdHjoIHu0v2WM$$u_fTIlwA{VllXISNV8P`ABbcTGc!v~f4IpUfySA7<3gNk{qqSce-V2+R8y7J{
zbm)k%zlQf@Z37QS&Qgh8J~jW0gGTt;5AtE?Bni;88%-9Nj<_BBJhyD{Z_L
zG($gUusPc(d-;5Po}e4h>$bM~BXq%H)VuaR%g!-ROr(4V
zQsfhh?+e4>dUt(mt-Ii}iL(>S*qC`b6;(|>Yu#;R_|~_PS7do|B;!-(JUlkX+ng;p
z-I`18^!ddo4bR~zBW8D?MxllWy}?XjhJ-BvI~ffwu1)UhjxG+w=#!VkZgJ*^S)eoh
zoWVV_@HJM}Xro~JMf_808I(hrH|^O$)QhVoZGi%QGKd3iAgUz9W|l{1Uc`GG(8}HM
zMeY!n;-a6#__K_fS>BYi#BlFOwM1U$q};`l@0$6d28!>?T##T*fI+nDrbcVxjaXNA
zff~wvYgp2}7-B-pc8|eh$Z=|B^810b)nnUycpazD@gzHa*nI)7Z6pyn&IbSE^V`_#
zThz=ve%41WB<~{QGVVS7Si2rdhGY^ZzpxF$z3~bMvRDJ44HrA`;eyFhPrTPpjDu|!naDBLG
zVIFuh;Jt$t!8Fk7omD~ED-k`~eBgn>X!^Zz^<0pr2i=N}M67)o4dgCuj}h2JnGTFX
zQ3cUbz%oeGOTqYc5i3kJvp5A0V$RbAFU6VyTB@(R|HavN5lTFG0fIc06gx&~BeY3m
z=_C>y8U>}W`2l-*!_wU62@4~qlGwG(r3_u7_>3#v(MmN3?QNK5lrFh@d!s)Z^iGp!
z$USpXFq&^axhcV}n~4oX;J896b#P(q<4PQk_muim=9BNTvj9buT1sYXot(GO%aU!5
zoUAK}QYzQ%kj8>7*;!{D1C=7Ix7k{M9cV?A@k(P6@nCcQCSC@W7|2mPP)0XfJWV2W
zA__lDjn~iSEW!)tl1zYYloz&B{Sm@Ht(j$=Z#sQIo#uR+OylN&0yr?K8?P0M+#Sz=
zvj76uZZhZwOW?pfO6qTN*5h%06|g+cZk#15fS|`#ov;Ayl28(i<{aiwayZs?;a-v9
z3qw)q=^(j@EA(G$lAatE&AU^p=ACtYgm8{Ef&y4f+_Q%H2%~N_)u--MX#|A`hL}c;
z^TMGD#H?p3nqdA9UxkmmeJ*5-xfQ>_%T0=3z${SSDSpAFvY)u7Of)cF>Y-y|1X*A@
z;v33-bp?L1XzWo9`(b($i~U&>i+f!fzOT=cUb)g&S6AJNG}`N_{&p#S?p
zrH^~1jPF#+AA0}u!+PEOl-hNJ#PuK4>%QWrezd!o7<$F(3`YNU2^Q^p0uABUh(6=f5
zd!^y^+j{-wir2sE59GdA-YN8@N^gCajKlk1e6Rfdr$uUmM(+|RDNGjaWw
z>UCF@+I54(^*{Czx$oPQ{;tyBQyR|agFhzMKl-nQzF6r?l)gjhkNu5&9)5q%$K~(u
zFsj#oLTPyY{r^&~A1l2>?>kD||BZhu*Ps2Q&~H`xYNg@*U-7@>y3hYtp$}I2#Y>
zeS^~Q`@f~%|JP5;_sg!oO|N@}(sjM>^AqE9?l^2GT4FTG6O^B*53pBsJP!)0vr;W{>YmyYjNdPV6~rN11|Ki9F*`+lX|
z|9(mjC_Sk3sY;)w^m_yP!#XzlvpW7crN6KA50rjV>8F%_@mI<3KSb#vrH7S%qtb6u
z`t3^ZRr+qFf24GIkKFIP($D>B8Q)*&W0c;gbV=zcr30mxls-@C^OgQ*rLR%?drIG~
z^e+Q?@DcL+MxU(XrzriafIi@na{U99z9OKX*0Iqqdz4&n^pK7ZE8Pm{r*v%e>%K<5
ze^lw~0{S5xe^}{rZjkGZzEa0V-=pLAD*fEAmFtb})A4?#KN8T_>e%SLkCyKn{ZSpi
zLh0gT0sS93{&S_DbCcZf
zK1!db^!ZAETj|@B{)N(yDShPQe%SQEpk7j107#d`rLqiNXJG$spC&6eb8RH-xn&qMd@Cp|0$sF(D6H!{%@rV
zExFHw1KQK^iqcmF^tW~VHl+_;l>0nP>2m}6MjijE(!W;vH%dPf&@=nwerJ`wOX(jf
zea(LP-01ss{C=fJ4#?+5@6_>WrQaFQH|yBwA0L$O8$GLX%;*oP{4)BWBXa#0D%}d`
zTXbyn<2wF?(#PK_-@i@iH!FRH(qB^gdZl~5POdll^*TPM^t+WlTj>u4^y51Igwl&g
z<$h~QZ-2aujeduYpQZGNZj;ZAKKKbTHu^M`*GAv1<3CdR$YXN7(Ip+9Qu<>`e_ZKD
zlzvp{-`+0Y|2w5mJT7CS9UXs*(xK8VrQf0SSxWy>>0c>bI3f2l`d}R!eWH$yp3(7H
zrO#9Pe5K#gmirm~P91-j(mx95{ZGpEMsLuu(Gxm0`V<`-{T>}ZN9ijA`Y$^Ew9+$A
zlHWV4bf|Po>8}R#<~!tiqtDi{(Vx=sE0uoRDY@S0+jMO7);r~Mqj#N_vC*-PjsB>P
zU!io*U2?tA*XY>jn{;gSVRy^*Mqi@imn!|0fIjq$Ua$02Kz~ffKd$tB0sU(o|BccY
zot66;z3%Jz4fW`xzX3^_;pI(8_*+9)9aP41@zZ-{AQ*96wn8JgM9yiN`Ee(
zk9@j({wSpfzfs0UPwCj`$G=HF|Af-d1oUCwET0>_S;t1(&ydegDt)2S7b*R@fWBGB
zM*mR9M*q8xjsBC4jsAy@{NCp&T?*(}$3}lz$FEZQrhs1i7P;RumA*ZopVG0>FX+nk
zM!!zSN0mN3px1P4^kq7JxzaZT^nE&hztV^H^<$gv#sAHoKS(DF=?$fc+zK)Gv)3MQ?
z(ebO5{+iM^DgB~>+~4RUb!_xobZqpNOLD!@m+RQ*YjkY%o$GSF(SOsi(VI8qbECaY
z85{k8j*b3{jz6vR@KCNd`Xn9Sq4duJy1pgX8-1mYjsB*NjsBC4jXvNW`M%LZIyU;_
zIyU-?IyU;=v3%d?eI_zCdQitkFK^4|Mn9@!qX%~6^MgvC6VP|+*yyKqZ1mPE@_nNd
z9UFa)j*Y%t$438D#~)PsC0FHsM$hTk=rtW1{b?P)O6j`;`bixd{rqckf1{7pvC(5X
zHu}Rl{t=~bRQjt*|5rd?{7kvO(T9DjjE&x{W24`qW24`#<7X@V0i{2v^w*TWN$Kwg
z^j~!RX{8VUHu?RpRQfojH!FQ|K)*xBMt?xZKdAKm0ln|H%l+@C^rnD*zm8w5^vwbN
zppK3HhkNCIM!!+VMt@evKd1EX1N!CPA>TLpGdg~?(q9hfU+DN_N+0kn`Thfye!0@G
zP7sepfA(0(XaU~x&8*FcLekqIySncW24`tW25iX
zvC%)%vC+@|Zuvc?-$41|zW229FzFx2NP(YV-Z1nXyHu`BD8-2hFe%Q&$Cs48MCnVF{zO23NykRttz)B~)bXd39{hg!eWQ2l*yx6ijlMv~M*mdD
zMj!iPx!+AnM*)4dj*Y%i$41|!W25(ZiQLcVjXE}ZyN-=^b!>F3W23LuvC%i{*yum#
z*yxwPRDS;}l-?B3r|a10%XIv5rLPI-n{;gSojNx9F&!KIjE;?d;Sb337`<1=M*l{~
zM$i19TyONZb!_y}|F?W@^c6Zb`sX?}y7!0VdZV}N*yt4<8-1aUjlNaKMn9lqqmO@?
z+~4Rg>G<_Z|4HdTEB%_6%k`mu?aU9$-~W@+%^#8R&nOMAfBH}B=Sm;;DjDCcG`#-M
z8|Cw7EB!mAH~gynJ-q&Veog-V)Hexz!LJK_htlx+FVVkWQu=pF_q;iN|2OI1AMhLU
z`H%iLq3=~1-v4I3?pu}Gbq{(={Qj@i>;6rtU3W*~`j-Cgy-Mx6XC|&+c&q>}nUt
zn=*drZ^fTyq}Tn1QoHVa;`)Ek>z=6hwd-D(xPC{k`%R^G-ESnWU;b@*&L3C$jks1h|6Be0t?!V}&nbPj((w7e`JHmzYm~lK
z=|3tBumAQxmh0cH^b6i2<0mQ&um2JK`^S|YdY@dsr8K<$CGVBb|5@ov^tzu-T>p^w
z%k^EQkNAL$zfoy;|9{ZGKk-lHx}nmaP#RwUY5n_?J}B3p`jF7?RvKRa5&iqkAC~LB
zS?TvH4X>{rmL#n<`%a(7%`at|>k9k1~F)
z((wL&{8{(qKRy4mh5nS%*D4LK|FO@J>u$P_UVmSqZ&4av|8c$UWx;j#y`Ow9y#5B2
zvu8g~J~w)gj?3av?7DB&>y5rz$41|y(HSNgR|AFcFBO7BoQ3g}C8{8FX&d63-C=sq2X@gn>6@5@ThD;+DH
zD1Ajhe^wYqzzp3Nj
zQu?WYKJ1I+`HbGKW20+2Hu^jrTO5nUt=QlHqkeAmArF@O8@)ltMt@kxKce(KO5dyW
zpOpTy(tTen_uH@ZHv;-@9UDFM5V_vyH|f~udvyF>rT-YvhyP#leWNFJY;>Yyqc7F5
z(bwtN=(~0NM@l~v(69Ou`Mo_#pP=-KN(V|WDgA+f{MN-gds74Pz9z3w4jF5fqLO2vRr393DE+TW-=Oph_Q>Z(@7A%=k&cai
zuZ}Hl$l`>ITD;K036ZB3w_w!b7M`p3c}+lnPseXp`X@?1p!6@5{*}_@ua@UOuk=zt
zKcHiypVG0>`#nOwZ*-vJOG=*=(7)5M(Va)i_l>?($3{P@W25(Zlw5DLt>cqQKkIAc
z^Uqd#E}$zqHu~*1$o2OsJ^!^bHv0QI{sX0dAJDIQv|PVO>8XIe_%ZUi(bwwubxJ>~
z)Ydf>k7C#Tqh4?HD{qwh8-2cxjlNFDM&GC7FkbHc`u7JtR_zV(n&zSTgT5<`s+&H
ztn?29`WYP?{lZ)1_l*9$j*Y%c$3{P**ZrAZZ}gKoHhSL!@_R-fs^f<#{f2=4
zXC1#r=^qF5<2wF?()%5h`y2gv9UJ|Oj*Z@ZNUk^fTRJwn=dgTk^fnzE{U#k7{fb-V
zdZRados5kh)v?ik(ebC1o;)ho8~x-HWNh^IC;orjeFvOX#TEBMP_YCnSP(@)G#1>q
zu&~%dd&tt+T@_1wEV~a_*v9VC>;-#6WA7q1M8%GpXe=?tipHq18yl9WvBwzw&YAQ7
z-*@l4`?jI^zTfwLiNpQxxo751IdkUBnKSmxbhlyl%ybN%nO=kErATl0(%10J^iw=D
zO$;~wOgF_d({u2AF4C)!vR}|2WeM=RymZ?U#-C{co|ztoXQt=jnd$9#X8Hl1eg7Te
zeMee;Oq=n{bmo5ccc%04%=AV)GyN-`UqJefmv$d*{Fwd*&rB!dndw=0X8H!6nQmTU
z{FwH^b6=!A$JyVR?v7`sv+&IHoQX!y^cp-bMf#DKrY9NwRHVltJsxS}WcxeQ2k^{v
zvr_x}=19kS=~6s1y&KO=yOr7dOpEdC`w#j43ZxqYdZuUM`7ET5d+FDB{s!rK<(B{Y
zNPBzf+56ky7bCsSOCQBE(^v4!^gBE=?QwwdW4be*nNGtq(+lx@5z=K|T5+K9n}&3m
zm##a-{@xYo0HgzvzTu_2A7u3Xk=A+X28Y<+H$+;F)c02*J_~#&rGM|ndt*~X1W^B
zOgEZp{Fsi#^EjkUUV0LqnLdGMrXS<^6Qr+I7=NZaPqSyHHF#!v4W60)fM=%ND(!uy
z)A7u7F`k*eh-aodRN4DXN8_34v3U0V?}*=mzcYOo&rAz4#-C{h&(o2finKNVqt^T_
zP6MCIy!0_VGyM+FOb?xI%8>7I^)lD(|UVmIt|ZEpTaZKVGTylv<%PXNRRf?k~v1tbSa*huEI0Zukg%ty+(VV
z>0~@Jy${b!pTaZKO`Gt2NEaeK9O*?~`ZS)IevIc&kalS{eoTAdndupLW}2F7^h^)L
z^Aw~@z4T!`GyNFPpCB!qXZ)Cs!86m-@XYj8JTu*LzP-2fdK_Hg?<)4lP`bON54K89zeui}~Mu16R@
zrZe%(^jbVKy${b!U&b@jAMwnz=1Aku^f){pkMvtF?S7Qe_dvRDNeiJl&ps`o5`Bw{r$!(EWI6chhAmRKK)go
zzZ~?hfj*Uoe&frHPci7%0bS2L^j)tu`bU>o`WK{UTw~8qBHd-FJ^SU`*?Ye=`YS=d
z7xJk=dLB}r|D5YA-v^PthV*r$KK;;JjeflqmY#iwrEeki>FYrE_3cLYBj|3p)1H0$
zk3jz+=ywL)IeF+0zRmb70(~jyX5^tSzsuX)zo6Gq4PTcf`g^v6DF@7;#<
zRir-u6_EQsy=U~T`7gBQk3c@%-#30tcf~W)eele*4$n-l#Pd~1Uqbpa(tSTL{!BA?
zW_k{u&qexIq%R=tyxQJx%^!kvn}MF`csx%)T9357{tFFw?;NDNY;WtY5~O30RwJE-
z^i-s$A-xglhe#Pm!}mv^UjXA-FyE!fzqS2i-@f77Ps!(9@MGHbL#uD5z3}YsUvCTi
zBrkmo&whLce?N+JpMk!;``e%6z50)=yi9M!^9rPYLi!leoj*2ursMEDs=MLzL-@Jl
zT`*2XTjNu(T=P&qrf=f;Eu=ppZSVeaYx|MD{mi$AwYJ~Ma_#?#)$0LBZ}HMk@yxXJ
zpGM!>{^pwQXEL9&k>6sZi$1sfnO=+M>yWNQ`hPqAL3`sDu-u=b{7g6emwhkOUGU6w
zZ#*-djprJqry=$C7ybPtf4_1CfxzEIu`%27b
z74l=6`oikNw-@{N;nwWI|G%AI|6iX^ABA?vcQIDT_>94-D@xgRgJToo9b8GhYHMK|ozjmH;48FS>=`5s+ymSeknf?*a
zOy9us&uyRmrO)@V-2X)Rnf`=lroFzh{=;-HJX0=HPxbAiYkHoI`HV+?Ow)Mw_YZyh
zWNYWk{PST`!S`#V-yq%bYx{nGeb?%9=R~K(4Qu6+bxy36csv&GocKHz?~+*DKaS7Z
ziQ+%S;p-%>n~}??b7I{@adRBrHL>N~IDEatDaXd)>r1A&K{GoiHc0f2#Wze$8XHId
ztHk11yjx<$1#$EnC3cQ!jLwOTr9A88R7B^*CW)!N;_yuqi$}!an&j>ET3+>naHdnW!Ei*J)tb_F^odgZ~l
z&4X{32k)H+-#!n%Lk`|akS>XT{p9~)Ljl%GEO_BDWoD1y?>(Jw6K^eQtlaNbtDw-{9!8{ge4V0=yIYE%BFuujS$I39jW~
zkk(x>EZ343J4yfV0(vuXBoe;{-qpkRa(K_gqv$83A1}D_|IH;f?oyJU{_27M?ncAE
zH8^n=@T=B04u?QS>gz4lL%{|%zT|cHV?882ob^!X;s2Ev^?Qc`myzRs-K0JgKNfgb
z;JXQ~-^Ig4Ujv^EyeAItK8*q$1AO%*_Fa{rUj}^arH1ze{v_~w*0%~60{lbZp97x)
zd|jy@Ezjr;jD8>BI|4ru_`$$O0RI+;xTXU?1o)evC;!ud58lxDiv)2$ZN8S;rJ+ZB
zyUg)$wo9Xj--~={^z4ItHP*L&?_XgIy&U*Az#ERSauxz-e{KeU_RlTlAIfJ5=ylxc
zZz%B9z#9xs%mQ9@y79jU_=&)Ko?-ZjmL!$|f8tyN(!k#VKK)_?x96*n8c
z1#o>&@w$f%|IVs4aV_v0Up4$d`F{Orw~K3+&E>sLiA@tVG4oLz{SGdl-1)A^@yVSp
zh67&#Il%F9nBZ$Aa_8A9hv&}wvmBq?d94ZjS9DZ;HUeibvtrMI{g+DzkRQwQ
z1n3!TjWcD>^^8A*gzXPLhXQACD37-eNKaTm8@nJCC
z8sNtR=b=Q_|Kq?JM0Yai*As<9%frKvy8u5JID<*d1O7B{I!UnqY`T&0VQ|R<$OkwN
zEo=|`4&V$1I|}vxo#5Iompo|w=UL!$H#YtZiqoBZfHSBozjvKYjGl)F*xwcjuKdsF
zWc-=$$G~s7-rAS**SgXuN?&lJ;U^*Aoq-?yo(a6OAScTO*ZO48Q`W=9z!{8#{oyX)
zG*T9Vf3MAq4-duiyQT}S`0O#Q(%8hTpXXQ=CXC~--_Ax#*da^tx0B2BI
zsTTKp1~{Eq$^XB=d3g62&=>bL{yc0Z;@AC-0?uG(vw`0uxYonY%dOuo1-`+K#)r
  • GXiQ
zlP@hldsxP3k)#Y@C
z`a(LOzK9-O<>g;K)QIz+x`OUi|B~)fUqZL3E9n+>72T-*6ol&(-;MwhDP!=PyY
z>fg`>>fh42>fh1X>S{VeeK{RaUqO%dc=@lP2h_E6ulh>5OI=5|sprxy>M-4?zKX6@
zUrkr2>*-Q;gf3EFLl>wU=v?)+bhbK5XQ+Qq2h`Wmqbt4q&!Y#_jdZX2db&$}1Kp;+
zk#12p(T(bx=vwv7bcK38U8?>AU8MdaU7)^&&Q;$^XRDj(4E1evKz%zs+U@0k0X?8@
zp?lSTqPx_8rrXqa&@JkPbffxCx>kJ`U7=n?m#Xiki`4hf1?qe0T=ji)wz`$hP~T4n
z)DO_3E4=(KrU%q*bg%kBx=Z~K-KKt+Zc(?>jp|3}TJ@uJg?b5Hs{RXIq<)MpP(M!R
zs-K{<)g5$(dMO=HKS_@+_wwIK52(B7UiC7%OTC<}?x8ExtLReo
zQ*@E~X}UoDS2|byH#%Frn$A%FoerpBy{XE^G?xP#k
z|DbEtFVGe0wREZapLCJ>MY=%!FFIHK5}mE?r!&+q(*gA>^k|ot|8?|$dVua#ze;zh
zU!&X9uhT8+LAp`>Z@O0f23?_!(WUAkx=8&dU7#MObJcIr+3FEGL;W@#P`^Wuc6#|=
zPY0b2)x=Z~o-KKtzZc)EaH>y9NYt0Gt^a3;q8YWX2qT>q%$2dyyvRm%?>VEnt(%l}k*K%GJNs&}Bf
z)H~8`>YeBobtc`Y{u*7Y{yJTuo<^6dzd;wNO&XRGCh#gTut{NNw*
zua*y5BmW&<{^f&;82_rX>0b42beCFwNEG9LwfxW~>R&BC9F6h6`a5*3dJnonEgxvd
z^`ClAx=1ZQREhkn_oj2z`_S3y96Ce2FC9?tM~^
zd-K9cTI%LiYPfA!IHi#kX*s((P&s((mVs6%wA`WU)M{Uf?SEkEdp
z>tFS8bhcVP)QtA8KAsM!e@u@)=H-7jJ)kb4d(|h#{+6S_rROgF0K2aD1F
zspSWCaQ{nvGF__v8C|6QIbEPWh0ax%4QlCc`sO5(eQ2*)+=xlX4ouQTw{G$I;
zUqp{C@$xS}5QO7jT|xJ%Z|Bl_0@ER
zx}GjoN9ZE;HFSZxfzDN5OJ}R2bcXu(bU=L_J^F~3|9SL)x{>ZxUr%?bZ=l=MH_|QY
zCc0656J4vmnXXXJr%Tm;po`Rhqzlxy(7Ebc>1=f~ouR&s4ybRZN87#pFQ5n1Ep)H?
zPjr|1&vcvm4!T9XkZx4pN!P0HqAS#k=u-9FbdmZVxh;~e7|
z##zRh#%ac>#^ZRUC!zk0M~nxJ`;GgIR~vU5cNn)Dw;C@rZZ>W*jv9xJtBtFS%ZeZulX28IY+P+zWn6AtW?W)iY+Ps@
zG|o59GtM!dVVq^0X`E)9YCMitf)ncBc*J
z4&!#?R^x@n&Bjf}QRA?2wQ-ekxpA3siE*)Up>fbS-#E`W$9RTumT{(WnsKV}IHn9F
z)W7kF@t|?Pai8&O<8I>)<96d#s#g~rXsO~z54&!#?R^x@n&Bjf}QRA?2wQ-ekxpA3siE*)Up>fbS-#E`W$9RTumT{(W
znsKV}IHnvX)W7kF@t|?Pai8&O<8I>)<96d#s#g~rXsO~z5<
zuyM64&!#?R^x@n&Bjf}QRA?2wQ-ekxpA3siE*)Up>fbS-#E`W
z$9RTumT{(WnsKV}I6hgBQ2)jw#)HQF#(l=Cjk}FIjN6S{jTag>8#ft8jl;&(##P4U
z#%0DO#>K{k#zEtJ<2>UW;~BBB7aJEE2aWTM^Ne$hXBcN0XBwv&ry7srlO_rEZ#-f=
zXxwkyXS~|D+qlEH-MH0wp>eZulX28IY+P+zWn6AtW?W)iY+Ps@G|o59GtM!dVVq^0
zX`E)9YCMil+$7Y$@rd!Daldh&@oM94;|}9?<5uH^#?8h}#!=(2akX)kak+7safxxU
zaiMY0INvzWILCN~ah7qWahh?e@i;ztlu-Z1BgTWq{lkCC0_Zg~mbSeB(Uh9OD_rS;m>hX~wC>IBZ;PTxDEtTxMKiTx?uu95l{1
z&NI$2o?)D2oN1h9oN7G&u&ICJ5#vGQe&asl)yCb%9meg(t;P$Dn~j@{qsC$5YU3*7
za^o`N660dyLgS!uzHy#$j`0lREaOb$G~-m`@rO+P8;=+d8uuIb8Lu|(HtsNPH*Pgv
zXxwbvWE?dP8&?}w8J8QE8J8Fr8y6Y}jq{E3jB|`<7-t!08mAej8jn9{>fd<8c+j}t
zxX*aCakp`Yal3J=@j~Nf<0j*%aoD)pxXQTPxXif3xY)SRIB1-2oM)V4Ji|E4IMX=I
zIMsN(&D6i~i1DCtzj2@OYU6I>4&!#?R^x@n&Bjf}QRA?2wQ-ekxpA3siE*)Up>fbS
z-#E`W$9RTumT{(WnsKV}_+nH4#v{gq#{I^9#;c9HjXR9nja!Wu8aEp^8Apx7#?{7E
z#^uIk#wEtZ#)ZZ~<9y>h;~e7|##zRh#%ac>#^Vo|`Zpdi9yIPZ?lWF(+-=-p+-}@z
zywJGWxXCzb95${tt}-q+E;BAME;cSS4jShh=Nac1&oIt1&NNOlPBk9C-_*b7P&7Y)
zu%T$`$5<3PbgVKn)R4Nd9)E{BE4Q9lm%eLF3jVj;{TJbTC15n~Y58Z*jiJc;P}kc>
zgu2Ey3k6n&dN)??gb4cF2)3G7cQ&s(z3tyk-{s?){3dLhQnhz+s4oA_tMO+jGFZ7?
zs3HGsERTHy-~Ec6H8C-fV|eid3(SR6T!IsA2ON
zGm+F#BpA!>3^fGTh9W(&WB)xdQCI!^6_@TKOXQch5uhjb-r&Rp7f9x0!HF9uCK`&L
zub(<3zgAvb{rtq1DJhr!jA8I|Jq+_CHfjhyU$^dvx>YrivpYM)#(QDcCmik2{Lq?yN3zv;dhJ$Wxzd@OtJ@W?``hp-X11N#P9tzk=l=Q0~ll@Ei;LB@F$n&o!XVpvOO#fbxRbN89w5IxlAR)dWUJbnZ
zsjt9xs9U#X-KzB_txvi^hIf%_4>@b4vR2|#`k@Hxx8Xgs1tdLoR_H*d{wq^sU;C$1
zyP>)jGfyd5K2J86_JXD|hOlERQv&>FRv=|w$#Pv=_tsQ@D;h&9iUvQB9p>S;yV4)U
z-wnlM*wIdGXxLHf+KGv$eDQyF4DaICuT};>NLd;DFfdt6XEG*DiX=2rwO&#gIy|`k
zl5fjj>5rs*Z=1?(y+6~cwv=D4PZ{1WR2Liz3_rUBNQvi1j*e-_ats^9Bp27=3#9zJ
zu5-5dh;^=07hpqKlJ%Oqq^G76i{yXYpr>Y)Badqmxi*pO{7j8O5_#vV5_w51wnzWO
z#MzO$t&n($ePzuy%*HA4T8@Qus~7Rve5N6Ffg8^%Z;6|Y`j00jhPU)@jGgT+ft)5X
zX9NDMTQSYw65?eOsanVAvCT#JLMi`tBi{8DyX)}*cgcUFd=_|-Hx#c+e{_elBlBzt
z`Hllt==YZ+IZh_)M)9YUNo_=RZ|%?Omn=q#*G5*=2cKvDqVrgm4M8kl8H&6Rd;bBO
z)7S8|Ui75W0#O-W(KoZ(EM6Z9tieh&$ZAAbxK<8}Py?H5tRRAxi}HUk;mDBkJ{gHw
zf>ym4iCH9xxx;_7NuM1JcFMLlOS_B~c4FU)(PSkdf0yMG@8T$Yr0@>xZc!*&CF>Di
zPwX6gSv9hJp11iTd}tqqf|iCu^;^!NIwRhPxI4KLq1>|j;d-2LUPV`k0z5gfmDIj9
zpRKOC9tp1rMVc;Sa-tXGpQ9t4_2CQfhs{Pqus;2f8mYXx^?|vam0PZ4Flp@dNIRmL
z*D0}*ZjAHf0Fx!@k2Fb~_4DMQaDv1`N9M_a$E7_rzJsnl)Kjw#Yvg}i>l{AOyvs_b
zq(~9{1cw|~xJ`Q}^zSs*)uY`x3EkdXGy}g?Hv9_J&?I?9l`RNG@&A#3NObKVPE7Qq
zK69s>65Ksv>FtQ9K6pFBN#2~W=f<2}p-3c4D39rkSdZ|N-}LtH_GhW=$PjQh28`CT
z2WbdPLgcqNkt4Q;^e&BgYsQ>Dw~fhRNJ(e)kQa4U$k|?&?txz-a%;xvKy`;zJ;4QO
zPL5DZ!A01}sqo-pw65D^c0S!H;OAcAViXeFW&K|e3rqf+@5>6O
zVQ-J00Py13ux4U{`5fLn{Sg#eL!mU+?VRR%*zkc~f97ub+>`!J&P~hxh{HSnN6?0M
z!D%W~yF!{Qnz7dpoEY+2amO5#plPiQsoO2wEG7R9RORLSA#teUo>&;Mu^MIX(Y(ul
z;bijde=+@?668w!oKZvSnmaa2sp||xQhV?Rwx|g;gk>jg-IrtZwK9AK7T|=-74cTE
zyBAa&!jI8XCa;%cy|CEvq4*uOP^8OS!mVZeg3?A`_Dt*}d}lvlB{EQPnv;RT7iCye
zQ#ZDC`qkxVG7;o%r!Y5;rmjbzhRvsh=7*x0ugeC3HQ%3Dmz=2(YO$V~8VbuXnw0BD
z@ugcgz*&<9_y9iz<_0)w(g1nr&D{XIF+gyE4qeZcp580vp4eXaS+!7PS%@{q&U`I?
zXwhL$?4?B$6GN{^;b8qzr<8hP-${((4J0QqiY8wae~>6{wNadiuNnJNaYs@VC-|cH
zDWVuY)l1XNVM(9#Cv05DlsI+MD1$aBOCCXNEP4?2A;G>LekDGo@5OcxepYa})J;mf
zbsg$12{pJ~rrRv%Nw4XxLu(pFUl3|&n!`4GpzCG{FOVNd0F*&T+uXEdk##t1-0rcMXH3f(@q
zz9FSv~e~N6HWnO;S!uLp$nPIV}!tu9Sjs;*q%li@=|}3<({&tTKqG
z#4;ShWf9s&P4&d|${q0Ett+>~f72?rz<;-?`j#(XC^}oN`%v&~WWx(^@#nub#EPnQ
zk>Zz}O}r7Ax0}$O%Nl|&;p}kevg$3JGxr5p5D9+T5d1Vcdm>W&X}B}JsS`&?t{a1-
z4lA)uU`_fXxHs@==*(4Ew=NV|g;XE1ta61D5zd90Q)efEWnAQ>lttrDYu#JU5fm?k
z5IQUwk~>@V#5P+jwf^qP;D(f%>Ua05l6ql_+Xj7ceQ?8YCKm5kmF_M6Gsf#!jLO>J
zRu)q>^aQdXVYFvWpL+)u^#tF;f4K&=z&;iCi)J!5*K$qZbP#g7nf$!|eWoqj*~~lg
zz0KZP|5=-DiQUT)=-aNL@I73CX!egrFKil=T!Mtqs#c+v(K!|`F#{n)hE+YWZ^(s!
zTv_ZbgEpxKEas?pR~h~^$Wqjx)Z*d6C6zp^*s>zHY?G$=N=@}EX;nEIVygVbYxk;D
zT&b^)k$gKR@^ObExiTo5}*|*{Ys)_U0Wg(n0a+5&fduk$C;$_qK^2_@not
zC^wro9GGVgjCg*zne-yKOSOMZ^@saiek}fb=oM~nD+jc1r@lYE{a+&8%$R#L$o;Be
z=hCV^_~Gyah-%;T@Qr%h{*R*jZ=|lQavMY&Ob@^Izm~?m*#2^%7r~VeL%E&8zvQ+~
zv}wBRpur8w&U?2PCMM=~rqA6O1DciLOso$yge8~^TK7wTgo}8Vs>+@;f`NY^&kQxZ
z(jPoMyaK~NFRm$7Uq_#Wj4yIIoo&RoAna+Q=ODeoM
zXp=ih8nE-jUXrXgkH_yuo5`5m+%^=5zS&Ni
z-$L8+j*dyHy&Bi5zG~lv$#&Y&6ggVGL$xP%)O?|HpnQlkT+;P*mmDOI;y>On$UW0P
zjllj(S~k*!9awmp3ArFKq?X=g5;)fcz9ccQljh?kq&``QC;qCN6P7!<$VCk9=;8w$
z`LRaHaP11|@g~2g%)4=+NV^5lG1)9(paA}L63N<*{!6+J2t;Ue9rC-(Rf)YZ$<
zuxokDI`>E2)HS#_v!&0%|2s!$gtrIW+b`%(&~em?TBUF~gkI*@gK9D>S
z&vS5uO6roc@dI25J8?Dy7f63DM}kIHB}anE_)fZo90}Nl2Q&WNJn>+z4_|^*B*eCL
zO@}N?sVqZtuE1YX7(ZEyf1^#LbCmz7&^clrlR+l$cFB!l=eCyjl=XPjtnYAnN6v5Y
zIM?9W$8ZKyw|RQ_+>LHkh1`BL(3Eu4RGu(=tZCP`AWnZ1_7Z%FL>_P2PJ6%qM#;@u
z$pb7sS9cS{LA-Rw`#JiA6Zn$goHsgMOV%9M@=Chnt?wEc)Zo)dXyyfH4*oI}$
zij_UF(;kuiOVh^VB{uEtkODSPXIW2dTO`r+6_p7ieQeni8@xd?avsihu~f-O-HJne
zBYnxmWyr;RTo=v5by2;|Nkb3=_*q+FIJ_9?TPzoFIT+8>2k)t=z9*$pF69;n_~+D6
zL+ZQdY=#qBN(eW@hjE`Hb#K=Zxmd#gKeqaB&i_Imz8Z?G33bIbL(Ho}JwaY)BaG~A
zYUohxsgBpv*rz*?mVMU;@2#o6cfZRqoV@qY%W+quxE{rdZGy-EM+5XzyuU6j@b9VWz=kRWLhZzp7g;4K?0OT)Ln_xzkw<-j&d{D+
zp~%yrL;vxs$##7euEgA%W5r7nw~OGW$$b(BE)9p|pPU;Q*(YxmS`
zuyfQKZtDb>TzU}7b%`$>g~^fJovA21-
zO*qCYb$Duz@!vcsN%J4$GqL-GV|)*!@AHrGKs*;$J&Rn(?@uNjqVfkg@5)XcL!4^S=E<=PY%Qd%4AxQ7261)?CTX
z<#jnTG&HdoqV2OJSVLIKR3FhCfHNS^Wnr$xQ97LmkF!HC!y$JJPI1U01Ydgyhf)Z;
z@Rk4Bq4W!v$?^Ux=c0~b8^Tg~ZdqkqZ`tu}GJD6i#2`I|?o;*kW@RB
z3D3g0#g^E@S0v7+4`NfdqAo>aj_n{7=iJ=Wd;DMQoG(YYd+y&8&2J5Etxu6W#9wLn
zn)K&h7@YBOa$D>g$1QKfFM$`!IVF8=mGnUNY%YU{-O}gcrmCF8PE8Mg*9(Phs!qen
zLEbpHPYPuWXIB*QeJrGCUgRj}kS&$*cSA9**!ac)h5`SS(Dyv=9*0h`+;Y2Y>_l|M
zVw^VLl51R>ntM5B7^_OZt{AK9#!jtH$0N1ML+i%&tNhVWfh>!iS~vEM^sDpmcfv!q
z!;l>BsrkN=H0P-~3Tx?Z(pe!%Cm{_(=Q{hXU%H>Wv_O`g=q)|fUAng{&G(i%{bf%q
zQG+e>d-w1-{4e-bA?mU#|pxMqNA0$kFeO;sHb5k!{z=O
z{m$RGfmfq16gV~Nyq}j;qib;r@?9l7g;Rl7qpdi+hO_YS;2znxlbRu{AG#d9!8{&j
zNuAyAk^G^#_>cBAPD`o4cK)M^ZSOc9zZhEe#IkWpH=BH4l7byz?Pkeqr%x8)C#|~4
z8r=VgoiBHWlE)sGp>JB`J+TNy3g;ac2_}!w@m3c5CV3c9wE#u1$gQ(XT#F~vS)8+E;tq@^s`x^bS%v^r5sq?f{K2gl9v@Ok^9m+Bg+g
z?31pj@?QMZ_m)mT`+edw%3^DbCvY2bCgQ4ZNa!(^F(z{=|$4+zj1%O>|xg
z9%#$@$kgF7HuB*!on33DFX4@!VlUJ09pPm9B^h)jXL<%smA*`W4d*Ja^gc#%hEpeN
znw90lXPXArk6Ri3Hp%i|f*9OZ7saW@Y;w6mr=gj*)FM7T3HOmupZHl>2-_Tk8CK$y5N|5{=^w6F&G5@msGexooB(p^_8b{mAv#4DPGTeNbl5Czmrxa
z@9v24bXe|Utw+O)N7|6$yd|>==Yl&Be4DDH59^-W*CkB+%M$3^>i|N)8W#(qwg>%7sp(vG{ud@{E*s{~{eTCnN>!)A5f#X3lL2
zJ1cu)7f808XNFEU;64lGg;=_rM-o=bqXsuU&*Fx9$a{e2-|8cr8|6W1ST0E7&pe(D
z%ckK&B!&j}AH1L^H=`Sz=abHTji;TFFNQ(#oG!2J5T}=a4u?MiccNObDzll3d21me
z-5D=4-CQy4N68u6y()a+dj8FB>aWhY9?N`t{F!er4YLlx>n!PWua(xPrEmx~Go`SC_kJWjEQN<~btfraE!S-E
zQfT2~mO@>ftdWate<|eq($w3?ZCMK4&fhGBzwmFj2JyV{CJY$1z-iH(%dST-|LKqM
zRGWp2aE>gz*ld2H3CYdBFAINQLhd0U!p48ZP
z<<^lKymo~gF1|Y(USI8-)bY373M??39CxnS$04v&!o
z2d60X!f&Ayi3IWD8UDiiXShL*SJ2`o+09K5}z8yp!fwdGijw#OxVKi+h*pOU<5<6eI08mHZE8&m6X|bJ%`O4nv8|
zt)jEH{=rJ6=(00&7Qf`X+iZpoFjyibyAARN*eGWGie6RqqjS|
z!#jF%w*wb*<$NkQwXzKVVyJW)`V>x1Sg|(I;hzRb#Umi-{};fD-pj_By!Tu
z`|aLNNe#yPa0rz)P@_NoB@0jf=-sc
z*DK|o*sqb0#9Qt?&h3{4axVF6B~ppZr-U$C(kJzqiBTM!6vbR$6!j9t8>q8{D2}``
zAr`3{kwBetBB|0aH@WPCu#3+sU}J_IT0mk`&zqzUVHN=$>K!!*-00
zZF@wHmR;(_;a&gDj>qb}MeDDOF=@~7o!(syM*NRZK17+}wttWn`tdK(Pw3pLzj53t
zJw1=wkv*Jdo+l?P4n^hOBvYpsz`w>J8HvxHJ@0A>>coA#-2b@9-5`Dj_@Z;G-uazm
z#6P#njjF-zExc?xy~StEv^o-nICKd9V|vKWs}g%i7RN0&OKIT>x+iw=!~RZ{Ygbq3
z+7pu3J`i7fQ1aTw_}Z@}ue~I`b_`FR;z{Lxi{oowOkVrl_}V9u*M1|u_O^tzos!AN
zaara+O>lQN;Tpg#g!8dUYzx$5{4^nHc;|>Wk1#C3MIe&~bUsn*J?4xc98dn~`;-
zbZi)#_oU#Dlpzd%T*@q_p>HeY1+1Y=rGG}&UbqmGIaeQ|C?vgT_EViw*~N+3AGiYp
zD+&Cx6BzqV=kbqhqHfZq)5hBSbgegiOFQ0g{R(}?weGHTisu$sifWL_Ifzm=8k(bV
zcoW2sFqv`YoH#MSP*m^1+%f&ed+n&E1eKZt=tuzlW1aKE0C-rQ$H&
z*v!qwUopHyVusI`xn#p-ZjHDZcej;^XR^X8f+uG>$-BH#K9;8CZUa8Ech~
zeb&HplQY)xKXbFspRx8J#$3FBGWQGS;C{g(+%G`KzKOY8PEI+`>M5M_AA1Q$DvqMO
z-EbsC^M8qdVge)+juCAy#g+1xF;KK;zOTaoqkL3w_G?nx(b)l|QpQYkM+%0l;nz*wbpf&7Zl
zF?c6hz8T~M&{;{&CI2waDql?i;~53V%Gm#4&KstF{XabcjQx%O*^@gf@e9rZy8;)_
zNwdJt!@^C?0`s1je8GL}JlQ_B@bi!g?ApR``Y8$wMf*iM7;;l)iD
z>&hdPuVJjXGWc
zcET-jJKBTYxn>`*=f*RNXx=&BaK=VQHQ~mGo2FDuPvpg6G$AE?E^&Cdo6_{TBk1AX
zeCk}Ym(G@p$Dx~isoEkvoF)5n3J(LlbdFNf=WfYVaK@RAf49Tct3HLAWcSS7bH?OY5t-*pPkTjei
znI>rot!H9k-KT-{Fn&N8E1G5{)$L&$)
zJYV2;d79}x>|+{snC_%uXQly*5W@pC2&L7w1FKEueCkoK3mSuSD*}6T=4VXa?k;92
zvrXkawyU$JTxa~TfM52CX5RBnSWu~EtintRP{q5$T7+!e6u#2Zr-}Pa6&&0Pd
z6&Hz^6eLTX)+v)PrSi0OE=Nnkfl)1ekX!IxIkG9r{Q|cK@FrnSsm${JOsm|%`!jvg
z#`T`02dR4r<&XGD9szmJqBvyDk@DEmt8(7;NoZWV%S$2gyFQh2bsi0S(H38Ya_z*i
zu`>Jt_JrQ+bhdP-_mV|!+Pys_
zahE9ZlRihFvWDaZSG{|qiM$cp4h^F~bd}RwzlV5yw_h~;PT2d9yoF=JZ}%DDU&lkh
zp@!t}FQN4f|0*5{TYZl#ER8ShlpH-M3*!^Iv?{Mb%)ure{PM(Ug_Y8SU{CQGkF~#$=KUEn9uGn`d@~-?KYzyK6y3s|@t7vl
zm%sds$1`q6eiCLpF5b!Mc~(VbjrX+Cx!H_Ue~L7u`|vErcg&8+SGO3X#xF28$;G8GyY^cAL$^NBjE>+t_>!lT^(
zANo0ZoB#U>k3rcrKdUG61rsJpPCnsr@;QocpXW6foj7nT4<2Wl?D$S>!)wFDIf|vjKaZbB&|dLwtPR-ha_}Z0N8!NqnE%r;zLhP2qDEYX%4X268kGr3oAqn>%cYi{MoN(N=
zob*MGyWb*|TLLMPi(3#)(sB1co`v|nJSA<|^gKUr0@z0-2pgZkc#S-S`^;I0*Wxk|
zy?F90#E0a<%+5mG9>pxzwU{s=S54m3wUfR;>b&W1r#PvbzLERo(rDgo+dF5D`Vfr*u`YC
z5Z6bTW`<3eg?KYpXmQLb)|RBR5RX1fw$)jPso1UQ(>FN_vHLgJ+&NAC5qD1YNYY$B
zj1!OV&Bhs-$wjyf`@Lx
zVKEm4i}UK2n1y%^x>_9CIGrZULi{tDLc*baBm?omH7~GU#RU#d!Sf}RXP+jik)s{s
zXP#vrMn1ix9m{%R51lBxaR&A0$cQiT;$V_lh_%?lmvv{;eXyyU?@=`7*tJq||D{=o
z^Q6cAKbwX4OCFm#3vsh;okR9tGA2%*h4^jsI=*pU<~a!E&O-bM_c8w0XCcl>k3Shc
z6@TlK;rJ}X-m|gaq*;iM%hIG-hzn(D(k#U5WNFeY#9zzOq*;h(%F<7ypTsL}It#H-
zmJWJL`LGmi@4K?}8TP54IScV2J(YddEX3hkrHti3(ZR&VY8HE^H1O-ucPGw5TyO(7
z@Ma+vZSB(1in9<`Rv}4F
z_je0!YiRf99CJ&gZ*|sIC$IhEWD!=yBm5CIi4DqKr~ma?h|i!CbowZ_&i*%NA->9+
zBRU~(=dGODJGO?khr4WY&j;^7Iw9w=xKaScAkv++)P*E-o+Q5g?JJ+^tVaQLOcL5
zxUFtWq{_6(Z%?+##4mM|=W%w5U4)YV(yb0>He7u9XR0R8LR>26!1yf0>$Y%;YmdvZ
zIJvkk#zEjKu2NnjI5X~oNV)gsNWJr}#Q$GsA>PAh06H`C@l>Zwc9gC%xlB$)N8u}z
zLfpAR6XMjtT-;dr&u1ZSix~WEiBbJqZi6^I*yFf#Gi_<@FDBXKq4*~C*d(^Qw5`c|
zFbsh{cNXFu(whIHS%}Myl`Z5h%A~Up>o8nMn1#6PDwHG!RhyoLcq>A=CDDfAP3$-n
zvYRb^yZMXFLYyLZhm&R@eu_(Kr%RrO#IFjOS%}dRc^&u*%tAa10r|8Xg_bZ2@fOs}
zQ~&ua#P?8r39}IEP`rupO!a2A$l3gPj{Uxxg@{Rt|MgjjbI?sE&qC}D*jb3{WZ>k^
zLOl8!`8#PAVk=I=UXalX@b_oG^}<<*t0j!nG5jfl!y*4dZewR5{-?7B5B{}8<2)GQ
zp*TFqd;VGm60iG0yx@j-1y7Wu1U^KsTpt|p
zh3Ilabhsh<7~)l5h*memEpCX17~-`j_s8>$*dx56U5-~<|AijsCAnqwN~}mms4{}`
z{R~azcbuDb$3#{vl`SRQQ`q>p$T~^bg}6Br+gff()vegyJd<^Pk8M$MJ>!zGCw7)>
z6b(Kpe_tlIc%sEmvYSKwZOnL{?sYAwB*=+&FJJ&9w>
z#Y)Ft8!zjNRI7g9GYHxd+>yK3^(~=d#r|uc#`4pMzkB-?#Z#u
z^Tl?SFSZb3OFWyT&&A!Alp!=-`+mnh*v@|%W7Tab$#F(;FX2vwcXn_`4IkkYlC;V5
zXXqw(CvUQHvQ1jzoBS$ylN%=6^3eH-LoMl0%!TBc=#t=su{9@_E+I|`T
zd&b8M#oa~uRgQUXmwdj{4TJdogewp#;=H5O6Gryr<59SW#6Lrab47ZcT(yT9nq)P0
z<;C-^vn@^wnt=7+V{{=|=*QxA|E=`xjo@OxgIloWW2Gm1k(_K|5#ltNmwgI<5gHs>|Dg;9_??VUynuP
zlBsruvw)%hb6_Z$QQ%!ycpP$5anN`Se-PK
zxiO3#ZPReJFNVWx43T&Yv)mXSNs8gyz8J>7>*m5s!w=&zq`NUxCdKfoTn_NHo1WMs
zUJU5aIkriS$MEL+PDvh+6vF~v43##9<+K*5g0%hRm8@fv|2PJqD*ev-ZyT+P#z4*2mYTC9gd%zV@BV
zl43qCzP2}c?Y{A~4<)ai8ec2FGhouZAy0F3Db~hzz#TgD%<{>1J?1uf6nS;OHTre8
z=6>_8Q}+iSDRKLcqC4dIw%d9xlRf*7q8=HkJ9Qs&V|cH?#&Cu&hJ(Eryt)s^W7x@!
z;lZRBru$-e?;tk~UJOUYW9Y|^t;o@SaZ(H~ODFB-;z1ijARfaKH->$aVz|{8!^Jj+
zCuIQdl*83-3~$Y{lYg?1oZWCX7UGmzuFa&T*qXKJV+x-l-uR+$n6+>ZSYS7G$
z61sgl|7n`Wf1*?IPtsX7d@)z{#2QMm32vPV@%*hWhUW-~3Ln^XmdP(2^u!i=)$4A@
zAvW5Iq~yb@6K0s
z3nqFaGGoAv65n4wobfS3Nca9SQouNfJH+q9AiMT<#mU1(TG<-S5=7%0RB4Xa;f(8F
z?nOLP%F$`@(O;sDXPyMtu8=zQeFw~Z0|(W7`ots^8?0e{p{<}JTp)jcLx%M7mAVG!
zHg`ii`WIQtkPQdPi`Q3R3Fd#uKhD#nGrXj&s=DZJP
z_H>~Xkn&~DqqN8i8}1Lu?~lkQ*8{%uHU_^_84sqfI!~WN_)7}r)SsI>o*MNm`Dg(u
z024SFR_@{I-}3NpEYve=x`eSQtF0cx&AF6Ir!K+W#1!YJ#XqbX!-uV~G{xksA@!Jm
z-Xcblrux5m=})($_BLs$*z;0Jn=Ht}^|Ei2@8mHx{fozV>JcW!zv8+r{yE7F=~Gib
z!hGI%qGicDT%w~Qo67oMm@@U1KDwD{lJNIV`}{D|3qC*0eP1A+wK&@*+|_0sr}j?Z
z8If~qev{>{Un-j?XKktX)CF$wU+yh&zw37SDQ*bl@Kuzof3GrjoQVpGMb={`{#tL!
zH9}6qH9C&>zr@oMa~~C?KT`a9JumBGZc5j>?;rjI+a!HYZ@8u;}<+nIj@Kxh2p{e>1UFj
ze^1(?^EZC6x-zJ^DilmFxQoFvU#
zPnzagNOQu?6z2<{XzudaW!BIB&JN`W@D`01Iy;b8KJ+WTi!iME>^i)sWK(NTJv6zr
zrXguD9OUa{_62snPMXhhNsRL#D25|*9%^A)!f40sowyzPCv*--IJZY!_nsSlD{#y?Nk0x{
z47L2{!rNH2k%IKTdmplHu>RI+>Mi51AzkbLhuAoYvY
zEXCnd-K7n3Jj!AoVwK;$N*0H{-cgNcqx9Z)8dqFLVujYOE^T4c!_JzBR@bF
z_@DI2KSei}d>)bUoavKGc&j6+Pu{{w>U=4p7Y}ioX+pZIjzLsO=aDbaC%+|E|ITrM
z1BoU47detqjtR%XPS}C3&b<-rm*`QhamVcFeKy^r6gk7@q^2*8F}X)M5d+`Ew*PrO
zO0E>@7wA#$-t7zZDA!BJo7kgVgsdi&`+RUV3&*K2wBTh
zGvD#Zk{2ap2Ce+~18)Z)MbScx)AUSmj|^wzcNd)Vwj5Ua6BxV5Il68|$XqozR6Q>Dbrf_J+50
zLuf0fMpE1k^C6trxCF_51A{{(GpWJ2Ib4N!J~J2m4M#bRq`1HE)HRl>J9YNy^w1AF
zT`SsYPwdW_CPqDnxDCc1oBzIrgwsAJg+q|8S5q-LDSknYGTa}HWUZWe{AV5KN^UK-
zS>qlmr^~4=f>Bx&KVuTrvDIIkbI^KwC6wMAP@)iR059cme>OiLL{>x^p|q>MHH@ArA$_nh}V
z=iJF8`ul%A|G&>i=AQFz&-?7p^Df6m%YdH-4&VD`s7>JMW};`@TF%?Zq)g-wVT*X6
z_nQjY&b$=6@ND5u!!1r=IN|)>z>E?G^vua)
z5N)SZLw=Xi*1{Mlb_K1<@*vQ0Ld@^?BuUXTon%aOTh^94peuBsi)HB~PJk#$y`qL@gSe7Q3ai2vHPDX~bb*Ei)kh;K{08
z`O9ZhEPwf2r=v}(i)Gg)L2}>+G*e-=BIJpC<8#^0jn%#Y8#;uHQSD&3a4yxz#dR1$
zxfYnba}#C8FuH#S0gdalfzgV={u1hU^5;88qe1Mu2qFH3z9I@MqxF=n`=a%RHjRY=
z{|dF$e_HRk@v72#&6F1Z@6dWW2(b{fUI1Fp2d(EOWqH2ZNnzt3Y{aSY77|)nd36Y1
z(dE%k1EDkV#oK|t1f%>7@tY$7Vdez@cmq4xm&Ps7y<}e&U|@hKgMKzj;Ft?Iz@_r4
zSSN4*G%&8DTO|9^wmEAelflOM!?IYIfkgAv^8t0)mc`Wu+ylg8YC@G}6b;Vik3h-z
zhHUQ8G1>fnwRi^0j&HN%2!R5rIkfd7`*{3}f=`r3-bF
zwL1jf`pydzJ28RMFew1Tem2}^*pQi$V_NNlR)2zVvu0b7x~^)}P~F5n|ApZK3gk<4
zNOEvdntBuhVS&fsf;mzX$-QJ@wB`66*fO+ImvcA5*hgU>ajbC|E?HgY`O1o5)VJ^!
zLxnqPE(9OR*m-_?3`8v)1#%UG7E&TN5Jg>loM6GiSb52609pap9aBskj>a15|I2-Qz)ZbZ4gyrmO~Z?MS6#_M169oqJJ7Poh|;U4#QJ%
zd4BZIN+ovDi9%4Rv}>T)pIsjf!U{qi)5igj|4`$Gp6GZ_u%)u%?k&w)=DcW-ybAQ69v2DAF%>v$KT{)pTaFm0`JY3LA#
z^Ga$8`Qn=hM3=UsNRsy?Z0dERRN&
z9*V&fVI*hOVFH*s;g|e+LyWCVGx>1*{Q7>$_T&du0Y<#_kE*U6H#Mc0!d4jD(XinR
zEzN9(M7e6T@ojw$Qacs3Xpo_`#lVynp(#lrYL5~J=ryzz8sSm?qO{*W=ydSj!v6au
zN6}00{gVCpD(ROj!j$H6imn5@2h5IxmHzl8b104pzvM9FQUHhRmpno)3NLO8SB1vV
zDy-Zu*+QtjdVa|dM`MUYKCnKN>Kx4%g{2s*u@S1~;s$&IKu`DF9Si=xn77b^x9y6a
zTnm24ld#~YLe+At(1M?z(HB4#fQT&kc<5cnf}cgFj&M=XvkeNa*qiLWrh{|~{tx&b
z+A7V0AEf>^`b@LncaDTzIB%cGE?mh_Ohx=mnutCu_)SP^{D0JfA3-}2S@7HFiX|-g
z2ej*^l5fFZWJ$t;SBkk?MGJlhscr`8(}E8K+XhcJMwEITc~wKHBGT;?bk9{kjG6AQ
zX~EwUk@PJ1(Ma(ro31yiE6lMHBwXnHifPGah
z>;&6%>TIQSL8xH4H4+aaQvu{V2qCbnK<4fLU453@{V&<^^Ozkqm>Q
z#q<-BV917@2nk<^R&A!vVSs2^=8;O2FQDGr2fQQV$|hK(D$Hc;Xg_$b`z^7!C?~|4
z@R!4j`uRDy3pL@5ObJTgUY2RAz%R597qw4j1s-oJcTy
zxhvNjF?XT4ytP%;b#gvSV3lg_BOe9WB4g8fA#=nsGtZ}FV7*)rxYK(!H`xn7Ei=0+
zX5fo)8fuN)lkljbR&u;G#9#G7#C+I+@a>
z?~w>dz2(pr7zx)uN}msyv$+Rc6JXy?PsI#=cpb7s%YblJ$-OQ3)`gEA!Wht|9ZeH=
zmzt%^Tj@MWXp367kBYGjD3%9LNR4MD&M5{vtRcuD&q~EOglwN?X1g!S0<>(V~-vTgrBq&K4mS7;NMO611B
zxsDnt&m;XElv&Ipt&?s=dWyk6Fl8Vq+7ZKkCy^Cy)ub@nV@XtE5LaIud~^;Xg9QC8rKquY^&bOVFkpC=*U-__(@iW!H)8Nw8BFj|W6Dm^H!lV^ZDU@m8{U;|dAr)cafL0?
zOcpwl=nvpd9iy07O6it#m&L>fS$vEho0TI^gUuR9X~&N{p>zz%LF!z#wi(~zKr&($
z=)>ua6X=lS_^Bihu7`iCy*wJ+F4hZkDh6|5GJ@^cPM3Tgx`Q2DW4v-%m_cv!Ysx~s
z&^sXuL&?lW778GELKaR&&NR|W(H#_+B>Wt%gv)YwBa+~}@`CXdcrK6Uv65>_fZJ(!0pR`(F
zcx=d$zvxH!tW6h#Wbg@LMRZb)dh83pO2z9@u{6T=xlz0-y0%@Oj+%6Z{L30Z%wA*c
zdR3r$*rd<*aYwD!j{fePwveqAYOW`YLti~)^rE;YqymP^atNS9
zF#9e%4Sg+}bBK5pAp_2DHA>sO(^i$v
zcf`}~w=4llMXmi96PEGw644W)G0uqNrznq)00lZ79&hJd_ZYll#R0j;;5vczUs2`r
z3DSSK;bUU%y@|QEf^N*Hv>An+^>VN9-PXuaOw550#o&UyF*w)A$A5SHF@3C1Un7og
zF?buI5J_K*Endt4lt^{seD1Sj
z=;Tht`j0w>z>}bF{;n=W5wF@z&Pp<@pVFO+v@*G~j|?mLPvLlds|b$Bn|=_%i$glC
zdOxcAm~C+NZQNs!*lSWF&<0BdK2>aS`2(k1pwGZu&|rIHdd}Hcer-q2CAY(a5rn+B
z2S5`i1Fs4q0GO2sz$k9O1AScIqK+&NvGk}q9S|-Avn}B2X#zr7CI!REa3j8;h)XcK
z$h_KsuOvemE~fqgnUA^gp?`@?X3Q5H5pp?aDHa}oxC&%eiU#XsJFG!xw07RQ!Ok>v
zV>4Ydy)T#|V4!HDhYEn$kzM>c)`^HK2vV(lKn0OeSH;Ea1s{Uz)M9sKf1ds1(^5TZ
zb@6Nw7P|g!3Ui&tulYa<#Iz8)I&==_<8?S6rgOo}_cYy&8p!1Tlzr6P%{FjB%xuEM
zKH(9t68ofUfskGl;eS;iL`G~!tClM{e)p+pT)eU=Y16F2=wHZib!dN^wTP|0(<&bk$M7ChW~TV^F56u`GQ>v^6-2AT0K4m{5@2jU2HA;}}pb2IpE*7MwnszxKUZy*7ZmZ!Poud5K1Bo1i
z=|Ow--#c0h-e=r9`Um!9MBdRJaCPI}(GX~A;~jmMa^DZ{XwWd!19l&TD;IHy^<0cI
z{y*`K{<*ua8|@gXt|yY0a%2PGNo>#sVCo2>RrZc||BRSB+oLzi@0T{k#y)1J#qnAa@lO8TV@Dicb
zeEp64MG#pjThBFF={3K>bFp_{I`i%dNlk;s#b6oova(}Mo&t$jGK)&LhzAiZ*=&x$
zMH(`H0C)o3Qdc^OC83czr7j|iPE3aS(=Fgw1Iym
zs1>;7`LPWMH^~RM;YTADcr}=Wmt}gL;`aJ2`)C!(42wih_+frEs9IIw+0Ge;^LW9FU5HB4zxN!vhaxx=0SJa$1EbN13q#yK<`l##EEQN#&mHbKo5kqh(%$-GT1c8^BT1$KZ@73-wP)@{c
z&7qoHuV!tJXMK{$GV5Z5NTcQV)Luo9**FP_#b_GTIAZ`X7{}xvb4`hrvzD116*H!S
zjGdTq2hl%X{A0=_7}(0>gIF=q8$uY{qaG83TK~*SVW?nZ|2V3*_Bf_7l9}qFMKX3o{G?V?({HBgDq>UtiInggb_77Gl5A1!Mz~Ti8PI
zaipZ8MAcxGqPOOpJz*rMcuclJnVIXSYP+n4dmm;>^o^uLq^nIeKZF{^po^{_jfNcz
z%dpP`KamtFlvLE{NQ6^!@$9T)>|sA4i}fsgja)0^{^<1(2=>Cr*&uNk4V4CoA7Jq)
zxRSlcZefdKxgDLL!icY*9Le;Q
z2646#wkbs;tnG{IwnFADC=XCeRLf3uh;%2>TjtfTxHy#K9bu>m{Qe606_VH6&#`s1
z_HU}4YpS8egII|Tj->nU=S>rO7hprtO2Rha{R(G)2XBOtMl$kX`W9j+OMEXYx8c4r
zI1EzapT+M57X-Utf1c&a{lyMTXQKcQ(;~b^GUUhl;-rdTRXJ%I
z;s!_MX}B~J*z$mj^CRpvXs<;3E_AKOi{v#(k}F}vbscyB7;L6lfZGZ4kdq}+Jkte0
zk*GivA=bO?4d9h4^(lMWL!>2~evA@>l-**#2v)!ZmEH-R^*;Beo`exC--pPX6<~JM
zz_8ri-+RUa*xR3|;)?e7ZuC02LS~8S9G0~wbjD*@+S%W`j|Gc0vki&_S%W#*^k~w%
z+DUXmr~5VAf3&}sEEQW0ZJ^Y-5=W=4b%p+SiD7l&$#$A~E*ll#4i|_tk;m6$ouDG_
z&8-3L;%Ku38HmZL)^6rH=HQclnl8`kUxYIw%}Nc<^w`ZGh^#1p;noaTJD52thsx)&
zV>@cD_&v0ec0hj7;_V=yu!4nQvWer;nRisoz_o)2xWGHOT}_l)WxICTZd#2%c-MaR
z2=fHu$iZ;-hj(yf)E8=ouyqf`^=zou;p`GYXVmVj?l;wD(~uDDelCP`DrSJX>Lo8S
z+eV%c{|FzH?8NK`0Phe1c1V#By#HKcadHKU>=bpMN|`AVq`;r14_!2|Ur-h4co_3A
z0N8}TL(R0mNuJbFaDhRz$f}(Q-vLSR^j-`WNahN#>oNov&mgh~_6i;=pD@$80JX@T
zQ_E_+U*ie8)S73dltc!g{doodOmaNc9HL6l_EkzqzLt1A_|L{PG0SY*Ib7UYJNOd
zpV|dA)Ct^SwD>ikYtuETS{@S-ggl^OsomO_U%w3yiBI}p)XGt>r?#OY$Z-vYrYW@tL(c0O?C<;9>kH18#6J76Sbo`=6e
zEi`356b3k3UN!QSpSC;(I&Urj_A;jJ;0TYpwHOv$L!(j*9zeP`VNqE2b-b6*+aqU;
zpk~A@J6!F^Sj+cEUi**C5VWWBAu~K!w%SDg$iu=Boh$Q4t~b>%yHWTV6zSNnwm-5F
z$(!nroB;B$6R(5cAXu@Ca6dy2WrSZK)=FUnrHIMHkt!2tlX9+Sdkv^anw6(y
z!z%kDPk-i#vHBxF2e$g{kNhGLy*H5BE~U%b!9_IONjvxti9I09epX`u!bNB9|Npdu
zUjikoVF#~3NWU^WxCDL#6F+6`;5x#k|3`LkxH@UDeayJV?cg#xp#8RkCrf~^GCQ~r
zYOSgrycp|E4v($e4(r0O^iG6g(^cJO3A
zugnhqj6w7&+rd3WQ^xJ!^(4ot+rcghuCar+AgHnGua#L&Re!%kG9*R)P4B-Qd`Xfc
zo*iuGE8h2&Ebw00&WO6`-$
zoG5quC;A4GiuJYJrfD$3PB-_+sS%U+c!7Bj3FJ^j7cn4bO_%f`AMsWe5J&-Y$*Ecx
z7IDp?7#uIr1};>VWS4JM;$a=eE(Ytmz3Z430&lEjWS6f4Nbt6c!Cp)Zkdt2xTIdeO
zf~bT}w|+`wj^e#bw?!npowzZOFjBrQ^R7_>jMZE!DK^yJ0tL8_LfSC--}8XDe}wXx
zU?!}%Bj2E}-x8btW^AGeF9r+V!<5ih@NZ5n(_3G9$#0vA*Hf2!D#RbcTQ8aWx35+#
z4mR&28~!xYZ$f^YzejC<_=p7nW7s%MYNDS?J1>m1dcDp#SzU^xHudCp%-t#PBm33k3uYN_!
zJNdJVh2J|@=C4Y=OcmrsOvrD@9TBVTuO6UzJzzebKYQd~0x=NY)B!f>G*Re?P8gk!
zAl_DC4VJnukvrzq?gCnw^=4gTRXUsAH;k_47q&?Su`IYlcsuVu6=J60)e!F2_UHPS0Yx0Y%N?41p=AR{(zEokL5To|45s~5@N#b6sy%25D5
z#*owc`g_h#Ky2&L)Qq8%`)5O43M95`L<3?E;GX
z*i4V+TB?FYq#iv8ZXW}{Tz_}4lI*32wVuFU1>cS|La(<2f!>5;hr*h^-74ky#)P}LC$
z_7?IcWqnU%c-+=L=YlJW!BJ3t9_RH_3*G!q98cwBz52QInub|F#l$1Bl;xH`4DpL>T@%oP=f`*!|2*&*V-Yrt30G|TDsiKRHM
z`pJENe2K$(+;=Ht$K}2@ru#tglbLwJ->#?e*W6xo0vyK_?wcth<4T?qnWSrJt7k9&
z^s{Y_u5q+5-=a;QZ&V&t>lhDz8e@1p6)PI!J<%A@gWSf;AVAhL76NDN-N9~hJj?kG
zMA1rq+i6j&&?Mc?oMi?;w4PYPXlQU1Kki%
zR^pS${7-!n+~LUO4bKX<&?*chez-pF&#^4*K&Tf0J%f;gT?}Eu0s&BCJOBzAD%iEi
zs#I6tTv?gy!5Yu1T|b9xe);R?aPr5weh%uT0W8|TyksZ*;gr1Ocp4}839<0xROtN(
zUsSJCF;Xk+Q5Nzl-TKrD4Tb;X
zS;$GWZvDLhfi?!u+AP@~~Q2>*s!
zlO461hj{^yPQs*!N7-2`Iglj^hguaLp0xkeA(U-(x%t0yKJzxqvAgOT6*t?{>Kh=C#Iafndk`&Rku@@@_W
z$>H4#@aXXFkMJ1r?q+o1JZ{?LpM|A2Qtf_%9ip)0dss0mnvbYv}7IvA@-;r)K!dEWDv
z()Cgo(#|S-r!u)_5+`@T8ab?W3AtErpdeE(z{a15*w-L4PfhM?!H~8h-o@Zaf0fe0
zZT&*@`UL!~m}eW8+8&O67!09TFD91>^&bai3$Si^6uyDU_3dSf?s$;=@92)x=(jn#
z<4NC}CQw%1YaF#`@nEoYMSGvbKM5#`ATJxS){3DDuY;_V$5;eBPED7a0xR2J8}(vD
z{(Iyx-XA@Pen!9xI(*zUEc0?ThR^pob7qi)A+YP(>--*85nz3dAi4n420%0
z!d%L9eVZ1iljEBtlTPjM0UfL+^K77GG1wBR1sW4`0f&j@M`_^P*XT(^roTy(OV%v+
z-kW2(R_!F<=Oa1pDA7~#=t$Agc#M?jF_Lm|eak%7p%PlPkI~ljNBhFhnZAq1Xtd3d
zruOagW@)2Aae9mgM(0LA+#i9fQJ8Jv;?|7K@wzwKn%IOiN4SD=pEbDt{Z<~)`!Pg=
zKLmzjO#TV5tXim&f50rVG`Wu*)7D`+oVRMN>ZpB9>|e4M$DQ|T4Y5iSJH?LK=fvVR
zQ>@ihOF(ePT0Pu`XD8?QO}J+fdeRJmaP;*E>6L}WZK#L89qc0FDFIS1t(P$Zp7QV{
zCeBr5w0B9o7q6Su)!vitb7v>^#LBiCH-2qyZzn1|Vfepiiph4&BvVAXG4wL3-u>|a
z#(lI|U=00Zu0FXy^IgI(7lU6sA1myE&5FTQ_v%a^Zs68ryx9IlqIfR%RMmEAOGrNvJwH3k)-4b5Pet<{XuL09p!{6SBwLs#k0Aty83_LAz=gU$5?o4O
z`FR{KSF3-sc^#mT9fY5py-~zJ$0C-(g6p7i(85~J&_N$OQk-8pD9+*DbQtoB(ak!(Xl7yfT4E5`0g@u({e2H@@_UU#JCG_?-mYFvY|xR1+JI
z(AA!Z#$6{cCT|C82CjEmV|Aq`m!50J2pW5@MXFJgho@3>fJ*R{0cH)!kFEsu?vB-qa)n+=(?;&zBqO?~r!_S&jprlhaVbPtI
z?IXaZWU`(?J_l{rZOOb-2`Lri-;N2CUd(6SfjDy^H2hZJhmf3pl_pemGS)dCfP=B0GJG*x%IQv_z5N7CEhMJ2scrLv2MpJ@>Hz!vnPX~y+n6Ik
z(Y++zp*Wo%>!|$Q_CDlqpXc$+@nYY1BqqlIlkG7zin{H@)9)q4=3;Tg8xbTAQeOj$
z@)e_63*W7PHTP(#>MuNfWM7^MEeUu$Rg?t#Akn3rLO<+h3-W)%0RH*85Mt2Y+XEnb
z`ej>6o1sb*1)4{0c&S@+cvbW{;Ed8F0QMrs>BKnTxlSCC#*GZkjBRD+J%7M^Q)d>e
zwtMbS8lFK@t|*=$eYhu{tAY-!vrAve^UL)>I34(a<7Xju{5zc*GW7R(yt216BwMJu
z^t4JGArB=bWnFf#>0t-Ahvs$BLzhXFsR|fjhy43XI^@3qc8;pGR}VT-b@Iv2%+vx}
zNTq7D8$jEbKGO0qQm1wnnYbIwfvOJVm)$2$ePWjjwL$su?}Y01RbXGgW;Do+O_V(Tt;ByQ;;Vs$6u!ZTjBTii*MGt
zlbu(c=!4ono_qEVY5Vqt-ZY)Ingt-s29FT<;8h?rOf3M#uLcj@Eq%PeJ}5_36Xcha
z9SX}y)@N=4Rkv(oY5=q;1{)#^VTB?w$OVZ(PKJktu3x*r4zhVP$UE>$ok1RYBpl=q
z@GI;fq5SHeRF|tQKayHVuIYvF`Wuk8e(deE;8)am(k+`4_ZwePYY;zl-U$3j*bjA5
zwbS~n@mcYRevd=H_Kn#m+wu_mQpfoa=@t96nf)!ylgH3;KIwvYj-JNtIKvGEhNy2poud>+k2U>`e_Z;TByZhNV8jzq0bqZex-&0RHX|5y
zcjAYf)I4>~2h62JMh4n*x@BZ^wHIu>69Ub)^ZtgUe#Hou41pzZ3cdBJSVP-k6M0&t
z`wwUsG(pzjbdzRqx+5`j?RIUS}z^Oo6OGxWI1W_)EK6sqGtitX_8ut49J
zmR2n2F`6u3WJ8d+$qNctif+EAjNTPodcB-`7dbX=)f=D{z+$OUgkrvV1GMVY3pzSL
z09+V;O_K_(FB1iEwr*S3`o0nCAg
znL@xKGFPTIpIN>~rWcp(kZDWXKq6SIaAT^_T>|$v1nw_dW`4m#2M!d*PeOljDN^#M
zyw$Oz$j0jGh;7|3Xons_uKCS;)0>=$+(2y3qrQM%A6Elqob8vuf%
z82jWNE$+)L;uYEAzIvHRao;-gTyOsBwgFha&Z4j%xT3DaZ*~Vr5aBlE!dff7Us>_M
z1lp6r=uHSwVb3G+CwTEbur@QCu`3S5do+4WW*x4V-z07|B<#c^5wN0
zK;WT*_h3sQvuPIEOiwB^z5alM&`gF>edu@%VSH~qJZ)!(dlF7T-|c{SYCb#QKm+H`
zOv4XrYBN0~PTCBqtEDM$TJi88({!pfh2Aa(*ks?H$@I(VPApC{4f!`jZ`%
z0LSZdkoFm1oubF>@5t2tLas%J!f}3Q_rp{H>@EU$A<_!61}aZ?!Vv050KO^-pkN|c
z)^yGYXODSDvp-5Zm)YO-8xE8*Tji{tIbfj>^Hm0Y8)*kn=2Mo>alg$o{s?;$e*=)!
zis8L`qdJj?MJB@JFIv^8wBm7S%j;jwnKTrIyeL`42fr!sHTShqc(491#%}2yTvJ#o
zKdNSI(b8L0bM-6oH1Lw4v)j(E>F$uHK{M*QAy5?DR?KaY=BDgEI6R6C{l0?IIJBj!
z66W9a;O`8pY}E(mLN*
z>r^UiN(^*}sX)H`cbqRBA$=op!JmPImdw)1(oc=!{xJ0_Lxe*j?|nJ4E?T@SJNu;>
zTeWgB6GzGiZ6+2*4Lo4%zhGJMfah
z;KEZ%xL|Hj^S&5>)eUmvNlx^PpHb?<0}mEo}|b-}zmTzD-HL
z27ZI|`{7Tp4EA?NS53=T>HTW42P>L%yg-yw@`g-i6xR|x2
z1V8H4U^Ap>O8*XvObgyp6Ro61ov9F=fCFU70g2b>
z5|MKlknm$?Cck&$&y{>D$(8MGszFqjA}9%trFi+dGJr)*4z;O@*O1ig;WxU8AJBu^
z6GrV4JvBwNv~lBFCE*a#7dj%B`2x^)8G=i@fG#w0C!*cxLJ!R&k>6DbmDGhl5+i^+
zzG93pw7l)|{8q{X#-aCHi@)@Kp{T{RoCRgz^qs~cXm;ll2BbVelaDQjZ%ywK24B{{D-5i+d
z{+#?S+BDSvKjtcl=e)i7oyd9X#BX)p#7*s{F=Yq3M`jUu9v<^A+PZH_Ex4wwdyXl9
zGXW9FEW+Q46Ki%{jFVd3NH!X9h;zVRF@|n`_vElMF(|`W$f0JpHP=VKXROhRdKKN&
z%?jP7VY>!YBU)5Rgw_UmSFtwT|E6(ar>sb%#VU58;!^N>8!O@`q@~TU!;}RYX>@Qw
zL$@b&8ejd?TNqLnw2pa?OqFbuVe?^D8mp-?E7=8=j^-@%!T1CL!vUANy|P`CfwZdqIn
zq~ZOxv6&9=1CU+O{fglNBMK6s+>Uo1lOGA3*a+nyqDdkYWvE|1z1=@|!|F2U<$g6%ygv
z-C%58x2qUz%{OBoZ61zVz$GW5JTH8EZo8}bwh;;nA74BLd^}$H_*5ta@bRtq6Kq32
zCw8~+bI8}j81==+Js7sv@bS+cjqx#ajm}bkdUlcQG;WZW+}oC}O_(ek4u~nZCm^GY
zx04ddy@L>I+5*&j2RZVjx8iNMnC|Kch9YY1as0wXnywFv
zPX~;dSse)qz`qeKZeC5$SD0mJ@v%Uvp#eFrfGi>6$Sz^wF0^IZ@VW3iN3|lZ+5Ai{
z7LT)6zdwegwx>-z+L}DF3#}MYlgu?{v8v|B%OR4U#<=P5NMp>yZAsQNt!ZR~mqw?`ooU^5P15da{q7EBcN5+2$T&iIi)mMPrX#2<*45}MEa>Z=^Uc+Vkl0nRr_$5jCM&!Sgo23l1fBH`V;c@D*XqInF
zO3}%a4@GWh$HOWsWUcW<&c))Zps8#`EzbnI(6@|wnZcgV5Dh6^i4HNlQbdQez@_az
zxQ_}SBDC+`KCQxu*_vrMzmD&b!pZAiL&3N5a1dezz#)%?(K8JtXCoPkx08qyZyV2P
z=)xAD$F-2WieyYMiMO}?5tTGrx~LtLrjP&Y~)p#M34c)
zE;pBv|7%0ox}L#LNTnOdod!BsE=cMF>QKsKHYdB1k^)BXs6!?100Fxbl|2FL06$oh
zyp+6Ql7^ws{OCr}+i;`Z6_(%9i3zE+o)M5&@0PbRWsgdX?;I+fL=|o|XGQmk$|M$*
zpTaNK9YXGiyLcl$bcl-N>E%Y8?2q_gif%OGa#Sd=v+I*TMK3B!T+dE6
zJg7{=pG6IOv1pZSxNez-M@0=ENp1KK`0Qzxb&IIs6=)c2aSuShY$@gCXvgAw5>|$4NtL(^odj#1WT@}cfeIPw*d`_CjaXAjWvI)!6dr9@+)83+%fj7QH@xsP&iwIJ=tYI-
zoyXH;VQ`s-2S*M6nA-3uXzR2QH;5WuklOItG7VoYgrIW$Jb0Nr5egBd*lychB|8MK
z-M2$i4~k@HB7XZal&|PM(`WE&f0@SMYpZ)Soi?{HdclFpU)kRQ<~07=@%K>y_^X5Z
zHDd4;9)o9v!)Yn9!saM6=Hkpu8mqTxKw?1I)qwKQ!e~U#Lf+!Q2v9N+D67xv6&?uB
z9iZ6Qy&MQz_#iC77K9k9--}6i-;RHh+Iuomm1&Iki#&Q!RxasDEZ=l__-;smL-`bwR0~y#_YljcV)uDYymi*Lo7~KCJofVtJdD{0t>1yHm$1yFnv8crV;v
zF?jrMBSd+Ub)XNg=zrf0>VvIkUYE{fkIlho%GTR@A&2#!CX{J-Wz_HkWJHo|y=Iw)
zher)t(J(liVjQxyn;}37J=)EA(d^hR3a@k;m@(Sju*#m$e2~zKCJx&#l8OEB+n0%a
z1*pGmTld{)7BMjr%;%9=P;ea!a!az$zRiV&p-cF7$%i#l+e()>ELJ*;`xi=B4-$7r
z-R3pGWL0NC%a$ffspmLV;*ErLjrE9fm+I
zO#|L=1)3|XtUwSD+(3Q|3CDg`%Yyzoj{9$5T2>#e!6|zBC|~iBp!mKd?zP~TG2HX*
zl8=DLZN=Gc-yuB-js|LKwT;byI|CPiW^MT6ReAZHa>2
z$T*b*&s>vEf(;=Ah6EQO3JNx)t_VpG%FZhDe?Crw=a6f*G+2h;9u2^#-M68IM0VYR
z?@*I-y?Y+kZ6Z`_atbfGA4?cr)$99@OJ4hiHrZkUUf1W$l9I>rgVc97`2GfA0lxQI
z5TVt>_tp*}P;VJktg9qvq~iNnL|ADoe_Kn4?_n^4!EKbZB))ZPY$Mm$a?O8=B`@-s
zKglA(mq@UAI%e5E5sn|gZ^iNW2Z1_h6)yMV{zxcCgzv-c^T$8?YK2AB1#8=1HM4Ft
zZ6wWHB^&CI)~`Ueg!>Pa8oF^~+@R)$EZ3uWvyZOKtOIEt{~$~*5^8dyu63MZdHynv
z-aL_`OV5Lw*B3~1jVU(^*uXyAQDONIuly8K&J{RmkG_Wdh2!AB1^%tb%zCqC)*#8!
zbAhZFym&S8Xdj93*ZJR<69~9!uMiAu-rPVCPj+m%dj&SrHrIt!tMKW$Xy7$u;O^_t
zxs2U?r8CUc@EFmy+%RrDxO{AXhS@P3W@~4dsnD1!2k|3dMnUYxFPSY+vuVHD-XFHT
z(`nlUHGy%3iJ1mPQsN0sdGPVh9f_}|m%s)kO-1&$tg7v8hT9!5@
zz9-7{g_L!L&M=EOq-NI7fF#+*bff&JGW(SZ@-%oxjhGBob950fPXH+j=qW^8>JuO2
zynPGoioG}32Y?0o0v0S(z}havYk9=^Ohm-?clIJyF9!8c>)6Us+D(QkaYe(9v-M@r
zOhny-djWMvE9&Nt71TYCKfz=M#IX}^705tE-cYzED{ENA;16&jzzy{n1#4QxU>~>z
zc&@e2AHx32W&?1p-A;gK9@LZi17O4CAXT{4z}o)!NLh>&!O?H4gu%dg#wWtE+29%9
zbsvX#*~~ZTg@j?qvOQIEeG{oyycH+bvkz4_Mg^Grt;~uNqf
z%gD*V6_H~ffh#xFTcm#wBIh4QtydyaO+`-N6aYCn2Aomf;E{1?)_{>89!zOKm2cBP
z7UuDtscBgLbdABK0QL524!dHrN07nH%^rnTEe~;i6|@^N36?H?5LN)uP(^+=3-^$U
z=WMP|g-LcKm93>P-Q639m2$VS-zvzsk~Wwky21c#tMKnvu+?d3TrKdE_+~>%INaZBBMpBw?#im3y|KP
zlg=nRQ(GvbT#qzR5Z;QbO#6u2;Qe|v&-mPIqs)ns|+Wkx7
zhN-pP+!T*}@K5bTb}9&z1%*I&($4@FSp?ww5rugIc42mPG@tPlz7SPfAe`PxRGEoJ
zApgJ&4QOPhK;o`g~5uo(f?EXauOVk2n}cMrf9ec(JS62(J;rs4*(uX
zHuCHXyu8ic*rBqb`zf$dejc?yI%*6tw4q~0L~2=Nr1o}Edb+Y-(6em?QQM|`4=4gN
zn(^VrUWzw4RrJP&72KTxL)jv&tDaj#ez6~6v(bRIv>t#QA&_8wR2ogKHE>hwZ9##G
ziOY=dmyU|qT~LLZFJ7Kb+RZs{CGD(5uAJ!ni^0PTd$q#xs1STbhD+7(&gw?Lx&2bQ
zDj~N&N6Q9aADAm|1$K|yZ-Plibtyo-eV_tUxP47^T)9cWT-A`u?MvwZr))PG1|4c<
zd?wt?V3^L>EQ(rgX9f|cX>zza@^t03mW(b$0T|Zdx2SC&pJ4#PboEZY8wNZ
zlH9#rsm76oj&Zb)<9wgBK|PG=!rr5w*j4d)DuN)3HV>bNI*0~7KP0X5vu)q5aU4Qp
zfhxa-yBcYHg;+Mbyr2SGZRjoSjPX%=%Ia8w8-EvEEf?Vq5jW*Vx57PCUIB^L7v;?GPp0=a=h%a(67yZK*=
zk&W!yEG7z_)BNB3v&CTol8sf2zh9Tf7AZ>Jso)6)_5)hRZu{Y;r>56m7Za14!0>1R619KPXnh^DcOa;Dk{mCs(
zM_HP5v{Fpt{-pA=uwek_CMF$^&1aLCbaa8rsAqQE==X*3On*{)D+UF&D@4*U^IK)4
zV>nnXoJhKKd~hoJvaYuy9VZig3F%muL-!>eml1c7bbQF@BxWxAl#ZJaFu6P|j02A8
z7QAwC+bM3uzhNUw-C6wJzMEG#DIu~%NIgAt|kj!wv>|KN(b^G;V#$Q
zl$W!)CT#nEIg0}+s{N{e%<*Ax3RUkSPlyZodYgHhN=IoB{_V};P_c;^#J(f<5M@(r
zuEm~?2Pmh&&lsCojx!Lk9jv`kJ^_|XCozvID(2~e?sa(U7%=-7GhkReqRz(k
zl($BXs%X7QbXR##a3>XO&dr#q9mRDn?+LCri4#b1D*ppUpyX+a)Aa*S;~)??ph-c)
zK5Gg>jIq=Gz-P|$`A!fG%xy?}ty=ja#1Iij+ac~_n4=YrMup&GFfbUC4B$li;GKGS
zM!Ngj9A|x!ri9;@<9EbmzdnlP4EdJK@z~pbnz;$LaVt2z!lDsB@|4jCrd)A=tAjjD
zj<|jg+}&nsXxI5#%KX9LJBHmwCA=oqv4%=qAQHvtPEht
z9`w?~AqVL^dUPIqjijZ_<5Y;a4{u!@32)H_iw^b9ry&w}yV&*PQc8G%8Vm3G=oN7F
z_1#2)>t(V~4!9*eqTSzylM%ran+qxxgZVIJ+C*D)Qa8&BbSZw(V8nP{AC2LZ_)!BW
zoQXKd1-gPH_^`LoT9DC1CnzK;l}>v?=^Q{g5~br}ydgeKar&O
zvlE^XY*<%7H
zB9##Fx79HLI_g44hM|kWj`R&9x$UBPisW`3DP5+_N7+U15Z_`@jo#xr#mSG15R-Cm
zz5JP1hd(Z>>%k8eI`+~&#_Z+ZWW3N`-b3FD!=FzXO!H`uqYjKb+DeADc?qI)sOE1X
zzWK{$=tUFVhJrtby6S#Gq94uD_yv^U=D;0F0hy-s?OWP`L
zLSDZt5R+0yt>SDW+Tt32RfK+wTW5(0mp8HbclR57%?jenLNNW$
zHxC9f;eVL!-xu1W9U45yK2+}Km~Q_;`^7F%yeHH`E^|jdb8RlOFrT>tH?oe+EIj+@
zJd_#aU!hz0ePnJj3k#EQI65<5-%UP`u+fGapgTV_B9LQ*q;rQK>Sy)-R
z0i$s7ChYw{^q%bIP0=S*b~-?`O<`MP-8=>LxJZ@m9C!%7G;>%Zm=ed4)%-;8qC|UZ9
z)Q94O^#BD>g<`I!A&2Jc!Mc#SjRUtGZB?WLU!IG{NC&PZr7_>74!vShp6^2aXX1rw
z5!8Dt@F&69vcTaeK2{Q5_cLAlspk*Y0O3dXz?0)VFJ)FJP4S&HGb%v6YGGJssOHA3
z2@mXLU>YpgPXpOPdsm5B1ws4=6VSa06BUuZ+MQ-0uPZgWzSByM%rUrbkg1ECcD$+?
zPS8XPhaSypstOBsMNyTjw0M@~UdPXfmWj2XtuV6lYql^Eb-}EIN>@jmM)|Ip^*hz-
zYLSY;GjybF#bQwLT>^wl@DNym1EPYr1X8TGQg^{)451Z*gm!S!B{IBH$(?%!TWivp@s8Iu$$YVg<&L_Q#;%N9cE+pbhz__#w7Qmo*$Wop2K}w;eqaOvm1;K-QV!C;tU3LER1+fPy;GyI4$0o-hz
z9ounnoq5Ym&X?lFOp{a?60vYjyL590j~Rm7a`nse6!IlwFZ+|m&GXF%Hu>52~-=WNGM)1CxX`IOrQfFxC2VBvpD1G0~
z=97->;$Uwd(I*2EAGU1_Z0Goh-s^t}+q$J6#DJQrusTeThPNefT#3yXY&Uu2@_Bg2>?V5TJs>LG
zat{tXs>%-RF&(!?b5*wG^mh7)GOByY6hnWxeH>mQ5*E({KSZXjbRc#20eG>}3!}Dy
ziuNyzx;9F^o=;a%zcc3F4F%aEN*
zd~4}bQR&Sn1teY~W(Ou{30>@la(b)tsq1qOolL8hyZ1Q!iQyy*4@L@$!C;61Y`WCV
z&tu(ep`e8_?QbK)#+cUD-w(N#xjrx>N?U|83+sJTaxyYG#>>IQz7Eh`P0>r
z)`PKH4Jar=;jkfZTA5U@UGOZQ*Usuzu&95fucSO>im>BaFkF2IA^m9V*6=HFJ&$TSaa}c__;N+?qPBQ
zPxPpcu9+u7hx#OLOSIT
zGkCg1y4vyLG4|)!OSaF?W6fO0;;sRe9hGf4=0aJm=Ha%=j+USyCq3bt#d9i4f6V58
zN!zJyz||&=`ThZzs4PXuE}6Cq>|-%l|3KnEXDMe0=D>ZdWVVzuJ;wKQnCj@()PY6o
zgvkbnBOy>7gs$Ms+^_`gVfP|wXtA|ZAK0RjAhxC=c94m6!)yqYglUK7HT31N<|Sx1
zKb*qw2t7=w>^T+wPw?wQ(Gl(!9HMA?&Y&qtF92f`pm#bD^OiJc_@=F>)mS?-Alf{NKg_e#$1QI`)J8kCmQ{
zQYSm2FddAZotNPd+h7RO)#otFG103Eu3(1fvZWLsCsRsYnuT8Kv@r@-@FwIk54uKK
z6Xxv%xL#d_E?}h#=*A?(yp08-5bE&?Lz&l5$;?&c8;6h0Jct8^D8ps;Fd(M9n^`Xg
z{lb)+fDse$zQFm!?|zFS2WJN$rqGBf06zcPRQ1~c4;K)iE&=}d^N1t{L*|)IC*3hl
zC;C|Y1z2z-!{0(~l-D@#cd}INK~sE4U^wys%~|{o*zFDQFXYHk^Ttvv1~yRCd=DC1
z$`U2FoFF|0r5(dQ2Q+VG`y9-Sr`{%tF$Bwp%U%c!X+Zi79G&i+$i{>t<|AGQ3G#fz
zNft+ta4761@1kkr;~HEE4L1N146gKG|)N5eHx*r$yM87=*
z_qFAE#&29^@iiTd>5ub`m{K_eAEx6sY{=4Sqwc5%;L9?
z)K8C*24z_FXtCm+58erFrif$QS`2!>1GF4ghE+=^kyROrGjH3Qo4Fj>fe&l8ZCZ}Z
zWTsd0d+Xsj(}SOx-m^UB(2qKnZ@4q&0t0Z~5IO%}+JLJFiNpVW_Y1-4fpQ7hLlXeA
zFs;uQ{M5lpfReWUbaoMRuNGJ|5|Xw+A~`qni(GRrz9CWByys;zd+Am*@A@z(4d0?_
z_<92>i2G4u#WpC6#bdr|ZF!3&_o^?})$*4?TtpAH--p@DBMc3KpMqe~DI}nw7tJE-XKP|ax(nT24^aUx~C4^Jnp(BOKg`-lcI4YPGhZdUEhSBzb9Ha7$Hlm@YrK4$j?
zv~OQypVruS`7kK{)bD$9vN2Xb$NyN^6rU{?>OQp5;HXi04>!9ahAusH)Y%TYDIw`Z*NM_-6gW;Wyoo$}3r>$<7cq&IQg5WH~jS>mj
zS6&fV)To8W0Wrk>=b@wK?7VNb$X;d0Gp@`}zVUJtNbGeqAah~wJ?*Gz>=_cggD
zL*Lm4WoLO6XW&i4x4?9gfuDkVQcfd)U%oongVa)Aw5qtImh69roH$b|UvV5bu3r_m
z+RI$GkW$-lb0eJe@}<{+Gn~>$+w|yt>HwYoRl3{|wZ&j_N#dkwI6FZ?qIKT@d-j3J
z$=~*6A=GP03-zgZ>`AziH7_Z{NMYM@K0zmEcNtw*5nix{F7Xfpi{tV1I>|+dj_vNsoP}J^|RQ+`qqc^O9kb>Ad3-n1INqMTlA&8+xpil4Ws7b
z+%5#u2j8Gsisx@EW{q^5H5PTu?`23Y^reXbG5BFLL7_6Y%Ju5q*+t|<9xF8j?#U=h
zC{;iZGq}N~veR=4t>*gnviYg-aU#Z%B(5WemS;ObcTyC8i@_A~Dn3_%51@b^I4`~D
zKR-td^(#`)RC$g8zpYX;3#WAvk!kCq$?XK+gg!%iri4L}aJTunk{t)#O#S_7GO?f`
zwWe3=U-U+6h5O_t!BgfgAav1K%{Tj#_Ob^NuRvM&+wumuv{R71_M6*`m>K6)IFpKT
zw9AI$XukhuajyhUlpY94ZBVd$2p+B$kzJh;wS^q2
z9*cZwvvfG(PonZ&j(83pWNf|-;LgsNM#31KBBV?_!f_KvUs&qfI5*{*&#H0{f
zkKteN+HL9hU0F(I@FKR2>12waXSzyv#UYUraG5i2XZ)lr2hzLBT%&qC?yI%*pb3sp
zwuz;F2u5`-$8e+gb{KRAUyKw8pAUt73*W4tuzAX57Lg%aX}psXO%#Wiz8Ndvgg$(f
zp=lfujcmVcT1ORUJf#kL9;Ff7@%R{KAdgRiPx*m+<8eHNQtPRp@?9vMnCqUHd)*vi
z*`5N-P?_JIbVi#@JyVOZK#ptQ)y{mSCt}+%d-Ncx_aJ$#0a1;lhu~(86i+9{mp8!&cl1W8<=LLX
zEuOHD_&tG|M-UCq*sY=&#JFWFQN(o|VX8$B_w~4>)phfQ#6v5UPL65_lalFwJd$s)
zK4_MrUqDt@YIr+pYWI^`z?sBnom?Nm8Z#g0wl^6x!M{h~SlSjP=8cST7}!_v8SP)V
zdwagZD!muH?Ni!={7Xo`x3jcyyIB+61lPerYn?}f-%|v2+rrhrQm`#EYO#~0#LO6A
z2DJ5;<(=IGH;bi3zD!r+k3W^&k`w@suPiAZ(Dh18S}Pt!M=ZG%{WCaR*lDm0=0@;4
zIh{wgV^t!)&4jZBWF!z^ag_-};CoK!Ox9G;eG^18I`MHhN#dU`w$_>I%q6uZZb2sc
zNUC}6jiT)yL-WJFg$~uN0B}O0&3ED}w1{!?iwBnBWTV$^14DrVv6P{+yIQ4CB+(B4
z8_d*^4x=u6F&8)`Vgzl???4Sg30R$`w*0zUqkfuhKq
zNW+0-LJ~UDIx+W}*_vGir_mLN$Fh6|^%=BqFdKTr3dGOBQ$`>zhG!FOgcTgn<~ZLn#B}j2h^(h+t^Kwq=s=S2
z_?-N%<;pG`Axjq!1U^7)VWC#u3Qes8E1WhPv7STIs1{w)T44Z*#_?o4X^p}8Y>MS?
zkG+HoO>7zXM%vi6cy3WoY{~H0
z_W>l=(yqX5zz_l0ohAwb*pw9ErVfyr%GDSH*hBFJ{ZA3@4$3)j8}H8*1+|WD=(Y_b
z%M^?L9yEN^m(`kp4*K2PsDNew30$ix<1{iC6^&7G<3w#TUcswoqdM_@PBrX-{ZeEx
zXrV7``+}}B=5->pcW^(X&vNr$CD#NHioqgvw#HyxBJ%di&6gles&l-UeMH|SL!Qq-
zAAinuA!S4t3NxWM4duoGXppQJED?L5&b&r;b`En8ouL++FsiGU-{48Pv02()5!xEG
zDF&Z_^)!EmM|)$)VW4$d#xUeeG`tvS{rXbtMKf`&Ej+y;rU2n4O`9N2;s_na(7@H;
zY4Tq$&{F=z5A$@uPvJeeIv}Qz&H@vp^`BiOjkJ1myEX22uIk)=yQe?5MEj&SsERJh
zXP<3K=1AkSODP%=pH(OM>|tq3pGNp>bBK3>&wjrZK#kjO!fW$2p*~Jk_Ms&9e@0W8
zpi7<6!Jz{Z=0gCuD><7=+i*r}!LTM~GzZd^I-|ICigBkR=~QvaY3gA>Xd;B$--PSt
zabq8P$B&*iE~9rYhn9%+4y{s5X9sP&kiPy}z(lWA+FHQL5V?gQ-U5i+e78#*0TecP
z<&BDphq3wmRq=;F!Fl>Ny6=vvPf_sxKX5^4>
zuotWi+~qU13gQF94Q7k<3NeojfP(|Kn;Uz&8ARj&LrbQ0gl#$8Z~2(CtUybEN@FMM
z4|kiEC4NI)u<)+&9nFAhkK+TLw_D19fAm{UP91PB(=wO>e^a-HZfS=;OFAH5!Y$zB
zgfG9K{Z-rp|A*CPw?oi{SY`321G5h}Dfeg5&bFD)P(s^u!8bBLTh(nM3DXF}yC#SO
zE_gtlg!!PFS-%D&b+DYp@Q(4P434c<>TrsDq6WoIt&u?0F64^joOStd({A
z+n9aY5&@ngzvwYVKf(p5bGk5QKvQMWShnY+pUiwLaM%MpKobeBo`ApNo6ULv8_<(<
zrQPn{kwrLZc$vB-UMla)aqOQL2KEP}{Z?e~)&1Q}ORM!3%YP-#}oftzIWRiGinMK{_>Rxob6f@k4zvO#9Qv*untxRP+3xx;j;8cZB
z$dnU_wtxfd=b+<&3!6+C`ew)D32
zyVwKFqa90LEwLH8j%%wUOJRO93!f8@}
zG06#!kH`14hhJm9^5!Ptun6lPZ-@e#W-oDD72L%kV`uLnob{MjKm&y~_>1$0qoiZb
zwTsW&!2S!mn)nJ;gde-slTn{PiDUq16A)*DV?!9_i!XV=V$K&%CIuBe
z-J*$N==qb1(uwGxjU!C1L48?)0@6lBSb@9gW9D|cYZf!ta9$#Aa0Mgmy+~bX>r9im
zd)RvmVPy9as?teN!QMV;V6G)#*324E27#N2){77rl6Mdb%98g#2>(L>`H>0`B}Cmw
z`Z|ibyU5|_C8Fp>C(s)5?|?CPWNC|59Px(GKb?N8Ahl{upOmdPoYmLbCLi5NY)THsAWDe
z>Twn|Ky2CJIP@Fo#^~#b?bcMp4-V4ax6Ev-kQG(bDh5x%ZNetER_?%%br@lV-PX0<
z$|6<@FnL+h6`A@Bp=(^Q=VV?5>VT7Mb`rr36s0b
z^d7^AD1rh!hN#=rqHZS9YClWoAg?yG1Q;U=_#!+c^eG)k(W9a{j{YWk)LjHdm&)ts
zshO!-6;AyPIK7+(tWRWhLZ3_XKqx5XRL_0yx4rp^w
ztO@E%J^SOgk$C`MRUlizVN(xN2)i6nkh-vFSqx@dL271$&ZZm?FCqLm>UPe%Wod&r
zoKc(u7}FvbH;OB>{Y5SZgU^Pn1u?1sUn4w?NWlN7-_ctT04M-|lhiCM(K(
zH5J7R)+&qvxdo=#X|Fc67l;In;O6AGYl8nXWs7$bJ{E&tt>Lxes2+7=>m(H6SfA|A
zON`~Qiq!`o#^BGRR?jh{H?W8mtbv7b$UN&8{;m=pT)vFh(PSgE%_>sQ#Iqr=ID
zohFedttiT&)T-jJ(LAv@k*7M*Gw`Q7xjE%;)p&0yiAaNAeG*fE)?)t51E@If3
zqG^^wEIqZC$lkv${+6G;zshU1n%VpMCmnq?ijmmLv-cUXj|qMCO)_y(Uww;SQ;NPi
zV*uZ)zA6lROw3V2VZBWzwF>K9cq6XDdbgTAgbM2_*#Hz*Sm$jn!;8YI7P$aj|LC`z
zEG^>-YcJC>Qdk%H%{EIN@GVvP{($@VE#EK!kGg(VL*8jx27@rsn8K=*4#(MRqOv}Kau2SgTbEQ>0LXP8{
zA~qMROHg{)z?gvF0nd)A=%>~HC&Kb@4eSUtbeIV(NdYIHA51&
z`qko#CanGkz(txAeMeG{Ol|`$X-h4MHL%?nx>}LieFtBpjxwIG@c}+3!t-&F`nReH
z;qVc5I`w|b#nLh^Qn#Cykw|q56+#*QN$P+zHkHZy1K#booRm7??xtmMC}cGzQqw{P
za7C&Y7*TRLKEO)Wz^-iw+azU-j$0aG?3z{5JxHv9-7*yYuhJUW0ElNKb+d#?;!?ME
zG*egViaSEGE{C^ZrS3XOmWtF}2+uqC##V$z*1$r~Ahf7aMC8RBkgq7>dyLb88Ppqc
zdiB;mJW-S2X}BYQ>1z|>v0;BB0F!lzW1vA_d1M6CQ!o;tDI&Xxx%VdK-U{{rsHM#a
zCF|v0;kzS&jEOlh?|0B;j+Q1O*lnaDwz`&J!Pj%+JL-ijJezi#J#cdqx>A6mV(=5m
z6EQU=k1x@C9{DKKVvIy_DE}HgQfJai2MrU^(hZ^!
z&0Ky<-8;7fmJ&)Smoqnnu=IcL+`9A)^8VhrukbFKrMSJGA>zD8#K*D|zH9_K6lw!4
z*gq(bMF+lqj8K>x^ie|
zq>JEI9TC%GPz1cWxgc>a3_c}V8KoW`nGpXoWhB`zRB4p^dUz!(R7)}VTOCmVE8EnD
zdaRGGah~e)FTn*21ottVE2dtW^iWIE+;c6ZX4V`cLERe{g5Sf_L#+Tk!bxDRMRua%
zxesVE9yDw#(ERE%fd+jDH251q^8*7-_vyMi*cEMy-+v%L2qz^z+qKB-1eYKlBtpTJ
z!Os{|s^fJYB{RM%W7I!Zn%oTvmb!)~4jz;yA81qW>6zM)roiw~AAcE_sq#6d&LlZKe;KaDCkkvLGYe)CW
zZ@)1M0+OzjMDjiAs3q3fzVj7`&ULmw+qSy_W%A}WVWMcA?W!-xA4zq;A7jfnMUzf*
z53zJA`~q~_D}L<&i@VA0+kL8i39kn|gIx2Q?yST8Bv1@Yyiow~6W@2Hzb10P&Qap0
z^&?q24n0tn7*ZtZP4wezK-ijA
zInvF`ARW=6tt@l$V;_hdl8Ohs6&
zV{RW3flp$o8IgrEb4UUE>&3J|L*`uBq!xehihqRvI{;?*c9Kg&YSWX^!F+U3Zb!uB
zyKzoP37CxmH?ucn?UrTk<|@V_u81BkKXf5=zW&Df35f{cnuZ%3iqJcAGIw7(^X>{c
z%Cd-jaTYXfX_##^`6FTRMWtK7D_qNKGx@RGKmBrrG@Oj8fVUV7)hMe2ZWI0wEACSz
zanBZb&9yHCVH7+u3b#=u+oi3U+NK!XLxZLpGcXwL+r&q16MH&_0dyoN(t17A?KQqO
z=B}*C`mh;3zQFSfB1=8*$SS5$7XVh!iAzxVZKfFPTaU^ihk!dAUbK8eW)TnG&FV*A
zgJ?kWPVfhis4FkH0lHPNXyt3J8uV5o?-m5J{1k&(jcJCYy8Da3)+&AItr*+}0aNM2
z0L37S3_??`$J=7GE2tUC;5nk_tm7my_y({a+%-Is!6l%Sk-^)jymUb)@kNJP!HTh8
z-$O;mzf0o1m+*~YcVja>dRazQ&9WRflT&BAk9%kR}zPj
zBAO|Wa1zP8i&Z5Bt&HkYR7wM;0zrqz4b2C02C+<-vr#Z65o}3+)j+j@gd+40(b+Qn
z*2g{Ku!@s-PNh1DBi#5Q;-j9B|5huaY7g0=o#;M=o(ZFbG7;6Mw2vkR+EcukFc{lG
z9)V~-qS_7XNVG_Nq^-`5WN^YD|$PO5thhfO1yGD6Mp@USN;OinDibX
zSB~Yv;LpP#`_)uXt!ubPre}tJehHQDUmFnM?;}J&OQv^3=_RyXss5ZE8^bWLvqX`^
zkCBggB@)eGe%T|{bT57?GE>Lk>HkJ9F8wbC72P0m@d39P^&uCpN$8@vfyY=kYI>hM
zCgfssvwOvtiySL^a`DM>0OHBTzwstrF8*4J)~h2IJ4^hXbbT&BhbxhbleqE8QU~{$
z%3~xK1LJaGeM~Y}YF^>KPcXgzQC{Jwl)S>Na6O_qS&J0e=p-LHa+;F_Xeg%_$YY9}
z-t!)%!{<$R=6-a3HoU671Tf0=ouYi!pIl#Z9!8$%A1Hr{y^%cMcyTbr-u#CP|K(se
zw)^#NN(atoLaLLv#0Kta=t+1uecdw@VH^&zqi}Tnz}-(VsK>RV3IDsyeu}5XZFgeV
zdaCq96yRmtZlK;xu@7e<|Le>%?yCp{j0C*3k3G?uuNj?LLe_x42ZAq2_(*$FEdq1p
za5Dwgo?(V~VRu4Me6HaP9qpcg=<`_qDi)QaZ!t!1N_K-mM5h_*b=6^ntxMfqiFA1E
zSdJPCRK>S&x_|SP7Mr5^y+w%e&qD?1$v>Bp9Mz7fu`^2x{Rplfj#1mXM3
z@WN+b(8V&`)FY;yV=v;^QF!(uEe%sV{||fb16Ng%KK>sJja*79D=XJ-t{EB`nU<*)
zniv@t`KQb*MM1$32rfpZhN3Qn7!|f=W>i*Y)|!!-sZp6&xkcp`+gh=$*+r?SwPH)S
z-}f_f&OPVcd(rmu`Tkz7@9*_mU)|pKo|$=O=9y=nnR(9PUR9f_VIOMub;0{sA(B6+
zu&C;66sI<`;ZBPP@k}x7l%38cM9BfCtsD~1H~rIH!1C#4atx;!v8Pz<$zjQ+*sv>x
zV~8zbYDXG6Jw9^X5DA$c?JN-U{t;$U9c6*|x0(*28>Q>nmpi%@JjKE<5LvGCq2;?B
zTVi@54zWIX(b{~G{^xqevBy_p#x%|SjN=^=Sz#d#3jI}aZ^_Z%aKjt4n#j6?KlmDP
zj`MiZ0cC!85cf@4o@eaftl=mp^AoX9$H}~dGT6X2>tAw)EDbuDuNIGQoy=`pmY!G#
zmyigHsnCGKYUkjdueQCmOqcm-Z&^X_Tq}3*kegn$kO-zTpLmIGfkjTdh`o2-eXev<
z#i#F+_*l@1QX7NrT`3d39kaez)*#ys$giBj``@eOjbGQ{28(ia>T)682X7SorxK~!
zrHpRD|9oLa@ype24!kwsy=s^A3L|q2S;<`~_?W%{%<>$V8OQjQfud
zmFvRMyTAK`UIfoYrTXPRxK;|Q#S_TBnW?*hh}v3=Tm9;t)AQBy7X;?RKK;elmFWj-
zm&l&IRQ_I}&eZ4*HWta{v)Ci*p!Fia
z`d17J+fm!vtl<#1ufO7iStdI==eZ)V^737o))p(+Ofk_~-)z}=So;$*Jb996RNuq?
zq>0fCGQxJ(E#|%a>k`k^;M{kLA&U8)veLQ
z`dHaT$NsN&(G7S2{C8j%ZEzTNRDYtXUdPY%>QgVHdZ4L%y2M|@
zoM1QC-rimQi*Vaaw}5p1o{CPWDKe~Hq}TecRytH$oadPl?KlqAIH&8E8{FmNzd%c-
zB9#M8X6dRBH91{#t!p9&do(21`VJ}YCA&-2wy)%4*zXgzv}#VJ=+Hg0bsp_v>%cYy
z%dML3&{nw>P&^NBuO7x?pHw`r#h8DV^u~Vpm(7(rqpIFsE`HdR%<(m%&S4@Ut}i42
z)c3DJt|Hi1Hj93$)pk4BCa;y4pSi2us2+-NE>{ih9RJi-+_f=#iYG(Va%ImGdo5zU
zidCKbpRZRBs{Md@cG#&OW1Pxv&s?vL;f$a=kJwum`^kGl=5b{pf~#g$5G`*
znH{#@Ye7r)(+r(i;_ah)9IjaH@a$FoAvO}eG!BoJlPOfUSCq55MeNdAG90#~-Fv8F
zzac;0YI&*Nn9IIGZ6rSCvW`}@w->G^&Tz!Nuxmj%)qT_ryKck=e1Li`#P$P?`?Vh!
zrn;&8z)0kwTf!+dF@e9)e+)+*vh!UPDWj-#GfdwB47v9s^FzM<+frAkyE7+!jcQ2X
zg!zK{D9aV%<;g$^`gE6Dl5WQr)}K_GuG18~SU$GnPlD&0@<)5riB0BPv$lOT-*06X
z>)Zg^lf>>`@M1rhb;;!r^vId#u=UDRYkebJ8;0<ssCAR
z6J;AtQDu0yurmy`UuQS$`8Qs-LhOd(X4KBS&-@ad3O=>m$1JvY@GmlY!8`cZSRBk9
zd{>FEg*mkZx%WptaIKV#V64@y{>yZ99%|NPyHCDJ@PGtp_}thm(uc^)p7jvG;enr{n(+l
zL>&Cg9SDrFOpm-c>t3o-{WIKBoS*t;C_d%)WJ#=7cOAmrL>2$z^
z|6mfkrz+#lexy|;{fq+;8h2HFer#Te(_feET+n`#PNiciLZW=}zQdvfcjr1v=Q4EX9;;NH
z`yBY*l5L9Fsy;M@xf0yD`{j6LX8Bm%fN*^4oHw*{8zqnK+#fmG_4J4m>(id>^Vd1S$;&g
zskUSSJ
z-}N+}+=(@k^7?j<3=4(iVSnEM?uV5oRyS_rgZ!v))$}g?607D!+wZ*tisr2{yvOnL
z)0tFv@L1lYNxkKxYnTnDxc7A%z9MvuxP!M(@A6%Z{3dbLY`geHR`CJt6@SVs-ak;~
zNmdzo6Sm4cU8ZZDa)%`bU}i~>%?IXU+lR|4m6-05M_c9hZ1sFg<%Xn)
z3;Js;(<)`u!+(w6=!PvP(iydTRpTd(Y6*i?OKb4lW!AX}m{
zUyG_=f94HZ_!{fM<>4UT_x&R0GPBU->anSIHJ}8ap>~9n=KdYq
zaNj*zYxN`|RkP`idMi-xPOt+KALX((>#dH0~=
zmZ&aEe?n=+zNq4sGrIio0Pjm{2t+LA4XW(;67tI;JIKU5}6WK$0f9l73mH
z6;dckSGbbCG?Q+Tq+XI#=1>Saul!MVQC$`_s=jN};PPcZD2;0q82G3uZmW@EjLz0
zgtKi*_)9ob%fiZ+tLErctVx{18t%7ku1+9v_weE`I&5907
zU-WwMx{QHqdFkjIt!@TtPqAQ!_{*DJ$HWA2^MS){@w|G29e?q>T^e;p!C9<~oB39N
zEuSjG8yL-Zny@l{$t7RBjG21oiN{#@T4wbvQgYO0M`C=hkY~nwN?=|jox#gi|
z(oRWw+m+PIOnO$5o_8fhn@JUt^nferP>EJYfg}~WlJ=TO6D8>uSJDnM=?Y02E=gKR
z=Dgy5=y$R@6!3@NN_lE(1s{w<){Y3=y=7PB1E-mF43U$T`1p=DvF4d;$HhCXi_!MQ
zv(-g&?O20j(~HE!A0@B3c5LGiqc2~{OwwzIJ(QC2iSJIi=WJQMbM4rm4t-(Pjv4aY
zqiw-0@2iiNtGxORbL|LJd#WyL7R;mS
zptZxANMqzYu08X)?2GI*!fNL*%7$Az`UG9K1V-2bKSpJ?z!aG__^xK!<`igEG>9;Q
z^Sage8tIE}q0IH9pta*f!h@DyS+GMqu5;~BG1HFQ%CQkUUPpMS-56a5eZFql9wjRY
z%}wQC6*fkvV|pFb>e6wDy9OFb{Hi8O1Z>c!iI$xSv4$&lXU2269ud?c59?ivigL<5
zO9{P+tnz`0Y$`?MEcU`IX*x-J@iSzFwR7IKMCW|*Q}eR^Iz@yk@3&hf1#NVmrWQ1<
zP+i`Z!6BT3$`lZMP$^q1SEUIPxf@&Da%`7B{>rlB+VHl}NXw-)NrRP3V~CVo-H{H9
zbo08>yvBoiQ*TMG`GmHWIuEd)`=zzIy!1mIZPlcVRQoo0+_cuWVmGoLb;}wcn=6;B
zo-*&l%GxYbUx{XY64#O_FXwf$LKYyJ6g<3|)EPsXChr20tG+w?6TeVA-TJ^J9eUviY%J^CBBy|JJ-lgjM
z^rB=b_7a-bWfNW|u|`|LNZH(m?ZtYBs00ypl@?_U;r5%&*)fg8K(A_j``GB0CN8Q?
zEF#?~ODr0axM<$!;(0~J{BBlFSitr;vv@CxmyItnCFoY=ZbhVYTMxLtI3E93oLCfb
z@LB7+h`GfS^BE_}#x-g&NBzQEwQ@H_jij&D&=7*Q`8@{sNkYQRZ(wP9eAWA=JQs)n$Vxz
zT3aFQy5UO^F5h2V6Zrb#M>t_6g&ngNafGJ*E>#f}rNAzm5@LxrOMq*_LNop`hBv55
zkLDYADK(k?s5iv~TVu#b7Bny-|Gn7VnH#rI%D
zMdRC~1(pSEu6sF1nLhrppB#&ZPTg*&7Kf%**{SKFsSEAYt3p%L?9@J?sUt~stVr5e
zzE`JKjt{lIpP0bRX=k9Qqi=zD+yy(tm$DGGyUx5L-lVMKn@e0P6T$-P#tPJBer7$W
z^<_xKIz2%?PcT2%CQKP6+9s(sAq{V%-tJ7uaIZEYk2t7R#lx!d-F%85@HCn9EFn@<
z$fA=#a-EsnBG%|$bk2D-ud;sR?^wjmqu(zLl{_
z|JmBKomr&TrWZN|txYA=ZLLjnr5$>0G7WUL%zNdkvAgntw_wDgmoKE_5><71q^o74
zU{1H+%W`T8iD3C^T*9JAcFXgABTlH)xupG$2M0oB{`j3O^KBH_c)43n`rcqUW5tDs
zwCy>EoCPB1C-+kJoS41Y_QzxxLL}VgkZ^@asJ54}l0eVYg4940T+5hu6lPL|1(i6K
zFmbLm<_(^|HH-HMR%narik|VicTnXpRb^t4jKSYk1c{YGq?8XFI#&-$9>+AJTh)l@$4BeR3k)a|n14*o@g;nw)QsopCgiy6ztR=p0Y
z3v1j`i%hA#2gzna#+
zsAB=^n)-%z=hEJw-9v?FVVpP=*F^c@pfoC20ZU(ztJ+qoI7m^Kx%7Cjj)z&~McO9i
zW91v+o%KDX*RCp6pKiZsU9~?F3(@tXKD8)z!0=c;S-FGd40?gp;UY^mzAdn;xmL9(
zIDZuR8$WWalhR+^4>eXTYRUyH;L|y}6RDi0LlscA*;c@#9GvKY5>l+fBp4pTui{`@
z(fAzZ5VYE6Qy^qryIM->V^$AZ5>#Y})S*+2(A3}Csb4Ztg39{EqwBIeLR0@?r#=;$
z`X;H)rm9g|{XsxrerS;jTj2Q6)Vv^pN^7GLcrZ7p*-7DY{y}n%49eLxO$eBjXG}(QsNt-U`OmmuD`kH#LB>bLkH1fFRjyNWS?`O#ReKEH%VClZZO2D&KdU71
z+1kYQ?0<~1@#|?-h3-U^_$&3ugSxM8^(}Lwd_&K(hPQ87BDtBZ#etphH`tBZ^9Fi$
zCe7lHRn3k0H!@=CD{})GW^!sNPFx>>upx=n{3Jb2L;u*2t)5QL>CvSLwZ5BlN0oY7
zwUe_(U&ivXja>3I$f%fY!hE)HP5N^+YOYP(
zpwyqZ0UhLDSIm!4dF4k|Wu(M0-)H9iJ$dE3nA}>wLyV-9gP)mS58v6iI|BEOBoI4JX2bp@fVR_FO3~~AjC`E6t2hsyU1~&MS6!T5@8ql
zSf)?V@n9;NH}8@=&j#^es3
z50NEg&_4A%nkWEC&1V1e+1wn|+SJD!D`6ChaYX~oM<1Y2+ju{`lLX+~#t%P(|R4qbkLv|wdST5~Jy$ezTOPK|-7CD|<8GP`fAivbNgPyJ26EkIO53Cn{FsVBCev&1nI&hY*tIfUHRz5rEkm=r}^sbIL$NF?tkDP
zvz61V$fYv8iT30gur8+s@S2hMUe3;ayPT9>Dz9D$MkZ0|Ww&Dk#0hjZpo|uch
zwv!hRJT_Nb!NZ(kXgSlg)_0Z!Tt&eI8l7Jr@+Z-YQoMd%Q1V_RSL{MhTefF#osLN*)na%bXAq>
zSf^wJx5{T*9Vd%T)1sT@h-2A|E~8pAOJIWc
z=c{V#pGAPywD-%9b^Ja%RpO^1`QZ-14dS%FP@?<
zTI#w>U39OLjupf9AC5n0ds(lIKE4X38(J1M2VDPM;^p{Un~-1z_rzf*ajC&vS&n;7
z=jgI2C8PMuwvv>LgZ(V+IRq_yQD>7uyI6#3#SQrfZ{2_YY(DYX;<)eB!c1*WDox?^
zD^FTm70D-aNB81PJ$iqaZH<-boes2yqT($Pr`DF4d#nrz8Fjwmh6uf|$vh-Wt#6Ka
zfg=fc1q}zuT=KjwqrN4%eBd3o>9(9Dr%@4W>eaO>{b!LxFKeBOB)%9NN$i_tM-qGR
z-W^Gdli6oS5>L+5En6;H3JGR>p>81SV8%x;NRC8h=PxrO8cW;}z$e&p>HtNJso2-W
z=Y_~DbI80KnT-i+>yj-GTTglaw8|+PzezZ2|sQ?
z!lrg3i4W3*|16St?_TT3%u`BCm`LIb_Nt8~
zk}3w_iX_f;xb7OVu{Z=Gi5pY}fjClWhVJ0$VLLd@(V81+4OOX#$PmV|(XS4F`ocuF
z)Qe52Z@wF@kDoc>%MlK#U%f_dD;US`DLt!51
zWKLVll4JGC%0b-A57F*NlKQk_jzGkJ{N)N@0NjIafY
ze++6&?;wF{=0qScB$jyiS$EYc=O+wpNG$O~$r&6=+!n6*3MpCBHnjE1q$FxDyKJ=q__s_D(*nL(r{1fm%m(*yY%*_a1niSKGpqzcq2L4hjkr|Bv$4XyG9Ijopf&T&+ED^=>2)%s3)#C|^;
z55cyiojBqIwZWI8kSmUOA0AM}5qs;Xqt)MMuooT1u&&f{ggAJeR4f65piK~&`2GvM
zp&^~EmbHtb!hlk$rAJDD?8REyW*sf&IQ2C119TohU)KD9LQf>c;X;jPuXRsDrQE}tMQFYB@dHlsL4M;~
z)+Xo7RYl&mi>wYU@@lvu586d;qX?aH1V1|Zen#D)C!P4T#?}t5hu4PPi9sJI+9X)2=F>&@B)d
z{95cqbyA=1^tR>tc1k;9pFysyMO3g(=Dk^iqb_N$-}}{I`i*7Sf&}Yg)K4+XWVa%q8MJOiJNM@TQHCq%
zml>_QL)JOv-@`8u<8U_0vj&Cgn)G>~hN-ui@|&gCC30SIgzCB}<0LTV4%MCgpxAtu
zMQ`Z2r9326sNKY0-?u_`+Cjc0Ueru`MW;DKb(_Qql}g0c6{>q}xtdk(P~AG&tE-Z*WHP&JCQU)oN6)7i-3}*0)toN+KV_RbqapUuHSF
zjk#ZR+wq0T5o|b8V)SJV^`(ckz7y23Rr!QiDe<{paR|;OIf8R3lx#51dRY&N%tT+=
z_`Rhmxk_YtN+GN>GhAb4NGh+8Ck08_Wu{zcr)<_KSb#b}o@S^Ydr5Zu3bg)emyW7k^fuv9=Wa#2#zIlU
zxnUAgB;kZG2}*H4uGVV7lQR6Zz9-e;Ru6-UPiUK3y;~W~prGd`Jpqf+PsO*et}ue?
zej5u)h*ARA*hyQ8lJz8(6Y;O(wY~iTD^kmoELGaCB*?K>Em1|H=5UK!x$GQN7G0@b
zf$RI4Hi?JQTMkS3m5=C>__HXIT9OvLp+;F({go_K(vsQ)`SSxqk_`Kvnyh#Wnku-)
zpA)O+osRaDelMC*6HB{>QOS^%~&uHv_7P$Pl);cvgReXx0
z%C{e;%88D^WxX8j%L9)+XouaWvMW{`hS*LUW&x3WMX2m5wJP2kUOhU=&G1
z4u}RyWu~K5wH*2M@O2B7b1UxA8PANu;r=)Vb3o2Q<>G>Cj-y257I!=|iH)hQuGY6#
zZra(VvHf~2EKzNHgH7Xoy-QVtSd3sx$P68dP@{GpCR))rhwXOI=4Ff&(96(iR2q~z
zz)t-)b3Q2bR6F(Wp{Xr@3P|1-n))fJ&X|Bw`b%pAMeYeL^0X~5D>St#!4LGuLUuQ&E|V=tpC{@|TG#$`W#m
zTRKSC!u8Z+7gU8G3wmhCd8`>oJ`<~(IE+BzbvnWcH{k49a7%c0(RwhUk0t
z5@TASHn6tvXT`ki%ZbTa$CX?T7c^~R+??(~8F#H%gmw?BSlxr1>nq`kRN6%{LyIg4
zS0vRgagUiO&)K7%(`p_0>ty!*!jc{Oe5U-6y7T!=w9E6>>^F}d
zIlZ%3dLJA)eL|gb?dLPcvMIsW1R|&TG~>5KPUY!PnqDs_T<7zd#j?Vv;Hi0%iO@%-
zc0;JMTp`pQ3#HMl&)62t3Jsh-p)xoFr;nix37ld<>IqHD0PmFTC8Ew|u353uGH27Q
z)a!MmXxxbMpp8%xuxm{XM6hn?|
z#Wg9?{5%FkPZPeIOyaW%QGo#K60xmPQHDN-YB$@=W-YALQWYEF6x;4OwBtQ$^i(a5
zcCJRER1)l3!`32=DNjkU8>PDXEbHD8W392$*@5DI)n-+KqpJTs<&qg|y%=}5x{r1A-|)GK9`xc&DzW35WuM{>y-YwgJa=0A?L%F4Z%80RYO
zsw)EFrX6(C480bcZaloY)oSx#3GJ3mLQwQIyUM)oh`x4~Lzg4^x>9_Nig&smlzgH{
zCXOrmiqB3|+ocl+(KVdA*}NH))M_Z)>!nA?Erq%Qap~ZD0tLYDEV4P~eUFE&=G0JJG$}Wo@*8W$S(RE8yCLEw@f;J~d
ztoAIc3F05V@YU)4pQ@{xNX5Z1K}vj7E(Sjca1R$v&0fdg1{KM&Q!gYnMCn^4OclBc
z2E1Kh0u|%Z%y?}}Ao!iFFRB|Y{s>?DVC|k9N!-6^O#Nn7_PX1;bq5k)d-Z
zx^ug7SkH8de`D;|$pG?xdyHuer8vpZ`iETYs{cq5>&s1v5~`CbE^$k=pZOFQNBSLV
z$Ja5|u7b<5@Q4G93aGR}mQ3@a6f+p0gO^wX=t%h5>l}BplKbzbwBAJB_%d%pp7Aut
zu;XJ%uAYi+q#07oER%KST^nz%^;si<5E@uXcNGfw?k1?}f7Rc`S;(|dT*}uI~OFuzn=kF`n
zot7*fC^fjmes1R5FWY|l*j6R^E)L1}u9j2&3yA0v3FcNhj%yUb}rOx5P2zIJU|*j)1Tmc
zmsGx7eNwbs@
zsA!uEis2QRlJ%U+b=J|yEZ!yxK5=&ETBYd|#RBb?m$|B`p=_gB&G+v1^rxEF8Yt|G
zlIdIeW|vJb$p|O&{jkZZ*3m^}%ViYJu9m5KZ@fWmCcp5Vlus#c4O^=IVX^d&)-pKz
z_4^`u|EYQ(h*7_*KU%umDj%8E{Ad_!WAr((G^op>Q(4#=qxqlZ9L%M58Mz$`LO{3E
zS+yG1Q8bW0kaUeC-5WM3o}`0QLyL5i>jULF_s6$4P*zr}{+068_WyKLub2N{uzBZ2
zrGT%3E-Fpbxi1D(vN`CwrJE|Qn;tKHBexq3wKGX?4hbPmV6VP5#Qku)8uj0-3h6&h
z%0UXt|7&W<$_GAb8frbWo69WMQbcWn5}%bzx`U@nGt573YDEdw`?KBBZZW0Z6DsXz
z{fJtPwC7zp4Vu#a?2x9P4-d4hyD4pGsI+Gs(&jm&r8=Z7CN|>e>3(zid@EZncTaD2
zNV~ux?PP~Ec|P1B?Kx9gRj9P%9n$`>(C+D557_S;aTgA0xu&!+q0(N{ab2ai2OQGw
zK$?4J(`C_6nKJ!Dr_9ZibDHOCG6)w-bM#vJJ6aQ%0(!t>!xcHkE>i#JkRm@W2vbX)
zoS1YiPlgtGBV3V3>>_!gMeYq(WTsu@iqImH!WFs1E)q=<-_z2!;J=Go(6md+I+sS8$TK#v5oNbcR;L8AYDqr0w7m~^}N*7O%Pv!b}@|<%0`h8#Z
zeeBAob8eMAe1)|?kbSlK$oGYa^^|JgQM))rs*>8v)Z3&XDxpj9tLoZvNp{HjPM1|T
zSj`4B%~Il$R15XZ6qTa9zy%MfMCFglm#aM1s;APs+^!bB5!5bAl4`YeFNq!gC%(^R
zw=KtLExAnhUAvecHcFcMHL26Y^ovywA{sALO)+!U`flSO%L%tqesmdq)cQt=OtbYp
z)WlSSAW46o$@as&mUyo|INUaGCEz#&IA_ELDY{2Z%7CPFB$=jrU_BPH_&z=_*dZ1X
zbniYUaPMBn8#qn|;w@e1qGQJ>`{qGp-xXp;MBd5=-ac4c(Va5u<*|wKfybGbX3v)9
z$UUk$GnBJWYk`lozRj7WN>cg2sb+zJwv1OU)nfaH$f$D2@R~9Lw*023R=1+Ul+aud
z+=^Qr68Z;ASYS(-Zc2DQL_&9mgysz0k3bu)uq9k-O2`V4@F{n&wPI?0&s!4IrU=y>
zKQGXWC{se;5D6{_Kgjn(|mHYBC@1gTB?x3}>7L8(3M)TcvJBkk1E(A51i
z0+MeFP2FXujt)&-XQy63s_z|Q7&te1=0sYkAK+WiBtIj-!xj_dohRNh{u2WLTRm^=T_xllc7W^2XT2RC9Es8zDMVafEa=;G09~e
z*bJ+0$Sf=>DRUB>_K$`*6moZLsaF`-cf$S1SwByvsNp2qukmO&B)V>N-gJ>
zh+6c+jAhC~13D=q#3jG{puT8cY2y}&c~P>~7w-@nDK;DI>s)^pu8Oph&Cy}KzVA{I
zJk{IdrMGJ(w&Py@O6MIeEodoAJp2de4}=D;{x0Y$8Go*`?aO))x3u68E~KT5uPr%L
z`Y}DYoazX-wUl;{>-O_M?H2e<{H~*bGeYgbmHPPI8btYc5V17zu)Jdt>c%gF=m_-X
zcSuP7u)_yalU1&i-_;EiNYD;ARat+yZcDZ;^1xl-yID_>ZLd<1v&VX^DeL(3CGAEyvI=!Uv6mS3
zaYu@9Y?!0-ZjYyGDRA8%WxcXG!D!PddsOAOE?VUGMOyyVW&ZIO4KR%9UB>O=LdQ$g
z`+l!?xxa>(bC*puEZECyoZk_sqgq|u?RLeWbdKd0yLv{BKx^bjp7^>7M}zD*RH^-A
znh)nlr@EoM2I
zx$Fbw=WET+waO)nZF0v&{phuF0~_S2ilEg>U>S%=e=pIUYb}0K%V;N?g2}U6bDq
zm9bGOspAPjMoUJAmu%jYhKAp!dd47*mfvg9p$UHHd5&w6IP8P&N9ax~MLTTB8ijyv
zMSZH0zu=#P)DVkES|)$G!S^BOiSlThxTG?JZ@TyPvC^)WRm8kUMb?e^(q87VimiL)
zC@Y0(ncIdTH3^)S9540XUCxueWrhQN)k=B~~v#
zLPp0?^|8;0=Jh(Ervx=9v;K>|O~P2QxbOh4V{FZphY47~=&P>~P{LN;V+wQq(&GSJ
zh;x35C&-|QYbjnu@fFUYk>5^}*iHE<-hM11Y*!3vW(unxt=DN{8JsC3Tba^yoqA8U
ztMv`N4cI@gM5HUzRQHQY)zjn@Av&ZlpNIJ)Nz~K;H^UWD*+;U~Q#z^V_p{NO{BUMN
zQiOm;EA8AXd!5=u_3*DRj~)`=y~QVeVp6!&WHI?}b!&th;1v*b0A;-7-z}
zm9ix38|UH^(M7Fqr@1988!e--%T!N=Sb`cL*#wS>Njh)*uB6w0>4*oivV10UUS~o3
zG3MLNVrsmv(V7>-MDqe_ONpuAjeX~_%OZJd-tkm?t?%g!q!!QHY!v)~tmgQ+r6`lg
zVOOFYyXr(lpc7&QG)Il`yQP5^VtD*Ev%cJmhWqZV2%M69Pbl>$Cs)G0*7paAZ@KS=
zV(xmj$cfroy<$Rl4bIJIVCQA|TC|-ZyL;2mbyx4j|HioIW{j%M%(W9Uv%O0|rkR?7
z@BwzRDw`(D!O~a1#YpSQ=r5(Sf
z>cKvIR}%lUe@(Su1|$D_*^5cO($AAizxLh!m;}Uq%AUoA*uSRQ?kaODR&WHh-_1mF
zuNJORskz0am!K7Fp#<^D_@jb$YcEnOq-=p$?`ZK6S~8HnIffvpsy`jEArH~XBedck
zI_VmHYv*FF)M4z%w7WVEz3n%uKipZ>yEv(W%}(`{TAE2_J!Z*b)|+F
zpDjPk*mOMcJlCFI&D4&vM#wm=(z~#hq`+V8++$rSt|^opbL`J4@_DBHIaWSTv_E4_
ze1C>^P|6DC}EtAYP&;J+I9
zuLl0Bf&XgYzZ&?j2L7vo|G#QLp4#&rqgy}BGdndaGtDz<>~+_A(sHI1%u3JpdS(^m
zdp%RrJ?WX=jPyKDYPKgeFE8~@PmX$@Gj(SAG_MpaNGBep{v{SpOHWTrPxIt^Q>WdQ
zoH;Ag>&eXa`egUT$A#?y;t>7^8CG>
z^zwGDOFh4=(e)iio@KmN{y*?qN1J|2J7&|?{bt@>P~QKR*Fwt8&JknE&&eJb2LY?_cxwj~}dYU-Jo@bdQv^v1=2P(;Sy)%
zdhhh4=TA$`P50!d-(HZOJuO|Dmha7@U&ip%v?HV%M&!0u|A8>CGlH(g2Yn7MGcqWB
zlKD9gmhi$zGQ}2Bvpo5kg`Q~{=nEH+m+!HhfybNU$xY46PxlmLXHLsWqdNt7kr}Dp
zbgpOW?ixC`j94nV5a%_ifReYRXG{61=`-j$mr=#Eoa{7DMrzh{PtJ677G9{*kCoJ}
z76*H#=M?05(lTdcdhG@){fmBoL-~yKLd(^2Q+K*IH8ZPUXJuUcFR{>@hau!-pMOV2rZ+u5m$_pauyXa5
z^UnCN)&J4^t^OZBX!Rd5d2wB<{}f&~@>1^fnu4x(2$RQIu3J!gKlAelIFVP-`oaDqE9VYt
zH8I4&PVD43sJsKyq0|z*{?~z)4VVi7nYTNeL)U$
z7g5%p%9ze9zk0fw-9}!z?88uiqZk{f%+#!rSvjfRd?QhIS)S>6IkVJ8jK$b`R
z(kQZ0t{otIh6^vkO0Hy0&<4g|WLp2s^h@l-;RTtZSTm2A9&e{R3L_*m{gRO^JUMxH
zy7O7}9f3tW*m^fFH80G3a!vl-t^Uvd^!4T|+e>G8k`50Zto9)chGpJk)q1V2#`YQP
z8HpXR+h$D@t5f!`2Sx9xJyQ#&PfyP?jCSP>%T7zlOP`)u7$n%7Ufvv5%gh;SZOK*n
zWVi4?koQ{~nwp=Vp6B(*M$IEeo~|t@xc&L*)_zU2U`;lCU}2gd;SSC$o(oL<8ZKpO
z?Kv)uyE8Xkc9Z{${UpZDDM+@H)7AL{Sx-LF=0Dzi{T`mjYaXvb=1b~xG{PL~ST&QJ
zqu;xaJKKD7^rigNoSZCY-ob-&a?{yj=Hv|xC&;6OQ?B1rw1e06yk_!R&1(s-;-~ei
zeYuxib|k^Cu5I(b#p`okKl8fenKu7fynZlW!Q+^kf2B4&8OA(3PG(+uzPTw?-8672
z>4qUAWNmEe!)$CMb81$)7{0c5`gHsHHvebOwfWn4o%MX1{{=o5^FCQzSibja4zxK1
zyrz5PZC+~jjC8|H8y_|?EvG>02q{Ees%`Bw2w7^+_soVi|L{Mz`Kx*L=KXG78+e7b
zM^)c$gB+>u7C91*)E>zu4Z8KkHvdmAwD~hOw)sEhwSdp*yhv(C4;K$G)#R=hd4Uuu
z%)cYmud>sCw_j@WZ>etczs+k1@0)nl@sjf4brPt>UB7fFkR+v#T))oV&+u%f&P{Fp
zTVHPT&*F6@pU>rWwDP+0e#VJ>zf;XCZT>yHB6&ZM*J-?tR(`sy!t{UKt8MOa+x)Na^1RmOU%_hfUd@~x+VAl7E3e&tBaYk;yB&If
zj?kLW{-D*Itl8;f(%D5w$iOv(I$B{3NmzY`lxKGy=Sj~_bGrNAActdSTC7zzPR`lw
zijX*p>_Lyxu30&=(?_e|&5`;Pyk5;n_v%8|67b27?GtD2v#dy|vnx0EGiI|fC%`Gj
znV!dRTc6o5v(uIx+vLn_+3+ak@xT9cU#-hEnES})D-5HEm-VmVb;GD(xB0~|!)Sot
zLHXD4re7hGtNhxNTS*t8Le&cf7TvZNctG(oYU`|
zv>C>=ggnH|jPtLyf*|K#n10@+{4)YqtP4l2N3St)9`WOGM2hk=XJoUlXYTef*osS=
zGT52eC&ea)qTLC(&dns=MITa-v%-#G1obiOzud~?z#)4|w$&)m75
zv$OkndiVCEP7@Oni}|&{@1HT-@4t}OLSCoxN;coi=l@%;x2UJHG1z19M|Ee+@%u03
zwV2ljyiU8z@4uhdXS|B$`u%s!Gww1xT@6YA6k=I=d{r)$2HSoIm
z7UO2)7H#{E^=hn_*hSin$}R^FR`#iu8s)FT?X8Vz860I*a{lCg_Btl-jGH}19I-#M
z8t1y`u7}_wYZ0+`J)EqK+abs28$cNvGU>u)Cl_?N--}eNQtV*82U|^LmI^$7kpZ
zuT$3f{TK0)1~}@M00NR_u>SMT{1!Qm&ggFFI|FQtrD^+bXF3$&37)j^lb~tdaiL?
zV7>ay>z5it{%6KH?sk9vF7R2e7yU14N68_}hqeAVjoO*XOphPQts8B0I#pl4*m+4c
z$;^MLb7Y+nBfCD^jKkE|-&x)nF^V|zm?3e!4P!?nEAW?x{YkuUKEKtU3*-B7uLE}G
zAwz>N!nl~HkTc*oSOOn}YvC7g7wk2!)gQ&QP2g`N;$g45Tm2K@23QEE7q$AUU>tu7
zvI|cAW2?UzZiO*@4dY9mgp7w{cj@*wSmb02E;Z-B#Bw)*Sglt(Csx9H9DtFbVFd$K9;V(!Zp!oA!V
ztb$|K(oVQ~9ql@wIrl96f%460g>WWZ0hhwf@Kab1H$K8jIT)U5auo>3ClfGh{;1pM+J;wysKe1`dbeN!NV|@e)j0l=C6Qxa05I9>*3mC+Wal>9au*{55Q*FITCsF
zt1pa)qhJc02`A9MQdkH-hAZGta5KE8W1GJLu7k!UhH-f(+6`C2WVjh-!Fsq9#vI$`
zUk@wb9=I1Cf+49|uQ3FPsf4;nT1h?ty#Y;LenX*TJs*b$gHB
zwfTp_%i$#WAzTFeMH3T%kHcNC4*Fo>@ooMn_BQKaEc`o6f>9?B3xe6O1TKPW;TpIL
z_U%Hv1Wt$1LkwdHjDtI13XG1S-7pST!ufDBdWm(a5kI(tKeMN
z`6TQD#=;sn4>rIGXz-;*8=wc)!2~$;Wb6uN!y;G(tKddh10%aq9*%^@<+LAq;8vIf
zV^5*qa3U;$OW|6$8t#J4&`E(}Z1vkJ+Fs3{GhN*BBEP-3$=db~`L4%XpxZg8gum&cSc`i6JF2DlU&S2J%fLf`Nym;g5qK;N*(K;|{P2(E!ia0grs_rdKjauoZ8OVAf=
zfXQ&&Ap9eoaVhf>&VkkNQ@97F45r>|n1|2fmbaP|$@H(Uc3!H?k@_`3<{3oe9BavetBzImS7kn0u
zfWN{Fn4F5<;Qeqtd1mEsV*xWoQ%DI5mZ!?AETyd5^d3K*TvyoGV_TbK-w&!ap%4=#mw
z!3}UX+yhU_NAIu~>^j{rZh`|~4jc#9Kreg;R>Ch~HH`359-a&j!6evq2KEmJzz5(s
zxCMIQZdeI_fz@zO0p;N+cnD5{T{EyhH~=nz@k~l1ulhq;dk&bOuqyF
zoQeM6P>@*+$2K&JZI00^eb6_1@37g>-7&D7`b2sH-1x$f8Fc)@S
zz&Z%G!WuYtA$9_{z^H8Oycj!!qhJ#B!VLI0EP-#pwXg~9g8dg!9u~r=9OfmAh20iY
zFPsQ-;XSYdu7?|-57xn6OK3MNg0nE3!#yR-k=9=hE;H5Ier&5!F{mjGUi`C{eZpT
z{cr?)52nE$_u{uWyFxHDc9>CsUN+tS-K3D_qSx$Rk9W)Bqk3bI`
z{viE;&##~!_$gcjJ3T}_FdpuJvmd4&_&AK3%{*PjxWoC6pntf(3jM*pYv>=$ewy|{
z&pPxDTh`;(?l6o~pF{6(0Gt3fJdgh5^9IHnu6cp+f)~GpKZL_KQLd2jgoEHaZ~|<8
znR0OE7UaWQw~_Bo`n{e0z~mb2310p>_5hc_4RG}i_H%G+Eqa)PzILGpm;e*txOXTA
z*TNFm{aySOoB(&jYS;{YFy=1Kue;F$Tn1BMhreKluo70n9q%z;Vf6dVSC|Wpx%iI{
z7%#XACc%{-Q4ZF_3fOfI?S;8;+&shh(zvETm^T+t?)~@7q-E}@Ql5bznk&+jCR4A2ZU=e%=R>8Pt%EO!C6y|jaOkm!wmCtY&EP_55#XLLdd&Uj+hieP5
zYgh;Oz&(uXA$Ul}`3L+F<90b505f1TdMJT$a4k%RyI>ad!KEg!W#5395%o-
zXcVIt=z&{d0{jwAfl-HOC+q{O;1E~?t6>A&2?@R#gMXwvoDCD;gK!Gm0~f)`KT$ut
z9qxt)U=utHqtXBDpJ_j=gvoFl%!2!2^b-2rLOSdZlVJ+Xf_ZQ$Tn*R58n_!az$V!F
z-<1C&=UNyCN5W)S0<+)?a4D>Z>tTmqC=dJpioW5kuxknZg@fP$I060w3*kMj*eP5K
zx5D?}UP*_CVSF3*S;~43hr+pV68sz%!QOuSCL9BIz&yAQ?toGE;0L(75eJ9EWVjM$
z!8*7U#zy%4>tP1m4d=rq*aoA^SYJ9&9zG9~;kPggo^%Z5VJut^N5S22CTxOpVDwV@
z2jk!&m<&5dQXbBMOJN0E51)d&CA}l%p$A5n+u*Y$Je+E1Rm%^;h)C=#2yI~D%f(Kyqz34rfdSMD22Nyyw
ztb~NfltC*
zxD{5wf5Q!MR5!{)FKmV-FlIS+0OR4cr=vHx8hYWkuo9-7f!<&ZY=ECb<3aoY^uR6M
z`E63T^Y?sfDBKGd!IeE|H{1_*!Fzi$-tbEp{U`P}f1qA?0H(kZy=XTa11sQMxB)JM
zb+8IH!;LUz1$sM&@rJ|UI5-}9;dWRF>tHo(gL~kB-q;Hq1G_$C7=MHV;0`zrc0HH!
zFsd*10#Acm;ni?2^uoii7emq<8
zuwncKj)0vnKyUEE{>&3N0~}Hs!VFjfAB1b+I=BngKp%`BguYkfhhaQSgDG$h%!Mmp
z1>6KTz+JEocDR)Bf`eepqu3vehaCo^Z}|+pa4oEadtf!3KLmZj_uyf8!cg>G#s1(j
z<`+B!r@+pa({C6Ht6--q&=>3lo8U|s{g`2V0OMh&1lkS9z+C8s6)Y^SUT_zj1fvtN6L=+D
z1y{kX@Oiiwb{fh2T7%x92hN5G@C`Tx`d|_CTt&a(wXg;*f(@_^8c!l8iSn>7On^h-
z6gV9g!4mWq^l_pV<9)?j3v+mV@6>wuqRA|DR2>72G_uk;SM>Q(*>N3QORJa4kFlcfr0lF<$U4
z81+2oRu~IEhDq>Sm;sH6l!r6mTDSu4g8za(=((Blf2Lj-3vYr+@Nt*{lP59H;C8qH
z?uB*mTi6Vz--6yY&<;2Vz6&S8s9WhbOoXf8M7R|e!o6@cJPe~JW2Y}*pD+Rb31-1f
za4CEju7{t&-SDI-_y-sZqc@@-7zek*WcV%2f}T{$!xWfO&9jLx7sgDbKX5o~h9xlO
zCG-#DVR9Pd4*R4t&)^(b1$V(3_}UEg2D@jVw@rreI*f;r*_4B?!a|tfr5v0JYvBFR
zcp3dc4?F}D;LHN-6TUNtae|}nVw_;7xr`I+UQ9dT{w3&nGk(4VJ;MWV0xT+}KDY(0
zfF<`(A3ULqeG2@1DSCQ^aazWFguCE4m~}7X15+v(ADHnc{D6FZ82!Qyk5Fz4`!E;>
z?}y3oTbKpAuSUOcE8GAps+bS3{xSObD(92O=_l;G277`hJc&KQPV3P>T(W_A1V?P7
z99#`s;33#;EB5jt{e&fO0*tMuz3|jc_$|2fW$XbSfK9O5X4<=rdSM)#36tScm<6}O
z^)TfX{0+Px9)fScuG`rsY{yT+s@KU6cfN_Af`?!=oVOFZg|F7K9=~Q7kM3ezu&Q2f`{O0*!6YxwQvBu_I>OKE`wh916%>)>ljzq>m%9?M?&Kb;xo_#m%#+M9!`Pp
zz#_O8R>9~!*e~o08(=at-eg^Z9+(Rg;C`3|JN}h+!(MPb91eHGG}r|1h0!~>?*rrD
zyD%9ZfLXBf$CQV?;CeV5?uJuf6PypD-!hDH7zZDP$#5IYf`5lg;WuzSG(Mp`d=NIt
zXa057Fe2uRF(L|MBF>CHHmV|mI=SARSMJus{`hNnb3)9>6S|G+^1C~tii|7H7~J=w
zUOlC#lpn#X@K~Ptf!05{K8aTq*X3TX^-pAac{SCy`cIXMi6_J?>2T%ookmkJA0@q#
z*O#Q93C^3WFX{b`P`;A%_#>1Tu@Q4plGTVE`|vGBgmI>G
z++^%JjA`|s*8$(}e}s*XspG`rV~#nygKCKA`7rhTj2=!Bfz~)&ZMU;KG6?vHIZ-9O|AZm
zBgywrP`+~_mB8-g+d;c#-qPy7$9w?*O11DIbaab(35DIj-{B
zU?sg5>A#T9R?;rt;qid{5u`7f(&`^bdu{n~O2NIjR874Pr?&ck=6&SJj(#u>9U5)D
z>?PmKsjdEg$cg;-!?r9LFOMECX-_rvo7Uco;{>*CViZ^ta`fijVWj(nn@&9;6HlW%G^^9@E$b>}-K=9obHWV|NaZpzDb
z=X1(SCf`rwJ4576bmWtM9B0e(lF#SmdpD$gw>$Dl`@Xi@w~Bn53iyr=kvGYm@0b;~
zydC6|?;oEndYK-SFT>VL6ZsbMwc5#&FC!@5X$)rC{`c=pYv}3+qK8y5sNI%<|
z?pQaLlD?bt(a!V^Ba{H?$9mF#Azj)Tkl*1wl`j40PCqx^-Rl3C_mR_A+IeK0cG>MX
zgq$fnyPe{ab5%f28geQ~A1>o~p+k&!o5KFUOHSm-P1hrI+-m
z``h=I`=lQan0|1rqrd3I=?AwWr&neBesC}8S){k;2M?28Px@$AKSu=m*}XI4^QZ8B
zP>nz7quNQAaa)g`myy1V{zU$3g*|SgmL5|adCXnMG9r?15BUzQHvQyaM}KA99Dee!
z$a~E6YZp55iM=@dWH0(9-^sR7{KlE?e8;S@{Yx_WHmxz`^>F8N%9HUL$KMbrKN;o7
zC+&0i$yMYV$=?_#KY5lTpR~{6CwGvq>ocaG?Cj3x^pj2GyPv;7P<~PZ%hoz0cHr=n
zT^Wal=S@F(YEV9hpKSUadu#qypglhs9Zd|Topc$exzw{`gXt&VbBw3-&*3M>A;TOsPky0T
z`9c4mZ2il)JN)2?$Ps;9Vy|Qu`$~*l>J0y4JXG>|nEMtDQAkK;kapZVO?!-xyj}t}{C%~@@j+ZHT9hzYH
zS?3q$UifQR)8XTHj~fLa1MW9BWD&zU?1a%jU8luybwYrr-WZwBkel<1$MuRt--1(_2QU9su36@KN$Q_j&O;z;hyty4U4I7h?qljAk^ZO*OkhMzIF
z=Ao`z;4=sQ#r9b4m@NZ;8{BWq)`I83{l;t?c*F1g$7DbFO%-_WI($SC+;2=qfG-92
z8C*I(WR~9})ac_63>0=x>dGLwges#o<
z1IbTA`Oxe|Zas5U9bvpb2R^glGfw(UG<5TiGIzH7#iV`j8-4t%CnXvbpkIQRu-4Bj`&
zezbr;1dc=AZG*9I*$UnSUT(}~`8@~Vbv;!1S!R4oEk?5Z5b##SKf&b2S~m$?e)rao
z&jH_Cq5X@&cY({fQXFSvp0t4X-i+%~li%phlUDGN;N|)+=gt`PUvin>(0%v2b;xm2
z+W^jd>fICb9)5m#7y-Tp+^?Tgz&BRl^T4-(`;Fr=@HfEy@~{?M{PD~7Tg^OJY9l|4
z_qKt{--g|4a@ogCZmz_knA6xp_FH4a;QhcaHDg$6(?-sPDEQ^zetn38PX<59EI-Sw
zKMDRlaJl{z$C_)89IFDxashaEd2ROby{-@X5v+Ev%{Cy;Ts$+FXU5^pgN!pAxo8C+
zE91Oo#F5v6C%JLD_QJI=z8`*LNt}e!VA4<24j;ey-4D5t+?n71T3C`ZbAInfoPOK<=XdYJu+I$cH@`=K-(G=F
z0bdO6H#g>i&jk4O
z-R?iXmLks3KXZOPXTnJc{yud@XncyyRSKsRx}h{xHSN?zV3PxGeA2zA4~w@RQB*YAF$6yf+VAwr{h^We&LqBm0ns&%pP}?`cS$
z1s?<+Gh^@|mpl(X6?~}4zvuQrU~uMu!_Cc+@eDHzKDz>sf+xWJau^4n27bI5e}-Fs
z@&NJEj9)UJjXm_PX!uiz@2qv-X>$AESu=McPAmK%t`DD;$~;wv6(4VMYn0PaATby9
zw4wYQybcA8dW`#(32;1j$CvFF!l!slSZcz_I%a`4f|qN9JV$Lq9g=U6=cp&|a$}$`
z!Hw=Yss(X|;I~Ko+S(5lOa*t^daDtKZAEdh7yo+(J_nn}x7wcy%9><*d-ug}nc=rh
z%B?k$j{tuXTwV_s`+KPx+c4gm0{#s6?IxGw!t=X~k%Uj}&M(^+m_F8RP7uk{;Maru
z&95wY19-foygDD(5*~W{6qf38gYzcX$)d)gHNSnsR2H(f8;-po50tB$IX0M?mXU$
zcC>*z^Z2iKxcw
zhL1Ck&oJ6+%;R~8^FDn1=D;%Wt>7z4+Ud^Ywct|<{_}Vncnf%?c`R_SulPs#Hpsq)
z!IywP?mZUncaMcJ@ag)g|8>T6@G5Y>b8I7c2)x`HC)=)Na14bzM%-VLZCnVR1NWOJtHIv@Kh7*~>|t*L-&Udg
zZt$((<{whQ!Ot&W3GlA}^zUy9
z{2*|@e97NE>K_ZWKT=90byk9N<(O>1m<<4T=FVTS8)n{T7;{JdF6c0;t?a#u%$5AT
z(EGs8FX^i~pe4_PzYOkoP8Jc|^MQ{u%Nx(NR7wje_?FkDA%uzX9&o
zzBS-)SBSp_{AF;z_U#4#EjTWZ-2Pwc&PVw>zP|_eTZ4y#%l?ls%j39~Pv4yWgYO2%
zGUvuOuGQy)?*sR{7g!1|>^9$f^flmP!2R;K1$-j7-|@5;JO++K*KHs7Wy5%@=SldT
z67ZPG$c=N{kATlT6?|kK;_z7mpRs0~@4Ick*`{4JP<*hr5$7L3L
zQkDNa%Y&Z*?w2Pq6nO&on`dG03oFErf{z9FYkwU48{mHPED3%Qc)4*3qt9vZ3&1Ol
z!+QAKR>4P(!%p}-10TO}sK!lDE4W`jh|AQj~l?JRj9uSd=j|d`K9>)d;>WiL%Q{!=jMMW__>H*Zl1~cQH_UGa(w)FJ-8fS
zKRyn89C#PA{xjYB8^DKx`?aqLJOb`_zGwzN0^IL7-T*!b+;9HwWc_~et8sxQ=a1j<
zQ4cQj<5zwh_^IF{%>EnKPz~T0fzLBJKc67;-vs^~c)4r#FnBZge(*}yiNg1*y95)cMQrl$loB}gZNjO<(+*<^&uU##``Fs}q`xST|d>**px+YG?^AB*pxflk26x{E;6a|08r~WXS90z|Gywdec
zBYa+|;3LPW89oL0`1NB0c=yi!dE5zJ4UWq}H;=~W(5jY!0W;L
zBYbh3jJ^E^@Il~yd2Ryl4}OGM-uQe%Gx*oR{pQIA@E+iP{o4sX5ZteS)uZrvo(kpb
z!H0qS^=};bNN~UQHGoIJ2bujd_NKck5=H-qp_xg
z`;AXM_<#z09JtJ1x&DXIr3UaiaKE)k`YeRc)CxZGILN@K89tZcb#b0q?z7t*_}{><
zFX8F~KeBuQd{h_z@?Fosek{0O`3U${aKGa)1}+ZrT!-VnQEpwx`V-&-!OP`I@)UR<
zaKCw+0Y4GkZyx8skEu|;06r4jZ=Ad0hJGmcWoS#e{6@fU1oz8N3_J&p>E@Q_=jy_E
zD*^rq`0*y^eYbo|=3p^=>Koh2K1Y+h1^gKB8d*S}6Gpk$+O6ORgZu40>;Vr~;B{wW
ztpfKu=L`WK2<~_NH3|GkaKE)|4*8{K`;E^OF9x5E^5t^W4`o7V|8~s5&*bZWVWf=T
z_ptt^@*w>N!tZJ1`gZ~NePH;>&tzuZ=My1JX8AXAoH5t2jPDKf1Ah?wFxg(sjkS3U
z_pgxyQ-1O|Sc`TotZQq>C5~IC@oaP(_$u(LO>U`!O_tvez7O0l
zuf6e5K=J`*d1H@o1bFBW|Kn^5csFpr`18p9;x7a5jq(^iw|~ao*;???75Fyr2A}rH
z@tA=AUk`o_UWdXs8ueNt_xX&y`+jHRISc$one8w>D?A4LUGQ?ptIYFs@K3<~=656b
z9`F%neB*v;C3x5F<#`xo>d?=D;FsfdXnNf3hjVX=wGQtOhtK!4&xHT%BimU!9(!c)
z>4n$DTo`*O@^Ae#gO|I8k@=M4^*s1%@;H!x&_d@^t~bxS>&+a*xv;1IdLjRIko=og
zh~UPs)Pf`1DgUO>a`4wm_`2fpEdSQf*hAaOK7W?w_kd3a$6@BiH-1;B?i_sQ0^INX
zF$Db6Tm0`ECxOpJ`J5Twdac;LIpFoZ+S=!ra5b@I`xb-W2kv)%X#sDnz+1s@0{1(|
z?*X3;?stBx!zN-B{qs9+ha7-Us=&kO-yHC+sDGc?e|gO9cGtG0@c95f*tT-Vh@Tyo
zIa&iQ4r}xMT=y36?%>1C^2X;@_JR+pzxDPXjNxuQNV(J{f$G
z4-X^cT=18{r<(C)4%E*!IoCnU;Ikh-QPanGwz?L)cW?hbZUf&kul)L5kC^grXVsy6
ztA*qB$|-I?&$%ynZ)l-?M^!LuVMt`Y>(9lpjacR8L>PP=__982?Za^F7ms^+{yWAv
z|DnFj5qt*N%cxKGo1e9jbuC6L`8VXA!0TcxYiaTLX#rmW?sxpQf^Psn)GTl0br1N<
z;1`+PI@gIG#(Q<&#CZ?=O5~+jzwFB;G8^g|RsQ|1(MS2O0rKy9om+v+zxQ=9_%UW1
zcugeRApZ{7bnr91Z5ZaZVJ&>-f4zJgrMEupfTw#<#T}F8!YO_|+;uSzjyaYxxHLwgg_g<9vQ`ocDki
zz>hZhRHOgM_g?Tina?{s^#tAHX~ZP?o7ebTC1xB;eGwy!_oe{!jJ362YjQcZ#=e*Q
zJAMuD8DaYH+E>Pqf8VbW{M#m%F^p%Y>*2E&K0{0&^)m|2yx#$y10Q4Zn^k{hzCst^
znh^X_lNGT
zl5I&LmN>usTnPhZ!0W*;!|USM%DT8GF6UD}^tS;%&UN@+oaKD3!}lXr^#z_-+)I;j
zW+Bc5@HW}z-y3mcn+tB6$6SbYkpZ?4F}*m
z$p^rd;MOJn`N@E{p}b%Ia^U-XxV+|#qW_^ZN!eA9;*lmuYS7Kg8?MhgdYt
zd_3&tqZ<8K2*2l~-y0skA1XhY4|&-*=^FoaLtxRV#KQ;R(F5@K0eG?km-&$6H5vVM
zez#!{PRvF=g2UAsEd6?-pVwc8xhU7CcMLyy4KzxvPhlAk^`&RDwf_XK%~<@YC+B=w
zHwDjnuJC`xFa$gd-VbxO7$bO?(-@iaN#Ok&a6eJPmlydQ@YUaKYY&>-+E<)oi^1aw
z|9z+yaQQbw`0=}t2`Bw0C;MbOvpIOZB9`J5BCQdcEvA0o&
zO^HE1$4nSy8j(NAPs8ibGq{M?bJFzE=RU(nu4~2~ZW47p4L`qJq`@Bt
z_sc~V{PPOs^WZxxlo!}!96h`IJ&(+F7(5DI?mk`eDEQeGcpUr{94jZoxA^SDc&?iS
z-v*9l&*jE%gr&jja4gAO7t0%a&sp#jz;XDyoEL+#eR=S=(f>h`>v1x!zeOBA;C)PP
ze7+(KzP$pEf^P%&o9l6w_d6Do;JYf6PlN9UKSJQ2Zol#DDNF7*K6!9CKm543RETzP
zzxgL03w#1T+N>XQSPr2x{@`_$#vlA}aKE)A3Et1AytDpe{04zL_YD_fLr>>GUV|I=
z4I2<==(YZz1=e0Ew2ZApEKgi@`)w&wSdlSHK
z0+)Y3qNJU-tMio1R{}mC;5y!KzNNr-fcxbu1HKE~Z$9O~KL_`_{wRRg;yV9Ww58a_
zY3{k9>t#5Xf|r|bVHA<$B{{-~&^BzO>+!JE154?%5>ZmQ6Z
zrQq`KK>M|$8V!&fTLL09#i)Y=D%&B)t3|hCgyCbfLrlk>7<~Nl6$bwZ9G9O)U)5fz
zGylQ+U+-T&4n6|hS>KAea=%xS1fK&QHREG$%hQpJp9WtHeu&A9&pKwo7l7Yta{dOG
zET0G81@6~=frn;C-r(Q9F!;sbQ8T{Lz9{%j;QdT){MKC@{1$M(_9wyTfFEg=H=cc`
z!LJ7|HxFe0vgGBCNvHqdGf>`-iy4@!;NLatH@+(u22X=`H@UI*5(QrZo-nzk9*)cU
zWtagBp
z!s}4#EH{R6zRw_rbz@umFX2;cgY~S_kucuMfiDLyX#?h~HQHU{#y&pDmcS}yAv(SYa0H?>v#{iZm4;y3$$e=!NZ2E0Gw75jsF&U)D(AUl2&i&J6W8FH`-uY138(B{^4uC!L{ExGG^1)_1
zjPEy$1F!mi`JBr54d8nbzg#;dZvwYaewG=ZA3~748T?%Ek~|srBpbjdfgf#_=bo-C
zzY}~4c)9y-$*b{D;979pZn`<*!$`^N!B>M%DB))~lS<}!DaK(7_>*`YI_yk0hMap3
zxpOapIFoMi%ugO8VU$gQH-az6YjZwWDK|z7eA?jSw)a{pZoDTu-1zzs>k-3@#UJLGb%{_9C_Mhb|jp1DQtUw)o;a?nQdCJf%{!APXV6+Uhdp0kC{yvhYP`-J>?Fg
z-8{&3_E2|Ec_rdpc!z(k)`L$5_nVJ9z{i98U2}(UavTR%r%NA8c~|riEjU=M(t&wQ(G{{LE)LF2}k7d?NVuW*z!Egy*v`SPFh=_)RhW)OCn+
z)hqkc0-r7LDc2v#TfsN`@G$ru@K*43IKLP3Dd$|qy-(|zKu+fSKT94Ce(_!9=Y*_d
zGI$L9CA>E4Fn=#-9(;DeXM*WtsdGvg?=1uG-qhCq<6vow;A8Hwk%iA=_muzr0~sR^
z{s#Ciye_sw<#VeXU74@YHMqxE=%3Gi;ETZh&W&ThH-UFC>p0V$JJZ2m1oxZ2jo|CS
z{f^(2;Llg!>%p6Sco=Qk0sbg>$vu+Ff%AzdnS<)txNnBfL1rI#Z!dX0_y^#A$JjXV
z{{Y8jhMQ;OKB58q$b0?!*aTh&KFBO@>{B(fyx&^80em>h`yCTI!H0tT-RD+gv-BKr
zzcs2Jya7CBwvXom=lTaZUJAa)!hE`Hgqs6-Tz%j^GfyDS^pt;|Q{d-=4>s#Dt}`>>
zmxKGwr5t#oLi_^wcPhm1I!B0WD#VX~-wfW(Y@e}r9RvR!xL+O<;0wUZ~QPzx*UfO-Er89IQKv3-;bWxVUHfXTt8$zO{ix%
zxO47)<&@HTjB|G!aUNgdUr!P|1&%utHwO2|>+zNxujj$xhRV(4FW|MA7wcU&MpvAm-hhwanj8V&2Y!J!hVi@cli)LOssFvk9Pl&1{npdP
z;Pb%C&9N}*Z2`Xuykt*Fp0AB_{ucPGfREpCvKM@{PaSd|_Phb(3x0;DpYr4NvJFkh
z<;&n05&WJB?iBPqGoE!%L5wZ%InIn>+`G;L{{Z}8lN)_l2EG-%yUDrtBIjT&`j7*6
zK0o$@;cgq`TsQu1&kn@t`Dpn#vag}Jc;*W3w|4deudPsi47gRH{B&?pfj5G;JyL$W
zW&2iw7rz-;8BzFGs9uLR{-Ay{l8Ss)d5%WWSj6=3z4ER>?a`&=f@af>&z$>l0P4H>{fu{~$3(Gp1
z!CS${;B|4_(T3~Uh7I6*!Tsj=PVimelRf3lHM4dezI&MVUo!`S*Ms}*F--tJ9(;sZ
zhw(j@S>O{YlwSybKDgg{xEg#cxL*!7fzJf@8;9NCv%o8jL)Y))I`RqsafpCV2ls13
z47>?^n3)6P_cRmWKLG!h$&G!s6!;c!zj4ffZv?M2j;-)%gOA_2Zx49&it@)yZ?voK
z7CdtV_nYrSz%K^(+l!n89tR(8_R;w6#T@Xt;C|Qoi^1oEV`XsXy73&c1$-HJN&Adr
zr4@VwxZm--2YfsDQD%JgNWoci>Tsj3OcC)@|oo620NG7Cslkrzc()*F^Pb
z(HX~W;OByu>q8ht_Jc>kugB|Rd6@_PEvJ5XJAqs+g3mATI`rW2rGDyTbxvL5Zo?ke
z5B=v<1NhP4<=P_q(gc1e_z`$rY>V+Zhi34e;C{#42Jk-Merxki@UMgWjaT*U_+B}<
z-!WGYem1z@F*gqUI&i;Zt^s@jxZm2|1pa++zx{(|@K?e8^0xte4S2cx$}m#86MQFl
zrR#v&J8<9fl>fEHK=1+Jetnz(9tHPXS7w2a0rwlDh2RswPci2J=A*onm2+e@_zdv6
z01SP8e)(F2)
zGw(^CHvG!mlg1nI`)}~|8@D8Q6ujJ8D(fnsuJPcn%Ql@;rmkPet2p({U=w0}2;XnR
zF6PIY=s3vy>;~`mWB<>N)ZU3}N$`GVdE;6BK=2{phnU>>EW!lvW57$+H016kj^8Zs
z^T7S)_(JeU!ToZz8hjzR-?i>0@Mpm*&G7duJSJ*
z1Fr`6Tay#u0=!%w!$2wUPf&lQH93Snj6n=%O+E`VM;{Avo*HZNHpKdaPhE08><8Zf
z?zg7(z6-ek_si7?@K3;xL9AjMjNdhw0=^%7tjWJVn{XWl?l+brz;6LBH71_|2&p
zc%zpa*L?}_Cw$r+m{sJZjSGOPTXq^d2FOdd9!KaquI-%jI0QB?;aGyxiDIo(As-eiB|6
z+hOc&Wx@M^cQ?85`K&y69r$G?H-0ZkEX1=qaKB?P3_cSaSH5ojGu$~91;436`8fE(
z3gwgFub*1}nk9@X)8N4o<-f}=bG_*k1N5ey0`mYH?9Zo3_j2-Z#);+0p1IIl*x_H
zl!flYXSu-r#<(B&UaT)i$@2R5e~ix-jRF4`_~RxwzOO$Wd@hcs!6rBE=NrNQhW>Yz
zT=(C2p0E=99q^LtVq>3uJ@|OUFFDT|-!a$$o&Zmn@%b4=xqeQP`3Ikb>*~-sN4jmm
z+7}$Fo{3ApdGOnfx%?-*4h=5#v)*)%iAnckjr*zpd3g@_+u-Mxv`0NKmi5T-5*a+h
zlI{7AzNPK?(0xX~7IEJES@}I@8D}8+UHdG*OC|r1oX)LW(~a*^O@iOu@H@jseRmpu
z^1DNWZKq@MI2)M4Ui=H5eRAs=hs*kwA1waprpB%yHw)L7b&8mEWh6^(+Q|
z6x?qv8Vr
zfO^(?>Iroy=DiO6>GyhD`)`Br8)W2N&fj0UpOx5+`d)pbt^KC~1lMyR_>?oDWZr5Q
zVLv5T{<9R$_=7J1e+a(C^47v)UMGNyw>SZ6jlaj|dZpiu9>1I1W2yQ<
z+}r=5{CB`*eRC0K7WhiM4xL{b$6BJ=E^`z^oSpF7f!A)1-YJe%7I9W@#@v%*+S7<5
z=T4P7raR%c>`!g&JLQ-zF#P10Zgs~ri~6SgrLFyEC1cuL9Me4bNAG&RqiU%K_OiWV
zG4=}I^Z!0?7v
zu6mu&sS>72?b@;*4JyydxBRzY3nRe=YF4s(^JMRHlE|
zgq(PCEEb}^SNGsEQ)Yd^mf~2h2A}@9|FeTl;LE`;Fmuhn6)WTK25$wwyo9Tb9m#8#
z;Q0K)e=G-r*Mq0c@}99wBlj!e^O4N$U?V4TEc5PIZh+s+f8rWj`t|YnUEz*F8g;JO
zSNs)_(Pmb3k9opMR%6W5`r@rId`Be|UpH{a!
z>u{)(;fHwEW;d_m5%jZDyYIeq7`y-;m313qqxWE<;9YCmefJpR;C0}KnB|QU4IsQHuy0nH};_N;Pb$5HMwyOA|A!Hb%pq0@crO^?T>
zM`Lex1AH3cgOPT9jD5|W;J1TcWODxImuzSCV_56KCzo*bFiG-y@K3;_Cg(VW@!nG8
zxm%ZZ=b2vU<-^=I7|-=)A;v`boMy)0-iXZ4HpEDPJD(wZ(uje2%+CW!NVI_siuF@G%wmB=FG{>YoEX1l(`UU3`G}
zEsWpSY`^i{fmW9H?LYWXpY}QXKgdr#_;rXMI;)pEmgV+;9>?(qU!1{QKjXPw9Q+z^
zzg#B46BT$G{3>w2zGhkeShN0V?)sJozqvwuu^hkWT!DwdZ>Yed;Maru_MaSCbn|nb
z+rA`t#r}iK{`WD<8^?7Pd{zaX2cHRkkXc@RT*^5X#1Dk{7P#MB34@6LQtm_G_w?7Yv
zbin>aK-_Ps_q+6l4zzz25L*K3otg=U-xClkY4vz3um~sTXG8WQws<{cH`?M^TRDzA
z&)#1pF0ubwC2kM=2b|sy_IR{|ctqCN9O|*AgV-it{w>sFa|iK^ZQorjHrn={4q|21
z9q>k@YR4ioEgi*0FIm}+qBUr@R*O%A_OGhNiqMJx
z-g>yoZmSm0RoNd_i@Q76c<1#F_R}53t`7E+j^ZC3RXYzm89HvG^^h&T2-;tU#DgJw
zXGpflX+)O@^sEz>1;o$UkilC5Z{b4Yg`oYYE&dt=-WRmj*kZNp&aXoDW?SUt%TGi0
z9$P$Tf5#`zsn^@T2#F^H_AXnj4fJ~37K<%=g)M$&*$Zs(mSuku5}#W3){uBJXoKzy
z+ArGT525E#IkI!m=>D$<#MM1u?qJIXeG}ET2JEM+#NPt;k}A<=y$|PqgzVo|iKlEi
z9xvH)Kz7^Ds385vqr|#^{YXgsAz(L##Acb==Ysa8kk}ZsUkG7nhdb5vo@IX=6n6yd
ztwE6t+ABih;h=qQNHmexT;A^|0r9FHtWyzYe!y-Hh+p%qvwj<}|Ao{9WRCX*WR6po
z{rix3+mi3^w(K9-;`X4u$d>)ZJ0Aq?4{VVP*>BlmNyuJn%K=rnRI_qJK>UTl>)#4A
zqDKz|?MJHcCl&2R^fz=GCZ=s~suHi;_6t?w*(%kOnbYh&9mQ4lpF4^toQc^O>anOs
ztdV2(TBt{+M*K^@TwwQjqeiTg)8Kb@kKHx+Yhrkrs_LXokr^dd$i&#}-|Gl%A
z-${meqm%v9F5>T<>_@wZykYHYG)Q~mlOOSL3>w7ERt#YVaRT>
z#rvUAY9#*C(ec%+{-4h3>I>{C;yN{Eolm!~7T>fl6iuAqU5DhcD6S0JF9pRP<&a=t
z=Z&{NkSpw4RbnX);SS9l9t-AxQLGgf`AZXaP2SQKp@!JrNGJInq(BrQmk&zvF
zCC~%=z@NyMcUnE3v}OBn&{;ixZHv$4%e#X;{%ngivV*S&dwgljr4@e*DAePzD*WZn
zKdMFR8WsL`whsR{yBPlNs$%#bRTabkrm7hJy{cmP+d34(|Dc0dD;xi2sK-kkM4Np1
zfZgLAB-4ISos4>&iTAEN@r9uHIAHxCD1L1P?+S|Fb0~TZ0i8Pb7nax%u%EExBD~NN
z+hv!K5A(m;dR+BPvcE0nC{}an@rwd-oPgF>^rQ$ZdvmZt0rxUXWdRa
zdHFB5tK*sWRpKrg$SHS7pmwl*W}w0Tp19TRg_FB+r(+{3V80d!JYd;NEYa*%i9Y?i
z;^=(+*Wx*+99$XPU>jEkM~pH+pSV(bx4IP>*Uiv#v{
zOJ3@{YKb>w!5x7<56fl4Znwk_tq0X{eb_$(XW|PJmW_o2XL9Ef3s(v2LUWvmon_s{
zp+WQNPPdm@;(|V32E_MmThlDa7R$cdmRDkOdFrzj7idBI
zWm|kETX;{X&x2LsxsbeGX|yw?!9H|?z2yd5;RM6QoeuVn6YLc%elpm?P@lzEvqJWM
zTimIG4Z9Hy`C*_>DkOe~V?8Jyl?};QeUPLrmi@DkcwCl!F4*UGTfF0(r&ot=aPlyW
zo%*@cj>mBVmqnYcJ|Bfd&ayX$#LKeimS7)TdEq+ieq433Xm?zuVGlLX2a{#FWw%&j
zr!0%)cK@p+Uk3X8UXGmoOG|vL$?qlkFwo~$mcZfgBTKwP(&^Hf`6}@j3m1(tMBOFu
zySC3~&LsL%Ksr0`51a&@*#~`G6tMF_b-|74f{WAL0r~q;cjF2eXOiI4D$ljY!(Xl;
zGgSE#RC%Nw<&k#hf*s|N@IA6=DeKt)a{bSs{j^N5x-LKXbdU@Bye#L?s(@G=_@>jA
zBUG%Xowhs}6zgRGBxRFa%kb$Bbi=3Q2^YZg%0Bnna)tgZB%YTg-wfE#*lL-63a$97
zE$$E5Z`$I=Y{dyv;556>gSL1SSIHsqk}QOyw8fSe$+#9np}*VWp^*ItTl|!Tj!=bO
z!JNP~e^6|fg>YrPBPjmNHg<7buD;V5Mb$A?2v-v*w80WD%YEFXR-fB~V!x$2)>ocr
zzH_fUqyH;#%&MUHjb-EYJJu1u3W~qWDTChkSKUlG-P{{O2>UO#cqMq+Z*dt5${}OKZ`>a2U|eA9yrQ*zwf02EQY?|{%$IEGn)c9v;CZN=jc}g^YF*3EqkLp*hdKQMaW)Mg^PF_7ZH!x^5}oh
zjyXYPo4jXX=e?s)&$sQ%#Vx8nXRZ70(GOb~!tWJJO3#x2oO8tCfx1yBb>5h_1A%`8
zDNp8wOgnEDHQly5F1w+yD#pa-m?uiC!XV%
z44(eyP++(8d(Q6LihHi|e)k4XuTZT_hkGuUZTPR8kDY4;T+7IV`057(Kd}O@Sv7B2
z;ypJp?T;NAIOsd}jKG~Zhy!AonH0&sc0cZN0|6Z8F9yUWmpbK+w{HkM5U6=9Ab#Q!
zXBcbcK##P~6jPxkZO6U{F1YUxh#$!!$P?=Ki&Lp>m|$`$Pq5Dya@f6fG+OpkmiQH?
zZl`+#HlDuY!qM^U^rN7ShxYICIO}+UeS=7m4V!AegUj}Sy}F~g!?G856i-_A{%Y}9
z@C)lp7*(mj`yIt=9qiwA6n9o1gSWn@mOr?P1`L~SKMpfse}s(@EdCwE3zogEqj)O#
zOz>AV;(ZkTQH{8}+P=R=yjFb--ugvH7QJBDHA1dPUsU6q+5^k5Wk1wW{Mh;$)-}t1
zuA|szor(wQLHjN2tpvLZxlDcB5$ElvQ1ut~OMw+N;Tlt7sv}R74+UhF
zuuZVNMh@<8YmfxQF9huU@Url7jb%UD3FkRfwa>EGbP_)d4ij<>+T2Mz5wh>D6)#|y
zr4w$TQ7sPkAJvK$JB(fZDtl|KSXyQOrdDjJvKu>#kE-mCYsEtyuEp*1Bh~gJoyD(^
z8hI~WBk!vpt+Ai!EWW70^@z;Y2zfMKWUs0cGwp|})OxfrVE?H~UR7+U61Q0!(YFtS
zcB%u;oIUY#rMLvZ(I_uSWch>6wpRv3TuvotDaTt~Bj*T|embxuD1OSp?Gx!M#ASBI
z5;xhn?s_tSg$v8a8y2>L@X!IJI$n$$LEPOrMloM`Ctt6-`D%0Xwam@ei*CNQIQhEA
z$=By@zJBcHYnzj=*PMLKck=ZQCtq8gd_5-f_2U4H`8D=$I*VmBcBZrVrzc<7W}0cY
zxcS0{6Y_-(r`xPgkT2XH{>hLoKDzSd!dt97P5DBk~^7y=p?qw>2#-UH`U@~i|O>G
zZU3@XJXmEvRV#j9Wxro5KCH5HwIbEwj=(QEi_&cm7L*5?^WG7s
zmE3_?T7_LVZ0gEx`tB&4IS3Vw>Vb7}HeTF`9fhE1kx6_FI|?COsN&__*ii_{6$5(*
z*ipbHqkMTUb`(NbO>rKOHPp!)p{dqgxF-(u{x~4lPv`xEIx@e26oSzx}pl_9GsHA`u9}^zRJK?8Tcv#UuEE{41AS=uQKpe
z2ENL`R~h&!17Bs}f1H6hp2f+3!)kF8jDKO;(N6dh1O91sjIaLpRR+Gwz`r#E*qUzU}?Yz=Wmo6qsFNTYLc3wrl}cfmYSpHsRgPCs2SLm
z8m305QEH4DrzWULYKoesW~f0KepeCs)YMPp%W~n)9o?4)aYSvE;QzO(U
zHAan76VxO%MNLyP)GRee%~K0h(UJ92!_){hN{vzD)C4t2O;OX-3^hy5QS;OSRn)M4
zYM2_KMyWAsoSL8}sVQojnxST?IclC-po&hcpBkn{s8MQ+8mA_xNotCkre>&FYL1$x
z7O0|@^;5&t2sKKLQRCDEHAziT)6@(#OU+U9)B;s>X8qJKHA0P2W7Ie`K}}Lq)HF3i
z%~EsJJhea-U06RgOpQ>Z)EG5RO;D566g5rFP_xt=HBT*2#X+o}8m305QEH4DrzWUL
zYKoesW~f!*gP5o(kg
zqsFNTYLc3wrl}cfmYSpHsRgR&#`>vYYJ?i4#;9>>f|{hJsA+13nx*Ebd1`?w4rcw-
zFf~GrQe)IOH9<{MQ`9syL(Nii)I7C76?Lqi8m305QEH4DrzWULYKoesW~fZ)EG5RO;D56
z6g5rFP_xt=HBT*2#i6X98m305QEH4DrzWULYKoesW~fQu*sWEDtnxH1BDQcRUp=PN$YMxr4
ziaxBL8m305QEH4DrzWULYKoesW~fm)HpRkO;S_TG&MubQghTiwLlepSwA&QjZmZ17&T5!P?OXY
zHBHS>v(y|lPc2Zzk*uE@rbehyYK$7ECa6hjikhZos99=`nx_`1;waWn4O1i3C^bfn
zQxnuAHAPKRGt?|KN6k|URMC(1Q^V8Qu*sWEDtnxH1BDQcRUp=PN$YMxr4ih9;h4O1i3C^bfnQxnuAHAPKRGt?|K
zN6k|URB;UJr-rE!YLptI#;FNvlA5BXsTpdPnxp2a1*#ap`l(@Rgc_yBsBvn7nxv+v
zX=;X=rRJ!4YJn<_W&PAJHA0P2W7Ie`K}}Lq)HF3i%~EsJJhec@k435dKWdm7p+>1O
zYMh#&CaEcEnwp_zsX1z%TA+&KSU)vPjZmZ17&T5!P?OXYHBHS>v(y|lPc2ZzAl6R}
zQzO(UHAan76VxO%MNLyP)GRee%~K0haXjm%hN%&1lp3SPsR?S5nxdwu8ETfAqvojv
zs)(?DYM2_KMyWAsoSL8}sVQojnxST?IclC-po$Y%KQ&B^P@~isHBL=XlhhP7P0diV
z)EqTWEl|Z^)=v#nBh)B0MvYSw)Fd@UO;a<}EHy{XQwvmaBI~DysS#?F8l%Rk32Ks>
zqNb@CYL=R#=BWj$7{dCgVQPdLrN*dnYJ!@irl@IZhMJ}3sCjCEDo$ek)G#$djZ$OO
zI5j~{Qd874HABr(bJRSwKovt-KQ&B^P@~isHBL=XlhhP7P0diV)EqTWEl|ZU)=v#n
zBh)B0MvYSw)Fd@UO;a<}EHy{XQwvlvob^+~)Ce_7jZx#&1T{%bQPb26HA~G=^V9-W
zoXq;EVQPdLrN*dnYJ!@irl@IZhMJ}3sCjCEDo$bj)G#$djZ$OOI5j~{Qd874HABr(
zbJRSwKozI5erlK+p+>1OYMh#&CaEcEnwp_zsX1z%TA+#%te+aDMyOG0j2fpVs7Y#y
znx&FYL1$x7N}wr>!*gP5o(kgqsFNTYLc3wrl}cfmYSpHsRgPS
z&HAZfYJ?i4#;9>>f|{hJsA+13nx*Ebd1`?w&S3r2Ff~GrQe)IOH9<{MQ`9syL(Nii
z)I7C76=PUGHB60AqtqBRPEAmg)D$&M%}}${95qiZP{o<7pBkn{s8MQ+8mA_xNotCk
zre>&FYL1$x7N}w@>!*gP5o(kgqsFNTYLc3wrl}cfmYSpHsRgPyi}h2()Ce_7jZx#&
z1T{%bQPb26HA~G=^V9-WjAQ-OFf~GrQe)IOH9<{MQ`9syL(Nii)I7C76=$=4YM2_K
zMyWAsoSL8}sVQojnxST?IclC-po;OVpBkn{s8MQ+8mA_xNotCkre>&FYL1$x7O3JJ
z)=v#nBh)Ch`OMPKX`OY(8K;EnFPL`SRdcQjpFHTqL6PH57YywcdAc(?dh#Pdxx)GJO649SN6fQ52qcWeJ*Y17mo4XT-x|OCgeqa@$DTr4x91kx=QG~hv~Qz5DXii>N4vVOvUT|Zv~~N&d+eDWdx6JZ<*_$<>;6~+6xaQU(ANFgLR+`L=2+#g?Ne#%_BYVh
z?SF%|ZvPJ2db~peRXiTvVgYUZPKfjGRodGB1KRk>PUm00<5c-^v}e)Q{tIcJN4}l*
z(X^`usq+1351@So?M1ZpcxGt#C*Mq4{sOu4?|2o@`L%JpF_X3~-$eTYy8nr`UM~u?
zb^E(UR6K1*XwPE#WwiBpyy3CM397t~-;K7;$8_4G8Sg3Dy1rLw>-P2@tm5hVn`rC$
zU-a0!Y3usiXzTi8C#rb2vi=v^8&`t@9f`
zRr%}uPW0G~v~_-$(AMqQNn7W)VT6jO^E>)9W$XMTY3uwf8L7C=Pq)*Rt@ATEs%)K~
zw`uG8j~b=8&c}G#y1!}KqnOWkX?J4&KN_vdPb80?p=_PMIPHV
zXzTjc(7sIje^dGE@gGlH=QB+kzXs&|`y=f-+Pi75pnYFV#k+xa)p^S9#{T!5sO%Z!
zx6nR>_Jg!_{ASvEJlbgM@#u5Dil@ip^GV9q;}N|;*?K%$XzTHK?Lx(MKDW}2vpuI=
zq`1y!hPKY9Dmil0S(A8lQJHEo^0bsjrMTdya7rmfra
zna8gEj;c?u&u7!t$H%p_2eUm-(bn;81PRQc=k?+DtO
zUrbxizZ*S#smFevc3-w<3+*$Q-`U`1G_1#TdufJ<(FQtF%3Kef5?QOJmd+HiW>pPLQZqMbk_58h&
zwmyEEY3uvlwY2r|^tJD*_&jN?Vs-MZ2G+3cN8(`Rn%V
zr>)yR=zEHv#PPiBDrM{Abt`S1?|rm&zK36}{B^#^(boCR)7JT&l~DdVzbk3$_^;5`
z?fZVYGEV(zJCxo~5nxvH9B4@}W7(*7Xggt@Cl^b&BhJyh~f(uMfRm
zaeaKwr>*aA-k?2@Ls(u|${)nUer`MzNY3uvbH)-qjd-#0iuh;7-P0B8|hjvf)X9aDY&lcKOkso=t
zDzEJnZN2`jr9DIYFHrvadVUyf9sg|FSJJ1rJ|FN|7
z@jsKco-d1N>wG*xTes&q+B)7_9=kwW=XdD+s(zinb7|}2=X
z>G-p0>-II$K8fS~3)*`9c++7{h)vx0Xq&;8P;vD-ZUT_05K(evjPkG-3=KHq(F
zvGTv3?fngH&Fdd3<;!X7@!LULuh)?!rTG|5Tj%!%+B(1YdicwqG1e@^>&+Fsd@h1e2%zh;SQ2lZd7;tiOiJY)Rj9)16Hpyz4V(7%Qi-Ar3wZ!~-C
z13hosOn-em?V+vLmzvJ%H$wD$9zgq2*1wRp?*A`o>-B4=r+jsn(s=bAdmL?jex2>%
zi)hbg{h@uKwJ7d&?Fuc`Lw^<%WhZlJB>d7r=CO|I9Q$7t*Q<+^SvzUKXDU(4}%
zl(v3;w3)UZkI!lA^=in$D&9RT|0~)${#&$l{p0IO>z_hf^Ubu2^PBcDjDPqcs=T(x
z($?$g9NN14B9EP+t@HObZ9N`s9v<$l>eKy?($@9Q^w
z-ot6@_|s?~A5Z}n$-f_ofBJghK+o&e(f>kKT+|(^$`7SIp0>UoxR|#5D=_lku3pMt
z=d=2-()JFbt@C#=ZM~kSXzTW_rLFV1jrKHEofz3$#n<=i^J(ky&(hZA-=?jfm-IWl
zwEQgEx;-msU&Q+Md3dCcDnFULiFTCs2HJYP-A?;f@~KCt@;d(Wv~|2LVa0X4b7}Wu
z`PsB}`~yAjJkax(CdSkEL#t@({B5MI$A7EG-bMSnY~Q55s{Q)>Jd<{Ue5;2SJa*NQ
zs=Pj5&!ny6C28yHlaFXOG5+;Osq(#PFQTolC*P&5`y1+~{72D$EbU*?w!W^oEaX8KHrDymA^iJji;@j2d0iuT#rwN_F&d`
zpyz4t(qFfK4{cpvp8+cVEXG?vTemkuTi-8upZ9MeAI9Ujz5RCj^9XI
z$6rTV$IsE$@!LGS>+z~S-M?pO_hozEq^;w<>+w%URC&!8(bnhR9BrM?@CnLaukRPq
z*8Q15`{o`uMg_QuS%OH*MXYZ_(EM
zSw&mV-&Wds|9&TJU4PY36~CGJeTKG<*XFU$m46rq|E{P1dfHQHhleY!{T)I3CC1-JTOTiDM=1Xvb9_FQe>DyN^#1nfsIqsl{J>Gl*6kZl
zTOW@rX?LOjv$Sf<#eA4HP()bbD
z`god3dnnt#n6~ckv$Xa3-TVCUujG1u^&6w=)AL~t?LC&Npy4dVb$@Q4J(%_Xn6}Pe
ztH=L6kN+X#R6Ol}I&GcL^Jwe#-A7xuZ#!+>|GKkF+t-iw7i|Aw6BO6+kE5;Q&!nx7
z{|CNV>c5iqSoU`p?dxdAW6EEz7q`v-d7pTYLrNBb1o8))nE_2;zp{H>X!>et6}nD*5?-cuKp
z@~3F)`MTc2w|e+qkKO%36;HRnp0;l9G}?OpFZKAZqWuE5M
z_4W|jtH`(0{wD1~-%|cj+E>xmpBJe8c4>Xy=WUb7bv|d(*7<6py`AyB&(CH|QSr6E
z_xVdBxt`A(X-^22t>^EvwDo*%rLE`t`l+hC_V4-~WshO}NwoF&&7iI4
z^E%pkKJTQhufGn8t9W|9dID|DucfW$=X~0_{*APC`*+jU?ca83Y5VJ^m9~EtZGF5x
zNn0PU`)TX`b-7HH*ZrG8TlX(TTaU+P+B$znPFLmi_2@X-!3knWTbDnHw!Z(FL|e~?n`rC#{{(H_zc*>?@wcy3_380HkG3BF`Ly-%
z^9XHyePYd0<#qd(VofnZ=!u2?NN!+{!XH;=kG1FU#I`s*C_vQ(_Tq?AnhD&
zy}z-C_95gQXRGphzMV%~=l@08I{%w!>-D4CwW_?%|4p=Y{+H6$`Tw1V@20Kib7)R!
z|GU%H^LZg{J)h6KuGD`rZ9U&s($?*Hnf5X4|8Cm4KZCDV@pOB}(~i=A0d2kC^$u-)
zJomgomDlwRrLE(gOIznNPFv^iHQFbzzP+^d_?|yk#nz_4G#n%aTFE8!_Wpl`^jNuM9bd+eDWdx6LHet*pS{L1_Ntp`}YK0hAld4uokXn(wo?YoHizHqn7_hj17(AMMi5$);Z2igz+-|l};{JUz8J|CrM>;0$3g5r9;
zc#5`O5C6aZzR!R6`#NjbetkXu5p6wxYX717tL*`_b$>_D*6Z;skH2?6+PnYg-Je{*
z@;bk(J@x&c-k)6OsV_%cUoUv~7rgrk2iiaQ|J(O9{@?yS#@J8PeAMUH%W3QR+32xX
z(AM+GyZ`uqdcVrMAL6~g{=fb6@!rqBuV+5>{^Q4vp#PAolm~wDtL;-P6Cr_ms{b@ADz=
z{q+C#^P8u#KHZ*gcx>-}v-f`XK%b}dejYN;_zy83pVQXoPrhB0J@}-fx}&IG6BzqO
zK!pC%L5Qn9!`~FEDmpnYei68K&UA6Q_+qaRivx8>TjHp?z^HTZL5xAe=363M`;AUt
z9wx*Q1O6mLb?uTaZ==-757guTedSxV%d8jhB_4U--h}@wabiFOq)%X+{A`o*`GIv;
z(h|$??&?yXPVg27f4V#%YM-o;r9|Qw1Z{ZI68{fh*8yHd(Y0rG_ufge2@nzz2njKv
zg9M}_z4s=9AiY;9QUnwbP^xrMiXcszAfia`O+-Zm6%j!YL=Zp3hE)CEb7psLF5;i(
z**m-QzUR!$nX#-?f75F#R*mCkQBKPOPl?5COH>r-D|)yU#YR5<3G;<
zsu>O^&rAn=Rvky3tt=`Fs0lhNWhY6SS=||0sAowm&d79q_mp|Qf{g4
z^^oEo2+_8m1xj6$ax`rU(o=c!0Fw?eVvcu0OtYN5V8f(8UqS}+Nc9=kn#&{K^i3`L
zu8=mjhSQ}gy;X=RfV%+dMKGHoY1cv|T2`vaMp96cV*$h_Klk+=tBDj!=jz6o*_Jxi)OC#9f~q%e^<_w*xDmOhKjEtbj}
zFGUq#^>OG%Tnn`=QYxYIL@$+UY*{Hf0HcM^P$vr2ur_B(yBe_8TWAj}Einz$MgOLY
z;D|aPZIJ5lx5&%;U~KbQq6K4HrP__5U4Dl6Z+uLTs9JchR9Q-cK#yH_4S{p437^7d
zDImmRxG#VsR3x2c9-TGyTd7W?7t2bZHGc?|?WCzcOI5QIwDtsT?0--*XY+5Vmd8N#
z>)@_4eAD_eQ)4U@oNEcWAG8zU)J%Czwp7^&D7*s3eZw-1F|)!#mfGJ93gd9&%Y#E(
zpaE5?E=)~J#a@E0(g152LL8>3nbp*_RQqgD^E4QJ42vwCnbpuzjT69n5saCJMTvQ=
z;dM~uvn&<=9imo(vC(Jg`r%qS(yz2He1y!jwN+;<)DlO=M&jR{;^4B29KRB|
zbD3-*ayMHY`T+wiII;?UY7v=pW=~vZJMO4wpEvVkVm(WRe;sXg!hL2^|o@m
zdUyw5-3%W5@-^T)Z1vq)G}n=cpF$W<08Eb*nsvlhZ7}tcOTc(Lj3t6sv8g2b7>cnP
zgna-%^a;W~`4_MYw)(t-mxT+!ek7c$DENCX;I~mlZzB8m5g*}Z&VmR&g6UB7Keqay
z0F>ten9nB&yLdMUD@QfjXz~41RsmLva8{nre_bvOw`M5}M)c=&l9N8Dd
zVLn-p{yBaliKk1}3`rDpRA7O{M7ap;)g)m|BuaE1BBCofD)n`#weAD{Nw`+#G#H%WM?dGN
zMdLjA2EdwyC
z0K#@d(!&>%mN}|kU61qy2;Ui!9=@2g!BOr<9_cm+4mr8lwt8ebw;yFXG^<4>)?@|2Vtfm
z@ePu*ukFV4sR8vv5ziWHLEUcXne4{Qg#lH)tEc!2u)Ygp3Y$sm0;+vck8~S^NURow
z`j(#jYvz%FI`Vcnt*CdEC2YV&ljewTu^(J)!3HahDZ9aKx#dineqtRMc(%-k4RW^Paws^=N?AMoSh
zv&>|LOqON(>Yz$_)5}Z-s8#+=7dA8Z2GvD8J97(Y4c0T^%m?jpBB=iAGGdnEo8ffXOJ+$AP-^Kj?^NM#dO1bMb#vsykjRWBOQ7
z7e0jkU@7h^)$6Dy^8xrr|3k(zRQ3pUaGgiL1nS=pp+8uPh7qc9v?r4jqh?7Q4>Se+
zw8&4A+FGq5)YufS_zNB)6M7of>GX?G1+iShCffx5
zv4_Zno{6>0%Mm#i1wEN7;NLeghADZ}N$N)vv(F;b#8sM}5RZF3j!eTssI73lCk>@$
ze=MXR*q7;2YL-=B3N%2rb*qiEYllCsoq$;Qade=8I==jn>hZ}4464HN{xEjW0nT1zF|I?S*9T58Pis>R0zFEz^PV9hs7DwanY=c;*9uSd%FK{#SaMxA$qWu0%h>cBQn=l7sW
zxB+#E!s*<;yhg@?@3`uV2A0lDZU_}Hf@C=_GlyOE*Bp;j4TP446w;oFe!*3J`gwUD
z0P5ubpzD03rEJD}`!V$zmUCBvxdTU_-2bGYo36eenbllbFF(wfb`rxnBqkma;%l(~
z=Sxr?v;|7eNA-B3lpM{fL6iYPos%76eCk#bcb;`!5x@P*OT2D9KPbN<#3w2m&57qR~*i8f97zOo0vlU
zSKZPazUDUMaK77}Cn0p=A$9Hbkogr6UlBql9#Yw^*%_;7D9H^%=)^
zQa9S0@TfqwR@g^09GOS!rKX3u-+S)w%aYu;U2dshx^9@5UpV~G&03h`kGKUm{K&1#;Ze62habC>IsC+3%i*W)eh!bh
z=e+Pfho8C0SWAga`^>G#;c@qAFC4+)=k7c&+`{1r_bV^FgRp3tD--fy4pcNPS|&Ws
zCowXiEuZ9;S*R>U)AGnHWbC48X)+60xhSeK3z@fQS|OQ5ix-wzw0IGjg~U^XLoqp(
zZKIYxBE)#fR~@nxhL2k=K#VmG9E?%V<9w%Fo)ghsk`^OaiinqFHLMb+myTJSjzyXp
zIFCqg>XIWmuH-Q((woOz!)-&nE(uC+k?m_V=-(mtHx6qO6idd_n!~4`-ZHxFA}O+`
z36T>A!y@f|f9w}%68d*|zMC
z=)MF|iXPNOWy6pnUqtj&ACj+z@b2ovL2DIeD!s9f~i
zmHv|Ij;9`34_FHymz1p7C3E0ToIW$#V_Q=asAyPXc22F~LAt_cQjKk7jUQ4FD04-IE97Jn53NZE8
zNl==vLUe~@eK0a+o~&B}XW64-CP;QT=sA+W
zu2BOij%T1EbvBkDWpdA`mne?NSO=2tToWRH$(Ta#^+%?ybQ%3ZK^U9XuC1a{^}j8}
z7BHptDBuYEh=dY#F~`j((`aVr5V%lwA0({eQtcU~om5vzg2-B8q3kzASf#K(0clbD
zk1P;|$J29wRZ*&JaDveOhYZ5AkUalTRf>4>1X|c~^5?5kP)vQFB;si$!fJv28ug_h
ziT*w$iKsIXzZ9EDtj^dZ1LMVmG>1rZk~xu2(_r-8*sfwBMPOSWMq=X(!fu?Y7L(2z
z5+_F{5%I;yN+YEDx~#<(yhWrWs1ylvaVN3z%QPygL-FymDF)k9zQv*#MdU{vc-fx&
z86fOM8Mi}^XtfCyYC{A$O2{Dog9{Rk8oJd{er^^ZZi%aciVAT(e1@y
zC3gsiRop_wNWQ9@jl=5hBOG7DeU!tRZg~!CxwSZ~;V6T8*+JEVeb
zL`)GO9>*cCKu9*inMk1BawFA{5F&=-
zuv%eJN79)jj^4dixSZCTiv?=L*4zco0>Ddr36Y2PW)!Zg-WntY3CeBw*+XzUC=_{U
zQ%&K9>Ud|JjQkqVIRlTNJu`)ysv9sEr~Mb8`v#8aSeusyghRDob>nDDRDE-gC1S?Z
z5u!-bv|7lhlLJ#
z5*n?-+~K`I4!U=lNf1^q&cXs`LHPGVhv+`;4R5*pbQxLMy4IS~7ZkI0D(=Z=QpzCZ%z@}&V)HSjcoC&}yE
zfgcO>xPhl2AHyi#qZ+0@al14AL|omE#=wmG0}T(LK1U#83=!v$eBC1i9SAhTQm}j#
z(Qo>Y9(}dw!9d|Ez&8QgEUmGdm|CL&G&{yv-%(Xr)Yf+`XxCHX`+
zWUNBh+EMe0j)+bu?l-TPh{U%@ZR!^I$Fs#9kM4m9Yh_{!JI-~G)K@O45^>+pu|?b|
zzKCdi?QcuO6_>F)Yay3ULtA$o)F|$9Y+*ZD>x!Ie^$>hBE>=6)E&+7PnfeU*E9AMPSzrP7)$zT|CTPPG)}!
z16edAl5wzs#?i!%b4+J)7=A>`v_)XIl+i!^g5^UnTlnl30JAwmViYCmk~*hv@F#tP
zlZgx6IPV#JBJ}9~41==)QgM*dEaghXSomx>2cax{Z_iQ3;Qs2Dfh_g$<)ETuhQ=-(n4OmBdrzP11J^`Xt?S
zFbUs>2od+fVkm7`_G`Kj`(*x}5YO2o80C<*{jz3^6gdY5i>KiVbK?ydno4AJb5~Rl
zB4!U}%o(p1&Q%|3Zb41P>#;RK6MdfPJWyn8QKRt4Amy`&8jiy%+y%)#&)8n|SQ%i`
z5WUEU11sr>JUS#{8aU=M=B2?=D3k7Ln4~+rCR$45iSG#)etHY
zp)V)=z3Q72I)i8ixp8ow6Thk5~KwntTiOg6DQaDz-XBEQK|Cd6$L5xf%1t@(}Tqe
zRLdEarD{G|it40Y{s_izK1;HNG^@H)QE@&i2J^n0IJ6nqOuVHvqp4K8c6zLmAXGLa
z%9pUoL7dTAsLOyb0`{
zk>?$;87s?ddV&(89kCgBFn{7LydeRO%v%~$8XR8EXh&?us>i<%k!MJ?V>PB9;K*k9
zX+>nt8Si+_n1|=YB%Pof2y7VPTuhB)v-~dPjOAwndo3hSJ7P25ma57lUdi7DwmF2;
zj@XP%Qk@&^;m3h}6~bvpY{o9B{=wM5`fmWc8Nz8tY{p@!X7tr%l-bH)NW$UepLTp^
zd?wX}jrw6(mH<}P;5_%sSW$dn3$h$d(K5b}>Lh&d#F6ds)76k|nzm+~mZ}9tAI3)k
z8*lI&qo+Z>S7K8d3LJ{(J){{wNp+*0B^pyh-hkNcBthnrEx2(7F|W<&nX?^>5vawm
zmA+pNPwX;ce>GxlNQ^d#W+YlF>jt4!N5N&214ky+%z4C8EwBL5krK=RUV%7NyE=K^
z`jwGptHCpc_<}}`79eymin?|JXh+3;;gRZt@T4J83LdGbqvrnQRd|08Mi>%TpH8l-
zqjuEsGByW<<%Yx=qaVG`B?DV_d%Xv1Yy;zZr>Y5{V;KdECEn=w@H_6wSMmmMHvLb3%(Ms2{l}WYToUr1B*R7y#~V42S~H91dwsn
zQE#Ms$?X8)Fp)AP$0RGD?icjNgYzIpoS7@wZMHt7Cr^7GCuVjuJ%hctvY53kQz>sbdu?(6dt8?LJ2kSIOo1Di@%Eu
zI>glquwYRATdiPQxGbw;1)QDuwabv+F{uh5b;2(G2VJzTya~)pQZ=%Wy1WCPz(m2S
zfXs*%3|^P22BKsFe$sqQ)*?b8Epxc5WYV+iL2wAwGIym)ZHK4^h2WE!0!4VvyknMjY{(jlIfE?}weDkEwqVm>s|%_x_;
zj1??(t}B)C9MG$V(TW&aMI}qcVRb|P12AhP&j^xK=(JNfn{_M|z}~NXAXG3U(!wNN
zftuOCQVY6aWeu#Z4`Fgm>6F`9Do0LaegtTf|4sGs*WXf)EkrtRg0aD{(m(c%8mvTh
zxg2jlNtEIc7{`5#=^MmWnS(rZ)h3R&W3j4gVW=r*#|P^_a7
zN!G_tQ(|*>N~Bq$yIhv}HNm=ptz!n*88t-YV
zd?*MdBDdgY7vWl-ritz#TTOW1%lj!{XG1tm6Wx)v`f8Df{{`%R2&ZYHJKk1(F(+XC
ziI}3L;PCX*G|_#E-#BS?L#=t{M>oA+KR_D#-9T=
z%HaIUle^MZ(cRH7<{*ACVPr{3bfF2`ZB_X%6n+!HgJA@z+ZVkU<$hzUFOEX+8!*oM
zEWs~Exfk))-S2vsl6QcKYNm)Z({+Eg)vndvOg9PGBL>e!FHRM&5lDOvs>>j{8bP5P
zCeoWs?qXT8Wdb!udilxChMP5342UUv;b-szBJ{eH`=%_{IV6&f+0E~gnQ|fMD@lav
z*t5g&vk<|I>Rq%1YbU@D!wEEFb*npSSWZi)dmi{T;)JrwoECVq>4?sfbgE+z#E~f>
zem%18hS`p7B|ZdbS;A350(H>@y=DTu$jPan$p0
zV#yy6f5Vsc+6oiib<}HDARMfL<#!y~O3%=E!S6h{haFXXH>$57z+yf@+e()hk*l;8hHVOzCm928MO?I8OoZ8OD)JO!*$I(2ZB>7v$&#
z5MD7Po>%eYTa!|iN?D0rP9SUyC-H2G9~4ju{d_=^QsJz@t-r~T7jZ@p+8IsZTp$l>
zH+XR>|Ak3!$b;JBbwKw>EimgTtTY-AYE(Q1ghWKA`;cr;xbH!2&;{NHTAGxVK&Tr|
z@;#`ZeU8Lh`h`o@-%j>i=`Id(^vr-ji>R6q4*37gje8@y(z8DI170i
zNsmL|!##~HVOtWv5+*L`@;^L{iES*Afb8hRNLHt4JdLUSEkSvBj7S5>9LCewsI<;#
zBLf+KB9)N+iTwDMaXv4EQ6GOGx^n$M=K2`;7Yg|b;%DQq-lPP4k9Mo(u-7U?zvn~p
zEyDf!=meL?+him82?(dcNq&8ds0<}ne9W&8%3qTn&G6-)+c-;I&;z8zVbS!|8OS$9
zKad8B_$Nz->8C_ds2Le3ag>Z63}yuzKO%|tNhOYz>iBKVYJ=F`IINA7x1VX9oqqHK
zEezy2H#I1c5
z*pGdL7p+BI7F?{R9zvSufn78BfsptTRVH4De*i@xWmYUdA~^6*H;W&<@i+>!-da?B
z344=tTResB8xfd2m#~*wkyg$IC_7nDR3M(HuowQch?LUJ;0s)BIY*zz;sP{xCGDS)
zVhwGuoDV+5_m2=g-iPFugg0i(9Rfq>nM
zV#-?TAGl_IB<1xH+muxOkFuii$1U~5c5JvLyf?4`gx@BdpQi0nmgmwSfEUs2DwbM*
zN-|Tvf!Jjsk!IIH+ARx=g#ycN_%SkoFLIRr37e#ebQC|w>4Y;7+_MKbzQs|7Y;YOz
zzxtRYx(K#Ofx1z6f<*ta6z-_>c_9||2xmLM5j)9JuT2J_5WrI5glco~RAGN&rILw+
zmB_y0oiaZ;1}!^lLx9IERRiteAIfnbNDuTih(vYmn^jh
zR^?3QgexHr4ln(qGa!G(QcnSAYnKOBg>bfZVgst1J+jCgt{Z0mY^j8$_(Tqodf=xY
zo#@h3PlvYOvG!cb5;Z6j6M(%!xNba*|7EG3Q$3Td1h&q|C(?t1UBb#6z^zCo(lUwt
zsFhPME^h~|^qUKiox7Im8igGsBzF}*lCmO7FQ1NT{l`+cd{WCa=I)Tnb@aK07A{cRPPXVD4ND2E`Fw4pcrhFioZa0P34~G^b
zbFxMBD3DYhA8fO0L9?WdB^9{+f=*{Y@Ka$NoqfLBCNcX}
z6&Si#+w=yQfo3Qy^+fIwT*dm{oOBr0vsb79O$f=7dB7}1Z0eV6kj%Q7y-5Ww4b{3E
zf!X=Lbhpmd4Z7ckFQ+L~$>HFQ_BD$jgYVcXu{OY05x>I6^j#^DOru%vVVMORVB~f%
z4jC5PP7|<9a^@HaX8>L{giIQC+iFsA5bgntZtjRA!#G
z)m-!ixf`@&|E7vyRx9T6RP?7uf{ZlfDwcerx+TTkTjXxkJnTz=jxk
zUUIZ=+G;Z%JJ~lr9oVZzUgLLcb@w^lz~no?HW_(dlC-PYWpHmZM6wluVLQm}h3g;gyZP^ioyJ8I2qnk46ex!ADT
zb!_8fLT?Q7@U6gh8=PN(x9y0)-K?m}FA)D7Vcct}c16m$FOi)ik%8pwmiPnMKL)4q
z)x*Dv4D`fi(s(>2=fk1pdHiJ(FQwS;J1Tdo9(rUIulI-
z>e(Y*j0`+l1M>}JMNR@?jv?{brIR~{g*puM+&tEUu*;A_84GsABf9-dWZ=&cP<0ZF
zi-vUzw|GfEdS%AG;iw*;fOQ*;e|#1OJ?vVy??eXN!(P#HwS*CHXd~zhF-b)QPCxCn
z=PDr7ClZgQnncb_J1#0P>uay7x`NRE0TTHsZ5dEg&^owilR%h5B(5{Q-PueE1k|A@
zulcVBVXM)kN#v)rBjKmSwnf%-0)(>fTV6zD4lz50u;SGnc2b8FS2TEX@4bCEZrG!Z%f`P`p@fZlgnQ#&hnY^50PY(tr
z9LF0hAP7tYbV`{t(ZY~Nei6w`pri&-H|@kwEOzSDl42pE
zSNf2oGm*g07*VnqZ3s=EC3oAF@wIUuNy>*6GCPM<1+fJ6KDeiGd`HsHkz!tFu^ky-
zfw+wlA(%_5o*!#Y0J(B;c-;NnsY%I#G+j#Cf$686B2_LdGLM3)$G|H`T+XnD^GS88
zB$nV1-3&)tAC~+j-lVHJpaL7V(y)L)Duw_b>2rjJ@j^cdElgHJ
z#5Hr{9Li$VBNy<~wg-%T2(%`&T3U50HvBXxu^xBs-;bcTW7VZk8?3r)#$&56
z?-AUB3q)FokHBFibOq+Gx|A7?VIu|6g?vb+5$>0O
zUsxOH^)PWsm;bQ}cB>NJ1w(dpVkE0mG^=1W+TpchM3*B{DKdvy1Lpt6_$bO(G7-%IP8@puam5!g>UP>@XVk7wX13^9f2%FEStSV(rBgX{8Z
zFl5L6BCWgdOr6RssPj)uz4}IJij2-!5TJIjur1obVLYgX+QFnwxQIf0HXPPyDwy96
zuEk>ll^@Y1d`M0v+;0b!T48$#BBX2pLd$ScF7JJkgS02M53r#=uG>OOYMWVJw|3yB
zBWC~$%zaIA**O!s#R-SZRA_5`=*Slv5xo;Uy=gXkL{7F$>iZ2LU*g5+SU7`XXhpTe
z_;@OQ-f3uMC1$I08!Yh=#D2jc=Ti1#?qlpJF(oUp{PR`-0!e-Fr3JEF%#+ukr=j}}
zWKxgJw!|Y&|L9U3@jP%g676nWjzzce8H9WwPJa{&h@-SQLmLjA0&`;MA<}svxfr5ztj46z85xlRHFom8&bZj1N?+A7Pk_*xWZxszF*Ha!
zlM)?VB-0q}yswrm(u^0t8W&`*VD|LsB=$HDrFm}DCd{ZRdYM{JV6j^nnE>Y+86MrY?UH50pPNkMD}Jj&zn6fk;5
zWd}+MiUWDvM?D4fX+`Iv+7GLff+qmCHxxP(F+ZO`hNmRcJ6_2dWQ3b)d<(5{EC{a<
zoy;Yfo?M+ue_x%(iV1040eAyZxW1W^RGzd*sh+{~oHBL<_{nfJN#ulfBBUy{T-*C+
z;D3d4QjX7u9^7y%U{_T%T6ZE2oenoCzSU4C3(SBsg(@-BLmaYylQ;3SQLi4R-OZfu
zqMO$5=FTE*xOoVv0-TSydI_0b^R(A|I6?j-G^U}-6wVFs%52OG4l`-`Is_(02#yz0ztJb
ztHdKxoJaIEACkuiZ_IcD%Q`a=Jx4-!G!B-PUxXAivaAkc(4>JqYVdCu|M4gic*0VV
z!V=YiH8S{l!UwiR2A<9oWeyY(evGcpkMV6AztBB%7V&|q*pEQ<&BIG{&e2BxkOi2gdZ3rXXlPVe}muC@wk+5Gw
z7}k2vMF6{vc&D?6@vEtxuw$vpo6!`L02VQXd(e=X6=A6@Xu+}?7!AW%o*I0f`jd~4
zPG^9F48g)vq25NPa~f-@=P!UY5scTvSvOroI#cjT2+g?80AwBGKPYEa!H^#k+SOl;h0oS$TgCzu_J`J2-lwqN3r
z7J#{g*t+ssV(f4RTB_;}=-!O@eLf~hr?5vfg}Ub~b#;{`s54n-5PjK@s7Hxlr8Xdq
zw$z!eSku1;Fd7|}Q;;O%)o{NIn2HoVX>ueueeFaV@1;XLEsal2&-@>v9z{$!Bb}eJstIRp
z_4E>yvoXNdhEOy_zz3=6ZD83S;Alf24LWJ9=8CNvke~KdFjg2AsmaX3x2dxR!P*YS
zQN#KL745Mqlj(~)>MPtYwR!
z3&s+|Vl{f;$A+dXSf!vAA-99Dmq_Kv&iZCD&@MvvO1&AR->D@Mmks|
zYyUp>up(NXz|Yr&bKW%mBkUG!Y5CuP-6EXrX4BS52a96Irh0kL-V4)h93D~s>_6QGu57<_N^Ug>oe?VP*9}VXi;!hJsW#|5_w@x}01L{r8^yDu9
z{|O^V8UO@;Q{L$qP-+zfbM(gRa5y{@(o(L|E1*&^=b+6`vJ9|_gzKiqQ~dsR$qu-Y
z>8+2>@PKj$N+!v!VD|U5=}fT)(-~lw>k|^05>O{*;&T~b%GdC-ltd^2uN<`X(ZN18
zCmr{kEdck26KGqbvnHUHjPcSv1N<^^LdIauj)2;Wg$YjRAK+1a!V==Gjn3hKT7YL!
zDy7T^LJ=bA7DZo%cRmlOSI~D@NiARvd?kA8qw{S*ZQN#Q`EJ1agydJFhdNgSYBE|L
z%fAF{ijfbNApQ5Ce-_HV1o3bCvR+*=!NrcP<{<0?_=zFZ;L2Q1DWnBe(J{#V_W=KA
z2)eeJP$H;kkyqM%@eqzf+evGf^ahMwJE&ssQ~3cF@d<)AMmp_+YL7yTtA_YG2IGy9
z*^dX#R`-UTj(`UEu;l*3Ip9r<&Kp5h_(|+xp>8!9toh+g&WdKP394O>c{<+*>p(bD
z50SJh)7c$VcfR(9DcT70TR1Z`mgRg0~c*4s{
z$3UnaM&e@OPPh!IS5WHCJE)bX!02LFbZ^kh?@mLdddGk;9N=i5Ab1C#(^07=GrS4J
zo4|NBrf+JzgU{)uRBA$3hbZ5$uI^q3lJisLoht
zv}%LV&}WI@+B(20T2Vjb2G$wzJwq66%FOWBP6EFkJzS;_$
zzYZ$>N0nXwNxiWP#c5>+%YK5%@k!7whEqwk2zI)FMqNEZ6&Q+q-3B8|f3MU!ZO#C%
zat5Eqwqd71g!%$=bSocd#lxr~NV_JTCnMC-&p@aRuvs{PcTHx$8mO19+l|#5_>gdp
z-L3|*Eo5MZ@JQ1^SR6*;oC)5bn!TM2Y|W1xZvtbFVUfiIZ&1xXLozcFfM0&CBr+ax!y{DFA-bzsc|a%}P6|GQhuiG^?7%Nq
zkV;j64IUtLK}XI0vK?5Q7uq`k?E3)W`cfn_J3>vm0m4{-uRK6_w;w8M0X}Gr$(OYZ
z;Q9v$^DxiNzSs^-?gqjEfG5KUk}M#C8CRiZO@vy6dzy6>jN69AlS=)B$*fHgYS3lm
zCM)I~sW^0BVU~6~S0P>aLU=W*?=oQ24rggy%sLyPzHz~73r62?7VApjRe)Z0vF_-v
z!R8;roZm^+Di1^!fxa3CFa6SmUi#I!;Z@&UUEq7mzDzw;8QuRAFi!b&y7(9UVNXb(
z;=WaN@)&&MWKm!Iw7?=p#+I5`z=`bY{_rfuR@qfVPLCxTy69#LUo2UoEHoEc3_har
zIIJdgTjq(f##gB7G$m~ethK>;j+}=k50U#+I@%o19R>k^jyP>-?BW-QBPVBYx94xX
zL>^Wr(lkXb0&jVUOY@A#i5YxP9x-IVKoNONy--e5fvbxwty(
z0Q&$(&0gqsR3)!S`oya)Wt$IBIb#|^&4-|z@YU$Y98>i*>!wN;70%yiBN;j8LI93{
z=Lh2nwiH?_9-O=nOBMeO7jcNsg~QswxnXFUTKOAtlY!_8J|wpjZX5yFPPrEmQnmo0
zLpaHI2vs2^1ANR|6?1+<#tZeo0f-zzpJD_v+oC5zqj3mzt1rcL2=Bll4^vv7;wC8!>nX4wNw)&l*~fJ?x1?qVU(Yq{Ba_bqV_y#yOQ*z*NjPMILbIDg2l;wd
zgJ*m_#1*O4sJ!s?+y~_QddLR8ujl9rOMC$A3=Ww=+4ucB#PZL7!8xyFQ>5|rEPzbv
z<~5dh1iqepc;NDVJ;$*So!Qq@au|jf&(}i<8DCEU0LIrt7sl5^7sl7~Y$o|1S>E&Y
z^Z=04_w~$lg;;`!cX3#y$?&8^5=Z#Ho}W5c;vgc9`Wz2grJ`Pj2MDoOeMD9zYxusN
z0w3cZMmnwMU;rFC1?Kp^o?M9beLay-V|+c2Z-glUR>4t=WE--fJzviv*wpv+oPR_!
zdV$qH#PobUWPRV)a~bEvn2lpzi0S!yD0$!4({-2>t&reOu=W#^Y-4;qm*7Sx`EPLi
z;G^Nbo<*Cqg8P7NtQ>j@JYUa0SV{;@n$|9CB*X1oX1))3R{AB9m8zkl@Ff|@~s--7i$
zG08Tje-r^q@^^3qU;}MA-l^jILTCJ=6{G;p>r;eA}=NkK&*b$m3ue?(%&K{@CE
zxVNFuSy=z@yT-X57Hgaa!aSmrxg^v5u8|ipr14$AJBY&d%@or$qE=}&UjY9uT#e}(
zb@pj{-vVx<1!qdibd7F*;u}}M@)FMJ=qB~zOL&G_9`QD|##95;5J#Zge#{MNgk>I&
zp5a}HDx13y)unK#p6adZ=($V(dhr2w>1^oyx4ZP!QJ8k|o!z)gDeAx6rOSYY+@*9C
za+k(+!Tv`iatDXij>b*nF8!*mC9;B?go7d3lW^lMor<*ySpr~1LwF{n0PfQ7F|}w0
ztgXQZGw!=fFFs<4fxwRT{=3}bnT!CiWl7B=q#%#JleF0kapGG*L%mmbFUZCMDkQa)AJ
zk9LQ`U3#xLR%?+{t1$>Id{W3=Iu|cnQd6>?0XCR$HokF}-k~Zq?$Q@=6J*jtFqdXx
zd+ySe%=X=-L+4wX^bwe!5nETD?=G!{mm{nn5P!qRBrC~?AOZnbT?ou94oPLn0_xeXP9>Gg`Yntcg
zq;j&qlZwJ8lx05I0Q2z)S({JDw0uJ5;}dEGd{W9kp|Vt_#9&|JEx>
z1ehx8c#QuzxWu}f`|eU_oe)P!c`4vke2(OD8F%TtfYhYcAape(E}Ld`Vk&Wh$P>~&o*Ln_b~2K6=K6(`e|KFk{7`Ik=UF!
z<1YOzRVOJW9upM~tYMsXX9rPv8j4>ri{CEcSr>8(uo`JwM`N^grDOi
zLJ4@~@ZF`2X`j+%fWL+le0OQ=YdUi>Y9j7`I5MT{yGvWQ)LD`lz$*|Zl#p?kmdNfY
zY5_tUUy;x_+@*bPc}fNY8{sPnxl6~Fk=g)rfXxrdukM6tGu)*&S9$X91KUP8o71>U
zUq-#i&k+9&VQf5ISH8Qn3O*t!Zveb&2xqu5ms1LGmyWy->%~sOqY{qH8khig>B#^z
zlmuAW5VQv0U0P=c^3Vcc8=oMIyEJ+`umOl4YB1kjx}}0QP)rB3*oP$zK)SsdcWIM0
z9&;;LN5Yw$72_^#^no{&eGk@e;Y>Y5`tH(-b3JDCWIQ+H&_(CeLqo1{mzKi<8x5qg
zBB*u3=plFM3)l$7q)s3V3?p%|a3}QKrQKs;^a)_hGAz2wgxsa^EnxIj0N4A3kh^r#
zLT>_b448J8@|3{1OVi=Nd(hn&N0b``k62@Ix=S5&M5&v2U^WCKbsRGv_
zexHv?HgBkYjJve!Hgxz?p#A)xRNr0t;wVt9sdxy$q07r!=|>oM=?{MaECfd7f3vg?
zz_?2*7KXwWpmhkNhTNqWTS3tPQ|Xfs#m_i*_5VOq8e~ch{vX+(Z5@W
zEZNvCNPb6z4LN+$9l+sJ?i3E&yGuFj;O^qEqkGm1?{V14&5c|}mh9wKeDsl}o{B%s*R8$lHeUENhuzP8j&&u6mhIH4i0?7?dsAM)-jFfr
zLAnv9ucGO5`azsp=>zVe#S76ngB
ze1*K>OIP_YuF?OZsy(+FBEAY1E`dy!sXYgq4Ad!om9_R$*fpb02a^elt=+8*68qLm
ztagoPU}yD}s6C<_uFm;atII&kcUp_p@wWxQzQ?|%Lz0v1cy1uzAA+jQAxwafhb6N1
zlZg3I3ydGWL@vO)LF$UW{&dt*`F#|wuj*^zES2j%Mpk~(*QI6c&&T5OXFq4xF5>Ec
z{?&q-xVr9N4Rw&0UxMYy$g=jX!?^m@%XLT8olt+`dt8vGY<2vF6x|A{=+j=t7n82L
zLABrVtT{Ll5q}3&RJs&1RejlD)d{x!Ex|ADNw!RXzf2#y$z`vSQ9almB
z>Jn**Q01rv=>-D)Z^K5lLp3Mwif)CvkIDWQ7OeLa8JHjE)B%(C6{Y^i?ziOqMGv9Q
zcx^lRK+$r=(JbrK!Cpl~;=ifRLmMJb-m}nSJbAgA088DAr&03ceMm`oZ*9>csqe}A
zayy*cz{r6hU99~Y@7+T^dAz>rzqQp3G8sM5HpvUxZ8q**d(f$badg+jtXJLx$pU7L
zC*{5u)Y%Ov5z*;BB&QSZdqK;gZN7>KDJy|cH=N`u6C+ujqH%QB#9m0s!(&8RLgp}UK2F7WLwRXrAmiwMt7RrfH)Yy5x~c5t
z>D@+hbk9SJT!#pDbdwB^;BO$N@F+@3=ZY*O`C7kX40R%-aehRiiU+=mDqe}nL#T?I
zufoN5Q1Sx~>l!KYtGIszpgV{TK#U=IlW@O^k2i;VoRX8NAQTBF`Ht?%t3jv=tbvc~
zYHmr*4vy~b7>i^#VC?9oV(FB)F$sq(Q0UxPWQ4lMEbvVCAg)MV`VZvMJuUbk=GPJPT$d;`vTk`h?tMVia=2$DUrkx
zzN7nCV@s?@#QQ$SLsqHZPfGD2Vo&&pj3aCKj_&@sERlyHuW8OFF&Rk&B1yq#Pl3_WPRV!{pn!IjOW1`8)ABn
zJWAeoEwJ7uCfUX~@;3jjp?PPGs!Z(H?IR`CseS}
zfF~1$E1fCEn|C-v=WZGB_2FuaH}9A7+USRYe;&>;-n{E^mbeV;SHd|RZdW`Pq@Ko(
zZmP*pH*u&EQtPaf?C5T`Fw{TZgtE*VK`Nr}`2C~S`b_=)&|5x-k9Y`AqW7
zSl;U&0|1!*@g62eYY?#whxH3tlaxr}nEr8jBeo(T;-t?p{evErenjkVJ|gc>GxGaK
zjuX&=h9=$lG(h_)Fvss7>4<)4|2Q&;MtIx?aWp2`AT$|AH;vYQ|M+x|W()%Bxe(Lq
zAJ1j#AI-6-O^k&&mWG&K|HzI~`28d2KHNZ%;32R+CMMa&^pDbewfsdO*L^g+e{5B_
z`$9o*0p5he;VJMof@}-o^P>>V2c)=bVIYhp
zI+;r{-R~Ml2WXA+0k0qm*Eds4*O-W2z=iB^Qx
z9gRb$qnlLcn|KCT9&xuX?!bUb<6uWObqmeo5jMOFQDt)%qPi3g)lma3AxAfvJLKr@irJ0j%!jCPbd#l|vkp|V?#JA+|m6<4hS9s<9Ha$OALgDX8VrrKWclV_rTmrY+ZT2qx<8$
z(0vT?r+rM4&XA+~y{h;g3RU{=i2mD2SQ)S$2cx!O
zg*&=Gt_DI|fPD>t)o^Dvj_%1Lk;YgsW<7*u9NjchWO8&*!|a-(wn1i(FBfuj)3BqT
zWBJ}rj&2@LoR*NO7ehN#$kBaao#&vYah)8}SKQn@`BJd_v~q6KVu}
zlI)*QSt?UvSkW?$?kR8)lZ8T#?y?1u&rwV85nLSB^Jp|7NB0|p&<^J#eua<82}CfC
zZr$$*HID9<_y~#o6ftLw44rv`;f`(svDiQ3O~8A>)1#oiJHUa4FfT-aqkGenluLlG83Jk0NozHD
zFL=@ru-1XG)38WQW)>XXXS0KK0*vns>oO|ZWBHEm`=udx3k-XiS7P1GeMfiHMtpdZ
zlqUl(=yN2O%Q(8%1n~4lr0O6vG9)gWadcn&)g$!)VUQtFo;(*e-V1*0EVN7n__`sO
z3h-EXFSrvngUj_`Y&9%aV;tS}mf_Q8RO2T=_?k#7kiC$jo9>PwNB5RV7L%k{j;!F&
zP0%>Hsb_^8-81fBiUg9(z)xvnvu@+){xuRGoI#SZ39u&#=LT&Y-5a}FTE0K9Ax7Rf
zy01|s8AtcWd+>=YkmMWqSw?KuW*pr<os?Gk(XXM2USAKgWs9c{7ggB|mxEegbxb
zaMorV-L=Mg@=+@=nZV)6`;P7yEaGz6ivTMT!hJ_~=^S3!8USk+!hJ{gh*+wFifL9LR(S3~KKf}*A;RN5&
z-4ZMNlsWl3e*Pv-$QZt(`(}0gBUR!guEg{dN2Y{~qq}~JSAa?&)F6^>QT}_uOR?>P
zm9zua#a9w?bk`{0W#k25;|SOCt2<%Z3`h4b=$kD62C!v>vpJ2Udqq`ba4X^u__AJI
z`Ht@Iu!Jv91H5Di8@Mu;Qwnf&-)sa8cK`;kMyAc6YnushbdSajUgic^z!08mw5|HjdMW(%~pMtlc@`Ht?Z5#B)Y9H5ClEV+Mi4veGwMlU^z$)#Xz3}LJp1bm!gU4SIiq6}8$gI;S2Qa*d<=8!XxLsFn}Z;$ifVqx-8b
zJW_oS+Jup~Shy2nV5awiOJliB4gh1MVbKjFs!Q&F?$9k90?LZeVFXE{vnQ
z%pZ^~hxoca7Md`G9Nin>bFkWj(bZ>#9No1a1vUclV?vnk=&p?Y)Ye?Yuk|s>br7l_
z04?^oT(C&s)Np;B4o$v-`t+8v->T&39!D;gkFWVYN_g0Mh
zRwdBthEauiFZlD;P|+S>uW*9z=sqz;w;O9L@K?e)#?hT8&AXMa1YvU+iLD}xqkA%$
z^b;^n85UVAu0Ks>3FDn8K+W{VWfZ#j2-N~nq8bU>5FxrQ+!X4df
zn?cuLFvf?oSeJ2h(^Jv|j_wNJlcW3W6EMvITpYu}ZW6lCZW3Jr_K=vB8U4>QX+g#L
z0aLoFweg5wbzEKi6dI53vPw9`*#8iVwMXNBD1mAgsmosn2LD43K)(NhmUevq!?dna
zE9eP@$U>0Fiqx
zc>_%1yXWX%kQw*fizDDIL#AuukhLkTmN*N!=SYu3;KSW>Gp=FH6zIe-aY>i|;hsxu
zh<6$dn`Cv0#ywa3J$!rf|494p_$rF-{h8f+xtp7t#!W~eBqSja5CQ=qflva35D1-1
zuK_`Nm)?7kB49x*6a}$?s30PWfQSVY6j4DzY*@g81rYJ~oHM&~6JGUwKi}UU+va)B
znVBa2
zHp#olU4q;%q-+!gM4^{F(}B_+az3aji^Et-DF5S_Oe9=8A(9+YjObu@pw?ixE1`lR
zjCTj(o8az1cf(KK9q29!RtiqR-GNrzp{n6Ya9xDM*hvP+hv$4!y8|gt$)Du<)DGbA0~^*KZs|9wFG-9cahbFzgLrAyCbd
z@>o!OgJ)SRUQPy-p<((LhTxrXI0UYHAY5ow#i)pO2RgMMpEmA#fu3l0pw7sV^(mP|
zed39mb_a^qUgJLnJ=kx!P9qI|2j)Q#*>6emvIGgc15H_hr3(sJBh68^D*yDtU
z<4Mf|(bhp!Hl>RIo&=z+gRW0Em?=-e^^>58vvm+<`{33==XYX?oJejA;6ibz0O+lQ
z`W%H*3f!wZm?XN;TL%q32|_b~ZEqqtTL<+#0m49lqe>I>)N|H(Mf%y@!*<5<-AhWzw+AagTs#c*R(lJbD>!6U4Qjs=-
zxizS*X(}o-Y#sDj1G~Bk
zy>(DZkyLV(o(D$Z4Q?G&4pZq=XBl}x?DhQ!7`6`j?Xn%s-h@#QgIfm;uVP1PGGS!w
z;MPHVp0G3H+Mt}Xb?6~W4#BO1R5}o8*pBbwrnfl)nSQSxurl+XrXspfmg7q_++V
zU1BTuV9XwiLj|gYoU?V%ssoVITL)#FSM8!=boSfpSn$TMZ{dfagrB2H0KsFqux3wbH5=z0``T*l@4d?
zpz7-l4$z;#%c99ru_lfRKIIvqw+`z0gRJ=^#oHbO#t+x(Zi4S8avOT~Y
z^^dxpt%JN}lT
z3)Zh-2;?gjZ?>J@I_Rl2Ad~}`q6sB5VC$gDuc0554X~vqkOt+C-a4p8Rj_1VP=;z+
zb}%H^I%rfccr**(%2EWSM{gZ;+QPIp2zyGCsIk6j>!2m=@l#%~KK~o08ml>52R%T=
z;woq%FFH1$psB`PZyhwgB4UsXMm2|}8hD=Fr>%oJokee$-xKv=eITowg3@RU5D0gCt}3qB!B;93u4AL05uoY#sFW
zF-4Lsz$_xRirXT*e@I&g-Rrlt4FWb?YvZYR6I%!U-U8o{!C5ZAX&K>4o_-lcTL)!+
zYJWiWD6l6q{tsIRy?LJ^$@jqgNVE0UL8}_uIDI~FRpWZ=pg1o=67doWJ`PnfD0PEd
z2MziLZzck3pmC}vgIfn(#Q$X51M61`mrUYGMcO*(sYpA$r+_uT6jMzq($+!03Oi9B
z0%4mbQ9iLrpNF_#y$g*Eq9G50a7>f9?o!_2uc&<=v^8A-;ff}41^wvSE-m#+=0M^gJRrRPy*gB}_qN?!Z
z6cBi|nQK!OYG>=9X8X{UqNqIt(l*jmg5+!+bSpll=8|&|gkwbFKy!ntw+?EKWm%5w
z1rRQ4O^W1f9TbiC(pgj3%XsMuM@dc2)~N(m2;wJSU|{*gD8ni1d90{Qw+F36r?W)LREVHpdXRfRJ07q%=8O
z2hBW)w|zk9Uz)_4GTv*5(To{qgdYJ~fu76+!?-gHb762;K_W4ukm1DaEV&VDVCzS1>VOvQpDqYx1-h+uEpywxe
z52m8CaCs9m;?&p#r*2%?7+_`W%qH6xNZ&H_;wn5e1AcbF76Euc`7iS2Rm628RdxLt
z>LEQ-z1SrQ&gl*$>CWDMsS~!osp079Ej_<|jJ^QiPMZ8ADJ#ca$2PJubsb#Dg>3&Pni22f6g-pxIH@ID^Q#$X)H)G(vg`upICL{4Rqa`fw;SD0sZ|bi)b>@zVj-
za$xlWpxU)*n)JN(qf*fdczcH<6g*dY!T^(sA%Mm^uu`Emb-GJNv2A(EmNTY{!kOW}
z%}`rrT|#}Lx6GGv7*4Ta-q65vql
zeX~r!#9xeKjRTi7G4{>sc2=o)68KJsW1ATJX1$7T0;zZl#|I8v(!|&|i%n6zgZ
z6Y;T4let(SXmU
zKWKvRZuK;|fHEwb!>JVxqdDc`X^idgOne_$UpS9)Ak`gjN2HkcSOoV@k5f}P#84{F
zdWsgH{L6dbvQf(gNJJ67_Pllv`MDe50Zr&hgyHP*WseU%PI(I0_Zm+{WJ>t1g7}AL
z$1L*eH6%O^4!z{iDNTQQs?LX3DZsKcPC-$mWs?0frRO9@{<091?wUpcDn$#Co*{q0
zZ8RveG>yZ>UUpxH6!2n8w&mq1O!t7Y(V?ks_w*aNU{sTyneQRflYaRU7_U1l$yQRV
zOzEkxT-vPjU|iHJHWjy`-iFds4Q~&!F3(|PYaGf76fO}{kPZ*0#&PeR`}5wG(la+3
zUmSuc>*LgfBnFf5V@}lpd74cg)*5-GNP2E-fX@nvJQ$}Dn#|L6-uBY-({O{chg=Bk
zPL0P<&FNiJhdVAj67Y7Ho-Di-MjZJpPJ1+&d-~pD?BLVT#@_?>k;Y?w4#dz9qcghx90M}JoY*J8ns^LjCRo0M?gYcpz(VbKt(A181t({xwT?cO!Z2NwT
zodBPK_)}>y_Mi+in;D+4nds7c-a!7xQ6m5I7{a^4@ce<^6{mG|5VAFiLZC(?-Y2oo
zJqin@gX{=GZ%vxPCZL_My_0Pd5U6w?Fg#t?+Ob;<*ZZ^>$BsQHQxX4M@P2~5&<7!y
zPlNHC!xAQq7rfYKy~g*p=f{A3L^u^n$)5Ab!<%4wT4H^Oqj4F88;+8aq$JbRw4B
zsk8`$)i-HkQa{u4-AOx4PlB-fCQUS`@XiJ4DFg!*zB~@XnVU2*X`$(Pf3`jH_zeV!
zO0GogbicB>(~IP_V_pDsd7wG-7~V06tXeZP205LpsH*k2`z8JDYNK!5plnU9HtAi{
zs&(V&byw*hgDg=s*WU_=l~M}}f>j$wO~5SHBseUh0L-I=qB}_(5kr}|YPQlF&jQV&
zhG2SEZUemCkr4c==&CI}u6qnYg7OGX#|U0RIWCE&SE?3yo=i8`8~HV$iyEFXXw+?@
zYJ1Q5NU7j5h>{P7lD7J_;Bkd;QA3d2>k?iJ^uOzCcoYM_ra0j%xKI~riVs4mrzZU8
z*OY|-hzb@XswC^pI~MQ7sg?@sVxTe#~eQgotz{+(h6mkpm^h^HrK(zMRi~1
zBd=0|znpm%YFfTAOA7x1cb#wHHV_U&aTqJf+m=TNI_N(2Ei}%A^AZPA?Yt5_!=Vz4;+Bg=9ke8a_->jRkcQ4&yY%Mj-=@Q8}0agX=vGB0poe2^KCwhZ*CW
zVFeJ-^BVq|;Kh=@I0+qRyq$;&P-7Pf6RxUo;1@SSyN0yFYDe;dIQ-W#bVm3NOw`op
zf?c0DB87m^*+!38Lqq~Ahr_tc{xh<`I30~?P`K805P2gA-)S6q0;Ld8K*O#P6gie&
zW%S)*h#`Q+YuFov*BS>9wnc#MEd@(fF=jr37S#@~0y&_{B_fPoJPZxQOogzEB9uUz
zvxQQ`CM;-Fea9NJb;v)BiE9m`(
zqDMOSUPY|-E(U=(lt5e82Ef=C__6zuZwlbvhA{T40%NJt^H66Yis3xMfn*i(OyO0e
zXCanr=K#A?<5X+fI0ilsV&t_E*fXVYr9=fFOM0qaKmc9`Mc2dU}6>6+mD=
zYn;umLXm@QnDJK-4{~-a4vv5%`I13xAw5smHAHm~8fp?ng_)v)Nw#P$J+mLc*O4If
zc1S9*>fViBVQ5Dg{W;~fgxArYg$B@J-GX&`xXc54g(IQ9G^tP#^>=75={d9v^&hZj
zHBJ)t=P03DK*AJ3=O<82y#dDin#Fe1?)t{IB}M@$P@0GY5h$h8qOyd=e6yOR)_n=yjq#9>((y`6~Fo^LS)CFKK<
z*hD_H#`sypGq%Q47IlH#4d(+6B<8tFku!*CeA$g89V0}#yhWj|knEr}_Xl>t>Jm_wrA2g=UOkYWSDEdUj1
z>3C{*A|Cck{0IT*59i^Iq#R7zc_t{Gx@W7DHU4z7Qc_m
zimj9K5%k2hiKJ(>y2iHz
z@y=0wssWFJe~CC)vwSkBzK3TZ<_>EC%G2t?#$mikP=AKH$*6El
zd|2?vkAop)wziD-lTp5oNQ$ZeZ`B0W{ko*KIBuYferk;&C?xGb=uw)a0x(#5z6rr#
z7uXbypQKQf$wh97dqR4Ce-XZ~1bDwDaO8qkn)zl6^y=75!nGXnNZyP7nH4wL_uL0g
zCYTx(jUxR4RGc9-r^ySIJ!VAp!TjQnaQ(wU@hoP?NAs!5}L~6U`hFX5T6s3
zu>fYM1uR$NKL^z>@=X6liuQo|Y53;svBC2JM)p@AGzA=agQQjV*zEc9K`AIWYY1U~
z{fS7jxJSddiqTfUyf5+!ySbi6M3R4d9aTu&9$!@yr}|_S(TLoIsWcz-y!*29^CD?>
zQ3+JYVb9LBnD~RA9t=dKmyodfc%35dm71i-Mb2pnm{^W`!}C5mypdqkCaO}x$lIPT
zrsCZLAZ@gg6wWxuqO3!P=nvPyIE+M6f3IZdL{tm66w~0m%z-#5?BdFtGf~4(i^>fk
zJfTS(M(zQ|or`|&Z8ZJRdJyoj(i9bf&ppj18R9&kiyE#%!BBY)^FJFNMayBraN#&O
zh$?PDYpXm*=5{jP9+)xX;T+@@>Pb>1rhAe#NO@u2!;~p!n4xV^0X8B!K8IL@x+m_W
z8TD&Fs@W$(Y7Ti>9}<$q6yuZ`wRb-;?gP46GwP6Hp0$d5-sPEyPG>#|?gQb7CN;#J
zO~M-D+UIT3c{pFxr2Yt#`X(Xn2bbqljL4)3r*Ir9Fr-+N8S{)O;_fkh%PS)A^#C@+
zF_;DiWD4BW=IV+?#DCg|tdjA329%SHMnP8Fh@+BGWjopLRkv@A#tyj4jey^}K@gc^
zx1nB&crx@aWCYb{>`bAyL6mW0rauC^Uq3z%!8-^Q$8Z?q$R;y5{4OFSNl!2IpyU?-
ze{cw@OTxB{K<|lmDVaxdAs?e2#Zf|wBB91jYG9KxL8z}u`%t3`vl8mS2+YrwABneH
z;ESZqXL}H72?a$p%g={V8!b)R*E|9%AXBsOg*Z5JHcs?|aYe3mJ0_MRu#z$L6{+wI
zz_w^Srmhe2yThmslrC~NDb*uJVkzS=HiV{#oPg_xBthn|@o~uNFQR58{AXZS2NTdtuhl>w)QkGSk
zI#`-D;~M&d5$_q_zl4B%2JCwr&D$2MmQ|%Ihe&6!!NEQU<-_DPwc&r_PG8X()P(%g
ztLIAm^lDd$pI+_0ZeyP+>%ujzdoR!UXi27SkZsyc`GGk6mPRT5NlFwj_!EvBf0*
z^IgUmzwMn1Hr8RHH~pE!Ukzk7-vvz=!fyh{8NzStfFM+cLv5dIY`iOZ&N
zZsS0uhw$E2@Us}$2nUykNZuL3H%Ha@CLHDiURj#LLwH)G;dux(gr|^aBqma1QK`^E
zsjgJMCbh|De#ZnACThO?6!k8#gA+BR>K`U*CR&J~2O?#07?+_*vN}Cc^B&rDnE|kl
zCR`-{)FcchYG!tm;s#vW0Pm(b&r<*t2NN~hFDcF#;L|kc3hsgvHNKICSOu5$8Yiuy
z!XT7PnyA^h0-b(fCvg0yfmF~d(nL*VoG4whgfgL?s3D_eoJDZigk{jQYZG#mGRBUz
zv&k(QL)N7_pR);dT}1LX2apD_Lw&sF>@32&=>>SozUaN;SC=w&xXbqpl+-6p_6zW%
zU7i^$@s%v{_GGxu!(n(Sz?|C?Xpj{<9_`!XXu8080QgqT;rAmr6zq$Oe9sv9B!%}G
zx9>EbR9tqtV{|D};c1R#JT67zoI^sSY}1V4=`N9R9lwBNQhG@e{#DG9H6T_*;^upTT42TavCQwfb9<>tziw0LoV4ke$dD
z8*vx>mgKXZLbwS0`)^5_-!57Fy;9wsX`?M2*`g!pAwzaL$@itmuE1R|vPUN%
zvIPEpWb^*S5pW|OS)QAf6HL(DzEIRs&rx0QZkWnQlZz;dm$|i{yO{l9T-OM>cJd>MkjYp<)GjGK?&;
z0e3-*&|l(Q1pd86?m=-S@e`%QB|ZLwMS7!^76^{=jAWIM+9Ju%VVDZ%@Kv#7gLe1*uP{utZbDrNUs}b*Okm
zdR!+l=B_ZrmzsqN2MLw@^sj{X^Cf;!0xwoL#Vx)b;zq^32n3EB6?^K0-Bj#
zMWC1aMf#owJ?D;4d@XiGhQwp4b|xG+h(E7|kNPBXM*RfEAk9IAzu6)2MmPE-vfCD@
z9vZwD?Sp)!d%V6gAlGl725+r?1*61IQHGd#b|@zEsk-D7*xvn!Cv_v_mrmNC0;G>Y
zxNe(HshmN7ePL4NlBD7NZPHvO-5-IdQI@9NQgxOlO*%_&J%@<`s3^uEH$X~`$6YW>
z(?>xr0{=csuiK);A1x&=>G2=3ba7Yw<3+Q{YvrTP(#^VI?itRP2--sN&^6j;7>7_;
zLJ%DV<%~ogrN2@xxsI>f;mq@N`S6`Tx2z2p^%|Ip8)q|qF)L^F4nsu!AdP`*q`1AL
zV2~-ez>oz*#u>bXF5|~bUzM*BpbvJU(>+NVs~^D5a%do)Vg-RQ;u01cfAj1i4p8C
zs;E%k<*@%Q)Njjb=+_c`$v(VBjG+BvkVTVAO%RxQjS!g5hI=jQ3^J36iSb};+)tnv
zMb7RW_Kl>c;7LTESPBoTNcT?|=@3>O3b$|v$pL|-d|=nOL4RTipnpD5+Y{}3H{1fJ}Y
z?hZqh0{=H9?eRZ^at8*{6`qvtyg!wKY$yoYLxpm|Gnj-)lJ3v&O)Pbm#(~2L_4mJ4
z~D|8qv~nuhQpy%wYVQAT~XRQNc8m3elAM~G_E%IiaYRAs#eq~k0?t^zbs34pv
z6?`@nIkTbYMwUK_=!U;S0SuM+v?@t%7>fe2
zX{W4Be`c4#lgipJ4#SA=sQWXl)Fy(Q`h%UdnfD}mr6Mhpipo;=^^U5jv?j`x&u=a&
zBKpVUnCeb-yFbCd-)VJW5s1NlvR=NZ`Bpl9@C!^$tgH2h=ye+)T*2**$yAG6FP0Pz
zu9J-*VYT>GFb5r1RJ>;z;N35<**er;;~{`Z`{F&UT-0AXhhe%t}0%f+f`yG@+>Ml2PDD)u55hc1sACw!^Yb`Jip#m}m
zod2P?4c(;bwL=j~YzM1G7vf(FSwSUq+hS(9qv{&see&pUMo-ZXA~h*QCyP}M4aF$q
zf5_NB-H(W%roDkR3(AGfAokz0bK0;fsCW*$M?<3eYV762QmActg_B$)okT%sHi!Is
z^lMg7fGFg8IA>SOlPK>lb^nHDg!1k#;!$1;W?Q-wVRi4vXklDvopTsd5GmT<5BVq4
z?Y?EWfgc`&@^i_|SCdu{uYp%JxT2$$UmQ)Aq`%_(~IaQuRzQ=GeATUD3s1Hs+8
zJpSr|sJefjY>4IPg7XN1=8{YNH6m?pDrewNG2KCPf9D{{#ek|rIb}V}koLl4rW`6X
z1kDkemuJq1VqVxQ9@
zk>edTlyBH)-K49Tf&Fk7X?YNi|J2=bu*#9w9i=zrNR?@j-nGzpd!EAPB)^nMZ^7wZ
z6Hfn`-Vv=~$y~gsldF=f3s`d1(+D!15M(@~kj`z1WpCWFL3zZePa-WHqchYjF0>*v
z$@l1h_7x=WM8jSFAFzNJ+gi5-!e)U-EA1G9`LXZO~Cewp#y_>XpG4DfK
zXTOgZJsho+rom(hrnO3z&-%00QCJJ7#fcS;R(g=J`=B*?K=-XMYqNt=eD6q7d6YbXUC>|_Ebx}wk9p>#-%2D42U#~AY6^+|B_yIJmsh>_
z1SB{WsvZ#2X5(gt?bYZD7tP5nZO5^0jUyWMve6@9!m2m!kATxjL|3>SMn@+&znhBwF-M0UTmGZbcP~Wau+Zhc?}S>E2*JeM
zztyGOuJ8&&^ws4kW$-n5g-Ysti0Zt|mitGeldrySV%=rSC|_s&7hm}sKyJvQS@e@w
z_pI?s^u_-o$^qtir?4)lFSFKF&Pb&85G_R3J(UgIr)@(zy84(;j8j_{d=HK4#kqFF
zC*l3K>?qjysNAvu)N(R(Up(p_8I7r#v^d#xGM(I4F)@~WBy=a*pOEAaL%&I)>*t~F
zWV(J4TAr_8hUW71>(E|&y%0JP*Iu^`ohXt|n!|eFn=QzXhA#O8ZulfZQvL`{LOHr6
z#U(=<@QquB_QK8m^2nn?)J+QwiLM?_uknRM*9fQGhBAxFLOQxZsP_-_GhRgP7~R2>
z62K(dA?SV+hmnB1Wka1kCuf3w7S7)~kW6QM4~h2h>|TTr{RPZ>%@$Rwm%Lyf-6Vkr
zbxA2lLGJBowGLkzfG2C=luH7)P(G$R5kucCMmJ5MRbUx&`xAzU&P(9*QPTZAgF521
z5Rx8+(-bXDcOvF{l5UoeP0~qkp2Wjo&qy@(?A^nlY$pMVnxs29BoUG14_%@gCGcDJ
z@o6g|HOVt)CX8_$oX@lbDSzepCfFpo#VB}H
zFWc7@jC#L6C`G*n{Z4K>-d
zy^F6SA#v?dOoWWLB(C-Us)`V$wSs5a#r`$7A@a^WkAbWDhHUxuYt>bxv2t;BI93t*8|lZxDj#G3DpK
zWIunq1@hy|*WajWqA>bsC%Zx2^9YtJ9AW48sIznHhQT3>k~q6z-5=R&>k!~tg>9}ob)s-b5`Y}P
z8G7Ib-ZWf|Oqx^9jH1jaj55>bpb<_r6D}P#DS%Bg79uF7nBZzU(&
z^sGXrA(G6&sj+68dwsxjO;4rcc*_LxvOBQ8gmd5&-puqgeHU-7lW&uO&2w<|v8GAe
zZsfEyJr__Fv62Tt*zAym!rPgi+Q3=KK43>2+*b1XIwZ{i$tP$NxD-%
zSIkK=b7;y(nzYwVPB+t&Qs4GB2Bxowg9EQb%*~kx#o$T`k=3Iy*C*d?hvvu~lR30BwLtfqs
z>_Ngga60=`?`w$H5pKB~*Z~K>Df@h~(NIdxfN_R
z^z5fBAX7l7P9%z#q`P4Dp`mFo`@Hg^?Qa02ek8(rSwv@_ulCq6m;%ClA_ev8?30vj
zo8ci4w%w%3$v(@vGf
z7k{tRoc_P6xx%4I8I1ZDZCR>;_}FdPyFi?_jPL)gEu-97c^|@D$Y9(|05Se=D4uIFPKvxZSDxr5JbsSU(3Z-KnY%
zvUECCw675HyMEy&8+T+xPh!hjmz`xOgDrZWj
zoN
z9Y}GdlW=-NkDs-BH+F9*bhhfE6&Sm(+9eeOoBplfs)I+)f9k
z4Z_GBn5(!^vr-g5k$DC$BT$Zdrc5wLouNL-a7d5EVcbE1baGV35r7uL`7Q^N(-^mN
z)VllO_ZDE!IC$wCHHV_@ZE6xi~p$O;EbO=dSsf?>t~s7bo}mmGBz&5oQ5&SEXWVJ0!1quPIs#WB*e
z5vQ$0q?nYjxQjAT<_|}dvFBSsV{dvJVjn`}Qxf}R0K^<)Z>j+3GMsNXki5XSZEVbg
z;{{L*?vrq^XlY~f5`$yxnb1KznU7O@61WOolJ2yzdCtHwws#<4XH4`dDxTgXJr}3t
zTAJ>(u_IZ)Hg@2e?cKAW93%mXnxwmbG4^lOP``Z%&aYa6!%Sk@*triWjWQf&jK;w+
z!AG%sF$=NE$iE0Ln!>pw4t^bkW}*0X5OS?bPj+b7Ks13V;(y&8nme;
zg;m&zt&)^gxOTy!$@g?e8lZAG9HJ_TH+rZ_VyS)o!@ef=L?tmA54w^#n2)&@NPhsI
zWD0DjD~b7c;wJ#)T7@i1CtXSWiDtj#km;|ncBNnsnFgArD~V6h_%q)gGQB>q^pL3&
zg5_$8uscJh83>{?G^!7uouN?^+$TpaL3mKJtRn$?Xw(lHxMpFaByUM3drS&{sRU(&
zLtzW@=!qgOGW)y&eW-jgLxbg^&u}QX0O?COj20Amr#v+O7ENZy1Fb{r%BLN=cEpnbocfVKF~M}F%fkqAamoX~)#H?h#2iD6AnDaOJ*cJW
zPM3$t?44a6POL(FN#Gz(?~wpSP14=Jl!vTcFvhRoxM3kB!AeL>mxt<)8mv(!fmDfz
z6cd#wY;hN5&dlh$p$o?T5Q9Hu(GH%ft>AqZi1Z?{iMK(_F?QElfX2Xinghu>jN8T@
zJ`UF!^Qov{sNe*ie+v;>El#Dd0NrZmcBaJ`F&
z6cfA|^Ev9GRmPAu@Zx1SAH%_w4^94Zy#;&M*kKGQ!Na^c#(8F9gp80z`_{0(xg70be)oq
zW~OAFGQsI+*mX+NUN&w|!z82ZmaJ3G#VOpGh8c)px$cHvPMxv>L3HYr6Y$=tQ$ECf
zvU?Imc2f9760qx(G0>nVanTWLh9H9y341t{84iWas5&$hagiCdMP>835y5PpivKFg
zhLCQC!}ydWoNPY-Wzf69d4L1SZy2|;dF;o)Cjp!5;H9%Ut+?uJe!7R^$;Uu`mISU5
zOm{k)y9dF=sZ;nxJ|~-7?WEWbs{9J4pKvH?y3^S_ilm)vJ_IxI6f7BwxK_czQImA{
zFWLN&1AtqB(?d(J5)#wdeBOSgQI3P_WFk^bRHCrOU6eTo?RXPoa(+R#ewOtlXsMe|
zftGrDDy){eV;CA*;aUXuWAfE2$gFiM5Xs0K_$m?vbxaJTadexz+mW-bf*)E
z)_8Ox(Oww3BlJc)L>pAO45xdvG~MY$;`KHsk)|332TQ&L%G)GBQImA{FNx&KgaI#s
zb3;o|+*nK}Qe*?AQO3fI6>xA&MEoYSx2TIQ(Z@Hf;oK7k*G04v!*vn4+S`zDXxKm$
zY?Z>q6RuZa@Z`Qn;VbGQ+O3@jL0H_R>wNqAt9>oEh6X`+&~?%DI%+e=UGPitemqWH
z)Cmjq$H|peoYmT;GYHysr`=z%2SG0v*maLx7j?$VTwM3qb!OFgQapJp$W2J#7{PR>v-wBl;?za_3bIod?S38KiGeD|;WR@_)1A)d
zU$S?0|7QI;+q=!6JWB!;HA#2>lFi%FT+c~xzSI&FHx|>`JQ-^stmg(G7fi`9QHjD9
zcTwideE&IE55}H`d1Pvhl2Arw6S@$)iE~ztk*I26!dTQkn~xczSYunr;Sak
zox0+Ga~SsHAc084wIU9VnxwmbG4{%GFm^L=I%x@3LSow3Q=d{A<#4!;B_hQ{8Cy+U
z)80SHSFlb`)dFoVL)F26r&YC(W?$FZSK0@szJ-&n7A~PHNWX143f*ciAg5Xw)>?=Q
zgOHS>!3^Dp1oa&T=h24*aegJUA%>5CAwel)6)
zg>deUqx4rH8lV-1I+vy!V^K8Q&L!ko!BbrIbB^;1e)|l5;r-D
zar-9OB|(UaR#Hvh1k6LL9gdQ6>QzU>WQmr~eSv9_2A=Lsp#LazzlXzU2u!3f)X4J!
zX4t-l>(34%_oX8HB)*2(jifx!`>PD`9lAsK`=*G*p@bEh@40~yGOajg0Ldh@C8KFV(;&r1!b+Sg8sf<22pQud$+>wW@$Wk{^$ydHQ_IvjUZYi|<{Y
zHMq~OXby#Bex&Q+0(@EOay@$&E|%+iG-z=A8kbpCZmxO!6yB7DR)1DwEb=!D;U($%4o3
z1+SnJOIX-I2;>&Ho8le{+M0LXDFwYHp@PuPPxr!B(4L=I!E7i9TMlk+2lrf1^6{U@
z&3JpzBBQuyVJBafNq+`rAS>oeD-ri$kA5IU!}ORR6r4m(A7lv8uyX7fIEB?%Xo!YY
z5@>lL-*6AhMHuNm?5&n?&q#ckI9ujIMb&7EysI*SWeed@tsH$(7j|VNlvR)Ch;8f#
z_ZsCX6~fkHAlC5KvY(TJKW9K$UH@-%-yN&<4eR+0(sS1laI&Kl=>F3+xX3%)lkZ712-Jb66n1cJlvh45Oskm>Y{Ow-`dhS!PZUnP%wH^
z6irbsdpA-e!;EMPH=orR=SO)-kqQr2OsaPBS)<@^T&6#hj;zz!@R2DO5r3{vt?2POU8
zVngJ1H6td1c{@3i_k0rRPp^m9_nREfd5#EsDAH$6gWRKL1bP1mVSFN;ir}*zhikse
zZFND;ru+0S7ed{GO5Lfy5gAzxlL5Jn&9JKkQhZh9f-!tg;uR#3JK6{fO9D!<6Dwrj
zS0MJ9m?(3fO<(J;@f+!f9!kUJVQ4A}ba>wA`7|v`%|hX(*&|72gLycp8>Rv%@skjC|V0aX9_k?!c_>Twhv$$7DT-DF>1vacW5*B^1+B8vx%7rBMX
zR*@AEJkA0ne+3~5X`Jn&vKP`g$48|tq;Y*8m9LP-4SZChLK-*pb+}6YHS~Ft)Rl@<
zNaMynDlQ?7^L$h^LK-*sQCSFSobRK2AJVvmZx>%%`Y7XuG%oZ}1`KK3+E<>hMLx=J
zA&uMk+Vi!ok1|q7<90sEFd>aQ_$Xh5H16m-itGDw>g)J(QxjpNNHJT^#AH?z!FhGI
zTsjo}34UkxG8^M=
zQfqX9nwIqwWm3!gg=p&c)`Ag)ztvVlG>!1E>HPFrb<=2fc}TcK*d(ZF8e@jzDQpVv
zo0W+nt*$}jFzHkLqQxCQ7x&4BdSQF!{46UZ4ej5JWcmk$t?&V?Ipo(1p}cPSuXn{m
zHa|rA=Rsk94nM^C2lvH8eSWCu@7e%WMFW1w@UKLG^K<#3mVW^J%x}mKIsRhg&HP6E
zkmqlU{FI-^4~71to$%0%OU+$io_|nh6c@%a`$IMo^}zj$~0~Bi$8m;M07Aotu+0oly5o1T9@80K9BOQRO|1K(58P)nHnBlLAa4
zf1#uo5`pR^r6T>^+VJq2Y85vT##Nh=JBHzS0lqvYRWB39UUQa9FTiqXLB7IHYm9_%
z$IF#10M0gi^>HQo^_vLkZi>$-6(WBnCon7I0?bPne4^ab8?FVZj^x&<8Ig3uB61NZrR?E
z|LJ*T%r8|C-y?1bW3F!t>^p^h>tG^1t|`>FQ?~Nad=iI{HQNR&ZihH5GJM@}C4+Fq{nWC3d7_Kz*AC`LF^=KK}pe7sUJpyoJ=fDkBH=c)Uwg_(CaRE-tg7HmHfE-
zZ>Z_96x4xA*Ipu&4yt5@(T}bN>m|eY0IsC!95Hop6)FAYPe8&icsT=Tf>Ln$b_98k
z;X8pV;fa+U1&pW1xnYkQDnS|%#;q<}n$sfdz7`-9bC&N;I0utLAhI@Ls9!LQy&bRB
zD(Dyd`=wwWLo05A-p49zK{r;o?Iwl&1_9d3`Rh<=sr1Z?h+{L=JNQ6De^2Kz6s
zBE?BLVI*F*^zeiK@uv;ZGQ_TJ2V!2mrI#OE{$J6>YZ=N9mVezGDO&pY!RLS5jfXIP
zi1c5?u(@S8KScYfXVFqM266u8=b#{xkwpJn7^=67;)ja-Bem<5`oj2?@AUvO2Mq{FM#_Bhp;_Sb)FOH*SZ0kBDse+
zTw`>H1fVddANd}PnUcFj%S$t|j?6|NKjJ_>MNlx3tRej!!k?7fy*yS*)~=zqVjxrS
zjO7014}U|*`d|zQi#X^JRZIE6W=gMq0X|ez6;x#+Pze|5srUrFz);RD$yrC)?!#Zl
zun}*=aL|YRo#J>G2%(CwE0G#U~^M8!OO-Lj0!#adjya{BSJ6Wa`9fjz!2@k+ui}lY-YO(1oOP3Dyy}
z;e)XRlXOolO&pQ-JH87oc%lMb$YF|>R>~RP7E2eBzE4Xl`0Yc8?YkA|Lejgnv{KIS
zu~@p0^aom6!NV{ySa7uhUC7~@mJZr8jXA%^(uGveXBjHP1v%*p5)q2ok~``Rh(Ow;
z%8Z$mmG(#;AJ7*ZLCnsKU6&$Z_DdchO#d6g2Xb#$8Z=LK(7_TNP
zq6?)cOi&XPoBQFuyqc7_2a_JHZi(xKzE@aJOmwuW9zUM$&tY<-RgL&%bboLTKF-RF
z-%R&^VPd3JR{ZUBzvc)ywG(F1eN{|=w5pSEFWomr`!>EK^Z4{i9Nqd$riwBv_P{xkVNI`Bhh|3}C@
ztvm5Uz(2YhXaRoc;y?8yRQKYCuKqR#9(wabH-8vu>&Fk>{U4IHVt(l1KS|mK@lXOw#y?mjE8
z1}YkAnhxQS=b$hJQ}z^24~IVor=qWV;h)?axE(Aykz;#?rk(~9#x
zakew(lw5YsMjKLhSk4Hel-@t2#HenGo5VS6m6HXOVPLJw6$HP?gwmx>I61L&$o~qSy-6)2pXQwn#7A9)h>3X}rWN
zgp|8Hob^e@`F&R@OqF-;=4_Q)(YtK>6dNro`xD&n
z<$B>clAsh4>F=W%Y&%O?g+|UwoINiRx8kMT8ft2`95l7h|Rpc<9WmVBm9+dNhR
z&OWOn+CZ1Ua!nO3yj+B6ZHJ3n1PG|y@a6+teAb`kNiG&)@K`>R&hdOE_bN>E@Y!ei
z@k+7JDuZcDkClRR*rM@5bf~P_l6i~qX=<&6*{riRqLj6_k|8=g%m&^FSMGJnA-EG+
zqvzoT+-x3lzNDcE42>n|*0S_)f*{VCS^G%W`Y4jVpk3$7Stx*=ibH$$$AZ>T)KW%g
ze`H@6>tk6wVua{i-XGDz5WkYZY3W*Nh|X#LJ=5_1FuBB&K<6svUC1yp7eY;O7^F%R
z-#Z@MY8G`(@Ymb3pM#jmPZD(wNe}8$fGU*VZ3^@%vjvi=aaji5Z8~Q`Tk2Vyjnros
zVT;Vv(6Nw7ZQBovys5vSfi9E!MlEd8AqF)W1VbtngUcKz6~CpB3eOmLn))C{I7VtV
zIHt&)4SQOFIgzdF;(ZHx2+Z@nkB*4E46z#&?vD{}WvisaXm0}x%&90XT)1N)Q~`%^
zj^dV-^$6fa5r6JC6kHEbLk;^kt;gOkOL_2yEJDG`oZA$?&pR)
zSvG!NC11zb;m;94Y2
zJi3e|I7EC5FaJ;uNywO(qzwEO`X$H%K7R|4kY!iFw*j{uN5rL!A#X%H1tjo|yY82;
z)-|}e>miC?kr{|=h61OWqAvFilO}<|l#gCe9U-
zV1JV68~VTx-VdkSoOgkrzKQeFw=mw1kq0kgmpMdJ{sR1(!x2f9HbKSDQQb3zN?boU
z@i^EUERK%?d^vnmp}|wgvNoWcAUui|F8ql5l}Y`r_f#?f#1Dzci`_3aGgj9
z8=PV-{I@lL^o=Mkuy;#JYfHE&_Ax&!K;-u&UPS(p84u=BUT$J|6LOF*=_!zBxX)qQ
zZa)+rCZ#t>Uxfz+R#hxNmM=mQ;%kjY>V=!91Z0-cOVe&|RKosFoagp7y6K)~?P%G`h`%rgYK
z7+y-b0Wb9et*g>FARS9mfo_K1Rg4hFOvCp9fxU@WDV{FU8FK*hoPn1rM71OrQXD(H
z0344@ua||~)HQJ_@K<87=OZ3kVy7Mdae8d$jGjr?grOLjm75;&$FVgj$>;rVj)m>X9g+%9OW1MkM9
z<6g$JN9GLdiFGraO>j4oe!pBk!Cjy41HB)phnRN6eIc#_a|aT4JF42ihp}UbTZXEP
zKm}>GeG1jUeQ?^0!=R4<^31)npcRB2(XGKP=IYhC21BBp%K7BP2g`9RUp%)`8*ms*%#nY
zP2gOv2$iLo*B{ZG1#o34f~t@etDZEUrmE;sFm`BGd04~_NVYVuV=N~R13az?1L|l(
zt~7h2c9dTO{8s7NapU347E7?ig}nH`IeUX7($`*nn&D!^MEf+|hC
zKSH3H^!7u=okHo<4ul>KNh&Q|1K<^e-`)XXG{C8vKr*7tc~tm;0%=9L5YSZs*Ow-k
z^fTc=p$zk4b%k<*d>(|oM5;mxOs*%3r1d3+d0bJR1a{8BRWQs7g~(lPq*d%uFLudm
zAh;XaN^H_!ZurzzTFXCBFPg|?5USlovQVc7+DR+_Ih&LZLi?LYTranm*4%hIOhZAK
za1&|ZPtepsS{sV&Fs%S#-A$y9FC*aC+h_BqYFbM^3&P7ck-Fe(_dsVE5u0aM;va(W
zsY4RxHT1dy0U6QuB~&?-Gp_)<5yZ#U0p49&A7a{)O&He*zTsdKOI~}RlQ8LTje$PW
z^V}_XZHTIiW?&UMOksAS`l2sV^E&p8L6MOIfDH-awK4Jw^p_!z&BBip2%igVaS(4q
zl|-@h=5&&Rik#d8?6DwTuMy-2%JAROfu-tF9sqVEi0`M`^EMgrZFecC@|5R+T?pc*
z(9H@Ak|FI^;?2l-;6`J#EjaAVbg>%r50>7?FnL5JTBZWa2;xuo0Dil))^)bitQoMv
zAinKQ_&-!y&%R+>asaR)L3}IOZjs=Y@^>vE_aexnKEkHe1txRua9T3SEX
zwDDA68A1FZ7v#rCD;gau&MD1+6$bH+PeXpJv}O-+;ty;{5dV2N@Nv?59(H8;xxf|&
z@!0Ob$4e^|jXUF;fISw(J5&HZL0VruVCz2s>_`w_{Wk13QCfZ5+w$juU375CEeY=o
z9GD`*>-4a@L>}}T!f@C|sCgTd%#hZciMEm|z-k2X6AciE+0t@lt`PdQU!JHyn#V
zSWP5u?v*CC!!GIFixRb9{4
zfpCY`L}60xjbfgbA#EJ9t_16m(#)IbXORk+{Nq%38PsE%PC>LAvPWJ-Cc7XbPY=U@
zoXm0otSg$yI+blqj6ee4%gAwK(b*wpSyU{kI8;)UU>-y(ANWOv>{x)=1j+*q!D?BG
zDNH8eNA_>lw@JkyjL;-yMJD|rt)zW+9$5&&J(|RRa$!;G48!_knO)jpbA(ag)u4uE8f;cI!|J#dtlz*0#Q>!Q
zizc0932Jr2IynnYDWGL(DjS?xrqu*xxQ1bkM0cI-QUq34VzONnX}}{0drc!Ea=P8`
z7z4tzn@HPQfs|!LEJKsSos+vkSnrV3p3s5klA6)D!90p~J5a|cd(bkNBM*RhM3ZaL
z*3N-jjk42Hln!|w*aeOA#?^smB<3+m=TNuayorh%~7CQs4uuZIyv-npzeYnwb?1eczMni-L?R$Y+R-PU9kJv=&Aqw@#xg(i?tf
zdGy$6Ko~U)VKh4IG>{b)K8WE0W_gUr$6?z>12HjyK^-{;E*j>bcVX|5&@~>1v3>x+
z{*3)>_*%EXkC5QJ#)0JBgvb7l`YiCBVJAG#nEYadc^3+?5xCq7`e7}yl|=YQL4n^4
zU&1-T>f|{PzSAVtEYg3b0@n>+6(kS&DcuNgBn}RjTD0V!O$7`ytP&Op*}G~W)N)9+
zPna_eyw;T0nEXASA5FZ2)m+6-7Tjh9HSL{k+l7olo^
zSj7x$d=sv+P0c~L9=l2I`xD3sj~WqVJZaJ|qXJJF
z{sE|6h$(-gQ&B0eY7HMW1#ONIa%sBVxhM}pibE16&mul=SX=V&_a`bfxxktRaX+e{
zz>7x2g@JZ0-V0c95Wk#^dT759adEFb$2<+#oSX1NMnsg`#@7Se;@~_46=r|xt-Nk{
z4^6;_Cure}{U986NTN(Hyvi7O!>}%*1Q=)Fex9(EWXm#Ts~~`H8P>6_0&|;izo9WR
zJsNUH4L@yd#I}q>5~blNkr?K2)S7{J4C@mtl~RfsjX)?YO)7IV1*GGKRpC`kWA_C(
zln4|8m85n3=wAljH&Xgw$SvyTqWTDY0INcuRfcj%;Iv^T{S5kg2yS$Q#W{Ed@QmSG
zfpuW{oCB!3Qn)CGd?wQ`Ad5+NO5{hKvEWd)*qLc}kGFE$qDZ@tFGT9$vnb-JhkGDk
zsjD%sYowrNHS4$pMOVnyn_IYL;e)lnUVq_z&jM?$HmUqja+b!8vC
zQ<2&Oh6odx$6DjfWB2@!@$jLTS|s|{f7D7827S|dCMax4e5>Q*?ZID+)QD-4e
z7O(FKY$dDBkv&Lk%nLBlX>h;7VbJI0lK+d)<6VHO&_k400GLqBpqkEFDM>VkIz43_
z1j`xp8-;kXtGlYXkSfnQ0P7Rs>p=*Nf-=p0$T_kdoO?Ks{F!ikwgu59<|It_aWNkU
ze39mGhl=YP0&R9@OMGH?5jTMOqGszZqP$t8r&X9^i@XQ=1ub#~fhfry_6&?QIAS#{
z#CFgJo3rn26C>RbsdzpvoFfd=p9SUTZxoRAd?hX+w;^_gND*C@rr7c|C|eFblHltRYzFBH6P*z6_$BNb~*H514}@^iLpW2PY*{&SgXM
zdTaiARPJ!CppnE$SS@isV9i6Pi{$D8$qk};M}R(PwXUeNb_UYdL6uPwudRUUhpeyD
z6lEgdIX6+T^D91lv&QaHv0exGk-wvCuzp&gg7FgIw@Xntp+#aP*xtR-+Pzcpz5wTk
zQaqco$x3OeD4vd3X220lNEtz?nOOW8LbcgKt-&#`2~LAjJe%@}^(v|aGEOJJ14>cs
zP~|@hRgYR*|5U1`g0r?XF9u$!j8L9EzikHMvCaB%lahE6?8E;q(X>4Lc*?psMMdjV
zurF%~E^CxY*$hn1ZAGFzpn!*B#<3g@Wdp9j632Hzx^1^c+tJSi++0(F`k0(@
zb_U2htu|A!0tQkahbR&^U58K4dMCZ1diQq#nHEIfpsMdV>zrE%s`%CbS*OvIX&Vrw
zUFOLoYzhX~1B6gnRfbBT=+H?dGI4iAdCpSJ)&2Y;`3@$hm4)hQeNcRq}VSA68(em^$~`}yIBpBhK^tNie;KNAZR?gRYr
zA^z14nS);HY@PGR-v-(t)^_0u`5lHl?$>;@#%{?cgKFIu(N&=QSR>&<1d
z%3MZhQrmrlDqR%5iN$=Mm1=rk2%w|D%l}p-v)tLok!e7aWr$#gutK%v*~rXw^`U9+@}tIAWP;@;lTPqDLY9T)ux&ii*-|ZhGQ-qsuGH
z7CSA!)!noTyZnDP{cF*I^rqf*m74yMX?O#KI|E_d83^ajKm>ONB1Iv02CNZg$b5L3
zN4)`Slo@dph7&T6x&zi|Gn_C>=26mHW7K0LDj@0*SOsQmJ}fL_sYhV7FzqhEYKRna
zm%tithS0{vdDJJc?l40sdQeWC0&Aja_X_f;S71$2%I$7}`w)0PgZ(ECBlwFF)h+O$
zZI6K71RM;O>=sP)BS=*p1lM4b{qT%_>Ys!+oZDsd)mb`fA1{BD{y{Ot2@Ow4V0~}
zrj_xK5NCmXTN+QGHr$$STJtxkFqz#@6W~zc{)BZpoTY(0Cdx^*X^bx7l*FgF{0#Qhu
zr5-!6nZz+sk0Jc)>X$=*g(0V)+5H~-^Sx60n}F0L0#Qhu2RwGyiV~*>@&`xYD9vc_
zx0iYBKU&Ko%mC8zNW?Q}d9wZR=wE?Ge|x#dZd_F=`aID0{m&#c{M#!%_Gmb6GUnGn
zzv7bccunn_rHBeN{@aguY!j}Wu>JkvgYYjc!7i%;O#tjw9=peKiBli>9b6pEk+Cb$
z48UIPu?sO5>JO}J2UAp_DS%z*DY*xpfF|!Vk(H;jX%1jN?y>Xnl^MCZRmgh6&8|da
zyZxlcGZ^oAw*h>BvdA4sgXvj71;$+CDb?(poCcf%=7k7sQHiDj_F9kq*=e|~J230P
zzbrI&Uru-)P>JRN_ER4F@$2}l24FRDG1*VV(L}&r@8Ow1W10!rPkTxbl8B?JfIZ7o
z_3V>a=F(iie#TR>C$h2{(`3MY)+1*FjcGPuZ}9j@?C!=qCOjvf4)9{x-YB1rG^PoG
z{k(koqA|?~>`fjyC1^}j0(-OMc|PB`6@$3_f-_9!^Blq6;wei*z2C^^NrL^79983u
z2aS*6$;(ZGJ!3F_vMr?d7v48OvB{`<9{i#X1}h_b%0SGlj2ei6*imOn81(@fSQ%!}Bpr+cgjk-W2`>Tqk%-`KXa!A0H|hg1-9dH~;wA1k!RuFLuOo#Rxu1h5
zUqtX|$I&u6&KOD((k7$+LCjsEt_Mlwb%PMiq#I%MBly!;#~SOw=0#$)31r5rMBAnT
z>MN?MQHsLZw&5dOd#BGh`7JO$0q&O$zBp&pqs%vb#?bO$I};hkZa+4H%C1@fLuv^o;RM_SA4#!7$gk|6kby1d*d`(X???f+GmmZ
zo)`>+(Ty-(;;hM7EE%7H)hQBofGqYgsV#F;5!*4YBIjQ>_Za0irb)B?j4wdHbe$MB40!s#?0R(2?U$Q2*DW^JH44&(}=nFPcBN;V=4G?1t2YRkc
zqUSuiDg0oZf{fq312R)Acd(sKNYGe{*V)yqQkBl)T_#pQdx2%R@eL8Xrw6o-wS4Qb
z*^m_biSnuUNhB>U<|vwp-5~Yf<3jvsB=5q*VP8y4HZa?bgEcM~3swNu+lZxlN+Gzr
zKoUP0r6xd5rx+5^F*5IG<1E~}FO6f+r_O3dF
zu^Xv(4gkq~YjNtg`(R6^W&g^lydPPgHdx1Dy6NZC`x3L2fP0ZS-`I-OZ-2q}HL+pP
zZ_|ccd?$sT;40-T-&^Yb5FnOKso$nU!7Y1uM@r@WdcJ=Nso$nUtSy_43isP|kT}k-z`dpJ
z{{h6ZDfQdK`2H%Vbnmw(ccOF#Qj6~`JGL`fhai4C8TXbQpGgq9Pqr)J-s046m*?CR
zKyX$I-pN>YTPz|i`#@Jpv$|6%;d7aT#HZA6(=JTQ-pJ{CyrE525Q5{|PCzXC?#7h9
zi!|BZ$@lr3j>9&EWP1=&zdaCg{r2|0gc*$#&7doleLW(%C@)gW9*ZEc-=;S{mQAm!
z&@zC7gHSqAN^cdQ38(ZP2&L#uX%bAFe0R%a6m0c1H3~xPYS-uGAZ@jr?6V{=5prhJ4g-zEW7joDt{%U-qoDha4>-h;J4}CyOqJ4
z1`=Qx0roQB!E7=#0g~ijPkK@iqlwvh87%1LH{*3XOQX1MIiYPQqpKf$#w!#G;3g>
z46u@yPVcpBI!4)VQ@Ghn5o`2e0K9Yw2kWz#vfew##i>8x3NT?K%bPGhwgiZ;Xdl)@00)OpLn+ahx+7aIV}
z{u}rBaB3Pd8*ygROac?YZ_~ZE3xiipC&2PK01RNjn|Mc=%z$Kj3+_=iWcuyj=K&=T
zD1Li9VJ~6qj~JT(7GuMA65g|%`QCg2w^=~xwFihTWm=s28R9(x#AG{-QGUOV8>=;P&nuOBXscsmn-=
z4SaeMziHzycO=d&0m7lLp(YXze-@>28hrK&_~i44E=wri9Ti25wg(YMc)*Y!0a6~3
zi5hoet=cTj(<{*hR^5W!!rL}o3s4+SWj
zm?n&JxN~;wGWdYrl?=WTc{=55g=Kz%5g+204~
zLe!7C)KdD(6=11mMl4;4{56-Hxih?X6C*(RM1Rbs=luD`OK9GiU+uw|eN(7D7?i-8
z-Y4iUvpQlAc4~+OmGHdN!D1-|V)NfNH%i5x({9g1q%bRMkVCK2AfNc;@&()p|wL;dy;zNZwU!9$SqBLi|)kOTr)
z_Bq`9ZTbyRuRVq+V^$HE0DivrR$=h`l?0f*8hG^?@N6MDSum>^rPR1sH#n|wWgg2Wrx2_>@?X{Gi+C&T~)8Z7P1R&n^K!g)zl#?4s6`H1c
zDe7j~yuPz32(_5Fpo)<_#0$6rCzR%*6P6Nefa7dvcQZF41iMdxi0qCSh?*sra
z0RzBGXJ%Rq_1hJ*kXN+}bjW?n>T
zF}>fm-T@KKpwR$ui*foO2_mq?DTZ=DydxQ9;QI#vht8i8E4uf-&vNM2Z@&Vt_c(LO=k(>zhzo%&n*>?v{x!hS`@W#m`kc}-
zNc}d!y%p~y%_T~=W5gg6h*(%4^)^Q)777gLN=36MvlO;<%*Dg
z#?P{^VkGn1^c#?v)Mzsy245wl<1VkjcpYC!Ps8oJdAZAts%LOI8Xo>d
zM)e9pyuleH4S#u;jUT6(;yucje|ZBb-as*uQz(de6-lW{Q?RuMUp#=k`}c^-AF_9GOJ1*lp%VV_2jcM
zL@(1dL~tJrhm%n$Qe_rQL^B-#eyN`GLQGfE<6P-~LpuN1A#qC~U7%|8Ay}<^vQbxx
z$QJRbAZ}Ys^{I$SY1Qq)ojbGY_TV1!Myh_FQ7%ID`;4Rr)$cRv%jZr3R(+Y_s-Ai$
zcnW#2w5E5EBtSaLE|{_Q#ZgP{Dg41^~S
zrsldD#&y-V=HS6OIMKQ^eavqbWKD_9uarWkRim9@SLs^Rd2MidLh(nShX0JhZh(gI
z84W%Y@N>l#-Uo$QkexycA+%)?KMYNwmLk_3U@OSE1JFFx?Ev&E0pT4$KI;xZ^Vu7A
zfX(Ot`&Ja~0Oh6>6M_y9Ap{*DLI^rQgpjZf5MO|j^iV={N#;00Xcg_2gnoM^yd?5j
zmxNZ^H!R6iLI_F{Ap|9f5E4-mw6$C%WP)3zou`Jk@&D?cBg|?M
zZG42O+O#U%2=ivu#zp*5$O#sc^HPMI|LRNIjra&T+l?CXS;^UMG;rjkmibArIgaw7XqrA@l;q|>j!MNPxLKt-tiSqM;W+yBBllRrzRU&v|z=%He`tsLA@?3_o7
z)R~_N@p>_3#sCj}WT=Q=SM>s>S;RKA4W?upi=nP?QSVCFp-{IPbYwe44t5}SRWX`<
zjv8$-tg#C&frivy;oa=kaq{${Zs8gzrCTUHc<>NW`m|ATjpTvn9D1%PeM9yz+@~q$
z&=pZ=fl9K3>R*9)axv8_V@6YCpdtz$sOZKWs3aeyItD8FtW?K9
zC7*9FP*wT?C!8p`y0i6yTvus#ppr~5L&*S9TSZjGt-gCf#G?RJU!CtSVI%O6GE{NY
zg45||Tb=<%ilWmUbQ_@DJU&slsoCJ~Rd~92l$@pbQzVs}2mKBlHxKgGZu4l(-dZ;g
z`3xJc2HV5=veoJ4u>fqfjoDF>tL5fFH*WKg4p=u2`K+6Ve7;fh_!VqYzk>AFlyu!Z
z_CY#Zny6Dqm+*hpW!MmngV-(2d(XBp=;8?fE
zMW=hx-+;1th3o<%xUnP-y_^gDWzv?qD%t?bxLu?!PF3&^PKH&*@ZX_g4v?d=(Ss=t
z+mlu}2}5i0J*{pMhIXKPBc}#RJ3Q%v5Q_=F=^lx1(9hh9_@6M6ex%gUX4wWzh@K+i
z_g5>41v`~6{wa*4+lrxn15{WLsNIcvF}alv{D#0Sz%3R11Dy4j(-OGFIUwyLbhFvO(osoaWG&
zi%+jWKSx7zXgQbeD}wYZGp_-;qhdh|ZTd3`KLymC<`?JnNGUaTiy-}C%T-|4QarRl
zjXb4>Gj|Anh)_p8KzBYM+kl=U_6L+#6OCr5umKU<$hUI-5`?YF}0jqfN+us){CR*1$U|D
zE3y6u#@C9jtSdDOP%cRgIq49=2Y@>f&>0GMq>DSp!3`+f_+`+gtHMil@jeEgJ5c`D
zJm;n&^PJSMdCq%a`}NYIwV6IYd^BJ`Nh5ZVc@Ad$avWEl3^RWDtVRRO_~mma5nu8r
zbp2v-){EnQ|E|4=w${6dLTJV>i7=s{pF8{=
zC><4{c7tB@Wv;XFs(#}qoe`ph!fWZ)!!5vznqE)NF6)q2D?27hHKsb`*vgJ+B_Fdz
z!nP2803HP9U?l83c7VG`BPPEkB8Y|SA4_DNXy>sM&=8Z6^H>58x)G3<6`uCShX7@j
zi7A>SS|~5T`RDP%ym9S(GTGKLjao4b}LUoVP4>mdw{Xl
zQ|@D6m<4SDM=(%^);Z6e0{ilj|FkD|Tn=&Ak=LTby;AH^rFP)hW>9SR1V{!3tU&jN
z@x0ShnkXoKCE}kPk2SzOl5C7y+Wyd%OY0qN)$YWW=@cmJNk8Ugl^U4D#DM`QtaqIA
zj7j+;sG44i*BqDEOW?&VnD*STclW}4yiB3^FvMULJIQGJjB8Y^VkaB*gtIEA
z*lK5W6>QmAQIB?=WW*uD7oBVlLtEvQ5qF?qBy27Q2SB|IrT8*~=4KW$1am2!~49F6Nrzc$IVx@*&Oz?!OGAKw5xu`(Ua^guL?oi~qg|`B^
z+rn>^kqNhjuLTLU@PxfS9BvFuvo{hh0!b5TL|r}u^B-Kh7AwL6KtoK1BBUNgJ4sVG
zc*VhgM&XCR;W;(!X5b3NoSN=oQLa!-tL0;M3eBv|0t9IO1*;^*D&VsEgILjYoA6UM
zscH1^Y8SD)d+=sbAv7(qXFC8BQ5mfLIV9jt+mAdy#_-eZ!DF=ek7mF`aO?*+H>cgt3#xqTMS
z&0uasKc2Wr9+jdRJJbI7k1_3kzZef=iL;v6ThXh`kg(@dAxa^`ERTe%@Dxw`33(bu
z?v}W2QLJ?JbO1EOWT?V~FR&u%1&BEi3G+BYJQ4|O;VQfy!!=*=(CfJS01Yu2c*O5S
zv2%*yya60`7wusyXRRma`Di-FKr=|uXzzbHoW>cjvl?>K5%F6QmP=JMX>J?2d8yOf
zKQ*f9NFHK>pBnWVfdtK6HvdnJRx+}OuG97$G88ZPZ~ik17l4<$P65#nQTn1$A%f{e
zBgtK?eD)%iXdpScK-M|EZKOY=@C88GlS~;al}{hL6~Ffi=plux3;m^o>#ixx-Po^v
zKTW+P->%G+_%;KS7dDh#n=C8EsD;fhhGzj!H6w_$1o|sA8c|I
zbM39SI7(!V=EA~i?5+8C*x{||SI%jO4z9z^VIZd{7JA&dQk(@(k|k-_TdKA&{jqtn
zcv)`odM-opD0)Ooh$5>ZM33acLe2aTJ(ACA=7;E!e8$XgCb-{MjQfk={$Fb$M2{l4
zBYG6U9nm9~JN-KPIK^E%$K&8GI~t-#YorB5{1#}Ep>TEYto)#=Mq0bbnL=Kbh-FP)
zb7xr-+>Is4%^;|t*ysuy0w}i{y(HlZ<6jg9
z$&(eW!ziTzbxA|atzdNM5OGCEiJx#fB04M=!8@Ifi8
z7J+GwK*Cy4a~5etT@IgcEyi_&;;oBV0BDHGXdK8z=PR#pbm#j4INbSYr>)!hcpq*=
z=aZ1|&PNdLeBJ!m?O1^GU~{EKbY0c~lI3I^QQ~ly@j{-T4lI{J&!B=zI~&A#}coSKvk(00Rb({PUP_DM$C!fKXm56OngQI~0R3W)G(#O1
zcSup(Wd7tJ7;9r=0rFNTiuNwWyMXd+ffhtODidC9dXlA+^LKai0P&jElvgEUv6R=`Su6z`p-;B~L0!d0cbnmWvisf0N{;pqF98~2dUAn7rV4QY
z5c6{+?8hh;!dxqjfD7CS)*_K;9!KSPu*Cg?zQo3#c7d^gx}+iI1{e4daU~Zx;1uQ=
zibyxNED*Uaa8MB!xC|uh0^7i63<9P(8VPGfPDP{<^@I4OtfjcVu6XMrt^hQ|WGG_r
zWJyD817wB5(K*vCT0qQ9By2Zooy>J1xEfWFh(w|}`-l+JaLra6waM=dCk-(-n7lop
zWVZAq^zvu$&|MLR+%~)oP%iQX)yw1mM0};9!b@}U{so?_9?al%NJh@!=gN=_@-bpz
z1}{T2m`>G!i>Ukvyvr=vM(%g{4FELEyL5_v_XIWwo-wP9$mRhh`pJC=fSfU#(=)|e
zc)I63YsN|hFn=3`nhiGBW=iH*3Gts%xS3f
zAA=4TbGRYh8=VjuxMF<%1P<)_++Pj`!}?E|g()1guBtSzab
z8qHKVIu<<}I8m7iLeSY|QNPc?DXlPe)L%2OF}4<_Ass^4-Fj<$OSuFa9X;U`w($0f
zZ|p9~>Xb!u1Cv`7YwhOV1eE(;rLk;eXEiiCmL9WH5MNF(=JlfA(wg^sCfZR!Cz+qO)O=D>yA>Vo&@ET
zVw68Ql(cQzp(J)hiO&G>veQdA!N+lzScp@tiWeKus4NU)?V%5s{|eLhjrJ!a2vE(8
zlY1t!u(rYc?>3;DGmu~s(?HOQpIh0h*_bL*Ft!Fq0nYOv8gnycraCTln=x
zT>qFRP2a{fz#HNGLM#HK#Xvw&{h_gZg@b))FQ%e+IHVZp#`!&!j(`M2{kth5j}pG}tK(38BzPddD?&ego+I#<%7-|vGRZUg4lyCl7S
zvGX0EVRi_6u_Nv9KfTzIhS4u}LF><|St36b9N
z352NE;Fr>s#vw&&6qW&$HSUL+BQFvE>IS?9Re1U(&|u)PmFXqWD~$VpcnMSsZLx&n
zrLDXTyx2igpoJYBZ;Io0%m*WbF$bMsOv(zb*}h`*ZEJ-1HAk8tY_0RnX(9G1aGG1Z
zxV27&qH*ZJg`5@+0ZDk{kbw+LpHo)gMFJ?zrbyVIQFuj9pA(7g>zE_;$926Ds;5lD
z01Yuc>=_&j+b;lQyuxedD)%6uVYWxh>hPoxF93RSqAcJ2F75>fceu2@J0G1}NQG$Q
z&PVAvVm>Mn;BbyXk?5xoKUK_Exy+jZ%8DrF++A)o9~}S|JRh}!*joT9vmX++5QTcQ
zh0=)Sr2Rt7!L^wZs24o<02*R?SSaDqhjDB*Am-ypm>KO65ov@q{avj8as6Y0v`8yg
z>GuE)F&Xjrt^iXnW)G`;8XWbSqkkrzXOy_zZt972+w(Sei6@UF5vF$dQL(h
z&uJ7fjq5oj0(nmV6e0c^FJbG|xG
ziY?|jm8D$INfgp^_R7PtJJ4;F(pY=WZjQ$Hpyt?f9=Z>E$rPUUoR0#}^_-^|_kZ`C
z!5KM1ybH?gF;eBjZo5AXC}S{4#B4*oL=cLK`IftIhKf<FI7NWy#IGJeMJlra@U9VpGu
zkg%_#(3f_;iNtn?*A&-rja5Rm(=#`~=`lUk!F)9Es(^eoO4flMp6UY1=93K^-FLt|
z{2nWySqfJVPfH!#d}sov25u^Zy*4
zCW8eHPpO}vV((LYut?!Qqp-qrsy=m)`s>Ib_1A8YI$<`JK(#<%rXyh^QzTCtIgPkA
zZHU*HxXx0t^awW!&=Awp=(GiIA*KRi<{@Ebw9`wZ5mw4r>|w&SrQ)GSxaR>4F&Xjr
zXA-u^17hw)!aQDqLL!l{nx~oK9Ih1=4_(<80Sz%3c*LJPDa7|9q&01&Nk4RAjOw7F>xfUeb>0Sz%dDeWJI^*puA7jFT4ScvtQa0=eqG~4~01{T3xh_2NI
z_=_R3Ann|O+yyAd+b9&rC8Bs6I(Quwa+4vtHg#0gjUK6cr%>b#n{qP4VsGTOA2NP|
zti|B^B5|IUEKe`t;<%AK{}s7?o_PANH0Ma(G?+;Qe?E%22MD(-MXS2yJPs)9H$<)Y
zgE1c?+zIF^g(F?^N_
zBy&EJkrWxB5F&2U1O@82xUKJml@p13zqb+G#kIeZtvktEHzW@+Yt&~#6evFgj`=MT
z=KAb76?pOVGiujBwn!r;3r69~_7~t}iWM&&&=B)Lkm57qg?&QSKCX64vBE+R^*|KycdTM(rKfjGy3q@1A
zAf}Vr_$u}Do^+#ue1_&PBCK*5nX?o<=0N;s6#fG!YpyoB
zh~T%c;$YzyG5;7WwR^+G9RO$;ZYQbfJ(k+---b)+xyPzY$AnOW2Vk7=EV4pWYzlaY
z^k-j2{2zRtQQUQ~dvPRpIOY{E;0rf}rycVrzysqU9NOsM+FLs2IFN)p=G*xh_P!m~
z>#TU`w|?ces98-_H!7M}h3;WR85PZIE+1jUZYWg~5cm}vJ#p*>XqaJSq{Xw?`3xc(
zUwWdte;p(Zs*9WlI%&kRp7LZgs_xVo!2PBe?(;5gB~JwhH{ty_d>Miqb1xEZ>+~&&
zNF(eu{W1RGdPMQk9{VDoAtvMI6*!6JH4_GUQ(=bODzE*LnjMVD)>Bm?mksm#Z$McH
z%1y;6hdGqq37V4F5oN+_dxW@)9u^~Ey(uWk!BJ0Xqxvyqi!@@<1#+Lqb(s>N`^xKp
zhL{KX=qx<&Sho6Wgg@y4-mBXJcvZ%Toymm
z+!!o6D!I3~Ch2}d#vv98P0mV9Lcj2}FM2N>91?7@TZnr=S$Cjp1pM9wJdMKN0d-@`
zQNOGgf(YE^r1}x!nLewc>{wfi{8oU}^%Shi
z3#?d!P8qN)GJ{!g3l_w)gePRh=;-@9RGV+1HY+M6bvtOVO|^se(AinCkmg*Q6QFQw
zV3@s;u!$3-Ri_9~1vCC;xL=V*EbecG(~fcdXMnVVuFWNYhL{Iz*a;6*o9Tn0(Q|k>
zukdx(*$*h&C}MZpL~l8{sS(|^?{*>10xRrstpQCv
z1@rP?92mT|9U|k9IRSu6O|eTm1`kX*g`Asgzub%dBw>sdo-{jH4*rvU-RLTqtv6B9
zW2JD^cd*nW`1&3yB=whygj2f1$^(eWjYQE}!6zCoum7vo}>%Q#b1!M}&;cNry{w+9e?2vHBy}=nSw%E85##
zTCrWJCylIE(LEj}+AM5)0h21gYN2TBy0obdt&%H(cf$-_0R60wR3Ecn{xb?kJGjye
zdV7sD16t^o^+MbWtSyRGkLoKN+Kp^NOsgxEHpD?dTPWPAuAE;1<&{0fi#cjRc(vz_
zMzi8-klQDzF=1aserdUpuMMB{K}h6agcx`d)bw)-)~l$rI3(PU>5w>sStXL39^J95
zLf)6XWoffrEiwTOF)jLUka(c~TJ}$0!KIY_6=54ipV|QR*k3vQJCH83${@08-??U5&m`Htd85KSGb97U
zqp%0-No)xQm)~xag~@bzzg2{{3=#ZlR#&`b1p7C$tbFd&BB0cB7VvO8=v>##@)7}?
zu!2dD_BHrc?j@yt;hL__Yhfk%|6746`R)o#=_e9yS&mmJ;A?hA!fl3P%zE*dNJ7uy
zcgpU<^`Bd%N>y9~%mOsT^fWCvuo~+iK+NSxm{}8a0Fg*oZ#-&>S8&~+c=UF8ya{NC
z$-rZDlbHydD;(`i(ubq&uL3bwWtDZwjh)IWJFs-*#&;dKiGao{+>tJB9S2v2;LuQO
z&cORWKz%)B(X=;T<>1N>*j#Vk85CjO{C0lKYOz2uDC*5+eqVU=X6Q%DvZNU8&96X=
z8;W-$bFMd+5%_R#E+OR2DLyB?c|%04Lc6g2sfT2*y?JXux%E>lKHQsMoiAIvxbM}&-%X>Yz3B<#)4!$vOwD^tj<}XmuAr3ya}LTX3*YTngQPY-FvXF
z5Ln9glIGcetcC0XhnrP)h*9nK-rs9c$K|5;njYQqFO9p?#Fe#x!jW|
zy*VLCZ{FuUP~-RVJ^`(H1_}2iI>lH1_+282`F*)tbd?$}aQW;5l+B|8{`jT^A^yn+hE9D%a)=uuI|uK#;fl<{bciVMJd5xC4zy!EK~X%XJ;
zsHk|mqoRE7)MABVQEXI{2sA3DL)umFUEfKTM30K?b}Q3SN&f#vMJ3-I6_tJ>VbEkD
zdV;Sx90}Jj#iheWMH1>Cf%zY<3zbS$+~%AQXo%@)RQzU+5KjPNZa~7!hEkwBk+3|d
zk%PF_RXp^l_z9pPCZqY(xuMwf2guG_idJO(w^i|Fd{|fHh-~(ta{7LQ>5bfniHht6
zH`xPRaujb}kxvxi?N+4X?N+3G?$lzjVo|IjB?2lkp&RzCZUSHPEhKCW+OZjCS`wNG
z1D(b-OYzgD{SnX*)01i6MH#OHVtV!{W@H7CNLY9GhARX3kB-u0deEr{Xo$(Mk!1LN
ze+tn7kXy-}G#%2g6LsTYl>{N~1ay5d>NS9Jkhe(qxG#r~5$BcR<17vzBh)J&JEcrZ
zqWZw(#^?#&uY${QhZ9AE*%TBm?m!!Hyfw8{mvR)(rJ*9(j{OEh#e49c?G>>e
zD&~Nghl*>!mP5s`Alt6XVZ#AqUzQUMJy3k-@s603r25j>2@Y8T`z
zQ208s+80ncBq69k@68j^-WFmcpypg8tOEt6d(f$lo&iR^O&lg6vfrwiVhyg@ifL6>
ziI)HkF%Kv)5f7|Hi#M?26c0<Mt+~ss3!u!cqO2~sh8z)nhf(SCLp)JqSApl+awUW!-w}&QKB&y`NVv$f
zeN}hXG-8=URaUd?`6dQ0sWz!G;^Gb+up%d+hRrVoma7K
z2GDs5S8siIDiW9cEn-bmtnw-l*J8CI>8#kx*wZY_{m>MzILaYv06ykkBy3g+`-Yj7
zgsg|#6`0vcj6;!*!a
zAu<3lyEr`75|2c}`VvvC3AnaVJhU&K4rqwUh{rD<;1g3o%w0%0bW5RQ4&74pnTvS@
z&6uOa6uPBsH*`xVB9S;ICE@fcTz_sWtLav^no1nF5#taGE$ACsL&6KPLYw)Do-lhi
zeoz54r!yp{Xo#RcqwsD(-Joq)2V12gu>AAohZ3ijt%aKD7tc)K06lAPXk~0*pQTQUDu0VE~7aqg=KR`1Tt{$g;bZ~#=
zFp^#zOId`M#BeEOveqkSUOhm4;h`pvpiN&
zKI4tDAM5yjU}8>0!siT72$5@$RDs*Yi5BZ>&@qf6jijB&puQT{qiv+6d%C)80@URY
zVy19?Ljh&i*A8*MgLvqx2xq#4*8pWh(K$?HR*W?WmHbwfqNy~^%cKvuz1M8|4FlAR
z2yWkqV>I4JlWZ-O=;&5=H$a&e#qvA_=X2T9g$5c`PplzkCv#h6`-BK=!8Xy*5Fc1pOt
zip*AZO04VUGu&QvsFVdJ=13&$v?$ib1tnD+w?`*Wi8PY-LrKJoaLrM==$5rEoI{A2
zqKWkbl-*wDSRwY{A*cwm-I_ZIC>Ne0AvELTb1J;wL`Cn$fWv;SKcZ>>0&Qh8X*umP
zQx7X*I-e`tXHv{E+-K5nIWeyf5w7e4s;s7xm-dRrInXR2?CrO%WS$Y=h9
z`h5!2U6qu^t`*(_)U99iPT4B!`zp6(^=R?6?kg<5N}_K!SJc`8U1uFJveOAu&f<&i
zc_xuE4gk<5C5JASX
zNJKCM@fUHIrNrwIB;}|omJ}a0f=Kb|4EYu(EWS?pdn^~?wx@L9zhyH#kF|2pzw7Cz5pm!gd4N&vJl&y0Ntr@
z^$7B%gDaacMv%V|`@0V4;$pbIkHaiMIwXXkLoA>o83~t-M20zQBKi44{B#zs6%|80
zg7gA3MD#p@{5BVdM$^MMBrY?NNLc&gO|cBu{SBmXv?G56&=8Z+2r?TyXaso1vybK
zCX;$*At4*kE~=s*(PjaW@bv%;1mIzgM8ay)`y!`ZP#hT3US#!Nh2zd}4Ji$DyLgPC
z%!1rL9=Kh25yg8A4?^MVcCjB&)>!TG#0&aS82kY}R9~7^w~JpKTp27!yEueW;ma^l
zSPZu^psppjU7Q&L?*gc3jfBfaBEzbHNY->S#ZX-9D~7sVi~}@8^wcf}cFmS`I+piRPH%}^e+*~=mZRNFcOx|0lDKF
zOyS>c)S{S+$RZXO7r-OpIvf8PM3K=Gi3sK)vbPR*iD1j6Yf)C!{{+6
zFv5T8
zj*=@#M8Xf(@l6LZ%(f0gdVis7EQ_dqY;THQxc0+;24RbY7eO})cjjG4*gQlhvIu1r
zLP!g6U5x(>LJ|p!q1j5@nLCg$y4L&2Fuk8lj%LFW=|o6<57%S(&miKACnjL!>Eya$j&lqzQ+P!T$ql4nV>h
zQgG5W#8u;0gTC4?Rn4#|!ijcBJl-FV{ol9>B?0xoe@5YJfQFc1L8sr0Ogyc^|L;au
z!oJ3U(u&9lG+yUS{w^nB?{UNdfoh&Z(yrSOEN?zi^H0(XwTx)z$7TD`_?yVG;J!o0
zuzRJh>=7xhCe;CTIfR%g9MLgij==#x4E#2_$YfY@iz2P*l8yi=&q_Q?j4H%O&Qh>{
zYKhT6KEvg_wjbxyBXhZ;*JdsNl+8ST9Mj?>z4sso&=iFW&&Gc^64Al!%($IcZpjLs
zigWq7jY#j_2It=Z%cp43t`%*GFO{6us2Zu`1Q8wdR_vcnlUpq0Zf=e9Z-Di69ci9q
zm$tD(J6h6;gqE;$J3!6eNVq9bkkoAoB9Tb`y^j5FxZbZAYJa}~&=Av;7dy8Z2UP)L
zu0z7i8jX!$M(7jznPNY#;}tXQ&JF__VtQisVoNwOK+H=>m>Cr~Ofy2?gcnw2jw5)c
zn00cCS`p9?(-X52JMlsg5c6gv%#1>wVay2KLPyHR^<1j7o1P<&0W`$)#4I0C!|8yS
zOOP-#iW-J7BlL&UO|co*{fe0`=5|0sOi#>4z9hsufS8AnFtd|jCK3tjhtGt#jO!A`
z0~O4FM&TcThL{XIg5wV0{r^`8K`6X?T)fVJa-*b%Mk^uN(tKvZbO!Ji!5mT2#^Kl}
zXnBLp&cRh^x1&M$?M>1STJ@>n>}VuR@As$>D*!#DaLc-)*E+a_qs2w;^uP4opfa)(u?N
zSp=o+e{$~{x_T^dCj$CKiZp}9ol^|=$a(|<0j;laH@JKcI=C_hhmRrYObc&~sQ43W
z$l&;Vq;(Vk$x*zqkT*gE^TF;15Sofz9hcqj4m)>?-M7!++y1Yy)ws4)6Gh-Zqp%^M
zTqGHaQERTMzUucQd_kTfI175-3am6mi}|0T%?_t!r4mlBML-N-b3PJosl+#|*%Qq~
z{IdLdT%V{VwL$z;aeM*L5YhA2orF>~sfe=CE^jHT`+7
z5Pbk`sc>}%n&RNfm8kAOJFt4A4iw)WHF7CQs@%nGfd@hNzqLUB_vM<((^sVBA}KNo
zF`3q2lcUs}=c<_<&OF5O@H**7l8e_#*ZA5g6a_4bnI&xUq5spvawM)UkT_ZRW6Ww=
ze2m#x&d5nXqG5=2xNgIL29ak>r(_`#oY^%A;a=P|Q@S;Cb^94mZh5kW(3yENM2Vlv
zkL3n~-Ok-W8Uw?`D^l$vDgYWripJF!4Y4_(e^i$>r5j>L2Y0a35DV_ZH@|>Bp>VZJ
zob2GrhKTLQ3D?o!<^yc5K*A=WyfBwYG`;Re{F`VMN9_{d1~f$U(k14iJs-xCc?^lm
zO(YW9!QQ6$3)dg2$s*|DMtut=Oa_;j@csx)hyXEbB4Hl1kPOp^(3iYsiq5$9R?M_U
zy#Ngnz0_zajGTifa~6_zqqiYsGfas4jn6A7=2SZfhah+CBFx5cZBk6ZSBleym?`P|
zcoe>W27>t^61P!_EF#+52>t-qZ}Fc&NchQ6^tbP;N)vQ*8%z4x|3iN}QBHY$)!)7@
zS6}u&^tY(m_{<7S%mGMP3kua~t7Vad1G)G`99$>kKZCGE!qc@-|F|=kB5~i2
zY#g8=rl)~--C%4TNs!er2?FTPC_Dz7(v!zb5Oy`I*0mATh`z{;4t2rsRLyEsbqE2D
z%Le8tzm
zMGp1=vUMK6Q=$m;*j58j_Iz7WHd-2v8!=PZKl{?8ZSk%*m;&PVK>MqdlvcxZr2XL#
z?`6Ym$c_FQZo)p{t0zUT$qgJQz&E~9JsMLfPv$0#nJ`V*r+h(Kw+C_qEheC7r+wwE
zchu0_h5+CCLJzcOYv(1Qb)5B;e4{))9?5O7At?2rwLSeMjS==aUn!ZtJGaHVD*pwU
zEt0rM-}&N)qV-by0=&;7nEXZ04McyBQddU8UF&+}0*{JUdJTF6@;4T1-kE@gn4X+c
z-abr-h}k%Y87-f}`U;`n1kf^EmlR|62%sURCuVhEil+fFUqr&15i^mU+NQTRA;qPZCy_BCw>E$J&h
z5j4>5UPsn;TN2<_5&VE#ZnU!9;mzL`jH>n?AA10^pi7|TKs39(zEW3uLGyyHh*!dQ
zTq6$AKdNF-gAXeP@%-~~Q`ANNA|W9Ttw8
z@FoP`1&El9gzZOyMIvEk_QUHQT(?-VgnCeY7SIrpQMjv5_5ci4XG-j#=RHW6O#uE&
zq!D8Ci->>YYAfqkbyfKp&=8YB?O+D1A9KMFw16N{tInxY2sbCrNzu7J9LhL|4q>vNf^;b5>e
zfM#chU;cQi212}24Zp~N>j1?@SHo05LrexXEtmAhZZluZBLGhD$|ALO9r$HHxh9T6
zPmFE3f#i}X#=|}y?7Ri5a(yi}Dysd;5eMS7ptY~`Rq-MGfWaoWmB6ea@NEvDkNVZLx0Q^wVFa)ve2Yog%<5xue>4ea!cp5H)95whb7H9ShpI=gB
z2jX#5uRYUw9^E2V6?~8qnuMWyj<4i$7BCo}?&LwiiN4a!pvokrpq@B(a1^A5MBbof
zHqh_%*`tt=rOHGOoiQZH2
za$cbEa4_sIYZ#t0Fa|3h`wm};PHdhm(Q+RIWciHVV6{*bt-cMB0`Qib3y|fjB?n)$
zDK0^luNjqq+EjF>yCE^l*GV=qOz-Nw1Cc#_F%+?*>75w(H}2?@&7ELxeu#v-GJUcc
z)|E+i6^sLyaBZggV0E|X*8vSNJ?d;=1@u8;7=0NG%OY_ZibTR}ThbKG0FEujCj-zB
zlTqC-hcO!Ze8T{2_K)nuT~)6%3Qqyb{YhFIK9kGd(AP+o9X^xWY9n8xGi(fepUu<6
z#m@7Ho$t--h%c>M>o>6?9i+3hyvwK@VQHRM*ZA$tm*&qL8$
z4u*blKA-0o{8rVUQom`ge&YeXfqrqmdXf5-^VN&gFWy&IR+gh*d0#_UzZ}x9*?!nJ
z$rt*xJXPT)=+g50zJ@pzL#hHnQ=S0JQ&G)J
zDMQG9ekO|hIe)p%w)@rrY=BYFJjp2MqPTZ^3LeXA6(sfQeF$C`qWsk7Jq4@tTD2i4
zo7(clNu>+PfN1Ve`->=F2Pjzccd75MZlhXsW3|7~Y6p%if~aFrYOMnI#O3%Zs)U>o
zqjk4zf=c=z%C`Z`{8y!j3a({JUX8HKs@c*qA2=fNXG_a`5YbcQNC12>v%;9-|rUljz}Hgbh&ok
zaddD>wNI9cLO(4FVYk94-&~NcxFi{Fbz5GeUn2_TRCl4n(5dc1r%)JrxT~yjY8Nr^
zMz5fhYopYv@3Fi<=Wa0d(@}9tno+GnsgEB7V1om|G?5MSoCDa9*CPG0RPAF`R%$KJ
zJFR7PUZAivIJ^*5I=(rvq$bgF1`4(!%GVo3ICQb7rS6F=m}99GPQe^YJsf7K+rV&Q
zlbFoWtr=gWo}^e4%oS26pu1k;?E6~X#_wcr^TXh
zT-wG?Y4b71A*F{mLs^JHC07=!k6Wy{T&#W$#dmW9H4{;aK@J7%
z`aJd65e~+=xr5q3QU-Jn{EmQt-99QtcHJYnqE!xgm^&wr5_YesGEO)Gg>8AL5Bx=x
zZw|;RC_@Y)e>x*7rPcZrFlw^%SrDC01gmnu`N$;;vh}&hanrBUfjqU=wb6(#X5Kd9-M!W3Z
zF2b(W5eOs}=fhcCz+~#U*Ej>@jwhu?bumSyKcleo^{~RynlhTBGRM7%a`ehq!|icz
zeF=acTDlTdeB9gd8MHr7!NR;(jQe+Dhd(%#@MPJTR^u;lc{Gf6!W$>&G#m0nfBM-1
zLgG0t_TH1|mbapOd%eDSxDS3Km22!OcLGp%@I_4oKBOV@9j}_UvhDYIRht+VsJa`i
zbiY?EaEG>dOfg)~8bK#k{IEBU6gLadT&C8B_#Iv!y@?qiI-4{H&)(C)tZ2YRm5n?yN#Ef6TPu%S-LOw_;`GsfSCJ~VZquB^LD9ydHWXdVid4{k{ah55YE?o411)^XxFmEjN1IEjosDkBu0
z5rjU+RYrVxMjK>YRT-7TGjfm-1EooLQdmZ-HOL@fJ+E?bn45@}y-_c_JiZQ~@O}gg
z{LPdX6#liy!ecVeaf4l+>M~4lDObh~UiTzQz^F**qF8=%}Iy(4*uRzZMLp0FUm
z6h##o1PFSnR9dKl09j}=G6+z{6G!iNRS=-<`R)*2(i2nuAAD1APzrZ8Ss8^j0d<9=
zZ;7^hZUw&KiRp}-kiyqdgVo{qyky}eyWwd%8S^n6H84Fzq6Vg?NYudV(NTkGkCM{0VP0xXuR>{%OxzIjtHj0Q8d}Y=ufi^@VJ+Jgnm^XdWm7Z@CZLjnM
z|3juP5!)p{J0SJf1H@oJxfziDI#h7TtW6AbsNk@vh6EKVIAWGaXA_~}>?aBPOk)9f
z{qt_oI{YM3f)gv)XV!>}73?z`QyFxuV4vARHZ4pGIaaXWjG>JTJelot4tF>Z7rw}4+`0L|7&Tz(>v5L;o;
z8;a`(#n_AkG{j`o<5!R^HkiI;fNtFgac+PB8mTlpL
z3O1Szr7fJL`17U?6(EqILIqn*9V$qKU!VbVn{3P~RM2)PDY(@1)q^T6_euqItYFoR
z6c<;;bHfn@u8v1$|}j*1>{)4gkS|MCd|hxx+CFf(6;69|sGDn11T{94yEu
zCrEvTL{OyB3=
zwrH1>p~D5uaqf3`LsH>_3`d3&F32$JM}`a9nnl6|?HnysxS+kM!v$^2krK^K-vEf)
zy;CZo;{{72m2g(U%^fA2Rd5SgE{YelT~DSfW%^zK?NhHxj+NyF1NDfgh+;WaUdrL<
zRCy_@ZsmB95mG-XX<_`<T^Y@v21_P2w%468}72b?YpE&uHh?Tn<7#1((CpnfVv(7nzZPm
zP{P;k^9(id!D!d^IpR0f@bv@bj_0Lrdf`5+2)|bOP@0N2J)Fl`n%s;vjK_h!WTWJv
zSMHt?VLIuR`&grr97~*)`&grn1UM`Au|~Vdm3tX*D&fgC!&mO(jUp>|LgJPC2;n8s
z@iB1x4?QQf!iG_0^;O7{A%xyWnv{zJYB}oM+sKrF4S6y;&_^~yK7LA0HTxN{gn}7$
ziz|wCAH|x79iya-v-E(4my(5B8@^qTIB0{^Lx&FH@p2-(#$@QAjiIKp96HEw+L8(#
zv^Ct&!Fk1Sy^=0N2VD#uI+!+$5#PbSt(yn4QCXQFJlLdWaYTAgGNS5MC_oc
z^fDAXnAVy2rx?D~;M7*}*TI7WMfkTEqfpv~*()`yHBGEZ{Lc7(0Aav`hB;(PN@v&sd
zI9p7tM4foGZ$9wur`0w7)VIFyY*)gmDR7X{4zf$9$gFVFRMy52`U(r0)ug
z8q^2;YXyH>!&_woPPp%Cn3#AkE&lHEmG$G3ipQl+`(0Dr4XE3)Xu@5G*YkI&)%&H~
zI=l^FlDnF(!@B?`yNmfcyqKTjuH|JJ7O65km?z74uj8}xuy3368SZ-;l7mVg#P#_P
zHj30|LtahZD>l5E+^e-FPs$%&SI%WtAa#pAr-Mk-ULM*%(tS
zER^M6>dLzlP`CW>g>`1a(b@y6$u(7$ls1rGw9t){MlNKC6-am?L945tyyu}$;xD)tiKIhc%zIzObQZ6wQ}oBPgz$)S9P?WCwnO0Sz%d);y^xaHFl2%nmNjqrj=dw(7)7
z11yefvaLFGlnydm{At7@jA^$j`P-vXmlb-3
zi{7Uu04wcthJxT#0+
z7V=evqjx601e`iIBfje$n9wtczEi`uL#^xLyFX;iQ0T4QvYY^vyY2#5o^TVs1Fs(e
zHGf6I<)JK*NSI$D01#i=6x|gcZ06-Zqp&KVAtnQl;Sbfs*Diqc_~lt}9b=S>O~r<#
z-{nKy03NWJeFEjAla3;_E(j_qrsS9D&nV0V3w%a38T*EeDnvyJ{%u?@gUoF)mnuPZ
zMFR-`8HHOxlky|FDsa^`Tl{0p&oqUxx$5D)C>%1cR+P4lbLlP7hyIT(=GZhe0Web1z&>MF)IT{LD!%LF-av*OriNI<}EYuycqxH2hoNw
z2*-%EQ56#BN%P)$rYHn-QzXvkz!qh%Jb_(n>q-)pm|Po7N3X-sZen!F!73y#>&i=loZZm0oH$z6=#}f-#${I53>L?^~d5E^`9hr&>pV_d*$hi==HY
z;H#XzX}1y&n?SpaQb&M0qH=XS82_rjvhAh-_)Kh1(1@~?@YX)&*$|=Ij~FB{m|FEI
zz_wazHk)EH;0QDc^Cze1B6Y(AWN)`_DJ=vXsd(JYW;NO~^-e2!D|V)V-7Co6MJU(E
z9PRJGuKt)etzExi8z^!=2J9H+5`U32>Urc2Y}}EGAW;ukx6H#w!pKA*RnQVbGDN&+Njpdq@6L4vt6-bpihiR{h!dZ5%+~
zc5)an=ncrK|x}&;_rqHQ+{0t1uGlYVfY=dANzuU(8*z=va1(eJ#|{FNdq%tIm(t;9?jhRxA2
zoek>%-iQ(SV_=>sjxAE!!*j;;G_1c*VSheq=r17AHdD!##WpQ-Cz$m&tgDy-(sy&l
zM6_QPB+cCPiAFHRFvCju3m-e&2;qhC;4t2>K3ap}&P8B-xel6^N7sqTGprxqG{jOD
zf$u2!e|%kcfE2a&pG)O^EhRtX6V`Yq+33XjU7tktQ_H?24A$yk%oAW?FmR2`YDEeqo2rh-F{BZ%q
zH-l9PbA@Vv%ZNIX;zVNW>BmZ4H4Mfr7s|#GwHm-0;?ON95w&flR>#GYuu7e7GHt;A6cKzc=}1E*liRxoyYEb9Trb_%tpEU=@9
zKj~q*L)F52h00M8gzEtRGz7L-6ON$FQb9M3I9QjHuJVnYZ9P(A-Ee2pDN~GRwUReZUM%3%mKtU2UAC%>
zVMSa9<8Q;_nxMuQopy0sz1sr{b1Bp!4!2vNO4XUEYpbM-&{Y9oT|;=OWUQJ8Y}FC7
z3DF*mzJ^659i3PcTRoT;tS7;kZCH7I*2o5^^0~Ika~6Uxg0aP8>ETV@t_H#)Tdl>A
zd>6?b0^u`{B)DodX|Jtre&>>|gYc&zaf{ca!?r5%2A1Jz3$Wu^$SVQ9Xf^4StyW@k
z%%uB3sAouIxur=3rCNthgh`!1=xaz+RFeUpK}VvPLpczP8Z(|
zY@d&xqs+{aY7^!LY~N{MU;Fq}vTu=8=c~B*EnqTi?7yGJht*Qi=+2i&DzJNed?QU#
z)=AY3b4A8$0IM5?_l5qKrEE}4W9VfLf~&ob@nux>nOxOO_-Tr=+RfR4ocM?
zQ!lXsj14g?EAczbjuMU{8|y&W3-EwPu;g)?!JL=s<4&##=YU-zoU17DXFQfq_ybk6
z0@d?3;*}F^f|Xbp{_})?q}pB-%2NT};}I-bwg-e&Ks9|8`}<&k5jB9-C7hLKT*ag!
z;n6DnXxx(TFT$U^0rdmi1;i2k@bkDw)`Mxr4U%}Id?#O`SU?3A+e{Qo!G4J(Oc7a?
zyAHP!ss~h||KUwaKw>X`4ikq=&{~<(GN9(ZrxO$xfnO(%uSZtGO|tY?3SA2v~Dpp7BWmm9LbW{l35k`|_R8
z%_qzWs7+Wkz+J`Dz~+1MZuiBcMFB-yeluw^2yYmY?!K6`I-nXp;F6AmaK?~y_r;`F
z0?PToCH)S9Oz_G?_e^KrMV|Ht)Mr_4AD0S3aYNEwDw94BsPS+juuXM9Xd6S)V-*jB
zlIa%$>e*yB;h~^TG;}kxS(TSwWTgfNSDj5RMs=8Q5HAIH+F8
z?IwH$tX~b2bDX$_YO#J$-HR7Wgp&hZ9}eA2bh*7ivz<0UbqqIIoZBoAsu_|l5+?Ns
zszLCSFzF!>x)_ok8<;dEsM0#Qq|qSEHY6S(*?e7YOrH@{-(<
z?iBU`5IPtV4?9shncg%`4O`_7c_Tob8cUB-+&fO~nB~^*O0c#VChOFN&N|1(sZ|?X
zI}d?%@!!no#>g@Y@FGV;w@`0`pF1(86rxI&>FeTD>I&DG(xBG(H{FuV+#9F9#=SGQ
zfVN-_h-GFkk5A&%&3h~(x`_dIQ-RvDGtHHADs^#+YtL>Fj~Fpd
zfPO5^OjqhgS+{;JgLT6&DFK&MNvUe+3V9+D!T5U@4t)Wz70gULRuk3TP^k?UaG8_`
z<6e(t$&oL>sIE#4!N|f{Zw0Kkhx?`Pc4l<5;eUHKn$U)oJ)j#6bXc(dRx
z2z`17!Ke!4#MUd-w5FTbHSlFFFNdbU^o^v>$~#I8YUh@3DyUWNK#!_QPU5&yGcYEy
zSuMfuWn@etMrZ%BQa$ImxtIXz;yci@=i-)9eGa)Y+rafgL>-@
z^z6B45>gLh8q2xJhhDQBj%-aq-!1Z;q%N(8Luw*ibu7~a{GNA^;jGY)*H}X8U>7%?
zC&6EI2O0lvSf?`}q>4T5rt=#3NA4iQy$=1j=}ZYFFNv8DZ`_05JvCPM**&h$7sx@>@8iL;K4kCU%W`0G(>xq#1v7v5_V?du_
zM0}z=k_O_pA+`QdcM|s^Si6YHlN`RAH%3{BHQ^&lxB)u+ec~8sUm2xTFP1EaIZndg
zA=M6jJ}2`l2!DC{ESW*Rxlp`%{&id9$r!8);&A6WzfT5UFkaQ$r5#4160mAM{sJ}{
zN+=nx7NC)_T@L~4=i&a{K3~oli->+-yt@2}o4v`P&Np;361vRx@oGt1cS61ytUZPq
zRb;HQU%bjW+hu+M*0+X9gSngf8cO|%c(ro0o4O4@aV{LXaHCRZ=Aw9Yu(Hc61y*gt
zG^s}`ekoqf-Q=3^D5(AaO}8W~-Wji^eda2j0@ebJ^Fiq-i$uhl3SoMYTk`-?Ub^pKV
zmSkq$+h^8C&rkwCRCi^_J~2Tb_0%3WTQk90YM4>Ro~VvC`*v7e@j8SZU>z{bsFG#o
zg|J$`-_>~ztX~Z?yRl6FF|5|5yY!p|;QGMvuV%nZ+fkEVa;xkv_YZY`LUKj(T2bf27z7!uy6~
z)VTvJ>s;!neQ&rr&x2~EcsYutbNg}|84GT9)TeluM1D_^0-+*CkV?)q=76JaKIf9|
z2ceB2`P!rC=N;8=fNT38P^bR~UE5JAbqCBnsutdc+Z)VXID%Dv!0T|oAP;;4%l$w9
zoGAjMO3{2D64MUi%Zp%N^(4p!Ey2~!KU$(h4^+|5@vr`hS9ox1c{dK;UG`3Ce33zE
z>`FmZ{T#n$0y=)MTX+(8N`oa*DIW<+#2;9R{jNYC?}^+Y5i6DQK!Mo5NX7TMlPC
z138@QJkQ~LXFG=roew!&DDCXb#snvp9UwS<2yB=M@fL
za*lDh&iRqU^-khV(zDSi#^ENX8HYdSErYTM6#6x9!iN<8mbV|r|DJa$hkxWf#o?cM
zmvZ=5-nTgXJMT?|t-E%6%qrYl263rBg8V-~o^v{Jk%weyAa#Dnw%>%%iHkIsuXnMm
z;h>Hogic(fiTo4un68LeKnR_<$OH0a$n-(PD}>OAi`0;Hkxnt>eqzOiPgFXR{j)vRc^yg0M(j}+jT}X97wC>oc{xbk@l?fB!{z|xqs3BInFu`=Q{g2
zoabEP@HxlEL!dy~eCKWs7dTZpTb&K>Y
zb1HDS+-c6?N~afxtDWf_u5s3L_=2;a!?n&;4%a(L=q&m2TI!vB!`>rN34cRIB=d;=a4JP1$Q?r^P*v8M*yvcvNA_8b^QZPB}{KK-@4y*frroMd#B7=g*5Z`GIyzS&o3%
zPt=0+Oc;Rf#@a0iN^hO`1-j=$5c>>=U5{L|
zjF)POXZ7h1MIMF6_&Y$?J=iLBYmjB7KO8CjFh;dBEOElYf>yniQ=zh5Li$-u-jGNd
zkYa>3CUc8$f?ZU7%%VkgMAspRQgoqiDiPO?Xp87>9wb`$cu#c%9h`Uq*d&8Lhm5)M
zebtysQ2jq(s}24z$(N)jKItRWZ)td^6cOT0;0Fwc)6ksJ>hVmhUM0?1;8zTX^%Tj4
z#{}sURVT9ZA7Ejm&RNh;mWt5*RQhDqGZ*kez%o5tkVl_t>GXtqKm<>^bu7MNN^+O3ou*MdEph&C0
zBzW}hu|?{=P|`T_J+zgT0MmY&4xJhIMGD=659`vp?2Kxq`+}16a}&J6SiLm4=Ifno
zjQE;K)!=>K2cgS2e!yW52WZtxkYLumt8Ygr;LZx8Gw`Ge}mFy
zrP+!nccO$S|CpJ0`LBci+{=G8oY#Ac%A#h{rmDyx6kNvf1En(|+KQeqmCztGp^tM>
zwt|#!{^^AB4_Z>AR8+|A6p9LEfWJtrUxH$OFFs+BcpwXBxxxwQyG}}&cQhP64#osQ
ze=|M`2Rpqdt$~PnjM7;`R!k6YKLYGnIC%V~Z9R?n`5vZQqAUDyI9Q~av^D_T?h(W)
z(y&+1HIea2IQ&BcX}uo{TA@aWm?#vAPTbu%oYoQTUflg;BnM`V?s}lRCq@GJSFIe{
z13r&K70*L*T1%`#A#T+eZdNuf55;M}57gXVG29N>xICbzot%QYbDD-{03AnvoTepP
zwZR2H84>nNlqu}(gY(6rZy{`f*1Qri(Uk^HfaJUp{s@1|QO2xy1jRYKax6p%?<4W8
z5Z47`g;pS9qBw&mej>GfIPF{X)FQQW_y&o8iXXJ*-lGZZ9*)CgupCc}t+aXYjEdCW
z;S`D^GTt#3o4-fzR6Ze{b}17@(?uk)IQ)X-C@)%4s6l@S>p{@PQA++(%0hvx2e8#a
zhDf6cXNbUNJ%?IF%L?`OIQ{5sJP8n23p5)r+$vfDizbi~U3tr5;dr_^DOydaL_C?H
zo0E45|B}S{huWeQPmd>yVjaw{^U?GXbJ`U8sUqK5VMPU@p
zLVZ!$=JK0Kq)Sj~69)b8s)K=rp0Ol)y$`r0nz8kD2>eOU2{l`w?Wu4I&{sP6a
zoT(g^bLMea-dWCJMQ3afvx;Jsoar1^cIIARR&|PVSk0-(VRfe#hc%sF
zIK1CE#bIsdDy$C_tK=!4gG=LrczQ)StHiHA8$G9CmyN^{Am|RppxC^+oh>
z57PH!y{Y%gIWJeu^0OZ4re1;)4EK1wI3icacc=
z4hdGd2dh@{ekRnS`)sS0VUw&*F@7T!Kji&GsCVDQHIL{=iL?tAS@CmU1Z3N4T`rpq
z9bupXG-b*AtVp1avH-2r%=?^3pquytizWftEVzb)=2pFGKe%TSGs`+lN@3umg>spd
zQ;08;o1qnDR?W4IZ0B{WnU(T$cauEieIV6x9|aOBm4%Bxvu0A@FdhgXA_6^jIy_B+
z&IEDvlDf<)T5k~+sFPH8H#lX$spv^qC27G(<^$@*q4ebjNIwXuHNnNnbybp9`eZgy
z$GYld!~j6U3_MBDN}kN->PM6qCq5I{JcGw|u5VGXSRtzZ#;=aYBL5X{W6|`J4WPSu
zT0Md`fWA;X-5=hWB`JAM=$M_vZK;O}^~zCic*11F?KoYjb9?@ieqIC%ok
zELoEN3I3tKR@-ggxXVtgr^F<*Nxh^w&^>en^3@Vr<5H;B61^0RJKI}Wg#$gqGt1zP
zsqxp3D?KU$WAr?`sf?o{M`#1!q_V3U2Q>_&)aPQ+6r-sT`d`+_a@fZhYqgFQ(1
z+*r-jM$b;b^@4(e(sPeEBV56(sEAl
zpHTDf(a4>$BI&JqFta3P_?2L->W%WzrDmj25c?Gqx4P
znx7%S#~98@GC*^t2=xY<6LIDPUtu_}z)~xfZc3eXLj8nA;oE?{ZE%vXQcsS6*$;`x
zD!d?m3D|EqxPbE4bqnanI+*vd=@cdCua&wf52~q($ki5|XC5S!frG_-Hl2wp%>Ef~
zdQ&2QUzAo8FdvO(b1h^Oi%O)v$Tjj+X^n!&(^{;&<+Dk@HVHQ&UahwAYL)6S{l{~l
zP_6EUxT#ex<+Qhs;%X~XK70YtIQmnje34f0^NOz!VLMbpR*2*liyl3NRin}6A!ZcmxQle8lU?nmZ9!KwOsZ|g
zK@f9*F7y~yr$hBYN$*P<%VvmTF9TVD&sc~eyV8{
zY^~JbURACVz@mt+>|x?b5JWHwEPhoW+&`uLU?dwNhO6|5>fex*c1Bb`Bj}Kf%lJ%f
zC`^orKxZ085-~=yT^CgU{Ls1z*balgJsnYg`mU8%l+^&bJ_PNAp|XKm)iu?xAFBB(
zu)hsX#^_vV(hb$4I7mqqEh`NN7lR;sqDjB2_2ogT3_=4#Vxu^@cKgPod`k&cqySi=
zBPe}5n(p{kamN;}Aymt!g_V!gi^-tO_Gp3&$)(j6DxBM+Z3Jb9p>av^isNu|p?1IJ
zvW|i9l_8O3mZazR;dVkj3NInmk@yvazlfAd#m&>G@ai((V1N=Kisv=T;ch~G`4Cm!j!-0)9$}~Ps
zsJpk|?KVV<`S@8(xHgX#EQi-t+C7#MqXo<1sY11S5g!I3@;mr>pUB*7dBJk{rK;ci
z>Kxei~JCh|4>{6b{b%nOpk&*P3cMJFh7R7N+5Lo3txDwHlPWBD?`DiW^cX~A-M
zqfj*qyE$(Ltc{P;g5~fwq0WqV@j<|b`#3FF4(}G~A9O;je-^O$K28gk!v}<#-CyTX
zYzDT?$7w-s_#>gtzpC8^;wZ3B4bHRR@C#)}jiZvI$!hphp^jsT1aZV)^i#!Th9>ag
zlR~vdKgW1MU}*-=82>Ef`{XO015GwW@w~)0d_|}qJK$XzYRL~GwjD`OU5GN=xZ*Iw
z5BJVriNy%iVtCVGK(Z?~8L_jCSVa<}HN4?`w#xYmCPAcn9q`u-hgCDDu&r9d5mS{o
z9|Au?9I73iJg>|Pr%CnL9Lw7IG&1}X2!9(zwJ5O+x(f;SEjeT$@DPDothiJ+PGZAA
z5-WZ$T>Ut7)*6slBCYxhSC=Y3mcoig0NWUXzVMjvh*YodbT6YpAdEL8ZtQG?!+A#oPyM-Oyitf=mTm-IwiFuEBQb#r=Yc^FHo
zKWT;X90_o|N3b#)z||J+cUQh)faFjt9S=VqP?s=D5l6g;pN&N3%dRo?@v>iIkj4en
z_jNQT4uNpYka(3*7z?a(pK*)e3b0=Z_Zz1stq-V1xOw2Luo)5Ih!UjFL^%i2Yw
zYc9+gQgK8V!Nf}v7l^bQV>^NhAAnQ~gcdl0Gq9cR#WFOrq)VR5kp5c1T($7JEG~L>
zDpRM?=ukH_FH|r;c&8ZyZgfz?HJ87S7mp*8gj1y@3#9Tlo5CbEQW{|~y=uEsVnFACMvM(W~2@IJv|
zKLul~2N=92R2|Ccw}}7Q!^A8iq>z&+@{&l|O&wf_P%ZP9P=z`m>aH5Ni^ReD1f98p
zL~`UuuGs2LY9S>7Rx<={4pgfyE1y(r@c==z
z1fzptv6>X}(?wQ_8qB325$&>C3{=j3(6E+^F!=(>p{
zw&G_eu{TlTJbR4bb-LbzU2UHL`+{)33N(&Sp8Va(mA?V(cO#!dv&+Z}B5MLB2zq)M
zX)4v@a77YH6t0Em9XPbM6nY;nvPM*z;nqNkSN;UO0*Y?f8w)r^CFC(L+`h1y-9|iWQkJJ1z
z@|0BlE4%uy0sF{iub&ueVK$HPi(Z^}Z7~B6MS7xP^h5mPgi+qPH?cHfmsB+{1rajFjuY&Qq$I>snMZU({lt1gfN_-6L1mU_0Xo?)UD%I|F?iBeaU^fk3gkFeCtP{-l
z1XM>bmB@!9%EA6jM%
zjEDFnG7LZCNQ4Y@%i-8*h+rzV1uemT4&d@w0!?)zwF7EIep{#eI`DUi;}<4#TH}qi
zgW4qV74S>3dib@sNT+~${Y6)ig`2iG9BzxG*WMz11FHK>c$*%!OC(+Gq7ht`7d0J{7c{ZS)c^A*)9prxku&KU0<8uRQ7{(u7
z?7kA%S|gvhhSFadP-E~MP`ris_dQv+tuSFrKrQ?h%1;CQ)(~Fj&Whe;i5v*1vU`xb
z+W-Ugyxf
zl)8=P+Y0gBJWS6T^kppCfmJI`jb4QfXhwqZR1C{XJk
zR7tl)a1$!|=;yyc0JDOB8am7JdL($Duh?lrCpya71U9QwDg=
z7>;0K>IJmINFJrG!=lz8bT=fPSMkJHlL{%7x)%H2fG|Clq-Rqlv43mg2BCIUl$QN6
z7`t)Ya~MTHe|XXuWunL%LE|hkau0+Csu82$Cp{0^RZoWgM9VN;wyrI$$oZhX_PXQ=
zww)7q9vL|J;nN|sW?cwWrh@+RkG_?`#iQ?FXx40nMq_ea^`}d?Ch%DN2vpR~^*Q2&
z_gH+?IhfQF@%?ewAC)3&`HA_n>Pi7X6A(SagT$AFdymC4YDnuGB7}Gmge|co@3Ht@
zq~skB^B#*=M@0In?*P%`<0_5eF!vrG)3Y@5_;^MxBmr(hBba=N(kg^A|M4;D2@!bb
z$H%$1Yw?yb;)4GE$K&H?KeVkU4V#kIDVoQ}yKdMP*|3;MSE)G6nWx+gY;lpY6FDGp47YN|##1M;UI-67qR+SM7qzl4+?kw)2QAmcw?JX5C
z`A8&6M%;~OCl)`Crev(Nlh^3xwPi$LGMo0(qj-rX(k{nUNG9i5fs6Bz@J~3ml50%B
zrTi%W2_>%`iHoHJ|4A%GGLcSp0qpNP6V!P)?Aw&6M!MT`7fEX^Vqf(T5nr0%`?o`|
zpFQn{wDto!X5gFz54d~?@G$#kBUF)rk_p0kcSI!dJ?_Kto4Oow46j2XHV&nqjdPc1qEu?O(|u>LqJ7JL>wPW<28hnI=P$ol;~7pHLq7gxV0FeC3^#
zL_yajMNz(}Z%{row-|sPBAYL2>{oi)F^wP|{(N6lk#ia|z9`O~@kL!&Dy>Bj`5a~1z8EnAO_TW_(d|Z)1OJKq3WLVZyb%=Zks@6Ex0yRbaJz
z-19~Ce8A1yBfz@&xaW&1fQG>OM+2MSq8e`3~Z&3d%mcS<0N+kVi&NzKJNLV
zc3i*??6{7_m%z>$-1wq?!JJk6hIoOSCf(+V?)#!X{v3pS0E@*Cgl=D+FG}SCs|FZ#
zJ(ll_DtW;*u_LhVgzF;od{Ogi=@CJU1NM}`Jzo^3Y7X
zriUam#bMAt&nDveq7L{X@I_62NitL120i{E*Fc?0qUVcBZH=+B5Wvh>g6E66`y*SY
zTNijU;`pX|zNoLhaTDqdd|0d=LbkIxMNxm=nW4RdBg?eYFU
z4sPPQz-V=~WqeT+G1!y6b}g_pfoD?27gf8eOXxs^m0Vw*FKW(6DknM=y}K&)ovH;z7LE>IM_Epf3$Bv3sK72H&Eos&g_eNg|6v=ppEoo=ufl^
zyAsTu2tO6)TklXD%A|4e8PaN8ARRxmY-v@k^&Zs0#gqkiLEUkuQ6R>}R0Yb%wwsjT}LWH06u?_>w;mEtWMFmn06k3(*e=92>PCi!?>7M!dS8;KRy0t$heql;Tf25F_F<#
zzC^!IE~dQk(rOC<_8t*UXOl|7s?rJm7jiMp4N7ZHG>Mzh1jOVcktiAQ8`i>FRXSru
zJqdn8hn<~*nT6GZnpofSME&lL)Q=49vR#!j+44i{t&o?!woV3Oo
zC=Wqa=p1t9`KBH|2g5zzR4+WhEyo!vM;zmus`NAVK8KbMNmB|Z@A{_fGk6sRvEO@$
zDB{C2?X$SS`v*`Midj&U^x-*n`%k2GH=q&*F6YDZ?MD|%s|KJ4V_>ar=*n+(dix}T2o@iH+6j!Oa)fQ;IY1`pKu4z
z7Fh2XTq`lYsc9H-#5gdf8&-Qi75Jw9m@2Jhz}6X@i{JRBhN6Gn4eW@)Nj}QXd}LFYEOG<(baJu*!4V#Y`&?R_e-li
zu)YQ-iEO^9&-!6dc@m6g49oXTQJ>&n$sy`qYaYkw$?K##40QcYg(1lfC^CdkC=Yx>
zZHP~v@J`;xNnKJD<(n$^k)CUWy23mj7|lAV&1fMs4Y`LP9u9rq)K+{8kuc+%;_MmU
zROSw8Rf5LI3$k)bnJ
zFxEFkfbmU5@a~fshnRV>f+MJWbh4griieaC@r-Y3ASRLGO~f29(qqX~lqb!ZFxC&c~|
zKj(-&ixM}!sVTUllcB;%EVRrhhvH&x(i
z$sK`s7+41%_k2@}KX>sFz{VQf_@@5E%v8)n{4&BQ?}D0-@0)su=G(6U+!sR-x_x=R
zsiGMB#Yr&EdMw{Jwd;y&!XLo?AzW91=bL)Hh3?u#f!??i#G!G|H(La;Ekkw
ziH5+Mc}jfWRP*Jod>>$ge0k3|m1}}4KONXCU*7Xg#kIwALh?PW1Gd?h_k2_Js!9D+
z`yjBRM&9_Q=HT{2TtxhJPu6WKYr4RB1>aPY&(NZRebL5n=u%q5ot5XCs(2n6iUKU<
z5sYu@T1mGnsSoHO4;Fldaf>v*so`jm-02Jk>&aLqCue+91B1=So++;48=&5bq5Hn6^W$AozJBok;?O0+IiermH`TTZilqh^
z4GoKi5Z^boHXjI`0QT?*zHcgdA)4=K#6RO<+`iqa@qAM~(Ln8$U~G(G`Rk{rl>5
zQcLl~+WriTZ*Z_vf&OTxg3bolHais(x1ZDwtuHsAqQe-QQ*f{l{m~AEC?R$z6zPR0
zGFV)-Hwg{8CTNX38Tu2Q5U0ToEt;~jLyPa%L#xr*G`j+`G^lDt`bE4Dyr=TMYxui`Wz1(wtP_#SLc`am-s$Pb)&O^g*
zUJ|EF60A(Cpskg}sh99W?>Sqm#T7j6dk0hZ5UL?J4yNfjbn4GJkUCxtZ-X1pa=>ci
zfRn47RSt%0eRL*TQ$A4d4!z&t*6d6fZ;cIu8@ltcCf?#a(e*LpCNh}|@%eGsttbJnJ|1p~@+yt!dp$^WB;2cyF3;OmcPb;%3WSca
zB(FY3)qs*g9_G~t*|$dYYGGRqLxC?M-vKYj8(q90j(5jC9G6QRzK)VETu)+Qec+1P
z1*bSw)SDo_L&}PfAsW4=Qs+tQ3eb~4&JtRi&|rl5ZHW
zjA!(#YQaqJWaS9`{+N~Cq5(=P&o~k31ZKHwkhL;t_q;q4g*x_!X4M1K28Z333V^O^
z{-G;j2)_eog(#i0DztPuFe~y8{v_AMl^B?lOn_DDG{&RAJXHvfrRO5ze>m*nWVc41
zSNq=))<(qc@DP3p-fF{w%hiniNb@kT&ka7s7hkC=<-s%<(60ub!KLy~54;9|I4jg0
zzcn|YePso<38(dBEUysMCu9Xy+3|MTaAcn9$tp)gtK8f&kV&oB0u{2(4jdX|Ta6w=
zFO0*UOPV$GiXGT~L|8o#J=lZ9Qo@_F=o@z6%3+l66o7LKVKou@FySpbFtM9$y$EcJ
z!Pof-?6m{q^I6t@V4oSBo3dk8RTwWxq>WMFiQAeZ@Ya29my
z4EiOM3$g_U#UaP9i=u6D-GqvQEBjDPWn29-(zZ5J%B>LFjuth^
z0UJs9e!|(g6sTakTPP5~@9PI@+Un&KSSO7L@gjaU`XVi^p|$K0MXBA}vdLi>fN!%^
zyn-e|q~rKGNhfST;@fWn$5+`ZHA2*N#Q*7Gg6LLa`&6hKhj-3!iQ9>f!~cbYg7KH<8!89#+L
z356?v9@u4HzJ5I9&)F)JX=`i52<#+;!0ozsJ50wE8O+!<@ft)je!$xf_TTWUp0!
z%`8;wKQ>m{V+M;(%g*tH!QS5sRmoD7e#&imnS_yvR(-|_NL3R30q48{VN_UF{X?aY
zUMgOjmrec=|ycwdg~EF#stIoOEvG)2mnfk1m~Xyv@yhE9QAkqp$7722Vn7Sj3#|IUYkb4%M=?lZ{HZXW-VqZcs)
zHDrYXQz4hR?-|IIj}JbxT`)Z|3WF35Ek>2iHLiPs%zN?a-awuBV9hEvv#WyHIF`-*
zNoEz4X`oenu=NdXMR$+}8KUMKN<%w&R;pvgbvu~`e4gQ4pkm}tg9aW`!9P=M>m^`Y
z4X$;}`U5&9tKc7FbvlQEpNrvW^Ld(`$?W+m`1oF3rhkB$V>B{L*EL@eT*Z3i&OFcz
zx?fPiwq1466a%w5v8k8g0*Thm>}@J|5k*F|^bnZ+{!4eeMBFk4He%a|=1?Ujf;Y|6
zY$YX0WL%Q%O0k;z4?}kMzgl!#mtYv+6Tr_!{V~j1iV=J)lm>=^RVlN5T#*{
zRMROx!7-SS;Ly1v4T4$P)cx3&Vhv_4q7*1q4DFh4$@@|zZv*2&fE{B9T2CtH>O-l%
zgz>{bm=;S~M=9!iUuJ$RRq+t!!eG662d2IOX68w$7T{VC?}K*Y-&89xCl&Susro$t
z`+fl9caNn9c=qoHPR9j*$%_|7$c|iSPN_Kj!mxNpiog|oSrV5&&6h+K5NZ%fj|xX-
zqsd>BYV|?gTtr)79X%x$yYd4!qN_#X)4OP8wHNMB+N*F;6ln7*zYi?ltfx2nUQNO`?5K
z0`b@v1$#cSrgI>CpG^~!5`wA=d;nZ*!3ii29NKWLiS|Va98keW>REd8luQsR5s7Wm
zxnt5L6|6PM-8`i^2#**|n)Lg_(3BnyR-5Qv0K-8T?UD3Xg9F>+f_d>?EHzItAJ_`Q
zIVJ9AQ+c<>{{@v*Q&`)8y=QP1(VZugM#TjmgnRoW2;aq$xZh+KWMEcYaOyE(-3B4Y
zL@%W%P4qrzU`br?8+e=U0ii-Hi8ZAkua29bKz=*N5}>K{FOXu}n_rRE!-(igBF)gE
z1?jcg)7Eo=Vs?c8$%En`RuTr%?LgyeHcu62gCA_+2#Xwg_T2UmWY?Y*qQny?;z>%N
zt8EW|53bAoi1`c$yDsTZKBnpdquGHLl?~yq4h*;L*B+C4I(i%2cvKb((w}HS)*%}w
zKxU3@S50l;iKu-_-iMBh+
z|&LvYE^?5p8YW(nw`~ygK=T+eLf=`c)ikE&aK(wS0YNH~EX7&?!OL
zT=?|4mq?xrPZthWMt`DBW)*C=+0@9mlY$#&VKpw=MetBJNMUN=d)h*@<6`=klkoA5
zKm!rUgE@EVatuU)hlDzM%eKZKoryT?8|0ww!%%yn;;?*bA);4#kf1ZG0N+)&5*28p
zSgognP-DNv_Z5+n~I_|(GL-r`A%2lxr0<_OX
zppi(SYalbD8mz?Yb9?X@l{iJF;0_Uo%O!7Vps`3HH(O@YeE8Exs3j{Ub6SGe*5|(4
z6RKK@(sZX1qWH`=BM=xsyBkR>2hyH|$mt}&#h~HGgxY%qtH=<&3dbf77PKS0mHAyV
zRE!bo!K+%ue&B~ajtfr`YW(+F#YI5ZJy@$~F=zvdW3EWjWy>Cw)}kccwX@ewy9&wZ
z^y3coa+Zip#&jw5J-UNR5UOH+xMESbb#T~Cv#0_Y!fU2?*ArG-M0fKbL1%6ShDB-G
z1X!216nUs!>GH-KsKxM}{a|nx;8;S^ZAmeErvm|zhn$|eyz%mBZ#d3~^A3*peJ+=G
zyeP&MPw~1y@j7aO3h-7!-wj0mP6BMThBJgZQ676FB034VybA}z(dCV|PSZwc6_tQj
z^EhsK9k82fe0Co1@=<=>3l5|mUc{?JbNNjnN(TxwD$Iqj^a4WhWbwqphZl7*h
zbTEO5o9o_#L2xUQHNE1oMdK
z)Kgd>jF`KC7c-oBuTazD{d}=kZ;2l@rxx%ghO?PC<`L01J*CwJSbu|)Rx6eAMce3p
zhsUk+fUU;C&s8WRI4N(@iMH$_Bn16XyDY~5KVabk2+^)?12@%$SAXYYC@buX{@T;n
z$-vzgovu%_FZzc_Extk>HYz4f2Cv1$NL
zQ%}O|i~ioH*m)X)q9>sK1Yf1j$=eq_b0WTef><#bKhGH0?2BIMoQuBzY=gmRUvzzW
z(k6=ovtCB-zt{#fc&5<|uAaJ!ufSIGjOn}9$ipQ_Uu6w+L3z(K>aPPNAQHi0Uj-y?
z67D_I=yn4SfGAcJ1)*Fl$$O@;9CK??$HTm58nih?`fsR3e#S(*)0t;XwC#;~#x!9R
zzIg`WSvZ8m-G*3+GyfSA=?M{d=Vwf_zZWe2NsPFlzyI}&sfmrJ&R$}av`*1HV=B89
zuiYWKAd%u>k^hV-^}1j~D;vnHj;}`vdRz9B(N*Sc!Fz&O9e?oyX*~`BUL8*~olPnQ
ztIEJV*yJCJ+gMC8U{7o>c9i`;3`&SHoy?;)Zn!}o7T%jsu7RtGyE
z0cvUBQUrU8+&{bvQ(*&@C&&uzN6x%O?v;Ol;oc&5+B2{mXRI7?%p&*p`7lX_mRCvB
zy_~$e$o;E4c>aOdV;&;v`tVHq;6~fJ2wXV(8^5;!L+>AuQ_7H88aYWKaj`pLJm|5gb?<
z^8qa;xEH}@kvm@t6mJ%}Px_xG?nmTdBhWms5^w)w#9Ox*t?fMGFB8UTnMLl)TVp{C
zqSY)H5<@95v&enwSbPc^STTcVWS~AYj-hZFM$_uRn#SN-i8cTmFqHTf26O{spkY1X
zr-DW99WLTCXuzH|I2XTJLsflg>Qn!u`zQn-nio!Zv^Ij-(x-$-FY0_48)9M!;1*(
z6e6xtx_Rghi_Qdb%s9q+y>YA$4Iw#@Y91UcVaBllHX9>BQ5sMMf>UVD?2TiailAr-
zZVITCfz3E}AyH_20I*>Or*Vu*zzWg+UyVO1h#k|q&qD%PB?8VzsKE+ZnE_`XP6}43
zBdx4QWid>#>GNDWphNI?x-`;OmIu-m$T33b#40#{D`W=At?z1?E4~aP{p4;SL=DU}
zGFg8>W}>`sL(AMvh)#!*aqPTLL1f9Y(5k&yho{
ztP3&+)-94*$Bd9h&dBg5TIPz8iO1LftgI{{d%{i<3P0y&N))e%X07p3LjGJ;i)Io|
z>AHAE5y;mSGC7YP;i1p`Jos0z^`u`%?9$s51i);Czp1ccvB;(m)SA}
zuTb!-U6@+AS!QUFEh8>ei6EV2h8EbexC^x)NVk$EW1;XhTV8R~8saH*wKD#SEgg(G
zl;9jstE-yvjkc_NSm$tyr`pv&7wccMj@U8_;}6Ln%ch_44{T|>_>bB2Grr%J_h1=0
z$tPm|&#GPhC0>U9%eH(T>$nNeBHX|7;~D?jmet@RBfJISR4T6hjGwjT{RK2WB%A)a
z*mDk@u-p%aCdtpqrl0X!w!F(NpDo$+GyaDy+qmU(ESvtv;pNCGDCMnfI{hEB>1RBj
zlm%YXc;cd1`x(y-`*vtNi*Tx1w|sJc4gHm*yswMKTM!;qK8%->@<>OG56PyV@zPSx
za^>e_)BhG-)b9plksG>~+34xF;u+c#kmUf8MF%`lD?X0K-cJK^6I>5u%z0mmp<@BL
z6A(%L?Ms!XvG-Cy7Iu5-e01ZWuXlzn1Y{|&Wo6wRlts^K`F)-|
z-b^AWB`C81k;EB4)hh2H)vTZ#`mHXPKa5m7L#2Xpq&r2+v&2g){vo=C>jY(mFLYXE
z3DV`lP|cvM35e2a>`T4S08(v&@|_V{s;4i-P>Y~E0*It0_)_OuL#kI$euU>dl*CF;
z%1w~*Zb3Q5or3Q5MBQ@fHL$CdH99C?I-uphiILYznlWiaP4%rPd1WPTy{^JK
zxU5-0*~hKdOd^pcj%55B@#ESn5#hLKbF#W1L3H9mCxfyzAWE>ZFEt!xkaayM592+gVn4$P;!82~eNcYk
zLIZrM=W0Mo#K{GnwA3_TilJLUxyFT7`%;ZD8fWE>lSyz!$y7jO;TOKt
z3DiPX(KvZuqR!XPz7#|0ak3sDlFG5%ltxV|!+Yc86D_q=34(NKFjO&4P69+y^?a$v
zsWckL$#>Cr(FasJ`%(-wh?7TMXtXaipGu=coGegSOD*uF7-|f*1RL5~zr@?b#Azh&h09T(%4l9w^_q@+(7d5ur_4f1)FJc+3;rGL|tx8fPf
zrQ{_*B${iL$?LAKV0CdNSFF=gr3up2$WVroZ@Jaf&`1T!J?MN_1CQqrCSa{Xpj;cL
z9EWY4rW|&3x^vjcd6L7<&I&i&!(kWav>V>yu&a|wizmxY+u!E*?Fn6mR~%Y2w}A;n#QZQtUs-=&8S-iIkGSI0x3TZj&U&yaSAc^{^{jk$$L
z1yU|AGtrC%;Z$!`xvLTkL_cLbBoM|$X89xHuAS0c$!q_iOg
zLb>&mDZI|W&z;g%?F0!1^#SKjM$mR?o)I75oQ3YXoh5JKyVk6RBCYgUSY*e=kn@G8VxTW2
zvsaS7L~W)2xd&-cSyhZC)q^~f?urnp5?+jAQu}BU6*iN)zColha6K?-d^G6+Tx(4F
zXeW_s7jsE#qDeR5Ib>4Y>qKgfTL#v2Fq%{c1;(V|J3vbN1+xN?r*DK8CD3vjdR7*s
z7h0%ATIv0tKwHW)CJ<@%A|5r6CijIF?3DN5Y-ufpYcm;8VI1~qa-8zg2mR8^Q+Q$6
z(VY8$*E1YmI>R4>(vRjS_4MaUxS1LWo^I}FZ$w~wS#Mfd+<%0UM@F82%emCa<9Jjv
zIw|EHY&Hv-6{P=V^0jJYT+%Fz=C2`kkB8{BXl+<m=I1k`L04XN;82Mg0=l|n6UWuzF>_ma36zdg{WxKYkiG1BFR`Ivf?E?0ih^M
z#&dGbg!=fD*1Czb9-{O#)Dl}S-`3Fk1RWzNbwC3c*;*vUcazpBL|?#Re@;*zhT4jx
zQgA-rq-Z3@kS@dKjCU4EwIC|;1H8u&Soa6~>B{8pBG30Nq(zq00HI+lNgL2hsA)r`
z)e%@9gP$iW605C7iQt=wpJBdfj|cd)A#mpWQtC?|Kh-ZuTA{HpIQ^L-)S%FR?uAUY
z{xek4#b}|G!MOjdc>v`UN_K4L_&Ss?sj`Ir?&<_P$=Luw5dxAMhkY4ViW_9AW=yh^
z;^;CLnLsNU1})msOZSrTiovJYM~&akY!1RBhO`x?xTI=QZNV&nNy9;S(vXf4Nq;7`
zom9`zW@`%ot~3Oau@dR4vdK;D+|$s=#9IL0$MK9PeH}~A*k*1|F=a+2kv{dL+iBba
z-&}<5i<(1pD@;F&i;#Pk^z~6BdM3nI>b7ODApQMsNYi67(gdV(8TY_!M(g3EFMXgP
zU)~6KR{Gn=N!$PM&08XpN}p(@7aL6IG8vghDCvqukHS+X^7gkQFA_=$q8<^Y58Q;B
z%Xl>yIRrpwW@|8+3^0~hHE&`@7fMnACm!tf^QK`S2nUk*fwP_14|lmqsR5O|AL-nJ
z7P$eH9-svl4=|P%Q1>4ORsiuC9wz9_O1aQST1kn4RMI8n+Pec*Qf5Hatc7(7z(rI1
zv?7t5q>i`5NJaT|+lf*hO
zHygI3MN~*U;vlf2gmYFjUL&CX!7P``N_-3KXAjqFawILIN~#}F6CQV!
zBy7Y*fWuY7c+-HgfU}a)!0z>MS4kPlSDS!JE$5P2fzXjiR0@L5tQ4B3B;^iNDab|9
z35!aT+67d3bmnaQ6p-eS2pO+M%qpHS7)C^z-EjNei4!Yb&2dSuM3d;1dM3S#
zNs*O)3OA^%>C8R
zU7___X6;ITc(PKVxiJn=hia|^&iu72^uB0_z&o#9xs9=y#An5b3;O#XYgbm{S=L*I
zO|m*gvv%e6z0x8ZP7u@(7Wr#e5({GE0Yu+0P?aBXHPhmg$KW$8iCppu6`Gy!;*)}i
z(Tjt1-u%4=s-!K^f<-@**2sSeb|S%SOMatNWLt|`iaipF^1Ub;gaHeFWd4Tj5VMiF;dpd!b_7mh(5JL0x@$}x7(
z7|E9vomlD39&|}1qe--En@PNWJAG_Jm((JfWUgX;v$A&(NVxW9fODrFrRSu10FA~cL5doU3Du)9Z^vP!*MrN4N8_7BB$YZZT8+3s
zC`RMtSAmkQXtWvKG16#UflyMQn-p*Bk=A|>uK8R&BU1t1f8dyHbSQw6MqXgYKMuS1thQE=kvwd+f&@{)L
z6sEs(7a5N-I32~tO)AxZE(6|U*GfOV(Jh0&h)BA1F1f1Giwt$kpukq3q$?VIkS-i5
zgDQlQ0$m2YS8w`v&yg%{mpcH}O%}JyRFB+XxI%0G13v`MNS17invrlv>(5B`ZHK1W
z(6RuB{Wo1qW=7(maK%Q%@9;1|Xa0Kp-SQLJc(}kN`=jA+&_v3B4Buq)1gjK@egC1pgGJ*gzCeX`%umMX&*i
zQba%nQL%uP?|07Z?!Ae=e*gEq&vR#I=KRi?K69q*tgDf1K{WgtN%VKP?S#&`W3}
z`RJNi$Ql4PI3S@k7HA}8L1!UvfOf>8m(WQ1YBuOg0KOv-<$@%eUn9AQ;Zy34M$#QM
zfx|6>9IAvrM_#eG8p(@QY`IMUXhR^sTvsC*g8fvMG!TF>B_uf-NxvWLoL>MyQE^HB
zvDl=PR*J{|KKG4#fOGpsZsV16WnYaj{Lzk$$ty4D-Dl(s9o|2IO5$-Dj~by(2d
z7l2hI0R3{aOh_$%3N
zlYV(9E+D6-lLA@;qH|K*COsQ;Dht^Gw4M&VM3X*T%@%Su08<^1ze!i0XA5}*w5J?;
zi6(sxb4L#8RRG>15aog-o4-l-!!YG<(#_Fdapb=N=x1V~$SW4NNtaz}%MC|1mcu_l
zuG^$1ZnY()0+2f@m~h_(5<}J(T;z?(W2l&UHkf$
zee40Ar3SQZTcS@88)W5sf$XDelYX{)j{mL;!3uIXVpXS#tl9^%*Wdv0yY1i+JW*OZ
zCSgZ_SHpA1Xq>Dt20z+Viy`XEs1jz*n$2;azMesm?;M@
zl*S#*&&ekTK!50*MdV#-K&Q5fmj$?n2<~!L6Y(!d<2+V9$$MzAkjO^_FU367SHUm}
zu}4IT%nD!z4Hz)8#Ij)jqd2{4uk{J)&38&;9X6v#$S41octzgu7*j{9c>P%{UQ`i9
z@GE#B&R5Ma9tu_Qs<%5ZUX^Jft|q*c-X(cKD!6G97DJ|ajMW#^h|n7VchHjE+ad*I
zh~OunLhC-vw1Kgl4s0h+#R;nEWET|2^DH>IqVWdCKR7k9`|I>pVQT
z29HKOBIkRI9Bf%q{c8@?KczFh;vNWHs2d4bahs)tPhjCZv7}IpYLDxJbZ5!(*`Uua
zh_Y)jf>#+99NG$_R`9$U5VTr1^gBw>JB~0l#c)1kN!i4eR~huFP!YU+E;2h-8h5u=
znSITPt&0}H&7e(E$;F~CpcKXIwNu2J_@^BqmJAX1D9)&$2;N4*Xn{W+IJaYwFBVXE
zP1ho>n{}fXMjT4d43b6TFFD-t_n#8(Pkr!TC>4tI_{~blS|>t`Aw$GHh+0&3qA?{?
zrR$Uv4%HYAhZ9($5(U?Q(ouGwZd}5CHUZ+Wt;5kHhs(y%<1f#-xfGD6S#6+5q0$_M
zZqyO{$bx!&a+@nn3;5VCsc`m{wkTV6VaJv#&8`h9i>FYy)a{hW;`HkCRi$Z!apM&w
zd;$ySN<%A~965UTK{78J^j4CHyHkdXXKWYT3y<;Ol*3LAxugfhV?M$U-7k$=sVW}k
z8+QEd1z@#38PGz4J6Awi+^ZW~8Yzy>;P|`t$gjJ0K88sBgBmG`AmVBz;7!6oMqY#v
zd$40Sn*Bn`SO>&L
z=m|$2?YHqwpvqA4c8$Vj$Z_K$Zl-z`;G2#-1`nYX^|+dgxJH!`s?t^4k0AfQnqzQz
zbfZ+Gibg56u@2k+roz7sZMI}%;tuTLr?@0$jvk7^FA+-}wTNW9A6sX#F8xW4Izv7Wi
zWX)ZJN$)`8vkWxjx9n6?v*Xq#;=cS4k*Q-GkJPy7W)y?)E^r)uVF4lif;Tm&UJe3;
zLn>Y`Mewo($Uqc&3zQ6H@+JpZY^uT~$k|?e&LVlB2=4Z!D)d9p*$MEG6Cq;ZLJyeb
zWDmr0?Kz_jP6N~)A;ljKmNp?J`LH2^LslYYEu?WDj+Ik&$$8sO0y+N6UNX2HG%XTx
z^Pno)1&)yaMg55D{yv0EG%jO=BDOt_jDMY%1@}Cu+GN%l#U>Bf@&DfhJ*q1D%R|Qa
zAu6+~Lk5>c$;`U`Dync>-H3wnO`~Ta1@`~bjYaT)V6bi1jqG<6+v@*@jeA#|D8w0R
z8XvPysk!@p;-yyOcD^_n1$COTe*qSxxGOqn=fVG?Uy6&jxLq|IpbOeTs0JCF2jq~S
z%%-N-@diWQ!_o!mN9`O4SJ_5$3G!4VLt3N5pvlZQ2f|(1o%;aE8u~p}iDnx=?8Y0=
z6j53Xq{`;kXGB&Zv^rppw$;T>2SbVRD^DV>`xuQng7C-i9;pT8*a@m7wcxr75L9rN
z*{a!n_>-y}@rUe;DORUAnaovu(l6Ceo3@;j^!*vk?y#Di0~yRg3&Qf5g_P>^I9iLS
z+`)Nl+8iF@KxkoEo@2;WL(qyi0guRA|P8D;$GzCNWTN2#cjzuTUl>Gg^oIE9LA}!C!CO|)L9hQ4u2isF)k}-
zE9$^eqx&&U9CkRU4loB-Ie(2%9b{It>LBAbs(r(sop?~;atG;O(21M>F~@l!6zwh8
zj}|&`rUM~|JiLy|EIbeA(DF+K?Vq4BzYj2y?=B%j
z1pkyNgr`TTpth(z)MMORoSv02o3kYv*8;oQ|6EgN2Mhs>dBqRCA|5`@Y57|iNPGfT}b`!zQAvZ^IB^|zE
z178oqBoBr2!w_8@gYQ@e=Z9oH--5+-UZRU4hfIgPBpvi(L&TNBx(&p9&|Vk);k(_z
z`5{?nYqFS&ak@C;km+EVq(fzFh`3!3aBRx1z)@?QNBiBu`5{?HRBS%S)Uo1GJ5j8>
z&;d5dr`Y0-V8sHlnftmfUWadU2j_>VW{@d^F7HzLI|vwAWj92SAyjqCl0kKY6#c&9
z^vG_H;+@x($+El<|B-`2(4ieNDj$Y2aouk3oHTMtGO+M3H_jKLa%mY_2Z>%KW2&MC
z#mby}$ao9VJrxg!)<*sDR6G+p>J~jOg)ZRdm!Yfqc{y|sKd**<#?P-pZ{gWx$jEy{
z#gFw-z3|Zw@YkY=4jpf2LwFK@4}DTcWD`9ybSGO38G0I)DTg=UL`mh)7r~JD9afU0
zo)oeij-&EoKimOdBWTA9D)9^8Y3zk2s21gIi`Fq8sq>HO!lbEG!$bAJTUXyUNEbY{
z@H>Ad9Yu`U%P@H!zOhJ`gj)L
zzfla1+a&n|(_bgnUO}%ufTWfKEyo?Gl^
z#hS{Ujc2__;VI(U(ik-``qAO4gWQJ*$QWdf$O?KFlp&Fa4nPMYUw<#(u*QcV4Ub#;
zr0O{vo;idIGe*Vzh~*pV1sk44pBpQ8gt&QoZ1*=C!9Ovs@jA8q8cDYd
z$7VFV2hlRCBkp{UMQmonb%)5nhWCRQN#zjRwBZHvr+N^Z-EcqDibyKe*qnxk
zU{AbnI?5$>igzUmnuqyG?9`lPVCIgM^V}T{M6;LT5oBbv9{TzF&YnwYJ(8z!TEq;f
zo{^RGayQ;WZ8!ySpW&|^gNiEJFfCaRYPJ$ta})l5IyA{k3u+goqF(jK>152Q>wiAsXMc80|9SMMSd^!kSx&ATY+deE}p6i9XfvX_fiyCgXNR|Szi2Yxvb
zv}r`=$SHbrJtzlWR2Sr8lN2kxS@!I$UDN+skq0QNZ`dl#jn9#kK67IFr(OAg%@
z!g~~5^q}{b*y;Kc029&TbV;(=yD0H`BU-YtcTsxiL5Yp+aO(n;Nh}n3#iH{Ous(WF
zL)1$Syc+<81fu-1L3~tefFAV8y|$$30L(8Ti4T1Z)`RZfW=mQFz;gr&ki_TihU-B+
zA&H7l9suBo15y(ssuV_A8EN0JK(T5zZ<<|w%6}A4eOSNnSDy(qj{819W5ZwTkJjq1
zK7~V(CH3In#Gy%ENph>t@%5Bve9{lq$LfJY!a&L)Fh&u}C=%yZpEnupRG%*&mkg4R
z0J*|NyVd6g^rQ*kmoJ0%8qqm&ZuP0vAD_BJCddy!``n?Is6L;s)0B`~0Q~8I{MF|X
zM2Urz`4Brt_;Vm7s!#6$DhFf}0NN0U(k02}uRgRA;;%k$?6Sih572aCp~x#1xB6Up
z-A=({0IVU9U#{AOL-mPIx3l4O01lLpMSi9ccJAu&e-#5@rohVB0*W+}iTahOoCi8|#^
z)VBeNV*9^|;kU9fzP*CHfl_thw4*uY2YvDdwlY&8Hv@ldK`pdrrEhf!I`{|Ro#5Tu
zA;}`9+e+1`a$p?~+H{9rT&d!zucK5w@tn>$xfbB(iQz@al4Nt0DxO$7N)>OJI!e{@
zEPR63QATjyGgLmYuR*Wz@WZtGle
z_T-?Ut#f5z#hCDp&b0&4GM_?Nj?Q%fF>-XPn+V>~t!~4fc#Dq7K)3pt7;N3@El6P9
zigG#N99y$rux!J+RpYY(gCm!Ke{dYJ9TMw*B19wnwdXMQ`Ul6LGN5&Ye=mn7X?NW|
zp#t4%@=M4gcX0gtw#G;~7w`v&WjCYwgbH-4k&Jc*$H_1043b-c+~K0#!O_Gd`4FiB
zCqVm{=o~qBaGcx@7nxESeFxfa4!y+Scxjj|B<52@8-H5}AA^T(wGea`k_uXuLoYEn
zhJ1)mKO+Fy3xFX6qI5~J`3J{<6DrWHhGW@?Bfl7+<-|gfS1j(}*sGBp_%;Cc5Xdjr
z9UK=I*^*8HaIu6WXK*|`*p~D=0Hsjcfs&lTF%>nH4@V>bknDhzZbg-X2ggz!ktmb0
zq}l1u?CLZ1^MLBZZ~XbIPx(!#B6mU96cU(#vDaUHN_~o!xdi?z92#z84Xi$$i>c;g
z9@ZHt_XB>2Sn4s_sXncXspffDH6oC_0plkZ?N*-*^p{OY74Uv0L=65aa&GlGfo0ET
z#9te<#tywi^;t5)7SaWPUJl5wTc!80g-ir(mP0R5ebP{Zlml`F08bN$(k02}uRa;Y
zRP$6+OOE_efKCw$<*Z_HtIvefcHrLw@H>J0a^324e6KCZheAxiKTwiWeXjj%OUeMC
z6@daIIn`(XgE+K7u^0frPzR){4^@hQ>O=XO(c}PX28P-P&pYF3e$bBA@LL1k4aC0@
z3(f9OyA^SeyWoA$A<1n_w};y2UIqPA&@Mal;zKR389PI5Q!LC7PKKVt)nE8)uhOD6
z+1#O)m${vxmKUm>p|(*Ed>|W8*%n4umz!+vP|Ld~&icjPb#`#m0a-*0lr%}Ue;H~A
z^+k$a0A`QN!Eq)wcc^^|LoLhs7`|r-NGTCXpKj!#_G2tz%U|K`K`y&zQdIDiBO<9k
zwpuXM#y^9=>H(A!2;`xbeC60<)gw3Z2OMXJhcgE>I
zv7PiY`O-dt+D&!F>0lhh3mm6UPPWHodu`+lnl97rae6lvQ`v2g)0x;>3LK|n`ywH&
z5O-&sZh1gZYfC(q#X#lpA
zkmPi<-QPe*O931P;5`SVI$Ej}+|jNtM50WR)vPl@W;HM2azOQAWzb)JYGaXKmc4|T
z0RCEY^yB{O^UYnLHH3e*Lz6U<@K>KDPa{*^>T?UbLWGnfV2mS{4kXT91DVTcr}~V+
zwm*U76EIf0Xt(;rcKaBv?y9KB|t)|%FP6TKcu~6g{
zi(7pnv1h<3SOLJ(1oF#u$LaS_!8rwc0XSSjl2d&~KV&E43jn??A<3yeU*Yr_PXvQd
z9m4Qe#lveLR4D?g55+2@-465y7^jz9aR%f3pr5hICfk6w1M$C88^!BPiTjU51`LAt
zScfE!GuHdRawb6c6OdA(`g?VK0(~Yo@y9EO4hF#~SJmLxc7l3_*w1_I=W0CbeK#HnaW)9f
zkCUPoJkCS5`fRQ<2*w=J#Bb!QVP~2R;S7S$owpbK?a6BB9JS!@Y!H06$Q~r^L2zP5
z@eP8SH1j__b4Q@`FBG3BQ%#
zUW30DLwo2>jVc%e(sp>i;gDoSrrR}Y<&y~eBhbz}^x`#&4$w=dM&WEEBAi-5`&Fgm*2WOHj&duFhAt~SlHgPR1%JYt}vNwWP*
zjXHh@mQTVgw=f37jzVnnbU=V!f#MRrEmn0DCu(*&k>?Ei?gfg
zT#sIqc3aW@v$~*nXOqCGK6dQ1qRKC$_a|Te;xQR+E9w$!tA=(fdI1A8tBSTN+2&gD
zR@AP9DyiW}BjH))qtHdhN81q+n#hRjPCLjCD*GV(_81o|zaU9(w>HxWK-;xv)d)KdZ{tHEeM3>P6wlFe-*eCWh!B7CQ|)9Fr2
zhMqv&!(iOya+A$%B7DfhnH(J%h1)EMVL6OV#6U@tWc!yUva~en#Jj+J;&QMMVso3w
z^cQjBlH}ZkahrgY5|Q-COW6Bet_{Yjh%Aj9PQ>3md#!?}91%(Mtpe2Ed3gYK1gL)?
zkS9mvtB!*E`PBCcxa(_)*a(yAVdCwd5fN0z2fkI6@x?{zInI8bx1Zu6RLU-JxRvt8
zbGZ0!AwCR+u+-NooJu(=4^5wZ`I8lVPRQxnccDk%N@!O~;}yFS+Ldx@Oz}#26N}}H
zx92y{W~;81Atfo$rcT?O^tpK#?OspCCB>qm5s
zoU5QdfHOT*=5h*X_c`1JWPL^aIr56dRZvG`-IfDy3_wc)`Q^F_YP84BhW-GI
zEFsBJQ1dVvu%!C|c({ZlM?r1YQ5RHvax(y19FUsdP^Dl6b$TW>ERvOXd@$KbMLOR5
z$Aa=m!qCy=Vync`Ga6+`h6p}|%0V2-7+$G5u5vhvm8ZN9IxHJ_p&5G<#PJ!HmS}>0
z+~FuT!=FJ%h2{`wi!g1mY8h!1U*W2I;xhPppQh(Wk-0{wAMtn$MZ@N
z9;W9y^m>zaaY4BX`!q8xQ-2?OSadGPSFf26X-$IpjL<{!?xABvT2pp;#4+hHMvj{#
zOd>{p0FJa~#=Wpli%4ss4;mx+(orR$rI$A`Z3(T|Wg>KA{u{W9fM}6}!I0M4*sBC|
z&=)V3f)2SU0Ue{sE^Gmv*u?_oKtSXYVAJxAzrdTV1yy_+$5BnH6(;SRXUkGa+hC`f
zlr7EjWbX-k&3BTrSsXMmE+Fgay`Ceo{xqfOjw%@~!5h>|_>D8AjB
zUafov**D$?5!GWT2h2_65tR#%8l@@2BX5s|uv%p~b?XMeKP8R|CGxQ_*i)m15dP1Z
z5Y{ky3fX(&OjLSW^!;QnIt)yD%qp^xT>9P=9azd0B7jOYVoUxjmM
z>6tMn$v$}+?72}K?&FnUZ>z#BECo3$RD7O-_Mg5ojxfii>E+BZ>6l97Cge(^SQWcE
z$bv>?Rg5+xsg261Sp0^RHHzbqQQa1zise%7z6t(zltdhHPk$9fQcVwk4}Ml{Kh{N?M6sey7z%r`F
z6hyI^9yXnblwOrMe+u81I7TYc#%o~@6NChbC9?k;U^^&T?x=p`ct?h9B>>fQk=(@t
zugP2nN642WNj8)qXhqskL;D^P%)wXK_i9-$Ie)d7fv
zlv?oKtgBl4HI>{7|GMPs`UdTdK%aCMxYXT8rSwxA$l4&u&6G28mC%R!90!AtQ3p}
z*%3y}61)fiXB#-_InaLIYd;^ipIhzcyLc{^0|!kMX}Kz|iYN|T1&DtdT%N}17PUQ3
z<3<*>Hc#Wm7PT)=;|z;hl&5hME9{thUShdTENW7o#?35hE}q8O7Bvk|;}#aR1yAFa
z7S(%C<5pHWKigPTaXpQ5EvkT?#(CCiezvoyzIhtAw@&i2gGCj|)3~EW6~@yz-=ccq
zXjtt@Gcczwc*n6vh{)ft
zaFZERhB&5~O}uh4ruQF1(hN_NNPQP9lk=eNHHnHQ#N;+l;s{!F$Tr9kzP6jNsSqB-
zxrWOafr>F!fCIPlO@WjqKK&uMBB#OLw3Ls8nit7q3bw+U8D;;1J@G&vO`OT9XU_i}
z0{^P0iL3^;z|}a>m6aAu)!g*`(H)L-c0~B@hrp~x?1=RZ>kmg`b|m<^V`(fagB{g;
zOK~JKE0Y~{eS;8YRugtK@(o0_%xcPxY+na-iCNj~$n_oX3`Y(-@_qHcf}=S*dio-|
zfv08ZL8cUizNg0_I;~?yz%jzNgkq4(v7X?&MoDPPj!C}7?}3sR+7(Hd>bnQ8N@aD3
zqQP{IuihtcbPT5f`99ya&2V%w$3fctzSB|QDF~kh$AiAqpF!yrRtN#hd?UYvqfeQI
zpses+tq54(vX8;B*0=IcIQnsPHv4w(fTMpf74=KL&$`1gAcT5|*L=gDhNF<I$x~JnIj1!CeuKQpK(})fumn*K
z#2>Xt>bI{Dkvnjz848w=1*IoH@ZNUtHC40>
zqH)k%v9L;KsC&8zd03;Zcp3^EuOC2HxfcZVa__^{=
zX!0094I~dt`v~NYNs^pMKGo=iT{>XZ6zm&<6(7G8HsN|OBv(;Gi$sx0G9cnx5>cid
zGNC|;NFgGNU>grvc5oDaLN;aQWfjFvgbm2dRUJUPrf9<)nn;MnWGJVj%Bu%m@hsWS
zuz?+sh6gmOC!UmH&k~ADLID!WK-tXEbglpgiAWX1F2Yt+6y25hD@5aBVs3IGkvRYd
zr$Ot^*`Zk}cv2XVfBhYrP==y9SjkE!0Oy1oRmlQ_H$a`p*`ryj@gz}w3F$^xffDw8
z4p4t3YN`uR0?rOclwa4Z5AY-bD~i(-Vh!X+iYk!TiN*si=QNi^@`_df4CE^R5z#rC
z6a$gG9xE?7qj(Vh&K0XjKShCbKa)aeh1rd=NdD+9kb1DdBq9X}95585-CPZ`i*qH^
z{uXI$t`vh|E}K8Q$Pf7+ETs5QP8us3H4kEk@3}3SXdZ0$wu3R^H4kBj$M-X|yXK+n
zFnufM;;kc#9hUEy0Y?}+B7EOs1FE@~9WlO_(Tz4&gF&pX#RUk6U`l!4(NUm8vLnH_
zXgvaru}Ckh=36)q6kj;i>AJ!kgNPYJG(e5>yAZo&eOs
zMM9R{TbmfVa06g;~50RmB;r&-g63
zWU{E{5Xa>A%Fu(jJG`|2w_OBJ_K_2(G-2VKGW6Z5G
z^dJ%RR-Hcr_N;7vdBkFlWF4K}wo_41m9aKerPn1-4d?|tKh3U;-4~%?_Dh}{-2Ml^
zM=~Lz;TjncaY7UH9f?gc{hBTsu9aal+c4p-M(%YooTdm75#nPR1!%+Pq)y@@PRZTf
zY4M|L0yVBxY!1h2p=FYp!af$8*;0!y2a&Y6d>NP7?CUYg56|2x3BB=qQ|lW~VEv?J&DhV7
zBaywaX40}&*`LUM0qZ0!Q_5P<@gm>G+DOaVWvh_=4%S#&)+_rJVIDmUO#O0#{HwnX
zOoMW@!}3b74=bGudt&wD
z(5_oGFgxSTLf@d*G|@`w{K7Y|B^*lUH+>TxmZDWNR?H)Otvca2WJ`9$`X;S_qZK<6
zeEms4Yj#xg^&g{A6$M5u%AUVc|Tn#8LfZ
zxV(A-V5epJUQEMkddJ?nkJ8x>eqNL2o4K@jM{_GqEk&a%9Ak%lNq~7|{jwtYE`^n`
z&pFs=5%~#XlG`LMr3RxcDJ+qE04i1P
z#|+JLeG}^VsKZxdIBAAwIcWxAy|dts;A=o*ZUCh3ulKO0y@v6$Pft+QpqgPSTU(i
zG@85yEY~Rk8GRALA1t74F##%568d2hmivN=<0t|Un_7XSXo!TR=$UdaD8K?2KsF>|
zCne$;OrCPLXQT>NHlABohNU}RoUtO|Mq5ZpRblrl
zMpNyb)uzpI6SURb7dg|C(?5rOH}?y3h=WQH|pi9bT(p^MKjUvZ?h@^^eFUeXJN!)Z9uJZMo
z$5W6D^6;9AYg6QkV44Tvk-}DsO|MzC4#oKpo65er9;NOoe7tO$zk$iJJ?Nu1V-7bu|$L8CgSxBV$;pXGz8{i6kRv0$O0^Q&>XN
zGSh*<4XktG(C-;@BPx6GuDc|caliEuv=Vs?e5di(C|)XyY97MiYs}ZDqv>!<{~q*T
z2;&1r)U5Xm$Pa}7xgTmI%1nkss1JWd_N`xqs4n7}A@Y^tm2qDV-d;DhMjWgNM~`Tz
zfW{ZWberC%@||;TBEAffBOxX;6kW5(e0>dKm-#_?9BvVbEoNxKWBh8Z1pPT#F%l8@
zErN2-qs7A`{8I$^yYh%fEuG;p?u70IcHpI>pa>Z?0)Y)2@;=fnrH?`pNfZy`Yop<1
zB;f=2e2%}CK)FC*oBoY4wJ!blKc5>6-ECk3g0Os;Y~mdpAW=cM9pc
z@oE!rGy$!RLsy50YW|gpNPZh0vRqvQBMU(v?O-H*YfRLn`*4gKA!~1|oo6`@^reJJ
zrxtE`8Jn~^=yBsi7V
zK>EQ?etsOtKYG{aV!WpGhd@LG{u~QYa~4&spF%eLZbzUxNOfFtt!C>H_N|cnUV
ztr-`vB)9?|{~@8xNnVB3M9R^OR_NJYf%iU#q_Vxj)F4Q0p@l3gEyRbQU2^EETjyRl
zKk6$8X{Cj7hbzpP(pq
zgpHtX!>Azj4lklBm<+Eu_-nl=nT^q{2nC48aq+j14Nri$&IM2+Y(Pb+-$j5|L43;v
zP|R&WB0kwpfHNRoasd=~8&C-oR|5PBFAo~CiUUR122_!HI|7sgG06q+Tjwg0NmAc|
z(NAWA*xChfRabyysb?1=nSDVVQw*RwWra$U`j#J%{QH1d;-ZF7y-|R4ssHgZ!g(6R
zEiRz8&{Z__3c09V
z?WH*|NF830rvdn)1n7=|kUB_n3C7__r~`rQpc?nBx@$o8lR?{S;=VaFDp?VzBnK(<&eUJ@M``|nwKSqLdorkVc)cxRu=L)7MoZnLTm#w$KYc&-o5bmo(>$aMBN2D?k0_XwdJL
z<__c|H?aYr4fWH@^aOpPG($1MGkrE_^ZoSv3ZPGt=9Sg9{57C$@Y5eThUnfS&HkNi
z{x?87;?UJdqGyc+Xqxmk=w<6gUjp!r0}^_jA)wEc=G=R1As(pLA*5of9_ND$L}HFK
zjVpF0Q~|AqOOHsv3Ysxrnu{>3%53u;_N6PI3o@M^|6a&nJRB|Ohb(8GUD#L@Eu&r!0&*%Lr6|h0P<~&^2Sdx
z_@(*S5v0(|mWQ^AzaJ@d2HlpyM;hCpW&pHxK`Iv+^t&|U_u6%2FaQ%>5QoW)MTyfi
z^Y@4B*1iO&r(7hbH~{I<%q`G|xZijcsADeDO@~zQ8LLrELpAda%nBHO1<+qyI8T-o
zGOh}c;hOm;7D*WyQ303a;~!YV7!;+M>mIRF)DVDd7o?KSpcu`p*2b398-P(R$c>_?
zQhyu5e7Opp+Lrpj5pY!0LSIIYNN8CEW4Xg7B6wm`O*89dL63V8{(Ff=kykStT5qsX
zH8ite6Hp%l@l|mY&3|M7w3cRmJR2hZ0?Zrl2;>ZBlx}9B4X0@4Sg7lqFV%o*KuE4e
z3N#3#oKZ&$kCQ@B)V+yHhI|9GgD$Cvjs$Oov83#3xFF-^6Q*SD%3Y7*%4iec2eAioiW7(F$Eu0j>h%hNRd>!pQ}TI?}n
z&FAI&?cmc}Q>!DgjF~Uu!O>TXpjmQ+FsbE6(hR#}IdvkKCZHYe3a1%dB+ceJj4MO?
zdXY2@?QnMl&DJ7m=GI|+0-YZGoM(?628GeU5J|Jc4ue@xv!^g!z)Fu6@c{C+#f2n9
zP)3la@vWv0J&D}QLkZ^NuPv$z;s~bQ)U3Q#xB&y+6C9G9NAz;H8X$MCX?DT$WaB3-
zEMx(`{|35T0r=A{%PL~ww@8d%G^^YN^n0Mmy)X{DAT=z~Ys|(UnpL%?3R8Xoz_ehHZm=5F*>dw};DjfaI#2tgc(XdNr0Q?*d?k3koQ+
zI=Z#-ZoGH{ntTGrx_<&S)Weodw1e9Xz?%-p4k<$qtBMsxj?P)oF1mD8X65uK9@$ly
zW$9s8AJ-TpgOSzY_-jWf-u!~T5vNCSPivQ1jviVC@(3kUU8pdryJ=SDD)a$kkQPDT
zpgkwYUc$nzS`;3mnUjIetc5#FMCPyWqlhw-d^*-bBZ$cursQLvk
zaO#&uKCiFdt$9g$LViRFXcINFBY3I|p@^Eel3mtC>N4@?NJ_r>go$;kgV+Ito-UDZ
zHaRa#gZ0mcKppN-)B=Mrvmv_Km6Lec$e61|oJF4!K`!HdP2bxD46DJgpO`k(Mvn97
zL^9<+7(zeO1)Phth)28XO2hjUoR^9FCE`|ECxaf+f?q~au$FTNfN%ut2ieGJKcZwF
z)OiHsNb(XDmX1f5k7;J7KX4B@XuXK;kL+#)EXr!9AgM^JMYlzngsAWs
zuJ17(hpJE)AGe0blYeKEZ&IWw??r|4lqV}S^TIw|Yz6d<;&5(4WslL!?h!3%eIZIR
z_dNu;3i=O_2y`kE*-T)GB*IvyMKrC3w#zFRn>8~8dzC!Co5^^)6Mt<4wd9H12Dppf
zs8yieUYbPJc~Rpz&3qoyDdx+DZ@UtF*FQj9HfZ4#Gs)kWGhWc52VwLhq?`z2R&kcJ
z(L<*}C(?p%%&?W;6#)Fl0STR#x_4;i#%#Q;iY`*V2HHM9JvtSA>Mkw(tHHLGaR#(=
ze)^9Ukt6%H@Nak9`yjVL`>O=~fEFHU*!0+{_$U_sDnHcfNFiy{?`Ry|0-S-o#eRSrD%ffMTGEG(Q^i
zALAn}@%L0}@tGIkI;HWE95aGyh;dfa<8J~Ui&_$ozl#0^>`j9BnPxqVgA1~rLr{YQ
zzFv$P@}e9#K^H;ERo~3Q4iUuv<8OsLbpfcVrSrbl#Ze$%ltFj}JSf#S9<{|(Jm0r?
zSiag4P1I-@LEp@4Q62eA79od_|HvBX9d;oS2Pq=iEfC*!Fhmj&gZ?A$M&~O(1?{p+
z=ML|p+)03SvMcpROF@(ZqC@d#DXL@oLVmCisHemJ!aXpow`&m^gHr%(K;Qxj?UMZF
zEGk5%kM=^Lu$qK)AHQXUP@gm>xt>!>TlNhSf8v!WQmCp~B>Ly4ZmApvD{Rlb5_(S+~f{p%2p-G(u
znjQ+xHZsKcGtxzCPzU|8dBe*uo1FO4R(BU&w-}nk_oKPP-6$VJ1?~sjm-12AN*xK^
z_ykf)oU#ChHu6^(j1`yV@1LLupZA1OGA9#+#EDrsRI=O3T+Yx*TQ
zf6>G`*LSP*;UHen;+XB^#ameL!c90qvtmw>7k9^8T|3-{le?_(Wp@EE(ns(g2*h+w
z?iHDX(h2IuH095`WZ3PdeO@yJ9h}#sO=gp}ioLvhXC}aEnY7)DqXwXP*>2LtrI$C<
zOqz*!&1qPiwM^Q$^75p_Bt6PvaTa@cnP`$q>}5s3B(2BG*OZ!ci>YPOy|Z4E-dHv1
zWm>OEniadfOf%^sRm=9+OfY&~)iTNIHR-Za^8|Ywht*;a%M5Ev_Ht~}O`?|hEKD4T
z$OHT@z;WaOR?EE3CfU8_pG1s9uWp&AFat|rj}-F=>=v6|Go2vK0P&iV2Ku&)PHs`PmonKRGnALU=zi$&T}xu$$$e
zkXYv3*riEfj}(($`LWpanjaE>Q$W1tQ-!eRGWsn>6AhdLNz{5G4rOBXLFB!b&Awwv
zED=$jFuf-Em=6P(Vm`u<+00L>j7b`n*Cc(>B;5{ifE7nrIuj#Z9b}nwL6g^{7rjlo
zip9$wNIpDp)@(dM$n=_Y3y)=f!=|#=z>y2fOo!>^8&piXi3O)mza|g5zQ?3XbdY3t
zm~_pI#lBwiYogH=ITl;t0U2gz_LvSDyjf`fyWu^OWeg_kBu0?0W!{0AVv;wS0wy|U
z5fc+9kvDmyn8~nPYsYw%2AexDomM0lU|v@6eg;
z0mo@RtPz+!nDZU@dQH+lO;T(i3d#=Z9u*|%D3)n9Bm~WYOU0W!8g~%|;+vW{)M51>})pwu9Yb(`&v)
z{CxoNn)fY*br_>JF`8&NTGWI@(UPEfKNDqB@}A0OI{L2^CR%Kwx1rAM1prgbQ4Hw;
z{>T%!KB3d&;k5A;nVJOq6A?7bJS+8I;V{%2mY)1%eqEEE{GKMB11sS44W9g-CZ3Pm
zZhlV_ZhB9X==?rrepPGrGICe7cH)_w-dq<24S7K8R3AeOk8DJ343{Urnst)V)vRv_
z{TQweDoAJ0%m8#XYdE8;Tb?44UEPYuGr2AzUeK7)&j+BZTaPokhSiACHLM@@hUd`1<0p!OW(=~hAmyNITE8&5mh~K?Ygq>gJ#pkX
zQIO4`i~w{ks|sA6{1oc~qf@Nk2|Z~b(9Ib=A^@FYb!K#JtMnt3)Y?{EJd^k0I*@`k
zjD8{jUE7+&=sH#&qw82h2_19+No~vM0|Dqd))q$BwdOFouCouv-kn0!X
zZ1o*D$1!KshIS4}vH?idn}8Oap8RyH^kd{sx6<$&I$``2QLva93tdLLL8M!)n5B``
zomm=Lcj1{Fz8PUHWtN8>76@!)O=WarYcZo6TN?>|&tjn0FnUh_8dOGSSo;~BVSP&I
zKDec^U_GP12|#C9A2B-9`iaq*R`}yU55p{?U<0FL)BNS0X=!kI@|##SfTCv}p$}dG
zdNZTjIcRn}R>$&+qML#7g4Nv+CNllM>;(2X;3
zWxBrrI$HO`<;m}49b$AR>ms2`Q5VpI(eDJHJ6YQpop1fY=zOaT_O_DiQy0*S(LV>E
z^R4rYF0kqY<;gFwIuLr^aiCW)x^g3bObV9W=Wb
zn#n9(tj)~Q#d;ghp+oN;CJMe}&^(6)=q}bcMt8N&F}kbuD+Q2#00CTP^veP0uGVTs
zce7$vQRKT>b?{8?HUsGU7=0lC-OW0}=0>Qo
zo<7!dcqTs?4xUFjm@*l59yn3!WBtJ_eXS$R($~67!8C0FmRQNB)LT0|h*e*!4qTr6
zewKKOQqs?g!!tSYalo&z%t-<0epY`*_qWm*-QOy}GhtFMpqog(7~|;xczyWO@HX=^SKL$1}MZWy?%P_YFV~vRX5Gu+@^$gRKF0CQPPu
zW=MWH;-LWeU~3Y?hgj1YKE!&Q;Ez!{vlV<-0DOq`G{c8lFEM&r#q81FZB)mNN!>wds>Diiid{{>-z%gtZ;!t2p
zSCIT^9l|tZo)OkC<{4ov;BY8f5sGKN%VQ6cBdn3kGt%0~JR_~6#IuhEn+A$!Uojp>
z$rx!p#f+n@@0oFw6}lFT_fTL$F@EbXBL1VSQw$$%B?IQkA8q9j{Bg?R8VX*%slRTF
zwhXvD`D3iU3?F07Ao!?@fLBuRd!Erj3^{^bSxx!tl#LeoXQy+=bkE8Nc4q
zp6I-^M21LceiTPymPmd{WiZh=c?n~22DEd&@}5oJv@FGZBDpu#NIE~tuO6)_MzUk{
z2J)fv$ryT282j81S#%te-}BOggnsUdU~=%oJ;7Z;#?X`4|8&_o!ipXzy+kMe3Rsv9
zh+W(#jlh2`h91Pwgvex32~*^+y+kJNJ}$QkeS10NR3jNfPvW}QWmlmyJxzM)N&Kr^
zex~<*EE4BbD~I*Ky?4R-$yPzgVj*$|KoTvr^E*9dgt-m&am_KgwoD>jl_Ove)>o8O
z_`VO2lxp6|Z;_O>j_+CWtr4odLcTpiOR?;}Uy*Ok(D$%<7_9eoe1oFkTg$o^J8Z#v
zq2rrOzO}=?zzS!uKEm;BK)!XtEGQ|#`UJbrXiwz*HMsZQA2UP
zXt4gE!?1;X)1!v7@MVtgZt`su{o!kbU19rr&HbqTNc?&-mHk8#&7A2y;S_uA=ZyzR
ziGKyteXmL188vTaQ;wa5)oaGkvW1?*Q+aH+V95cqb+36ZCazwy*;x=1n0SC!80k|l
zCVl+FVw%^y@&!Da!^3OR_3|cNU2d_j*Q8IVS!Np)jMt>^?^*1VORw$m|P>zOu{tS>Tc%0@~Zd0@SO%^C2)f**F8ye8SrQvjy0
z)oXqRZ}Td1ez=)9$-`pPYtpBoO;2+QJ@^G!!(qh=Cw%et*9CYau*Y0Z|3ykJ-R^HO
z4T~5rlB6Cmy=H^CAa-O)7q*c1?5$)f`wkRBiuvdR1SHd(!cvq6-D7FewV@V{u~JOl
zq%5IZHnHLZnwP)0W70Q*Eb}RjNnfp}sI
zoK1MIzAnG}UKi&>m48py|LK<4g?knKO3)31`&6xHOladRf$k9^hxV7SfwdiA?Hw3l
zcTd7~63D)=OVgxy0mGMwB}t!U;Tlmq=g=o+@vFloh5sXbLzus4gu;G=_>^vi7np2p
zJr`RMzAiS0_S~?kR~MdI3m6>spyFW@hk$Z94A1z#g*_g=A6x_AW7>oZk6
z{b8>P#Kw$#U5E#5%wRWuqP6{5XsVi_lk?EoPm!f*3q&jG89EV1$>6S`-1(tv@G=hE
z>9mug73D^?!24UlxKtvhI`*Rxq3Wj*$lZ1zrQJZ9A`tgF(|GzK7Qnb{0hb6>m9>?y
zLJ=c&;chXTxuMIv1I#@PWI1n5l^W2tE#Hb-YCtDtQITFK%P2W^q!-F6%56t_p{(mf
zI^rM_`LK+luL^5L<3;rxgj>@NH_8q7o4`niX6#03ydcXfAtOZXGJfjHZQ%1@g83(IlKE88Bdy@KrDx
z9zh>VGNM2JN{AwG+-J*~?8?~<-{RNN6HZ-6&+#aSz6YgMe!zeUxO+R2wlcJ$?B3DK
zD#X*r8uX&qX5$Op2VNH9Q!tLP1Mny4DtuW`n3JFtNYG#Rssv$B;h$XHDfhoAshu*m
zSV`@aNySQPr>tj}l!*BR;heF!L-X}^5^!uVDjg7
zi*#82QrHVzWLwQ&b*Xv|FvRU>R@Q#X>`
z+mzg5U;<(qG8(%~ex?djh$WRnZjogS|eN4H_YhJ2afc)Z2{;^0#o-K`Lhk
z?R-MeRNT?$sY{`Q7w%~ya=NFwa_5Vf-Vkzjx+=MRH?ns)vS?Y9i6vUr`_ikj)^1tv
z%Q)q>Th{xss#9LI>pv$%Jo=DBb_o8Qs|jDOLq3&cQMxNC&RF_{B{he%xdpCb{%NhsB;v_S_LreLlCwwI%eBOrl-@A#rViJ6pL6
zMf6(eUw=|GY>6md{>jzV+9SV?E>+}!zGfHqH9bSG0_qv4ReT=(AhM+&?6vJ0or}7B
z1<`zcs){Duw$P~%irCc?bf%A`_koZ4QX2POQF%V9=BU}dqw*5t>EIxQqw~6n&TBca
z&)72k74I4N7VErfXTKuE+wh%ZW2?B~pLDRA)6tdPBSaS)SIfouI{dB8&3D?I%Eib9
zPMgEH)*M1^Pf>~O;|iGpAzbE^SocG6Mm4N)(Jp)F+3UEDc%dGz5s>UeMNU2AZa#ZtQ*}e
z@a3BD3I~XBnLbb(YvcS4>r>#+6wpKeDwD6q33G@7Ht9y?)jR-qIy2=ohrTz~K0NhVd@7?*xQCOeS80L&TE&(tqJ1^L)I&Wrv>ahF%H2AuIzSU0}iaqBebi
zCkK@JHr`)89pTI6lU9dfH3Bo9<;O5RBLC)t=(XDz}MJ&OA|B^HxAnt
z7St6alt9%&>|p6NDi8qOMb%;KtfQQ{BIfFA_yUYA7j=(+a`kUuW^I#jO35tL!xYm9
zr5P9M<&?WnRFA+&^NcOTUzhR=5V?I{JCV!AC&wTy-jT9#E7l(R=&`mG+rOv%%!k&8
z4tN%1^t2_nccb?re7TDx^4~k)0iH=(>}rtgPB&jf{kQ>(kN0Tds!JY$5$P=?yn4)D
z+)8DO_qVdEVCCM4#sX(VqA+)aWMrLKl1!rawRU!}U5_Q~W4
zEmU)gF5R3MSN~h{?3!Tx6OKG
z)mi4MK4`O^sodE-ktzGEUd9Pl^`_72Db$nk
z2%kQ3KseS#sW(zgm?hAMM(Y4_eWJ=Ne{F99U#_Hkx&KCQM4#b2ZsYtlXasO>Z*>4*w}_{u6#g|`5*fFiB(nS-cuF8#4P2^R|POB&hCwyx9f(f_5ycuRC)x4jSG;g
z-Gad#K@AL!b!grandqs!5M)u80$#RL7v;K2G5v2zs0rT?mQge!!^+Wj*Ae4*THdCCw)SuBP!qaIvC9_WuMLs#Wf7g6
zg39iNJq;T-(k-Zdz;U5k-SOy>U1tmvmqHzgPXQipMMRrn}3ZbJN1NNu8R95(vrcdC@>2S35
z+FO9V4d0VC7IEaCTy1o>u_3l*AJY->e8$H4m8Lx4xTW|9NhnQfQ1mNJ%8kTMfsnSg
z5WmtyA4B7Ai4yC6V2Y~;9lmmvCY4~n(xlverHMZ5L}iIHlS#CSNTX>qeb?V7pBabo7t&m~bUO+QvCXlWo0d^K8y~d$z3?t)0!&ZHm5Lv|@JrZH%9K
z(X!d`ud>gBn1Gj#-Yi5O0@8ZH;Fk6+P?De`mSQk_x-Mqm+0~9;4L5#E;2XlcXklI8
zpcaO8P3qrYK}P1-9R8a64nUldv1rXs|4w44e~+e*)cpm=vGFP=Cc7b3>-o2w08V{v
z&Q1USu-HJKpi_$trT>F`OoJ$`6%4<+LxYWor7(Vu(8UNm2iY+g<;Gwdd_$NQYDE?t
zRGFjuK&@B-N0g2C&u#a>Hy~ziv!*Zo1vcxLQ^=@Y<5Yrsy1|9?;*9#osndR$Tx{yJ
zU*p;pa>3Pr(2Pk`+JEMx3gWvECYRu?H&
z`RF4k_MBJC;e+-OYE^~KP)RGTl7)OOLavG4xD?bDQq>hw1->Qn8Ou#m%ALQe@>%6~
zPfRLNx!MDqV2hw-X!^<3BjD>cv%kw)9&WFXh{Ddu-4#F^h0!?ukB+$sjripUC9|Do
zGvx=hBD*Y=4AF(Nfq#kc>2E2#`~ba`sJoWWRs>3ocx;&2)
zp1*7C!xJY8>&@T2yQ?CQJ^!^Z!~8AHl_4d}=h^byo4-|Y^!zP%xj7=P;EWKHp(I|Z
z_B#4=pmL+xASYjU{-!^35ANt03wxp?0BkA|-l+J#E8=!^1g@yh1_|-ZAX!lZv_~rT
z2%5i_GxqA5-$;w7ddP^#+>D;H^Q>i58WV%Nb0I55nu66u;MSj)OmZ
z;m6~9Ij`yQu}?m9ImeevuaC@aN$;{^DA}U-lIfM9utQO65ehLwp=6#
z3mU8mKlRm;#v*L6?sg%L4V2EiNf&k)xOp8HeZWY51`s%!Ey8(Sd7jS};k>y#@5=2U
z`VAv7pX)X+xm>#JcJV*vV!y9+WN00mpo14!3A>HdZ{&Io=R*X}>!!5h1|c$5+=&%8
zkYg0TH<*12D%Zo)Y9SZ557<9J?V_+WtkB0Ois)4g8~?>V1pgH-g;9jN891&I3iwq2
z?h+=ef;idEapmMXcq%I%uR#t8=0SrVCQ8&zIN;huf55pA2%-4Ak#sBbVZlP{BreD)
zUh&ZE#|=s?h(!EPFXP3&17sa}Te*t)szK3JTkgih;BMuJ7_^m>r+O<#$l$GXJ?aPET*Vifj!^
z@l~X3w))}##qfhK4&=#;1GJJv74SmREX+~sNV<@dus0LSZwNLIOMUeOt?{6^zPN-*
zkLLgp!*jrB5xC1JOWAelN&!wP5kw@Csf+Pf>;EAA=>b_~=xF>giV}LWykdeKR*ETN
zBPlP;cV6X`7TF8X$kJ!Q>qDo=xz_V~9?R-7lx=etqNIR_-_da7W~INW*1uKi4_b~-
z1w}4Gi@A?>7QyaQ*H&mLO6z|SPyb*%MQQNHkDnkMZxsE?Z(J%i)`Vy+Q`3tu@a<WPXcQkB&19p%D7OVown)kHc4)bfrTe~YSw9;|
zAwqvPs<`XhjI0qtJOGwiN|4vCMu5r#x-4vek$)WRZ#k&E0PxnrvnqOP;aQF7x5%eI
zJKaOjK)8bL7$J=QQ01uaemdbL~J*%QzX3Iryg;|Z{X&$1MmvJ#viSQcT
zQW8OBqkqw?uF58Pu&X_dh2S9|`YES+)8$z<7tJ8H~6@Me$
zQt}>9rqiNauX^=lFQZmif5|nwT#trsa0acv
z@(`Svq;z=WXGVXw>tOsmFV`!wt6=>#1uSy>Y;X_KDQq>3Jr;)b
zeSs*`0K5?I{^C_o7gX-g`cfs~2GkX%q5;h-E$bwYqd@YqC8pD+$yLy9@V1v0
z;5GAb;K`Y8jFT@#NhCF8ds$*Q(s{~=Hrn86pgPQpS+_k-$gA)$Z$NSY6h^pt584w^XA@**owr)e46wD}Ril!@$Yb
z{hm?Y-91o1Ao@L{wmg@1;Jk@Emv%%SGs?)_1$LR!I^y0}NE)onZ7BEMY9ckK*CZIYj1MT)2$wIr0dj{L%;mCPR;XSVvfvVdsFPsTimRho`
z3%Og?olQ0`+1Zj?k$7~r^rm$nU&)Tsw!9BXx+Nz|&i*QeQMF;zB|thTMsJH4|Db9J
zAzSrPNn=iNJ4lw74X_}{*@CfIu{Y6r?*Y4>DR{Pv9Z*G%5;DdVJD{07g%yi1bBzSU
zx4mSQdR8oPtq7U0MkSs9Tv{Q6AFv{CHl}{X?u`mxfSo-{&eo%XRgZk8md+RzW!rW$1kaFg&M$da_6H-dEsaw*ni|`)Xrr^S^uF%|LMP+xH`$4uBx@
zF&ucdm>b;tp5op|nzr3;iRY1SRd#s2?^RG8mVw?k8YkTQ(k`M~d2wx`b#FkKPym7@AH!CEHs#O@nN1IyZBd3)_40Thj}dkCNHH1g#a2RZhOUI()GMKQfo|SU
zS&*znY=j8eyKzfPR6VK_tcSNl|2xR(JX)&sMwLsT7PASTW(--i`^=gBX1RxSITy|SIRcKSIX8?gk$-0LX3b|
za~2NV3AVMstJ8b+>MzQSPv<*2GfDplYy~zV9jL7H9I^*gheeM}fs9nh{TwG<
z6yDodTmzMjUJpfbXdEr#r}|Rd>pcm-A?i|kI5HdIfFZTsje;$Wjfxas!DNYGOJk$X
z_taezN%&M-;NKw(ac!imiyZC9F~Ra2RsoxnNEKo%)j91d5~|b_VhNq>3C6>a|BCu}
zhUlmdsTzi-(XJwmRzC2eKG7qB3Z?}+tP~clCgrebGpA@9)kb5B2A(1J%C@l-Wu=c%
zG#6Ce1gyfDwCorpeAOZ|KC4SZ`Ob?}*gYZ7y7~7b-Z-A3_pIYy^n@SCnAxw-SPsib|dYrZ1Ec6(>E0Cuu@b*ZDdn5WOEAF
zmKY<%cAUI$w=C68U8<{~26-SC?GTZp=WKP`Y7WlP>YlSRWUJ!^GaBkzJC+6+Ze*Kr
z%~$XFA^q$O8?_%4#a`m3pF})P}I%6M*2!*i%gR72p+q6
z0_h)j$%^&H_hq0uECUUqJ5H!+#{V=5k2r*3k04uCd?Tv@RWx;lj0^bj9dZsTyf+v8
z25L~F!JS(>Aa`w;+)9tSa_a=iT?e`NTVXLTOz!QVhRBV36=T9kP*c0e@?qJy}
z2G(+QhIx{KA<|xi(0IS6RyRN5P3bUu-MWmkIX|h@0$}$vsEre5yHlOf-=2?
zoVg0`^?-Lk4feKlR9iDymJ+NRUedrg2U%w9FJqA4Mlnb#FE*
zV|<|p`9?uhma@egU#7XX%yGw;KG<(2s3o1Z-+YSW)U*09S$PCes@Hulsmi)?Pla*u91;k
z)G6-bMx5P?K*}(eyRnYncTk8Oon^c8Hni2pqmZ_EY_z-d{=YWby@B9%`Q?{*^bCT`pK;)JSxv4}5MxJ}s}`+OGD%b6
zQA@;5L>pChq-ify2GwC17{1PuEE@voa8yZuV5AqR+ii)5zy;z%q$_v44K8FKa&p~Atl}LIv^{~WYq-&HF-fs01P#xxl
z)yr{0R^#1v8xTVCAHqY3io;~+RbS!$b6mMV^?v*`mZ
zQR-!*BsF^SNbD87*}T*aNigx8$!WZAx71F_L01Fc#a;QOcDea^v76T;cJzuX02|Ku
zdoa}0QRX8MqpB-wa`Ebl0!5ZXjy$-CA2Rab2|qa`sH@QOLIB2{=*VX_!@V`&-ttP1
z=iXtg2kxay4X%4hIlDLhJ|R}%q)I#KUfhhM>}xbdxtFqof~6EF4sq|dor2u^KETNo
zG!1nxg?~fbOQG`+_sUqh=Uy2w_S~yt@7ldm0Nk7238Lba`6Z?G7=iAE`T91W`Nj-@
z&g9B6-lRcstvllnuYsJavhsA+Qc$_qxPkHbUvOchlfrq`_%CqW>nNPe&G9%W(qFn7
zL#~sc8fBbVRig|sb2VmDHQt75Y_9Zp)tEh1^%BzKRwF5=YK$KOo-&HZo6W|7hvy&C
zCnxQRDJn+IHzLMPRCm5(b=wog`>L(HWVptW?O7vrz5b`TDtic-Pu-w%8iGzgJPo;7Y^xc-4RRH
zV_7qRlPN|T+Sw@D8`9Zgu#OAqY(xki%Vd1m>ufUL8_T2sbhfx%(7zvQtEeJ)9p*hy
zxx=`z?D$7!<0@DySyZpXWIm=kOlveUF0%oOEVHZ@jC&!M5YS=N(o){ML?y=jPvhP;
z+)9?d11+UO4GLXrN->aYNpvnQ3^`Xaa$139Gma@GJ(0ba>
zRC?%Pm)9Blf8Q*daNv7{2f%4QfCD?6E;AUXaS)j#a`H4w%tE?KDfG6D&w}bOFC1Nf
z6L$0$DADj6tq
zqn<0lc1u22f*@$I$NuPUym*?VlHY_jrP{00GZ4nTg&v4;`yAOreJ(ok=a<0Q0-Qg!
zkhSb_CeBiv^pvX0N#Z2u5#sCv&d;SO(g|0Gx2ct~d^tiEy$;;Y(=zN1$@Uc4HWE
zKaLmTH&ELvthW!VJX>MiXe_N+eQ!slZ5+)T2^l;&8pVNZ9=MhuSX5id@dk%GAP4OX
z5w3JA*}VlW?ka=~K~BpY>25ST{uo7jgZ0wXAekFPCCfk$U&=@1r$JO5Nmx&aF+^xe
zQ3{Hw$1Yfb5PG914x!W2BJo#7V&C6f>bg_w`a#?FubCp_O4xr*g>B9p{BLCwiGNlcE`{v)60$hFzOSLWo5j7=ET@txIE{3(hc6PpSZ;s*i_1mM~A1+
zFi4HPh&O@xmPN+s7=N1=n@O0dV6ndvWK$4C#AQ##4gX-jc8kP%+sdn;a#y45@Yp(c
zuye>tmhto(JVhI~^-(;>_yl4)O8D#2T&!R_fvWw0orbKU>BXYU(~C!!9}9{uXFP%$
z845Yol=K8GeSD~Nj3_Y^aOWYYNjJ-4Mk|*XMehV-skQLj;`>N8Q(9_p>;QypSw*x`
zC^ZT3FEDn`lH&GgartwD3g%tEdCRUS!{YAso44&^*Kdy4`ua_q^lT}%P?adQI|g*$
z2X>rno(N1#2-F1DmdJ;>Iut&Y+
z&AXL-rDSwl-CkSSmm<&e9;HCsC@nyMce*|^iO=16t}#2_Y+?|
zd7dMsf9m7M*16vKfw510eD5&TyNFwgaqtABU%yF~$XgJ80cy}Vh(6x~*z2Hf3d08G
z6~{h^PS*g`2!+M2T9xHtQ2$5pda9Llt}eMcC-Bc7XaQ5LbQ!D0Uj7>1bM2dMsb|wgK<-&rZsNl*2svgO
z99V8w$ilVj0#WjbN2433t+5rYBo~`74Oa=;BFF561G^=OT}6c2Dx1t&k
zs>5v1S7=;B*m?m-yYcmptS;Y!$-;EdJ?5%>M3BPMF;}xW=>BmPG|c>NxG;JGj17mJ
zMf@BW5nc_TF5-G&#JLRe0j1n)H`hUBXX(iMHFVu}YKiI9SBs}$O=#qOVoFHlePXtb
zyeF3zVgMM{w2>>-yL7K9A~94b3aPVR8F}x@k$04f=%`Weui%rF=TDSL1g^+wGe;d*JkAjZ|xVkKzZWM
z7SzPBYD@VF3PCmN;J~_ak%h5WMo-_a4S|`&*8E*l*7BF7aC;V3ySm?x;w6y
z{9jQ^@)qyjGj9DH;gE%RlakWnwTL88*_y_xMZ_gNh_}sxdakate3>p(Z%}y+M%l%}
zz|eDFsUhXPH$ByfTug!J-H&PftDmVq|84JX_t+aUy7c@h2?F|24!LFJ-RcCiqw
zTQnIx#E@MlayS*O1&Ve(LpsST+9(L%qU}Q0af?R3c~8*?JjWG}x4}OO9vwYoW(qyZ
znA_3NFyc`+jHn*{#9J;---bt&Az@FLEx&`xm8))n7IEu4qPs7~y>AMett+<`sKHpC
zQKGvU6)(4^VJRQyxUSUANSC)yV@AL46r!}?GW+1b)kL93@8z7CBy#KqOUytzLMin6
z(L7Kc=BIIJG_))O#axdA3-h6Ah)hE5u<_r4NLwly^|jF_L3NmoWaJ@8dJYuxA`UF$
zLl`6y33dCorYQLg9wtySQnZXjP#tE2jQEA9pkM09O7$veFfck6$`!s2->e^OJMqp`|$}W;<7yl|dCmsD}|s
z8;rD{lHpa*BcM9WMl!ac|4jwOd;$lqpp#U|iG(VJKPA|Vw2hMCRnRM-I?M(caj&;U
zd=HfMwTll=#mqBDmM&@OEQy;$(cRg_S~A4Xg3uT*+F;d4;QO|Uhr;Ae_R0`$peic~-puYzj=s^a#-AkB*0cqN{?
zaO08gpSK3x1ggU#AooF>klZ?v0aS4`|J7LfuV@wL
z6rVSe`~)bsitYH}PCN9Q{1}&x`ifa*h`iR)=iaDtGpNPtYbXu#6^Fq^HyrlQeUJ44
zxXf-ia2YAy8#Jnr$m%H91f)4ip*O0`0M%iB8WH})g^Q;_F_+_@D?(%vs>69x96-8R
z71kS7j)Lki8_9SdPX7cH^D7**(?ueoUe3mUbuPzETuO#Fs+0uPVK#Ema_oWIg3`W*
ztdKUSDf$>idqCxt0cHPZjF)b74RC1e>8Ls~GP7c0FW=Kqx6A??M|~;2c7xXmA?}D^
z-=ZkKtBVGPHhYx~*p%@nmfpYYdp0U?p)L<4n88kDr%5gvU0khUh&v7<k|2^{FbQmD8={FsR&0D7#pA^1s{0
z0)RPSNo_-fw}eefkL!W(mJl6T@En$+iHETzRA6sRFjuKDfnuU^OlY4)mhzY|4z5W9
z!c=_T1lSBz?HW{x^o-%JOhI4{OpHSn^#H0(73qlG+O0*wyi{^-8@{ij_^p}h262Qc
zzKKeu_y0p$Z0SV^6X
z#kQ4=6fsFm`Ejdp!AD`e5~qS1Tw>fw4r7{wI#OXPXt^C+tb5TR{uX%ur%F=)OpTif
zoGg4^L?sy~ldpO9=Xh?o8+a!v-XWUzpys_NB28jxMS)wK?}@lc#oR>39N733
zkOLLJ7rMDr+{U;ek76~j2JJy%@7KDTfErwOY4a0Sin1}b^mvN+TO}GyruxB^#(NPr
z>ISY$X|l|o-u|JoFoVwkb_S@QhG7@DSl5pUcMKO|6{zMbIPgHe2vt{?fYEa=Z6U>LBvOxVl
zRTgf5mOUyIOO=VMKqKsO6bFZ%Hhv|(onn!fl*ZWlMV@%&#|0s#Lyox^2QDH-&w?gT
zQnKNgDRv|MRGHvSo(Dm7n4c!T@fe^_fMR}z0}C5NF3Kd-YuhdHFVZ7nG9uSP2D6cj
zf8e_WP|Q>uSO!HoMIxa#eQb$VNMBGgyvefzs1CD1Mxl|1SlIm_&A>N2oY#ej8M-uUfE@27vgn=s>Y*
zmEmpJDy~!Oa#{}S)v~*z4vFa(G71v+@
z-Uur`uPYZ<9(pR!tejq`;4aGCmn+0gfY)9GVy5ErB8VS@dcz1}z;&exAqHG;su-e3
z=!3TR4cN`d^{PHkzynP_K{JjiDtiLC?CO}J+A@wvsxDN)n?wOm$2W_Zvwo(-UpR;a
z|GPpoMuyqm6-c-JdM&myasANR6y1;(;G0Egk#OW4JpYJa=A$@p!y-P>nIMZ%>$8x~
z!#9gSB7w%uW%y<8!-3(R-OGdQUS9npiuQIU)`y_=eWYjc%_8Qkb#&N<1M1}u?9%d&
zqh2DOSGAB7$qfy6J>Fl6ev6FTzY?Mv9jekE(VCc
zLcEX69Vv2P>Z&E4arM(}v^<0ELo@gX)Se1^kH$JLsB&rSd;QUVK|PZ!+gi#nU
zNEpFiyJU*$$Ujj*dIbjX$0*7K)nR@Twi#NQfns)Yg;8uRNEpEl+*&XK=~gAon=rM%bEOF+bOHYn!PIB+r3I1WUp8LwMn7t+U+3|#C{2JHvcVK$Pn2`iXmpqS@yU>Q_<
zK?V_gVh>CBH{vR^66U$81gH-4ldvnja4QTbW?dXu7zN~lgb{ol{`tBy($C6ESM}DG
zbpzF5ei9bf4OfOhF~{M+!YIlWB#hvL@hs1Bq^~Jqo~zb_>M%bE+u8%qJ%D2F!-0jR
z!ZMLasG*ZB@fFf}N`~jEi=aBp1{ra0wZaW`n+$QE!g(#f2B_TfWz@=Rkvlm8gH7Oo
z>DU+pm7#cR>q2*NdF6wKH0t#MIQ{BjyvJ0by=~q?pyh&Tu8~5l7$70k4!GI`Zxd0f-&+WA7S#L7N$fnhg+4}6otHvNMYrJ(5v5v{RiU^x
z8x=<*#nF;>Af?*H%X>4swxsv3muj!#aM&cIAG!rE{8dceVyqL?1YHRF3!r!fx=ES>
zTM~{Vjxq{J^9dZd0-Nbj)12gX6lzKwfUMu~Zz!9Q?n#uz!6?EXqi8><4vWB=b`nl#
zO`Gu1T(o~WIfnzwr6oyFD**${J7tj+7)B|vqUpITYHS!n;Dn00YrVHCFt
z5=QVL_u_vIkq%bEye8WXREPOV*dmm804U~g9CV3ABB2HdODse>UzO5pvdckrn2nlj
zgT{DT1(e=pr8ny8%KZ^kZnD%6)CO~qaK1MxWiWxCKpr5RpN+s@4QXATBjVo8!uo#;
zmIg{%y7p~4s9GADBu5mSXkUWl%@^r$Z)4g}d|q?z3qIMLXBBJCvx1uQaYQ|)0r_o$
zEQP0cWih=h%bDk^K!u>GAg&^s)7wC;RlF^=&A)-_pZ%jHXj>m-d{=4w04uQ$x)B9UD!%0~GVH_EdC*c4DtD6BWG)poJ&xR$VKnh-aGYIeeb8#HA#q<cCy)%TQGnRaK!9l+bS>
z)E}FJm(!L|ow5dg@Y~1B4pVh@??ZgmXS8r$@@EBj*pM@-v)NxyoR
zyW{_h{C)n$A@cY8GhO*{XVEMlfV5Lehu4HhfXYqSZI;oIEitmhS380?ODZ&CEvm%t
z0L@!v!eGKK5G8h$BoSyNIPHzoa`H5f=jRgp1B9fCsS~+n4Mw&0klS9#jn#4^b}G5V
z>~6uOAX>5fUJ4dH2+sH8q>ns{db*s1aV;WoK^DnVZ4n`*MRUlaLde~#M%b|@jV{KC<2Pv%N0gZqaa}f
zf2NitrXW3~gn2{vY)~EMCt(eT?W0jkK4Ava#h^(wN!
zl}pTSMM^`RVYcsf&EPPr8PXg9v6@H88v9w7oADO&r_fQn1=Xf5l5DTgGktb
zx#KqcGRNV-5ATpwo+J)VJ#1Dbs*LkJY~DgAXubu&nF$0EL(xFv+TuqZ?
zZDGaycCc`V^`RYi0Tu1oDd05M8Nz9fNGL+7KBAMeIA~i$XA<*9LtMQ=`Uk#Q1QK!M
z9uuN0Chq>qd1+d26;OG+>LJHcRN+a0(_6yTEfv~Z0QLi#*H^w#w3Y9)iA_Hq_5+fMeJFV=`a@uk?>eEA&%mgc?Jg-
zN&DBJ;fJ_33`cW+9bpo+UGet*4yX?ElYNt5Um_@GI~zxHGXHo?wWT
zNY~+;MQD+b4ZfH0%iN2D<`bO>l8n&(aipj4%_5LU_#0*U8o$iHaL{FuUA%@_neKiO
zoe96AKki1^gG-h8W)Vl$k2r{gCv7YSK{K;(&;o+&B!$dpQrBS#KiH+Lo85L(sAz!#k$#vU2qi$FE
zPr3PQ)b?Pb?pi|ixzQgnAL>siqY@O}D0;~?>P6Hi2DIdiXiD?dyQ{j3ltIM5!XI%0
z$SR6|qvkKSUlmI7=PLf3lC94-qZ6+ty;y=b$`Rnax0;=fYIUua|*S@_nwVMqS
zMM^``G}#}~1Ts&UvgG(fPyQH1$AdLlg&$7{97}|R$^IH-vQ>C|0_&XYZz6Rbo)G&q
z#&LU!za$NGR^cBLYV;j~{n1pHFlk~eTQ$v}lz@I^6<(Tf_vRWx?1HA)*S<%CneC51
zl0w2SP7v8&A}cm<2s#)0dY~e6}3RzgUpq{XY
z`%|e^*Da_o>=Ewo2Eu;C{oPR5Bi-MPggr|Be#%&2kV8kKSHVdbHOU)wKf(V$LEjuh
z`l^j?YDYnJ$R3K)I6v@@6%(C5_{ZXjjt}|tjG0r4f6ScdRNx>`+wfRbgw2UZ@ei9
zs>5tF3AFEkZ5SwKbsSg*#mYq@p~@p7-5zOfn2b9?b(jq@T5P!uQKs=F`haMT!hyw5
zU^{3GB#x$6OtA!MjWBtuL3Nm)Z2G)Fh%KO)yK!J)6ye7I*yD5#8pauW~Z)e$^FTNW%O1jkd@YJ%fce9v35RELNr
ze~hB}pgJT2L!FbyX&=$_5fa|VZ>#}9Y{EgiMI;i(O2~U3=|LsWi{gI@szYqF7EHO4
z3^`r=rT+mTQ(+fq-OiiHrT@I|1%K1VFy#c{+xkn_K~B+iX{(37ISl_C;cxbr?SY(c
z|B?9ZTK*sxKN9k(+lK``@k4X8pBKVX15mSIXbxj(8(Vah-
z?_7Ra30(tQzsG={?y*w!|$$zVq*FmH#B6$gz|G>FG$!nqI{TnK;zm%8YuR={7
z^Qe@U;BO}7VLpAG>wEs=Y$E_U7{?ed^mbWkAxBDU*B4^>R5`R+TTNKCNbt~bw`Xc%uXNdF7zjSxpg4{f-H-cH=_(4InI0Ew
zb^u_OOPDtKm4*4|12V`TG`79cH67#nC6Q{UaH7x-!Tp
zkw~a{^(`?HX~QrX6G3&Djn)+PAp>iQc_5mrabQ#E!f4Q%f;dXAFvOckUkKYT9s|{3
zewy^kQ=O0WMO*=OgsSsy+PNj)4XSg**h=y`W27%#jkhA@w+e*tMbrl}OYy^1{4t8|
z2<7iD`G@&9I6!_)$szp@`XYt_dF_&Hb6)WDrBHsQ|3Q~OFEH;jW^W+J>)hB?OR#5n
z$fx#&DBn9|-yOb)6Oi=xPg4GMJzh_GkE}(^AGTHlsUQMY&1#0iJSHtwhszA7-
zgFi;mzTg7Ul}xs_y)Q#nSguIV
zNSREvQN?FJ3~jxY4fA!GR=75(^_DcDimxj9h{HD=7^&iG?8YEON)3{j>a*Vf?@!;!
zQlWwK$0)iKDp9qMR9`Zc0ZVonX-V~El0a&4DV<4Pd7mBkJ~mHEUV)ZZ0IHr8bbBlB
z$>R=M-pBv80(nw?d0$IuFy43YSrJ@RF{sD3$8yRp=Zl;M(YZ=tYprmlt5B{0`vE-T_
zJdCI>l7GLmN>l;oit|!lyy^OPPOv;0FQkFrS=CKLc4o@psq!wNHk)CQtI8vnopd4zewuv+Ak7A}61(f?U-Nds_RL6?q3FT|X;b
zRZ)k;K5^yC$>-y-(pAT#?-3FkD_wQWYD$%16&_ZuI_0`*l62L_mYRIN9UIF7!e>^6
zzp-mZjA)!R>Wt;c0Pi1Tv-7nx-w$zSV>0$NEAnrc_01V+Y*}sWBOfYfgc|#rXRNHo
z1I27RSlqV5#cewhWLu`T?e$>W?usSbwpkI2VZ}0Kn>X|y3bu_Zdf#!ZY`0ly*)d$v
zfnOfS7_-f)Lw}^etBzAt@f)lX--2_)=d!HWk*S80d`gv7u5@>elQqA=szP@kScTii
zWeaWS#$ZEJwvgcER*4o6vH7$V{I{M{7KaL+sRS>#YRPGT+PE4#$vo#eakH%8wLyL1
zcr|ynT@j*r4ryL&Mec@6@EQd7HO_qB-Li0blU~?5!_~<^4dlAP;JWN!KSqM
zZ3ynRIUfB4beb!0;KlDJ86k^bGHAgEmUsiHPc5eF>Z*MQREPO#K^})YLB0aTv_GaR
z-S|fnx`j(i#RV(;e*^x}gs3=?|7b$JT_lpA{djjz18~kSAwz7#w3-gV@*GxyOR*P8
z6)wg8$thMeZOFAFt%!#J&-+lic8qrI*PsTu7Omy4BWTwntrWMl#PU*etmQ5>#|@kF
zD(+eVUzD{kHiFH$yA+)H4oGr|HY&)W**VCPq4LRA87Xw}I6S0E|1C*UZlixDtS2JL
zl9ZZcY=0}F!Y78Pc~Tl%RX6PxpavPcYh3o1Ro#Xv+ZpkxvQy2U?6Cw8
zqpVEju{MslOem%vf#9Vut3mQ&_*aXFK;oKhij&Xb%AW@HvP
z795ds#%Vb{!sO&>IoHhK3H>>e^Mx5R2^=Gp9ItIW5iEy8w$lm!kr}-iIbFl>uZQ9L
z5`Mo~@=N4QdP~~*k?wG}e1=>v!m(@I-TSKGmTXXE-#KXdba6WSS=sZDCGFi4qP;3<
zUtq?32DVxIrS{gkb$0%|c-e3N~N?D77RNTD+St&YeNpRM2WZkT@mIh^I3vJlC
z5X1ar*aS2B5wNw{BMob%4f_Gq&`Q}{36H*M6_bNh-2El8cIm8X!C9qX*atdmMo?CE
z4zgq^3quUsT?VSVnK32K;31z^rD1p=oIi+VgBoPmig9=6L3>+JW2=tAdZV{lg6@W*
zxi$9e!yw#mmX_1`qQl|CeWKlXu
z0bWr$n(C@7#+FoFl6E29>qMH`m=PTy^VBY>$-5P2K(HoSv+-cq#;mIMakYs*$&8o-
zCKR%Jt3mDn)H*2GH#>_+Z+UhK%T7}T@PD5;Eyl9#Qu29KKj)!M*3n;v>Rq_+g6rsSm#|&c(LV-vH(f{9
z-SfQIC!0gJAuAO@30Y^RS7&XezAW|P85aJ;9&Z4SD2d<;U2!*#^30bLT;b4(cn&iJ_M0SFt&0C~>i?#eo!SXqt#Rk4*R3nG*?MSTQ
zu))zrRF!CYDGm}}GK~4)6))ky%XKnPN5G#pXc@eh0K8D6UtCLNL?m$}lHL_(OmP9}
z=*`lq#z51@DDr)cJpzfx0K3iDZal6K$qFG7+8~}33zS(E2i8x|)M))8kwiR%3-Gx}
zhpF9xcb7mXP#xySCZy>xD$rEJxF1yUHV(Q#4cQx0jq>CTS*TBt|FW?b#{~voOPp_%
zqOpB}!85^A2H)Buo-%eAd}(y8QGx~{I?wq4b+gV$IzxJtXGk1-rkaQ()zOhx5F1G(
z0}Jm(i$9OoG;WmsIjKAMJD@sbE#ICpn18I8__EOv^sUBJoHxX;p^xLo&_y_ioow*X
z_4vKh*g@o7M8=~Q?HZ!P+$~&1gb+a
zNchv7!ty6b_+Z2M4g|ayBuw~VBaI@AB9YiD_OV1|VBXsxeUJNG_=6h^L3Kz5`i^sj
z(>&3%4GHgO7;TU%28IZ45shZn&q$(`QNz2a&Gj?t(}_qVS?BOJ+$WGuP@3EU*(h2I
zszU;)7Kx!0;B<7WWOmPKiMwk-oTPPtJq+~y*
z@Rg5*cQ=eO$Q8A5C?>qSQHHLm;!hrt7q!k3cObp;qV&}*(p9L4d{7;dLBf+ch48Op
zA^dK`7zToP9EW1U?>5Th03s5J{cQ-}fb>-*+-pLwgX)kB5q45%+6pvYgl-
zhVXt!J1F6J8iqec(I`+Il0m{7af-%2iG=4G#^WG}6*v?Vo@>M&X5qxX^K-<1kj5(E
z*;@EXP#uy%!sl}e;k`(B9mDtr1Yv(4ESy7$b&N!s;p7lp7Wr~spA9CJN_%a&*ZWw+W;ggK$
zOUT&~hX1EHKIKWmmoy?$FJgJ7@Q-Qv4}uzGzgjMpH0slfv9LRnE7v%~-HpkGYrK2j
zU#>$Ff|gH%NS|p$%!B0o_0nI*wZ0!i_2tUtnQ7FM`f{Yc2v>ersn2%LyUTTOqmr!{k#N3e_=d?bFmZ$ExHr0
z@4n#6@J*W1JqcelqJ>|RBOek+UP~~FOcHt!LE?Q#A5$vbl@G3cg6fcHQaPH_d}kV`
z-JN-yb`>pNF9Cs{8&_~HB7Y7tp~-H#srvJ36et#%B<#08O;HPwo=O!iitxuMY67Z5
zB1qL=oc0kN_fRz+is*^Vg=>^UAd5am(JD~6739KuSXz#&zU@sE^H4on4PeVSt^zN3
z4>gnb&f&7)r8FVN@{I>agMx@HmXVfy#x}?kZ{ol{B%wjoP0IEoDDxfC{>l{Zf!`~j
zI>gV_J(c9`F|13F7lVVACo&1R3+wz$kZ)IFl4OBUqHItdVk0r}kJK{6cdKQo`)W)d
zWLJ1_I3AhUa*H
zV>F&`s0B!bl81*o`GfWkszV}ZuK$bEJkha!CCs@?OZ7zN$17#|y-{!ss9gSynQStT
zf{{zJ5ArF-hBIm4USiA!POQX%Jwjj}b|RNF*oEIBljO{8WQl`F=PNC3v|%5D>W~Pk
zl?9wa^y?&gk?{@A#oss-6TK*FD~l%P=keO(l&e^{g^A7t)gcii`e#ld`d<>gz-WO?
zaSsljXnMXQazU$UBs!6puU#<37^IbyXm7VQ8&roxkm&ZDLi9=!J>Mw8xmb&X7L7+>
zaa!h>CEg~i66Y;SPJrqV8?}s%6H*~&TA5#PesV?eS}FC5s+D;#6L488)2lqor!XRq
zxF;EDz=_5Quu_aS{jY4OT82vmneQ2A((P}N`HDSnESpxKPIE=aWhAX@#76K9TqbSVs-+zXm9}eQ%cd!ic5k`+
zOOao4Q18TkyL}PB)TNTW9Xw4RqbTaPprTN~QnKHn*)JJ~s)N5>L~S516-oX~$qxQp
zmwzJrRkfRT8N>M$E20&|-7;bzaGMo(j^=*M<(9RgxLelK++&Hmy0IR(B*nc@b6*YR
z&XsMpdPB*b({fl{I3hdlHk98i?B3>nCBVH&YAha8i@dp-`yv<7u@@<;6jA1PbkS#J
zLA|zC2~@6gRZ!8f6~U7uS|j7rFnFghcx8eoMGi;CE(P}{g-I@4IYP8Z#@HO0U=$)l
ztiypj1?iUkt*q>CnZ(#^xFwDtovXxp@%7W7IwXSn+Y(OE-%Ju6Yh1*+_zedwS|k!f
z&7VwB?hl0Pl{jy;Qwdau*rKp``Q-|K?NYE1M>3cAIyF@zn
ze$DVAFZ7mHseAWqb-ubYsU(TUJR_w~a<2u6_*0Nu{uwFvUEQ)P
z{^=SrP+gD0Qi~-Gij^0v){JYp27j_^595srUG-`C-KRJo9z}*D_J(^t)7+)kLqSWg
z_{-2(ZL!q&t1ig^t?{m#v`|SObg15jf4jMYml@=ct{Ew-DG5s>A%W5Fl&;o;&^;X-$PK(6;^<
zjBVPr3ZB=;A5GKipv>57N;y4o6{MV4e!$A25%Qg|4RAA}GC!1O{1$^f0Vuyj%Z;+P
zIUNWp_oMQVPK_gB2e6|-HRs~Mr7nf6CNzxsr}Dc3L?&^4gu9!zAU&mIdK>BkpgJr9
z&3rOWXgicq3Z6NOlhGArMK#xj{|QvK;b^q7VHXy~e-mTGU&;o`5{ZQTRG1uf}N0b0c0w2dJ>>x!=N)Ybf|{rS4a1I1sM&m
ztV5d{V3hq5fz^h;%ae>xae_N`hEUEe^v4?_|3Ec7^$iA)hl^_Mj172pAET(k-*}9Cu@w7vP7;?1y9XiI!N2G*20w
zrmcDbREOE%%;-pZ5MDoKI`0HR?L+B&2
zMen6TJYmG+f0!!78!fJ22&>=tF;k=lItGs5q+-p_AuF)3#0TKZ*i{wBG$I9x%$<$U
zs&GCNUvtPY%%g-czBr^Y%gq^+Oi_gM4WXDvfyUoeEyJHItagY?%r(*>wf|~UyyZg8
zyq%O&=7&pwbWP~Y+o6W1J6hQhP)aj_u=h6Voa&P20IZR8+hnzU^m81g#3Xv
zVkd!3aYPqowrw&+plkirB*aIg7mbp~f$f`I6(`2O>J!sy1c+0~yhvL=1lc?6wx#JRjS$OqHk;9uxnH%bZ#4uJ
zdndAAC&&_VNYie2!^l1MZfK(150P`)6(Gty@FH@1G+ML*_DbksyDjt+1f5ev;41~C
z9mnhxIAOOrgarerRVjy!WGmA8wuEO+*^}QFA{$wFKWuPz(|MJU{keS{l{Ou|?vCu<
z1d&EoM(YTiv!BN9hK!^;*k(~K%YTkMA(i}%&KWpw@6Q)v8S>Y-7?Bo>Tde{Y?aZ;b
zeFM}t+#Jam*EkglOv4`88XG6%;V)@|%riFbg4Ve1GXN@Y*njsk1OoaZ26t+BMU47(xpZ9(?^
z$QnS|?1u8MKZ`=#WY|$15dB3BOhMLsH=9dhJc8?zB5oCQ1#%4gAnr9r7+ky-3L;*K
zEPwwHAln)CVGOrK#s)&14@Zmgtp~vJPKN!@S-fcsHFO=IC=5PqniSS7?m-B<&#-@a
z(-bw4XKa66DUxn(wyYssalc{L{2Q;Uxe;K~U`QBj*zd2vRVxi(d$|spm8%RhCK~n+
zdkpb}2JkOBh%)b1fr_53e}M-KiJl5{E4;Q_qxlydM49n(ATB?$!D@}3Y2eX3#8EVw
z%RmPq#mzD7KASKKVtNfKANxK2c32fCH0(AXVDN;KY7&U8r-O)FISj@vGi-Az23h2_
z$5*zXozxlQnxOLpRvPx?n+(wld5`LREreaIT5b21@YZu^4{J>^7tm$laKtCDH4nUG
z*l&JD1_SY`ixPKn-Y&!5Qx|#1K|k&0$stuT?=$QY4FR}}%)d2&EtY_H;j@YW(Cv-Y
z@%4%%3(v!|gnnk&pP&~TO#$nC11S4RLN6M2t9(f957?CdfCig+-LO|f8x
zQ00ZD9giEEjCDY4by0GDv##F)z%!=3_7Mz)#P<#WAGsidt5$;cnfCABDbQsA{?;IF
z@e*{@w9{X~JDo^ULL_Eue5D7t(@M~1roE!4DM7aY&_;vUO%hbzve#n}VM+M_4ALNS
zm9XA@5*_4b%g(eG>%U;$(b@=Cy_af!<2wIOe_<{D8{aRU5@*hIp
zQOz&&J6rajHvR#VLfO>#o!kF@L@Y$2I{
zBJ!qt{ChF`2PRtflDm}U%aQk-mrsvL1!h?GL%US|UgRC}^1r0Q%(LtbyOsPekayn8
ze~j#V#-Utqmu_r?m6yHIoF-5QiX
z0P;6lHl_!e-wSztb-wfALgeqZ>@RSKr7;%t*_5Xj7;^TNsKb_hFP2`$N+33bpm68F
zQkd}`ih)!3#kf=v)k
zsvkD~YuPVXgYXn&R&@cws@n(5w$JXc#pL@jb%VTPaN7sqF%uW5oqGGQx+Lg
z>H*}x8!DACoqTrTL8;LA2KkpmCCzYaF
z$g4;BvaPSrM_V1`vzJa${I?;mlgH2bQ+#&W+N$`2koU01-xI@pV4lz3a7qmovyr#Z
zjThKgQQCs)W>fRK~RA~_W;magXG-6
zps{{Ct)~Kw1E5fYc!Ff}rQaAn+i#!8B_@{nBA~l9Jjid1eAaKbxL*nW5U4Lhkiufn
z2EW~-mI7S^z$xh#Hpp*`#B0b7zpRi|fU2vJvZd6o54T+R+c%9bNrIUZ94AB8&UuM1=kO
zK;@5_fG*Z>`lYsFV`*_eIGG%3TD@qkT++6`p04cK3*a%$#tP^lB(joiU#Y9==R2T&
z(MVFDK#gqs77T^F5GjHAHyK~)4Yq=j&hcib?p)h`;T*b2Lm+N;QNkL%21XUw_E5|$
z+)%q9Z-ATcd0!1_3?GFuU@^+@serEf54gvz^vtvE3{2k4_!^i_-GDKuYp}BCZM#D=
zrR);${#dt!+F^3-(*!FD9iEP%L!1vcY+KIu%zhK*a
z=c!Um0kr4_@ZzQT$F}<)Q9L_6ah_r8RDofHH@IE(S@#?YsX_{U?inK4~%GNj@@Fz5j2ejTz1Mu5O`}uBa
z5w{Mg*9b{#4_OD=9{lmiDp-F7a0L8}6M%iLg;Ko;s~*-kfxjc|t{C%K&F=vG?r%f301tu09~lzdL~rJd!y`U?@=}quvfvp&Ez-y!V}HPO9e6X!e)Lm?+yc~ojSMoDk>5qx^z;PF
zJPp((jVx{~!+(#mmtq2ExKmb$Bz&b8G+bDW3^?{_TwY>iL!eq~WRS5xje)UAj@>$1
zIiM#{Lo_nTSVlH=>^(zOgP94`QjOHwm1h}#n_~|^@RCi~3FuqlaA7gBmt$W-5Q>p!
zfx4`bLB=-Rk2d|FW4~r9WFQf-O?<K;|Bxj-$`$RJ}sYJxVq*Rj8M2ZUWf9oEPo&oc6yV?TdL$vg+t?;2U$
zScYG6?DdrtyfmJpNy9g+88Ffe*i+W2D!T=!+cYxB*lGo62C)JAs|V0dF#H&OfqFzE
z*@bivRwoKIRt?z8jtdSo8czbXL?fwK3N$5PFE(U6(%25b+Zv?BsR@>476t4#UQsf?
zB50CZqEI-uFV)DHaZ|uPiK|l-_cSVisk&w)&naWx4A{Rvr9dqJxLbof=|S+b0ej$J
zW&2P-XZ;6U+L2aq2Rh<=_QLB3djt6zz7dUo#9K)azLoQlj^-NY5wR3$A7EGq$Be^x
zQ7Oe>H-i9vMP?j~Tz+PD$KsMy}AczGs%l+TWSw1N=h=q7~n
zx73+~mJogQHryi6qz+v&X!=Qe(3_RM#WqDn;9B6@7GJXvnWAZo1!SuV1A1Wo1hp5w
zeRXbBuP#G5ZqlMxuaW!%=K7Fbaeao=d=)4EskzR}kln2Gyn4u=ZYlZfP-fZy|s=bwd}4@SkzGume2
zSF96L@ssH=FTR6w7=ZC~65pX#=Prm+?FYd;D#fkF??Pih3f^jTMS0PZ`O*oIgR&_zVY>;ej!fdA}2r3>x%_kyP@mIHfqOXJ92m~&*1%JoZVT+?bbH`aPG1iE%IS_ksXfHMGf<1u
zU4b^7z7mMvOY~O*H96fKXwT_ufq|U99+<`Hp1=-H_XghQbbsI~r*8yG?j!z#fx4U?
z3gmJ6X5e8?-wG6RdN{D2)3*cv4`<&2UPaM`J+r$vo7)I!q>(^K0wMH3=!6gmy(1mz
zy>~>V3Mf^IBA_4&BG@RR2r3;#z>0zjf+#ky7o;fs?>VzOH{nzN=l}2X?A_gY-*cw!
zv@<*V7N3v#FY)=f-+zGQPxveH`E7p_KELDd>zrrs`Cb1y=lnXK-}9e!&Nuk{zCRHi
zbWiE`{dM^Kfxnw`z8B}ZrTwzRdcFwA60h+^P?q?NFOp<2ic8(nDY6(PcHPpcvKXau
z-O}l@7$tAr(wVZD5-%@{De){>jKtG-U|LzGmXU#BWrWD3`IpoR(jJWkGn-1IAl?K=
zT89L_t5CI>6shSlmFhl=!0Cg=iPS36-ZxFn$etzv;wpjZBPWW~>afM3>{9J@r6?Rj
zZC+|UX&1+YAGLW&sgU%MIRDY3C}L>VI~C^DKVXbUA<_Q=~Q~SXnjAyYpNHd8<7ll2cAy4Wsm}U(u76A6tKan_T#=-Ku&|uOrO=9mT
zK}1X?N~5XL{Gu_pN81R(!L9=D=F*aN`zV>;VDzaU;Z$P
zS(&Q-96nd`H{x@)zYU*j_`lXd
z=X0*VAM+aeTkyG&zdO6<`v>v4v40$&oA{^kxv4*adCmM8d~WWq#^)CP27GSi-_5+%
z{v&*Dw_{}|nhIcY*Xh{KoxdC7Qc2dptk>m29_OUDL4TU=PA{yiEyigXE7>Vg#@
za6P1v2J7cRWw&6N^XPWMlQTdr5IPrXMJe{MuU&u=E3d%$FDnRll^H$m{yElb%H?YGlt}LRZXdWPKjy(vYaQO+ai!Lt7Tk(R7
zO+-MJ7XNyhD$(*L2o|ECl4z^Ee=_jZ_5n<3tfhb^YD`$2kzSs(7R7794HtD1$zhxP
zx*!|gse
z7#lzaa}ch#%MExiW&gx=I1xLr&BQ{hTP5$rlN+!vq6^Zh67^rQ+eLvF80&9Q7N601
zc`X#kQWL}Qro{sL`rm*qK=>OR#)n6MDQK}>GZ(zS;A}&TA!T(QNLdwF9+jJoCl~@!
zrh-thC~44rlME49ZGTlAga$6=th%zO6Y5FN@n43xC%vY>+M9H)rj2ZqU^wK>U
zGyU!PJkP(I&-48s^Lde@L~Q$J`eX->599MF{{lXb
z^FPJs@&4m{p6I{K=Slv+JEUi_zcQci@)z)Vs=pVXr~8NV`9A+NKF{&5;PYJn3w*xc
ze}K;q_&?$ELjNs3FZKs8IQ5i$&|e1U^x^lTC`3OX12mnOKnw4pm&zawbYkeuv*=f)
zjWQ!zXJR=F4%r1lav`on0`9*+v4deS2wB;l&b}X<#OV=0S}JFLsG6@^i&|>sa4UOmdlN_P;j1x
z!!8`gTa<8gC5fZfK9#Gb^p;|Q{K&?yNrad=mXq_5)dCc*Dg
zyfbJ?M!8n@d;OF*G7e!*#-ZScBrUlp*UtVKDaM}H0@gs|-aZ998Wk30f2-}&4bkfH
zeW)X5G{sWOcBxI^h1D7K#d7`#45J@SjClZe56jtfw>B|m1pQ5flNdqZU|bEJ{X1$W
zUbATo2;T;m%wQ)Jq0A1bU@^ElKSYYs#vtFA3TRsU+`t;x;W5idL*R!3tgaoBdI1p&
zcEh}bF{1b}0O7%#6LB+=Z;A(p*Tu~!zKM_X^@PY+&x$v&cOj^8&?)Ic1im3+
zWr{V$Q~D)?84ZXZ{;m;Yxvd-j3f_w
zS{*`}ssxAXMD&t;!=nTp^0eOzdUH5;av{|eDAB{7^0~l=0-NCCSV0Tor^NB6Ypx=U5r~IT!1ix5eikQ=U6W;#vO+&;~k&&-8K`4t=f;JpRIcSosP7$ig
z$lC2er~;c03*Zhn!S8SroRT>G=g*x4uLnIk!8rkvUwa3MRX*F-7tl1i
zDW9Fu5%W^AI~R3RqjB{od}seChEvcHUpix$44a8KT|lhm~e
z?8MDXNvT`DRYEqpS)1WtG=@4!^*m-KCc;4k?_CF-t!gfy8+?d3V+aUwgTs6lY1=6q
zW1UId*sv-mafjE+w_@p1)vSU3F17G<@58V!>!I?w&7kHg)MPyp`3I@#GpgTMk+sX7
zhG`Tj)2j%Pg~Q0fQz=FrZ%5k4U_NIBP`W)y8nKh@n)zZI6KE
zUCJqNnXTm-k%%IEWIt1y2&({Y(1d10=*u2|VULK1&R2lFt?@rF7%1es3gRVOG=-`!
z!1_TmIdn?XkM{84NPnX$MtwLqc9MdkqM%5>+5O`_lwCSA3+U^#?r4MHzX
z;xMsy9S==M(pHpqMgmxJ0w~j6nyM;BQ!ZyUkamapQnVrMay1wmT^0vRC{`nB`=VXe
zJ}{1H7AF(0LCk6=ZTd(d>$(WSPntyG5++&nvbssTC&pitJCF@US~a7
z*=PgEB6nW3nAKm}pLWJ4GT+c$
zgugRHRw1J$j9E|D4ey}I4@&#h&3FNT$OfvDa2zURyhJf;6(&0pm4~tnuuQ^PnZlny
z>LO$;pAW2gNS>B3W<4wI+|o|W`vV&q!f6R()=p`ko9^JVfjtnyX$fQ2>(ai3x`FjS
z32bu+rzMP8Z%F&W5h{-IAh4q$oR;X}^91&V?LsZl`vTav8t3;pvNl#($%#R|qO1?4
zeG*1f;>ZXLX<~6Wi9tQZtWTuf3AGR7ReVS(l{!GhTk^
zP6fFiTt|`wC7`}Z=-X@&&YFNy;hXTp7LU!tT4-d`LgpgodWAZ5vEY20KQQ0
zp+llKSHp7LSd$M9se)xcjGCM?yfg?EG>Ow#X~MTLUTx|GtN?`0n#56{KeaF+3u`Qg
z;e
z$KG@SE3~^H9VPVxa1;&`ldzoe#zw3lAW~Tnsu3xa1YuEmLeLY;MjfgF3Xb*10$Ai0
z+v2F@7uL7vO|)M3CTz>z+0y?V-0IRrh2G9ZJNF{ly?COR1I>0XKEOr(*&a}5#7x+R
z&f9a+o_dFx!8(9I$>&f|go0j@wmnN#d}j%|iYX%O1o$QjhIcn+pbsmoB#qF$kIC|n
z^aLrU)H&Q8l=k9AFrGrJLT$LxMWMeE*Kx}}CFG;K?R`X68Ha#b#8nC~NN;pjDH!>0
z3OGD5&pZkL-jR0McNBf)ztBa;20OvLDDBo*q#)(<;Jt{$D2c#`&J6x2?R<0|fct+y(GWO&}G@?`RHYQ^WRP$?5P-FUWeEdz{%FCg2su(Jv{G01RbM5CcOc|`)srpq8)(Ig5JzUqi}(tF9UU!4!H0w_l%aVW32I8d%StT@x&1VfI@2BU#yv6_)}RROio&hH_$C#gv0UAK{9KlJvfs_ep6F*{0dmOnVA)ib!$={#FyafIR1}
zpcik;3>o8SdlA@f!ucsscw^K43lU=ZlfXXF@+IkQ7w<+{byFYmjrxk-)}}oP6Ieu&
zvc3>D4yCOm^%cDvWX`i8c4yPB(g|;TgCwiqFNfG1Htr01dzJC&ER9k9-XbJ!F<
z#I(~fv}E})z$S&{sk7)EXWH{#bi)21u!lo9br!vMoA#--4!#xGOCg*(i{AT8djx8E
z*8eWBk3u+g7QKs1JLh{R{67KvBZO1`&%463r>5ccX{5i5!1Ec4!-*gD|GcYA`xOk@
z7_R~>N8|jaig%M~2L_>Fw1RsV!YJ-sn+QeNW7-Y=gwsfX_ZA^YRlewb7VoE~{UO%3
z%H?3Ja#`wq7VnpMS?V`cSIHf~ULjm%0rhvi-<$U9o1Omd2f#kocqw|{rC7cvZVFWY
z0OzX&g+f@8UO@4#liB;9M+mte>Mf2Y8?y$)l%;dg9N;J{LT|ZvAD6XGgha}qkMo;k
zrtAcIZxW#ZI_dDq;!bQE0c#eLr~HbVQUxmS1#4MRW~kETUbc6I$NpuUQ|~dQsws=w}i!D9~`@92CF
zgwKnRBt=Vg#l1&7_M>=fTwVb~qO+q)7d0WOEABmw*JV;chy$4H5`^#ZEy$IcVYYn}
z#kV@#8@rh5HK@l}qMPB(3$yQj0<*#0!5CPCC46UFA-SdWY}^6D-2fM80{1kOnk>qs
zzoq9nJhH}mFkaFuPPR}Q`M$(T+hPL@PnFhCcpS7-no2BTevO)?*jB?M(Q?uH2jgcD
zuDB#D7saxPVs}W-u_-F|jN1Hqa|OkE+U*A1%XUk3AHm|g5aryuq(ScUpwRX0=p`$L!=g;t4GZ6`t(
z&adB(AwYja7;UfdCfq+DFSxp(uB*uCh5KU9ddin_qDG^lE1E+|>2O~0Ozz`wBG5xG
zg+uA#@7bu0^7~B2{A*umF6HVgY5_gOhsg!LeZ<3-r2*Zk!RBx(Bq9ux9JBkz6
zO<^nnV;zo)$B_hdQ-;@k7V=)L0qxWXo9tfj7@K}Fxrc5X0QVG*uqjorHQ_=x#9TJ$
zR??pun@~5Dha}Vuh9Me>({|!aT+!G*yB(|hY{}Dk6ZS~&gO8CvL6T|i;`UX@w*r_$!RX8`hUWrfm8Y?sKnTw
z_&@=sn_YWi0W@lRV#i7No;HNv!XYP-UuSR?vL})ri@<-jCw4|gl6Vjvgv2G?{);^^
zuDc=XX*S6!AGJNP)M!ju!MO{O?xEz+_QcjTR6xgRNLvjlhHN$D5o7k}X%I$!Bw!$!
z|2Z1i&iZdm#PH3kmLaxd0TRs&O!-W~)A(^Fs-
zE-Gi@4>lSTo7T*d_Ip^`Mb*)CxGuqAyiQ^J`-=0Y$}J79g+=}(*P=SvSQ4m16ZMTV
zAh0x+0FnCH2;3~UOLf8vL2!7VlpUg&D`b^@DK5P?NPUHHmqa!7~(#to=@t}kY)vKHLRE3#z*Ynyv2p&1;X32
z=x)QhbR4O*58yFP_=X5wnDClm&FXK6^S~}?{D+VS`weS)9Nvlo7J(qL-;(5IA<`R$
zbpl58bP#H25*s;~R45TzLr=o!FhpvXEW3X*@~trh%%S8`)39&B8uS|}9|PA(r0N<4
zMd5V~yW<`yZV~<h8>=Tw=F0%DZtVRSMrQsH0*syRrWs@Sd)v~(Pr6Tm*u@+E1QVpKKKA`uf=k|t%0iblMe(Ec2>s*kUM(i?_7z-K7A
zh*n@yctzC>OOTzn40{hMZmO4z3L)&x{ZJKa+Li8eN?tR2Er%m~RbhB^6?A3KThXh@F3nPJ+sBb@l{3Sk`1@}~Vp0NWW+I8TN!
zUe!>^w0B;_G(08XPa*#p!>mKq1y17m$!?{>$x9Y;OuP3p=vt6mIl@%@7^{QXh7TOM
z##+vdN9}H8gnJ%-7?l#@D(?g~6o-1C;`os!+lNuXaEu>>ntwHfQ$e_gUVLG>hvB-u
zsGRv`J&+cLdwx2DH5wJ6d=Cg@Y*WhF?52F6=@lc_tUeu8F*aTP3U?R6JqkK~dLEr49M*R$XyoIx*-BUg)2VsMJ6Y9gsNcJ(syy`J1!ID^#{
z$B?3Iu1}I`Ax({rUQefARVZeHv``Zj=U6JR#ispUrYa{Jfp68EWJ<
    ~W`E)iV$eD!)~$Dtm4?g#x>ST}Lrd=>PsVBN>>?cC4u<)-O@;Bx?Q9@6I+
zyc#$!H;_m7`w=(~Uls!2Zzto=plOsprwguf={v}!ok4#s=;=f|5BSG|vkZV-vWvW^
z{e(e=S#OsJuJu!xSliKEi58ndk;c(6udq~GtK8Ib`#c_~gxZha8HD3l>
zV?A65oIww$S9}MYLEQ&|&v0o_mxgUuFUJRS#}hltsZ9|Gs$Z_0;Vb~8S7k}pEOX9DMDJV1voR*dTwUP=eS?-9>$-Svv54l7d(#7UqH`8nyiOW1@>JN
z?zjFd*|}eh;95U)LKzDD72rI4%)EA#iAm|{ge~I8{SFXZ>+NW7omdBY2K^rc`a6Kr
zIY+vO`}L3xqx|V4&+&c$a2`JV7VYvBa2_(R0iVGGj1QfsWcqNwv4U$kH@wDLob7cf
z=y`ZuhJ*XP>FDtgN(u)We+D0CJud;yU=Bm^&brdE^}85Uem?LXuL(bd*{9(}h
z^Y5#`>6FF(TqpuT`Sb8F%X6CG%Ktu354>D(U0;8`{yHv4QOn)$F7Tm~oHUdBtpd)=
zQ;q>Xc(C!`2A7syXTv6O3Gg2_vU=W;?IpODlRQOX^5=Tsdp=m4}yE><>P(fiw6p>F*TW^{cK{
zp6gMbSAkF3)aoIH`q^ktuf3>@u0tG0>upX~+L^6-!{<@_PQ8EpRm
z@V@{!4^55&{w;7`CUzX~elj5{e;(o+2YjL6`dy>o)O{=J|7OtBS&{Aj0dQUx#QG`R
z*Z4DNsth;xn=82L8>6>g*FA3ue6iq~?^Dpn-Ua>$@NKTNdVUc2r{K>^)5?Ia{Tt)+
z{5sZudH|myxPC8#7!dy(a0Z)ZyKgwu=oxH_^T-Z@YdJ5t*gD|0;9m@SI?Zhl{AS<`
zj?Z@d7&tF0Al`47<;$Qi+kwwa;Jj303GjP>(|J}N-EWorgKYuGCEq!`TVl~=R{qoR
z$H~JjUj`N6yH^UX-`f}Vy3wG26!@gItX;MT{sH(fxC85F$_V3A13s0YUm>`*3xm57
z-+rXw+;nGuK3{Mx&lAwEnD0u^Gl&PvpGX-WI`ff!8gO1hAmYpYZU@fGRLEy7DS(!9
z8Ju?6E*Zf|0~Rhh9rQc|*$;nw)X{fKtbVeyL)hQG%fn~G{VZR){jF&7|1w
zcO~${pEdr%*8T1UA0C2d|KC9xRKJVC)A(Hn0}n1m1E0%)^DygSz_%_jJ`9@Q2l!aQ
zwVZEVx3)tlCzk=g>QXD`yP$sx_yVkRrMtS{JK)bt8VZ3IiXx=t=jAxfz)t|q%aMrx
zS#T}SILzaNK>rHp8BBgB;QhuLe_sBxX(#(brQphE!HO;p7z}(K=o!R{a_@G~`|Imh
zfq(C>2Sp$&|JB!9y`6~i>?pW?FE4A7V!K~6=(onD$Pce&_@%^QKfeI<&w>vx9eNq%
z?>XN1^Dw#$EB9*Ty$QzW$kkSFGCjH9wu0+-F-XPs
zz?(t;K7x2|VcjKhG3a>-Ch6}3{YU6OJAlvMKu;$f&O7@}w0wPiW)^TdJ#&n|3EW?g
z>?{LW>*sFRt2ytN06z)q)-=jty5e$zSY4r5fFDCx_!9l%xb#J`8rq
z@jEXM{hvV3;7J@u8Zc
zyd-QF;5PtgkbTzktH6DGe(!S2m%-*ZA58?#OS3pGt_IHF3>?=V2(IPaQa5Vl_dUw9
z?*7J~!75qKG;jvZB)%LtFUzBx{{i^j+u8V?0{;CEF#Zf4!uj!5hl41TJSjNqBm^h6
zIxrsJJr6!paBVMMQptXDb{_g`K+j7a*uH-Q&ft?xDAXMJK;_S%^+mw%5j?K^pMsu2
z16ZCdq~j?c23uwS878>4*9Bi&d%Xbu2Z5fK%^eT?Y~Z}KiTv*bpXrdd><=%1op#++-0xY?^Dy^rz}Gv}=$~K9=u06dj}ct!lffFNf&MPw3>q>L_-?;7dVfE$S#Z_c
z8@5^3QEmzPi$TvIVAN+e62(CCR|a6fPc`QtdSu
zJcN?Z94`7c{GfW`yE<1G9|qaD7w?=2oR>Ya-(D}c>kqG3dA`B?{v7CesUYdU1HHc=
zx2<#lEk7@3U>_b0oR?Rz-kuU%^PTmO^{XzOte{;gjSnyRWxfXjXRuJ>3xM+yILeb7
z1y}xGoMZe&&2ztpLGSwmyb9dkH{Y$w%EL=z`l5a^!0E)!{`Q>Un(ya-uzW}3yLx4e
zk1zKo0%s5__LGZ%^KvwP?}Na332YMI^{wEVudg?*Ki%-X;V-lW==T&{+l$WRTLW(Z
z&Y&M`$5(;#avYA+ZD$xCULr>NQo*%6w_~62Ch)HXJrCI(1N_gx8DwlO@NH%qpVJ=d
z;*gP@?GHtQYxxNg
z1=sJ|=Eb!g<$0h#9`p<@%>M8+a9%Q22>Oj?86SWDcL#@qD3pvBT))>}*PjBMmmEoU
z?)Lz2UiK&E6!-hpY~#bAGJSwI1Lvi|qRzSBO5hBJ$$Iz#I4@rovEY8aYm7fH#oQ10
znSyJ*9sPneV83$A+k^ge;J%)`S)I}Il1M4^{1i@=R$oKK{P#$%1S7KmE|k
z*$n!npyy?6X93?<6iY1+4^8X=d?auNYiB#21l-r#-vI90<;tW0%AY}5WLj~*2Z8f4
z#9e`}Cmmbqd8rip$wQPsDder-%ALFeD516O?
zbAQ(euH|7cKvBco?_=P+oT>-#zVnTqhay@2dB6*Hv39uu^tS@%C10fPw!rxCa45^R
zKX6{+y%G34D7e>pMWzM1^K@YoI#OyvSvt>iK3!>{C<8da9-L;dG#4^2G`pM`OY}j`0!FQ
z>LFJFXK?>LP!FE~zpv1~D+xZ^9cO$P+imi5qgk?~>BuSW1W1UN6frkwcz_{Kx5
z9;SkRlM_*%BdkAj+%*GdFowRMe_n95H6WM#6ZHN*=FTS>e_mR`a#jK7C3x)TFAJ{y
z`AF>JU&TyLHhlA2J3C};D{kV~f@{CxrF%u7UjUq!yRiPxcYMe+o4yD7&9}4q>4QJ5
zbBg8b`^VN2$Glkq`ZERB^1Lv}_{eZ}zfXbla?9O-?|G`}6;nJvjmd&5AAkR77H|e_
zm;yfc1LtL<{NC+PGd{drfc^6d!L^=?zqN8+3O*}A&tUrW2fpTXIn{<*(}g6lkciZ{>xPH_ER2Fo0cS38{<&u8B}_!)vL9|jF&8P*a7MsWsz-5dN<
zf^U*r%*1@bwSLZf0`1tzh|UEc27Q!eg8MxLoR?i!1MhOS<;$Rq{H}uqXW2mNl0~5B
zWt^mWNbpUh-gw@yD_(j5^t@D?^nDgv`ThO4QG#nd@RA71hnpOIxFq)Pr@&|6f2|(w
z1j)PL!{9jluEKMSe?fuK*MNSi;98&leBA`x_q#p|d>A~I?VN=2+z)(;9xRfds3q?A18`nmu_^Gf-&y&O{=w+)0)C|6TAvJ(ya(`ef%9_d
zk-*;o&P!1^em51xK>6_UlD?qN0OzG6I{?24I4_5x-0O0_@fo<2m2*1ihYPOtf9HKB
zIQIo!2YLoU-w62Az^Wje4YtDFM^&yJ3a?K@IvFm%f?xr
z8NeB|xF6`R0PgR5z6G3@ycU6ew~LHFgU_>^Rf4Ph`3~oHcLx2Df@}GGzx2z%hr!hk
z0{uI{XYFD2OnKPvV#{~^T@6oy{EI(-EiJvH{d6Mo|m3;
z9={KG*Nv^;Qos5TI4=d-AAE*fZuv5J1nG|xoH7BVE_oUBysVrwSAM|$%uJz-eb9@){45~91^i!^~e0iD9
zF2K(O&Y({mkM96yFcE%l;nl{+-`AK4oR{Hk2mWsZe+uhCw%1R<8Ju@A=w~i5{vT%S
zdkcZz1f0QyCb1=H@X`kMx8DM1uwvrp39j{d*uU+2d!opvIwOr8A)4>lVXD1K%6?
zse)_&@%I6*0bW^W^*kT+KLY0^4+jC??^ff(%Q)TuzQGF1_ecc)#kO=}sNkCKEYA*k
zA?UBdKHc`*IJ`4Wq-eEW|H{2EYc;LMB
zW(x4@f&1q;HoDXJFo+rZ;WXe3j>md_S#a$?kKMGk<6Hs$8{cJoc$pj9eI9V%PQFrb
z<>UL;Jq!9*4zT*13jSY#z8Lx#`{yQiTfPkH6qFyhf8O?J;Jiem5d2pQuI0JvJhK7`_Aiy>|!wfxxF=z07>)3$E?;gx7B$1pSIzIy(+k;PX1@&)D7aoeaEirSb9i
zk46E1}!0s1Iamp>%6lP^UlV=mx7*`W|8NYzy8UID2qx>fe
zuJ!!d-PS=K1OFo(j)ze4B>3=hyN~d*WWSuwr?l<
z>k)!$J@7KdEAY~zz+anh<=+$d{*M~He@=6W;QC!pV4~X|^bdocm&37rKLySp#lHsq
z&_5Y}2Bl&91_FzbojU5ZvhrIPX9`;UnRd05|3o}2-k!M7_we?4#p!5s#?
z=U=Rz{qyyM1lRB4rP2#Q|1s!Sdv?E0PZ%HHZ?;%)<#XSeR{lEhc?~#&2<`)XvJ7OU
z?>*k=PXoSKaP1FUUuAeb@CShR^Yq@ogHP3tYdgxVP|p`UrF?RKuL`d1{ztFfzZ6`{
zGYoQj7reUT(^eio&d*fAm7bR_F|WmrJ~!WMKws?bFFXqT_h?_ry`O-81UmrbOu;i&
zp1$zMyBS%%DY%x$mm8g*HTuutXI=pMT?AKp1`pl?c-qnDmVYkjyJ9}&_}U_?U@Czdy>k#S8kqxxaG3^}Be9Amz`hJoNql
zX7m@s4nv-0g6nvh;+>Cf20brlC|
zEVb`tJfgFJKl7RO6V8Lb7hJ!W!KeF!Pp_AZ|D!({pCaJJf-C*+&yCjqJka}op{IfV
z#U`UC|L1}862_t6-|c1N&&xbN2R4tkGaF}1A)&6{>cm0j+CGG39fQ)
z1vw$(J!Es>J>D?>OW}un5bzS}w)|A2mSir~uU^Ql%I%9+jIR6e=C
zMu*FM@raGPc~}pw06zM5<8w7$eNJ%Yzv4i{`vL#eTZTUldAl9($%1SDY50%P{|e;2JqQ}D?Kme
z=nMQc&_9Ft0EYqZ`;O7SznhhRAK>Q!_xDL323~fe(H{x=t=>gBp(peKK2-3y_Bt2z
zyexzD{7>M#G=38Jl)h*DcRs(1L*@a09yl+3;r#fq;M!gOFOH87k*%ThW4<2`)lCG1HY%2m6Q2i0(=|HkCe~<5M0Z-1mkWt`tA3i
z|M5`c!~TExYNPM@p5^;4@;zU0ZFfJ;#_Pa+Kl3gh+Ppd1vqNqnxbpcN>s;1D8Sp*5
zb<=0S$1SpQQl9tz$oQNIy9ejBX~21D1i$Mx!L=Uz_!WO~I6g9z^!V8L`}=5Pfd8)4
z%0u~cf#AyDKfiM~=1qE{x*GquPU(mXaC$E_?}}eU;1s{4}2x;36ydR2I
z@R`y3`!bEd*TTAn_3$?EigSz)zi~@ZFtq*`B@7p}#QhEzT)%fwf2+?Sz#jq5%UT8l
z@AEIC_xAy(2(EhIP;Y;>PH@e4CiFCpyR*QDmqSwSt^0-XzhzLgeQSaLP-EpUM0xHN
zd{g{8oIDA7UhdBN`4PB(&TES=@mc^eYBN+okBc`0}4BxR#%nUKfM^?}5)keeMK&;J=OD->1GA_!gL#_Xho!
zf@?YFJz@33cG>)U#E(ShxSHs64-_8DO
z_4Cw?R-W!Gr{LNy+dyv51%5i{S0jGQzQC^s{W_2vHvk{{qw(RT=^S?#0q128=Y#$M
z;0vHX{08`2zNEuwaZJu2Lrzo
zaa4u@pD4I%uOe&TeSkj?`q!>BKKlayFX(xhVGrP2NZ@bfGijvJb3Qssa4mnAXAM6G
z<-Zy9o5GKMGWfjf=3c_$h@(pG0|H1n&FI
zj$Ft1@UmvM*U`XlK>0a;{T}$S(7RYC-Pbifyd-Z1@@)dX%_i0#C^zl}K4_kmlk@WK
zU5(GBpkD|+PYSN>e%7T%|7+lV)-!x(tOxf4et_UwKfLsfy#IO^V0ghpzphpmM8aDEV$;&ORjbW$s*vq
zoQU7`3h$xXRB}o;`CR=zTryGQqXp&cnGF%ERYCKOgHa%9+F_
zmao5$xu4+5XBpxf-;eKF0Q$2qkM9Zmd(dCsDBN!{V)|0OIy{JfV&G(}k%eM&hCj2S0==nt1b4g7XME_qUL
z9oJL6_;nu%uKD`@Z2h(|-1j>j3H$;0KQOO_z)zZO<>5NzA>cK&hI9N*>Sg6w?dfT=
z1lRJsHpA+N>ydkaPnm0cs6UU{*60V#H=KIN8G`Hg-r)JM-{f$)HwXJ=?4M7A&l6LP
z5BtN8+Zq4wPqXr{-K&6K2fd5q>qg*TVV>gr^%n5c&o(}s_t)=j{C&UcA%bhaT8Vjo
z2Q=nkpg*J8%6TvFzc~7Ei`&1q+}`*vfnLY<8V7th{f-7@s$=pTc!bqu^RUT~`}@6X@>;
zemM5QWth0%zre@$8{e|8@#iJqTwe?Tz7+ciY~MqGkLqjn&w1(*;LD)@Q;w~-qw(M6
zI4dXhqRGI0KjCG-7grj8(mxLT0q8j*PTg;de#U=tqtRCzoH!78732x^(n|%`aj^j7
zZe!5j0s3yejn7cvJ$ABs{^}zu{~pM9U%|C~zwc%A>^}>D=fq0^zO!dP{0#VNZ@**5
zovoa!yzx6!aLu>eqd!Yu0U24W~SL82Ck<
z4Sx~k`49M9hy9)5z#lKLeD}inDfYK5lg9sytE~SIGIoi9!2NjFiv-v5PtVx*_5uGV
zfHy8S2AnT`1pX%GedtUTv|9HzPzCtk3w)dR
zjGpV$7r@`w6Lu@Ie6KyizNTs;*L;@^wDQo7
zdNSz!_z%|u_xINBZ#~|1U&9L^uc&WS
z1OE}@t`2-|0{$ZWD=LA14Sc;hRvzl-g}*_6``YlHpdSnTqE8JcpDP8|a{BjEyb1i%
z9jqQs0iTgWjeozl4d*zz7`VSbc(35f|AJ!6m-fJKf&1|xw;5*i{yj1kg6lX+ylMF|
z4*&VUH$^;W&O1+n&okI(Wc_SB-1z(V`-}rVa5Lk7I==Td;IC|NIOmJ4Mp$`jAh)@`
z+f8u&UjH7J%YaW9Y<%W{{{|zC-oNK)AK(`uupo^?R2PmZK484j&$`0C_jce@1lM}-?{i!X+&|~_BJeMEvhSk&
zS$l%nTJivJz>uTXxr``C%b-`{7P1ALcrj1TK)CGc6}
zteiYYzuP3M2Y|74QCo3=6f^n<1v0|Z|ObR=>2={P5{2^mzFR2d@Hz~_dnE&
zKhv$$_vavU8EybJbaP6VIVf#18p=tl$J{6ORH`zszQxYo~W_CF822O
ztezi35$Xije9xH}t>=}%$6)_x1nBoY)ad=V6Q=?HbXb(n+rSTlJm`CIEJAKh->
zl>+~y;94I497ieWdtYw!GX1&VT+m;zui;06&)-WP%^|KYIfQa|6Y!uX$z@kss!zz=}Ei1knj{L#a#oSg6O0)8yk={?Xc
z>rS(Lw?E0~M_7_55M1kdTL8@WV$hc(9x}(*qHoh{xeJ^u(
zZamfJ1lRIhhV>EUz+P2``~D0If&2Hdz6|{6QtLmoV{Di)KK?x^`v|V>G7a|Ob5Z^?
zfe*UR_*@VCR`Bunum1!5AAPKXSr5afTfV+Nc8%bg@5|7usn0wD+&|Cq2KbDI9J>hR
z*?ETX?+g8zdcp$WRY@!VaM1rvaJDrdmz2%4@_cixmA?#syh(6vm!;^3v^Q>44IKV&
z%Ru{XF;!{pTh^h
z4>>wYzhkZOUpC8d#!;UsxbkoC{N+vpy?<`y3E+q0+y~3Ecb)NRgx?Fxf0*FfzU9!X
zxn6q*_&TryRN{Ll)EoU%*stMw@Lb@TnO1)KH$DfvpC=!F-C*Up^8=$V2mjv)uH{(;
zeS`96De%W2&)I*z1E1!98J|PIXY?FfFQ4M=6U`J{`TKr2R|(F(2No__3HtuE#$U{y
z_G`5A@9>iKlauYwi9+BjRvLaA=xd0tYlO4|pCP!G$B(1_H_$KmoAKEm*?tas|2*1m
zP4VR)A-M9NeyH)GUb+s+H>@saUoyPO8x
z-(P-KaP7~J-)Z!#Z8}M;KhO9q$GBj>nkcx^pL)E}vpfx;-@qG3OM&lml+hQVobLgj
zfc~=p_{{m1?`W)-Iq%#BeExpMrx5f%0zVgWgX61Wf$`b)L!+Mw`a6O9`|n>0uHWUi
zZ?}cU=Q_`>ezxFB|2_O{*^c*t-rt|
z^R9c8@mUT3`D5_v9N@cQpNRc!x!_vQ)8N-v3i|brHa`8l{ksDNkE@3{p!fIRF9z=4
zBk($K|9;6WkFk6goMCcfI?6KzxNqNk3iwMCjh=FNi(`$Czh5&CxW6C$DDduB$5Fq1
zL-4ro{T%fEz2v_>&g%2wbF4p5kKG6O)ElgvtMFZi39jw#-@|wnaQ{Az7lHftVRb(q
ze2Oezj_X4N*Y@@A#a;mV-@z`*Z+sZIe=qj;jt>eQN+z6O{O`klH|=!`1=sKL?^(D6
z_(}b&9yqR7fzRQdJ^w@C|9~9eIND&5<=gLD6R2OKOhbT|zist!>RR@P2EnyF{yp8#
z0bgquD-ZS3^-csm)}h=7pAOuQ=W{>s1ool&pgg@#GCsatZZE;LU6%aS@|^|xGSI&Y
zc|v_`Iq;dVf6~tLI&lAd^uUuX->soHvVG47erU1P&jXmRyPRV5CqbSMMR`sXT+3P4
z#mY&$^dCTfk;lK+sm8~*o1FyQzX#+?!PUT)czb&}d|L0!)
zcRtJL-@tls2K1I41=o5Q4gHpKvKhF44(Kf4AC0i`kbdp6jnCqv45!=}0leI^i{1p>
zzZdvD;Qqa<`z<#9zCX_ug0rnrH7tPPcXkM!Ak|_#PeA$xYo~R
zt8IMIfAW6dFGB8dALKLOJq|E>maXJmcdw4AR1Ujn}}`ax}czLn?4x2=79p*+RF
z*I8ot9PnQxxR&!O)HC;+o)cXA=MA2J`^Vt3@#V(&F7Vmp0^{S~1O6M}?@zb#p9cCH
zfd2#Q=nWtb%PurN|HS?R+vQx~pTO=-J!+kcjJ{-!@u$410e-`7hF^hvp9kKnm(@c7
z@GpTchkcCgwbR8`pBq1A^fE2F-!Q>9!MoukEx6X_Kj1IN^4|d5zu)RT$3M)${#|&9
z@j3Jq%a`M{7WiAR&zyl*9{}DJ^GJ8#1(zD1+vgY`uJ`8&-WxRGVfS$5BQu7jedO;^$NkYJpR4Uw}JjxoHt?r{1Ui-
z?tY6U#^-|Wmhak@B*qD@^?5M%c_}B)2JYWS`84q2Ev%gMf7tUHvz;LpPUg!Qx2jYjX^``ifpse0ox
z7v=c?_)^T99Ct&P86W?isX4&?d(-Y0oMixOm#lr0@$t_A4FkRv4q%;ymsSE#K(8jx
z-ph^8SJ+46I64BjZ+CiLaFqk+eQy2pcC14;xY_vJS7-Gw1^EsKKB~Lnln-YEKkL`l
zZ<|5?Eb!vKh8F`*R5ms@HP4+sy?X-qfQrYmde>oQG=bh@fOJ)@?6
zT18E|s=26jnfg~YG$hgomo<+|4r!>)RA%N^H)Yb5^>t0n
zjdLrT@uvY5H8u5>6;eXsGsD0^)idhq8#D4SVc-~HI4)UKSznczR9{`!TwcF_`KaR5
zEdAq*{n^1+$u6?1Ev)533dx}mgz^^6o-ntjCIlo0*H$dpzof2t(7<6$
zBkSi*tI34^T3Apuw?V3CQ<&Rl~JaqNxe;)H7Qzk#f_PoOhr>P@5*e>gG=g4E9z!sN~)_GFb5&1e5Q
ztEIm#SkTg6s~5)nHCa&7BvqD~(O6NFs*>^yl+Gkwrdb+DJ9xD=w>(MDuBfY$ZYHfJ
z9ax_Ws;d*}{l-lkK5U%4GIv_KB<)7PJgrza0NmsJ#%dXz7!d4h#nnwC>ScV@*Nl*s
zuc#D?RH!zRg>zkZM~yBlofQ7#AZe8eb89n=)s^F9_((HPsw@jvSK&YzX|5~hWFl>o
zt@J_}TJdxR+PgzdT`Zqn*D$SdHhO)y&lI>1F0Y?Fw_b#c6?sDR{ba$Yil*iRT}>nl
zT#Z=wD;+zbEL~*(?ys_-M(VplBp7;mvaqaqVNIs0Bd-?Qt5Tp$MQsNd6b=|Zx4Ncz
z4Y`a<24ca=@C%8B^r+Hd<5TI>gpp|(IO+W+?4M4J1~__Tsfzoi`t(fc#5I}3$OHS!
znC&kjbismjL#9#Wtkiq+!t^|u7jz0pxXzzQk349?u<<1${O&RR8%*Xj4dlni-3^lWI?)2L_=kB
zvZ=YGtVkh9y+V_E0;L9I>Z(%nv{yv3=!i@$N|!YcNtaZ~>?R)^%~5j~IjcDqr^lx=
zjUupAf+q*?v(j}k7dZ+kjEMGvbh;+9pt`bNz
zmBH53oK|U|Q=a?{b&;p421qf=2B$+aT~Rt+-_VpSN|)$-uXBUrCSt8TT{c`rX4!~z
zxtp@;Dr$!g-EUmU@DWp{qzCjLXmwXqm6qx)p3>r`Q(d~;)_DbqMFldi33
zNLMtcr^(!za)VtOHp%6Al}Qv;h9HrQ+}9T1;iIH{s}=CH;YBI)azQ>l?j_kHDM{B!AC>B6;{RAXa(
zqnqfZiO|4CGGyXhRNoLsR8lv+K4|TtX`(mQS(V9)?Nv?&qnoEn$4a$Dx?2CjWV9M5
zjb)LeU(`aC42)Dsb25-CuBluHRKX#=Y(aJH+*)ZnCxN7X3(})S`?4-Nu2$wT5$Z6JzU1d
z;OeH-oVlVl+rPot)AczzIVgG~=cvMG_YdY7{l1zBXM^S;;xb
zE#jIhW~5}U48JWs-M$A(UMe-IJUwZw_UmD3k$g^4h`QP!Q?bmmF3UjD<{Kp`ouX}g
z6zdSNa>un}iy|<1L0g34AiJ&<*)P&Y7kt?{d(zl^1Gky&fFUdr%*hyOsX-`U+l8}a
zt+SdfX)78URQ<`S+<6sK*D*RWJ&6*YEF4i^t22$$cL%2GM5;>r*#D-vrGTmc?eDEs
z6bsVVax|%q6jrL$rovxN9?Ey88>?r`YD070#(aeI8=M0yH$$r);OxMzSh((t->L$3d^a$$tYQKi%)1Jl3n}g_$yFN
zSyXV*l>&Jf!eMJDqf3H^TD|@N6xF=0xdcs!5Bsl8n^^w7|i%=O#(3
z(rD&RC3U*|5Ud@_W$h7JIygQN{i!2;M*4`(#=5+-$zzC$w^Arq)^j6cG23z1utSBF
zZTXg%MhvT`LJ_;x8BwU3;XIi_ZFEaN*7>r;tt-5G?!b`Jx=|Bjw#js0%gROSI%e5Y
zP8EHkEIL(Cg@w@!5iihv!_&V^vJiP?&cp_*0Os#Jb4x2-Z$z@BEL|cUG0=~shDyhl
zW6}+TcRqRGjec#OHdrJ=CIPLblCmLbRgQwG3B4&iGzX6oJ70a{!jT0X)sqK76_ABV
zbaih_E^Vh|x?Ie>us-PeXN*+1D~vZwhy+z7W2VdpB0Wu+v_cQgN^UiPi8Y_oP4H1!
zlN_dE$ypXSVlS1IfN8^d^dvDDg)_54Nw-*FePB(;S!5m4anp;ML)@e;-xXs4P!S^K
zEe|Ac&Qe_7%hQ{4R~A9Pb)zF(JD^P#G|jGVC~K$?ZJS+3lyq3y(z7!QX><||%ci!D
zh{tT_{a+c`WY!ojJ2vyR)6~xu9XF4yP2pf1XDt9CVYmni{`xbIay5xLGoUU$b?KAe
znx|9tNGEjMFhScDi7il#h_aO=5-Mx#o~HdhW;_ijbk=d`;=`uPfO6)AiFIYN59hX}
z!Zvf^B83_f^aa_y$~4NZoNQGzW@P)XLJUmP@>HLwE~RBr(@nNe1Lo;2MtQwS=;1|f
z=PFfY3jvuaDpM*HB6c5rIkb8jP?wpXoyKEy|JLlEwt@;&eGxDtb@!!yp)&+H8;)e>
zc4X=oicPZvQ(h`HPvp@Mo4#6XUCt8mvQ*kOl?oO*zmyf+4VOyM;F~jU5R{Bj!7YM3
z&#)QUAQm=lmB20-U5o34uLaL)n2~|+dZ#~Y1dS$dw!?t0Q;l2XPmr~ZOj5&Cy>lOt
zzxZM$7$w?e{LptFCVvxKMU`xSYd2Yk}RsKRy&niT+`0jDyo$J
zuSIJ{%U#+xZE%_lD?)=SbbE2oK#|)`4YCE&JRM^uUD&^{e^GY8g%m)VB7U*faOMTK
z8=-rd(Y`dVwa%1(h@*Gq&Tvjv1fM!2wV+Zq-(?FG>R`K#&seUmp|X%nhNm7~K}r#2
z@g@tUl5w@k)EJtMWe-vY9kvkjF0gbxE%uFOr+&$XgxXR{rbyS5(dWRDF(Vsf-60*`
zto@}BJT?p1M4>B7%MFThs9R8f6m_jyq#d_SJ0$qBjS=h-z=$EEQ=m~IWai3Vkk+)5
zi(#7{EQ0BZ!V;Cj90sv^x>&*3}oM>vpNB(o2L(P+}@YgVmHV!da^@TRPoH
z+CVf>-GQ2!sgbQs*OUVKE2`||8*1Cs7+E?afc^GSuaci#Z*kc_t~
zLA#37jcn}7mXU2%IO~PAWZa6pZKK{_lUs{qYa>^8$F7mES0@u0?6NOjV>;=FA+a
z-xl=cjx@I#q|soWxg)NvISypD3+=q5t16l+uxgz!wj+~Swg+iDlpnxBXpSQ0
z1d(WFv07Pnh)2w5?hV`Q@1U`lnw4Z5ZTLJ^2CYurL!|*P)SrXBQt1O~^VFUS8J4TK
z1WWU2+L?2g^v+F9X9Uq|tz-T|3(-&otckaTd~;ws6r)vM*TejSGx%bejf!<6&!+US
z%3Hl4CH_M?L3)jqpKIQN1pYW2u^8xKjZC_iKM=E1dZ08}iQ2veCoBE&XX%sFWyvkpcA2t7?u`|ZYojb+G{mN?dQlZc%aQ-e%#~m2XthS>FM1NyH0OUwBy)bb
zl9g8CZJ=d~mEw6ipmslOZ)Ht8!Kby+iF=S)h3$F)l8O&TJ`?PRtEap9K$xJn9bIDbTIsFb0aKh0*|_+${3gNzeQm|KU+pRtm%wMQfF=_BC8?6Xo3G()C;|uSRQnfnfkS4zpb6|+
zvLo0odqqdBT3M+f`gJ?qrrIDZMyWU#<;Jw(ka81vO{sp9XAdqrHHYTHQt6n^mqGin
zZVSl9pDHQJSmA^3fXqy$
z#6D1%ucTNDzqx|CN-TTU~J
z)D4zyVb#Rbgp!4JfXR$75r-)4_U)bPT|a?&CwCLQSa#H^rNpusm^I#N4ax_!V8Dv)
ztDYIl^sbm58fyIZD!dULH+l@Ga6ovEa(G7EGo)8wTwGg9pW7w?@AlEY-eRl(wpWW+N?i%K4Ln!;UCtP>73&+
ze`Y2Va{Fr3H7&^2D#JMp4i?jTea$@aTMM0k!uMM<=Jp@4B#IVY**soOpm<$Kx+;$>
z2t&sprc^Ds+lxw(J%J!P@*3`}3=EvXX$KU&kM0WGoa>m|A13nF8pYS}iUUtUQN(FJ
zZA&j`LA?yyJmfqdPFx1eeP8Cd8AP^%RO1O&rT#lD3zHRP1`V4MU{^(lnLZXf`&Y-lZ}NV{PGYT!l4JPfo-)#*ko7RM**Kqr%RSyQ`yBvV7A
zE%J?RzMj9gx_LLWiB}QXy33Uo&fF8-w+q~zqV*rrj$&4lMQ*B)EzA0_sLRd`F{ft+
z%GtFHJx*LTxMt5zgq+nJ?Br=OSzYI*S5?nCsJp{v`3o(_<-CI&*qh#xL%Eo-oQp*3
z`>Ae|fZM4mt*h%wX31xZ(kfl4&`qPRa*DZ+D}%(E@OWG0LJTt3tS9nwZNyQ#VPzOa*`=%GPMIuySsr_~&Q{g}K3$_zMk35vy4jBpDo~
z*ucqO@Qzh8ztsuytoU`pw+)A>ig}ibQ%APC!b2tZOjQe0U+#$L$f%bUNRCS7Do>XR
zx!W)3=fMthJ|(1eUvo27hlE0$92;BNp>GmB#@T$`^yHeXeVYX0TaoYZb7X+|T|eBG
zZPn7Hc)yf65lcVGLF%@7W@G()5lB_$%NaG$qoUeqHT0~Fxr@V5Y8jRo67FoxcsW{F
zF(cEI)dXbyQ#rFS$A9h@GoeR?g!GMEArb5*4{VxW(I6C|V^>)`PeS`5r8mnSTOlYA-hi>RrTxw!>*>Q-iHHG+%(oP|CZ
z=KRaB1uy1m4ICu^#gQ8px}*VQzC~
zBpkMNvNcsOzNFdO3Qdra&YAUUaGlfj%lsWEj|5DGm;D1}*)N_BvCDqz4AOFH<<8TO
zvO=)E)?=B@)kmIgm0}W=Lb#oEk&^|m?*%8(({k26D1{YF{BGnW1w&O3ryW_*Jrh}I
z85c1}Xd{K}%TVg&B&;)FmNJS7v$kFtvi#ElCzt>oMONGmoIkSy8_g|jUrGn@mT?_Y
z@Iv07W?yN+)(mr4xKOc`*#XN|sIEgx=7=eGs(dt5j9S1_LG9JdQ$lzEv6$i(8e%Kp;nI^v*a)f%cNvd_7^5(7BuVm
zMg2Mnw^v~*QCc<~DrXKID#4J34KGP2`w!4zl5K`Ok|EHIU_BA#t-b9+&)#_74^M?}
zr5G}o<~XvVWRdo8m0|-mXj9oH>rmt^CzaZM0?w*6)Hi~7zk=IbvZeR*oGsb*jD2_2~$Ol
zRpLnMc^}$fgkM5*$a4@#GtWzi7iwi~Lr$*wM*t1{CZdC-w@7F;B8VklW~L#Tx(W&4
zny#K+GNq|eT3p149O@M>EB$9(eY1o-(A7=4x+!f(&T6V>XLL;~lD;r0s0*bO=#$mL
ztVA_ic}q4c?XMM0P2xza`M5vHVG!9wQQK>9LTzB$-16kDNL;7r_EBuV*3861So~+Q
zC%;;633WP*w5zm&PHs5*3km8=58b1K>DEhStq_V77gmgls`ZSf=|h3R
zKfb}G#>J1gzQG-~WpQsUtt5Fw3&Sv_Ka)Y03CGEsxJd
z$j)0TO^T&|Fl0Hf)Hk8S9=;G`p;ZGXCRb-zb0&*rB6X%gaU3bNNIY&4-EO5U;^`9;
z!pDs)FNCC(F}9}%rUSO5D|Ox|UCE@|6NP0-`%hW3de+7YbKTq4!50mTCc_+I&sRBhqqw972IAlDU_*r|g?(43#R!)@H*1nNzZ(>q%#ZdUv2~kQwh%Yu}+0Yx{G~*IP
zAvF~#K6nimf-fz#KTR{U==ALY_9R^ib>~C(UxRDo?p&dFmZ+i}QN>c=kzvV!UE@GYt
zjX>h3S}r`u24jk9Gua?a
zZRyH|C8aSjA*AgCC7_LGVdQMRjES59;l3%aRHXw^$Wd}qS-leyaq_f7#R{rdM0ETt
zOnoH3Oz~=%FSw5jhrgF*b1EbL5Q-|CyL9hB73(CUdt)+6vWwZ42WjXmhenpsU7lJ!
zrDokI5=kLDCq#DnB{agC&I(o?F%D$y4~W!);Lllk1$7>;6vualkiAFM8?pDu0v-zx
zcA)rSoRwW@63ZZ#n7T;lfWA@N@Q;X?a0e@tb-ym@4jMLooCL;b5O?co)f(KN3mjPv
z#fQj_wy6clw%#foF>o-Bkp+|@c_PiZ{pFT?hlYiHhr$MTZ{D`==N42*JVreWLZzM7
zQnun?<+&_@b&+@>RL)c*IGh5h7k5Oua72do1V#O_b3XaSNqo->?^KC{s#D`~_Nu~5
z+d&mgdLs;*p5M`mp*h^;*tRmlV|=(J@?yS5S5v6^0_vW->~ajsBlxX153J)|Hj+>K
z_iQOt<>hGS)^OE1`YP)-?5LD-v8`2XhNSb5Fa=^El46auxUhLHUix@bO4LSb$CYC3
zq#8?6_YCR0BQ~)aa@SEtFA9)8?VDFxke7J}9H+O|6hKjd)jk*mTnS9v@iqv{k6Kh@
zV>auL4fA?7s!aY-B#rNF8?rm+>$PsZm9^&&R{2iZp0{Vl%I~aIz=K9i7Cj)X$915Bn#41;_h>u_eIw`aB;fc6&MU2%Q=nf%q!=PY+WiUJ)#Z7Fk
z0@U^(3Ta?^$j)b|_JJah$H{$r5=_(S2HI5C%VTT^y1*=UgV{y=qJ1H|%*?Ys2-$L5
zS{;m)rL<@?HHCnKlWX-2w-?BB-s$4pC)_*JS)o9v8
zEl9?WbTiLmZV)Z|>~zwzLt{1TN8q-r7>O<{FkOIoQ7@!9>C~0~baoO}8rjQ&l?Law
zZC9&3w)Z0Oanu!WD3q%!c-|R@(q4L0%-oo5>e$bBJNzMG<(a`d&=Oo9hz`pYd#I^n
zY~CF*TxC0_D&t}#uv0p&%ZDydi5yW#w&lK;&=Cdn7;oP|!qfUUzKH%I7Ir^SImKL9
zbO@mzxDi4wnDyGGJ7-sj(mzA~Y*~H6?#2)itM}A7p&2N*HWIR=aqfs3hJ?XC^jtau
zM&~YOqz476p`B*s&O&$<@2s%@E7c;qd}^;r&vn|Eop_N~YvSFlYexynqN{J|0YPN>
z`Eto#aG_A{WG!Y*X>+F
z!qec8ilz}^A!2_^#+>I@<5qTA5r~{N9~H&|L^qFBh3fcO3TLUoRa}L^A|e|=J}tIC
zi-MnL$E!4771L*0eCo5T#sG;@e`>
zAsO`-ak+Y`pMJI)Vw}mKa%M)ZW*1wei-qTA_DZ>4LME2*;@rkM?bIzUq(pnq4MHZ8
zQ1@io5Qa=llUlZL7_y&7T@agd&LLHABLlr7cSJ>Pym})o&sxO}hxW?{XBUeYRtJf_
z%vJ-kktHEr!|}RX*o%pF@SKAcYwF`5hglGjUq(h7#ZcIy&K{JDm4ja2RbO1GB%~peE2?Xt4`nZi
zkrKr$OIlRnvKm>-cg#yaaIR{F+1*(;gW5D4-z&9(evZXp#Iv~ACOXq1V%$KyZ6Zg9
z>9eIvO-0^Fzffn%=xxSw1$T$8E`gR4_P7#lSr#u=VeM6a<=t8}m=4H2%Rr-iTr*Q{
zxY9UJN~iI6WU8`5$eyLzyMZ>myrq>_tysb3=Hkw4qAFLR2~1s5xLjLU5T7~LgIBKS
zbSGY%dvvQAw0e5Rob_CtnJPa><0i>IpSGPfY&bFx{Io(^Zb#}@rwz4E2fB$=gYRkE
zl9NK%7}~zuX?~&ga%k*FPGm|~mJVST;DtNPV0XB}U4Z3`g1=C)WSGlMeG;2pj0WkM
za?h6TE67E;az|R*lnz}um+eQTLs}_rZ$MhIMMI1HJy=gjwsDa(qP97qiM4Mx1TH%<
zYuOgIX2O>QwO1HP%Z?Wh^JZP6iN8oH?uyaCR2|v3g0b4BnmjflRXM~JD9)9%1t%ii
zrHFGHm3j+0QaZR8Cr{Q91A`8BX`1#{4%EH~tH4$f6y@hNO%*1kL3Dq0f^4*BuTrF?
zP~-?sMdi5=5tCKq6o+k-IeV|%Tq71T@xWeCF|B%DQaXIPvPSd}cRij|>hyYvKNdYP
z9Uj=l6_Jpatr@1ArlBIj#jVV0b|!h_X1Q$4-&ijq9bVyUsM_DAvN5fqITGMexQd=<
zL62(cXUKg!dEKU50pdL=!&2M%QHCr^q0Oh_*%QR=O=2jx0i*(>y?R~?1|_t9*k{0Z
zU6CArp{^UOlI-kfV~Kp(aMcqQP3U`(h@|q%380Z1}^!N
zAG1aVk({nnZ$>#LDASN!K&OE`rpekLI`z-DV=N;!Cmw)qB3rC`Y1}s2O@hX1$;m)E
zr>FI|HsYNrI%}T|2j0!&;TbCh0u55`BG75i17R)*a}
zq!0S%?3!5#9c+0dpuLh%}>Zzk2G}4l11v?rjN#q+;OY%-ld>}RTRu
zkJ5xf>zb3CCyQ~s??{ct>QkXl#8Svx63Pe444#ttrUM`7q-l0=CkML&Wx2=6LjArY
zU&ghTC`J-V$=_}ej=B9MIyM7Q!yT}2f#S3&%~7i*>seP0dJv!NrE*a%*?Bipbs2=G>VbEwTJrXEGg^1-B!*Yw4u$@;_|^
z%|`0JqqWG@ldymQM>M0<-#O`iXTZ&x%A_pBKzCl^Wp@#O{gCgza
z3_;djxU>Shy?STGc)4aS(>Ot*l81tkI-9c`@y^;7gX@qZEuD%Rl0m=pNYSk*e%d&a
zLcK6ppBH2g7GibY7WLO{76r#~-AO<<6hn1YBh3+bcm}aH<10Ka+-4iUi6+kWuj)+t
z$HmdpPm$5!c^=9|-!amdqAR?7lJTOh6%g_5wIDe2ifRNk?h4vizlX4H`*ThAEh)f}
zgLhI3Yvy4sb%WbQRe1kGD@*V2dn+R;Sp9YIipuPq7QYvQ@tZqCgyUleo+)k^g}prg
zmk!_Fp0o^N=K>tDe#r0$wqf&Z9qJG$nP+E!M6_Y1rhY68+B+_snMds~Q6LjzKr~V}TOIcciicJ^YB)ASqJ})E|JJ6%mySaHt
zxhKt}?L`vDim0_$;e#Y)X|@MQq!_Tp5ah
zAFVH%3j)1D`!VIED(}8GRi3qT=n5pQ9hkHk4k>2{q|`>CadCB}kiDKSq*ipKT2XCI
z|3S3NW>dBGjfo>q&+HEa!mKRpv&-OKC>A6jr>?(_^({@P0
zI3pu;p!_4N{h#lQg;C*$YdVox(22!%P>VlBLuq7vscGlVip!vrhD3j?&KmS;^$QNg
zK8NR&TbfD-3t1rJHVQi=##&O;B+`9gsnp7Ks}A*knP1UZ6({~|RBL~abSo@)yn
z@w3B9Dke~AEI*r6d62ukv%PMFxN93H#rm$ww|RYY4MuY?9(AWEexoM38|!V=@SuQbkD#(KGXf1C!8k
z(jYu&s-iP499X{k6YWxNxOW27>6SY6x4#uoNm-++cVDCXx~#mVB7gzlHWb1)RLfxP
zNMnW6maKh9X336olK~c03%PWX_6X{ndVlL@d~?-37wyB1VY`#r6w|g2d(Xx!SC6|;
zG`c`BMj>_F)%DLMm35vAoWNbAgbsQl&5N-Esfr)?8DU&R&XHTtG
z*{EAk-JI3&3;P$ftE*88wjdg8uFDScux&bbpIj;~&IPRvb9rs8n;nDi&7D7OU!o>9
z7`BXPaabr-5iH8GIKb35xeMJSwzRZ@F1A~e7BaA;cS_vnRP^#f^OY)VZm5Y1z-@Wv
zmuP{XsJPk+dzpsK$3Y4iRTuLJ@jwj-s6&BWWkX-=_)!amO+M3Q;F{Zt_zOeK`357~
zH`njAJ}QcatW2c>toL~3%m0a$@-4|qxw(SjVk^}cB`p!y$68p4$-8T2x)ps>ID#mT~o
zCWOh6yaH{ad9VpMyZi)vrsT57*15=gmy69kqBMr
zi0(G1QLY=PuT57}R*G#ga_v+q6!OE<{nR!f5?buBqAKG=xfh!tydG$CWCC5$2BO=U
za9R`e>V>4Pv*it*<7``{eZCB2e#4s5!mj?1aqL<`qv-++sx24|W0^{wAakX;`MLXKf#kv#xa
zS;R?9yiHrbL^mwrV-8!%tkaP)ss#Pz>w#+x?YlAV(k+ZR_OKk85SdzG5tRz~IaCUF
zCGh`g?rUNr%d)hBzkwDEJq$wh2sM;o7>!^^Iqdwi*mPBvYsOWTl_oR$M?#t)Y=<+W
zE9`JZgq@i!7R?4Bjf9E?qZUF!{0KE0m>sk14H7%HBe5A^hcwd6VvrCL&3FFpJ@>wQ
zU%dBhmq?W>?1;GU-FNS~=l4731Vjb3aH*L;WYj^~dw+6{;6~{5(~+N~u~W=F^LTbn
zF=9WLEpeaC+y=#E2Y=JW)g>R8v_zK=3>o8+TwTPd!m>G9Bo%ImW-6G`BHIjrKx2Qn
zfbK{t`HZhO_Ti4WC8CQ@Cs&u3RN;MjMQTx#%@9G++hGdqhTx7k$}CS8M``s9QF0%2
zE^8
zo4moiRdOBE$aV#c_SqHTz7q5qD~bIrA46y*A=bN2A7UC&X&Ms$3&en=y$baRIfNm%
zo81J!so>f2kPW%wSxUF
z#ybV63ZeeYv%+lK!i=`$L(~%550b49P8PGNFcTO7p@c;6>m*RW+H(>&fR!sP*WfQ9
zuf*Z^0G)}*DTU939%@pD$uX)&lpds6Uojxi3|}j`86vCaL5$qE
z9@~SZaLl1UTRgzNbb_-mD?|5d>Q6ze42Oxer3&Br%8%GCiDNQ1mEBqx40cP5s;Y)Q
zgoHb&^yUyv6vm=bW4ekN6i!a(nM;
z!3`F@(l8z~Px`gx0`8eR1mYuzh{IO|;&YU@(RmSmgN_?Mj7tpTkXlNxkzl5{&*@H&Tv{k}!7Z^&|nYeiWun>21VcO37aJ*Z|69H46%
z7YgxP3X%|A#I#(;QA?W)GE(d(ad*TWuv`h)1B?-05kw$nY0|HyK!U6Zu2XVu^X1xI
zFUD?BaR?~HMi`?MOFAKmiOS8Hq6Wnv3d9(pmT;A`^yCB=xtn4GNuS~6tCoRo!(P)v
zH2XH^3JMHSO;);ilNL(|cP~wGJKvR=7pxUC%mcO7zG*z(2JljFr5L!iPfrO%ad`3m
z>J@9Z{UO^BYQZ}KEx6h%^11g16~jo>rttvE*=KNk-2a3e{IqtMe(lN98nT5Gcb^z
zRCU_2j8ExizVu#k-Mc4tIw-
zV{7#c&w(#oMiZzd*qhqgcDe4<+IA0LE9Ue-Y;6VWtG*G2{#K{ur&6ls|l;3nhZO2w9S#tFj@}Na{Y*`sHm=R1m
zIEF{`F?W)-nzqBQNrGDe64-0Q@n(u{OU(exDIjsNwPky%%Dh~X3--pW+nP_ZxzE8N
z$woaD>ru}Rd%7^4u-k~{!(bxwwBiFyJS4*2!r{hts4lL(w5
zojy({6>)~Yz`biwa4*6uKyZFeJ(TW>MVE?DQ(P1e_DUwbXC;2OLy@Jaut1TCMG+dA
zb%iMQ%US^x0YWI@%#;fw1os+0VY+l7Ck|wq#;hezA4$Y)kq
z(XQxoNN6aT4!_uP=^<34`VXk1V--;dB#9__l89T3#|WFl7flim2h5OEIr4Z#6a;5m
zDJGz^IpC_OV1BZH`~Clzd5Y(zl(9D9rtiqz({f6Ew<}
z=t6`Ju=|kKk`9i0b_>yjw@YoWKqpwYvY{Mw86(u-mpNe1zlhjwCk-Hz$>}oYZIN99
zNs0eR0iX%A){`;osmy&6K~VZiJN34*hyc=Ie5GzNR!sa6(3gUC-I1VZ;)9LUua`EOIn<-@u)g1=bKpi?m`btLgf_1I`k@`rVgLI92OO`fQg|hBS%L#htS<7j66W?rq8oV*qm@nmDkV!$}gtlvEY!I
z+tWBQu}o5btg?|@pn8m%$q!*w><80zV^Mei09FU()XRUznrR8Nxzz@nOef>RS{xas
zCZ@43?Yt-Rv%~MLS1_kB93=*i=bJb4nA=Mozk$%dKF~nI5n-#vP!0F@`O-P7*yoa5
zmzO+meFiZ_oT^pwLk(G|sIFp`#IG3#o>XQN9y53=gdYS(F)Y!gBX5equJjMly4#0_ya-6jABwriG+Enrb
zmz2@z3lYZ!A2{g~u4;O55`o*b1n#O2vFN8RVX7pj7xm5^8p|96NeNQ
z2*Qw`N0PYR8ZMw&SUe*+40ot;B}+_v7|Tvvm8Z3UBKcy;zN17LEIoRW_>3Ed0f{-=
zZoh!)XoW0LsOg5RLOWTt1mO`!Ob
z8P5%Wh|gk)!fAC40LVEL-zRR$c;^zO3{hO^e1QnW^@m#pQ>sf&5}2qUAN!&tQZTC$
zdW}Y1g~G59cdGtE(|T&SH{xX_`HZEiU`r~&DPW(-!HpCv-s{;HcCc04^i^JnrkW~(
zX^pa$4W*JXK4u^%a@TRQ8!MsX@nZQV;P@4p&$OjAScJA(8QaUm9UYm%V_-cFR;wjI
z?1Sn>cyAH3eW6)Dj-l!R1;3JfW5d4>CazXNuc
zRUz{XdwmuJl!hzY^0-pn?100BG_uIt&Nn1;HDfG8#S+_f#uaSU_{O=OIK;bs_-D+hF>@hQh
z$25}NwYTKmX>b*Sa8jvLtFERg1YQW$PKu8t5t_YFo8sH9I7NO0MNXE@J}}IN#uUtF
z)w0c&Fwrz_R+ZllZ47b#vJx>=N7}&0e@80AWXc~<-#@{9O^rN)#e
zpkku5_({=(B=M=Rvch|!!BW$XFd=m!Y<0X!7Pxb2l>#uIROER)m|%z`q2T1<5E!eI
zqSb_>+n+Ur#DYg^qO;bGC;%a7fY=cP>)e%4qBadA@rGHWu->wYfUNk#LOc=&uRkBb
zD7!D16na{>jG1q+wo{27j#f=rIM&b8lIi}w`|~xDh6!gVv9mj4Iix;Ov;k|`*&B}O
ze_-D5Z4#yzO*s+6=b{=}bqo7>zb{o+%6GPD6|ti!!DxTs*O|?sWzS2
z*$@X6jhP=wxr5Z|(Y$b$sg9~jhqEjbgUAFYFx`=OEfW}M6{pdF$;0gSwo=0A`w{`n
zPJGw4T&*uBz?J!V%qS)={sHsKmn`VGeTESIaCwEebqbqEfqs0icrgo#$)SrE+@(G(
zpHjOm@cd5+u5xkuWVyIHzo2{ZuPP^%ZQYe}{
zQNekfWRQsiaeBd0^KiMIe007!TTEZAU-0wc?Vvi#xw!#jZ+dPX2vpT`yzzrMinCo@
zqj~upTlsPc$iifw&77C-E@ujCYP#6#)-w))`B(eKsFC`Q(KW;7j?4ihY9ayRY(vq;
zqVt&#Gy(=LJRDjD)kF^oYt)p2bR&dBC|=TcK~($|6?ezEGI^K-2%2!CBH~%MG#*N4
zA*VQPsXhf(0sA8KpQZ5odcL&r(u1xE5))k
z6fUw~rTl80bXs=8Vw2l5+iH?1icP1`I_2Y*At+LB(AW{dDR@-|Iv9f$;@Hp-=G+mK
z{GOnp1-D9ERM!qlAHZU?zO(
z23JNB7h;_2mno$=!##KL3|T&DUwzJ@B~^TVuo3K`7AQ&sXrQwqxXGNNM2I)OR*cU@
zt0!e(vQ|yrzm=7B)<9KdHOsx~y%AduKH^F@81wEh4;40&XNy)vFV-^eDXmB_}M^cwK`F6UOXThd-E7BIG97VV}
zMdYKB@Y;E^g7=lJa+X^@l`^A~DEgiGX2fP&oGil~@)%QE4AXZHR>7Fakkx58de5ebx|5Ej1pi0~V7&N0MEvk4uR
zj(TLDgBlUw!bx$ts8t4}I#_F4lbj{DcK1!ZznUJj-oP8ZDhZC8AUDZBs=?o;*yuCI
zC@|n6qHW-{H}|yWrAaxN+^yOhCO`~d7&F0nU(XgOH_Olp)7VmhS!$!qBtVMhpRlX301E-I+;t49r=>;u<*8v{B~crtMwDnNl(?S+HG?Qg5oIb
za{TOS^${vsULow|BN3_kmuf*Khq3O6|3L%LdYDLEr3^~!HytAH`Ivoy(au?b4SM%=jVNf6%zU%=`~moLKT*r=6GKc
zY|Qow=s}TqjEGY;wha5}2H_Krit+#$ic)=)w+wn`cjfxMt|fP&PS2l>zFj-xCT$6>*o1$R=z&Egf=P;j>c
z_PLs!8JSWrF71fM^WnNkaQtlRrCHoCD)?z#(twJzPJVsaDZJ*~Pd%-;DezTnSzf@W
zwrg-Gh!De=Bz1SHrS>w(3n`HYWSKw`XHu&spBw-ZHDOQK8oEhgg9oTIzjNUxl9`s>W9L=>81_PO*%?`4kxBUt>}H>vf}Bj(Ggust=Svid!0&8Y
z1$1Yb?Zsr4JCac$fm-p|m^vLjb0U+t#yjdg^ULHkcTULyy+WwpBoy6@8`Wh+|4EWU
zX*(j%k@9>fV9&JdOW4*L0h?BVY;*Dtu3vKsBv;lXJR+}0EJGbnY)xol(Fwzd^On|f
z<2}Knf_=u?B$jlSPMso@LC%(7WH%PRbP{82
zLn<n8N!aPL^$Vc~D)!F^TA&UXGQSHw7;v{JONMu0)s>+u#=%j&fAG-kdO
zBXd|ufuP!sl!K+ner$90-bTP3galP#aWYv==b*FQhsX2NIj|Rm6-BjT!=+C)(^p^+
z2SCA`T$}4X`*{kL19oQyA
zcmTRoEWI@gh9?y@0qsruK8Z;NzS801;xv>$|7N;6MUkLPks$pxu`D`8H>$+c@C&in
z!5xlX=ByfAgbUm{vdzr3L7c#A33&cAT)1vjU8iB4x{
zQ&dWvOwp7NT?||y;ysSL9$LPq!Xv~SimO>iuv;t|hhJpK4GS4P)O_3LoI{JVl~
zKLm^~I7RT5V-?7dZyMd2Te=7VRX&9wvw6K*
zqD)Y1Rx2L$%Q{Ocs`;z0c3UG#X$%T*|x$(#+9z~F0V5y)L7@ebe(UaX3`}=3oV%^
zx?K9B8s!UYp9YZaFzh3MJkT
zrs+(Cz3Wm}HfEbXi1lE)4z)LgFO&x!tJMaxcwp%RRY|b~wh}sFh!I#1%|Pu03kH`@
zRxqJ>76{fuBE>m>I1ml3kd@^^;wtbg6$S$KRfv)%)Y{6Fx0HO0oKL+s<%{8ID56fy
zGD1W>Q9NPaeufszZqG##9H&8p;W`rTJA}?HBK%?_I>H?pR?@ny_WRnnaUM>z6e2PL0vmo^B7C00@n`(6lbbx^?gWJ*JNN5|9l43;h
zc<1a^oJ5IPJO+E1qprvdK19nu+8}2$|C4h;2fZw&P<&jH&`hFi&QBJD(_JdD*F
zc$YNi9Lh{h_#$%AD*Or(Se2914b8kx951zp>R^Xn%CQ5@OLjy^sXawBRUP7_igd?`
zlY4~BB>Eu=Op{#uUCN}#rFkK4MG0kwla;Py^>jet%2Z@LKnbhrlI$N)&
zuV!nD0XQucs(Z{@YZ{?NWslTHa`!dbnTroFfI_j%57qs$Tv?2f2H#SU-uc4G!iQ7r
zu>}SbInm!bB#>dJj#379a_o~TAuLd~V0Jp8rtMc}q%mAh=c{UM4dTg3QFbg)uqnlz
zUje#cEom^v%goVbb&JbuUs1Ua+*;BVv6lDaTJ|-rABAFWWk6uNXY6?PYJS0Ija$K=
zU^T|nS<5Ks1O-=!gs?K`#JYqNV>Ufk9}e4Zu~;UpPBH~yujQp_l4X~TOKZ}EB9TS@
zzJ(6RC1<|-gn)~hW|$mQ+aB?dX!9j_RSW4)LQ$bq>=$e@94mwV!)3NeWROAQem@5w$x)AN#mtbqN4Efeai_znN|Iai78v
zpP+6p(FGsTDmcN!L<`Bcsbe|KM+bMid@kx3BBY(4z2p(+R-q&af-o2LuT*;4pa`up
za1iArLNT@d?og)3SScA{!3U5faR&A)TOd@MVT{FeZPWEjl-kXkD)_#RNcq!J
zx9H-{`4MweVR7=gaBF@W+~BriJy@4Y*68-5#Bf^XzOn*+brZI*n3&a>(Y=Z!Rv>d+
zw`OX1n3ed2bREAs7eW!v5e=*AYMaeMl@$Bb2kJ4noa|)+7g8B
zBRF+Nz^uJVQdL%TJbvJDnnnOZ)QVI-k)3!n89>Hu1`(h7eP}P7W>Sd$!z3O;+X1Rh
zHYZLVgA7FCTd8=;e`LTkA1E`ix+bP!75!*SqcJ}1Abo}OG+yiye>Pjgtx4wVZ!^Al
zG~62WKn1vOyPpG^C;YD;6L#r<(&WKJx8>ENs0VS&$H=S4uLRPd{q#J&QBk^SnzgxH
zgGp|dqEq2W|3x=x0s#Vy3z@Pxd7Z%kWv#Yr5=_v+T()3$#*W(3=i!izmh+uC2e=}H
zX4)J0y5X!N8AH2(b6zWE(@llNzGyicoWG_k!B#0(twA|0E(XLl!a@npJSXfqCol#Z
zvve>VGS+XR)gb>xIg_g}NM=XHgWqmXByrD%8w)AhlYtL)e
z(*k~1h!twR{_5@92@3qIDJKT_oXPc0@x)|ez+_^bDX~zoa4aWz4q@8f%}FqGt0Tdr
zoGo>iJpu)jCh5qxO0+E`i}U12wp2(n>F)#bC)xmd$27y(|b)HG&M@e<>x&%ad
zm(Cj(ELeBjj9lW7ZHF=M60koxq^hSNjA6(Ia$Tw03KI_AFNX%rSgM68bfXf<@o2v0
zB4EL1cmG1VZcG+)@Qn50>A~aq#TgZN)uea|aplk^UF5{r!!%=^uG@$f`GmJV{;+QO
zzM`1zE19resFtDyj5KM4o{82T
zuY__A0&Pui5+GN+=obEZ`#2U_eh=7+6OBFKsWSi5PON*}P34M;3NDtNf^8&0;i;VH
z?@SXlN+}(KX6|bO%(bDsT#b@TMb(dv2t6L_zZOW183VWDmhpb&)(B{#g>&nv5}k>3SN}nxBYyAwTn#21*O@R6IU{s%$0^cgbtBAXG$xo+*ax`e(>ZJV%|4
zI@8_sLp7%?V~w@kz;d#6i$djLRuK
z=H2QkhCH?AWY-A$3z>q?ClN)oHWuHD;Xhndu^*@P8vHbBxDmJjR-THha6FDio&V
zxgB>j;XG{SeIwS1hXW((lF}TrfOi-&k4b$Jj@B*T_CJ*bBQ5Li!RM_!c%02JSk`PaQNbEF$j|4p4LIf
z&f$D;Uy0f#oc%VrC=Tz_$zu72l)mK^ij7oiyjB*A0HV484O6=&U890U26eTKUOX;v
zl@E&jIi=hM=eTEAL9v(g-=atTV4_LE+iZh@O}$h_0kuGHY1pbQx`ut5Q%=>ZQa_yH
zK5J=t5SKi!NLSlSmp^oV^htz~jLYukIcNpPkL$l0(y#D%ly{J*Uo6mE7?kR&_RSpJ
z9+ezhRPxjFodd)sDLVNavRFZ_5{0BnHynl}H4O9GolpU!x6U5<1A50gzz@&cnCuz&6>a?-UO;sYAb@$
z#7s##1gGR3sfwi3PR7_!dfmj!R$S_^f6
zVG+~CLcN@5G&s~)aAj>R(L~Dj;Y+HsxI&`98cN~Ir%x8ki`h$R6e%KU`-u-YggZF#
zaI{?>uRd?!BfJdBFc-|`lJKVKDwP^DWT+zb0Ju7@{@*fLWS4i^2M7l0UDl!5KVL!2
z!fF^qoRYTt?Ta@+*iW9%)(FyJX`eiq?A_au?cNqla1)QlCp$bf8j)D|MfwazKGl>l
zghX%OY<+*y=tNbx7Buf$a<2|86v&1@R%9{5NmRq1+{vVlH?`#uWGODPF$+?MDoSN>
zTwor;$3ja!2eb&$Y$TQCqU6nibXyHbB9P
za1(GV={)T8!x{#0%D%W*Li|>A0xXF@FP1B2o(bS^GD3W!SdX$9K!c%L=MQS+@E5EC
z(~eMiQCcskqpMkr&|Vtum~CvGbw+(QItHmt91D)77O<2YRXt`alPR8|c=m2G?Vv^Q
ziltx-CJQP)2{ppdUe7CQ--4FOkZ>6wq2g*I_DwM?bJzFRWGM0}tx*o1pO?Bu$dgo4
zfB;YChQH2ID!7Z{{JK{g-PdZ
zkX_a*xy@AXVT%veGCe&t?dh%piR1C?iz}49TTL&h&bx}XxJ*NLF76Cmmc(co32(Um
zf*~OOHmi0jloVOdZpZosapH*d=PCEMvJa)W(x3~I9s*pp{K5_EAhm(?6=_#MFiFrhA&0$RE;d3_5`ZqfROj&U&`Go|WU}phG(aEC`1C-wc%m6d2E2&2pm
zP+#df>V*h_L}|Q~BCHZzn=Z5&$e&%EAH(m7tqlr{t2#sH@0Qb?%>cx1He95s6FGSK
znx(Zlu3m7_RM4yg0_X2fv_7b}m&)8>2)zUsqBl7l=+-H3Tg*kDTEi5Sr=EO{E2*n9`q~b@IW&JqAits(gEK8F)ap=|7(C(9~YK^4lFXoO^
zwa8^UnUtW6Q%3hBHk55jPH9G%mh8(L)kdK6hd4JHWPrE4Pn8j5jlLrGLPB2p+E7J=
zFRoB+n`flzGR|DVLZh#6>ucT49xhuFIbvG^QRa;G
zI`X6G`lH2iD#b-!Vk@GKl1Oc(h0O6+WVvccV;5@aa3x-!oaj;@-A*Z3A&%+E+qdI!
zBeSCdu@{vgc^=J5!%T`MY|1Fons|HC0}(@$c$_>y^!vDHFh&F7H>W%EIXILl5du7)
zmUo+E8N!jBR_c6Nr!!Hd`*@eZDT-+D$*c3_#ROI8R+|YuhH0@;oUq#JL{V0MzxN_`
zv0VDoNM}Gk)^S3~?_BIS11A&fq^;zqef-gEy19bb9q&MMo}X-<8iHRwuOQ3bh6{+~
zzDZkU(CFi|6b=K{@OI{x9)wEd!pj10gL>rZ#x%)L%DLPhpxb-Ln7j+6
zYjM^LV3blh-C=_+2Th3ZMHO@r3*W3>k`^hZaBo8=Z((!X#EHX_QlgmFG0OiOh)F~k
z9IKqRye*c@k*Ea!cLaNlT}S=T`$KI>2sv6146-MbcJq3+K>Y``{{X*xC`!YppTK1xLqHNgaKScjxQxP(KPrG>6_^{g|26N&l3)Y@AMyt^t#XO%w0!
zhlPs=dfZ$RzhaLO7UeouoKDhPk4@Y%!2sy14IAfUIaT0&a`=Q8+;=sr-!b%Nn9?Y|
z0zqQgKx`;Phrzc4bOwrjJI*!RHTfnl~;hqfYCDxnIuH36IiPoxrezuZu3
zeZe6FT!Y{whl(;w;b>jTC|MvPx`ZV}R90$9<`WIztZ4H%+RX`}giSAT++b@2G^~JU
zFm8cZz4Hm)sI4vCnA76g+#Y$5b+8?i(=oQW~;w<1
zMwGa+Y3*V7GHmB??S#aXkOLndqu?5Ib_MhjF)Sd&;8!~N8~{AWQgN2_loBTei(-iJ
z{mZNMYt+ic$kDy^yYtQT7_Xa^yuP;IE>I)--m8nNdzY&v%(~6H(Y^52FPp(l85Fy;;j|n~l)@Vut^ta2!W^|8q>Crv>dhgXze_78?
zM)x+TEHJu9@lSkvNgQ=_Z}xg}wwj*LCa+I%HTw&Gn;F3J$>G>S@!kuXbc!zIuyk3v)q4^u-PvgDW@zpDgCk!3lmp@S@jxHb{9Ure|
z*Y+0$i|u!;sr{yLj^{{9nq`6KwT
z@!ycQM=$XD$M9q0AO9!$z+Nx@6^)Aj(!WNdzl)E4>gNA%U&)p1^&kHk8Ef;m``GJi
zeEfgi_{SUh#9n__hL33ebPb!ozCC)Q@7wjhaV5Xm>m@CYeurLdygmOv(9b@g5Ap9G
z{ZPi+>u+7k`*iPLz)wE@H}D><$p#KYe*DoVa$kG>mK#gI+BkdtXL!$#|5C@>>w8=7|F5(0zxA7Pe|x?9b=w)b
zd%VB=H5&ap{NnHb%YR5aJsR2T&+=dKfBE|T2Yf{1<6UegOnzwrS*zm5Nq
zj{lL4e{CP=1@i0t3s)+Nq=lZAF{YQUA$9-L2X>#tL-QQln
zj?ex4NAKylpOe=g|8+MQzuGu^{YEza#|Jv@fxOy0?J73T{{G7tPw(0D|3t_CwvPX0
z`=Y+)*ZXUF|DEi6HvVs9@6)r=KYRTZ9WU?3|NnQr|IUZ;J^IbY*}H$cGXCd(AkY8q
z(soWpHQ}8jb$z
zx6%`5Ax2NvJd*L(#W7}unea<~+-*eA>EO&BumXweXagh=Y7O_vo
znNniPj((wM+>wq%B0Et(Q9Jl)B$6iT+z!
zf5pG!<^TR2)+d98ME@;~e<97w|NT3r8QoS^tPrjK-?E<>{#`JY{O_0-;u_kczDQe8
zqMITSm2zlC#C&8ZBwkqRksdFFe|Mh#PFNb!-|>>w!DP&f$iV+U^?B0Y`DtSug{7Gh
z+UF&&Zxs9;{ssR2|LZ3;yJ$4k*IGM7lTlvsp2_NEHdvo=88McHyPR>n*RW$X`pkac
zwWi53>gO2iaTEJ4Z(3L!GqvXZE%>!a78GYf84YL;5LH!3WVsEFuhq+uE_YBCbx@b~
z*Kg~es%9slu`kX}q+Hlh6eelzC#jljY-i^%W9p$%%I%NZ?GSmY#9xlq$ynd+`QmuP
z+1u-7RSiVSD@DN~z1*#a#?l69%9W#fncp1mBr=GJoc_mlnE%v&vU2eSmhpOa1_vVC
zs+1km6Z|Ws&qqu8+liv%T}M^MtGd*-Y3KT;yjT>Y+@{+@%Q1GjokXHI8P(x3ITp1d
zQLsXwtAq-KLDFus_s=YOe>?dnqBy(3deVV8@on@)ZH+9uwZF2ua(1y}Op;?x{KV8Y
zb`zrIrC&xDyE+X!u5c~RUZJ0zo@B6Ht<#8Fh0zKDS+4I_-|Hml&?(j2V$xW3$;6H^
z5(df;T{(3Ldj~r$kxuy_yOqb~Kcto$M{UTlQ|J(~Qc@}=)iBM@RxihK>{tt{qZ_8y
zn`B8w_MK}GQXXk1s*P$wy8EGkd7%NK$MvFw1iVhN@XvZ8Mxdg{N+vs?U*`BZMEDXxayC`SL8B4S|
zf4ba9)WpRvyoWf-c)sY#8S>L%SzHrGx;
zt|+IfpRF;!JStn+*m-D1f!k&|$%}f%(w-uFr+7I>J10@BNV!Xlf=EG1PCmLzvSCNL
z5R1UB#&(wdT}3_Gi0mR=d*>)ei}a+dH%TuvGwhVBq@F5gxkjlztV__aa$@P^u5j-NvKGkjCTB`)~QSTE|S*D7wjGv4w9UDx{LXC1LIgv
ziGk%Jy;XXi$rUPkiqYZHc7b|&F)=rM3?==dn`6_>*jT`179bQb7Z47J0L%j{05Dky
zSOi$YK7cI8LKFjKEFg|PucUGnl<|NBKq7HTP_6-_0@45(fK0#!0F!LMM!+V(R=_qu
z4q!WA2cQ736Ho{!0_*|o1?&Sb*$+4XC;=P<904#n3MdsHi9{!%ECZYdQ~;^~X8>mb
zOwIw$1FisS0M`IquERkc;4a_+;341<;4$DSfXOo~#6Mra&j$MZ2Fka9_kfRpPk=9g
zZ-5^FCT!~d1Ng^2FoD6Jr6z3vvH&>%leSdKQ`rv6_5fvoDxf2vGoTAV9iRcw0q6qs
z09^FxxEqv4ble?EV?Ymp3BU|s4(JK60Q3g@uk?Y>Hh{jw+d?^jjt5aWgi08yL_+~i
zfMLYBQ#k@kPrw-Z>;40Fs3;>haP|gK}10n#CfCYdkz(N3%
zMNlpVECDP9ECa*2}o{kf!OoTFtj!{b_N`}vC0BZqhfONn*z6tpbpRkaM7k?T`2Vd
z-2g@aV}J>Oi7Aw3bj&{YgyUX-J^&klEnpyEFklG49`L{7_&=YW;Mf%~4B!SB0T>M!
z3m69&5AX)~044%_0sa6cQ>hG~avGG=0l|P7fSG_$0FyaT&ILpQ<^iGr3jvD&O90CN
zOxT1N1Bj*1E1+BrNB|@O)&SN5(gEuM8vsl;Lb(O76|fz!1CS3W0C3p}$GhqCJ}8Un
z_yCoMp*#vW1}G)&1eIk_o(5C`&JuS4%8PV-8Op1G8o)Kcb-)e4O~4%hlY3OMTVCEyj{HGs=oIDYp(pWnmrCqUExa7_0LeEtUb3HS~83y_jRD{Y{Z
z0muU6h-1HzhvRktMSu#R1E3?IGe8}n0pOxV$2w5z0So}$0LFkG08@ZDpeKNd1(dx3
zeE`;gz5p)$;J81)mbigX4h9SX*b(Olr4zsfFq}9KDm|eb4e+AR%DUiSe?TB02rv`CBoxZIfN=WExOsHE2+E~^Wq{>?Xg~}g7O(=qBo4||bi5kMct9e3
zUIXP?Knft0xHKr!0qX!6fDHg9*-&n#<1J8b1LV+W_WN8oE&vn)iU7L-djU-LLAjrf
z4^YYYgK&HlPzpE!I0+~NlmjXORe*DV^MDJ0i-1c2CRd=m3aFva*P*;Y$G4!oO~*|4
zE*#&Z&-bBxK*tZMd<^9iI(`P_3&2ajE5IATJHQ9PM?fQh$!93P0)7B~0)7Mj0R94)
z{9~mwjK=^bl2A$k+R$eiDB1mCTYx;EJ%EWKl*)9>KC9BP8kC&?T>u&YO@KbY0MHF!
z1n2=U0hj`q^n}t9&>LU{um;!wxb%bL{(u1h2f$Fk|BB=Pe0G9kH^2zMNa8)A91R!)
z@B)klcmpN^d;$J|06-96I$#E17GMrwE`UimmFzeIj^_d90~Qj$2+GBPC4i-XWdJ72
zsbt5|aJ&Mr8W0ai1grt91*8C&q(hkj$Odd8j`3UQI0wq@fLuTxARkZwCR>;~)w
z>;vovFe!$zgpLnFc^GgMa13x9a1u}kr~ojjhVl&H9N+@rDxd~%4R8Z+6Ho`Z1-Jva
z3wQu{1mN-*j-S%!=TN?&DHHN*O>~
z`m6wDdw?Q98K44Sq6(!Npd)?m45d0i6QDz!K9mM@%>Je;92)|<5!ancxZ(T1(i4vR
z&}VBX`vUsW=l)RI((xcDhtRPdln#KQ04IPmU>JbOa4OxQ903>w@B)klj0boFm`s3j
z5@0gGkGQE&1^@y9GXNognSfb<*?=&>TtGM=5)cJovXIKfP%Z<+0Ac|v0r3DP2~Z}}
z@fs-C0#fKR`+X`Mr&E~$WhP()APbNU*aX-N_+QxypSJ;a0P+C&fC9iyz%IaUz#hO}
zzJfG+?hKcH*|{097GoD7Vm02x4AfC8XBKoOt>
zPzH1Wr~#OCrcxbBO@J1CW=oK|bj45o4jl=gJYcn3Ik0(5hol#cfv%-5&uPh`vI+CJ2}W7$JF#Xss>Zy%E)!;Gk$kR3-R2Vcqh^|wRc
zUW;yjH5_>U++`alNx8&Z}9&6KazOWsyK(@O3>De~J<&u-_cZVyZXbR%4&
zev{(Oy5GJL=E^A+A%jClxMep>YIq%7I&JWy;0|eN=~;U9um34_)z5n6V|lPF?^)^O
zV8si%n=Pt#Cdf8?a_Db*C@Adoh|)1(Cpt(=lqB3U8}Is0UOs8h-{GabisZh=7zPA7
z8lOIY)GN2c*1?&Rk2?Q&F!+~+Ow111`-4jc&JgRLz8o%27?W=5>!)j|2mF==}yUk^Q(S+J>B`x#$C
z-~X20qVLl=K+j?A$b(VN4i64j{gaKe+3TvGq|j%s*-ph*G2@(L+MeuC{r=r=&sPP@
zbcRpR{WNgg=%fnyIX#RAn!j(doZ&Ed?WI$x8opOw#XdZ`LNRsyHd(7tfqAF;Z2utH
zE&a={hw>NhH8|cKF?pH7yfMk|i{>6J%PXo=c(8xZ={uL}*Ds4Ww=-dRRMn1UChuNY
zJlK4vY`jX!N`nsHzYWvTc_-;!nlN&o-^vwz2YD@AUoq_0mbzQhj87jvJN9Fo+9sv5
zr5*(fUSICJcf0YQ-1`;2uVn7d&nz*{%^Y@neXduo=I*_-PIhrP^8Hbusr&33`%RZ^
zP`+Yz3s*sPvSN0s!GxgyxNpb9&p)aq5mtrFCia#kFH6(ey{pNQeAzM&%5WE
z+8?fO*3GD`vbDeLe?T$t^;w5=4(;j|`=2#=rglTe-Q}R2$>iW0W%-=~JX87)X}d+=
zakRC@`nhiud%e1H;h@D%#Yv0WCf({jE7D=z?0JJ`875|Fi#AxL4~lCTeQ)2d3zqvv
zP7Ii;9$cIENn5-BTAO+K@zDu;miJxWFD?GJ#{H_73(R*^9XY+`V#Sam8^iaPtyWD7
zS--2+QR7JOCz6A9_^7*Yj#Zc!aVF$_(8P>0T7NBec$7W;qdxG;&n;P@^%YC1b`0A2
zFe%&lRdvLRa0zXLdW+px{v{SosMtI8pMPTawBd!_y&Gno>9R>_Rr`C(+stuUu%qsF
z*6;w!8D_gaJ{)`gi}oAWaXR1gKA5P@-F`zS_FPH&4b{G-
zIsKn~$=L3(_ve{51*Io6qjggUHhQZhdhJrr|8nzYm96$@|DNTa#?G2__06k#hw
zMrC=PGb4MtEmPaOqUYq`A0f?4<
z{MIyC?Nr>ltZkChEn}qtS1tGTmKbNfY|o=jy%be7ui4JakDBlySM&VK1;YMp^
z>n+-BZZffasr$dQixq3`AM;sowESS-+|!eOq@2~vZs@VTeAw7u7lS-rPm;9UVXfGA
z#pK&zrR8bUbsQJ}c|3W{=4kVx`iiXs{123M`0jHx-^oUMwzb2-35yf#ww@ob+J0W&
zn`1s7=w34N=a#6=`Xv_sI=ZTf%x8YCn7emX!Hy2Y9QLeR^GH`ldy~@G=<@Fy+(JJ#_sHTWlcoYzQM1`
zKG?(_GwO7=%C`37)zd|HuIz0)>BMp4C&@RQ417veOw00=QZyb8nA5yOX1CVb_j6U3
z-F<6P7t?1>C$p92i#F8i9r-+7rFiShf%;3YTkgwh?pky=z2bU7hTHuOzvJefDi120
zBGv!>gbLll<*#-hRCasXyx?EAH&Ls*ZYq8-r_-v(-&ET^4JmkCnQ`;WvxP+-uFs7f
zG)uh3AE}vVIz@f4#E7xKp4gP6pBO#h$RGRV8y&7Behrh`GxX6A{{tyAMlH!bR#Q_r
zrN69Y$<@aj468K*sCZqUsO}H=l7uEnyq6d
z&$HfPlP1~RM=7fB%LOu3v(vV;Q7!D`w{K*#i=4`d6E&}1Ot-%`L*sqn&p8!;zPqFj
zH>zJ){@v(WzV{`=Q=7eexxSuuz@*$tJw{c;Iper<-Dzcp`;IP-VM?ZF>c
znVPN6+NG~MO?gd5LRag(pQp}W8h^_1N0QNsx6_h0Dp|YVoou_b>4Ns=N7^!X<}TYS
zy-g~tOtxg(JB?K<76g?a_RMNGTlV3X)UOZLs%9;3dRgBqTz^1G`t=?~ZKX!9?tX9c
zfpb+wUdaQUmv7wuGPd7-vzh*er_Y)gE6ME-ihQ`>#mSl)`RyBAr1hsQRq7S?)5>%I
z?KbiuCMS2~&uP>sYm@!x=MvvvO;%dTr*&(5F4VkF+MYG;pv~7*OV95yuEjHAbI1LW
zbx1ef^ZeIp{|-G0-4?@5niI?5kP9GkxHjpMq&9_HVs?c99T?2p5oeUbU4
z170qWE$!K3+dfgc@%My`BAxezzMFG*bS*gab98-4pT6#?!_WM)9#T9m@%!X+hwm@G
z9PuOQ%kT#^Z@Lc`4U;b4<|X&ktnF0O!n8rRq*Csr)E-~a!@K`(vk%vN-t5yVV#${QK_kZ&V3Cx{p@L~@3xpP`mGzdr{nxjTFN~}m>%*Py?J@l
z&UNy%;b%Q7XP#HTjLf`@&NnHtxTr{r>L4=I}m~tS()(zO-$m
z)cDd@(^C9AlCC^SS^Ma856$q$ceh>qtmUxoPD+>2LniG1^((z0idnD~%A}m8gxZ+v`HwX`tr9ox3_Y$oyLQl=t3M5#;zAeyI;ERx8mRy4g;e*O
zBM&xwH>>}qrJZ4Qp#0#t=1I=(o9pKVEU>&S?>F-Ns}IMfY&f0nV>-&f^!L-l({clj
zKh{%x{#5$(XH&0sCls5X98h!Vo>Ug-+39Vy>|9;1$Iou>^9#6Ky8cAUaId2c6`!iI
z*H>)$TG4sx=57B1X5Y+3qvx^G&atv>yNYQwY+?`yYv
z_VnNg%?rnuZLIAbwXjdO4|W&f`0~k4Ve`#Zvc@`OTO>>LEsqH|e4FbwM6codKC9W1
zTffX2_U~H_`y0UIi|?Hm%}tbQ?{f0XuXe?vL#kZ@-1GJK4BqPGpj}iFGN$6nP?eB12OWPYIC@}>YCuVm-y?5Ma6cT%R9e({h0nC^79tf7ak$0zMaVDo&e?0&-n
z@7pUZYHHZ$M|meLcdKo1v0V~=!u8K^wM$!fhOXZn7+m`Alx}?CuUi23Tyt
z_eNd(vOmKIzLDxa
zTNkSL7B{La9kh3!!lhy9?+S09P8n`-K70N9vEAGxbH7%Y{2FW<@ye-sh-2!}nw2xB
zT^s!1{-x;weViid^3T-j$$uK;eWYMkgyyPtRz=erbiY>nI)vYE?6WHR(27vIWhZW=
zL`Autj`}H4{UZ0ui3IN-yG|gP33vRlD4a5_rK|~!9~Y%N@(A{c?VZdOP!njS0O0v_JqH2e$zS|#U$%hw9Ee)
zSZMEe#rXNK3$u<5Tk=7wyJNwPx_)n6Z~QUy8Ch|z_(t0_|GbHB2k-Crb*N|0_Lqju
z*}tRh!#$2P2A-}69Pr10$CPMw=%pbaD84Hh$n?C8yK2-)XYT&;P%caOdiV~6f|dNV)$`;MM(E#jB2
zJ}S|9{$b^*!CfP#w0RJ&Il0FqJ>N_2<9%K^)%Kejbhb?6;pg-oRzq~(4!sm^WV2U$
z=#;3&ui+bin#+EwKIJ)Fw!4Q?!XBUeQ0)O7eGfZSO_(k@qw&H&>w!bt#=iAQxnW;-
z>-fbe^=#AasGypp96D`2RyE7l&~H;BAt?w0YDU%l=*Y5f`)
zH`L?ys(X{Ay31E;s%1`ay^-7TMqR=4X&U=7E3J-RwQvZSv0>xbcRRmyb$LEAQ^uq7
z=-c)4th#*Gsa}{iVbnQ?*o;z}Y0DzDw!KU^w`$OL<$~E)6uiuTZ?H>L{X1d*5F6QR
z1G3jI%$OJYZ=A|IHTf6Ei_1nW^03-tU#L-}(mX=(?||QxKdYbX_Rn(vGpa7Z?o-r)
zu|q?;?#_L`=hea3HtB``LL07yXJ1+UeE9>(XD@H&CoElHURk>*%YLNZw&&|o?>j#U
z*F1V$d8)#|Nv@t9&hP1QK;k*6b;_vl!P9DFq
zdLMOdyffx=;FC)cOEtT#@mGn@C{W$r|J1KLw!8Oz^?4qCL`!!_L1gjV2}3WvyJA&0UTdmU_hS;x$DXU-sJr9qdgJ59N-N39p$*dm>-V}&
zt}e@-q>&!yzQ01DVaHr^=jWG}g01g~RXb8IImEVqGp|EMl-9OE*_t)yuU)^gID60N
zioc3`iyCDYW|una7(7t!eRQYwn8j~0RsXy_Ub$i4mEn`B*9=dLQVsoCr2
zq@t;j2eQY1Qu-~W?p~7HxAWPBPe-1M)A}<(v}W=_t>r`aluaFE>Hc!OdH#`){q`=8
z`z$hfZGA|3V_wC&)YN#1p{H`>*DciXc^5G}DB3xou9L*BlY@eKvEwD`M@=+l4;g+z
z`sAIyPO054d#otgTiIyp<-4t+DP4WmS7%-MowJ&iQXYTTEzqsDxe*@l>EoP1PDY-e
z7uF73r#a-piRvR`ZGB=stIkYnIyOb_)X#giciy;eT6RNybaF;PXN$XI4wh=^o~)>q
zF7_RINvB(9D`%a5OK-jO8v5zC*5&juMeQ9wt69Gvtdo$bzw-U6b^|hccy!p*`EiY`
zS`X!^9pabQes*=zemDB>nVTkx~n>GYxe3}^(pX^rP(gu#FD0oo+Y_g{SRtw
z-&{S?cZu$x2+xhZinsObb}D0K_vK(Ka+LEYIjQrj;aTcOf;eWk&r&TqYjR`1%B
zzO$o=>1vbv_AgI6JRNVYJk{F6dH=Ev@BFK_eS7FKO}pyB%+Au`&r)tb?)ph_mQq-b
z?DgSpH5NOiMsKy=``BY@@GP~alF%z_>R)Wj8#n7gm-|aD>KsV;Q&&1HO(|ejN^rdY
z(hsxls%-K%o1O6K-!f%O--Hu8YbG0Y{&Cii5*bRDbtJ=Twn^h-@xR+_Z#j83nc
zhjkX5`xNM|bM(TYqJjg(zt$BrTTc9NMW?Z|l+Gqs6%#Gp`kd;K+oN>{iLzIA&-GWc
z9+axNsI$Aib&TJZgKHHltsdJyUmoX~FLUf!?6h*53-UegCTrxE&3b!GGwJzZ(Y^;!
z{XMh|W?DVXt~sIGZ=m)r+hI}PH5c`~pB;Gpg=E{yMN0;!yN^{FB_a9cN1*RJ&28GL
z`)9pssthrDI9rT)Xez8JM)*RxeGOg`6*`IS}B
zIHOW6qSx%A8%wH}{8~6aRrOH!oDtezUWYa2%vap2p_=h=?z_BGekE7`+IQTR5>{Q5
z-s6=~;PvCmDY{|ThWx#3-mm|RTkfl8kIWp|H|&?%wX2$2Jls_$MtvQ2Z^FvjSE?|k
zRUOEE_w-fA>O+@J8)H^K=@g`JMrK*ZMKcQ4$~r9GALm%L`Sk3%60I9&9qvSj+U@g|
zTiIP9$-VSId{~a^yf=FXglYRUPVZ!2f7few$)4Ad
z@3%dSj$i5@@FVc%L9P6Y!9PrsWa?(WI&HWk^Gbgo*NU6LJ3rT1ZmqtzNk8S@UoB-9
zofpTfuC9-bGa4Xec;-=Ex^;lAy|I7$SG^;3L(J7oo*nHGF>8I7L7yZOsxI67I-ard
z4wWDs)67-Qht*Y{P&(AdZ;xkjW8SGv*Itci_wVb$EuWPv
zzdD>fa&KSYXGizE5oPl2=bhR)uZLIUE8qA{FAk;soG5cn)-}7QP1=_gVUcEEAAVOe
z@adC2w)2hIF0maKZBlL8wQTjH}|-%Lw<-}Wu@b6es4qFb)F$Lf~tT!c-OE!BIhm40~c
zI6OCQp&i3kwrr=Qm3SWO+p@l1EA6!#HlDWRr`oEP`33V^j>C_YE%Se}TDFtZN<1rC
zxsFO&@pFt}%l0S0{=SyZ%chn1$FFZ$|6eQdY$xBc{>E0~cE1&#?GtBhqVO+&kXNIKcL1wp6cgEA1%zs%8D!
zR>oD6vn}fvx6)ogFdnvay*zGZe1q=O;`v%a|8MEM%v#ak(ywLxhHEYJm96AgV_O-Q
z*k0k5{JEgPctz2JdfdF1Ol|k20r|~;*=8wxhk}*b3t4`mD7rTec|S&iyodAEhd0L>
zQd$W+K|j
zW}B}-W{7{nemQkKuW(7!_aJ^Rykx-q*I}E9K!S;HqV{#BO`bhjhXv^kFTXH-!#K2~
zh_omHUeFNpj%de|_?t73_hK8sKum}ay^40^6p`oWb@MOslC<%S+Zm_C#&cy+YCG&F
zFdT_xxgOeoV2^fqUk&bnb{cii&#t5&120mreyc^Bv)FqEOxm7C{c2^j!{g~R9C;&W
zw8PtX=0%L>zMaSqLNlV5@In!bLk8P`3BvoW1B}CrugpZg3+XR|>y+`X6bBxkjZhKe
z*Rl<&Akb~Z@^(D(gKd%Lachpn^D<@|)C7C%Ph{L7u(y!9+MAX
z8tMm<{swAyy*>Y(FAkr^dNnqqolMe?g+Q_M&5}YM(qOR!=wZDBsDJY7^as4u#MiOa~JXpj2bPGJ-BBlM6rB>k^?$OlusLByNEh0p5M8-RZD
z>t(hb`V%(^?KqSE)jp^n$TpdSI1t|?&Wm7tNJD+-eqvFD7siuSet$@Bb&^r9S58prxp9P5Ni2V!eAPZ{cxRVUPNjY%?_o*Z;B}
z^
zCF=jcv=26;qo0pTQGYs4C!&H@@}D?GthbiVm(Od@w&6J0$QA@Zl&RjN&*+b@F4oKE
z-#5#VUrX07kAofL`7AH>qr4Qof_JGXZyZPY1|QFdzC!=^u@_4~c)sED82RMa$orE&
zBOwuDaflNk&-;I568a;|D=a7D`8v)<|9SsE`x@=s5g~t&>^pQr{S5X(2nau~p%Tbn
zrWa3)NZ&t`;z{%DJmL?~^(D*)7Sefrp!4E+tco~pokTg*Z+SjnYKrzX={|^GcNLVM
z_!eLs_<1RhL;X`UK6Cw55y;0b!SmvN1|7k;Sx_F%^%d#5$TCNLK7MLZ{PSpD@S*d)
zt%mVzpqK0Teaf9Mtk+a9UmLYSUdIIO&mue7e&|n68qYh^^`5yO`6ilAdHf$!o{&R%
zf~AA>!pe?JBFdAnSLKV;|o|6IQ`kN=~2oZE5Qg!YB`hPDgZ
z5#}4aO_5Kh`vq?2StFkBbs3CXC-UEx@)=?Na848TGw7ws5}HRGve2J6TCd>t<5iIt
z&ik1(KN`{eXh8M0>xlOIUB>u3(D(
zjTE#qpY9W9kpAq$sK0eRo)_=`@0TKPOXthS=PVjmXVJLIdG$GH-);VXjqyHMW3uZu)iwDZ6p?eqDx0tQlcecftC
zJEO5$(M5{GUy1{t*Qy_){f16xhhOhnl+V1YL!Mv1Z^}_WSOs}~vhTM5`6qNgm`wb>
zRODaMeP~zW9*TbQcCnp`{0E2s`ah>H@?nO^N0XgB;TVTIG~OB!KcDgqCCWGW
zxSbk+`j^Aef8Or0f6>0QA@cTQr;74ww=u{MC4L=r0M?Gey!Y{DwO>w0}z#{m~_U7mPE^pJr|3t%=XSfcAy+
z=Cc^o??nA=AnAXQ!uXu(f_9+$iRE`Yv{TGpOb6lq7s4O1dgJJNC=8<6MyaD_bD5zg21lrSI5608$8^g#WNuILY>
zyJC5L0PPp0|F__k3g!+6QS$Tr;ZNdGu8Qn)*7OXdx|3UjtyP_RF4(}g^e5@1J
z%k6Ii`{Mo}nBV0)!|*PaRU^>8swLXz_r=@KqMaz3mw7+$
zHI|NQ#8qlM=cN%uz+Nna288#~`z_N5FUI#`G#&9Gi`%41>L5=#K}
z!$`Uxfj<{Z60P&((>TW4(fv8N7^q=?hXGk9
z@#N!=c`n*7r1^r!ClCIR#o2WSo)_0|xQF_BG=K5-DhfwlWd`c=@g$h?Mqxgnv>D?W
zC&&ZK+GD+$r?Fw#_jNE?tc&`3#@H@A&fc_+Wb_>szoNS6LK)gwy9xd2L3}kV(6IA5
zREl;66CY}h`Ua|~4JJHXpq+k0K^{uFX^7t=*j(jBX+|E)MKv@6WvkcFR&%aY>
zogqF5?fa7b<`t-aO^_GmHzV(+hWb1XsTmlDfuE4)<3l$ZPeLk?mzKZ^R$8K+i~8sf
z_rDFTA9~UH;WYB+?q$>$&cE(=u)UNoqaA2gvE*!L>kP^wJNo`kJ`dVfqrN1qgYkO%
z3_$x0w4TPVyI)PHuONs1?x
zmNUmt{}9cy_N0IQ4C>3!d;w;~vT8f(_hnxk0>a}zv@PoUvMrL=aV!K7I#Gd
z^@%S}K|A+CQJ=?QJbYyR#Kz#i{6Ko1ICT!%2_ZX*t<1kZ?XW*Q&_sPmFU8_xi1we;
zdOokW53SebjYNIkKXr;w|JqvghqvP@YF|BSU!Kq0e}r*}dV%`gsor85H%jPvCBH6?
z(Yj>>ty{wBh($FY>wT1rcKE!I*vdREIUn_f^SH|>5&;%8Ujc{T6)ZyY?SA9_+hjUxu#3!D_{4h$8AKJ7s&q~6L1B=f$FSO%Ec4A@u
zkntX0Fh2ZzD`{QvJgqBsA^mF`QQuTBzs!dQWp-{Ep?w~I)hhHqF$a0xKQB{Wkw*QK
z*BeXMk#OGp_!I5RP+r92@TdU!Qi>9@w|FbyZnekUbufF>H_+inTLL!
zBmFh7FwN|wTc91D|IDL(9lR=6xN$fc{`8i`UX6&B6{w5g6y0Up&c(;7lqqiv1l$r
zenbP>*C&1vtz$G;BhSYTV{Npr@C6(I(ZE8ae+qeFp3uz;?SGh#c3jDRfi?Q?*$3ml
zocN*tkRMI^DEN6DqWB2&fp#l#e*a8)$Rx6(9)xxjrl5V^j;cQB&!Q0YhmUVvTFD1u
zYVf?aK0-U({~8*{-q8GFK=sN*qy0vDzQE6G#}D);L?7!7BmFoF}%iW>@5OXq}wLQx-ZB%Zp+)@w{L;LM%PMqCaYsUvd4b
z)6hfvz^OLR6PZ*y|`&D>I?IM
z3OCfhMeEXB|Iabh7v?95^c*>su8W@JXBu3OtX;g)F`h6jiY1HY<-he9A8oqs!WHnm
zjT<{|J6$l`Vkr@WW<
zH}z|1$EpMRpG5U~z=g@$J=h!l=k4_x1}GKCwrZVZ#hQFPj5v+@jnq%f$j&7gc-eES
zc)>haJr4bGp7G!QIbayt@uT$$-ruBXTovXIi~6AcRl1LcZY-8$6|}$B3hi?{ZR}A0
zx*eX^DAJGJiM+8O?`jM|eju$I@NsodFxu};>#;lzBNgd7WnYR2;zIV{%|iV#QRokk
zkJ)Fm|40XUKK@Jxp7pB+8RQKm(2#Fmv~zDP^4y=|`)DU!5qY@W#PZ_^@@wch6b$2H
zv7>cDW%dP&ATUgcA_xrrR+4-SA_F-7BD(QbdhwE46g8cwj
zLs5Sqt#@(#?W2(oqw9-3hKlGosyAuS8*%$63t%mbs`redp@Op>B1J+X2@NvG$3hlh3JfFAMzf`m{`aPa6pT~Q^N9Lz+{aLn^d}bk>
zAoH`IE}k#c}eqoXY9VBp^!i_eYMe8FD&DWB^Q1&K1v(y3?ZJ4uZ-6w9;S7%
zboWI&1r!H0>L)4G|1+rnJCc4FjoZ^+VZHpiu7=+;`yp!dHkmvo`rx5i+Xx#3O=0(dWuZW_&g2%JNJkA6~Ch0P3IeMSWG$Pn5wp
zE7Nm_!^A)FLH$g6?!)KnyK-pX+YIgVJX4nL>%W*I-;?ZkpTs;QSdfPVZbthPXa7rZ}se@FXXbRW@)>~y}2=j&I9^+H-J
zmf8K$j&PrC>JhZ#AehH($0C25#sNMrPfbQUVS@X_(=-n{?8FO^U%zPw(ayVd=npiL
zSiGq}AE&&Sy-DdU-$G_z(F&
zy028H>ux;V7cVoydT)_G6SC31^JnCFK9Jyxc5Ei1eIB3XFd(q@+G>n^2HCmr8~OCE
zXovT!yI+wP<{Q6gKFXo>H#JE#bS44k{h$kIhaNMCEa^T)xDV=?G1`A=hW_w*v-vvq
z6Jg#WGZN4D+ZeRpf&6zaMmuJ-zQOzRFjv%nN9%r#q^~~$^(`oWo<;n^c;r*rmpp?c
z6F-#lnPSRk?1|q2?Ze_}L-_`TS1gU!(EmKzZ^^#no=GYBIf4A-=j*Z`?VJ*fSJDCK
ze`z?LFYiBT&|z4;ednT|{C<3N4)TZMkq;Hu3g7Yj7WoDxw8Q(!@$JYDqjhE&-o@e#
z6A-g6%tLBu{>`E5j^`U|rlI~<8sGT!{_Q66x74s+KCji?#`xU)j(%>UdIJhje=V(>
znG&DX5944=<2+nGVtF@VSaVO82u6EIg_CdrY}$PGQWpT(!43mHyr5t%AxCvUw0O?EXOYnT*G8D_p#TXx(`N;G0Ix-LK>j<99r|&}j
z?UV=ddY8a7$MVKQ?4Kln@ODu@j`ycglz;MmuJ;q|+!M^#Z(OimwPAQ(N@8p9{rdT+
z-;|7g@_O~?c}+2WsWm^}!<45@9glXP8;C{P2JNTPeLdIrmPPwpyQ2L`r0?d4{8^eW
z_&C<-4W6%X|E=N^)bB^@?fib^Q#0}*v~JJqT}gSxI~w0|sa}yf+E;jw@nrwwgvlV7
zKv}!5qW0qFwFw+%{3%*T;^X8Qx{nT`@u4@G5nWx5{rv21jE_I@Lt4pa{?U5rVOr1R
zv!mk`kiVqKH!E}A_t;O-0#mMzr2!hB%(X|&(G3Ht+Y_lIQX9j!Zg
zke%W+6#u2D&*vReE98aqzJ4q7`&5V%i<@wM_cz6O3irL_l%t=Go3UOC^2h!b^0$s5
zZ$`Y*TeL5nm&;|)ez6J0xjX5P9*(@9C-VBlC!fdb+L-oDbs_%tbF{ye=6$}7kp}ZJ
z8y_s_JvivzVzH!n&Z4}fAMt+o(T-gwte0O$uc2L7e6(o4#Q(i-QbGHlcjNgEAUjv>
z(Ep3{-qv*Dcg{mQ0imeBfOvUG-BQ%IB>hA3=)cAx^q-Hz18*ar`4#*m|tDnZ|QF;@`l;$NZ0_{=?hxY9#7krF9kPu3|BTiIwS>
z3iO+39y#(H{SPGlnq6q;AkE`^y!sr5{DbLuUcBB*5O5ZskS6qBgX~PD`>(tjzuVIM&fEP@BF5no#fS6k9}Tkp@T36a
z&+lKXD6fmBejY&eo~G+vZ5HbDabVspJTDu1KWiuHw{Kc^v+HK;Dp^Q*eK}(l~RG*5!C!I%yT!?{^yG=1=wqJ;pe=zDE0w#Cwzf
z*5p4wuc)PHXGsp)q4YvD1|~ihheZAV#-SfQ7kf7k^_|K7Kj?={Ke8k8ydSo|f&RRq
z{NIW6@Abm?4UfL(2j6^_ozVrGVNdLNcy()+^Ul11s(_W=jf+!KfL8O
zjDaIp|3Ke}INy=j-8)=f&Io*(LP9
zcOmlpI;zM(eP6*kWbhf(Pv4IEynlwrVLzW*itP^FNi1g+QU6#2>Q5woEj`E7p}dH<
z;|~e+-_029@cRx=T0a>@;|Xuafsg>O^IB$%_W5-e3JDwI-2~THemwg5m*%yxENn2q|)
z^j<3WGesNgt^9@a{(QQh`Um%SY+lg1g>i%C6U#HQFU%hv!9>jTkH}%%-bkSS1p};C
zj^YO0SS%N*KMTKyM0o(lr-<&y*?JI@HI&B+^NP+5SZ~-bthYVY+X*@Vi<>Y{D5ZQX
z`W))trt=*@>r2A@Mfot$F*}EBQJ=5JR?>XBC(*9e1Ul~FEJQDch
zLiuC@#j_W$_XpY$?uYTE{#GoD_45AdLF;nDd0dX(2N%xQ0l(4ye0sj1MfGZaLtZ$K
z&!+n|t!-HEY0}T2aprS(yk7XY*KR-BDWvsto^ND6#&}MBgLcx%P5=ao#k064@_bzV
zWruu@J@UN0l8uoU&ihTYPe6&DFYx=LGc=!eS%7}>aZ&{aURJMgUhdcn%2_tJiKQ+Tr8v8d>CYrW6&Vmx;uhM!H=i56W
z|AzeM=k+2G_S)lv
z_44aIGZ6VOiUYSZg!;)uK|fgmH->Dy3Vb9b_5{*+vE30L*{+_84bAzCEM;ki~T0p-T3{N2C5$%By3E
zkMEECO&j!ww>!(@nEfwW$n)z|4NjcJKTEKmCju@6rZ3!=J}njP99@of__*-~`m;E%
z5X`f~A@N{#dWE1q&!6X7BOl)zdA>e&c`nu~T(?Z}LB59Wb8YB+Cx66xh0hC)!MMcg
zHGPTkNueF#Jb0it`YC+xEQOv^@1p&9{Jbt*!}AsHqfnsd2to85fyeU+
zwYzYB+**fr6pvthcpmbi3i+F~uaEa<8)#@2hgnlGK7A>kTj{#!NY@1)2M!&@^SYOb
z_5(=2mh=aaKEF;6zDNCFWwg)xPa&<#8PK|@5!q4IMSt?_QD2dGr3mEzE=Hb@t7Xw>
zKWhQ{17Q)%-Mz@0P@c^D`G;=A)BPj&$C~oq5CK1Z8|wF4h4%UPtgeB9f?baTtE9yB
z@%!8t`%zy*@SL$0ZX{WpuWO7=4mg~-%9*Fny(l6p?%)}k1R*~t0-=K+*5^$n4cCVs9#8SZbAUr`7WdHomdO`
zG!v^<=A#qxc)lm;evSJ-GZ*b2N<{m7d^_!m`o`1`9nrifiPkaH_G6se;OU9pPC`3h
zX&(-MFILC%`tlI%&mn&5BD60ZiGIT6ES7e(
zkGG%^9pQ27@Cfx)==nSE&khHW&l2>9DjJtcL(z^m*`Kx@^JEdd2MXzjSRPXTaFW(P
z{fN&CL;If7(a&V!}?R*@9@c}ilI8i%Z
zrgr4#)i@XJEDT0FeEw}*f$L7id(lp3>bKgokA2@e&+G`_pY?>Ww3H9{ZAASBnt%EE&UQmyxIZ}$
zCRS#@h`#5FkMqB2{QOSeW5(@_)JOeEy68WA6iZPx`Xiiw&p}6J_I+vnisg$;LMU%J
zNza3LKZ&Dt{ybXe=hw@(Ahcsg`=hx2sS2$3DXpvXILA}mY=@(t@K{7FkNTmV7;EHt
zo?PD<`_DcbY+v3keK#O~jILjvhbXK^K9TY|9*1*@*neJLK|5ts@AFsar!lP)x}ZBE
z-(BcWF}0Tl@mm+*{e_<3{^HUb)ITp6=i5O3$;L5dT4&HAJEz*ApHI!vA0E&CebA1`
z663)6l`wI$_OhaN2?)Db7C%A%4d0=@EAd~~p#FoU$oC>Xwv~B&9PQ_ED?oqNlfD!6
z!`eP*=N|Eew4Sz+o?F#WJU>!CRz&xYJTK}53j)l4*Ewh>i|q8F>rVI{V(khi=H52=WI#
zdcO88ALGNvv8#0dcxn{#{5q0>e!|W-hw><%kByT<{*Wo^?;wB9r(wM_DG%q@^)<@t
zcF=t4L;8ha{cvMy$8JVEt_-&C3_*fg!(M-kPAkA?>64
zPIkII!+M4J%*a;qqV(aY?@03(@6T-@p=JJ?(0b-{Ih)sgJ0TOcNzc5dzq5gc6-k;**$#&{*k@SBb
zg2~S{E76WUJx}*0z8j6VVL#BH!Ni~bjQU4((SNQlITCr{JU(F{p6?^N9|twD9O;65
zbzii@ulEDj(N4G`@;o0*aacT)MAsru%w6KJ=t@7~%IEYAizgw<0iZJTF>J*IisswBMiN&;XY|^Jkm^
z>Squ?ItKX%biZIr{3Js>UkiFKhTFG+0fE^O<`ol~kw4u5>*d#}Q6lof{GtCqMi0RAvLye9-a|WoJEA{)96Lhm
z!S}ZP&Otk=31}aNDX|=1gZYE#G1~7&v1q$k1!pG<@FehoACcTY#xF9*=gucZ_>X&@t;NeF8Fof
zR*HUl(sjY(`EV54c^QOupt;3Ty8-!WpONS7)tlqcWc^7&%bJLHW8>lm6>kZ%yI$9{)_m(8c;
zH8`J+CI5H(;rT8LLq9JOf8hw)SwQP5eB7=CH&{QH?~4BL>v7Ivv?KQ#?eOvEZ8++8
zrFCXL{ut|_{s&rD;r*oh4zf@A10Uz@EsziCh4u1wNq#_lC#;uW7Y39EI_Dw3pZe_w
z+HdJb`z^Wsn{jBTJ&p6+e#TbhJJUP`m#tV9p2Bz@+l2lY5br|c_6Qoc=M(<{_QSBa
z<)rDZ`On0U4@LWX=si#fyI5j3p`G4z
zAFV-r@k6vzd>`%nrubayjdsqD!MO4JwXf7JzVzIXw^uCPr|hBo6wcSK!u~JJtN+mc
zfpFSC!28v|2=p_H*4w$Au$5?M#0m6=kLNu`yuxxR>I?UmE($YvW&=dzpVr;!Z)!Jc(k
z?+3aM<$fA_Bj1&tBk*>Sy^i*Uc}OzMUo1YkH_)FD@}~$cOxFK}d4;Yc+V`4*=gaMn
zqxndfSDaEn`-w&9Kisy6rSUfM-WRc6?*B_8tT)l@|FHKa@R1eO{&>qG0YxJZAp&Yx
z4T#vCZ4yw(EIlN{EFlRPap`oDo=HO|-E=xL8AOeHeQ)oPn|mFR9(g|QT$}p
zzH&+NdAItv;UG^2m!z%9aO2y}vLGHJ2J2%w!^NA!tG4F4C0^>hd^O9EU;Ek`~`F)?F
zQ>*6J?{7TtL#Fe;YfMM47oYws_xqc(n9ii4bGn-MCoB5TQ~0eCdbBoM}bpvBZX$-w!{D`O$QKsMfomD0_a6YJVa*2BN*+54rpEJg)D(
zi|Jgd+D|`<@iX41-bdw+oon%1{;KTB*Ofide%(<@&aZwc%jZf(|D!iBKg}v`tm6Y`
ztM>P+_Ip+PRb^+6R^zHxc=k4?vsmC6wgbO;^*^?jQjnZ6W*Y3pMP@YIODgfeZB7Ycv4is=cklkq38WWZH(_y_Tehk
z?}LpjhZB03PrW{VjW+m#&KdR0XG*pI?zdU~y%XG?(w*{8M76(h7q{P~+8^A-^!KYe
z98y>L=YJKQ55I)zd|%<$T*mEh-p06|_gDRf`~CV+jCZm6hO)|D`R@sjD*v`ity9|m
zyk5l*{ph~5E=ked$AEOsj@Doz;Z7sLYDEg09^!2*=Rpp1Z@)-zzx9fKtJ3p3mE0(7BLDpGPUio9
zwO(ueY)SEWzohJ>)~jEw7$^7>#`nSJ_`SE|J;3eA`_pjrbQ@LONdD17G!1Vp=
z>04F%WA0-CA69a{mi!r^Cx7|_^P}y2%?G*PDV2}V<2r92GM!Jofaz%c
zd`P`V|Dx8Zi}iS^f6=dhy?)>|j4!J?K)tV-S>f@fRNi4g(FrBE{SThc^QGMRu_ym@RdM^z-^vsFY=wXL
zc*g(nCC0y_@K>doj(`2VPQ`Wo=V!ls2J^r38O;9&nOvymUZzv$i*p|SDdX3u{X3;i
z<)3pCOy`)KR}QBQGVcGr&+w0!&doL4Ufc5@O)>6Y$0KiN+`o>W*vzWaG@t_
zDqf-W`Sb|$)1vm*dcLmz9k-uU@&7g@&x3oo{eBg9I$PndJ(F?&y1Y}>^Bhw3Jj90l
z^Epy5p+B7`@w`WsoV(u5`TbROZ-Ca%`R6b{-&Xse0Y&Gpa-UKino#Y}RQUNyAGZC4
z>7TCf&pd|t{D+F`>hTW$koo!BZ@B$G)I2tPf$`gB7}x&Ex_V#!N4+nzivC?;rtiOZ
zv0KF%PEm0N?dP9;DYy66gZ<*kjEB^Er}_LM**7td_2)A`&sF`-?PL5_m6u;u{Qv7b
z*K76p>e&weoX2&8k`JXt_(`fKMf|5q>^`iat?sq?wL*3Tb)fZOj>>+jjB{R@?U-lx``0}Ai_I=BDRNlfRN
z3LhqeAoT6pKXJcbRd`yBYxY8J|4xM;^J}K_N)^x1@8f+m(L(-yf8dWqP~f+yelJmU
z?xzJp;72LH>uCxXWmf|KrOG4d@!oz8vEr3m*1@Lj<+%$|GK=77C0fdTUFju?^8armvR4kJx4FBnD@Vl
zjWhkx`Gwy+$nC3q@rqwP!1xg?~N0dzJfb{5$u1
zyK28X$@K5(V_dJxe^&nUx0U~_{fe{xz;tdup8KV8O8Mu;YnhJ!p4fJZ>x%LI{teu|
zL-l*@r@6g<{XPCkJgy5>+*|j1^!vGe=C#bH#=Fzp-hV#y|31#`_q~bRYyG+RYmEEX
z%`fd_{3N9(7b!kJcs1iMQuzgKCx3ht_v>FD-=_4|U+?sBr6>ON?t&hsf5txMQ}_Fm
zX*DhtH$GGGbG&+A{PjzBe2eGh;yakmg{u9(R*yzqEzvpK>+Ni`J{{XE8rL
zwM>V^DF3`m)nEPQSKNM3;pbe#?fv%wzQ(dnZ6`j(`|^jAna=r&&i{Oq`QNYj*Z8?A
zKYrT9-2Tx@-xg?qLa(Y;nNKnc^3TtH!1y12$@tS%`z_Dm@g9}(j(4}Ej^&ON^La;{
z>1g?%T+Q_c&-K+COn#C3^`B$?;4c{We}AWm-fO{s=eL;t4M#EmC#t%Lel;&mYFw?#
zPq@?PCw%5Z%;)gynT~!h_9^@0{|?msD$aB1Z7hdLC7&dXOU#S^J8LKQv)ul0J-65T
zKd0=&tg;V!9oebstNrWd$7`AX*PhCJYC3~d@FV)YU&Zu-*G-v!2Rp~jPf5^{>=Tp
zO|>6Z^E)!j^R=Yrx9^Wio<4uz*^P|**ZrGMXL&yN5lo-dO#b=)ml=QM`x%cZ{0`~&
zo)Vh$op0Kw_7~Hm%ukbQe}LixVqBAIy*o|eZ+It<_lau#)%twmE!_SdwJ+BA#1zTWSLT&dQ<7yXU-|AgxIOywuv(ZziBD*P|XkG)&%yRTCCg(q^qA5;FA
z_LrXaIhK$AyI1d3a`>u}gXaGQs^7<`{f_4Ufp745pR4So_Ge;ObH7VN%;!PH&)v#?
zzUSjSuIrRNdA!;mh1LE@%m2ZDWBL~=dDbgB?^E%Ub>$a5N8!(UG>_|J>Yh@q4?|QR
zD8DD}tFJiaam?rb2=nR@=P~`CtHK1`?@7BEpHTJKdcEGO>XyIqVdm#2
zil6s3Fh6e(Ge6q?Y*qH*US%Kjyqv1`(YL60xYnz?k7GJDYM-L<*6qyCUC-x!cdLG9
z-o@>oJIVcOK0}m`6Lxa-1Kj=U93Dcq1S^k;c
z!|gL_zqU)^ryR%amoMPVXrO
z{`c-+#_v}2A9}XpN1gl7^YRw854!QwOn*kTzwq-+=RZEc{AhhUkrqV3&z<)({(IGa
zkMbYx`3~a`srP+n7x(MG&+yaZJl^Bgc(p!Ur|jEBYM*|!qW^Sd|Ib+Gap~{hJ@^);
z^R<_9zuIqnv*PoWpXT=ZyEaQVD}8tgw||PFpWe#&kG3*SX%6}4xqo8Z?+-ls9G1iF
zKj-#6iq3u4aQiP^&A8_02V@ZB{JxxVVo(10Z)zaq`LQoDpSzXZ63XA3j&pl$pI@o=
zBfHdo@!#|R(`uftr7*YG`?%MBlIzLm
z)VY{b6`eP$eZhNv&+X4t_@!h(#CSiY@?YA{#P8+t`tP4PL)A0*>*`Owhuizt_l|$%
z_i@%|=ePZV`}MEmH#IWuUpHT_+be(XEXDu8ueiN`J-udu@okUe@#^>PD{p7HEj+}y
zp07|Wc3?O?5*y9Mv$S&-PS$B+(P^PbK&_^DnW1@px>1
zawMKg-arkn896lEd651&nCd*(O;oSh+ntL<28QCF`c#}cvrvHh`8
zVsKaxZQM1Q9*Kmv6Hi^Tw;kMD&(--qMa>Uz5Bbe^gk{%a@aC?z?2HfO(%HiWy3|d~
zUF%Yu1RWoM|XXUW|96s8jUI?
zqlr{M`kqnkv?@`v(n;emn)x--11^Wo_DDx}Q|w^W861y-$EN7EMzh&;wqs;}I;w}}
zs;C-Su?O@RQ{NqI?dTq=Df12=KVJ?b3Xsw3SrI=96;zM`>u-)t&UUqOlxEHcAxoLasm=nvdi3T+niYx8RD2*I7-u%2
zqbZYY~R)HODeOAaSC(w$#vBJ~4f*(}M{rZ{1tRZ5h|tDjJ-XvdRLs9B_b
zFfl+2=-#p6{zNuU2hsNErrpv-GB;&?qv?_M8RkC{89fxwbjA;-((%D)7iqe~FhApw
zuS15^u2o8+=Wr&Gx7^4v@(WXNjA8Mzb!SLxNBIT!3@bv0b8liiCwyMR&r;xO%=zze
zM2K0xTKPZAhm~yeer+0#=LV#wpLB$wY)52^q}!c4oJ!cK%kgi|WQsHk(<`Bg@DgKx
zo69%t#OY`vdoZwLo7qiYkBY_OqeLaAoKdm4Dc2?t9cO9x%&*dLgW8hPl-*695=O|e
zA4nfeWOruM!)ywKA#as>X;j;YW23f?40iFu6|h#eUioFB{X;OP%TY~-PQJFo4q1F;K7>(}FS9yNduZZe&M|zC5;U05Tu+!v-y;Cw=<32Xo
zW6U#G&BUFDE5~FVb_f(_R5UGL1!-SEuQBZldScxzF=rJ7LanZsN4r_&>sg&M8nyJ=
z^Y*~BU1|_sAGwXOj`V13UnVg!OpAqNJDDYyWl;PpIV!rtG=(tox6V40`#L9XaN8g)ge2||*h7zOAa2}BMoutd#^*#_S~rB3xq@2?t3iiLYS
z{jW2fBnjgZ*d^?IW3201XJq>6Exg{Vr=z0-@l2vy#DPWzd@qrWguCU`n_4ut@T*}9
z>Hezs-{xnv0G-`=u{~_7aKmH$6w?r^06XKPmnH5s8f9cgF3=@EL=tzcwTDko~7xEw9
zna+|Ql3=HKPhxa5P8L}|E=A&fris|(X9_=5vLKuKDXcoeo>%Ep){qz(R7QpNyf*ca
zy3i@CSU>%%2$=4WG0!ALapM$g&Z?#RvwtLZ6u*d(Y>VGw%B&k
zZK=13g?5zrtqtC}VNk_3d_dQ{=Ys~8Z6CBS@BG{b^>XvaoOhF-l}cPWmd>eIv~R*A
zmW`rIErNSRcl+!%Fl`szUkmRTpFiW^KBFz0&tx@KDJ+6<+k%t8a;q
z@+^CnMeq(wOdio*VxJ13`sL*qgw5U(dd8I;-IL(BPoQ|b;SJSqe~G)Y{FyO4Xy_)O
z6YO?ZzX3nkrQ)t<9#`1d02f$O1CK*&Y@jHVv#6Eg7MuEVmS?+XT<|fEbIdB|wy!V8
z(=FvO{aUJ(Ft5LWF00$MJI{__3VE#sA2d0x#s@0tyB6udO`zKR%_0Q6E+>=^c-{-F
zDPU2KD=wPN9SM0XOXDr$n)CGbMJ^
zea$`YYNs0Ang$SBZ}LW3X^V5j)<5%
z`7BLxZ`_@uXd{;*1!KP{Mv=l;#~`J*sCa~jVHgrc8+FA~a+o59-L0|R{SheHpxO)(
zlGKexCNFW?!7=b1vOVv#4~07ahZj)^d>Q
z`35P%>tBO$nTiOPocDrz=Z+EWwpp5>w3{v)|jDPLby>k`SCv=3eM$Q%7<$K=hrujq*5b
zAmYl~1{x&>)*8va#e+YM*}q75Y$Pel;xoCdN-N>+N+iP@2YFXR_4BDjF455~N+U(F
zZi6V+?WDg7{UcEXrIpcDa)Bx6_XEE?V7QZ>%ggm%wY=;e=$&
z&729OBP}Y+DqS6O>qsjdRUw}v){}`*eZNS1r`7vkq#s!QE7N$=edZ!p{;%8{Fqg
z?8xP;ypBql!(z-DX0zBM#(6FFP-SPhSZ}UGOPm799+f1FCSvhiOq4bhQ$V%E6n+D|
zmGFFg#Qd_fQ1LsL&xlZ!WA40-OE6?QQdE#H$V%wK`SQ&w*)X!rg{t66w9gbt+7lBN
zD8;Y73`>{Kk9XxEquJ>es0X69CnmQ8*|C9~7%3eClJ$OK;>)Mk9M4ek-k^I5Bhu`c
zU48hF42Vs!qtRBE8L~3FWO9OzQ620eBiPv!+mYEvCrOyMQgyzW5H5Th@p1F3a1|v;_$^B~4jmZUxQ
zbcLsv*Sn3H!*eDTrDJzuE(^XZjk2aq>0}w*h$1*y_#_Rs?Txk6UVMJr)GT>+OqDU!*umvMS;3K(Of
zRD#=MBRR*!m1&ZV#2hsmmkNCtZ86C&qcr7zcVd?oS?XCZ5cS#3CJrRrf8pJ3mSd^henvA+6R;D;&A)
z7eOR(NY}(cb1d4`FVmoc57*f`LSl1c)Si^Av*=YWCF_vP)rXy#xGr&+yy0OwJWk;@
zl`^J@C^xD@4yz{LN;e*ijLFL%M9SX{LR3DtTshh3sN50D+&OW$Bco>G{t`G1aHNJQ
zx|OT840gM!E(;4pT96&mO606uucDF}L2EEgNN@+owdhie056Ofz1Vk>NuuReTo%Bx
zs37-RB=$El2;=SrA3<}sPVBgXW0kRn!Gzj+({_jCt2QeY?Bz(C32$DLW~;&rBL!1v
zOJ-gd)!Ruw9~l#cyPlx=9T9%_SJ_TK1C5@5z;CllB7K!dbEUeMR~0qioU8DU;G$!tOORkL|t=S%A-OJ
zb+kY%%+`8FGXAoRrB{SCrhAbvm
zTw<1_@~9gUa&nFHT8x{(43wv$#n@2M=@ON-7_~xbYkRh21ujm&qspG}TY(7`POyIE
zMGjY(%%W*Du9gy|SiVc+oY52w!fewf#Tdl%zU0v;oja0gX3o{>^hpWkn+yS^OH`Il
zj!h*63Z@St^^^k?_ch7nUdJx7fg)?;rdPJ?PiGIsvx6OUh{5v8h=7AAd@z(Si0uK_
zFo+Qp@ZfEvF|E`f(@NsTiReL3N{LqB5|yBZuH}%IS;|$H9MNzrCa-FW@wJ+?&7-dJ?_5=0+F_k)xGqnLq|ZF6_>GDzhHtr*~)`WgP+;JpX_VG+7yPTWLFX*zfQ
z%9tTx&GigXRhGD&Y}7MNqzmj~J0^dS#;1~bBIZ*D&y?{b|2-=HXWSc?K}t;{U0$S;
zf%$xREr?^6hKHSkx00Ws1Y7y4<_5KC+hWTk3iD9I<4$Q(GUpoj+sSXj+m
zIaJMSEBVrJ1e0{B{2Us^#=0B}cx0lk^^N4;iHM*lbxYeJs!VsS@sZ($UcRleZe6(U
zVmauRJ3x}8-bw|MYJp7_<$m2w){zQyN5Uj>C2o-;-%G>v44t-VWQk0F##UcmeE{gB
zrLG{5kPG<;t)Q#ey)2)wMG@!#jjQ1HC<5t}FF6~GeJ8eExy-!lG;dDTg4$wizHD6o
z*m-?}o%$^Cuzw5f`?JXdL%G7Q)RAFk3o(;Q?Eim)7s~HY1SU%XKN%tt2FIuTBKSrI
zXTv#u6~rhK!3*LkxXNUya125;8VS3BDO!D-DH`Ks(T|Lth;6REf09hlk?EBDIdM+m
z5JkxP(_^BR->edrrRj+KNlvC*A9SwR`s>_|d1M6NOjdyk(CF-h*{KmP4*kS;vjkd^
zghwshSZ81r_8e%zBl=cnjlGsi_bI;7U>6wuvZ0cPdQyKrXiH)I+*l@+=-8zqrJl+F
z>c^k&m*;imfn7=nH}c&wDqkQH_8q&2!_o3+Nx!B+auHL}=Z;=F-s!ToBO_|3qRP$b
zqT?ql^bH9?y6AieS)H8}0^f*Og<+!#6dfflcW)@yET?7xPc4a5jM^SK_Z!4=@dHW<
zp4@~t;H_f?PRyfF*4OfAsnJpMmH(uzd0FoCjmN*@Hp=`5C%&ywQ6`xca37lSg8+O>~W)ktC0C6=06;YD8(TAJ7Q)eUNh(_doos^-dLkX676l4bI
zriffZI+fm{m^_6l##JEIvJs`Lcf4+$Psyy$x$0J8HrE&z^E%O%Y&FfE^p)vieVQ3v
z3|q2Ua8v&x$1PIa&Kls;Uhf;_=qxEsUb2_me<$wbeXP(fofvR8-1PpGRJwq%dpZIt
zq(Q^59{}~TB`cj^GiY=0+d2P{DXouC{)F>PE#7@NbN{hUC
zy{1*-n8+*L6B7qCY+3yVSvZ@Y)en}_hrO_WedS>qgYJ%QYn72cihl_+K3c*mW_->u
z3Z*V&Mk@JhnWfnVQrzXNUB=!W=>}Q83R2v_3TC8R+9GCt)Uu8l8#@v)W#9};nVE=j
zHIt^%)E=#`y^%Ds1x=`lwsWg;g^niELRo?#EzC(kTWTa4z?@p>lx$Ir&uhKe45Mo7
z(8;)Z?CL)uY-0|c9BoK(VDRB4{`_TCrf9u0zwuVv7t5
zxgifndvixdCCDy7>Xw3HoVpd!yMF=$19Y`9h45{0TuPME{(u4}tU8nJ$x!0Gg?{>Z#eNLFmpWh&B?W`*4d`A>%Aa3CEnw3TUrtqk;DFyBa_IM4Q{
zQhd@HX_*bN)3a|BNmM=q6--Rp7d&F>EIcw@b6+G)b;N9~+$Cqm^o26{vQ>FAVu<3E
zJJhXj;`*W8{b9OTBc?|b?8Gc>i7C{>@m>3j2by2c;@?S$FA)Xm&ZTmu`#5Q>r#qwM
zw+U=DKF$qE(eAA(7E$RW0KE_*uH;x(w-kh9AHhQRR4?TV-HXYL#Ck*?fR9g>AH=7Z
zR}@D}t&p`wLy1%-k(KEH70U2r7Islfb811p+om@*CoQEiu9H0#LjrIT{-oOQoo6i#|t4k`Y}E=u=yDR3m*L
zIe;fM$eaz*7wg4pCvysdn~#SjAh*r6D#E
z@;=E<`Hi;n)7{dT(KkBd1N6lNj{4I36qpTF{a^0$v^sUu{Tms&go8ekO=05!IzmIs
zKfl8PsBsvR&*bP>cG+Y^W`p#CiU8eX4LSf*=vb$2;|tPw!<7Z>x?np&0q}}j|o24>4KON?3
zp^7^O;LVLenZw0Oius*;0~|^?G(!6WwyCwsq=ZS{lxK|-Z-}uOgd!Y4eUTu&uq7sW
zOffxNNDIHwn53Ztm9+YaBn>UH?hT#vs;c0-_pQ+HDBSX2tf}qrg_&@9=Pk@M3LLR8
zS}?0lL|xu>rbT3HlOz6YEd@5j(&yy4^Cy}nIZ7@c%{G+^sc$<(8svH@j)}_SwK_{)
z%F_jA+d3RKUqe@x%Vj>m`|s0rC+}lFIvL?j6U~aazJ#(c`cP$=>6a#1#3xj>l+BYh
z{_NiG<(OAvT#_Pey2d5{#bg;9pDWwQ8mW}J?3y3;q~`KWt@)Y4*4F$?$p&{*9`~st
zkJDgw&7FHJZvnete%fdnyhgzIU^#Z6L;^)kfsqcVNU7GqOvg71n`97-eTySTqOjLv
z6NHypiAb67LJ!7MPN^Hwt;DG)_b5{F5I-H|*vt?=ghDIUPoXgERtTy3`!+;>3X#I%
z6q;}M>A?i;$Hme90zuYN(h%Yl4J1X5d>TSjazh;!UCSZ$+@KHQ2d6A%la&8RMT_f2
z`I0!qx0epi>2fyrs~_eqM}@|W7q8H9I#IUNBJQo{2*xIN?XjY=V~U+{?3Us?vH0L1
zU0pGn-XG|oO_W9<4nfF(qI=t8pa8R~NgGUcN)M8(V!1(?E$Wt5x7La#&=UvUJxt+F
z0{x*=_PRU~RxgYp=mH6|+~`0$Lc=W^@1!AsmAB@qZ5BK9fes5c07
zf17w2oG5cd9H%TrD!V8kVvjI4dLqo?mN-u@VfqZ9be}zvHcg0(yokb83TBIS*CPQ_
zG+RV)ov19`Jd-$(&eFDtqP*6C?UuauLUCl-8}&$+_iQNcOS#kLEG0|R!?F0l0KH-^
zd#d!@zDM%zK3zR@VjBFJIMUDpI|(n5yv+j*(de7%y`t^{+_^6DF=Z^eWX?UtN8DS(
zq3rx9nmC2-54IKP#XB}fK&3ySgH84)teagebNi!;yZqfY$Wpt;h2vD^NyW}`(WsoA
zWi2VvmtqM^`DzIY(!ICV?
zQ)O3SdFgoLl1lflu&a%A`rKfVn0r-fA({PO5V=p(uoO>%Ul#C!3?%8?iPEJ}Qk
zGdlFF*FUl_#XgX`Y-|_bQI#J~vh_r3s5dAYh|Nrfqe#UR%DBOGRu22qN}0`%=STcp
zLuP)WObgGlvymz`@`AjVYthV1xJGSn(RbQRp~TnP{BVhHw(;Q&yxgVJb6#WPBNcp;
z3)3(7G8-Q)_C6aQD&v(lKJUmwztyNy6yK(MVh@ZY24lmCVetvvKpQOI`AR3W5r`VC
zE1s~Gh!yB#$nxLmdJ7R(AREg2ZdsuvcXmf=%TFr|MLM)KmYHfD>^N8~+5u*9Go%mX
zeHk@c3Mvs}gsWb+h=>F2(|si|o7At*<8M(Ozkdf^@_tiR58F4@Wo_r(%~I*x`2f$r
zc3YpJ^6p>Di$VZ7C!g!t4wqkT=91JwW4l87eA*IrKfWjOU4;Uj`JUCip*8d=u6n}Y
z{Cd~d0?7l32Rs}lTdNXjNm=nEZKT}
zh%y}-n_E#H8Fw8geO1{cFI(n_yUbL$59_nug;rVb>HBL`r@OGHFZmge%vd%NJDAMo#^T~@7N(|KcE$&Clopnp
zU%gkPcn8ME~5}8~wJ)#06Jy#AbY9YJ2C72=xTPe
zr?siASJ^#ecA&1aYt$%Cr@7=?uG>q0?@H`>E1oHDl4tLBi=%f@@r@*^!ywHqxBMp>qAuuIS7?7Wk#H^0maF5bu|x;W
zY@A;HZSm0rgcA*iuXPch`Xm)gy=6O%QD|#aUKgcbB~~9p4<7Y0{9fQrO!b9tl0Yo4
zZ*ica;K<|^D8{qz?yw5bRWDgS!*pgNOS;I;K22&sxndIDY&s&nC(d%hFgbowe
zSD-_iP-U6A)7f4tUk&0$+l}gy%IvY_^}Q+de$p`2RX~zkUxP+@FqT;`{T^vdj^ZN4
z+(Jv)1HGaV&srv5P9CM!Pc|h-1{32Z2Cj8Xfv+>Y@>nMT
zX<8dKj>Lx(+nUHliYRktZ5j!S#AG77m!6={lzLX|d}HEi?FuB)A}zJ7pU~!7n`$XB
zV*`(+HB%_A@dZp`p`JH~aJ-w8SEyFLPSXYKfVB`rs1|6R@=n|FS`H40vOK*xsmGs+!xsmWoZfA4X3
z-FC`S1#qYICeEd0=|bBZIdjljdAV#hT)gqnP~77P)OU@ISS!Wn+|sIBSuBF{&{qluj2N9;#sszWL}6LWS4
z#He*qrkS(rs>~gyu#+@5I5yNCQTfBN2XC2#N~{z
zar6+~041drLi|;i*|#P};{DPVN`S@{&ggsqwkE#E8^)c
z7QU}OmAoz??p6?i^a!D{IMpfHNfNORk>R1ITJ*0JprKMI(U1Ho8f`i#_IJ^P&h_?m
z4*GKB?pkpKU~_n*v)4A>=qCejjj`^iboESfr=>&7Rh|XEmJA`qV4a)0*^c^DE|sHJ
z;xVxqAI@0a$i(%kos0@O;Tjd+^AV*{@gYL-K{p~UMoDoWx(0V37a7gT(k^Nu0!H#%
z(xT8>R(rX%OX7l)4yw?W1w2}#M7z8KC#Nr?j`N1wxirI5JZ2JN#aUOjVbeO+#%w?9&iAHu>~=sG(PwO$Mz#4qP4ej;9>m%xp?pJ6;wKleRr+{66!`ToL==)p
z<|t}Jp($@WdABuaAQ4JBYbn1^hUI{u@%&aIhKAZttp@WUwXecHo$x4vaxqa`N-rMR
zvGOs;Zgu|F*V~)A{d=QxCRZ!{&5}(rT+*#l7jnw)CTvJuFHtY#|VZo6lT+(jo186;TVL7{%o+w=^
zA-pQXxGXq(VY0pWGT8>!#FAMYv9Qt_AKk8U8hMl1O2>B9Zz7tML(}&GAv06U+Z0Y58GGTu`Fa
zSKcEOW4HX$!o8RtqTP&O!1Pn3K0dlTo;^TU!y0*yG&sMT$3WfgNRQF}$iQoSbZ089
zV=pKvy3%r#0eQR=bFXdRXGTTD
zI*JwXW}yv~z0P|%^vefpc+)^C5qBz7H#*Ni4EkuMD=m^YB=X`d$#I4@tP)L>Os0!J
z)zud?X==A@U2&-Pn(lq6cQ3=|J-c{woG&PKnV&9nTMY#n@GkM9Txg%F1coc-+C?Jx
z-B4F#8=U%PzK@=yDm*Tl0)K=jLRv{>km@il$C9WLPDGoOdq(!klwB6|SgHlzA!@cy
z1#|FSsF;p5?x)0`Rx$k<(~a35PrjJ9sKl;+*BTM8PdarlK~*M{^{0!Ebqx-@V&+C_
z(~0sB*FHzDH9AR=`s672>&d|mnc)YIKkRJyoFW>JN>X~><*udI-@(teg*>&5z0kSWcPy-_fc6sJoP
zDa>84j{P(vJPk@8HCr2=0HLjXOOnTlA}`Q0;es2~f6wpYN1D3&*wqw+O{=RP2r0Wt
zO2=v`#-#kC3KDfm$qTNX2&0S3OQ|=+w?nk~pcF;0^UEq??Mk5{)EwR_IpBI)X!L#O
z6{PEuQggLWtq+w|vj}is5gDU6DnhW*9B!fYGm$-*(3i_^(9?nMH+AQ@V5}l;0A=MW
z@B+1F^yf5bo_YUP&}}N>DvR%W$~zE-(}Vl{29Z3vZRxaOpAiYmU3lU^mWti-b|GX(
zZ98K631c9*u=#VoqL8FnC4oCr@d0@mq(58W&lKAqLPH-34^c3N^W9?OZRyAR2>Dg&
z5xugP_+(>_A}^w(*&Bb6Vv_<8HEnLmGi_RJKQ$c^71O$V>5#EkDaC^9f)0C@ICpOi
zqQ}Mn``Si4wcgr}s{vrGw{HNRpD>QXKsm7|IHsN*BEAP`F3pC@0r>g>Ax|8KtAA!s^KyFaFFO
z)$QerO(qYixNRpVQQclljmzv-$LC!&D|HGe0L62_4w{?<0;rq4$vEdZ#(23fjH|SFrA`D7j
zC!mX)_lbBH#iC_VD4jmzShOe?<>>rAdjIH!cb>VngeN$VylEA0)>1p|C6L+%tABK-
zg^ntB_0t(ksl~|sTlC=8(1FhSZt5tXGim?8qb#3-e24YQ
zylKQzW-Z
zomgKXSyZQN`KD=#xD+RwPOF-c|37piu92Ztou|#Qm1re=MRUc?uDTRNn`$pD6_XOj
zHligMWO*&P?;GfH3G`bqXZ0!Xjq#R*ksLP51awQ))Op%XdO5fgA+B=MK2CX_%A{?c
zAh1Ye)1>XXjvEa&vr#iw0&q9?}W
zh_?o3vpUf=GWu$=P3p&AU!t5sx2(po9B8Oq*GTRo_R;;3W_MGRmtc*}CXGUVo|3B8
zL}DQ}lpM*4Pa0lN_g3r@A8nz14r!aIScQHo_y*AL@Cm0)VqTZ3Z1PNV)s;>+*af0q
z!40O}TC{hq5=x{-g&gbwdCLNMb2Mg_pm5M-o-%AY&vp7ToSqAxH@gD-bYlVL;ga=4^q@ZQ~Q1tIEu
zO@5#jn@FX_H>&h*u_DCjV>sfB?NBy-
z$n8KFNm@)~Vw~UYI320(msUra$x3wYy9|sLoW_)bBNn>k4
zfGrwP^~}lfdXrS4laatZWGt(t`W~0mmz$kMx-f3+&2f
zc|c62>?nx3S!kldS)15Y&hmif(>jqwo})d#Pwmu4-|}3pB82i4uh;|H<@LL)MV_Ot
zW|pFSHYzl!Lj9Uh{TxTr@=(b!LDwo^N(pHtMJw`FOx+|j9Wd3BH
zi*<)*z36n6K^GFBn+rkCRYfH3)#c~`DOhL6Y`LQ=0Vk>Q1P+3
zM%!^eD;u??ZA2`aJTR1_YnRc-^@N@`EoMwN7{pSE{r{ZK$)TZ@HJi@RW@(U)qZyQk
zHrQ-cHc9%Rt->RBt~Mf-CgZ|+Nzf_!ScP;y^<~Jy2$ZeyGQUoH$0*sf?%1fjekqn7
zp^ZG}^z@}DL0<*Qx?Y7gOKy?a))a+1K7
z*2UXo+9+<4DBPuN^ZI}~ERh#TCB~BjX*w2>8KNuYQY08%EfV|)iC88?R-~U?zZUt4
zV5x@`E>4KchDpyWNSohj(*G`1^Wuazimhg1$t8U&U@LJAuE1)!X?hchNWsSFbMgno
zq4UjtV}-Gm$-7v5Y`kcCN!h+l8@=#I#35dFSaFly%}674g9p_umcpV=n?EUnKT17Q
z)L2?lCogE>)A3(7abCJb0U8}vHY{wLy&Bi+jVn9&m@$oI(xXL{_Q=eaV$Shd9Nm>u
zD9Z)t?Xk?@rg}4UN2WV@2DUb}bLq{MZeRp2o3~*4(!7xLwC8Q>^YXUjXY|mut#tRP
z@D1e`SqtQS>s7)RF8^@*B`>8wH3F?_PBnt@aeKFg$YPNLkR`v!mK`ocjXVU0N!qD7
z`c>KekTls|lW1qxm9Kd9$$@c_*_PMOF`(eo`!>Nr(ll=HG-w9Y7Ss&Fjo6jQ%%mYQ
zTXdfsq(d=$QYv+tJ-7&n#t}*ai^Jh9GGHavIbZf*BQ*H{eWoJ^|XSb1W6%zLB^eOxrT4G>U?GZQ+vm(viW`
zmA>()g1zFC!c>z*x4|aqw9*ZULAlF}@xHziebHM%eMKoeN*gQs7-TDl)hT?cHbE7f
zH;mFY(dPk$5fGnIZ5GL5V~lnKn&|F(E2P<`2(KDK(fBUq<7u&Ti{c8HcT=*@W53M}
ztOnZDTv%WcAUD;Y6t}=8iq1ht>zi(TDjEqx#*{y1%vn>hfEUg~swAXPQ@c1VSsWCo
zwTVrnmIs7TMU*0tP%Siziq-aq+V~khu`T73PA*Vm22RN_t{U7NN)^G?)2l9mNQ0ohkQ4&7^rS`E;iC}YC@{t
zF)JTuq{ZvZt|loVQSRY0;bj`0ErY5+Ntzs55$M`NPNNigvCO4Ku6R%n*uZks8^{I=
z*^6a_ZdS;0JQ>LOHuofmGV{|iTSpm(O%7By(Eyax|B2a9@xstIElc3QypWYIUg>j0
z8@6B?bR-u~jwG_Y6Lar+O^*m$z`J%~Ez6!txlmxJqVjqo;~*-58=OU1jim1e44MX(
zL^eCAgo#)oS(OIf#K10Ts9P0G9@Qp=A%oC%qLvI?tw6;*Diz+#W
z)1#Yx&e`{|@FQQfB2x{rXy%BG*7@Lhfzbv}kPFKsvf3gTX;2=yPozP|C`?6mQPwzb
zG#?+8d45Tm(r%D=;
zJcA%o%VTs?Ht9=xj56((jEH5dZYq_phq1^r)?vw~k*7!L7z%vSaY*_H{g=-~(zeho
z72VhiLznBwOU^e>gujzK0MMK2iKz{!qqNbLdvj|PDDg$=RSY^|L^+K)1oTw~3pQo190e+P&
z&NuCl^0ZQzV9!Sp^_?!f?aI5rLg+c45>^*z)H@@mG)I3t6{oBAWBVy9BXi>xrn;d-Th&C{SS>n*}Jlm)sz9z4?6r-cBW*!$?@K`MhjIf_h52S
z{kQw^v<}cVUw-U7Qcvqoqn>SE__>H;;HK_wm
z2v(T)7L{D2+pjyX5W=Cig!~bG
zQ=&88MP5Kt=veH+irIeSbDlhFCwaf_$yAkPm0KyfYLijW0akM`mxe&QGcJX(TM$cX
zt%M=ip7af((K?8TxD(PHgpHmY1}}K!4+CvoBiT9`h%L+3S=e%I710#Sj}GyYIn(7w
z+M3x&&{HxMT`bj8?D>r*dy3I7W>AYfZ?~DY2VJuWvJGGs>0)BOUspOB_;nmx&w5JA
zPx{y>8pq-qPx28;RTELPrF|vZh*RQPZi&^7rBo|y2~nXU{s7Nrr~j_A=i_ZpN!%(FFG?u
z3Z!Ww&*pmFa>Xe1G5795QXtDNz|<{u=s4jbBc~P^JsNXXP_arywf?$0Og<7Hh3f7|
zKTEjX#KbcZ_IvPBbfl-9GEhLf!Ey@lOnpSf>qNV7)_r=f)WLO{q997^s=wITi}glO
z*|Zo_y^b;M6;};9C7e3lXx0xQR_ExH2u@Lmw(u>^oMv;!CcIU8wOe#v*QSX{rJVu9fys5k*HL#&{hS*+^uF(bcJ))YIY>vu!$_)~ql$2dn
z;M8P(Uu=ms8j!EI1mtN56s9~B&kl;*dVuVSG%^M1zUatv@oL4O76%u{7QHxD)_kHr
zL(vyeSIq^J(u}&*XWAHBV!bkOUQeI6H3!a13c3r@{w2VkixGUf-FZ?l#d~8;X_J%}
zDkmPwi&jI>d2?rmtWXJ2X8D3e_4Su}Idta{bA7(GimXlfab>T=NYe9WbOS|DMH*M`
zu!$U*H@(S-#bc4p3CU79imygZ#!#ivBb8LY@mYPLq!l?sAuKNYceF3uCOtCnBaFU(
zfC+-F0meDuY!h@^35D?aW7;LAS`JyvmKYsP?^j6~e|asnb;<_aLVn{Wz;R-Mdy~j4
zJ3^2OZ!|evBBjFN64?3JXsFG(_YElHqdp~Unk-#=w@pq+OK+PjPl>RQSk4R^C)~V~
zf^T@^WaA+J-H{vx+&Wo$iPCO~OuKry$cv<9pT1Pk;h2lD>dn5BqX$s8IgPI!h33A@ypwpN^9b3jX1@nwZ<;-fZcd@
zrJc0Wu+7>vVtM31szU~tt=H9X=>!E^XoasdWMvY!_NKDeEDV-UO
zG{rhZZJD?XUDl597H6B>;%tv`Mpk?W!&>k|3foTuRDlSt=2zSDich5L?5lSR#uM?q
zodIPw&b7(5w=Zj=P)gzm~olPh|)}9CNV-(t0mbhvZjvlC|s73NOA~7lbCi3x4;v
zhra8;?yFeU@(g(ZpEWv|kg-A{7mjUDtNO7(V&L<_9x2nvE5oJpAv_}JUCb?xgyVpf
zvYZ#A;a||X^2x5`7J8*D>6S;y$I>I>wbY-Z@#}(xj$GCy`y|K`mvtK{q43O%^!qrt
zWZsvX_Z5%pnX@H9PP<;2tfBV#yIxa2mGY{nl!ymP25f^n
zVH2CeAJ=}Lo)t9w&iY!Y?6!cF_l4j#%kRm*)=H$-Y5g=UT=aue$tqkiiqX=gXh{*L
zZSGGFCbMMOlj#xoa&0UZKR~+!I)hCm@rgqzDp{o};|+L4a-pFWP()MYcb4hBfXnSm
z=ZH$e2Sx@d!n#3bwD%=mN_eF#z8blf8|{#S*|JX>xUbI&`BUEaoEDbC2`lm@IT6gZ
zx|HUg15eIJZY(c~texFQN~z3VS;ezr>#CnDp(C-E)y<2KIwI=6$xRm@<)K+ERxG
zQu3yC!g5%ZL{Hk;niz@qi<`gpcl3^CX&z{qNsh+)lR5c8CFOXECiLmrgVCmg@zhv?
z%o|w}&T-I;@PB=m_?NuU>+8gb8S6?zbyy|DTy4UUTN?HN`
zq(XR&`F^wMA-iMDg*ht9Y`I_4D-3i5AThp^q?YnMXn80}UL#>#_ir>3)sa%jf
zIlU3(*gV1F5FJdQJd%2$oMfTxghHWfF=);Aqyo!fg(6$!*wgw7*wd1hE5~q)V;f|?
zg#qt!Z>VEKE#e5$Qj52S=Ab^-F*2AKkLAQYgB`niN7;t+O?KjMq6$UEVvR3GkR792
z!A7g9tpMI?Gic`6WVr4r1%)hbx(o>UcaUNeT=*0O$)(IFq6lkIO{#O;M5MUI=K+Lc
z=M=hN;HJFHrC<9?(g#QJHboyOPDsa~id{-6KY!UEl`BRUjSna2J7K+I0-Ub^DyKoc
zj$O|2Oi}UWo;I~EuseDNQX-G(wjD?f=Jsb|tYuQieM=s7&npcrsY3nulUeb4s?ne$
zuolH5*C9$V8B#r(Q{_z=-w2}#cU6A#1BK#DgitzK5gmn-FSQ@oNx&k&s4D~J#+|Vao6yB}NV`vz+J(s~cdocg_Sg>5
zz2$|vq}P@La@t`Q$xx?b*{x6$@`;-1;_Sina4bGBpkvnJ18HJ!7^O`lKV$vcQB*iA
zVyeXDGV)G|9+hcrjgAi_GGfOmMa=pX-km;>9EfJK>Fka$7w6^wpgz~5G_Y%IB$pgc
z7@n#3{KQZ7bgLK(^d$OsaL+^diP*^st*mXZvL!o%f5RmF^NcY9tolYx#*RXG@Yg7iZWTM-#dIViEL`
z5Q<&A6=w%&u=0#Eomx#$j}B?cU&Byh+y`nQ@1&5yv$Ddzsn0_7T%G?D&Obb$PKc=a
zhaXrmXi=qc9TG>A1w*6z#pRNTK`|8tvt$HsKK?xC=B*r8yd|J
z&D{QCP5a#jt%{o~$I`^5mnU&M6djk$^k=UV50vk0WOh@@-hg~Iof?gH?!@U35ghu7
zs0uwurcxaPqzvR%sK1G2N?u`r=F=I3m?*6+&8$PNq9{OrHAc>-#?Wpkj6xi;b{yO36G*HJVOPIAjU)JjO(W~+
zMn17cefHKpySIyPMC6kF$&~Zy&Ac9(4vAMnYb32t-7!9P><$q7jf7?UtL4_$-`b6?
z2Th?s;R%%Ei2Wn+MfHhvq&PbaQ9(8L!gUstg;54W<3Q07GfRVKQl7y2
z?%d&2VvtqQt0bPE>Ko*Aks=5;a9e_kJrm}+GtezK*M{~D_1M|g{bXrnU;9S72D;56i8YvC$!y$MS3Lgd!NYi?F6|&1U0=UGk{xDJE2vy!O0XW_iN=Fb283aB*MN@h;>0W_{1&
zw=$f_7lWLrf$OLP$5$q+Q`S`nwA2g_(DTl@r*aA4`9OMO%6;6uFxIVb5GynHE9vw*m>zyQZ}8nnLa%IaSWe5`?g8flV|c
zBGz86+JHA=pvk74e8aSPfiXN%?#gH&VX!%DAxv!x`AycR0lUq93XMMxAv1BS|G#7>Vw_m>_ocnsUib}GL(UGxXk>TY3
z(k>UBI*)-8YrWo^SvdpqL9T}Ty#7FRk#UJMvwdDFGA=9Y+O~n`+}WLW!U&Kot0qajGncN5-ne`=PPIatUcx1Kx6h5
zZ&&bIX=)N_qG~b}4M*n+JkfHHz8W-0@%7S2n;hSu&&#`8ViTgr($)2Z{ActednBGPx{&Z_^Fjy33i!7FrCGW0E#v
zk@P~dVSdE-jcFvjfNX@LNJQLr%Ql$FQG!t%s_y7=if%lnJGzhFs7P}*Ax~as6Y66s
zlpRqu9=do+m~Ou;jWQSa+g8Nhi;5MNh->c5F{~g)!EFCnW!1MHk6gFzt4LdTeXT~Y
zjbouYI!`@6jLvrkE{Hg-)l^v6vRQUUo-TLn%mz(^xX@jH2S=A{o8KM78zJ2u>G#kV
zcJw6}BF=yXSY=WRSd}H->y3$ms@}wBW`sYdOp`DI8>8v5bfAJ1)%7Q6E9uwJc7>KA
z^)(o$nyt)<5bKa{T7{7Ft5M6QE6p5{qS82FzoG2QOllXk^&4YWy%KA|9CeIDcbU7e
z_aMd`q)5=MKrFXM;oz3lrF+Ade|BiRhLM>UGI{DlB?R*-K+R*27n|q}Hg&Xd-B4Tp
zO3?Dxr4miQ!iieBJk2sor*Pq6BNQGQ`U%qxn0MBmD28!zlww~YsvLy@^2pRs=15Jv
z7Y&s$D0ypi&(9l$>($hED6uoll}#2-tY-SPxdL&
zv^-OU)GSf7P%7C!nj0K=>QgToO<&Y3{yOaZ+kpZ4u7vnoMBoDse(h*_WFV6fe-DQ)
z-`%lod#wJV`iq)Emv7%5YXGd#`8A^cwYQfVG+tES9NOO7yLDSfEOJr9MXm4`enK~k
z;9o=waw`1v-W90wzZ^z0OqOEvJ{C2ebcY%x6M};1#aBd-59;ezc
zQYHW9?d@oK_L$J|iXKxI)C9d_=s(9w+M?A_#PKnq6X>6h0;(bUB}9K0J&FH3;^F^1
zEP;n5@UR3PmcYXjcvu1tOW5SCGh{e1jvb(Jl^;2M}(^B-)rfAW2YsL4+(Go
zJ&&Nj@$V17@15rzepHBd1dnxoKRWaa^?Mt&KRKB^F%+r_ol3t8ns0i;TOJvrUCNp2
z?@XU|GS2hIhCZ*Jr{;FcZj^jfYs`iKP`v~=ST<8+@_iudUI@)|38){d7zh1UK
zI@GQHo;&~MDzVGzr@xCo6Hho!{*yrYr|;j6mj9ge;aeUp_B5f;ln<{}?WcWs+oNb$
z^k>F`&qlrd>c7va_JX^YahH#H1NyH5{xcT5
z9q=8*pU_?Lr_X{{13%cl&VsjD@C@*ebS5qMj0In`;GMw##jLV&Ttk3A;TQ?Y{~HJV
z9741lCN20p^o#9REcluQp8)zJE<2$qz;^?mGk~84@cXMxTT=>Htxrvg3?
z_-_DTvEWtEFScKV_P>MowEfAf&tgc3FG2f9LHiK2M|>IDe-7T$HNbxjcoon=d>z`~
z3FDoD_K1gIycuX;1Ni#^4+DN1jH?~+&q4c6z~i7NeSm)j+7AK#1{iM!@CLxg0ly9K
zNx&b1ewRU?5ubzhYoNCi&>rz+Xg?2fSONT9V8>Pg-wXH};O_uAgrMJFLHjDepAUF7
z;Ex5o2JjyM{W`!KL2hBdzXx(?0sO^)w*h_}(CGyHeSl9}@Hq=U4)`G$*A(E3Kz|nS
z&p`VHz{dbz0{l!E*DBz5fZWyrS1yaxu4;I{`k;Lc;O_wXwSYek^s^4|i(p(~z#j*A
z3*gU%e%k>58PM+pd>8Q33;5TeeIMX;(C-l7{{`(cfZq-8#W>)XLHh~7zYgsu0e=Ln
z7t?@W4s>P!?*Tq%0slPEp9B1TAcuLtzX9|Y0RL~$pGCl*4egfzZv+090Uv<&D}W~e
zUj_Vf7}px$uYmUJfd31$pHu#=P>~*JUsKELm-zqp!?HTrz&{53F9O~K_!8jX27DRt{lL%)
z;4v82D&QZ7_G^G&1@zYe9|b&grmMGAK&J}uKSBFyz)u3a2JrJi-)aHJ{Z}2}T`(_U
zz+VOQTLAwh$iEHnGeJJ>fPWvx)d~1(fqpOGF9Ux10AGZDhXDTrw9f$kRp@sd@DD-z
z3BW%C_$1(WLBCUgKLOfL1Aa5Kp8*_(8=3|DxxnWf;9FoG=K-$<`U`-+66C)K_|d@U
z65xjcUk3a$z|RWcUxa>F0Z%}`Yk+?P+OGo+a42+^tN&YoP8HxFhEO%&-O#=U@V9}W
zYXSc(w66pFRFFd$@Q0v%3*cV{`fY%J00!0$_zfV>PQZEOyqNR?{wAQ`2lyjF5JQ0f
z9_VKPzYX{w2mCWYe**9WfKLLx4)_${SHO6u0e>0rGXwZM@G}ee@gV;>z*PuL3TPhi
zCqw%Mz`qFe7Xe=fK9>ML9mcf`_$1&ffIk!HuLAyNXuk&d>p>3dfY(F&(Alp3-vWGA
z0j^_+LJ-w}9}Vqm06!M^tOfiKo=0sKqQz76nK!FbyNKOX3G0)7*;
z?*)7a=C=>(`sXukmXeK4*?z|V(yUjlpy=qv;NOu$zFKNalHD&W^b
z`!&Gd19DpjJPCY;&T;ksMBuXu@CBe#4fst!rv`8e+&h120skn-zYg#W@E->JL(p#v
z;O}>+Q#={)e}VSxfPWvx)d~2|0Ph9-0+4eb-~%w;A;5nQ{AU0k2KwWGw*Wo?_<2Bo
z67c^4d2AoRZoIf>yf80SS
zw+8qdfPNj|j{rOj_;X;qEr357=(hoW63}S}{FTtY6Y!^je0l+If^qc$-T?H60AB?>
z1NdQ(^ElwUpx+6=FNXG$fJZ?7Q-J>~$Y&aGN<=z;W&p2;am@n$7^ih8Gza)Mp#41H
z7XiKi`02p^BH+IR`78ncR=}45KOg9?0RCxczY6#nAcr-;4+6dp_}xG!be^mKe}Q?a
z0{m$p|7yU00&=SX{OLfa7Vv)oI(2|Q3FHR{@`$fRBJ2
zdIA3)(CGtw5bzoq%5q^63Tqdw}-=ej?yQfZq#v2Jmel=W)RQ2ii{nek$-e3HTSF{S@F&
zgz-)T9*6cbfIkV^&jNlH@Hq$gDKPKzfG0uz3xLl7{YAi+f&LQUw*Z}Gz&{E23gG7f
zz6$sWFy1x5{}1H34)`-*T%kHw|NkA@R{?$x(60u(2HMvEelp0R7Vs}a`#QkC3wRjt
z`+-gi;A6ml8{jVjydCi40Ph6+F)%N^fWI5s_W}N1;ByG@zW|*K;Ew|S#{s_s=u80q
z6lgyQ_*i5BMcOX94hkb9xPh76CsS
z+AjhAUFdfi@H0T)Rseq-;H!W?0s377{4Qv}4)_&-ht7BP|C7K^72p@cyi@~z9pE*9
zp9bTt1^fp3Ujh6y;C~hHG_+p>{71mgI^d6kenS_y`hObC
zZx!Iz16~dIZ=l~Az@spawSaE}ybkb30H0yNdjW3&{B)2*8{mHeKHC9*F|_Xl{CSZ>Ir&9rQZ`_yfTI
zEZ|4Myvzaq59oIu@b?0p1;D=m?H2)mA&hGY@NWYD%YZ)v_*ntG8TwrX{3saj8sJAm
zzw3bC1AK;_>gxZMFfUbr_W)iE_#xoG2Jl7bw-)es0H1Y$e**9@;5&hS3*hI19NGYX
zGK{Mo@GnC9PQcHCetQ9bE#Q5CpAGXe1o){i-VESx20G(_-v;uW0K69Xp9K6bfKLIw
z1ml_p{GGth4B%LYHVgQTz~>y`TY%0y;A=213xNL&#=1v2mI&2
z=LFzag1$`xz7zPL0=x{j1bjQl
zVF~b`0-wu(Pe8vbfIk)JtOEW7z}En$Bkazfb-*73atJ-m)qgyHQ3ZG#%x^W|{{{4G
z0DqIyE5-i-|32_p2l)R29tJ!P^jiS`IpA%8e+K$(2mH0be<$F-fcCwBe;L~M0X_nJ
z4gvlwz%zh<9Q0uv@E3#rOaT65z$XEJ3h+4vcrWld4frEKJ~M#VLHk+2_X0i#cnJ8J
z2fP;aX94gZ0H2G1p9peT0z3}%mjRCgKP!Om06DJ$9tQerfcHWBb--&tKB0?T{l6ag
zuLAtdz-Kk!bC7?eE_ys_J3h-ZnoTmZ*Z@^~&{{iqb
z3-}+P{T$%;!o17_{$Xgp0C)uWUj+P@(C-r9#{r#Xz`qCMT><z)hpfe8mPk^5Zz^4G81pE(xPXYcA
z$YC1rb3qO>fbRtUX952f@IMFmnpB2DY
zq5Uf0?*#g5fL{gpI^eZ{hr+J@{~hF61$YYjtp@xpz-JBMw*sA7z`qT69pXSI4EVc2
ze_8-PANXklJOT644)`;Hekb7Tz)vsWD}eU_J_T|c0{mORPX_QMz{df<2k;5N`vIQ>
z{HcIX0saOU?=;|_fc7(hKM(ky1^iQh&jG#_)jIIY2beu
z@RtMsD}bK~bXEbs2>M+E`~je|4)`>TD-?0{|LH)d3h>85`)a^%2KqIC{|?4g3-}PU
zuLJy#KtBxluc3Vl;2#3K4e!fPVw{nF9O-Xg>}3Ht2T-@GGI;S->X%p94G$;b0RKDiQw{hR
z0j~jkH|js&4KQDIfIk)RFyIZqPYd8Tz_{7~kAocA0lyyFcLM%yXx|I?aln5c;I9HY
zLxBGn=wtxj4fr_VjWDhWz>kCZodmoI+D`%gKfup4;P*hkGk|{^+Rp;M4D&b#_!|MA
z2mHH0X94inL;FR*zX|vf;EOQcWx#KQ@vZ>g4EQSGS(vXizz+fab->R8enJhd{@)FF
z72xNBepUm%1^B4}{6e5p3;2_PpE|&w2J#F8J`D6*0KW_HHo$wJ-*&*i2lP7uPec1&
zz)yhoeSlvM?S}ww27Su_-U57%16~DmCIJ5|(3u200r(W)*MmH#0e=DDGk~`OKeK@E
z2mP4?{562j1AZOQSpfVfXuk;fO~C&W;6DL;8Sq)4zXJHhfUg4nahR_)z*9hf9q`A4
zK8G4z{l5(OuLAsbpkEF6hk>6Oz<&q*)&l-~!0Q12B=j2w{BMA_0DeF4(*}4W;O&5)
z4gGckemb=81^n-T_W^zhjCTm|ZO}dg_(ws{#{s_w#x()>>7cihfVaYYO#!|Q=uZRw
z9vJTo;Lia5X93>|{LBIVOlUt3_yDwD0Q@l^heg1zhH)(cJ_GHS0e?C4y8`%~fUg4n
zzksg+J_Yhw2fPO48ESI%{~>5!1^B0cel_4bpnVPC&j$I|0)8pbsRR5!p?w(eagbXJ
z;C}|WwE_NLK&Kt>9WdTbz@Gs0djbCh(C-8MYQTp8e=+Do2Jki*?>OKuf%X%CzZu$3
z0{&F!cM9;Y0sqs0Zv{Ftfd2^aS-_tKa+?GE<1oMTfPW6~1;Eb+eii}W2K1KzzXAAJ
z2K>K){tDn906DAzejLp28sJ%IzYh2TkbkJz)&E}uKUILY!?>ye9|t~b0RMNuYXQFo
z&jLOT_#EKdfzCYOGr;Ep;NJv%
z5%5`%&l2F@f%eOQ{}kG<0RCveR{{SX@V^H5FzCZN;J=6Vp)IcdF92Qzcq_aw)quYi
z_^AQB9r~>W{E2|q0e%d~Aq@CC0dE032K=-E{zGWr4)}XvT%Cab0{HI*{C1$<2l#t|
z{~^G?4(&65w*vifz`qLoOaT5mpfd^hUC{3o;J*NT8t~@;of*J)f_!EHkAj}h0p0`c
z=K=pM&|d)jrGPI2{wBbe0KWtHUk3aKAh#93-wAxK0{(QMvj+IfLC))de-_$@T3r1<
z7w{^;cS66_fPV|dRRj1a@Lvn~%R!!XfKLLSVZa{`?OOo93Fx;0z7y8LcEH<#|4zVf
z1UkKde+v5T1N_Ut=Mdm81Uv(H8_*vI{4mIQ0`PADJ_-2kfKLHF1^rF~{yrG*4B#ID
zI6>44)E^)9tQj%@Y4eLr67kkz^?#0
z?SOBG_ML!_0^SSw4bX2N;5Wi}hXB7D@C@KD2YejxH-J1R0RJ2GI|=yJ(0&T=7_^@T
zJPQ5J0RDU!?=0Y_0sT3^_XGWTz`q3a7XZH!=6wwupFb~1FatN(uh{iy={T`;a{z~2t^YXH9y_^btd0_fKPeg@DF1AZ3p
z*#h`OFy1!6&jEhg0q+L96Y$-@PcPurK)(<0H1IhDcoOs>1Nbc@T;Ny0^rXBeii}W1Nwq5yI-yHk{r?KksRH~E(5VLegD~D2z(XLPTEHiP
zP95NH06Jm7TVcLh0RJ=4Zv(s<#?=n^lYmYq;E#au_5%I_;Ij|#FwhwS{5Q}(1Ne7=
z{y5+fz$XCz0gP)B@CQLYQ-JS7)y-X*{M?w2_zz;(E&@){9uLFBq1^7pR|7yVh
z2J~wHZw5NGfWH{zQwR8aU|zz2zYgfP0RABG(+2oSfVTtwMd-H^@Y4bB1^f%pZy(^l
z2R?@Ye>~910DdXx$vEII1U@GK|0}eg1pFn?ehTm>K>KOHZv}p40I!4gvw%Ma#ybai
z70ly2;2prv0^olId=c;`gT5^Rz7OQN4ETxA?+W0Z(0�N5Xj50Dm>KUkChUfQO#x
z>i-Xc&nmzt0Ivr8T`=An!1qA=TEJfda;^jXH9#i}_}c()0el7cZv%V*=(huY4B(xB
z9|k(TfZq#x(g*k)jB5z+0cf8A{HuVE1AZTjYXb1!!aPm_UIXo?0KX9QWE$`p;ByA>
zPXL`+!1n;3bATTUbmjs79LQ|}@GAjd1pE~s|0TfR1>;=?{C&XZ3gF*?_N#!u5%4v@
zUjXA;2mH-2uF$2f{=Wd|Q~|yP@M^&0K&J-qM?$}~fS&+#>HvQu$Sn-`F)+U^fPW17
zZ3Daw=(hvj1@t=sKLz;g1-u*D_W`~H?S}y01$YMVOM(A!z&{20Fah{i0G|Z>GSG)9
zz&{Q6G~oXL`OEq81e+EBFy2nU`=Q@nz@G(t_5uD97}pTs^MGdnzZ&pyz+*sv
z0`PakxF!L=4BAftek<@l4R{9H&j3CI^k)Ho6Uc22@YA6EJm9Yec`g8cEa=-J;J*ca
zmH=-6d>QZ=;AaK!e}{fo0UrlBuL1s2puZ0Ig)pvAo2&nih4xi|zYyqG1HJ=mJ`H?M0NxAjClQB!rvU#m=)*MNr+|EB0KWppH4FGvKxYo{{m_0M@JZl*
z0q|*PzXi_S7P8HyH
z0G(>U&w+8(0KNcns0I8mw66pFvCuvY_%*<13*ct}KW%_N0Cd^`Z-;Sp0{$GJ-wSvc
z==1^pcHn;q@M{3i0DcqD9|!!ofKLEk1AI;b{%fE=1^6M5!!+P^@IKA}{x_gA3;6SZ
zpEae+|rg72rPvI@N%`7WkIepFNXH*fcHVaoq&H8@Ls@o1N}b0t3Yl;fWIB^4B&SFopHc#gMKFfzX<%6Nx(l3
z^D+haGlBjz;Cq0d8Ngo;^D+zg4ro6I_#WVM9`JtPX94h&fd56nx5B(E0X`4(mjQng
z&{+XI0{pN3f9%~0TpZQiKYlifcOD>wG^l8*5+Mm8+NK7Tnp)AIQWp^o@rD<||MUIK%y(zMi_!W#
zeO|x+>t$chV|dS;Idg7v=FH{H`j+qED~I*I}-#TU<3zU6=S
z#WU5n{1sohP4g|k!57bT-|`21;b;1mZ{;hW{e8=K_oed?-}3docxL&Q|I(MvkZ<{?
zzU8xh%g^>LKiRkZFkii#?puDpFJE(f%hP=6yx6xq;>*`%zU7Db!q@ngAK+VF?_2Kv
zl;-BhUew8ntX};y#`od55EpPXwXQprYxxVH5`;ph35-{mWZ`M%}X`O>+-x4gy|zc0vFe|}X0UzNaDCGb@Vd{qKpmB3de@Kp(X
zRRUj?z*i;kRSA4m0{_pKz`NpEKYpYO0>Qi`b5ej!!PMKH}s#~$ua;AME?^P_`
zFfrpb{FA$rz*Q&oxSE#4arE2*Bn+-!n>Tl8o>YeFa^|$D3brzkW
z-h~dR<%a<_42_O^`JYY?sI%!_^=@>RdUv`_{cXBMJ%eske}}GB??G3nXVRtWJ?SF#
zUUY$aZ#q}K51p;fp)=I`(gF2;^ysHv{`aQ`)bb%Vw14#hbeCE_M27aSmJfKL{j2ln
zMzwsX3hiJ0UAjVj2wkd{4-=vO)rZjq>ci<=wS35B!%((bKGd>dC`0{yI-ov+9{t42
z|15eyT|oD$kEFZQN6~HSqv;lPkZx4}fUZ^lkgiaN=u-7DbdmZ;bb(qXHf|WoRm;RJ
z5NsFT~D{wVZ%943(PzVg
z^<{LaT3*CQ{?)&s3)H`*bJf42v(?pfhWc_kpuU10{m{#Q4LzW)rF+#^(p~C0x=lTo
zZc&HnM)g&6t@>)ZLS0Xnsv~rf`Wm`G-9YE6ucfoqQ948Ydpe-LjvoEM%l|xjK;209
zs;{TJ)Hl#=>Ko}6brapFzKO0?-%MAi=hLO?KhQ<$Khg#2Tj*T%t#r1!na)t(MhDcl
z)1&Wu`CmW}s9We>^`Gc2^`GfB^&NDJdLiAYzLTz1-$hrb7ty8ayXhkJJ#>NkUOHEO
zADyjkr8Cs`(*gAZ^yqtD{uk2&>NdJp{UF_?eu!>UKTNl%+v!I2BXq6$QMy9Cgf3P8
zg)UM*Mi;0br*qX$(Anw^Izzpb4yd1`N8k1G-$@UsyXao^GP+B>oNiOEpj*`4bfbDD
zU90Y)E7Ys#QuR}Gk@{)6K>b%bSN%6STfLgjQ2(6{sGp%nH+cD9Ll3BX>0b4-beH-$
zx=sB&-JaT|SN#&5t?s8Y)GyNk^(*w~sF(kB
z^niMR?p41^cd1{a+tjbqE$TtKQT=baR{aKDp^nj|>LI#F{U%+Y9;S2EZ_(N65jsQt
zHXTsELyxZa^1q%QP><5R>J4<4`dzwB{T|(-exGhse?Zr&Kcp+vV|1zdBf3caFR|Gw?zUna^U
z|7v+b0^@)64s@4#N4iZdA1*-t)tPjoS|*ku|LU*P73yhpsahuTV*IE6CS9Q3na)+q
z2Q!d=wY->$@xOW(I-r&xRzm(qy!=n62h`bguX;DSOT9bYrj{2qkbkxO;0CUL)Zd|N
z)iRL-*FS2Rh>ZGI?@1S__o55bd(*kf3DkZOxLQvOIN55p-a{Bp)}OLT3+Nt`&S=M=c>O)XRGt+
z47E%=NBdVFL5~i5`JY7(sO1Gkw12gH&=&buA4RvRkEUDHLAp`>1G-lIL%KpO6M<0w
z>SO34wM?i){?#&Z1=s)TLR*VeFEL3K9O!y
z|AcN)7t@XEpVGDJljsWd$#kjuXLOPJ=X8NuCL|&M>Qm`#bqSrJmJeQ{{?)&rM~A%p
zpH2^`OX*&W?tiGyqFdBubfa1(4x#^3pF>xu=g_6I>rldO%%4_o{zMcd6xrcF4cFl5SDUL^2%zYI$)R`Bz^`
zSEw(eOVz)oi`2iN3)H`*bJf42v(?pfhWc_kpuU10eZ$Lt4LzW)rF+#^(p~C0x=lTo
zZc&HnM)g&6t@>)ZLS0Xnsv~rf`Wm`G-9YE6ucfoqQ948Ydpe-LjvoEDm;ZV6fVz?H
zRbNkcsc)d$)Hl*C>L$8TeG^@)zL~C2&!45qHdh~TK|BLAXbsOEQevs}`KSZ~wAEsN>?R2C15xQ3WC|#jmLYJ!l
zLKmqYqYKoJ)4A#==xlWdouOVz2h>l}qpx}S@1zIRU39N{8QrB`PPeI7&@Jk2x>3E7
zu2uKY73x)Vsro6pNc}Wjp#CeJtNt6EtzJ!MsQ*p})X&hPuX_1kLl3BX>0b4-beH-$
zx=sB&-JaT|SN#&5t?s8Y)GyNk^(*w~fS3Pu
z^niMR?p41^cd1{a+tjbqE$TtKQT=baR{aKDp^nj|>LI#F{U%+Y9;S2EZ_(N65jsQt
zHXTsELyxZW^1q%QP><5R>J4<4`dzwB{T|(-exGhse?Zr&Kcp+vV|1zdBf3caF2!uUtM
zC0(JGiDVf6tGA|$)bgPijQ`c!(z$B+U;xH{YWaa(jQ`d0p>vFX)iUuBtaZH@Zu`JKd(1i8#3aRm+Dck$?4f=vwt2
zbcK2*U8SO34
z^^fQR^|5rW`ZzjUEfYSGfA#TnK>cHS^hGcKv*`hK5#6gkf$mbDNVlnfLbs@k=|=TW
z>00$kbcOn4x>Wr$x=1ZQl!5lIK84OzpGs$|<-@DUzgm813H_h?7xd^qz5Jg}52#D&
zUiBGtm-fRI7pTvtbJZ8n+3IpSLwz9~
zP+vrkuJ!US6XnqU)fIHFT0Z27_OF(S=eYh?%ZDM*{?%15OI=5|sprxy>M-4?
zzKX6@Urkr2>*-Q;gf3EFLl>wU=v?)+bhbK5XQ+Qq2h`WmqyO;oKaU*+4_
z4Ro9OM!H4aL^rB$qHEPR(-rFZbgB9ebdmaxbb00$&bcK2mU8=sDE>hn^7pU*0bJh3J+3Hq0
zLw!FTP(MJAKJVp!F+HGeqkGj4(p~C@=r;Akbc?#3Zd5-)*Qy_-E7VKqQuSZxBK2c*
zf%K?j6
zy^1bXKSdX*pQa1cf2DKPf1|V2tLY5&-|2w*8G7_tFaK-k0d+6ktA3X5Qa?wxsh_7?
z)O~cL`X6+y`USc|y_POj|C26KzepFT|3&AjU!t?s{d9)R0J5^=ovS`gOWRJxDjI|4rAb-=HhhF}hSeL>H;wqzlx;bgud>I$J$LXQ(X-7pXs{3)G*`x#~~p
zZ1p&uq25Rb)D!gRGhY5vHk0wifLcBTkLQ1C`G5q*KkCisHnsd<6~;g6RJu{U1zoF_
zA2!DLN4*tYs@|F|Qg1^SsJEqa)!Wh8>NGk-y*(XJ%MZBY`v31<{-@Fd>I}M9Egup`
z{?$9uZR(xq7Pb6P5w3sL@NII$NDZ
zXQ+3f1L|Gr(bZo5r_%%KY`Ryy8{MVeoo-Xhhwo7T>KSyS`a5*3T0T&N`d81SOVxYQ
zMe4oi0`=Z>u3A25iu)hx96Ce2FC9?tN00u^%m4oLfLeZ#0PSCW0NtfNkZw~SM7OB(
z=tlLybglZkbcI@eumbh3K9nv}A4V6b52th0@&PF1Uo9U(!u6k8ejo_ff9fOX(Z726
zpG6O-3+P_;k#v{(D7sC3G~J>O(v52Qp*6IB^$+O^wfvwY@~@T;%A@_O<%3wb{!t%G
z=c?rcRmi`(kj_vaPY2XLrbnOl@;{p%P#4j?>J#WLwR~^|*MDmHVK}sZwR}Jm$G`fg
zbglX%xWU8I%|DkA@C`7jgi|EN!;v(+VZhFX5;2=%X)54@rOd&
    f9O=Y|r&X
zLmUS7uEv#)CD(w@u|3!BRsMVn{O=+h6?`f)B8k}#*`7)JRhpK-%vA*(T(9sG!9{~x
zXp!^=AscN^*M2H#n&7@Wx#@bdux@7Wv^^ImDc$42yr0-qXWg#5WATANo`wCW9ol8N
z4!n)7X5nM-1=Efz0JsP4$6QPqztbpb6l(`2b+F_{eh$WE&Em9E1Wd}D!Gc^V+hP76
zhYEZl4SP-d0rah98GzZEKpG^oR8Wt=KD7az6WIckJ2b6)C?s#1cI-|th6B922tnzI
z=2)FD?N2493_#deltfLfGiA%n_f0!9+z`9LdgmXQYLLOqPfYt^JPYz7Xutn26}ul$
zV&lWc!XgYl
zKhCycPBykQj@qualm|isLuS!>-l3USl7VtV$`6XdoMj?
z^rz;5jGrxg@Ci84xFW-42{xb_*S#M98&1?30&D5ws(Mr;+voYDhf|&hf-r_iT;r)w
zlL6I;_IZ|l>}1t^5FWaXM7B{wdh7)#9UQe6K-f(ru4%csV*{$;@z_UvPVqkp!a1!;
zk;pb`cwrm8;Uv;k5KPRf6xPI~pvUfu!8a#cG6wr%U^EwqzBP0nKt@
zNpB;Gr0-&(0*k~_F@r!V)&O7cavT_MauuJXRO|+H*oBpf7Neg*lI6=tP6f8hQ|b$g
zg4pWl1^o3KjKn?yTHEJ_p;^o$5`VX#ckq^YOL!~_n^`A(
zS64g2_y4BZA)00&r3^$XZlK6qIl+;7!{Px?0wA?d70Efo!PaY$3j`_
zdVejPjII|O;$(Gg6^T=L*FzO>D&F-Gh>Fr($CSq@FSCA4OKi)$17a<^HjIS_a+Q1}
z1CWqnl{{D364-5a#x9vy%@Q;5!>-7Y2-s>_4p3@044D6dUuI*OM9$Jo!^XnqI>S@L
zu*4hW@+1Ck;xJD1Mhn1B^e1LXrY<%-%MfdJkA=Dr4JDvrNBTw&grfGf>%k~J%Q=as8){d@Wj&W59bhFAO`yoC7Pf7
z-&dAJ_QyLBbWDj=?2ak1GtW?RxUaZ;*9poGL+%(3V=nyDQ(^_10iB2QB^Q!Q33sQ&
z`u~bX1rAbL&>Mk+Dq-TvDYWh+CR(`=GeKI$pTDmyUg
z2Ip%8J$Vg^^b}?CPuQ&$&M}CNg7hm7O~^y{Ee8s;zDYxUmOE-M-hcQ)8Uw#D#Y9MB
zb@5o<_<(1%2g0QcX>j7eRx#cYEO$B95Jvwbjf-!YVs&9b6^~!OjWaQL4B+~Qi^#Jfc#&}wivhe)8iRucRJR=DwfDO2wNn2AA?-fd58kMis+8muMjhfVw5xv
zdF4f`<{gJt6COMYM_LVK{7$|p7){q%bh9b+djRbx_!hzZ8j-h{EWytdxhK&QUoYCP
z*^emVWjOw#1=?Hd0i(&sPD3D2@+N622UNt29opR&nKNkrBPsyGi(H$bjXj
z7*;i~M5V>4)TnwY*Z0$lW1h+l{C)VG>mR?D?(_T;kjb9Pjr=qDobP{>&yD@N_}s*Q
zlFtSH@A%x*@3}$zX8t6clUHOTJSjT@J^RALC|I9Tc4pBw5rOYNz&?2|S6GkUHP=un
zyDIE_9oN*?OnIfk(Id#RrcDKJry`Q4^+HRW@_OJ&t!7^#H3tf*Iap!R9#_qw3h%gT
z$WbJVMhH#v;J^W>8Kd3|OCB1?tcGa^%$y{DVxz+pcG`CqaPUv`n!-+(;GU)MROu4)
z0~$V0m98-(D1KGCIrrV2a}RZ{+QvVYaGW3F^Bw+I_}tZhlFxVgFY&pzKkP5!_3@W=
z&INq#>mTTx=kU3of1`6g#OMD0FPyW1vQgJAZ}}_pMV93+gNx*I=nu-UHGyaPArjA0
zB-W%n{|aKS`$ZzT;TF6sgIxIvoPWv*YBt@RpzY5%C%7$5PKbtjB%y_7`yZ0IO%@a>em3ZhI>aG#!f^<_rn_P0yG59<6TJZ
zBi!wW-BnqLBXGbMi$Qp#D9P=IMIhPbW*2k&VHD0avea-X^1_Xe18D=$F7o?xkIIt+
z@MM2e{wki=@X`%T8UtOjeOn|i%J~CwH%Qt26cB~}Xx|Hz9`IvKp
zkz{W_M2GC3V6gp@>nE~*@2{CjLV9&n1)8kas#xIU5XHi^f09Pm{&@lO&&T2LJ}Emz;dbqx*S^FGAh`bQBJu*kuKjb{
zH}KN~wLD`;lJc97_XHZ=_kK9_j)uR0H0uklHjc(d;5}jTc@bQfla>+`PHh}LI3Br4
z_;bK^5MGXOZ5*W@kF*HT#?imfFChnc9)DkjL|o%2mHUu!^ot!ZkrOF67|DY}1wb1|
z?|d6h<>6k##U#-~#?iqafzT3Q=i3ObakK~83u6Sp$wdhv<0z8oUyY*+@=*C8%Et4M
ze$mzNZ^qGAFa~1M889ypo0Cf$M@=-LtnCIcIRv;$Zr3>aI;LD%J_%SV;Y!{$jwV!b
zLQ@Y|qmaC794*<%k?#qtUr63Hj;_1pWXV0iW@&kC9Hm;vFkR!Qca&75Ensd9X=CFj
zjH4Hlv66x!`4+HuwKkJ+7)QGwa+2&jU_WVjZ5*vl1xp)8n;;jY^*3nRIGWl@D!Gb7
zfl+uv#?caMF(HRa%V-|L-rSF>7RJ#lzd6wyNEih%WE>rVodG%KGYO-_4jD&xqc6yX
z@v)E`O{W<2!cs9u?v;?7YaHDkFjP1{3}LQu^t%mCIDZadu5mOQqZdxV044{WaJt6P
zk)xf&%Op&N(>0FvfgO_NnuO$B!v
zDjx{d#?jil9l0HFeZ8ohHjd_ZaEzm;LHI_K=*scIHI80HJsmQR`sX{!BZi~l#-RdL
zNX|8mu9^fnZ5++~LeZN-q^B06WZ{%l)r2;V{*2X=q0`7N+v5o)0Wz)xsS6G}#H9Id?H5Ep=buW_ZrHI7z%)ZhSlMhKCJL&cgn
zD)>CFppBzFeo|>#9n9v$rh0*&2re3`<<`d02k%z8`++(6Uv<02QD2zS{UDed|4p|x
zj=qm!iqIY6GHa`e543L>Cwi~
zGng2E4uk_mNz_>1W*nX04&S%~>+(M^iyB8Cdl|xV6ux?ZL*+dMO*QV?I69#;Vo(l@
zY?q}Pcx@c*cwUGuB-a{*t}aP(a%$t~8`aQ5KnF;U17Ql0RIB0|M;p&mPm){)>=9Q<
z$T&J1W*2@Ow*%Xy<+XA2mxZdh$@hVs*7Djon((+I{|m4`wY)Zt-k6NAY2#>5%+nJ|
zmO>4ffrC>gWE>S!G#kdz6YnUJYy)N|Vyn2h#?eQj9c`n4O(0ygxQxR%`X`K|O=4ipp^iPH7U?UD`O>d#$7CXAs2L{|%TnjxH;Ux}^jd
zWi^XuKOrgvLIIID;7XHg9NqdoJ_t(BNFNY}YfUP4u5mO0V`d+b=78{^
z)}%lqsj^*+gYNX&$N|;pCIJ$Y3A*zGWxG1Tpadi42DY}6$v?z%+rJt;iHphrJioFLk
zn(mB5!&nr=GAKB#B#~z@pQE0+CbTJsQO*cZP=xu4JiHfp8N>Q}mg*%Q20yI5U-IDF
z7##&cHZ2H?Joj}!3WH!j!?^Y+#IBPIx;<<+pc`eCP;uo(pGD1=pM;+i4Ws5*)x$8V
zLnzl3q?^KmER)n`7i2uPT^0FBWq%l0_ubQgxYOZ#pgKC=$zN-iYn$}uo^l+|fRBc-R8w6A=M
zz5w7Jn!KBoC2-fVwJb|rM~lFu1DHcG`bxXy0E5|c;kb~b_OSq4tXs%LdJ>ey8gs;-
zuaeB!4&JU1m+T`(OUbjp%3?iK+E|dqoX^1fGQ?$zbq86A`o0#qE4%baeClrt=Ahtr
zF$6INhe`$oPmp%k%}P%tK($@Cu-W<^X&?DnsptT_tIKiB*0ZG@1WaCz1$2)K7dBfj
zlaZXZg{FQeoaxa6v2qBNZQu%8XuT+)(j0sm4QdXMszG>OLW=@w%t18>=L;?*>FQq=
z1{F@AY
zcWMS7}k`o=aq_`!1uVE(8_=V=q8YglQ_<~aN#7z$^cG^
zLP<>FY&97hTC|$|ELH{_#v{>oSX=DTwEli<6Xfgd&zO$MRN5xUHz$*xA>Jm)H#f2*
z9(2)X!k~%5_q5&cThu$U6`VTYFnUob9>v%;d-8|C2E%!>3#sn-5F+t5LB4zA)f5gf
zl*;pVtGRgo0mL=nERkE|p=_W?Yn2@{CWmp%T?4pf7N^T2-BIGGR%`L2R^
z!`?On&fdF_@i;j2l0&C7-LlKWkS5CmtD|uWiXuHG**{a-AMFRNJt%!OjRI7J=9TtP
zEJ2b}K)GMjI9%*y$JNLIAB=X3lOQSAfwIM=sctuK0_4k*_Vkn3OOW)-!(hDYvLvUH
zVpW!Q@?vaw$E-_W{GnN#RNRI4)t7b_)}AmcVk(L?4wVZ0-XibA;k!GYd+*$z_ceo2
zu@=6N3!-dfC+gErop8v8dWOgE{h55D#cF_w;@JV3n)y;Aenc&^T`y`zqh1E~Vj99Y{BPA_iz
zuq9F5GEQKI0vjE|>BVgyb|KndQ-x7J0BlJJrx&+<*o7z^)eMJkGq4vzI1LSa_y+3}
z=m&83=qRvvG|s#H_#Uakokw0a>Dz!UkJcN^k$-@ALz8)A;KRmieVR&z$KHdA3x`S!
z9vS#{V@snRNT_OXuTK~~<&p}G;5S=+e@lB;3n8+m!?_Cx{WNI-mkfFV!8bLYnrvwi
zsKmkyd;DofY%yF{X|bgt-DM1$zC}z$L+$|KpeE6kR36aOj_)C-w9uQrzH)f6rGk?I
z-+_3os2F>|JNEeU4Ldj;txUwdDE~MLm46;X_?8&;mERP)hckM;^XJ({5JL@#+Q$VbllWoGe62G3|z5OHO228iWc&
zDx`@<9=-;q{ZxM^K?*=K74$1{2NX#JqW^@+cYt$
zk7-|q*_{()CkXp)(?o*`-)xYchelNR@)Hm)-lmC3^RUmrOr#f)Zi3*QULV6+b+Hd>akFrjmcBZ^HNE
z_!D}6#Shwn@F2i7n(#gm^!|$H>kIJ(TwVmeS96S+nuGlnFJf3poYTO+(3}+F==~LU
z+-HbC2}96TKu7``*4D)Si`X%-c?Ikz2&@hc-Z61Cx-Gn8;u-XSlmt0Rx}`;I)da;G
z7uj4F35)80?2QKyMeL&a6V$l7XjZ=jw+V2VioN}NNTv_Bt_KB)kOc`;P|G+F1vLC9D7x#Ey1rnf;MNIRN6t68K
zAuNm-D@ac4mSsKI7HYY@6e|Fv`~Yqr<1lvL0$7T%6}BA*><2hsbseLK(n+oZ(bhpxV5hS+HYdZWvUS1D37v*bv?+@(dQL%4WbiYCI{VzPtTVbqkyMqW`O5+6q)o!=H%z
zxHSI8*|A=gWJ|%3_b~=Pr%|`%9Y4b1~FNkpy-iJ5rj@MvO}sR
z(%@Vkhf#;1E(~>*k#(`SHW$tevtHzs9D17yv#3sbpW-%RMH;w>&PZKzDp;Q`rtN?>}P9|X;
zLhO^Hu=Y4S?ykTkj1*NNxI6OqvX%(oJ_?7?lDtsJw8;E=mM9C?YAzx>6Re8I%*cDO
zbXhh9)Tp{?M^Q6#O3
z#|C>x8B0)b-Xetk4VJ`y4{=Wgxr))LfLW5h=>Jf)V_il{C6~uS>F~JSfj)SgDpRV6
zd~z42(tOBHz(Q#9GmQpf6GDEzVRu1+CO;bxGL?`(9T*?u_EjN07CFZyp2y!?_I^C;
zGr$-cQo_gy`&R^fE|A$;Nh%kdcOn-HORR+JV>pb3q<)2D=!3}f*_PN2=L0UpS>Zgc
z%sCr*zBJPN6bKhIiNnb4MBL{wKb5ltMdun|3z26pR5VlwzO>&)`G^OUrs0(o3{~bZ
zTAGJ7?nWJeO*DZMD3sc&%u#Z?1@9+hQ2OwjXd|e-p-N1*H;<9>)^|lxhDKdp|NGf5JL@DW8MXF7k3SBqWO|#%VLMJ<6|??*RQoGoB>HJjRQA$+F)I
zx5SGi_!|f}HEBGq91>>S|H6_hCdDHZX*iT$D{-Z^kcq?hnYV!?>%ggrCXkHqjoogF
zxRqw$cd9Z+0vwN{2kl`^Nr8)OuC7?8_}?_5R7rogIAke}HbPdX5l1CG94(7XI^YSs
zrLlva5@+Cds4dNYvIaGy&-rUEa2t&ssk3KN@H`vPOiF3@LqjXCL51}IB6xw)Ui39a+5B-apxmM%$Y;RKIBjT?)qn@Iyf7^6vTGY}S&
zUPOt&Xm$ajy8}Uy^Fer!NLMK+s#$(1$jz)tZ=ytCzOWy>C60UiNL(y
zuXqiD@l(LgYCJXvZ>L1;3RXlaNQ>Of`X9slQCLij+6!^T_;)_Wzc@HK9DKaA7a}LU
zgl7V)OgIPcRsNDl#AI1~S2CVsYK&R{Y^MpP7(-nae8ecn3DPiNV+g187QSEh0ADEW
zt7u^4T(~cFF-b8{g)QO{X@BxJ!nXU2;+OkdI(
zJ@=%SJb}KDR7Lh>Pb_^6fko&$A|n0zUL+Ec<`yP30mLMlh!n~1qN1mjqWi&7OB;)>
z4kaU$TH1K10?iKd(nhvSrN8+V1!963_ztp_>C-4mG5Ii*cGoGx)8-<5-$|;39x(&<
zLJ-NP5K*L;8$;+?Gmt?j=_-uAb3f4N5k{afp`@VD9DDkx=O~JJ(}nilQR#p;U33)b
zLbU$#B<6F2w&j0%F)EPdNWY-Zisa>)hHv-{Lj;p8JN5|tc@$cnz+u#)-0aL)s%1Ak
z4r~|P54xD7D^c=`p{58Hw~|ShG&iMKBA8{_xp^itX!R2va
zr(E1oQW@1u@D9sPuI7+_2H^&gC>11KiITLMIT&r#+J!PN&E9ymFWAkpv+r~KO+yM*
z#=(JCB4%yU+sCrYc5w7I2cZ*@LVC?cluQFGyXF&)rcof=b(^L)v9WJ(xMlDC(n<7@eq)xMS0OuzAWXIOn)f(XpuyMkm=4SZ5cP-AUdZn>Id$
zd22X~0(@6d3Xe@`7M=&#YHUg&PcK;#eo`FC5~kyLFR4vF`zMzFV+P_KJl6Td4$VN2
zs(+b*m>iA>{tRt5CI;abM
z;bH5KiqjqVK+U;;tI!NYU=+SC1D81(C#@oS(4Fd=4NpMhv%p@(@xKYALiQ4c|5Xx0
z{aH<@B-AqylxXSa5nN8fpP)x4Ax9~_0oo-lCNao6g`t>GH-)QX>iObJ3>cu$dhqJt
z{O@}3H!SZFvpU*b+j$4Qj2f~IRk`d?)o
zQuwk$Br0>Pj;C|d$Cp5y;{u*QEteEmOeG9H+Bu8|o{G)`@#OA%smu%t3@
zPQ$zpy(tB6%*Iu*{zDMfr%({kL@ac*C!vYZ;pEbr{v7pXDF}O95(R;JFSiAu*ILS@
zGcThyh;1GSUyd1!_W_+m1FJE#B$}CFh5s9ia#9)j1|8zX$@9E^XrtyS3ncBH}pCsY0|G#KK(gt1W@rR4tWhy@@-s&UZ+g!
zk1j2N|NJ`T>P<@gRuOSYxBv1wWxp;keIq!^GxA#bs9&ed?Gve(|Ao;VoOv#b3Nf!pSOgcfut0go#fIy2{hs826?osfuwaO(`XQ78qScQL
z5suvV(3O~KdEytDoVC{=r`r)Z$Ai?PKhd*Unkgb%dXBF#MMccQBj2j=^UHxsg^LrY
zP&nMDB^{@07Pa)(U)p666a+u7!t@d9`j3
zWm0d}_wi|%;6N$%u%nM&E>fR{<}0Od&v0~q-u7I88EYuW)rd^`m~sc{i)n<0Hm;1v
zQ_82N14e@rdOr1hL&f76&;d-1gw;qpW&uX>amgM}OrDyRda|%^Xku%fBxyBW6}Pqm
z=G|L*W_H0|YA9+)Ai@tB-N+N@a*4S41!x#sdfxpWpL~Jqw=RW0@DqlPjfhzaLsIN!
z(=+=^RYO!-iKtNxLFun+h=0l!&LGa4nD*#%#m7s};f_j42U60sDMoNm!Z|78DwjsO
zE%5x+LFM06*Pl?<(Us^q3$;UJKhN2^uzi8UQKE;!QFHMmVqL}acBH||UoAr6_9AWy
zLgEIs2vSQ_-9ift)p%#2oK0fjZG5Qp{zHi{dJKJm1#0#I*=1Dm_v-3oFvZ
zSvfeB2~A|ESqE3sYG{fn7Xu}k$VyDywkR&e_`*sgD;as45}qwk1qfweRgyEiRah`I
zVZ{Y#3u&Mhz?qARSv~?=ymgHC)NG^Hhg||ezatjreifV-0MS6K(7Q!(v&(QfI(G#X
z6beajm6Pby0LbfDDkkDyft?)X=x}pGP(P!pOQH5j*1#$&5toPdApV@E*4L??5Ctb1shf*3hyd2*2
ze#0{cwqgp)jeiNEDh9~G4=`g}Dqe~jtN*7MREAUGVxV#`0``5Q9$xdsXn<1h4zT3r
z1jL>GL|jI1ejF`WPzU#BlHLt?PsWpz31D%L6Qt~^aF*I4~|1QoG6{fo65s&@1b}C+KYi1?-
zS)6Ca1SQ(?|02qDE%#OeomZeHU0wEF#3H8A6;s$X4Kt^gir+Y>kyG%fpvuJ47IwjG
zjXBK&eK80igx}YlK6KDs!n7^(bwusUt3qrdh%Q9Tc$%*}Vw$m-=_8i|8jAZJ^{_d_
z+>FW18GWSqoRGP=khB*HKHdlkbAWjWCxUO?2Cqe_H~W~IV5%g3!dgfx!4-sbH9Nt8
zNDj4K#DP5ocQV`H#a)7FmmfwH+;+qitS!qy4KMb|O>;4{EFt}|yI}5+G3D?<-+0+*
z1pSSL*m8OFDQvQk=J%Ao;a`6c?+2H*r2jR(@JRn>xbQ?(EJkm}d!i~8TaRizyA|qU
z8CBPxf=0B|p1yd6yuF=@-7e(EP
zC~A_f)b{{+(N9zZwO3jx`U-5+6nhq}YWWJBKePlZAu*9b8>U6gu?M4_V?D)?j5J!|
zn5gHSpCpSutejjh8eY|?6&Mai)}Po}y++-nZph0lYd@~*sq6kZcu%rn!Xk2Ckq7s@
zc;bZ3Y9#p!^TLyH)Iawq@-X9LzxsCYmwxr_;ER6s&ET*6>YKse_!k`~-nV}GcJO{V
zaM)y#@sT;ayAY({Ac7%>K{x-26P&=l;?r$WKVB^8})S&9U+8VUEd?u7g3+eG@&enO%q3JiA)Uw3l92B)JjHXEa;Qp4P)hRo=(y1IWw6z>X2lfm3+CX*YTg
zYd_ZmzX}y-o&IZm($^)z6;*JuYyX<7z?=N=Z
z)fR;AM51^}x)N%3HN~t=gE(h)wX12T)^Yru1=1oCp};E8EDBZYIa8hDGwP{A#fMwxQ1Kc2GK$Y&C>u!%TR?rN`1BnF&t}7Yv5QF_
zTk7Joh|`R0WkD350Os?EDPO|ht0dBc)al|gli6p_r(4ZfAj{dV(a4bV-hyy
zfxI*~;_<+t0;h{l#ol<;gXGhIRd(^)iqB_H7)nWV5ZbyVXL26JXE~CZl?(+o!NqSY
zK0W%V6p)KSSVbg?m!zvu@tMexmxpM85AfA@oQoJ1&Pm544rU+;Ee@D&I@6Dg!u
z7oU_`PBQqAiLp2eYjTUv!fxmRQd(32p)QdMX>yCtN(`bY`{W%U^l(XPTugi>Bx?)|>;^Tf^9yJyhHz7n#ZAa?)r2gYi0@5|Q0~v56{s;X)SOI5?J1I9dO)cW
zoBlu5aCa>Ef$x=?X8*rx#&T!|3sO@nKwpw@+sJ`H+%}T0|ErC>lhkCldI{Ay`ZZUc
zb~`Wa?LYAJ$!*a4G7h88pWwOun%<+3?8o7J%7tV@#+`o6@BM&Z26n~8i}q`1zeDNv
zYic~Ic(NosFNecuMKE3IehqD=sQWctL(+Zi$D1RQK$Si4H%LpR>#+s0AJZ!>t9X?F!WbeEnaw0L>zaSfhwQI-wrKJ
zS32u?dd3|j9UE?Nu;j;}d`kipHAz?hk@XLjKz8|%I*B-x1jUWTbk^VfJSLRMwK_<3
zh)6LJrD*rZsHMi7masw%hVx_`dU~IY2;{1a2ue365YH8qq8%Wk9x(br&A
z)w#8Ee%(3KPMVdg;ZN6hKSG?|)vEnGH1KYsZhberCG7v?O0!35qRXxC_I&HqZ%%#Z
zdC{rgoPp9^F-7aUUw?J@&Om7kMv;XFO0+?zwE=#)10~w$(;X0PhWGA(=mlIS|20$%
zh;ER8GayQZ20im7l8<11i|Wx7q=!qX>{524c`CHXrFE~ZPN%p3wnCj=N^BA8^p1QM
z`Pmcd`r$C{_#2=eGo2_4Yzo|GyO``l1l{Rx`>JrW}9??w0!T4>R-o9rI
zrKAA}ja^cx)BDpIN6DSQhPwD|o!&CvIPsbd!eSy(yd+(PI=#C%a&D*h-me{hUjk`A
ziBRB`i0<@`xaxTRDF|N?DWq3-dZR5T8E%2#Lq-m{U;JB%WSv!tYfxYe41c2ACY7n#*4`~
z6k8Xc9@kA#4f3)Uum*&4;B@i%7As@^{xiqE@-rIg$Y!fclmDn54tXC;pT
zd)mcsD?S3t0x1RL0T50QiQ*;cDpY)ybL8COvltV`9QfZsxf+Ns;AqMPp#_l&X>yCtP)y--GzNe$`Zi5&@tGL31ZAIm0E8tjNfjR|6orZp
z=}P|HizuTq$;cj`riLZIp+}**3+?SUN+I~o0JkB^WIPMHC*i^9SN4bV
zC>N5m7
zNzB}+G|Fjky^n|#6Wx>O>_>ubgY$kIMSBwD>hvTiq1m{jHhge<64Sqd@Hx=FD=e(S
z&W#ked)%m5w1wpw**Q^&(%}hJ0w27D#+^5gOsHM+019QeXt?vD6bW_hZVjQe0`O`$
zjQ4?wRE8SZuZ)DX39jv3MDhaX21j0n6(P_5aH%1hpvyWG@MxDJ6xzhT`Kc6JjtDUi
z$Ra||lIjNZ8d5@YyIXx_P~QmTnUE}_t?lmY_bj^POPjCmD>i2JdUAj%|kws~0fvO}TXwPOuBh4v!&ndvEe#^koD9dTTH
zzkWvLVtN$lPsIF=dL%f_^sLEL>!WA65=EYB*`^XC=ntkMR8PT$re`^7YzoJVu0)Z!
z6PaEU67(lxR;MaI=9|iouUrYr=zj{;LHR7LiiIabVDTqU{xcGywq>tCx2d)aFNx~1
zHeSNrAVuwPdkGvZ8lvEOJ`=)HnBW;+4;2U1F^8n(88&*N;13AY4)@I62Y}`_a6J>(
zwToNdVAx$d-1?qQmi6K?I7%Z0rO~30g@;cqN&mm`|I}ni7Pk|hB1uooViNI$cLsMm
z=`@PRTI5uG7Hq}g;Tymn`!@b&e2OAosc*#H##_`bZ4N_bBM6T-HAJ8V
z>3%McKc)aUHMH6Fqvo%80i}n#g1Y10f?`uZb
zYy%9^uD*T{d4e@bqweVqk;Mq;QC6rs;@$4~7vgOwF(j0Gi@Gq>d$*sjV#e?@jVQy`{
zi4P9$jhi}rQ##lMk6&(GzR3(eh*|R7dVEtg*dKo8*5{kr!G0EQ8t_eCuuURpd3@76
z_;yF!G~%1~!R&8wlg~HZg2j=qxlKw~Cxqx5+%Ou!X&U3h&CuXt3PE!Y_1NHLib4y%
znHXI34v?1qYlpDHHaHne1#;U&r6I9q2CIF7o3;@Ra5Fo&eKT&_g%^jm`+}#VAk!hD
zG;SUU*7yTR_n_x6UPTBFL$#ONGp+)VRl#pcfz~UbCT`XTSO1NhJ2^O;gRi1C$?ff>
zlCUjEA1%r4*Ylsu(HnWy9O+Mu3E(QDsa1b3A#4q~Ad`n%6)va)`mf;8L2>6w@JjO%&Eq
zW2B;&h{?xPRNhP@PzPtCPq>Yc;-R>mR^eLUg5o|ow;KdMQ|>AC9|EbmjG%PgO(aS!
zNq3TNkrY(WQ}&pkWh&ZNMB}8mjhphl7n;*0$M!E`(H~U2Pb%VCAt^d26`8NOD)_3f
zcce2VkCOB&6~varEtI5>wgGloVf|c8q{KIZ`nD>q?$hd7vy))`+9D438-Z>(Q-W?@!I5BllB`b`1>QS&>GXjs{OscvPQwLX(QuclZ622V41wa#&f-^%9
zp-Jod=nGgfr_?~YD(gRjX#Hi;*69G9v==Ql5a`}7d#11V*=DH
zX9nlb0TLTQ#k;Do#v`C<3x*(~=QuK12r*}_NNa#K7kPs?Wm=M}P8ohGF>3(RX5J`H
z)Zwm_Di@RvB5hUy@Lnvx;2-2u+B871=&G`P8xc6~`HB^D(!yL~60e{R1KG)L0Pi=b$eu>H{ZJN<}n@d8JidwV4R?u#1#3
z*w`e`P|j~@z5LiIxxdf_%L|hn^h^JwIKcwJuL%AFMdGG3yc>&jiBN=!n!wMUA~d7A
zrj>fAn-GD#M~zSKxa7^jZgn`*1Kl@-#XZy&zCMvmCt}ZVA+9-vf*sp%b9QY8kNcyanR`8#9Li*WcI+4Q-ElqI}aSU(a6G$QpyCuMF)
zgkq+Q8H*slrj@9|Sec5_ZoG;D?6V@6Qy9A}K*sEsrD}q3^B)Ly_@>gB5eR<~|KZNR
za``nCZNyWjBtCc$OI@hIsZ6|cR5q?8T~|UG&o7rq{r$l4X1LBQNqw%srrF?^kD(%9
zwMLID5Y-$GStY2?8@M_O3MwYhgA;h758Nvy(K8ZwD2VGCQ6-80_cSQWiO!_!ZfkH|
zGr9&{FFOiOt(ZKzJ_qx0e(h-1Uv4*a)`_{3+z-scb=~M;bp0sSOy$>$nMBueM5Yv(|AbrN%0dMuIun7TfMMRob>6WRS~Bu3+S70xP1fW`?b
zY?~43#)&FC*Ad6YNh%BGn18TdFjCg!rx0^)a;C1znZwTXfw+xlcj*7YvHMKw)?U>0dCo#1FWBQ@+{-Qw`yr
z)2QgBW>7Jt|8neNJMMkq5*|K?|F<5&fM14()0#Ak*1*}}wEQoe|Lt(<6WH9b4iBeA
zUDk(8X#rD`%?`=s--AAoMOEoe*G=
zVkk;iPy_@-P)tz4f{oZ-OB7H?n3cMX+Jx|2${r-rY@nzrW9aKcBtj
zoadaGIWu#n+FdP|8Hm;
zE%Av0;
zqr$<>bh$Y?BZJyz$W3L&yVN#IZl+|sO>J}JW@^TX)HY9Ure(ZIZ42dQdd5g4XEd4uy61fd`=>vP8Z;uD)9e{!2>0kouR!%0
z8P3fHp+9w82%-#cv6)s5CL>2}%v=r9h%cvMiglCpCPuu`+fk!7OPf2Q0Wn(*=4)c^
zFqpT9xl=G3^<~$9kz*Q58AKoOLn*@Wyu6?L`fj}G^a6@OmjU>Yzkdo{mRhHm&O1q!
zA0c;G7UT_p$_FG-c4?%1h&y{Bnzuk`XeO(VFEmWIJZ}q*o5aQs;Ywy8%`{};T`1$_6HH^g
zi##46@eWQe>IQ|F7%8uGa(HIy4hE1``zbk3I!GxmLhux{J*w3&q|O&(7R9K&QGLo!
z6tngSsD;DO&n)lmW^x2PlVncjnFD(YW|&sP_`D=TM6
zs_=_*AdHXP8HG&Dh1UhlYJVysG{DX1OeRxjk|K$c^t`NF(6Ec0jG=@`xj9=Oi{54V
zv!=YwI)*pT>x_8>$ShK;2_cY95sR-Ol@`~$LVn3GW;p@d#mrk1049W1edd6FuXHM(
z`xk!U@FT#Fn1p@g15{zh4j^wc2Kk3%=~7E4#`NfZTaLtRHgbF^H#XE#g*%xGQ{6(A
zUcRUs_s(sr;jA`GTC*_o-CbLR&X^5tFGzQUZ}P^HX;X3eSoH6sm1d6p4XwB59R|(wI9n#(f-^(nlSus)ys^i9PFOMMV?Qq$OQqpRr$@(@xJKj98e3Fj|KG$Q`ASq$Q_d3d5(@g~wp7sN!}L$8^ja3fcG;smFzvpgU9Xi2<|?0K7sX
zDw&8aV-S(M9I2?oe1s}Ig+}?(7-f1uK3jkGU%>ZSzi@L4fWmIZ83ahWS}kr4(xqbJ
z%VN~sn3k=$T&Q>WR3k8J|2I&0zmxG~5Xh`8@M#sDb;f%>NertBe;5TV-A&ks6L?Y^
zjmuoCZ$_c7_^%kPRj-e5{fKzumUxt46}?r80IH2u29O-fvk|JhR%1Jg#E3@FG`5pm
zhrLy8+3h+ru>puq
zOTG@0ZS%W0IDX>cNlx26I67_bIoDBc+ccEBP}?yx@H$T0pV7TeZu??qM}^gK1Lq+;
zqvE*a7pUUb7E}>lf^2Ae9cJI1w!MIHRo695;Gv>tMh2r6U8i{$Jv;p^j3e}Skoy&X
zhp{r{sLgZeyhhi#r=i?RHOqojL;RhefKhF_Yytb+tiPXd47(Fp-2-;U4c8(~>t)Ia
zMq#|Vo`tEy{OFyLkM`o`=v;h57Tue2)|*(DR6qZ5kciJy^?6X!HVuAJwS8zKV%PSK
zrdSkRH5;-T4~n9P(jNqWvo6X;1pbK7cp;|{gsk@wVJ^kzX4MX
z{(2vyCo+sSKNIsq>Zae#BTIcF_;(PKLJ0|{4Zo|4{+RmiYKwUu{5R@g9{m=!+aG!Q
zdn`4LWa{t0|H;RwHmz@fiUZk|D6W#qRA3_bOE7p=y$I}snK$6mAW45au*zcWDi*At
zQ*ZjyMqngZV*_@J0XHD*-%`)oj@LjyJ&7DKI8&`M=Jtj3KiT5^F44?tPlcHJhCi-D
z;vZ|e7sW@nzHSi9@<1mw`z_49@Gd&YN%{nj4IY5P$EY-m`f_W@I?_oRHXddG`6HiY
z%$~b446Q?))bkrDb$~qR6H(K+NFQia&eu>f%t>Q=gax(r2{Z64F*@E!SqyaLQFyW+
zJ<5s5&3N8SaI()NXIU@EO?1*Z(O8*{$<62_CzURz^3iF4O*R@U+nkCx9PQ*bWQ-f0
zekWLuH2s0;3{hvpr|t#+(Pqh?kwV2yPaFBZ#i(xdP^HhO=e$X>=(%>
z97yyvbJK9*v$(mhQK?|F-UfCOTFvOLhD~v;8;(Qaj6Rh2heW><*+*0Qtw#OG9)I64
z(EEXE+79L;0f33HfFkXlOu*}4ei#54a|>vp-7g3@0Mg$9fN{5gmfHQDfZTV`z~gV@
z5CgQG
zuBaA>n*&q{%Z&l_((Ye(Bb>*;d?5h5jh4&;`e}DMZuG}seiHy#CN1Cy?JmG`UVRwM
z)ZKnsS+?*x+_}iF0ov_~N87qNn590z)FxTrE;?AJ&Vb+U2oXIDfT$1BMvHiWq1yX(
zC$t;~=E(toGAea1{C#w|_VAG_{4ki8CIVcpdK(?7Gg6Pm=Oicz`gQ>BCaBwQP~eK6
z9Id@C{+g3hm7bo0m-WPXPQ?2Xr_IA&t@AMVQ*7k#wVX@q!Ef
z5|Y*A!KX*ZYH#Sh7Ss=b;dMabm&a-Etj0D@GXXfU4rtC#&=l3)rqMP|>j2nL2Q(h9
z6-Ti+>y01d%sAZ&z%d<}&l)L#mAdk`EdrKX~TBrK}HPA;Y_bB>{W09MG
z;aLi*jGhACj2OQwhG5Z|I%Qk6qgdzkD)6df{EFWpKTD_f##;gO5&CNIHpcipkAVCf
zo%tJ5L3gPi0&ho*&v&Jwb9L6Y_)>|^Q@;n^o)~{Ox>?bAI%OPQ{NVE*eF(h6G5+`M
zq5n9Yx(%ax)@a=r9gQOVZDG4(3i!us@9GIQ&-#EjFvh>-C4|2~d-q_vL5k26@MgsL
zH`9J6Xz!aXw)Ct5uR6xxgWh}eMD5*qwdG$8-o_aJz~hi#sJ#V4EdL?!cEtFHnjwBC
zX>ZtG%YP5NJu!X-z4s#R9Za+FKLp<47=P&{(7#xF2g)qJ@drph{x<#BiS`p#Q2xK0{gAd-m&AX{CnVi?(IMV*Qt-7
zMu;751mKPUB(14Q;zK$zsVC-dnWz^4c#|MWVjSpEo!WPV)$~08zXzJ6y)>Gh(2?KK
zy%J417^XDC-)M>hy^7_{P>Uo^y#N?YkVL$MIc$uzTc=#x!5V8i01E?6jFV|f4Dth=
zQsJBR9H6dEMAn7xK`wN}L=bb~K0u!h;EbYeqqaPZLiV+ed~kwNVu(FJ{TLucr?HKT
z5lD2Ojx0SHUv|=fDSI&IjK4`y9P(+j^3k7l%Jy}bdSd9^fEtj1RIY%2*C{Xcv7kx-
z<^&*PMFIV(y~4+A894)hivo~@DV4>ja~$u_3v6w_8K?&Wq@*|w8FIWk&>xa=_c~Bt
z2FM^C+Q3)WqL`*R-VO{11g<{8s0V+OY$?zN*`zg)S&sMjH5S<(s2)Vdl`sM2INs(<
zZHmSLFf{;~WDBT)k!y^){Z^Pj(
zUkv+*APLd7j@M-%`f<;LzMDKo-VACu(_m5U9dG>2Kz&cdrwJ&T(T;<5aJ;vx;i2*Y
zYa2kt;DU0!fe5yv#^9P-BP`yBN@Hv~tlhCo8hr_B)OTU}+uDEu#SH;$&Tb
zCPz9a7Xomp4^j=epG)-K!d@IVxZEc++Re#%+H(Y>9|CYk0G8cfXc`u$w;VMp-W>U0-K(=wk3X1pM5-XCg9v9j|gW
z-k$+^yw8$$M$;^+Nl%OfqWzuJ({hc^I02wj0w8nUVvcZ9AG*_csEfhBJ^^FK1*3XH
zNwm^Q;y_p}+s)D66eokd;*gi`Eqi@52vhMEEJ6>2KX&+wUBk?f>+Hrk|aR)N}9xEckjm;Ex0%_fSN>K8gP7q!)Z*)akbY_#^Wkf$DN#!><(Qlo6sW@k9euNXvbkn-8*Mibl
z1yB`YEvUHv3>rJvjZA=@ePfdtEp*)n(K_gz5P6$oI~YQ$@QPgb7G$^n4)kAro_;n4
zXzseRZ-YhBzrf2d_=~W9nSjZnp^clK_NP`I!0Q$80_w&Ki=i_jB0E)}AGByA2cIBKIJuPuG#-I?mCXoGcno%M#7e+nwCm@GV5@?{N4v
zQKZX>^H!n7aZ-L*ZMzncuas(pzr;tmGKYAd<82+}D47fD3|`L|KNs`<(TAO^ujg1F
z9tCf5jDN5Qe&`7&>w8Q@Nkg{;ycKo$&p27xNtV9>ylZ{FHe=73?5jNQq&~A8i_rXr
zxZMZ9BR&WlNd1Czzvy`1qXsyygT9-*YiY~WoDxLvWygE%W{|!I{b0az+cbdOt4?lD
z)Ge`P2C^t0|G3O>Utb5%PRIKQ?-kJUPFDbqNCc(6+5({09k1Dwn8Tg`=CK4Y1|~~K
z<)U{PeamT))di6n)$bGBz2kV)=cTfQL_cuc!UL$l8z6Y4FRb3s!u-%lzZh>+=v#b-
z@s%pX5>hdudq^z_CFw}PcStbrLSgL=X^HOyKZd|J6q^1AqQXX2rS`xQVj)kv^YE>n
zJ`85+Hx^)~cT#W0ie8~?ObYaXhUQ>)_5u2Ms*!GbZY%7k6KbHn608?I41j0=GWw;?vz
z8e{&li&8;o=M$3WtJWW|pm@z)Zw$)UoBC#?!90udTDo4_&RE$_wS54F(QoM^7cRsz
z9Pa*$lCVpMp05LAY-x2&ILe9}AfolT3K}S2nM(xGco`WrwvEj&(A^kjZ
zM@Jzy*_Tzz*JI^7Z&*lAM5WWThCUh0)jq(Fqg1)>S@)vmiStGr1$>PUl=7vSxri-U
z3vPtPn}?2$FzP$-h-WY_FzrVA<*g9f`;h&D@<~X5jxZHB=q_)gm@LU+f6&vZ#Cqi+
zeGZmx)u~Vt!C&xd`3>Za4e4XBBB0(5J-QUko<6|D{5-L)7Y$|ogUaHYSI|>{oI!LW
zhU{L^3L%~rO8!30lzhDkytO{xj?Osr_bv!|J+L~kG{@Hia0@|_2Jv6-=#3Z(cpE~=
zjSxd^BvpuE?$(3h{66v8nWDODKb9|`t<+h<_?sU$L)jlxIE_X*j!`qrw-EpIAJG57
z-!K=FnM;jc)YXeyhg1jfCIx&M6SakUshn{KsY>jLt9Las)|=}l?Sz-~bM_g8e=5|R
z8>o`*qGWC=-Kw|DO@07{+Pw~lZ3!rqO26ve;U*t$0Kns5zL*Gb=~%sw+~i+Skr@^D
zGXQ=_1f|lmdWYQPldvg}8~PD*w)mTLi+@a|YsE9Ug9xzr{nC-26Mg-P^t8;UV~8b0W59mR)M}Y#-n@n8i$gPbRl;Q
z=r{R1<6l$hU%d{YvN5_k2y4>y37Om-{YAbh=)JPf8|f8gj-PQ4||%KC5yi+n1X-pN`IX3cL7X0Z=YH|onM`BK`}E8&~phOj;o%nBdidj%=>
z%XLO)+lJBU3VJb+r}=2xXiAZ<*2%r_P3k4!T~miICH`TZyd6dHPVgR10;b|xNIvDyOc>e_aSWm+9oaENcLn`+GX2S3no0y)2m+K@yj0I3T
zf!xPunZlkcg+1R%J_qI+3*JPZZ+a45fs=eYc1&9U^5Pgvih7Zg+zc(?T97aCS=K00
z(z`jy&!DN<0^Xg8eCbJe1Dxc1@R{frz<)CllP5iiJ&m4*L!j&Y9&8imbm>TZDm5WP
z`VpUHk?UnhH{x^CZ^)2d#20ciC__3CUrL3TnNfviE%cS#%*~K4#Me@s=c^F2dBGug
zOD}Yhl)E2Mpjf-?q%ROirj63zWT$EpYEMGUAA
z#CG^QXEU}JOZ6br>!@{8Ht7Sw9OeU1JywGm+MLz`t%?2_LFk!ap6CNiEK>)*m+?U|
z;&!{_Q(G0H&Iaw-J-IQIwFBKA_U#*DBo)`mPoIO*XPy4M^D#u!JvfW8~e&
zM&=sq4P`>R)yJs3PuZqkmGK)oEmZsrIjjPfb7e;UK*RZ%9C0=@eYRiP;W==PbzD`5X`FBcu$RQYIz>t5c52~brbgZhE`avJ-PP0
z%R%wH%ibcLubFrrJB?wH3d^-;>0CoE>~W<+&*Q3kcvTkHVS9ZLl(5I6=lw3%=MN>t
zT)!yS@8IZpTsbZ5aeX>`$}yZrUgP5qxo(AH*yGXj&Kt(-#zNt>=UpZA>x9DVu-9h<
z-`OJt@15d0>w=@_ak?n%
zUHv7mIm{1xO}p@#6MJA0+GrA?!`*!{aw7&n3bP%MlR*B{U4c
z5^uCXdW$@lKnrmWChTpWL4`c7)sxZajT#wQ@;r<+4gP-ASot*IS^zaal97XIRgIp-
zsH3t-xr;0wphG^!8%Ueb?=66(dg}%}Q{4I6kGu(8_&s44@G0Mt
zd|sI9oWAozS53Mii*L`QcW;C1D%EhWu4Fv;1UFa
z?-jzmxCB{nR}uHJ=(vuT?+AiavOjnJ71
zdnbYHd3)eKLnT63cO1!S^Le~%0gq&cy(dH$CDG{Mi0}PRg%G<$Vef2QhP^gb42WcW
z|BoXK0ZOP^Ad5~Xa~6*9Q>)1wU(M?u<;ZK#`<&6ZL*U0RC*iVF2>A@xVXp#^60bcp
zdU6cy7N8+?SVQs|IEH=z*^_C#5a(_@@3}KU<>u&cnE-^n$IqfBlEWSa!}j`V(BZz%
zrVy_~+#9?^F7d%1$RX~b9rg}Oz~8PVljN|+fWr3rN6^C_x1bJtN37#<6po%pdWc&;
zm&hfIb}p~i0O-jvv`w@d!dXnpLqhl+m!9_|Q^76i(XWv>a}vn&xL0e4yU&)$Wmt}$
z$IfktyV{1m56|QA8#$8fd0ccY#Kqmh-XNfWU1%J@4j=a5-3b
zqk5*G%aI#7mU!H>(34|`yEBI6GAuHv7aJhCQ6%Rt
z#pSKIED>Ibbm{x^16{7nC0|e!K@r!#3X$S@T-pooIZ@|VNJiLW1q*xp7$WR($GEWf
z0*+{xFpY*s2?TOd(UT*l>8XShjF^2Uj}y3?#GP_@HXY2NIDe$QYaFe*3Yw6x$H`yM
z<6K0DGj1hv8TL3ehea503~}NCy}pAaa7+^7P%G?lIEJE00!NA{{J5NbZv$+d(^TPV
zCEks`09ShUfTKWb2HJXE__(7wZ&Ydxek(uLKjK}z{SAH_E|_uNg%sta_B&$QZso5R%?>bsaw%ty|LU7XW#$XtpVItwYv{A?9=
zjY6KO;z^+2kJ04yIRE-{5=eN}UXDm#?aiP@M80Oe!5&0^;3ZIJTI>}8_RV-~H?Bc<
z0FaeC%M&m!!1QqUC=
zPR-0d>=ZaPm8#n=)Tt){e(p45qK1Kr*L)QtQN$%VT%R{7q}6f97;G##oj^@Y4smhG
zS$s&s`#+OYdM7;87;FBVARbeo339Vl-i=
z{BXa7_r?6w3g$i)*IjMCRpL?7wU^?}7aKySAcP4B!DxC!H;-vrge5L?88?K4CUukM
zf`81uQvolimz=erN^cbbAC@%`abMcb5tc6W>T$OH$J_kxk)>rV>&Mc?si+Q|{o{H;EaX#uG$StAbVyn0`
zP+SJ8#NTLw-MAj*SWuT(Y%Idle5_xr^SSkC%2Jd4@P+czwYLF>)hgpQ8@(756Kiok
z+2sw5eJWREm$$I-jN--4f8YpT0`}*Vjn0OFPQK+X@$?;Gw~7n#(g&!!EVgxkbyF<%
z2;ZA<`_nBJ*CD`-1g=iSTjy6iRuWXabNq@oQ{_*Bl2KO4v_Q$7P!cT785D_Nm(8pX
z_Q^)6g(kuCvrfjwn%FqC)E1De>UMHJkgJQcF&M+$RQE7u{+6iyPQfQ}U1k?^z|wCS
zUYF}Kdl;{^Y-l=$+o%3UeB!RCV?G7FB-QHSILOx{*H#a&tsZWhI*|Cp-B9znL+TUt
zs`y1f{;xezSA*BG!y1^#IDwW){Q`%pXf9qT}ih!}L_r=zBHINMa~t^wwCV30htTW@PjO3~w6
z@BFqdyZBO;h?(G{^?6$lFs)Ce%I6Nlj@8vZ(A6kC&LtV8Kk9-6r9bM{fnWM)HeULL
z$R}r+NVN^<1NVWK22?GmXIX5lf5MGy#fOny
z--m70&T=RJ5%2@C*H`OnwjtE&aZ@jVoTk(-GsS#O{3j`Rr)D~dT9LpQV|t8>GO
z0p@m4$Bp<5vEi5kX0}`NV0C#XEOygyobPn;CK$}HYrY8z!!-Hn+FCy-$_1Nu#$1_%
zxy@~5%FxIx33Qv=&)g5nl2C7P^Za0qZ@b0qNZ;nxY_HCdc--se8;MF)$~}r7w-Jez
zs@EBj;pj*cm(>?<*kMcJrbYzl>A>G~eLR%3SGhd2BQ^;c2u_ch)f>~&S4u=Bai@e*6>VzvBq2n6oG<2QKkHG5XB
zAJbB9dwi^wi6!sOco`J8rPv0!(bH07=BqK>2l;(J#xcLWzFEv~ukXQYHHK?Gb9ZBj
zF&A9*V=QcpETJm@XBsmNFQ-!#Ta(*8iGV1BO
zI$odI8~MC{)7LhskUQ*BUq1I!{_%h*g|S}7SMi$aY?k~ERmQa}XcPiZf7UvsegWS(
zjDvXk8U&<@sqeDpA=NTlt7mLzvHnjfs1XrkjP68?R;@G+G1gBw3z+|7>(;DcIVg2U
z<@YzWety=XPtoQ~$nOz&f!yPi+6*Nho@!M0l?ulp@Z+FLfwleFG+Qj^t@e5F|$ET_D#6jjElbYlMQNe6pi0dq(;)PT;waW
z(o3MHrPIiaucNBqhK_jnOXeXQ(7)=U=-wrNJMO|v2ggeddg*4Q;${_ZI(~&4Rs1+4
z&JN=>M=V|N#|mTmL4o-OfEwtFNDwviBOgmVW=6h~GsXbdu2AY2Kwq;8V#VSFP$ljs
zA~dGGU>D-L9#rQJUpE^R1k&~2B0Wjxk!>P9Nw;JQR57(4+^^MVIG`y%j&pR4u)zfN1CtH5Hwk@dfrAOs=n2(wDQ;eA=1h|R7p=7N@
zy>g1qJf2k-dbt(QYH-vEruxQ4M%<4(=mtvwX4-+X9~foDMn-rXh>};z9mvl=&V*VP
zg!-vynYcu80Yym8!j9w(s2X<0?QGn(Hn-@QS3*S>I~~#^P%#>xMf|UZb6JULDJxCG
zxon`hjhcpYc@yKnN0yJCgf|Dy$>El-PR(MKe=$OOX}U==Od&sA`;;FN#r{{j`MBG{
zXstBu=HqT3b00PB<__03&m&Ef`muTkaVrJ&1Nyph3#N73As6hEZ7xs`YzQH!T*}ovh
zmw|JXb*8bw_XG7~EQ4>^atkpwF|Sl})}uTAD!>{ak0kf{UdxjksrP)~(r@Pzn0eXR
zT$=F(b9vp3*ZPZQO5Ln?U+<`b-RbzI04>%~__9VeBK?D08%n+Y4&~CH%3ff*$MdCF
zWG@(Ca%iTS^C%)S6#^Igkzos4FEY|X+sN?xUm{b$t($A1#kma!(eS{tK+0y#BdNaU
zt6DvZ^Yi$Z5m|N<4l29#nfUw>TR59M`e@hoe{9>aswcp>z
z{VIj~j;7_uQ0*=F)crH-hPw@Vj8ARn7T$vf-n6+B(A1Q6zZx#aN)!hne;Y{j(?t}A
zgoNhw(_PFxV*UWUeF_#XJk83-ynQ23CFXX*NM-Lk0pmYVADv-hhq_}^xjYd&(!_LK
z*iJ4DGU2WZcj8k*4lh7BQ90*?bC_)Q^HsMy;T4Uqd@znMD3VxnglgFKux#U
zBLeJ)b+8BsJ)HCWX|9>7bR_Ki%dsW}u`s+QzI_|IjTuYYx0E07@2Q9F9$=ff1wOW*
z>pgg94jiWf2Ps^97NB|(y=khW7UR6j>dFe@yAsrhh#|bN_Y($=r4x~#k6UD{_jNar
z;&?xR$^1SP#Z5_gg_5U2^7eX?`+Ui(Rcx$Eb(Ac45?!)Cc$3}K#+#iJQz^1_t53mJ
zJ*i^!Opt-O*ai@*6vIG`hz?W=7dNaF1#2&Xf8fpeI7qjNy+7&NumdS3y4Vk@0lGH#
znH%)S(6xC4H>#ML8)D(0$8jER!yOSAZ}-0{j!2-0$s(}XwK-kRl`t04mh#pXtU5
zvE0lBH6l7-!`DUeOx5jpl&`Mfd~NZusxuB$u~EX5#^O+(8K1(*%*6Wui-0PhX2QBI
zu=wk~ES-#7bDnh!#a^cYLReD`@zQJ>re+n~}dg(N$TeFdf
z6Yy!87b$|n66cb?d@8Ec4ATpXoBzV{6G6ul`Gy_|=D!jidBn|s}~epfCm?}_9$yC1LS+rWpKuo3vD
z4BVgg2zEJ=;U%_c8pybDuAjrpjE~*k=02*j%LhY6bFJR8ec=6p#zCM;ZjSzg#uHb)
zNTs}&T$s_vSQCa?MnW0;D{jrU>YRai@Rag#a!wN<@F+oLbLY-ep=j4n#^m%N{OQ`w
zpav$FsXgM%R-F>8>6MN|!H#=?I!GR%nzrJ>YCcPU=OR=P=Njay4I)-SK9C?V5Fp;K
zAPkokB)<)0?zYdudYD)tTIDTlCbCx_bn${}mL>C8U397G^v^f_@h*CZxu0qJ<6X5s
zOV!6@9>$`Zp|29koy9mvedH4cc-I9gqeZCIQ(&u}487;lFZAJhLad_{?QrAFfd9x
zXr2~vERuGxj|`0dY=UsdB)7x5KM)*3FOusxL#Cr%sr(bJ!LuzJznDuso*^U-k*bS~
zYqLY7YCDL<5UDxzp8D>@?Ucf=p^8T}!ccB+g
zzo_LNT&s~(e8S&ay@&JX_?J=7JP_M_*)d$rMOq0Q4+g^PeH1@s>~;K`o21}~w2
z+TUW!pqxKlJKD$ojP?qJsv{?WvqtA}0K=kC;{AOIJk`Z8R{MG-avg-l#~hDjrWVB#^O2ABM{fo1u2JecP#s-t4M!FX
zw?t)KR`ff#s+dyC@H&2LKpwO@V_v2Qs1Z?tLjN;WA*I>7F_f4H&RN4uD<6d-{&eju
zP{p7f#VVDmpf846i$QhH!9g;QBe5Zzw|A!NvWIY^dQ$9HEW>;Y&NHpjSj~GF)QIRn
zBv#@^A~ARg);qw>`k^Kg??@CF2@lhR5((4Q@W&v3rZn=$Ag15&cZ&2I_@+*`Ss0U)
zKuKf*n3kw8OW7z+V9}J#OjN=mOY?GM4ny#2QXay9u(&{97NfN
zGE^bz^1+xGX$ynb)6ojlh=@@~FFdB|0*ccQ2hs5`brciz{=Hfqi}N6>qbM-j@t{UT
zj5?fZeC`8^a~lpaLf{BRMhG0_h}Mr#6l5^M5dzt`F(U**R53NuJAH!l4}(oM9TkLk
z=wB5_B+#15$Of>{;zh2L^GLk;g|R`4c3SN{(rChbv;1`JGEjrDL0mby%69mV@tTArj|m{FG*;7EgBlSXsA+qti`9L>5PUiT&W7)e%lX+cvCy?&gDPD+vg5jTEzyQ^
z{F9aQhodrY(=CtaN5Y2ctr~Yd)&kwf)W!3vm2@gI@6mbeRMJK{>rQZ0=6yPg-4=FC
za}K-=HTN3=%$)PV2e^O0NTB-WygCR15BmIQ&h~96QxEwHwpFYAtEVCjHvUHhMl3It
zLbya8HAq65fMOD2+FraemeBUrePxWP;H0<8z8+Ru3h8@Gjg^oa^3%0Xf+{T~`;d~q
zv=8Df&3DSDNiEpnM!HOYZf{ZnflRpR(Ctm?ZU`_9AETyxo|JBTbSnQYv^Vo@kQG6Y
zhb3X?84m?%*j>LliW(3eI-~E0?E58{f?C)c&rq#2x)k!$wbMHIeaqK$6Tk1s2f8V*
z=?>=JjAn4(-`tzgOv+B((DW?_sqE5Y@zE>4{v)CE<|
zc#po_Rmh|Jf!c0mO9I)aeOZoL#2q&Tb}y*wEw(to{#Xxt7y6%>9pOLrnK;c2u-uI{
zE^jKcxRpZ6-^oQby}cY;dd650xNeM=4kt%U=3)LQ?C~|}eD0Eaht)qQ(7ze_W&D<~
z6RsJ*o#75*@WJ@4%I#zBF~E8VHRlO1CtHoN;pnS=jEyDW(^dhy57d9YGpRc|2>no9
zY(cYWh;SzanvH|;>c|Y$lgNrM9Mv7I7pnQ
zf)#i;Zb+|sQtTdVPyY+fciTa4%)=#@A#l+F5BCgpp}1v_Ls4x5PSo}#`UH_U3e-A9
zb%{!urkni-_Jgb`y3=$!Q*_bcX>}VGz=V{u3L%Uf{Ey)+
za%`A!W$^#Vo>9ahd%P6_2?r<
zuEk^PGSlwH(6<0Bfpa#=?<4zfKFnDIOY8vRGyLn1AOcHp*brEPH>!Yj{3l2`xm|3A
zEJpzS-b1%7tv2sXaK%PxwH?e*f+2j>8Y3aVyW?L*;j%w?NXD%y_~$yz|KiG-goEVp
z1JB0i@JLF1H`Gzb;k*$4GNM(%(~vt2SI$}-0y#C3kgHx(>I$5%#lMUoRe(W(x&>Fx
z%Qy%;7VnL5@!nXn3h7ZJDY_V;eu(ov{L3g@b~g`?;{fB2g7L?6gYmPwT2p_4h$HpO
zRb)-I_5?N15D}&D
z7yGCj{sP}=KxgS>SaN$OQ;cJc&Ps^FE1=)M9y<@>28|T%F_XDocQN9RZJCO_=(owe~E7-`8z_6%=3<*Mnsnr0(AWj+KSM+n#
z$v8h}l@$fbP6IU}@>I46_3}JWoJ(<#OgaQ*s+g#6F_^m#=k-=czd*<1phiRtI3zXx|2Eo}WigB^{q{&~3aEO4`~Y**Zwk
zqka_FtCxYodYNk)N*p-N%~2f$3;wOmkaY1rc;KRkv#qPF_zm@m98B
zAln*LDS!UJ0-pfhgl^55=+-Q@=s^K`CD78XVG3kgdMJ3NTXTUsh{}R)&4q3sbC225
zH)Pn;EWrApZpYSr-%lM&hPq7w85YHDL6
zy8#OM)3s|8WjTSpNM#Pmvz_=}|Fsgx1NoI_{|BR!Q4P$Td1X1@Tg@!DJ$U%B(yizj
zms_DMBZFYJA(&u-_DlUCKn*OYX8_99N8-69kk8p9whLJM5~GQ()-V0h;`PSI5gkK<
zigl{FrYY9IEXTi58{*&z6eX>Z^n6{RTgu)w}KiGc`Ew=k$(^rXD1GU#~AX#HbrU}0N$8C2ytD*2`c
zymo39;uQ_Z>~C$V%jiI6MZ8S%Zz~#AHrD&4eUsPAyr($Ryz}{OUL)h>
zF-G_=yx&?Vakk+Qqy;{1nM%uWS`ud*UWU_S&$CPzgKVy~dI;wi@h_uz*+o2DgM%u#
z9_HDNE9X-j0+nhc!B3-!Jb?4>_?Ho+3XboK2=@oPF%AM}5s1qgVsFPBS%2_b+pHNG
zSYQ~a5s_zGm{p7QHd`1g`NLzpF%C>%+5cswkMiWzWwd?9N+0KSHdcd`I-pZ^E0j2o
z;UID3ynif?BN@UARp?RT{1*OYM5}^VkOzBlDkW(WGDO`ee7;$!w0GuFn=aCuN
zxOLj%5LnI>thP=oMn{b#{{H#!$T$zhzl;)P1vsdJnlR>;aOKRyAy5z(PYPUh6jp%6
zc{ToJM5~n#L2=rZnHS;4*@T0LvX37pO8D=Xti2282kz_x2^gWTRzO=)P@{4b3%BNz
z)j6X7dS5?w@5<-uh7&(E`pG`ck}ROR$tgxFSx8gn%RzO#@sh=emkIcq;5
z0dF-dQr=miRIcpd*6gb4b-Rtn`!*5n7AWuRkSx6cYgYAo+49k{$giCwX>BO~Z4?Z*
z=G`h#3(ke7c?QvUcH9X_%{Z^OH8bW|-9f0mB2UNK15wWg#c6^=
zpiC7Lm4oJB0L~}W(=h_nh=@_gmJ^kl1d1~Q2hqV{hAJlNk?--O2D(5vU
zb>~g+3A?J=&094`c@smjMuA&%Q&qdUi3P8t&YnB9oK;xp%_Q>E4e%_7SFwd_YdMAYDzSe
z_9Rd@52+7uUSb>d7J-`2L5+wQ3+LTXa{v^TG$c+(oDB#s$_c5q;O~38t_`|?8lgOG
z(39BrdWF85Cp7x5;YtXZ`ngp9j%U-H!T1)LNSJy&oxH(y=9C6
zFCaf%I~m3?Mk56ni7c89z&Wbk;{uBhw9|lXHO5Ne&4}9&*G#4F0V@z|g
zhW;JWHv)Iw>qh#AK>G84mu?&y>PzR`{VmpuD+)C-?h&sj-HIn9Uh`1VBdEV@?o>9H
zVReV$g|=Nr|0anWW7i7QAa*En6E1vMscs;qxHFreTfkp`emg~)tT56Ei%;V^n`^%w
zjf;n^&Q1mlopV8r(+TTv4cW6nooKQ10_>(bSYz4r&|s#9^8wjhpmqmP|LinzpA^Wx
zQb!iA5&VG1{h)5KSoFT-hbQ906XRsUIpp>a!r^kdB|v@ostM<@AP@E@%8oR$AGy+>
z;KR6q3()?5Y!;1mYUbwr!tTW$vxKWtbM&e%uNjr6*y!8_g*jYd-}}@oo&>}98g4;T
zEhuLcRtE9*x;cIsQ@!r9kgt76H>~XFedo%4^-j(7Ui&NnvpDiIf$VcLxeyesiFS_b
z3TKVL3K=h&NL2@3ekZ6wzDY@yVt$9)KPYRG(mUOBF6HRfY^j#wvIlZ0ZoVxpJqC@!
z47-@%9#^)*bZf4uK6VYLw*r`RJk}-j9&qg&jMrA1I6i2Ww{>f3t9xvx0!jVDZX**k
zdSt5Cg|C7mQn!KW5N)XL@d>Ey7A(hNmTq(NTzG#~j|fxEZ56z0+@_{3uc
zxYjoVo)t3-xfb;sh|vj8n&gCnqIx(!IdDwI*UWXhm_jtu^o{4b!%q5x1p-41u6vy^
z3JOlfK^!Ih)DUUk$GZiLNOv~FN4W)D^mvFg!4nK)h%~kw)
zxj^XAZUb2Ww3u=1ghf6tM}XJtFe%s>q+mCw5k?5Hi!_pRG}21W6_GMI4~q21nLXpk
zD7n~P9hoegk&!ua_S878!0$D3lm7srw+&^MEjSn_l-q2dEq0i1a=nq;*V;*q;|l*?
znw#7g$o-F*SR&%`)3sCLp+>Et)I|X`&ff}cGz8c337`%N>@_cX(JZ$1IJ;1N4gE!XR
z=N#cX-*MdF!Ta1v-Uj5oR(?Pre_tJWHI5rbcpo{*?}9Vi;xW9GpRWC-4&FL!r&kaj
zH>L2N#45@a=*K;1;(J$+H=lwUmp<$8pLBYf(qSF`Q;w{I960=^&AuLV_`g||zQeDD
zLgVM2HQT7u;io@j!cBDe&pB}p|8xua#3n6A9R5xxaQL@az}Y@PT9sW+oWmc-4LZEb
zo#fCM%oW^g!u&cI3p@jAkk**fzud775am#u{uNH5(|-$cDQ?sjqaL4(fcIJ*LOs9Q
z?13y!zd0P;MgWb|zs{-S^shG?SBcY)(o>4l-{izQ{qr9%F+MsWg%3FOoIWEYWq2^w
zK*#mC&P?|dC;2bjZ2zy(l81>3{&el_V-wQtJN_w7S5t%G_?sh5lL0f1{{*Lw<3G_S
zSjWH6PdFWal=cwEztV|0{xzVAG;<;bsYbhzA233AIBYAywOhbPQ>b!
z+f9-_Hz`7r{)$f$oPVRmr=X1)?R4Tq2RXs=mJ2=wBD4YU=HGc|WLuwai$Z>(svu@+VtO1o{Tx1M%R%w7D_o
zm(4Zsv&UonV`Z-hWV?eJ1cb=<*gqV_ID9n9W~!5F=7bkRn5*nh0QT3LOz0B=4NDR=
z*o@Uq7vJ?}a~1zffEvEV$le)bP32Jup}1M>O{BumD#d}Znws&^xbYQ
z6dJetjh2OC>2|kTP@>!YR>!&BhBjI6+hiHHdr${%caQ~~;{(L){;cENZZ>x_I293C
zy~(8W#lYqEnh=-Hn9F@wOD|2DesQ^v=tP%00&*$t5?hLTM430@a(C!hKYIhI02-J3
zw65cFpV4-91^w(N2o;z6oQ`+7c{iFEADfW64|F}3%Lqvk?yo{jRQ72|^NF}P?rNi<
zVc4k9wM`}_q}g}3)w+YJc5t^FhGAWQ2pf01LDzA&H9o<*+e`gK)7?G+S>tZ6*D-gy
zA5?L-TXf9bHfO4(pS@Mrakn@7X0ZKiZg0^S5x?~+lblDaL3HiW@yQ8X>vG-66jk)A
zxw*zXpwwa<#H-TPsbWe#(-rT3;N0Hom0mq`>)LBUjZh2~R~1~@8?$%3xd#W)!ABIT
zn5gDYyXqaBCuW(r6$NqI18PLXsN*Me!@dW_`3(or!N*yun5Ye1T~#m%Gg|d@v;s9E
zV$hMz-3JDP^3tUytQqEn_?Aw#*?K+_$GKVK$ouH_LAE|I6kl{h*ko(DpNp6mmf_QA
zpJ21KA}(83{c^bp>3W;EFQLbDM<$ud=+^vP)vM?VgYr9^rpiw?wb8BFUxiP3)iA$+
z92-|aI)f?&WTtLq24cTg^_VHp?(liDwTypQMHzvWMEUrBLAZ8*j
ziu4B28H|IdxrS)ZHtiiUkx*}3j0nkKNb7Wcs~{7Bi5KsTV1}H^J@p~)c2;<6Qvygn#E_9Xq;E~
zn28cU5tHA)$tD*lJ*#_c0IA*LWf(_er6&KW5Mr9o-7)4~VB&*075VAfVNY!DOY
zoPxQGk0gR@6koUe{sA8oT3KAB)~T7;>toCH^I_sFOmEp|xicw|&z(G4oMVzPB(Uxy
zNQSZQH64w0_FHRivDUoGT61e)%^rMVo7TI%Ej_QlOkz
z?I^PxD?6EwaWAayC=(qk$C#3HUUm5#yb0!=?(Kb^C1ZQ_#D(*aajT{O!r8O(d5w^(
zRUUP_HMg3Kd;&LU
zvH#NM+|UGhsq(qK$@vyKK7clv=0g`1afcIua=(+?&oo*;3ZUHC#Auyc!VO1g36s)!
zjkpgAQ(At-xfoa+m%`U_IXxo1;A#h#$jb6-@2UICQZWZqC!-h&wX0Ht~O!fX}Jw^
zI$+IZ4zRqNsfU%#B}2=PWQN0Hrq+!XPe2Ei&#hfcPbb%uP+(66*0tD3fc=~h$i0R0k
zwUa7JnMH_fb9%9)ir(gyZ+P;ml-td`S!GOdT_9gcdAiM{fgM={Am5QWo;0u@Rdc4f
zlpE4)x00;_$+N(2K4-p4D(m3CVp70u#x_vwMjWI~U{@)wO`uSx(_Hl&&KG8w$oRfU
z*X{&0BJwbKF|o7uIqCq;?Jagz5d5F<*aB|glyWQrZi++DF2)5+c&mS0H4yx_zN#DW
zNKhjp&wz=Y*CeD)1ocvjJu(P*c|11%0%YJki|G(xHUX2hr4T#Zg+tk&{Vrxz`CEY<
zV6i0u_LTtptefX!J&zl`gviT&3s=A5;@vMzw2uo!yUnnDi#NcA^Upd4UdX-P$$btY
zD8*TMNCocOnEPnXf3SC&yUB@|`-Lj|9{`VnmQ7Z7uRwS8zv{jy&~0>G64Mp-9)Pm2
zmyKiolSt|!tFud>^I7Obxt^um#88UA(uZ=<+TD|}znP;_Efy5{>Ds}-_Tf6^$OC(xslL`{mSd0N
z|F+oqv{}UbXKXOYUo53(QqFuI!n|7o^pQr*Of_ar3w+!Rz>otsYt>?b&Wk|Lkl)Nr
zr&QeFO|V7e^rH$jrU?XIgn+y))?$<{A_iq>{2ZKgk{X2wJ3Mu73_saP4{Ypa_D$=T
z)F*9G=BV7RY5g0|&DFqQI|o9O%9IN_-UdsA#(?1n7Re>T1JvV1il?A4txsA$Zc>v(
zLHEW^K3-?yjR|d3E(z&bRyd=P;XsNiGP~CSVi3l7Fw&7udPMHr+-#i_9+ZFO;Kqz?
zHrQUg;+!PaMMB8Uh*R7<4R6UNCS+7@f6>q|J_22VYh($q3}ciRe@lKoqmdAa#(`#}
zVo_$yL`>sYNtq6S}a%eF9CQzWrfBHuSvYh+G>vD*YVF_tlCvCR_6QRa2YV4K%%gV+Ji
z*tIK@veur(lE_jiKwz=}b%@#dKPIy~+ENr~?&Q=-ZrQnKX^^P9v&79tH?fF!38F2U
zOtiZuTFM65t&_49#oD?*3L?INt6zHv`Ez{V8r)maKO&D=XtkBLX0
zrZ5I&`=)7@GJIMQU+!(Z`jf`WTPJ6aFw!ii1Jd-QJiO!PAUp;Q1;*L(BiVyJ+Wj17Y{tizEi~j-
zxkLcdx{1nJ;pW&%Ix%3`5<+GWHokz2FF&TH;sHuxxgZ(ujo55}p1HZkHB<)TlBfjL
zQw(oWX7|QMEt4@->rrCeX~Jdkx6v}$F}(#!R~amPOnjc3z>Z~sp^_Ovp_fou{qgN$
zVpL)Vm=&Lv-f1jXv*QbhQghBjtu*Be<9Y_nQ09eDQwOB64T<@y<4jw^0(U$df|}n+
z#W`E-oM&B-UV$>aG@Lj*wEgI6gxXJpK|R
zN88hR;yr#8kp9`3k
z>&vDX*+);hD$x${t^H~BW3*n|l6`uj7)|RJ`qhD$Eg=bZKO^8uGUElSjDyBDLAly*
zrxuC7UZedK825Lk?vAYIhU9qxlEvn1ov59W5+mZ(dEEy^Dpr`*1uEH;(`(R8odYeg
zMiT2!XesV-Ed`7FdG&%}HlMHK@)=1t*}C3nsMDQN>H?!9&`d*^0(haOV`VA7h;g*l
z)Fk}k1Z}4BU1DPstLzvY`l&-aAc=l-4NN9wHv=n4_}8Fc25I)3XuivR8$s%PEj^$s
zpvVM$rKV3d_257C4B%(}Rk{x%@7L$65s+_mMz(1xjeL!dk>Y%99YgpXidr9KB7;p&
zw3J&2vD{u?Cknf?`&(Nx*6YF@2C*lv$D1EUu$}XC3aS+={d@`91>E6fwSyO+24v
z=`M@#OJ(3W?gnE-?x>)%Zhh1}8a~br5wIzvHXR&lx=#ubyZH-cyl}rLFb>c(P7lDo
zeoFv#_@V~Aqc)kj=#VtYoRpWXBk1cq#KJ9=iAo<%Fxo(AC7Yr@^@uIyN&h!!(Xh!B`*+tsSeW^
zFJQkMV@sS^OdwKB+?8&Sy-|BxA754u@-S}
zES}cX%shM^A47u9a6eCsp{0J2;B~sfpAh?HofstgnXl?_86u^={uesF7fXnV(f_SQ
z8V}}ockxm)=zc?Fbnc6z_@4QDpJodV!~UTT4QpaZ@i9{#`;qI?j$%IiC;u9b;{g4a
z?Z{HgLBDi}X1rSikB0RGeX5ih%r}DCMeOt&I2>>NE)+AkJ0vvrWd9HkN1qpTHSuf`
z5tXqSf(XbA`!7M8oDCTGh7I`m0f%8(|NBoJ<|sRjVcGw`W{KjbdSY`${!CDqqba&`
zCd@N4N-06ikVIAmlVzAEG7~oS=ZO3XCQMlSb3mE?ybLr|vhe@zGZvnNHis32u^hVhsMirL23-y#^FplmVGEdv5H
zkkBeNo6Ub>>Ic&Cb6&+kSW+uYCYLY=O<^@NJ#FncF35#;F^k*c*gjAMkSQ-F
zLrVjO1RXz|!JJXNDg7eQ(Vv0pWHK$GR+Pn;B$+pg&qEuTF8-`c*Z6W^8ia1~vsT@0
zN+n^K5ekOVHm>xxJtda5^!km0Nn5WV0g`BAJ@ohJHjpWt(CHh@n?NPAsh>Y>*FWCM
znEH<|52ldwH~f;ZWplsP&!
zZ}@-C3MIyqRds6o%)+$9@=G%-HJw9kQ#}`DGE0w%HFQ{H*q<$#5u-Adm=Q8FIkV!!
z?Stu)`2kmoPpt4P
z@Mj#%OpzV8n(RIiNmUC2Nm~WjbvntPGsJWdXCW{Z6mwukc!_DuPv(g>Tgvhm8^YMR
z9>1fGO_AcJ4iFM8cuIU`;5+d6Nt;s>=Q38tTPNP%uBtnca+#9$^w!$}skL@OYVD*6VC(GwXl=jy_51(UUVEMM
zo+*GGzCQn3o`;-s-nHJn*WP>Wwbx#I?X_Y%CZaySODo`E;)%w4>)WHcg&ly1&c6#y
z^&4Dz1l2b^gfF;9dSlg2+fTcrg_|*A?uZnBM_h4SScEO^j4I%UEPj(sKEf2DKXAQw
z1sY%jVbk+_7$&O~-au}qh^gkiar?0ma21b?3UHNY-yc(_)cAoI#aYzad!YKMxn_@k
zH)b53STZU08Z|GXo3Jg1bH!g&*!Ws5;qo&-+oI
zC5EjxT%4}gx*z=)ACB3^ek{gX^YOSr;*L&b!Qn1u`%R?#%&_vvsmy;MTACfWm~nm3
zf^~ZF7=9v|dFLS>v`AB|dFNjf3TI-GOcIk^CikcGH8ZaEwNFO}*32e;=`-3@22qxs
zhxKKH6}9g~tT+ZY`usowIWi#-d_+sP^_68rtvd0$A-3meOQjKP!AW9<`7Bt7Ig0!2
z@yO=n-veNFHp+}(7@K5pBODlCP!bH$BSw7DyutPt-qr~26G?0_{V}$fftW6d+F}mb
zKF4`}v=a<7L|GxZ#YGt<-s+<2Ae&tx0t~eCk&uxYY<`IVB2`(?lgi@&Ai9JMc#N9B
zHkdeb&ezdT(Ovt95#NaEGMzr(j9MK)j_mgn4J~52i8ryt2)v`d>CGb)Z&P7pUc;XD
zSx3HYts~Dw%$VOXc9Lg}o#eaG4gqNqLI1rd#b&wsKL3ufldvTvGgIuTrjMDPAF6=_
zPmD#?Z%>KtBjA={Y$rd8R&GYaF9n`YSPrD$ew<(@c_GFs!fMY?VxF)iCC26g;+WW<
z+1jJJ$nX}GSk8&Hbile2v;By*sB&#D#Y_V^EE|k_D_SOURRLz^wCPHj)og9ic`l2~
zN$}fcMh7`%IFE%oA55_|C2Gm|rGCfchUEktJ8QIWVG+}b?-A4cU#2`=2-t4Ilb&}W
zzlltL#``U3QVmiyZL7fk&bNZ$5nEAWdr4@p*k|H^e~yX5I|F-FF{a{rc)HLyH2c_7Aaf=5d-
z`$Tl}&QeS?1DGiMkC_vg$V7J*yH7D3#I=u%ylAGIz6jezoXI2JZXv|VMlx!%Fr6eK
zhwCqkw{Ae!i7J1L5p`ejF*R%#{*8OI(<}VjEGEA)7E`;UN-Qujo-5k4>Iey_kx7U%
zUg(m+Aeb-w+kb2QiMp`pUVD;X0b{x*`#C`L02nH?OD%g(6}^)yN_1vX69WtqyxkWE
z7Q0_jD*?YL?km1UDcV~zBKv!cE#uDgbC@N9O%(QRX5HChR)A5$-*Ah2k#5iDMr{J~
z)ZjGVZ}?bXxf~U9sg1g4hZVvL^R|fEM?Gx_GWwAvjb5c>8#PY~6ScWr(2reY*i^2mV
z`wtbEme=5x;-A>Q&CHu)S&WC>7#{rS{4mmIS4DRP%%WFYo;5?n52D^FW(fFQRjaOz
zr$PbOnHhj>N}InwMvO@Ajv_*p54y!6#cJX##<)9f01+b)jN5NX@wuUJM?|)XF)b5s
zlo*(Z#WjAqrIMSXHU!usbY}%WlvuuuDPN2c5o#I6Dpf~}3SsA1XVfyYUgkIaR3aPz
zB-!rW>>oW2favqkh_gZPB#G>A#YZKksX7*$BW*C_7iSXL5^HdP%e&YzZc##HLkK?=
zJ^B()j4uDcMt3RU*vg`63J)Y4R{S~%Kicj$JMD;?j^LbPc^_S)M#Y`cEy-=M_KCMg
zbZel)dZEPojSuItVOVJwwZy$E*0|y`UZ4_LV@HhG71c$2-OFrXEf~gtr3(=JQq)xt
z*gS&lkP>-@a^;zEO0lCU18}EN3i-Pn+ruFxjy3%U?=h|^mM%Y>yZ$|@W*SO#2w5q<
zTa`e#PrO&ZV=}WPBPx$%jeoyypJB}i@J%tK>9!j;)=-r+V~=i~P^tK$_&Gw{LiQ?-
z8B6v{@z24i^tn$U5vKRA&>zw=P>(S~d^oyI!6Vrqd?dy+alg2X;5hH2zCHdw+xKMq
z0*bin{zbda44B>ce=JH4YVcd%;*B1D5!z=hNr?8KYBb(fi_8AVPAuZCVye{9Vs{lk
zugfC#iMTF{orMnps+}&fk1ZWZOaPyZJIVZ%5@<+Z&y_^yiqFJs=pV*zD&FHQV&5>O
zL^t{3tHKlFpiGFE`53imM2%AZZcOx3QEBY+P(h8Gb0Qnp&-$9flU`PH_Db=yo6N_5
z$Ef=^@1N6m%~G}vR?N`fsvOY
z>%c$)(BDgk;-CzRyy~;9*m7gQ@dg$isjv7ZKhFzmO!3V~VX&`icbPFqcVX^78ApqB
z)_?lU5nqc=Su^XtZp{l=re<$kr7^aTCEWv
zkiAOSUE`TpQve_$HNKNzR(LkXh`B<-M
zi5*lnrtm(QceHFsi5eAtrr%*y_&H1h>~v!FXq3j-FB(Gu570}1@Wy5^Vme?0haR86
ztPyeWf+mdI4ABOHjLkVQb^@RChylji38r`BlFNu)kobYX|IW$A-vC>j@jp=C-L$Yv#u&#dNhMR8g+Om1=)~)sS
zb6P{)&br$oh4It#eWz>NS}t(4ypupuefzE9Sh8-NJ7@KrS<^Od*xY^Vw9d`lLb|0h
z@%?q}H+6SP38<#NbM4ytgc9Z{ujNLb;4mAKtmOy=%mX&Fwq5*VnFJ
zvu$;F+ZsUX*5lUIh_3KP{BCcL{#w_5OSk>Gt$oe9_H6*UaPUT_t`2Y6vJpRVgKFc3
zO*}Fv(f}+b#)N@fXjgd6+P6hZ?P?E4e{64G8{Wd@f`FUWbZuA*>}?x1cP4ofUb~jD
z)@%jUl(miNB8En;SF0h%ad^T){X7lC0xjwjh$Q2HcJ+dLX;|7
z&xUaOHg3~u##_y0`35BxXhusH^?-O*u23{|Y{3at
zuer&VzIF$50Y7fPb#41rra#(~n22b8#|9n?%vxVX{DR?TKp^W!aEs`0Ke&@I75RnCrrUl62@abSm?c
zJiz$jJBVw%se8l5Fn}iT+zueEX7e(wBIkr*+2=h980~V=v#s8#ZxsQN-%i9b30_DMj3}EduD;*~J6S9DxUD
zBz|nRFd6=7N(q4SMBa?BC4^B&`S!T8s7**9%EW7f`r6Z|VRS#0dKE%|fJ3;s&Hr2mm!5XU
zG4Vv%cyo?|1_2t?Potx6GPunT9&O(YfuMBfW@Jt=h2{s)l|$qnrh-n&_6jN2E1(Rw
zpv~RVMg{j$10L0OP<9*D0+3rrbLy#~gK8ViBW@Z$=Fd9H;14&a&h5J3S7-C9^>Bm4
z2TJD;)W9F8m_OocNw0HnMJ-QV5P@^JB+$)hzSRwoGeo6L
z{WN}%ruI{P3srjS`zdRP#thJ?R?29lKr6L+|3rCA%^6Au<8^pfs1rU29rOmL-l*5kIOx-+z$YW89^M$Ee~t${Qs2N0c!H!HZVkOLN?1
z-ZAqwIv_vfjsbHNc+XHK{ug=AFp_kQn}L3*I|1^Wcv$k516)s~9Yohs&J1u(1Jx{t
zm}#Pd0m?f-BYT-)GQs93*Leq;yN~kG%!I#1m>ok5DwZ#9R-1@we#SD}!zKYZoy2?rVKI)I-$7IH
zfk992G)(^s3e2W?%MI_M6fitk&~2kE41PD|c2YW~LIIlDM%5iO3Ej}gb2UfI{4l@%2d6n0h0kML+Jn&_n0}2*;2y&TS;l1G#2j!
z`h8D|z%w_@xeFDHu2)CKNxWaizZ$uJ(hj+|)h(fn@sd*^S~|+HE{{1?5sg5J3#3NXaYZKqjdg=DVs+UWs^HY
zmWqz^t3+PIMB@U{Yn^oNs@@o3f$21+nLJ4MRy$rrX1t(KfWh6HC~YR?R#Bjv8X9<2
zIYFZ_`5^#Q`P8oQ&q?@L8Fsb0#%FuJ>8#sYm5eT(YI%aJj74D`f9WxavtiYeBfaTH$TDR{ML|B
zlpL?sj52<5Jx(8$w_^DPVb_DOHYSW;f*4?Bz+FJoSF*Zg3R+25;8|dSEcn;qd(bXw
z-0q4McmQ%I6{v)NDwf<%uMd;640=;HisX{;R+aX4Tco#h(c6ubb1$X2H-;~vGPlgM
z+AMIFnmW)CJb};=qup!J3Ary(z^%jL;dYvpg4ctPo8$4KZPtdekeeP|L`R44Rtq$V
zE`AMbM*UfE#wgYk3JqIi5AhsKJI0Dd&I-!n<#azy-cOZ-Gpy*C;a6%y>w=&~=o)o|)2UsV!7-FZYM(d~P)Kv`FXYdSB-L
z%=jRUa#y#Z#Z}x_8-)E@lppwwXSD?+My;RVng4{4^2bFfx
zB-Au=C2wx>8;P1I?GvK8^ogYJ!A=E@>LeC{j`WM;Ov$IRRWt>!f_F>3M#_Xhc5ey0
z`Cu_1Lhh98Gu1m&3rt5jp?<MUmhHaA18osV-`c(3ymy12)P?*Iy_=oOXGSx`WW
zK|m0KgO^Lz?RlvUIn_l55Gpr_nC?6=@R9AE#20Wn_qK~7Gx#$!MC07s+Nch*!z-o5
z&Z2Dd9*-5j=<19JQ#Pxd<1ngqJSV*Sg$=O&77h5gU|ct5NWJBRao1Ar7b)-pUb_WN
zxeTvuq=iRO`RF04>7nu-ng$+#HVhd%9&7^b6Oyrq)!q^;!Yq0B^J0<)fbIK<1!TFm
zM`Tt7rX%kGu;{l?k+ZxAtXD`yt1j@P`g(NHF-mVFsJY|!foBQ~E4f~s5r!@{MGfc?
z3_nP)!Zt!e0qds>h17tydOd{LlnSGqy4{#l*F{7QjSsowSdw_(0=iX7p-eP>#XC*o
zd6Quz3hPt*Sa~-}0JJtn?x5U9C>z4Rk4kKBOvd)c5ar!rv=3)2){?JKL6{fp@sSc*1JC(GWCeF6wk*0X)u37sFs_w%(3khoMLm??LwUQYWIGVibkxUhLv}>!
z%kVy=4J~oED8E3qW_m}sBD*EoNQ=3N5Sy701ASB!Z2>PFrbMIoaSIOf@@Nz|2=0AU
z0`9|@68_ss3(YkHdqSgCqFdsBm3ZqT^v3s(4AXY#nHg^G9$xf|+_y!@h7fXd;|O2=
zWy~@V4z;TgT6`{cbVa?WALfXwDB~-<-*$i5mfwiXZvpY>3KxE}t#z*}Kn4B|V#$!J$Q~@?{
zE-Ipm=6;$qNVEHCE;EGt2LuC6V&eEv)Wk9Q-G2ci1yt7Z=h#S*kMRJHq|(Lhcd6PXQKaV&{N;lb;ry
z{d+WZ%#PYVW*ghbtmuPT=E2PCX*QS@qJa%4f&`_Ij#1hQ$~^{wSZNfnN?vbwP6Q}nlWb0Xp#c>-Q$|6ZyfCv6>@1g~94OauW}&UHvlO|7
zZ8Wl~umD&A$~%PsRvD(qWy?mwS;f>=DFLf-g;P_At@;_7T~0af
z+xlUA8htL~(=pk|VL@YkZg}gHX}{n4)NZU#cJ^88Q~UW^pW=Gu24j7iDAp&n^+l{t
zQClBdpE|_)bX6F}r+PEzjb$a?_>|*b1r`|X?!dtnTcGA)#Cbai^Gb%5#XfnNtCdny@%dIS7kf6E)-Om>z0q
zf`tl)k3DpC6WxGsF#k0+(Ixl>vwU+CEycHS2Ja%lo6&?b@D3W?LvtdfENY_5@vNeU
zX0x5m4MDSEgMu4sg0X;2h26(NZP5@-9FS=T50nY=ZAzh0DIMpELYl>o_=_>V@s~;Z
zgw;+1G6y>hGVk-3$qM2s4bDV&yC;WlFwjlF2^RoHiK_B_pXK{r>-#>*_uY>_-uK*J
z=49Vd(-qXK3^w&0ue`(O=>N6@U_AWQ4EI7;Da~8EU
zv3+(SI=u=uLH_W}fgp~6xZEIA`!W0pi202z1{+s{Fg)`aB0rbkZKj|3Id4JuIrn=I
z_-vx(=R7j}Tz=zp*FNVn3w|!Yaeix`voV#Q%Wv!o>~kJielEXp{Ahmfrz*4$RO1M2
zI{r_<{~G+S!2c@zpNRiBVEYzctUiIK_=vRB)PR=8*C;LC_gCwIROSDrd!`!a`h%ty
z;(LdG$Mw*Ye6(3&oZQNt1?-U3i_Tn0HG}BaBJ3Zq5MsktH%KG<(DU%l!x^MGrwG-_
z9&nuL$iUCV!R18({z@!|U_);k7;P(+;FHe<=byklfJYsUOUiIG=v2c<(#I#nCC)VV
zkbwyrd(4c`A-JvW2vhMBFv7#_F3^M$ZZQO4?&gO0_?dwL*c&^XT=pqVGY+%wR;SUk
z*#Wwwhc4?8UsZvARH45IbV(0gYN6@Ill6c?UmOuQErk+}_tKrG6>xU|fI{(LWx#I}
z0iJoIXk1VnR8NQW4FSwe1Q1k>bms;I91R5eono%TGc9_j0-ofeE*1d$>wZrGpGISf
zz56KWEGnepdno92I%$H(C0|`(X?Y|&0LCagNppIr3>#Jmn1*f)a|dKi9c3LNx78_$
zHqNto8r>Ho6uG8xlNGR^w4YoR7dRY;U_a^?
zPvxK?@>+#H;<3MOBb*fmap>Jt;M8&vg7iy8+M9-2PQ!1@Uqr@u?doBQ=u@PlIq+VF
ztHgNt3^*f&Om_PIqayqV`$fY&wqJNS-H<_dL@_#%W$kdq|;=
zr8B)v@D1+}HWBzSg+FQG@Gem}b6VO&Tl&Kofg-fG6w_yHqo3eeiqa1Pf@cZF-q1nH
z3zGx?g;m@ayxQX_j_`rrI#eUmQ(UVWo}_D8d_J0B5o-ei#O5P@HozfKYT?
z@lyL)BtM~`
zUqH-(2zaH4*v>R>R!_53JcyFZUS;bgoUjE$%HF6L{<7ue_bKQpOrQK$X<84B$He$J
zirDS1-CH}~aAZ3N>EFt%JxP0;|Rl&y!a;8aeq{}8N&PPKmJjM>e
z4qaCuE1h8MRg9m5qS5dTv;tT9;xUE3$HjC%!^BQKA{FGCW#yP6d=LG|2RfN5;c`uH
zji|RoejLSnUI}HLVS$hjm+e8y?SzfqVU-%hb$c~CHk=}PH^iC%LEhu;r
za=uffU!D;XKT!neG1M|ZE99<`UBP~<&;)_N>uw&B44c*E3qf6waa#v~1_k^ph8#T&
zuaR-rQ*aj!ugE(p<0fKS0a_SCet|-vO0e*o
z+D%isXezEk^w88EUT*NWp~t_%tkYNiBQM|`cv-qCXtaq>D#+hlCgK|k_}>`xd>rMa
z!}bZSApahG*acELrfh~K_naMbmtv;qn0|$)=$Ka&p0s2Bq|o#4m@8*m(oM%u@DxNy
zQ=#?`cf+%a@qKh%3(dsBJ4gjUqOq-1u!|io;g0FRHO-k==#;VS5hi$emM!`uR`q$h
zs$U$lsvlRJAG6-@Dyt37E~>bm*F|g&;PY43LTR5hI)hbmgu&;{wuL8U@Z}196vd9i
zbc7l=aZnf{-%QwDit!5!ZV;;CT&Jo)5DLtUJ*)^n1wyv>7INU72Jb`X%Q(I&WU{Jz
zXi^KW=H-j9UxHbrg+hX>`Q%kPqBQjvr@2t<5}%KC9~T1!fU4#VGj@-Z}|YBV#4oMc+v^~VTGRmgg>RPq@3{U8!gG_KjCFg
zEorhZrkYc?E5cuWPJOu9lJaNGse*;Jl)u89YFlK>9%fGQZ26wzo&RhZzt|R?YPPf}
z!mzVNRGLK_bk!QUoWvl{{S<15lm2HT4+%}Ex=vTe!8SjCa@@$i!QdP
z?|}fRK20@NJr;uBs?d7@O+PHO78#koRYAw06*WZOVhMA*f==f^!axWIx5M=M6a~*f
zgr)s2qS@MLUK4+**e9V0EgPWa)`%n;>4-}#ecZhzP#UcE!g4p=DNrb^JdmS1pgY;k
zun@UO;eH~e;42mMypeJ{_y%Yp)<-QsM&xeA`a>Zv*m)=68!{IwmNUMHyk+bvhrh;e
z9PMM8JPNhy#(`V-)=O<0!1`2jhQ`7>JnZj+9!2;A3_a}GJKyUQDK84__Y}St
z&71V{CV!SMf>>D+hmIR?&7LTx#yum;MiSf?>9a
zj5F(UJ8lH33dcsTy31|7hoMd*L_pBFIA#~PTjBnln$Y!-f?$9JGhKX=ro*|jpUUo}
z*-!9wlQeG{l|6zFT$_D6mEl@e4_(y4_h^ci(WLE+8+;Vku+qH_SSRMcZ!V+?>-+mS`3{Y2MLdTW}%W^9_9|W%m>yra`(h
zzttB0!w|FT15}FZMZJ{WLu1!d-b=jYtZJjY7Hr&Zr=p!y)5C``qu`PI5{}D1$R8o^
z!!&jpBZshq&4?1dV!16lQ5MUh*`)}-Hi~F7jNElH#;}2dxITqHjIkT-6{Dv+>0;9Gk(Kp2)en_D(h@EGq$o$G@Zq_vW*SyP3_3*d@$^@(qI;6y$aat^(=Z{)tic
zCQHI8X82cW%n=TEfgQHb1lXcD!!CkC#D2y74azGbmuum+J$yw
zX4G3Vg%t6MLVu5SGEDPMP)#piWvYV@5zbJG7hu&;4V53KvgXJ_c%-k>v)AXRZOM#0$d~qhg$9!&x-PUlUhvf>pIOFDe
zPM9)V2+zvCEco5BI_#2z)JM!O$e=8|0%e+44(BsmN(g3H^Ld4N80;}u%rMj;eu^_1
z{_ra0{I6G@;vP9az0MqS2K(e8Y@j>X25L?$q*bHdVq5hLS`|8*%x;Pm8YYyCgK^f=
zcj}vQrZpL)4=OZakXTTDTA?Wf<)0LuC@9OXvIPIX6_l@CZOOP0LAmG}`_efC<>wUd
zFDfWS+I;g`OGBKrku$UB6^g^OSZOo=I{V)FNSntLIhC|IrU(}zZRWRG5{8jB>lNob
zq|IT)9ZuT3sz?cp%<5alN=wp(Nt*-uT1shCy~-B+{~Kw;qI=HuwpDSRDGGIqLLV{~
zu!2*Rk7yTX_#$Xcv3V-#d5hfDkXv6S*=L9W+R)_SO3aBwMY
zg_>{{N*YbWBGQ5-{|r^)KbvI&u%cmSWOSdAX4i7+220$pVc^a?gM~+yG1siNe^Tg2
zu{43GyaWC*d|t7+g}~tz4ho%9-F+Lcs?V
zkEaC;>!V_*KcLV!>P2E4P63r|)Uyix4z!p0$X<^p$Ile>G3a}<2WYNUIE18E6?z|_
zvj!p?5`ku|whenX^mNB-=G~!gzhr;6Ofmk1iZkKGjXRTyk#7dHOEG=`l`kEgGaiSF
zzE1h1!cU`)aRczY(g9~x_>e+-a|7@T0yiR7gTuGbgROj~U*J_y+OMf}CaUf9Z|QD(
zt0nza-my&|!i_DvW0R&GRd~OQh3}9<5Pqu&pGMDMPuOVpNy4T%Yi#kiqg6#{)fgzU
zM&FXR8x?*$cBn_0?f)u;eh4Q$xo4=*j@T%p1?^Pmr=TTPpP?zXX4ysFuh4&nt}yGg
zSX-rPLHL3qd=vK~|GKb~}gm}~Fvg3Yc>&*h)>@5T-(Xjt7xgnIr4OMjfmm(B8cg{HDFzf}?bEDN*0%j<8p
z1f6789o!I``5fiq4tFa?ccmU{@Yvk1h(8CzFBzaq?J_OLGY>2Dg
z`)K4c4!||Cg+@Qhds`f;R_>*FSZYm(#@Ypl8D!)TZ`>RshhQjSaTJOq?~rjzY_-7PClX<+en4IDT-Ynj-QX3a3{fC
zCR|kzRuNOFca*Efp6knO&FP^QV}L*;4(T(QzRzs5eb$eqpaOG$yk}il1peO&PvAu9
zth!D1{oSUsR=_B8nmeYXl`cL+Guvosn02U;yD04hmYNxInG$}-&%sDR_4tB#4BR>i
z`hsXfm{Fy>jRPrcYV3uH{p@`HXrU$iVILllATd9LM-I-wUY9n>MttpNOB2L4mh^&O
zUP0u{vnQn@m7Z6Wq*CdR3QZxE=5DbS_@$Bvw96HALE`4;`qmp3HygKFl2VGBhZG}G
z-2A745(Zhs&8rGeDsIwmu~jFC8|jjZ6n?I0xnB{JPRqv?`afY>9_zAwnqpc8!xo+}
zVlpk~DE#keTE4B@(wuBsisJdAqWlTIsx;DtIkIGsZFlBOT5#rUx5fMy>&A135YWTw
z#Bz*>?Gn_hF67GslO3}muUh7~1lp%mzyDWF2-{R;hW6hF#)6I?fHibdE7!V8M<
z4IorOfM1I3p)Bde#(lKpR!iV1Y;p=&f_lyP8`vi*jJJRsdr~1P*IN|-HOA*aY7wVZ
z@iE=02;Xf8V7XWbkBT}(Hxn&>6k^e(JD*e(_UIhTJ7#;9BzuJKD)?jKM7q%K5d``h
zg~sh51e(3mHs@gM{-V?K0LKGD)))g_tWZdOEDV*WXzUZ%dNl}p$;$B0
zJ{F0)JiM7bO1o+-BSK2E@NC(`9eBB_zlLq3a5T$BEV)W0-iWLRlf4
zjh?y4Zs~+0b}QJw+zIGD1tl_zARJNz|K46`{+5CgWSmg-M};S+s{9?c$%$0eDJYRD
z(U7lEgd`h(S@Pbc7;$DMIXAgap<>CrgJ3@@Xf#JBr~Mk~am5?PSvK^)Y&%jJI;Sea
zg%~>b=u1froiYH273X#6ewd{db{fk5>IH><9ZZpIeXsu8t#DjQG`tnD9R9oP6m9u9LN;tjg#DToB^MaNi3+R6*X~iON_u9{Vq$<
z?_Hkd#V3r+n{G}sINlW>gkS^5X0pKVjH4BPIdkL`R_ge)7LmxcUsO;Eu05gfYfBZB*f8PR#fp%GYh^^=rWi>_^gRkqJybtZl+;5td6#X$xrb`2q9(RThUz1V
z@J5D8*1wt_OAcS5s5(OvP7AY$rR#Eqo{lxh%F=tILX$4cTT?*AnA@Y!Ggx@*J`XgXgNZC66Ujr
zg1Z%-$iss0xFYz=7SNLlI`>rZ?ywE_mm&(>NCll!ffK9bRf_)x9qL45_>Pv6de$D)is5R^}jfznzh?Ony$Gp9gdt
zd+IwaB~Ch@)CfY=du-*r$B#vjk>8^TsqeuYQj`n62UB&otv&9rUS!Qh3QZ$`N{@kx%-i&yN!&d<>eaFpk<_5$cOX{fofF;VPsL(#BLUSg-IK>uB#-^S7yv%Ils`MU~b
zt@*OkbVY<{hW=Ke=jQS`_t@6Qv8JekS12@Y^%liolR}fKf$vplYBli3ijrCloVv%-
zH(XOhZf#T4kD$kL4#kPR-3q-6Vz0p4N#$3X<50seQos|6@<}crdaN$c?rf%M+6(wo&4l6Wu^Uf$r
zV)JAwmF~6e|4%SGACy~;wtA#O6BaemLsuz0@hC@%zh4m+!i#VKw^O9=WxhPDz~7?o
z8L*$lKo2RDedZhcsl`HNSe{X6+^`7rL<*=ZwtrG+Qt6%dLE9s#r1v`&AyImdHb#?I
z6yY^6WtFj$74=XM{*FkR!j2-yG=vZM1$Rq#$ZK!9&sO{&;8y=@i_B}dMpfB@3-Kn*
z1HTWq$(Z-QuJ2!1wY495qt!}Z_v!n?O?Q#ZgNmxg5p^mJi)ln=O~Z#RK}l!L5{0Io
zH9Hg~>8yFbLX*uJY0{I5631LJPR}d!!uq-CBX6{yC4R)`^!zoeln;Z55LK(*Ce{Ozp2oPF4Jl
z%c+VdHbE-B`SYFPr!S8tesQf4N=%#ii9a7IkWyq#_2ohZlH@`)nMsi$GMYaVAS6*u
z$W@v=r)GTCRlFS2G|v9Xb)A25RbczuD4AFJea;vOU}ADrekch$C0(v2Qsw88NEMBY
zFp5p2%D~i#RPn+(P791G(|{P0lGj#;^qO3qW>)2|CW$6LOvtQ?XOihsGOMBpWZ8^n
zR^^v%W>tJm$gB!=uFOK}S^RUGp_25&LCWR?br2USWinLc
zJWZJn)kVOwbmtZ=7UzWH><&=$@wY4FH@x{``}`q^^NWxGY?g1sCKDh1l!FK<5qBP@$x5zLfpGeU&Yysdy@M;
z#4eRV#1F$q2v4&@C#enz0uiLhmu6{7=#)txg)D^!5Ll;@$`4Ql@_wOoq~63$F~}zb
znZ_A%NyvNMl#B1E>3&2nz|B$Q8=TTg*~nFjL@A%8+$ofe)KEwthaiaCY1TrT-%l6!
zLj?-BcfPBU#^I`j*R-4_p2hWH60%FeRTmDs`zfP^
zFL5IFd7zSJH?R+P;d7J;TDz&H*=rfXO;tEKRZECqR@^3)LT{38T
zpr4kSPxjY#LW8)gR}pHU288`Z!C%D}4wuGh2`3^RG-C3ZVvA8MlANGe9E*)XoNc6*
zy@mqMqu{MTzL}(eKS@0tbFZ1nvXuDGz3wjty1pBOF53@g3J0=y8y6
zh8YnV$pS-kaWluvLmCbQy2Fzkbh~@pbQ(MKxd^})8Ztjkj#BkmZlZCzs_lzsd
z9N}W6rG`D)#P1I2J>i}Q!g^`ia!lbS%5LH8U1JXNtxBGU2MIHdr-6(vH8*2kAz>c6
z%v34SCBberKccKYn%KmD5n+@a%WE5H45&bwsOMw~BE=m19hp+(v_(P`*ktH&V}
zwH}~VoDeSu(eq4eR^m2D{YavN9OMhRhl(IV4pQ}WJZ{9<22%FoL3e|@i6f!9#TC2p
zUOjHhucTa%-M!rWEWppaM*M6xrRL&i;2^pHHSov=4lcxZq}1c@Pw^{FbPc{whrrPLAPK96~o
zxd;La(MsT1g~U}WsSr00JE*3G=C)Ez7nL65zoz`pAoK4|6w6gQ)yyK8FkDC45uP>g
zaH@*XLIj{ht`?^n?mkGRhAc5io{H%mHd+MQ$wdXc)&>NRJ+^2OrA=UhbC3j3k}aE?
zm6(#p&}oQ{IirxK?Zq@i|M8_CX7IwxDHEBeo3Kzy=IMzrSfcka8S;^63ynno4cJMN
z3-4N!oGa%DJcTiP!58?bSPr?-g!znYVmgP$EvH&st3N<>&FDvPIRsF4D;7z7VmV^b
z3a-E+!o*aX46v9fNR~LhgYPY6aYm}b{VV|raciX3e)Qm1GylrRbz_Wn12^BMoek3{
zB(g;K6?ul-d-EQmYY}A@BZ%9pZRXo7d@I33<*Z|7O+emYNNv+NK&~SUzw$(NgmxsB@AfOQI7=9&fYY9?{hgn$8dpx0$1!yF)
zJea8flNt3`8$Sh?i
zgmyz4$s9s2&o81pXA$_O&uZNv4lg?|1ed;R`)D*)22fJ%Tv1GggNSIvC73HV&K`UX
zhS7q`5V&tbAN>2)Q%&T9yxl-R>Mo-^67aG@?q=v~6A)5lviBMmw^zY%f80vf~=rX*}1K-Am&+wb^j3
z8ij(RbjP=up&UX=+MLj;QE1gzv}*g`xK$HQNvp;(8xi|hfj^nEeLX%Jq?boYuQylF
zqoX+*q+`GEXOg}x$$%sqhKVQ6F$|?b?Kmu((i~(5jcrdU2p$K5omr5@e+Cb2^^yF0
zRAHuf63(f8mGWPsz#*F4Kn3PY1xpn0(nRj{DNwc^ps85?otlx9b(9L%NBO$aj0n=R
z;u8u!|HKW7RDA7vT|kKPY`N{M8m?z@AJsg-wbeM2M$#0SLcXeaq683{!dAsUFQBS2
zJ3R`ys;m>d$W@|Ak5Coz8r{Lw5n|pZosIES&pHbsgWg%_)Q_T)n`q%-s$NQ?`_OwfGqf?VwpF&Y;v}V+4d;cFR=kQ;R1PnX
zp=4zY_ikq41F<5^!pF2Ad6cB&g!tr#_}~Q-AAk1S%Z9Dn^iimlmT_&|y=kC?SMD?{
z&-@U9Zuln@=Bx%nMgv}A(GGU`beM8p&ZnBsHuEr8XMP6T7$2j`ODpirq)~iU5L~p4
z9|E6$0^h~*54C%m+hI)|*kOd+Qq0ndlZdN_g_`BX64TAWNHaak>~tF?z!HWQ{E7kh)O>k&pCo^&9m3aUuA
zXydYCV*|a1YR}?UbG&}z+YYBeUZVZkt;p-#Xr_vT;>*w}P?9t5#ik0z8IQ9ejKUVq
z`v?_ZB`H~9_(Qq{UZN$!yxAaxUiu&&V3p}(@!kb(fyriakk9&6?E3$RGVY_P-tlu$
zh33Uj#W}Q#k>?lo2Hbovf+~zv3-{|Q@O%Q-iJNNtfhYW7@_8lncMd{qB3tZUID-zc
zP|m`YGs?r0%c=NhpsW^M*kuI2()=2BVXq@b4QE%spCpOwgguvCZ!79o
zW$-?ld*ZxWitPoi{ZB;!^U*rq^honuX9fnj^i!T-
z_tkaY*jiG9`1gzd%)wa@8Jr>>oKd*(
zbC4F?LYHBDaDZQdrr#1bLJPb<&}BSAfbV$?LvrEt*PNiG$NsAHFCCu#rAj|tdKNat
zeK1C}Vzb1o9O}SdhyOs9@O%nF37WAUO|CO06YOUfo?oM@xVRRYy^pRs23{MWMTxv-
zcA_nm-A(y}bk${+k03Kz8(;}(rA5e%
z02pVpHdZJLq$#^mJB%eTlwb>ljVI@RZXV=#76Hy*F>^PDf)lGeg#d^!1uX`rT?zxw
za^zu|j!irQ{CoSjEg|lpxUSg_3+*^`5SKN+5V^AZscHym3urMvnOf*Qk0-J_!=#(N
zpRVdLQUzPgA{Yb8VM68hm>qu}>`MsVfyblpc!;iYZJH31(*wEJ$B;{mvq
zH{fz@FU`lDIR0H*xci(VW5h2gN%xLokJd!F;CN0cl+U`;(KDtMPW+1yAqEDuKEuXy`>39oY@SsW
z`Fj}xz)V2UTCgB=syZs;1(Y>l=ENW;PU0ge-mtPt9P++tnu^6d;|7EoxfRb{@1qRi
z#S1whWygq&OJL$qWU^MdW1I^qg2DSiguqPTB(kEGLjA|C4Y#zTGPZ>W+Fu
z7$T}%#wdubl7PvXEC$9A`fXTTz
z`uv(^@>r&@^%&-JYdt1oJ$8-N0EShr0X*O$DHOiqK!MHAoUS%~Ik^ZD&6@_e<-XsE)u2p0{eUfhh?na`?g0adnARzJJ;;rOBw@`?par874l0*n(`bwW;a
z;-oy7bvT#n@Av~JhIuBd(q4#_^|CcMMtRq>)wX&iH6XuqKNdDbclE~4r;KWBTTxUu
zMB}OiWEeVuT%U+s;jIEU^R7dSE?>#}N*vaaw_-jOR7H7MWzI0V^)zLW
zrs1py-_oDsZb#UTOk*K0hUMOwiu_q93$Yyy_w|Wo5GG}=pvAxt!;l%oZ8eJ=bApkL
z!l>ASr!(*#8nvB2L!6ef6sfUz2jTQd;0wEp6LH5|e8`hDeDI8$*^9vUd;pjSB_s=y
z2ysi8iSu9)2NsU3_jCAAv-^kT2XBF4jr0T|I9f@&j!GJM{bWh)pmr`kWTJv$=`kx(
z2-*kN=H84=)F>CJhDzLQa4G}cXqsZ|u|9}gU_Zuyk4EyZ(?(^hS{a`Bl9nvFc$h;>;Zg4V$vv`*B9ek`N~(3fBY0M8%z3)Bh61#_H
z{UU}Oke`ND!XE${1_;XoKjD-muTz9SNNkCcm;(|4uYoFsUOQLMprtWYrEEDD3!ZhK
z4a4At@cGF8%{Cew@R@~+MVD*zSFo1~u%f9+Fr8}VlBBrM^$MZ1`HJOjLQ+(?LBtXu
zTi1A8_p!`66P*s*4xCK8pAYYWc*fbO`z_>5Z|w2d+cn*IBn_yqi(WqN=X?q=!JRmx
z+bKnh<~EbtYhI3ZvWd@aR;z$7L=uu^m>VsZD*$&35w@~~X%Waag&ovvoYS?p5e)Z4#!lw`-ASU@$uHpD&3ik&ul3sdELGj721U#$I68c#apbGm~
zIB;R%dIau86$GPQkf$r6z?HoZJ^(k%6$NSISM=4SZTzl6#`dZdhX&x
zEFIGqzK?rTrEDRVYbF_HxX&u|E18JxfK%E6+$zC_&8GAbq_M@8qDO$lsQ?A3+9G9}
zl9nn`p9%K@1s`khq&BULr%YH;o&hOikUl6v3PblQ^bFY8m#<64=P`vQW-kzg?sLLUZ{Qw&yWJWP4}W`&E((28p{Ee6Z@hO0eAcRLd<-f6lp@@N;>V)+3N2oGAb+GKJ~5@46fjp2-V6FC
zpnzH}K;Sni{AEPMK)`>f-moJSvUi+05@|8oBx0DDLk$Uy5k%NItoK2qKjM4^-?0I5
z@R0#s6>*L-oVSdkJSao0&LmmP_-^OkQI^*K%l^5@U!c+6WgaI@G$$+6xf9K0neIHS
zHM|#YvaEw$0@pFH(`^ui9RK8TMBnuW7Qq=AE>X1B;18KPg7T4H|z4)#qU;Q()pg}xuOCRvNO
zNKVA#3Qi>AdkTsrB7uhLvBS~8B5R{!B<(83cu+AOL!Mun24f(+h@tQqy-}L_M@30l
zNJF_Lgp&nxA#?iSnq>>gH+*=PqWm|6#~AS8By88FTE$YXZyr&U$AJQUXRLKM7bRxn4^o{n=Mc-ZmCY#*tm#y>XnSFLfiopeU)EkW*nxxf?5R@+MrN
zDE(+c@K9W`0BPnn#ffXCs6xY}Sri$aD$Sy_bi^e=xdFj(PkmupB*aDPJU}u%?^4p@
z!nlacdsv}}I+hqw?5INhIgkpC((}B6{IP<9hAn=npmXFv68f&Lv?G9HM1KyXAhGUs
zvqB%iUKMGf;3Wl1%4CE}Mt%#E=vYd5Uh%$C>UB!!fzeA_Zb9nUtEarT&#op`pcPMi@TkJZSLfrB;n
znDj%DnMkJGtOQm@i;!5PlFKh7M5vuB2bnO*i&{b4E=PzvtI+pBcyV}1
zX#cuIu)bG5*%HrhBiF(dSggBf3Y>|1Xo|TGKM{HvJU8*Z2f={#U0y@))^|UGg`qws
zp^!A-F-3S02#`3%xKINpDVwZEaE8x2EI7xtobN-r7r?#Mo-b4~8_OXG4#`+J;0T9#
zo2)JYs1V3$rCj_W!Unu6=@S9l`VeOf^>%v`zNlD97u>T7O$aG0#8=e~
zNBk0nrXW77@I>NwD`;5a4=Ywu;-6J$0`W58{-p4@2`7V^S8tnkVS_3<(j)rvze0~1
zi5YcF=9^Uf9fc;X_(g@jk&16`uvDKw#W>U{vtc|+%$9AhLK6ds2sb>d2v4vgJaLFm
z6K6uu__XPY>9&UCySZx>oUohYnbe`s&tL{a7_r}3uJ_16nmIrtS)%8*Vgi=kO+`4e
zL(0YRCYf>YCo~nIJ=y}SC%E_oU0+^=EBzy
zH&Gj@8HXk~)4|yY&X|zvyvW;yKu05bJK`e3NGd74-6@BY5XRQ01PXT4!z%B3!=)nl3GrWH?f8
z>3mDm522^xSo9>7J97%eb)rQaLGT;XFXHXMOE{mX!f~1oQ~p#li5zDDFgLD_!V*va@?*oWgO+J
ziYQ}TD}1FUp$xd=mcvzxcu;&vvV@a=v(UCXX^?m6n8aHc`~M=qx7U67XzoNTjn0NxHZ$CXq$b+IijE*+9o)}qjF7P20-geLAH
z!Z@5T0vH974G$-UJ*4O_8?98fhs7rD`Qr*YhUrrbZF#h6%d!H$pzyd2nLvL%EOf*Y
z+lIJzh35(sDm-^w!qHxA!qKMlUPI*aUPbfE{O1+)
z3W63bYJgf>LEV2GF+vY@W+M%F?*ud`96(Vp&V!KTwRs
z!e3HQio%O8w{#^bTn2lgV#G}*8SFPJG}T~#KoOD+wlM2Y6(za8ij2!*a7?PNRx9*;
zIOU1I4X4y4aEewuET>3+k6CV;o3y_XctAQMvA<>J+^h)a(;t8L`nz<=y>Ck1B@!j(
zA%!AJ4E!}_hzMsr^Op)4K8vb|#J65)D~a1A2#@wC^msOFAo*;SMX(LHhP6^9GF}eC
zs}Y+cWHx}aIzpSU*#uYO*ayym$0t5q_6b4|0An=?g<3;49j27O?aj9KPuXo9lE%+a
zwN^|ghZW@oET()oPz&7#{*x`D9!ohzZ?WaPG5bxczMjl}!`s7$6d`W2Bn!tE6#66<
z4hN@vg!`XDo`{Q_t1Nj5aoS7G%KA6RR|p3{wB!6!y@)Jivklf&j`W?
z6d^J5jI8HJ6k!+4s+?DFB*s1zRYqP@xL>1?vNNu>UHU6%<~4|;ZNs?>v_hfJcN%_db%d}FRy<3=iIJu$=-$>r-W_aW`2snw`**=V)z^Lo$2(dw
zL@i-jp>j)n|LRuSioXV-FcUtab;peFU&PmpgOzPoq`!4GV(D$%-;~Zt+1t{VVY6Jx
z3Ch)4R1cpbL$$W{J=yl$tWfy=uv-#6f}H*OTNqvBzh
zL{uVQI&QG-iwkotEPl@XHKJzj)HlO2I*ooP
za0_9r$o0)DG#cH}p-3shA=3C(7)2azOd$;16zC3a04p}*+#{AV+z?P^z~E<
z*?%iSQpU+yYbi{{I30?Rz&N5@?@@Sya(zr8I*M_ztEKr>>ns7O4lXZOguTW@#5cWW
z@DgHAE=53{Gl8*4x!bj@6jqT(6rRK?!i&(L!V?ZBMQAm&+r}i=MXbD1czmLTF|hBY
zJE=16NyeUYW!&QuZq$rGvAHP3PLL{1k?09`D{XPvl|(Q9m_ifSKzjBY3QsU2i1zTh
z!ta6pRt2+aCBiYVzR=M*K$*xF9*IoKn}{1aY(MUYO0{4BCVamxxJ{w=13G^Iw=7j1
z<9F|hK;a&9fNEc+sn^1~wL=cT(#^VYLUG`XWp4NdaKFU
zA_D1?Ih~x9qRYyTb8DxiFkutUG#~<(XbTB^CcXKX!V@>?ws=iu6<53{Bfr+yQz|1;
z&7Ad?3{#CWzKG^J7Z*rg5RuZKRE)T|?J}zlD>P0u7G{4|p`XIU9EH1|xBhu&tJmqPTsS>Y)}&z%bA?$Jc$QuRj_bS{&#v(eHJXL1%^DpF`t?a#Yc
zCaLhwI>k*?|72-@S`m`kpMR;)frMy
z#HzF3XbX*m@Awlm@~x%}bE`3~409>hcT;^jE>>5{h-4D49Q~VZqrZX!0rqGf)j|^n
z&8240Gn1!s4^7~Y7_v+rahwlIQPM#LTWnFoGD4;~<+(|5AHnXl#knSGn|oRz!`tR$
zb}!y)tBjMEvZuOQp}W{CQx*al>USyxm2d=zx|1yJ>-ZWAq8%WPMS-ah5ieseiaT*^WhbU+veRI&3rU$r??r0zz7scG{nZ_Z|X}gLf;t!?U%1N
zn68z%^18x@mnT=
zRfcbeVUKA@?9YH3
z*PYxIAP~0Z&zMT%Fb-(TCXUH`vqz4zbb;J*|S6-AT6)$3XRJGFZCZ+
z=zn3ADm@F26T3o53;v|w#Oz+u0UO_8>5uCGSz&t=I{Y#&g#KQU;}Y6RMJ4|$c}3->
zky8{Jm!nKt(WKC1Nw5TEo1(-e!4m0smqO1shn1K|UeVW{8G-BNm8{+fp!}V-F$Q3+
zunXV{1>me8=8fB90Q|=1mvGjqwda?$YD9f^*S31iJ%wC3_48~ZtMywpwb!rNyl&f;
z4eRPRZn%k4Bq1wLz5SflP`9)0w#b|O^n5d2b!}VA1+JEN66KtRh$DTnvx2sVm55)
zGRcmRLI%GQvQmY&Y}p79?n-UgvT4oc4O>kzB$EpWMRAX4f`HML1t)ym0^0GvBI0=B~4eB$&hu(6gCb2
zHv<-Z&>jCo3X)Nm@7(c9A+y8V^ale3ML0vguU_4;6(Yno$uNpV+S#?becQH;8@d<<
z67Xa57J>P*S^09}b;KmL61JG8?L`Ul#1?NjK)&0=SLl%u2!4|?e^u)2RgPJkhshTu
z2|G*C~wLx|SG&$Q=pO9Qj;7OBf!Cf4bKc+eitgwqX^sPiq71yV*
ziBZVT=9jp6briw{Jp^aN-C6t%BcBJN0Zl0&xGCU49(=fwVg+C7D3j9{9V8byMrKgc
z#jJ#G3F=^B8PVFEiZZ7?Sixwuk$
zkjnOPY(a!guLY6VlNfg`iTY@-ys|?!)5?_~ZNxQ{F_WVdPHTXBcK=ApBlN2(IM;r@j#3C6KlTHu1W%
zk%DnD;hH2&$uVnQ1Mf~km^>JRCL%sv9ZlvRmDJ|l2dDM4Q(3Y40(4NE4WH#IVW$%f&Qc5;x#V1gnJ;I+N8#
zi|zGT6F7sp0f{i`s0ESL7GrQ*VCO^>dX93;DcEwHMMa34XJcI=`VH4NXgucv3-DbH
zr4p451CzhoTxf7O5eJWA&>IYSgUIz%!69?Ao$({7c#ujLQ0^lfjF96h7lCFDpB6YK
z7Ffh7#Wl$zNMdvud^Z5Z7@g+_?t~zOV;`mUQ5kF{NZw!~D2oS1
zGJL2BKhcf+lv8(b5P0B-<+YDWpE79dT3E`6_%s3Deqs8-{S_5X<#2atFfwvfI>&9R
zplo*v7ztG8x^D(P0&~JnQjS|8e39EVQG!7Z;=+a8Y4BAnLz13c_Xa!&xDAL%-s0f8
zf@}D~F#*tA=6_5p#IZikx4X=hPxyhsUkrirI;G2cOyp8T)5}E2J;dKzi3I@ktP`@f
zQN}xXmaM2}*F+iETprkYII1({*?~n5aJbPoGO{^5vIXcTjO<<=*|FRWh?E9NX{tGf
z@osv9LpzR#7Gb}uBhrDb5{?aHimwn`%$+P9{tm|e%5#i;U1aR9H)B8D+v7|qp?pri
zS3xlT7vV~e_cBf3dqub`G<7*$)=zK3F+48h!HUQcLOF0>20mF(O<#{WTa2K;&H`jJ
zLEva)0hxt5Oh8remEng0emXnp(*|&99B%oIC}@aQFh?AbsEx%pm393K_qQVZx0b$Y=a;05X(0lX9uxZK$uCW~{=(vXbWD
zD~EE0|C*Vdr(yTo&-oK`PGiEEP&U^ArM6%4%JAU<%NrLoar9WE|C_@f2e=4-(jQJ+
zfvgJdZO)Vc(G&1;N^heX2znUC1;wm>cO5eQx#bl!&b_MN`KCqil>^A;6UYBXB3&S8&x8*-A3;8__{0p%`8aa`9^@uAUj@H$sDA
zDEX^93c)?AD93H#OJ|U}2%Hw;F~z7(!KfB`Px+odjnR7c|6}i6gCxnW^RV98?cG^`
zz`|I73y=gj3liXR_SMzT>A~y(^Qa|yc6O%OJ)l8|ag7o8$=DReXTMM0ezg_k_LT3AiA~
zSS~W4zqeIqmWmj62?G}pI-dffjVFKA+;&&_%n+ic^fLGhjsk2TSu(V
z|EO2F_2lCpJ^x$g?;IWS0j$Xex|2QzRSyc_?|p6YQ(vXq2<`)n8>P~Ij3(_IYMn1W
ziBYadC2;#umd}YND9dl+4qm^k6&JVs?RxM
zAO9J;Rf`|{>BXn_IXBPf9PrLQ#ky&9F^l54Er$Uul_1o|ub;yMO8oj>9;ztLI
z-~ZFH6?igHYJ6%WbMar88eW8^=6zR5WO_-bfTBJd{Oeq+55Fv0`BS&q#`P5VXRmOl
z8t*{>zHxu?Bh=luu}^19Hk7~g9A-P{)wwNbs%O(Ya#~pPzcXKHIu`aiRZiW
zCpdkrUvq2m?vwcW_hZ1&c@_v_U%!qiW7t>BVR`jE&OdqVn~R_0jKJqOBM|l<%@99}
zJ02{)_6?W__(mzjNi7T!9g4Hvnh+`LG7^SZbc|G;1xyvR$q9Of*4|CPn(
zIIRXesj_T~Sdb6ny-=zC*B3uT#rhf)D+cnNd+CEXEg!nD_yzFDg4O|t1yAxr81RC1
zzltlI!?!51e8(T+pD1hLD<(04;LK?m^MpQtByTXy~NKf#aGI$%p5d-BWIP!b?Z{^Yq^;6COrpf%*V
zuOd+Up${*p9K>xpQiQ@$kWc{0E0j|zr0bYRozW6xCx6W??U|g{%
z0SiFN=8r6bgZ}-P(5Q0v(Qkb7{Hy;kZ4f|l2$KNj8deu>K_bU%2~76E=e
zi{Jz5|L>eY`=kF2(m)3UD{dxs8|M>cq#g9M!@146SCgjO;
zKgqp)LZ)6md7hBSc|;NX?EI7Ge*7bgAOAJ{6|j-Snre9Ag`t6e11y?Pi$#Dz;K1G2
z#QPVkAU5Aw1$<)70;WJb4c&&>0SL*jz6x*zVcRnd+dhbe0$^0&?uSBySHU`uiVXzd
z8E^gnKf%CHU_~&rUC7!Q%Ds#gXFy=g0zI3@zlQJRScPY+ScUI<{7sGUO2h&$7smoO
z&J%7cjs-44pg;cjmoP2?bJ6i$n6{!GC_`$8r`^Io=wH$seG;RJPZ~3b#lRd6&tjZ^
z?fk1iu2MmS+6-u?BAf9H-r=dor!J5Xn*lZT$!{;dAL02Gg`;#tAu1Rl;0a>_6=96Y
zr?~*unEb27Pre=eeK@JOxY(EVRKyj1`L2wO*gLA|nH;j?_
z2Q~(Qk$Fap47$_5=l?cQ$diaj#M*phaqG5P8(&kw+I#?}|1sS5h1-jteGkJaerfUI
zOk;D4#s(!th`*jgpar)bE-_7xf9;IP0W^<+9GE?SQj-JWNSPcc#7~`j3H;v(&uDgb
zCGOBC{O+HYzyihxX&$z?5y)m-K`rwH21WA^7k{wJ787Sc28eG`pTkByd;WFxRPffH
zgdzHrj&6AYbxZ#Znas-u9pJou?EG(I$RsD`eCi8-1bKh{>*xu7e(|xb#dF`m4>|t@
zbF|K_d}Q&l?<`*Yvv>|fdNe}kdq;~eqUW7c(d@T>51*`JiY!9GC0yjQ__KjOH^sJb
z%$F1^BlspncFz6uqFnVrC&jp*5;S@Y-&G|=>u3js@uw0S{<4JNk3nA}bi|~__vzoh
z+W=3j`RRxM9JT}$W4!oR7eDjMAo9E<|9JA;
z=Rd5v_0%}B7t#aoAI|7pA|gf+_^i?
zDq6w6NS2C!d7fYAU&No_Uw!~r{}!KuxBfw-bnM?>_5KcE$^HBV@9)ohf5!z5ejVZC
zGYpvlsPH-f_%U1*$PGHO5i$WRdj<}d*v_vllHGmjJU~OZf}h03b9y;wjXnrJgD3`b
z8Ir5`uNFV{cNag7LHC?q`te^|eCBV$Dt!QJ_bPt$fHvy<7x+U$onQSU+=U|t4?c$l
zdLHw-aq;JMSoV|O5(@Swa7YM6f^J>^4G|!$Lke5X0|CR9e}73lJ^q}^{|Q`>o*!XQ
z{r4}+a`NZ;Z=n9>I*iBpbN#o@8hiqw#Pje7@f66Ly@db$F#h*x{O^S9xdW;9;9Uu~r1+brA!&Dw|pf{1&#HEnB
z#IL*$p7rJz7N7fDi|_l}ix4sX#&h87cnpIVzKeBcPhxeSKKJ`&!leB|$-PFPo2>+^$T{(AS>Wd8cS!bW5BA~%gNgt&HeM8#jRj~QYZ|9~w1
zx9nGf4CDG8WF)kHKE*Ju#gw^|4fHWTX@B{jlfv&~--ZEQ`LMQa=tKUT{X&SzU9a)v
zD`rRjQ&!dfF^55cGx8}@e4*bd=DXGJ{HDFtKLFqC)87H-%9pgoLqEX@VRd;K4m6>=r8=P{RQxOEPmjR
zfv~F@`;bU<-edrkzlED-&B=)AQPyc4dj4bp%oKu-{k;8cpK4eyJd2%MAdQ{(ys3o`e_j)Zg|MSOIakK3FkvxPGTHDY*W60V%k?`TZBo;$)g%b^S||f@^QW
z&c8I5&9+s1P(<#l_6zfHrCGASe=}JIRmgwl56v5=7&G+KU$vj6s3KI?{N-!r^kyb5
zXbtB-vY-DiAEJW4NMh(uo&Wbi{Mlne;)lKrWU{gN{x6{P>XnZGO#NeM3XJkI
zk*`biHU1;}(Ts5*dXIl*zYVY59|xk>`gyCes!eV%uhBFwnVssTU-&8eg$$jss_b90
z+xm;J0WV@}E@9v;LRB+B0Oc-Rb^9gSu%-7FK`*yqcop<2-}QeO(fJqHmJ8om`~kzy
zrHcQe{gfSU-bg(C-7EIf-^Qm;gBA81LB+=aDn9k(w|#Tew_p4xxXJf@XYu>ZP1HgZ
zF==c6VLtJy?t754RfYfO?X81H<7@WQ)X`7{HV0{|eld@SDN4*X!b5Zg66iQn@@p+8S0SWf^|HtqnmpJzdpbw`GeS(g%s_xhS
z19RmpG089KG1n*f1^YcZf*v)xKKeFVn0t&Cq5^Z`t|pWN%-^VLwE+0i%o>}oWufM`)R7{
zRPD{r*iZj+*qhb&7FU3PI(tKd^egrYe-U3mu6Yf^WqxY$HOHP%j-*qiqkslaHE}QzcbEgQs7ZL4&8yHIw~HRrrFXm`O9_=wAP$BO?nzE_waV`my;=
zW{i$1fS|Q*Utf5eP!_lBg4<3bPqFM`2Vl1G
z%k&ieEBkS(C0aklAb3Mlfw5&jh>=moU(!!sw4eUh$xn4-#JD>W_;-}wJFh(7mb3bi_FT>fU%I+omd4{u1
zCG(aQpT7?)olx(T+qdke{}21%zOnc{=71~X?a$axe*;f;?Y+e>Bn0zU?59DY{_pIk
z{{?69eP{7==66+oW^(VSi&)6LqwaDs_l|xik9$W?$t>=jj|+-$_-D;Nq(;5y9{z&;
z^fywpyDBGNw;yMTHk8Os@A1Mfn0x#W*bOxNy<*l(HUI1O)3oN-%WJP{K$KYcg#bp_!f+b&@C?H
zfzf68o?kS}k|JI<2f%)s;bhY%__F;xix27L|APHOlJr~O?z8so{t%0{{Po3+#LB#B
zKm8TFJ1VSinNM}YW)a(}aQ>zx7fCU1=&t_KpEvJb#MPv?`1+v@Zll^SyIF`xv7F{p9~ld_v-i=*xFjZ-L=peW%;%bjOY5
zPPaYkbZ?H1_WIrC&Yj(*XzkwU?e4I-fUj;w(ZTR2YCn9~SV=GsY;Egh)_$zjKk7D{
zH&>g-`~|tT{_w_XbI<+A-tJPX(`k;!qw%$2X9ssa?v9%~Z`|3PZbWjIMq}Bh71(O;
zP8$uc-+!y!+->1M&BUYfsW;`R?}2|no_u$@hQ9Rn+o=b|k2_tkEo|*BN4OCFi%YFe
z9<&adJG<-A0_ZQgeCRiJr|ZhnuvO*Zc_pt>w+#=_-jKws@W0MudMimZIHmzuTTRCR2H6e5K!=OyutNJ+PN|
zcdtix`R{3C#oi;=@Pw`26t|GA
zykve3@xwk2%f$4he`
zigaHUjnKTg%omJ&Dvm2)mbiS`or){eb5~!wAb;pf8D*tA6mNjHCKNL&vDPk5=&C$;
zLccc-y3;!#`{5Gc0Y-=2acepnUww@?fR^(VMg=8|rP`ftMq3^1A9PSse|U$Wv5M6_
zI>gPRJu0u}Hf|l#Bl2_iOrl?eBE_5zY;?nVAO6+DB4gdM$UC-RSj=r6#{QdiG-~0
z;7?JY&Aay^T)Yu)ubS8f&JWpwwuYVV!{%GtP@h%!p@eP(-X
zg&sGX_aZ15Jno7-ZhW9~c5Ic$*?gC$SQnerLuRM5iogneV;RfL1&~8;cRqQIq@!Yg
z69&yF`#Hajv%8DK`=CVzn0Jm^eGu*Rq0@F@fO}IIc5(ql6PR~7SY@<#C3TWg=R)7Z
zr-AC-$0?Hs0T&M+4q7Kk3WP_7q3({aOzw}y(+l|5Ro!wYiq)*&oXWtuTh~=StVcG7
zk`p&Xm0VJFc^2%%zD}djA3bo2YDbhR&hp_Sm9#xLmEw4{mapu$`jhTU7wAu4zU<87
z<;%{CyLhqqQ?u?RRE%gCD10mho@`s5&bWL|L8)D#pLa!EC-Z>fs$afreL?$V^5d%)
z@F?aibz0Mw%0t5Z}LO
zmoNK1znH<7E{JWUDKyTawT>a1c>$0A85qvda5B|jtnbRFcHJ{QbI@|v`XIg%iwfD<
zfj6&v9Cpj~FlM*B*=#Izx}L+n0vTL(PJ3CKvDS{@J*wiyiB8B{&|FykeQD5oC`yjM
zYfLTK#Y9R}5H8xo6)-7<*LD_xo}{Q8Yn?p(Sf|Fh1igJMade*hvml3AL_ZOGiEjiQ
zllO^P0<*4RQz*XKeyTHuk}+HN=Lhp##2
zIuqr=QE#kudbCUAn~P|xnz#c0f4aOr2LI(~5VhKE=mn?4;ENxerBPagUp(nvUnA7f
zm>I0;la-bBO-O3LJ3N@)SLY*^`0&oGiV|g5gqXC`JBGi}-s>LphPw940B5?>=zg~k
zzgi-mP{4BwTM~|VcJ3`$pvr54p$~6Tk_`o6vQIud~
zY^)^yY25($tQv}xUCvbiAB-g0bk#}f7kJphgH9VdZ6H7w2M(^=I3ly31XRu^WuTH1
z0R%5DheLvZ-os{pK^=5hMo+0|HYA-uwR1mCFLbdlc$je4myt;t3h
z%m931?KapU2Zu+~?oD&DbzPSsEs8BgZ+9QTBN`ln#S(as!bLuc5c^!d%K20&FcHLKW_l8x=(v
z$_L$cqXn;eFz5~tT9VJR11TO2Tm37b*@ROnCLv%pl3-f>e%MPF_CT+D^)v9B)GEQ{
z7Kla5Nr71JT=1jNW^AD-fTViWsd2rw9aw
zcM$ME4&coq>{gez4!m3LwZXNs2W18EKpqy|fc;Nm%@)U`Yapl`E*Mm3yBmU-uJTqy
zGih+Vbv;G-SSFN3yQ|((WZ9cX09F;kHGpbkBbJ!!N4-A46`Lh_!`t`nJN!L0f{AzV
zzH?&P0Q8)AXhAR{aNHsgKs;?xK{>iy%ox7F>*k;bTm9x5=zn|66ag9O9SlKf40Qwq
zqJFKSJM293xzHg!$txP1z=JxOB-&JtO<*lV+}?ZoU}cT<;ce
zhlBo9r;A{A^hjcC^KfO|1W}-?(2KLOX=S%e7Y(pBl#LB%6K;LslEVWw;81Ha!AWmO
zvZ3%PCvSsSU-WX>M_t!@n0!WBWF^9PA+IKlYXOk-VLc;Krvfe+UXHtah;58ZApqS)
z182DOSa82gmI*1i2fa>LWL94*vDNtzoKyT`qkFaX;BLV{5M*@RyTM)5j-`t@ZovwQztq_n>QbJ=%otlHE-zc*k?
zz9Rsiby(fkmZC3Ubp>t$(m;SD11jixC6cX8aX^__<=)WGfwN%<@vlgjz_)<860Uxg
z)DsF<8ogIPRF1O$XmOq}yKnj;0a0=3Jt$M6p4;$3CFg>?p#dL~#w-l$xbM(S7lVxe
zwg+n?sUwGihJRT+IhNw2gLXhli3%O#gV~Usl^Xh^vUve!1^_?}db#O1C*_Lzq_U;=
zBH&B}ld>Qn1Y$GVy&?X4xl`-5Lh3q@!HR}adlF$FM!O3$tfExb@W9wBNPZv6a|{vL
zZmYEf4#LqK_;0rbtm#c305MWqXUT{f3lmO2EFLn4#|XzLkFaFGd!Y-Wr40rQ8Z02$
zzt8{lc!hFnED{clBRCc=fovyCQQ}GF(2+5SdFPEdtVoxWRdPb(iWZGGcd`GY!`1=E
zkzj@o-8Omag4>E>$R2esyIRFvf_^w&KxA~KKN=ofI2zJr>UK<`l@X&u96NT$%yCVg
z9peBf>fognZR#%b0YDc8D>9#4lnkGUz$s{03Z6|0Irlde8@SRx2zHh2_G=RvJOMm?
zz1x}|Nd-{EAuyNVk24~jGJ6X&KX3WOmokd6?oidCUXn761M};wt+RqKud81^wx%=S0>P|+vKUYu7b(ABp^`lpUVdDnxml($`1Z*f
z0Oq=+mdZyp9b&mk6veDasCc-FC6H=Iydb@Ax&rU=s|!g
zk^;9mc@b>3RtUI&$aKo!bzvVh{VaMHaAz`ogprt))Tgd8ZYsYWKAJ9v=^Jim6j=R(
zlKYhn|6PVqAVYXI;-a|oicM4ZNX`di@cFs6rJfnSIlPh5M8
zS<#~XQJc%UC<0m<@tGA`vN^)(*kC9=6cxhKB>A~9#!e%QDd|sOd(^2hE&$84P%5Nu
z0FB@#37D&#^{6Ou>bR=0e8wZ?r<%W4aMZZ&lf$1_?_iJ+G02<*~LoE;_
zb!WHd<@u!jPo%H5lALUY4&r{7=sLi;ar^#w0fnJ)WXD(Hk8ayKav9p+yas6-2bz+%s-3m5q%1CO(4JM*<|O+KW_YW4ViT
z531h)<)AJ3mbySTm*=7Ts+zKEZjCOE8TTv3kiDwax`h)F_B%%-g;?lNs>nu6D6sjd
z%2D5l`|M&T!E@_QG476K_ITlbYho%6`5L|{YXq87=@drs5cnndO1b%=MT_s1h72_Lq*hb#+~y>gI|?b=t<^hQ^c$ld|l#OkOLw$5ic
z*Z>!1H)>dUqbVH9Tczi0HlCTW@n|G1#u18^qe*MfwS^??G173;Q((nx2R3_5MV){Q
z!(J0ArxhiX-l#N8ScfS=565oQ8KI(EFvu>_(-2Ygm0*2|e2h|}!|7N%
zsP#>Dw@y*D;bu5hlInyV
z&Bq_>MZGL9jUazSPx30V!#<7kdrWT>7%rychx_9J{zQCpC7oRiq1_eat_g1j=|^}w
zroacr0HFA09OPb*!M|Zurs#>Da$|`LY^ycB0Z*F@@WDs1wJjSVN{Vx68#&
zuVX@*9|Dy4)|52Z^oXZyndP?{x+B>bFSWg}Z>nPeFbtymqoeTxQW4!D0~RUgOKz-#
zy`Ye?HgnD*z7ywMRxF?_(YxjXM19zrg{ZZ>#rVNiE`&FTbqwGGf}Cg}gJ`_@H+Iui
z-ZJ-KdY${zd^WPZqLL=Jc1?DaVGmws6UKDfRVK7I(e~UzCCY-BRs{F
zQH0XD#sp`AZf=3jX8ULinw3X`J=R5*3)q)iQ&j7YyCA=t#I!=DGHTumK*Q$X3PaQAhePwS4y@+IA#@bJ1?642s->u08ic!
zlvn+bs7Fflt|}sl$Rq#l+rE#|PPFbCLK#yd2coPlinzL+8NR*4bv(&+6g0M2Mw))$
z#hiq$!5p+)KtAro#x^t%$0+06Xg{}fya~LWMHzbKvi`Jks`2ohG$L;!)9MPhs&~2z
z7+Bt|iS-)arA7hPI5eo+^dnmZQ-^lOj_-p0$MCYiaN@q>E}P?S9vuQ?oX9TEAF!;U
z22j{DOR86WGieQmU}@Ggt!x3^!_u-|c+eWZ4LzLD;YrWP;;f!ma95myNNWgL1jS#U
z|IO3@pa?d@DrG69ydM61eiRegC;XbMPPLB@r!LXMH?Oyf--~f%;)5w34|wCGl1P*)
zgxwa1cB;0bl6lE+5M7c^9E54nVXL#2*vSO4AE-Z*MUfURl3y79j0|Fg-FEJ=UjCF{
zFwRuOP^N^ujR4r>D#E;=c+*uK!BYlefrB8$yr_hZn?&Li653eB&Ed;=hAR}b$xX6S
zru9hxodFreBzZ(kvjwvBf#v)$W<1;*qjzc!$V=_K!@0~q1G^oxf{9a5dc%DvXqBD6
z3I*$yWc&PWejr{-()TnUK3sr{>QhPPp?Q|eEXRGD?cNzF%}8Z?!1A_xM<>9i*GCo5F&W6l#W|QVGEa+zI~{?J-I%iZz#h^ya7n4vo6c8g(i*k
z9{i7l2!&O@2}|FV1TViI>-xf9ko7tnqzzV&6wTO0(w3n0_Yo)=SRJ2kY3Jjs;I3fd
zVvdT~nX1DXz~itAO92%Z6I!;44y-NX#*QmqDL
zpla1CsXk!K%uR6HOo
zh-=1RIPeO(WkH(2`J&}dpLNQGU0I$?T3C|Wll3LXz`?+GPrMIzLS)z4o3MXN|0a%h
z`MZmc3K<0Bjhb$~+QGtJtK;SdxSRABCP#a4P23NLh+`a2x%;VDb27ZOI=imG8@MGn
z5wniHfR=2BFQz;sbF}~4sMS?vZA&&7Fr!KtnD;ei_wg{2wVQra=?P}4v|*l{
zih>$+97&kYb%6wwl0^j?PxcfkY$!tg4jJeIPZN}M=K(UcYsj0xtH5HajMV$SkLeJD
zJWNMN6^ov%ex$vj3&JW3sj8Z#tYb<=)K-}KF+4Qi*;~wjpPmvM=^mhWJ{)Of5J7dE
zwRdfqA>w3V;h$XZf}o)b!SYyD38;D$AlUo4*(PwJE&U%BIyK5;15XomNBeLtr9ZtM
zTPU|QBxFSvSOmw?$p<1DafqZgGs32^toH7{sTtd5As;ytS#FFDQZ{?zkM-5m#=u9Z
z%Lu3fWiA5aI;8p_bp#8Aez_5h`{;tClKgxFO6A-;yau_PKEjpK7>fb4PovBv9DW;_
z4{T+bRuihK-3LsoJum=|EQxpALc3a#Mys!F0p7&}XSv;M=e7QDB!DeUIgSfcuz_XW
z<8`%p7=K_SpjLOx$MSrybF(+W9Fgw0*QO|{Evu{aIUf0vFja-;#Ae0wjDqrxAP21o
zAnl+R-gy9wSJYFnR>9X{i3dzB4tYs9%X>e0h^pG`;
zd5D^GByIFlUIc+Vz(A%ZNB~emiFFTgnq#fQObulBN8?ASXaeHn?SP{P7Ob|4&uWFi
zH?^U&4}1*?XDRLRznXHi(w-bv+lu^&vllk{v%1!{Y|=gIO?>Y(Z$pEp0wIAJXhOcN
zTu8{%Ua5D+F-jr6v)oNCB*OsQ8juj-L?N7`Zt!kXQ-1;O!;Y0*@wlz}so1S&QCROO
zGmBwrAAOJB(-W*-(l@W#*xt%%4FLT!P7nPP^*YO#cYPvs1|E~7id~Y>Ejg5+S8xwR
z^YL#fI5?r<07@VCw6
zI~W7>dAKo3ZW;4Pe5+YEHZu3S`_qEG+M4XLf`kf8heqk(yb7*OV_B$B`k2H7CKUFj
zs*?llbo#Xd83K4kwPW1%qGfz9bZUe88Esg${7Z_WrDg)hPb#Kj#aT~SWmw64H5@dC
z>^uNFGgMAOWv7&3o*R*zB-vOIY|U014+c%kW9G@_DXJ9-n~<%F?to0l7DEfei&=N@
z%=uA;K_K2AmruTc31tnuzI5@-s+(&PSD#-c$a#$fY6u~P{>`)!O#zsOsuD2##
zToSVu)U$E{auN)2FU11)$$c>Uy-k{^{hss(3A8nL@ViQ|(i91zrmuZpU#wBliGTsO
zQ~b(HHGUcEqevUHq<2C*uh{c9s%dT+7vmM*sRmDbd8nb!n`L7sYCUXuWd&M^EAihc
zJ$IZ^CsN_j>+S%*?T$Tmy{iCq4$=5H!EiL)PVbS*Z%Y{;#sQNgq`m{l9S854>u!Z-
zOgt-gT}-!$uvh1e68u60vRICK;j5gUSj2vcsxxoqrh1UJ(kL|VPzt)?HmUcvi$?|8
z3G%YhKE^|h#;A_Xp+-Z7N&0OJ)RfBx4U#x^D9KWqbuhXotQve_5ihn5Ev)C0zI_@L
z^y66Dot678<_lWCBy)7-*DZ~oGfetZeeskdUZ*}VZUHCJ875b`dhD;jmt=Kxkjl#0
z6%U_?e=}6CL!E6(dd0DypuPn`swA2b0bptkoNwhDhVAkFK0V3_lap`o{MFskNSo{l67ftb}*aufGc
z8=f&*VJ{(zNyN>&;S)(LyemKBX62s;L-Z+us&gzPqMFzFP-)J;L)C+BFw8lFE`gS+
zPa>9ulT1h68NP-5$99tb_iW^NnUjKuBb&Oj`?TTl5WXU+GSX4NxwQJG4xhzVqp`9L
z*EQ0|BBy>I6z@_*(2)Nws{!#A$x}w2ezoeCkvJy3&~C9z35L7DdAfK7ce=s+%BYYe
z8w&f(OxjUTCnPB3oXADVDhqs!Sw3^lWFCEUAWW2goQsm$qL%G8-XK-0hKEM_4BF3x
z;-+;Y(3yyR4yGuK!`)3u3~nCXT_F2e8NE}&_$XQpM>yx_E3iZh%T
zld+{(xS|5+n1BYpt(InJJZ+K+71Bjlp%}okZslXe`LjE5$U@9#%Z_KZgaP^QfL)1y
zS18FViH(^JY2pd*L=tuqFB4FW9nPmZs4V6OJ%eI~OdYU`W;pog-)U@&S)7%zF*;j3
z`m+&F4L#X9C^{-(&OKR)X(cSQ4^PU}iq;wmmm8RhOsRUR^Ovn_=3dHplXDYudTs?9
zbG}wygke|3>MNYx48j1F3^m5WN?@l0(PwmVy?yrFv=ckoMf1uX#+BIaeDBTh7T{@Z
z+eA<_Sj8xjU#!!XK_UR?frZ{C9FAlh1*k5!x=nz$LLAY3csLp&5N<39%5ZufwATZf
zSol-a|9ZewPVr)OR-Ogtkbx8?zR%IR}996QWJTWOCr?`2Zyu>mMpD%6AwzjMFfv9lUEM;*#hgobSATVud
z2n9*COSga;(0jU+CzSOftegFYk1%@r#+G8^C`U4*+0LA0*;)hw2Rq*(;PB_`5C>4v
z3lirCxJZYy-nwIS7VbvJWK&gbUZZSUmE?l}2~tnAf=-~E(B=o7B=-4&0I4RJFIw2y
zW!*6;rG%}<2XihvJut17gWi;9AOy_$r8;5D4c7ux$QZ+{PR6n%4}6SRhpKr`@w5m8
z6Qj`LvfdKJ2k=`!4uJ*fNNe4Kk?sNhi)p*n@LoDGz7g$B?(UI@NX?S>NnEycR(4>X
zQA4y3^KP!~JHYSM5y*PUZ&{|;z-#$ZsE+J3MXBMJRlss74vLpOVUmBXJvzeVPqL#U
zV3B+^>PAsJI&7Oc*{;lv@+yhTDKRNmA;}*Q5x|kQC0U)R6BMrKsYa
z@#>_EV~NZ>^lWSzv`9+TM%m2z1`JMjjBa7u5|&W+NtI*WU&+Qh2$lq%|~=S8xR03rAsr=VqNK3ZT#RH^pLw@TF;;_@Eg5p4?Q|x!3;I772s;FrP)3B
z*BDVcwY&=cb!R#X)!+v8X_(9m^UdJ%y9Pe?7B>8nm7c(M3y2;wwsv_#Ytz3t?6oPC
zpmIO#?vj%U=RQI5xkK;_6>D$t`O7F|W$PFihYY{z1$L*ZDWhn-7lBi>x6f{D5xcXw
zb;6{%TZ&KW^67{=xuoXYjl@TZ>w;Sma6+>`z`mYqbkP50sqeB6I
z@k)v4J!lr3Ugr2?8KR($By{>*;D@cGsnH=9`(#aovn}f`4Psz|Ek1fp0BE9H>QZE@
zKz#ksSRZ%WpvD-#J{}DO>}uYDlG=16G0>@Y)^l7*HiLjwVvl!UZ!vqMqjt*cfyR1V
z%S_e`^sy;1y*z!OPGb{_4vr1b6jcUkImwUER>{3%HArDBiWg%TYUq5XHPZ+m9@@k%&V#}dfbR){O{?~=pHq*&tW6pbd+9lw4X!ssH
z_xY@h<&x?GB61^;)2B#H=t}I5M-VP8z4o3krPA||QjY|g0wi;b?4YXh
zWFbT(w07lBqSm}h!p|RHdkBtjJCa<_WU_Zr-64cene<39*CKJVqdJ%sC6uj%l2our
zZ^CHgD+7)C*i^5w(-T6S<{bof3OHS2
z*Z~w6n}bwI)tZz^IX@DOI|3KI-<)EFwGGBBNQ>|oS&LGKs)q!JZw1)NtPx_Py!Li*
zTHCrrQ@NC?b!s-56%iaE0|(cAdjG8`M1l5^vz98-wM4KAg6nD2sls%{b_EQCXt0>U
z>n+?cUKKW=hfzwAp~RcXN;#Q69)w0hnKHC6L0WWh1iK_BTkA6Ni?IzTAmt(HX?
z^ps5s3h|`qnC0{mQxPU6s1%bY=f-OABzv9FYql=Jla*A-npU@H30kr!PpTQ%hy`IO
z&3LD~cXVK`pU}lY|Io&TzB^218H&OT(igl=a2{|_>sDEClTYTz)rHo?O!xjGs;Ugn2nenk%_7)x$6Wx_
zU_&`F{C{QL9$WYuyobVtE^Q-;7mfS#o%?i(In|g6SDcIFAMnPqPY#hl+;lx1esrph
z1vva<%f1^#7bI1sPm|rO#M=asca2+%p!lv6mkvi5mZ_mWn)fg*Z2%np*dX*E#sK|6Gz2pcSE7oK%`#;e!31pz^klLr?n=f5
ze(Ayz(kz2Razk@y!Q>FoovTEHZdI>J*qUlT>yGFt64N1Vb}P%4HS26-6SzX6Ss?Bc
zfRwoWSJ|__(N?-#5Io{C8YE{xfP5kIrKO@gWXn{d?VaYmdp{n%{>3{t?rq(@6G^fF
zvR1Y2tBm)1P;$bq0w(0)Xez@>>Zs+f+$PVNVkHKZpYvQ7bGBl%
z65BnI5Ibs5O{P)(9y={c|5dJTjeROI9fL7b&`^nok=bQ$znh}_8iXBO~@
zMbbyDBMMLHj{=t>&%n|PR0U{T8D99|Sphba=u&?VX6BqMe{GH;Bxb@{O=f$Sge+h3
zUsBzM^E6L!8!6)XraXSJ7v35lL{t0-rnb~Y1$1#BTPxe7|z7J&z#(eWa)$U@QAv~vNJ$i}o-SQ6AytvT7Ce{nN?Ml6=m%`9iplkxJX^xVB9egoj}!C+hb3VGvLQf;7hb999H
zbeTXa_3b#2!O}pofx-zvA($m(JWD-UH)yI|Dlm?VW1PXNAnaB7mC{0V1_x$J$A)QK
z+1kM|tE*{@ZDKokIwpmai41n{G*`JoO&}5iMaX+JR&9~HFyKzMI;g`MqtdLy3ML_r
zG&(y>4+7oaKHjsdlBd|S2Qt=0ny)DW)|B1C)*5>P>m3Ye&@>#o70bk5#j0XB8qXAs-5KUVL
zDQGaYHB~gv;cXi7aIu|MJXIq&m3(rbfmAbLelhbpGj4r1JuI1_2$y3*SV=2N)tCWb
zEGv=dFSh9%4ddd24r1y3)=_^NH6#luojUpj`w6RaO1Xw`#kK`u6E14h2eSHIT|gkb
z2mS7k9*w4Cedb#(M7Kv6*mgMT_u68yQ+BJd$=|+_B+b&WhtayhX-!OPMtmB7HnfLW
zC}b7lfGRnyF?WiwtF%|`>oA&-C7R_|Ahd4k%BhS>mKxm)-{_G!YfR;z`&awIvbHOKAB?3@iFMc
zu|GztB>}}90jv_-$XIl5qv}gudq6>DXd51x1!v1%!{+A(1F7yityioV?*RDGW)3^K
zbOHP?H%D5C$O75o7Bu?Dl26|UbT(WN0>b97b9WzR7d=)+O_Z|YE??yb9A~Ed=m>Vk
zz}2O-B&Vlrq0`$p9X)ZWuCJc!40w_h)q~Lf$0?}6Mu>`
ziJQXGgX_ErrxHcnKpO1b%|av{x_l;_91;NJ4RSt_sSaWy?6LGE?Gz0YobMzf_6%pB
zqN8KWv#frFVUJNt#sGm0uK?^|B6m|o+7icF9$ci1)F)_Ufx
zt&+i-YnUuA`DyF{CePYI%bcW!)&<07_5|353UvNA@Jk8R$U1TU|8#ksDU8t|YDpHr
z9Ulp%z1*tty+Yo13_-@AV$9B#O#-K#xH`46>+-Z>Yy7rwm~7XTt7dDt+=zt`X$RDN
z;RPLirKnh3l)?2o5vRY3oM^Z*SC$}s{^oQ*LCqYu0Q$xIQur}gP=7)KHqYfrmGGO@
z$|_)WDmrYROJ$%Xuj>5u#D{TXYpJ*dp`~?H%Kn~lx@yJ%@jy^CLB*Gdy%H=JOU;tG
zA)E6|iH=#(IQ%csfShpP!&@CZ!!GMnQ)mc4D(Z~#qC>81F<4dBGGN2vM2Qh*tuQu3
zX~6nz0r4KHIj_m!mHVhL#1NywAxfc)qg>I1s=$aQ@}{z9PnAQH<{HUf1;n&rsb?rp
z=>J)~pNWU9yR1-DR}_878ev4QZ{2Phjt%}0NS}UGjo{(t(IF5)=_TKG*kDL+=OIFF
zku@Dc$nH%TxtV-Sv=ru{0#Msz#$|NoKjj`CoDn1
zoTDvq9aZ(@Zrn{RDxIx$d^2Q!Gf`FdW3+#Nq&r8d%811hwuU?L%eg;LqX)7)*Y3;bkB8>?$2
z+7`jqvY(8lN3L_75)FSrL4l%4_Wa=q{hp$fS669YB1;U5Daf(
zOru!)EkXN9JT+$sBwRG%F^>|t6dg#LH^R0l-x@q7WMq%`9~{DinMxZ*!MX>u)eNLo
zIM-5TMNDp=+OY-9VmV&}+3~s$vnq)=Y%Z{^cInr^VleEe4)$D}I(xaZ^NXa%M+fK{
z?O)=I3s|p}dTq3x;Q|E9279m$V7WsrIviwXtqoX92Yy~rCf4Vjl;zncWsI31wkEY~
zzyx>GksYM*zM6w+DX1|Xqtn2rirKN!-KF%*Fxv;?)}e{4LmlnxC?tOEip`QrzNlOb
z0JSL>6V;U-F0kC60!$!TH_FMj(Ad_STt}BUJV)2hS3^%HA$nA==K5Ml&b0B$N~UQ`G)VN7TRGcI*V)!%C*FXeY1vJBigf8);4CZm}yN
zcVtZpKU81Yj9}4jS6Ui@=kH44nV
zP8Q3ZNft8e9LGL;ASDAUkG;xP!@2Sl+bWbrDp>`aHQFKFgj-Z`LUYC2Xg_UJvN^8kviDo%O
zEZ-CuL_1&5S_vIZg$$S*oXX4(3^XN?4)n7Y#4hie*B~8qZY4lsTM|PeElJ0&`jz3K
z$4+_{PAB3>Sh!w<3YvA+5yBfQ^|dOIB)6O9W%Tpe2U08XhyZZmJTFcqJgeq&-U3eG
zE;DVYaf?Kn)CbiE+=wmUb!wL`5?Belh?4-{ge17`w$-Z>Xr+-O)6*pnV79uk!3G{P
zk4i{1Cz)0>A3y^{ks1(Gb)VfO&OoEcTE2XEcgh}iNZYJ^OZr-I^d;{P@!{*;lRz_4%OfB50?4iwmSatdgn
z|B)qd2qz}ZG0iHuWU3L=8{2Ojqf3Jfnyoe}whk~6DrWZ)o^z~@e~gw5Yt9$-#5&HY
z#92x*R?DwzepPj+RZnwbjWV*7(Hf}V^JqV@QL7Ha5yxW7EJ85iz`#%U?GcDHfOg3U
zH%V+&Fzu;!FvsUkz&zLuhE**N1(KSURdIpg_8D+EWO)+X=S5vO;D+cY5h$m!M|1tQ
z9DeV8Qc0ieDRMEGUS5U6YxR`mLyE#FPK>AKp|1MJ91Q-GQG0VUdH_Q8Az-=muqQ}+
z_ncSlc&1!lIPhV+9l2XcdNjOc_`H)#)qL#{PJ>Wmkc2;*|;gQ%IFa<9V
zzZ=99J{0#N1g%^McuQq(oF?@#m+>%3PYrlGT`d@gsbV+l{&X;sw1%uz9igtm2+{F$
zuP?=s0w?y7JCO#|XyIL`37vXVVT~Fa!koR|8&B9RCDhs2Dsq!qq~?VmrYA<@XrKm`
zX&!aacF5w5V;x9j!&WbGu5st-Fi~j@MiNo1b2Bg5_kgKqI4KN?V0A{t0Nm>C!=5Eg
z3YzFbHJ{*F=Q^_zq0^;f$B5STCMc#K%Cu<1vH!ZQi6JsDE>GE$f;bQZT1nlwMqqUW8T)P!BipIB=;HQf5ORad@>0oWkx@7aBVTANwNMJqZJzH($#nMB3BudktD
zc?09m$0~c|@cIL16d^?l0AmsBYZbvQu*;}nXiZ-4k6Ke9d=;Y+I2A!5v3oUl?Z3?H
zL}H?Ma9`{oZzTF7zI;W+q_&^H`nq#q$(K_Rz-Kf<4_4DVZEzg#PZGH}1hndlQrbCWL`0
zzzD>J2t&Aet1^CgzDCVe!l__(1Hml1=@87831qPtWy?nnVJo|+Y3+CE&5Bk^k0ij8qsMgcYbHN!PdAYS^xf-|lJME~G&_eo=_rNe
z-=d}1sXBs4Z)_3wKAX_4q;`!x)Ul6}CbQ`WRf?HLtn?nwa^~&I!Jii-Fr(W}@wfn|
zFa|*qKZPfmO$R8t8lvfjQ4rc1lC*3;=+e29
z4?MPrT5BJ3D{XwLo<(Ko2alx_5;{Hl(
zA?3WlXz!0l4=A>pnG7IvLok|ZMqaCxj|LL*N#2_y
z_9l=j2ETavNelTwOKtx34yks*jcImrWQH}!@$>i{}<9O|i;D1}n4+=L%|nhsVf
zW0FkYbBn!AN}-|o9)q>W(DE6Yn@FYrp^)qHO9V`U0vQD1VcLBOJ;`iI$j`c3;W($
zIP7)X=)D33l`BHgd!A511|%>gBQP4Ns^}{2QNGbn%Ak$BoMT|TD41ugvJz*T#ZHby
zSZbOJ`4zd%+k5Emw3~WjYa*_ej-a1;rh?9}dz4i8R&|cNCn|AjMSkd-xMhP6g)ZEz
zTQCD#WF8U;*qBaXMwKJN6XR1k$17Rps3mnE)3ptSg(tpjC|(xvWIY=SuE`?5GcfE8
zWv_v?mS~B;@27{Yz}h;1>DXY*30cKK3r=*118}vz{?t!O@M2#
zn;k$S-|u3=Ib{Y5xH0akzwh{6pf2Hd7ghu}Q|MQIDTDJ(YXT%8vXW`X)88|6HD~3`
zie`#z&qcv2Tb9IdX~!WGi{s(#?(kqLGu_YX`PX!^l`J2~L;zM|t_}%XV5Jat8Cff<
zLqhdMQu`_%#@Tpcanns++Cv_u^s6oVBv`g!8n-BWArEup1LAN|vsNO)14cysB?(Cj
zN_dOx8Q2royAe@inuRvPCN}1b69i`zaUpumwV_cC+0C
zcD5T~bmd_S(^(ja)5bBadLyrcz*0;b=Bi
zyz)p0hfY5zdU>aXdRAVC?!@b(F?(SAj9}scJP|vw-GWev#lnA3HdD#+
z8&}DPC!tUCN_2P+PhF?*2vznW?8Zc2`iO;sp|7-R8V|?aJ#bx^!*1)c8OYRs{zU`m
z=@@1!`U5ZJ%K1-idnIdcd<)^P$Pdw&;1W+4fzG89QA4xf1>|z0M|mED$$@#USa~;b
z?mC}XPwazv?}0%*LxrWY^4l_Q=TPSqVw(e{sdHYz=Eo|M!`fmP5w*Hfn>aPB2m^)Q
zZnwXGPe@v_lfLbY?-QeKUJY$F*fs3`6%6OPG52_rcx-i9?=FTE=l40{JvljMD-VzV
zSX%qUQ)JbMMQgmGrt-%LisD+#VGLo|_RF#BfTD2CyVzKfF`k}`)#h|Dr7LZ9yt?eN
zyT=e`a76wzj4!tidIe{9ZA@pENdO{#Gc=k-ZpuC^03|JOHIE96vQKmkfKsb%QHELz
zOZ;9QnBpo6)TIlC@z-l^Z7D-&{hs-^oiZ8Wne*r;r23qt-xD()0
z?+5vIyyssBrq@S-cDEC;b?a!q5{F>Z=QDs=L|lY`sBD9mjE-Fqp|uUvTa1a2DU}~?
z-9lu9Sv5^V4Y-4$vJ06JTwx3qi_2imv@70c{kY9lEF#-J6
zMkD2r(V5mo2~eiN8vE@*n$8#m5{z~~L;s*|el}>!f2{II13MfJfi$qe%K!~vyg9TE
zVlb1Iygv%Umg4jXs@pkZXxY+(m$e0gR;KL1JTZig?zfWJA_#N>BNe%>G_<^O$CXkgpV2Zpif8+iDT59R-UP6-
z8~JXFX7x~`L0B0&D5V1H6m_f%j^!pDZ@{tQ(H}l?tm{g>R|dqy4ode!voC3D@onUJ
z<0IWzVo;?6ViFud`l7YK8ALMfjeEzvR$s(c;3bVd>kV!Pt%n}J*$ktQS_nU2p&Vq3
zFa1_V7~5kUh*w@moIV;qVre?tnp{7KCl$Si*wiW}2QB1B-phI%^Vg3?O^E(?|VoM`4!)Fp}H0swPg2
zh&5}e0stivCjhoXHbuMRuW`qBr`>moreTP4Ap=)uPA0p7AsM92K}1OOA`T*Vly&WtCDLS4JU$sT)^iqU0Aw$`Lb?=ysq8u
zt0Em0a6&Q3T0I9Dk_~NH&NmAXSlHat)InG&a0+~Hc165dVm~RCgV>Wz8v3;JDyftZ
z4_DyEE^9aI;%nW(;q(!_I9Me(bR;#C^Twsff8peVHf?ggj7y%w_KBBFgoepG*(J$#
z)zDDSeBQu9#iTrT)_ShRWtja2mCQb%DlJdZGrGL%aagvGAxKzHWS6@S1Sg9fnnsqz
zR1JbD49$OmqL|5l1prihy6mx+C(U%j+Gbe*LU=J&HlYMbz_7+-ngkz^Smf%n!w}Dm
z_e+N3stcX3TnVPc#peP)aR0l&JMQv%f@+2@63*Rl*wVW$Fq3{gNKOJRsB@)QL15XONYFJ5C%#UNmlliCAy?ZCvEqiEFtSe$EH8l7ltdJ|YWMyH79nh2c@Zk1!piot}4RV6I@`%S?VW-ir`;_x3Tk7A&UVTB2C^
zK2Rvv`$n~7Z-=QCIN%XVlDkk&kD|$8t8EmNts1V;m}!|P5SeWLTw;X)lLm{~$XQi?
z$=pj9h^bxu48RBlw{Thkbsx3w<1f)3IIp{t&nSJzDJ{P(@$>=M#!72)8~q-rV)F^k
z3+GAj8zi(4K7((%-P6A3)6>#+yt%HAXG;R!
zlsX=Pbr$?Fw`GB{B?XoOn@d1~_bIy(LJNjEFKvjdaDm3Uv;$B-(#V3%l|dXyeD}v)
zzz2qIcD_o17;3{c;FDOLW4QkPnKlNls>4BmGGtL&Ko?3axhkcAMvS?Itm5)fdGRnW
zUY)CkC~$H6>a)}>zUjj9iv4ONwMZ#I35jjzDvX~?qVKE7h|xuQ0k&HFYnG3g%qBf{QQkBN!fGa
z57$Ece`U#{>M?dWe_fgC%p?voPxxVhn?%RF!tv{?B!Y}Rq`b{ClA2ETWj0l^eu-I`
zZxlRX(fmsQ8i`4!fn;H|paUHG5F_ViiyG9hZZg3*p?4E>bJfh$hONZ$!-25d2bG7S
zv(4xZ3ePZtM*oSL5x{;~oYg2V_w4l&l1k&UUp5gKb4r{kXZa+>K0LBK=0;f8oyd5D
zS8|VFIy=DuCUg`CC>66ukv~qoQy>wrZ_`m9>={Wgp|RYX07UI|w!pyo(9Tq^HHp}0
zcypF$(G(Y{U?5|gCQE=TB*LVu-M9WYKzGc!V^@MxxHs4&uhGr}y~v14hj!-fiE
z2pcMB_kxg7+>qg3Zh(ut<4%>L9AXR
zrc;!Uaw}_p!6;I@FTy@q=Z=b!E>0B-#Fgza1guD>mJx3Si{52zGC~z6w=@%LLN?M
zf(9Kxc(KkQ(VZykDM(SHT#0q9rv3zP8C0O#Nu(^9)rAvn^=1KXTiJMGCxg}#+nwND
zx}sii&dGJOni-@v_v|=kq`?-Lk>E`!jR=Qkn7m5aHFtJ;z{tC5P>TGM^pcw)R=WK;
z`=&2vGnmZ{6N`}rJ}#z%>rCnuDqQr^y>&E{ZVoIvqCgofqLBIW7D*qu0*Zp>X1hgN-fW1jaaXhER!s~$W0klP9*psq!
z47GY8lJ|uZ)Ege4U7Y}2f8w(GS1!mpm0i>_Vx6inaoT834+hC5q~{FE3;2s`siU)`
zwiqP%WKmh~cY4Q4V_(6&@+MlbNQGxDbVq&b#B&D)#~y^n%H%$l9h2%us6{dPMLeFf
zkCiedIL31&U|BVhfa#Z&0RYsuYJ-L-k0$8y*wBG5*iV?c%{ekzpK}LK
zwvGR>b^=}(`$}+D?A(Sc`<#^`9?U#YR&ZgPQdP-@9Gi-v@*})JPNlFyR3#g{Tt+)$
z#rjGRlu<9T_wc-uN4;qs$l_O;6|cBnqj13}Tw?L(>hQ58Ah2jDNik+drIa_0{jh*a
zzDNWYS)47Y-x5nLFH(qqqsS2_&`Sj7`2hBqS^7isTPatt92E>zw(?nv2cW~)6#qI2
ze^A`orHUAVCvr=8Nl$K4(0MhNOsalWUc7|idZ#-8Lp*B?>G{(Bvju}Cn9)8!R|S6b
zHM33B?dEDs{ziu{MlgYz6PRP706!u)~
zqU`Y9L;)a5-8&BhA{<;G`yweRuH#MOKJJqbTNC~=;rE8rmKFj?9sAjuc0O{vze#;+
z7b8$Q2KN{JU5EXn2?ig);ZwAcCdT9xBc|jJP(dvo4YIG=Yb4}*+zj0FYz(gx$pIW9kDS89@1wR%n@GLwot81mn$2^+#hRt=cqxlvtAV=;H+*r*W;C6;sT+G2tSaJ(a
zc+7A|@=1BS`B0=19oGa)u*)d7QRq7$@Gsw3bxmu#
ztaeeiBHyjbbKs%<$^u4)*F(S}>w6}+$jY}F(EUVfd!NFnM?l^+P?Bt`x&7jcP*SN{
zDG@w}iCIc{0LK%JDU(1F+S4~l;450!Tk87mABPHMH^tTm`kr;@xy+nD?d+?t`Dq42
z#SNsh5fYj^LSzL^AY8Yo6(dp>{bJnF9cTL4akgfs2ClMD4SVv%VUK?_F%kW+y9*D9
zN%4Ss%xW^{da?Z1Ad%v738O(sC&Hm~R@_hwsSn{1008iBtRy%COg%tY%_gGKXbQ(*q#N8+i%C$H9U9T|SDPqO1p%}VT(@I}a)3al0-CSau
z)m-F9Zqj{5bx?02tj(29Dy|@{#v;zDwQ!v|157{lidHQY!Lgeb8Rf*ON{Ws>OE#P>
zZ(A&PF@^qmYtqwBmefNR#*_9683IKpA1OLIKv@;g?17BAk?^Qi*xB_gQ5~LD=mqh=
zCgfv$!#4aMqLDe33m|((TP!&pm9j!y7;Q<_Bb&^Pl*5sb27;CcLD8T!ep}}%l@|hP
z;uh*q4usYQPFD9J;u3f8{CcPj(>*N5nLUO0;xLB!pMR~OQrU(8Ax%1?x7R4QutTYS
znoDo_ZFV4yARN#PP(~od3r$iD84qxMDD8UT?_dYTrf?bi`A}_7UN`6_c)|~lGIk{^>
zT#*VLo$iF-S^bPbD^wAfw0%rI3NUvqz|=@`L>MsczU>a1J|nPc#vtlzbx;ArtQuJM
z(3FX8UY?_PJ>)npV;r^q6c
z>oq0+m_XKOT)qq+tJgN0Qz^Zvd?j?R(7Vw#wQ7+hu(01(I-{e#emAEWM>Icx_3lA{
zNLrfcuNt#swo{N7rG1n$6I=D=1_?EGMaXt><9_!?k49)alDO-{Z8usVH)~E&BG~pd
zLY&r(3rvt1sB^}GiJ~sa3f*8`&6dG>1xFS)3|%>LqAeFm1i_tqERY~wcw?>8
z+c%ZO(yFhvg9ty=r|E~JL7-Z23Z+1AT1CTLtW*N9Wh{e{`hgU$Twt2=x5Fna$&~Ph
zOnc@K6~t3QNX@mYaRMsy`X1*UGslQ{Jmud?PH+yrLrh{6{uE~v7i2+})u9U;{kT-%
z)Qm5@jv39*>TNcbFR3Wi>hs`a-(~upC6F{s?301xK_+HMm*-@xwfmT#s0z<|))+eQ=w^M6w-L9iETt0$(cJJxb4KB?4{EMR(7cXEH!
z?<}ab#T*P6t3jc;RV@NRt5w=vpi7lp7B1WRoJv>jxIo|e29i7qi>b(x8C5h`Al00b;Q3C(
zGAd+Kn1=E0&{1>AG9n}6f)LcRSZjiBL2pxLYF0-bm)$C6UzWpeYTq72pXVq%{iwMs3(dN3LQ^7Wj+GQNR{1w1oQo4iGIM
z5atP!$+Uto>~RIQ*lX${ZxvHVG^q+b
zu`7}+>#&hR%%pR{m0~mc-sXEY_ry`6-~Hn^x?|}naHgWD2s0M~RPIz#LhF1;S1FBy
z!s>1#7nw6x;Ks&r`~dUxDANU5vN(jvg^PDRdSCE|L1-}KcOLy{geTKDl!4j#4ag9{
zFd3nXlp%1m@$`bvp{onwiAMSGVDA3yWj3dn+=iCSD{BE?IB13-tAZNVk|jX!1susPMvOMT7OJZOT=RypXuTwR0yQ*|D-xl7m2$54@q
zE_qtK1G3(mTn8(eb?D}g^_O{kZ3`l(UKy}X5}l8XTTjTlmtX=DxABeRk?k18j3Gc*%#}>o=eoa-1{hSr`Hht>9ewZUu-}bn0ZZGm
zVnCQwdYL>zatDkl5a~7#-RtAgK&tMormp{%
z)IeqRWyva{T)PBPA5;e2>>f_6+khEmP
zT(bOBsvZ@7DF~md2uvc#)&-(7XE{oYBdK<84om^37w@`^3vpkg2bi1afR(ICXx?M+
z4T%yDgU(l{cYsE{#*%7*vLP9g_PZJg(<`5V!;&r1w%;H=uK3;TAyujswThIq7F2C}-2J|1K^@o;8(
zfpb9AwazZFbwzCY+S8^D_9&0~$K4%Ew`e=cMFoeA0d}_z+f%9nl~bZ(N6gZ7FUSB?
z6_grI7dI?XO@kGaPF8Ql@T0dx!i6HWK(KlGS%hYJdX&vbv<|}WJVDIvo{NgG=w^-?
z`l6-V-dZ9T7lrhqHAbP&oIMJC=uA?MdpG;c*fdJnGfcpc;DL>@PUx%I^Qd__*-Nv`
zGt*mVV<-`)X$&m^x~!Tz)ZwVYRt%^wn&cF5LAxO>e~AnEWjM=%OxSlYhcJ;v1E
zklPZ#tp`7x$&;8N*_ZZ^O>5XmysC
zGYI=zm3GKH5T4$7ESi%wPZX3lI4$C@6y+MzZOI}D#OMbgxQh0N$Rh|J<^)E^E%HqF
z%3zO{Uv2L1V~TUQklwPax!K1vFG*%;sm`CL69AxS1}>dZ+Am1z<;z~%m*6Zgnq}?C
zYP$=H95efYJc25XCp0H>Z{z9U=_b0L**`
zO?Y&|RXTEcbhBm+Bi>z+%}C}glGoXr4#BI#dGB>J-hZR}h~>CFOBa*qAP#Fl;kAe>
zi3Os77FP0G>~g9Yto{jd{Y2v0Ly8(r7-96Q~x2M;J*MKly7~?B=b1fb#HvyP(4@
zP!BP;ih{Cy)6M3y$qzf%hao%dA~dwgW0Ipl%NMUI0WWEDXWAxf9&^o|`2w*4R~X0a
zUB*c98=BL@W|lWSSkn{?F#|6m1R{75BHaWNT?v<@E#5rVtH2u4r5d<>a4R0k7
z7qHanc=Tx2E?*^}Kom>YdH&RChIR_#p9${5-i>D;!gWRg`DiS~_7SHOL^R}0sLUC`z)HvXSG<_7yndRymLQXY-PyffoPrg7Sz>ojz)mBRrjw47gUe>l
zmc|s0*;}3FhN&M_1(uEpmpqPRdhXWw#5P%;|1MQmZ*p=_RJ{7}X!;|zAAh5M}ueowOS
zU;v-MzZkF_<9heN7B|i>zVlL}a|J!0&@^sAldVYAo^9H2fN~IbNMp+5?m;wZfih1E
zF(jH>_B|+NfrjofIvT!R1zn*r8sSr~9^qu8j>ah6)4_9G82Z63DD%p6%+U@g=|pfU
zDmoJGTj^N>>$M57JRRvR{)ut1xXR6GhJ|+%<+_D$mDE_NjutVg9?3Rp&JQlQf)FD_
zWRr4|Y&=
zt@kghb~Y-tfY$e}*_t1Z-}d@ZuMbi<)H{p?|D!KXMHc(wrzEs~{V2{H9M4m_k?`F~
z;(subJe3Li&2ARvPBE32ozvn_mgB1HO~5CCI+b2sNkSfvBDKxN@
zfppNGP{M*9+hKqD7PD{QhM5p4pA}c}qMjMGc~#UQ3`st(hCCCQ?OmnmVMP
zWuY@_gQW*eR_=C<0AEaeWKU_U$^|}VJh)#fjF$78LMt@eH;qSaVYn%}le+D-wM|$E
zna0L>cR=)RGmbzS7kI+SjEe1UdBgNg@tK{gDp@~@u{uqkXAN!HH
z2dLr{{58z>O1v|_nsm7jXr$c;70jTslHxqoD^=EW%&?r{ICj^>U0s=Yp|OD2YMpX*
zBvUVNk6Kr~(eUSxV(lRsY*Eo6T)0~n-%G|!PO>bMfUkHDnE8?n3(esr#DbYZsZ7k1
zEFR5#oGLEOd@hxx)2|F&j@i@D<>h^Ta4yH`(sns?mI}q(>1v3;U=Iqow*a2YaN@}O
z5{`hWDW;gXyGZz?V}4a1W+iC0AJVs&c=nfb#4lzw4?upK?;Q0I*xhN};YmFf2i2R^
zhv!eInk>p;3pX9{?zoEp2gBzq?3l{6q<&mu5=?oXPTrrSB?@RZ(S(0~FqEmD5y!c*
z1xa(eLq8Z?pN@h7bG71Lq&0spEaQ@2gN-3;Nb(;HLCMBs_|bl)vic@%Eq!3?FFN6_
zbU7vzr<<;Pl5&8Wi^^0Dk-S5!HdXX
zYF7HtY%%r(o_qKRxJq+vSgClH*O
zGHv&L+9DzGf9KzNn|UYf_D7i5Hz<_Bp@S@
z!nDRfOX23Vh6h~?{OGoYBe%TSa`UcGyR;j1Mqb}-+C?pY@wsiHQSw%S397XHi3x|QfV7TJt6tvh)__ehU1}I(!bA?8rlD@)1U4y0PFmEV<
zhWU<5uM^?bPp*CjFJa0chhQ(C9JTMmgNgRWn2|8~j52TdD5y~%0tDFl90OiDF9I2G
z>o7D|z>8wd$O+3GSyFb?>Z^KyvL(Tc9Otr;)nDAgdt>JO`OI;$bj1(vFVQ@l(ab`y`guB%KP7pi}ysk>|ReJq6qG)ViYZtjqi#EKnN9C@|+c;@xs%WUD;;SjSt!yqHt)-7`X)=1xG_$
z{-G
zj@z(gfVDw71AHlXXb45tWzl0|fKV|!Xg}N8?Iro}PcJko$D$;Ve5G^j6@VoztUbEE
z2W_g}Eg{vuA*50bQY)t5KsOU4c;}#u4e&Vhkcst@uOdDeI%CTQMSZ)ZwMJrP=>>c%
z;y15~_!dv}%YQwbs2CQY&8ZYV_}rjO#~yFr6U8r^nGJjvp#p%5~EDJq%LJu@m4^}&p_5cVp+9u&-=^){)ArqS`J
zhj7*l8I$;veQZUqZFCu~p{ewYo-0g`&(4D&444i~VVj{YS4q=s4#I`QcIq)jls-4CXBr6)8)pN=$VSrt_!m{M8oj?m{
zrPtj-owF1)kQ7{`JH3+XZMmQ3p$#l#lf5V#@7T%)o)$Y?L9e7TRJ0Jwr@0V#n~>Fn
z9YA3B)*UQdW8)?`qk5Q}4zOZ-gugv%^3lCt6RW||jLW;ILhd0~&Y4&8Ee9qPWOc3a
zS*FWi8O?kP%u-i4Kdohu$}H3#kJ83>DrhI3N`QPC2jFS*5PrA)k7J=3j-l?;`|;C&_dQ=x6bA(D`dlTL^RA6hA`S+tH*85KMuo1Yw
z*oesG{yb)!Jk@p48m(+9GEbZ#@}#JNXCTfn3JxSGs$yA94~mdWV9M@0w&ZPXqliX3
zcCmtJnV0!z9t0G2LX9^QIP2)4_1bNi%i$|Pg(Mp+Or|sS!~9}LiwlLoWrq@lKD?+#
z18T>Pv)C(|O|fJ_zlBWV$M6-acIEoVUeGcyzZ}1HYrlzACnAV)$wOenL-hKoZVs_h
zSkwH5ui)LeZbBm9Ct95=N8juLru)9#JCp(I6UDP^OG$`M+P<9Gh8i==FJ0IJpQb{W
zJf^9AH_AI0yu|`kNgiNM4N-lP+kpDZ-uh4s@${
zpxYzNt(3Mx+3I-J8XMg08`|e0gD?S2-a(Dbn*2lL3yQz6z
zq!9+~Y{hoWP2k0*^P85qfuj-x%2Imi>@xLt>g=otY-hteh!~bD7;MCc)=odqkUKP17&!sEauLd06Z{>wiv#g8cvg_{DQjAHW2#?p{(a_r||%f^g3fWFwa=p
zB52jXvBGPjrX}_5Y@4{Cz-3`y2}{&`qNW$se1>r*74tii8E7rr9FUCk^IQR|<~$fv
zj&63Xz1L(t%(9Dk?KL@P5jc}XG>J1&AuPcGo2wv47`06;Op3SL9ZK=+L~H^<
zH&1eU`cM9j($TzWI=J;)*?Jhe_?b_fX)+l@O$pc_GY7
z_SuWUGpypO$?L#dUDaFIpjC>}JH+o;>or7)#la9b%S1+t_+BcOedi586_;KIYyT0z
z2Juw#y#(Fi*zfU%u6dBQbs6w7*+y+N@8M~XDIOl!(oNrW&-f)NrENVKn0}*hl3%c@
z*`wFdvWN9mk_WK>Vqt&M?Me-n_o4yZG^skzz#5bj(4>sD&Qvjm=bZ
z|Cj>mlZBp*3FT`}feRm?0+QIQ%3ea}2Dino$EKU)W3xBqVgZSLp=YEb*LL14Xba19
z1mYRANNagH?r2sn`zlSleQx)XI>U9zJGExLa8s!FppDfX>@7$|mqr%vkSksb6D9NJJo_Cvz6vhpW*1JiKm^i)^`{Fj>0r=kN2q=IwnqcMR
z4vi$*cj(5~dhc7_X3kw@l22$F=efe{5n6U`qg!S!>j(8^7Fu#FU9QVbi_U}+(0CYj
z)Urs3SAOZBCPfz*RaqA>RhqX(>IDxa@h-kzj7$%cZ#s0NzjPfw;0jGB&%hxI5-PY5GVhf^%L}rP)8q`>!iVL8;
zrCkhOGu^i6fezFjg9ULqAQxIbp4fxW&K7{N5589V}*$T$tI5swW
z9BeZ$dpWrpjy6OT)etThjYYu2Q9KOhm|vZt6~`bdHLVy-Kl8<6R|^FKn!Nvise2PR
z$+EIeG*v)gR1|q`fR=zQG);F!*4`Ek)m2e+R#$hGmBk_|VN_&fWmIKmWJg41RiU=1
zh%ADDK0#;14Us`dP#F|O98ghFKzy=@zzCy&D~#K3L?841-*(Tr=bjUHiO71R0$-hs
z8#nGf%eVZ$ZPoxQ?AkPRLUReoAg^F+?1-4Hq87D^!7lxKh$ms|toE~NpE(OVx)fyJ
zVCLFZzML0x#w;EfV`p$v*%;Lyfx+;sMvT;hj_m~8I^$1~-zai3dq=06)ip2GuE^NE
zw=DwKVIv(T7nX3AVqoRHJn`-w!4I?*#8
zTz5cHszQ{9WT#O!mgdBG)7#pQrBjlk+c`c&<}yVkO^XmYm5Y(a_4p61SLqgx&Z)PHy;t_;bY?C<
zaRtn6fn&x|i9#iln7N)$6pUQ~Yv0c|id|v>Xj4%_4iL+bdy>%LFSv7%D=WX{eC2r?
zWY>d>vbUArg&kfS)@jfbBridC3&jf$=aCWknrOGhn3;L(
zH0Zcl8tSA&p;u=y33v<~c8kYGoPy6Vd~u6>Av_oGo{;^s!%(U-K!PD58SRl4vcqW7
zK-L$^6@lXh*wC&1gRJtXcz}qG7^p
zl$!__;zp~7mzEdvp^3acnhU?LS;@J+UR_?ZvjL8Y9oIe&4H5Ac2d$@NghvU-&2cgh
zk?~$_p4Ko2iTZWqdCNmYc!k6fy42d|>WX8?I6;sRUBR$|R4-&RTKR^q7ILPOowfr5
zfH(jUwTbDRH6Qa%O)FABT7(s`@PVoW9FakIpm)H#(sM0oj+Iu;YZ57h;zGU42256G
zY1r!)7|~vz_<6eiYjVdkgw_cV&s)gbue)eOcu^%}4n!*Avy&zwC(>{^hjh7oIgTiR
z(qO>8_hR!rh>K)gUuR7sc0LP(HIy
z&dZpD&7VFKs;p0?nEdL0(4;^eJ%YySk5WKgqx
zMKTW^up2r-#qiAjsuD1U1!@k3ze=sW0}ANk2u3@)VTM{(a#2=uV_~&BSVw~6RdDG@
z-cR19F{OO|(Fvrgo$GH&(yDZ#cnZaW$+oJiA0E^k5!ou62>0}EmSbj9jy0N!amwcy
zJKVxyi{*rfP0~Y>=f9zyQOJ~xpBpDvie3lu^@+0>UemN{&vxqu&gxwq&FdMXISbG6
zw3K}6mrmv$stb5x$@I>SX)!4iFs{$cu0+P)6DS*|VwY3qsL+5GyQ#vm;!i5Z7Wd0b
zO`R?(vIt6B=N(r^@?1=QdcW}+N>E(xAW(mGFcEg*przCUXH1?%yaWPJuR8iVPE(eH
zFpr0vZplK%@t$=-4O8uOiFV?H%zWEfL)BruGA)?x0BFIZ?#h6pCa^6sPcS1J5NUN;
zogaCP-Ey$Qb-Xu+Ud53GHl{k7igXm6LOc_T|7odp(zvf+c0tqt?^LYkXql4=tQQCT)=I_Md@(P6~zGwC!&L@44
zfIdkV;fI};GIMZ$^@
z0ou`_3SG~HYtWs{NJtOd`)#U+tARbVlG)_AgY1Kn#}|w9gYTrcnpUq7m7X_7#JkdJ
z0WCZsQQ#;%<5GrXYsJAs1ia;p(sPJRI!jGJc5ydOH-e6UgG8%ZPYm
z?w>3)2{H~5fn5Ec(aP?kVqU4UR?rqhw~w5Sq7E!KjGp%lpvJR=?RvW7)7{ZUY{aXXe6_a(Wu~qzc8r2)1PQe
z6}c9{z*`4(%-Mp}0FOD~e1Zqep7Y_$Sm*#%P2<>sxD_FaZn*guHNEu7n*%D=eH{Ni
zI|ReZx$n;r27pa`DF-)Rm;yRb0Fv7^3Iq6g3+$mYm_Bpn5zHf>u){|%i-;gUKunFo
zm00{`o_o=a1HIf6=fq&?EKNt2@_Vh2|oC)78lK0IVMK}GGA
zvL0d&?KU+>-9Vef$r^gQb~jhXNFGqYxArqEc8+ly-L-*K@HpGE)(jSLTu~IIoj$!R
zD3rH&R;OYgU{&EQc~-zz6@;_NZXBH&`OjHOrAz4H9F;CqMJmjR3{m`pa8#=-LFu=o
z?3Y$CWhWYm;o}r$+qu1qrepA}(YN#OQ=iLJW^ML*5(~y>*LuvxJ>*DrXUHuwtp>45spo|y?+si5N*}iX>%3Aa`p?}I}(A_
zVCkS{PYFXh>>ENk1$P%u62&PIFD7{_DJE`hrlhM&Yns7ko0^yIP>&Q*mCzjb0<`0P
zpM#%J8;K%U=78^l1Z)nXI_d#RMM?x+x5Rz#X}%(BHm!Wf^<>~-@8Ed=@tlxm5OP+X
ztq_sLR$8_SvSrBaw~I(uhC+a6#PPQf`3x5~D}75(SzT@89E^wqCFJCBPoFDzRMg}{
zL(emVGL!>{)tOMU1e&Yh=xD2;v33fI0Q>9|$XZ&>-#@HAi;T73z|NIdBCp$-2BRWqG3E9`xcMMnN;hIw?N5c(-3G};)0$cg(bU;TV
ziFkp6#iR&!CH0f9CiT+_52K`?D$^iBzvt6z`KjEu8PeDB};If3!&70{f%g@;Gyzj3CQ9KM}S_$}-
zXbE_p2>`tph$mSn@x1*Z+i*({!>cc%T+=hjj_uOXcahpWUh-A!4pR&%O
zeE4x8@HLFl)&@2Fx5)k5A1PFa=kd-W*mxmhyrHoX@nCtDdBAA(iwR_|i~}4rwRB2V
zzg$ij7;7}UmDGLcGDz0kqJ;I4tMe|_4nCF?0iEq)Rd#SE_0{{kRtslSbk63Q=0?WQQ
zLU})MJ`Q>T;)MmH1MUd{?^~WyWw=Q_$Ev3tgqp?lctuvB{4$FCR8cLL;-t=*t8ALk
zY_hf6cmscZh2KM|uZ|HqI6E0ZvwstXqg;AX2G;Ff=FUQ)i1q)BA^K|Da{^f#
z75aGt)wL-y)9ubaA{!7yimn23r+IMYEC7Q|x$zdW$vH>B`Wj8JJ6nr>&m`;_iss@-
zuJgkupFas#dO@+sbuP#=)Ud%FX#^Lc6L4SV?M=c~`zsXJ%5E7?K?vi;LuJPELgYOt
zXJJ%t6d1A>`g7~8$HC!9`L%c&7OwuE{oYe4he(m1IXfM2$NGZB^L+K=rzmyh6}Ymp
zRq_f^-S0NqDrm4tYePmmJhhFCnG9k?h#y&Z6oBmll;q|)=24skGYTzk17+TOmrwM!
zCTpFGTvV>ZI()N(rvVq`ilhV)9T7By($6A6(-tfp?*BuC>Ky0fNsGdbQQM
z^;RIwgPyLLn3Q-PiUQfUXfaC_cQyO0EYw@86@o!v|20gfb>4IHoW^XuM!V=j+W=6@
zFP+Ev!%3i;2?*ig;2L>()500jpCWFJ!{=c?0>NNPOuBGI+}*!&dLS88nAGMts0-}!
zo-?<|QKi}*P?iN-gyO)|hpeKwAn|#x)$=NwQI@r+5m`|0CVQ-zb0qae&EcpVLNaB>EiXtYkYo4D0>=vqzrrBG1!Ko+g?0`J8uD3>mtjo-$9JG
zuLoo^G@B=!3OkD*{H~6m-gs7GMF@&O#S&zOY_D>3siO6Dr%BL3*hw@6q5cS^iT$z^
zRl^t&P>a2tBOG05fjW2=R5k#tQK9Xtnd|wfUh!K8RaG*6LDPc
z&7u|PdBI$?dv^n-+LqqlcmvZlt`n1XZnz@QcA_*nn9rXeg{~bCM>;EOS4cI_rJNt%Li`LMR@pQV$O1
zv(UQaJST%u7P6&#$9)JE6%gIE3zWAiWh2lM8+?g8OjB=BhYq@U{sFM*pqevR`L=W
z1ZXJr-1B=pth(StQ*CEn>9qo<1v5BhS_`(9Ie!ZuWPXprC*}eX#o*9!aD2Ju_U!?+
zbw@oHxRiR6yEqTV1s3V6SMDgl_8i5)@1jyBu2hTLpaW_Uc_tj$|J&>ssiSrSdX(X>
z&=;UCaDsWkl~Y%Q%0o>>ie!Iq!D0cPx0xgOiR3YB6g7D2$B?x-M30e06}&Nwp`Z_>
zPcv%>8oEQdFZ8~U7Im3f&?K9~`bP+XVbz)EFe_SDl(>?dBhtIMo|$cBPqDXhKaukV
z1&w8g>)7NozQPv}d510@5UbRXfo#?N6t;$FwZM#u#i-@1(5Pu^N{>U>c@?UEF%u?q
zj_WSoAxm5+1yHnP%8?GdzU27bO}4>FJy}?6%8#P^b?N~<0JjV}yD;K!aSaJ;nW~|5
zxePaDgXUnMh|?iy=vHz+C@6nr)ZNM{(G*`@`qTCv+M7l+VNaW*bVA@N=`OQuQ3byf
zST$hP4lkV{Z6R+P0rF*=m+(W+l0n&1D|!p_saS@j{;3JAm;Zqc7z>Czd^E49U2n-`9JMsXJ57)Oh
zHYs-c+(2VVX>+va1V;l2)ltHYA63arH90#zzEpM?xa&f#q*{Ugov0LmYUygDz_e
z9fWG0S#^T1Haj+#H^oiB{Rc5BEwISmP?e9@tNw|QoI9()I+bTaNkcs?a$PYR2<&Au
zYkn~!AjE=N8^j_~X*Qo;uEO#3H!7CLB=J>}ZmsxRWhgl-)KtX($*Jb**o*Y^HYq&D
zi1(u))edz&++J-ISJ@`~7T$TTN**Zn^*2mq7TRhN#)4ew;Wi|#V9s0-i*{^6TdZ84k=0*lL73V>L#tE>mA#Mu^NDAE2xx5C}K106;&v;(Dqe9UVvS!YofZeqY
z7xSI*A`R53TryL^As^V0UbJxL7!PWb=}>S1eo7Q{l%)!1sE!Xt+1IE0MGT2VD=|i;+YubJ~M%9w1=&N_T`%mfD4T@nGQwYC&G!-M=~^V?8wqb^Wb$
znx*3(XEX6(s;l0E-;%(#I%ydz%by!Ne9(S1S)A;^8WxBvp_Y9u{tJxkQv1OXDo=y^
zXMsf8tWz+LeZ1|Lbnmj+E1MzG+ONqWMYJRJK7k75HGpI!nf{^{5ru3D2b+h(`UoeM
zGKMW25|e;uFcz6thFdN403ff2#@Y6e1G$0vlyo)EP@wW--L#iuxNJp(+t%6(hykY5
zmwIbd4@T>KM1P2W2C2x-F_qW<bjCoekfS?;@N9l2}dkOsXPlFSGD-Ge2qCVzJ(|)
za=oqf*SGp3j@{PdlVgrC9?A;>rjEdD>?`_xkMUCUHiaT0ZkyJPIjX011SUhzYmcBd
zSk2`nuZhJ+NV_n#yJPo>$`;$5*%!!WXr5%t#ivLaP$S!6sT6?4P@#Ahts*6#F5SQ_
z?m&BdYb!|7z#;S|F=E*D+Pz2sV!?P5UbnbBftA%0TTIwB=W6Q{7q+W&O-DYGz3lsY
zc2n=8s8?V0YZRQ|M6x;J>0s+A2IjUh+~{jAF&IS@0W6UYt>{
zCQu{&oHjS*I$0=`$I7h+E6%XBlN3HY1*x;02CY2yhIQH_zQiNwQ}Nz@z_CSt__I
zuxga`vcN#1%Ikxf^zw^t@{>l{T00l=w6CMFV=Giobg;R#jc$jgsAF$uV!qV^!hcdL
zI4~D9OosFnEP5>ukE;xbc-!{sG#hQqCMM&Cjf$F9*T
zkjirnSIKnOz{2;qiH8N7I!87%bO5Xw3^#-{_a-gsi%rKYDELMk3M+U94s}_nd8oe}
zXK2ULg^`HX?@7~`v#epkj*Sgb@X0P+=%D03y-lbeNB2gigcNedCL5iL8oA&+|bJ^={NbGAkZJ-+uf=e%C(yJ-o!yIv_gIcQJ)aM)ha54#Cv!E;bEhMJ
zoz2qzp7_$n%s?osMsxA7*sR{N8`yq;>yn;PJrb0m1TH6*85+-
zJ)HC@Z-u4N{Iol#D6;KB@`I~}V&S7b(x<2+lwY3b8O*^_Dot^FL!H!`ej5Ywj9`_v
zz2;s5BZU2dHV{&hY!Fm;_Bl}BLsZ&QAg_R+)#F~Q%x9J+a3mHa0`Y-S7FEHMS-?(q_YH;I~h!_
zH8T0KWT*0`p>;ED4d}8E!fc{BJgx5Cuwcx*t(=9g^&%#G3|WaPaAve_ZDqAyD{3!r*b;1=XNage
zlvV5%l*YETr*h%7!0m(b?tTz=YwsE&1%?~kBW|98fgYLp;912Q(M#60GF<79R9x_g
z0BK5EZ+7|=;XvW%9%{otDdEOKm|pJP(v0tB)k+`(WJ1`*7B;E3cnZc$=}R
z94E?|ZDhhJumsc;h+KblvN5!f_q0IBt9b20YK<%r^wHiqiwt#?8ueO8V$<`+Q7r>I
zCtp;Xl413dR^EYwOUaqqX&q+2&T%RQx1@LngVHgbIC#9GCXC+QmNQQ#_H3a9UKo&f
zIshLJSPta>b_rUzSZ)#toXpwa0817lGd`Y`Il=^Ic*Qim5&MB6Zv==TSL$)~7W3QG
z-+?aUl^&oj<2zJ8#t@3Dc!00l(IMZ3CX|Z$BUr8Z!>~mYq08KhR#?eA#3d`tVIf_K
znDNeX#Ou&tVKhvzyjFtu%Yj;nd6`R`pkd!fLD+o)9b7c0E&!{u5is;^$JUB?rDoKpgk%IiU8aQ
z@@l2nJ+_en9c9VF^*NzVe$;E)gKsqJ!U<+Ao=0f(kyx)@TlI8uy@?|c7iNO5k&Osj
zs-kTb&90@Xos$aWHeb^Ufyeig^|k|n0AC-MCPIwWWl5U9ZWDEYF=mQ0HNISNceY}H
zW|Fb_yx1MDDJ65HT@-Z~6;@C+Qp+?`OkiEZr*()BAG8f0jVIt{lg@CpZ4vlj`d*|~
z{c@cyIy64dQ+bx98DQ%c-0-j*v3BG(Knl?Y$$74#%>M(}3NYb1xsP4puR_{!X|)5D
zeuiKs?dSTO#&VCZ4^MEer9|kHY_&$p4feN1t7}p8T%_0m_Hl}|k~30lN5^T3bPz3?
zqgAYrun!;)?vl3)rlgE!ho_#V#l8=Y$|t9o3E5rC5Etga^~GSov&xNv;kC~%8sOkt
zt*HqG`XhKjFQ+f-WDq@tZB*kY?nnoh3s;{e+Yp7TxBq>$cd)}Y57@(Wc`+*rT;G$8
zGxANllam=hT*M|ee>`OR6yt$o!`QNh;lN1`=b##!k5`K?BjKTzQB1qDR_$fVz@<)i
zl$?hMQVRsTK73D(R|b%DHX-H)<2B+9O{C;OmXh=~CM3y6g341AxXTc0U|mah<>@PE
zz+G9AY_O8R!YsFWu2EY-BT-R~f(#nwk69tn2KKdG~HijvYOa591abJR(E
zQP_nb)t>RHEYyO`9e@Wosh94Cz1BK(Lc?X@r#w4E;Ow1E32s)_&Dnp#*2gVx5746<6G-OnBCcm7oI`LLxdxu<`Mh6b2656iNYyf%Be?
z*O5vrNTG(*evUEUpn!`Nl$)b+la~9yT&~_Jz5&Ui${aU`oBi>2Zw&Qe7PpJnpk3kkf?ZoZ7G`KoE4o|5ehsOwaY`{nSE)gDRv9{opC$>?KV~e!Z0GA
zJxR$7?{x7alD|1;F|`*^(P#Qho|ABzA~tS@yFdQ%WzzjN*-51+
zbbQL9r)6sbTX%=lDDX6k8j#(c+jJ7@-8!5PUL=PR!;9hjHZf(1^?`$dn;l~vxA;>s
zKe^wkFl8C{Np?_?X?4e>WRrqbX!(oFK+l$t#z}d&*eRPN=fCDzm0B$UpFlgczO?@htTF4%`f%~
z|C_y>P&*?&jWP~MaXh({pGq4Rn)+SPpU@uHYsV~(OLq>VOF^Q7giy<+slVAk_mSfVT^PP
z37$2pl^zpJxvn#ZN~+O2P=1`e1M1)bZjV%cn)f>GwxjI!@%z^Y>Y3`c`bXBMyEGBpL&kr-E1QpNg{kp
zcGg^f(AC5U9l$B2&e!P3X~c@f`tV|l%nDL6_}>B_lC$cbZKSB4Md)(nGpLr2+jAvL
zolnVYsMcWDBPj8JHUK%Y+3$`nTvN>ya8)+8(^LbQawwK2;W17{TdUN%OTD??nThUGIc9+Op4AV&e7_qe|4)*Cx`A9e?R;^
z2%{`h;R$(xLhZf&!49F&%z-cghe=Jb2{2X&>tq!iTArjL112#NwK4Dn3fh&baOE4d
zg2CTN>xVFqR&`tzw?rtF9^<&sbcfi3G`Wv9R-6p9P+~XX{8Fe}Zdh^UTnHR?;u1+_
zI$*W4zS
z>$_@8>>`RrCVi#@ca!=iRZvRruEN$$URs2In-~>pQ2?_(LyB2gyHby%`Iijylt0&V
z6i7!HW^92Zo#DBGYI~+SXY}D!u!+x)20H^S0#E%Y$3@((L?r4;RF1eWH0N()**;9;w%O
z^eJ_!vY+#{lH<@NsI)dCPl}4hpB7-kLaq@xyPtEctH7cQVOJ52DKihbQUW^JLD@kM
zB`V(`vBB4c4V+;tcxkBx#+-+aq!^xXu{_S3-0@R^*J&)Bz_#VdW>%g&5SMLfDHsU;
z^U#|)77d07cru!MQ;m$+BXj}4
z0*nGVvLy!%_7AHl1f%eoEoySHW76Kzn#KAdmwH@z>WJj589Hv#`uBiuq#oO;mY#h`
zn~OZr5x9y?Gz6BM)CaDMM`C|bkQW#w2VWGITzp4S-77j3$jKRVQQYd>T07^J;Wfm|
z+1%TZcG=8)=ID14fL{Dg@@mCkXg-dji+Vwle04!i*j`h^8dF=PXc}T6j&Z9uscOKwn%K6Zia9|U6WvirG
zSN6imP2JLaCj4-e8B48AMkG%UFAjQH$pEnREb|MD0}5+7izYq{ZJ^w1W5LXp0OQao
zPV`N@kHM&dc364jggz&_vzZ07ZT1vN0jt1Ol|h>mhB&$p(DqoSH|xv2?wG7_NI
zEChauw((;auIlFVgQWP0w3Vs~SsON;OAr6`wd0;FVIB?kp;kzYz@UpQiV`c*+lUmylVt^F3`6qNZwCqp(A
zyy2>%(}wEyCfnWh)BVkh6Xb!M>rb{vn*{p^nn`v3VFVJeN&mDsJ};`lMOf9@bm*JY
z+gw?kdB3&W7kIbP8kZr
zp>TOf$J#OVI|LcyGOPCW09#Iz|
z6%Vkv&6YJ;UtWO^X)03(qQ~v_uToW4eh2=i7|i=AR!{yZzb9s02`8#&r9y6E0TBw3
zgJR@K2nJIvs-pVCv1j#SjlfsPRN_2>uzE=(yi*nN(hB*<7njaKw~=T}ykV=uR+lHqm11|kBxgvGK!%x(n-i1U7ikh1TNVpJD;rg33eIhc90I$Ts`nkAnp^%qE81=
z-~lY9y5=`svb`kku}iDsa#-!Q3drulz2wo!Oi}7UbX3~h2&Ct`w>qtqsZB@=rshb0
zvy15H&R})vY2y*591IGf(-#JlD+A~Hrc2N&Y^Qx-r@OvQ8C}r7B(4m&p8Utd;lQPc
zM=WuAO<-I!QGT$INZ-rb9$*Btv{Tcrp%C(%RE?OA9T?JQd}W3X2Yz=xuSNXK-HM}7
zB(i&+=a2oNcZMcoCyW;1hgkCf{g2}vZ4MNuS?(egMlLRB
z_$?U8nQKxKJ9@>Dyt1&3_IIq4qh!=&^jzbhdM{=-^C%~+L0yfC?2e^B|B6PQ6U)U6
zAHupy?gjsl#sId|A(zR}*jCP*Sz=PkJE-h{5Y9(
zt$7F?eoDvBP9MQc{i}oC5Q%YHYiQTBj#I(4w^{#`X);FxPkV;tHG%4>F6R92SuZA{
zP-qMZ2S=@iil=}WzmKkh;pSFL%Qx?00x5HXYDNu5#Ra-%M32jaU#rlKh-^7$mrZ?0
zGeYDmd3R<7e$ZPdfIuV9wZskD*``gcM)hp+?~@QlX5}8>eyz|VEqo@$ig29yQbmY5
zgitF0Y3p0^Q&2myN(#hNqneD=xPZcKH=Vj3;B;Zde@o1^qF7Ph-C0Vh!(M}>oo`E=l|;eT@)_%g
z@GcbX!v=9HW!O?|gqcueTW%5uVVJD)0>xPb7
zK8YvFr?&5B-!Gv|Ggwa$#VPw~-`4O791`T1SX&rOPD9o~zbmo)MIB34;Utq{PM}8~
z?I_N$e(o50@e(#~S=|Gxh3gmjI+U&h#0sxo@QnmGJDudL%M5$2%DmAW;pnIC9OBfS
zD$Xu;WVfw=6uF%&$0z3sh{RAu&j<$-Ln&BBiy11wD(&}B>|AU|`1PTHdwp8?~pH4HYdnii1lr8xb9X6*hHey9%69rb=vUh;CAMO6J|I;N@(9?KD
zEPNfPjbGdO0DYD#@1iO1aD?tX1j&W5ZhCeFX&UrErg^eC_6E-ZCEb=)(^El|MpxW(05Cj4Lx1
zadc0P%LJybxtI9Qbxujdy*s5MWai!l;(P~sw(wb4BD^dmj~Rd=kqic(?S>92cXlTD
z69F@0H0|b3_Rh;HwGBFdCp;h3x+W(n{710wu%=rRR+B5kdEjA~r3fkp_Jbyn6pO%$
ze%a|V1UGr8^@7T|*?d@`8!SRQ^K+)`Zn45B=&sSGH8TGRyuoMUY~u(}0Uq!etf(1a@B
z<45i#pYRk%Yz2;2!~1&B9sdbZ5GG^FE@K{`aDjv#m#wPkx6buRGSzCXpdzsX#V=yEvzj2T
zE?xsGg~FIHv&3Eq%k#?Sk@0fRhzqLfKUD#-Ou;N>ob0wR)GVcnp)?trvlPZr^*htz
z0U7Qw$ATHUi65sIrHv~XnuuFvE(j+BPoV0u5Wj3^xr%_I6d{DQy6T}Y5>z#>B3-hK
zB;^E2G&IdhJq&|HD$)`==eOj22xn0zS&O62WN`6#F
z&C2}sot5#hvj&Y22co8$gyLJ)x1Fqy!KNJ`Sqi~d6Sp4?1xo6=ijdI1aau>{8{$E7|0
zFG2kf%+7J^wYSip-yQRW5f}999QNF#O>xg>!an{Yd8|W)k@uSZcK568IxfTi%C=q>
z$?7if&tmWcc?+l*l{DMk_S}}eygVchMp(X=SszJ+T6_$)5moTV*ATuaEh)(@F^h+R
zI6XWSoC9~56y}AEYbVg`r;94Dq#QMP#2txXm@@yE9|Q;#_Pl(f!3xT3GW+Jlp4K8X
zE=tAW+RSnx8tk$9GwZerClqM6+L(sW
zp~99v4w^0wAoo3rGvXx{0+M338TBqcDOqV5(a1o}XyT2Qb^55dni1Isc#sI3q`vs3^-uq=$4WQBCg|$zCr_oH6>IdKoftF$rgzb~md?;Yxw>KbH
zeiNQ&H5l<-`_-vWD&B%P=#8b8Y%zDQk~e@_y^MgltDQ0W?$K6}ypFPc(&R;fp*6B1T^#5Ud3Py)9aj3!fIrbtwQEYp|k*3$3fH`{=;vZ
zj-2T((@rk1?~3oy+Pl)vw$fP~h>Zm-A$eV8l6Omo_v`7AKf>NKw3w%Ihlq8eilWC~
z65H1VZHC4{xwQQEn7pizw=Ueo+egk8WeVK)-gq-WW_aZ9VF;%4I0wr&SZ!le$+t}o6+Or5vz-KY6e?WPi&xY
z<#?S#fTfCwkk7p#Dl@GTB!1b#$>gL3cv?)p+6)8#O8D}s%XHTB%`=Qd1soYpn-r{)
z@O8K(r5}j^go(4ME=lB}Y_t|u2cz+Xjm%)l0^u0lKjg3HrN(c2mGMM(6Af<$tC4(e
z_yJ%M(Evqy-s&O^P5R6>oW3tplSYO+c2z8w#j0He0Bv;2Y(wD1Tw#!iK7r4hIRH`)
ziXwl~{!J3bto36grY2YThQNwKX{PxEIO9ao+M0J$%CAU(Gd@Dx`VLokaskdL=CS10
zc__Y=ImvvqEx@Rzu8SA?4>qjL9$kUHM427wxGr2X*aeCGWCAjx?BfP`R|I$b14IMu
zK(sFUm$N^0&Gtdd^}8SDIdFKK8@QIjeozv!lg|=!071!n`*Fy@j7?pi$b8|baNKbI
zg=1Dq>X|as28Wy$hA}!ZQaGQMo$p-NOr)$T79#{X3^zL69@^GR=Oc>H=uEm7(YJZh
z7Gu-nHuHF-P_hQ=isRHosut4)34Z6Op)3P1FeHsrc-m5xDrgz6tf;1vrC4yevX1X!
zkg@P?-%Z^;yj3tkgt1|&O6nq%MyxvsrlP9EzmFQUhSA{}Jh{m{f0^ax^#kub1F>YQ
zHnBh5y7+)0K_gUeh#02GzI-})L&?YcpmyB0bCAk<)4s?QQ;VrsT2ALYke))kP?m3c
zv8np!ld$uAM)qN8HjcL~-6c_#)NwnnE~eK}&i3-uljI-*b&8(f-csX)qvfYmS`qco
z1;rIOK@-^|amj>sk@YBIlK)u=Qi{K7e4>aWX)3LlrS+me1$`(vYH=^5cbNQ@<9;xm
z;b=e^Gx8>0I3OLhCMOs7!e$LDiY7NAbAt{A7ux8LxsXkDy`4RV5VRNjo!(l%cUeP;
zv}bHzI$wIGUo>B-f;)bi;fK=hYWM-F8Lsd27gkpW6w>60os?=}UZ%=@XA}rQ-x*0;
z^rkAlOVx(=3>-f7BA*XwZQC|I?VbDq#~KmnL~p{IL)(tw8Z^E}jcUY;KeON2s`Y}x
z{4&wz)Fu>`R?TUeGd%qnly~G;$VtoCGGFf8>Bi}@I0W`g0kpWNz>SEctloK`)5f?
z;0W)QGl&9UcvJaR=QRQ*mQ@MIW29_M^ra0&$eLPPj0|$<@+dr*IOS5BSJjQPy{g{7GnhEq|4TF%yvyrY|CBqMAe7UnS%#w@Xh(P=i{C{eLKM%W-H6KUY*YSFBw0mv~qY-yGN!_g#bM>=Fd>7WO351aZ;h2b2|Ksh&Hm@|ea
z2u26jEUGeyN=5%-bxMw==hyHe1Phj0RMlbYg(h2(xWewVrVM|FCKH~JaRs=nk
zZ?wc#s-jxpf2S
ziP$JLdY>kCA;p$s$NJ&rS$k8mze-MObh+KuC*>R4oHNx$&U8>!+KbyHFyF$5I*7cE
z-%svBQDG7V&yRdgQ!$`NW`d%EP+DaEIdLo^7H8QRWSNuOb9$?oEaFNa5k6U)+jc
zjwir*&>Y{csP{sJ6+A10Gh|AAS>TkkgP9RmrPX$gFk};r^{fv}C%)*oJJ&Hv+t7$1
z8;sAQp32~=LRR=Wt{jArnBi)o#XVGO!V2)!NZm^{N9S3{%Q|K*bUa8m!h0%nnP{MO
zYUf8>>xoN=f0MsI3yuOhO@)C(wcvk}Gd0aFYuLLeO;=$F>acvUj*MyS
znqx}*Qd`$**FR5G3Oy%=GPK|g)Wa2N6iCN5VT1_H08?NMg*LhwbELPBx}lvR;7QC3
z+e7T{SyEN=_U^bZplm!s$8Lzcv%=5Qsmi*PMo#{9#{vnf!8@0Lfu3a(m-3iLnmgGy
zl6c~Y_L#08zmMYwp0;3yu@{1n;wQ?upgJK$Lk+o5duk@&)raHa+RNm_ZBim|UJ8bq
zQ@#mR&+kJq<2k<%*G$q@lR8xuH46l$rFt;g9pcNI+a{7!DO@ws-%ZsZ*pHkcAhJjP
zy(%?w@)&8;5|DdtyD=;AWq2#yi!o_!d04WS>#$ZQ5CpPGFf%$%)Py^BFw-G`Q_3D!
zfHMU0EJiMPX-AezR2q^>C7Z!f1sV||c`
zu)sQmrlqP5vpl)B-d}m@i1cq~chtPI@{|f2&+jf?iGkEC<3kpp7xL^Czq%2mabGJ!>|dIMx*!B
zs`L?~oxl7f>mwFZr66TZnlhFWsfCl7bDkmYyg-a|XB|~*3t-2jl(T?Cc)7Dv0WXd#
zfr2G|S
zLNl#Bd3uquWxtP
zY2@0Yc*d*SB2w@;q}ZJM|aU?$$qty3LjLZARQ`gQ4M2s1?e?zG;;
ztc5i}&oirD)Uvg%V{==CUPbE$&ZT_qMPX$M=lFp+nk&w=ew!iTTn0D<)e(|_>E$GX
zgt`3uv1I=IP9&X{-Twe
zsDy5^E+XEMIUEQ?r4&MFi)@_L3l<%^M`UY+s;ix*=FXO4!s{&eVm--$v`MEu%OeDX9mGn1{V#vJUKv7mFn2NwIQW}Oy_
z>nrxyE1aaLUeo4>wxR{e#bO!j%~f#f>pwH$Kx8=bxu5%u!=g1@GCr(Xvk#_3z6*|k
zg{!F5E&yYrP)KyN$26`K(npeWi-WL&udMVfSW0w9+6>;r#CB(NMV*MJ@Cis|3Hz)T
zF<9@8;o`-fv6hBK2Wb6bcVhz`6^^a1qcsn*Y-u9gOU0kid9hK_mFzTOr{;(83XX~|
z#+%rh1|&I9!gVWiT_R2dI+A0*qXwXlgctHUYDqd0-1v;qs
z0yaeizD69uf)?L6xc}Jr#BdwMJ2B-@V`=X$ox4<__Hq?qq#;{|pGBae?)sJPwXp!5
z1x_6~H_@}nDb9>Mg|{o^zG<5ei<;)Ag#}GsnqhnHBuHdOI$DkI
z0GFwi6_tN$bd3KT#+tC|gcJ~4x_vlYKaZXcycPB#y3_rOH6V{^HEZ1oE%pSLy2i%H
z192%m$6mNljCvo{UB8y;tSyg2l
z3&v%TGVa%|#r}#H;?p$GnFC9;?JEMK$XJK`I+A7oEIn;J!tWmhz?*GJs8jJ6jtvxhEfYtH%9*d|qOl(9%=S;G|2#&r}+chhI--Qh(9LOe$
zvbtFbwtCX(Gq)c*-RX?CFLahVm&T|VvqR;OZ|-ebLg*Y@(HWl+t=~&kYOeERW5ps7
zSXzn*G*rvdjb@UB1@_$RZn*%5NDEZxa8~>U4eBXULM3tK016TV-pQ%7!F;S^v2#ky
zeNUglEvo`j(Ta-Lt0v5&JKW?;{R&TTkWlgkWyFc~>OE(P-f*ZlGVClTFG{|~ehr);
zf0;;o)p)w#z?&D1|4azj@?^7*FBU`nB#h$5&ZNe`swOh4M;H;^vvJnYVrB6(Vrp{9X&O~&2dy0#`lcKdAvMX
zpUjXS#k-4htgKPvd7yq2^Tjq=7Pl+LZTx}G(`n@E4y}*U?5lf(H8Gln{9M5W
zPOl2(WjJI{Iao$wleH}@RfNr=4+HVi*(u1mMAB_s>M~$)lE;61Cu19rn+i;@0MncZ
zQLT$7;>HYls1S?KnSbW4nlZc#2`p4@`=Cn$IYT|N=|p%(FAzMb#d7sE6*H_VDhT~V
z@;@QGNLi)E^-HJ<&1Oo47O*NeEJ~DoNWJd*h4sxoxnCGXTUlK_8)7Cge$s@OyO*Sy
zgmuL+m%?kZdR)Bl`NllSy8S*S(nvM@b{S;l@^X1WR1=Mty$cT)mby%5XOLat^7A
z9P#!k-hg@43E#^bv{B}n=|Dwb5MLM6NV|tyeSZj`f=EuSuNYNG6&#?H_eAAPCC1D_
zC}uMT_4s6J?KX+urZ*!c%@FOZ9A`CEB{t2G7w3t`qN^_ARioZd%24}UmblxVmZ}@I
zep&g5{AS{X#UYBiFO+{IQ?y(5f377Ym^?-6Bs5cB4&JE!##FXdlr-M?1zr{UO_Iqx
z9<%e}K+MYbw5X})A|H*9(;PtmgsLu`zJR1KfFk-CL#;UCg;Ns!C2r2@m(S6v@{)ga
zR5w9+ekbKfwp2K>L_(q@3zfxvi5|!^F+Dn31QlL@_I0>}6F~jjOXUDfO2!ZgdL>Rs
z#`BW;Eec8Q>~3ejPTqZaq(hsoi^^2BxIu;``kvXufie!_=T0$OkcT{oK>Vf63C=Yn
zcWa+;{fk@~XoPC2ojdy76{$s8g3jEuCo9PWiLqN}*3Ekkvx9Dm-Ga&$g}5GpGyLKr
z@|R?WL@~Rf>^W~j8=n_vUpNwrpGFLt`yR|Rp*
zm^Rx28M59Cj#T+S*Lxz8G_f1ICr#o6#MRoyc@kPf>1NsQP}&
z9{^6Zf-Xq|1U&VRZLUZpm_!CJ`p7&dmC9S2$8fQb(EesMzk>Cxb@|Qu_Lu%3Rz8#E
zQY0$s8!b^*XstNcHv|dv5G6%tU9>06>?&au^=n9rHb>gXiT-#p8eU84*=_0*Nf?jw
z@MT$VMfk{&Y2Pf+m(QeV#5-Z9soV%*qtu)UAx?P7Rg}vI$hbsGsq39vIAtYE0==sqyT@6vDqeMe%bkBxvFw-2
z*i-5S9D{B)@FQZk!`AwAf;1VZgnlP_KS-2R)-!
zXrnglHa1we*AFywd@^8Nr1g{f
zsB~XdoY)eWe^?W=a#RFHBBTW2%fBV?K>p28Djna9yLdW!{YfCJ7mW+E!l5voq<9Bz
zRW}zK$3Fx!(pskSNQF#de3fT7d&@Wv6|v#%jF?_hW4r08uY{;2*-1f#XL;^0HBUo3
zMA<>-`m61twOX7K(!s#t2_mpi6su#6)rv(vRgmsro{1t`VqBT6)CisjGbN+V7<8F<
z5^0Amm=Yc9$PubR6Eo95Dnhh9+P*RkE>%_^1@W>m-%3H;61yACx-tp+o}G
z!%|aK?oihfv0owZl^Gl!8tv2iz-J~XXr@aP6#!9I7w~rpSFd=Epd~5>GFcl9ujIr(
z&E_I_Zvu@aTYFa!Szoa
zD0#!tMpsk8YwKFr5*CIqdqLlwB7c%qo}%O$N;oe`fqA4IK0j3sN(UxM5{13HHe(nj
zyS=?vvd9NuGN3AFVC}_~I{&RJftx{~A@c{Q@p*r_d+Ciqs*gmbOc7@@Y!1Qq9jKF`
zF2BS9O^9w-8LTQ~zCQlhUVW)v$VCxP9b7!c~yezV1
z%+kr;*h(L!qvCF}oX857I9sKP8*;(JdtjJzkiFJLvn5QNOj<8F(dES=Py>;-en)V~{;2J#~}%UxJE_+Mf!p*pE*A
zHaO(6mU5yaD)pS06DuFAq2~p7rmMDvd5r2Vv?7_esS?^HKu@l_EH$q`i;xHQZ~97g
zg!iY4e>gJ&%SIcA!BZ>g;66?47u#xJwwO9|@04QV5(zgg!ms3n)OAmIae-BLR~Q#x
zPsJk(WexEbk?JUwrqaZt+gTiNJbg!JJC;#(s~5z8z+88suf81YP`GK8dZnaqBR_BH
z6d{(Rd1LpU?~qADhFW0Lv%{MzYqFjyygFV+pMHHhc$Vx`L2ND`&^@axM!{yqU#o62
z2i?|GG0d>X`&%`gN_-DTRnkQ8MOdYkebl@VWn89SQi1jC!K|m^*br9%PU#!Gu{gHG
zk>YqTl}pfYIUWocCYAVB0G9qKu+sX3HqtI3d!}52zt(2_;%*n`94uZf-+&ugxH}Hh
z6rUiz?$jYZN9;~w>#7MzhK7-_E&|Z@c8YzI|A_F6yE{cnkYgePRq1k1No!`^9R#!8
znkX9NWY$z>c?jpHKic8wptOIeZVs;%*YM5ny7wT{;4tw&DrICbU6qb@izZ^ch9U@;
zQ34$*BY7)x6U>%m1Kh+-s)D2(sNcZQY;(yr&Wg!D8R?royuU=MMeW1lf-_0G8*?c$
zDltRTNg9f>fNXlDh%bu)FRn1&P>mjl^jz7+0_getaMr!cW$U<6rXWi$rYQ;8)eB!P
zgf%4Zi|7V5#YjH7wBDuD8+$R0aI-quB{%_
zUG1rIS``IcyHvq8ltlv!_rd2S(@6hXT}UAQ8q9F+0$gnUzSL@PyHLQyTHLHy4v)9o
zjQ7OWq?+TjksMztnNUA$o)pFiEK@S8B!{z>fp=q}62E9}Gp#`yg&C45tf>6WO$Xsp
z4%lOWE2e(jSIze$g_#**9#?d87T?Iq=6uJ8CWXn2%jQcsoryzIXD3kncGe)tGUJ@q
zlHwxm@_?xWYuC1h6G%oY7|ol?GQ?8OTu&iSOr9OS!@cfSw}W8MSCAgOCF1S6*;XFR#R%7jLfNpUj8OOIR;
zh%OTY(@vt~;KWa&sg$XG0X{&W6Bi@!1F9(K56d1$f~gr5^JPdd4b)^mGG`=VinKgt
z0!;)gzz`zcqWXEYm;ua)lbcnFkKxEziN1=aqsq+O_N4<28?1uiT@^QFZRazgP1sd!?++S=(BLJt_(>M~&
zo-S;-CNhD<4)Hy#+8Lm^wD(16@aw}czA6bbWsD}Kak%a6I|^+#XFqw^ln-}^E1N~^
zZMfI(t!KshhoeNu)-?Nro(VG(RZ-LgLtGAf(Ek0Xt;n|C=x?&a)MIbaccfiG=2A`>
zVLP_7kq+=6wzA&uj{CWYUWl}-;+^ZPgW32)N%KD_m14z2&;b-sW#AE!XR#u)`BkOU
z4h|(Mb|j2SngiCBMe7t7wwUogZWI9zqO&R$H1mm@9G=44ZALe-HL<0otBqV3%m=na
zJb(oy9*XMZFsE|vqPz)(pPFtB(v209c3dDjIoXy2id3zi9BKKaBP?{z!Y-6K+$Gz5
zk&^!{@_ucwIU!8=9yqv9QQ2Q$prn#yE;U27nX^s>_3>Sasxs&<5#oW{N3DSRD=nTp
z-wq%j3UIZESEPo8Yv2VKOTpV4U2gI9Lj4F#%|#TYNOV*v-E6EdqF@^JZRcPB6(lCs
zXOWMuf-qJkAo;PDx^yq?-=&@xj`3sgH+9=c)Ut!fC`x
zouyUEP72U)&EcaXr1IMjXH%FIk{--
zoaZpBQ&M>+nd(JUT>-V{Q?b-n;s
zz>cA+DV*;}oKaOYFk__o6JzFDoe2QB%%&=4+sc#xrp}6+XbI%~-K=~u|5G8*>_kP?
zJyjko4$0Mpb0VPR5wYL#s!+=TOQUf7y{Cs42fg-agnw@#VcT2!qO8Cc6FS%B}qz`NI-$QKp8^&8|X>TO$k^+C8m%J}9Fx|6^Mj{4ZBk
zg3rMbYB|+iMW7iVIYea>hmkUNonxbmW8|?B;m{>-&H_{`e&BrrrOc46=X&OzH-qsi
zh5nG*o2%KiyLK}FG!>y;xi^C
zYG_L%)`xk5aIF`KmQ4G_Mkh8+8i+)q!2@_uBGHV&pp>X+cLC~Wc|!bWoxbZ(@|(7u
z=_OOlpW`jS>5C3a$C;)YpK!}V|X?#5G57^@Fu9=$nwY^uujhsCt_udx6_`l-%&B;EHr!a;GiQIkRY$x{0=1?~1K4|T|
zLadLa07W@i++dp?H7K%;zo6DJyTm06Py~zrd=?p=XLl-r{0k9lfo|X49bI@7EJH07
z!2&uq&xcOpFbzl7pevc0INSQEbLry5t+?Je>zx+u&4R9%&5C}fv1<$iM75f_1wyR_W)m$J9B53
zhYLHD!D163Gi*VR@m-T*IqEPlC)44_K*9MRnkfJb(Zj_lN*!O_3p*-awSJg
zqZy7X9SVe(N$2_gB6AB~$fP)}dNzCot$$C$?CYpltsn`xG`DibBf4e2ej5QID|&(s
zuwKaRqiMYd>+9T6z_l3oYH2YbEZErgl!P7xAPvUHMx*YvyHM(Ea9Zj)T*uY(8hHd9
zr-e|vswx$SGKvGd(?gX71dY-$CC~ZlpiiD6gi!Vd;BkZ1f%Q2*m}N0}bxRuYnlKcG
z;U?(imXqs(VTk{`>Xk4rS}{8!CLG&s4nfLrgmo;{>Hg-$3EAFw>bcxk5Ehb@jipqp
zMM0Kg5K$cSweH3`B+?dy%Y}7{MB414U($*~*^QYXftgt_2+qG3+DRQ-X47GGMrYF&
zM2lJOPp+tVl`|Zvz>w3I_=Mkjt8e)=>KXzqYdqYZETHnp@>ah$=&qlnX3}Gx`02co
zn>je$vA*z~Nx)@r?L4-%m%N0%z1AHcUmL8i@Vn7NCRM3ci{&^WJ8Xds#>^i#`^+oB
zGml3sz)Y2J%`sbx5&=!cJI|bEwV=^-;zSn1m*bj4jB5%ofw~b0YNpejW3^#avnYdn
zM5zm>n(viq?c0I~heCtomB>5l$Y6TF2v*)96
zS@TrMwCDBoK3Js
z+k5l1o1b~hc+{g0xfvFJ)ZtS-vX)ra5p(dW$LYJ~%my=kV=tR+$K3g=uF%T#%%AnH5tS*
zjJq>f?S{u^8!x#Rl)bU??F`JZY8ymn)pxq#x?y
zMqcE^G=FoN%+&Sjb4
zUtaf0tu(i3fuo#2kVNQ0ucmC*m3_inN#mJ`(K)zAqP-B`KfWw(7v)=KH5@&v${X{o
za^u_MN-f`pCb23C&N48X&H~at+>yWr$1BYNc&U?2PW~jPeTjtzBboGA`kyNcy$r$<
zFt5lUYD4ERU##*<$ZVS2i(zCa#n4w8MbL0pfPJi-n}}K>lqwgB#X(jQDSJ-SD6XSy
z_nMtGKcc;z3)p_9b|vi?TSj;oPDS7fb;!5R
z0Tz)7PacVHICj@*^HU7iQGt~~;ci4#q6A=`FDMkaaMy4=5$;s0V3yoZc{|E3Bv3W#~(tVI)wWds6=Ld&v@)_It)={EcG=Hd-S>7%X;2=*!%*O
ztrtU!qPcs6F(nevrZ4_tZC2)*`vRoemEArYN^pQG|4j1sbSuIVaDJOubUD`Hq@v*s
znBcs$--~0IZBchU9G8fu^+kJ1*3{o#bXU=sTovNkB$&9L#1We2KABiXsUHIdHjoIHu0v2WM$$u_fTIlwA{VllXISNV8P`ABbcTGc!v~f4IpUfySA7<3gNk{qqSce-V2+R8y7J{
zbm)k%zlQf@Z37QS&Qgh8J~jW0gGTt;5AtE?Bni;88%-9Nj<_BBJhyD{Z_L
zG($gUusPc(d-;5Po}e4h>$bM~BXq%H)VuaR%g!-ROr(4V
zQsfhh?+e4>dUt(mt-Ii}iL(>S*qC`b6;(|>Yu#;R_|~_PS7do|B;!-(JUlkX+ng;p
z-I`18^!ddo4bR~zBW8D?MxllWy}?XjhJ-BvI~ffwu1)UhjxG+w=#!VkZgJ*^S)eoh
zoWVV_@HJM}Xro~JMf_808I(hrH|^O$)QhVoZGi%QGKd3iAgUz9W|l{1Uc`GG(8}HM
zMeY!n;-a6#__K_fS>BYi#BlFOwM1U$q};`l@0$6d28!>?T##T*fI+nDrbcVxjaXNA
zff~wvYgp2}7-B-pc8|eh$Z=|B^810b)nnUycpazD@gzHa*nI)7Z6pyn&IbSE^V`_#
zThz=ve%41WB<~{QGVVS7Si2rdhGY^ZzpxF$z3~bMvRDJ44HrA`;eyFhPrTPpjDu|!naDBLG
zVIFuh;Jt$t!8Fk7omD~ED-k`~eBgn>X!^Zz^<0pr2i=N}M67)o4dgCuj}h2JnGTFX
zQ3cUbz%oeGOTqYc5i3kJvp5A0V$RbAFU6VyTB@(R|HavN5lTFG0fIc06gx&~BeY3m
z=_C>y8U>}W`2l-*!_wU62@4~qlGwG(r3_u7_>3#v(MmN3?QNK5lrFh@d!s)Z^iGp!
z$USpXFq&^axhcV}n~4oX;J896b#P(q<4PQk_muim=9BNTvj9buT1sYXot(GO%aU!5
zoUAK}QYzQ%kj8>7*;!{D1C=7Ix7k{M9cV?A@k(P6@nCcQCSC@W7|2mPP)0XfJWV2W
zA__lDjn~iSEW!)tl1zYYloz&B{Sm@Ht(j$=Z#sQIo#uR+OylN&0yr?K8?P0M+#Sz=
zvj76uZZhZwOW?pfO6qTN*5h%06|g+cZk#15fS|`#ov;Ayl28(i<{aiwayZs?;a-v9
z3qw)q=^(j@EA(G$lAatE&AU^p=ACtYgm8{Ef&y4f+_Q%H2%~N_)u--MX#|A`hL}c;
z^TMGD#H?p3nqdA9UxkmmeJ*5-xfQ>_%T0=3z${SSDSpAFvY)u7Of)cF>Y-y|1X*A@
z;v33-bp?L1XzWo9`(b($i~U&>i+f!fzOT=cUb)g&S6AJNG}`N_{&p#S?p
zrH^~1jPF#+AA0}u!+PEOl-hNJ#PuK4>%QWrezd!o7<$F(3`YNU2^Q^p0uABUh(6=f5
zd!^y^+j{-wir2sE59GdA-YN8@N^gCajKlk1e6Rfdr$uUmM(+|RDNGjaWw
z>UCF@+I54(^*{Czx$oPQ{;tyBQyR|agFhzMKl-nQzF6r?l)gjhkNu5&9)5q%$K~(u
zFsj#oLTPyY{r^&~A1l2>?>kD||BZhu*Ps2Q&~H`xYNg@*U-7@>y3hYtp$}I2#Y>
zeS^~Q`@f~%|JP5;_sg!oO|N@}(sjM>^AqE9?l^2GT4FTG6O^B*53pBsJP!)0vr;W{>YmyYjNdPV6~rN11|Ki9F*`+lX|
z|9(mjC_Sk3sY;)w^m_yP!#XzlvpW7crN6KA50rjV>8F%_@mI<3KSb#vrH7S%qtb6u
z`t3^ZRr+qFf24GIkKFIP($D>B8Q)*&W0c;gbV=zcr30mxls-@C^OgQ*rLR%?drIG~
z^e+Q?@DcL+MxU(XrzriafIi@na{U99z9OKX*0Iqqdz4&n^pK7ZE8Pm{r*v%e>%K<5
ze^lw~0{S5xe^}{rZjkGZzEa0V-=pLAD*fEAmFtb})A4?#KN8T_>e%SLkCyKn{ZSpi
zLh0gT0sS93{&S_DbCcZf
zK1!db^!ZAETj|@B{)N(yDShPQe%SQEpk7j107#d`rLqiNXJG$spC&6eb8RH-xn&qMd@Cp|0$sF(D6H!{%@rV
zExFHw1KQK^iqcmF^tW~VHl+_;l>0nP>2m}6MjijE(!W;vH%dPf&@=nwerJ`wOX(jf
zea(LP-01ss{C=fJ4#?+5@6_>WrQaFQH|yBwA0L$O8$GLX%;*oP{4)BWBXa#0D%}d`
zTXbyn<2wF?(#PK_-@i@iH!FRH(qB^gdZl~5POdll^*TPM^t+WlTj>u4^y51Igwl&g
z<$h~QZ-2aujeduYpQZGNZj;ZAKKKbTHu^M`*GAv1<3CdR$YXN7(Ip+9Qu<>`e_ZKD
zlzvp{-`+0Y|2w5mJT7CS9UXs*(xK8VrQf0SSxWy>>0c>bI3f2l`d}R!eWH$yp3(7H
zrO#9Pe5K#gmirm~P91-j(mx95{ZGpEMsLuu(Gxm0`V<`-{T>}ZN9ijA`Y$^Ew9+$A
zlHWV4bf|Po>8}R#<~!tiqtDi{(Vx=sE0uoRDY@S0+jMO7);r~Mqj#N_vC*-PjsB>P
zU!io*U2?tA*XY>jn{;gSVRy^*Mqi@imn!|0fIjq$Ua$02Kz~ffKd$tB0sU(o|BccY
zot66;z3%Jz4fW`xzX3^_;pI(8_*+9)9aP41@zZ-{AQ*96wn8JgM9yiN`Ee(
zk9@j({wSpfzfs0UPwCj`$G=HF|Af-d1oUCwET0>_S;t1(&ydegDt)2S7b*R@fWBGB
zM*mR9M*q8xjsBC4jsAy@{NCp&T?*(}$3}lz$FEZQrhs1i7P;RumA*ZopVG0>FX+nk
zM!!zSN0mN3px1P4^kq7JxzaZT^nE&hztV^H^<$gv#sAHoKS(DF=?$fc+zK)Gv)3MQ?
z(ebO5{+iM^DgB~>+~4RUb!_xobZqpNOLD!@m+RQ*YjkY%o$GSF(SOsi(VI8qbECaY
z85{k8j*b3{jz6vR@KCNd`Xn9Sq4duJy1pgX8-1mYjsB*NjsBC4jXvNW`M%LZIyU;_
zIyU-?IyU;=v3%d?eI_zCdQitkFK^4|Mn9@!qX%~6^MgvC6VP|+*yyKqZ1mPE@_nNd
z9UFa)j*Y%t$438D#~)PsC0FHsM$hTk=rtW1{b?P)O6j`;`bixd{rqckf1{7pvC(5X
zHu}Rl{t=~bRQjt*|5rd?{7kvO(T9DjjE&x{W24`qW24`#<7X@V0i{2v^w*TWN$Kwg
z^j~!RX{8VUHu?RpRQfojH!FQ|K)*xBMt?xZKdAKm0ln|H%l+@C^rnD*zm8w5^vwbN
zppK3HhkNCIM!!+VMt@evKd1EX1N!CPA>TLpGdg~?(q9hfU+DN_N+0kn`Thfye!0@G
zP7sepfA(0(XaU~x&8*FcLekqIySncW24`tW25iX
zvC%)%vC+@|Zuvc?-$41|zW229FzFx2NP(YV-Z1nXyHu`BD8-2hFe%Q&$Cs48MCnVF{zO23NykRttz)B~)bXd39{hg!eWQ2l*yx6ijlMv~M*mdD
zMj!iPx!+AnM*)4dj*Y%i$41|!W25(ZiQLcVjXE}ZyN-=^b!>F3W23LuvC%i{*yum#
z*yxwPRDS;}l-?B3r|a10%XIv5rLPI-n{;gSojNx9F&!KIjE;?d;Sb337`<1=M*l{~
zM$i19TyONZb!_y}|F?W@^c6Zb`sX?}y7!0VdZV}N*yt4<8-1aUjlNaKMn9lqqmO@?
z+~4Rg>G<_Z|4HdTEB%_6%k`mu?aU9$-~W@+%^#8R&nOMAfBH}B=Sm;;DjDCcG`#-M
z8|Cw7EB!mAH~gynJ-q&Veog-V)Hexz!LJK_htlx+FVVkWQu=pF_q;iN|2OI1AMhLU
z`H%iLq3=~1-v4I3?pu}Gbq{(={Qj@i>;6rtU3W*~`j-Cgy-Mx6XC|&+c&q>}nUt
zn=*drZ^fTyq}Tn1QoHVa;`)Ek>z=6hwd-D(xPC{k`%R^G-ESnWU;b@*&L3C$jks1h|6Be0t?!V}&nbPj((w7e`JHmzYm~lK
z=|3tBumAQxmh0cH^b6i2<0mQ&um2JK`^S|YdY@dsr8K<$CGVBb|5@ov^tzu-T>p^w
z%k^EQkNAL$zfoy;|9{ZGKk-lHx}nmaP#RwUY5n_?J}B3p`jF7?RvKRa5&iqkAC~LB
zS?TvH4X>{rmL#n<`%a(7%`at|>k9k1~F)
z((wL&{8{(qKRy4mh5nS%*D4LK|FO@J>u$P_UVmSqZ&4av|8c$UWx;j#y`Ow9y#5B2
zvu8g~J~w)gj?3av?7DB&>y5rz$41|y(HSNgR|AFcFBO7BoQ3g}C8{8FX&d63-C=sq2X@gn>6@5@ThD;+DH
zD1Ajhe^wYqzzp3Nj
zQu?WYKJ1I+`HbGKW20+2Hu^jrTO5nUt=QlHqkeAmArF@O8@)ltMt@kxKce(KO5dyW
zpOpTy(tTen_uH@ZHv;-@9UDFM5V_vyH|f~udvyF>rT-YvhyP#leWNFJY;>Yyqc7F5
z(bwtN=(~0NM@l~v(69Ou`Mo_#pP=-KN(V|WDgA+f{MN-gds74Pz9z3w4jF5fqLO2vRr393DE+TW-=Oph_Q>Z(@7A%=k&cai
zuZ}Hl$l`>ITD;K036ZB3w_w!b7M`p3c}+lnPseXp`X@?1p!6@5{*}_@ua@UOuk=zt
zKcHiypVG0>`#nOwZ*-vJOG=*=(7)5M(Va)i_l>?($3{P@W25(Zlw5DLt>cqQKkIAc
z^Uqd#E}$zqHu~*1$o2OsJ^!^bHv0QI{sX0dAJDIQv|PVO>8XIe_%ZUi(bwwubxJ>~
z)Ydf>k7C#Tqh4?HD{qwh8-2cxjlNFDM&GC7FkbHc`u7JtR_zV(n&zSTgT5<`s+&H
ztn?29`WYP?{lZ)1_l*9$j*Y%c$3{P**ZrAZZ}gKoHhSL!@_R-fs^f<#{f2=4
zXC1#r=^qF5<2wF?()%5h`y2gv9UJ|Oj*Z@ZNUk^fTRJwn=dgTk^fnzE{U#k7{fb-V
zdZRados5kh)v?ik(ebC1o;)ho8~x-HWNh^IC;orjeFvOX#TEBMP_YCnSP(@)G#1>q
zu&~%dd&tt+T@_1wEV~a_*v9VC>;-#6WA7q1M8%GpXe=?tipHq18yl9WvBwzw&YAQ7
z-*@l4`?jI^zTfwLiNpQxxo751IdkUBnKSmxbhlyl%ybN%nO=kErATl0(%10J^iw=D
zO$;~wOgF_d({u2AF4C)!vR}|2WeM=RymZ?U#-C{co|ztoXQt=jnd$9#X8Hl1eg7Te
zeMee;Oq=n{bmo5ccc%04%=AV)GyN-`UqJefmv$d*{Fwd*&rB!dndw=0X8H!6nQmTU
z{FwH^b6=!A$JyVR?v7`sv+&IHoQX!y^cp-bMf#DKrY9NwRHVltJsxS}WcxeQ2k^{v
zvr_x}=19kS=~6s1y&KO=yOr7dOpEdC`w#j43ZxqYdZuUM`7ET5d+FDB{s!rK<(B{Y
zNPBzf+56ky7bCsSOCQBE(^v4!^gBE=?QwwdW4be*nNGtq(+lx@5z=K|T5+K9n}&3m
zm##a-{@xYo0HgzvzTu_2A7u3Xk=A+X28Y<+H$+;F)c02*J_~#&rGM|ndt*~X1W^B
zOgEZp{Fsi#^EjkUUV0LqnLdGMrXS<^6Qr+I7=NZaPqSyHHF#!v4W60)fM=%ND(!uy
z)A7u7F`k*eh-aodRN4DXN8_34v3U0V?}*=mzcYOo&rAz4#-C{h&(o2finKNVqt^T_
zP6MCIy!0_VGyM+FOb?xI%8>7I^)lD(|UVmIt|ZEpTaZKVGTylv<%PXNRRf?k~v1tbSa*huEI0Zukg%ty+(VV
z>0~@Jy${b!pTaZKO`Gt2NEaeK9O*?~`ZS)IevIc&kalS{eoTAdndupLW}2F7^h^)L
z^Aw~@z4T!`GyNFPpCB!qXZ)Cs!86m-@XYj8JTu*LzP-2fdK_Hg?<)4lP`bON54K89zeui}~Mu16R@
zrZe%(^jbVKy${b!U&b@jAMwnz=1Aku^f){pkMvtF?S7Qe_dvRDNeiJl&ps`o5`Bw{r$!(EWI6chhAmRKK)go
zzZ~?hfj*Uoe&frHPci7%0bS2L^j)tu`bU>o`WK{UTw~8qBHd-FJ^SU`*?Ye=`YS=d
z7xJk=dLB}r|D5YA-v^PthV*r$KK;;JjeflqmY#iwrEeki>FYrE_3cLYBj|3p)1H0$
zk3jz+=ywL)IeF+0zRmb70(~jyX5^tSzsuX)zo6Gq4PTcf`g^v6DF@7;#<
zRir-u6_EQsy=U~T`7gBQk3c@%-#30tcf~W)eele*4$n-l#Pd~1Uqbpa(tSTL{!BA?
zW_k{u&qexIq%R=tyxQJx%^!kvn}MF`csx%)T9357{tFFw?;NDNY;WtY5~O30RwJE-
z^i-s$A-xglhe#Pm!}mv^UjXA-FyE!fzqS2i-@f77Ps!(9@MGHbL#uD5z3}YsUvCTi
zBrkmo&whLce?N+JpMk!;``e%6z50)=yi9M!^9rPYLi!leoj*2ursMEDs=MLzL-@Jl
zT`*2XTjNu(T=P&qrf=f;Eu=ppZSVeaYx|MD{mi$AwYJ~Ma_#?#)$0LBZ}HMk@yxXJ
zpGM!>{^pwQXEL9&k>6sZi$1sfnO=+M>yWNQ`hPqAL3`sDu-u=b{7g6emwhkOUGU6w
zZ#*-djprJqry=$C7ybPtf4_1CfxzEIu`%27b
z74l=6`oikNw-@{N;nwWI|G%AI|6iX^ABA?vcQIDT_>94-D@xgRgJToo9b8GhYHMK|ozjmH;48FS>=`5s+ymSeknf?*a
zOy9us&uyRmrO)@V-2X)Rnf`=lroFzh{=;-HJX0=HPxbAiYkHoI`HV+?Ow)Mw_YZyh
zWNYWk{PST`!S`#V-yq%bYx{nGeb?%9=R~K(4Qu6+bxy36csv&GocKHz?~+*DKaS7Z
ziQ+%S;p-%>n~}??b7I{@adRBrHL>N~IDEatDaXd)>r1A&K{GoiHc0f2#Wze$8XHId
ztHk11yjx<$1#$EnC3cQ!jLwOTr9A88R7B^*CW)!N;_yuqi$}!an&j>ET3+>naHdnW!Ei*J)tb_F^odgZ~l
z&4X{32k)H+-#!n%Lk`|akS>XT{p9~)Ljl%GEO_BDWoD1y?>(Jw6K^eQtlaNbtDw-{9!8{ge4V0=yIYE%BFuujS$I39jW~
zkk(x>EZ343J4yfV0(vuXBoe;{-qpkRa(K_gqv$83A1}D_|IH;f?oyJU{_27M?ncAE
zH8^n=@T=B04u?QS>gz4lL%{|%zT|cHV?882ob^!X;s2Ev^?Qc`myzRs-K0JgKNfgb
z;JXQ~-^Ig4Ujv^EyeAItK8*q$1AO%*_Fa{rUj}^arH1ze{v_~w*0%~60{lbZp97x)
zd|jy@Ezjr;jD8>BI|4ru_`$$O0RI+;xTXU?1o)evC;!ud58lxDiv)2$ZN8S;rJ+ZB
zyUg)$wo9Xj--~={^z4ItHP*L&?_XgIy&U*Az#ERSauxz-e{KeU_RlTlAIfJ5=ylxc
zZz%B9z#9xs%mQ9@y79jU_=&)Ko?-ZjmL!$|f8tyN(!k#VKK)_?x96*n8c
z1#o>&@w$f%|IVs4aV_v0Up4$d`F{Orw~K3+&E>sLiA@tVG4oLz{SGdl-1)A^@yVSp
zh67&#Il%F9nBZ$Aa_8A9hv&}wvmBq?d94ZjS9DZ;HUeibvtrMI{g+DzkRQwQ
z1n3!TjWcD>^^8A*gzXPLhXQACD37-eNKaTm8@nJCC
z8sNtR=b=Q_|Kq?JM0Yai*As<9%frKvy8u5JID<*d1O7B{I!UnqY`T&0VQ|R<$OkwN
zEo=|`4&V$1I|}vxo#5Iompo|w=UL!$H#YtZiqoBZfHSBozjvKYjGl)F*xwcjuKdsF
zWc-=$$G~s7-rAS**SgXuN?&lJ;U^*Aoq-?yo(a6OAScTO*ZO48Q`W=9z!{8#{oyX)
zG*T9Vf3MAq4-duiyQT}S`0O#Q(%8hTpXXQ=CXC~--_Ax#*da^tx0B2BI
zsTTKp1~{Eq$^XB=d3g62&=>bL{yc0Z;@AC-0?uG(vw`0uxYonY%dOuo1-`+K#)r
  • GXiQ
zlP@hldsxP3k)#Y@C
z`a(LOzK9-O<>g;K)QIz+x`OUi|B~)fUqZL3E9n+>72T-*6ol&(-;MwhDP!=PyY
z>fg`>>fh42>fh1X>S{VeeK{RaUqO%dc=@lP2h_E6ulh>5OI=5|sprxy>M-4?zKX6@
zUrkr2>*-Q;gf3EFLl>wU=v?)+bhbK5XQ+Qq2h`Wmqbt4q&!Y#_jdZX2db&$}1Kp;+
zk#12p(T(bx=vwv7bcK38U8?>AU8MdaU7)^&&Q;$^XRDj(4E1evKz%zs+U@0k0X?8@
zp?lSTqPx_8rrXqa&@JkPbffxCx>kJ`U7=n?m#Xiki`4hf1?qe0T=ji)wz`$hP~T4n
z)DO_3E4=(KrU%q*bg%kBx=Z~K-KKt+Zc(?>jp|3}TJ@uJg?b5Hs{RXIq<)MpP(M!R
zs-K{<)g5$(dMO=HKS_@+_wwIK52(B7UiC7%OTC<}?x8ExtLReo
zQ*@E~X}UoDS2|byH#%Frn$A%FoerpBy{XE^G?xP#k
z|DbEtFVGe0wREZapLCJ>MY=%!FFIHK5}mE?r!&+q(*gA>^k|ot|8?|$dVua#ze;zh
zU!&X9uhT8+LAp`>Z@O0f23?_!(WUAkx=8&dU7#MObJcIr+3FEGL;W@#P`^Wuc6#|=
zPY0b2)x=Z~o-KKtzZc)EaH>y9NYt0Gt^a3;q8YWX2qT>q%$2dyyvRm%?>VEnt(%l}k*K%GJNs&}Bf
z)H~8`>YeBobtc`Y{u*7Y{yJTuo<^6dzd;wNO&XRGCh#gTut{NNw*
zua*y5BmW&<{^f&;82_rX>0b42beCFwNEG9LwfxW~>R&BC9F6h6`a5*3dJnonEgxvd
z^`ClAx=1ZQREhkn_oj2z`_S3y96Ce2FC9?tM~^
zd-K9cTI%LiYPfA!IHi#kX*s((P&s((mVs6%wA`WU)M{Uf?SEkEdp
z>tFS8bhcVP)QtA8KAsM!e@u@)=H-7jJ)kb4d(|h#{+6S_rROgF0K2aD1F
zspSWCaQ{nvGF__v8C|6QIbEPWh0ax%4QlCc`sO5(eQ2*)+=xlX4ouQTw{G$I;
zUqp{C@$xS}5QO7jT|xJ%Z|Bl_0@ER
zx}GjoN9ZE;HFSZxfzDN5OJ}R2bcXu(bU=L_J^F~3|9SL)x{>ZxUr%?bZ=l=MH_|QY
zCc0656J4vmnXXXJr%Tm;po`Rhqzlxy(7Ebc>1=f~ouR&s4ybRZN87#pFQ5n1Ep)H?
zPjr|1&vcvm4!T9XkZx4pN!P0HqAS#k=u-9FbdmZVxh;~e7|
z##zRh#%ac>#^ZRUC!zk0M~nxJ`;GgIR~vU5cNn)Dw;C@rZZ>W*jv9xJtBtFS%ZeZulX28IY+P+zWn6AtW?W)iY+Ps@
zG|o59GtM!dVVq^0X`E)9YCMitf)ncBc*J
z4&!#?R^x@n&Bjf}QRA?2wQ-ekxpA3siE*)Up>fbS-#E`W$9RTumT{(WnsKV}IHn9F
z)W7kF@t|?Pai8&O<8I>)<96d#s#g~rXsO~z54&!#?R^x@n&Bjf}QRA?2wQ-ekxpA3siE*)Up>fbS-#E`W$9RTumT{(W
znsKV}IHnvX)W7kF@t|?Pai8&O<8I>)<96d#s#g~rXsO~z5<
zuyM64&!#?R^x@n&Bjf}QRA?2wQ-ekxpA3siE*)Up>fbS-#E`W
z$9RTumT{(WnsKV}I6hgBQ2)jw#)HQF#(l=Cjk}FIjN6S{jTag>8#ft8jl;&(##P4U
z#%0DO#>K{k#zEtJ<2>UW;~BBB7aJEE2aWTM^Ne$hXBcN0XBwv&ry7srlO_rEZ#-f=
zXxwkyXS~|D+qlEH-MH0wp>eZulX28IY+P+zWn6AtW?W)iY+Ps@G|o59GtM!dVVq^0
zX`E)9YCMil+$7Y$@rd!Daldh&@oM94;|}9?<5uH^#?8h}#!=(2akX)kak+7safxxU
zaiMY0INvzWILCN~ah7qWahh?e@i;ztlu-Z1BgTWq{lkCC0_Zg~mbSeB(Uh9OD_rS;m>hX~wC>IBZ;PTxDEtTxMKiTx?uu95l{1
z&NI$2o?)D2oN1h9oN7G&u&ICJ5#vGQe&asl)yCb%9meg(t;P$Dn~j@{qsC$5YU3*7
za^o`N660dyLgS!uzHy#$j`0lREaOb$G~-m`@rO+P8;=+d8uuIb8Lu|(HtsNPH*Pgv
zXxwbvWE?dP8&?}w8J8QE8J8Fr8y6Y}jq{E3jB|`<7-t!08mAej8jn9{>fd<8c+j}t
zxX*aCakp`Yal3J=@j~Nf<0j*%aoD)pxXQTPxXif3xY)SRIB1-2oM)V4Ji|E4IMX=I
zIMsN(&D6i~i1DCtzj2@OYU6I>4&!#?R^x@n&Bjf}QRA?2wQ-ekxpA3siE*)Up>fbS
z-#E`W$9RTumT{(WnsKV}_+nH4#v{gq#{I^9#;c9HjXR9nja!Wu8aEp^8Apx7#?{7E
z#^uIk#wEtZ#)ZZ~<9y>h;~e7|##zRh#%ac>#^Vo|`Zpdi9yIPZ?lWF(+-=-p+-}@z
zywJGWxXCzb95${tt}-q+E;BAME;cSS4jShh=Nac1&oIt1&NNOlPBk9C-_*b7P&7Y)
zu%T$`$5<3PbgVKn)R4Nd9)E{BE4Q9lm%eLF3jVj;{TJbTC15n~Y58Z*jiJc;P}kc>
zgu2Ey3k6n&dN)??gb4cF2)3G7cQ&s(z3tyk-{s?){3dLhQnhz+s4oA_tMO+jGFZ7?
zs3HGsERTHy-~Ec6H8C-fV|eid3(SR6T!IsA2ON
zGm+F#BpA!>3^fGTh9W(&WB)xdQCI!^6_@TKOXQch5uhjb-r&Rp7f9x0!HF9uCK`&L
zub(<3zgAvb{rtq1DJhr!jA8I|Jq+_CHfjhyU$^dvx>YrivpYM)#(QDcCmik2{Lq?yN3zv;dhJ$Wxzd@OtJ@W?``hp-X11N#P9tzk=l=Q0~ll@Ei;LB@F$n&o!XVpvOO#fbxRbN89w5IxlAR)dWUJbnZ
zsjt9xs9U#X-KzB_txvi^hIf%_4>@b4vR2|#`k@Hxx8Xgs1tdLoR_H*d{wq^sU;C$1
zyP>)jGfyd5K2J86_JXD|hOlERQv&>FRv=|w$#Pv=_tsQ@D;h&9iUvQB9p>S;yV4)U
z-wnlM*wIdGXxLHf+KGv$eDQyF4DaICuT};>NLd;DFfdt6XEG*DiX=2rwO&#gIy|`k
zl5fjj>5rs*Z=1?(y+6~cwv=D4PZ{1WR2Liz3_rUBNQvi1j*e-_ats^9Bp27=3#9zJ
zu5-5dh;^=07hpqKlJ%Oqq^G76i{yXYpr>Y)Badqmxi*pO{7j8O5_#vV5_w51wnzWO
z#MzO$t&n($ePzuy%*HA4T8@Qus~7Rve5N6Ffg8^%Z;6|Y`j00jhPU)@jGgT+ft)5X
zX9NDMTQSYw65?eOsanVAvCT#JLMi`tBi{8DyX)}*cgcUFd=_|-Hx#c+e{_elBlBzt
z`Hllt==YZ+IZh_)M)9YUNo_=RZ|%?Omn=q#*G5*=2cKvDqVrgm4M8kl8H&6Rd;bBO
z)7S8|Ui75W0#O-W(KoZ(EM6Z9tieh&$ZAAbxK<8}Py?H5tRRAxi}HUk;mDBkJ{gHw
zf>ym4iCH9xxx;_7NuM1JcFMLlOS_B~c4FU)(PSkdf0yMG@8T$Yr0@>xZc!*&CF>Di
zPwX6gSv9hJp11iTd}tqqf|iCu^;^!NIwRhPxI4KLq1>|j;d-2LUPV`k0z5gfmDIj9
zpRKOC9tp1rMVc;Sa-tXGpQ9t4_2CQfhs{Pqus;2f8mYXx^?|vam0PZ4Flp@dNIRmL
z*D0}*ZjAHf0Fx!@k2Fb~_4DMQaDv1`N9M_a$E7_rzJsnl)Kjw#Yvg}i>l{AOyvs_b
zq(~9{1cw|~xJ`Q}^zSs*)uY`x3EkdXGy}g?Hv9_J&?I?9l`RNG@&A#3NObKVPE7Qq
zK69s>65Ksv>FtQ9K6pFBN#2~W=f<2}p-3c4D39rkSdZ|N-}LtH_GhW=$PjQh28`CT
z2WbdPLgcqNkt4Q;^e&BgYsQ>Dw~fhRNJ(e)kQa4U$k|?&?txz-a%;xvKy`;zJ;4QO
zPL5DZ!A01}sqo-pw65D^c0S!H;OAcAViXeFW&K|e3rqf+@5>6O
zVQ-J00Py13ux4U{`5fLn{Sg#eL!mU+?VRR%*zkc~f97ub+>`!J&P~hxh{HSnN6?0M
z!D%W~yF!{Qnz7dpoEY+2amO5#plPiQsoO2wEG7R9RORLSA#teUo>&;Mu^MIX(Y(ul
z;bijde=+@?668w!oKZvSnmaa2sp||xQhV?Rwx|g;gk>jg-IrtZwK9AK7T|=-74cTE
zyBAa&!jI8XCa;%cy|CEvq4*uOP^8OS!mVZeg3?A`_Dt*}d}lvlB{EQPnv;RT7iCye
zQ#ZDC`qkxVG7;o%r!Y5;rmjbzhRvsh=7*x0ugeC3HQ%3Dmz=2(YO$V~8VbuXnw0BD
z@ugcgz*&<9_y9iz<_0)w(g1nr&D{XIF+gyE4qeZcp580vp4eXaS+!7PS%@{q&U`I?
zXwhL$?4?B$6GN{^;b8qzr<8hP-${((4J0QqiY8wae~>6{wNadiuNnJNaYs@VC-|cH
zDWVuY)l1XNVM(9#Cv05DlsI+MD1$aBOCCXNEP4?2A;G>LekDGo@5OcxepYa})J;mf
zbsg$12{pJ~rrRv%Nw4XxLu(pFUl3|&n!`4GpzCG{FOVNd0F*&T+uXEdk##t1-0rcMXH3f(@q
zz9FSv~e~N6HWnO;S!uLp$nPIV}!tu9Sjs;*q%li@=|}3<({&tTKqG
z#4;ShWf9s&P4&d|${q0Ett+>~f72?rz<;-?`j#(XC^}oN`%v&~WWx(^@#nub#EPnQ
zk>Zz}O}r7Ax0}$O%Nl|&;p}kevg$3JGxr5p5D9+T5d1Vcdm>W&X}B}JsS`&?t{a1-
z4lA)uU`_fXxHs@==*(4Ew=NV|g;XE1ta61D5zd90Q)efEWnAQ>lttrDYu#JU5fm?k
z5IQUwk~>@V#5P+jwf^qP;D(f%>Ua05l6ql_+Xj7ceQ?8YCKm5kmF_M6Gsf#!jLO>J
zRu)q>^aQdXVYFvWpL+)u^#tF;f4K&=z&;iCi)J!5*K$qZbP#g7nf$!|eWoqj*~~lg
zz0KZP|5=-DiQUT)=-aNL@I73CX!egrFKil=T!Mtqs#c+v(K!|`F#{n)hE+YWZ^(s!
zTv_ZbgEpxKEas?pR~h~^$Wqjx)Z*d6C6zp^*s>zHY?G$=N=@}EX;nEIVygVbYxk;D
zT&b^)k$gKR@^ObExiTo5}*|*{Ys)_U0Wg(n0a+5&fduk$C;$_qK^2_@not
zC^wro9GGVgjCg*zne-yKOSOMZ^@saiek}fb=oM~nD+jc1r@lYE{a+&8%$R#L$o;Be
z=hCV^_~Gyah-%;T@Qr%h{*R*jZ=|lQavMY&Ob@^Izm~?m*#2^%7r~VeL%E&8zvQ+~
zv}wBRpur8w&U?2PCMM=~rqA6O1DciLOso$yge8~^TK7wTgo}8Vs>+@;f`NY^&kQxZ
z(jPoMyaK~NFRm$7Uq_#Wj4yIIoo&RoAna+Q=ODeoM
zXp=ih8nE-jUXrXgkH_yuo5`5m+%^=5zS&Ni
z-$L8+j*dyHy&Bi5zG~lv$#&Y&6ggVGL$xP%)O?|HpnQlkT+;P*mmDOI;y>On$UW0P
zjllj(S~k*!9awmp3ArFKq?X=g5;)fcz9ccQljh?kq&``QC;qCN6P7!<$VCk9=;8w$
z`LRaHaP11|@g~2g%)4=+NV^5lG1)9(paA}L63N<*{!6+J2t;Ue9rC-(Rf)YZ$<
zuxokDI`>E2)HS#_v!&0%|2s!$gtrIW+b`%(&~em?TBUF~gkI*@gK9D>S
z&vS5uO6roc@dI25J8?Dy7f63DM}kIHB}anE_)fZo90}Nl2Q&WNJn>+z4_|^*B*eCL
zO@}N?sVqZtuE1YX7(ZEyf1^#LbCmz7&^clrlR+l$cFB!l=eCyjl=XPjtnYAnN6v5Y
zIM?9W$8ZKyw|RQ_+>LHkh1`BL(3Eu4RGu(=tZCP`AWnZ1_7Z%FL>_P2PJ6%qM#;@u
z$pb7sS9cS{LA-Rw`#JiA6Zn$goHsgMOV%9M@=Chnt?wEc)Zo)dXyyfH4*oI}$
zij_UF(;kuiOVh^VB{uEtkODSPXIW2dTO`r+6_p7ieQeni8@xd?avsihu~f-O-HJne
zBYnxmWyr;RTo=v5by2;|Nkb3=_*q+FIJ_9?TPzoFIT+8>2k)t=z9*$pF69;n_~+D6
zL+ZQdY=#qBN(eW@hjE`Hb#K=Zxmd#gKeqaB&i_Imz8Z?G33bIbL(Ho}JwaY)BaG~A
zYUohxsgBpv*rz*?mVMU;@2#o6cfZRqoV@qY%W+quxE{rdZGy-EM+5XzyuU6j@b9VWz=kRWLhZzp7g;4K?0OT)Ln_xzkw<-j&d{D+
zp~%yrL;vxs$##7euEgA%W5r7nw~OGW$$b(BE)9p|pPU;Q*(YxmS`
zuyfQKZtDb>TzU}7b%`$>g~^fJovA21-
zO*qCYb$Duz@!vcsN%J4$GqL-GV|)*!@AHrGKs*;$J&Rn(?@uNjqVfkg@5)XcL!4^S=E<=PY%Qd%4AxQ7261)?CTX
z<#jnTG&HdoqV2OJSVLIKR3FhCfHNS^Wnr$xQ97LmkF!HC!y$JJPI1U01Ydgyhf)Z;
z@Rk4Bq4W!v$?^Ux=c0~b8^Tg~ZdqkqZ`tu}GJD6i#2`I|?o;*kW@RB
z3D3g0#g^E@S0v7+4`NfdqAo>aj_n{7=iJ=Wd;DMQoG(YYd+y&8&2J5Etxu6W#9wLn
zn)K&h7@YBOa$D>g$1QKfFM$`!IVF8=mGnUNY%YU{-O}gcrmCF8PE8Mg*9(Phs!qen
zLEbpHPYPuWXIB*QeJrGCUgRj}kS&$*cSA9**!ac)h5`SS(Dyv=9*0h`+;Y2Y>_l|M
zVw^VLl51R>ntM5B7^_OZt{AK9#!jtH$0N1ML+i%&tNhVWfh>!iS~vEM^sDpmcfv!q
z!;l>BsrkN=H0P-~3Tx?Z(pe!%Cm{_(=Q{hXU%H>Wv_O`g=q)|fUAng{&G(i%{bf%q
zQG+e>d-w1-{4e-bA?mU#|pxMqNA0$kFeO;sHb5k!{z=O
z{m$RGfmfq16gV~Nyq}j;qib;r@?9l7g;Rl7qpdi+hO_YS;2znxlbRu{AG#d9!8{&j
zNuAyAk^G^#_>cBAPD`o4cK)M^ZSOc9zZhEe#IkWpH=BH4l7byz?Pkeqr%x8)C#|~4
z8r=VgoiBHWlE)sGp>JB`J+TNy3g;ac2_}!w@m3c5CV3c9wE#u1$gQ(XT#F~vS)8+E;tq@^s`x^bS%v^r5sq?f{K2gl9v@Ok^9m+Bg+g
z?31pj@?QMZ_m)mT`+edw%3^DbCvY2bCgQ4ZNa!(^F(z{=|$4+zj1%O>|xg
z9%#$@$kgF7HuB*!on33DFX4@!VlUJ09pPm9B^h)jXL<%smA*`W4d*Ja^gc#%hEpeN
znw90lXPXArk6Ri3Hp%i|f*9OZ7saW@Y;w6mr=gj*)FM7T3HOmupZHl>2-_Tk8CK$y5N|5{=^w6F&G5@msGexooB(p^_8b{mAv#4DPGTeNbl5Czmrxa
z@9v24bXe|Utw+O)N7|6$yd|>==Yl&Be4DDH59^-W*CkB+%M$3^>i|N)8W#(qwg>%7sp(vG{ud@{E*s{~{eTCnN>!)A5f#X3lL2
zJ1cu)7f808XNFEU;64lGg;=_rM-o=bqXsuU&*Fx9$a{e2-|8cr8|6W1ST0E7&pe(D
z%ckK&B!&j}AH1L^H=`Sz=abHTji;TFFNQ(#oG!2J5T}=a4u?MiccNObDzll3d21me
z-5D=4-CQy4N68u6y()a+dj8FB>aWhY9?N`t{F!er4YLlx>n!PWua(xPrEmx~Go`SC_kJWjEQN<~btfraE!S-E
zQfT2~mO@>ftdWate<|eq($w3?ZCMK4&fhGBzwmFj2JyV{CJY$1z-iH(%dST-|LKqM
zRGWp2aE>gz*ld2H3CYdBFAINQLhd0U!p48ZP
z<<^lKymo~gF1|Y(USI8-)bY373M??39CxnS$04v&!o
z2d60X!f&Ayi3IWD8UDiiXShL*SJ2`o+09K5}z8yp!fwdGijw#OxVKi+h*pOU<5<6eI08mHZE8&m6X|bJ%`O4nv8|
zt)jEH{=rJ6=(00&7Qf`X+iZpoFjyibyAARN*eGWGie6RqqjS|
z!#jF%w*wb*<$NkQwXzKVVyJW)`V>x1Sg|(I;hzRb#Umi-{};fD-pj_By!Tu
z`|aLNNe#yPa0rz)P@_NoB@0jf=-sc
z*DK|o*sqb0#9Qt?&h3{4axVF6B~ppZr-U$C(kJzqiBTM!6vbR$6!j9t8>q8{D2}``
zAr`3{kwBetBB|0aH@WPCu#3+sU}J_IT0mk`&zqzUVHN=$>K!!*-00
zZF@wHmR;(_;a&gDj>qb}MeDDOF=@~7o!(syM*NRZK17+}wttWn`tdK(Pw3pLzj53t
zJw1=wkv*Jdo+l?P4n^hOBvYpsz`w>J8HvxHJ@0A>>coA#-2b@9-5`Dj_@Z;G-uazm
z#6P#njjF-zExc?xy~StEv^o-nICKd9V|vKWs}g%i7RN0&OKIT>x+iw=!~RZ{Ygbq3
z+7pu3J`i7fQ1aTw_}Z@}ue~I`b_`FR;z{Lxi{oowOkVrl_}V9u*M1|u_O^tzos!AN
zaara+O>lQN;Tpg#g!8dUYzx$5{4^nHc;|>Wk1#C3MIe&~bUsn*J?4xc98dn~`;-
zbZi)#_oU#Dlpzd%T*@q_p>HeY1+1Y=rGG}&UbqmGIaeQ|C?vgT_EViw*~N+3AGiYp
zD+&Cx6BzqV=kbqhqHfZq)5hBSbgegiOFQ0g{R(}?weGHTisu$sifWL_Ifzm=8k(bV
zcoW2sFqv`YoH#MSP*m^1+%f&ed+n&E1eKZt=tuzlW1aKE0C-rQ$H&
z*v!qwUopHyVusI`xn#p-ZjHDZcej;^XR^X8f+uG>$-BH#K9;8CZUa8Ech~
zeb&HplQY)xKXbFspRx8J#$3FBGWQGS;C{g(+%G`KzKOY8PEI+`>M5M_AA1Q$DvqMO
z-EbsC^M8qdVge)+juCAy#g+1xF;KK;zOTaoqkL3w_G?nx(b)l|QpQYkM+%0l;nz*wbpf&7Zl
zF?c6hz8T~M&{;{&CI2waDql?i;~53V%Gm#4&KstF{XabcjQx%O*^@gf@e9rZy8;)_
zNwdJt!@^C?0`s1je8GL}JlQ_B@bi!g?ApR``Y8$wMf*iM7;;l)iD
z>&hdPuVJjXGWc
zcET-jJKBTYxn>`*=f*RNXx=&BaK=VQHQ~mGo2FDuPvpg6G$AE?E^&Cdo6_{TBk1AX
zeCk}Ym(G@p$Dx~isoEkvoF)5n3J(LlbdFNf=WfYVaK@RAf49Tct3HLAWcSS7bH?OY5t-*pPkTjei
znI>rot!H9k-KT-{Fn&N8E1G5{)$L&$)
zJYV2;d79}x>|+{snC_%uXQly*5W@pC2&L7w1FKEueCkoK3mSuSD*}6T=4VXa?k;92
zvrXkawyU$JTxa~TfM52CX5RBnSWu~EtintRP{q5$T7+!e6u#2Zr-}Pa6&&0Pd
z6&Hz^6eLTX)+v)PrSi0OE=Nnkfl)1ekX!IxIkG9r{Q|cK@FrnSsm${JOsm|%`!jvg
z#`T`02dR4r<&XGD9szmJqBvyDk@DEmt8(7;NoZWV%S$2gyFQh2bsi0S(H38Ya_z*i
zu`>Jt_JrQ+bhdP-_mV|!+Pys_
zahE9ZlRihFvWDaZSG{|qiM$cp4h^F~bd}RwzlV5yw_h~;PT2d9yoF=JZ}%DDU&lkh
zp@!t}FQN4f|0*5{TYZl#ER8ShlpH-M3*!^Iv?{Mb%)ure{PM(Ug_Y8SU{CQGkF~#$=KUEn9uGn`d@~-?KYzyK6y3s|@t7vl
zm%sds$1`q6eiCLpF5b!Mc~(VbjrX+Cx!H_Ue~L7u`|vErcg&8+SGO3X#xF28$;G8GyY^cAL$^NBjE>+t_>!lT^(
zANo0ZoB#U>k3rcrKdUG61rsJpPCnsr@;QocpXW6foj7nT4<2Wl?D$S>!)wFDIf|vjKaZbB&|dLwtPR-ha_}Z0N8!NqnE%r;zLhP2qDEYX%4X268kGr3oAqn>%cYi{MoN(N=
zob*MGyWb*|TLLMPi(3#)(sB1co`v|nJSA<|^gKUr0@z0-2pgZkc#S-S`^;I0*Wxk|
zy?F90#E0a<%+5mG9>pxzwU{s=S54m3wUfR;>b&W1r#PvbzLERo(rDgo+dF5D`Vfr*u`YC
z5Z6bTW`<3eg?KYpXmQLb)|RBR5RX1fw$)jPso1UQ(>FN_vHLgJ+&NAC5qD1YNYY$B
zj1!OV&Bhs-$wjyf`@Lx
zVKEm4i}UK2n1y%^x>_9CIGrZULi{tDLc*baBm?omH7~GU#RU#d!Sf}RXP+jik)s{s
zXP#vrMn1ix9m{%R51lBxaR&A0$cQiT;$V_lh_%?lmvv{;eXyyU?@=`7*tJq||D{=o
z^Q6cAKbwX4OCFm#3vsh;okR9tGA2%*h4^jsI=*pU<~a!E&O-bM_c8w0XCcl>k3Shc
z6@TlK;rJ}X-m|gaq*;iM%hIG-hzn(D(k#U5WNFeY#9zzOq*;h(%F<7ypTsL}It#H-
zmJWJL`LGmi@4K?}8TP54IScV2J(YddEX3hkrHti3(ZR&VY8HE^H1O-ucPGw5TyO(7
z@Ma+vZSB(1in9<`Rv}4F
z_je0!YiRf99CJ&gZ*|sIC$IhEWD!=yBm5CIi4DqKr~ma?h|i!CbowZ_&i*%NA->9+
zBRU~(=dGODJGO?khr4WY&j;^7Iw9w=xKaScAkv++)P*E-o+Q5g?JJ+^tVaQLOcL5
zxUFtWq{_6(Z%?+##4mM|=W%w5U4)YV(yb0>He7u9XR0R8LR>26!1yf0>$Y%;YmdvZ
zIJvkk#zEjKu2NnjI5X~oNV)gsNWJr}#Q$GsA>PAh06H`C@l>Zwc9gC%xlB$)N8u}z
zLfpAR6XMjtT-;dr&u1ZSix~WEiBbJqZi6^I*yFf#Gi_<@FDBXKq4*~C*d(^Qw5`c|
zFbsh{cNXFu(whIHS%}Myl`Z5h%A~Up>o8nMn1#6PDwHG!RhyoLcq>A=CDDfAP3$-n
zvYRb^yZMXFLYyLZhm&R@eu_(Kr%RrO#IFjOS%}dRc^&u*%tAa10r|8Xg_bZ2@fOs}
zQ~&ua#P?8r39}IEP`rupO!a2A$l3gPj{Uxxg@{Rt|MgjjbI?sE&qC}D*jb3{WZ>k^
zLOl8!`8#PAVk=I=UXalX@b_oG^}<<*t0j!nG5jfl!y*4dZewR5{-?7B5B{}8<2)GQ
zp*TFqd;VGm60iG0yx@j-1y7Wu1U^KsTpt|p
zh3Ilabhsh<7~)l5h*memEpCX17~-`j_s8>$*dx56U5-~<|AijsCAnqwN~}mms4{}`
z{R~azcbuDb$3#{vl`SRQQ`q>p$T~^bg}6Br+gff()vegyJd<^Pk8M$MJ>!zGCw7)>
z6b(Kpe_tlIc%sEmvYSKwZOnL{?sYAwB*=+&FJJ&9w>
z#Y)Ft8!zjNRI7g9GYHxd+>yK3^(~=d#r|uc#`4pMzkB-?#Z#u
z^Tl?SFSZb3OFWyT&&A!Alp!=-`+mnh*v@|%W7Tab$#F(;FX2vwcXn_`4IkkYlC;V5
zXXqw(CvUQHvQ1jzoBS$ylN%=6^3eH-LoMl0%!TBc=#t=su{9@_E+I|`T
zd&b8M#oa~uRgQUXmwdj{4TJdogewp#;=H5O6Gryr<59SW#6Lrab47ZcT(yT9nq)P0
z<;C-^vn@^wnt=7+V{{=|=*QxA|E=`xjo@OxgIloWW2Gm1k(_K|5#ltNmwgI<5gHs>|Dg;9_??VUynuP
zlBsruvw)%hb6_Z$QQ%!ycpP$5anN`Se-PK
zxiO3#ZPReJFNVWx43T&Yv)mXSNs8gyz8J>7>*m5s!w=&zq`NUxCdKfoTn_NHo1WMs
zUJU5aIkriS$MEL+PDvh+6vF~v43##9<+K*5g0%hRm8@fv|2PJqD*ev-ZyT+P#z4*2mYTC9gd%zV@BV
zl43qCzP2}c?Y{A~4<)ai8ec2FGhouZAy0F3Db~hzz#TgD%<{>1J?1uf6nS;OHTre8
z=6>_8Q}+iSDRKLcqC4dIw%d9xlRf*7q8=HkJ9Qs&V|cH?#&Cu&hJ(Eryt)s^W7x@!
z;lZRBru$-e?;tk~UJOUYW9Y|^t;o@SaZ(H~ODFB-;z1ijARfaKH->$aVz|{8!^Jj+
zCuIQdl*83-3~$Y{lYg?1oZWCX7UGmzuFa&T*qXKJV+x-l-uR+$n6+>ZSYS7G$
z61sgl|7n`Wf1*?IPtsX7d@)z{#2QMm32vPV@%*hWhUW-~3Ln^XmdP(2^u!i=)$4A@
zAvW5Iq~yb@6K0s
z3nqFaGGoAv65n4wobfS3Nca9SQouNfJH+q9AiMT<#mU1(TG<-S5=7%0RB4Xa;f(8F
z?nOLP%F$`@(O;sDXPyMtu8=zQeFw~Z0|(W7`ots^8?0e{p{<}JTp)jcLx%M7mAVG!
zHg`ii`WIQtkPQdPi`Q3R3Fd#uKhD#nGrXj&s=DZJP
z_H>~Xkn&~DqqN8i8}1Lu?~lkQ*8{%uHU_^_84sqfI!~WN_)7}r)SsI>o*MNm`Dg(u
z024SFR_@{I-}3NpEYve=x`eSQtF0cx&AF6Ir!K+W#1!YJ#XqbX!-uV~G{xksA@!Jm
z-Xcblrux5m=})($_BLs$*z;0Jn=Ht}^|Ei2@8mHx{fozV>JcW!zv8+r{yE7F=~Gib
z!hGI%qGicDT%w~Qo67oMm@@U1KDwD{lJNIV`}{D|3qC*0eP1A+wK&@*+|_0sr}j?Z
z8If~qev{>{Un-j?XKktX)CF$wU+yh&zw37SDQ*bl@Kuzof3GrjoQVpGMb={`{#tL!
zH9}6qH9C&>zr@oMa~~C?KT`a9JumBGZc5j>?;rjI+a!HYZ@8u;}<+nIj@Kxh2p{e>1UFj
ze^1(?^EZC6x-zJ^DilmFxQoFvU#
zPnzagNOQu?6z2<{XzudaW!BIB&JN`W@D`01Iy;b8KJ+WTi!iME>^i)sWK(NTJv6zr
zrXguD9OUa{_62snPMXhhNsRL#D25|*9%^A)!f40sowyzPCv*--IJZY!_nsSlD{#y?Nk0x{
z47L2{!rNH2k%IKTdmplHu>RI+>Mi51AzkbLhuAoYvY
zEXCnd-K7n3Jj!AoVwK;$N*0H{-cgNcqx9Z)8dqFLVujYOE^T4c!_JzBR@bF
z_@DI2KSei}d>)bUoavKGc&j6+Pu{{w>U=4p7Y}ioX+pZIjzLsO=aDbaC%+|E|ITrM
z1BoU47detqjtR%XPS}C3&b<-rm*`QhamVcFeKy^r6gk7@q^2*8F}X)M5d+`Ew*PrO
zO0E>@7wA#$-t7zZDA!BJo7kgVgsdi&`+RUV3&*K2wBTh
zGvD#Zk{2ap2Ce+~18)Z)MbScx)AUSmj|^wzcNd)Vwj5Ua6BxV5Il68|$XqozR6Q>Dbrf_J+50
zLuf0fMpE1k^C6trxCF_51A{{(GpWJ2Ib4N!J~J2m4M#bRq`1HE)HRl>J9YNy^w1AF
zT`SsYPwdW_CPqDnxDCc1oBzIrgwsAJg+q|8S5q-LDSknYGTa}HWUZWe{AV5KN^UK-
zS>qlmr^~4=f>Bx&KVuTrvDIIkbI^KwC6wMAP@)iR059cme>OiLL{>x^p|q>MHH@ArA$_nh}V
z=iJF8`ul%A|G&>i=AQFz&-?7p^Df6m%YdH-4&VD`s7>JMW};`@TF%?Zq)g-wVT*X6
z_nQjY&b$=6@ND5u!!1r=IN|)>z>E?G^vua)
z5N)SZLw=Xi*1{Mlb_K1<@*vQ0Ld@^?BuUXTon%aOTh^94peuBsi)HB~PJk#$y`qL@gSe7Q3ai2vHPDX~bb*Ei)kh;K{08
z`O9ZhEPwf2r=v}(i)Gg)L2}>+G*e-=BIJpC<8#^0jn%#Y8#;uHQSD&3a4yxz#dR1$
zxfYnba}#C8FuH#S0gdalfzgV={u1hU^5;88qe1Mu2qFH3z9I@MqxF=n`=a%RHjRY=
z{|dF$e_HRk@v72#&6F1Z@6dWW2(b{fUI1Fp2d(EOWqH2ZNnzt3Y{aSY77|)nd36Y1
z(dE%k1EDkV#oK|t1f%>7@tY$7Vdez@cmq4xm&Ps7y<}e&U|@hKgMKzj;Ft?Iz@_r4
zSSN4*G%&8DTO|9^wmEAelflOM!?IYIfkgAv^8t0)mc`Wu+ylg8YC@G}6b;Vik3h-z
zhHUQ8G1>fnwRi^0j&HN%2!R5rIkfd7`*{3}f=`r3-bF
zwL1jf`pydzJ28RMFew1Tem2}^*pQi$V_NNlR)2zVvu0b7x~^)}P~F5n|ApZK3gk<4
zNOEvdntBuhVS&fsf;mzX$-QJ@wB`66*fO+ImvcA5*hgU>ajbC|E?HgY`O1o5)VJ^!
zLxnqPE(9OR*m-_?3`8v)1#%UG7E&TN5Jg>loM6GiSb52609pap9aBskj>a15|I2-Qz)ZbZ4gyrmO~Z?MS6#_M169oqJJ7Poh|;U4#QJ%
zd4BZIN+ovDi9%4Rv}>T)pIsjf!U{qi)5igj|4`$Gp6GZ_u%)u%?k&w)=DcW-ybAQ69v2DAF%>v$KT{)pTaFm0`JY3LA#
z^Ga$8`Qn=hM3=UsNRsy?Z0dERRN&
z9*V&fVI*hOVFH*s;g|e+LyWCVGx>1*{Q7>$_T&du0Y<#_kE*U6H#Mc0!d4jD(XinR
zEzN9(M7e6T@ojw$Qacs3Xpo_`#lVynp(#lrYL5~J=ryzz8sSm?qO{*W=ydSj!v6au
zN6}00{gVCpD(ROj!j$H6imn5@2h5IxmHzl8b104pzvM9FQUHhRmpno)3NLO8SB1vV
zDy-Zu*+QtjdVa|dM`MUYKCnKN>Kx4%g{2s*u@S1~;s$&IKu`DF9Si=xn77b^x9y6a
zTnm24ld#~YLe+At(1M?z(HB4#fQT&kc<5cnf}cgFj&M=XvkeNa*qiLWrh{|~{tx&b
z+A7V0AEf>^`b@LncaDTzIB%cGE?mh_Ohx=mnutCu_)SP^{D0JfA3-}2S@7HFiX|-g
z2ej*^l5fFZWJ$t;SBkk?MGJlhscr`8(}E8K+XhcJMwEITc~wKHBGT;?bk9{kjG6AQ
zX~EwUk@PJ1(Ma(ro31yiE6lMHBwXnHifPGah
z>;&6%>TIQSL8xH4H4+aaQvu{V2qCbnK<4fLU453@{V&<^^Ozkqm>Q
z#q<-BV917@2nk<^R&A!vVSs2^=8;O2FQDGr2fQQV$|hK(D$Hc;Xg_$b`z^7!C?~|4
z@R!4j`uRDy3pL@5ObJTgUY2RAz%R597qw4j1s-oJcTy
zxhvNjF?XT4ytP%;b#gvSV3lg_BOe9WB4g8fA#=nsGtZ}FV7*)rxYK(!H`xn7Ei=0+
zX5fo)8fuN)lkljbR&u;G#9#G7#C+I+@a>
z?~w>dz2(pr7zx)uN}msyv$+Rc6JXy?PsI#=cpb7s%YblJ$-OQ3)`gEA!Wht|9ZeH=
zmzt%^Tj@MWXp367kBYGjD3%9LNR4MD&M5{vtRcuD&q~EOglwN?X1g!S0<>(V~-vTgrBq&K4mS7;NMO611B
zxsDnt&m;XElv&Ipt&?s=dWyk6Fl8Vq+7ZKkCy^Cy)ub@nV@XtE5LaIud~^;Xg9QC8rKquY^&bOVFkpC=*U-__(@iW!H)8Nw8BFj|W6Dm^H!lV^ZDU@m8{U;|dAr)cafL0?
zOcpwl=nvpd9iy07O6it#m&L>fS$vEho0TI^gUuR9X~&N{p>zz%LF!z#wi(~zKr&($
z=)>ua6X=lS_^Bihu7`iCy*wJ+F4hZkDh6|5GJ@^cPM3Tgx`Q2DW4v-%m_cv!Ysx~s
z&^sXuL&?lW778GELKaR&&NR|W(H#_+B>Wt%gv)YwBa+~}@`CXdcrK6Uv65>_fZJ(!0pR`(F
zcx=d$zvxH!tW6h#Wbg@LMRZb)dh83pO2z9@u{6T=xlz0-y0%@Oj+%6Z{L30Z%wA*c
zdR3r$*rd<*aYwD!j{fePwveqAYOW`YLti~)^rE;YqymP^atNS9
zF#9e%4Sg+}bBK5pAp_2DHA>sO(^i$v
zcf`}~w=4llMXmi96PEGw644W)G0uqNrznq)00lZ79&hJd_ZYll#R0j;;5vczUs2`r
z3DSSK;bUU%y@|QEf^N*Hv>An+^>VN9-PXuaOw550#o&UyF*w)A$A5SHF@3C1Un7og
zF?buI5J_K*Endt4lt^{seD1Sj
z=;Tht`j0w>z>}bF{;n=W5wF@z&Pp<@pVFO+v@*G~j|?mLPvLlds|b$Bn|=_%i$glC
zdOxcAm~C+NZQNs!*lSWF&<0BdK2>aS`2(k1pwGZu&|rIHdd}Hcer-q2CAY(a5rn+B
z2S5`i1Fs4q0GO2sz$k9O1AScIqK+&NvGk}q9S|-Avn}B2X#zr7CI!REa3j8;h)XcK
z$h_KsuOvemE~fqgnUA^gp?`@?X3Q5H5pp?aDHa}oxC&%eiU#XsJFG!xw07RQ!Ok>v
zV>4Ydy)T#|V4!HDhYEn$kzM>c)`^HK2vV(lKn0OeSH;Ea1s{Uz)M9sKf1ds1(^5TZ
zb@6Nw7P|g!3Ui&tulYa<#Iz8)I&==_<8?S6rgOo}_cYy&8p!1Tlzr6P%{FjB%xuEM
zKH(9t68ofUfskGl;eS;iL`G~!tClM{e)p+pT)eU=Y16F2=wHZib!dN^wTP|0(<&bk$M7ChW~TV^F56u`GQ>v^6-2AT0K4m{5@2jU2HA;}}pb2IpE*7MwnszxKUZy*7ZmZ!Poud5K1Bo1i
z=|Ow--#c0h-e=r9`Um!9MBdRJaCPI}(GX~A;~jmMa^DZ{XwWd!19l&TD;IHy^<0cI
z{y*`K{<*ua8|@gXt|yY0a%2PGNo>#sVCo2>RrZc||BRSB+oLzi@0T{k#y)1J#qnAa@lO8TV@Dicb
zeEp64MG#pjThBFF={3K>bFp_{I`i%dNlk;s#b6oova(}Mo&t$jGK)&LhzAiZ*=&x$
zMH(`H0C)o3Qdc^OC83czr7j|iPE3aS(=Fgw1Iym
zs1>;7`LPWMH^~RM;YTADcr}=Wmt}gL;`aJ2`)C!(42wih_+frEs9IIw+0Ge;^LW9FU5HB4zxN!vhaxx=0SJa$1EbN13q#yK<`l##EEQN#&mHbKo5kqh(%$-GT1c8^BT1$KZ@73-wP)@{c
z&7qoHuV!tJXMK{$GV5Z5NTcQV)Luo9**FP_#b_GTIAZ`X7{}xvb4`hrvzD116*H!S
zjGdTq2hl%X{A0=_7}(0>gIF=q8$uY{qaG83TK~*SVW?nZ|2V3*_Bf_7l9}qFMKX3o{G?V?({HBgDq>UtiInggb_77Gl5A1!Mz~Ti8PI
zaipZ8MAcxGqPOOpJz*rMcuclJnVIXSYP+n4dmm;>^o^uLq^nIeKZF{^po^{_jfNcz
z%dpP`KamtFlvLE{NQ6^!@$9T)>|sA4i}fsgja)0^{^<1(2=>Cr*&uNk4V4CoA7Jq)
zxRSlcZefdKxgDLL!icY*9Le;Q
z2646#wkbs;tnG{IwnFADC=XCeRLf3uh;%2>TjtfTxHy#K9bu>m{Qe606_VH6&#`s1
z_HU}4YpS8egII|Tj->nU=S>rO7hprtO2Rha{R(G)2XBOtMl$kX`W9j+OMEXYx8c4r
zI1EzapT+M57X-Utf1c&a{lyMTXQKcQ(;~b^GUUhl;-rdTRXJ%I
z;s!_MX}B~J*z$mj^CRpvXs<;3E_AKOi{v#(k}F}vbscyB7;L6lfZGZ4kdq}+Jkte0
zk*GivA=bO?4d9h4^(lMWL!>2~evA@>l-**#2v)!ZmEH-R^*;Beo`exC--pPX6<~JM
zz_8ri-+RUa*xR3|;)?e7ZuC02LS~8S9G0~wbjD*@+S%W`j|Gc0vki&_S%W#*^k~w%
z+DUXmr~5VAf3&}sEEQW0ZJ^Y-5=W=4b%p+SiD7l&$#$A~E*ll#4i|_tk;m6$ouDG_
z&8-3L;%Ku38HmZL)^6rH=HQclnl8`kUxYIw%}Nc<^w`ZGh^#1p;noaTJD52thsx)&
zV>@cD_&v0ec0hj7;_V=yu!4nQvWer;nRisoz_o)2xWGHOT}_l)WxICTZd#2%c-MaR
z2=fHu$iZ;-hj(yf)E8=ouyqf`^=zou;p`GYXVmVj?l;wD(~uDDelCP`DrSJX>Lo8S
z+eV%c{|FzH?8NK`0Phe1c1V#By#HKcadHKU>=bpMN|`AVq`;r14_!2|Ur-h4co_3A
z0N8}TL(R0mNuJbFaDhRz$f}(Q-vLSR^j-`WNahN#>oNov&mgh~_6i;=pD@$80JX@T
zQ_E_+U*ie8)S73dltc!g{doodOmaNc9HL6l_EkzqzLt1A_|L{PG0SY*Ib7UYJNOd
zpV|dA)Ct^SwD>ikYtuETS{@S-ggl^OsomO_U%w3yiBI}p)XGt>r?#OY$Z-vYrYW@tL(c0O?C<;9>kH18#6J76Sbo`=6e
zEi`356b3k3UN!QSpSC;(I&Urj_A;jJ;0TYpwHOv$L!(j*9zeP`VNqE2b-b6*+aqU;
zpk~A@J6!F^Sj+cEUi**C5VWWBAu~K!w%SDg$iu=Boh$Q4t~b>%yHWTV6zSNnwm-5F
z$(!nroB;B$6R(5cAXu@Ca6dy2WrSZK)=FUnrHIMHkt!2tlX9+Sdkv^anw6(y
z!z%kDPk-i#vHBxF2e$g{kNhGLy*H5BE~U%b!9_IONjvxti9I09epX`u!bNB9|Npdu
zUjikoVF#~3NWU^WxCDL#6F+6`;5x#k|3`LkxH@UDeayJV?cg#xp#8RkCrf~^GCQ~r
zYOSgrycp|E4v($e4(r0O^iG6g(^cJO3A
zugnhqj6w7&+rd3WQ^xJ!^(4ot+rcghuCar+AgHnGua#L&Re!%kG9*R)P4B-Qd`Xfc
zo*iuGE8h2&Ebw00&WO6`-$
zoG5quC;A4GiuJYJrfD$3PB-_+sS%U+c!7Bj3FJ^j7cn4bO_%f`AMsWe5J&-Y$*Ecx
z7IDp?7#uIr1};>VWS4JM;$a=eE(Ytmz3Z430&lEjWS6f4Nbt6c!Cp)Zkdt2xTIdeO
zf~bT}w|+`wj^e#bw?!npowzZOFjBrQ^R7_>jMZE!DK^yJ0tL8_LfSC--}8XDe}wXx
zU?!}%Bj2E}-x8btW^AGeF9r+V!<5ih@NZ5n(_3G9$#0vA*Hf2!D#RbcTQ8aWx35+#
z4mR&28~!xYZ$f^YzejC<_=p7nW7s%MYNDS?J1>m1dcDp#SzU^xHudCp%-t#PBm33k3uYN_!
zJNdJVh2J|@=C4Y=OcmrsOvrD@9TBVTuO6UzJzzebKYQd~0x=NY)B!f>G*Re?P8gk!
zAl_DC4VJnukvrzq?gCnw^=4gTRXUsAH;k_47q&?Su`IYlcsuVu6=J60)e!F2_UHPS0Yx0Y%N?41p=AR{(zEokL5To|45s~5@N#b6sy%25D5
z#*owc`g_h#Ky2&L)Qq8%`)5O43M95`L<3?E;GX
z*i4V+TB?FYq#iv8ZXW}{Tz_}4lI*32wVuFU1>cS|La(<2f!>5;hr*h^-74ky#)P}LC$
z_7?IcWqnU%c-+=L=YlJW!BJ3t9_RH_3*G!q98cwBz52QInub|F#l$1Bl;xH`4DpL>T@%oP=f`*!|2*&*V-Yrt30G|TDsiKRHM
z`pJENe2K$(+;=Ht$K}2@ru#tglbLwJ->#?e*W6xo0vyK_?wcth<4T?qnWSrJt7k9&
z^s{Y_u5q+5-=a;QZ&V&t>lhDz8e@1p6)PI!J<%A@gWSf;AVAhL76NDN-N9~hJj?kG
zMA1rq+i6j&&?Mc?oMi?;w4PYPXlQU1Kki%
zR^pS${7-!n+~LUO4bKX<&?*chez-pF&#^4*K&Tf0J%f;gT?}Eu0s&BCJOBzAD%iEi
zs#I6tTv?gy!5Yu1T|b9xe);R?aPr5weh%uT0W8|TyksZ*;gr1Ocp4}839<0xROtN(
zUsSJCF;Xk+Q5Nzl-TKrD4Tb;X
zS;$GWZvDLhfi?!u+AP@~~Q2>*s!
zlO461hj{^yPQs*!N7-2`Iglj^hguaLp0xkeA(U-(x%t0yKJzxqvAgOT6*t?{>Kh=C#Iafndk`&Rku@@@_W
z$>H4#@aXXFkMJ1r?q+o1JZ{?LpM|A2Qtf_%9ip)0dss0mnvbYv}7IvA@-;r)K!dEWDv
z()Cgo(#|S-r!u)_5+`@T8ab?W3AtErpdeE(z{a15*w-L4PfhM?!H~8h-o@Zaf0fe0
zZT&*@`UL!~m}eW8+8&O67!09TFD91>^&bai3$Si^6uyDU_3dSf?s$;=@92)x=(jn#
z<4NC}CQw%1YaF#`@nEoYMSGvbKM5#`ATJxS){3DDuY;_V$5;eBPED7a0xR2J8}(vD
z{(Iyx-XA@Pen!9xI(*zUEc0?ThR^pob7qi)A+YP(>--*85nz3dAi4n420%0
z!d%L9eVZ1iljEBtlTPjM0UfL+^K77GG1wBR1sW4`0f&j@M`_^P*XT(^roTy(OV%v+
z-kW2(R_!F<=Oa1pDA7~#=t$Agc#M?jF_Lm|eak%7p%PlPkI~ljNBhFhnZAq1Xtd3d
zruOagW@)2Aae9mgM(0LA+#i9fQJ8Jv;?|7K@wzwKn%IOiN4SD=pEbDt{Z<~)`!Pg=
zKLmzjO#TV5tXim&f50rVG`Wu*)7D`+oVRMN>ZpB9>|e4M$DQ|T4Y5iSJH?LK=fvVR
zQ>@ihOF(ePT0Pu`XD8?QO}J+fdeRJmaP;*E>6L}WZK#L89qc0FDFIS1t(P$Zp7QV{
zCeBr5w0B9o7q6Su)!vitb7v>^#LBiCH-2qyZzn1|Vfepiiph4&BvVAXG4wL3-u>|a
z#(lI|U=00Zu0FXy^IgI(7lU6sA1myE&5FTQ_v%a^Zs68ryx9IlqIfR%RMmEAOGrNvJwH3k)-4b5Pet<{XuL09p!{6SBwLs#k0Aty83_LAz=gU$5?o4O
z`FR{KSF3-sc^#mT9fY5py-~zJ$0C-(g6p7i(85~J&_N$OQk-8pD9+*DbQtoB(ak!(Xl7yfT4E5`0g@u({e2H@@_UU#JCG_?-mYFvY|xR1+JI
z(AA!Z#$6{cCT|C82CjEmV|Aq`m!50J2pW5@MXFJgho@3>fJ*R{0cH)!kFEsu?vB-qa)n+=(?;&zBqO?~r!_S&jprlhaVbPtI
z?IXaZWU`(?J_l{rZOOb-2`Lri-;N2CUd(6SfjDy^H2hZJhmf3pl_pemGS)dCfP=B0GJG*x%IQv_z5N7CEhMJ2scrLv2MpJ@>Hz!vnPX~y+n6Ik
z(Y++zp*Wo%>!|$Q_CDlqpXc$+@nYY1BqqlIlkG7zin{H@)9)q4=3;Tg8xbTAQeOj$
z@)e_63*W7PHTP(#>MuNfWM7^MEeUu$Rg?t#Akn3rLO<+h3-W)%0RH*85Mt2Y+XEnb
z`ej>6o1sb*1)4{0c&S@+cvbW{;Ed8F0QMrs>BKnTxlSCC#*GZkjBRD+J%7M^Q)d>e
zwtMbS8lFK@t|*=$eYhu{tAY-!vrAve^UL)>I34(a<7Xju{5zc*GW7R(yt216BwMJu
z^t4JGArB=bWnFf#>0t-Ahvs$BLzhXFsR|fjhy43XI^@3qc8;pGR}VT-b@Iv2%+vx}
zNTq7D8$jEbKGO0qQm1wnnYbIwfvOJVm)$2$ePWjjwL$su?}Y01RbXGgW;Do+O_V(Tt;ByQ;;Vs$6u!ZTjBTii*MGt
zlbu(c=!4ono_qEVY5Vqt-ZY)Ingt-s29FT<;8h?rOf3M#uLcj@Eq%PeJ}5_36Xcha
z9SX}y)@N=4Rkv(oY5=q;1{)#^VTB?w$OVZ(PKJktu3x*r4zhVP$UE>$ok1RYBpl=q
z@GI;fq5SHeRF|tQKayHVuIYvF`Wuk8e(deE;8)am(k+`4_ZwePYY;zl-U$3j*bjA5
zwbS~n@mcYRevd=H_Kn#m+wu_mQpfoa=@t96nf)!ylgH3;KIwvYj-JNtIKvGEhNy2poud>+k2U>`e_Z;TByZhNV8jzq0bqZex-&0RHX|5y
zcjAYf)I4>~2h62JMh4n*x@BZ^wHIu>69Ub)^ZtgUe#Hou41pzZ3cdBJSVP-k6M0&t
z`wwUsG(pzjbdzRqx+5`j?RIUS}z^Oo6OGxWI1W_)EK6sqGtitX_8ut49J
zmR2n2F`6u3WJ8d+$qNctif+EAjNTPodcB-`7dbX=)f=D{z+$OUgkrvV1GMVY3pzSL
z09+V;O_K_(FB1iEwr*S3`o0nCAg
znL@xKGFPTIpIN>~rWcp(kZDWXKq6SIaAT^_T>|$v1nw_dW`4m#2M!d*PeOljDN^#M
zyw$Oz$j0jGh;7|3Xons_uKCS;)0>=$+(2y3qrQM%A6Elqob8vuf%
z82jWNE$+)L;uYEAzIvHRao;-gTyOsBwgFha&Z4j%xT3DaZ*~Vr5aBlE!dff7Us>_M
z1lp6r=uHSwVb3G+CwTEbur@QCu`3S5do+4WW*x4V-z07|B<#c^5wN0
zK;WT*_h3sQvuPIEOiwB^z5alM&`gF>edu@%VSH~qJZ)!(dlF7T-|c{SYCb#QKm+H`
zOv4XrYBN0~PTCBqtEDM$TJi88({!pfh2Aa(*ks?H$@I(VPApC{4f!`jZ`%
z0LSZdkoFm1oubF>@5t2tLas%J!f}3Q_rp{H>@EU$A<_!61}aZ?!Vv050KO^-pkN|c
z)^yGYXODSDvp-5Zm)YO-8xE8*Tji{tIbfj>^Hm0Y8)*kn=2Mo>alg$o{s?;$e*=)!
zis8L`qdJj?MJB@JFIv^8wBm7S%j;jwnKTrIyeL`42fr!sHTShqc(491#%}2yTvJ#o
zKdNSI(b8L0bM-6oH1Lw4v)j(E>F$uHK{M*QAy5?DR?KaY=BDgEI6R6C{l0?IIJBj!
z66W9a;O`8pY}E(mLN*
z>r^UiN(^*}sX)H`cbqRBA$=op!JmPImdw)1(oc=!{xJ0_Lxe*j?|nJ4E?T@SJNu;>
zTeWgB6GzGiZ6+2*4Lo4%zhGJMfah
z;KEZ%xL|Hj^S&5>)eUmvNlx^PpHb?<0}mEo}|b-}zmTzD-HL
z27ZI|`{7Tp4EA?NS53=T>HTW42P>L%yg-yw@`g-i6xR|x2
z1V8H4U^Ap>O8*XvObgyp6Ro61ov9F=fCFU70g2b>
z5|MKlknm$?Cck&$&y{>D$(8MGszFqjA}9%trFi+dGJr)*4z;O@*O1ig;WxU8AJBu^
z6GrV4JvBwNv~lBFCE*a#7dj%B`2x^)8G=i@fG#w0C!*cxLJ!R&k>6DbmDGhl5+i^+
zzG93pw7l)|{8q{X#-aCHi@)@Kp{T{RoCRgz^qs~cXm;ll2BbVelaDQjZ%ywK24B{{D-5i+d
z{+#?S+BDSvKjtcl=e)i7oyd9X#BX)p#7*s{F=Yq3M`jUu9v<^A+PZH_Ex4wwdyXl9
zGXW9FEW+Q46Ki%{jFVd3NH!X9h;zVRF@|n`_vElMF(|`W$f0JpHP=VKXROhRdKKN&
z%?jP7VY>!YBU)5Rgw_UmSFtwT|E6(ar>sb%#VU58;!^N>8!O@`q@~TU!;}RYX>@Qw
zL$@b&8ejd?TNqLnw2pa?OqFbuVe?^D8mp-?E7=8=j^-@%!T1CL!vUANy|P`CfwZdqIn
zq~ZOxv6&9=1CU+O{fglNBMK6s+>Uo1lOGA3*a+nyqDdkYWvE|1z1=@|!|F2U<$g6%ygv
z-C%58x2qUz%{OBoZ61zVz$GW5JTH8EZo8}bwh;;nA74BLd^}$H_*5ta@bRtq6Kq32
zCw8~+bI8}j81==+Js7sv@bS+cjqx#ajm}bkdUlcQG;WZW+}oC}O_(ek4u~nZCm^GY
zx04ddy@L>I+5*&j2RZVjx8iNMnC|Kch9YY1as0wXnywFv
zPX~;dSse)qz`qeKZeC5$SD0mJ@v%Uvp#eFrfGi>6$Sz^wF0^IZ@VW3iN3|lZ+5Ai{
z7LT)6zdwegwx>-z+L}DF3#}MYlgu?{v8v|B%OR4U#<=P5NMp>yZAsQNt!ZR~mqw?`ooU^5P15da{q7EBcN5+2$T&iIi)mMPrX#2<*45}MEa>Z=^Uc+Vkl0nRr_$5jCM&!Sgo23l1fBH`V;c@D*XqInF
zO3}%a4@GWh$HOWsWUcW<&c))Zps8#`EzbnI(6@|wnZcgV5Dh6^i4HNlQbdQez@_az
zxQ_}SBDC+`KCQxu*_vrMzmD&b!pZAiL&3N5a1dezz#)%?(K8JtXCoPkx08qyZyV2P
z=)xAD$F-2WieyYMiMO}?5tTGrx~LtLrjP&Y~)p#M34c)
zE;pBv|7%0ox}L#LNTnOdod!BsE=cMF>QKsKHYdB1k^)BXs6!?100Fxbl|2FL06$oh
zyp+6Ql7^ws{OCr}+i;`Z6_(%9i3zE+o)M5&@0PbRWsgdX?;I+fL=|o|XGQmk$|M$*
zpTaNK9YXGiyLcl$bcl-N>E%Y8?2q_gif%OGa#Sd=v+I*TMK3B!T+dE6
zJg7{=pG6IOv1pZSxNez-M@0=ENp1KK`0Qzxb&IIs6=)c2aSuShY$@gCXvgAw5>|$4NtL(^odj#1WT@}cfeIPw*d`_CjaXAjWvI)!6dr9@+)83+%fj7QH@xsP&iwIJ=tYI-
zoyXH;VQ`s-2S*M6nA-3uXzR2QH;5WuklOItG7VoYgrIW$Jb0Nr5egBd*lychB|8MK
z-M2$i4~k@HB7XZal&|PM(`WE&f0@SMYpZ)Soi?{HdclFpU)kRQ<~07=@%K>y_^X5Z
zHDd4;9)o9v!)Yn9!saM6=Hkpu8mqTxKw?1I)qwKQ!e~U#Lf+!Q2v9N+D67xv6&?uB
z9iZ6Qy&MQz_#iC77K9k9--}6i-;RHh+Iuomm1&Iki#&Q!RxasDEZ=l__-;smL-`bwR0~y#_YljcV)uDYymi*Lo7~KCJofVtJdD{0t>1yHm$1yFnv8crV;v
zF?jrMBSd+Ub)XNg=zrf0>VvIkUYE{fkIlho%GTR@A&2#!CX{J-Wz_HkWJHo|y=Iw)
zher)t(J(liVjQxyn;}37J=)EA(d^hR3a@k;m@(Sju*#m$e2~zKCJx&#l8OEB+n0%a
z1*pGmTld{)7BMjr%;%9=P;ea!a!az$zRiV&p-cF7$%i#l+e()>ELJ*;`xi=B4-$7r
z-R3pGWL0NC%a$ffspmLV;*ErLjrE9fm+I
zO#|L=1)3|XtUwSD+(3Q|3CDg`%Yyzoj{9$5T2>#e!6|zBC|~iBp!mKd?zP~TG2HX*
zl8=DLZN=Gc-yuB-js|LKwT;byI|CPiW^MT6ReAZHa>2
z$T*b*&s>vEf(;=Ah6EQO3JNx)t_VpG%FZhDe?Crw=a6f*G+2h;9u2^#-M68IM0VYR
z?@*I-y?Y+kZ6Z`_atbfGA4?cr)$99@OJ4hiHrZkUUf1W$l9I>rgVc97`2GfA0lxQI
z5TVt>_tp*}P;VJktg9qvq~iNnL|ADoe_Kn4?_n^4!EKbZB))ZPY$Mm$a?O8=B`@-s
zKglA(mq@UAI%e5E5sn|gZ^iNW2Z1_h6)yMV{zxcCgzv-c^T$8?YK2AB1#8=1HM4Ft
zZ6wWHB^&CI)~`Ueg!>Pa8oF^~+@R)$EZ3uWvyZOKtOIEt{~$~*5^8dyu63MZdHynv
z-aL_`OV5Lw*B3~1jVU(^*uXyAQDONIuly8K&J{RmkG_Wdh2!AB1^%tb%zCqC)*#8!
zbAhZFym&S8Xdj93*ZJR<69~9!uMiAu-rPVCPj+m%dj&SrHrIt!tMKW$Xy7$u;O^_t
zxs2U?r8CUc@EFmy+%RrDxO{AXhS@P3W@~4dsnD1!2k|3dMnUYxFPSY+vuVHD-XFHT
z(`nlUHGy%3iJ1mPQsN0sdGPVh9f_}|m%s)kO-1&$tg7v8hT9!5@
zz9-7{g_L!L&M=EOq-NI7fF#+*bff&JGW(SZ@-%oxjhGBob950fPXH+j=qW^8>JuO2
zynPGoioG}32Y?0o0v0S(z}havYk9=^Ohm-?clIJyF9!8c>)6Us+D(QkaYe(9v-M@r
zOhny-djWMvE9&Nt71TYCKfz=M#IX}^705tE-cYzED{ENA;16&jzzy{n1#4QxU>~>z
zc&@e2AHx32W&?1p-A;gK9@LZi17O4CAXT{4z}o)!NLh>&!O?H4gu%dg#wWtE+29%9
zbsvX#*~~ZTg@j?qvOQIEeG{oyycH+bvkz4_Mg^Grt;~uNqf
z%gD*V6_H~ffh#xFTcm#wBIh4QtydyaO+`-N6aYCn2Aomf;E{1?)_{>89!zOKm2cBP
z7UuDtscBgLbdABK0QL524!dHrN07nH%^rnTEe~;i6|@^N36?H?5LN)uP(^+=3-^$U
z=WMP|g-LcKm93>P-Q639m2$VS-zvzsk~Wwky21c#tMKnvu+?d3TrKdE_+~>%INaZBBMpBw?#im3y|KP
zlg=nRQ(GvbT#qzR5Z;QbO#6u2;Qe|v&-mPIqs)ns|+Wkx7
zhN-pP+!T*}@K5bTb}9&z1%*I&($4@FSp?ww5rugIc42mPG@tPlz7SPfAe`PxRGEoJ
zApgJ&4QOPhK;o`g~5uo(f?EXauOVk2n}cMrf9ec(JS62(J;rs4*(uX
zHuCHXyu8ic*rBqb`zf$dejc?yI%*6tw4q~0L~2=Nr1o}Edb+Y-(6em?QQM|`4=4gN
zn(^VrUWzw4RrJP&72KTxL)jv&tDaj#ez6~6v(bRIv>t#QA&_8wR2ogKHE>hwZ9##G
ziOY=dmyU|qT~LLZFJ7Kb+RZs{CGD(5uAJ!ni^0PTd$q#xs1STbhD+7(&gw?Lx&2bQ
zDj~N&N6Q9aADAm|1$K|yZ-Plibtyo-eV_tUxP47^T)9cWT-A`u?MvwZr))PG1|4c<
zd?wt?V3^L>EQ(rgX9f|cX>zza@^t03mW(b$0T|Zdx2SC&pJ4#PboEZY8wNZ
zlH9#rsm76oj&Zb)<9wgBK|PG=!rr5w*j4d)DuN)3HV>bNI*0~7KP0X5vu)q5aU4Qp
zfhxa-yBcYHg;+Mbyr2SGZRjoSjPX%=%Ia8w8-EvEEf?Vq5jW*Vx57PCUIB^L7v;?GPp0=a=h%a(67yZK*=
zk&W!yEG7z_)BNB3v&CTol8sf2zh9Tf7AZ>Jso)6)_5)hRZu{Y;r>56m7Za14!0>1R619KPXnh^DcOa;Dk{mCs(
zM_HP5v{Fpt{-pA=uwek_CMF$^&1aLCbaa8rsAqQE==X*3On*{)D+UF&D@4*U^IK)4
zV>nnXoJhKKd~hoJvaYuy9VZig3F%muL-!>eml1c7bbQF@BxWxAl#ZJaFu6P|j02A8
z7QAwC+bM3uzhNUw-C6wJzMEG#DIu~%NIgAt|kj!wv>|KN(b^G;V#$Q
zl$W!)CT#nEIg0}+s{N{e%<*Ax3RUkSPlyZodYgHhN=IoB{_V};P_c;^#J(f<5M@(r
zuEm~?2Pmh&&lsCojx!Lk9jv`kJ^_|XCozvID(2~e?sa(U7%=-7GhkReqRz(k
zl($BXs%X7QbXR##a3>XO&dr#q9mRDn?+LCri4#b1D*ppUpyX+a)Aa*S;~)??ph-c)
zK5Gg>jIq=Gz-P|$`A!fG%xy?}ty=ja#1Iij+ac~_n4=YrMup&GFfbUC4B$li;GKGS
zM!Ngj9A|x!ri9;@<9EbmzdnlP4EdJK@z~pbnz;$LaVt2z!lDsB@|4jCrd)A=tAjjD
zj<|jg+}&nsXxI5#%KX9LJBHmwCA=oqv4%=qAQHvtPEht
z9`w?~AqVL^dUPIqjijZ_<5Y;a4{u!@32)H_iw^b9ry&w}yV&*PQc8G%8Vm3G=oN7F
z_1#2)>t(V~4!9*eqTSzylM%ran+qxxgZVIJ+C*D)Qa8&BbSZw(V8nP{AC2LZ_)!BW
zoQXKd1-gPH_^`LoT9DC1CnzK;l}>v?=^Q{g5~br}ydgeKar&O
zvlE^XY*<%7H
zB9##Fx79HLI_g44hM|kWj`R&9x$UBPisW`3DP5+_N7+U15Z_`@jo#xr#mSG15R-Cm
zz5JP1hd(Z>>%k8eI`+~&#_Z+ZWW3N`-b3FD!=FzXO!H`uqYjKb+DeADc?qI)sOE1X
zzWK{$=tUFVhJrtby6S#Gq94uD_yv^U=D;0F0hy-s?OWP`L
zLSDZt5R+0yt>SDW+Tt32RfK+wTW5(0mp8HbclR57%?jenLNNW$
zHxC9f;eVL!-xu1W9U45yK2+}Km~Q_;`^7F%yeHH`E^|jdb8RlOFrT>tH?oe+EIj+@
zJd_#aU!hz0ePnJj3k#EQI65<5-%UP`u+fGapgTV_B9LQ*q;rQK>Sy)-R
z0i$s7ChYw{^q%bIP0=S*b~-?`O<`MP-8=>LxJZ@m9C!%7G;>%Zm=ed4)%-;8qC|UZ9
z)Q94O^#BD>g<`I!A&2Jc!Mc#SjRUtGZB?WLU!IG{NC&PZr7_>74!vShp6^2aXX1rw
z5!8Dt@F&69vcTaeK2{Q5_cLAlspk*Y0O3dXz?0)VFJ)FJP4S&HGb%v6YGGJssOHA3
z2@mXLU>YpgPXpOPdsm5B1ws4=6VSa06BUuZ+MQ-0uPZgWzSByM%rUrbkg1ECcD$+?
zPS8XPhaSypstOBsMNyTjw0M@~UdPXfmWj2XtuV6lYql^Eb-}EIN>@jmM)|Ip^*hz-
zYLSY;GjybF#bQwLT>^wl@DNym1EPYr1X8TGQg^{)451Z*gm!S!B{IBH$(?%!TWivp@s8Iu$$YVg<&L_Q#;%N9cE+pbhz__#w7Qmo*$Wop2K}w;eqaOvm1;K-QV!C;tU3LER1+fPy;GyI4$0o-hz
z9ounnoq5Ym&X?lFOp{a?60vYjyL590j~Rm7a`nse6!IlwFZ+|m&GXF%Hu>52~-=WNGM)1CxX`IOrQfFxC2VBvpD1G0~
z=97->;$Uwd(I*2EAGU1_Z0Goh-s^t}+q$J6#DJQrusTeThPNefT#3yXY&Uu2@_Bg2>?V5TJs>LG
zat{tXs>%-RF&(!?b5*wG^mh7)GOByY6hnWxeH>mQ5*E({KSZXjbRc#20eG>}3!}Dy
ziuNyzx;9F^o=;a%zcc3F4F%aEN*
zd~4}bQR&Sn1teY~W(Ou{30>@la(b)tsq1qOolL8hyZ1Q!iQyy*4@L@$!C;61Y`WCV
z&tu(ep`e8_?QbK)#+cUD-w(N#xjrx>N?U|83+sJTaxyYG#>>IQz7Eh`P0>r
z)`PKH4Jar=;jkfZTA5U@UGOZQ*Usuzu&95fucSO>im>BaFkF2IA^m9V*6=HFJ&$TSaa}c__;N+?qPBQ
zPxPpcu9+u7hx#OLOSIT
zGkCg1y4vyLG4|)!OSaF?W6fO0;;sRe9hGf4=0aJm=Ha%=j+USyCq3bt#d9i4f6V58
zN!zJyz||&=`ThZzs4PXuE}6Cq>|-%l|3KnEXDMe0=D>ZdWVVzuJ;wKQnCj@()PY6o
zgvkbnBOy>7gs$Ms+^_`gVfP|wXtA|ZAK0RjAhxC=c94m6!)yqYglUK7HT31N<|Sx1
zKb*qw2t7=w>^T+wPw?wQ(Gl(!9HMA?&Y&qtF92f`pm#bD^OiJc_@=F>)mS?-Alf{NKg_e#$1QI`)J8kCmQ{
zQYSm2FddAZotNPd+h7RO)#otFG103Eu3(1fvZWLsCsRsYnuT8Kv@r@-@FwIk54uKK
z6Xxv%xL#d_E?}h#=*A?(yp08-5bE&?Lz&l5$;?&c8;6h0Jct8^D8ps;Fd(M9n^`Xg
z{lb)+fDse$zQFm!?|zFS2WJN$rqGBf06zcPRQ1~c4;K)iE&=}d^N1t{L*|)IC*3hl
zC;C|Y1z2z-!{0(~l-D@#cd}INK~sE4U^wys%~|{o*zFDQFXYHk^Ttvv1~yRCd=DC1
z$`U2FoFF|0r5(dQ2Q+VG`y9-Sr`{%tF$Bwp%U%c!X+Zi79G&i+$i{>t<|AGQ3G#fz
zNft+ta4761@1kkr;~HEE4L1N146gKG|)N5eHx*r$yM87=*
z_qFAE#&29^@iiTd>5ub`m{K_eAEx6sY{=4Sqwc5%;L9?
z)K8C*24z_FXtCm+58erFrif$QS`2!>1GF4ghE+=^kyROrGjH3Qo4Fj>fe&l8ZCZ}Z
zWTsd0d+Xsj(}SOx-m^UB(2qKnZ@4q&0t0Z~5IO%}+JLJFiNpVW_Y1-4fpQ7hLlXeA
zFs;uQ{M5lpfReWUbaoMRuNGJ|5|Xw+A~`qni(GRrz9CWByys;zd+Am*@A@z(4d0?_
z_<92>i2G4u#WpC6#bdr|ZF!3&_o^?})$*4?TtpAH--p@DBMc3KpMqe~DI}nw7tJE-XKP|ax(nT24^aUx~C4^Jnp(BOKg`-lcI4YPGhZdUEhSBzb9Ha7$Hlm@YrK4$j?
zv~OQypVruS`7kK{)bD$9vN2Xb$NyN^6rU{?>OQp5;HXi04>!9ahAusH)Y%TYDIw`Z*NM_-6gW;Wyoo$}3r>$<7cq&IQg5WH~jS>mj
zS6&fV)To8W0Wrk>=b@wK?7VNb$X;d0Gp@`}zVUJtNbGeqAah~wJ?*Gz>=_cggD
zL*Lm4WoLO6XW&i4x4?9gfuDkVQcfd)U%oongVa)Aw5qtImh69roH$b|UvV5bu3r_m
z+RI$GkW$-lb0eJe@}<{+Gn~>$+w|yt>HwYoRl3{|wZ&j_N#dkwI6FZ?qIKT@d-j3J
z$=~*6A=GP03-zgZ>`AziH7_Z{NMYM@K0zmEcNtw*5nix{F7Xfpi{tV1I>|+dj_vNsoP}J^|RQ+`qqc^O9kb>Ad3-n1INqMTlA&8+xpil4Ws7b
z+%5#u2j8Gsisx@EW{q^5H5PTu?`23Y^reXbG5BFLL7_6Y%Ju5q*+t|<9xF8j?#U=h
zC{;iZGq}N~veR=4t>*gnviYg-aU#Z%B(5WemS;ObcTyC8i@_A~Dn3_%51@b^I4`~D
zKR-td^(#`)RC$g8zpYX;3#WAvk!kCq$?XK+gg!%iri4L}aJTunk{t)#O#S_7GO?f`
zwWe3=U-U+6h5O_t!BgfgAav1K%{Tj#_Ob^NuRvM&+wumuv{R71_M6*`m>K6)IFpKT
zw9AI$XukhuajyhUlpY94ZBVd$2p+B$kzJh;wS^q2
z9*cZwvvfG(PonZ&j(83pWNf|-;LgsNM#31KBBV?_!f_KvUs&qfI5*{*&#H0{f
zkKteN+HL9hU0F(I@FKR2>12waXSzyv#UYUraG5i2XZ)lr2hzLBT%&qC?yI%*pb3sp
zwuz;F2u5`-$8e+gb{KRAUyKw8pAUt73*W4tuzAX57Lg%aX}psXO%#Wiz8Ndvgg$(f
zp=lfujcmVcT1ORUJf#kL9;Ff7@%R{KAdgRiPx*m+<8eHNQtPRp@?9vMnCqUHd)*vi
z*`5N-P?_JIbVi#@JyVOZK#ptQ)y{mSCt}+%d-Ncx_aJ$#0a1;lhu~(86i+9{mp8!&cl1W8<=LLX
zEuOHD_&tG|M-UCq*sY=&#JFWFQN(o|VX8$B_w~4>)phfQ#6v5UPL65_lalFwJd$s)
zK4_MrUqDt@YIr+pYWI^`z?sBnom?Nm8Z#g0wl^6x!M{h~SlSjP=8cST7}!_v8SP)V
zdwagZD!muH?Ni!={7Xo`x3jcyyIB+61lPerYn?}f-%|v2+rrhrQm`#EYO#~0#LO6A
z2DJ5;<(=IGH;bi3zD!r+k3W^&k`w@suPiAZ(Dh18S}Pt!M=ZG%{WCaR*lDm0=0@;4
zIh{wgV^t!)&4jZBWF!z^ag_-};CoK!Ox9G;eG^18I`MHhN#dU`w$_>I%q6uZZb2sc
zNUC}6jiT)yL-WJFg$~uN0B}O0&3ED}w1{!?iwBnBWTV$^14DrVv6P{+yIQ4CB+(B4
z8_d*^4x=u6F&8)`Vgzl???4Sg30R$`w*0zUqkfuhKq
zNW+0-LJ~UDIx+W}*_vGir_mLN$Fh6|^%=BqFdKTr3dGOBQ$`>zhG!FOgcTgn<~ZLn#B}j2h^(h+t^Kwq=s=S2
z_?-N%<;pG`Axjq!1U^7)VWC#u3Qes8E1WhPv7STIs1{w)T44Z*#_?o4X^p}8Y>MS?
zkG+HoO>7zXM%vi6cy3WoY{~H0
z_W>l=(yqX5zz_l0ohAwb*pw9ErVfyr%GDSH*hBFJ{ZA3@4$3)j8}H8*1+|WD=(Y_b
z%M^?L9yEN^m(`kp4*K2PsDNew30$ix<1{iC6^&7G<3w#TUcswoqdM_@PBrX-{ZeEx
zXrV7``+}}B=5->pcW^(X&vNr$CD#NHioqgvw#HyxBJ%di&6gles&l-UeMH|SL!Qq-
zAAinuA!S4t3NxWM4duoGXppQJED?L5&b&r;b`En8ouL++FsiGU-{48Pv02()5!xEG
zDF&Z_^)!EmM|)$)VW4$d#xUeeG`tvS{rXbtMKf`&Ej+y;rU2n4O`9N2;s_na(7@H;
zY4Tq$&{F=z5A$@uPvJeeIv}Qz&H@vp^`BiOjkJ1myEX22uIk)=yQe?5MEj&SsERJh
zXP<3K=1AkSODP%=pH(OM>|tq3pGNp>bBK3>&wjrZK#kjO!fW$2p*~Jk_Ms&9e@0W8
zpi7<6!Jz{Z=0gCuD><7=+i*r}!LTM~GzZd^I-|ICigBkR=~QvaY3gA>Xd;B$--PSt
zabq8P$B&*iE~9rYhn9%+4y{s5X9sP&kiPy}z(lWA+FHQL5V?gQ-U5i+e78#*0TecP
z<&BDphq3wmRq=;F!Fl>Ny6=vvPf_sxKX5^4>
zuotWi+~qU13gQF94Q7k<3NeojfP(|Kn;Uz&8ARj&LrbQ0gl#$8Z~2(CtUybEN@FMM
z4|kiEC4NI)u<)+&9nFAhkK+TLw_D19fAm{UP91PB(=wO>e^a-HZfS=;OFAH5!Y$zB
zgfG9K{Z-rp|A*CPw?oi{SY`321G5h}Dfeg5&bFD)P(s^u!8bBLTh(nM3DXF}yC#SO
zE_gtlg!!PFS-%D&b+DYp@Q(4P434c<>TrsDq6WoIt&u?0F64^joOStd({A
z+n9aY5&@ngzvwYVKf(p5bGk5QKvQMWShnY+pUiwLaM%MpKobeBo`ApNo6ULv8_<(<
zrQPn{kwrLZc$vB-UMla)aqOQL2KEP}{Z?e~)&1Q}ORM!3%YP-#}oftzIWRiGinMK{_>Rxob6f@k4zvO#9Qv*untxRP+3xx;j;8cZB
z$dnU_wtxfd=b+<&3!6+C`ew)D32
zyVwKFqa90LEwLH8j%%wUOJRO93!f8@}
zG06#!kH`14hhJm9^5!Ptun6lPZ-@e#W-oDD72L%kV`uLnob{MjKm&y~_>1$0qoiZb
zwTsW&!2S!mn)nJ;gde-slTn{PiDUq16A)*DV?!9_i!XV=V$K&%CIuBe
z-J*$N==qb1(uwGxjU!C1L48?)0@6lBSb@9gW9D|cYZf!ta9$#Aa0Mgmy+~bX>r9im
zd)RvmVPy9as?teN!QMV;V6G)#*324E27#N2){77rl6Mdb%98g#2>(L>`H>0`B}Cmw
z`Z|ibyU5|_C8Fp>C(s)5?|?CPWNC|59Px(GKb?N8Ahl{upOmdPoYmLbCLi5NY)THsAWDe
z>Twn|Ky2CJIP@Fo#^~#b?bcMp4-V4ax6Ev-kQG(bDh5x%ZNetER_?%%br@lV-PX0<
z$|6<@FnL+h6`A@Bp=(^Q=VV?5>VT7Mb`rr36s0b
z^d7^AD1rh!hN#=rqHZS9YClWoAg?yG1Q;U=_#!+c^eG)k(W9a{j{YWk)LjHdm&)ts
zshO!-6;AyPIK7+(tWRWhLZ3_XKqx5XRL_0yx4rp^w
ztO@E%J^SOgk$C`MRUlizVN(xN2)i6nkh-vFSqx@dL271$&ZZm?FCqLm>UPe%Wod&r
zoKc(u7}FvbH;OB>{Y5SZgU^Pn1u?1sUn4w?NWlN7-_ctT04M-|lhiCM(K(
zH5J7R)+&qvxdo=#X|Fc67l;In;O6AGYl8nXWs7$bJ{E&tt>Lxes2+7=>m(H6SfA|A
zON`~Qiq!`o#^BGRR?jh{H?W8mtbv7b$UN&8{;m=pT)vFh(PSgE%_>sQ#Iqr=ID
zohFedttiT&)T-jJ(LAv@k*7M*Gw`Q7xjE%;)p&0yiAaNAeG*fE)?)t51E@If3
zqG^^wEIqZC$lkv${+6G;zshU1n%VpMCmnq?ijmmLv-cUXj|qMCO)_y(Uww;SQ;NPi
zV*uZ)zA6lROw3V2VZBWzwF>K9cq6XDdbgTAgbM2_*#Hz*Sm$jn!;8YI7P$aj|LC`z
zEG^>-YcJC>Qdk%H%{EIN@GVvP{($@VE#EK!kGg(VL*8jx27@rsn8K=*4#(MRqOv}Kau2SgTbEQ>0LXP8{
zA~qMROHg{)z?gvF0nd)A=%>~HC&Kb@4eSUtbeIV(NdYIHA51&
z`qko#CanGkz(txAeMeG{Ol|`$X-h4MHL%?nx>}LieFtBpjxwIG@c}+3!t-&F`nReH
z;qVc5I`w|b#nLh^Qn#Cykw|q56+#*QN$P+zHkHZy1K#booRm7??xtmMC}cGzQqw{P
za7C&Y7*TRLKEO)Wz^-iw+azU-j$0aG?3z{5JxHv9-7*yYuhJUW0ElNKb+d#?;!?ME
zG*egViaSEGE{C^ZrS3XOmWtF}2+uqC##V$z*1$r~Ahf7aMC8RBkgq7>dyLb88Ppqc
zdiB;mJW-S2X}BYQ>1z|>v0;BB0F!lzW1vA_d1M6CQ!o;tDI&Xxx%VdK-U{{rsHM#a
zCF|v0;kzS&jEOlh?|0B;j+Q1O*lnaDwz`&J!Pj%+JL-ijJezi#J#cdqx>A6mV(=5m
z6EQU=k1x@C9{DKKVvIy_DE}HgQfJai2MrU^(hZ^!
z&0Ky<-8;7fmJ&)Smoqnnu=IcL+`9A)^8VhrukbFKrMSJGA>zD8#K*D|zH9_K6lw!4
z*gq(bMF+lqj8K>x^ie|
zq>JEI9TC%GPz1cWxgc>a3_c}V8KoW`nGpXoWhB`zRB4p^dUz!(R7)}VTOCmVE8EnD
zdaRGGah~e)FTn*21ottVE2dtW^iWIE+;c6ZX4V`cLERe{g5Sf_L#+Tk!bxDRMRua%
zxesVE9yDw#(ERE%fd+jDH251q^8*7-_vyMi*cEMy-+v%L2qz^z+qKB-1eYKlBtpTJ
z!Os{|s^fJYB{RM%W7I!Zn%oTvmb!)~4jz;yA81qW>6zM)roiw~AAcE_sq#6d&LlZKe;KaDCkkvLGYe)CW
zZ@)1M0+OzjMDjiAs3q3fzVj7`&ULmw+qSy_W%A}WVWMcA?W!-xA4zq;A7jfnMUzf*
z53zJA`~q~_D}L<&i@VA0+kL8i39kn|gIx2Q?yST8Bv1@Yyiow~6W@2Hzb10P&Qap0
z^&?q24n0tn7*ZtZP4wezK-ijA
zInvF`ARW=6tt@l$V;_hdl8Ohs6&
zV{RW3flp$o8IgrEb4UUE>&3J|L*`uBq!xehihqRvI{;?*c9Kg&YSWX^!F+U3Zb!uB
zyKzoP37CxmH?ucn?UrTk<|@V_u81BkKXf5=zW&Df35f{cnuZ%3iqJcAGIw7(^X>{c
z%Cd-jaTYXfX_##^`6FTRMWtK7D_qNKGx@RGKmBrrG@Oj8fVUV7)hMe2ZWI0wEACSz
zanBZb&9yHCVH7+u3b#=u+oi3U+NK!XLxZLpGcXwL+r&q16MH&_0dyoN(t17A?KQqO
z=B}*C`mh;3zQFSfB1=8*$SS5$7XVh!iAzxVZKfFPTaU^ihk!dAUbK8eW)TnG&FV*A
zgJ?kWPVfhis4FkH0lHPNXyt3J8uV5o?-m5J{1k&(jcJCYy8Da3)+&AItr*+}0aNM2
z0L37S3_??`$J=7GE2tUC;5nk_tm7my_y({a+%-Is!6l%Sk-^)jymUb)@kNJP!HTh8
z-$O;mzf0o1m+*~YcVja>dRazQ&9WRflT&BAk9%kR}zPj
zBAO|Wa1zP8i&Z5Bt&HkYR7wM;0zrqz4b2C02C+<-vr#Z65o}3+)j+j@gd+40(b+Qn
z*2g{Ku!@s-PNh1DBi#5Q;-j9B|5huaY7g0=o#;M=o(ZFbG7;6Mw2vkR+EcukFc{lG
z9)V~-qS_7XNVG_Nq^-`5WN^YD|$PO5thhfO1yGD6Mp@USN;OinDibX
zSB~Yv;LpP#`_)uXt!ubPre}tJehHQDUmFnM?;}J&OQv^3=_RyXss5ZE8^bWLvqX`^
zkCBggB@)eGe%T|{bT57?GE>Lk>HkJ9F8wbC72P0m@d39P^&uCpN$8@vfyY=kYI>hM
zCgfssvwOvtiySL^a`DM>0OHBTzwstrF8*4J)~h2IJ4^hXbbT&BhbxhbleqE8QU~{$
z%3~xK1LJaGeM~Y}YF^>KPcXgzQC{Jwl)S>Na6O_qS&J0e=p-LHa+;F_Xeg%_$YY9}
z-t!)%!{<$R=6-a3HoU671Tf0=ouYi!pIl#Z9!8$%A1Hr{y^%cMcyTbr-u#CP|K(se
zw)^#NN(atoLaLLv#0Kta=t+1uecdw@VH^&zqi}Tnz}-(VsK>RV3IDsyeu}5XZFgeV
zdaCq96yRmtZlK;xu@7e<|Le>%?yCp{j0C*3k3G?uuNj?LLe_x42ZAq2_(*$FEdq1p
za5Dwgo?(V~VRu4Me6HaP9qpcg=<`_qDi)QaZ!t!1N_K-mM5h_*b=6^ntxMfqiFA1E
zSdJPCRK>S&x_|SP7Mr5^y+w%e&qD?1$v>Bp9Mz7fu`^2x{Rplfj#1mXM3
z@WN+b(8V&`)FY;yV=v;^QF!(uEe%sV{||fb16Ng%KK>sJja*79D=XJ-t{EB`nU<*)
zniv@t`KQb*MM1$32rfpZhN3Qn7!|f=W>i*Y)|!!-sZp6&xkcp`+gh=$*+r?SwPH)S
z-}f_f&OPVcd(rmu`Tkz7@9*_mU)|pKo|$=O=9y=nnR(9PUR9f_VIOMub;0{sA(B6+
zu&C;66sI<`;ZBPP@k}x7l%38cM9BfCtsD~1H~rIH!1C#4atx;!v8Pz<$zjQ+*sv>x
zV~8zbYDXG6Jw9^X5DA$c?JN-U{t;$U9c6*|x0(*28>Q>nmpi%@JjKE<5LvGCq2;?B
zTVi@54zWIX(b{~G{^xqevBy_p#x%|SjN=^=Sz#d#3jI}aZ^_Z%aKjt4n#j6?KlmDP
zj`MiZ0cC!85cf@4o@eaftl=mp^AoX9$H}~dGT6X2>tAw)EDbuDuNIGQoy=`pmY!G#
zmyigHsnCGKYUkjdueQCmOqcm-Z&^X_Tq}3*kegn$kO-zTpLmIGfkjTdh`o2-eXev<
z#i#F+_*l@1QX7NrT`3d39kaez)*#ys$giBj``@eOjbGQ{28(ia>T)682X7SorxK~!
zrHpRD|9oLa@ype24!kwsy=s^A3L|q2S;<`~_?W%{%<>$V8OQjQfud
zmFvRMyTAK`UIfoYrTXPRxK;|Q#S_TBnW?*hh}v3=Tm9;t)AQBy7X;?RKK;elmFWj-
zm&l&IRQ_I}&eZ4*HWta{v)Ci*p!Fia
z`d17J+fm!vtl<#1ufO7iStdI==eZ)V^737o))p(+Ofk_~-)z}=So;$*Jb996RNuq?
zq>0fCGQxJ(E#|%a>k`k^;M{kLA&U8)veLQ
z`dHaT$NsN&(G7S2{C8j%ZEzTNRDYtXUdPY%>QgVHdZ4L%y2M|@
zoM1QC-rimQi*Vaaw}5p1o{CPWDKe~Hq}TecRytH$oadPl?KlqAIH&8E8{FmNzd%c-
zB9#M8X6dRBH91{#t!p9&do(21`VJ}YCA&-2wy)%4*zXgzv}#VJ=+Hg0bsp_v>%cYy
z%dML3&{nw>P&^NBuO7x?pHw`r#h8DV^u~Vpm(7(rqpIFsE`HdR%<(m%&S4@Ut}i42
z)c3DJt|Hi1Hj93$)pk4BCa;y4pSi2us2+-NE>{ih9RJi-+_f=#iYG(Va%ImGdo5zU
zidCKbpRZRBs{Md@cG#&OW1Pxv&s?vL;f$a=kJwum`^kGl=5b{pf~#g$5G`*
znH{#@Ye7r)(+r(i;_ah)9IjaH@a$FoAvO}eG!BoJlPOfUSCq55MeNdAG90#~-Fv8F
zzac;0YI&*Nn9IIGZ6rSCvW`}@w->G^&Tz!Nuxmj%)qT_ryKck=e1Li`#P$P?`?Vh!
zrn;&8z)0kwTf!+dF@e9)e+)+*vh!UPDWj-#GfdwB47v9s^FzM<+frAkyE7+!jcQ2X
zg!zK{D9aV%<;g$^`gE6Dl5WQr)}K_GuG18~SU$GnPlD&0@<)5riB0BPv$lOT-*06X
z>)Zg^lf>>`@M1rhb;;!r^vId#u=UDRYkebJ8;0<ssCAR
z6J;AtQDu0yurmy`UuQS$`8Qs-LhOd(X4KBS&-@ad3O=>m$1JvY@GmlY!8`cZSRBk9
zd{>FEg*mkZx%WptaIKV#V64@y{>yZ99%|NPyHCDJ@PGtp_}thm(uc^)p7jvG;enr{n(+l
zL>&Cg9SDrFOpm-c>t3o-{WIKBoS*t;C_d%)WJ#=7cOAmrL>2$z^
z|6mfkrz+#lexy|;{fq+;8h2HFer#Te(_feET+n`#PNiciLZW=}zQdvfcjr1v=Q4EX9;;NH
z`yBY*l5L9Fsy;M@xf0yD`{j6LX8Bm%fN*^4oHw*{8zqnK+#fmG_4J4m>(id>^Vd1S$;&g
zskUSSJ
z-}N+}+=(@k^7?j<3=4(iVSnEM?uV5oRyS_rgZ!v))$}g?607D!+wZ*tisr2{yvOnL
z)0tFv@L1lYNxkKxYnTnDxc7A%z9MvuxP!M(@A6%Z{3dbLY`geHR`CJt6@SVs-ak;~
zNmdzo6Sm4cU8ZZDa)%`bU}i~>%?IXU+lR|4m6-05M_c9hZ1sFg<%Xn)
z3;Js;(<)`u!+(w6=!PvP(iydTRpTd(Y6*i?OKb4lW!AX}m{
zUyG_=f94HZ_!{fM<>4UT_x&R0GPBU->anSIHJ}8ap>~9n=KdYq
zaNj*zYxN`|RkP`idMi-xPOt+KALX((>#dH0~=
zmZ&aEe?n=+zNq4sGrIio0Pjm{2t+LA4XW(;67tI;JIKU5}6WK$0f9l73mH
z6;dckSGbbCG?Q+Tq+XI#=1>Saul!MVQC$`_s=jN};PPcZD2;0q82G3uZmW@EjLz0
zgtKi*_)9ob%fiZ+tLErctVx{18t%7ku1+9v_weE`I&5907
zU-WwMx{QHqdFkjIt!@TtPqAQ!_{*DJ$HWA2^MS){@w|G29e?q>T^e;p!C9<~oB39N
zEuSjG8yL-Zny@l{$t7RBjG21oiN{#@T4wbvQgYO0M`C=hkY~nwN?=|jox#gi|
z(oRWw+m+PIOnO$5o_8fhn@JUt^nferP>EJYfg}~WlJ=TO6D8>uSJDnM=?Y02E=gKR
z=Dgy5=y$R@6!3@NN_lE(1s{w<){Y3=y=7PB1E-mF43U$T`1p=DvF4d;$HhCXi_!MQ
zv(-g&?O20j(~HE!A0@B3c5LGiqc2~{OwwzIJ(QC2iSJIi=WJQMbM4rm4t-(Pjv4aY
zqiw-0@2iiNtGxORbL|LJd#WyL7R;mS
zptZxANMqzYu08X)?2GI*!fNL*%7$Az`UG9K1V-2bKSpJ?z!aG__^xK!<`igEG>9;Q
z^Sage8tIE}q0IH9pta*f!h@DyS+GMqu5;~BG1HFQ%CQkUUPpMS-56a5eZFql9wjRY
z%}wQC6*fkvV|pFb>e6wDy9OFb{Hi8O1Z>c!iI$xSv4$&lXU2269ud?c59?ivigL<5
zO9{P+tnz`0Y$`?MEcU`IX*x-J@iSzFwR7IKMCW|*Q}eR^Iz@yk@3&hf1#NVmrWQ1<
zP+i`Z!6BT3$`lZMP$^q1SEUIPxf@&Da%`7B{>rlB+VHl}NXw-)NrRP3V~CVo-H{H9
zbo08>yvBoiQ*TMG`GmHWIuEd)`=zzIy!1mIZPlcVRQoo0+_cuWVmGoLb;}wcn=6;B
zo-*&l%GxYbUx{XY64#O_FXwf$LKYyJ6g<3|)EPsXChr20tG+w?6TeVA-TJ^J9eUviY%J^CBBy|JJ-lgjM
z^rB=b_7a-bWfNW|u|`|LNZH(m?ZtYBs00ypl@?_U;r5%&*)fg8K(A_j``GB0CN8Q?
zEF#?~ODr0axM<$!;(0~J{BBlFSitr;vv@CxmyItnCFoY=ZbhVYTMxLtI3E93oLCfb
z@LB7+h`GfS^BE_}#x-g&NBzQEwQ@H_jij&D&=7*Q`8@{sNkYQRZ(wP9eAWA=JQs)n$Vxz
zT3aFQy5UO^F5h2V6Zrb#M>t_6g&ngNafGJ*E>#f}rNAzm5@LxrOMq*_LNop`hBv55
zkLDYADK(k?s5iv~TVu#b7Bny-|Gn7VnH#rI%D
zMdRC~1(pSEu6sF1nLhrppB#&ZPTg*&7Kf%**{SKFsSEAYt3p%L?9@J?sUt~stVr5e
zzE`JKjt{lIpP0bRX=k9Qqi=zD+yy(tm$DGGyUx5L-lVMKn@e0P6T$-P#tPJBer7$W
z^<_xKIz2%?PcT2%CQKP6+9s(sAq{V%-tJ7uaIZEYk2t7R#lx!d-F%85@HCn9EFn@<
z$fA=#a-EsnBG%|$bk2D-ud;sR?^wjmqu(zLl{_
z|JmBKomr&TrWZN|txYA=ZLLjnr5$>0G7WUL%zNdkvAgntw_wDgmoKE_5><71q^o74
zU{1H+%W`T8iD3C^T*9JAcFXgABTlH)xupG$2M0oB{`j3O^KBH_c)43n`rcqUW5tDs
zwCy>EoCPB1C-+kJoS41Y_QzxxLL}VgkZ^@asJ54}l0eVYg4940T+5hu6lPL|1(i6K
zFmbLm<_(^|HH-HMR%narik|VicTnXpRb^t4jKSYk1c{YGq?8XFI#&-$9>+AJTh)l@$4BeR3k)a|n14*o@g;nw)QsopCgiy6ztR=p0Y
z3v1j`i%hA#2gzna#+
zsAB=^n)-%z=hEJw-9v?FVVpP=*F^c@pfoC20ZU(ztJ+qoI7m^Kx%7Cjj)z&~McO9i
zW91v+o%KDX*RCp6pKiZsU9~?F3(@tXKD8)z!0=c;S-FGd40?gp;UY^mzAdn;xmL9(
zIDZuR8$WWalhR+^4>eXTYRUyH;L|y}6RDi0LlscA*;c@#9GvKY5>l+fBp4pTui{`@
z(fAzZ5VYE6Qy^qryIM->V^$AZ5>#Y})S*+2(A3}Csb4Ztg39{EqwBIeLR0@?r#=;$
z`X;H)rm9g|{XsxrerS;jTj2Q6)Vv^pN^7GLcrZ7p*-7DY{y}n%49eLxO$eBjXG}(QsNt-U`OmmuD`kH#LB>bLkH1fFRjyNWS?`O#ReKEH%VClZZO2D&KdU71
z+1kYQ?0<~1@#|?-h3-U^_$&3ugSxM8^(}Lwd_&K(hPQ87BDtBZ#etphH`tBZ^9Fi$
zCe7lHRn3k0H!@=CD{})GW^!sNPFx>>upx=n{3Jb2L;u*2t)5QL>CvSLwZ5BlN0oY7
zwUe_(U&ivXja>3I$f%fY!hE)HP5N^+YOYP(
zpwyqZ0UhLDSIm!4dF4k|Wu(M0-)H9iJ$dE3nA}>wLyV-9gP)mS58v6iI|BEOBoI4JX2bp@fVR_FO3~~AjC`E6t2hsyU1~&MS6!T5@8ql
zSf)?V@n9;NH}8@=&j#^es3
z50NEg&_4A%nkWEC&1V1e+1wn|+SJD!D`6ChaYX~oM<1Y2+ju{`lLX+~#t%P(|R4qbkLv|wdST5~Jy$ezTOPK|-7CD|<8GP`fAivbNgPyJ26EkIO53Cn{FsVBCev&1nI&hY*tIfUHRz5rEkm=r}^sbIL$NF?tkDP
zvz61V$fYv8iT30gur8+s@S2hMUe3;ayPT9>Dz9D$MkZ0|Ww&Dk#0hjZpo|uch
zwv!hRJT_Nb!NZ(kXgSlg)_0Z!Tt&eI8l7Jr@+Z-YQoMd%Q1V_RSL{MhTefF#osLN*)na%bXAq>
zSf^wJx5{T*9Vd%T)1sT@h-2A|E~8pAOJIWc
z=c{V#pGAPywD-%9b^Ja%RpO^1`QZ-14dS%FP@?<
zTI#w>U39OLjupf9AC5n0ds(lIKE4X38(J1M2VDPM;^p{Un~-1z_rzf*ajC&vS&n;7
z=jgI2C8PMuwvv>LgZ(V+IRq_yQD>7uyI6#3#SQrfZ{2_YY(DYX;<)eB!c1*WDox?^
zD^FTm70D-aNB81PJ$iqaZH<-boes2yqT($Pr`DF4d#nrz8Fjwmh6uf|$vh-Wt#6Ka
zfg=fc1q}zuT=KjwqrN4%eBd3o>9(9Dr%@4W>eaO>{b!LxFKeBOB)%9NN$i_tM-qGR
z-W^Gdli6oS5>L+5En6;H3JGR>p>81SV8%x;NRC8h=PxrO8cW;}z$e&p>HtNJso2-W
z=Y_~DbI80KnT-i+>yj-GTTglaw8|+PzezZ2|sQ?
z!lrg3i4W3*|16St?_TT3%u`BCm`LIb_Nt8~
zk}3w_iX_f;xb7OVu{Z=Gi5pY}fjClWhVJ0$VLLd@(V81+4OOX#$PmV|(XS4F`ocuF
z)Qe52Z@wF@kDoc>%MlK#U%f_dD;US`DLt!51
zWKLVll4JGC%0b-A57F*NlKQk_jzGkJ{N)N@0NjIafY
ze++6&?;wF{=0qScB$jyiS$EYc=O+wpNG$O~$r&6=+!n6*3MpCBHnjE1q$FxDyKJ=q__s_D(*nL(r{1fm%m(*yY%*_a1niSKGpqzcq2L4hjkr|Bv$4XyG9Ijopf&T&+ED^=>2)%s3)#C|^;
z55cyiojBqIwZWI8kSmUOA0AM}5qs;Xqt)MMuooT1u&&f{ggAJeR4f65piK~&`2GvM
zp&^~EmbHtb!hlk$rAJDD?8REyW*sf&IQ2C119TohU)KD9LQf>c;X;jPuXRsDrQE}tMQFYB@dHlsL4M;~
z)+Xo7RYl&mi>wYU@@lvu586d;qX?aH1V1|Zen#D)C!P4T#?}t5hu4PPi9sJI+9X)2=F>&@B)d
z{95cqbyA=1^tR>tc1k;9pFysyMO3g(=Dk^iqb_N$-}}{I`i*7Sf&}Yg)K4+XWVa%q8MJOiJNM@TQHCq%
zml>_QL)JOv-@`8u<8U_0vj&Cgn)G>~hN-ui@|&gCC30SIgzCB}<0LTV4%MCgpxAtu
zMQ`Z2r9326sNKY0-?u_`+Cjc0Ueru`MW;DKb(_Qql}g0c6{>q}xtdk(P~AG&tE-Z*WHP&JCQU)oN6)7i-3}*0)toN+KV_RbqapUuHSF
zjk#ZR+wq0T5o|b8V)SJV^`(ckz7y23Rr!QiDe<{paR|;OIf8R3lx#51dRY&N%tT+=
z_`Rhmxk_YtN+GN>GhAb4NGh+8Ck08_Wu{zcr)<_KSb#b}o@S^Ydr5Zu3bg)emyW7k^fuv9=Wa#2#zIlU
zxnUAgB;kZG2}*H4uGVV7lQR6Zz9-e;Ru6-UPiUK3y;~W~prGd`Jpqf+PsO*et}ue?
zej5u)h*ARA*hyQ8lJz8(6Y;O(wY~iTD^kmoELGaCB*?K>Em1|H=5UK!x$GQN7G0@b
zf$RI4Hi?JQTMkS3m5=C>__HXIT9OvLp+;F({go_K(vsQ)`SSxqk_`Kvnyh#Wnku-)
zpA)O+osRaDelMC*6HB{>QOS^%~&uHv_7P$Pl);cvgReXx0
z%C{e;%88D^WxX8j%L9)+XouaWvMW{`hS*LUW&x3WMX2m5wJP2kUOhU=&G1
z4u}RyWu~K5wH*2M@O2B7b1UxA8PANu;r=)Vb3o2Q<>G>Cj-y257I!=|iH)hQuGY6#
zZra(VvHf~2EKzNHgH7Xoy-QVtSd3sx$P68dP@{GpCR))rhwXOI=4Ff&(96(iR2q~z
zz)t-)b3Q2bR6F(Wp{Xr@3P|1-n))fJ&X|Bw`b%pAMeYeL^0X~5D>St#!4LGuLUuQ&E|V=tpC{@|TG#$`W#m
zTRKSC!u8Z+7gU8G3wmhCd8`>oJ`<~(IE+BzbvnWcH{k49a7%c0(RwhUk0t
z5@TASHn6tvXT`ki%ZbTa$CX?T7c^~R+??(~8F#H%gmw?BSlxr1>nq`kRN6%{LyIg4
zS0vRgagUiO&)K7%(`p_0>ty!*!jc{Oe5U-6y7T!=w9E6>>^F}d
zIlZ%3dLJA)eL|gb?dLPcvMIsW1R|&TG~>5KPUY!PnqDs_T<7zd#j?Vv;Hi0%iO@%-
zc0;JMTp`pQ3#HMl&)62t3Jsh-p)xoFr;nix37ld<>IqHD0PmFTC8Ew|u353uGH27Q
z)a!MmXxxbMpp8%xuxm{XM6hn?|
z#Wg9?{5%FkPZPeIOyaW%QGo#K60xmPQHDN-YB$@=W-YALQWYEF6x;4OwBtQ$^i(a5
zcCJRER1)l3!`32=DNjkU8>PDXEbHD8W392$*@5DI)n-+KqpJTs<&qg|y%=}5x{r1A-|)GK9`xc&DzW35WuM{>y-YwgJa=0A?L%F4Z%80RYO
zsw)EFrX6(C480bcZaloY)oSx#3GJ3mLQwQIyUM)oh`x4~Lzg4^x>9_Nig&smlzgH{
zCXOrmiqB3|+ocl+(KVdA*}NH))M_Z)>!nA?Erq%Qap~ZD0tLYDEV4P~eUFE&=G0JJG$}Wo@*8W$S(RE8yCLEw@f;J~d
ztoAIc3F05V@YU)4pQ@{xNX5Z1K}vj7E(Sjca1R$v&0fdg1{KM&Q!gYnMCn^4OclBc
z2E1Kh0u|%Z%y?}}Ao!iFFRB|Y{s>?DVC|k9N!-6^O#Nn7_PX1;bq5k)d-Z
zx^ug7SkH8de`D;|$pG?xdyHuer8vpZ`iETYs{cq5>&s1v5~`CbE^$k=pZOFQNBSLV
z$Ja5|u7b<5@Q4G93aGR}mQ3@a6f+p0gO^wX=t%h5>l}BplKbzbwBAJB_%d%pp7Aut
zu;XJ%uAYi+q#07oER%KST^nz%^;si<5E@uXcNGfw?k1?}f7Rc`S;(|dT*}uI~OFuzn=kF`n
zot7*fC^fjmes1R5FWY|l*j6R^E)L1}u9j2&3yA0v3FcNhj%yUb}rOx5P2zIJU|*j)1Tmc
zmsGx7eNwbs@
zsA!uEis2QRlJ%U+b=J|yEZ!yxK5=&ETBYd|#RBb?m$|B`p=_gB&G+v1^rxEF8Yt|G
zlIdIeW|vJb$p|O&{jkZZ*3m^}%ViYJu9m5KZ@fWmCcp5Vlus#c4O^=IVX^d&)-pKz
z_4^`u|EYQ(h*7_*KU%umDj%8E{Ad_!WAr((G^op>Q(4#=qxqlZ9L%M58Mz$`LO{3E
zS+yG1Q8bW0kaUeC-5WM3o}`0QLyL5i>jULF_s6$4P*zr}{+068_WyKLub2N{uzBZ2
zrGT%3E-Fpbxi1D(vN`CwrJE|Qn;tKHBexq3wKGX?4hbPmV6VP5#Qku)8uj0-3h6&h
z%0UXt|7&W<$_GAb8frbWo69WMQbcWn5}%bzx`U@nGt573YDEdw`?KBBZZW0Z6DsXz
z{fJtPwC7zp4Vu#a?2x9P4-d4hyD4pGsI+Gs(&jm&r8=Z7CN|>e>3(zid@EZncTaD2
zNV~ux?PP~Ec|P1B?Kx9gRj9P%9n$`>(C+D557_S;aTgA0xu&!+q0(N{ab2ai2OQGw
zK$?4J(`C_6nKJ!Dr_9ZibDHOCG6)w-bM#vJJ6aQ%0(!t>!xcHkE>i#JkRm@W2vbX)
zoS1YiPlgtGBV3V3>>_!gMeYq(WTsu@iqImH!WFs1E)q=<-_z2!;J=Go(6md+I+sS8$TK#v5oNbcR;L8AYDqr0w7m~^}N*7O%Pv!b}@|<%0`h8#Z
zeeBAob8eMAe1)|?kbSlK$oGYa^^|JgQM))rs*>8v)Z3&XDxpj9tLoZvNp{HjPM1|T
zSj`4B%~Il$R15XZ6qTa9zy%MfMCFglm#aM1s;APs+^!bB5!5bAl4`YeFNq!gC%(^R
zw=KtLExAnhUAvecHcFcMHL26Y^ovywA{sALO)+!U`flSO%L%tqesmdq)cQt=OtbYp
z)WlSSAW46o$@as&mUyo|INUaGCEz#&IA_ELDY{2Z%7CPFB$=jrU_BPH_&z=_*dZ1X
zbniYUaPMBn8#qn|;w@e1qGQJ>`{qGp-xXp;MBd5=-ac4c(Va5u<*|wKfybGbX3v)9
z$UUk$GnBJWYk`lozRj7WN>cg2sb+zJwv1OU)nfaH$f$D2@R~9Lw*023R=1+Ul+aud
z+=^Qr68Z;ASYS(-Zc2DQL_&9mgysz0k3bu)uq9k-O2`V4@F{n&wPI?0&s!4IrU=y>
zKQGXWC{se;5D6{_Kgjn(|mHYBC@1gTB?x3}>7L8(3M)TcvJBkk1E(A51i
z0+MeFP2FXujt)&-XQy63s_z|Q7&te1=0sYkAK+WiBtIj-!xj_dohRNh{u2WLTRm^=T_xllc7W^2XT2RC9Es8zDMVafEa=;G09~e
z*bJ+0$Sf=>DRUB>_K$`*6moZLsaF`-cf$S1SwByvsNp2qukmO&B)V>N-gJ>
zh+6c+jAhC~13D=q#3jG{puT8cY2y}&c~P>~7w-@nDK;DI>s)^pu8Oph&Cy}KzVA{I
zJk{IdrMGJ(w&Py@O6MIeEodoAJp2de4}=D;{x0Y$8Go*`?aO))x3u68E~KT5uPr%L
z`Y}DYoazX-wUl;{>-O_M?H2e<{H~*bGeYgbmHPPI8btYc5V17zu)Jdt>c%gF=m_-X
zcSuP7u)_yalU1&i-_;EiNYD;ARat+yZcDZ;^1xl-yID_>ZLd<1v&VX^DeL(3CGAEyvI=!Uv6mS3
zaYu@9Y?!0-ZjYyGDRA8%WxcXG!D!PddsOAOE?VUGMOyyVW&ZIO4KR%9UB>O=LdQ$g
z`+l!?xxa>(bC*puEZECyoZk_sqgq|u?RLeWbdKd0yLv{BKx^bjp7^>7M}zD*RH^-A
znh)nlr@EoM2I
zx$Fbw=WET+waO)nZF0v&{phuF0~_S2ilEg>U>S%=e=pIUYb}0K%V;N?g2}U6bDq
zm9bGOspAPjMoUJAmu%jYhKAp!dd47*mfvg9p$UHHd5&w6IP8P&N9ax~MLTTB8ijyv
zMSZH0zu=#P)DVkES|)$G!S^BOiSlThxTG?JZ@TyPvC^)WRm8kUMb?e^(q87VimiL)
zC@Y0(ncIdTH3^)S9540XUCxueWrhQN)k=B~~v#
zLPp0?^|8;0=Jh(Ervx=9v;K>|O~P2QxbOh4V{FZphY47~=&P>~P{LN;V+wQq(&GSJ
zh;x35C&-|QYbjnu@fFUYk>5^}*iHE<-hM11Y*!3vW(unxt=DN{8JsC3Tba^yoqA8U
ztMv`N4cI@gM5HUzRQHQY)zjn@Av&ZlpNIJ)Nz~K;H^UWD*+;U~Q#z^V_p{NO{BUMN
zQiOm;EA8AXd!5=u_3*DRj~)`=y~QVeVp6!&WHI?}b!&th;1v*b0A;-7-z}
zm9ix38|UH^(M7Fqr@1988!e--%T!N=Sb`cL*#wS>Njh)*uB6w0>4*oivV10UUS~o3
zG3MLNVrsmv(V7>-MDqe_ONpuAjeX~_%OZJd-tkm?t?%g!q!!QHY!v)~tmgQ+r6`lg
zVOOFYyXr(lpc7&QG)Il`yQP5^VtD*Ev%cJmhWqZV2%M69Pbl>$Cs)G0*7paAZ@KS=
zV(xmj$cfroy<$Rl4bIJIVCQA|TC|-ZyL;2mbyx4j|HioIW{j%M%(W9Uv%O0|rkR?7
z@BwzRDw`(D!O~a1#YpSQ=r5(Sf
z>cKvIR}%lUe@(Su1|$D_*^5cO($AAizxLh!m;}Uq%AUoA*uSRQ?kaODR&WHh-_1mF
zuNJORskz0am!K7Fp#<^D_@jb$YcEnOq-=p$?`ZK6S~8HnIffvpsy`jEArH~XBedck
zI_VmHYv*FF)M4z%w7WVEz3n%uKipZ>yEv(W%}(`{TAE2_J!Z*b)|+F
zpDjPk*mOMcJlCFI&D4&vM#wm=(z~#hq`+V8++$rSt|^opbL`J4@_DBHIaWSTv_E4_
ze1C>^P|6DC}EtAYP&;J+I9
zuLl0Bf&XgYzZ&?j2L7vo|G#QLp4#&rqgy}BGdndaGtDz<>~+_A(sHI1%u3JpdS(^m
zdp%RrJ?WX=jPyKDYPKgeFE8~@PmX$@Gj(SAG_MpaNGBep{v{SpOHWTrPxIt^Q>WdQ
zoH;Ag>&eXa`egUT$A#?y;t>7^8CG>
z^zwGDOFh4=(e)iio@KmN{y*?qN1J|2J7&|?{bt@>P~QKR*Fwt8&JknE&&eJb2LY?_cxwj~}dYU-Jo@bdQv^v1=2P(;Sy)%
zdhhh4=TA$`P50!d-(HZOJuO|Dmha7@U&ip%v?HV%M&!0u|A8>CGlH(g2Yn7MGcqWB
zlKD9gmhi$zGQ}2Bvpo5kg`Q~{=nEH+m+!HhfybNU$xY46PxlmLXHLsWqdNt7kr}Dp
zbgpOW?ixC`j94nV5a%_ifReYRXG{61=`-j$mr=#Eoa{7DMrzh{PtJ677G9{*kCoJ}
z76*H#=M?05(lTdcdhG@){fmBoL-~yKLd(^2Q+K*IH8ZPUXJuUcFR{>@hau!-pMOV2rZ+u5m$_pauyXa5
z^UnCN)&J4^t^OZBX!Rd5d2wB<{}f&~@>1^fnu4x(2$RQIu3J!gKlAelIFVP-`oaDqE9VYt
zH8I4&PVD43sJsKyq0|z*{?~z)4VVi7nYTNeL)U$
z7g5%p%9ze9zk0fw-9}!z?88uiqZk{f%+#!rSvjfRd?QhIS)S>6IkVJ8jK$b`R
z(kQZ0t{otIh6^vkO0Hy0&<4g|WLp2s^h@l-;RTtZSTm2A9&e{R3L_*m{gRO^JUMxH
zy7O7}9f3tW*m^fFH80G3a!vl-t^Uvd^!4T|+e>G8k`50Zto9)chGpJk)q1V2#`YQP
z8HpXR+h$D@t5f!`2Sx9xJyQ#&PfyP?jCSP>%T7zlOP`)u7$n%7Ufvv5%gh;SZOK*n
zWVi4?koQ{~nwp=Vp6B(*M$IEeo~|t@xc&L*)_zU2U`;lCU}2gd;SSC$o(oL<8ZKpO
z?Kv)uyE8Xkc9Z{${UpZDDM+@H)7AL{Sx-LF=0Dzi{T`mjYaXvb=1b~xG{PL~ST&QJ
zqu;xaJKKD7^rigNoSZCY-ob-&a?{yj=Hv|xC&;6OQ?B1rw1e06yk_!R&1(s-;-~ei
zeYuxib|k^Cu5I(b#p`okKl8fenKu7fynZlW!Q+^kf2B4&8OA(3PG(+uzPTw?-8672
z>4qUAWNmEe!)$CMb81$)7{0c5`gHsHHvebOwfWn4o%MX1{{=o5^FCQzSibja4zxK1
zyrz5PZC+~jjC8|H8y_|?EvG>02q{Ees%`Bw2w7^+_soVi|L{Mz`Kx*L=KXG78+e7b
zM^)c$gB+>u7C91*)E>zu4Z8KkHvdmAwD~hOw)sEhwSdp*yhv(C4;K$G)#R=hd4Uuu
z%)cYmud>sCw_j@WZ>etczs+k1@0)nl@sjf4brPt>UB7fFkR+v#T))oV&+u%f&P{Fp
zTVHPT&*F6@pU>rWwDP+0e#VJ>zf;XCZT>yHB6&ZM*J-?tR(`sy!t{UKt8MOa+x)Na^1RmOU%_hfUd@~x+VAl7E3e&tBaYk;yB&If
zj?kLW{-D*Itl8;f(%D5w$iOv(I$B{3NmzY`lxKGy=Sj~_bGrNAActdSTC7zzPR`lw
zijX*p>_Lyxu30&=(?_e|&5`;Pyk5;n_v%8|67b27?GtD2v#dy|vnx0EGiI|fC%`Gj
znV!dRTc6o5v(uIx+vLn_+3+ak@xT9cU#-hEnES})D-5HEm-VmVb;GD(xB0~|!)Sot
zLHXD4re7hGtNhxNTS*t8Le&cf7TvZNctG(oYU`|
zv>C>=ggnH|jPtLyf*|K#n10@+{4)YqtP4l2N3St)9`WOGM2hk=XJoUlXYTef*osS=
zGT52eC&ea)qTLC(&dns=MITa-v%-#G1obiOzud~?z#)4|w$&)m75
zv$OkndiVCEP7@Oni}|&{@1HT-@4t}OLSCoxN;coi=l@%;x2UJHG1z19M|Ee+@%u03
zwV2ljyiU8z@4uhdXS|B$`u%s!Gww1xT@6YA6k=I=d{r)$2HSoIm
z7UO2)7H#{E^=hn_*hSin$}R^FR`#iu8s)FT?X8Vz860I*a{lCg_Btl-jGH}19I-#M
z8t1y`u7}_wYZ0+`J)EqK+abs28$cNvGU>u)Cl_?N--}eNQtV*82U|^LmI^$7kpZ
zuT$3f{TK0)1~}@M00NR_u>SMT{1!Qm&ggFFI|FQtrD^+bXF3$&37)j^lb~tdaiL?
zV7>ay>z5it{%6KH?sk9vF7R2e7yU14N68_}hqeAVjoO*XOphPQts8B0I#pl4*m+4c
z$;^MLb7Y+nBfCD^jKkE|-&x)nF^V|zm?3e!4P!?nEAW?x{YkuUKEKtU3*-B7uLE}G
zAwz>N!nl~HkTc*oSOOn}YvC7g7wk2!)gQ&QP2g`N;$g45Tm2K@23QEE7q$AUU>tu7
zvI|cAW2?UzZiO*@4dY9mgp7w{cj@*wSmb02E;Z-B#Bw)*Sglt(Csx9H9DtFbVFd$K9;V(!Zp!oA!V
ztb$|K(oVQ~9ql@wIrl96f%460g>WWZ0hhwf@Kab1H$K8jIT)U5auo>3ClfGh{;1pM+J;wysKe1`dbeN!NV|@e)j0l=C6Qxa05I9>*3mC+Wal>9au*{55Q*FITCsF
zt1pa)qhJc02`A9MQdkH-hAZGta5KE8W1GJLu7k!UhH-f(+6`C2WVjh-!Fsq9#vI$`
zUk@wb9=I1Cf+49|uQ3FPsf4;nT1h?ty#Y;LenX*TJs*b$gHB
zwfTp_%i$#WAzTFeMH3T%kHcNC4*Fo>@ooMn_BQKaEc`o6f>9?B3xe6O1TKPW;TpIL
z_U%Hv1Wt$1LkwdHjDtI13XG1S-7pST!ufDBdWm(a5kI(tKeMN
z`6TQD#=;sn4>rIGXz-;*8=wc)!2~$;Wb6uN!y;G(tKddh10%aq9*%^@<+LAq;8vIf
zV^5*qa3U;$OW|6$8t#J4&`E(}Z1vkJ+Fs3{GhN*BBEP-3$=db~`L4%XpxZg8gum&cSc`i6JF2DlU&S2J%fLf`Nym;g5qK;N*(K;|{P2(E!ia0grs_rdKjauoZ8OVAf=
zfXQ&&Ap9eoaVhf>&VkkNQ@97F45r>|n1|2fmbaP|$@H(Uc3!H?k@_`3<{3oe9BavetBzImS7kn0u
zfWN{Fn4F5<;Qeqtd1mEsV*xWoQ%DI5mZ!?AETyd5^d3K*TvyoGV_TbK-w&!ap%4=#mw
z!3}UX+yhU_NAIu~>^j{rZh`|~4jc#9Kreg;R>Ch~HH`359-a&j!6evq2KEmJzz5(s
zxCMIQZdeI_fz@zO0p;N+cnD5{T{EyhH~=nz@k~l1ulhq;dk&bOuqyF
zoQeM6P>@*+$2K&JZI00^eb6_1@37g>-7&D7`b2sH-1x$f8Fc)@S
zz&Z%G!WuYtA$9_{z^H8Oycj!!qhJ#B!VLI0EP-#pwXg~9g8dg!9u~r=9OfmAh20iY
zFPsQ-;XSYdu7?|-57xn6OK3MNg0nE3!#yR-k=9=hE;H5Ier&5!F{mjGUi`C{eZpT
z{cr?)52nE$_u{uWyFxHDc9>CsUN+tS-K3D_qSx$Rk9W)Bqk3bI`
z{viE;&##~!_$gcjJ3T}_FdpuJvmd4&_&AK3%{*PjxWoC6pntf(3jM*pYv>=$ewy|{
z&pPxDTh`;(?l6o~pF{6(0Gt3fJdgh5^9IHnu6cp+f)~GpKZL_KQLd2jgoEHaZ~|<8
znR0OE7UaWQw~_Bo`n{e0z~mb2310p>_5hc_4RG}i_H%G+Eqa)PzILGpm;e*txOXTA
z*TNFm{aySOoB(&jYS;{YFy=1Kue;F$Tn1BMhreKluo70n9q%z;Vf6dVSC|Wpx%iI{
z7%#XACc%{-Q4ZF_3fOfI?S;8;+&shh(zvETm^T+t?)~@7q-E}@Ql5bznk&+jCR4A2ZU=e%=R>8Pt%EO!C6y|jaOkm!wmCtY&EP_55#XLLdd&Uj+hieP5
zYgh;Oz&(uXA$Ul}`3L+F<90b505f1TdMJT$a4k%RyI>ad!KEg!W#5395%o-
zXcVIt=z&{d0{jwAfl-HOC+q{O;1E~?t6>A&2?@R#gMXwvoDCD;gK!Gm0~f)`KT$ut
z9qxt)U=utHqtXBDpJ_j=gvoFl%!2!2^b-2rLOSdZlVJ+Xf_ZQ$Tn*R58n_!az$V!F
z-<1C&=UNyCN5W)S0<+)?a4D>Z>tTmqC=dJpioW5kuxknZg@fP$I060w3*kMj*eP5K
zx5D?}UP*_CVSF3*S;~43hr+pV68sz%!QOuSCL9BIz&yAQ?toGE;0L(75eJ9EWVjM$
z!8*7U#zy%4>tP1m4d=rq*aoA^SYJ9&9zG9~;kPggo^%Z5VJut^N5S22CTxOpVDwV@
z2jk!&m<&5dQXbBMOJN0E51)d&CA}l%p$A5n+u*Y$Je+E1Rm%^;h)C=#2yI~D%f(Kyqz34rfdSMD22Nyyw
ztb~NfltC*
zxD{5wf5Q!MR5!{)FKmV-FlIS+0OR4cr=vHx8hYWkuo9-7f!<&ZY=ECb<3aoY^uR6M
z`E63T^Y?sfDBKGd!IeE|H{1_*!Fzi$-tbEp{U`P}f1qA?0H(kZy=XTa11sQMxB)JM
zb+8IH!;LUz1$sM&@rJ|UI5-}9;dWRF>tHo(gL~kB-q;Hq1G_$C7=MHV;0`zrc0HH!
zFsd*10#Acm;ni?2^uoii7emq<8
zuwncKj)0vnKyUEE{>&3N0~}Hs!VFjfAB1b+I=BngKp%`BguYkfhhaQSgDG$h%!Mmp
z1>6KTz+JEocDR)Bf`eepqu3vehaCo^Z}|+pa4oEadtf!3KLmZj_uyf8!cg>G#s1(j
z<`+B!r@+pa({C6Ht6--q&=>3lo8U|s{g`2V0OMh&1lkS9z+C8s6)Y^SUT_zj1fvtN6L=+D
z1y{kX@Oiiwb{fh2T7%x92hN5G@C`Tx`d|_CTt&a(wXg;*f(@_^8c!l8iSn>7On^h-
z6gV9g!4mWq^l_pV<9)?j3v+mV@6>wuqRA|DR2>72G_uk;SM>Q(*>N3QORJa4kFlcfr0lF<$U4
z81+2oRu~IEhDq>Sm;sH6l!r6mTDSu4g8za(=((Blf2Lj-3vYr+@Nt*{lP59H;C8qH
z?uB*mTi6Vz--6yY&<;2Vz6&S8s9WhbOoXf8M7R|e!o6@cJPe~JW2Y}*pD+Rb31-1f
za4CEju7{t&-SDI-_y-sZqc@@-7zek*WcV%2f}T{$!xWfO&9jLx7sgDbKX5o~h9xlO
zCG-#DVR9Pd4*R4t&)^(b1$V(3_}UEg2D@jVw@rreI*f;r*_4B?!a|tfr5v0JYvBFR
zcp3dc4?F}D;LHN-6TUNtae|}nVw_;7xr`I+UQ9dT{w3&nGk(4VJ;MWV0xT+}KDY(0
zfF<`(A3ULqeG2@1DSCQ^aazWFguCE4m~}7X15+v(ADHnc{D6FZ82!Qyk5Fz4`!E;>
z?}y3oTbKpAuSUOcE8GAps+bS3{xSObD(92O=_l;G277`hJc&KQPV3P>T(W_A1V?P7
z99#`s;33#;EB5jt{e&fO0*tMuz3|jc_$|2fW$XbSfK9O5X4<=rdSM)#36tScm<6}O
z^)TfX{0+Px9)fScuG`rsY{yT+s@KU6cfN_Af`?!=oVOFZg|F7K9=~Q7kM3ezu&Q2f`{O0*!6YxwQvBu_I>OKE`wh916%>)>ljzq>m%9?M?&Kb;xo_#m%#+M9!`Pp
zz#_O8R>9~!*e~o08(=at-eg^Z9+(Rg;C`3|JN}h+!(MPb91eHGG}r|1h0!~>?*rrD
zyD%9ZfLXBf$CQV?;CeV5?uJuf6PypD-!hDH7zZDP$#5IYf`5lg;WuzSG(Mp`d=NIt
zXa057Fe2uRF(L|MBF>CHHmV|mI=SARSMJus{`hNnb3)9>6S|G+^1C~tii|7H7~J=w
zUOlC#lpn#X@K~Ptf!05{K8aTq*X3TX^-pAac{SCy`cIXMi6_J?>2T%ookmkJA0@q#
z*O#Q93C^3WFX{b`P`;A%_#>1Tu@Q4plGTVE`|vGBgmI>G
z++^%JjA`|s*8$(}e}s*XspG`rV~#nygKCKA`7rhTj2=!Bfz~)&ZMU;KG6?vHIZ-9O|AZm
zBgywrP`+~_mB8-g+d;c#-qPy7$9w?*O11DIbaab(35DIj-{B
zU?sg5>A#T9R?;rt;qid{5u`7f(&`^bdu{n~O2NIjR874Pr?&ck=6&SJj(#u>9U5)D
z>?PmKsjdEg$cg;-!?r9LFOMECX-_rvo7Uco;{>*CViZ^ta`fijVWj(nn@&9;6HlW%G^^9@E$b>}-K=9obHWV|NaZpzDb
z=X1(SCf`rwJ4576bmWtM9B0e(lF#SmdpD$gw>$Dl`@Xi@w~Bn53iyr=kvGYm@0b;~
zydC6|?;oEndYK-SFT>VL6ZsbMwc5#&FC!@5X$)rC{`c=pYv}3+qK8y5sNI%<|
z?pQaLlD?bt(a!V^Ba{H?$9mF#Azj)Tkl*1wl`j40PCqx^-Rl3C_mR_A+IeK0cG>MX
zgq$fnyPe{ab5%f28geQ~A1>o~p+k&!o5KFUOHSm-P1hrI+-m
z``h=I`=lQan0|1rqrd3I=?AwWr&neBesC}8S){k;2M?28Px@$AKSu=m*}XI4^QZ8B
zP>nz7quNQAaa)g`myy1V{zU$3g*|SgmL5|adCXnMG9r?15BUzQHvQyaM}KA99Dee!
z$a~E6YZp55iM=@dWH0(9-^sR7{KlE?e8;S@{Yx_WHmxz`^>F8N%9HUL$KMbrKN;o7
zC+&0i$yMYV$=?_#KY5lTpR~{6CwGvq>ocaG?Cj3x^pj2GyPv;7P<~PZ%hoz0cHr=n
zT^Wal=S@F(YEV9hpKSUadu#qypglhs9Zd|Topc$exzw{`gXt&VbBw3-&*3M>A;TOsPky0T
z`9c4mZ2il)JN)2?$Ps;9Vy|Qu`$~*l>J0y4JXG>|nEMtDQAkK;kapZVO?!-xyj}t}{C%~@@j+ZHT9hzYH
zS?3q$UifQR)8XTHj~fLa1MW9BWD&zU?1a%jU8luybwYrr-WZwBkel<1$MuRt--1(_2QU9su36@KN$Q_j&O;z;hyty4U4I7h?qljAk^ZO*OkhMzIF
z=Ao`z;4=sQ#r9b4m@NZ;8{BWq)`I83{l;t?c*F1g$7DbFO%-_WI($SC+;2=qfG-92
z8C*I(WR~9})ac_63>0=x>dGLwges#o<
z1IbTA`Oxe|Zas5U9bvpb2R^glGfw(UG<5TiGIzH7#iV`j8-4t%CnXvbpkIQRu-4Bj`&
zezbr;1dc=AZG*9I*$UnSUT(}~`8@~Vbv;!1S!R4oEk?5Z5b##SKf&b2S~m$?e)rao
z&jH_Cq5X@&cY({fQXFSvp0t4X-i+%~li%phlUDGN;N|)+=gt`PUvin>(0%v2b;xm2
z+W^jd>fICb9)5m#7y-Tp+^?Tgz&BRl^T4-(`;Fr=@HfEy@~{?M{PD~7Tg^OJY9l|4
z_qKt{--g|4a@ogCZmz_knA6xp_FH4a;QhcaHDg$6(?-sPDEQ^zetn38PX<59EI-Sw
zKMDRlaJl{z$C_)89IFDxashaEd2ROby{-@X5v+Ev%{Cy;Ts$+FXU5^pgN!pAxo8C+
zE91Oo#F5v6C%JLD_QJI=z8`*LNt}e!VA4<24j;ey-4D5t+?n71T3C`ZbAInfoPOK<=XdYJu+I$cH@`=K-(G=F
z0bdO6H#g>i&jk4O
z-R?iXmLks3KXZOPXTnJc{yud@XncyyRSKsRx}h{xHSN?zV3PxGeA2zA4~w@RQB*YAF$6yf+VAwr{h^We&LqBm0ns&%pP}?`cS$
z1s?<+Gh^@|mpl(X6?~}4zvuQrU~uMu!_Cc+@eDHzKDz>sf+xWJau^4n27bI5e}-Fs
z@&NJEj9)UJjXm_PX!uiz@2qv-X>$AESu=McPAmK%t`DD;$~;wv6(4VMYn0PaATby9
zw4wYQybcA8dW`#(32;1j$CvFF!l!slSZcz_I%a`4f|qN9JV$Lq9g=U6=cp&|a$}$`
z!Hw=Yss(X|;I~Ko+S(5lOa*t^daDtKZAEdh7yo+(J_nn}x7wcy%9><*d-ug}nc=rh
z%B?k$j{tuXTwV_s`+KPx+c4gm0{#s6?IxGw!t=X~k%Uj}&M(^+m_F8RP7uk{;Maru
z&95wY19-foygDD(5*~W{6qf38gYzcX$)d)gHNSnsR2H(f8;-po50tB$IX0M?mXU$
zcC>*z^Z2iKxcw
zhL1Ck&oJ6+%;R~8^FDn1=D;%Wt>7z4+Ud^Ywct|<{_}Vncnf%?c`R_SulPs#Hpsq)
z!IywP?mZUncaMcJ@ag)g|8>T6@G5Y>b8I7c2)x`HC)=)Na14bzM%-VLZCnVR1NWOJtHIv@Kh7*~>|t*L-&Udg
zZt$((<{whQ!Ot&W3GlA}^zUy9
z{2*|@e97NE>K_ZWKT=90byk9N<(O>1m<<4T=FVTS8)n{T7;{JdF6c0;t?a#u%$5AT
z(EGs8FX^i~pe4_PzYOkoP8Jc|^MQ{u%Nx(NR7wje_?FkDA%uzX9&o
zzBS-)SBSp_{AF;z_U#4#EjTWZ-2Pwc&PVw>zP|_eTZ4y#%l?ls%j39~Pv4yWgYO2%
zGUvuOuGQy)?*sR{7g!1|>^9$f^flmP!2R;K1$-j7-|@5;JO++K*KHs7Wy5%@=SldT
z67ZPG$c=N{kATlT6?|kK;_z7mpRs0~@4Ick*`{4JP<*hr5$7L3L
zQkDNa%Y&Z*?w2Pq6nO&on`dG03oFErf{z9FYkwU48{mHPED3%Qc)4*3qt9vZ3&1Ol
z!+QAKR>4P(!%p}-10TO}sK!lDE4W`jh|AQj~l?JRj9uSd=j|d`K9>)d;>WiL%Q{!=jMMW__>H*Zl1~cQH_UGa(w)FJ-8fS
zKRyn89C#PA{xjYB8^DKx`?aqLJOb`_zGwzN0^IL7-T*!b+;9HwWc_~et8sxQ=a1j<
zQ4cQj<5zwh_^IF{%>EnKPz~T0fzLBJKc67;-vs^~c)4r#FnBZge(*}yiNg1*y95)cMQrl$loB}gZNjO<(+*<^&uU##``Fs}q`xST|d>**px+YG?^AB*pxflk26x{E;6a|08r~WXS90z|Gywdec
zBYa+|;3LPW89oL0`1NB0c=yi!dE5zJ4UWq}H;=~W(5jY!0W;L
zBYbh3jJ^E^@Il~yd2Ryl4}OGM-uQe%Gx*oR{pQIA@E+iP{o4sX5ZteS)uZrvo(kpb
z!H0qS^=};bNN~UQHGoIJ2bujd_NKck5=H-qp_xg
z`;AXM_<#z09JtJ1x&DXIr3UaiaKE)k`YeRc)CxZGILN@K89tZcb#b0q?z7t*_}{><
zFX8F~KeBuQd{h_z@?Fosek{0O`3U${aKGa)1}+ZrT!-VnQEpwx`V-&-!OP`I@)UR<
zaKCw+0Y4GkZyx8skEu|;06r4jZ=Ad0hJGmcWoS#e{6@fU1oz8N3_J&p>E@Q_=jy_E
zD*^rq`0*y^eYbo|=3p^=>Koh2K1Y+h1^gKB8d*S}6Gpk$+O6ORgZu40>;Vr~;B{wW
ztpfKu=L`WK2<~_NH3|GkaKE)|4*8{K`;E^OF9x5E^5t^W4`o7V|8~s5&*bZWVWf=T
z_ptt^@*w>N!tZJ1`gZ~NePH;>&tzuZ=My1JX8AXAoH5t2jPDKf1Ah?wFxg(sjkS3U
z_pgxyQ-1O|Sc`TotZQq>C5~IC@oaP(_$u(LO>U`!O_tvez7O0l
zuf6e5K=J`*d1H@o1bFBW|Kn^5csFpr`18p9;x7a5jq(^iw|~ao*;???75Fyr2A}rH
z@tA=AUk`o_UWdXs8ueNt_xX&y`+jHRISc$one8w>D?A4LUGQ?ptIYFs@K3<~=656b
z9`F%neB*v;C3x5F<#`xo>d?=D;FsfdXnNf3hjVX=wGQtOhtK!4&xHT%BimU!9(!c)
z>4n$DTo`*O@^Ae#gO|I8k@=M4^*s1%@;H!x&_d@^t~bxS>&+a*xv;1IdLjRIko=og
zh~UPs)Pf`1DgUO>a`4wm_`2fpEdSQf*hAaOK7W?w_kd3a$6@BiH-1;B?i_sQ0^INX
zF$Db6Tm0`ECxOpJ`J5Twdac;LIpFoZ+S=!ra5b@I`xb-W2kv)%X#sDnz+1s@0{1(|
z?*X3;?stBx!zN-B{qs9+ha7-Us=&kO-yHC+sDGc?e|gO9cGtG0@c95f*tT-Vh@Tyo
zIa&iQ4r}xMT=y36?%>1C^2X;@_JR+pzxDPXjNxuQNV(J{f$G
z4-X^cT=18{r<(C)4%E*!IoCnU;Ikh-QPanGwz?L)cW?hbZUf&kul)L5kC^grXVsy6
ztA*qB$|-I?&$%ynZ)l-?M^!LuVMt`Y>(9lpjacR8L>PP=__982?Za^F7ms^+{yWAv
z|DnFj5qt*N%cxKGo1e9jbuC6L`8VXA!0TcxYiaTLX#rmW?sxpQf^Psn)GTl0br1N<
z;1`+PI@gIG#(Q<&#CZ?=O5~+jzwFB;G8^g|RsQ|1(MS2O0rKy9om+v+zxQ=9_%UW1
zcugeRApZ{7bnr91Z5ZaZVJ&>-f4zJgrMEupfTw#<#T}F8!YO_|+;uSzjyaYxxHLwgg_g<9vQ`ocDki
zz>hZhRHOgM_g?Tina?{s^#tAHX~ZP?o7ebTC1xB;eGwy!_oe{!jJ362YjQcZ#=e*Q
zJAMuD8DaYH+E>Pqf8VbW{M#m%F^p%Y>*2E&K0{0&^)m|2yx#$y10Q4Zn^k{hzCst^
znh^X_lNGT
zl5I&LmN>usTnPhZ!0W*;!|USM%DT8GF6UD}^tS;%&UN@+oaKD3!}lXr^#z_-+)I;j
zW+Bc5@HW}z-y3mcn+tB6$6SbYkpZ?4F}*m
z$p^rd;MOJn`N@E{p}b%Ia^U-XxV+|#qW_^ZN!eA9;*lmuYS7Kg8?MhgdYt
zd_3&tqZ<8K2*2l~-y0skA1XhY4|&-*=^FoaLtxRV#KQ;R(F5@K0eG?km-&$6H5vVM
zez#!{PRvF=g2UAsEd6?-pVwc8xhU7CcMLyy4KzxvPhlAk^`&RDwf_XK%~<@YC+B=w
zHwDjnuJC`xFa$gd-VbxO7$bO?(-@iaN#Ok&a6eJPmlydQ@YUaKYY&>-+E<)oi^1aw
z|9z+yaQQbw`0=}t2`Bw0C;MbOvpIOZB9`J5BCQdcEvA0o&
zO^HE1$4nSy8j(NAPs8ibGq{M?bJFzE=RU(nu4~2~ZW47p4L`qJq`@Bt
z_sc~V{PPOs^WZxxlo!}!96h`IJ&(+F7(5DI?mk`eDEQeGcpUr{94jZoxA^SDc&?iS
z-v*9l&*jE%gr&jja4gAO7t0%a&sp#jz;XDyoEL+#eR=S=(f>h`>v1x!zeOBA;C)PP
ze7+(KzP$pEf^P%&o9l6w_d6Do;JYf6PlN9UKSJQ2Zol#DDNF7*K6!9CKm543RETzP
zzxgL03w#1T+N>XQSPr2x{@`_$#vlA}aKE)A3Et1AytDpe{04zL_YD_fLr>>GUV|I=
z4I2<==(YZz1=e0Ew2ZApEKgi@`)w&wSdlSHK
z0+)Y3qNJU-tMio1R{}mC;5y!KzNNr-fcxbu1HKE~Z$9O~KL_`_{wRRg;yV9Ww58a_
zY3{k9>t#5Xf|r|bVHA<$B{{-~&^BzO>+!JE154?%5>ZmQ6Z
zrQq`KK>M|$8V!&fTLL09#i)Y=D%&B)t3|hCgyCbfLrlk>7<~Nl6$bwZ9G9O)U)5fz
zGylQ+U+-T&4n6|hS>KAea=%xS1fK&QHREG$%hQpJp9WtHeu&A9&pKwo7l7Yta{dOG
zET0G81@6~=frn;C-r(Q9F!;sbQ8T{Lz9{%j;QdT){MKC@{1$M(_9wyTfFEg=H=cc`
z!LJ7|HxFe0vgGBCNvHqdGf>`-iy4@!;NLatH@+(u22X=`H@UI*5(QrZo-nzk9*)cU
zWtagBp
z!s}4#EH{R6zRw_rbz@umFX2;cgY~S_kucuMfiDLyX#?h~HQHU{#y&pDmcS}yAv(SYa0H?>v#{iZm4;y3$$e=!NZ2E0Gw75jsF&U)D(AUl2&i&J6W8FH`-uY138(B{^4uC!L{ExGG^1)_1
zjPEy$1F!mi`JBr54d8nbzg#;dZvwYaewG=ZA3~748T?%Ek~|srBpbjdfgf#_=bo-C
zzY}~4c)9y-$*b{D;979pZn`<*!$`^N!B>M%DB))~lS<}!DaK(7_>*`YI_yk0hMap3
zxpOapIFoMi%ugO8VU$gQH-az6YjZwWDK|z7eA?jSw)a{pZoDTu-1zzs>k-3@#UJLGb%{_9C_Mhb|jp1DQtUw)o;a?nQdCJf%{!APXV6+Uhdp0kC{yvhYP`-J>?Fg
z-8{&3_E2|Ec_rdpc!z(k)`L$5_nVJ9z{i98U2}(UavTR%r%NA8c~|riEjU=M(t&wQ(G{{LE)LF2}k7d?NVuW*z!Egy*v`SPFh=_)RhW)OCn+
z)hqkc0-r7LDc2v#TfsN`@G$ru@K*43IKLP3Dd$|qy-(|zKu+fSKT94Ce(_!9=Y*_d
zGI$L9CA>E4Fn=#-9(;DeXM*WtsdGvg?=1uG-qhCq<6vow;A8Hwk%iA=_muzr0~sR^
z{s#Ciye_sw<#VeXU74@YHMqxE=%3Gi;ETZh&W&ThH-UFC>p0V$JJZ2m1oxZ2jo|CS
z{f^(2;Llg!>%p6Sco=Qk0sbg>$vu+Ff%AzdnS<)txNnBfL1rI#Z!dX0_y^#A$JjXV
z{{Y8jhMQ;OKB58q$b0?!*aTh&KFBO@>{B(fyx&^80em>h`yCTI!H0tT-RD+gv-BKr
zzcs2Jya7CBwvXom=lTaZUJAa)!hE`Hgqs6-Tz%j^GfyDS^pt;|Q{d-=4>s#Dt}`>>
zmxKGwr5t#oLi_^wcPhm1I!B0WD#VX~-wfW(Y@e}r9RvR!xL+O<;0wUZ~QPzx*UfO-Er89IQKv3-;bWxVUHfXTt8$zO{ix%
zxO47)<&@HTjB|G!aUNgdUr!P|1&%utHwO2|>+zNxujj$xhRV(4FW|MA7wcU&MpvAm-hhwanj8V&2Y!J!hVi@cli)LOssFvk9Pl&1{npdP
z;Pb%C&9N}*Z2`Xuykt*Fp0AB_{ucPGfREpCvKM@{PaSd|_Phb(3x0;DpYr4NvJFkh
z<;&n05&WJB?iBPqGoE!%L5wZ%InIn>+`G;L{{Z}8lN)_l2EG-%yUDrtBIjT&`j7*6
zK0o$@;cgq`TsQu1&kn@t`Dpn#vag}Jc;*W3w|4deudPsi47gRH{B&?pfj5G;JyL$W
zW&2iw7rz-;8BzFGs9uLR{-Ay{l8Ss)d5%WWSj6=3z4ER>?a`&=f@af>&z$>l0P4H>{fu{~$3(Gp1
z!CS${;B|4_(T3~Uh7I6*!Tsj=PVimelRf3lHM4dezI&MVUo!`S*Ms}*F--tJ9(;sZ
zhw(j@S>O{YlwSybKDgg{xEg#cxL*!7fzJf@8;9NCv%o8jL)Y))I`RqsafpCV2ls13
z47>?^n3)6P_cRmWKLG!h$&G!s6!;c!zj4ffZv?M2j;-)%gOA_2Zx49&it@)yZ?voK
z7CdtV_nYrSz%K^(+l!n89tR(8_R;w6#T@Xt;C|Qoi^1oEV`XsXy73&c1$-HJN&Adr
zr4@VwxZm--2YfsDQD%JgNWoci>Tsj3OcC)@|oo620NG7Cslkrzc()*F^Pb
z(HX~W;OByu>q8ht_Jc>kugB|Rd6@_PEvJ5XJAqs+g3mATI`rW2rGDyTbxvL5Zo?ke
z5B=v<1NhP4<=P_q(gc1e_z`$rY>V+Zhi34e;C{#42Jk-Merxki@UMgWjaT*U_+B}<
z-!WGYem1z@F*gqUI&i;Zt^s@jxZm2|1pa++zx{(|@K?e8^0xte4S2cx$}m#86MQFl
zrR#v&J8<9fl>fEHK=1+Jetnz(9tHPXS7w2a0rwlDh2RswPci2J=A*onm2+e@_zdv6
z01SP8e)(F2)
zGw(^CHvG!mlg1nI`)}~|8@D8Q6ujJ8D(fnsuJPcn%Ql@;rmkPet2p({U=w0}2;XnR
zF6PIY=s3vy>;~`mWB<>N)ZU3}N$`GVdE;6BK=2{phnU>>EW!lvW57$+H016kj^8Zs
z^T7S)_(JeU!ToZz8hjzR-?i>0@Mpm*&G7duJSJ*
z1Fr`6Tay#u0=!%w!$2wUPf&lQH93Snj6n=%O+E`VM;{Avo*HZNHpKdaPhE08><8Zf
z?zg7(z6-ek_si7?@K3;xL9AjMjNdhw0=^%7tjWJVn{XWl?l+brz;6LBH71_|2&p
zc%zpa*L?}_Cw$r+m{sJZjSGOPTXq^d2FOdd9!KaquI-%jI0QB?;aGyxiDIo(As-eiB|6
z+hOc&Wx@M^cQ?85`K&y69r$G?H-0ZkEX1=qaKB?P3_cSaSH5ojGu$~91;436`8fE(
z3gwgFub*1}nk9@X)8N4o<-f}=bG_*k1N5ey0`mYH?9Zo3_j2-Z#);+0p1IIl*x_H
zl!flYXSu-r#<(B&UaT)i$@2R5e~ix-jRF4`_~RxwzOO$Wd@hcs!6rBE=NrNQhW>Yz
zT=(C2p0E=99q^LtVq>3uJ@|OUFFDT|-!a$$o&Zmn@%b4=xqeQP`3Ikb>*~-sN4jmm
z+7}$Fo{3ApdGOnfx%?-*4h=5#v)*)%iAnckjr*zpd3g@_+u-Mxv`0NKmi5T-5*a+h
zlI{7AzNPK?(0xX~7IEJES@}I@8D}8+UHdG*OC|r1oX)LW(~a*^O@iOu@H@jseRmpu
z^1DNWZKq@MI2)M4Ui=H5eRAs=hs*kwA1waprpB%yHw)L7b&8mEWh6^(+Q|
z6x?qv8Vr
zfO^(?>Iroy=DiO6>GyhD`)`Br8)W2N&fj0UpOx5+`d)pbt^KC~1lMyR_>?oDWZr5Q
zVLv5T{<9R$_=7J1e+a(C^47v)UMGNyw>SZ6jlaj|dZpiu9>1I1W2yQ<
z+}r=5{CB`*eRC0K7WhiM4xL{b$6BJ=E^`z^oSpF7f!A)1-YJe%7I9W@#@v%*+S7<5
z=T4P7raR%c>`!g&JLQ-zF#P10Zgs~ri~6SgrLFyEC1cuL9Me4bNAG&RqiU%K_OiWV
zG4=}I^Z!0?7v
zu6mu&sS>72?b@;*4JyydxBRzY3nRe=YF4s(^JMRHlE|
zgq(PCEEb}^SNGsEQ)Yd^mf~2h2A}@9|FeTl;LE`;Fmuhn6)WTK25$wwyo9Tb9m#8#
z;Q0K)e=G-r*Mq0c@}99wBlj!e^O4N$U?V4TEc5PIZh+s+f8rWj`t|YnUEz*F8g;JO
zSNs)_(Pmb3k9opMR%6W5`r@rId`Be|UpH{a!
z>u{)(;fHwEW;d_m5%jZDyYIeq7`y-;m313qqxWE<;9YCmefJpR;C0}KnB|QU4IsQHuy0nH};_N;Pb$5HMwyOA|A!Hb%pq0@crO^?T>
zM`Lex1AH3cgOPT9jD5|W;J1TcWODxImuzSCV_56KCzo*bFiG-y@K3;_Cg(VW@!nG8
zxm%ZZ=b2vU<-^=I7|-=)A;v`boMy)0-iXZ4HpEDPJD(wZ(uje2%+CW!NVI_siuF@G%wmB=FG{>YoEX1l(`UU3`G}
zEsWpSY`^i{fmW9H?LYWXpY}QXKgdr#_;rXMI;)pEmgV+;9>?(qU!1{QKjXPw9Q+z^
zzg#B46BT$G{3>w2zGhkeShN0V?)sJozqvwuu^hkWT!DwdZ>Yed;Maru_MaSCbn|nb
z+rA`t#r}iK{`WD<8^?7Pd{zaX2cHRkkXc@RT*^5X#1Dk{7P#MB34@6LQtm_G_w?7Yv
zbin>aK-_Ps_q+6l4zzz25L*K3otg=U-xClkY4vz3um~sTXG8WQws<{cH`?M^TRDzA
z&)#1pF0ubwC2kM=2b|sy_IR{|ctqCN9O|*AgV-it{w>sFa|iK^ZQorjHrn={4q|21
z9q>k@YR4ioEgi*0FIm}+qBUr@R*O%A_OGhNiqMJx
z-g>yoZmSm0RoNd_i@Q76c<1#F_R}53t`7E+j^ZC3RXYzm89HvG^^h&T2-;tU#DgJw
zXGpflX+)O@^sEz>1;o$UkilC5Z{b4Yg`oYYE&dt=-WRmj*kZNp&aXoDW?SUt%TGi0
z9$P$Tf5#`zsn^@T2#F^H_AXnj4fJ~37K<%=g)M$&*$Zs(mSuku5}#W3){uBJXoKzy
z+ArGT525E#IkI!m=>D$<#MM1u?qJIXeG}ET2JEM+#NPt;k}A<=y$|PqgzVo|iKlEi
z9xvH)Kz7^Ds385vqr|#^{YXgsAz(L##Acb==Ysa8kk}ZsUkG7nhdb5vo@IX=6n6yd
ztwE6t+ABih;h=qQNHmexT;A^|0r9FHtWyzYe!y-Hh+p%qvwj<}|Ao{9WRCX*WR6po
z{rix3+mi3^w(K9-;`X4u$d>)ZJ0Aq?4{VVP*>BlmNyuJn%K=rnRI_qJK>UTl>)#4A
zqDKz|?MJHcCl&2R^fz=GCZ=s~suHi;_6t?w*(%kOnbYh&9mQ4lpF4^toQc^O>anOs
ztdV2(TBt{+M*K^@TwwQjqeiTg)8Kb@kKHx+Yhrkrs_LXokr^dd$i&#}-|Gl%A
z-${meqm%v9F5>T<>_@wZykYHYG)Q~mlOOSL3>w7ERt#YVaRT>
z#rvUAY9#*C(ec%+{-4h3>I>{C;yN{Eolm!~7T>fl6iuAqU5DhcD6S0JF9pRP<&a=t
z=Z&{NkSpw4RbnX);SS9l9t-AxQLGgf`AZXaP2SQKp@!JrNGJInq(BrQmk&zvF
zCC~%=z@NyMcUnE3v}OBn&{;ixZHv$4%e#X;{%ngivV*S&dwgljr4@e*DAePzD*WZn
zKdMFR8WsL`whsR{yBPlNs$%#bRTabkrm7hJy{cmP+d34(|Dc0dD;xi2sK-kkM4Np1
zfZgLAB-4ISos4>&iTAEN@r9uHIAHxCD1L1P?+S|Fb0~TZ0i8Pb7nax%u%EExBD~NN
z+hv!K5A(m;dR+BPvcE0nC{}an@rwd-oPgF>^rQ$ZdvmZt0rxUXWdRa
zdHFB5tK*sWRpKrg$SHS7pmwl*W}w0Tp19TRg_FB+r(+{3V80d!JYd;NEYa*%i9Y?i
z;^=(+*Wx*+99$XPU>jEkM~pH+pSV(bx4IP>*Uiv#v{
zOJ3@{YKb>w!5x7<56fl4Znwk_tq0X{eb_$(XW|PJmW_o2XL9Ef3s(v2LUWvmon_s{
zp+WQNPPdm@;(|V32E_MmThlDa7R$cdmRDkOdFrzj7idBI
zWm|kETX;{X&x2LsxsbeGX|yw?!9H|?z2yd5;RM6QoeuVn6YLc%elpm?P@lzEvqJWM
zTimIG4Z9Hy`C*_>DkOe~V?8Jyl?};QeUPLrmi@DkcwCl!F4*UGTfF0(r&ot=aPlyW
zo%*@cj>mBVmqnYcJ|Bfd&ayX$#LKeimS7)TdEq+ieq433Xm?zuVGlLX2a{#FWw%&j
zr!0%)cK@p+Uk3X8UXGmoOG|vL$?qlkFwo~$mcZfgBTKwP(&^Hf`6}@j3m1(tMBOFu
zySC3~&LsL%Ksr0`51a&@*#~`G6tMF_b-|74f{WAL0r~q;cjF2eXOiI4D$ljY!(Xl;
zGgSE#RC%Nw<&k#hf*s|N@IA6=DeKt)a{bSs{j^N5x-LKXbdU@Bye#L?s(@G=_@>jA
zBUG%Xowhs}6zgRGBxRFa%kb$Bbi=3Q2^YZg%0Bnna)tgZB%YTg-wfE#*lL-63a$97
zE$$E5Z`$I=Y{dyv;556>gSL1SSIHsqk}QOyw8fSe$+#9np}*VWp^*ItTl|!Tj!=bO
z!JNP~e^6|fg>YrPBPjmNHg<7buD;V5Mb$A?2v-v*w80WD%YEFXR-fB~V!x$2)>ocr
zzH_fUqyH;#%&MUHjb-EYJJu1u3W~qWDTChkSKUlG-P{{O2>UO#cqMq+Z*dt5${}OKZ`>a2U|eA9yrQ*zwf02EQY?|{%$IEGn)c9v;CZN=jc}g^YF*3EqkLp*hdKQMaW)Mg^PF_7ZH!x^5}oh
zjyXYPo4jXX=e?s)&$sQ%#Vx8nXRZ70(GOb~!tWJJO3#x2oO8tCfx1yBb>5h_1A%`8
zDNp8wOgnEDHQly5F1w+yD#pa-m?uiC!XV%
z44(eyP++(8d(Q6LihHi|e)k4XuTZT_hkGuUZTPR8kDY4;T+7IV`057(Kd}O@Sv7B2
z;ypJp?T;NAIOsd}jKG~Zhy!AonH0&sc0cZN0|6Z8F9yUWmpbK+w{HkM5U6=9Ab#Q!
zXBcbcK##P~6jPxkZO6U{F1YUxh#$!!$P?=Ki&Lp>m|$`$Pq5Dya@f6fG+OpkmiQH?
zZl`+#HlDuY!qM^U^rN7ShxYICIO}+UeS=7m4V!AegUj}Sy}F~g!?G856i-_A{%Y}9
z@C)lp7*(mj`yIt=9qiwA6n9o1gSWn@mOr?P1`L~SKMpfse}s(@EdCwE3zogEqj)O#
zOz>AV;(ZkTQH{8}+P=R=yjFb--ugvH7QJBDHA1dPUsU6q+5^k5Wk1wW{Mh;$)-}t1
zuA|szor(wQLHjN2tpvLZxlDcB5$ElvQ1ut~OMw+N;Tlt7sv}R74+UhF
zuuZVNMh@<8YmfxQF9huU@Url7jb%UD3FkRfwa>EGbP_)d4ij<>+T2Mz5wh>D6)#|y
zr4w$TQ7sPkAJvK$JB(fZDtl|KSXyQOrdDjJvKu>#kE-mCYsEtyuEp*1Bh~gJoyD(^
z8hI~WBk!vpt+Ai!EWW70^@z;Y2zfMKWUs0cGwp|})OxfrVE?H~UR7+U61Q0!(YFtS
zcB%u;oIUY#rMLvZ(I_uSWch>6wpRv3TuvotDaTt~Bj*T|embxuD1OSp?Gx!M#ASBI
z5;xhn?s_tSg$v8a8y2>L@X!IJI$n$$LEPOrMloM`Ctt6-`D%0Xwam@ei*CNQIQhEA
z$=By@zJBcHYnzj=*PMLKck=ZQCtq8gd_5-f_2U4H`8D=$I*VmBcBZrVrzc<7W}0cY
zxcS0{6Y_-(r`xPgkT2XH{>hLoKDzSd!dt97P5DBk~^7y=p?qw>2#-UH`U@~i|O>G
zZU3@XJXmEvRV#j9Wxro5KCH5HwIbEwj=(QEi_&cm7L*5?^WG7s
zmE3_?T7_LVZ0gEx`tB&4IS3Vw>Vb7}HeTF`9fhE1kx6_FI|?COsN&__*ii_{6$5(*
z*ipbHqkMTUb`(NbO>rKOHPp!)p{dqgxF-(u{x~4lPv`xEIx@e26oSzx}pl_9GsHA`u9}^zRJK?8Tcv#UuEE{41AS=uQKpe
z2ENL`R~h&!17Bs}f1H6hp2f+3!)kF8jDKO;(N6dh1O91sjIaLpRR+Gwz`r#E*qUzU}?Yz=Wmo6qsFNTYLc3wrl}cfmYSpHsRgPCs2SLm
z8m305QEH4DrzWULYKoesW~f0KepeCs)YMPp%W~n)9o?4)aYSvE;QzO(U
zHAan76VxO%MNLyP)GRee%~K0h(UJ92!_){hN{vzD)C4t2O;OX-3^hy5QS;OSRn)M4
zYM2_KMyWAsoSL8}sVQojnxST?IclC-po&hcpBkn{s8MQ+8mA_xNotCkre>&FYL1$x
z7O0|@^;5&t2sKKLQRCDEHAziT)6@(#OU+U9)B;s>X8qJKHA0P2W7Ie`K}}Lq)HF3i
z%~EsJJhea-U06RgOpQ>Z)EG5RO;D566g5rFP_xt=HBT*2#X+o}8m305QEH4DrzWUL
zYKoesW~f!*gP5o(kg
zqsFNTYLc3wrl}cfmYSpHsRgR&#`>vYYJ?i4#;9>>f|{hJsA+13nx*Ebd1`?w4rcw-
zFf~GrQe)IOH9<{MQ`9syL(Nii)I7C76?Lqi8m305QEH4DrzWULYKoesW~fZ)EG5RO;D56
z6g5rFP_xt=HBT*2#i6X98m305QEH4DrzWULYKoesW~fQu*sWEDtnxH1BDQcRUp=PN$YMxr4
ziaxBL8m305QEH4DrzWULYKoesW~fm)HpRkO;S_TG&MubQghTiwLlepSwA&QjZmZ17&T5!P?OXY
zHBHS>v(y|lPc2Zzk*uE@rbehyYK$7ECa6hjikhZos99=`nx_`1;waWn4O1i3C^bfn
zQxnuAHAPKRGt?|KN6k|URMC(1Q^V8Qu*sWEDtnxH1BDQcRUp=PN$YMxr4ih9;h4O1i3C^bfnQxnuAHAPKRGt?|K
zN6k|URB;UJr-rE!YLptI#;FNvlA5BXsTpdPnxp2a1*#ap`l(@Rgc_yBsBvn7nxv+v
zX=;X=rRJ!4YJn<_W&PAJHA0P2W7Ie`K}}Lq)HF3i%~EsJJhec@k435dKWdm7p+>1O
zYMh#&CaEcEnwp_zsX1z%TA+&KSU)vPjZmZ17&T5!P?OXYHBHS>v(y|lPc2ZzAl6R}
zQzO(UHAan76VxO%MNLyP)GRee%~K0haXjm%hN%&1lp3SPsR?S5nxdwu8ETfAqvojv
zs)(?DYM2_KMyWAsoSL8}sVQojnxST?IclC-po$Y%KQ&B^P@~isHBL=XlhhP7P0diV
z)EqTWEl|Z^)=v#nBh)B0MvYSw)Fd@UO;a<}EHy{XQwvmaBI~DysS#?F8l%Rk32Ks>
zqNb@CYL=R#=BWj$7{dCgVQPdLrN*dnYJ!@irl@IZhMJ}3sCjCEDo$ek)G#$djZ$OO
zI5j~{Qd874HABr(bJRSwKovt-KQ&B^P@~isHBL=XlhhP7P0diV)EqTWEl|ZU)=v#n
zBh)B0MvYSw)Fd@UO;a<}EHy{XQwvlvob^+~)Ce_7jZx#&1T{%bQPb26HA~G=^V9-W
zoXq;EVQPdLrN*dnYJ!@irl@IZhMJ}3sCjCEDo$bj)G#$djZ$OOI5j~{Qd874HABr(
zbJRSwKozI5erlK+p+>1OYMh#&CaEcEnwp_zsX1z%TA+#%te+aDMyOG0j2fpVs7Y#y
znx&FYL1$x7N}wr>!*gP5o(kgqsFNTYLc3wrl}cfmYSpHsRgPS
z&HAZfYJ?i4#;9>>f|{hJsA+13nx*Ebd1`?w&S3r2Ff~GrQe)IOH9<{MQ`9syL(Nii
z)I7C76=PUGHB60AqtqBRPEAmg)D$&M%}}${95qiZP{o<7pBkn{s8MQ+8mA_xNotCk
zre>&FYL1$x7N}w@>!*gP5o(kgqsFNTYLc3wrl}cfmYSpHsRgPyi}h2()Ce_7jZx#&
z1T{%bQPb26HA~G=^V9-WjAQ-OFf~GrQe)IOH9<{MQ`9syL(Nii)I7C76=$=4YM2_K
zMyWAsoSL8}sVQojnxST?IclC-po;OVpBkn{s8MQ+8mA_xNotCkre>&FYL1$x7O3JJ
z)=v#nBh)Ch`OMPKX`OY(8K;EnFPL`SRdcQjpFHTqL6PH57YywcdAc(?dh#Pdxx)GJO649SN6fQ52qcWeJ*Y17mo4XT-x|OCgeqa@$DTr4x91kx=QG~hv~Qz5DXii>N4vVOvUT|Zv~~N&d+eDWdx6JZ<*_$<>;6~+6xaQU(ANFgLR+`L=2+#g?Ne#%_BYVh
z?SF%|ZvPJ2db~peRXiTvVgYUZPKfjGRodGB1KRk>PUm00<5c-^v}e)Q{tIcJN4}l*
z(X^`usq+1351@So?M1ZpcxGt#C*Mq4{sOu4?|2o@`L%JpF_X3~-$eTYy8nr`UM~u?
zb^E(UR6K1*XwPE#WwiBpyy3CM397t~-;K7;$8_4G8Sg3Dy1rLw>-P2@tm5hVn`rC$
zU-a0!Y3usiXzTi8C#rb2vi=v^8&`t@9f`
zRr%}uPW0G~v~_-$(AMqQNn7W)VT6jO^E>)9W$XMTY3uwf8L7C=Pq)*Rt@ATEs%)K~
zw`uG8j~b=8&c}G#y1!}KqnOWkX?J4&KN_vdPb80?p=_PMIPHV
zXzTjc(7sIje^dGE@gGlH=QB+kzXs&|`y=f-+Pi75pnYFV#k+xa)p^S9#{T!5sO%Z!
zx6nR>_Jg!_{ASvEJlbgM@#u5Dil@ip^GV9q;}N|;*?K%$XzTHK?Lx(MKDW}2vpuI=
zq`1y!hPKY9Dmil0S(A8lQJHEo^0bsjrMTdya7rmfra
zna8gEj;c?u&u7!t$H%p_2eUm-(bn;81PRQc=k?+DtO
zUrbxizZ*S#smFevc3-w<3+*$Q-`U`1G_1#TdufJ<(FQtF%3Kef5?QOJmd+HiW>pPLQZqMbk_58h&
zwmyEEY3uvlwY2r|^tJD*_&jN?Vs-MZ2G+3cN8(`Rn%V
zr>)yR=zEHv#PPiBDrM{Abt`S1?|rm&zK36}{B^#^(boCR)7JT&l~DdVzbk3$_^;5`
z?fZVYGEV(zJCxo~5nxvH9B4@}W7(*7Xggt@Cl^b&BhJyh~f(uMfRm
zaeaKwr>*aA-k?2@Ls(u|${)nUer`MzNY3uvbH)-qjd-#0iuh;7-P0B8|hjvf)X9aDY&lcKOkso=t
zDzEJnZN2`jr9DIYFHrvadVUyf9sg|FSJJ1rJ|FN|7
z@jsKco-d1N>wG*xTes&q+B)7_9=kwW=XdD+s(zinb7|}2=X
z>G-p0>-II$K8fS~3)*`9c++7{h)vx0Xq&;8P;vD-ZUT_05K(evjPkG-3=KHq(F
zvGTv3?fngH&Fdd3<;!X7@!LULuh)?!rTG|5Tj%!%+B(1YdicwqG1e@^>&+Fsd@h1e2%zh;SQ2lZd7;tiOiJY)Rj9)16Hpyz4V(7%Qi-Ar3wZ!~-C
z13hosOn-em?V+vLmzvJ%H$wD$9zgq2*1wRp?*A`o>-B4=r+jsn(s=bAdmL?jex2>%
zi)hbg{h@uKwJ7d&?Fuc`Lw^<%WhZlJB>d7r=CO|I9Q$7t*Q<+^SvzUKXDU(4}%
zl(v3;w3)UZkI!lA^=in$D&9RT|0~)${#&$l{p0IO>z_hf^Ubu2^PBcDjDPqcs=T(x
z($?$g9NN14B9EP+t@HObZ9N`s9v<$l>eKy?($@9Q^w
z-ot6@_|s?~A5Z}n$-f_ofBJghK+o&e(f>kKT+|(^$`7SIp0>UoxR|#5D=_lku3pMt
z=d=2-()JFbt@C#=ZM~kSXzTW_rLFV1jrKHEofz3$#n<=i^J(ky&(hZA-=?jfm-IWl
zwEQgEx;-msU&Q+Md3dCcDnFULiFTCs2HJYP-A?;f@~KCt@;d(Wv~|2LVa0X4b7}Wu
z`PsB}`~yAjJkax(CdSkEL#t@({B5MI$A7EG-bMSnY~Q55s{Q)>Jd<{Ue5;2SJa*NQ
zs=Pj5&!ny6C28yHlaFXOG5+;Osq(#PFQTolC*P&5`y1+~{72D$EbU*?w!W^oEaX8KHrDymA^iJji;@j2d0iuT#rwN_F&d`
zpyz4t(qFfK4{cpvp8+cVEXG?vTemkuTi-8upZ9MeAI9Ujz5RCj^9XI
z$6rTV$IsE$@!LGS>+z~S-M?pO_hozEq^;w<>+w%URC&!8(bnhR9BrM?@CnLaukRPq
z*8Q15`{o`uMg_QuS%OH*MXYZ_(EM
zSw&mV-&Wds|9&TJU4PY36~CGJeTKG<*XFU$m46rq|E{P1dfHQHhleY!{T)I3CC1-JTOTiDM=1Xvb9_FQe>DyN^#1nfsIqsl{J>Gl*6kZl
zTOW@rX?LOjv$Sf<#eA4HP()bbD
z`god3dnnt#n6~ckv$Xa3-TVCUujG1u^&6w=)AL~t?LC&Npy4dVb$@Q4J(%_Xn6}Pe
ztH=L6kN+X#R6Ol}I&GcL^Jwe#-A7xuZ#!+>|GKkF+t-iw7i|Aw6BO6+kE5;Q&!nx7
z{|CNV>c5iqSoU`p?dxdAW6EEz7q`v-d7pTYLrNBb1o8))nE_2;zp{H>X!>et6}nD*5?-cuKp
z@~3F)`MTc2w|e+qkKO%36;HRnp0;l9G}?OpFZKAZqWuE5M
z_4W|jtH`(0{wD1~-%|cj+E>xmpBJe8c4>Xy=WUb7bv|d(*7<6py`AyB&(CH|QSr6E
z_xVdBxt`A(X-^22t>^EvwDo*%rLE`t`l+hC_V4-~WshO}NwoF&&7iI4
z^E%pkKJTQhufGn8t9W|9dID|DucfW$=X~0_{*APC`*+jU?ca83Y5VJ^m9~EtZGF5x
zNn0PU`)TX`b-7HH*ZrG8TlX(TTaU+P+B$znPFLmi_2@X-!3knWTbDnHw!Z(FL|e~?n`rC#{{(H_zc*>?@wcy3_380HkG3BF`Ly-%
z^9XHyePYd0<#qd(VofnZ=!u2?NN!+{!XH;=kG1FU#I`s*C_vQ(_Tq?AnhD&
zy}z-C_95gQXRGphzMV%~=l@08I{%w!>-D4CwW_?%|4p=Y{+H6$`Tw1V@20Kib7)R!
z|GU%H^LZg{J)h6KuGD`rZ9U&s($?*Hnf5X4|8Cm4KZCDV@pOB}(~i=A0d2kC^$u-)
zJomgomDlwRrLE(gOIznNPFv^iHQFbzzP+^d_?|yk#nz_4G#n%aTFE8!_Wpl`^jNuM9bd+eDWdx6LHet*pS{L1_Ntp`}YK0hAld4uokXn(wo?YoHizHqn7_hj17(AMMi5$);Z2igz+-|l};{JUz8J|CrM>;0$3g5r9;
zc#5`O5C6aZzR!R6`#NjbetkXu5p6wxYX717tL*`_b$>_D*6Z;skH2?6+PnYg-Je{*
z@;bk(J@x&c-k)6OsV_%cUoUv~7rgrk2iiaQ|J(O9{@?yS#@J8PeAMUH%W3QR+32xX
z(AM+GyZ`uqdcVrMAL6~g{=fb6@!rqBuV+5>{^Q4vp#PAolm~wDtL;-P6Cr_ms{b@ADz=
z{q+C#^P8u#KHZ*gcx>-}v-f`XK%b}dejYN;_zy83pVQXoPrhB0J@}-fx}&IG6BzqO
zK!pC%L5Qn9!`~FEDmpnYei68K&UA6Q_+qaRivx8>TjHp?z^HTZL5xAe=363M`;AUt
z9wx*Q1O6mLb?uTaZ==-757guTedSxV%d8jhB_4U--h}@wabiFOq)%X+{A`o*`GIv;
z(h|$??&?yXPVg27f4V#%YM-o;r9|Qw1Z{ZI68{fh*8yHd(Y0rG_ufge2@nzz2njKv
zg9M}_z4s=9AiY;9QUnwbP^xrMiXcszAfia`O+-Zm6%j!YL=Zp3hE)CEb7psLF5;i(
z**m-QzUR!$nX#-?f75F#R*mCkQBKPOPl?5COH>r-D|)yU#YR5<3G;<
zsu>O^&rAn=Rvky3tt=`Fs0lhNWhY6SS=||0sAowm&d79q_mp|Qf{g4
z^^oEo2+_8m1xj6$ax`rU(o=c!0Fw?eVvcu0OtYN5V8f(8UqS}+Nc9=kn#&{K^i3`L
zu8=mjhSQ}gy;X=RfV%+dMKGHoY1cv|T2`vaMp96cV*$h_Klk+=tBDj!=jz6o*_Jxi)OC#9f~q%e^<_w*xDmOhKjEtbj}
zFGUq#^>OG%Tnn`=QYxYIL@$+UY*{Hf0HcM^P$vr2ur_B(yBe_8TWAj}Einz$MgOLY
z;D|aPZIJ5lx5&%;U~KbQq6K4HrP__5U4Dl6Z+uLTs9JchR9Q-cK#yH_4S{p437^7d
zDImmRxG#VsR3x2c9-TGyTd7W?7t2bZHGc?|?WCzcOI5QIwDtsT?0--*XY+5Vmd8N#
z>)@_4eAD_eQ)4U@oNEcWAG8zU)J%Czwp7^&D7*s3eZw-1F|)!#mfGJ93gd9&%Y#E(
zpaE5?E=)~J#a@E0(g152LL8>3nbp*_RQqgD^E4QJ42vwCnbpuzjT69n5saCJMTvQ=
z;dM~uvn&<=9imo(vC(Jg`r%qS(yz2He1y!jwN+;<)DlO=M&jR{;^4B29KRB|
zbD3-*ayMHY`T+wiII;?UY7v=pW=~vZJMO4wpEvVkVm(WRe;sXg!hL2^|o@m
zdUyw5-3%W5@-^T)Z1vq)G}n=cpF$W<08Eb*nsvlhZ7}tcOTc(Lj3t6sv8g2b7>cnP
zgna-%^a;W~`4_MYw)(t-mxT+!ek7c$DENCX;I~mlZzB8m5g*}Z&VmR&g6UB7Keqay
z0F>ten9nB&yLdMUD@QfjXz~41RsmLva8{nre_bvOw`M5}M)c=&l9N8Dd
zVLn-p{yBaliKk1}3`rDpRA7O{M7ap;)g)m|BuaE1BBCofD)n`#weAD{Nw`+#G#H%WM?dGN
zMdLjA2EdwyC
z0K#@d(!&>%mN}|kU61qy2;Ui!9=@2g!BOr<9_cm+4mr8lwt8ebw;yFXG^<4>)?@|2Vtfm
z@ePu*ukFV4sR8vv5ziWHLEUcXne4{Qg#lH)tEc!2u)Ygp3Y$sm0;+vck8~S^NURow
z`j(#jYvz%FI`Vcnt*CdEC2YV&ljewTu^(J)!3HahDZ9aKx#dineqtRMc(%-k4RW^Paws^=N?AMoSh
zv&>|LOqON(>Yz$_)5}Z-s8#+=7dA8Z2GvD8J97(Y4c0T^%m?jpBB=iAGGdnEo8ffXOJ+$AP-^Kj?^NM#dO1bMb#vsykjRWBOQ7
z7e0jkU@7h^)$6Dy^8xrr|3k(zRQ3pUaGgiL1nS=pp+8uPh7qc9v?r4jqh?7Q4>Se+
zw8&4A+FGq5)YufS_zNB)6M7of>GX?G1+iShCffx5
zv4_Zno{6>0%Mm#i1wEN7;NLeghADZ}N$N)vv(F;b#8sM}5RZF3j!eTssI73lCk>@$
ze=MXR*q7;2YL-=B3N%2rb*qiEYllCsoq$;Qade=8I==jn>hZ}4464HN{xEjW0nT1zF|I?S*9T58Pis>R0zFEz^PV9hs7DwanY=c;*9uSd%FK{#SaMxA$qWu0%h>cBQn=l7sW
zxB+#E!s*<;yhg@?@3`uV2A0lDZU_}Hf@C=_GlyOE*Bp;j4TP446w;oFe!*3J`gwUD
z0P5ubpzD03rEJD}`!V$zmUCBvxdTU_-2bGYo36eenbllbFF(wfb`rxnBqkma;%l(~
z=Sxr?v;|7eNA-B3lpM{fL6iYPos%76eCk#bcb;`!5x@P*OT2D9KPbN<#3w2m&57qR~*i8f97zOo0vlU
zSKZPazUDUMaK77}Cn0p=A$9Hbkogr6UlBql9#Yw^*%_;7D9H^%=)^
zQa9S0@TfqwR@g^09GOS!rKX3u-+S)w%aYu;U2dshx^9@5UpV~G&03h`kGKUm{K&1#;Ze62habC>IsC+3%i*W)eh!bh
z=e+Pfho8C0SWAga`^>G#;c@qAFC4+)=k7c&+`{1r_bV^FgRp3tD--fy4pcNPS|&Ws
zCowXiEuZ9;S*R>U)AGnHWbC48X)+60xhSeK3z@fQS|OQ5ix-wzw0IGjg~U^XLoqp(
zZKIYxBE)#fR~@nxhL2k=K#VmG9E?%V<9w%Fo)ghsk`^OaiinqFHLMb+myTJSjzyXp
zIFCqg>XIWmuH-Q((woOz!)-&nE(uC+k?m_V=-(mtHx6qO6idd_n!~4`-ZHxFA}O+`
z36T>A!y@f|f9w}%68d*|zMC
z=)MF|iXPNOWy6pnUqtj&ACj+z@b2ovL2DIeD!s9f~i
zmHv|Ij;9`34_FHymz1p7C3E0ToIW$#V_Q=asAyPXc22F~LAt_cQjKk7jUQ4FD04-IE97Jn53NZE8
zNl==vLUe~@eK0a+o~&B}XW64-CP;QT=sA+W
zu2BOij%T1EbvBkDWpdA`mne?NSO=2tToWRH$(Ta#^+%?ybQ%3ZK^U9XuC1a{^}j8}
z7BHptDBuYEh=dY#F~`j((`aVr5V%lwA0({eQtcU~om5vzg2-B8q3kzASf#K(0clbD
zk1P;|$J29wRZ*&JaDveOhYZ5AkUalTRf>4>1X|c~^5?5kP)vQFB;si$!fJv28ug_h
ziT*w$iKsIXzZ9EDtj^dZ1LMVmG>1rZk~xu2(_r-8*sfwBMPOSWMq=X(!fu?Y7L(2z
z5+_F{5%I;yN+YEDx~#<(yhWrWs1ylvaVN3z%QPygL-FymDF)k9zQv*#MdU{vc-fx&
z86fOM8Mi}^XtfCyYC{A$O2{Dog9{Rk8oJd{er^^ZZi%aciVAT(e1@y
zC3gsiRop_wNWQ9@jl=5hBOG7DeU!tRZg~!CxwSZ~;V6T8*+JEVeb
zL`)GO9>*cCKu9*inMk1BawFA{5F&=-
zuv%eJN79)jj^4dixSZCTiv?=L*4zco0>Ddr36Y2PW)!Zg-WntY3CeBw*+XzUC=_{U
zQ%&K9>Ud|JjQkqVIRlTNJu`)ysv9sEr~Mb8`v#8aSeusyghRDob>nDDRDE-gC1S?Z
z5u!-bv|7lhlLJ#
z5*n?-+~K`I4!U=lNf1^q&cXs`LHPGVhv+`;4R5*pbQxLMy4IS~7ZkI0D(=Z=QpzCZ%z@}&V)HSjcoC&}yE
zfgcO>xPhl2AHyi#qZ+0@al14AL|omE#=wmG0}T(LK1U#83=!v$eBC1i9SAhTQm}j#
z(Qo>Y9(}dw!9d|Ez&8QgEUmGdm|CL&G&{yv-%(Xr)Yf+`XxCHX`+
zWUNBh+EMe0j)+bu?l-TPh{U%@ZR!^I$Fs#9kM4m9Yh_{!JI-~G)K@O45^>+pu|?b|
zzKCdi?QcuO6_>F)Yay3ULtA$o)F|$9Y+*ZD>x!Ie^$>hBE>=6)E&+7PnfeU*E9AMPSzrP7)$zT|CTPPG)}!
z16edAl5wzs#?i!%b4+J)7=A>`v_)XIl+i!^g5^UnTlnl30JAwmViYCmk~*hv@F#tP
zlZgx6IPV#JBJ}9~41==)QgM*dEaghXSomx>2cax{Z_iQ3;Qs2Dfh_g$<)ETuhQ=-(n4OmBdrzP11J^`Xt?S
zFbUs>2od+fVkm7`_G`Kj`(*x}5YO2o80C<*{jz3^6gdY5i>KiVbK?ydno4AJb5~Rl
zB4!U}%o(p1&Q%|3Zb41P>#;RK6MdfPJWyn8QKRt4Amy`&8jiy%+y%)#&)8n|SQ%i`
z5WUEU11sr>JUS#{8aU=M=B2?=D3k7Ln4~+rCR$45iSG#)etHY
zp)V)=z3Q72I)i8ixp8ow6Thk5~KwntTiOg6DQaDz-XBEQK|Cd6$L5xf%1t@(}Tqe
zRLdEarD{G|it40Y{s_izK1;HNG^@H)QE@&i2J^n0IJ6nqOuVHvqp4K8c6zLmAXGLa
z%9pUoL7dTAsLOyb0`{
zk>?$;87s?ddV&(89kCgBFn{7LydeRO%v%~$8XR8EXh&?us>i<%k!MJ?V>PB9;K*k9
zX+>nt8Si+_n1|=YB%Pof2y7VPTuhB)v-~dPjOAwndo3hSJ7P25ma57lUdi7DwmF2;
zj@XP%Qk@&^;m3h}6~bvpY{o9B{=wM5`fmWc8Nz8tY{p@!X7tr%l-bH)NW$UepLTp^
zd?wX}jrw6(mH<}P;5_%sSW$dn3$h$d(K5b}>Lh&d#F6ds)76k|nzm+~mZ}9tAI3)k
z8*lI&qo+Z>S7K8d3LJ{(J){{wNp+*0B^pyh-hkNcBthnrEx2(7F|W<&nX?^>5vawm
zmA+pNPwX;ce>GxlNQ^d#W+YlF>jt4!N5N&214ky+%z4C8EwBL5krK=RUV%7NyE=K^
z`jwGptHCpc_<}}`79eymin?|JXh+3;;gRZt@T4J83LdGbqvrnQRd|08Mi>%TpH8l-
zqjuEsGByW<<%Yx=qaVG`B?DV_d%Xv1Yy;zZr>Y5{V;KdECEn=w@H_6wSMmmMHvLb3%(Ms2{l}WYToUr1B*R7y#~V42S~H91dwsn
zQE#Ms$?X8)Fp)AP$0RGD?icjNgYzIpoS7@wZMHt7Cr^7GCuVjuJ%hctvY53kQz>sbdu?(6dt8?LJ2kSIOo1Di@%Eu
zI>glquwYRATdiPQxGbw;1)QDuwabv+F{uh5b;2(G2VJzTya~)pQZ=%Wy1WCPz(m2S
zfXs*%3|^P22BKsFe$sqQ)*?b8Epxc5WYV+iL2wAwGIym)ZHK4^h2WE!0!4VvyknMjY{(jlIfE?}weDkEwqVm>s|%_x_;
zj1??(t}B)C9MG$V(TW&aMI}qcVRb|P12AhP&j^xK=(JNfn{_M|z}~NXAXG3U(!wNN
zftuOCQVY6aWeu#Z4`Fgm>6F`9Do0LaegtTf|4sGs*WXf)EkrtRg0aD{(m(c%8mvTh
zxg2jlNtEIc7{`5#=^MmWnS(rZ)h3R&W3j4gVW=r*#|P^_a7
zN!G_tQ(|*>N~Bq$yIhv}HNm=ptz!n*88t-YV
zd?*MdBDdgY7vWl-ritz#TTOW1%lj!{XG1tm6Wx)v`f8Df{{`%R2&ZYHJKk1(F(+XC
ziI}3L;PCX*G|_#E-#BS?L#=t{M>oA+KR_D#-9T=
z%HaIUle^MZ(cRH7<{*ACVPr{3bfF2`ZB_X%6n+!HgJA@z+ZVkU<$hzUFOEX+8!*oM
zEWs~Exfk))-S2vsl6QcKYNm)Z({+Eg)vndvOg9PGBL>e!FHRM&5lDOvs>>j{8bP5P
zCeoWs?qXT8Wdb!udilxChMP5342UUv;b-szBJ{eH`=%_{IV6&f+0E~gnQ|fMD@lav
z*t5g&vk<|I>Rq%1YbU@D!wEEFb*npSSWZi)dmi{T;)JrwoECVq>4?sfbgE+z#E~f>
zem%18hS`p7B|ZdbS;A350(H>@y=DTu$jPan$p0
zV#yy6f5Vsc+6oiib<}HDARMfL<#!y~O3%=E!S6h{haFXXH>$57z+yf@+e()hk*l;8hHVOzCm928MO?I8OoZ8OD)JO!*$I(2ZB>7v$&#
z5MD7Po>%eYTa!|iN?D0rP9SUyC-H2G9~4ju{d_=^QsJz@t-r~T7jZ@p+8IsZTp$l>
zH+XR>|Ak3!$b;JBbwKw>EimgTtTY-AYE(Q1ghWKA`;cr;xbH!2&;{NHTAGxVK&Tr|
z@;#`ZeU8Lh`h`o@-%j>i=`Id(^vr-ji>R6q4*37gje8@y(z8DI170i
zNsmL|!##~HVOtWv5+*L`@;^L{iES*Afb8hRNLHt4JdLUSEkSvBj7S5>9LCewsI<;#
zBLf+KB9)N+iTwDMaXv4EQ6GOGx^n$M=K2`;7Yg|b;%DQq-lPP4k9Mo(u-7U?zvn~p
zEyDf!=meL?+him82?(dcNq&8ds0<}ne9W&8%3qTn&G6-)+c-;I&;z8zVbS!|8OS$9
zKad8B_$Nz->8C_ds2Le3ag>Z63}yuzKO%|tNhOYz>iBKVYJ=F`IINA7x1VX9oqqHK
zEezy2H#I1c5
z*pGdL7p+BI7F?{R9zvSufn78BfsptTRVH4De*i@xWmYUdA~^6*H;W&<@i+>!-da?B
z344=tTResB8xfd2m#~*wkyg$IC_7nDR3M(HuowQch?LUJ;0s)BIY*zz;sP{xCGDS)
zVhwGuoDV+5_m2=g-iPFugg0i(9Rfq>nM
zV#-?TAGl_IB<1xH+muxOkFuii$1U~5c5JvLyf?4`gx@BdpQi0nmgmwSfEUs2DwbM*
zN-|Tvf!Jjsk!IIH+ARx=g#ycN_%SkoFLIRr37e#ebQC|w>4Y;7+_MKbzQs|7Y;YOz
zzxtRYx(K#Ofx1z6f<*ta6z-_>c_9||2xmLM5j)9JuT2J_5WrI5glco~RAGN&rILw+
zmB_y0oiaZ;1}!^lLx9IERRiteAIfnbNDuTih(vYmn^jh
zR^?3QgexHr4ln(qGa!G(QcnSAYnKOBg>bfZVgst1J+jCgt{Z0mY^j8$_(Tqodf=xY
zo#@h3PlvYOvG!cb5;Z6j6M(%!xNba*|7EG3Q$3Td1h&q|C(?t1UBb#6z^zCo(lUwt
zsFhPME^h~|^qUKiox7Im8igGsBzF}*lCmO7FQ1NT{l`+cd{WCa=I)Tnb@aK07A{cRPPXVD4ND2E`Fw4pcrhFioZa0P34~G^b
zbFxMBD3DYhA8fO0L9?WdB^9{+f=*{Y@Ka$NoqfLBCNcX}
z6&Si#+w=yQfo3Qy^+fIwT*dm{oOBr0vsb79O$f=7dB7}1Z0eV6kj%Q7y-5Ww4b{3E
zf!X=Lbhpmd4Z7ckFQ+L~$>HFQ_BD$jgYVcXu{OY05x>I6^j#^DOru%vVVMORVB~f%
z4jC5PP7|<9a^@HaX8>L{giIQC+iFsA5bgntZtjRA!#G
z)m-!ixf`@&|E7vyRx9T6RP?7uf{ZlfDwcerx+TTkTjXxkJnTz=jxk
zUUIZ=+G;Z%JJ~lr9oVZzUgLLcb@w^lz~no?HW_(dlC-PYWpHmZM6wluVLQm}h3g;gyZP^ioyJ8I2qnk46ex!ADT
zb!_8fLT?Q7@U6gh8=PN(x9y0)-K?m}FA)D7Vcct}c16m$FOi)ik%8pwmiPnMKL)4q
z)x*Dv4D`fi(s(>2=fk1pdHiJ(FQwS;J1Tdo9(rUIulI-
z>e(Y*j0`+l1M>}JMNR@?jv?{brIR~{g*puM+&tEUu*;A_84GsABf9-dWZ=&cP<0ZF
zi-vUzw|GfEdS%AG;iw*;fOQ*;e|#1OJ?vVy??eXN!(P#HwS*CHXd~zhF-b)QPCxCn
z=PDr7ClZgQnncb_J1#0P>uay7x`NRE0TTHsZ5dEg&^owilR%h5B(5{Q-PueE1k|A@
zulcVBVXM)kN#v)rBjKmSwnf%-0)(>fTV6zD4lz50u;SGnc2b8FS2TEX@4bCEZrG!Z%f`P`p@fZlgnQ#&hnY^50PY(tr
z9LF0hAP7tYbV`{t(ZY~Nei6w`pri&-H|@kwEOzSDl42pE
zSNf2oGm*g07*VnqZ3s=EC3oAF@wIUuNy>*6GCPM<1+fJ6KDeiGd`HsHkz!tFu^ky-
zfw+wlA(%_5o*!#Y0J(B;c-;NnsY%I#G+j#Cf$686B2_LdGLM3)$G|H`T+XnD^GS88
zB$nV1-3&)tAC~+j-lVHJpaL7V(y)L)Duw_b>2rjJ@j^cdElgHJ
z#5Hr{9Li$VBNy<~wg-%T2(%`&T3U50HvBXxu^xBs-;bcTW7VZk8?3r)#$&56
z?-AUB3q)FokHBFibOq+Gx|A7?VIu|6g?vb+5$>0O
zUsxOH^)PWsm;bQ}cB>NJ1w(dpVkE0mG^=1W+TpchM3*B{DKdvy1Lpt6_$bO(G7-%IP8@puam5!g>UP>@XVk7wX13^9f2%FEStSV(rBgX{8Z
zFl5L6BCWgdOr6RssPj)uz4}IJij2-!5TJIjur1obVLYgX+QFnwxQIf0HXPPyDwy96
zuEk>ll^@Y1d`M0v+;0b!T48$#BBX2pLd$ScF7JJkgS02M53r#=uG>OOYMWVJw|3yB
zBWC~$%zaIA**O!s#R-SZRA_5`=*Slv5xo;Uy=gXkL{7F$>iZ2LU*g5+SU7`XXhpTe
z_;@OQ-f3uMC1$I08!Yh=#D2jc=Ti1#?qlpJF(oUp{PR`-0!e-Fr3JEF%#+ukr=j}}
zWKxgJw!|Y&|L9U3@jP%g676nWjzzce8H9WwPJa{&h@-SQLmLjA0&`;MA<}svxfr5ztj46z85xlRHFom8&bZj1N?+A7Pk_*xWZxszF*Ha!
zlM)?VB-0q}yswrm(u^0t8W&`*VD|LsB=$HDrFm}DCd{ZRdYM{JV6j^nnE>Y+86MrY?UH50pPNkMD}Jj&zn6fk;5
zWd}+MiUWDvM?D4fX+`Iv+7GLff+qmCHxxP(F+ZO`hNmRcJ6_2dWQ3b)d<(5{EC{a<
zoy;Yfo?M+ue_x%(iV1040eAyZxW1W^RGzd*sh+{~oHBL<_{nfJN#ulfBBUy{T-*C+
z;D3d4QjX7u9^7y%U{_T%T6ZE2oenoCzSU4C3(SBsg(@-BLmaYylQ;3SQLi4R-OZfu
zqMO$5=FTE*xOoVv0-TSydI_0b^R(A|I6?j-G^U}-6wVFs%52OG4l`-`Is_(02#yz0ztJb
ztHdKxoJaIEACkuiZ_IcD%Q`a=Jx4-!G!B-PUxXAivaAkc(4>JqYVdCu|M4gic*0VV
z!V=YiH8S{l!UwiR2A<9oWeyY(evGcpkMV6AztBB%7V&|q*pEQ<&BIG{&e2BxkOi2gdZ3rXXlPVe}muC@wk+5Gw
z7}k2vMF6{vc&D?6@vEtxuw$vpo6!`L02VQXd(e=X6=A6@Xu+}?7!AW%o*I0f`jd~4
zPG^9F48g)vq25NPa~f-@=P!UY5scTvSvOroI#cjT2+g?80AwBGKPYEa!H^#k+SOl;h0oS$TgCzu_J`J2-lwqN3r
z7J#{g*t+ssV(f4RTB_;}=-!O@eLf~hr?5vfg}Ub~b#;{`s54n-5PjK@s7Hxlr8Xdq
zw$z!eSku1;Fd7|}Q;;O%)o{NIn2HoVX>ueueeFaV@1;XLEsal2&-@>v9z{$!Bb}eJstIRp
z_4E>yvoXNdhEOy_zz3=6ZD83S;Alf24LWJ9=8CNvke~KdFjg2AsmaX3x2dxR!P*YS
zQN#KL745Mqlj(~)>MPtYwR!
z3&s+|Vl{f;$A+dXSf!vAA-99Dmq_Kv&iZCD&@MvvO1&AR->D@Mmks|
zYyUp>up(NXz|Yr&bKW%mBkUG!Y5CuP-6EXrX4BS52a96Irh0kL-V4)h93D~s>_6QGu57<_N^Ug>oe?VP*9}VXi;!hJsW#|5_w@x}01L{r8^yDu9
z{|O^V8UO@;Q{L$qP-+zfbM(gRa5y{@(o(L|E1*&^=b+6`vJ9|_gzKiqQ~dsR$qu-Y
z>8+2>@PKj$N+!v!VD|U5=}fT)(-~lw>k|^05>O{*;&T~b%GdC-ltd^2uN<`X(ZN18
zCmr{kEdck26KGqbvnHUHjPcSv1N<^^LdIauj)2;Wg$YjRAK+1a!V==Gjn3hKT7YL!
zDy7T^LJ=bA7DZo%cRmlOSI~D@NiARvd?kA8qw{S*ZQN#Q`EJ1agydJFhdNgSYBE|L
z%fAF{ijfbNApQ5Ce-_HV1o3bCvR+*=!NrcP<{<0?_=zFZ;L2Q1DWnBe(J{#V_W=KA
z2)eeJP$H;kkyqM%@eqzf+evGf^ahMwJE&ssQ~3cF@d<)AMmp_+YL7yTtA_YG2IGy9
z*^dX#R`-UTj(`UEu;l*3Ip9r<&Kp5h_(|+xp>8!9toh+g&WdKP394O>c{<+*>p(bD
z50SJh)7c$VcfR(9DcT70TR1Z`mgRg0~c*4s{
z$3UnaM&e@OPPh!IS5WHCJE)bX!02LFbZ^kh?@mLdddGk;9N=i5Ab1C#(^07=GrS4J
zo4|NBrf+JzgU{)uRBA$3hbZ5$uI^q3lJisLoht
zv}%LV&}WI@+B(20T2Vjb2G$wzJwq66%FOWBP6EFkJzS;_$
zzYZ$>N0nXwNxiWP#c5>+%YK5%@k!7whEqwk2zI)FMqNEZ6&Q+q-3B8|f3MU!ZO#C%
zat5Eqwqd71g!%$=bSocd#lxr~NV_JTCnMC-&p@aRuvs{PcTHx$8mO19+l|#5_>gdp
z-L3|*Eo5MZ@JQ1^SR6*;oC)5bn!TM2Y|W1xZvtbFVUfiIZ&1xXLozcFfM0&CBr+ax!y{DFA-bzsc|a%}P6|GQhuiG^?7%Nq
zkV;j64IUtLK}XI0vK?5Q7uq`k?E3)W`cfn_J3>vm0m4{-uRK6_w;w8M0X}Gr$(OYZ
z;Q9v$^DxiNzSs^-?gqjEfG5KUk}M#C8CRiZO@vy6dzy6>jN69AlS=)B$*fHgYS3lm
zCM)I~sW^0BVU~6~S0P>aLU=W*?=oQ24rggy%sLyPzHz~73r62?7VApjRe)Z0vF_-v
z!R8;roZm^+Di1^!fxa3CFa6SmUi#I!;Z@&UUEq7mzDzw;8QuRAFi!b&y7(9UVNXb(
z;=WaN@)&&MWKm!Iw7?=p#+I5`z=`bY{_rfuR@qfVPLCxTy69#LUo2UoEHoEc3_har
zIIJdgTjq(f##gB7G$m~ethK>;j+}=k50U#+I@%o19R>k^jyP>-?BW-QBPVBYx94xX
zL>^Wr(lkXb0&jVUOY@A#i5YxP9x-IVKoNONy--e5fvbxwty(
z0Q&$(&0gqsR3)!S`oya)Wt$IBIb#|^&4-|z@YU$Y98>i*>!wN;70%yiBN;j8LI93{
z=Lh2nwiH?_9-O=nOBMeO7jcNsg~QswxnXFUTKOAtlY!_8J|wpjZX5yFPPrEmQnmo0
zLpaHI2vs2^1ANR|6?1+<#tZeo0f-zzpJD_v+oC5zqj3mzt1rcL2=Bll4^vv7;wC8!>nX4wNw)&l*~fJ?x1?qVU(Yq{Ba_bqV_y#yOQ*z*NjPMILbIDg2l;wd
zgJ*m_#1*O4sJ!s?+y~_QddLR8ujl9rOMC$A3=Ww=+4ucB#PZL7!8xyFQ>5|rEPzbv
z<~5dh1iqepc;NDVJ;$*So!Qq@au|jf&(}i<8DCEU0LIrt7sl5^7sl7~Y$o|1S>E&Y
z^Z=04_w~$lg;;`!cX3#y$?&8^5=Z#Ho}W5c;vgc9`Wz2grJ`Pj2MDoOeMD9zYxusN
z0w3cZMmnwMU;rFC1?Kp^o?M9beLay-V|+c2Z-glUR>4t=WE--fJzviv*wpv+oPR_!
zdV$qH#PobUWPRV)a~bEvn2lpzi0S!yD0$!4({-2>t&reOu=W#^Y-4;qm*7Sx`EPLi
z;G^Nbo<*Cqg8P7NtQ>j@JYUa0SV{;@n$|9CB*X1oX1))3R{AB9m8zkl@Ff|@~s--7i$
zG08Tje-r^q@^^3qU;}MA-l^jILTCJ=6{G;p>r;eA}=NkK&*b$m3ue?(%&K{@CE
zxVNFuSy=z@yT-X57Hgaa!aSmrxg^v5u8|ipr14$AJBY&d%@or$qE=}&UjY9uT#e}(
zb@pj{-vVx<1!qdibd7F*;u}}M@)FMJ=qB~zOL&G_9`QD|##95;5J#Zge#{MNgk>I&
zp5a}HDx13y)unK#p6adZ=($V(dhr2w>1^oyx4ZP!QJ8k|o!z)gDeAx6rOSYY+@*9C
za+k(+!Tv`iatDXij>b*nF8!*mC9;B?go7d3lW^lMor<*ySpr~1LwF{n0PfQ7F|}w0
ztgXQZGw!=fFFs<4fxwRT{=3}bnT!CiWl7B=q#%#JleF0kapGG*L%mmbFUZCMDkQa)AJ
zk9LQ`U3#xLR%?+{t1$>Id{W3=Iu|cnQd6>?0XCR$HokF}-k~Zq?$Q@=6J*jtFqdXx
zd+ySe%=X=-L+4wX^bwe!5nETD?=G!{mm{nn5P!qRBrC~?AOZnbT?ou94oPLn0_xeXP9>Gg`Yntcg
zq;j&qlZwJ8lx05I0Q2z)S({JDw0uJ5;}dEGd{W9kp|Vt_#9&|JEx>
z1ehx8c#QuzxWu}f`|eU_oe)P!c`4vke2(OD8F%TtfYhYcAape(E}Ld`Vk&Wh$P>~&o*Ln_b~2K6=K6(`e|KFk{7`Ik=UF!
z<1YOzRVOJW9upM~tYMsXX9rPv8j4>ri{CEcSr>8(uo`JwM`N^grDOi
zLJ4@~@ZF`2X`j+%fWL+le0OQ=YdUi>Y9j7`I5MT{yGvWQ)LD`lz$*|Zl#p?kmdNfY
zY5_tUUy;x_+@*bPc}fNY8{sPnxl6~Fk=g)rfXxrdukM6tGu)*&S9$X91KUP8o71>U
zUq-#i&k+9&VQf5ISH8Qn3O*t!Zveb&2xqu5ms1LGmyWy->%~sOqY{qH8khig>B#^z
zlmuAW5VQv0U0P=c^3Vcc8=oMIyEJ+`umOl4YB1kjx}}0QP)rB3*oP$zK)SsdcWIM0
z9&;;LN5Yw$72_^#^no{&eGk@e;Y>Y5`tH(-b3JDCWIQ+H&_(CeLqo1{mzKi<8x5qg
zBB*u3=plFM3)l$7q)s3V3?p%|a3}QKrQKs;^a)_hGAz2wgxsa^EnxIj0N4A3kh^r#
zLT>_b448J8@|3{1OVi=Nd(hn&N0b``k62@Ix=S5&M5&v2U^WCKbsRGv_
zexHv?HgBkYjJve!Hgxz?p#A)xRNr0t;wVt9sdxy$q07r!=|>oM=?{MaECfd7f3vg?
zz_?2*7KXwWpmhkNhTNqWTS3tPQ|Xfs#m_i*_5VOq8e~ch{vX+(Z5@W
zEZNvCNPb6z4LN+$9l+sJ?i3E&yGuFj;O^qEqkGm1?{V14&5c|}mh9wKeDsl}o{B%s*R8$lHeUENhuzP8j&&u6mhIH4i0?7?dsAM)-jFfr
zLAnv9ucGO5`azsp=>zVe#S76ngB
ze1*K>OIP_YuF?OZsy(+FBEAY1E`dy!sXYgq4Ad!om9_R$*fpb02a^elt=+8*68qLm
ztagoPU}yD}s6C<_uFm;atII&kcUp_p@wWxQzQ?|%Lz0v1cy1uzAA+jQAxwafhb6N1
zlZg3I3ydGWL@vO)LF$UW{&dt*`F#|wuj*^zES2j%Mpk~(*QI6c&&T5OXFq4xF5>Ec
z{?&q-xVr9N4Rw&0UxMYy$g=jX!?^m@%XLT8olt+`dt8vGY<2vF6x|A{=+j=t7n82L
zLABrVtT{Ll5q}3&RJs&1RejlD)d{x!Ex|ADNw!RXzf2#y$z`vSQ9almB
z>Jn**Q01rv=>-D)Z^K5lLp3Mwif)CvkIDWQ7OeLa8JHjE)B%(C6{Y^i?ziOqMGv9Q
zcx^lRK+$r=(JbrK!Cpl~;=ifRLmMJb-m}nSJbAgA088DAr&03ceMm`oZ*9>csqe}A
zayy*cz{r6hU99~Y@7+T^dAz>rzqQp3G8sM5HpvUxZ8q**d(f$badg+jtXJLx$pU7L
zC*{5u)Y%Ov5z*;BB&QSZdqK;gZN7>KDJy|cH=N`u6C+ujqH%QB#9m0s!(&8RLgp}UK2F7WLwRXrAmiwMt7RrfH)Yy5x~c5t
z>D@+hbk9SJT!#pDbdwB^;BO$N@F+@3=ZY*O`C7kX40R%-aehRiiU+=mDqe}nL#T?I
zufoN5Q1Sx~>l!KYtGIszpgV{TK#U=IlW@O^k2i;VoRX8NAQTBF`Ht?%t3jv=tbvc~
zYHmr*4vy~b7>i^#VC?9oV(FB)F$sq(Q0UxPWQ4lMEbvVCAg)MV`VZvMJuUbk=GPJPT$d;`vTk`h?tMVia=2$DUrkx
zzN7nCV@s?@#QQ$SLsqHZPfGD2Vo&&pj3aCKj_&@sERlyHuW8OFF&Rk&B1yq#Pl3_WPRV!{pn!IjOW1`8)ABn
zJWAeoEwJ7uCfUX~@;3jjp?PPGs!Z(H?IR`CseS}
zfF~1$E1fCEn|C-v=WZGB_2FuaH}9A7+USRYe;&>;-n{E^mbeV;SHd|RZdW`Pq@Ko(
zZmP*pH*u&EQtPaf?C5T`Fw{TZgtE*VK`Nr}`2C~S`b_=)&|5x-k9Y`AqW7
zSl;U&0|1!*@g62eYY?#whxH3tlaxr}nEr8jBeo(T;-t?p{evErenjkVJ|gc>GxGaK
zjuX&=h9=$lG(h_)Fvss7>4<)4|2Q&;MtIx?aWp2`AT$|AH;vYQ|M+x|W()%Bxe(Lq
zAJ1j#AI-6-O^k&&mWG&K|HzI~`28d2KHNZ%;32R+CMMa&^pDbewfsdO*L^g+e{5B_
z`$9o*0p5he;VJMof@}-o^P>>V2c)=bVIYhp
zI+;r{-R~Ml2WXA+0k0qm*Eds4*O-W2z=iB^Qx
z9gRb$qnlLcn|KCT9&xuX?!bUb<6uWObqmeo5jMOFQDt)%qPi3g)lma3AxAfvJLKr@irJ0j%!jCPbd#l|vkp|V?#JA+|m6<4hS9s<9Ha$OALgDX8VrrKWclV_rTmrY+ZT2qx<8$
z(0vT?r+rM4&XA+~y{h;g3RU{=i2mD2SQ)S$2cx!O
zg*&=Gt_DI|fPD>t)o^Dvj_%1Lk;YgsW<7*u9NjchWO8&*!|a-(wn1i(FBfuj)3BqT
zWBJ}rj&2@LoR*NO7ehN#$kBaao#&vYah)8}SKQn@`BJd_v~q6KVu}
zlI)*QSt?UvSkW?$?kR8)lZ8T#?y?1u&rwV85nLSB^Jp|7NB0|p&<^J#eua<82}CfC
zZr$$*HID9<_y~#o6ftLw44rv`;f`(svDiQ3O~8A>)1#oiJHUa4FfT-aqkGenluLlG83Jk0NozHD
zFL=@ru-1XG)38WQW)>XXXS0KK0*vns>oO|ZWBHEm`=udx3k-XiS7P1GeMfiHMtpdZ
zlqUl(=yN2O%Q(8%1n~4lr0O6vG9)gWadcn&)g$!)VUQtFo;(*e-V1*0EVN7n__`sO
z3h-EXFSrvngUj_`Y&9%aV;tS}mf_Q8RO2T=_?k#7kiC$jo9>PwNB5RV7L%k{j;!F&
zP0%>Hsb_^8-81fBiUg9(z)xvnvu@+){xuRGoI#SZ39u&#=LT&Y-5a}FTE0K9Ax7Rf
zy01|s8AtcWd+>=YkmMWqSw?KuW*pr<os?Gk(XXM2USAKgWs9c{7ggB|mxEegbxb
zaMorV-L=Mg@=+@=nZV)6`;P7yEaGz6ivTMT!hJ_~=^S3!8USk+!hJ{gh*+wFifL9LR(S3~KKf}*A;RN5&
z-4ZMNlsWl3e*Pv-$QZt(`(}0gBUR!guEg{dN2Y{~qq}~JSAa?&)F6^>QT}_uOR?>P
zm9zua#a9w?bk`{0W#k25;|SOCt2<%Z3`h4b=$kD62C!v>vpJ2Udqq`ba4X^u__AJI
z`Ht@Iu!Jv91H5Di8@Mu;Qwnf&-)sa8cK`;kMyAc6YnushbdSajUgic^z!08mw5|HjdMW(%~pMtlc@`Ht?Z5#B)Y9H5ClEV+Mi4veGwMlU^z$)#Xz3}LJp1bm!gU4SIiq6}8$gI;S2Qa*d<=8!XxLsFn}Z;$ifVqx-8b
zJW_oS+Jup~Shy2nV5awiOJliB4gh1MVbKjFs!Q&F?$9k90?LZeVFXE{vnQ
z%pZ^~hxoca7Md`G9Nin>bFkWj(bZ>#9No1a1vUclV?vnk=&p?Y)Ye?Yuk|s>br7l_
z04?^oT(C&s)Np;B4o$v-`t+8v->T&39!D;gkFWVYN_g0Mh
zRwdBthEauiFZlD;P|+S>uW*9z=sqz;w;O9L@K?e)#?hT8&AXMa1YvU+iLD}xqkA%$
z^b;^n85UVAu0Ks>3FDn8K+W{VWfZ#j2-N~nq8bU>5FxrQ+!X4df
zn?cuLFvf?oSeJ2h(^Jv|j_wNJlcW3W6EMvITpYu}ZW6lCZW3Jr_K=vB8U4>QX+g#L
z0aLoFweg5wbzEKi6dI53vPw9`*#8iVwMXNBD1mAgsmosn2LD43K)(NhmUevq!?dna
zE9eP@$U>0Fiqx
zc>_%1yXWX%kQw*fizDDIL#AuukhLkTmN*N!=SYu3;KSW>Gp=FH6zIe-aY>i|;hsxu
zh<6$dn`Cv0#ywa3J$!rf|494p_$rF-{h8f+xtp7t#!W~eBqSja5CQ=qflva35D1-1
zuK_`Nm)?7kB49x*6a}$?s30PWfQSVY6j4DzY*@g81rYJ~oHM&~6JGUwKi}UU+va)B
znVBa2
zHp#olU4q;%q-+!gM4^{F(}B_+az3aji^Et-DF5S_Oe9=8A(9+YjObu@pw?ixE1`lR
zjCTj(o8az1cf(KK9q29!RtiqR-GNrzp{n6Ya9xDM*hvP+hv$4!y8|gt$)Du<)DGbA0~^*KZs|9wFG-9cahbFzgLrAyCbd
z@>o!OgJ)SRUQPy-p<((LhTxrXI0UYHAY5ow#i)pO2RgMMpEmA#fu3l0pw7sV^(mP|
zed39mb_a^qUgJLnJ=kx!P9qI|2j)Q#*>6emvIGgc15H_hr3(sJBh68^D*yDtU
z<4Mf|(bhp!Hl>RIo&=z+gRW0Em?=-e^^>58vvm+<`{33==XYX?oJejA;6ibz0O+lQ
z`W%H*3f!wZm?XN;TL%q32|_b~ZEqqtTL<+#0m49lqe>I>)N|H(Mf%y@!*<5<-AhWzw+AagTs#c*R(lJbD>!6U4Qjs=-
zxizS*X(}o-Y#sDj1G~Bk
zy>(DZkyLV(o(D$Z4Q?G&4pZq=XBl}x?DhQ!7`6`j?Xn%s-h@#QgIfm;uVP1PGGS!w
z;MPHVp0G3H+Mt}Xb?6~W4#BO1R5}o8*pBbwrnfl)nSQSxurl+XrXspfmg7q_++V
zU1BTuV9XwiLj|gYoU?V%ssoVITL)#FSM8!=boSfpSn$TMZ{dfagrB2H0KsFqux3wbH5=z0``T*l@4d?
zpz7-l4$z;#%c99ru_lfRKIIvqw+`z0gRJ=^#oHbO#t+x(Zi4S8avOT~Y
z^^dxpt%JN}lT
z3)Zh-2;?gjZ?>J@I_Rl2Ad~}`q6sB5VC$gDuc0554X~vqkOt+C-a4p8Rj_1VP=;z+
zb}%H^I%rfccr**(%2EWSM{gZ;+QPIp2zyGCsIk6j>!2m=@l#%~KK~o08ml>52R%T=
z;woq%FFH1$psB`PZyhwgB4UsXMm2|}8hD=Fr>%oJokee$-xKv=eITowg3@RU5D0gCt}3qB!B;93u4AL05uoY#sFW
zF-4Lsz$_xRirXT*e@I&g-Rrlt4FWb?YvZYR6I%!U-U8o{!C5ZAX&K>4o_-lcTL)!+
zYJWiWD6l6q{tsIRy?LJ^$@jqgNVE0UL8}_uIDI~FRpWZ=pg1o=67doWJ`PnfD0PEd
z2MziLZzck3pmC}vgIfn(#Q$X51M61`mrUYGMcO*(sYpA$r+_uT6jMzq($+!03Oi9B
z0%4mbQ9iLrpNF_#y$g*Eq9G50a7>f9?o!_2uc&<=v^8A-;ff}41^wvSE-m#+=0M^gJRrRPy*gB}_qN?!Z
z6cBi|nQK!OYG>=9X8X{UqNqIt(l*jmg5+!+bSpll=8|&|gkwbFKy!ntw+?EKWm%5w
z1rRQ4O^W1f9TbiC(pgj3%XsMuM@dc2)~N(m2;wJSU|{*gD8ni1d90{Qw+F36r?W)LREVHpdXRfRJ07q%=8O
z2hBW)w|zk9Uz)_4GTv*5(To{qgdYJ~fu76+!?-gHb762;K_W4ukm1DaEV&VDVCzS1>VOvQpDqYx1-h+uEpywxe
z52m8CaCs9m;?&p#r*2%?7+_`W%qH6xNZ&H_;wn5e1AcbF76Euc`7iS2Rm628RdxLt
z>LEQ-z1SrQ&gl*$>CWDMsS~!osp079Ej_<|jJ^QiPMZ8ADJ#ca$2PJubsb#Dg>3&Pni22f6g-pxIH@ID^Q#$X)H)G(vg`upICL{4Rqa`fw;SD0sZ|bi)b>@zVj-
za$xlWpxU)*n)JN(qf*fdczcH<6g*dY!T^(sA%Mm^uu`Emb-GJNv2A(EmNTY{!kOW}
z%}`rrT|#}Lx6GGv7*4Ta-q65vql
zeX~r!#9xeKjRTi7G4{>sc2=o)68KJsW1ATJX1$7T0;zZl#|I8v(!|&|i%n6zgZ
z6Y;T4let(SXmU
zKWKvRZuK;|fHEwb!>JVxqdDc`X^idgOne_$UpS9)Ak`gjN2HkcSOoV@k5f}P#84{F
zdWsgH{L6dbvQf(gNJJ67_Pllv`MDe50Zr&hgyHP*WseU%PI(I0_Zm+{WJ>t1g7}AL
z$1L*eH6%O^4!z{iDNTQQs?LX3DZsKcPC-$mWs?0frRO9@{<091?wUpcDn$#Co*{q0
zZ8RveG>yZ>UUpxH6!2n8w&mq1O!t7Y(V?ks_w*aNU{sTyneQRflYaRU7_U1l$yQRV
zOzEkxT-vPjU|iHJHWjy`-iFds4Q~&!F3(|PYaGf76fO}{kPZ*0#&PeR`}5wG(la+3
zUmSuc>*LgfBnFf5V@}lpd74cg)*5-GNP2E-fX@nvJQ$}Dn#|L6-uBY-({O{chg=Bk
zPL0P<&FNiJhdVAj67Y7Ho-Di-MjZJpPJ1+&d-~pD?BLVT#@_?>k;Y?w4#dz9qcghx90M}JoY*J8ns^LjCRo0M?gYcpz(VbKt(A181t({xwT?cO!Z2NwT
zodBPK_)}>y_Mi+in;D+4nds7c-a!7xQ6m5I7{a^4@ce<^6{mG|5VAFiLZC(?-Y2oo
zJqin@gX{=GZ%vxPCZL_My_0Pd5U6w?Fg#t?+Ob;<*ZZ^>$BsQHQxX4M@P2~5&<7!y
zPlNHC!xAQq7rfYKy~g*p=f{A3L^u^n$)5Ab!<%4wT4H^Oqj4F88;+8aq$JbRw4B
zsk8`$)i-HkQa{u4-AOx4PlB-fCQUS`@XiJ4DFg!*zB~@XnVU2*X`$(Pf3`jH_zeV!
zO0GogbicB>(~IP_V_pDsd7wG-7~V06tXeZP205LpsH*k2`z8JDYNK!5plnU9HtAi{
zs&(V&byw*hgDg=s*WU_=l~M}}f>j$wO~5SHBseUh0L-I=qB}_(5kr}|YPQlF&jQV&
zhG2SEZUemCkr4c==&CI}u6qnYg7OGX#|U0RIWCE&SE?3yo=i8`8~HV$iyEFXXw+?@
zYJ1Q5NU7j5h>{P7lD7J_;Bkd;QA3d2>k?iJ^uOzCcoYM_ra0j%xKI~riVs4mrzZU8
z*OY|-hzb@XswC^pI~MQ7sg?@sVxTe#~eQgotz{+(h6mkpm^h^HrK(zMRi~1
zBd=0|znpm%YFfTAOA7x1cb#wHHV_U&aTqJf+m=TNI_N(2Ei}%A^AZPA?Yt5_!=Vz4;+Bg=9ke8a_->jRkcQ4&yY%Mj-=@Q8}0agX=vGB0poe2^KCwhZ*CW
zVFeJ-^BVq|;Kh=@I0+qRyq$;&P-7Pf6RxUo;1@SSyN0yFYDe;dIQ-W#bVm3NOw`op
zf?c0DB87m^*+!38Lqq~Ahr_tc{xh<`I30~?P`K805P2gA-)S6q0;Ld8K*O#P6gie&
zW%S)*h#`Q+YuFov*BS>9wnc#MEd@(fF=jr37S#@~0y&_{B_fPoJPZxQOogzEB9uUz
zvxQQ`CM;-Fea9NJb;v)BiE9m`(
zqDMOSUPY|-E(U=(lt5e82Ef=C__6zuZwlbvhA{T40%NJt^H66Yis3xMfn*i(OyO0e
zXCanr=K#A?<5X+fI0ilsV&t_E*fXVYr9=fFOM0qaKmc9`Mc2dU}6>6+mD=
zYn;umLXm@QnDJK-4{~-a4vv5%`I13xAw5smHAHm~8fp?ng_)v)Nw#P$J+mLc*O4If
zc1S9*>fViBVQ5Dg{W;~fgxArYg$B@J-GX&`xXc54g(IQ9G^tP#^>=75={d9v^&hZj
zHBJ)t=P03DK*AJ3=O<82y#dDin#Fe1?)t{IB}M@$P@0GY5h$h8qOyd=e6yOR)_n=yjq#9>((y`6~Fo^LS)CFKK<
z*hD_H#`sypGq%Q47IlH#4d(+6B<8tFku!*CeA$g89V0}#yhWj|knEr}_Xl>t>Jm_wrA2g=UOkYWSDEdUj1
z>3C{*A|Cck{0IT*59i^Iq#R7zc_t{Gx@W7DHU4z7Qc_m
zimj9K5%k2hiKJ(>y2iHz
z@y=0wssWFJe~CC)vwSkBzK3TZ<_>EC%G2t?#$mikP=AKH$*6El
zd|2?vkAop)wziD-lTp5oNQ$ZeZ`B0W{ko*KIBuYferk;&C?xGb=uw)a0x(#5z6rr#
z7uXbypQKQf$wh97dqR4Ce-XZ~1bDwDaO8qkn)zl6^y=75!nGXnNZyP7nH4wL_uL0g
zCYTx(jUxR4RGc9-r^ySIJ!VAp!TjQnaQ(wU@hoP?NAs!5}L~6U`hFX5T6s3
zu>fYM1uR$NKL^z>@=X6liuQo|Y53;svBC2JM)p@AGzA=agQQjV*zEc9K`AIWYY1U~
z{fS7jxJSddiqTfUyf5+!ySbi6M3R4d9aTu&9$!@yr}|_S(TLoIsWcz-y!*29^CD?>
zQ3+JYVb9LBnD~RA9t=dKmyodfc%35dm71i-Mb2pnm{^W`!}C5mypdqkCaO}x$lIPT
zrsCZLAZ@gg6wWxuqO3!P=nvPyIE+M6f3IZdL{tm66w~0m%z-#5?BdFtGf~4(i^>fk
zJfTS(M(zQ|or`|&Z8ZJRdJyoj(i9bf&ppj18R9&kiyE#%!BBY)^FJFNMayBraN#&O
zh$?PDYpXm*=5{jP9+)xX;T+@@>Pb>1rhAe#NO@u2!;~p!n4xV^0X8B!K8IL@x+m_W
z8TD&Fs@W$(Y7Ti>9}<$q6yuZ`wRb-;?gP46GwP6Hp0$d5-sPEyPG>#|?gQb7CN;#J
zO~M-D+UIT3c{pFxr2Yt#`X(Xn2bbqljL4)3r*Ir9Fr-+N8S{)O;_fkh%PS)A^#C@+
zF_;DiWD4BW=IV+?#DCg|tdjA329%SHMnP8Fh@+BGWjopLRkv@A#tyj4jey^}K@gc^
zx1nB&crx@aWCYb{>`bAyL6mW0rauC^Uq3z%!8-^Q$8Z?q$R;y5{4OFSNl!2IpyU?-
ze{cw@OTxB{K<|lmDVaxdAs?e2#Zf|wBB91jYG9KxL8z}u`%t3`vl8mS2+YrwABneH
z;ESZqXL}H72?a$p%g={V8!b)R*E|9%AXBsOg*Z5JHcs?|aYe3mJ0_MRu#z$L6{+wI
zz_w^Srmhe2yThmslrC~NDb*uJVkzS=HiV{#oPg_xBthn|@o~uNFQR58{AXZS2NTdtuhl>w)QkGSk
zI#`-D;~M&d5$_q_zl4B%2JCwr&D$2MmQ|%Ihe&6!!NEQU<-_DPwc&r_PG8X()P(%g
ztLIAm^lDd$pI+_0ZeyP+>%ujzdoR!UXi27SkZsyc`GGk6mPRT5NlFwj_!EvBf0*
z^IgUmzwMn1Hr8RHH~pE!Ukzk7-vvz=!fyh{8NzStfFM+cLv5dIY`iOZ&N
zZsS0uhw$E2@Us}$2nUykNZuL3H%Ha@CLHDiURj#LLwH)G;dux(gr|^aBqma1QK`^E
zsjgJMCbh|De#ZnACThO?6!k8#gA+BR>K`U*CR&J~2O?#07?+_*vN}Cc^B&rDnE|kl
zCR`-{)FcchYG!tm;s#vW0Pm(b&r<*t2NN~hFDcF#;L|kc3hsgvHNKICSOu5$8Yiuy
z!XT7PnyA^h0-b(fCvg0yfmF~d(nL*VoG4whgfgL?s3D_eoJDZigk{jQYZG#mGRBUz
zv&k(QL)N7_pR);dT}1LX2apD_Lw&sF>@32&=>>SozUaN;SC=w&xXbqpl+-6p_6zW%
zU7i^$@s%v{_GGxu!(n(Sz?|C?Xpj{<9_`!XXu8080QgqT;rAmr6zq$Oe9sv9B!%}G
zx9>EbR9tqtV{|D};c1R#JT67zoI^sSY}1V4=`N9R9lwBNQhG@e{#DG9H6T_*;^upTT42TavCQwfb9<>tziw0LoV4ke$dD
z8*vx>mgKXZLbwS0`)^5_-!57Fy;9wsX`?M2*`g!pAwzaL$@itmuE1R|vPUN%
zvIPEpWb^*S5pW|OS)QAf6HL(DzEIRs&rx0QZkWnQlZz;dm$|i{yO{l9T-OM>cJd>MkjYp<)GjGK?&;
z0e3-*&|l(Q1pd86?m=-S@e`%QB|ZLwMS7!^76^{=jAWIM+9Ju%VVDZ%@Kv#7gLe1*uP{utZbDrNUs}b*Okm
zdR!+l=B_ZrmzsqN2MLw@^sj{X^Cf;!0xwoL#Vx)b;zq^32n3EB6?^K0-Bj#
zMWC1aMf#owJ?D;4d@XiGhQwp4b|xG+h(E7|kNPBXM*RfEAk9IAzu6)2MmPE-vfCD@
z9vZwD?Sp)!d%V6gAlGl725+r?1*61IQHGd#b|@zEsk-D7*xvn!Cv_v_mrmNC0;G>Y
zxNe(HshmN7ePL4NlBD7NZPHvO-5-IdQI@9NQgxOlO*%_&J%@<`s3^uEH$X~`$6YW>
z(?>xr0{=csuiK);A1x&=>G2=3ba7Yw<3+Q{YvrTP(#^VI?itRP2--sN&^6j;7>7_;
zLJ%DV<%~ogrN2@xxsI>f;mq@N`S6`Tx2z2p^%|Ip8)q|qF)L^F4nsu!AdP`*q`1AL
zV2~-ez>oz*#u>bXF5|~bUzM*BpbvJU(>+NVs~^D5a%do)Vg-RQ;u01cfAj1i4p8C
zs;E%k<*@%Q)Njjb=+_c`$v(VBjG+BvkVTVAO%RxQjS!g5hI=jQ3^J36iSb};+)tnv
zMb7RW_Kl>c;7LTESPBoTNcT?|=@3>O3b$|v$pL|-d|=nOL4RTipnpD5+Y{}3H{1fJ}Y
z?hZqh0{=H9?eRZ^at8*{6`qvtyg!wKY$yoYLxpm|Gnj-)lJ3v&O)Pbm#(~2L_4mJ4
z~D|8qv~nuhQpy%wYVQAT~XRQNc8m3elAM~G_E%IiaYRAs#eq~k0?t^zbs34pv
z6?`@nIkTbYMwUK_=!U;S0SuM+v?@t%7>fe2
zX{W4Be`c4#lgipJ4#SA=sQWXl)Fy(Q`h%UdnfD}mr6Mhpipo;=^^U5jv?j`x&u=a&
zBKpVUnCeb-yFbCd-)VJW5s1NlvR=NZ`Bpl9@C!^$tgH2h=ye+)T*2**$yAG6FP0Pz
zu9J-*VYT>GFb5r1RJ>;z;N35<**er;;~{`Z`{F&UT-0AXhhe%t}0%f+f`yG@+>Ml2PDD)u55hc1sACw!^Yb`Jip#m}m
zod2P?4c(;bwL=j~YzM1G7vf(FSwSUq+hS(9qv{&see&pUMo-ZXA~h*QCyP}M4aF$q
zf5_NB-H(W%roDkR3(AGfAokz0bK0;fsCW*$M?<3eYV762QmActg_B$)okT%sHi!Is
z^lMg7fGFg8IA>SOlPK>lb^nHDg!1k#;!$1;W?Q-wVRi4vXklDvopTsd5GmT<5BVq4
z?Y?EWfgc`&@^i_|SCdu{uYp%JxT2$$UmQ)Aq`%_(~IaQuRzQ=GeATUD3s1Hs+8
zJpSr|sJefjY>4IPg7XN1=8{YNH6m?pDrewNG2KCPf9D{{#ek|rIb}V}koLl4rW`6X
z1kDkemuJq1VqVxQ9@
zk>edTlyBH)-K49Tf&Fk7X?YNi|J2=bu*#9w9i=zrNR?@j-nGzpd!EAPB)^nMZ^7wZ
z6Hfn`-Vv=~$y~gsldF=f3s`d1(+D!15M(@~kj`z1WpCWFL3zZePa-WHqchYjF0>*v
z$@l1h_7x=WM8jSFAFzNJ+gi5-!e)U-EA1G9`LXZO~Cewp#y_>XpG4DfK
zXTOgZJsho+rom(hrnO3z&-%00QCJJ7#fcS;R(g=J`=B*?K=-XMYqNt=eD6q7d6YbXUC>|_Ebx}wk9p>#-%2D42U#~AY6^+|B_yIJmsh>_
z1SB{WsvZ#2X5(gt?bYZD7tP5nZO5^0jUyWMve6@9!m2m!kATxjL|3>SMn@+&znhBwF-M0UTmGZbcP~Wau+Zhc?}S>E2*JeM
zztyGOuJ8&&^ws4kW$-n5g-Ysti0Zt|mitGeldrySV%=rSC|_s&7hm}sKyJvQS@e@w
z_pI?s^u_-o$^qtir?4)lFSFKF&Pb&85G_R3J(UgIr)@(zy84(;j8j_{d=HK4#kqFF
zC*l3K>?qjysNAvu)N(R(Up(p_8I7r#v^d#xGM(I4F)@~WBy=a*pOEAaL%&I)>*t~F
zWV(J4TAr_8hUW71>(E|&y%0JP*Iu^`ohXt|n!|eFn=QzXhA#O8ZulfZQvL`{LOHr6
z#U(=<@QquB_QK8m^2nn?)J+QwiLM?_uknRM*9fQGhBAxFLOQxZsP_-_GhRgP7~R2>
z62K(dA?SV+hmnB1Wka1kCuf3w7S7)~kW6QM4~h2h>|TTr{RPZ>%@$Rwm%Lyf-6Vkr
zbxA2lLGJBowGLkzfG2C=luH7)P(G$R5kucCMmJ5MRbUx&`xAzU&P(9*QPTZAgF521
z5Rx8+(-bXDcOvF{l5UoeP0~qkp2Wjo&qy@(?A^nlY$pMVnxs29BoUG14_%@gCGcDJ
z@o6g|HOVt)CX8_$oX@lbDSzepCfFpo#VB}H
zFWc7@jC#L6C`G*n{Z4K>-d
zy^F6SA#v?dOoWWLB(C-Us)`V$wSs5a#r`$7A@a^WkAbWDhHUxuYt>bxv2t;BI93t*8|lZxDj#G3DpK
zWIunq1@hy|*WajWqA>bsC%Zx2^9YtJ9AW48sIznHhQT3>k~q6z-5=R&>k!~tg>9}ob)s-b5`Y}P
z8G7Ib-ZWf|Oqx^9jH1jaj55>bpb<_r6D}P#DS%Bg79uF7nBZzU(&
z^sGXrA(G6&sj+68dwsxjO;4rcc*_LxvOBQ8gmd5&-puqgeHU-7lW&uO&2w<|v8GAe
zZsfEyJr__Fv62Tt*zAym!rPgi+Q3=KK43>2+*b1XIwZ{i$tP$NxD-%
zSIkK=b7;y(nzYwVPB+t&Qs4GB2Bxowg9EQb%*~kx#o$T`k=3Iy*C*d?hvvu~lR30BwLtfqs
z>_Ngga60=`?`w$H5pKB~*Z~K>Df@h~(NIdxfN_R
z^z5fBAX7l7P9%z#q`P4Dp`mFo`@Hg^?Qa02ek8(rSwv@_ulCq6m;%ClA_ev8?30vj
zo8ci4w%w%3$v(@vGf
z7k{tRoc_P6xx%4I8I1ZDZCR>;_}FdPyFi?_jPL)gEu-97c^|@D$Y9(|05Se=D4uIFPKvxZSDxr5JbsSU(3Z-KnY%
zvUECCw675HyMEy&8+T+xPh!hjmz`xOgDrZWj
zoN
z9Y}GdlW=-NkDs-BH+F9*bhhfE6&Sm(+9eeOoBplfs)I+)f9k
z4Z_GBn5(!^vr-g5k$DC$BT$Zdrc5wLouNL-a7d5EVcbE1baGV35r7uL`7Q^N(-^mN
z)VllO_ZDE!IC$wCHHV_@ZE6xi~p$O;EbO=dSsf?>t~s7bo}mmGBz&5oQ5&SEXWVJ0!1quPIs#WB*e
z5vQ$0q?nYjxQjAT<_|}dvFBSsV{dvJVjn`}Qxf}R0K^<)Z>j+3GMsNXki5XSZEVbg
z;{{L*?vrq^XlY~f5`$yxnb1KznU7O@61WOolJ2yzdCtHwws#<4XH4`dDxTgXJr}3t
zTAJ>(u_IZ)Hg@2e?cKAW93%mXnxwmbG4^lOP``Z%&aYa6!%Sk@*triWjWQf&jK;w+
z!AG%sF$=NE$iE0Ln!>pw4t^bkW}*0X5OS?bPj+b7Ks13V;(y&8nme;
zg;m&zt&)^gxOTy!$@g?e8lZAG9HJ_TH+rZ_VyS)o!@ef=L?tmA54w^#n2)&@NPhsI
zWD0DjD~b7c;wJ#)T7@i1CtXSWiDtj#km;|ncBNnsnFgArD~V6h_%q)gGQB>q^pL3&
zg5_$8uscJh83>{?G^!7uouN?^+$TpaL3mKJtRn$?Xw(lHxMpFaByUM3drS&{sRU(&
zLtzW@=!qgOGW)y&eW-jgLxbg^&u}QX0O?COj20Amr#v+O7ENZy1Fb{r%BLN=cEpnbocfVKF~M}F%fkqAamoX~)#H?h#2iD6AnDaOJ*cJW
zPM3$t?44a6POL(FN#Gz(?~wpSP14=Jl!vTcFvhRoxM3kB!AeL>mxt<)8mv(!fmDfz
z6cd#wY;hN5&dlh$p$o?T5Q9Hu(GH%ft>AqZi1Z?{iMK(_F?QElfX2Xinghu>jN8T@
zJ`UF!^Qov{sNe*ie+v;>El#Dd0NrZmcBaJ`F&
z6cfA|^Ev9GRmPAu@Zx1SAH%_w4^94Zy#;&M*kKGQ!Na^c#(8F9gp80z`_{0(xg70be)oq
zW~OAFGQsI+*mX+NUN&w|!z82ZmaJ3G#VOpGh8c)px$cHvPMxv>L3HYr6Y$=tQ$ECf
zvU?Imc2f9760qx(G0>nVanTWLh9H9y341t{84iWas5&$hagiCdMP>835y5PpivKFg
zhLCQC!}ydWoNPY-Wzf69d4L1SZy2|;dF;o)Cjp!5;H9%Ut+?uJe!7R^$;Uu`mISU5
zOm{k)y9dF=sZ;nxJ|~-7?WEWbs{9J4pKvH?y3^S_ilm)vJ_IxI6f7BwxK_czQImA{
zFWLN&1AtqB(?d(J5)#wdeBOSgQI3P_WFk^bRHCrOU6eTo?RXPoa(+R#ewOtlXsMe|
zftGrDDy){eV;CA*;aUXuWAfE2$gFiM5Xs0K_$m?vbxaJTadexz+mW-bf*)E
z)_8Ox(Oww3BlJc)L>pAO45xdvG~MY$;`KHsk)|332TQ&L%G)GBQImA{FNx&KgaI#s
zb3;o|+*nK}Qe*?AQO3fI6>xA&MEoYSx2TIQ(Z@Hf;oK7k*G04v!*vn4+S`zDXxKm$
zY?Z>q6RuZa@Z`Qn;VbGQ+O3@jL0H_R>wNqAt9>oEh6X`+&~?%DI%+e=UGPitemqWH
z)Cmjq$H|peoYmT;GYHysr`=z%2SG0v*maLx7j?$VTwM3qb!OFgQapJp$W2J#7{PR>v-wBl;?za_3bIod?S38KiGeD|;WR@_)1A)d
zU$S?0|7QI;+q=!6JWB!;HA#2>lFi%FT+c~xzSI&FHx|>`JQ-^stmg(G7fi`9QHjD9
zcTwideE&IE55}H`d1Pvhl2Arw6S@$)iE~ztk*I26!dTQkn~xczSYunr;Sak
zox0+Ga~SsHAc084wIU9VnxwmbG4{%GFm^L=I%x@3LSow3Q=d{A<#4!;B_hQ{8Cy+U
z)80SHSFlb`)dFoVL)F26r&YC(W?$FZSK0@szJ-&n7A~PHNWX143f*ciAg5Xw)>?=Q
zgOHS>!3^Dp1oa&T=h24*aegJUA%>5CAwel)6)
zg>deUqx4rH8lV-1I+vy!V^K8Q&L!ko!BbrIbB^;1e)|l5;r-D
zar-9OB|(UaR#Hvh1k6LL9gdQ6>QzU>WQmr~eSv9_2A=Lsp#LazzlXzU2u!3f)X4J!
zX4t-l>(34%_oX8HB)*2(jifx!`>PD`9lAsK`=*G*p@bEh@40~yGOajg0Ldh@C8KFV(;&r1!b+Sg8sf<22pQud$+>wW@$Wk{^$ydHQ_IvjUZYi|<{Y
zHMq~OXby#Bex&Q+0(@EOay@$&E|%+iG-z=A8kbpCZmxO!6yB7DR)1DwEb=!D;U($%4o3
z1+SnJOIX-I2;>&Ho8le{+M0LXDFwYHp@PuPPxr!B(4L=I!E7i9TMlk+2lrf1^6{U@
z&3JpzBBQuyVJBafNq+`rAS>oeD-ri$kA5IU!}ORR6r4m(A7lv8uyX7fIEB?%Xo!YY
z5@>lL-*6AhMHuNm?5&n?&q#ckI9ujIMb&7EysI*SWeed@tsH$(7j|VNlvR)Ch;8f#
z_ZsCX6~fkHAlC5KvY(TJKW9K$UH@-%-yN&<4eR+0(sS1laI&Kl=>F3+xX3%)lkZ712-Jb66n1cJlvh45Oskm>Y{Ow-`dhS!PZUnP%wH^
z6irbsdpA-e!;EMPH=orR=SO)-kqQr2OsaPBS)<@^T&6#hj;zz!@R2DO5r3{vt?2POU8
zVngJ1H6td1c{@3i_k0rRPp^m9_nREfd5#EsDAH$6gWRKL1bP1mVSFN;ir}*zhikse
zZFND;ru+0S7ed{GO5Lfy5gAzxlL5Jn&9JKkQhZh9f-!tg;uR#3JK6{fO9D!<6Dwrj
zS0MJ9m?(3fO<(J;@f+!f9!kUJVQ4A}ba>wA`7|v`%|hX(*&|72gLycp8>Rv%@skjC|V0aX9_k?!c_>Twhv$$7DT-DF>1vacW5*B^1+B8vx%7rBMX
zR*@AEJkA0ne+3~5X`Jn&vKP`g$48|tq;Y*8m9LP-4SZChLK-*pb+}6YHS~Ft)Rl@<
zNaMynDlQ?7^L$h^LK-*sQCSFSobRK2AJVvmZx>%%`Y7XuG%oZ}1`KK3+E<>hMLx=J
zA&uMk+Vi!ok1|q7<90sEFd>aQ_$Xh5H16m-itGDw>g)J(QxjpNNHJT^#AH?z!FhGI
zTsjo}34UkxG8^M=
zQfqX9nwIqwWm3!gg=p&c)`Ag)ztvVlG>!1E>HPFrb<=2fc}TcK*d(ZF8e@jzDQpVv
zo0W+nt*$}jFzHkLqQxCQ7x&4BdSQF!{46UZ4ej5JWcmk$t?&V?Ipo(1p}cPSuXn{m
zHa|rA=Rsk94nM^C2lvH8eSWCu@7e%WMFW1w@UKLG^K<#3mVW^J%x}mKIsRhg&HP6E
zkmqlU{FI-^4~71to$%0%OU+$io_|nh6c@%a`$IMo^}zj$~0~Bi$8m;M07Aotu+0oly5o1T9@80K9BOQRO|1K(58P)nHnBlLAa4
zf1#uo5`pR^r6T>^+VJq2Y85vT##Nh=JBHzS0lqvYRWB39UUQa9FTiqXLB7IHYm9_%
z$IF#10M0gi^>HQo^_vLkZi>$-6(WBnCon7I0?bPne4^ab8?FVZj^x&<8Ig3uB61NZrR?E
z|LJ*T%r8|C-y?1bW3F!t>^p^h>tG^1t|`>FQ?~Nad=iI{HQNR&ZihH5GJM@}C4+Fq{nWC3d7_Kz*AC`LF^=KK}pe7sUJpyoJ=fDkBH=c)Uwg_(CaRE-tg7HmHfE-
zZ>Z_96x4xA*Ipu&4yt5@(T}bN>m|eY0IsC!95Hop6)FAYPe8&icsT=Tf>Ln$b_98k
z;X8pV;fa+U1&pW1xnYkQDnS|%#;q<}n$sfdz7`-9bC&N;I0utLAhI@Ls9!LQy&bRB
zD(Dyd`=wwWLo05A-p49zK{r;o?Iwl&1_9d3`Rh<=sr1Z?h+{L=JNQ6De^2Kz6s
zBE?BLVI*F*^zeiK@uv;ZGQ_TJ2V!2mrI#OE{$J6>YZ=N9mVezGDO&pY!RLS5jfXIP
zi1c5?u(@S8KScYfXVFqM266u8=b#{xkwpJn7^=67;)ja-Bem<5`oj2?@AUvO2Mq{FM#_Bhp;_Sb)FOH*SZ0kBDse+
zTw`>H1fVddANd}PnUcFj%S$t|j?6|NKjJ_>MNlx3tRej!!k?7fy*yS*)~=zqVjxrS
zjO7014}U|*`d|zQi#X^JRZIE6W=gMq0X|ez6;x#+Pze|5srUrFz);RD$yrC)?!#Zl
zun}*=aL|YRo#J>G2%(CwE0G#U~^M8!OO-Lj0!#adjya{BSJ6Wa`9fjz!2@k+ui}lY-YO(1oOP3Dyy}
z;e)XRlXOolO&pQ-JH87oc%lMb$YF|>R>~RP7E2eBzE4Xl`0Yc8?YkA|Lejgnv{KIS
zu~@p0^aom6!NV{ySa7uhUC7~@mJZr8jXA%^(uGveXBjHP1v%*p5)q2ok~``Rh(Ow;
z%8Z$mmG(#;AJ7*ZLCnsKU6&$Z_DdchO#d6g2Xb#$8Z=LK(7_TNP
zq6?)cOi&XPoBQFuyqc7_2a_JHZi(xKzE@aJOmwuW9zUM$&tY<-RgL&%bboLTKF-RF
z-%R&^VPd3JR{ZUBzvc)ywG(F1eN{|=w5pSEFWomr`!>EK^Z4{i9Nqd$riwBv_P{xkVNI`Bhh|3}C@
ztvm5Uz(2YhXaRoc;y?8yRQKYCuKqR#9(wabH-8vu>&Fk>{U4IHVt(l1KS|mK@lXOw#y?mjE8
z1}YkAnhxQS=b$hJQ}z^24~IVor=qWV;h)?axE(Aykz;#?rk(~9#x
zakew(lw5YsMjKLhSk4Hel-@t2#HenGo5VS6m6HXOVPLJw6$HP?gwmx>I61L&$o~qSy-6)2pXQwn#7A9)h>3X}rWN
zgp|8Hob^e@`F&R@OqF-;=4_Q)(YtK>6dNro`xD&n
z<$B>clAsh4>F=W%Y&%O?g+|UwoINiRx8kMT8ft2`95l7h|Rpc<9WmVBm9+dNhR
z&OWOn+CZ1Ua!nO3yj+B6ZHJ3n1PG|y@a6+teAb`kNiG&)@K`>R&hdOE_bN>E@Y!ei
z@k+7JDuZcDkClRR*rM@5bf~P_l6i~qX=<&6*{riRqLj6_k|8=g%m&^FSMGJnA-EG+
zqvzoT+-x3lzNDcE42>n|*0S_)f*{VCS^G%W`Y4jVpk3$7Stx*=ibH$$$AZ>T)KW%g
ze`H@6>tk6wVua{i-XGDz5WkYZY3W*Nh|X#LJ=5_1FuBB&K<6svUC1yp7eY;O7^F%R
z-#Z@MY8G`(@Ymb3pM#jmPZD(wNe}8$fGU*VZ3^@%vjvi=aaji5Z8~Q`Tk2Vyjnros
zVT;Vv(6Nw7ZQBovys5vSfi9E!MlEd8AqF)W1VbtngUcKz6~CpB3eOmLn))C{I7VtV
zIHt&)4SQOFIgzdF;(ZHx2+Z@nkB*4E46z#&?vD{}WvisaXm0}x%&90XT)1N)Q~`%^
zj^dV-^$6fa5r6JC6kHEbLk;^kt;gOkOL_2yEJDG`oZA$?&pR)
zSvG!NC11zb;m;94Y2
zJi3e|I7EC5FaJ;uNywO(qzwEO`X$H%K7R|4kY!iFw*j{uN5rL!A#X%H1tjo|yY82;
z)-|}e>miC?kr{|=h61OWqAvFilO}<|l#gCe9U-
zV1JV68~VTx-VdkSoOgkrzKQeFw=mw1kq0kgmpMdJ{sR1(!x2f9HbKSDQQb3zN?boU
z@i^EUERK%?d^vnmp}|wgvNoWcAUui|F8ql5l}Y`r_f#?f#1Dzci`_3aGgj9
z8=PV-{I@lL^o=Mkuy;#JYfHE&_Ax&!K;-u&UPS(p84u=BUT$J|6LOF*=_!zBxX)qQ
zZa)+rCZ#t>Uxfz+R#hxNmM=mQ;%kjY>V=!91Z0-cOVe&|RKosFoagp7y6K)~?P%G`h`%rgYK
z7+y-b0Wb9et*g>FARS9mfo_K1Rg4hFOvCp9fxU@WDV{FU8FK*hoPn1rM71OrQXD(H
z0344@ua||~)HQJ_@K<87=OZ3kVy7Mdae8d$jGjr?grOLjm75;&$FVgj$>;rVj)m>X9g+%9OW1MkM9
z<6g$JN9GLdiFGraO>j4oe!pBk!Cjy41HB)phnRN6eIc#_a|aT4JF42ihp}UbTZXEP
zKm}>GeG1jUeQ?^0!=R4<^31)npcRB2(XGKP=IYhC21BBp%K7BP2g`9RUp%)`8*ms*%#nY
zP2gOv2$iLo*B{ZG1#o34f~t@etDZEUrmE;sFm`BGd04~_NVYVuV=N~R13az?1L|l(
zt~7h2c9dTO{8s7NapU347E7?ig}nH`IeUX7($`*nn&D!^MEf+|hC
zKSH3H^!7u=okHo<4ul>KNh&Q|1K<^e-`)XXG{C8vKr*7tc~tm;0%=9L5YSZs*Ow-k
z^fTc=p$zk4b%k<*d>(|oM5;mxOs*%3r1d3+d0bJR1a{8BRWQs7g~(lPq*d%uFLudm
zAh;XaN^H_!ZurzzTFXCBFPg|?5USlovQVc7+DR+_Ih&LZLi?LYTranm*4%hIOhZAK
za1&|ZPtepsS{sV&Fs%S#-A$y9FC*aC+h_BqYFbM^3&P7ck-Fe(_dsVE5u0aM;va(W
zsY4RxHT1dy0U6QuB~&?-Gp_)<5yZ#U0p49&A7a{)O&He*zTsdKOI~}RlQ8LTje$PW
z^V}_XZHTIiW?&UMOksAS`l2sV^E&p8L6MOIfDH-awK4Jw^p_!z&BBip2%igVaS(4q
zl|-@h=5&&Rik#d8?6DwTuMy-2%JAROfu-tF9sqVEi0`M`^EMgrZFecC@|5R+T?pc*
z(9H@Ak|FI^;?2l-;6`J#EjaAVbg>%r50>7?FnL5JTBZWa2;xuo0Dil))^)bitQoMv
zAinKQ_&-!y&%R+>asaR)L3}IOZjs=Y@^>vE_aexnKEkHe1txRua9T3SEX
zwDDA68A1FZ7v#rCD;gau&MD1+6$bH+PeXpJv}O-+;ty;{5dV2N@Nv?59(H8;xxf|&
z@!0Ob$4e^|jXUF;fISw(J5&HZL0VruVCz2s>_`w_{Wk13QCfZ5+w$juU375CEeY=o
z9GD`*>-4a@L>}}T!f@C|sCgTd%#hZciMEm|z-k2X6AciE+0t@lt`PdQU!JHyn#V
zSWP5u?v*CC!!GIFixRb9{4
zfpCY`L}60xjbfgbA#EJ9t_16m(#)IbXORk+{Nq%38PsE%PC>LAvPWJ-Cc7XbPY=U@
zoXm0otSg$yI+blqj6ee4%gAwK(b*wpSyU{kI8;)UU>-y(ANWOv>{x)=1j+*q!D?BG
zDNH8eNA_>lw@JkyjL;-yMJD|rt)zW+9$5&&J(|RRa$!;G48!_knO)jpbA(ag)u4uE8f;cI!|J#dtlz*0#Q>!Q
zizc0932Jr2IynnYDWGL(DjS?xrqu*xxQ1bkM0cI-QUq34VzONnX}}{0drc!Ea=P8`
z7z4tzn@HPQfs|!LEJKsSos+vkSnrV3p3s5klA6)D!90p~J5a|cd(bkNBM*RhM3ZaL
z*3N-jjk42Hln!|w*aeOA#?^smB<3+m=TNuayorh%~7CQs4uuZIyv-npzeYnwb?1eczMni-L?R$Y+R-PU9kJv=&Aqw@#xg(i?tf
zdGy$6Ko~U)VKh4IG>{b)K8WE0W_gUr$6?z>12HjyK^-{;E*j>bcVX|5&@~>1v3>x+
z{*3)>_*%EXkC5QJ#)0JBgvb7l`YiCBVJAG#nEYadc^3+?5xCq7`e7}yl|=YQL4n^4
zU&1-T>f|{PzSAVtEYg3b0@n>+6(kS&DcuNgBn}RjTD0V!O$7`ytP&Op*}G~W)N)9+
zPna_eyw;T0nEXASA5FZ2)m+6-7Tjh9HSL{k+l7olo^
zSj7x$d=sv+P0c~L9=l2I`xD3sj~WqVJZaJ|qXJJF
z{sE|6h$(-gQ&B0eY7HMW1#ONIa%sBVxhM}pibE16&mul=SX=V&_a`bfxxktRaX+e{
zz>7x2g@JZ0-V0c95Wk#^dT759adEFb$2<+#oSX1NMnsg`#@7Se;@~_46=r|xt-Nk{
z4^6;_Cure}{U986NTN(Hyvi7O!>}%*1Q=)Fex9(EWXm#Ts~~`H8P>6_0&|;izo9WR
zJsNUH4L@yd#I}q>5~blNkr?K2)S7{J4C@mtl~RfsjX)?YO)7IV1*GGKRpC`kWA_C(
zln4|8m85n3=wAljH&Xgw$SvyTqWTDY0INcuRfcj%;Iv^T{S5kg2yS$Q#W{Ed@QmSG
zfpuW{oCB!3Qn)CGd?wQ`Ad5+NO5{hKvEWd)*qLc}kGFE$qDZ@tFGT9$vnb-JhkGDk
zsjD%sYowrNHS4$pMOVnyn_IYL;e)lnUVq_z&jM?$HmUqja+b!8vC
zQ<2&Oh6odx$6DjfWB2@!@$jLTS|s|{f7D7827S|dCMax4e5>Q*?ZID+)QD-4e
z7O(FKY$dDBkv&Lk%nLBlX>h;7VbJI0lK+d)<6VHO&_k400GLqBpqkEFDM>VkIz43_
z1j`xp8-;kXtGlYXkSfnQ0P7Rs>p=*Nf-=p0$T_kdoO?Ks{F!ikwgu59<|It_aWNkU
ze39mGhl=YP0&R9@OMGH?5jTMOqGszZqP$t8r&X9^i@XQ=1ub#~fhfry_6&?QIAS#{
z#CFgJo3rn26C>RbsdzpvoFfd=p9SUTZxoRAd?hX+w;^_gND*C@rr7c|C|eFblHltRYzFBH6P*z6_$BNb~*H514}@^iLpW2PY*{&SgXM
zdTaiARPJ!CppnE$SS@isV9i6Pi{$D8$qk};M}R(PwXUeNb_UYdL6uPwudRUUhpeyD
z6lEgdIX6+T^D91lv&QaHv0exGk-wvCuzp&gg7FgIw@Xntp+#aP*xtR-+Pzcpz5wTk
zQaqco$x3OeD4vd3X220lNEtz?nOOW8LbcgKt-&#`2~LAjJe%@}^(v|aGEOJJ14>cs
zP~|@hRgYR*|5U1`g0r?XF9u$!j8L9EzikHMvCaB%lahE6?8E;q(X>4Lc*?psMMdjV
zurF%~E^CxY*$hn1ZAGFzpn!*B#<3g@Wdp9j632Hzx^1^c+tJSi++0(F`k0(@
zb_U2htu|A!0tQkahbR&^U58K4dMCZ1diQq#nHEIfpsMdV>zrE%s`%CbS*OvIX&Vrw
zUFOLoYzhX~1B6gnRfbBT=+H?dGI4iAdCpSJ)&2Y;`3@$hm4)hQeNcRq}VSA68(em^$~`}yIBpBhK^tNie;KNAZR?gRYr
zA^z14nS);HY@PGR-v-(t)^_0u`5lHl?$>;@#%{?cgKFIu(N&=QSR>&<1d
z%3MZhQrmrlDqR%5iN$=Mm1=rk2%w|D%l}p-v)tLok!e7aWr$#gutK%v*~rXw^`U9+@}tIAWP;@;lTPqDLY9T)ux&ii*-|ZhGQ-qsuGH
z7CSA!)!noTyZnDP{cF*I^rqf*m74yMX?O#KI|E_d83^ajKm>ONB1Iv02CNZg$b5L3
zN4)`Slo@dph7&T6x&zi|Gn_C>=26mHW7K0LDj@0*SOsQmJ}fL_sYhV7FzqhEYKRna
zm%tithS0{vdDJJc?l40sdQeWC0&Aja_X_f;S71$2%I$7}`w)0PgZ(ECBlwFF)h+O$
zZI6K71RM;O>=sP)BS=*p1lM4b{qT%_>Ys!+oZDsd)mb`fA1{BD{y{Ot2@Ow4V0~}
zrj_xK5NCmXTN+QGHr$$STJtxkFqz#@6W~zc{)BZpoTY(0Cdx^*X^bx7l*FgF{0#Qhu
zr5-!6nZz+sk0Jc)>X$=*g(0V)+5H~-^Sx60n}F0L0#Qhu2RwGyiV~*>@&`xYD9vc_
zx0iYBKU&Ko%mC8zNW?Q}d9wZR=wE?Ge|x#dZd_F=`aID0{m&#c{M#!%_Gmb6GUnGn
zzv7bccunn_rHBeN{@aguY!j}Wu>JkvgYYjc!7i%;O#tjw9=peKiBli>9b6pEk+Cb$
z48UIPu?sO5>JO}J2UAp_DS%z*DY*xpfF|!Vk(H;jX%1jN?y>Xnl^MCZRmgh6&8|da
zyZxlcGZ^oAw*h>BvdA4sgXvj71;$+CDb?(poCcf%=7k7sQHiDj_F9kq*=e|~J230P
zzbrI&Uru-)P>JRN_ER4F@$2}l24FRDG1*VV(L}&r@8Ow1W10!rPkTxbl8B?JfIZ7o
z_3V>a=F(iie#TR>C$h2{(`3MY)+1*FjcGPuZ}9j@?C!=qCOjvf4)9{x-YB1rG^PoG
z{k(koqA|?~>`fjyC1^}j0(-OMc|PB`6@$3_f-_9!^Blq6;wei*z2C^^NrL^79983u
z2aS*6$;(ZGJ!3F_vMr?d7v48OvB{`<9{i#X1}h_b%0SGlj2ei6*imOn81(@fSQ%!}Bpr+cgjk-W2`>Tqk%-`KXa!A0H|hg1-9dH~;wA1k!RuFLuOo#Rxu1h5
zUqtX|$I&u6&KOD((k7$+LCjsEt_Mlwb%PMiq#I%MBly!;#~SOw=0#$)31r5rMBAnT
z>MN?MQHsLZw&5dOd#BGh`7JO$0q&O$zBp&pqs%vb#?bO$I};hkZa+4H%C1@fLuv^o;RM_SA4#!7$gk|6kby1d*d`(X???f+GmmZ
zo)`>+(Ty-(;;hM7EE%7H)hQBofGqYgsV#F;5!*4YBIjQ>_Za0irb)B?j4wdHbe$MB40!s#?0R(2?U$Q2*DW^JH44&(}=nFPcBN;V=4G?1t2YRkc
zqUSuiDg0oZf{fq312R)Acd(sKNYGe{*V)yqQkBl)T_#pQdx2%R@eL8Xrw6o-wS4Qb
z*^m_biSnuUNhB>U<|vwp-5~Yf<3jvsB=5q*VP8y4HZa?bgEcM~3swNu+lZxlN+Gzr
zKoUP0r6xd5rx+5^F*5IG<1E~}FO6f+r_O3dF
zu^Xv(4gkq~YjNtg`(R6^W&g^lydPPgHdx1Dy6NZC`x3L2fP0ZS-`I-OZ-2q}HL+pP
zZ_|ccd?$sT;40-T-&^Yb5FnOKso$nU!7Y1uM@r@WdcJ=Nso$nUtSy_43isP|kT}k-z`dpJ
z{{h6ZDfQdK`2H%Vbnmw(ccOF#Qj6~`JGL`fhai4C8TXbQpGgq9Pqr)J-s046m*?CR
zKyX$I-pN>YTPz|i`#@Jpv$|6%;d7aT#HZA6(=JTQ-pJ{CyrE525Q5{|PCzXC?#7h9
zi!|BZ$@lr3j>9&EWP1=&zdaCg{r2|0gc*$#&7doleLW(%C@)gW9*ZEc-=;S{mQAm!
z&@zC7gHSqAN^cdQ38(ZP2&L#uX%bAFe0R%a6m0c1H3~xPYS-uGAZ@jr?6V{=5prhJ4g-zEW7joDt{%U-qoDha4>-h;J4}CyOqJ4
z1`=Qx0roQB!E7=#0g~ijPkK@iqlwvh87%1LH{*3XOQX1MIiYPQqpKf$#w!#G;3g>
z46u@yPVcpBI!4)VQ@Ghn5o`2e0K9Yw2kWz#vfew##i>8x3NT?K%bPGhwgiZ;Xdl)@00)OpLn+ahx+7aIV}
z{u}rBaB3Pd8*ygROac?YZ_~ZE3xiipC&2PK01RNjn|Mc=%z$Kj3+_=iWcuyj=K&=T
zD1Li9VJ~6qj~JT(7GuMA65g|%`QCg2w^=~xwFihTWm=s28R9(x#AG{-QGUOV8>=;P&nuOBXscsmn-=
z4SaeMziHzycO=d&0m7lLp(YXze-@>28hrK&_~i44E=wri9Ti25wg(YMc)*Y!0a6~3
zi5hoet=cTj(<{*hR^5W!!rL}o3s4+SWj
zm?n&JxN~;wGWdYrl?=WTc{=55g=Kz%5g+204~
zLe!7C)KdD(6=11mMl4;4{56-Hxih?X6C*(RM1Rbs=luD`OK9GiU+uw|eN(7D7?i-8
z-Y4iUvpQlAc4~+OmGHdN!D1-|V)NfNH%i5x({9g1q%bRMkVCK2AfNc;@&()p|wL;dy;zNZwU!9$SqBLi|)kOTr)
z_Bq`9ZTbyRuRVq+V^$HE0DivrR$=h`l?0f*8hG^?@N6MDSum>^rPR1sH#n|wWgg2Wrx2_>@?X{Gi+C&T~)8Z7P1R&n^K!g)zl#?4s6`H1c
zDe7j~yuPz32(_5Fpo)<_#0$6rCzR%*6P6Nefa7dvcQZF41iMdxi0qCSh?*sra
z0RzBGXJ%Rq_1hJ*kXN+}bjW?n>T
zF}>fm-T@KKpwR$ui*foO2_mq?DTZ=DydxQ9;QI#vht8i8E4uf-&vNM2Z@&Vt_c(LO=k(>zhzo%&n*>?v{x!hS`@W#m`kc}-
zNc}d!y%p~y%_T~=W5gg6h*(%4^)^Q)777gLN=36MvlO;<%*Dg
z#?P{^VkGn1^c#?v)Mzsy245wl<1VkjcpYC!Ps8oJdAZAts%LOI8Xo>d
zM)e9pyuleH4S#u;jUT6(;yucje|ZBb-as*uQz(de6-lW{Q?RuMUp#=k`}c^-AF_9GOJ1*lp%VV_2jcM
zL@(1dL~tJrhm%n$Qe_rQL^B-#eyN`GLQGfE<6P-~LpuN1A#qC~U7%|8Ay}<^vQbxx
z$QJRbAZ}Ys^{I$SY1Qq)ojbGY_TV1!Myh_FQ7%ID`;4Rr)$cRv%jZr3R(+Y_s-Ai$
zcnW#2w5E5EBtSaLE|{_Q#ZgP{Dg41^~S
zrsldD#&y-V=HS6OIMKQ^eavqbWKD_9uarWkRim9@SLs^Rd2MidLh(nShX0JhZh(gI
z84W%Y@N>l#-Uo$QkexycA+%)?KMYNwmLk_3U@OSE1JFFx?Ev&E0pT4$KI;xZ^Vu7A
zfX(Ot`&Ja~0Oh6>6M_y9Ap{*DLI^rQgpjZf5MO|j^iV={N#;00Xcg_2gnoM^yd?5j
zmxNZ^H!R6iLI_F{Ap|9f5E4-mw6$C%WP)3zou`Jk@&D?cBg|?M
zZG42O+O#U%2=ivu#zp*5$O#sc^HPMI|LRNIjra&T+l?CXS;^UMG;rjkmibArIgaw7XqrA@l;q|>j!MNPxLKt-tiSqM;W+yBBllRrzRU&v|z=%He`tsLA@?3_o7
z)R~_N@p>_3#sCj}WT=Q=SM>s>S;RKA4W?upi=nP?QSVCFp-{IPbYwe44t5}SRWX`<
zjv8$-tg#C&frivy;oa=kaq{${Zs8gzrCTUHc<>NW`m|ATjpTvn9D1%PeM9yz+@~q$
z&=pZ=fl9K3>R*9)axv8_V@6YCpdtz$sOZKWs3aeyItD8FtW?K9
zC7*9FP*wT?C!8p`y0i6yTvus#ppr~5L&*S9TSZjGt-gCf#G?RJU!CtSVI%O6GE{NY
zg45||Tb=<%ilWmUbQ_@DJU&slsoCJ~Rd~92l$@pbQzVs}2mKBlHxKgGZu4l(-dZ;g
z`3xJc2HV5=veoJ4u>fqfjoDF>tL5fFH*WKg4p=u2`K+6Ve7;fh_!VqYzk>AFlyu!Z
z_CY#Zny6Dqm+*hpW!MmngV-(2d(XBp=;8?fE
zMW=hx-+;1th3o<%xUnP-y_^gDWzv?qD%t?bxLu?!PF3&^PKH&*@ZX_g4v?d=(Ss=t
z+mlu}2}5i0J*{pMhIXKPBc}#RJ3Q%v5Q_=F=^lx1(9hh9_@6M6ex%gUX4wWzh@K+i
z_g5>41v`~6{wa*4+lrxn15{WLsNIcvF}alv{D#0Sz%3R11Dy4j(-OGFIUwyLbhFvO(osoaWG&
zi%+jWKSx7zXgQbeD}wYZGp_-;qhdh|ZTd3`KLymC<`?JnNGUaTiy-}C%T-|4QarRl
zjXb4>Gj|Anh)_p8KzBYM+kl=U_6L+#6OCr5umKU<$hUI-5`?YF}0jqfN+us){CR*1$U|D
zE3y6u#@C9jtSdDOP%cRgIq49=2Y@>f&>0GMq>DSp!3`+f_+`+gtHMil@jeEgJ5c`D
zJm;n&^PJSMdCq%a`}NYIwV6IYd^BJ`Nh5ZVc@Ad$avWEl3^RWDtVRRO_~mma5nu8r
zbp2v-){EnQ|E|4=w${6dLTJV>i7=s{pF8{=
zC><4{c7tB@Wv;XFs(#}qoe`ph!fWZ)!!5vznqE)NF6)q2D?27hHKsb`*vgJ+B_Fdz
z!nP2803HP9U?l83c7VG`BPPEkB8Y|SA4_DNXy>sM&=8Z6^H>58x)G3<6`uCShX7@j
zi7A>SS|~5T`RDP%ym9S(GTGKLjao4b}LUoVP4>mdw{Xl
zQ|@D6m<4SDM=(%^);Z6e0{ilj|FkD|Tn=&Ak=LTby;AH^rFP)hW>9SR1V{!3tU&jN
z@x0ShnkXoKCE}kPk2SzOl5C7y+Wyd%OY0qN)$YWW=@cmJNk8Ugl^U4D#DM`QtaqIA
zj7j+;sG44i*BqDEOW?&VnD*STclW}4yiB3^FvMULJIQGJjB8Y^VkaB*gtIEA
z*lK5W6>QmAQIB?=WW*uD7oBVlLtEvQ5qF?qBy27Q2SB|IrT8*~=4KW$1am2!~49F6Nrzc$IVx@*&Oz?!OGAKw5xu`(Ua^guL?oi~qg|`B^
z+rn>^kqNhjuLTLU@PxfS9BvFuvo{hh0!b5TL|r}u^B-Kh7AwL6KtoK1BBUNgJ4sVG
zc*VhgM&XCR;W;(!X5b3NoSN=oQLa!-tL0;M3eBv|0t9IO1*;^*D&VsEgILjYoA6UM
zscH1^Y8SD)d+=sbAv7(qXFC8BQ5mfLIV9jt+mAdy#_-eZ!DF=ek7mF`aO?*+H>cgt3#xqTMS
z&0uasKc2Wr9+jdRJJbI7k1_3kzZef=iL;v6ThXh`kg(@dAxa^`ERTe%@Dxw`33(bu
z?v}W2QLJ?JbO1EOWT?V~FR&u%1&BEi3G+BYJQ4|O;VQfy!!=*=(CfJS01Yu2c*O5S
zv2%*yya60`7wusyXRRma`Di-FKr=|uXzzbHoW>cjvl?>K5%F6QmP=JMX>J?2d8yOf
zKQ*f9NFHK>pBnWVfdtK6HvdnJRx+}OuG97$G88ZPZ~ik17l4<$P65#nQTn1$A%f{e
zBgtK?eD)%iXdpScK-M|EZKOY=@C88GlS~;al}{hL6~Ffi=plux3;m^o>#ixx-Po^v
zKTW+P->%G+_%;KS7dDh#n=C8EsD;fhhGzj!H6w_$1o|sA8c|I
zbM39SI7(!V=EA~i?5+8C*x{||SI%jO4z9z^VIZd{7JA&dQk(@(k|k-_TdKA&{jqtn
zcv)`odM-opD0)Ooh$5>ZM33acLe2aTJ(ACA=7;E!e8$XgCb-{MjQfk={$Fb$M2{l4
zBYG6U9nm9~JN-KPIK^E%$K&8GI~t-#YorB5{1#}Ep>TEYto)#=Mq0bbnL=Kbh-FP)
zb7xr-+>Is4%^;|t*ysuy0w}i{y(HlZ<6jg9
z$&(eW!ziTzbxA|atzdNM5OGCEiJx#fB04M=!8@Ifi8
z7J+GwK*Cy4a~5etT@IgcEyi_&;;oBV0BDHGXdK8z=PR#pbm#j4INbSYr>)!hcpq*=
z=aZ1|&PNdLeBJ!m?O1^GU~{EKbY0c~lI3I^QQ~ly@j{-T4lI{J&!B=zI~&A#}coSKvk(00Rb({PUP_DM$C!fKXm56OngQI~0R3W)G(#O1
zcSup(Wd7tJ7;9r=0rFNTiuNwWyMXd+ffhtODidC9dXlA+^LKai0P&jElvgEUv6R=`Su6z`p-;B~L0!d0cbnmWvisf0N{;pqF98~2dUAn7rV4QY
z5c6{+?8hh;!dxqjfD7CS)*_K;9!KSPu*Cg?zQo3#c7d^gx}+iI1{e4daU~Zx;1uQ=
zibyxNED*Uaa8MB!xC|uh0^7i63<9P(8VPGfPDP{<^@I4OtfjcVu6XMrt^hQ|WGG_r
zWJyD817wB5(K*vCT0qQ9By2Zooy>J1xEfWFh(w|}`-l+JaLra6waM=dCk-(-n7lop
zWVZAq^zvu$&|MLR+%~)oP%iQX)yw1mM0};9!b@}U{so?_9?al%NJh@!=gN=_@-bpz
z1}{T2m`>G!i>Ukvyvr=vM(%g{4FELEyL5_v_XIWwo-wP9$mRhh`pJC=fSfU#(=)|e
zc)I63YsN|hFn=3`nhiGBW=iH*3Gts%xS3f
zAA=4TbGRYh8=VjuxMF<%1P<)_++Pj`!}?E|g()1guBtSzab
z8qHKVIu<<}I8m7iLeSY|QNPc?DXlPe)L%2OF}4<_Ass^4-Fj<$OSuFa9X;U`w($0f
zZ|p9~>Xb!u1Cv`7YwhOV1eE(;rLk;eXEiiCmL9WH5MNF(=JlfA(wg^sCfZR!Cz+qO)O=D>yA>Vo&@ET
zVw68Ql(cQzp(J)hiO&G>veQdA!N+lzScp@tiWeKus4NU)?V%5s{|eLhjrJ!a2vE(8
zlY1t!u(rYc?>3;DGmu~s(?HOQpIh0h*_bL*Ft!Fq0nYOv8gnycraCTln=x
zT>qFRP2a{fz#HNGLM#HK#Xvw&{h_gZg@b))FQ%e+IHVZp#`!&!j(`M2{kth5j}pG}tK(38BzPddD?&ego+I#<%7-|vGRZUg4lyCl7S
zvGX0EVRi_6u_Nv9KfTzIhS4u}LF><|St36b9N
z352NE;Fr>s#vw&&6qW&$HSUL+BQFvE>IS?9Re1U(&|u)PmFXqWD~$VpcnMSsZLx&n
zrLDXTyx2igpoJYBZ;Io0%m*WbF$bMsOv(zb*}h`*ZEJ-1HAk8tY_0RnX(9G1aGG1Z
zxV27&qH*ZJg`5@+0ZDk{kbw+LpHo)gMFJ?zrbyVIQFuj9pA(7g>zE_;$926Ds;5lD
z01Yuc>=_&j+b;lQyuxedD)%6uVYWxh>hPoxF93RSqAcJ2F75>fceu2@J0G1}NQG$Q
z&PVAvVm>Mn;BbyXk?5xoKUK_Exy+jZ%8DrF++A)o9~}S|JRh}!*joT9vmX++5QTcQ
zh0=)Sr2Rt7!L^wZs24o<02*R?SSaDqhjDB*Am-ypm>KO65ov@q{avj8as6Y0v`8yg
z>GuE)F&Xjrt^iXnW)G`;8XWbSqkkrzXOy_zZt972+w(Sei6@UF5vF$dQL(h
z&uJ7fjq5oj0(nmV6e0c^FJbG|xG
ziY?|jm8D$INfgp^_R7PtJJ4;F(pY=WZjQ$Hpyt?f9=Z>E$rPUUoR0#}^_-^|_kZ`C
z!5KM1ybH?gF;eBjZo5AXC}S{4#B4*oL=cLK`IftIhKf<FI7NWy#IGJeMJlra@U9VpGu
zkg%_#(3f_;iNtn?*A&-rja5Rm(=#`~=`lUk!F)9Es(^eoO4flMp6UY1=93K^-FLt|
z{2nWySqfJVPfH!#d}sov25u^Zy*4
zCW8eHPpO}vV((LYut?!Qqp-qrsy=m)`s>Ib_1A8YI$<`JK(#<%rXyh^QzTCtIgPkA
zZHU*HxXx0t^awW!&=Awp=(GiIA*KRi<{@Ebw9`wZ5mw4r>|w&SrQ)GSxaR>4F&Xjr
zXA-u^17hw)!aQDqLL!l{nx~oK9Ih1=4_(<80Sz%3c*LJPDa7|9q&01&Nk4RAjOw7F>xfUeb>0Sz%dDeWJI^*puA7jFT4ScvtQa0=eqG~4~01{T3xh_2NI
z_=_R3Ann|O+yyAd+b9&rC8Bs6I(Quwa+4vtHg#0gjUK6cr%>b#n{qP4VsGTOA2NP|
zti|B^B5|IUEKe`t;<%AK{}s7?o_PANH0Ma(G?+;Qe?E%22MD(-MXS2yJPs)9H$<)Y
zgE1c?+zIF^g(F?^N_
zBy&EJkrWxB5F&2U1O@82xUKJml@p13zqb+G#kIeZtvktEHzW@+Yt&~#6evFgj`=MT
z=KAb76?pOVGiujBwn!r;3r69~_7~t}iWM&&&=B)Lkm57qg?&QSKCX64vBE+R^*|KycdTM(rKfjGy3q@1A
zAf}Vr_$u}Do^+#ue1_&PBCK*5nX?o<=0N;s6#fG!YpyoB
zh~T%c;$YzyG5;7WwR^+G9RO$;ZYQbfJ(k+---b)+xyPzY$AnOW2Vk7=EV4pWYzlaY
z^k-j2{2zRtQQUQ~dvPRpIOY{E;0rf}rycVrzysqU9NOsM+FLs2IFN)p=G*xh_P!m~
z>#TU`w|?ces98-_H!7M}h3;WR85PZIE+1jUZYWg~5cm}vJ#p*>XqaJSq{Xw?`3xc(
zUwWdte;p(Zs*9WlI%&kRp7LZgs_xVo!2PBe?(;5gB~JwhH{ty_d>Miqb1xEZ>+~&&
zNF(eu{W1RGdPMQk9{VDoAtvMI6*!6JH4_GUQ(=bODzE*LnjMVD)>Bm?mksm#Z$McH
z%1y;6hdGqq37V4F5oN+_dxW@)9u^~Ey(uWk!BJ0Xqxvyqi!@@<1#+Lqb(s>N`^xKp
zhL{KX=qx<&Sho6Wgg@y4-mBXJcvZ%Toymm
z+!!o6D!I3~Ch2}d#vv98P0mV9Lcj2}FM2N>91?7@TZnr=S$Cjp1pM9wJdMKN0d-@`
zQNOGgf(YE^r1}x!nLewc>{wfi{8oU}^%Shi
z3#?d!P8qN)GJ{!g3l_w)gePRh=;-@9RGV+1HY+M6bvtOVO|^se(AinCkmg*Q6QFQw
zV3@s;u!$3-Ri_9~1vCC;xL=V*EbecG(~fcdXMnVVuFWNYhL{Iz*a;6*o9Tn0(Q|k>
zukdx(*$*h&C}MZpL~l8{sS(|^?{*>10xRrstpQCv
z1@rP?92mT|9U|k9IRSu6O|eTm1`kX*g`Asgzub%dBw>sdo-{jH4*rvU-RLTqtv6B9
zW2JD^cd*nW`1&3yB=whygj2f1$^(eWjYQE}!6zCoum7vo}>%Q#b1!M}&;cNry{w+9e?2vHBy}=nSw%E85##
zTCrWJCylIE(LEj}+AM5)0h21gYN2TBy0obdt&%H(cf$-_0R60wR3Ecn{xb?kJGjye
zdV7sD16t^o^+MbWtSyRGkLoKN+Kp^NOsgxEHpD?dTPWPAuAE;1<&{0fi#cjRc(vz_
zMzi8-klQDzF=1aserdUpuMMB{K}h6agcx`d)bw)-)~l$rI3(PU>5w>sStXL39^J95
zLf)6XWoffrEiwTOF)jLUka(c~TJ}$0!KIY_6=54ipV|QR*k3vQJCH83${@08-??U5&m`Htd85KSGb97U
zqp%0-No)xQm)~xag~@bzzg2{{3=#ZlR#&`b1p7C$tbFd&BB0cB7VvO8=v>##@)7}?
zu!2dD_BHrc?j@yt;hL__Yhfk%|6746`R)o#=_e9yS&mmJ;A?hA!fl3P%zE*dNJ7uy
zcgpU<^`Bd%N>y9~%mOsT^fWCvuo~+iK+NSxm{}8a0Fg*oZ#-&>S8&~+c=UF8ya{NC
z$-rZDlbHydD;(`i(ubq&uL3bwWtDZwjh)IWJFs-*#&;dKiGao{+>tJB9S2v2;LuQO
z&cORWKz%)B(X=;T<>1N>*j#Vk85CjO{C0lKYOz2uDC*5+eqVU=X6Q%DvZNU8&96X=
z8;W-$bFMd+5%_R#E+OR2DLyB?c|%04Lc6g2sfT2*y?JXux%E>lKHQsMoiAIvxbM}&-%X>Yz3B<#)4!$vOwD^tj<}XmuAr3ya}LTX3*YTngQPY-FvXF
z5Ln9glIGcetcC0XhnrP)h*9nK-rs9c$K|5;njYQqFO9p?#Fe#x!jW|
zy*VLCZ{FuUP~-RVJ^`(H1_}2iI>lH1_+282`F*)tbd?$}aQW;5l+B|8{`jT^A^yn+hE9D%a)=uuI|uK#;fl<{bciVMJd5xC4zy!EK~X%XJ;
zsHk|mqoRE7)MABVQEXI{2sA3DL)umFUEfKTM30K?b}Q3SN&f#vMJ3-I6_tJ>VbEkD
zdV;Sx90}Jj#iheWMH1>Cf%zY<3zbS$+~%AQXo%@)RQzU+5KjPNZa~7!hEkwBk+3|d
zk%PF_RXp^l_z9pPCZqY(xuMwf2guG_idJO(w^i|Fd{|fHh-~(ta{7LQ>5bfniHht6
zH`xPRaujb}kxvxi?N+4X?N+3G?$lzjVo|IjB?2lkp&RzCZUSHPEhKCW+OZjCS`wNG
z1D(b-OYzgD{SnX*)01i6MH#OHVtV!{W@H7CNLY9GhARX3kB-u0deEr{Xo$(Mk!1LN
ze+tn7kXy-}G#%2g6LsTYl>{N~1ay5d>NS9Jkhe(qxG#r~5$BcR<17vzBh)J&JEcrZ
zqWZw(#^?#&uY${QhZ9AE*%TBm?m!!Hyfw8{mvR)(rJ*9(j{OEh#e49c?G>>e
zD&~Nghl*>!mP5s`Alt6XVZ#AqUzQUMJy3k-@s603r25j>2@Y8T`z
zQ208s+80ncBq69k@68j^-WFmcpypg8tOEt6d(f$lo&iR^O&lg6vfrwiVhyg@ifL6>
ziI)HkF%Kv)5f7|Hi#M?26c0<Mt+~ss3!u!cqO2~sh8z)nhf(SCLp)JqSApl+awUW!-w}&QKB&y`NVv$f
zeN}hXG-8=URaUd?`6dQ0sWz!G;^Gb+up%d+hRrVoma7K
z2GDs5S8siIDiW9cEn-bmtnw-l*J8CI>8#kx*wZY_{m>MzILaYv06ykkBy3g+`-Yj7
zgsg|#6`0vcj6;!*!a
zAu<3lyEr`75|2c}`VvvC3AnaVJhU&K4rqwUh{rD<;1g3o%w0%0bW5RQ4&74pnTvS@
z&6uOa6uPBsH*`xVB9S;ICE@fcTz_sWtLav^no1nF5#taGE$ACsL&6KPLYw)Do-lhi
zeoz54r!yp{Xo#RcqwsD(-Joq)2V12gu>AAohZ3ijt%aKD7tc)K06lAPXk~0*pQTQUDu0VE~7aqg=KR`1Tt{$g;bZ~#=
zFp^#zOId`M#BeEOveqkSUOhm4;h`pvpiN&
zKI4tDAM5yjU}8>0!siT72$5@$RDs*Yi5BZ>&@qf6jijB&puQT{qiv+6d%C)80@URY
zVy19?Ljh&i*A8*MgLvqx2xq#4*8pWh(K$?HR*W?WmHbwfqNy~^%cKvuz1M8|4FlAR
z2yWkqV>I4JlWZ-O=;&5=H$a&e#qvA_=X2T9g$5c`PplzkCv#h6`-BK=!8Xy*5Fc1pOt
zip*AZO04VUGu&QvsFVdJ=13&$v?$ib1tnD+w?`*Wi8PY-LrKJoaLrM==$5rEoI{A2
zqKWkbl-*wDSRwY{A*cwm-I_ZIC>Ne0AvELTb1J;wL`Cn$fWv;SKcZ>>0&Qh8X*umP
zQx7X*I-e`tXHv{E+-K5nIWeyf5w7e4s;s7xm-dRrInXR2?CrO%WS$Y=h9
z`h5!2U6qu^t`*(_)U99iPT4B!`zp6(^=R?6?kg<5N}_K!SJc`8U1uFJveOAu&f<&i
zc_xuE4gk<5C5JASX
zNJKCM@fUHIrNrwIB;}|omJ}a0f=Kb|4EYu(EWS?pdn^~?wx@L9zhyH#kF|2pzw7Cz5pm!gd4N&vJl&y0Ntr@
z^$7B%gDaacMv%V|`@0V4;$pbIkHaiMIwXXkLoA>o83~t-M20zQBKi44{B#zs6%|80
zg7gA3MD#p@{5BVdM$^MMBrY?NNLc&gO|cBu{SBmXv?G56&=8Z+2r?TyXaso1vybK
zCX;$*At4*kE~=s*(PjaW@bv%;1mIzgM8ay)`y!`ZP#hT3US#!Nh2zd}4Ji$DyLgPC
z%!1rL9=Kh25yg8A4?^MVcCjB&)>!TG#0&aS82kY}R9~7^w~JpKTp27!yEueW;ma^l
zSPZu^psppjU7Q&L?*gc3jfBfaBEzbHNY->S#ZX-9D~7sVi~}@8^wcf}cFmS`I+piRPH%}^e+*~=mZRNFcOx|0lDKF
zOyS>c)S{S+$RZXO7r-OpIvf8PM3K=Gi3sK)vbPR*iD1j6Yf)C!{{+6
zFv5T8
zj*=@#M8Xf(@l6LZ%(f0gdVis7EQ_dqY;THQxc0+;24RbY7eO})cjjG4*gQlhvIu1r
zLP!g6U5x(>LJ|p!q1j5@nLCg$y4L&2Fuk8lj%LFW=|o6<57%S(&miKACnjL!>Eya$j&lqzQ+P!T$ql4nV>h
zQgG5W#8u;0gTC4?Rn4#|!ijcBJl-FV{ol9>B?0xoe@5YJfQFc1L8sr0Ogyc^|L;au
z!oJ3U(u&9lG+yUS{w^nB?{UNdfoh&Z(yrSOEN?zi^H0(XwTx)z$7TD`_?yVG;J!o0
zuzRJh>=7xhCe;CTIfR%g9MLgij==#x4E#2_$YfY@iz2P*l8yi=&q_Q?j4H%O&Qh>{
zYKhT6KEvg_wjbxyBXhZ;*JdsNl+8ST9Mj?>z4sso&=iFW&&Gc^64Al!%($IcZpjLs
zigWq7jY#j_2It=Z%cp43t`%*GFO{6us2Zu`1Q8wdR_vcnlUpq0Zf=e9Z-Di69ci9q
zm$tD(J6h6;gqE;$J3!6eNVq9bkkoAoB9Tb`y^j5FxZbZAYJa}~&=Av;7dy8Z2UP)L
zu0z7i8jX!$M(7jznPNY#;}tXQ&JF__VtQisVoNwOK+H=>m>Cr~Ofy2?gcnw2jw5)c
zn00cCS`p9?(-X52JMlsg5c6gv%#1>wVay2KLPyHR^<1j7o1P<&0W`$)#4I0C!|8yS
zOOP-#iW-J7BlL&UO|co*{fe0`=5|0sOi#>4z9hsufS8AnFtd|jCK3tjhtGt#jO!A`
z0~O4FM&TcThL{XIg5wV0{r^`8K`6X?T)fVJa-*b%Mk^uN(tKvZbO!Ji!5mT2#^Kl}
zXnBLp&cRh^x1&M$?M>1STJ@>n>}VuR@As$>D*!#DaLc-)*E+a_qs2w;^uP4opfa)(u?N
zSp=o+e{$~{x_T^dCj$CKiZp}9ol^|=$a(|<0j;laH@JKcI=C_hhmRrYObc&~sQ43W
z$l&;Vq;(Vk$x*zqkT*gE^TF;15Sofz9hcqj4m)>?-M7!++y1Yy)ws4)6Gh-Zqp%^M
zTqGHaQERTMzUucQd_kTfI175-3am6mi}|0T%?_t!r4mlBML-N-b3PJosl+#|*%Qq~
z{IdLdT%V{VwL$z;aeM*L5YhA2orF>~sfe=CE^jHT`+7
z5Pbk`sc>}%n&RNfm8kAOJFt4A4iw)WHF7CQs@%nGfd@hNzqLUB_vM<((^sVBA}KNo
zF`3q2lcUs}=c<_<&OF5O@H**7l8e_#*ZA5g6a_4bnI&xUq5spvawM)UkT_ZRW6Ww=
ze2m#x&d5nXqG5=2xNgIL29ak>r(_`#oY^%A;a=P|Q@S;Cb^94mZh5kW(3yENM2Vlv
zkL3n~-Ok-W8Uw?`D^l$vDgYWripJF!4Y4_(e^i$>r5j>L2Y0a35DV_ZH@|>Bp>VZJ
zob2GrhKTLQ3D?o!<^yc5K*A=WyfBwYG`;Re{F`VMN9_{d1~f$U(k14iJs-xCc?^lm
zO(YW9!QQ6$3)dg2$s*|DMtut=Oa_;j@csx)hyXEbB4Hl1kPOp^(3iYsiq5$9R?M_U
zy#Ngnz0_zajGTifa~6_zqqiYsGfas4jn6A7=2SZfhah+CBFx5cZBk6ZSBleym?`P|
zcoe>W27>t^61P!_EF#+52>t-qZ}Fc&NchQ6^tbP;N)vQ*8%z4x|3iN}QBHY$)!)7@
zS6}u&^tY(m_{<7S%mGMP3kua~t7Vad1G)G`99$>kKZCGE!qc@-|F|=kB5~i2
zY#g8=rl)~--C%4TNs!er2?FTPC_Dz7(v!zb5Oy`I*0mATh`z{;4t2rsRLyEsbqE2D
z%Le8tzm
zMGp1=vUMK6Q=$m;*j58j_Iz7WHd-2v8!=PZKl{?8ZSk%*m;&PVK>MqdlvcxZr2XL#
z?`6Ym$c_FQZo)p{t0zUT$qgJQz&E~9JsMLfPv$0#nJ`V*r+h(Kw+C_qEheC7r+wwE
zchu0_h5+CCLJzcOYv(1Qb)5B;e4{))9?5O7At?2rwLSeMjS==aUn!ZtJGaHVD*pwU
zEt0rM-}&N)qV-by0=&;7nEXZ04McyBQddU8UF&+}0*{JUdJTF6@;4T1-kE@gn4X+c
z-abr-h}k%Y87-f}`U;`n1kf^EmlR|62%sURCuVhEil+fFUqr&15i^mU+NQTRA;qPZCy_BCw>E$J&h
z5j4>5UPsn;TN2<_5&VE#ZnU!9;mzL`jH>n?AA10^pi7|TKs39(zEW3uLGyyHh*!dQ
zTq6$AKdNF-gAXeP@%-~~Q`ANNA|W9Ttw8
z@FoP`1&El9gzZOyMIvEk_QUHQT(?-VgnCeY7SIrpQMjv5_5ci4XG-j#=RHW6O#uE&
zq!D8Ci->>YYAfqkbyfKp&=8YB?O+D1A9KMFw16N{tInxY2sbCrNzu7J9LhL|4q>vNf^;b5>e
zfM#chU;cQi212}24Zp~N>j1?@SHo05LrexXEtmAhZZluZBLGhD$|ALO9r$HHxh9T6
zPmFE3f#i}X#=|}y?7Ri5a(yi}Dysd;5eMS7ptY~`Rq-MGfWaoWmB6ea@NEvDkNVZLx0Q^wVFa)ve2Yog%<5xue>4ea!cp5H)95whb7H9ShpI=gB
z2jX#5uRYUw9^E2V6?~8qnuMWyj<4i$7BCo}?&LwiiN4a!pvokrpq@B(a1^A5MBbof
zHqh_%*`tt=rOHGOoiQZH2
za$cbEa4_sIYZ#t0Fa|3h`wm};PHdhm(Q+RIWciHVV6{*bt-cMB0`Qib3y|fjB?n)$
zDK0^luNjqq+EjF>yCE^l*GV=qOz-Nw1Cc#_F%+?*>75w(H}2?@&7ELxeu#v-GJUcc
z)|E+i6^sLyaBZggV0E|X*8vSNJ?d;=1@u8;7=0NG%OY_ZibTR}ThbKG0FEujCj-zB
zlTqC-hcO!Ze8T{2_K)nuT~)6%3Qqyb{YhFIK9kGd(AP+o9X^xWY9n8xGi(fepUu<6
z#m@7Ho$t--h%c>M>o>6?9i+3hyvwK@VQHRM*ZA$tm*&qL8$
z4u*blKA-0o{8rVUQom`ge&YeXfqrqmdXf5-^VN&gFWy&IR+gh*d0#_UzZ}x9*?!nJ
z$rt*xJXPT)=+g50zJ@pzL#hHnQ=S0JQ&G)J
zDMQG9ekO|hIe)p%w)@rrY=BYFJjp2MqPTZ^3LeXA6(sfQeF$C`qWsk7Jq4@tTD2i4
zo7(clNu>+PfN1Ve`->=F2Pjzccd75MZlhXsW3|7~Y6p%if~aFrYOMnI#O3%Zs)U>o
zqjk4zf=c=z%C`Z`{8y!j3a({JUX8HKs@c*qA2=fNXG_a`5YbcQNC12>v%;9-|rUljz}Hgbh&ok
zaddD>wNI9cLO(4FVYk94-&~NcxFi{Fbz5GeUn2_TRCl4n(5dc1r%)JrxT~yjY8Nr^
zMz5fhYopYv@3Fi<=Wa0d(@}9tno+GnsgEB7V1om|G?5MSoCDa9*CPG0RPAF`R%$KJ
zJFR7PUZAivIJ^*5I=(rvq$bgF1`4(!%GVo3ICQb7rS6F=m}99GPQe^YJsf7K+rV&Q
zlbFoWtr=gWo}^e4%oS26pu1k;?E6~X#_wcr^TXh
zT-wG?Y4b71A*F{mLs^JHC07=!k6Wy{T&#W$#dmW9H4{;aK@J7%
z`aJd65e~+=xr5q3QU-Jn{EmQt-99QtcHJYnqE!xgm^&wr5_YesGEO)Gg>8AL5Bx=x
zZw|;RC_@Y)e>x*7rPcZrFlw^%SrDC01gmnu`N$;;vh}&hanrBUfjqU=wb6(#X5Kd9-M!W3Z
zF2b(W5eOs}=fhcCz+~#U*Ej>@jwhu?bumSyKcleo^{~RynlhTBGRM7%a`ehq!|icz
zeF=acTDlTdeB9gd8MHr7!NR;(jQe+Dhd(%#@MPJTR^u;lc{Gf6!W$>&G#m0nfBM-1
zLgG0t_TH1|mbapOd%eDSxDS3Km22!OcLGp%@I_4oKBOV@9j}_UvhDYIRht+VsJa`i
zbiY?EaEG>dOfg)~8bK#k{IEBU6gLadT&C8B_#Iv!y@?qiI-4{H&)(C)tZ2YRm5n?yN#Ef6TPu%S-LOw_;`GsfSCJ~VZquB^LD9ydHWXdVid4{k{ah55YE?o411)^XxFmEjN1IEjosDkBu0
z5rjU+RYrVxMjK>YRT-7TGjfm-1EooLQdmZ-HOL@fJ+E?bn45@}y-_c_JiZQ~@O}gg
z{LPdX6#liy!ecVeaf4l+>M~4lDObh~UiTzQz^F**qF8=%}Iy(4*uRzZMLp0FUm
z6h##o1PFSnR9dKl09j}=G6+z{6G!iNRS=-<`R)*2(i2nuAAD1APzrZ8Ss8^j0d<9=
zZ;7^hZUw&KiRp}-kiyqdgVo{qyky}eyWwd%8S^n6H84Fzq6Vg?NYudV(NTkGkCM{0VP0xXuR>{%OxzIjtHj0Q8d}Y=ufi^@VJ+Jgnm^XdWm7Z@CZLjnM
z|3juP5!)p{J0SJf1H@oJxfziDI#h7TtW6AbsNk@vh6EKVIAWGaXA_~}>?aBPOk)9f
z{qt_oI{YM3f)gv)XV!>}73?z`QyFxuV4vARHZ4pGIaaXWjG>JTJelot4tF>Z7rw}4+`0L|7&Tz(>v5L;o;
z8;a`(#n_AkG{j`o<5!R^HkiI;fNtFgac+PB8mTlpL
z3O1Szr7fJL`17U?6(EqILIqn*9V$qKU!VbVn{3P~RM2)PDY(@1)q^T6_euqItYFoR
z6c<;;bHfn@u8v1$|}j*1>{)4gkS|MCd|hxx+CFf(6;69|sGDn11T{94yEu
zCrEvTL{OyB3=
zwrH1>p~D5uaqf3`LsH>_3`d3&F32$JM}`a9nnl6|?HnysxS+kM!v$^2krK^K-vEf)
zy;CZo;{{72m2g(U%^fA2Rd5SgE{YelT~DSfW%^zK?NhHxj+NyF1NDfgh+;WaUdrL<
zRCy_@ZsmB95mG-XX<_`<T^Y@v21_P2w%468}72b?YpE&uHh?Tn<7#1((CpnfVv(7nzZPm
zP{P;k^9(id!D!d^IpR0f@bv@bj_0Lrdf`5+2)|bOP@0N2J)Fl`n%s;vjK_h!WTWJv
zSMHt?VLIuR`&grr97~*)`&grn1UM`Au|~Vdm3tX*D&fgC!&mO(jUp>|LgJPC2;n8s
z@iB1x4?QQf!iG_0^;O7{A%xyWnv{zJYB}oM+sKrF4S6y;&_^~yK7LA0HTxN{gn}7$
ziz|wCAH|x79iya-v-E(4my(5B8@^qTIB0{^Lx&FH@p2-(#$@QAjiIKp96HEw+L8(#
zv^Ct&!Fk1Sy^=0N2VD#uI+!+$5#PbSt(yn4QCXQFJlLdWaYTAgGNS5MC_oc
z^fDAXnAVy2rx?D~;M7*}*TI7WMfkTEqfpv~*()`yHBGEZ{Lc7(0Aav`hB;(PN@v&sd
zI9p7tM4foGZ$9wur`0w7)VIFyY*)gmDR7X{4zf$9$gFVFRMy52`U(r0)ug
z8q^2;YXyH>!&_woPPp%Cn3#AkE&lHEmG$G3ipQl+`(0Dr4XE3)Xu@5G*YkI&)%&H~
zI=l^FlDnF(!@B?`yNmfcyqKTjuH|JJ7O65km?z74uj8}xuy3368SZ-;l7mVg#P#_P
zHj30|LtahZD>l5E+^e-FPs$%&SI%WtAa#pAr-Mk-ULM*%(tS
zER^M6>dLzlP`CW>g>`1a(b@y6$u(7$ls1rGw9t){MlNKC6-am?L945tyyu}$;xD)tiKIhc%zIzObQZ6wQ}oBPgz$)S9P?WCwnO0Sz%d);y^xaHFl2%nmNjqrj=dw(7)7
z11yefvaLFGlnydm{At7@jA^$j`P-vXmlb-3
zi{7Uu04wcthJxT#0+
z7V=evqjx601e`iIBfje$n9wtczEi`uL#^xLyFX;iQ0T4QvYY^vyY2#5o^TVs1Fs(e
zHGf6I<)JK*NSI$D01#i=6x|gcZ06-Zqp&KVAtnQl;Sbfs*Diqc_~lt}9b=S>O~r<#
z-{nKy03NWJeFEjAla3;_E(j_qrsS9D&nV0V3w%a38T*EeDnvyJ{%u?@gUoF)mnuPZ
zMFR-`8HHOxlky|FDsa^`Tl{0p&oqUxx$5D)C>%1cR+P4lbLlP7hyIT(=GZhe0Web1z&>MF)IT{LD!%LF-av*OriNI<}EYuycqxH2hoNw
z2*-%EQ56#BN%P)$rYHn-QzXvkz!qh%Jb_(n>q-)pm|Po7N3X-sZen!F!73y#>&i=loZZm0oH$z6=#}f-#${I53>L?^~d5E^`9hr&>pV_d*$hi==HY
z;H#XzX}1y&n?SpaQb&M0qH=XS82_rjvhAh-_)Kh1(1@~?@YX)&*$|=Ij~FB{m|FEI
zz_wazHk)EH;0QDc^Cze1B6Y(AWN)`_DJ=vXsd(JYW;NO~^-e2!D|V)V-7Co6MJU(E
z9PRJGuKt)etzExi8z^!=2J9H+5`U32>Urc2Y}}EGAW;ukx6H#w!pKA*RnQVbGDN&+Njpdq@6L4vt6-bpihiR{h!dZ5%+~
zc5)an=ncrK|x}&;_rqHQ+{0t1uGlYVfY=dANzuU(8*z=va1(eJ#|{FNdq%tIm(t;9?jhRxA2
zoek>%-iQ(SV_=>sjxAE!!*j;;G_1c*VSheq=r17AHdD!##WpQ-Cz$m&tgDy-(sy&l
zM6_QPB+cCPiAFHRFvCju3m-e&2;qhC;4t2>K3ap}&P8B-xel6^N7sqTGprxqG{jOD
zf$u2!e|%kcfE2a&pG)O^EhRtX6V`Yq+33XjU7tktQ_H?24A$yk%oAW?FmR2`YDEeqo2rh-F{BZ%q
zH-l9PbA@Vv%ZNIX;zVNW>BmZ4H4Mfr7s|#GwHm-0;?ON95w&flR>#GYuu7e7GHt;A6cKzc=}1E*liRxoyYEb9Trb_%tpEU=@9
zKj~q*L)F52h00M8gzEtRGz7L-6ON$FQb9M3I9QjHuJVnYZ9P(A-Ee2pDN~GRwUReZUM%3%mKtU2UAC%>
zVMSa9<8Q;_nxMuQopy0sz1sr{b1Bp!4!2vNO4XUEYpbM-&{Y9oT|;=OWUQJ8Y}FC7
z3DF*mzJ^659i3PcTRoT;tS7;kZCH7I*2o5^^0~Ika~6Uxg0aP8>ETV@t_H#)Tdl>A
zd>6?b0^u`{B)DodX|Jtre&>>|gYc&zaf{ca!?r5%2A1Jz3$Wu^$SVQ9Xf^4StyW@k
z%%uB3sAouIxur=3rCNthgh`!1=xaz+RFeUpK}VvPLpczP8Z(|
zY@d&xqs+{aY7^!LY~N{MU;Fq}vTu=8=c~B*EnqTi?7yGJht*Qi=+2i&DzJNed?QU#
z)=AY3b4A8$0IM5?_l5qKrEE}4W9VfLf~&ob@nux>nOxOO_-Tr=+RfR4ocM?
zQ!lXsj14g?EAczbjuMU{8|y&W3-EwPu;g)?!JL=s<4&##=YU-zoU17DXFQfq_ybk6
z0@d?3;*}F^f|Xbp{_})?q}pB-%2NT};}I-bwg-e&Ks9|8`}<&k5jB9-C7hLKT*ag!
z;n6DnXxx(TFT$U^0rdmi1;i2k@bkDw)`Mxr4U%}Id?#O`SU?3A+e{Qo!G4J(Oc7a?
zyAHP!ss~h||KUwaKw>X`4ikq=&{~<(GN9(ZrxO$xfnO(%uSZtGO|tY?3SA2v~Dpp7BWmm9LbW{l35k`|_R8
z%_qzWs7+Wkz+J`Dz~+1MZuiBcMFB-yeluw^2yYmY?!K6`I-nXp;F6AmaK?~y_r;`F
z0?PToCH)S9Oz_G?_e^KrMV|Ht)Mr_4AD0S3aYNEwDw94BsPS+juuXM9Xd6S)V-*jB
zlIa%$>e*yB;h~^TG;}kxS(TSwWTgfNSDj5RMs=8Q5HAIH+F8
z?IwH$tX~b2bDX$_YO#J$-HR7Wgp&hZ9}eA2bh*7ivz<0UbqqIIoZBoAsu_|l5+?Ns
zszLCSFzF!>x)_ok8<;dEsM0#Qq|qSEHY6S(*?e7YOrH@{-(<
z?iBU`5IPtV4?9shncg%`4O`_7c_Tob8cUB-+&fO~nB~^*O0c#VChOFN&N|1(sZ|?X
zI}d?%@!!no#>g@Y@FGV;w@`0`pF1(86rxI&>FeTD>I&DG(xBG(H{FuV+#9F9#=SGQ
zfVN-_h-GFkk5A&%&3h~(x`_dIQ-RvDGtHHADs^#+YtL>Fj~Fpd
zfPO5^OjqhgS+{;JgLT6&DFK&MNvUe+3V9+D!T5U@4t)Wz70gULRuk3TP^k?UaG8_`
z<6e(t$&oL>sIE#4!N|f{Zw0Kkhx?`Pc4l<5;eUHKn$U)oJ)j#6bXc(dRx
z2z`17!Ke!4#MUd-w5FTbHSlFFFNdbU^o^v>$~#I8YUh@3DyUWNK#!_QPU5&yGcYEy
zSuMfuWn@etMrZ%BQa$ImxtIXz;yci@=i-)9eGa)Y+rafgL>-@
z^z6B45>gLh8q2xJhhDQBj%-aq-!1Z;q%N(8Luw*ibu7~a{GNA^;jGY)*H}X8U>7%?
zC&6EI2O0lvSf?`}q>4T5rt=#3NA4iQy$=1j=}ZYFFNv8DZ`_05JvCPM**&h$7sx@>@8iL;K4kCU%W`0G(>xq#1v7v5_V?du_
zM0}z=k_O_pA+`QdcM|s^Si6YHlN`RAH%3{BHQ^&lxB)u+ec~8sUm2xTFP1EaIZndg
zA=M6jJ}2`l2!DC{ESW*Rxlp`%{&id9$r!8);&A6WzfT5UFkaQ$r5#4160mAM{sJ}{
zN+=nx7NC)_T@L~4=i&a{K3~oli->+-yt@2}o4v`P&Np;361vRx@oGt1cS61ytUZPq
zRb;HQU%bjW+hu+M*0+X9gSngf8cO|%c(ro0o4O4@aV{LXaHCRZ=Aw9Yu(Hc61y*gt
zG^s}`ekoqf-Q=3^D5(AaO}8W~-Wji^eda2j0@ebJ^Fiq-i$uhl3SoMYTk`-?Ub^pKV
zmSkq$+h^8C&rkwCRCi^_J~2Tb_0%3WTQk90YM4>Ro~VvC`*v7e@j8SZU>z{bsFG#o
zg|J$`-_>~ztX~Z?yRl6FF|5|5yY!p|;QGMvuV%nZ+fkEVa;xkv_YZY`LUKj(T2bf27z7!uy6~
z)VTvJ>s;!neQ&rr&x2~EcsYutbNg}|84GT9)TeluM1D_^0-+*CkV?)q=76JaKIf9|
z2ceB2`P!rC=N;8=fNT38P^bR~UE5JAbqCBnsutdc+Z)VXID%Dv!0T|oAP;;4%l$w9
zoGAjMO3{2D64MUi%Zp%N^(4p!Ey2~!KU$(h4^+|5@vr`hS9ox1c{dK;UG`3Ce33zE
z>`FmZ{T#n$0y=)MTX+(8N`oa*DIW<+#2;9R{jNYC?}^+Y5i6DQK!Mo5NX7TMlPC
z138@QJkQ~LXFG=roew!&DDCXb#snvp9UwS<2yB=M@fL
za*lDh&iRqU^-khV(zDSi#^ENX8HYdSErYTM6#6x9!iN<8mbV|r|DJa$hkxWf#o?cM
zmvZ=5-nTgXJMT?|t-E%6%qrYl263rBg8V-~o^v{Jk%weyAa#Dnw%>%%iHkIsuXnMm
z;h>Hogic(fiTo4un68LeKnR_<$OH0a$n-(PD}>OAi`0;Hkxnt>eqzOiPgFXR{j)vRc^yg0M(j}+jT}X97wC>oc{xbk@l?fB!{z|xqs3BInFu`=Q{g2
zoabEP@HxlEL!dy~eCKWs7dTZpTb&K>Y
zb1HDS+-c6?N~afxtDWf_u5s3L_=2;a!?n&;4%a(L=q&m2TI!vB!`>rN34cRIB=d;=a4JP1$Q?r^P*v8M*yvcvNA_8b^QZPB}{KK-@4y*frroMd#B7=g*5Z`GIyzS&o3%
zPt=0+Oc;Rf#@a0iN^hO`1-j=$5c>>=U5{L|
zjF)POXZ7h1MIMF6_&Y$?J=iLBYmjB7KO8CjFh;dBEOElYf>yniQ=zh5Li$-u-jGNd
zkYa>3CUc8$f?ZU7%%VkgMAspRQgoqiDiPO?Xp87>9wb`$cu#c%9h`Uq*d&8Lhm5)M
zebtysQ2jq(s}24z$(N)jKItRWZ)td^6cOT0;0Fwc)6ksJ>hVmhUM0?1;8zTX^%Tj4
z#{}sURVT9ZA7Ejm&RNh;mWt5*RQhDqGZ*kez%o5tkVl_t>GXtqKm<>^bu7MNN^+O3ou*MdEph&C0
zBzW}hu|?{=P|`T_J+zgT0MmY&4xJhIMGD=659`vp?2Kxq`+}16a}&J6SiLm4=Ifno
zjQE;K)!=>K2cgS2e!yW52WZtxkYLumt8Ygr;LZx8Gw`Ge}mFy
zrP+!nccO$S|CpJ0`LBci+{=G8oY#Ac%A#h{rmDyx6kNvf1En(|+KQeqmCztGp^tM>
zwt|#!{^^AB4_Z>AR8+|A6p9LEfWJtrUxH$OFFs+BcpwXBxxxwQyG}}&cQhP64#osQ
ze=|M`2Rpqdt$~PnjM7;`R!k6YKLYGnIC%V~Z9R?n`5vZQqAUDyI9Q~av^D_T?h(W)
z(y&+1HIea2IQ&BcX}uo{TA@aWm?#vAPTbu%oYoQTUflg;BnM`V?s}lRCq@GJSFIe{
z13r&K70*L*T1%`#A#T+eZdNuf55;M}57gXVG29N>xICbzot%QYbDD-{03AnvoTepP
zwZR2H84>nNlqu}(gY(6rZy{`f*1Qri(Uk^HfaJUp{s@1|QO2xy1jRYKax6p%?<4W8
z5Z47`g;pS9qBw&mej>GfIPF{X)FQQW_y&o8iXXJ*-lGZZ9*)CgupCc}t+aXYjEdCW
z;S`D^GTt#3o4-fzR6Ze{b}17@(?uk)IQ)X-C@)%4s6l@S>p{@PQA++(%0hvx2e8#a
zhDf6cXNbUNJ%?IF%L?`OIQ{5sJP8n23p5)r+$vfDizbi~U3tr5;dr_^DOydaL_C?H
zo0E45|B}S{huWeQPmd>yVjaw{^U?GXbJ`U8sUqK5VMPU@p
zLVZ!$=JK0Kq)Sj~69)b8s)K=rp0Ol)y$`r0nz8kD2>eOU2{l`w?Wu4I&{sP6a
zoT(g^bLMea-dWCJMQ3afvx;Jsoar1^cIIARR&|PVSk0-(VRfe#hc%sF
zIK1CE#bIsdDy$C_tK=!4gG=LrczQ)StHiHA8$G9CmyN^{Am|RppxC^+oh>
z57PH!y{Y%gIWJeu^0OZ4re1;)4EK1wI3icacc=
z4hdGd2dh@{ekRnS`)sS0VUw&*F@7T!Kji&GsCVDQHIL{=iL?tAS@CmU1Z3N4T`rpq
z9bupXG-b*AtVp1avH-2r%=?^3pquytizWftEVzb)=2pFGKe%TSGs`+lN@3umg>spd
zQ;08;o1qnDR?W4IZ0B{WnU(T$cauEieIV6x9|aOBm4%Bxvu0A@FdhgXA_6^jIy_B+
z&IEDvlDf<)T5k~+sFPH8H#lX$spv^qC27G(<^$@*q4ebjNIwXuHNnNnbybp9`eZgy
z$GYld!~j6U3_MBDN}kN->PM6qCq5I{JcGw|u5VGXSRtzZ#;=aYBL5X{W6|`J4WPSu
zT0Md`fWA;X-5=hWB`JAM=$M_vZK;O}^~zCic*11F?KoYjb9?@ieqIC%ok
zELoEN3I3tKR@-ggxXVtgr^F<*Nxh^w&^>en^3@Vr<5H;B61^0RJKI}Wg#$gqGt1zP
zsqxp3D?KU$WAr?`sf?o{M`#1!q_V3U2Q>_&)aPQ+6r-sT`d`+_a@fZhYqgFQ(1
z+*r-jM$b;b^@4(e(sPeEBV56(sEAl
zpHTDf(a4>$BI&JqFta3P_?2L->W%WzrDmj25c?Gqx4P
znx7%S#~98@GC*^t2=xY<6LIDPUtu_}z)~xfZc3eXLj8nA;oE?{ZE%vXQcsS6*$;`x
zD!d?m3D|EqxPbE4bqnanI+*vd=@cdCua&wf52~q($ki5|XC5S!frG_-Hl2wp%>Ef~
zdQ&2QUzAo8FdvO(b1h^Oi%O)v$Tjj+X^n!&(^{;&<+Dk@HVHQ&UahwAYL)6S{l{~l
zP_6EUxT#ex<+Qhs;%X~XK70YtIQmnje34f0^NOz!VLMbpR*2*liyl3NRin}6A!ZcmxQle8lU?nmZ9!KwOsZ|g
zK@f9*F7y~yr$hBYN$*P<%VvmTF9TVD&sc~eyV8{
zY^~JbURACVz@mt+>|x?b5JWHwEPhoW+&`uLU?dwNhO6|5>fex*c1Bb`Bj}Kf%lJ%f
zC`^orKxZ085-~=yT^CgU{Ls1z*balgJsnYg`mU8%l+^&bJ_PNAp|XKm)iu?xAFBB(
zu)hsX#^_vV(hb$4I7mqqEh`NN7lR;sqDjB2_2ogT3_=4#Vxu^@cKgPod`k&cqySi=
zBPe}5n(p{kamN;}Aymt!g_V!gi^-tO_Gp3&$)(j6DxBM+Z3Jb9p>av^isNu|p?1IJ
zvW|i9l_8O3mZazR;dVkj3NInmk@yvazlfAd#m&>G@ai((V1N=Kisv=T;ch~G`4Cm!j!-0)9$}~Ps
zsJpk|?KVV<`S@8(xHgX#EQi-t+C7#MqXo<1sY11S5g!I3@;mr>pUB*7dBJk{rK;ci
z>Kxei~JCh|4>{6b{b%nOpk&*P3cMJFh7R7N+5Lo3txDwHlPWBD?`DiW^cX~A-M
zqfj*qyE$(Ltc{P;g5~fwq0WqV@j<|b`#3FF4(}G~A9O;je-^O$K28gk!v}<#-CyTX
zYzDT?$7w-s_#>gtzpC8^;wZ3B4bHRR@C#)}jiZvI$!hphp^jsT1aZV)^i#!Th9>ag
zlR~vdKgW1MU}*-=82>Ef`{XO015GwW@w~)0d_|}qJK$XzYRL~GwjD`OU5GN=xZ*Iw
z5BJVriNy%iVtCVGK(Z?~8L_jCSVa<}HN4?`w#xYmCPAcn9q`u-hgCDDu&r9d5mS{o
z9|Au?9I73iJg>|Pr%CnL9Lw7IG&1}X2!9(zwJ5O+x(f;SEjeT$@DPDothiJ+PGZAA
z5-WZ$T>Ut7)*6slBCYxhSC=Y3mcoig0NWUXzVMjvh*YodbT6YpAdEL8ZtQG?!+A#oPyM-Oyitf=mTm-IwiFuEBQb#r=Yc^FHo
zKWT;X90_o|N3b#)z||J+cUQh)faFjt9S=VqP?s=D5l6g;pN&N3%dRo?@v>iIkj4en
z_jNQT4uNpYka(3*7z?a(pK*)e3b0=Z_Zz1stq-V1xOw2Luo)5Ih!UjFL^%i2Yw
zYc9+gQgK8V!Nf}v7l^bQV>^NhAAnQ~gcdl0Gq9cR#WFOrq)VR5kp5c1T($7JEG~L>
zDpRM?=ukH_FH|r;c&8ZyZgfz?HJ87S7mp*8gj1y@3#9Tlo5CbEQW{|~y=uEsVnFACMvM(W~2@IJv|
zKLul~2N=92R2|Ccw}}7Q!^A8iq>z&+@{&l|O&wf_P%ZP9P=z`m>aH5Ni^ReD1f98p
zL~`UuuGs2LY9S>7Rx<={4pgfyE1y(r@c==z
z1fzptv6>X}(?wQ_8qB325$&>C3{=j3(6E+^F!=(>p{
zw&G_eu{TlTJbR4bb-LbzU2UHL`+{)33N(&Sp8Va(mA?V(cO#!dv&+Z}B5MLB2zq)M
zX)4v@a77YH6t0Em9XPbM6nY;nvPM*z;nqNkSN;UO0*Y?f8w)r^CFC(L+`h1y-9|iWQkJJ1z
z@|0BlE4%uy0sF{iub&ueVK$HPi(Z^}Z7~B6MS7xP^h5mPgi+qPH?cHfmsB+{1rajFjuY&Qq$I>snMZU({lt1gfN_-6L1mU_0Xo?)UD%I|F?iBeaU^fk3gkFeCtP{-l
z1XM>bmB@!9%EA6jM%
zjEDFnG7LZCNQ4Y@%i-8*h+rzV1uemT4&d@w0!?)zwF7EIep{#eI`DUi;}<4#TH}qi
zgW4qV74S>3dib@sNT+~${Y6)ig`2iG9BzxG*WMz11FHK>c$*%!OC(+Gq7ht`7d0J{7c{ZS)c^A*)9prxku&KU0<8uRQ7{(u7
z?7kA%S|gvhhSFadP-E~MP`ris_dQv+tuSFrKrQ?h%1;CQ)(~Fj&Whe;i5v*1vU`xb
z+W-Ugyxf
zl)8=P+Y0gBJWS6T^kppCfmJI`jb4QfXhwqZR1C{XJk
zR7tl)a1$!|=;yyc0JDOB8am7JdL($Duh?lrCpya71U9QwDg=
z7>;0K>IJmINFJrG!=lz8bT=fPSMkJHlL{%7x)%H2fG|Clq-Rqlv43mg2BCIUl$QN6
z7`t)Ya~MTHe|XXuWunL%LE|hkau0+Csu82$Cp{0^RZoWgM9VN;wyrI$$oZhX_PXQ=
zww)7q9vL|J;nN|sW?cwWrh@+RkG_?`#iQ?FXx40nMq_ea^`}d?Ch%DN2vpR~^*Q2&
z_gH+?IhfQF@%?ewAC)3&`HA_n>Pi7X6A(SagT$AFdymC4YDnuGB7}Gmge|co@3Ht@
zq~skB^B#*=M@0In?*P%`<0_5eF!vrG)3Y@5_;^MxBmr(hBba=N(kg^A|M4;D2@!bb
z$H%$1Yw?yb;)4GE$K&H?KeVkU4V#kIDVoQ}yKdMP*|3;MSE)G6nWx+gY;lpY6FDGp47YN|##1M;UI-67qR+SM7qzl4+?kw)2QAmcw?JX5C
z`A8&6M%;~OCl)`Crev(Nlh^3xwPi$LGMo0(qj-rX(k{nUNG9i5fs6Bz@J~3ml50%B
zrTi%W2_>%`iHoHJ|4A%GGLcSp0qpNP6V!P)?Aw&6M!MT`7fEX^Vqf(T5nr0%`?o`|
zpFQn{wDto!X5gFz54d~?@G$#kBUF)rk_p0kcSI!dJ?_Kto4Oow46j2XHV&nqjdPc1qEu?O(|u>LqJ7JL>wPW<28hnI=P$ol;~7pHLq7gxV0FeC3^#
zL_yajMNz(}Z%{row-|sPBAYL2>{oi)F^wP|{(N6lk#ia|z9`O~@kL!&Dy>Bj`5a~1z8EnAO_TW_(d|Z)1OJKq3WLVZyb%=Zks@6Ex0yRbaJz
z-19~Ce8A1yBfz@&xaW&1fQG>OM+2MSq8e`3~Z&3d%mcS<0N+kVi&NzKJNLV
zc3i*??6{7_m%z>$-1wq?!JJk6hIoOSCf(+V?)#!X{v3pS0E@*Cgl=D+FG}SCs|FZ#
zJ(ll_DtW;*u_LhVgzF;od{Ogi=@CJU1NM}`Jzo^3Y7X
zriUam#bMAt&nDveq7L{X@I_62NitL120i{E*Fc?0qUVcBZH=+B5Wvh>g6E66`y*SY
zTNijU;`pX|zNoLhaTDqdd|0d=LbkIxMNxm=nW4RdBg?eYFU
z4sPPQz-V=~WqeT+G1!y6b}g_pfoD?27gf8eOXxs^m0Vw*FKW(6DknM=y}K&)ovH;z7LE>IM_Epf3$Bv3sK72H&Eos&g_eNg|6v=ppEoo=ufl^
zyAsTu2tO6)TklXD%A|4e8PaN8ARRxmY-v@k^&Zs0#gqkiLEUkuQ6R>}R0Yb%wwsjT}LWH06u?_>w;mEtWMFmn06k3(*e=92>PCi!?>7M!dS8;KRy0t$heql;Tf25F_F<#
zzC^!IE~dQk(rOC<_8t*UXOl|7s?rJm7jiMp4N7ZHG>Mzh1jOVcktiAQ8`i>FRXSru
zJqdn8hn<~*nT6GZnpofSME&lL)Q=49vR#!j+44i{t&o?!woV3Oo
zC=Wqa=p1t9`KBH|2g5zzR4+WhEyo!vM;zmus`NAVK8KbMNmB|Z@A{_fGk6sRvEO@$
zDB{C2?X$SS`v*`Midj&U^x-*n`%k2GH=q&*F6YDZ?MD|%s|KJ4V_>ar=*n+(dix}T2o@iH+6j!Oa)fQ;IY1`pKu4z
z7Fh2XTq`lYsc9H-#5gdf8&-Qi75Jw9m@2Jhz}6X@i{JRBhN6Gn4eW@)Nj}QXd}LFYEOG<(baJu*!4V#Y`&?R_e-li
zu)YQ-iEO^9&-!6dc@m6g49oXTQJ>&n$sy`qYaYkw$?K##40QcYg(1lfC^CdkC=Yx>
zZHP~v@J`;xNnKJD<(n$^k)CUWy23mj7|lAV&1fMs4Y`LP9u9rq)K+{8kuc+%;_MmU
zROSw8Rf5LI3$k)bnJ
zFxEFkfbmU5@a~fshnRV>f+MJWbh4griieaC@r-Y3ASRLGO~f29(qqX~lqb!ZFxC&c~|
zKj(-&ixM}!sVTUllcB;%EVRrhhvH&x(i
z$sK`s7+41%_k2@}KX>sFz{VQf_@@5E%v8)n{4&BQ?}D0-@0)su=G(6U+!sR-x_x=R
zsiGMB#Yr&EdMw{Jwd;y&!XLo?AzW91=bL)Hh3?u#f!??i#G!G|H(La;Ekkw
ziH5+Mc}jfWRP*Jod>>$ge0k3|m1}}4KONXCU*7Xg#kIwALh?PW1Gd?h_k2_Js!9D+
z`yjBRM&9_Q=HT{2TtxhJPu6WKYr4RB1>aPY&(NZRebL5n=u%q5ot5XCs(2n6iUKU<
z5sYu@T1mGnsSoHO4;Fldaf>v*so`jm-02Jk>&aLqCue+91B1=So++;48=&5bq5Hn6^W$AozJBok;?O0+IiermH`TTZilqh^
z4GoKi5Z^boHXjI`0QT?*zHcgdA)4=K#6RO<+`iqa@qAM~(Ln8$U~G(G`Rk{rl>5
zQcLl~+WriTZ*Z_vf&OTxg3bolHais(x1ZDwtuHsAqQe-QQ*f{l{m~AEC?R$z6zPR0
zGFV)-Hwg{8CTNX38Tu2Q5U0ToEt;~jLyPa%L#xr*G`j+`G^lDt`bE4Dyr=TMYxui`Wz1(wtP_#SLc`am-s$Pb)&O^g*
zUJ|EF60A(Cpskg}sh99W?>Sqm#T7j6dk0hZ5UL?J4yNfjbn4GJkUCxtZ-X1pa=>ci
zfRn47RSt%0eRL*TQ$A4d4!z&t*6d6fZ;cIu8@ltcCf?#a(e*LpCNh}|@%eGsttbJnJ|1p~@+yt!dp$^WB;2cyF3;OmcPb;%3WSca
zB(FY3)qs*g9_G~t*|$dYYGGRqLxC?M-vKYj8(q90j(5jC9G6QRzK)VETu)+Qec+1P
z1*bSw)SDo_L&}PfAsW4=Qs+tQ3eb~4&JtRi&|rl5ZHW
zjA!(#YQaqJWaS9`{+N~Cq5(=P&o~k31ZKHwkhL;t_q;q4g*x_!X4M1K28Z333V^O^
z{-G;j2)_eog(#i0DztPuFe~y8{v_AMl^B?lOn_DDG{&RAJXHvfrRO5ze>m*nWVc41
zSNq=))<(qc@DP3p-fF{w%hiniNb@kT&ka7s7hkC=<-s%<(60ub!KLy~54;9|I4jg0
zzcn|YePso<38(dBEUysMCu9Xy+3|MTaAcn9$tp)gtK8f&kV&oB0u{2(4jdX|Ta6w=
zFO0*UOPV$GiXGT~L|8o#J=lZ9Qo@_F=o@z6%3+l66o7LKVKou@FySpbFtM9$y$EcJ
z!Pof-?6m{q^I6t@V4oSBo3dk8RTwWxq>WMFiQAeZ@Ya29my
z4EiOM3$g_U#UaP9i=u6D-GqvQEBjDPWn29-(zZ5J%B>LFjuth^
z0UJs9e!|(g6sTakTPP5~@9PI@+Un&KSSO7L@gjaU`XVi^p|$K0MXBA}vdLi>fN!%^
zyn-e|q~rKGNhfST;@fWn$5+`ZHA2*N#Q*7Gg6LLa`&6hKhj-3!iQ9>f!~cbYg7KH<8!89#+L
z356?v9@u4HzJ5I9&)F)JX=`i52<#+;!0ozsJ50wE8O+!<@ft)je!$xf_TTWUp0!
z%`8;wKQ>m{V+M;(%g*tH!QS5sRmoD7e#&imnS_yvR(-|_NL3R30q48{VN_UF{X?aY
zUMgOjmrec=|ycwdg~EF#stIoOEvG)2mnfk1m~Xyv@yhE9QAkqp$7722Vn7Sj3#|IUYkb4%M=?lZ{HZXW-VqZcs)
zHDrYXQz4hR?-|IIj}JbxT`)Z|3WF35Ek>2iHLiPs%zN?a-awuBV9hEvv#WyHIF`-*
zNoEz4X`oenu=NdXMR$+}8KUMKN<%w&R;pvgbvu~`e4gQ4pkm}tg9aW`!9P=M>m^`Y
z4X$;}`U5&9tKc7FbvlQEpNrvW^Ld(`$?W+m`1oF3rhkB$V>B{L*EL@eT*Z3i&OFcz
zx?fPiwq1466a%w5v8k8g0*Thm>}@J|5k*F|^bnZ+{!4eeMBFk4He%a|=1?Ujf;Y|6
zY$YX0WL%Q%O0k;z4?}kMzgl!#mtYv+6Tr_!{V~j1iV=J)lm>=^RVlN5T#*{
zRMROx!7-SS;Ly1v4T4$P)cx3&Vhv_4q7*1q4DFh4$@@|zZv*2&fE{B9T2CtH>O-l%
zgz>{bm=;S~M=9!iUuJ$RRq+t!!eG662d2IOX68w$7T{VC?}K*Y-&89xCl&Susro$t
z`+fl9caNn9c=qoHPR9j*$%_|7$c|iSPN_Kj!mxNpiog|oSrV5&&6h+K5NZ%fj|xX-
zqsd>BYV|?gTtr)79X%x$yYd4!qN_#X)4OP8wHNMB+N*F;6ln7*zYi?ltfx2nUQNO`?5K
z0`b@v1$#cSrgI>CpG^~!5`wA=d;nZ*!3ii29NKWLiS|Va98keW>REd8luQsR5s7Wm
zxnt5L6|6PM-8`i^2#**|n)Lg_(3BnyR-5Qv0K-8T?UD3Xg9F>+f_d>?EHzItAJ_`Q
zIVJ9AQ+c<>{{@v*Q&`)8y=QP1(VZugM#TjmgnRoW2;aq$xZh+KWMEcYaOyE(-3B4Y
zL@%W%P4qrzU`br?8+e=U0ii-Hi8ZAkua29bKz=*N5}>K{FOXu}n_rRE!-(igBF)gE
z1?jcg)7Eo=Vs?c8$%En`RuTr%?LgyeHcu62gCA_+2#Xwg_T2UmWY?Y*qQny?;z>%N
zt8EW|53bAoi1`c$yDsTZKBnpdquGHLl?~yq4h*;L*B+C4I(i%2cvKb((w}HS)*%}w
zKxU3@S50l;iKu-_-iMBh+
z|&LvYE^?5p8YW(nw`~ygK=T+eLf=`c)ikE&aK(wS0YNH~EX7&?!OL
zT=?|4mq?xrPZthWMt`DBW)*C=+0@9mlY$#&VKpw=MetBJNMUN=d)h*@<6`=klkoA5
zKm!rUgE@EVatuU)hlDzM%eKZKoryT?8|0ww!%%yn;;?*bA);4#kf1ZG0N+)&5*28p
zSgognP-DNv_Z5+n~I_|(GL-r`A%2lxr0<_OX
zppi(SYalbD8mz?Yb9?X@l{iJF;0_Uo%O!7Vps`3HH(O@YeE8Exs3j{Ub6SGe*5|(4
z6RKK@(sZX1qWH`=BM=xsyBkR>2hyH|$mt}&#h~HGgxY%qtH=<&3dbf77PKS0mHAyV
zRE!bo!K+%ue&B~ajtfr`YW(+F#YI5ZJy@$~F=zvdW3EWjWy>Cw)}kccwX@ewy9&wZ
z^y3coa+Zip#&jw5J-UNR5UOH+xMESbb#T~Cv#0_Y!fU2?*ArG-M0fKbL1%6ShDB-G
z1X!216nUs!>GH-KsKxM}{a|nx;8;S^ZAmeErvm|zhn$|eyz%mBZ#d3~^A3*peJ+=G
zyeP&MPw~1y@j7aO3h-7!-wj0mP6BMThBJgZQ676FB034VybA}z(dCV|PSZwc6_tQj
z^EhsK9k82fe0Co1@=<=>3l5|mUc{?JbNNjnN(TxwD$Iqj^a4WhWbwqphZl7*h
zbTEO5o9o_#L2xUQHNE1oMdK
z)Kgd>jF`KC7c-oBuTazD{d}=kZ;2l@rxx%ghO?PC<`L01J*CwJSbu|)Rx6eAMce3p
zhsUk+fUU;C&s8WRI4N(@iMH$_Bn16XyDY~5KVabk2+^)?12@%$SAXYYC@buX{@T;n
z$-vzgovu%_FZzc_Extk>HYz4f2Cv1$NL
zQ%}O|i~ioH*m)X)q9>sK1Yf1j$=eq_b0WTef><#bKhGH0?2BIMoQuBzY=gmRUvzzW
z(k6=ovtCB-zt{#fc&5<|uAaJ!ufSIGjOn}9$ipQ_Uu6w+L3z(K>aPPNAQHi0Uj-y?
z67D_I=yn4SfGAcJ1)*Fl$$O@;9CK??$HTm58nih?`fsR3e#S(*)0t;XwC#;~#x!9R
zzIg`WSvZ8m-G*3+GyfSA=?M{d=Vwf_zZWe2NsPFlzyI}&sfmrJ&R$}av`*1HV=B89
zuiYWKAd%u>k^hV-^}1j~D;vnHj;}`vdRz9B(N*Sc!Fz&O9e?oyX*~`BUL8*~olPnQ
ztIEJV*yJCJ+gMC8U{7o>c9i`;3`&SHoy?;)Zn!}o7T%jsu7RtGyE
z0cvUBQUrU8+&{bvQ(*&@C&&uzN6x%O?v;Ol;oc&5+B2{mXRI7?%p&*p`7lX_mRCvB
zy_~$e$o;E4c>aOdV;&;v`tVHq;6~fJ2wXV(8^5;!L+>AuQ_7H88aYWKaj`pLJm|5gb?<
z^8qa;xEH}@kvm@t6mJ%}Px_xG?nmTdBhWms5^w)w#9Ox*t?fMGFB8UTnMLl)TVp{C
zqSY)H5<@95v&enwSbPc^STTcVWS~AYj-hZFM$_uRn#SN-i8cTmFqHTf26O{spkY1X
zr-DW99WLTCXuzH|I2XTJLsflg>Qn!u`zQn-nio!Zv^Ij-(x-$-FY0_48)9M!;1*(
z6e6xtx_Rghi_Qdb%s9q+y>YA$4Iw#@Y91UcVaBllHX9>BQ5sMMf>UVD?2TiailAr-
zZVITCfz3E}AyH_20I*>Or*Vu*zzWg+UyVO1h#k|q&qD%PB?8VzsKE+ZnE_`XP6}43
zBdx4QWid>#>GNDWphNI?x-`;OmIu-m$T33b#40#{D`W=At?z1?E4~aP{p4;SL=DU}
zGFg8>W}>`sL(AMvh)#!*aqPTLL1f9Y(5k&yho{
ztP3&+)-94*$Bd9h&dBg5TIPz8iO1LftgI{{d%{i<3P0y&N))e%X07p3LjGJ;i)Io|
z>AHAE5y;mSGC7YP;i1p`Jos0z^`u`%?9$s51i);Czp1ccvB;(m)SA}
zuTb!-U6@+AS!QUFEh8>ei6EV2h8EbexC^x)NVk$EW1;XhTV8R~8saH*wKD#SEgg(G
zl;9jstE-yvjkc_NSm$tyr`pv&7wccMj@U8_;}6Ln%ch_44{T|>_>bB2Grr%J_h1=0
z$tPm|&#GPhC0>U9%eH(T>$nNeBHX|7;~D?jmet@RBfJISR4T6hjGwjT{RK2WB%A)a
z*mDk@u-p%aCdtpqrl0X!w!F(NpDo$+GyaDy+qmU(ESvtv;pNCGDCMnfI{hEB>1RBj
zlm%YXc;cd1`x(y-`*vtNi*Tx1w|sJc4gHm*yswMKTM!;qK8%->@<>OG56PyV@zPSx
za^>e_)BhG-)b9plksG>~+34xF;u+c#kmUf8MF%`lD?X0K-cJK^6I>5u%z0mmp<@BL
z6A(%L?Ms!XvG-Cy7Iu5-e01ZWuXlzn1Y{|&Wo6wRlts^K`F)-|
z-b^AWB`C81k;EB4)hh2H)vTZ#`mHXPKa5m7L#2Xpq&r2+v&2g){vo=C>jY(mFLYXE
z3DV`lP|cvM35e2a>`T4S08(v&@|_V{s;4i-P>Y~E0*It0_)_OuL#kI$euU>dl*CF;
z%1w~*Zb3Q5or3Q5MBQ@fHL$CdH99C?I-uphiILYznlWiaP4%rPd1WPTy{^JK
zxU5-0*~hKdOd^pcj%55B@#ESn5#hLKbF#W1L3H9mCxfyzAWE>ZFEt!xkaayM592+gVn4$P;!82~eNcYk
zLIZrM=W0Mo#K{GnwA3_TilJLUxyFT7`%;ZD8fWE>lSyz!$y7jO;TOKt
z3DiPX(KvZuqR!XPz7#|0ak3sDlFG5%ltxV|!+Yc86D_q=34(NKFjO&4P69+y^?a$v
zsWckL$#>Cr(FasJ`%(-wh?7TMXtXaipGu=coGegSOD*uF7-|f*1RL5~zr@?b#Azh&h09T(%4l9w^_q@+(7d5ur_4f1)FJc+3;rGL|tx8fPf
zrQ{_*B${iL$?LAKV0CdNSFF=gr3up2$WVroZ@Jaf&`1T!J?MN_1CQqrCSa{Xpj;cL
z9EWY4rW|&3x^vjcd6L7<&I&i&!(kWav>V>yu&a|wizmxY+u!E*?Fn6mR~%Y2w}A;n#QZQtUs-=&8S-iIkGSI0x3TZj&U&yaSAc^{^{jk$$L
z1yU|AGtrC%;Z$!`xvLTkL_cLbBoM|$X89xHuAS0c$!q_iOg
zLb>&mDZI|W&z;g%?F0!1^#SKjM$mR?o)I75oQ3YXoh5JKyVk6RBCYgUSY*e=kn@G8VxTW2
zvsaS7L~W)2xd&-cSyhZC)q^~f?urnp5?+jAQu}BU6*iN)zColha6K?-d^G6+Tx(4F
zXeW_s7jsE#qDeR5Ib>4Y>qKgfTL#v2Fq%{c1;(V|J3vbN1+xN?r*DK8CD3vjdR7*s
z7h0%ATIv0tKwHW)CJ<@%A|5r6CijIF?3DN5Y-ufpYcm;8VI1~qa-8zg2mR8^Q+Q$6
z(VY8$*E1YmI>R4>(vRjS_4MaUxS1LWo^I}FZ$w~wS#Mfd+<%0UM@F82%emCa<9Jjv
zIw|EHY&Hv-6{P=V^0jJYT+%Fz=C2`kkB8{BXl+<m=I1k`L04XN;82Mg0=l|n6UWuzF>_ma36zdg{WxKYkiG1BFR`Ivf?E?0ih^M
z#&dGbg!=fD*1Czb9-{O#)Dl}S-`3Fk1RWzNbwC3c*;*vUcazpBL|?#Re@;*zhT4jx
zQgA-rq-Z3@kS@dKjCU4EwIC|;1H8u&Soa6~>B{8pBG30Nq(zq00HI+lNgL2hsA)r`
z)e%@9gP$iW605C7iQt=wpJBdfj|cd)A#mpWQtC?|Kh-ZuTA{HpIQ^L-)S%FR?uAUY
z{xek4#b}|G!MOjdc>v`UN_K4L_&Ss?sj`Ir?&<_P$=Luw5dxAMhkY4ViW_9AW=yh^
z;^;CLnLsNU1})msOZSrTiovJYM~&akY!1RBhO`x?xTI=QZNV&nNy9;S(vXf4Nq;7`
zom9`zW@`%ot~3Oau@dR4vdK;D+|$s=#9IL0$MK9PeH}~A*k*1|F=a+2kv{dL+iBba
z-&}<5i<(1pD@;F&i;#Pk^z~6BdM3nI>b7ODApQMsNYi67(gdV(8TY_!M(g3EFMXgP
zU)~6KR{Gn=N!$PM&08XpN}p(@7aL6IG8vghDCvqukHS+X^7gkQFA_=$q8<^Y58Q;B
z%Xl>yIRrpwW@|8+3^0~hHE&`@7fMnACm!tf^QK`S2nUk*fwP_14|lmqsR5O|AL-nJ
z7P$eH9-svl4=|P%Q1>4ORsiuC9wz9_O1aQST1kn4RMI8n+Pec*Qf5Hatc7(7z(rI1
zv?7t5q>i`5NJaT|+lf*hO
zHygI3MN~*U;vlf2gmYFjUL&CX!7P``N_-3KXAjqFawILIN~#}F6CQV!
zBy7Y*fWuY7c+-HgfU}a)!0z>MS4kPlSDS!JE$5P2fzXjiR0@L5tQ4B3B;^iNDab|9
z35!aT+67d3bmnaQ6p-eS2pO+M%qpHS7)C^z-EjNei4!Yb&2dSuM3d;1dM3S#
zNs*O)3OA^%>C8R
zU7___X6;ITc(PKVxiJn=hia|^&iu72^uB0_z&o#9xs9=y#An5b3;O#XYgbm{S=L*I
zO|m*gvv%e6z0x8ZP7u@(7Wr#e5({GE0Yu+0P?aBXHPhmg$KW$8iCppu6`Gy!;*)}i
z(Tjt1-u%4=s-!K^f<-@**2sSeb|S%SOMatNWLt|`iaipF^1Ub;gaHeFWd4Tj5VMiF;dpd!b_7mh(5JL0x@$}x7(
z7|E9vomlD39&|}1qe--En@PNWJAG_Jm((JfWUgX;v$A&(NVxW9fODrFrRSu10FA~cL5doU3Du)9Z^vP!*MrN4N8_7BB$YZZT8+3s
zC`RMtSAmkQXtWvKG16#UflyMQn-p*Bk=A|>uK8R&BU1t1f8dyHbSQw6MqXgYKMuS1thQE=kvwd+f&@{)L
z6sEs(7a5N-I32~tO)AxZE(6|U*GfOV(Jh0&h)BA1F1f1Giwt$kpukq3q$?VIkS-i5
zgDQlQ0$m2YS8w`v&yg%{mpcH}O%}JyRFB+XxI%0G13v`MNS17invrlv>(5B`ZHK1W
z(6RuB{Wo1qW=7(maK%Q%@9;1|Xa0Kp-SQLJc(}kN`=jA+&_v3B4Buq)1gjK@egC1pgGJ*gzCeX`%umMX&*i
zQba%nQL%uP?|07Z?!Ae=e*gEq&vR#I=KRi?K69q*tgDf1K{WgtN%VKP?S#&`W3}
z`RJNi$Ql4PI3S@k7HA}8L1!UvfOf>8m(WQ1YBuOg0KOv-<$@%eUn9AQ;Zy34M$#QM
zfx|6>9IAvrM_#eG8p(@QY`IMUXhR^sTvsC*g8fvMG!TF>B_uf-NxvWLoL>MyQE^HB
zvDl=PR*J{|KKG4#fOGpsZsV16WnYaj{Lzk$$ty4D-Dl(s9o|2IO5$-Dj~by(2d
z7l2hI0R3{aOh_$%3N
zlYV(9E+D6-lLA@;qH|K*COsQ;Dht^Gw4M&VM3X*T%@%Su08<^1ze!i0XA5}*w5J?;
zi6(sxb4L#8RRG>15aog-o4-l-!!YG<(#_Fdapb=N=x1V~$SW4NNtaz}%MC|1mcu_l
zuG^$1ZnY()0+2f@m~h_(5<}J(T;z?(W2l&UHkf$
zee40Ar3SQZTcS@88)W5sf$XDelYX{)j{mL;!3uIXVpXS#tl9^%*Wdv0yY1i+JW*OZ
zCSgZ_SHpA1Xq>Dt20z+Viy`XEs1jz*n$2;azMesm?;M@
zl*S#*&&ekTK!50*MdV#-K&Q5fmj$?n2<~!L6Y(!d<2+V9$$MzAkjO^_FU367SHUm}
zu}4IT%nD!z4Hz)8#Ij)jqd2{4uk{J)&38&;9X6v#$S41octzgu7*j{9c>P%{UQ`i9
z@GE#B&R5Ma9tu_Qs<%5ZUX^Jft|q*c-X(cKD!6G97DJ|ajMW#^h|n7VchHjE+ad*I
zh~OunLhC-vw1Kgl4s0h+#R;nEWET|2^DH>IqVWdCKR7k9`|I>pVQT
z29HKOBIkRI9Bf%q{c8@?KczFh;vNWHs2d4bahs)tPhjCZv7}IpYLDxJbZ5!(*`Uua
zh_Y)jf>#+99NG$_R`9$U5VTr1^gBw>JB~0l#c)1kN!i4eR~huFP!YU+E;2h-8h5u=
znSITPt&0}H&7e(E$;F~CpcKXIwNu2J_@^BqmJAX1D9)&$2;N4*Xn{W+IJaYwFBVXE
zP1ho>n{}fXMjT4d43b6TFFD-t_n#8(Pkr!TC>4tI_{~blS|>t`Aw$GHh+0&3qA?{?
zrR$Uv4%HYAhZ9($5(U?Q(ouGwZd}5CHUZ+Wt;5kHhs(y%<1f#-xfGD6S#6+5q0$_M
zZqyO{$bx!&a+@nn3;5VCsc`m{wkTV6VaJv#&8`h9i>FYy)a{hW;`HkCRi$Z!apM&w
zd;$ySN<%A~965UTK{78J^j4CHyHkdXXKWYT3y<;Ol*3LAxugfhV?M$U-7k$=sVW}k
z8+QEd1z@#38PGz4J6Awi+^ZW~8Yzy>;P|`t$gjJ0K88sBgBmG`AmVBz;7!6oMqY#v
zd$40Sn*Bn`SO>&L
z=m|$2?YHqwpvqA4c8$Vj$Z_K$Zl-z`;G2#-1`nYX^|+dgxJH!`s?t^4k0AfQnqzQz
zbfZ+Gibg56u@2k+roz7sZMI}%;tuTLr?@0$jvk7^FA+-}wTNW9A6sX#F8xW4Izv7Wi
zWX)ZJN$)`8vkWxjx9n6?v*Xq#;=cS4k*Q-GkJPy7W)y?)E^r)uVF4lif;Tm&UJe3;
zLn>Y`Mewo($Uqc&3zQ6H@+JpZY^uT~$k|?e&LVlB2=4Z!D)d9p*$MEG6Cq;ZLJyeb
zWDmr0?Kz_jP6N~)A;ljKmNp?J`LH2^LslYYEu?WDj+Ik&$$8sO0y+N6UNX2HG%XTx
z^Pno)1&)yaMg55D{yv0EG%jO=BDOt_jDMY%1@}Cu+GN%l#U>Bf@&DfhJ*q1D%R|Qa
zAu6+~Lk5>c$;`U`Dync>-H3wnO`~Ta1@`~bjYaT)V6bi1jqG<6+v@*@jeA#|D8w0R
z8XvPysk!@p;-yyOcD^_n1$COTe*qSxxGOqn=fVG?Uy6&jxLq|IpbOeTs0JCF2jq~S
z%%-N-@diWQ!_o!mN9`O4SJ_5$3G!4VLt3N5pvlZQ2f|(1o%;aE8u~p}iDnx=?8Y0=
z6j53Xq{`;kXGB&Zv^rppw$;T>2SbVRD^DV>`xuQng7C-i9;pT8*a@m7wcxr75L9rN
z*{a!n_>-y}@rUe;DORUAnaovu(l6Ceo3@;j^!*vk?y#Di0~yRg3&Qf5g_P>^I9iLS
z+`)Nl+8iF@KxkoEo@2;WL(qyi0guRA|P8D;$GzCNWTN2#cjzuTUl>Gg^oIE9LA}!C!CO|)L9hQ4u2isF)k}-
zE9$^eqx&&U9CkRU4loB-Ie(2%9b{It>LBAbs(r(sop?~;atG;O(21M>F~@l!6zwh8
zj}|&`rUM~|JiLy|EIbeA(DF+K?Vq4BzYj2y?=B%j
z1pkyNgr`TTpth(z)MMORoSv02o3kYv*8;oQ|6EgN2Mhs>dBqRCA|5`@Y57|iNPGfT}b`!zQAvZ^IB^|zE
z178oqBoBr2!w_8@gYQ@e=Z9oH--5+-UZRU4hfIgPBpvi(L&TNBx(&p9&|Vk);k(_z
z`5{?nYqFS&ak@C;km+EVq(fzFh`3!3aBRx1z)@?QNBiBu`5{?HRBS%S)Uo1GJ5j8>
z&;d5dr`Y0-V8sHlnftmfUWadU2j_>VW{@d^F7HzLI|vwAWj92SAyjqCl0kKY6#c&9
z^vG_H;+@x($+El<|B-`2(4ieNDj$Y2aouk3oHTMtGO+M3H_jKLa%mY_2Z>%KW2&MC
z#mby}$ao9VJrxg!)<*sDR6G+p>J~jOg)ZRdm!Yfqc{y|sKd**<#?P-pZ{gWx$jEy{
z#gFw-z3|Zw@YkY=4jpf2LwFK@4}DTcWD`9ybSGO38G0I)DTg=UL`mh)7r~JD9afU0
zo)oeij-&EoKimOdBWTA9D)9^8Y3zk2s21gIi`Fq8sq>HO!lbEG!$bAJTUXyUNEbY{
z@H>Ad9Yu`U%P@H!zOhJ`gj)L
zzfla1+a&n|(_bgnUO}%ufTWfKEyo?Gl^
z#hS{Ujc2__;VI(U(ik-``qAO4gWQJ*$QWdf$O?KFlp&Fa4nPMYUw<#(u*QcV4Ub#;
zr0O{vo;idIGe*Vzh~*pV1sk44pBpQ8gt&QoZ1*=C!9Ovs@jA8q8cDYd
z$7VFV2hlRCBkp{UMQmonb%)5nhWCRQN#zjRwBZHvr+N^Z-EcqDibyKe*qnxk
zU{AbnI?5$>igzUmnuqyG?9`lPVCIgM^V}T{M6;LT5oBbv9{TzF&YnwYJ(8z!TEq;f
zo{^RGayQ;WZ8!ySpW&|^gNiEJFfCaRYPJ$ta})l5IyA{k3u+goqF(jK>152Q>wiAsXMc80|9SMMSd^!kSx&ATY+deE}p6i9XfvX_fiyCgXNR|Szi2Yxvb
zv}r`=$SHbrJtzlWR2Sr8lN2kxS@!I$UDN+skq0QNZ`dl#jn9#kK67IFr(OAg%@
z!g~~5^q}{b*y;Kc029&TbV;(=yD0H`BU-YtcTsxiL5Yp+aO(n;Nh}n3#iH{Ous(WF
zL)1$Syc+<81fu-1L3~tefFAV8y|$$30L(8Ti4T1Z)`RZfW=mQFz;gr&ki_TihU-B+
zA&H7l9suBo15y(ssuV_A8EN0JK(T5zZ<<|w%6}A4eOSNnSDy(qj{819W5ZwTkJjq1
zK7~V(CH3In#Gy%ENph>t@%5Bve9{lq$LfJY!a&L)Fh&u}C=%yZpEnupRG%*&mkg4R
z0J*|NyVd6g^rQ*kmoJ0%8qqm&ZuP0vAD_BJCddy!``n?Is6L;s)0B`~0Q~8I{MF|X
zM2Urz`4Brt_;Vm7s!#6$DhFf}0NN0U(k02}uRgRA;;%k$?6Sih572aCp~x#1xB6Up
z-A=({0IVU9U#{AOL-mPIx3l4O01lLpMSi9ccJAu&e-#5@rohVB0*W+}iTahOoCi8|#^
z)VBeNV*9^|;kU9fzP*CHfl_thw4*uY2YvDdwlY&8Hv@ldK`pdrrEhf!I`{|Ro#5Tu
zA;}`9+e+1`a$p?~+H{9rT&d!zucK5w@tn>$xfbB(iQz@al4Nt0DxO$7N)>OJI!e{@
zEPR63QATjyGgLmYuR*Wz@WZtGle
z_T-?Ut#f5z#hCDp&b0&4GM_?Nj?Q%fF>-XPn+V>~t!~4fc#Dq7K)3pt7;N3@El6P9
zigG#N99y$rux!J+RpYY(gCm!Ke{dYJ9TMw*B19wnwdXMQ`Ul6LGN5&Ye=mn7X?NW|
zp#t4%@=M4gcX0gtw#G;~7w`v&WjCYwgbH-4k&Jc*$H_1043b-c+~K0#!O_Gd`4FiB
zCqVm{=o~qBaGcx@7nxESeFxfa4!y+Scxjj|B<52@8-H5}AA^T(wGea`k_uXuLoYEn
zhJ1)mKO+Fy3xFX6qI5~J`3J{<6DrWHhGW@?Bfl7+<-|gfS1j(}*sGBp_%;Cc5Xdjr
z9UK=I*^*8HaIu6WXK*|`*p~D=0Hsjcfs&lTF%>nH4@V>bknDhzZbg-X2ggz!ktmb0
zq}l1u?CLZ1^MLBZZ~XbIPx(!#B6mU96cU(#vDaUHN_~o!xdi?z92#z84Xi$$i>c;g
z9@ZHt_XB>2Sn4s_sXncXspffDH6oC_0plkZ?N*-*^p{OY74Uv0L=65aa&GlGfo0ET
z#9te<#tywi^;t5)7SaWPUJl5wTc!80g-ir(mP0R5ebP{Zlml`F08bN$(k02}uRa;Y
zRP$6+OOE_efKCw$<*Z_HtIvefcHrLw@H>J0a^324e6KCZheAxiKTwiWeXjj%OUeMC
z6@daIIn`(XgE+K7u^0frPzR){4^@hQ>O=XO(c}PX28P-P&pYF3e$bBA@LL1k4aC0@
z3(f9OyA^SeyWoA$A<1n_w};y2UIqPA&@Mal;zKR389PI5Q!LC7PKKVt)nE8)uhOD6
z+1#O)m${vxmKUm>p|(*Ed>|W8*%n4umz!+vP|Ld~&icjPb#`#m0a-*0lr%}Ue;H~A
z^+k$a0A`QN!Eq)wcc^^|LoLhs7`|r-NGTCXpKj!#_G2tz%U|K`K`y&zQdIDiBO<9k
zwpuXM#y^9=>H(A!2;`xbeC60<)gw3Z2OMXJhcgE>I
zv7PiY`O-dt+D&!F>0lhh3mm6UPPWHodu`+lnl97rae6lvQ`v2g)0x;>3LK|n`ywH&
z5O-&sZh1gZYfC(q#X#lpA
zkmPi<-QPe*O931P;5`SVI$Ej}+|jNtM50WR)vPl@W;HM2azOQAWzb)JYGaXKmc4|T
z0RCEY^yB{O^UYnLHH3e*Lz6U<@K>KDPa{*^>T?UbLWGnfV2mS{4kXT91DVTcr}~V+
zwm*U76EIf0Xt(;rcKaBv?y9KB|t)|%FP6TKcu~6g{
zi(7pnv1h<3SOLJ(1oF#u$LaS_!8rwc0XSSjl2d&~KV&E43jn??A<3yeU*Yr_PXvQd
z9m4Qe#lveLR4D?g55+2@-465y7^jz9aR%f3pr5hICfk6w1M$C88^!BPiTjU51`LAt
zScfE!GuHdRawb6c6OdA(`g?VK0(~Yo@y9EO4hF#~SJmLxc7l3_*w1_I=W0CbeK#HnaW)9f
zkCUPoJkCS5`fRQ<2*w=J#Bb!QVP~2R;S7S$owpbK?a6BB9JS!@Y!H06$Q~r^L2zP5
z@eP8SH1j__b4Q@`FBG3BQ%#
zUW30DLwo2>jVc%e(sp>i;gDoSrrR}Y<&y~eBhbz}^x`#&4$w=dM&WEEBAi-5`&Fgm*2WOHj&duFhAt~SlHgPR1%JYt}vNwWP*
zjXHh@mQTVgw=f37jzVnnbU=V!f#MRrEmn0DCu(*&k>?Ei?gfg
zT#sIqc3aW@v$~*nXOqCGK6dQ1qRKC$_a|Te;xQR+E9w$!tA=(fdI1A8tBSTN+2&gD
zR@AP9DyiW}BjH))qtHdhN81q+n#hRjPCLjCD*GV(_81o|zaU9(w>HxWK-;xv)d)KdZ{tHEeM3>P6wlFe-*eCWh!B7CQ|)9Fr2
zhMqv&!(iOya+A$%B7DfhnH(J%h1)EMVL6OV#6U@tWc!yUva~en#Jj+J;&QMMVso3w
z^cQjBlH}ZkahrgY5|Q-COW6Bet_{Yjh%Aj9PQ>3md#!?}91%(Mtpe2Ed3gYK1gL)?
zkS9mvtB!*E`PBCcxa(_)*a(yAVdCwd5fN0z2fkI6@x?{zInI8bx1Zu6RLU-JxRvt8
zbGZ0!AwCR+u+-NooJu(=4^5wZ`I8lVPRQxnccDk%N@!O~;}yFS+Ldx@Oz}#26N}}H
zx92y{W~;81Atfo$rcT?O^tpK#?OspCCB>qm5s
zoU5QdfHOT*=5h*X_c`1JWPL^aIr56dRZvG`-IfDy3_wc)`Q^F_YP84BhW-GI
zEFsBJQ1dVvu%!C|c({ZlM?r1YQ5RHvax(y19FUsdP^Dl6b$TW>ERvOXd@$KbMLOR5
z$Aa=m!qCy=Vync`Ga6+`h6p}|%0V2-7+$G5u5vhvm8ZN9IxHJ_p&5G<#PJ!HmS}>0
z+~FuT!=FJ%h2{`wi!g1mY8h!1U*W2I;xhPppQh(Wk-0{wAMtn$MZ@N
z9;W9y^m>zaaY4BX`!q8xQ-2?OSadGPSFf26X-$IpjL<{!?xABvT2pp;#4+hHMvj{#
zOd>{p0FJa~#=Wpli%4ss4;mx+(orR$rI$A`Z3(T|Wg>KA{u{W9fM}6}!I0M4*sBC|
z&=)V3f)2SU0Ue{sE^Gmv*u?_oKtSXYVAJxAzrdTV1yy_+$5BnH6(;SRXUkGa+hC`f
zlr7EjWbX-k&3BTrSsXMmE+Fgay`Ceo{xqfOjw%@~!5h>|_>D8AjB
zUafov**D$?5!GWT2h2_65tR#%8l@@2BX5s|uv%p~b?XMeKP8R|CGxQ_*i)m15dP1Z
z5Y{ky3fX(&OjLSW^!;QnIt)yD%qp^xT>9P=9azd0B7jOYVoUxjmM
z>6tMn$v$}+?72}K?&FnUZ>z#BECo3$RD7O-_Mg5ojxfii>E+BZ>6l97Cge(^SQWcE
z$bv>?Rg5+xsg261Sp0^RHHzbqQQa1zise%7z6t(zltdhHPk$9fQcVwk4}Ml{Kh{N?M6sey7z%r`F
z6hyI^9yXnblwOrMe+u81I7TYc#%o~@6NChbC9?k;U^^&T?x=p`ct?h9B>>fQk=(@t
zugP2nN642WNj8)qXhqskL;D^P%)wXK_i9-$Ie)d7fv
zlv?oKtgBl4HI>{7|GMPs`UdTdK%aCMxYXT8rSwxA$l4&u&6G28mC%R!90!AtQ3p}
z*%3y}61)fiXB#-_InaLIYd;^ipIhzcyLc{^0|!kMX}Kz|iYN|T1&DtdT%N}17PUQ3
z<3<*>Hc#Wm7PT)=;|z;hl&5hME9{thUShdTENW7o#?35hE}q8O7Bvk|;}#aR1yAFa
z7S(%C<5pHWKigPTaXpQ5EvkT?#(CCiezvoyzIhtAw@&i2gGCj|)3~EW6~@yz-=ccq
zXjtt@Gcczwc*n6vh{)ft
zaFZERhB&5~O}uh4ruQF1(hN_NNPQP9lk=eNHHnHQ#N;+l;s{!F$Tr9kzP6jNsSqB-
zxrWOafr>F!fCIPlO@WjqKK&uMBB#OLw3Ls8nit7q3bw+U8D;;1J@G&vO`OT9XU_i}
z0{^P0iL3^;z|}a>m6aAu)!g*`(H)L-c0~B@hrp~x?1=RZ>kmg`b|m<^V`(fagB{g;
zOK~JKE0Y~{eS;8YRugtK@(o0_%xcPxY+na-iCNj~$n_oX3`Y(-@_qHcf}=S*dio-|
zfv08ZL8cUizNg0_I;~?yz%jzNgkq4(v7X?&MoDPPj!C}7?}3sR+7(Hd>bnQ8N@aD3
zqQP{IuihtcbPT5f`99ya&2V%w$3fctzSB|QDF~kh$AiAqpF!yrRtN#hd?UYvqfeQI
zpses+tq54(vX8;B*0=IcIQnsPHv4w(fTMpf74=KL&$`1gAcT5|*L=gDhNF<I$x~JnIj1!CeuKQpK(})fumn*K
z#2>Xt>bI{Dkvnjz848w=1*IoH@ZNUtHC40>
zqH)k%v9L;KsC&8zd03;Zcp3^EuOC2HxfcZVa__^{=
zX!0094I~dt`v~NYNs^pMKGo=iT{>XZ6zm&<6(7G8HsN|OBv(;Gi$sx0G9cnx5>cid
zGNC|;NFgGNU>grvc5oDaLN;aQWfjFvgbm2dRUJUPrf9<)nn;MnWGJVj%Bu%m@hsWS
zuz?+sh6gmOC!UmH&k~ADLID!WK-tXEbglpgiAWX1F2Yt+6y25hD@5aBVs3IGkvRYd
zr$Ot^*`Zk}cv2XVfBhYrP==y9SjkE!0Oy1oRmlQ_H$a`p*`ryj@gz}w3F$^xffDw8
z4p4t3YN`uR0?rOclwa4Z5AY-bD~i(-Vh!X+iYk!TiN*si=QNi^@`_df4CE^R5z#rC
z6a$gG9xE?7qj(Vh&K0XjKShCbKa)aeh1rd=NdD+9kb1DdBq9X}95585-CPZ`i*qH^
z{uXI$t`vh|E}K8Q$Pf7+ETs5QP8us3H4kEk@3}3SXdZ0$wu3R^H4kBj$M-X|yXK+n
zFnufM;;kc#9hUEy0Y?}+B7EOs1FE@~9WlO_(Tz4&gF&pX#RUk6U`l!4(NUm8vLnH_
zXgvaru}Ckh=36)q6kj;i>AJ!kgNPYJG(e5>yAZo&eOs
zMM9R{TbmfVa06g;~50RmB;r&-g63
zWU{E{5Xa>A%Fu(jJG`|2w_OBJ_K_2(G-2VKGW6Z5G
z^dJ%RR-Hcr_N;7vdBkFlWF4K}wo_41m9aKerPn1-4d?|tKh3U;-4~%?_Dh}{-2Ml^
zM=~Lz;TjncaY7UH9f?gc{hBTsu9aal+c4p-M(%YooTdm75#nPR1!%+Pq)y@@PRZTf
zY4M|L0yVBxY!1h2p=FYp!af$8*;0!y2a&Y6d>NP7?CUYg56|2x3BB=qQ|lW~VEv?J&DhV7
zBaywaX40}&*`LUM0qZ0!Q_5P<@gm>G+DOaVWvh_=4%S#&)+_rJVIDmUO#O0#{HwnX
zOoMW@!}3b74=bGudt&wD
z(5_oGFgxSTLf@d*G|@`w{K7Y|B^*lUH+>TxmZDWNR?H)Otvca2WJ`9$`X;S_qZK<6
zeEms4Yj#xg^&g{A6$M5u%AUVc|Tn#8LfZ
zxV(A-V5epJUQEMkddJ?nkJ8x>eqNL2o4K@jM{_GqEk&a%9Ak%lNq~7|{jwtYE`^n`
z&pFs=5%~#XlG`LMr3RxcDJ+qE04i1P
z#|+JLeG}^VsKZxdIBAAwIcWxAy|dts;A=o*ZUCh3ulKO0y@v6$Pft+QpqgPSTU(i
zG@85yEY~Rk8GRALA1t74F##%568d2hmivN=<0t|Un_7XSXo!TR=$UdaD8K?2KsF>|
zCne$;OrCPLXQT>NHlABohNU}RoUtO|Mq5ZpRblrl
zMpNyb)uzpI6SURb7dg|C(?5rOH}?y3h=WQH|pi9bT(p^MKjUvZ?h@^^eFUeXJN!)Z9uJZMo
z$5W6D^6;9AYg6QkV44Tvk-}DsO|MzC4#oKpo65er9;NOoe7tO$zk$iJJ?Nu1V-7bu|$L8CgSxBV$;pXGz8{i6kRv0$O0^Q&>XN
zGSh*<4XktG(C-;@BPx6GuDc|caliEuv=Vs?e5di(C|)XyY97MiYs}ZDqv>!<{~q*T
z2;&1r)U5Xm$Pa}7xgTmI%1nkss1JWd_N`xqs4n7}A@Y^tm2qDV-d;DhMjWgNM~`Tz
zfW{ZWberC%@||;TBEAffBOxX;6kW5(e0>dKm-#_?9BvVbEoNxKWBh8Z1pPT#F%l8@
zErN2-qs7A`{8I$^yYh%fEuG;p?u70IcHpI>pa>Z?0)Y)2@;=fnrH?`pNfZy`Yop<1
zB;f=2e2%}CK)FC*oBoY4wJ!blKc5>6-ECk3g0Os;Y~mdpAW=cM9pc
z@oE!rGy$!RLsy50YW|gpNPZh0vRqvQBMU(v?O-H*YfRLn`*4gKA!~1|oo6`@^reJJ
zrxtE`8Jn~^=yBsi7V
zK>EQ?etsOtKYG{aV!WpGhd@LG{u~QYa~4&spF%eLZbzUxNOfFtt!C>H_N|cnUV
ztr-`vB)9?|{~@8xNnVB3M9R^OR_NJYf%iU#q_Vxj)F4Q0p@l3gEyRbQU2^EETjyRl
zKk6$8X{Cj7hbzpP(pq
zgpHtX!>Azj4lklBm<+Eu_-nl=nT^q{2nC48aq+j14Nri$&IM2+Y(Pb+-$j5|L43;v
zP|R&WB0kwpfHNRoasd=~8&C-oR|5PBFAo~CiUUR122_!HI|7sgG06q+Tjwg0NmAc|
z(NAWA*xChfRabyysb?1=nSDVVQw*RwWra$U`j#J%{QH1d;-ZF7y-|R4ssHgZ!g(6R
zEiRz8&{Z__3c09V
z?WH*|NF830rvdn)1n7=|kUB_n3C7__r~`rQpc?nBx@$o8lR?{S;=VaFDp?VzBnK(<&eUJ@M``|nwKSqLdorkVc)cxRu=L)7MoZnLTm#w$KYc&-o5bmo(>$aMBN2D?k0_XwdJL
z<__c|H?aYr4fWH@^aOpPG($1MGkrE_^ZoSv3ZPGt=9Sg9{57C$@Y5eThUnfS&HkNi
z{x?87;?UJdqGyc+Xqxmk=w<6gUjp!r0}^_jA)wEc=G=R1As(pLA*5of9_ND$L}HFK
zjVpF0Q~|AqOOHsv3Ysxrnu{>3%53u;_N6PI3o@M^|6a&nJRB|Ohb(8GUD#L@Eu&r!0&*%Lr6|h0P<~&^2Sdx
z_@(*S5v0(|mWQ^AzaJ@d2HlpyM;hCpW&pHxK`Iv+^t&|U_u6%2FaQ%>5QoW)MTyfi
z^Y@4B*1iO&r(7hbH~{I<%q`G|xZijcsADeDO@~zQ8LLrELpAda%nBHO1<+qyI8T-o
zGOh}c;hOm;7D*WyQ303a;~!YV7!;+M>mIRF)DVDd7o?KSpcu`p*2b398-P(R$c>_?
zQhyu5e7Opp+Lrpj5pY!0LSIIYNN8CEW4Xg7B6wm`O*89dL63V8{(Ff=kykStT5qsX
zH8ite6Hp%l@l|mY&3|M7w3cRmJR2hZ0?Zrl2;>ZBlx}9B4X0@4Sg7lqFV%o*KuE4e
z3N#3#oKZ&$kCQ@B)V+yHhI|9GgD$Cvjs$Oov83#3xFF-^6Q*SD%3Y7*%4iec2eAioiW7(F$Eu0j>h%hNRd>!pQ}TI?}n
z&FAI&?cmc}Q>!DgjF~Uu!O>TXpjmQ+FsbE6(hR#}IdvkKCZHYe3a1%dB+ceJj4MO?
zdXY2@?QnMl&DJ7m=GI|+0-YZGoM(?628GeU5J|Jc4ue@xv!^g!z)Fu6@c{C+#f2n9
zP)3la@vWv0J&D}QLkZ^NuPv$z;s~bQ)U3Q#xB&y+6C9G9NAz;H8X$MCX?DT$WaB3-
zEMx(`{|35T0r=A{%PL~ww@8d%G^^YN^n0Mmy)X{DAT=z~Ys|(UnpL%?3R8Xoz_ehHZm=5F*>dw};DjfaI#2tgc(XdNr0Q?*d?k3koQ+
zI=Z#-ZoGH{ntTGrx_<&S)Weodw1e9Xz?%-p4k<$qtBMsxj?P)oF1mD8X65uK9@$ly
zW$9s8AJ-TpgOSzY_-jWf-u!~T5vNCSPivQ1jviVC@(3kUU8pdryJ=SDD)a$kkQPDT
zpgkwYUc$nzS`;3mnUjIetc5#FMCPyWqlhw-d^*-bBZ$cursQLvk
zaO#&uKCiFdt$9g$LViRFXcINFBY3I|p@^Eel3mtC>N4@?NJ_r>go$;kgV+Ito-UDZ
zHaRa#gZ0mcKppN-)B=Mrvmv_Km6Lec$e61|oJF4!K`!HdP2bxD46DJgpO`k(Mvn97
zL^9<+7(zeO1)Phth)28XO2hjUoR^9FCE`|ECxaf+f?q~au$FTNfN%ut2ieGJKcZwF
z)OiHsNb(XDmX1f5k7;J7KX4B@XuXK;kL+#)EXr!9AgM^JMYlzngsAWs
zuJ17(hpJE)AGe0blYeKEZ&IWw??r|4lqV}S^TIw|Yz6d<;&5(4WslL!?h!3%eIZIR
z_dNu;3i=O_2y`kE*-T)GB*IvyMKrC3w#zFRn>8~8dzC!Co5^^)6Mt<4wd9H12Dppf
zs8yieUYbPJc~Rpz&3qoyDdx+DZ@UtF*FQj9HfZ4#Gs)kWGhWc52VwLhq?`z2R&kcJ
z(L<*}C(?p%%&?W;6#)Fl0STR#x_4;i#%#Q;iY`*V2HHM9JvtSA>Mkw(tHHLGaR#(=
ze)^9Ukt6%H@Nak9`yjVL`>O=~fEFHU*!0+{_$U_sDnHcfNFiy{?`Ry|0-S-o#eRSrD%ffMTGEG(Q^i
zALAn}@%L0}@tGIkI;HWE95aGyh;dfa<8J~Ui&_$ozl#0^>`j9BnPxqVgA1~rLr{YQ
zzFv$P@}e9#K^H;ERo~3Q4iUuv<8OsLbpfcVrSrbl#Ze$%ltFj}JSf#S9<{|(Jm0r?
zSiag4P1I-@LEp@4Q62eA79od_|HvBX9d;oS2Pq=iEfC*!Fhmj&gZ?A$M&~O(1?{p+
z=ML|p+)03SvMcpROF@(ZqC@d#DXL@oLVmCisHemJ!aXpow`&m^gHr%(K;Qxj?UMZF
zEGk5%kM=^Lu$qK)AHQXUP@gm>xt>!>TlNhSf8v!WQmCp~B>Ly4ZmApvD{Rlb5_(S+~f{p%2p-G(u
znjQ+xHZsKcGtxzCPzU|8dBe*uo1FO4R(BU&w-}nk_oKPP-6$VJ1?~sjm-12AN*xK^
z_ykf)oU#ChHu6^(j1`yV@1LLupZA1OGA9#+#EDrsRI=O3T+Yx*TQ
zf6>G`*LSP*;UHen;+XB^#ameL!c90qvtmw>7k9^8T|3-{le?_(Wp@EE(ns(g2*h+w
z?iHDX(h2IuH095`WZ3PdeO@yJ9h}#sO=gp}ioLvhXC}aEnY7)DqXwXP*>2LtrI$C<
zOqz*!&1qPiwM^Q$^75p_Bt6PvaTa@cnP`$q>}5s3B(2BG*OZ!ci>YPOy|Z4E-dHv1
zWm>OEniadfOf%^sRm=9+OfY&~)iTNIHR-Za^8|Ywht*;a%M5Ev_Ht~}O`?|hEKD4T
z$OHT@z;WaOR?EE3CfU8_pG1s9uWp&AFat|rj}-F=>=v6|Go2vK0P&iV2Ku&)PHs`PmonKRGnALU=zi$&T}xu$$$e
zkXYv3*riEfj}(($`LWpanjaE>Q$W1tQ-!eRGWsn>6AhdLNz{5G4rOBXLFB!b&Awwv
zED=$jFuf-Em=6P(Vm`u<+00L>j7b`n*Cc(>B;5{ifE7nrIuj#Z9b}nwL6g^{7rjlo
zip9$wNIpDp)@(dM$n=_Y3y)=f!=|#=z>y2fOo!>^8&piXi3O)mza|g5zQ?3XbdY3t
zm~_pI#lBwiYogH=ITl;t0U2gz_LvSDyjf`fyWu^OWeg_kBu0?0W!{0AVv;wS0wy|U
z5fc+9kvDmyn8~nPYsYw%2AexDomM0lU|v@6eg;
z0mo@RtPz+!nDZU@dQH+lO;T(i3d#=Z9u*|%D3)n9Bm~WYOU0W!8g~%|;+vW{)M51>})pwu9Yb(`&v)
z{CxoNn)fY*br_>JF`8&NTGWI@(UPEfKNDqB@}A0OI{L2^CR%Kwx1rAM1prgbQ4Hw;
z{>T%!KB3d&;k5A;nVJOq6A?7bJS+8I;V{%2mY)1%eqEEE{GKMB11sS44W9g-CZ3Pm
zZhlV_ZhB9X==?rrepPGrGICe7cH)_w-dq<24S7K8R3AeOk8DJ343{Urnst)V)vRv_
z{TQweDoAJ0%m8#XYdE8;Tb?44UEPYuGr2AzUeK7)&j+BZTaPokhSiACHLM@@hUd`1<0p!OW(=~hAmyNITE8&5mh~K?Ygq>gJ#pkX
zQIO4`i~w{ks|sA6{1oc~qf@Nk2|Z~b(9Ib=A^@FYb!K#JtMnt3)Y?{EJd^k0I*@`k
zjD8{jUE7+&=sH#&qw82h2_19+No~vM0|Dqd))q$BwdOFouCouv-kn0!X
zZ1o*D$1!KshIS4}vH?idn}8Oap8RyH^kd{sx6<$&I$``2QLva93tdLLL8M!)n5B``
zomm=Lcj1{Fz8PUHWtN8>76@!)O=WarYcZo6TN?>|&tjn0FnUh_8dOGSSo;~BVSP&I
zKDec^U_GP12|#C9A2B-9`iaq*R`}yU55p{?U<0FL)BNS0X=!kI@|##SfTCv}p$}dG
zdNZTjIcRn}R>$&+qML#7g4Nv+CNllM>;(2X;3
zWxBrrI$HO`<;m}49b$AR>ms2`Q5VpI(eDJHJ6YQpop1fY=zOaT_O_DiQy0*S(LV>E
z^R4rYF0kqY<;gFwIuLr^aiCW)x^g3bObV9W=Wb
zn#n9(tj)~Q#d;ghp+oN;CJMe}&^(6)=q}bcMt8N&F}kbuD+Q2#00CTP^veP0uGVTs
zce7$vQRKT>b?{8?HUsGU7=0lC-OW0}=0>Qo
zo<7!dcqTs?4xUFjm@*l59yn3!WBtJ_eXS$R($~67!8C0FmRQNB)LT0|h*e*!4qTr6
zewKKOQqs?g!!tSYalo&z%t-<0epY`*_qWm*-QOy}GhtFMpqog(7~|;xczyWO@HX=^SKL$1}MZWy?%P_YFV~vRX5Gu+@^$gRKF0CQPPu
zW=MWH;-LWeU~3Y?hgj1YKE!&Q;Ez!{vlV<-0DOq`G{c8lFEM&r#q81FZB)mNN!>wds>Diiid{{>-z%gtZ;!t2p
zSCIT^9l|tZo)OkC<{4ov;BY8f5sGKN%VQ6cBdn3kGt%0~JR_~6#IuhEn+A$!Uojp>
z$rx!p#f+n@@0oFw6}lFT_fTL$F@EbXBL1VSQw$$%B?IQkA8q9j{Bg?R8VX*%slRTF
zwhXvD`D3iU3?F07Ao!?@fLBuRd!Erj3^{^bSxx!tl#LeoXQy+=bkE8Nc4q
zp6I-^M21LceiTPymPmd{WiZh=c?n~22DEd&@}5oJv@FGZBDpu#NIE~tuO6)_MzUk{
z2J)fv$ryT282j81S#%te-}BOggnsUdU~=%oJ;7Z;#?X`4|8&_o!ipXzy+kMe3Rsv9
zh+W(#jlh2`h91Pwgvex32~*^+y+kJNJ}$QkeS10NR3jNfPvW}QWmlmyJxzM)N&Kr^
zex~<*EE4BbD~I*Ky?4R-$yPzgVj*$|KoTvr^E*9dgt-m&am_KgwoD>jl_Ove)>o8O
z_`VO2lxp6|Z;_O>j_+CWtr4odLcTpiOR?;}Uy*Ok(D$%<7_9eoe1oFkTg$o^J8Z#v
zq2rrOzO}=?zzS!uKEm;BK)!XtEGQ|#`UJbrXiwz*HMsZQA2UP
zXt4gE!?1;X)1!v7@MVtgZt`su{o!kbU19rr&HbqTNc?&-mHk8#&7A2y;S_uA=ZyzR
ziGKyteXmL188vTaQ;wa5)oaGkvW1?*Q+aH+V95cqb+36ZCazwy*;x=1n0SC!80k|l
zCVl+FVw%^y@&!Da!^3OR_3|cNU2d_j*Q8IVS!Np)jMt>^?^*1VORw$m|P>zOu{tS>Tc%0@~Zd0@SO%^C2)f**F8ye8SrQvjy0
z)oXqRZ}Td1ez=)9$-`pPYtpBoO;2+QJ@^G!!(qh=Cw%et*9CYau*Y0Z|3ykJ-R^HO
z4T~5rlB6Cmy=H^CAa-O)7q*c1?5$)f`wkRBiuvdR1SHd(!cvq6-D7FewV@V{u~JOl
zq%5IZHnHLZnwP)0W70Q*Eb}RjNnfp}sI
zoK1MIzAnG}UKi&>m48py|LK<4g?knKO3)31`&6xHOladRf$k9^hxV7SfwdiA?Hw3l
zcTd7~63D)=OVgxy0mGMwB}t!U;Tlmq=g=o+@vFloh5sXbLzus4gu;G=_>^vi7np2p
zJr`RMzAiS0_S~?kR~MdI3m6>spyFW@hk$Z94A1z#g*_g=A6x_AW7>oZk6
z{b8>P#Kw$#U5E#5%wRWuqP6{5XsVi_lk?EoPm!f*3q&jG89EV1$>6S`-1(tv@G=hE
z>9mug73D^?!24UlxKtvhI`*Rxq3Wj*$lZ1zrQJZ9A`tgF(|GzK7Qnb{0hb6>m9>?y
zLJ=c&;chXTxuMIv1I#@PWI1n5l^W2tE#Hb-YCtDtQITFK%P2W^q!-F6%56t_p{(mf
zI^rM_`LK+luL^5L<3;rxgj>@NH_8q7o4`niX6#03ydcXfAtOZXGJfjHZQ%1@g83(IlKE88Bdy@KrDx
z9zh>VGNM2JN{AwG+-J*~?8?~<-{RNN6HZ-6&+#aSz6YgMe!zeUxO+R2wlcJ$?B3DK
zD#X*r8uX&qX5$Op2VNH9Q!tLP1Mny4DtuW`n3JFtNYG#Rssv$B;h$XHDfhoAshu*m
zSV`@aNySQPr>tj}l!*BR;heF!L-X}^5^!uVDjg7
zi*#82QrHVzWLwQ&b*Xv|FvRU>R@Q#X>`
z+mzg5U;<(qG8(%~ex?djh$WRnZjogS|eN4H_YhJ2afc)Z2{;^0#o-K`Lhk
z?R-MeRNT?$sY{`Q7w%~ya=NFwa_5Vf-Vkzjx+=MRH?ns)vS?Y9i6vUr`_ikj)^1tv
z%Q)q>Th{xss#9LI>pv$%Jo=DBb_o8Qs|jDOLq3&cQMxNC&RF_{B{he%xdpCb{%NhsB;v_S_LreLlCwwI%eBOrl-@A#rViJ6pL6
zMf6(eUw=|GY>6md{>jzV+9SV?E>+}!zGfHqH9bSG0_qv4ReT=(AhM+&?6vJ0or}7B
z1<`zcs){Duw$P~%irCc?bf%A`_koZ4QX2POQF%V9=BU}dqw*5t>EIxQqw~6n&TBca
z&)72k74I4N7VErfXTKuE+wh%ZW2?B~pLDRA)6tdPBSaS)SIfouI{dB8&3D?I%Eib9
zPMgEH)*M1^Pf>~O;|iGpAzbE^SocG6Mm4N)(Jp)F+3UEDc%dGz5s>UeMNU2AZa#ZtQ*}e
z@a3BD3I~XBnLbb(YvcS4>r>#+6wpKeDwD6q33G@7Ht9y?)jR-qIy2=ohrTz~K0NhVd@7?*xQCOeS80L&TE&(tqJ1^L)I&Wrv>ahF%H2AuIzSU0}iaqBebi
zCkK@JHr`)89pTI6lU9dfH3Bo9<;O5RBLC)t=(XDz}MJ&OA|B^HxAnt
z7St6alt9%&>|p6NDi8qOMb%;KtfQQ{BIfFA_yUYA7j=(+a`kUuW^I#jO35tL!xYm9
zr5P9M<&?WnRFA+&^NcOTUzhR=5V?I{JCV!AC&wTy-jT9#E7l(R=&`mG+rOv%%!k&8
z4tN%1^t2_nccb?re7TDx^4~k)0iH=(>}rtgPB&jf{kQ>(kN0Tds!JY$5$P=?yn4)D
z+)8DO_qVdEVCCM4#sX(VqA+)aWMrLKl1!rawRU!}U5_Q~W4
zEmU)gF5R3MSN~h{?3!Tx6OKG
z)mi4MK4`O^sodE-ktzGEUd9Pl^`_72Db$nk
z2%kQ3KseS#sW(zgm?hAMM(Y4_eWJ=Ne{F99U#_Hkx&KCQM4#b2ZsYtlXasO>Z*>4*w}_{u6#g|`5*fFiB(nS-cuF8#4P2^R|POB&hCwyx9f(f_5ycuRC)x4jSG;g
z-Gad#K@AL!b!grandqs!5M)u80$#RL7v;K2G5v2zs0rT?mQge!!^+Wj*Ae4*THdCCw)SuBP!qaIvC9_WuMLs#Wf7g6
zg39iNJq;T-(k-Zdz;U5k-SOy>U1tmvmqHzgPXQipMMRrn}3ZbJN1NNu8R95(vrcdC@>2S35
z+FO9V4d0VC7IEaCTy1o>u_3l*AJY->e8$H4m8Lx4xTW|9NhnQfQ1mNJ%8kTMfsnSg
z5WmtyA4B7Ai4yC6V2Y~;9lmmvCY4~n(xlverHMZ5L}iIHlS#CSNTX>qeb?V7pBabo7t&m~bUO+QvCXlWo0d^K8y~d$z3?t)0!&ZHm5Lv|@JrZH%9K
z(X!d`ud>gBn1Gj#-Yi5O0@8ZH;Fk6+P?De`mSQk_x-Mqm+0~9;4L5#E;2XlcXklI8
zpcaO8P3qrYK}P1-9R8a64nUldv1rXs|4w44e~+e*)cpm=vGFP=Cc7b3>-o2w08V{v
z&Q1USu-HJKpi_$trT>F`OoJ$`6%4<+LxYWor7(Vu(8UNm2iY+g<;Gwdd_$NQYDE?t
zRGFjuK&@B-N0g2C&u#a>Hy~ziv!*Zo1vcxLQ^=@Y<5Yrsy1|9?;*9#osndR$Tx{yJ
zU*p;pa>3Pr(2Pk`+JEMx3gWvECYRu?H&
z`RF4k_MBJC;e+-OYE^~KP)RGTl7)OOLavG4xD?bDQq>hw1->Qn8Ou#m%ALQe@>%6~
zPfRLNx!MDqV2hw-X!^<3BjD>cv%kw)9&WFXh{Ddu-4#F^h0!?ukB+$sjripUC9|Do
zGvx=hBD*Y=4AF(Nfq#kc>2E2#`~ba`sJoWWRs>3ocx;&2)
zp1*7C!xJY8>&@T2yQ?CQJ^!^Z!~8AHl_4d}=h^byo4-|Y^!zP%xj7=P;EWKHp(I|Z
z_B#4=pmL+xASYjU{-!^35ANt03wxp?0BkA|-l+J#E8=!^1g@yh1_|-ZAX!lZv_~rT
z2%5i_GxqA5-$;w7ddP^#+>D;H^Q>i58WV%Nb0I55nu66u;MSj)OmZ
z;m6~9Ij`yQu}?m9ImeevuaC@aN$;{^DA}U-lIfM9utQO65ehLwp=6#
z3mU8mKlRm;#v*L6?sg%L4V2EiNf&k)xOp8HeZWY51`s%!Ey8(Sd7jS};k>y#@5=2U
z`VAv7pX)X+xm>#JcJV*vV!y9+WN00mpo14!3A>HdZ{&Io=R*X}>!!5h1|c$5+=&%8
zkYg0TH<*12D%Zo)Y9SZ557<9J?V_+WtkB0Ois)4g8~?>V1pgH-g;9jN891&I3iwq2
z?h+=ef;idEapmMXcq%I%uR#t8=0SrVCQ8&zIN;huf55pA2%-4Ak#sBbVZlP{BreD)
zUh&ZE#|=s?h(!EPFXP3&17sa}Te*t)szK3JTkgih;BMuJ7_^m>r+O<#$l$GXJ?aPET*Vifj!^
z@l~X3w))}##qfhK4&=#;1GJJv74SmREX+~sNV<@dus0LSZwNLIOMUeOt?{6^zPN-*
zkLLgp!*jrB5xC1JOWAelN&!wP5kw@Csf+Pf>;EAA=>b_~=xF>giV}LWykdeKR*ETN
zBPlP;cV6X`7TF8X$kJ!Q>qDo=xz_V~9?R-7lx=etqNIR_-_da7W~INW*1uKi4_b~-
z1w}4Gi@A?>7QyaQ*H&mLO6z|SPyb*%MQQNHkDnkMZxsE?Z(J%i)`Vy+Q`3tu@a<WPXcQkB&19p%D7OVown)kHc4)bfrTe~YSw9;|
zAwqvPs<`XhjI0qtJOGwiN|4vCMu5r#x-4vek$)WRZ#k&E0PxnrvnqOP;aQF7x5%eI
zJKaOjK)8bL7$J=QQ01uaemdbL~J*%QzX3Iryg;|Z{X&$1MmvJ#viSQcT
zQW8OBqkqw?uF58Pu&X_dh2S9|`YES+)8$z<7tJ8H~6@Me$
zQt}>9rqiNauX^=lFQZmif5|nwT#trsa0acv
z@(`Svq;z=WXGVXw>tOsmFV`!wt6=>#1uSy>Y;X_KDQq>3Jr;)b
zeSs*`0K5?I{^C_o7gX-g`cfs~2GkX%q5;h-E$bwYqd@YqC8pD+$yLy9@V1v0
z;5GAb;K`Y8jFT@#NhCF8ds$*Q(s{~=Hrn86pgPQpS+_k-$gA)$Z$NSY6h^pt584w^XA@**owr)e46wD}Ril!@$Yb
z{hm?Y-91o1Ao@L{wmg@1;Jk@Emv%%SGs?)_1$LR!I^y0}NE)onZ7BEMY9ckK*CZIYj1MT)2$wIr0dj{L%;mCPR;XSVvfvVdsFPsTimRho`
z3%Og?olQ0`+1Zj?k$7~r^rm$nU&)Tsw!9BXx+Nz|&i*QeQMF;zB|thTMsJH4|Db9J
zAzSrPNn=iNJ4lw74X_}{*@CfIu{Y6r?*Y4>DR{Pv9Z*G%5;DdVJD{07g%yi1bBzSU
zx4mSQdR8oPtq7U0MkSs9Tv{Q6AFv{CHl}{X?u`mxfSo-{&eo%XRgZk8md+RzW!rW$1kaFg&M$da_6H-dEsaw*ni|`)Xrr^S^uF%|LMP+xH`$4uBx@
zF&ucdm>b;tp5op|nzr3;iRY1SRd#s2?^RG8mVw?k8YkTQ(k`M~d2wx`b#FkKPym7@AH!CEHs#O@nN1IyZBd3)_40Thj}dkCNHH1g#a2RZhOUI()GMKQfo|SU
zS&*znY=j8eyKzfPR6VK_tcSNl|2xR(JX)&sMwLsT7PASTW(--i`^=gBX1RxSITy|SIRcKSIX8?gk$-0LX3b|
za~2NV3AVMstJ8b+>MzQSPv<*2GfDplYy~zV9jL7H9I^*gheeM}fs9nh{TwG<
z6yDodTmzMjUJpfbXdEr#r}|Rd>pcm-A?i|kI5HdIfFZTsje;$Wjfxas!DNYGOJk$X
z_taezN%&M-;NKw(ac!imiyZC9F~Ra2RsoxnNEKo%)j91d5~|b_VhNq>3C6>a|BCu}
zhUlmdsTzi-(XJwmRzC2eKG7qB3Z?}+tP~clCgrebGpA@9)kb5B2A(1J%C@l-Wu=c%
zG#6Ce1gyfDwCorpeAOZ|KC4SZ`Ob?}*gYZ7y7~7b-Z-A3_pIYy^n@SCnAxw-SPsib|dYrZ1Ec6(>E0Cuu@b*ZDdn5WOEAF
zmKY<%cAUI$w=C68U8<{~26-SC?GTZp=WKP`Y7WlP>YlSRWUJ!^GaBkzJC+6+Ze*Kr
z%~$XFA^q$O8?_%4#a`m3pF})P}I%6M*2!*i%gR72p+q6
z0_h)j$%^&H_hq0uECUUqJ5H!+#{V=5k2r*3k04uCd?Tv@RWx;lj0^bj9dZsTyf+v8
z25L~F!JS(>Aa`w;+)9tSa_a=iT?e`NTVXLTOz!QVhRBV36=T9kP*c0e@?qJy}
z2G(+QhIx{KA<|xi(0IS6RyRN5P3bUu-MWmkIX|h@0$}$vsEre5yHlOf-=2?
zoVg0`^?-Lk4feKlR9iDymJ+NRUedrg2U%w9FJqA4Mlnb#FE*
zV|<|p`9?uhma@egU#7XX%yGw;KG<(2s3o1Z-+YSW)U*09S$PCes@Hulsmi)?Pla*u91;k
z)G6-bMx5P?K*}(eyRnYncTk8Oon^c8Hni2pqmZ_EY_z-d{=YWby@B9%`Q?{*^bCT`pK;)JSxv4}5MxJ}s}`+OGD%b6
zQA@;5L>pChq-ify2GwC17{1PuEE@voa8yZuV5AqR+ii)5zy;z%q$_v44K8FKa&p~Atl}LIv^{~WYq-&HF-fs01P#xxl
z)yr{0R^#1v8xTVCAHqY3io;~+RbS!$b6mMV^?v*`mZ
zQR-!*BsF^SNbD87*}T*aNigx8$!WZAx71F_L01Fc#a;QOcDea^v76T;cJzuX02|Ku
zdoa}0QRX8MqpB-wa`Ebl0!5ZXjy$-CA2Rab2|qa`sH@QOLIB2{=*VX_!@V`&-ttP1
z=iXtg2kxay4X%4hIlDLhJ|R}%q)I#KUfhhM>}xbdxtFqof~6EF4sq|dor2u^KETNo
zG!1nxg?~fbOQG`+_sUqh=Uy2w_S~yt@7ldm0Nk7238Lba`6Z?G7=iAE`T91W`Nj-@
z&g9B6-lRcstvllnuYsJavhsA+Qc$_qxPkHbUvOchlfrq`_%CqW>nNPe&G9%W(qFn7
zL#~sc8fBbVRig|sb2VmDHQt75Y_9Zp)tEh1^%BzKRwF5=YK$KOo-&HZo6W|7hvy&C
zCnxQRDJn+IHzLMPRCm5(b=wog`>L(HWVptW?O7vrz5b`TDtic-Pu-w%8iGzgJPo;7Y^xc-4RRH
zV_7qRlPN|T+Sw@D8`9Zgu#OAqY(xki%Vd1m>ufUL8_T2sbhfx%(7zvQtEeJ)9p*hy
zxx=`z?D$7!<0@DySyZpXWIm=kOlveUF0%oOEVHZ@jC&!M5YS=N(o){ML?y=jPvhP;
z+)9?d11+UO4GLXrN->aYNpvnQ3^`Xaa$139Gma@GJ(0ba>
zRC?%Pm)9Blf8Q*daNv7{2f%4QfCD?6E;AUXaS)j#a`H4w%tE?KDfG6D&w}bOFC1Nf
z6L$0$DADj6tq
zqn<0lc1u22f*@$I$NuPUym*?VlHY_jrP{00GZ4nTg&v4;`yAOreJ(ok=a<0Q0-Qg!
zkhSb_CeBiv^pvX0N#Z2u5#sCv&d;SO(g|0Gx2ct~d^tiEy$;;Y(=zN1$@Uc4HWE
zKaLmTH&ELvthW!VJX>MiXe_N+eQ!slZ5+)T2^l;&8pVNZ9=MhuSX5id@dk%GAP4OX
z5w3JA*}VlW?ka=~K~BpY>25ST{uo7jgZ0wXAekFPCCfk$U&=@1r$JO5Nmx&aF+^xe
zQ3{Hw$1Yfb5PG914x!W2BJo#7V&C6f>bg_w`a#?FubCp_O4xr*g>B9p{BLCwiGNlcE`{v)60$hFzOSLWo5j7=ET@txIE{3(hc6PpSZ;s*i_1mM~A1+
zFi4HPh&O@xmPN+s7=N1=n@O0dV6ndvWK$4C#AQ##4gX-jc8kP%+sdn;a#y45@Yp(c
zuye>tmhto(JVhI~^-(;>_yl4)O8D#2T&!R_fvWw0orbKU>BXYU(~C!!9}9{uXFP%$
z845Yol=K8GeSD~Nj3_Y^aOWYYNjJ-4Mk|*XMehV-skQLj;`>N8Q(9_p>;QypSw*x`
zC^ZT3FEDn`lH&GgartwD3g%tEdCRUS!{YAso44&^*Kdy4`ua_q^lT}%P?adQI|g*$
z2X>rno(N1#2-F1DmdJ;>Iut&Y+
z&AXL-rDSwl-CkSSmm<&e9;HCsC@nyMce*|^iO=16t}#2_Y+?|
zd7dMsf9m7M*16vKfw510eD5&TyNFwgaqtABU%yF~$XgJ80cy}Vh(6x~*z2Hf3d08G
z6~{h^PS*g`2!+M2T9xHtQ2$5pda9Llt}eMcC-Bc7XaQ5LbQ!D0Uj7>1bM2dMsb|wgK<-&rZsNl*2svgO
z99V8w$ilVj0#WjbN2433t+5rYBo~`74Oa=;BFF561G^=OT}6c2Dx1t&k
zs>5v1S7=;B*m?m-yYcmptS;Y!$-;EdJ?5%>M3BPMF;}xW=>BmPG|c>NxG;JGj17mJ
zMf@BW5nc_TF5-G&#JLRe0j1n)H`hUBXX(iMHFVu}YKiI9SBs}$O=#qOVoFHlePXtb
zyeF3zVgMM{w2>>-yL7K9A~94b3aPVR8F}x@k$04f=%`Weui%rF=TDSL1g^+wGe;d*JkAjZ|xVkKzZWM
z7SzPBYD@VF3PCmN;J~_ak%h5WMo-_a4S|`&*8E*l*7BF7aC;V3ySm?x;w6y
z{9jQ^@)qyjGj9DH;gE%RlakWnwTL88*_y_xMZ_gNh_}sxdakate3>p(Z%}y+M%l%}
zz|eDFsUhXPH$ByfTug!J-H&PftDmVq|84JX_t+aUy7c@h2?F|24!LFJ-RcCiqw
zTQnIx#E@MlayS*O1&Ve(LpsST+9(L%qU}Q0af?R3c~8*?JjWG}x4}OO9vwYoW(qyZ
znA_3NFyc`+jHn*{#9J;---bt&Az@FLEx&`xm8))n7IEu4qPs7~y>AMett+<`sKHpC
zQKGvU6)(4^VJRQyxUSUANSC)yV@AL46r!}?GW+1b)kL93@8z7CBy#KqOUytzLMin6
z(L7Kc=BIIJG_))O#axdA3-h6Ah)hE5u<_r4NLwly^|jF_L3NmoWaJ@8dJYuxA`UF$
zLl`6y33dCorYQLg9wtySQnZXjP#tE2jQEA9pkM09O7$veFfck6$`!s2->e^OJMqp`|$}W;<7yl|dCmsD}|s
z8;rD{lHpa*BcM9WMl!ac|4jwOd;$lqpp#U|iG(VJKPA|Vw2hMCRnRM-I?M(caj&;U
zd=HfMwTll=#mqBDmM&@OEQy;$(cRg_S~A4Xg3uT*+F;d4;QO|Uhr;Ae_R0`$peic~-puYzj=s^a#-AkB*0cqN{?
zaO08gpSK3x1ggU#AooF>klZ?v0aS4`|J7LfuV@wL
z6rVSe`~)bsitYH}PCN9Q{1}&x`ifa*h`iR)=iaDtGpNPtYbXu#6^Fq^HyrlQeUJ44
zxXf-ia2YAy8#Jnr$m%H91f)4ip*O0`0M%iB8WH})g^Q;_F_+_@D?(%vs>69x96-8R
z71kS7j)Lki8_9SdPX7cH^D7**(?ueoUe3mUbuPzETuO#Fs+0uPVK#Ema_oWIg3`W*
ztdKUSDf$>idqCxt0cHPZjF)b74RC1e>8Ls~GP7c0FW=Kqx6A??M|~;2c7xXmA?}D^
z-=ZkKtBVGPHhYx~*p%@nmfpYYdp0U?p)L<4n88kDr%5gvU0khUh&v7<k|2^{FbQmD8={FsR&0D7#pA^1s{0
z0)RPSNo_-fw}eefkL!W(mJl6T@En$+iHETzRA6sRFjuKDfnuU^OlY4)mhzY|4z5W9
z!c=_T1lSBz?HW{x^o-%JOhI4{OpHSn^#H0(73qlG+O0*wyi{^-8@{ij_^p}h262Qc
zzKKeu_y0p$Z0SV^6X
z#kQ4=6fsFm`Ejdp!AD`e5~qS1Tw>fw4r7{wI#OXPXt^C+tb5TR{uX%ur%F=)OpTif
zoGg4^L?sy~ldpO9=Xh?o8+a!v-XWUzpys_NB28jxMS)wK?}@lc#oR>39N733
zkOLLJ7rMDr+{U;ek76~j2JJy%@7KDTfErwOY4a0Sin1}b^mvN+TO}GyruxB^#(NPr
z>ISY$X|l|o-u|JoFoVwkb_S@QhG7@DSl5pUcMKO|6{zMbIPgHe2vt{?fYEa=Z6U>LBvOxVl
zRTgf5mOUyIOO=VMKqKsO6bFZ%Hhv|(onn!fl*ZWlMV@%&#|0s#Lyox^2QDH-&w?gT
zQnKNgDRv|MRGHvSo(Dm7n4c!T@fe^_fMR}z0}C5NF3Kd-YuhdHFVZ7nG9uSP2D6cj
zf8e_WP|Q>uSO!HoMIxa#eQb$VNMBGgyvefzs1CD1Mxl|1SlIm_&A>N2oY#ej8M-uUfE@27vgn=s>Y*
zmEmpJDy~!Oa#{}S)v~*z4vFa(G71v+@
z-Uur`uPYZ<9(pR!tejq`;4aGCmn+0gfY)9GVy5ErB8VS@dcz1}z;&exAqHG;su-e3
z=!3TR4cN`d^{PHkzynP_K{JjiDtiLC?CO}J+A@wvsxDN)n?wOm$2W_Zvwo(-UpR;a
z|GPpoMuyqm6-c-JdM&myasANR6y1;(;G0Egk#OW4JpYJa=A$@p!y-P>nIMZ%>$8x~
z!#9gSB7w%uW%y<8!-3(R-OGdQUS9npiuQIU)`y_=eWYjc%_8Qkb#&N<1M1}u?9%d&
zqh2DOSGAB7$qfy6J>Fl6ev6FTzY?Mv9jekE(VCc
zLcEX69Vv2P>Z&E4arM(}v^<0ELo@gX)Se1^kH$JLsB&rSd;QUVK|PZ!+gi#nU
zNEpFiyJU*$$Ujj*dIbjX$0*7K)nR@Twi#NQfns)Yg;8uRNEpEl+*&XK=~gAon=rM%bEOF+bOHYn!PIB+r3I1WUp8LwMn7t+U+3|#C{2JHvcVK$Pn2`iXmpqS@yU>Q_<
zK?V_gVh>CBH{vR^66U$81gH-4ldvnja4QTbW?dXu7zN~lgb{ol{`tBy($C6ESM}DG
zbpzF5ei9bf4OfOhF~{M+!YIlWB#hvL@hs1Bq^~Jqo~zb_>M%bE+u8%qJ%D2F!-0jR
z!ZMLasG*ZB@fFf}N`~jEi=aBp1{ra0wZaW`n+$QE!g(#f2B_TfWz@=Rkvlm8gH7Oo
z>DU+pm7#cR>q2*NdF6wKH0t#MIQ{BjyvJ0by=~q?pyh&Tu8~5l7$70k4!GI`Zxd0f-&+WA7S#L7N$fnhg+4}6otHvNMYrJ(5v5v{RiU^x
z8x=<*#nF;>Af?*H%X>4swxsv3muj!#aM&cIAG!rE{8dceVyqL?1YHRF3!r!fx=ES>
zTM~{Vjxq{J^9dZd0-Nbj)12gX6lzKwfUMu~Zz!9Q?n#uz!6?EXqi8><4vWB=b`nl#
zO`Gu1T(o~WIfnzwr6oyFD**${J7tj+7)B|vqUpITYHS!n;Dn00YrVHCFt
z5=QVL_u_vIkq%bEye8WXREPOV*dmm804U~g9CV3ABB2HdODse>UzO5pvdckrn2nlj
zgT{DT1(e=pr8ny8%KZ^kZnD%6)CO~qaK1MxWiWxCKpr5RpN+s@4QXATBjVo8!uo#;
zmIg{%y7p~4s9GADBu5mSXkUWl%@^r$Z)4g}d|q?z3qIMLXBBJCvx1uQaYQ|)0r_o$
zEQP0cWih=h%bDk^K!u>GAg&^s)7wC;RlF^=&A)-_pZ%jHXj>m-d{=4w04uQ$x)B9UD!%0~GVH_EdC*c4DtD6BWG)poJ&xR$VKnh-aGYIeeb8#HA#q<cCy)%TQGnRaK!9l+bS>
z)E}FJm(!L|ow5dg@Y~1B4pVh@??ZgmXS8r$@@EBj*pM@-v)NxyoR
zyW{_h{C)n$A@cY8GhO*{XVEMlfV5Lehu4HhfXYqSZI;oIEitmhS380?ODZ&CEvm%t
z0L@!v!eGKK5G8h$BoSyNIPHzoa`H5f=jRgp1B9fCsS~+n4Mw&0klS9#jn#4^b}G5V
z>~6uOAX>5fUJ4dH2+sH8q>ns{db*s1aV;WoK^DnVZ4n`*MRUlaLde~#M%b|@jV{KC<2Pv%N0gZqaa}f
zf2NitrXW3~gn2{vY)~EMCt(eT?W0jkK4Ava#h^(wN!
zl}pTSMM^`RVYcsf&EPPr8PXg9v6@H88v9w7oADO&r_fQn1=Xf5l5DTgGktb
zx#KqcGRNV-5ATpwo+J)VJ#1Dbs*LkJY~DgAXubu&nF$0EL(xFv+TuqZ?
zZDGaycCc`V^`RYi0Tu1oDd05M8Nz9fNGL+7KBAMeIA~i$XA<*9LtMQ=`Uk#Q1QK!M
z9uuN0Chq>qd1+d26;OG+>LJHcRN+a0(_6yTEfv~Z0QLi#*H^w#w3Y9)iA_Hq_5+fMeJFV=`a@uk?>eEA&%mgc?Jg-
zN&DBJ;fJ_33`cW+9bpo+UGet*4yX?ElYNt5Um_@GI~zxHGXHo?wWT
zNY~+;MQD+b4ZfH0%iN2D<`bO>l8n&(aipj4%_5LU_#0*U8o$iHaL{FuUA%@_neKiO
zoe96AKki1^gG-h8W)Vl$k2r{gCv7YSK{K;(&;o+&B!$dpQrBS#KiH+Lo85L(sAz!#k$#vU2qi$FE
zPr3PQ)b?Pb?pi|ixzQgnAL>siqY@O}D0;~?>P6Hi2DIdiXiD?dyQ{j3ltIM5!XI%0
z$SR6|qvkKSUlmI7=PLf3lC94-qZ6+ty;y=b$`Rnax0;=fYIUua|*S@_nwVMqS
zMM^``G}#}~1Ts&UvgG(fPyQH1$AdLlg&$7{97}|R$^IH-vQ>C|0_&XYZz6Rbo)G&q
z#&LU!za$NGR^cBLYV;j~{n1pHFlk~eTQ$v}lz@I^6<(Tf_vRWx?1HA)*S<%CneC51
zl0w2SP7v8&A}cm<2s#)0dY~e6}3RzgUpq{XY
z`%|e^*Da_o>=Ewo2Eu;C{oPR5Bi-MPggr|Be#%&2kV8kKSHVdbHOU)wKf(V$LEjuh
z`l^j?YDYnJ$R3K)I6v@@6%(C5_{ZXjjt}|tjG0r4f6ScdRNx>`+wfRbgw2UZ@ei9
zs>5tF3AFEkZ5SwKbsSg*#mYq@p~@p7-5zOfn2b9?b(jq@T5P!uQKs=F`haMT!hyw5
zU^{3GB#x$6OtA!MjWBtuL3Nm)Z2G)Fh%KO)yK!J)6ye7I*yD5#8pauW~Z)e$^FTNW%O1jkd@YJ%fce9v35RELNr
ze~hB}pgJT2L!FbyX&=$_5fa|VZ>#}9Y{EgiMI;i(O2~U3=|LsWi{gI@szYqF7EHO4
z3^`r=rT+mTQ(+fq-OiiHrT@I|1%K1VFy#c{+xkn_K~B+iX{(37ISl_C;cxbr?SY(c
z|B?9ZTK*sxKN9k(+lK``@k4X8pBKVX15mSIXbxj(8(Vah-
z?_7Ra30(tQzsG={?y*w!|$$zVq*FmH#B6$gz|G>FG$!nqI{TnK;zm%8YuR={7
z^Qe@U;BO}7VLpAG>wEs=Y$E_U7{?ed^mbWkAxBDU*B4^>R5`R+TTNKCNbt~bw`Xc%uXNdF7zjSxpg4{f-H-cH=_(4InI0Ew
zb^u_OOPDtKm4*4|12V`TG`79cH67#nC6Q{UaH7x-!Tp
zkw~a{^(`?HX~QrX6G3&Djn)+PAp>iQc_5mrabQ#E!f4Q%f;dXAFvOckUkKYT9s|{3
zewy^kQ=O0WMO*=OgsSsy+PNj)4XSg**h=y`W27%#jkhA@w+e*tMbrl}OYy^1{4t8|
z2<7iD`G@&9I6!_)$szp@`XYt_dF_&Hb6)WDrBHsQ|3Q~OFEH;jW^W+J>)hB?OR#5n
z$fx#&DBn9|-yOb)6Oi=xPg4GMJzh_GkE}(^AGTHlsUQMY&1#0iJSHtwhszA7-
zgFi;mzTg7Ul}xs_y)Q#nSguIV
zNSREvQN?FJ3~jxY4fA!GR=75(^_DcDimxj9h{HD=7^&iG?8YEON)3{j>a*Vf?@!;!
zQlWwK$0)iKDp9qMR9`Zc0ZVonX-V~El0a&4DV<4Pd7mBkJ~mHEUV)ZZ0IHr8bbBlB
z$>R=M-pBv80(nw?d0$IuFy43YSrJ@RF{sD3$8yRp=Zl;M(YZ=tYprmlt5B{0`vE-T_
zJdCI>l7GLmN>l;oit|!lyy^OPPOv;0FQkFrS=CKLc4o@psq!wNHk)CQtI8vnopd4zewuv+Ak7A}61(f?U-Nds_RL6?q3FT|X;b
zRZ)k;K5^yC$>-y-(pAT#?-3FkD_wQWYD$%16&_ZuI_0`*l62L_mYRIN9UIF7!e>^6
zzp-mZjA)!R>Wt;c0Pi1Tv-7nx-w$zSV>0$NEAnrc_01V+Y*}sWBOfYfgc|#rXRNHo
z1I27RSlqV5#cewhWLu`T?e$>W?usSbwpkI2VZ}0Kn>X|y3bu_Zdf#!ZY`0ly*)d$v
zfnOfS7_-f)Lw}^etBzAt@f)lX--2_)=d!HWk*S80d`gv7u5@>elQqA=szP@kScTii
zWeaWS#$ZEJwvgcER*4o6vH7$V{I{M{7KaL+sRS>#YRPGT+PE4#$vo#eakH%8wLyL1
zcr|ynT@j*r4ryL&Mec@6@EQd7HO_qB-Li0blU~?5!_~<^4dlAP;JWN!KSqM
zZ3ynRIUfB4beb!0;KlDJ86k^bGHAgEmUsiHPc5eF>Z*MQREPO#K^})YLB0aTv_GaR
z-S|fnx`j(i#RV(;e*^x}gs3=?|7b$JT_lpA{djjz18~kSAwz7#w3-gV@*GxyOR*P8
z6)wg8$thMeZOFAFt%!#J&-+lic8qrI*PsTu7Omy4BWTwntrWMl#PU*etmQ5>#|@kF
zD(+eVUzD{kHiFH$yA+)H4oGr|HY&)W**VCPq4LRA87Xw}I6S0E|1C*UZlixDtS2JL
zl9ZZcY=0}F!Y78Pc~Tl%RX6PxpavPcYh3o1Ro#Xv+ZpkxvQy2U?6Cw8
zqpVEju{MslOem%vf#9Vut3mQ&_*aXFK;oKhij&Xb%AW@HvP
z795ds#%Vb{!sO&>IoHhK3H>>e^Mx5R2^=Gp9ItIW5iEy8w$lm!kr}-iIbFl>uZQ9L
z5`Mo~@=N4QdP~~*k?wG}e1=>v!m(@I-TSKGmTXXE-#KXdba6WSS=sZDCGFi4qP;3<
zUtq?32DVxIrS{gkb$0%|c-e3N~N?D77RNTD+St&YeNpRM2WZkT@mIh^I3vJlC
z5X1ar*aS2B5wNw{BMob%4f_Gq&`Q}{36H*M6_bNh-2El8cIm8X!C9qX*atdmMo?CE
z4zgq^3quUsT?VSVnK32K;31z^rD1p=oIi+VgBoPmig9=6L3>+JW2=tAdZV{lg6@W*
zxi$9e!yw#mmX_1`qQl|CeWKlXu
z0bWr$n(C@7#+FoFl6E29>qMH`m=PTy^VBY>$-5P2K(HoSv+-cq#;mIMakYs*$&8o-
zCKR%Jt3mDn)H*2GH#>_+Z+UhK%T7}T@PD5;Eyl9#Qu29KKj)!M*3n;v>Rq_+g6rsSm#|&c(LV-vH(f{9
z-SfQIC!0gJAuAO@30Y^RS7&XezAW|P85aJ;9&Z4SD2d<;U2!*#^30bLT;b4(cn&iJ_M0SFt&0C~>i?#eo!SXqt#Rk4*R3nG*?MSTQ
zu))zrRF!CYDGm}}GK~4)6))ky%XKnPN5G#pXc@eh0K8D6UtCLNL?m$}lHL_(OmP9}
z=*`lq#z51@DDr)cJpzfx0K3iDZal6K$qFG7+8~}33zS(E2i8x|)M))8kwiR%3-Gx}
zhpF9xcb7mXP#xySCZy>xD$rEJxF1yUHV(Q#4cQx0jq>CTS*TBt|FW?b#{~voOPp_%
zqOpB}!85^A2H)Buo-%eAd}(y8QGx~{I?wq4b+gV$IzxJtXGk1-rkaQ()zOhx5F1G(
z0}Jm(i$9OoG;WmsIjKAMJD@sbE#ICpn18I8__EOv^sUBJoHxX;p^xLo&_y_ioow*X
z_4vKh*g@o7M8=~Q?HZ!P+$~&1gb+a
zNchv7!ty6b_+Z2M4g|ayBuw~VBaI@AB9YiD_OV1|VBXsxeUJNG_=6h^L3Kz5`i^sj
z(>&3%4GHgO7;TU%28IZ45shZn&q$(`QNz2a&Gj?t(}_qVS?BOJ+$WGuP@3EU*(h2I
zszU;)7Kx!0;B<7WWOmPKiMwk-oTPPtJq+~y*
z@Rg5*cQ=eO$Q8A5C?>qSQHHLm;!hrt7q!k3cObp;qV&}*(p9L4d{7;dLBf+ch48Op
zA^dK`7zToP9EW1U?>5Th03s5J{cQ-}fb>-*+-pLwgX)kB5q45%+6pvYgl-
zhVXt!J1F6J8iqec(I`+Il0m{7af-%2iG=4G#^WG}6*v?Vo@>M&X5qxX^K-<1kj5(E
z*;@EXP#uy%!sl}e;k`(B9mDtr1Yv(4ESy7$b&N!s;p7lp7Wr~spA9CJN_%a&*ZWw+W;ggK$
zOUT&~hX1EHKIKWmmoy?$FJgJ7@Q-Qv4}uzGzgjMpH0slfv9LRnE7v%~-HpkGYrK2j
zU#>$Ff|gH%NS|p$%!B0o_0nI*wZ0!i_2tUtnQ7FM`f{Yc2v>ersn2%LyUTTOqmr!{k#N3e_=d?bFmZ$ExHr0
z@4n#6@J*W1JqcelqJ>|RBOek+UP~~FOcHt!LE?Q#A5$vbl@G3cg6fcHQaPH_d}kV`
z-JN-yb`>pNF9Cs{8&_~HB7Y7tp~-H#srvJ36et#%B<#08O;HPwo=O!iitxuMY67Z5
zB1qL=oc0kN_fRz+is*^Vg=>^UAd5am(JD~6739KuSXz#&zU@sE^H4on4PeVSt^zN3
z4>gnb&f&7)r8FVN@{I>agMx@HmXVfy#x}?kZ{ol{B%wjoP0IEoDDxfC{>l{Zf!`~j
zI>gV_J(c9`F|13F7lVVACo&1R3+wz$kZ)IFl4OBUqHItdVk0r}kJK{6cdKQo`)W)d
zWLJ1_I3AhUa*H
zV>F&`s0B!bl81*o`GfWkszV}ZuK$bEJkha!CCs@?OZ7zN$17#|y-{!ss9gSynQStT
zf{{zJ5ArF-hBIm4USiA!POQX%Jwjj}b|RNF*oEIBljO{8WQl`F=PNC3v|%5D>W~Pk
zl?9wa^y?&gk?{@A#oss-6TK*FD~l%P=keO(l&e^{g^A7t)gcii`e#ld`d<>gz-WO?
zaSsljXnMXQazU$UBs!6puU#<37^IbyXm7VQ8&roxkm&ZDLi9=!J>Mw8xmb&X7L7+>
zaa!h>CEg~i66Y;SPJrqV8?}s%6H*~&TA5#PesV?eS}FC5s+D;#6L488)2lqor!XRq
zxF;EDz=_5Quu_aS{jY4OT82vmneQ2A((P}N`HDSnESpxKPIE=aWhAX@#76K9TqbSVs-+zXm9}eQ%cd!ic5k`+
zOOao4Q18TkyL}PB)TNTW9Xw4RqbTaPprTN~QnKHn*)JJ~s)N5>L~S516-oX~$qxQp
zmwzJrRkfRT8N>M$E20&|-7;bzaGMo(j^=*M<(9RgxLelK++&Hmy0IR(B*nc@b6*YR
z&XsMpdPB*b({fl{I3hdlHk98i?B3>nCBVH&YAha8i@dp-`yv<7u@@<;6jA1PbkS#J
zLA|zC2~@6gRZ!8f6~U7uS|j7rFnFghcx8eoMGi;CE(P}{g-I@4IYP8Z#@HO0U=$)l
ztiypj1?iUkt*q>CnZ(#^xFwDtovXxp@%7W7IwXSn+Y(OE-%Ju6Yh1*+_zedwS|k!f
z&7VwB?hl0Pl{jy;Qwdau*rKp``Q-|K?NYE1M>3cAIyF@zn
ze$DVAFZ7mHseAWqb-ubYsU(TUJR_w~a<2u6_*0Nu{uwFvUEQ)P
z{^=SrP+gD0Qi~-Gij^0v){JYp27j_^595srUG-`C-KRJo9z}*D_J(^t)7+)kLqSWg
z_{-2(ZL!q&t1ig^t?{m#v`|SObg15jf4jMYml@=ct{Ew-DG5s>A%W5Fl&;o;&^;X-$PK(6;^<
zjBVPr3ZB=;A5GKipv>57N;y4o6{MV4e!$A25%Qg|4RAA}GC!1O{1$^f0Vuyj%Z;+P
zIUNWp_oMQVPK_gB2e6|-HRs~Mr7nf6CNzxsr}Dc3L?&^4gu9!zAU&mIdK>BkpgJr9
z&3rOWXgicq3Z6NOlhGArMK#xj{|QvK;b^q7VHXy~e-mTGU&;o`5{ZQTRG1uf}N0b0c0w2dJ>>x!=N)Ybf|{rS4a1I1sM&m
ztV5d{V3hq5fz^h;%ae>xae_N`hEUEe^v4?_|3Ec7^$iA)hl^_Mj172pAET(k-*}9Cu@w7vP7;?1y9XiI!N2G*20w
zrmcDbREOE%%;-pZ5MDoKI`0HR?L+B&2
zMen6TJYmG+f0!!78!fJ22&>=tF;k=lItGs5q+-p_AuF)3#0TKZ*i{wBG$I9x%$<$U
zs&GCNUvtPY%%g-czBr^Y%gq^+Oi_gM4WXDvfyUoeEyJHItagY?%r(*>wf|~UyyZg8
zyq%O&=7&pwbWP~Y+o6W1J6hQhP)aj_u=h6Voa&P20IZR8+hnzU^m81g#3Xv
zVkd!3aYPqowrw&+plkirB*aIg7mbp~f$f`I6(`2O>J!sy1c+0~yhvL=1lc?6wx#JRjS$OqHk;9uxnH%bZ#4uJ
zdndAAC&&_VNYie2!^l1MZfK(150P`)6(Gty@FH@1G+ML*_DbksyDjt+1f5ev;41~C
z9mnhxIAOOrgarerRVjy!WGmA8wuEO+*^}QFA{$wFKWuPz(|MJU{keS{l{Ou|?vCu<
z1d&EoM(YTiv!BN9hK!^;*k(~K%YTkMA(i}%&KWpw@6Q)v8S>Y-7?Bo>Tde{Y?aZ;b
zeFM}t+#Jam*EkglOv4`88XG6%;V)@|%riFbg4Ve1GXN@Y*njsk1OoaZ26t+BMU47(xpZ9(?^
z$QnS|?1u8MKZ`=#WY|$15dB3BOhMLsH=9dhJc8?zB5oCQ1#%4gAnr9r7+ky-3L;*K
zEPwwHAln)CVGOrK#s)&14@Zmgtp~vJPKN!@S-fcsHFO=IC=5PqniSS7?m-B<&#-@a
z(-bw4XKa66DUxn(wyYssalc{L{2Q;Uxe;K~U`QBj*zd2vRVxi(d$|spm8%RhCK~n+
zdkpb}2JkOBh%)b1fr_53e}M-KiJl5{E4;Q_qxlydM49n(ATB?$!D@}3Y2eX3#8EVw
z%RmPq#mzD7KASKKVtNfKANxK2c32fCH0(AXVDN;KY7&U8r-O)FISj@vGi-Az23h2_
z$5*zXozxlQnxOLpRvPx?n+(wld5`LREreaIT5b21@YZu^4{J>^7tm$laKtCDH4nUG
z*l&JD1_SY`ixPKn-Y&!5Qx|#1K|k&0$stuT?=$QY4FR}}%)d2&EtY_H;j@YW(Cv-Y
z@%4%%3(v!|gnnk&pP&~TO#$nC11S4RLN6M2t9(f957?CdfCig+-LO|f8x
zQ00ZD9giEEjCDY4by0GDv##F)z%!=3_7Mz)#P<#WAGsidt5$;cnfCABDbQsA{?;IF
z@e*{@w9{X~JDo^ULL_Eue5D7t(@M~1roE!4DM7aY&_;vUO%hbzve#n}VM+M_4ALNS
zm9XA@5*_4b%g(eG>%U;$(b@=Cy_af!<2wIOe_<{D8{aRU5@*hIp
zQOz&&J6rajHvR#VLfO>#o!kF@L@Y$2I{
zBJ!qt{ChF`2PRtflDm}U%aQk-mrsvL1!h?GL%US|UgRC}^1r0Q%(LtbyOsPekayn8
ze~j#V#-Utqmu_r?m6yHIoF-5QiX
z0P;6lHl_!e-wSztb-wfALgeqZ>@RSKr7;%t*_5Xj7;^TNsKb_hFP2`$N+33bpm68F
zQkd}`ih)!3#kf=v)k
zsvkD~YuPVXgYXn&R&@cws@n(5w$JXc#pL@jb%VTPaN7sqF%uW5oqGGQx+Lg
z>H*}x8!DACoqTrTL8;LA2KkpmCCzYaF
z$g4;BvaPSrM_V1`vzJa${I?;mlgH2bQ+#&W+N$`2koU01-xI@pV4lz3a7qmovyr#Z
zjThKgQQCs)W>fRK~RA~_W;magXG-6
zps{{Ct)~Kw1E5fYc!Ff}rQaAn+i#!8B_@{nBA~l9Jjid1eAaKbxL*nW5U4Lhkiufn
z2EW~-mI7S^z$xh#Hpp*`#B0b7zpRi|fU2vJvZd6o54T+R+c%9bNrIUZ94AB8&UuM1=kO
zK;@5_fG*Z>`lYsFV`*_eIGG%3TD@qkT++6`p04cK3*a%$#tP^lB(joiU#Y9==R2T&
z(MVFDK#gqs77T^F5GjHAHyK~)4Yq=j&hcib?p)h`;T*b2Lm+N;QNkL%21XUw_E5|$
z+)%q9Z-ATcd0!1_3?GFuU@^+@serEf54gvz^vtvE3{2k4_!^i_-GDKuYp}BCZM#D=
zrR);${#dt!+F^3-(*!FD9iEP%L!1vcY+KIu%zhK*a
z=c!Um0kr4_@ZzQT$F}<)Q9L_6ah_r8RDofHH@IE(S@#?YsX_{U?inK4~%GNj@@Fz5j2ejTz1Mu5O`}uBa
z5w{Mg*9b{#4_OD=9{lmiDp-F7a0L8}6M%iLg;Ko;s~*-kfxjc|t{C%K&F=vG?r%f301tu09~lzdL~rJd!y`U?@=}quvfvp&Ez-y!V}HPO9e6X!e)Lm?+yc~ojSMoDk>5qx^z;PF
zJPp((jVx{~!+(#mmtq2ExKmb$Bz&b8G+bDW3^?{_TwY>iL!eq~WRS5xje)UAj@>$1
zIiM#{Lo_nTSVlH=>^(zOgP94`QjOHwm1h}#n_~|^@RCi~3FuqlaA7gBmt$W-5Q>p!
zfx4`bLB=-Rk2d|FW4~r9WFQf-O?<K;|Bxj-$`$RJ}sYJxVq*Rj8M2ZUWf9oEPo&oc6yV?TdL$vg+t?;2U$
zScYG6?DdrtyfmJpNy9g+88Ffe*i+W2D!T=!+cYxB*lGo62C)JAs|V0dF#H&OfqFzE
z*@bivRwoKIRt?z8jtdSo8czbXL?fwK3N$5PFE(U6(%25b+Zv?BsR@>476t4#UQsf?
zB50CZqEI-uFV)DHaZ|uPiK|l-_cSVisk&w)&naWx4A{Rvr9dqJxLbof=|S+b0ej$J
zW&2P-XZ;6U+L2aq2Rh<=_QLB3djt6zz7dUo#9K)azLoQlj^-NY5wR3$A7EGq$Be^x
zQ7Oe>H-i9vMP?j~Tz+PD$KsMy}AczGs%l+TWSw1N=h=q7~n
zx73+~mJogQHryi6qz+v&X!=Qe(3_RM#WqDn;9B6@7GJXvnWAZo1!SuV1A1Wo1hp5w
zeRXbBuP#G5ZqlMxuaW!%=K7Fbaeao=d=)4EskzR}kln2Gyn4u=ZYlZfP-fZy|s=bwd}4@SkzGume2
zSF96L@ssH=FTR6w7=ZC~65pX#=Prm+?FYd;D#fkF??Pih3f^jTMS0PZ`O*oIgR&_zVY>;ej!fdA}2r3>x%_kyP@mIHfqOXJ92m~&*1%JoZVT+?bbH`aPG1iE%IS_ksXfHMGf<1u
zU4b^7z7mMvOY~O*H96fKXwT_ufq|U99+<`Hp1=-H_XghQbbsI~r*8yG?j!z#fx4U?
z3gmJ6X5e8?-wG6RdN{D2)3*cv4`<&2UPaM`J+r$vo7)I!q>(^K0wMH3=!6gmy(1mz
zy>~>V3Mf^IBA_4&BG@RR2r3;#z>0zjf+#ky7o;fs?>VzOH{nzN=l}2X?A_gY-*cw!
zv@<*V7N3v#FY)=f-+zGQPxveH`E7p_KELDd>zrrs`Cb1y=lnXK-}9e!&Nuk{zCRHi
zbWiE`{dM^Kfxnw`z8B}ZrTwzRdcFwA60h+^P?q?NFOp<2ic8(nDY6(PcHPpcvKXau
z-O}l@7$tAr(wVZD5-%@{De){>jKtG-U|LzGmXU#BWrWD3`IpoR(jJWkGn-1IAl?K=
zT89L_t5CI>6shSlmFhl=!0Cg=iPS36-ZxFn$etzv;wpjZBPWW~>afM3>{9J@r6?Rj
zZC+|UX&1+YAGLW&sgU%MIRDY3C}L>VI~C^DKVXbUA<_Q=~Q~SXnjAyYpNHd8<7ll2cAy4Wsm}U(u76A6tKan_T#=-Ku&|uOrO=9mT
zK}1X?N~5XL{Gu_pN81R(!L9=D=F*aN`zV>;VDzaU;Z$P
zS(&Q-96nd`H{x@)zYU*j_`lXd
z=X0*VAM+aeTkyG&zdO6<`v>v4v40$&oA{^kxv4*adCmM8d~WWq#^)CP27GSi-_5+%
z{v&*Dw_{}|nhIcY*Xh{KoxdC7Qc2dptk>m29_OUDL4TU=PA{yiEyigXE7>Vg#@
za6P1v2J7cRWw&6N^XPWMlQTdr5IPrXMJe{MuU&u=E3d%$FDnRll^H$m{yElb%H?YGlt}LRZXdWPKjy(vYaQO+ai!Lt7Tk(R7
zO+-MJ7XNyhD$(*L2o|ECl4z^Ee=_jZ_5n<3tfhb^YD`$2kzSs(7R7794HtD1$zhxP
zx*!|gse
z7#lzaa}ch#%MExiW&gx=I1xLr&BQ{hTP5$rlN+!vq6^Zh67^rQ+eLvF80&9Q7N601
zc`X#kQWL}Qro{sL`rm*qK=>OR#)n6MDQK}>GZ(zS;A}&TA!T(QNLdwF9+jJoCl~@!
zrh-thC~44rlME49ZGTlAga$6=th%zO6Y5FN@n43xC%vY>+M9H)rj2ZqU^wK>U
zGyU!PJkP(I&-48s^Lde@L~Q$J`eX->599MF{{lXb
z^FPJs@&4m{p6I{K=Slv+JEUi_zcQci@)z)Vs=pVXr~8NV`9A+NKF{&5;PYJn3w*xc
ze}K;q_&?$ELjNs3FZKs8IQ5i$&|e1U^x^lTC`3OX12mnOKnw4pm&zawbYkeuv*=f)
zjWQ!zXJR=F4%r1lav`on0`9*+v4deS2wB;l&b}X<#OV=0S}JFLsG6@^i&|>sa4UOmdlN_P;j1x
z!!8`gTa<8gC5fZfK9#Gb^p;|Q{K&?yNrad=mXq_5)dCc*Dg
zyfbJ?M!8n@d;OF*G7e!*#-ZScBrUlp*UtVKDaM}H0@gs|-aZ998Wk30f2-}&4bkfH
zeW)X5G{sWOcBxI^h1D7K#d7`#45J@SjClZe56jtfw>B|m1pQ5flNdqZU|bEJ{X1$W
zUbATo2;T;m%wQ)Jq0A1bU@^ElKSYYs#vtFA3TRsU+`t;x;W5idL*R!3tgaoBdI1p&
zcEh}bF{1b}0O7%#6LB+=Z;A(p*Tu~!zKM_X^@PY+&x$v&cOj^8&?)Ic1im3+
zWr{V$Q~D)?84ZXZ{;m;Yxvd-j3f_w
zS{*`}ssxAXMD&t;!=nTp^0eOzdUH5;av{|eDAB{7^0~l=0-NCCSV0Tor^NB6Ypx=U5r~IT!1ix5eikQ=U6W;#vO+&;~k&&-8K`4t=f;JpRIcSosP7$ig
z$lC2er~;c03*Zhn!S8SroRT>G=g*x4uLnIk!8rkvUwa3MRX*F-7tl1i
zDW9Fu5%W^AI~R3RqjB{od}seChEvcHUpix$44a8KT|lhm~e
z?8MDXNvT`DRYEqpS)1WtG=@4!^*m-KCc;4k?_CF-t!gfy8+?d3V+aUwgTs6lY1=6q
zW1UId*sv-mafjE+w_@p1)vSU3F17G<@58V!>!I?w&7kHg)MPyp`3I@#GpgTMk+sX7
zhG`Tj)2j%Pg~Q0fQz=FrZ%5k4U_NIBP`W)y8nKh@n)zZI6KE
zUCJqNnXTm-k%%IEWIt1y2&({Y(1d10=*u2|VULK1&R2lFt?@rF7%1es3gRVOG=-`!
z!1_TmIdn?XkM{84NPnX$MtwLqc9MdkqM%5>+5O`_lwCSA3+U^#?r4MHzX
z;xMsy9S==M(pHpqMgmxJ0w~j6nyM;BQ!ZyUkamapQnVrMay1wmT^0vRC{`nB`=VXe
zJ}{1H7AF(0LCk6=ZTd(d>$(WSPntyG5++&nvbssTC&pitJCF@US~a7
z*=PgEB6nW3nAKm}pLWJ4GT+c$
zgugRHRw1J$j9E|D4ey}I4@&#h&3FNT$OfvDa2zURyhJf;6(&0pm4~tnuuQ^PnZlny
z>LO$;pAW2gNS>B3W<4wI+|o|W`vV&q!f6R()=p`ko9^JVfjtnyX$fQ2>(ai3x`FjS
z32bu+rzMP8Z%F&W5h{-IAh4q$oR;X}^91&V?LsZl`vTav8t3;pvNl#($%#R|qO1?4
zeG*1f;>ZXLX<~6Wi9tQZtWTuf3AGR7ReVS(l{!GhTk^
zP6fFiTt|`wC7`}Z=-X@&&YFNy;hXTp7LU!tT4-d`LgpgodWAZ5vEY20KQQ0
zp+llKSHp7LSd$M9se)xcjGCM?yfg?EG>Ow#X~MTLUTx|GtN?`0n#56{KeaF+3u`Qg
z;e
z$KG@SE3~^H9VPVxa1;&`ldzoe#zw3lAW~Tnsu3xa1YuEmLeLY;MjfgF3Xb*10$Ai0
z+v2F@7uL7vO|)M3CTz>z+0y?V-0IRrh2G9ZJNF{ly?COR1I>0XKEOr(*&a}5#7x+R
z&f9a+o_dFx!8(9I$>&f|go0j@wmnN#d}j%|iYX%O1o$QjhIcn+pbsmoB#qF$kIC|n
z^aLrU)H&Q8l=k9AFrGrJLT$LxMWMeE*Kx}}CFG;K?R`X68Ha#b#8nC~NN;pjDH!>0
z3OGD5&pZkL-jR0McNBf)ztBa;20OvLDDBo*q#)(<;Jt{$D2c#`&J6x2?R<0|fct+y(GWO&}G@?`RHYQ^WRP$?5P-FUWeEdz{%FCg2su(Jv{G01RbM5CcOc|`)srpq8)(Ig5JzUqi}(tF9UU!4!H0w_l%aVW32I8d%StT@x&1VfI@2BU#yv6_)}RROio&hH_$C#gv0UAK{9KlJvfs_ep6F*{0dmOnVA)ib!$={#FyafIR1}
zpcik;3>o8SdlA@f!ucsscw^K43lU=ZlfXXF@+IkQ7w<+{byFYmjrxk-)}}oP6Ieu&
zvc3>D4yCOm^%cDvWX`i8c4yPB(g|;TgCwiqFNfG1Htr01dzJC&ER9k9-XbJ!F<
z#I(~fv}E})z$S&{sk7)EXWH{#bi)21u!lo9br!vMoA#--4!#xGOCg*(i{AT8djx8E
z*8eWBk3u+g7QKs1JLh{R{67KvBZO1`&%463r>5ccX{5i5!1Ec4!-*gD|GcYA`xOk@
z7_R~>N8|jaig%M~2L_>Fw1RsV!YJ-sn+QeNW7-Y=gwsfX_ZA^YRlewb7VoE~{UO%3
z%H?3Ja#`wq7VnpMS?V`cSIHf~ULjm%0rhvi-<$U9o1Omd2f#kocqw|{rC7cvZVFWY
z0OzX&g+f@8UO@4#liB;9M+mte>Mf2Y8?y$)l%;dg9N;J{LT|ZvAD6XGgha}qkMo;k
zrtAcIZxW#ZI_dDq;!bQE0c#eLr~HbVQUxmS1#4MRW~kETUbc6I$NpuUQ|~dQsws=w}i!D9~`@92CF
zgwKnRBt=Vg#l1&7_M>=fTwVb~qO+q)7d0WOEABmw*JV;chy$4H5`^#ZEy$IcVYYn}
z#kV@#8@rh5HK@l}qMPB(3$yQj0<*#0!5CPCC46UFA-SdWY}^6D-2fM80{1kOnk>qs
zzoq9nJhH}mFkaFuPPR}Q`M$(T+hPL@PnFhCcpS7-no2BTevO)?*jB?M(Q?uH2jgcD
zuDB#D7saxPVs}W-u_-F|jN1Hqa|OkE+U*A1%XUk3AHm|g5aryuq(ScUpwRX0=p`$L!=g;t4GZ6`t(
z&adB(AwYja7;UfdCfq+DFSxp(uB*uCh5KU9ddin_qDG^lE1E+|>2O~0Ozz`wBG5xG
zg+uA#@7bu0^7~B2{A*umF6HVgY5_gOhsg!LeZ<3-r2*Zk!RBx(Bq9ux9JBkz6
zO<^nnV;zo)$B_hdQ-;@k7V=)L0qxWXo9tfj7@K}Fxrc5X0QVG*uqjorHQ_=x#9TJ$
zR??pun@~5Dha}Vuh9Me>({|!aT+!G*yB(|hY{}Dk6ZS~&gO8CvL6T|i;`UX@w*r_$!RX8`hUWrfm8Y?sKnTw
z_&@=sn_YWi0W@lRV#i7No;HNv!XYP-UuSR?vL})ri@<-jCw4|gl6Vjvgv2G?{);^^
zuDc=XX*S6!AGJNP)M!ju!MO{O?xEz+_QcjTR6xgRNLvjlhHN$D5o7k}X%I$!Bw!$!
z|2Z1i&iZdm#PH3kmLaxd0TRs&O!-W~)A(^Fs-
zE-Gi@4>lSTo7T*d_Ip^`Mb*)CxGuqAyiQ^J`-=0Y$}J79g+=}(*P=SvSQ4m16ZMTV
zAh0x+0FnCH2;3~UOLf8vL2!7VlpUg&D`b^@DK5P?NPUHHmqa!7~(#to=@t}kY)vKHLRE3#z*Ynyv2p&1;X32
z=x)QhbR4O*58yFP_=X5wnDClm&FXK6^S~}?{D+VS`weS)9Nvlo7J(qL-;(5IA<`R$
zbpl58bP#H25*s;~R45TzLr=o!FhpvXEW3X*@~trh%%S8`)39&B8uS|}9|PA(r0N<4
zMd5V~yW<`yZV~<h8>=Tw=F0%DZtVRSMrQsH0*syRrWs@Sd)v~(Pr6Tm*u@+E1QVpKKKA`uf=k|t%0iblMe(Ec2>s*kUM(i?_7z-K7A
zh*n@yctzC>OOTzn40{hMZmO4z3L)&x{ZJKa+Li8eN?tR2Er%m~RbhB^6?A3KThXh@F3nPJ+sBb@l{3Sk`1@}~Vp0NWW+I8TN!
zUe!>^w0B;_G(08XPa*#p!>mKq1y17m$!?{>$x9Y;OuP3p=vt6mIl@%@7^{QXh7TOM
z##+vdN9}H8gnJ%-7?l#@D(?g~6o-1C;`os!+lNuXaEu>>ntwHfQ$e_gUVLG>hvB-u
zsGRv`J&+cLdwx2DH5wJ6d=Cg@Y*WhF?52F6=@lc_tUeu8F*aTP3U?R6JqkK~dLEr49M*R$XyoIx*-BUg)2VsMJ6Y9gsNcJ(syy`J1!ID^#{
z$B?3Iu1}I`Ax({rUQefARVZeHv``Zj=U6JR#ispUrYa{Jfp68EWJ<
    ~W`E)iV$eD!)~$Dtm4?g#x>ST}Lrd=>PsVBN>>?cC4u<)-O@;Bx?Q9@6I+
zyc#$!H;_m7`w=(~Uls!2Zzto=plOsprwguf={v}!ok4#s=;=f|5BSG|vkZV-vWvW^
z{e(e=S#OsJuJu!xSliKEi58ndk;c(6udq~GtK8Ib`#c_~gxZha8HD3l>
zV?A65oIww$S9}MYLEQ&|&v0o_mxgUuFUJRS#}hltsZ9|Gs$Z_0;Vb~8S7k}pEOX9DMDJV1voR*dTwUP=eS?-9>$-Svv54l7d(#7UqH`8nyiOW1@>JN
z?zjFd*|}eh;95U)LKzDD72rI4%)EA#iAm|{ge~I8{SFXZ>+NW7omdBY2K^rc`a6Kr
zIY+vO`}L3xqx|V4&+&c$a2`JV7VYvBa2_(R0iVGGj1QfsWcqNwv4U$kH@wDLob7cf
z=y`ZuhJ*XP>FDtgN(u)We+D0CJud;yU=Bm^&brdE^}85Uem?LXuL(bd*{9(}h
z^Y5#`>6FF(TqpuT`Sb8F%X6CG%Ktu354>D(U0;8`{yHv4QOn)$F7Tm~oHUdBtpd)=
zQ;q>Xc(C!`2A7syXTv6O3Gg2_vU=W;?IpODlRQOX^5=Tsdp=m4}yE><>P(fiw6p>F*TW^{cK{
zp6gMbSAkF3)aoIH`q^ktuf3>@u0tG0>upX~+L^6-!{<@_PQ8EpRm
z@V@{!4^55&{w;7`CUzX~elj5{e;(o+2YjL6`dy>o)O{=J|7OtBS&{Aj0dQUx#QG`R
z*Z4DNsth;xn=82L8>6>g*FA3ue6iq~?^Dpn-Ua>$@NKTNdVUc2r{K>^)5?Ia{Tt)+
z{5sZudH|myxPC8#7!dy(a0Z)ZyKgwu=oxH_^T-Z@YdJ5t*gD|0;9m@SI?Zhl{AS<`
zj?Z@d7&tF0Al`47<;$Qi+kwwa;Jj303GjP>(|J}N-EWorgKYuGCEq!`TVl~=R{qoR
z$H~JjUj`N6yH^UX-`f}Vy3wG26!@gItX;MT{sH(fxC85F$_V3A13s0YUm>`*3xm57
z-+rXw+;nGuK3{Mx&lAwEnD0u^Gl&PvpGX-WI`ff!8gO1hAmYpYZU@fGRLEy7DS(!9
z8Ju?6E*Zf|0~Rhh9rQc|*$;nw)X{fKtbVeyL)hQG%fn~G{VZR){jF&7|1w
zcO~${pEdr%*8T1UA0C2d|KC9xRKJVC)A(Hn0}n1m1E0%)^DygSz_%_jJ`9@Q2l!aQ
zwVZEVx3)tlCzk=g>QXD`yP$sx_yVkRrMtS{JK)bt8VZ3IiXx=t=jAxfz)t|q%aMrx
zS#T}SILzaNK>rHp8BBgB;QhuLe_sBxX(#(brQphE!HO;p7z}(K=o!R{a_@G~`|Imh
zfq(C>2Sp$&|JB!9y`6~i>?pW?FE4A7V!K~6=(onD$Pce&_@%^QKfeI<&w>vx9eNq%
z?>XN1^Dw#$EB9*Ty$QzW$kkSFGCjH9wu0+-F-XPs
zz?(t;K7x2|VcjKhG3a>-Ch6}3{YU6OJAlvMKu;$f&O7@}w0wPiW)^TdJ#&n|3EW?g
z>?{LW>*sFRt2ytN06z)q)-=jty5e$zSY4r5fFDCx_!9l%xb#J`8rq
z@jEXM{hvV3;7J@u8Zc
zyd-QF;5PtgkbTzktH6DGe(!S2m%-*ZA58?#OS3pGt_IHF3>?=V2(IPaQa5Vl_dUw9
z?*7J~!75qKG;jvZB)%LtFUzBx{{i^j+u8V?0{;CEF#Zf4!uj!5hl41TJSjNqBm^h6
zIxrsJJr6!paBVMMQptXDb{_g`K+j7a*uH-Q&ft?xDAXMJK;_S%^+mw%5j?K^pMsu2
z16ZCdq~j?c23uwS878>4*9Bi&d%Xbu2Z5fK%^eT?Y~Z}KiTv*bpXrdd><=%1op#++-0xY?^Dy^rz}Gv}=$~K9=u06dj}ct!lffFNf&MPw3>q>L_-?;7dVfE$S#Z_c
z8@5^3QEmzPi$TvIVAN+e62(CCR|a6fPc`QtdSu
zJcN?Z94`7c{GfW`yE<1G9|qaD7w?=2oR>Ya-(D}c>kqG3dA`B?{v7CesUYdU1HHc=
zx2<#lEk7@3U>_b0oR?Rz-kuU%^PTmO^{XzOte{;gjSnyRWxfXjXRuJ>3xM+yILeb7
z1y}xGoMZe&&2ztpLGSwmyb9dkH{Y$w%EL=z`l5a^!0E)!{`Q>Un(ya-uzW}3yLx4e
zk1zKo0%s5__LGZ%^KvwP?}Na332YMI^{wEVudg?*Ki%-X;V-lW==T&{+l$WRTLW(Z
z&Y&M`$5(;#avYA+ZD$xCULr>NQo*%6w_~62Ch)HXJrCI(1N_gx8DwlO@NH%qpVJ=d
z;*gP@?GHtQYxxNg
z1=sJ|=Eb!g<$0h#9`p<@%>M8+a9%Q22>Oj?86SWDcL#@qD3pvBT))>}*PjBMmmEoU
z?)Lz2UiK&E6!-hpY~#bAGJSwI1Lvi|qRzSBO5hBJ$$Iz#I4@rovEY8aYm7fH#oQ10
znSyJ*9sPneV83$A+k^ge;J%)`S)I}Il1M4^{1i@=R$oKK{P#$%1S7KmE|k
z*$n!npyy?6X93?<6iY1+4^8X=d?auNYiB#21l-r#-vI90<;tW0%AY}5WLj~*2Z8f4
z#9e`}Cmmbqd8rip$wQPsDder-%ALFeD516O?
zbAQ(euH|7cKvBco?_=P+oT>-#zVnTqhay@2dB6*Hv39uu^tS@%C10fPw!rxCa45^R
zKX6{+y%G34D7e>pMWzM1^K@YoI#OyvSvt>iK3!>{C<8da9-L;dG#4^2G`pM`OY}j`0!FQ
z>LFJFXK?>LP!FE~zpv1~D+xZ^9cO$P+imi5qgk?~>BuSW1W1UN6frkwcz_{Kx5
z9;SkRlM_*%BdkAj+%*GdFowRMe_n95H6WM#6ZHN*=FTS>e_mR`a#jK7C3x)TFAJ{y
z`AF>JU&TyLHhlA2J3C};D{kV~f@{CxrF%u7UjUq!yRiPxcYMe+o4yD7&9}4q>4QJ5
zbBg8b`^VN2$Glkq`ZERB^1Lv}_{eZ}zfXbla?9O-?|G`}6;nJvjmd&5AAkR77H|e_
zm;yfc1LtL<{NC+PGd{drfc^6d!L^=?zqN8+3O*}A&tUrW2fpTXIn{<*(}g6lkciZ{>xPH_ER2Fo0cS38{<&u8B}_!)vL9|jF&8P*a7MsWsz-5dN<
zf^U*r%*1@bwSLZf0`1tzh|UEc27Q!eg8MxLoR?i!1MhOS<;$Rq{H}uqXW2mNl0~5B
zWt^mWNbpUh-gw@yD_(j5^t@D?^nDgv`ThO4QG#nd@RA71hnpOIxFq)Pr@&|6f2|(w
z1j)PL!{9jluEKMSe?fuK*MNSi;98&leBA`x_q#p|d>A~I?VN=2+z)(;9xRfds3q?A18`nmu_^Gf-&y&O{=w+)0)C|6TAvJ(ya(`ef%9_d
zk-*;o&P!1^em51xK>6_UlD?qN0OzG6I{?24I4_5x-0O0_@fo<2m2*1ihYPOtf9HKB
zIQIo!2YLoU-w62Az^Wje4YtDFM^&yJ3a?K@IvFm%f?xr
z8NeB|xF6`R0PgR5z6G3@ycU6ew~LHFgU_>^Rf4Ph`3~oHcLx2Df@}GGzx2z%hr!hk
z0{uI{XYFD2OnKPvV#{~^T@6oy{EI(-EiJvH{d6Mo|m3;
z9={KG*Nv^;Qos5TI4=d-AAE*fZuv5J1nG|xoH7BVE_oUBysVrwSAM|$%uJz-eb9@){45~91^i!^~e0iD9
zF2K(O&Y({mkM96yFcE%l;nl{+-`AK4oR{Hk2mWsZe+uhCw%1R<8Ju@A=w~i5{vT%S
zdkcZz1f0QyCb1=H@X`kMx8DM1uwvrp39j{d*uU+2d!opvIwOr8A)4>lVXD1K%6?
zse)_&@%I6*0bW^W^*kT+KLY0^4+jC??^ff(%Q)TuzQGF1_ecc)#kO=}sNkCKEYA*k
zA?UBdKHc`*IJ`4Wq-eEW|H{2EYc;LMB
zW(x4@f&1q;HoDXJFo+rZ;WXe3j>md_S#a$?kKMGk<6Hs$8{cJoc$pj9eI9V%PQFrb
z<>UL;Jq!9*4zT*13jSY#z8Lx#`{yQiTfPkH6qFyhf8O?J;Jiem5d2pQuI0JvJhK7`_Aiy>|!wfxxF=z07>)3$E?;gx7B$1pSIzIy(+k;PX1@&)D7aoeaEirSb9i
zk46E1}!0s1Iamp>%6lP^UlV=mx7*`W|8NYzy8UID2qx>fe
zuJ!!d-PS=K1OFo(j)ze4B>3=hyN~d*WWSuwr?l<
z>k)!$J@7KdEAY~zz+anh<=+$d{*M~He@=6W;QC!pV4~X|^bdocm&37rKLySp#lHsq
z&_5Y}2Bl&91_FzbojU5ZvhrIPX9`;UnRd05|3o}2-k!M7_we?4#p!5s#?
z=U=Rz{qyyM1lRB4rP2#Q|1s!Sdv?E0PZ%HHZ?;%)<#XSeR{lEhc?~#&2<`)XvJ7OU
z?>*k=PXoSKaP1FUUuAeb@CShR^Yq@ogHP3tYdgxVP|p`UrF?RKuL`d1{ztFfzZ6`{
zGYoQj7reUT(^eio&d*fAm7bR_F|WmrJ~!WMKws?bFFXqT_h?_ry`O-81UmrbOu;i&
zp1$zMyBS%%DY%x$mm8g*HTuutXI=pMT?AKp1`pl?c-qnDmVYkjyJ9}&_}U_?U@Czdy>k#S8kqxxaG3^}Be9Amz`hJoNql
zX7m@s4nv-0g6nvh;+>Cf20brlC|
zEVb`tJfgFJKl7RO6V8Lb7hJ!W!KeF!Pp_AZ|D!({pCaJJf-C*+&yCjqJka}op{IfV
z#U`UC|L1}862_t6-|c1N&&xbN2R4tkGaF}1A)&6{>cm0j+CGG39fQ)
z1vw$(J!Es>J>D?>OW}un5bzS}w)|A2mSir~uU^Ql%I%9+jIR6e=C
zMu*FM@raGPc~}pw06zM5<8w7$eNJ%Yzv4i{`vL#eTZTUldAl9($%1SDY50%P{|e;2JqQ}D?Kme
z=nMQc&_9Ft0EYqZ`;O7SznhhRAK>Q!_xDL323~fe(H{x=t=>gBp(peKK2-3y_Bt2z
zyexzD{7>M#G=38Jl)h*DcRs(1L*@a09yl+3;r#fq;M!gOFOH87k*%ThW4<2`)lCG1HY%2m6Q2i0(=|HkCe~<5M0Z-1mkWt`tA3i
z|M5`c!~TExYNPM@p5^;4@;zU0ZFfJ;#_Pa+Kl3gh+Ppd1vqNqnxbpcN>s;1D8Sp*5
zb<=0S$1SpQQl9tz$oQNIy9ejBX~21D1i$Mx!L=Uz_!WO~I6g9z^!V8L`}=5Pfd8)4
z%0u~cf#AyDKfiM~=1qE{x*GquPU(mXaC$E_?}}eU;1s{4}2x;36ydR2I
z@R`y3`!bEd*TTAn_3$?EigSz)zi~@ZFtq*`B@7p}#QhEzT)%fwf2+?Sz#jq5%UT8l
z@AEIC_xAy(2(EhIP;Y;>PH@e4CiFCpyR*QDmqSwSt^0-XzhzLgeQSaLP-EpUM0xHN
zd{g{8oIDA7UhdBN`4PB(&TES=@mc^eYBN+okBc`0}4BxR#%nUKfM^?}5)keeMK&;J=OD->1GA_!gL#_Xho!
zf@?YFJz@33cG>)U#E(ShxSHs64-_8DO
z_4Cw?R-W!Gr{LNy+dyv51%5i{S0jGQzQC^s{W_2vHvk{{qw(RT=^S?#0q128=Y#$M
z;0vHX{08`2zNEuwaZJu2Lrzo
zaa4u@pD4I%uOe&TeSkj?`q!>BKKlayFX(xhVGrP2NZ@bfGijvJb3Qssa4mnAXAM6G
z<-Zy9o5GKMGWfjf=3c_$h@(pG0|H1n&FI
zj$Ft1@UmvM*U`XlK>0a;{T}$S(7RYC-Pbifyd-Z1@@)dX%_i0#C^zl}K4_kmlk@WK
zU5(GBpkD|+PYSN>e%7T%|7+lV)-!x(tOxf4et_UwKfLsfy#IO^V0ghpzphpmM8aDEV$;&ORjbW$s*vq
zoQU7`3h$xXRB}o;`CR=zTryGQqXp&cnGF%ERYCKOgHa%9+F_
zmao5$xu4+5XBpxf-;eKF0Q$2qkM9Zmd(dCsDBN!{V)|0OIy{JfV&G(}k%eM&hCj2S0==nt1b4g7XME_qUL
z9oJL6_;nu%uKD`@Z2h(|-1j>j3H$;0KQOO_z)zZO<>5NzA>cK&hI9N*>Sg6w?dfT=
z1lRJsHpA+N>ydkaPnm0cs6UU{*60V#H=KIN8G`Hg-r)JM-{f$)HwXJ=?4M7A&l6LP
z5BtN8+Zq4wPqXr{-K&6K2fd5q>qg*TVV>gr^%n5c&o(}s_t)=j{C&UcA%bhaT8Vjo
z2Q=nkpg*J8%6TvFzc~7Ei`&1q+}`*vfnLY<8V7th{f-7@s$=pTc!bqu^RUT~`}@6X@>;
zemM5QWth0%zre@$8{e|8@#iJqTwe?Tz7+ciY~MqGkLqjn&w1(*;LD)@Q;w~-qw(M6
zI4dXhqRGI0KjCG-7grj8(mxLT0q8j*PTg;de#U=tqtRCzoH!78732x^(n|%`aj^j7
zZe!5j0s3yejn7cvJ$ABs{^}zu{~pM9U%|C~zwc%A>^}>D=fq0^zO!dP{0#VNZ@**5
zovoa!yzx6!aLu>eqd!Yu0U24W~SL82Ck<
z4Sx~k`49M9hy9)5z#lKLeD}inDfYK5lg9sytE~SIGIoi9!2NjFiv-v5PtVx*_5uGV
zfHy8S2AnT`1pX%GedtUTv|9HzPzCtk3w)dR
zjGpV$7r@`w6Lu@Ie6KyizNTs;*L;@^wDQo7
zdNSz!_z%|u_xINBZ#~|1U&9L^uc&WS
z1OE}@t`2-|0{$ZWD=LA14Sc;hRvzl-g}*_6``YlHpdSnTqE8JcpDP8|a{BjEyb1i%
z9jqQs0iTgWjeozl4d*zz7`VSbc(35f|AJ!6m-fJKf&1|xw;5*i{yj1kg6lX+ylMF|
z4*&VUH$^;W&O1+n&okI(Wc_SB-1z(V`-}rVa5Lk7I==Td;IC|NIOmJ4Mp$`jAh)@`
z+f8u&UjH7J%YaW9Y<%W{{{|zC-oNK)AK(`uupo^?R2PmZK484j&$`0C_jce@1lM}-?{i!X+&|~_BJeMEvhSk&
zS$l%nTJivJz>uTXxr``C%b-`{7P1ALcrj1TK)CGc6}
zteiYYzuP3M2Y|74QCo3=6f^n<1v0|Z|ObR=>2={P5{2^mzFR2d@Hz~_dnE&
zKhv$$_vavU8EybJbaP6VIVf#18p=tl$J{6ORH`zszQxYo~W_CF822O
ztezi35$Xije9xH}t>=}%$6)_x1nBoY)ad=V6Q=?HbXb(n+rSTlJm`CIEJAKh->
zl>+~y;94I497ieWdtYw!GX1&VT+m;zui;06&)-WP%^|KYIfQa|6Y!uX$z@kss!zz=}Ei1knj{L#a#oSg6O0)8yk={?Xc
z>rS(Lw?E0~M_7_55M1kdTL8@WV$hc(9x}(*qHoh{xeJ^u(
zZamfJ1lRIhhV>EUz+P2``~D0If&2Hdz6|{6QtLmoV{Di)KK?x^`v|V>G7a|Ob5Z^?
zfe*UR_*@VCR`Bunum1!5AAPKXSr5afTfV+Nc8%bg@5|7usn0wD+&|Cq2KbDI9J>hR
z*?ETX?+g8zdcp$WRY@!VaM1rvaJDrdmz2%4@_cixmA?#syh(6vm!;^3v^Q>44IKV&
z%Ru{XF;!{pTh^h
z4>>wYzhkZOUpC8d#!;UsxbkoC{N+vpy?<`y3E+q0+y~3Ecb)NRgx?Fxf0*FfzU9!X
zxn6q*_&TryRN{Ll)EoU%*stMw@Lb@TnO1)KH$DfvpC=!F-C*Up^8=$V2mjv)uH{(;
zeS`96De%W2&)I*z1E1!98J|PIXY?FfFQ4M=6U`J{`TKr2R|(F(2No__3HtuE#$U{y
z_G`5A@9>iKlauYwi9+BjRvLaA=xd0tYlO4|pCP!G$B(1_H_$KmoAKEm*?tas|2*1m
zP4VR)A-M9NeyH)GUb+s+H>@saUoyPO8x
z-(P-KaP7~J-)Z!#Z8}M;KhO9q$GBj>nkcx^pL)E}vpfx;-@qG3OM&lml+hQVobLgj
zfc~=p_{{m1?`W)-Iq%#BeExpMrx5f%0zVgWgX61Wf$`b)L!+Mw`a6O9`|n>0uHWUi
zZ?}cU=Q_`>ezxFB|2_O{*^c*t-rt|
z^R9c8@mUT3`D5_v9N@cQpNRc!x!_vQ)8N-v3i|brHa`8l{ksDNkE@3{p!fIRF9z=4
zBk($K|9;6WkFk6goMCcfI?6KzxNqNk3iwMCjh=FNi(`$Czh5&CxW6C$DDduB$5Fq1
zL-4ro{T%fEz2v_>&g%2wbF4p5kKG6O)ElgvtMFZi39jw#-@|wnaQ{Az7lHftVRb(q
ze2Oezj_X4N*Y@@A#a;mV-@z`*Z+sZIe=qj;jt>eQN+z6O{O`klH|=!`1=sKL?^(D6
z_(}b&9yqR7fzRQdJ^w@C|9~9eIND&5<=gLD6R2OKOhbT|zist!>RR@P2EnyF{yp8#
z0bgquD-ZS3^-csm)}h=7pAOuQ=W{>s1ool&pgg@#GCsatZZE;LU6%aS@|^|xGSI&Y
zc|v_`Iq;dVf6~tLI&lAd^uUuX->soHvVG47erU1P&jXmRyPRV5CqbSMMR`sXT+3P4
z#mY&$^dCTfk;lK+sm8~*o1FyQzX#+?!PUT)czb&}d|L0!)
zcRtJL-@tls2K1I41=o5Q4gHpKvKhF44(Kf4AC0i`kbdp6jnCqv45!=}0leI^i{1p>
zzZdvD;Qqa<`z<#9zCX_ug0rnrH7tPPcXkM!Ak|_#PeA$xYo~R
zt8IMIfAW6dFGB8dALKLOJq|E>maXJmcdw4AR1Ujn}}`ax}czLn?4x2=79p*+RF
z*I8ot9PnQxxR&!O)HC;+o)cXA=MA2J`^Vt3@#V(&F7Vmp0^{S~1O6M}?@zb#p9cCH
zfd2#Q=nWtb%PurN|HS?R+vQx~pTO=-J!+kcjJ{-!@u$410e-`7hF^hvp9kKnm(@c7
z@GpTchkcCgwbR8`pBq1A^fE2F-!Q>9!MoukEx6X_Kj1IN^4|d5zu)RT$3M)${#|&9
z@j3Jq%a`M{7WiAR&zyl*9{}DJ^GJ8#1(zD1+vgY`uJ`8&-WxRGVfS$5BQu7jedO;^$NkYJpR4Uw}JjxoHt?r{1Ui-
z?tY6U#^-|Wmhak@B*qD@^?5M%c_}B)2JYWS`84q2Ev%gMf7tUHvz;LpPUg!Qx2jYjX^``ifpse0ox
z7v=c?_)^T99Ct&P86W?isX4&?d(-Y0oMixOm#lr0@$t_A4FkRv4q%;ymsSE#K(8jx
z-ph^8SJ+46I64BjZ+CiLaFqk+eQy2pcC14;xY_vJS7-Gw1^EsKKB~Lnln-YEKkL`l
zZ<|5?Eb!vKh8F`*R5ms@HP4+sy?X-qfQrYmde>oQG=bh@fOJ)@?6
zT18E|s=26jnfg~YG$hgomo<+|4r!>)RA%N^H)Yb5^>t0n
zjdLrT@uvY5H8u5>6;eXsGsD0^)idhq8#D4SVc-~HI4)UKSznczR9{`!TwcF_`KaR5
zEdAq*{n^1+$u6?1Ev)533dx}mgz^^6o-ntjCIlo0*H$dpzof2t(7<6$
zBkSi*tI34^T3Apuw?V3CQ<&Rl~JaqNxe;)H7Qzk#f_PoOhr>P@5*e>gG=g4E9z!sN~)_GFb5&1e5Q
ztEIm#SkTg6s~5)nHCa&7BvqD~(O6NFs*>^yl+Gkwrdb+DJ9xD=w>(MDuBfY$ZYHfJ
z9ax_Ws;d*}{l-lkK5U%4GIv_KB<)7PJgrza0NmsJ#%dXz7!d4h#nnwC>ScV@*Nl*s
zuc#D?RH!zRg>zkZM~yBlofQ7#AZe8eb89n=)s^F9_((HPsw@jvSK&YzX|5~hWFl>o
zt@J_}TJdxR+PgzdT`Zqn*D$SdHhO)y&lI>1F0Y?Fw_b#c6?sDR{ba$Yil*iRT}>nl
zT#Z=wD;+zbEL~*(?ys_-M(VplBp7;mvaqaqVNIs0Bd-?Qt5Tp$MQsNd6b=|Zx4Ncz
z4Y`a<24ca=@C%8B^r+Hd<5TI>gpp|(IO+W+?4M4J1~__Tsfzoi`t(fc#5I}3$OHS!
znC&kjbismjL#9#Wtkiq+!t^|u7jz0pxXzzQk349?u<<1${O&RR8%*Xj4dlni-3^lWI?)2L_=kB
zvZ=YGtVkh9y+V_E0;L9I>Z(%nv{yv3=!i@$N|!YcNtaZ~>?R)^%~5j~IjcDqr^lx=
zjUupAf+q*?v(j}k7dZ+kjEMGvbh;+9pt`bNz
zmBH53oK|U|Q=a?{b&;p421qf=2B$+aT~Rt+-_VpSN|)$-uXBUrCSt8TT{c`rX4!~z
zxtp@;Dr$!g-EUmU@DWp{qzCjLXmwXqm6qx)p3>r`Q(d~;)_DbqMFldi33
zNLMtcr^(!za)VtOHp%6Al}Qv;h9HrQ+}9T1;iIH{s}=CH;YBI)azQ>l?j_kHDM{B!AC>B6;{RAXa(
zqnqfZiO|4CGGyXhRNoLsR8lv+K4|TtX`(mQS(V9)?Nv?&qnoEn$4a$Dx?2CjWV9M5
zjb)LeU(`aC42)Dsb25-CuBluHRKX#=Y(aJH+*)ZnCxN7X3(})S`?4-Nu2$wT5$Z6JzU1d
z;OeH-oVlVl+rPot)AczzIVgG~=cvMG_YdY7{l1zBXM^S;;xb
zE#jIhW~5}U48JWs-M$A(UMe-IJUwZw_UmD3k$g^4h`QP!Q?bmmF3UjD<{Kp`ouX}g
z6zdSNa>un}iy|<1L0g34AiJ&<*)P&Y7kt?{d(zl^1Gky&fFUdr%*hyOsX-`U+l8}a
zt+SdfX)78URQ<`S+<6sK*D*RWJ&6*YEF4i^t22$$cL%2GM5;>r*#D-vrGTmc?eDEs
z6bsVVax|%q6jrL$rovxN9?Ey88>?r`YD070#(aeI8=M0yH$$r);OxMzSh((t->L$3d^a$$tYQKi%)1Jl3n}g_$yFN
zSyXV*l>&Jf!eMJDqf3H^TD|@N6xF=0xdcs!5Bsl8n^^w7|i%=O#(3
z(rD&RC3U*|5Ud@_W$h7JIygQN{i!2;M*4`(#=5+-$zzC$w^Arq)^j6cG23z1utSBF
zZTXg%MhvT`LJ_;x8BwU3;XIi_ZFEaN*7>r;tt-5G?!b`Jx=|Bjw#js0%gROSI%e5Y
zP8EHkEIL(Cg@w@!5iihv!_&V^vJiP?&cp_*0Os#Jb4x2-Z$z@BEL|cUG0=~shDyhl
zW6}+TcRqRGjec#OHdrJ=CIPLblCmLbRgQwG3B4&iGzX6oJ70a{!jT0X)sqK76_ABV
zbaih_E^Vh|x?Ie>us-PeXN*+1D~vZwhy+z7W2VdpB0Wu+v_cQgN^UiPi8Y_oP4H1!
zlN_dE$ypXSVlS1IfN8^d^dvDDg)_54Nw-*FePB(;S!5m4anp;ML)@e;-xXs4P!S^K
zEe|Ac&Qe_7%hQ{4R~A9Pb)zF(JD^P#G|jGVC~K$?ZJS+3lyq3y(z7!QX><||%ci!D
zh{tT_{a+c`WY!ojJ2vyR)6~xu9XF4yP2pf1XDt9CVYmni{`xbIay5xLGoUU$b?KAe
znx|9tNGEjMFhScDi7il#h_aO=5-Mx#o~HdhW;_ijbk=d`;=`uPfO6)AiFIYN59hX}
z!Zvf^B83_f^aa_y$~4NZoNQGzW@P)XLJUmP@>HLwE~RBr(@nNe1Lo;2MtQwS=;1|f
z=PFfY3jvuaDpM*HB6c5rIkb8jP?wpXoyKEy|JLlEwt@;&eGxDtb@!!yp)&+H8;)e>
zc4X=oicPZvQ(h`HPvp@Mo4#6XUCt8mvQ*kOl?oO*zmyf+4VOyM;F~jU5R{Bj!7YM3
z&#)QUAQm=lmB20-U5o34uLaL)n2~|+dZ#~Y1dS$dw!?t0Q;l2XPmr~ZOj5&Cy>lOt
zzxZM$7$w?e{LptFCVvxKMU`xSYd2Yk}RsKRy&niT+`0jDyo$J
zuSIJ{%U#+xZE%_lD?)=SbbE2oK#|)`4YCE&JRM^uUD&^{e^GY8g%m)VB7U*faOMTK
z8=-rd(Y`dVwa%1(h@*Gq&Tvjv1fM!2wV+Zq-(?FG>R`K#&seUmp|X%nhNm7~K}r#2
z@g@tUl5w@k)EJtMWe-vY9kvkjF0gbxE%uFOr+&$XgxXR{rbyS5(dWRDF(Vsf-60*`
zto@}BJT?p1M4>B7%MFThs9R8f6m_jyq#d_SJ0$qBjS=h-z=$EEQ=m~IWai3Vkk+)5
zi(#7{EQ0BZ!V;Cj90sv^x>&*3}oM>vpNB(o2L(P+}@YgVmHV!da^@TRPoH
z+CVf>-GQ2!sgbQs*OUVKE2`||8*1Cs7+E?afc^GSuaci#Z*kc_t~
zLA#37jcn}7mXU2%IO~PAWZa6pZKK{_lUs{qYa>^8$F7mES0@u0?6NOjV>;=FA+a
z-xl=cjx@I#q|soWxg)NvISypD3+=q5t16l+uxgz!wj+~Swg+iDlpnxBXpSQ0
z1d(WFv07Pnh)2w5?hV`Q@1U`lnw4Z5ZTLJ^2CYurL!|*P)SrXBQt1O~^VFUS8J4TK
z1WWU2+L?2g^v+F9X9Uq|tz-T|3(-&otckaTd~;ws6r)vM*TejSGx%bejf!<6&!+US
z%3Hl4CH_M?L3)jqpKIQN1pYW2u^8xKjZC_iKM=E1dZ08}iQ2veCoBE&XX%sFWyvkpcA2t7?u`|ZYojb+G{mN?dQlZc%aQ-e%#~m2XthS>FM1NyH0OUwBy)bb
zl9g8CZJ=d~mEw6ipmslOZ)Ht8!Kby+iF=S)h3$F)l8O&TJ`?PRtEap9K$xJn9bIDbTIsFb0aKh0*|_+${3gNzeQm|KU+pRtm%wMQfF=_BC8?6Xo3G()C;|uSRQnfnfkS4zpb6|+
zvLo0odqqdBT3M+f`gJ?qrrIDZMyWU#<;Jw(ka81vO{sp9XAdqrHHYTHQt6n^mqGin
zZVSl9pDHQJSmA^3fXqy$
z#6D1%ucTNDzqx|CN-TTU~J
z)D4zyVb#Rbgp!4JfXR$75r-)4_U)bPT|a?&CwCLQSa#H^rNpusm^I#N4ax_!V8Dv)
ztDYIl^sbm58fyIZD!dULH+l@Ga6ovEa(G7EGo)8wTwGg9pW7w?@AlEY-eRl(wpWW+N?i%K4Ln!;UCtP>73&+
ze`Y2Va{Fr3H7&^2D#JMp4i?jTea$@aTMM0k!uMM<=Jp@4B#IVY**soOpm<$Kx+;$>
z2t&sprc^Ds+lxw(J%J!P@*3`}3=EvXX$KU&kM0WGoa>m|A13nF8pYS}iUUtUQN(FJ
zZA&j`LA?yyJmfqdPFx1eeP8Cd8AP^%RO1O&rT#lD3zHRP1`V4MU{^(lnLZXf`&Y-lZ}NV{PGYT!l4JPfo-)#*ko7RM**Kqr%RSyQ`yBvV7A
zE%J?RzMj9gx_LLWiB}QXy33Uo&fF8-w+q~zqV*rrj$&4lMQ*B)EzA0_sLRd`F{ft+
z%GtFHJx*LTxMt5zgq+nJ?Br=OSzYI*S5?nCsJp{v`3o(_<-CI&*qh#xL%Eo-oQp*3
z`>Ae|fZM4mt*h%wX31xZ(kfl4&`qPRa*DZ+D}%(E@OWG0LJTt3tS9nwZNyQ#VPzOa*`=%GPMIuySsr_~&Q{g}K3$_zMk35vy4jBpDo~
z*ucqO@Qzh8ztsuytoU`pw+)A>ig}ibQ%APC!b2tZOjQe0U+#$L$f%bUNRCS7Do>XR
zx!W)3=fMthJ|(1eUvo27hlE0$92;BNp>GmB#@T$`^yHeXeVYX0TaoYZb7X+|T|eBG
zZPn7Hc)yf65lcVGLF%@7W@G()5lB_$%NaG$qoUeqHT0~Fxr@V5Y8jRo67FoxcsW{F
zF(cEI)dXbyQ#rFS$A9h@GoeR?g!GMEArb5*4{VxW(I6C|V^>)`PeS`5r8mnSTOlYA-hi>RrTxw!>*>Q-iHHG+%(oP|CZ
z=KRaB1uy1m4ICu^#gQ8px}*VQzC~
zBpkMNvNcsOzNFdO3Qdra&YAUUaGlfj%lsWEj|5DGm;D1}*)N_BvCDqz4AOFH<<8TO
zvO=)E)?=B@)kmIgm0}W=Lb#oEk&^|m?*%8(({k26D1{YF{BGnW1w&O3ryW_*Jrh}I
z85c1}Xd{K}%TVg&B&;)FmNJS7v$kFtvi#ElCzt>oMONGmoIkSy8_g|jUrGn@mT?_Y
z@Iv07W?yN+)(mr4xKOc`*#XN|sIEgx=7=eGs(dt5j9S1_LG9JdQ$lzEv6$i(8e%Kp;nI^v*a)f%cNvd_7^5(7BuVm
zMg2Mnw^v~*QCc<~DrXKID#4J34KGP2`w!4zl5K`Ok|EHIU_BA#t-b9+&)#_74^M?}
zr5G}o<~XvVWRdo8m0|-mXj9oH>rmt^CzaZM0?w*6)Hi~7zk=IbvZeR*oGsb*jD2_2~$Ol
zRpLnMc^}$fgkM5*$a4@#GtWzi7iwi~Lr$*wM*t1{CZdC-w@7F;B8VklW~L#Tx(W&4
zny#K+GNq|eT3p149O@M>EB$9(eY1o-(A7=4x+!f(&T6V>XLL;~lD;r0s0*bO=#$mL
ztVA_ic}q4c?XMM0P2xza`M5vHVG!9wQQK>9LTzB$-16kDNL;7r_EBuV*3861So~+Q
zC%;;633WP*w5zm&PHs5*3km8=58b1K>DEhStq_V77gmgls`ZSf=|h3R
zKfb}G#>J1gzQG-~WpQsUtt5Fw3&Sv_Ka)Y03CGEsxJd
z$j)0TO^T&|Fl0Hf)Hk8S9=;G`p;ZGXCRb-zb0&*rB6X%gaU3bNNIY&4-EO5U;^`9;
z!pDs)FNCC(F}9}%rUSO5D|Ox|UCE@|6NP0-`%hW3de+7YbKTq4!50mTCc_+I&sRBhqqw972IAlDU_*r|g?(43#R!)@H*1nNzZ(>q%#ZdUv2~kQwh%Yu}+0Yx{G~*IP
zAvF~#K6nimf-fz#KTR{U==ALY_9R^ib>~C(UxRDo?p&dFmZ+i}QN>c=kzvV!UE@GYt
zjX>h3S}r`u24jk9Gua?a
zZRyH|C8aSjA*AgCC7_LGVdQMRjES59;l3%aRHXw^$Wd}qS-leyaq_f7#R{rdM0ETt
zOnoH3Oz~=%FSw5jhrgF*b1EbL5Q-|CyL9hB73(CUdt)+6vWwZ42WjXmhenpsU7lJ!
zrDokI5=kLDCq#DnB{agC&I(o?F%D$y4~W!);Lllk1$7>;6vualkiAFM8?pDu0v-zx
zcA)rSoRwW@63ZZ#n7T;lfWA@N@Q;X?a0e@tb-ym@4jMLooCL;b5O?co)f(KN3mjPv
z#fQj_wy6clw%#foF>o-Bkp+|@c_PiZ{pFT?hlYiHhr$MTZ{D`==N42*JVreWLZzM7
zQnun?<+&_@b&+@>RL)c*IGh5h7k5Oua72do1V#O_b3XaSNqo->?^KC{s#D`~_Nu~5
z+d&mgdLs;*p5M`mp*h^;*tRmlV|=(J@?yS5S5v6^0_vW->~ajsBlxX153J)|Hj+>K
z_iQOt<>hGS)^OE1`YP)-?5LD-v8`2XhNSb5Fa=^El46auxUhLHUix@bO4LSb$CYC3
zq#8?6_YCR0BQ~)aa@SEtFA9)8?VDFxke7J}9H+O|6hKjd)jk*mTnS9v@iqv{k6Kh@
zV>auL4fA?7s!aY-B#rNF8?rm+>$PsZm9^&&R{2iZp0{Vl%I~aIz=K9i7Cj)X$915Bn#41;_h>u_eIw`aB;fc6&MU2%Q=nf%q!=PY+WiUJ)#Z7Fk
z0@U^(3Ta?^$j)b|_JJah$H{$r5=_(S2HI5C%VTT^y1*=UgV{y=qJ1H|%*?Ys2-$L5
zS{;m)rL<@?HHCnKlWX-2w-?BB-s$4pC)_*JS)o9v8
zEl9?WbTiLmZV)Z|>~zwzLt{1TN8q-r7>O<{FkOIoQ7@!9>C~0~baoO}8rjQ&l?Law
zZC9&3w)Z0Oanu!WD3q%!c-|R@(q4L0%-oo5>e$bBJNzMG<(a`d&=Oo9hz`pYd#I^n
zY~CF*TxC0_D&t}#uv0p&%ZDydi5yW#w&lK;&=Cdn7;oP|!qfUUzKH%I7Ir^SImKL9
zbO@mzxDi4wnDyGGJ7-sj(mzA~Y*~H6?#2)itM}A7p&2N*HWIR=aqfs3hJ?XC^jtau
zM&~YOqz476p`B*s&O&$<@2s%@E7c;qd}^;r&vn|Eop_N~YvSFlYexynqN{J|0YPN>
z`Eto#aG_A{WG!Y*X>+F
z!qec8ilz}^A!2_^#+>I@<5qTA5r~{N9~H&|L^qFBh3fcO3TLUoRa}L^A|e|=J}tIC
zi-MnL$E!4771L*0eCo5T#sG;@e`>
zAsO`-ak+Y`pMJI)Vw}mKa%M)ZW*1wei-qTA_DZ>4LME2*;@rkM?bIzUq(pnq4MHZ8
zQ1@io5Qa=llUlZL7_y&7T@agd&LLHABLlr7cSJ>Pym})o&sxO}hxW?{XBUeYRtJf_
z%vJ-kktHEr!|}RX*o%pF@SKAcYwF`5hglGjUq(h7#ZcIy&K{JDm4ja2RbO1GB%~peE2?Xt4`nZi
zkrKr$OIlRnvKm>-cg#yaaIR{F+1*(;gW5D4-z&9(evZXp#Iv~ACOXq1V%$KyZ6Zg9
z>9eIvO-0^Fzffn%=xxSw1$T$8E`gR4_P7#lSr#u=VeM6a<=t8}m=4H2%Rr-iTr*Q{
zxY9UJN~iI6WU8`5$eyLzyMZ>myrq>_tysb3=Hkw4qAFLR2~1s5xLjLU5T7~LgIBKS
zbSGY%dvvQAw0e5Rob_CtnJPa><0i>IpSGPfY&bFx{Io(^Zb#}@rwz4E2fB$=gYRkE
zl9NK%7}~zuX?~&ga%k*FPGm|~mJVST;DtNPV0XB}U4Z3`g1=C)WSGlMeG;2pj0WkM
za?h6TE67E;az|R*lnz}um+eQTLs}_rZ$MhIMMI1HJy=gjwsDa(qP97qiM4Mx1TH%<
zYuOgIX2O>QwO1HP%Z?Wh^JZP6iN8oH?uyaCR2|v3g0b4BnmjflRXM~JD9)9%1t%ii
zrHFGHm3j+0QaZR8Cr{Q91A`8BX`1#{4%EH~tH4$f6y@hNO%*1kL3Dq0f^4*BuTrF?
zP~-?sMdi5=5tCKq6o+k-IeV|%Tq71T@xWeCF|B%DQaXIPvPSd}cRij|>hyYvKNdYP
z9Uj=l6_Jpatr@1ArlBIj#jVV0b|!h_X1Q$4-&ijq9bVyUsM_DAvN5fqITGMexQd=<
zL62(cXUKg!dEKU50pdL=!&2M%QHCr^q0Oh_*%QR=O=2jx0i*(>y?R~?1|_t9*k{0Z
zU6CArp{^UOlI-kfV~Kp(aMcqQP3U`(h@|q%380Z1}^!N
zAG1aVk({nnZ$>#LDASN!K&OE`rpekLI`z-DV=N;!Cmw)qB3rC`Y1}s2O@hX1$;m)E
zr>FI|HsYNrI%}T|2j0!&;TbCh0u55`BG75i17R)*a}
zq!0S%?3!5#9c+0dpuLh%}>Zzk2G}4l11v?rjN#q+;OY%-ld>}RTRu
zkJ5xf>zb3CCyQ~s??{ct>QkXl#8Svx63Pe444#ttrUM`7q-l0=CkML&Wx2=6LjArY
zU&ghTC`J-V$=_}ej=B9MIyM7Q!yT}2f#S3&%~7i*>seP0dJv!NrE*a%*?Bipbs2=G>VbEwTJrXEGg^1-B!*Yw4u$@;_|^
z%|`0JqqWG@ldymQM>M0<-#O`iXTZ&x%A_pBKzCl^Wp@#O{gCgza
z3_;djxU>Shy?STGc)4aS(>Ot*l81tkI-9c`@y^;7gX@qZEuD%Rl0m=pNYSk*e%d&a
zLcK6ppBH2g7GibY7WLO{76r#~-AO<<6hn1YBh3+bcm}aH<10Ka+-4iUi6+kWuj)+t
z$HmdpPm$5!c^=9|-!amdqAR?7lJTOh6%g_5wIDe2ifRNk?h4vizlX4H`*ThAEh)f}
zgLhI3Yvy4sb%WbQRe1kGD@*V2dn+R;Sp9YIipuPq7QYvQ@tZqCgyUleo+)k^g}prg
zmk!_Fp0o^N=K>tDe#r0$wqf&Z9qJG$nP+E!M6_Y1rhY68+B+_snMds~Q6LjzKr~V}TOIcciicJ^YB)ASqJ})E|JJ6%mySaHt
zxhKt}?L`vDim0_$;e#Y)X|@MQq!_Tp5ah
zAFVH%3j)1D`!VIED(}8GRi3qT=n5pQ9hkHk4k>2{q|`>CadCB}kiDKSq*ipKT2XCI
z|3S3NW>dBGjfo>q&+HEa!mKRpv&-OKC>A6jr>?(_^({@P0
zI3pu;p!_4N{h#lQg;C*$YdVox(22!%P>VlBLuq7vscGlVip!vrhD3j?&KmS;^$QNg
zK8NR&TbfD-3t1rJHVQi=##&O;B+`9gsnp7Ks}A*knP1UZ6({~|RBL~abSo@)yn
z@w3B9Dke~AEI*r6d62ukv%PMFxN93H#rm$ww|RYY4MuY?9(AWEexoM38|!V=@SuQbkD#(KGXf1C!8k
z(jYu&s-iP499X{k6YWxNxOW27>6SY6x4#uoNm-++cVDCXx~#mVB7gzlHWb1)RLfxP
zNMnW6maKh9X336olK~c03%PWX_6X{ndVlL@d~?-37wyB1VY`#r6w|g2d(Xx!SC6|;
zG`c`BMj>_F)%DLMm35vAoWNbAgbsQl&5N-Esfr)?8DU&R&XHTtG
z*{EAk-JI3&3;P$ftE*88wjdg8uFDScux&bbpIj;~&IPRvb9rs8n;nDi&7D7OU!o>9
z7`BXPaabr-5iH8GIKb35xeMJSwzRZ@F1A~e7BaA;cS_vnRP^#f^OY)VZm5Y1z-@Wv
zmuP{XsJPk+dzpsK$3Y4iRTuLJ@jwj-s6&BWWkX-=_)!amO+M3Q;F{Zt_zOeK`357~
zH`njAJ}QcatW2c>toL~3%m0a$@-4|qxw(SjVk^}cB`p!y$68p4$-8T2x)ps>ID#mT~o
zCWOh6yaH{ad9VpMyZi)vrsT57*15=gmy69kqBMr
zi0(G1QLY=PuT57}R*G#ga_v+q6!OE<{nR!f5?buBqAKG=xfh!tydG$CWCC5$2BO=U
za9R`e>V>4Pv*it*<7``{eZCB2e#4s5!mj?1aqL<`qv-++sx24|W0^{wAakX;`MLXKf#kv#xa
zS;R?9yiHrbL^mwrV-8!%tkaP)ss#Pz>w#+x?YlAV(k+ZR_OKk85SdzG5tRz~IaCUF
zCGh`g?rUNr%d)hBzkwDEJq$wh2sM;o7>!^^Iqdwi*mPBvYsOWTl_oR$M?#t)Y=<+W
zE9`JZgq@i!7R?4Bjf9E?qZUF!{0KE0m>sk14H7%HBe5A^hcwd6VvrCL&3FFpJ@>wQ
zU%dBhmq?W>?1;GU-FNS~=l4731Vjb3aH*L;WYj^~dw+6{;6~{5(~+N~u~W=F^LTbn
zF=9WLEpeaC+y=#E2Y=JW)g>R8v_zK=3>o8+TwTPd!m>G9Bo%ImW-6G`BHIjrKx2Qn
zfbK{t`HZhO_Ti4WC8CQ@Cs&u3RN;MjMQTx#%@9G++hGdqhTx7k$}CS8M``s9QF0%2
zE^8
zo4moiRdOBE$aV#c_SqHTz7q5qD~bIrA46y*A=bN2A7UC&X&Ms$3&en=y$baRIfNm%
zo81J!so>f2kPW%wSxUF
z#ybV63ZeeYv%+lK!i=`$L(~%550b49P8PGNFcTO7p@c;6>m*RW+H(>&fR!sP*WfQ9
zuf*Z^0G)}*DTU939%@pD$uX)&lpds6Uojxi3|}j`86vCaL5$qE
z9@~SZaLl1UTRgzNbb_-mD?|5d>Q6ze42Oxer3&Br%8%GCiDNQ1mEBqx40cP5s;Y)Q
zgoHb&^yUyv6vm=bW4ekN6i!a(nM;
z!3`F@(l8z~Px`gx0`8eR1mYuzh{IO|;&YU@(RmSmgN_?Mj7tpTkXlNxkzl5{&*@H&Tv{k}!7Z^&|nYeiWun>21VcO37aJ*Z|69H46%
z7YgxP3X%|A#I#(;QA?W)GE(d(ad*TWuv`h)1B?-05kw$nY0|HyK!U6Zu2XVu^X1xI
zFUD?BaR?~HMi`?MOFAKmiOS8Hq6Wnv3d9(pmT;A`^yCB=xtn4GNuS~6tCoRo!(P)v
zH2XH^3JMHSO;);ilNL(|cP~wGJKvR=7pxUC%mcO7zG*z(2JljFr5L!iPfrO%ad`3m
z>J@9Z{UO^BYQZ}KEx6h%^11g16~jo>rttvE*=KNk-2a3e{IqtMe(lN98nT5Gcb^z
zRCU_2j8ExizVu#k-Mc4tIw-
zV{7#c&w(#oMiZzd*qhqgcDe4<+IA0LE9Ue-Y;6VWtG*G2{#K{ur&6ls|l;3nhZO2w9S#tFj@}Na{Y*`sHm=R1m
zIEF{`F?W)-nzqBQNrGDe64-0Q@n(u{OU(exDIjsNwPky%%Dh~X3--pW+nP_ZxzE8N
z$woaD>ru}Rd%7^4u-k~{!(bxwwBiFyJS4*2!r{hts4lL(w5
zojy({6>)~Yz`biwa4*6uKyZFeJ(TW>MVE?DQ(P1e_DUwbXC;2OLy@Jaut1TCMG+dA
zb%iMQ%US^x0YWI@%#;fw1os+0VY+l7Ck|wq#;hezA4$Y)kq
z(XQxoNN6aT4!_uP=^<34`VXk1V--;dB#9__l89T3#|WFl7flim2h5OEIr4Z#6a;5m
zDJGz^IpC_OV1BZH`~Clzd5Y(zl(9D9rtiqz({f6Ew<}
z=t6`Ju=|kKk`9i0b_>yjw@YoWKqpwYvY{Mw86(u-mpNe1zlhjwCk-Hz$>}oYZIN99
zNs0eR0iX%A){`;osmy&6K~VZiJN34*hyc=Ie5GzNR!sa6(3gUC-I1VZ;)9LUua`EOIn<-@u)g1=bKpi?m`btLgf_1I`k@`rVgLI92OO`fQg|hBS%L#htS<7j66W?rq8oV*qm@nmDkV!$}gtlvEY!I
z+tWBQu}o5btg?|@pn8m%$q!*w><80zV^Mei09FU()XRUznrR8Nxzz@nOef>RS{xas
zCZ@43?Yt-Rv%~MLS1_kB93=*i=bJb4nA=Mozk$%dKF~nI5n-#vP!0F@`O-P7*yoa5
zmzO+meFiZ_oT^pwLk(G|sIFp`#IG3#o>XQN9y53=gdYS(F)Y!gBX5equJjMly4#0_ya-6jABwriG+Enrb
zmz2@z3lYZ!A2{g~u4;O55`o*b1n#O2vFN8RVX7pj7xm5^8p|96NeNQ
z2*Qw`N0PYR8ZMw&SUe*+40ot;B}+_v7|Tvvm8Z3UBKcy;zN17LEIoRW_>3Ed0f{-=
zZoh!)XoW0LsOg5RLOWTt1mO`!Ob
z8P5%Wh|gk)!fAC40LVEL-zRR$c;^zO3{hO^e1QnW^@m#pQ>sf&5}2qUAN!&tQZTC$
zdW}Y1g~G59cdGtE(|T&SH{xX_`HZEiU`r~&DPW(-!HpCv-s{;HcCc04^i^JnrkW~(
zX^pa$4W*JXK4u^%a@TRQ8!MsX@nZQV;P@4p&$OjAScJA(8QaUm9UYm%V_-cFR;wjI
z?1Sn>cyAH3eW6)Dj-l!R1;3JfW5d4>CazXNuc
zRUz{XdwmuJl!hzY^0-pn?100BG_uIt&Nn1;HDfG8#S+_f#uaSU_{O=OIK;bs_-D+hF>@hQh
z$25}NwYTKmX>b*Sa8jvLtFERg1YQW$PKu8t5t_YFo8sH9I7NO0MNXE@J}}IN#uUtF
z)w0c&Fwrz_R+ZllZ47b#vJx>=N7}&0e@80AWXc~<-#@{9O^rN)#e
zpkku5_({=(B=M=Rvch|!!BW$XFd=m!Y<0X!7Pxb2l>#uIROER)m|%z`q2T1<5E!eI
zqSb_>+n+Ur#DYg^qO;bGC;%a7fY=cP>)e%4qBadA@rGHWu->wYfUNk#LOc=&uRkBb
zD7!D16na{>jG1q+wo{27j#f=rIM&b8lIi}w`|~xDh6!gVv9mj4Iix;Ov;k|`*&B}O
ze_-D5Z4#yzO*s+6=b{=}bqo7>zb{o+%6GPD6|ti!!DxTs*O|?sWzS2
z*$@X6jhP=wxr5Z|(Y$b$sg9~jhqEjbgUAFYFx`=OEfW}M6{pdF$;0gSwo=0A`w{`n
zPJGw4T&*uBz?J!V%qS)={sHsKmn`VGeTESIaCwEebqbqEfqs0icrgo#$)SrE+@(G(
zpHjOm@cd5+u5xkuWVyIHzo2{ZuPP^%ZQYe}{
zQNekfWRQsiaeBd0^KiMIe007!TTEZAU-0wc?Vvi#xw!#jZ+dPX2vpT`yzzrMinCo@
zqj~upTlsPc$iifw&77C-E@ujCYP#6#)-w))`B(eKsFC`Q(KW;7j?4ihY9ayRY(vq;
zqVt&#Gy(=LJRDjD)kF^oYt)p2bR&dBC|=TcK~($|6?ezEGI^K-2%2!CBH~%MG#*N4
zA*VQPsXhf(0sA8KpQZ5odcL&r(u1xE5))k
z6fUw~rTl80bXs=8Vw2l5+iH?1icP1`I_2Y*At+LB(AW{dDR@-|Iv9f$;@Hp-=G+mK
z{GOnp1-D9ERM!qlAHZU?zO(
z23JNB7h;_2mno$=!##KL3|T&DUwzJ@B~^TVuo3K`7AQ&sXrQwqxXGNNM2I)OR*cU@
zt0!e(vQ|yrzm=7B)<9KdHOsx~y%AduKH^F@81wEh4;40&XNy)vFV-^eDXmB_}M^cwK`F6UOXThd-E7BIG97VV}
zMdYKB@Y;E^g7=lJa+X^@l`^A~DEgiGX2fP&oGil~@)%QE4AXZHR>7Fakkx58de5ebx|5Ej1pi0~V7&N0MEvk4uR
zj(TLDgBlUw!bx$ts8t4}I#_F4lbj{DcK1!ZznUJj-oP8ZDhZC8AUDZBs=?o;*yuCI
zC@|n6qHW-{H}|yWrAaxN+^yOhCO`~d7&F0nU(XgOH_Olp)7VmhS!$!qBtVMhpRlX301E-I+;t49r=>;u<*8v{B~crtMwDnNl(?S+HG?Qg5oIb
za{TOS^${vsULow|BN3_kmuf*Khq3O6|3L%LdYDLEr3^~!HytAH`Ivoy(au?b4SM%=jVNf6%zU%=`~moLKT*r=6GKc
zY|Qow=s}TqjEGY;wha5}2H_Krit+#$ic)=)w+wn`cjfxMt|fP&PS2l>zFj-xCT$6>*o1$R=z&Egf=P;j>c
z_PLs!8JSWrF71fM^WnNkaQtlRrCHoCD)?z#(twJzPJVsaDZJ*~Pd%-;DezTnSzf@W
zwrg-Gh!De=Bz1SHrS>w(3n`HYWSKw`XHu&spBw-ZHDOQK8oEhgg9oTIzjNUxl9`s>W9L=>81_PO*%?`4kxBUt>}H>vf}Bj(Ggust=Svid!0&8Y
z1$1Yb?Zsr4JCac$fm-p|m^vLjb0U+t#yjdg^ULHkcTULyy+WwpBoy6@8`Wh+|4EWU
zX*(j%k@9>fV9&JdOW4*L0h?BVY;*Dtu3vKsBv;lXJR+}0EJGbnY)xol(Fwzd^On|f
z<2}Knf_=u?B$jlSPMso@LC%(7WH%PRbP{82
zLn<n8N!aPL^$Vc~D)!F^TA&UXGQSHw7;v{JONMu0)s>+u#=%j&fAG-kdO
zBXd|ufuP!sl!K+ner$90-bTP3galP#aWYv==b*FQhsX2NIj|Rm6-BjT!=+C)(^p^+
z2SCA`T$}4X`*{kL19oQyA
zcmTRoEWI@gh9?y@0qsruK8Z;NzS801;xv>$|7N;6MUkLPks$pxu`D`8H>$+c@C&in
z!5xlX=ByfAgbUm{vdzr3L7c#A33&cAT)1vjU8iB4x{
zQ&dWvOwp7NT?||y;ysSL9$LPq!Xv~SimO>iuv;t|hhJpK4GS4P)O_3LoI{JVl~
zKLm^~I7RT5V-?7dZyMd2Te=7VRX&9wvw6K*
zqD)Y1Rx2L$%Q{Ocs`;z0c3UG#X$%T*|x$(#+9z~F0V5y)L7@ebe(UaX3`}=3oV%^
zx?K9B8s!UYp9YZaFzh3MJkT
zrs+(Cz3Wm}HfEbXi1lE)4z)LgFO&x!tJMaxcwp%RRY|b~wh}sFh!I#1%|Pu03kH`@
zRxqJ>76{fuBE>m>I1ml3kd@^^;wtbg6$S$KRfv)%)Y{6Fx0HO0oKL+s<%{8ID56fy
zGD1W>Q9NPaeufszZqG##9H&8p;W`rTJA}?HBK%?_I>H?pR?@ny_WRnnaUM>z6e2PL0vmo^B7C00@n`(6lbbx^?gWJ*JNN5|9l43;h
zc<1a^oJ5IPJO+E1qprvdK19nu+8}2$|C4h;2fZw&P<&jH&`hFi&QBJD(_JdD*F
zc$YNi9Lh{h_#$%AD*Or(Se2914b8kx951zp>R^Xn%CQ5@OLjy^sXawBRUP7_igd?`
zlY4~BB>Eu=Op{#uUCN}#rFkK4MG0kwla;Py^>jet%2Z@LKnbhrlI$N)&
zuV!nD0XQucs(Z{@YZ{?NWslTHa`!dbnTroFfI_j%57qs$Tv?2f2H#SU-uc4G!iQ7r
zu>}SbInm!bB#>dJj#379a_o~TAuLd~V0Jp8rtMc}q%mAh=c{UM4dTg3QFbg)uqnlz
zUje#cEom^v%goVbb&JbuUs1Ua+*;BVv6lDaTJ|-rABAFWWk6uNXY6?PYJS0Ija$K=
zU^T|nS<5Ks1O-=!gs?K`#JYqNV>Ufk9}e4Zu~;UpPBH~yujQp_l4X~TOKZ}EB9TS@
zzJ(6RC1<|-gn)~hW|$mQ+aB?dX!9j_RSW4)LQ$bq>=$e@94mwV!)3NeWROAQem@5w$x)AN#mtbqN4Efeai_znN|Iai78v
zpP+6p(FGsTDmcN!L<`Bcsbe|KM+bMid@kx3BBY(4z2p(+R-q&af-o2LuT*;4pa`up
za1iArLNT@d?og)3SScA{!3U5faR&A)TOd@MVT{FeZPWEjl-kXkD)_#RNcq!J
zx9H-{`4MweVR7=gaBF@W+~BriJy@4Y*68-5#Bf^XzOn*+brZI*n3&a>(Y=Z!Rv>d+
zw`OX1n3ed2bREAs7eW!v5e=*AYMaeMl@$Bb2kJ4noa|)+7g8B
zBRF+Nz^uJVQdL%TJbvJDnnnOZ)QVI-k)3!n89>Hu1`(h7eP}P7W>Sd$!z3O;+X1Rh
zHYZLVgA7FCTd8=;e`LTkA1E`ix+bP!75!*SqcJ}1Abo}OG+yiye>Pjgtx4wVZ!^Al
zG~62WKn1vOyPpG^C;YD;6L#r<(&WKJx8>ENs0VS&$H=S4uLRPd{q#J&QBk^SnzgxH
zgGp|dqEq2W|3x=x0s#Vy3z@Pxd7Z%kWv#Yr5=_v+T()3$#*W(3=i!izmh+uC2e=}H
zX4)J0y5X!N8AH2(b6zWE(@llNzGyicoWG_k!B#0(twA|0E(XLl!a@npJSXfqCol#Z
zvve>VGS+XR)gb>xIg_g}NM=XHgWqmXByrD%8w)AhlYtL)e
z(*k~1h!twR{_5@92@3qIDJKT_oXPc0@x)|ez+_^bDX~zoa4aWz4q@8f%}FqGt0Tdr
zoGo>iJpu)jCh5qxO0+E`i}U12wp2(n>F)#bC)xmd$27y(|b)HG&M@e<>x&%ad
zm(Cj(ELeBjj9lW7ZHF=M60koxq^hSNjA6(Ia$Tw03KI_AFNX%rSgM68bfXf<@o2v0
zB4EL1cmG1VZcG+)@Qn50>A~aq#TgZN)uea|aplk^UF5{r!!%=^uG@$f`GmJV{;+QO
zzM`1zE19resFtDyj5KM4o{82T
zuY__A0&Pui5+GN+=obEZ`#2U_eh=7+6OBFKsWSi5PON*}P34M;3NDtNf^8&0;i;VH
z?@SXlN+}(KX6|bO%(bDsT#b@TMb(dv2t6L_zZOW183VWDmhpb&)(B{#g>&nv5}k>3SN}nxBYyAwTn#21*O@R6IU{s%$0^cgbtBAXG$xo+*ax`e(>ZJV%|4
zI@8_sLp7%?V~w@kz;d#6i$djLRuK
z=H2QkhCH?AWY-A$3z>q?ClN)oHWuHD;Xhndu^*@P8vHbBxDmJjR-THha6FDio&V
zxgB>j;XG{SeIwS1hXW((lF}TrfOi-&k4b$Jj@B*T_CJ*bBQ5Li!RM_!c%02JSk`PaQNbEF$j|4p4LIf
z&f$D;Uy0f#oc%VrC=Tz_$zu72l)mK^ij7oiyjB*A0HV484O6=&U890U26eTKUOX;v
zl@E&jIi=hM=eTEAL9v(g-=atTV4_LE+iZh@O}$h_0kuGHY1pbQx`ut5Q%=>ZQa_yH
zK5J=t5SKi!NLSlSmp^oV^htz~jLYukIcNpPkL$l0(y#D%ly{J*Uo6mE7?kR&_RSpJ
z9+ezhRPxjFodd)sDLVNavRFZ_5{0BnHynl}H4O9GolpU!x6U5<1A50gzz@&cnCuz&6>a?-UO;sYAb@$
z#7s##1gGR3sfwi3PR7_!dfmj!R$S_^f6
zVG+~CLcN@5G&s~)aAj>R(L~Dj;Y+HsxI&`98cN~Ir%x8ki`h$R6e%KU`-u-YggZF#
zaI{?>uRd?!BfJdBFc-|`lJKVKDwP^DWT+zb0Ju7@{@*fLWS4i^2M7l0UDl!5KVL!2
z!fF^qoRYTt?Ta@+*iW9%)(FyJX`eiq?A_au?cNqla1)QlCp$bf8j)D|MfwazKGl>l
zghX%OY<+*y=tNbx7Buf$a<2|86v&1@R%9{5NmRq1+{vVlH?`#uWGODPF$+?MDoSN>
zTwor;$3ja!2eb&$Y$TQCqU6nibXyHbB9P
za1(GV={)T8!x{#0%D%W*Li|>A0xXF@FP1B2o(bS^GD3W!SdX$9K!c%L=MQS+@E5EC
z(~eMiQCcskqpMkr&|Vtum~CvGbw+(QItHmt91D)77O<2YRXt`alPR8|c=m2G?Vv^Q
ziltx-CJQP)2{ppdUe7CQ--4FOkZ>6wq2g*I_DwM?bJzFRWGM0}tx*o1pO?Bu$dgo4
zfB;YChQH2ID!7Z{{JK{g-PdZ
zkX_a*xy@AXVT%veGCe&t?dh%piR1C?iz}49TTL&h&bx}XxJ*NLF76Cmmc(co32(Um
zf*~OOHmi0jloVOdZpZosapH*d=PCEMvJa)W(x3~I9s*pp{K5_EAhm(?6=_#MFiFrhA&0$RE;d3_5`ZqfROj&U&`Go|WU}phG(aEC`1C-wc%m6d2E2&2pm
zP+#df>V*h_L}|Q~BCHZzn=Z5&$e&%EAH(m7tqlr{t2#sH@0Qb?%>cx1He95s6FGSK
znx(Zlu3m7_RM4yg0_X2fv_7b}m&)8>2)zUsqBl7l=+-H3Tg*kDTEi5Sr=EO{E2*n9`q~b@IW&JqAits(gEK8F)ap=|7(C(9~YK^4lFXoO^
zwa8^UnUtW6Q%3hBHk55jPH9G%mh8(L)kdK6hd4JHWPrE4Pn8j5jlLrGLPB2p+E7J=
zFRoB+n`flzGR|DVLZh#6>ucT49xhuFIbvG^QRa;G
zI`X6G`lH2iD#b-!Vk@GKl1Oc(h0O6+WVvccV;5@aa3x-!oaj;@-A*Z3A&%+E+qdI!
zBeSCdu@{vgc^=J5!%T`MY|1Fons|HC0}(@$c$_>y^!vDHFh&F7H>W%EIXILl5du7)
zmUo+E8N!jBR_c6Nr!!Hd`*@eZDT-+D$*c3_#ROI8R+|YuhH0@;oUq#JL{V0MzxN_`
zv0VDoNM}Gk)^S3~?_BIS11A&fq^;zqef-gEy19bb9q&MMo}X-<8iHRwuOQ3bh6{+~
zzDZkU(CFi|6b=K{@OI{x9)wEd!pj10gL>rZ#x%)L%DLPhpxb-Ln7j+6
zYjM^LV3blh-C=_+2Th3ZMHO@r3*W3>k`^hZaBo8=Z((!X#EHX_QlgmFG0OiOh)F~k
z9IKqRye*c@k*Ea!cLaNlT}S=T`$KI>2sv6146-MbcJq3+K>Y``{{X*xC`!YppTK1xLqHNgaKScjxQxP(KPrG>6_^{g|26N&l3)Y@AMyt^t#XO%w0!
zhlPs=dfZ$RzhaLO7UeouoKDhPk4@Y%!2sy14IAfUIaT0&a`=Q8+;=sr-!b%Nn9?Y|
z0zqQgKx`;Phrzc4bOwrjJI*!RHTfnl~;hqfYCDxnIuH36IiPoxrezuZu3
zeZe6FT!Y{whl(;w;b>jTC|MvPx`ZV}R90$9<`WIztZ4H%+RX`}giSAT++b@2G^~JU
zFm8cZz4Hm)sI4vCnA76g+#Y$5b+8?i(=oQW~;w<1
zMwGa+Y3*V7GHmB??S#aXkOLndqu?5Ib_MhjF)Sd&;8!~N8~{AWQgN2_loBTei(-iJ
z{mZNMYt+ic$kDy^yYtQT7_Xa^yuP;IE>I)--m8nNdzY&v%(~6H(Y^52FPp(l85Fy;;j|n~l)@Vut^ta2!W^|8q>Crv>dhgXze_78?
zM)x+TEHJu9@lSkvNgQ=_Z}xg}wwj*LCa+I%HTw&Gn;F3J$>G>S@!kuXbc!zIuyk3v)q4^u-PvgDW@zpDgCk!3lmp@S@jxHb{9Ure|
z*Y+0$i|u!;sr{yLj^{{9nq`6KwT
z@!ycQM=$XD$M9q0AO9!$z+Nx@6^)Aj(!WNdzl)E4>gNA%U&)p1^&kHk8Ef;m``GJi
zeEfgi_{SUh#9n__hL33ebPb!ozCC)Q@7wjhaV5Xm>m@CYeurLdygmOv(9b@g5Ap9G
z{ZPi+>u+7k`*iPLz)wE@H}D><$p#KYe*DoVa$kG>mK#gI+BkdtXL!$#|5C@>>w8=7|F5(0zxA7Pe|x?9b=w)b
zd%VB=H5&ap{NnHb%YR5aJsR2T&+=dKfBE|T2Yf{1<6UegOnzwrS*zm5Nq
zj{lL4e{CP=1@i0t3s)+Nq=lZAF{YQUA$9-L2X>#tL-QQln
zj?ex4NAKylpOe=g|8+MQzuGu^{YEza#|Jv@fxOy0?J73T{{G7tPw(0D|3t_CwvPX0
z`=Y+)*ZXUF|DEi6HvVs9@6)r=KYRTZ9WU?3|NnQr|IUZ;J^IbY*}H$cGXCd(AkY8q
z(soWpHQ}8jb$z
zx6%`5
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include "cppbor/cppbor.h"
-
-// static globals.
-static double keymasterVersion = -1;
-static std::string inputFileName;
-static std::string outputFileName;
-Json::Value root;
-Json::Value writerRoot;
-
-using namespace std;
-using cppbor::Array;
-using cppbor::Map;
-using cppbor::Bstr;
-
-// static function declarations
-static int processInputFile();
-static int processAttestationKey();
-static int processAttestationCertificateData();
-static int processAttestationIds();
-static int processSharedSecret();
-static int processSetBootParameters();
-static int readDataFromFile(const char *fileName, std::vector& data);
-static int addApduHeader(const int ins, std::vector& inputData);
-static int ecRawKeyFromPKCS8(const std::vector& pkcs8Blob, std::vector& secret, std::vector&publicKey);
-static X509* parseDerCertificate(std::vector& certData);
-static int getNotAfter(X509* x509, std::vector& notAfterDate);
-static int getDerSubjectName(X509* x509, std::vector& subject);
-static int getBootParameterIntValue(Json::Value& bootParamsObj, const char* key, uint32_t *value);
-static int getBootParameterBlobValue(Json::Value& bootParamsObj, const char* key, std::vector& blob);
-
-
-// Print usage.
-void usage() {
-    printf("Usage: Please give jason files with values as input to generate the apdus command. Please refer to sample_json files available in the folder for reference. Sample json files are written using hardcode parameters to be used for testing setup on cuttlefilsh emulator and goldfish emulators\n");
-    printf("construct_apdus [options]\n");
-    printf("Valid options are:\n");
-    printf("-h, --help    show this help message and exit.\n");
-    printf("-v, --km_version version \t Version of the keymaster (4.1 for keymaster; 4 for keymaster4_0) \n");
-    printf("-i, --input  jsonFile \t Input json file \n");
-    printf("-o, --output jsonFile \t Output json file \n");
-}
-
-
-X509* parseDerCertificate(std::vector& certData) {
-    X509 *x509 = nullptr;
-
-    /* Create BIO instance from certificate data */
-    BIO *bio = BIO_new_mem_buf(certData.data(), certData.size());
-    if(bio == nullptr) {
-        printf("\n Failed to create BIO from buffer.\n");
-        return nullptr;
-    }
-    /* Create X509 instance from BIO */
-    x509 = d2i_X509_bio(bio, NULL);
-    if(x509 == nullptr) {
-        printf("\n Failed to get X509 instance from BIO.\n");
-        return nullptr;
-    }
-    BIO_free(bio);
-    return x509;
-}
-
-int getDerSubjectName(X509* x509, std::vector& subject) {
-    uint8_t *subjectDer = NULL;
-    X509_NAME* asn1Subject = X509_get_subject_name(x509);
-    if(asn1Subject == NULL) {
-        printf("\n Failed to read the subject.\n");
-        return FAILURE;
-    }
-    /* Convert X509_NAME to der encoded subject */
-    int len = i2d_X509_NAME(asn1Subject, &subjectDer);
-    if (len < 0) {
-        printf("\n Failed to get readable name from X509_NAME.\n");
-        return FAILURE;
-    }
-    subject.insert(subject.begin(), subjectDer, subjectDer+len);
-    return SUCCESS;
-}
-
-int getNotAfter(X509* x509, std::vector& notAfterDate) {
-    const ASN1_TIME* notAfter = X509_get0_notAfter(x509);
-    if(notAfter == NULL) {
-        printf("\n Failed to read expiry time.\n");
-        return FAILURE;
-    }
-    int strNotAfterLen = ASN1_STRING_length(notAfter);
-    const uint8_t *strNotAfter = ASN1_STRING_get0_data(notAfter);
-    if(strNotAfter == NULL) {
-        printf("\n Failed to read expiry time from ASN1 string.\n");
-        return FAILURE;
-    }
-    notAfterDate.insert(notAfterDate.begin(), strNotAfter, strNotAfter + strNotAfterLen);
-    return SUCCESS;
-}
-
-
-int getBootParameterIntValue(Json::Value& bootParamsObj, const char* key, uint32_t *value) {
-    Json::Value val = bootParamsObj[key];
-    if(val.empty())
-        return FAILURE;
-
-    if(!val.isInt())
-        return FAILURE;
-
-    *value = (uint32_t)val.asInt();
-
-    return SUCCESS;
-}
-
-int getBootParameterBlobValue(Json::Value& bootParamsObj, const char* key, std::vector& blob) {
-    Json::Value val = bootParamsObj[key];
-    if(val.empty())
-        return FAILURE;
-
-    if(!val.isString())
-        return FAILURE;
-
-    std::string blobStr = hex2str(val.asString());
-
-    for(char ch : blobStr) {
-        blob.push_back((uint8_t)ch);
-    }
-
-    return SUCCESS;
-}
-
-
-// Parses the input json file. Prepares the apdu for each entry in the json
-// file and dump all the apdus into the output json file.
-int processInputFile() {
-    // Parse Json file
-    if (0 != readJsonFile(root, inputFileName)) {
-        return FAILURE;
-    }
-
-    printf("\n Selected Keymaster version(%f) for provisioning \n", keymasterVersion);
-    if (0 != processAttestationKey() ||
-        0 != processAttestationCertificateData() ||
-        0 != processAttestationIds() ||
-        0 != processSharedSecret() ||
-        0 != processSetBootParameters()) {
-      return FAILURE;
-    }
-    if (SUCCESS != writeJsonFile(writerRoot, outputFileName)) {
-        return FAILURE;
-    }
-    printf("\n Successfully written json to outfile: %s\n ", outputFileName.c_str());
-    return SUCCESS;
-}
-
-int processAttestationKey() {
-    Json::Value keyFile = root.get(kAttestKey, Json::Value::nullRef);
-    if (!keyFile.isNull()) {
-        std::vector data;
-        std::vector privateKey;
-        std::vector publicKey;
-
-        std::string keyFileName = keyFile.asString();
-        if(SUCCESS != readDataFromFile(keyFileName.data(), data)) {
-            printf("\n Failed to read the attestation key from the file.\n");
-            return FAILURE;
-        }
-        if (SUCCESS != ecRawKeyFromPKCS8(data, privateKey, publicKey)) {
-            return FAILURE;
-        }
-
-        // Prepare cbor input.
-        Array input;
-        Array keys;
-        Map map;
-        keys.add(privateKey);
-        keys.add(publicKey);
-        map.add(kTagAlgorithm, kAlgorithmEc);
-        map.add(kTagDigest, std::vector({kDigestSha256}));
-        map.add(kTagCurve, kCurveP256);
-        map.add(kTagPurpose, std::vector({kPurposeAttest}));
-        // Add elements inside cbor array.
-        input.add(std::move(map));
-        input.add(kKeyFormatRaw);
-        input.add(keys.encode());
-        std::vector cborData = input.encode();
-
-        if(SUCCESS != addApduHeader(kAttestationKeyCmd, cborData)) {
-            return FAILURE;
-        }
-        // Write to json.
-        writerRoot[kAttestKey] = getHexString(cborData);
-    } else {
-        printf("\n Improper value for attest_key in json file \n");
-        return FAILURE;
-    }
-    printf("\n Constructed attestation key APDU successfully. \n");
-    return SUCCESS;
-}
-
-static int processAttestationCertificateData() {
-    Json::Value certChainFiles = root.get(kAttestCertChain, Json::Value::nullRef);
-    if (!certChainFiles.isNull()) {
-        std::vector certData;
-        std::vector subject;
-        std::vector notAfter;
-
-        if(certChainFiles.isArray()) {
-            if (certChainFiles.size() == 0) {
-                printf("\n empty certificate.\n");
-                return FAILURE;
-            }
-            for (uint32_t i = 0; i < certChainFiles.size(); i++) {
-                if(certChainFiles[i].isString()) {
-                    /* Read the certificates. */
-                    if(SUCCESS != readDataFromFile(certChainFiles[i].asString().data(), certData)) {
-                        printf("\n Failed to read the Root certificate\n");
-                        return FAILURE;
-                    }
-                    if (i == 0) { // Leaf certificate
-                        /* Subject, AuthorityKeyIdentifier and Expirty time of the root certificate are required by javacard. */
-                        /* Get X509 certificate instance for the root certificate.*/
-                        X509_Ptr x509(parseDerCertificate(certData));
-                        if (!x509) {
-                          return FAILURE;
-                        }
-
-                        /* Get subject in DER */
-                        getDerSubjectName(x509.get(), subject);
-                        /* Get Expirty Time */
-                        getNotAfter(x509.get(), notAfter);
-                    }
-                } else {
-                    printf("\n Fail: Only proper certificate paths as a string is allowed inside the json file. \n");
-                    return FAILURE;
-                }
-            }
-        } else {
-            printf("\n Fail: cert chain value should be an array inside the json file. \n");
-            return FAILURE;
-        }
-        // Prepare cbor input
-        Array array;
-        array.add(certData);
-        array.add(subject);
-        array.add(notAfter);
-        std::vector cborData = array.encode();
-        if (SUCCESS != addApduHeader(kAttestCertDataCmd, cborData)) {
-            return FAILURE;
-        }
-        // Write to json.
-        writerRoot[kAttestCertChain] = getHexString(cborData);
-    } else {
-        printf("\n Fail: Improper value found for attest_cert_chain key inside json file \n");
-        return FAILURE;
-    }
-    printf("\n Constructed attestation certificate chain APDU successfully. \n");
-    return SUCCESS;
-}
-
-int processAttestationIds() {
-    //AttestIDParams params;
-    Json::Value attestIds = root.get("attest_ids", Json::Value::nullRef);
-    if (!attestIds.isNull()) {
-        Json::Value value;
-        Map map;
-        Json::Value::Members keys = attestIds.getMemberNames();
-        for(std::string key : keys) {
-            value = attestIds[key];
-            if(value.empty()) {
-                continue;
-            }
-            if (!value.isString()) {
-                printf("\n Fail: Value for each attest ids key should be a string in the json file \n");
-                return FAILURE;
-            }
-            std::string idVal = value.asString();
-            if (0 == key.compare("brand")) {
-                map.add(kTagAttestationIdBrand, std::vector(idVal.begin(), idVal.end()));
-            } else if(0 == key.compare("device")) {
-                map.add(kTagAttestationIdDevice, std::vector(idVal.begin(), idVal.end()));
-            } else if(0 == key.compare("product")) {
-                map.add(kTagAttestationIdProduct, std::vector(idVal.begin(), idVal.end()));
-            } else if(0 == key.compare("serial")) {
-                map.add(kTagAttestationIdSerial, std::vector(idVal.begin(), idVal.end()));
-            } else if(0 == key.compare("imei")) {
-                map.add(kTagAttestationIdImei, std::vector(idVal.begin(), idVal.end()));
-            } else if(0 == key.compare("meid")) {
-                map.add(kTagAttestationIdMeid, std::vector(idVal.begin(), idVal.end()));
-            } else if(0 == key.compare("manufacturer")) {
-                map.add(kTagAttestationIdManufacturer, std::vector(idVal.begin(), idVal.end()));
-            } else if(0 == key.compare("model")) {
-                map.add(kTagAttestationIdModel, std::vector(idVal.begin(), idVal.end()));
-            } else {
-                printf("\n unknown attestation id key:%s \n", key.c_str());
-                return FAILURE;
-            }
-        }
-
-        //-------------------------
-        // construct cbor input.
-        Array array;
-        array.add(std::move(map));
-        std::vector cborData = array.encode();
-        if (SUCCESS != addApduHeader(kAttestationIdsCmd, cborData)) {
-            return FAILURE;
-        }
-        // Write to json.
-        writerRoot[kAttestationIds] = getHexString(cborData);
-        //-------------------------
-    } else {
-        printf("\n Fail: Improper value found for attest_ids key inside the json file \n");
-        return FAILURE;
-    }
-    printf("\n Constructed attestation ids APDU successfully \n");
-    return SUCCESS;
-}
-
-int processSharedSecret() {
-    Json::Value sharedSecret = root.get("shared_secret", Json::Value::nullRef);
-    if (!sharedSecret.isNull()) {
-
-        if (!sharedSecret.isString()) {
-            printf("\n Fail: Value for shared secret key should be string inside the json file\n");
-            return FAILURE;
-        }
-        std::string secret = hex2str(sharedSecret.asString());
-        std::vector data(secret.begin(), secret.end());
-        // --------------------------
-        // Construct apdu.
-        Array array;
-        array.add(data);
-        std::vector cborData = array.encode();
-        if (SUCCESS != addApduHeader(kPresharedSecretCmd, cborData)) {
-            return FAILURE;
-        }
-        // Write to json.
-        writerRoot[kSharedSecret] = getHexString(cborData);
-        // --------------------------
-    } else {
-        printf("\n Fail: Improper value for shared_secret key inside the json file\n");
-        return FAILURE;
-    }
-    printf("\n Constructed shared secret APDU successfully \n");
-    return SUCCESS;
-}
-
-int processSetBootParameters() {
-    uint32_t bootPatchLevel;
-	std::vector verifiedBootKey;
-	std::vector verifiedBootKeyHash;
-	uint32_t verifiedBootState;
-	uint32_t deviceLocked;
-    Json::Value bootParamsObj = root.get("set_boot_params", Json::Value::nullRef);
-    if (!bootParamsObj.isNull()) {
-
-        if(SUCCESS != getBootParameterIntValue(bootParamsObj, "boot_patch_level", &bootPatchLevel)) {
-            printf("\n Invalid value for boot_patch_level or boot_patch_level tag missing\n");
-            return FAILURE;
-        }
-        if(SUCCESS != getBootParameterBlobValue(bootParamsObj, "verified_boot_key", verifiedBootKey)) {
-            printf("\n Invalid value for verified_boot_key or verified_boot_key tag missing\n");
-            return FAILURE;
-        }
-        if(SUCCESS != getBootParameterBlobValue(bootParamsObj, "verified_boot_key_hash", verifiedBootKeyHash)) {
-            printf("\n Invalid value for verified_boot_key_hash or verified_boot_key_hash tag missing\n");
-            return FAILURE;
-        }
-        if(SUCCESS != getBootParameterIntValue(bootParamsObj, "boot_state", &verifiedBootState)) {
-            printf("\n Invalid value for boot_state or boot_state tag missing\n");
-            return FAILURE;
-        }
-        if(SUCCESS != getBootParameterIntValue(bootParamsObj, "device_locked", &deviceLocked)) {
-            printf("\n Invalid value for device_locked or device_locked tag missing\n");
-            return FAILURE;
-        }
-
-    } else {
-        printf("\n Fail: Improper value found for set_boot_params key inside the json file\n");
-        return FAILURE;
-    }
-    //---------------------------------
-    // prepare cbor data.
-    Array array;
-    array.add(bootPatchLevel).
-    add(verifiedBootKey). /* Verified Boot Key */
-    add(verifiedBootKeyHash). /* Verified Boot Hash */
-    add(verifiedBootState). /* boot state */
-    add(deviceLocked);     /* device locked */
-
-    std::vector cborData = array.encode();
-    if (SUCCESS != addApduHeader(kBootParamsCmd, cborData)) {
-        return FAILURE;
-    }
-    // Write to json.
-    writerRoot[kBootParams] = getHexString(cborData);
-
-    //---------------------------------
-    printf("\n Constructed boot paramters APDU successfully \n");
-    return SUCCESS;
-}
-
-int ecRawKeyFromPKCS8(const std::vector& pkcs8Blob, std::vector& secret,
-        std::vector&publicKey) {
-    const uint8_t *data = pkcs8Blob.data();
-    EVP_PKEY *evpkey = d2i_PrivateKey(EVP_PKEY_EC, nullptr, &data, pkcs8Blob.size());
-    if(!evpkey) {
-        printf("\n Failed to decode private key from PKCS8, Error: %ld", ERR_peek_last_error());
-        return FAILURE;
-    }
-    EVP_PKEY_Ptr pkey(evpkey);
-
-    EC_KEY_Ptr ec_key(EVP_PKEY_get1_EC_KEY(pkey.get()));
-    if(!ec_key.get()) {
-        printf("\n Failed to create EC_KEY, Error: %ld", ERR_peek_last_error());
-        return FAILURE;
-    }
-
-    //Get EC Group
-    const EC_GROUP *group = EC_KEY_get0_group(ec_key.get());
-    if(group == NULL) {
-        printf("\n Failed to get the EC_GROUP from ec_key.");
-        return FAILURE;
-    }
-
-    //Extract private key.
-    const BIGNUM *privBn = EC_KEY_get0_private_key(ec_key.get());
-    int privKeyLen = BN_num_bytes(privBn);
-    std::unique_ptr privKey(new uint8_t[privKeyLen]);
-    BN_bn2bin(privBn, privKey.get());
-    secret.insert(secret.begin(), privKey.get(), privKey.get()+privKeyLen);
-
-    //Extract public key.
-    const EC_POINT *point = EC_KEY_get0_public_key(ec_key.get());
-    int pubKeyLen=0;
-    pubKeyLen = EC_POINT_point2oct(group, point, POINT_CONVERSION_UNCOMPRESSED, NULL, 0, NULL);
-    std::unique_ptr pubKey(new uint8_t[pubKeyLen]);
-    EC_POINT_point2oct(group, point, POINT_CONVERSION_UNCOMPRESSED, pubKey.get(), pubKeyLen, NULL);
-    publicKey.insert(publicKey.begin(), pubKey.get(), pubKey.get()+pubKeyLen);
-
-    return SUCCESS;
-}
-
-
-int addApduHeader(const int ins, std::vector& inputData) {
-    if(USHRT_MAX >= inputData.size()) {
-        // Send extended length APDU always as response size is not known to HAL.
-        // Case 1: Lc > 0  CLS | INS | P1 | P2 | 00 | 2 bytes of Lc | CommandData | 2 bytes of Le all set to 00.
-        // Case 2: Lc = 0  CLS | INS | P1 | P2 | 3 bytes of Le all set to 00.
-        //Extended length 3 bytes, starts with 0x00
-        if (inputData.size() > 0) {
-            inputData.insert(inputData.begin(), static_cast(inputData.size() & 0xFF)); // LSB
-            inputData.insert(inputData.begin(), static_cast(inputData.size() >> 8)); // MSB
-        }
-        inputData.insert(inputData.begin(), static_cast(0x00));
-        //Expected length of output.
-        //Accepting complete length of output every time.
-        inputData.push_back(static_cast(0x00));
-        inputData.push_back(static_cast(0x00));
-    } else {
-        printf("\n Failed to construct apdu. input data larger than USHORT_MAX.\n");
-        return FAILURE;
-    }
-
-    inputData.insert(inputData.begin(), static_cast(APDU_P2));//P2
-    inputData.insert(inputData.begin(), static_cast(APDU_P1));//P1
-    inputData.insert(inputData.begin(), static_cast(ins));//INS
-    inputData.insert(inputData.begin(), static_cast(APDU_CLS));//CLS
-    return SUCCESS;
-}
-
-int readDataFromFile(const char *filename, std::vector& data) {
-    FILE *fp;
-    int ret = SUCCESS;
-    fp = fopen(filename, "rb");
-    if(fp == NULL) {
-        printf("\nFailed to open file: \n");
-        return FAILURE;
-    }
-    fseek(fp, 0L, SEEK_END);
-    long int filesize = ftell(fp);
-    rewind(fp);
-    std::unique_ptr buf(new uint8_t[filesize]);
-    if( 0 == fread(buf.get(), filesize, 1, fp)) {
-        printf("\n No content in the file \n");
-        ret = FAILURE;
-        goto exit;
-    }
-    data.insert(data.end(), buf.get(), buf.get() + filesize);
-exit:    
-    fclose(fp);
-    return ret;
-}
-
-int main(int argc, char* argv[]) {
-    int c;
-    struct option longOpts[] = {
-        {"km_version",   required_argument, NULL, 'v'},
-        {"input",       required_argument, NULL, 'i'},
-        {"output",       required_argument, NULL, 'o'},
-        {"help",             no_argument,       NULL, 'h'},
-        {0,0,0,0}
-    };
-
-    if (argc <= 1) {
-        printf("\n Invalid command \n");
-        usage();
-        return FAILURE;
-    }
-
-    /* getopt_long stores the option index here. */
-    while ((c = getopt_long(argc, argv, ":hv:i:o:", longOpts, NULL)) != -1) {
-        switch(c) {
-            case 'v':
-                // keymaster version
-                keymasterVersion = atof(optarg);
-                std::cout << "Version: " << keymasterVersion << std::endl;
-                break;
-            case 'i':
-                // input file
-                inputFileName = std::string(optarg);
-                std::cout << "input file: " << inputFileName << std::endl;
-                break;
-            case 'o':
-                // output file
-                outputFileName = std::string(optarg);
-                std::cout << "output file: " << outputFileName << std::endl;
-                break;
-            case 'h':
-                // help
-                usage();
-                return SUCCESS;
-            case ':':
-                printf("\n missing argument\n");
-                usage();
-                return FAILURE;
-            case '?':
-            default:
-                printf("\n Invalid option\n");
-                usage();
-                return FAILURE;
-        }
-    }
-    if (keymasterVersion == -1 || inputFileName.empty() ||
-            outputFileName.empty() || optind < argc) {
-        printf("\n Missing mandatory arguments \n");
-        usage();
-        return FAILURE;
-    }
-    if (keymasterVersion != KEYMASTER_VERSION_4_1 && keymasterVersion != KEYMASTER_VERSION_4_0) {
-        printf("\n Error unknown version.");
-        return FAILURE;
-    }
-    // Process input file; construct apuds and store in output json file.
-    processInputFile();
-    return SUCCESS;
-}
diff --git a/ProvisioningTool/src/cppbor.cpp b/ProvisioningTool/src/cppbor.cpp
deleted file mode 100644
index 3414b8e5..00000000
--- a/ProvisioningTool/src/cppbor.cpp
+++ /dev/null
@@ -1,626 +0,0 @@
-/*
- * Copyright 2019 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include 
-
-#include 
-#include 
-
-#include 
-
-using std::string;
-using std::vector;
-
-
-#if !defined(__TRUSTY__) && !defined(__LINUX__)
-#include 
-#define LOG_TAG "CppBor"
-#else
-#define CHECK(x) (void)(x)
-#endif
-
-#ifdef __LINUX__
-#define ERROR "ERROR: "
-#define LOG(x) std::cout << x 
-#endif
-
-namespace cppbor {
-
-namespace {
-
-template ::value>>
-Iterator writeBigEndian(T value, Iterator pos) {
-    for (unsigned i = 0; i < sizeof(value); ++i) {
-        *pos++ = static_cast(value >> (8 * (sizeof(value) - 1)));
-        value = static_cast(value << 8);
-    }
-    return pos;
-}
-
-template ::value>>
-void writeBigEndian(T value, std::function& cb) {
-    for (unsigned i = 0; i < sizeof(value); ++i) {
-        cb(static_cast(value >> (8 * (sizeof(value) - 1))));
-        value = static_cast(value << 8);
-    }
-}
-
-bool cborAreAllElementsNonCompound(const Item* compoundItem) {
-    if (compoundItem->type() == ARRAY) {
-        const Array* array = compoundItem->asArray();
-        for (size_t n = 0; n < array->size(); n++) {
-            const Item* entry = (*array)[n].get();
-            switch (entry->type()) {
-                case ARRAY:
-                case MAP:
-                    return false;
-                default:
-                    break;
-            }
-        }
-    } else {
-        const Map* map = compoundItem->asMap();
-        for (auto& [keyEntry, valueEntry] : *map) {
-            switch (keyEntry->type()) {
-                case ARRAY:
-                case MAP:
-                    return false;
-                default:
-                    break;
-            }
-            switch (valueEntry->type()) {
-                case ARRAY:
-                case MAP:
-                    return false;
-                default:
-                    break;
-            }
-        }
-    }
-    return true;
-}
-
-bool prettyPrintInternal(const Item* item, string& out, size_t indent, size_t maxBStrSize,
-                         const vector& mapKeysToNotPrint) {
-    if (!item) {
-        out.append("");
-        return false;
-    }
-
-    char buf[80];
-
-    string indentString(indent, ' ');
-
-    size_t tagCount = item->semanticTagCount();
-    while (tagCount > 0) {
-        --tagCount;
-        snprintf(buf, sizeof(buf), "tag %" PRIu64 " ", item->semanticTag(tagCount));
-        out.append(buf);
-    }
-
-    switch (item->type()) {
-        case SEMANTIC:
-            // Handled above.
-            break;
-
-        case UINT:
-            snprintf(buf, sizeof(buf), "%" PRIu64, item->asUint()->unsignedValue());
-            out.append(buf);
-            break;
-
-        case NINT:
-            snprintf(buf, sizeof(buf), "%" PRId64, item->asNint()->value());
-            out.append(buf);
-            break;
-
-        case BSTR: {
-            const uint8_t* valueData;
-            size_t valueSize;
-            const Bstr* bstr = item->asBstr();
-            if (bstr != nullptr) {
-                const vector& value = bstr->value();
-                valueData = value.data();
-                valueSize = value.size();
-            } else {
-                const ViewBstr* viewBstr = item->asViewBstr();
-                assert(viewBstr != nullptr);
-
-                std::basic_string_view view = viewBstr->view();
-                valueData = view.data();
-                valueSize = view.size();
-            }
-
-            if (valueSize > maxBStrSize) {
-                unsigned char digest[SHA_DIGEST_LENGTH];
-                SHA_CTX ctx;
-                SHA1_Init(&ctx);
-                SHA1_Update(&ctx, valueData, valueSize);
-                SHA1_Final(digest, &ctx);
-                char buf2[SHA_DIGEST_LENGTH * 2 + 1];
-                for (size_t n = 0; n < SHA_DIGEST_LENGTH; n++) {
-                    snprintf(buf2 + n * 2, 3, "%02x", digest[n]);
-                }
-                snprintf(buf, sizeof(buf), "", valueSize, buf2);
-                out.append(buf);
-            } else {
-                out.append("{");
-                for (size_t n = 0; n < valueSize; n++) {
-                    if (n > 0) {
-                        out.append(", ");
-                    }
-                    snprintf(buf, sizeof(buf), "0x%02x", valueData[n]);
-                    out.append(buf);
-                }
-                out.append("}");
-            }
-        } break;
-
-        case TSTR:
-            out.append("'");
-            {
-                // TODO: escape "'" characters
-                if (item->asTstr() != nullptr) {
-                    out.append(item->asTstr()->value().c_str());
-                } else {
-                    const ViewTstr* viewTstr = item->asViewTstr();
-                    assert(viewTstr != nullptr);
-                    out.append(viewTstr->view());
-                }
-            }
-            out.append("'");
-            break;
-
-        case ARRAY: {
-            const Array* array = item->asArray();
-            if (array->size() == 0) {
-                out.append("[]");
-            } else if (cborAreAllElementsNonCompound(array)) {
-                out.append("[");
-                for (size_t n = 0; n < array->size(); n++) {
-                    if (!prettyPrintInternal((*array)[n].get(), out, indent + 2, maxBStrSize,
-                                             mapKeysToNotPrint)) {
-                        return false;
-                    }
-                    out.append(", ");
-                }
-                out.append("]");
-            } else {
-                out.append("[\n" + indentString);
-                for (size_t n = 0; n < array->size(); n++) {
-                    out.append("  ");
-                    if (!prettyPrintInternal((*array)[n].get(), out, indent + 2, maxBStrSize,
-                                             mapKeysToNotPrint)) {
-                        return false;
-                    }
-                    out.append(",\n" + indentString);
-                }
-                out.append("]");
-            }
-        } break;
-
-        case MAP: {
-            const Map* map = item->asMap();
-
-            if (map->size() == 0) {
-                out.append("{}");
-            } else {
-                out.append("{\n" + indentString);
-                for (auto& [map_key, map_value] : *map) {
-                    out.append("  ");
-
-                    if (!prettyPrintInternal(map_key.get(), out, indent + 2, maxBStrSize,
-                                             mapKeysToNotPrint)) {
-                        return false;
-                    }
-                    out.append(" : ");
-                    if (map_key->type() == TSTR &&
-                        std::find(mapKeysToNotPrint.begin(), mapKeysToNotPrint.end(),
-                                  map_key->asTstr()->value()) != mapKeysToNotPrint.end()) {
-                        out.append("");
-                    } else {
-                        if (!prettyPrintInternal(map_value.get(), out, indent + 2, maxBStrSize,
-                                                 mapKeysToNotPrint)) {
-                            return false;
-                        }
-                    }
-                    out.append(",\n" + indentString);
-                }
-                out.append("}");
-            }
-        } break;
-
-        case SIMPLE:
-            const Bool* asBool = item->asSimple()->asBool();
-            const Null* asNull = item->asSimple()->asNull();
-            if (asBool != nullptr) {
-                out.append(asBool->value() ? "true" : "false");
-            } else if (asNull != nullptr) {
-                out.append("null");
-            } else {
-#ifndef __TRUSTY__
-                LOG(ERROR) << "Only boolean/null is implemented for SIMPLE";
-#endif  // __TRUSTY__
-                return false;
-            }
-            break;
-    }
-
-    return true;
-}
-
-}  // namespace
-
-size_t headerSize(uint64_t addlInfo) {
-    if (addlInfo < ONE_BYTE_LENGTH) return 1;
-    if (addlInfo <= std::numeric_limits::max()) return 2;
-    if (addlInfo <= std::numeric_limits::max()) return 3;
-    if (addlInfo <= std::numeric_limits::max()) return 5;
-    return 9;
-}
-
-uint8_t* encodeHeader(MajorType type, uint64_t addlInfo, uint8_t* pos, const uint8_t* end) {
-    size_t sz = headerSize(addlInfo);
-    if (end - pos < static_cast(sz)) return nullptr;
-    switch (sz) {
-        case 1:
-            *pos++ = type | static_cast(addlInfo);
-            return pos;
-        case 2:
-            *pos++ = type | ONE_BYTE_LENGTH;
-            *pos++ = static_cast(addlInfo);
-            return pos;
-        case 3:
-            *pos++ = type | TWO_BYTE_LENGTH;
-            return writeBigEndian(static_cast(addlInfo), pos);
-        case 5:
-            *pos++ = type | FOUR_BYTE_LENGTH;
-            return writeBigEndian(static_cast(addlInfo), pos);
-        case 9:
-            *pos++ = type | EIGHT_BYTE_LENGTH;
-            return writeBigEndian(addlInfo, pos);
-        default:
-            CHECK(false);  // Impossible to get here.
-            return nullptr;
-    }
-}
-
-void encodeHeader(MajorType type, uint64_t addlInfo, EncodeCallback encodeCallback) {
-    size_t sz = headerSize(addlInfo);
-    switch (sz) {
-        case 1:
-            encodeCallback(type | static_cast(addlInfo));
-            break;
-        case 2:
-            encodeCallback(type | ONE_BYTE_LENGTH);
-            encodeCallback(static_cast(addlInfo));
-            break;
-        case 3:
-            encodeCallback(type | TWO_BYTE_LENGTH);
-            writeBigEndian(static_cast(addlInfo), encodeCallback);
-            break;
-        case 5:
-            encodeCallback(type | FOUR_BYTE_LENGTH);
-            writeBigEndian(static_cast(addlInfo), encodeCallback);
-            break;
-        case 9:
-            encodeCallback(type | EIGHT_BYTE_LENGTH);
-            writeBigEndian(addlInfo, encodeCallback);
-            break;
-        default:
-            CHECK(false);  // Impossible to get here.
-    }
-}
-
-bool Item::operator==(const Item& other) const& {
-    if (type() != other.type()) return false;
-    switch (type()) {
-        case UINT:
-            return *asUint() == *(other.asUint());
-        case NINT:
-            return *asNint() == *(other.asNint());
-        case BSTR:
-            if (asBstr() != nullptr && other.asBstr() != nullptr) {
-                return *asBstr() == *(other.asBstr());
-            }
-            if (asViewBstr() != nullptr && other.asViewBstr() != nullptr) {
-                return *asViewBstr() == *(other.asViewBstr());
-            }
-            // Interesting corner case: comparing a Bstr and ViewBstr with
-            // identical contents. The function currently returns false for
-            // this case.
-            // TODO: if it should return true, this needs a deep comparison
-            return false;
-        case TSTR:
-            if (asTstr() != nullptr && other.asTstr() != nullptr) {
-                return *asTstr() == *(other.asTstr());
-            }
-            if (asViewTstr() != nullptr && other.asViewTstr() != nullptr) {
-                return *asViewTstr() == *(other.asViewTstr());
-            }
-            // Same corner case as Bstr
-            return false;
-        case ARRAY:
-            return *asArray() == *(other.asArray());
-        case MAP:
-            return *asMap() == *(other.asMap());
-        case SIMPLE:
-            return *asSimple() == *(other.asSimple());
-        case SEMANTIC:
-            return *asSemanticTag() == *(other.asSemanticTag());
-        default:
-            CHECK(false);  // Impossible to get here.
-            return false;
-    }
-}
-
-Nint::Nint(int64_t v) : mValue(v) {
-    CHECK(v < 0);
-}
-
-bool Simple::operator==(const Simple& other) const& {
-    if (simpleType() != other.simpleType()) return false;
-
-    switch (simpleType()) {
-        case BOOLEAN:
-            return *asBool() == *(other.asBool());
-        case NULL_T:
-            return true;
-        default:
-            CHECK(false);  // Impossible to get here.
-            return false;
-    }
-}
-
-uint8_t* Bstr::encode(uint8_t* pos, const uint8_t* end) const {
-    pos = encodeHeader(mValue.size(), pos, end);
-    if (!pos || end - pos < static_cast(mValue.size())) return nullptr;
-    return std::copy(mValue.begin(), mValue.end(), pos);
-}
-
-void Bstr::encodeValue(EncodeCallback encodeCallback) const {
-    for (auto c : mValue) {
-        encodeCallback(c);
-    }
-}
-
-uint8_t* ViewBstr::encode(uint8_t* pos, const uint8_t* end) const {
-    pos = encodeHeader(mView.size(), pos, end);
-    if (!pos || end - pos < static_cast(mView.size())) return nullptr;
-    return std::copy(mView.begin(), mView.end(), pos);
-}
-
-void ViewBstr::encodeValue(EncodeCallback encodeCallback) const {
-    for (auto c : mView) {
-        encodeCallback(static_cast(c));
-    }
-}
-
-uint8_t* Tstr::encode(uint8_t* pos, const uint8_t* end) const {
-    pos = encodeHeader(mValue.size(), pos, end);
-    if (!pos || end - pos < static_cast(mValue.size())) return nullptr;
-    return std::copy(mValue.begin(), mValue.end(), pos);
-}
-
-void Tstr::encodeValue(EncodeCallback encodeCallback) const {
-    for (auto c : mValue) {
-        encodeCallback(static_cast(c));
-    }
-}
-
-uint8_t* ViewTstr::encode(uint8_t* pos, const uint8_t* end) const {
-    pos = encodeHeader(mView.size(), pos, end);
-    if (!pos || end - pos < static_cast(mView.size())) return nullptr;
-    return std::copy(mView.begin(), mView.end(), pos);
-}
-
-void ViewTstr::encodeValue(EncodeCallback encodeCallback) const {
-    for (auto c : mView) {
-        encodeCallback(static_cast(c));
-    }
-}
-
-bool Array::operator==(const Array& other) const& {
-    return size() == other.size()
-           // Can't use vector::operator== because the contents are pointers.  std::equal lets us
-           // provide a predicate that does the dereferencing.
-           && std::equal(mEntries.begin(), mEntries.end(), other.mEntries.begin(),
-                         [](auto& a, auto& b) -> bool { return *a == *b; });
-}
-
-uint8_t* Array::encode(uint8_t* pos, const uint8_t* end) const {
-    pos = encodeHeader(size(), pos, end);
-    if (!pos) return nullptr;
-    for (auto& entry : mEntries) {
-        pos = entry->encode(pos, end);
-        if (!pos) return nullptr;
-    }
-    return pos;
-}
-
-void Array::encode(EncodeCallback encodeCallback) const {
-    encodeHeader(size(), encodeCallback);
-    for (auto& entry : mEntries) {
-        entry->encode(encodeCallback);
-    }
-}
-
-std::unique_ptr Array::clone() const {
-    auto res = std::make_unique();
-    for (size_t i = 0; i < mEntries.size(); i++) {
-        res->add(mEntries[i]->clone());
-    }
-    return res;
-}
-
-bool Map::operator==(const Map& other) const& {
-    return size() == other.size()
-           // Can't use vector::operator== because the contents are pairs of pointers.  std::equal
-           // lets us provide a predicate that does the dereferencing.
-           && std::equal(begin(), end(), other.begin(), [](auto& a, auto& b) {
-                  return *a.first == *b.first && *a.second == *b.second;
-              });
-}
-
-uint8_t* Map::encode(uint8_t* pos, const uint8_t* end) const {
-    pos = encodeHeader(size(), pos, end);
-    if (!pos) return nullptr;
-    for (auto& entry : mEntries) {
-        pos = entry.first->encode(pos, end);
-        if (!pos) return nullptr;
-        pos = entry.second->encode(pos, end);
-        if (!pos) return nullptr;
-    }
-    return pos;
-}
-
-void Map::encode(EncodeCallback encodeCallback) const {
-    encodeHeader(size(), encodeCallback);
-    for (auto& entry : mEntries) {
-        entry.first->encode(encodeCallback);
-        entry.second->encode(encodeCallback);
-    }
-}
-
-bool Map::keyLess(const Item* a, const Item* b) {
-    // CBOR map canonicalization rules are:
-
-    // 1. If two keys have different lengths, the shorter one sorts earlier.
-    if (a->encodedSize() < b->encodedSize()) return true;
-    if (a->encodedSize() > b->encodedSize()) return false;
-
-    // 2. If two keys have the same length, the one with the lower value in (byte-wise) lexical
-    // order sorts earlier.  This requires encoding both items.
-    auto encodedA = a->encode();
-    auto encodedB = b->encode();
-
-    return std::lexicographical_compare(encodedA.begin(), encodedA.end(),  //
-                                        encodedB.begin(), encodedB.end());
-}
-
-void recursivelyCanonicalize(std::unique_ptr& item) {
-    switch (item->type()) {
-        case UINT:
-        case NINT:
-        case BSTR:
-        case TSTR:
-        case SIMPLE:
-            return;
-
-        case ARRAY:
-            std::for_each(item->asArray()->begin(), item->asArray()->end(),
-                          recursivelyCanonicalize);
-            return;
-
-        case MAP:
-            item->asMap()->canonicalize(true /* recurse */);
-            return;
-
-        case SEMANTIC:
-            // This can't happen.  SemanticTags delegate their type() method to the contained Item's
-            // type.
-            assert(false);
-            return;
-    }
-}
-
-Map& Map::canonicalize(bool recurse) & {
-    if (recurse) {
-        for (auto& entry : mEntries) {
-            recursivelyCanonicalize(entry.first);
-            recursivelyCanonicalize(entry.second);
-        }
-    }
-
-    if (size() < 2 || mCanonicalized) {
-        // Trivially or already canonical; do nothing.
-        return *this;
-    }
-
-    std::sort(begin(), end(),
-              [](auto& a, auto& b) { return keyLess(a.first.get(), b.first.get()); });
-    mCanonicalized = true;
-    return *this;
-}
-
-std::unique_ptr Map::clone() const {
-    auto res = std::make_unique();
-    for (auto& [key, value] : *this) {
-        res->add(key->clone(), value->clone());
-    }
-    res->mCanonicalized = mCanonicalized;
-    return res;
-}
-
-std::unique_ptr SemanticTag::clone() const {
-    return std::make_unique(mValue, mTaggedItem->clone());
-}
-
-uint8_t* SemanticTag::encode(uint8_t* pos, const uint8_t* end) const {
-    // Can't use the encodeHeader() method that calls type() to get the major type, since that will
-    // return the tagged Item's type.
-    pos = ::cppbor::encodeHeader(kMajorType, mValue, pos, end);
-    if (!pos) return nullptr;
-    return mTaggedItem->encode(pos, end);
-}
-
-void SemanticTag::encode(EncodeCallback encodeCallback) const {
-    // Can't use the encodeHeader() method that calls type() to get the major type, since that will
-    // return the tagged Item's type.
-    ::cppbor::encodeHeader(kMajorType, mValue, encodeCallback);
-    mTaggedItem->encode(encodeCallback);
-}
-
-size_t SemanticTag::semanticTagCount() const {
-    size_t levelCount = 1;  // Count this level.
-    const SemanticTag* cur = this;
-    while (cur->mTaggedItem && (cur = cur->mTaggedItem->asSemanticTag()) != nullptr) ++levelCount;
-    return levelCount;
-}
-
-uint64_t SemanticTag::semanticTag(size_t nesting) const {
-    // Getting the value of a specific nested tag is a bit tricky, because we start with the outer
-    // tag and don't know how many are inside.  We count the number of nesting levels to find out
-    // how many there are in total, then to get the one we want we have to walk down levelCount -
-    // nesting steps.
-    size_t levelCount = semanticTagCount();
-    if (nesting >= levelCount) return 0;
-
-    levelCount -= nesting;
-    const SemanticTag* cur = this;
-    while (--levelCount > 0) cur = cur->mTaggedItem->asSemanticTag();
-
-    return cur->mValue;
-}
-
-string prettyPrint(const Item* item, size_t maxBStrSize, const vector& mapKeysToNotPrint) {
-    string out;
-    prettyPrintInternal(item, out, 0, maxBStrSize, mapKeysToNotPrint);
-    return out;
-}
-string prettyPrint(const vector& encodedCbor, size_t maxBStrSize,
-                   const vector& mapKeysToNotPrint) {
-    auto [item, _, message] = parse(encodedCbor);
-    if (item == nullptr) {
-#ifndef __TRUSTY__
-        LOG(ERROR) << "Data to pretty print is not valid CBOR: " << message;
-#endif  // __TRUSTY__
-        return "";
-    }
-
-    return prettyPrint(item.get(), maxBStrSize, mapKeysToNotPrint);
-}
-
-}  // namespace cppbor
diff --git a/ProvisioningTool/src/cppbor_parse.cpp b/ProvisioningTool/src/cppbor_parse.cpp
deleted file mode 100644
index b1803310..00000000
--- a/ProvisioningTool/src/cppbor_parse.cpp
+++ /dev/null
@@ -1,389 +0,0 @@
-/*
- * Copyright 2019 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include "cppbor/cppbor_parse.h"
-
-#include 
-
-#if !defined( __TRUSTY__) && !defined(__LINUX__)
-#include 
-#define LOG_TAG "CppBor"
-#else
-#define CHECK(x) (void)(x)
-#endif
-
-namespace cppbor {
-
-namespace {
-
-std::string insufficientLengthString(size_t bytesNeeded, size_t bytesAvail,
-                                     const std::string& type) {
-    char buf[1024];
-    snprintf(buf, sizeof(buf), "Need %zu byte(s) for %s, have %zu.", bytesNeeded, type.c_str(),
-             bytesAvail);
-    return std::string(buf);
-}
-
-template >>
-std::tuple parseLength(const uint8_t* pos, const uint8_t* end,
-                                                       ParseClient* parseClient) {
-    if (pos + sizeof(T) > end) {
-        parseClient->error(pos - 1, insufficientLengthString(sizeof(T), end - pos, "length field"));
-        return {false, 0, pos};
-    }
-
-    const uint8_t* intEnd = pos + sizeof(T);
-    T result = 0;
-    do {
-        result = static_cast((result << 8) | *pos++);
-    } while (pos < intEnd);
-    return {true, result, pos};
-}
-
-std::tuple parseRecursively(const uint8_t* begin, const uint8_t* end,
-                                                          bool emitViews, ParseClient* parseClient);
-
-std::tuple handleUint(uint64_t value, const uint8_t* hdrBegin,
-                                                    const uint8_t* hdrEnd,
-                                                    ParseClient* parseClient) {
-    std::unique_ptr item = std::make_unique(value);
-    return {hdrEnd,
-            parseClient->item(item, hdrBegin, hdrEnd /* valueBegin */, hdrEnd /* itemEnd */)};
-}
-
-std::tuple handleNint(uint64_t value, const uint8_t* hdrBegin,
-                                                    const uint8_t* hdrEnd,
-                                                    ParseClient* parseClient) {
-    if (value > std::numeric_limits::max()) {
-        parseClient->error(hdrBegin, "NINT values that don't fit in int64_t are not supported.");
-        return {hdrBegin, nullptr /* end parsing */};
-    }
-    std::unique_ptr item = std::make_unique(-1 - static_cast(value));
-    return {hdrEnd,
-            parseClient->item(item, hdrBegin, hdrEnd /* valueBegin */, hdrEnd /* itemEnd */)};
-}
-
-std::tuple handleBool(uint64_t value, const uint8_t* hdrBegin,
-                                                    const uint8_t* hdrEnd,
-                                                    ParseClient* parseClient) {
-    std::unique_ptr item = std::make_unique(value == TRUE);
-    return {hdrEnd,
-            parseClient->item(item, hdrBegin, hdrEnd /* valueBegin */, hdrEnd /* itemEnd */)};
-}
-
-std::tuple handleNull(const uint8_t* hdrBegin, const uint8_t* hdrEnd,
-                                                    ParseClient* parseClient) {
-    std::unique_ptr item = std::make_unique();
-    return {hdrEnd,
-            parseClient->item(item, hdrBegin, hdrEnd /* valueBegin */, hdrEnd /* itemEnd */)};
-}
-
-template 
-std::tuple handleString(uint64_t length, const uint8_t* hdrBegin,
-                                                      const uint8_t* valueBegin, const uint8_t* end,
-                                                      const std::string& errLabel,
-                                                      ParseClient* parseClient) {
-    if (end - valueBegin < static_cast(length)) {
-        parseClient->error(hdrBegin, insufficientLengthString(length, end - valueBegin, errLabel));
-        return {hdrBegin, nullptr /* end parsing */};
-    }
-
-    std::unique_ptr item = std::make_unique(valueBegin, valueBegin + length);
-    return {valueBegin + length,
-            parseClient->item(item, hdrBegin, valueBegin, valueBegin + length)};
-}
-
-class IncompleteItem {
-  public:
-    virtual ~IncompleteItem() {}
-    virtual void add(std::unique_ptr item) = 0;
-};
-
-class IncompleteArray : public Array, public IncompleteItem {
-  public:
-    explicit IncompleteArray(size_t size) : mSize(size) {}
-
-    // We return the "complete" size, rather than the actual size.
-    size_t size() const override { return mSize; }
-
-    void add(std::unique_ptr item) override {
-        mEntries.reserve(mSize);
-        mEntries.push_back(std::move(item));
-    }
-
-  private:
-    size_t mSize;
-};
-
-class IncompleteMap : public Map, public IncompleteItem {
-  public:
-    explicit IncompleteMap(size_t size) : mSize(size) {}
-
-    // We return the "complete" size, rather than the actual size.
-    size_t size() const override { return mSize; }
-
-    void add(std::unique_ptr item) override {
-        if (mKeyHeldForAdding) {
-            mEntries.reserve(mSize);
-            mEntries.push_back({std::move(mKeyHeldForAdding), std::move(item)});
-        } else {
-            mKeyHeldForAdding = std::move(item);
-        }
-    }
-
-  private:
-    std::unique_ptr mKeyHeldForAdding;
-    size_t mSize;
-};
-
-class IncompleteSemanticTag : public SemanticTag, public IncompleteItem {
-  public:
-    explicit IncompleteSemanticTag(uint64_t value) : SemanticTag(value) {}
-
-    // We return the "complete" size, rather than the actual size.
-    size_t size() const override { return 1; }
-
-    void add(std::unique_ptr item) override { mTaggedItem = std::move(item); }
-};
-
-std::tuple handleEntries(size_t entryCount, const uint8_t* hdrBegin,
-                                                       const uint8_t* pos, const uint8_t* end,
-                                                       const std::string& typeName,
-                                                       bool emitViews,
-                                                       ParseClient* parseClient) {
-    while (entryCount > 0) {
-        --entryCount;
-        if (pos == end) {
-            parseClient->error(hdrBegin, "Not enough entries for " + typeName + ".");
-            return {hdrBegin, nullptr /* end parsing */};
-        }
-        std::tie(pos, parseClient) = parseRecursively(pos, end, emitViews, parseClient);
-        if (!parseClient) return {hdrBegin, nullptr};
-    }
-    return {pos, parseClient};
-}
-
-std::tuple handleCompound(
-        std::unique_ptr item, uint64_t entryCount, const uint8_t* hdrBegin,
-        const uint8_t* valueBegin, const uint8_t* end, const std::string& typeName,
-        bool emitViews, ParseClient* parseClient) {
-    parseClient =
-            parseClient->item(item, hdrBegin, valueBegin, valueBegin /* don't know the end yet */);
-    if (!parseClient) return {hdrBegin, nullptr};
-
-    const uint8_t* pos;
-    std::tie(pos, parseClient) =
-            handleEntries(entryCount, hdrBegin, valueBegin, end, typeName, emitViews, parseClient);
-    if (!parseClient) return {hdrBegin, nullptr};
-
-    return {pos, parseClient->itemEnd(item, hdrBegin, valueBegin, pos)};
-}
-
-std::tuple parseRecursively(const uint8_t* begin, const uint8_t* end,
-                                                          bool emitViews, ParseClient* parseClient) {
-    const uint8_t* pos = begin;
-
-    MajorType type = static_cast(*pos & 0xE0);
-    uint8_t tagInt = *pos & 0x1F;
-    ++pos;
-
-    bool success = true;
-    uint64_t addlData;
-    if (tagInt < ONE_BYTE_LENGTH) {
-        addlData = tagInt;
-    } else if (tagInt > EIGHT_BYTE_LENGTH) {
-        parseClient->error(
-                begin,
-                "Reserved additional information value or unsupported indefinite length item.");
-        return {begin, nullptr};
-    } else {
-        switch (tagInt) {
-            case ONE_BYTE_LENGTH:
-                std::tie(success, addlData, pos) = parseLength(pos, end, parseClient);
-                break;
-
-            case TWO_BYTE_LENGTH:
-                std::tie(success, addlData, pos) = parseLength(pos, end, parseClient);
-                break;
-
-            case FOUR_BYTE_LENGTH:
-                std::tie(success, addlData, pos) = parseLength(pos, end, parseClient);
-                break;
-
-            case EIGHT_BYTE_LENGTH:
-                std::tie(success, addlData, pos) = parseLength(pos, end, parseClient);
-                break;
-
-            default:
-                CHECK(false);  //  It's impossible to get here
-                break;
-        }
-    }
-
-    if (!success) return {begin, nullptr};
-
-    switch (type) {
-        case UINT:
-            return handleUint(addlData, begin, pos, parseClient);
-
-        case NINT:
-            return handleNint(addlData, begin, pos, parseClient);
-
-        case BSTR:
-            if (emitViews) {
-                return handleString(addlData, begin, pos, end, "byte string", parseClient);
-            } else {
-                return handleString(addlData, begin, pos, end, "byte string", parseClient);
-            }
-
-        case TSTR:
-            if (emitViews) {
-                return handleString(addlData, begin, pos, end, "text string", parseClient);
-            } else {
-                return handleString(addlData, begin, pos, end, "text string", parseClient);
-            }
-
-        case ARRAY:
-            return handleCompound(std::make_unique(addlData), addlData, begin, pos,
-                                  end, "array", emitViews, parseClient);
-
-        case MAP:
-            return handleCompound(std::make_unique(addlData), addlData * 2, begin,
-                                  pos, end, "map", emitViews, parseClient);
-
-        case SEMANTIC:
-            return handleCompound(std::make_unique(addlData), 1, begin, pos,
-                                  end, "semantic", emitViews, parseClient);
-
-        case SIMPLE:
-            switch (addlData) {
-                case TRUE:
-                case FALSE:
-                    return handleBool(addlData, begin, pos, parseClient);
-                case NULL_V:
-                    return handleNull(begin, pos, parseClient);
-                default:
-                    parseClient->error(begin, "Unsupported floating-point or simple value.");
-                    return {begin, nullptr};
-            }
-    }
-    CHECK(false);  // Impossible to get here.
-    return {};
-}
-
-class FullParseClient : public ParseClient {
-  public:
-    virtual ParseClient* item(std::unique_ptr& item, const uint8_t*, const uint8_t*,
-                              const uint8_t* end) override {
-        if (mParentStack.empty() && !item->isCompound()) {
-            // This is the first and only item.
-            mTheItem = std::move(item);
-            mPosition = end;
-            return nullptr;  //  We're done.
-        }
-
-        if (item->isCompound()) {
-            // Starting a new compound data item, i.e. a new parent.  Save it on the parent stack.
-            // It's safe to save a raw pointer because the unique_ptr is guaranteed to stay in
-            // existence until the corresponding itemEnd() call.
-            mParentStack.push(item.get());
-            return this;
-        } else {
-            appendToLastParent(std::move(item));
-            return this;
-        }
-    }
-
-    virtual ParseClient* itemEnd(std::unique_ptr& item, const uint8_t*, const uint8_t*,
-                                 const uint8_t* end) override {
-        CHECK(item->isCompound() && item.get() == mParentStack.top());
-        mParentStack.pop();
-
-        if (mParentStack.empty()) {
-            mTheItem = std::move(item);
-            mPosition = end;
-            return nullptr;  // We're done
-        } else {
-            appendToLastParent(std::move(item));
-            return this;
-        }
-    }
-
-    virtual void error(const uint8_t* position, const std::string& errorMessage) override {
-        mPosition = position;
-        mErrorMessage = errorMessage;
-    }
-
-    std::tuple /* result */, const uint8_t* /* newPos */,
-               std::string /* errMsg */>
-    parseResult() {
-        std::unique_ptr p = std::move(mTheItem);
-        return {std::move(p), mPosition, std::move(mErrorMessage)};
-    }
-
-  private:
-    void appendToLastParent(std::unique_ptr item) {
-        auto parent = mParentStack.top();
-//#if __has_feature(cxx_rtti)
-        assert(dynamic_cast(parent));
-//#endif
-
-        IncompleteItem* parentItem{};
-        if (parent->type() == ARRAY) {
-            parentItem = static_cast(parent);
-        } else if (parent->type() == MAP) {
-            parentItem = static_cast(parent);
-        } else if (parent->asSemanticTag()) {
-            parentItem = static_cast(parent);
-        } else {
-            CHECK(false);  // Impossible to get here.
-        }
-        parentItem->add(std::move(item));
-    }
-
-    std::unique_ptr mTheItem;
-    std::stack mParentStack;
-    const uint8_t* mPosition = nullptr;
-    std::string mErrorMessage;
-};
-
-}  // anonymous namespace
-
-void parse(const uint8_t* begin, const uint8_t* end, ParseClient* parseClient) {
-    parseRecursively(begin, end, false, parseClient);
-}
-
-std::tuple /* result */, const uint8_t* /* newPos */,
-           std::string /* errMsg */>
-parse(const uint8_t* begin, const uint8_t* end) {
-    FullParseClient parseClient;
-    parse(begin, end, &parseClient);
-    return parseClient.parseResult();
-}
-
-void parseWithViews(const uint8_t* begin, const uint8_t* end, ParseClient* parseClient) {
-    parseRecursively(begin, end, true, parseClient);
-}
-
-std::tuple /* result */, const uint8_t* /* newPos */,
-           std::string /* errMsg */>
-parseWithViews(const uint8_t* begin, const uint8_t* end) {
-    FullParseClient parseClient;
-    parseWithViews(begin, end, &parseClient);
-    return parseClient.parseResult();
-}
-
-}  // namespace cppbor
diff --git a/ProvisioningTool/src/provision.cpp b/ProvisioningTool/src/provision.cpp
deleted file mode 100644
index bf3f96e8..00000000
--- a/ProvisioningTool/src/provision.cpp
+++ /dev/null
@@ -1,343 +0,0 @@
-/*
- **
- ** Copyright 2021, The Android Open Source Project
- **
- ** Licensed under the Apache License, Version 2.0 (the "License");
- ** you may not use this file except in compliance with the License.
- ** You may obtain a copy of the License at
- **
- **     http://www.apache.org/licenses/LICENSE-2.0
- **
- ** Unless required by applicable law or agreed to in writing, software
- ** distributed under the License is distributed on an "AS IS" BASIS,
- ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- ** See the License for the specific language governing permissions and
- ** limitations under the License.
- */
-#include 
-#include 
-#include 
-#include 
-#include "socket.h"
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-
-enum ProvisionStatus {
-    NOT_PROVISIONED = 0x00,
-    PROVISION_STATUS_ATTESTATION_KEY = 0x01,
-    PROVISION_STATUS_ATTESTATION_CERT_CHAIN = 0x02,
-    PROVISION_STATUS_ATTESTATION_CERT_PARAMS = 0x04,
-    PROVISION_STATUS_ATTEST_IDS = 0x08,
-    PROVISION_STATUS_PRESHARED_SECRET = 0x10,
-    PROVISION_STATUS_PROVISIONING_LOCKED = 0x20,
-};
-
-std::string provisionStatusApdu = hex2str("80074000000000");
-std::string lockProvisionApdu = hex2str("80064000000000");
-
-Json::Value root;
-static double keymasterVersion = -1;
-static std::string inputFileName;
-using cppbor::Item;
-using cppbor::Array;
-using cppbor::Uint;
-using cppbor::MajorType;
-
-// static function declarations
-static uint16_t getApduStatus(std::vector& inputData);
-static int sendData(std::shared_ptr& pSocket, std::string input, std::vector& response);
-static int provisionData(std::shared_ptr& pSocket, const char* jsonKey);
-static int provisionData(std::shared_ptr& pSocket, std::string apdu, std::vector& response);
-static int getUint64(const std::unique_ptr &item, const uint32_t pos, uint64_t &value);
-
-
-// Print usage.
-void usage() {
-    printf("Usage: Please consturcture the apdu(s) with help of construct apdu tool and pass the output file to this utility.\n"); 
-    printf("provision [options]\n");
-    printf("Valid options are:\n");
-    printf("-h, --help    show this help message and exit.\n");
-    printf("-v, --km_version version \t Version of the keymaster(4.1 for keymaster; 5 for keymint \n");
-    printf("-i, --input  jsonFile \t Input json file \n");
-    printf("-s, --provision_status jsonFile \t Gets the provision status of applet. \n");
-    printf("-l, --lock_provision jsonFile \t Gets the provision status of applet. \n");
-
-}
-
-static uint16_t getApduStatus(std::vector& inputData) {
-    // Last two bytes are the status SW0SW1
-    uint8_t SW0 = inputData.at(inputData.size() - 2); 
-    uint8_t SW1 = inputData.at(inputData.size() - 1); 
-    return (SW0 << 8 | SW1);
-}
-
-static int sendData(std::shared_ptr& pSocket, std::string input, std::vector& response) {
-
-    std::vector apdu(input.begin(), input.end());
-
-    if(!pSocket->sendData(apdu, response)) {
-        std::cout << "Failed to provision attestation key" << std::endl;
-        return FAILURE;
-    }
-
-    // Response size should be greater than 2. Cbor output data followed by two bytes of APDU
-    // status.
-    if ((response.size() <= 2) || (getApduStatus(response) != APDU_RESP_STATUS_OK)) {
-        printf("\n Received error response with error: %d\n", getApduStatus(response));
-        return FAILURE;
-    }
-    // remove the status bytes
-    response.pop_back();
-    response.pop_back();
-    return SUCCESS;
-}
-
-int getUint64(const std::unique_ptr &item, const uint32_t pos, uint64_t &value) {
-    Array *arr = nullptr;
-
-    if (MajorType::ARRAY != item.get()->type()) {
-        return FAILURE;
-    }
-    arr = const_cast(item.get()->asArray());
-    if (arr->size() < (pos + 1)) {
-        return FAILURE;
-    }
-    std::unique_ptr subItem = std::move((*arr)[pos]);
-    const Uint* uintVal = subItem.get()->asUint();
-    value = uintVal->value();
-    return SUCCESS;
-}
-
-
-uint64_t unmaskPowerResetFlag(uint64_t errorCode) {
-    bool isSeResetOccurred = (0 != (errorCode & SE_POWER_RESET_STATUS_FLAG));
-
-    if (isSeResetOccurred) {
-        printf("\n Secure element reset happened\n");
-        errorCode &= ~SE_POWER_RESET_STATUS_FLAG;
-    }
-    return errorCode;
-}
-
-int provisionData(std::shared_ptr& pSocket, std::string apdu, std::vector& response) {
-    if (SUCCESS != sendData(pSocket, apdu, response)) {
-        return FAILURE;
-    }
-    auto [item, pos, message] = cppbor::parse(response);
-    if(item != nullptr) {
-        uint64_t err;
-        if(MajorType::ARRAY == item.get()->type()) {
-            if(SUCCESS != getUint64(item, 0, err)) {
-                printf("\n Failed to parse the error code \n");
-                return FAILURE;
-            }
-        } else if (MajorType::UINT == item.get()->type()) {
-            const Uint* uintVal = item.get()->asUint();
-            err = uintVal->value();
-        }
-        err = unmaskPowerResetFlag(err);
-        if (err != 0) {
-            printf("\n Failed with error:%ld", err);
-            return FAILURE;
-        }
-    } else {
-        printf("\n Failed to parse the response\n");
-        return FAILURE;
-    }
-    return SUCCESS;
-}
-
-int provisionData(std::shared_ptr& pSocket, const char* jsonKey) {
-    std::vector response;
-    Json::Value val = root.get(jsonKey, Json::Value::nullRef);
-    if (!val.isNull()) {
-        if (val.isString()) {
-            if (SUCCESS != provisionData(pSocket, hex2str(val.asString()), response)) {
-                printf("\n Error while provisioning %s \n", jsonKey);
-                return FAILURE;
-            }
-        } else {
-            printf("\n Fail: Expected (%s) tag value is string. \n", jsonKey);
-            return FAILURE;
-        }
-    }
-    printf("\n Successfully provisioned %s \n", jsonKey);
-    return SUCCESS;
-}
-
-int openConnection(std::shared_ptr& pSocket) {
-    if (!pSocket->isConnected()) {
-        if (!pSocket->openConnection())
-            return FAILURE;
-    } else {
-        printf("\n Socket already opened.\n");
-    }
-    return SUCCESS;
-} 
-
-// Parses the input json file. Sends the apdus to JCServer.
-int processInputFile() {
-
-    if (keymasterVersion != KEYMASTER_VERSION_4_1 && keymasterVersion != KEYMASTER_VERSION_4_0) {
-        printf("\n Error unknown version.\n");
-        usage();
-        return FAILURE;
-    }
-    // Parse Json file
-    if (0 != readJsonFile(root, inputFileName)) {
-        return FAILURE;
-    }
-    std::shared_ptr pSocket = SocketTransport::getInstance();
-    if (SUCCESS != openConnection(pSocket)) {
-        printf("\n Failed to open connection \n");
-        return FAILURE;
-    }
-    std::vector response;
-
-    printf("\n Selected Keymaster version(%f) for provisioning \n", keymasterVersion);
-    if (0 != provisionData(pSocket, kAttestKey) ||
-        0 != provisionData(pSocket, kAttestCertChain) ||
-        0 != provisionData(pSocket, kAttestationIds) ||
-        0 != provisionData(pSocket, kSharedSecret) ||
-        0 != provisionData(pSocket, kBootParams)) {
-        return FAILURE;
-    }
-    return SUCCESS;
-}
-
-int lockProvision() {
-    std::vector response;
-    std::shared_ptr pSocket = SocketTransport::getInstance();
-    if (SUCCESS != openConnection(pSocket)) {
-        printf("\n Failed to open connection \n");
-        return FAILURE;
-    }
-    if (SUCCESS != provisionData(pSocket, lockProvisionApdu, response)) {
-        printf("\n Failed to lock provision.\n");
-        return FAILURE;
-    }
-    printf("\n Provision lock is successfull.\n");
-    return SUCCESS;
-}
-
-int getProvisionStatus() {
-    std::vector response;
-    std::shared_ptr pSocket = SocketTransport::getInstance();
-    if (SUCCESS != openConnection(pSocket)) {
-        printf("\n Failed to open connection \n");
-        return FAILURE;
-    }
-
-    if (SUCCESS != provisionData(pSocket, provisionStatusApdu, response)) {
-        printf("\n Failed to get provision status \n");
-        return FAILURE;
-    }
-    auto [item, pos, message] = cppbor::parse(response);
-    if(item != nullptr) {
-        uint64_t status;
-        if(SUCCESS != getUint64(item, 1, status)) {
-            printf("\n Failed to get the provision status.\n");
-            return FAILURE;
-        }
-        if ( (0 != (status & ProvisionStatus::PROVISION_STATUS_ATTESTATION_KEY)) &&
-            (0 != (status & ProvisionStatus::PROVISION_STATUS_ATTESTATION_CERT_CHAIN)) &&
-            (0 != (status & ProvisionStatus::PROVISION_STATUS_ATTESTATION_CERT_PARAMS)) &&
-            (0 != (status & ProvisionStatus::PROVISION_STATUS_PRESHARED_SECRET))) {
-                printf("\n SE is provisioned \n");
-        } else {
-            if (0 == (status & ProvisionStatus::PROVISION_STATUS_ATTESTATION_KEY)) {
-                printf("\n Attestation key is not provisioned \n");
-            }
-            if (0 == (status & ProvisionStatus::PROVISION_STATUS_ATTESTATION_CERT_CHAIN)) {
-                printf("\n Attestation certificate chain is not provisioned \n");
-            }
-            if (0 == (status & ProvisionStatus::PROVISION_STATUS_ATTESTATION_CERT_PARAMS)) {
-                printf("\n Attestation certificate params are not provisioned \n");
-            }
-            if (0 == (status & ProvisionStatus::PROVISION_STATUS_PRESHARED_SECRET)) {
-                printf("\n Shared secret is not provisioned \n");
-            }
-        }
-    } else {
-        printf("\n Fail to parse the response \n");
-        return FAILURE;
-    }
-    return SUCCESS;
-}
-
-int main(int argc, char* argv[]) {
-    int c;
-    bool provisionStatusSet = false;
-    bool lockProvisionSet = false;
-
-    struct option longOpts[] = {
-        {"km_version",  required_argument, NULL, 'v'},
-        {"input",       required_argument, NULL, 'i'},
-        {"provision_status", no_argument, NULL,  's'},
-        {"lock_provision", no_argument,   NULL,  'l'},
-        {"help",        no_argument,       NULL, 'h'},
-        {0,0,0,0}
-    };
-
-    if (argc <= 1) {
-        printf("\n Invalid command \n");
-        usage();
-        return FAILURE;
-    }
-
-    /* getopt_long stores the option index here. */
-    while ((c = getopt_long(argc, argv, ":hlsv:i:", longOpts, NULL)) != -1) {
-        switch(c) {
-            case 'v':
-                // keymaster version
-                keymasterVersion = atof(optarg);
-                std::cout << "Version: " << keymasterVersion << std::endl;
-                break;
-            case 'i':
-                // input file
-                inputFileName = std::string(optarg);
-                std::cout << "input file: " << inputFileName << std::endl;
-                break;
-            case 's':
-                provisionStatusSet = true;
-                break;
-            case 'l':
-                lockProvisionSet = true;
-                break;
-            case 'h':
-                // help
-                usage();
-                return SUCCESS;
-            case ':':
-                printf("\n Required arguments missing.\n");
-                usage();
-                return FAILURE;
-            case '?':
-            default:
-                printf("\n Invalid option\n");
-                usage();
-                return FAILURE;
-        }
-    }
-    // Process input file; send apuds to JCServer over socket.
-    if (argc >= 5) {
-        if (SUCCESS != processInputFile()) {
-            return FAILURE;
-        }
-    } else if (keymasterVersion != -1 || !inputFileName.empty()) {
-            printf("\n For provisioning km_version and input json file arguments are mandatory.\n");
-            usage();
-            return FAILURE;
-    }
-    if (provisionStatusSet)
-        getProvisionStatus();
-    if (lockProvisionSet)
-        lockProvision();
-    return SUCCESS;
-}
-
-
diff --git a/ProvisioningTool/src/socket.cpp b/ProvisioningTool/src/socket.cpp
deleted file mode 100644
index b85e09c5..00000000
--- a/ProvisioningTool/src/socket.cpp
+++ /dev/null
@@ -1,110 +0,0 @@
-/*
- **
- ** Copyright 2021, The Android Open Source Project
- **
- ** Licensed under the Apache License, Version 2.0 (the "License");
- ** you may not use this file except in compliance with the License.
- ** You may obtain a copy of the License at
- **
- **     http://www.apache.org/licenses/LICENSE-2.0
- **
- ** Unless required by applicable law or agreed to in writing, software
- ** distributed under the License is distributed on an "AS IS" BASIS,
- ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- ** See the License for the specific language governing permissions and
- ** limitations under the License.
- */
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include "socket.h"
-
-#define PORT 8080
-#define IPADDR "127.0.0.1"
-//#define IPADDR  "192.168.0.5"
-#define MAX_RECV_BUFFER_SIZE 2500
-
-using namespace std;
-
-SocketTransport::~SocketTransport() {
-    if (closeConnection())
-        std::cout << "Socket is closed";
-}
-
-bool SocketTransport::openConnection() {
-    struct sockaddr_in serv_addr;
-    if ((mSocket = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
-        perror("Socket ");
-        return false;
-    }
-
-    serv_addr.sin_family = AF_INET;
-    serv_addr.sin_port = htons(PORT);
-
-    // Convert IPv4 and IPv6 addresses from text to binary form
-    if (inet_pton(AF_INET, IPADDR, &serv_addr.sin_addr) <= 0) {
-        std::cout << "Invalid address/ Address not supported.";
-        return false;
-    }
-
-    if (connect(mSocket, (struct sockaddr*)&serv_addr, sizeof(serv_addr)) < 0) {
-        close(mSocket);
-        perror("Socket ");
-        return false;
-    }
-    socketStatus = true;
-    return true;
-}
-
-bool SocketTransport::sendData(const std::vector& inData, std::vector& output) {
-    uint8_t buffer[MAX_RECV_BUFFER_SIZE];
-    int count = 1;
-    while (!socketStatus && count++ < 5) {
-        sleep(1);
-        std::cout << "Trying to open socket connection... count: " << count;
-        openConnection();
-    }
-
-    if (count >= 5) {
-        std::cout << "Failed to open socket connection";
-        return false;
-    }
-
-    if (0 > send(mSocket, inData.data(), inData.size(), 0)) {
-        static int connectionResetCnt = 0; /* To avoid loop */
-        if (ECONNRESET == errno && connectionResetCnt == 0) {
-            // Connection reset. Try open socket and then sendData.
-            socketStatus = false;
-            connectionResetCnt++;
-            return sendData(inData, output);
-        }
-        std::cout << "Failed to send data over socket err: " << errno;
-        connectionResetCnt = 0;
-        return false;
-    }
-
-    ssize_t valRead = read(mSocket, buffer, MAX_RECV_BUFFER_SIZE);
-    if (0 > valRead) {
-        std::cout << "Failed to read data from socket.";
-    }
-    for (ssize_t i = 0; i < valRead; i++) {
-        output.push_back(buffer[i]);
-    }
-    return true;
-}
-
-bool SocketTransport::closeConnection() {
-    close(mSocket);
-    socketStatus = false;
-    return true;
-}
-
-bool SocketTransport::isConnected() {
-    return socketStatus;
-}
-
diff --git a/ProvisioningTool/src/utils.cpp b/ProvisioningTool/src/utils.cpp
deleted file mode 100644
index 41ad8a6c..00000000
--- a/ProvisioningTool/src/utils.cpp
+++ /dev/null
@@ -1,96 +0,0 @@
-/*
- **
- ** Copyright 2021, The Android Open Source Project
- **
- ** Licensed under the Apache License, Version 2.0 (the "License");
- ** you may not use this file except in compliance with the License.
- ** You may obtain a copy of the License at
- **
- **     http://www.apache.org/licenses/LICENSE-2.0
- **
- ** Unless required by applicable law or agreed to in writing, software
- ** distributed under the License is distributed on an "AS IS" BASIS,
- ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- ** See the License for the specific language governing permissions and
- ** limitations under the License.
- */
-#include 
-#include 
-#include 
-#include 
-
-
-constexpr char hex_value[256] = {0, 0,  0,  0,  0,  0,  0,  0, 0, 0, 0, 0, 0, 0, 0, 0,  //
-                                 0, 0,  0,  0,  0,  0,  0,  0, 0, 0, 0, 0, 0, 0, 0, 0,  //
-                                 0, 0,  0,  0,  0,  0,  0,  0, 0, 0, 0, 0, 0, 0, 0, 0,  //
-                                 0, 1,  2,  3,  4,  5,  6,  7, 8, 9, 0, 0, 0, 0, 0, 0,  // '0'..'9'
-                                 0, 10, 11, 12, 13, 14, 15, 0, 0, 0, 0, 0, 0, 0, 0, 0,  // 'A'..'F'
-                                 0, 0,  0,  0,  0,  0,  0,  0, 0, 0, 0, 0, 0, 0, 0, 0,  //
-                                 0, 10, 11, 12, 13, 14, 15, 0, 0, 0, 0, 0, 0, 0, 0, 0,  // 'a'..'f'
-                                 0, 0,  0,  0,  0,  0,  0,  0, 0, 0, 0, 0, 0, 0, 0, 0,  //
-                                 0, 0,  0,  0,  0,  0,  0,  0, 0, 0, 0, 0, 0, 0, 0, 0,  //
-                                 0, 0,  0,  0,  0,  0,  0,  0, 0, 0, 0, 0, 0, 0, 0, 0,  //
-                                 0, 0,  0,  0,  0,  0,  0,  0, 0, 0, 0, 0, 0, 0, 0, 0,  //
-                                 0, 0,  0,  0,  0,  0,  0,  0, 0, 0, 0, 0, 0, 0, 0, 0,  //
-                                 0, 0,  0,  0,  0,  0,  0,  0, 0, 0, 0, 0, 0, 0, 0, 0,  //
-                                 0, 0,  0,  0,  0,  0,  0,  0, 0, 0, 0, 0, 0, 0, 0, 0,  //
-                                 0, 0,  0,  0,  0,  0,  0,  0, 0, 0, 0, 0, 0, 0, 0, 0,  //
-                                 0, 0,  0,  0,  0,  0,  0,  0, 0, 0, 0, 0, 0, 0, 0, 0};
-
-std::string getHexString(std::vector& input) { 
-   std::stringstream ss;
-   for (auto b : input) {
-       ss << std::setw(2) << std::setfill('0') << std::hex << (int) (b & 0xFF);
-   }
-   return ss.str();
-}
-
-
-std::string hex2str(std::string a) { 
-    std::string b;
-    size_t num = a.size() / 2;
-    b.resize(num);
-    for (size_t i = 0; i < num; i++) {
-        b[i] = (hex_value[a[i * 2] & 0xFF] << 4) + (hex_value[a[i * 2 + 1] & 0xFF]);
-    }    
-    return b;
-}
-
-
-// Parses the json file and returns 0 if success; otherwise 1.
-int readJsonFile(Json::Value& root, std::string& inputFileName) {
-    Json::CharReaderBuilder builder;
-    std::string errorMessage;
-
-    if(!root.empty()) {
-        printf("\n Already parsed \n");
-        return 1;
-    }
-    std::ifstream stream(inputFileName);
-    if (Json::parseFromStream(builder, stream, &root, &errorMessage)) {
-        printf("\n Parsed json file successfully.\n");
-        return 0;
-    } else {
-        printf("\n Failed to parse json file  error:%s\n", errorMessage.c_str());
-        return 1;
-    }
-}
-
-// Write the json data to the output file.
-int writeJsonFile(Json::Value& writerRoot, std::string& outputFileName) {
-    
-    std::ofstream ofs;
-    // Delete file if already exists.
-    std::remove(outputFileName.data());
-    ofs.open(outputFileName, std::ofstream::out | std::ios_base::app);
-    if (ofs.fail()) {
-        printf("\n Fail to open the output file:%s", outputFileName.c_str());
-        return FAILURE;
-    }
-
-    Json::StyledWriter styledWriter;
-    ofs << styledWriter.write(writerRoot);
-
-    ofs.close();
-    return SUCCESS;
-}
\ No newline at end of file
diff --git a/ProvisioningTool/test_resources/batch_key.der b/ProvisioningTool/test_resources/batch_key.der
index d7de570568afc8a92caf17af1534ec93872749e3..f490207337bc76f637d018d63e19616e2fc4c7eb 100644
GIT binary patch
delta 25
gcmeBTtYk7MpD3@&vw(|@L#xf>oGmjW`$QKv096wPZ~y=R

delta 41
tcmb>IVw5*%Y-eI*Fc4;A*J|@PXUoLM#sOw9GqSVf8e~soQk`h*1^~r^37-G}

diff --git a/aosp_integration_patches/cts_tests_tests_keystore.patch b/aosp_integration_patches/cts_tests_tests_keystore.patch
deleted file mode 100644
index 85ffb05c..00000000
--- a/aosp_integration_patches/cts_tests_tests_keystore.patch
+++ /dev/null
@@ -1,176 +0,0 @@
-diff --git a/tests/tests/keystore/src/android/keystore/cts/AttestKeyTest.java b/tests/tests/keystore/src/android/keystore/cts/AttestKeyTest.java
-index 0f064b645fd..452c034fcb0 100644
---- a/tests/tests/keystore/src/android/keystore/cts/AttestKeyTest.java
-+++ b/tests/tests/keystore/src/android/keystore/cts/AttestKeyTest.java
-@@ -144,7 +144,13 @@ public class AttestKeyTest {
-     @Test
-     public void testAttestKeySecurityLevelMismatch() throws Exception {
-         TestUtils.assumeStrongBox();
--
-+        int keyStoreFeatureVersionStrongBox =
-+                TestUtils.getFeatureVersionKeystoreStrongBox(InstrumentationRegistry.getInstrumentation().getTargetContext());     
-+        if(Attestation.KM_VERSION_KEYMASTER_4  == keyStoreFeatureVersionStrongBox
-+        	|| Attestation.KM_VERSION_KEYMASTER_4_1 == keyStoreFeatureVersionStrongBox) {
-+            return;
-+        }
-+        		
-         final String strongBoxAttestKeyAlias = "nonAttestKey";
-         final String attestedKeyAlias = "attestedKey";
-         generateKeyPair(KEY_ALGORITHM_EC,
-diff --git a/tests/tests/keystore/src/android/keystore/cts/BlockCipherTestBase.java b/tests/tests/keystore/src/android/keystore/cts/BlockCipherTestBase.java
-index ccbadf98a31..eca7b6c2abe 100644
---- a/tests/tests/keystore/src/android/keystore/cts/BlockCipherTestBase.java
-+++ b/tests/tests/keystore/src/android/keystore/cts/BlockCipherTestBase.java
-@@ -744,17 +744,27 @@ abstract class BlockCipherTestBase extends AndroidTestCase {
-         int blockSize = getBlockSize();
-         if (isStreamCipher()) {
-             // Stream cipher -- one byte in, one byte out
-+            int comparingPosition = 0;
-+            //Stream cipher -- one byte in, one byte out (unless when Strongbox is used)
-             for (int plaintextIndex = 0; plaintextIndex < plaintext.length; plaintextIndex++) {
-                 byte[] output = update(new byte[] {plaintext[plaintextIndex]});
--                assertEquals("plaintext index: " + plaintextIndex, 1, output.length);
--                assertEquals("plaintext index: " + plaintextIndex,
--                        expectedCiphertext[plaintextIndex], output[0]);
-+                if (!isStrongbox()) {
-+                    assertTrue(output != null);
-+                    assertEquals("plaintext index: " + plaintextIndex, 1, output.length);
-+                }
-+                if (output != null) {
-+                    for (int i = 0; i < output.length; ++i) {
-+                        assertEquals("ciphertext comparison position: " + comparingPosition,
-+                                expectedCiphertext[comparingPosition], output[i]);
-+                        comparingPosition += 1;
-+                    }
-+                }
-             }
-             byte[] finalOutput = doFinal();
-             byte[] expectedFinalOutput;
--            if (isAuthenticatedCipher()) {
-+            if (isAuthenticatedCipher() || (isStrongbox() && finalOutput.length != 0)) {
-                 expectedFinalOutput =
--                        subarray(expectedCiphertext, plaintext.length, expectedCiphertext.length);
-+                        subarray(expectedCiphertext, comparingPosition, expectedCiphertext.length);
-             } else {
-                 expectedFinalOutput = EmptyArray.BYTE;
-             }
-@@ -814,15 +824,28 @@ abstract class BlockCipherTestBase extends AndroidTestCase {
-             byte[] finalOutput = doFinal();
-             assertEquals(expectedPlaintext, finalOutput);
-         } else if (isStreamCipher()) {
--            // Unauthenticated stream cipher -- one byte in, one byte out
-+            int comparingPosition = 0;
-+            // Unauthenticated stream cipher -- one byte in, one byte out (unless when Strongbox is used)
-             for (int ciphertextIndex = 0; ciphertextIndex < ciphertext.length; ciphertextIndex++) {
-                 byte[] output = update(new byte[] {ciphertext[ciphertextIndex]});
--                assertEquals("ciphertext index: " + ciphertextIndex, 1, output.length);
--                assertEquals("ciphertext index: " + ciphertextIndex,
--                        expectedPlaintext[ciphertextIndex], output[0]);
-+                if (!isStrongbox()) {
-+                    assertTrue(output != null);
-+                    assertEquals("ciphertext index: " + ciphertextIndex, 1, output.length);
-+                }
-+                if (output != null) {
-+                    for (int i = 0; i < output.length; ++i) {
-+                        assertEquals("plaintext comparison position: " + comparingPosition,
-+                                expectedPlaintext[comparingPosition], output[i]);
-+                        comparingPosition += 1;
-+                    }
-+                }
-             }
-             byte[] finalOutput = doFinal();
--            assertEquals(0, finalOutput.length);
-+            int expectedPlainTextLength = 0;
-+            if (isStrongbox()) {
-+                expectedPlainTextLength = (expectedPlaintext.length - comparingPosition);
-+            }
-+            assertEquals(expectedPlainTextLength, finalOutput.length);
-         } else {
-             // Unauthenticated block cipher -- operates in full blocks only
- 
-@@ -1187,6 +1210,8 @@ abstract class BlockCipherTestBase extends AndroidTestCase {
-                 throw new AssertionFailedError("Unsupported opmode: " + opmode);
-         }
- 
-+        boolean allowZeroLengthOutput = expectedOutput.length == 0;
-+
-         int inputEndIndexInBuffer = inputOffsetInBuffer + input.length;
-         int outputEndIndexInBuffer = outputOffsetInBuffer + expectedOutput.length;
- 
-@@ -1195,15 +1220,15 @@ abstract class BlockCipherTestBase extends AndroidTestCase {
-         System.arraycopy(input, 0, buffer, inputOffsetInBuffer, input.length);
-         createCipher();
-         initKat(opmode);
--        String additionalInformation = "";
--        if (isStrongbox() && opmode == Cipher.ENCRYPT_MODE) {
--            additionalInformation = "May fail due to b/194134359";
--        }
--        assertEquals(additionalInformation, expectedOutput.length,
--                update(buffer, inputOffsetInBuffer, input.length,
--                        buffer, outputOffsetInBuffer));
--        assertEquals(expectedOutput,
--                subarray(buffer, outputOffsetInBuffer, outputEndIndexInBuffer));
-+        int bytes = update(buffer, inputOffsetInBuffer, input.length,
-+                buffer, outputOffsetInBuffer);
-+        // We make little assumptions about the size of the output. But we make sure that at least
-+        // one block was processed.
-+        assertTrue(bytes >= blockSize || (allowZeroLengthOutput && bytes == 0));
-+        // Check that all that was processed was as expected.
-+        assertEquals(subarray(expectedOutput, 0, bytes),
-+            subarray(buffer, outputOffsetInBuffer, outputOffsetInBuffer + bytes));
-+
- 
-         if (outputOffsetInBuffer == 0) {
-             // We can use the update variant which assumes that output offset is 0.
-@@ -1211,10 +1236,10 @@ abstract class BlockCipherTestBase extends AndroidTestCase {
-             System.arraycopy(input, 0, buffer, inputOffsetInBuffer, input.length);
-             createCipher();
-             initKat(opmode);
--            assertEquals(expectedOutput.length,
--                    update(buffer, inputOffsetInBuffer, input.length, buffer));
--            assertEquals(expectedOutput,
--                    subarray(buffer, outputOffsetInBuffer, outputEndIndexInBuffer));
-+            bytes = update(buffer, inputOffsetInBuffer, input.length, buffer);
-+            assertTrue(bytes >= blockSize || (allowZeroLengthOutput && bytes == 0));
-+            assertEquals(subarray(expectedOutput, 0, bytes),
-+                    subarray(buffer, outputOffsetInBuffer, outputOffsetInBuffer + bytes));
-         }
- 
-         // Test the update(ByteBuffer, ByteBuffer) variant
-@@ -1225,9 +1250,10 @@ abstract class BlockCipherTestBase extends AndroidTestCase {
-                 ByteBuffer.wrap(buffer, outputOffsetInBuffer, expectedOutput.length);
-         createCipher();
-         initKat(opmode);
--        assertEquals(expectedOutput.length, update(inputBuffer, outputBuffer));
--        assertEquals(expectedOutput,
--                subarray(buffer, outputOffsetInBuffer, outputEndIndexInBuffer));
-+        bytes = update(inputBuffer, outputBuffer);
-+        assertTrue(bytes >= blockSize || (allowZeroLengthOutput && bytes == 0));
-+        assertEquals(subarray(expectedOutput, 0, bytes),
-+                subarray(buffer, outputOffsetInBuffer, outputOffsetInBuffer + bytes));
-     }
- 
-     public void testDoFinalCopySafe() throws Exception {
-@@ -1485,16 +1511,15 @@ abstract class BlockCipherTestBase extends AndroidTestCase {
-                     0, outputLength);
-             return;
-         }
-+        /*
-+         * Strongbox implementations did not have the following restrictions.
-+         */
-+        if (isStrongbox()) return;
- 
-         if (isStreamCipher()) {
-             if (outputLength != inputLength) {
--                if (isStrongbox()) {
--                    fail("Output of update (" + outputLength + ") not same size as input ("
--                                + inputLength + ") b/194123581");
--                } else {
--                    fail("Output of update (" + outputLength + ") not same size as input ("
--                            + inputLength + ")");
--                }
-+                fail("Output of update (" + outputLength + ") not same size as input ("
-+                        + inputLength + ")");
-             }
-         } else {
-             if ((outputLength % getBlockSize()) != 0) {
diff --git a/aosp_integration_patches/device_google_cuttlefish.patch b/aosp_integration_patches/device_google_cuttlefish.patch
deleted file mode 100644
index 750eb6ff..00000000
--- a/aosp_integration_patches/device_google_cuttlefish.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-diff --git a/shared/device.mk b/shared/device.mk
-index c0b6112c7..6d9362ea4 100644
---- a/shared/device.mk
-+++ b/shared/device.mk
-@@ -576,6 +576,9 @@ endif
-  PRODUCT_PACKAGES += \
-     $(LOCAL_KEYMINT_PRODUCT_PACKAGE)
- 
-+PRODUCT_PACKAGES += \
-+    android.hardware.keymaster@4.1-strongbox.service \
-+
- # Keymint configuration
- ifneq ($(LOCAL_PREFER_VENDOR_APEX),true)
- PRODUCT_COPY_FILES += \
-diff --git a/shared/sepolicy/vendor/file_contexts b/shared/sepolicy/vendor/file_contexts
-index 55b8d964e..80732eb7b 100644
---- a/shared/sepolicy/vendor/file_contexts
-+++ b/shared/sepolicy/vendor/file_contexts
-@@ -86,6 +86,7 @@
- /vendor/bin/hw/android\.hardware\.thermal@2\.0-service\.mock  u:object_r:hal_thermal_default_exec:s0
- /vendor/bin/hw/android\.hardware\.security\.keymint-service\.remote  u:object_r:hal_keymint_remote_exec:s0
- /vendor/bin/hw/android\.hardware\.keymaster@4\.1-service.remote  u:object_r:hal_keymaster_remote_exec:s0
-+/vendor/bin/hw/android\.hardware\.keymaster@4\.1-strongbox\.service  u:object_r:hal_keymaster_strongbox_exec:s0
- /vendor/bin/hw/android\.hardware\.gatekeeper@1\.0-service.remote  u:object_r:hal_gatekeeper_remote_exec:s0
- /vendor/bin/hw/android\.hardware\.confirmationui@1\.0-service.cuttlefish  u:object_r:hal_confirmationui_cuttlefish_exec:s0
- /vendor/bin/hw/android\.hardware\.oemlock-service.example u:object_r:hal_oemlock_default_exec:s0
-diff --git a/shared/sepolicy/vendor/hal_keymaster_strongbox.te b/shared/sepolicy/vendor/hal_keymaster_strongbox.te
-new file mode 100644
-index 000000000..40cb82c3f
---- /dev/null
-+++ b/shared/sepolicy/vendor/hal_keymaster_strongbox.te
-@@ -0,0 +1,14 @@
-+type hal_keymaster_strongbox, domain;
-+hal_server_domain(hal_keymaster_strongbox, hal_keymaster)
-+
-+type hal_keymaster_strongbox_exec, exec_type, vendor_file_type, file_type;
-+init_daemon_domain(hal_keymaster_strongbox)
-+
-+vndbinder_use(hal_keymaster_strongbox)
-+get_prop(hal_keymaster_strongbox, vendor_security_patch_level_prop);
-+
-+# Allow access to sockets
-+allow hal_keymaster_strongbox self:tcp_socket { connect create write read getattr getopt setopt };
-+allow hal_keymaster_strongbox port_type:tcp_socket name_connect;
-+allow hal_keymaster_strongbox port:tcp_socket { name_connect };
-+allow hal_keymaster_strongbox vendor_data_file:file { open read getattr };
-diff --git a/shared/sepolicy/vendor/service_contexts b/shared/sepolicy/vendor/service_contexts
-index d20d026cf..214576e3e 100644
---- a/shared/sepolicy/vendor/service_contexts
-+++ b/shared/sepolicy/vendor/service_contexts
-@@ -4,6 +4,7 @@ android.hardware.neuralnetworks.IDevice/nnapi-sample_float_slow u:object_r:hal_n
- android.hardware.neuralnetworks.IDevice/nnapi-sample_minimal    u:object_r:hal_neuralnetworks_service:s0
- android.hardware.neuralnetworks.IDevice/nnapi-sample_quant    u:object_r:hal_neuralnetworks_service:s0
- android.hardware.neuralnetworks.IDevice/nnapi-sample_sl_shim  u:object_r:hal_neuralnetworks_service:s0
-+android.hardware.keymaster@4.1::IKeymasterDevice/strongbox      u:object_r:hal_keymaster_service:s0
- 
- # Binder service mappings
- gce                                       u:object_r:gce_service:s0
diff --git a/aosp_integration_patches/hardware_interfaces_keymaster.patch b/aosp_integration_patches/hardware_interfaces_keymaster.patch
deleted file mode 100644
index dd6d8326..00000000
--- a/aosp_integration_patches/hardware_interfaces_keymaster.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-diff --git a/keymaster/4.0/vts/functional/Android.bp b/keymaster/4.0/vts/functional/Android.bp
-index a7be660c4..dd91e9089 100644
---- a/keymaster/4.0/vts/functional/Android.bp
-+++ b/keymaster/4.0/vts/functional/Android.bp
-@@ -31,9 +31,11 @@ cc_test {
-         "VerificationTokenTest.cpp",
-         "keymaster_hidl_hal_test.cpp",
-     ],
-+    shared_libs: [
-+        "libcrypto",
-+    ],
-     static_libs: [
-         "android.hardware.keymaster@4.0",
--        "libcrypto_static",
-         "libkeymaster4support",
-         "libkeymaster4vtstest",
-     ],
-diff --git a/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp b/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp
-index 476eed8b1..823683d75 100644
---- a/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp
-+++ b/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp
-@@ -1079,9 +1079,12 @@ TEST_P(SigningOperationsTest, RsaPaddingNoneDoesNotAllowOther) {
-  * presented.
-  */
- TEST_P(SigningOperationsTest, NoUserConfirmation) {
--    if (SecLevel() == SecurityLevel::STRONGBOX) return;
-+    size_t key_size = 1024;
-+    if (SecLevel() == SecurityLevel::STRONGBOX){
-+        key_size = 2048;
-+    }
-     ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
--                                             .RsaSigningKey(1024, 65537)
-+                                             .RsaSigningKey(key_size, 65537)
-                                              .Digest(Digest::NONE)
-                                              .Padding(PaddingMode::NONE)
-                                              .Authorization(TAG_NO_AUTH_REQUIRED)
diff --git a/aosp_integration_patches/omapi_patches/JavacardKeymaster.patch b/aosp_integration_patches/omapi_patches/JavacardKeymaster.patch
deleted file mode 100644
index cc06ca69..00000000
--- a/aosp_integration_patches/omapi_patches/JavacardKeymaster.patch
+++ /dev/null
@@ -1,330 +0,0 @@
-diff --git a/HAL/keymaster/4.1/OmapiTransport.cpp b/HAL/keymaster/4.1/OmapiTransport.cpp
-index 5aaefc9..9466c84 100644
---- a/HAL/keymaster/4.1/OmapiTransport.cpp
-+++ b/HAL/keymaster/4.1/OmapiTransport.cpp
-@@ -14,36 +14,214 @@
-  ** See the License for the specific language governing permissions and
-  ** limitations under the License.
-  */
--#include  
--#include  
--#include  
--#include  
--#include  
-+#include 
-+#include 
-+#include 
-+#include 
-+#include 
- #include 
-+
-+#include 
-+
- #include "Transport.h"
- 
--#define PORT    8080
--#define IPADDR  "10.9.40.24"
- #define UNUSED_V(a) a=a
- 
- namespace se_transport {
- 
--bool OmapiTransport::openConnection() {
-+class SEListener : public ::aidl::android::se::omapi::BnSecureElementListener {};
-+
-+bool OmapiTransport::initialize() {
-+    std::vector readers = {};
-+
-+    LOG(DEBUG) << "Initialize the secure element connection";
-+
-+    // Get OMAPI vendor stable service handler
-+    ::ndk::SpAIBinder ks2Binder(AServiceManager_getService(omapiServiceName));
-+    omapiSeService = aidl::android::se::omapi::ISecureElementService::fromBinder(ks2Binder);
-+
-+    if (omapiSeService == nullptr) {
-+        LOG(ERROR) << "Failed to start omapiSeService null";
-+        return false;
-+    }
-+
-+    // reset readers, clear readers if already existing
-+    if (mVSReaders.size() > 0) {
-+        closeConnection();
-+    }
-+
-+    // Get available readers
-+    auto status = omapiSeService->getReaders(&readers);
-+    if (!status.isOk()) {
-+        LOG(ERROR) << "getReaders failed to get available readers: " << status.getMessage();
-+        return false;
-+    }
-+
-+    // Get SE readers handlers
-+    for (auto readerName : readers) {
-+        std::shared_ptr<::aidl::android::se::omapi::ISecureElementReader> reader;
-+        status = omapiSeService->getReader(readerName, &reader);
-+        if (!status.isOk()) {
-+            LOG(ERROR) << "getReader for " << readerName.c_str() << " Failed: "
-+                       << status.getMessage();
-+            return false;
-+        }
-+
-+        mVSReaders[readerName] = reader;
-+    }
-+
-+    // Find eSE reader, as of now assumption is only eSE available on device
-+    LOG(DEBUG) << "Finding eSE reader";
-+    eSEReader = nullptr;
-+    if (mVSReaders.size() > 0) {
-+        for (const auto& [name, reader] : mVSReaders) {
-+            if (name.find(ESE_READER_PREFIX, 0) != std::string::npos) {
-+                LOG(DEBUG) << "eSE reader found: " << name;
-+                eSEReader = reader;
-+            }
-+        }
-+    }
-+
-+    if (eSEReader == nullptr) {
-+        LOG(ERROR) << "secure element reader " << ESE_READER_PREFIX << " not found";
-+        return false;
-+    }
-+
-     return true;
- }
- 
--bool OmapiTransport::sendData(const uint8_t* inData, const size_t inLen, std::vector& output) {
--    std::vector test(inData, inData+inLen);
--    output = std::move(test);
-+bool OmapiTransport::internalTransmitApdu(
-+        std::shared_ptr reader,
-+        std::vector apdu, std::vector& transmitResponse) {
-+    std::shared_ptr session;
-+    std::shared_ptr channel;
-+    auto mSEListener = std::make_shared();
-+    std::vector selectResponse = {};
-+    std::vector SELECTABLE_AID = {0xA0, 0x00, 0x00, 0x04, 0x76, 0x41, 0x6E, 0x64,
-+        0x72, 0x6F, 0x69, 0x64, 0x43, 0x54, 0x53, 0x31};
-+
-+    LOG(DEBUG) << "internalTransmitApdu: trasmitting data to secure element";
-+
-+    if (reader == nullptr) {
-+        LOG(ERROR) << "eSE reader is null";
-+        return false;
-+    }
-+
-+    bool status = false;
-+    auto res = reader->isSecureElementPresent(&status);
-+    if (!res.isOk()) {
-+        LOG(ERROR) << "isSecureElementPresent error: " << res.getMessage();
-+        return false;
-+    }
-+    if (!status) {
-+        LOG(ERROR) << "secure element not found";
-+        return false;
-+    }
-+
-+    res = reader->openSession(&session);
-+    if (!res.isOk()) {
-+        LOG(ERROR) << "openSession error: " << res.getMessage();
-+        return false;
-+    }
-+    if (session == nullptr) {
-+        LOG(ERROR) << "Could not open session null";
-+        return false;
-+    }
-+
-+    res = session->openLogicalChannel(SELECTABLE_AID, 0x00, mSEListener, &channel);
-+    if (!res.isOk()) {
-+        LOG(ERROR) << "openLogicalChannel error: " << res.getMessage();
-+        return false;
-+    }
-+    if (channel == nullptr) {
-+        LOG(ERROR) << "Could not open channel null";
-+        return false;
-+    }
-+
-+    res = channel->getSelectResponse(&selectResponse);
-+    if (!res.isOk()) {
-+        LOG(ERROR) << "getSelectResponse error: " << res.getMessage();
-+        return false;
-+    }
-+    if (selectResponse.size() < 2) {
-+        LOG(ERROR) << "getSelectResponse size error";
-+        return false;
-+    }
-+
-+    res = channel->transmit(apdu, &transmitResponse);
-+    if (channel != nullptr) channel->close();
-+    if (session != nullptr) session->close();
-+
-+    LOG(INFO) << "STATUS OF TRNSMIT: " << res.getExceptionCode() << " Message: "
-+              << res.getMessage();
-+    if (!res.isOk()) {
-+        LOG(ERROR) << "transmit error: " << res.getMessage();
-+        return false;
-+    }
-+
-     return true;
- }
- 
-+bool OmapiTransport::openConnection() {
-+
-+    // if already conection setup done, no need to initialise it again.
-+    if (isConnected()) {
-+        return true;
-+    }
-+
-+    return initialize();
-+}
-+
-+bool OmapiTransport::sendData(const uint8_t* inData, const size_t inLen,
-+                              std::vector& output) {
-+    std::vector apdu(inData, inData+inLen);
-+
-+    if (!isConnected()) {
-+        // Try to initialize connection to eSE
-+        LOG(INFO) << "Failed to send data, try to initialize connection SE connection";
-+        if (!initialize()) {
-+            LOG(ERROR) << "Failed to send data, initialization not completed";
-+            closeConnection();
-+            return false;
-+        }
-+    }
-+
-+    if (inData == NULL) {
-+        LOG(ERROR) << "Failed to send data, APDU is null";
-+        return false;
-+    }
-+
-+    if (eSEReader != nullptr) {
-+        LOG(DEBUG) << "Sending apdu data to secure element: " << ESE_READER_PREFIX;
-+        return internalTransmitApdu(eSEReader, apdu, output);
-+    } else {
-+        LOG(ERROR) << "secure element reader " << ESE_READER_PREFIX << " not found";
-+        return false;
-+    }
-+}
-+
- bool OmapiTransport::closeConnection() {
-+    LOG(DEBUG) << "Closing all connections";
-+    if (omapiSeService != nullptr) {
-+        if (mVSReaders.size() > 0) {
-+            for (const auto& [name, reader] : mVSReaders) {
-+                reader->closeSessions();
-+            }
-+            mVSReaders.clear();
-+        }
-+    }
-     return true;
- }
- 
- bool OmapiTransport::isConnected() {
--    return true;
-+    // Check already initialization completed or not
-+    if (omapiSeService != nullptr && eSEReader != nullptr) {
-+        LOG(DEBUG) << "Connection initialization already completed";
-+        return true;
-+    }
-+
-+    LOG(DEBUG) << "Connection initialization not completed";
-+    return false;
- }
- 
- }
-diff --git a/HAL/keymaster/Android.bp b/HAL/keymaster/Android.bp
-index 9bfe7fa..33f255f 100644
---- a/HAL/keymaster/Android.bp
-+++ b/HAL/keymaster/Android.bp
-@@ -47,6 +47,8 @@ cc_binary {
-         "libjc_transport",
-         "libjc_common",
-         "libcrypto",
-+        "libbinder_ndk",
-+        "android.se.omapi-V1-ndk",
-     ],
-     required: [
-         "android.hardware.strongbox_keystore.xml",
-@@ -82,6 +84,8 @@ cc_library {
-         "android.hardware.keymaster@4.0",
-         "libjc_transport",
- 	"libcrypto",
-+        "libbinder_ndk",
-+        "android.se.omapi-V1-ndk",
-     ],
- }
- 
-@@ -100,6 +104,8 @@ cc_library {
-         "libbinder",
-         "libbase",
-         "liblog",
-+        "libbinder_ndk",
-+        "android.se.omapi-V1-ndk",
-     ],
- }
- 
-diff --git a/HAL/keymaster/include/Transport.h b/HAL/keymaster/include/Transport.h
-index c6674dc..b4f67c7 100644
---- a/HAL/keymaster/include/Transport.h
-+++ b/HAL/keymaster/include/Transport.h
-@@ -17,6 +17,16 @@
- #ifndef __SE_TRANSPORT__
- #define __SE_TRANSPORT__
- 
-+#include 
-+#include 
-+#include 
-+#include 
-+#include 
-+#include 
-+#include 
-+
-+#include 
-+
- namespace se_transport {
- 
- /**
-@@ -30,7 +40,7 @@ class ITransport {
-     /**
-      * Opens connection.
-      */
--	virtual bool openConnection() = 0;
-+      virtual bool openConnection() = 0;
-     /**
-      * Send data over communication channel and receives data back from the remote end.
-      */
-@@ -59,7 +69,7 @@ public:
-      * Gets the binder instance of ISEService, gets the reader corresponding to secure element, establishes a session
-      * and opens a basic channel.
-      */
--	bool openConnection() override;
-+      bool openConnection() override;
-     /**
-      * Transmists the data over the opened basic channel and receives the data back.
-      */
-@@ -75,6 +85,19 @@ public:
-      */
-     bool isConnected() override;
- 
-+private:
-+    std::shared_ptr omapiSeService = nullptr;
-+    std::shared_ptr eSEReader = nullptr;
-+    std::map>
-+            mVSReaders = {};
-+    std::string const ESE_READER_PREFIX = "eSE";
-+    constexpr static const char omapiServiceName[] =
-+            "android.system.omapi.ISecureElementService/default";
-+
-+    bool initialize();
-+    bool internalTransmitApdu(
-+            std::shared_ptr reader,
-+            std::vector apdu, std::vector& transmitResponse);
- };
- 
- class SocketTransport : public ITransport {
-@@ -85,7 +108,7 @@ public:
-     /**
-      * Creates a socket instance and connects to the provided server IP and port.
-      */
--	bool openConnection() override;
-+      bool openConnection() override;
-     /**
-      * Sends data over socket and receives data back.
-      */
diff --git a/aosp_integration_patches/omapi_patches/packages_apps_secureElement.patch b/aosp_integration_patches/omapi_patches/packages_apps_secureElement.patch
deleted file mode 100644
index 68879424..00000000
--- a/aosp_integration_patches/omapi_patches/packages_apps_secureElement.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-diff --git a/Android.bp b/Android.bp
-index f86ad26..afea5c6 100644
---- a/Android.bp
-+++ b/Android.bp
-@@ -42,6 +42,9 @@ android_app {
-         "src/**/*.java",
-         ":statslog-secure-element-java-gen",
-     ],
-+    vintf_fragments: [
-+        "secure_element-service.xml",
-+    ],
-     platform_apis: true,
-     certificate: "platform",
-     static_libs: ["android.hardware.secure_element-V1.0-java",
-diff --git a/res/values/config.xml b/res/values/config.xml
-index 5811b10..da6e50e 100644
---- a/res/values/config.xml
-+++ b/res/values/config.xml
-@@ -6,5 +6,5 @@
- 
-     
--    false
-+    true
- 
diff --git a/aosp_integration_patches/system_sepolicy.patch b/aosp_integration_patches/system_sepolicy.patch
deleted file mode 100644
index c2dd4c27..00000000
--- a/aosp_integration_patches/system_sepolicy.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-diff --git a/public/hal_neverallows.te b/public/hal_neverallows.te
-index cd1591009..56f3ad1c4 100644
---- a/public/hal_neverallows.te
-+++ b/public/hal_neverallows.te
-@@ -2,6 +2,7 @@
- # network capabilities
- neverallow {
-   halserverdomain
-+  -hal_keymaster_server
-   -hal_bluetooth_server
-   -hal_can_controller_server
-   -hal_wifi_server
-@@ -21,6 +22,7 @@ neverallow {
- # will result in CTS failure.
- neverallow {
-   halserverdomain
-+  -hal_keymaster_server
-   -hal_automotive_socket_exemption
-   -hal_can_controller_server
-   -hal_tetheroffload_server
-@@ -35,6 +37,7 @@ neverallow {
- 
- neverallow {
-   halserverdomain
-+  -hal_keymaster_server
-   -hal_automotive_socket_exemption
-   -hal_can_controller_server
-   -hal_tetheroffload_server
diff --git a/aosp_integration_patches_aosp_12_r15/device_google_cuttlefish.patch b/aosp_integration_patches_aosp_12_r15/device_google_cuttlefish.patch
deleted file mode 100644
index c398e917..00000000
--- a/aosp_integration_patches_aosp_12_r15/device_google_cuttlefish.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-diff --git a/shared/device.mk b/shared/device.mk
-index 8647d0175..6fc99ff94 100644
---- a/shared/device.mk
-+++ b/shared/device.mk
-@@ -538,6 +538,10 @@ endif
-  PRODUCT_PACKAGES += \
-     $(LOCAL_KEYMINT_PRODUCT_PACKAGE)
- 
-+PRODUCT_PACKAGES += \
-+    android.hardware.keymaster@4.1-strongbox.service \
-+
-+
- # Keymint configuration
- PRODUCT_COPY_FILES += \
-     frameworks/native/data/etc/android.software.device_id_attestation.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/android.software.device_id_attestation.xml
-diff --git a/shared/sepolicy/vendor/file_contexts b/shared/sepolicy/vendor/file_contexts
-index 20538a50f..553232889 100644
---- a/shared/sepolicy/vendor/file_contexts
-+++ b/shared/sepolicy/vendor/file_contexts
-@@ -88,6 +88,7 @@
- /vendor/bin/hw/android\.hardware\.thermal@2\.0-service\.mock  u:object_r:hal_thermal_default_exec:s0
- /vendor/bin/hw/android\.hardware\.security\.keymint-service\.remote  u:object_r:hal_keymint_remote_exec:s0
- /vendor/bin/hw/android\.hardware\.keymaster@4\.1-service.remote  u:object_r:hal_keymaster_remote_exec:s0
-+/vendor/bin/hw/android\.hardware\.keymaster@4\.1-strongbox\.service  u:object_r:hal_keymaster_strongbox_exec:s0
- /vendor/bin/hw/android\.hardware\.gatekeeper@1\.0-service.remote  u:object_r:hal_gatekeeper_remote_exec:s0
- /vendor/bin/hw/android\.hardware\.oemlock-service.example u:object_r:hal_oemlock_default_exec:s0
- /vendor/bin/hw/android\.hardware\.weaver-service.example u:object_r:hal_weaver_default_exec:s0
-diff --git a/shared/sepolicy/vendor/hal_keymaster_strongbox.te b/shared/sepolicy/vendor/hal_keymaster_strongbox.te
-new file mode 100644
-index 000000000..1412e07fd
---- /dev/null
-+++ b/shared/sepolicy/vendor/hal_keymaster_strongbox.te
-@@ -0,0 +1,15 @@
-+type hal_keymaster_strongbox, domain;
-+hal_server_domain(hal_keymaster_strongbox, hal_keymaster)
-+
-+type hal_keymaster_strongbox_exec, exec_type, vendor_file_type, file_type;
-+init_daemon_domain(hal_keymaster_strongbox)
-+
-+vndbinder_use(hal_keymaster_strongbox)
-+get_prop(hal_keymaster_strongbox, vendor_security_patch_level_prop);
-+
-+# Allow access to sockets
-+allow hal_keymaster_strongbox self:tcp_socket { connect create write read getattr getopt setopt };
-+allow hal_keymaster_strongbox port_type:tcp_socket name_connect;
-+allow hal_keymaster_strongbox port:tcp_socket { name_connect };
-+allow hal_keymaster_strongbox vendor_data_file:file { open read getattr };
-+
-diff --git a/shared/sepolicy/vendor/service_contexts b/shared/sepolicy/vendor/service_contexts
-index d20d026cf..214576e3e 100644
---- a/shared/sepolicy/vendor/service_contexts
-+++ b/shared/sepolicy/vendor/service_contexts
-@@ -4,6 +4,7 @@ android.hardware.neuralnetworks.IDevice/nnapi-sample_float_slow u:object_r:hal_n
- android.hardware.neuralnetworks.IDevice/nnapi-sample_minimal    u:object_r:hal_neuralnetworks_service:s0
- android.hardware.neuralnetworks.IDevice/nnapi-sample_quant    u:object_r:hal_neuralnetworks_service:s0
- android.hardware.neuralnetworks.IDevice/nnapi-sample_sl_shim  u:object_r:hal_neuralnetworks_service:s0
-+android.hardware.keymaster@4.1::IKeymasterDevice/strongbox      u:object_r:hal_keymaster_service:s0
- 
- # Binder service mappings
- gce                                       u:object_r:gce_service:s0
diff --git a/aosp_integration_patches_aosp_12_r15/hardware_interfaces_keymaster.patch b/aosp_integration_patches_aosp_12_r15/hardware_interfaces_keymaster.patch
deleted file mode 100644
index dd6d8326..00000000
--- a/aosp_integration_patches_aosp_12_r15/hardware_interfaces_keymaster.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-diff --git a/keymaster/4.0/vts/functional/Android.bp b/keymaster/4.0/vts/functional/Android.bp
-index a7be660c4..dd91e9089 100644
---- a/keymaster/4.0/vts/functional/Android.bp
-+++ b/keymaster/4.0/vts/functional/Android.bp
-@@ -31,9 +31,11 @@ cc_test {
-         "VerificationTokenTest.cpp",
-         "keymaster_hidl_hal_test.cpp",
-     ],
-+    shared_libs: [
-+        "libcrypto",
-+    ],
-     static_libs: [
-         "android.hardware.keymaster@4.0",
--        "libcrypto_static",
-         "libkeymaster4support",
-         "libkeymaster4vtstest",
-     ],
-diff --git a/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp b/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp
-index 476eed8b1..823683d75 100644
---- a/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp
-+++ b/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp
-@@ -1079,9 +1079,12 @@ TEST_P(SigningOperationsTest, RsaPaddingNoneDoesNotAllowOther) {
-  * presented.
-  */
- TEST_P(SigningOperationsTest, NoUserConfirmation) {
--    if (SecLevel() == SecurityLevel::STRONGBOX) return;
-+    size_t key_size = 1024;
-+    if (SecLevel() == SecurityLevel::STRONGBOX){
-+        key_size = 2048;
-+    }
-     ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
--                                             .RsaSigningKey(1024, 65537)
-+                                             .RsaSigningKey(key_size, 65537)
-                                              .Digest(Digest::NONE)
-                                              .Padding(PaddingMode::NONE)
-                                              .Authorization(TAG_NO_AUTH_REQUIRED)
diff --git a/aosp_integration_patches_aosp_12_r15/system_security_keystore2.patch b/aosp_integration_patches_aosp_12_r15/system_security_keystore2.patch
deleted file mode 100644
index 22956d5e..00000000
--- a/aosp_integration_patches_aosp_12_r15/system_security_keystore2.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-diff --git a/keystore2/src/km_compat/km_compat.cpp b/keystore2/src/km_compat/km_compat.cpp
-index 64849c1..40ca554 100644
---- a/keystore2/src/km_compat/km_compat.cpp
-+++ b/keystore2/src/km_compat/km_compat.cpp
-@@ -1314,7 +1314,7 @@ KeymasterDevices initializeKeymasters() {
-     CHECK(serviceManager.get()) << "Failed to get ServiceManager";
-     auto result = enumerateKeymasterDevices(serviceManager.get());
-     auto softKeymaster = result[SecurityLevel::SOFTWARE];
--    if (!result[SecurityLevel::TRUSTED_ENVIRONMENT]) {
-+    if ((!result[SecurityLevel::TRUSTED_ENVIRONMENT]) && (!result[SecurityLevel::STRONGBOX])) {
-         result = enumerateKeymasterDevices(serviceManager.get());
-     }
-     if (softKeymaster) result[SecurityLevel::SOFTWARE] = softKeymaster;
diff --git a/aosp_integration_patches_aosp_12_r15/system_sepolicy.patch b/aosp_integration_patches_aosp_12_r15/system_sepolicy.patch
deleted file mode 100644
index 8f40193c..00000000
--- a/aosp_integration_patches_aosp_12_r15/system_sepolicy.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-diff --git a/prebuilts/api/31.0/public/hal_neverallows.te b/prebuilts/api/31.0/public/hal_neverallows.te
-index 105689b8a..d7dc6baaf 100644
---- a/prebuilts/api/31.0/public/hal_neverallows.te
-+++ b/prebuilts/api/31.0/public/hal_neverallows.te
-@@ -2,6 +2,7 @@
- # network capabilities
- neverallow {
-   halserverdomain
-+  -hal_keymaster_server
-   -hal_bluetooth_server
-   -hal_can_controller_server
-   -hal_wifi_server
-@@ -19,6 +20,7 @@ neverallow {
- # will result in CTS failure.
- neverallow {
-   halserverdomain
-+  -hal_keymaster_server
-   -hal_automotive_socket_exemption
-   -hal_can_controller_server
-   -hal_tetheroffload_server
-diff --git a/public/hal_neverallows.te b/public/hal_neverallows.te
-index 105689b8a..d7dc6baaf 100644
---- a/public/hal_neverallows.te
-+++ b/public/hal_neverallows.te
-@@ -2,6 +2,7 @@
- # network capabilities
- neverallow {
-   halserverdomain
-+  -hal_keymaster_server
-   -hal_bluetooth_server
-   -hal_can_controller_server
-   -hal_wifi_server
-@@ -19,6 +20,7 @@ neverallow {
- # will result in CTS failure.
- neverallow {
-   halserverdomain
-+  -hal_keymaster_server
-   -hal_automotive_socket_exemption
-   -hal_can_controller_server
-   -hal_tetheroffload_server

From 2aa4c4743782aafd203948341a2b39df24bcf825 Mon Sep 17 00:00:00 2001
From: subrahmanyaman 
Date: Wed, 8 Dec 2021 17:16:18 +0000
Subject: [PATCH 169/169] Changed the version to 2.0

---
 .../android/javacard/keymaster/KMAndroidSEApplet.java | 11 +++++------
 .../javacard/keymaster/KMAndroidSEProvider.java       |  4 ++--
 .../android/javacard/keymaster/KMKeymasterApplet.java |  3 ++-
 .../com/android/javacard/keymaster/KMRepository.java  |  4 ++--
 4 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEApplet.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEApplet.java
index 7c28370a..befab92f 100644
--- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEApplet.java
+++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEApplet.java
@@ -66,7 +66,7 @@ public void onRestore(Element element) {
     keymasterState = element.readByte();
     repository.onRestore(element, packageVersion, CURRENT_PACKAGE_VERSION);
     seProvider.onRestore(element, packageVersion, CURRENT_PACKAGE_VERSION);
-    handleDataUpgradeToVersion1_1();
+    handleDataUpgradeToVersion2_0();
   }
 
   @Override
@@ -101,10 +101,10 @@ private short computePrimitveDataSize() {
   private short computeObjectCount() {
     return (short) 0;
   }
-  
+
   public boolean isUpgradeAllowed(short version) {
     boolean upgradeAllowed = false;
-    short oldMajorVersion = (short) (version >> 8 & 0x00FF);
+    short oldMajorVersion = (short) ((version >> 8) & 0x00FF);
     short oldMinorVersion = (short) (version & 0x00FF);
     short currentMajorVersion = (short) (CURRENT_PACKAGE_VERSION >> 8 & 0x00FF);
     short currentMinorVersion = (short) (CURRENT_PACKAGE_VERSION & 0x00FF);
@@ -121,8 +121,8 @@ public boolean isUpgradeAllowed(short version) {
     }
     return upgradeAllowed;
   }
-  
-  public void handleDataUpgradeToVersion1_1() {
+
+  public void handleDataUpgradeToVersion2_0() {
     
     if (packageVersion != 0) {
       // No Data upgrade required.
@@ -185,7 +185,6 @@ public void handleDataUpgradeToVersion1_1() {
         issuerLen,
         (short) (certChaionOff + certChainLen + issuerLen), // cert expiry offset
         certExpiryLen);
-    
 
     // Update computed HMAC key.
     short blob = repository.getComputedHmacKey();
diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java
index 4f4d4709..41f468ed 100644
--- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java
+++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java
@@ -1241,7 +1241,7 @@ public void onRestore(Element element, short oldVersion, short currentVersion) {
     preSharedKey = KMHmacKey.onRestore(element);
     if (oldVersion == 0) {
       // Previous versions does not contain version information.
-      handleDataUpgradeToVersion1_1();
+      handleDataUpgradeToVersion2_0();
     } else {
       computedHmacKey = KMHmacKey.onRestore(element);
     }
@@ -1362,7 +1362,7 @@ public KMComputedHmacKey getComputedHmacKey() {
     return computedHmacKey;
   }
   
-  private void handleDataUpgradeToVersion1_1() {
+  private void handleDataUpgradeToVersion2_0() {
     short totalLen = (short) (6 +  KMConfigurations.CERT_CHAIN_MAX_SIZE +
         KMConfigurations.CERT_ISSUER_MAX_SIZE + KMConfigurations.CERT_EXPIRY_MAX_SIZE);
     byte[] oldBuffer = provisionData;
diff --git a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
index f31ad12b..0eebb569 100644
--- a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
+++ b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
@@ -45,7 +45,8 @@ public class KMKeymasterApplet extends Applet implements AppletEvent, ExtendedLe
   private static final short POWER_RESET_MASK_FLAG = (short) 0x4000;
   // Magic number version
   public static final byte KM_MAGIC_NUMBER = (byte) 0x81;
-  public static final short CURRENT_PACKAGE_VERSION = 0x0101; // 1.1
+  // MSB byte is for Major version and LSB byte is for Minor version.
+  public static final short CURRENT_PACKAGE_VERSION = 0x0200; // 2.0
 
   // "Keymaster HMAC Verification" - used for HMAC key verification.
   public static final byte[] sharingCheck = {
diff --git a/Applet/src/com/android/javacard/keymaster/KMRepository.java b/Applet/src/com/android/javacard/keymaster/KMRepository.java
index 7032d258..1cfe8ef9 100644
--- a/Applet/src/com/android/javacard/keymaster/KMRepository.java
+++ b/Applet/src/com/android/javacard/keymaster/KMRepository.java
@@ -940,7 +940,7 @@ public void onRestore(Element ele, short oldVersion, short currentVersion) {
     dataTable = (byte[]) ele.readObject();
     if (oldVersion == 0) {
       // Previous versions does not contain version information.
-      handleDataUpgradeToVersion1_1();
+      handleDataUpgradeToVersion2_0();
     } else {
       attestIdsIndex = ele.readShort();
     }
@@ -994,7 +994,7 @@ public void setEarlyBootEndedStatus(boolean flag) {
     writeDataEntry(EARLY_BOOT_ENDED_STATUS, getHeap(), start, EARLY_BOOT_ENDED_FLAG_SIZE);
   }
   
-  public void handleDataUpgradeToVersion1_1() {
+  public void handleDataUpgradeToVersion2_0() {
     byte[] oldDataTable = dataTable;
     dataTable = new byte[2048];
     attestIdsIndex = (short) (DATA_INDEX_SIZE * DATA_INDEX_ENTRY_SIZE);

    f9O=Y|r&X
zLmUS7uEv#)CD(w@u|3!BRsMVn{O=+h6?`f)B8k}#*`7)JRhpK-%vA*(T(9sG!9{~x
zXp!^=AscN^*M2H#n&7@Wx#@bdux@7Wv^^ImDc$42yr0-qXWg#5WATANo`wCW9ol8N
z4!n)7X5nM-1=Efz0JsP4$6QPqztbpb6l(`2b+F_{eh$WE&Em9E1Wd}D!Gc^V+hP76
zhYEZl4SP-d0rah98GzZEKpG^oR8Wt=KD7az6WIckJ2b6)C?s#1cI-|th6B922tnzI
z=2)FD?N2493_#deltfLfGiA%n_f0!9+z`9LdgmXQYLLOqPfYt^JPYz7Xutn26}ul$
zV&lWc!XgYl
zKhCycPBykQj@qualm|isLuS!>-l3USl7VtV$`6XdoMj?
z^rz;5jGrxg@Ci84xFW-42{xb_*S#M98&1?30&D5ws(Mr;+voYDhf|&hf-r_iT;r)w
zlL6I;_IZ|l>}1t^5FWaXM7B{wdh7)#9UQe6K-f(ru4%csV*{$;@z_UvPVqkp!a1!;
zk;pb`cwrm8;Uv;k5KPRf6xPI~pvUfu!8a#cG6wr%U^EwqzBP0nKt@
zNpB;Gr0-&(0*k~_F@r!V)&O7cavT_MauuJXRO|+H*oBpf7Neg*lI6=tP6f8hQ|b$g
zg4pWl1^o3KjKn?yTHEJ_p;^o$5`VX#ckq^YOL!~_n^`A(
zS64g2_y4BZA)00&r3^$XZlK6qIl+;7!{Px?0wA?d70Efo!PaY$3j`_
zdVejPjII|O;$(Gg6^T=L*FzO>D&F-Gh>Fr($CSq@FSCA4OKi)$17a<^HjIS_a+Q1}
z1CWqnl{{D364-5a#x9vy%@Q;5!>-7Y2-s>_4p3@044D6dUuI*OM9$Jo!^XnqI>S@L
zu*4hW@+1Ck;xJD1Mhn1B^e1LXrY<%-%MfdJkA=Dr4JDvrNBTw&grfGf>%k~J%Q=as8){d@Wj&W59bhFAO`yoC7Pf7
z-&dAJ_QyLBbWDj=?2ak1GtW?RxUaZ;*9poGL+%(3V=nyDQ(^_10iB2QB^Q!Q33sQ&
z`u~bX1rAbL&>Mk+Dq-TvDYWh+CR(`=GeKI$pTDmyUg
z2Ip%8J$Vg^^b}?CPuQ&$&M}CNg7hm7O~^y{Ee8s;zDYxUmOE-M-hcQ)8Uw#D#Y9MB
zb@5o<_<(1%2g0QcX>j7eRx#cYEO$B95Jvwbjf-!YVs&9b6^~!OjWaQL4B+~Qi^#Jfc#&}wivhe)8iRucRJR=DwfDO2wNn2AA?-fd58kMis+8muMjhfVw5xv
zdF4f`<{gJt6COMYM_LVK{7$|p7){q%bh9b+djRbx_!hzZ8j-h{EWytdxhK&QUoYCP
z*^emVWjOw#1=?Hd0i(&sPD3D2@+N622UNt29opR&nKNkrBPsyGi(H$bjXj
z7*;i~M5V>4)TnwY*Z0$lW1h+l{C)VG>mR?D?(_T;kjb9Pjr=qDobP{>&yD@N_}s*Q
zlFtSH@A%x*@3}$zX8t6clUHOTJSjT@J^RALC|I9Tc4pBw5rOYNz&?2|S6GkUHP=un
zyDIE_9oN*?OnIfk(Id#RrcDKJry`Q4^+HRW@_OJ&t!7^#H3tf*Iap!R9#_qw3h%gT
z$WbJVMhH#v;J^W>8Kd3|OCB1?tcGa^%$y{DVxz+pcG`CqaPUv`n!-+(;GU)MROu4)
z0~$V0m98-(D1KGCIrrV2a}RZ{+QvVYaGW3F^Bw+I_}tZhlFxVgFY&pzKkP5!_3@W=
z&INq#>mTTx=kU3of1`6g#OMD0FPyW1vQgJAZ}}_pMV93+gNx*I=nu-UHGyaPArjA0
zB-W%n{|aKS`$ZzT;TF6sgIxIvoPWv*YBt@RpzY5%C%7$5PKbtjB%y_7`yZ0IO%@a>em3ZhI>aG#!f^<_rn_P0yG59<6TJZ
zBi!wW-BnqLBXGbMi$Qp#D9P=IMIhPbW*2k&VHD0avea-X^1_Xe18D=$F7o?xkIIt+
z@MM2e{wki=@X`%T8UtOjeOn|i%J~CwH%Qt26cB~}Xx|Hz9`IvKp
zkz{W_M2GC3V6gp@>nE~*@2{CjLV9&n1)8kas#xIU5XHi^f09Pm{&@lO&&T2LJ}Emz;dbqx*S^FGAh`bQBJu*kuKjb{
zH}KN~wLD`;lJc97_XHZ=_kK9_j)uR0H0uklHjc(d;5}jTc@bQfla>+`PHh}LI3Br4
z_;bK^5MGXOZ5*W@kF*HT#?imfFChnc9)DkjL|o%2mHUu!^ot!ZkrOF67|DY}1wb1|
z?|d6h<>6k##U#-~#?iqafzT3Q=i3ObakK~83u6Sp$wdhv<0z8oUyY*+@=*C8%Et4M
ze$mzNZ^qGAFa~1M889ypo0Cf$M@=-LtnCIcIRv;$Zr3>aI;LD%J_%SV;Y!{$jwV!b
zLQ@Y|qmaC794*<%k?#qtUr63Hj;_1pWXV0iW@&kC9Hm;vFkR!Qca&75Ensd9X=CFj
zjH4Hlv66x!`4+HuwKkJ+7)QGwa+2&jU_WVjZ5*vl1xp)8n;;jY^*3nRIGWl@D!Gb7
zfl+uv#?caMF(HRa%V-|L-rSF>7RJ#lzd6wyNEih%WE>rVodG%KGYO-_4jD&xqc6yX
z@v)E`O{W<2!cs9u?v;?7YaHDkFjP1{3}LQu^t%mCIDZadu5mOQqZdxV044{WaJt6P
zk)xf&%Op&N(>0FvfgO_NnuO$B!v
zDjx{d#?jil9l0HFeZ8ohHjd_ZaEzm;LHI_K=*scIHI80HJsmQR`sX{!BZi~l#-RdL
zNX|8mu9^fnZ5++~LeZN-q^B06WZ{%l)r2;V{*2X=q0`7N+v5o)0Wz)xsS6G}#H9Id?H5Ep=buW_ZrHI7z%)ZhSlMhKCJL&cgn
zD)>CFppBzFeo|>#9n9v$rh0*&2re3`<<`d02k%z8`++(6Uv<02QD2zS{UDed|4p|x
zj=qm!iqIY6GHa`e543L>Cwi~
zGng2E4uk_mNz_>1W*nX04&S%~>+(M^iyB8Cdl|xV6ux?ZL*+dMO*QV?I69#;Vo(l@
zY?q}Pcx@c*cwUGuB-a{*t}aP(a%$t~8`aQ5KnF;U17Ql0RIB0|M;p&mPm){)>=9Q<
z$T&J1W*2@Ow*%Xy<+XA2mxZdh$@hVs*7Djon((+I{|m4`wY)Zt-k6NAY2#>5%+nJ|
zmO>4ffrC>gWE>S!G#kdz6YnUJYy)N|Vyn2h#?eQj9c`n4O(0ygxQxR%`X`K|O=4ipp^iPH7U?UD`O>d#$7CXAs2L{|%TnjxH;Ux}^jd
zWi^XuKOrgvLIIID;7XHg9NqdoJ_t(BNFNY}YfUP4u5mO0V`d+b=78{^
z)}%lqsj^*+gYNX&$N|;pCIJ$Y3A*zGWxG1Tpadi42DY}6$v?z%+rJt;iHphrJioFLk
zn(mB5!&nr=GAKB#B#~z@pQE0+CbTJsQO*cZP=xu4JiHfp8N>Q}mg*%Q20yI5U-IDF
z7##&cHZ2H?Joj}!3WH!j!?^Y+#IBPIx;<<+pc`eCP;uo(pGD1=pM;+i4Ws5*)x$8V
zLnzl3q?^KmER)n`7i2uPT^0FBWq%l0_ubQgxYOZ#pgKC=$zN-iYn$}uo^l+|fRBc-R8w6A=M
zz5w7Jn!KBoC2-fVwJb|rM~lFu1DHcG`bxXy0E5|c;kb~b_OSq4tXs%LdJ>ey8gs;-
zuaeB!4&JU1m+T`(OUbjp%3?iK+E|dqoX^1fGQ?$zbq86A`o0#qE4%baeClrt=Ahtr
zF$6INhe`$oPmp%k%}P%tK($@Cu-W<^X&?DnsptT_tIKiB*0ZG@1WaCz1$2)K7dBfj
zlaZXZg{FQeoaxa6v2qBNZQu%8XuT+)(j0sm4QdXMszG>OLW=@w%t18>=L;?*>FQq=
z1{F@AY
zcWMS7}k`o=aq_`!1uVE(8_=V=q8YglQ_<~aN#7z$^cG^
zLP<>FY&97hTC|$|ELH{_#v{>oSX=DTwEli<6Xfgd&zO$MRN5xUHz$*xA>Jm)H#f2*
z9(2)X!k~%5_q5&cThu$U6`VTYFnUob9>v%;d-8|C2E%!>3#sn-5F+t5LB4zA)f5gf
zl*;pVtGRgo0mL=nERkE|p=_W?Yn2@{CWmp%T?4pf7N^T2-BIGGR%`L2R^
z!`?On&fdF_@i;j2l0&C7-LlKWkS5CmtD|uWiXuHG**{a-AMFRNJt%!OjRI7J=9TtP
zEJ2b}K)GMjI9%*y$JNLIAB=X3lOQSAfwIM=sctuK0_4k*_Vkn3OOW)-!(hDYvLvUH
zVpW!Q@?vaw$E-_W{GnN#RNRI4)t7b_)}AmcVk(L?4wVZ0-XibA;k!GYd+*$z_ceo2
zu@=6N3!-dfC+gErop8v8dWOgE{h55D#cF_w;@JV3n)y;Aenc&^T`y`zqh1E~Vj99Y{BPA_iz
zuq9F5GEQKI0vjE|>BVgyb|KndQ-x7J0BlJJrx&+<*o7z^)eMJkGq4vzI1LSa_y+3}
z=m&83=qRvvG|s#H_#Uakokw0a>Dz!UkJcN^k$-@ALz8)A;KRmieVR&z$KHdA3x`S!
z9vS#{V@snRNT_OXuTK~~<&p}G;5S=+e@lB;3n8+m!?_Cx{WNI-mkfFV!8bLYnrvwi
zsKmkyd;DofY%yF{X|bgt-DM1$zC}z$L+$|KpeE6kR36aOj_)C-w9uQrzH)f6rGk?I
z-+_3os2F>|JNEeU4Ldj;txUwdDE~MLm46;X_?8&;mERP)hckM;^XJ({5JL@#+Q$VbllWoGe62G3|z5OHO228iWc&
zDx`@<9=-;q{ZxM^K?*=K74$1{2NX#JqW^@+cYt$
zk7-|q*_{()CkXp)(?o*`-)xYchelNR@)Hm)-lmC3^RUmrOr#f)Zi3*QULV6+b+Hd>akFrjmcBZ^HNE
z_!D}6#Shwn@F2i7n(#gm^!|$H>kIJ(TwVmeS96S+nuGlnFJf3poYTO+(3}+F==~LU
z+-HbC2}96TKu7``*4D)Si`X%-c?Ikz2&@hc-Z61Cx-Gn8;u-XSlmt0Rx}`;I)da;G
z7uj4F35)80?2QKyMeL&a6V$l7XjZ=jw+V2VioN}NNTv_Bt_KB)kOc`;P|G+F1vLC9D7x#Ey1rnf;MNIRN6t68K
zAuNm-D@ac4mSsKI7HYY@6e|Fv`~Yqr<1lvL0$7T%6}BA*><2hsbseLK(n+oZ(bhpxV5hS+HYdZWvUS1D37v*bv?+@(dQL%4WbiYCI{VzPtTVbqkyMqW`O5+6q)o!=H%z
zxHSI8*|A=gWJ|%3_b~=Pr%|`%9Y4b1~FNkpy-iJ5rj@MvO}sR
z(%@Vkhf#;1E(~>*k#(`SHW$tevtHzs9D17yv#3sbpW-%RMH;w>&PZKzDp;Q`rtN?>}P9|X;
zLhO^Hu=Y4S?ykTkj1*NNxI6OqvX%(oJ_?7?lDtsJw8;E=mM9C?YAzx>6Re8I%*cDO
zbXhh9)Tp{?M^Q6#O3
z#|C>x8B0)b-Xetk4VJ`y4{=Wgxr))LfLW5h=>Jf)V_il{C6~uS>F~JSfj)SgDpRV6
zd~z42(tOBHz(Q#9GmQpf6GDEzVRu1+CO;bxGL?`(9T*?u_EjN07CFZyp2y!?_I^C;
zGr$-cQo_gy`&R^fE|A$;Nh%kdcOn-HORR+JV>pb3q<)2D=!3}f*_PN2=L0UpS>Zgc
z%sCr*zBJPN6bKhIiNnb4MBL{wKb5ltMdun|3z26pR5VlwzO>&)`G^OUrs0(o3{~bZ
zTAGJ7?nWJeO*DZMD3sc&%u#Z?1@9+hQ2OwjXd|e-p-N1*H;<9>)^|lxhDKdp|NGf5JL@DW8MXF7k3SBqWO|#%VLMJ<6|??*RQoGoB>HJjRQA$+F)I
zx5SGi_!|f}HEBGq91>>S|H6_hCdDHZX*iT$D{-Z^kcq?hnYV!?>%ggrCXkHqjoogF
zxRqw$cd9Z+0vwN{2kl`^Nr8)OuC7?8_}?_5R7rogIAke}HbPdX5l1CG94(7XI^YSs
zrLlva5@+Cds4dNYvIaGy&-rUEa2t&ssk3KN@H`vPOiF3@LqjXCL51}IB6xw)Ui39a+5B-apxmM%$Y;RKIBjT?)qn@Iyf7^6vTGY}S&
zUPOt&Xm$ajy8}Uy^Fer!NLMK+s#$(1$jz)tZ=ytCzOWy>C60UiNL(y
zuXqiD@l(LgYCJXvZ>L1;3RXlaNQ>Of`X9slQCLij+6!^T_;)_Wzc@HK9DKaA7a}LU
zgl7V)OgIPcRsNDl#AI1~S2CVsYK&R{Y^MpP7(-nae8ecn3DPiNV+g187QSEh0ADEW
zt7u^4T(~cFF-b8{g)QO{X@BxJ!nXU2;+OkdI(
zJ@=%SJb}KDR7Lh>Pb_^6fko&$A|n0zUL+Ec<`yP30mLMlh!n~1qN1mjqWi&7OB;)>
z4kaU$TH1K10?iKd(nhvSrN8+V1!963_ztp_>C-4mG5Ii*cGoGx)8-<5-$|;39x(&<
zLJ-NP5K*L;8$;+?Gmt?j=_-uAb3f4N5k{afp`@VD9DDkx=O~JJ(}nilQR#p;U33)b
zLbU$#B<6F2w&j0%F)EPdNWY-Zisa>)hHv-{Lj;p8JN5|tc@$cnz+u#)-0aL)s%1Ak
z4r~|P54xD7D^c=`p{58Hw~|ShG&iMKBA8{_xp^itX!R2va
zr(E1oQW@1u@D9sPuI7+_2H^&gC>11KiITLMIT&r#+J!PN&E9ymFWAkpv+r~KO+yM*
z#=(JCB4%yU+sCrYc5w7I2cZ*@LVC?cluQFGyXF&)rcof=b(^L)v9WJ(xMlDC(n<7@eq)xMS0OuzAWXIOn)f(XpuyMkm=4SZ5cP-AUdZn>Id$
zd22X~0(@6d3Xe@`7M=&#YHUg&PcK;#eo`FC5~kyLFR4vF`zMzFV+P_KJl6Td4$VN2
zs(+b*m>iA>{tRt5CI;abM
z;bH5KiqjqVK+U;;tI!NYU=+SC1D81(C#@oS(4Fd=4NpMhv%p@(@xKYALiQ4c|5Xx0
z{aH<@B-AqylxXSa5nN8fpP)x4Ax9~_0oo-lCNao6g`t>GH-)QX>iObJ3>cu$dhqJt
z{O@}3H!SZFvpU*b+j$4Qj2f~IRk`d?)o
zQuwk$Br0>Pj;C|d$Cp5y;{u*QEteEmOeG9H+Bu8|o{G)`@#OA%smu%t3@
zPQ$zpy(tB6%*Iu*{zDMfr%({kL@ac*C!vYZ;pEbr{v7pXDF}O95(R;JFSiAu*ILS@
zGcThyh;1GSUyd1!_W_+m1FJE#B$}CFh5s9ia#9)j1|8zX$@9E^XrtyS3ncBH}pCsY0|G#KK(gt1W@rR4tWhy@@-s&UZ+g!
zk1j2N|NJ`T>P<@gRuOSYxBv1wWxp;keIq!^GxA#bs9&ed?Gve(|Ao;VoOv#b3Nf!pSOgcfut0go#fIy2{hs826?osfuwaO(`XQ78qScQL
z5suvV(3O~KdEytDoVC{=r`r)Z$Ai?PKhd*Unkgb%dXBF#MMccQBj2j=^UHxsg^LrY
zP&nMDB^{@07Pa)(U)p666a+u7!t@d9`j3
zWm0d}_wi|%;6N$%u%nM&E>fR{<}0Od&v0~q-u7I88EYuW)rd^`m~sc{i)n<0Hm;1v
zQ_82N14e@rdOr1hL&f76&;d-1gw;qpW&uX>amgM}OrDyRda|%^Xku%fBxyBW6}Pqm
z=G|L*W_H0|YA9+)Ai@tB-N+N@a*4S41!x#sdfxpWpL~Jqw=RW0@DqlPjfhzaLsIN!
z(=+=^RYO!-iKtNxLFun+h=0l!&LGa4nD*#%#m7s};f_j42U60sDMoNm!Z|78DwjsO
zE%5x+LFM06*Pl?<(Us^q3$;UJKhN2^uzi8UQKE;!QFHMmVqL}acBH||UoAr6_9AWy
zLgEIs2vSQ_-9ift)p%#2oK0fjZG5Qp{zHi{dJKJm1#0#I*=1Dm_v-3oFvZ
zSvfeB2~A|ESqE3sYG{fn7Xu}k$VyDywkR&e_`*sgD;as45}qwk1qfweRgyEiRah`I
zVZ{Y#3u&Mhz?qARSv~?=ymgHC)NG^Hhg||ezatjreifV-0MS6K(7Q!(v&(QfI(G#X
z6beajm6Pby0LbfDDkkDyft?)X=x}pGP(P!pOQH5j*1#$&5toPdApV@E*4L??5Ctb1shf*3hyd2*2
ze#0{cwqgp)jeiNEDh9~G4=`g}Dqe~jtN*7MREAUGVxV#`0``5Q9$xdsXn<1h4zT3r
z1jL>GL|jI1ejF`WPzU#BlHLt?PsWpz31D%L6Qt~^aF*I4~|1QoG6{fo65s&@1b}C+KYi1?-
zS)6Ca1SQ(?|02qDE%#OeomZeHU0wEF#3H8A6;s$X4Kt^gir+Y>kyG%fpvuJ47IwjG
zjXBK&eK80igx}YlK6KDs!n7^(bwusUt3qrdh%Q9Tc$%*}Vw$m-=_8i|8jAZJ^{_d_
z+>FW18GWSqoRGP=khB*HKHdlkbAWjWCxUO?2Cqe_H~W~IV5%g3!dgfx!4-sbH9Nt8
zNDj4K#DP5ocQV`H#a)7FmmfwH+;+qitS!qy4KMb|O>;4{EFt}|yI}5+G3D?<-+0+*
z1pSSL*m8OFDQvQk=J%Ao;a`6c?+2H*r2jR(@JRn>xbQ?(EJkm}d!i~8TaRizyA|qU
z8CBPxf=0B|p1yd6yuF=@-7e(EP
zC~A_f)b{{+(N9zZwO3jx`U-5+6nhq}YWWJBKePlZAu*9b8>U6gu?M4_V?D)?j5J!|
zn5gHSpCpSutejjh8eY|?6&Mai)}Po}y++-nZph0lYd@~*sq6kZcu%rn!Xk2Ckq7s@
zc;bZ3Y9#p!^TLyH)Iawq@-X9LzxsCYmwxr_;ER6s&ET*6>YKse_!k`~-nV}GcJO{V
zaM)y#@sT;ayAY({Ac7%>K{x-26P&=l;?r$WKVB^8})S&9U+8VUEd?u7g3+eG@&enO%q3JiA)Uw3l92B)JjHXEa;Qp4P)hRo=(y1IWw6z>X2lfm3+CX*YTg
zYd_ZmzX}y-o&IZm($^)z6;*JuYyX<7z?=N=Z
z)fR;AM51^}x)N%3HN~t=gE(h)wX12T)^Yru1=1oCp};E8EDBZYIa8hDGwP{A#fMwxQ1Kc2GK$Y&C>u!%TR?rN`1BnF&t}7Yv5QF_
zTk7Joh|`R0WkD350Os?EDPO|ht0dBc)al|gli6p_r(4ZfAj{dV(a4bV-hyy
zfxI*~;_<+t0;h{l#ol<;gXGhIRd(^)iqB_H7)nWV5ZbyVXL26JXE~CZl?(+o!NqSY
zK0W%V6p)KSSVbg?m!zvu@tMexmxpM85AfA@oQoJ1&Pm544rU+;Ee@D&I@6Dg!u
z7oU_`PBQqAiLp2eYjTUv!fxmRQd(32p)QdMX>yCtN(`bY`{W%U^l(XPTugi>Bx?)|>;^Tf^9yJyhHz7n#ZAa?)r2gYi0@5|Q0~v56{s;X)SOI5?J1I9dO)cW
zoBlu5aCa>Ef$x=?X8*rx#&T!|3sO@nKwpw@+sJ`H+%}T0|ErC>lhkCldI{Ay`ZZUc
zb~`Wa?LYAJ$!*a4G7h88pWwOun%<+3?8o7J%7tV@#+`o6@BM&Z26n~8i}q`1zeDNv
zYic~Ic(NosFNecuMKE3IehqD=sQWctL(+Zi$D1RQK$Si4H%LpR>#+s0AJZ!>t9X?F!WbeEnaw0L>zaSfhwQI-wrKJ
zS32u?dd3|j9UE?Nu;j;}d`kipHAz?hk@XLjKz8|%I*B-x1jUWTbk^VfJSLRMwK_<3
zh)6LJrD*rZsHMi7masw%hVx_`dU~IY2;{1a2ue365YH8qq8%Wk9x(br&A
z)w#8Ee%(3KPMVdg;ZN6hKSG?|)vEnGH1KYsZhberCG7v?O0!35qRXxC_I&HqZ%%#Z
zdC{rgoPp9^F-7aUUw?J@&Om7kMv;XFO0+?zwE=#)10~w$(;X0PhWGA(=mlIS|20$%
zh;ER8GayQZ20im7l8<11i|Wx7q=!qX>{524c`CHXrFE~ZPN%p3wnCj=N^BA8^p1QM
z`Pmcd`r$C{_#2=eGo2_4Yzo|GyO``l1l{Rx`>JrW}9??w0!T4>R-o9rI
zrKAA}ja^cx)BDpIN6DSQhPwD|o!&CvIPsbd!eSy(yd+(PI=#C%a&D*h-me{hUjk`A
ziBRB`i0<@`xaxTRDF|N?DWq3-dZR5T8E%2#Lq-m{U;JB%WSv!tYfxYe41c2ACY7n#*4`~
z6k8Xc9@kA#4f3)Uum*&4;B@i%7As@^{xiqE@-rIg$Y!fclmDn54tXC;pT
zd)mcsD?S3t0x1RL0T50QiQ*;cDpY)ybL8COvltV`9QfZsxf+Ns;AqMPp#_l&X>yCtP)y--GzNe$`Zi5&@tGL31ZAIm0E8tjNfjR|6orZp
z=}P|HizuTq$;cj`riLZIp+}**3+?SUN+I~o0JkB^WIPMHC*i^9SN4bV
zC>N5m7
zNzB}+G|Fjky^n|#6Wx>O>_>ubgY$kIMSBwD>hvTiq1m{jHhge<64Sqd@Hx=FD=e(S
z&W#ked)%m5w1wpw**Q^&(%}hJ0w27D#+^5gOsHM+019QeXt?vD6bW_hZVjQe0`O`$
zjQ4?wRE8SZuZ)DX39jv3MDhaX21j0n6(P_5aH%1hpvyWG@MxDJ6xzhT`Kc6JjtDUi
z$Ra||lIjNZ8d5@YyIXx_P~QmTnUE}_t?lmY_bj^POPjCmD>i2JdUAj%|kws~0fvO}TXwPOuBh4v!&ndvEe#^koD9dTTH
zzkWvLVtN$lPsIF=dL%f_^sLEL>!WA65=EYB*`^XC=ntkMR8PT$re`^7YzoJVu0)Z!
z6PaEU67(lxR;MaI=9|iouUrYr=zj{;LHR7LiiIabVDTqU{xcGywq>tCx2d)aFNx~1
zHeSNrAVuwPdkGvZ8lvEOJ`=)HnBW;+4;2U1F^8n(88&*N;13AY4)@I62Y}`_a6J>(
zwToNdVAx$d-1?qQmi6K?I7%Z0rO~30g@;cqN&mm`|I}ni7Pk|hB1uooViNI$cLsMm
z=`@PRTI5uG7Hq}g;Tymn`!@b&e2OAosc*#H##_`bZ4N_bBM6T-HAJ8V
z>3%McKc)aUHMH6Fqvo%80i}n#g1Y10f?`uZb
zYy%9^uD*T{d4e@bqweVqk;Mq;QC6rs;@$4~7vgOwF(j0Gi@Gq>d$*sjV#e?@jVQy`{
zi4P9$jhi}rQ##lMk6&(GzR3(eh*|R7dVEtg*dKo8*5{kr!G0EQ8t_eCuuURpd3@76
z_;yF!G~%1~!R&8wlg~HZg2j=qxlKw~Cxqx5+%Ou!X&U3h&CuXt3PE!Y_1NHLib4y%
znHXI34v?1qYlpDHHaHne1#;U&r6I9q2CIF7o3;@Ra5Fo&eKT&_g%^jm`+}#VAk!hD
zG;SUU*7yTR_n_x6UPTBFL$#ONGp+)VRl#pcfz~UbCT`XTSO1NhJ2^O;gRi1C$?ff>
zlCUjEA1%r4*Ylsu(HnWy9O+Mu3E(QDsa1b3A#4q~Ad`n%6)va)`mf;8L2>6w@JjO%&Eq
zW2B;&h{?xPRNhP@PzPtCPq>Yc;-R>mR^eLUg5o|ow;KdMQ|>AC9|EbmjG%PgO(aS!
zNq3TNkrY(WQ}&pkWh&ZNMB}8mjhphl7n;*0$M!E`(H~U2Pb%VCAt^d26`8NOD)_3f
zcce2VkCOB&6~varEtI5>wgGloVf|c8q{KIZ`nD>q?$hd7vy))`+9D438-Z>(Q-W?@!I5BllB`b`1>QS&>GXjs{OscvPQwLX(QuclZ622V41wa#&f-^%9
zp-Jod=nGgfr_?~YD(gRjX#Hi;*69G9v==Ql5a`}7d#11V*=DH
zX9nlb0TLTQ#k;Do#v`C<3x*(~=QuK12r*}_NNa#K7kPs?Wm=M}P8ohGF>3(RX5J`H
z)Zwm_Di@RvB5hUy@Lnvx;2-2u+B871=&G`P8xc6~`HB^D(!yL~60e{R1KG)L0Pi=b$eu>H{ZJN<}n@d8JidwV4R?u#1#3
z*w`e`P|j~@z5LiIxxdf_%L|hn^h^JwIKcwJuL%AFMdGG3yc>&jiBN=!n!wMUA~d7A
zrj>fAn-GD#M~zSKxa7^jZgn`*1Kl@-#XZy&zCMvmCt}ZVA+9-vf*sp%b9QY8kNcyanR`8#9Li*WcI+4Q-ElqI}aSU(a6G$QpyCuMF)
zgkq+Q8H*slrj@9|Sec5_ZoG;D?6V@6Qy9A}K*sEsrD}q3^B)Ly_@>gB5eR<~|KZNR
za``nCZNyWjBtCc$OI@hIsZ6|cR5q?8T~|UG&o7rq{r$l4X1LBQNqw%srrF?^kD(%9
zwMLID5Y-$GStY2?8@M_O3MwYhgA;h758Nvy(K8ZwD2VGCQ6-80_cSQWiO!_!ZfkH|
zGr9&{FFOiOt(ZKzJ_qx0e(h-1Uv4*a)`_{3+z-scb=~M;bp0sSOy$>$nMBueM5Yv(|AbrN%0dMuIun7TfMMRob>6WRS~Bu3+S70xP1fW`?b
zY?~43#)&FC*Ad6YNh%BGn18TdFjCg!rx0^)a;C1znZwTXfw+xlcj*7YvHMKw)?U>0dCo#1FWBQ@+{-Qw`yr
z)2QgBW>7Jt|8neNJMMkq5*|K?|F<5&fM14()0#Ak*1*}}wEQoe|Lt(<6WH9b4iBeA
zUDk(8X#rD`%?`=s--AAoMOEoe*G=
zVkk;iPy_@-P)tz4f{oZ-OB7H?n3cMX+Jx|2${r-rY@nzrW9aKcBtj
zoadaGIWu#n+FdP|8Hm;
zE%Av0;
zqr$<>bh$Y?BZJyz$W3L&yVN#IZl+|sO>J}JW@^TX)HY9Ure(ZIZ42dQdd5g4XEd4uy61fd`=>vP8Z;uD)9e{!2>0kouR!%0
z8P3fHp+9w82%-#cv6)s5CL>2}%v=r9h%cvMiglCpCPuu`+fk!7OPf2Q0Wn(*=4)c^
zFqpT9xl=G3^<~$9kz*Q58AKoOLn*@Wyu6?L`fj}G^a6@OmjU>Yzkdo{mRhHm&O1q!
zA0c;G7UT_p$_FG-c4?%1h&y{Bnzuk`XeO(VFEmWIJZ}q*o5aQs;Ywy8%`{};T`1$_6HH^g
zi##46@eWQe>IQ|F7%8uGa(HIy4hE1``zbk3I!GxmLhux{J*w3&q|O&(7R9K&QGLo!
z6tngSsD;DO&n)lmW^x2PlVncjnFD(YW|&sP_`D=TM6
zs_=_*AdHXP8HG&Dh1UhlYJVysG{DX1OeRxjk|K$c^t`NF(6Ec0jG=@`xj9=Oi{54V
zv!=YwI)*pT>x_8>$ShK;2_cY95sR-Ol@`~$LVn3GW;p@d#mrk1049W1edd6FuXHM(
z`xk!U@FT#Fn1p@g15{zh4j^wc2Kk3%=~7E4#`NfZTaLtRHgbF^H#XE#g*%xGQ{6(A
zUcRUs_s(sr;jA`GTC*_o-CbLR&X^5tFGzQUZ}P^HX;X3eSoH6sm1d6p4XwB59R|(wI9n#(f-^(nlSus)ys^i9PFOMMV?Qq$OQqpRr$@(@xJKj98e3Fj|KG$Q`ASq$Q_d3d5(@g~wp7sN!}L$8^ja3fcG;smFzvpgU9Xi2<|?0K7sX
zDw&8aV-S(M9I2?oe1s}Ig+}?(7-f1uK3jkGU%>ZSzi@L4fWmIZ83ahWS}kr4(xqbJ
z%VN~sn3k=$T&Q>WR3k8J|2I&0zmxG~5Xh`8@M#sDb;f%>NertBe;5TV-A&ks6L?Y^
zjmuoCZ$_c7_^%kPRj-e5{fKzumUxt46}?r80IH2u29O-fvk|JhR%1Jg#E3@FG`5pm
zhrLy8+3h+ru>puq
zOTG@0ZS%W0IDX>cNlx26I67_bIoDBc+ccEBP}?yx@H$T0pV7TeZu??qM}^gK1Lq+;
zqvE*a7pUUb7E}>lf^2Ae9cJI1w!MIHRo695;Gv>tMh2r6U8i{$Jv;p^j3e}Skoy&X
zhp{r{sLgZeyhhi#r=i?RHOqojL;RhefKhF_Yytb+tiPXd47(Fp-2-;U4c8(~>t)Ia
zMq#|Vo`tEy{OFyLkM`o`=v;h57Tue2)|*(DR6qZ5kciJy^?6X!HVuAJwS8zKV%PSK
zrdSkRH5;-T4~n9P(jNqWvo6X;1pbK7cp;|{gsk@wVJ^kzX4MX
z{(2vyCo+sSKNIsq>Zae#BTIcF_;(PKLJ0|{4Zo|4{+RmiYKwUu{5R@g9{m=!+aG!Q
zdn`4LWa{t0|H;RwHmz@fiUZk|D6W#qRA3_bOE7p=y$I}snK$6mAW45au*zcWDi*At
zQ*ZjyMqngZV*_@J0XHD*-%`)oj@LjyJ&7DKI8&`M=Jtj3KiT5^F44?tPlcHJhCi-D
z;vZ|e7sW@nzHSi9@<1mw`z_49@Gd&YN%{nj4IY5P$EY-m`f_W@I?_oRHXddG`6HiY
z%$~b446Q?))bkrDb$~qR6H(K+NFQia&eu>f%t>Q=gax(r2{Z64F*@E!SqyaLQFyW+
zJ<5s5&3N8SaI()NXIU@EO?1*Z(O8*{$<62_CzURz^3iF4O*R@U+nkCx9PQ*bWQ-f0
zekWLuH2s0;3{hvpr|t#+(Pqh?kwV2yPaFBZ#i(xdP^HhO=e$X>=(%>
z97yyvbJK9*v$(mhQK?|F-UfCOTFvOLhD~v;8;(Qaj6Rh2heW><*+*0Qtw#OG9)I64
z(EEXE+79L;0f33HfFkXlOu*}4ei#54a|>vp-7g3@0Mg$9fN{5gmfHQDfZTV`z~gV@
z5CgQG
zuBaA>n*&q{%Z&l_((Ye(Bb>*;d?5h5jh4&;`e}DMZuG}seiHy#CN1Cy?JmG`UVRwM
z)ZKnsS+?*x+_}iF0ov_~N87qNn590z)FxTrE;?AJ&Vb+U2oXIDfT$1BMvHiWq1yX(
zC$t;~=E(toGAea1{C#w|_VAG_{4ki8CIVcpdK(?7Gg6Pm=Oicz`gQ>BCaBwQP~eK6
z9Id@C{+g3hm7bo0m-WPXPQ?2Xr_IA&t@AMVQ*7k#wVX@q!Ef
z5|Y*A!KX*ZYH#Sh7Ss=b;dMabm&a-Etj0D@GXXfU4rtC#&=l3)rqMP|>j2nL2Q(h9
z6-Ti+>y01d%sAZ&z%d<}&l)L#mAdk`EdrKX~TBrK}HPA;Y_bB>{W09MG
z;aLi*jGhACj2OQwhG5Z|I%Qk6qgdzkD)6df{EFWpKTD_f##;gO5&CNIHpcipkAVCf
zo%tJ5L3gPi0&ho*&v&Jwb9L6Y_)>|^Q@;n^o)~{Ox>?bAI%OPQ{NVE*eF(h6G5+`M
zq5n9Yx(%ax)@a=r9gQOVZDG4(3i!us@9GIQ&-#EjFvh>-C4|2~d-q_vL5k26@MgsL
zH`9J6Xz!aXw)Ct5uR6xxgWh}eMD5*qwdG$8-o_aJz~hi#sJ#V4EdL?!cEtFHnjwBC
zX>ZtG%YP5NJu!X-z4s#R9Za+FKLp<47=P&{(7#xF2g)qJ@drph{x<#BiS`p#Q2xK0{gAd-m&AX{CnVi?(IMV*Qt-7
zMu;751mKPUB(14Q;zK$zsVC-dnWz^4c#|MWVjSpEo!WPV)$~08zXzJ6y)>Gh(2?KK
zy%J417^XDC-)M>hy^7_{P>Uo^y#N?YkVL$MIc$uzTc=#x!5V8i01E?6jFV|f4Dth=
zQsJBR9H6dEMAn7xK`wN}L=bb~K0u!h;EbYeqqaPZLiV+ed~kwNVu(FJ{TLucr?HKT
z5lD2Ojx0SHUv|=fDSI&IjK4`y9P(+j^3k7l%Jy}bdSd9^fEtj1RIY%2*C{Xcv7kx-
z<^&*PMFIV(y~4+A894)hivo~@DV4>ja~$u_3v6w_8K?&Wq@*|w8FIWk&>xa=_c~Bt
z2FM^C+Q3)WqL`*R-VO{11g<{8s0V+OY$?zN*`zg)S&sMjH5S<(s2)Vdl`sM2INs(<
zZHmSLFf{;~WDBT)k!y^){Z^Pj(
zUkv+*APLd7j@M-%`f<;LzMDKo-VACu(_m5U9dG>2Kz&cdrwJ&T(T;<5aJ;vx;i2*Y
zYa2kt;DU0!fe5yv#^9P-BP`yBN@Hv~tlhCo8hr_B)OTU}+uDEu#SH;$&Tb
zCPz9a7Xomp4^j=epG)-K!d@IVxZEc++Re#%+H(Y>9|CYk0G8cfXc`u$w;VMp-W>U0-K(=wk3X1pM5-XCg9v9j|gW
z-k$+^yw8$$M$;^+Nl%OfqWzuJ({hc^I02wj0w8nUVvcZ9AG*_csEfhBJ^^FK1*3XH
zNwm^Q;y_p}+s)D66eokd;*gi`Eqi@52vhMEEJ6>2KX&+wUBk?f>+Hrk|aR)N}9xEckjm;Ex0%_fSN>K8gP7q!)Z*)akbY_#^Wkf$DN#!><(Qlo6sW@k9euNXvbkn-8*Mibl
z1yB`YEvUHv3>rJvjZA=@ePfdtEp*)n(K_gz5P6$oI~YQ$@QPgb7G$^n4)kAro_;n4
zXzseRZ-YhBzrf2d_=~W9nSjZnp^clK_NP`I!0Q$80_w&Ki=i_jB0E)}AGByA2cIBKIJuPuG#-I?mCXoGcno%M#7e+nwCm@GV5@?{N4v
zQKZX>^H!n7aZ-L*ZMzncuas(pzr;tmGKYAd<82+}D47fD3|`L|KNs`<(TAO^ujg1F
z9tCf5jDN5Qe&`7&>w8Q@Nkg{;ycKo$&p27xNtV9>ylZ{FHe=73?5jNQq&~A8i_rXr
zxZMZ9BR&WlNd1Czzvy`1qXsyygT9-*YiY~WoDxLvWygE%W{|!I{b0az+cbdOt4?lD
z)Ge`P2C^t0|G3O>Utb5%PRIKQ?-kJUPFDbqNCc(6+5({09k1Dwn8Tg`=CK4Y1|~~K
z<)U{PeamT))di6n)$bGBz2kV)=cTfQL_cuc!UL$l8z6Y4FRb3s!u-%lzZh>+=v#b-
z@s%pX5>hdudq^z_CFw}PcStbrLSgL=X^HOyKZd|J6q^1AqQXX2rS`xQVj)kv^YE>n
zJ`85+Hx^)~cT#W0ie8~?ObYaXhUQ>)_5u2Ms*!GbZY%7k6KbHn608?I41j0=GWw;?vz
z8e{&li&8;o=M$3WtJWW|pm@z)Zw$)UoBC#?!90udTDo4_&RE$_wS54F(QoM^7cRsz
z9Pa*$lCVpMp05LAY-x2&ILe9}AfolT3K}S2nM(xGco`WrwvEj&(A^kjZ
zM@Jzy*_Tzz*JI^7Z&*lAM5WWThCUh0)jq(Fqg1)>S@)vmiStGr1$>PUl=7vSxri-U
z3vPtPn}?2$FzP$-h-WY_FzrVA<*g9f`;h&D@<~X5jxZHB=q_)gm@LU+f6&vZ#Cqi+
zeGZmx)u~Vt!C&xd`3>Za4e4XBBB0(5J-QUko<6|D{5-L)7Y$|ogUaHYSI|>{oI!LW
zhU{L^3L%~rO8!30lzhDkytO{xj?Osr_bv!|J+L~kG{@Hia0@|_2Jv6-=#3Z(cpE~=
zjSxd^BvpuE?$(3h{66v8nWDODKb9|`t<+h<_?sU$L)jlxIE_X*j!`qrw-EpIAJG57
z-!K=FnM;jc)YXeyhg1jfCIx&M6SakUshn{KsY>jLt9Las)|=}l?Sz-~bM_g8e=5|R
z8>o`*qGWC=-Kw|DO@07{+Pw~lZ3!rqO26ve;U*t$0Kns5zL*Gb=~%sw+~i+Skr@^D
zGXQ=_1f|lmdWYQPldvg}8~PD*w)mTLi+@a|YsE9Ug9xzr{nC-26Mg-P^t8;UV~8b0W59mR)M}Y#-n@n8i$gPbRl;Q
z=r{R1<6l$hU%d{YvN5_k2y4>y37Om-{YAbh=)JPf8|f8gj-PQ4||%KC5yi+n1X-pN`IX3cL7X0Z=YH|onM`BK`}E8&~phOj;o%nBdidj%=>
z%XLO)+lJBU3VJb+r}=2xXiAZ<*2%r_P3k4!T~miICH`TZyd6dHPVgR10;b|xNIvDyOc>e_aSWm+9oaENcLn`+GX2S3no0y)2m+K@yj0I3T
zf!xPunZlkcg+1R%J_qI+3*JPZZ+a45fs=eYc1&9U^5Pgvih7Zg+zc(?T97aCS=K00
z(z`jy&!DN<0^Xg8eCbJe1Dxc1@R{frz<)CllP5iiJ&m4*L!j&Y9&8imbm>TZDm5WP
z`VpUHk?UnhH{x^CZ^)2d#20ciC__3CUrL3TnNfviE%cS#%*~K4#Me@s=c^F2dBGug
zOD}Yhl)E2Mpjf-?q%ROirj63zWT$EpYEMGUAA
z#CG^QXEU}JOZ6br>!@{8Ht7Sw9OeU1JywGm+MLz`t%?2_LFk!ap6CNiEK>)*m+?U|
z;&!{_Q(G0H&Iaw-J-IQIwFBKA_U#*DBo)`mPoIO*XPy4M^D#u!JvfW8~e&
zM&=sq4P`>R)yJs3PuZqkmGK)oEmZsrIjjPfb7e;UK*RZ%9C0=@eYRiP;W==PbzD`5X`FBcu$RQYIz>t5c52~brbgZhE`avJ-PP0
z%R%wH%ibcLubFrrJB?wH3d^-;>0CoE>~W<+&*Q3kcvTkHVS9ZLl(5I6=lw3%=MN>t
zT)!yS@8IZpTsbZ5aeX>`$}yZrUgP5qxo(AH*yGXj&Kt(-#zNt>=UpZA>x9DVu-9h<
z-`OJt@15d0>w=@_ak?n%
zUHv7mIm{1xO}p@#6MJA0+GrA?!`*!{aw7&n3bP%MlR*B{U4c
z5^uCXdW$@lKnrmWChTpWL4`c7)sxZajT#wQ@;r<+4gP-ASot*IS^zaal97XIRgIp-
zsH3t-xr;0wphG^!8%Ueb?=66(dg}%}Q{4I6kGu(8_&s44@G0Mt
zd|sI9oWAozS53Mii*L`QcW;C1D%EhWu4Fv;1UFa
z?-jzmxCB{nR}uHJ=(vuT?+AiavOjnJ71
zdnbYHd3)eKLnT63cO1!S^Le~%0gq&cy(dH$CDG{Mi0}PRg%G<$Vef2QhP^gb42WcW
z|BoXK0ZOP^Ad5~Xa~6*9Q>)1wU(M?u<;ZK#`<&6ZL*U0RC*iVF2>A@xVXp#^60bcp
zdU6cy7N8+?SVQs|IEH=z*^_C#5a(_@@3}KU<>u&cnE-^n$IqfBlEWSa!}j`V(BZz%
zrVy_~+#9?^F7d%1$RX~b9rg}Oz~8PVljN|+fWr3rN6^C_x1bJtN37#<6po%pdWc&;
zm&hfIb}p~i0O-jvv`w@d!dXnpLqhl+m!9_|Q^76i(XWv>a}vn&xL0e4yU&)$Wmt}$
z$IfktyV{1m56|QA8#$8fd0ccY#Kqmh-XNfWU1%J@4j=a5-3b
zqk5*G%aI#7mU!H>(34|`yEBI6GAuHv7aJhCQ6%Rt
z#pSKIED>Ibbm{x^16{7nC0|e!K@r!#3X$S@T-pooIZ@|VNJiLW1q*xp7$WR($GEWf
z0*+{xFpY*s2?TOd(UT*l>8XShjF^2Uj}y3?#GP_@HXY2NIDe$QYaFe*3Yw6x$H`yM
z<6K0DGj1hv8TL3ehea503~}NCy}pAaa7+^7P%G?lIEJE00!NA{{J5NbZv$+d(^TPV
zCEks`09ShUfTKWb2HJXE__(7wZ&Ydxek(uLKjK}z{SAH_E|_uNg%sta_B&$QZso5R%?>bsaw%ty|LU7XW#$XtpVItwYv{A?9=
zjY6KO;z^+2kJ04yIRE-{5=eN}UXDm#?aiP@M80Oe!5&0^;3ZIJTI>}8_RV-~H?Bc<
z0FaeC%M&m!!1QqUC=
zPR-0d>=ZaPm8#n=)Tt){e(p45qK1Kr*L)QtQN$%VT%R{7q}6f97;G##oj^@Y4smhG
zS$s&s`#+OYdM7;87;FBVARbeo339Vl-i=
z{BXa7_r?6w3g$i)*IjMCRpL?7wU^?}7aKySAcP4B!DxC!H;-vrge5L?88?K4CUukM
zf`81uQvolimz=erN^cbbAC@%`abMcb5tc6W>T$OH$J_kxk)>rV>&Mc?si+Q|{o{H;EaX#uG$StAbVyn0`
zP+SJ8#NTLw-MAj*SWuT(Y%Idle5_xr^SSkC%2Jd4@P+czwYLF>)hgpQ8@(756Kiok
z+2sw5eJWREm$$I-jN--4f8YpT0`}*Vjn0OFPQK+X@$?;Gw~7n#(g&!!EVgxkbyF<%
z2;ZA<`_nBJ*CD`-1g=iSTjy6iRuWXabNq@oQ{_*Bl2KO4v_Q$7P!cT785D_Nm(8pX
z_Q^)6g(kuCvrfjwn%FqC)E1De>UMHJkgJQcF&M+$RQE7u{+6iyPQfQ}U1k?^z|wCS
zUYF}Kdl;{^Y-l=$+o%3UeB!RCV?G7FB-QHSILOx{*H#a&tsZWhI*|Cp-B9znL+TUt
zs`y1f{;xezSA*BG!y1^#IDwW){Q`%pXf9qT}ih!}L_r=zBHINMa~t^wwCV30htTW@PjO3~w6
z@BFqdyZBO;h?(G{^?6$lFs)Ce%I6Nlj@8vZ(A6kC&LtV8Kk9-6r9bM{fnWM)HeULL
z$R}r+NVN^<1NVWK22?GmXIX5lf5MGy#fOny
z--m70&T=RJ5%2@C*H`OnwjtE&aZ@jVoTk(-GsS#O{3j`Rr)D~dT9LpQV|t8>GO
z0p@m4$Bp<5vEi5kX0}`NV0C#XEOygyobPn;CK$}HYrY8z!!-Hn+FCy-$_1Nu#$1_%
zxy@~5%FxIx33Qv=&)g5nl2C7P^Za0qZ@b0qNZ;nxY_HCdc--se8;MF)$~}r7w-Jez
zs@EBj;pj*cm(>?<*kMcJrbYzl>A>G~eLR%3SGhd2BQ^;c2u_ch)f>~&S4u=Bai@e*6>VzvBq2n6oG<2QKkHG5XB
zAJbB9dwi^wi6!sOco`J8rPv0!(bH07=BqK>2l;(J#xcLWzFEv~ukXQYHHK?Gb9ZBj
zF&A9*V=QcpETJm@XBsmNFQ-!#Ta(*8iGV1BO
zI$odI8~MC{)7LhskUQ*BUq1I!{_%h*g|S}7SMi$aY?k~ERmQa}XcPiZf7UvsegWS(
zjDvXk8U&<@sqeDpA=NTlt7mLzvHnjfs1XrkjP68?R;@G+G1gBw3z+|7>(;DcIVg2U
z<@YzWety=XPtoQ~$nOz&f!yPi+6*Nho@!M0l?ulp@Z+FLfwleFG+Qj^t@e5F|$ET_D#6jjElbYlMQNe6pi0dq(;)PT;waW
z(o3MHrPIiaucNBqhK_jnOXeXQ(7)=U=-wrNJMO|v2ggeddg*4Q;${_ZI(~&4Rs1+4
z&JN=>M=V|N#|mTmL4o-OfEwtFNDwviBOgmVW=6h~GsXbdu2AY2Kwq;8V#VSFP$ljs
zA~dGGU>D-L9#rQJUpE^R1k&~2B0Wjxk!>P9Nw;JQR57(4+^^MVIG`y%j&pR4u)zfN1CtH5Hwk@dfrAOs=n2(wDQ;eA=1h|R7p=7N@
zy>g1qJf2k-dbt(QYH-vEruxQ4M%<4(=mtvwX4-+X9~foDMn-rXh>};z9mvl=&V*VP
zg!-vynYcu80Yym8!j9w(s2X<0?QGn(Hn-@QS3*S>I~~#^P%#>xMf|UZb6JULDJxCG
zxon`hjhcpYc@yKnN0yJCgf|Dy$>El-PR(MKe=$OOX}U==Od&sA`;;FN#r{{j`MBG{
zXstBu=HqT3b00PB<__03&m&Ef`muTkaVrJ&1Nyph3#N73As6hEZ7xs`YzQH!T*}ovh
zmw|JXb*8bw_XG7~EQ4>^atkpwF|Sl})}uTAD!>{ak0kf{UdxjksrP)~(r@Pzn0eXR
zT$=F(b9vp3*ZPZQO5Ln?U+<`b-RbzI04>%~__9VeBK?D08%n+Y4&~CH%3ff*$MdCF
zWG@(Ca%iTS^C%)S6#^Igkzos4FEY|X+sN?xUm{b$t($A1#kma!(eS{tK+0y#BdNaU
zt6DvZ^Yi$Z5m|N<4l29#nfUw>TR59M`e@hoe{9>aswcp>z
z{VIj~j;7_uQ0*=F)crH-hPw@Vj8ARn7T$vf-n6+B(A1Q6zZx#aN)!hne;Y{j(?t}A
zgoNhw(_PFxV*UWUeF_#XJk83-ynQ23CFXX*NM-Lk0pmYVADv-hhq_}^xjYd&(!_LK
z*iJ4DGU2WZcj8k*4lh7BQ90*?bC_)Q^HsMy;T4Uqd@znMD3VxnglgFKux#U
zBLeJ)b+8BsJ)HCWX|9>7bR_Ki%dsW}u`s+QzI_|IjTuYYx0E07@2Q9F9$=ff1wOW*
z>pgg94jiWf2Ps^97NB|(y=khW7UR6j>dFe@yAsrhh#|bN_Y($=r4x~#k6UD{_jNar
z;&?xR$^1SP#Z5_gg_5U2^7eX?`+Ui(Rcx$Eb(Ac45?!)Cc$3}K#+#iJQz^1_t53mJ
zJ*i^!Opt-O*ai@*6vIG`hz?W=7dNaF1#2&Xf8fpeI7qjNy+7&NumdS3y4Vk@0lGH#
znH%)S(6xC4H>#ML8)D(0$8jER!yOSAZ}-0{j!2-0$s(}XwK-kRl`t04mh#pXtU5
zvE0lBH6l7-!`DUeOx5jpl&`Mfd~NZusxuB$u~EX5#^O+(8K1(*%*6Wui-0PhX2QBI
zu=wk~ES-#7bDnh!#a^cYLReD`@zQJ>re+n~}dg(N$TeFdf
z6Yy!87b$|n66cb?d@8Ec4ATpXoBzV{6G6ul`Gy_|=D!jidBn|s}~epfCm?}_9$yC1LS+rWpKuo3vD
z4BVgg2zEJ=;U%_c8pybDuAjrpjE~*k=02*j%LhY6bFJR8ec=6p#zCM;ZjSzg#uHb)
zNTs}&T$s_vSQCa?MnW0;D{jrU>YRai@Rag#a!wN<@F+oLbLY-ep=j4n#^m%N{OQ`w
zpav$FsXgM%R-F>8>6MN|!H#=?I!GR%nzrJ>YCcPU=OR=P=Njay4I)-SK9C?V5Fp;K
zAPkokB)<)0?zYdudYD)tTIDTlCbCx_bn${}mL>C8U397G^v^f_@h*CZxu0qJ<6X5s
zOV!6@9>$`Zp|29koy9mvedH4cc-I9gqeZCIQ(&u}487;lFZAJhLad_{?QrAFfd9x
zXr2~vERuGxj|`0dY=UsdB)7x5KM)*3FOusxL#Cr%sr(bJ!LuzJznDuso*^U-k*bS~
zYqLY7YCDL<5UDxzp8D>@?Ucf=p^8T}!ccB+g
zzo_LNT&s~(e8S&ay@&JX_?J=7JP_M_*)d$rMOq0Q4+g^PeH1@s>~;K`o21}~w2
z+TUW!pqxKlJKD$ojP?qJsv{?WvqtA}0K=kC;{AOIJk`Z8R{MG-avg-l#~hDjrWVB#^O2ABM{fo1u2JecP#s-t4M!FX
zw?t)KR`ff#s+dyC@H&2LKpwO@V_v2Qs1Z?tLjN;WA*I>7F_f4H&RN4uD<6d-{&eju
zP{p7f#VVDmpf846i$QhH!9g;QBe5Zzw|A!NvWIY^dQ$9HEW>;Y&NHpjSj~GF)QIRn
zBv#@^A~ARg);qw>`k^Kg??@CF2@lhR5((4Q@W&v3rZn=$Ag15&cZ&2I_@+*`Ss0U)
zKuKf*n3kw8OW7z+V9}J#OjN=mOY?GM4ny#2QXay9u(&{97NfN
zGE^bz^1+xGX$ynb)6ojlh=@@~FFdB|0*ccQ2hs5`brciz{=Hfqi}N6>qbM-j@t{UT
zj5?fZeC`8^a~lpaLf{BRMhG0_h}Mr#6l5^M5dzt`F(U**R53NuJAH!l4}(oM9TkLk
z=wB5_B+#15$Of>{;zh2L^GLk;g|R`4c3SN{(rChbv;1`JGEjrDL0mby%69mV@tTArj|m{FG*;7EgBlSXsA+qti`9L>5PUiT&W7)e%lX+cvCy?&gDPD+vg5jTEzyQ^
z{F9aQhodrY(=CtaN5Y2ctr~Yd)&kwf)W!3vm2@gI@6mbeRMJK{>rQZ0=6yPg-4=FC
za}K-=HTN3=%$)PV2e^O0NTB-WygCR15BmIQ&h~96QxEwHwpFYAtEVCjHvUHhMl3It
zLbya8HAq65fMOD2+FraemeBUrePxWP;H0<8z8+Ru3h8@Gjg^oa^3%0Xf+{T~`;d~q
zv=8Df&3DSDNiEpnM!HOYZf{ZnflRpR(Ctm?ZU`_9AETyxo|JBTbSnQYv^Vo@kQG6Y
zhb3X?84m?%*j>LliW(3eI-~E0?E58{f?C)c&rq#2x)k!$wbMHIeaqK$6Tk1s2f8V*
z=?>=JjAn4(-`tzgOv+B((DW?_sqE5Y@zE>4{v)CE<|
zc#po_Rmh|Jf!c0mO9I)aeOZoL#2q&Tb}y*wEw(to{#Xxt7y6%>9pOLrnK;c2u-uI{
zE^jKcxRpZ6-^oQby}cY;dd650xNeM=4kt%U=3)LQ?C~|}eD0Eaht)qQ(7ze_W&D<~
z6RsJ*o#75*@WJ@4%I#zBF~E8VHRlO1CtHoN;pnS=jEyDW(^dhy57d9YGpRc|2>no9
zY(cYWh;SzanvH|;>c|Y$lgNrM9Mv7I7pnQ
zf)#i;Zb+|sQtTdVPyY+fciTa4%)=#@A#l+F5BCgpp}1v_Ls4x5PSo}#`UH_U3e-A9
zb%{!urkni-_Jgb`y3=$!Q*_bcX>}VGz=V{u3L%Uf{Ey)+
za%`A!W$^#Vo>9ahd%P6_2?r<
zuEk^PGSlwH(6<0Bfpa#=?<4zfKFnDIOY8vRGyLn1AOcHp*brEPH>!Yj{3l2`xm|3A
zEJpzS-b1%7tv2sXaK%PxwH?e*f+2j>8Y3aVyW?L*;j%w?NXD%y_~$yz|KiG-goEVp
z1JB0i@JLF1H`Gzb;k*$4GNM(%(~vt2SI$}-0y#C3kgHx(>I$5%#lMUoRe(W(x&>Fx
z%Qy%;7VnL5@!nXn3h7ZJDY_V;eu(ov{L3g@b~g`?;{fB2g7L?6gYmPwT2p_4h$HpO
zRb)-I_5?N15D}&D
z7yGCj{sP}=KxgS>SaN$OQ;cJc&Ps^FE1=)M9y<@>28|T%F_XDocQN9RZJCO_=(owe~E7-`8z_6%=3<*Mnsnr0(AWj+KSM+n#
z$v8h}l@$fbP6IU}@>I46_3}JWoJ(<#OgaQ*s+g#6F_^m#=k-=czd*<1phiRtI3zXx|2Eo}WigB^{q{&~3aEO4`~Y**Zwk
zqka_FtCxYodYNk)N*p-N%~2f$3;wOmkaY1rc;KRkv#qPF_zm@m98B
zAln*LDS!UJ0-pfhgl^55=+-Q@=s^K`CD78XVG3kgdMJ3NTXTUsh{}R)&4q3sbC225
zH)Pn;EWrApZpYSr-%lM&hPq7w85YHDL6
zy8#OM)3s|8WjTSpNM#Pmvz_=}|Fsgx1NoI_{|BR!Q4P$Td1X1@Tg@!DJ$U%B(yizj
zms_DMBZFYJA(&u-_DlUCKn*OYX8_99N8-69kk8p9whLJM5~GQ()-V0h;`PSI5gkK<
zigl{FrYY9IEXTi58{*&z6eX>Z^n6{RTgu)w}KiGc`Ew=k$(^rXD1GU#~AX#HbrU}0N$8C2ytD*2`c
zymo39;uQ_Z>~C$V%jiI6MZ8S%Zz~#AHrD&4eUsPAyr($Ryz}{OUL)h>
zF-G_=yx&?Vakk+Qqy;{1nM%uWS`ud*UWU_S&$CPzgKVy~dI;wi@h_uz*+o2DgM%u#
z9_HDNE9X-j0+nhc!B3-!Jb?4>_?Ho+3XboK2=@oPF%AM}5s1qgVsFPBS%2_b+pHNG
zSYQ~a5s_zGm{p7QHd`1g`NLzpF%C>%+5cswkMiWzWwd?9N+0KSHdcd`I-pZ^E0j2o
z;UID3ynif?BN@UARp?RT{1*OYM5}^VkOzBlDkW(WGDO`ee7;$!w0GuFn=aCuN
zxOLj%5LnI>thP=oMn{b#{{H#!$T$zhzl;)P1vsdJnlR>;aOKRyAy5z(PYPUh6jp%6
zc{ToJM5~n#L2=rZnHS;4*@T0LvX37pO8D=Xti2282kz_x2^gWTRzO=)P@{4b3%BNz
z)j6X7dS5?w@5<-uh7&(E`pG`ck}ROR$tgxFSx8gn%RzO#@sh=emkIcq;5
z0dF-dQr=miRIcpd*6gb4b-Rtn`!*5n7AWuRkSx6cYgYAo+49k{$giCwX>BO~Z4?Z*
z=G`h#3(ke7c?QvUcH9X_%{Z^OH8bW|-9f0mB2UNK15wWg#c6^=
zpiC7Lm4oJB0L~}W(=h_nh=@_gmJ^kl1d1~Q2hqV{hAJlNk?--O2D(5vU
zb>~g+3A?J=&094`c@smjMuA&%Q&qdUi3P8t&YnB9oK;xp%_Q>E4e%_7SFwd_YdMAYDzSe
z_9Rd@52+7uUSb>d7J-`2L5+wQ3+LTXa{v^TG$c+(oDB#s$_c5q;O~38t_`|?8lgOG
z(39BrdWF85Cp7x5;YtXZ`ngp9j%U-H!T1)LNSJy&oxH(y=9C6
zFCaf%I~m3?Mk56ni7c89z&Wbk;{uBhw9|lXHO5Ne&4}9&*G#4F0V@z|g
zhW;JWHv)Iw>qh#AK>G84mu?&y>PzR`{VmpuD+)C-?h&sj-HIn9Uh`1VBdEV@?o>9H
zVReV$g|=Nr|0anWW7i7QAa*En6E1vMscs;qxHFreTfkp`emg~)tT56Ei%;V^n`^%w
zjf;n^&Q1mlopV8r(+TTv4cW6nooKQ10_>(bSYz4r&|s#9^8wjhpmqmP|LinzpA^Wx
zQb!iA5&VG1{h)5KSoFT-hbQ906XRsUIpp>a!r^kdB|v@ostM<@AP@E@%8oR$AGy+>
z;KR6q3()?5Y!;1mYUbwr!tTW$vxKWtbM&e%uNjr6*y!8_g*jYd-}}@oo&>}98g4;T
zEhuLcRtE9*x;cIsQ@!r9kgt76H>~XFedo%4^-j(7Ui&NnvpDiIf$VcLxeyesiFS_b
z3TKVL3K=h&NL2@3ekZ6wzDY@yVt$9)KPYRG(mUOBF6HRfY^j#wvIlZ0ZoVxpJqC@!
z47-@%9#^)*bZf4uK6VYLw*r`RJk}-j9&qg&jMrA1I6i2Ww{>f3t9xvx0!jVDZX**k
zdSt5Cg|C7mQn!KW5N)XL@d>Ey7A(hNmTq(NTzG#~j|fxEZ56z0+@_{3uc
zxYjoVo)t3-xfb;sh|vj8n&gCnqIx(!IdDwI*UWXhm_jtu^o{4b!%q5x1p-41u6vy^
z3JOlfK^!Ih)DUUk$GZiLNOv~FN4W)D^mvFg!4nK)h%~kw)
zxj^XAZUb2Ww3u=1ghf6tM}XJtFe%s>q+mCw5k?5Hi!_pRG}21W6_GMI4~q21nLXpk
zD7n~P9hoegk&!ua_S878!0$D3lm7srw+&^MEjSn_l-q2dEq0i1a=nq;*V;*q;|l*?
znw#7g$o-F*SR&%`)3sCLp+>Et)I|X`&ff}cGz8c337`%N>@_cX(JZ$1IJ;1N4gE!XR
z=N#cX-*MdF!Ta1v-Uj5oR(?Pre_tJWHI5rbcpo{*?}9Vi;xW9GpRWC-4&FL!r&kaj
zH>L2N#45@a=*K;1;(J$+H=lwUmp<$8pLBYf(qSF`Q;w{I960=^&AuLV_`g||zQeDD
zLgVM2HQT7u;io@j!cBDe&pB}p|8xua#3n6A9R5xxaQL@az}Y@PT9sW+oWmc-4LZEb
zo#fCM%oW^g!u&cI3p@jAkk**fzud775am#u{uNH5(|-$cDQ?sjqaL4(fcIJ*LOs9Q
z?13y!zd0P;MgWb|zs{-S^shG?SBcY)(o>4l-{izQ{qr9%F+MsWg%3FOoIWEYWq2^w
zK*#mC&P?|dC;2bjZ2zy(l81>3{&el_V-wQtJN_w7S5t%G_?sh5lL0f1{{*Lw<3G_S
zSjWH6PdFWal=cwEztV|0{xzVAG;<;bsYbhzA233AIBYAywOhbPQ>b!
z+f9-_Hz`7r{)$f$oPVRmr=X1)?R4Tq2RXs=mJ2=wBD4YU=HGc|WLuwai$Z>(svu@+VtO1o{Tx1M%R%w7D_o
zm(4Zsv&UonV`Z-hWV?eJ1cb=<*gqV_ID9n9W~!5F=7bkRn5*nh0QT3LOz0B=4NDR=
z*o@Uq7vJ?}a~1zffEvEV$le)bP32Jup}1M>O{BumD#d}Znws&^xbYQ
z6dJetjh2OC>2|kTP@>!YR>!&BhBjI6+hiHHdr${%caQ~~;{(L){;cENZZ>x_I293C
zy~(8W#lYqEnh=-Hn9F@wOD|2DesQ^v=tP%00&*$t5?hLTM430@a(C!hKYIhI02-J3
zw65cFpV4-91^w(N2o;z6oQ`+7c{iFEADfW64|F}3%Lqvk?yo{jRQ72|^NF}P?rNi<
zVc4k9wM`}_q}g}3)w+YJc5t^FhGAWQ2pf01LDzA&H9o<*+e`gK)7?G+S>tZ6*D-gy
zA5?L-TXf9bHfO4(pS@Mrakn@7X0ZKiZg0^S5x?~+lblDaL3HiW@yQ8X>vG-66jk)A
zxw*zXpwwa<#H-TPsbWe#(-rT3;N0Hom0mq`>)LBUjZh2~R~1~@8?$%3xd#W)!ABIT
zn5gDYyXqaBCuW(r6$NqI18PLXsN*Me!@dW_`3(or!N*yun5Ye1T~#m%Gg|d@v;s9E
zV$hMz-3JDP^3tUytQqEn_?Aw#*?K+_$GKVK$ouH_LAE|I6kl{h*ko(DpNp6mmf_QA
zpJ21KA}(83{c^bp>3W;EFQLbDM<$ud=+^vP)vM?VgYr9^rpiw?wb8BFUxiP3)iA$+
z92-|aI)f?&WTtLq24cTg^_VHp?(liDwTypQMHzvWMEUrBLAZ8*j
ziu4B28H|IdxrS)ZHtiiUkx*}3j0nkKNb7Wcs~{7Bi5KsTV1}H^J@p~)c2;<6Qvygn#E_9Xq;E~
zn28cU5tHA)$tD*lJ*#_c0IA*LWf(_er6&KW5Mr9o-7)4~VB&*075VAfVNY!DOY
zoPxQGk0gR@6koUe{sA8oT3KAB)~T7;>toCH^I_sFOmEp|xicw|&z(G4oMVzPB(Uxy
zNQSZQH64w0_FHRivDUoGT61e)%^rMVo7TI%Ej_QlOkz
z?I^PxD?6EwaWAayC=(qk$C#3HUUm5#yb0!=?(Kb^C1ZQ_#D(*aajT{O!r8O(d5w^(
zRUUP_HMg3Kd;&LU
zvH#NM+|UGhsq(qK$@vyKK7clv=0g`1afcIua=(+?&oo*;3ZUHC#Auyc!VO1g36s)!
zjkpgAQ(At-xfoa+m%`U_IXxo1;A#h#$jb6-@2UICQZWZqC!-h&wX0Ht~O!fX}Jw^
zI$+IZ4zRqNsfU%#B}2=PWQN0Hrq+!XPe2Ei&#hfcPbb%uP+(66*0tD3fc=~h$i0R0k
zwUa7JnMH_fb9%9)ir(gyZ+P;ml-td`S!GOdT_9gcdAiM{fgM={Am5QWo;0u@Rdc4f
zlpE4)x00;_$+N(2K4-p4D(m3CVp70u#x_vwMjWI~U{@)wO`uSx(_Hl&&KG8w$oRfU
z*X{&0BJwbKF|o7uIqCq;?Jagz5d5F<*aB|glyWQrZi++DF2)5+c&mS0H4yx_zN#DW
zNKhjp&wz=Y*CeD)1ocvjJu(P*c|11%0%YJki|G(xHUX2hr4T#Zg+tk&{Vrxz`CEY<
zV6i0u_LTtptefX!J&zl`gviT&3s=A5;@vMzw2uo!yUnnDi#NcA^Upd4UdX-P$$btY
zD8*TMNCocOnEPnXf3SC&yUB@|`-Lj|9{`VnmQ7Z7uRwS8zv{jy&~0>G64Mp-9)Pm2
zmyKiolSt|!tFud>^I7Obxt^um#88UA(uZ=<+TD|}znP;_Efy5{>Ds}-_Tf6^$OC(xslL`{mSd0N
z|F+oqv{}UbXKXOYUo53(QqFuI!n|7o^pQr*Of_ar3w+!Rz>otsYt>?b&Wk|Lkl)Nr
zr&QeFO|V7e^rH$jrU?XIgn+y))?$<{A_iq>{2ZKgk{X2wJ3Mu73_saP4{Ypa_D$=T
z)F*9G=BV7RY5g0|&DFqQI|o9O%9IN_-UdsA#(?1n7Re>T1JvV1il?A4txsA$Zc>v(
zLHEW^K3-?yjR|d3E(z&bRyd=P;XsNiGP~CSVi3l7Fw&7udPMHr+-#i_9+ZFO;Kqz?
zHrQUg;+!PaMMB8Uh*R7<4R6UNCS+7@f6>q|J_22VYh($q3}ciRe@lKoqmdAa#(`#}
zVo_$yL`>sYNtq6S}a%eF9CQzWrfBHuSvYh+G>vD*YVF_tlCvCR_6QRa2YV4K%%gV+Ji
z*tIK@veur(lE_jiKwz=}b%@#dKPIy~+ENr~?&Q=-ZrQnKX^^P9v&79tH?fF!38F2U
zOtiZuTFM65t&_49#oD?*3L?INt6zHv`Ez{V8r)maKO&D=XtkBLX0
zrZ5I&`=)7@GJIMQU+!(Z`jf`WTPJ6aFw!ii1Jd-QJiO!PAUp;Q1;*L(BiVyJ+Wj17Y{tizEi~j-
zxkLcdx{1nJ;pW&%Ix%3`5<+GWHokz2FF&TH;sHuxxgZ(ujo55}p1HZkHB<)TlBfjL
zQw(oWX7|QMEt4@->rrCeX~Jdkx6v}$F}(#!R~amPOnjc3z>Z~sp^_Ovp_fou{qgN$
zVpL)Vm=&Lv-f1jXv*QbhQghBjtu*Be<9Y_nQ09eDQwOB64T<@y<4jw^0(U$df|}n+
z#W`E-oM&B-UV$>aG@Lj*wEgI6gxXJpK|R
zN88hR;yr#8kp9`3k
z>&vDX*+);hD$x${t^H~BW3*n|l6`uj7)|RJ`qhD$Eg=bZKO^8uGUElSjDyBDLAly*
zrxuC7UZedK825Lk?vAYIhU9qxlEvn1ov59W5+mZ(dEEy^Dpr`*1uEH;(`(R8odYeg
zMiT2!XesV-Ed`7FdG&%}HlMHK@)=1t*}C3nsMDQN>H?!9&`d*^0(haOV`VA7h;g*l
z)Fk}k1Z}4BU1DPstLzvY`l&-aAc=l-4NN9wHv=n4_}8Fc25I)3XuivR8$s%PEj^$s
zpvVM$rKV3d_257C4B%(}Rk{x%@7L$65s+_mMz(1xjeL!dk>Y%99YgpXidr9KB7;p&
zw3J&2vD{u?Cknf?`&(Nx*6YF@2C*lv$D1EUu$}XC3aS+={d@`91>E6fwSyO+24v
z=`M@#OJ(3W?gnE-?x>)%Zhh1}8a~br5wIzvHXR&lx=#ubyZH-cyl}rLFb>c(P7lDo
zeoFv#_@V~Aqc)kj=#VtYoRpWXBk1cq#KJ9=iAo<%Fxo(AC7Yr@^@uIyN&h!!(Xh!B`*+tsSeW^
zFJQkMV@sS^OdwKB+?8&Sy-|BxA754u@-S}
zES}cX%shM^A47u9a6eCsp{0J2;B~sfpAh?HofstgnXl?_86u^={uesF7fXnV(f_SQ
z8V}}ockxm)=zc?Fbnc6z_@4QDpJodV!~UTT4QpaZ@i9{#`;qI?j$%IiC;u9b;{g4a
z?Z{HgLBDi}X1rSikB0RGeX5ih%r}DCMeOt&I2>>NE)+AkJ0vvrWd9HkN1qpTHSuf`
z5tXqSf(XbA`!7M8oDCTGh7I`m0f%8(|NBoJ<|sRjVcGw`W{KjbdSY`${!CDqqba&`
zCd@N4N-06ikVIAmlVzAEG7~oS=ZO3XCQMlSb3mE?ybLr|vhe@zGZvnNHis32u^hVhsMirL23-y#^FplmVGEdv5H
zkkBeNo6Ub>>Ic&Cb6&+kSW+uYCYLY=O<^@NJ#FncF35#;F^k*c*gjAMkSQ-F
zLrVjO1RXz|!JJXNDg7eQ(Vv0pWHK$GR+Pn;B$+pg&qEuTF8-`c*Z6W^8ia1~vsT@0
zN+n^K5ekOVHm>xxJtda5^!km0Nn5WV0g`BAJ@ohJHjpWt(CHh@n?NPAsh>Y>*FWCM
znEH<|52ldwH~f;ZWplsP&!
zZ}@-C3MIyqRds6o%)+$9@=G%-HJw9kQ#}`DGE0w%HFQ{H*q<$#5u-Adm=Q8FIkV!!
z?Stu)`2kmoPpt4P
z@Mj#%OpzV8n(RIiNmUC2Nm~WjbvntPGsJWdXCW{Z6mwukc!_DuPv(g>Tgvhm8^YMR
z9>1fGO_AcJ4iFM8cuIU`;5+d6Nt;s>=Q38tTPNP%uBtnca+#9$^w!$}skL@OYVD*6VC(GwXl=jy_51(UUVEMM
zo+*GGzCQn3o`;-s-nHJn*WP>Wwbx#I?X_Y%CZaySODo`E;)%w4>)WHcg&ly1&c6#y
z^&4Dz1l2b^gfF;9dSlg2+fTcrg_|*A?uZnBM_h4SScEO^j4I%UEPj(sKEf2DKXAQw
z1sY%jVbk+_7$&O~-au}qh^gkiar?0ma21b?3UHNY-yc(_)cAoI#aYzad!YKMxn_@k
zH)b53STZU08Z|GXo3Jg1bH!g&*!Ws5;qo&-+oI
zC5EjxT%4}gx*z=)ACB3^ek{gX^YOSr;*L&b!Qn1u`%R?#%&_vvsmy;MTACfWm~nm3
zf^~ZF7=9v|dFLS>v`AB|dFNjf3TI-GOcIk^CikcGH8ZaEwNFO}*32e;=`-3@22qxs
zhxKKH6}9g~tT+ZY`usowIWi#-d_+sP^_68rtvd0$A-3meOQjKP!AW9<`7Bt7Ig0!2
z@yO=n-veNFHp+}(7@K5pBODlCP!bH$BSw7DyutPt-qr~26G?0_{V}$fftW6d+F}mb
zKF4`}v=a<7L|GxZ#YGt<-s+<2Ae&tx0t~eCk&uxYY<`IVB2`(?lgi@&Ai9JMc#N9B
zHkdeb&ezdT(Ovt95#NaEGMzr(j9MK)j_mgn4J~52i8ryt2)v`d>CGb)Z&P7pUc;XD
zSx3HYts~Dw%$VOXc9Lg}o#eaG4gqNqLI1rd#b&wsKL3ufldvTvGgIuTrjMDPAF6=_
zPmD#?Z%>KtBjA={Y$rd8R&GYaF9n`YSPrD$ew<(@c_GFs!fMY?VxF)iCC26g;+WW<
z+1jJJ$nX}GSk8&Hbile2v;By*sB&#D#Y_V^EE|k_D_SOURRLz^wCPHj)og9ic`l2~
zN$}fcMh7`%IFE%oA55_|C2Gm|rGCfchUEktJ8QIWVG+}b?-A4cU#2`=2-t4Ilb&}W
zzlltL#``U3QVmiyZL7fk&bNZ$5nEAWdr4@p*k|H^e~yX5I|F-FF{a{rc)HLyH2c_7Aaf=5d-
z`$Tl}&QeS?1DGiMkC_vg$V7J*yH7D3#I=u%ylAGIz6jezoXI2JZXv|VMlx!%Fr6eK
zhwCqkw{Ae!i7J1L5p`ejF*R%#{*8OI(<}VjEGEA)7E`;UN-Qujo-5k4>Iey_kx7U%
zUg(m+Aeb-w+kb2QiMp`pUVD;X0b{x*`#C`L02nH?OD%g(6}^)yN_1vX69WtqyxkWE
z7Q0_jD*?YL?km1UDcV~zBKv!cE#uDgbC@N9O%(QRX5HChR)A5$-*Ah2k#5iDMr{J~
z)ZjGVZ}?bXxf~U9sg1g4hZVvL^R|fEM?Gx_GWwAvjb5c>8#PY~6ScWr(2reY*i^2mV
z`wtbEme=5x;-A>Q&CHu)S&WC>7#{rS{4mmIS4DRP%%WFYo;5?n52D^FW(fFQRjaOz
zr$PbOnHhj>N}InwMvO@Ajv_*p54y!6#cJX##<)9f01+b)jN5NX@wuUJM?|)XF)b5s
zlo*(Z#WjAqrIMSXHU!usbY}%WlvuuuDPN2c5o#I6Dpf~}3SsA1XVfyYUgkIaR3aPz
zB-!rW>>oW2favqkh_gZPB#G>A#YZKksX7*$BW*C_7iSXL5^HdP%e&YzZc##HLkK?=
zJ^B()j4uDcMt3RU*vg`63J)Y4R{S~%Kicj$JMD;?j^LbPc^_S)M#Y`cEy-=M_KCMg
zbZel)dZEPojSuItVOVJwwZy$E*0|y`UZ4_LV@HhG71c$2-OFrXEf~gtr3(=JQq)xt
z*gS&lkP>-@a^;zEO0lCU18}EN3i-Pn+ruFxjy3%U?=h|^mM%Y>yZ$|@W*SO#2w5q<
zTa`e#PrO&ZV=}WPBPx$%jeoyypJB}i@J%tK>9!j;)=-r+V~=i~P^tK$_&Gw{LiQ?-
z8B6v{@z24i^tn$U5vKRA&>zw=P>(S~d^oyI!6Vrqd?dy+alg2X;5hH2zCHdw+xKMq
z0*bin{zbda44B>ce=JH4YVcd%;*B1D5!z=hNr?8KYBb(fi_8AVPAuZCVye{9Vs{lk
zugfC#iMTF{orMnps+}&fk1ZWZOaPyZJIVZ%5@<+Z&y_^yiqFJs=pV*zD&FHQV&5>O
zL^t{3tHKlFpiGFE`53imM2%AZZcOx3QEBY+P(h8Gb0Qnp&-$9flU`PH_Db=yo6N_5
z$Ef=^@1N6m%~G}vR?N`fsvOY
z>%c$)(BDgk;-CzRyy~;9*m7gQ@dg$isjv7ZKhFzmO!3V~VX&`icbPFqcVX^78ApqB
z)_?lU5nqc=Su^XtZp{l=re<$kr7^aTCEWv
zkiAOSUE`TpQve_$HNKNzR(LkXh`B<-M
zi5*lnrtm(QceHFsi5eAtrr%*y_&H1h>~v!FXq3j-FB(Gu570}1@Wy5^Vme?0haR86
ztPyeWf+mdI4ABOHjLkVQb^@RChylji38r`BlFNu)kobYX|IW$A-vC>j@jp=C-L$Yv#u&#dNhMR8g+Om1=)~)sS
zb6P{)&br$oh4It#eWz>NS}t(4ypupuefzE9Sh8-NJ7@KrS<^Od*xY^Vw9d`lLb|0h
z@%?q}H+6SP38<#NbM4ytgc9Z{ujNLb;4mAKtmOy=%mX&Fwq5*VnFJ
zvu$;F+ZsUX*5lUIh_3KP{BCcL{#w_5OSk>Gt$oe9_H6*UaPUT_t`2Y6vJpRVgKFc3
zO*}Fv(f}+b#)N@fXjgd6+P6hZ?P?E4e{64G8{Wd@f`FUWbZuA*>}?x1cP4ofUb~jD
z)@%jUl(miNB8En;SF0h%ad^T){X7lC0xjwjh$Q2HcJ+dLX;|7
z&xUaOHg3~u##_y0`35BxXhusH^?-O*u23{|Y{3at
zuer&VzIF$50Y7fPb#41rra#(~n22b8#|9n?%vxVX{DR?TKp^W!aEs`0Ke&@I75RnCrrUl62@abSm?c
zJiz$jJBVw%se8l5Fn}iT+zueEX7e(wBIkr*+2=h980~V=v#s8#ZxsQN-%i9b30_DMj3}EduD;*~J6S9DxUD
zBz|nRFd6=7N(q4SMBa?BC4^B&`S!T8s7**9%EW7f`r6Z|VRS#0dKE%|fJ3;s&Hr2mm!5XU
zG4Vv%cyo?|1_2t?Potx6GPunT9&O(YfuMBfW@Jt=h2{s)l|$qnrh-n&_6jN2E1(Rw
zpv~RVMg{j$10L0OP<9*D0+3rrbLy#~gK8ViBW@Z$=Fd9H;14&a&h5J3S7-C9^>Bm4
z2TJD;)W9F8m_OocNw0HnMJ-QV5P@^JB+$)hzSRwoGeo6L
z{WN}%ruI{P3srjS`zdRP#thJ?R?29lKr6L+|3rCA%^6Au<8^pfs1rU29rOmL-l*5kIOx-+z$YW89^M$Ee~t${Qs2N0c!H!HZVkOLN?1
z-ZAqwIv_vfjsbHNc+XHK{ug=AFp_kQn}L3*I|1^Wcv$k516)s~9Yohs&J1u(1Jx{t
zm}#Pd0m?f-BYT-)GQs93*Leq;yN~kG%!I#1m>ok5DwZ#9R-1@we#SD}!zKYZoy2?rVKI)I-$7IH
zfk992G)(^s3e2W?%MI_M6fitk&~2kE41PD|c2YW~LIIlDM%5iO3Ej}gb2UfI{4l@%2d6n0h0kML+Jn&_n0}2*;2y&TS;l1G#2j!
z`h8D|z%w_@xeFDHu2)CKNxWaizZ$uJ(hj+|)h(fn@sd*^S~|+HE{{1?5sg5J3#3NXaYZKqjdg=DVs+UWs^HY
zmWqz^t3+PIMB@U{Yn^oNs@@o3f$21+nLJ4MRy$rrX1t(KfWh6HC~YR?R#Bjv8X9<2
zIYFZ_`5^#Q`P8oQ&q?@L8Fsb0#%FuJ>8#sYm5eT(YI%aJj74D`f9WxavtiYeBfaTH$TDR{ML|B
zlpL?sj52<5Jx(8$w_^DPVb_DOHYSW;f*4?Bz+FJoSF*Zg3R+25;8|dSEcn;qd(bXw
z-0q4McmQ%I6{v)NDwf<%uMd;640=;HisX{;R+aX4Tco#h(c6ubb1$X2H-;~vGPlgM
z+AMIFnmW)CJb};=qup!J3Ary(z^%jL;dYvpg4ctPo8$4KZPtdekeeP|L`R44Rtq$V
zE`AMbM*UfE#wgYk3JqIi5AhsKJI0Dd&I-!n<#azy-cOZ-Gpy*C;a6%y>w=&~=o)o|)2UsV!7-FZYM(d~P)Kv`FXYdSB-L
z%=jRUa#y#Z#Z}x_8-)E@lppwwXSD?+My;RVng4{4^2bFfx
zB-Au=C2wx>8;P1I?GvK8^ogYJ!A=E@>LeC{j`WM;Ov$IRRWt>!f_F>3M#_Xhc5ey0
z`Cu_1Lhh98Gu1m&3rt5jp?<MUmhHaA18osV-`c(3ymy12)P?*Iy_=oOXGSx`WW
zK|m0KgO^Lz?RlvUIn_l55Gpr_nC?6=@R9AE#20Wn_qK~7Gx#$!MC07s+Nch*!z-o5
z&Z2Dd9*-5j=<19JQ#Pxd<1ngqJSV*Sg$=O&77h5gU|ct5NWJBRao1Ar7b)-pUb_WN
zxeTvuq=iRO`RF04>7nu-ng$+#HVhd%9&7^b6Oyrq)!q^;!Yq0B^J0<)fbIK<1!TFm
zM`Tt7rX%kGu;{l?k+ZxAtXD`yt1j@P`g(NHF-mVFsJY|!foBQ~E4f~s5r!@{MGfc?
z3_nP)!Zt!e0qds>h17tydOd{LlnSGqy4{#l*F{7QjSsowSdw_(0=iX7p-eP>#XC*o
zd6Quz3hPt*Sa~-}0JJtn?x5U9C>z4Rk4kKBOvd)c5ar!rv=3)2){?JKL6{fp@sSc*1JC(GWCeF6wk*0X)u37sFs_w%(3khoMLm??LwUQYWIGVibkxUhLv}>!
z%kVy=4J~oED8E3qW_m}sBD*EoNQ=3N5Sy701ASB!Z2>PFrbMIoaSIOf@@Nz|2=0AU
z0`9|@68_ss3(YkHdqSgCqFdsBm3ZqT^v3s(4AXY#nHg^G9$xf|+_y!@h7fXd;|O2=
zWy~@V4z;TgT6`{cbVa?WALfXwDB~-<-*$i5mfwiXZvpY>3KxE}t#z*}Kn4B|V#$!J$Q~@?{
zE-Ipm=6;$qNVEHCE;EGt2LuC6V&eEv)Wk9Q-G2ci1yt7Z=h#S*kMRJHq|(Lhcd6PXQKaV&{N;lb;ry
z{d+WZ%#PYVW*ghbtmuPT=E2PCX*QS@qJa%4f&`_Ij#1hQ$~^{wSZNfnN?vbwP6Q}nlWb0Xp#c>-Q$|6ZyfCv6>@1g~94OauW}&UHvlO|7
zZ8Wl~umD&A$~%PsRvD(qWy?mwS;f>=DFLf-g;P_At@;_7T~0af
z+xlUA8htL~(=pk|VL@YkZg}gHX}{n4)NZU#cJ^88Q~UW^pW=Gu24j7iDAp&n^+l{t
zQClBdpE|_)bX6F}r+PEzjb$a?_>|*b1r`|X?!dtnTcGA)#Cbai^Gb%5#XfnNtCdny@%dIS7kf6E)-Om>z0q
zf`tl)k3DpC6WxGsF#k0+(Ixl>vwU+CEycHS2Ja%lo6&?b@D3W?LvtdfENY_5@vNeU
zX0x5m4MDSEgMu4sg0X;2h26(NZP5@-9FS=T50nY=ZAzh0DIMpELYl>o_=_>V@s~;Z
zgw;+1G6y>hGVk-3$qM2s4bDV&yC;WlFwjlF2^RoHiK_B_pXK{r>-#>*_uY>_-uK*J
z=49Vd(-qXK3^w&0ue`(O=>N6@U_AWQ4EI7;Da~8EU
zv3+(SI=u=uLH_W}fgp~6xZEIA`!W0pi202z1{+s{Fg)`aB0rbkZKj|3Id4JuIrn=I
z_-vx(=R7j}Tz=zp*FNVn3w|!Yaeix`voV#Q%Wv!o>~kJielEXp{Ahmfrz*4$RO1M2
zI{r_<{~G+S!2c@zpNRiBVEYzctUiIK_=vRB)PR=8*C;LC_gCwIROSDrd!`!a`h%ty
z;(LdG$Mw*Ye6(3&oZQNt1?-U3i_Tn0HG}BaBJ3Zq5MsktH%KG<(DU%l!x^MGrwG-_
z9&nuL$iUCV!R18({z@!|U_);k7;P(+;FHe<=byklfJYsUOUiIG=v2c<(#I#nCC)VV
zkbwyrd(4c`A-JvW2vhMBFv7#_F3^M$ZZQO4?&gO0_?dwL*c&^XT=pqVGY+%wR;SUk
z*#Wwwhc4?8UsZvARH45IbV(0gYN6@Ill6c?UmOuQErk+}_tKrG6>xU|fI{(LWx#I}
z0iJoIXk1VnR8NQW4FSwe1Q1k>bms;I91R5eono%TGc9_j0-ofeE*1d$>wZrGpGISf
zz56KWEGnepdno92I%$H(C0|`(X?Y|&0LCagNppIr3>#Jmn1*f)a|dKi9c3LNx78_$
zHqNto8r>Ho6uG8xlNGR^w4YoR7dRY;U_a^?
zPvxK?@>+#H;<3MOBb*fmap>Jt;M8&vg7iy8+M9-2PQ!1@Uqr@u?doBQ=u@PlIq+VF
ztHgNt3^*f&Om_PIqayqV`$fY&wqJNS-H<_dL@_#%W$kdq|;=
zr8B)v@D1+}HWBzSg+FQG@Gem}b6VO&Tl&Kofg-fG6w_yHqo3eeiqa1Pf@cZF-q1nH
z3zGx?g;m@ayxQX_j_`rrI#eUmQ(UVWo}_D8d_J0B5o-ei#O5P@HozfKYT?
z@lyL)BtM~`
zUqH-(2zaH4*v>R>R!_53JcyFZUS;bgoUjE$%HF6L{<7ue_bKQpOrQK$X<84B$He$J
zirDS1-CH}~aAZ3N>EFt%JxP0;|Rl&y!a;8aeq{}8N&PPKmJjM>e
z4qaCuE1h8MRg9m5qS5dTv;tT9;xUE3$HjC%!^BQKA{FGCW#yP6d=LG|2RfN5;c`uH
zji|RoejLSnUI}HLVS$hjm+e8y?SzfqVU-%hb$c~CHk=}PH^iC%LEhu;r
za=uffU!D;XKT!neG1M|ZE99<`UBP~<&;)_N>uw&B44c*E3qf6waa#v~1_k^ph8#T&
zuaR-rQ*aj!ugE(p<0fKS0a_SCet|-vO0e*o
z+D%isXezEk^w88EUT*NWp~t_%tkYNiBQM|`cv-qCXtaq>D#+hlCgK|k_}>`xd>rMa
z!}bZSApahG*acELrfh~K_naMbmtv;qn0|$)=$Ka&p0s2Bq|o#4m@8*m(oM%u@DxNy
zQ=#?`cf+%a@qKh%3(dsBJ4gjUqOq-1u!|io;g0FRHO-k==#;VS5hi$emM!`uR`q$h
zs$U$lsvlRJAG6-@Dyt37E~>bm*F|g&;PY43LTR5hI)hbmgu&;{wuL8U@Z}196vd9i
zbc7l=aZnf{-%QwDit!5!ZV;;CT&Jo)5DLtUJ*)^n1wyv>7INU72Jb`X%Q(I&WU{Jz
zXi^KW=H-j9UxHbrg+hX>`Q%kPqBQjvr@2t<5}%KC9~T1!fU4#VGj@-Z}|YBV#4oMc+v^~VTGRmgg>RPq@3{U8!gG_KjCFg
zEorhZrkYc?E5cuWPJOu9lJaNGse*;Jl)u89YFlK>9%fGQZ26wzo&RhZzt|R?YPPf}
z!mzVNRGLK_bk!QUoWvl{{S<15lm2HT4+%}Ex=vTe!8SjCa@@$i!QdP
z?|}fRK20@NJr;uBs?d7@O+PHO78#koRYAw06*WZOVhMA*f==f^!axWIx5M=M6a~*f
zgr)s2qS@MLUK4+**e9V0EgPWa)`%n;>4-}#ecZhzP#UcE!g4p=DNrb^JdmS1pgY;k
zun@UO;eH~e;42mMypeJ{_y%Yp)<-QsM&xeA`a>Zv*m)=68!{IwmNUMHyk+bvhrh;e
z9PMM8JPNhy#(`V-)=O<0!1`2jhQ`7>JnZj+9!2;A3_a}GJKyUQDK84__Y}St
z&71V{CV!SMf>>D+hmIR?&7LTx#yum;MiSf?>9a
zj5F(UJ8lH33dcsTy31|7hoMd*L_pBFIA#~PTjBnln$Y!-f?$9JGhKX=ro*|jpUUo}
z*-!9wlQeG{l|6zFT$_D6mEl@e4_(y4_h^ci(WLE+8+;Vku+qH_SSRMcZ!V+?>-+mS`3{Y2MLdTW}%W^9_9|W%m>yra`(h
zzttB0!w|FT15}FZMZJ{WLu1!d-b=jYtZJjY7Hr&Zr=p!y)5C``qu`PI5{}D1$R8o^
z!!&jpBZshq&4?1dV!16lQ5MUh*`)}-Hi~F7jNElH#;}2dxITqHjIkT-6{Dv+>0;9Gk(Kp2)en_D(h@EGq$o$G@Zq_vW*SyP3_3*d@$^@(qI;6y$aat^(=Z{)tic
zCQHI8X82cW%n=TEfgQHb1lXcD!!CkC#D2y74azGbmuum+J$yw
zX4G3Vg%t6MLVu5SGEDPMP)#piWvYV@5zbJG7hu&;4V53KvgXJ_c%-k>v)AXRZOM#0$d~qhg$9!&x-PUlUhvf>pIOFDe
zPM9)V2+zvCEco5BI_#2z)JM!O$e=8|0%e+44(BsmN(g3H^Ld4N80;}u%rMj;eu^_1
z{_ra0{I6G@;vP9az0MqS2K(e8Y@j>X25L?$q*bHdVq5hLS`|8*%x;Pm8YYyCgK^f=
zcj}vQrZpL)4=OZakXTTDTA?Wf<)0LuC@9OXvIPIX6_l@CZOOP0LAmG}`_efC<>wUd
zFDfWS+I;g`OGBKrku$UB6^g^OSZOo=I{V)FNSntLIhC|IrU(}zZRWRG5{8jB>lNob
zq|IT)9ZuT3sz?cp%<5alN=wp(Nt*-uT1shCy~-B+{~Kw;qI=HuwpDSRDGGIqLLV{~
zu!2*Rk7yTX_#$Xcv3V-#d5hfDkXv6S*=L9W+R)_SO3aBwMY
zg_>{{N*YbWBGQ5-{|r^)KbvI&u%cmSWOSdAX4i7+220$pVc^a?gM~+yG1siNe^Tg2
zu{43GyaWC*d|t7+g}~tz4ho%9-F+Lcs?V
zkEaC;>!V_*KcLV!>P2E4P63r|)Uyix4z!p0$X<^p$Ile>G3a}<2WYNUIE18E6?z|_
zvj!p?5`ku|whenX^mNB-=G~!gzhr;6Ofmk1iZkKGjXRTyk#7dHOEG=`l`kEgGaiSF
zzE1h1!cU`)aRczY(g9~x_>e+-a|7@T0yiR7gTuGbgROj~U*J_y+OMf}CaUf9Z|QD(
zt0nza-my&|!i_DvW0R&GRd~OQh3}9<5Pqu&pGMDMPuOVpNy4T%Yi#kiqg6#{)fgzU
zM&FXR8x?*$cBn_0?f)u;eh4Q$xo4=*j@T%p1?^Pmr=TTPpP?zXX4ysFuh4&nt}yGg
zSX-rPLHL3qd=vK~|GKb~}gm}~Fvg3Yc>&*h)>@5T-(Xjt7xgnIr4OMjfmm(B8cg{HDFzf}?bEDN*0%j<8p
z1f6789o!I``5fiq4tFa?ccmU{@Yvk1h(8CzFBzaq?J_OLGY>2Dg
z`)K4c4!||Cg+@Qhds`f;R_>*FSZYm(#@Ypl8D!)TZ`>RshhQjSaTJOq?~rjzY_-7PClX<+en4IDT-Ynj-QX3a3{fC
zCR|kzRuNOFca*Efp6knO&FP^QV}L*;4(T(QzRzs5eb$eqpaOG$yk}il1peO&PvAu9
zth!D1{oSUsR=_B8nmeYXl`cL+Guvosn02U;yD04hmYNxInG$}-&%sDR_4tB#4BR>i
z`hsXfm{Fy>jRPrcYV3uH{p@`HXrU$iVILllATd9LM-I-wUY9n>MttpNOB2L4mh^&O
zUP0u{vnQn@m7Z6Wq*CdR3QZxE=5DbS_@$Bvw96HALE`4;`qmp3HygKFl2VGBhZG}G
z-2A745(Zhs&8rGeDsIwmu~jFC8|jjZ6n?I0xnB{JPRqv?`afY>9_zAwnqpc8!xo+}
zVlpk~DE#keTE4B@(wuBsisJdAqWlTIsx;DtIkIGsZFlBOT5#rUx5fMy>&A135YWTw
z#Bz*>?Gn_hF67GslO3}muUh7~1lp%mzyDWF2-{R;hW6hF#)6I?fHibdE7!V8M<
z4IorOfM1I3p)Bde#(lKpR!iV1Y;p=&f_lyP8`vi*jJJRsdr~1P*IN|-HOA*aY7wVZ
z@iE=02;Xf8V7XWbkBT}(Hxn&>6k^e(JD*e(_UIhTJ7#;9BzuJKD)?jKM7q%K5d``h
zg~sh51e(3mHs@gM{-V?K0LKGD)))g_tWZdOEDV*WXzUZ%dNl}p$;$B0
zJ{F0)JiM7bO1o+-BSK2E@NC(`9eBB_zlLq3a5T$BEV)W0-iWLRlf4
zjh?y4Zs~+0b}QJw+zIGD1tl_zARJNz|K46`{+5CgWSmg-M};S+s{9?c$%$0eDJYRD
z(U7lEgd`h(S@Pbc7;$DMIXAgap<>CrgJ3@@Xf#JBr~Mk~am5?PSvK^)Y&%jJI;Sea
zg%~>b=u1froiYH273X#6ewd{db{fk5>IH><9ZZpIeXsu8t#DjQG`tnD9R9oP6m9u9LN;tjg#DToB^MaNi3+R6*X~iON_u9{Vq$<
z?_Hkd#V3r+n{G}sINlW>gkS^5X0pKVjH4BPIdkL`R_ge)7LmxcUsO;Eu05gfYfBZB*f8PR#fp%GYh^^=rWi>_^gRkqJybtZl+;5td6#X$xrb`2q9(RThUz1V
z@J5D8*1wt_OAcS5s5(OvP7AY$rR#Eqo{lxh%F=tILX$4cTT?*AnA@Y!Ggx@*J`XgXgNZC66Ujr
zg1Z%-$iss0xFYz=7SNLlI`>rZ?ywE_mm&(>NCll!ffK9bRf_)x9qL45_>Pv6de$D)is5R^}jfznzh?Ony$Gp9gdt
zd+IwaB~Ch@)CfY=du-*r$B#vjk>8^TsqeuYQj`n62UB&otv&9rUS!Qh3QZ$`N{@kx%-i&yN!&d<>eaFpk<_5$cOX{fofF;VPsL(#BLUSg-IK>uB#-^S7yv%Ils`MU~b
zt@*OkbVY<{hW=Ke=jQS`_t@6Qv8JekS12@Y^%liolR}fKf$vplYBli3ijrCloVv%-
zH(XOhZf#T4kD$kL4#kPR-3q-6Vz0p4N#$3X<50seQos|6@<}crdaN$c?rf%M+6(wo&4l6Wu^Uf$r
zV)JAwmF~6e|4%SGACy~;wtA#O6BaemLsuz0@hC@%zh4m+!i#VKw^O9=WxhPDz~7?o
z8L*$lKo2RDedZhcsl`HNSe{X6+^`7rL<*=ZwtrG+Qt6%dLE9s#r1v`&AyImdHb#?I
z6yY^6WtFj$74=XM{*FkR!j2-yG=vZM1$Rq#$ZK!9&sO{&;8y=@i_B}dMpfB@3-Kn*
z1HTWq$(Z-QuJ2!1wY495qt!}Z_v!n?O?Q#ZgNmxg5p^mJi)ln=O~Z#RK}l!L5{0Io
zH9Hg~>8yFbLX*uJY0{I5631LJPR}d!!uq-CBX6{yC4R)`^!zoeln;Z55LK(*Ce{Ozp2oPF4Jl
z%c+VdHbE-B`SYFPr!S8tesQf4N=%#ii9a7IkWyq#_2ohZlH@`)nMsi$GMYaVAS6*u
z$W@v=r)GTCRlFS2G|v9Xb)A25RbczuD4AFJea;vOU}ADrekch$C0(v2Qsw88NEMBY
zFp5p2%D~i#RPn+(P791G(|{P0lGj#;^qO3qW>)2|CW$6LOvtQ?XOihsGOMBpWZ8^n
zR^^v%W>tJm$gB!=uFOK}S^RUGp_25&LCWR?br2USWinLc
zJWZJn)kVOwbmtZ=7UzWH><&=$@wY4FH@x{``}`q^^NWxGY?g1sCKDh1l!FK<5qBP@$x5zLfpGeU&Yysdy@M;
z#4eRV#1F$q2v4&@C#enz0uiLhmu6{7=#)txg)D^!5Ll;@$`4Ql@_wOoq~63$F~}zb
znZ_A%NyvNMl#B1E>3&2nz|B$Q8=TTg*~nFjL@A%8+$ofe)KEwthaiaCY1TrT-%l6!
zLj?-BcfPBU#^I`j*R-4_p2hWH60%FeRTmDs`zfP^
zFL5IFd7zSJH?R+P;d7J;TDz&H*=rfXO;tEKRZECqR@^3)LT{38T
zpr4kSPxjY#LW8)gR}pHU288`Z!C%D}4wuGh2`3^RG-C3ZVvA8MlANGe9E*)XoNc6*
zy@mqMqu{MTzL}(eKS@0tbFZ1nvXuDGz3wjty1pBOF53@g3J0=y8y6
zh8YnV$pS-kaWluvLmCbQy2Fzkbh~@pbQ(MKxd^})8Ztjkj#BkmZlZCzs_lzsd
z9N}W6rG`D)#P1I2J>i}Q!g^`ia!lbS%5LH8U1JXNtxBGU2MIHdr-6(vH8*2kAz>c6
z%v34SCBberKccKYn%KmD5n+@a%WE5H45&bwsOMw~BE=m19hp+(v_(P`*ktH&V}
zwH}~VoDeSu(eq4eR^m2D{YavN9OMhRhl(IV4pQ}WJZ{9<22%FoL3e|@i6f!9#TC2p
zUOjHhucTa%-M!rWEWppaM*M6xrRL&i;2^pHHSov=4lcxZq}1c@Pw^{FbPc{whrrPLAPK96~o
zxd;La(MsT1g~U}WsSr00JE*3G=C)Ez7nL65zoz`pAoK4|6w6gQ)yyK8FkDC45uP>g
zaH@*XLIj{ht`?^n?mkGRhAc5io{H%mHd+MQ$wdXc)&>NRJ+^2OrA=UhbC3j3k}aE?
zm6(#p&}oQ{IirxK?Zq@i|M8_CX7IwxDHEBeo3Kzy=IMzrSfcka8S;^63ynno4cJMN
z3-4N!oGa%DJcTiP!58?bSPr?-g!znYVmgP$EvH&st3N<>&FDvPIRsF4D;7z7VmV^b
z3a-E+!o*aX46v9fNR~LhgYPY6aYm}b{VV|raciX3e)Qm1GylrRbz_Wn12^BMoek3{
zB(g;K6?ul-d-EQmYY}A@BZ%9pZRXo7d@I33<*Z|7O+emYNNv+NK&~SUzw$(NgmxsB@AfOQI7=9&fYY9?{hgn$8dpx0$1!yF)
zJea8flNt3`8$Sh?i
zgmyz4$s9s2&o81pXA$_O&uZNv4lg?|1ed;R`)D*)22fJ%Tv1GggNSIvC73HV&K`UX
zhS7q`5V&tbAN>2)Q%&T9yxl-R>Mo-^67aG@?q=v~6A)5lviBMmw^zY%f80vf~=rX*}1K-Am&+wb^j3
z8ij(RbjP=up&UX=+MLj;QE1gzv}*g`xK$HQNvp;(8xi|hfj^nEeLX%Jq?boYuQylF
zqoX+*q+`GEXOg}x$$%sqhKVQ6F$|?b?Kmu((i~(5jcrdU2p$K5omr5@e+Cb2^^yF0
zRAHuf63(f8mGWPsz#*F4Kn3PY1xpn0(nRj{DNwc^ps85?otlx9b(9L%NBO$aj0n=R
z;u8u!|HKW7RDA7vT|kKPY`N{M8m?z@AJsg-wbeM2M$#0SLcXeaq683{!dAsUFQBS2
zJ3R`ys;m>d$W@|Ak5Coz8r{Lw5n|pZosIES&pHbsgWg%_)Q_T)n`q%-s$NQ?`_OwfGqf?VwpF&Y;v}V+4d;cFR=kQ;R1PnX
zp=4zY_ikq41F<5^!pF2Ad6cB&g!tr#_}~Q-AAk1S%Z9Dn^iimlmT_&|y=kC?SMD?{
z&-@U9Zuln@=Bx%nMgv}A(GGU`beM8p&ZnBsHuEr8XMP6T7$2j`ODpirq)~iU5L~p4
z9|E6$0^h~*54C%m+hI)|*kOd+Qq0ndlZdN_g_`BX64TAWNHaak>~tF?z!HWQ{E7kh)O>k&pCo^&9m3aUuA
zXydYCV*|a1YR}?UbG&}z+YYBeUZVZkt;p-#Xr_vT;>*w}P?9t5#ik0z8IQ9ejKUVq
z`v?_ZB`H~9_(Qq{UZN$!yxAaxUiu&&V3p}(@!kb(fyriakk9&6?E3$RGVY_P-tlu$
zh33Uj#W}Q#k>?lo2Hbovf+~zv3-{|Q@O%Q-iJNNtfhYW7@_8lncMd{qB3tZUID-zc
zP|m`YGs?r0%c=NhpsW^M*kuI2()=2BVXq@b4QE%spCpOwgguvCZ!79o
zW$-?ld*ZxWitPoi{ZB;!^U*rq^honuX9fnj^i!T-
z_tkaY*jiG9`1gzd%)wa@8Jr>>oKd*(
zbC4F?LYHBDaDZQdrr#1bLJPb<&}BSAfbV$?LvrEt*PNiG$NsAHFCCu#rAj|tdKNat
zeK1C}Vzb1o9O}SdhyOs9@O%nF37WAUO|CO06YOUfo?oM@xVRRYy^pRs23{MWMTxv-
zcA_nm-A(y}bk${+k03Kz8(;}(rA5e%
z02pVpHdZJLq$#^mJB%eTlwb>ljVI@RZXV=#76Hy*F>^PDf)lGeg#d^!1uX`rT?zxw
za^zu|j!irQ{CoSjEg|lpxUSg_3+*^`5SKN+5V^AZscHym3urMvnOf*Qk0-J_!=#(N
zpRVdLQUzPgA{Yb8VM68hm>qu}>`MsVfyblpc!;iYZJH31(*wEJ$B;{mvq
zH{fz@FU`lDIR0H*xci(VW5h2gN%xLokJd!F;CN0cl+U`;(KDtMPW+1yAqEDuKEuXy`>39oY@SsW
z`Fj}xz)V2UTCgB=syZs;1(Y>l=ENW;PU0ge-mtPt9P++tnu^6d;|7EoxfRb{@1qRi
z#S1whWygq&OJL$qWU^MdW1I^qg2DSiguqPTB(kEGLjA|C4Y#zTGPZ>W+Fu
z7$T}%#wdubl7PvXEC$9A`fXTTz
z`uv(^@>r&@^%&-JYdt1oJ$8-N0EShr0X*O$DHOiqK!MHAoUS%~Ik^ZD&6@_e<-XsE)u2p0{eUfhh?na`?g0adnARzJJ;;rOBw@`?par874l0*n(`bwW;a
z;-oy7bvT#n@Av~JhIuBd(q4#_^|CcMMtRq>)wX&iH6XuqKNdDbclE~4r;KWBTTxUu
zMB}OiWEeVuT%U+s;jIEU^R7dSE?>#}N*vaaw_-jOR7H7MWzI0V^)zLW
zrs1py-_oDsZb#UTOk*K0hUMOwiu_q93$Yyy_w|Wo5GG}=pvAxt!;l%oZ8eJ=bApkL
z!l>ASr!(*#8nvB2L!6ef6sfUz2jTQd;0wEp6LH5|e8`hDeDI8$*^9vUd;pjSB_s=y
z2ysi8iSu9)2NsU3_jCAAv-^kT2XBF4jr0T|I9f@&j!GJM{bWh)pmr`kWTJv$=`kx(
z2-*kN=H84=)F>CJhDzLQa4G}cXqsZ|u|9}gU_Zuyk4EyZ(?(^hS{a`Bl9nvFc$h;>;Zg4V$vv`*B9ek`N~(3fBY0M8%z3)Bh61#_H
z{UU}Oke`ND!XE${1_;XoKjD-muTz9SNNkCcm;(|4uYoFsUOQLMprtWYrEEDD3!ZhK
z4a4At@cGF8%{Cew@R@~+MVD*zSFo1~u%f9+Fr8}VlBBrM^$MZ1`HJOjLQ+(?LBtXu
zTi1A8_p!`66P*s*4xCK8pAYYWc*fbO`z_>5Z|w2d+cn*IBn_yqi(WqN=X?q=!JRmx
z+bKnh<~EbtYhI3ZvWd@aR;z$7L=uu^m>VsZD*$&35w@~~X%Waag&ovvoYS?p5e)Z4#!lw`-ASU@$uHpD&3ik&ul3sdELGj721U#$I68c#apbGm~
zIB;R%dIau86$GPQkf$r6z?HoZJ^(k%6$NSISM=4SZTzl6#`dZdhX&x
zEFIGqzK?rTrEDRVYbF_HxX&u|E18JxfK%E6+$zC_&8GAbq_M@8qDO$lsQ?A3+9G9}
zl9nn`p9%K@1s`khq&BULr%YH;o&hOikUl6v3PblQ^bFY8m#<64=P`vQW-kzg?sLLUZ{Qw&yWJWP4}W`&E((28p{Ee6Z@hO0eAcRLd<-f6lp@@N;>V)+3N2oGAb+GKJ~5@46fjp2-V6FC
zpnzH}K;Sni{AEPMK)`>f-moJSvUi+05@|8oBx0DDLk$Uy5k%NItoK2qKjM4^-?0I5
z@R0#s6>*L-oVSdkJSao0&LmmP_-^OkQI^*K%l^5@U!c+6WgaI@G$$+6xf9K0neIHS
zHM|#YvaEw$0@pFH(`^ui9RK8TMBnuW7Qq=AE>X1B;18KPg7T4H|z4)#qU;Q()pg}xuOCRvNO
zNKVA#3Qi>AdkTsrB7uhLvBS~8B5R{!B<(83cu+AOL!Mun24f(+h@tQqy-}L_M@30l
zNJF_Lgp&nxA#?iSnq>>gH+*=PqWm|6#~AS8By88FTE$YXZyr&U$AJQUXRLKM7bRxn4^o{n=Mc-ZmCY#*tm#y>XnSFLfiopeU)EkW*nxxf?5R@+MrN
zDE(+c@K9W`0BPnn#ffXCs6xY}Sri$aD$Sy_bi^e=xdFj(PkmupB*aDPJU}u%?^4p@
z!nlacdsv}}I+hqw?5INhIgkpC((}B6{IP<9hAn=npmXFv68f&Lv?G9HM1KyXAhGUs
zvqB%iUKMGf;3Wl1%4CE}Mt%#E=vYd5Uh%$C>UB!!fzeA_Zb9nUtEarT&#op`pcPMi@TkJZSLfrB;n
znDj%DnMkJGtOQm@i;!5PlFKh7M5vuB2bnO*i&{b4E=PzvtI+pBcyV}1
zX#cuIu)bG5*%HrhBiF(dSggBf3Y>|1Xo|TGKM{HvJU8*Z2f={#U0y@))^|UGg`qws
zp^!A-F-3S02#`3%xKINpDVwZEaE8x2EI7xtobN-r7r?#Mo-b4~8_OXG4#`+J;0T9#
zo2)JYs1V3$rCj_W!Unu6=@S9l`VeOf^>%v`zNlD97u>T7O$aG0#8=e~
zNBk0nrXW77@I>NwD`;5a4=Ywu;-6J$0`W58{-p4@2`7V^S8tnkVS_3<(j)rvze0~1
zi5YcF=9^Uf9fc;X_(g@jk&16`uvDKw#W>U{vtc|+%$9AhLK6ds2sb>d2v4vgJaLFm
z6K6uu__XPY>9&UCySZx>oUohYnbe`s&tL{a7_r}3uJ_16nmIrtS)%8*Vgi=kO+`4e
zL(0YRCYf>YCo~nIJ=y}SC%E_oU0+^=EBzy
zH&Gj@8HXk~)4|yY&X|zvyvW;yKu05bJK`e3NGd74-6@BY5XRQ01PXT4!z%B3!=)nl3GrWH?f8
z>3mDm522^xSo9>7J97%eb)rQaLGT;XFXHXMOE{mX!f~1oQ~p#li5zDDFgLD_!V*va@?*oWgO+J
ziYQ}TD}1FUp$xd=mcvzxcu;&vvV@a=v(UCXX^?m6n8aHc`~M=qx7U67XzoNTjn0NxHZ$CXq$b+IijE*+9o)}qjF7P20-geLAH
z!Z@5T0vH974G$-UJ*4O_8?98fhs7rD`Qr*YhUrrbZF#h6%d!H$pzyd2nLvL%EOf*Y
z+lIJzh35(sDm-^w!qHxA!qKMlUPI*aUPbfE{O1+)
z3W63bYJgf>LEV2GF+vY@W+M%F?*ud`96(Vp&V!KTwRs
z!e3HQio%O8w{#^bTn2lgV#G}*8SFPJG}T~#KoOD+wlM2Y6(za8ij2!*a7?PNRx9*;
zIOU1I4X4y4aEewuET>3+k6CV;o3y_XctAQMvA<>J+^h)a(;t8L`nz<=y>Ck1B@!j(
zA%!AJ4E!}_hzMsr^Op)4K8vb|#J65)D~a1A2#@wC^msOFAo*;SMX(LHhP6^9GF}eC
zs}Y+cWHx}aIzpSU*#uYO*ayym$0t5q_6b4|0An=?g<3;49j27O?aj9KPuXo9lE%+a
zwN^|ghZW@oET()oPz&7#{*x`D9!ohzZ?WaPG5bxczMjl}!`s7$6d`W2Bn!tE6#66<
z4hN@vg!`XDo`{Q_t1Nj5aoS7G%KA6RR|p3{wB!6!y@)Jivklf&j`W?
z6d^J5jI8HJ6k!+4s+?DFB*s1zRYqP@xL>1?vNNu>UHU6%<~4|;ZNs?>v_hfJcN%_db%d}FRy<3=iIJu$=-$>r-W_aW`2snw`**=V)z^Lo$2(dw
zL@i-jp>j)n|LRuSioXV-FcUtab;peFU&PmpgOzPoq`!4GV(D$%-;~Zt+1t{VVY6Jx
z3Ch)4R1cpbL$$W{J=yl$tWfy=uv-#6f}H*OTNqvBzh
zL{uVQI&QG-iwkotEPl@XHKJzj)HlO2I*ooP
za0_9r$o0)DG#cH}p-3shA=3C(7)2azOd$;16zC3a04p}*+#{AV+z?P^z~E<
z*?%iSQpU+yYbi{{I30?Rz&N5@?@@Sya(zr8I*M_ztEKr>>ns7O4lXZOguTW@#5cWW
z@DgHAE=53{Gl8*4x!bj@6jqT(6rRK?!i&(L!V?ZBMQAm&+r}i=MXbD1czmLTF|hBY
zJE=16NyeUYW!&QuZq$rGvAHP3PLL{1k?09`D{XPvl|(Q9m_ifSKzjBY3QsU2i1zTh
z!ta6pRt2+aCBiYVzR=M*K$*xF9*IoKn}{1aY(MUYO0{4BCVamxxJ{w=13G^Iw=7j1
z<9F|hK;a&9fNEc+sn^1~wL=cT(#^VYLUG`XWp4NdaKFU
zA_D1?Ih~x9qRYyTb8DxiFkutUG#~<(XbTB^CcXKX!V@>?ws=iu6<53{Bfr+yQz|1;
z&7Ad?3{#CWzKG^J7Z*rg5RuZKRE)T|?J}zlD>P0u7G{4|p`XIU9EH1|xBhu&tJmqPTsS>Y)}&z%bA?$Jc$QuRj_bS{&#v(eHJXL1%^DpF`t?a#Yc
zCaLhwI>k*?|72-@S`m`kpMR;)frMy
z#HzF3XbX*m@Awlm@~x%}bE`3~409>hcT;^jE>>5{h-4D49Q~VZqrZX!0rqGf)j|^n
z&8240Gn1!s4^7~Y7_v+rahwlIQPM#LTWnFoGD4;~<+(|5AHnXl#knSGn|oRz!`tR$
zb}!y)tBjMEvZuOQp}W{CQx*al>USyxm2d=zx|1yJ>-ZWAq8%WPMS-ah5ieseiaT*^WhbU+veRI&3rU$r??r0zz7scG{nZ_Z|X}gLf;t!?U%1N
zn68z%^18x@mnT=
zRfcbeVUKA@?9YH3
z*PYxIAP~0Z&zMT%Fb-(TCXUH`vqz4zbb;J*|S6-AT6)$3XRJGFZCZ+
z=zn3ADm@F26T3o53;v|w#Oz+u0UO_8>5uCGSz&t=I{Y#&g#KQU;}Y6RMJ4|$c}3->
zky8{Jm!nKt(WKC1Nw5TEo1(-e!4m0smqO1shn1K|UeVW{8G-BNm8{+fp!}V-F$Q3+
zunXV{1>me8=8fB90Q|=1mvGjqwda?$YD9f^*S31iJ%wC3_48~ZtMywpwb!rNyl&f;
z4eRPRZn%k4Bq1wLz5SflP`9)0w#b|O^n5d2b!}VA1+JEN66KtRh$DTnvx2sVm55)
zGRcmRLI%GQvQmY&Y}p79?n-UgvT4oc4O>kzB$EpWMRAX4f`HML1t)ym0^0GvBI0=B~4eB$&hu(6gCb2
zHv<-Z&>jCo3X)Nm@7(c9A+y8V^ale3ML0vguU_4;6(Yno$uNpV+S#?becQH;8@d<<
z67Xa57J>P*S^09}b;KmL61JG8?L`Ul#1?NjK)&0=SLl%u2!4|?e^u)2RgPJkhshTu
z2|G*C~wLx|SG&$Q=pO9Qj;7OBf!Cf4bKc+eitgwqX^sPiq71yV*
ziBZVT=9jp6briw{Jp^aN-C6t%BcBJN0Zl0&xGCU49(=fwVg+C7D3j9{9V8byMrKgc
z#jJ#G3F=^B8PVFEiZZ7?Sixwuk$
zkjnOPY(a!guLY6VlNfg`iTY@-ys|?!)5?_~ZNxQ{F_WVdPHTXBcK=ApBlN2(IM;r@j#3C6KlTHu1W%
zk%DnD;hH2&$uVnQ1Mf~km^>JRCL%sv9ZlvRmDJ|l2dDM4Q(3Y40(4NE4WH#IVW$%f&Qc5;x#V1gnJ;I+N8#
zi|zGT6F7sp0f{i`s0ESL7GrQ*VCO^>dX93;DcEwHMMa34XJcI=`VH4NXgucv3-DbH
zr4p451CzhoTxf7O5eJWA&>IYSgUIz%!69?Ao$({7c#ujLQ0^lfjF96h7lCFDpB6YK
z7Ffh7#Wl$zNMdvud^Z5Z7@g+_?t~zOV;`mUQ5kF{NZw!~D2oS1
zGJL2BKhcf+lv8(b5P0B-<+YDWpE79dT3E`6_%s3Deqs8-{S_5X<#2atFfwvfI>&9R
zplo*v7ztG8x^D(P0&~JnQjS|8e39EVQG!7Z;=+a8Y4BAnLz13c_Xa!&xDAL%-s0f8
zf@}D~F#*tA=6_5p#IZikx4X=hPxyhsUkrirI;G2cOyp8T)5}E2J;dKzi3I@ktP`@f
zQN}xXmaM2}*F+iETprkYII1({*?~n5aJbPoGO{^5vIXcTjO<<=*|FRWh?E9NX{tGf
z@osv9LpzR#7Gb}uBhrDb5{?aHimwn`%$+P9{tm|e%5#i;U1aR9H)B8D+v7|qp?pri
zS3xlT7vV~e_cBf3dqub`G<7*$)=zK3F+48h!HUQcLOF0>20mF(O<#{WTa2K;&H`jJ
zLEva)0hxt5Oh8remEng0emXnp(*|&99B%oIC}@aQFh?AbsEx%pm393K_qQVZx0b$Y=a;05X(0lX9uxZK$uCW~{=(vXbWD
zD~EE0|C*Vdr(yTo&-oK`PGiEEP&U^ArM6%4%JAU<%NrLoar9WE|C_@f2e=4-(jQJ+
zfvgJdZO)Vc(G&1;N^heX2znUC1;wm>cO5eQx#bl!&b_MN`KCqil>^A;6UYBXB3&S8&x8*-A3;8__{0p%`8aa`9^@uAUj@H$sDA
zDEX^93c)?AD93H#OJ|U}2%Hw;F~z7(!KfB`Px+odjnR7c|6}i6gCxnW^RV98?cG^`
zz`|I73y=gj3liXR_SMzT>A~y(^Qa|yc6O%OJ)l8|ag7o8$=DReXTMM0ezg_k_LT3AiA~
zSS~W4zqeIqmWmj62?G}pI-dffjVFKA+;&&_%n+ic^fLGhjsk2TSu(V
z|EO2F_2lCpJ^x$g?;IWS0j$Xex|2QzRSyc_?|p6YQ(vXq2<`)n8>P~Ij3(_IYMn1W
ziBYadC2;#umd}YND9dl+4qm^k6&JVs?RxM
zAO9J;Rf`|{>BXn_IXBPf9PrLQ#ky&9F^l54Er$Uul_1o|ub;yMO8oj>9;ztLI
z-~ZFH6?igHYJ6%WbMar88eW8^=6zR5WO_-bfTBJd{Oeq+55Fv0`BS&q#`P5VXRmOl
z8t*{>zHxu?Bh=luu}^19Hk7~g9A-P{)wwNbs%O(Ya#~pPzcXKHIu`aiRZiW
zCpdkrUvq2m?vwcW_hZ1&c@_v_U%!qiW7t>BVR`jE&OdqVn~R_0jKJqOBM|l<%@99}
zJ02{)_6?W__(mzjNi7T!9g4Hvnh+`LG7^SZbc|G;1xyvR$q9Of*4|CPn(
zIIRXesj_T~Sdb6ny-=zC*B3uT#rhf)D+cnNd+CEXEg!nD_yzFDg4O|t1yAxr81RC1
zzltlI!?!51e8(T+pD1hLD<(04;LK?m^MpQtByTXy~NKf#aGI$%p5d-BWIP!b?Z{^Yq^;6COrpf%*V
zuOd+Up${*p9K>xpQiQ@$kWc{0E0j|zr0bYRozW6xCx6W??U|g{%
z0SiFN=8r6bgZ}-P(5Q0v(Qkb7{Hy;kZ4f|l2$KNj8deu>K_bU%2~76E=e
zi{Jz5|L>eY`=kF2(m)3UD{dxs8|M>cq#g9M!@146SCgjO;
zKgqp)LZ)6md7hBSc|;NX?EI7Ge*7bgAOAJ{6|j-Snre9Ag`t6e11y?Pi$#Dz;K1G2
z#QPVkAU5Aw1$<)70;WJb4c&&>0SL*jz6x*zVcRnd+dhbe0$^0&?uSBySHU`uiVXzd
z8E^gnKf%CHU_~&rUC7!Q%Ds#gXFy=g0zI3@zlQJRScPY+ScUI<{7sGUO2h&$7smoO
z&J%7cjs-44pg;cjmoP2?bJ6i$n6{!GC_`$8r`^Io=wH$seG;RJPZ~3b#lRd6&tjZ^
z?fk1iu2MmS+6-u?BAf9H-r=dor!J5Xn*lZT$!{;dAL02Gg`;#tAu1Rl;0a>_6=96Y
zr?~*unEb27Pre=eeK@JOxY(EVRKyj1`L2wO*gLA|nH;j?_
z2Q~(Qk$Fap47$_5=l?cQ$diaj#M*phaqG5P8(&kw+I#?}|1sS5h1-jteGkJaerfUI
zOk;D4#s(!th`*jgpar)bE-_7xf9;IP0W^<+9GE?SQj-JWNSPcc#7~`j3H;v(&uDgb
zCGOBC{O+HYzyihxX&$z?5y)m-K`rwH21WA^7k{wJ787Sc28eG`pTkByd;WFxRPffH
zgdzHrj&6AYbxZ#Znas-u9pJou?EG(I$RsD`eCi8-1bKh{>*xu7e(|xb#dF`m4>|t@
zbF|K_d}Q&l?<`*Yvv>|fdNe}kdq;~eqUW7c(d@T>51*`JiY!9GC0yjQ__KjOH^sJb
z%$F1^BlspncFz6uqFnVrC&jp*5;S@Y-&G|=>u3js@uw0S{<4JNk3nA}bi|~__vzoh
z+W=3j`RRxM9JT}$W4!oR7eDjMAo9E<|9JA;
z=Rd5v_0%}B7t#aoAI|7pA|gf+_^i?
zDq6w6NS2C!d7fYAU&No_Uw!~r{}!KuxBfw-bnM?>_5KcE$^HBV@9)ohf5!z5ejVZC
zGYpvlsPH-f_%U1*$PGHO5i$WRdj<}d*v_vllHGmjJU~OZf}h03b9y;wjXnrJgD3`b
z8Ir5`uNFV{cNag7LHC?q`te^|eCBV$Dt!QJ_bPt$fHvy<7x+U$onQSU+=U|t4?c$l
zdLHw-aq;JMSoV|O5(@Swa7YM6f^J>^4G|!$Lke5X0|CR9e}73lJ^q}^{|Q`>o*!XQ
z{r4}+a`NZ;Z=n9>I*iBpbN#o@8hiqw#Pje7@f66Ly@db$F#h*x{O^S9xdW;9;9Uu~r1+brA!&Dw|pf{1&#HEnB
z#IL*$p7rJz7N7fDi|_l}ix4sX#&h87cnpIVzKeBcPhxeSKKJ`&!leB|$-PFPo2>+^$T{(AS>Wd8cS!bW5BA~%gNgt&HeM8#jRj~QYZ|9~w1
zx9nGf4CDG8WF)kHKE*Ju#gw^|4fHWTX@B{jlfv&~--ZEQ`LMQa=tKUT{X&SzU9a)v
zD`rRjQ&!dfF^55cGx8}@e4*bd=DXGJ{HDFtKLFqC)87H-%9pgoLqEX@VRd;K4m6>=r8=P{RQxOEPmjR
zfv~F@`;bU<-edrkzlED-&B=)AQPyc4dj4bp%oKu-{k;8cpK4eyJd2%MAdQ{(ys3o`e_j)Zg|MSOIakK3FkvxPGTHDY*W60V%k?`TZBo;$)g%b^S||f@^QW
z&c8I5&9+s1P(<#l_6zfHrCGASe=}JIRmgwl56v5=7&G+KU$vj6s3KI?{N-!r^kyb5
zXbtB-vY-DiAEJW4NMh(uo&Wbi{Mlne;)lKrWU{gN{x6{P>XnZGO#NeM3XJkI
zk*`biHU1;}(Ts5*dXIl*zYVY59|xk>`gyCes!eV%uhBFwnVssTU-&8eg$$jss_b90
z+xm;J0WV@}E@9v;LRB+B0Oc-Rb^9gSu%-7FK`*yqcop<2-}QeO(fJqHmJ8om`~kzy
zrHcQe{gfSU-bg(C-7EIf-^Qm;gBA81LB+=aDn9k(w|#Tew_p4xxXJf@XYu>ZP1HgZ
zF==c6VLtJy?t754RfYfO?X81H<7@WQ)X`7{HV0{|eld@SDN4*X!b5Zg66iQn@@p+8S0SWf^|HtqnmpJzdpbw`GeS(g%s_xhS
z19RmpG089KG1n*f1^YcZf*v)xKKeFVn0t&Cq5^Z`t|pWN%-^VLwE+0i%o>}oWufM`)R7{
zRPD{r*iZj+*qhb&7FU3PI(tKd^egrYe-U3mu6Yf^WqxY$HOHP%j-*qiqkslaHE}QzcbEgQs7ZL4&8yHIw~HRrrFXm`O9_=wAP$BO?nzE_waV`my;=
zW{i$1fS|Q*Utf5eP!_lBg4<3bPqFM`2Vl1G
z%k&ieEBkS(C0aklAb3Mlfw5&jh>=moU(!!sw4eUh$xn4-#JD>W_;-}wJFh(7mb3bi_FT>fU%I+omd4{u1
zCG(aQpT7?)olx(T+qdke{}21%zOnc{=71~X?a$axe*;f;?Y+e>Bn0zU?59DY{_pIk
z{{?69eP{7==66+oW^(VSi&)6LqwaDs_l|xik9$W?$t>=jj|+-$_-D;Nq(;5y9{z&;
z^fywpyDBGNw;yMTHk8Os@A1Mfn0x#W*bOxNy<*l(HUI1O)3oN-%WJP{K$KYcg#bp_!f+b&@C?H
zfzf68o?kS}k|JI<2f%)s;bhY%__F;xix27L|APHOlJr~O?z8so{t%0{{Po3+#LB#B
zKm8TFJ1VSinNM}YW)a(}aQ>zx7fCU1=&t_KpEvJb#MPv?`1+v@Zll^SyIF`xv7F{p9~ld_v-i=*xFjZ-L=peW%;%bjOY5
zPPaYkbZ?H1_WIrC&Yj(*XzkwU?e4I-fUj;w(ZTR2YCn9~SV=GsY;Egh)_$zjKk7D{
zH&>g-`~|tT{_w_XbI<+A-tJPX(`k;!qw%$2X9ssa?v9%~Z`|3PZbWjIMq}Bh71(O;
zP8$uc-+!y!+->1M&BUYfsW;`R?}2|no_u$@hQ9Rn+o=b|k2_tkEo|*BN4OCFi%YFe
z9<&adJG<-A0_ZQgeCRiJr|ZhnuvO*Zc_pt>w+#=_-jKws@W0MudMimZIHmzuTTRCR2H6e5K!=OyutNJ+PN|
zcdtix`R{3C#oi;=@Pw`26t|GA
zykve3@xwk2%f$4he`
zigaHUjnKTg%omJ&Dvm2)mbiS`or){eb5~!wAb;pf8D*tA6mNjHCKNL&vDPk5=&C$;
zLccc-y3;!#`{5Gc0Y-=2acepnUww@?fR^(VMg=8|rP`ftMq3^1A9PSse|U$Wv5M6_
zI>gPRJu0u}Hf|l#Bl2_iOrl?eBE_5zY;?nVAO6+DB4gdM$UC-RSj=r6#{QdiG-~0
z;7?JY&Aay^T)Yu)ubS8f&JWpwwuYVV!{%GtP@h%!p@eP(-X
zg&sGX_aZ15Jno7-ZhW9~c5Ic$*?gC$SQnerLuRM5iogneV;RfL1&~8;cRqQIq@!Yg
z69&yF`#Hajv%8DK`=CVzn0Jm^eGu*Rq0@F@fO}IIc5(ql6PR~7SY@<#C3TWg=R)7Z
zr-AC-$0?Hs0T&M+4q7Kk3WP_7q3({aOzw}y(+l|5Ro!wYiq)*&oXWtuTh~=StVcG7
zk`p&Xm0VJFc^2%%zD}djA3bo2YDbhR&hp_Sm9#xLmEw4{mapu$`jhTU7wAu4zU<87
z<;%{CyLhqqQ?u?RRE%gCD10mho@`s5&bWL|L8)D#pLa!EC-Z>fs$afreL?$V^5d%)
z@F?aibz0Mw%0t5Z}LO
zmoNK1znH<7E{JWUDKyTawT>a1c>$0A85qvda5B|jtnbRFcHJ{QbI@|v`XIg%iwfD<
zfj6&v9Cpj~FlM*B*=#Izx}L+n0vTL(PJ3CKvDS{@J*wiyiB8B{&|FykeQD5oC`yjM
zYfLTK#Y9R}5H8xo6)-7<*LD_xo}{Q8Yn?p(Sf|Fh1igJMade*hvml3AL_ZOGiEjiQ
zllO^P0<*4RQz*XKeyTHuk}+HN=Lhp##2
zIuqr=QE#kudbCUAn~P|xnz#c0f4aOr2LI(~5VhKE=mn?4;ENxerBPagUp(nvUnA7f
zm>I0;la-bBO-O3LJ3N@)SLY*^`0&oGiV|g5gqXC`JBGi}-s>LphPw940B5?>=zg~k
zzgi-mP{4BwTM~|VcJ3`$pvr54p$~6Tk_`o6vQIud~
zY^)^yY25($tQv}xUCvbiAB-g0bk#}f7kJphgH9VdZ6H7w2M(^=I3ly31XRu^WuTH1
z0R%5DheLvZ-os{pK^=5hMo+0|HYA-uwR1mCFLbdlc$je4myt;t3h
z%m931?KapU2Zu+~?oD&DbzPSsEs8BgZ+9QTBN`ln#S(as!bLuc5c^!d%K20&FcHLKW_l8x=(v
z$_L$cqXn;eFz5~tT9VJR11TO2Tm37b*@ROnCLv%pl3-f>e%MPF_CT+D^)v9B)GEQ{
z7Kla5Nr71JT=1jNW^AD-fTViWsd2rw9aw
zcM$ME4&coq>{gez4!m3LwZXNs2W18EKpqy|fc;Nm%@)U`Yapl`E*Mm3yBmU-uJTqy
zGih+Vbv;G-SSFN3yQ|((WZ9cX09F;kHGpbkBbJ!!N4-A46`Lh_!`t`nJN!L0f{AzV
zzH?&P0Q8)AXhAR{aNHsgKs;?xK{>iy%ox7F>*k;bTm9x5=zn|66ag9O9SlKf40Qwq
zqJFKSJM293xzHg!$txP1z=JxOB-&JtO<*lV+}?ZoU}cT<;ce
zhlBo9r;A{A^hjcC^KfO|1W}-?(2KLOX=S%e7Y(pBl#LB%6K;LslEVWw;81Ha!AWmO
zvZ3%PCvSsSU-WX>M_t!@n0!WBWF^9PA+IKlYXOk-VLc;Krvfe+UXHtah;58ZApqS)
z182DOSa82gmI*1i2fa>LWL94*vDNtzoKyT`qkFaX;BLV{5M*@RyTM)5j-`t@ZovwQztq_n>QbJ=%otlHE-zc*k?
zz9Rsiby(fkmZC3Ubp>t$(m;SD11jixC6cX8aX^__<=)WGfwN%<@vlgjz_)<860Uxg
z)DsF<8ogIPRF1O$XmOq}yKnj;0a0=3Jt$M6p4;$3CFg>?p#dL~#w-l$xbM(S7lVxe
zwg+n?sUwGihJRT+IhNw2gLXhli3%O#gV~Usl^Xh^vUve!1^_?}db#O1C*_Lzq_U;=
zBH&B}ld>Qn1Y$GVy&?X4xl`-5Lh3q@!HR}adlF$FM!O3$tfExb@W9wBNPZv6a|{vL
zZmYEf4#LqK_;0rbtm#c305MWqXUT{f3lmO2EFLn4#|XzLkFaFGd!Y-Wr40rQ8Z02$
zzt8{lc!hFnED{clBRCc=fovyCQQ}GF(2+5SdFPEdtVoxWRdPb(iWZGGcd`GY!`1=E
zkzj@o-8Omag4>E>$R2esyIRFvf_^w&KxA~KKN=ofI2zJr>UK<`l@X&u96NT$%yCVg
z9peBf>fognZR#%b0YDc8D>9#4lnkGUz$s{03Z6|0Irlde8@SRx2zHh2_G=RvJOMm?
zz1x}|Nd-{EAuyNVk24~jGJ6X&KX3WOmokd6?oidCUXn761M};wt+RqKud81^wx%=S0>P|+vKUYu7b(ABp^`lpUVdDnxml($`1Z*f
z0Oq=+mdZyp9b&mk6veDasCc-FC6H=Iydb@Ax&rU=s|!g
zk^;9mc@b>3RtUI&$aKo!bzvVh{VaMHaAz`ogprt))Tgd8ZYsYWKAJ9v=^Jim6j=R(
zlKYhn|6PVqAVYXI;-a|oicM4ZNX`di@cFs6rJfnSIlPh5M8
zS<#~XQJc%UC<0m<@tGA`vN^)(*kC9=6cxhKB>A~9#!e%QDd|sOd(^2hE&$84P%5Nu
z0FB@#37D&#^{6Ou>bR=0e8wZ?r<%W4aMZZ&lf$1_?_iJ+G02<*~LoE;_
zb!WHd<@u!jPo%H5lALUY4&r{7=sLi;ar^#w0fnJ)WXD(Hk8ayKav9p+yas6-2bz+%s-3m5q%1CO(4JM*<|O+KW_YW4ViT
z531h)<)AJ3mbySTm*=7Ts+zKEZjCOE8TTv3kiDwax`h)F_B%%-g;?lNs>nu6D6sjd
z%2D5l`|M&T!E@_QG476K_ITlbYho%6`5L|{YXq87=@drs5cnndO1b%=MT_s1h72_Lq*hb#+~y>gI|?b=t<^hQ^c$ld|l#OkOLw$5ic
z*Z>!1H)>dUqbVH9Tczi0HlCTW@n|G1#u18^qe*MfwS^??G173;Q((nx2R3_5MV){Q
z!(J0ArxhiX-l#N8ScfS=565oQ8KI(EFvu>_(-2Ygm0*2|e2h|}!|7N%
zsP#>Dw@y*D;bu5hlInyV
z&Bq_>MZGL9jUazSPx30V!#<7kdrWT>7%rychx_9J{zQCpC7oRiq1_eat_g1j=|^}w
zroacr0HFA09OPb*!M|Zurs#>Da$|`LY^ycB0Z*F@@WDs1wJjSVN{Vx68#&
zuVX@*9|Dy4)|52Z^oXZyndP?{x+B>bFSWg}Z>nPeFbtymqoeTxQW4!D0~RUgOKz-#
zy`Ye?HgnD*z7ywMRxF?_(YxjXM19zrg{ZZ>#rVNiE`&FTbqwGGf}Cg}gJ`_@H+Iui
z-ZJ-KdY${zd^WPZqLL=Jc1?DaVGmws6UKDfRVK7I(e~UzCCY-BRs{F
zQH0XD#sp`AZf=3jX8ULinw3X`J=R5*3)q)iQ&j7YyCA=t#I!=DGHTumK*Q$X3PaQAhePwS4y@+IA#@bJ1?642s->u08ic!
zlvn+bs7Fflt|}sl$Rq#l+rE#|PPFbCLK#yd2coPlinzL+8NR*4bv(&+6g0M2Mw))$
z#hiq$!5p+)KtAro#x^t%$0+06Xg{}fya~LWMHzbKvi`Jks`2ohG$L;!)9MPhs&~2z
z7+Bt|iS-)arA7hPI5eo+^dnmZQ-^lOj_-p0$MCYiaN@q>E}P?S9vuQ?oX9TEAF!;U
z22j{DOR86WGieQmU}@Ggt!x3^!_u-|c+eWZ4LzLD;YrWP;;f!ma95myNNWgL1jS#U
z|IO3@pa?d@DrG69ydM61eiRegC;XbMPPLB@r!LXMH?Oyf--~f%;)5w34|wCGl1P*)
zgxwa1cB;0bl6lE+5M7c^9E54nVXL#2*vSO4AE-Z*MUfURl3y79j0|Fg-FEJ=UjCF{
zFwRuOP^N^ujR4r>D#E;=c+*uK!BYlefrB8$yr_hZn?&Li653eB&Ed;=hAR}b$xX6S
zru9hxodFreBzZ(kvjwvBf#v)$W<1;*qjzc!$V=_K!@0~q1G^oxf{9a5dc%DvXqBD6
z3I*$yWc&PWejr{-()TnUK3sr{>QhPPp?Q|eEXRGD?cNzF%}8Z?!1A_xM<>9i*GCo5F&W6l#W|QVGEa+zI~{?J-I%iZz#h^ya7n4vo6c8g(i*k
z9{i7l2!&O@2}|FV1TViI>-xf9ko7tnqzzV&6wTO0(w3n0_Yo)=SRJ2kY3Jjs;I3fd
zVvdT~nX1DXz~itAO92%Z6I!;44y-NX#*QmqDL
zpla1CsXk!K%uR6HOo
zh-=1RIPeO(WkH(2`J&}dpLNQGU0I$?T3C|Wll3LXz`?+GPrMIzLS)z4o3MXN|0a%h
z`MZmc3K<0Bjhb$~+QGtJtK;SdxSRABCP#a4P23NLh+`a2x%;VDb27ZOI=imG8@MGn
z5wniHfR=2BFQz;sbF}~4sMS?vZA&&7Fr!KtnD;ei_wg{2wVQra=?P}4v|*l{
zih>$+97&kYb%6wwl0^j?PxcfkY$!tg4jJeIPZN}M=K(UcYsj0xtH5HajMV$SkLeJD
zJWNMN6^ov%ex$vj3&JW3sj8Z#tYb<=)K-}KF+4Qi*;~wjpPmvM=^mhWJ{)Of5J7dE
zwRdfqA>w3V;h$XZf}o)b!SYyD38;D$AlUo4*(PwJE&U%BIyK5;15XomNBeLtr9ZtM
zTPU|QBxFSvSOmw?$p<1DafqZgGs32^toH7{sTtd5As;ytS#FFDQZ{?zkM-5m#=u9Z
z%Lu3fWiA5aI;8p_bp#8Aez_5h`{;tClKgxFO6A-;yau_PKEjpK7>fb4PovBv9DW;_
z4{T+bRuihK-3LsoJum=|EQxpALc3a#Mys!F0p7&}XSv;M=e7QDB!DeUIgSfcuz_XW
z<8`%p7=K_SpjLOx$MSrybF(+W9Fgw0*QO|{Evu{aIUf0vFja-;#Ae0wjDqrxAP21o
zAnl+R-gy9wSJYFnR>9X{i3dzB4tYs9%X>e0h^pG`;
zd5D^GByIFlUIc+Vz(A%ZNB~emiFFTgnq#fQObulBN8?ASXaeHn?SP{P7Ob|4&uWFi
zH?^U&4}1*?XDRLRznXHi(w-bv+lu^&vllk{v%1!{Y|=gIO?>Y(Z$pEp0wIAJXhOcN
zTu8{%Ua5D+F-jr6v)oNCB*OsQ8juj-L?N7`Zt!kXQ-1;O!;Y0*@wlz}so1S&QCROO
zGmBwrAAOJB(-W*-(l@W#*xt%%4FLT!P7nPP^*YO#cYPvs1|E~7id~Y>Ejg5+S8xwR
z^YL#fI5?r<07@VCw6
zI~W7>dAKo3ZW;4Pe5+YEHZu3S`_qEG+M4XLf`kf8heqk(yb7*OV_B$B`k2H7CKUFj
zs*?llbo#Xd83K4kwPW1%qGfz9bZUe88Esg${7Z_WrDg)hPb#Kj#aT~SWmw64H5@dC
z>^uNFGgMAOWv7&3o*R*zB-vOIY|U014+c%kW9G@_DXJ9-n~<%F?to0l7DEfei&=N@
z%=uA;K_K2AmruTc31tnuzI5@-s+(&PSD#-c$a#$fY6u~P{>`)!O#zsOsuD2##
zToSVu)U$E{auN)2FU11)$$c>Uy-k{^{hss(3A8nL@ViQ|(i91zrmuZpU#wBliGTsO
zQ~b(HHGUcEqevUHq<2C*uh{c9s%dT+7vmM*sRmDbd8nb!n`L7sYCUXuWd&M^EAihc
zJ$IZ^CsN_j>+S%*?T$Tmy{iCq4$=5H!EiL)PVbS*Z%Y{;#sQNgq`m{l9S854>u!Z-
zOgt-gT}-!$uvh1e68u60vRICK;j5gUSj2vcsxxoqrh1UJ(kL|VPzt)?HmUcvi$?|8
z3G%YhKE^|h#;A_Xp+-Z7N&0OJ)RfBx4U#x^D9KWqbuhXotQve_5ihn5Ev)C0zI_@L
z^y66Dot678<_lWCBy)7-*DZ~oGfetZeeskdUZ*}VZUHCJ875b`dhD;jmt=Kxkjl#0
z6%U_?e=}6CL!E6(dd0DypuPn`swA2b0bptkoNwhDhVAkFK0V3_lap`o{MFskNSo{l67ftb}*aufGc
z8=f&*VJ{(zNyN>&;S)(LyemKBX62s;L-Z+us&gzPqMFzFP-)J;L)C+BFw8lFE`gS+
zPa>9ulT1h68NP-5$99tb_iW^NnUjKuBb&Oj`?TTl5WXU+GSX4NxwQJG4xhzVqp`9L
z*EQ0|BBy>I6z@_*(2)Nws{!#A$x}w2ezoeCkvJy3&~C9z35L7DdAfK7ce=s+%BYYe
z8w&f(OxjUTCnPB3oXADVDhqs!Sw3^lWFCEUAWW2goQsm$qL%G8-XK-0hKEM_4BF3x
z;-+;Y(3yyR4yGuK!`)3u3~nCXT_F2e8NE}&_$XQpM>yx_E3iZh%T
zld+{(xS|5+n1BYpt(InJJZ+K+71Bjlp%}okZslXe`LjE5$U@9#%Z_KZgaP^QfL)1y
zS18FViH(^JY2pd*L=tuqFB4FW9nPmZs4V6OJ%eI~OdYU`W;pog-)U@&S)7%zF*;j3
z`m+&F4L#X9C^{-(&OKR)X(cSQ4^PU}iq;wmmm8RhOsRUR^Ovn_=3dHplXDYudTs?9
zbG}wygke|3>MNYx48j1F3^m5WN?@l0(PwmVy?yrFv=ckoMf1uX#+BIaeDBTh7T{@Z
z+eA<_Sj8xjU#!!XK_UR?frZ{C9FAlh1*k5!x=nz$LLAY3csLp&5N<39%5ZufwATZf
zSol-a|9ZewPVr)OR-Ogtkbx8?zR%IR}996QWJTWOCr?`2Zyu>mMpD%6AwzjMFfv9lUEM;*#hgobSATVud
z2n9*COSga;(0jU+CzSOftegFYk1%@r#+G8^C`U4*+0LA0*;)hw2Rq*(;PB_`5C>4v
z3lirCxJZYy-nwIS7VbvJWK&gbUZZSUmE?l}2~tnAf=-~E(B=o7B=-4&0I4RJFIw2y
zW!*6;rG%}<2XihvJut17gWi;9AOy_$r8;5D4c7ux$QZ+{PR6n%4}6SRhpKr`@w5m8
z6Qj`LvfdKJ2k=`!4uJ*fNNe4Kk?sNhi)p*n@LoDGz7g$B?(UI@NX?S>NnEycR(4>X
zQA4y3^KP!~JHYSM5y*PUZ&{|;z-#$ZsE+J3MXBMJRlss74vLpOVUmBXJvzeVPqL#U
zV3B+^>PAsJI&7Oc*{;lv@+yhTDKRNmA;}*Q5x|kQC0U)R6BMrKsYa
z@#>_EV~NZ>^lWSzv`9+TM%m2z1`JMjjBa7u5|&W+NtI*WU&+Qh2$lq%|~=S8xR03rAsr=VqNK3ZT#RH^pLw@TF;;_@Eg5p4?Q|x!3;I772s;FrP)3B
z*BDVcwY&=cb!R#X)!+v8X_(9m^UdJ%y9Pe?7B>8nm7c(M3y2;wwsv_#Ytz3t?6oPC
zpmIO#?vj%U=RQI5xkK;_6>D$t`O7F|W$PFihYY{z1$L*ZDWhn-7lBi>x6f{D5xcXw
zb;6{%TZ&KW^67{=xuoXYjl@TZ>w;Sma6+>`z`mYqbkP50sqeB6I
z@k)v4J!lr3Ugr2?8KR($By{>*;D@cGsnH=9`(#aovn}f`4Psz|Ek1fp0BE9H>QZE@
zKz#ksSRZ%WpvD-#J{}DO>}uYDlG=16G0>@Y)^l7*HiLjwVvl!UZ!vqMqjt*cfyR1V
z%S_e`^sy;1y*z!OPGb{_4vr1b6jcUkImwUER>{3%HArDBiWg%TYUq5XHPZ+m9@@k%&V#}dfbR){O{?~=pHq*&tW6pbd+9lw4X!ssH
z_xY@h<&x?GB61^;)2B#H=t}I5M-VP8z4o3krPA||QjY|g0wi;b?4YXh
zWFbT(w07lBqSm}h!p|RHdkBtjJCa<_WU_Zr-64cene<39*CKJVqdJ%sC6uj%l2our
zZ^CHgD+7)C*i^5w(-T6S<{bof3OHS2
z*Z~w6n}bwI)tZz^IX@DOI|3KI-<)EFwGGBBNQ>|oS&LGKs)q!JZw1)NtPx_Py!Li*
zTHCrrQ@NC?b!s-56%iaE0|(cAdjG8`M1l5^vz98-wM4KAg6nD2sls%{b_EQCXt0>U
z>n+?cUKKW=hfzwAp~RcXN;#Q69)w0hnKHC6L0WWh1iK_BTkA6Ni?IzTAmt(HX?
z^ps5s3h|`qnC0{mQxPU6s1%bY=f-OABzv9FYql=Jla*A-npU@H30kr!PpTQ%hy`IO
z&3LD~cXVK`pU}lY|Io&TzB^218H&OT(igl=a2{|_>sDEClTYTz)rHo?O!xjGs;Ugn2nenk%_7)x$6Wx_
zU_&`F{C{QL9$WYuyobVtE^Q-;7mfS#o%?i(In|g6SDcIFAMnPqPY#hl+;lx1esrph
z1vva<%f1^#7bI1sPm|rO#M=asca2+%p!lv6mkvi5mZ_mWn)fg*Z2%np*dX*E#sK|6Gz2pcSE7oK%`#;e!31pz^klLr?n=f5
ze(Ayz(kz2Razk@y!Q>FoovTEHZdI>J*qUlT>yGFt64N1Vb}P%4HS26-6SzX6Ss?Bc
zfRwoWSJ|__(N?-#5Io{C8YE{xfP5kIrKO@gWXn{d?VaYmdp{n%{>3{t?rq(@6G^fF
zvR1Y2tBm)1P;$bq0w(0)Xez@>>Zs+f+$PVNVkHKZpYvQ7bGBl%
z65BnI5Ibs5O{P)(9y={c|5dJTjeROI9fL7b&`^nok=bQ$znh}_8iXBO~@
zMbbyDBMMLHj{=t>&%n|PR0U{T8D99|Sphba=u&?VX6BqMe{GH;Bxb@{O=f$Sge+h3
zUsBzM^E6L!8!6)XraXSJ7v35lL{t0-rnb~Y1$1#BTPxe7|z7J&z#(eWa)$U@QAv~vNJ$i}o-SQ6AytvT7Ce{nN?Ml6=m%`9iplkxJX^xVB9egoj}!C+hb3VGvLQf;7hb999H
zbeTXa_3b#2!O}pofx-zvA($m(JWD-UH)yI|Dlm?VW1PXNAnaB7mC{0V1_x$J$A)QK
z+1kM|tE*{@ZDKokIwpmai41n{G*`JoO&}5iMaX+JR&9~HFyKzMI;g`MqtdLy3ML_r
zG&(y>4+7oaKHjsdlBd|S2Qt=0ny)DW)|B1C)*5>P>m3Ye&@>#o70bk5#j0XB8qXAs-5KUVL
zDQGaYHB~gv;cXi7aIu|MJXIq&m3(rbfmAbLelhbpGj4r1JuI1_2$y3*SV=2N)tCWb
zEGv=dFSh9%4ddd24r1y3)=_^NH6#luojUpj`w6RaO1Xw`#kK`u6E14h2eSHIT|gkb
z2mS7k9*w4Cedb#(M7Kv6*mgMT_u68yQ+BJd$=|+_B+b&WhtayhX-!OPMtmB7HnfLW
zC}b7lfGRnyF?WiwtF%|`>oA&-C7R_|Ahd4k%BhS>mKxm)-{_G!YfR;z`&awIvbHOKAB?3@iFMc
zu|GztB>}}90jv_-$XIl5qv}gudq6>DXd51x1!v1%!{+A(1F7yityioV?*RDGW)3^K
zbOHP?H%D5C$O75o7Bu?Dl26|UbT(WN0>b97b9WzR7d=)+O_Z|YE??yb9A~Ed=m>Vk
zz}2O-B&Vlrq0`$p9X)ZWuCJc!40w_h)q~Lf$0?}6Mu>`
ziJQXGgX_ErrxHcnKpO1b%|av{x_l;_91;NJ4RSt_sSaWy?6LGE?Gz0YobMzf_6%pB
zqN8KWv#frFVUJNt#sGm0uK?^|B6m|o+7icF9$ci1)F)_Ufx
zt&+i-YnUuA`DyF{CePYI%bcW!)&<07_5|353UvNA@Jk8R$U1TU|8#ksDU8t|YDpHr
z9Ulp%z1*tty+Yo13_-@AV$9B#O#-K#xH`46>+-Z>Yy7rwm~7XTt7dDt+=zt`X$RDN
z;RPLirKnh3l)?2o5vRY3oM^Z*SC$}s{^oQ*LCqYu0Q$xIQur}gP=7)KHqYfrmGGO@
z$|_)WDmrYROJ$%Xuj>5u#D{TXYpJ*dp`~?H%Kn~lx@yJ%@jy^CLB*Gdy%H=JOU;tG
zA)E6|iH=#(IQ%csfShpP!&@CZ!!GMnQ)mc4D(Z~#qC>81F<4dBGGN2vM2Qh*tuQu3
zX~6nz0r4KHIj_m!mHVhL#1NywAxfc)qg>I1s=$aQ@}{z9PnAQH<{HUf1;n&rsb?rp
z=>J)~pNWU9yR1-DR}_878ev4QZ{2Phjt%}0NS}UGjo{(t(IF5)=_TKG*kDL+=OIFF
zku@Dc$nH%TxtV-Sv=ru{0#Msz#$|NoKjj`CoDn1
zoTDvq9aZ(@Zrn{RDxIx$d^2Q!Gf`FdW3+#Nq&r8d%811hwuU?L%eg;LqX)7)*Y3;bkB8>?$2
z+7`jqvY(8lN3L_75)FSrL4l%4_Wa=q{hp$fS669YB1;U5Daf(
zOru!)EkXN9JT+$sBwRG%F^>|t6dg#LH^R0l-x@q7WMq%`9~{DinMxZ*!MX>u)eNLo
zIM-5TMNDp=+OY-9VmV&}+3~s$vnq)=Y%Z{^cInr^VleEe4)$D}I(xaZ^NXa%M+fK{
z?O)=I3s|p}dTq3x;Q|E9279m$V7WsrIviwXtqoX92Yy~rCf4Vjl;zncWsI31wkEY~
zzyx>GksYM*zM6w+DX1|Xqtn2rirKN!-KF%*Fxv;?)}e{4LmlnxC?tOEip`QrzNlOb
z0JSL>6V;U-F0kC60!$!TH_FMj(Ad_STt}BUJV)2hS3^%HA$nA==K5Ml&b0B$N~UQ`G)VN7TRGcI*V)!%C*FXeY1vJBigf8);4CZm}yN
zcVtZpKU81Yj9}4jS6Ui@=kH44nV
zP8Q3ZNft8e9LGL;ASDAUkG;xP!@2Sl+bWbrDp>`aHQFKFgj-Z`LUYC2Xg_UJvN^8kviDo%O
zEZ-CuL_1&5S_vIZg$$S*oXX4(3^XN?4)n7Y#4hie*B~8qZY4lsTM|PeElJ0&`jz3K
z$4+_{PAB3>Sh!w<3YvA+5yBfQ^|dOIB)6O9W%Tpe2U08XhyZZmJTFcqJgeq&-U3eG
zE;DVYaf?Kn)CbiE+=wmUb!wL`5?Belh?4-{ge17`w$-Z>Xr+-O)6*pnV79uk!3G{P
zk4i{1Cz)0>A3y^{ks1(Gb)VfO&OoEcTE2XEcgh}iNZYJ^OZr-I^d;{P@!{*;lRz_4%OfB50?4iwmSatdgn
z|B)qd2qz}ZG0iHuWU3L=8{2Ojqf3Jfnyoe}whk~6DrWZ)o^z~@e~gw5Yt9$-#5&HY
z#92x*R?DwzepPj+RZnwbjWV*7(Hf}V^JqV@QL7Ha5yxW7EJ85iz`#%U?GcDHfOg3U
zH%V+&Fzu;!FvsUkz&zLuhE**N1(KSURdIpg_8D+EWO)+X=S5vO;D+cY5h$m!M|1tQ
z9DeV8Qc0ieDRMEGUS5U6YxR`mLyE#FPK>AKp|1MJ91Q-GQG0VUdH_Q8Az-=muqQ}+
z_ncSlc&1!lIPhV+9l2XcdNjOc_`H)#)qL#{PJ>Wmkc2;*|;gQ%IFa<9V
zzZ=99J{0#N1g%^McuQq(oF?@#m+>%3PYrlGT`d@gsbV+l{&X;sw1%uz9igtm2+{F$
zuP?=s0w?y7JCO#|XyIL`37vXVVT~Fa!koR|8&B9RCDhs2Dsq!qq~?VmrYA<@XrKm`
zX&!aacF5w5V;x9j!&WbGu5st-Fi~j@MiNo1b2Bg5_kgKqI4KN?V0A{t0Nm>C!=5Eg
z3YzFbHJ{*F=Q^_zq0^;f$B5STCMc#K%Cu<1vH!ZQi6JsDE>GE$f;bQZT1nlwMqqUW8T)P!BipIB=;HQf5ORad@>0oWkx@7aBVTANwNMJqZJzH($#nMB3BudktD
zc?09m$0~c|@cIL16d^?l0AmsBYZbvQu*;}nXiZ-4k6Ke9d=;Y+I2A!5v3oUl?Z3?H
zL}H?Ma9`{oZzTF7zI;W+q_&^H`nq#q$(K_Rz-Kf<4_4DVZEzg#PZGH}1hndlQrbCWL`0
zzzD>J2t&Aet1^CgzDCVe!l__(1Hml1=@87831qPtWy?nnVJo|+Y3+CE&5Bk^k0ij8qsMgcYbHN!PdAYS^xf-|lJME~G&_eo=_rNe
z-=d}1sXBs4Z)_3wKAX_4q;`!x)Ul6}CbQ`WRf?HLtn?nwa^~&I!Jii-Fr(W}@wfn|
zFa|*qKZPfmO$R8t8lvfjQ4rc1lC*3;=+e29
z4?MPrT5BJ3D{XwLo<(Ko2alx_5;{Hl(
zA?3WlXz!0l4=A>pnG7IvLok|ZMqaCxj|LL*N#2_y
z_9l=j2ETavNelTwOKtx34yks*jcImrWQH}!@$>i{}<9O|i;D1}n4+=L%|nhsVf
zW0FkYbBn!AN}-|o9)q>W(DE6Yn@FYrp^)qHO9V`U0vQD1VcLBOJ;`iI$j`c3;W($
zIP7)X=)D33l`BHgd!A511|%>gBQP4Ns^}{2QNGbn%Ak$BoMT|TD41ugvJz*T#ZHby
zSZbOJ`4zd%+k5Emw3~WjYa*_ej-a1;rh?9}dz4i8R&|cNCn|AjMSkd-xMhP6g)ZEz
zTQCD#WF8U;*qBaXMwKJN6XR1k$17Rps3mnE)3ptSg(tpjC|(xvWIY=SuE`?5GcfE8
zWv_v?mS~B;@27{Yz}h;1>DXY*30cKK3r=*118}vz{?t!O@M2#
zn;k$S-|u3=Ib{Y5xH0akzwh{6pf2Hd7ghu}Q|MQIDTDJ(YXT%8vXW`X)88|6HD~3`
zie`#z&qcv2Tb9IdX~!WGi{s(#?(kqLGu_YX`PX!^l`J2~L;zM|t_}%XV5Jat8Cff<
zLqhdMQu`_%#@Tpcanns++Cv_u^s6oVBv`g!8n-BWArEup1LAN|vsNO)14cysB?(Cj
zN_dOx8Q2royAe@inuRvPCN}1b69i`zaUpumwV_cC+0C
zcD5T~bmd_S(^(ja)5bBadLyrcz*0;b=Bi
zyz)p0hfY5zdU>aXdRAVC?!@b(F?(SAj9}scJP|vw-GWev#lnA3HdD#+
z8&}DPC!tUCN_2P+PhF?*2vznW?8Zc2`iO;sp|7-R8V|?aJ#bx^!*1)c8OYRs{zU`m
z=@@1!`U5ZJ%K1-idnIdcd<)^P$Pdw&;1W+4fzG89QA4xf1>|z0M|mED$$@#USa~;b
z?mC}XPwazv?}0%*LxrWY^4l_Q=TPSqVw(e{sdHYz=Eo|M!`fmP5w*Hfn>aPB2m^)Q
zZnwXGPe@v_lfLbY?-QeKUJY$F*fs3`6%6OPG52_rcx-i9?=FTE=l40{JvljMD-VzV
zSX%qUQ)JbMMQgmGrt-%LisD+#VGLo|_RF#BfTD2CyVzKfF`k}`)#h|Dr7LZ9yt?eN
zyT=e`a76wzj4!tidIe{9ZA@pENdO{#Gc=k-ZpuC^03|JOHIE96vQKmkfKsb%QHELz
zOZ;9QnBpo6)TIlC@z-l^Z7D-&{hs-^oiZ8Wne*r;r23qt-xD()0
z?+5vIyyssBrq@S-cDEC;b?a!q5{F>Z=QDs=L|lY`sBD9mjE-Fqp|uUvTa1a2DU}~?
z-9lu9Sv5^V4Y-4$vJ06JTwx3qi_2imv@70c{kY9lEF#-J6
zMkD2r(V5mo2~eiN8vE@*n$8#m5{z~~L;s*|el}>!f2{II13MfJfi$qe%K!~vyg9TE
zVlb1Iygv%Umg4jXs@pkZXxY+(m$e0gR;KL1JTZig?zfWJA_#N>BNe%>G_<^O$CXkgpV2Zpif8+iDT59R-UP6-
z8~JXFX7x~`L0B0&D5V1H6m_f%j^!pDZ@{tQ(H}l?tm{g>R|dqy4ode!voC3D@onUJ
z<0IWzVo;?6ViFud`l7YK8ALMfjeEzvR$s(c;3bVd>kV!Pt%n}J*$ktQS_nU2p&Vq3
zFa1_V7~5kUh*w@moIV;qVre?tnp{7KCl$Si*wiW}2QB1B-phI%^Vg3?O^E(?|VoM`4!)Fp}H0swPg2
zh&5}e0stivCjhoXHbuMRuW`qBr`>moreTP4Ap=)uPA0p7AsM92K}1OOA`T*Vly&WtCDLS4JU$sT)^iqU0Aw$`Lb?=ysq8u
zt0Em0a6&Q3T0I9Dk_~NH&NmAXSlHat)InG&a0+~Hc165dVm~RCgV>Wz8v3;JDyftZ
z4_DyEE^9aI;%nW(;q(!_I9Me(bR;#C^Twsff8peVHf?ggj7y%w_KBBFgoepG*(J$#
z)zDDSeBQu9#iTrT)_ShRWtja2mCQb%DlJdZGrGL%aagvGAxKzHWS6@S1Sg9fnnsqz
zR1JbD49$OmqL|5l1prihy6mx+C(U%j+Gbe*LU=J&HlYMbz_7+-ngkz^Smf%n!w}Dm
z_e+N3stcX3TnVPc#peP)aR0l&JMQv%f@+2@63*Rl*wVW$Fq3{gNKOJRsB@)QL15XONYFJ5C%#UNmlliCAy?ZCvEqiEFtSe$EH8l7ltdJ|YWMyH79nh2c@Zk1!piot}4RV6I@`%S?VW-ir`;_x3Tk7A&UVTB2C^
zK2Rvv`$n~7Z-=QCIN%XVlDkk&kD|$8t8EmNts1V;m}!|P5SeWLTw;X)lLm{~$XQi?
z$=pj9h^bxu48RBlw{Thkbsx3w<1f)3IIp{t&nSJzDJ{P(@$>=M#!72)8~q-rV)F^k
z3+GAj8zi(4K7((%-P6A3)6>#+yt%HAXG;R!
zlsX=Pbr$?Fw`GB{B?XoOn@d1~_bIy(LJNjEFKvjdaDm3Uv;$B-(#V3%l|dXyeD}v)
zzz2qIcD_o17;3{c;FDOLW4QkPnKlNls>4BmGGtL&Ko?3axhkcAMvS?Itm5)fdGRnW
zUY)CkC~$H6>a)}>zUjj9iv4ONwMZ#I35jjzDvX~?qVKE7h|xuQ0k&HFYnG3g%qBf{QQkBN!fGa
z57$Ece`U#{>M?dWe_fgC%p?voPxxVhn?%RF!tv{?B!Y}Rq`b{ClA2ETWj0l^eu-I`
zZxlRX(fmsQ8i`4!fn;H|paUHG5F_ViiyG9hZZg3*p?4E>bJfh$hONZ$!-25d2bG7S
zv(4xZ3ePZtM*oSL5x{;~oYg2V_w4l&l1k&UUp5gKb4r{kXZa+>K0LBK=0;f8oyd5D
zS8|VFIy=DuCUg`CC>66ukv~qoQy>wrZ_`m9>={Wgp|RYX07UI|w!pyo(9Tq^HHp}0
zcypF$(G(Y{U?5|gCQE=TB*LVu-M9WYKzGc!V^@MxxHs4&uhGr}y~v14hj!-fiE
z2pcMB_kxg7+>qg3Zh(ut<4%>L9AXR
zrc;!Uaw}_p!6;I@FTy@q=Z=b!E>0B-#Fgza1guD>mJx3Si{52zGC~z6w=@%LLN?M
zf(9Kxc(KkQ(VZykDM(SHT#0q9rv3zP8C0O#Nu(^9)rAvn^=1KXTiJMGCxg}#+nwND
zx}sii&dGJOni-@v_v|=kq`?-Lk>E`!jR=Qkn7m5aHFtJ;z{tC5P>TGM^pcw)R=WK;
z`=&2vGnmZ{6N`}rJ}#z%>rCnuDqQr^y>&E{ZVoIvqCgofqLBIW7D*qu0*Zp>X1hgN-fW1jaaXhER!s~$W0klP9*psq!
z47GY8lJ|uZ)Ege4U7Y}2f8w(GS1!mpm0i>_Vx6inaoT834+hC5q~{FE3;2s`siU)`
zwiqP%WKmh~cY4Q4V_(6&@+MlbNQGxDbVq&b#B&D)#~y^n%H%$l9h2%us6{dPMLeFf
zkCiedIL31&U|BVhfa#Z&0RYsuYJ-L-k0$8y*wBG5*iV?c%{ekzpK}LK
zwvGR>b^=}(`$}+D?A(Sc`<#^`9?U#YR&ZgPQdP-@9Gi-v@*})JPNlFyR3#g{Tt+)$
z#rjGRlu<9T_wc-uN4;qs$l_O;6|cBnqj13}Tw?L(>hQ58Ah2jDNik+drIa_0{jh*a
zzDNWYS)47Y-x5nLFH(qqqsS2_&`Sj7`2hBqS^7isTPatt92E>zw(?nv2cW~)6#qI2
ze^A`orHUAVCvr=8Nl$K4(0MhNOsalWUc7|idZ#-8Lp*B?>G{(Bvju}Cn9)8!R|S6b
zHM33B?dEDs{ziu{MlgYz6PRP706!u)~
zqU`Y9L;)a5-8&BhA{<;G`yweRuH#MOKJJqbTNC~=;rE8rmKFj?9sAjuc0O{vze#;+
z7b8$Q2KN{JU5EXn2?ig);ZwAcCdT9xBc|jJP(dvo4YIG=Yb4}*+zj0FYz(gx$pIW9kDS89@1wR%n@GLwot81mn$2^+#hRt=cqxlvtAV=;H+*r*W;C6;sT+G2tSaJ(a
zc+7A|@=1BS`B0=19oGa)u*)d7QRq7$@Gsw3bxmu#
ztaeeiBHyjbbKs%<$^u4)*F(S}>w6}+$jY}F(EUVfd!NFnM?l^+P?Bt`x&7jcP*SN{
zDG@w}iCIc{0LK%JDU(1F+S4~l;450!Tk87mABPHMH^tTm`kr;@xy+nD?d+?t`Dq42
z#SNsh5fYj^LSzL^AY8Yo6(dp>{bJnF9cTL4akgfs2ClMD4SVv%VUK?_F%kW+y9*D9
zN%4Ss%xW^{da?Z1Ad%v738O(sC&Hm~R@_hwsSn{1008iBtRy%COg%tY%_gGKXbQ(*q#N8+i%C$H9U9T|SDPqO1p%}VT(@I}a)3al0-CSau
z)m-F9Zqj{5bx?02tj(29Dy|@{#v;zDwQ!v|157{lidHQY!Lgeb8Rf*ON{Ws>OE#P>
zZ(A&PF@^qmYtqwBmefNR#*_9683IKpA1OLIKv@;g?17BAk?^Qi*xB_gQ5~LD=mqh=
zCgfv$!#4aMqLDe33m|((TP!&pm9j!y7;Q<_Bb&^Pl*5sb27;CcLD8T!ep}}%l@|hP
z;uh*q4usYQPFD9J;u3f8{CcPj(>*N5nLUO0;xLB!pMR~OQrU(8Ax%1?x7R4QutTYS
znoDo_ZFV4yARN#PP(~od3r$iD84qxMDD8UT?_dYTrf?bi`A}_7UN`6_c)|~lGIk{^>
zT#*VLo$iF-S^bPbD^wAfw0%rI3NUvqz|=@`L>MsczU>a1J|nPc#vtlzbx;ArtQuJM
z(3FX8UY?_PJ>)npV;r^q6c
z>oq0+m_XKOT)qq+tJgN0Qz^Zvd?j?R(7Vw#wQ7+hu(01(I-{e#emAEWM>Icx_3lA{
zNLrfcuNt#swo{N7rG1n$6I=D=1_?EGMaXt><9_!?k49)alDO-{Z8usVH)~E&BG~pd
zLY&r(3rvt1sB^}GiJ~sa3f*8`&6dG>1xFS)3|%>LqAeFm1i_tqERY~wcw?>8
z+c%ZO(yFhvg9ty=r|E~JL7-Z23Z+1AT1CTLtW*N9Wh{e{`hgU$Twt2=x5Fna$&~Ph
zOnc@K6~t3QNX@mYaRMsy`X1*UGslQ{Jmud?PH+yrLrh{6{uE~v7i2+})u9U;{kT-%
z)Qm5@jv39*>TNcbFR3Wi>hs`a-(~upC6F{s?301xK_+HMm*-@xwfmT#s0z<|))+eQ=w^M6w-L9iETt0$(cJJxb4KB?4{EMR(7cXEH!
z?<}ab#T*P6t3jc;RV@NRt5w=vpi7lp7B1WRoJv>jxIo|e29i7qi>b(x8C5h`Al00b;Q3C(
zGAd+Kn1=E0&{1>AG9n}6f)LcRSZjiBL2pxLYF0-bm)$C6UzWpeYTq72pXVq%{iwMs3(dN3LQ^7Wj+GQNR{1w1oQo4iGIM
z5atP!$+Uto>~RIQ*lX${ZxvHVG^q+b
zu`7}+>#&hR%%pR{m0~mc-sXEY_ry`6-~Hn^x?|}naHgWD2s0M~RPIz#LhF1;S1FBy
z!s>1#7nw6x;Ks&r`~dUxDANU5vN(jvg^PDRdSCE|L1-}KcOLy{geTKDl!4j#4ag9{
zFd3nXlp%1m@$`bvp{onwiAMSGVDA3yWj3dn+=iCSD{BE?IB13-tAZNVk|jX!1susPMvOMT7OJZOT=RypXuTwR0yQ*|D-xl7m2$54@q
zE_qtK1G3(mTn8(eb?D}g^_O{kZ3`l(UKy}X5}l8XTTjTlmtX=DxABeRk?k18j3Gc*%#}>o=eoa-1{hSr`Hht>9ewZUu-}bn0ZZGm
zVnCQwdYL>zatDkl5a~7#-RtAgK&tMormp{%
z)IeqRWyva{T)PBPA5;e2>>f_6+khEmP
zT(bOBsvZ@7DF~md2uvc#)&-(7XE{oYBdK<84om^37w@`^3vpkg2bi1afR(ICXx?M+
z4T%yDgU(l{cYsE{#*%7*vLP9g_PZJg(<`5V!;&r1w%;H=uK3;TAyujswThIq7F2C}-2J|1K^@o;8(
zfpb9AwazZFbwzCY+S8^D_9&0~$K4%Ew`e=cMFoeA0d}_z+f%9nl~bZ(N6gZ7FUSB?
z6_grI7dI?XO@kGaPF8Ql@T0dx!i6HWK(KlGS%hYJdX&vbv<|}WJVDIvo{NgG=w^-?
z`l6-V-dZ9T7lrhqHAbP&oIMJC=uA?MdpG;c*fdJnGfcpc;DL>@PUx%I^Qd__*-Nv`
zGt*mVV<-`)X$&m^x~!Tz)ZwVYRt%^wn&cF5LAxO>e~AnEWjM=%OxSlYhcJ;v1E
zklPZ#tp`7x$&;8N*_ZZ^O>5XmysC
zGYI=zm3GKH5T4$7ESi%wPZX3lI4$C@6y+MzZOI}D#OMbgxQh0N$Rh|J<^)E^E%HqF
z%3zO{Uv2L1V~TUQklwPax!K1vFG*%;sm`CL69AxS1}>dZ+Am1z<;z~%m*6Zgnq}?C
zYP$=H95efYJc25XCp0H>Z{z9U=_b0L**`
zO?Y&|RXTEcbhBm+Bi>z+%}C}glGoXr4#BI#dGB>J-hZR}h~>CFOBa*qAP#Fl;kAe>
zi3Os77FP0G>~g9Yto{jd{Y2v0Ly8(r7-96Q~x2M;J*MKly7~?B=b1fb#HvyP(4@
zP!BP;ih{Cy)6M3y$qzf%hao%dA~dwgW0Ipl%NMUI0WWEDXWAxf9&^o|`2w*4R~X0a
zUB*c98=BL@W|lWSSkn{?F#|6m1R{75BHaWNT?v<@E#5rVtH2u4r5d<>a4R0k7
z7qHanc=Tx2E?*^}Kom>YdH&RChIR_#p9${5-i>D;!gWRg`DiS~_7SHOL^R}0sLUC`z)HvXSG<_7yndRymLQXY-PyffoPrg7Sz>ojz)mBRrjw47gUe>l
zmc|s0*;}3FhN&M_1(uEpmpqPRdhXWw#5P%;|1MQmZ*p=_RJ{7}X!;|zAAh5M}ueowOS
zU;v-MzZkF_<9heN7B|i>zVlL}a|J!0&@^sAldVYAo^9H2fN~IbNMp+5?m;wZfih1E
zF(jH>_B|+NfrjofIvT!R1zn*r8sSr~9^qu8j>ah6)4_9G82Z63DD%p6%+U@g=|pfU
zDmoJGTj^N>>$M57JRRvR{)ut1xXR6GhJ|+%<+_D$mDE_NjutVg9?3Rp&JQlQf)FD_
zWRr4|Y&=
zt@kghb~Y-tfY$e}*_t1Z-}d@ZuMbi<)H{p?|D!KXMHc(wrzEs~{V2{H9M4m_k?`F~
z;(subJe3Li&2ARvPBE32ozvn_mgB1HO~5CCI+b2sNkSfvBDKxN@
zfppNGP{M*9+hKqD7PD{QhM5p4pA}c}qMjMGc~#UQ3`st(hCCCQ?OmnmVMP
zWuY@_gQW*eR_=C<0AEaeWKU_U$^|}VJh)#fjF$78LMt@eH;qSaVYn%}le+D-wM|$E
zna0L>cR=)RGmbzS7kI+SjEe1UdBgNg@tK{gDp@~@u{uqkXAN!HH
z2dLr{{58z>O1v|_nsm7jXr$c;70jTslHxqoD^=EW%&?r{ICj^>U0s=Yp|OD2YMpX*
zBvUVNk6Kr~(eUSxV(lRsY*Eo6T)0~n-%G|!PO>bMfUkHDnE8?n3(esr#DbYZsZ7k1
zEFR5#oGLEOd@hxx)2|F&j@i@D<>h^Ta4yH`(sns?mI}q(>1v3;U=Iqow*a2YaN@}O
z5{`hWDW;gXyGZz?V}4a1W+iC0AJVs&c=nfb#4lzw4?upK?;Q0I*xhN};YmFf2i2R^
zhv!eInk>p;3pX9{?zoEp2gBzq?3l{6q<&mu5=?oXPTrrSB?@RZ(S(0~FqEmD5y!c*
z1xa(eLq8Z?pN@h7bG71Lq&0spEaQ@2gN-3;Nb(;HLCMBs_|bl)vic@%Eq!3?FFN6_
zbU7vzr<<;Pl5&8Wi^^0Dk-S5!HdXX
zYF7HtY%%r(o_qKRxJq+vSgClH*O
zGHv&L+9DzGf9KzNn|UYf_D7i5Hz<_Bp@S@
z!nDRfOX23Vh6h~?{OGoYBe%TSa`UcGyR;j1Mqb}-+C?pY@wsiHQSw%S397XHi3x|QfV7TJt6tvh)__ehU1}I(!bA?8rlD@)1U4y0PFmEV<
zhWU<5uM^?bPp*CjFJa0chhQ(C9JTMmgNgRWn2|8~j52TdD5y~%0tDFl90OiDF9I2G
z>o7D|z>8wd$O+3GSyFb?>Z^KyvL(Tc9Otr;)nDAgdt>JO`OI;$bj1(vFVQ@l(ab`y`guB%KP7pi}ysk>|ReJq6qG)ViYZtjqi#EKnN9C@|+c;@xs%WUD;;SjSt!yqHt)-7`X)=1xG_$
z{-G
zj@z(gfVDw71AHlXXb45tWzl0|fKV|!Xg}N8?Iro}PcJko$D$;Ve5G^j6@VoztUbEE
z2W_g}Eg{vuA*50bQY)t5KsOU4c;}#u4e&Vhkcst@uOdDeI%CTQMSZ)ZwMJrP=>>c%
z;y15~_!dv}%YQwbs2CQY&8ZYV_}rjO#~yFr6U8r^nGJjvp#p%5~EDJq%LJu@m4^}&p_5cVp+9u&-=^){)ArqS`J
zhj7*l8I$;veQZUqZFCu~p{ewYo-0g`&(4D&444i~VVj{YS4q=s4#I`QcIq)jls-4CXBr6)8)pN=$VSrt_!m{M8oj?m{
zrPtj-owF1)kQ7{`JH3+XZMmQ3p$#l#lf5V#@7T%)o)$Y?L9e7TRJ0Jwr@0V#n~>Fn
z9YA3B)*UQdW8)?`qk5Q}4zOZ-gugv%^3lCt6RW||jLW;ILhd0~&Y4&8Ee9qPWOc3a
zS*FWi8O?kP%u-i4Kdohu$}H3#kJ83>DrhI3N`QPC2jFS*5PrA)k7J=3j-l?;`|;C&_dQ=x6bA(D`dlTL^RA6hA`S+tH*85KMuo1Yw
z*oesG{yb)!Jk@p48m(+9GEbZ#@}#JNXCTfn3JxSGs$yA94~mdWV9M@0w&ZPXqliX3
zcCmtJnV0!z9t0G2LX9^QIP2)4_1bNi%i$|Pg(Mp+Or|sS!~9}LiwlLoWrq@lKD?+#
z18T>Pv)C(|O|fJ_zlBWV$M6-acIEoVUeGcyzZ}1HYrlzACnAV)$wOenL-hKoZVs_h
zSkwH5ui)LeZbBm9Ct95=N8juLru)9#JCp(I6UDP^OG$`M+P<9Gh8i==FJ0IJpQb{W
zJf^9AH_AI0yu|`kNgiNM4N-lP+kpDZ-uh4s@${
zpxYzNt(3Mx+3I-J8XMg08`|e0gD?S2-a(Dbn*2lL3yQz6z
zq!9+~Y{hoWP2k0*^P85qfuj-x%2Imi>@xLt>g=otY-hteh!~bD7;MCc)=odqkUKP17&!sEauLd06Z{>wiv#g8cvg_{DQjAHW2#?p{(a_r||%f^g3fWFwa=p
zB52jXvBGPjrX}_5Y@4{Cz-3`y2}{&`qNW$se1>r*74tii8E7rr9FUCk^IQR|<~$fv
zj&63Xz1L(t%(9Dk?KL@P5jc}XG>J1&AuPcGo2wv47`06;Op3SL9ZK=+L~H^<
zH&1eU`cM9j($TzWI=J;)*?Jhe_?b_fX)+l@O$pc_GY7
z_SuWUGpypO$?L#dUDaFIpjC>}JH+o;>or7)#la9b%S1+t_+BcOedi586_;KIYyT0z
z2Juw#y#(Fi*zfU%u6dBQbs6w7*+y+N@8M~XDIOl!(oNrW&-f)NrENVKn0}*hl3%c@
z*`wFdvWN9mk_WK>Vqt&M?Me-n_o4yZG^skzz#5bj(4>sD&Qvjm=bZ
z|Cj>mlZBp*3FT`}feRm?0+QIQ%3ea}2Dino$EKU)W3xBqVgZSLp=YEb*LL14Xba19
z1mYRANNagH?r2sn`zlSleQx)XI>U9zJGExLa8s!FppDfX>@7$|mqr%vkSksb6D9NJJo_Cvz6vhpW*1JiKm^i)^`{Fj>0r=kN2q=IwnqcMR
z4vi$*cj(5~dhc7_X3kw@l22$F=efe{5n6U`qg!S!>j(8^7Fu#FU9QVbi_U}+(0CYj
z)Urs3SAOZBCPfz*RaqA>RhqX(>IDxa@h-kzj7$%cZ#s0NzjPfw;0jGB&%hxI5-PY5GVhf^%L}rP)8q`>!iVL8;
zrCkhOGu^i6fezFjg9ULqAQxIbp4fxW&K7{N5589V}*$T$tI5swW
z9BeZ$dpWrpjy6OT)etThjYYu2Q9KOhm|vZt6~`bdHLVy-Kl8<6R|^FKn!Nvise2PR
z$+EIeG*v)gR1|q`fR=zQG);F!*4`Ek)m2e+R#$hGmBk_|VN_&fWmIKmWJg41RiU=1
zh%ADDK0#;14Us`dP#F|O98ghFKzy=@zzCy&D~#K3L?841-*(Tr=bjUHiO71R0$-hs
z8#nGf%eVZ$ZPoxQ?AkPRLUReoAg^F+?1-4Hq87D^!7lxKh$ms|toE~NpE(OVx)fyJ
zVCLFZzML0x#w;EfV`p$v*%;Lyfx+;sMvT;hj_m~8I^$1~-zai3dq=06)ip2GuE^NE
zw=DwKVIv(T7nX3AVqoRHJn`-w!4I?*#8
zTz5cHszQ{9WT#O!mgdBG)7#pQrBjlk+c`c&<}yVkO^XmYm5Y(a_4p61SLqgx&Z)PHy;t_;bY?C<
zaRtn6fn&x|i9#iln7N)$6pUQ~Yv0c|id|v>Xj4%_4iL+bdy>%LFSv7%D=WX{eC2r?
zWY>d>vbUArg&kfS)@jfbBridC3&jf$=aCWknrOGhn3;L(
zH0Zcl8tSA&p;u=y33v<~c8kYGoPy6Vd~u6>Av_oGo{;^s!%(U-K!PD58SRl4vcqW7
zK-L$^6@lXh*wC&1gRJtXcz}qG7^p
zl$!__;zp~7mzEdvp^3acnhU?LS;@J+UR_?ZvjL8Y9oIe&4H5Ac2d$@NghvU-&2cgh
zk?~$_p4Ko2iTZWqdCNmYc!k6fy42d|>WX8?I6;sRUBR$|R4-&RTKR^q7ILPOowfr5
zfH(jUwTbDRH6Qa%O)FABT7(s`@PVoW9FakIpm)H#(sM0oj+Iu;YZ57h;zGU42256G
zY1r!)7|~vz_<6eiYjVdkgw_cV&s)gbue)eOcu^%}4n!*Avy&zwC(>{^hjh7oIgTiR
z(qO>8_hR!rh>K)gUuR7sc0LP(HIy
z&dZpD&7VFKs;p0?nEdL0(4;^eJ%YySk5WKgqx
zMKTW^up2r-#qiAjsuD1U1!@k3ze=sW0}ANk2u3@)VTM{(a#2=uV_~&BSVw~6RdDG@
z-cR19F{OO|(Fvrgo$GH&(yDZ#cnZaW$+oJiA0E^k5!ou62>0}EmSbj9jy0N!amwcy
zJKVxyi{*rfP0~Y>=f9zyQOJ~xpBpDvie3lu^@+0>UemN{&vxqu&gxwq&FdMXISbG6
zw3K}6mrmv$stb5x$@I>SX)!4iFs{$cu0+P)6DS*|VwY3qsL+5GyQ#vm;!i5Z7Wd0b
zO`R?(vIt6B=N(r^@?1=QdcW}+N>E(xAW(mGFcEg*przCUXH1?%yaWPJuR8iVPE(eH
zFpr0vZplK%@t$=-4O8uOiFV?H%zWEfL)BruGA)?x0BFIZ?#h6pCa^6sPcS1J5NUN;
zogaCP-Ey$Qb-Xu+Ud53GHl{k7igXm6LOc_T|7odp(zvf+c0tqt?^LYkXql4=tQQCT)=I_Md@(P6~zGwC!&L@44
zfIdkV;fI};GIMZ$^@
z0ou`_3SG~HYtWs{NJtOd`)#U+tARbVlG)_AgY1Kn#}|w9gYTrcnpUq7m7X_7#JkdJ
z0WCZsQQ#;%<5GrXYsJAs1ia;p(sPJRI!jGJc5ydOH-e6UgG8%ZPYm
z?w>3)2{H~5fn5Ec(aP?kVqU4UR?rqhw~w5Sq7E!KjGp%lpvJR=?RvW7)7{ZUY{aXXe6_a(Wu~qzc8r2)1PQe
z6}c9{z*`4(%-Mp}0FOD~e1Zqep7Y_$Sm*#%P2<>sxD_FaZn*guHNEu7n*%D=eH{Ni
zI|ReZx$n;r27pa`DF-)Rm;yRb0Fv7^3Iq6g3+$mYm_Bpn5zHf>u){|%i-;gUKunFo
zm00{`o_o=a1HIf6=fq&?EKNt2@_Vh2|oC)78lK0IVMK}GGA
zvL0d&?KU+>-9Vef$r^gQb~jhXNFGqYxArqEc8+ly-L-*K@HpGE)(jSLTu~IIoj$!R
zD3rH&R;OYgU{&EQc~-zz6@;_NZXBH&`OjHOrAz4H9F;CqMJmjR3{m`pa8#=-LFu=o
z?3Y$CWhWYm;o}r$+qu1qrepA}(YN#OQ=iLJW^ML*5(~y>*LuvxJ>*DrXUHuwtp>45spo|y?+si5N*}iX>%3Aa`p?}I}(A_
zVCkS{PYFXh>>ENk1$P%u62&PIFD7{_DJE`hrlhM&Yns7ko0^yIP>&Q*mCzjb0<`0P
zpM#%J8;K%U=78^l1Z)nXI_d#RMM?x+x5Rz#X}%(BHm!Wf^<>~-@8Ed=@tlxm5OP+X
ztq_sLR$8_SvSrBaw~I(uhC+a6#PPQf`3x5~D}75(SzT@89E^wqCFJCBPoFDzRMg}{
zL(emVGL!>{)tOMU1e&Yh=xD2;v33fI0Q>9|$XZ&>-#@HAi;T73z|NIdBCp$-2BRWqG3E9`xcMMnN;hIw?N5c(-3G};)0$cg(bU;TV
ziFkp6#iR&!CH0f9CiT+_52K`?D$^iBzvt6z`KjEu8PeDB};If3!&70{f%g@;Gyzj3CQ9KM}S_$}-
zXbE_p2>`tph$mSn@x1*Z+i*({!>cc%T+=hjj_uOXcahpWUh-A!4pR&%O
zeE4x8@HLFl)&@2Fx5)k5A1PFa=kd-W*mxmhyrHoX@nCtDdBAA(iwR_|i~}4rwRB2V
zzg$ij7;7}UmDGLcGDz0kqJ;I4tMe|_4nCF?0iEq)Rd#SE_0{{kRtslSbk63Q=0?WQQ
zLU})MJ`Q>T;)MmH1MUd{?^~WyWw=Q_$Ev3tgqp?lctuvB{4$FCR8cLL;-t=*t8ALk
zY_hf6cmscZh2KM|uZ|HqI6E0ZvwstXqg;AX2G;Ff=FUQ)i1q)BA^K|Da{^f#
z75aGt)wL-y)9ubaA{!7yimn23r+IMYEC7Q|x$zdW$vH>B`Wj8JJ6nr>&m`;_iss@-
zuJgkupFas#dO@+sbuP#=)Ud%FX#^Lc6L4SV?M=c~`zsXJ%5E7?K?vi;LuJPELgYOt
zXJJ%t6d1A>`g7~8$HC!9`L%c&7OwuE{oYe4he(m1IXfM2$NGZB^L+K=rzmyh6}Ymp
zRq_f^-S0NqDrm4tYePmmJhhFCnG9k?h#y&Z6oBmll;q|)=24skGYTzk17+TOmrwM!
zCTpFGTvV>ZI()N(rvVq`ilhV)9T7By($6A6(-tfp?*BuC>Ky0fNsGdbQQM
z^;RIwgPyLLn3Q-PiUQfUXfaC_cQyO0EYw@86@o!v|20gfb>4IHoW^XuM!V=j+W=6@
zFP+Ev!%3i;2?*ig;2L>()500jpCWFJ!{=c?0>NNPOuBGI+}*!&dLS88nAGMts0-}!
zo-?<|QKi}*P?iN-gyO)|hpeKwAn|#x)$=NwQI@r+5m`|0CVQ-zb0qae&EcpVLNaB>EiXtYkYo4D0>=vqzrrBG1!Ko+g?0`J8uD3>mtjo-$9JG
zuLoo^G@B=!3OkD*{H~6m-gs7GMF@&O#S&zOY_D>3siO6Dr%BL3*hw@6q5cS^iT$z^
zRl^t&P>a2tBOG05fjW2=R5k#tQK9Xtnd|wfUh!K8RaG*6LDPc
z&7u|PdBI$?dv^n-+LqqlcmvZlt`n1XZnz@QcA_*nn9rXeg{~bCM>;EOS4cI_rJNt%Li`LMR@pQV$O1
zv(UQaJST%u7P6&#$9)JE6%gIE3zWAiWh2lM8+?g8OjB=BhYq@U{sFM*pqevR`L=W
z1ZXJr-1B=pth(StQ*CEn>9qo<1v5BhS_`(9Ie!ZuWPXprC*}eX#o*9!aD2Ju_U!?+
zbw@oHxRiR6yEqTV1s3V6SMDgl_8i5)@1jyBu2hTLpaW_Uc_tj$|J&>ssiSrSdX(X>
z&=;UCaDsWkl~Y%Q%0o>>ie!Iq!D0cPx0xgOiR3YB6g7D2$B?x-M30e06}&Nwp`Z_>
zPcv%>8oEQdFZ8~U7Im3f&?K9~`bP+XVbz)EFe_SDl(>?dBhtIMo|$cBPqDXhKaukV
z1&w8g>)7NozQPv}d510@5UbRXfo#?N6t;$FwZM#u#i-@1(5Pu^N{>U>c@?UEF%u?q
zj_WSoAxm5+1yHnP%8?GdzU27bO}4>FJy}?6%8#P^b?N~<0JjV}yD;K!aSaJ;nW~|5
zxePaDgXUnMh|?iy=vHz+C@6nr)ZNM{(G*`@`qTCv+M7l+VNaW*bVA@N=`OQuQ3byf
zST$hP4lkV{Z6R+P0rF*=m+(W+l0n&1D|!p_saS@j{;3JAm;Zqc7z>Czd^E49U2n-`9JMsXJ57)Oh
zHYs-c+(2VVX>+va1V;l2)ltHYA63arH90#zzEpM?xa&f#q*{Ugov0LmYUygDz_e
z9fWG0S#^T1Haj+#H^oiB{Rc5BEwISmP?e9@tNw|QoI9()I+bTaNkcs?a$PYR2<&Au
zYkn~!AjE=N8^j_~X*Qo;uEO#3H!7CLB=J>}ZmsxRWhgl-)KtX($*Jb**o*Y^HYq&D
zi1(u))edz&++J-ISJ@`~7T$TTN**Zn^*2mq7TRhN#)4ew;Wi|#V9s0-i*{^6TdZ84k=0*lL73V>L#tE>mA#Mu^NDAE2xx5C}K106;&v;(Dqe9UVvS!YofZeqY
z7xSI*A`R53TryL^As^V0UbJxL7!PWb=}>S1eo7Q{l%)!1sE!Xt+1IE0MGT2VD=|i;+YubJ~M%9w1=&N_T`%mfD4T@nGQwYC&G!-M=~^V?8wqb^Wb$
znx*3(XEX6(s;l0E-;%(#I%ydz%by!Ne9(S1S)A;^8WxBvp_Y9u{tJxkQv1OXDo=y^
zXMsf8tWz+LeZ1|Lbnmj+E1MzG+ONqWMYJRJK7k75HGpI!nf{^{5ru3D2b+h(`UoeM
zGKMW25|e;uFcz6thFdN403ff2#@Y6e1G$0vlyo)EP@wW--L#iuxNJp(+t%6(hykY5
zmwIbd4@T>KM1P2W2C2x-F_qW<bjCoekfS?;@N9l2}dkOsXPlFSGD-Ge2qCVzJ(|)
za=oqf*SGp3j@{PdlVgrC9?A;>rjEdD>?`_xkMUCUHiaT0ZkyJPIjX011SUhzYmcBd
zSk2`nuZhJ+NV_n#yJPo>$`;$5*%!!WXr5%t#ivLaP$S!6sT6?4P@#Ahts*6#F5SQ_
z?m&BdYb!|7z#;S|F=E*D+Pz2sV!?P5UbnbBftA%0TTIwB=W6Q{7q+W&O-DYGz3lsY
zc2n=8s8?V0YZRQ|M6x;J>0s+A2IjUh+~{jAF&IS@0W6UYt>{
zCQu{&oHjS*I$0=`$I7h+E6%XBlN3HY1*x;02CY2yhIQH_zQiNwQ}Nz@z_CSt__I
zuxga`vcN#1%Ikxf^zw^t@{>l{T00l=w6CMFV=Giobg;R#jc$jgsAF$uV!qV^!hcdL
zI4~D9OosFnEP5>ukE;xbc-!{sG#hQqCMM&Cjf$F9*T
zkjirnSIKnOz{2;qiH8N7I!87%bO5Xw3^#-{_a-gsi%rKYDELMk3M+U94s}_nd8oe}
zXK2ULg^`HX?@7~`v#epkj*Sgb@X0P+=%D03y-lbeNB2gigcNedCL5iL8oA&+|bJ^={NbGAkZJ-+uf=e%C(yJ-o!yIv_gIcQJ)aM)ha54#Cv!E;bEhMJ
zoz2qzp7_$n%s?osMsxA7*sR{N8`yq;>yn;PJrb0m1TH6*85+-
zJ)HC@Z-u4N{Iol#D6;KB@`I~}V&S7b(x<2+lwY3b8O*^_Dot^FL!H!`ej5Ywj9`_v
zz2;s5BZU2dHV{&hY!Fm;_Bl}BLsZ&QAg_R+)#F~Q%x9J+a3mHa0`Y-S7FEHMS-?(q_YH;I~h!_
zH8T0KWT*0`p>;ED4d}8E!fc{BJgx5Cuwcx*t(=9g^&%#G3|WaPaAve_ZDqAyD{3!r*b;1=XNage
zlvV5%l*YETr*h%7!0m(b?tTz=YwsE&1%?~kBW|98fgYLp;912Q(M#60GF<79R9x_g
z0BK5EZ+7|=;XvW%9%{otDdEOKm|pJP(v0tB)k+`(WJ1`*7B;E3cnZc$=}R
z94E?|ZDhhJumsc;h+KblvN5!f_q0IBt9b20YK<%r^wHiqiwt#?8ueO8V$<`+Q7r>I
zCtp;Xl413dR^EYwOUaqqX&q+2&T%RQx1@LngVHgbIC#9GCXC+QmNQQ#_H3a9UKo&f
zIshLJSPta>b_rUzSZ)#toXpwa0817lGd`Y`Il=^Ic*Qim5&MB6Zv==TSL$)~7W3QG
z-+?aUl^&oj<2zJ8#t@3Dc!00l(IMZ3CX|Z$BUr8Z!>~mYq08KhR#?eA#3d`tVIf_K
znDNeX#Ou&tVKhvzyjFtu%Yj;nd6`R`pkd!fLD+o)9b7c0E&!{u5is;^$JUB?rDoKpgk%IiU8aQ
z@@l2nJ+_en9c9VF^*NzVe$;E)gKsqJ!U<+Ao=0f(kyx)@TlI8uy@?|c7iNO5k&Osj
zs-kTb&90@Xos$aWHeb^Ufyeig^|k|n0AC-MCPIwWWl5U9ZWDEYF=mQ0HNISNceY}H
zW|Fb_yx1MDDJ65HT@-Z~6;@C+Qp+?`OkiEZr*()BAG8f0jVIt{lg@CpZ4vlj`d*|~
z{c@cyIy64dQ+bx98DQ%c-0-j*v3BG(Knl?Y$$74#%>M(}3NYb1xsP4puR_{!X|)5D
zeuiKs?dSTO#&VCZ4^MEer9|kHY_&$p4feN1t7}p8T%_0m_Hl}|k~30lN5^T3bPz3?
zqgAYrun!;)?vl3)rlgE!ho_#V#l8=Y$|t9o3E5rC5Etga^~GSov&xNv;kC~%8sOkt
zt*HqG`XhKjFQ+f-WDq@tZB*kY?nnoh3s;{e+Yp7TxBq>$cd)}Y57@(Wc`+*rT;G$8
zGxANllam=hT*M|ee>`OR6yt$o!`QNh;lN1`=b##!k5`K?BjKTzQB1qDR_$fVz@<)i
zl$?hMQVRsTK73D(R|b%DHX-H)<2B+9O{C;OmXh=~CM3y6g341AxXTc0U|mah<>@PE
zz+G9AY_O8R!YsFWu2EY-BT-R~f(#nwk69tn2KKdG~HijvYOa591abJR(E
zQP_nb)t>RHEYyO`9e@Wosh94Cz1BK(Lc?X@r#w4E;Ow1E32s)_&Dnp#*2gVx5746<6G-OnBCcm7oI`LLxdxu<`Mh6b2656iNYyf%Be?
z*O5vrNTG(*evUEUpn!`Nl$)b+la~9yT&~_Jz5&Ui${aU`oBi>2Zw&Qe7PpJnpk3kkf?ZoZ7G`KoE4o|5ehsOwaY`{nSE)gDRv9{opC$>?KV~e!Z0GA
zJxR$7?{x7alD|1;F|`*^(P#Qho|ABzA~tS@yFdQ%WzzjN*-51+
zbbQL9r)6sbTX%=lDDX6k8j#(c+jJ7@-8!5PUL=PR!;9hjHZf(1^?`$dn;l~vxA;>s
zKe^wkFl8C{Np?_?X?4e>WRrqbX!(oFK+l$t#z}d&*eRPN=fCDzm0B$UpFlgczO?@htTF4%`f%~
z|C_y>P&*?&jWP~MaXh({pGq4Rn)+SPpU@uHYsV~(OLq>VOF^Q7giy<+slVAk_mSfVT^PP
z37$2pl^zpJxvn#ZN~+O2P=1`e1M1)bZjV%cn)f>GwxjI!@%z^Y>Y3`c`bXBMyEGBpL&kr-E1QpNg{kp
zcGg^f(AC5U9l$B2&e!P3X~c@f`tV|l%nDL6_}>B_lC$cbZKSB4Md)(nGpLr2+jAvL
zolnVYsMcWDBPj8JHUK%Y+3$`nTvN>ya8)+8(^LbQawwK2;W17{TdUN%OTD??nThUGIc9+Op4AV&e7_qe|4)*Cx`A9e?R;^
z2%{`h;R$(xLhZf&!49F&%z-cghe=Jb2{2X&>tq!iTArjL112#NwK4Dn3fh&baOE4d
zg2CTN>xVFqR&`tzw?rtF9^<&sbcfi3G`Wv9R-6p9P+~XX{8Fe}Zdh^UTnHR?;u1+_
zI$*W4zS
z>$_@8>>`RrCVi#@ca!=iRZvRruEN$$URs2In-~>pQ2?_(LyB2gyHby%`Iijylt0&V
z6i7!HW^92Zo#DBGYI~+SXY}D!u!+x)20H^S0#E%Y$3@((L?r4;RF1eWH0N()**;9;w%O
z^eJ_!vY+#{lH<@NsI)dCPl}4hpB7-kLaq@xyPtEctH7cQVOJ52DKihbQUW^JLD@kM
zB`V(`vBB4c4V+;tcxkBx#+-+aq!^xXu{_S3-0@R^*J&)Bz_#VdW>%g&5SMLfDHsU;
z^U#|)77d07cru!MQ;m$+BXj}4
z0*nGVvLy!%_7AHl1f%eoEoySHW76Kzn#KAdmwH@z>WJj589Hv#`uBiuq#oO;mY#h`
zn~OZr5x9y?Gz6BM)CaDMM`C|bkQW#w2VWGITzp4S-77j3$jKRVQQYd>T07^J;Wfm|
z+1%TZcG=8)=ID14fL{Dg@@mCkXg-dji+Vwle04!i*j`h^8dF=PXc}T6j&Z9uscOKwn%K6Zia9|U6WvirG
zSN6imP2JLaCj4-e8B48AMkG%UFAjQH$pEnREb|MD0}5+7izYq{ZJ^w1W5LXp0OQao
zPV`N@kHM&dc364jggz&_vzZ07ZT1vN0jt1Ol|h>mhB&$p(DqoSH|xv2?wG7_NI
zEChauw((;auIlFVgQWP0w3Vs~SsON;OAr6`wd0;FVIB?kp;kzYz@UpQiV`c*+lUmylVt^F3`6qNZwCqp(A
zyy2>%(}wEyCfnWh)BVkh6Xb!M>rb{vn*{p^nn`v3VFVJeN&mDsJ};`lMOf9@bm*JY
z+gw?kdB3&W7kIbP8kZr
zp>TOf$J#OVI|LcyGOPCW09#Iz|
z6%Vkv&6YJ;UtWO^X)03(qQ~v_uToW4eh2=i7|i=AR!{yZzb9s02`8#&r9y6E0TBw3
zgJR@K2nJIvs-pVCv1j#SjlfsPRN_2>uzE=(yi*nN(hB*<7njaKw~=T}ykV=uR+lHqm11|kBxgvGK!%x(n-i1U7ikh1TNVpJD;rg33eIhc90I$Ts`nkAnp^%qE81=
z-~lY9y5=`svb`kku}iDsa#-!Q3drulz2wo!Oi}7UbX3~h2&Ct`w>qtqsZB@=rshb0
zvy15H&R})vY2y*591IGf(-#JlD+A~Hrc2N&Y^Qx-r@OvQ8C}r7B(4m&p8Utd;lQPc
zM=WuAO<-I!QGT$INZ-rb9$*Btv{Tcrp%C(%RE?OA9T?JQd}W3X2Yz=xuSNXK-HM}7
zB(i&+=a2oNcZMcoCyW;1hgkCf{g2}vZ4MNuS?(egMlLRB
z_$?U8nQKxKJ9@>Dyt1&3_IIq4qh!=&^jzbhdM{=-^C%~+L0yfC?2e^B|B6PQ6U)U6
zAHupy?gjsl#sId|A(zR}*jCP*Sz=PkJE-h{5Y9(
zt$7F?eoDvBP9MQc{i}oC5Q%YHYiQTBj#I(4w^{#`X);FxPkV;tHG%4>F6R92SuZA{
zP-qMZ2S=@iil=}WzmKkh;pSFL%Qx?00x5HXYDNu5#Ra-%M32jaU#rlKh-^7$mrZ?0
zGeYDmd3R<7e$ZPdfIuV9wZskD*``gcM)hp+?~@QlX5}8>eyz|VEqo@$ig29yQbmY5
zgitF0Y3p0^Q&2myN(#hNqneD=xPZcKH=Vj3;B;Zde@o1^qF7Ph-C0Vh!(M}>oo`E=l|;eT@)_%g
z@GcbX!v=9HW!O?|gqcueTW%5uVVJD)0>xPb7
zK8YvFr?&5B-!Gv|Ggwa$#VPw~-`4O791`T1SX&rOPD9o~zbmo)MIB34;Utq{PM}8~
z?I_N$e(o50@e(#~S=|Gxh3gmjI+U&h#0sxo@QnmGJDudL%M5$2%DmAW;pnIC9OBfS
zD$Xu;WVfw=6uF%&$0z3sh{RAu&j<$-Ln&BBiy11wD(&}B>|AU|`1PTHdwp8?~pH4HYdnii1lr8xb9X6*hHey9%69rb=vUh;CAMO6J|I;N@(9?KD
zEPNfPjbGdO0DYD#@1iO1aD?tX1j&W5ZhCeFX&UrErg^eC_6E-ZCEb=)(^El|MpxW(05Cj4Lx1
zadc0P%LJybxtI9Qbxujdy*s5MWai!l;(P~sw(wb4BD^dmj~Rd=kqic(?S>92cXlTD
z69F@0H0|b3_Rh;HwGBFdCp;h3x+W(n{710wu%=rRR+B5kdEjA~r3fkp_Jbyn6pO%$
ze%a|V1UGr8^@7T|*?d@`8!SRQ^K+)`Zn45B=&sSGH8TGRyuoMUY~u(}0Uq!etf(1a@B
z<45i#pYRk%Yz2;2!~1&B9sdbZ5GG^FE@K{`aDjv#m#wPkx6buRGSzCXpdzsX#V=yEvzj2T
zE?xsGg~FIHv&3Eq%k#?Sk@0fRhzqLfKUD#-Ou;N>ob0wR)GVcnp)?trvlPZr^*htz
z0U7Qw$ATHUi65sIrHv~XnuuFvE(j+BPoV0u5Wj3^xr%_I6d{DQy6T}Y5>z#>B3-hK
zB;^E2G&IdhJq&|HD$)`==eOj22xn0zS&O62WN`6#F
z&C2}sot5#hvj&Y22co8$gyLJ)x1Fqy!KNJ`Sqi~d6Sp4?1xo6=ijdI1aau>{8{$E7|0
zFG2kf%+7J^wYSip-yQRW5f}999QNF#O>xg>!an{Yd8|W)k@uSZcK568IxfTi%C=q>
z$?7if&tmWcc?+l*l{DMk_S}}eygVchMp(X=SszJ+T6_$)5moTV*ATuaEh)(@F^h+R
zI6XWSoC9~56y}AEYbVg`r;94Dq#QMP#2txXm@@yE9|Q;#_Pl(f!3xT3GW+Jlp4K8X
zE=tAW+RSnx8tk$9GwZerClqM6+L(sW
zp~99v4w^0wAoo3rGvXx{0+M338TBqcDOqV5(a1o}XyT2Qb^55dni1Isc#sI3q`vs3^-uq=$4WQBCg|$zCr_oH6>IdKoftF$rgzb~md?;Yxw>KbH
zeiNQ&H5l<-`_-vWD&B%P=#8b8Y%zDQk~e@_y^MgltDQ0W?$K6}ypFPc(&R;fp*6B1T^#5Ud3Py)9aj3!fIrbtwQEYp|k*3$3fH`{=;vZ
zj-2T((@rk1?~3oy+Pl)vw$fP~h>Zm-A$eV8l6Omo_v`7AKf>NKw3w%Ihlq8eilWC~
z65H1VZHC4{xwQQEn7pizw=Ueo+egk8WeVK)-gq-WW_aZ9VF;%4I0wr&SZ!le$+t}o6+Or5vz-KY6e?WPi&xY
z<#?S#fTfCwkk7p#Dl@GTB!1b#$>gL3cv?)p+6)8#O8D}s%XHTB%`=Qd1soYpn-r{)
z@O8K(r5}j^go(4ME=lB}Y_t|u2cz+Xjm%)l0^u0lKjg3HrN(c2mGMM(6Af<$tC4(e
z_yJ%M(Evqy-s&O^P5R6>oW3tplSYO+c2z8w#j0He0Bv;2Y(wD1Tw#!iK7r4hIRH`)
ziXwl~{!J3bto36grY2YThQNwKX{PxEIO9ao+M0J$%CAU(Gd@Dx`VLokaskdL=CS10
zc__Y=ImvvqEx@Rzu8SA?4>qjL9$kUHM427wxGr2X*aeCGWCAjx?BfP`R|I$b14IMu
zK(sFUm$N^0&Gtdd^}8SDIdFKK8@QIjeozv!lg|=!071!n`*Fy@j7?pi$b8|baNKbI
zg=1Dq>X|as28Wy$hA}!ZQaGQMo$p-NOr)$T79#{X3^zL69@^GR=Oc>H=uEm7(YJZh
z7Gu-nHuHF-P_hQ=isRHosut4)34Z6Op)3P1FeHsrc-m5xDrgz6tf;1vrC4yevX1X!
zkg@P?-%Z^;yj3tkgt1|&O6nq%MyxvsrlP9EzmFQUhSA{}Jh{m{f0^ax^#kub1F>YQ
zHnBh5y7+)0K_gUeh#02GzI-})L&?YcpmyB0bCAk<)4s?QQ;VrsT2ALYke))kP?m3c
zv8np!ld$uAM)qN8HjcL~-6c_#)NwnnE~eK}&i3-uljI-*b&8(f-csX)qvfYmS`qco
z1;rIOK@-^|amj>sk@YBIlK)u=Qi{K7e4>aWX)3LlrS+me1$`(vYH=^5cbNQ@<9;xm
z;b=e^Gx8>0I3OLhCMOs7!e$LDiY7NAbAt{A7ux8LxsXkDy`4RV5VRNjo!(l%cUeP;
zv}bHzI$wIGUo>B-f;)bi;fK=hYWM-F8Lsd27gkpW6w>60os?=}UZ%=@XA}rQ-x*0;
z^rkAlOVx(=3>-f7BA*XwZQC|I?VbDq#~KmnL~p{IL)(tw8Z^E}jcUY;KeON2s`Y}x
z{4&wz)Fu>`R?TUeGd%qnly~G;$VtoCGGFf8>Bi}@I0W`g0kpWNz>SEctloK`)5f?
z;0W)QGl&9UcvJaR=QRQ*mQ@MIW29_M^ra0&$eLPPj0|$<@+dr*IOS5BSJjQPy{g{7GnhEq|4TF%yvyrY|CBqMAe7UnS%#w@Xh(P=i{C{eLKM%W-H6KUY*YSFBw0mv~qY-yGN!_g#bM>=Fd>7WO351aZ;h2b2|Ksh&Hm@|ea
z2u26jEUGeyN=5%-bxMw==hyHe1Phj0RMlbYg(h2(xWewVrVM|FCKH~JaRs=nk
zZ?wc#s-jxpf2S
ziP$JLdY>kCA;p$s$NJ&rS$k8mze-MObh+KuC*>R4oHNx$&U8>!+KbyHFyF$5I*7cE
z-%svBQDG7V&yRdgQ!$`NW`d%EP+DaEIdLo^7H8QRWSNuOb9$?oEaFNa5k6U)+jc
zjwir*&>Y{csP{sJ6+A10Gh|AAS>TkkgP9RmrPX$gFk};r^{fv}C%)*oJJ&Hv+t7$1
z8;sAQp32~=LRR=Wt{jArnBi)o#XVGO!V2)!NZm^{N9S3{%Q|K*bUa8m!h0%nnP{MO
zYUf8>>xoN=f0MsI3yuOhO@)C(wcvk}Gd0aFYuLLeO;=$F>acvUj*MyS
znqx}*Qd`$**FR5G3Oy%=GPK|g)Wa2N6iCN5VT1_H08?NMg*LhwbELPBx}lvR;7QC3
z+e7T{SyEN=_U^bZplm!s$8Lzcv%=5Qsmi*PMo#{9#{vnf!8@0Lfu3a(m-3iLnmgGy
zl6c~Y_L#08zmMYwp0;3yu@{1n;wQ?upgJK$Lk+o5duk@&)raHa+RNm_ZBim|UJ8bq
zQ@#mR&+kJq<2k<%*G$q@lR8xuH46l$rFt;g9pcNI+a{7!DO@ws-%ZsZ*pHkcAhJjP
zy(%?w@)&8;5|DdtyD=;AWq2#yi!o_!d04WS>#$ZQ5CpPGFf%$%)Py^BFw-G`Q_3D!
zfHMU0EJiMPX-AezR2q^>C7Z!f1sV||c`
zu)sQmrlqP5vpl)B-d}m@i1cq~chtPI@{|f2&+jf?iGkEC<3kpp7xL^Czq%2mabGJ!>|dIMx*!B
zs`L?~oxl7f>mwFZr66TZnlhFWsfCl7bDkmYyg-a|XB|~*3t-2jl(T?Cc)7Dv0WXd#
zfr2G|S
zLNl#Bd3uquWxtP
zY2@0Yc*d*SB2w@;q}ZJM|aU?$$qty3LjLZARQ`gQ4M2s1?e?zG;;
ztc5i}&oirD)Uvg%V{==CUPbE$&ZT_qMPX$M=lFp+nk&w=ew!iTTn0D<)e(|_>E$GX
zgt`3uv1I=IP9&X{-Twe
zsDy5^E+XEMIUEQ?r4&MFi)@_L3l<%^M`UY+s;ix*=FXO4!s{&eVm--$v`MEu%OeDX9mGn1{V#vJUKv7mFn2NwIQW}Oy_
z>nrxyE1aaLUeo4>wxR{e#bO!j%~f#f>pwH$Kx8=bxu5%u!=g1@GCr(Xvk#_3z6*|k
zg{!F5E&yYrP)KyN$26`K(npeWi-WL&udMVfSW0w9+6>;r#CB(NMV*MJ@Cis|3Hz)T
zF<9@8;o`-fv6hBK2Wb6bcVhz`6^^a1qcsn*Y-u9gOU0kid9hK_mFzTOr{;(83XX~|
z#+%rh1|&I9!gVWiT_R2dI+A0*qXwXlgctHUYDqd0-1v;qs
z0yaeizD69uf)?L6xc}Jr#BdwMJ2B-@V`=X$ox4<__Hq?qq#;{|pGBae?)sJPwXp!5
z1x_6~H_@}nDb9>Mg|{o^zG<5ei<;)Ag#}GsnqhnHBuHdOI$DkI
z0GFwi6_tN$bd3KT#+tC|gcJ~4x_vlYKaZXcycPB#y3_rOH6V{^HEZ1oE%pSLy2i%H
z192%m$6mNljCvo{UB8y;tSyg2l
z3&v%TGVa%|#r}#H;?p$GnFC9;?JEMK$XJK`I+A7oEIn;J!tWmhz?*GJs8jJ6jtvxhEfYtH%9*d|qOl(9%=S;G|2#&r}+chhI--Qh(9LOe$
zvbtFbwtCX(Gq)c*-RX?CFLahVm&T|VvqR;OZ|-ebLg*Y@(HWl+t=~&kYOeERW5ps7
zSXzn*G*rvdjb@UB1@_$RZn*%5NDEZxa8~>U4eBXULM3tK016TV-pQ%7!F;S^v2#ky
zeNUglEvo`j(Ta-Lt0v5&JKW?;{R&TTkWlgkWyFc~>OE(P-f*ZlGVClTFG{|~ehr);
zf0;;o)p)w#z?&D1|4azj@?^7*FBU`nB#h$5&ZNe`swOh4M;H;^vvJnYVrB6(Vrp{9X&O~&2dy0#`lcKdAvMX
zpUjXS#k-4htgKPvd7yq2^Tjq=7Pl+LZTx}G(`n@E4y}*U?5lf(H8Gln{9M5W
zPOl2(WjJI{Iao$wleH}@RfNr=4+HVi*(u1mMAB_s>M~$)lE;61Cu19rn+i;@0MncZ
zQLT$7;>HYls1S?KnSbW4nlZc#2`p4@`=Cn$IYT|N=|p%(FAzMb#d7sE6*H_VDhT~V
z@;@QGNLi)E^-HJ<&1Oo47O*NeEJ~DoNWJd*h4sxoxnCGXTUlK_8)7Cge$s@OyO*Sy
zgmuL+m%?kZdR)Bl`NllSy8S*S(nvM@b{S;l@^X1WR1=Mty$cT)mby%5XOLat^7A
z9P#!k-hg@43E#^bv{B}n=|Dwb5MLM6NV|tyeSZj`f=EuSuNYNG6&#?H_eAAPCC1D_
zC}uMT_4s6J?KX+urZ*!c%@FOZ9A`CEB{t2G7w3t`qN^_ARioZd%24}UmblxVmZ}@I
zep&g5{AS{X#UYBiFO+{IQ?y(5f377Ym^?-6Bs5cB4&JE!##FXdlr-M?1zr{UO_Iqx
z9<%e}K+MYbw5X})A|H*9(;PtmgsLu`zJR1KfFk-CL#;UCg;Ns!C2r2@m(S6v@{)ga
zR5w9+ekbKfwp2K>L_(q@3zfxvi5|!^F+Dn31QlL@_I0>}6F~jjOXUDfO2!ZgdL>Rs
z#`BW;Eec8Q>~3ejPTqZaq(hsoi^^2BxIu;``kvXufie!_=T0$OkcT{oK>Vf63C=Yn
zcWa+;{fk@~XoPC2ojdy76{$s8g3jEuCo9PWiLqN}*3Ekkvx9Dm-Ga&$g}5GpGyLKr
z@|R?WL@~Rf>^W~j8=n_vUpNwrpGFLt`yR|Rp*
zm^Rx28M59Cj#T+S*Lxz8G_f1ICr#o6#MRoyc@kPf>1NsQP}&
z9{^6Zf-Xq|1U&VRZLUZpm_!CJ`p7&dmC9S2$8fQb(EesMzk>Cxb@|Qu_Lu%3Rz8#E
zQY0$s8!b^*XstNcHv|dv5G6%tU9>06>?&au^=n9rHb>gXiT-#p8eU84*=_0*Nf?jw
z@MT$VMfk{&Y2Pf+m(QeV#5-Z9soV%*qtu)UAx?P7Rg}vI$hbsGsq39vIAtYE0==sqyT@6vDqeMe%bkBxvFw-2
z*i-5S9D{B)@FQZk!`AwAf;1VZgnlP_KS-2R)-!
zXrnglHa1we*AFywd@^8Nr1g{f
zsB~XdoY)eWe^?W=a#RFHBBTW2%fBV?K>p28Djna9yLdW!{YfCJ7mW+E!l5voq<9Bz
zRW}zK$3Fx!(pskSNQF#de3fT7d&@Wv6|v#%jF?_hW4r08uY{;2*-1f#XL;^0HBUo3
zMA<>-`m61twOX7K(!s#t2_mpi6su#6)rv(vRgmsro{1t`VqBT6)CisjGbN+V7<8F<
z5^0Amm=Yc9$PubR6Eo95Dnhh9+P*RkE>%_^1@W>m-%3H;61yACx-tp+o}G
z!%|aK?oihfv0owZl^Gl!8tv2iz-J~XXr@aP6#!9I7w~rpSFd=Epd~5>GFcl9ujIr(
z&E_I_Zvu@aTYFa!Szoa
zD0#!tMpsk8YwKFr5*CIqdqLlwB7c%qo}%O$N;oe`fqA4IK0j3sN(UxM5{13HHe(nj
zyS=?vvd9NuGN3AFVC}_~I{&RJftx{~A@c{Q@p*r_d+Ciqs*gmbOc7@@Y!1Qq9jKF`
zF2BS9O^9w-8LTQ~zCQlhUVW)v$VCxP9b7!c~yezV1
z%+kr;*h(L!qvCF}oX857I9sKP8*;(JdtjJzkiFJLvn5QNOj<8F(dES=Py>;-en)V~{;2J#~}%UxJE_+Mf!p*pE*A
zHaO(6mU5yaD)pS06DuFAq2~p7rmMDvd5r2Vv?7_esS?^HKu@l_EH$q`i;xHQZ~97g
zg!iY4e>gJ&%SIcA!BZ>g;66?47u#xJwwO9|@04QV5(zgg!ms3n)OAmIae-BLR~Q#x
zPsJk(WexEbk?JUwrqaZt+gTiNJbg!JJC;#(s~5z8z+88suf81YP`GK8dZnaqBR_BH
z6d{(Rd1LpU?~qADhFW0Lv%{MzYqFjyygFV+pMHHhc$Vx`L2ND`&^@axM!{yqU#o62
z2i?|GG0d>X`&%`gN_-DTRnkQ8MOdYkebl@VWn89SQi1jC!K|m^*br9%PU#!Gu{gHG
zk>YqTl}pfYIUWocCYAVB0G9qKu+sX3HqtI3d!}52zt(2_;%*n`94uZf-+&ugxH}Hh
z6rUiz?$jYZN9;~w>#7MzhK7-_E&|Z@c8YzI|A_F6yE{cnkYgePRq1k1No!`^9R#!8
znkX9NWY$z>c?jpHKic8wptOIeZVs;%*YM5ny7wT{;4tw&DrICbU6qb@izZ^ch9U@;
zQ34$*BY7)x6U>%m1Kh+-s)D2(sNcZQY;(yr&Wg!D8R?royuU=MMeW1lf-_0G8*?c$
zDltRTNg9f>fNXlDh%bu)FRn1&P>mjl^jz7+0_getaMr!cW$U<6rXWi$rYQ;8)eB!P
zgf%4Zi|7V5#YjH7wBDuD8+$R0aI-quB{%_
zUG1rIS``IcyHvq8ltlv!_rd2S(@6hXT}UAQ8q9F+0$gnUzSL@PyHLQyTHLHy4v)9o
zjQ7OWq?+TjksMztnNUA$o)pFiEK@S8B!{z>fp=q}62E9}Gp#`yg&C45tf>6WO$Xsp
z4%lOWE2e(jSIze$g_#**9#?d87T?Iq=6uJ8CWXn2%jQcsoryzIXD3kncGe)tGUJ@q
zlHwxm@_?xWYuC1h6G%oY7|ol?GQ?8OTu&iSOr9OS!@cfSw}W8MSCAgOCF1S6*;XFR#R%7jLfNpUj8OOIR;
zh%OTY(@vt~;KWa&sg$XG0X{&W6Bi@!1F9(K56d1$f~gr5^JPdd4b)^mGG`=VinKgt
z0!;)gzz`zcqWXEYm;ua)lbcnFkKxEziN1=aqsq+O_N4<28?1uiT@^QFZRazgP1sd!?++S=(BLJt_(>M~&
zo-S;-CNhD<4)Hy#+8Lm^wD(16@aw}czA6bbWsD}Kak%a6I|^+#XFqw^ln-}^E1N~^
zZMfI(t!KshhoeNu)-?Nro(VG(RZ-LgLtGAf(Ek0Xt;n|C=x?&a)MIbaccfiG=2A`>
zVLP_7kq+=6wzA&uj{CWYUWl}-;+^ZPgW32)N%KD_m14z2&;b-sW#AE!XR#u)`BkOU
z4h|(Mb|j2SngiCBMe7t7wwUogZWI9zqO&R$H1mm@9G=44ZALe-HL<0otBqV3%m=na
zJb(oy9*XMZFsE|vqPz)(pPFtB(v209c3dDjIoXy2id3zi9BKKaBP?{z!Y-6K+$Gz5
zk&^!{@_ucwIU!8=9yqv9QQ2Q$prn#yE;U27nX^s>_3>Sasxs&<5#oW{N3DSRD=nTp
z-wq%j3UIZESEPo8Yv2VKOTpV4U2gI9Lj4F#%|#TYNOV*v-E6EdqF@^JZRcPB6(lCs
zXOWMuf-qJkAo;PDx^yq?-=&@xj`3sgH+9=c)Ut!fC`x
zouyUEP72U)&EcaXr1IMjXH%FIk{--
zoaZpBQ&M>+nd(JUT>-V{Q?b-n;s
zz>cA+DV*;}oKaOYFk__o6JzFDoe2QB%%&=4+sc#xrp}6+XbI%~-K=~u|5G8*>_kP?
zJyjko4$0Mpb0VPR5wYL#s!+=TOQUf7y{Cs42fg-agnw@#VcT2!qO8Cc6FS%B}qz`NI-$QKp8^&8|X>TO$k^+C8m%J}9Fx|6^Mj{4ZBk
zg3rMbYB|+iMW7iVIYea>hmkUNonxbmW8|?B;m{>-&H_{`e&BrrrOc46=X&OzH-qsi
zh5nG*o2%KiyLK}FG!>y;xi^C
zYG_L%)`xk5aIF`KmQ4G_Mkh8+8i+)q!2@_uBGHV&pp>X+cLC~Wc|!bWoxbZ(@|(7u
z=_OOlpW`jS>5C3a$C;)YpK!}V|X?#5G57^@Fu9=$nwY^uujhsCt_udx6_`l-%&B;EHr!a;GiQIkRY$x{0=1?~1K4|T|
zLadLa07W@i++dp?H7K%;zo6DJyTm06Py~zrd=?p=XLl-r{0k9lfo|X49bI@7EJH07
z!2&uq&xcOpFbzl7pevc0INSQEbLry5t+?Je>zx+u&4R9%&5C}fv1<$iM75f_1wyR_W)m$J9B53
zhYLHD!D163Gi*VR@m-T*IqEPlC)44_K*9MRnkfJb(Zj_lN*!O_3p*-awSJg
zqZy7X9SVe(N$2_gB6AB~$fP)}dNzCot$$C$?CYpltsn`xG`DibBf4e2ej5QID|&(s
zuwKaRqiMYd>+9T6z_l3oYH2YbEZErgl!P7xAPvUHMx*YvyHM(Ea9Zj)T*uY(8hHd9
zr-e|vswx$SGKvGd(?gX71dY-$CC~ZlpiiD6gi!Vd;BkZ1f%Q2*m}N0}bxRuYnlKcG
z;U?(imXqs(VTk{`>Xk4rS}{8!CLG&s4nfLrgmo;{>Hg-$3EAFw>bcxk5Ehb@jipqp
zMM0Kg5K$cSweH3`B+?dy%Y}7{MB414U($*~*^QYXftgt_2+qG3+DRQ-X47GGMrYF&
zM2lJOPp+tVl`|Zvz>w3I_=Mkjt8e)=>KXzqYdqYZETHnp@>ah$=&qlnX3}Gx`02co
zn>je$vA*z~Nx)@r?L4-%m%N0%z1AHcUmL8i@Vn7NCRM3ci{&^WJ8Xds#>^i#`^+oB
zGml3sz)Y2J%`sbx5&=!cJI|bEwV=^-;zSn1m*bj4jB5%ofw~b0YNpejW3^#avnYdn
zM5zm>n(viq?c0I~heCtomB>5l$Y6TF2v*)96
zS@TrMwCDBoK3Js
z+k5l1o1b~hc+{g0xfvFJ)ZtS-vX)ra5p(dW$LYJ~%my=kV=tR+$K3g=uF%T#%%AnH5tS*
zjJq>f?S{u^8!x#Rl)bU??F`JZY8ymn)pxq#x?y
zMqcE^G=FoN%+&Sjb4
zUtaf0tu(i3fuo#2kVNQ0ucmC*m3_inN#mJ`(K)zAqP-B`KfWw(7v)=KH5@&v${X{o
za^u_MN-f`pCb23C&N48X&H~at+>yWr$1BYNc&U?2PW~jPeTjtzBboGA`kyNcy$r$<
zFt5lUYD4ERU##*<$ZVS2i(zCa#n4w8MbL0pfPJi-n}}K>lqwgB#X(jQDSJ-SD6XSy
z_nMtGKcc;z3)p_9b|vi?TSj;oPDS7fb;!5R
z0Tz)7PacVHICj@*^HU7iQGt~~;ci4#q6A=`FDMkaaMy4=5$;s0V3yoZc{|E3Bv3W#~(tVI)wWds6=Ld&v@)_It)={EcG=Hd-S>7%X;2=*!%*O
ztrtU!qPcs6F(nevrZ4_tZC2)*`vRoemEArYN^pQG|4j1sbSuIVaDJOubUD`Hq@v*s
znBcs$--~0IZBchU9G8fu^+kJ1*3{o#bXU=sTovNkB$&9L#1We2KABiXsUHIdHjoIHu0v2WM$$u_fTIlwA{VllXISNV8P`ABbcTGc!v~f4IpUfySA7<3gNk{qqSce-V2+R8y7J{
zbm)k%zlQf@Z37QS&Qgh8J~jW0gGTt;5AtE?Bni;88%-9Nj<_BBJhyD{Z_L
zG($gUusPc(d-;5Po}e4h>$bM~BXq%H)VuaR%g!-ROr(4V
zQsfhh?+e4>dUt(mt-Ii}iL(>S*qC`b6;(|>Yu#;R_|~_PS7do|B;!-(JUlkX+ng;p
z-I`18^!ddo4bR~zBW8D?MxllWy}?XjhJ-BvI~ffwu1)UhjxG+w=#!VkZgJ*^S)eoh
zoWVV_@HJM}Xro~JMf_808I(hrH|^O$)QhVoZGi%QGKd3iAgUz9W|l{1Uc`GG(8}HM
zMeY!n;-a6#__K_fS>BYi#BlFOwM1U$q};`l@0$6d28!>?T##T*fI+nDrbcVxjaXNA
zff~wvYgp2}7-B-pc8|eh$Z=|B^810b)nnUycpazD@gzHa*nI)7Z6pyn&IbSE^V`_#
zThz=ve%41WB<~{QGVVS7Si2rdhGY^ZzpxF$z3~bMvRDJ44HrA`;eyFhPrTPpjDu|!naDBLG
zVIFuh;Jt$t!8Fk7omD~ED-k`~eBgn>X!^Zz^<0pr2i=N}M67)o4dgCuj}h2JnGTFX
zQ3cUbz%oeGOTqYc5i3kJvp5A0V$RbAFU6VyTB@(R|HavN5lTFG0fIc06gx&~BeY3m
z=_C>y8U>}W`2l-*!_wU62@4~qlGwG(r3_u7_>3#v(MmN3?QNK5lrFh@d!s)Z^iGp!
z$USpXFq&^axhcV}n~4oX;J896b#P(q<4PQk_muim=9BNTvj9buT1sYXot(GO%aU!5
zoUAK}QYzQ%kj8>7*;!{D1C=7Ix7k{M9cV?A@k(P6@nCcQCSC@W7|2mPP)0XfJWV2W
zA__lDjn~iSEW!)tl1zYYloz&B{Sm@Ht(j$=Z#sQIo#uR+OylN&0yr?K8?P0M+#Sz=
zvj76uZZhZwOW?pfO6qTN*5h%06|g+cZk#15fS|`#ov;Ayl28(i<{aiwayZs?;a-v9
z3qw)q=^(j@EA(G$lAatE&AU^p=ACtYgm8{Ef&y4f+_Q%H2%~N_)u--MX#|A`hL}c;
z^TMGD#H?p3nqdA9UxkmmeJ*5-xfQ>_%T0=3z${SSDSpAFvY)u7Of)cF>Y-y|1X*A@
z;v33-bp?L1XzWo9`(b($i~U&>i+f!fzOT=cUb)g&S6AJNG}`N_{&p#S?p
zrH^~1jPF#+AA0}u!+PEOl-hNJ#PuK4>%QWrezd!o7<$F(3`YNU2^Q^p0uABUh(6=f5
zd!^y^+j{-wir2sE59GdA-YN8@N^gCajKlk1e6Rfdr$uUmM(+|RDNGjaWw
z>UCF@+I54(^*{Czx$oPQ{;tyBQyR|agFhzMKl-nQzF6r?l)gjhkNu5&9)5q%$K~(u
zFsj#oLTPyY{r^&~A1l2>?>kD||BZhu*Ps2Q&~H`xYNg@*U-7@>y3hYtp$}I2#Y>
zeS^~Q`@f~%|JP5;_sg!oO|N@}(sjM>^AqE9?l^2GT4FTG6O^B*53pBsJP!)0vr;W{>YmyYjNdPV6~rN11|Ki9F*`+lX|
z|9(mjC_Sk3sY;)w^m_yP!#XzlvpW7crN6KA50rjV>8F%_@mI<3KSb#vrH7S%qtb6u
z`t3^ZRr+qFf24GIkKFIP($D>B8Q)*&W0c;gbV=zcr30mxls-@C^OgQ*rLR%?drIG~
z^e+Q?@DcL+MxU(XrzriafIi@na{U99z9OKX*0Iqqdz4&n^pK7ZE8Pm{r*v%e>%K<5
ze^lw~0{S5xe^}{rZjkGZzEa0V-=pLAD*fEAmFtb})A4?#KN8T_>e%SLkCyKn{ZSpi
zLh0gT0sS93{&S_DbCcZf
zK1!db^!ZAETj|@B{)N(yDShPQe%SQEpk7j107#d`rLqiNXJG$spC&6eb8RH-xn&qMd@Cp|0$sF(D6H!{%@rV
zExFHw1KQK^iqcmF^tW~VHl+_;l>0nP>2m}6MjijE(!W;vH%dPf&@=nwerJ`wOX(jf
zea(LP-01ss{C=fJ4#?+5@6_>WrQaFQH|yBwA0L$O8$GLX%;*oP{4)BWBXa#0D%}d`
zTXbyn<2wF?(#PK_-@i@iH!FRH(qB^gdZl~5POdll^*TPM^t+WlTj>u4^y51Igwl&g
z<$h~QZ-2aujeduYpQZGNZj;ZAKKKbTHu^M`*GAv1<3CdR$YXN7(Ip+9Qu<>`e_ZKD
zlzvp{-`+0Y|2w5mJT7CS9UXs*(xK8VrQf0SSxWy>>0c>bI3f2l`d}R!eWH$yp3(7H
zrO#9Pe5K#gmirm~P91-j(mx95{ZGpEMsLuu(Gxm0`V<`-{T>}ZN9ijA`Y$^Ew9+$A
zlHWV4bf|Po>8}R#<~!tiqtDi{(Vx=sE0uoRDY@S0+jMO7);r~Mqj#N_vC*-PjsB>P
zU!io*U2?tA*XY>jn{;gSVRy^*Mqi@imn!|0fIjq$Ua$02Kz~ffKd$tB0sU(o|BccY
zot66;z3%Jz4fW`xzX3^_;pI(8_*+9)9aP41@zZ-{AQ*96wn8JgM9yiN`Ee(
zk9@j({wSpfzfs0UPwCj`$G=HF|Af-d1oUCwET0>_S;t1(&ydegDt)2S7b*R@fWBGB
zM*mR9M*q8xjsBC4jsAy@{NCp&T?*(}$3}lz$FEZQrhs1i7P;RumA*ZopVG0>FX+nk
zM!!zSN0mN3px1P4^kq7JxzaZT^nE&hztV^H^<$gv#sAHoKS(DF=?$fc+zK)Gv)3MQ?
z(ebO5{+iM^DgB~>+~4RUb!_xobZqpNOLD!@m+RQ*YjkY%o$GSF(SOsi(VI8qbECaY
z85{k8j*b3{jz6vR@KCNd`Xn9Sq4duJy1pgX8-1mYjsB*NjsBC4jXvNW`M%LZIyU;_
zIyU-?IyU;=v3%d?eI_zCdQitkFK^4|Mn9@!qX%~6^MgvC6VP|+*yyKqZ1mPE@_nNd
z9UFa)j*Y%t$438D#~)PsC0FHsM$hTk=rtW1{b?P)O6j`;`bixd{rqckf1{7pvC(5X
zHu}Rl{t=~bRQjt*|5rd?{7kvO(T9DjjE&x{W24`qW24`#<7X@V0i{2v^w*TWN$Kwg
z^j~!RX{8VUHu?RpRQfojH!FQ|K)*xBMt?xZKdAKm0ln|H%l+@C^rnD*zm8w5^vwbN
zppK3HhkNCIM!!+VMt@evKd1EX1N!CPA>TLpGdg~?(q9hfU+DN_N+0kn`Thfye!0@G
zP7sepfA(0(XaU~x&8*FcLekqIySncW24`tW25iX
zvC%)%vC+@|Zuvc?-$41|zW229FzFx2NP(YV-Z1nXyHu`BD8-2hFe%Q&$Cs48MCnVF{zO23NykRttz)B~)bXd39{hg!eWQ2l*yx6ijlMv~M*mdD
zMj!iPx!+AnM*)4dj*Y%i$41|!W25(ZiQLcVjXE}ZyN-=^b!>F3W23LuvC%i{*yum#
z*yxwPRDS;}l-?B3r|a10%XIv5rLPI-n{;gSojNx9F&!KIjE;?d;Sb337`<1=M*l{~
zM$i19TyONZb!_y}|F?W@^c6Zb`sX?}y7!0VdZV}N*yt4<8-1aUjlNaKMn9lqqmO@?
z+~4Rg>G<_Z|4HdTEB%_6%k`mu?aU9$-~W@+%^#8R&nOMAfBH}B=Sm;;DjDCcG`#-M
z8|Cw7EB!mAH~gynJ-q&Veog-V)Hexz!LJK_htlx+FVVkWQu=pF_q;iN|2OI1AMhLU
z`H%iLq3=~1-v4I3?pu}Gbq{(={Qj@i>;6rtU3W*~`j-Cgy-Mx6XC|&+c&q>}nUt
zn=*drZ^fTyq}Tn1QoHVa;`)Ek>z=6hwd-D(xPC{k`%R^G-ESnWU;b@*&L3C$jks1h|6Be0t?!V}&nbPj((w7e`JHmzYm~lK
z=|3tBumAQxmh0cH^b6i2<0mQ&um2JK`^S|YdY@dsr8K<$CGVBb|5@ov^tzu-T>p^w
z%k^EQkNAL$zfoy;|9{ZGKk-lHx}nmaP#RwUY5n_?J}B3p`jF7?RvKRa5&iqkAC~LB
zS?TvH4X>{rmL#n<`%a(7%`at|>k9k1~F)
z((wL&{8{(qKRy4mh5nS%*D4LK|FO@J>u$P_UVmSqZ&4av|8c$UWx;j#y`Ow9y#5B2
zvu8g~J~w)gj?3av?7DB&>y5rz$41|y(HSNgR|AFcFBO7BoQ3g}C8{8FX&d63-C=sq2X@gn>6@5@ThD;+DH
zD1Ajhe^wYqzzp3Nj
zQu?WYKJ1I+`HbGKW20+2Hu^jrTO5nUt=QlHqkeAmArF@O8@)ltMt@kxKce(KO5dyW
zpOpTy(tTen_uH@ZHv;-@9UDFM5V_vyH|f~udvyF>rT-YvhyP#leWNFJY;>Yyqc7F5
z(bwtN=(~0NM@l~v(69Ou`Mo_#pP=-KN(V|WDgA+f{MN-gds74Pz9z3w4jF5fqLO2vRr393DE+TW-=Oph_Q>Z(@7A%=k&cai
zuZ}Hl$l`>ITD;K036ZB3w_w!b7M`p3c}+lnPseXp`X@?1p!6@5{*}_@ua@UOuk=zt
zKcHiypVG0>`#nOwZ*-vJOG=*=(7)5M(Va)i_l>?($3{P@W25(Zlw5DLt>cqQKkIAc
z^Uqd#E}$zqHu~*1$o2OsJ^!^bHv0QI{sX0dAJDIQv|PVO>8XIe_%ZUi(bwwubxJ>~
z)Ydf>k7C#Tqh4?HD{qwh8-2cxjlNFDM&GC7FkbHc`u7JtR_zV(n&zSTgT5<`s+&H
ztn?29`WYP?{lZ)1_l*9$j*Y%c$3{P**ZrAZZ}gKoHhSL!@_R-fs^f<#{f2=4
zXC1#r=^qF5<2wF?()%5h`y2gv9UJ|Oj*Z@ZNUk^fTRJwn=dgTk^fnzE{U#k7{fb-V
zdZRados5kh)v?ik(ebC1o;)ho8~x-HWNh^IC;orjeFvOX#TEBMP_YCnSP(@)G#1>q
zu&~%dd&tt+T@_1wEV~a_*v9VC>;-#6WA7q1M8%GpXe=?tipHq18yl9WvBwzw&YAQ7
z-*@l4`?jI^zTfwLiNpQxxo751IdkUBnKSmxbhlyl%ybN%nO=kErATl0(%10J^iw=D
zO$;~wOgF_d({u2AF4C)!vR}|2WeM=RymZ?U#-C{co|ztoXQt=jnd$9#X8Hl1eg7Te
zeMee;Oq=n{bmo5ccc%04%=AV)GyN-`UqJefmv$d*{Fwd*&rB!dndw=0X8H!6nQmTU
z{FwH^b6=!A$JyVR?v7`sv+&IHoQX!y^cp-bMf#DKrY9NwRHVltJsxS}WcxeQ2k^{v
zvr_x}=19kS=~6s1y&KO=yOr7dOpEdC`w#j43ZxqYdZuUM`7ET5d+FDB{s!rK<(B{Y
zNPBzf+56ky7bCsSOCQBE(^v4!^gBE=?QwwdW4be*nNGtq(+lx@5z=K|T5+K9n}&3m
zm##a-{@xYo0HgzvzTu_2A7u3Xk=A+X28Y<+H$+;F)c02*J_~#&rGM|ndt*~X1W^B
zOgEZp{Fsi#^EjkUUV0LqnLdGMrXS<^6Qr+I7=NZaPqSyHHF#!v4W60)fM=%ND(!uy
z)A7u7F`k*eh-aodRN4DXN8_34v3U0V?}*=mzcYOo&rAz4#-C{h&(o2finKNVqt^T_
zP6MCIy!0_VGyM+FOb?xI%8>7I^)lD(|UVmIt|ZEpTaZKVGTylv<%PXNRRf?k~v1tbSa*huEI0Zukg%ty+(VV
z>0~@Jy${b!pTaZKO`Gt2NEaeK9O*?~`ZS)IevIc&kalS{eoTAdndupLW}2F7^h^)L
z^Aw~@z4T!`GyNFPpCB!qXZ)Cs!86m-@XYj8JTu*LzP-2fdK_Hg?<)4lP`bON54K89zeui}~Mu16R@
zrZe%(^jbVKy${b!U&b@jAMwnz=1Aku^f){pkMvtF?S7Qe_dvRDNeiJl&ps`o5`Bw{r$!(EWI6chhAmRKK)go
zzZ~?hfj*Uoe&frHPci7%0bS2L^j)tu`bU>o`WK{UTw~8qBHd-FJ^SU`*?Ye=`YS=d
z7xJk=dLB}r|D5YA-v^PthV*r$KK;;JjeflqmY#iwrEeki>FYrE_3cLYBj|3p)1H0$
zk3jz+=ywL)IeF+0zRmb70(~jyX5^tSzsuX)zo6Gq4PTcf`g^v6DF@7;#<
zRir-u6_EQsy=U~T`7gBQk3c@%-#30tcf~W)eele*4$n-l#Pd~1Uqbpa(tSTL{!BA?
zW_k{u&qexIq%R=tyxQJx%^!kvn}MF`csx%)T9357{tFFw?;NDNY;WtY5~O30RwJE-
z^i-s$A-xglhe#Pm!}mv^UjXA-FyE!fzqS2i-@f77Ps!(9@MGHbL#uD5z3}YsUvCTi
zBrkmo&whLce?N+JpMk!;``e%6z50)=yi9M!^9rPYLi!leoj*2ursMEDs=MLzL-@Jl
zT`*2XTjNu(T=P&qrf=f;Eu=ppZSVeaYx|MD{mi$AwYJ~Ma_#?#)$0LBZ}HMk@yxXJ
zpGM!>{^pwQXEL9&k>6sZi$1sfnO=+M>yWNQ`hPqAL3`sDu-u=b{7g6emwhkOUGU6w
zZ#*-djprJqry=$C7ybPtf4_1CfxzEIu`%27b
z74l=6`oikNw-@{N;nwWI|G%AI|6iX^ABA?vcQIDT_>94-D@xgRgJToo9b8GhYHMK|ozjmH;48FS>=`5s+ymSeknf?*a
zOy9us&uyRmrO)@V-2X)Rnf`=lroFzh{=;-HJX0=HPxbAiYkHoI`HV+?Ow)Mw_YZyh
zWNYWk{PST`!S`#V-yq%bYx{nGeb?%9=R~K(4Qu6+bxy36csv&GocKHz?~+*DKaS7Z
ziQ+%S;p-%>n~}??b7I{@adRBrHL>N~IDEatDaXd)>r1A&K{GoiHc0f2#Wze$8XHId
ztHk11yjx<$1#$EnC3cQ!jLwOTr9A88R7B^*CW)!N;_yuqi$}!an&j>ET3+>naHdnW!Ei*J)tb_F^odgZ~l
z&4X{32k)H+-#!n%Lk`|akS>XT{p9~)Ljl%GEO_BDWoD1y?>(Jw6K^eQtlaNbtDw-{9!8{ge4V0=yIYE%BFuujS$I39jW~
zkk(x>EZ343J4yfV0(vuXBoe;{-qpkRa(K_gqv$83A1}D_|IH;f?oyJU{_27M?ncAE
zH8^n=@T=B04u?QS>gz4lL%{|%zT|cHV?882ob^!X;s2Ev^?Qc`myzRs-K0JgKNfgb
z;JXQ~-^Ig4Ujv^EyeAItK8*q$1AO%*_Fa{rUj}^arH1ze{v_~w*0%~60{lbZp97x)
zd|jy@Ezjr;jD8>BI|4ru_`$$O0RI+;xTXU?1o)evC;!ud58lxDiv)2$ZN8S;rJ+ZB
zyUg)$wo9Xj--~={^z4ItHP*L&?_XgIy&U*Az#ERSauxz-e{KeU_RlTlAIfJ5=ylxc
zZz%B9z#9xs%mQ9@y79jU_=&)Ko?-ZjmL!$|f8tyN(!k#VKK)_?x96*n8c
z1#o>&@w$f%|IVs4aV_v0Up4$d`F{Orw~K3+&E>sLiA@tVG4oLz{SGdl-1)A^@yVSp
zh67&#Il%F9nBZ$Aa_8A9hv&}wvmBq?d94ZjS9DZ;HUeibvtrMI{g+DzkRQwQ
z1n3!TjWcD>^^8A*gzXPLhXQACD37-eNKaTm8@nJCC
z8sNtR=b=Q_|Kq?JM0Yai*As<9%frKvy8u5JID<*d1O7B{I!UnqY`T&0VQ|R<$OkwN
zEo=|`4&V$1I|}vxo#5Iompo|w=UL!$H#YtZiqoBZfHSBozjvKYjGl)F*xwcjuKdsF
zWc-=$$G~s7-rAS**SgXuN?&lJ;U^*Aoq-?yo(a6OAScTO*ZO48Q`W=9z!{8#{oyX)
zG*T9Vf3MAq4-duiyQT}S`0O#Q(%8hTpXXQ=CXC~--_Ax#*da^tx0B2BI
zsTTKp1~{Eq$^XB=d3g62&=>bL{yc0Z;@AC-0?uG(vw`0uxYonY%dOuo1-`+K#)r
  • GXiQ
zlP@hldsxP3k)#Y@C
z`a(LOzK9-O<>g;K)QIz+x`OUi|B~)fUqZL3E9n+>72T-*6ol&(-;MwhDP!=PyY
z>fg`>>fh42>fh1X>S{VeeK{RaUqO%dc=@lP2h_E6ulh>5OI=5|sprxy>M-4?zKX6@
zUrkr2>*-Q;gf3EFLl>wU=v?)+bhbK5XQ+Qq2h`Wmqbt4q&!Y#_jdZX2db&$}1Kp;+
zk#12p(T(bx=vwv7bcK38U8?>AU8MdaU7)^&&Q;$^XRDj(4E1evKz%zs+U@0k0X?8@
zp?lSTqPx_8rrXqa&@JkPbffxCx>kJ`U7=n?m#Xiki`4hf1?qe0T=ji)wz`$hP~T4n
z)DO_3E4=(KrU%q*bg%kBx=Z~K-KKt+Zc(?>jp|3}TJ@uJg?b5Hs{RXIq<)MpP(M!R
zs-K{<)g5$(dMO=HKS_@+_wwIK52(B7UiC7%OTC<}?x8ExtLReo
zQ*@E~X}UoDS2|byH#%Frn$A%FoerpBy{XE^G?xP#k
z|DbEtFVGe0wREZapLCJ>MY=%!FFIHK5}mE?r!&+q(*gA>^k|ot|8?|$dVua#ze;zh
zU!&X9uhT8+LAp`>Z@O0f23?_!(WUAkx=8&dU7#MObJcIr+3FEGL;W@#P`^Wuc6#|=
zPY0b2)x=Z~o-KKtzZc)EaH>y9NYt0Gt^a3;q8YWX2qT>q%$2dyyvRm%?>VEnt(%l}k*K%GJNs&}Bf
z)H~8`>YeBobtc`Y{u*7Y{yJTuo<^6dzd;wNO&XRGCh#gTut{NNw*
zua*y5BmW&<{^f&;82_rX>0b42beCFwNEG9LwfxW~>R&BC9F6h6`a5*3dJnonEgxvd
z^`ClAx=1ZQREhkn_oj2z`_S3y96Ce2FC9?tM~^
zd-K9cTI%LiYPfA!IHi#kX*s((P&s((mVs6%wA`WU)M{Uf?SEkEdp
z>tFS8bhcVP)QtA8KAsM!e@u@)=H-7jJ)kb4d(|h#{+6S_rROgF0K2aD1F
zspSWCaQ{nvGF__v8C|6QIbEPWh0ax%4QlCc`sO5(eQ2*)+=xlX4ouQTw{G$I;
zUqp{C@$xS}5QO7jT|xJ%Z|Bl_0@ER
zx}GjoN9ZE;HFSZxfzDN5OJ}R2bcXu(bU=L_J^F~3|9SL)x{>ZxUr%?bZ=l=MH_|QY
zCc0656J4vmnXXXJr%Tm;po`Rhqzlxy(7Ebc>1=f~ouR&s4ybRZN87#pFQ5n1Ep)H?
zPjr|1&vcvm4!T9XkZx4pN!P0HqAS#k=u-9FbdmZVxh;~e7|
z##zRh#%ac>#^ZRUC!zk0M~nxJ`;GgIR~vU5cNn)Dw;C@rZZ>W*jv9xJtBtFS%ZeZulX28IY+P+zWn6AtW?W)iY+Ps@
zG|o59GtM!dVVq^0X`E)9YCMitf)ncBc*J
z4&!#?R^x@n&Bjf}QRA?2wQ-ekxpA3siE*)Up>fbS-#E`W$9RTumT{(WnsKV}IHn9F
z)W7kF@t|?Pai8&O<8I>)<96d#s#g~rXsO~z54&!#?R^x@n&Bjf}QRA?2wQ-ekxpA3siE*)Up>fbS-#E`W$9RTumT{(W
znsKV}IHnvX)W7kF@t|?Pai8&O<8I>)<96d#s#g~rXsO~z5<
zuyM64&!#?R^x@n&Bjf}QRA?2wQ-ekxpA3siE*)Up>fbS-#E`W
z$9RTumT{(WnsKV}I6hgBQ2)jw#)HQF#(l=Cjk}FIjN6S{jTag>8#ft8jl;&(##P4U
z#%0DO#>K{k#zEtJ<2>UW;~BBB7aJEE2aWTM^Ne$hXBcN0XBwv&ry7srlO_rEZ#-f=
zXxwkyXS~|D+qlEH-MH0wp>eZulX28IY+P+zWn6AtW?W)iY+Ps@G|o59GtM!dVVq^0
zX`E)9YCMil+$7Y$@rd!Daldh&@oM94;|}9?<5uH^#?8h}#!=(2akX)kak+7safxxU
zaiMY0INvzWILCN~ah7qWahh?e@i;ztlu-Z1BgTWq{lkCC0_Zg~mbSeB(Uh9OD_rS;m>hX~wC>IBZ;PTxDEtTxMKiTx?uu95l{1
z&NI$2o?)D2oN1h9oN7G&u&ICJ5#vGQe&asl)yCb%9meg(t;P$Dn~j@{qsC$5YU3*7
za^o`N660dyLgS!uzHy#$j`0lREaOb$G~-m`@rO+P8;=+d8uuIb8Lu|(HtsNPH*Pgv
zXxwbvWE?dP8&?}w8J8QE8J8Fr8y6Y}jq{E3jB|`<7-t!08mAej8jn9{>fd<8c+j}t
zxX*aCakp`Yal3J=@j~Nf<0j*%aoD)pxXQTPxXif3xY)SRIB1-2oM)V4Ji|E4IMX=I
zIMsN(&D6i~i1DCtzj2@OYU6I>4&!#?R^x@n&Bjf}QRA?2wQ-ekxpA3siE*)Up>fbS
z-#E`W$9RTumT{(WnsKV}_+nH4#v{gq#{I^9#;c9HjXR9nja!Wu8aEp^8Apx7#?{7E
z#^uIk#wEtZ#)ZZ~<9y>h;~e7|##zRh#%ac>#^Vo|`Zpdi9yIPZ?lWF(+-=-p+-}@z
zywJGWxXCzb95${tt}-q+E;BAME;cSS4jShh=Nac1&oIt1&NNOlPBk9C-_*b7P&7Y)
zu%T$`$5<3PbgVKn)R4Nd9)E{BE4Q9lm%eLF3jVj;{TJbTC15n~Y58Z*jiJc;P}kc>
zgu2Ey3k6n&dN)??gb4cF2)3G7cQ&s(z3tyk-{s?){3dLhQnhz+s4oA_tMO+jGFZ7?
zs3HGsERTHy-~Ec6H8C-fV|eid3(SR6T!IsA2ON
zGm+F#BpA!>3^fGTh9W(&WB)xdQCI!^6_@TKOXQch5uhjb-r&Rp7f9x0!HF9uCK`&L
zub(<3zgAvb{rtq1DJhr!jA8I|Jq+_CHfjhyU$^dvx>YrivpYM)#(QDcCmik2{Lq?yN3zv;dhJ$Wxzd@OtJ@W?``hp-X11N#P9tzk=l=Q0~ll@Ei;LB@F$n&o!XVpvOO#fbxRbN89w5IxlAR)dWUJbnZ
zsjt9xs9U#X-KzB_txvi^hIf%_4>@b4vR2|#`k@Hxx8Xgs1tdLoR_H*d{wq^sU;C$1
zyP>)jGfyd5K2J86_JXD|hOlERQv&>FRv=|w$#Pv=_tsQ@D;h&9iUvQB9p>S;yV4)U
z-wnlM*wIdGXxLHf+KGv$eDQyF4DaICuT};>NLd;DFfdt6XEG*DiX=2rwO&#gIy|`k
zl5fjj>5rs*Z=1?(y+6~cwv=D4PZ{1WR2Liz3_rUBNQvi1j*e-_ats^9Bp27=3#9zJ
zu5-5dh;^=07hpqKlJ%Oqq^G76i{yXYpr>Y)Badqmxi*pO{7j8O5_#vV5_w51wnzWO
z#MzO$t&n($ePzuy%*HA4T8@Qus~7Rve5N6Ffg8^%Z;6|Y`j00jhPU)@jGgT+ft)5X
zX9NDMTQSYw65?eOsanVAvCT#JLMi`tBi{8DyX)}*cgcUFd=_|-Hx#c+e{_elBlBzt
z`Hllt==YZ+IZh_)M)9YUNo_=RZ|%?Omn=q#*G5*=2cKvDqVrgm4M8kl8H&6Rd;bBO
z)7S8|Ui75W0#O-W(KoZ(EM6Z9tieh&$ZAAbxK<8}Py?H5tRRAxi}HUk;mDBkJ{gHw
zf>ym4iCH9xxx;_7NuM1JcFMLlOS_B~c4FU)(PSkdf0yMG@8T$Yr0@>xZc!*&CF>Di
zPwX6gSv9hJp11iTd}tqqf|iCu^;^!NIwRhPxI4KLq1>|j;d-2LUPV`k0z5gfmDIj9
zpRKOC9tp1rMVc;Sa-tXGpQ9t4_2CQfhs{Pqus;2f8mYXx^?|vam0PZ4Flp@dNIRmL
z*D0}*ZjAHf0Fx!@k2Fb~_4DMQaDv1`N9M_a$E7_rzJsnl)Kjw#Yvg}i>l{AOyvs_b
zq(~9{1cw|~xJ`Q}^zSs*)uY`x3EkdXGy}g?Hv9_J&?I?9l`RNG@&A#3NObKVPE7Qq
zK69s>65Ksv>FtQ9K6pFBN#2~W=f<2}p-3c4D39rkSdZ|N-}LtH_GhW=$PjQh28`CT
z2WbdPLgcqNkt4Q;^e&BgYsQ>Dw~fhRNJ(e)kQa4U$k|?&?txz-a%;xvKy`;zJ;4QO
zPL5DZ!A01}sqo-pw65D^c0S!H;OAcAViXeFW&K|e3rqf+@5>6O
zVQ-J00Py13ux4U{`5fLn{Sg#eL!mU+?VRR%*zkc~f97ub+>`!J&P~hxh{HSnN6?0M
z!D%W~yF!{Qnz7dpoEY+2amO5#plPiQsoO2wEG7R9RORLSA#teUo>&;Mu^MIX(Y(ul
z;bijde=+@?668w!oKZvSnmaa2sp||xQhV?Rwx|g;gk>jg-IrtZwK9AK7T|=-74cTE
zyBAa&!jI8XCa;%cy|CEvq4*uOP^8OS!mVZeg3?A`_Dt*}d}lvlB{EQPnv;RT7iCye
zQ#ZDC`qkxVG7;o%r!Y5;rmjbzhRvsh=7*x0ugeC3HQ%3Dmz=2(YO$V~8VbuXnw0BD
z@ugcgz*&<9_y9iz<_0)w(g1nr&D{XIF+gyE4qeZcp580vp4eXaS+!7PS%@{q&U`I?
zXwhL$?4?B$6GN{^;b8qzr<8hP-${((4J0QqiY8wae~>6{wNadiuNnJNaYs@VC-|cH
zDWVuY)l1XNVM(9#Cv05DlsI+MD1$aBOCCXNEP4?2A;G>LekDGo@5OcxepYa})J;mf
zbsg$12{pJ~rrRv%Nw4XxLu(pFUl3|&n!`4GpzCG{FOVNd0F*&T+uXEdk##t1-0rcMXH3f(@q
zz9FSv~e~N6HWnO;S!uLp$nPIV}!tu9Sjs;*q%li@=|}3<({&tTKqG
z#4;ShWf9s&P4&d|${q0Ett+>~f72?rz<;-?`j#(XC^}oN`%v&~WWx(^@#nub#EPnQ
zk>Zz}O}r7Ax0}$O%Nl|&;p}kevg$3JGxr5p5D9+T5d1Vcdm>W&X}B}JsS`&?t{a1-
z4lA)uU`_fXxHs@==*(4Ew=NV|g;XE1ta61D5zd90Q)efEWnAQ>lttrDYu#JU5fm?k
z5IQUwk~>@V#5P+jwf^qP;D(f%>Ua05l6ql_+Xj7ceQ?8YCKm5kmF_M6Gsf#!jLO>J
zRu)q>^aQdXVYFvWpL+)u^#tF;f4K&=z&;iCi)J!5*K$qZbP#g7nf$!|eWoqj*~~lg
zz0KZP|5=-DiQUT)=-aNL@I73CX!egrFKil=T!Mtqs#c+v(K!|`F#{n)hE+YWZ^(s!
zTv_ZbgEpxKEas?pR~h~^$Wqjx)Z*d6C6zp^*s>zHY?G$=N=@}EX;nEIVygVbYxk;D
zT&b^)k$gKR@^ObExiTo5}*|*{Ys)_U0Wg(n0a+5&fduk$C;$_qK^2_@not
zC^wro9GGVgjCg*zne-yKOSOMZ^@saiek}fb=oM~nD+jc1r@lYE{a+&8%$R#L$o;Be
z=hCV^_~Gyah-%;T@Qr%h{*R*jZ=|lQavMY&Ob@^Izm~?m*#2^%7r~VeL%E&8zvQ+~
zv}wBRpur8w&U?2PCMM=~rqA6O1DciLOso$yge8~^TK7wTgo}8Vs>+@;f`NY^&kQxZ
z(jPoMyaK~NFRm$7Uq_#Wj4yIIoo&RoAna+Q=ODeoM
zXp=ih8nE-jUXrXgkH_yuo5`5m+%^=5zS&Ni
z-$L8+j*dyHy&Bi5zG~lv$#&Y&6ggVGL$xP%)O?|HpnQlkT+;P*mmDOI;y>On$UW0P
zjllj(S~k*!9awmp3ArFKq?X=g5;)fcz9ccQljh?kq&``QC;qCN6P7!<$VCk9=;8w$
z`LRaHaP11|@g~2g%)4=+NV^5lG1)9(paA}L63N<*{!6+J2t;Ue9rC-(Rf)YZ$<
zuxokDI`>E2)HS#_v!&0%|2s!$gtrIW+b`%(&~em?TBUF~gkI*@gK9D>S
z&vS5uO6roc@dI25J8?Dy7f63DM}kIHB}anE_)fZo90}Nl2Q&WNJn>+z4_|^*B*eCL
zO@}N?sVqZtuE1YX7(ZEyf1^#LbCmz7&^clrlR+l$cFB!l=eCyjl=XPjtnYAnN6v5Y
zIM?9W$8ZKyw|RQ_+>LHkh1`BL(3Eu4RGu(=tZCP`AWnZ1_7Z%FL>_P2PJ6%qM#;@u
z$pb7sS9cS{LA-Rw`#JiA6Zn$goHsgMOV%9M@=Chnt?wEc)Zo)dXyyfH4*oI}$
zij_UF(;kuiOVh^VB{uEtkODSPXIW2dTO`r+6_p7ieQeni8@xd?avsihu~f-O-HJne
zBYnxmWyr;RTo=v5by2;|Nkb3=_*q+FIJ_9?TPzoFIT+8>2k)t=z9*$pF69;n_~+D6
zL+ZQdY=#qBN(eW@hjE`Hb#K=Zxmd#gKeqaB&i_Imz8Z?G33bIbL(Ho}JwaY)BaG~A
zYUohxsgBpv*rz*?mVMU;@2#o6cfZRqoV@qY%W+quxE{rdZGy-EM+5XzyuU6j@b9VWz=kRWLhZzp7g;4K?0OT)Ln_xzkw<-j&d{D+
zp~%yrL;vxs$##7euEgA%W5r7nw~OGW$$b(BE)9p|pPU;Q*(YxmS`
zuyfQKZtDb>TzU}7b%`$>g~^fJovA21-
zO*qCYb$Duz@!vcsN%J4$GqL-GV|)*!@AHrGKs*;$J&Rn(?@uNjqVfkg@5)XcL!4^S=E<=PY%Qd%4AxQ7261)?CTX
z<#jnTG&HdoqV2OJSVLIKR3FhCfHNS^Wnr$xQ97LmkF!HC!y$JJPI1U01Ydgyhf)Z;
z@Rk4Bq4W!v$?^Ux=c0~b8^Tg~ZdqkqZ`tu}GJD6i#2`I|?o;*kW@RB
z3D3g0#g^E@S0v7+4`NfdqAo>aj_n{7=iJ=Wd;DMQoG(YYd+y&8&2J5Etxu6W#9wLn
zn)K&h7@YBOa$D>g$1QKfFM$`!IVF8=mGnUNY%YU{-O}gcrmCF8PE8Mg*9(Phs!qen
zLEbpHPYPuWXIB*QeJrGCUgRj}kS&$*cSA9**!ac)h5`SS(Dyv=9*0h`+;Y2Y>_l|M
zVw^VLl51R>ntM5B7^_OZt{AK9#!jtH$0N1ML+i%&tNhVWfh>!iS~vEM^sDpmcfv!q
z!;l>BsrkN=H0P-~3Tx?Z(pe!%Cm{_(=Q{hXU%H>Wv_O`g=q)|fUAng{&G(i%{bf%q
zQG+e>d-w1-{4e-bA?mU#|pxMqNA0$kFeO;sHb5k!{z=O
z{m$RGfmfq16gV~Nyq}j;qib;r@?9l7g;Rl7qpdi+hO_YS;2znxlbRu{AG#d9!8{&j
zNuAyAk^G^#_>cBAPD`o4cK)M^ZSOc9zZhEe#IkWpH=BH4l7byz?Pkeqr%x8)C#|~4
z8r=VgoiBHWlE)sGp>JB`J+TNy3g;ac2_}!w@m3c5CV3c9wE#u1$gQ(XT#F~vS)8+E;tq@^s`x^bS%v^r5sq?f{K2gl9v@Ok^9m+Bg+g
z?31pj@?QMZ_m)mT`+edw%3^DbCvY2bCgQ4ZNa!(^F(z{=|$4+zj1%O>|xg
z9%#$@$kgF7HuB*!on33DFX4@!VlUJ09pPm9B^h)jXL<%smA*`W4d*Ja^gc#%hEpeN
znw90lXPXArk6Ri3Hp%i|f*9OZ7saW@Y;w6mr=gj*)FM7T3HOmupZHl>2-_Tk8CK$y5N|5{=^w6F&G5@msGexooB(p^_8b{mAv#4DPGTeNbl5Czmrxa
z@9v24bXe|Utw+O)N7|6$yd|>==Yl&Be4DDH59^-W*CkB+%M$3^>i|N)8W#(qwg>%7sp(vG{ud@{E*s{~{eTCnN>!)A5f#X3lL2
zJ1cu)7f808XNFEU;64lGg;=_rM-o=bqXsuU&*Fx9$a{e2-|8cr8|6W1ST0E7&pe(D
z%ckK&B!&j}AH1L^H=`Sz=abHTji;TFFNQ(#oG!2J5T}=a4u?MiccNObDzll3d21me
z-5D=4-CQy4N68u6y()a+dj8FB>aWhY9?N`t{F!er4YLlx>n!PWua(xPrEmx~Go`SC_kJWjEQN<~btfraE!S-E
zQfT2~mO@>ftdWate<|eq($w3?ZCMK4&fhGBzwmFj2JyV{CJY$1z-iH(%dST-|LKqM
zRGWp2aE>gz*ld2H3CYdBFAINQLhd0U!p48ZP
z<<^lKymo~gF1|Y(USI8-)bY373M??39CxnS$04v&!o
z2d60X!f&Ayi3IWD8UDiiXShL*SJ2`o+09K5}z8yp!fwdGijw#OxVKi+h*pOU<5<6eI08mHZE8&m6X|bJ%`O4nv8|
zt)jEH{=rJ6=(00&7Qf`X+iZpoFjyibyAARN*eGWGie6RqqjS|
z!#jF%w*wb*<$NkQwXzKVVyJW)`V>x1Sg|(I;hzRb#Umi-{};fD-pj_By!Tu
z`|aLNNe#yPa0rz)P@_NoB@0jf=-sc
z*DK|o*sqb0#9Qt?&h3{4axVF6B~ppZr-U$C(kJzqiBTM!6vbR$6!j9t8>q8{D2}``
zAr`3{kwBetBB|0aH@WPCu#3+sU}J_IT0mk`&zqzUVHN=$>K!!*-00
zZF@wHmR;(_;a&gDj>qb}MeDDOF=@~7o!(syM*NRZK17+}wttWn`tdK(Pw3pLzj53t
zJw1=wkv*Jdo+l?P4n^hOBvYpsz`w>J8HvxHJ@0A>>coA#-2b@9-5`Dj_@Z;G-uazm
z#6P#njjF-zExc?xy~StEv^o-nICKd9V|vKWs}g%i7RN0&OKIT>x+iw=!~RZ{Ygbq3
z+7pu3J`i7fQ1aTw_}Z@}ue~I`b_`FR;z{Lxi{oowOkVrl_}V9u*M1|u_O^tzos!AN
zaara+O>lQN;Tpg#g!8dUYzx$5{4^nHc;|>Wk1#C3MIe&~bUsn*J?4xc98dn~`;-
zbZi)#_oU#Dlpzd%T*@q_p>HeY1+1Y=rGG}&UbqmGIaeQ|C?vgT_EViw*~N+3AGiYp
zD+&Cx6BzqV=kbqhqHfZq)5hBSbgegiOFQ0g{R(}?weGHTisu$sifWL_Ifzm=8k(bV
zcoW2sFqv`YoH#MSP*m^1+%f&ed+n&E1eKZt=tuzlW1aKE0C-rQ$H&
z*v!qwUopHyVusI`xn#p-ZjHDZcej;^XR^X8f+uG>$-BH#K9;8CZUa8Ech~
zeb&HplQY)xKXbFspRx8J#$3FBGWQGS;C{g(+%G`KzKOY8PEI+`>M5M_AA1Q$DvqMO
z-EbsC^M8qdVge)+juCAy#g+1xF;KK;zOTaoqkL3w_G?nx(b)l|QpQYkM+%0l;nz*wbpf&7Zl
zF?c6hz8T~M&{;{&CI2waDql?i;~53V%Gm#4&KstF{XabcjQx%O*^@gf@e9rZy8;)_
zNwdJt!@^C?0`s1je8GL}JlQ_B@bi!g?ApR``Y8$wMf*iM7;;l)iD
z>&hdPuVJjXGWc
zcET-jJKBTYxn>`*=f*RNXx=&BaK=VQHQ~mGo2FDuPvpg6G$AE?E^&Cdo6_{TBk1AX
zeCk}Ym(G@p$Dx~isoEkvoF)5n3J(LlbdFNf=WfYVaK@RAf49Tct3HLAWcSS7bH?OY5t-*pPkTjei
znI>rot!H9k-KT-{Fn&N8E1G5{)$L&$)
zJYV2;d79}x>|+{snC_%uXQly*5W@pC2&L7w1FKEueCkoK3mSuSD*}6T=4VXa?k;92
zvrXkawyU$JTxa~TfM52CX5RBnSWu~EtintRP{q5$T7+!e6u#2Zr-}Pa6&&0Pd
z6&Hz^6eLTX)+v)PrSi0OE=Nnkfl)1ekX!IxIkG9r{Q|cK@FrnSsm${JOsm|%`!jvg
z#`T`02dR4r<&XGD9szmJqBvyDk@DEmt8(7;NoZWV%S$2gyFQh2bsi0S(H38Ya_z*i
zu`>Jt_JrQ+bhdP-_mV|!+Pys_
zahE9ZlRihFvWDaZSG{|qiM$cp4h^F~bd}RwzlV5yw_h~;PT2d9yoF=JZ}%DDU&lkh
zp@!t}FQN4f|0*5{TYZl#ER8ShlpH-M3*!^Iv?{Mb%)ure{PM(Ug_Y8SU{CQGkF~#$=KUEn9uGn`d@~-?KYzyK6y3s|@t7vl
zm%sds$1`q6eiCLpF5b!Mc~(VbjrX+Cx!H_Ue~L7u`|vErcg&8+SGO3X#xF28$;G8GyY^cAL$^NBjE>+t_>!lT^(
zANo0ZoB#U>k3rcrKdUG61rsJpPCnsr@;QocpXW6foj7nT4<2Wl?D$S>!)wFDIf|vjKaZbB&|dLwtPR-ha_}Z0N8!NqnE%r;zLhP2qDEYX%4X268kGr3oAqn>%cYi{MoN(N=
zob*MGyWb*|TLLMPi(3#)(sB1co`v|nJSA<|^gKUr0@z0-2pgZkc#S-S`^;I0*Wxk|
zy?F90#E0a<%+5mG9>pxzwU{s=S54m3wUfR;>b&W1r#PvbzLERo(rDgo+dF5D`Vfr*u`YC
z5Z6bTW`<3eg?KYpXmQLb)|RBR5RX1fw$)jPso1UQ(>FN_vHLgJ+&NAC5qD1YNYY$B
zj1!OV&Bhs-$wjyf`@Lx
zVKEm4i}UK2n1y%^x>_9CIGrZULi{tDLc*baBm?omH7~GU#RU#d!Sf}RXP+jik)s{s
zXP#vrMn1ix9m{%R51lBxaR&A0$cQiT;$V_lh_%?lmvv{;eXyyU?@=`7*tJq||D{=o
z^Q6cAKbwX4OCFm#3vsh;okR9tGA2%*h4^jsI=*pU<~a!E&O-bM_c8w0XCcl>k3Shc
z6@TlK;rJ}X-m|gaq*;iM%hIG-hzn(D(k#U5WNFeY#9zzOq*;h(%F<7ypTsL}It#H-
zmJWJL`LGmi@4K?}8TP54IScV2J(YddEX3hkrHti3(ZR&VY8HE^H1O-ucPGw5TyO(7
z@Ma+vZSB(1in9<`Rv}4F
z_je0!YiRf99CJ&gZ*|sIC$IhEWD!=yBm5CIi4DqKr~ma?h|i!CbowZ_&i*%NA->9+
zBRU~(=dGODJGO?khr4WY&j;^7Iw9w=xKaScAkv++)P*E-o+Q5g?JJ+^tVaQLOcL5
zxUFtWq{_6(Z%?+##4mM|=W%w5U4)YV(yb0>He7u9XR0R8LR>26!1yf0>$Y%;YmdvZ
zIJvkk#zEjKu2NnjI5X~oNV)gsNWJr}#Q$GsA>PAh06H`C@l>Zwc9gC%xlB$)N8u}z
zLfpAR6XMjtT-;dr&u1ZSix~WEiBbJqZi6^I*yFf#Gi_<@FDBXKq4*~C*d(^Qw5`c|
zFbsh{cNXFu(whIHS%}Myl`Z5h%A~Up>o8nMn1#6PDwHG!RhyoLcq>A=CDDfAP3$-n
zvYRb^yZMXFLYyLZhm&R@eu_(Kr%RrO#IFjOS%}dRc^&u*%tAa10r|8Xg_bZ2@fOs}
zQ~&ua#P?8r39}IEP`rupO!a2A$l3gPj{Uxxg@{Rt|MgjjbI?sE&qC}D*jb3{WZ>k^
zLOl8!`8#PAVk=I=UXalX@b_oG^}<<*t0j!nG5jfl!y*4dZewR5{-?7B5B{}8<2)GQ
zp*TFqd;VGm60iG0yx@j-1y7Wu1U^KsTpt|p
zh3Ilabhsh<7~)l5h*memEpCX17~-`j_s8>$*dx56U5-~<|AijsCAnqwN~}mms4{}`
z{R~azcbuDb$3#{vl`SRQQ`q>p$T~^bg}6Br+gff()vegyJd<^Pk8M$MJ>!zGCw7)>
z6b(Kpe_tlIc%sEmvYSKwZOnL{?sYAwB*=+&FJJ&9w>
z#Y)Ft8!zjNRI7g9GYHxd+>yK3^(~=d#r|uc#`4pMzkB-?#Z#u
z^Tl?SFSZb3OFWyT&&A!Alp!=-`+mnh*v@|%W7Tab$#F(;FX2vwcXn_`4IkkYlC;V5
zXXqw(CvUQHvQ1jzoBS$ylN%=6^3eH-LoMl0%!TBc=#t=su{9@_E+I|`T
zd&b8M#oa~uRgQUXmwdj{4TJdogewp#;=H5O6Gryr<59SW#6Lrab47ZcT(yT9nq)P0
z<;C-^vn@^wnt=7+V{{=|=*QxA|E=`xjo@OxgIloWW2Gm1k(_K|5#ltNmwgI<5gHs>|Dg;9_??VUynuP
zlBsruvw)%hb6_Z$QQ%!ycpP$5anN`Se-PK
zxiO3#ZPReJFNVWx43T&Yv)mXSNs8gyz8J>7>*m5s!w=&zq`NUxCdKfoTn_NHo1WMs
zUJU5aIkriS$MEL+PDvh+6vF~v43##9<+K*5g0%hRm8@fv|2PJqD*ev-ZyT+P#z4*2mYTC9gd%zV@BV
zl43qCzP2}c?Y{A~4<)ai8ec2FGhouZAy0F3Db~hzz#TgD%<{>1J?1uf6nS;OHTre8
z=6>_8Q}+iSDRKLcqC4dIw%d9xlRf*7q8=HkJ9Qs&V|cH?#&Cu&hJ(Eryt)s^W7x@!
z;lZRBru$-e?;tk~UJOUYW9Y|^t;o@SaZ(H~ODFB-;z1ijARfaKH->$aVz|{8!^Jj+
zCuIQdl*83-3~$Y{lYg?1oZWCX7UGmzuFa&T*qXKJV+x-l-uR+$n6+>ZSYS7G$
z61sgl|7n`Wf1*?IPtsX7d@)z{#2QMm32vPV@%*hWhUW-~3Ln^XmdP(2^u!i=)$4A@
zAvW5Iq~yb@6K0s
z3nqFaGGoAv65n4wobfS3Nca9SQouNfJH+q9AiMT<#mU1(TG<-S5=7%0RB4Xa;f(8F
z?nOLP%F$`@(O;sDXPyMtu8=zQeFw~Z0|(W7`ots^8?0e{p{<}JTp)jcLx%M7mAVG!
zHg`ii`WIQtkPQdPi`Q3R3Fd#uKhD#nGrXj&s=DZJP
z_H>~Xkn&~DqqN8i8}1Lu?~lkQ*8{%uHU_^_84sqfI!~WN_)7}r)SsI>o*MNm`Dg(u
z024SFR_@{I-}3NpEYve=x`eSQtF0cx&AF6Ir!K+W#1!YJ#XqbX!-uV~G{xksA@!Jm
z-Xcblrux5m=})($_BLs$*z;0Jn=Ht}^|Ei2@8mHx{fozV>JcW!zv8+r{yE7F=~Gib
z!hGI%qGicDT%w~Qo67oMm@@U1KDwD{lJNIV`}{D|3qC*0eP1A+wK&@*+|_0sr}j?Z
z8If~qev{>{Un-j?XKktX)CF$wU+yh&zw37SDQ*bl@Kuzof3GrjoQVpGMb={`{#tL!
zH9}6qH9C&>zr@oMa~~C?KT`a9JumBGZc5j>?;rjI+a!HYZ@8u;}<+nIj@Kxh2p{e>1UFj
ze^1(?^EZC6x-zJ^DilmFxQoFvU#
zPnzagNOQu?6z2<{XzudaW!BIB&JN`W@D`01Iy;b8KJ+WTi!iME>^i)sWK(NTJv6zr
zrXguD9OUa{_62snPMXhhNsRL#D25|*9%^A)!f40sowyzPCv*--IJZY!_nsSlD{#y?Nk0x{
z47L2{!rNH2k%IKTdmplHu>RI+>Mi51AzkbLhuAoYvY
zEXCnd-K7n3Jj!AoVwK;$N*0H{-cgNcqx9Z)8dqFLVujYOE^T4c!_JzBR@bF
z_@DI2KSei}d>)bUoavKGc&j6+Pu{{w>U=4p7Y}ioX+pZIjzLsO=aDbaC%+|E|ITrM
z1BoU47detqjtR%XPS}C3&b<-rm*`QhamVcFeKy^r6gk7@q^2*8F}X)M5d+`Ew*PrO
zO0E>@7wA#$-t7zZDA!BJo7kgVgsdi&`+RUV3&*K2wBTh
zGvD#Zk{2ap2Ce+~18)Z)MbScx)AUSmj|^wzcNd)Vwj5Ua6BxV5Il68|$XqozR6Q>Dbrf_J+50
zLuf0fMpE1k^C6trxCF_51A{{(GpWJ2Ib4N!J~J2m4M#bRq`1HE)HRl>J9YNy^w1AF
zT`SsYPwdW_CPqDnxDCc1oBzIrgwsAJg+q|8S5q-LDSknYGTa}HWUZWe{AV5KN^UK-
zS>qlmr^~4=f>Bx&KVuTrvDIIkbI^KwC6wMAP@)iR059cme>OiLL{>x^p|q>MHH@ArA$_nh}V
z=iJF8`ul%A|G&>i=AQFz&-?7p^Df6m%YdH-4&VD`s7>JMW};`@TF%?Zq)g-wVT*X6
z_nQjY&b$=6@ND5u!!1r=IN|)>z>E?G^vua)
z5N)SZLw=Xi*1{Mlb_K1<@*vQ0Ld@^?BuUXTon%aOTh^94peuBsi)HB~PJk#$y`qL@gSe7Q3ai2vHPDX~bb*Ei)kh;K{08
z`O9ZhEPwf2r=v}(i)Gg)L2}>+G*e-=BIJpC<8#^0jn%#Y8#;uHQSD&3a4yxz#dR1$
zxfYnba}#C8FuH#S0gdalfzgV={u1hU^5;88qe1Mu2qFH3z9I@MqxF=n`=a%RHjRY=
z{|dF$e_HRk@v72#&6F1Z@6dWW2(b{fUI1Fp2d(EOWqH2ZNnzt3Y{aSY77|)nd36Y1
z(dE%k1EDkV#oK|t1f%>7@tY$7Vdez@cmq4xm&Ps7y<}e&U|@hKgMKzj;Ft?Iz@_r4
zSSN4*G%&8DTO|9^wmEAelflOM!?IYIfkgAv^8t0)mc`Wu+ylg8YC@G}6b;Vik3h-z
zhHUQ8G1>fnwRi^0j&HN%2!R5rIkfd7`*{3}f=`r3-bF
zwL1jf`pydzJ28RMFew1Tem2}^*pQi$V_NNlR)2zVvu0b7x~^)}P~F5n|ApZK3gk<4
zNOEvdntBuhVS&fsf;mzX$-QJ@wB`66*fO+ImvcA5*hgU>ajbC|E?HgY`O1o5)VJ^!
zLxnqPE(9OR*m-_?3`8v)1#%UG7E&TN5Jg>loM6GiSb52609pap9aBskj>a15|I2-Qz)ZbZ4gyrmO~Z?MS6#_M169oqJJ7Poh|;U4#QJ%
zd4BZIN+ovDi9%4Rv}>T)pIsjf!U{qi)5igj|4`$Gp6GZ_u%)u%?k&w)=DcW-ybAQ69v2DAF%>v$KT{)pTaFm0`JY3LA#
z^Ga$8`Qn=hM3=UsNRsy?Z0dERRN&
z9*V&fVI*hOVFH*s;g|e+LyWCVGx>1*{Q7>$_T&du0Y<#_kE*U6H#Mc0!d4jD(XinR
zEzN9(M7e6T@ojw$Qacs3Xpo_`#lVynp(#lrYL5~J=ryzz8sSm?qO{*W=ydSj!v6au
zN6}00{gVCpD(ROj!j$H6imn5@2h5IxmHzl8b104pzvM9FQUHhRmpno)3NLO8SB1vV
zDy-Zu*+QtjdVa|dM`MUYKCnKN>Kx4%g{2s*u@S1~;s$&IKu`DF9Si=xn77b^x9y6a
zTnm24ld#~YLe+At(1M?z(HB4#fQT&kc<5cnf}cgFj&M=XvkeNa*qiLWrh{|~{tx&b
z+A7V0AEf>^`b@LncaDTzIB%cGE?mh_Ohx=mnutCu_)SP^{D0JfA3-}2S@7HFiX|-g
z2ej*^l5fFZWJ$t;SBkk?MGJlhscr`8(}E8K+XhcJMwEITc~wKHBGT;?bk9{kjG6AQ
zX~EwUk@PJ1(Ma(ro31yiE6lMHBwXnHifPGah
z>;&6%>TIQSL8xH4H4+aaQvu{V2qCbnK<4fLU453@{V&<^^Ozkqm>Q
z#q<-BV917@2nk<^R&A!vVSs2^=8;O2FQDGr2fQQV$|hK(D$Hc;Xg_$b`z^7!C?~|4
z@R!4j`uRDy3pL@5ObJTgUY2RAz%R597qw4j1s-oJcTy
zxhvNjF?XT4ytP%;b#gvSV3lg_BOe9WB4g8fA#=nsGtZ}FV7*)rxYK(!H`xn7Ei=0+
zX5fo)8fuN)lkljbR&u;G#9#G7#C+I+@a>
z?~w>dz2(pr7zx)uN}msyv$+Rc6JXy?PsI#=cpb7s%YblJ$-OQ3)`gEA!Wht|9ZeH=
zmzt%^Tj@MWXp367kBYGjD3%9LNR4MD&M5{vtRcuD&q~EOglwN?X1g!S0<>(V~-vTgrBq&K4mS7;NMO611B
zxsDnt&m;XElv&Ipt&?s=dWyk6Fl8Vq+7ZKkCy^Cy)ub@nV@XtE5LaIud~^;Xg9QC8rKquY^&bOVFkpC=*U-__(@iW!H)8Nw8BFj|W6Dm^H!lV^ZDU@m8{U;|dAr)cafL0?
zOcpwl=nvpd9iy07O6it#m&L>fS$vEho0TI^gUuR9X~&N{p>zz%LF!z#wi(~zKr&($
z=)>ua6X=lS_^Bihu7`iCy*wJ+F4hZkDh6|5GJ@^cPM3Tgx`Q2DW4v-%m_cv!Ysx~s
z&^sXuL&?lW778GELKaR&&NR|W(H#_+B>Wt%gv)YwBa+~}@`CXdcrK6Uv65>_fZJ(!0pR`(F
zcx=d$zvxH!tW6h#Wbg@LMRZb)dh83pO2z9@u{6T=xlz0-y0%@Oj+%6Z{L30Z%wA*c
zdR3r$*rd<*aYwD!j{fePwveqAYOW`YLti~)^rE;YqymP^atNS9
zF#9e%4Sg+}bBK5pAp_2DHA>sO(^i$v
zcf`}~w=4llMXmi96PEGw644W)G0uqNrznq)00lZ79&hJd_ZYll#R0j;;5vczUs2`r
z3DSSK;bUU%y@|QEf^N*Hv>An+^>VN9-PXuaOw550#o&UyF*w)A$A5SHF@3C1Un7og
zF?buI5J_K*Endt4lt^{seD1Sj
z=;Tht`j0w>z>}bF{;n=W5wF@z&Pp<@pVFO+v@*G~j|?mLPvLlds|b$Bn|=_%i$glC
zdOxcAm~C+NZQNs!*lSWF&<0BdK2>aS`2(k1pwGZu&|rIHdd}Hcer-q2CAY(a5rn+B
z2S5`i1Fs4q0GO2sz$k9O1AScIqK+&NvGk}q9S|-Avn}B2X#zr7CI!REa3j8;h)XcK
z$h_KsuOvemE~fqgnUA^gp?`@?X3Q5H5pp?aDHa}oxC&%eiU#XsJFG!xw07RQ!Ok>v
zV>4Ydy)T#|V4!HDhYEn$kzM>c)`^HK2vV(lKn0OeSH;Ea1s{Uz)M9sKf1ds1(^5TZ
zb@6Nw7P|g!3Ui&tulYa<#Iz8)I&==_<8?S6rgOo}_cYy&8p!1Tlzr6P%{FjB%xuEM
zKH(9t68ofUfskGl;eS;iL`G~!tClM{e)p+pT)eU=Y16F2=wHZib!dN^wTP|0(<&bk$M7ChW~TV^F56u`GQ>v^6-2AT0K4m{5@2jU2HA;}}pb2IpE*7MwnszxKUZy*7ZmZ!Poud5K1Bo1i
z=|Ow--#c0h-e=r9`Um!9MBdRJaCPI}(GX~A;~jmMa^DZ{XwWd!19l&TD;IHy^<0cI
z{y*`K{<*ua8|@gXt|yY0a%2PGNo>#sVCo2>RrZc||BRSB+oLzi@0T{k#y)1J#qnAa@lO8TV@Dicb
zeEp64MG#pjThBFF={3K>bFp_{I`i%dNlk;s#b6oova(}Mo&t$jGK)&LhzAiZ*=&x$
zMH(`H0C)o3Qdc^OC83czr7j|iPE3aS(=Fgw1Iym
zs1>;7`LPWMH^~RM;YTADcr}=Wmt}gL;`aJ2`)C!(42wih_+frEs9IIw+0Ge;^LW9FU5HB4zxN!vhaxx=0SJa$1EbN13q#yK<`l##EEQN#&mHbKo5kqh(%$-GT1c8^BT1$KZ@73-wP)@{c
z&7qoHuV!tJXMK{$GV5Z5NTcQV)Luo9**FP_#b_GTIAZ`X7{}xvb4`hrvzD116*H!S
zjGdTq2hl%X{A0=_7}(0>gIF=q8$uY{qaG83TK~*SVW?nZ|2V3*_Bf_7l9}qFMKX3o{G?V?({HBgDq>UtiInggb_77Gl5A1!Mz~Ti8PI
zaipZ8MAcxGqPOOpJz*rMcuclJnVIXSYP+n4dmm;>^o^uLq^nIeKZF{^po^{_jfNcz
z%dpP`KamtFlvLE{NQ6^!@$9T)>|sA4i}fsgja)0^{^<1(2=>Cr*&uNk4V4CoA7Jq)
zxRSlcZefdKxgDLL!icY*9Le;Q
z2646#wkbs;tnG{IwnFADC=XCeRLf3uh;%2>TjtfTxHy#K9bu>m{Qe606_VH6&#`s1
z_HU}4YpS8egII|Tj->nU=S>rO7hprtO2Rha{R(G)2XBOtMl$kX`W9j+OMEXYx8c4r
zI1EzapT+M57X-Utf1c&a{lyMTXQKcQ(;~b^GUUhl;-rdTRXJ%I
z;s!_MX}B~J*z$mj^CRpvXs<;3E_AKOi{v#(k}F}vbscyB7;L6lfZGZ4kdq}+Jkte0
zk*GivA=bO?4d9h4^(lMWL!>2~evA@>l-**#2v)!ZmEH-R^*;Beo`exC--pPX6<~JM
zz_8ri-+RUa*xR3|;)?e7ZuC02LS~8S9G0~wbjD*@+S%W`j|Gc0vki&_S%W#*^k~w%
z+DUXmr~5VAf3&}sEEQW0ZJ^Y-5=W=4b%p+SiD7l&$#$A~E*ll#4i|_tk;m6$ouDG_
z&8-3L;%Ku38HmZL)^6rH=HQclnl8`kUxYIw%}Nc<^w`ZGh^#1p;noaTJD52thsx)&
zV>@cD_&v0ec0hj7;_V=yu!4nQvWer;nRisoz_o)2xWGHOT}_l)WxICTZd#2%c-MaR
z2=fHu$iZ;-hj(yf)E8=ouyqf`^=zou;p`GYXVmVj?l;wD(~uDDelCP`DrSJX>Lo8S
z+eV%c{|FzH?8NK`0Phe1c1V#By#HKcadHKU>=bpMN|`AVq`;r14_!2|Ur-h4co_3A
z0N8}TL(R0mNuJbFaDhRz$f}(Q-vLSR^j-`WNahN#>oNov&mgh~_6i;=pD@$80JX@T
zQ_E_+U*ie8)S73dltc!g{doodOmaNc9HL6l_EkzqzLt1A_|L{PG0SY*Ib7UYJNOd
zpV|dA)Ct^SwD>ikYtuETS{@S-ggl^OsomO_U%w3yiBI}p)XGt>r?#OY$Z-vYrYW@tL(c0O?C<;9>kH18#6J76Sbo`=6e
zEi`356b3k3UN!QSpSC;(I&Urj_A;jJ;0TYpwHOv$L!(j*9zeP`VNqE2b-b6*+aqU;
zpk~A@J6!F^Sj+cEUi**C5VWWBAu~K!w%SDg$iu=Boh$Q4t~b>%yHWTV6zSNnwm-5F
z$(!nroB;B$6R(5cAXu@Ca6dy2WrSZK)=FUnrHIMHkt!2tlX9+Sdkv^anw6(y
z!z%kDPk-i#vHBxF2e$g{kNhGLy*H5BE~U%b!9_IONjvxti9I09epX`u!bNB9|Npdu
zUjikoVF#~3NWU^WxCDL#6F+6`;5x#k|3`LkxH@UDeayJV?cg#xp#8RkCrf~^GCQ~r
zYOSgrycp|E4v($e4(r0O^iG6g(^cJO3A
zugnhqj6w7&+rd3WQ^xJ!^(4ot+rcghuCar+AgHnGua#L&Re!%kG9*R)P4B-Qd`Xfc
zo*iuGE8h2&Ebw00&WO6`-$
zoG5quC;A4GiuJYJrfD$3PB-_+sS%U+c!7Bj3FJ^j7cn4bO_%f`AMsWe5J&-Y$*Ecx
z7IDp?7#uIr1};>VWS4JM;$a=eE(Ytmz3Z430&lEjWS6f4Nbt6c!Cp)Zkdt2xTIdeO
zf~bT}w|+`wj^e#bw?!npowzZOFjBrQ^R7_>jMZE!DK^yJ0tL8_LfSC--}8XDe}wXx
zU?!}%Bj2E}-x8btW^AGeF9r+V!<5ih@NZ5n(_3G9$#0vA*Hf2!D#RbcTQ8aWx35+#
z4mR&28~!xYZ$f^YzejC<_=p7nW7s%MYNDS?J1>m1dcDp#SzU^xHudCp%-t#PBm33k3uYN_!
zJNdJVh2J|@=C4Y=OcmrsOvrD@9TBVTuO6UzJzzebKYQd~0x=NY)B!f>G*Re?P8gk!
zAl_DC4VJnukvrzq?gCnw^=4gTRXUsAH;k_47q&?Su`IYlcsuVu6=J60)e!F2_UHPS0Yx0Y%N?41p=AR{(zEokL5To|45s~5@N#b6sy%25D5
z#*owc`g_h#Ky2&L)Qq8%`)5O43M95`L<3?E;GX
z*i4V+TB?FYq#iv8ZXW}{Tz_}4lI*32wVuFU1>cS|La(<2f!>5;hr*h^-74ky#)P}LC$
z_7?IcWqnU%c-+=L=YlJW!BJ3t9_RH_3*G!q98cwBz52QInub|F#l$1Bl;xH`4DpL>T@%oP=f`*!|2*&*V-Yrt30G|TDsiKRHM
z`pJENe2K$(+;=Ht$K}2@ru#tglbLwJ->#?e*W6xo0vyK_?wcth<4T?qnWSrJt7k9&
z^s{Y_u5q+5-=a;QZ&V&t>lhDz8e@1p6)PI!J<%A@gWSf;AVAhL76NDN-N9~hJj?kG
zMA1rq+i6j&&?Mc?oMi?;w4PYPXlQU1Kki%
zR^pS${7-!n+~LUO4bKX<&?*chez-pF&#^4*K&Tf0J%f;gT?}Eu0s&BCJOBzAD%iEi
zs#I6tTv?gy!5Yu1T|b9xe);R?aPr5weh%uT0W8|TyksZ*;gr1Ocp4}839<0xROtN(
zUsSJCF;Xk+Q5Nzl-TKrD4Tb;X
zS;$GWZvDLhfi?!u+AP@~~Q2>*s!
zlO461hj{^yPQs*!N7-2`Iglj^hguaLp0xkeA(U-(x%t0yKJzxqvAgOT6*t?{>Kh=C#Iafndk`&Rku@@@_W
z$>H4#@aXXFkMJ1r?q+o1JZ{?LpM|A2Qtf_%9ip)0dss0mnvbYv}7IvA@-;r)K!dEWDv
z()Cgo(#|S-r!u)_5+`@T8ab?W3AtErpdeE(z{a15*w-L4PfhM?!H~8h-o@Zaf0fe0
zZT&*@`UL!~m}eW8+8&O67!09TFD91>^&bai3$Si^6uyDU_3dSf?s$;=@92)x=(jn#
z<4NC}CQw%1YaF#`@nEoYMSGvbKM5#`ATJxS){3DDuY;_V$5;eBPED7a0xR2J8}(vD
z{(Iyx-XA@Pen!9xI(*zUEc0?ThR^pob7qi)A+YP(>--*85nz3dAi4n420%0
z!d%L9eVZ1iljEBtlTPjM0UfL+^K77GG1wBR1sW4`0f&j@M`_^P*XT(^roTy(OV%v+
z-kW2(R_!F<=Oa1pDA7~#=t$Agc#M?jF_Lm|eak%7p%PlPkI~ljNBhFhnZAq1Xtd3d
zruOagW@)2Aae9mgM(0LA+#i9fQJ8Jv;?|7K@wzwKn%IOiN4SD=pEbDt{Z<~)`!Pg=
zKLmzjO#TV5tXim&f50rVG`Wu*)7D`+oVRMN>ZpB9>|e4M$DQ|T4Y5iSJH?LK=fvVR
zQ>@ihOF(ePT0Pu`XD8?QO}J+fdeRJmaP;*E>6L}WZK#L89qc0FDFIS1t(P$Zp7QV{
zCeBr5w0B9o7q6Su)!vitb7v>^#LBiCH-2qyZzn1|Vfepiiph4&BvVAXG4wL3-u>|a
z#(lI|U=00Zu0FXy^IgI(7lU6sA1myE&5FTQ_v%a^Zs68ryx9IlqIfR%RMmEAOGrNvJwH3k)-4b5Pet<{XuL09p!{6SBwLs#k0Aty83_LAz=gU$5?o4O
z`FR{KSF3-sc^#mT9fY5py-~zJ$0C-(g6p7i(85~J&_N$OQk-8pD9+*DbQtoB(ak!(Xl7yfT4E5`0g@u({e2H@@_UU#JCG_?-mYFvY|xR1+JI
z(AA!Z#$6{cCT|C82CjEmV|Aq`m!50J2pW5@MXFJgho@3>fJ*R{0cH)!kFEsu?vB-qa)n+=(?;&zBqO?~r!_S&jprlhaVbPtI
z?IXaZWU`(?J_l{rZOOb-2`Lri-;N2CUd(6SfjDy^H2hZJhmf3pl_pemGS)dCfP=B0GJG*x%IQv_z5N7CEhMJ2scrLv2MpJ@>Hz!vnPX~y+n6Ik
z(Y++zp*Wo%>!|$Q_CDlqpXc$+@nYY1BqqlIlkG7zin{H@)9)q4=3;Tg8xbTAQeOj$
z@)e_63*W7PHTP(#>MuNfWM7^MEeUu$Rg?t#Akn3rLO<+h3-W)%0RH*85Mt2Y+XEnb
z`ej>6o1sb*1)4{0c&S@+cvbW{;Ed8F0QMrs>BKnTxlSCC#*GZkjBRD+J%7M^Q)d>e
zwtMbS8lFK@t|*=$eYhu{tAY-!vrAve^UL)>I34(a<7Xju{5zc*GW7R(yt216BwMJu
z^t4JGArB=bWnFf#>0t-Ahvs$BLzhXFsR|fjhy43XI^@3qc8;pGR}VT-b@Iv2%+vx}
zNTq7D8$jEbKGO0qQm1wnnYbIwfvOJVm)$2$ePWjjwL$su?}Y01RbXGgW;Do+O_V(Tt;ByQ;;Vs$6u!ZTjBTii*MGt
zlbu(c=!4ono_qEVY5Vqt-ZY)Ingt-s29FT<;8h?rOf3M#uLcj@Eq%PeJ}5_36Xcha
z9SX}y)@N=4Rkv(oY5=q;1{)#^VTB?w$OVZ(PKJktu3x*r4zhVP$UE>$ok1RYBpl=q
z@GI;fq5SHeRF|tQKayHVuIYvF`Wuk8e(deE;8)am(k+`4_ZwePYY;zl-U$3j*bjA5
zwbS~n@mcYRevd=H_Kn#m+wu_mQpfoa=@t96nf)!ylgH3;KIwvYj-JNtIKvGEhNy2poud>+k2U>`e_Z;TByZhNV8jzq0bqZex-&0RHX|5y
zcjAYf)I4>~2h62JMh4n*x@BZ^wHIu>69Ub)^ZtgUe#Hou41pzZ3cdBJSVP-k6M0&t
z`wwUsG(pzjbdzRqx+5`j?RIUS}z^Oo6OGxWI1W_)EK6sqGtitX_8ut49J
zmR2n2F`6u3WJ8d+$qNctif+EAjNTPodcB-`7dbX=)f=D{z+$OUgkrvV1GMVY3pzSL
z09+V;O_K_(FB1iEwr*S3`o0nCAg
znL@xKGFPTIpIN>~rWcp(kZDWXKq6SIaAT^_T>|$v1nw_dW`4m#2M!d*PeOljDN^#M
zyw$Oz$j0jGh;7|3Xons_uKCS;)0>=$+(2y3qrQM%A6Elqob8vuf%
z82jWNE$+)L;uYEAzIvHRao;-gTyOsBwgFha&Z4j%xT3DaZ*~Vr5aBlE!dff7Us>_M
z1lp6r=uHSwVb3G+CwTEbur@QCu`3S5do+4WW*x4V-z07|B<#c^5wN0
zK;WT*_h3sQvuPIEOiwB^z5alM&`gF>edu@%VSH~qJZ)!(dlF7T-|c{SYCb#QKm+H`
zOv4XrYBN0~PTCBqtEDM$TJi88({!pfh2Aa(*ks?H$@I(VPApC{4f!`jZ`%
z0LSZdkoFm1oubF>@5t2tLas%J!f}3Q_rp{H>@EU$A<_!61}aZ?!Vv050KO^-pkN|c
z)^yGYXODSDvp-5Zm)YO-8xE8*Tji{tIbfj>^Hm0Y8)*kn=2Mo>alg$o{s?;$e*=)!
zis8L`qdJj?MJB@JFIv^8wBm7S%j;jwnKTrIyeL`42fr!sHTShqc(491#%}2yTvJ#o
zKdNSI(b8L0bM-6oH1Lw4v)j(E>F$uHK{M*QAy5?DR?KaY=BDgEI6R6C{l0?IIJBj!
z66W9a;O`8pY}E(mLN*
z>r^UiN(^*}sX)H`cbqRBA$=op!JmPImdw)1(oc=!{xJ0_Lxe*j?|nJ4E?T@SJNu;>
zTeWgB6GzGiZ6+2*4Lo4%zhGJMfah
z;KEZ%xL|Hj^S&5>)eUmvNlx^PpHb?<0}mEo}|b-}zmTzD-HL
z27ZI|`{7Tp4EA?NS53=T>HTW42P>L%yg-yw@`g-i6xR|x2
z1V8H4U^Ap>O8*XvObgyp6Ro61ov9F=fCFU70g2b>
z5|MKlknm$?Cck&$&y{>D$(8MGszFqjA}9%trFi+dGJr)*4z;O@*O1ig;WxU8AJBu^
z6GrV4JvBwNv~lBFCE*a#7dj%B`2x^)8G=i@fG#w0C!*cxLJ!R&k>6DbmDGhl5+i^+
zzG93pw7l)|{8q{X#-aCHi@)@Kp{T{RoCRgz^qs~cXm;ll2BbVelaDQjZ%ywK24B{{D-5i+d
z{+#?S+BDSvKjtcl=e)i7oyd9X#BX)p#7*s{F=Yq3M`jUu9v<^A+PZH_Ex4wwdyXl9
zGXW9FEW+Q46Ki%{jFVd3NH!X9h;zVRF@|n`_vElMF(|`W$f0JpHP=VKXROhRdKKN&
z%?jP7VY>!YBU)5Rgw_UmSFtwT|E6(ar>sb%#VU58;!^N>8!O@`q@~TU!;}RYX>@Qw
zL$@b&8ejd?TNqLnw2pa?OqFbuVe?^D8mp-?E7=8=j^-@%!T1CL!vUANy|P`CfwZdqIn
zq~ZOxv6&9=1CU+O{fglNBMK6s+>Uo1lOGA3*a+nyqDdkYWvE|1z1=@|!|F2U<$g6%ygv
z-C%58x2qUz%{OBoZ61zVz$GW5JTH8EZo8}bwh;;nA74BLd^}$H_*5ta@bRtq6Kq32
zCw8~+bI8}j81==+Js7sv@bS+cjqx#ajm}bkdUlcQG;WZW+}oC}O_(ek4u~nZCm^GY
zx04ddy@L>I+5*&j2RZVjx8iNMnC|Kch9YY1as0wXnywFv
zPX~;dSse)qz`qeKZeC5$SD0mJ@v%Uvp#eFrfGi>6$Sz^wF0^IZ@VW3iN3|lZ+5Ai{
z7LT)6zdwegwx>-z+L}DF3#}MYlgu?{v8v|B%OR4U#<=P5NMp>yZAsQNt!ZR~mqw?`ooU^5P15da{q7EBcN5+2$T&iIi)mMPrX#2<*45}MEa>Z=^Uc+Vkl0nRr_$5jCM&!Sgo23l1fBH`V;c@D*XqInF
zO3}%a4@GWh$HOWsWUcW<&c))Zps8#`EzbnI(6@|wnZcgV5Dh6^i4HNlQbdQez@_az
zxQ_}SBDC+`KCQxu*_vrMzmD&b!pZAiL&3N5a1dezz#)%?(K8JtXCoPkx08qyZyV2P
z=)xAD$F-2WieyYMiMO}?5tTGrx~LtLrjP&Y~)p#M34c)
zE;pBv|7%0ox}L#LNTnOdod!BsE=cMF>QKsKHYdB1k^)BXs6!?100Fxbl|2FL06$oh
zyp+6Ql7^ws{OCr}+i;`Z6_(%9i3zE+o)M5&@0PbRWsgdX?;I+fL=|o|XGQmk$|M$*
zpTaNK9YXGiyLcl$bcl-N>E%Y8?2q_gif%OGa#Sd=v+I*TMK3B!T+dE6
zJg7{=pG6IOv1pZSxNez-M@0=ENp1KK`0Qzxb&IIs6=)c2aSuShY$@gCXvgAw5>|$4NtL(^odj#1WT@}cfeIPw*d`_CjaXAjWvI)!6dr9@+)83+%fj7QH@xsP&iwIJ=tYI-
zoyXH;VQ`s-2S*M6nA-3uXzR2QH;5WuklOItG7VoYgrIW$Jb0Nr5egBd*lychB|8MK
z-M2$i4~k@HB7XZal&|PM(`WE&f0@SMYpZ)Soi?{HdclFpU)kRQ<~07=@%K>y_^X5Z
zHDd4;9)o9v!)Yn9!saM6=Hkpu8mqTxKw?1I)qwKQ!e~U#Lf+!Q2v9N+D67xv6&?uB
z9iZ6Qy&MQz_#iC77K9k9--}6i-;RHh+Iuomm1&Iki#&Q!RxasDEZ=l__-;smL-`bwR0~y#_YljcV)uDYymi*Lo7~KCJofVtJdD{0t>1yHm$1yFnv8crV;v
zF?jrMBSd+Ub)XNg=zrf0>VvIkUYE{fkIlho%GTR@A&2#!CX{J-Wz_HkWJHo|y=Iw)
zher)t(J(liVjQxyn;}37J=)EA(d^hR3a@k;m@(Sju*#m$e2~zKCJx&#l8OEB+n0%a
z1*pGmTld{)7BMjr%;%9=P;ea!a!az$zRiV&p-cF7$%i#l+e()>ELJ*;`xi=B4-$7r
z-R3pGWL0NC%a$ffspmLV;*ErLjrE9fm+I
zO#|L=1)3|XtUwSD+(3Q|3CDg`%Yyzoj{9$5T2>#e!6|zBC|~iBp!mKd?zP~TG2HX*
zl8=DLZN=Gc-yuB-js|LKwT;byI|CPiW^MT6ReAZHa>2
z$T*b*&s>vEf(;=Ah6EQO3JNx)t_VpG%FZhDe?Crw=a6f*G+2h;9u2^#-M68IM0VYR
z?@*I-y?Y+kZ6Z`_atbfGA4?cr)$99@OJ4hiHrZkUUf1W$l9I>rgVc97`2GfA0lxQI
z5TVt>_tp*}P;VJktg9qvq~iNnL|ADoe_Kn4?_n^4!EKbZB))ZPY$Mm$a?O8=B`@-s
zKglA(mq@UAI%e5E5sn|gZ^iNW2Z1_h6)yMV{zxcCgzv-c^T$8?YK2AB1#8=1HM4Ft
zZ6wWHB^&CI)~`Ueg!>Pa8oF^~+@R)$EZ3uWvyZOKtOIEt{~$~*5^8dyu63MZdHynv
z-aL_`OV5Lw*B3~1jVU(^*uXyAQDONIuly8K&J{RmkG_Wdh2!AB1^%tb%zCqC)*#8!
zbAhZFym&S8Xdj93*ZJR<69~9!uMiAu-rPVCPj+m%dj&SrHrIt!tMKW$Xy7$u;O^_t
zxs2U?r8CUc@EFmy+%RrDxO{AXhS@P3W@~4dsnD1!2k|3dMnUYxFPSY+vuVHD-XFHT
z(`nlUHGy%3iJ1mPQsN0sdGPVh9f_}|m%s)kO-1&$tg7v8hT9!5@
zz9-7{g_L!L&M=EOq-NI7fF#+*bff&JGW(SZ@-%oxjhGBob950fPXH+j=qW^8>JuO2
zynPGoioG}32Y?0o0v0S(z}havYk9=^Ohm-?clIJyF9!8c>)6Us+D(QkaYe(9v-M@r
zOhny-djWMvE9&Nt71TYCKfz=M#IX}^705tE-cYzED{ENA;16&jzzy{n1#4QxU>~>z
zc&@e2AHx32W&?1p-A;gK9@LZi17O4CAXT{4z}o)!NLh>&!O?H4gu%dg#wWtE+29%9
zbsvX#*~~ZTg@j?qvOQIEeG{oyycH+bvkz4_Mg^Grt;~uNqf
z%gD*V6_H~ffh#xFTcm#wBIh4QtydyaO+`-N6aYCn2Aomf;E{1?)_{>89!zOKm2cBP
z7UuDtscBgLbdABK0QL524!dHrN07nH%^rnTEe~;i6|@^N36?H?5LN)uP(^+=3-^$U
z=WMP|g-LcKm93>P-Q639m2$VS-zvzsk~Wwky21c#tMKnvu+?d3TrKdE_+~>%INaZBBMpBw?#im3y|KP
zlg=nRQ(GvbT#qzR5Z;QbO#6u2;Qe|v&-mPIqs)ns|+Wkx7
zhN-pP+!T*}@K5bTb}9&z1%*I&($4@FSp?ww5rugIc42mPG@tPlz7SPfAe`PxRGEoJ
zApgJ&4QOPhK;o`g~5uo(f?EXauOVk2n}cMrf9ec(JS62(J;rs4*(uX
zHuCHXyu8ic*rBqb`zf$dejc?yI%*6tw4q~0L~2=Nr1o}Edb+Y-(6em?QQM|`4=4gN
zn(^VrUWzw4RrJP&72KTxL)jv&tDaj#ez6~6v(bRIv>t#QA&_8wR2ogKHE>hwZ9##G
ziOY=dmyU|qT~LLZFJ7Kb+RZs{CGD(5uAJ!ni^0PTd$q#xs1STbhD+7(&gw?Lx&2bQ
zDj~N&N6Q9aADAm|1$K|yZ-Plibtyo-eV_tUxP47^T)9cWT-A`u?MvwZr))PG1|4c<
zd?wt?V3^L>EQ(rgX9f|cX>zza@^t03mW(b$0T|Zdx2SC&pJ4#PboEZY8wNZ
zlH9#rsm76oj&Zb)<9wgBK|PG=!rr5w*j4d)DuN)3HV>bNI*0~7KP0X5vu)q5aU4Qp
zfhxa-yBcYHg;+Mbyr2SGZRjoSjPX%=%Ia8w8-EvEEf?Vq5jW*Vx57PCUIB^L7v;?GPp0=a=h%a(67yZK*=
zk&W!yEG7z_)BNB3v&CTol8sf2zh9Tf7AZ>Jso)6)_5)hRZu{Y;r>56m7Za14!0>1R619KPXnh^DcOa;Dk{mCs(
zM_HP5v{Fpt{-pA=uwek_CMF$^&1aLCbaa8rsAqQE==X*3On*{)D+UF&D@4*U^IK)4
zV>nnXoJhKKd~hoJvaYuy9VZig3F%muL-!>eml1c7bbQF@BxWxAl#ZJaFu6P|j02A8
z7QAwC+bM3uzhNUw-C6wJzMEG#DIu~%NIgAt|kj!wv>|KN(b^G;V#$Q
zl$W!)CT#nEIg0}+s{N{e%<*Ax3RUkSPlyZodYgHhN=IoB{_V};P_c;^#J(f<5M@(r
zuEm~?2Pmh&&lsCojx!Lk9jv`kJ^_|XCozvID(2~e?sa(U7%=-7GhkReqRz(k
zl($BXs%X7QbXR##a3>XO&dr#q9mRDn?+LCri4#b1D*ppUpyX+a)Aa*S;~)??ph-c)
zK5Gg>jIq=Gz-P|$`A!fG%xy?}ty=ja#1Iij+ac~_n4=YrMup&GFfbUC4B$li;GKGS
zM!Ngj9A|x!ri9;@<9EbmzdnlP4EdJK@z~pbnz;$LaVt2z!lDsB@|4jCrd)A=tAjjD
zj<|jg+}&nsXxI5#%KX9LJBHmwCA=oqv4%=qAQHvtPEht
z9`w?~AqVL^dUPIqjijZ_<5Y;a4{u!@32)H_iw^b9ry&w}yV&*PQc8G%8Vm3G=oN7F
z_1#2)>t(V~4!9*eqTSzylM%ran+qxxgZVIJ+C*D)Qa8&BbSZw(V8nP{AC2LZ_)!BW
zoQXKd1-gPH_^`LoT9DC1CnzK;l}>v?=^Q{g5~br}ydgeKar&O
zvlE^XY*<%7H
zB9##Fx79HLI_g44hM|kWj`R&9x$UBPisW`3DP5+_N7+U15Z_`@jo#xr#mSG15R-Cm
zz5JP1hd(Z>>%k8eI`+~&#_Z+ZWW3N`-b3FD!=FzXO!H`uqYjKb+DeADc?qI)sOE1X
zzWK{$=tUFVhJrtby6S#Gq94uD_yv^U=D;0F0hy-s?OWP`L
zLSDZt5R+0yt>SDW+Tt32RfK+wTW5(0mp8HbclR57%?jenLNNW$
zHxC9f;eVL!-xu1W9U45yK2+}Km~Q_;`^7F%yeHH`E^|jdb8RlOFrT>tH?oe+EIj+@
zJd_#aU!hz0ePnJj3k#EQI65<5-%UP`u+fGapgTV_B9LQ*q;rQK>Sy)-R
z0i$s7ChYw{^q%bIP0=S*b~-?`O<`MP-8=>LxJZ@m9C!%7G;>%Zm=ed4)%-;8qC|UZ9
z)Q94O^#BD>g<`I!A&2Jc!Mc#SjRUtGZB?WLU!IG{NC&PZr7_>74!vShp6^2aXX1rw
z5!8Dt@F&69vcTaeK2{Q5_cLAlspk*Y0O3dXz?0)VFJ)FJP4S&HGb%v6YGGJssOHA3
z2@mXLU>YpgPXpOPdsm5B1ws4=6VSa06BUuZ+MQ-0uPZgWzSByM%rUrbkg1ECcD$+?
zPS8XPhaSypstOBsMNyTjw0M@~UdPXfmWj2XtuV6lYql^Eb-}EIN>@jmM)|Ip^*hz-
zYLSY;GjybF#bQwLT>^wl@DNym1EPYr1X8TGQg^{)451Z*gm!S!B{IBH$(?%!TWivp@s8Iu$$YVg<&L_Q#;%N9cE+pbhz__#w7Qmo*$Wop2K}w;eqaOvm1;K-QV!C;tU3LER1+fPy;GyI4$0o-hz
z9ounnoq5Ym&X?lFOp{a?60vYjyL590j~Rm7a`nse6!IlwFZ+|m&GXF%Hu>52~-=WNGM)1CxX`IOrQfFxC2VBvpD1G0~
z=97->;$Uwd(I*2EAGU1_Z0Goh-s^t}+q$J6#DJQrusTeThPNefT#3yXY&Uu2@_Bg2>?V5TJs>LG
zat{tXs>%-RF&(!?b5*wG^mh7)GOByY6hnWxeH>mQ5*E({KSZXjbRc#20eG>}3!}Dy
ziuNyzx;9F^o=;a%zcc3F4F%aEN*
zd~4}bQR&Sn1teY~W(Ou{30>@la(b)tsq1qOolL8hyZ1Q!iQyy*4@L@$!C;61Y`WCV
z&tu(ep`e8_?QbK)#+cUD-w(N#xjrx>N?U|83+sJTaxyYG#>>IQz7Eh`P0>r
z)`PKH4Jar=;jkfZTA5U@UGOZQ*Usuzu&95fucSO>im>BaFkF2IA^m9V*6=HFJ&$TSaa}c__;N+?qPBQ
zPxPpcu9+u7hx#OLOSIT
zGkCg1y4vyLG4|)!OSaF?W6fO0;;sRe9hGf4=0aJm=Ha%=j+USyCq3bt#d9i4f6V58
zN!zJyz||&=`ThZzs4PXuE}6Cq>|-%l|3KnEXDMe0=D>ZdWVVzuJ;wKQnCj@()PY6o
zgvkbnBOy>7gs$Ms+^_`gVfP|wXtA|ZAK0RjAhxC=c94m6!)yqYglUK7HT31N<|Sx1
zKb*qw2t7=w>^T+wPw?wQ(Gl(!9HMA?&Y&qtF92f`pm#bD^OiJc_@=F>)mS?-Alf{NKg_e#$1QI`)J8kCmQ{
zQYSm2FddAZotNPd+h7RO)#otFG103Eu3(1fvZWLsCsRsYnuT8Kv@r@-@FwIk54uKK
z6Xxv%xL#d_E?}h#=*A?(yp08-5bE&?Lz&l5$;?&c8;6h0Jct8^D8ps;Fd(M9n^`Xg
z{lb)+fDse$zQFm!?|zFS2WJN$rqGBf06zcPRQ1~c4;K)iE&=}d^N1t{L*|)IC*3hl
zC;C|Y1z2z-!{0(~l-D@#cd}INK~sE4U^wys%~|{o*zFDQFXYHk^Ttvv1~yRCd=DC1
z$`U2FoFF|0r5(dQ2Q+VG`y9-Sr`{%tF$Bwp%U%c!X+Zi79G&i+$i{>t<|AGQ3G#fz
zNft+ta4761@1kkr;~HEE4L1N146gKG|)N5eHx*r$yM87=*
z_qFAE#&29^@iiTd>5ub`m{K_eAEx6sY{=4Sqwc5%;L9?
z)K8C*24z_FXtCm+58erFrif$QS`2!>1GF4ghE+=^kyROrGjH3Qo4Fj>fe&l8ZCZ}Z
zWTsd0d+Xsj(}SOx-m^UB(2qKnZ@4q&0t0Z~5IO%}+JLJFiNpVW_Y1-4fpQ7hLlXeA
zFs;uQ{M5lpfReWUbaoMRuNGJ|5|Xw+A~`qni(GRrz9CWByys;zd+Am*@A@z(4d0?_
z_<92>i2G4u#WpC6#bdr|ZF!3&_o^?})$*4?TtpAH--p@DBMc3KpMqe~DI}nw7tJE-XKP|ax(nT24^aUx~C4^Jnp(BOKg`-lcI4YPGhZdUEhSBzb9Ha7$Hlm@YrK4$j?
zv~OQypVruS`7kK{)bD$9vN2Xb$NyN^6rU{?>OQp5;HXi04>!9ahAusH)Y%TYDIw`Z*NM_-6gW;Wyoo$}3r>$<7cq&IQg5WH~jS>mj
zS6&fV)To8W0Wrk>=b@wK?7VNb$X;d0Gp@`}zVUJtNbGeqAah~wJ?*Gz>=_cggD
zL*Lm4WoLO6XW&i4x4?9gfuDkVQcfd)U%oongVa)Aw5qtImh69roH$b|UvV5bu3r_m
z+RI$GkW$-lb0eJe@}<{+Gn~>$+w|yt>HwYoRl3{|wZ&j_N#dkwI6FZ?qIKT@d-j3J
z$=~*6A=GP03-zgZ>`AziH7_Z{NMYM@K0zmEcNtw*5nix{F7Xfpi{tV1I>|+dj_vNsoP}J^|RQ+`qqc^O9kb>Ad3-n1INqMTlA&8+xpil4Ws7b
z+%5#u2j8Gsisx@EW{q^5H5PTu?`23Y^reXbG5BFLL7_6Y%Ju5q*+t|<9xF8j?#U=h
zC{;iZGq}N~veR=4t>*gnviYg-aU#Z%B(5WemS;ObcTyC8i@_A~Dn3_%51@b^I4`~D
zKR-td^(#`)RC$g8zpYX;3#WAvk!kCq$?XK+gg!%iri4L}aJTunk{t)#O#S_7GO?f`
zwWe3=U-U+6h5O_t!BgfgAav1K%{Tj#_Ob^NuRvM&+wumuv{R71_M6*`m>K6)IFpKT
zw9AI$XukhuajyhUlpY94ZBVd$2p+B$kzJh;wS^q2
z9*cZwvvfG(PonZ&j(83pWNf|-;LgsNM#31KBBV?_!f_KvUs&qfI5*{*&#H0{f
zkKteN+HL9hU0F(I@FKR2>12waXSzyv#UYUraG5i2XZ)lr2hzLBT%&qC?yI%*pb3sp
zwuz;F2u5`-$8e+gb{KRAUyKw8pAUt73*W4tuzAX57Lg%aX}psXO%#Wiz8Ndvgg$(f
zp=lfujcmVcT1ORUJf#kL9;Ff7@%R{KAdgRiPx*m+<8eHNQtPRp@?9vMnCqUHd)*vi
z*`5N-P?_JIbVi#@JyVOZK#ptQ)y{mSCt}+%d-Ncx_aJ$#0a1;lhu~(86i+9{mp8!&cl1W8<=LLX
zEuOHD_&tG|M-UCq*sY=&#JFWFQN(o|VX8$B_w~4>)phfQ#6v5UPL65_lalFwJd$s)
zK4_MrUqDt@YIr+pYWI^`z?sBnom?Nm8Z#g0wl^6x!M{h~SlSjP=8cST7}!_v8SP)V
zdwagZD!muH?Ni!={7Xo`x3jcyyIB+61lPerYn?}f-%|v2+rrhrQm`#EYO#~0#LO6A
z2DJ5;<(=IGH;bi3zD!r+k3W^&k`w@suPiAZ(Dh18S}Pt!M=ZG%{WCaR*lDm0=0@;4
zIh{wgV^t!)&4jZBWF!z^ag_-};CoK!Ox9G;eG^18I`MHhN#dU`w$_>I%q6uZZb2sc
zNUC}6jiT)yL-WJFg$~uN0B}O0&3ED}w1{!?iwBnBWTV$^14DrVv6P{+yIQ4CB+(B4
z8_d*^4x=u6F&8)`Vgzl???4Sg30R$`w*0zUqkfuhKq
zNW+0-LJ~UDIx+W}*_vGir_mLN$Fh6|^%=BqFdKTr3dGOBQ$`>zhG!FOgcTgn<~ZLn#B}j2h^(h+t^Kwq=s=S2
z_?-N%<;pG`Axjq!1U^7)VWC#u3Qes8E1WhPv7STIs1{w)T44Z*#_?o4X^p}8Y>MS?
zkG+HoO>7zXM%vi6cy3WoY{~H0
z_W>l=(yqX5zz_l0ohAwb*pw9ErVfyr%GDSH*hBFJ{ZA3@4$3)j8}H8*1+|WD=(Y_b
z%M^?L9yEN^m(`kp4*K2PsDNew30$ix<1{iC6^&7G<3w#TUcswoqdM_@PBrX-{ZeEx
zXrV7``+}}B=5->pcW^(X&vNr$CD#NHioqgvw#HyxBJ%di&6gles&l-UeMH|SL!Qq-
zAAinuA!S4t3NxWM4duoGXppQJED?L5&b&r;b`En8ouL++FsiGU-{48Pv02()5!xEG
zDF&Z_^)!EmM|)$)VW4$d#xUeeG`tvS{rXbtMKf`&Ej+y;rU2n4O`9N2;s_na(7@H;
zY4Tq$&{F=z5A$@uPvJeeIv}Qz&H@vp^`BiOjkJ1myEX22uIk)=yQe?5MEj&SsERJh
zXP<3K=1AkSODP%=pH(OM>|tq3pGNp>bBK3>&wjrZK#kjO!fW$2p*~Jk_Ms&9e@0W8
zpi7<6!Jz{Z=0gCuD><7=+i*r}!LTM~GzZd^I-|ICigBkR=~QvaY3gA>Xd;B$--PSt
zabq8P$B&*iE~9rYhn9%+4y{s5X9sP&kiPy}z(lWA+FHQL5V?gQ-U5i+e78#*0TecP
z<&BDphq3wmRq=;F!Fl>Ny6=vvPf_sxKX5^4>
zuotWi+~qU13gQF94Q7k<3NeojfP(|Kn;Uz&8ARj&LrbQ0gl#$8Z~2(CtUybEN@FMM
z4|kiEC4NI)u<)+&9nFAhkK+TLw_D19fAm{UP91PB(=wO>e^a-HZfS=;OFAH5!Y$zB
zgfG9K{Z-rp|A*CPw?oi{SY`321G5h}Dfeg5&bFD)P(s^u!8bBLTh(nM3DXF}yC#SO
zE_gtlg!!PFS-%D&b+DYp@Q(4P434c<>TrsDq6WoIt&u?0F64^joOStd({A
z+n9aY5&@ngzvwYVKf(p5bGk5QKvQMWShnY+pUiwLaM%MpKobeBo`ApNo6ULv8_<(<
zrQPn{kwrLZc$vB-UMla)aqOQL2KEP}{Z?e~)&1Q}ORM!3%YP-#}oftzIWRiGinMK{_>Rxob6f@k4zvO#9Qv*untxRP+3xx;j;8cZB
z$dnU_wtxfd=b+<&3!6+C`ew)D32
zyVwKFqa90LEwLH8j%%wUOJRO93!f8@}
zG06#!kH`14hhJm9^5!Ptun6lPZ-@e#W-oDD72L%kV`uLnob{MjKm&y~_>1$0qoiZb
zwTsW&!2S!mn)nJ;gde-slTn{PiDUq16A)*DV?!9_i!XV=V$K&%CIuBe
z-J*$N==qb1(uwGxjU!C1L48?)0@6lBSb@9gW9D|cYZf!ta9$#Aa0Mgmy+~bX>r9im
zd)RvmVPy9as?teN!QMV;V6G)#*324E27#N2){77rl6Mdb%98g#2>(L>`H>0`B}Cmw
z`Z|ibyU5|_C8Fp>C(s)5?|?CPWNC|59Px(GKb?N8Ahl{upOmdPoYmLbCLi5NY)THsAWDe
z>Twn|Ky2CJIP@Fo#^~#b?bcMp4-V4ax6Ev-kQG(bDh5x%ZNetER_?%%br@lV-PX0<
z$|6<@FnL+h6`A@Bp=(^Q=VV?5>VT7Mb`rr36s0b
z^d7^AD1rh!hN#=rqHZS9YClWoAg?yG1Q;U=_#!+c^eG)k(W9a{j{YWk)LjHdm&)ts
zshO!-6;AyPIK7+(tWRWhLZ3_XKqx5XRL_0yx4rp^w
ztO@E%J^SOgk$C`MRUlizVN(xN2)i6nkh-vFSqx@dL271$&ZZm?FCqLm>UPe%Wod&r
zoKc(u7}FvbH;OB>{Y5SZgU^Pn1u?1sUn4w?NWlN7-_ctT04M-|lhiCM(K(
zH5J7R)+&qvxdo=#X|Fc67l;In;O6AGYl8nXWs7$bJ{E&tt>Lxes2+7=>m(H6SfA|A
zON`~Qiq!`o#^BGRR?jh{H?W8mtbv7b$UN&8{;m=pT)vFh(PSgE%_>sQ#Iqr=ID
zohFedttiT&)T-jJ(LAv@k*7M*Gw`Q7xjE%;)p&0yiAaNAeG*fE)?)t51E@If3
zqG^^wEIqZC$lkv${+6G;zshU1n%VpMCmnq?ijmmLv-cUXj|qMCO)_y(Uww;SQ;NPi
zV*uZ)zA6lROw3V2VZBWzwF>K9cq6XDdbgTAgbM2_*#Hz*Sm$jn!;8YI7P$aj|LC`z
zEG^>-YcJC>Qdk%H%{EIN@GVvP{($@VE#EK!kGg(VL*8jx27@rsn8K=*4#(MRqOv}Kau2SgTbEQ>0LXP8{
zA~qMROHg{)z?gvF0nd)A=%>~HC&Kb@4eSUtbeIV(NdYIHA51&
z`qko#CanGkz(txAeMeG{Ol|`$X-h4MHL%?nx>}LieFtBpjxwIG@c}+3!t-&F`nReH
z;qVc5I`w|b#nLh^Qn#Cykw|q56+#*QN$P+zHkHZy1K#booRm7??xtmMC}cGzQqw{P
za7C&Y7*TRLKEO)Wz^-iw+azU-j$0aG?3z{5JxHv9-7*yYuhJUW0ElNKb+d#?;!?ME
zG*egViaSEGE{C^ZrS3XOmWtF}2+uqC##V$z*1$r~Ahf7aMC8RBkgq7>dyLb88Ppqc
zdiB;mJW-S2X}BYQ>1z|>v0;BB0F!lzW1vA_d1M6CQ!o;tDI&Xxx%VdK-U{{rsHM#a
zCF|v0;kzS&jEOlh?|0B;j+Q1O*lnaDwz`&J!Pj%+JL-ijJezi#J#cdqx>A6mV(=5m
z6EQU=k1x@C9{DKKVvIy_DE}HgQfJai2MrU^(hZ^!
z&0Ky<-8;7fmJ&)Smoqnnu=IcL+`9A)^8VhrukbFKrMSJGA>zD8#K*D|zH9_K6lw!4
z*gq(bMF+lqj8K>x^ie|
zq>JEI9TC%GPz1cWxgc>a3_c}V8KoW`nGpXoWhB`zRB4p^dUz!(R7)}VTOCmVE8EnD
zdaRGGah~e)FTn*21ottVE2dtW^iWIE+;c6ZX4V`cLERe{g5Sf_L#+Tk!bxDRMRua%
zxesVE9yDw#(ERE%fd+jDH251q^8*7-_vyMi*cEMy-+v%L2qz^z+qKB-1eYKlBtpTJ
z!Os{|s^fJYB{RM%W7I!Zn%oTvmb!)~4jz;yA81qW>6zM)roiw~AAcE_sq#6d&LlZKe;KaDCkkvLGYe)CW
zZ@)1M0+OzjMDjiAs3q3fzVj7`&ULmw+qSy_W%A}WVWMcA?W!-xA4zq;A7jfnMUzf*
z53zJA`~q~_D}L<&i@VA0+kL8i39kn|gIx2Q?yST8Bv1@Yyiow~6W@2Hzb10P&Qap0
z^&?q24n0tn7*ZtZP4wezK-ijA
zInvF`ARW=6tt@l$V;_hdl8Ohs6&
zV{RW3flp$o8IgrEb4UUE>&3J|L*`uBq!xehihqRvI{;?*c9Kg&YSWX^!F+U3Zb!uB
zyKzoP37CxmH?ucn?UrTk<|@V_u81BkKXf5=zW&Df35f{cnuZ%3iqJcAGIw7(^X>{c
z%Cd-jaTYXfX_##^`6FTRMWtK7D_qNKGx@RGKmBrrG@Oj8fVUV7)hMe2ZWI0wEACSz
zanBZb&9yHCVH7+u3b#=u+oi3U+NK!XLxZLpGcXwL+r&q16MH&_0dyoN(t17A?KQqO
z=B}*C`mh;3zQFSfB1=8*$SS5$7XVh!iAzxVZKfFPTaU^ihk!dAUbK8eW)TnG&FV*A
zgJ?kWPVfhis4FkH0lHPNXyt3J8uV5o?-m5J{1k&(jcJCYy8Da3)+&AItr*+}0aNM2
z0L37S3_??`$J=7GE2tUC;5nk_tm7my_y({a+%-Is!6l%Sk-^)jymUb)@kNJP!HTh8
z-$O;mzf0o1m+*~YcVja>dRazQ&9WRflT&BAk9%kR}zPj
zBAO|Wa1zP8i&Z5Bt&HkYR7wM;0zrqz4b2C02C+<-vr#Z65o}3+)j+j@gd+40(b+Qn
z*2g{Ku!@s-PNh1DBi#5Q;-j9B|5huaY7g0=o#;M=o(ZFbG7;6Mw2vkR+EcukFc{lG
z9)V~-qS_7XNVG_Nq^-`5WN^YD|$PO5thhfO1yGD6Mp@USN;OinDibX
zSB~Yv;LpP#`_)uXt!ubPre}tJehHQDUmFnM?;}J&OQv^3=_RyXss5ZE8^bWLvqX`^
zkCBggB@)eGe%T|{bT57?GE>Lk>HkJ9F8wbC72P0m@d39P^&uCpN$8@vfyY=kYI>hM
zCgfssvwOvtiySL^a`DM>0OHBTzwstrF8*4J)~h2IJ4^hXbbT&BhbxhbleqE8QU~{$
z%3~xK1LJaGeM~Y}YF^>KPcXgzQC{Jwl)S>Na6O_qS&J0e=p-LHa+;F_Xeg%_$YY9}
z-t!)%!{<$R=6-a3HoU671Tf0=ouYi!pIl#Z9!8$%A1Hr{y^%cMcyTbr-u#CP|K(se
zw)^#NN(atoLaLLv#0Kta=t+1uecdw@VH^&zqi}Tnz}-(VsK>RV3IDsyeu}5XZFgeV
zdaCq96yRmtZlK;xu@7e<|Le>%?yCp{j0C*3k3G?uuNj?LLe_x42ZAq2_(*$FEdq1p
za5Dwgo?(V~VRu4Me6HaP9qpcg=<`_qDi)QaZ!t!1N_K-mM5h_*b=6^ntxMfqiFA1E
zSdJPCRK>S&x_|SP7Mr5^y+w%e&qD?1$v>Bp9Mz7fu`^2x{Rplfj#1mXM3
z@WN+b(8V&`)FY;yV=v;^QF!(uEe%sV{||fb16Ng%KK>sJja*79D=XJ-t{EB`nU<*)
zniv@t`KQb*MM1$32rfpZhN3Qn7!|f=W>i*Y)|!!-sZp6&xkcp`+gh=$*+r?SwPH)S
z-}f_f&OPVcd(rmu`Tkz7@9*_mU)|pKo|$=O=9y=nnR(9PUR9f_VIOMub;0{sA(B6+
zu&C;66sI<`;ZBPP@k}x7l%38cM9BfCtsD~1H~rIH!1C#4atx;!v8Pz<$zjQ+*sv>x
zV~8zbYDXG6Jw9^X5DA$c?JN-U{t;$U9c6*|x0(*28>Q>nmpi%@JjKE<5LvGCq2;?B
zTVi@54zWIX(b{~G{^xqevBy_p#x%|SjN=^=Sz#d#3jI}aZ^_Z%aKjt4n#j6?KlmDP
zj`MiZ0cC!85cf@4o@eaftl=mp^AoX9$H}~dGT6X2>tAw)EDbuDuNIGQoy=`pmY!G#
zmyigHsnCGKYUkjdueQCmOqcm-Z&^X_Tq}3*kegn$kO-zTpLmIGfkjTdh`o2-eXev<
z#i#F+_*l@1QX7NrT`3d39kaez)*#ys$giBj``@eOjbGQ{28(ia>T)682X7SorxK~!
zrHpRD|9oLa@ype24!kwsy=s^A3L|q2S;<`~_?W%{%<>$V8OQjQfud
zmFvRMyTAK`UIfoYrTXPRxK;|Q#S_TBnW?*hh}v3=Tm9;t)AQBy7X;?RKK;elmFWj-
zm&l&IRQ_I}&eZ4*HWta{v)Ci*p!Fia
z`d17J+fm!vtl<#1ufO7iStdI==eZ)V^737o))p(+Ofk_~-)z}=So;$*Jb996RNuq?
zq>0fCGQxJ(E#|%a>k`k^;M{kLA&U8)veLQ
z`dHaT$NsN&(G7S2{C8j%ZEzTNRDYtXUdPY%>QgVHdZ4L%y2M|@
zoM1QC-rimQi*Vaaw}5p1o{CPWDKe~Hq}TecRytH$oadPl?KlqAIH&8E8{FmNzd%c-
zB9#M8X6dRBH91{#t!p9&do(21`VJ}YCA&-2wy)%4*zXgzv}#VJ=+Hg0bsp_v>%cYy
z%dML3&{nw>P&^NBuO7x?pHw`r#h8DV^u~Vpm(7(rqpIFsE`HdR%<(m%&S4@Ut}i42
z)c3DJt|Hi1Hj93$)pk4BCa;y4pSi2us2+-NE>{ih9RJi-+_f=#iYG(Va%ImGdo5zU
zidCKbpRZRBs{Md@cG#&OW1Pxv&s?vL;f$a=kJwum`^kGl=5b{pf~#g$5G`*
znH{#@Ye7r)(+r(i;_ah)9IjaH@a$FoAvO}eG!BoJlPOfUSCq55MeNdAG90#~-Fv8F
zzac;0YI&*Nn9IIGZ6rSCvW`}@w->G^&Tz!Nuxmj%)qT_ryKck=e1Li`#P$P?`?Vh!
zrn;&8z)0kwTf!+dF@e9)e+)+*vh!UPDWj-#GfdwB47v9s^FzM<+frAkyE7+!jcQ2X
zg!zK{D9aV%<;g$^`gE6Dl5WQr)}K_GuG18~SU$GnPlD&0@<)5riB0BPv$lOT-*06X
z>)Zg^lf>>`@M1rhb;;!r^vId#u=UDRYkebJ8;0<ssCAR
z6J;AtQDu0yurmy`UuQS$`8Qs-LhOd(X4KBS&-@ad3O=>m$1JvY@GmlY!8`cZSRBk9
zd{>FEg*mkZx%WptaIKV#V64@y{>yZ99%|NPyHCDJ@PGtp_}thm(uc^)p7jvG;enr{n(+l
zL>&Cg9SDrFOpm-c>t3o-{WIKBoS*t;C_d%)WJ#=7cOAmrL>2$z^
z|6mfkrz+#lexy|;{fq+;8h2HFer#Te(_feET+n`#PNiciLZW=}zQdvfcjr1v=Q4EX9;;NH
z`yBY*l5L9Fsy;M@xf0yD`{j6LX8Bm%fN*^4oHw*{8zqnK+#fmG_4J4m>(id>^Vd1S$;&g
zskUSSJ
z-}N+}+=(@k^7?j<3=4(iVSnEM?uV5oRyS_rgZ!v))$}g?607D!+wZ*tisr2{yvOnL
z)0tFv@L1lYNxkKxYnTnDxc7A%z9MvuxP!M(@A6%Z{3dbLY`geHR`CJt6@SVs-ak;~
zNmdzo6Sm4cU8ZZDa)%`bU}i~>%?IXU+lR|4m6-05M_c9hZ1sFg<%Xn)
z3;Js;(<)`u!+(w6=!PvP(iydTRpTd(Y6*i?OKb4lW!AX}m{
zUyG_=f94HZ_!{fM<>4UT_x&R0GPBU->anSIHJ}8ap>~9n=KdYq
zaNj*zYxN`|RkP`idMi-xPOt+KALX((>#dH0~=
zmZ&aEe?n=+zNq4sGrIio0Pjm{2t+LA4XW(;67tI;JIKU5}6WK$0f9l73mH
z6;dckSGbbCG?Q+Tq+XI#=1>Saul!MVQC$`_s=jN};PPcZD2;0q82G3uZmW@EjLz0
zgtKi*_)9ob%fiZ+tLErctVx{18t%7ku1+9v_weE`I&5907
zU-WwMx{QHqdFkjIt!@TtPqAQ!_{*DJ$HWA2^MS){@w|G29e?q>T^e;p!C9<~oB39N
zEuSjG8yL-Zny@l{$t7RBjG21oiN{#@T4wbvQgYO0M`C=hkY~nwN?=|jox#gi|
z(oRWw+m+PIOnO$5o_8fhn@JUt^nferP>EJYfg}~WlJ=TO6D8>uSJDnM=?Y02E=gKR
z=Dgy5=y$R@6!3@NN_lE(1s{w<){Y3=y=7PB1E-mF43U$T`1p=DvF4d;$HhCXi_!MQ
zv(-g&?O20j(~HE!A0@B3c5LGiqc2~{OwwzIJ(QC2iSJIi=WJQMbM4rm4t-(Pjv4aY
zqiw-0@2iiNtGxORbL|LJd#WyL7R;mS
zptZxANMqzYu08X)?2GI*!fNL*%7$Az`UG9K1V-2bKSpJ?z!aG__^xK!<`igEG>9;Q
z^Sage8tIE}q0IH9pta*f!h@DyS+GMqu5;~BG1HFQ%CQkUUPpMS-56a5eZFql9wjRY
z%}wQC6*fkvV|pFb>e6wDy9OFb{Hi8O1Z>c!iI$xSv4$&lXU2269ud?c59?ivigL<5
zO9{P+tnz`0Y$`?MEcU`IX*x-J@iSzFwR7IKMCW|*Q}eR^Iz@yk@3&hf1#NVmrWQ1<
zP+i`Z!6BT3$`lZMP$^q1SEUIPxf@&Da%`7B{>rlB+VHl}NXw-)NrRP3V~CVo-H{H9
zbo08>yvBoiQ*TMG`GmHWIuEd)`=zzIy!1mIZPlcVRQoo0+_cuWVmGoLb;}wcn=6;B
zo-*&l%GxYbUx{XY64#O_FXwf$LKYyJ6g<3|)EPsXChr20tG+w?6TeVA-TJ^J9eUviY%J^CBBy|JJ-lgjM
z^rB=b_7a-bWfNW|u|`|LNZH(m?ZtYBs00ypl@?_U;r5%&*)fg8K(A_j``GB0CN8Q?
zEF#?~ODr0axM<$!;(0~J{BBlFSitr;vv@CxmyItnCFoY=ZbhVYTMxLtI3E93oLCfb
z@LB7+h`GfS^BE_}#x-g&NBzQEwQ@H_jij&D&=7*Q`8@{sNkYQRZ(wP9eAWA=JQs)n$Vxz
zT3aFQy5UO^F5h2V6Zrb#M>t_6g&ngNafGJ*E>#f}rNAzm5@LxrOMq*_LNop`hBv55
zkLDYADK(k?s5iv~TVu#b7Bny-|Gn7VnH#rI%D
zMdRC~1(pSEu6sF1nLhrppB#&ZPTg*&7Kf%**{SKFsSEAYt3p%L?9@J?sUt~stVr5e
zzE`JKjt{lIpP0bRX=k9Qqi=zD+yy(tm$DGGyUx5L-lVMKn@e0P6T$-P#tPJBer7$W
z^<_xKIz2%?PcT2%CQKP6+9s(sAq{V%-tJ7uaIZEYk2t7R#lx!d-F%85@HCn9EFn@<
z$fA=#a-EsnBG%|$bk2D-ud;sR?^wjmqu(zLl{_
z|JmBKomr&TrWZN|txYA=ZLLjnr5$>0G7WUL%zNdkvAgntw_wDgmoKE_5><71q^o74
zU{1H+%W`T8iD3C^T*9JAcFXgABTlH)xupG$2M0oB{`j3O^KBH_c)43n`rcqUW5tDs
zwCy>EoCPB1C-+kJoS41Y_QzxxLL}VgkZ^@asJ54}l0eVYg4940T+5hu6lPL|1(i6K
zFmbLm<_(^|HH-HMR%narik|VicTnXpRb^t4jKSYk1c{YGq?8XFI#&-$9>+AJTh)l@$4BeR3k)a|n14*o@g;nw)QsopCgiy6ztR=p0Y
z3v1j`i%hA#2gzna#+
zsAB=^n)-%z=hEJw-9v?FVVpP=*F^c@pfoC20ZU(ztJ+qoI7m^Kx%7Cjj)z&~McO9i
zW91v+o%KDX*RCp6pKiZsU9~?F3(@tXKD8)z!0=c;S-FGd40?gp;UY^mzAdn;xmL9(
zIDZuR8$WWalhR+^4>eXTYRUyH;L|y}6RDi0LlscA*;c@#9GvKY5>l+fBp4pTui{`@
z(fAzZ5VYE6Qy^qryIM->V^$AZ5>#Y})S*+2(A3}Csb4Ztg39{EqwBIeLR0@?r#=;$
z`X;H)rm9g|{XsxrerS;jTj2Q6)Vv^pN^7GLcrZ7p*-7DY{y}n%49eLxO$eBjXG}(QsNt-U`OmmuD`kH#LB>bLkH1fFRjyNWS?`O#ReKEH%VClZZO2D&KdU71
z+1kYQ?0<~1@#|?-h3-U^_$&3ugSxM8^(}Lwd_&K(hPQ87BDtBZ#etphH`tBZ^9Fi$
zCe7lHRn3k0H!@=CD{})GW^!sNPFx>>upx=n{3Jb2L;u*2t)5QL>CvSLwZ5BlN0oY7
zwUe_(U&ivXja>3I$f%fY!hE)HP5N^+YOYP(
zpwyqZ0UhLDSIm!4dF4k|Wu(M0-)H9iJ$dE3nA}>wLyV-9gP)mS58v6iI|BEOBoI4JX2bp@fVR_FO3~~AjC`E6t2hsyU1~&MS6!T5@8ql
zSf)?V@n9;NH}8@=&j#^es3
z50NEg&_4A%nkWEC&1V1e+1wn|+SJD!D`6ChaYX~oM<1Y2+ju{`lLX+~#t%P(|R4qbkLv|wdST5~Jy$ezTOPK|-7CD|<8GP`fAivbNgPyJ26EkIO53Cn{FsVBCev&1nI&hY*tIfUHRz5rEkm=r}^sbIL$NF?tkDP
zvz61V$fYv8iT30gur8+s@S2hMUe3;ayPT9>Dz9D$MkZ0|Ww&Dk#0hjZpo|uch
zwv!hRJT_Nb!NZ(kXgSlg)_0Z!Tt&eI8l7Jr@+Z-YQoMd%Q1V_RSL{MhTefF#osLN*)na%bXAq>
zSf^wJx5{T*9Vd%T)1sT@h-2A|E~8pAOJIWc
z=c{V#pGAPywD-%9b^Ja%RpO^1`QZ-14dS%FP@?<
zTI#w>U39OLjupf9AC5n0ds(lIKE4X38(J1M2VDPM;^p{Un~-1z_rzf*ajC&vS&n;7
z=jgI2C8PMuwvv>LgZ(V+IRq_yQD>7uyI6#3#SQrfZ{2_YY(DYX;<)eB!c1*WDox?^
zD^FTm70D-aNB81PJ$iqaZH<-boes2yqT($Pr`DF4d#nrz8Fjwmh6uf|$vh-Wt#6Ka
zfg=fc1q}zuT=KjwqrN4%eBd3o>9(9Dr%@4W>eaO>{b!LxFKeBOB)%9NN$i_tM-qGR
z-W^Gdli6oS5>L+5En6;H3JGR>p>81SV8%x;NRC8h=PxrO8cW;}z$e&p>HtNJso2-W
z=Y_~DbI80KnT-i+>yj-GTTglaw8|+PzezZ2|sQ?
z!lrg3i4W3*|16St?_TT3%u`BCm`LIb_Nt8~
zk}3w_iX_f;xb7OVu{Z=Gi5pY}fjClWhVJ0$VLLd@(V81+4OOX#$PmV|(XS4F`ocuF
z)Qe52Z@wF@kDoc>%MlK#U%f_dD;US`DLt!51
zWKLVll4JGC%0b-A57F*NlKQk_jzGkJ{N)N@0NjIafY
ze++6&?;wF{=0qScB$jyiS$EYc=O+wpNG$O~$r&6=+!n6*3MpCBHnjE1q$FxDyKJ=q__s_D(*nL(r{1fm%m(*yY%*_a1niSKGpqzcq2L4hjkr|Bv$4XyG9Ijopf&T&+ED^=>2)%s3)#C|^;
z55cyiojBqIwZWI8kSmUOA0AM}5qs;Xqt)MMuooT1u&&f{ggAJeR4f65piK~&`2GvM
zp&^~EmbHtb!hlk$rAJDD?8REyW*sf&IQ2C119TohU)KD9LQf>c;X;jPuXRsDrQE}tMQFYB@dHlsL4M;~
z)+Xo7RYl&mi>wYU@@lvu586d;qX?aH1V1|Zen#D)C!P4T#?}t5hu4PPi9sJI+9X)2=F>&@B)d
z{95cqbyA=1^tR>tc1k;9pFysyMO3g(=Dk^iqb_N$-}}{I`i*7Sf&}Yg)K4+XWVa%q8MJOiJNM@TQHCq%
zml>_QL)JOv-@`8u<8U_0vj&Cgn)G>~hN-ui@|&gCC30SIgzCB}<0LTV4%MCgpxAtu
zMQ`Z2r9326sNKY0-?u_`+Cjc0Ueru`MW;DKb(_Qql}g0c6{>q}xtdk(P~AG&tE-Z*WHP&JCQU)oN6)7i-3}*0)toN+KV_RbqapUuHSF
zjk#ZR+wq0T5o|b8V)SJV^`(ckz7y23Rr!QiDe<{paR|;OIf8R3lx#51dRY&N%tT+=
z_`Rhmxk_YtN+GN>GhAb4NGh+8Ck08_Wu{zcr)<_KSb#b}o@S^Ydr5Zu3bg)emyW7k^fuv9=Wa#2#zIlU
zxnUAgB;kZG2}*H4uGVV7lQR6Zz9-e;Ru6-UPiUK3y;~W~prGd`Jpqf+PsO*et}ue?
zej5u)h*ARA*hyQ8lJz8(6Y;O(wY~iTD^kmoELGaCB*?K>Em1|H=5UK!x$GQN7G0@b
zf$RI4Hi?JQTMkS3m5=C>__HXIT9OvLp+;F({go_K(vsQ)`SSxqk_`Kvnyh#Wnku-)
zpA)O+osRaDelMC*6HB{>QOS^%~&uHv_7P$Pl);cvgReXx0
z%C{e;%88D^WxX8j%L9)+XouaWvMW{`hS*LUW&x3WMX2m5wJP2kUOhU=&G1
z4u}RyWu~K5wH*2M@O2B7b1UxA8PANu;r=)Vb3o2Q<>G>Cj-y257I!=|iH)hQuGY6#
zZra(VvHf~2EKzNHgH7Xoy-QVtSd3sx$P68dP@{GpCR))rhwXOI=4Ff&(96(iR2q~z
zz)t-)b3Q2bR6F(Wp{Xr@3P|1-n))fJ&X|Bw`b%pAMeYeL^0X~5D>St#!4LGuLUuQ&E|V=tpC{@|TG#$`W#m
zTRKSC!u8Z+7gU8G3wmhCd8`>oJ`<~(IE+BzbvnWcH{k49a7%c0(RwhUk0t
z5@TASHn6tvXT`ki%ZbTa$CX?T7c^~R+??(~8F#H%gmw?BSlxr1>nq`kRN6%{LyIg4
zS0vRgagUiO&)K7%(`p_0>ty!*!jc{Oe5U-6y7T!=w9E6>>^F}d
zIlZ%3dLJA)eL|gb?dLPcvMIsW1R|&TG~>5KPUY!PnqDs_T<7zd#j?Vv;Hi0%iO@%-
zc0;JMTp`pQ3#HMl&)62t3Jsh-p)xoFr;nix37ld<>IqHD0PmFTC8Ew|u353uGH27Q
z)a!MmXxxbMpp8%xuxm{XM6hn?|
z#Wg9?{5%FkPZPeIOyaW%QGo#K60xmPQHDN-YB$@=W-YALQWYEF6x;4OwBtQ$^i(a5
zcCJRER1)l3!`32=DNjkU8>PDXEbHD8W392$*@5DI)n-+KqpJTs<&qg|y%=}5x{r1A-|)GK9`xc&DzW35WuM{>y-YwgJa=0A?L%F4Z%80RYO
zsw)EFrX6(C480bcZaloY)oSx#3GJ3mLQwQIyUM)oh`x4~Lzg4^x>9_Nig&smlzgH{
zCXOrmiqB3|+ocl+(KVdA*}NH))M_Z)>!nA?Erq%Qap~ZD0tLYDEV4P~eUFE&=G0JJG$}Wo@*8W$S(RE8yCLEw@f;J~d
ztoAIc3F05V@YU)4pQ@{xNX5Z1K}vj7E(Sjca1R$v&0fdg1{KM&Q!gYnMCn^4OclBc
z2E1Kh0u|%Z%y?}}Ao!iFFRB|Y{s>?DVC|k9N!-6^O#Nn7_PX1;bq5k)d-Z
zx^ug7SkH8de`D;|$pG?xdyHuer8vpZ`iETYs{cq5>&s1v5~`CbE^$k=pZOFQNBSLV
z$Ja5|u7b<5@Q4G93aGR}mQ3@a6f+p0gO^wX=t%h5>l}BplKbzbwBAJB_%d%pp7Aut
zu;XJ%uAYi+q#07oER%KST^nz%^;si<5E@uXcNGfw?k1?}f7Rc`S;(|dT*}uI~OFuzn=kF`n
zot7*fC^fjmes1R5FWY|l*j6R^E)L1}u9j2&3yA0v3FcNhj%yUb}rOx5P2zIJU|*j)1Tmc
zmsGx7eNwbs@
zsA!uEis2QRlJ%U+b=J|yEZ!yxK5=&ETBYd|#RBb?m$|B`p=_gB&G+v1^rxEF8Yt|G
zlIdIeW|vJb$p|O&{jkZZ*3m^}%ViYJu9m5KZ@fWmCcp5Vlus#c4O^=IVX^d&)-pKz
z_4^`u|EYQ(h*7_*KU%umDj%8E{Ad_!WAr((G^op>Q(4#=qxqlZ9L%M58Mz$`LO{3E
zS+yG1Q8bW0kaUeC-5WM3o}`0QLyL5i>jULF_s6$4P*zr}{+068_WyKLub2N{uzBZ2
zrGT%3E-Fpbxi1D(vN`CwrJE|Qn;tKHBexq3wKGX?4hbPmV6VP5#Qku)8uj0-3h6&h
z%0UXt|7&W<$_GAb8frbWo69WMQbcWn5}%bzx`U@nGt573YDEdw`?KBBZZW0Z6DsXz
z{fJtPwC7zp4Vu#a?2x9P4-d4hyD4pGsI+Gs(&jm&r8=Z7CN|>e>3(zid@EZncTaD2
zNV~ux?PP~Ec|P1B?Kx9gRj9P%9n$`>(C+D557_S;aTgA0xu&!+q0(N{ab2ai2OQGw
zK$?4J(`C_6nKJ!Dr_9ZibDHOCG6)w-bM#vJJ6aQ%0(!t>!xcHkE>i#JkRm@W2vbX)
zoS1YiPlgtGBV3V3>>_!gMeYq(WTsu@iqImH!WFs1E)q=<-_z2!;J=Go(6md+I+sS8$TK#v5oNbcR;L8AYDqr0w7m~^}N*7O%Pv!b}@|<%0`h8#Z
zeeBAob8eMAe1)|?kbSlK$oGYa^^|JgQM))rs*>8v)Z3&XDxpj9tLoZvNp{HjPM1|T
zSj`4B%~Il$R15XZ6qTa9zy%MfMCFglm#aM1s;APs+^!bB5!5bAl4`YeFNq!gC%(^R
zw=KtLExAnhUAvecHcFcMHL26Y^ovywA{sALO)+!U`flSO%L%tqesmdq)cQt=OtbYp
z)WlSSAW46o$@as&mUyo|INUaGCEz#&IA_ELDY{2Z%7CPFB$=jrU_BPH_&z=_*dZ1X
zbniYUaPMBn8#qn|;w@e1qGQJ>`{qGp-xXp;MBd5=-ac4c(Va5u<*|wKfybGbX3v)9
z$UUk$GnBJWYk`lozRj7WN>cg2sb+zJwv1OU)nfaH$f$D2@R~9Lw*023R=1+Ul+aud
z+=^Qr68Z;ASYS(-Zc2DQL_&9mgysz0k3bu)uq9k-O2`V4@F{n&wPI?0&s!4IrU=y>
zKQGXWC{se;5D6{_Kgjn(|mHYBC@1gTB?x3}>7L8(3M)TcvJBkk1E(A51i
z0+MeFP2FXujt)&-XQy63s_z|Q7&te1=0sYkAK+WiBtIj-!xj_dohRNh{u2WLTRm^=T_xllc7W^2XT2RC9Es8zDMVafEa=;G09~e
z*bJ+0$Sf=>DRUB>_K$`*6moZLsaF`-cf$S1SwByvsNp2qukmO&B)V>N-gJ>
zh+6c+jAhC~13D=q#3jG{puT8cY2y}&c~P>~7w-@nDK;DI>s)^pu8Oph&Cy}KzVA{I
zJk{IdrMGJ(w&Py@O6MIeEodoAJp2de4}=D;{x0Y$8Go*`?aO))x3u68E~KT5uPr%L
z`Y}DYoazX-wUl;{>-O_M?H2e<{H~*bGeYgbmHPPI8btYc5V17zu)Jdt>c%gF=m_-X
zcSuP7u)_yalU1&i-_;EiNYD;ARat+yZcDZ;^1xl-yID_>ZLd<1v&VX^DeL(3CGAEyvI=!Uv6mS3
zaYu@9Y?!0-ZjYyGDRA8%WxcXG!D!PddsOAOE?VUGMOyyVW&ZIO4KR%9UB>O=LdQ$g
z`+l!?xxa>(bC*puEZECyoZk_sqgq|u?RLeWbdKd0yLv{BKx^bjp7^>7M}zD*RH^-A
znh)nlr@EoM2I
zx$Fbw=WET+waO)nZF0v&{phuF0~_S2ilEg>U>S%=e=pIUYb}0K%V;N?g2}U6bDq
zm9bGOspAPjMoUJAmu%jYhKAp!dd47*mfvg9p$UHHd5&w6IP8P&N9ax~MLTTB8ijyv
zMSZH0zu=#P)DVkES|)$G!S^BOiSlThxTG?JZ@TyPvC^)WRm8kUMb?e^(q87VimiL)
zC@Y0(ncIdTH3^)S9540XUCxueWrhQN)k=B~~v#
zLPp0?^|8;0=Jh(Ervx=9v;K>|O~P2QxbOh4V{FZphY47~=&P>~P{LN;V+wQq(&GSJ
zh;x35C&-|QYbjnu@fFUYk>5^}*iHE<-hM11Y*!3vW(unxt=DN{8JsC3Tba^yoqA8U
ztMv`N4cI@gM5HUzRQHQY)zjn@Av&ZlpNIJ)Nz~K;H^UWD*+;U~Q#z^V_p{NO{BUMN
zQiOm;EA8AXd!5=u_3*DRj~)`=y~QVeVp6!&WHI?}b!&th;1v*b0A;-7-z}
zm9ix38|UH^(M7Fqr@1988!e--%T!N=Sb`cL*#wS>Njh)*uB6w0>4*oivV10UUS~o3
zG3MLNVrsmv(V7>-MDqe_ONpuAjeX~_%OZJd-tkm?t?%g!q!!QHY!v)~tmgQ+r6`lg
zVOOFYyXr(lpc7&QG)Il`yQP5^VtD*Ev%cJmhWqZV2%M69Pbl>$Cs)G0*7paAZ@KS=
zV(xmj$cfroy<$Rl4bIJIVCQA|TC|-ZyL;2mbyx4j|HioIW{j%M%(W9Uv%O0|rkR?7
z@BwzRDw`(D!O~a1#YpSQ=r5(Sf
z>cKvIR}%lUe@(Su1|$D_*^5cO($AAizxLh!m;}Uq%AUoA*uSRQ?kaODR&WHh-_1mF
zuNJORskz0am!K7Fp#<^D_@jb$YcEnOq-=p$?`ZK6S~8HnIffvpsy`jEArH~XBedck
zI_VmHYv*FF)M4z%w7WVEz3n%uKipZ>yEv(W%}(`{TAE2_J!Z*b)|+F
zpDjPk*mOMcJlCFI&D4&vM#wm=(z~#hq`+V8++$rSt|^opbL`J4@_DBHIaWSTv_E4_
ze1C>^P|6DC}EtAYP&;J+I9
zuLl0Bf&XgYzZ&?j2L7vo|G#QLp4#&rqgy}BGdndaGtDz<>~+_A(sHI1%u3JpdS(^m
zdp%RrJ?WX=jPyKDYPKgeFE8~@PmX$@Gj(SAG_MpaNGBep{v{SpOHWTrPxIt^Q>WdQ
zoH;Ag>&eXa`egUT$A#?y;t>7^8CG>
z^zwGDOFh4=(e)iio@KmN{y*?qN1J|2J7&|?{bt@>P~QKR*Fwt8&JknE&&eJb2LY?_cxwj~}dYU-Jo@bdQv^v1=2P(;Sy)%
zdhhh4=TA$`P50!d-(HZOJuO|Dmha7@U&ip%v?HV%M&!0u|A8>CGlH(g2Yn7MGcqWB
zlKD9gmhi$zGQ}2Bvpo5kg`Q~{=nEH+m+!HhfybNU$xY46PxlmLXHLsWqdNt7kr}Dp
zbgpOW?ixC`j94nV5a%_ifReYRXG{61=`-j$mr=#Eoa{7DMrzh{PtJ677G9{*kCoJ}
z76*H#=M?05(lTdcdhG@){fmBoL-~yKLd(^2Q+K*IH8ZPUXJuUcFR{>@hau!-pMOV2rZ+u5m$_pauyXa5
z^UnCN)&J4^t^OZBX!Rd5d2wB<{}f&~@>1^fnu4x(2$RQIu3J!gKlAelIFVP-`oaDqE9VYt
zH8I4&PVD43sJsKyq0|z*{?~z)4VVi7nYTNeL)U$
z7g5%p%9ze9zk0fw-9}!z?88uiqZk{f%+#!rSvjfRd?QhIS)S>6IkVJ8jK$b`R
z(kQZ0t{otIh6^vkO0Hy0&<4g|WLp2s^h@l-;RTtZSTm2A9&e{R3L_*m{gRO^JUMxH
zy7O7}9f3tW*m^fFH80G3a!vl-t^Uvd^!4T|+e>G8k`50Zto9)chGpJk)q1V2#`YQP
z8HpXR+h$D@t5f!`2Sx9xJyQ#&PfyP?jCSP>%T7zlOP`)u7$n%7Ufvv5%gh;SZOK*n
zWVi4?koQ{~nwp=Vp6B(*M$IEeo~|t@xc&L*)_zU2U`;lCU}2gd;SSC$o(oL<8ZKpO
z?Kv)uyE8Xkc9Z{${UpZDDM+@H)7AL{Sx-LF=0Dzi{T`mjYaXvb=1b~xG{PL~ST&QJ
zqu;xaJKKD7^rigNoSZCY-ob-&a?{yj=Hv|xC&;6OQ?B1rw1e06yk_!R&1(s-;-~ei
zeYuxib|k^Cu5I(b#p`okKl8fenKu7fynZlW!Q+^kf2B4&8OA(3PG(+uzPTw?-8672
z>4qUAWNmEe!)$CMb81$)7{0c5`gHsHHvebOwfWn4o%MX1{{=o5^FCQzSibja4zxK1
zyrz5PZC+~jjC8|H8y_|?EvG>02q{Ees%`Bw2w7^+_soVi|L{Mz`Kx*L=KXG78+e7b
zM^)c$gB+>u7C91*)E>zu4Z8KkHvdmAwD~hOw)sEhwSdp*yhv(C4;K$G)#R=hd4Uuu
z%)cYmud>sCw_j@WZ>etczs+k1@0)nl@sjf4brPt>UB7fFkR+v#T))oV&+u%f&P{Fp
zTVHPT&*F6@pU>rWwDP+0e#VJ>zf;XCZT>yHB6&ZM*J-?tR(`sy!t{UKt8MOa+x)Na^1RmOU%_hfUd@~x+VAl7E3e&tBaYk;yB&If
zj?kLW{-D*Itl8;f(%D5w$iOv(I$B{3NmzY`lxKGy=Sj~_bGrNAActdSTC7zzPR`lw
zijX*p>_Lyxu30&=(?_e|&5`;Pyk5;n_v%8|67b27?GtD2v#dy|vnx0EGiI|fC%`Gj
znV!dRTc6o5v(uIx+vLn_+3+ak@xT9cU#-hEnES})D-5HEm-VmVb;GD(xB0~|!)Sot
zLHXD4re7hGtNhxNTS*t8Le&cf7TvZNctG(oYU`|
zv>C>=ggnH|jPtLyf*|K#n10@+{4)YqtP4l2N3St)9`WOGM2hk=XJoUlXYTef*osS=
zGT52eC&ea)qTLC(&dns=MITa-v%-#G1obiOzud~?z#)4|w$&)m75
zv$OkndiVCEP7@Oni}|&{@1HT-@4t}OLSCoxN;coi=l@%;x2UJHG1z19M|Ee+@%u03
zwV2ljyiU8z@4uhdXS|B$`u%s!Gww1xT@6YA6k=I=d{r)$2HSoIm
z7UO2)7H#{E^=hn_*hSin$}R^FR`#iu8s)FT?X8Vz860I*a{lCg_Btl-jGH}19I-#M
z8t1y`u7}_wYZ0+`J)EqK+abs28$cNvGU>u)Cl_?N--}eNQtV*82U|^LmI^$7kpZ
zuT$3f{TK0)1~}@M00NR_u>SMT{1!Qm&ggFFI|FQtrD^+bXF3$&37)j^lb~tdaiL?
zV7>ay>z5it{%6KH?sk9vF7R2e7yU14N68_}hqeAVjoO*XOphPQts8B0I#pl4*m+4c
z$;^MLb7Y+nBfCD^jKkE|-&x)nF^V|zm?3e!4P!?nEAW?x{YkuUKEKtU3*-B7uLE}G
zAwz>N!nl~HkTc*oSOOn}YvC7g7wk2!)gQ&QP2g`N;$g45Tm2K@23QEE7q$AUU>tu7
zvI|cAW2?UzZiO*@4dY9mgp7w{cj@*wSmb02E;Z-B#Bw)*Sglt(Csx9H9DtFbVFd$K9;V(!Zp!oA!V
ztb$|K(oVQ~9ql@wIrl96f%460g>WWZ0hhwf@Kab1H$K8jIT)U5auo>3ClfGh{;1pM+J;wysKe1`dbeN!NV|@e)j0l=C6Qxa05I9>*3mC+Wal>9au*{55Q*FITCsF
zt1pa)qhJc02`A9MQdkH-hAZGta5KE8W1GJLu7k!UhH-f(+6`C2WVjh-!Fsq9#vI$`
zUk@wb9=I1Cf+49|uQ3FPsf4;nT1h?ty#Y;LenX*TJs*b$gHB
zwfTp_%i$#WAzTFeMH3T%kHcNC4*Fo>@ooMn_BQKaEc`o6f>9?B3xe6O1TKPW;TpIL
z_U%Hv1Wt$1LkwdHjDtI13XG1S-7pST!ufDBdWm(a5kI(tKeMN
z`6TQD#=;sn4>rIGXz-;*8=wc)!2~$;Wb6uN!y;G(tKddh10%aq9*%^@<+LAq;8vIf
zV^5*qa3U;$OW|6$8t#J4&`E(}Z1vkJ+Fs3{GhN*BBEP-3$=db~`L4%XpxZg8gum&cSc`i6JF2DlU&S2J%fLf`Nym;g5qK;N*(K;|{P2(E!ia0grs_rdKjauoZ8OVAf=
zfXQ&&Ap9eoaVhf>&VkkNQ@97F45r>|n1|2fmbaP|$@H(Uc3!H?k@_`3<{3oe9BavetBzImS7kn0u
zfWN{Fn4F5<;Qeqtd1mEsV*xWoQ%DI5mZ!?AETyd5^d3K*TvyoGV_TbK-w&!ap%4=#mw
z!3}UX+yhU_NAIu~>^j{rZh`|~4jc#9Kreg;R>Ch~HH`359-a&j!6evq2KEmJzz5(s
zxCMIQZdeI_fz@zO0p;N+cnD5{T{EyhH~=nz@k~l1ulhq;dk&bOuqyF
zoQeM6P>@*+$2K&JZI00^eb6_1@37g>-7&D7`b2sH-1x$f8Fc)@S
zz&Z%G!WuYtA$9_{z^H8Oycj!!qhJ#B!VLI0EP-#pwXg~9g8dg!9u~r=9OfmAh20iY
zFPsQ-;XSYdu7?|-57xn6OK3MNg0nE3!#yR-k=9=hE;H5Ier&5!F{mjGUi`C{eZpT
z{cr?)52nE$_u{uWyFxHDc9>CsUN+tS-K3D_qSx$Rk9W)Bqk3bI`
z{viE;&##~!_$gcjJ3T}_FdpuJvmd4&_&AK3%{*PjxWoC6pntf(3jM*pYv>=$ewy|{
z&pPxDTh`;(?l6o~pF{6(0Gt3fJdgh5^9IHnu6cp+f)~GpKZL_KQLd2jgoEHaZ~|<8
znR0OE7UaWQw~_Bo`n{e0z~mb2310p>_5hc_4RG}i_H%G+Eqa)PzILGpm;e*txOXTA
z*TNFm{aySOoB(&jYS;{YFy=1Kue;F$Tn1BMhreKluo70n9q%z;Vf6dVSC|Wpx%iI{
z7%#XACc%{-Q4ZF_3fOfI?S;8;+&shh(zvETm^T+t?)~@7q-E}@Ql5bznk&+jCR4A2ZU=e%=R>8Pt%EO!C6y|jaOkm!wmCtY&EP_55#XLLdd&Uj+hieP5
zYgh;Oz&(uXA$Ul}`3L+F<90b505f1TdMJT$a4k%RyI>ad!KEg!W#5395%o-
zXcVIt=z&{d0{jwAfl-HOC+q{O;1E~?t6>A&2?@R#gMXwvoDCD;gK!Gm0~f)`KT$ut
z9qxt)U=utHqtXBDpJ_j=gvoFl%!2!2^b-2rLOSdZlVJ+Xf_ZQ$Tn*R58n_!az$V!F
z-<1C&=UNyCN5W)S0<+)?a4D>Z>tTmqC=dJpioW5kuxknZg@fP$I060w3*kMj*eP5K
zx5D?}UP*_CVSF3*S;~43hr+pV68sz%!QOuSCL9BIz&yAQ?toGE;0L(75eJ9EWVjM$
z!8*7U#zy%4>tP1m4d=rq*aoA^SYJ9&9zG9~;kPggo^%Z5VJut^N5S22CTxOpVDwV@
z2jk!&m<&5dQXbBMOJN0E51)d&CA}l%p$A5n+u*Y$Je+E1Rm%^;h)C=#2yI~D%f(Kyqz34rfdSMD22Nyyw
ztb~NfltC*
zxD{5wf5Q!MR5!{)FKmV-FlIS+0OR4cr=vHx8hYWkuo9-7f!<&ZY=ECb<3aoY^uR6M
z`E63T^Y?sfDBKGd!IeE|H{1_*!Fzi$-tbEp{U`P}f1qA?0H(kZy=XTa11sQMxB)JM
zb+8IH!;LUz1$sM&@rJ|UI5-}9;dWRF>tHo(gL~kB-q;Hq1G_$C7=MHV;0`zrc0HH!
zFsd*10#Acm;ni?2^uoii7emq<8
zuwncKj)0vnKyUEE{>&3N0~}Hs!VFjfAB1b+I=BngKp%`BguYkfhhaQSgDG$h%!Mmp
z1>6KTz+JEocDR)Bf`eepqu3vehaCo^Z}|+pa4oEadtf!3KLmZj_uyf8!cg>G#s1(j
z<`+B!r@+pa({C6Ht6--q&=>3lo8U|s{g`2V0OMh&1lkS9z+C8s6)Y^SUT_zj1fvtN6L=+D
z1y{kX@Oiiwb{fh2T7%x92hN5G@C`Tx`d|_CTt&a(wXg;*f(@_^8c!l8iSn>7On^h-
z6gV9g!4mWq^l_pV<9)?j3v+mV@6>wuqRA|DR2>72G_uk;SM>Q(*>N3QORJa4kFlcfr0lF<$U4
z81+2oRu~IEhDq>Sm;sH6l!r6mTDSu4g8za(=((Blf2Lj-3vYr+@Nt*{lP59H;C8qH
z?uB*mTi6Vz--6yY&<;2Vz6&S8s9WhbOoXf8M7R|e!o6@cJPe~JW2Y}*pD+Rb31-1f
za4CEju7{t&-SDI-_y-sZqc@@-7zek*WcV%2f}T{$!xWfO&9jLx7sgDbKX5o~h9xlO
zCG-#DVR9Pd4*R4t&)^(b1$V(3_}UEg2D@jVw@rreI*f;r*_4B?!a|tfr5v0JYvBFR
zcp3dc4?F}D;LHN-6TUNtae|}nVw_;7xr`I+UQ9dT{w3&nGk(4VJ;MWV0xT+}KDY(0
zfF<`(A3ULqeG2@1DSCQ^aazWFguCE4m~}7X15+v(ADHnc{D6FZ82!Qyk5Fz4`!E;>
z?}y3oTbKpAuSUOcE8GAps+bS3{xSObD(92O=_l;G277`hJc&KQPV3P>T(W_A1V?P7
z99#`s;33#;EB5jt{e&fO0*tMuz3|jc_$|2fW$XbSfK9O5X4<=rdSM)#36tScm<6}O
z^)TfX{0+Px9)fScuG`rsY{yT+s@KU6cfN_Af`?!=oVOFZg|F7K9=~Q7kM3ezu&Q2f`{O0*!6YxwQvBu_I>OKE`wh916%>)>ljzq>m%9?M?&Kb;xo_#m%#+M9!`Pp
zz#_O8R>9~!*e~o08(=at-eg^Z9+(Rg;C`3|JN}h+!(MPb91eHGG}r|1h0!~>?*rrD
zyD%9ZfLXBf$CQV?;CeV5?uJuf6PypD-!hDH7zZDP$#5IYf`5lg;WuzSG(Mp`d=NIt
zXa057Fe2uRF(L|MBF>CHHmV|mI=SARSMJus{`hNnb3)9>6S|G+^1C~tii|7H7~J=w
zUOlC#lpn#X@K~Ptf!05{K8aTq*X3TX^-pAac{SCy`cIXMi6_J?>2T%ookmkJA0@q#
z*O#Q93C^3WFX{b`P`;A%_#>1Tu@Q4plGTVE`|vGBgmI>G
z++^%JjA`|s*8$(}e}s*XspG`rV~#nygKCKA`7rhTj2=!Bfz~)&ZMU;KG6?vHIZ-9O|AZm
zBgywrP`+~_mB8-g+d;c#-qPy7$9w?*O11DIbaab(35DIj-{B
zU?sg5>A#T9R?;rt;qid{5u`7f(&`^bdu{n~O2NIjR874Pr?&ck=6&SJj(#u>9U5)D
z>?PmKsjdEg$cg;-!?r9LFOMECX-_rvo7Uco;{>*CViZ^ta`fijVWj(nn@&9;6HlW%G^^9@E$b>}-K=9obHWV|NaZpzDb
z=X1(SCf`rwJ4576bmWtM9B0e(lF#SmdpD$gw>$Dl`@Xi@w~Bn53iyr=kvGYm@0b;~
zydC6|?;oEndYK-SFT>VL6ZsbMwc5#&FC!@5X$)rC{`c=pYv}3+qK8y5sNI%<|
z?pQaLlD?bt(a!V^Ba{H?$9mF#Azj)Tkl*1wl`j40PCqx^-Rl3C_mR_A+IeK0cG>MX
zgq$fnyPe{ab5%f28geQ~A1>o~p+k&!o5KFUOHSm-P1hrI+-m
z``h=I`=lQan0|1rqrd3I=?AwWr&neBesC}8S){k;2M?28Px@$AKSu=m*}XI4^QZ8B
zP>nz7quNQAaa)g`myy1V{zU$3g*|SgmL5|adCXnMG9r?15BUzQHvQyaM}KA99Dee!
z$a~E6YZp55iM=@dWH0(9-^sR7{KlE?e8;S@{Yx_WHmxz`^>F8N%9HUL$KMbrKN;o7
zC+&0i$yMYV$=?_#KY5lTpR~{6CwGvq>ocaG?Cj3x^pj2GyPv;7P<~PZ%hoz0cHr=n
zT^Wal=S@F(YEV9hpKSUadu#qypglhs9Zd|Topc$exzw{`gXt&VbBw3-&*3M>A;TOsPky0T
z`9c4mZ2il)JN)2?$Ps;9Vy|Qu`$~*l>J0y4JXG>|nEMtDQAkK;kapZVO?!-xyj}t}{C%~@@j+ZHT9hzYH
zS?3q$UifQR)8XTHj~fLa1MW9BWD&zU?1a%jU8luybwYrr-WZwBkel<1$MuRt--1(_2QU9su36@KN$Q_j&O;z;hyty4U4I7h?qljAk^ZO*OkhMzIF
z=Ao`z;4=sQ#r9b4m@NZ;8{BWq)`I83{l;t?c*F1g$7DbFO%-_WI($SC+;2=qfG-92
z8C*I(WR~9})ac_63>0=x>dGLwges#o<
z1IbTA`Oxe|Zas5U9bvpb2R^glGfw(UG<5TiGIzH7#iV`j8-4t%CnXvbpkIQRu-4Bj`&
zezbr;1dc=AZG*9I*$UnSUT(}~`8@~Vbv;!1S!R4oEk?5Z5b##SKf&b2S~m$?e)rao
z&jH_Cq5X@&cY({fQXFSvp0t4X-i+%~li%phlUDGN;N|)+=gt`PUvin>(0%v2b;xm2
z+W^jd>fICb9)5m#7y-Tp+^?Tgz&BRl^T4-(`;Fr=@HfEy@~{?M{PD~7Tg^OJY9l|4
z_qKt{--g|4a@ogCZmz_knA6xp_FH4a;QhcaHDg$6(?-sPDEQ^zetn38PX<59EI-Sw
zKMDRlaJl{z$C_)89IFDxashaEd2ROby{-@X5v+Ev%{Cy;Ts$+FXU5^pgN!pAxo8C+
zE91Oo#F5v6C%JLD_QJI=z8`*LNt}e!VA4<24j;ey-4D5t+?n71T3C`ZbAInfoPOK<=XdYJu+I$cH@`=K-(G=F
z0bdO6H#g>i&jk4O
z-R?iXmLks3KXZOPXTnJc{yud@XncyyRSKsRx}h{xHSN?zV3PxGeA2zA4~w@RQB*YAF$6yf+VAwr{h^We&LqBm0ns&%pP}?`cS$
z1s?<+Gh^@|mpl(X6?~}4zvuQrU~uMu!_Cc+@eDHzKDz>sf+xWJau^4n27bI5e}-Fs
z@&NJEj9)UJjXm_PX!uiz@2qv-X>$AESu=McPAmK%t`DD;$~;wv6(4VMYn0PaATby9
zw4wYQybcA8dW`#(32;1j$CvFF!l!slSZcz_I%a`4f|qN9JV$Lq9g=U6=cp&|a$}$`
z!Hw=Yss(X|;I~Ko+S(5lOa*t^daDtKZAEdh7yo+(J_nn}x7wcy%9><*d-ug}nc=rh
z%B?k$j{tuXTwV_s`+KPx+c4gm0{#s6?IxGw!t=X~k%Uj}&M(^+m_F8RP7uk{;Maru
z&95wY19-foygDD(5*~W{6qf38gYzcX$)d)gHNSnsR2H(f8;-po50tB$IX0M?mXU$
zcC>*z^Z2iKxcw
zhL1Ck&oJ6+%;R~8^FDn1=D;%Wt>7z4+Ud^Ywct|<{_}Vncnf%?c`R_SulPs#Hpsq)
z!IywP?mZUncaMcJ@ag)g|8>T6@G5Y>b8I7c2)x`HC)=)Na14bzM%-VLZCnVR1NWOJtHIv@Kh7*~>|t*L-&Udg
zZt$((<{whQ!Ot&W3GlA}^zUy9
z{2*|@e97NE>K_ZWKT=90byk9N<(O>1m<<4T=FVTS8)n{T7;{JdF6c0;t?a#u%$5AT
z(EGs8FX^i~pe4_PzYOkoP8Jc|^MQ{u%Nx(NR7wje_?FkDA%uzX9&o
zzBS-)SBSp_{AF;z_U#4#EjTWZ-2Pwc&PVw>zP|_eTZ4y#%l?ls%j39~Pv4yWgYO2%
zGUvuOuGQy)?*sR{7g!1|>^9$f^flmP!2R;K1$-j7-|@5;JO++K*KHs7Wy5%@=SldT
z67ZPG$c=N{kATlT6?|kK;_z7mpRs0~@4Ick*`{4JP<*hr5$7L3L
zQkDNa%Y&Z*?w2Pq6nO&on`dG03oFErf{z9FYkwU48{mHPED3%Qc)4*3qt9vZ3&1Ol
z!+QAKR>4P(!%p}-10TO}sK!lDE4W`jh|AQj~l?JRj9uSd=j|d`K9>)d;>WiL%Q{!=jMMW__>H*Zl1~cQH_UGa(w)FJ-8fS
zKRyn89C#PA{xjYB8^DKx`?aqLJOb`_zGwzN0^IL7-T*!b+;9HwWc_~et8sxQ=a1j<
zQ4cQj<5zwh_^IF{%>EnKPz~T0fzLBJKc67;-vs^~c)4r#FnBZge(*}yiNg1*y95)cMQrl$loB}gZNjO<(+*<^&uU##``Fs}q`xST|d>**px+YG?^AB*pxflk26x{E;6a|08r~WXS90z|Gywdec
zBYa+|;3LPW89oL0`1NB0c=yi!dE5zJ4UWq}H;=~W(5jY!0W;L
zBYbh3jJ^E^@Il~yd2Ryl4}OGM-uQe%Gx*oR{pQIA@E+iP{o4sX5ZteS)uZrvo(kpb
z!H0qS^=};bNN~UQHGoIJ2bujd_NKck5=H-qp_xg
z`;AXM_<#z09JtJ1x&DXIr3UaiaKE)k`YeRc)CxZGILN@K89tZcb#b0q?z7t*_}{><
zFX8F~KeBuQd{h_z@?Fosek{0O`3U${aKGa)1}+ZrT!-VnQEpwx`V-&-!OP`I@)UR<
zaKCw+0Y4GkZyx8skEu|;06r4jZ=Ad0hJGmcWoS#e{6@fU1oz8N3_J&p>E@Q_=jy_E
zD*^rq`0*y^eYbo|=3p^=>Koh2K1Y+h1^gKB8d*S}6Gpk$+O6ORgZu40>;Vr~;B{wW
ztpfKu=L`WK2<~_NH3|GkaKE)|4*8{K`;E^OF9x5E^5t^W4`o7V|8~s5&*bZWVWf=T
z_ptt^@*w>N!tZJ1`gZ~NePH;>&tzuZ=My1JX8AXAoH5t2jPDKf1Ah?wFxg(sjkS3U
z_pgxyQ-1O|Sc`TotZQq>C5~IC@oaP(_$u(LO>U`!O_tvez7O0l
zuf6e5K=J`*d1H@o1bFBW|Kn^5csFpr`18p9;x7a5jq(^iw|~ao*;???75Fyr2A}rH
z@tA=AUk`o_UWdXs8ueNt_xX&y`+jHRISc$one8w>D?A4LUGQ?ptIYFs@K3<~=656b
z9`F%neB*v;C3x5F<#`xo>d?=D;FsfdXnNf3hjVX=wGQtOhtK!4&xHT%BimU!9(!c)
z>4n$DTo`*O@^Ae#gO|I8k@=M4^*s1%@;H!x&_d@^t~bxS>&+a*xv;1IdLjRIko=og
zh~UPs)Pf`1DgUO>a`4wm_`2fpEdSQf*hAaOK7W?w_kd3a$6@BiH-1;B?i_sQ0^INX
zF$Db6Tm0`ECxOpJ`J5Twdac;LIpFoZ+S=!ra5b@I`xb-W2kv)%X#sDnz+1s@0{1(|
z?*X3;?stBx!zN-B{qs9+ha7-Us=&kO-yHC+sDGc?e|gO9cGtG0@c95f*tT-Vh@Tyo
zIa&iQ4r}xMT=y36?%>1C^2X;@_JR+pzxDPXjNxuQNV(J{f$G
z4-X^cT=18{r<(C)4%E*!IoCnU;Ikh-QPanGwz?L)cW?hbZUf&kul)L5kC^grXVsy6
ztA*qB$|-I?&$%ynZ)l-?M^!LuVMt`Y>(9lpjacR8L>PP=__982?Za^F7ms^+{yWAv
z|DnFj5qt*N%cxKGo1e9jbuC6L`8VXA!0TcxYiaTLX#rmW?sxpQf^Psn)GTl0br1N<
z;1`+PI@gIG#(Q<&#CZ?=O5~+jzwFB;G8^g|RsQ|1(MS2O0rKy9om+v+zxQ=9_%UW1
zcugeRApZ{7bnr91Z5ZaZVJ&>-f4zJgrMEupfTw#<#T}F8!YO_|+;uSzjyaYxxHLwgg_g<9vQ`ocDki
zz>hZhRHOgM_g?Tina?{s^#tAHX~ZP?o7ebTC1xB;eGwy!_oe{!jJ362YjQcZ#=e*Q
zJAMuD8DaYH+E>Pqf8VbW{M#m%F^p%Y>*2E&K0{0&^)m|2yx#$y10Q4Zn^k{hzCst^
znh^X_lNGT
zl5I&LmN>usTnPhZ!0W*;!|USM%DT8GF6UD}^tS;%&UN@+oaKD3!}lXr^#z_-+)I;j
zW+Bc5@HW}z-y3mcn+tB6$6SbYkpZ?4F}*m
z$p^rd;MOJn`N@E{p}b%Ia^U-XxV+|#qW_^ZN!eA9;*lmuYS7Kg8?MhgdYt
zd_3&tqZ<8K2*2l~-y0skA1XhY4|&-*=^FoaLtxRV#KQ;R(F5@K0eG?km-&$6H5vVM
zez#!{PRvF=g2UAsEd6?-pVwc8xhU7CcMLyy4KzxvPhlAk^`&RDwf_XK%~<@YC+B=w
zHwDjnuJC`xFa$gd-VbxO7$bO?(-@iaN#Ok&a6eJPmlydQ@YUaKYY&>-+E<)oi^1aw
z|9z+yaQQbw`0=}t2`Bw0C;MbOvpIOZB9`J5BCQdcEvA0o&
zO^HE1$4nSy8j(NAPs8ibGq{M?bJFzE=RU(nu4~2~ZW47p4L`qJq`@Bt
z_sc~V{PPOs^WZxxlo!}!96h`IJ&(+F7(5DI?mk`eDEQeGcpUr{94jZoxA^SDc&?iS
z-v*9l&*jE%gr&jja4gAO7t0%a&sp#jz;XDyoEL+#eR=S=(f>h`>v1x!zeOBA;C)PP
ze7+(KzP$pEf^P%&o9l6w_d6Do;JYf6PlN9UKSJQ2Zol#DDNF7*K6!9CKm543RETzP
zzxgL03w#1T+N>XQSPr2x{@`_$#vlA}aKE)A3Et1AytDpe{04zL_YD_fLr>>GUV|I=
z4I2<==(YZz1=e0Ew2ZApEKgi@`)w&wSdlSHK
z0+)Y3qNJU-tMio1R{}mC;5y!KzNNr-fcxbu1HKE~Z$9O~KL_`_{wRRg;yV9Ww58a_
zY3{k9>t#5Xf|r|bVHA<$B{{-~&^BzO>+!JE154?%5>ZmQ6Z
zrQq`KK>M|$8V!&fTLL09#i)Y=D%&B)t3|hCgyCbfLrlk>7<~Nl6$bwZ9G9O)U)5fz
zGylQ+U+-T&4n6|hS>KAea=%xS1fK&QHREG$%hQpJp9WtHeu&A9&pKwo7l7Yta{dOG
zET0G81@6~=frn;C-r(Q9F!;sbQ8T{Lz9{%j;QdT){MKC@{1$M(_9wyTfFEg=H=cc`
z!LJ7|HxFe0vgGBCNvHqdGf>`-iy4@!;NLatH@+(u22X=`H@UI*5(QrZo-nzk9*)cU
zWtagBp
z!s}4#EH{R6zRw_rbz@umFX2;cgY~S_kucuMfiDLyX#?h~HQHU{#y&pDmcS}yAv(SYa0H?>v#{iZm4;y3$$e=!NZ2E0Gw75jsF&U)D(AUl2&i&J6W8FH`-uY138(B{^4uC!L{ExGG^1)_1
zjPEy$1F!mi`JBr54d8nbzg#;dZvwYaewG=ZA3~748T?%Ek~|srBpbjdfgf#_=bo-C
zzY}~4c)9y-$*b{D;979pZn`<*!$`^N!B>M%DB))~lS<}!DaK(7_>*`YI_yk0hMap3
zxpOapIFoMi%ugO8VU$gQH-az6YjZwWDK|z7eA?jSw)a{pZoDTu-1zzs>k-3@#UJLGb%{_9C_Mhb|jp1DQtUw)o;a?nQdCJf%{!APXV6+Uhdp0kC{yvhYP`-J>?Fg
z-8{&3_E2|Ec_rdpc!z(k)`L$5_nVJ9z{i98U2}(UavTR%r%NA8c~|riEjU=M(t&wQ(G{{LE)LF2}k7d?NVuW*z!Egy*v`SPFh=_)RhW)OCn+
z)hqkc0-r7LDc2v#TfsN`@G$ru@K*43IKLP3Dd$|qy-(|zKu+fSKT94Ce(_!9=Y*_d
zGI$L9CA>E4Fn=#-9(;DeXM*WtsdGvg?=1uG-qhCq<6vow;A8Hwk%iA=_muzr0~sR^
z{s#Ciye_sw<#VeXU74@YHMqxE=%3Gi;ETZh&W&ThH-UFC>p0V$JJZ2m1oxZ2jo|CS
z{f^(2;Llg!>%p6Sco=Qk0sbg>$vu+Ff%AzdnS<)txNnBfL1rI#Z!dX0_y^#A$JjXV
z{{Y8jhMQ;OKB58q$b0?!*aTh&KFBO@>{B(fyx&^80em>h`yCTI!H0tT-RD+gv-BKr
zzcs2Jya7CBwvXom=lTaZUJAa)!hE`Hgqs6-Tz%j^GfyDS^pt;|Q{d-=4>s#Dt}`>>
zmxKGwr5t#oLi_^wcPhm1I!B0WD#VX~-wfW(Y@e}r9RvR!xL+O<;0wUZ~QPzx*UfO-Er89IQKv3-;bWxVUHfXTt8$zO{ix%
zxO47)<&@HTjB|G!aUNgdUr!P|1&%utHwO2|>+zNxujj$xhRV(4FW|MA7wcU&MpvAm-hhwanj8V&2Y!J!hVi@cli)LOssFvk9Pl&1{npdP
z;Pb%C&9N}*Z2`Xuykt*Fp0AB_{ucPGfREpCvKM@{PaSd|_Phb(3x0;DpYr4NvJFkh
z<;&n05&WJB?iBPqGoE!%L5wZ%InIn>+`G;L{{Z}8lN)_l2EG-%yUDrtBIjT&`j7*6
zK0o$@;cgq`TsQu1&kn@t`Dpn#vag}Jc;*W3w|4deudPsi47gRH{B&?pfj5G;JyL$W
zW&2iw7rz-;8BzFGs9uLR{-Ay{l8Ss)d5%WWSj6=3z4ER>?a`&=f@af>&z$>l0P4H>{fu{~$3(Gp1
z!CS${;B|4_(T3~Uh7I6*!Tsj=PVimelRf3lHM4dezI&MVUo!`S*Ms}*F--tJ9(;sZ
zhw(j@S>O{YlwSybKDgg{xEg#cxL*!7fzJf@8;9NCv%o8jL)Y))I`RqsafpCV2ls13
z47>?^n3)6P_cRmWKLG!h$&G!s6!;c!zj4ffZv?M2j;-)%gOA_2Zx49&it@)yZ?voK
z7CdtV_nYrSz%K^(+l!n89tR(8_R;w6#T@Xt;C|Qoi^1oEV`XsXy73&c1$-HJN&Adr
zr4@VwxZm--2YfsDQD%JgNWoci>Tsj3OcC)@|oo620NG7Cslkrzc()*F^Pb
z(HX~W;OByu>q8ht_Jc>kugB|Rd6@_PEvJ5XJAqs+g3mATI`rW2rGDyTbxvL5Zo?ke
z5B=v<1NhP4<=P_q(gc1e_z`$rY>V+Zhi34e;C{#42Jk-Merxki@UMgWjaT*U_+B}<
z-!WGYem1z@F*gqUI&i;Zt^s@jxZm2|1pa++zx{(|@K?e8^0xte4S2cx$}m#86MQFl
zrR#v&J8<9fl>fEHK=1+Jetnz(9tHPXS7w2a0rwlDh2RswPci2J=A*onm2+e@_zdv6
z01SP8e)(F2)
zGw(^CHvG!mlg1nI`)}~|8@D8Q6ujJ8D(fnsuJPcn%Ql@;rmkPet2p({U=w0}2;XnR
zF6PIY=s3vy>;~`mWB<>N)ZU3}N$`GVdE;6BK=2{phnU>>EW!lvW57$+H016kj^8Zs
z^T7S)_(JeU!ToZz8hjzR-?i>0@Mpm*&G7duJSJ*
z1Fr`6Tay#u0=!%w!$2wUPf&lQH93Snj6n=%O+E`VM;{Avo*HZNHpKdaPhE08><8Zf
z?zg7(z6-ek_si7?@K3;xL9AjMjNdhw0=^%7tjWJVn{XWl?l+brz;6LBH71_|2&p
zc%zpa*L?}_Cw$r+m{sJZjSGOPTXq^d2FOdd9!KaquI-%jI0QB?;aGyxiDIo(As-eiB|6
z+hOc&Wx@M^cQ?85`K&y69r$G?H-0ZkEX1=qaKB?P3_cSaSH5ojGu$~91;436`8fE(
z3gwgFub*1}nk9@X)8N4o<-f}=bG_*k1N5ey0`mYH?9Zo3_j2-Z#);+0p1IIl*x_H
zl!flYXSu-r#<(B&UaT)i$@2R5e~ix-jRF4`_~RxwzOO$Wd@hcs!6rBE=NrNQhW>Yz
zT=(C2p0E=99q^LtVq>3uJ@|OUFFDT|-!a$$o&Zmn@%b4=xqeQP`3Ikb>*~-sN4jmm
z+7}$Fo{3ApdGOnfx%?-*4h=5#v)*)%iAnckjr*zpd3g@_+u-Mxv`0NKmi5T-5*a+h
zlI{7AzNPK?(0xX~7IEJES@}I@8D}8+UHdG*OC|r1oX)LW(~a*^O@iOu@H@jseRmpu
z^1DNWZKq@MI2)M4Ui=H5eRAs=hs*kwA1waprpB%yHw)L7b&8mEWh6^(+Q|
z6x?qv8Vr
zfO^(?>Iroy=DiO6>GyhD`)`Br8)W2N&fj0UpOx5+`d)pbt^KC~1lMyR_>?oDWZr5Q
zVLv5T{<9R$_=7J1e+a(C^47v)UMGNyw>SZ6jlaj|dZpiu9>1I1W2yQ<
z+}r=5{CB`*eRC0K7WhiM4xL{b$6BJ=E^`z^oSpF7f!A)1-YJe%7I9W@#@v%*+S7<5
z=T4P7raR%c>`!g&JLQ-zF#P10Zgs~ri~6SgrLFyEC1cuL9Me4bNAG&RqiU%K_OiWV
zG4=}I^Z!0?7v
zu6mu&sS>72?b@;*4JyydxBRzY3nRe=YF4s(^JMRHlE|
zgq(PCEEb}^SNGsEQ)Yd^mf~2h2A}@9|FeTl;LE`;Fmuhn6)WTK25$wwyo9Tb9m#8#
z;Q0K)e=G-r*Mq0c@}99wBlj!e^O4N$U?V4TEc5PIZh+s+f8rWj`t|YnUEz*F8g;JO
zSNs)_(Pmb3k9opMR%6W5`r@rId`Be|UpH{a!
z>u{)(;fHwEW;d_m5%jZDyYIeq7`y-;m313qqxWE<;9YCmefJpR;C0}KnB|QU4IsQHuy0nH};_N;Pb$5HMwyOA|A!Hb%pq0@crO^?T>
zM`Lex1AH3cgOPT9jD5|W;J1TcWODxImuzSCV_56KCzo*bFiG-y@K3;_Cg(VW@!nG8
zxm%ZZ=b2vU<-^=I7|-=)A;v`boMy)0-iXZ4HpEDPJD(wZ(uje2%+CW!NVI_siuF@G%wmB=FG{>YoEX1l(`UU3`G}
zEsWpSY`^i{fmW9H?LYWXpY}QXKgdr#_;rXMI;)pEmgV+;9>?(qU!1{QKjXPw9Q+z^
zzg#B46BT$G{3>w2zGhkeShN0V?)sJozqvwuu^hkWT!DwdZ>Yed;Maru_MaSCbn|nb
z+rA`t#r}iK{`WD<8^?7Pd{zaX2cHRkkXc@RT*^5X#1Dk{7P#MB34@6LQtm_G_w?7Yv
zbin>aK-_Ps_q+6l4zzz25L*K3otg=U-xClkY4vz3um~sTXG8WQws<{cH`?M^TRDzA
z&)#1pF0ubwC2kM=2b|sy_IR{|ctqCN9O|*AgV-it{w>sFa|iK^ZQorjHrn={4q|21
z9q>k@YR4ioEgi*0FIm}+qBUr@R*O%A_OGhNiqMJx
z-g>yoZmSm0RoNd_i@Q76c<1#F_R}53t`7E+j^ZC3RXYzm89HvG^^h&T2-;tU#DgJw
zXGpflX+)O@^sEz>1;o$UkilC5Z{b4Yg`oYYE&dt=-WRmj*kZNp&aXoDW?SUt%TGi0
z9$P$Tf5#`zsn^@T2#F^H_AXnj4fJ~37K<%=g)M$&*$Zs(mSuku5}#W3){uBJXoKzy
z+ArGT525E#IkI!m=>D$<#MM1u?qJIXeG}ET2JEM+#NPt;k}A<=y$|PqgzVo|iKlEi
z9xvH)Kz7^Ds385vqr|#^{YXgsAz(L##Acb==Ysa8kk}ZsUkG7nhdb5vo@IX=6n6yd
ztwE6t+ABih;h=qQNHmexT;A^|0r9FHtWyzYe!y-Hh+p%qvwj<}|Ao{9WRCX*WR6po
z{rix3+mi3^w(K9-;`X4u$d>)ZJ0Aq?4{VVP*>BlmNyuJn%K=rnRI_qJK>UTl>)#4A
zqDKz|?MJHcCl&2R^fz=GCZ=s~suHi;_6t?w*(%kOnbYh&9mQ4lpF4^toQc^O>anOs
ztdV2(TBt{+M*K^@TwwQjqeiTg)8Kb@kKHx+Yhrkrs_LXokr^dd$i&#}-|Gl%A
z-${meqm%v9F5>T<>_@wZykYHYG)Q~mlOOSL3>w7ERt#YVaRT>
z#rvUAY9#*C(ec%+{-4h3>I>{C;yN{Eolm!~7T>fl6iuAqU5DhcD6S0JF9pRP<&a=t
z=Z&{NkSpw4RbnX);SS9l9t-AxQLGgf`AZXaP2SQKp@!JrNGJInq(BrQmk&zvF
zCC~%=z@NyMcUnE3v}OBn&{;ixZHv$4%e#X;{%ngivV*S&dwgljr4@e*DAePzD*WZn
zKdMFR8WsL`whsR{yBPlNs$%#bRTabkrm7hJy{cmP+d34(|Dc0dD;xi2sK-kkM4Np1
zfZgLAB-4ISos4>&iTAEN@r9uHIAHxCD1L1P?+S|Fb0~TZ0i8Pb7nax%u%EExBD~NN
z+hv!K5A(m;dR+BPvcE0nC{}an@rwd-oPgF>^rQ$ZdvmZt0rxUXWdRa
zdHFB5tK*sWRpKrg$SHS7pmwl*W}w0Tp19TRg_FB+r(+{3V80d!JYd;NEYa*%i9Y?i
z;^=(+*Wx*+99$XPU>jEkM~pH+pSV(bx4IP>*Uiv#v{
zOJ3@{YKb>w!5x7<56fl4Znwk_tq0X{eb_$(XW|PJmW_o2XL9Ef3s(v2LUWvmon_s{
zp+WQNPPdm@;(|V32E_MmThlDa7R$cdmRDkOdFrzj7idBI
zWm|kETX;{X&x2LsxsbeGX|yw?!9H|?z2yd5;RM6QoeuVn6YLc%elpm?P@lzEvqJWM
zTimIG4Z9Hy`C*_>DkOe~V?8Jyl?};QeUPLrmi@DkcwCl!F4*UGTfF0(r&ot=aPlyW
zo%*@cj>mBVmqnYcJ|Bfd&ayX$#LKeimS7)TdEq+ieq433Xm?zuVGlLX2a{#FWw%&j
zr!0%)cK@p+Uk3X8UXGmoOG|vL$?qlkFwo~$mcZfgBTKwP(&^Hf`6}@j3m1(tMBOFu
zySC3~&LsL%Ksr0`51a&@*#~`G6tMF_b-|74f{WAL0r~q;cjF2eXOiI4D$ljY!(Xl;
zGgSE#RC%Nw<&k#hf*s|N@IA6=DeKt)a{bSs{j^N5x-LKXbdU@Bye#L?s(@G=_@>jA
zBUG%Xowhs}6zgRGBxRFa%kb$Bbi=3Q2^YZg%0Bnna)tgZB%YTg-wfE#*lL-63a$97
zE$$E5Z`$I=Y{dyv;556>gSL1SSIHsqk}QOyw8fSe$+#9np}*VWp^*ItTl|!Tj!=bO
z!JNP~e^6|fg>YrPBPjmNHg<7buD;V5Mb$A?2v-v*w80WD%YEFXR-fB~V!x$2)>ocr
zzH_fUqyH;#%&MUHjb-EYJJu1u3W~qWDTChkSKUlG-P{{O2>UO#cqMq+Z*dt5${}OKZ`>a2U|eA9yrQ*zwf02EQY?|{%$IEGn)c9v;CZN=jc}g^YF*3EqkLp*hdKQMaW)Mg^PF_7ZH!x^5}oh
zjyXYPo4jXX=e?s)&$sQ%#Vx8nXRZ70(GOb~!tWJJO3#x2oO8tCfx1yBb>5h_1A%`8
zDNp8wOgnEDHQly5F1w+yD#pa-m?uiC!XV%
z44(eyP++(8d(Q6LihHi|e)k4XuTZT_hkGuUZTPR8kDY4;T+7IV`057(Kd}O@Sv7B2
z;ypJp?T;NAIOsd}jKG~Zhy!AonH0&sc0cZN0|6Z8F9yUWmpbK+w{HkM5U6=9Ab#Q!
zXBcbcK##P~6jPxkZO6U{F1YUxh#$!!$P?=Ki&Lp>m|$`$Pq5Dya@f6fG+OpkmiQH?
zZl`+#HlDuY!qM^U^rN7ShxYICIO}+UeS=7m4V!AegUj}Sy}F~g!?G856i-_A{%Y}9
z@C)lp7*(mj`yIt=9qiwA6n9o1gSWn@mOr?P1`L~SKMpfse}s(@EdCwE3zogEqj)O#
zOz>AV;(ZkTQH{8}+P=R=yjFb--ugvH7QJBDHA1dPUsU6q+5^k5Wk1wW{Mh;$)-}t1
zuA|szor(wQLHjN2tpvLZxlDcB5$ElvQ1ut~OMw+N;Tlt7sv}R74+UhF
zuuZVNMh@<8YmfxQF9huU@Url7jb%UD3FkRfwa>EGbP_)d4ij<>+T2Mz5wh>D6)#|y
zr4w$TQ7sPkAJvK$JB(fZDtl|KSXyQOrdDjJvKu>#kE-mCYsEtyuEp*1Bh~gJoyD(^
z8hI~WBk!vpt+Ai!EWW70^@z;Y2zfMKWUs0cGwp|})OxfrVE?H~UR7+U61Q0!(YFtS
zcB%u;oIUY#rMLvZ(I_uSWch>6wpRv3TuvotDaTt~Bj*T|embxuD1OSp?Gx!M#ASBI
z5;xhn?s_tSg$v8a8y2>L@X!IJI$n$$LEPOrMloM`Ctt6-`D%0Xwam@ei*CNQIQhEA
z$=By@zJBcHYnzj=*PMLKck=ZQCtq8gd_5-f_2U4H`8D=$I*VmBcBZrVrzc<7W}0cY
zxcS0{6Y_-(r`xPgkT2XH{>hLoKDzSd!dt97P5DBk~^7y=p?qw>2#-UH`U@~i|O>G
zZU3@XJXmEvRV#j9Wxro5KCH5HwIbEwj=(QEi_&cm7L*5?^WG7s
zmE3_?T7_LVZ0gEx`tB&4IS3Vw>Vb7}HeTF`9fhE1kx6_FI|?COsN&__*ii_{6$5(*
z*ipbHqkMTUb`(NbO>rKOHPp!)p{dqgxF-(u{x~4lPv`xEIx@e26oSzx}pl_9GsHA`u9}^zRJK?8Tcv#UuEE{41AS=uQKpe
z2ENL`R~h&!17Bs}f1H6hp2f+3!)kF8jDKO;(N6dh1O91sjIaLpRR+Gwz`r#E*qUzU}?Yz=Wmo6qsFNTYLc3wrl}cfmYSpHsRgPCs2SLm
z8m305QEH4DrzWULYKoesW~f0KepeCs)YMPp%W~n)9o?4)aYSvE;QzO(U
zHAan76VxO%MNLyP)GRee%~K0h(UJ92!_){hN{vzD)C4t2O;OX-3^hy5QS;OSRn)M4
zYM2_KMyWAsoSL8}sVQojnxST?IclC-po&hcpBkn{s8MQ+8mA_xNotCkre>&FYL1$x
z7O0|@^;5&t2sKKLQRCDEHAziT)6@(#OU+U9)B;s>X8qJKHA0P2W7Ie`K}}Lq)HF3i
z%~EsJJhea-U06RgOpQ>Z)EG5RO;D566g5rFP_xt=HBT*2#X+o}8m305QEH4DrzWUL
zYKoesW~f!*gP5o(kg
zqsFNTYLc3wrl}cfmYSpHsRgR&#`>vYYJ?i4#;9>>f|{hJsA+13nx*Ebd1`?w4rcw-
zFf~GrQe)IOH9<{MQ`9syL(Nii)I7C76?Lqi8m305QEH4DrzWULYKoesW~fZ)EG5RO;D56
z6g5rFP_xt=HBT*2#i6X98m305QEH4DrzWULYKoesW~fQu*sWEDtnxH1BDQcRUp=PN$YMxr4
ziaxBL8m305QEH4DrzWULYKoesW~fm)HpRkO;S_TG&MubQghTiwLlepSwA&QjZmZ17&T5!P?OXY
zHBHS>v(y|lPc2Zzk*uE@rbehyYK$7ECa6hjikhZos99=`nx_`1;waWn4O1i3C^bfn
zQxnuAHAPKRGt?|KN6k|URMC(1Q^V8Qu*sWEDtnxH1BDQcRUp=PN$YMxr4ih9;h4O1i3C^bfnQxnuAHAPKRGt?|K
zN6k|URB;UJr-rE!YLptI#;FNvlA5BXsTpdPnxp2a1*#ap`l(@Rgc_yBsBvn7nxv+v
zX=;X=rRJ!4YJn<_W&PAJHA0P2W7Ie`K}}Lq)HF3i%~EsJJhec@k435dKWdm7p+>1O
zYMh#&CaEcEnwp_zsX1z%TA+&KSU)vPjZmZ17&T5!P?OXYHBHS>v(y|lPc2ZzAl6R}
zQzO(UHAan76VxO%MNLyP)GRee%~K0haXjm%hN%&1lp3SPsR?S5nxdwu8ETfAqvojv
zs)(?DYM2_KMyWAsoSL8}sVQojnxST?IclC-po$Y%KQ&B^P@~isHBL=XlhhP7P0diV
z)EqTWEl|Z^)=v#nBh)B0MvYSw)Fd@UO;a<}EHy{XQwvmaBI~DysS#?F8l%Rk32Ks>
zqNb@CYL=R#=BWj$7{dCgVQPdLrN*dnYJ!@irl@IZhMJ}3sCjCEDo$ek)G#$djZ$OO
zI5j~{Qd874HABr(bJRSwKovt-KQ&B^P@~isHBL=XlhhP7P0diV)EqTWEl|ZU)=v#n
zBh)B0MvYSw)Fd@UO;a<}EHy{XQwvlvob^+~)Ce_7jZx#&1T{%bQPb26HA~G=^V9-W
zoXq;EVQPdLrN*dnYJ!@irl@IZhMJ}3sCjCEDo$bj)G#$djZ$OOI5j~{Qd874HABr(
zbJRSwKozI5erlK+p+>1OYMh#&CaEcEnwp_zsX1z%TA+#%te+aDMyOG0j2fpVs7Y#y
znx&FYL1$x7N}wr>!*gP5o(kgqsFNTYLc3wrl}cfmYSpHsRgPS
z&HAZfYJ?i4#;9>>f|{hJsA+13nx*Ebd1`?w&S3r2Ff~GrQe)IOH9<{MQ`9syL(Nii
z)I7C76=PUGHB60AqtqBRPEAmg)D$&M%}}${95qiZP{o<7pBkn{s8MQ+8mA_xNotCk
zre>&FYL1$x7N}w@>!*gP5o(kgqsFNTYLc3wrl}cfmYSpHsRgPyi}h2()Ce_7jZx#&
z1T{%bQPb26HA~G=^V9-WjAQ-OFf~GrQe)IOH9<{MQ`9syL(Nii)I7C76=$=4YM2_K
zMyWAsoSL8}sVQojnxST?IclC-po;OVpBkn{s8MQ+8mA_xNotCkre>&FYL1$x7O3JJ
z)=v#nBh)Ch`OMPKX`OY(8K;EnFPL`SRdcQjpFHTqL6PH57YywcdAc(?dh#Pdxx)GJO649SN6fQ52qcWeJ*Y17mo4XT-x|OCgeqa@$DTr4x91kx=QG~hv~Qz5DXii>N4vVOvUT|Zv~~N&d+eDWdx6JZ<*_$<>;6~+6xaQU(ANFgLR+`L=2+#g?Ne#%_BYVh
z?SF%|ZvPJ2db~peRXiTvVgYUZPKfjGRodGB1KRk>PUm00<5c-^v}e)Q{tIcJN4}l*
z(X^`usq+1351@So?M1ZpcxGt#C*Mq4{sOu4?|2o@`L%JpF_X3~-$eTYy8nr`UM~u?
zb^E(UR6K1*XwPE#WwiBpyy3CM397t~-;K7;$8_4G8Sg3Dy1rLw>-P2@tm5hVn`rC$
zU-a0!Y3usiXzTi8C#rb2vi=v^8&`t@9f`
zRr%}uPW0G~v~_-$(AMqQNn7W)VT6jO^E>)9W$XMTY3uwf8L7C=Pq)*Rt@ATEs%)K~
zw`uG8j~b=8&c}G#y1!}KqnOWkX?J4&KN_vdPb80?p=_PMIPHV
zXzTjc(7sIje^dGE@gGlH=QB+kzXs&|`y=f-+Pi75pnYFV#k+xa)p^S9#{T!5sO%Z!
zx6nR>_Jg!_{ASvEJlbgM@#u5Dil@ip^GV9q;}N|;*?K%$XzTHK?Lx(MKDW}2vpuI=
zq`1y!hPKY9Dmil0S(A8lQJHEo^0bsjrMTdya7rmfra
zna8gEj;c?u&u7!t$H%p_2eUm-(bn;81PRQc=k?+DtO
zUrbxizZ*S#smFevc3-w<3+*$Q-`U`1G_1#TdufJ<(FQtF%3Kef5?QOJmd+HiW>pPLQZqMbk_58h&
zwmyEEY3uvlwY2r|^tJD*_&jN?Vs-MZ2G+3cN8(`Rn%V
zr>)yR=zEHv#PPiBDrM{Abt`S1?|rm&zK36}{B^#^(boCR)7JT&l~DdVzbk3$_^;5`
z?fZVYGEV(zJCxo~5nxvH9B4@}W7(*7Xggt@Cl^b&BhJyh~f(uMfRm
zaeaKwr>*aA-k?2@Ls(u|${)nUer`MzNY3uvbH)-qjd-#0iuh;7-P0B8|hjvf)X9aDY&lcKOkso=t
zDzEJnZN2`jr9DIYFHrvadVUyf9sg|FSJJ1rJ|FN|7
z@jsKco-d1N>wG*xTes&q+B)7_9=kwW=XdD+s(zinb7|}2=X
z>G-p0>-II$K8fS~3)*`9c++7{h)vx0Xq&;8P;vD-ZUT_05K(evjPkG-3=KHq(F
zvGTv3?fngH&Fdd3<;!X7@!LULuh)?!rTG|5Tj%!%+B(1YdicwqG1e@^>&+Fsd@h1e2%zh;SQ2lZd7;tiOiJY)Rj9)16Hpyz4V(7%Qi-Ar3wZ!~-C
z13hosOn-em?V+vLmzvJ%H$wD$9zgq2*1wRp?*A`o>-B4=r+jsn(s=bAdmL?jex2>%
zi)hbg{h@uKwJ7d&?Fuc`Lw^<%WhZlJB>d7r=CO|I9Q$7t*Q<+^SvzUKXDU(4}%
zl(v3;w3)UZkI!lA^=in$D&9RT|0~)${#&$l{p0IO>z_hf^Ubu2^PBcDjDPqcs=T(x
z($?$g9NN14B9EP+t@HObZ9N`s9v<$l>eKy?($@9Q^w
z-ot6@_|s?~A5Z}n$-f_ofBJghK+o&e(f>kKT+|(^$`7SIp0>UoxR|#5D=_lku3pMt
z=d=2-()JFbt@C#=ZM~kSXzTW_rLFV1jrKHEofz3$#n<=i^J(ky&(hZA-=?jfm-IWl
zwEQgEx;-msU&Q+Md3dCcDnFULiFTCs2HJYP-A?;f@~KCt@;d(Wv~|2LVa0X4b7}Wu
z`PsB}`~yAjJkax(CdSkEL#t@({B5MI$A7EG-bMSnY~Q55s{Q)>Jd<{Ue5;2SJa*NQ
zs=Pj5&!ny6C28yHlaFXOG5+;Osq(#PFQTolC*P&5`y1+~{72D$EbU*?w!W^oEaX8KHrDymA^iJji;@j2d0iuT#rwN_F&d`
zpyz4t(qFfK4{cpvp8+cVEXG?vTemkuTi-8upZ9MeAI9Ujz5RCj^9XI
z$6rTV$IsE$@!LGS>+z~S-M?pO_hozEq^;w<>+w%URC&!8(bnhR9BrM?@CnLaukRPq
z*8Q15`{o`uMg_QuS%OH*MXYZ_(EM
zSw&mV-&Wds|9&TJU4PY36~CGJeTKG<*XFU$m46rq|E{P1dfHQHhleY!{T)I3CC1-JTOTiDM=1Xvb9_FQe>DyN^#1nfsIqsl{J>Gl*6kZl
zTOW@rX?LOjv$Sf<#eA4HP()bbD
z`god3dnnt#n6~ckv$Xa3-TVCUujG1u^&6w=)AL~t?LC&Npy4dVb$@Q4J(%_Xn6}Pe
ztH=L6kN+X#R6Ol}I&GcL^Jwe#-A7xuZ#!+>|GKkF+t-iw7i|Aw6BO6+kE5;Q&!nx7
z{|CNV>c5iqSoU`p?dxdAW6EEz7q`v-d7pTYLrNBb1o8))nE_2;zp{H>X!>et6}nD*5?-cuKp
z@~3F)`MTc2w|e+qkKO%36;HRnp0;l9G}?OpFZKAZqWuE5M
z_4W|jtH`(0{wD1~-%|cj+E>xmpBJe8c4>Xy=WUb7bv|d(*7<6py`AyB&(CH|QSr6E
z_xVdBxt`A(X-^22t>^EvwDo*%rLE`t`l+hC_V4-~WshO}NwoF&&7iI4
z^E%pkKJTQhufGn8t9W|9dID|DucfW$=X~0_{*APC`*+jU?ca83Y5VJ^m9~EtZGF5x
zNn0PU`)TX`b-7HH*ZrG8TlX(TTaU+P+B$znPFLmi_2@X-!3knWTbDnHw!Z(FL|e~?n`rC#{{(H_zc*>?@wcy3_380HkG3BF`Ly-%
z^9XHyePYd0<#qd(VofnZ=!u2?NN!+{!XH;=kG1FU#I`s*C_vQ(_Tq?AnhD&
zy}z-C_95gQXRGphzMV%~=l@08I{%w!>-D4CwW_?%|4p=Y{+H6$`Tw1V@20Kib7)R!
z|GU%H^LZg{J)h6KuGD`rZ9U&s($?*Hnf5X4|8Cm4KZCDV@pOB}(~i=A0d2kC^$u-)
zJomgomDlwRrLE(gOIznNPFv^iHQFbzzP+^d_?|yk#nz_4G#n%aTFE8!_Wpl`^jNuM9bd+eDWdx6LHet*pS{L1_Ntp`}YK0hAld4uokXn(wo?YoHizHqn7_hj17(AMMi5$);Z2igz+-|l};{JUz8J|CrM>;0$3g5r9;
zc#5`O5C6aZzR!R6`#NjbetkXu5p6wxYX717tL*`_b$>_D*6Z;skH2?6+PnYg-Je{*
z@;bk(J@x&c-k)6OsV_%cUoUv~7rgrk2iiaQ|J(O9{@?yS#@J8PeAMUH%W3QR+32xX
z(AM+GyZ`uqdcVrMAL6~g{=fb6@!rqBuV+5>{^Q4vp#PAolm~wDtL;-P6Cr_ms{b@ADz=
z{q+C#^P8u#KHZ*gcx>-}v-f`XK%b}dejYN;_zy83pVQXoPrhB0J@}-fx}&IG6BzqO
zK!pC%L5Qn9!`~FEDmpnYei68K&UA6Q_+qaRivx8>TjHp?z^HTZL5xAe=363M`;AUt
z9wx*Q1O6mLb?uTaZ==-757guTedSxV%d8jhB_4U--h}@wabiFOq)%X+{A`o*`GIv;
z(h|$??&?yXPVg27f4V#%YM-o;r9|Qw1Z{ZI68{fh*8yHd(Y0rG_ufge2@nzz2njKv
zg9M}_z4s=9AiY;9QUnwbP^xrMiXcszAfia`O+-Zm6%j!YL=Zp3hE)CEb7psLF5;i(
z**m-QzUR!$nX#-?f75F#R*mCkQBKPOPl?5COH>r-D|)yU#YR5<3G;<
zsu>O^&rAn=Rvky3tt=`Fs0lhNWhY6SS=||0sAowm&d79q_mp|Qf{g4
z^^oEo2+_8m1xj6$ax`rU(o=c!0Fw?eVvcu0OtYN5V8f(8UqS}+Nc9=kn#&{K^i3`L
zu8=mjhSQ}gy;X=RfV%+dMKGHoY1cv|T2`vaMp96cV*$h_Klk+=tBDj!=jz6o*_Jxi)OC#9f~q%e^<_w*xDmOhKjEtbj}
zFGUq#^>OG%Tnn`=QYxYIL@$+UY*{Hf0HcM^P$vr2ur_B(yBe_8TWAj}Einz$MgOLY
z;D|aPZIJ5lx5&%;U~KbQq6K4HrP__5U4Dl6Z+uLTs9JchR9Q-cK#yH_4S{p437^7d
zDImmRxG#VsR3x2c9-TGyTd7W?7t2bZHGc?|?WCzcOI5QIwDtsT?0--*XY+5Vmd8N#
z>)@_4eAD_eQ)4U@oNEcWAG8zU)J%Czwp7^&D7*s3eZw-1F|)!#mfGJ93gd9&%Y#E(
zpaE5?E=)~J#a@E0(g152LL8>3nbp*_RQqgD^E4QJ42vwCnbpuzjT69n5saCJMTvQ=
z;dM~uvn&<=9imo(vC(Jg`r%qS(yz2He1y!jwN+;<)DlO=M&jR{;^4B29KRB|
zbD3-*ayMHY`T+wiII;?UY7v=pW=~vZJMO4wpEvVkVm(WRe;sXg!hL2^|o@m
zdUyw5-3%W5@-^T)Z1vq)G}n=cpF$W<08Eb*nsvlhZ7}tcOTc(Lj3t6sv8g2b7>cnP
zgna-%^a;W~`4_MYw)(t-mxT+!ek7c$DENCX;I~mlZzB8m5g*}Z&VmR&g6UB7Keqay
z0F>ten9nB&yLdMUD@QfjXz~41RsmLva8{nre_bvOw`M5}M)c=&l9N8Dd
zVLn-p{yBaliKk1}3`rDpRA7O{M7ap;)g)m|BuaE1BBCofD)n`#weAD{Nw`+#G#H%WM?dGN
zMdLjA2EdwyC
z0K#@d(!&>%mN}|kU61qy2;Ui!9=@2g!BOr<9_cm+4mr8lwt8ebw;yFXG^<4>)?@|2Vtfm
z@ePu*ukFV4sR8vv5ziWHLEUcXne4{Qg#lH)tEc!2u)Ygp3Y$sm0;+vck8~S^NURow
z`j(#jYvz%FI`Vcnt*CdEC2YV&ljewTu^(J)!3HahDZ9aKx#dineqtRMc(%-k4RW^Paws^=N?AMoSh
zv&>|LOqON(>Yz$_)5}Z-s8#+=7dA8Z2GvD8J97(Y4c0T^%m?jpBB=iAGGdnEo8ffXOJ+$AP-^Kj?^NM#dO1bMb#vsykjRWBOQ7
z7e0jkU@7h^)$6Dy^8xrr|3k(zRQ3pUaGgiL1nS=pp+8uPh7qc9v?r4jqh?7Q4>Se+
zw8&4A+FGq5)YufS_zNB)6M7of>GX?G1+iShCffx5
zv4_Zno{6>0%Mm#i1wEN7;NLeghADZ}N$N)vv(F;b#8sM}5RZF3j!eTssI73lCk>@$
ze=MXR*q7;2YL-=B3N%2rb*qiEYllCsoq$;Qade=8I==jn>hZ}4464HN{xEjW0nT1zF|I?S*9T58Pis>R0zFEz^PV9hs7DwanY=c;*9uSd%FK{#SaMxA$qWu0%h>cBQn=l7sW
zxB+#E!s*<;yhg@?@3`uV2A0lDZU_}Hf@C=_GlyOE*Bp;j4TP446w;oFe!*3J`gwUD
z0P5ubpzD03rEJD}`!V$zmUCBvxdTU_-2bGYo36eenbllbFF(wfb`rxnBqkma;%l(~
z=Sxr?v;|7eNA-B3lpM{fL6iYPos%76eCk#bcb;`!5x@P*OT2D9KPbN<#3w2m&57qR~*i8f97zOo0vlU
zSKZPazUDUMaK77}Cn0p=A$9Hbkogr6UlBql9#Yw^*%_;7D9H^%=)^
zQa9S0@TfqwR@g^09GOS!rKX3u-+S)w%aYu;U2dshx^9@5UpV~G&03h`kGKUm{K&1#;Ze62habC>IsC+3%i*W)eh!bh
z=e+Pfho8C0SWAga`^>G#;c@qAFC4+)=k7c&+`{1r_bV^FgRp3tD--fy4pcNPS|&Ws
zCowXiEuZ9;S*R>U)AGnHWbC48X)+60xhSeK3z@fQS|OQ5ix-wzw0IGjg~U^XLoqp(
zZKIYxBE)#fR~@nxhL2k=K#VmG9E?%V<9w%Fo)ghsk`^OaiinqFHLMb+myTJSjzyXp
zIFCqg>XIWmuH-Q((woOz!)-&nE(uC+k?m_V=-(mtHx6qO6idd_n!~4`-ZHxFA}O+`
z36T>A!y@f|f9w}%68d*|zMC
z=)MF|iXPNOWy6pnUqtj&ACj+z@b2ovL2DIeD!s9f~i
zmHv|Ij;9`34_FHymz1p7C3E0ToIW$#V_Q=asAyPXc22F~LAt_cQjKk7jUQ4FD04-IE97Jn53NZE8
zNl==vLUe~@eK0a+o~&B}XW64-CP;QT=sA+W
zu2BOij%T1EbvBkDWpdA`mne?NSO=2tToWRH$(Ta#^+%?ybQ%3ZK^U9XuC1a{^}j8}
z7BHptDBuYEh=dY#F~`j((`aVr5V%lwA0({eQtcU~om5vzg2-B8q3kzASf#K(0clbD
zk1P;|$J29wRZ*&JaDveOhYZ5AkUalTRf>4>1X|c~^5?5kP)vQFB;si$!fJv28ug_h
ziT*w$iKsIXzZ9EDtj^dZ1LMVmG>1rZk~xu2(_r-8*sfwBMPOSWMq=X(!fu?Y7L(2z
z5+_F{5%I;yN+YEDx~#<(yhWrWs1ylvaVN3z%QPygL-FymDF)k9zQv*#MdU{vc-fx&
z86fOM8Mi}^XtfCyYC{A$O2{Dog9{Rk8oJd{er^^ZZi%aciVAT(e1@y
zC3gsiRop_wNWQ9@jl=5hBOG7DeU!tRZg~!CxwSZ~;V6T8*+JEVeb
zL`)GO9>*cCKu9*inMk1BawFA{5F&=-
zuv%eJN79)jj^4dixSZCTiv?=L*4zco0>Ddr36Y2PW)!Zg-WntY3CeBw*+XzUC=_{U
zQ%&K9>Ud|JjQkqVIRlTNJu`)ysv9sEr~Mb8`v#8aSeusyghRDob>nDDRDE-gC1S?Z
z5u!-bv|7lhlLJ#
z5*n?-+~K`I4!U=lNf1^q&cXs`LHPGVhv+`;4R5*pbQxLMy4IS~7ZkI0D(=Z=QpzCZ%z@}&V)HSjcoC&}yE
zfgcO>xPhl2AHyi#qZ+0@al14AL|omE#=wmG0}T(LK1U#83=!v$eBC1i9SAhTQm}j#
z(Qo>Y9(}dw!9d|Ez&8QgEUmGdm|CL&G&{yv-%(Xr)Yf+`XxCHX`+
zWUNBh+EMe0j)+bu?l-TPh{U%@ZR!^I$Fs#9kM4m9Yh_{!JI-~G)K@O45^>+pu|?b|
zzKCdi?QcuO6_>F)Yay3ULtA$o)F|$9Y+*ZD>x!Ie^$>hBE>=6)E&+7PnfeU*E9AMPSzrP7)$zT|CTPPG)}!
z16edAl5wzs#?i!%b4+J)7=A>`v_)XIl+i!^g5^UnTlnl30JAwmViYCmk~*hv@F#tP
zlZgx6IPV#JBJ}9~41==)QgM*dEaghXSomx>2cax{Z_iQ3;Qs2Dfh_g$<)ETuhQ=-(n4OmBdrzP11J^`Xt?S
zFbUs>2od+fVkm7`_G`Kj`(*x}5YO2o80C<*{jz3^6gdY5i>KiVbK?ydno4AJb5~Rl
zB4!U}%o(p1&Q%|3Zb41P>#;RK6MdfPJWyn8QKRt4Amy`&8jiy%+y%)#&)8n|SQ%i`
z5WUEU11sr>JUS#{8aU=M=B2?=D3k7Ln4~+rCR$45iSG#)etHY
zp)V)=z3Q72I)i8ixp8ow6Thk5~KwntTiOg6DQaDz-XBEQK|Cd6$L5xf%1t@(}Tqe
zRLdEarD{G|it40Y{s_izK1;HNG^@H)QE@&i2J^n0IJ6nqOuVHvqp4K8c6zLmAXGLa
z%9pUoL7dTAsLOyb0`{
zk>?$;87s?ddV&(89kCgBFn{7LydeRO%v%~$8XR8EXh&?us>i<%k!MJ?V>PB9;K*k9
zX+>nt8Si+_n1|=YB%Pof2y7VPTuhB)v-~dPjOAwndo3hSJ7P25ma57lUdi7DwmF2;
zj@XP%Qk@&^;m3h}6~bvpY{o9B{=wM5`fmWc8Nz8tY{p@!X7tr%l-bH)NW$UepLTp^
zd?wX}jrw6(mH<}P;5_%sSW$dn3$h$d(K5b}>Lh&d#F6ds)76k|nzm+~mZ}9tAI3)k
z8*lI&qo+Z>S7K8d3LJ{(J){{wNp+*0B^pyh-hkNcBthnrEx2(7F|W<&nX?^>5vawm
zmA+pNPwX;ce>GxlNQ^d#W+YlF>jt4!N5N&214ky+%z4C8EwBL5krK=RUV%7NyE=K^
z`jwGptHCpc_<}}`79eymin?|JXh+3;;gRZt@T4J83LdGbqvrnQRd|08Mi>%TpH8l-
zqjuEsGByW<<%Yx=qaVG`B?DV_d%Xv1Yy;zZr>Y5{V;KdECEn=w@H_6wSMmmMHvLb3%(Ms2{l}WYToUr1B*R7y#~V42S~H91dwsn
zQE#Ms$?X8)Fp)AP$0RGD?icjNgYzIpoS7@wZMHt7Cr^7GCuVjuJ%hctvY53kQz>sbdu?(6dt8?LJ2kSIOo1Di@%Eu
zI>glquwYRATdiPQxGbw;1)QDuwabv+F{uh5b;2(G2VJzTya~)pQZ=%Wy1WCPz(m2S
zfXs*%3|^P22BKsFe$sqQ)*?b8Epxc5WYV+iL2wAwGIym)ZHK4^h2WE!0!4VvyknMjY{(jlIfE?}weDkEwqVm>s|%_x_;
zj1??(t}B)C9MG$V(TW&aMI}qcVRb|P12AhP&j^xK=(JNfn{_M|z}~NXAXG3U(!wNN
zftuOCQVY6aWeu#Z4`Fgm>6F`9Do0LaegtTf|4sGs*WXf)EkrtRg0aD{(m(c%8mvTh
zxg2jlNtEIc7{`5#=^MmWnS(rZ)h3R&W3j4gVW=r*#|P^_a7
zN!G_tQ(|*>N~Bq$yIhv}HNm=ptz!n*88t-YV
zd?*MdBDdgY7vWl-ritz#TTOW1%lj!{XG1tm6Wx)v`f8Df{{`%R2&ZYHJKk1(F(+XC
ziI}3L;PCX*G|_#E-#BS?L#=t{M>oA+KR_D#-9T=
z%HaIUle^MZ(cRH7<{*ACVPr{3bfF2`ZB_X%6n+!HgJA@z+ZVkU<$hzUFOEX+8!*oM
zEWs~Exfk))-S2vsl6QcKYNm)Z({+Eg)vndvOg9PGBL>e!FHRM&5lDOvs>>j{8bP5P
zCeoWs?qXT8Wdb!udilxChMP5342UUv;b-szBJ{eH`=%_{IV6&f+0E~gnQ|fMD@lav
z*t5g&vk<|I>Rq%1YbU@D!wEEFb*npSSWZi)dmi{T;)JrwoECVq>4?sfbgE+z#E~f>
zem%18hS`p7B|ZdbS;A350(H>@y=DTu$jPan$p0
zV#yy6f5Vsc+6oiib<}HDARMfL<#!y~O3%=E!S6h{haFXXH>$57z+yf@+e()hk*l;8hHVOzCm928MO?I8OoZ8OD)JO!*$I(2ZB>7v$&#
z5MD7Po>%eYTa!|iN?D0rP9SUyC-H2G9~4ju{d_=^QsJz@t-r~T7jZ@p+8IsZTp$l>
zH+XR>|Ak3!$b;JBbwKw>EimgTtTY-AYE(Q1ghWKA`;cr;xbH!2&;{NHTAGxVK&Tr|
z@;#`ZeU8Lh`h`o@-%j>i=`Id(^vr-ji>R6q4*37gje8@y(z8DI170i
zNsmL|!##~HVOtWv5+*L`@;^L{iES*Afb8hRNLHt4JdLUSEkSvBj7S5>9LCewsI<;#
zBLf+KB9)N+iTwDMaXv4EQ6GOGx^n$M=K2`;7Yg|b;%DQq-lPP4k9Mo(u-7U?zvn~p
zEyDf!=meL?+him82?(dcNq&8ds0<}ne9W&8%3qTn&G6-)+c-;I&;z8zVbS!|8OS$9
zKad8B_$Nz->8C_ds2Le3ag>Z63}yuzKO%|tNhOYz>iBKVYJ=F`IINA7x1VX9oqqHK
zEezy2H#I1c5
z*pGdL7p+BI7F?{R9zvSufn78BfsptTRVH4De*i@xWmYUdA~^6*H;W&<@i+>!-da?B
z344=tTResB8xfd2m#~*wkyg$IC_7nDR3M(HuowQch?LUJ;0s)BIY*zz;sP{xCGDS)
zVhwGuoDV+5_m2=g-iPFugg0i(9Rfq>nM
zV#-?TAGl_IB<1xH+muxOkFuii$1U~5c5JvLyf?4`gx@BdpQi0nmgmwSfEUs2DwbM*
zN-|Tvf!Jjsk!IIH+ARx=g#ycN_%SkoFLIRr37e#ebQC|w>4Y;7+_MKbzQs|7Y;YOz
zzxtRYx(K#Ofx1z6f<*ta6z-_>c_9||2xmLM5j)9JuT2J_5WrI5glco~RAGN&rILw+
zmB_y0oiaZ;1}!^lLx9IERRiteAIfnbNDuTih(vYmn^jh
zR^?3QgexHr4ln(qGa!G(QcnSAYnKOBg>bfZVgst1J+jCgt{Z0mY^j8$_(Tqodf=xY
zo#@h3PlvYOvG!cb5;Z6j6M(%!xNba*|7EG3Q$3Td1h&q|C(?t1UBb#6z^zCo(lUwt
zsFhPME^h~|^qUKiox7Im8igGsBzF}*lCmO7FQ1NT{l`+cd{WCa=I)Tnb@aK07A{cRPPXVD4ND2E`Fw4pcrhFioZa0P34~G^b
zbFxMBD3DYhA8fO0L9?WdB^9{+f=*{Y@Ka$NoqfLBCNcX}
z6&Si#+w=yQfo3Qy^+fIwT*dm{oOBr0vsb79O$f=7dB7}1Z0eV6kj%Q7y-5Ww4b{3E
zf!X=Lbhpmd4Z7ckFQ+L~$>HFQ_BD$jgYVcXu{OY05x>I6^j#^DOru%vVVMORVB~f%
z4jC5PP7|<9a^@HaX8>L{giIQC+iFsA5bgntZtjRA!#G
z)m-!ixf`@&|E7vyRx9T6RP?7uf{ZlfDwcerx+TTkTjXxkJnTz=jxk
zUUIZ=+G;Z%JJ~lr9oVZzUgLLcb@w^lz~no?HW_(dlC-PYWpHmZM6wluVLQm}h3g;gyZP^ioyJ8I2qnk46ex!ADT
zb!_8fLT?Q7@U6gh8=PN(x9y0)-K?m}FA)D7Vcct}c16m$FOi)ik%8pwmiPnMKL)4q
z)x*Dv4D`fi(s(>2=fk1pdHiJ(FQwS;J1Tdo9(rUIulI-
z>e(Y*j0`+l1M>}JMNR@?jv?{brIR~{g*puM+&tEUu*;A_84GsABf9-dWZ=&cP<0ZF
zi-vUzw|GfEdS%AG;iw*;fOQ*;e|#1OJ?vVy??eXN!(P#HwS*CHXd~zhF-b)QPCxCn
z=PDr7ClZgQnncb_J1#0P>uay7x`NRE0TTHsZ5dEg&^owilR%h5B(5{Q-PueE1k|A@
zulcVBVXM)kN#v)rBjKmSwnf%-0)(>fTV6zD4lz50u;SGnc2b8FS2TEX@4bCEZrG!Z%f`P`p@fZlgnQ#&hnY^50PY(tr
z9LF0hAP7tYbV`{t(ZY~Nei6w`pri&-H|@kwEOzSDl42pE
zSNf2oGm*g07*VnqZ3s=EC3oAF@wIUuNy>*6GCPM<1+fJ6KDeiGd`HsHkz!tFu^ky-
zfw+wlA(%_5o*!#Y0J(B;c-;NnsY%I#G+j#Cf$686B2_LdGLM3)$G|H`T+XnD^GS88
zB$nV1-3&)tAC~+j-lVHJpaL7V(y)L)Duw_b>2rjJ@j^cdElgHJ
z#5Hr{9Li$VBNy<~wg-%T2(%`&T3U50HvBXxu^xBs-;bcTW7VZk8?3r)#$&56
z?-AUB3q)FokHBFibOq+Gx|A7?VIu|6g?vb+5$>0O
zUsxOH^)PWsm;bQ}cB>NJ1w(dpVkE0mG^=1W+TpchM3*B{DKdvy1Lpt6_$bO(G7-%IP8@puam5!g>UP>@XVk7wX13^9f2%FEStSV(rBgX{8Z
zFl5L6BCWgdOr6RssPj)uz4}IJij2-!5TJIjur1obVLYgX+QFnwxQIf0HXPPyDwy96
zuEk>ll^@Y1d`M0v+;0b!T48$#BBX2pLd$ScF7JJkgS02M53r#=uG>OOYMWVJw|3yB
zBWC~$%zaIA**O!s#R-SZRA_5`=*Slv5xo;Uy=gXkL{7F$>iZ2LU*g5+SU7`XXhpTe
z_;@OQ-f3uMC1$I08!Yh=#D2jc=Ti1#?qlpJF(oUp{PR`-0!e-Fr3JEF%#+ukr=j}}
zWKxgJw!|Y&|L9U3@jP%g676nWjzzce8H9WwPJa{&h@-SQLmLjA0&`;MA<}svxfr5ztj46z85xlRHFom8&bZj1N?+A7Pk_*xWZxszF*Ha!
zlM)?VB-0q}yswrm(u^0t8W&`*VD|LsB=$HDrFm}DCd{ZRdYM{JV6j^nnE>Y+86MrY?UH50pPNkMD}Jj&zn6fk;5
zWd}+MiUWDvM?D4fX+`Iv+7GLff+qmCHxxP(F+ZO`hNmRcJ6_2dWQ3b)d<(5{EC{a<
zoy;Yfo?M+ue_x%(iV1040eAyZxW1W^RGzd*sh+{~oHBL<_{nfJN#ulfBBUy{T-*C+
z;D3d4QjX7u9^7y%U{_T%T6ZE2oenoCzSU4C3(SBsg(@-BLmaYylQ;3SQLi4R-OZfu
zqMO$5=FTE*xOoVv0-TSydI_0b^R(A|I6?j-G^U}-6wVFs%52OG4l`-`Is_(02#yz0ztJb
ztHdKxoJaIEACkuiZ_IcD%Q`a=Jx4-!G!B-PUxXAivaAkc(4>JqYVdCu|M4gic*0VV
z!V=YiH8S{l!UwiR2A<9oWeyY(evGcpkMV6AztBB%7V&|q*pEQ<&BIG{&e2BxkOi2gdZ3rXXlPVe}muC@wk+5Gw
z7}k2vMF6{vc&D?6@vEtxuw$vpo6!`L02VQXd(e=X6=A6@Xu+}?7!AW%o*I0f`jd~4
zPG^9F48g)vq25NPa~f-@=P!UY5scTvSvOroI#cjT2+g?80AwBGKPYEa!H^#k+SOl;h0oS$TgCzu_J`J2-lwqN3r
z7J#{g*t+ssV(f4RTB_;}=-!O@eLf~hr?5vfg}Ub~b#;{`s54n-5PjK@s7Hxlr8Xdq
zw$z!eSku1;Fd7|}Q;;O%)o{NIn2HoVX>ueueeFaV@1;XLEsal2&-@>v9z{$!Bb}eJstIRp
z_4E>yvoXNdhEOy_zz3=6ZD83S;Alf24LWJ9=8CNvke~KdFjg2AsmaX3x2dxR!P*YS
zQN#KL745Mqlj(~)>MPtYwR!
z3&s+|Vl{f;$A+dXSf!vAA-99Dmq_Kv&iZCD&@MvvO1&AR->D@Mmks|
zYyUp>up(NXz|Yr&bKW%mBkUG!Y5CuP-6EXrX4BS52a96Irh0kL-V4)h93D~s>_6QGu57<_N^Ug>oe?VP*9}VXi;!hJsW#|5_w@x}01L{r8^yDu9
z{|O^V8UO@;Q{L$qP-+zfbM(gRa5y{@(o(L|E1*&^=b+6`vJ9|_gzKiqQ~dsR$qu-Y
z>8+2>@PKj$N+!v!VD|U5=}fT)(-~lw>k|^05>O{*;&T~b%GdC-ltd^2uN<`X(ZN18
zCmr{kEdck26KGqbvnHUHjPcSv1N<^^LdIauj)2;Wg$YjRAK+1a!V==Gjn3hKT7YL!
zDy7T^LJ=bA7DZo%cRmlOSI~D@NiARvd?kA8qw{S*ZQN#Q`EJ1agydJFhdNgSYBE|L
z%fAF{ijfbNApQ5Ce-_HV1o3bCvR+*=!NrcP<{<0?_=zFZ;L2Q1DWnBe(J{#V_W=KA
z2)eeJP$H;kkyqM%@eqzf+evGf^ahMwJE&ssQ~3cF@d<)AMmp_+YL7yTtA_YG2IGy9
z*^dX#R`-UTj(`UEu;l*3Ip9r<&Kp5h_(|+xp>8!9toh+g&WdKP394O>c{<+*>p(bD
z50SJh)7c$VcfR(9DcT70TR1Z`mgRg0~c*4s{
z$3UnaM&e@OPPh!IS5WHCJE)bX!02LFbZ^kh?@mLdddGk;9N=i5Ab1C#(^07=GrS4J
zo4|NBrf+JzgU{)uRBA$3hbZ5$uI^q3lJisLoht
zv}%LV&}WI@+B(20T2Vjb2G$wzJwq66%FOWBP6EFkJzS;_$
zzYZ$>N0nXwNxiWP#c5>+%YK5%@k!7whEqwk2zI)FMqNEZ6&Q+q-3B8|f3MU!ZO#C%
zat5Eqwqd71g!%$=bSocd#lxr~NV_JTCnMC-&p@aRuvs{PcTHx$8mO19+l|#5_>gdp
z-L3|*Eo5MZ@JQ1^SR6*;oC)5bn!TM2Y|W1xZvtbFVUfiIZ&1xXLozcFfM0&CBr+ax!y{DFA-bzsc|a%}P6|GQhuiG^?7%Nq
zkV;j64IUtLK}XI0vK?5Q7uq`k?E3)W`cfn_J3>vm0m4{-uRK6_w;w8M0X}Gr$(OYZ
z;Q9v$^DxiNzSs^-?gqjEfG5KUk}M#C8CRiZO@vy6dzy6>jN69AlS=)B$*fHgYS3lm
zCM)I~sW^0BVU~6~S0P>aLU=W*?=oQ24rggy%sLyPzHz~73r62?7VApjRe)Z0vF_-v
z!R8;roZm^+Di1^!fxa3CFa6SmUi#I!;Z@&UUEq7mzDzw;8QuRAFi!b&y7(9UVNXb(
z;=WaN@)&&MWKm!Iw7?=p#+I5`z=`bY{_rfuR@qfVPLCxTy69#LUo2UoEHoEc3_har
zIIJdgTjq(f##gB7G$m~ethK>;j+}=k50U#+I@%o19R>k^jyP>-?BW-QBPVBYx94xX
zL>^Wr(lkXb0&jVUOY@A#i5YxP9x-IVKoNONy--e5fvbxwty(
z0Q&$(&0gqsR3)!S`oya)Wt$IBIb#|^&4-|z@YU$Y98>i*>!wN;70%yiBN;j8LI93{
z=Lh2nwiH?_9-O=nOBMeO7jcNsg~QswxnXFUTKOAtlY!_8J|wpjZX5yFPPrEmQnmo0
zLpaHI2vs2^1ANR|6?1+<#tZeo0f-zzpJD_v+oC5zqj3mzt1rcL2=Bll4^vv7;wC8!>nX4wNw)&l*~fJ?x1?qVU(Yq{Ba_bqV_y#yOQ*z*NjPMILbIDg2l;wd
zgJ*m_#1*O4sJ!s?+y~_QddLR8ujl9rOMC$A3=Ww=+4ucB#PZL7!8xyFQ>5|rEPzbv
z<~5dh1iqepc;NDVJ;$*So!Qq@au|jf&(}i<8DCEU0LIrt7sl5^7sl7~Y$o|1S>E&Y
z^Z=04_w~$lg;;`!cX3#y$?&8^5=Z#Ho}W5c;vgc9`Wz2grJ`Pj2MDoOeMD9zYxusN
z0w3cZMmnwMU;rFC1?Kp^o?M9beLay-V|+c2Z-glUR>4t=WE--fJzviv*wpv+oPR_!
zdV$qH#PobUWPRV)a~bEvn2lpzi0S!yD0$!4({-2>t&reOu=W#^Y-4;qm*7Sx`EPLi
z;G^Nbo<*Cqg8P7NtQ>j@JYUa0SV{;@n$|9CB*X1oX1))3R{AB9m8zkl@Ff|@~s--7i$
zG08Tje-r^q@^^3qU;}MA-l^jILTCJ=6{G;p>r;eA}=NkK&*b$m3ue?(%&K{@CE
zxVNFuSy=z@yT-X57Hgaa!aSmrxg^v5u8|ipr14$AJBY&d%@or$qE=}&UjY9uT#e}(
zb@pj{-vVx<1!qdibd7F*;u}}M@)FMJ=qB~zOL&G_9`QD|##95;5J#Zge#{MNgk>I&
zp5a}HDx13y)unK#p6adZ=($V(dhr2w>1^oyx4ZP!QJ8k|o!z)gDeAx6rOSYY+@*9C
za+k(+!Tv`iatDXij>b*nF8!*mC9;B?go7d3lW^lMor<*ySpr~1LwF{n0PfQ7F|}w0
ztgXQZGw!=fFFs<4fxwRT{=3}bnT!CiWl7B=q#%#JleF0kapGG*L%mmbFUZCMDkQa)AJ
zk9LQ`U3#xLR%?+{t1$>Id{W3=Iu|cnQd6>?0XCR$HokF}-k~Zq?$Q@=6J*jtFqdXx
zd+ySe%=X=-L+4wX^bwe!5nETD?=G!{mm{nn5P!qRBrC~?AOZnbT?ou94oPLn0_xeXP9>Gg`Yntcg
zq;j&qlZwJ8lx05I0Q2z)S({JDw0uJ5;}dEGd{W9kp|Vt_#9&|JEx>
z1ehx8c#QuzxWu}f`|eU_oe)P!c`4vke2(OD8F%TtfYhYcAape(E}Ld`Vk&Wh$P>~&o*Ln_b~2K6=K6(`e|KFk{7`Ik=UF!
z<1YOzRVOJW9upM~tYMsXX9rPv8j4>ri{CEcSr>8(uo`JwM`N^grDOi
zLJ4@~@ZF`2X`j+%fWL+le0OQ=YdUi>Y9j7`I5MT{yGvWQ)LD`lz$*|Zl#p?kmdNfY
zY5_tUUy;x_+@*bPc}fNY8{sPnxl6~Fk=g)rfXxrdukM6tGu)*&S9$X91KUP8o71>U
zUq-#i&k+9&VQf5ISH8Qn3O*t!Zveb&2xqu5ms1LGmyWy->%~sOqY{qH8khig>B#^z
zlmuAW5VQv0U0P=c^3Vcc8=oMIyEJ+`umOl4YB1kjx}}0QP)rB3*oP$zK)SsdcWIM0
z9&;;LN5Yw$72_^#^no{&eGk@e;Y>Y5`tH(-b3JDCWIQ+H&_(CeLqo1{mzKi<8x5qg
zBB*u3=plFM3)l$7q)s3V3?p%|a3}QKrQKs;^a)_hGAz2wgxsa^EnxIj0N4A3kh^r#
zLT>_b448J8@|3{1OVi=Nd(hn&N0b``k62@Ix=S5&M5&v2U^WCKbsRGv_
zexHv?HgBkYjJve!Hgxz?p#A)xRNr0t;wVt9sdxy$q07r!=|>oM=?{MaECfd7f3vg?
zz_?2*7KXwWpmhkNhTNqWTS3tPQ|Xfs#m_i*_5VOq8e~ch{vX+(Z5@W
zEZNvCNPb6z4LN+$9l+sJ?i3E&yGuFj;O^qEqkGm1?{V14&5c|}mh9wKeDsl}o{B%s*R8$lHeUENhuzP8j&&u6mhIH4i0?7?dsAM)-jFfr
zLAnv9ucGO5`azsp=>zVe#S76ngB
ze1*K>OIP_YuF?OZsy(+FBEAY1E`dy!sXYgq4Ad!om9_R$*fpb02a^elt=+8*68qLm
ztagoPU}yD}s6C<_uFm;atII&kcUp_p@wWxQzQ?|%Lz0v1cy1uzAA+jQAxwafhb6N1
zlZg3I3ydGWL@vO)LF$UW{&dt*`F#|wuj*^zES2j%Mpk~(*QI6c&&T5OXFq4xF5>Ec
z{?&q-xVr9N4Rw&0UxMYy$g=jX!?^m@%XLT8olt+`dt8vGY<2vF6x|A{=+j=t7n82L
zLABrVtT{Ll5q}3&RJs&1RejlD)d{x!Ex|ADNw!RXzf2#y$z`vSQ9almB
z>Jn**Q01rv=>-D)Z^K5lLp3Mwif)CvkIDWQ7OeLa8JHjE)B%(C6{Y^i?ziOqMGv9Q
zcx^lRK+$r=(JbrK!Cpl~;=ifRLmMJb-m}nSJbAgA088DAr&03ceMm`oZ*9>csqe}A
zayy*cz{r6hU99~Y@7+T^dAz>rzqQp3G8sM5HpvUxZ8q**d(f$badg+jtXJLx$pU7L
zC*{5u)Y%Ov5z*;BB&QSZdqK;gZN7>KDJy|cH=N`u6C+ujqH%QB#9m0s!(&8RLgp}UK2F7WLwRXrAmiwMt7RrfH)Yy5x~c5t
z>D@+hbk9SJT!#pDbdwB^;BO$N@F+@3=ZY*O`C7kX40R%-aehRiiU+=mDqe}nL#T?I
zufoN5Q1Sx~>l!KYtGIszpgV{TK#U=IlW@O^k2i;VoRX8NAQTBF`Ht?%t3jv=tbvc~
zYHmr*4vy~b7>i^#VC?9oV(FB)F$sq(Q0UxPWQ4lMEbvVCAg)MV`VZvMJuUbk=GPJPT$d;`vTk`h?tMVia=2$DUrkx
zzN7nCV@s?@#QQ$SLsqHZPfGD2Vo&&pj3aCKj_&@sERlyHuW8OFF&Rk&B1yq#Pl3_WPRV!{pn!IjOW1`8)ABn
zJWAeoEwJ7uCfUX~@;3jjp?PPGs!Z(H?IR`CseS}
zfF~1$E1fCEn|C-v=WZGB_2FuaH}9A7+USRYe;&>;-n{E^mbeV;SHd|RZdW`Pq@Ko(
zZmP*pH*u&EQtPaf?C5T`Fw{TZgtE*VK`Nr}`2C~S`b_=)&|5x-k9Y`AqW7
zSl;U&0|1!*@g62eYY?#whxH3tlaxr}nEr8jBeo(T;-t?p{evErenjkVJ|gc>GxGaK
zjuX&=h9=$lG(h_)Fvss7>4<)4|2Q&;MtIx?aWp2`AT$|AH;vYQ|M+x|W()%Bxe(Lq
zAJ1j#AI-6-O^k&&mWG&K|HzI~`28d2KHNZ%;32R+CMMa&^pDbewfsdO*L^g+e{5B_
z`$9o*0p5he;VJMof@}-o^P>>V2c)=bVIYhp
zI+;r{-R~Ml2WXA+0k0qm*Eds4*O-W2z=iB^Qx
z9gRb$qnlLcn|KCT9&xuX?!bUb<6uWObqmeo5jMOFQDt)%qPi3g)lma3AxAfvJLKr@irJ0j%!jCPbd#l|vkp|V?#JA+|m6<4hS9s<9Ha$OALgDX8VrrKWclV_rTmrY+ZT2qx<8$
z(0vT?r+rM4&XA+~y{h;g3RU{=i2mD2SQ)S$2cx!O
zg*&=Gt_DI|fPD>t)o^Dvj_%1Lk;YgsW<7*u9NjchWO8&*!|a-(wn1i(FBfuj)3BqT
zWBJ}rj&2@LoR*NO7ehN#$kBaao#&vYah)8}SKQn@`BJd_v~q6KVu}
zlI)*QSt?UvSkW?$?kR8)lZ8T#?y?1u&rwV85nLSB^Jp|7NB0|p&<^J#eua<82}CfC
zZr$$*HID9<_y~#o6ftLw44rv`;f`(svDiQ3O~8A>)1#oiJHUa4FfT-aqkGenluLlG83Jk0NozHD
zFL=@ru-1XG)38WQW)>XXXS0KK0*vns>oO|ZWBHEm`=udx3k-XiS7P1GeMfiHMtpdZ
zlqUl(=yN2O%Q(8%1n~4lr0O6vG9)gWadcn&)g$!)VUQtFo;(*e-V1*0EVN7n__`sO
z3h-EXFSrvngUj_`Y&9%aV;tS}mf_Q8RO2T=_?k#7kiC$jo9>PwNB5RV7L%k{j;!F&
zP0%>Hsb_^8-81fBiUg9(z)xvnvu@+){xuRGoI#SZ39u&#=LT&Y-5a}FTE0K9Ax7Rf
zy01|s8AtcWd+>=YkmMWqSw?KuW*pr<os?Gk(XXM2USAKgWs9c{7ggB|mxEegbxb
zaMorV-L=Mg@=+@=nZV)6`;P7yEaGz6ivTMT!hJ_~=^S3!8USk+!hJ{gh*+wFifL9LR(S3~KKf}*A;RN5&
z-4ZMNlsWl3e*Pv-$QZt(`(}0gBUR!guEg{dN2Y{~qq}~JSAa?&)F6^>QT}_uOR?>P
zm9zua#a9w?bk`{0W#k25;|SOCt2<%Z3`h4b=$kD62C!v>vpJ2Udqq`ba4X^u__AJI
z`Ht@Iu!Jv91H5Di8@Mu;Qwnf&-)sa8cK`;kMyAc6YnushbdSajUgic^z!08mw5|HjdMW(%~pMtlc@`Ht?Z5#B)Y9H5ClEV+Mi4veGwMlU^z$)#Xz3}LJp1bm!gU4SIiq6}8$gI;S2Qa*d<=8!XxLsFn}Z;$ifVqx-8b
zJW_oS+Jup~Shy2nV5awiOJliB4gh1MVbKjFs!Q&F?$9k90?LZeVFXE{vnQ
z%pZ^~hxoca7Md`G9Nin>bFkWj(bZ>#9No1a1vUclV?vnk=&p?Y)Ye?Yuk|s>br7l_
z04?^oT(C&s)Np;B4o$v-`t+8v->T&39!D;gkFWVYN_g0Mh
zRwdBthEauiFZlD;P|+S>uW*9z=sqz;w;O9L@K?e)#?hT8&AXMa1YvU+iLD}xqkA%$
z^b;^n85UVAu0Ks>3FDn8K+W{VWfZ#j2-N~nq8bU>5FxrQ+!X4df
zn?cuLFvf?oSeJ2h(^Jv|j_wNJlcW3W6EMvITpYu}ZW6lCZW3Jr_K=vB8U4>QX+g#L
z0aLoFweg5wbzEKi6dI53vPw9`*#8iVwMXNBD1mAgsmosn2LD43K)(NhmUevq!?dna
zE9eP@$U>0Fiqx
zc>_%1yXWX%kQw*fizDDIL#AuukhLkTmN*N!=SYu3;KSW>Gp=FH6zIe-aY>i|;hsxu
zh<6$dn`Cv0#ywa3J$!rf|494p_$rF-{h8f+xtp7t#!W~eBqSja5CQ=qflva35D1-1
zuK_`Nm)?7kB49x*6a}$?s30PWfQSVY6j4DzY*@g81rYJ~oHM&~6JGUwKi}UU+va)B
znVBa2
zHp#olU4q;%q-+!gM4^{F(}B_+az3aji^Et-DF5S_Oe9=8A(9+YjObu@pw?ixE1`lR
zjCTj(o8az1cf(KK9q29!RtiqR-GNrzp{n6Ya9xDM*hvP+hv$4!y8|gt$)Du<)DGbA0~^*KZs|9wFG-9cahbFzgLrAyCbd
z@>o!OgJ)SRUQPy-p<((LhTxrXI0UYHAY5ow#i)pO2RgMMpEmA#fu3l0pw7sV^(mP|
zed39mb_a^qUgJLnJ=kx!P9qI|2j)Q#*>6emvIGgc15H_hr3(sJBh68^D*yDtU
z<4Mf|(bhp!Hl>RIo&=z+gRW0Em?=-e^^>58vvm+<`{33==XYX?oJejA;6ibz0O+lQ
z`W%H*3f!wZm?XN;TL%q32|_b~ZEqqtTL<+#0m49lqe>I>)N|H(Mf%y@!*<5<-AhWzw+AagTs#c*R(lJbD>!6U4Qjs=-
zxizS*X(}o-Y#sDj1G~Bk
zy>(DZkyLV(o(D$Z4Q?G&4pZq=XBl}x?DhQ!7`6`j?Xn%s-h@#QgIfm;uVP1PGGS!w
z;MPHVp0G3H+Mt}Xb?6~W4#BO1R5}o8*pBbwrnfl)nSQSxurl+XrXspfmg7q_++V
zU1BTuV9XwiLj|gYoU?V%ssoVITL)#FSM8!=boSfpSn$TMZ{dfagrB2H0KsFqux3wbH5=z0``T*l@4d?
zpz7-l4$z;#%c99ru_lfRKIIvqw+`z0gRJ=^#oHbO#t+x(Zi4S8avOT~Y
z^^dxpt%JN}lT
z3)Zh-2;?gjZ?>J@I_Rl2Ad~}`q6sB5VC$gDuc0554X~vqkOt+C-a4p8Rj_1VP=;z+
zb}%H^I%rfccr**(%2EWSM{gZ;+QPIp2zyGCsIk6j>!2m=@l#%~KK~o08ml>52R%T=
z;woq%FFH1$psB`PZyhwgB4UsXMm2|}8hD=Fr>%oJokee$-xKv=eITowg3@RU5D0gCt}3qB!B;93u4AL05uoY#sFW
zF-4Lsz$_xRirXT*e@I&g-Rrlt4FWb?YvZYR6I%!U-U8o{!C5ZAX&K>4o_-lcTL)!+
zYJWiWD6l6q{tsIRy?LJ^$@jqgNVE0UL8}_uIDI~FRpWZ=pg1o=67doWJ`PnfD0PEd
z2MziLZzck3pmC}vgIfn(#Q$X51M61`mrUYGMcO*(sYpA$r+_uT6jMzq($+!03Oi9B
z0%4mbQ9iLrpNF_#y$g*Eq9G50a7>f9?o!_2uc&<=v^8A-;ff}41^wvSE-m#+=0M^gJRrRPy*gB}_qN?!Z
z6cBi|nQK!OYG>=9X8X{UqNqIt(l*jmg5+!+bSpll=8|&|gkwbFKy!ntw+?EKWm%5w
z1rRQ4O^W1f9TbiC(pgj3%XsMuM@dc2)~N(m2;wJSU|{*gD8ni1d90{Qw+F36r?W)LREVHpdXRfRJ07q%=8O
z2hBW)w|zk9Uz)_4GTv*5(To{qgdYJ~fu76+!?-gHb762;K_W4ukm1DaEV&VDVCzS1>VOvQpDqYx1-h+uEpywxe
z52m8CaCs9m;?&p#r*2%?7+_`W%qH6xNZ&H_;wn5e1AcbF76Euc`7iS2Rm628RdxLt
z>LEQ-z1SrQ&gl*$>CWDMsS~!osp079Ej_<|jJ^QiPMZ8ADJ#ca$2PJubsb#Dg>3&Pni22f6g-pxIH@ID^Q#$X)H)G(vg`upICL{4Rqa`fw;SD0sZ|bi)b>@zVj-
za$xlWpxU)*n)JN(qf*fdczcH<6g*dY!T^(sA%Mm^uu`Emb-GJNv2A(EmNTY{!kOW}
z%}`rrT|#}Lx6GGv7*4Ta-q65vql
zeX~r!#9xeKjRTi7G4{>sc2=o)68KJsW1ATJX1$7T0;zZl#|I8v(!|&|i%n6zgZ
z6Y;T4let(SXmU
zKWKvRZuK;|fHEwb!>JVxqdDc`X^idgOne_$UpS9)Ak`gjN2HkcSOoV@k5f}P#84{F
zdWsgH{L6dbvQf(gNJJ67_Pllv`MDe50Zr&hgyHP*WseU%PI(I0_Zm+{WJ>t1g7}AL
z$1L*eH6%O^4!z{iDNTQQs?LX3DZsKcPC-$mWs?0frRO9@{<091?wUpcDn$#Co*{q0
zZ8RveG>yZ>UUpxH6!2n8w&mq1O!t7Y(V?ks_w*aNU{sTyneQRflYaRU7_U1l$yQRV
zOzEkxT-vPjU|iHJHWjy`-iFds4Q~&!F3(|PYaGf76fO}{kPZ*0#&PeR`}5wG(la+3
zUmSuc>*LgfBnFf5V@}lpd74cg)*5-GNP2E-fX@nvJQ$}Dn#|L6-uBY-({O{chg=Bk
zPL0P<&FNiJhdVAj67Y7Ho-Di-MjZJpPJ1+&d-~pD?BLVT#@_?>k;Y?w4#dz9qcghx90M}JoY*J8ns^LjCRo0M?gYcpz(VbKt(A181t({xwT?cO!Z2NwT
zodBPK_)}>y_Mi+in;D+4nds7c-a!7xQ6m5I7{a^4@ce<^6{mG|5VAFiLZC(?-Y2oo
zJqin@gX{=GZ%vxPCZL_My_0Pd5U6w?Fg#t?+Ob;<*ZZ^>$BsQHQxX4M@P2~5&<7!y
zPlNHC!xAQq7rfYKy~g*p=f{A3L^u^n$)5Ab!<%4wT4H^Oqj4F88;+8aq$JbRw4B
zsk8`$)i-HkQa{u4-AOx4PlB-fCQUS`@XiJ4DFg!*zB~@XnVU2*X`$(Pf3`jH_zeV!
zO0GogbicB>(~IP_V_pDsd7wG-7~V06tXeZP205LpsH*k2`z8JDYNK!5plnU9HtAi{
zs&(V&byw*hgDg=s*WU_=l~M}}f>j$wO~5SHBseUh0L-I=qB}_(5kr}|YPQlF&jQV&
zhG2SEZUemCkr4c==&CI}u6qnYg7OGX#|U0RIWCE&SE?3yo=i8`8~HV$iyEFXXw+?@
zYJ1Q5NU7j5h>{P7lD7J_;Bkd;QA3d2>k?iJ^uOzCcoYM_ra0j%xKI~riVs4mrzZU8
z*OY|-hzb@XswC^pI~MQ7sg?@sVxTe#~eQgotz{+(h6mkpm^h^HrK(zMRi~1
zBd=0|znpm%YFfTAOA7x1cb#wHHV_U&aTqJf+m=TNI_N(2Ei}%A^AZPA?Yt5_!=Vz4;+Bg=9ke8a_->jRkcQ4&yY%Mj-=@Q8}0agX=vGB0poe2^KCwhZ*CW
zVFeJ-^BVq|;Kh=@I0+qRyq$;&P-7Pf6RxUo;1@SSyN0yFYDe;dIQ-W#bVm3NOw`op
zf?c0DB87m^*+!38Lqq~Ahr_tc{xh<`I30~?P`K805P2gA-)S6q0;Ld8K*O#P6gie&
zW%S)*h#`Q+YuFov*BS>9wnc#MEd@(fF=jr37S#@~0y&_{B_fPoJPZxQOogzEB9uUz
zvxQQ`CM;-Fea9NJb;v)BiE9m`(
zqDMOSUPY|-E(U=(lt5e82Ef=C__6zuZwlbvhA{T40%NJt^H66Yis3xMfn*i(OyO0e
zXCanr=K#A?<5X+fI0ilsV&t_E*fXVYr9=fFOM0qaKmc9`Mc2dU}6>6+mD=
zYn;umLXm@QnDJK-4{~-a4vv5%`I13xAw5smHAHm~8fp?ng_)v)Nw#P$J+mLc*O4If
zc1S9*>fViBVQ5Dg{W;~fgxArYg$B@J-GX&`xXc54g(IQ9G^tP#^>=75={d9v^&hZj
zHBJ)t=P03DK*AJ3=O<82y#dDin#Fe1?)t{IB}M@$P@0GY5h$h8qOyd=e6yOR)_n=yjq#9>((y`6~Fo^LS)CFKK<
z*hD_H#`sypGq%Q47IlH#4d(+6B<8tFku!*CeA$g89V0}#yhWj|knEr}_Xl>t>Jm_wrA2g=UOkYWSDEdUj1
z>3C{*A|Cck{0IT*59i^Iq#R7zc_t{Gx@W7DHU4z7Qc_m
zimj9K5%k2hiKJ(>y2iHz
z@y=0wssWFJe~CC)vwSkBzK3TZ<_>EC%G2t?#$mikP=AKH$*6El
zd|2?vkAop)wziD-lTp5oNQ$ZeZ`B0W{ko*KIBuYferk;&C?xGb=uw)a0x(#5z6rr#
z7uXbypQKQf$wh97dqR4Ce-XZ~1bDwDaO8qkn)zl6^y=75!nGXnNZyP7nH4wL_uL0g
zCYTx(jUxR4RGc9-r^ySIJ!VAp!TjQnaQ(wU@hoP?NAs!5}L~6U`hFX5T6s3
zu>fYM1uR$NKL^z>@=X6liuQo|Y53;svBC2JM)p@AGzA=agQQjV*zEc9K`AIWYY1U~
z{fS7jxJSddiqTfUyf5+!ySbi6M3R4d9aTu&9$!@yr}|_S(TLoIsWcz-y!*29^CD?>
zQ3+JYVb9LBnD~RA9t=dKmyodfc%35dm71i-Mb2pnm{^W`!}C5mypdqkCaO}x$lIPT
zrsCZLAZ@gg6wWxuqO3!P=nvPyIE+M6f3IZdL{tm66w~0m%z-#5?BdFtGf~4(i^>fk
zJfTS(M(zQ|or`|&Z8ZJRdJyoj(i9bf&ppj18R9&kiyE#%!BBY)^FJFNMayBraN#&O
zh$?PDYpXm*=5{jP9+)xX;T+@@>Pb>1rhAe#NO@u2!;~p!n4xV^0X8B!K8IL@x+m_W
z8TD&Fs@W$(Y7Ti>9}<$q6yuZ`wRb-;?gP46GwP6Hp0$d5-sPEyPG>#|?gQb7CN;#J
zO~M-D+UIT3c{pFxr2Yt#`X(Xn2bbqljL4)3r*Ir9Fr-+N8S{)O;_fkh%PS)A^#C@+
zF_;DiWD4BW=IV+?#DCg|tdjA329%SHMnP8Fh@+BGWjopLRkv@A#tyj4jey^}K@gc^
zx1nB&crx@aWCYb{>`bAyL6mW0rauC^Uq3z%!8-^Q$8Z?q$R;y5{4OFSNl!2IpyU?-
ze{cw@OTxB{K<|lmDVaxdAs?e2#Zf|wBB91jYG9KxL8z}u`%t3`vl8mS2+YrwABneH
z;ESZqXL}H72?a$p%g={V8!b)R*E|9%AXBsOg*Z5JHcs?|aYe3mJ0_MRu#z$L6{+wI
zz_w^Srmhe2yThmslrC~NDb*uJVkzS=HiV{#oPg_xBthn|@o~uNFQR58{AXZS2NTdtuhl>w)QkGSk
zI#`-D;~M&d5$_q_zl4B%2JCwr&D$2MmQ|%Ihe&6!!NEQU<-_DPwc&r_PG8X()P(%g
ztLIAm^lDd$pI+_0ZeyP+>%ujzdoR!UXi27SkZsyc`GGk6mPRT5NlFwj_!EvBf0*
z^IgUmzwMn1Hr8RHH~pE!Ukzk7-vvz=!fyh{8NzStfFM+cLv5dIY`iOZ&N
zZsS0uhw$E2@Us}$2nUykNZuL3H%Ha@CLHDiURj#LLwH)G;dux(gr|^aBqma1QK`^E
zsjgJMCbh|De#ZnACThO?6!k8#gA+BR>K`U*CR&J~2O?#07?+_*vN}Cc^B&rDnE|kl
zCR`-{)FcchYG!tm;s#vW0Pm(b&r<*t2NN~hFDcF#;L|kc3hsgvHNKICSOu5$8Yiuy
z!XT7PnyA^h0-b(fCvg0yfmF~d(nL*VoG4whgfgL?s3D_eoJDZigk{jQYZG#mGRBUz
zv&k(QL)N7_pR);dT}1LX2apD_Lw&sF>@32&=>>SozUaN;SC=w&xXbqpl+-6p_6zW%
zU7i^$@s%v{_GGxu!(n(Sz?|C?Xpj{<9_`!XXu8080QgqT;rAmr6zq$Oe9sv9B!%}G
zx9>EbR9tqtV{|D};c1R#JT67zoI^sSY}1V4=`N9R9lwBNQhG@e{#DG9H6T_*;^upTT42TavCQwfb9<>tziw0LoV4ke$dD
z8*vx>mgKXZLbwS0`)^5_-!57Fy;9wsX`?M2*`g!pAwzaL$@itmuE1R|vPUN%
zvIPEpWb^*S5pW|OS)QAf6HL(DzEIRs&rx0QZkWnQlZz;dm$|i{yO{l9T-OM>cJd>MkjYp<)GjGK?&;
z0e3-*&|l(Q1pd86?m=-S@e`%QB|ZLwMS7!^76^{=jAWIM+9Ju%VVDZ%@Kv#7gLe1*uP{utZbDrNUs}b*Okm
zdR!+l=B_ZrmzsqN2MLw@^sj{X^Cf;!0xwoL#Vx)b;zq^32n3EB6?^K0-Bj#
zMWC1aMf#owJ?D;4d@XiGhQwp4b|xG+h(E7|kNPBXM*RfEAk9IAzu6)2MmPE-vfCD@
z9vZwD?Sp)!d%V6gAlGl725+r?1*61IQHGd#b|@zEsk-D7*xvn!Cv_v_mrmNC0;G>Y
zxNe(HshmN7ePL4NlBD7NZPHvO-5-IdQI@9NQgxOlO*%_&J%@<`s3^uEH$X~`$6YW>
z(?>xr0{=csuiK);A1x&=>G2=3ba7Yw<3+Q{YvrTP(#^VI?itRP2--sN&^6j;7>7_;
zLJ%DV<%~ogrN2@xxsI>f;mq@N`S6`Tx2z2p^%|Ip8)q|qF)L^F4nsu!AdP`*q`1AL
zV2~-ez>oz*#u>bXF5|~bUzM*BpbvJU(>+NVs~^D5a%do)Vg-RQ;u01cfAj1i4p8C
zs;E%k<*@%Q)Njjb=+_c`$v(VBjG+BvkVTVAO%RxQjS!g5hI=jQ3^J36iSb};+)tnv
zMb7RW_Kl>c;7LTESPBoTNcT?|=@3>O3b$|v$pL|-d|=nOL4RTipnpD5+Y{}3H{1fJ}Y
z?hZqh0{=H9?eRZ^at8*{6`qvtyg!wKY$yoYLxpm|Gnj-)lJ3v&O)Pbm#(~2L_4mJ4
z~D|8qv~nuhQpy%wYVQAT~XRQNc8m3elAM~G_E%IiaYRAs#eq~k0?t^zbs34pv
z6?`@nIkTbYMwUK_=!U;S0SuM+v?@t%7>fe2
zX{W4Be`c4#lgipJ4#SA=sQWXl)Fy(Q`h%UdnfD}mr6Mhpipo;=^^U5jv?j`x&u=a&
zBKpVUnCeb-yFbCd-)VJW5s1NlvR=NZ`Bpl9@C!^$tgH2h=ye+)T*2**$yAG6FP0Pz
zu9J-*VYT>GFb5r1RJ>;z;N35<**er;;~{`Z`{F&UT-0AXhhe%t}0%f+f`yG@+>Ml2PDD)u55hc1sACw!^Yb`Jip#m}m
zod2P?4c(;bwL=j~YzM1G7vf(FSwSUq+hS(9qv{&see&pUMo-ZXA~h*QCyP}M4aF$q
zf5_NB-H(W%roDkR3(AGfAokz0bK0;fsCW*$M?<3eYV762QmActg_B$)okT%sHi!Is
z^lMg7fGFg8IA>SOlPK>lb^nHDg!1k#;!$1;W?Q-wVRi4vXklDvopTsd5GmT<5BVq4
z?Y?EWfgc`&@^i_|SCdu{uYp%JxT2$$UmQ)Aq`%_(~IaQuRzQ=GeATUD3s1Hs+8
zJpSr|sJefjY>4IPg7XN1=8{YNH6m?pDrewNG2KCPf9D{{#ek|rIb}V}koLl4rW`6X
z1kDkemuJq1VqVxQ9@
zk>edTlyBH)-K49Tf&Fk7X?YNi|J2=bu*#9w9i=zrNR?@j-nGzpd!EAPB)^nMZ^7wZ
z6Hfn`-Vv=~$y~gsldF=f3s`d1(+D!15M(@~kj`z1WpCWFL3zZePa-WHqchYjF0>*v
z$@l1h_7x=WM8jSFAFzNJ+gi5-!e)U-EA1G9`LXZO~Cewp#y_>XpG4DfK
zXTOgZJsho+rom(hrnO3z&-%00QCJJ7#fcS;R(g=J`=B*?K=-XMYqNt=eD6q7d6YbXUC>|_Ebx}wk9p>#-%2D42U#~AY6^+|B_yIJmsh>_
z1SB{WsvZ#2X5(gt?bYZD7tP5nZO5^0jUyWMve6@9!m2m!kATxjL|3>SMn@+&znhBwF-M0UTmGZbcP~Wau+Zhc?}S>E2*JeM
zztyGOuJ8&&^ws4kW$-n5g-Ysti0Zt|mitGeldrySV%=rSC|_s&7hm}sKyJvQS@e@w
z_pI?s^u_-o$^qtir?4)lFSFKF&Pb&85G_R3J(UgIr)@(zy84(;j8j_{d=HK4#kqFF
zC*l3K>?qjysNAvu)N(R(Up(p_8I7r#v^d#xGM(I4F)@~WBy=a*pOEAaL%&I)>*t~F
zWV(J4TAr_8hUW71>(E|&y%0JP*Iu^`ohXt|n!|eFn=QzXhA#O8ZulfZQvL`{LOHr6
z#U(=<@QquB_QK8m^2nn?)J+QwiLM?_uknRM*9fQGhBAxFLOQxZsP_-_GhRgP7~R2>
z62K(dA?SV+hmnB1Wka1kCuf3w7S7)~kW6QM4~h2h>|TTr{RPZ>%@$Rwm%Lyf-6Vkr
zbxA2lLGJBowGLkzfG2C=luH7)P(G$R5kucCMmJ5MRbUx&`xAzU&P(9*QPTZAgF521
z5Rx8+(-bXDcOvF{l5UoeP0~qkp2Wjo&qy@(?A^nlY$pMVnxs29BoUG14_%@gCGcDJ
z@o6g|HOVt)CX8_$oX@lbDSzepCfFpo#VB}H
zFWc7@jC#L6C`G*n{Z4K>-d
zy^F6SA#v?dOoWWLB(C-Us)`V$wSs5a#r`$7A@a^WkAbWDhHUxuYt>bxv2t;BI93t*8|lZxDj#G3DpK
zWIunq1@hy|*WajWqA>bsC%Zx2^9YtJ9AW48sIznHhQT3>k~q6z-5=R&>k!~tg>9}ob)s-b5`Y}P
z8G7Ib-ZWf|Oqx^9jH1jaj55>bpb<_r6D}P#DS%Bg79uF7nBZzU(&
z^sGXrA(G6&sj+68dwsxjO;4rcc*_LxvOBQ8gmd5&-puqgeHU-7lW&uO&2w<|v8GAe
zZsfEyJr__Fv62Tt*zAym!rPgi+Q3=KK43>2+*b1XIwZ{i$tP$NxD-%
zSIkK=b7;y(nzYwVPB+t&Qs4GB2Bxowg9EQb%*~kx#o$T`k=3Iy*C*d?hvvu~lR30BwLtfqs
z>_Ngga60=`?`w$H5pKB~*Z~K>Df@h~(NIdxfN_R
z^z5fBAX7l7P9%z#q`P4Dp`mFo`@Hg^?Qa02ek8(rSwv@_ulCq6m;%ClA_ev8?30vj
zo8ci4w%w%3$v(@vGf
z7k{tRoc_P6xx%4I8I1ZDZCR>;_}FdPyFi?_jPL)gEu-97c^|@D$Y9(|05Se=D4uIFPKvxZSDxr5JbsSU(3Z-KnY%
zvUECCw675HyMEy&8+T+xPh!hjmz`xOgDrZWj
zoN
z9Y}GdlW=-NkDs-BH+F9*bhhfE6&Sm(+9eeOoBplfs)I+)f9k
z4Z_GBn5(!^vr-g5k$DC$BT$Zdrc5wLouNL-a7d5EVcbE1baGV35r7uL`7Q^N(-^mN
z)VllO_ZDE!IC$wCHHV_@ZE6xi~p$O;EbO=dSsf?>t~s7bo}mmGBz&5oQ5&SEXWVJ0!1quPIs#WB*e
z5vQ$0q?nYjxQjAT<_|}dvFBSsV{dvJVjn`}Qxf}R0K^<)Z>j+3GMsNXki5XSZEVbg
z;{{L*?vrq^XlY~f5`$yxnb1KznU7O@61WOolJ2yzdCtHwws#<4XH4`dDxTgXJr}3t
zTAJ>(u_IZ)Hg@2e?cKAW93%mXnxwmbG4^lOP``Z%&aYa6!%Sk@*triWjWQf&jK;w+
z!AG%sF$=NE$iE0Ln!>pw4t^bkW}*0X5OS?bPj+b7Ks13V;(y&8nme;
zg;m&zt&)^gxOTy!$@g?e8lZAG9HJ_TH+rZ_VyS)o!@ef=L?tmA54w^#n2)&@NPhsI
zWD0DjD~b7c;wJ#)T7@i1CtXSWiDtj#km;|ncBNnsnFgArD~V6h_%q)gGQB>q^pL3&
zg5_$8uscJh83>{?G^!7uouN?^+$TpaL3mKJtRn$?Xw(lHxMpFaByUM3drS&{sRU(&
zLtzW@=!qgOGW)y&eW-jgLxbg^&u}QX0O?COj20Amr#v+O7ENZy1Fb{r%BLN=cEpnbocfVKF~M}F%fkqAamoX~)#H?h#2iD6AnDaOJ*cJW
zPM3$t?44a6POL(FN#Gz(?~wpSP14=Jl!vTcFvhRoxM3kB!AeL>mxt<)8mv(!fmDfz
z6cd#wY;hN5&dlh$p$o?T5Q9Hu(GH%ft>AqZi1Z?{iMK(_F?QElfX2Xinghu>jN8T@
zJ`UF!^Qov{sNe*ie+v;>El#Dd0NrZmcBaJ`F&
z6cfA|^Ev9GRmPAu@Zx1SAH%_w4^94Zy#;&M*kKGQ!Na^c#(8F9gp80z`_{0(xg70be)oq
zW~OAFGQsI+*mX+NUN&w|!z82ZmaJ3G#VOpGh8c)px$cHvPMxv>L3HYr6Y$=tQ$ECf
zvU?Imc2f9760qx(G0>nVanTWLh9H9y341t{84iWas5&$hagiCdMP>835y5PpivKFg
zhLCQC!}ydWoNPY-Wzf69d4L1SZy2|;dF;o)Cjp!5;H9%Ut+?uJe!7R^$;Uu`mISU5
zOm{k)y9dF=sZ;nxJ|~-7?WEWbs{9J4pKvH?y3^S_ilm)vJ_IxI6f7BwxK_czQImA{
zFWLN&1AtqB(?d(J5)#wdeBOSgQI3P_WFk^bRHCrOU6eTo?RXPoa(+R#ewOtlXsMe|
zftGrDDy){eV;CA*;aUXuWAfE2$gFiM5Xs0K_$m?vbxaJTadexz+mW-bf*)E
z)_8Ox(Oww3BlJc)L>pAO45xdvG~MY$;`KHsk)|332TQ&L%G)GBQImA{FNx&KgaI#s
zb3;o|+*nK}Qe*?AQO3fI6>xA&MEoYSx2TIQ(Z@Hf;oK7k*G04v!*vn4+S`zDXxKm$
zY?Z>q6RuZa@Z`Qn;VbGQ+O3@jL0H_R>wNqAt9>oEh6X`+&~?%DI%+e=UGPitemqWH
z)Cmjq$H|peoYmT;GYHysr`=z%2SG0v*maLx7j?$VTwM3qb!OFgQapJp$W2J#7{PR>v-wBl;?za_3bIod?S38KiGeD|;WR@_)1A)d
zU$S?0|7QI;+q=!6JWB!;HA#2>lFi%FT+c~xzSI&FHx|>`JQ-^stmg(G7fi`9QHjD9
zcTwideE&IE55}H`d1Pvhl2Arw6S@$)iE~ztk*I26!dTQkn~xczSYunr;Sak
zox0+Ga~SsHAc084wIU9VnxwmbG4{%GFm^L=I%x@3LSow3Q=d{A<#4!;B_hQ{8Cy+U
z)80SHSFlb`)dFoVL)F26r&YC(W?$FZSK0@szJ-&n7A~PHNWX143f*ciAg5Xw)>?=Q
zgOHS>!3^Dp1oa&T=h24*aegJUA%>5CAwel)6)
zg>deUqx4rH8lV-1I+vy!V^K8Q&L!ko!BbrIbB^;1e)|l5;r-D
zar-9OB|(UaR#Hvh1k6LL9gdQ6>QzU>WQmr~eSv9_2A=Lsp#LazzlXzU2u!3f)X4J!
zX4t-l>(34%_oX8HB)*2(jifx!`>PD`9lAsK`=*G*p@bEh@40~yGOajg0Ldh@C8KFV(;&r1!b+Sg8sf<22pQud$+>wW@$Wk{^$ydHQ_IvjUZYi|<{Y
zHMq~OXby#Bex&Q+0(@EOay@$&E|%+iG-z=A8kbpCZmxO!6yB7DR)1DwEb=!D;U($%4o3
z1+SnJOIX-I2;>&Ho8le{+M0LXDFwYHp@PuPPxr!B(4L=I!E7i9TMlk+2lrf1^6{U@
z&3JpzBBQuyVJBafNq+`rAS>oeD-ri$kA5IU!}ORR6r4m(A7lv8uyX7fIEB?%Xo!YY
z5@>lL-*6AhMHuNm?5&n?&q#ckI9ujIMb&7EysI*SWeed@tsH$(7j|VNlvR)Ch;8f#
z_ZsCX6~fkHAlC5KvY(TJKW9K$UH@-%-yN&<4eR+0(sS1laI&Kl=>F3+xX3%)lkZ712-Jb66n1cJlvh45Oskm>Y{Ow-`dhS!PZUnP%wH^
z6irbsdpA-e!;EMPH=orR=SO)-kqQr2OsaPBS)<@^T&6#hj;zz!@R2DO5r3{vt?2POU8
zVngJ1H6td1c{@3i_k0rRPp^m9_nREfd5#EsDAH$6gWRKL1bP1mVSFN;ir}*zhikse
zZFND;ru+0S7ed{GO5Lfy5gAzxlL5Jn&9JKkQhZh9f-!tg;uR#3JK6{fO9D!<6Dwrj
zS0MJ9m?(3fO<(J;@f+!f9!kUJVQ4A}ba>wA`7|v`%|hX(*&|72gLycp8>Rv%@skjC|V0aX9_k?!c_>Twhv$$7DT-DF>1vacW5*B^1+B8vx%7rBMX
zR*@AEJkA0ne+3~5X`Jn&vKP`g$48|tq;Y*8m9LP-4SZChLK-*pb+}6YHS~Ft)Rl@<
zNaMynDlQ?7^L$h^LK-*sQCSFSobRK2AJVvmZx>%%`Y7XuG%oZ}1`KK3+E<>hMLx=J
zA&uMk+Vi!ok1|q7<90sEFd>aQ_$Xh5H16m-itGDw>g)J(QxjpNNHJT^#AH?z!FhGI
zTsjo}34UkxG8^M=
zQfqX9nwIqwWm3!gg=p&c)`Ag)ztvVlG>!1E>HPFrb<=2fc}TcK*d(ZF8e@jzDQpVv
zo0W+nt*$}jFzHkLqQxCQ7x&4BdSQF!{46UZ4ej5JWcmk$t?&V?Ipo(1p}cPSuXn{m
zHa|rA=Rsk94nM^C2lvH8eSWCu@7e%WMFW1w@UKLG^K<#3mVW^J%x}mKIsRhg&HP6E
zkmqlU{FI-^4~71to$%0%OU+$io_|nh6c@%a`$IMo^}zj$~0~Bi$8m;M07Aotu+0oly5o1T9@80K9BOQRO|1K(58P)nHnBlLAa4
zf1#uo5`pR^r6T>^+VJq2Y85vT##Nh=JBHzS0lqvYRWB39UUQa9FTiqXLB7IHYm9_%
z$IF#10M0gi^>HQo^_vLkZi>$-6(WBnCon7I0?bPne4^ab8?FVZj^x&<8Ig3uB61NZrR?E
z|LJ*T%r8|C-y?1bW3F!t>^p^h>tG^1t|`>FQ?~Nad=iI{HQNR&ZihH5GJM@}C4+Fq{nWC3d7_Kz*AC`LF^=KK}pe7sUJpyoJ=fDkBH=c)Uwg_(CaRE-tg7HmHfE-
zZ>Z_96x4xA*Ipu&4yt5@(T}bN>m|eY0IsC!95Hop6)FAYPe8&icsT=Tf>Ln$b_98k
z;X8pV;fa+U1&pW1xnYkQDnS|%#;q<}n$sfdz7`-9bC&N;I0utLAhI@Ls9!LQy&bRB
zD(Dyd`=wwWLo05A-p49zK{r;o?Iwl&1_9d3`Rh<=sr1Z?h+{L=JNQ6De^2Kz6s
zBE?BLVI*F*^zeiK@uv;ZGQ_TJ2V!2mrI#OE{$J6>YZ=N9mVezGDO&pY!RLS5jfXIP
zi1c5?u(@S8KScYfXVFqM266u8=b#{xkwpJn7^=67;)ja-Bem<5`oj2?@AUvO2Mq{FM#_Bhp;_Sb)FOH*SZ0kBDse+
zTw`>H1fVddANd}PnUcFj%S$t|j?6|NKjJ_>MNlx3tRej!!k?7fy*yS*)~=zqVjxrS
zjO7014}U|*`d|zQi#X^JRZIE6W=gMq0X|ez6;x#+Pze|5srUrFz);RD$yrC)?!#Zl
zun}*=aL|YRo#J>G2%(CwE0G#U~^M8!OO-Lj0!#adjya{BSJ6Wa`9fjz!2@k+ui}lY-YO(1oOP3Dyy}
z;e)XRlXOolO&pQ-JH87oc%lMb$YF|>R>~RP7E2eBzE4Xl`0Yc8?YkA|Lejgnv{KIS
zu~@p0^aom6!NV{ySa7uhUC7~@mJZr8jXA%^(uGveXBjHP1v%*p5)q2ok~``Rh(Ow;
z%8Z$mmG(#;AJ7*ZLCnsKU6&$Z_DdchO#d6g2Xb#$8Z=LK(7_TNP
zq6?)cOi&XPoBQFuyqc7_2a_JHZi(xKzE@aJOmwuW9zUM$&tY<-RgL&%bboLTKF-RF
z-%R&^VPd3JR{ZUBzvc)ywG(F1eN{|=w5pSEFWomr`!>EK^Z4{i9Nqd$riwBv_P{xkVNI`Bhh|3}C@
ztvm5Uz(2YhXaRoc;y?8yRQKYCuKqR#9(wabH-8vu>&Fk>{U4IHVt(l1KS|mK@lXOw#y?mjE8
z1}YkAnhxQS=b$hJQ}z^24~IVor=qWV;h)?axE(Aykz;#?rk(~9#x
zakew(lw5YsMjKLhSk4Hel-@t2#HenGo5VS6m6HXOVPLJw6$HP?gwmx>I61L&$o~qSy-6)2pXQwn#7A9)h>3X}rWN
zgp|8Hob^e@`F&R@OqF-;=4_Q)(YtK>6dNro`xD&n
z<$B>clAsh4>F=W%Y&%O?g+|UwoINiRx8kMT8ft2`95l7h|Rpc<9WmVBm9+dNhR
z&OWOn+CZ1Ua!nO3yj+B6ZHJ3n1PG|y@a6+teAb`kNiG&)@K`>R&hdOE_bN>E@Y!ei
z@k+7JDuZcDkClRR*rM@5bf~P_l6i~qX=<&6*{riRqLj6_k|8=g%m&^FSMGJnA-EG+
zqvzoT+-x3lzNDcE42>n|*0S_)f*{VCS^G%W`Y4jVpk3$7Stx*=ibH$$$AZ>T)KW%g
ze`H@6>tk6wVua{i-XGDz5WkYZY3W*Nh|X#LJ=5_1FuBB&K<6svUC1yp7eY;O7^F%R
z-#Z@MY8G`(@Ymb3pM#jmPZD(wNe}8$fGU*VZ3^@%vjvi=aaji5Z8~Q`Tk2Vyjnros
zVT;Vv(6Nw7ZQBovys5vSfi9E!MlEd8AqF)W1VbtngUcKz6~CpB3eOmLn))C{I7VtV
zIHt&)4SQOFIgzdF;(ZHx2+Z@nkB*4E46z#&?vD{}WvisaXm0}x%&90XT)1N)Q~`%^
zj^dV-^$6fa5r6JC6kHEbLk;^kt;gOkOL_2yEJDG`oZA$?&pR)
zSvG!NC11zb;m;94Y2
zJi3e|I7EC5FaJ;uNywO(qzwEO`X$H%K7R|4kY!iFw*j{uN5rL!A#X%H1tjo|yY82;
z)-|}e>miC?kr{|=h61OWqAvFilO}<|l#gCe9U-
zV1JV68~VTx-VdkSoOgkrzKQeFw=mw1kq0kgmpMdJ{sR1(!x2f9HbKSDQQb3zN?boU
z@i^EUERK%?d^vnmp}|wgvNoWcAUui|F8ql5l}Y`r_f#?f#1Dzci`_3aGgj9
z8=PV-{I@lL^o=Mkuy;#JYfHE&_Ax&!K;-u&UPS(p84u=BUT$J|6LOF*=_!zBxX)qQ
zZa)+rCZ#t>Uxfz+R#hxNmM=mQ;%kjY>V=!91Z0-cOVe&|RKosFoagp7y6K)~?P%G`h`%rgYK
z7+y-b0Wb9et*g>FARS9mfo_K1Rg4hFOvCp9fxU@WDV{FU8FK*hoPn1rM71OrQXD(H
z0344@ua||~)HQJ_@K<87=OZ3kVy7Mdae8d$jGjr?grOLjm75;&$FVgj$>;rVj)m>X9g+%9OW1MkM9
z<6g$JN9GLdiFGraO>j4oe!pBk!Cjy41HB)phnRN6eIc#_a|aT4JF42ihp}UbTZXEP
zKm}>GeG1jUeQ?^0!=R4<^31)npcRB2(XGKP=IYhC21BBp%K7BP2g`9RUp%)`8*ms*%#nY
zP2gOv2$iLo*B{ZG1#o34f~t@etDZEUrmE;sFm`BGd04~_NVYVuV=N~R13az?1L|l(
zt~7h2c9dTO{8s7NapU347E7?ig}nH`IeUX7($`*nn&D!^MEf+|hC
zKSH3H^!7u=okHo<4ul>KNh&Q|1K<^e-`)XXG{C8vKr*7tc~tm;0%=9L5YSZs*Ow-k
z^fTc=p$zk4b%k<*d>(|oM5;mxOs*%3r1d3+d0bJR1a{8BRWQs7g~(lPq*d%uFLudm
zAh;XaN^H_!ZurzzTFXCBFPg|?5USlovQVc7+DR+_Ih&LZLi?LYTranm*4%hIOhZAK
za1&|ZPtepsS{sV&Fs%S#-A$y9FC*aC+h_BqYFbM^3&P7ck-Fe(_dsVE5u0aM;va(W
zsY4RxHT1dy0U6QuB~&?-Gp_)<5yZ#U0p49&A7a{)O&He*zTsdKOI~}RlQ8LTje$PW
z^V}_XZHTIiW?&UMOksAS`l2sV^E&p8L6MOIfDH-awK4Jw^p_!z&BBip2%igVaS(4q
zl|-@h=5&&Rik#d8?6DwTuMy-2%JAROfu-tF9sqVEi0`M`^EMgrZFecC@|5R+T?pc*
z(9H@Ak|FI^;?2l-;6`J#EjaAVbg>%r50>7?FnL5JTBZWa2;xuo0Dil))^)bitQoMv
zAinKQ_&-!y&%R+>asaR)L3}IOZjs=Y@^>vE_aexnKEkHe1txRua9T3SEX
zwDDA68A1FZ7v#rCD;gau&MD1+6$bH+PeXpJv}O-+;ty;{5dV2N@Nv?59(H8;xxf|&
z@!0Ob$4e^|jXUF;fISw(J5&HZL0VruVCz2s>_`w_{Wk13QCfZ5+w$juU375CEeY=o
z9GD`*>-4a@L>}}T!f@C|sCgTd%#hZciMEm|z-k2X6AciE+0t@lt`PdQU!JHyn#V
zSWP5u?v*CC!!GIFixRb9{4
zfpCY`L}60xjbfgbA#EJ9t_16m(#)IbXORk+{Nq%38PsE%PC>LAvPWJ-Cc7XbPY=U@
zoXm0otSg$yI+blqj6ee4%gAwK(b*wpSyU{kI8;)UU>-y(ANWOv>{x)=1j+*q!D?BG
zDNH8eNA_>lw@JkyjL;-yMJD|rt)zW+9$5&&J(|RRa$!;G48!_knO)jpbA(ag)u4uE8f;cI!|J#dtlz*0#Q>!Q
zizc0932Jr2IynnYDWGL(DjS?xrqu*xxQ1bkM0cI-QUq34VzONnX}}{0drc!Ea=P8`
z7z4tzn@HPQfs|!LEJKsSos+vkSnrV3p3s5klA6)D!90p~J5a|cd(bkNBM*RhM3ZaL
z*3N-jjk42Hln!|w*aeOA#?^smB<3+m=TNuayorh%~7CQs4uuZIyv-npzeYnwb?1eczMni-L?R$Y+R-PU9kJv=&Aqw@#xg(i?tf
zdGy$6Ko~U)VKh4IG>{b)K8WE0W_gUr$6?z>12HjyK^-{;E*j>bcVX|5&@~>1v3>x+
z{*3)>_*%EXkC5QJ#)0JBgvb7l`YiCBVJAG#nEYadc^3+?5xCq7`e7}yl|=YQL4n^4
zU&1-T>f|{PzSAVtEYg3b0@n>+6(kS&DcuNgBn}RjTD0V!O$7`ytP&Op*}G~W)N)9+
zPna_eyw;T0nEXASA5FZ2)m+6-7Tjh9HSL{k+l7olo^
zSj7x$d=sv+P0c~L9=l2I`xD3sj~WqVJZaJ|qXJJF
z{sE|6h$(-gQ&B0eY7HMW1#ONIa%sBVxhM}pibE16&mul=SX=V&_a`bfxxktRaX+e{
zz>7x2g@JZ0-V0c95Wk#^dT759adEFb$2<+#oSX1NMnsg`#@7Se;@~_46=r|xt-Nk{
z4^6;_Cure}{U986NTN(Hyvi7O!>}%*1Q=)Fex9(EWXm#Ts~~`H8P>6_0&|;izo9WR
zJsNUH4L@yd#I}q>5~blNkr?K2)S7{J4C@mtl~RfsjX)?YO)7IV1*GGKRpC`kWA_C(
zln4|8m85n3=wAljH&Xgw$SvyTqWTDY0INcuRfcj%;Iv^T{S5kg2yS$Q#W{Ed@QmSG
zfpuW{oCB!3Qn)CGd?wQ`Ad5+NO5{hKvEWd)*qLc}kGFE$qDZ@tFGT9$vnb-JhkGDk
zsjD%sYowrNHS4$pMOVnyn_IYL;e)lnUVq_z&jM?$HmUqja+b!8vC
zQ<2&Oh6odx$6DjfWB2@!@$jLTS|s|{f7D7827S|dCMax4e5>Q*?ZID+)QD-4e
z7O(FKY$dDBkv&Lk%nLBlX>h;7VbJI0lK+d)<6VHO&_k400GLqBpqkEFDM>VkIz43_
z1j`xp8-;kXtGlYXkSfnQ0P7Rs>p=*Nf-=p0$T_kdoO?Ks{F!ikwgu59<|It_aWNkU
ze39mGhl=YP0&R9@OMGH?5jTMOqGszZqP$t8r&X9^i@XQ=1ub#~fhfry_6&?QIAS#{
z#CFgJo3rn26C>RbsdzpvoFfd=p9SUTZxoRAd?hX+w;^_gND*C@rr7c|C|eFblHltRYzFBH6P*z6_$BNb~*H514}@^iLpW2PY*{&SgXM
zdTaiARPJ!CppnE$SS@isV9i6Pi{$D8$qk};M}R(PwXUeNb_UYdL6uPwudRUUhpeyD
z6lEgdIX6+T^D91lv&QaHv0exGk-wvCuzp&gg7FgIw@Xntp+#aP*xtR-+Pzcpz5wTk
zQaqco$x3OeD4vd3X220lNEtz?nOOW8LbcgKt-&#`2~LAjJe%@}^(v|aGEOJJ14>cs
zP~|@hRgYR*|5U1`g0r?XF9u$!j8L9EzikHMvCaB%lahE6?8E;q(X>4Lc*?psMMdjV
zurF%~E^CxY*$hn1ZAGFzpn!*B#<3g@Wdp9j632Hzx^1^c+tJSi++0(F`k0(@
zb_U2htu|A!0tQkahbR&^U58K4dMCZ1diQq#nHEIfpsMdV>zrE%s`%CbS*OvIX&Vrw
zUFOLoYzhX~1B6gnRfbBT=+H?dGI4iAdCpSJ)&2Y;`3@$hm4)hQeNcRq}VSA68(em^$~`}yIBpBhK^tNie;KNAZR?gRYr
zA^z14nS);HY@PGR-v-(t)^_0u`5lHl?$>;@#%{?cgKFIu(N&=QSR>&<1d
z%3MZhQrmrlDqR%5iN$=Mm1=rk2%w|D%l}p-v)tLok!e7aWr$#gutK%v*~rXw^`U9+@}tIAWP;@;lTPqDLY9T)ux&ii*-|ZhGQ-qsuGH
z7CSA!)!noTyZnDP{cF*I^rqf*m74yMX?O#KI|E_d83^ajKm>ONB1Iv02CNZg$b5L3
zN4)`Slo@dph7&T6x&zi|Gn_C>=26mHW7K0LDj@0*SOsQmJ}fL_sYhV7FzqhEYKRna
zm%tithS0{vdDJJc?l40sdQeWC0&Aja_X_f;S71$2%I$7}`w)0PgZ(ECBlwFF)h+O$
zZI6K71RM;O>=sP)BS=*p1lM4b{qT%_>Ys!+oZDsd)mb`fA1{BD{y{Ot2@Ow4V0~}
zrj_xK5NCmXTN+QGHr$$STJtxkFqz#@6W~zc{)BZpoTY(0Cdx^*X^bx7l*FgF{0#Qhu
zr5-!6nZz+sk0Jc)>X$=*g(0V)+5H~-^Sx60n}F0L0#Qhu2RwGyiV~*>@&`xYD9vc_
zx0iYBKU&Ko%mC8zNW?Q}d9wZR=wE?Ge|x#dZd_F=`aID0{m&#c{M#!%_Gmb6GUnGn
zzv7bccunn_rHBeN{@aguY!j}Wu>JkvgYYjc!7i%;O#tjw9=peKiBli>9b6pEk+Cb$
z48UIPu?sO5>JO}J2UAp_DS%z*DY*xpfF|!Vk(H;jX%1jN?y>Xnl^MCZRmgh6&8|da
zyZxlcGZ^oAw*h>BvdA4sgXvj71;$+CDb?(poCcf%=7k7sQHiDj_F9kq*=e|~J230P
zzbrI&Uru-)P>JRN_ER4F@$2}l24FRDG1*VV(L}&r@8Ow1W10!rPkTxbl8B?JfIZ7o
z_3V>a=F(iie#TR>C$h2{(`3MY)+1*FjcGPuZ}9j@?C!=qCOjvf4)9{x-YB1rG^PoG
z{k(koqA|?~>`fjyC1^}j0(-OMc|PB`6@$3_f-_9!^Blq6;wei*z2C^^NrL^79983u
z2aS*6$;(ZGJ!3F_vMr?d7v48OvB{`<9{i#X1}h_b%0SGlj2ei6*imOn81(@fSQ%!}Bpr+cgjk-W2`>Tqk%-`KXa!A0H|hg1-9dH~;wA1k!RuFLuOo#Rxu1h5
zUqtX|$I&u6&KOD((k7$+LCjsEt_Mlwb%PMiq#I%MBly!;#~SOw=0#$)31r5rMBAnT
z>MN?MQHsLZw&5dOd#BGh`7JO$0q&O$zBp&pqs%vb#?bO$I};hkZa+4H%C1@fLuv^o;RM_SA4#!7$gk|6kby1d*d`(X???f+GmmZ
zo)`>+(Ty-(;;hM7EE%7H)hQBofGqYgsV#F;5!*4YBIjQ>_Za0irb)B?j4wdHbe$MB40!s#?0R(2?U$Q2*DW^JH44&(}=nFPcBN;V=4G?1t2YRkc
zqUSuiDg0oZf{fq312R)Acd(sKNYGe{*V)yqQkBl)T_#pQdx2%R@eL8Xrw6o-wS4Qb
z*^m_biSnuUNhB>U<|vwp-5~Yf<3jvsB=5q*VP8y4HZa?bgEcM~3swNu+lZxlN+Gzr
zKoUP0r6xd5rx+5^F*5IG<1E~}FO6f+r_O3dF
zu^Xv(4gkq~YjNtg`(R6^W&g^lydPPgHdx1Dy6NZC`x3L2fP0ZS-`I-OZ-2q}HL+pP
zZ_|ccd?$sT;40-T-&^Yb5FnOKso$nU!7Y1uM@r@WdcJ=Nso$nUtSy_43isP|kT}k-z`dpJ
z{{h6ZDfQdK`2H%Vbnmw(ccOF#Qj6~`JGL`fhai4C8TXbQpGgq9Pqr)J-s046m*?CR
zKyX$I-pN>YTPz|i`#@Jpv$|6%;d7aT#HZA6(=JTQ-pJ{CyrE525Q5{|PCzXC?#7h9
zi!|BZ$@lr3j>9&EWP1=&zdaCg{r2|0gc*$#&7doleLW(%C@)gW9*ZEc-=;S{mQAm!
z&@zC7gHSqAN^cdQ38(ZP2&L#uX%bAFe0R%a6m0c1H3~xPYS-uGAZ@jr?6V{=5prhJ4g-zEW7joDt{%U-qoDha4>-h;J4}CyOqJ4
z1`=Qx0roQB!E7=#0g~ijPkK@iqlwvh87%1LH{*3XOQX1MIiYPQqpKf$#w!#G;3g>
z46u@yPVcpBI!4)VQ@Ghn5o`2e0K9Yw2kWz#vfew##i>8x3NT?K%bPGhwgiZ;Xdl)@00)OpLn+ahx+7aIV}
z{u}rBaB3Pd8*ygROac?YZ_~ZE3xiipC&2PK01RNjn|Mc=%z$Kj3+_=iWcuyj=K&=T
zD1Li9VJ~6qj~JT(7GuMA65g|%`QCg2w^=~xwFihTWm=s28R9(x#AG{-QGUOV8>=;P&nuOBXscsmn-=
z4SaeMziHzycO=d&0m7lLp(YXze-@>28hrK&_~i44E=wri9Ti25wg(YMc)*Y!0a6~3
zi5hoet=cTj(<{*hR^5W!!rL}o3s4+SWj
zm?n&JxN~;wGWdYrl?=WTc{=55g=Kz%5g+204~
zLe!7C)KdD(6=11mMl4;4{56-Hxih?X6C*(RM1Rbs=luD`OK9GiU+uw|eN(7D7?i-8
z-Y4iUvpQlAc4~+OmGHdN!D1-|V)NfNH%i5x({9g1q%bRMkVCK2AfNc;@&()p|wL;dy;zNZwU!9$SqBLi|)kOTr)
z_Bq`9ZTbyRuRVq+V^$HE0DivrR$=h`l?0f*8hG^?@N6MDSum>^rPR1sH#n|wWgg2Wrx2_>@?X{Gi+C&T~)8Z7P1R&n^K!g)zl#?4s6`H1c
zDe7j~yuPz32(_5Fpo)<_#0$6rCzR%*6P6Nefa7dvcQZF41iMdxi0qCSh?*sra
z0RzBGXJ%Rq_1hJ*kXN+}bjW?n>T
zF}>fm-T@KKpwR$ui*foO2_mq?DTZ=DydxQ9;QI#vht8i8E4uf-&vNM2Z@&Vt_c(LO=k(>zhzo%&n*>?v{x!hS`@W#m`kc}-
zNc}d!y%p~y%_T~=W5gg6h*(%4^)^Q)777gLN=36MvlO;<%*Dg
z#?P{^VkGn1^c#?v)Mzsy245wl<1VkjcpYC!Ps8oJdAZAts%LOI8Xo>d
zM)e9pyuleH4S#u;jUT6(;yucje|ZBb-as*uQz(de6-lW{Q?RuMUp#=k`}c^-AF_9GOJ1*lp%VV_2jcM
zL@(1dL~tJrhm%n$Qe_rQL^B-#eyN`GLQGfE<6P-~LpuN1A#qC~U7%|8Ay}<^vQbxx
z$QJRbAZ}Ys^{I$SY1Qq)ojbGY_TV1!Myh_FQ7%ID`;4Rr)$cRv%jZr3R(+Y_s-Ai$
zcnW#2w5E5EBtSaLE|{_Q#ZgP{Dg41^~S
zrsldD#&y-V=HS6OIMKQ^eavqbWKD_9uarWkRim9@SLs^Rd2MidLh(nShX0JhZh(gI
z84W%Y@N>l#-Uo$QkexycA+%)?KMYNwmLk_3U@OSE1JFFx?Ev&E0pT4$KI;xZ^Vu7A
zfX(Ot`&Ja~0Oh6>6M_y9Ap{*DLI^rQgpjZf5MO|j^iV={N#;00Xcg_2gnoM^yd?5j
zmxNZ^H!R6iLI_F{Ap|9f5E4-mw6$C%WP)3zou`Jk@&D?cBg|?M
zZG42O+O#U%2=ivu#zp*5$O#sc^HPMI|LRNIjra&T+l?CXS;^UMG;rjkmibArIgaw7XqrA@l;q|>j!MNPxLKt-tiSqM;W+yBBllRrzRU&v|z=%He`tsLA@?3_o7
z)R~_N@p>_3#sCj}WT=Q=SM>s>S;RKA4W?upi=nP?QSVCFp-{IPbYwe44t5}SRWX`<
zjv8$-tg#C&frivy;oa=kaq{${Zs8gzrCTUHc<>NW`m|ATjpTvn9D1%PeM9yz+@~q$
z&=pZ=fl9K3>R*9)axv8_V@6YCpdtz$sOZKWs3aeyItD8FtW?K9
zC7*9FP*wT?C!8p`y0i6yTvus#ppr~5L&*S9TSZjGt-gCf#G?RJU!CtSVI%O6GE{NY
zg45||Tb=<%ilWmUbQ_@DJU&slsoCJ~Rd~92l$@pbQzVs}2mKBlHxKgGZu4l(-dZ;g
z`3xJc2HV5=veoJ4u>fqfjoDF>tL5fFH*WKg4p=u2`K+6Ve7;fh_!VqYzk>AFlyu!Z
z_CY#Zny6Dqm+*hpW!MmngV-(2d(XBp=;8?fE
zMW=hx-+;1th3o<%xUnP-y_^gDWzv?qD%t?bxLu?!PF3&^PKH&*@ZX_g4v?d=(Ss=t
z+mlu}2}5i0J*{pMhIXKPBc}#RJ3Q%v5Q_=F=^lx1(9hh9_@6M6ex%gUX4wWzh@K+i
z_g5>41v`~6{wa*4+lrxn15{WLsNIcvF}alv{D#0Sz%3R11Dy4j(-OGFIUwyLbhFvO(osoaWG&
zi%+jWKSx7zXgQbeD}wYZGp_-;qhdh|ZTd3`KLymC<`?JnNGUaTiy-}C%T-|4QarRl
zjXb4>Gj|Anh)_p8KzBYM+kl=U_6L+#6OCr5umKU<$hUI-5`?YF}0jqfN+us){CR*1$U|D
zE3y6u#@C9jtSdDOP%cRgIq49=2Y@>f&>0GMq>DSp!3`+f_+`+gtHMil@jeEgJ5c`D
zJm;n&^PJSMdCq%a`}NYIwV6IYd^BJ`Nh5ZVc@Ad$avWEl3^RWDtVRRO_~mma5nu8r
zbp2v-){EnQ|E|4=w${6dLTJV>i7=s{pF8{=
zC><4{c7tB@Wv;XFs(#}qoe`ph!fWZ)!!5vznqE)NF6)q2D?27hHKsb`*vgJ+B_Fdz
z!nP2803HP9U?l83c7VG`BPPEkB8Y|SA4_DNXy>sM&=8Z6^H>58x)G3<6`uCShX7@j
zi7A>SS|~5T`RDP%ym9S(GTGKLjao4b}LUoVP4>mdw{Xl
zQ|@D6m<4SDM=(%^);Z6e0{ilj|FkD|Tn=&Ak=LTby;AH^rFP)hW>9SR1V{!3tU&jN
z@x0ShnkXoKCE}kPk2SzOl5C7y+Wyd%OY0qN)$YWW=@cmJNk8Ugl^U4D#DM`QtaqIA
zj7j+;sG44i*BqDEOW?&VnD*STclW}4yiB3^FvMULJIQGJjB8Y^VkaB*gtIEA
z*lK5W6>QmAQIB?=WW*uD7oBVlLtEvQ5qF?qBy27Q2SB|IrT8*~=4KW$1am2!~49F6Nrzc$IVx@*&Oz?!OGAKw5xu`(Ua^guL?oi~qg|`B^
z+rn>^kqNhjuLTLU@PxfS9BvFuvo{hh0!b5TL|r}u^B-Kh7AwL6KtoK1BBUNgJ4sVG
zc*VhgM&XCR;W;(!X5b3NoSN=oQLa!-tL0;M3eBv|0t9IO1*;^*D&VsEgILjYoA6UM
zscH1^Y8SD)d+=sbAv7(qXFC8BQ5mfLIV9jt+mAdy#_-eZ!DF=ek7mF`aO?*+H>cgt3#xqTMS
z&0uasKc2Wr9+jdRJJbI7k1_3kzZef=iL;v6ThXh`kg(@dAxa^`ERTe%@Dxw`33(bu
z?v}W2QLJ?JbO1EOWT?V~FR&u%1&BEi3G+BYJQ4|O;VQfy!!=*=(CfJS01Yu2c*O5S
zv2%*yya60`7wusyXRRma`Di-FKr=|uXzzbHoW>cjvl?>K5%F6QmP=JMX>J?2d8yOf
zKQ*f9NFHK>pBnWVfdtK6HvdnJRx+}OuG97$G88ZPZ~ik17l4<$P65#nQTn1$A%f{e
zBgtK?eD)%iXdpScK-M|EZKOY=@C88GlS~;al}{hL6~Ffi=plux3;m^o>#ixx-Po^v
zKTW+P->%G+_%;KS7dDh#n=C8EsD;fhhGzj!H6w_$1o|sA8c|I
zbM39SI7(!V=EA~i?5+8C*x{||SI%jO4z9z^VIZd{7JA&dQk(@(k|k-_TdKA&{jqtn
zcv)`odM-opD0)Ooh$5>ZM33acLe2aTJ(ACA=7;E!e8$XgCb-{MjQfk={$Fb$M2{l4
zBYG6U9nm9~JN-KPIK^E%$K&8GI~t-#YorB5{1#}Ep>TEYto)#=Mq0bbnL=Kbh-FP)
zb7xr-+>Is4%^;|t*ysuy0w}i{y(HlZ<6jg9
z$&(eW!ziTzbxA|atzdNM5OGCEiJx#fB04M=!8@Ifi8
z7J+GwK*Cy4a~5etT@IgcEyi_&;;oBV0BDHGXdK8z=PR#pbm#j4INbSYr>)!hcpq*=
z=aZ1|&PNdLeBJ!m?O1^GU~{EKbY0c~lI3I^QQ~ly@j{-T4lI{J&!B=zI~&A#}coSKvk(00Rb({PUP_DM$C!fKXm56OngQI~0R3W)G(#O1
zcSup(Wd7tJ7;9r=0rFNTiuNwWyMXd+ffhtODidC9dXlA+^LKai0P&jElvgEUv6R=`Su6z`p-;B~L0!d0cbnmWvisf0N{;pqF98~2dUAn7rV4QY
z5c6{+?8hh;!dxqjfD7CS)*_K;9!KSPu*Cg?zQo3#c7d^gx}+iI1{e4daU~Zx;1uQ=
zibyxNED*Uaa8MB!xC|uh0^7i63<9P(8VPGfPDP{<^@I4OtfjcVu6XMrt^hQ|WGG_r
zWJyD817wB5(K*vCT0qQ9By2Zooy>J1xEfWFh(w|}`-l+JaLra6waM=dCk-(-n7lop
zWVZAq^zvu$&|MLR+%~)oP%iQX)yw1mM0};9!b@}U{so?_9?al%NJh@!=gN=_@-bpz
z1}{T2m`>G!i>Ukvyvr=vM(%g{4FELEyL5_v_XIWwo-wP9$mRhh`pJC=fSfU#(=)|e
zc)I63YsN|hFn=3`nhiGBW=iH*3Gts%xS3f
zAA=4TbGRYh8=VjuxMF<%1P<)_++Pj`!}?E|g()1guBtSzab
z8qHKVIu<<}I8m7iLeSY|QNPc?DXlPe)L%2OF}4<_Ass^4-Fj<$OSuFa9X;U`w($0f
zZ|p9~>Xb!u1Cv`7YwhOV1eE(;rLk;eXEiiCmL9WH5MNF(=JlfA(wg^sCfZR!Cz+qO)O=D>yA>Vo&@ET
zVw68Ql(cQzp(J)hiO&G>veQdA!N+lzScp@tiWeKus4NU)?V%5s{|eLhjrJ!a2vE(8
zlY1t!u(rYc?>3;DGmu~s(?HOQpIh0h*_bL*Ft!Fq0nYOv8gnycraCTln=x
zT>qFRP2a{fz#HNGLM#HK#Xvw&{h_gZg@b))FQ%e+IHVZp#`!&!j(`M2{kth5j}pG}tK(38BzPddD?&ego+I#<%7-|vGRZUg4lyCl7S
zvGX0EVRi_6u_Nv9KfTzIhS4u}LF><|St36b9N
z352NE;Fr>s#vw&&6qW&$HSUL+BQFvE>IS?9Re1U(&|u)PmFXqWD~$VpcnMSsZLx&n
zrLDXTyx2igpoJYBZ;Io0%m*WbF$bMsOv(zb*}h`*ZEJ-1HAk8tY_0RnX(9G1aGG1Z
zxV27&qH*ZJg`5@+0ZDk{kbw+LpHo)gMFJ?zrbyVIQFuj9pA(7g>zE_;$926Ds;5lD
z01Yuc>=_&j+b;lQyuxedD)%6uVYWxh>hPoxF93RSqAcJ2F75>fceu2@J0G1}NQG$Q
z&PVAvVm>Mn;BbyXk?5xoKUK_Exy+jZ%8DrF++A)o9~}S|JRh}!*joT9vmX++5QTcQ
zh0=)Sr2Rt7!L^wZs24o<02*R?SSaDqhjDB*Am-ypm>KO65ov@q{avj8as6Y0v`8yg
z>GuE)F&Xjrt^iXnW)G`;8XWbSqkkrzXOy_zZt972+w(Sei6@UF5vF$dQL(h
z&uJ7fjq5oj0(nmV6e0c^FJbG|xG
ziY?|jm8D$INfgp^_R7PtJJ4;F(pY=WZjQ$Hpyt?f9=Z>E$rPUUoR0#}^_-^|_kZ`C
z!5KM1ybH?gF;eBjZo5AXC}S{4#B4*oL=cLK`IftIhKf<FI7NWy#IGJeMJlra@U9VpGu
zkg%_#(3f_;iNtn?*A&-rja5Rm(=#`~=`lUk!F)9Es(^eoO4flMp6UY1=93K^-FLt|
z{2nWySqfJVPfH!#d}sov25u^Zy*4
zCW8eHPpO}vV((LYut?!Qqp-qrsy=m)`s>Ib_1A8YI$<`JK(#<%rXyh^QzTCtIgPkA
zZHU*HxXx0t^awW!&=Awp=(GiIA*KRi<{@Ebw9`wZ5mw4r>|w&SrQ)GSxaR>4F&Xjr
zXA-u^17hw)!aQDqLL!l{nx~oK9Ih1=4_(<80Sz%3c*LJPDa7|9q&01&Nk4RAjOw7F>xfUeb>0Sz%dDeWJI^*puA7jFT4ScvtQa0=eqG~4~01{T3xh_2NI
z_=_R3Ann|O+yyAd+b9&rC8Bs6I(Quwa+4vtHg#0gjUK6cr%>b#n{qP4VsGTOA2NP|
zti|B^B5|IUEKe`t;<%AK{}s7?o_PANH0Ma(G?+;Qe?E%22MD(-MXS2yJPs)9H$<)Y
zgE1c?+zIF^g(F?^N_
zBy&EJkrWxB5F&2U1O@82xUKJml@p13zqb+G#kIeZtvktEHzW@+Yt&~#6evFgj`=MT
z=KAb76?pOVGiujBwn!r;3r69~_7~t}iWM&&&=B)Lkm57qg?&QSKCX64vBE+R^*|KycdTM(rKfjGy3q@1A
zAf}Vr_$u}Do^+#ue1_&PBCK*5nX?o<=0N;s6#fG!YpyoB
zh~T%c;$YzyG5;7WwR^+G9RO$;ZYQbfJ(k+---b)+xyPzY$AnOW2Vk7=EV4pWYzlaY
z^k-j2{2zRtQQUQ~dvPRpIOY{E;0rf}rycVrzysqU9NOsM+FLs2IFN)p=G*xh_P!m~
z>#TU`w|?ces98-_H!7M}h3;WR85PZIE+1jUZYWg~5cm}vJ#p*>XqaJSq{Xw?`3xc(
zUwWdte;p(Zs*9WlI%&kRp7LZgs_xVo!2PBe?(;5gB~JwhH{ty_d>Miqb1xEZ>+~&&
zNF(eu{W1RGdPMQk9{VDoAtvMI6*!6JH4_GUQ(=bODzE*LnjMVD)>Bm?mksm#Z$McH
z%1y;6hdGqq37V4F5oN+_dxW@)9u^~Ey(uWk!BJ0Xqxvyqi!@@<1#+Lqb(s>N`^xKp
zhL{KX=qx<&Sho6Wgg@y4-mBXJcvZ%Toymm
z+!!o6D!I3~Ch2}d#vv98P0mV9Lcj2}FM2N>91?7@TZnr=S$Cjp1pM9wJdMKN0d-@`
zQNOGgf(YE^r1}x!nLewc>{wfi{8oU}^%Shi
z3#?d!P8qN)GJ{!g3l_w)gePRh=;-@9RGV+1HY+M6bvtOVO|^se(AinCkmg*Q6QFQw
zV3@s;u!$3-Ri_9~1vCC;xL=V*EbecG(~fcdXMnVVuFWNYhL{Iz*a;6*o9Tn0(Q|k>
zukdx(*$*h&C}MZpL~l8{sS(|^?{*>10xRrstpQCv
z1@rP?92mT|9U|k9IRSu6O|eTm1`kX*g`Asgzub%dBw>sdo-{jH4*rvU-RLTqtv6B9
zW2JD^cd*nW`1&3yB=whygj2f1$^(eWjYQE}!6zCoum7vo}>%Q#b1!M}&;cNry{w+9e?2vHBy}=nSw%E85##
zTCrWJCylIE(LEj}+AM5)0h21gYN2TBy0obdt&%H(cf$-_0R60wR3Ecn{xb?kJGjye
zdV7sD16t^o^+MbWtSyRGkLoKN+Kp^NOsgxEHpD?dTPWPAuAE;1<&{0fi#cjRc(vz_
zMzi8-klQDzF=1aserdUpuMMB{K}h6agcx`d)bw)-)~l$rI3(PU>5w>sStXL39^J95
zLf)6XWoffrEiwTOF)jLUka(c~TJ}$0!KIY_6=54ipV|QR*k3vQJCH83${@08-??U5&m`Htd85KSGb97U
zqp%0-No)xQm)~xag~@bzzg2{{3=#ZlR#&`b1p7C$tbFd&BB0cB7VvO8=v>##@)7}?
zu!2dD_BHrc?j@yt;hL__Yhfk%|6746`R)o#=_e9yS&mmJ;A?hA!fl3P%zE*dNJ7uy
zcgpU<^`Bd%N>y9~%mOsT^fWCvuo~+iK+NSxm{}8a0Fg*oZ#-&>S8&~+c=UF8ya{NC
z$-rZDlbHydD;(`i(ubq&uL3bwWtDZwjh)IWJFs-*#&;dKiGao{+>tJB9S2v2;LuQO
z&cORWKz%)B(X=;T<>1N>*j#Vk85CjO{C0lKYOz2uDC*5+eqVU=X6Q%DvZNU8&96X=
z8;W-$bFMd+5%_R#E+OR2DLyB?c|%04Lc6g2sfT2*y?JXux%E>lKHQsMoiAIvxbM}&-%X>Yz3B<#)4!$vOwD^tj<}XmuAr3ya}LTX3*YTngQPY-FvXF
z5Ln9glIGcetcC0XhnrP)h*9nK-rs9c$K|5;njYQqFO9p?#Fe#x!jW|
zy*VLCZ{FuUP~-RVJ^`(H1_}2iI>lH1_+282`F*)tbd?$}aQW;5l+B|8{`jT^A^yn+hE9D%a)=uuI|uK#;fl<{bciVMJd5xC4zy!EK~X%XJ;
zsHk|mqoRE7)MABVQEXI{2sA3DL)umFUEfKTM30K?b}Q3SN&f#vMJ3-I6_tJ>VbEkD
zdV;Sx90}Jj#iheWMH1>Cf%zY<3zbS$+~%AQXo%@)RQzU+5KjPNZa~7!hEkwBk+3|d
zk%PF_RXp^l_z9pPCZqY(xuMwf2guG_idJO(w^i|Fd{|fHh-~(ta{7LQ>5bfniHht6
zH`xPRaujb}kxvxi?N+4X?N+3G?$lzjVo|IjB?2lkp&RzCZUSHPEhKCW+OZjCS`wNG
z1D(b-OYzgD{SnX*)01i6MH#OHVtV!{W@H7CNLY9GhARX3kB-u0deEr{Xo$(Mk!1LN
ze+tn7kXy-}G#%2g6LsTYl>{N~1ay5d>NS9Jkhe(qxG#r~5$BcR<17vzBh)J&JEcrZ
zqWZw(#^?#&uY${QhZ9AE*%TBm?m!!Hyfw8{mvR)(rJ*9(j{OEh#e49c?G>>e
zD&~Nghl*>!mP5s`Alt6XVZ#AqUzQUMJy3k-@s603r25j>2@Y8T`z
zQ208s+80ncBq69k@68j^-WFmcpypg8tOEt6d(f$lo&iR^O&lg6vfrwiVhyg@ifL6>
ziI)HkF%Kv)5f7|Hi#M?26c0<Mt+~ss3!u!cqO2~sh8z)nhf(SCLp)JqSApl+awUW!-w}&QKB&y`NVv$f
zeN}hXG-8=URaUd?`6dQ0sWz!G;^Gb+up%d+hRrVoma7K
z2GDs5S8siIDiW9cEn-bmtnw-l*J8CI>8#kx*wZY_{m>MzILaYv06ykkBy3g+`-Yj7
zgsg|#6`0vcj6;!*!a
zAu<3lyEr`75|2c}`VvvC3AnaVJhU&K4rqwUh{rD<;1g3o%w0%0bW5RQ4&74pnTvS@
z&6uOa6uPBsH*`xVB9S;ICE@fcTz_sWtLav^no1nF5#taGE$ACsL&6KPLYw)Do-lhi
zeoz54r!yp{Xo#RcqwsD(-Joq)2V12gu>AAohZ3ijt%aKD7tc)K06lAPXk~0*pQTQUDu0VE~7aqg=KR`1Tt{$g;bZ~#=
zFp^#zOId`M#BeEOveqkSUOhm4;h`pvpiN&
zKI4tDAM5yjU}8>0!siT72$5@$RDs*Yi5BZ>&@qf6jijB&puQT{qiv+6d%C)80@URY
zVy19?Ljh&i*A8*MgLvqx2xq#4*8pWh(K$?HR*W?WmHbwfqNy~^%cKvuz1M8|4FlAR
z2yWkqV>I4JlWZ-O=;&5=H$a&e#qvA_=X2T9g$5c`PplzkCv#h6`-BK=!8Xy*5Fc1pOt
zip*AZO04VUGu&QvsFVdJ=13&$v?$ib1tnD+w?`*Wi8PY-LrKJoaLrM==$5rEoI{A2
zqKWkbl-*wDSRwY{A*cwm-I_ZIC>Ne0AvELTb1J;wL`Cn$fWv;SKcZ>>0&Qh8X*umP
zQx7X*I-e`tXHv{E+-K5nIWeyf5w7e4s;s7xm-dRrInXR2?CrO%WS$Y=h9
z`h5!2U6qu^t`*(_)U99iPT4B!`zp6(^=R?6?kg<5N}_K!SJc`8U1uFJveOAu&f<&i
zc_xuE4gk<5C5JASX
zNJKCM@fUHIrNrwIB;}|omJ}a0f=Kb|4EYu(EWS?pdn^~?wx@L9zhyH#kF|2pzw7Cz5pm!gd4N&vJl&y0Ntr@
z^$7B%gDaacMv%V|`@0V4;$pbIkHaiMIwXXkLoA>o83~t-M20zQBKi44{B#zs6%|80
zg7gA3MD#p@{5BVdM$^MMBrY?NNLc&gO|cBu{SBmXv?G56&=8Z+2r?TyXaso1vybK
zCX;$*At4*kE~=s*(PjaW@bv%;1mIzgM8ay)`y!`ZP#hT3US#!Nh2zd}4Ji$DyLgPC
z%!1rL9=Kh25yg8A4?^MVcCjB&)>!TG#0&aS82kY}R9~7^w~JpKTp27!yEueW;ma^l
zSPZu^psppjU7Q&L?*gc3jfBfaBEzbHNY->S#ZX-9D~7sVi~}@8^wcf}cFmS`I+piRPH%}^e+*~=mZRNFcOx|0lDKF
zOyS>c)S{S+$RZXO7r-OpIvf8PM3K=Gi3sK)vbPR*iD1j6Yf)C!{{+6
zFv5T8
zj*=@#M8Xf(@l6LZ%(f0gdVis7EQ_dqY;THQxc0+;24RbY7eO})cjjG4*gQlhvIu1r
zLP!g6U5x(>LJ|p!q1j5@nLCg$y4L&2Fuk8lj%LFW=|o6<57%S(&miKACnjL!>Eya$j&lqzQ+P!T$ql4nV>h
zQgG5W#8u;0gTC4?Rn4#|!ijcBJl-FV{ol9>B?0xoe@5YJfQFc1L8sr0Ogyc^|L;au
z!oJ3U(u&9lG+yUS{w^nB?{UNdfoh&Z(yrSOEN?zi^H0(XwTx)z$7TD`_?yVG;J!o0
zuzRJh>=7xhCe;CTIfR%g9MLgij==#x4E#2_$YfY@iz2P*l8yi=&q_Q?j4H%O&Qh>{
zYKhT6KEvg_wjbxyBXhZ;*JdsNl+8ST9Mj?>z4sso&=iFW&&Gc^64Al!%($IcZpjLs
zigWq7jY#j_2It=Z%cp43t`%*GFO{6us2Zu`1Q8wdR_vcnlUpq0Zf=e9Z-Di69ci9q
zm$tD(J6h6;gqE;$J3!6eNVq9bkkoAoB9Tb`y^j5FxZbZAYJa}~&=Av;7dy8Z2UP)L
zu0z7i8jX!$M(7jznPNY#;}tXQ&JF__VtQisVoNwOK+H=>m>Cr~Ofy2?gcnw2jw5)c
zn00cCS`p9?(-X52JMlsg5c6gv%#1>wVay2KLPyHR^<1j7o1P<&0W`$)#4I0C!|8yS
zOOP-#iW-J7BlL&UO|co*{fe0`=5|0sOi#>4z9hsufS8AnFtd|jCK3tjhtGt#jO!A`
z0~O4FM&TcThL{XIg5wV0{r^`8K`6X?T)fVJa-*b%Mk^uN(tKvZbO!Ji!5mT2#^Kl}
zXnBLp&cRh^x1&M$?M>1STJ@>n>}VuR@As$>D*!#DaLc-)*E+a_qs2w;^uP4opfa)(u?N
zSp=o+e{$~{x_T^dCj$CKiZp}9ol^|=$a(|<0j;laH@JKcI=C_hhmRrYObc&~sQ43W
z$l&;Vq;(Vk$x*zqkT*gE^TF;15Sofz9hcqj4m)>?-M7!++y1Yy)ws4)6Gh-Zqp%^M
zTqGHaQERTMzUucQd_kTfI175-3am6mi}|0T%?_t!r4mlBML-N-b3PJosl+#|*%Qq~
z{IdLdT%V{VwL$z;aeM*L5YhA2orF>~sfe=CE^jHT`+7
z5Pbk`sc>}%n&RNfm8kAOJFt4A4iw)WHF7CQs@%nGfd@hNzqLUB_vM<((^sVBA}KNo
zF`3q2lcUs}=c<_<&OF5O@H**7l8e_#*ZA5g6a_4bnI&xUq5spvawM)UkT_ZRW6Ww=
ze2m#x&d5nXqG5=2xNgIL29ak>r(_`#oY^%A;a=P|Q@S;Cb^94mZh5kW(3yENM2Vlv
zkL3n~-Ok-W8Uw?`D^l$vDgYWripJF!4Y4_(e^i$>r5j>L2Y0a35DV_ZH@|>Bp>VZJ
zob2GrhKTLQ3D?o!<^yc5K*A=WyfBwYG`;Re{F`VMN9_{d1~f$U(k14iJs-xCc?^lm
zO(YW9!QQ6$3)dg2$s*|DMtut=Oa_;j@csx)hyXEbB4Hl1kPOp^(3iYsiq5$9R?M_U
zy#Ngnz0_zajGTifa~6_zqqiYsGfas4jn6A7=2SZfhah+CBFx5cZBk6ZSBleym?`P|
zcoe>W27>t^61P!_EF#+52>t-qZ}Fc&NchQ6^tbP;N)vQ*8%z4x|3iN}QBHY$)!)7@
zS6}u&^tY(m_{<7S%mGMP3kua~t7Vad1G)G`99$>kKZCGE!qc@-|F|=kB5~i2
zY#g8=rl)~--C%4TNs!er2?FTPC_Dz7(v!zb5Oy`I*0mATh`z{;4t2rsRLyEsbqE2D
z%Le8tzm
zMGp1=vUMK6Q=$m;*j58j_Iz7WHd-2v8!=PZKl{?8ZSk%*m;&PVK>MqdlvcxZr2XL#
z?`6Ym$c_FQZo)p{t0zUT$qgJQz&E~9JsMLfPv$0#nJ`V*r+h(Kw+C_qEheC7r+wwE
zchu0_h5+CCLJzcOYv(1Qb)5B;e4{))9?5O7At?2rwLSeMjS==aUn!ZtJGaHVD*pwU
zEt0rM-}&N)qV-by0=&;7nEXZ04McyBQddU8UF&+}0*{JUdJTF6@;4T1-kE@gn4X+c
z-abr-h}k%Y87-f}`U;`n1kf^EmlR|62%sURCuVhEil+fFUqr&15i^mU+NQTRA;qPZCy_BCw>E$J&h
z5j4>5UPsn;TN2<_5&VE#ZnU!9;mzL`jH>n?AA10^pi7|TKs39(zEW3uLGyyHh*!dQ
zTq6$AKdNF-gAXeP@%-~~Q`ANNA|W9Ttw8
z@FoP`1&El9gzZOyMIvEk_QUHQT(?-VgnCeY7SIrpQMjv5_5ci4XG-j#=RHW6O#uE&
zq!D8Ci->>YYAfqkbyfKp&=8YB?O+D1A9KMFw16N{tInxY2sbCrNzu7J9LhL|4q>vNf^;b5>e
zfM#chU;cQi212}24Zp~N>j1?@SHo05LrexXEtmAhZZluZBLGhD$|ALO9r$HHxh9T6
zPmFE3f#i}X#=|}y?7Ri5a(yi}Dysd;5eMS7ptY~`Rq-MGfWaoWmB6ea@NEvDkNVZLx0Q^wVFa)ve2Yog%<5xue>4ea!cp5H)95whb7H9ShpI=gB
z2jX#5uRYUw9^E2V6?~8qnuMWyj<4i$7BCo}?&LwiiN4a!pvokrpq@B(a1^A5MBbof
zHqh_%*`tt=rOHGOoiQZH2
za$cbEa4_sIYZ#t0Fa|3h`wm};PHdhm(Q+RIWciHVV6{*bt-cMB0`Qib3y|fjB?n)$
zDK0^luNjqq+EjF>yCE^l*GV=qOz-Nw1Cc#_F%+?*>75w(H}2?@&7ELxeu#v-GJUcc
z)|E+i6^sLyaBZggV0E|X*8vSNJ?d;=1@u8;7=0NG%OY_ZibTR}ThbKG0FEujCj-zB
zlTqC-hcO!Ze8T{2_K)nuT~)6%3Qqyb{YhFIK9kGd(AP+o9X^xWY9n8xGi(fepUu<6
z#m@7Ho$t--h%c>M>o>6?9i+3hyvwK@VQHRM*ZA$tm*&qL8$
z4u*blKA-0o{8rVUQom`ge&YeXfqrqmdXf5-^VN&gFWy&IR+gh*d0#_UzZ}x9*?!nJ
z$rt*xJXPT)=+g50zJ@pzL#hHnQ=S0JQ&G)J
zDMQG9ekO|hIe)p%w)@rrY=BYFJjp2MqPTZ^3LeXA6(sfQeF$C`qWsk7Jq4@tTD2i4
zo7(clNu>+PfN1Ve`->=F2Pjzccd75MZlhXsW3|7~Y6p%if~aFrYOMnI#O3%Zs)U>o
zqjk4zf=c=z%C`Z`{8y!j3a({JUX8HKs@c*qA2=fNXG_a`5YbcQNC12>v%;9-|rUljz}Hgbh&ok
zaddD>wNI9cLO(4FVYk94-&~NcxFi{Fbz5GeUn2_TRCl4n(5dc1r%)JrxT~yjY8Nr^
zMz5fhYopYv@3Fi<=Wa0d(@}9tno+GnsgEB7V1om|G?5MSoCDa9*CPG0RPAF`R%$KJ
zJFR7PUZAivIJ^*5I=(rvq$bgF1`4(!%GVo3ICQb7rS6F=m}99GPQe^YJsf7K+rV&Q
zlbFoWtr=gWo}^e4%oS26pu1k;?E6~X#_wcr^TXh
zT-wG?Y4b71A*F{mLs^JHC07=!k6Wy{T&#W$#dmW9H4{;aK@J7%
z`aJd65e~+=xr5q3QU-Jn{EmQt-99QtcHJYnqE!xgm^&wr5_YesGEO)Gg>8AL5Bx=x
zZw|;RC_@Y)e>x*7rPcZrFlw^%SrDC01gmnu`N$;;vh}&hanrBUfjqU=wb6(#X5Kd9-M!W3Z
zF2b(W5eOs}=fhcCz+~#U*Ej>@jwhu?bumSyKcleo^{~RynlhTBGRM7%a`ehq!|icz
zeF=acTDlTdeB9gd8MHr7!NR;(jQe+Dhd(%#@MPJTR^u;lc{Gf6!W$>&G#m0nfBM-1
zLgG0t_TH1|mbapOd%eDSxDS3Km22!OcLGp%@I_4oKBOV@9j}_UvhDYIRht+VsJa`i
zbiY?EaEG>dOfg)~8bK#k{IEBU6gLadT&C8B_#Iv!y@?qiI-4{H&)(C)tZ2YRm5n?yN#Ef6TPu%S-LOw_;`GsfSCJ~VZquB^LD9ydHWXdVid4{k{ah55YE?o411)^XxFmEjN1IEjosDkBu0
z5rjU+RYrVxMjK>YRT-7TGjfm-1EooLQdmZ-HOL@fJ+E?bn45@}y-_c_JiZQ~@O}gg
z{LPdX6#liy!ecVeaf4l+>M~4lDObh~UiTzQz^F**qF8=%}Iy(4*uRzZMLp0FUm
z6h##o1PFSnR9dKl09j}=G6+z{6G!iNRS=-<`R)*2(i2nuAAD1APzrZ8Ss8^j0d<9=
zZ;7^hZUw&KiRp}-kiyqdgVo{qyky}eyWwd%8S^n6H84Fzq6Vg?NYudV(NTkGkCM{0VP0xXuR>{%OxzIjtHj0Q8d}Y=ufi^@VJ+Jgnm^XdWm7Z@CZLjnM
z|3juP5!)p{J0SJf1H@oJxfziDI#h7TtW6AbsNk@vh6EKVIAWGaXA_~}>?aBPOk)9f
z{qt_oI{YM3f)gv)XV!>}73?z`QyFxuV4vARHZ4pGIaaXWjG>JTJelot4tF>Z7rw}4+`0L|7&Tz(>v5L;o;
z8;a`(#n_AkG{j`o<5!R^HkiI;fNtFgac+PB8mTlpL
z3O1Szr7fJL`17U?6(EqILIqn*9V$qKU!VbVn{3P~RM2)PDY(@1)q^T6_euqItYFoR
z6c<;;bHfn@u8v1$|}j*1>{)4gkS|MCd|hxx+CFf(6;69|sGDn11T{94yEu
zCrEvTL{OyB3=
zwrH1>p~D5uaqf3`LsH>_3`d3&F32$JM}`a9nnl6|?HnysxS+kM!v$^2krK^K-vEf)
zy;CZo;{{72m2g(U%^fA2Rd5SgE{YelT~DSfW%^zK?NhHxj+NyF1NDfgh+;WaUdrL<
zRCy_@ZsmB95mG-XX<_`<T^Y@v21_P2w%468}72b?YpE&uHh?Tn<7#1((CpnfVv(7nzZPm
zP{P;k^9(id!D!d^IpR0f@bv@bj_0Lrdf`5+2)|bOP@0N2J)Fl`n%s;vjK_h!WTWJv
zSMHt?VLIuR`&grr97~*)`&grn1UM`Au|~Vdm3tX*D&fgC!&mO(jUp>|LgJPC2;n8s
z@iB1x4?QQf!iG_0^;O7{A%xyWnv{zJYB}oM+sKrF4S6y;&_^~yK7LA0HTxN{gn}7$
ziz|wCAH|x79iya-v-E(4my(5B8@^qTIB0{^Lx&FH@p2-(#$@QAjiIKp96HEw+L8(#
zv^Ct&!Fk1Sy^=0N2VD#uI+!+$5#PbSt(yn4QCXQFJlLdWaYTAgGNS5MC_oc
z^fDAXnAVy2rx?D~;M7*}*TI7WMfkTEqfpv~*()`yHBGEZ{Lc7(0Aav`hB;(PN@v&sd
zI9p7tM4foGZ$9wur`0w7)VIFyY*)gmDR7X{4zf$9$gFVFRMy52`U(r0)ug
z8q^2;YXyH>!&_woPPp%Cn3#AkE&lHEmG$G3ipQl+`(0Dr4XE3)Xu@5G*YkI&)%&H~
zI=l^FlDnF(!@B?`yNmfcyqKTjuH|JJ7O65km?z74uj8}xuy3368SZ-;l7mVg#P#_P
zHj30|LtahZD>l5E+^e-FPs$%&SI%WtAa#pAr-Mk-ULM*%(tS
zER^M6>dLzlP`CW>g>`1a(b@y6$u(7$ls1rGw9t){MlNKC6-am?L945tyyu}$;xD)tiKIhc%zIzObQZ6wQ}oBPgz$)S9P?WCwnO0Sz%d);y^xaHFl2%nmNjqrj=dw(7)7
z11yefvaLFGlnydm{At7@jA^$j`P-vXmlb-3
zi{7Uu04wcthJxT#0+
z7V=evqjx601e`iIBfje$n9wtczEi`uL#^xLyFX;iQ0T4QvYY^vyY2#5o^TVs1Fs(e
zHGf6I<)JK*NSI$D01#i=6x|gcZ06-Zqp&KVAtnQl;Sbfs*Diqc_~lt}9b=S>O~r<#
z-{nKy03NWJeFEjAla3;_E(j_qrsS9D&nV0V3w%a38T*EeDnvyJ{%u?@gUoF)mnuPZ
zMFR-`8HHOxlky|FDsa^`Tl{0p&oqUxx$5D)C>%1cR+P4lbLlP7hyIT(=GZhe0Web1z&>MF)IT{LD!%LF-av*OriNI<}EYuycqxH2hoNw
z2*-%EQ56#BN%P)$rYHn-QzXvkz!qh%Jb_(n>q-)pm|Po7N3X-sZen!F!73y#>&i=loZZm0oH$z6=#}f-#${I53>L?^~d5E^`9hr&>pV_d*$hi==HY
z;H#XzX}1y&n?SpaQb&M0qH=XS82_rjvhAh-_)Kh1(1@~?@YX)&*$|=Ij~FB{m|FEI
zz_wazHk)EH;0QDc^Cze1B6Y(AWN)`_DJ=vXsd(JYW;NO~^-e2!D|V)V-7Co6MJU(E
z9PRJGuKt)etzExi8z^!=2J9H+5`U32>Urc2Y}}EGAW;ukx6H#w!pKA*RnQVbGDN&+Njpdq@6L4vt6-bpihiR{h!dZ5%+~
zc5)an=ncrK|x}&;_rqHQ+{0t1uGlYVfY=dANzuU(8*z=va1(eJ#|{FNdq%tIm(t;9?jhRxA2
zoek>%-iQ(SV_=>sjxAE!!*j;;G_1c*VSheq=r17AHdD!##WpQ-Cz$m&tgDy-(sy&l
zM6_QPB+cCPiAFHRFvCju3m-e&2;qhC;4t2>K3ap}&P8B-xel6^N7sqTGprxqG{jOD
zf$u2!e|%kcfE2a&pG)O^EhRtX6V`Yq+33XjU7tktQ_H?24A$yk%oAW?FmR2`YDEeqo2rh-F{BZ%q
zH-l9PbA@Vv%ZNIX;zVNW>BmZ4H4Mfr7s|#GwHm-0;?ON95w&flR>#GYuu7e7GHt;A6cKzc=}1E*liRxoyYEb9Trb_%tpEU=@9
zKj~q*L)F52h00M8gzEtRGz7L-6ON$FQb9M3I9QjHuJVnYZ9P(A-Ee2pDN~GRwUReZUM%3%mKtU2UAC%>
zVMSa9<8Q;_nxMuQopy0sz1sr{b1Bp!4!2vNO4XUEYpbM-&{Y9oT|;=OWUQJ8Y}FC7
z3DF*mzJ^659i3PcTRoT;tS7;kZCH7I*2o5^^0~Ika~6Uxg0aP8>ETV@t_H#)Tdl>A
zd>6?b0^u`{B)DodX|Jtre&>>|gYc&zaf{ca!?r5%2A1Jz3$Wu^$SVQ9Xf^4StyW@k
z%%uB3sAouIxur=3rCNthgh`!1=xaz+RFeUpK}VvPLpczP8Z(|
zY@d&xqs+{aY7^!LY~N{MU;Fq}vTu=8=c~B*EnqTi?7yGJht*Qi=+2i&DzJNed?QU#
z)=AY3b4A8$0IM5?_l5qKrEE}4W9VfLf~&ob@nux>nOxOO_-Tr=+RfR4ocM?
zQ!lXsj14g?EAczbjuMU{8|y&W3-EwPu;g)?!JL=s<4&##=YU-zoU17DXFQfq_ybk6
z0@d?3;*}F^f|Xbp{_})?q}pB-%2NT};}I-bwg-e&Ks9|8`}<&k5jB9-C7hLKT*ag!
z;n6DnXxx(TFT$U^0rdmi1;i2k@bkDw)`Mxr4U%}Id?#O`SU?3A+e{Qo!G4J(Oc7a?
zyAHP!ss~h||KUwaKw>X`4ikq=&{~<(GN9(ZrxO$xfnO(%uSZtGO|tY?3SA2v~Dpp7BWmm9LbW{l35k`|_R8
z%_qzWs7+Wkz+J`Dz~+1MZuiBcMFB-yeluw^2yYmY?!K6`I-nXp;F6AmaK?~y_r;`F
z0?PToCH)S9Oz_G?_e^KrMV|Ht)Mr_4AD0S3aYNEwDw94BsPS+juuXM9Xd6S)V-*jB
zlIa%$>e*yB;h~^TG;}kxS(TSwWTgfNSDj5RMs=8Q5HAIH+F8
z?IwH$tX~b2bDX$_YO#J$-HR7Wgp&hZ9}eA2bh*7ivz<0UbqqIIoZBoAsu_|l5+?Ns
zszLCSFzF!>x)_ok8<;dEsM0#Qq|qSEHY6S(*?e7YOrH@{-(<
z?iBU`5IPtV4?9shncg%`4O`_7c_Tob8cUB-+&fO~nB~^*O0c#VChOFN&N|1(sZ|?X
zI}d?%@!!no#>g@Y@FGV;w@`0`pF1(86rxI&>FeTD>I&DG(xBG(H{FuV+#9F9#=SGQ
zfVN-_h-GFkk5A&%&3h~(x`_dIQ-RvDGtHHADs^#+YtL>Fj~Fpd
zfPO5^OjqhgS+{;JgLT6&DFK&MNvUe+3V9+D!T5U@4t)Wz70gULRuk3TP^k?UaG8_`
z<6e(t$&oL>sIE#4!N|f{Zw0Kkhx?`Pc4l<5;eUHKn$U)oJ)j#6bXc(dRx
z2z`17!Ke!4#MUd-w5FTbHSlFFFNdbU^o^v>$~#I8YUh@3DyUWNK#!_QPU5&yGcYEy
zSuMfuWn@etMrZ%BQa$ImxtIXz;yci@=i-)9eGa)Y+rafgL>-@
z^z6B45>gLh8q2xJhhDQBj%-aq-!1Z;q%N(8Luw*ibu7~a{GNA^;jGY)*H}X8U>7%?
zC&6EI2O0lvSf?`}q>4T5rt=#3NA4iQy$=1j=}ZYFFNv8DZ`_05JvCPM**&h$7sx@>@8iL;K4kCU%W`0G(>xq#1v7v5_V?du_
zM0}z=k_O_pA+`QdcM|s^Si6YHlN`RAH%3{BHQ^&lxB)u+ec~8sUm2xTFP1EaIZndg
zA=M6jJ}2`l2!DC{ESW*Rxlp`%{&id9$r!8);&A6WzfT5UFkaQ$r5#4160mAM{sJ}{
zN+=nx7NC)_T@L~4=i&a{K3~oli->+-yt@2}o4v`P&Np;361vRx@oGt1cS61ytUZPq
zRb;HQU%bjW+hu+M*0+X9gSngf8cO|%c(ro0o4O4@aV{LXaHCRZ=Aw9Yu(Hc61y*gt
zG^s}`ekoqf-Q=3^D5(AaO}8W~-Wji^eda2j0@ebJ^Fiq-i$uhl3SoMYTk`-?Ub^pKV
zmSkq$+h^8C&rkwCRCi^_J~2Tb_0%3WTQk90YM4>Ro~VvC`*v7e@j8SZU>z{bsFG#o
zg|J$`-_>~ztX~Z?yRl6FF|5|5yY!p|;QGMvuV%nZ+fkEVa;xkv_YZY`LUKj(T2bf27z7!uy6~
z)VTvJ>s;!neQ&rr&x2~EcsYutbNg}|84GT9)TeluM1D_^0-+*CkV?)q=76JaKIf9|
z2ceB2`P!rC=N;8=fNT38P^bR~UE5JAbqCBnsutdc+Z)VXID%Dv!0T|oAP;;4%l$w9
zoGAjMO3{2D64MUi%Zp%N^(4p!Ey2~!KU$(h4^+|5@vr`hS9ox1c{dK;UG`3Ce33zE
z>`FmZ{T#n$0y=)MTX+(8N`oa*DIW<+#2;9R{jNYC?}^+Y5i6DQK!Mo5NX7TMlPC
z138@QJkQ~LXFG=roew!&DDCXb#snvp9UwS<2yB=M@fL
za*lDh&iRqU^-khV(zDSi#^ENX8HYdSErYTM6#6x9!iN<8mbV|r|DJa$hkxWf#o?cM
zmvZ=5-nTgXJMT?|t-E%6%qrYl263rBg8V-~o^v{Jk%weyAa#Dnw%>%%iHkIsuXnMm
z;h>Hogic(fiTo4un68LeKnR_<$OH0a$n-(PD}>OAi`0;Hkxnt>eqzOiPgFXR{j)vRc^yg0M(j}+jT}X97wC>oc{xbk@l?fB!{z|xqs3BInFu`=Q{g2
zoabEP@HxlEL!dy~eCKWs7dTZpTb&K>Y
zb1HDS+-c6?N~afxtDWf_u5s3L_=2;a!?n&;4%a(L=q&m2TI!vB!`>rN34cRIB=d;=a4JP1$Q?r^P*v8M*yvcvNA_8b^QZPB}{KK-@4y*frroMd#B7=g*5Z`GIyzS&o3%
zPt=0+Oc;Rf#@a0iN^hO`1-j=$5c>>=U5{L|
zjF)POXZ7h1MIMF6_&Y$?J=iLBYmjB7KO8CjFh;dBEOElYf>yniQ=zh5Li$-u-jGNd
zkYa>3CUc8$f?ZU7%%VkgMAspRQgoqiDiPO?Xp87>9wb`$cu#c%9h`Uq*d&8Lhm5)M
zebtysQ2jq(s}24z$(N)jKItRWZ)td^6cOT0;0Fwc)6ksJ>hVmhUM0?1;8zTX^%Tj4
z#{}sURVT9ZA7Ejm&RNh;mWt5*RQhDqGZ*kez%o5tkVl_t>GXtqKm<>^bu7MNN^+O3ou*MdEph&C0
zBzW}hu|?{=P|`T_J+zgT0MmY&4xJhIMGD=659`vp?2Kxq`+}16a}&J6SiLm4=Ifno
zjQE;K)!=>K2cgS2e!yW52WZtxkYLumt8Ygr;LZx8Gw`Ge}mFy
zrP+!nccO$S|CpJ0`LBci+{=G8oY#Ac%A#h{rmDyx6kNvf1En(|+KQeqmCztGp^tM>
zwt|#!{^^AB4_Z>AR8+|A6p9LEfWJtrUxH$OFFs+BcpwXBxxxwQyG}}&cQhP64#osQ
ze=|M`2Rpqdt$~PnjM7;`R!k6YKLYGnIC%V~Z9R?n`5vZQqAUDyI9Q~av^D_T?h(W)
z(y&+1HIea2IQ&BcX}uo{TA@aWm?#vAPTbu%oYoQTUflg;BnM`V?s}lRCq@GJSFIe{
z13r&K70*L*T1%`#A#T+eZdNuf55;M}57gXVG29N>xICbzot%QYbDD-{03AnvoTepP
zwZR2H84>nNlqu}(gY(6rZy{`f*1Qri(Uk^HfaJUp{s@1|QO2xy1jRYKax6p%?<4W8
z5Z47`g;pS9qBw&mej>GfIPF{X)FQQW_y&o8iXXJ*-lGZZ9*)CgupCc}t+aXYjEdCW
z;S`D^GTt#3o4-fzR6Ze{b}17@(?uk)IQ)X-C@)%4s6l@S>p{@PQA++(%0hvx2e8#a
zhDf6cXNbUNJ%?IF%L?`OIQ{5sJP8n23p5)r+$vfDizbi~U3tr5;dr_^DOydaL_C?H
zo0E45|B}S{huWeQPmd>yVjaw{^U?GXbJ`U8sUqK5VMPU@p
zLVZ!$=JK0Kq)Sj~69)b8s)K=rp0Ol)y$`r0nz8kD2>eOU2{l`w?Wu4I&{sP6a
zoT(g^bLMea-dWCJMQ3afvx;Jsoar1^cIIARR&|PVSk0-(VRfe#hc%sF
zIK1CE#bIsdDy$C_tK=!4gG=LrczQ)StHiHA8$G9CmyN^{Am|RppxC^+oh>
z57PH!y{Y%gIWJeu^0OZ4re1;)4EK1wI3icacc=
z4hdGd2dh@{ekRnS`)sS0VUw&*F@7T!Kji&GsCVDQHIL{=iL?tAS@CmU1Z3N4T`rpq
z9bupXG-b*AtVp1avH-2r%=?^3pquytizWftEVzb)=2pFGKe%TSGs`+lN@3umg>spd
zQ;08;o1qnDR?W4IZ0B{WnU(T$cauEieIV6x9|aOBm4%Bxvu0A@FdhgXA_6^jIy_B+
z&IEDvlDf<)T5k~+sFPH8H#lX$spv^qC27G(<^$@*q4ebjNIwXuHNnNnbybp9`eZgy
z$GYld!~j6U3_MBDN}kN->PM6qCq5I{JcGw|u5VGXSRtzZ#;=aYBL5X{W6|`J4WPSu
zT0Md`fWA;X-5=hWB`JAM=$M_vZK;O}^~zCic*11F?KoYjb9?@ieqIC%ok
zELoEN3I3tKR@-ggxXVtgr^F<*Nxh^w&^>en^3@Vr<5H;B61^0RJKI}Wg#$gqGt1zP
zsqxp3D?KU$WAr?`sf?o{M`#1!q_V3U2Q>_&)aPQ+6r-sT`d`+_a@fZhYqgFQ(1
z+*r-jM$b;b^@4(e(sPeEBV56(sEAl
zpHTDf(a4>$BI&JqFta3P_?2L->W%WzrDmj25c?Gqx4P
znx7%S#~98@GC*^t2=xY<6LIDPUtu_}z)~xfZc3eXLj8nA;oE?{ZE%vXQcsS6*$;`x
zD!d?m3D|EqxPbE4bqnanI+*vd=@cdCua&wf52~q($ki5|XC5S!frG_-Hl2wp%>Ef~
zdQ&2QUzAo8FdvO(b1h^Oi%O)v$Tjj+X^n!&(^{;&<+Dk@HVHQ&UahwAYL)6S{l{~l
zP_6EUxT#ex<+Qhs;%X~XK70YtIQmnje34f0^NOz!VLMbpR*2*liyl3NRin}6A!ZcmxQle8lU?nmZ9!KwOsZ|g
zK@f9*F7y~yr$hBYN$*P<%VvmTF9TVD&sc~eyV8{
zY^~JbURACVz@mt+>|x?b5JWHwEPhoW+&`uLU?dwNhO6|5>fex*c1Bb`Bj}Kf%lJ%f
zC`^orKxZ085-~=yT^CgU{Ls1z*balgJsnYg`mU8%l+^&bJ_PNAp|XKm)iu?xAFBB(
zu)hsX#^_vV(hb$4I7mqqEh`NN7lR;sqDjB2_2ogT3_=4#Vxu^@cKgPod`k&cqySi=
zBPe}5n(p{kamN;}Aymt!g_V!gi^-tO_Gp3&$)(j6DxBM+Z3Jb9p>av^isNu|p?1IJ
zvW|i9l_8O3mZazR;dVkj3NInmk@yvazlfAd#m&>G@ai((V1N=Kisv=T;ch~G`4Cm!j!-0)9$}~Ps
zsJpk|?KVV<`S@8(xHgX#EQi-t+C7#MqXo<1sY11S5g!I3@;mr>pUB*7dBJk{rK;ci
z>Kxei~JCh|4>{6b{b%nOpk&*P3cMJFh7R7N+5Lo3txDwHlPWBD?`DiW^cX~A-M
zqfj*qyE$(Ltc{P;g5~fwq0WqV@j<|b`#3FF4(}G~A9O;je-^O$K28gk!v}<#-CyTX
zYzDT?$7w-s_#>gtzpC8^;wZ3B4bHRR@C#)}jiZvI$!hphp^jsT1aZV)^i#!Th9>ag
zlR~vdKgW1MU}*-=82>Ef`{XO015GwW@w~)0d_|}qJK$XzYRL~GwjD`OU5GN=xZ*Iw
z5BJVriNy%iVtCVGK(Z?~8L_jCSVa<}HN4?`w#xYmCPAcn9q`u-hgCDDu&r9d5mS{o
z9|Au?9I73iJg>|Pr%CnL9Lw7IG&1}X2!9(zwJ5O+x(f;SEjeT$@DPDothiJ+PGZAA
z5-WZ$T>Ut7)*6slBCYxhSC=Y3mcoig0NWUXzVMjvh*YodbT6YpAdEL8ZtQG?!+A#oPyM-Oyitf=mTm-IwiFuEBQb#r=Yc^FHo
zKWT;X90_o|N3b#)z||J+cUQh)faFjt9S=VqP?s=D5l6g;pN&N3%dRo?@v>iIkj4en
z_jNQT4uNpYka(3*7z?a(pK*)e3b0=Z_Zz1stq-V1xOw2Luo)5Ih!UjFL^%i2Yw
zYc9+gQgK8V!Nf}v7l^bQV>^NhAAnQ~gcdl0Gq9cR#WFOrq)VR5kp5c1T($7JEG~L>
zDpRM?=ukH_FH|r;c&8ZyZgfz?HJ87S7mp*8gj1y@3#9Tlo5CbEQW{|~y=uEsVnFACMvM(W~2@IJv|
zKLul~2N=92R2|Ccw}}7Q!^A8iq>z&+@{&l|O&wf_P%ZP9P=z`m>aH5Ni^ReD1f98p
zL~`UuuGs2LY9S>7Rx<={4pgfyE1y(r@c==z
z1fzptv6>X}(?wQ_8qB325$&>C3{=j3(6E+^F!=(>p{
zw&G_eu{TlTJbR4bb-LbzU2UHL`+{)33N(&Sp8Va(mA?V(cO#!dv&+Z}B5MLB2zq)M
zX)4v@a77YH6t0Em9XPbM6nY;nvPM*z;nqNkSN;UO0*Y?f8w)r^CFC(L+`h1y-9|iWQkJJ1z
z@|0BlE4%uy0sF{iub&ueVK$HPi(Z^}Z7~B6MS7xP^h5mPgi+qPH?cHfmsB+{1rajFjuY&Qq$I>snMZU({lt1gfN_-6L1mU_0Xo?)UD%I|F?iBeaU^fk3gkFeCtP{-l
z1XM>bmB@!9%EA6jM%
zjEDFnG7LZCNQ4Y@%i-8*h+rzV1uemT4&d@w0!?)zwF7EIep{#eI`DUi;}<4#TH}qi
zgW4qV74S>3dib@sNT+~${Y6)ig`2iG9BzxG*WMz11FHK>c$*%!OC(+Gq7ht`7d0J{7c{ZS)c^A*)9prxku&KU0<8uRQ7{(u7
z?7kA%S|gvhhSFadP-E~MP`ris_dQv+tuSFrKrQ?h%1;CQ)(~Fj&Whe;i5v*1vU`xb
z+W-Ugyxf
zl)8=P+Y0gBJWS6T^kppCfmJI`jb4QfXhwqZR1C{XJk
zR7tl)a1$!|=;yyc0JDOB8am7JdL($Duh?lrCpya71U9QwDg=
z7>;0K>IJmINFJrG!=lz8bT=fPSMkJHlL{%7x)%H2fG|Clq-Rqlv43mg2BCIUl$QN6
z7`t)Ya~MTHe|XXuWunL%LE|hkau0+Csu82$Cp{0^RZoWgM9VN;wyrI$$oZhX_PXQ=
zww)7q9vL|J;nN|sW?cwWrh@+RkG_?`#iQ?FXx40nMq_ea^`}d?Ch%DN2vpR~^*Q2&
z_gH+?IhfQF@%?ewAC)3&`HA_n>Pi7X6A(SagT$AFdymC4YDnuGB7}Gmge|co@3Ht@
zq~skB^B#*=M@0In?*P%`<0_5eF!vrG)3Y@5_;^MxBmr(hBba=N(kg^A|M4;D2@!bb
z$H%$1Yw?yb;)4GE$K&H?KeVkU4V#kIDVoQ}yKdMP*|3;MSE)G6nWx+gY;lpY6FDGp47YN|##1M;UI-67qR+SM7qzl4+?kw)2QAmcw?JX5C
z`A8&6M%;~OCl)`Crev(Nlh^3xwPi$LGMo0(qj-rX(k{nUNG9i5fs6Bz@J~3ml50%B
zrTi%W2_>%`iHoHJ|4A%GGLcSp0qpNP6V!P)?Aw&6M!MT`7fEX^Vqf(T5nr0%`?o`|
zpFQn{wDto!X5gFz54d~?@G$#kBUF)rk_p0kcSI!dJ?_Kto4Oow46j2XHV&nqjdPc1qEu?O(|u>LqJ7JL>wPW<28hnI=P$ol;~7pHLq7gxV0FeC3^#
zL_yajMNz(}Z%{row-|sPBAYL2>{oi)F^wP|{(N6lk#ia|z9`O~@kL!&Dy>Bj`5a~1z8EnAO_TW_(d|Z)1OJKq3WLVZyb%=Zks@6Ex0yRbaJz
z-19~Ce8A1yBfz@&xaW&1fQG>OM+2MSq8e`3~Z&3d%mcS<0N+kVi&NzKJNLV
zc3i*??6{7_m%z>$-1wq?!JJk6hIoOSCf(+V?)#!X{v3pS0E@*Cgl=D+FG}SCs|FZ#
zJ(ll_DtW;*u_LhVgzF;od{Ogi=@CJU1NM}`Jzo^3Y7X
zriUam#bMAt&nDveq7L{X@I_62NitL120i{E*Fc?0qUVcBZH=+B5Wvh>g6E66`y*SY
zTNijU;`pX|zNoLhaTDqdd|0d=LbkIxMNxm=nW4RdBg?eYFU
z4sPPQz-V=~WqeT+G1!y6b}g_pfoD?27gf8eOXxs^m0Vw*FKW(6DknM=y}K&)ovH;z7LE>IM_Epf3$Bv3sK72H&Eos&g_eNg|6v=ppEoo=ufl^
zyAsTu2tO6)TklXD%A|4e8PaN8ARRxmY-v@k^&Zs0#gqkiLEUkuQ6R>}R0Yb%wwsjT}LWH06u?_>w;mEtWMFmn06k3(*e=92>PCi!?>7M!dS8;KRy0t$heql;Tf25F_F<#
zzC^!IE~dQk(rOC<_8t*UXOl|7s?rJm7jiMp4N7ZHG>Mzh1jOVcktiAQ8`i>FRXSru
zJqdn8hn<~*nT6GZnpofSME&lL)Q=49vR#!j+44i{t&o?!woV3Oo
zC=Wqa=p1t9`KBH|2g5zzR4+WhEyo!vM;zmus`NAVK8KbMNmB|Z@A{_fGk6sRvEO@$
zDB{C2?X$SS`v*`Midj&U^x-*n`%k2GH=q&*F6YDZ?MD|%s|KJ4V_>ar=*n+(dix}T2o@iH+6j!Oa)fQ;IY1`pKu4z
z7Fh2XTq`lYsc9H-#5gdf8&-Qi75Jw9m@2Jhz}6X@i{JRBhN6Gn4eW@)Nj}QXd}LFYEOG<(baJu*!4V#Y`&?R_e-li
zu)YQ-iEO^9&-!6dc@m6g49oXTQJ>&n$sy`qYaYkw$?K##40QcYg(1lfC^CdkC=Yx>
zZHP~v@J`;xNnKJD<(n$^k)CUWy23mj7|lAV&1fMs4Y`LP9u9rq)K+{8kuc+%;_MmU
zROSw8Rf5LI3$k)bnJ
zFxEFkfbmU5@a~fshnRV>f+MJWbh4griieaC@r-Y3ASRLGO~f29(qqX~lqb!ZFxC&c~|
zKj(-&ixM}!sVTUllcB;%EVRrhhvH&x(i
z$sK`s7+41%_k2@}KX>sFz{VQf_@@5E%v8)n{4&BQ?}D0-@0)su=G(6U+!sR-x_x=R
zsiGMB#Yr&EdMw{Jwd;y&!XLo?AzW91=bL)Hh3?u#f!??i#G!G|H(La;Ekkw
ziH5+Mc}jfWRP*Jod>>$ge0k3|m1}}4KONXCU*7Xg#kIwALh?PW1Gd?h_k2_Js!9D+
z`yjBRM&9_Q=HT{2TtxhJPu6WKYr4RB1>aPY&(NZRebL5n=u%q5ot5XCs(2n6iUKU<
z5sYu@T1mGnsSoHO4;Fldaf>v*so`jm-02Jk>&aLqCue+91B1=So++;48=&5bq5Hn6^W$AozJBok;?O0+IiermH`TTZilqh^
z4GoKi5Z^boHXjI`0QT?*zHcgdA)4=K#6RO<+`iqa@qAM~(Ln8$U~G(G`Rk{rl>5
zQcLl~+WriTZ*Z_vf&OTxg3bolHais(x1ZDwtuHsAqQe-QQ*f{l{m~AEC?R$z6zPR0
zGFV)-Hwg{8CTNX38Tu2Q5U0ToEt;~jLyPa%L#xr*G`j+`G^lDt`bE4Dyr=TMYxui`Wz1(wtP_#SLc`am-s$Pb)&O^g*
zUJ|EF60A(Cpskg}sh99W?>Sqm#T7j6dk0hZ5UL?J4yNfjbn4GJkUCxtZ-X1pa=>ci
zfRn47RSt%0eRL*TQ$A4d4!z&t*6d6fZ;cIu8@ltcCf?#a(e*LpCNh}|@%eGsttbJnJ|1p~@+yt!dp$^WB;2cyF3;OmcPb;%3WSca
zB(FY3)qs*g9_G~t*|$dYYGGRqLxC?M-vKYj8(q90j(5jC9G6QRzK)VETu)+Qec+1P
z1*bSw)SDo_L&}PfAsW4=Qs+tQ3eb~4&JtRi&|rl5ZHW
zjA!(#YQaqJWaS9`{+N~Cq5(=P&o~k31ZKHwkhL;t_q;q4g*x_!X4M1K28Z333V^O^
z{-G;j2)_eog(#i0DztPuFe~y8{v_AMl^B?lOn_DDG{&RAJXHvfrRO5ze>m*nWVc41
zSNq=))<(qc@DP3p-fF{w%hiniNb@kT&ka7s7hkC=<-s%<(60ub!KLy~54;9|I4jg0
zzcn|YePso<38(dBEUysMCu9Xy+3|MTaAcn9$tp)gtK8f&kV&oB0u{2(4jdX|Ta6w=
zFO0*UOPV$GiXGT~L|8o#J=lZ9Qo@_F=o@z6%3+l66o7LKVKou@FySpbFtM9$y$EcJ
z!Pof-?6m{q^I6t@V4oSBo3dk8RTwWxq>WMFiQAeZ@Ya29my
z4EiOM3$g_U#UaP9i=u6D-GqvQEBjDPWn29-(zZ5J%B>LFjuth^
z0UJs9e!|(g6sTakTPP5~@9PI@+Un&KSSO7L@gjaU`XVi^p|$K0MXBA}vdLi>fN!%^
zyn-e|q~rKGNhfST;@fWn$5+`ZHA2*N#Q*7Gg6LLa`&6hKhj-3!iQ9>f!~cbYg7KH<8!89#+L
z356?v9@u4HzJ5I9&)F)JX=`i52<#+;!0ozsJ50wE8O+!<@ft)je!$xf_TTWUp0!
z%`8;wKQ>m{V+M;(%g*tH!QS5sRmoD7e#&imnS_yvR(-|_NL3R30q48{VN_UF{X?aY
zUMgOjmrec=|ycwdg~EF#stIoOEvG)2mnfk1m~Xyv@yhE9QAkqp$7722Vn7Sj3#|IUYkb4%M=?lZ{HZXW-VqZcs)
zHDrYXQz4hR?-|IIj}JbxT`)Z|3WF35Ek>2iHLiPs%zN?a-awuBV9hEvv#WyHIF`-*
zNoEz4X`oenu=NdXMR$+}8KUMKN<%w&R;pvgbvu~`e4gQ4pkm}tg9aW`!9P=M>m^`Y
z4X$;}`U5&9tKc7FbvlQEpNrvW^Ld(`$?W+m`1oF3rhkB$V>B{L*EL@eT*Z3i&OFcz
zx?fPiwq1466a%w5v8k8g0*Thm>}@J|5k*F|^bnZ+{!4eeMBFk4He%a|=1?Ujf;Y|6
zY$YX0WL%Q%O0k;z4?}kMzgl!#mtYv+6Tr_!{V~j1iV=J)lm>=^RVlN5T#*{
zRMROx!7-SS;Ly1v4T4$P)cx3&Vhv_4q7*1q4DFh4$@@|zZv*2&fE{B9T2CtH>O-l%
zgz>{bm=;S~M=9!iUuJ$RRq+t!!eG662d2IOX68w$7T{VC?}K*Y-&89xCl&Susro$t
z`+fl9caNn9c=qoHPR9j*$%_|7$c|iSPN_Kj!mxNpiog|oSrV5&&6h+K5NZ%fj|xX-
zqsd>BYV|?gTtr)79X%x$yYd4!qN_#X)4OP8wHNMB+N*F;6ln7*zYi?ltfx2nUQNO`?5K
z0`b@v1$#cSrgI>CpG^~!5`wA=d;nZ*!3ii29NKWLiS|Va98keW>REd8luQsR5s7Wm
zxnt5L6|6PM-8`i^2#**|n)Lg_(3BnyR-5Qv0K-8T?UD3Xg9F>+f_d>?EHzItAJ_`Q
zIVJ9AQ+c<>{{@v*Q&`)8y=QP1(VZugM#TjmgnRoW2;aq$xZh+KWMEcYaOyE(-3B4Y
zL@%W%P4qrzU`br?8+e=U0ii-Hi8ZAkua29bKz=*N5}>K{FOXu}n_rRE!-(igBF)gE
z1?jcg)7Eo=Vs?c8$%En`RuTr%?LgyeHcu62gCA_+2#Xwg_T2UmWY?Y*qQny?;z>%N
zt8EW|53bAoi1`c$yDsTZKBnpdquGHLl?~yq4h*;L*B+C4I(i%2cvKb((w}HS)*%}w
zKxU3@S50l;iKu-_-iMBh+
z|&LvYE^?5p8YW(nw`~ygK=T+eLf=`c)ikE&aK(wS0YNH~EX7&?!OL
zT=?|4mq?xrPZthWMt`DBW)*C=+0@9mlY$#&VKpw=MetBJNMUN=d)h*@<6`=klkoA5
zKm!rUgE@EVatuU)hlDzM%eKZKoryT?8|0ww!%%yn;;?*bA);4#kf1ZG0N+)&5*28p
zSgognP-DNv_Z5+n~I_|(GL-r`A%2lxr0<_OX
zppi(SYalbD8mz?Yb9?X@l{iJF;0_Uo%O!7Vps`3HH(O@YeE8Exs3j{Ub6SGe*5|(4
z6RKK@(sZX1qWH`=BM=xsyBkR>2hyH|$mt}&#h~HGgxY%qtH=<&3dbf77PKS0mHAyV
zRE!bo!K+%ue&B~ajtfr`YW(+F#YI5ZJy@$~F=zvdW3EWjWy>Cw)}kccwX@ewy9&wZ
z^y3coa+Zip#&jw5J-UNR5UOH+xMESbb#T~Cv#0_Y!fU2?*ArG-M0fKbL1%6ShDB-G
z1X!216nUs!>GH-KsKxM}{a|nx;8;S^ZAmeErvm|zhn$|eyz%mBZ#d3~^A3*peJ+=G
zyeP&MPw~1y@j7aO3h-7!-wj0mP6BMThBJgZQ676FB034VybA}z(dCV|PSZwc6_tQj
z^EhsK9k82fe0Co1@=<=>3l5|mUc{?JbNNjnN(TxwD$Iqj^a4WhWbwqphZl7*h
zbTEO5o9o_#L2xUQHNE1oMdK
z)Kgd>jF`KC7c-oBuTazD{d}=kZ;2l@rxx%ghO?PC<`L01J*CwJSbu|)Rx6eAMce3p
zhsUk+fUU;C&s8WRI4N(@iMH$_Bn16XyDY~5KVabk2+^)?12@%$SAXYYC@buX{@T;n
z$-vzgovu%_FZzc_Extk>HYz4f2Cv1$NL
zQ%}O|i~ioH*m)X)q9>sK1Yf1j$=eq_b0WTef><#bKhGH0?2BIMoQuBzY=gmRUvzzW
z(k6=ovtCB-zt{#fc&5<|uAaJ!ufSIGjOn}9$ipQ_Uu6w+L3z(K>aPPNAQHi0Uj-y?
z67D_I=yn4SfGAcJ1)*Fl$$O@;9CK??$HTm58nih?`fsR3e#S(*)0t;XwC#;~#x!9R
zzIg`WSvZ8m-G*3+GyfSA=?M{d=Vwf_zZWe2NsPFlzyI}&sfmrJ&R$}av`*1HV=B89
zuiYWKAd%u>k^hV-^}1j~D;vnHj;}`vdRz9B(N*Sc!Fz&O9e?oyX*~`BUL8*~olPnQ
ztIEJV*yJCJ+gMC8U{7o>c9i`;3`&SHoy?;)Zn!}o7T%jsu7RtGyE
z0cvUBQUrU8+&{bvQ(*&@C&&uzN6x%O?v;Ol;oc&5+B2{mXRI7?%p&*p`7lX_mRCvB
zy_~$e$o;E4c>aOdV;&;v`tVHq;6~fJ2wXV(8^5;!L+>AuQ_7H88aYWKaj`pLJm|5gb?<
z^8qa;xEH}@kvm@t6mJ%}Px_xG?nmTdBhWms5^w)w#9Ox*t?fMGFB8UTnMLl)TVp{C
zqSY)H5<@95v&enwSbPc^STTcVWS~AYj-hZFM$_uRn#SN-i8cTmFqHTf26O{spkY1X
zr-DW99WLTCXuzH|I2XTJLsflg>Qn!u`zQn-nio!Zv^Ij-(x-$-FY0_48)9M!;1*(
z6e6xtx_Rghi_Qdb%s9q+y>YA$4Iw#@Y91UcVaBllHX9>BQ5sMMf>UVD?2TiailAr-
zZVITCfz3E}AyH_20I*>Or*Vu*zzWg+UyVO1h#k|q&qD%PB?8VzsKE+ZnE_`XP6}43
zBdx4QWid>#>GNDWphNI?x-`;OmIu-m$T33b#40#{D`W=At?z1?E4~aP{p4;SL=DU}
zGFg8>W}>`sL(AMvh)#!*aqPTLL1f9Y(5k&yho{
ztP3&+)-94*$Bd9h&dBg5TIPz8iO1LftgI{{d%{i<3P0y&N))e%X07p3LjGJ;i)Io|
z>AHAE5y;mSGC7YP;i1p`Jos0z^`u`%?9$s51i);Czp1ccvB;(m)SA}
zuTb!-U6@+AS!QUFEh8>ei6EV2h8EbexC^x)NVk$EW1;XhTV8R~8saH*wKD#SEgg(G
zl;9jstE-yvjkc_NSm$tyr`pv&7wccMj@U8_;}6Ln%ch_44{T|>_>bB2Grr%J_h1=0
z$tPm|&#GPhC0>U9%eH(T>$nNeBHX|7;~D?jmet@RBfJISR4T6hjGwjT{RK2WB%A)a
z*mDk@u-p%aCdtpqrl0X!w!F(NpDo$+GyaDy+qmU(ESvtv;pNCGDCMnfI{hEB>1RBj
zlm%YXc;cd1`x(y-`*vtNi*Tx1w|sJc4gHm*yswMKTM!;qK8%->@<>OG56PyV@zPSx
za^>e_)BhG-)b9plksG>~+34xF;u+c#kmUf8MF%`lD?X0K-cJK^6I>5u%z0mmp<@BL
z6A(%L?Ms!XvG-Cy7Iu5-e01ZWuXlzn1Y{|&Wo6wRlts^K`F)-|
z-b^AWB`C81k;EB4)hh2H)vTZ#`mHXPKa5m7L#2Xpq&r2+v&2g){vo=C>jY(mFLYXE
z3DV`lP|cvM35e2a>`T4S08(v&@|_V{s;4i-P>Y~E0*It0_)_OuL#kI$euU>dl*CF;
z%1w~*Zb3Q5or3Q5MBQ@fHL$CdH99C?I-uphiILYznlWiaP4%rPd1WPTy{^JK
zxU5-0*~hKdOd^pcj%55B@#ESn5#hLKbF#W1L3H9mCxfyzAWE>ZFEt!xkaayM592+gVn4$P;!82~eNcYk
zLIZrM=W0Mo#K{GnwA3_TilJLUxyFT7`%;ZD8fWE>lSyz!$y7jO;TOKt
z3DiPX(KvZuqR!XPz7#|0ak3sDlFG5%ltxV|!+Yc86D_q=34(NKFjO&4P69+y^?a$v
zsWckL$#>Cr(FasJ`%(-wh?7TMXtXaipGu=coGegSOD*uF7-|f*1RL5~zr@?b#Azh&h09T(%4l9w^_q@+(7d5ur_4f1)FJc+3;rGL|tx8fPf
zrQ{_*B${iL$?LAKV0CdNSFF=gr3up2$WVroZ@Jaf&`1T!J?MN_1CQqrCSa{Xpj;cL
z9EWY4rW|&3x^vjcd6L7<&I&i&!(kWav>V>yu&a|wizmxY+u!E*?Fn6mR~%Y2w}A;n#QZQtUs-=&8S-iIkGSI0x3TZj&U&yaSAc^{^{jk$$L
z1yU|AGtrC%;Z$!`xvLTkL_cLbBoM|$X89xHuAS0c$!q_iOg
zLb>&mDZI|W&z;g%?F0!1^#SKjM$mR?o)I75oQ3YXoh5JKyVk6RBCYgUSY*e=kn@G8VxTW2
zvsaS7L~W)2xd&-cSyhZC)q^~f?urnp5?+jAQu}BU6*iN)zColha6K?-d^G6+Tx(4F
zXeW_s7jsE#qDeR5Ib>4Y>qKgfTL#v2Fq%{c1;(V|J3vbN1+xN?r*DK8CD3vjdR7*s
z7h0%ATIv0tKwHW)CJ<@%A|5r6CijIF?3DN5Y-ufpYcm;8VI1~qa-8zg2mR8^Q+Q$6
z(VY8$*E1YmI>R4>(vRjS_4MaUxS1LWo^I}FZ$w~wS#Mfd+<%0UM@F82%emCa<9Jjv
zIw|EHY&Hv-6{P=V^0jJYT+%Fz=C2`kkB8{BXl+<m=I1k`L04XN;82Mg0=l|n6UWuzF>_ma36zdg{WxKYkiG1BFR`Ivf?E?0ih^M
z#&dGbg!=fD*1Czb9-{O#)Dl}S-`3Fk1RWzNbwC3c*;*vUcazpBL|?#Re@;*zhT4jx
zQgA-rq-Z3@kS@dKjCU4EwIC|;1H8u&Soa6~>B{8pBG30Nq(zq00HI+lNgL2hsA)r`
z)e%@9gP$iW605C7iQt=wpJBdfj|cd)A#mpWQtC?|Kh-ZuTA{HpIQ^L-)S%FR?uAUY
z{xek4#b}|G!MOjdc>v`UN_K4L_&Ss?sj`Ir?&<_P$=Luw5dxAMhkY4ViW_9AW=yh^
z;^;CLnLsNU1})msOZSrTiovJYM~&akY!1RBhO`x?xTI=QZNV&nNy9;S(vXf4Nq;7`
zom9`zW@`%ot~3Oau@dR4vdK;D+|$s=#9IL0$MK9PeH}~A*k*1|F=a+2kv{dL+iBba
z-&}<5i<(1pD@;F&i;#Pk^z~6BdM3nI>b7ODApQMsNYi67(gdV(8TY_!M(g3EFMXgP
zU)~6KR{Gn=N!$PM&08XpN}p(@7aL6IG8vghDCvqukHS+X^7gkQFA_=$q8<^Y58Q;B
z%Xl>yIRrpwW@|8+3^0~hHE&`@7fMnACm!tf^QK`S2nUk*fwP_14|lmqsR5O|AL-nJ
z7P$eH9-svl4=|P%Q1>4ORsiuC9wz9_O1aQST1kn4RMI8n+Pec*Qf5Hatc7(7z(rI1
zv?7t5q>i`5NJaT|+lf*hO
zHygI3MN~*U;vlf2gmYFjUL&CX!7P``N_-3KXAjqFawILIN~#}F6CQV!
zBy7Y*fWuY7c+-HgfU}a)!0z>MS4kPlSDS!JE$5P2fzXjiR0@L5tQ4B3B;^iNDab|9
z35!aT+67d3bmnaQ6p-eS2pO+M%qpHS7)C^z-EjNei4!Yb&2dSuM3d;1dM3S#
zNs*O)3OA^%>C8R
zU7___X6;ITc(PKVxiJn=hia|^&iu72^uB0_z&o#9xs9=y#An5b3;O#XYgbm{S=L*I
zO|m*gvv%e6z0x8ZP7u@(7Wr#e5({GE0Yu+0P?aBXHPhmg$KW$8iCppu6`Gy!;*)}i
z(Tjt1-u%4=s-!K^f<-@**2sSeb|S%SOMatNWLt|`iaipF^1Ub;gaHeFWd4Tj5VMiF;dpd!b_7mh(5JL0x@$}x7(
z7|E9vomlD39&|}1qe--En@PNWJAG_Jm((JfWUgX;v$A&(NVxW9fODrFrRSu10FA~cL5doU3Du)9Z^vP!*MrN4N8_7BB$YZZT8+3s
zC`RMtSAmkQXtWvKG16#UflyMQn-p*Bk=A|>uK8R&BU1t1f8dyHbSQw6MqXgYKMuS1thQE=kvwd+f&@{)L
z6sEs(7a5N-I32~tO)AxZE(6|U*GfOV(Jh0&h)BA1F1f1Giwt$kpukq3q$?VIkS-i5
zgDQlQ0$m2YS8w`v&yg%{mpcH}O%}JyRFB+XxI%0G13v`MNS17invrlv>(5B`ZHK1W
z(6RuB{Wo1qW=7(maK%Q%@9;1|Xa0Kp-SQLJc(}kN`=jA+&_v3B4Buq)1gjK@egC1pgGJ*gzCeX`%umMX&*i
zQba%nQL%uP?|07Z?!Ae=e*gEq&vR#I=KRi?K69q*tgDf1K{WgtN%VKP?S#&`W3}
z`RJNi$Ql4PI3S@k7HA}8L1!UvfOf>8m(WQ1YBuOg0KOv-<$@%eUn9AQ;Zy34M$#QM
zfx|6>9IAvrM_#eG8p(@QY`IMUXhR^sTvsC*g8fvMG!TF>B_uf-NxvWLoL>MyQE^HB
zvDl=PR*J{|KKG4#fOGpsZsV16WnYaj{Lzk$$ty4D-Dl(s9o|2IO5$-Dj~by(2d
z7l2hI0R3{aOh_$%3N
zlYV(9E+D6-lLA@;qH|K*COsQ;Dht^Gw4M&VM3X*T%@%Su08<^1ze!i0XA5}*w5J?;
zi6(sxb4L#8RRG>15aog-o4-l-!!YG<(#_Fdapb=N=x1V~$SW4NNtaz}%MC|1mcu_l
zuG^$1ZnY()0+2f@m~h_(5<}J(T;z?(W2l&UHkf$
zee40Ar3SQZTcS@88)W5sf$XDelYX{)j{mL;!3uIXVpXS#tl9^%*Wdv0yY1i+JW*OZ
zCSgZ_SHpA1Xq>Dt20z+Viy`XEs1jz*n$2;azMesm?;M@
zl*S#*&&ekTK!50*MdV#-K&Q5fmj$?n2<~!L6Y(!d<2+V9$$MzAkjO^_FU367SHUm}
zu}4IT%nD!z4Hz)8#Ij)jqd2{4uk{J)&38&;9X6v#$S41octzgu7*j{9c>P%{UQ`i9
z@GE#B&R5Ma9tu_Qs<%5ZUX^Jft|q*c-X(cKD!6G97DJ|ajMW#^h|n7VchHjE+ad*I
zh~OunLhC-vw1Kgl4s0h+#R;nEWET|2^DH>IqVWdCKR7k9`|I>pVQT
z29HKOBIkRI9Bf%q{c8@?KczFh;vNWHs2d4bahs)tPhjCZv7}IpYLDxJbZ5!(*`Uua
zh_Y)jf>#+99NG$_R`9$U5VTr1^gBw>JB~0l#c)1kN!i4eR~huFP!YU+E;2h-8h5u=
znSITPt&0}H&7e(E$;F~CpcKXIwNu2J_@^BqmJAX1D9)&$2;N4*Xn{W+IJaYwFBVXE
zP1ho>n{}fXMjT4d43b6TFFD-t_n#8(Pkr!TC>4tI_{~blS|>t`Aw$GHh+0&3qA?{?
zrR$Uv4%HYAhZ9($5(U?Q(ouGwZd}5CHUZ+Wt;5kHhs(y%<1f#-xfGD6S#6+5q0$_M
zZqyO{$bx!&a+@nn3;5VCsc`m{wkTV6VaJv#&8`h9i>FYy)a{hW;`HkCRi$Z!apM&w
zd;$ySN<%A~965UTK{78J^j4CHyHkdXXKWYT3y<;Ol*3LAxugfhV?M$U-7k$=sVW}k
z8+QEd1z@#38PGz4J6Awi+^ZW~8Yzy>;P|`t$gjJ0K88sBgBmG`AmVBz;7!6oMqY#v
zd$40Sn*Bn`SO>&L
z=m|$2?YHqwpvqA4c8$Vj$Z_K$Zl-z`;G2#-1`nYX^|+dgxJH!`s?t^4k0AfQnqzQz
zbfZ+Gibg56u@2k+roz7sZMI}%;tuTLr?@0$jvk7^FA+-}wTNW9A6sX#F8xW4Izv7Wi
zWX)ZJN$)`8vkWxjx9n6?v*Xq#;=cS4k*Q-GkJPy7W)y?)E^r)uVF4lif;Tm&UJe3;
zLn>Y`Mewo($Uqc&3zQ6H@+JpZY^uT~$k|?e&LVlB2=4Z!D)d9p*$MEG6Cq;ZLJyeb
zWDmr0?Kz_jP6N~)A;ljKmNp?J`LH2^LslYYEu?WDj+Ik&$$8sO0y+N6UNX2HG%XTx
z^Pno)1&)yaMg55D{yv0EG%jO=BDOt_jDMY%1@}Cu+GN%l#U>Bf@&DfhJ*q1D%R|Qa
zAu6+~Lk5>c$;`U`Dync>-H3wnO`~Ta1@`~bjYaT)V6bi1jqG<6+v@*@jeA#|D8w0R
z8XvPysk!@p;-yyOcD^_n1$COTe*qSxxGOqn=fVG?Uy6&jxLq|IpbOeTs0JCF2jq~S
z%%-N-@diWQ!_o!mN9`O4SJ_5$3G!4VLt3N5pvlZQ2f|(1o%;aE8u~p}iDnx=?8Y0=
z6j53Xq{`;kXGB&Zv^rppw$;T>2SbVRD^DV>`xuQng7C-i9;pT8*a@m7wcxr75L9rN
z*{a!n_>-y}@rUe;DORUAnaovu(l6Ceo3@;j^!*vk?y#Di0~yRg3&Qf5g_P>^I9iLS
z+`)Nl+8iF@KxkoEo@2;WL(qyi0guRA|P8D;$GzCNWTN2#cjzuTUl>Gg^oIE9LA}!C!CO|)L9hQ4u2isF)k}-
zE9$^eqx&&U9CkRU4loB-Ie(2%9b{It>LBAbs(r(sop?~;atG;O(21M>F~@l!6zwh8
zj}|&`rUM~|JiLy|EIbeA(DF+K?Vq4BzYj2y?=B%j
z1pkyNgr`TTpth(z)MMORoSv02o3kYv*8;oQ|6EgN2Mhs>dBqRCA|5`@Y57|iNPGfT}b`!zQAvZ^IB^|zE
z178oqBoBr2!w_8@gYQ@e=Z9oH--5+-UZRU4hfIgPBpvi(L&TNBx(&p9&|Vk);k(_z
z`5{?nYqFS&ak@C;km+EVq(fzFh`3!3aBRx1z)@?QNBiBu`5{?HRBS%S)Uo1GJ5j8>
z&;d5dr`Y0-V8sHlnftmfUWadU2j_>VW{@d^F7HzLI|vwAWj92SAyjqCl0kKY6#c&9
z^vG_H;+@x($+El<|B-`2(4ieNDj$Y2aouk3oHTMtGO+M3H_jKLa%mY_2Z>%KW2&MC
z#mby}$ao9VJrxg!)<*sDR6G+p>J~jOg)ZRdm!Yfqc{y|sKd**<#?P-pZ{gWx$jEy{
z#gFw-z3|Zw@YkY=4jpf2LwFK@4}DTcWD`9ybSGO38G0I)DTg=UL`mh)7r~JD9afU0
zo)oeij-&EoKimOdBWTA9D)9^8Y3zk2s21gIi`Fq8sq>HO!lbEG!$bAJTUXyUNEbY{
z@H>Ad9Yu`U%P@H!zOhJ`gj)L
zzfla1+a&n|(_bgnUO}%ufTWfKEyo?Gl^
z#hS{Ujc2__;VI(U(ik-``qAO4gWQJ*$QWdf$O?KFlp&Fa4nPMYUw<#(u*QcV4Ub#;
zr0O{vo;idIGe*Vzh~*pV1sk44pBpQ8gt&QoZ1*=C!9Ovs@jA8q8cDYd
z$7VFV2hlRCBkp{UMQmonb%)5nhWCRQN#zjRwBZHvr+N^Z-EcqDibyKe*qnxk
zU{AbnI?5$>igzUmnuqyG?9`lPVCIgM^V}T{M6;LT5oBbv9{TzF&YnwYJ(8z!TEq;f
zo{^RGayQ;WZ8!ySpW&|^gNiEJFfCaRYPJ$ta})l5IyA{k3u+goqF(jK>152Q>wiAsXMc80|9SMMSd^!kSx&ATY+deE}p6i9XfvX_fiyCgXNR|Szi2Yxvb
zv}r`=$SHbrJtzlWR2Sr8lN2kxS@!I$UDN+skq0QNZ`dl#jn9#kK67IFr(OAg%@
z!g~~5^q}{b*y;Kc029&TbV;(=yD0H`BU-YtcTsxiL5Yp+aO(n;Nh}n3#iH{Ous(WF
zL)1$Syc+<81fu-1L3~tefFAV8y|$$30L(8Ti4T1Z)`RZfW=mQFz;gr&ki_TihU-B+
zA&H7l9suBo15y(ssuV_A8EN0JK(T5zZ<<|w%6}A4eOSNnSDy(qj{819W5ZwTkJjq1
zK7~V(CH3In#Gy%ENph>t@%5Bve9{lq$LfJY!a&L)Fh&u}C=%yZpEnupRG%*&mkg4R
z0J*|NyVd6g^rQ*kmoJ0%8qqm&ZuP0vAD_BJCddy!``n?Is6L;s)0B`~0Q~8I{MF|X
zM2Urz`4Brt_;Vm7s!#6$DhFf}0NN0U(k02}uRgRA;;%k$?6Sih572aCp~x#1xB6Up
z-A=({0IVU9U#{AOL-mPIx3l4O01lLpMSi9ccJAu&e-#5@rohVB0*W+}iTahOoCi8|#^
z)VBeNV*9^|;kU9fzP*CHfl_thw4*uY2YvDdwlY&8Hv@ldK`pdrrEhf!I`{|Ro#5Tu
zA;}`9+e+1`a$p?~+H{9rT&d!zucK5w@tn>$xfbB(iQz@al4Nt0DxO$7N)>OJI!e{@
zEPR63QATjyGgLmYuR*Wz@WZtGle
z_T-?Ut#f5z#hCDp&b0&4GM_?Nj?Q%fF>-XPn+V>~t!~4fc#Dq7K)3pt7;N3@El6P9
zigG#N99y$rux!J+RpYY(gCm!Ke{dYJ9TMw*B19wnwdXMQ`Ul6LGN5&Ye=mn7X?NW|
zp#t4%@=M4gcX0gtw#G;~7w`v&WjCYwgbH-4k&Jc*$H_1043b-c+~K0#!O_Gd`4FiB
zCqVm{=o~qBaGcx@7nxESeFxfa4!y+Scxjj|B<52@8-H5}AA^T(wGea`k_uXuLoYEn
zhJ1)mKO+Fy3xFX6qI5~J`3J{<6DrWHhGW@?Bfl7+<-|gfS1j(}*sGBp_%;Cc5Xdjr
z9UK=I*^*8HaIu6WXK*|`*p~D=0Hsjcfs&lTF%>nH4@V>bknDhzZbg-X2ggz!ktmb0
zq}l1u?CLZ1^MLBZZ~XbIPx(!#B6mU96cU(#vDaUHN_~o!xdi?z92#z84Xi$$i>c;g
z9@ZHt_XB>2Sn4s_sXncXspffDH6oC_0plkZ?N*-*^p{OY74Uv0L=65aa&GlGfo0ET
z#9te<#tywi^;t5)7SaWPUJl5wTc!80g-ir(mP0R5ebP{Zlml`F08bN$(k02}uRa;Y
zRP$6+OOE_efKCw$<*Z_HtIvefcHrLw@H>J0a^324e6KCZheAxiKTwiWeXjj%OUeMC
z6@daIIn`(XgE+K7u^0frPzR){4^@hQ>O=XO(c}PX28P-P&pYF3e$bBA@LL1k4aC0@
z3(f9OyA^SeyWoA$A<1n_w};y2UIqPA&@Mal;zKR389PI5Q!LC7PKKVt)nE8)uhOD6
z+1#O)m${vxmKUm>p|(*Ed>|W8*%n4umz!+vP|Ld~&icjPb#`#m0a-*0lr%}Ue;H~A
z^+k$a0A`QN!Eq)wcc^^|LoLhs7`|r-NGTCXpKj!#_G2tz%U|K`K`y&zQdIDiBO<9k
zwpuXM#y^9=>H(A!2;`xbeC60<)gw3Z2OMXJhcgE>I
zv7PiY`O-dt+D&!F>0lhh3mm6UPPWHodu`+lnl97rae6lvQ`v2g)0x;>3LK|n`ywH&
z5O-&sZh1gZYfC(q#X#lpA
zkmPi<-QPe*O931P;5`SVI$Ej}+|jNtM50WR)vPl@W;HM2azOQAWzb)JYGaXKmc4|T
z0RCEY^yB{O^UYnLHH3e*Lz6U<@K>KDPa{*^>T?UbLWGnfV2mS{4kXT91DVTcr}~V+
zwm*U76EIf0Xt(;rcKaBv?y9KB|t)|%FP6TKcu~6g{
zi(7pnv1h<3SOLJ(1oF#u$LaS_!8rwc0XSSjl2d&~KV&E43jn??A<3yeU*Yr_PXvQd
z9m4Qe#lveLR4D?g55+2@-465y7^jz9aR%f3pr5hICfk6w1M$C88^!BPiTjU51`LAt
zScfE!GuHdRawb6c6OdA(`g?VK0(~Yo@y9EO4hF#~SJmLxc7l3_*w1_I=W0CbeK#HnaW)9f
zkCUPoJkCS5`fRQ<2*w=J#Bb!QVP~2R;S7S$owpbK?a6BB9JS!@Y!H06$Q~r^L2zP5
z@eP8SH1j__b4Q@`FBG3BQ%#
zUW30DLwo2>jVc%e(sp>i;gDoSrrR}Y<&y~eBhbz}^x`#&4$w=dM&WEEBAi-5`&Fgm*2WOHj&duFhAt~SlHgPR1%JYt}vNwWP*
zjXHh@mQTVgw=f37jzVnnbU=V!f#MRrEmn0DCu(*&k>?Ei?gfg
zT#sIqc3aW@v$~*nXOqCGK6dQ1qRKC$_a|Te;xQR+E9w$!tA=(fdI1A8tBSTN+2&gD
zR@AP9DyiW}BjH))qtHdhN81q+n#hRjPCLjCD*GV(_81o|zaU9(w>HxWK-;xv)d)KdZ{tHEeM3>P6wlFe-*eCWh!B7CQ|)9Fr2
zhMqv&!(iOya+A$%B7DfhnH(J%h1)EMVL6OV#6U@tWc!yUva~en#Jj+J;&QMMVso3w
z^cQjBlH}ZkahrgY5|Q-COW6Bet_{Yjh%Aj9PQ>3md#!?}91%(Mtpe2Ed3gYK1gL)?
zkS9mvtB!*E`PBCcxa(_)*a(yAVdCwd5fN0z2fkI6@x?{zInI8bx1Zu6RLU-JxRvt8
zbGZ0!AwCR+u+-NooJu(=4^5wZ`I8lVPRQxnccDk%N@!O~;}yFS+Ldx@Oz}#26N}}H
zx92y{W~;81Atfo$rcT?O^tpK#?OspCCB>qm5s
zoU5QdfHOT*=5h*X_c`1JWPL^aIr56dRZvG`-IfDy3_wc)`Q^F_YP84BhW-GI
zEFsBJQ1dVvu%!C|c({ZlM?r1YQ5RHvax(y19FUsdP^Dl6b$TW>ERvOXd@$KbMLOR5
z$Aa=m!qCy=Vync`Ga6+`h6p}|%0V2-7+$G5u5vhvm8ZN9IxHJ_p&5G<#PJ!HmS}>0
z+~FuT!=FJ%h2{`wi!g1mY8h!1U*W2I;xhPppQh(Wk-0{wAMtn$MZ@N
z9;W9y^m>zaaY4BX`!q8xQ-2?OSadGPSFf26X-$IpjL<{!?xABvT2pp;#4+hHMvj{#
zOd>{p0FJa~#=Wpli%4ss4;mx+(orR$rI$A`Z3(T|Wg>KA{u{W9fM}6}!I0M4*sBC|
z&=)V3f)2SU0Ue{sE^Gmv*u?_oKtSXYVAJxAzrdTV1yy_+$5BnH6(;SRXUkGa+hC`f
zlr7EjWbX-k&3BTrSsXMmE+Fgay`Ceo{xqfOjw%@~!5h>|_>D8AjB
zUafov**D$?5!GWT2h2_65tR#%8l@@2BX5s|uv%p~b?XMeKP8R|CGxQ_*i)m15dP1Z
z5Y{ky3fX(&OjLSW^!;QnIt)yD%qp^xT>9P=9azd0B7jOYVoUxjmM
z>6tMn$v$}+?72}K?&FnUZ>z#BECo3$RD7O-_Mg5ojxfii>E+BZ>6l97Cge(^SQWcE
z$bv>?Rg5+xsg261Sp0^RHHzbqQQa1zise%7z6t(zltdhHPk$9fQcVwk4}Ml{Kh{N?M6sey7z%r`F
z6hyI^9yXnblwOrMe+u81I7TYc#%o~@6NChbC9?k;U^^&T?x=p`ct?h9B>>fQk=(@t
zugP2nN642WNj8)qXhqskL;D^P%)wXK_i9-$Ie)d7fv
zlv?oKtgBl4HI>{7|GMPs`UdTdK%aCMxYXT8rSwxA$l4&u&6G28mC%R!90!AtQ3p}
z*%3y}61)fiXB#-_InaLIYd;^ipIhzcyLc{^0|!kMX}Kz|iYN|T1&DtdT%N}17PUQ3
z<3<*>Hc#Wm7PT)=;|z;hl&5hME9{thUShdTENW7o#?35hE}q8O7Bvk|;}#aR1yAFa
z7S(%C<5pHWKigPTaXpQ5EvkT?#(CCiezvoyzIhtAw@&i2gGCj|)3~EW6~@yz-=ccq
zXjtt@Gcczwc*n6vh{)ft
zaFZERhB&5~O}uh4ruQF1(hN_NNPQP9lk=eNHHnHQ#N;+l;s{!F$Tr9kzP6jNsSqB-
zxrWOafr>F!fCIPlO@WjqKK&uMBB#OLw3Ls8nit7q3bw+U8D;;1J@G&vO`OT9XU_i}
z0{^P0iL3^;z|}a>m6aAu)!g*`(H)L-c0~B@hrp~x?1=RZ>kmg`b|m<^V`(fagB{g;
zOK~JKE0Y~{eS;8YRugtK@(o0_%xcPxY+na-iCNj~$n_oX3`Y(-@_qHcf}=S*dio-|
zfv08ZL8cUizNg0_I;~?yz%jzNgkq4(v7X?&MoDPPj!C}7?}3sR+7(Hd>bnQ8N@aD3
zqQP{IuihtcbPT5f`99ya&2V%w$3fctzSB|QDF~kh$AiAqpF!yrRtN#hd?UYvqfeQI
zpses+tq54(vX8;B*0=IcIQnsPHv4w(fTMpf74=KL&$`1gAcT5|*L=gDhNF<I$x~JnIj1!CeuKQpK(})fumn*K
z#2>Xt>bI{Dkvnjz848w=1*IoH@ZNUtHC40>
zqH)k%v9L;KsC&8zd03;Zcp3^EuOC2HxfcZVa__^{=
zX!0094I~dt`v~NYNs^pMKGo=iT{>XZ6zm&<6(7G8HsN|OBv(;Gi$sx0G9cnx5>cid
zGNC|;NFgGNU>grvc5oDaLN;aQWfjFvgbm2dRUJUPrf9<)nn;MnWGJVj%Bu%m@hsWS
zuz?+sh6gmOC!UmH&k~ADLID!WK-tXEbglpgiAWX1F2Yt+6y25hD@5aBVs3IGkvRYd
zr$Ot^*`Zk}cv2XVfBhYrP==y9SjkE!0Oy1oRmlQ_H$a`p*`ryj@gz}w3F$^xffDw8
z4p4t3YN`uR0?rOclwa4Z5AY-bD~i(-Vh!X+iYk!TiN*si=QNi^@`_df4CE^R5z#rC
z6a$gG9xE?7qj(Vh&K0XjKShCbKa)aeh1rd=NdD+9kb1DdBq9X}95585-CPZ`i*qH^
z{uXI$t`vh|E}K8Q$Pf7+ETs5QP8us3H4kEk@3}3SXdZ0$wu3R^H4kBj$M-X|yXK+n
zFnufM;;kc#9hUEy0Y?}+B7EOs1FE@~9WlO_(Tz4&gF&pX#RUk6U`l!4(NUm8vLnH_
zXgvaru}Ckh=36)q6kj;i>AJ!kgNPYJG(e5>yAZo&eOs
zMM9R{TbmfVa06g;~50RmB;r&-g63
zWU{E{5Xa>A%Fu(jJG`|2w_OBJ_K_2(G-2VKGW6Z5G
z^dJ%RR-Hcr_N;7vdBkFlWF4K}wo_41m9aKerPn1-4d?|tKh3U;-4~%?_Dh}{-2Ml^
zM=~Lz;TjncaY7UH9f?gc{hBTsu9aal+c4p-M(%YooTdm75#nPR1!%+Pq)y@@PRZTf
zY4M|L0yVBxY!1h2p=FYp!af$8*;0!y2a&Y6d>NP7?CUYg56|2x3BB=qQ|lW~VEv?J&DhV7
zBaywaX40}&*`LUM0qZ0!Q_5P<@gm>G+DOaVWvh_=4%S#&)+_rJVIDmUO#O0#{HwnX
zOoMW@!}3b74=bGudt&wD
z(5_oGFgxSTLf@d*G|@`w{K7Y|B^*lUH+>TxmZDWNR?H)Otvca2WJ`9$`X;S_qZK<6
zeEms4Yj#xg^&g{A6$M5u%AUVc|Tn#8LfZ
zxV(A-V5epJUQEMkddJ?nkJ8x>eqNL2o4K@jM{_GqEk&a%9Ak%lNq~7|{jwtYE`^n`
z&pFs=5%~#XlG`LMr3RxcDJ+qE04i1P
z#|+JLeG}^VsKZxdIBAAwIcWxAy|dts;A=o*ZUCh3ulKO0y@v6$Pft+QpqgPSTU(i
zG@85yEY~Rk8GRALA1t74F##%568d2hmivN=<0t|Un_7XSXo!TR=$UdaD8K?2KsF>|
zCne$;OrCPLXQT>NHlABohNU}RoUtO|Mq5ZpRblrl
zMpNyb)uzpI6SURb7dg|C(?5rOH}?y3h=WQH|pi9bT(p^MKjUvZ?h@^^eFUeXJN!)Z9uJZMo
z$5W6D^6;9AYg6QkV44Tvk-}DsO|MzC4#oKpo65er9;NOoe7tO$zk$iJJ?Nu1V-7bu|$L8CgSxBV$;pXGz8{i6kRv0$O0^Q&>XN
zGSh*<4XktG(C-;@BPx6GuDc|caliEuv=Vs?e5di(C|)XyY97MiYs}ZDqv>!<{~q*T
z2;&1r)U5Xm$Pa}7xgTmI%1nkss1JWd_N`xqs4n7}A@Y^tm2qDV-d;DhMjWgNM~`Tz
zfW{ZWberC%@||;TBEAffBOxX;6kW5(e0>dKm-#_?9BvVbEoNxKWBh8Z1pPT#F%l8@
zErN2-qs7A`{8I$^yYh%fEuG;p?u70IcHpI>pa>Z?0)Y)2@;=fnrH?`pNfZy`Yop<1
zB;f=2e2%}CK)FC*oBoY4wJ!blKc5>6-ECk3g0Os;Y~mdpAW=cM9pc
z@oE!rGy$!RLsy50YW|gpNPZh0vRqvQBMU(v?O-H*YfRLn`*4gKA!~1|oo6`@^reJJ
zrxtE`8Jn~^=yBsi7V
zK>EQ?etsOtKYG{aV!WpGhd@LG{u~QYa~4&spF%eLZbzUxNOfFtt!C>H_N|cnUV
ztr-`vB)9?|{~@8xNnVB3M9R^OR_NJYf%iU#q_Vxj)F4Q0p@l3gEyRbQU2^EETjyRl
zKk6$8X{Cj7hbzpP(pq
zgpHtX!>Azj4lklBm<+Eu_-nl=nT^q{2nC48aq+j14Nri$&IM2+Y(Pb+-$j5|L43;v
zP|R&WB0kwpfHNRoasd=~8&C-oR|5PBFAo~CiUUR122_!HI|7sgG06q+Tjwg0NmAc|
z(NAWA*xChfRabyysb?1=nSDVVQw*RwWra$U`j#J%{QH1d;-ZF7y-|R4ssHgZ!g(6R
zEiRz8&{Z__3c09V
z?WH*|NF830rvdn)1n7=|kUB_n3C7__r~`rQpc?nBx@$o8lR?{S;=VaFDp?VzBnK(<&eUJ@M``|nwKSqLdorkVc)cxRu=L)7MoZnLTm#w$KYc&-o5bmo(>$aMBN2D?k0_XwdJL
z<__c|H?aYr4fWH@^aOpPG($1MGkrE_^ZoSv3ZPGt=9Sg9{57C$@Y5eThUnfS&HkNi
z{x?87;?UJdqGyc+Xqxmk=w<6gUjp!r0}^_jA)wEc=G=R1As(pLA*5of9_ND$L}HFK
zjVpF0Q~|AqOOHsv3Ysxrnu{>3%53u;_N6PI3o@M^|6a&nJRB|Ohb(8GUD#L@Eu&r!0&*%Lr6|h0P<~&^2Sdx
z_@(*S5v0(|mWQ^AzaJ@d2HlpyM;hCpW&pHxK`Iv+^t&|U_u6%2FaQ%>5QoW)MTyfi
z^Y@4B*1iO&r(7hbH~{I<%q`G|xZijcsADeDO@~zQ8LLrELpAda%nBHO1<+qyI8T-o
zGOh}c;hOm;7D*WyQ303a;~!YV7!;+M>mIRF)DVDd7o?KSpcu`p*2b398-P(R$c>_?
zQhyu5e7Opp+Lrpj5pY!0LSIIYNN8CEW4Xg7B6wm`O*89dL63V8{(Ff=kykStT5qsX
zH8ite6Hp%l@l|mY&3|M7w3cRmJR2hZ0?Zrl2;>ZBlx}9B4X0@4Sg7lqFV%o*KuE4e
z3N#3#oKZ&$kCQ@B)V+yHhI|9GgD$Cvjs$Oov83#3xFF-^6Q*SD%3Y7*%4iec2eAioiW7(F$Eu0j>h%hNRd>!pQ}TI?}n
z&FAI&?cmc}Q>!DgjF~Uu!O>TXpjmQ+FsbE6(hR#}IdvkKCZHYe3a1%dB+ceJj4MO?
zdXY2@?QnMl&DJ7m=GI|+0-YZGoM(?628GeU5J|Jc4ue@xv!^g!z)Fu6@c{C+#f2n9
zP)3la@vWv0J&D}QLkZ^NuPv$z;s~bQ)U3Q#xB&y+6C9G9NAz;H8X$MCX?DT$WaB3-
zEMx(`{|35T0r=A{%PL~ww@8d%G^^YN^n0Mmy)X{DAT=z~Ys|(UnpL%?3R8Xoz_ehHZm=5F*>dw};DjfaI#2tgc(XdNr0Q?*d?k3koQ+
zI=Z#-ZoGH{ntTGrx_<&S)Weodw1e9Xz?%-p4k<$qtBMsxj?P)oF1mD8X65uK9@$ly
zW$9s8AJ-TpgOSzY_-jWf-u!~T5vNCSPivQ1jviVC@(3kUU8pdryJ=SDD)a$kkQPDT
zpgkwYUc$nzS`;3mnUjIetc5#FMCPyWqlhw-d^*-bBZ$cursQLvk
zaO#&uKCiFdt$9g$LViRFXcINFBY3I|p@^Eel3mtC>N4@?NJ_r>go$;kgV+Ito-UDZ
zHaRa#gZ0mcKppN-)B=Mrvmv_Km6Lec$e61|oJF4!K`!HdP2bxD46DJgpO`k(Mvn97
zL^9<+7(zeO1)Phth)28XO2hjUoR^9FCE`|ECxaf+f?q~au$FTNfN%ut2ieGJKcZwF
z)OiHsNb(XDmX1f5k7;J7KX4B@XuXK;kL+#)EXr!9AgM^JMYlzngsAWs
zuJ17(hpJE)AGe0blYeKEZ&IWw??r|4lqV}S^TIw|Yz6d<;&5(4WslL!?h!3%eIZIR
z_dNu;3i=O_2y`kE*-T)GB*IvyMKrC3w#zFRn>8~8dzC!Co5^^)6Mt<4wd9H12Dppf
zs8yieUYbPJc~Rpz&3qoyDdx+DZ@UtF*FQj9HfZ4#Gs)kWGhWc52VwLhq?`z2R&kcJ
z(L<*}C(?p%%&?W;6#)Fl0STR#x_4;i#%#Q;iY`*V2HHM9JvtSA>Mkw(tHHLGaR#(=
ze)^9Ukt6%H@Nak9`yjVL`>O=~fEFHU*!0+{_$U_sDnHcfNFiy{?`Ry|0-S-o#eRSrD%ffMTGEG(Q^i
zALAn}@%L0}@tGIkI;HWE95aGyh;dfa<8J~Ui&_$ozl#0^>`j9BnPxqVgA1~rLr{YQ
zzFv$P@}e9#K^H;ERo~3Q4iUuv<8OsLbpfcVrSrbl#Ze$%ltFj}JSf#S9<{|(Jm0r?
zSiag4P1I-@LEp@4Q62eA79od_|HvBX9d;oS2Pq=iEfC*!Fhmj&gZ?A$M&~O(1?{p+
z=ML|p+)03SvMcpROF@(ZqC@d#DXL@oLVmCisHemJ!aXpow`&m^gHr%(K;Qxj?UMZF
zEGk5%kM=^Lu$qK)AHQXUP@gm>xt>!>TlNhSf8v!WQmCp~B>Ly4ZmApvD{Rlb5_(S+~f{p%2p-G(u
znjQ+xHZsKcGtxzCPzU|8dBe*uo1FO4R(BU&w-}nk_oKPP-6$VJ1?~sjm-12AN*xK^
z_ykf)oU#ChHu6^(j1`yV@1LLupZA1OGA9#+#EDrsRI=O3T+Yx*TQ
zf6>G`*LSP*;UHen;+XB^#ameL!c90qvtmw>7k9^8T|3-{le?_(Wp@EE(ns(g2*h+w
z?iHDX(h2IuH095`WZ3PdeO@yJ9h}#sO=gp}ioLvhXC}aEnY7)DqXwXP*>2LtrI$C<
zOqz*!&1qPiwM^Q$^75p_Bt6PvaTa@cnP`$q>}5s3B(2BG*OZ!ci>YPOy|Z4E-dHv1
zWm>OEniadfOf%^sRm=9+OfY&~)iTNIHR-Za^8|Ywht*;a%M5Ev_Ht~}O`?|hEKD4T
z$OHT@z;WaOR?EE3CfU8_pG1s9uWp&AFat|rj}-F=>=v6|Go2vK0P&iV2Ku&)PHs`PmonKRGnALU=zi$&T}xu$$$e
zkXYv3*riEfj}(($`LWpanjaE>Q$W1tQ-!eRGWsn>6AhdLNz{5G4rOBXLFB!b&Awwv
zED=$jFuf-Em=6P(Vm`u<+00L>j7b`n*Cc(>B;5{ifE7nrIuj#Z9b}nwL6g^{7rjlo
zip9$wNIpDp)@(dM$n=_Y3y)=f!=|#=z>y2fOo!>^8&piXi3O)mza|g5zQ?3XbdY3t
zm~_pI#lBwiYogH=ITl;t0U2gz_LvSDyjf`fyWu^OWeg_kBu0?0W!{0AVv;wS0wy|U
z5fc+9kvDmyn8~nPYsYw%2AexDomM0lU|v@6eg;
z0mo@RtPz+!nDZU@dQH+lO;T(i3d#=Z9u*|%D3)n9Bm~WYOU0W!8g~%|;+vW{)M51>})pwu9Yb(`&v)
z{CxoNn)fY*br_>JF`8&NTGWI@(UPEfKNDqB@}A0OI{L2^CR%Kwx1rAM1prgbQ4Hw;
z{>T%!KB3d&;k5A;nVJOq6A?7bJS+8I;V{%2mY)1%eqEEE{GKMB11sS44W9g-CZ3Pm
zZhlV_ZhB9X==?rrepPGrGICe7cH)_w-dq<24S7K8R3AeOk8DJ343{Urnst)V)vRv_
z{TQweDoAJ0%m8#XYdE8;Tb?44UEPYuGr2AzUeK7)&j+BZTaPokhSiACHLM@@hUd`1<0p!OW(=~hAmyNITE8&5mh~K?Ygq>gJ#pkX
zQIO4`i~w{ks|sA6{1oc~qf@Nk2|Z~b(9Ib=A^@FYb!K#JtMnt3)Y?{EJd^k0I*@`k
zjD8{jUE7+&=sH#&qw82h2_19+No~vM0|Dqd))q$BwdOFouCouv-kn0!X
zZ1o*D$1!KshIS4}vH?idn}8Oap8RyH^kd{sx6<$&I$``2QLva93tdLLL8M!)n5B``
zomm=Lcj1{Fz8PUHWtN8>76@!)O=WarYcZo6TN?>|&tjn0FnUh_8dOGSSo;~BVSP&I
zKDec^U_GP12|#C9A2B-9`iaq*R`}yU55p{?U<0FL)BNS0X=!kI@|##SfTCv}p$}dG
zdNZTjIcRn}R>$&+qML#7g4Nv+CNllM>;(2X;3
zWxBrrI$HO`<;m}49b$AR>ms2`Q5VpI(eDJHJ6YQpop1fY=zOaT_O_DiQy0*S(LV>E
z^R4rYF0kqY<;gFwIuLr^aiCW)x^g3bObV9W=Wb
zn#n9(tj)~Q#d;ghp+oN;CJMe}&^(6)=q}bcMt8N&F}kbuD+Q2#00CTP^veP0uGVTs
zce7$vQRKT>b?{8?HUsGU7=0lC-OW0}=0>Qo
zo<7!dcqTs?4xUFjm@*l59yn3!WBtJ_eXS$R($~67!8C0FmRQNB)LT0|h*e*!4qTr6
zewKKOQqs?g!!tSYalo&z%t-<0epY`*_qWm*-QOy}GhtFMpqog(7~|;xczyWO@HX=^SKL$1}MZWy?%P_YFV~vRX5Gu+@^$gRKF0CQPPu
zW=MWH;-LWeU~3Y?hgj1YKE!&Q;Ez!{vlV<-0DOq`G{c8lFEM&r#q81FZB)mNN!>wds>Diiid{{>-z%gtZ;!t2p
zSCIT^9l|tZo)OkC<{4ov;BY8f5sGKN%VQ6cBdn3kGt%0~JR_~6#IuhEn+A$!Uojp>
z$rx!p#f+n@@0oFw6}lFT_fTL$F@EbXBL1VSQw$$%B?IQkA8q9j{Bg?R8VX*%slRTF
zwhXvD`D3iU3?F07Ao!?@fLBuRd!Erj3^{^bSxx!tl#LeoXQy+=bkE8Nc4q
zp6I-^M21LceiTPymPmd{WiZh=c?n~22DEd&@}5oJv@FGZBDpu#NIE~tuO6)_MzUk{
z2J)fv$ryT282j81S#%te-}BOggnsUdU~=%oJ;7Z;#?X`4|8&_o!ipXzy+kMe3Rsv9
zh+W(#jlh2`h91Pwgvex32~*^+y+kJNJ}$QkeS10NR3jNfPvW}QWmlmyJxzM)N&Kr^
zex~<*EE4BbD~I*Ky?4R-$yPzgVj*$|KoTvr^E*9dgt-m&am_KgwoD>jl_Ove)>o8O
z_`VO2lxp6|Z;_O>j_+CWtr4odLcTpiOR?;}Uy*Ok(D$%<7_9eoe1oFkTg$o^J8Z#v
zq2rrOzO}=?zzS!uKEm;BK)!XtEGQ|#`UJbrXiwz*HMsZQA2UP
zXt4gE!?1;X)1!v7@MVtgZt`su{o!kbU19rr&HbqTNc?&-mHk8#&7A2y;S_uA=ZyzR
ziGKyteXmL188vTaQ;wa5)oaGkvW1?*Q+aH+V95cqb+36ZCazwy*;x=1n0SC!80k|l
zCVl+FVw%^y@&!Da!^3OR_3|cNU2d_j*Q8IVS!Np)jMt>^?^*1VORw$m|P>zOu{tS>Tc%0@~Zd0@SO%^C2)f**F8ye8SrQvjy0
z)oXqRZ}Td1ez=)9$-`pPYtpBoO;2+QJ@^G!!(qh=Cw%et*9CYau*Y0Z|3ykJ-R^HO
z4T~5rlB6Cmy=H^CAa-O)7q*c1?5$)f`wkRBiuvdR1SHd(!cvq6-D7FewV@V{u~JOl
zq%5IZHnHLZnwP)0W70Q*Eb}RjNnfp}sI
zoK1MIzAnG}UKi&>m48py|LK<4g?knKO3)31`&6xHOladRf$k9^hxV7SfwdiA?Hw3l
zcTd7~63D)=OVgxy0mGMwB}t!U;Tlmq=g=o+@vFloh5sXbLzus4gu;G=_>^vi7np2p
zJr`RMzAiS0_S~?kR~MdI3m6>spyFW@hk$Z94A1z#g*_g=A6x_AW7>oZk6
z{b8>P#Kw$#U5E#5%wRWuqP6{5XsVi_lk?EoPm!f*3q&jG89EV1$>6S`-1(tv@G=hE
z>9mug73D^?!24UlxKtvhI`*Rxq3Wj*$lZ1zrQJZ9A`tgF(|GzK7Qnb{0hb6>m9>?y
zLJ=c&;chXTxuMIv1I#@PWI1n5l^W2tE#Hb-YCtDtQITFK%P2W^q!-F6%56t_p{(mf
zI^rM_`LK+luL^5L<3;rxgj>@NH_8q7o4`niX6#03ydcXfAtOZXGJfjHZQ%1@g83(IlKE88Bdy@KrDx
z9zh>VGNM2JN{AwG+-J*~?8?~<-{RNN6HZ-6&+#aSz6YgMe!zeUxO+R2wlcJ$?B3DK
zD#X*r8uX&qX5$Op2VNH9Q!tLP1Mny4DtuW`n3JFtNYG#Rssv$B;h$XHDfhoAshu*m
zSV`@aNySQPr>tj}l!*BR;heF!L-X}^5^!uVDjg7
zi*#82QrHVzWLwQ&b*Xv|FvRU>R@Q#X>`
z+mzg5U;<(qG8(%~ex?djh$WRnZjogS|eN4H_YhJ2afc)Z2{;^0#o-K`Lhk
z?R-MeRNT?$sY{`Q7w%~ya=NFwa_5Vf-Vkzjx+=MRH?ns)vS?Y9i6vUr`_ikj)^1tv
z%Q)q>Th{xss#9LI>pv$%Jo=DBb_o8Qs|jDOLq3&cQMxNC&RF_{B{he%xdpCb{%NhsB;v_S_LreLlCwwI%eBOrl-@A#rViJ6pL6
zMf6(eUw=|GY>6md{>jzV+9SV?E>+}!zGfHqH9bSG0_qv4ReT=(AhM+&?6vJ0or}7B
z1<`zcs){Duw$P~%irCc?bf%A`_koZ4QX2POQF%V9=BU}dqw*5t>EIxQqw~6n&TBca
z&)72k74I4N7VErfXTKuE+wh%ZW2?B~pLDRA)6tdPBSaS)SIfouI{dB8&3D?I%Eib9
zPMgEH)*M1^Pf>~O;|iGpAzbE^SocG6Mm4N)(Jp)F+3UEDc%dGz5s>UeMNU2AZa#ZtQ*}e
z@a3BD3I~XBnLbb(YvcS4>r>#+6wpKeDwD6q33G@7Ht9y?)jR-qIy2=ohrTz~K0NhVd@7?*xQCOeS80L&TE&(tqJ1^L)I&Wrv>ahF%H2AuIzSU0}iaqBebi
zCkK@JHr`)89pTI6lU9dfH3Bo9<;O5RBLC)t=(XDz}MJ&OA|B^HxAnt
z7St6alt9%&>|p6NDi8qOMb%;KtfQQ{BIfFA_yUYA7j=(+a`kUuW^I#jO35tL!xYm9
zr5P9M<&?WnRFA+&^NcOTUzhR=5V?I{JCV!AC&wTy-jT9#E7l(R=&`mG+rOv%%!k&8
z4tN%1^t2_nccb?re7TDx^4~k)0iH=(>}rtgPB&jf{kQ>(kN0Tds!JY$5$P=?yn4)D
z+)8DO_qVdEVCCM4#sX(VqA+)aWMrLKl1!rawRU!}U5_Q~W4
zEmU)gF5R3MSN~h{?3!Tx6OKG
z)mi4MK4`O^sodE-ktzGEUd9Pl^`_72Db$nk
z2%kQ3KseS#sW(zgm?hAMM(Y4_eWJ=Ne{F99U#_Hkx&KCQM4#b2ZsYtlXasO>Z*>4*w}_{u6#g|`5*fFiB(nS-cuF8#4P2^R|POB&hCwyx9f(f_5ycuRC)x4jSG;g
z-Gad#K@AL!b!grandqs!5M)u80$#RL7v;K2G5v2zs0rT?mQge!!^+Wj*Ae4*THdCCw)SuBP!qaIvC9_WuMLs#Wf7g6
zg39iNJq;T-(k-Zdz;U5k-SOy>U1tmvmqHzgPXQipMMRrn}3ZbJN1NNu8R95(vrcdC@>2S35
z+FO9V4d0VC7IEaCTy1o>u_3l*AJY->e8$H4m8Lx4xTW|9NhnQfQ1mNJ%8kTMfsnSg
z5WmtyA4B7Ai4yC6V2Y~;9lmmvCY4~n(xlverHMZ5L}iIHlS#CSNTX>qeb?V7pBabo7t&m~bUO+QvCXlWo0d^K8y~d$z3?t)0!&ZHm5Lv|@JrZH%9K
z(X!d`ud>gBn1Gj#-Yi5O0@8ZH;Fk6+P?De`mSQk_x-Mqm+0~9;4L5#E;2XlcXklI8
zpcaO8P3qrYK}P1-9R8a64nUldv1rXs|4w44e~+e*)cpm=vGFP=Cc7b3>-o2w08V{v
z&Q1USu-HJKpi_$trT>F`OoJ$`6%4<+LxYWor7(Vu(8UNm2iY+g<;Gwdd_$NQYDE?t
zRGFjuK&@B-N0g2C&u#a>Hy~ziv!*Zo1vcxLQ^=@Y<5Yrsy1|9?;*9#osndR$Tx{yJ
zU*p;pa>3Pr(2Pk`+JEMx3gWvECYRu?H&
z`RF4k_MBJC;e+-OYE^~KP)RGTl7)OOLavG4xD?bDQq>hw1->Qn8Ou#m%ALQe@>%6~
zPfRLNx!MDqV2hw-X!^<3BjD>cv%kw)9&WFXh{Ddu-4#F^h0!?ukB+$sjripUC9|Do
zGvx=hBD*Y=4AF(Nfq#kc>2E2#`~ba`sJoWWRs>3ocx;&2)
zp1*7C!xJY8>&@T2yQ?CQJ^!^Z!~8AHl_4d}=h^byo4-|Y^!zP%xj7=P;EWKHp(I|Z
z_B#4=pmL+xASYjU{-!^35ANt03wxp?0BkA|-l+J#E8=!^1g@yh1_|-ZAX!lZv_~rT
z2%5i_GxqA5-$;w7ddP^#+>D;H^Q>i58WV%Nb0I55nu66u;MSj)OmZ
z;m6~9Ij`yQu}?m9ImeevuaC@aN$;{^DA}U-lIfM9utQO65ehLwp=6#
z3mU8mKlRm;#v*L6?sg%L4V2EiNf&k)xOp8HeZWY51`s%!Ey8(Sd7jS};k>y#@5=2U
z`VAv7pX)X+xm>#JcJV*vV!y9+WN00mpo14!3A>HdZ{&Io=R*X}>!!5h1|c$5+=&%8
zkYg0TH<*12D%Zo)Y9SZ557<9J?V_+WtkB0Ois)4g8~?>V1pgH-g;9jN891&I3iwq2
z?h+=ef;idEapmMXcq%I%uR#t8=0SrVCQ8&zIN;huf55pA2%-4Ak#sBbVZlP{BreD)
zUh&ZE#|=s?h(!EPFXP3&17sa}Te*t)szK3JTkgih;BMuJ7_^m>r+O<#$l$GXJ?aPET*Vifj!^
z@l~X3w))}##qfhK4&=#;1GJJv74SmREX+~sNV<@dus0LSZwNLIOMUeOt?{6^zPN-*
zkLLgp!*jrB5xC1JOWAelN&!wP5kw@Csf+Pf>;EAA=>b_~=xF>giV}LWykdeKR*ETN
zBPlP;cV6X`7TF8X$kJ!Q>qDo=xz_V~9?R-7lx=etqNIR_-_da7W~INW*1uKi4_b~-
z1w}4Gi@A?>7QyaQ*H&mLO6z|SPyb*%MQQNHkDnkMZxsE?Z(J%i)`Vy+Q`3tu@a<WPXcQkB&19p%D7OVown)kHc4)bfrTe~YSw9;|
zAwqvPs<`XhjI0qtJOGwiN|4vCMu5r#x-4vek$)WRZ#k&E0PxnrvnqOP;aQF7x5%eI
zJKaOjK)8bL7$J=QQ01uaemdbL~J*%QzX3Iryg;|Z{X&$1MmvJ#viSQcT
zQW8OBqkqw?uF58Pu&X_dh2S9|`YES+)8$z<7tJ8H~6@Me$
zQt}>9rqiNauX^=lFQZmif5|nwT#trsa0acv
z@(`Svq;z=WXGVXw>tOsmFV`!wt6=>#1uSy>Y;X_KDQq>3Jr;)b
zeSs*`0K5?I{^C_o7gX-g`cfs~2GkX%q5;h-E$bwYqd@YqC8pD+$yLy9@V1v0
z;5GAb;K`Y8jFT@#NhCF8ds$*Q(s{~=Hrn86pgPQpS+_k-$gA)$Z$NSY6h^pt584w^XA@**owr)e46wD}Ril!@$Yb
z{hm?Y-91o1Ao@L{wmg@1;Jk@Emv%%SGs?)_1$LR!I^y0}NE)onZ7BEMY9ckK*CZIYj1MT)2$wIr0dj{L%;mCPR;XSVvfvVdsFPsTimRho`
z3%Og?olQ0`+1Zj?k$7~r^rm$nU&)Tsw!9BXx+Nz|&i*QeQMF;zB|thTMsJH4|Db9J
zAzSrPNn=iNJ4lw74X_}{*@CfIu{Y6r?*Y4>DR{Pv9Z*G%5;DdVJD{07g%yi1bBzSU
zx4mSQdR8oPtq7U0MkSs9Tv{Q6AFv{CHl}{X?u`mxfSo-{&eo%XRgZk8md+RzW!rW$1kaFg&M$da_6H-dEsaw*ni|`)Xrr^S^uF%|LMP+xH`$4uBx@
zF&ucdm>b;tp5op|nzr3;iRY1SRd#s2?^RG8mVw?k8YkTQ(k`M~d2wx`b#FkKPym7@AH!CEHs#O@nN1IyZBd3)_40Thj}dkCNHH1g#a2RZhOUI()GMKQfo|SU
zS&*znY=j8eyKzfPR6VK_tcSNl|2xR(JX)&sMwLsT7PASTW(--i`^=gBX1RxSITy|SIRcKSIX8?gk$-0LX3b|
za~2NV3AVMstJ8b+>MzQSPv<*2GfDplYy~zV9jL7H9I^*gheeM}fs9nh{TwG<
z6yDodTmzMjUJpfbXdEr#r}|Rd>pcm-A?i|kI5HdIfFZTsje;$Wjfxas!DNYGOJk$X
z_taezN%&M-;NKw(ac!imiyZC9F~Ra2RsoxnNEKo%)j91d5~|b_VhNq>3C6>a|BCu}
zhUlmdsTzi-(XJwmRzC2eKG7qB3Z?}+tP~clCgrebGpA@9)kb5B2A(1J%C@l-Wu=c%
zG#6Ce1gyfDwCorpeAOZ|KC4SZ`Ob?}*gYZ7y7~7b-Z-A3_pIYy^n@SCnAxw-SPsib|dYrZ1Ec6(>E0Cuu@b*ZDdn5WOEAF
zmKY<%cAUI$w=C68U8<{~26-SC?GTZp=WKP`Y7WlP>YlSRWUJ!^GaBkzJC+6+Ze*Kr
z%~$XFA^q$O8?_%4#a`m3pF})P}I%6M*2!*i%gR72p+q6
z0_h)j$%^&H_hq0uECUUqJ5H!+#{V=5k2r*3k04uCd?Tv@RWx;lj0^bj9dZsTyf+v8
z25L~F!JS(>Aa`w;+)9tSa_a=iT?e`NTVXLTOz!QVhRBV36=T9kP*c0e@?qJy}
z2G(+QhIx{KA<|xi(0IS6RyRN5P3bUu-MWmkIX|h@0$}$vsEre5yHlOf-=2?
zoVg0`^?-Lk4feKlR9iDymJ+NRUedrg2U%w9FJqA4Mlnb#FE*
zV|<|p`9?uhma@egU#7XX%yGw;KG<(2s3o1Z-+YSW)U*09S$PCes@Hulsmi)?Pla*u91;k
z)G6-bMx5P?K*}(eyRnYncTk8Oon^c8Hni2pqmZ_EY_z-d{=YWby@B9%`Q?{*^bCT`pK;)JSxv4}5MxJ}s}`+OGD%b6
zQA@;5L>pChq-ify2GwC17{1PuEE@voa8yZuV5AqR+ii)5zy;z%q$_v44K8FKa&p~Atl}LIv^{~WYq-&HF-fs01P#xxl
z)yr{0R^#1v8xTVCAHqY3io;~+RbS!$b6mMV^?v*`mZ
zQR-!*BsF^SNbD87*}T*aNigx8$!WZAx71F_L01Fc#a;QOcDea^v76T;cJzuX02|Ku
zdoa}0QRX8MqpB-wa`Ebl0!5ZXjy$-CA2Rab2|qa`sH@QOLIB2{=*VX_!@V`&-ttP1
z=iXtg2kxay4X%4hIlDLhJ|R}%q)I#KUfhhM>}xbdxtFqof~6EF4sq|dor2u^KETNo
zG!1nxg?~fbOQG`+_sUqh=Uy2w_S~yt@7ldm0Nk7238Lba`6Z?G7=iAE`T91W`Nj-@
z&g9B6-lRcstvllnuYsJavhsA+Qc$_qxPkHbUvOchlfrq`_%CqW>nNPe&G9%W(qFn7
zL#~sc8fBbVRig|sb2VmDHQt75Y_9Zp)tEh1^%BzKRwF5=YK$KOo-&HZo6W|7hvy&C
zCnxQRDJn+IHzLMPRCm5(b=wog`>L(HWVptW?O7vrz5b`TDtic-Pu-w%8iGzgJPo;7Y^xc-4RRH
zV_7qRlPN|T+Sw@D8`9Zgu#OAqY(xki%Vd1m>ufUL8_T2sbhfx%(7zvQtEeJ)9p*hy
zxx=`z?D$7!<0@DySyZpXWIm=kOlveUF0%oOEVHZ@jC&!M5YS=N(o){ML?y=jPvhP;
z+)9?d11+UO4GLXrN->aYNpvnQ3^`Xaa$139Gma@GJ(0ba>
zRC?%Pm)9Blf8Q*daNv7{2f%4QfCD?6E;AUXaS)j#a`H4w%tE?KDfG6D&w}bOFC1Nf
z6L$0$DADj6tq
zqn<0lc1u22f*@$I$NuPUym*?VlHY_jrP{00GZ4nTg&v4;`yAOreJ(ok=a<0Q0-Qg!
zkhSb_CeBiv^pvX0N#Z2u5#sCv&d;SO(g|0Gx2ct~d^tiEy$;;Y(=zN1$@Uc4HWE
zKaLmTH&ELvthW!VJX>MiXe_N+eQ!slZ5+)T2^l;&8pVNZ9=MhuSX5id@dk%GAP4OX
z5w3JA*}VlW?ka=~K~BpY>25ST{uo7jgZ0wXAekFPCCfk$U&=@1r$JO5Nmx&aF+^xe
zQ3{Hw$1Yfb5PG914x!W2BJo#7V&C6f>bg_w`a#?FubCp_O4xr*g>B9p{BLCwiGNlcE`{v)60$hFzOSLWo5j7=ET@txIE{3(hc6PpSZ;s*i_1mM~A1+
zFi4HPh&O@xmPN+s7=N1=n@O0dV6ndvWK$4C#AQ##4gX-jc8kP%+sdn;a#y45@Yp(c
zuye>tmhto(JVhI~^-(;>_yl4)O8D#2T&!R_fvWw0orbKU>BXYU(~C!!9}9{uXFP%$
z845Yol=K8GeSD~Nj3_Y^aOWYYNjJ-4Mk|*XMehV-skQLj;`>N8Q(9_p>;QypSw*x`
zC^ZT3FEDn`lH&GgartwD3g%tEdCRUS!{YAso44&^*Kdy4`ua_q^lT}%P?adQI|g*$
z2X>rno(N1#2-F1DmdJ;>Iut&Y+
z&AXL-rDSwl-CkSSmm<&e9;HCsC@nyMce*|^iO=16t}#2_Y+?|
zd7dMsf9m7M*16vKfw510eD5&TyNFwgaqtABU%yF~$XgJ80cy}Vh(6x~*z2Hf3d08G
z6~{h^PS*g`2!+M2T9xHtQ2$5pda9Llt}eMcC-Bc7XaQ5LbQ!D0Uj7>1bM2dMsb|wgK<-&rZsNl*2svgO
z99V8w$ilVj0#WjbN2433t+5rYBo~`74Oa=;BFF561G^=OT}6c2Dx1t&k
zs>5v1S7=;B*m?m-yYcmptS;Y!$-;EdJ?5%>M3BPMF;}xW=>BmPG|c>NxG;JGj17mJ
zMf@BW5nc_TF5-G&#JLRe0j1n)H`hUBXX(iMHFVu}YKiI9SBs}$O=#qOVoFHlePXtb
zyeF3zVgMM{w2>>-yL7K9A~94b3aPVR8F}x@k$04f=%`Weui%rF=TDSL1g^+wGe;d*JkAjZ|xVkKzZWM
z7SzPBYD@VF3PCmN;J~_ak%h5WMo-_a4S|`&*8E*l*7BF7aC;V3ySm?x;w6y
z{9jQ^@)qyjGj9DH;gE%RlakWnwTL88*_y_xMZ_gNh_}sxdakate3>p(Z%}y+M%l%}
zz|eDFsUhXPH$ByfTug!J-H&PftDmVq|84JX_t+aUy7c@h2?F|24!LFJ-RcCiqw
zTQnIx#E@MlayS*O1&Ve(LpsST+9(L%qU}Q0af?R3c~8*?JjWG}x4}OO9vwYoW(qyZ
znA_3NFyc`+jHn*{#9J;---bt&Az@FLEx&`xm8))n7IEu4qPs7~y>AMett+<`sKHpC
zQKGvU6)(4^VJRQyxUSUANSC)yV@AL46r!}?GW+1b)kL93@8z7CBy#KqOUytzLMin6
z(L7Kc=BIIJG_))O#axdA3-h6Ah)hE5u<_r4NLwly^|jF_L3NmoWaJ@8dJYuxA`UF$
zLl`6y33dCorYQLg9wtySQnZXjP#tE2jQEA9pkM09O7$veFfck6$`!s2->e^OJMqp`|$}W;<7yl|dCmsD}|s
z8;rD{lHpa*BcM9WMl!ac|4jwOd;$lqpp#U|iG(VJKPA|Vw2hMCRnRM-I?M(caj&;U
zd=HfMwTll=#mqBDmM&@OEQy;$(cRg_S~A4Xg3uT*+F;d4;QO|Uhr;Ae_R0`$peic~-puYzj=s^a#-AkB*0cqN{?
zaO08gpSK3x1ggU#AooF>klZ?v0aS4`|J7LfuV@wL
z6rVSe`~)bsitYH}PCN9Q{1}&x`ifa*h`iR)=iaDtGpNPtYbXu#6^Fq^HyrlQeUJ44
zxXf-ia2YAy8#Jnr$m%H91f)4ip*O0`0M%iB8WH})g^Q;_F_+_@D?(%vs>69x96-8R
z71kS7j)Lki8_9SdPX7cH^D7**(?ueoUe3mUbuPzETuO#Fs+0uPVK#Ema_oWIg3`W*
ztdKUSDf$>idqCxt0cHPZjF)b74RC1e>8Ls~GP7c0FW=Kqx6A??M|~;2c7xXmA?}D^
z-=ZkKtBVGPHhYx~*p%@nmfpYYdp0U?p)L<4n88kDr%5gvU0khUh&v7<k|2^{FbQmD8={FsR&0D7#pA^1s{0
z0)RPSNo_-fw}eefkL!W(mJl6T@En$+iHETzRA6sRFjuKDfnuU^OlY4)mhzY|4z5W9
z!c=_T1lSBz?HW{x^o-%JOhI4{OpHSn^#H0(73qlG+O0*wyi{^-8@{ij_^p}h262Qc
zzKKeu_y0p$Z0SV^6X
z#kQ4=6fsFm`Ejdp!AD`e5~qS1Tw>fw4r7{wI#OXPXt^C+tb5TR{uX%ur%F=)OpTif
zoGg4^L?sy~ldpO9=Xh?o8+a!v-XWUzpys_NB28jxMS)wK?}@lc#oR>39N733
zkOLLJ7rMDr+{U;ek76~j2JJy%@7KDTfErwOY4a0Sin1}b^mvN+TO}GyruxB^#(NPr
z>ISY$X|l|o-u|JoFoVwkb_S@QhG7@DSl5pUcMKO|6{zMbIPgHe2vt{?fYEa=Z6U>LBvOxVl
zRTgf5mOUyIOO=VMKqKsO6bFZ%Hhv|(onn!fl*ZWlMV@%&#|0s#Lyox^2QDH-&w?gT
zQnKNgDRv|MRGHvSo(Dm7n4c!T@fe^_fMR}z0}C5NF3Kd-YuhdHFVZ7nG9uSP2D6cj
zf8e_WP|Q>uSO!HoMIxa#eQb$VNMBGgyvefzs1CD1Mxl|1SlIm_&A>N2oY#ej8M-uUfE@27vgn=s>Y*
zmEmpJDy~!Oa#{}S)v~*z4vFa(G71v+@
z-Uur`uPYZ<9(pR!tejq`;4aGCmn+0gfY)9GVy5ErB8VS@dcz1}z;&exAqHG;su-e3
z=!3TR4cN`d^{PHkzynP_K{JjiDtiLC?CO}J+A@wvsxDN)n?wOm$2W_Zvwo(-UpR;a
z|GPpoMuyqm6-c-JdM&myasANR6y1;(;G0Egk#OW4JpYJa=A$@p!y-P>nIMZ%>$8x~
z!#9gSB7w%uW%y<8!-3(R-OGdQUS9npiuQIU)`y_=eWYjc%_8Qkb#&N<1M1}u?9%d&
zqh2DOSGAB7$qfy6J>Fl6ev6FTzY?Mv9jekE(VCc
zLcEX69Vv2P>Z&E4arM(}v^<0ELo@gX)Se1^kH$JLsB&rSd;QUVK|PZ!+gi#nU
zNEpFiyJU*$$Ujj*dIbjX$0*7K)nR@Twi#NQfns)Yg;8uRNEpEl+*&XK=~gAon=rM%bEOF+bOHYn!PIB+r3I1WUp8LwMn7t+U+3|#C{2JHvcVK$Pn2`iXmpqS@yU>Q_<
zK?V_gVh>CBH{vR^66U$81gH-4ldvnja4QTbW?dXu7zN~lgb{ol{`tBy($C6ESM}DG
zbpzF5ei9bf4OfOhF~{M+!YIlWB#hvL@hs1Bq^~Jqo~zb_>M%bE+u8%qJ%D2F!-0jR
z!ZMLasG*ZB@fFf}N`~jEi=aBp1{ra0wZaW`n+$QE!g(#f2B_TfWz@=Rkvlm8gH7Oo
z>DU+pm7#cR>q2*NdF6wKH0t#MIQ{BjyvJ0by=~q?pyh&Tu8~5l7$70k4!GI`Zxd0f-&+WA7S#L7N$fnhg+4}6otHvNMYrJ(5v5v{RiU^x
z8x=<*#nF;>Af?*H%X>4swxsv3muj!#aM&cIAG!rE{8dceVyqL?1YHRF3!r!fx=ES>
zTM~{Vjxq{J^9dZd0-Nbj)12gX6lzKwfUMu~Zz!9Q?n#uz!6?EXqi8><4vWB=b`nl#
zO`Gu1T(o~WIfnzwr6oyFD**${J7tj+7)B|vqUpITYHS!n;Dn00YrVHCFt
z5=QVL_u_vIkq%bEye8WXREPOV*dmm804U~g9CV3ABB2HdODse>UzO5pvdckrn2nlj
zgT{DT1(e=pr8ny8%KZ^kZnD%6)CO~qaK1MxWiWxCKpr5RpN+s@4QXATBjVo8!uo#;
zmIg{%y7p~4s9GADBu5mSXkUWl%@^r$Z)4g}d|q?z3qIMLXBBJCvx1uQaYQ|)0r_o$
zEQP0cWih=h%bDk^K!u>GAg&^s)7wC;RlF^=&A)-_pZ%jHXj>m-d{=4w04uQ$x)B9UD!%0~GVH_EdC*c4DtD6BWG)poJ&xR$VKnh-aGYIeeb8#HA#q<cCy)%TQGnRaK!9l+bS>
z)E}FJm(!L|ow5dg@Y~1B4pVh@??ZgmXS8r$@@EBj*pM@-v)NxyoR
zyW{_h{C)n$A@cY8GhO*{XVEMlfV5Lehu4HhfXYqSZI;oIEitmhS380?ODZ&CEvm%t
z0L@!v!eGKK5G8h$BoSyNIPHzoa`H5f=jRgp1B9fCsS~+n4Mw&0klS9#jn#4^b}G5V
z>~6uOAX>5fUJ4dH2+sH8q>ns{db*s1aV;WoK^DnVZ4n`*MRUlaLde~#M%b|@jV{KC<2Pv%N0gZqaa}f
zf2NitrXW3~gn2{vY)~EMCt(eT?W0jkK4Ava#h^(wN!
zl}pTSMM^`RVYcsf&EPPr8PXg9v6@H88v9w7oADO&r_fQn1=Xf5l5DTgGktb
zx#KqcGRNV-5ATpwo+J)VJ#1Dbs*LkJY~DgAXubu&nF$0EL(xFv+TuqZ?
zZDGaycCc`V^`RYi0Tu1oDd05M8Nz9fNGL+7KBAMeIA~i$XA<*9LtMQ=`Uk#Q1QK!M
z9uuN0Chq>qd1+d26;OG+>LJHcRN+a0(_6yTEfv~Z0QLi#*H^w#w3Y9)iA_Hq_5+fMeJFV=`a@uk?>eEA&%mgc?Jg-
zN&DBJ;fJ_33`cW+9bpo+UGet*4yX?ElYNt5Um_@GI~zxHGXHo?wWT
zNY~+;MQD+b4ZfH0%iN2D<`bO>l8n&(aipj4%_5LU_#0*U8o$iHaL{FuUA%@_neKiO
zoe96AKki1^gG-h8W)Vl$k2r{gCv7YSK{K;(&;o+&B!$dpQrBS#KiH+Lo85L(sAz!#k$#vU2qi$FE
zPr3PQ)b?Pb?pi|ixzQgnAL>siqY@O}D0;~?>P6Hi2DIdiXiD?dyQ{j3ltIM5!XI%0
z$SR6|qvkKSUlmI7=PLf3lC94-qZ6+ty;y=b$`Rnax0;=fYIUua|*S@_nwVMqS
zMM^``G}#}~1Ts&UvgG(fPyQH1$AdLlg&$7{97}|R$^IH-vQ>C|0_&XYZz6Rbo)G&q
z#&LU!za$NGR^cBLYV;j~{n1pHFlk~eTQ$v}lz@I^6<(Tf_vRWx?1HA)*S<%CneC51
zl0w2SP7v8&A}cm<2s#)0dY~e6}3RzgUpq{XY
z`%|e^*Da_o>=Ewo2Eu;C{oPR5Bi-MPggr|Be#%&2kV8kKSHVdbHOU)wKf(V$LEjuh
z`l^j?YDYnJ$R3K)I6v@@6%(C5_{ZXjjt}|tjG0r4f6ScdRNx>`+wfRbgw2UZ@ei9
zs>5tF3AFEkZ5SwKbsSg*#mYq@p~@p7-5zOfn2b9?b(jq@T5P!uQKs=F`haMT!hyw5
zU^{3GB#x$6OtA!MjWBtuL3Nm)Z2G)Fh%KO)yK!J)6ye7I*yD5#8pauW~Z)e$^FTNW%O1jkd@YJ%fce9v35RELNr
ze~hB}pgJT2L!FbyX&=$_5fa|VZ>#}9Y{EgiMI;i(O2~U3=|LsWi{gI@szYqF7EHO4
z3^`r=rT+mTQ(+fq-OiiHrT@I|1%K1VFy#c{+xkn_K~B+iX{(37ISl_C;cxbr?SY(c
z|B?9ZTK*sxKN9k(+lK``@k4X8pBKVX15mSIXbxj(8(Vah-
z?_7Ra30(tQzsG={?y*w!|$$zVq*FmH#B6$gz|G>FG$!nqI{TnK;zm%8YuR={7
z^Qe@U;BO}7VLpAG>wEs=Y$E_U7{?ed^mbWkAxBDU*B4^>R5`R+TTNKCNbt~bw`Xc%uXNdF7zjSxpg4{f-H-cH=_(4InI0Ew
zb^u_OOPDtKm4*4|12V`TG`79cH67#nC6Q{UaH7x-!Tp
zkw~a{^(`?HX~QrX6G3&Djn)+PAp>iQc_5mrabQ#E!f4Q%f;dXAFvOckUkKYT9s|{3
zewy^kQ=O0WMO*=OgsSsy+PNj)4XSg**h=y`W27%#jkhA@w+e*tMbrl}OYy^1{4t8|
z2<7iD`G@&9I6!_)$szp@`XYt_dF_&Hb6)WDrBHsQ|3Q~OFEH;jW^W+J>)hB?OR#5n
z$fx#&DBn9|-yOb)6Oi=xPg4GMJzh_GkE}(^AGTHlsUQMY&1#0iJSHtwhszA7-
zgFi;mzTg7Ul}xs_y)Q#nSguIV
zNSREvQN?FJ3~jxY4fA!GR=75(^_DcDimxj9h{HD=7^&iG?8YEON)3{j>a*Vf?@!;!
zQlWwK$0)iKDp9qMR9`Zc0ZVonX-V~El0a&4DV<4Pd7mBkJ~mHEUV)ZZ0IHr8bbBlB
z$>R=M-pBv80(nw?d0$IuFy43YSrJ@RF{sD3$8yRp=Zl;M(YZ=tYprmlt5B{0`vE-T_
zJdCI>l7GLmN>l;oit|!lyy^OPPOv;0FQkFrS=CKLc4o@psq!wNHk)CQtI8vnopd4zewuv+Ak7A}61(f?U-Nds_RL6?q3FT|X;b
zRZ)k;K5^yC$>-y-(pAT#?-3FkD_wQWYD$%16&_ZuI_0`*l62L_mYRIN9UIF7!e>^6
zzp-mZjA)!R>Wt;c0Pi1Tv-7nx-w$zSV>0$NEAnrc_01V+Y*}sWBOfYfgc|#rXRNHo
z1I27RSlqV5#cewhWLu`T?e$>W?usSbwpkI2VZ}0Kn>X|y3bu_Zdf#!ZY`0ly*)d$v
zfnOfS7_-f)Lw}^etBzAt@f)lX--2_)=d!HWk*S80d`gv7u5@>elQqA=szP@kScTii
zWeaWS#$ZEJwvgcER*4o6vH7$V{I{M{7KaL+sRS>#YRPGT+PE4#$vo#eakH%8wLyL1
zcr|ynT@j*r4ryL&Mec@6@EQd7HO_qB-Li0blU~?5!_~<^4dlAP;JWN!KSqM
zZ3ynRIUfB4beb!0;KlDJ86k^bGHAgEmUsiHPc5eF>Z*MQREPO#K^})YLB0aTv_GaR
z-S|fnx`j(i#RV(;e*^x}gs3=?|7b$JT_lpA{djjz18~kSAwz7#w3-gV@*GxyOR*P8
z6)wg8$thMeZOFAFt%!#J&-+lic8qrI*PsTu7Omy4BWTwntrWMl#PU*etmQ5>#|@kF
zD(+eVUzD{kHiFH$yA+)H4oGr|HY&)W**VCPq4LRA87Xw}I6S0E|1C*UZlixDtS2JL
zl9ZZcY=0}F!Y78Pc~Tl%RX6PxpavPcYh3o1Ro#Xv+ZpkxvQy2U?6Cw8
zqpVEju{MslOem%vf#9Vut3mQ&_*aXFK;oKhij&Xb%AW@HvP
z795ds#%Vb{!sO&>IoHhK3H>>e^Mx5R2^=Gp9ItIW5iEy8w$lm!kr}-iIbFl>uZQ9L
z5`Mo~@=N4QdP~~*k?wG}e1=>v!m(@I-TSKGmTXXE-#KXdba6WSS=sZDCGFi4qP;3<
zUtq?32DVxIrS{gkb$0%|c-e3N~N?D77RNTD+St&YeNpRM2WZkT@mIh^I3vJlC
z5X1ar*aS2B5wNw{BMob%4f_Gq&`Q}{36H*M6_bNh-2El8cIm8X!C9qX*atdmMo?CE
z4zgq^3quUsT?VSVnK32K;31z^rD1p=oIi+VgBoPmig9=6L3>+JW2=tAdZV{lg6@W*
zxi$9e!yw#mmX_1`qQl|CeWKlXu
z0bWr$n(C@7#+FoFl6E29>qMH`m=PTy^VBY>$-5P2K(HoSv+-cq#;mIMakYs*$&8o-
zCKR%Jt3mDn)H*2GH#>_+Z+UhK%T7}T@PD5;Eyl9#Qu29KKj)!M*3n;v>Rq_+g6rsSm#|&c(LV-vH(f{9
z-SfQIC!0gJAuAO@30Y^RS7&XezAW|P85aJ;9&Z4SD2d<;U2!*#^30bLT;b4(cn&iJ_M0SFt&0C~>i?#eo!SXqt#Rk4*R3nG*?MSTQ
zu))zrRF!CYDGm}}GK~4)6))ky%XKnPN5G#pXc@eh0K8D6UtCLNL?m$}lHL_(OmP9}
z=*`lq#z51@DDr)cJpzfx0K3iDZal6K$qFG7+8~}33zS(E2i8x|)M))8kwiR%3-Gx}
zhpF9xcb7mXP#xySCZy>xD$rEJxF1yUHV(Q#4cQx0jq>CTS*TBt|FW?b#{~voOPp_%
zqOpB}!85^A2H)Buo-%eAd}(y8QGx~{I?wq4b+gV$IzxJtXGk1-rkaQ()zOhx5F1G(
z0}Jm(i$9OoG;WmsIjKAMJD@sbE#ICpn18I8__EOv^sUBJoHxX;p^xLo&_y_ioow*X
z_4vKh*g@o7M8=~Q?HZ!P+$~&1gb+a
zNchv7!ty6b_+Z2M4g|ayBuw~VBaI@AB9YiD_OV1|VBXsxeUJNG_=6h^L3Kz5`i^sj
z(>&3%4GHgO7;TU%28IZ45shZn&q$(`QNz2a&Gj?t(}_qVS?BOJ+$WGuP@3EU*(h2I
zszU;)7Kx!0;B<7WWOmPKiMwk-oTPPtJq+~y*
z@Rg5*cQ=eO$Q8A5C?>qSQHHLm;!hrt7q!k3cObp;qV&}*(p9L4d{7;dLBf+ch48Op
zA^dK`7zToP9EW1U?>5Th03s5J{cQ-}fb>-*+-pLwgX)kB5q45%+6pvYgl-
zhVXt!J1F6J8iqec(I`+Il0m{7af-%2iG=4G#^WG}6*v?Vo@>M&X5qxX^K-<1kj5(E
z*;@EXP#uy%!sl}e;k`(B9mDtr1Yv(4ESy7$b&N!s;p7lp7Wr~spA9CJN_%a&*ZWw+W;ggK$
zOUT&~hX1EHKIKWmmoy?$FJgJ7@Q-Qv4}uzGzgjMpH0slfv9LRnE7v%~-HpkGYrK2j
zU#>$Ff|gH%NS|p$%!B0o_0nI*wZ0!i_2tUtnQ7FM`f{Yc2v>ersn2%LyUTTOqmr!{k#N3e_=d?bFmZ$ExHr0
z@4n#6@J*W1JqcelqJ>|RBOek+UP~~FOcHt!LE?Q#A5$vbl@G3cg6fcHQaPH_d}kV`
z-JN-yb`>pNF9Cs{8&_~HB7Y7tp~-H#srvJ36et#%B<#08O;HPwo=O!iitxuMY67Z5
zB1qL=oc0kN_fRz+is*^Vg=>^UAd5am(JD~6739KuSXz#&zU@sE^H4on4PeVSt^zN3
z4>gnb&f&7)r8FVN@{I>agMx@HmXVfy#x}?kZ{ol{B%wjoP0IEoDDxfC{>l{Zf!`~j
zI>gV_J(c9`F|13F7lVVACo&1R3+wz$kZ)IFl4OBUqHItdVk0r}kJK{6cdKQo`)W)d
zWLJ1_I3AhUa*H
zV>F&`s0B!bl81*o`GfWkszV}ZuK$bEJkha!CCs@?OZ7zN$17#|y-{!ss9gSynQStT
zf{{zJ5ArF-hBIm4USiA!POQX%Jwjj}b|RNF*oEIBljO{8WQl`F=PNC3v|%5D>W~Pk
zl?9wa^y?&gk?{@A#oss-6TK*FD~l%P=keO(l&e^{g^A7t)gcii`e#ld`d<>gz-WO?
zaSsljXnMXQazU$UBs!6puU#<37^IbyXm7VQ8&roxkm&ZDLi9=!J>Mw8xmb&X7L7+>
zaa!h>CEg~i66Y;SPJrqV8?}s%6H*~&TA5#PesV?eS}FC5s+D;#6L488)2lqor!XRq
zxF;EDz=_5Quu_aS{jY4OT82vmneQ2A((P}N`HDSnESpxKPIE=aWhAX@#76K9TqbSVs-+zXm9}eQ%cd!ic5k`+
zOOao4Q18TkyL}PB)TNTW9Xw4RqbTaPprTN~QnKHn*)JJ~s)N5>L~S516-oX~$qxQp
zmwzJrRkfRT8N>M$E20&|-7;bzaGMo(j^=*M<(9RgxLelK++&Hmy0IR(B*nc@b6*YR
z&XsMpdPB*b({fl{I3hdlHk98i?B3>nCBVH&YAha8i@dp-`yv<7u@@<;6jA1PbkS#J
zLA|zC2~@6gRZ!8f6~U7uS|j7rFnFghcx8eoMGi;CE(P}{g-I@4IYP8Z#@HO0U=$)l
ztiypj1?iUkt*q>CnZ(#^xFwDtovXxp@%7W7IwXSn+Y(OE-%Ju6Yh1*+_zedwS|k!f
z&7VwB?hl0Pl{jy;Qwdau*rKp``Q-|K?NYE1M>3cAIyF@zn
ze$DVAFZ7mHseAWqb-ubYsU(TUJR_w~a<2u6_*0Nu{uwFvUEQ)P
z{^=SrP+gD0Qi~-Gij^0v){JYp27j_^595srUG-`C-KRJo9z}*D_J(^t)7+)kLqSWg
z_{-2(ZL!q&t1ig^t?{m#v`|SObg15jf4jMYml@=ct{Ew-DG5s>A%W5Fl&;o;&^;X-$PK(6;^<
zjBVPr3ZB=;A5GKipv>57N;y4o6{MV4e!$A25%Qg|4RAA}GC!1O{1$^f0Vuyj%Z;+P
zIUNWp_oMQVPK_gB2e6|-HRs~Mr7nf6CNzxsr}Dc3L?&^4gu9!zAU&mIdK>BkpgJr9
z&3rOWXgicq3Z6NOlhGArMK#xj{|QvK;b^q7VHXy~e-mTGU&;o`5{ZQTRG1uf}N0b0c0w2dJ>>x!=N)Ybf|{rS4a1I1sM&m
ztV5d{V3hq5fz^h;%ae>xae_N`hEUEe^v4?_|3Ec7^$iA)hl^_Mj172pAET(k-*}9Cu@w7vP7;?1y9XiI!N2G*20w
zrmcDbREOE%%;-pZ5MDoKI`0HR?L+B&2
zMen6TJYmG+f0!!78!fJ22&>=tF;k=lItGs5q+-p_AuF)3#0TKZ*i{wBG$I9x%$<$U
zs&GCNUvtPY%%g-czBr^Y%gq^+Oi_gM4WXDvfyUoeEyJHItagY?%r(*>wf|~UyyZg8
zyq%O&=7&pwbWP~Y+o6W1J6hQhP)aj_u=h6Voa&P20IZR8+hnzU^m81g#3Xv
zVkd!3aYPqowrw&+plkirB*aIg7mbp~f$f`I6(`2O>J!sy1c+0~yhvL=1lc?6wx#JRjS$OqHk;9uxnH%bZ#4uJ
zdndAAC&&_VNYie2!^l1MZfK(150P`)6(Gty@FH@1G+ML*_DbksyDjt+1f5ev;41~C
z9mnhxIAOOrgarerRVjy!WGmA8wuEO+*^}QFA{$wFKWuPz(|MJU{keS{l{Ou|?vCu<
z1d&EoM(YTiv!BN9hK!^;*k(~K%YTkMA(i}%&KWpw@6Q)v8S>Y-7?Bo>Tde{Y?aZ;b
zeFM}t+#Jam*EkglOv4`88XG6%;V)@|%riFbg4Ve1GXN@Y*njsk1OoaZ26t+BMU47(xpZ9(?^
z$QnS|?1u8MKZ`=#WY|$15dB3BOhMLsH=9dhJc8?zB5oCQ1#%4gAnr9r7+ky-3L;*K
zEPwwHAln)CVGOrK#s)&14@Zmgtp~vJPKN!@S-fcsHFO=IC=5PqniSS7?m-B<&#-@a
z(-bw4XKa66DUxn(wyYssalc{L{2Q;Uxe;K~U`QBj*zd2vRVxi(d$|spm8%RhCK~n+
zdkpb}2JkOBh%)b1fr_53e}M-KiJl5{E4;Q_qxlydM49n(ATB?$!D@}3Y2eX3#8EVw
z%RmPq#mzD7KASKKVtNfKANxK2c32fCH0(AXVDN;KY7&U8r-O)FISj@vGi-Az23h2_
z$5*zXozxlQnxOLpRvPx?n+(wld5`LREreaIT5b21@YZu^4{J>^7tm$laKtCDH4nUG
z*l&JD1_SY`ixPKn-Y&!5Qx|#1K|k&0$stuT?=$QY4FR}}%)d2&EtY_H;j@YW(Cv-Y
z@%4%%3(v!|gnnk&pP&~TO#$nC11S4RLN6M2t9(f957?CdfCig+-LO|f8x
zQ00ZD9giEEjCDY4by0GDv##F)z%!=3_7Mz)#P<#WAGsidt5$;cnfCABDbQsA{?;IF
z@e*{@w9{X~JDo^ULL_Eue5D7t(@M~1roE!4DM7aY&_;vUO%hbzve#n}VM+M_4ALNS
zm9XA@5*_4b%g(eG>%U;$(b@=Cy_af!<2wIOe_<{D8{aRU5@*hIp
zQOz&&J6rajHvR#VLfO>#o!kF@L@Y$2I{
zBJ!qt{ChF`2PRtflDm}U%aQk-mrsvL1!h?GL%US|UgRC}^1r0Q%(LtbyOsPekayn8
ze~j#V#-Utqmu_r?m6yHIoF-5QiX
z0P;6lHl_!e-wSztb-wfALgeqZ>@RSKr7;%t*_5Xj7;^TNsKb_hFP2`$N+33bpm68F
zQkd}`ih)!3#kf=v)k
zsvkD~YuPVXgYXn&R&@cws@n(5w$JXc#pL@jb%VTPaN7sqF%uW5oqGGQx+Lg
z>H*}x8!DACoqTrTL8;LA2KkpmCCzYaF
z$g4;BvaPSrM_V1`vzJa${I?;mlgH2bQ+#&W+N$`2koU01-xI@pV4lz3a7qmovyr#Z
zjThKgQQCs)W>fRK~RA~_W;magXG-6
zps{{Ct)~Kw1E5fYc!Ff}rQaAn+i#!8B_@{nBA~l9Jjid1eAaKbxL*nW5U4Lhkiufn
z2EW~-mI7S^z$xh#Hpp*`#B0b7zpRi|fU2vJvZd6o54T+R+c%9bNrIUZ94AB8&UuM1=kO
zK;@5_fG*Z>`lYsFV`*_eIGG%3TD@qkT++6`p04cK3*a%$#tP^lB(joiU#Y9==R2T&
z(MVFDK#gqs77T^F5GjHAHyK~)4Yq=j&hcib?p)h`;T*b2Lm+N;QNkL%21XUw_E5|$
z+)%q9Z-ATcd0!1_3?GFuU@^+@serEf54gvz^vtvE3{2k4_!^i_-GDKuYp}BCZM#D=
zrR);${#dt!+F^3-(*!FD9iEP%L!1vcY+KIu%zhK*a
z=c!Um0kr4_@ZzQT$F}<)Q9L_6ah_r8RDofHH@IE(S@#?YsX_{U?inK4~%GNj@@Fz5j2ejTz1Mu5O`}uBa
z5w{Mg*9b{#4_OD=9{lmiDp-F7a0L8}6M%iLg;Ko;s~*-kfxjc|t{C%K&F=vG?r%f301tu09~lzdL~rJd!y`U?@=}quvfvp&Ez-y!V}HPO9e6X!e)Lm?+yc~ojSMoDk>5qx^z;PF
zJPp((jVx{~!+(#mmtq2ExKmb$Bz&b8G+bDW3^?{_TwY>iL!eq~WRS5xje)UAj@>$1
zIiM#{Lo_nTSVlH=>^(zOgP94`QjOHwm1h}#n_~|^@RCi~3FuqlaA7gBmt$W-5Q>p!
zfx4`bLB=-Rk2d|FW4~r9WFQf-O?<K;|Bxj-$`$RJ}sYJxVq*Rj8M2ZUWf9oEPo&oc6yV?TdL$vg+t?;2U$
zScYG6?DdrtyfmJpNy9g+88Ffe*i+W2D!T=!+cYxB*lGo62C)JAs|V0dF#H&OfqFzE
z*@bivRwoKIRt?z8jtdSo8czbXL?fwK3N$5PFE(U6(%25b+Zv?BsR@>476t4#UQsf?
zB50CZqEI-uFV)DHaZ|uPiK|l-_cSVisk&w)&naWx4A{Rvr9dqJxLbof=|S+b0ej$J
zW&2P-XZ;6U+L2aq2Rh<=_QLB3djt6zz7dUo#9K)azLoQlj^-NY5wR3$A7EGq$Be^x
zQ7Oe>H-i9vMP?j~Tz+PD$KsMy}AczGs%l+TWSw1N=h=q7~n
zx73+~mJogQHryi6qz+v&X!=Qe(3_RM#WqDn;9B6@7GJXvnWAZo1!SuV1A1Wo1hp5w
zeRXbBuP#G5ZqlMxuaW!%=K7Fbaeao=d=)4EskzR}kln2Gyn4u=ZYlZfP-fZy|s=bwd}4@SkzGume2
zSF96L@ssH=FTR6w7=ZC~65pX#=Prm+?FYd;D#fkF??Pih3f^jTMS0PZ`O*oIgR&_zVY>;ej!fdA}2r3>x%_kyP@mIHfqOXJ92m~&*1%JoZVT+?bbH`aPG1iE%IS_ksXfHMGf<1u
zU4b^7z7mMvOY~O*H96fKXwT_ufq|U99+<`Hp1=-H_XghQbbsI~r*8yG?j!z#fx4U?
z3gmJ6X5e8?-wG6RdN{D2)3*cv4`<&2UPaM`J+r$vo7)I!q>(^K0wMH3=!6gmy(1mz
zy>~>V3Mf^IBA_4&BG@RR2r3;#z>0zjf+#ky7o;fs?>VzOH{nzN=l}2X?A_gY-*cw!
zv@<*V7N3v#FY)=f-+zGQPxveH`E7p_KELDd>zrrs`Cb1y=lnXK-}9e!&Nuk{zCRHi
zbWiE`{dM^Kfxnw`z8B}ZrTwzRdcFwA60h+^P?q?NFOp<2ic8(nDY6(PcHPpcvKXau
z-O}l@7$tAr(wVZD5-%@{De){>jKtG-U|LzGmXU#BWrWD3`IpoR(jJWkGn-1IAl?K=
zT89L_t5CI>6shSlmFhl=!0Cg=iPS36-ZxFn$etzv;wpjZBPWW~>afM3>{9J@r6?Rj
zZC+|UX&1+YAGLW&sgU%MIRDY3C}L>VI~C^DKVXbUA<_Q=~Q~SXnjAyYpNHd8<7ll2cAy4Wsm}U(u76A6tKan_T#=-Ku&|uOrO=9mT
zK}1X?N~5XL{Gu_pN81R(!L9=D=F*aN`zV>;VDzaU;Z$P
zS(&Q-96nd`H{x@)zYU*j_`lXd
z=X0*VAM+aeTkyG&zdO6<`v>v4v40$&oA{^kxv4*adCmM8d~WWq#^)CP27GSi-_5+%
z{v&*Dw_{}|nhIcY*Xh{KoxdC7Qc2dptk>m29_OUDL4TU=PA{yiEyigXE7>Vg#@
za6P1v2J7cRWw&6N^XPWMlQTdr5IPrXMJe{MuU&u=E3d%$FDnRll^H$m{yElb%H?YGlt}LRZXdWPKjy(vYaQO+ai!Lt7Tk(R7
zO+-MJ7XNyhD$(*L2o|ECl4z^Ee=_jZ_5n<3tfhb^YD`$2kzSs(7R7794HtD1$zhxP
zx*!|gse
z7#lzaa}ch#%MExiW&gx=I1xLr&BQ{hTP5$rlN+!vq6^Zh67^rQ+eLvF80&9Q7N601
zc`X#kQWL}Qro{sL`rm*qK=>OR#)n6MDQK}>GZ(zS;A}&TA!T(QNLdwF9+jJoCl~@!
zrh-thC~44rlME49ZGTlAga$6=th%zO6Y5FN@n43xC%vY>+M9H)rj2ZqU^wK>U
zGyU!PJkP(I&-48s^Lde@L~Q$J`eX->599MF{{lXb
z^FPJs@&4m{p6I{K=Slv+JEUi_zcQci@)z)Vs=pVXr~8NV`9A+NKF{&5;PYJn3w*xc
ze}K;q_&?$ELjNs3FZKs8IQ5i$&|e1U^x^lTC`3OX12mnOKnw4pm&zawbYkeuv*=f)
zjWQ!zXJR=F4%r1lav`on0`9*+v4deS2wB;l&b}X<#OV=0S}JFLsG6@^i&|>sa4UOmdlN_P;j1x
z!!8`gTa<8gC5fZfK9#Gb^p;|Q{K&?yNrad=mXq_5)dCc*Dg
zyfbJ?M!8n@d;OF*G7e!*#-ZScBrUlp*UtVKDaM}H0@gs|-aZ998Wk30f2-}&4bkfH
zeW)X5G{sWOcBxI^h1D7K#d7`#45J@SjClZe56jtfw>B|m1pQ5flNdqZU|bEJ{X1$W
zUbATo2;T;m%wQ)Jq0A1bU@^ElKSYYs#vtFA3TRsU+`t;x;W5idL*R!3tgaoBdI1p&
zcEh}bF{1b}0O7%#6LB+=Z;A(p*Tu~!zKM_X^@PY+&x$v&cOj^8&?)Ic1im3+
zWr{V$Q~D)?84ZXZ{;m;Yxvd-j3f_w
zS{*`}ssxAXMD&t;!=nTp^0eOzdUH5;av{|eDAB{7^0~l=0-NCCSV0Tor^NB6Ypx=U5r~IT!1ix5eikQ=U6W;#vO+&;~k&&-8K`4t=f;JpRIcSosP7$ig
z$lC2er~;c03*Zhn!S8SroRT>G=g*x4uLnIk!8rkvUwa3MRX*F-7tl1i
zDW9Fu5%W^AI~R3RqjB{od}seChEvcHUpix$44a8KT|lhm~e
z?8MDXNvT`DRYEqpS)1WtG=@4!^*m-KCc;4k?_CF-t!gfy8+?d3V+aUwgTs6lY1=6q
zW1UId*sv-mafjE+w_@p1)vSU3F17G<@58V!>!I?w&7kHg)MPyp`3I@#GpgTMk+sX7
zhG`Tj)2j%Pg~Q0fQz=FrZ%5k4U_NIBP`W)y8nKh@n)zZI6KE
zUCJqNnXTm-k%%IEWIt1y2&({Y(1d10=*u2|VULK1&R2lFt?@rF7%1es3gRVOG=-`!
z!1_TmIdn?XkM{84NPnX$MtwLqc9MdkqM%5>+5O`_lwCSA3+U^#?r4MHzX
z;xMsy9S==M(pHpqMgmxJ0w~j6nyM;BQ!ZyUkamapQnVrMay1wmT^0vRC{`nB`=VXe
zJ}{1H7AF(0LCk6=ZTd(d>$(WSPntyG5++&nvbssTC&pitJCF@US~a7
z*=PgEB6nW3nAKm}pLWJ4GT+c$
zgugRHRw1J$j9E|D4ey}I4@&#h&3FNT$OfvDa2zURyhJf;6(&0pm4~tnuuQ^PnZlny
z>LO$;pAW2gNS>B3W<4wI+|o|W`vV&q!f6R()=p`ko9^JVfjtnyX$fQ2>(ai3x`FjS
z32bu+rzMP8Z%F&W5h{-IAh4q$oR;X}^91&V?LsZl`vTav8t3;pvNl#($%#R|qO1?4
zeG*1f;>ZXLX<~6Wi9tQZtWTuf3AGR7ReVS(l{!GhTk^
zP6fFiTt|`wC7`}Z=-X@&&YFNy;hXTp7LU!tT4-d`LgpgodWAZ5vEY20KQQ0
zp+llKSHp7LSd$M9se)xcjGCM?yfg?EG>Ow#X~MTLUTx|GtN?`0n#56{KeaF+3u`Qg
z;e
z$KG@SE3~^H9VPVxa1;&`ldzoe#zw3lAW~Tnsu3xa1YuEmLeLY;MjfgF3Xb*10$Ai0
z+v2F@7uL7vO|)M3CTz>z+0y?V-0IRrh2G9ZJNF{ly?COR1I>0XKEOr(*&a}5#7x+R
z&f9a+o_dFx!8(9I$>&f|go0j@wmnN#d}j%|iYX%O1o$QjhIcn+pbsmoB#qF$kIC|n
z^aLrU)H&Q8l=k9AFrGrJLT$LxMWMeE*Kx}}CFG;K?R`X68Ha#b#8nC~NN;pjDH!>0
z3OGD5&pZkL-jR0McNBf)ztBa;20OvLDDBo*q#)(<;Jt{$D2c#`&J6x2?R<0|fct+y(GWO&}G@?`RHYQ^WRP$?5P-FUWeEdz{%FCg2su(Jv{G01RbM5CcOc|`)srpq8)(Ig5JzUqi}(tF9UU!4!H0w_l%aVW32I8d%StT@x&1VfI@2BU#yv6_)}RROio&hH_$C#gv0UAK{9KlJvfs_ep6F*{0dmOnVA)ib!$={#FyafIR1}
zpcik;3>o8SdlA@f!ucsscw^K43lU=ZlfXXF@+IkQ7w<+{byFYmjrxk-)}}oP6Ieu&
zvc3>D4yCOm^%cDvWX`i8c4yPB(g|;TgCwiqFNfG1Htr01dzJC&ER9k9-XbJ!F<
z#I(~fv}E})z$S&{sk7)EXWH{#bi)21u!lo9br!vMoA#--4!#xGOCg*(i{AT8djx8E
z*8eWBk3u+g7QKs1JLh{R{67KvBZO1`&%463r>5ccX{5i5!1Ec4!-*gD|GcYA`xOk@
z7_R~>N8|jaig%M~2L_>Fw1RsV!YJ-sn+QeNW7-Y=gwsfX_ZA^YRlewb7VoE~{UO%3
z%H?3Ja#`wq7VnpMS?V`cSIHf~ULjm%0rhvi-<$U9o1Omd2f#kocqw|{rC7cvZVFWY
z0OzX&g+f@8UO@4#liB;9M+mte>Mf2Y8?y$)l%;dg9N;J{LT|ZvAD6XGgha}qkMo;k
zrtAcIZxW#ZI_dDq;!bQE0c#eLr~HbVQUxmS1#4MRW~kETUbc6I$NpuUQ|~dQsws=w}i!D9~`@92CF
zgwKnRBt=Vg#l1&7_M>=fTwVb~qO+q)7d0WOEABmw*JV;chy$4H5`^#ZEy$IcVYYn}
z#kV@#8@rh5HK@l}qMPB(3$yQj0<*#0!5CPCC46UFA-SdWY}^6D-2fM80{1kOnk>qs
zzoq9nJhH}mFkaFuPPR}Q`M$(T+hPL@PnFhCcpS7-no2BTevO)?*jB?M(Q?uH2jgcD
zuDB#D7saxPVs}W-u_-F|jN1Hqa|OkE+U*A1%XUk3AHm|g5aryuq(ScUpwRX0=p`$L!=g;t4GZ6`t(
z&adB(AwYja7;UfdCfq+DFSxp(uB*uCh5KU9ddin_qDG^lE1E+|>2O~0Ozz`wBG5xG
zg+uA#@7bu0^7~B2{A*umF6HVgY5_gOhsg!LeZ<3-r2*Zk!RBx(Bq9ux9JBkz6
zO<^nnV;zo)$B_hdQ-;@k7V=)L0qxWXo9tfj7@K}Fxrc5X0QVG*uqjorHQ_=x#9TJ$
zR??pun@~5Dha}Vuh9Me>({|!aT+!G*yB(|hY{}Dk6ZS~&gO8CvL6T|i;`UX@w*r_$!RX8`hUWrfm8Y?sKnTw
z_&@=sn_YWi0W@lRV#i7No;HNv!XYP-UuSR?vL})ri@<-jCw4|gl6Vjvgv2G?{);^^
zuDc=XX*S6!AGJNP)M!ju!MO{O?xEz+_QcjTR6xgRNLvjlhHN$D5o7k}X%I$!Bw!$!
z|2Z1i&iZdm#PH3kmLaxd0TRs&O!-W~)A(^Fs-
zE-Gi@4>lSTo7T*d_Ip^`Mb*)CxGuqAyiQ^J`-=0Y$}J79g+=}(*P=SvSQ4m16ZMTV
zAh0x+0FnCH2;3~UOLf8vL2!7VlpUg&D`b^@DK5P?NPUHHmqa!7~(#to=@t}kY)vKHLRE3#z*Ynyv2p&1;X32
z=x)QhbR4O*58yFP_=X5wnDClm&FXK6^S~}?{D+VS`weS)9Nvlo7J(qL-;(5IA<`R$
zbpl58bP#H25*s;~R45TzLr=o!FhpvXEW3X*@~trh%%S8`)39&B8uS|}9|PA(r0N<4
zMd5V~yW<`yZV~<h8>=Tw=F0%DZtVRSMrQsH0*syRrWs@Sd)v~(Pr6Tm*u@+E1QVpKKKA`uf=k|t%0iblMe(Ec2>s*kUM(i?_7z-K7A
zh*n@yctzC>OOTzn40{hMZmO4z3L)&x{ZJKa+Li8eN?tR2Er%m~RbhB^6?A3KThXh@F3nPJ+sBb@l{3Sk`1@}~Vp0NWW+I8TN!
zUe!>^w0B;_G(08XPa*#p!>mKq1y17m$!?{>$x9Y;OuP3p=vt6mIl@%@7^{QXh7TOM
z##+vdN9}H8gnJ%-7?l#@D(?g~6o-1C;`os!+lNuXaEu>>ntwHfQ$e_gUVLG>hvB-u
zsGRv`J&+cLdwx2DH5wJ6d=Cg@Y*WhF?52F6=@lc_tUeu8F*aTP3U?R6JqkK~dLEr49M*R$XyoIx*-BUg)2VsMJ6Y9gsNcJ(syy`J1!ID^#{
z$B?3Iu1}I`Ax({rUQefARVZeHv``Zj=U6JR#ispUrYa{Jfp68EWJ<
    ~W`E)iV$eD!)~$Dtm4?g#x>ST}Lrd=>PsVBN>>?cC4u<)-O@;Bx?Q9@6I+
zyc#$!H;_m7`w=(~Uls!2Zzto=plOsprwguf={v}!ok4#s=;=f|5BSG|vkZV-vWvW^
z{e(e=S#OsJuJu!xSliKEi58ndk;c(6udq~GtK8Ib`#c_~gxZha8HD3l>
zV?A65oIww$S9}MYLEQ&|&v0o_mxgUuFUJRS#}hltsZ9|Gs$Z_0;Vb~8S7k}pEOX9DMDJV1voR*dTwUP=eS?-9>$-Svv54l7d(#7UqH`8nyiOW1@>JN
z?zjFd*|}eh;95U)LKzDD72rI4%)EA#iAm|{ge~I8{SFXZ>+NW7omdBY2K^rc`a6Kr
zIY+vO`}L3xqx|V4&+&c$a2`JV7VYvBa2_(R0iVGGj1QfsWcqNwv4U$kH@wDLob7cf
z=y`ZuhJ*XP>FDtgN(u)We+D0CJud;yU=Bm^&brdE^}85Uem?LXuL(bd*{9(}h
z^Y5#`>6FF(TqpuT`Sb8F%X6CG%Ktu354>D(U0;8`{yHv4QOn)$F7Tm~oHUdBtpd)=
zQ;q>Xc(C!`2A7syXTv6O3Gg2_vU=W;?IpODlRQOX^5=Tsdp=m4}yE><>P(fiw6p>F*TW^{cK{
zp6gMbSAkF3)aoIH`q^ktuf3>@u0tG0>upX~+L^6-!{<@_PQ8EpRm
z@V@{!4^55&{w;7`CUzX~elj5{e;(o+2YjL6`dy>o)O{=J|7OtBS&{Aj0dQUx#QG`R
z*Z4DNsth;xn=82L8>6>g*FA3ue6iq~?^Dpn-Ua>$@NKTNdVUc2r{K>^)5?Ia{Tt)+
z{5sZudH|myxPC8#7!dy(a0Z)ZyKgwu=oxH_^T-Z@YdJ5t*gD|0;9m@SI?Zhl{AS<`
zj?Z@d7&tF0Al`47<;$Qi+kwwa;Jj303GjP>(|J}N-EWorgKYuGCEq!`TVl~=R{qoR
z$H~JjUj`N6yH^UX-`f}Vy3wG26!@gItX;MT{sH(fxC85F$_V3A13s0YUm>`*3xm57
z-+rXw+;nGuK3{Mx&lAwEnD0u^Gl&PvpGX-WI`ff!8gO1hAmYpYZU@fGRLEy7DS(!9
z8Ju?6E*Zf|0~Rhh9rQc|*$;nw)X{fKtbVeyL)hQG%fn~G{VZR){jF&7|1w
zcO~${pEdr%*8T1UA0C2d|KC9xRKJVC)A(Hn0}n1m1E0%)^DygSz_%_jJ`9@Q2l!aQ
zwVZEVx3)tlCzk=g>QXD`yP$sx_yVkRrMtS{JK)bt8VZ3IiXx=t=jAxfz)t|q%aMrx
zS#T}SILzaNK>rHp8BBgB;QhuLe_sBxX(#(brQphE!HO;p7z}(K=o!R{a_@G~`|Imh
zfq(C>2Sp$&|JB!9y`6~i>?pW?FE4A7V!K~6=(onD$Pce&_@%^QKfeI<&w>vx9eNq%
z?>XN1^Dw#$EB9*Ty$QzW$kkSFGCjH9wu0+-F-XPs
zz?(t;K7x2|VcjKhG3a>-Ch6}3{YU6OJAlvMKu;$f&O7@}w0wPiW)^TdJ#&n|3EW?g
z>?{LW>*sFRt2ytN06z)q)-=jty5e$zSY4r5fFDCx_!9l%xb#J`8rq
z@jEXM{hvV3;7J@u8Zc
zyd-QF;5PtgkbTzktH6DGe(!S2m%-*ZA58?#OS3pGt_IHF3>?=V2(IPaQa5Vl_dUw9
z?*7J~!75qKG;jvZB)%LtFUzBx{{i^j+u8V?0{;CEF#Zf4!uj!5hl41TJSjNqBm^h6
zIxrsJJr6!paBVMMQptXDb{_g`K+j7a*uH-Q&ft?xDAXMJK;_S%^+mw%5j?K^pMsu2
z16ZCdq~j?c23uwS878>4*9Bi&d%Xbu2Z5fK%^eT?Y~Z}KiTv*bpXrdd><=%1op#++-0xY?^Dy^rz}Gv}=$~K9=u06dj}ct!lffFNf&MPw3>q>L_-?;7dVfE$S#Z_c
z8@5^3QEmzPi$TvIVAN+e62(CCR|a6fPc`QtdSu
zJcN?Z94`7c{GfW`yE<1G9|qaD7w?=2oR>Ya-(D}c>kqG3dA`B?{v7CesUYdU1HHc=
zx2<#lEk7@3U>_b0oR?Rz-kuU%^PTmO^{XzOte{;gjSnyRWxfXjXRuJ>3xM+yILeb7
z1y}xGoMZe&&2ztpLGSwmyb9dkH{Y$w%EL=z`l5a^!0E)!{`Q>Un(ya-uzW}3yLx4e
zk1zKo0%s5__LGZ%^KvwP?}Na332YMI^{wEVudg?*Ki%-X;V-lW==T&{+l$WRTLW(Z
z&Y&M`$5(;#avYA+ZD$xCULr>NQo*%6w_~62Ch)HXJrCI(1N_gx8DwlO@NH%qpVJ=d
z;*gP@?GHtQYxxNg
z1=sJ|=Eb!g<$0h#9`p<@%>M8+a9%Q22>Oj?86SWDcL#@qD3pvBT))>}*PjBMmmEoU
z?)Lz2UiK&E6!-hpY~#bAGJSwI1Lvi|qRzSBO5hBJ$$Iz#I4@rovEY8aYm7fH#oQ10
znSyJ*9sPneV83$A+k^ge;J%)`S)I}Il1M4^{1i@=R$oKK{P#$%1S7KmE|k
z*$n!npyy?6X93?<6iY1+4^8X=d?auNYiB#21l-r#-vI90<;tW0%AY}5WLj~*2Z8f4
z#9e`}Cmmbqd8rip$wQPsDder-%ALFeD516O?
zbAQ(euH|7cKvBco?_=P+oT>-#zVnTqhay@2dB6*Hv39uu^tS@%C10fPw!rxCa45^R
zKX6{+y%G34D7e>pMWzM1^K@YoI#OyvSvt>iK3!>{C<8da9-L;dG#4^2G`pM`OY}j`0!FQ
z>LFJFXK?>LP!FE~zpv1~D+xZ^9cO$P+imi5qgk?~>BuSW1W1UN6frkwcz_{Kx5
z9;SkRlM_*%BdkAj+%*GdFowRMe_n95H6WM#6ZHN*=FTS>e_mR`a#jK7C3x)TFAJ{y
z`AF>JU&TyLHhlA2J3C};D{kV~f@{CxrF%u7UjUq!yRiPxcYMe+o4yD7&9}4q>4QJ5
zbBg8b`^VN2$Glkq`ZERB^1Lv}_{eZ}zfXbla?9O-?|G`}6;nJvjmd&5AAkR77H|e_
zm;yfc1LtL<{NC+PGd{drfc^6d!L^=?zqN8+3O*}A&tUrW2fpTXIn{<*(}g6lkciZ{>xPH_ER2Fo0cS38{<&u8B}_!)vL9|jF&8P*a7MsWsz-5dN<
zf^U*r%*1@bwSLZf0`1tzh|UEc27Q!eg8MxLoR?i!1MhOS<;$Rq{H}uqXW2mNl0~5B
zWt^mWNbpUh-gw@yD_(j5^t@D?^nDgv`ThO4QG#nd@RA71hnpOIxFq)Pr@&|6f2|(w
z1j)PL!{9jluEKMSe?fuK*MNSi;98&leBA`x_q#p|d>A~I?VN=2+z)(;9xRfds3q?A18`nmu_^Gf-&y&O{=w+)0)C|6TAvJ(ya(`ef%9_d
zk-*;o&P!1^em51xK>6_UlD?qN0OzG6I{?24I4_5x-0O0_@fo<2m2*1ihYPOtf9HKB
zIQIo!2YLoU-w62Az^Wje4YtDFM^&yJ3a?K@IvFm%f?xr
z8NeB|xF6`R0PgR5z6G3@ycU6ew~LHFgU_>^Rf4Ph`3~oHcLx2Df@}GGzx2z%hr!hk
z0{uI{XYFD2OnKPvV#{~^T@6oy{EI(-EiJvH{d6Mo|m3;
z9={KG*Nv^;Qos5TI4=d-AAE*fZuv5J1nG|xoH7BVE_oUBysVrwSAM|$%uJz-eb9@){45~91^i!^~e0iD9
zF2K(O&Y({mkM96yFcE%l;nl{+-`AK4oR{Hk2mWsZe+uhCw%1R<8Ju@A=w~i5{vT%S
zdkcZz1f0QyCb1=H@X`kMx8DM1uwvrp39j{d*uU+2d!opvIwOr8A)4>lVXD1K%6?
zse)_&@%I6*0bW^W^*kT+KLY0^4+jC??^ff(%Q)TuzQGF1_ecc)#kO=}sNkCKEYA*k
zA?UBdKHc`*IJ`4Wq-eEW|H{2EYc;LMB
zW(x4@f&1q;HoDXJFo+rZ;WXe3j>md_S#a$?kKMGk<6Hs$8{cJoc$pj9eI9V%PQFrb
z<>UL;Jq!9*4zT*13jSY#z8Lx#`{yQiTfPkH6qFyhf8O?J;Jiem5d2pQuI0JvJhK7`_Aiy>|!wfxxF=z07>)3$E?;gx7B$1pSIzIy(+k;PX1@&)D7aoeaEirSb9i
zk46E1}!0s1Iamp>%6lP^UlV=mx7*`W|8NYzy8UID2qx>fe
zuJ!!d-PS=K1OFo(j)ze4B>3=hyN~d*WWSuwr?l<
z>k)!$J@7KdEAY~zz+anh<=+$d{*M~He@=6W;QC!pV4~X|^bdocm&37rKLySp#lHsq
z&_5Y}2Bl&91_FzbojU5ZvhrIPX9`;UnRd05|3o}2-k!M7_we?4#p!5s#?
z=U=Rz{qyyM1lRB4rP2#Q|1s!Sdv?E0PZ%HHZ?;%)<#XSeR{lEhc?~#&2<`)XvJ7OU
z?>*k=PXoSKaP1FUUuAeb@CShR^Yq@ogHP3tYdgxVP|p`UrF?RKuL`d1{ztFfzZ6`{
zGYoQj7reUT(^eio&d*fAm7bR_F|WmrJ~!WMKws?bFFXqT_h?_ry`O-81UmrbOu;i&
zp1$zMyBS%%DY%x$mm8g*HTuutXI=pMT?AKp1`pl?c-qnDmVYkjyJ9}&_}U_?U@Czdy>k#S8kqxxaG3^}Be9Amz`hJoNql
zX7m@s4nv-0g6nvh;+>Cf20brlC|
zEVb`tJfgFJKl7RO6V8Lb7hJ!W!KeF!Pp_AZ|D!({pCaJJf-C*+&yCjqJka}op{IfV
z#U`UC|L1}862_t6-|c1N&&xbN2R4tkGaF}1A)&6{>cm0j+CGG39fQ)
z1vw$(J!Es>J>D?>OW}un5bzS}w)|A2mSir~uU^Ql%I%9+jIR6e=C
zMu*FM@raGPc~}pw06zM5<8w7$eNJ%Yzv4i{`vL#eTZTUldAl9($%1SDY50%P{|e;2JqQ}D?Kme
z=nMQc&_9Ft0EYqZ`;O7SznhhRAK>Q!_xDL323~fe(H{x=t=>gBp(peKK2-3y_Bt2z
zyexzD{7>M#G=38Jl)h*DcRs(1L*@a09yl+3;r#fq;M!gOFOH87k*%ThW4<2`)lCG1HY%2m6Q2i0(=|HkCe~<5M0Z-1mkWt`tA3i
z|M5`c!~TExYNPM@p5^;4@;zU0ZFfJ;#_Pa+Kl3gh+Ppd1vqNqnxbpcN>s;1D8Sp*5
zb<=0S$1SpQQl9tz$oQNIy9ejBX~21D1i$Mx!L=Uz_!WO~I6g9z^!V8L`}=5Pfd8)4
z%0u~cf#AyDKfiM~=1qE{x*GquPU(mXaC$E_?}}eU;1s{4}2x;36ydR2I
z@R`y3`!bEd*TTAn_3$?EigSz)zi~@ZFtq*`B@7p}#QhEzT)%fwf2+?Sz#jq5%UT8l
z@AEIC_xAy(2(EhIP;Y;>PH@e4CiFCpyR*QDmqSwSt^0-XzhzLgeQSaLP-EpUM0xHN
zd{g{8oIDA7UhdBN`4PB(&TES=@mc^eYBN+okBc`0}4BxR#%nUKfM^?}5)keeMK&;J=OD->1GA_!gL#_Xho!
zf@?YFJz@33cG>)U#E(ShxSHs64-_8DO
z_4Cw?R-W!Gr{LNy+dyv51%5i{S0jGQzQC^s{W_2vHvk{{qw(RT=^S?#0q128=Y#$M
z;0vHX{08`2zNEuwaZJu2Lrzo
zaa4u@pD4I%uOe&TeSkj?`q!>BKKlayFX(xhVGrP2NZ@bfGijvJb3Qssa4mnAXAM6G
z<-Zy9o5GKMGWfjf=3c_$h@(pG0|H1n&FI
zj$Ft1@UmvM*U`XlK>0a;{T}$S(7RYC-Pbifyd-Z1@@)dX%_i0#C^zl}K4_kmlk@WK
zU5(GBpkD|+PYSN>e%7T%|7+lV)-!x(tOxf4et_UwKfLsfy#IO^V0ghpzphpmM8aDEV$;&ORjbW$s*vq
zoQU7`3h$xXRB}o;`CR=zTryGQqXp&cnGF%ERYCKOgHa%9+F_
zmao5$xu4+5XBpxf-;eKF0Q$2qkM9Zmd(dCsDBN!{V)|0OIy{JfV&G(}k%eM&hCj2S0==nt1b4g7XME_qUL
z9oJL6_;nu%uKD`@Z2h(|-1j>j3H$;0KQOO_z)zZO<>5NzA>cK&hI9N*>Sg6w?dfT=
z1lRJsHpA+N>ydkaPnm0cs6UU{*60V#H=KIN8G`Hg-r)JM-{f$)HwXJ=?4M7A&l6LP
z5BtN8+Zq4wPqXr{-K&6K2fd5q>qg*TVV>gr^%n5c&o(}s_t)=j{C&UcA%bhaT8Vjo
z2Q=nkpg*J8%6TvFzc~7Ei`&1q+}`*vfnLY<8V7th{f-7@s$=pTc!bqu^RUT~`}@6X@>;
zemM5QWth0%zre@$8{e|8@#iJqTwe?Tz7+ciY~MqGkLqjn&w1(*;LD)@Q;w~-qw(M6
zI4dXhqRGI0KjCG-7grj8(mxLT0q8j*PTg;de#U=tqtRCzoH!78732x^(n|%`aj^j7
zZe!5j0s3yejn7cvJ$ABs{^}zu{~pM9U%|C~zwc%A>^}>D=fq0^zO!dP{0#VNZ@**5
zovoa!yzx6!aLu>eqd!Yu0U24W~SL82Ck<
z4Sx~k`49M9hy9)5z#lKLeD}inDfYK5lg9sytE~SIGIoi9!2NjFiv-v5PtVx*_5uGV
zfHy8S2AnT`1pX%GedtUTv|9HzPzCtk3w)dR
zjGpV$7r@`w6Lu@Ie6KyizNTs;*L;@^wDQo7
zdNSz!_z%|u_xINBZ#~|1U&9L^uc&WS
z1OE}@t`2-|0{$ZWD=LA14Sc;hRvzl-g}*_6``YlHpdSnTqE8JcpDP8|a{BjEyb1i%
z9jqQs0iTgWjeozl4d*zz7`VSbc(35f|AJ!6m-fJKf&1|xw;5*i{yj1kg6lX+ylMF|
z4*&VUH$^;W&O1+n&okI(Wc_SB-1z(V`-}rVa5Lk7I==Td;IC|NIOmJ4Mp$`jAh)@`
z+f8u&UjH7J%YaW9Y<%W{{{|zC-oNK)AK(`uupo^?R2PmZK484j&$`0C_jce@1lM}-?{i!X+&|~_BJeMEvhSk&
zS$l%nTJivJz>uTXxr``C%b-`{7P1ALcrj1TK)CGc6}
zteiYYzuP3M2Y|74QCo3=6f^n<1v0|Z|ObR=>2={P5{2^mzFR2d@Hz~_dnE&
zKhv$$_vavU8EybJbaP6VIVf#18p=tl$J{6ORH`zszQxYo~W_CF822O
ztezi35$Xije9xH}t>=}%$6)_x1nBoY)ad=V6Q=?HbXb(n+rSTlJm`CIEJAKh->
zl>+~y;94I497ieWdtYw!GX1&VT+m;zui;06&)-WP%^|KYIfQa|6Y!uX$z@kss!zz=}Ei1knj{L#a#oSg6O0)8yk={?Xc
z>rS(Lw?E0~M_7_55M1kdTL8@WV$hc(9x}(*qHoh{xeJ^u(
zZamfJ1lRIhhV>EUz+P2``~D0If&2Hdz6|{6QtLmoV{Di)KK?x^`v|V>G7a|Ob5Z^?
zfe*UR_*@VCR`Bunum1!5AAPKXSr5afTfV+Nc8%bg@5|7usn0wD+&|Cq2KbDI9J>hR
z*?ETX?+g8zdcp$WRY@!VaM1rvaJDrdmz2%4@_cixmA?#syh(6vm!;^3v^Q>44IKV&
z%Ru{XF;!{pTh^h
z4>>wYzhkZOUpC8d#!;UsxbkoC{N+vpy?<`y3E+q0+y~3Ecb)NRgx?Fxf0*FfzU9!X
zxn6q*_&TryRN{Ll)EoU%*stMw@Lb@TnO1)KH$DfvpC=!F-C*Up^8=$V2mjv)uH{(;
zeS`96De%W2&)I*z1E1!98J|PIXY?FfFQ4M=6U`J{`TKr2R|(F(2No__3HtuE#$U{y
z_G`5A@9>iKlauYwi9+BjRvLaA=xd0tYlO4|pCP!G$B(1_H_$KmoAKEm*?tas|2*1m
zP4VR)A-M9NeyH)GUb+s+H>@saUoyPO8x
z-(P-KaP7~J-)Z!#Z8}M;KhO9q$GBj>nkcx^pL)E}vpfx;-@qG3OM&lml+hQVobLgj
zfc~=p_{{m1?`W)-Iq%#BeExpMrx5f%0zVgWgX61Wf$`b)L!+Mw`a6O9`|n>0uHWUi
zZ?}cU=Q_`>ezxFB|2_O{*^c*t-rt|
z^R9c8@mUT3`D5_v9N@cQpNRc!x!_vQ)8N-v3i|brHa`8l{ksDNkE@3{p!fIRF9z=4
zBk($K|9;6WkFk6goMCcfI?6KzxNqNk3iwMCjh=FNi(`$Czh5&CxW6C$DDduB$5Fq1
zL-4ro{T%fEz2v_>&g%2wbF4p5kKG6O)ElgvtMFZi39jw#-@|wnaQ{Az7lHftVRb(q
ze2Oezj_X4N*Y@@A#a;mV-@z`*Z+sZIe=qj;jt>eQN+z6O{O`klH|=!`1=sKL?^(D6
z_(}b&9yqR7fzRQdJ^w@C|9~9eIND&5<=gLD6R2OKOhbT|zist!>RR@P2EnyF{yp8#
z0bgquD-ZS3^-csm)}h=7pAOuQ=W{>s1ool&pgg@#GCsatZZE;LU6%aS@|^|xGSI&Y
zc|v_`Iq;dVf6~tLI&lAd^uUuX->soHvVG47erU1P&jXmRyPRV5CqbSMMR`sXT+3P4
z#mY&$^dCTfk;lK+sm8~*o1FyQzX#+?!PUT)czb&}d|L0!)
zcRtJL-@tls2K1I41=o5Q4gHpKvKhF44(Kf4AC0i`kbdp6jnCqv45!=}0leI^i{1p>
zzZdvD;Qqa<`z<#9zCX_ug0rnrH7tPPcXkM!Ak|_#PeA$xYo~R
zt8IMIfAW6dFGB8dALKLOJq|E>maXJmcdw4AR1Ujn}}`ax}czLn?4x2=79p*+RF
z*I8ot9PnQxxR&!O)HC;+o)cXA=MA2J`^Vt3@#V(&F7Vmp0^{S~1O6M}?@zb#p9cCH
zfd2#Q=nWtb%PurN|HS?R+vQx~pTO=-J!+kcjJ{-!@u$410e-`7hF^hvp9kKnm(@c7
z@GpTchkcCgwbR8`pBq1A^fE2F-!Q>9!MoukEx6X_Kj1IN^4|d5zu)RT$3M)${#|&9
z@j3Jq%a`M{7WiAR&zyl*9{}DJ^GJ8#1(zD1+vgY`uJ`8&-WxRGVfS$5BQu7jedO;^$NkYJpR4Uw}JjxoHt?r{1Ui-
z?tY6U#^-|Wmhak@B*qD@^?5M%c_}B)2JYWS`84q2Ev%gMf7tUHvz;LpPUg!Qx2jYjX^``ifpse0ox
z7v=c?_)^T99Ct&P86W?isX4&?d(-Y0oMixOm#lr0@$t_A4FkRv4q%;ymsSE#K(8jx
z-ph^8SJ+46I64BjZ+CiLaFqk+eQy2pcC14;xY_vJS7-Gw1^EsKKB~Lnln-YEKkL`l
zZ<|5?Eb!vKh8F`*R5ms@HP4+sy?X-qfQrYmde>oQG=bh@fOJ)@?6
zT18E|s=26jnfg~YG$hgomo<+|4r!>)RA%N^H)Yb5^>t0n
zjdLrT@uvY5H8u5>6;eXsGsD0^)idhq8#D4SVc-~HI4)UKSznczR9{`!TwcF_`KaR5
zEdAq*{n^1+$u6?1Ev)533dx}mgz^^6o-ntjCIlo0*H$dpzof2t(7<6$
zBkSi*tI34^T3Apuw?V3CQ<&Rl~JaqNxe;)H7Qzk#f_PoOhr>P@5*e>gG=g4E9z!sN~)_GFb5&1e5Q
ztEIm#SkTg6s~5)nHCa&7BvqD~(O6NFs*>^yl+Gkwrdb+DJ9xD=w>(MDuBfY$ZYHfJ
z9ax_Ws;d*}{l-lkK5U%4GIv_KB<)7PJgrza0NmsJ#%dXz7!d4h#nnwC>ScV@*Nl*s
zuc#D?RH!zRg>zkZM~yBlofQ7#AZe8eb89n=)s^F9_((HPsw@jvSK&YzX|5~hWFl>o
zt@J_}TJdxR+PgzdT`Zqn*D$SdHhO)y&lI>1F0Y?Fw_b#c6?sDR{ba$Yil*iRT}>nl
zT#Z=wD;+zbEL~*(?ys_-M(VplBp7;mvaqaqVNIs0Bd-?Qt5Tp$MQsNd6b=|Zx4Ncz
z4Y`a<24ca=@C%8B^r+Hd<5TI>gpp|(IO+W+?4M4J1~__Tsfzoi`t(fc#5I}3$OHS!
znC&kjbismjL#9#Wtkiq+!t^|u7jz0pxXzzQk349?u<<1${O&RR8%*Xj4dlni-3^lWI?)2L_=kB
zvZ=YGtVkh9y+V_E0;L9I>Z(%nv{yv3=!i@$N|!YcNtaZ~>?R)^%~5j~IjcDqr^lx=
zjUupAf+q*?v(j}k7dZ+kjEMGvbh;+9pt`bNz
zmBH53oK|U|Q=a?{b&;p421qf=2B$+aT~Rt+-_VpSN|)$-uXBUrCSt8TT{c`rX4!~z
zxtp@;Dr$!g-EUmU@DWp{qzCjLXmwXqm6qx)p3>r`Q(d~;)_DbqMFldi33
zNLMtcr^(!za)VtOHp%6Al}Qv;h9HrQ+}9T1;iIH{s}=CH;YBI)azQ>l?j_kHDM{B!AC>B6;{RAXa(
zqnqfZiO|4CGGyXhRNoLsR8lv+K4|TtX`(mQS(V9)?Nv?&qnoEn$4a$Dx?2CjWV9M5
zjb)LeU(`aC42)Dsb25-CuBluHRKX#=Y(aJH+*)ZnCxN7X3(})S`?4-Nu2$wT5$Z6JzU1d
z;OeH-oVlVl+rPot)AczzIVgG~=cvMG_YdY7{l1zBXM^S;;xb
zE#jIhW~5}U48JWs-M$A(UMe-IJUwZw_UmD3k$g^4h`QP!Q?bmmF3UjD<{Kp`ouX}g
z6zdSNa>un}iy|<1L0g34AiJ&<*)P&Y7kt?{d(zl^1Gky&fFUdr%*hyOsX-`U+l8}a
zt+SdfX)78URQ<`S+<6sK*D*RWJ&6*YEF4i^t22$$cL%2GM5;>r*#D-vrGTmc?eDEs
z6bsVVax|%q6jrL$rovxN9?Ey88>?r`YD070#(aeI8=M0yH$$r);OxMzSh((t->L$3d^a$$tYQKi%)1Jl3n}g_$yFN
zSyXV*l>&Jf!eMJDqf3H^TD|@N6xF=0xdcs!5Bsl8n^^w7|i%=O#(3
z(rD&RC3U*|5Ud@_W$h7JIygQN{i!2;M*4`(#=5+-$zzC$w^Arq)^j6cG23z1utSBF
zZTXg%MhvT`LJ_;x8BwU3;XIi_ZFEaN*7>r;tt-5G?!b`Jx=|Bjw#js0%gROSI%e5Y
zP8EHkEIL(Cg@w@!5iihv!_&V^vJiP?&cp_*0Os#Jb4x2-Z$z@BEL|cUG0=~shDyhl
zW6}+TcRqRGjec#OHdrJ=CIPLblCmLbRgQwG3B4&iGzX6oJ70a{!jT0X)sqK76_ABV
zbaih_E^Vh|x?Ie>us-PeXN*+1D~vZwhy+z7W2VdpB0Wu+v_cQgN^UiPi8Y_oP4H1!
zlN_dE$ypXSVlS1IfN8^d^dvDDg)_54Nw-*FePB(;S!5m4anp;ML)@e;-xXs4P!S^K
zEe|Ac&Qe_7%hQ{4R~A9Pb)zF(JD^P#G|jGVC~K$?ZJS+3lyq3y(z7!QX><||%ci!D
zh{tT_{a+c`WY!ojJ2vyR)6~xu9XF4yP2pf1XDt9CVYmni{`xbIay5xLGoUU$b?KAe
znx|9tNGEjMFhScDi7il#h_aO=5-Mx#o~HdhW;_ijbk=d`;=`uPfO6)AiFIYN59hX}
z!Zvf^B83_f^aa_y$~4NZoNQGzW@P)XLJUmP@>HLwE~RBr(@nNe1Lo;2MtQwS=;1|f
z=PFfY3jvuaDpM*HB6c5rIkb8jP?wpXoyKEy|JLlEwt@;&eGxDtb@!!yp)&+H8;)e>
zc4X=oicPZvQ(h`HPvp@Mo4#6XUCt8mvQ*kOl?oO*zmyf+4VOyM;F~jU5R{Bj!7YM3
z&#)QUAQm=lmB20-U5o34uLaL)n2~|+dZ#~Y1dS$dw!?t0Q;l2XPmr~ZOj5&Cy>lOt
zzxZM$7$w?e{LptFCVvxKMU`xSYd2Yk}RsKRy&niT+`0jDyo$J
zuSIJ{%U#+xZE%_lD?)=SbbE2oK#|)`4YCE&JRM^uUD&^{e^GY8g%m)VB7U*faOMTK
z8=-rd(Y`dVwa%1(h@*Gq&Tvjv1fM!2wV+Zq-(?FG>R`K#&seUmp|X%nhNm7~K}r#2
z@g@tUl5w@k)EJtMWe-vY9kvkjF0gbxE%uFOr+&$XgxXR{rbyS5(dWRDF(Vsf-60*`
zto@}BJT?p1M4>B7%MFThs9R8f6m_jyq#d_SJ0$qBjS=h-z=$EEQ=m~IWai3Vkk+)5
zi(#7{EQ0BZ!V;Cj90sv^x>&*3}oM>vpNB(o2L(P+}@YgVmHV!da^@TRPoH
z+CVf>-GQ2!sgbQs*OUVKE2`||8*1Cs7+E?afc^GSuaci#Z*kc_t~
zLA#37jcn}7mXU2%IO~PAWZa6pZKK{_lUs{qYa>^8$F7mES0@u0?6NOjV>;=FA+a
z-xl=cjx@I#q|soWxg)NvISypD3+=q5t16l+uxgz!wj+~Swg+iDlpnxBXpSQ0
z1d(WFv07Pnh)2w5?hV`Q@1U`lnw4Z5ZTLJ^2CYurL!|*P)SrXBQt1O~^VFUS8J4TK
z1WWU2+L?2g^v+F9X9Uq|tz-T|3(-&otckaTd~;ws6r)vM*TejSGx%bejf!<6&!+US
z%3Hl4CH_M?L3)jqpKIQN1pYW2u^8xKjZC_iKM=E1dZ08}iQ2veCoBE&XX%sFWyvkpcA2t7?u`|ZYojb+G{mN?dQlZc%aQ-e%#~m2XthS>FM1NyH0OUwBy)bb
zl9g8CZJ=d~mEw6ipmslOZ)Ht8!Kby+iF=S)h3$F)l8O&TJ`?PRtEap9K$xJn9bIDbTIsFb0aKh0*|_+${3gNzeQm|KU+pRtm%wMQfF=_BC8?6Xo3G()C;|uSRQnfnfkS4zpb6|+
zvLo0odqqdBT3M+f`gJ?qrrIDZMyWU#<;Jw(ka81vO{sp9XAdqrHHYTHQt6n^mqGin
zZVSl9pDHQJSmA^3fXqy$
z#6D1%ucTNDzqx|CN-TTU~J
z)D4zyVb#Rbgp!4JfXR$75r-)4_U)bPT|a?&CwCLQSa#H^rNpusm^I#N4ax_!V8Dv)
ztDYIl^sbm58fyIZD!dULH+l@Ga6ovEa(G7EGo)8wTwGg9pW7w?@AlEY-eRl(wpWW+N?i%K4Ln!;UCtP>73&+
ze`Y2Va{Fr3H7&^2D#JMp4i?jTea$@aTMM0k!uMM<=Jp@4B#IVY**soOpm<$Kx+;$>
z2t&sprc^Ds+lxw(J%J!P@*3`}3=EvXX$KU&kM0WGoa>m|A13nF8pYS}iUUtUQN(FJ
zZA&j`LA?yyJmfqdPFx1eeP8Cd8AP^%RO1O&rT#lD3zHRP1`V4MU{^(lnLZXf`&Y-lZ}NV{PGYT!l4JPfo-)#*ko7RM**Kqr%RSyQ`yBvV7A
zE%J?RzMj9gx_LLWiB}QXy33Uo&fF8-w+q~zqV*rrj$&4lMQ*B)EzA0_sLRd`F{ft+
z%GtFHJx*LTxMt5zgq+nJ?Br=OSzYI*S5?nCsJp{v`3o(_<-CI&*qh#xL%Eo-oQp*3
z`>Ae|fZM4mt*h%wX31xZ(kfl4&`qPRa*DZ+D}%(E@OWG0LJTt3tS9nwZNyQ#VPzOa*`=%GPMIuySsr_~&Q{g}K3$_zMk35vy4jBpDo~
z*ucqO@Qzh8ztsuytoU`pw+)A>ig}ibQ%APC!b2tZOjQe0U+#$L$f%bUNRCS7Do>XR
zx!W)3=fMthJ|(1eUvo27hlE0$92;BNp>GmB#@T$`^yHeXeVYX0TaoYZb7X+|T|eBG
zZPn7Hc)yf65lcVGLF%@7W@G()5lB_$%NaG$qoUeqHT0~Fxr@V5Y8jRo67FoxcsW{F
zF(cEI)dXbyQ#rFS$A9h@GoeR?g!GMEArb5*4{VxW(I6C|V^>)`PeS`5r8mnSTOlYA-hi>RrTxw!>*>Q-iHHG+%(oP|CZ
z=KRaB1uy1m4ICu^#gQ8px}*VQzC~
zBpkMNvNcsOzNFdO3Qdra&YAUUaGlfj%lsWEj|5DGm;D1}*)N_BvCDqz4AOFH<<8TO
zvO=)E)?=B@)kmIgm0}W=Lb#oEk&^|m?*%8(({k26D1{YF{BGnW1w&O3ryW_*Jrh}I
z85c1}Xd{K}%TVg&B&;)FmNJS7v$kFtvi#ElCzt>oMONGmoIkSy8_g|jUrGn@mT?_Y
z@Iv07W?yN+)(mr4xKOc`*#XN|sIEgx=7=eGs(dt5j9S1_LG9JdQ$lzEv6$i(8e%Kp;nI^v*a)f%cNvd_7^5(7BuVm
zMg2Mnw^v~*QCc<~DrXKID#4J34KGP2`w!4zl5K`Ok|EHIU_BA#t-b9+&)#_74^M?}
zr5G}o<~XvVWRdo8m0|-mXj9oH>rmt^CzaZM0?w*6)Hi~7zk=IbvZeR*oGsb*jD2_2~$Ol
zRpLnMc^}$fgkM5*$a4@#GtWzi7iwi~Lr$*wM*t1{CZdC-w@7F;B8VklW~L#Tx(W&4
zny#K+GNq|eT3p149O@M>EB$9(eY1o-(A7=4x+!f(&T6V>XLL;~lD;r0s0*bO=#$mL
ztVA_ic}q4c?XMM0P2xza`M5vHVG!9wQQK>9LTzB$-16kDNL;7r_EBuV*3861So~+Q
zC%;;633WP*w5zm&PHs5*3km8=58b1K>DEhStq_V77gmgls`ZSf=|h3R
zKfb}G#>J1gzQG-~WpQsUtt5Fw3&Sv_Ka)Y03CGEsxJd
z$j)0TO^T&|Fl0Hf)Hk8S9=;G`p;ZGXCRb-zb0&*rB6X%gaU3bNNIY&4-EO5U;^`9;
z!pDs)FNCC(F}9}%rUSO5D|Ox|UCE@|6NP0-`%hW3de+7YbKTq4!50mTCc_+I&sRBhqqw972IAlDU_*r|g?(43#R!)@H*1nNzZ(>q%#ZdUv2~kQwh%Yu}+0Yx{G~*IP
zAvF~#K6nimf-fz#KTR{U==ALY_9R^ib>~C(UxRDo?p&dFmZ+i}QN>c=kzvV!UE@GYt
zjX>h3S}r`u24jk9Gua?a
zZRyH|C8aSjA*AgCC7_LGVdQMRjES59;l3%aRHXw^$Wd}qS-leyaq_f7#R{rdM0ETt
zOnoH3Oz~=%FSw5jhrgF*b1EbL5Q-|CyL9hB73(CUdt)+6vWwZ42WjXmhenpsU7lJ!
zrDokI5=kLDCq#DnB{agC&I(o?F%D$y4~W!);Lllk1$7>;6vualkiAFM8?pDu0v-zx
zcA)rSoRwW@63ZZ#n7T;lfWA@N@Q;X?a0e@tb-ym@4jMLooCL;b5O?co)f(KN3mjPv
z#fQj_wy6clw%#foF>o-Bkp+|@c_PiZ{pFT?hlYiHhr$MTZ{D`==N42*JVreWLZzM7
zQnun?<+&_@b&+@>RL)c*IGh5h7k5Oua72do1V#O_b3XaSNqo->?^KC{s#D`~_Nu~5
z+d&mgdLs;*p5M`mp*h^;*tRmlV|=(J@?yS5S5v6^0_vW->~ajsBlxX153J)|Hj+>K
z_iQOt<>hGS)^OE1`YP)-?5LD-v8`2XhNSb5Fa=^El46auxUhLHUix@bO4LSb$CYC3
zq#8?6_YCR0BQ~)aa@SEtFA9)8?VDFxke7J}9H+O|6hKjd)jk*mTnS9v@iqv{k6Kh@
zV>auL4fA?7s!aY-B#rNF8?rm+>$PsZm9^&&R{2iZp0{Vl%I~aIz=K9i7Cj)X$915Bn#41;_h>u_eIw`aB;fc6&MU2%Q=nf%q!=PY+WiUJ)#Z7Fk
z0@U^(3Ta?^$j)b|_JJah$H{$r5=_(S2HI5C%VTT^y1*=UgV{y=qJ1H|%*?Ys2-$L5
zS{;m)rL<@?HHCnKlWX-2w-?BB-s$4pC)_*JS)o9v8
zEl9?WbTiLmZV)Z|>~zwzLt{1TN8q-r7>O<{FkOIoQ7@!9>C~0~baoO}8rjQ&l?Law
zZC9&3w)Z0Oanu!WD3q%!c-|R@(q4L0%-oo5>e$bBJNzMG<(a`d&=Oo9hz`pYd#I^n
zY~CF*TxC0_D&t}#uv0p&%ZDydi5yW#w&lK;&=Cdn7;oP|!qfUUzKH%I7Ir^SImKL9
zbO@mzxDi4wnDyGGJ7-sj(mzA~Y*~H6?#2)itM}A7p&2N*HWIR=aqfs3hJ?XC^jtau
zM&~YOqz476p`B*s&O&$<@2s%@E7c;qd}^;r&vn|Eop_N~YvSFlYexynqN{J|0YPN>
z`Eto#aG_A{WG!Y*X>+F
z!qec8ilz}^A!2_^#+>I@<5qTA5r~{N9~H&|L^qFBh3fcO3TLUoRa}L^A|e|=J}tIC
zi-MnL$E!4771L*0eCo5T#sG;@e`>
zAsO`-ak+Y`pMJI)Vw}mKa%M)ZW*1wei-qTA_DZ>4LME2*;@rkM?bIzUq(pnq4MHZ8
zQ1@io5Qa=llUlZL7_y&7T@agd&LLHABLlr7cSJ>Pym})o&sxO}hxW?{XBUeYRtJf_
z%vJ-kktHEr!|}RX*o%pF@SKAcYwF`5hglGjUq(h7#ZcIy&K{JDm4ja2RbO1GB%~peE2?Xt4`nZi
zkrKr$OIlRnvKm>-cg#yaaIR{F+1*(;gW5D4-z&9(evZXp#Iv~ACOXq1V%$KyZ6Zg9
z>9eIvO-0^Fzffn%=xxSw1$T$8E`gR4_P7#lSr#u=VeM6a<=t8}m=4H2%Rr-iTr*Q{
zxY9UJN~iI6WU8`5$eyLzyMZ>myrq>_tysb3=Hkw4qAFLR2~1s5xLjLU5T7~LgIBKS
zbSGY%dvvQAw0e5Rob_CtnJPa><0i>IpSGPfY&bFx{Io(^Zb#}@rwz4E2fB$=gYRkE
zl9NK%7}~zuX?~&ga%k*FPGm|~mJVST;DtNPV0XB}U4Z3`g1=C)WSGlMeG;2pj0WkM
za?h6TE67E;az|R*lnz}um+eQTLs}_rZ$MhIMMI1HJy=gjwsDa(qP97qiM4Mx1TH%<
zYuOgIX2O>QwO1HP%Z?Wh^JZP6iN8oH?uyaCR2|v3g0b4BnmjflRXM~JD9)9%1t%ii
zrHFGHm3j+0QaZR8Cr{Q91A`8BX`1#{4%EH~tH4$f6y@hNO%*1kL3Dq0f^4*BuTrF?
zP~-?sMdi5=5tCKq6o+k-IeV|%Tq71T@xWeCF|B%DQaXIPvPSd}cRij|>hyYvKNdYP
z9Uj=l6_Jpatr@1ArlBIj#jVV0b|!h_X1Q$4-&ijq9bVyUsM_DAvN5fqITGMexQd=<
zL62(cXUKg!dEKU50pdL=!&2M%QHCr^q0Oh_*%QR=O=2jx0i*(>y?R~?1|_t9*k{0Z
zU6CArp{^UOlI-kfV~Kp(aMcqQP3U`(h@|q%380Z1}^!N
zAG1aVk({nnZ$>#LDASN!K&OE`rpekLI`z-DV=N;!Cmw)qB3rC`Y1}s2O@hX1$;m)E
zr>FI|HsYNrI%}T|2j0!&;TbCh0u55`BG75i17R)*a}
zq!0S%?3!5#9c+0dpuLh%}>Zzk2G}4l11v?rjN#q+;OY%-ld>}RTRu
zkJ5xf>zb3CCyQ~s??{ct>QkXl#8Svx63Pe444#ttrUM`7q-l0=CkML&Wx2=6LjArY
zU&ghTC`J-V$=_}ej=B9MIyM7Q!yT}2f#S3&%~7i*>seP0dJv!NrE*a%*?Bipbs2=G>VbEwTJrXEGg^1-B!*Yw4u$@;_|^
z%|`0JqqWG@ldymQM>M0<-#O`iXTZ&x%A_pBKzCl^Wp@#O{gCgza
z3_;djxU>Shy?STGc)4aS(>Ot*l81tkI-9c`@y^;7gX@qZEuD%Rl0m=pNYSk*e%d&a
zLcK6ppBH2g7GibY7WLO{76r#~-AO<<6hn1YBh3+bcm}aH<10Ka+-4iUi6+kWuj)+t
z$HmdpPm$5!c^=9|-!amdqAR?7lJTOh6%g_5wIDe2ifRNk?h4vizlX4H`*ThAEh)f}
zgLhI3Yvy4sb%WbQRe1kGD@*V2dn+R;Sp9YIipuPq7QYvQ@tZqCgyUleo+)k^g}prg
zmk!_Fp0o^N=K>tDe#r0$wqf&Z9qJG$nP+E!M6_Y1rhY68+B+_snMds~Q6LjzKr~V}TOIcciicJ^YB)ASqJ})E|JJ6%mySaHt
zxhKt}?L`vDim0_$;e#Y)X|@MQq!_Tp5ah
zAFVH%3j)1D`!VIED(}8GRi3qT=n5pQ9hkHk4k>2{q|`>CadCB}kiDKSq*ipKT2XCI
z|3S3NW>dBGjfo>q&+HEa!mKRpv&-OKC>A6jr>?(_^({@P0
zI3pu;p!_4N{h#lQg;C*$YdVox(22!%P>VlBLuq7vscGlVip!vrhD3j?&KmS;^$QNg
zK8NR&TbfD-3t1rJHVQi=##&O;B+`9gsnp7Ks}A*knP1UZ6({~|RBL~abSo@)yn
z@w3B9Dke~AEI*r6d62ukv%PMFxN93H#rm$ww|RYY4MuY?9(AWEexoM38|!V=@SuQbkD#(KGXf1C!8k
z(jYu&s-iP499X{k6YWxNxOW27>6SY6x4#uoNm-++cVDCXx~#mVB7gzlHWb1)RLfxP
zNMnW6maKh9X336olK~c03%PWX_6X{ndVlL@d~?-37wyB1VY`#r6w|g2d(Xx!SC6|;
zG`c`BMj>_F)%DLMm35vAoWNbAgbsQl&5N-Esfr)?8DU&R&XHTtG
z*{EAk-JI3&3;P$ftE*88wjdg8uFDScux&bbpIj;~&IPRvb9rs8n;nDi&7D7OU!o>9
z7`BXPaabr-5iH8GIKb35xeMJSwzRZ@F1A~e7BaA;cS_vnRP^#f^OY)VZm5Y1z-@Wv
zmuP{XsJPk+dzpsK$3Y4iRTuLJ@jwj-s6&BWWkX-=_)!amO+M3Q;F{Zt_zOeK`357~
zH`njAJ}QcatW2c>toL~3%m0a$@-4|qxw(SjVk^}cB`p!y$68p4$-8T2x)ps>ID#mT~o
zCWOh6yaH{ad9VpMyZi)vrsT57*15=gmy69kqBMr
zi0(G1QLY=PuT57}R*G#ga_v+q6!OE<{nR!f5?buBqAKG=xfh!tydG$CWCC5$2BO=U
za9R`e>V>4Pv*it*<7``{eZCB2e#4s5!mj?1aqL<`qv-++sx24|W0^{wAakX;`MLXKf#kv#xa
zS;R?9yiHrbL^mwrV-8!%tkaP)ss#Pz>w#+x?YlAV(k+ZR_OKk85SdzG5tRz~IaCUF
zCGh`g?rUNr%d)hBzkwDEJq$wh2sM;o7>!^^Iqdwi*mPBvYsOWTl_oR$M?#t)Y=<+W
zE9`JZgq@i!7R?4Bjf9E?qZUF!{0KE0m>sk14H7%HBe5A^hcwd6VvrCL&3FFpJ@>wQ
zU%dBhmq?W>?1;GU-FNS~=l4731Vjb3aH*L;WYj^~dw+6{;6~{5(~+N~u~W=F^LTbn
zF=9WLEpeaC+y=#E2Y=JW)g>R8v_zK=3>o8+TwTPd!m>G9Bo%ImW-6G`BHIjrKx2Qn
zfbK{t`HZhO_Ti4WC8CQ@Cs&u3RN;MjMQTx#%@9G++hGdqhTx7k$}CS8M``s9QF0%2
zE^8
zo4moiRdOBE$aV#c_SqHTz7q5qD~bIrA46y*A=bN2A7UC&X&Ms$3&en=y$baRIfNm%
zo81J!so>f2kPW%wSxUF
z#ybV63ZeeYv%+lK!i=`$L(~%550b49P8PGNFcTO7p@c;6>m*RW+H(>&fR!sP*WfQ9
zuf*Z^0G)}*DTU939%@pD$uX)&lpds6Uojxi3|}j`86vCaL5$qE
z9@~SZaLl1UTRgzNbb_-mD?|5d>Q6ze42Oxer3&Br%8%GCiDNQ1mEBqx40cP5s;Y)Q
zgoHb&^yUyv6vm=bW4ekN6i!a(nM;
z!3`F@(l8z~Px`gx0`8eR1mYuzh{IO|;&YU@(RmSmgN_?Mj7tpTkXlNxkzl5{&*@H&Tv{k}!7Z^&|nYeiWun>21VcO37aJ*Z|69H46%
z7YgxP3X%|A#I#(;QA?W)GE(d(ad*TWuv`h)1B?-05kw$nY0|HyK!U6Zu2XVu^X1xI
zFUD?BaR?~HMi`?MOFAKmiOS8Hq6Wnv3d9(pmT;A`^yCB=xtn4GNuS~6tCoRo!(P)v
zH2XH^3JMHSO;);ilNL(|cP~wGJKvR=7pxUC%mcO7zG*z(2JljFr5L!iPfrO%ad`3m
z>J@9Z{UO^BYQZ}KEx6h%^11g16~jo>rttvE*=KNk-2a3e{IqtMe(lN98nT5Gcb^z
zRCU_2j8ExizVu#k-Mc4tIw-
zV{7#c&w(#oMiZzd*qhqgcDe4<+IA0LE9Ue-Y;6VWtG*G2{#K{ur&6ls|l;3nhZO2w9S#tFj@}Na{Y*`sHm=R1m
zIEF{`F?W)-nzqBQNrGDe64-0Q@n(u{OU(exDIjsNwPky%%Dh~X3--pW+nP_ZxzE8N
z$woaD>ru}Rd%7^4u-k~{!(bxwwBiFyJS4*2!r{hts4lL(w5
zojy({6>)~Yz`biwa4*6uKyZFeJ(TW>MVE?DQ(P1e_DUwbXC;2OLy@Jaut1TCMG+dA
zb%iMQ%US^x0YWI@%#;fw1os+0VY+l7Ck|wq#;hezA4$Y)kq
z(XQxoNN6aT4!_uP=^<34`VXk1V--;dB#9__l89T3#|WFl7flim2h5OEIr4Z#6a;5m
zDJGz^IpC_OV1BZH`~Clzd5Y(zl(9D9rtiqz({f6Ew<}
z=t6`Ju=|kKk`9i0b_>yjw@YoWKqpwYvY{Mw86(u-mpNe1zlhjwCk-Hz$>}oYZIN99
zNs0eR0iX%A){`;osmy&6K~VZiJN34*hyc=Ie5GzNR!sa6(3gUC-I1VZ;)9LUua`EOIn<-@u)g1=bKpi?m`btLgf_1I`k@`rVgLI92OO`fQg|hBS%L#htS<7j66W?rq8oV*qm@nmDkV!$}gtlvEY!I
z+tWBQu}o5btg?|@pn8m%$q!*w><80zV^Mei09FU()XRUznrR8Nxzz@nOef>RS{xas
zCZ@43?Yt-Rv%~MLS1_kB93=*i=bJb4nA=Mozk$%dKF~nI5n-#vP!0F@`O-P7*yoa5
zmzO+meFiZ_oT^pwLk(G|sIFp`#IG3#o>XQN9y53=gdYS(F)Y!gBX5equJjMly4#0_ya-6jABwriG+Enrb
zmz2@z3lYZ!A2{g~u4;O55`o*b1n#O2vFN8RVX7pj7xm5^8p|96NeNQ
z2*Qw`N0PYR8ZMw&SUe*+40ot;B}+_v7|Tvvm8Z3UBKcy;zN17LEIoRW_>3Ed0f{-=
zZoh!)XoW0LsOg5RLOWTt1mO`!Ob
z8P5%Wh|gk)!fAC40LVEL-zRR$c;^zO3{hO^e1QnW^@m#pQ>sf&5}2qUAN!&tQZTC$
zdW}Y1g~G59cdGtE(|T&SH{xX_`HZEiU`r~&DPW(-!HpCv-s{;HcCc04^i^JnrkW~(
zX^pa$4W*JXK4u^%a@TRQ8!MsX@nZQV;P@4p&$OjAScJA(8QaUm9UYm%V_-cFR;wjI
z?1Sn>cyAH3eW6)Dj-l!R1;3JfW5d4>CazXNuc
zRUz{XdwmuJl!hzY^0-pn?100BG_uIt&Nn1;HDfG8#S+_f#uaSU_{O=OIK;bs_-D+hF>@hQh
z$25}NwYTKmX>b*Sa8jvLtFERg1YQW$PKu8t5t_YFo8sH9I7NO0MNXE@J}}IN#uUtF
z)w0c&Fwrz_R+ZllZ47b#vJx>=N7}&0e@80AWXc~<-#@{9O^rN)#e
zpkku5_({=(B=M=Rvch|!!BW$XFd=m!Y<0X!7Pxb2l>#uIROER)m|%z`q2T1<5E!eI
zqSb_>+n+Ur#DYg^qO;bGC;%a7fY=cP>)e%4qBadA@rGHWu->wYfUNk#LOc=&uRkBb
zD7!D16na{>jG1q+wo{27j#f=rIM&b8lIi}w`|~xDh6!gVv9mj4Iix;Ov;k|`*&B}O
ze_-D5Z4#yzO*s+6=b{=}bqo7>zb{o+%6GPD6|ti!!DxTs*O|?sWzS2
z*$@X6jhP=wxr5Z|(Y$b$sg9~jhqEjbgUAFYFx`=OEfW}M6{pdF$;0gSwo=0A`w{`n
zPJGw4T&*uBz?J!V%qS)={sHsKmn`VGeTESIaCwEebqbqEfqs0icrgo#$)SrE+@(G(
zpHjOm@cd5+u5xkuWVyIHzo2{ZuPP^%ZQYe}{
zQNekfWRQsiaeBd0^KiMIe007!TTEZAU-0wc?Vvi#xw!#jZ+dPX2vpT`yzzrMinCo@
zqj~upTlsPc$iifw&77C-E@ujCYP#6#)-w))`B(eKsFC`Q(KW;7j?4ihY9ayRY(vq;
zqVt&#Gy(=LJRDjD)kF^oYt)p2bR&dBC|=TcK~($|6?ezEGI^K-2%2!CBH~%MG#*N4
zA*VQPsXhf(0sA8KpQZ5odcL&r(u1xE5))k
z6fUw~rTl80bXs=8Vw2l5+iH?1icP1`I_2Y*At+LB(AW{dDR@-|Iv9f$;@Hp-=G+mK
z{GOnp1-D9ERM!qlAHZU?zO(
z23JNB7h;_2mno$=!##KL3|T&DUwzJ@B~^TVuo3K`7AQ&sXrQwqxXGNNM2I)OR*cU@
zt0!e(vQ|yrzm=7B)<9KdHOsx~y%AduKH^F@81wEh4;40&XNy)vFV-^eDXmB_}M^cwK`F6UOXThd-E7BIG97VV}
zMdYKB@Y;E^g7=lJa+X^@l`^A~DEgiGX2fP&oGil~@)%QE4AXZHR>7Fakkx58de5ebx|5Ej1pi0~V7&N0MEvk4uR
zj(TLDgBlUw!bx$ts8t4}I#_F4lbj{DcK1!ZznUJj-oP8ZDhZC8AUDZBs=?o;*yuCI
zC@|n6qHW-{H}|yWrAaxN+^yOhCO`~d7&F0nU(XgOH_Olp)7VmhS!$!qBtVMhpRlX301E-I+;t49r=>;u<*8v{B~crtMwDnNl(?S+HG?Qg5oIb
za{TOS^${vsULow|BN3_kmuf*Khq3O6|3L%LdYDLEr3^~!HytAH`Ivoy(au?b4SM%=jVNf6%zU%=`~moLKT*r=6GKc
zY|Qow=s}TqjEGY;wha5}2H_Krit+#$ic)=)w+wn`cjfxMt|fP&PS2l>zFj-xCT$6>*o1$R=z&Egf=P;j>c
z_PLs!8JSWrF71fM^WnNkaQtlRrCHoCD)?z#(twJzPJVsaDZJ*~Pd%-;DezTnSzf@W
zwrg-Gh!De=Bz1SHrS>w(3n`HYWSKw`XHu&spBw-ZHDOQK8oEhgg9oTIzjNUxl9`s>W9L=>81_PO*%?`4kxBUt>}H>vf}Bj(Ggust=Svid!0&8Y
z1$1Yb?Zsr4JCac$fm-p|m^vLjb0U+t#yjdg^ULHkcTULyy+WwpBoy6@8`Wh+|4EWU
zX*(j%k@9>fV9&JdOW4*L0h?BVY;*Dtu3vKsBv;lXJR+}0EJGbnY)xol(Fwzd^On|f
z<2}Knf_=u?B$jlSPMso@LC%(7WH%PRbP{82
zLn<n8N!aPL^$Vc~D)!F^TA&UXGQSHw7;v{JONMu0)s>+u#=%j&fAG-kdO
zBXd|ufuP!sl!K+ner$90-bTP3galP#aWYv==b*FQhsX2NIj|Rm6-BjT!=+C)(^p^+
z2SCA`T$}4X`*{kL19oQyA
zcmTRoEWI@gh9?y@0qsruK8Z;NzS801;xv>$|7N;6MUkLPks$pxu`D`8H>$+c@C&in
z!5xlX=ByfAgbUm{vdzr3L7c#A33&cAT)1vjU8iB4x{
zQ&dWvOwp7NT?||y;ysSL9$LPq!Xv~SimO>iuv;t|hhJpK4GS4P)O_3LoI{JVl~
zKLm^~I7RT5V-?7dZyMd2Te=7VRX&9wvw6K*
zqD)Y1Rx2L$%Q{Ocs`;z0c3UG#X$%T*|x$(#+9z~F0V5y)L7@ebe(UaX3`}=3oV%^
zx?K9B8s!UYp9YZaFzh3MJkT
zrs+(Cz3Wm}HfEbXi1lE)4z)LgFO&x!tJMaxcwp%RRY|b~wh}sFh!I#1%|Pu03kH`@
zRxqJ>76{fuBE>m>I1ml3kd@^^;wtbg6$S$KRfv)%)Y{6Fx0HO0oKL+s<%{8ID56fy
zGD1W>Q9NPaeufszZqG##9H&8p;W`rTJA}?HBK%?_I>H?pR?@ny_WRnnaUM>z6e2PL0vmo^B7C00@n`(6lbbx^?gWJ*JNN5|9l43;h
zc<1a^oJ5IPJO+E1qprvdK19nu+8}2$|C4h;2fZw&P<&jH&`hFi&QBJD(_JdD*F
zc$YNi9Lh{h_#$%AD*Or(Se2914b8kx951zp>R^Xn%CQ5@OLjy^sXawBRUP7_igd?`
zlY4~BB>Eu=Op{#uUCN}#rFkK4MG0kwla;Py^>jet%2Z@LKnbhrlI$N)&
zuV!nD0XQucs(Z{@YZ{?NWslTHa`!dbnTroFfI_j%57qs$Tv?2f2H#SU-uc4G!iQ7r
zu>}SbInm!bB#>dJj#379a_o~TAuLd~V0Jp8rtMc}q%mAh=c{UM4dTg3QFbg)uqnlz
zUje#cEom^v%goVbb&JbuUs1Ua+*;BVv6lDaTJ|-rABAFWWk6uNXY6?PYJS0Ija$K=
zU^T|nS<5Ks1O-=!gs?K`#JYqNV>Ufk9}e4Zu~;UpPBH~yujQp_l4X~TOKZ}EB9TS@
zzJ(6RC1<|-gn)~hW|$mQ+aB?dX!9j_RSW4)LQ$bq>=$e@94mwV!)3NeWROAQem@5w$x)AN#mtbqN4Efeai_znN|Iai78v
zpP+6p(FGsTDmcN!L<`Bcsbe|KM+bMid@kx3BBY(4z2p(+R-q&af-o2LuT*;4pa`up
za1iArLNT@d?og)3SScA{!3U5faR&A)TOd@MVT{FeZPWEjl-kXkD)_#RNcq!J
zx9H-{`4MweVR7=gaBF@W+~BriJy@4Y*68-5#Bf^XzOn*+brZI*n3&a>(Y=Z!Rv>d+
zw`OX1n3ed2bREAs7eW!v5e=*AYMaeMl@$Bb2kJ4noa|)+7g8B
zBRF+Nz^uJVQdL%TJbvJDnnnOZ)QVI-k)3!n89>Hu1`(h7eP}P7W>Sd$!z3O;+X1Rh
zHYZLVgA7FCTd8=;e`LTkA1E`ix+bP!75!*SqcJ}1Abo}OG+yiye>Pjgtx4wVZ!^Al
zG~62WKn1vOyPpG^C;YD;6L#r<(&WKJx8>ENs0VS&$H=S4uLRPd{q#J&QBk^SnzgxH
zgGp|dqEq2W|3x=x0s#Vy3z@Pxd7Z%kWv#Yr5=_v+T()3$#*W(3=i!izmh+uC2e=}H
zX4)J0y5X!N8AH2(b6zWE(@llNzGyicoWG_k!B#0(twA|0E(XLl!a@npJSXfqCol#Z
zvve>VGS+XR)gb>xIg_g}NM=XHgWqmXByrD%8w)AhlYtL)e
z(*k~1h!twR{_5@92@3qIDJKT_oXPc0@x)|ez+_^bDX~zoa4aWz4q@8f%}FqGt0Tdr
zoGo>iJpu)jCh5qxO0+E`i}U12wp2(n>F)#bC)xmd$27y(|b)HG&M@e<>x&%ad
zm(Cj(ELeBjj9lW7ZHF=M60koxq^hSNjA6(Ia$Tw03KI_AFNX%rSgM68bfXf<@o2v0
zB4EL1cmG1VZcG+)@Qn50>A~aq#TgZN)uea|aplk^UF5{r!!%=^uG@$f`GmJV{;+QO
zzM`1zE19resFtDyj5KM4o{82T
zuY__A0&Pui5+GN+=obEZ`#2U_eh=7+6OBFKsWSi5PON*}P34M;3NDtNf^8&0;i;VH
z?@SXlN+}(KX6|bO%(bDsT#b@TMb(dv2t6L_zZOW183VWDmhpb&)(B{#g>&nv5}k>3SN}nxBYyAwTn#21*O@R6IU{s%$0^cgbtBAXG$xo+*ax`e(>ZJV%|4
zI@8_sLp7%?V~w@kz;d#6i$djLRuK
z=H2QkhCH?AWY-A$3z>q?ClN)oHWuHD;Xhndu^*@P8vHbBxDmJjR-THha6FDio&V
zxgB>j;XG{SeIwS1hXW((lF}TrfOi-&k4b$Jj@B*T_CJ*bBQ5Li!RM_!c%02JSk`PaQNbEF$j|4p4LIf
z&f$D;Uy0f#oc%VrC=Tz_$zu72l)mK^ij7oiyjB*A0HV484O6=&U890U26eTKUOX;v
zl@E&jIi=hM=eTEAL9v(g-=atTV4_LE+iZh@O}$h_0kuGHY1pbQx`ut5Q%=>ZQa_yH
zK5J=t5SKi!NLSlSmp^oV^htz~jLYukIcNpPkL$l0(y#D%ly{J*Uo6mE7?kR&_RSpJ
z9+ezhRPxjFodd)sDLVNavRFZ_5{0BnHynl}H4O9GolpU!x6U5<1A50gzz@&cnCuz&6>a?-UO;sYAb@$
z#7s##1gGR3sfwi3PR7_!dfmj!R$S_^f6
zVG+~CLcN@5G&s~)aAj>R(L~Dj;Y+HsxI&`98cN~Ir%x8ki`h$R6e%KU`-u-YggZF#
zaI{?>uRd?!BfJdBFc-|`lJKVKDwP^DWT+zb0Ju7@{@*fLWS4i^2M7l0UDl!5KVL!2
z!fF^qoRYTt?Ta@+*iW9%)(FyJX`eiq?A_au?cNqla1)QlCp$bf8j)D|MfwazKGl>l
zghX%OY<+*y=tNbx7Buf$a<2|86v&1@R%9{5NmRq1+{vVlH?`#uWGODPF$+?MDoSN>
zTwor;$3ja!2eb&$Y$TQCqU6nibXyHbB9P
za1(GV={)T8!x{#0%D%W*Li|>A0xXF@FP1B2o(bS^GD3W!SdX$9K!c%L=MQS+@E5EC
z(~eMiQCcskqpMkr&|Vtum~CvGbw+(QItHmt91D)77O<2YRXt`alPR8|c=m2G?Vv^Q
ziltx-CJQP)2{ppdUe7CQ--4FOkZ>6wq2g*I_DwM?bJzFRWGM0}tx*o1pO?Bu$dgo4
zfB;YChQH2ID!7Z{{JK{g-PdZ
zkX_a*xy@AXVT%veGCe&t?dh%piR1C?iz}49TTL&h&bx}XxJ*NLF76Cmmc(co32(Um
zf*~OOHmi0jloVOdZpZosapH*d=PCEMvJa)W(x3~I9s*pp{K5_EAhm(?6=_#MFiFrhA&0$RE;d3_5`ZqfROj&U&`Go|WU}phG(aEC`1C-wc%m6d2E2&2pm
zP+#df>V*h_L}|Q~BCHZzn=Z5&$e&%EAH(m7tqlr{t2#sH@0Qb?%>cx1He95s6FGSK
znx(Zlu3m7_RM4yg0_X2fv_7b}m&)8>2)zUsqBl7l=+-H3Tg*kDTEi5Sr=EO{E2*n9`q~b@IW&JqAits(gEK8F)ap=|7(C(9~YK^4lFXoO^
zwa8^UnUtW6Q%3hBHk55jPH9G%mh8(L)kdK6hd4JHWPrE4Pn8j5jlLrGLPB2p+E7J=
zFRoB+n`flzGR|DVLZh#6>ucT49xhuFIbvG^QRa;G
zI`X6G`lH2iD#b-!Vk@GKl1Oc(h0O6+WVvccV;5@aa3x-!oaj;@-A*Z3A&%+E+qdI!
zBeSCdu@{vgc^=J5!%T`MY|1Fons|HC0}(@$c$_>y^!vDHFh&F7H>W%EIXILl5du7)
zmUo+E8N!jBR_c6Nr!!Hd`*@eZDT-+D$*c3_#ROI8R+|YuhH0@;oUq#JL{V0MzxN_`
zv0VDoNM}Gk)^S3~?_BIS11A&fq^;zqef-gEy19bb9q&MMo}X-<8iHRwuOQ3bh6{+~
zzDZkU(CFi|6b=K{@OI{x9)wEd!pj10gL>rZ#x%)L%DLPhpxb-Ln7j+6
zYjM^LV3blh-C=_+2Th3ZMHO@r3*W3>k`^hZaBo8=Z((!X#EHX_QlgmFG0OiOh)F~k
z9IKqRye*c@k*Ea!cLaNlT}S=T`$KI>2sv6146-MbcJq3+K>Y``{{X*xC`!YppTK1xLqHNgaKScjxQxP(KPrG>6_^{g|26N&l3)Y@AMyt^t#XO%w0!
zhlPs=dfZ$RzhaLO7UeouoKDhPk4@Y%!2sy14IAfUIaT0&a`=Q8+;=sr-!b%Nn9?Y|
z0zqQgKx`;Phrzc4bOwrjJI*!RHTfnl~;hqfYCDxnIuH36IiPoxrezuZu3
zeZe6FT!Y{whl(;w;b>jTC|MvPx`ZV}R90$9<`WIztZ4H%+RX`}giSAT++b@2G^~JU
zFm8cZz4Hm)sI4vCnA76g+#Y$5b+8?i(=oQW~;w<1
zMwGa+Y3*V7GHmB??S#aXkOLndqu?5Ib_MhjF)Sd&;8!~N8~{AWQgN2_loBTei(-iJ
z{mZNMYt+ic$kDy^yYtQT7_Xa^yuP;IE>I)--m8nNdzY&v%(~6H(Y^52FPp(l85Fy;;j|n~l)@Vut^ta2!W^|8q>Crv>dhgXze_78?
zM)x+TEHJu9@lSkvNgQ=_Z}xg}wwj*LCa+I%HTw&Gn;F3J$>G>S@!kuXbc!zIuyk3v)q4^u-PvgDW@zpDgCk!3lmp@S@jxHb{9Ure|
z*Y+0$i|u!;sr{yLj^{{9nq`6KwT
z@!ycQM=$XD$M9q0AO9!$z+Nx@6^)Aj(!WNdzl)E4>gNA%U&)p1^&kHk8Ef;m``GJi
zeEfgi_{SUh#9n__hL33ebPb!ozCC)Q@7wjhaV5Xm>m@CYeurLdygmOv(9b@g5Ap9G
z{ZPi+>u+7k`*iPLz)wE@H}D><$p#KYe*DoVa$kG>mK#gI+BkdtXL!$#|5C@>>w8=7|F5(0zxA7Pe|x?9b=w)b
zd%VB=H5&ap{NnHb%YR5aJsR2T&+=dKfBE|T2Yf{1<6UegOnzwrS*zm5Nq
zj{lL4e{CP=1@i0t3s)+Nq=lZAF{YQUA$9-L2X>#tL-QQln
zj?ex4NAKylpOe=g|8+MQzuGu^{YEza#|Jv@fxOy0?J73T{{G7tPw(0D|3t_CwvPX0
z`=Y+)*ZXUF|DEi6HvVs9@6)r=KYRTZ9WU?3|NnQr|IUZ;J^IbY*}H$cGXCd(AkY8q
z(soWpHQ}8jb$z
zx6%`5Ax2NvJd*L(#W7}unea<~+-*eA>EO&BumXweXagh=Y7O_vo
znNniPj((wM+>wq%B0Et(Q9Jl)B$6iT+z!
zf5pG!<^TR2)+d98ME@;~e<97w|NT3r8QoS^tPrjK-?E<>{#`JY{O_0-;u_kczDQe8
zqMITSm2zlC#C&8ZBwkqRksdFFe|Mh#PFNb!-|>>w!DP&f$iV+U^?B0Y`DtSug{7Gh
z+UF&&Zxs9;{ssR2|LZ3;yJ$4k*IGM7lTlvsp2_NEHdvo=88McHyPR>n*RW$X`pkac
zwWi53>gO2iaTEJ4Z(3L!GqvXZE%>!a78GYf84YL;5LH!3WVsEFuhq+uE_YBCbx@b~
z*Kg~es%9slu`kX}q+Hlh6eelzC#jljY-i^%W9p$%%I%NZ?GSmY#9xlq$ynd+`QmuP
z+1u-7RSiVSD@DN~z1*#a#?l69%9W#fncp1mBr=GJoc_mlnE%v&vU2eSmhpOa1_vVC
zs+1km6Z|Ws&qqu8+liv%T}M^MtGd*-Y3KT;yjT>Y+@{+@%Q1GjokXHI8P(x3ITp1d
zQLsXwtAq-KLDFus_s=YOe>?dnqBy(3deVV8@on@)ZH+9uwZF2ua(1y}Op;?x{KV8Y
zb`zrIrC&xDyE+X!u5c~RUZJ0zo@B6Ht<#8Fh0zKDS+4I_-|Hml&?(j2V$xW3$;6H^
z5(df;T{(3Ldj~r$kxuy_yOqb~Kcto$M{UTlQ|J(~Qc@}=)iBM@RxihK>{tt{qZ_8y
zn`B8w_MK}GQXXk1s*P$wy8EGkd7%NK$MvFw1iVhN@XvZ8Mxdg{N+vs?U*`BZMEDXxayC`SL8B4S|
zf4ba9)WpRvyoWf-c)sY#8S>L%SzHrGx;
zt|+IfpRF;!JStn+*m-D1f!k&|$%}f%(w-uFr+7I>J10@BNV!Xlf=EG1PCmLzvSCNL
z5R1UB#&(wdT}3_Gi0mR=d*>)ei}a+dH%TuvGwhVBq@F5gxkjlztV__aa$@P^u5j-NvKGkjCTB`)~QSTE|S*D7wjGv4w9UDx{LXC1LIgv
ziGk%Jy;XXi$rUPkiqYZHc7b|&F)=rM3?==dn`6_>*jT`179bQb7Z47J0L%j{05Dky
zSOi$YK7cI8LKFjKEFg|PucUGnl<|NBKq7HTP_6-_0@45(fK0#!0F!LMM!+V(R=_qu
z4q!WA2cQ736Ho{!0_*|o1?&Sb*$+4XC;=P<904#n3MdsHi9{!%ECZYdQ~;^~X8>mb
zOwIw$1FisS0M`IquERkc;4a_+;341<;4$DSfXOo~#6Mra&j$MZ2Fka9_kfRpPk=9g
zZ-5^FCT!~d1Ng^2FoD6Jr6z3vvH&>%leSdKQ`rv6_5fvoDxf2vGoTAV9iRcw0q6qs
z09^FxxEqv4ble?EV?Ymp3BU|s4(JK60Q3g@uk?Y>Hh{jw+d?^jjt5aWgi08yL_+~i
zfMLYBQ#k@kPrw-Z>;40Fs3;>haP|gK}10n#CfCYdkz(N3%
zMNlpVECDP9ECa*2}o{kf!OoTFtj!{b_N`}vC0BZqhfONn*z6tpbpRkaM7k?T`2Vd
z-2g@aV}J>Oi7Aw3bj&{YgyUX-J^&klEnpyEFklG49`L{7_&=YW;Mf%~4B!SB0T>M!
z3m69&5AX)~044%_0sa6cQ>hG~avGG=0l|P7fSG_$0FyaT&ILpQ<^iGr3jvD&O90CN
zOxT1N1Bj*1E1+BrNB|@O)&SN5(gEuM8vsl;Lb(O76|fz!1CS3W0C3p}$GhqCJ}8Un
z_yCoMp*#vW1}G)&1eIk_o(5C`&JuS4%8PV-8Op1G8o)Kcb-)e4O~4%hlY3OMTVCEyj{HGs=oIDYp(pWnmrCqUExa7_0LeEtUb3HS~83y_jRD{Y{Z
z0muU6h-1HzhvRktMSu#R1E3?IGe8}n0pOxV$2w5z0So}$0LFkG08@ZDpeKNd1(dx3
zeE`;gz5p)$;J81)mbigX4h9SX*b(Olr4zsfFq}9KDm|eb4e+AR%DUiSe?TB02rv`CBoxZIfN=WExOsHE2+E~^Wq{>?Xg~}g7O(=qBo4||bi5kMct9e3
zUIXP?Knft0xHKr!0qX!6fDHg9*-&n#<1J8b1LV+W_WN8oE&vn)iU7L-djU-LLAjrf
z4^YYYgK&HlPzpE!I0+~NlmjXORe*DV^MDJ0i-1c2CRd=m3aFva*P*;Y$G4!oO~*|4
zE*#&Z&-bBxK*tZMd<^9iI(`P_3&2ajE5IATJHQ9PM?fQh$!93P0)7B~0)7Mj0R94)
z{9~mwjK=^bl2A$k+R$eiDB1mCTYx;EJ%EWKl*)9>KC9BP8kC&?T>u&YO@KbY0MHF!
z1n2=U0hj`q^n}t9&>LU{um;!wxb%bL{(u1h2f$Fk|BB=Pe0G9kH^2zMNa8)A91R!)
z@B)klcmpN^d;$J|06-96I$#E17GMrwE`UimmFzeIj^_d90~Qj$2+GBPC4i-XWdJ72
zsbt5|aJ&Mr8W0ai1grt91*8C&q(hkj$Odd8j`3UQI0wq@fLuTxARkZwCR>;~)w
z>;vovFe!$zgpLnFc^GgMa13x9a1u}kr~ojjhVl&H9N+@rDxd~%4R8Z+6Ho`Z1-Jva
z3wQu{1mN-*j-S%!=TN?&DHHN*O>~
z`m6wDdw?Q98K44Sq6(!Npd)?m45d0i6QDz!K9mM@%>Je;92)|<5!ancxZ(T1(i4vR
z&}VBX`vUsW=l)RI((xcDhtRPdln#KQ04IPmU>JbOa4OxQ903>w@B)klj0boFm`s3j
z5@0gGkGQE&1^@y9GXNognSfb<*?=&>TtGM=5)cJovXIKfP%Z<+0Ac|v0r3DP2~Z}}
z@fs-C0#fKR`+X`Mr&E~$WhP()APbNU*aX-N_+QxypSJ;a0P+C&fC9iyz%IaUz#hO}
zzJfG+?hKcH*|{097GoD7Vm02x4AfC8XBKoOt>
zPzH1Wr~#OCrcxbBO@J1CW=oK|bj45o4jl=gJYcn3Ik0(5hol#cfv%-5&uPh`vI+CJ2}W7$JF#Xss>Zy%E)!;Gk$kR3-R2Vcqh^|wRc
zUW;yjH5_>U++`alNx8&Z}9&6KazOWsyK(@O3>De~J<&u-_cZVyZXbR%4&
zev{(Oy5GJL=E^A+A%jClxMep>YIq%7I&JWy;0|eN=~;U9um34_)z5n6V|lPF?^)^O
zV8si%n=Pt#Cdf8?a_Db*C@Adoh|)1(Cpt(=lqB3U8}Is0UOs8h-{GabisZh=7zPA7
z8lOIY)GN2c*1?&Rk2?Q&F!+~+Ow111`-4jc&JgRLz8o%27?W=5>!)j|2mF==}yUk^Q(S+J>B`x#$C
z-~X20qVLl=K+j?A$b(VN4i64j{gaKe+3TvGq|j%s*-ph*G2@(L+MeuC{r=r=&sPP@
zbcRpR{WNgg=%fnyIX#RAn!j(doZ&Ed?WI$x8opOw#XdZ`LNRsyHd(7tfqAF;Z2utH
zE&a={hw>NhH8|cKF?pH7yfMk|i{>6J%PXo=c(8xZ={uL}*Ds4Ww=-dRRMn1UChuNY
zJlK4vY`jX!N`nsHzYWvTc_-;!nlN&o-^vwz2YD@AUoq_0mbzQhj87jvJN9Fo+9sv5
zr5*(fUSICJcf0YQ-1`;2uVn7d&nz*{%^Y@neXduo=I*_-PIhrP^8Hbusr&33`%RZ^
zP`+Yz3s*sPvSN0s!GxgyxNpb9&p)aq5mtrFCia#kFH6(ey{pNQeAzM&%5WE
z+8?fO*3GD`vbDeLe?T$t^;w5=4(;j|`=2#=rglTe-Q}R2$>iW0W%-=~JX87)X}d+=
zakRC@`nhiud%e1H;h@D%#Yv0WCf({jE7D=z?0JJ`875|Fi#AxL4~lCTeQ)2d3zqvv
zP7Ii;9$cIENn5-BTAO+K@zDu;miJxWFD?GJ#{H_73(R*^9XY+`V#Sam8^iaPtyWD7
zS--2+QR7JOCz6A9_^7*Yj#Zc!aVF$_(8P>0T7NBec$7W;qdxG;&n;P@^%YC1b`0A2
zFe%&lRdvLRa0zXLdW+px{v{SosMtI8pMPTawBd!_y&Gno>9R>_Rr`C(+stuUu%qsF
z*6;w!8D_gaJ{)`gi}oAWaXR1gKA5P@-F`zS_FPH&4b{G-
zIsKn~$=L3(_ve{51*Io6qjggUHhQZhdhJrr|8nzYm96$@|DNTa#?G2__06k#hw
zMrC=PGb4MtEmPaOqUYq`A0f?4<
z{MIyC?Nr>ltZkChEn}qtS1tGTmKbNfY|o=jy%be7ui4JakDBlySM&VK1;YMp^
z>n+-BZZffasr$dQixq3`AM;sowESS-+|!eOq@2~vZs@VTeAw7u7lS-rPm;9UVXfGA
z#pK&zrR8bUbsQJ}c|3W{=4kVx`iiXs{123M`0jHx-^oUMwzb2-35yf#ww@ob+J0W&
zn`1s7=w34N=a#6=`Xv_sI=ZTf%x8YCn7emX!Hy2Y9QLeR^GH`ldy~@G=<@Fy+(JJ#_sHTWlcoYzQM1`
zKG?(_GwO7=%C`37)zd|HuIz0)>BMp4C&@RQ417veOw00=QZyb8nA5yOX1CVb_j6U3
z-F<6P7t?1>C$p92i#F8i9r-+7rFiShf%;3YTkgwh?pky=z2bU7hTHuOzvJefDi120
zBGv!>gbLll<*#-hRCasXyx?EAH&Ls*ZYq8-r_-v(-&ET^4JmkCnQ`;WvxP+-uFs7f
zG)uh3AE}vVIz@f4#E7xKp4gP6pBO#h$RGRV8y&7Behrh`GxX6A{{tyAMlH!bR#Q_r
zrN69Y$<@aj468K*sCZqUsO}H=l7uEnyq6d
z&$HfPlP1~RM=7fB%LOu3v(vV;Q7!D`w{K*#i=4`d6E&}1Ot-%`L*sqn&p8!;zPqFj
zH>zJ){@v(WzV{`=Q=7eexxSuuz@*$tJw{c;Iper<-Dzcp`;IP-VM?ZF>c
znVPN6+NG~MO?gd5LRag(pQp}W8h^_1N0QNsx6_h0Dp|YVoou_b>4Ns=N7^!X<}TYS
zy-g~tOtxg(JB?K<76g?a_RMNGTlV3X)UOZLs%9;3dRgBqTz^1G`t=?~ZKX!9?tX9c
zfpb+wUdaQUmv7wuGPd7-vzh*er_Y)gE6ME-ihQ`>#mSl)`RyBAr1hsQRq7S?)5>%I
z?KbiuCMS2~&uP>sYm@!x=MvvvO;%dTr*&(5F4VkF+MYG;pv~7*OV95yuEjHAbI1LW
zbx1ef^ZeIp{|-G0-4?@5niI?5kP9GkxHjpMq&9_HVs?c99T?2p5oeUbU4
z170qWE$!K3+dfgc@%My`BAxezzMFG*bS*gab98-4pT6#?!_WM)9#T9m@%!X+hwm@G
z9PuOQ%kT#^Z@Lc`4U;b4<|X&ktnF0O!n8rRq*Csr)E-~a!@K`(vk%vN-t5yVV#${QK_kZ&V3Cx{p@L~@3xpP`mGzdr{nxjTFN~}m>%*Py?J@l
z&UNy%;b%Q7XP#HTjLf`@&NnHtxTr{r>L4=I}m~tS()(zO-$m
z)cDd@(^C9AlCC^SS^Ma856$q$ceh>qtmUxoPD+>2LniG1^((z0idnD~%A}m8gxZ+v`HwX`tr9ox3_Y$oyLQl=t3M5#;zAeyI;ERx8mRy4g;e*O
zBM&xwH>>}qrJZ4Qp#0#t=1I=(o9pKVEU>&S?>F-Ns}IMfY&f0nV>-&f^!L-l({clj
zKh{%x{#5$(XH&0sCls5X98h!Vo>Ug-+39Vy>|9;1$Iou>^9#6Ky8cAUaId2c6`!iI
z*H>)$TG4sx=57B1X5Y+3qvx^G&atv>yNYQwY+?`yYv
z_VnNg%?rnuZLIAbwXjdO4|W&f`0~k4Ve`#Zvc@`OTO>>LEsqH|e4FbwM6codKC9W1
zTffX2_U~H_`y0UIi|?Hm%}tbQ?{f0XuXe?vL#kZ@-1GJK4BqPGpj}iFGN$6nP?eB12OWPYIC@}>YCuVm-y?5Ma6cT%R9e({h0nC^79tf7ak$0zMaVDo&e?0&-n
z@7pUZYHHZ$M|meLcdKo1v0V~=!u8K^wM$!fhOXZn7+m`Alx}?CuUi23Tyt
z_eNd(vOmKIzLDxa
zTNkSL7B{La9kh3!!lhy9?+S09P8n`-K70N9vEAGxbH7%Y{2FW<@ye-sh-2!}nw2xB
zT^s!1{-x;weViid^3T-j$$uK;eWYMkgyyPtRz=erbiY>nI)vYE?6WHR(27vIWhZW=
zL`Autj`}H4{UZ0ui3IN-yG|gP33vRlD4a5_rK|~!9~Y%N@(A{c?VZdOP!njS0O0v_JqH2e$zS|#U$%hw9Ee)
zSZMEe#rXNK3$u<5Tk=7wyJNwPx_)n6Z~QUy8Ch|z_(t0_|GbHB2k-Crb*N|0_Lqju
z*}tRh!#$2P2A-}69Pr10$CPMw=%pbaD84Hh$n?C8yK2-)XYT&;P%caOdiV~6f|dNV)$`;MM(E#jB2
zJ}S|9{$b^*!CfP#w0RJ&Il0FqJ>N_2<9%K^)%Kejbhb?6;pg-oRzq~(4!sm^WV2U$
z=#;3&ui+bin#+EwKIJ)Fw!4Q?!XBUeQ0)O7eGfZSO_(k@qw&H&>w!bt#=iAQxnW;-
z>-fbe^=#AasGypp96D`2RyE7l&~H;BAt?w0YDU%l=*Y5f`)
zH`L?ys(X{Ay31E;s%1`ay^-7TMqR=4X&U=7E3J-RwQvZSv0>xbcRRmyb$LEAQ^uq7
z=-c)4th#*Gsa}{iVbnQ?*o;z}Y0DzDw!KU^w`$OL<$~E)6uiuTZ?H>L{X1d*5F6QR
z1G3jI%$OJYZ=A|IHTf6Ei_1nW^03-tU#L-}(mX=(?||QxKdYbX_Rn(vGpa7Z?o-r)
zu|q?;?#_L`=hea3HtB``LL07yXJ1+UeE9>(XD@H&CoElHURk>*%YLNZw&&|o?>j#U
z*F1V$d8)#|Nv@t9&hP1QK;k*6b;_vl!P9DFq
zdLMOdyffx=;FC)cOEtT#@mGn@C{W$r|J1KLw!8Oz^?4qCL`!!_L1gjV2}3WvyJA&0UTdmU_hS;x$DXU-sJr9qdgJ59N-N39p$*dm>-V}&
zt}e@-q>&!yzQ01DVaHr^=jWG}g01g~RXb8IImEVqGp|EMl-9OE*_t)yuU)^gID60N
zioc3`iyCDYW|una7(7t!eRQYwn8j~0RsXy_Ub$i4mEn`B*9=dLQVsoCr2
zq@t;j2eQY1Qu-~W?p~7HxAWPBPe-1M)A}<(v}W=_t>r`aluaFE>Hc!OdH#`){q`=8
z`z$hfZGA|3V_wC&)YN#1p{H`>*DciXc^5G}DB3xou9L*BlY@eKvEwD`M@=+l4;g+z
z`sAIyPO054d#otgTiIyp<-4t+DP4WmS7%-MowJ&iQXYTTEzqsDxe*@l>EoP1PDY-e
z7uF73r#a-piRvR`ZGB=stIkYnIyOb_)X#giciy;eT6RNybaF;PXN$XI4wh=^o~)>q
zF7_RINvB(9D`%a5OK-jO8v5zC*5&juMeQ9wt69Gvtdo$bzw-U6b^|hccy!p*`EiY`
zS`X!^9pabQes*=zemDB>nVTkx~n>GYxe3}^(pX^rP(gu#FD0oo+Y_g{SRtw
z-&{S?cZu$x2+xhZinsObb}D0K_vK(Ka+LEYIjQrj;aTcOf;eWk&r&TqYjR`1%B
zzO$o=>1vbv_AgI6JRNVYJk{F6dH=Ev@BFK_eS7FKO}pyB%+Au`&r)tb?)ph_mQq-b
z?DgSpH5NOiMsKy=``BY@@GP~alF%z_>R)Wj8#n7gm-|aD>KsV;Q&&1HO(|ejN^rdY
z(hsxls%-K%o1O6K-!f%O--Hu8YbG0Y{&Cii5*bRDbtJ=Twn^h-@xR+_Z#j83nc
zhjkX5`xNM|bM(TYqJjg(zt$BrTTc9NMW?Z|l+Gqs6%#Gp`kd;K+oN>{iLzIA&-GWc
z9+axNsI$Aib&TJZgKHHltsdJyUmoX~FLUf!?6h*53-UegCTrxE&3b!GGwJzZ(Y^;!
z{XMh|W?DVXt~sIGZ=m)r+hI}PH5c`~pB;Gpg=E{yMN0;!yN^{FB_a9cN1*RJ&28GL
z`)9pssthrDI9rT)Xez8JM)*RxeGOg`6*`IS}B
zIHOW6qSx%A8%wH}{8~6aRrOH!oDtezUWYa2%vap2p_=h=?z_BGekE7`+IQTR5>{Q5
z-s6=~;PvCmDY{|ThWx#3-mm|RTkfl8kIWp|H|&?%wX2$2Jls_$MtvQ2Z^FvjSE?|k
zRUOEE_w-fA>O+@J8)H^K=@g`JMrK*ZMKcQ4$~r9GALm%L`Sk3%60I9&9qvSj+U@g|
zTiIP9$-VSId{~a^yf=FXglYRUPVZ!2f7few$)4Ad
z@3%dSj$i5@@FVc%L9P6Y!9PrsWa?(WI&HWk^Gbgo*NU6LJ3rT1ZmqtzNk8S@UoB-9
zofpTfuC9-bGa4Xec;-=Ex^;lAy|I7$SG^;3L(J7oo*nHGF>8I7L7yZOsxI67I-ard
z4wWDs)67-Qht*Y{P&(AdZ;xkjW8SGv*Itci_wVb$EuWPv
zzdD>fa&KSYXGizE5oPl2=bhR)uZLIUE8qA{FAk;soG5cn)-}7QP1=_gVUcEEAAVOe
z@adC2w)2hIF0maKZBlL8wQTjH}|-%Lw<-}Wu@b6es4qFb)F$Lf~tT!c-OE!BIhm40~c
zI6OCQp&i3kwrr=Qm3SWO+p@l1EA6!#HlDWRr`oEP`33V^j>C_YE%Se}TDFtZN<1rC
zxsFO&@pFt}%l0S0{=SyZ%chn1$FFZ$|6eQdY$xBc{>E0~cE1&#?GtBhqVO+&kXNIKcL1wp6cgEA1%zs%8D!
zR>oD6vn}fvx6)ogFdnvay*zGZe1q=O;`v%a|8MEM%v#ak(ywLxhHEYJm96AgV_O-Q
z*k0k5{JEgPctz2JdfdF1Ol|k20r|~;*=8wxhk}*b3t4`mD7rTec|S&iyodAEhd0L>
zQd$W+K|j
zW}B}-W{7{nemQkKuW(7!_aJ^Rykx-q*I}E9K!S;HqV{#BO`bhjhXv^kFTXH-!#K2~
zh_omHUeFNpj%de|_?t73_hK8sKum}ay^40^6p`oWb@MOslC<%S+Zm_C#&cy+YCG&F
zFdT_xxgOeoV2^fqUk&bnb{cii&#t5&120mreyc^Bv)FqEOxm7C{c2^j!{g~R9C;&W
zw8PtX=0%L>zMaSqLNlV5@In!bLk8P`3BvoW1B}CrugpZg3+XR|>y+`X6bBxkjZhKe
z*Rl<&Akb~Z@^(D(gKd%Lachpn^D<@|)C7C%Ph{L7u(y!9+MAX
z8tMm<{swAyy*>Y(FAkr^dNnqqolMe?g+Q_M&5}YM(qOR!=wZDBsDJY7^as4u#MiOa~JXpj2bPGJ-BBlM6rB>k^?$OlusLByNEh0p5M8-RZD
z>t(hb`V%(^?KqSE)jp^n$TpdSI1t|?&Wm7tNJD+-eqvFD7siuSet$@Bb&^r9S58prxp9P5Ni2V!eAPZ{cxRVUPNjY%?_o*Z;B}
z^
zCF=jcv=26;qo0pTQGYs4C!&H@@}D?GthbiVm(Od@w&6J0$QA@Zl&RjN&*+b@F4oKE
z-#5#VUrX07kAofL`7AH>qr4Qof_JGXZyZPY1|QFdzC!=^u@_4~c)sED82RMa$orE&
zBOwuDaflNk&-;I568a;|D=a7D`8v)<|9SsE`x@=s5g~t&>^pQr{S5X(2nau~p%Tbn
zrWa3)NZ&t`;z{%DJmL?~^(D*)7Sefrp!4E+tco~pokTg*Z+SjnYKrzX={|^GcNLVM
z_!eLs_<1RhL;X`UK6Cw55y;0b!SmvN1|7k;Sx_F%^%d#5$TCNLK7MLZ{PSpD@S*d)
zt%mVzpqK0Teaf9Mtk+a9UmLYSUdIIO&mue7e&|n68qYh^^`5yO`6ilAdHf$!o{&R%
zf~AA>!pe?JBFdAnSLKV;|o|6IQ`kN=~2oZE5Qg!YB`hPDgZ
z5#}4aO_5Kh`vq?2StFkBbs3CXC-UEx@)=?Na848TGw7ws5}HRGve2J6TCd>t<5iIt
z&ik1(KN`{eXh8M0>xlOIUB>u3(D(
zjTE#qpY9W9kpAq$sK0eRo)_=`@0TKPOXthS=PVjmXVJLIdG$GH-);VXjqyHMW3uZu)iwDZ6p?eqDx0tQlcecftC
zJEO5$(M5{GUy1{t*Qy_){f16xhhOhnl+V1YL!Mv1Z^}_WSOs}~vhTM5`6qNgm`wb>
zRODaMeP~zW9*TbQcCnp`{0E2s`ah>H@?nO^N0XgB;TVTIG~OB!KcDgqCCWGW
zxSbk+`j^Aef8Or0f6>0QA@cTQr;74ww=u{MC4L=r0M?Gey!Y{DwO>w0}z#{m~_U7mPE^pJr|3t%=XSfcAy+
z=Cc^o??nA=AnAXQ!uXu(f_9+$iRE`Yv{TGpOb6lq7s4O1dgJJNC=8<6MyaD_bD5zg21lrSI5608$8^g#WNuILY>
zyJC5L0PPp0|F__k3g!+6QS$Tr;ZNdGu8Qn)*7OXdx|3UjtyP_RF4(}g^e5@1J
z%k6Ii`{Mo}nBV0)!|*PaRU^>8swLXz_r=@KqMaz3mw7+$
zHI|NQ#8qlM=cN%uz+Nna288#~`z_N5FUI#`G#&9Gi`%41>L5=#K}
z!$`Uxfj<{Z60P&((>TW4(fv8N7^q=?hXGk9
z@#N!=c`n*7r1^r!ClCIR#o2WSo)_0|xQF_BG=K5-DhfwlWd`c=@g$h?Mqxgnv>D?W
zC&&ZK+GD+$r?Fw#_jNE?tc&`3#@H@A&fc_+Wb_>szoNS6LK)gwy9xd2L3}kV(6IA5
zREl;66CY}h`Ua|~4JJHXpq+k0K^{uFX^7t=*j(jBX+|E)MKv@6WvkcFR&%aY>
zogqF5?fa7b<`t-aO^_GmHzV(+hWb1XsTmlDfuE4)<3l$ZPeLk?mzKZ^R$8K+i~8sf
z_rDFTA9~UH;WYB+?q$>$&cE(=u)UNoqaA2gvE*!L>kP^wJNo`kJ`dVfqrN1qgYkO%
z3_$x0w4TPVyI)PHuONs1?x
zmNUmt{}9cy_N0IQ4C>3!d;w;~vT8f(_hnxk0>a}zv@PoUvMrL=aV!K7I#Gd
z^@%S}K|A+CQJ=?QJbYyR#Kz#i{6Ko1ICT!%2_ZX*t<1kZ?XW*Q&_sPmFU8_xi1we;
zdOokW53SebjYNIkKXr;w|JqvghqvP@YF|BSU!Kq0e}r*}dV%`gsor85H%jPvCBH6?
z(Yj>>ty{wBh($FY>wT1rcKE!I*vdREIUn_f^SH|>5&;%8Ujc{T6)ZyY?SA9_+hjUxu#3!D_{4h$8AKJ7s&q~6L1B=f$FSO%Ec4A@u
zkntX0Fh2ZzD`{QvJgqBsA^mF`QQuTBzs!dQWp-{Ep?w~I)hhHqF$a0xKQB{Wkw*QK
z*BeXMk#OGp_!I5RP+r92@TdU!Qi>9@w|FbyZnekUbufF>H_+inTLL!
zBmFh7FwN|wTc91D|IDL(9lR=6xN$fc{`8i`UX6&B6{w5g6y0Up&c(;7lqqiv1l$r
zenbP>*C&1vtz$G;BhSYTV{Npr@C6(I(ZE8ae+qeFp3uz;?SGh#c3jDRfi?Q?*$3ml
zocN*tkRMI^DEN6DqWB2&fp#l#e*a8)$Rx6(9)xxjrl5V^j;cQB&!Q0YhmUVvTFD1u
zYVf?aK0-U({~8*{-q8GFK=sN*qy0vDzQE6G#}D);L?7!7BmFoF}%iW>@5OXq}wLQx-ZB%Zp+)@w{L;LM%PMqCaYsUvd4b
z)6hfvz^OLR6PZ*y|`&D>I?IM
z3OCfhMeEXB|Iabh7v?95^c*>su8W@JXBu3OtX;g)F`h6jiY1HY<-he9A8oqs!WHnm
zjT<{|J6$l`Vkr@WW<
zH}z|1$EpMRpG5U~z=g@$J=h!l=k4_x1}GKCwrZVZ#hQFPj5v+@jnq%f$j&7gc-eES
zc)>haJr4bGp7G!QIbayt@uT$$-ruBXTovXIi~6AcRl1LcZY-8$6|}$B3hi?{ZR}A0
zx*eX^DAJGJiM+8O?`jM|eju$I@NsodFxu};>#;lzBNgd7WnYR2;zIV{%|iV#QRokk
zkJ)Fm|40XUKK@Jxp7pB+8RQKm(2#Fmv~zDP^4y=|`)DU!5qY@W#PZ_^@@wch6b$2H
zv7>cDW%dP&ATUgcA_xrrR+4-SA_F-7BD(QbdhwE46g8cwj
zLs5Sqt#@(#?W2(oqw9-3hKlGosyAuS8*%$63t%mbs`redp@Op>B1J+X2@NvG$3hlh3JfFAMzf`m{`aPa6pT~Q^N9Lz+{aLn^d}bk>
zAoH`IE}k#c}eqoXY9VBp^!i_eYMe8FD&DWB^Q1&K1v(y3?ZJ4uZ-6w9;S7%
zboWI&1r!H0>L)4G|1+rnJCc4FjoZ^+VZHpiu7=+;`yp!dHkmvo`rx5i+Xx#3O=0(dWuZW_&g2%JNJkA6~Ch0P3IeMSWG$Pn5wp
zE7Nm_!^A)FLH$g6?!)KnyK-pX+YIgVJX4nL>%W*I-;?ZkpTs;QSdfPVZbthPXa7rZ}se@FXXbRW@)>~y}2=j&I9^+H-J
zmf8K$j&PrC>JhZ#AehH($0C25#sNMrPfbQUVS@X_(=-n{?8FO^U%zPw(ayVd=npiL
zSiGq}AE&&Sy-DdU-$G_z(F&
zy028H>ux;V7cVoydT)_G6SC31^JnCFK9Jyxc5Ei1eIB3XFd(q@+G>n^2HCmr8~OCE
zXovT!yI+wP<{Q6gKFXo>H#JE#bS44k{h$kIhaNMCEa^T)xDV=?G1`A=hW_w*v-vvq
z6Jg#WGZN4D+ZeRpf&6zaMmuJ-zQOzRFjv%nN9%r#q^~~$^(`oWo<;n^c;r*rmpp?c
z6F-#lnPSRk?1|q2?Ze_}L-_`TS1gU!(EmKzZ^^#no=GYBIf4A-=j*Z`?VJ*fSJDCK
ze`z?LFYiBT&|z4;ednT|{C<3N4)TZMkq;Hu3g7Yj7WoDxw8Q(!@$JYDqjhE&-o@e#
z6A-g6%tLBu{>`E5j^`U|rlI~<8sGT!{_Q66x74s+KCji?#`xU)j(%>UdIJhje=V(>
znG&DX5944=<2+nGVtF@VSaVO82u6EIg_CdrY}$PGQWpT(!43mHyr5t%AxCvUw0O?EXOYnT*G8D_p#TXx(`N;G0Ix-LK>j<99r|&}j
z?UV=ddY8a7$MVKQ?4Kln@ODu@j`ycglz;MmuJ;q|+!M^#Z(OimwPAQ(N@8p9{rdT+
z-;|7g@_O~?c}+2WsWm^}!<45@9glXP8;C{P2JNTPeLdIrmPPwpyQ2L`r0?d4{8^eW
z_&C<-4W6%X|E=N^)bB^@?fib^Q#0}*v~JJqT}gSxI~w0|sa}yf+E;jw@nrwwgvlV7
zKv}!5qW0qFwFw+%{3%*T;^X8Qx{nT`@u4@G5nWx5{rv21jE_I@Lt4pa{?U5rVOr1R
zv!mk`kiVqKH!E}A_t;O-0#mMzr2!hB%(X|&(G3Ht+Y_lIQX9j!Zg
zke%W+6#u2D&*vReE98aqzJ4q7`&5V%i<@wM_cz6O3irL_l%t=Go3UOC^2h!b^0$s5
zZ$`Y*TeL5nm&;|)ez6J0xjX5P9*(@9C-VBlC!fdb+L-oDbs_%tbF{ye=6$}7kp}ZJ
z8y_s_JvivzVzH!n&Z4}fAMt+o(T-gwte0O$uc2L7e6(o4#Q(i-QbGHlcjNgEAUjv>
z(Ep3{-qv*Dcg{mQ0imeBfOvUG-BQ%IB>hA3=)cAx^q-Hz18*ar`4#*m|tDnZ|QF;@`l;$NZ0_{=?hxY9#7krF9kPu3|BTiIwS>
z3iO+39y#(H{SPGlnq6q;AkE`^y!sr5{DbLuUcBB*5O5ZskS6qBgX~PD`>(tjzuVIM&fEP@BF5no#fS6k9}Tkp@T36a
z&+lKXD6fmBejY&eo~G+vZ5HbDabVspJTDu1KWiuHw{Kc^v+HK;Dp^Q*eK}(l~RG*5!C!I%yT!?{^yG=1=wqJ;pe=zDE0w#Cwzf
z*5p4wuc)PHXGsp)q4YvD1|~ihheZAV#-SfQ7kf7k^_|K7Kj?={Ke8k8ydSo|f&RRq
z{NIW6@Abm?4UfL(2j6^_ozVrGVNdLNcy()+^Ul11s(_W=jf+!KfL8O
zjDaIp|3Ke}INy=j-8)=f&Io*(LP9
zcOmlpI;zM(eP6*kWbhf(Pv4IEynlwrVLzW*itP^FNi1g+QU6#2>Q5woEj`E7p}dH<
z;|~e+-_029@cRx=T0a>@;|Xuafsg>O^IB$%_W5-e3JDwI-2~THemwg5m*%yxENn2q|)
z^j<3WGesNgt^9@a{(QQh`Um%SY+lg1g>i%C6U#HQFU%hv!9>jTkH}%%-bkSS1p};C
zj^YO0SS%N*KMTKyM0o(lr-<&y*?JI@HI&B+^NP+5SZ~-bthYVY+X*@Vi<>Y{D5ZQX
z`W))trt=*@>r2A@Mfot$F*}EBQJ=5JR?>XBC(*9e1Ul~FEJQDch
zLiuC@#j_W$_XpY$?uYTE{#GoD_45AdLF;nDd0dX(2N%xQ0l(4ye0sj1MfGZaLtZ$K
z&!+n|t!-HEY0}T2aprS(yk7XY*KR-BDWvsto^ND6#&}MBgLcx%P5=ao#k064@_bzV
zWruu@J@UN0l8uoU&ihTYPe6&DFYx=LGc=!eS%7}>aZ&{aURJMgUhdcn%2_tJiKQ+Tr8v8d>CYrW6&Vmx;uhM!H=i56W
z|AzeM=k+2G_S)lv
z_44aIGZ6VOiUYSZg!;)uK|fgmH->Dy3Vb9b_5{*+vE30L*{+_84bAzCEM;ki~T0p-T3{N2C5$%By3E
zkMEECO&j!ww>!(@nEfwW$n)z|4NjcJKTEKmCju@6rZ3!=J}njP99@of__*-~`m;E%
z5X`f~A@N{#dWE1q&!6X7BOl)zdA>e&c`nu~T(?Z}LB59Wb8YB+Cx66xh0hC)!MMcg
zHGPTkNueF#Jb0it`YC+xEQOv^@1p&9{Jbt*!}AsHqfnsd2to85fyeU+
zwYzYB+**fr6pvthcpmbi3i+F~uaEa<8)#@2hgnlGK7A>kTj{#!NY@1)2M!&@^SYOb
z_5(=2mh=aaKEF;6zDNCFWwg)xPa&<#8PK|@5!q4IMSt?_QD2dGr3mEzE=Hb@t7Xw>
zKWhQ{17Q)%-Mz@0P@c^D`G;=A)BPj&$C~oq5CK1Z8|wF4h4%UPtgeB9f?baTtE9yB
z@%!8t`%zy*@SL$0ZX{WpuWO7=4mg~-%9*Fny(l6p?%)}k1R*~t0-=K+*5^$n4cCVs9#8SZbAUr`7WdHomdO`
zG!v^<=A#qxc)lm;evSJ-GZ*b2N<{m7d^_!m`o`1`9nrifiPkaH_G6se;OU9pPC`3h
zX&(-MFILC%`tlI%&mn&5BD60ZiGIT6ES7e(
zkGG%^9pQ27@Cfx)==nSE&khHW&l2>9DjJtcL(z^m*`Kx@^JEdd2MXzjSRPXTaFW(P
z{fN&CL;If7(a&V!}?R*@9@c}ilI8i%Z
zrgr4#)i@XJEDT0FeEw}*f$L7id(lp3>bKgokA2@e&+G`_pY?>Ww3H9{ZAASBnt%EE&UQmyxIZ}$
zCRS#@h`#5FkMqB2{QOSeW5(@_)JOeEy68WA6iZPx`Xiiw&p}6J_I+vnisg$;LMU%J
zNza3LKZ&Dt{ybXe=hw@(Ahcsg`=hx2sS2$3DXpvXILA}mY=@(t@K{7FkNTmV7;EHt
zo?PD<`_DcbY+v3keK#O~jILjvhbXK^K9TY|9*1*@*neJLK|5ts@AFsar!lP)x}ZBE
z-(BcWF}0Tl@mm+*{e_<3{^HUb)ITp6=i5O3$;L5dT4&HAJEz*ApHI!vA0E&CebA1`
z663)6l`wI$_OhaN2?)Db7C%A%4d0=@EAd~~p#FoU$oC>Xwv~B&9PQ_ED?oqNlfD!6
z!`eP*=N|Eew4Sz+o?F#WJU>!CRz&xYJTK}53j)l4*Ewh>i|q8F>rVI{V(khi=H52=WI#
zdcO88ALGNvv8#0dcxn{#{5q0>e!|W-hw><%kByT<{*Wo^?;wB9r(wM_DG%q@^)<@t
zcF=t4L;8ha{cvMy$8JVEt_-&C3_*fg!(M-kPAkA?>64
zPIkII!+M4J%*a;qqV(aY?@03(@6T-@p=JJ?(0b-{Ih)sgJ0TOcNzc5dzq5gc6-k;**$#&{*k@SBb
zg2~S{E76WUJx}*0z8j6VVL#BH!Ni~bjQU4((SNQlITCr{JU(F{p6?^N9|twD9O;65
zbzii@ulEDj(N4G`@;o0*aacT)MAsru%w6KJ=t@7~%IEYAizgw<0iZJTF>J*IisswBMiN&;XY|^Jkm^
z>Squ?ItKX%biZIr{3Js>UkiFKhTFG+0fE^O<`ol~kw4u5>*d#}Q6lof{GtCqMi0RAvLye9-a|WoJEA{)96Lhm
z!S}ZP&Otk=31}aNDX|=1gZYE#G1~7&v1q$k1!pG<@FehoACcTY#xF9*=gucZ_>X&@t;NeF8Fof
zR*HUl(sjY(`EV54c^QOupt;3Ty8-!WpONS7)tlqcWc^7&%bJLHW8>lm6>kZ%yI$9{)_m(8c;
zH8`J+CI5H(;rT8LLq9JOf8hw)SwQP5eB7=CH&{QH?~4BL>v7Ivv?KQ#?eOvEZ8++8
zrFCXL{ut|_{s&rD;r*oh4zf@A10Uz@EsziCh4u1wNq#_lC#;uW7Y39EI_Dw3pZe_w
z+HdJb`z^Wsn{jBTJ&p6+e#TbhJJUP`m#tV9p2Bz@+l2lY5br|c_6Qoc=M(<{_QSBa
z<)rDZ`On0U4@LWX=si#fyI5j3p`G4z
zAFV-r@k6vzd>`%nrubayjdsqD!MO4JwXf7JzVzIXw^uCPr|hBo6wcSK!u~JJtN+mc
zfpFSC!28v|2=p_H*4w$Au$5?M#0m6=kLNu`yuxxR>I?UmE($YvW&=dzpVr;!Z)!Jc(k
z?+3aM<$fA_Bj1&tBk*>Sy^i*Uc}OzMUo1YkH_)FD@}~$cOxFK}d4;Yc+V`4*=gaMn
zqxndfSDaEn`-w&9Kisy6rSUfM-WRc6?*B_8tT)l@|FHKa@R1eO{&>qG0YxJZAp&Yx
z4T#vCZ4yw(EIlN{EFlRPap`oDo=HO|-E=xL8AOeHeQ)oPn|mFR9(g|QT$}p
zzH&+NdAItv;UG^2m!z%9aO2y}vLGHJ2J2%w!^NA!tG4F4C0^>hd^O9EU;Ek`~`F)?F
zQ>*6J?{7TtL#Fe;YfMM47oYws_xqc(n9ii4bGn-MCoB5TQ~0eCdbBoM}bpvBZX$-w!{D`O$QKsMfomD0_a6YJVa*2BN*+54rpEJg)D(
zi|Jgd+D|`<@iX41-bdw+oon%1{;KTB*Ofide%(<@&aZwc%jZf(|D!iBKg}v`tm6Y`
ztM>P+_Ip+PRb^+6R^zHxc=k4?vsmC6wgbO;^*^?jQjnZ6W*Y3pMP@YIODgfeZB7Ycv4is=cklkq38WWZH(_y_Tehk
z?}LpjhZB03PrW{VjW+m#&KdR0XG*pI?zdU~y%XG?(w*{8M76(h7q{P~+8^A-^!KYe
z98y>L=YJKQ55I)zd|%<$T*mEh-p06|_gDRf`~CV+jCZm6hO)|D`R@sjD*v`ity9|m
zyk5l*{ph~5E=ked$AEOsj@Doz;Z7sLYDEg09^!2*=Rpp1Z@)-zzx9fKtJ3p3mE0(7BLDpGPUio9
zwO(ueY)SEWzohJ>)~jEw7$^7>#`nSJ_`SE|J;3eA`_pjrbQ@LONdD17G!1Vp=
z>04F%WA0-CA69a{mi!r^Cx7|_^P}y2%?G*PDV2}V<2r92GM!Jofaz%c
zd`P`V|Dx8Zi}iS^f6=dhy?)>|j4!J?K)tV-S>f@fRNi4g(FrBE{SThc^QGMRu_ym@RdM^z-^vsFY=wXL
zc*g(nCC0y_@K>doj(`2VPQ`Wo=V!ls2J^r38O;9&nOvymUZzv$i*p|SDdX3u{X3;i
z<)3pCOy`)KR}QBQGVcGr&+w0!&doL4Ufc5@O)>6Y$0KiN+`o>W*vzWaG@t_
zDqf-W`Sb|$)1vm*dcLmz9k-uU@&7g@&x3oo{eBg9I$PndJ(F?&y1Y}>^Bhw3Jj90l
z^Epy5p+B7`@w`WsoV(u5`TbROZ-Ca%`R6b{-&Xse0Y&Gpa-UKino#Y}RQUNyAGZC4
z>7TCf&pd|t{D+F`>hTW$koo!BZ@B$G)I2tPf$`gB7}x&Ex_V#!N4+nzivC?;rtiOZ
zv0KF%PEm0N?dP9;DYy66gZ<*kjEB^Er}_LM**7td_2)A`&sF`-?PL5_m6u;u{Qv7b
z*K76p>e&weoX2&8k`JXt_(`fKMf|5q>^`iat?sq?wL*3Tb)fZOj>>+jjB{R@?U-lx``0}Ai_I=BDRNlfRN
z3LhqeAoT6pKXJcbRd`yBYxY8J|4xM;^J}K_N)^x1@8f+m(L(-yf8dWqP~f+yelJmU
z?xzJp;72LH>uCxXWmf|KrOG4d@!oz8vEr3m*1@Lj<+%$|GK=77C0fdTUFju?^8armvR4kJx4FBnD@Vl
zjWhkx`Gwy+$nC3q@rqwP!1xg?~N0dzJfb{5$u1
zyK28X$@K5(V_dJxe^&nUx0U~_{fe{xz;tdup8KV8O8Mu;YnhJ!p4fJZ>x%LI{teu|
zL-l*@r@6g<{XPCkJgy5>+*|j1^!vGe=C#bH#=Fzp-hV#y|31#`_q~bRYyG+RYmEEX
z%`fd_{3N9(7b!kJcs1iMQuzgKCx3ht_v>FD-=_4|U+?sBr6>ON?t&hsf5txMQ}_Fm
zX*DhtH$GGGbG&+A{PjzBe2eGh;yakmg{u9(R*yzqEzvpK>+Ni`J{{XE8rL
zwM>V^DF3`m)nEPQSKNM3;pbe#?fv%wzQ(dnZ6`j(`|^jAna=r&&i{Oq`QNYj*Z8?A
zKYrT9-2Tx@-xg?qLa(Y;nNKnc^3TtH!1y12$@tS%`z_Dm@g9}(j(4}Ej^&ON^La;{
z>1g?%T+Q_c&-K+COn#C3^`B$?;4c{We}AWm-fO{s=eL;t4M#EmC#t%Lel;&mYFw?#
zPq@?PCw%5Z%;)gynT~!h_9^@0{|?msD$aB1Z7hdLC7&dXOU#S^J8LKQv)ul0J-65T
zKd0=&tg;V!9oebstNrWd$7`AX*PhCJYC3~d@FV)YU&Zu-*G-v!2Rp~jPf5^{>=Tp
zO|>6Z^E)!j^R=Yrx9^Wio<4uz*^P|**ZrGMXL&yN5lo-dO#b=)ml=QM`x%cZ{0`~&
zo)Vh$op0Kw_7~Hm%ukbQe}LixVqBAIy*o|eZ+It<_lau#)%twmE!_SdwJ+BA#1zTWSLT&dQ<7yXU-|AgxIOywuv(ZziBD*P|XkG)&%yRTCCg(q^qA5;FA
z_LrXaIhK$AyI1d3a`>u}gXaGQs^7<`{f_4Ufp745pR4So_Ge;ObH7VN%;!PH&)v#?
zzUSjSuIrRNdA!;mh1LE@%m2ZDWBL~=dDbgB?^E%Ub>$a5N8!(UG>_|J>Yh@q4?|QR
zD8DD}tFJiaam?rb2=nR@=P~`CtHK1`?@7BEpHTJKdcEGO>XyIqVdm#2
zil6s3Fh6e(Ge6q?Y*qH*US%Kjyqv1`(YL60xYnz?k7GJDYM-L<*6qyCUC-x!cdLG9
z-o@>oJIVcOK0}m`6Lxa-1Kj=U93Dcq1S^k;c
z!|gL_zqU)^ryR%amoMPVXrO
z{`c-+#_v}2A9}XpN1gl7^YRw854!QwOn*kTzwq-+=RZEc{AhhUkrqV3&z<)({(IGa
zkMbYx`3~a`srP+n7x(MG&+yaZJl^Bgc(p!Ur|jEBYM*|!qW^Sd|Ib+Gap~{hJ@^);
z^R<_9zuIqnv*PoWpXT=ZyEaQVD}8tgw||PFpWe#&kG3*SX%6}4xqo8Z?+-ls9G1iF
zKj-#6iq3u4aQiP^&A8_02V@ZB{JxxVVo(10Z)zaq`LQoDpSzXZ63XA3j&pl$pI@o=
zBfHdo@!#|R(`uftr7*YG`?%MBlIzLm
z)VY{b6`eP$eZhNv&+X4t_@!h(#CSiY@?YA{#P8+t`tP4PL)A0*>*`Owhuizt_l|$%
z_i@%|=ePZV`}MEmH#IWuUpHT_+be(XEXDu8ueiN`J-udu@okUe@#^>PD{p7HEj+}y
zp07|Wc3?O?5*y9Mv$S&-PS$B+(P^PbK&_^DnW1@px>1
zawMKg-arkn896lEd651&nCd*(O;oSh+ntL<28QCF`c#}cvrvHh`8
zVsKaxZQM1Q9*Kmv6Hi^Tw;kMD&(--qMa>Uz5Bbe^gk{%a@aC?z?2HfO(%HiWy3|d~
zUF%Yu1RWoM|XXUW|96s8jUI?
zqlr{M`kqnkv?@`v(n;emn)x--11^Wo_DDx}Q|w^W861y-$EN7EMzh&;wqs;}I;w}}
zs;C-Su?O@RQ{NqI?dTq=Df12=KVJ?b3Xsw3SrI=96;zM`>u-)t&UUqOlxEHcAxoLasm=nvdi3T+niYx8RD2*I7-u%2
zqbZYY~R)HODeOAaSC(w$#vBJ~4f*(}M{rZ{1tRZ5h|tDjJ-XvdRLs9B_b
zFfl+2=-#p6{zNuU2hsNErrpv-GB;&?qv?_M8RkC{89fxwbjA;-((%D)7iqe~FhApw
zuS15^u2o8+=Wr&Gx7^4v@(WXNjA8Mzb!SLxNBIT!3@bv0b8liiCwyMR&r;xO%=zze
zM2K0xTKPZAhm~yeer+0#=LV#wpLB$wY)52^q}!c4oJ!cK%kgi|WQsHk(<`Bg@DgKx
zo69%t#OY`vdoZwLo7qiYkBY_OqeLaAoKdm4Dc2?t9cO9x%&*dLgW8hPl-*695=O|e
zA4nfeWOruM!)ywKA#as>X;j;YW23f?40iFu6|h#eUioFB{X;OP%TY~-PQJFo4q1F;K7>(}FS9yNduZZe&M|zC5;U05Tu+!v-y;Cw=<32Xo
zW6U#G&BUFDE5~FVb_f(_R5UGL1!-SEuQBZldScxzF=rJ7LanZsN4r_&>sg&M8nyJ=
z^Y*~BU1|_sAGwXOj`V13UnVg!OpAqNJDDYyWl;PpIV!rtG=(tox6V40`#L9XaN8g)ge2||*h7zOAa2}BMoutd#^*#_S~rB3xq@2?t3iiLYS
z{jW2fBnjgZ*d^?IW3201XJq>6Exg{Vr=z0-@l2vy#DPWzd@qrWguCU`n_4ut@T*}9
z>Hezs-{xnv0G-`=u{~_7aKmH$6w?r^06XKPmnH5s8f9cgF3=@EL=tzcwTDko~7xEw9
zna+|Ql3=HKPhxa5P8L}|E=A&fris|(X9_=5vLKuKDXcoeo>%Ep){qz(R7QpNyf*ca
zy3i@CSU>%%2$=4WG0!ALapM$g&Z?#RvwtLZ6u*d(Y>VGw%B&k
zZK=13g?5zrtqtC}VNk_3d_dQ{=Ys~8Z6CBS@BG{b^>XvaoOhF-l}cPWmd>eIv~R*A
zmW`rIErNSRcl+!%Fl`szUkmRTpFiW^KBFz0&tx@KDJ+6<+k%t8a;q
z@+^CnMeq(wOdio*VxJ13`sL*qgw5U(dd8I;-IL(BPoQ|b;SJSqe~G)Y{FyO4Xy_)O
z6YO?ZzX3nkrQ)t<9#`1d02f$O1CK*&Y@jHVv#6Eg7MuEVmS?+XT<|fEbIdB|wy!V8
z(=FvO{aUJ(Ft5LWF00$MJI{__3VE#sA2d0x#s@0tyB6udO`zKR%_0Q6E+>=^c-{-F
zDPU2KD=wPN9SM0XOXDr$n)CGbMJ^
zea$`YYNs0Ang$SBZ}LW3X^V5j)<5%
z`7BLxZ`_@uXd{;*1!KP{Mv=l;#~`J*sCa~jVHgrc8+FA~a+o59-L0|R{SheHpxO)(
zlGKexCNFW?!7=b1vOVv#4~07ahZj)^d>Q
z`35P%>tBO$nTiOPocDrz=Z+EWwpp5>w3{v)|jDPLby>k`SCv=3eM$Q%7<$K=hrujq*5b
zAmYl~1{x&>)*8va#e+YM*}q75Y$Pel;xoCdN-N>+N+iP@2YFXR_4BDjF455~N+U(F
zZi6V+?WDg7{UcEXrIpcDa)Bx6_XEE?V7QZ>%ggm%wY=;e=$&
z&729OBP}Y+DqS6O>qsjdRUw}v){}`*eZNS1r`7vkq#s!QE7N$=edZ!p{;%8{Fqg
z?8xP;ypBql!(z-DX0zBM#(6FFP-SPhSZ}UGOPm799+f1FCSvhiOq4bhQ$V%E6n+D|
zmGFFg#Qd_fQ1LsL&xlZ!WA40-OE6?QQdE#H$V%wK`SQ&w*)X!rg{t66w9gbt+7lBN
zD8;Y73`>{Kk9XxEquJ>es0X69CnmQ8*|C9~7%3eClJ$OK;>)Mk9M4ek-k^I5Bhu`c
zU48hF42Vs!qtRBE8L~3FWO9OzQ620eBiPv!+mYEvCrOyMQgyzW5H5Th@p1F3a1|v;_$^B~4jmZUxQ
zbcLsv*Sn3H!*eDTrDJzuE(^XZjk2aq>0}w*h$1*y_#_Rs?Txk6UVMJr)GT>+OqDU!*umvMS;3K(Of
zRD#=MBRR*!m1&ZV#2hsmmkNCtZ86C&qcr7zcVd?oS?XCZ5cS#3CJrRrf8pJ3mSd^henvA+6R;D;&A)
z7eOR(NY}(cb1d4`FVmoc57*f`LSl1c)Si^Av*=YWCF_vP)rXy#xGr&+yy0OwJWk;@
zl`^J@C^xD@4yz{LN;e*ijLFL%M9SX{LR3DtTshh3sN50D+&OW$Bco>G{t`G1aHNJQ
zx|OT840gM!E(;4pT96&mO606uucDF}L2EEgNN@+owdhie056Ofz1Vk>NuuReTo%Bx
zs37-RB=$El2;=SrA3<}sPVBgXW0kRn!Gzj+({_jCt2QeY?Bz(C32$DLW~;&rBL!1v
zOJ-gd)!Ruw9~l#cyPlx=9T9%_SJ_TK1C5@5z;CllB7K!dbEUeMR~0qioU8DU;G$!tOORkL|t=S%A-OJ
zb+kY%%+`8FGXAoRrB{SCrhAbvm
zTw<1_@~9gUa&nFHT8x{(43wv$#n@2M=@ON-7_~xbYkRh21ujm&qspG}TY(7`POyIE
zMGjY(%%W*Du9gy|SiVc+oY52w!fewf#Tdl%zU0v;oja0gX3o{>^hpWkn+yS^OH`Il
zj!h*63Z@St^^^k?_ch7nUdJx7fg)?;rdPJ?PiGIsvx6OUh{5v8h=7AAd@z(Si0uK_
zFo+Qp@ZfEvF|E`f(@NsTiReL3N{LqB5|yBZuH}%IS;|$H9MNzrCa-FW@wJ+?&7-dJ?_5=0+F_k)xGqnLq|ZF6_>GDzhHtr*~)`WgP+;JpX_VG+7yPTWLFX*zfQ
z%9tTx&GigXRhGD&Y}7MNqzmj~J0^dS#;1~bBIZ*D&y?{b|2-=HXWSc?K}t;{U0$S;
zf%$xREr?^6hKHSkx00Ws1Y7y4<_5KC+hWTk3iD9I<4$Q(GUpoj+sSXj+m
zIaJMSEBVrJ1e0{B{2Us^#=0B}cx0lk^^N4;iHM*lbxYeJs!VsS@sZ($UcRleZe6(U
zVmauRJ3x}8-bw|MYJp7_<$m2w){zQyN5Uj>C2o-;-%G>v44t-VWQk0F##UcmeE{gB
zrLG{5kPG<;t)Q#ey)2)wMG@!#jjQ1HC<5t}FF6~GeJ8eExy-!lG;dDTg4$wizHD6o
z*m-?}o%$^Cuzw5f`?JXdL%G7Q)RAFk3o(;Q?Eim)7s~HY1SU%XKN%tt2FIuTBKSrI
zXTv#u6~rhK!3*LkxXNUya125;8VS3BDO!D-DH`Ks(T|Lth;6REf09hlk?EBDIdM+m
z5JkxP(_^BR->edrrRj+KNlvC*A9SwR`s>_|d1M6NOjdyk(CF-h*{KmP4*kS;vjkd^
zghwshSZ81r_8e%zBl=cnjlGsi_bI;7U>6wuvZ0cPdQyKrXiH)I+*l@+=-8zqrJl+F
z>c^k&m*;imfn7=nH}c&wDqkQH_8q&2!_o3+Nx!B+auHL}=Z;=F-s!ToBO_|3qRP$b
zqT?ql^bH9?y6AieS)H8}0^f*Og<+!#6dfflcW)@yET?7xPc4a5jM^SK_Z!4=@dHW<
zp4@~t;H_f?PRyfF*4OfAsnJpMmH(uzd0FoCjmN*@Hp=`5C%&ywQ6`xca37lSg8+O>~W)ktC0C6=06;YD8(TAJ7Q)eUNh(_doos^-dLkX676l4bI
zriffZI+fm{m^_6l##JEIvJs`Lcf4+$Psyy$x$0J8HrE&z^E%O%Y&FfE^p)vieVQ3v
z3|q2Ua8v&x$1PIa&Kls;Uhf;_=qxEsUb2_me<$wbeXP(fofvR8-1PpGRJwq%dpZIt
zq(Q^59{}~TB`cj^GiY=0+d2P{DXouC{)F>PE#7@NbN{hUC
zy{1*-n8+*L6B7qCY+3yVSvZ@Y)en}_hrO_WedS>qgYJ%QYn72cihl_+K3c*mW_->u
z3Z*V&Mk@JhnWfnVQrzXNUB=!W=>}Q83R2v_3TC8R+9GCt)Uu8l8#@v)W#9};nVE=j
zHIt^%)E=#`y^%Ds1x=`lwsWg;g^niELRo?#EzC(kTWTa4z?@p>lx$Ir&uhKe45Mo7
z(8;)Z?CL)uY-0|c9BoK(VDRB4{`_TCrf9u0zwuVv7t5
zxgifndvixdCCDy7>Xw3HoVpd!yMF=$19Y`9h45{0TuPME{(u4}tU8nJ$x!0Gg?{>Z#eNLFmpWh&B?W`*4d`A>%Aa3CEnw3TUrtqk;DFyBa_IM4Q{
zQhd@HX_*bN)3a|BNmM=q6--Rp7d&F>EIcw@b6+G)b;N9~+$Cqm^o26{vQ>FAVu<3E
zJJhXj;`*W8{b9OTBc?|b?8Gc>i7C{>@m>3j2by2c;@?S$FA)Xm&ZTmu`#5Q>r#qwM
zw+U=DKF$qE(eAA(7E$RW0KE_*uH;x(w-kh9AHhQRR4?TV-HXYL#Ck*?fR9g>AH=7Z
zR}@D}t&p`wLy1%-k(KEH70U2r7Islfb811p+om@*CoQEiu9H0#LjrIT{-oOQoo6i#|t4k`Y}E=u=yDR3m*L
zIe;fM$eaz*7wg4pCvysdn~#SjAh*r6D#E
z@;=E<`Hi;n)7{dT(KkBd1N6lNj{4I36qpTF{a^0$v^sUu{Tms&go8ekO=05!IzmIs
zKfl8PsBsvR&*bP>cG+Y^W`p#CiU8eX4LSf*=vb$2;|tPw!<7Z>x?np&0q}}j|o24>4KON?3
zp^7^O;LVLenZw0Oius*;0~|^?G(!6WwyCwsq=ZS{lxK|-Z-}uOgd!Y4eUTu&uq7sW
zOffxNNDIHwn53Ztm9+YaBn>UH?hT#vs;c0-_pQ+HDBSX2tf}qrg_&@9=Pk@M3LLR8
zS}?0lL|xu>rbT3HlOz6YEd@5j(&yy4^Cy}nIZ7@c%{G+^sc$<(8svH@j)}_SwK_{)
z%F_jA+d3RKUqe@x%Vj>m`|s0rC+}lFIvL?j6U~aazJ#(c`cP$=>6a#1#3xj>l+BYh
z{_NiG<(OAvT#_Pey2d5{#bg;9pDWwQ8mW}J?3y3;q~`KWt@)Y4*4F$?$p&{*9`~st
zkJDgw&7FHJZvnete%fdnyhgzIU^#Z6L;^)kfsqcVNU7GqOvg71n`97-eTySTqOjLv
z6NHypiAb67LJ!7MPN^Hwt;DG)_b5{F5I-H|*vt?=ghDIUPoXgERtTy3`!+;>3X#I%
z6q;}M>A?i;$Hme90zuYN(h%Yl4J1X5d>TSjazh;!UCSZ$+@KHQ2d6A%la&8RMT_f2
z`I0!qx0epi>2fyrs~_eqM}@|W7q8H9I#IUNBJQo{2*xIN?XjY=V~U+{?3Us?vH0L1
zU0pGn-XG|oO_W9<4nfF(qI=t8pa8R~NgGUcN)M8(V!1(?E$Wt5x7La#&=UvUJxt+F
z0{x*=_PRU~RxgYp=mH6|+~`0$Lc=W^@1!AsmAB@qZ5BK9fes5c07
zf17w2oG5cd9H%TrD!V8kVvjI4dLqo?mN-u@VfqZ9be}zvHcg0(yokb83TBIS*CPQ_
zG+RV)ov19`Jd-$(&eFDtqP*6C?UuauLUCl-8}&$+_iQNcOS#kLEG0|R!?F0l0KH-^
zd#d!@zDM%zK3zR@VjBFJIMUDpI|(n5yv+j*(de7%y`t^{+_^6DF=Z^eWX?UtN8DS(
zq3rx9nmC2-54IKP#XB}fK&3ySgH84)teagebNi!;yZqfY$Wpt;h2vD^NyW}`(WsoA
zWi2VvmtqM^`DzIY(!ICV?
zQ)O3SdFgoLl1lflu&a%A`rKfVn0r-fA({PO5V=p(uoO>%Ul#C!3?%8?iPEJ}Qk
zGdlFF*FUl_#XgX`Y-|_bQI#J~vh_r3s5dAYh|Nrfqe#UR%DBOGRu22qN}0`%=STcp
zLuP)WObgGlvymz`@`AjVYthV1xJGSn(RbQRp~TnP{BVhHw(;Q&yxgVJb6#WPBNcp;
z3)3(7G8-Q)_C6aQD&v(lKJUmwztyNy6yK(MVh@ZY24lmCVetvvKpQOI`AR3W5r`VC
zE1s~Gh!yB#$nxLmdJ7R(AREg2ZdsuvcXmf=%TFr|MLM)KmYHfD>^N8~+5u*9Go%mX
zeHk@c3Mvs}gsWb+h=>F2(|si|o7At*<8M(Ozkdf^@_tiR58F4@Wo_r(%~I*x`2f$r
zc3YpJ^6p>Di$VZ7C!g!t4wqkT=91JwW4l87eA*IrKfWjOU4;Uj`JUCip*8d=u6n}Y
z{Cd~d0?7l32Rs}lTdNXjNm=nEZKT}
zh%y}-n_E#H8Fw8geO1{cFI(n_yUbL$59_nug;rVb>HBL`r@OGHFZmge%vd%NJDAMo#^T~@7N(|KcE$&Clopnp
zU%gkPcn8ME~5}8~wJ)#06Jy#AbY9YJ2C72=xTPe
zr?siASJ^#ecA&1aYt$%Cr@7=?uG>q0?@H`>E1oHDl4tLBi=%f@@r@*^!ywHqxBMp>qAuuIS7?7Wk#H^0maF5bu|x;W
zY@A;HZSm0rgcA*iuXPch`Xm)gy=6O%QD|#aUKgcbB~~9p4<7Y0{9fQrO!b9tl0Yo4
zZ*ica;K<|^D8{qz?yw5bRWDgS!*pgNOS;I;K22&sxndIDY&s&nC(d%hFgbowe
zSD-_iP-U6A)7f4tUk&0$+l}gy%IvY_^}Q+de$p`2RX~zkUxP+@FqT;`{T^vdj^ZN4
z+(Jv)1HGaV&srv5P9CM!Pc|h-1{32Z2Cj8Xfv+>Y@>nMT
zX<8dKj>Lx(+nUHliYRktZ5j!S#AG77m!6={lzLX|d}HEi?FuB)A}zJ7pU~!7n`$XB
zV*`(+HB%_A@dZp`p`JH~aJ-w8SEyFLPSXYKfVB`rs1|6R@=n|FS`H40vOK*xsmGs+!xsmWoZfA4X3
z-FC`S1#qYICeEd0=|bBZIdjljdAV#hT)gqnP~77P)OU@ISS!Wn+|sIBSuBF{&{qluj2N9;#sszWL}6LWS4
z#He*qrkS(rs>~gyu#+@5I5yNCQTfBN2XC2#N~{z
zar6+~041drLi|;i*|#P};{DPVN`S@{&ggsqwkE#E8^)c
z7QU}OmAoz??p6?i^a!D{IMpfHNfNORk>R1ITJ*0JprKMI(U1Ho8f`i#_IJ^P&h_?m
z4*GKB?pkpKU~_n*v)4A>=qCejjj`^iboESfr=>&7Rh|XEmJA`qV4a)0*^c^DE|sHJ
z;xVxqAI@0a$i(%kos0@O;Tjd+^AV*{@gYL-K{p~UMoDoWx(0V37a7gT(k^Nu0!H#%
z(xT8>R(rX%OX7l)4yw?W1w2}#M7z8KC#Nr?j`N1wxirI5JZ2JN#aUOjVbeO+#%w?9&iAHu>~=sG(PwO$Mz#4qP4ej;9>m%xp?pJ6;wKleRr+{66!`ToL==)p
z<|t}Jp($@WdABuaAQ4JBYbn1^hUI{u@%&aIhKAZttp@WUwXecHo$x4vaxqa`N-rMR
zvGOs;Zgu|F*V~)A{d=QxCRZ!{&5}(rT+*#l7jnw)CTvJuFHtY#|VZo6lT+(jo186;TVL7{%o+w=^
zA-pQXxGXq(VY0pWGT8>!#FAMYv9Qt_AKk8U8hMl1O2>B9Zz7tML(}&GAv06U+Z0Y58GGTu`Fa
zSKcEOW4HX$!o8RtqTP&O!1Pn3K0dlTo;^TU!y0*yG&sMT$3WfgNRQF}$iQoSbZ089
zV=pKvy3%r#0eQR=bFXdRXGTTD
zI*JwXW}yv~z0P|%^vefpc+)^C5qBz7H#*Ni4EkuMD=m^YB=X`d$#I4@tP)L>Os0!J
z)zud?X==A@U2&-Pn(lq6cQ3=|J-c{woG&PKnV&9nTMY#n@GkM9Txg%F1coc-+C?Jx
z-B4F#8=U%PzK@=yDm*Tl0)K=jLRv{>km@il$C9WLPDGoOdq(!klwB6|SgHlzA!@cy
z1#|FSsF;p5?x)0`Rx$k<(~a35PrjJ9sKl;+*BTM8PdarlK~*M{^{0!Ebqx-@V&+C_
z(~0sB*FHzDH9AR=`s672>&d|mnc)YIKkRJyoFW>JN>X~><*udI-@(teg*>&5z0kSWcPy-_fc6sJoP
zDa>84j{P(vJPk@8HCr2=0HLjXOOnTlA}`Q0;es2~f6wpYN1D3&*wqw+O{=RP2r0Wt
zO2=v`#-#kC3KDfm$qTNX2&0S3OQ|=+w?nk~pcF;0^UEq??Mk5{)EwR_IpBI)X!L#O
z6{PEuQggLWtq+w|vj}is5gDU6DnhW*9B!fYGm$-*(3i_^(9?nMH+AQ@V5}l;0A=MW
z@B+1F^yf5bo_YUP&}}N>DvR%W$~zE-(}Vl{29Z3vZRxaOpAiYmU3lU^mWti-b|GX(
zZ98K631c9*u=#VoqL8FnC4oCr@d0@mq(58W&lKAqLPH-34^c3N^W9?OZRyAR2>Dg&
z5xugP_+(>_A}^w(*&Bb6Vv_<8HEnLmGi_RJKQ$c^71O$V>5#EkDaC^9f)0C@ICpOi
zqQ}Mn``Si4wcgr}s{vrGw{HNRpD>QXKsm7|IHsN*BEAP`F3pC@0r>g>Ax|8KtAA!s^KyFaFFO
z)$QerO(qYixNRpVQQclljmzv-$LC!&D|HGe0L62_4w{?<0;rq4$vEdZ#(23fjH|SFrA`D7j
zC!mX)_lbBH#iC_VD4jmzShOe?<>>rAdjIH!cb>VngeN$VylEA0)>1p|C6L+%tABK-
zg^ntB_0t(ksl~|sTlC=8(1FhSZt5tXGim?8qb#3-e24YQ
zylKQzW-Z
zomgKXSyZQN`KD=#xD+RwPOF-c|37piu92Ztou|#Qm1re=MRUc?uDTRNn`$pD6_XOj
zHligMWO*&P?;GfH3G`bqXZ0!Xjq#R*ksLP51awQ))Op%XdO5fgA+B=MK2CX_%A{?c
zAh1Ye)1>XXjvEa&vr#iw0&q9?}W
zh_?o3vpUf=GWu$=P3p&AU!t5sx2(po9B8Oq*GTRo_R;;3W_MGRmtc*}CXGUVo|3B8
zL}DQ}lpM*4Pa0lN_g3r@A8nz14r!aIScQHo_y*AL@Cm0)VqTZ3Z1PNV)s;>+*af0q
z!40O}TC{hq5=x{-g&gbwdCLNMb2Mg_pm5M-o-%AY&vp7ToSqAxH@gD-bYlVL;ga=4^q@ZQ~Q1tIEu
zO@5#jn@FX_H>&h*u_DCjV>sfB?NBy-
z$n8KFNm@)~Vw~UYI320(msUra$x3wYy9|sLoW_)bBNn>k4
zfGrwP^~}lfdXrS4laatZWGt(t`W~0mmz$kMx-f3+&2f
zc|c62>?nx3S!kldS)15Y&hmif(>jqwo})d#Pwmu4-|}3pB82i4uh;|H<@LL)MV_Ot
zW|pFSHYzl!Lj9Uh{TxTr@=(b!LDwo^N(pHtMJw`FOx+|j9Wd3BH
zi*<)*z36n6K^GFBn+rkCRYfH3)#c~`DOhL6Y`LQ=0Vk>Q1P+3
zM%!^eD;u??ZA2`aJTR1_YnRc-^@N@`EoMwN7{pSE{r{ZK$)TZ@HJi@RW@(U)qZyQk
zHrQ-cHc9%Rt->RBt~Mf-CgZ|+Nzf_!ScP;y^<~Jy2$ZeyGQUoH$0*sf?%1fjekqn7
zp^ZG}^z@}DL0<*Qx?Y7gOKy?a))a+1K7
z*2UXo+9+<4DBPuN^ZI}~ERh#TCB~BjX*w2>8KNuYQY08%EfV|)iC88?R-~U?zZUt4
zV5x@`E>4KchDpyWNSohj(*G`1^Wuazimhg1$t8U&U@LJAuE1)!X?hchNWsSFbMgno
zq4UjtV}-Gm$-7v5Y`kcCN!h+l8@=#I#35dFSaFly%}674g9p_umcpV=n?EUnKT17Q
z)L2?lCogE>)A3(7abCJb0U8}vHY{wLy&Bi+jVn9&m@$oI(xXL{_Q=eaV$Shd9Nm>u
zD9Z)t?Xk?@rg}4UN2WV@2DUb}bLq{MZeRp2o3~*4(!7xLwC8Q>^YXUjXY|mut#tRP
z@D1e`SqtQS>s7)RF8^@*B`>8wH3F?_PBnt@aeKFg$YPNLkR`v!mK`ocjXVU0N!qD7
z`c>KekTls|lW1qxm9Kd9$$@c_*_PMOF`(eo`!>Nr(ll=HG-w9Y7Ss&Fjo6jQ%%mYQ
zTXdfsq(d=$QYv+tJ-7&n#t}*ai^Jh9GGHavIbZf*BQ*H{eWoJ^|XSb1W6%zLB^eOxrT4G>U?GZQ+vm(viW`
zmA>()g1zFC!c>z*x4|aqw9*ZULAlF}@xHziebHM%eMKoeN*gQs7-TDl)hT?cHbE7f
zH;mFY(dPk$5fGnIZ5GL5V~lnKn&|F(E2P<`2(KDK(fBUq<7u&Ti{c8HcT=*@W53M}
ztOnZDTv%WcAUD;Y6t}=8iq1ht>zi(TDjEqx#*{y1%vn>hfEUg~swAXPQ@c1VSsWCo
zwTVrnmIs7TMU*0tP%Siziq-aq+V~khu`T73PA*Vm22RN_t{U7NN)^G?)2l9mNQ0ohkQ4&7^rS`E;iC}YC@{t
zF)JTuq{ZvZt|loVQSRY0;bj`0ErY5+Ntzs55$M`NPNNigvCO4Ku6R%n*uZks8^{I=
z*^6a_ZdS;0JQ>LOHuofmGV{|iTSpm(O%7By(Eyax|B2a9@xstIElc3QypWYIUg>j0
z8@6B?bR-u~jwG_Y6Lar+O^*m$z`J%~Ez6!txlmxJqVjqo;~*-58=OU1jim1e44MX(
zL^eCAgo#)oS(OIf#K10Ts9P0G9@Qp=A%oC%qLvI?tw6;*Diz+#W
z)1#Yx&e`{|@FQQfB2x{rXy%BG*7@Lhfzbv}kPFKsvf3gTX;2=yPozP|C`?6mQPwzb
zG#?+8d45Tm(r%D=;
zJcA%o%VTs?Ht9=xj56((jEH5dZYq_phq1^r)?vw~k*7!L7z%vSaY*_H{g=-~(zeho
z72VhiLznBwOU^e>gujzK0MMK2iKz{!qqNbLdvj|PDDg$=RSY^|L^+K)1oTw~3pQo190e+P&
z&NuCl^0ZQzV9!Sp^_?!f?aI5rLg+c45>^*z)H@@mG)I3t6{oBAWBVy9BXi>xrn;d-Th&C{SS>n*}Jlm)sz9z4?6r-cBW*!$?@K`MhjIf_h52S
z{kQw^v<}cVUw-U7Qcvqoqn>SE__>H;;HK_wm
z2v(T)7L{D2+pjyX5W=Cig!~bG
zQ=&88MP5Kt=veH+irIeSbDlhFCwaf_$yAkPm0KyfYLijW0akM`mxe&QGcJX(TM$cX
zt%M=ip7af((K?8TxD(PHgpHmY1}}K!4+CvoBiT9`h%L+3S=e%I710#Sj}GyYIn(7w
z+M3x&&{HxMT`bj8?D>r*dy3I7W>AYfZ?~DY2VJuWvJGGs>0)BOUspOB_;nmx&w5JA
zPx{y>8pq-qPx28;RTELPrF|vZh*RQPZi&^7rBo|y2~nXU{s7Nrr~j_A=i_ZpN!%(FFG?u
z3Z!Ww&*pmFa>Xe1G5795QXtDNz|<{u=s4jbBc~P^JsNXXP_arywf?$0Og<7Hh3f7|
zKTEjX#KbcZ_IvPBbfl-9GEhLf!Ey@lOnpSf>qNV7)_r=f)WLO{q997^s=wITi}glO
z*|Zo_y^b;M6;};9C7e3lXx0xQR_ExH2u@Lmw(u>^oMv;!CcIU8wOe#v*QSX{rJVu9fys5k*HL#&{hS*+^uF(bcJ))YIY>vu!$_)~ql$2dn
z;M8P(Uu=ms8j!EI1mtN56s9~B&kl;*dVuVSG%^M1zUatv@oL4O76%u{7QHxD)_kHr
zL(vyeSIq^J(u}&*XWAHBV!bkOUQeI6H3!a13c3r@{w2VkixGUf-FZ?l#d~8;X_J%}
zDkmPwi&jI>d2?rmtWXJ2X8D3e_4Su}Idta{bA7(GimXlfab>T=NYe9WbOS|DMH*M`
zu!$U*H@(S-#bc4p3CU79imygZ#!#ivBb8LY@mYPLq!l?sAuKNYceF3uCOtCnBaFU(
zfC+-F0meDuY!h@^35D?aW7;LAS`JyvmKYsP?^j6~e|asnb;<_aLVn{Wz;R-Mdy~j4
zJ3^2OZ!|evBBjFN64?3JXsFG(_YElHqdp~Unk-#=w@pq+OK+PjPl>RQSk4R^C)~V~
zf^T@^WaA+J-H{vx+&Wo$iPCO~OuKry$cv<9pT1Pk;h2lD>dn5BqX$s8IgPI!h33A@ypwpN^9b3jX1@nwZ<;-fZcd@
zrJc0Wu+7>vVtM31szU~tt=H9X=>!E^XoasdWMvY!_NKDeEDV-UO
zG{rhZZJD?XUDl597H6B>;%tv`Mpk?W!&>k|3foTuRDlSt=2zSDich5L?5lSR#uM?q
zodIPw&b7(5w=Zj=P)gzm~olPh|)}9CNV-(t0mbhvZjvlC|s73NOA~7lbCi3x4;v
zhra8;?yFeU@(g(ZpEWv|kg-A{7mjUDtNO7(V&L<_9x2nvE5oJpAv_}JUCb?xgyVpf
zvYZ#A;a||X^2x5`7J8*D>6S;y$I>I>wbY-Z@#}(xj$GCy`y|K`mvtK{q43O%^!qrt
zWZsvX_Z5%pnX@H9PP<;2tfBV#yIxa2mGY{nl!ymP25f^n
zVH2CeAJ=}Lo)t9w&iY!Y?6!cF_l4j#%kRm*)=H$-Y5g=UT=aue$tqkiiqX=gXh{*L
zZSGGFCbMMOlj#xoa&0UZKR~+!I)hCm@rgqzDp{o};|+L4a-pFWP()MYcb4hBfXnSm
z=ZH$e2Sx@d!n#3bwD%=mN_eF#z8blf8|{#S*|JX>xUbI&`BUEaoEDbC2`lm@IT6gZ
zx|HUg15eIJZY(c~texFQN~z3VS;ezr>#CnDp(C-E)y<2KIwI=6$xRm@<)K+ERxG
zQu3yC!g5%ZL{Hk;niz@qi<`gpcl3^CX&z{qNsh+)lR5c8CFOXECiLmrgVCmg@zhv?
z%o|w}&T-I;@PB=m_?NuU>+8gb8S6?zbyy|DTy4UUTN?HN`
zq(XR&`F^wMA-iMDg*ht9Y`I_4D-3i5AThp^q?YnMXn80}UL#>#_ir>3)sa%jf
zIlU3(*gV1F5FJdQJd%2$oMfTxghHWfF=);Aqyo!fg(6$!*wgw7*wd1hE5~q)V;f|?
zg#qt!Z>VEKE#e5$Qj52S=Ab^-F*2AKkLAQYgB`niN7;t+O?KjMq6$UEVvR3GkR792
z!A7g9tpMI?Gic`6WVr4r1%)hbx(o>UcaUNeT=*0O$)(IFq6lkIO{#O;M5MUI=K+Lc
z=M=hN;HJFHrC<9?(g#QJHboyOPDsa~id{-6KY!UEl`BRUjSna2J7K+I0-Ub^DyKoc
zj$O|2Oi}UWo;I~EuseDNQX-G(wjD?f=Jsb|tYuQieM=s7&npcrsY3nulUeb4s?ne$
zuolH5*C9$V8B#r(Q{_z=-w2}#cU6A#1BK#DgitzK5gmn-FSQ@oNx&k&s4D~J#+|Vao6yB}NV`vz+J(s~cdocg_Sg>5
zz2$|vq}P@La@t`Q$xx?b*{x6$@`;-1;_Sina4bGBpkvnJ18HJ!7^O`lKV$vcQB*iA
zVyeXDGV)G|9+hcrjgAi_GGfOmMa=pX-km;>9EfJK>Fka$7w6^wpgz~5G_Y%IB$pgc
z7@n#3{KQZ7bgLK(^d$OsaL+^diP*^st*mXZvL!o%f5RmF^NcY9tolYx#*RXG@Yg7iZWTM-#dIViEL`
z5Q<&A6=w%&u=0#Eomx#$j}B?cU&Byh+y`nQ@1&5yv$Ddzsn0_7T%G?D&Obb$PKc=a
zhaXrmXi=qc9TG>A1w*6z#pRNTK`|8tvt$HsKK?xC=B*r8yd|J
z&D{QCP5a#jt%{o~$I`^5mnU&M6djk$^k=UV50vk0WOh@@-hg~Iof?gH?!@U35ghu7
zs0uwurcxaPqzvR%sK1G2N?u`r=F=I3m?*6+&8$PNq9{OrHAc>-#?Wpkj6xi;b{yO36G*HJVOPIAjU)JjO(W~+
zMn17cefHKpySIyPMC6kF$&~Zy&Ac9(4vAMnYb32t-7!9P><$q7jf7?UtL4_$-`b6?
z2Th?s;R%%Ei2Wn+MfHhvq&PbaQ9(8L!gUstg;54W<3Q07GfRVKQl7y2
z?%d&2VvtqQt0bPE>Ko*Aks=5;a9e_kJrm}+GtezK*M{~D_1M|g{bXrnU;9S72D;56i8YvC$!y$MS3Lgd!NYi?F6|&1U0=UGk{xDJE2vy!O0XW_iN=Fb283aB*MN@h;>0W_{1&
zw=$f_7lWLrf$OLP$5$q+Q`S`nwA2g_(DTl@r*aA4`9OMO%6;6uFxIVb5GynHE9vw*m>zyQZ}8nnLa%IaSWe5`?g8flV|c
zBGz86+JHA=pvk74e8aSPfiXN%?#gH&VX!%DAxv!x`AycR0lUq93XMMxAv1BS|G#7>Vw_m>_ocnsUib}GL(UGxXk>TY3
z(k>UBI*)-8YrWo^SvdpqL9T}Ty#7FRk#UJMvwdDFGA=9Y+O~n`+}WLW!U&Kot0qajGncN5-ne`=PPIatUcx1Kx6h5
zZ&&bIX=)N_qG~b}4M*n+JkfHHz8W-0@%7S2n;hSu&&#`8ViTgr($)2Z{ActednBGPx{&Z_^Fjy33i!7FrCGW0E#v
zk@P~dVSdE-jcFvjfNX@LNJQLr%Ql$FQG!t%s_y7=if%lnJGzhFs7P}*Ax~as6Y66s
zlpRqu9=do+m~Ou;jWQSa+g8Nhi;5MNh->c5F{~g)!EFCnW!1MHk6gFzt4LdTeXT~Y
zjbouYI!`@6jLvrkE{Hg-)l^v6vRQUUo-TLn%mz(^xX@jH2S=A{o8KM78zJ2u>G#kV
zcJw6}BF=yXSY=WRSd}H->y3$ms@}wBW`sYdOp`DI8>8v5bfAJ1)%7Q6E9uwJc7>KA
z^)(o$nyt)<5bKa{T7{7Ft5M6QE6p5{qS82FzoG2QOllXk^&4YWy%KA|9CeIDcbU7e
z_aMd`q)5=MKrFXM;oz3lrF+Ade|BiRhLM>UGI{DlB?R*-K+R*27n|q}Hg&Xd-B4Tp
zO3?Dxr4miQ!iieBJk2sor*Pq6BNQGQ`U%qxn0MBmD28!zlww~YsvLy@^2pRs=15Jv
z7Y&s$D0ypi&(9l$>($hED6uoll}#2-tY-SPxdL&
zv^-OU)GSf7P%7C!nj0K=>QgToO<&Y3{yOaZ+kpZ4u7vnoMBoDse(h*_WFV6fe-DQ)
z-`%lod#wJV`iq)Emv7%5YXGd#`8A^cwYQfVG+tES9NOO7yLDSfEOJr9MXm4`enK~k
z;9o=waw`1v-W90wzZ^z0OqOEvJ{C2ebcY%x6M};1#aBd-59;ezc
zQYHW9?d@oK_L$J|iXKxI)C9d_=s(9w+M?A_#PKnq6X>6h0;(bUB}9K0J&FH3;^F^1
zEP;n5@UR3PmcYXjcvu1tOW5SCGh{e1jvb(Jl^;2M}(^B-)rfAW2YsL4+(Go
zJ&&Nj@$V17@15rzepHBd1dnxoKRWaa^?Mt&KRKB^F%+r_ol3t8ns0i;TOJvrUCNp2
z?@XU|GS2hIhCZ*Jr{;FcZj^jfYs`iKP`v~=ST<8+@_iudUI@)|38){d7zh1UK
zI@GQHo;&~MDzVGzr@xCo6Hho!{*yrYr|;j6mj9ge;aeUp_B5f;ln<{}?WcWs+oNb$
z^k>F`&qlrd>c7va_JX^YahH#H1NyH5{xcT5
z9q=8*pU_?Lr_X{{13%cl&VsjD@C@*ebS5qMj0In`;GMw##jLV&Ttk3A;TQ?Y{~HJV
z9741lCN20p^o#9REcluQp8)zJE<2$qz;^?mGk~84@cXMxTT=>Htxrvg3?
z_-_DTvEWtEFScKV_P>MowEfAf&tgc3FG2f9LHiK2M|>IDe-7T$HNbxjcoon=d>z`~
z3FDoD_K1gIycuX;1Ni#^4+DN1jH?~+&q4c6z~i7NeSm)j+7AK#1{iM!@CLxg0ly9K
zNx&b1ewRU?5ubzhYoNCi&>rz+Xg?2fSONT9V8>Pg-wXH};O_uAgrMJFLHjDepAUF7
z;Ex5o2JjyM{W`!KL2hBdzXx(?0sO^)w*h_}(CGyHeSl9}@Hq=U4)`G$*A(E3Kz|nS
z&p`VHz{dbz0{l!E*DBz5fZWyrS1yaxu4;I{`k;Lc;O_wXwSYek^s^4|i(p(~z#j*A
z3*gU%e%k>58PM+pd>8Q33;5TeeIMX;(C-l7{{`(cfZq-8#W>)XLHh~7zYgsu0e=Ln
z7t?@W4s>P!?*Tq%0slPEp9B1TAcuLtzX9|Y0RL~$pGCl*4egfzZv+090Uv<&D}W~e
zUj_Vf7}px$uYmUJfd31$pHu#=P>~*JUsKELm-zqp!?HTrz&{53F9O~K_!8jX27DRt{lL%)
z;4v82D&QZ7_G^G&1@zYe9|b&grmMGAK&J}uKSBFyz)u3a2JrJi-)aHJ{Z}2}T`(_U
zz+VOQTLAwh$iEHnGeJJ>fPWvx)d~1(fqpOGF9Ux10AGZDhXDTrw9f$kRp@sd@DD-z
z3BW%C_$1(WLBCUgKLOfL1Aa5Kp8*_(8=3|DxxnWf;9FoG=K-$<`U`-+66C)K_|d@U
z65xjcUk3a$z|RWcUxa>F0Z%}`Yk+?P+OGo+a42+^tN&YoP8HxFhEO%&-O#=U@V9}W
zYXSc(w66pFRFFd$@Q0v%3*cV{`fY%J00!0$_zfV>PQZEOyqNR?{wAQ`2lyjF5JQ0f
z9_VKPzYX{w2mCWYe**9WfKLLx4)_${SHO6u0e>0rGXwZM@G}ee@gV;>z*PuL3TPhi
zCqw%Mz`qFe7Xe=fK9>ML9mcf`_$1&ffIk!HuLAyNXuk&d>p>3dfY(F&(Alp3-vWGA
z0j^_+LJ-w}9}Vqm06!M^tOfiKo=0sKqQz76nK!FbyNKOX3G0)7*;
z?*)7a=C=>(`sXukmXeK4*?z|V(yUjlpy=qv;NOu$zFKNalHD&W^b
z`!&Gd19DpjJPCY;&T;ksMBuXu@CBe#4fst!rv`8e+&h120skn-zYg#W@E->JL(p#v
z;O}>+Q#={)e}VSxfPWvx)d~2|0Ph9-0+4eb-~%w;A;5nQ{AU0k2KwWGw*Wo?_<2Bo
z67c^4d2AoRZoIf>yf80SS
zw+8qdfPNj|j{rOj_;X;qEr357=(hoW63}S}{FTtY6Y!^je0l+If^qc$-T?H60AB?>
z1NdQ(^ElwUpx+6=FNXG$fJZ?7Q-J>~$Y&aGN<=z;W&p2;am@n$7^ih8Gza)Mp#41H
z7XiKi`02p^BH+IR`78ncR=}45KOg9?0RCxczY6#nAcr-;4+6dp_}xG!be^mKe}Q?a
z0{m$p|7yU00&=SX{OLfa7Vv)oI(2|Q3FHR{@`$fRBJ2
zdIA3)(CGtw5bzoq%5q^63Tqdw}-=ej?yQfZq#v2Jmel=W)RQ2ii{nek$-e3HTSF{S@F&
zgz-)T9*6cbfIkV^&jNlH@Hq$gDKPKzfG0uz3xLl7{YAi+f&LQUw*Z}Gz&{E23gG7f
zz6$sWFy1x5{}1H34)`-*T%kHw|NkA@R{?$x(60u(2HMvEelp0R7Vs}a`#QkC3wRjt
z`+-gi;A6ml8{jVjydCi40Ph6+F)%N^fWI5s_W}N1;ByG@zW|*K;Ew|S#{s_s=u80q
z6lgyQ_*i5BMcOX94hkb9xPh76CsS
z+AjhAUFdfi@H0T)Rseq-;H!W?0s377{4Qv}4)_&-ht7BP|C7K^72p@cyi@~z9pE*9
zp9bTt1^fp3Ujh6y;C~hHG_+p>{71mgI^d6kenS_y`hObC
zZx!Iz16~dIZ=l~Az@spawSaE}ybkb30H0yNdjW3&{B)2*8{mHeKHC9*F|_Xl{CSZ>Ir&9rQZ`_yfTI
zEZ|4Myvzaq59oIu@b?0p1;D=m?H2)mA&hGY@NWYD%YZ)v_*ntG8TwrX{3saj8sJAm
zzw3bC1AK;_>gxZMFfUbr_W)iE_#xoG2Jl7bw-)es0H1Y$e**9@;5&hS3*hI19NGYX
zGK{Mo@GnC9PQcHCetQ9bE#Q5CpAGXe1o){i-VESx20G(_-v;uW0K69Xp9K6bfKLIw
z1ml_p{GGth4B%LYHVgQTz~>y`TY%0y;A=213xNL&#=1v2mI&2
z=LFzag1$`xz7zPL0=x{j1bjQl
zVF~b`0-wu(Pe8vbfIk)JtOEW7z}En$Bkazfb-*73atJ-m)qgyHQ3ZG#%x^W|{{{4G
z0DqIyE5-i-|32_p2l)R29tJ!P^jiS`IpA%8e+K$(2mH0be<$F-fcCwBe;L~M0X_nJ
z4gvlwz%zh<9Q0uv@E3#rOaT65z$XEJ3h+4vcrWld4frEKJ~M#VLHk+2_X0i#cnJ8J
z2fP;aX94gZ0H2G1p9peT0z3}%mjRCgKP!Om06DJ$9tQerfcHWBb--&tKB0?T{l6ag
zuLAtdz-Kk!bC7?eE_ys_J3h-ZnoTmZ*Z@^~&{{iqb
z3-}+P{T$%;!o17_{$Xgp0C)uWUj+P@(C-r9#{r#Xz`qCMT><z)hpfe8mPk^5Zz^4G81pE(xPXYcA
z$YC1rb3qO>fbRtUX952f@IMFmnpB2DY
zq5Uf0?*#g5fL{gpI^eZ{hr+J@{~hF61$YYjtp@xpz-JBMw*sA7z`qT69pXSI4EVc2
ze_8-PANXklJOT644)`;Hekb7Tz)vsWD}eU_J_T|c0{mORPX_QMz{df<2k;5N`vIQ>
z{HcIX0saOU?=;|_fc7(hKM(ky1^iQh&jG#_)jIIY2beu
z@RtMsD}bK~bXEbs2>M+E`~je|4)`>TD-?0{|LH)d3h>85`)a^%2KqIC{|?4g3-}PU
zuLJy#KtBxluc3Vl;2#3K4e!fPVw{nF9O-Xg>}3Ht2T-@GGI;S->X%p94G$;b0RKDiQw{hR
z0j~jkH|js&4KQDIfIk)RFyIZqPYd8Tz_{7~kAocA0lyyFcLM%yXx|I?aln5c;I9HY
zLxBGn=wtxj4fr_VjWDhWz>kCZodmoI+D`%gKfup4;P*hkGk|{^+Rp;M4D&b#_!|MA
z2mHH0X94inL;FR*zX|vf;EOQcWx#KQ@vZ>g4EQSGS(vXizz+fab->R8enJhd{@)FF
z72xNBepUm%1^B4}{6e5p3;2_PpE|&w2J#F8J`D6*0KW_HHo$wJ-*&*i2lP7uPec1&
zz)yhoeSlvM?S}ww27Su_-U57%16~DmCIJ5|(3u200r(W)*MmH#0e=DDGk~`OKeK@E
z2mP4?{562j1AZOQSpfVfXuk;fO~C&W;6DL;8Sq)4zXJHhfUg4nahR_)z*9hf9q`A4
zK8G4z{l5(OuLAsbpkEF6hk>6Oz<&q*)&l-~!0Q12B=j2w{BMA_0DeF4(*}4W;O&5)
z4gGckemb=81^n-T_W^zhjCTm|ZO}dg_(ws{#{s_w#x()>>7cihfVaYYO#!|Q=uZRw
z9vJTo;Lia5X93>|{LBIVOlUt3_yDwD0Q@l^heg1zhH)(cJ_GHS0e?C4y8`%~fUg4n
zzksg+J_Yhw2fPO48ESI%{~>5!1^B0cel_4bpnVPC&j$I|0)8pbsRR5!p?w(eagbXJ
z;C}|WwE_NLK&Kt>9WdTbz@Gs0djbCh(C-8MYQTp8e=+Do2Jki*?>OKuf%X%CzZu$3
z0{&F!cM9;Y0sqs0Zv{Ftfd2^aS-_tKa+?GE<1oMTfPW6~1;Eb+eii}W2K1KzzXAAJ
z2K>K){tDn906DAzejLp28sJ%IzYh2TkbkJz)&E}uKUILY!?>ye9|t~b0RMNuYXQFo
z&jLOT_#EKdfzCYOGr;Ep;NJv%
z5%5`%&l2F@f%eOQ{}kG<0RCveR{{SX@V^H5FzCZN;J=6Vp)IcdF92Qzcq_aw)quYi
z_^AQB9r~>W{E2|q0e%d~Aq@CC0dE032K=-E{zGWr4)}XvT%Cab0{HI*{C1$<2l#t|
z{~^G?4(&65w*vifz`qLoOaT5mpfd^hUC{3o;J*NT8t~@;of*J)f_!EHkAj}h0p0`c
z=K=pM&|d)jrGPI2{wBbe0KWtHUk3aKAh#93-wAxK0{(QMvj+IfLC))de-_$@T3r1<
z7w{^;cS66_fPV|dRRj1a@Lvn~%R!!XfKLLSVZa{`?OOo93Fx;0z7y8LcEH<#|4zVf
z1UkKde+v5T1N_Ut=Mdm81Uv(H8_*vI{4mIQ0`PADJ_-2kfKLHF1^rF~{yrG*4B#ID
zI6>44)E^)9tQj%@Y4eLr67kkz^?#0
z?SOBG_ML!_0^SSw4bX2N;5Wi}hXB7D@C@KD2YejxH-J1R0RJ2GI|=yJ(0&T=7_^@T
zJPQ5J0RDU!?=0Y_0sT3^_XGWTz`q3a7XZH!=6wwupFb~1FatN(uh{iy={T`;a{z~2t^YXH9y_^btd0_fKPeg@DF1AZ3p
z*#h`OFy1!6&jEhg0q+L96Y$-@PcPurK)(<0H1IhDcoOs>1Nbc@T;Ny0^rXBeii}W1Nwq5yI-yHk{r?KksRH~E(5VLegD~D2z(XLPTEHiP
zP95NH06Jm7TVcLh0RJ=4Zv(s<#?=n^lYmYq;E#au_5%I_;Ij|#FwhwS{5Q}(1Ne7=
z{y5+fz$XCz0gP)B@CQLYQ-JS7)y-X*{M?w2_zz;(E&@){9uLFBq1^7pR|7yVh
z2J~wHZw5NGfWH{zQwR8aU|zz2zYgfP0RABG(+2oSfVTtwMd-H^@Y4bB1^f%pZy(^l
z2R?@Ye>~910DdXx$vEII1U@GK|0}eg1pFn?ehTm>K>KOHZv}p40I!4gvw%Ma#ybai
z70ly2;2prv0^olId=c;`gT5^Rz7OQN4ETxA?+W0Z(0�N5Xj50Dm>KUkChUfQO#x
z>i-Xc&nmzt0Ivr8T`=An!1qA=TEJfda;^jXH9#i}_}c()0el7cZv%V*=(huY4B(xB
z9|k(TfZq#x(g*k)jB5z+0cf8A{HuVE1AZTjYXb1!!aPm_UIXo?0KX9QWE$`p;ByA>
zPXL`+!1n;3bATTUbmjs79LQ|}@GAjd1pE~s|0TfR1>;=?{C&XZ3gF*?_N#!u5%4v@
zUjXA;2mH-2uF$2f{=Wd|Q~|yP@M^&0K&J-qM?$}~fS&+#>HvQu$Sn-`F)+U^fPW17
zZ3Daw=(hvj1@t=sKLz;g1-u*D_W`~H?S}y01$YMVOM(A!z&{20Fah{i0G|Z>GSG)9
zz&{Q6G~oXL`OEq81e+EBFy2nU`=Q@nz@G(t_5uD97}pTs^MGdnzZ&pyz+*sv
z0`PakxF!L=4BAftek<@l4R{9H&j3CI^k)Ho6Uc22@YA6EJm9Yec`g8cEa=-J;J*ca
zmH=-6d>QZ=;AaK!e}{fo0UrlBuL1s2puZ0Ig)pvAo2&nih4xi|zYyqG1HJ=mJ`H?M0NxAjClQB!rvU#m=)*MNr+|EB0KWppH4FGvKxYo{{m_0M@JZl*
z0q|*PzXi_S7P8HyH
z0G(>U&w+8(0KNcns0I8mw66pFvCuvY_%*<13*ct}KW%_N0Cd^`Z-;Sp0{$GJ-wSvc
z==1^pcHn;q@M{3i0DcqD9|!!ofKLEk1AI;b{%fE=1^6M5!!+P^@IKA}{x_gA3;6SZ
zpEae+|rg72rPvI@N%`7WkIepFNXH*fcHVaoq&H8@Ls@o1N}b0t3Yl;fWIB^4B&SFopHc#gMKFfzX<%6Nx(l3
z^D+haGlBjz;Cq0d8Ngo;^D+zg4ro6I_#WVM9`JtPX94h&fd56nx5B(E0X`4(mjQng
z&{+XI0{pN3f9%~0TpZQiKYlifcOD>wG^l8*5+Mm8+NK7Tnp)AIQWp^o@rD<||MUIK%y(zMi_!W#
zeO|x+>t$chV|dS;Idg7v=FH{H`j+qED~I*I}-#TU<3zU6=S
z#WU5n{1sohP4g|k!57bT-|`21;b;1mZ{;hW{e8=K_oed?-}3docxL&Q|I(MvkZ<{?
zzU8xh%g^>LKiRkZFkii#?puDpFJE(f%hP=6yx6xq;>*`%zU7Db!q@ngAK+VF?_2Kv
zl;-BhUew8ntX};y#`od55EpPXwXQprYxxVH5`;ph35-{mWZ`M%}X`O>+-x4gy|zc0vFe|}X0UzNaDCGb@Vd{qKpmB3de@Kp(X
zRRUj?z*i;kRSA4m0{_pKz`NpEKYpYO0>Qi`b5ej!!PMKH}s#~$ua;AME?^P_`
zFfrpb{FA$rz*Q&oxSE#4arE2*Bn+-!n>Tl8o>YeFa^|$D3brzkW
z-h~dR<%a<_42_O^`JYY?sI%!_^=@>RdUv`_{cXBMJ%eske}}GB??G3nXVRtWJ?SF#
zUUY$aZ#q}K51p;fp)=I`(gF2;^ysHv{`aQ`)bb%Vw14#hbeCE_M27aSmJfKL{j2ln
zMzwsX3hiJ0UAjVj2wkd{4-=vO)rZjq>ci<=wS35B!%((bKGd>dC`0{yI-ov+9{t42
z|15eyT|oD$kEFZQN6~HSqv;lPkZx4}fUZ^lkgiaN=u-7DbdmZ;bb(qXHf|WoRm;RJ
z5NsFT~D{wVZ%943(PzVg
z^<{LaT3*CQ{?)&s3)H`*bJf42v(?pfhWc_kpuU10{m{#Q4LzW)rF+#^(p~C0x=lTo
zZc&HnM)g&6t@>)ZLS0Xnsv~rf`Wm`G-9YE6ucfoqQ948Ydpe-LjvoEM%l|xjK;209
zs;{TJ)Hl#=>Ko}6brapFzKO0?-%MAi=hLO?KhQ<$Khg#2Tj*T%t#r1!na)t(MhDcl
z)1&Wu`CmW}s9We>^`Gc2^`GfB^&NDJdLiAYzLTz1-$hrb7ty8ayXhkJJ#>NkUOHEO
zADyjkr8Cs`(*gAZ^yqtD{uk2&>NdJp{UF_?eu!>UKTNl%+v!I2BXq6$QMy9Cgf3P8
zg)UM*Mi;0br*qX$(Anw^Izzpb4yd1`N8k1G-$@UsyXao^GP+B>oNiOEpj*`4bfbDD
zU90Y)E7Ys#QuR}Gk@{)6K>b%bSN%6STfLgjQ2(6{sGp%nH+cD9Ll3BX>0b4-beH-$
zx=sB&-JaT|SN#&5t?s8Y)GyNk^(*w~sF(kB
z^niMR?p41^cd1{a+tjbqE$TtKQT=baR{aKDp^nj|>LI#F{U%+Y9;S2EZ_(N65jsQt
zHXTsELyxZa^1q%QP><5R>J4<4`dzwB{T|(-exGhse?Zr&Kcp+vV|1zdBf3caFR|Gw?zUna^U
z|7v+b0^@)64s@4#N4iZdA1*-t)tPjoS|*ku|LU*P73yhpsahuTV*IE6CS9Q3na)+q
z2Q!d=wY->$@xOW(I-r&xRzm(qy!=n62h`bguX;DSOT9bYrj{2qkbkxO;0CUL)Zd|N
z)iRL-*FS2Rh>ZGI?@1S__o55bd(*kf3DkZOxLQvOIN55p-a{Bp)}OLT3+Nt`&S=M=c>O)XRGt+
z47E%=NBdVFL5~i5`JY7(sO1Gkw12gH&=&buA4RvRkEUDHLAp`>1G-lIL%KpO6M<0w
z>SO34wM?i){?#&Z1=s)TLR*VeFEL3K9O!y
z|AcN)7t@XEpVGDJljsWd$#kjuXLOPJ=X8NuCL|&M>Qm`#bqSrJmJeQ{{?)&rM~A%p
zpH2^`OX*&W?tiGyqFdBubfa1(4x#^3pF>xu=g_6I>rldO%%4_o{zMcd6xrcF4cFl5SDUL^2%zYI$)R`Bz^`
zSEw(eOVz)oi`2iN3)H`*bJf42v(?pfhWc_kpuU10eZ$Lt4LzW)rF+#^(p~C0x=lTo
zZc&HnM)g&6t@>)ZLS0Xnsv~rf`Wm`G-9YE6ucfoqQ948Ydpe-LjvoEDm;ZV6fVz?H
zRbNkcsc)d$)Hl*C>L$8TeG^@)zL~C2&!45qHdh~TK|BLAXbsOEQevs}`KSZ~wAEsN>?R2C15xQ3WC|#jmLYJ!l
zLKmqYqYKoJ)4A#==xlWdouOVz2h>l}qpx}S@1zIRU39N{8QrB`PPeI7&@Jk2x>3E7
zu2uKY73x)Vsro6pNc}Wjp#CeJtNt6EtzJ!MsQ*p})X&hPuX_1kLl3BX>0b4-beH-$
zx=sB&-JaT|SN#&5t?s8Y)GyNk^(*w~fS3Pu
z^niMR?p41^cd1{a+tjbqE$TtKQT=baR{aKDp^nj|>LI#F{U%+Y9;S2EZ_(N65jsQt
zHXTsELyxZW^1q%QP><5R>J4<4`dzwB{T|(-exGhse?Zr&Kcp+vV|1zdBf3caF2!uUtM
zC0(JGiDVf6tGA|$)bgPijQ`c!(z$B+U;xH{YWaa(jQ`d0p>vFX)iUuBtaZH@Zu`JKd(1i8#3aRm+Dck$?4f=vwt2
zbcK2*U8SO34
z^^fQR^|5rW`ZzjUEfYSGfA#TnK>cHS^hGcKv*`hK5#6gkf$mbDNVlnfLbs@k=|=TW
z>00$kbcOn4x>Wr$x=1ZQl!5lIK84OzpGs$|<-@DUzgm813H_h?7xd^qz5Jg}52#D&
zUiBGtm-fRI7pTvtbJZ8n+3IpSLwz9~
zP+vrkuJ!US6XnqU)fIHFT0Z27_OF(S=eYh?%ZDM*{?%15OI=5|sprxy>M-4?
zzKX6@Urkr2>*-Q;gf3EFLl>wU=v?)+bhbK5XQ+Qq2h`WmqyO;oKaU*+4_
z4Ro9OM!H4aL^rB$qHEPR(-rFZbgB9ebdmaxbb00$&bcK2mU8=sDE>hn^7pU*0bJh3J+3Hq0
zLw!FTP(MJAKJVp!F+HGeqkGj4(p~C@=r;Akbc?#3Zd5-)*Qy_-E7VKqQuSZxBK2c*
zf%K?j6
zy^1bXKSdX*pQa1cf2DKPf1|V2tLY5&-|2w*8G7_tFaK-k0d+6ktA3X5Qa?wxsh_7?
z)O~cL`X6+y`USc|y_POj|C26KzepFT|3&AjU!t?s{d9)R0J5^=ovS`gOWRJxDjI|4rAb-=HhhF}hSeL>H;wqzlx;bgud>I$J$LXQ(X-7pXs{3)G*`x#~~p
zZ1p&uq25Rb)D!gRGhY5vHk0wifLcBTkLQ1C`G5q*KkCisHnsd<6~;g6RJu{U1zoF_
zA2!DLN4*tYs@|F|Qg1^SsJEqa)!Wh8>NGk-y*(XJ%MZBY`v31<{-@Fd>I}M9Egup`
z{?$9uZR(xq7Pb6P5w3sL@NII$NDZ
zXQ+3f1L|Gr(bZo5r_%%KY`Ryy8{MVeoo-Xhhwo7T>KSyS`a5*3T0T&N`d81SOVxYQ
zMe4oi0`=Z>u3A25iu)hx96Ce2FC9?tN00u^%m4oLfLeZ#0PSCW0NtfNkZw~SM7OB(
z=tlLybglZkbcI@eumbh3K9nv}A4V6b52th0@&PF1Uo9U(!u6k8ejo_ff9fOX(Z726
zpG6O-3+P_;k#v{(D7sC3G~J>O(v52Qp*6IB^$+O^wfvwY@~@T;%A@_O<%3wb{!t%G
z=c?rcRmi`(kj_vaPY2XLrbnOl@;{p%P#4j?>J#WLwR~^|*MDmHVK}sZwR}Jm$G`fg
zbglX%xWU8I%|DkA@C`7jgi|EN!;v(+VZhFX5;2=%X)54@rOd&
    f9O=Y|r&X
zLmUS7uEv#)CD(w@u|3!BRsMVn{O=+h6?`f)B8k}#*`7)JRhpK-%vA*(T(9sG!9{~x
zXp!^=AscN^*M2H#n&7@Wx#@bdux@7Wv^^ImDc$42yr0-qXWg#5WATANo`wCW9ol8N
z4!n)7X5nM-1=Efz0JsP4$6QPqztbpb6l(`2b+F_{eh$WE&Em9E1Wd}D!Gc^V+hP76
zhYEZl4SP-d0rah98GzZEKpG^oR8Wt=KD7az6WIckJ2b6)C?s#1cI-|th6B922tnzI
z=2)FD?N2493_#deltfLfGiA%n_f0!9+z`9LdgmXQYLLOqPfYt^JPYz7Xutn26}ul$
zV&lWc!XgYl
zKhCycPBykQj@qualm|isLuS!>-l3USl7VtV$`6XdoMj?
z^rz;5jGrxg@Ci84xFW-42{xb_*S#M98&1?30&D5ws(Mr;+voYDhf|&hf-r_iT;r)w
zlL6I;_IZ|l>}1t^5FWaXM7B{wdh7)#9UQe6K-f(ru4%csV*{$;@z_UvPVqkp!a1!;
zk;pb`cwrm8;Uv;k5KPRf6xPI~pvUfu!8a#cG6wr%U^EwqzBP0nKt@
zNpB;Gr0-&(0*k~_F@r!V)&O7cavT_MauuJXRO|+H*oBpf7Neg*lI6=tP6f8hQ|b$g
zg4pWl1^o3KjKn?yTHEJ_p;^o$5`VX#ckq^YOL!~_n^`A(
zS64g2_y4BZA)00&r3^$XZlK6qIl+;7!{Px?0wA?d70Efo!PaY$3j`_
zdVejPjII|O;$(Gg6^T=L*FzO>D&F-Gh>Fr($CSq@FSCA4OKi)$17a<^HjIS_a+Q1}
z1CWqnl{{D364-5a#x9vy%@Q;5!>-7Y2-s>_4p3@044D6dUuI*OM9$Jo!^XnqI>S@L
zu*4hW@+1Ck;xJD1Mhn1B^e1LXrY<%-%MfdJkA=Dr4JDvrNBTw&grfGf>%k~J%Q=as8){d@Wj&W59bhFAO`yoC7Pf7
z-&dAJ_QyLBbWDj=?2ak1GtW?RxUaZ;*9poGL+%(3V=nyDQ(^_10iB2QB^Q!Q33sQ&
z`u~bX1rAbL&>Mk+Dq-TvDYWh+CR(`=GeKI$pTDmyUg
z2Ip%8J$Vg^^b}?CPuQ&$&M}CNg7hm7O~^y{Ee8s;zDYxUmOE-M-hcQ)8Uw#D#Y9MB
zb@5o<_<(1%2g0QcX>j7eRx#cYEO$B95Jvwbjf-!YVs&9b6^~!OjWaQL4B+~Qi^#Jfc#&}wivhe)8iRucRJR=DwfDO2wNn2AA?-fd58kMis+8muMjhfVw5xv
zdF4f`<{gJt6COMYM_LVK{7$|p7){q%bh9b+djRbx_!hzZ8j-h{EWytdxhK&QUoYCP
z*^emVWjOw#1=?Hd0i(&sPD3D2@+N622UNt29opR&nKNkrBPsyGi(H$bjXj
z7*;i~M5V>4)TnwY*Z0$lW1h+l{C)VG>mR?D?(_T;kjb9Pjr=qDobP{>&yD@N_}s*Q
zlFtSH@A%x*@3}$zX8t6clUHOTJSjT@J^RALC|I9Tc4pBw5rOYNz&?2|S6GkUHP=un
zyDIE_9oN*?OnIfk(Id#RrcDKJry`Q4^+HRW@_OJ&t!7^#H3tf*Iap!R9#_qw3h%gT
z$WbJVMhH#v;J^W>8Kd3|OCB1?tcGa^%$y{DVxz+pcG`CqaPUv`n!-+(;GU)MROu4)
z0~$V0m98-(D1KGCIrrV2a}RZ{+QvVYaGW3F^Bw+I_}tZhlFxVgFY&pzKkP5!_3@W=
z&INq#>mTTx=kU3of1`6g#OMD0FPyW1vQgJAZ}}_pMV93+gNx*I=nu-UHGyaPArjA0
zB-W%n{|aKS`$ZzT;TF6sgIxIvoPWv*YBt@RpzY5%C%7$5PKbtjB%y_7`yZ0IO%@a>em3ZhI>aG#!f^<_rn_P0yG59<6TJZ
zBi!wW-BnqLBXGbMi$Qp#D9P=IMIhPbW*2k&VHD0avea-X^1_Xe18D=$F7o?xkIIt+
z@MM2e{wki=@X`%T8UtOjeOn|i%J~CwH%Qt26cB~}Xx|Hz9`IvKp
zkz{W_M2GC3V6gp@>nE~*@2{CjLV9&n1)8kas#xIU5XHi^f09Pm{&@lO&&T2LJ}Emz;dbqx*S^FGAh`bQBJu*kuKjb{
zH}KN~wLD`;lJc97_XHZ=_kK9_j)uR0H0uklHjc(d;5}jTc@bQfla>+`PHh}LI3Br4
z_;bK^5MGXOZ5*W@kF*HT#?imfFChnc9)DkjL|o%2mHUu!^ot!ZkrOF67|DY}1wb1|
z?|d6h<>6k##U#-~#?iqafzT3Q=i3ObakK~83u6Sp$wdhv<0z8oUyY*+@=*C8%Et4M
ze$mzNZ^qGAFa~1M889ypo0Cf$M@=-LtnCIcIRv;$Zr3>aI;LD%J_%SV;Y!{$jwV!b
zLQ@Y|qmaC794*<%k?#qtUr63Hj;_1pWXV0iW@&kC9Hm;vFkR!Qca&75Ensd9X=CFj
zjH4Hlv66x!`4+HuwKkJ+7)QGwa+2&jU_WVjZ5*vl1xp)8n;;jY^*3nRIGWl@D!Gb7
zfl+uv#?caMF(HRa%V-|L-rSF>7RJ#lzd6wyNEih%WE>rVodG%KGYO-_4jD&xqc6yX
z@v)E`O{W<2!cs9u?v;?7YaHDkFjP1{3}LQu^t%mCIDZadu5mOQqZdxV044{WaJt6P
zk)xf&%Op&N(>0FvfgO_NnuO$B!v
zDjx{d#?jil9l0HFeZ8ohHjd_ZaEzm;LHI_K=*scIHI80HJsmQR`sX{!BZi~l#-RdL
zNX|8mu9^fnZ5++~LeZN-q^B06WZ{%l)r2;V{*2X=q0`7N+v5o)0Wz)xsS6G}#H9Id?H5Ep=buW_ZrHI7z%)ZhSlMhKCJL&cgn
zD)>CFppBzFeo|>#9n9v$rh0*&2re3`<<`d02k%z8`++(6Uv<02QD2zS{UDed|4p|x
zj=qm!iqIY6GHa`e543L>Cwi~
zGng2E4uk_mNz_>1W*nX04&S%~>+(M^iyB8Cdl|xV6ux?ZL*+dMO*QV?I69#;Vo(l@
zY?q}Pcx@c*cwUGuB-a{*t}aP(a%$t~8`aQ5KnF;U17Ql0RIB0|M;p&mPm){)>=9Q<
z$T&J1W*2@Ow*%Xy<+XA2mxZdh$@hVs*7Djon((+I{|m4`wY)Zt-k6NAY2#>5%+nJ|
zmO>4ffrC>gWE>S!G#kdz6YnUJYy)N|Vyn2h#?eQj9c`n4O(0ygxQxR%`X`K|O=4ipp^iPH7U?UD`O>d#$7CXAs2L{|%TnjxH;Ux}^jd
zWi^XuKOrgvLIIID;7XHg9NqdoJ_t(BNFNY}YfUP4u5mO0V`d+b=78{^
z)}%lqsj^*+gYNX&$N|;pCIJ$Y3A*zGWxG1Tpadi42DY}6$v?z%+rJt;iHphrJioFLk
zn(mB5!&nr=GAKB#B#~z@pQE0+CbTJsQO*cZP=xu4JiHfp8N>Q}mg*%Q20yI5U-IDF
z7##&cHZ2H?Joj}!3WH!j!?^Y+#IBPIx;<<+pc`eCP;uo(pGD1=pM;+i4Ws5*)x$8V
zLnzl3q?^KmER)n`7i2uPT^0FBWq%l0_ubQgxYOZ#pgKC=$zN-iYn$}uo^l+|fRBc-R8w6A=M
zz5w7Jn!KBoC2-fVwJb|rM~lFu1DHcG`bxXy0E5|c;kb~b_OSq4tXs%LdJ>ey8gs;-
zuaeB!4&JU1m+T`(OUbjp%3?iK+E|dqoX^1fGQ?$zbq86A`o0#qE4%baeClrt=Ahtr
zF$6INhe`$oPmp%k%}P%tK($@Cu-W<^X&?DnsptT_tIKiB*0ZG@1WaCz1$2)K7dBfj
zlaZXZg{FQeoaxa6v2qBNZQu%8XuT+)(j0sm4QdXMszG>OLW=@w%t18>=L;?*>FQq=
z1{F@AY
zcWMS7}k`o=aq_`!1uVE(8_=V=q8YglQ_<~aN#7z$^cG^
zLP<>FY&97hTC|$|ELH{_#v{>oSX=DTwEli<6Xfgd&zO$MRN5xUHz$*xA>Jm)H#f2*
z9(2)X!k~%5_q5&cThu$U6`VTYFnUob9>v%;d-8|C2E%!>3#sn-5F+t5LB4zA)f5gf
zl*;pVtGRgo0mL=nERkE|p=_W?Yn2@{CWmp%T?4pf7N^T2-BIGGR%`L2R^
z!`?On&fdF_@i;j2l0&C7-LlKWkS5CmtD|uWiXuHG**{a-AMFRNJt%!OjRI7J=9TtP
zEJ2b}K)GMjI9%*y$JNLIAB=X3lOQSAfwIM=sctuK0_4k*_Vkn3OOW)-!(hDYvLvUH
zVpW!Q@?vaw$E-_W{GnN#RNRI4)t7b_)}AmcVk(L?4wVZ0-XibA;k!GYd+*$z_ceo2
zu@=6N3!-dfC+gErop8v8dWOgE{h55D#cF_w;@JV3n)y;Aenc&^T`y`zqh1E~Vj99Y{BPA_iz
zuq9F5GEQKI0vjE|>BVgyb|KndQ-x7J0BlJJrx&+<*o7z^)eMJkGq4vzI1LSa_y+3}
z=m&83=qRvvG|s#H_#Uakokw0a>Dz!UkJcN^k$-@ALz8)A;KRmieVR&z$KHdA3x`S!
z9vS#{V@snRNT_OXuTK~~<&p}G;5S=+e@lB;3n8+m!?_Cx{WNI-mkfFV!8bLYnrvwi
zsKmkyd;DofY%yF{X|bgt-DM1$zC}z$L+$|KpeE6kR36aOj_)C-w9uQrzH)f6rGk?I
z-+_3os2F>|JNEeU4Ldj;txUwdDE~MLm46;X_?8&;mERP)hckM;^XJ({5JL@#+Q$VbllWoGe62G3|z5OHO228iWc&
zDx`@<9=-;q{ZxM^K?*=K74$1{2NX#JqW^@+cYt$
zk7-|q*_{()CkXp)(?o*`-)xYchelNR@)Hm)-lmC3^RUmrOr#f)Zi3*QULV6+b+Hd>akFrjmcBZ^HNE
z_!D}6#Shwn@F2i7n(#gm^!|$H>kIJ(TwVmeS96S+nuGlnFJf3poYTO+(3}+F==~LU
z+-HbC2}96TKu7``*4D)Si`X%-c?Ikz2&@hc-Z61Cx-Gn8;u-XSlmt0Rx}`;I)da;G
z7uj4F35)80?2QKyMeL&a6V$l7XjZ=jw+V2VioN}NNTv_Bt_KB)kOc`;P|G+F1vLC9D7x#Ey1rnf;MNIRN6t68K
zAuNm-D@ac4mSsKI7HYY@6e|Fv`~Yqr<1lvL0$7T%6}BA*><2hsbseLK(n+oZ(bhpxV5hS+HYdZWvUS1D37v*bv?+@(dQL%4WbiYCI{VzPtTVbqkyMqW`O5+6q)o!=H%z
zxHSI8*|A=gWJ|%3_b~=Pr%|`%9Y4b1~FNkpy-iJ5rj@MvO}sR
z(%@Vkhf#;1E(~>*k#(`SHW$tevtHzs9D17yv#3sbpW-%RMH;w>&PZKzDp;Q`rtN?>}P9|X;
zLhO^Hu=Y4S?ykTkj1*NNxI6OqvX%(oJ_?7?lDtsJw8;E=mM9C?YAzx>6Re8I%*cDO
zbXhh9)Tp{?M^Q6#O3
z#|C>x8B0)b-Xetk4VJ`y4{=Wgxr))LfLW5h=>Jf)V_il{C6~uS>F~JSfj)SgDpRV6
zd~z42(tOBHz(Q#9GmQpf6GDEzVRu1+CO;bxGL?`(9T*?u_EjN07CFZyp2y!?_I^C;
zGr$-cQo_gy`&R^fE|A$;Nh%kdcOn-HORR+JV>pb3q<)2D=!3}f*_PN2=L0UpS>Zgc
z%sCr*zBJPN6bKhIiNnb4MBL{wKb5ltMdun|3z26pR5VlwzO>&)`G^OUrs0(o3{~bZ
zTAGJ7?nWJeO*DZMD3sc&%u#Z?1@9+hQ2OwjXd|e-p-N1*H;<9>)^|lxhDKdp|NGf5JL@DW8MXF7k3SBqWO|#%VLMJ<6|??*RQoGoB>HJjRQA$+F)I
zx5SGi_!|f}HEBGq91>>S|H6_hCdDHZX*iT$D{-Z^kcq?hnYV!?>%ggrCXkHqjoogF
zxRqw$cd9Z+0vwN{2kl`^Nr8)OuC7?8_}?_5R7rogIAke}HbPdX5l1CG94(7XI^YSs
zrLlva5@+Cds4dNYvIaGy&-rUEa2t&ssk3KN@H`vPOiF3@LqjXCL51}IB6xw)Ui39a+5B-apxmM%$Y;RKIBjT?)qn@Iyf7^6vTGY}S&
zUPOt&Xm$ajy8}Uy^Fer!NLMK+s#$(1$jz)tZ=ytCzOWy>C60UiNL(y
zuXqiD@l(LgYCJXvZ>L1;3RXlaNQ>Of`X9slQCLij+6!^T_;)_Wzc@HK9DKaA7a}LU
zgl7V)OgIPcRsNDl#AI1~S2CVsYK&R{Y^MpP7(-nae8ecn3DPiNV+g187QSEh0ADEW
zt7u^4T(~cFF-b8{g)QO{X@BxJ!nXU2;+OkdI(
zJ@=%SJb}KDR7Lh>Pb_^6fko&$A|n0zUL+Ec<`yP30mLMlh!n~1qN1mjqWi&7OB;)>
z4kaU$TH1K10?iKd(nhvSrN8+V1!963_ztp_>C-4mG5Ii*cGoGx)8-<5-$|;39x(&<
zLJ-NP5K*L;8$;+?Gmt?j=_-uAb3f4N5k{afp`@VD9DDkx=O~JJ(}nilQR#p;U33)b
zLbU$#B<6F2w&j0%F)EPdNWY-Zisa>)hHv-{Lj;p8JN5|tc@$cnz+u#)-0aL)s%1Ak
z4r~|P54xD7D^c=`p{58Hw~|ShG&iMKBA8{_xp^itX!R2va
zr(E1oQW@1u@D9sPuI7+_2H^&gC>11KiITLMIT&r#+J!PN&E9ymFWAkpv+r~KO+yM*
z#=(JCB4%yU+sCrYc5w7I2cZ*@LVC?cluQFGyXF&)rcof=b(^L)v9WJ(xMlDC(n<7@eq)xMS0OuzAWXIOn)f(XpuyMkm=4SZ5cP-AUdZn>Id$
zd22X~0(@6d3Xe@`7M=&#YHUg&PcK;#eo`FC5~kyLFR4vF`zMzFV+P_KJl6Td4$VN2
zs(+b*m>iA>{tRt5CI;abM
z;bH5KiqjqVK+U;;tI!NYU=+SC1D81(C#@oS(4Fd=4NpMhv%p@(@xKYALiQ4c|5Xx0
z{aH<@B-AqylxXSa5nN8fpP)x4Ax9~_0oo-lCNao6g`t>GH-)QX>iObJ3>cu$dhqJt
z{O@}3H!SZFvpU*b+j$4Qj2f~IRk`d?)o
zQuwk$Br0>Pj;C|d$Cp5y;{u*QEteEmOeG9H+Bu8|o{G)`@#OA%smu%t3@
zPQ$zpy(tB6%*Iu*{zDMfr%({kL@ac*C!vYZ;pEbr{v7pXDF}O95(R;JFSiAu*ILS@
zGcThyh;1GSUyd1!_W_+m1FJE#B$}CFh5s9ia#9)j1|8zX$@9E^XrtyS3ncBH}pCsY0|G#KK(gt1W@rR4tWhy@@-s&UZ+g!
zk1j2N|NJ`T>P<@gRuOSYxBv1wWxp;keIq!^GxA#bs9&ed?Gve(|Ao;VoOv#b3Nf!pSOgcfut0go#fIy2{hs826?osfuwaO(`XQ78qScQL
z5suvV(3O~KdEytDoVC{=r`r)Z$Ai?PKhd*Unkgb%dXBF#MMccQBj2j=^UHxsg^LrY
zP&nMDB^{@07Pa)(U)p666a+u7!t@d9`j3
zWm0d}_wi|%;6N$%u%nM&E>fR{<}0Od&v0~q-u7I88EYuW)rd^`m~sc{i)n<0Hm;1v
zQ_82N14e@rdOr1hL&f76&;d-1gw;qpW&uX>amgM}OrDyRda|%^Xku%fBxyBW6}Pqm
z=G|L*W_H0|YA9+)Ai@tB-N+N@a*4S41!x#sdfxpWpL~Jqw=RW0@DqlPjfhzaLsIN!
z(=+=^RYO!-iKtNxLFun+h=0l!&LGa4nD*#%#m7s};f_j42U60sDMoNm!Z|78DwjsO
zE%5x+LFM06*Pl?<(Us^q3$;UJKhN2^uzi8UQKE;!QFHMmVqL}acBH||UoAr6_9AWy
zLgEIs2vSQ_-9ift)p%#2oK0fjZG5Qp{zHi{dJKJm1#0#I*=1Dm_v-3oFvZ
zSvfeB2~A|ESqE3sYG{fn7Xu}k$VyDywkR&e_`*sgD;as45}qwk1qfweRgyEiRah`I
zVZ{Y#3u&Mhz?qARSv~?=ymgHC)NG^Hhg||ezatjreifV-0MS6K(7Q!(v&(QfI(G#X
z6beajm6Pby0LbfDDkkDyft?)X=x}pGP(P!pOQH5j*1#$&5toPdApV@E*4L??5Ctb1shf*3hyd2*2
ze#0{cwqgp)jeiNEDh9~G4=`g}Dqe~jtN*7MREAUGVxV#`0``5Q9$xdsXn<1h4zT3r
z1jL>GL|jI1ejF`WPzU#BlHLt?PsWpz31D%L6Qt~^aF*I4~|1QoG6{fo65s&@1b}C+KYi1?-
zS)6Ca1SQ(?|02qDE%#OeomZeHU0wEF#3H8A6;s$X4Kt^gir+Y>kyG%fpvuJ47IwjG
zjXBK&eK80igx}YlK6KDs!n7^(bwusUt3qrdh%Q9Tc$%*}Vw$m-=_8i|8jAZJ^{_d_
z+>FW18GWSqoRGP=khB*HKHdlkbAWjWCxUO?2Cqe_H~W~IV5%g3!dgfx!4-sbH9Nt8
zNDj4K#DP5ocQV`H#a)7FmmfwH+;+qitS!qy4KMb|O>;4{EFt}|yI}5+G3D?<-+0+*
z1pSSL*m8OFDQvQk=J%Ao;a`6c?+2H*r2jR(@JRn>xbQ?(EJkm}d!i~8TaRizyA|qU
z8CBPxf=0B|p1yd6yuF=@-7e(EP
zC~A_f)b{{+(N9zZwO3jx`U-5+6nhq}YWWJBKePlZAu*9b8>U6gu?M4_V?D)?j5J!|
zn5gHSpCpSutejjh8eY|?6&Mai)}Po}y++-nZph0lYd@~*sq6kZcu%rn!Xk2Ckq7s@
zc;bZ3Y9#p!^TLyH)Iawq@-X9LzxsCYmwxr_;ER6s&ET*6>YKse_!k`~-nV}GcJO{V
zaM)y#@sT;ayAY({Ac7%>K{x-26P&=l;?r$WKVB^8})S&9U+8VUEd?u7g3+eG@&enO%q3JiA)Uw3l92B)JjHXEa;Qp4P)hRo=(y1IWw6z>X2lfm3+CX*YTg
zYd_ZmzX}y-o&IZm($^)z6;*JuYyX<7z?=N=Z
z)fR;AM51^}x)N%3HN~t=gE(h)wX12T)^Yru1=1oCp};E8EDBZYIa8hDGwP{A#fMwxQ1Kc2GK$Y&C>u!%TR?rN`1BnF&t}7Yv5QF_
zTk7Joh|`R0WkD350Os?EDPO|ht0dBc)al|gli6p_r(4ZfAj{dV(a4bV-hyy
zfxI*~;_<+t0;h{l#ol<;gXGhIRd(^)iqB_H7)nWV5ZbyVXL26JXE~CZl?(+o!NqSY
zK0W%V6p)KSSVbg?m!zvu@tMexmxpM85AfA@oQoJ1&Pm544rU+;Ee@D&I@6Dg!u
z7oU_`PBQqAiLp2eYjTUv!fxmRQd(32p)QdMX>yCtN(`bY`{W%U^l(XPTugi>Bx?)|>;^Tf^9yJyhHz7n#ZAa?)r2gYi0@5|Q0~v56{s;X)SOI5?J1I9dO)cW
zoBlu5aCa>Ef$x=?X8*rx#&T!|3sO@nKwpw@+sJ`H+%}T0|ErC>lhkCldI{Ay`ZZUc
zb~`Wa?LYAJ$!*a4G7h88pWwOun%<+3?8o7J%7tV@#+`o6@BM&Z26n~8i}q`1zeDNv
zYic~Ic(NosFNecuMKE3IehqD=sQWctL(+Zi$D1RQK$Si4H%LpR>#+s0AJZ!>t9X?F!WbeEnaw0L>zaSfhwQI-wrKJ
zS32u?dd3|j9UE?Nu;j;}d`kipHAz?hk@XLjKz8|%I*B-x1jUWTbk^VfJSLRMwK_<3
zh)6LJrD*rZsHMi7masw%hVx_`dU~IY2;{1a2ue365YH8qq8%Wk9x(br&A
z)w#8Ee%(3KPMVdg;ZN6hKSG?|)vEnGH1KYsZhberCG7v?O0!35qRXxC_I&HqZ%%#Z
zdC{rgoPp9^F-7aUUw?J@&Om7kMv;XFO0+?zwE=#)10~w$(;X0PhWGA(=mlIS|20$%
zh;ER8GayQZ20im7l8<11i|Wx7q=!qX>{524c`CHXrFE~ZPN%p3wnCj=N^BA8^p1QM
z`Pmcd`r$C{_#2=eGo2_4Yzo|GyO``l1l{Rx`>JrW}9??w0!T4>R-o9rI
zrKAA}ja^cx)BDpIN6DSQhPwD|o!&CvIPsbd!eSy(yd+(PI=#C%a&D*h-me{hUjk`A
ziBRB`i0<@`xaxTRDF|N?DWq3-dZR5T8E%2#Lq-m{U;JB%WSv!tYfxYe41c2ACY7n#*4`~
z6k8Xc9@kA#4f3)Uum*&4;B@i%7As@^{xiqE@-rIg$Y!fclmDn54tXC;pT
zd)mcsD?S3t0x1RL0T50QiQ*;cDpY)ybL8COvltV`9QfZsxf+Ns;AqMPp#_l&X>yCtP)y--GzNe$`Zi5&@tGL31ZAIm0E8tjNfjR|6orZp
z=}P|HizuTq$;cj`riLZIp+}**3+?SUN+I~o0JkB^WIPMHC*i^9SN4bV
zC>N5m7
zNzB}+G|Fjky^n|#6Wx>O>_>ubgY$kIMSBwD>hvTiq1m{jHhge<64Sqd@Hx=FD=e(S
z&W#ked)%m5w1wpw**Q^&(%}hJ0w27D#+^5gOsHM+019QeXt?vD6bW_hZVjQe0`O`$
zjQ4?wRE8SZuZ)DX39jv3MDhaX21j0n6(P_5aH%1hpvyWG@MxDJ6xzhT`Kc6JjtDUi
z$Ra||lIjNZ8d5@YyIXx_P~QmTnUE}_t?lmY_bj^POPjCmD>i2JdUAj%|kws~0fvO}TXwPOuBh4v!&ndvEe#^koD9dTTH
zzkWvLVtN$lPsIF=dL%f_^sLEL>!WA65=EYB*`^XC=ntkMR8PT$re`^7YzoJVu0)Z!
z6PaEU67(lxR;MaI=9|iouUrYr=zj{;LHR7LiiIabVDTqU{xcGywq>tCx2d)aFNx~1
zHeSNrAVuwPdkGvZ8lvEOJ`=)HnBW;+4;2U1F^8n(88&*N;13AY4)@I62Y}`_a6J>(
zwToNdVAx$d-1?qQmi6K?I7%Z0rO~30g@;cqN&mm`|I}ni7Pk|hB1uooViNI$cLsMm
z=`@PRTI5uG7Hq}g;Tymn`!@b&e2OAosc*#H##_`bZ4N_bBM6T-HAJ8V
z>3%McKc)aUHMH6Fqvo%80i}n#g1Y10f?`uZb
zYy%9^uD*T{d4e@bqweVqk;Mq;QC6rs;@$4~7vgOwF(j0Gi@Gq>d$*sjV#e?@jVQy`{
zi4P9$jhi}rQ##lMk6&(GzR3(eh*|R7dVEtg*dKo8*5{kr!G0EQ8t_eCuuURpd3@76
z_;yF!G~%1~!R&8wlg~HZg2j=qxlKw~Cxqx5+%Ou!X&U3h&CuXt3PE!Y_1NHLib4y%
znHXI34v?1qYlpDHHaHne1#;U&r6I9q2CIF7o3;@Ra5Fo&eKT&_g%^jm`+}#VAk!hD
zG;SUU*7yTR_n_x6UPTBFL$#ONGp+)VRl#pcfz~UbCT`XTSO1NhJ2^O;gRi1C$?ff>
zlCUjEA1%r4*Ylsu(HnWy9O+Mu3E(QDsa1b3A#4q~Ad`n%6)va)`mf;8L2>6w@JjO%&Eq
zW2B;&h{?xPRNhP@PzPtCPq>Yc;-R>mR^eLUg5o|ow;KdMQ|>AC9|EbmjG%PgO(aS!
zNq3TNkrY(WQ}&pkWh&ZNMB}8mjhphl7n;*0$M!E`(H~U2Pb%VCAt^d26`8NOD)_3f
zcce2VkCOB&6~varEtI5>wgGloVf|c8q{KIZ`nD>q?$hd7vy))`+9D438-Z>(Q-W?@!I5BllB`b`1>QS&>GXjs{OscvPQwLX(QuclZ622V41wa#&f-^%9
zp-Jod=nGgfr_?~YD(gRjX#Hi;*69G9v==Ql5a`}7d#11V*=DH
zX9nlb0TLTQ#k;Do#v`C<3x*(~=QuK12r*}_NNa#K7kPs?Wm=M}P8ohGF>3(RX5J`H
z)Zwm_Di@RvB5hUy@Lnvx;2-2u+B871=&G`P8xc6~`HB^D(!yL~60e{R1KG)L0Pi=b$eu>H{ZJN<}n@d8JidwV4R?u#1#3
z*w`e`P|j~@z5LiIxxdf_%L|hn^h^JwIKcwJuL%AFMdGG3yc>&jiBN=!n!wMUA~d7A
zrj>fAn-GD#M~zSKxa7^jZgn`*1Kl@-#XZy&zCMvmCt}ZVA+9-vf*sp%b9QY8kNcyanR`8#9Li*WcI+4Q-ElqI}aSU(a6G$QpyCuMF)
zgkq+Q8H*slrj@9|Sec5_ZoG;D?6V@6Qy9A}K*sEsrD}q3^B)Ly_@>gB5eR<~|KZNR
za``nCZNyWjBtCc$OI@hIsZ6|cR5q?8T~|UG&o7rq{r$l4X1LBQNqw%srrF?^kD(%9
zwMLID5Y-$GStY2?8@M_O3MwYhgA;h758Nvy(K8ZwD2VGCQ6-80_cSQWiO!_!ZfkH|
zGr9&{FFOiOt(ZKzJ_qx0e(h-1Uv4*a)`_{3+z-scb=~M;bp0sSOy$>$nMBueM5Yv(|AbrN%0dMuIun7TfMMRob>6WRS~Bu3+S70xP1fW`?b
zY?~43#)&FC*Ad6YNh%BGn18TdFjCg!rx0^)a;C1znZwTXfw+xlcj*7YvHMKw)?U>0dCo#1FWBQ@+{-Qw`yr
z)2QgBW>7Jt|8neNJMMkq5*|K?|F<5&fM14()0#Ak*1*}}wEQoe|Lt(<6WH9b4iBeA
zUDk(8X#rD`%?`=s--AAoMOEoe*G=
zVkk;iPy_@-P)tz4f{oZ-OB7H?n3cMX+Jx|2${r-rY@nzrW9aKcBtj
zoadaGIWu#n+FdP|8Hm;
zE%Av0;
zqr$<>bh$Y?BZJyz$W3L&yVN#IZl+|sO>J}JW@^TX)HY9Ure(ZIZ42dQdd5g4XEd4uy61fd`=>vP8Z;uD)9e{!2>0kouR!%0
z8P3fHp+9w82%-#cv6)s5CL>2}%v=r9h%cvMiglCpCPuu`+fk!7OPf2Q0Wn(*=4)c^
zFqpT9xl=G3^<~$9kz*Q58AKoOLn*@Wyu6?L`fj}G^a6@OmjU>Yzkdo{mRhHm&O1q!
zA0c;G7UT_p$_FG-c4?%1h&y{Bnzuk`XeO(VFEmWIJZ}q*o5aQs;Ywy8%`{};T`1$_6HH^g
zi##46@eWQe>IQ|F7%8uGa(HIy4hE1``zbk3I!GxmLhux{J*w3&q|O&(7R9K&QGLo!
z6tngSsD;DO&n)lmW^x2PlVncjnFD(YW|&sP_`D=TM6
zs_=_*AdHXP8HG&Dh1UhlYJVysG{DX1OeRxjk|K$c^t`NF(6Ec0jG=@`xj9=Oi{54V
zv!=YwI)*pT>x_8>$ShK;2_cY95sR-Ol@`~$LVn3GW;p@d#mrk1049W1edd6FuXHM(
z`xk!U@FT#Fn1p@g15{zh4j^wc2Kk3%=~7E4#`NfZTaLtRHgbF^H#XE#g*%xGQ{6(A
zUcRUs_s(sr;jA`GTC*_o-CbLR&X^5tFGzQUZ}P^HX;X3eSoH6sm1d6p4XwB59R|(wI9n#(f-^(nlSus)ys^i9PFOMMV?Qq$OQqpRr$@(@xJKj98e3Fj|KG$Q`ASq$Q_d3d5(@g~wp7sN!}L$8^ja3fcG;smFzvpgU9Xi2<|?0K7sX
zDw&8aV-S(M9I2?oe1s}Ig+}?(7-f1uK3jkGU%>ZSzi@L4fWmIZ83ahWS}kr4(xqbJ
z%VN~sn3k=$T&Q>WR3k8J|2I&0zmxG~5Xh`8@M#sDb;f%>NertBe;5TV-A&ks6L?Y^
zjmuoCZ$_c7_^%kPRj-e5{fKzumUxt46}?r80IH2u29O-fvk|JhR%1Jg#E3@FG`5pm
zhrLy8+3h+ru>puq
zOTG@0ZS%W0IDX>cNlx26I67_bIoDBc+ccEBP}?yx@H$T0pV7TeZu??qM}^gK1Lq+;
zqvE*a7pUUb7E}>lf^2Ae9cJI1w!MIHRo695;Gv>tMh2r6U8i{$Jv;p^j3e}Skoy&X
zhp{r{sLgZeyhhi#r=i?RHOqojL;RhefKhF_Yytb+tiPXd47(Fp-2-;U4c8(~>t)Ia
zMq#|Vo`tEy{OFyLkM`o`=v;h57Tue2)|*(DR6qZ5kciJy^?6X!HVuAJwS8zKV%PSK
zrdSkRH5;-T4~n9P(jNqWvo6X;1pbK7cp;|{gsk@wVJ^kzX4MX
z{(2vyCo+sSKNIsq>Zae#BTIcF_;(PKLJ0|{4Zo|4{+RmiYKwUu{5R@g9{m=!+aG!Q
zdn`4LWa{t0|H;RwHmz@fiUZk|D6W#qRA3_bOE7p=y$I}snK$6mAW45au*zcWDi*At
zQ*ZjyMqngZV*_@J0XHD*-%`)oj@LjyJ&7DKI8&`M=Jtj3KiT5^F44?tPlcHJhCi-D
z;vZ|e7sW@nzHSi9@<1mw`z_49@Gd&YN%{nj4IY5P$EY-m`f_W@I?_oRHXddG`6HiY
z%$~b446Q?))bkrDb$~qR6H(K+NFQia&eu>f%t>Q=gax(r2{Z64F*@E!SqyaLQFyW+
zJ<5s5&3N8SaI()NXIU@EO?1*Z(O8*{$<62_CzURz^3iF4O*R@U+nkCx9PQ*bWQ-f0
zekWLuH2s0;3{hvpr|t#+(Pqh?kwV2yPaFBZ#i(xdP^HhO=e$X>=(%>
z97yyvbJK9*v$(mhQK?|F-UfCOTFvOLhD~v;8;(Qaj6Rh2heW><*+*0Qtw#OG9)I64
z(EEXE+79L;0f33HfFkXlOu*}4ei#54a|>vp-7g3@0Mg$9fN{5gmfHQDfZTV`z~gV@
z5CgQG
zuBaA>n*&q{%Z&l_((Ye(Bb>*;d?5h5jh4&;`e}DMZuG}seiHy#CN1Cy?JmG`UVRwM
z)ZKnsS+?*x+_}iF0ov_~N87qNn590z)FxTrE;?AJ&Vb+U2oXIDfT$1BMvHiWq1yX(
zC$t;~=E(toGAea1{C#w|_VAG_{4ki8CIVcpdK(?7Gg6Pm=Oicz`gQ>BCaBwQP~eK6
z9Id@C{+g3hm7bo0m-WPXPQ?2Xr_IA&t@AMVQ*7k#wVX@q!Ef
z5|Y*A!KX*ZYH#Sh7Ss=b;dMabm&a-Etj0D@GXXfU4rtC#&=l3)rqMP|>j2nL2Q(h9
z6-Ti+>y01d%sAZ&z%d<}&l)L#mAdk`EdrKX~TBrK}HPA;Y_bB>{W09MG
z;aLi*jGhACj2OQwhG5Z|I%Qk6qgdzkD)6df{EFWpKTD_f##;gO5&CNIHpcipkAVCf
zo%tJ5L3gPi0&ho*&v&Jwb9L6Y_)>|^Q@;n^o)~{Ox>?bAI%OPQ{NVE*eF(h6G5+`M
zq5n9Yx(%ax)@a=r9gQOVZDG4(3i!us@9GIQ&-#EjFvh>-C4|2~d-q_vL5k26@MgsL
zH`9J6Xz!aXw)Ct5uR6xxgWh}eMD5*qwdG$8-o_aJz~hi#sJ#V4EdL?!cEtFHnjwBC
zX>ZtG%YP5NJu!X-z4s#R9Za+FKLp<47=P&{(7#xF2g)qJ@drph{x<#BiS`p#Q2xK0{gAd-m&AX{CnVi?(IMV*Qt-7
zMu;751mKPUB(14Q;zK$zsVC-dnWz^4c#|MWVjSpEo!WPV)$~08zXzJ6y)>Gh(2?KK
zy%J417^XDC-)M>hy^7_{P>Uo^y#N?YkVL$MIc$uzTc=#x!5V8i01E?6jFV|f4Dth=
zQsJBR9H6dEMAn7xK`wN}L=bb~K0u!h;EbYeqqaPZLiV+ed~kwNVu(FJ{TLucr?HKT
z5lD2Ojx0SHUv|=fDSI&IjK4`y9P(+j^3k7l%Jy}bdSd9^fEtj1RIY%2*C{Xcv7kx-
z<^&*PMFIV(y~4+A894)hivo~@DV4>ja~$u_3v6w_8K?&Wq@*|w8FIWk&>xa=_c~Bt
z2FM^C+Q3)WqL`*R-VO{11g<{8s0V+OY$?zN*`zg)S&sMjH5S<(s2)Vdl`sM2INs(<
zZHmSLFf{;~WDBT)k!y^){Z^Pj(
zUkv+*APLd7j@M-%`f<;LzMDKo-VACu(_m5U9dG>2Kz&cdrwJ&T(T;<5aJ;vx;i2*Y
zYa2kt;DU0!fe5yv#^9P-BP`yBN@Hv~tlhCo8hr_B)OTU}+uDEu#SH;$&Tb
zCPz9a7Xomp4^j=epG)-K!d@IVxZEc++Re#%+H(Y>9|CYk0G8cfXc`u$w;VMp-W>U0-K(=wk3X1pM5-XCg9v9j|gW
z-k$+^yw8$$M$;^+Nl%OfqWzuJ({hc^I02wj0w8nUVvcZ9AG*_csEfhBJ^^FK1*3XH
zNwm^Q;y_p}+s)D66eokd;*gi`Eqi@52vhMEEJ6>2KX&+wUBk?f>+Hrk|aR)N}9xEckjm;Ex0%_fSN>K8gP7q!)Z*)akbY_#^Wkf$DN#!><(Qlo6sW@k9euNXvbkn-8*Mibl
z1yB`YEvUHv3>rJvjZA=@ePfdtEp*)n(K_gz5P6$oI~YQ$@QPgb7G$^n4)kAro_;n4
zXzseRZ-YhBzrf2d_=~W9nSjZnp^clK_NP`I!0Q$80_w&Ki=i_jB0E)}AGByA2cIBKIJuPuG#-I?mCXoGcno%M#7e+nwCm@GV5@?{N4v
zQKZX>^H!n7aZ-L*ZMzncuas(pzr;tmGKYAd<82+}D47fD3|`L|KNs`<(TAO^ujg1F
z9tCf5jDN5Qe&`7&>w8Q@Nkg{;ycKo$&p27xNtV9>ylZ{FHe=73?5jNQq&~A8i_rXr
zxZMZ9BR&WlNd1Czzvy`1qXsyygT9-*YiY~WoDxLvWygE%W{|!I{b0az+cbdOt4?lD
z)Ge`P2C^t0|G3O>Utb5%PRIKQ?-kJUPFDbqNCc(6+5({09k1Dwn8Tg`=CK4Y1|~~K
z<)U{PeamT))di6n)$bGBz2kV)=cTfQL_cuc!UL$l8z6Y4FRb3s!u-%lzZh>+=v#b-
z@s%pX5>hdudq^z_CFw}PcStbrLSgL=X^HOyKZd|J6q^1AqQXX2rS`xQVj)kv^YE>n
zJ`85+Hx^)~cT#W0ie8~?ObYaXhUQ>)_5u2Ms*!GbZY%7k6KbHn608?I41j0=GWw;?vz
z8e{&li&8;o=M$3WtJWW|pm@z)Zw$)UoBC#?!90udTDo4_&RE$_wS54F(QoM^7cRsz
z9Pa*$lCVpMp05LAY-x2&ILe9}AfolT3K}S2nM(xGco`WrwvEj&(A^kjZ
zM@Jzy*_Tzz*JI^7Z&*lAM5WWThCUh0)jq(Fqg1)>S@)vmiStGr1$>PUl=7vSxri-U
z3vPtPn}?2$FzP$-h-WY_FzrVA<*g9f`;h&D@<~X5jxZHB=q_)gm@LU+f6&vZ#Cqi+
zeGZmx)u~Vt!C&xd`3>Za4e4XBBB0(5J-QUko<6|D{5-L)7Y$|ogUaHYSI|>{oI!LW
zhU{L^3L%~rO8!30lzhDkytO{xj?Osr_bv!|J+L~kG{@Hia0@|_2Jv6-=#3Z(cpE~=
zjSxd^BvpuE?$(3h{66v8nWDODKb9|`t<+h<_?sU$L)jlxIE_X*j!`qrw-EpIAJG57
z-!K=FnM;jc)YXeyhg1jfCIx&M6SakUshn{KsY>jLt9Las)|=}l?Sz-~bM_g8e=5|R
z8>o`*qGWC=-Kw|DO@07{+Pw~lZ3!rqO26ve;U*t$0Kns5zL*Gb=~%sw+~i+Skr@^D
zGXQ=_1f|lmdWYQPldvg}8~PD*w)mTLi+@a|YsE9Ug9xzr{nC-26Mg-P^t8;UV~8b0W59mR)M}Y#-n@n8i$gPbRl;Q
z=r{R1<6l$hU%d{YvN5_k2y4>y37Om-{YAbh=)JPf8|f8gj-PQ4||%KC5yi+n1X-pN`IX3cL7X0Z=YH|onM`BK`}E8&~phOj;o%nBdidj%=>
z%XLO)+lJBU3VJb+r}=2xXiAZ<*2%r_P3k4!T~miICH`TZyd6dHPVgR10;b|xNIvDyOc>e_aSWm+9oaENcLn`+GX2S3no0y)2m+K@yj0I3T
zf!xPunZlkcg+1R%J_qI+3*JPZZ+a45fs=eYc1&9U^5Pgvih7Zg+zc(?T97aCS=K00
z(z`jy&!DN<0^Xg8eCbJe1Dxc1@R{frz<)CllP5iiJ&m4*L!j&Y9&8imbm>TZDm5WP
z`VpUHk?UnhH{x^CZ^)2d#20ciC__3CUrL3TnNfviE%cS#%*~K4#Me@s=c^F2dBGug
zOD}Yhl)E2Mpjf-?q%ROirj63zWT$EpYEMGUAA
z#CG^QXEU}JOZ6br>!@{8Ht7Sw9OeU1JywGm+MLz`t%?2_LFk!ap6CNiEK>)*m+?U|
z;&!{_Q(G0H&Iaw-J-IQIwFBKA_U#*DBo)`mPoIO*XPy4M^D#u!JvfW8~e&
zM&=sq4P`>R)yJs3PuZqkmGK)oEmZsrIjjPfb7e;UK*RZ%9C0=@eYRiP;W==PbzD`5X`FBcu$RQYIz>t5c52~brbgZhE`avJ-PP0
z%R%wH%ibcLubFrrJB?wH3d^-;>0CoE>~W<+&*Q3kcvTkHVS9ZLl(5I6=lw3%=MN>t
zT)!yS@8IZpTsbZ5aeX>`$}yZrUgP5qxo(AH*yGXj&Kt(-#zNt>=UpZA>x9DVu-9h<
z-`OJt@15d0>w=@_ak?n%
zUHv7mIm{1xO}p@#6MJA0+GrA?!`*!{aw7&n3bP%MlR*B{U4c
z5^uCXdW$@lKnrmWChTpWL4`c7)sxZajT#wQ@;r<+4gP-ASot*IS^zaal97XIRgIp-
zsH3t-xr;0wphG^!8%Ueb?=66(dg}%}Q{4I6kGu(8_&s44@G0Mt
zd|sI9oWAozS53Mii*L`QcW;C1D%EhWu4Fv;1UFa
z?-jzmxCB{nR}uHJ=(vuT?+AiavOjnJ71
zdnbYHd3)eKLnT63cO1!S^Le~%0gq&cy(dH$CDG{Mi0}PRg%G<$Vef2QhP^gb42WcW
z|BoXK0ZOP^Ad5~Xa~6*9Q>)1wU(M?u<;ZK#`<&6ZL*U0RC*iVF2>A@xVXp#^60bcp
zdU6cy7N8+?SVQs|IEH=z*^_C#5a(_@@3}KU<>u&cnE-^n$IqfBlEWSa!}j`V(BZz%
zrVy_~+#9?^F7d%1$RX~b9rg}Oz~8PVljN|+fWr3rN6^C_x1bJtN37#<6po%pdWc&;
zm&hfIb}p~i0O-jvv`w@d!dXnpLqhl+m!9_|Q^76i(XWv>a}vn&xL0e4yU&)$Wmt}$
z$IfktyV{1m56|QA8#$8fd0ccY#Kqmh-XNfWU1%J@4j=a5-3b
zqk5*G%aI#7mU!H>(34|`yEBI6GAuHv7aJhCQ6%Rt
z#pSKIED>Ibbm{x^16{7nC0|e!K@r!#3X$S@T-pooIZ@|VNJiLW1q*xp7$WR($GEWf
z0*+{xFpY*s2?TOd(UT*l>8XShjF^2Uj}y3?#GP_@HXY2NIDe$QYaFe*3Yw6x$H`yM
z<6K0DGj1hv8TL3ehea503~}NCy}pAaa7+^7P%G?lIEJE00!NA{{J5NbZv$+d(^TPV
zCEks`09ShUfTKWb2HJXE__(7wZ&Ydxek(uLKjK}z{SAH_E|_uNg%sta_B&$QZso5R%?>bsaw%ty|LU7XW#$XtpVItwYv{A?9=
zjY6KO;z^+2kJ04yIRE-{5=eN}UXDm#?aiP@M80Oe!5&0^;3ZIJTI>}8_RV-~H?Bc<
z0FaeC%M&m!!1QqUC=
zPR-0d>=ZaPm8#n=)Tt){e(p45qK1Kr*L)QtQN$%VT%R{7q}6f97;G##oj^@Y4smhG
zS$s&s`#+OYdM7;87;FBVARbeo339Vl-i=
z{BXa7_r?6w3g$i)*IjMCRpL?7wU^?}7aKySAcP4B!DxC!H;-vrge5L?88?K4CUukM
zf`81uQvolimz=erN^cbbAC@%`abMcb5tc6W>T$OH$J_kxk)>rV>&Mc?si+Q|{o{H;EaX#uG$StAbVyn0`
zP+SJ8#NTLw-MAj*SWuT(Y%Idle5_xr^SSkC%2Jd4@P+czwYLF>)hgpQ8@(756Kiok
z+2sw5eJWREm$$I-jN--4f8YpT0`}*Vjn0OFPQK+X@$?;Gw~7n#(g&!!EVgxkbyF<%
z2;ZA<`_nBJ*CD`-1g=iSTjy6iRuWXabNq@oQ{_*Bl2KO4v_Q$7P!cT785D_Nm(8pX
z_Q^)6g(kuCvrfjwn%FqC)E1De>UMHJkgJQcF&M+$RQE7u{+6iyPQfQ}U1k?^z|wCS
zUYF}Kdl;{^Y-l=$+o%3UeB!RCV?G7FB-QHSILOx{*H#a&tsZWhI*|Cp-B9znL+TUt
zs`y1f{;xezSA*BG!y1^#IDwW){Q`%pXf9qT}ih!}L_r=zBHINMa~t^wwCV30htTW@PjO3~w6
z@BFqdyZBO;h?(G{^?6$lFs)Ce%I6Nlj@8vZ(A6kC&LtV8Kk9-6r9bM{fnWM)HeULL
z$R}r+NVN^<1NVWK22?GmXIX5lf5MGy#fOny
z--m70&T=RJ5%2@C*H`OnwjtE&aZ@jVoTk(-GsS#O{3j`Rr)D~dT9LpQV|t8>GO
z0p@m4$Bp<5vEi5kX0}`NV0C#XEOygyobPn;CK$}HYrY8z!!-Hn+FCy-$_1Nu#$1_%
zxy@~5%FxIx33Qv=&)g5nl2C7P^Za0qZ@b0qNZ;nxY_HCdc--se8;MF)$~}r7w-Jez
zs@EBj;pj*cm(>?<*kMcJrbYzl>A>G~eLR%3SGhd2BQ^;c2u_ch)f>~&S4u=Bai@e*6>VzvBq2n6oG<2QKkHG5XB
zAJbB9dwi^wi6!sOco`J8rPv0!(bH07=BqK>2l;(J#xcLWzFEv~ukXQYHHK?Gb9ZBj
zF&A9*V=QcpETJm@XBsmNFQ-!#Ta(*8iGV1BO
zI$odI8~MC{)7LhskUQ*BUq1I!{_%h*g|S}7SMi$aY?k~ERmQa}XcPiZf7UvsegWS(
zjDvXk8U&<@sqeDpA=NTlt7mLzvHnjfs1XrkjP68?R;@G+G1gBw3z+|7>(;DcIVg2U
z<@YzWety=XPtoQ~$nOz&f!yPi+6*Nho@!M0l?ulp@Z+FLfwleFG+Qj^t@e5F|$ET_D#6jjElbYlMQNe6pi0dq(;)PT;waW
z(o3MHrPIiaucNBqhK_jnOXeXQ(7)=U=-wrNJMO|v2ggeddg*4Q;${_ZI(~&4Rs1+4
z&JN=>M=V|N#|mTmL4o-OfEwtFNDwviBOgmVW=6h~GsXbdu2AY2Kwq;8V#VSFP$ljs
zA~dGGU>D-L9#rQJUpE^R1k&~2B0Wjxk!>P9Nw;JQR57(4+^^MVIG`y%j&pR4u)zfN1CtH5Hwk@dfrAOs=n2(wDQ;eA=1h|R7p=7N@
zy>g1qJf2k-dbt(QYH-vEruxQ4M%<4(=mtvwX4-+X9~foDMn-rXh>};z9mvl=&V*VP
zg!-vynYcu80Yym8!j9w(s2X<0?QGn(Hn-@QS3*S>I~~#^P%#>xMf|UZb6JULDJxCG
zxon`hjhcpYc@yKnN0yJCgf|Dy$>El-PR(MKe=$OOX}U==Od&sA`;;FN#r{{j`MBG{
zXstBu=HqT3b00PB<__03&m&Ef`muTkaVrJ&1Nyph3#N73As6hEZ7xs`YzQH!T*}ovh
zmw|JXb*8bw_XG7~EQ4>^atkpwF|Sl})}uTAD!>{ak0kf{UdxjksrP)~(r@Pzn0eXR
zT$=F(b9vp3*ZPZQO5Ln?U+<`b-RbzI04>%~__9VeBK?D08%n+Y4&~CH%3ff*$MdCF
zWG@(Ca%iTS^C%)S6#^Igkzos4FEY|X+sN?xUm{b$t($A1#kma!(eS{tK+0y#BdNaU
zt6DvZ^Yi$Z5m|N<4l29#nfUw>TR59M`e@hoe{9>aswcp>z
z{VIj~j;7_uQ0*=F)crH-hPw@Vj8ARn7T$vf-n6+B(A1Q6zZx#aN)!hne;Y{j(?t}A
zgoNhw(_PFxV*UWUeF_#XJk83-ynQ23CFXX*NM-Lk0pmYVADv-hhq_}^xjYd&(!_LK
z*iJ4DGU2WZcj8k*4lh7BQ90*?bC_)Q^HsMy;T4Uqd@znMD3VxnglgFKux#U
zBLeJ)b+8BsJ)HCWX|9>7bR_Ki%dsW}u`s+QzI_|IjTuYYx0E07@2Q9F9$=ff1wOW*
z>pgg94jiWf2Ps^97NB|(y=khW7UR6j>dFe@yAsrhh#|bN_Y($=r4x~#k6UD{_jNar
z;&?xR$^1SP#Z5_gg_5U2^7eX?`+Ui(Rcx$Eb(Ac45?!)Cc$3}K#+#iJQz^1_t53mJ
zJ*i^!Opt-O*ai@*6vIG`hz?W=7dNaF1#2&Xf8fpeI7qjNy+7&NumdS3y4Vk@0lGH#
znH%)S(6xC4H>#ML8)D(0$8jER!yOSAZ}-0{j!2-0$s(}XwK-kRl`t04mh#pXtU5
zvE0lBH6l7-!`DUeOx5jpl&`Mfd~NZusxuB$u~EX5#^O+(8K1(*%*6Wui-0PhX2QBI
zu=wk~ES-#7bDnh!#a^cYLReD`@zQJ>re+n~}dg(N$TeFdf
z6Yy!87b$|n66cb?d@8Ec4ATpXoBzV{6G6ul`Gy_|=D!jidBn|s}~epfCm?}_9$yC1LS+rWpKuo3vD
z4BVgg2zEJ=;U%_c8pybDuAjrpjE~*k=02*j%LhY6bFJR8ec=6p#zCM;ZjSzg#uHb)
zNTs}&T$s_vSQCa?MnW0;D{jrU>YRai@Rag#a!wN<@F+oLbLY-ep=j4n#^m%N{OQ`w
zpav$FsXgM%R-F>8>6MN|!H#=?I!GR%nzrJ>YCcPU=OR=P=Njay4I)-SK9C?V5Fp;K
zAPkokB)<)0?zYdudYD)tTIDTlCbCx_bn${}mL>C8U397G^v^f_@h*CZxu0qJ<6X5s
zOV!6@9>$`Zp|29koy9mvedH4cc-I9gqeZCIQ(&u}487;lFZAJhLad_{?QrAFfd9x
zXr2~vERuGxj|`0dY=UsdB)7x5KM)*3FOusxL#Cr%sr(bJ!LuzJznDuso*^U-k*bS~
zYqLY7YCDL<5UDxzp8D>@?Ucf=p^8T}!ccB+g
zzo_LNT&s~(e8S&ay@&JX_?J=7JP_M_*)d$rMOq0Q4+g^PeH1@s>~;K`o21}~w2
z+TUW!pqxKlJKD$ojP?qJsv{?WvqtA}0K=kC;{AOIJk`Z8R{MG-avg-l#~hDjrWVB#^O2ABM{fo1u2JecP#s-t4M!FX
zw?t)KR`ff#s+dyC@H&2LKpwO@V_v2Qs1Z?tLjN;WA*I>7F_f4H&RN4uD<6d-{&eju
zP{p7f#VVDmpf846i$QhH!9g;QBe5Zzw|A!NvWIY^dQ$9HEW>;Y&NHpjSj~GF)QIRn
zBv#@^A~ARg);qw>`k^Kg??@CF2@lhR5((4Q@W&v3rZn=$Ag15&cZ&2I_@+*`Ss0U)
zKuKf*n3kw8OW7z+V9}J#OjN=mOY?GM4ny#2QXay9u(&{97NfN
zGE^bz^1+xGX$ynb)6ojlh=@@~FFdB|0*ccQ2hs5`brciz{=Hfqi}N6>qbM-j@t{UT
zj5?fZeC`8^a~lpaLf{BRMhG0_h}Mr#6l5^M5dzt`F(U**R53NuJAH!l4}(oM9TkLk
z=wB5_B+#15$Of>{;zh2L^GLk;g|R`4c3SN{(rChbv;1`JGEjrDL0mby%69mV@tTArj|m{FG*;7EgBlSXsA+qti`9L>5PUiT&W7)e%lX+cvCy?&gDPD+vg5jTEzyQ^
z{F9aQhodrY(=CtaN5Y2ctr~Yd)&kwf)W!3vm2@gI@6mbeRMJK{>rQZ0=6yPg-4=FC
za}K-=HTN3=%$)PV2e^O0NTB-WygCR15BmIQ&h~96QxEwHwpFYAtEVCjHvUHhMl3It
zLbya8HAq65fMOD2+FraemeBUrePxWP;H0<8z8+Ru3h8@Gjg^oa^3%0Xf+{T~`;d~q
zv=8Df&3DSDNiEpnM!HOYZf{ZnflRpR(Ctm?ZU`_9AETyxo|JBTbSnQYv^Vo@kQG6Y
zhb3X?84m?%*j>LliW(3eI-~E0?E58{f?C)c&rq#2x)k!$wbMHIeaqK$6Tk1s2f8V*
z=?>=JjAn4(-`tzgOv+B((DW?_sqE5Y@zE>4{v)CE<|
zc#po_Rmh|Jf!c0mO9I)aeOZoL#2q&Tb}y*wEw(to{#Xxt7y6%>9pOLrnK;c2u-uI{
zE^jKcxRpZ6-^oQby}cY;dd650xNeM=4kt%U=3)LQ?C~|}eD0Eaht)qQ(7ze_W&D<~
z6RsJ*o#75*@WJ@4%I#zBF~E8VHRlO1CtHoN;pnS=jEyDW(^dhy57d9YGpRc|2>no9
zY(cYWh;SzanvH|;>c|Y$lgNrM9Mv7I7pnQ
zf)#i;Zb+|sQtTdVPyY+fciTa4%)=#@A#l+F5BCgpp}1v_Ls4x5PSo}#`UH_U3e-A9
zb%{!urkni-_Jgb`y3=$!Q*_bcX>}VGz=V{u3L%Uf{Ey)+
za%`A!W$^#Vo>9ahd%P6_2?r<
zuEk^PGSlwH(6<0Bfpa#=?<4zfKFnDIOY8vRGyLn1AOcHp*brEPH>!Yj{3l2`xm|3A
zEJpzS-b1%7tv2sXaK%PxwH?e*f+2j>8Y3aVyW?L*;j%w?NXD%y_~$yz|KiG-goEVp
z1JB0i@JLF1H`Gzb;k*$4GNM(%(~vt2SI$}-0y#C3kgHx(>I$5%#lMUoRe(W(x&>Fx
z%Qy%;7VnL5@!nXn3h7ZJDY_V;eu(ov{L3g@b~g`?;{fB2g7L?6gYmPwT2p_4h$HpO
zRb)-I_5?N15D}&D
z7yGCj{sP}=KxgS>SaN$OQ;cJc&Ps^FE1=)M9y<@>28|T%F_XDocQN9RZJCO_=(owe~E7-`8z_6%=3<*Mnsnr0(AWj+KSM+n#
z$v8h}l@$fbP6IU}@>I46_3}JWoJ(<#OgaQ*s+g#6F_^m#=k-=czd*<1phiRtI3zXx|2Eo}WigB^{q{&~3aEO4`~Y**Zwk
zqka_FtCxYodYNk)N*p-N%~2f$3;wOmkaY1rc;KRkv#qPF_zm@m98B
zAln*LDS!UJ0-pfhgl^55=+-Q@=s^K`CD78XVG3kgdMJ3NTXTUsh{}R)&4q3sbC225
zH)Pn;EWrApZpYSr-%lM&hPq7w85YHDL6
zy8#OM)3s|8WjTSpNM#Pmvz_=}|Fsgx1NoI_{|BR!Q4P$Td1X1@Tg@!DJ$U%B(yizj
zms_DMBZFYJA(&u-_DlUCKn*OYX8_99N8-69kk8p9whLJM5~GQ()-V0h;`PSI5gkK<
zigl{FrYY9IEXTi58{*&z6eX>Z^n6{RTgu)w}KiGc`Ew=k$(^rXD1GU#~AX#HbrU}0N$8C2ytD*2`c
zymo39;uQ_Z>~C$V%jiI6MZ8S%Zz~#AHrD&4eUsPAyr($Ryz}{OUL)h>
zF-G_=yx&?Vakk+Qqy;{1nM%uWS`ud*UWU_S&$CPzgKVy~dI;wi@h_uz*+o2DgM%u#
z9_HDNE9X-j0+nhc!B3-!Jb?4>_?Ho+3XboK2=@oPF%AM}5s1qgVsFPBS%2_b+pHNG
zSYQ~a5s_zGm{p7QHd`1g`NLzpF%C>%+5cswkMiWzWwd?9N+0KSHdcd`I-pZ^E0j2o
z;UID3ynif?BN@UARp?RT{1*OYM5}^VkOzBlDkW(WGDO`ee7;$!w0GuFn=aCuN
zxOLj%5LnI>thP=oMn{b#{{H#!$T$zhzl;)P1vsdJnlR>;aOKRyAy5z(PYPUh6jp%6
zc{ToJM5~n#L2=rZnHS;4*@T0LvX37pO8D=Xti2282kz_x2^gWTRzO=)P@{4b3%BNz
z)j6X7dS5?w@5<-uh7&(E`pG`ck}ROR$tgxFSx8gn%RzO#@sh=emkIcq;5
z0dF-dQr=miRIcpd*6gb4b-Rtn`!*5n7AWuRkSx6cYgYAo+49k{$giCwX>BO~Z4?Z*
z=G`h#3(ke7c?QvUcH9X_%{Z^OH8bW|-9f0mB2UNK15wWg#c6^=
zpiC7Lm4oJB0L~}W(=h_nh=@_gmJ^kl1d1~Q2hqV{hAJlNk?--O2D(5vU
zb>~g+3A?J=&094`c@smjMuA&%Q&qdUi3P8t&YnB9oK;xp%_Q>E4e%_7SFwd_YdMAYDzSe
z_9Rd@52+7uUSb>d7J-`2L5+wQ3+LTXa{v^TG$c+(oDB#s$_c5q;O~38t_`|?8lgOG
z(39BrdWF85Cp7x5;YtXZ`ngp9j%U-H!T1)LNSJy&oxH(y=9C6
zFCaf%I~m3?Mk56ni7c89z&Wbk;{uBhw9|lXHO5Ne&4}9&*G#4F0V@z|g
zhW;JWHv)Iw>qh#AK>G84mu?&y>PzR`{VmpuD+)C-?h&sj-HIn9Uh`1VBdEV@?o>9H
zVReV$g|=Nr|0anWW7i7QAa*En6E1vMscs;qxHFreTfkp`emg~)tT56Ei%;V^n`^%w
zjf;n^&Q1mlopV8r(+TTv4cW6nooKQ10_>(bSYz4r&|s#9^8wjhpmqmP|LinzpA^Wx
zQb!iA5&VG1{h)5KSoFT-hbQ906XRsUIpp>a!r^kdB|v@ostM<@AP@E@%8oR$AGy+>
z;KR6q3()?5Y!;1mYUbwr!tTW$vxKWtbM&e%uNjr6*y!8_g*jYd-}}@oo&>}98g4;T
zEhuLcRtE9*x;cIsQ@!r9kgt76H>~XFedo%4^-j(7Ui&NnvpDiIf$VcLxeyesiFS_b
z3TKVL3K=h&NL2@3ekZ6wzDY@yVt$9)KPYRG(mUOBF6HRfY^j#wvIlZ0ZoVxpJqC@!
z47-@%9#^)*bZf4uK6VYLw*r`RJk}-j9&qg&jMrA1I6i2Ww{>f3t9xvx0!jVDZX**k
zdSt5Cg|C7mQn!KW5N)XL@d>Ey7A(hNmTq(NTzG#~j|fxEZ56z0+@_{3uc
zxYjoVo)t3-xfb;sh|vj8n&gCnqIx(!IdDwI*UWXhm_jtu^o{4b!%q5x1p-41u6vy^
z3JOlfK^!Ih)DUUk$GZiLNOv~FN4W)D^mvFg!4nK)h%~kw)
zxj^XAZUb2Ww3u=1ghf6tM}XJtFe%s>q+mCw5k?5Hi!_pRG}21W6_GMI4~q21nLXpk
zD7n~P9hoegk&!ua_S878!0$D3lm7srw+&^MEjSn_l-q2dEq0i1a=nq;*V;*q;|l*?
znw#7g$o-F*SR&%`)3sCLp+>Et)I|X`&ff}cGz8c337`%N>@_cX(JZ$1IJ;1N4gE!XR
z=N#cX-*MdF!Ta1v-Uj5oR(?Pre_tJWHI5rbcpo{*?}9Vi;xW9GpRWC-4&FL!r&kaj
zH>L2N#45@a=*K;1;(J$+H=lwUmp<$8pLBYf(qSF`Q;w{I960=^&AuLV_`g||zQeDD
zLgVM2HQT7u;io@j!cBDe&pB}p|8xua#3n6A9R5xxaQL@az}Y@PT9sW+oWmc-4LZEb
zo#fCM%oW^g!u&cI3p@jAkk**fzud775am#u{uNH5(|-$cDQ?sjqaL4(fcIJ*LOs9Q
z?13y!zd0P;MgWb|zs{-S^shG?SBcY)(o>4l-{izQ{qr9%F+MsWg%3FOoIWEYWq2^w
zK*#mC&P?|dC;2bjZ2zy(l81>3{&el_V-wQtJN_w7S5t%G_?sh5lL0f1{{*Lw<3G_S
zSjWH6PdFWal=cwEztV|0{xzVAG;<;bsYbhzA233AIBYAywOhbPQ>b!
z+f9-_Hz`7r{)$f$oPVRmr=X1)?R4Tq2RXs=mJ2=wBD4YU=HGc|WLuwai$Z>(svu@+VtO1o{Tx1M%R%w7D_o
zm(4Zsv&UonV`Z-hWV?eJ1cb=<*gqV_ID9n9W~!5F=7bkRn5*nh0QT3LOz0B=4NDR=
z*o@Uq7vJ?}a~1zffEvEV$le)bP32Jup}1M>O{BumD#d}Znws&^xbYQ
z6dJetjh2OC>2|kTP@>!YR>!&BhBjI6+hiHHdr${%caQ~~;{(L){;cENZZ>x_I293C
zy~(8W#lYqEnh=-Hn9F@wOD|2DesQ^v=tP%00&*$t5?hLTM430@a(C!hKYIhI02-J3
zw65cFpV4-91^w(N2o;z6oQ`+7c{iFEADfW64|F}3%Lqvk?yo{jRQ72|^NF}P?rNi<
zVc4k9wM`}_q}g}3)w+YJc5t^FhGAWQ2pf01LDzA&H9o<*+e`gK)7?G+S>tZ6*D-gy
zA5?L-TXf9bHfO4(pS@Mrakn@7X0ZKiZg0^S5x?~+lblDaL3HiW@yQ8X>vG-66jk)A
zxw*zXpwwa<#H-TPsbWe#(-rT3;N0Hom0mq`>)LBUjZh2~R~1~@8?$%3xd#W)!ABIT
zn5gDYyXqaBCuW(r6$NqI18PLXsN*Me!@dW_`3(or!N*yun5Ye1T~#m%Gg|d@v;s9E
zV$hMz-3JDP^3tUytQqEn_?Aw#*?K+_$GKVK$ouH_LAE|I6kl{h*ko(DpNp6mmf_QA
zpJ21KA}(83{c^bp>3W;EFQLbDM<$ud=+^vP)vM?VgYr9^rpiw?wb8BFUxiP3)iA$+
z92-|aI)f?&WTtLq24cTg^_VHp?(liDwTypQMHzvWMEUrBLAZ8*j
ziu4B28H|IdxrS)ZHtiiUkx*}3j0nkKNb7Wcs~{7Bi5KsTV1}H^J@p~)c2;<6Qvygn#E_9Xq;E~
zn28cU5tHA)$tD*lJ*#_c0IA*LWf(_er6&KW5Mr9o-7)4~VB&*075VAfVNY!DOY
zoPxQGk0gR@6koUe{sA8oT3KAB)~T7;>toCH^I_sFOmEp|xicw|&z(G4oMVzPB(Uxy
zNQSZQH64w0_FHRivDUoGT61e)%^rMVo7TI%Ej_QlOkz
z?I^PxD?6EwaWAayC=(qk$C#3HUUm5#yb0!=?(Kb^C1ZQ_#D(*aajT{O!r8O(d5w^(
zRUUP_HMg3Kd;&LU
zvH#NM+|UGhsq(qK$@vyKK7clv=0g`1afcIua=(+?&oo*;3ZUHC#Auyc!VO1g36s)!
zjkpgAQ(At-xfoa+m%`U_IXxo1;A#h#$jb6-@2UICQZWZqC!-h&wX0Ht~O!fX}Jw^
zI$+IZ4zRqNsfU%#B}2=PWQN0Hrq+!XPe2Ei&#hfcPbb%uP+(66*0tD3fc=~h$i0R0k
zwUa7JnMH_fb9%9)ir(gyZ+P;ml-td`S!GOdT_9gcdAiM{fgM={Am5QWo;0u@Rdc4f
zlpE4)x00;_$+N(2K4-p4D(m3CVp70u#x_vwMjWI~U{@)wO`uSx(_Hl&&KG8w$oRfU
z*X{&0BJwbKF|o7uIqCq;?Jagz5d5F<*aB|glyWQrZi++DF2)5+c&mS0H4yx_zN#DW
zNKhjp&wz=Y*CeD)1ocvjJu(P*c|11%0%YJki|G(xHUX2hr4T#Zg+tk&{Vrxz`CEY<
zV6i0u_LTtptefX!J&zl`gviT&3s=A5;@vMzw2uo!yUnnDi#NcA^Upd4UdX-P$$btY
zD8*TMNCocOnEPnXf3SC&yUB@|`-Lj|9{`VnmQ7Z7uRwS8zv{jy&~0>G64Mp-9)Pm2
zmyKiolSt|!tFud>^I7Obxt^um#88UA(uZ=<+TD|}znP;_Efy5{>Ds}-_Tf6^$OC(xslL`{mSd0N
z|F+oqv{}UbXKXOYUo53(QqFuI!n|7o^pQr*Of_ar3w+!Rz>otsYt>?b&Wk|Lkl)Nr
zr&QeFO|V7e^rH$jrU?XIgn+y))?$<{A_iq>{2ZKgk{X2wJ3Mu73_saP4{Ypa_D$=T
z)F*9G=BV7RY5g0|&DFqQI|o9O%9IN_-UdsA#(?1n7Re>T1JvV1il?A4txsA$Zc>v(
zLHEW^K3-?yjR|d3E(z&bRyd=P;XsNiGP~CSVi3l7Fw&7udPMHr+-#i_9+ZFO;Kqz?
zHrQUg;+!PaMMB8Uh*R7<4R6UNCS+7@f6>q|J_22VYh($q3}ciRe@lKoqmdAa#(`#}
zVo_$yL`>sYNtq6S}a%eF9CQzWrfBHuSvYh+G>vD*YVF_tlCvCR_6QRa2YV4K%%gV+Ji
z*tIK@veur(lE_jiKwz=}b%@#dKPIy~+ENr~?&Q=-ZrQnKX^^P9v&79tH?fF!38F2U
zOtiZuTFM65t&_49#oD?*3L?INt6zHv`Ez{V8r)maKO&D=XtkBLX0
zrZ5I&`=)7@GJIMQU+!(Z`jf`WTPJ6aFw!ii1Jd-QJiO!PAUp;Q1;*L(BiVyJ+Wj17Y{tizEi~j-
zxkLcdx{1nJ;pW&%Ix%3`5<+GWHokz2FF&TH;sHuxxgZ(ujo55}p1HZkHB<)TlBfjL
zQw(oWX7|QMEt4@->rrCeX~Jdkx6v}$F}(#!R~amPOnjc3z>Z~sp^_Ovp_fou{qgN$
zVpL)Vm=&Lv-f1jXv*QbhQghBjtu*Be<9Y_nQ09eDQwOB64T<@y<4jw^0(U$df|}n+
z#W`E-oM&B-UV$>aG@Lj*wEgI6gxXJpK|R
zN88hR;yr#8kp9`3k
z>&vDX*+);hD$x${t^H~BW3*n|l6`uj7)|RJ`qhD$Eg=bZKO^8uGUElSjDyBDLAly*
zrxuC7UZedK825Lk?vAYIhU9qxlEvn1ov59W5+mZ(dEEy^Dpr`*1uEH;(`(R8odYeg
zMiT2!XesV-Ed`7FdG&%}HlMHK@)=1t*}C3nsMDQN>H?!9&`d*^0(haOV`VA7h;g*l
z)Fk}k1Z}4BU1DPstLzvY`l&-aAc=l-4NN9wHv=n4_}8Fc25I)3XuivR8$s%PEj^$s
zpvVM$rKV3d_257C4B%(}Rk{x%@7L$65s+_mMz(1xjeL!dk>Y%99YgpXidr9KB7;p&
zw3J&2vD{u?Cknf?`&(Nx*6YF@2C*lv$D1EUu$}XC3aS+={d@`91>E6fwSyO+24v
z=`M@#OJ(3W?gnE-?x>)%Zhh1}8a~br5wIzvHXR&lx=#ubyZH-cyl}rLFb>c(P7lDo
zeoFv#_@V~Aqc)kj=#VtYoRpWXBk1cq#KJ9=iAo<%Fxo(AC7Yr@^@uIyN&h!!(Xh!B`*+tsSeW^
zFJQkMV@sS^OdwKB+?8&Sy-|BxA754u@-S}
zES}cX%shM^A47u9a6eCsp{0J2;B~sfpAh?HofstgnXl?_86u^={uesF7fXnV(f_SQ
z8V}}ockxm)=zc?Fbnc6z_@4QDpJodV!~UTT4QpaZ@i9{#`;qI?j$%IiC;u9b;{g4a
z?Z{HgLBDi}X1rSikB0RGeX5ih%r}DCMeOt&I2>>NE)+AkJ0vvrWd9HkN1qpTHSuf`
z5tXqSf(XbA`!7M8oDCTGh7I`m0f%8(|NBoJ<|sRjVcGw`W{KjbdSY`${!CDqqba&`
zCd@N4N-06ikVIAmlVzAEG7~oS=ZO3XCQMlSb3mE?ybLr|vhe@zGZvnNHis32u^hVhsMirL23-y#^FplmVGEdv5H
zkkBeNo6Ub>>Ic&Cb6&+kSW+uYCYLY=O<^@NJ#FncF35#;F^k*c*gjAMkSQ-F
zLrVjO1RXz|!JJXNDg7eQ(Vv0pWHK$GR+Pn;B$+pg&qEuTF8-`c*Z6W^8ia1~vsT@0
zN+n^K5ekOVHm>xxJtda5^!km0Nn5WV0g`BAJ@ohJHjpWt(CHh@n?NPAsh>Y>*FWCM
znEH<|52ldwH~f;ZWplsP&!
zZ}@-C3MIyqRds6o%)+$9@=G%-HJw9kQ#}`DGE0w%HFQ{H*q<$#5u-Adm=Q8FIkV!!
z?Stu)`2kmoPpt4P
z@Mj#%OpzV8n(RIiNmUC2Nm~WjbvntPGsJWdXCW{Z6mwukc!_DuPv(g>Tgvhm8^YMR
z9>1fGO_AcJ4iFM8cuIU`;5+d6Nt;s>=Q38tTPNP%uBtnca+#9$^w!$}skL@OYVD*6VC(GwXl=jy_51(UUVEMM
zo+*GGzCQn3o`;-s-nHJn*WP>Wwbx#I?X_Y%CZaySODo`E;)%w4>)WHcg&ly1&c6#y
z^&4Dz1l2b^gfF;9dSlg2+fTcrg_|*A?uZnBM_h4SScEO^j4I%UEPj(sKEf2DKXAQw
z1sY%jVbk+_7$&O~-au}qh^gkiar?0ma21b?3UHNY-yc(_)cAoI#aYzad!YKMxn_@k
zH)b53STZU08Z|GXo3Jg1bH!g&*!Ws5;qo&-+oI
zC5EjxT%4}gx*z=)ACB3^ek{gX^YOSr;*L&b!Qn1u`%R?#%&_vvsmy;MTACfWm~nm3
zf^~ZF7=9v|dFLS>v`AB|dFNjf3TI-GOcIk^CikcGH8ZaEwNFO}*32e;=`-3@22qxs
zhxKKH6}9g~tT+ZY`usowIWi#-d_+sP^_68rtvd0$A-3meOQjKP!AW9<`7Bt7Ig0!2
z@yO=n-veNFHp+}(7@K5pBODlCP!bH$BSw7DyutPt-qr~26G?0_{V}$fftW6d+F}mb
zKF4`}v=a<7L|GxZ#YGt<-s+<2Ae&tx0t~eCk&uxYY<`IVB2`(?lgi@&Ai9JMc#N9B
zHkdeb&ezdT(Ovt95#NaEGMzr(j9MK)j_mgn4J~52i8ryt2)v`d>CGb)Z&P7pUc;XD
zSx3HYts~Dw%$VOXc9Lg}o#eaG4gqNqLI1rd#b&wsKL3ufldvTvGgIuTrjMDPAF6=_
zPmD#?Z%>KtBjA={Y$rd8R&GYaF9n`YSPrD$ew<(@c_GFs!fMY?VxF)iCC26g;+WW<
z+1jJJ$nX}GSk8&Hbile2v;By*sB&#D#Y_V^EE|k_D_SOURRLz^wCPHj)og9ic`l2~
zN$}fcMh7`%IFE%oA55_|C2Gm|rGCfchUEktJ8QIWVG+}b?-A4cU#2`=2-t4Ilb&}W
zzlltL#``U3QVmiyZL7fk&bNZ$5nEAWdr4@p*k|H^e~yX5I|F-FF{a{rc)HLyH2c_7Aaf=5d-
z`$Tl}&QeS?1DGiMkC_vg$V7J*yH7D3#I=u%ylAGIz6jezoXI2JZXv|VMlx!%Fr6eK
zhwCqkw{Ae!i7J1L5p`ejF*R%#{*8OI(<}VjEGEA)7E`;UN-Qujo-5k4>Iey_kx7U%
zUg(m+Aeb-w+kb2QiMp`pUVD;X0b{x*`#C`L02nH?OD%g(6}^)yN_1vX69WtqyxkWE
z7Q0_jD*?YL?km1UDcV~zBKv!cE#uDgbC@N9O%(QRX5HChR)A5$-*Ah2k#5iDMr{J~
z)ZjGVZ}?bXxf~U9sg1g4hZVvL^R|fEM?Gx_GWwAvjb5c>8#PY~6ScWr(2reY*i^2mV
z`wtbEme=5x;-A>Q&CHu)S&WC>7#{rS{4mmIS4DRP%%WFYo;5?n52D^FW(fFQRjaOz
zr$PbOnHhj>N}InwMvO@Ajv_*p54y!6#cJX##<)9f01+b)jN5NX@wuUJM?|)XF)b5s
zlo*(Z#WjAqrIMSXHU!usbY}%WlvuuuDPN2c5o#I6Dpf~}3SsA1XVfyYUgkIaR3aPz
zB-!rW>>oW2favqkh_gZPB#G>A#YZKksX7*$BW*C_7iSXL5^HdP%e&YzZc##HLkK?=
zJ^B()j4uDcMt3RU*vg`63J)Y4R{S~%Kicj$JMD;?j^LbPc^_S)M#Y`cEy-=M_KCMg
zbZel)dZEPojSuItVOVJwwZy$E*0|y`UZ4_LV@HhG71c$2-OFrXEf~gtr3(=JQq)xt
z*gS&lkP>-@a^;zEO0lCU18}EN3i-Pn+ruFxjy3%U?=h|^mM%Y>yZ$|@W*SO#2w5q<
zTa`e#PrO&ZV=}WPBPx$%jeoyypJB}i@J%tK>9!j;)=-r+V~=i~P^tK$_&Gw{LiQ?-
z8B6v{@z24i^tn$U5vKRA&>zw=P>(S~d^oyI!6Vrqd?dy+alg2X;5hH2zCHdw+xKMq
z0*bin{zbda44B>ce=JH4YVcd%;*B1D5!z=hNr?8KYBb(fi_8AVPAuZCVye{9Vs{lk
zugfC#iMTF{orMnps+}&fk1ZWZOaPyZJIVZ%5@<+Z&y_^yiqFJs=pV*zD&FHQV&5>O
zL^t{3tHKlFpiGFE`53imM2%AZZcOx3QEBY+P(h8Gb0Qnp&-$9flU`PH_Db=yo6N_5
z$Ef=^@1N6m%~G}vR?N`fsvOY
z>%c$)(BDgk;-CzRyy~;9*m7gQ@dg$isjv7ZKhFzmO!3V~VX&`icbPFqcVX^78ApqB
z)_?lU5nqc=Su^XtZp{l=re<$kr7^aTCEWv
zkiAOSUE`TpQve_$HNKNzR(LkXh`B<-M
zi5*lnrtm(QceHFsi5eAtrr%*y_&H1h>~v!FXq3j-FB(Gu570}1@Wy5^Vme?0haR86
ztPyeWf+mdI4ABOHjLkVQb^@RChylji38r`BlFNu)kobYX|IW$A-vC>j@jp=C-L$Yv#u&#dNhMR8g+Om1=)~)sS
zb6P{)&br$oh4It#eWz>NS}t(4ypupuefzE9Sh8-NJ7@KrS<^Od*xY^Vw9d`lLb|0h
z@%?q}H+6SP38<#NbM4ytgc9Z{ujNLb;4mAKtmOy=%mX&Fwq5*VnFJ
zvu$;F+ZsUX*5lUIh_3KP{BCcL{#w_5OSk>Gt$oe9_H6*UaPUT_t`2Y6vJpRVgKFc3
zO*}Fv(f}+b#)N@fXjgd6+P6hZ?P?E4e{64G8{Wd@f`FUWbZuA*>}?x1cP4ofUb~jD
z)@%jUl(miNB8En;SF0h%ad^T){X7lC0xjwjh$Q2HcJ+dLX;|7
z&xUaOHg3~u##_y0`35BxXhusH^?-O*u23{|Y{3at
zuer&VzIF$50Y7fPb#41rra#(~n22b8#|9n?%vxVX{DR?TKp^W!aEs`0Ke&@I75RnCrrUl62@abSm?c
zJiz$jJBVw%se8l5Fn}iT+zueEX7e(wBIkr*+2=h980~V=v#s8#ZxsQN-%i9b30_DMj3}EduD;*~J6S9DxUD
zBz|nRFd6=7N(q4SMBa?BC4^B&`S!T8s7**9%EW7f`r6Z|VRS#0dKE%|fJ3;s&Hr2mm!5XU
zG4Vv%cyo?|1_2t?Potx6GPunT9&O(YfuMBfW@Jt=h2{s)l|$qnrh-n&_6jN2E1(Rw
zpv~RVMg{j$10L0OP<9*D0+3rrbLy#~gK8ViBW@Z$=Fd9H;14&a&h5J3S7-C9^>Bm4
z2TJD;)W9F8m_OocNw0HnMJ-QV5P@^JB+$)hzSRwoGeo6L
z{WN}%ruI{P3srjS`zdRP#thJ?R?29lKr6L+|3rCA%^6Au<8^pfs1rU29rOmL-l*5kIOx-+z$YW89^M$Ee~t${Qs2N0c!H!HZVkOLN?1
z-ZAqwIv_vfjsbHNc+XHK{ug=AFp_kQn}L3*I|1^Wcv$k516)s~9Yohs&J1u(1Jx{t
zm}#Pd0m?f-BYT-)GQs93*Leq;yN~kG%!I#1m>ok5DwZ#9R-1@we#SD}!zKYZoy2?rVKI)I-$7IH
zfk992G)(^s3e2W?%MI_M6fitk&~2kE41PD|c2YW~LIIlDM%5iO3Ej}gb2UfI{4l@%2d6n0h0kML+Jn&_n0}2*;2y&TS;l1G#2j!
z`h8D|z%w_@xeFDHu2)CKNxWaizZ$uJ(hj+|)h(fn@sd*^S~|+HE{{1?5sg5J3#3NXaYZKqjdg=DVs+UWs^HY
zmWqz^t3+PIMB@U{Yn^oNs@@o3f$21+nLJ4MRy$rrX1t(KfWh6HC~YR?R#Bjv8X9<2
zIYFZ_`5^#Q`P8oQ&q?@L8Fsb0#%FuJ>8#sYm5eT(YI%aJj74D`f9WxavtiYeBfaTH$TDR{ML|B
zlpL?sj52<5Jx(8$w_^DPVb_DOHYSW;f*4?Bz+FJoSF*Zg3R+25;8|dSEcn;qd(bXw
z-0q4McmQ%I6{v)NDwf<%uMd;640=;HisX{;R+aX4Tco#h(c6ubb1$X2H-;~vGPlgM
z+AMIFnmW)CJb};=qup!J3Ary(z^%jL;dYvpg4ctPo8$4KZPtdekeeP|L`R44Rtq$V
zE`AMbM*UfE#wgYk3JqIi5AhsKJI0Dd&I-!n<#azy-cOZ-Gpy*C;a6%y>w=&~=o)o|)2UsV!7-FZYM(d~P)Kv`FXYdSB-L
z%=jRUa#y#Z#Z}x_8-)E@lppwwXSD?+My;RVng4{4^2bFfx
zB-Au=C2wx>8;P1I?GvK8^ogYJ!A=E@>LeC{j`WM;Ov$IRRWt>!f_F>3M#_Xhc5ey0
z`Cu_1Lhh98Gu1m&3rt5jp?<MUmhHaA18osV-`c(3ymy12)P?*Iy_=oOXGSx`WW
zK|m0KgO^Lz?RlvUIn_l55Gpr_nC?6=@R9AE#20Wn_qK~7Gx#$!MC07s+Nch*!z-o5
z&Z2Dd9*-5j=<19JQ#Pxd<1ngqJSV*Sg$=O&77h5gU|ct5NWJBRao1Ar7b)-pUb_WN
zxeTvuq=iRO`RF04>7nu-ng$+#HVhd%9&7^b6Oyrq)!q^;!Yq0B^J0<)fbIK<1!TFm
zM`Tt7rX%kGu;{l?k+ZxAtXD`yt1j@P`g(NHF-mVFsJY|!foBQ~E4f~s5r!@{MGfc?
z3_nP)!Zt!e0qds>h17tydOd{LlnSGqy4{#l*F{7QjSsowSdw_(0=iX7p-eP>#XC*o
zd6Quz3hPt*Sa~-}0JJtn?x5U9C>z4Rk4kKBOvd)c5ar!rv=3)2){?JKL6{fp@sSc*1JC(GWCeF6wk*0X)u37sFs_w%(3khoMLm??LwUQYWIGVibkxUhLv}>!
z%kVy=4J~oED8E3qW_m}sBD*EoNQ=3N5Sy701ASB!Z2>PFrbMIoaSIOf@@Nz|2=0AU
z0`9|@68_ss3(YkHdqSgCqFdsBm3ZqT^v3s(4AXY#nHg^G9$xf|+_y!@h7fXd;|O2=
zWy~@V4z;TgT6`{cbVa?WALfXwDB~-<-*$i5mfwiXZvpY>3KxE}t#z*}Kn4B|V#$!J$Q~@?{
zE-Ipm=6;$qNVEHCE;EGt2LuC6V&eEv)Wk9Q-G2ci1yt7Z=h#S*kMRJHq|(Lhcd6PXQKaV&{N;lb;ry
z{d+WZ%#PYVW*ghbtmuPT=E2PCX*QS@qJa%4f&`_Ij#1hQ$~^{wSZNfnN?vbwP6Q}nlWb0Xp#c>-Q$|6ZyfCv6>@1g~94OauW}&UHvlO|7
zZ8Wl~umD&A$~%PsRvD(qWy?mwS;f>=DFLf-g;P_At@;_7T~0af
z+xlUA8htL~(=pk|VL@YkZg}gHX}{n4)NZU#cJ^88Q~UW^pW=Gu24j7iDAp&n^+l{t
zQClBdpE|_)bX6F}r+PEzjb$a?_>|*b1r`|X?!dtnTcGA)#Cbai^Gb%5#XfnNtCdny@%dIS7kf6E)-Om>z0q
zf`tl)k3DpC6WxGsF#k0+(Ixl>vwU+CEycHS2Ja%lo6&?b@D3W?LvtdfENY_5@vNeU
zX0x5m4MDSEgMu4sg0X;2h26(NZP5@-9FS=T50nY=ZAzh0DIMpELYl>o_=_>V@s~;Z
zgw;+1G6y>hGVk-3$qM2s4bDV&yC;WlFwjlF2^RoHiK_B_pXK{r>-#>*_uY>_-uK*J
z=49Vd(-qXK3^w&0ue`(O=>N6@U_AWQ4EI7;Da~8EU
zv3+(SI=u=uLH_W}fgp~6xZEIA`!W0pi202z1{+s{Fg)`aB0rbkZKj|3Id4JuIrn=I
z_-vx(=R7j}Tz=zp*FNVn3w|!Yaeix`voV#Q%Wv!o>~kJielEXp{Ahmfrz*4$RO1M2
zI{r_<{~G+S!2c@zpNRiBVEYzctUiIK_=vRB)PR=8*C;LC_gCwIROSDrd!`!a`h%ty
z;(LdG$Mw*Ye6(3&oZQNt1?-U3i_Tn0HG}BaBJ3Zq5MsktH%KG<(DU%l!x^MGrwG-_
z9&nuL$iUCV!R18({z@!|U_);k7;P(+;FHe<=byklfJYsUOUiIG=v2c<(#I#nCC)VV
zkbwyrd(4c`A-JvW2vhMBFv7#_F3^M$ZZQO4?&gO0_?dwL*c&^XT=pqVGY+%wR;SUk
z*#Wwwhc4?8UsZvARH45IbV(0gYN6@Ill6c?UmOuQErk+}_tKrG6>xU|fI{(LWx#I}
z0iJoIXk1VnR8NQW4FSwe1Q1k>bms;I91R5eono%TGc9_j0-ofeE*1d$>wZrGpGISf
zz56KWEGnepdno92I%$H(C0|`(X?Y|&0LCagNppIr3>#Jmn1*f)a|dKi9c3LNx78_$
zHqNto8r>Ho6uG8xlNGR^w4YoR7dRY;U_a^?
zPvxK?@>+#H;<3MOBb*fmap>Jt;M8&vg7iy8+M9-2PQ!1@Uqr@u?doBQ=u@PlIq+VF
ztHgNt3^*f&Om_PIqayqV`$fY&wqJNS-H<_dL@_#%W$kdq|;=
zr8B)v@D1+}HWBzSg+FQG@Gem}b6VO&Tl&Kofg-fG6w_yHqo3eeiqa1Pf@cZF-q1nH
z3zGx?g;m@ayxQX_j_`rrI#eUmQ(UVWo}_D8d_J0B5o-ei#O5P@HozfKYT?
z@lyL)BtM~`
zUqH-(2zaH4*v>R>R!_53JcyFZUS;bgoUjE$%HF6L{<7ue_bKQpOrQK$X<84B$He$J
zirDS1-CH}~aAZ3N>EFt%JxP0;|Rl&y!a;8aeq{}8N&PPKmJjM>e
z4qaCuE1h8MRg9m5qS5dTv;tT9;xUE3$HjC%!^BQKA{FGCW#yP6d=LG|2RfN5;c`uH
zji|RoejLSnUI}HLVS$hjm+e8y?SzfqVU-%hb$c~CHk=}PH^iC%LEhu;r
za=uffU!D;XKT!neG1M|ZE99<`UBP~<&;)_N>uw&B44c*E3qf6waa#v~1_k^ph8#T&
zuaR-rQ*aj!ugE(p<0fKS0a_SCet|-vO0e*o
z+D%isXezEk^w88EUT*NWp~t_%tkYNiBQM|`cv-qCXtaq>D#+hlCgK|k_}>`xd>rMa
z!}bZSApahG*acELrfh~K_naMbmtv;qn0|$)=$Ka&p0s2Bq|o#4m@8*m(oM%u@DxNy
zQ=#?`cf+%a@qKh%3(dsBJ4gjUqOq-1u!|io;g0FRHO-k==#;VS5hi$emM!`uR`q$h
zs$U$lsvlRJAG6-@Dyt37E~>bm*F|g&;PY43LTR5hI)hbmgu&;{wuL8U@Z}196vd9i
zbc7l=aZnf{-%QwDit!5!ZV;;CT&Jo)5DLtUJ*)^n1wyv>7INU72Jb`X%Q(I&WU{Jz
zXi^KW=H-j9UxHbrg+hX>`Q%kPqBQjvr@2t<5}%KC9~T1!fU4#VGj@-Z}|YBV#4oMc+v^~VTGRmgg>RPq@3{U8!gG_KjCFg
zEorhZrkYc?E5cuWPJOu9lJaNGse*;Jl)u89YFlK>9%fGQZ26wzo&RhZzt|R?YPPf}
z!mzVNRGLK_bk!QUoWvl{{S<15lm2HT4+%}Ex=vTe!8SjCa@@$i!QdP
z?|}fRK20@NJr;uBs?d7@O+PHO78#koRYAw06*WZOVhMA*f==f^!axWIx5M=M6a~*f
zgr)s2qS@MLUK4+**e9V0EgPWa)`%n;>4-}#ecZhzP#UcE!g4p=DNrb^JdmS1pgY;k
zun@UO;eH~e;42mMypeJ{_y%Yp)<-QsM&xeA`a>Zv*m)=68!{IwmNUMHyk+bvhrh;e
z9PMM8JPNhy#(`V-)=O<0!1`2jhQ`7>JnZj+9!2;A3_a}GJKyUQDK84__Y}St
z&71V{CV!SMf>>D+hmIR?&7LTx#yum;MiSf?>9a
zj5F(UJ8lH33dcsTy31|7hoMd*L_pBFIA#~PTjBnln$Y!-f?$9JGhKX=ro*|jpUUo}
z*-!9wlQeG{l|6zFT$_D6mEl@e4_(y4_h^ci(WLE+8+;Vku+qH_SSRMcZ!V+?>-+mS`3{Y2MLdTW}%W^9_9|W%m>yra`(h
zzttB0!w|FT15}FZMZJ{WLu1!d-b=jYtZJjY7Hr&Zr=p!y)5C``qu`PI5{}D1$R8o^
z!!&jpBZshq&4?1dV!16lQ5MUh*`)}-Hi~F7jNElH#;}2dxITqHjIkT-6{Dv+>0;9Gk(Kp2)en_D(h@EGq$o$G@Zq_vW*SyP3_3*d@$^@(qI;6y$aat^(=Z{)tic
zCQHI8X82cW%n=TEfgQHb1lXcD!!CkC#D2y74azGbmuum+J$yw
zX4G3Vg%t6MLVu5SGEDPMP)#piWvYV@5zbJG7hu&;4V53KvgXJ_c%-k>v)AXRZOM#0$d~qhg$9!&x-PUlUhvf>pIOFDe
zPM9)V2+zvCEco5BI_#2z)JM!O$e=8|0%e+44(BsmN(g3H^Ld4N80;}u%rMj;eu^_1
z{_ra0{I6G@;vP9az0MqS2K(e8Y@j>X25L?$q*bHdVq5hLS`|8*%x;Pm8YYyCgK^f=
zcj}vQrZpL)4=OZakXTTDTA?Wf<)0LuC@9OXvIPIX6_l@CZOOP0LAmG}`_efC<>wUd
zFDfWS+I;g`OGBKrku$UB6^g^OSZOo=I{V)FNSntLIhC|IrU(}zZRWRG5{8jB>lNob
zq|IT)9ZuT3sz?cp%<5alN=wp(Nt*-uT1shCy~-B+{~Kw;qI=HuwpDSRDGGIqLLV{~
zu!2*Rk7yTX_#$Xcv3V-#d5hfDkXv6S*=L9W+R)_SO3aBwMY
zg_>{{N*YbWBGQ5-{|r^)KbvI&u%cmSWOSdAX4i7+220$pVc^a?gM~+yG1siNe^Tg2
zu{43GyaWC*d|t7+g}~tz4ho%9-F+Lcs?V
zkEaC;>!V_*KcLV!>P2E4P63r|)Uyix4z!p0$X<^p$Ile>G3a}<2WYNUIE18E6?z|_
zvj!p?5`ku|whenX^mNB-=G~!gzhr;6Ofmk1iZkKGjXRTyk#7dHOEG=`l`kEgGaiSF
zzE1h1!cU`)aRczY(g9~x_>e+-a|7@T0yiR7gTuGbgROj~U*J_y+OMf}CaUf9Z|QD(
zt0nza-my&|!i_DvW0R&GRd~OQh3}9<5Pqu&pGMDMPuOVpNy4T%Yi#kiqg6#{)fgzU
zM&FXR8x?*$cBn_0?f)u;eh4Q$xo4=*j@T%p1?^Pmr=TTPpP?zXX4ysFuh4&nt}yGg
zSX-rPLHL3qd=vK~|GKb~}gm}~Fvg3Yc>&*h)>@5T-(Xjt7xgnIr4OMjfmm(B8cg{HDFzf}?bEDN*0%j<8p
z1f6789o!I``5fiq4tFa?ccmU{@Yvk1h(8CzFBzaq?J_OLGY>2Dg
z`)K4c4!||Cg+@Qhds`f;R_>*FSZYm(#@Ypl8D!)TZ`>RshhQjSaTJOq?~rjzY_-7PClX<+en4IDT-Ynj-QX3a3{fC
zCR|kzRuNOFca*Efp6knO&FP^QV}L*;4(T(QzRzs5eb$eqpaOG$yk}il1peO&PvAu9
zth!D1{oSUsR=_B8nmeYXl`cL+Guvosn02U;yD04hmYNxInG$}-&%sDR_4tB#4BR>i
z`hsXfm{Fy>jRPrcYV3uH{p@`HXrU$iVILllATd9LM-I-wUY9n>MttpNOB2L4mh^&O
zUP0u{vnQn@m7Z6Wq*CdR3QZxE=5DbS_@$Bvw96HALE`4;`qmp3HygKFl2VGBhZG}G
z-2A745(Zhs&8rGeDsIwmu~jFC8|jjZ6n?I0xnB{JPRqv?`afY>9_zAwnqpc8!xo+}
zVlpk~DE#keTE4B@(wuBsisJdAqWlTIsx;DtIkIGsZFlBOT5#rUx5fMy>&A135YWTw
z#Bz*>?Gn_hF67GslO3}muUh7~1lp%mzyDWF2-{R;hW6hF#)6I?fHibdE7!V8M<
z4IorOfM1I3p)Bde#(lKpR!iV1Y;p=&f_lyP8`vi*jJJRsdr~1P*IN|-HOA*aY7wVZ
z@iE=02;Xf8V7XWbkBT}(Hxn&>6k^e(JD*e(_UIhTJ7#;9BzuJKD)?jKM7q%K5d``h
zg~sh51e(3mHs@gM{-V?K0LKGD)))g_tWZdOEDV*WXzUZ%dNl}p$;$B0
zJ{F0)JiM7bO1o+-BSK2E@NC(`9eBB_zlLq3a5T$BEV)W0-iWLRlf4
zjh?y4Zs~+0b}QJw+zIGD1tl_zARJNz|K46`{+5CgWSmg-M};S+s{9?c$%$0eDJYRD
z(U7lEgd`h(S@Pbc7;$DMIXAgap<>CrgJ3@@Xf#JBr~Mk~am5?PSvK^)Y&%jJI;Sea
zg%~>b=u1froiYH273X#6ewd{db{fk5>IH><9ZZpIeXsu8t#DjQG`tnD9R9oP6m9u9LN;tjg#DToB^MaNi3+R6*X~iON_u9{Vq$<
z?_Hkd#V3r+n{G}sINlW>gkS^5X0pKVjH4BPIdkL`R_ge)7LmxcUsO;Eu05gfYfBZB*f8PR#fp%GYh^^=rWi>_^gRkqJybtZl+;5td6#X$xrb`2q9(RThUz1V
z@J5D8*1wt_OAcS5s5(OvP7AY$rR#Eqo{lxh%F=tILX$4cTT?*AnA@Y!Ggx@*J`XgXgNZC66Ujr
zg1Z%-$iss0xFYz=7SNLlI`>rZ?ywE_mm&(>NCll!ffK9bRf_)x9qL45_>Pv6de$D)is5R^}jfznzh?Ony$Gp9gdt
zd+IwaB~Ch@)CfY=du-*r$B#vjk>8^TsqeuYQj`n62UB&otv&9rUS!Qh3QZ$`N{@kx%-i&yN!&d<>eaFpk<_5$cOX{fofF;VPsL(#BLUSg-IK>uB#-^S7yv%Ils`MU~b
zt@*OkbVY<{hW=Ke=jQS`_t@6Qv8JekS12@Y^%liolR}fKf$vplYBli3ijrCloVv%-
zH(XOhZf#T4kD$kL4#kPR-3q-6Vz0p4N#$3X<50seQos|6@<}crdaN$c?rf%M+6(wo&4l6Wu^Uf$r
zV)JAwmF~6e|4%SGACy~;wtA#O6BaemLsuz0@hC@%zh4m+!i#VKw^O9=WxhPDz~7?o
z8L*$lKo2RDedZhcsl`HNSe{X6+^`7rL<*=ZwtrG+Qt6%dLE9s#r1v`&AyImdHb#?I
z6yY^6WtFj$74=XM{*FkR!j2-yG=vZM1$Rq#$ZK!9&sO{&;8y=@i_B}dMpfB@3-Kn*
z1HTWq$(Z-QuJ2!1wY495qt!}Z_v!n?O?Q#ZgNmxg5p^mJi)ln=O~Z#RK}l!L5{0Io
zH9Hg~>8yFbLX*uJY0{I5631LJPR}d!!uq-CBX6{yC4R)`^!zoeln;Z55LK(*Ce{Ozp2oPF4Jl
z%c+VdHbE-B`SYFPr!S8tesQf4N=%#ii9a7IkWyq#_2ohZlH@`)nMsi$GMYaVAS6*u
z$W@v=r)GTCRlFS2G|v9Xb)A25RbczuD4AFJea;vOU}ADrekch$C0(v2Qsw88NEMBY
zFp5p2%D~i#RPn+(P791G(|{P0lGj#;^qO3qW>)2|CW$6LOvtQ?XOihsGOMBpWZ8^n
zR^^v%W>tJm$gB!=uFOK}S^RUGp_25&LCWR?br2USWinLc
zJWZJn)kVOwbmtZ=7UzWH><&=$@wY4FH@x{``}`q^^NWxGY?g1sCKDh1l!FK<5qBP@$x5zLfpGeU&Yysdy@M;
z#4eRV#1F$q2v4&@C#enz0uiLhmu6{7=#)txg)D^!5Ll;@$`4Ql@_wOoq~63$F~}zb
znZ_A%NyvNMl#B1E>3&2nz|B$Q8=TTg*~nFjL@A%8+$ofe)KEwthaiaCY1TrT-%l6!
zLj?-BcfPBU#^I`j*R-4_p2hWH60%FeRTmDs`zfP^
zFL5IFd7zSJH?R+P;d7J;TDz&H*=rfXO;tEKRZECqR@^3)LT{38T
zpr4kSPxjY#LW8)gR}pHU288`Z!C%D}4wuGh2`3^RG-C3ZVvA8MlANGe9E*)XoNc6*
zy@mqMqu{MTzL}(eKS@0tbFZ1nvXuDGz3wjty1pBOF53@g3J0=y8y6
zh8YnV$pS-kaWluvLmCbQy2Fzkbh~@pbQ(MKxd^})8Ztjkj#BkmZlZCzs_lzsd
z9N}W6rG`D)#P1I2J>i}Q!g^`ia!lbS%5LH8U1JXNtxBGU2MIHdr-6(vH8*2kAz>c6
z%v34SCBberKccKYn%KmD5n+@a%WE5H45&bwsOMw~BE=m19hp+(v_(P`*ktH&V}
zwH}~VoDeSu(eq4eR^m2D{YavN9OMhRhl(IV4pQ}WJZ{9<22%FoL3e|@i6f!9#TC2p
zUOjHhucTa%-M!rWEWppaM*M6xrRL&i;2^pHHSov=4lcxZq}1c@Pw^{FbPc{whrrPLAPK96~o
zxd;La(MsT1g~U}WsSr00JE*3G=C)Ez7nL65zoz`pAoK4|6w6gQ)yyK8FkDC45uP>g
zaH@*XLIj{ht`?^n?mkGRhAc5io{H%mHd+MQ$wdXc)&>NRJ+^2OrA=UhbC3j3k}aE?
zm6(#p&}oQ{IirxK?Zq@i|M8_CX7IwxDHEBeo3Kzy=IMzrSfcka8S;^63ynno4cJMN
z3-4N!oGa%DJcTiP!58?bSPr?-g!znYVmgP$EvH&st3N<>&FDvPIRsF4D;7z7VmV^b
z3a-E+!o*aX46v9fNR~LhgYPY6aYm}b{VV|raciX3e)Qm1GylrRbz_Wn12^BMoek3{
zB(g;K6?ul-d-EQmYY}A@BZ%9pZRXo7d@I33<*Z|7O+emYNNv+NK&~SUzw$(NgmxsB@AfOQI7=9&fYY9?{hgn$8dpx0$1!yF)
zJea8flNt3`8$Sh?i
zgmyz4$s9s2&o81pXA$_O&uZNv4lg?|1ed;R`)D*)22fJ%Tv1GggNSIvC73HV&K`UX
zhS7q`5V&tbAN>2)Q%&T9yxl-R>Mo-^67aG@?q=v~6A)5lviBMmw^zY%f80vf~=rX*}1K-Am&+wb^j3
z8ij(RbjP=up&UX=+MLj;QE1gzv}*g`xK$HQNvp;(8xi|hfj^nEeLX%Jq?boYuQylF
zqoX+*q+`GEXOg}x$$%sqhKVQ6F$|?b?Kmu((i~(5jcrdU2p$K5omr5@e+Cb2^^yF0
zRAHuf63(f8mGWPsz#*F4Kn3PY1xpn0(nRj{DNwc^ps85?otlx9b(9L%NBO$aj0n=R
z;u8u!|HKW7RDA7vT|kKPY`N{M8m?z@AJsg-wbeM2M$#0SLcXeaq683{!dAsUFQBS2
zJ3R`ys;m>d$W@|Ak5Coz8r{Lw5n|pZosIES&pHbsgWg%_)Q_T)n`q%-s$NQ?`_OwfGqf?VwpF&Y;v}V+4d;cFR=kQ;R1PnX
zp=4zY_ikq41F<5^!pF2Ad6cB&g!tr#_}~Q-AAk1S%Z9Dn^iimlmT_&|y=kC?SMD?{
z&-@U9Zuln@=Bx%nMgv}A(GGU`beM8p&ZnBsHuEr8XMP6T7$2j`ODpirq)~iU5L~p4
z9|E6$0^h~*54C%m+hI)|*kOd+Qq0ndlZdN_g_`BX64TAWNHaak>~tF?z!HWQ{E7kh)O>k&pCo^&9m3aUuA
zXydYCV*|a1YR}?UbG&}z+YYBeUZVZkt;p-#Xr_vT;>*w}P?9t5#ik0z8IQ9ejKUVq
z`v?_ZB`H~9_(Qq{UZN$!yxAaxUiu&&V3p}(@!kb(fyriakk9&6?E3$RGVY_P-tlu$
zh33Uj#W}Q#k>?lo2Hbovf+~zv3-{|Q@O%Q-iJNNtfhYW7@_8lncMd{qB3tZUID-zc
zP|m`YGs?r0%c=NhpsW^M*kuI2()=2BVXq@b4QE%spCpOwgguvCZ!79o
zW$-?ld*ZxWitPoi{ZB;!^U*rq^honuX9fnj^i!T-
z_tkaY*jiG9`1gzd%)wa@8Jr>>oKd*(
zbC4F?LYHBDaDZQdrr#1bLJPb<&}BSAfbV$?LvrEt*PNiG$NsAHFCCu#rAj|tdKNat
zeK1C}Vzb1o9O}SdhyOs9@O%nF37WAUO|CO06YOUfo?oM@xVRRYy^pRs23{MWMTxv-
zcA_nm-A(y}bk${+k03Kz8(;}(rA5e%
z02pVpHdZJLq$#^mJB%eTlwb>ljVI@RZXV=#76Hy*F>^PDf)lGeg#d^!1uX`rT?zxw
za^zu|j!irQ{CoSjEg|lpxUSg_3+*^`5SKN+5V^AZscHym3urMvnOf*Qk0-J_!=#(N
zpRVdLQUzPgA{Yb8VM68hm>qu}>`MsVfyblpc!;iYZJH31(*wEJ$B;{mvq
zH{fz@FU`lDIR0H*xci(VW5h2gN%xLokJd!F;CN0cl+U`;(KDtMPW+1yAqEDuKEuXy`>39oY@SsW
z`Fj}xz)V2UTCgB=syZs;1(Y>l=ENW;PU0ge-mtPt9P++tnu^6d;|7EoxfRb{@1qRi
z#S1whWygq&OJL$qWU^MdW1I^qg2DSiguqPTB(kEGLjA|C4Y#zTGPZ>W+Fu
z7$T}%#wdubl7PvXEC$9A`fXTTz
z`uv(^@>r&@^%&-JYdt1oJ$8-N0EShr0X*O$DHOiqK!MHAoUS%~Ik^ZD&6@_e<-XsE)u2p0{eUfhh?na`?g0adnARzJJ;;rOBw@`?par874l0*n(`bwW;a
z;-oy7bvT#n@Av~JhIuBd(q4#_^|CcMMtRq>)wX&iH6XuqKNdDbclE~4r;KWBTTxUu
zMB}OiWEeVuT%U+s;jIEU^R7dSE?>#}N*vaaw_-jOR7H7MWzI0V^)zLW
zrs1py-_oDsZb#UTOk*K0hUMOwiu_q93$Yyy_w|Wo5GG}=pvAxt!;l%oZ8eJ=bApkL
z!l>ASr!(*#8nvB2L!6ef6sfUz2jTQd;0wEp6LH5|e8`hDeDI8$*^9vUd;pjSB_s=y
z2ysi8iSu9)2NsU3_jCAAv-^kT2XBF4jr0T|I9f@&j!GJM{bWh)pmr`kWTJv$=`kx(
z2-*kN=H84=)F>CJhDzLQa4G}cXqsZ|u|9}gU_Zuyk4EyZ(?(^hS{a`Bl9nvFc$h;>;Zg4V$vv`*B9ek`N~(3fBY0M8%z3)Bh61#_H
z{UU}Oke`ND!XE${1_;XoKjD-muTz9SNNkCcm;(|4uYoFsUOQLMprtWYrEEDD3!ZhK
z4a4At@cGF8%{Cew@R@~+MVD*zSFo1~u%f9+Fr8}VlBBrM^$MZ1`HJOjLQ+(?LBtXu
zTi1A8_p!`66P*s*4xCK8pAYYWc*fbO`z_>5Z|w2d+cn*IBn_yqi(WqN=X?q=!JRmx
z+bKnh<~EbtYhI3ZvWd@aR;z$7L=uu^m>VsZD*$&35w@~~X%Waag&ovvoYS?p5e)Z4#!lw`-ASU@$uHpD&3ik&ul3sdELGj721U#$I68c#apbGm~
zIB;R%dIau86$GPQkf$r6z?HoZJ^(k%6$NSISM=4SZTzl6#`dZdhX&x
zEFIGqzK?rTrEDRVYbF_HxX&u|E18JxfK%E6+$zC_&8GAbq_M@8qDO$lsQ?A3+9G9}
zl9nn`p9%K@1s`khq&BULr%YH;o&hOikUl6v3PblQ^bFY8m#<64=P`vQW-kzg?sLLUZ{Qw&yWJWP4}W`&E((28p{Ee6Z@hO0eAcRLd<-f6lp@@N;>V)+3N2oGAb+GKJ~5@46fjp2-V6FC
zpnzH}K;Sni{AEPMK)`>f-moJSvUi+05@|8oBx0DDLk$Uy5k%NItoK2qKjM4^-?0I5
z@R0#s6>*L-oVSdkJSao0&LmmP_-^OkQI^*K%l^5@U!c+6WgaI@G$$+6xf9K0neIHS
zHM|#YvaEw$0@pFH(`^ui9RK8TMBnuW7Qq=AE>X1B;18KPg7T4H|z4)#qU;Q()pg}xuOCRvNO
zNKVA#3Qi>AdkTsrB7uhLvBS~8B5R{!B<(83cu+AOL!Mun24f(+h@tQqy-}L_M@30l
zNJF_Lgp&nxA#?iSnq>>gH+*=PqWm|6#~AS8By88FTE$YXZyr&U$AJQUXRLKM7bRxn4^o{n=Mc-ZmCY#*tm#y>XnSFLfiopeU)EkW*nxxf?5R@+MrN
zDE(+c@K9W`0BPnn#ffXCs6xY}Sri$aD$Sy_bi^e=xdFj(PkmupB*aDPJU}u%?^4p@
z!nlacdsv}}I+hqw?5INhIgkpC((}B6{IP<9hAn=npmXFv68f&Lv?G9HM1KyXAhGUs
zvqB%iUKMGf;3Wl1%4CE}Mt%#E=vYd5Uh%$C>UB!!fzeA_Zb9nUtEarT&#op`pcPMi@TkJZSLfrB;n
znDj%DnMkJGtOQm@i;!5PlFKh7M5vuB2bnO*i&{b4E=PzvtI+pBcyV}1
zX#cuIu)bG5*%HrhBiF(dSggBf3Y>|1Xo|TGKM{HvJU8*Z2f={#U0y@))^|UGg`qws
zp^!A-F-3S02#`3%xKINpDVwZEaE8x2EI7xtobN-r7r?#Mo-b4~8_OXG4#`+J;0T9#
zo2)JYs1V3$rCj_W!Unu6=@S9l`VeOf^>%v`zNlD97u>T7O$aG0#8=e~
zNBk0nrXW77@I>NwD`;5a4=Ywu;-6J$0`W58{-p4@2`7V^S8tnkVS_3<(j)rvze0~1
zi5YcF=9^Uf9fc;X_(g@jk&16`uvDKw#W>U{vtc|+%$9AhLK6ds2sb>d2v4vgJaLFm
z6K6uu__XPY>9&UCySZx>oUohYnbe`s&tL{a7_r}3uJ_16nmIrtS)%8*Vgi=kO+`4e
zL(0YRCYf>YCo~nIJ=y}SC%E_oU0+^=EBzy
zH&Gj@8HXk~)4|yY&X|zvyvW;yKu05bJK`e3NGd74-6@BY5XRQ01PXT4!z%B3!=)nl3GrWH?f8
z>3mDm522^xSo9>7J97%eb)rQaLGT;XFXHXMOE{mX!f~1oQ~p#li5zDDFgLD_!V*va@?*oWgO+J
ziYQ}TD}1FUp$xd=mcvzxcu;&vvV@a=v(UCXX^?m6n8aHc`~M=qx7U67XzoNTjn0NxHZ$CXq$b+IijE*+9o)}qjF7P20-geLAH
z!Z@5T0vH974G$-UJ*4O_8?98fhs7rD`Qr*YhUrrbZF#h6%d!H$pzyd2nLvL%EOf*Y
z+lIJzh35(sDm-^w!qHxA!qKMlUPI*aUPbfE{O1+)
z3W63bYJgf>LEV2GF+vY@W+M%F?*ud`96(Vp&V!KTwRs
z!e3HQio%O8w{#^bTn2lgV#G}*8SFPJG}T~#KoOD+wlM2Y6(za8ij2!*a7?PNRx9*;
zIOU1I4X4y4aEewuET>3+k6CV;o3y_XctAQMvA<>J+^h)a(;t8L`nz<=y>Ck1B@!j(
zA%!AJ4E!}_hzMsr^Op)4K8vb|#J65)D~a1A2#@wC^msOFAo*;SMX(LHhP6^9GF}eC
zs}Y+cWHx}aIzpSU*#uYO*ayym$0t5q_6b4|0An=?g<3;49j27O?aj9KPuXo9lE%+a
zwN^|ghZW@oET()oPz&7#{*x`D9!ohzZ?WaPG5bxczMjl}!`s7$6d`W2Bn!tE6#66<
z4hN@vg!`XDo`{Q_t1Nj5aoS7G%KA6RR|p3{wB!6!y@)Jivklf&j`W?
z6d^J5jI8HJ6k!+4s+?DFB*s1zRYqP@xL>1?vNNu>UHU6%<~4|;ZNs?>v_hfJcN%_db%d}FRy<3=iIJu$=-$>r-W_aW`2snw`**=V)z^Lo$2(dw
zL@i-jp>j)n|LRuSioXV-FcUtab;peFU&PmpgOzPoq`!4GV(D$%-;~Zt+1t{VVY6Jx
z3Ch)4R1cpbL$$W{J=yl$tWfy=uv-#6f}H*OTNqvBzh
zL{uVQI&QG-iwkotEPl@XHKJzj)HlO2I*ooP
za0_9r$o0)DG#cH}p-3shA=3C(7)2azOd$;16zC3a04p}*+#{AV+z?P^z~E<
z*?%iSQpU+yYbi{{I30?Rz&N5@?@@Sya(zr8I*M_ztEKr>>ns7O4lXZOguTW@#5cWW
z@DgHAE=53{Gl8*4x!bj@6jqT(6rRK?!i&(L!V?ZBMQAm&+r}i=MXbD1czmLTF|hBY
zJE=16NyeUYW!&QuZq$rGvAHP3PLL{1k?09`D{XPvl|(Q9m_ifSKzjBY3QsU2i1zTh
z!ta6pRt2+aCBiYVzR=M*K$*xF9*IoKn}{1aY(MUYO0{4BCVamxxJ{w=13G^Iw=7j1
z<9F|hK;a&9fNEc+sn^1~wL=cT(#^VYLUG`XWp4NdaKFU
zA_D1?Ih~x9qRYyTb8DxiFkutUG#~<(XbTB^CcXKX!V@>?ws=iu6<53{Bfr+yQz|1;
z&7Ad?3{#CWzKG^J7Z*rg5RuZKRE)T|?J}zlD>P0u7G{4|p`XIU9EH1|xBhu&tJmqPTsS>Y)}&z%bA?$Jc$QuRj_bS{&#v(eHJXL1%^DpF`t?a#Yc
zCaLhwI>k*?|72-@S`m`kpMR;)frMy
z#HzF3XbX*m@Awlm@~x%}bE`3~409>hcT;^jE>>5{h-4D49Q~VZqrZX!0rqGf)j|^n
z&8240Gn1!s4^7~Y7_v+rahwlIQPM#LTWnFoGD4;~<+(|5AHnXl#knSGn|oRz!`tR$
zb}!y)tBjMEvZuOQp}W{CQx*al>USyxm2d=zx|1yJ>-ZWAq8%WPMS-ah5ieseiaT*^WhbU+veRI&3rU$r??r0zz7scG{nZ_Z|X}gLf;t!?U%1N
zn68z%^18x@mnT=
zRfcbeVUKA@?9YH3
z*PYxIAP~0Z&zMT%Fb-(TCXUH`vqz4zbb;J*|S6-AT6)$3XRJGFZCZ+
z=zn3ADm@F26T3o53;v|w#Oz+u0UO_8>5uCGSz&t=I{Y#&g#KQU;}Y6RMJ4|$c}3->
zky8{Jm!nKt(WKC1Nw5TEo1(-e!4m0smqO1shn1K|UeVW{8G-BNm8{+fp!}V-F$Q3+
zunXV{1>me8=8fB90Q|=1mvGjqwda?$YD9f^*S31iJ%wC3_48~ZtMywpwb!rNyl&f;
z4eRPRZn%k4Bq1wLz5SflP`9)0w#b|O^n5d2b!}VA1+JEN66KtRh$DTnvx2sVm55)
zGRcmRLI%GQvQmY&Y}p79?n-UgvT4oc4O>kzB$EpWMRAX4f`HML1t)ym0^0GvBI0=B~4eB$&hu(6gCb2
zHv<-Z&>jCo3X)Nm@7(c9A+y8V^ale3ML0vguU_4;6(Yno$uNpV+S#?becQH;8@d<<
z67Xa57J>P*S^09}b;KmL61JG8?L`Ul#1?NjK)&0=SLl%u2!4|?e^u)2RgPJkhshTu
z2|G*C~wLx|SG&$Q=pO9Qj;7OBf!Cf4bKc+eitgwqX^sPiq71yV*
ziBZVT=9jp6briw{Jp^aN-C6t%BcBJN0Zl0&xGCU49(=fwVg+C7D3j9{9V8byMrKgc
z#jJ#G3F=^B8PVFEiZZ7?Sixwuk$
zkjnOPY(a!guLY6VlNfg`iTY@-ys|?!)5?_~ZNxQ{F_WVdPHTXBcK=ApBlN2(IM;r@j#3C6KlTHu1W%
zk%DnD;hH2&$uVnQ1Mf~km^>JRCL%sv9ZlvRmDJ|l2dDM4Q(3Y40(4NE4WH#IVW$%f&Qc5;x#V1gnJ;I+N8#
zi|zGT6F7sp0f{i`s0ESL7GrQ*VCO^>dX93;DcEwHMMa34XJcI=`VH4NXgucv3-DbH
zr4p451CzhoTxf7O5eJWA&>IYSgUIz%!69?Ao$({7c#ujLQ0^lfjF96h7lCFDpB6YK
z7Ffh7#Wl$zNMdvud^Z5Z7@g+_?t~zOV;`mUQ5kF{NZw!~D2oS1
zGJL2BKhcf+lv8(b5P0B-<+YDWpE79dT3E`6_%s3Deqs8-{S_5X<#2atFfwvfI>&9R
zplo*v7ztG8x^D(P0&~JnQjS|8e39EVQG!7Z;=+a8Y4BAnLz13c_Xa!&xDAL%-s0f8
zf@}D~F#*tA=6_5p#IZikx4X=hPxyhsUkrirI;G2cOyp8T)5}E2J;dKzi3I@ktP`@f
zQN}xXmaM2}*F+iETprkYII1({*?~n5aJbPoGO{^5vIXcTjO<<=*|FRWh?E9NX{tGf
z@osv9LpzR#7Gb}uBhrDb5{?aHimwn`%$+P9{tm|e%5#i;U1aR9H)B8D+v7|qp?pri
zS3xlT7vV~e_cBf3dqub`G<7*$)=zK3F+48h!HUQcLOF0>20mF(O<#{WTa2K;&H`jJ
zLEva)0hxt5Oh8remEng0emXnp(*|&99B%oIC}@aQFh?AbsEx%pm393K_qQVZx0b$Y=a;05X(0lX9uxZK$uCW~{=(vXbWD
zD~EE0|C*Vdr(yTo&-oK`PGiEEP&U^ArM6%4%JAU<%NrLoar9WE|C_@f2e=4-(jQJ+
zfvgJdZO)Vc(G&1;N^heX2znUC1;wm>cO5eQx#bl!&b_MN`KCqil>^A;6UYBXB3&S8&x8*-A3;8__{0p%`8aa`9^@uAUj@H$sDA
zDEX^93c)?AD93H#OJ|U}2%Hw;F~z7(!KfB`Px+odjnR7c|6}i6gCxnW^RV98?cG^`
zz`|I73y=gj3liXR_SMzT>A~y(^Qa|yc6O%OJ)l8|ag7o8$=DReXTMM0ezg_k_LT3AiA~
zSS~W4zqeIqmWmj62?G}pI-dffjVFKA+;&&_%n+ic^fLGhjsk2TSu(V
z|EO2F_2lCpJ^x$g?;IWS0j$Xex|2QzRSyc_?|p6YQ(vXq2<`)n8>P~Ij3(_IYMn1W
ziBYadC2;#umd}YND9dl+4qm^k6&JVs?RxM
zAO9J;Rf`|{>BXn_IXBPf9PrLQ#ky&9F^l54Er$Uul_1o|ub;yMO8oj>9;ztLI
z-~ZFH6?igHYJ6%WbMar88eW8^=6zR5WO_-bfTBJd{Oeq+55Fv0`BS&q#`P5VXRmOl
z8t*{>zHxu?Bh=luu}^19Hk7~g9A-P{)wwNbs%O(Ya#~pPzcXKHIu`aiRZiW
zCpdkrUvq2m?vwcW_hZ1&c@_v_U%!qiW7t>BVR`jE&OdqVn~R_0jKJqOBM|l<%@99}
zJ02{)_6?W__(mzjNi7T!9g4Hvnh+`LG7^SZbc|G;1xyvR$q9Of*4|CPn(
zIIRXesj_T~Sdb6ny-=zC*B3uT#rhf)D+cnNd+CEXEg!nD_yzFDg4O|t1yAxr81RC1
zzltlI!?!51e8(T+pD1hLD<(04;LK?m^MpQtByTXy~NKf#aGI$%p5d-BWIP!b?Z{^Yq^;6COrpf%*V
zuOd+Up${*p9K>xpQiQ@$kWc{0E0j|zr0bYRozW6xCx6W??U|g{%
z0SiFN=8r6bgZ}-P(5Q0v(Qkb7{Hy;kZ4f|l2$KNj8deu>K_bU%2~76E=e
zi{Jz5|L>eY`=kF2(m)3UD{dxs8|M>cq#g9M!@146SCgjO;
zKgqp)LZ)6md7hBSc|;NX?EI7Ge*7bgAOAJ{6|j-Snre9Ag`t6e11y?Pi$#Dz;K1G2
z#QPVkAU5Aw1$<)70;WJb4c&&>0SL*jz6x*zVcRnd+dhbe0$^0&?uSBySHU`uiVXzd
z8E^gnKf%CHU_~&rUC7!Q%Ds#gXFy=g0zI3@zlQJRScPY+ScUI<{7sGUO2h&$7smoO
z&J%7cjs-44pg;cjmoP2?bJ6i$n6{!GC_`$8r`^Io=wH$seG;RJPZ~3b#lRd6&tjZ^
z?fk1iu2MmS+6-u?BAf9H-r=dor!J5Xn*lZT$!{;dAL02Gg`;#tAu1Rl;0a>_6=96Y
zr?~*unEb27Pre=eeK@JOxY(EVRKyj1`L2wO*gLA|nH;j?_
z2Q~(Qk$Fap47$_5=l?cQ$diaj#M*phaqG5P8(&kw+I#?}|1sS5h1-jteGkJaerfUI
zOk;D4#s(!th`*jgpar)bE-_7xf9;IP0W^<+9GE?SQj-JWNSPcc#7~`j3H;v(&uDgb
zCGOBC{O+HYzyihxX&$z?5y)m-K`rwH21WA^7k{wJ787Sc28eG`pTkByd;WFxRPffH
zgdzHrj&6AYbxZ#Znas-u9pJou?EG(I$RsD`eCi8-1bKh{>*xu7e(|xb#dF`m4>|t@
zbF|K_d}Q&l?<`*Yvv>|fdNe}kdq;~eqUW7c(d@T>51*`JiY!9GC0yjQ__KjOH^sJb
z%$F1^BlspncFz6uqFnVrC&jp*5;S@Y-&G|=>u3js@uw0S{<4JNk3nA}bi|~__vzoh
z+W=3j`RRxM9JT}$W4!oR7eDjMAo9E<|9JA;
z=Rd5v_0%}B7t#aoAI|7pA|gf+_^i?
zDq6w6NS2C!d7fYAU&No_Uw!~r{}!KuxBfw-bnM?>_5KcE$^HBV@9)ohf5!z5ejVZC
zGYpvlsPH-f_%U1*$PGHO5i$WRdj<}d*v_vllHGmjJU~OZf}h03b9y;wjXnrJgD3`b
z8Ir5`uNFV{cNag7LHC?q`te^|eCBV$Dt!QJ_bPt$fHvy<7x+U$onQSU+=U|t4?c$l
zdLHw-aq;JMSoV|O5(@Swa7YM6f^J>^4G|!$Lke5X0|CR9e}73lJ^q}^{|Q`>o*!XQ
z{r4}+a`NZ;Z=n9>I*iBpbN#o@8hiqw#Pje7@f66Ly@db$F#h*x{O^S9xdW;9;9Uu~r1+brA!&Dw|pf{1&#HEnB
z#IL*$p7rJz7N7fDi|_l}ix4sX#&h87cnpIVzKeBcPhxeSKKJ`&!leB|$-PFPo2>+^$T{(AS>Wd8cS!bW5BA~%gNgt&HeM8#jRj~QYZ|9~w1
zx9nGf4CDG8WF)kHKE*Ju#gw^|4fHWTX@B{jlfv&~--ZEQ`LMQa=tKUT{X&SzU9a)v
zD`rRjQ&!dfF^55cGx8}@e4*bd=DXGJ{HDFtKLFqC)87H-%9pgoLqEX@VRd;K4m6>=r8=P{RQxOEPmjR
zfv~F@`;bU<-edrkzlED-&B=)AQPyc4dj4bp%oKu-{k;8cpK4eyJd2%MAdQ{(ys3o`e_j)Zg|MSOIakK3FkvxPGTHDY*W60V%k?`TZBo;$)g%b^S||f@^QW
z&c8I5&9+s1P(<#l_6zfHrCGASe=}JIRmgwl56v5=7&G+KU$vj6s3KI?{N-!r^kyb5
zXbtB-vY-DiAEJW4NMh(uo&Wbi{Mlne;)lKrWU{gN{x6{P>XnZGO#NeM3XJkI
zk*`biHU1;}(Ts5*dXIl*zYVY59|xk>`gyCes!eV%uhBFwnVssTU-&8eg$$jss_b90
z+xm;J0WV@}E@9v;LRB+B0Oc-Rb^9gSu%-7FK`*yqcop<2-}QeO(fJqHmJ8om`~kzy
zrHcQe{gfSU-bg(C-7EIf-^Qm;gBA81LB+=aDn9k(w|#Tew_p4xxXJf@XYu>ZP1HgZ
zF==c6VLtJy?t754RfYfO?X81H<7@WQ)X`7{HV0{|eld@SDN4*X!b5Zg66iQn@@p+8S0SWf^|HtqnmpJzdpbw`GeS(g%s_xhS
z19RmpG089KG1n*f1^YcZf*v)xKKeFVn0t&Cq5^Z`t|pWN%-^VLwE+0i%o>}oWufM`)R7{
zRPD{r*iZj+*qhb&7FU3PI(tKd^egrYe-U3mu6Yf^WqxY$HOHP%j-*qiqkslaHE}QzcbEgQs7ZL4&8yHIw~HRrrFXm`O9_=wAP$BO?nzE_waV`my;=
zW{i$1fS|Q*Utf5eP!_lBg4<3bPqFM`2Vl1G
z%k&ieEBkS(C0aklAb3Mlfw5&jh>=moU(!!sw4eUh$xn4-#JD>W_;-}wJFh(7mb3bi_FT>fU%I+omd4{u1
zCG(aQpT7?)olx(T+qdke{}21%zOnc{=71~X?a$axe*;f;?Y+e>Bn0zU?59DY{_pIk
z{{?69eP{7==66+oW^(VSi&)6LqwaDs_l|xik9$W?$t>=jj|+-$_-D;Nq(;5y9{z&;
z^fywpyDBGNw;yMTHk8Os@A1Mfn0x#W*bOxNy<*l(HUI1O)3oN-%WJP{K$KYcg#bp_!f+b&@C?H
zfzf68o?kS}k|JI<2f%)s;bhY%__F;xix27L|APHOlJr~O?z8so{t%0{{Po3+#LB#B
zKm8TFJ1VSinNM}YW)a(}aQ>zx7fCU1=&t_KpEvJb#MPv?`1+v@Zll^SyIF`xv7F{p9~ld_v-i=*xFjZ-L=peW%;%bjOY5
zPPaYkbZ?H1_WIrC&Yj(*XzkwU?e4I-fUj;w(ZTR2YCn9~SV=GsY;Egh)_$zjKk7D{
zH&>g-`~|tT{_w_XbI<+A-tJPX(`k;!qw%$2X9ssa?v9%~Z`|3PZbWjIMq}Bh71(O;
zP8$uc-+!y!+->1M&BUYfsW;`R?}2|no_u$@hQ9Rn+o=b|k2_tkEo|*BN4OCFi%YFe
z9<&adJG<-A0_ZQgeCRiJr|ZhnuvO*Zc_pt>w+#=_-jKws@W0MudMimZIHmzuTTRCR2H6e5K!=OyutNJ+PN|
zcdtix`R{3C#oi;=@Pw`26t|GA
zykve3@xwk2%f$4he`
zigaHUjnKTg%omJ&Dvm2)mbiS`or){eb5~!wAb;pf8D*tA6mNjHCKNL&vDPk5=&C$;
zLccc-y3;!#`{5Gc0Y-=2acepnUww@?fR^(VMg=8|rP`ftMq3^1A9PSse|U$Wv5M6_
zI>gPRJu0u}Hf|l#Bl2_iOrl?eBE_5zY;?nVAO6+DB4gdM$UC-RSj=r6#{QdiG-~0
z;7?JY&Aay^T)Yu)ubS8f&JWpwwuYVV!{%GtP@h%!p@eP(-X
zg&sGX_aZ15Jno7-ZhW9~c5Ic$*?gC$SQnerLuRM5iogneV;RfL1&~8;cRqQIq@!Yg
z69&yF`#Hajv%8DK`=CVzn0Jm^eGu*Rq0@F@fO}IIc5(ql6PR~7SY@<#C3TWg=R)7Z
zr-AC-$0?Hs0T&M+4q7Kk3WP_7q3({aOzw}y(+l|5Ro!wYiq)*&oXWtuTh~=StVcG7
zk`p&Xm0VJFc^2%%zD}djA3bo2YDbhR&hp_Sm9#xLmEw4{mapu$`jhTU7wAu4zU<87
z<;%{CyLhqqQ?u?RRE%gCD10mho@`s5&bWL|L8)D#pLa!EC-Z>fs$afreL?$V^5d%)
z@F?aibz0Mw%0t5Z}LO
zmoNK1znH<7E{JWUDKyTawT>a1c>$0A85qvda5B|jtnbRFcHJ{QbI@|v`XIg%iwfD<
zfj6&v9Cpj~FlM*B*=#Izx}L+n0vTL(PJ3CKvDS{@J*wiyiB8B{&|FykeQD5oC`yjM
zYfLTK#Y9R}5H8xo6)-7<*LD_xo}{Q8Yn?p(Sf|Fh1igJMade*hvml3AL_ZOGiEjiQ
zllO^P0<*4RQz*XKeyTHuk}+HN=Lhp##2
zIuqr=QE#kudbCUAn~P|xnz#c0f4aOr2LI(~5VhKE=mn?4;ENxerBPagUp(nvUnA7f
zm>I0;la-bBO-O3LJ3N@)SLY*^`0&oGiV|g5gqXC`JBGi}-s>LphPw940B5?>=zg~k
zzgi-mP{4BwTM~|VcJ3`$pvr54p$~6Tk_`o6vQIud~
zY^)^yY25($tQv}xUCvbiAB-g0bk#}f7kJphgH9VdZ6H7w2M(^=I3ly31XRu^WuTH1
z0R%5DheLvZ-os{pK^=5hMo+0|HYA-uwR1mCFLbdlc$je4myt;t3h
z%m931?KapU2Zu+~?oD&DbzPSsEs8BgZ+9QTBN`ln#S(as!bLuc5c^!d%K20&FcHLKW_l8x=(v
z$_L$cqXn;eFz5~tT9VJR11TO2Tm37b*@ROnCLv%pl3-f>e%MPF_CT+D^)v9B)GEQ{
z7Kla5Nr71JT=1jNW^AD-fTViWsd2rw9aw
zcM$ME4&coq>{gez4!m3LwZXNs2W18EKpqy|fc;Nm%@)U`Yapl`E*Mm3yBmU-uJTqy
zGih+Vbv;G-SSFN3yQ|((WZ9cX09F;kHGpbkBbJ!!N4-A46`Lh_!`t`nJN!L0f{AzV
zzH?&P0Q8)AXhAR{aNHsgKs;?xK{>iy%ox7F>*k;bTm9x5=zn|66ag9O9SlKf40Qwq
zqJFKSJM293xzHg!$txP1z=JxOB-&JtO<*lV+}?ZoU}cT<;ce
zhlBo9r;A{A^hjcC^KfO|1W}-?(2KLOX=S%e7Y(pBl#LB%6K;LslEVWw;81Ha!AWmO
zvZ3%PCvSsSU-WX>M_t!@n0!WBWF^9PA+IKlYXOk-VLc;Krvfe+UXHtah;58ZApqS)
z182DOSa82gmI*1i2fa>LWL94*vDNtzoKyT`qkFaX;BLV{5M*@RyTM)5j-`t@ZovwQztq_n>QbJ=%otlHE-zc*k?
zz9Rsiby(fkmZC3Ubp>t$(m;SD11jixC6cX8aX^__<=)WGfwN%<@vlgjz_)<860Uxg
z)DsF<8ogIPRF1O$XmOq}yKnj;0a0=3Jt$M6p4;$3CFg>?p#dL~#w-l$xbM(S7lVxe
zwg+n?sUwGihJRT+IhNw2gLXhli3%O#gV~Usl^Xh^vUve!1^_?}db#O1C*_Lzq_U;=
zBH&B}ld>Qn1Y$GVy&?X4xl`-5Lh3q@!HR}adlF$FM!O3$tfExb@W9wBNPZv6a|{vL
zZmYEf4#LqK_;0rbtm#c305MWqXUT{f3lmO2EFLn4#|XzLkFaFGd!Y-Wr40rQ8Z02$
zzt8{lc!hFnED{clBRCc=fovyCQQ}GF(2+5SdFPEdtVoxWRdPb(iWZGGcd`GY!`1=E
zkzj@o-8Omag4>E>$R2esyIRFvf_^w&KxA~KKN=ofI2zJr>UK<`l@X&u96NT$%yCVg
z9peBf>fognZR#%b0YDc8D>9#4lnkGUz$s{03Z6|0Irlde8@SRx2zHh2_G=RvJOMm?
zz1x}|Nd-{EAuyNVk24~jGJ6X&KX3WOmokd6?oidCUXn761M};wt+RqKud81^wx%=S0>P|+vKUYu7b(ABp^`lpUVdDnxml($`1Z*f
z0Oq=+mdZyp9b&mk6veDasCc-FC6H=Iydb@Ax&rU=s|!g
zk^;9mc@b>3RtUI&$aKo!bzvVh{VaMHaAz`ogprt))Tgd8ZYsYWKAJ9v=^Jim6j=R(
zlKYhn|6PVqAVYXI;-a|oicM4ZNX`di@cFs6rJfnSIlPh5M8
zS<#~XQJc%UC<0m<@tGA`vN^)(*kC9=6cxhKB>A~9#!e%QDd|sOd(^2hE&$84P%5Nu
z0FB@#37D&#^{6Ou>bR=0e8wZ?r<%W4aMZZ&lf$1_?_iJ+G02<*~LoE;_
zb!WHd<@u!jPo%H5lALUY4&r{7=sLi;ar^#w0fnJ)WXD(Hk8ayKav9p+yas6-2bz+%s-3m5q%1CO(4JM*<|O+KW_YW4ViT
z531h)<)AJ3mbySTm*=7Ts+zKEZjCOE8TTv3kiDwax`h)F_B%%-g;?lNs>nu6D6sjd
z%2D5l`|M&T!E@_QG476K_ITlbYho%6`5L|{YXq87=@drs5cnndO1b%=MT_s1h72_Lq*hb#+~y>gI|?b=t<^hQ^c$ld|l#OkOLw$5ic
z*Z>!1H)>dUqbVH9Tczi0HlCTW@n|G1#u18^qe*MfwS^??G173;Q((nx2R3_5MV){Q
z!(J0ArxhiX-l#N8ScfS=565oQ8KI(EFvu>_(-2Ygm0*2|e2h|}!|7N%
zsP#>Dw@y*D;bu5hlInyV
z&Bq_>MZGL9jUazSPx30V!#<7kdrWT>7%rychx_9J{zQCpC7oRiq1_eat_g1j=|^}w
zroacr0HFA09OPb*!M|Zurs#>Da$|`LY^ycB0Z*F@@WDs1wJjSVN{Vx68#&
zuVX@*9|Dy4)|52Z^oXZyndP?{x+B>bFSWg}Z>nPeFbtymqoeTxQW4!D0~RUgOKz-#
zy`Ye?HgnD*z7ywMRxF?_(YxjXM19zrg{ZZ>#rVNiE`&FTbqwGGf}Cg}gJ`_@H+Iui
z-ZJ-KdY${zd^WPZqLL=Jc1?DaVGmws6UKDfRVK7I(e~UzCCY-BRs{F
zQH0XD#sp`AZf=3jX8ULinw3X`J=R5*3)q)iQ&j7YyCA=t#I!=DGHTumK*Q$X3PaQAhePwS4y@+IA#@bJ1?642s->u08ic!
zlvn+bs7Fflt|}sl$Rq#l+rE#|PPFbCLK#yd2coPlinzL+8NR*4bv(&+6g0M2Mw))$
z#hiq$!5p+)KtAro#x^t%$0+06Xg{}fya~LWMHzbKvi`Jks`2ohG$L;!)9MPhs&~2z
z7+Bt|iS-)arA7hPI5eo+^dnmZQ-^lOj_-p0$MCYiaN@q>E}P?S9vuQ?oX9TEAF!;U
z22j{DOR86WGieQmU}@Ggt!x3^!_u-|c+eWZ4LzLD;YrWP;;f!ma95myNNWgL1jS#U
z|IO3@pa?d@DrG69ydM61eiRegC;XbMPPLB@r!LXMH?Oyf--~f%;)5w34|wCGl1P*)
zgxwa1cB;0bl6lE+5M7c^9E54nVXL#2*vSO4AE-Z*MUfURl3y79j0|Fg-FEJ=UjCF{
zFwRuOP^N^ujR4r>D#E;=c+*uK!BYlefrB8$yr_hZn?&Li653eB&Ed;=hAR}b$xX6S
zru9hxodFreBzZ(kvjwvBf#v)$W<1;*qjzc!$V=_K!@0~q1G^oxf{9a5dc%DvXqBD6
z3I*$yWc&PWejr{-()TnUK3sr{>QhPPp?Q|eEXRGD?cNzF%}8Z?!1A_xM<>9i*GCo5F&W6l#W|QVGEa+zI~{?J-I%iZz#h^ya7n4vo6c8g(i*k
z9{i7l2!&O@2}|FV1TViI>-xf9ko7tnqzzV&6wTO0(w3n0_Yo)=SRJ2kY3Jjs;I3fd
zVvdT~nX1DXz~itAO92%Z6I!;44y-NX#*QmqDL
zpla1CsXk!K%uR6HOo
zh-=1RIPeO(WkH(2`J&}dpLNQGU0I$?T3C|Wll3LXz`?+GPrMIzLS)z4o3MXN|0a%h
z`MZmc3K<0Bjhb$~+QGtJtK;SdxSRABCP#a4P23NLh+`a2x%;VDb27ZOI=imG8@MGn
z5wniHfR=2BFQz;sbF}~4sMS?vZA&&7Fr!KtnD;ei_wg{2wVQra=?P}4v|*l{
zih>$+97&kYb%6wwl0^j?PxcfkY$!tg4jJeIPZN}M=K(UcYsj0xtH5HajMV$SkLeJD
zJWNMN6^ov%ex$vj3&JW3sj8Z#tYb<=)K-}KF+4Qi*;~wjpPmvM=^mhWJ{)Of5J7dE
zwRdfqA>w3V;h$XZf}o)b!SYyD38;D$AlUo4*(PwJE&U%BIyK5;15XomNBeLtr9ZtM
zTPU|QBxFSvSOmw?$p<1DafqZgGs32^toH7{sTtd5As;ytS#FFDQZ{?zkM-5m#=u9Z
z%Lu3fWiA5aI;8p_bp#8Aez_5h`{;tClKgxFO6A-;yau_PKEjpK7>fb4PovBv9DW;_
z4{T+bRuihK-3LsoJum=|EQxpALc3a#Mys!F0p7&}XSv;M=e7QDB!DeUIgSfcuz_XW
z<8`%p7=K_SpjLOx$MSrybF(+W9Fgw0*QO|{Evu{aIUf0vFja-;#Ae0wjDqrxAP21o
zAnl+R-gy9wSJYFnR>9X{i3dzB4tYs9%X>e0h^pG`;
zd5D^GByIFlUIc+Vz(A%ZNB~emiFFTgnq#fQObulBN8?ASXaeHn?SP{P7Ob|4&uWFi
zH?^U&4}1*?XDRLRznXHi(w-bv+lu^&vllk{v%1!{Y|=gIO?>Y(Z$pEp0wIAJXhOcN
zTu8{%Ua5D+F-jr6v)oNCB*OsQ8juj-L?N7`Zt!kXQ-1;O!;Y0*@wlz}so1S&QCROO
zGmBwrAAOJB(-W*-(l@W#*xt%%4FLT!P7nPP^*YO#cYPvs1|E~7id~Y>Ejg5+S8xwR
z^YL#fI5?r<07@VCw6
zI~W7>dAKo3ZW;4Pe5+YEHZu3S`_qEG+M4XLf`kf8heqk(yb7*OV_B$B`k2H7CKUFj
zs*?llbo#Xd83K4kwPW1%qGfz9bZUe88Esg${7Z_WrDg)hPb#Kj#aT~SWmw64H5@dC
z>^uNFGgMAOWv7&3o*R*zB-vOIY|U014+c%kW9G@_DXJ9-n~<%F?to0l7DEfei&=N@
z%=uA;K_K2AmruTc31tnuzI5@-s+(&PSD#-c$a#$fY6u~P{>`)!O#zsOsuD2##
zToSVu)U$E{auN)2FU11)$$c>Uy-k{^{hss(3A8nL@ViQ|(i91zrmuZpU#wBliGTsO
zQ~b(HHGUcEqevUHq<2C*uh{c9s%dT+7vmM*sRmDbd8nb!n`L7sYCUXuWd&M^EAihc
zJ$IZ^CsN_j>+S%*?T$Tmy{iCq4$=5H!EiL)PVbS*Z%Y{;#sQNgq`m{l9S854>u!Z-
zOgt-gT}-!$uvh1e68u60vRICK;j5gUSj2vcsxxoqrh1UJ(kL|VPzt)?HmUcvi$?|8
z3G%YhKE^|h#;A_Xp+-Z7N&0OJ)RfBx4U#x^D9KWqbuhXotQve_5ihn5Ev)C0zI_@L
z^y66Dot678<_lWCBy)7-*DZ~oGfetZeeskdUZ*}VZUHCJ875b`dhD;jmt=Kxkjl#0
z6%U_?e=}6CL!E6(dd0DypuPn`swA2b0bptkoNwhDhVAkFK0V3_lap`o{MFskNSo{l67ftb}*aufGc
z8=f&*VJ{(zNyN>&;S)(LyemKBX62s;L-Z+us&gzPqMFzFP-)J;L)C+BFw8lFE`gS+
zPa>9ulT1h68NP-5$99tb_iW^NnUjKuBb&Oj`?TTl5WXU+GSX4NxwQJG4xhzVqp`9L
z*EQ0|BBy>I6z@_*(2)Nws{!#A$x}w2ezoeCkvJy3&~C9z35L7DdAfK7ce=s+%BYYe
z8w&f(OxjUTCnPB3oXADVDhqs!Sw3^lWFCEUAWW2goQsm$qL%G8-XK-0hKEM_4BF3x
z;-+;Y(3yyR4yGuK!`)3u3~nCXT_F2e8NE}&_$XQpM>yx_E3iZh%T
zld+{(xS|5+n1BYpt(InJJZ+K+71Bjlp%}okZslXe`LjE5$U@9#%Z_KZgaP^QfL)1y
zS18FViH(^JY2pd*L=tuqFB4FW9nPmZs4V6OJ%eI~OdYU`W;pog-)U@&S)7%zF*;j3
z`m+&F4L#X9C^{-(&OKR)X(cSQ4^PU}iq;wmmm8RhOsRUR^Ovn_=3dHplXDYudTs?9
zbG}wygke|3>MNYx48j1F3^m5WN?@l0(PwmVy?yrFv=ckoMf1uX#+BIaeDBTh7T{@Z
z+eA<_Sj8xjU#!!XK_UR?frZ{C9FAlh1*k5!x=nz$LLAY3csLp&5N<39%5ZufwATZf
zSol-a|9ZewPVr)OR-Ogtkbx8?zR%IR}996QWJTWOCr?`2Zyu>mMpD%6AwzjMFfv9lUEM;*#hgobSATVud
z2n9*COSga;(0jU+CzSOftegFYk1%@r#+G8^C`U4*+0LA0*;)hw2Rq*(;PB_`5C>4v
z3lirCxJZYy-nwIS7VbvJWK&gbUZZSUmE?l}2~tnAf=-~E(B=o7B=-4&0I4RJFIw2y
zW!*6;rG%}<2XihvJut17gWi;9AOy_$r8;5D4c7ux$QZ+{PR6n%4}6SRhpKr`@w5m8
z6Qj`LvfdKJ2k=`!4uJ*fNNe4Kk?sNhi)p*n@LoDGz7g$B?(UI@NX?S>NnEycR(4>X
zQA4y3^KP!~JHYSM5y*PUZ&{|;z-#$ZsE+J3MXBMJRlss74vLpOVUmBXJvzeVPqL#U
zV3B+^>PAsJI&7Oc*{;lv@+yhTDKRNmA;}*Q5x|kQC0U)R6BMrKsYa
z@#>_EV~NZ>^lWSzv`9+TM%m2z1`JMjjBa7u5|&W+NtI*WU&+Qh2$lq%|~=S8xR03rAsr=VqNK3ZT#RH^pLw@TF;;_@Eg5p4?Q|x!3;I772s;FrP)3B
z*BDVcwY&=cb!R#X)!+v8X_(9m^UdJ%y9Pe?7B>8nm7c(M3y2;wwsv_#Ytz3t?6oPC
zpmIO#?vj%U=RQI5xkK;_6>D$t`O7F|W$PFihYY{z1$L*ZDWhn-7lBi>x6f{D5xcXw
zb;6{%TZ&KW^67{=xuoXYjl@TZ>w;Sma6+>`z`mYqbkP50sqeB6I
z@k)v4J!lr3Ugr2?8KR($By{>*;D@cGsnH=9`(#aovn}f`4Psz|Ek1fp0BE9H>QZE@
zKz#ksSRZ%WpvD-#J{}DO>}uYDlG=16G0>@Y)^l7*HiLjwVvl!UZ!vqMqjt*cfyR1V
z%S_e`^sy;1y*z!OPGb{_4vr1b6jcUkImwUER>{3%HArDBiWg%TYUq5XHPZ+m9@@k%&V#}dfbR){O{?~=pHq*&tW6pbd+9lw4X!ssH
z_xY@h<&x?GB61^;)2B#H=t}I5M-VP8z4o3krPA||QjY|g0wi;b?4YXh
zWFbT(w07lBqSm}h!p|RHdkBtjJCa<_WU_Zr-64cene<39*CKJVqdJ%sC6uj%l2our
zZ^CHgD+7)C*i^5w(-T6S<{bof3OHS2
z*Z~w6n}bwI)tZz^IX@DOI|3KI-<)EFwGGBBNQ>|oS&LGKs)q!JZw1)NtPx_Py!Li*
zTHCrrQ@NC?b!s-56%iaE0|(cAdjG8`M1l5^vz98-wM4KAg6nD2sls%{b_EQCXt0>U
z>n+?cUKKW=hfzwAp~RcXN;#Q69)w0hnKHC6L0WWh1iK_BTkA6Ni?IzTAmt(HX?
z^ps5s3h|`qnC0{mQxPU6s1%bY=f-OABzv9FYql=Jla*A-npU@H30kr!PpTQ%hy`IO
z&3LD~cXVK`pU}lY|Io&TzB^218H&OT(igl=a2{|_>sDEClTYTz)rHo?O!xjGs;Ugn2nenk%_7)x$6Wx_
zU_&`F{C{QL9$WYuyobVtE^Q-;7mfS#o%?i(In|g6SDcIFAMnPqPY#hl+;lx1esrph
z1vva<%f1^#7bI1sPm|rO#M=asca2+%p!lv6mkvi5mZ_mWn)fg*Z2%np*dX*E#sK|6Gz2pcSE7oK%`#;e!31pz^klLr?n=f5
ze(Ayz(kz2Razk@y!Q>FoovTEHZdI>J*qUlT>yGFt64N1Vb}P%4HS26-6SzX6Ss?Bc
zfRwoWSJ|__(N?-#5Io{C8YE{xfP5kIrKO@gWXn{d?VaYmdp{n%{>3{t?rq(@6G^fF
zvR1Y2tBm)1P;$bq0w(0)Xez@>>Zs+f+$PVNVkHKZpYvQ7bGBl%
z65BnI5Ibs5O{P)(9y={c|5dJTjeROI9fL7b&`^nok=bQ$znh}_8iXBO~@
zMbbyDBMMLHj{=t>&%n|PR0U{T8D99|Sphba=u&?VX6BqMe{GH;Bxb@{O=f$Sge+h3
zUsBzM^E6L!8!6)XraXSJ7v35lL{t0-rnb~Y1$1#BTPxe7|z7J&z#(eWa)$U@QAv~vNJ$i}o-SQ6AytvT7Ce{nN?Ml6=m%`9iplkxJX^xVB9egoj}!C+hb3VGvLQf;7hb999H
zbeTXa_3b#2!O}pofx-zvA($m(JWD-UH)yI|Dlm?VW1PXNAnaB7mC{0V1_x$J$A)QK
z+1kM|tE*{@ZDKokIwpmai41n{G*`JoO&}5iMaX+JR&9~HFyKzMI;g`MqtdLy3ML_r
zG&(y>4+7oaKHjsdlBd|S2Qt=0ny)DW)|B1C)*5>P>m3Ye&@>#o70bk5#j0XB8qXAs-5KUVL
zDQGaYHB~gv;cXi7aIu|MJXIq&m3(rbfmAbLelhbpGj4r1JuI1_2$y3*SV=2N)tCWb
zEGv=dFSh9%4ddd24r1y3)=_^NH6#luojUpj`w6RaO1Xw`#kK`u6E14h2eSHIT|gkb
z2mS7k9*w4Cedb#(M7Kv6*mgMT_u68yQ+BJd$=|+_B+b&WhtayhX-!OPMtmB7HnfLW
zC}b7lfGRnyF?WiwtF%|`>oA&-C7R_|Ahd4k%BhS>mKxm)-{_G!YfR;z`&awIvbHOKAB?3@iFMc
zu|GztB>}}90jv_-$XIl5qv}gudq6>DXd51x1!v1%!{+A(1F7yityioV?*RDGW)3^K
zbOHP?H%D5C$O75o7Bu?Dl26|UbT(WN0>b97b9WzR7d=)+O_Z|YE??yb9A~Ed=m>Vk
zz}2O-B&Vlrq0`$p9X)ZWuCJc!40w_h)q~Lf$0?}6Mu>`
ziJQXGgX_ErrxHcnKpO1b%|av{x_l;_91;NJ4RSt_sSaWy?6LGE?Gz0YobMzf_6%pB
zqN8KWv#frFVUJNt#sGm0uK?^|B6m|o+7icF9$ci1)F)_Ufx
zt&+i-YnUuA`DyF{CePYI%bcW!)&<07_5|353UvNA@Jk8R$U1TU|8#ksDU8t|YDpHr
z9Ulp%z1*tty+Yo13_-@AV$9B#O#-K#xH`46>+-Z>Yy7rwm~7XTt7dDt+=zt`X$RDN
z;RPLirKnh3l)?2o5vRY3oM^Z*SC$}s{^oQ*LCqYu0Q$xIQur}gP=7)KHqYfrmGGO@
z$|_)WDmrYROJ$%Xuj>5u#D{TXYpJ*dp`~?H%Kn~lx@yJ%@jy^CLB*Gdy%H=JOU;tG
zA)E6|iH=#(IQ%csfShpP!&@CZ!!GMnQ)mc4D(Z~#qC>81F<4dBGGN2vM2Qh*tuQu3
zX~6nz0r4KHIj_m!mHVhL#1NywAxfc)qg>I1s=$aQ@}{z9PnAQH<{HUf1;n&rsb?rp
z=>J)~pNWU9yR1-DR}_878ev4QZ{2Phjt%}0NS}UGjo{(t(IF5)=_TKG*kDL+=OIFF
zku@Dc$nH%TxtV-Sv=ru{0#Msz#$|NoKjj`CoDn1
zoTDvq9aZ(@Zrn{RDxIx$d^2Q!Gf`FdW3+#Nq&r8d%811hwuU?L%eg;LqX)7)*Y3;bkB8>?$2
z+7`jqvY(8lN3L_75)FSrL4l%4_Wa=q{hp$fS669YB1;U5Daf(
zOru!)EkXN9JT+$sBwRG%F^>|t6dg#LH^R0l-x@q7WMq%`9~{DinMxZ*!MX>u)eNLo
zIM-5TMNDp=+OY-9VmV&}+3~s$vnq)=Y%Z{^cInr^VleEe4)$D}I(xaZ^NXa%M+fK{
z?O)=I3s|p}dTq3x;Q|E9279m$V7WsrIviwXtqoX92Yy~rCf4Vjl;zncWsI31wkEY~
zzyx>GksYM*zM6w+DX1|Xqtn2rirKN!-KF%*Fxv;?)}e{4LmlnxC?tOEip`QrzNlOb
z0JSL>6V;U-F0kC60!$!TH_FMj(Ad_STt}BUJV)2hS3^%HA$nA==K5Ml&b0B$N~UQ`G)VN7TRGcI*V)!%C*FXeY1vJBigf8);4CZm}yN
zcVtZpKU81Yj9}4jS6Ui@=kH44nV
zP8Q3ZNft8e9LGL;ASDAUkG;xP!@2Sl+bWbrDp>`aHQFKFgj-Z`LUYC2Xg_UJvN^8kviDo%O
zEZ-CuL_1&5S_vIZg$$S*oXX4(3^XN?4)n7Y#4hie*B~8qZY4lsTM|PeElJ0&`jz3K
z$4+_{PAB3>Sh!w<3YvA+5yBfQ^|dOIB)6O9W%Tpe2U08XhyZZmJTFcqJgeq&-U3eG
zE;DVYaf?Kn)CbiE+=wmUb!wL`5?Belh?4-{ge17`w$-Z>Xr+-O)6*pnV79uk!3G{P
zk4i{1Cz)0>A3y^{ks1(Gb)VfO&OoEcTE2XEcgh}iNZYJ^OZr-I^d;{P@!{*;lRz_4%OfB50?4iwmSatdgn
z|B)qd2qz}ZG0iHuWU3L=8{2Ojqf3Jfnyoe}whk~6DrWZ)o^z~@e~gw5Yt9$-#5&HY
z#92x*R?DwzepPj+RZnwbjWV*7(Hf}V^JqV@QL7Ha5yxW7EJ85iz`#%U?GcDHfOg3U
zH%V+&Fzu;!FvsUkz&zLuhE**N1(KSURdIpg_8D+EWO)+X=S5vO;D+cY5h$m!M|1tQ
z9DeV8Qc0ieDRMEGUS5U6YxR`mLyE#FPK>AKp|1MJ91Q-GQG0VUdH_Q8Az-=muqQ}+
z_ncSlc&1!lIPhV+9l2XcdNjOc_`H)#)qL#{PJ>Wmkc2;*|;gQ%IFa<9V
zzZ=99J{0#N1g%^McuQq(oF?@#m+>%3PYrlGT`d@gsbV+l{&X;sw1%uz9igtm2+{F$
zuP?=s0w?y7JCO#|XyIL`37vXVVT~Fa!koR|8&B9RCDhs2Dsq!qq~?VmrYA<@XrKm`
zX&!aacF5w5V;x9j!&WbGu5st-Fi~j@MiNo1b2Bg5_kgKqI4KN?V0A{t0Nm>C!=5Eg
z3YzFbHJ{*F=Q^_zq0^;f$B5STCMc#K%Cu<1vH!ZQi6JsDE>GE$f;bQZT1nlwMqqUW8T)P!BipIB=;HQf5ORad@>0oWkx@7aBVTANwNMJqZJzH($#nMB3BudktD
zc?09m$0~c|@cIL16d^?l0AmsBYZbvQu*;}nXiZ-4k6Ke9d=;Y+I2A!5v3oUl?Z3?H
zL}H?Ma9`{oZzTF7zI;W+q_&^H`nq#q$(K_Rz-Kf<4_4DVZEzg#PZGH}1hndlQrbCWL`0
zzzD>J2t&Aet1^CgzDCVe!l__(1Hml1=@87831qPtWy?nnVJo|+Y3+CE&5Bk^k0ij8qsMgcYbHN!PdAYS^xf-|lJME~G&_eo=_rNe
z-=d}1sXBs4Z)_3wKAX_4q;`!x)Ul6}CbQ`WRf?HLtn?nwa^~&I!Jii-Fr(W}@wfn|
zFa|*qKZPfmO$R8t8lvfjQ4rc1lC*3;=+e29
z4?MPrT5BJ3D{XwLo<(Ko2alx_5;{Hl(
zA?3WlXz!0l4=A>pnG7IvLok|ZMqaCxj|LL*N#2_y
z_9l=j2ETavNelTwOKtx34yks*jcImrWQH}!@$>i{}<9O|i;D1}n4+=L%|nhsVf
zW0FkYbBn!AN}-|o9)q>W(DE6Yn@FYrp^)qHO9V`U0vQD1VcLBOJ;`iI$j`c3;W($
zIP7)X=)D33l`BHgd!A511|%>gBQP4Ns^}{2QNGbn%Ak$BoMT|TD41ugvJz*T#ZHby
zSZbOJ`4zd%+k5Emw3~WjYa*_ej-a1;rh?9}dz4i8R&|cNCn|AjMSkd-xMhP6g)ZEz
zTQCD#WF8U;*qBaXMwKJN6XR1k$17Rps3mnE)3ptSg(tpjC|(xvWIY=SuE`?5GcfE8
zWv_v?mS~B;@27{Yz}h;1>DXY*30cKK3r=*118}vz{?t!O@M2#
zn;k$S-|u3=Ib{Y5xH0akzwh{6pf2Hd7ghu}Q|MQIDTDJ(YXT%8vXW`X)88|6HD~3`
zie`#z&qcv2Tb9IdX~!WGi{s(#?(kqLGu_YX`PX!^l`J2~L;zM|t_}%XV5Jat8Cff<
zLqhdMQu`_%#@Tpcanns++Cv_u^s6oVBv`g!8n-BWArEup1LAN|vsNO)14cysB?(Cj
zN_dOx8Q2royAe@inuRvPCN}1b69i`zaUpumwV_cC+0C
zcD5T~bmd_S(^(ja)5bBadLyrcz*0;b=Bi
zyz)p0hfY5zdU>aXdRAVC?!@b(F?(SAj9}scJP|vw-GWev#lnA3HdD#+
z8&}DPC!tUCN_2P+PhF?*2vznW?8Zc2`iO;sp|7-R8V|?aJ#bx^!*1)c8OYRs{zU`m
z=@@1!`U5ZJ%K1-idnIdcd<)^P$Pdw&;1W+4fzG89QA4xf1>|z0M|mED$$@#USa~;b
z?mC}XPwazv?}0%*LxrWY^4l_Q=TPSqVw(e{sdHYz=Eo|M!`fmP5w*Hfn>aPB2m^)Q
zZnwXGPe@v_lfLbY?-QeKUJY$F*fs3`6%6OPG52_rcx-i9?=FTE=l40{JvljMD-VzV
zSX%qUQ)JbMMQgmGrt-%LisD+#VGLo|_RF#BfTD2CyVzKfF`k}`)#h|Dr7LZ9yt?eN
zyT=e`a76wzj4!tidIe{9ZA@pENdO{#Gc=k-ZpuC^03|JOHIE96vQKmkfKsb%QHELz
zOZ;9QnBpo6)TIlC@z-l^Z7D-&{hs-^oiZ8Wne*r;r23qt-xD()0
z?+5vIyyssBrq@S-cDEC;b?a!q5{F>Z=QDs=L|lY`sBD9mjE-Fqp|uUvTa1a2DU}~?
z-9lu9Sv5^V4Y-4$vJ06JTwx3qi_2imv@70c{kY9lEF#-J6
zMkD2r(V5mo2~eiN8vE@*n$8#m5{z~~L;s*|el}>!f2{II13MfJfi$qe%K!~vyg9TE
zVlb1Iygv%Umg4jXs@pkZXxY+(m$e0gR;KL1JTZig?zfWJA_#N>BNe%>G_<^O$CXkgpV2Zpif8+iDT59R-UP6-
z8~JXFX7x~`L0B0&D5V1H6m_f%j^!pDZ@{tQ(H}l?tm{g>R|dqy4ode!voC3D@onUJ
z<0IWzVo;?6ViFud`l7YK8ALMfjeEzvR$s(c;3bVd>kV!Pt%n}J*$ktQS_nU2p&Vq3
zFa1_V7~5kUh*w@moIV;qVre?tnp{7KCl$Si*wiW}2QB1B-phI%^Vg3?O^E(?|VoM`4!)Fp}H0swPg2
zh&5}e0stivCjhoXHbuMRuW`qBr`>moreTP4Ap=)uPA0p7AsM92K}1OOA`T*Vly&WtCDLS4JU$sT)^iqU0Aw$`Lb?=ysq8u
zt0Em0a6&Q3T0I9Dk_~NH&NmAXSlHat)InG&a0+~Hc165dVm~RCgV>Wz8v3;JDyftZ
z4_DyEE^9aI;%nW(;q(!_I9Me(bR;#C^Twsff8peVHf?ggj7y%w_KBBFgoepG*(J$#
z)zDDSeBQu9#iTrT)_ShRWtja2mCQb%DlJdZGrGL%aagvGAxKzHWS6@S1Sg9fnnsqz
zR1JbD49$OmqL|5l1prihy6mx+C(U%j+Gbe*LU=J&HlYMbz_7+-ngkz^Smf%n!w}Dm
z_e+N3stcX3TnVPc#peP)aR0l&JMQv%f@+2@63*Rl*wVW$Fq3{gNKOJRsB@)QL15XONYFJ5C%#UNmlliCAy?ZCvEqiEFtSe$EH8l7ltdJ|YWMyH79nh2c@Zk1!piot}4RV6I@`%S?VW-ir`;_x3Tk7A&UVTB2C^
zK2Rvv`$n~7Z-=QCIN%XVlDkk&kD|$8t8EmNts1V;m}!|P5SeWLTw;X)lLm{~$XQi?
z$=pj9h^bxu48RBlw{Thkbsx3w<1f)3IIp{t&nSJzDJ{P(@$>=M#!72)8~q-rV)F^k
z3+GAj8zi(4K7((%-P6A3)6>#+yt%HAXG;R!
zlsX=Pbr$?Fw`GB{B?XoOn@d1~_bIy(LJNjEFKvjdaDm3Uv;$B-(#V3%l|dXyeD}v)
zzz2qIcD_o17;3{c;FDOLW4QkPnKlNls>4BmGGtL&Ko?3axhkcAMvS?Itm5)fdGRnW
zUY)CkC~$H6>a)}>zUjj9iv4ONwMZ#I35jjzDvX~?qVKE7h|xuQ0k&HFYnG3g%qBf{QQkBN!fGa
z57$Ece`U#{>M?dWe_fgC%p?voPxxVhn?%RF!tv{?B!Y}Rq`b{ClA2ETWj0l^eu-I`
zZxlRX(fmsQ8i`4!fn;H|paUHG5F_ViiyG9hZZg3*p?4E>bJfh$hONZ$!-25d2bG7S
zv(4xZ3ePZtM*oSL5x{;~oYg2V_w4l&l1k&UUp5gKb4r{kXZa+>K0LBK=0;f8oyd5D
zS8|VFIy=DuCUg`CC>66ukv~qoQy>wrZ_`m9>={Wgp|RYX07UI|w!pyo(9Tq^HHp}0
zcypF$(G(Y{U?5|gCQE=TB*LVu-M9WYKzGc!V^@MxxHs4&uhGr}y~v14hj!-fiE
z2pcMB_kxg7+>qg3Zh(ut<4%>L9AXR
zrc;!Uaw}_p!6;I@FTy@q=Z=b!E>0B-#Fgza1guD>mJx3Si{52zGC~z6w=@%LLN?M
zf(9Kxc(KkQ(VZykDM(SHT#0q9rv3zP8C0O#Nu(^9)rAvn^=1KXTiJMGCxg}#+nwND
zx}sii&dGJOni-@v_v|=kq`?-Lk>E`!jR=Qkn7m5aHFtJ;z{tC5P>TGM^pcw)R=WK;
z`=&2vGnmZ{6N`}rJ}#z%>rCnuDqQr^y>&E{ZVoIvqCgofqLBIW7D*qu0*Zp>X1hgN-fW1jaaXhER!s~$W0klP9*psq!
z47GY8lJ|uZ)Ege4U7Y}2f8w(GS1!mpm0i>_Vx6inaoT834+hC5q~{FE3;2s`siU)`
zwiqP%WKmh~cY4Q4V_(6&@+MlbNQGxDbVq&b#B&D)#~y^n%H%$l9h2%us6{dPMLeFf
zkCiedIL31&U|BVhfa#Z&0RYsuYJ-L-k0$8y*wBG5*iV?c%{ekzpK}LK
zwvGR>b^=}(`$}+D?A(Sc`<#^`9?U#YR&ZgPQdP-@9Gi-v@*})JPNlFyR3#g{Tt+)$
z#rjGRlu<9T_wc-uN4;qs$l_O;6|cBnqj13}Tw?L(>hQ58Ah2jDNik+drIa_0{jh*a
zzDNWYS)47Y-x5nLFH(qqqsS2_&`Sj7`2hBqS^7isTPatt92E>zw(?nv2cW~)6#qI2
ze^A`orHUAVCvr=8Nl$K4(0MhNOsalWUc7|idZ#-8Lp*B?>G{(Bvju}Cn9)8!R|S6b
zHM33B?dEDs{ziu{MlgYz6PRP706!u)~
zqU`Y9L;)a5-8&BhA{<;G`yweRuH#MOKJJqbTNC~=;rE8rmKFj?9sAjuc0O{vze#;+
z7b8$Q2KN{JU5EXn2?ig);ZwAcCdT9xBc|jJP(dvo4YIG=Yb4}*+zj0FYz(gx$pIW9kDS89@1wR%n@GLwot81mn$2^+#hRt=cqxlvtAV=;H+*r*W;C6;sT+G2tSaJ(a
zc+7A|@=1BS`B0=19oGa)u*)d7QRq7$@Gsw3bxmu#
ztaeeiBHyjbbKs%<$^u4)*F(S}>w6}+$jY}F(EUVfd!NFnM?l^+P?Bt`x&7jcP*SN{
zDG@w}iCIc{0LK%JDU(1F+S4~l;450!Tk87mABPHMH^tTm`kr;@xy+nD?d+?t`Dq42
z#SNsh5fYj^LSzL^AY8Yo6(dp>{bJnF9cTL4akgfs2ClMD4SVv%VUK?_F%kW+y9*D9
zN%4Ss%xW^{da?Z1Ad%v738O(sC&Hm~R@_hwsSn{1008iBtRy%COg%tY%_gGKXbQ(*q#N8+i%C$H9U9T|SDPqO1p%}VT(@I}a)3al0-CSau
z)m-F9Zqj{5bx?02tj(29Dy|@{#v;zDwQ!v|157{lidHQY!Lgeb8Rf*ON{Ws>OE#P>
zZ(A&PF@^qmYtqwBmefNR#*_9683IKpA1OLIKv@;g?17BAk?^Qi*xB_gQ5~LD=mqh=
zCgfv$!#4aMqLDe33m|((TP!&pm9j!y7;Q<_Bb&^Pl*5sb27;CcLD8T!ep}}%l@|hP
z;uh*q4usYQPFD9J;u3f8{CcPj(>*N5nLUO0;xLB!pMR~OQrU(8Ax%1?x7R4QutTYS
znoDo_ZFV4yARN#PP(~od3r$iD84qxMDD8UT?_dYTrf?bi`A}_7UN`6_c)|~lGIk{^>
zT#*VLo$iF-S^bPbD^wAfw0%rI3NUvqz|=@`L>MsczU>a1J|nPc#vtlzbx;ArtQuJM
z(3FX8UY?_PJ>)npV;r^q6c
z>oq0+m_XKOT)qq+tJgN0Qz^Zvd?j?R(7Vw#wQ7+hu(01(I-{e#emAEWM>Icx_3lA{
zNLrfcuNt#swo{N7rG1n$6I=D=1_?EGMaXt><9_!?k49)alDO-{Z8usVH)~E&BG~pd
zLY&r(3rvt1sB^}GiJ~sa3f*8`&6dG>1xFS)3|%>LqAeFm1i_tqERY~wcw?>8
z+c%ZO(yFhvg9ty=r|E~JL7-Z23Z+1AT1CTLtW*N9Wh{e{`hgU$Twt2=x5Fna$&~Ph
zOnc@K6~t3QNX@mYaRMsy`X1*UGslQ{Jmud?PH+yrLrh{6{uE~v7i2+})u9U;{kT-%
z)Qm5@jv39*>TNcbFR3Wi>hs`a-(~upC6F{s?301xK_+HMm*-@xwfmT#s0z<|))+eQ=w^M6w-L9iETt0$(cJJxb4KB?4{EMR(7cXEH!
z?<}ab#T*P6t3jc;RV@NRt5w=vpi7lp7B1WRoJv>jxIo|e29i7qi>b(x8C5h`Al00b;Q3C(
zGAd+Kn1=E0&{1>AG9n}6f)LcRSZjiBL2pxLYF0-bm)$C6UzWpeYTq72pXVq%{iwMs3(dN3LQ^7Wj+GQNR{1w1oQo4iGIM
z5atP!$+Uto>~RIQ*lX${ZxvHVG^q+b
zu`7}+>#&hR%%pR{m0~mc-sXEY_ry`6-~Hn^x?|}naHgWD2s0M~RPIz#LhF1;S1FBy
z!s>1#7nw6x;Ks&r`~dUxDANU5vN(jvg^PDRdSCE|L1-}KcOLy{geTKDl!4j#4ag9{
zFd3nXlp%1m@$`bvp{onwiAMSGVDA3yWj3dn+=iCSD{BE?IB13-tAZNVk|jX!1susPMvOMT7OJZOT=RypXuTwR0yQ*|D-xl7m2$54@q
zE_qtK1G3(mTn8(eb?D}g^_O{kZ3`l(UKy}X5}l8XTTjTlmtX=DxABeRk?k18j3Gc*%#}>o=eoa-1{hSr`Hht>9ewZUu-}bn0ZZGm
zVnCQwdYL>zatDkl5a~7#-RtAgK&tMormp{%
z)IeqRWyva{T)PBPA5;e2>>f_6+khEmP
zT(bOBsvZ@7DF~md2uvc#)&-(7XE{oYBdK<84om^37w@`^3vpkg2bi1afR(ICXx?M+
z4T%yDgU(l{cYsE{#*%7*vLP9g_PZJg(<`5V!;&r1w%;H=uK3;TAyujswThIq7F2C}-2J|1K^@o;8(
zfpb9AwazZFbwzCY+S8^D_9&0~$K4%Ew`e=cMFoeA0d}_z+f%9nl~bZ(N6gZ7FUSB?
z6_grI7dI?XO@kGaPF8Ql@T0dx!i6HWK(KlGS%hYJdX&vbv<|}WJVDIvo{NgG=w^-?
z`l6-V-dZ9T7lrhqHAbP&oIMJC=uA?MdpG;c*fdJnGfcpc;DL>@PUx%I^Qd__*-Nv`
zGt*mVV<-`)X$&m^x~!Tz)ZwVYRt%^wn&cF5LAxO>e~AnEWjM=%OxSlYhcJ;v1E
zklPZ#tp`7x$&;8N*_ZZ^O>5XmysC
zGYI=zm3GKH5T4$7ESi%wPZX3lI4$C@6y+MzZOI}D#OMbgxQh0N$Rh|J<^)E^E%HqF
z%3zO{Uv2L1V~TUQklwPax!K1vFG*%;sm`CL69AxS1}>dZ+Am1z<;z~%m*6Zgnq}?C
zYP$=H95efYJc25XCp0H>Z{z9U=_b0L**`
zO?Y&|RXTEcbhBm+Bi>z+%}C}glGoXr4#BI#dGB>J-hZR}h~>CFOBa*qAP#Fl;kAe>
zi3Os77FP0G>~g9Yto{jd{Y2v0Ly8(r7-96Q~x2M;J*MKly7~?B=b1fb#HvyP(4@
zP!BP;ih{Cy)6M3y$qzf%hao%dA~dwgW0Ipl%NMUI0WWEDXWAxf9&^o|`2w*4R~X0a
zUB*c98=BL@W|lWSSkn{?F#|6m1R{75BHaWNT?v<@E#5rVtH2u4r5d<>a4R0k7
z7qHanc=Tx2E?*^}Kom>YdH&RChIR_#p9${5-i>D;!gWRg`DiS~_7SHOL^R}0sLUC`z)HvXSG<_7yndRymLQXY-PyffoPrg7Sz>ojz)mBRrjw47gUe>l
zmc|s0*;}3FhN&M_1(uEpmpqPRdhXWw#5P%;|1MQmZ*p=_RJ{7}X!;|zAAh5M}ueowOS
zU;v-MzZkF_<9heN7B|i>zVlL}a|J!0&@^sAldVYAo^9H2fN~IbNMp+5?m;wZfih1E
zF(jH>_B|+NfrjofIvT!R1zn*r8sSr~9^qu8j>ah6)4_9G82Z63DD%p6%+U@g=|pfU
zDmoJGTj^N>>$M57JRRvR{)ut1xXR6GhJ|+%<+_D$mDE_NjutVg9?3Rp&JQlQf)FD_
zWRr4|Y&=
zt@kghb~Y-tfY$e}*_t1Z-}d@ZuMbi<)H{p?|D!KXMHc(wrzEs~{V2{H9M4m_k?`F~
z;(subJe3Li&2ARvPBE32ozvn_mgB1HO~5CCI+b2sNkSfvBDKxN@
zfppNGP{M*9+hKqD7PD{QhM5p4pA}c}qMjMGc~#UQ3`st(hCCCQ?OmnmVMP
zWuY@_gQW*eR_=C<0AEaeWKU_U$^|}VJh)#fjF$78LMt@eH;qSaVYn%}le+D-wM|$E
zna0L>cR=)RGmbzS7kI+SjEe1UdBgNg@tK{gDp@~@u{uqkXAN!HH
z2dLr{{58z>O1v|_nsm7jXr$c;70jTslHxqoD^=EW%&?r{ICj^>U0s=Yp|OD2YMpX*
zBvUVNk6Kr~(eUSxV(lRsY*Eo6T)0~n-%G|!PO>bMfUkHDnE8?n3(esr#DbYZsZ7k1
zEFR5#oGLEOd@hxx)2|F&j@i@D<>h^Ta4yH`(sns?mI}q(>1v3;U=Iqow*a2YaN@}O
z5{`hWDW;gXyGZz?V}4a1W+iC0AJVs&c=nfb#4lzw4?upK?;Q0I*xhN};YmFf2i2R^
zhv!eInk>p;3pX9{?zoEp2gBzq?3l{6q<&mu5=?oXPTrrSB?@RZ(S(0~FqEmD5y!c*
z1xa(eLq8Z?pN@h7bG71Lq&0spEaQ@2gN-3;Nb(;HLCMBs_|bl)vic@%Eq!3?FFN6_
zbU7vzr<<;Pl5&8Wi^^0Dk-S5!HdXX
zYF7HtY%%r(o_qKRxJq+vSgClH*O
zGHv&L+9DzGf9KzNn|UYf_D7i5Hz<_Bp@S@
z!nDRfOX23Vh6h~?{OGoYBe%TSa`UcGyR;j1Mqb}-+C?pY@wsiHQSw%S397XHi3x|QfV7TJt6tvh)__ehU1}I(!bA?8rlD@)1U4y0PFmEV<
zhWU<5uM^?bPp*CjFJa0chhQ(C9JTMmgNgRWn2|8~j52TdD5y~%0tDFl90OiDF9I2G
z>o7D|z>8wd$O+3GSyFb?>Z^KyvL(Tc9Otr;)nDAgdt>JO`OI;$bj1(vFVQ@l(ab`y`guB%KP7pi}ysk>|ReJq6qG)ViYZtjqi#EKnN9C@|+c;@xs%WUD;;SjSt!yqHt)-7`X)=1xG_$
z{-G
zj@z(gfVDw71AHlXXb45tWzl0|fKV|!Xg}N8?Iro}PcJko$D$;Ve5G^j6@VoztUbEE
z2W_g}Eg{vuA*50bQY)t5KsOU4c;}#u4e&Vhkcst@uOdDeI%CTQMSZ)ZwMJrP=>>c%
z;y15~_!dv}%YQwbs2CQY&8ZYV_}rjO#~yFr6U8r^nGJjvp#p%5~EDJq%LJu@m4^}&p_5cVp+9u&-=^){)ArqS`J
zhj7*l8I$;veQZUqZFCu~p{ewYo-0g`&(4D&444i~VVj{YS4q=s4#I`QcIq)jls-4CXBr6)8)pN=$VSrt_!m{M8oj?m{
zrPtj-owF1)kQ7{`JH3+XZMmQ3p$#l#lf5V#@7T%)o)$Y?L9e7TRJ0Jwr@0V#n~>Fn
z9YA3B)*UQdW8)?`qk5Q}4zOZ-gugv%^3lCt6RW||jLW;ILhd0~&Y4&8Ee9qPWOc3a
zS*FWi8O?kP%u-i4Kdohu$}H3#kJ83>DrhI3N`QPC2jFS*5PrA)k7J=3j-l?;`|;C&_dQ=x6bA(D`dlTL^RA6hA`S+tH*85KMuo1Yw
z*oesG{yb)!Jk@p48m(+9GEbZ#@}#JNXCTfn3JxSGs$yA94~mdWV9M@0w&ZPXqliX3
zcCmtJnV0!z9t0G2LX9^QIP2)4_1bNi%i$|Pg(Mp+Or|sS!~9}LiwlLoWrq@lKD?+#
z18T>Pv)C(|O|fJ_zlBWV$M6-acIEoVUeGcyzZ}1HYrlzACnAV)$wOenL-hKoZVs_h
zSkwH5ui)LeZbBm9Ct95=N8juLru)9#JCp(I6UDP^OG$`M+P<9Gh8i==FJ0IJpQb{W
zJf^9AH_AI0yu|`kNgiNM4N-lP+kpDZ-uh4s@${
zpxYzNt(3Mx+3I-J8XMg08`|e0gD?S2-a(Dbn*2lL3yQz6z
zq!9+~Y{hoWP2k0*^P85qfuj-x%2Imi>@xLt>g=otY-hteh!~bD7;MCc)=odqkUKP17&!sEauLd06Z{>wiv#g8cvg_{DQjAHW2#?p{(a_r||%f^g3fWFwa=p
zB52jXvBGPjrX}_5Y@4{Cz-3`y2}{&`qNW$se1>r*74tii8E7rr9FUCk^IQR|<~$fv
zj&63Xz1L(t%(9Dk?KL@P5jc}XG>J1&AuPcGo2wv47`06;Op3SL9ZK=+L~H^<
zH&1eU`cM9j($TzWI=J;)*?Jhe_?b_fX)+l@O$pc_GY7
z_SuWUGpypO$?L#dUDaFIpjC>}JH+o;>or7)#la9b%S1+t_+BcOedi586_;KIYyT0z
z2Juw#y#(Fi*zfU%u6dBQbs6w7*+y+N@8M~XDIOl!(oNrW&-f)NrENVKn0}*hl3%c@
z*`wFdvWN9mk_WK>Vqt&M?Me-n_o4yZG^skzz#5bj(4>sD&Qvjm=bZ
z|Cj>mlZBp*3FT`}feRm?0+QIQ%3ea}2Dino$EKU)W3xBqVgZSLp=YEb*LL14Xba19
z1mYRANNagH?r2sn`zlSleQx)XI>U9zJGExLa8s!FppDfX>@7$|mqr%vkSksb6D9NJJo_Cvz6vhpW*1JiKm^i)^`{Fj>0r=kN2q=IwnqcMR
z4vi$*cj(5~dhc7_X3kw@l22$F=efe{5n6U`qg!S!>j(8^7Fu#FU9QVbi_U}+(0CYj
z)Urs3SAOZBCPfz*RaqA>RhqX(>IDxa@h-kzj7$%cZ#s0NzjPfw;0jGB&%hxI5-PY5GVhf^%L}rP)8q`>!iVL8;
zrCkhOGu^i6fezFjg9ULqAQxIbp4fxW&K7{N5589V}*$T$tI5swW
z9BeZ$dpWrpjy6OT)etThjYYu2Q9KOhm|vZt6~`bdHLVy-Kl8<6R|^FKn!Nvise2PR
z$+EIeG*v)gR1|q`fR=zQG);F!*4`Ek)m2e+R#$hGmBk_|VN_&fWmIKmWJg41RiU=1
zh%ADDK0#;14Us`dP#F|O98ghFKzy=@zzCy&D~#K3L?841-*(Tr=bjUHiO71R0$-hs
z8#nGf%eVZ$ZPoxQ?AkPRLUReoAg^F+?1-4Hq87D^!7lxKh$ms|toE~NpE(OVx)fyJ
zVCLFZzML0x#w;EfV`p$v*%;Lyfx+;sMvT;hj_m~8I^$1~-zai3dq=06)ip2GuE^NE
zw=DwKVIv(T7nX3AVqoRHJn`-w!4I?*#8
zTz5cHszQ{9WT#O!mgdBG)7#pQrBjlk+c`c&<}yVkO^XmYm5Y(a_4p61SLqgx&Z)PHy;t_;bY?C<
zaRtn6fn&x|i9#iln7N)$6pUQ~Yv0c|id|v>Xj4%_4iL+bdy>%LFSv7%D=WX{eC2r?
zWY>d>vbUArg&kfS)@jfbBridC3&jf$=aCWknrOGhn3;L(
zH0Zcl8tSA&p;u=y33v<~c8kYGoPy6Vd~u6>Av_oGo{;^s!%(U-K!PD58SRl4vcqW7
zK-L$^6@lXh*wC&1gRJtXcz}qG7^p
zl$!__;zp~7mzEdvp^3acnhU?LS;@J+UR_?ZvjL8Y9oIe&4H5Ac2d$@NghvU-&2cgh
zk?~$_p4Ko2iTZWqdCNmYc!k6fy42d|>WX8?I6;sRUBR$|R4-&RTKR^q7ILPOowfr5
zfH(jUwTbDRH6Qa%O)FABT7(s`@PVoW9FakIpm)H#(sM0oj+Iu;YZ57h;zGU42256G
zY1r!)7|~vz_<6eiYjVdkgw_cV&s)gbue)eOcu^%}4n!*Avy&zwC(>{^hjh7oIgTiR
z(qO>8_hR!rh>K)gUuR7sc0LP(HIy
z&dZpD&7VFKs;p0?nEdL0(4;^eJ%YySk5WKgqx
zMKTW^up2r-#qiAjsuD1U1!@k3ze=sW0}ANk2u3@)VTM{(a#2=uV_~&BSVw~6RdDG@
z-cR19F{OO|(Fvrgo$GH&(yDZ#cnZaW$+oJiA0E^k5!ou62>0}EmSbj9jy0N!amwcy
zJKVxyi{*rfP0~Y>=f9zyQOJ~xpBpDvie3lu^@+0>UemN{&vxqu&gxwq&FdMXISbG6
zw3K}6mrmv$stb5x$@I>SX)!4iFs{$cu0+P)6DS*|VwY3qsL+5GyQ#vm;!i5Z7Wd0b
zO`R?(vIt6B=N(r^@?1=QdcW}+N>E(xAW(mGFcEg*przCUXH1?%yaWPJuR8iVPE(eH
zFpr0vZplK%@t$=-4O8uOiFV?H%zWEfL)BruGA)?x0BFIZ?#h6pCa^6sPcS1J5NUN;
zogaCP-Ey$Qb-Xu+Ud53GHl{k7igXm6LOc_T|7odp(zvf+c0tqt?^LYkXql4=tQQCT)=I_Md@(P6~zGwC!&L@44
zfIdkV;fI};GIMZ$^@
z0ou`_3SG~HYtWs{NJtOd`)#U+tARbVlG)_AgY1Kn#}|w9gYTrcnpUq7m7X_7#JkdJ
z0WCZsQQ#;%<5GrXYsJAs1ia;p(sPJRI!jGJc5ydOH-e6UgG8%ZPYm
z?w>3)2{H~5fn5Ec(aP?kVqU4UR?rqhw~w5Sq7E!KjGp%lpvJR=?RvW7)7{ZUY{aXXe6_a(Wu~qzc8r2)1PQe
z6}c9{z*`4(%-Mp}0FOD~e1Zqep7Y_$Sm*#%P2<>sxD_FaZn*guHNEu7n*%D=eH{Ni
zI|ReZx$n;r27pa`DF-)Rm;yRb0Fv7^3Iq6g3+$mYm_Bpn5zHf>u){|%i-;gUKunFo
zm00{`o_o=a1HIf6=fq&?EKNt2@_Vh2|oC)78lK0IVMK}GGA
zvL0d&?KU+>-9Vef$r^gQb~jhXNFGqYxArqEc8+ly-L-*K@HpGE)(jSLTu~IIoj$!R
zD3rH&R;OYgU{&EQc~-zz6@;_NZXBH&`OjHOrAz4H9F;CqMJmjR3{m`pa8#=-LFu=o
z?3Y$CWhWYm;o}r$+qu1qrepA}(YN#OQ=iLJW^ML*5(~y>*LuvxJ>*DrXUHuwtp>45spo|y?+si5N*}iX>%3Aa`p?}I}(A_
zVCkS{PYFXh>>ENk1$P%u62&PIFD7{_DJE`hrlhM&Yns7ko0^yIP>&Q*mCzjb0<`0P
zpM#%J8;K%U=78^l1Z)nXI_d#RMM?x+x5Rz#X}%(BHm!Wf^<>~-@8Ed=@tlxm5OP+X
ztq_sLR$8_SvSrBaw~I(uhC+a6#PPQf`3x5~D}75(SzT@89E^wqCFJCBPoFDzRMg}{
zL(emVGL!>{)tOMU1e&Yh=xD2;v33fI0Q>9|$XZ&>-#@HAi;T73z|NIdBCp$-2BRWqG3E9`xcMMnN;hIw?N5c(-3G};)0$cg(bU;TV
ziFkp6#iR&!CH0f9CiT+_52K`?D$^iBzvt6z`KjEu8PeDB};If3!&70{f%g@;Gyzj3CQ9KM}S_$}-
zXbE_p2>`tph$mSn@x1*Z+i*({!>cc%T+=hjj_uOXcahpWUh-A!4pR&%O
zeE4x8@HLFl)&@2Fx5)k5A1PFa=kd-W*mxmhyrHoX@nCtDdBAA(iwR_|i~}4rwRB2V
zzg$ij7;7}UmDGLcGDz0kqJ;I4tMe|_4nCF?0iEq)Rd#SE_0{{kRtslSbk63Q=0?WQQ
zLU})MJ`Q>T;)MmH1MUd{?^~WyWw=Q_$Ev3tgqp?lctuvB{4$FCR8cLL;-t=*t8ALk
zY_hf6cmscZh2KM|uZ|HqI6E0ZvwstXqg;AX2G;Ff=FUQ)i1q)BA^K|Da{^f#
z75aGt)wL-y)9ubaA{!7yimn23r+IMYEC7Q|x$zdW$vH>B`Wj8JJ6nr>&m`;_iss@-
zuJgkupFas#dO@+sbuP#=)Ud%FX#^Lc6L4SV?M=c~`zsXJ%5E7?K?vi;LuJPELgYOt
zXJJ%t6d1A>`g7~8$HC!9`L%c&7OwuE{oYe4he(m1IXfM2$NGZB^L+K=rzmyh6}Ymp
zRq_f^-S0NqDrm4tYePmmJhhFCnG9k?h#y&Z6oBmll;q|)=24skGYTzk17+TOmrwM!
zCTpFGTvV>ZI()N(rvVq`ilhV)9T7By($6A6(-tfp?*BuC>Ky0fNsGdbQQM
z^;RIwgPyLLn3Q-PiUQfUXfaC_cQyO0EYw@86@o!v|20gfb>4IHoW^XuM!V=j+W=6@
zFP+Ev!%3i;2?*ig;2L>()500jpCWFJ!{=c?0>NNPOuBGI+}*!&dLS88nAGMts0-}!
zo-?<|QKi}*P?iN-gyO)|hpeKwAn|#x)$=NwQI@r+5m`|0CVQ-zb0qae&EcpVLNaB>EiXtYkYo4D0>=vqzrrBG1!Ko+g?0`J8uD3>mtjo-$9JG
zuLoo^G@B=!3OkD*{H~6m-gs7GMF@&O#S&zOY_D>3siO6Dr%BL3*hw@6q5cS^iT$z^
zRl^t&P>a2tBOG05fjW2=R5k#tQK9Xtnd|wfUh!K8RaG*6LDPc
z&7u|PdBI$?dv^n-+LqqlcmvZlt`n1XZnz@QcA_*nn9rXeg{~bCM>;EOS4cI_rJNt%Li`LMR@pQV$O1
zv(UQaJST%u7P6&#$9)JE6%gIE3zWAiWh2lM8+?g8OjB=BhYq@U{sFM*pqevR`L=W
z1ZXJr-1B=pth(StQ*CEn>9qo<1v5BhS_`(9Ie!ZuWPXprC*}eX#o*9!aD2Ju_U!?+
zbw@oHxRiR6yEqTV1s3V6SMDgl_8i5)@1jyBu2hTLpaW_Uc_tj$|J&>ssiSrSdX(X>
z&=;UCaDsWkl~Y%Q%0o>>ie!Iq!D0cPx0xgOiR3YB6g7D2$B?x-M30e06}&Nwp`Z_>
zPcv%>8oEQdFZ8~U7Im3f&?K9~`bP+XVbz)EFe_SDl(>?dBhtIMo|$cBPqDXhKaukV
z1&w8g>)7NozQPv}d510@5UbRXfo#?N6t;$FwZM#u#i-@1(5Pu^N{>U>c@?UEF%u?q
zj_WSoAxm5+1yHnP%8?GdzU27bO}4>FJy}?6%8#P^b?N~<0JjV}yD;K!aSaJ;nW~|5
zxePaDgXUnMh|?iy=vHz+C@6nr)ZNM{(G*`@`qTCv+M7l+VNaW*bVA@N=`OQuQ3byf
zST$hP4lkV{Z6R+P0rF*=m+(W+l0n&1D|!p_saS@j{;3JAm;Zqc7z>Czd^E49U2n-`9JMsXJ57)Oh
zHYs-c+(2VVX>+va1V;l2)ltHYA63arH90#zzEpM?xa&f#q*{Ugov0LmYUygDz_e
z9fWG0S#^T1Haj+#H^oiB{Rc5BEwISmP?e9@tNw|QoI9()I+bTaNkcs?a$PYR2<&Au
zYkn~!AjE=N8^j_~X*Qo;uEO#3H!7CLB=J>}ZmsxRWhgl-)KtX($*Jb**o*Y^HYq&D
zi1(u))edz&++J-ISJ@`~7T$TTN**Zn^*2mq7TRhN#)4ew;Wi|#V9s0-i*{^6TdZ84k=0*lL73V>L#tE>mA#Mu^NDAE2xx5C}K106;&v;(Dqe9UVvS!YofZeqY
z7xSI*A`R53TryL^As^V0UbJxL7!PWb=}>S1eo7Q{l%)!1sE!Xt+1IE0MGT2VD=|i;+YubJ~M%9w1=&N_T`%mfD4T@nGQwYC&G!-M=~^V?8wqb^Wb$
znx*3(XEX6(s;l0E-;%(#I%ydz%by!Ne9(S1S)A;^8WxBvp_Y9u{tJxkQv1OXDo=y^
zXMsf8tWz+LeZ1|Lbnmj+E1MzG+ONqWMYJRJK7k75HGpI!nf{^{5ru3D2b+h(`UoeM
zGKMW25|e;uFcz6thFdN403ff2#@Y6e1G$0vlyo)EP@wW--L#iuxNJp(+t%6(hykY5
zmwIbd4@T>KM1P2W2C2x-F_qW<bjCoekfS?;@N9l2}dkOsXPlFSGD-Ge2qCVzJ(|)
za=oqf*SGp3j@{PdlVgrC9?A;>rjEdD>?`_xkMUCUHiaT0ZkyJPIjX011SUhzYmcBd
zSk2`nuZhJ+NV_n#yJPo>$`;$5*%!!WXr5%t#ivLaP$S!6sT6?4P@#Ahts*6#F5SQ_
z?m&BdYb!|7z#;S|F=E*D+Pz2sV!?P5UbnbBftA%0TTIwB=W6Q{7q+W&O-DYGz3lsY
zc2n=8s8?V0YZRQ|M6x;J>0s+A2IjUh+~{jAF&IS@0W6UYt>{
zCQu{&oHjS*I$0=`$I7h+E6%XBlN3HY1*x;02CY2yhIQH_zQiNwQ}Nz@z_CSt__I
zuxga`vcN#1%Ikxf^zw^t@{>l{T00l=w6CMFV=Giobg;R#jc$jgsAF$uV!qV^!hcdL
zI4~D9OosFnEP5>ukE;xbc-!{sG#hQqCMM&Cjf$F9*T
zkjirnSIKnOz{2;qiH8N7I!87%bO5Xw3^#-{_a-gsi%rKYDELMk3M+U94s}_nd8oe}
zXK2ULg^`HX?@7~`v#epkj*Sgb@X0P+=%D03y-lbeNB2gigcNedCL5iL8oA&+|bJ^={NbGAkZJ-+uf=e%C(yJ-o!yIv_gIcQJ)aM)ha54#Cv!E;bEhMJ
zoz2qzp7_$n%s?osMsxA7*sR{N8`yq;>yn;PJrb0m1TH6*85+-
zJ)HC@Z-u4N{Iol#D6;KB@`I~}V&S7b(x<2+lwY3b8O*^_Dot^FL!H!`ej5Ywj9`_v
zz2;s5BZU2dHV{&hY!Fm;_Bl}BLsZ&QAg_R+)#F~Q%x9J+a3mHa0`Y-S7FEHMS-?(q_YH;I~h!_
zH8T0KWT*0`p>;ED4d}8E!fc{BJgx5Cuwcx*t(=9g^&%#G3|WaPaAve_ZDqAyD{3!r*b;1=XNage
zlvV5%l*YETr*h%7!0m(b?tTz=YwsE&1%?~kBW|98fgYLp;912Q(M#60GF<79R9x_g
z0BK5EZ+7|=;XvW%9%{otDdEOKm|pJP(v0tB)k+`(WJ1`*7B;E3cnZc$=}R
z94E?|ZDhhJumsc;h+KblvN5!f_q0IBt9b20YK<%r^wHiqiwt#?8ueO8V$<`+Q7r>I
zCtp;Xl413dR^EYwOUaqqX&q+2&T%RQx1@LngVHgbIC#9GCXC+QmNQQ#_H3a9UKo&f
zIshLJSPta>b_rUzSZ)#toXpwa0817lGd`Y`Il=^Ic*Qim5&MB6Zv==TSL$)~7W3QG
z-+?aUl^&oj<2zJ8#t@3Dc!00l(IMZ3CX|Z$BUr8Z!>~mYq08KhR#?eA#3d`tVIf_K
znDNeX#Ou&tVKhvzyjFtu%Yj;nd6`R`pkd!fLD+o)9b7c0E&!{u5is;^$JUB?rDoKpgk%IiU8aQ
z@@l2nJ+_en9c9VF^*NzVe$;E)gKsqJ!U<+Ao=0f(kyx)@TlI8uy@?|c7iNO5k&Osj
zs-kTb&90@Xos$aWHeb^Ufyeig^|k|n0AC-MCPIwWWl5U9ZWDEYF=mQ0HNISNceY}H
zW|Fb_yx1MDDJ65HT@-Z~6;@C+Qp+?`OkiEZr*()BAG8f0jVIt{lg@CpZ4vlj`d*|~
z{c@cyIy64dQ+bx98DQ%c-0-j*v3BG(Knl?Y$$74#%>M(}3NYb1xsP4puR_{!X|)5D
zeuiKs?dSTO#&VCZ4^MEer9|kHY_&$p4feN1t7}p8T%_0m_Hl}|k~30lN5^T3bPz3?
zqgAYrun!;)?vl3)rlgE!ho_#V#l8=Y$|t9o3E5rC5Etga^~GSov&xNv;kC~%8sOkt
zt*HqG`XhKjFQ+f-WDq@tZB*kY?nnoh3s;{e+Yp7TxBq>$cd)}Y57@(Wc`+*rT;G$8
zGxANllam=hT*M|ee>`OR6yt$o!`QNh;lN1`=b##!k5`K?BjKTzQB1qDR_$fVz@<)i
zl$?hMQVRsTK73D(R|b%DHX-H)<2B+9O{C;OmXh=~CM3y6g341AxXTc0U|mah<>@PE
zz+G9AY_O8R!YsFWu2EY-BT-R~f(#nwk69tn2KKdG~HijvYOa591abJR(E
zQP_nb)t>RHEYyO`9e@Wosh94Cz1BK(Lc?X@r#w4E;Ow1E32s)_&Dnp#*2gVx5746<6G-OnBCcm7oI`LLxdxu<`Mh6b2656iNYyf%Be?
z*O5vrNTG(*evUEUpn!`Nl$)b+la~9yT&~_Jz5&Ui${aU`oBi>2Zw&Qe7PpJnpk3kkf?ZoZ7G`KoE4o|5ehsOwaY`{nSE)gDRv9{opC$>?KV~e!Z0GA
zJxR$7?{x7alD|1;F|`*^(P#Qho|ABzA~tS@yFdQ%WzzjN*-51+
zbbQL9r)6sbTX%=lDDX6k8j#(c+jJ7@-8!5PUL=PR!;9hjHZf(1^?`$dn;l~vxA;>s
zKe^wkFl8C{Np?_?X?4e>WRrqbX!(oFK+l$t#z}d&*eRPN=fCDzm0B$UpFlgczO?@htTF4%`f%~
z|C_y>P&*?&jWP~MaXh({pGq4Rn)+SPpU@uHYsV~(OLq>VOF^Q7giy<+slVAk_mSfVT^PP
z37$2pl^zpJxvn#ZN~+O2P=1`e1M1)bZjV%cn)f>GwxjI!@%z^Y>Y3`c`bXBMyEGBpL&kr-E1QpNg{kp
zcGg^f(AC5U9l$B2&e!P3X~c@f`tV|l%nDL6_}>B_lC$cbZKSB4Md)(nGpLr2+jAvL
zolnVYsMcWDBPj8JHUK%Y+3$`nTvN>ya8)+8(^LbQawwK2;W17{TdUN%OTD??nThUGIc9+Op4AV&e7_qe|4)*Cx`A9e?R;^
z2%{`h;R$(xLhZf&!49F&%z-cghe=Jb2{2X&>tq!iTArjL112#NwK4Dn3fh&baOE4d
zg2CTN>xVFqR&`tzw?rtF9^<&sbcfi3G`Wv9R-6p9P+~XX{8Fe}Zdh^UTnHR?;u1+_
zI$*W4zS
z>$_@8>>`RrCVi#@ca!=iRZvRruEN$$URs2In-~>pQ2?_(LyB2gyHby%`Iijylt0&V
z6i7!HW^92Zo#DBGYI~+SXY}D!u!+x)20H^S0#E%Y$3@((L?r4;RF1eWH0N()**;9;w%O
z^eJ_!vY+#{lH<@NsI)dCPl}4hpB7-kLaq@xyPtEctH7cQVOJ52DKihbQUW^JLD@kM
zB`V(`vBB4c4V+;tcxkBx#+-+aq!^xXu{_S3-0@R^*J&)Bz_#VdW>%g&5SMLfDHsU;
z^U#|)77d07cru!MQ;m$+BXj}4
z0*nGVvLy!%_7AHl1f%eoEoySHW76Kzn#KAdmwH@z>WJj589Hv#`uBiuq#oO;mY#h`
zn~OZr5x9y?Gz6BM)CaDMM`C|bkQW#w2VWGITzp4S-77j3$jKRVQQYd>T07^J;Wfm|
z+1%TZcG=8)=ID14fL{Dg@@mCkXg-dji+Vwle04!i*j`h^8dF=PXc}T6j&Z9uscOKwn%K6Zia9|U6WvirG
zSN6imP2JLaCj4-e8B48AMkG%UFAjQH$pEnREb|MD0}5+7izYq{ZJ^w1W5LXp0OQao
zPV`N@kHM&dc364jggz&_vzZ07ZT1vN0jt1Ol|h>mhB&$p(DqoSH|xv2?wG7_NI
zEChauw((;auIlFVgQWP0w3Vs~SsON;OAr6`wd0;FVIB?kp;kzYz@UpQiV`c*+lUmylVt^F3`6qNZwCqp(A
zyy2>%(}wEyCfnWh)BVkh6Xb!M>rb{vn*{p^nn`v3VFVJeN&mDsJ};`lMOf9@bm*JY
z+gw?kdB3&W7kIbP8kZr
zp>TOf$J#OVI|LcyGOPCW09#Iz|
z6%Vkv&6YJ;UtWO^X)03(qQ~v_uToW4eh2=i7|i=AR!{yZzb9s02`8#&r9y6E0TBw3
zgJR@K2nJIvs-pVCv1j#SjlfsPRN_2>uzE=(yi*nN(hB*<7njaKw~=T}ykV=uR+lHqm11|kBxgvGK!%x(n-i1U7ikh1TNVpJD;rg33eIhc90I$Ts`nkAnp^%qE81=
z-~lY9y5=`svb`kku}iDsa#-!Q3drulz2wo!Oi}7UbX3~h2&Ct`w>qtqsZB@=rshb0
zvy15H&R})vY2y*591IGf(-#JlD+A~Hrc2N&Y^Qx-r@OvQ8C}r7B(4m&p8Utd;lQPc
zM=WuAO<-I!QGT$INZ-rb9$*Btv{Tcrp%C(%RE?OA9T?JQd}W3X2Yz=xuSNXK-HM}7
zB(i&+=a2oNcZMcoCyW;1hgkCf{g2}vZ4MNuS?(egMlLRB
z_$?U8nQKxKJ9@>Dyt1&3_IIq4qh!=&^jzbhdM{=-^C%~+L0yfC?2e^B|B6PQ6U)U6
zAHupy?gjsl#sId|A(zR}*jCP*Sz=PkJE-h{5Y9(
zt$7F?eoDvBP9MQc{i}oC5Q%YHYiQTBj#I(4w^{#`X);FxPkV;tHG%4>F6R92SuZA{
zP-qMZ2S=@iil=}WzmKkh;pSFL%Qx?00x5HXYDNu5#Ra-%M32jaU#rlKh-^7$mrZ?0
zGeYDmd3R<7e$ZPdfIuV9wZskD*``gcM)hp+?~@QlX5}8>eyz|VEqo@$ig29yQbmY5
zgitF0Y3p0^Q&2myN(#hNqneD=xPZcKH=Vj3;B;Zde@o1^qF7Ph-C0Vh!(M}>oo`E=l|;eT@)_%g
z@GcbX!v=9HW!O?|gqcueTW%5uVVJD)0>xPb7
zK8YvFr?&5B-!Gv|Ggwa$#VPw~-`4O791`T1SX&rOPD9o~zbmo)MIB34;Utq{PM}8~
z?I_N$e(o50@e(#~S=|Gxh3gmjI+U&h#0sxo@QnmGJDudL%M5$2%DmAW;pnIC9OBfS
zD$Xu;WVfw=6uF%&$0z3sh{RAu&j<$-Ln&BBiy11wD(&}B>|AU|`1PTHdwp8?~pH4HYdnii1lr8xb9X6*hHey9%69rb=vUh;CAMO6J|I;N@(9?KD
zEPNfPjbGdO0DYD#@1iO1aD?tX1j&W5ZhCeFX&UrErg^eC_6E-ZCEb=)(^El|MpxW(05Cj4Lx1
zadc0P%LJybxtI9Qbxujdy*s5MWai!l;(P~sw(wb4BD^dmj~Rd=kqic(?S>92cXlTD
z69F@0H0|b3_Rh;HwGBFdCp;h3x+W(n{710wu%=rRR+B5kdEjA~r3fkp_Jbyn6pO%$
ze%a|V1UGr8^@7T|*?d@`8!SRQ^K+)`Zn45B=&sSGH8TGRyuoMUY~u(}0Uq!etf(1a@B
z<45i#pYRk%Yz2;2!~1&B9sdbZ5GG^FE@K{`aDjv#m#wPkx6buRGSzCXpdzsX#V=yEvzj2T
zE?xsGg~FIHv&3Eq%k#?Sk@0fRhzqLfKUD#-Ou;N>ob0wR)GVcnp)?trvlPZr^*htz
z0U7Qw$ATHUi65sIrHv~XnuuFvE(j+BPoV0u5Wj3^xr%_I6d{DQy6T}Y5>z#>B3-hK
zB;^E2G&IdhJq&|HD$)`==eOj22xn0zS&O62WN`6#F
z&C2}sot5#hvj&Y22co8$gyLJ)x1Fqy!KNJ`Sqi~d6Sp4?1xo6=ijdI1aau>{8{$E7|0
zFG2kf%+7J^wYSip-yQRW5f}999QNF#O>xg>!an{Yd8|W)k@uSZcK568IxfTi%C=q>
z$?7if&tmWcc?+l*l{DMk_S}}eygVchMp(X=SszJ+T6_$)5moTV*ATuaEh)(@F^h+R
zI6XWSoC9~56y}AEYbVg`r;94Dq#QMP#2txXm@@yE9|Q;#_Pl(f!3xT3GW+Jlp4K8X
zE=tAW+RSnx8tk$9GwZerClqM6+L(sW
zp~99v4w^0wAoo3rGvXx{0+M338TBqcDOqV5(a1o}XyT2Qb^55dni1Isc#sI3q`vs3^-uq=$4WQBCg|$zCr_oH6>IdKoftF$rgzb~md?;Yxw>KbH
zeiNQ&H5l<-`_-vWD&B%P=#8b8Y%zDQk~e@_y^MgltDQ0W?$K6}ypFPc(&R;fp*6B1T^#5Ud3Py)9aj3!fIrbtwQEYp|k*3$3fH`{=;vZ
zj-2T((@rk1?~3oy+Pl)vw$fP~h>Zm-A$eV8l6Omo_v`7AKf>NKw3w%Ihlq8eilWC~
z65H1VZHC4{xwQQEn7pizw=Ueo+egk8WeVK)-gq-WW_aZ9VF;%4I0wr&SZ!le$+t}o6+Or5vz-KY6e?WPi&xY
z<#?S#fTfCwkk7p#Dl@GTB!1b#$>gL3cv?)p+6)8#O8D}s%XHTB%`=Qd1soYpn-r{)
z@O8K(r5}j^go(4ME=lB}Y_t|u2cz+Xjm%)l0^u0lKjg3HrN(c2mGMM(6Af<$tC4(e
z_yJ%M(Evqy-s&O^P5R6>oW3tplSYO+c2z8w#j0He0Bv;2Y(wD1Tw#!iK7r4hIRH`)
ziXwl~{!J3bto36grY2YThQNwKX{PxEIO9ao+M0J$%CAU(Gd@Dx`VLokaskdL=CS10
zc__Y=ImvvqEx@Rzu8SA?4>qjL9$kUHM427wxGr2X*aeCGWCAjx?BfP`R|I$b14IMu
zK(sFUm$N^0&Gtdd^}8SDIdFKK8@QIjeozv!lg|=!071!n`*Fy@j7?pi$b8|baNKbI
zg=1Dq>X|as28Wy$hA}!ZQaGQMo$p-NOr)$T79#{X3^zL69@^GR=Oc>H=uEm7(YJZh
z7Gu-nHuHF-P_hQ=isRHosut4)34Z6Op)3P1FeHsrc-m5xDrgz6tf;1vrC4yevX1X!
zkg@P?-%Z^;yj3tkgt1|&O6nq%MyxvsrlP9EzmFQUhSA{}Jh{m{f0^ax^#kub1F>YQ
zHnBh5y7+)0K_gUeh#02GzI-})L&?YcpmyB0bCAk<)4s?QQ;VrsT2ALYke))kP?m3c
zv8np!ld$uAM)qN8HjcL~-6c_#)NwnnE~eK}&i3-uljI-*b&8(f-csX)qvfYmS`qco
z1;rIOK@-^|amj>sk@YBIlK)u=Qi{K7e4>aWX)3LlrS+me1$`(vYH=^5cbNQ@<9;xm
z;b=e^Gx8>0I3OLhCMOs7!e$LDiY7NAbAt{A7ux8LxsXkDy`4RV5VRNjo!(l%cUeP;
zv}bHzI$wIGUo>B-f;)bi;fK=hYWM-F8Lsd27gkpW6w>60os?=}UZ%=@XA}rQ-x*0;
z^rkAlOVx(=3>-f7BA*XwZQC|I?VbDq#~KmnL~p{IL)(tw8Z^E}jcUY;KeON2s`Y}x
z{4&wz)Fu>`R?TUeGd%qnly~G;$VtoCGGFf8>Bi}@I0W`g0kpWNz>SEctloK`)5f?
z;0W)QGl&9UcvJaR=QRQ*mQ@MIW29_M^ra0&$eLPPj0|$<@+dr*IOS5BSJjQPy{g{7GnhEq|4TF%yvyrY|CBqMAe7UnS%#w@Xh(P=i{C{eLKM%W-H6KUY*YSFBw0mv~qY-yGN!_g#bM>=Fd>7WO351aZ;h2b2|Ksh&Hm@|ea
z2u26jEUGeyN=5%-bxMw==hyHe1Phj0RMlbYg(h2(xWewVrVM|FCKH~JaRs=nk
zZ?wc#s-jxpf2S
ziP$JLdY>kCA;p$s$NJ&rS$k8mze-MObh+KuC*>R4oHNx$&U8>!+KbyHFyF$5I*7cE
z-%svBQDG7V&yRdgQ!$`NW`d%EP+DaEIdLo^7H8QRWSNuOb9$?oEaFNa5k6U)+jc
zjwir*&>Y{csP{sJ6+A10Gh|AAS>TkkgP9RmrPX$gFk};r^{fv}C%)*oJJ&Hv+t7$1
z8;sAQp32~=LRR=Wt{jArnBi)o#XVGO!V2)!NZm^{N9S3{%Q|K*bUa8m!h0%nnP{MO
zYUf8>>xoN=f0MsI3yuOhO@)C(wcvk}Gd0aFYuLLeO;=$F>acvUj*MyS
znqx}*Qd`$**FR5G3Oy%=GPK|g)Wa2N6iCN5VT1_H08?NMg*LhwbELPBx}lvR;7QC3
z+e7T{SyEN=_U^bZplm!s$8Lzcv%=5Qsmi*PMo#{9#{vnf!8@0Lfu3a(m-3iLnmgGy
zl6c~Y_L#08zmMYwp0;3yu@{1n;wQ?upgJK$Lk+o5duk@&)raHa+RNm_ZBim|UJ8bq
zQ@#mR&+kJq<2k<%*G$q@lR8xuH46l$rFt;g9pcNI+a{7!DO@ws-%ZsZ*pHkcAhJjP
zy(%?w@)&8;5|DdtyD=;AWq2#yi!o_!d04WS>#$ZQ5CpPGFf%$%)Py^BFw-G`Q_3D!
zfHMU0EJiMPX-AezR2q^>C7Z!f1sV||c`
zu)sQmrlqP5vpl)B-d}m@i1cq~chtPI@{|f2&+jf?iGkEC<3kpp7xL^Czq%2mabGJ!>|dIMx*!B
zs`L?~oxl7f>mwFZr66TZnlhFWsfCl7bDkmYyg-a|XB|~*3t-2jl(T?Cc)7Dv0WXd#
zfr2G|S
zLNl#Bd3uquWxtP
zY2@0Yc*d*SB2w@;q}ZJM|aU?$$qty3LjLZARQ`gQ4M2s1?e?zG;;
ztc5i}&oirD)Uvg%V{==CUPbE$&ZT_qMPX$M=lFp+nk&w=ew!iTTn0D<)e(|_>E$GX
zgt`3uv1I=IP9&X{-Twe
zsDy5^E+XEMIUEQ?r4&MFi)@_L3l<%^M`UY+s;ix*=FXO4!s{&eVm--$v`MEu%OeDX9mGn1{V#vJUKv7mFn2NwIQW}Oy_
z>nrxyE1aaLUeo4>wxR{e#bO!j%~f#f>pwH$Kx8=bxu5%u!=g1@GCr(Xvk#_3z6*|k
zg{!F5E&yYrP)KyN$26`K(npeWi-WL&udMVfSW0w9+6>;r#CB(NMV*MJ@Cis|3Hz)T
zF<9@8;o`-fv6hBK2Wb6bcVhz`6^^a1qcsn*Y-u9gOU0kid9hK_mFzTOr{;(83XX~|
z#+%rh1|&I9!gVWiT_R2dI+A0*qXwXlgctHUYDqd0-1v;qs
z0yaeizD69uf)?L6xc}Jr#BdwMJ2B-@V`=X$ox4<__Hq?qq#;{|pGBae?)sJPwXp!5
z1x_6~H_@}nDb9>Mg|{o^zG<5ei<;)Ag#}GsnqhnHBuHdOI$DkI
z0GFwi6_tN$bd3KT#+tC|gcJ~4x_vlYKaZXcycPB#y3_rOH6V{^HEZ1oE%pSLy2i%H
z192%m$6mNljCvo{UB8y;tSyg2l
z3&v%TGVa%|#r}#H;?p$GnFC9;?JEMK$XJK`I+A7oEIn;J!tWmhz?*GJs8jJ6jtvxhEfYtH%9*d|qOl(9%=S;G|2#&r}+chhI--Qh(9LOe$
zvbtFbwtCX(Gq)c*-RX?CFLahVm&T|VvqR;OZ|-ebLg*Y@(HWl+t=~&kYOeERW5ps7
zSXzn*G*rvdjb@UB1@_$RZn*%5NDEZxa8~>U4eBXULM3tK016TV-pQ%7!F;S^v2#ky
zeNUglEvo`j(Ta-Lt0v5&JKW?;{R&TTkWlgkWyFc~>OE(P-f*ZlGVClTFG{|~ehr);
zf0;;o)p)w#z?&D1|4azj@?^7*FBU`nB#h$5&ZNe`swOh4M;H;^vvJnYVrB6(Vrp{9X&O~&2dy0#`lcKdAvMX
zpUjXS#k-4htgKPvd7yq2^Tjq=7Pl+LZTx}G(`n@E4y}*U?5lf(H8Gln{9M5W
zPOl2(WjJI{Iao$wleH}@RfNr=4+HVi*(u1mMAB_s>M~$)lE;61Cu19rn+i;@0MncZ
zQLT$7;>HYls1S?KnSbW4nlZc#2`p4@`=Cn$IYT|N=|p%(FAzMb#d7sE6*H_VDhT~V
z@;@QGNLi)E^-HJ<&1Oo47O*NeEJ~DoNWJd*h4sxoxnCGXTUlK_8)7Cge$s@OyO*Sy
zgmuL+m%?kZdR)Bl`NllSy8S*S(nvM@b{S;l@^X1WR1=Mty$cT)mby%5XOLat^7A
z9P#!k-hg@43E#^bv{B}n=|Dwb5MLM6NV|tyeSZj`f=EuSuNYNG6&#?H_eAAPCC1D_
zC}uMT_4s6J?KX+urZ*!c%@FOZ9A`CEB{t2G7w3t`qN^_ARioZd%24}UmblxVmZ}@I
zep&g5{AS{X#UYBiFO+{IQ?y(5f377Ym^?-6Bs5cB4&JE!##FXdlr-M?1zr{UO_Iqx
z9<%e}K+MYbw5X})A|H*9(;PtmgsLu`zJR1KfFk-CL#;UCg;Ns!C2r2@m(S6v@{)ga
zR5w9+ekbKfwp2K>L_(q@3zfxvi5|!^F+Dn31QlL@_I0>}6F~jjOXUDfO2!ZgdL>Rs
z#`BW;Eec8Q>~3ejPTqZaq(hsoi^^2BxIu;``kvXufie!_=T0$OkcT{oK>Vf63C=Yn
zcWa+;{fk@~XoPC2ojdy76{$s8g3jEuCo9PWiLqN}*3Ekkvx9Dm-Ga&$g}5GpGyLKr
z@|R?WL@~Rf>^W~j8=n_vUpNwrpGFLt`yR|Rp*
zm^Rx28M59Cj#T+S*Lxz8G_f1ICr#o6#MRoyc@kPf>1NsQP}&
z9{^6Zf-Xq|1U&VRZLUZpm_!CJ`p7&dmC9S2$8fQb(EesMzk>Cxb@|Qu_Lu%3Rz8#E
zQY0$s8!b^*XstNcHv|dv5G6%tU9>06>?&au^=n9rHb>gXiT-#p8eU84*=_0*Nf?jw
z@MT$VMfk{&Y2Pf+m(QeV#5-Z9soV%*qtu)UAx?P7Rg}vI$hbsGsq39vIAtYE0==sqyT@6vDqeMe%bkBxvFw-2
z*i-5S9D{B)@FQZk!`AwAf;1VZgnlP_KS-2R)-!
zXrnglHa1we*AFywd@^8Nr1g{f
zsB~XdoY)eWe^?W=a#RFHBBTW2%fBV?K>p28Djna9yLdW!{YfCJ7mW+E!l5voq<9Bz
zRW}zK$3Fx!(pskSNQF#de3fT7d&@Wv6|v#%jF?_hW4r08uY{;2*-1f#XL;^0HBUo3
zMA<>-`m61twOX7K(!s#t2_mpi6su#6)rv(vRgmsro{1t`VqBT6)CisjGbN+V7<8F<
z5^0Amm=Yc9$PubR6Eo95Dnhh9+P*RkE>%_^1@W>m-%3H;61yACx-tp+o}G
z!%|aK?oihfv0owZl^Gl!8tv2iz-J~XXr@aP6#!9I7w~rpSFd=Epd~5>GFcl9ujIr(
z&E_I_Zvu@aTYFa!Szoa
zD0#!tMpsk8YwKFr5*CIqdqLlwB7c%qo}%O$N;oe`fqA4IK0j3sN(UxM5{13HHe(nj
zyS=?vvd9NuGN3AFVC}_~I{&RJftx{~A@c{Q@p*r_d+Ciqs*gmbOc7@@Y!1Qq9jKF`
zF2BS9O^9w-8LTQ~zCQlhUVW)v$VCxP9b7!c~yezV1
z%+kr;*h(L!qvCF}oX857I9sKP8*;(JdtjJzkiFJLvn5QNOj<8F(dES=Py>;-en)V~{;2J#~}%UxJE_+Mf!p*pE*A
zHaO(6mU5yaD)pS06DuFAq2~p7rmMDvd5r2Vv?7_esS?^HKu@l_EH$q`i;xHQZ~97g
zg!iY4e>gJ&%SIcA!BZ>g;66?47u#xJwwO9|@04QV5(zgg!ms3n)OAmIae-BLR~Q#x
zPsJk(WexEbk?JUwrqaZt+gTiNJbg!JJC;#(s~5z8z+88suf81YP`GK8dZnaqBR_BH
z6d{(Rd1LpU?~qADhFW0Lv%{MzYqFjyygFV+pMHHhc$Vx`L2ND`&^@axM!{yqU#o62
z2i?|GG0d>X`&%`gN_-DTRnkQ8MOdYkebl@VWn89SQi1jC!K|m^*br9%PU#!Gu{gHG
zk>YqTl}pfYIUWocCYAVB0G9qKu+sX3HqtI3d!}52zt(2_;%*n`94uZf-+&ugxH}Hh
z6rUiz?$jYZN9;~w>#7MzhK7-_E&|Z@c8YzI|A_F6yE{cnkYgePRq1k1No!`^9R#!8
znkX9NWY$z>c?jpHKic8wptOIeZVs;%*YM5ny7wT{;4tw&DrICbU6qb@izZ^ch9U@;
zQ34$*BY7)x6U>%m1Kh+-s)D2(sNcZQY;(yr&Wg!D8R?royuU=MMeW1lf-_0G8*?c$
zDltRTNg9f>fNXlDh%bu)FRn1&P>mjl^jz7+0_getaMr!cW$U<6rXWi$rYQ;8)eB!P
zgf%4Zi|7V5#YjH7wBDuD8+$R0aI-quB{%_
zUG1rIS``IcyHvq8ltlv!_rd2S(@6hXT}UAQ8q9F+0$gnUzSL@PyHLQyTHLHy4v)9o
zjQ7OWq?+TjksMztnNUA$o)pFiEK@S8B!{z>fp=q}62E9}Gp#`yg&C45tf>6WO$Xsp
z4%lOWE2e(jSIze$g_#**9#?d87T?Iq=6uJ8CWXn2%jQcsoryzIXD3kncGe)tGUJ@q
zlHwxm@_?xWYuC1h6G%oY7|ol?GQ?8OTu&iSOr9OS!@cfSw}W8MSCAgOCF1S6*;XFR#R%7jLfNpUj8OOIR;
zh%OTY(@vt~;KWa&sg$XG0X{&W6Bi@!1F9(K56d1$f~gr5^JPdd4b)^mGG`=VinKgt
z0!;)gzz`zcqWXEYm;ua)lbcnFkKxEziN1=aqsq+O_N4<28?1uiT@^QFZRazgP1sd!?++S=(BLJt_(>M~&
zo-S;-CNhD<4)Hy#+8Lm^wD(16@aw}czA6bbWsD}Kak%a6I|^+#XFqw^ln-}^E1N~^
zZMfI(t!KshhoeNu)-?Nro(VG(RZ-LgLtGAf(Ek0Xt;n|C=x?&a)MIbaccfiG=2A`>
zVLP_7kq+=6wzA&uj{CWYUWl}-;+^ZPgW32)N%KD_m14z2&;b-sW#AE!XR#u)`BkOU
z4h|(Mb|j2SngiCBMe7t7wwUogZWI9zqO&R$H1mm@9G=44ZALe-HL<0otBqV3%m=na
zJb(oy9*XMZFsE|vqPz)(pPFtB(v209c3dDjIoXy2id3zi9BKKaBP?{z!Y-6K+$Gz5
zk&^!{@_ucwIU!8=9yqv9QQ2Q$prn#yE;U27nX^s>_3>Sasxs&<5#oW{N3DSRD=nTp
z-wq%j3UIZESEPo8Yv2VKOTpV4U2gI9Lj4F#%|#TYNOV*v-E6EdqF@^JZRcPB6(lCs
zXOWMuf-qJkAo;PDx^yq?-=&@xj`3sgH+9=c)Ut!fC`x
zouyUEP72U)&EcaXr1IMjXH%FIk{--
zoaZpBQ&M>+nd(JUT>-V{Q?b-n;s
zz>cA+DV*;}oKaOYFk__o6JzFDoe2QB%%&=4+sc#xrp}6+XbI%~-K=~u|5G8*>_kP?
zJyjko4$0Mpb0VPR5wYL#s!+=TOQUf7y{Cs42fg-agnw@#VcT2!qO8Cc6FS%B}qz`NI-$QKp8^&8|X>TO$k^+C8m%J}9Fx|6^Mj{4ZBk
zg3rMbYB|+iMW7iVIYea>hmkUNonxbmW8|?B;m{>-&H_{`e&BrrrOc46=X&OzH-qsi
zh5nG*o2%KiyLK}FG!>y;xi^C
zYG_L%)`xk5aIF`KmQ4G_Mkh8+8i+)q!2@_uBGHV&pp>X+cLC~Wc|!bWoxbZ(@|(7u
z=_OOlpW`jS>5C3a$C;)YpK!}V|X?#5G57^@Fu9=$nwY^uujhsCt_udx6_`l-%&B;EHr!a;GiQIkRY$x{0=1?~1K4|T|
zLadLa07W@i++dp?H7K%;zo6DJyTm06Py~zrd=?p=XLl-r{0k9lfo|X49bI@7EJH07
z!2&uq&xcOpFbzl7pevc0INSQEbLry5t+?Je>zx+u&4R9%&5C}fv1<$iM75f_1wyR_W)m$J9B53
zhYLHD!D163Gi*VR@m-T*IqEPlC)44_K*9MRnkfJb(Zj_lN*!O_3p*-awSJg
zqZy7X9SVe(N$2_gB6AB~$fP)}dNzCot$$C$?CYpltsn`xG`DibBf4e2ej5QID|&(s
zuwKaRqiMYd>+9T6z_l3oYH2YbEZErgl!P7xAPvUHMx*YvyHM(Ea9Zj)T*uY(8hHd9
zr-e|vswx$SGKvGd(?gX71dY-$CC~ZlpiiD6gi!Vd;BkZ1f%Q2*m}N0}bxRuYnlKcG
z;U?(imXqs(VTk{`>Xk4rS}{8!CLG&s4nfLrgmo;{>Hg-$3EAFw>bcxk5Ehb@jipqp
zMM0Kg5K$cSweH3`B+?dy%Y}7{MB414U($*~*^QYXftgt_2+qG3+DRQ-X47GGMrYF&
zM2lJOPp+tVl`|Zvz>w3I_=Mkjt8e)=>KXzqYdqYZETHnp@>ah$=&qlnX3}Gx`02co
zn>je$vA*z~Nx)@r?L4-%m%N0%z1AHcUmL8i@Vn7NCRM3ci{&^WJ8Xds#>^i#`^+oB
zGml3sz)Y2J%`sbx5&=!cJI|bEwV=^-;zSn1m*bj4jB5%ofw~b0YNpejW3^#avnYdn
zM5zm>n(viq?c0I~heCtomB>5l$Y6TF2v*)96
zS@TrMwCDBoK3Js
z+k5l1o1b~hc+{g0xfvFJ)ZtS-vX)ra5p(dW$LYJ~%my=kV=tR+$K3g=uF%T#%%AnH5tS*
zjJq>f?S{u^8!x#Rl)bU??F`JZY8ymn)pxq#x?y
zMqcE^G=FoN%+&Sjb4
zUtaf0tu(i3fuo#2kVNQ0ucmC*m3_inN#mJ`(K)zAqP-B`KfWw(7v)=KH5@&v${X{o
za^u_MN-f`pCb23C&N48X&H~at+>yWr$1BYNc&U?2PW~jPeTjtzBboGA`kyNcy$r$<
zFt5lUYD4ERU##*<$ZVS2i(zCa#n4w8MbL0pfPJi-n}}K>lqwgB#X(jQDSJ-SD6XSy
z_nMtGKcc;z3)p_9b|vi?TSj;oPDS7fb;!5R
z0Tz)7PacVHICj@*^HU7iQGt~~;ci4#q6A=`FDMkaaMy4=5$;s0V3yoZc{|E3Bv3W#~(tVI)wWds6=Ld&v@)_It)={EcG=Hd-S>7%X;2=*!%*O
ztrtU!qPcs6F(nevrZ4_tZC2)*`vRoemEArYN^pQG|4j1sbSuIVaDJOubUD`Hq@v*s
znBcs$--~0IZBchU9G8fu^+kJ1*3{o#bXU=sTovNkB$&9L#1We2KABiXsUHIdHjoIHu0v2WM$$u_fTIlwA{VllXISNV8P`ABbcTGc!v~f4IpUfySA7<3gNk{qqSce-V2+R8y7J{
zbm)k%zlQf@Z37QS&Qgh8J~jW0gGTt;5AtE?Bni;88%-9Nj<_BBJhyD{Z_L
zG($gUusPc(d-;5Po}e4h>$bM~BXq%H)VuaR%g!-ROr(4V
zQsfhh?+e4>dUt(mt-Ii}iL(>S*qC`b6;(|>Yu#;R_|~_PS7do|B;!-(JUlkX+ng;p
z-I`18^!ddo4bR~zBW8D?MxllWy}?XjhJ-BvI~ffwu1)UhjxG+w=#!VkZgJ*^S)eoh
zoWVV_@HJM}Xro~JMf_808I(hrH|^O$)QhVoZGi%QGKd3iAgUz9W|l{1Uc`GG(8}HM
zMeY!n;-a6#__K_fS>BYi#BlFOwM1U$q};`l@0$6d28!>?T##T*fI+nDrbcVxjaXNA
zff~wvYgp2}7-B-pc8|eh$Z=|B^810b)nnUycpazD@gzHa*nI)7Z6pyn&IbSE^V`_#
zThz=ve%41WB<~{QGVVS7Si2rdhGY^ZzpxF$z3~bMvRDJ44HrA`;eyFhPrTPpjDu|!naDBLG
zVIFuh;Jt$t!8Fk7omD~ED-k`~eBgn>X!^Zz^<0pr2i=N}M67)o4dgCuj}h2JnGTFX
zQ3cUbz%oeGOTqYc5i3kJvp5A0V$RbAFU6VyTB@(R|HavN5lTFG0fIc06gx&~BeY3m
z=_C>y8U>}W`2l-*!_wU62@4~qlGwG(r3_u7_>3#v(MmN3?QNK5lrFh@d!s)Z^iGp!
z$USpXFq&^axhcV}n~4oX;J896b#P(q<4PQk_muim=9BNTvj9buT1sYXot(GO%aU!5
zoUAK}QYzQ%kj8>7*;!{D1C=7Ix7k{M9cV?A@k(P6@nCcQCSC@W7|2mPP)0XfJWV2W
zA__lDjn~iSEW!)tl1zYYloz&B{Sm@Ht(j$=Z#sQIo#uR+OylN&0yr?K8?P0M+#Sz=
zvj76uZZhZwOW?pfO6qTN*5h%06|g+cZk#15fS|`#ov;Ayl28(i<{aiwayZs?;a-v9
z3qw)q=^(j@EA(G$lAatE&AU^p=ACtYgm8{Ef&y4f+_Q%H2%~N_)u--MX#|A`hL}c;
z^TMGD#H?p3nqdA9UxkmmeJ*5-xfQ>_%T0=3z${SSDSpAFvY)u7Of)cF>Y-y|1X*A@
z;v33-bp?L1XzWo9`(b($i~U&>i+f!fzOT=cUb)g&S6AJNG}`N_{&p#S?p
zrH^~1jPF#+AA0}u!+PEOl-hNJ#PuK4>%QWrezd!o7<$F(3`YNU2^Q^p0uABUh(6=f5
zd!^y^+j{-wir2sE59GdA-YN8@N^gCajKlk1e6Rfdr$uUmM(+|RDNGjaWw
z>UCF@+I54(^*{Czx$oPQ{;tyBQyR|agFhzMKl-nQzF6r?l)gjhkNu5&9)5q%$K~(u
zFsj#oLTPyY{r^&~A1l2>?>kD||BZhu*Ps2Q&~H`xYNg@*U-7@>y3hYtp$}I2#Y>
zeS^~Q`@f~%|JP5;_sg!oO|N@}(sjM>^AqE9?l^2GT4FTG6O^B*53pBsJP!)0vr;W{>YmyYjNdPV6~rN11|Ki9F*`+lX|
z|9(mjC_Sk3sY;)w^m_yP!#XzlvpW7crN6KA50rjV>8F%_@mI<3KSb#vrH7S%qtb6u
z`t3^ZRr+qFf24GIkKFIP($D>B8Q)*&W0c;gbV=zcr30mxls-@C^OgQ*rLR%?drIG~
z^e+Q?@DcL+MxU(XrzriafIi@na{U99z9OKX*0Iqqdz4&n^pK7ZE8Pm{r*v%e>%K<5
ze^lw~0{S5xe^}{rZjkGZzEa0V-=pLAD*fEAmFtb})A4?#KN8T_>e%SLkCyKn{ZSpi
zLh0gT0sS93{&S_DbCcZf
zK1!db^!ZAETj|@B{)N(yDShPQe%SQEpk7j107#d`rLqiNXJG$spC&6eb8RH-xn&qMd@Cp|0$sF(D6H!{%@rV
zExFHw1KQK^iqcmF^tW~VHl+_;l>0nP>2m}6MjijE(!W;vH%dPf&@=nwerJ`wOX(jf
zea(LP-01ss{C=fJ4#?+5@6_>WrQaFQH|yBwA0L$O8$GLX%;*oP{4)BWBXa#0D%}d`
zTXbyn<2wF?(#PK_-@i@iH!FRH(qB^gdZl~5POdll^*TPM^t+WlTj>u4^y51Igwl&g
z<$h~QZ-2aujeduYpQZGNZj;ZAKKKbTHu^M`*GAv1<3CdR$YXN7(Ip+9Qu<>`e_ZKD
zlzvp{-`+0Y|2w5mJT7CS9UXs*(xK8VrQf0SSxWy>>0c>bI3f2l`d}R!eWH$yp3(7H
zrO#9Pe5K#gmirm~P91-j(mx95{ZGpEMsLuu(Gxm0`V<`-{T>}ZN9ijA`Y$^Ew9+$A
zlHWV4bf|Po>8}R#<~!tiqtDi{(Vx=sE0uoRDY@S0+jMO7);r~Mqj#N_vC*-PjsB>P
zU!io*U2?tA*XY>jn{;gSVRy^*Mqi@imn!|0fIjq$Ua$02Kz~ffKd$tB0sU(o|BccY
zot66;z3%Jz4fW`xzX3^_;pI(8_*+9)9aP41@zZ-{AQ*96wn8JgM9yiN`Ee(
zk9@j({wSpfzfs0UPwCj`$G=HF|Af-d1oUCwET0>_S;t1(&ydegDt)2S7b*R@fWBGB
zM*mR9M*q8xjsBC4jsAy@{NCp&T?*(}$3}lz$FEZQrhs1i7P;RumA*ZopVG0>FX+nk
zM!!zSN0mN3px1P4^kq7JxzaZT^nE&hztV^H^<$gv#sAHoKS(DF=?$fc+zK)Gv)3MQ?
z(ebO5{+iM^DgB~>+~4RUb!_xobZqpNOLD!@m+RQ*YjkY%o$GSF(SOsi(VI8qbECaY
z85{k8j*b3{jz6vR@KCNd`Xn9Sq4duJy1pgX8-1mYjsB*NjsBC4jXvNW`M%LZIyU;_
zIyU-?IyU;=v3%d?eI_zCdQitkFK^4|Mn9@!qX%~6^MgvC6VP|+*yyKqZ1mPE@_nNd
z9UFa)j*Y%t$438D#~)PsC0FHsM$hTk=rtW1{b?P)O6j`;`bixd{rqckf1{7pvC(5X
zHu}Rl{t=~bRQjt*|5rd?{7kvO(T9DjjE&x{W24`qW24`#<7X@V0i{2v^w*TWN$Kwg
z^j~!RX{8VUHu?RpRQfojH!FQ|K)*xBMt?xZKdAKm0ln|H%l+@C^rnD*zm8w5^vwbN
zppK3HhkNCIM!!+VMt@evKd1EX1N!CPA>TLpGdg~?(q9hfU+DN_N+0kn`Thfye!0@G
zP7sepfA(0(XaU~x&8*FcLekqIySncW24`tW25iX
zvC%)%vC+@|Zuvc?-$41|zW229FzFx2NP(YV-Z1nXyHu`BD8-2hFe%Q&$Cs48MCnVF{zO23NykRttz)B~)bXd39{hg!eWQ2l*yx6ijlMv~M*mdD
zMj!iPx!+AnM*)4dj*Y%i$41|!W25(ZiQLcVjXE}ZyN-=^b!>F3W23LuvC%i{*yum#
z*yxwPRDS;}l-?B3r|a10%XIv5rLPI-n{;gSojNx9F&!KIjE;?d;Sb337`<1=M*l{~
zM$i19TyONZb!_y}|F?W@^c6Zb`sX?}y7!0VdZV}N*yt4<8-1aUjlNaKMn9lqqmO@?
z+~4Rg>G<_Z|4HdTEB%_6%k`mu?aU9$-~W@+%^#8R&nOMAfBH}B=Sm;;DjDCcG`#-M
z8|Cw7EB!mAH~gynJ-q&Veog-V)Hexz!LJK_htlx+FVVkWQu=pF_q;iN|2OI1AMhLU
z`H%iLq3=~1-v4I3?pu}Gbq{(={Qj@i>;6rtU3W*~`j-Cgy-Mx6XC|&+c&q>}nUt
zn=*drZ^fTyq}Tn1QoHVa;`)Ek>z=6hwd-D(xPC{k`%R^G-ESnWU;b@*&L3C$jks1h|6Be0t?!V}&nbPj((w7e`JHmzYm~lK
z=|3tBumAQxmh0cH^b6i2<0mQ&um2JK`^S|YdY@dsr8K<$CGVBb|5@ov^tzu-T>p^w
z%k^EQkNAL$zfoy;|9{ZGKk-lHx}nmaP#RwUY5n_?J}B3p`jF7?RvKRa5&iqkAC~LB
zS?TvH4X>{rmL#n<`%a(7%`at|>k9k1~F)
z((wL&{8{(qKRy4mh5nS%*D4LK|FO@J>u$P_UVmSqZ&4av|8c$UWx;j#y`Ow9y#5B2
zvu8g~J~w)gj?3av?7DB&>y5rz$41|y(HSNgR|AFcFBO7BoQ3g}C8{8FX&d63-C=sq2X@gn>6@5@ThD;+DH
zD1Ajhe^wYqzzp3Nj
zQu?WYKJ1I+`HbGKW20+2Hu^jrTO5nUt=QlHqkeAmArF@O8@)ltMt@kxKce(KO5dyW
zpOpTy(tTen_uH@ZHv;-@9UDFM5V_vyH|f~udvyF>rT-YvhyP#leWNFJY;>Yyqc7F5
z(bwtN=(~0NM@l~v(69Ou`Mo_#pP=-KN(V|WDgA+f{MN-gds74Pz9z3w4jF5fqLO2vRr393DE+TW-=Oph_Q>Z(@7A%=k&cai
zuZ}Hl$l`>ITD;K036ZB3w_w!b7M`p3c}+lnPseXp`X@?1p!6@5{*}_@ua@UOuk=zt
zKcHiypVG0>`#nOwZ*-vJOG=*=(7)5M(Va)i_l>?($3{P@W25(Zlw5DLt>cqQKkIAc
z^Uqd#E}$zqHu~*1$o2OsJ^!^bHv0QI{sX0dAJDIQv|PVO>8XIe_%ZUi(bwwubxJ>~
z)Ydf>k7C#Tqh4?HD{qwh8-2cxjlNFDM&GC7FkbHc`u7JtR_zV(n&zSTgT5<`s+&H
ztn?29`WYP?{lZ)1_l*9$j*Y%c$3{P**ZrAZZ}gKoHhSL!@_R-fs^f<#{f2=4
zXC1#r=^qF5<2wF?()%5h`y2gv9UJ|Oj*Z@ZNUk^fTRJwn=dgTk^fnzE{U#k7{fb-V
zdZRados5kh)v?ik(ebC1o;)ho8~x-HWNh^IC;orjeFvOX#TEBMP_YCnSP(@)G#1>q
zu&~%dd&tt+T@_1wEV~a_*v9VC>;-#6WA7q1M8%GpXe=?tipHq18yl9WvBwzw&YAQ7
z-*@l4`?jI^zTfwLiNpQxxo751IdkUBnKSmxbhlyl%ybN%nO=kErATl0(%10J^iw=D
zO$;~wOgF_d({u2AF4C)!vR}|2WeM=RymZ?U#-C{co|ztoXQt=jnd$9#X8Hl1eg7Te
zeMee;Oq=n{bmo5ccc%04%=AV)GyN-`UqJefmv$d*{Fwd*&rB!dndw=0X8H!6nQmTU
z{FwH^b6=!A$JyVR?v7`sv+&IHoQX!y^cp-bMf#DKrY9NwRHVltJsxS}WcxeQ2k^{v
zvr_x}=19kS=~6s1y&KO=yOr7dOpEdC`w#j43ZxqYdZuUM`7ET5d+FDB{s!rK<(B{Y
zNPBzf+56ky7bCsSOCQBE(^v4!^gBE=?QwwdW4be*nNGtq(+lx@5z=K|T5+K9n}&3m
zm##a-{@xYo0HgzvzTu_2A7u3Xk=A+X28Y<+H$+;F)c02*J_~#&rGM|ndt*~X1W^B
zOgEZp{Fsi#^EjkUUV0LqnLdGMrXS<^6Qr+I7=NZaPqSyHHF#!v4W60)fM=%ND(!uy
z)A7u7F`k*eh-aodRN4DXN8_34v3U0V?}*=mzcYOo&rAz4#-C{h&(o2finKNVqt^T_
zP6MCIy!0_VGyM+FOb?xI%8>7I^)lD(|UVmIt|ZEpTaZKVGTylv<%PXNRRf?k~v1tbSa*huEI0Zukg%ty+(VV
z>0~@Jy${b!pTaZKO`Gt2NEaeK9O*?~`ZS)IevIc&kalS{eoTAdndupLW}2F7^h^)L
z^Aw~@z4T!`GyNFPpCB!qXZ)Cs!86m-@XYj8JTu*LzP-2fdK_Hg?<)4lP`bON54K89zeui}~Mu16R@
zrZe%(^jbVKy${b!U&b@jAMwnz=1Aku^f){pkMvtF?S7Qe_dvRDNeiJl&ps`o5`Bw{r$!(EWI6chhAmRKK)go
zzZ~?hfj*Uoe&frHPci7%0bS2L^j)tu`bU>o`WK{UTw~8qBHd-FJ^SU`*?Ye=`YS=d
z7xJk=dLB}r|D5YA-v^PthV*r$KK;;JjeflqmY#iwrEeki>FYrE_3cLYBj|3p)1H0$
zk3jz+=ywL)IeF+0zRmb70(~jyX5^tSzsuX)zo6Gq4PTcf`g^v6DF@7;#<
zRir-u6_EQsy=U~T`7gBQk3c@%-#30tcf~W)eele*4$n-l#Pd~1Uqbpa(tSTL{!BA?
zW_k{u&qexIq%R=tyxQJx%^!kvn}MF`csx%)T9357{tFFw?;NDNY;WtY5~O30RwJE-
z^i-s$A-xglhe#Pm!}mv^UjXA-FyE!fzqS2i-@f77Ps!(9@MGHbL#uD5z3}YsUvCTi
zBrkmo&whLce?N+JpMk!;``e%6z50)=yi9M!^9rPYLi!leoj*2ursMEDs=MLzL-@Jl
zT`*2XTjNu(T=P&qrf=f;Eu=ppZSVeaYx|MD{mi$AwYJ~Ma_#?#)$0LBZ}HMk@yxXJ
zpGM!>{^pwQXEL9&k>6sZi$1sfnO=+M>yWNQ`hPqAL3`sDu-u=b{7g6emwhkOUGU6w
zZ#*-djprJqry=$C7ybPtf4_1CfxzEIu`%27b
z74l=6`oikNw-@{N;nwWI|G%AI|6iX^ABA?vcQIDT_>94-D@xgRgJToo9b8GhYHMK|ozjmH;48FS>=`5s+ymSeknf?*a
zOy9us&uyRmrO)@V-2X)Rnf`=lroFzh{=;-HJX0=HPxbAiYkHoI`HV+?Ow)Mw_YZyh
zWNYWk{PST`!S`#V-yq%bYx{nGeb?%9=R~K(4Qu6+bxy36csv&GocKHz?~+*DKaS7Z
ziQ+%S;p-%>n~}??b7I{@adRBrHL>N~IDEatDaXd)>r1A&K{GoiHc0f2#Wze$8XHId
ztHk11yjx<$1#$EnC3cQ!jLwOTr9A88R7B^*CW)!N;_yuqi$}!an&j>ET3+>naHdnW!Ei*J)tb_F^odgZ~l
z&4X{32k)H+-#!n%Lk`|akS>XT{p9~)Ljl%GEO_BDWoD1y?>(Jw6K^eQtlaNbtDw-{9!8{ge4V0=yIYE%BFuujS$I39jW~
zkk(x>EZ343J4yfV0(vuXBoe;{-qpkRa(K_gqv$83A1}D_|IH;f?oyJU{_27M?ncAE
zH8^n=@T=B04u?QS>gz4lL%{|%zT|cHV?882ob^!X;s2Ev^?Qc`myzRs-K0JgKNfgb
z;JXQ~-^Ig4Ujv^EyeAItK8*q$1AO%*_Fa{rUj}^arH1ze{v_~w*0%~60{lbZp97x)
zd|jy@Ezjr;jD8>BI|4ru_`$$O0RI+;xTXU?1o)evC;!ud58lxDiv)2$ZN8S;rJ+ZB
zyUg)$wo9Xj--~={^z4ItHP*L&?_XgIy&U*Az#ERSauxz-e{KeU_RlTlAIfJ5=ylxc
zZz%B9z#9xs%mQ9@y79jU_=&)Ko?-ZjmL!$|f8tyN(!k#VKK)_?x96*n8c
z1#o>&@w$f%|IVs4aV_v0Up4$d`F{Orw~K3+&E>sLiA@tVG4oLz{SGdl-1)A^@yVSp
zh67&#Il%F9nBZ$Aa_8A9hv&}wvmBq?d94ZjS9DZ;HUeibvtrMI{g+DzkRQwQ
z1n3!TjWcD>^^8A*gzXPLhXQACD37-eNKaTm8@nJCC
z8sNtR=b=Q_|Kq?JM0Yai*As<9%frKvy8u5JID<*d1O7B{I!UnqY`T&0VQ|R<$OkwN
zEo=|`4&V$1I|}vxo#5Iompo|w=UL!$H#YtZiqoBZfHSBozjvKYjGl)F*xwcjuKdsF
zWc-=$$G~s7-rAS**SgXuN?&lJ;U^*Aoq-?yo(a6OAScTO*ZO48Q`W=9z!{8#{oyX)
zG*T9Vf3MAq4-duiyQT}S`0O#Q(%8hTpXXQ=CXC~--_Ax#*da^tx0B2BI
zsTTKp1~{Eq$^XB=d3g62&=>bL{yc0Z;@AC-0?uG(vw`0uxYonY%dOuo1-`+K#)r
    • fac0hW95L6tN!|Df{XjoZ5K@(8vgf;l16zPb3bgK{e
zVWEJ}ug&^@0Hv~=)PMYL9|buDK*s1JBUBF@Szu%&%ZnNH7Qa2sK-QwC2r1xVDhQ*F
zs=TaTcN%^6WoIBM0>aN<;3FqkZx2Z3Sm$Ck$NBiO}au$Utj(+rjvgA
zutSjqaaL>Wr#5$W`y8_#%n5ZxIQ*80#1D)Xo-DEYdlIUQv2(T-cL@-Lxa5j1YrzrYyuvfh?G>#&r
zMvc@x{}bwA3h`K$pV0%z2v?qD#x<(g$){|@>pD08aVgj~N;>I~5OHab+_{S%mm|u^
z=~)c`)IfjRQo{IqsHvD5yE<9Ac>IUbLK4OS_jSY}^H)>_kko{C0TC1e@O*cm#j3W#
zOC@xqZ!AC8N+W5hKp&NReD5yVrloG|KQOF&$b1>|V`s5HXQ%>lfQJJv72z(VhkMwv
zl^i-@f;=C9f-%n-6^&|{`4p8?p@8m>NO|e)DEh>s)P=>&flMg3aiH+F>Ie-Ou5T7@
zpx!I?Jr>?_g6pZUEmcN^wC&s(65%-OGwj1`Dzni80-+oG9o)x0${?tP2al
zKT3%{y_1np*?H`>OeBjBghd<<1ajr&@;<*N>ZNw#AG97mW}+vw?{5y*2^<%FQjhj{
za*G~~A4F5li%bCNL}<76rmAj3U6c_A;{S0y<6(;GwFBs~@VC1BMdIxIXD;_2I{e#V
z{JaM6m%}iC9G~bO9wr1*F3n9!ds}&)o1BuN(>u{UHr%bPn4FuXrE`*~nRt*sG)!2y
z88pB<1oT$XdYn=mod2EE{^QC@e>-Y0kYtyiCDdPyhIM}z2Pns16<}fhIOMz#v3MK+
zj$OZXF#ki|@aG}_dCQ8EQUF{NLWXoLEnh>2(Ccv4;CXID#_P=622D3h!v-dyr4aTe
z=CRT}(#cB__GA-;V7?U->P>t*d43DPi
zA>$iK)vovHqv6i#fG_4w0OG>8{Z}IO6hbHKCg%)?NYE2@(
zdzl-kk;SgnyrWokP@S)aEuA!1juq_N10iZbJ|&qbnr3=*p|rW*9Yz_(y9*#7KpwW?
z;h`YY46#CDt`;XG&==qAK*As@t{Lk!z-<%q-ddC8y{Wrc36eu);f6Yj55YB%TD^+i
zN7fOfCx3(AlDxruB^-#6@D{l}T1V;vTE0La${NLY~eF
zcZPUwYhIxzTeAR#?=jAbX(ZJW09MZ5g7p_{m5PO-lj+Y&RqEp4=|72U8`1p*v;S74
zg8o;L>ci{~paa&7T^yVo9332B8sC4~JgYa0%y)SG7Gl4!qd%Hy{)w#EKkx5FmevGH
z+7(N!(=l;!7rvazW4g>GzZjqn<)$3N;kCp;ha>9NIQ8uaS
zV{D!OXe_ceGemC2NO+i&uBy+Ak`A!2dv
zQ)kt%PFg?5?@(&W;J_}arJ8SL2=T#849U4v+X{-k6~aI;t#Ju{C1x~Ad)2bhf_Ysk
zChc37R>YZ~Po3l-SsY-fUoDYBu5PtKBn;khS@xKj@dOXEzdJfZ%I>EBs%ybgKcv$Umh1cMJhE(uMrQ
zI6rO8690QA-O2l`03A}b{~!D3+WmqRaskFZ|67Cq#h9hPH=1{-$=Tzmq4G`UAS}ym
zk$z!yJPl5*id_v{ZpO4w&XX64F+nEHlq{y@ZloAt{ko8iCDI%Cf=DY!C<>No(`u+D
z`o3|?dWucJU%wk3QJHAv){NOvq-`MT_KfGY(`%ybHrD$k_xucqatkdq!g|n4yw4#c
z1Z~J7^V~h_OYd^doN^DQcuU1urm)+Q61{X6|tsXB`k<2=8Ai?%U6;n
zs*`jGn~0&v@r+}H9@eR&@s+&dk0&|9_ww#ZL_K0o**bd>5-Vj~p{Lkz^1OK)7b0Nq
z>{@dc)$>nx?ZQ_)I-IH{>tN#i(eGf$8PmIwiVnppXAHu1sAgzJbhKU@8WhP}WmFF3
zUCH@NkJf8+u!UY;2u0yN1kPJ($MD5B5rd+HUm{bvPJw>Z#PBHc9H{4Nx2g9ePjEDg
z)07P}q#Ry7!;a8p;Wtx4TN-SAt$WPrlKQ1KEkN=KR^N>B&D;%e
zY441q{TLjR+WK+W7I-AG;bB?Bw0Ei0!kgk5My=6MW2`T!ueV`DYK<26jH+}wvVpKF
zJ;jZm6>Nw#!n4Two%*6etyZ!8HV1!a8+&Mi=iSA_;u073Pg7
z6+O*QLGNsWY#D8sRd8pTL~OE@bU#)`CHD>ti`<7k;6u;
zkjgbA&drCG9ygNOL;F%;A@$ir?i)772#r2nV%TRK&O?Hs>IcKFqPur~ifm#kU4hiL
zB9S($vnKCFrPkI~BhKbGbfrK5740LjX@`)-1i(Jz+JRvKf-w(gz~xc
z;kOzhtOnpue8L6cad}}6bqpKaqaRo=mDv6mv}O*l!}_4+?pCUPnA*d;k6%MUUM)8NT_=_(GiP@gfW559H*FD
zd1?X#R_r~~i{Zv+86(mCe(N{0=lz!uKKy>6>sHd$TR%8#3qc572*7(D>)(zGLfDXr{5qXrXpkd=elRp_;D*h*)(L5jlJfwbSZ@pwKb}o)*G0FzQ`ch
zKeKXhL>0MLlsw5uZ#)FyQy8)YlANRaM92Cj{@MDW11Mt;k6~J^{$P6KlkkNyS?g8l
z^?{5keE6p>o2TfJ3IaRjo(7O8M$ZY+K$`rj8jL_)od%>ecf^?a;K}`ASv8*Q$y=Qh
zmqZzes^GYx4%2kga^3{3ci1!JZxGDhqn4vHqd!#7ZYspTWu~`snP**iE=NXO;Za-&
z2G3xWxsDZ2+Q>6q>25}+Z9d2|FR?#ZFTwZ>Ht{`6K>boW_8D+~q2C57!kRQNYc-&NCd;1F2Eo&>1Nz&
zcc@+65c)SzBvS|%nbEBi34{?J`?5ObJ3rKY<-a~1+OGnVPD8?6OsFbObnLVBdXMrj
z(y6`pb=IzJrk)5C+;t7kqTy+*FxhuP24#fuL(Df=lcV6T+q6I36w
zX~&O6-wNJ}2;3x*1*qn0o(Bc#L7;yFrNzUjhN=44pjAU3{}T58O;?I&+->r_^dn_G
z6XmC-U9!<0_5Q%ql6<6_3gmdV0<89Ri8e2eYUjoyi_XcN|kJAqt*u3_Hem8ynC-Bj=hRViD`mjF28~Q
zE!EdjJTltE63o`~2R)4)L*WQmqUgwvXN-(hV5<^xa}!xpj>+Z2Y@lQti=
z4@}zw%3%M|u$R%i4vh22MS_4w_~l!OG)b?;{B5ymyr
z%7mdF;L2_A^b)LW;?Jc6Ik0v}5z|H+cA`eV&
zpazAwr}j2EWk_mfqg}XABJR22&55PAkTLrXm)vr}XB-lW6f%T3hmDZr`m$QO757t3
z-CRd+T}Iik(p2)!DT_CkR`x_HwI3%=?l|@&p`oGN*4=dq_m9<^1UCBCDo`ok586U+
z;^}uL@ulQ{BRJbr6LzJz+d{T)17IP
zK?Y{4Q}G5U!5~E=R@Y!t6p8{|B?^;9-31W7G%lS^wHM9HrTy(FS~sMv@P4;^G|TRC
z%|-;YiNwA{=S&_(D+G%7@}{OL8ywAnKHS*xOLJQUJJ1b)TVWTy*sOSKuU3NLtl`
zm{voq%iM>v$Ze@EQ!}BTUK|Y|y?-1#{o;!D1K`-uzdiPUyr=!QV=FpYx*58d{&o7l
zuQ0Fv{XOm0?9Oz-SfaEKMx1}aSZ#lz>iMknf4`^w!7zw}W65R@f78Um>aR(MOEob!
zF`$yCi!d-Tm=AY@hW`v}Y@*n&da9%PS~2llDQxMN-w-@_KCdPw)QD4vQd>L7cpD~jw17={fp
zFhyD|{2nhrA=Y`_9U<89$t2-zy0pfvpc%C^3cTLwSG3RAo3{hZ43+x#K47a$FP4T#
z*anQXnE7BZ!TD~obrnhSbT!se7<{&nPXrL5-9IS(fxWqo@7Ra=?YaM>_vCNvs|fuT
z{C_`$`%Cq24Tk;;{lx#Jd@R|DALu8o#)eNd{W<#2{#WQnNdF!B&)xlUY5_t3|E&;y
z;Q#xN)x|2LnCTXln9v2p$S_G#bTn!+q7gznbC_>{
z@S!(n-wD@TT#f91Td{sPe%MCoCi@nAmeo-czRS|JF=dTEI!zEq-tHn8EU$KhVMFy8
z_LeKIC)4
zg~~r)eY(cbm>XaD!UCOH{R(EzN;_C?fiSBqySTP&7+oi*-pXXT+6}hWI=)ee+X`Lv
z%&<$Hi*Yz#C>GYqCZ67t%_(rE3-s>Q_bZ6^x~&W*0Ab3%C9!{wGBJ_gTG~%grm_ED
zhW6hm`&pQQGW);wvQQ=tJ;hOrm{@6;n*M1q0U!qgxTz&|eN$Qcmb^Q!|b4`F>XyJ7=*pGPbU0BSvkVQA76)KNv
z_5Y#l9ia2vn)l&0R%6??)7Z8eH@0mXjcq%PZ8m7w*tXr^d)jl}gZDkB|L?a}pVf5r
z$-VA9GkedqXRev)H+UqWL=)QoX3ne6c+oqiVsp|%2y-eKvo5h;c*|!KW<=W5>j*EL
zhqAHN!KD06X0MhTjWc6+s-I}%+3mb_w8k(~f@Vg#P!L_438~=24TXL+oFvW*h%3d`
zCh4=qhgfgaA|nh?kTXPbYyoK2(J8KcL#&T=k!~!d@1SurCs5X)K_DwpvGcF^b~3|s$WRq+z`3$fuH0z^QFzZ
z;2d<5S6r`F+cFyOl2qTg&l4YOYc#5iL!AU6x9jeg%5N<@Cz!jQwtuDzh)*Pv(G(S{
z_dE!f;gx$IBKOKEE1H@;XdrMqu`@shRVX@RJ4
z%MH%b@vIturnyEgKL(Q7_gwhM)MLCjuojXR#4G6%W))q#ehl`+uA|Lo;h%TZ6re(J
z@?CHyzg$E%0t+PQpnUD)Q1li#HC>hq^yOj`wxI}8yk;MmYCiYh67Dwl8m~s08)iG7~RiLdily
z3EDzNe%rP3GatfjR*Sr^D3>C?f8#~ImE9+R$+qCinYQN6gqKyu;v<<35BBMHVYh)Y
zsOLd(r^k-{mX@8a$~_rIokD{%Mq0*$!cRBOM2wAC+f7@v9lFQcPD)#yo3tSY4=~ITqgpO<88_3_S57951_Md?3osV>1r1
zT-zGTEBFM+N1M(fSxT8?Dbl#pMYVmm-$9Ehi=gKZ%Vs8#
zig{R<9LgJ~|J2dNsO0ry@4FWnB*y}l_5+UpdqVG@{Ul&%{Kj^Me<9slDri|F@*{IA
zHsHrkC3-ECD%X7jEi1dIHmjljAYL8&F{A=6P4|5_pfNyV0mZ9CR;tM++_@;m8MS!p
z1kdp(pzm6```PjH_p>>?H`eE=x<%vT&FdQ}4Dou%?(X@X}X85V!R*fVmXlW
zjTvk35Nt;)tKAl5rZU_tMP-HODSzHIXl&{DxQdK2-Ds%HhEXzz;Cc2UW1m}4g3kGJ
zzRL&}^OVsf%$WROERAjsD#IRE+^x&sE|{4OMTH$#i2qq&h<_Wz3+#@kS{;|=lRa&Qc>@%M#<_rC1M>I^U+fAK^B*zy#*Dg5(U*o2z
z=*mgeo}4WV!b)R_g>x_~u-2Ip?Toq?=3s6v{h`YvO6W_%*qm`KMF98qAoL(c>
zoW0xCqzc`_;!VG9A9W927sEGE^ic1EKdA$I_Su3e8+a;+S(UFe9#UPmSS)Bs`Th5&
zui4JtuM<9!VN~$FvGZ*7yD%mS9a0mi>B~FN=hZtwRE=K}`fYYtTh$3n>S^aRyIYTY
zNA(J_-KK|PW0d8ztcFG`D4W^n*h&~#zovBB+O;jtGaFAzmoc!8r7YAb`?2nGu^&#S
z6Y+NzHbXa8qSTcH;AZ81ohK=z+$jUC-?tn8JgsaJ<+iOz0D9^XnVrCaLt#RX+7;Cp
zeI=s*Ht^;iTiTBmZ8$=}Dh+hyk+o&nF&v?y)uFCJq%QELX@phqTe@CgTLW}UK^>)Y
zo65w%6BqTib4E4|2}|?Rjh`8#dUY8t&&0uwFyeoY}Pd$`ZRynJa9Bs8Jn
zQnhLmkDIB@t_={ScCaVVn0N4^MSYJ2lgr9};e*s;_h>W8NNKc){L-$#LE`?VeQC8O
zN;^UPj#hj;{9MSlO_xocpj)>WO=;44x5(?H8tNrvdxfjS%t{(ps0Y^^!Sz17y*v%Y
zN4ombyDJ7nk%gi2K8|8o3uxyCQBwPC8`_#0k_w^|JjIcc54OUmL&J1LpK9%z4^L@1
z^9>CWPo1vC4y1(_r=d-obC;IL97h<|C`nHa>(2a|{E(~L8<92*OPe&ZY?>)gj}m04
zlg9Mi_h>POpoEtun>8v6BoNLHXMoEMbz7OB*`PnSkO(?EK}x12b9B;rwwj;{M}M*1
z*V2OJIOogsZD-S&nfUImO!1>G%%J
z-3H|35Z|MEqyCUyU>x?S<7&Y6+Jh?zB=b0i$ybV{%}r{EO|XriXJPim>$Tfb5L5^M
zE*oPj3Ok~~%>XakxO-sCk=afNb_@kTd**EaChO^rBc
zPkfDSST(pdAxE(#QRJZGjh+3_CoGYq34&{Q_9PTRvpJ~JLLBK7&pIrXQrlutKs9Bi
zVM{euFnY~IrImoCNXRu$j-*vPRW?=JCuH@Banf9+<;Cgyx;)uqLV|XZ2u^>bT}vlF
zth6X95Ogg<+i)%$awwjRbPj!9RllPnG23a3zu$1tPTrIfGgg^a=)EQ-vTS6a-qpG4
zhJ@7SNUFQYuAFZ$;)a|Bb$mn+sa}lFQ}moYGcHC-R!RtQZLFC$C2}S%?AW0c4!I#p
z)2`o)A0g4vm#l4B+8Q5KdTq!C#!3)XKr6*LdTr23Lrrk)u_oNMAY0(37+a*K6kF&Q
z4GcgVD2yu5D*ZOxHeXwC7osic^|6RXA8TC?Di^9P%k`58XCG^Q4^9^{eXOQ9TeSJF
z^KV!Co3NI9UD%qEZ1L{3BJO<7K0aBUXGE+4ua3+^o*EwmwPKjBx1yf`yQ9PToEdRJ
z;OcR~;OcTg-BLbWYm;PoNbo!)ctDXq)aiUFVj#(aC4X@E6f3(W!Goi8c>wsrsp92<
zC*WTSmlVa@)87H#rFdY@*;Y&@wa0$DHhxd<5@w6+5pcoGKHvg|ZJhpQoYCt|x&ars
z3_~V3o}mZK6aE(HxnKnE8?WRGqIEdN7x?=o#IxXpd!F3B+M)Zr^-l~uZ@rWjvIfz4
zVR^pXZ>^J|djma*8}jn@-%qcP)ANA7P;ZUrzBw7H(w=-
zhkBZswXj8BQLeMZr%4uGAs>sT9E5MZ!(Kv}wZ3URV}Fh=RCT-u#UBv$^XN;0EG9sL
z-$YcxuUuj;mz{Rx*rA)OlAS)Pc{RVL8PRoY<*KrKq~d8b{u<;JycB%BdUn$m-Hvq)
zp01n1F7BPrmi@{`o-U96!;PKXI)8D>g>
z_%4dEFm{}N3LGT3$zJwu(LTs03Eoimjk6FFq>2}~46RuuWo2bGwb1cWqlNEyJ(ci4
ziZ8SA+1K7bfCM7Vj`#y0i$DI$0j2+Zxd#9VIbBn`-|sVuOA6C+$XehM&?K6D<}|7(
zrqGyg`=N*AD76PlVGQ3tW@j)PNYG20r83Tnc8VD*89599Zu!`A;=sr>{lWHjvpnt<
z^|iHEM|XEwZ+2~U@Eh_@%vyG>N|XhwnhRA`voLQQ#~g^@f&4E4L;qUyJIGJbThRE6
z_=qz+mF9;EK>N(d5|Zb!0-#bNr7;d6YH+uw5Mz-OY-ki+*zcr71c11|$2el_BSL(S
z7(@&N6)9j`TsMZbGLDMU6%aRYR*~
zw{jQbvOzaFo|QsE_0|-K$WnRX+pup~mx((XWfDwPH!8X$@sb%;ldqcEWcuq#8=u(6
zHkOMC(QfJG*ilg5jtG5K?y=j;RAnNLc-w}1^x^j{MmsEXGhvC<6l}h}<)&EU<~z9?
zU@`mM_(}{T2oScngdsW5x)94TamQPyq|1WXmObr#5=f^+r`A2deg4w-$Y^9TU%AGy
zi8fn>phw|7oQgW|Z{HDRJs-O-Cx~F@p>Ns8Pz_^!46HAxCiW&XO5fWg2Q{NBp?%HI
znZczk^1^?iocJp1W>fj>i2KD7q68DIWyEga$
z>B-23=DZd5CS;A%t?9Z9_hPHhCdtcQw3X$xM7k04?An)euaM>S_RG_!uAjjdgs5(R
zR{$L5{AIP(Kj#D_tpQwHD@9>pp+9b!hSBX-0B(PP@dJ}D2m}oxIZlb@Hl&RWf?7`u
z^`som9w>&I^S(#ad0D{_@ODlvHu6)5mGLdsiHY}XhxeN{U9sfjzNF}$e6Q{r=9G#j
zF)UO{$X?gJ1aLx_sOT){`kSqrsDc|gvWU|>NXgz?WOGFIep9Dj2NdEe$(|9SHEKUCt=>(q%
z4q)MMIYD5ngAN6Ac&@q(H>c9b_wQYV#+yB1(*1w#cbw%T*&jSWo?qU=|HeK2;}-sl
z*i_^nu_(49)WtKaTzcOEZEB7YJuj97ebr&ejIFkDiCw73}
zGmB?{qwJU2i9hq{c|w&ez-%15Q7+huPtZSGxEca5jL?_kvFH^+_dBO!@~9q41}{6I
ziWl;s34)mnyg0v!t3U>rc3(Dsrrdh0mxj@tPz@E5j}D>V}|Hq2I%vEAQZ5YOP>SFeIJtl=dX>h#+#Z;?)+CA
zL=L(iqr@q=vU*Y6hCjc9jij=SdJxDTi>cX{^!e=5k4*_u`iW!q0aT;M?n{$)&+q`%
zhcUI2a&`11adTehxt*2u^cS&rD?cgZ6wv#wasV|s{WA9S&qn<>RsD8AS0pSbApMvI
zA&E~Ape5Y(ZVn{+GrCYe33Px7kOaLInhKL?@45jg3sX~jsCAC2y7~_Ayty$UMc?Cz81)E$R0HOSO)7(lx}`!E-_~Rgi=4ko1}H
zBV)nX%)dmQXyx#qd~~>gtK4Iil3%U>ZZ}gsssgFBRiF_!Py0Xl3j#afUJ-oSTLe+sFXjm+!o)WH0U}`IZD1O
z3H@Ci5aT4>S7G55RQmRW%pH;2pK$XuyXXZC?BdrkHQT?DNCHHEXx{BbFbHf`8$W$g
zsxxZQdYELNChskI^B#t>q~FKS=PhVAx+Bd|;pwWu41%nZ9>>)8%QBfAq|v`C;HKQf6DPx*>XQ)>Bz9XU;Oa
z=x<&O3t#*Dk-g;3*J_8il-Ub~~uS-Ufvw4n#sVI(Arw&@>P6Pf1sIsIH+lR9z=(Rko8~1dUhwnL=@z+YBPenE1i!
zmWPO##1qa$9_3Jz$)qXINVRdRvgDnHjfM+p4nCyLAihO6uX!(4f8
zdkz^W>nBU$fytF~j&ZIQIPNVzv@RZ4)HMyI12hiu6!-RZ!RJ*o%^PGK
z$C@RchTMNXrA>s4SK$zt-ZcY&KXfxJ@mk
z?|tAS-G)ODt}DZbd}Yv@wY=}Ibl;6MZmDOnYpOPxU(1doa7VnMkF{)IruTowU9#_}
zJ^2AK7k>a``u9lRKgV7EJs$=rS4{bztn2gtWW)ZutV0A$Udr?1yMHKCT&@nTR|TB%
zmcI;068vL$=wEYIfVVvOhqwH%j1|!T2|rJ+yx5yEO3?XEJdrC(h<+`_Jdd=L2A?t+{t_M}bO9!xBEwORr3Z1Nsn
z!of=5Ad1M)2Ljxi;++XdUNn-KF+X~-z29toFsd27)cyy8eR*m@zZJ*hqt_=73HGOw
zBeJUx!bwcB1C${Gz^FNg(z!~ARuIXrDy&nxFbOAwt9^3@tqhpD0a~0v2tDK&m2h04h-54Kcw?ZKlINw|EHdQ
zb3%biCo%vh#4RX^CJ_UNVkwLay5iSDSS%DN&Z{!@L4BG=I)r!Vb4J&uQ{w^-vUWcj
z{YBDCkI5$Ry_86MZMh{9(s3cD{nvK;Q*Nf|m;0L=P9NoRrcvDU#^qi9C5S*zboR@6
z6Pv0N=V48|cM-Y@hUm0+w-Jx0zMl(%Kze)Bj!+LXKi_%|V;fEAb)~lft;G)CJm|pQ(_#oH?#)>$-OqbPG~eGwuvZcBRT=A9fiNucbr~Fiw#V0N*agvK{)kH(W(ayTJNA?#1$emS0(fj
z8cXn+@$Szk6#}VIhV>~T)u`j%uAW)-9k8(6bw&+Hdc{*~EOY0B9@OlE^%Q0h&wYtq
zQ_-}pGI1^}>lj->g~RSR3M+JDkW#{toq^?SB@9Wim9+alMtU~Du6VKUBS8x%h(Nl>
zAhahU8b&QbFR|az!X%~-dKlL~|0eCAdaJJ{nOoFF?~N>CCT7=kz&PAGv=U88B@6>x
zNJ?%@$@c~azmY6kH>BDj`NL8mO|?(r&mTXFoTVs|ERzro_q{*u#;*?!
zu#3^loF~~gunWv&x!Lm(z4l?nzd(9CpSS)7H=V2QX$kV9BlMFVh>|W;9cN~qEhv!Eyn_#M*I%M}4=;ur&#@C6!k~n2n
zS;uNL5!yP}SVs`Th!gD^RICK9&ICp_1h)Y5EGLuR8%TZLARqI5;#wdAu?aHFhLD$#%vfd=RL-{?jE!vJmX80}ko9U*0JG
z8K(XzwLeAnX$;Cw4mn^i-gF@g4qm8Lvw0tqQd1Zi(o%ipnoy*8pXK_S`t=)bC5PpJ
z4YTBpG>-JUy$7Jre!|IXeS-Id(CM0w!l)&~9Ii+DsN4auoN5^Oe#(Mhwfb`Gn^yCy
zU>qQ8o$42k5JojiJrR-b2+7b#Mh32qnRF*FVAUKl!kHOU;ZedS-2rti5Pj|=PdSvW8nVi5)`AmY@0>3)P%>Uq-3I{*S9
z|D{0wIUD#xAb;nK82%v-!`EgwKc{B9NhGDFFmlAjx~U^!Wcf++{j&P~w{FGzO`$#C
z=zH1h*{klhAU^{8e~wsgrCMHYgrXScQmS{fZP=R%7qpG8hb2URr{8ad_<@WrR^VVC
z5%pwOwn7vgMFB^#Gh)OqyULn#kfAC-xwUcpNUFez#GtT;d6I!RqS;baEpn
zn{|U!aLW3p2Uui4S1nBR9bT5mas4iao>_>itTgfGxnV~
z-;fc*dc5I5-jrU1&8t@?Qgh1O+q?U8vgYme0(1@|i;nBLi`F(CzAYF2QXFmMfj**S
z%S74t;!d*3Z{$HAltGdW7u=mS1+!{jlJDBR?%;0x&gC4qscB%{s96pMe1#syos7zW
zM{mA0Ot_z&ZQ+Q{GX^V#0`Farn|HD)f3v7-&pVo@(?R+ucjNf_@*vFpuV3y}B0lvX
zE^6(6?XfV^jiQL%?p0+(NfoG6-zi!ZvOZt7`jNYx|bEwT|E|$14wUPc`BjeHOJs-F&#i
zFVW=SRC95s-)A>_usAxr{On0cs;``}4zO$QUwVvxvF-nu&F{!4>A)RJ6=h)jhEzj)
z(s)qZky5zA2$>Y2+k%q?-DzXK+mt4v?Xw2B2!h
zFj&C}VhL}u>bXzQ<;;Y+#lF37oC){&tNUsDUZ(q3v8$ffOwXtg(tX~DTTPX!V$*L!
zAj9e{di%TTe3P}H-^$TbgVFP>PT_}20xdq;?$ji*a?cFyue0{T(x5UM)&wTS2ELM+C+v^g-??e$rd8=)3UYfP>5SC
z+Fi3Jr8Qz(exb1&{n8x5_yy$?U^-YGU7Ey8`euNEX_`Pq&)(S87B#ytV
z=9d1@<~Ss3>2{IDa3MXrspivUrL-Ak!iUX6FA?`fYQ&{IA1yKaaLMWk0g2H5+}Rk8
z!JS&k36Ax}uR&}Ox3j0QvfgfOJS+U-eFlyf69e@F6%=Qy`11$vsd1Q}j)Zv#!#|85
zJjaHtA8i&B>(#fo2<>yvrPc#Ai#iooXxOt;aetl#CG}bpw%$^4GwM;EI
zWeGY}+1yizaj|1<*p_N8aSW4B`Y7ySB^Zy@0_yLmSFErQFYz^a6I!emf1bs6&)1#r
zL|hk=6U3JdB#)q*Fo7Yjp-+!F(GPsqtdWOqFmcnEj^2!;0?pwHCQsyb-wvExO0|7P
z$lPYc%&1L{^_zft?_3HmHmnYI#@eoiWzgig2!~#I!l>S{nL1U9TlIPl8%jkYr;vulE@CNRRA#RS|rhEl)U^j+n=4-!_l8Xvo(P;Ok|Y(;x(?-T6Pxi&d00}n
zln^^3*C-tmsuv&b1{{4Tz6(`fT!uWKaJDHYu^QUo
z`py=PK6b_Z*pbvBIfnr{-S2^4R8+6I&d8fnlL?n!Ap;Q*9bv|r-W#?j$pOb5=ynlY
zCVdY~$1Tm~kD2J;QuW0#sI9kxyC$SDZz{604facPY>B
zMCxO63MNy@8w$l3dM&?hCU+WlB&*nul;&J9r|-Q+AG@|^(ez!_t1J|Uw&STTr
z)!GFNbOr_o#RalRbgq5Q<9p{12XPDx2kn7&pWPMQGDC{Gm
zFTV9TA04W5|MmE;D&R7pDxYZ}-J87z{L
zSsl8YFoJJhYKJ(AhZ$kWYbdH7EBm%jLVi1EPoQwl13Gb^mb2No0KF!#4y0{%?9lp1
zk5Hal3RX7hmOpd*HJ*wd(A;k~v?;=wUeRUe@dC70F?-GFoB;;hYGyqywFG+0!V;~kocvL2@pzvGprQt-OFNyzDUos
zVFJT-2@+U^De;?qsd-u$9glcQ;_qMN6kDsGBnBGf+
zfaLJ%7sNsCJywuHSYwLB;4R<<-Uy>x`HUUVIhDPpRR#F!**7YbcvicRIdJh3JJ4X;
z=Z@+LVj8B56>L;YsUKTbAk*r?!KT8)>f+Ht>^0b1aDUDZ*ABmCFo_|6)!2q0T7r+V
zok~sLJf?f=_45)QVvZ{Rqok<_@cH)$E7V_*xXb^kq#W*Vzo~0u;P`*~^}jOxUFd%P
zy0D9bp_PH5fs~<@v4hEPXztIOii!x>f0+L9P|tmS@d}=EVX-r9@iWL-Gi}$gFuzyS
z{WsH}^>00Up1FybqyTR&5BU7MRFMC7ZH^A67XPOO{xy#G`vQMHgC8)``OjV;o?m}d
z&A@}7cg8gk;FMd`6LMbr=XGPNJRzA#~=RcRxN{&Wp}ZO~6u1kK~tlrc^b+J!E22&)YdcXcqWU`Q)4
zH1Q=t@=WBQmR;Fj&f48$g9wA_A{dewW{DRdqV9?<>vFUAnd;uRMr#MAGjkQ23dz{0}
zeAK{nb_n!{ICVUwW9dxbrHV~pALx&x<7<-wbBvv@hpy+V+TdQq>(lcM)|h`>0j)w!t>VhBU0wZ24w?c>-5`HtgsYeP)YQ6#kzA>zNvwh<>?2yrj6
zB=tcJ++j2><0iz0lJC8r-IpJHFbOZNp!AgpuRq{dZCT!|5d~#Qcnd+iChI4D@5|Sw
za<;d@z+4mUL&n~alS=Sa;Zbx@k?tCD#(d1Ey;X1XcCIVSyz&e}NtF(a6YF7c!vHmZ
zox>ML>i*!>9yLPE2GNaw{;sfSUbZJW@*+WtnA=w?MECm}tk00<(S5)j3REBz+jRpN
z+vNis+ie4&+qnZI+cg6y+m4ZR_|_&K2oJFXNikI>ZK31JkyQjbb1u*iK?BO$X_#vQ
z9TgWi+pU;uf*n;Cz}u+#W(A>J=Crp)JZwyt;S6>NrmUvKM&p
z;iJOL1G%k_+%@g;&WQDBF>{h*RMk_^FF#GXKS)i07ZCMS`sE$=ukpLTm^8p1|GTeQh&6J;WH@7fg7RA3x
zb-eQKjRMBJzube^L~#f8%3sF9#OkrLoiXyr2w#{rFrAKqAJh)HXoKprYm=tj2{XzV
zx4AG|_N+3aEwIy&sG`HnU8Pfvgnv&&1j7{i8b*0x7HZz-7JAed
ziHOx_PNH4((T;r4SW@X$dW6T(R$y
zlPJxWWAnbqnV9-8Y@@Oi4194c@i`R}4W@(!`C`)!b*1-V2w0b<6Ig6@o$P`rpuV^Lba+XRZ
z5EX_ZPElCN?)g>xIE9QXbqWTXA^$-C1mdKf9(}ikg+ZNC&HOl6{XR7@nbzpR5;hJ-
zBV_ua(IyNe)*Q%)fLJUJd|
zctz_-~
za!xiw!jEAK3c?b)f`au8qLY~JbBomLnvs6M+j0o4@1Ua1t~+Kn5iTng5X#ZxpLX&kTvAr$H|SQcm(jMQul3!@_#fuHMaGw_pFU=v7a
z*Kl>ZlP+Ti;Rc7f7ez$bNT7G#)U&x%vf39IN}`kab~LmZ-Q|zWDpkR?d|g0ss+H4X
zCyb>&?&GbzNwxubOLt8Nz2V7zVTu`>Rc-zCg=H`K$&}WndF{>G55(-)U#&C^@QA{{
zH0;0TdH*7*pREuL{zp`Q;wwPs&V=8y(g1vwKl-#h6PqjX{Iew@a?$8h^vtqfI-qyK
z?=VZ^f6~(&)Q|EGHH?fyT{HVdC?vauiF;^$%1m
zu$)}L=ie2N_Ky&N!NFSQ{{#d6+DZ6Nsr-BlKqf!_{u>-fh}Vz>q*n*WktK4j!8Spy
zL&A`ep
zCN&>F-9MagzTxsyg+aZ2g7X@|tNR4qn(^WV56e>#=-DcFd_DGo>(F7T8~<$t|JM)D
zTAg>5>&K^{74&b3U>H%fW7~F>LFPCm=s)%&NCDb51`$d2lu?Xb7`==ttx9FA(IkRl
z99{aQ#hBxrZfKkvQt<&z4)ruWop6kJZpwR+v_1=E+WNgiBO1Gc&mSi#*tm<1$%*nY
zB9g?@FrD@inqr!pJ_houvMCw#r7|$
zDL&6gz0Id_%%HMLf&56{uyEkmGY2DbDH(~(6(E2pqKm>g&te?1XZoOfERfbrF<}w1KA@soI07&FcF6U
zV}_&S0?1+%1Ez;CdepYDHz>AEd(fhdA#{W~gzgzHQF?0cwMabPJ-pw*8e)SSCs-ro
z`s9&z4gd`SXwhc~+CpEEv<0+DJ@6jhZlEl4(>o(2yt6;BHQ2?|d4V$585JI&(Hu;o
zK$SMOx!m5l#~!mxMFXlQi#ejO?GJ9s?6%+36V##$p}JK?`>j8ap2NDD4d4)D1^v~2
z_$#CEpAGrHaDJaHG--}_m{#DtNW@}9zM=;2
z2!O`{U=sIn(nvUb+_eF86m4e8(mBI>V*}<60(<7a_Ys{quh|ai!j?QXNwHhH0LeDg
zf(Ir`sBeofTIsW08pxK-KpeQR@M78kA!cyNI<;@A75Z^3rdJjwE)ickHETbm@`{l7
zoJVAfk{Je&^tc1pQiB`q^i!18!)ce%RIdQdw7NvOIo6CJ50g9U>}-A(k=%pnHb;0o
zm#;tXMa`!wg|yNZ&hv%(;pB!EG{d28
zRNvet$$Kd@_JZN9Pzb$AINTzFpi++jxfjoH$YVjU+Ruc?e7I12@V5J)I^q|IdK~>!
zA>WXz2r3KjF*n`9tnp_R+kDf8B)6KwC2(9tU_Gb2{7+P)%Rp$ZnV>sKJ4H_mz9m+L
z0~LDw9A=e$H8x-jIGh=N>B`9d{X_#CMbdxmvhOJW8~8vlQ1!}ez
zL`4Mufj+uI^gkvYM}a*v!+H7O72Lx1nMBx^I4JX$y07wTuf0j%@Yy)$=L&6r;OzB~
z1obTG-BZL-x)Mfd5@Q1>S;O2ZAvtYB^*lIc?5&Ef8przRw?|FUqX}AQ0{wLQa@ai_;*2id<3#
zoE&{C#`u^S5pzar$AZdW36Z%Py7;Q6O8GDtru^u;$1A=lzd{%ylzW(xW6PL5_FiTb
zlUi(ll(-=7msfa(_q`3+CT0e@8OztAI~bVjVY>Cot>MALFWI6_k^<0M!Hc-^A`53j
zx+j%{xsxAizLUAT9)Cx3jooP;e(mrg&6>tI>H1W6&XRG$u==uOAFr3p7yIG?gds&J
z%v)nj7`|D8cfmX*UMhr%pN_MIz59;#Nkk#7{v`}ngkdQ1p&1w%M~ag9KnXK
zK3@!}qE6F9Ac>l|ZZ?yr=JE#4aJl}oeJb76uHmYCJD%(tdl<+qKdlb~saq@(ft1Zw
zR!kMM^3*d?N%aP)bje1zA@nt?Vl|YXSWUZ`PPz#|IOb+O%Q(7If*5r1Wy&M~J@K2a
zwp3TJzM(hnDTR%C5#LX5!;^_8!;`*he4wqusH&Gs2+o9jswjfZ0Y!7dPMQz_r@vnJ
zUJ!m0XI@#Ui+BIik0n7PS%Z*bi
zH?Tz_W<-8CK31w(D!$U2Z*XwRBla{n@`tGRiwqjR&XZwWSMpGT04HG^Wurqn+zMqc
z8_BzngVdpv4~V0;N@^Uh-HUYZvE|T6SDlU@%w^irPx$=WXgPY&XO=Sd);xfFgkvN_
zJV@=)LD!8za_;M*TYlhrV1?eMZr0A?wacQbNttE`kmKL}YETLjZ5GeXevbP
zR(vMH@7YY&jfO#t9lltQe`upk`sOCgK_bU6e{{1N#1v+CIOW`vuUP>zO8a=8gEvP;
z&}N++WX}h&ds)vOn;gd9!_05Tah6^Nn@Cv~u-fphNP`_=rCqN>WGG?}+4|zrpEfm0
zHw9r7Val7enXz(
z-!*voqFASL1HjBg3S=h(d0hEeLGzxqHL)d(LaXArU
z0(-qyCkF|!(i^9Q~A9(;T*zb%JjvD
z1D?J#(*Q)YU`1JRL)ul$M8npMl2Scav<7o_uIN)WyP+?L1g$zPl@Jbt5Q2bVOpqN(
zPc=`QSH5yPorK1l={z3&my$3_7;3s=!=R{0=}6bu=1bTVl{*|zNO4@j%sDx4by3U}
z!7xmtJyIFSbD4AV`7f8&$&@nv7&`@z=FuY+&`+37MdvlMl~GMJUKevvb>cUV3gw@F
zQg~7WSLy5kN__pL693vp?2oF-4|XlgQhpv(-v_x|+=q^{Jz&F6R}su)
zo>r&}UYs#`fvPBDC{frVA5(AvKxEv|y5s5MHnUHiVuKGtSIt
zqo)UyhP%JQvZ5Tp$}$PtI0@M?5$ipOpg`z1B0IsN^-oxBlP&6M876PPm=dY8#rD19
zU>Pow8XFxSx9JOb>k{V4X%d%I0zn5yS8b37p04m~n0BA=nLDhV;kieb%!AaLT
zPg&LOq_wrxo8hp4cd%SB7*|e^O0Ya!gKG+h6TK1ODt285L!(lj{o3O{`%y>P=Hrq3>HiuaYNgj_}s?ajFmz
zAIz-o^eQ;sKUQx43~EVlrBYhxyS!bkS&+V`nOAep9Z!knrmI|~{;1xqxxss{T~Hp|
z+@`F_R7N{pwb)`yRiUc6oJ5^4TBtyz?x+a&qTaEcWd{Xx2h{}E
zq|*i51rFi??;_VF*wqWf1LENCPhzE!ZY6YIi
z$hr7iUbrVeAKAB^mzB&lGnWjSARG;@SEk1l4XPc++jbxrTCHM++
zUhcE!LkHo4>%!mFW`qXn0eR2zRtL;WtMmX%K{`)CT3
zFr04@dp$_;EJrOqQGG}Zzeq25FL_9My%D;cfP1dyQ^wrnk&yw`xREz(1{3)vJk`
zil)cJEE5Lql;Yk}o54KTOGuE<^+zeC`tIQWF8lVpPM<}
zsl2F}x;nntMs(|CFo$9&ADwK2vYLDioggbuDmtdP9qRK+XR`V;&__y#`1j7)7$K=F
zyTgaRzAf)wadgmUx5mm(CJb3vmui#(2z?e6Z`Uv8L6AzIZ626Y=AW8^FKWO8tG1yE
z`BUn12WsszRz$4`p{CjDsb-HVKW~_lRy5`u!izuoOQ3QJty|*{UvqYtzwIMKtyT;Q
zLpHQ4aAs@S_Mi^;6wCvxQFR*T`f%g2F}&!q({PaCJ`y4E`@iSC{+er
zFZ~i{mXcvVSn<6y+&&W5u2(uYng?cWQQ3q^PrKvLS^|E3m`$AZrkn5GRmcTRyt+7e
z8m;smOv1c=bKVks+CT&L8Qc#(ApSu3?1!9t#&13S*Uj_aJS}K!4D6Qp$9-oc6OfET
z71P|@_Vodosur($_etOr)|B9B8
zScavw$|zwvuA-a`e0M@DOUg-`I=@uP4=TYGbz28F_n2sE5atT%`CFb^q=ngwgI4F3Xn%(*!J_thCv@Nz(D{KP6
zudi2rymv(aVpl$J_HX|-0{k_T$JEi#2Hm^sq*DMJ~N`I3(3Mq5(HwVLmfYAT6w^;Z|2
z_x+(VgvgSa)4~>a8^X&WL&q`mH7zTlpHX-oEpIK`uPO^oeKrm4ptm$&bLAUR0ruVXu
zWs2G9@~v!Q@^kYtfG$^ZPJ@fPzw1mDxm&AbxtKy3kJJIqDrhwROKxIHOQa7c-j=8R
z7OBUP8TbvFP*Xqr6=^)z8BAj7k-+z(uF;D)wN7IU*ThgRi7u?{6Ea2WL>?Ka#f+90
zhVKrunsOr+vJ{tL&~%xrd0x!;hhdso#^jZh18I2tYK3Z1=zbimz*!sHy@fiuC#MLuWSy2N2B)*1~O>e!8$?hRyX=-LonCsD`ebZ
zV2s0vJC#iqiY}7betDj8&8mz-rZ>(wMy$w6a^HMwlnNcjz}e8yb?9fpE$GZR@_@LPo*xha9Pp#UG7f
z|3irZCCKvsv#Y7e>0X+?c+9bWTI!C6ee&!6(apbb7^ny+CI<03mg_%6n8_zf781}j
zSyMgJFgy~_FCnIw2%t2eI2fRBK)GY})3rML+q035QE_qev4C{nMtWBKph15-SR&+W
zatN_lN5TQPEocx6F~X6O+6;eV5{=gsh>n8!9{!klQAor+Kh{!6DCZMO&0OGI>G*Br
z`*Q=(KhG5>XGaTLvwsw~{+xvS|1hQe)8gNELjNituVJmOJuf^E(rHj?8t5#CvS3aY
z_&ELOUy8U;RLvIWZ26#70fxcnhd{QXm&t`ESf?;~??{_Qbfl7Ls@4Yj>4a+o0-#n6JJvt}vU$fj1WGZ-KKtnt1E(c!*kxZg5)3YNk=HcrSs2#(TVF2P43
zjNNL9{AAiaB4hx+(d%lG#CBZmzRzyXBbdkL==t#DV@|q0^v@g)l(3Nr6d-6_ejDfh
znyv7kh2oE~`{nRItrm&%a*M#^#TO#d(O%@nQyQ{yGH{rnWT7-vL}aoe2(6A_Ksq#L
z0LACf{L|?)J=FtIf=>vl*O4fYyPeUf^3RtUoQsi{x2vc8uL`QW89hxhQ&d2n2tg_NQCkx#AZ9G&n
zJ)CZ(1>*GcMhpwKwII{-g$_dNqr*E?>K1SL+Z>0L1@SAPCbkNuj(yahV2sebF`g9a
z9Y^9G{hDC+H}w2MeVXah1L=cveg&V%%UsRo4}q#ZQU^
z$91M94Uv6<{NLIVg`r}ul)izAa^}io$@@Z-L6U*6|9Uczh*!juBkxU~xX?Y!ekqX;
z96M#7izhQ}JRnx>MOEU_@7}~d!Byw83PKZJ*U6ggdor&%-X#R4@=)IPuKtvmGmdUY
z-XrKtu^pT!!!e^d%BiZIeyp?5>-+$H2bxajf!7&ngj|<-x9tJ7P5I#w9+n>C{=iOww4>sA}Ny*iHhks
zV(w#5VGmFun%HWeX&Zp_aqNYBdG$is*HXjbk9;gm-}ErQe0s86xytVg(yr_-WN?`h
zr4b6goN%Dn4)K^k&|De*TvU=qH|R-?2qGO{e3Lp`$_5|fAzlr6&w5@f>ea;59B5S+teh2_RdTjssp1FJ8_JPSkzyGi?aUW#KZev=VIj*R
zX{7nHX(#6@DkD?cxX6rul~qm#s*$dK+L2Cl5ikG{M;3dbi!OuhWHx2e=pjmcppnB*
zUblottrruB^Nswly6@UURFzc2s^v7C0RKX$v#PvK?jMYgk&FSe`If;>8_9H
za8thcvF(}pvKI@j?YcjUZV~dPA)JNt{ySvu9TLJ)?vyS+CgYMiQG7Sgdet-Ht|Dw(
zg!sv6xKKV6l@3!o?ot4(FEmf$S6J$WOD66JS9(*1PZ=@u;58WQgJ5l_UsP*QJ#zOv
zf-(U-(3zXLnwAcs{*xhC@}_e0Hnqif)r-Nh#g6oltj?-Cu*q2EI60l1pRcv!xy
z@&i*7<*KCTtRgba-&f7MX=U#X?h<-Cs}$}g4zkxuErTFke01RIbjvt=sI#Vg13~1n
zbC=0Qff;PX8$qgMkx~U!z(=7G+@w^iRfY_2cD)9%?JLYj#c)Pv0)?esLc_1rX(!P+
zk(JH-u3OnQKVVW|;C<*MS)*CFEbBTlJj^9{C%}KiS@gcb6SJc0+H|Ys3~D|Twq<6G
z8LG+X^Aw%>UYjDrC9yek8vZGA>Vw3Y@t!Rj44TGb
zTICT^p0b>7`PC!DJ5ov}|Lo0=p%PW7oz(=cr(b@1^T6<%@FQ$z3tU=VjGX}{e~uu*
zQBCjx2C%{M;37zN3~O7j=)3E&A*0d~u+a5r=5nO$LIJP7
zJi*u^o&W+|KnuF~dRR9<_mId@fO5JuZUZk@E{7Dr@yuimp>L`|W1mpy5aZbpRj8Uk
zEE^XQb;woLoDy3h8)e#Be!Ogb*cJL%U+*%Eo6oC5FT^1)w=;TX!zU-&h@TKspHmbA
z+;vRoHDIiM#vLdZf1D&G8WE?WXh4($)d*3o2nK^I
zWOTm2;!8Y-uSCQje
z9wyi}$UV7zFJSL#HFq963MMK)fjy-XOCSu4O0!;!C9a@oOw&4xFKQ;4r6f6bTF8=2
zJPD>qmH9%N3VfQ24ZWy7tlYxMiSCB^xGefuM`ox;=Aw$^c!BgCraHa?nas@`qX*@)Qg=(*RJg%G+t@ym|Sxvm)8sSz@Ht_vmJ3SYf*MFu74E
zb|_}J0~wJ3S-zh0p)lLH~kwRO}x;ut+T?Ybn~=ad^3q`F
z(J+!uV8Y|9b>NO`M5f5|jLT2AdjDvF#Z49m1Hm1en(o!+#qle7Qm%T;-h0ffdF)F^
zGw<+s4IZ+2VeQ^8H!kQ=Bv>ONg<(75jk5j
z<&*qi?+$|$O?F*X2ETt!8QEaLF!##}?9Zc4whlfvHxRZBzYWWO<=6iTTNN3#znv;w
z;^%)Pvxba0%iHK4XdPCpIV!7Eu@gr+V1r5~lEUrDLSZv4kRwkm%w9;H{cK9cg60DA
zkJ^})Z@k72h`6;gQCh|_qv&eq4i|e&Zu&eU-aCE*W&h|Zl~%w=_M9SF$EI1
z)muar!J0S?b^W2=?Us{oR)>a6C?$WORv~)B
zNtm)05yaytXaLA--v3;ta1!RnP3|gnhOK%OEzH=;W
zj8%rZpXzzu)sms=5%w|OV7pLnrwvwLpX@u>kHADLPm~o79O3%kj_`k@Pk&ZJg8pPQ
zfOGd1(8kY?|9)HW*BX%jK;@?)K}SbJ4;ec%3*%oqE|>Tp;;4vyFC-F31kK*-fq~>O
zI@p_v#vme5VMrtgJyQ$x1(PT7`IO$Y^5nqU9iS`>x*~R2+L7z+?91@c@KN9HBDbFp
zD)eH^QJAL8yw8{Xl)kKd%QW6qhmjH`YkPVE+@V)U%>LufsqTz8w=qi>aNSU0!r~my
zNJMJXtD}b4VW=C7P!{MZvj8*u9`0dF6zcp-NesvlQ!pBK=zJ#pl}(ws=GDEsC^gxe
zpk>|@?dDBxCCn5u)V_m=%tJjX@$WjpZ!d$EvqXeF^k~Q%hhg3lIee_Tv{SXcLY_2*
zE=5VzlTf_Q-_-~zf1ffUIJ>LY-;+~uJl+$w*;uG!kCuW?uGnwmi#l=0*z=B#_z*|+
z!qEm-ac=Xy;*DFaA@_!hg_F?1?Sk%+p_CgJW=Lk^IidBQuG%{)!X$N4{eTyhc335B
zTi^`?&rX#etmDVsmowbtxBAg*SR?As6O}oP8kkogtu})ueuyfG<2RH9bH{~5hf;5aKj}9vp{avmO?lE1
zLAJc7g#|H|5ijcrE*lPkEftMr!4n7gw2KJsn-<0qhDNNr#qBOXOeTS|JAB}MGrJ2h
z2(}~Sga_ulu)&M|m1N?C{qg;6XJR9usXrk~)Hv|lWznC+Zw$$Bha>XFsRK1Xs(M6#A;
zOC4zRg>0cEi$m0c(HXp1WKp3yoCEz;@YNg$27}*%;jfv&f1B1nNUp!F0kY9!
zz%>A|w@ngw$(s8u&HZAdO&VTL6v|;j0LEy+ukiDaJ62su_PWaL;(4h74fV0GgGeS(K+cHPb+QRu2G44w>+*?Br
zbt~;rRZv@`&bLF|F6mJb95~P*+jOl1^xRz!+D!O)cZB%l>>GnoyaDeN4<_}H7bxy5
zCWJAxb!#R_z;3FUho(Q98C`Ws*}UN_MavCKrN-?vj+L#7f&0FO!cT3`GCz(d=h&+A
zz%y@r>~K2lWjG_
zL%PT?yf7NFQ2&?&;Pq57{K#QooUSl#Jts9P`d0EFj~DBziU@_gl$sq2Gl=(G%Sh6C
z{X1M*CBJ~CtLP_Eoev2?1Hm`jTcSnKN*}Okpxy~b(T=O37o~z*0{jQ(p5HZQ(2m=p
z7iBzOYsvpgbbLjtamx&x5Wi1!{LxuKR#ZihPEt;c!N$-PVEd2wu^;R0-~Qa#&W0W+
z(+l`#sSm`zGh}IO=xE|(Ve^k3?MI~kuaEX`i}t{$b+@rT*3q_GtVi~h^9_zxOb-P~
zj<;?)9&m_cjYm(*`S5ASnTw-M#VZOs&U%Js{VC*4qRUr
zTqQ1C(a048bqzOvf{QO5O7Hik9YAV2v!jT&=&NPtI~(q=Iy?*s=EXr}Jv{p)#h$JY
z)gKP+!cVsL_U7(ZLvNMMF+UMOHwa`$WTR0O>Y%k2(jy0jKxAmjqPi_j1q+LsbzK^G
zn|G{Ie!{5UY|FjnPulmdi)wCym*)%7&~08uBea}<+aBY{$ee81|~H?)4Wxn+63
zTX-0kkZeUAyN^yMQIEMw$mVz0l&<3Pr_2
zsB7okH9|9-;~H6;v0!taC>2n-hJM0^vXY1o5(?6cJ
z3CbDo7!6Udgv>2CT2LYmr-=si_r(`~q>C6WZ{8jFw%t$VsQR=wYG6)Dx~ia;IrOYY
zy}(sSnX93DTF-TG#sbKORp|pqI-#52}e8gdV
z7t`3)A7dE2NClrh*C&2+-fuxR=#kBcHcMjtc;w{)r2v7DSpJSfpnqdrahs%YiPp>w
z6qE1>w^UDBaWEL%2$7zKuTIcEKOQ8TJFI_I^cC2oktTCo8j70+QzQbV$Qy7H@S8~u
zj<~KRMyib{Ge&UO@=z*Rc$60MA-gTaN>>lIxUVT~-I%CI-1|x(ewm^a+sS;UOH!o<
zTh{P-%^)zw>Vp%cOK>o>uWW@=9Ez2TICK$-UY=gRB%jMjIhU+aCG>}Uj8isO4Rqbr
zJ}ji+4gC~ymrk0;`p0lgh)0Ql}qKK$6&FMgk{|4cWo+_!Vqh9Jr($HfCpAbBS
zm^aE*b9TLCfW`KnQOW9y9BnXYvmmvuwtg|xWGq+}XRrmHIH@;#K(ZEoFryFyd{hFo
zh-z1)7CGlahD1=YfLQ+P)~*UIa5&>iyn0rn?(C4>sHxv2!qyy#cxml@
zIkn0B9vXHG(mXmqYzn8LjLwHHJ=p7%A_5zKP94-5t`0L(Tk;rODG+Kt1Up>JX75zJc~tQp#T7p5#d5AUg4|X
zby{PlY76V~w4|YntB&Ctl^$g-+v7!zS_>~dR$}-D!@ww%S!;Tjw2kOuKRRWRyvZ95
zoU6mID0c&9MtoSo06(eOWzH(~+RU4EQZ(4jECHD_jAwa5a+tWb9g{2+eM%w^d^;4i
z!-=m{H%nwYWxXE<99iD5zFAyc)e4kJfHKItEkMSDnP=U9<>KK(;y(uxVVRrP-21im
zeSAZI-*_|E)%jCv_`CUv@1rB-l8J?G&tQ)f{)`7WC&S<=B2`?Dvf{kzn5+10uD#_g
zAS1pj6_d@Cx224GyKpoki}K^xX~p)(^KQ5mM{c|NqpR`-Q$v>w?|kpic0xB3Qk5|y
z$}!cIqsV+sUU)apMnjiRc+O1I`9z`*oPmaF_y(WX47N6
zWfE-4bEZ2gEZ3yGm86PoqCH$*Av0vfGMe@-CSoKM^1vbMyQhNF6*3DCB+A~KQi?uT
zBnX;=ZMWqobkQrm2e;
z@DmMcV@dc8&83O#M~(>*8kvP@4HB|eV53+L6eTV&Roq%sAi~NK<|9e(krgYyjAbn~
zR+yiCSG(>m8|c1Gk|HpTnAnYULojO+3&Y6@`fB4uboeDrc%1)hf`QfwZalNYQL_@7
zDwio=#gUyT*!v(o_P&!s2rEk%6+pv=1B7
zTi3A7(Z}jd3)6JH6QV@w_XtSR?L}zkRqU!1uftZFpbxpBBqTsC;M#;~=SNVb4;C4Z
zD8%Dzb~2S+3haa0Y0EeXrK}bfOH8Cd8Nz6zMlz6wW;iXf>@u+T+j%Vl1S
z%Qrz2&EOkjbFtanKLME3Wk?UOCA?OOuCbJcxM*vY$;?Vtf^L!=k5Qe4;D8Jl1C1?~
zP;7Kx5im>v#ioHXl@|j>GhHQJZ+9nNEInWEL!PgNc5t=J-D^f%^Ko5f#_;3~FiAT$
zDlS^uU7uJ+7Z!IEvOmnvDCBqEdPu}wJ;f?M_&l_g<Zi3Q0Bn@K*ct{&``s4
zuxqlwk;u9W{ji;WbCT}MnW7KB6NfuY?+~|Q
zAs^pLe((+Fh|C(BT9%`vj5ZZzm~RlHig~HH{Arv2ozaWtMj|fXX{V5>*boDLGIRFB
z&WODL_zJhSi`KeK1^x5K67{`Gs_WZjNONKQx@FmX&#kyc0MrhGTI6YV;pIS&oR0F6
z^A2qCqxzsNUi3W7y#ugK(YLqW9|taz9}adeLx+l==NA(m)0s9^G@k4o6{ZXp=wNDJ#VUGZZNx^0QzQul(4ef&4Xo1wVIZZ-Fsd^lG
zldoRvt+kgkRN@b`6Tk-{-W*Qq@P9*>fr8C049V`P+T{JHG^I225~t5${>|}0fc>;f
z{ovNqM{_M$?^^iDSAG_~Y%IBGztuw(vkE%G-7Ijcpe204WW61cbvsx`y4CL;n|VV{
zoX;Flp=69#elR?(S=xz_z|-_jU_z%G?$uY8_!qlYtNe)2w4PqaqRT44MV$yucBl_+
z6}V^YWHR6Lc~@EK8oK!*7DswRpsvTTL_G^au`Bs^J`;zla@`{=ri8CECgxu|lf5tN
z9No(66mfk?;=mghXY{5X!#`te&VhHrOt6}Ek;SI>Iwo9auu2)Fnd}#p=1zSj*RtJw
zg#)dOK2P*HZjMA;R(V;s7eAKV(1o36aYCpRmH?x=ajy|eP~>wRm<>c8zSL`Ji8w;-
z(6!gfYSHO@F7JBnBbC@tR3P#ns@_=&s#*mMN5>Drj<_)Tw@;0sZ{Da;|Q_PmRC5#m&XMYHw%h@tuoJZE9
zy<1QF(xC+}{G6Dj%Y&nE{nSTx0WOmL{yS3_v}`wF;vMrH!?@vw)2m$t$-fB
zIq045;~6tFl#6?8rBFX;jDbH?O4oKSSY3P@tsyRF`jwoc#GsT0ZMK$#ZLph4Xfsy<
z-OU%S=$g>k&Z8}gp~ysEZh)@^T5s>=$8lXiId9?%EU-(9#_y6Lexy|WZzmypM>~6f
zqq7CTN!e9?M4C>DR#H|`qD19PmR5RXb6W`>(s5ZS0Tq@G4Hm8(7Pedl4izLo7&Q_$
z64t$8P$?puKgV+#wG9x7c_wPQP{m
za)Pv9j^;p^C{<5tL$l6La+XfTI?f6BxX!@O|B$m>8p;a5AN>1+5cnPNn91<#nECIs
zoROW2t+9u(p_8*U;I~J`zuP1GAM6=A*)shjqZ0qCQ9)%nCP909;L8{~1B)J%?E%IX
zrWVG)d_kvw<(DQYNdJ%|NQcZ0xj<54cukW4j-!DVCrTz&dIQEV3d$*EJp}(=FA5wI
zsG%)PHUnVt#NHn<|HVM*tVi0Lc~^2<y34=l_>kR!$IgQY6xCQb#nA_w8p5ouaO!xf*c
z8gdS)Lzh}5)F$PUwJ~A^13ker-exl6osCILCS3_T$$DXZr-SQDu7${)a2!*opT>kB{lo-8?^&E`4&G
z8|ooCSeaOutL9C10LgPq%vI(h79r=1Rm@cmOjV3kz~5Mka0`lX2omcEkd59^6~l(Z
z$_UUyF)}d*OoK||6UsyNn}JMPYfUaGiTjIh6CY
z|GOJl|A`xf&Fz3J%-_8L>}>h;KYL*}()$zhPapUL6I4b1lX|)ZOh+~SYqLuOECyKp
zAJ6yOH{kduZvZR=vNJI>vi{>Gl9YAjrxY-KM`y}&QMa}EOu~zt4?n@a<`;bOTM?PtA4Yg*lRGfE5Jubz
z)<3SaRyVkrYwL)m6RjdISUMacYXlI<;fI_|>JQuKIW#}rp_+uFhig+&!VZAN
ztKB&yO(oZPkmjljX1&U=(M&D9cEg0IRdPxgs=k9b6a)vwG%|mu?@+(25R)xWqx<3Q
za9adYTvmbiiN1oG1A%V99;I-bt8%?U!04eZ7J{VcgUvVRz;{RAwR(&rY23l03=6(F
z=&2Hx3iQRg=c_uyWHQMxJC7%R%>6n<%uG(~5i;$M1!P^=agVVB2cHz?B+@MClr2-G
za*@!!q@bM1W0Aj9s`Wad$us7zf$xM#2fC6JY>@3N#C7Mqj~BtCX~nRg+Tighnq)NX1!Gc2w0W6%Aznf&dFF|WIJHT{
z<7TY1>0%iZ9TCj1oxt`Tfa@^{iNbq%Qhs19&9`@i4fKPK`qkYEU8SZ>BikXCi5QN_
zDI9P{*FSs8$zQ*^NB~|sJp3hN;_pig-~TV*s{xFi?f%ee&4|~R?o_}GeJB2*v362s
zX!2Qu-4cVsj+zmKiUEv@60tFTQIOmTls))fMi(_vNYHsXG<;>mC4qguXOwf%!}s*^
z;`3PLtlO*5IWvxl48E^2x*E-eR-j$156zpfHcxW1I%CK>PRG=ht2$~pbtjlweaJT1
zUZaHYz4niVSE8Gqk`U+8!l<`=S27Xum6ov8%2RADEFtE_OKM2sLjGW>MAtac
z#)|$hnmr&!%)}Z6v8I@?;`uX6E#C%hAc8mGq_2XHnM|aoo@qx;E=uKM@>tvQ->Ui8
zg;?vZ-_@Dk5%581%BWroh>4myQ#;O`0n%WKapNT0;V0ewzfHg`N8y5%Cv$-Wo(CVhLQ6zW(Jp>F=Y;
z`Oikx#RlLAZ1!mK_n`b*3}W+t4$8C5lS|V%-SN|?KO-|q&fCU%2%NqF+vPQ5cW{6-4w&8je?uBIfjx
z7R!#BeNRXf>bFO<(K2Px3!h+{np*#u6hI7=QF)}SjvpWjof~h?S?SF6^=)f?ot`7g
zp=?W!oa;<%DpfEwJlxYwSLUh6JcL4LV(PWw=)H`?NAnbmV<$-UDOdHmV>)wUXQ<{9YYz~B1#AH^GSfGrT1
z))t-s6BP@a|7*_xglEM64A0x?W*|D#hfAgtV~3Z1b#Qdbac-)IFf=#)Ek+S%eqoe>
zZeV!AO_El!Hl*JvV5Dd!g&98v#+isGYcPTY~rQ%IOmiMNG59so^Uc5d{O)w@exY>bX+Q
zzE&!7y-EiLK6b>pqM^Bt)OhL#+lh6bTLH?mgH>#al6F!QXddHmL<$Y6E9A4KVfXN?
znQHNydfZ^i^G4os552Yx{M#YY?P%(d-)j7z-negGjIQ6-KCsU5qkg4zHcK1^8CUoD>>_-iLDzhw^VOWEj328}*QiA@%DBf-dZG$IA
zLpPAe!xP=1qZE%gUB85*-dtqR=s4_jgpY%RlF}MdUoeZWe@CY`?5E!O_IrO*0!c7d
zDY9y$sx18*y>Uw(=&B;@cp-UD%db$hJn(_|pzolaI8w8Nk<&E}f^jmDJ=G3Hp-Dpy
zz({k#T&T6)c?uZV`mf&K;3)zq%gNue%lV+_4tNYz2auJM&N5a;%kc2gD!ix(4(5I1
zxMa~#^eyA65Z!tm@5F^on(og6K1i2$bB!nJnMqcak_m=NClx?xn4}@_4J6Q#7F``A
ztW_Y#trS_-Yn)WUP%3;#i@#K0VBDm>TvLdIGK9sG#geB^j{=E<1QR~giu>5KSy0Sz
zW+7MMp2G>11b&mbLRAQ7S1>_$f=*aCi2RE*8yuBlt$bADgxpOYN^m;5J%km5`SpfQ
zbH<&rVnZOWAze1%TLg0A?WDcCOR?gmZY?G=qKaPCEN|2c?m
zua=vgt2iQof}QGvY0(KPyAd*~t+L(xt1?2jep>H2ILp2-Ia}Q|Mh+w_9o^WWqj&!8yeno)b&e?|~8MneXnIYO>G{p4CW;J{9gX3mF{wNDir
z9}AZ1^HKLMtya3G+cnB^Im!mP&goXe;Jcl0JY;pFEYYcU|ku66-#zr
z5G4ScG-`P6LS*&AJfOEASq>axdy7nJGH^_yXxETq>S#+hwL_0=zo)i$_yt$~UB)T~
zrRM&bXbV2noZI
zR=&si4mhxj@_8HkW@_Vf$T#Z|AYbiXTYvDq|=ce&H(;mO(p0t3etU*_MdOl
zQ{ul$*TcD;VOTgN>)M1D6z31m_NP$2&5%?Xkg7*6%}%@FX=!hu7lBZ9DST<>|y
zrM0}81M2xUPR2B(K3TcZ4U~zje6|h};Y|=Z=LtIRKE4Eb9fp=HSu4ppk@wf{db)tSOUB_A4##8vYFWs6XMWox?`T!Iv
zsN1jZA06I_8($XPEjc%sVY|AYdHJuA^34|QAIi?u%wAm+fF;WZWc26V(RWLtN#hA$
zP&BCuuh^)*5kJ^18oMS#2^7unx83h3j{FY7e$k_U&JO*qW3@16xDhUy`6cm;CyW0$
zBcncE3ni?cSQ)Q{a-EEv*9S%%>SK*0*LL@kyJjbijLplQZ$%E0gU)hscjGrfF76lc
z&eGw|m7a(rHcpMYHu80sg0IJ4?T4_?k5fn)S=)k(1Fw}Q!YtzL8H$U5P
z7&~>-8nqi2_Iy1{j&%$V$SdvN$cLrSOBJkD&_^d@v&y2gkgfw-j-&Y4=2JS>G4bN}
z+S}{K;=8RMIGsl8&-c-tNELghZ=NTKExBZ^EKa7;LmeemWT>{5;b`aMG1#Jn|bP#@f8E*g+HtQ0U95?a(P4d`f{1rlA*2!*ms0yRtx
zxbEs>EVxX;4L@I#WsmbhMQyxYma0|}&pqV#$&#zX>}M@#K_g;zb6H+bV`7Qvm6-pC
z)O_5pivqRJV}i{02169YeNr8Jt`^dE*OvniZj@(%IJ*QXeQNI_DN~kVXJ-Pb*#4eI
zm$TUz?C^6dXZ@0UE1%Lnb_axKs<2yKX9J}A{i#8mq;5{N&=HyzQ(cA{N;zi@v4?e7
zP>R(UZ@oL%1g&P1HGI#`;wjHc6cL+d0DeR@S{62ADO>;o7na<@B7QBxba
zoH{28s_Z6EQ-^2&`xC5-B-&^;yhmWyigc{MUpIF$d
zaoDv7s-oXqM`rXzA@Q<`*(>J`K?PQ~G&nRO)o^+oMSQ0zj9Ht(z0oG38QNrXMdRg*
z?Na~ZSw&ABu3C;&3TIk|J*-i??O+x(a5B1nxOEnIPyV3`$_9Qv&C98OYKPCqi6fLm
zQ+FLwV?B0Ee|>m8O>^cZTVnnzrwu-*5WOdsodIkX<}L@qs=uuGZCtKqHNO6Sj_%0w
zq^MVQ$AnDg-Sa}paOuSUtcdyqHfzC;|ry4a~lo
zc=b^Ni^(pXT-J>E21Ij(j{~gj94Co8_nkvMz
zbo(J}bKJ-qL_)CF@DS@U-AdXz1I+$KdjE&I
z1s*{Dcj|VmIez-;kH(n)PwE!P)c%#bm9YG7LY7Q+uuGn7vd0Z55U$k}R&fYWarnXW
zx(k813xG5Wyxx6GRDlqMASc8COYz4vrvxPd<&Px;L;XqXF8rW%15_CUBD=`PqGESD
zVn3{mwnN65{W=#3S;;-=Oru)A=2Dg3H+V_@LdWS{NA>6&aGVb38f{$Ia*Eq%J)e0h+bK
zjQ4KQ%0jx!p9jkLL;E>`3drTvUMG47aowt_sm8@0OmIutQTbPa(}cP?X-v)Z&#(=0
z&ZsC#Q}^kQ>nV)Sib*NixGJp+enh;PuE!6G#jid{1_PQ-%>sQ
zhb*)|P#RdxOx?r`RYn
zJH^^v$Mv|eud7N9_Jt4~6JIW)oC*PALJk#bMcpBj2qi*xaKK8V8#z$SDKJs<6Yq4yEu2i~Bo8qwi^SUdhpFOk1fi~Rp282rMUqzS;*8F+R0uK=2%
zpeqd`h|0U^2Gn@5TqU@#v8=yS!xU6Q@Fyh&o1ChTuKPSX*a-1d>ZvHP2YHp7!)-0U
zFZ`C#tsYn`d6N3@D{?uiI@ENX}+)1gdjevy)rUu(!u2{&eI5m57>IagzMMyPy{Yi^R
z{ffx`T!xIbLgAc)N-78wI5f!x63s*$HRGb+9sOALH10Zv@=DGgVY6po2WC)4W1oMHn{jBdr!+85nEy6T{3F	#{qZgEay+N%?~{QnOOVQN{F?
zgIcb#&eoBNTLCF&#aKwx8yAW|#-{3*Eu#GN4d4XTF=9I>4PH94m}UOrr~h5REb-H@
z##0Wf}XxDndCtLEP8>F@$AO>TV&
zx{npvPE^TWY48U$c~`3=As;ui7S=b>UL{^ukp
zP8V!56X!Kr;aR;DG3Sh36`%3J25?)BRMserjAjc7jZvzjJTbBL5vA%!3FDrFv_8?+_UaV~
z-m_28Y(nT!C`a#CQrDBAH;wn%Ul6)ApDiUL_27m4AI{z>Fw?Es7Vg-#ZQHhO+qOG;
z<8(TbgY8g5N56L-oF1=e
zEm1L=P%h!c_F`dU)-v)bSQW46Pq>0d;}vuAFr>tk5aAnS6lxSMN0MdIOJ8*P@R-e8%A-E4={n@cPP=TB&&N?IWV+m|cXqHV~j
zHrWOlrsN6&6tm89aB$b!2SF#JR~;wwBx(9AhlOy(wBRwr!)58O%43MY>-7?BMYmX5
z&{x~S=}SCT*1;?4bd~NP8VIOJ&2;4?`xr|;-M>$i$cE-8NF)(*^rbcd;||rD9;s+8
zlSi-CFi<`SVrKVMs#U3eSQkh6rAnVDB+{1i~A9FlK6xXw0
z5X(m=WSAtpB_wLT^4jK3zsAM+%Q$9-@iynKkp
zyCBu*B}8i_(oXOna8iayQ|~OS=H#N{BaukJix=r{iunEM>PdwL&B*#*&rcirkS34Mo={58h
z8BEWMKo+G+peHe7)O-t{{E+7OfZZqfS(gb9nPFZ9(tzHpdc7E*z(L9xB>g++7||OG
zS!UL*w$MkbM}%YS>U~Cu?D?xDzLSZ;!ZHqfSx!fmvNn$Z1~ftu5fXJ*%96XLg8e#T^k;Er?L4vvLm>E%3fup=ApgpT`BVf&_6nkgoW{gn
zLx6j@fax`^{F0sy-9AQCxSHh`7B1Fl)#)k!dG!Tf8umxMhmxYA>a|ky>jAW35Rg%s
zUZrg5K#6qyR#=_-PabW*McjO(fu17k&b0y^JhF>?2D|Gq{%{4s5TgMKb%0%7lNT8`
zxh2wUvpU9@tySZii#=)2Q5z%8D@o(+ku1D^(DKt6MM$;qu0WBa+!KDxQoz?j8|$z=
znp8JP0!xlxxof;acESk12Y3FQ;2;>zi?@D80rzja0iJ&pCpXvsGJnWY`cu8k*IXG>
zR4VgJ`LUJP705&kObK;{KfDkOCg__LuC#P|qWkU*)omtr%s>vAy@&tri>V_ErZQ^EiGEuy$BkH2zj5(sA|L
zI3U|J^p*ogTJ(|T8_#;1ghlSosLISYU9SaBavDS}Ron^Mf3N6e1R-$04^E
za8AO?WLzAnb#2RU6hcx6_hZ3BbI|}VcbTgt6NLov_wH$=6=pn9l3=1F`AXC)J;m}A
zN*W!0k!Htv6kU@v{viPz(26N;R)R@l>T@vcWp-aTKq`xv2)(z_328H;dO6V`rotFe
z3b~s~-j7Ehvkb4`Y3^ZjZ}RYM-xzYP%9S=fC67=D67MN;SnnW16A?OWyYkDhi%MqH
zZegT{;QEg1A^z`X{}4u~Y?93nrl9u^{X;zG7x+Go9LTd>971U9wt{Abp_DKgXl1ICvRj<2J^*H(gJs#*xlV`j5a@fDeNA~9Lh5#;@mBx
z0@kl()OxF5xph?SRJw$*$zCrl+jDuD(q+12E{JE|?h}GJ8f3zaKr&=XL`Eh1_R-Fd
zocj^}z}ukkO+TPMqn`Y?$L$}D@>R^7+|2Av%t)F31>3Sz
zYO=8|Co|Ig90ER`-$4XX6foIgJ#tr)iEJw!9H;Io0~cMwVx6oV1!_VE{fZ0E-3^*r
zcl#7M0hG<8i~!*r0+)%y$-t(qQy7xCIP+zB*vCkp&MQ(=tXUBM-fmYw#X)M&+d5P8
z*aagZzT2u)bVr{f6=%bnb3$fuvI*D}X2mG1AWMPj7Nug`6j7)bnDZIkbYhaD1$-1U
zbIa(oG%Vc?x5!{Keuww|D@h{4F(7s8r
zjCTzMP)#8=P*tp7P=bz6DY$
zPl{n_yR-;jlY7}DCXlxkEDlnZ+%rY~;?PxDsHT*4w23}oP(ts+TQ96Pl84Z``FiAP
znY4Ig;l2HXQN&LsVAE{#TP=4_pZqz7bWU9LZ&9nD)$m?%Ty}EHSnD5&lK$3H0q|0^^9
zBQMphJ{KHd`rD_w$Dbr73kOOkHRJcA
zU}e{k%`=|qyH%ZcAX{Tu)A}dpak2lHEZfPfJlRP=og2TfDB;P)O8?Ec0_u^ex*bN_
z7v&8oT8klL9o7u<21EAs_nhum%-MCHudz*XX2ON##&TVd48>c2_2^fJOINg`?4KET
zymK_A?_p^&$3|vn_9O?8+8SG?j;5dFd1WA&*Z<<}+uZJ-rdIyBjcO}Yu6d~kon9+c
zB-Y5}T0u)(cFJ4$D|khfegduyc8m`;L;Y;C-7;Y@zrjuyuWAxzjVvYQE)NH%UPiz(l<5S*O!r
zB7Q~q8j=C8Zt%EgO+Aocf3Hv}m*KONDA!AvBvDW7f_1ZS)(hY%G{huf1|S+O>ld(`
zYl60dth1rxrSFd56TmY+MSxLI_f;7tm19QW(vuLxzYWAO1ZD4QyT9#q94&VHQ~l
zt6DF)bfbus`s_5JgeO1y!wKn#hw&gfgFxehnDoyNG_!?;BYSMDj=YS5MbRu%k!B_p
zm5S7Cyq9HXF9MWN2S7x8EsF|`@yMnNmn7wXm?uj}gEcZLf1|a1WZiL@j{^G;fwnP{
z>Y<&4GIfET1@*Ld;1-qWtU8>1N_%qUsNZ|T{#@v
zJV?5*jH2+ECP!z;AVKXrb$^Zlud42tR^(ouJM$gS{&e*fZ8t_M&=m1K2SaYgOGdTP
zDcgDnrp{o~wONBoMeO0Z7bwr|aX$ICD`fZI%KU9%01>adqwC>FAhUJZ%V2nKPEJgG
zHzr+Irg3{cL7bm_?oe>V+P8bXG2q5vf~>V);d{{x1oxO@qodNuqUq@OLe>PRDvU$b
z<}rT16JS8g&U$U{u1HoIPGP(No!+Kuy3%D2S}hqzMQK7IQMv8qO_K3yG$=D^)!nqH
zqgvSDt8g&tHRO|&IzLPauX?CfmrJV)xdB<)0y|=`>lQlO>SiY~#K(;-XKSznNbMGuJWYVyQXJmZT?S4Gufk2n#Sn9w#4A#2
zy7~llquqZ4o%r}REFaYD4h(Vr(r#{9e+Hu=ZJ4U&Mt=e}h#x8JMOaO~Q@ETQRrOaR
zeYJUstW-LxxncMNvxq#b4K#jM1z)(oYo+-9Un;|2`>4;+!6%yzwW8QWdk>;VhP2!r
zo%nM}5jqfCeCGB2YzDAW`klqRTrnG>0{{9JJ4W)z^qf?F$Csq3?V@iNLFpPJ85K
zIsi;h;CTv80dHd=9pIvG7E@{Sq>L$yl`L96PJy
zA%Y4XWGx9=oppbg*8}V3l{kFPRwaKz`Y3?eigHhXxfff6rH7Uu7s?7649)nCaTOa-
zdHcW(gH(;XkoTh~Khk?ynmE%C+?daHz%aFV#Z}Kff(oe;RJ5O|KS-QWB|~5EQWYG6
zxJFJp7;h<`O|kgwX@B#(vL_Gxqu-86sO9L_Ly;}x7J|DL6`}yrs2%Cq4HCk-1}qv8
z3;2}bO+vdE<5|*_yH!lE4t{Z^4**T;J6b4|eRS;`S)_4G=-NKcpzC)sI8S-`a@S;m
zxhVWlq!*l*TlQQ3=mn??51TH<-yy!|6lEy9nBTP`CuTuolPb;dx
z;-gKI4WoY4BjdlnzA*Wz#g`5b8vJpZA!);N|G;_Ie@hYnW3}G@P1W?L3h58Qkc!!V
zjF+-BUR`iB(B7*WXGc%%jEmi|*_hR&p(9BpoP;yQYvGzmBD<4C?0_R-&c#=krI%$blWYS!kr~4yu7HQ_FhE@D>nI~O%6O+Wfk`!)eB?GKtv~S#M!nN;^cZouZGgiJ
z?e_4@^0^nRgK`faXv=VOT&Hi}`)OJWt!<{%5Tg|opE5%sJ(R}0#Lx$0G$YRriB#Bs
zU1oN*H^}~wl45PoDO!;?<~&<@Cb+})kUwxTi*Xnd@@Zr~H7`jT_z}>2S{qSdC=djF
zAyM6ZffvS%j~FM#Upav?y|MG*7QBzJEd)l?o+GOT7FM=PM1Ii=0qTt%YSM?Ip1T{@
zt=sZ!D`!(*?>#wj^D}wQ_pJ(cBpizJS^4G{@W>$@Pv4O$uDGrcK`bP0g_-;24&;5P
zYf2i2YrzrxtCMPO*0yT{G%g$mR`<#N5Bp(i{*XOeS3$znii(Xk1Q=LWDAowl30tD#
zEDl!=4Ja@Qp)dUFtY6*W66@kAz~2_y`6R|kwI7&S|R`nq_VW<
zTcn_Jm7=LId#tEC0JO~f(uMrRN#xLCd{)Qn`($VYBJCjG2*vgW=Bu?YdM3-Ni+4~k
zEgmAw_f}#{qot^c=u%X!rNrGazd^$`PlNH)6pGg*uue$5BmzemU959)n)!+gf$LG5
zKCR6FuzqQF;D1O4gR>p>QJcv$|kFW+_uDE4wzhDPi4GXMY{UhGxyhXfT#yU?#4d
z$YN>2CA#s1p*r+hz;0FnAp_$_-1Vov`dKS1Z*i&6W|H|!+mQDyK>NskwqlpMsy3on
zRrj!B;~RrwHM7Z$vKC8;#y2(rH|yp{E}*2hN)=UKtRWspa09CcIwg#xYc=Vti?P|BuU@yxLmLJgrRdhKNtTyt4_4AasUMk%<@`Wu%{^0~vp6~+hg9Tamd_#OL
z93TPaiP_LiBfdo0>FW<)w2_Z1@uKzXUEA0w#ukNF@-y_74$aSqNd{Y_orE
zx2+VZ=M56Dz4JgWCt0TtBbe7gQ<*=iZ*hgLQFUI`J%ZkP+>u*L?j0s&(u7}_EpH9M
zW|re@p}PymeZ>3tDM2ubLR04O2j%dS8l&9Q8garqFG
ziWG$8>BiUuEOIp_P9&3Es5N(q7(2W^)0aM!$&q1X@XUnot_ENuA*gZodwak#$FbM!
zbdC@f)T!DlZy4pVUS*tXrm#T<_x7+tp0=FaBx=6gb+ND`*=?ai_N|$B@J?K9R%Y@6
z`*OVMJ$p9v5F2##L;OLVG3rTN4;r}%VQloRusEk9)vdS~*9BuU3N7B2e&OpJn}J*x
zSjL_)X08&!-wnZFJPhUOnj(@W0wip}>GL!_M4UG;4Z;{uBGi?tob;;Nn6?+CLRby3
zEbc{=Fn0WCZ=PLi>TT>PC65EHPx3y02aYEZc={Ay-bajg-Y_XfmBO)oUm;GFlqpPN
z{wjm2o>Np!164Y;kQ09QIfUXsj`O?+Yj3`85EO=g%8U^pgm|mAe-BQ9?)(Y5HF{{k
zTOPkBgtMhy1wo{ZRd!)nNlI=U5c~$7trb=IbA5iD{t@-sxrZNlBiyb%GzZq_Qwd(`
zf#o-Yf1(-vo{Y3_hrwPww0=)EJPS=a^($ZWYu6gihG(s~6Wlbe6C7+CcuAaouJFrq
zKX)=qEw#S%qZo~+9atMm{033it}&^q`jTWFj1N*bTztaSnzvb}tigKcRGS-dN03E9
z&#Hudc=|aVr|Tk+sN5CvigL|5A1L=S3?S;Iv|2zR*G_mTs6#*|u`9k_8laZdZ|
zi~=AdRjve*W7>AUH3}cdAACP>vA+0|BLX;%@G*w?^5qio@9_9P61IF+@c#_Od!#>~
zY%_~(epE(oD;!f*P0RQouZsv(HW*y7zsBj+NlDEb2TX_vbbmt@fyq8K!aQW`8~6S2
zJ^#YHoqlEMTWx34|7+6G()d&1Tb;Fn9Xk?vcr5+9!Ivf_ev?ZS3R<+~#ItX;?sfXM
z6(s>x9_n+nI<=7RJjkJ|qr^!f8(TNAUVg`Ki%|!SJWv>HfCLa~;hHCmzPvDa*E5lB
z*?O{u;6ljpqQAC8Q62Qk@z|+i|4mebuq&nkwaZz@7Bvoojm29kkV4Lq1fz5S+xf2Dy`sq9cdj0;`i}RRxW;uUfBRFSlNc
zYt1aToh+9;x8_?h^bq{)q$vAEHq%=dnZQo9moX_y?D%w#4f=2^<0
zL*CnIzzFAFtKP}7CPtU-<;|cJo65TM5N&fND}t%RpD>`DOy{PL
z*Z}OC1%KC?5+_ZA_7n1*NtQs_rF2_=MDJFHfwHd*TFkf_)pqCChF}vgyJy%13vnbH
zmI8BNgQi=cW83oW4-(U=)O?ZK&)M?S&+CpzvY*fMN9yqEhQmO=snE)u3@AwH@u7L}
zp0cT<$cV|#0iGRm=Y`h3BJ3$_e9Fa6F#*G9*7Qq#Cg$xw|>0k+!v
z*2KitGa+a~ld6WkI$M3tLXF`3ROYmFpXACkeNuR^&3DHIrZ(w@EPX_hjegpkdBM28
z?Y@)DB*UJg=|_|Yu|IA32yFbdlX$I)VQumz%@me)V%vD<>si~i`8C5eYi1dQ?}Xi0#l06kSpIK>&h
z$mN~M(-$r5lysbwpWeFtbI{qwQzGsY=Ml_xxAeZ6hE~zLg(K2th>Ay!UJBn*Ck%C}
zbf9k}uA_s#ZJW5`9XE4cMSQ?)zFT<;6mBOxHApo|Q`+_>9J7cw2HJbd!u;*odqXC+ns%A=>
z!%bBG@gst)%pXppW#M=0Ntx2=`cqNu8y#5R`u4*z-(5CrN-JfXD#H642d&+n2WorxrSc(h14X@Nd5)^FnVi#tg5ypPRJyZ;;hY
zZ1zai#wWJyIXi0t#Y4jwDe2KC9IJSN-LQJuW(V6Nwl5Whtskj6T{)QR_>$jZ%64jS
z1Wc3>_T1=$?u_nf`Nx!=3-zF3%leqb%uKt+P0eDFV;^01G=Sk$^}}XoJkRqtIK$4W
z!1tD(CXCnn97^>i_MG0OGmg$5eBJ{6-u7@;`^$hZ-evJvxKzas2MsWnGoEOY!a7|u
zBRiEV*|;hSF}Y7{a`^S1b&|~G-U_9=q6kyH?>;W?8ld6hff5B7IU@#dA4XXO(Z6}T;Dv8YU33PR}Q)*_d8
z(nJ}4qt+IO^sK$;e@s6j&9{PF_P5E3R(}sW+iUDD*Yv~aL-Fjs#Z6AURxGe;2=QwM
z*(83z;6*vUWj@4X#U}d7x5(}s=C8#*@5Ko6^
zG4^}FH*sg}UB1}%gkoZ*B$3-A%WU5&1(i>e=M#~b#L*?z@GZKL#2N|j(*a62Oe
z`TGWoiBL25z=f}YiCkwc>)Sn$rp~WuTY|WiAUUO5tSn@!C9-
z2GgZ{eWF|nZ@qBs(wr5|U?r%T$=avYGzNntU9zrQ+RHcRS~8;P==KJ}n}2qOq(Enz
zdB!JWk9wx9Z#N3({nQt@WR5)@ROgmySyZz)W>317E*MzTEgq`YoG}=9q0={MLndF5
z9RsEJfr}+EA@a(Qx-prPT_poHfM~6T3Y?Q;Yv+$
zc#g(w_KQQpH$QWt741PW=@|o9r1Q;i*sj>HwTsn+JT>~Zk8aR5m;B{)(gfw#_M6QUpE$%wZ(krJl5xeBNq=2q6Frw5QtQ*i=PBX9+Q{r
zE>k02AHT0DzOp=J8>zC*?Ic!NmtM7&nWAv<;psEo0$K~Hxo8SQlQNl5vr{wh(>3Cy
z=$Pv3s!Ef;3?f!(HhP
z%KM4X>A!}cH$;|*;D}tdI_p3cqmp377AtEjOUaogJU5tY*2<}kX|`HHa*j^_D9&0g
zYywU`mvdsYQzYQV%8ob&*o$Ft2dVh9xTvdh#P9uvL5|&N35U-#Y*F{`y+7RsI;m)I
zC+lh*t>58l{grF-Q$myjxS!Nvoq3!GaOx?@0c?iBjeeDvl1iBtZBB|Q{L18IJi;Uq
z$QOF_GYtb%oB9L_QW-kFbR;o;jHv-)%;`)FIF5-hpMVH(7%2x-j0HNIqduGHArY+5
zD)eH(NJ<=S#B7!}Sr$_7TZ{7p_9*xoWZ(BA2$BI98Jmz@aZ@*O`dHFbsTYY}FP^Y_
zs4xYS9yA5syf`_Y>8JTD6Oaa`XeZ{{Fbx&-nPd`!^QF+8iW6qpiXIRHi=-v;Ql7f*$E|}|M(W`fGNLJH2;fumuum!ZhIJl8@NBx_7nG-n4*^8s;
zWF4$Omub)Or7(f|3dBXCurDj-Sv4kTxAry;*@Fcz1FRKR_7{9)M6*5Q-))O!$&_H>
z9rm5{d7fMfoE>WcH!01`Uh*m`v+mb+%~{hEj=n|FGsSneCq)PzR+^vM&B!86>rDls
zD>RBLw&0~wO=BqDBR;7MAEEcTfGc$1cZrxme4LH%>9D^Y^6$x6=T01~7GV%hfV19x
zEE8cYKXBaE5N2wZAI|9C0)BGJ9Xn4M)SZ73xiJa9A(`I@R-pgIEBd%gFW+>Jc13Ii
zht4Rh40I%|80{~T>5VFB+BwS?VZ
z_Z9zW@HfVhm8;O4VLpMa<6X^QGTLowWBTL^?mAvUUw^@lqn+qlyAobwJ!Ki|n})5K2n7vUy3|1Q0*oeki5JNgPV$1!wfu>Gbs&lkl-
zrI&q~6PK{~L4)pB_g!B_*-QkP>=X_OrpQP8Y)=y}8y+eLMQo609$rQ83v$#L4@bkObER
zn3S)F3R%&)zTl|)Pvd!+%I`jVpYaO&+XsVxBqmc+75N|BEdFgVS>H6`(f@X_`1izQ
zkT(Aklcgk^9v-)mCKqUn>~jg-=tjflD?VrTx4ZuS7Xm1O#*c&k^dv+7FS;`R|6W%%
zKJ+hL8Tr)z7L~Cf7I*z&wj%MjA^W$J@N-?$f8#>;FCI}$bO&@VBW^!KlQx}wth_z7
z@L2_Q|6%M5ey*vj`h8n
zVw#1B;s@Jf;e1zZXQlLzspK`Q?AHv((R4j}DLhm$!w+C|fiFNJb`{aiC;%ys#&;O@
z4ZHY4qKpXDu?|v;C?$t2QM5)(B4U7}Jxc^Ub*F!S`|n@%J326d9EkU8!8pH`F2NlB
zIG+)0lJgaxp+W!K&`A8d=kvc0&0kMxp{k7y%BR$(d8PH-z42SW#k{709Q%S@nHXtd
zoHakFGEEHVi&Gue9>A2tbZM!p%n+p}ck8#(Zq^2J6xhmQppp4yrqAK}(Akv1RwsyN
zA9&vGlV95rcb$a?9+NGE{g(anCErm!Nl*=i9g-)RPg|=77Az*Y@X{kT$VrQX-ccha
zxN}J`B#hp*&@$hS+u4S?26tX8su2&8SK)Qp9m0c^Ff}S3@B$2MP
zAy>1aWmi6qb>hU^MwfWh^a?5i%k
zQ+@Tvvh2NPv2qG62X5)g)3wHpUlbDXs0=t5}2dA=h*+Um6js$7N9yw<;pA@G}nwC;OuiZV;5?eR8}U_n<>qQ1ZnFDYGifQw+cr|C8|K1#*g
z$t_AU$0gu>sKmke+6Fw55~%^hKjS23WC18ys{`C0zD!N+@rJ-i>YlzDdx|U7_a($b
zOT54{t9g*OK1{Pg9pU>sFq`B(G6*VTpF#g=^gY@MQXK@+u9c`{MULuXZ0*ls@Pcn~
zYZhCn@f%(9wpt{B1@N_%NR|zvgGsK>{x1ni6@?~bgv`%
zq{Usx<^Jr8-n!7zWSWT)BOr@yg)@;`zYx}C_A1w|rgK##VJU50MTmzW0nk0pg
zSD0JsV#;CKP+?GbXklzOL`zIl=YgGK{&EwUIxSi|XRe4SUSmE;g%Br~>`)O$J>_~~
z68?5ll^Z(?KR_jg#bg_Y*eecbjdGtP!*IK1;p5GpSnefR9j&RgWwpb6Nws!eGXcA3
zB0lA0(i%*%o>RfZTcCOm0WHkb7IQVSH3?T#4KgHV)lUobl!PL!)$2_-Hq`tnh&d=v
zO?L8F?gj1VmgG$ZKD!mehwQ#XMXZ;VIX^)w;^WKYSZhz^Usr?h>IFT|!DIYmK5j*G
zvLK+$avZA}TAbZHO`NGntEfD_pjCu~Q&Or`{X~9nju#hf>MD{BDbx~x4`p{;h(CXX
zc{o_?x<)2Dj?5M<78hR=k7G^gR)5TjCE+QT5qAh^y86Yh;jXrDurDnf9P;JGOjOZ8
zVJo|sDcZsszh60_5svAsRFB5YT3sEF$yH!Y2!9_65F5sh2=0|!3Up|ahpdFbYx>44
zZ`19RZQmPVSa>L^%D5#+!
z99QTuWu*qrM?b4KHE%bb;5QGh9wF(QoTUi&K=k8jo)iI5zy#^vN;kyqXaq_O
zC>6h#h=yXz^hadR{i<*>e1AOO&^kR+_lDa8giJXlIeg`pKTm-j3-w!Y4O9IgxDw(m
zwk37TfDM5IiIs1F2UH<~mmIibh7j_SWQWi0&YS*{sVb
zj^|x;WP;Zy*$Kf%M*obh8x=~>C;MBp!H73*?y1TA(3VlCn~}SYODEP<)b;@V^|vot
znR;`d`*GVACF;Ax9>SjHENv*4v0FVLl9{8X9c{uXueKrAdrlw(s9cO@CF2|}?n$%m
za1gBy6m;9cB4T&t&eX6ud_3i>dfB*3z^d*Ww+7Z=Ic7?xn;)@weOZ5R6OauXy?rvu
zEN&B!l{ijNh$U!B$M^><{3Crv&^#9TQ;4VOhr0jxs$q`CQz7
z?_qp3ON2syTuVN6+|j0+%+%cyyIuNpbsEurA0rw-|79OK`)hlBzik+0y&
zMp1>D5x(vg1qJ}YNm0dkfWq|G!1mCr)7^`AG#UG>JJbPa;6v(imD{HpH`kjpW5Ylz
zPkm8#8aLA<_r3>8@vZwS08Wi%dY3wdBXN^OU!IKJ!9$D*nTc^`M9@;
z@jTE&1&D4H-Zs2pfS^9m)CX`Bh@sSIG^N+a7jww*$7^TF_7@T^f^3MQq)2{fj8vuK
zS4w@t*H`G4KQo02Ki_ib6Nzs8ZSnuNWj~*p@|TMLR}`A1YWL}oi|S7g3)9GKIvn++
ztlF@a3g#<>83g-m$UG2Er1fNY(K>dfyjs{H@~n}1Y_6OCi9!eG+;@?aTbB2WJS>iQ
zr?{rPnm%m?{2*$==>TeDJj{4&$gx`WEe23$B=u)(x~KiSfvzDVARZ&MXYDJE1#v#J
z%^SaLE+Bd}x-kc>-%>N+J<1R5f0EOd8pat_GE7%?Xvpv>hG8ap+#iGVN!L113M0Ky
zijT19YBuZX*ekLO1{fDSVu8opbpnudRlk2N66(2v1ZNy&)JD5ecvS6UG%JYuj@@L@
z>3AA5i7_wT$?$GB1y`^|I4q4(6?7eEp!U5NR3u(A3cp%Wo|L1HdFCPXBhwvoK~bW#
zUfjcjUpt@PZc2@DqGqNV&)ZdoN7YfS50k#UV1^C+*1!_ZipL1&x*{+Lr@^;Xy$LtW
zXz-ZI@+CJ{Xecu>qh)~66c=@uY(t4D$_qS3lsiMckF==QKiYo+ADgJ*%fuX+JizFt
zdS%ZECZ?}%x(81H8cQf&lk>2pw|SAMbii~Ss!T((`5K=
z`y#U4@6w0Ba|P*H^T-WNi`Puj)(34@b;=x`Q9_tP&}0S+GJx(*AR$)-zG#?ygPe+A
z(1C5Pw@~&0CO!v|pY~3U!U8+k6{LY(xp3TqRHwyxbtKNoSPR={Jpi
zvm=MRFFH~}*zx+0cudbEW1?r?!eWIeJ5w3EeQCON0t4G!qoxRoJ8R+`JEJ{`knC>6
z!0FpRw+PE;=c|W)!d>>i6}J4_Qu#kJ{=X48>c{{qA-;=GG`h7_CatQKhpFXNh7(2t
zkA+bpLkHn6-4oKB+8@`BDO_Vbt;;A2r4;89pk?XF6i}RWbA>&dA7-RE@ONeFf2lAE
zt+8rl+h~$CKUJG6Nx@NiLg4NONlA0DGrHDrEJ$T=a3AX@i->)`sHadv^{!
zKnjbx2=X-88MVDme8e1i7qqa~vznn7kc`!yR%HntpBh0Ns3p99Uz@mhquN=m3VIuW
ziov2Oe_$aJ#f(}2nFnHk_>;mH#EQrfaue!nyIG`%lxA5C$S#6~3!do3Z^&8_Pnhes
zA;_2a-|GrueiI2
zj=eIuz{m~yqSg_jq8Mkmk7b;n>N*3Fm1~>>h*t9iXmm;2XAFO!RGcv7To@mxZ|5v7
zhvVbFANFoBzR0bUvvyb-LUd99w_X0cHs3`!(@z9!@=VE@654V=={%?$d1%1tH$5w;AGyhH0~@^$Bf>?6oM_nB;Scme^$Uhb$5#)_fTTDT2FbKY
zmxLHg#9H;PUj_x@*sr7^RJq|5L07wc8hVI3n%#a_F2shCElk3J%$1bgudSbqT0Xz@
ztRmCaeGt#9fR@^fSwwYNNB3)5pPAh3Q3}qen0N!`$T7#@YzUGB+MQ4Xc=z%$uM7sd
z3~3pgDyvgpzhv$7(_iQ;93om&VsEmr0$N%+@1T|-+e)9@FP=8xFdH+G%{J+xbKb1|DOPkNK$=7^7{u1qOzwxHz
zHhGd2p@dpgW?ya{&$kF1hy4!oLS
z`8Q|8(m-(H@%w!Xt7m4%$}D?@m0AGr&VXpN!zux`1(gNl>bp>@QTpOO@3r8F|6rX^
zOT!76{#*LhYzv`8qsTDMLToHCJq&8@=`^E`D7*$#5J}cJ<4&4V*4g*Ri4AkZu-LPg
zNHO|?pSQv`HpR~a>JYUU;Mj+0SHkgZiEiUN>D|Q1kYpMIm5SWf6}Km-+$^wB6$)#(
z*!Efb#eJ|uDNZi49w-ufpk~K#c+E}}wXP{w){(~92P4#83b{dOL6aj`ZSzhb9AFp^
zKt|6EInBNXKW80=nAJZPEMhj8ymiFByQ1ZdU&ssTA~HB?H3pV-1Iza2JH7L(+)5ha
zeS-@1$m^3eev=MCOIG>9!91lq>-koX?ukzH)W2Iz#y@pUJ&shB+DJg@C&Em50@NvG
zJlam8Z!vL63Fq{iGNzOX_Xh`6XhnaSequQs>472~+3}gC78TKE{{K7x(tWV=76$+=*
z0#+;STt)nYlVvatMZ^+CC~XGfMp5GYs0&;VRa`E2vu}B4Pcb(jdi7GEFr-ayFkN5P
zYek^Gg_6;(EIoLwyI35KHGj+bQel|X?*f`!uCq&SFJ8XH;>>*7?$tK+O2?lH4!YKb|D$|{eE
zchc&*;I_hRx3*6YNqoP*=AGbWgLbqb+BtG?ANdFt;r82te7_JeH}S5#z=X;rS2gY!
zOr`o7zw2}0Rj=RxZC}Sa(-5E9I8(*p#?Dq!@hvsShibMNWoIm}kd4x`j&suFPCEdM
zmf7-Ex1o(syC>C1$icP{grfJBjz{u^*Li=~22Ho03=XAbobf{;GLigfWUlS3PdHFT4R8w|o~;#A(pyLJ%+wldjwHbAOx4l*e(TabkmyHKNP
zsz_qMP7;!SSp0685w*y;Dd>uccXY04$N&?t8Ce!-doDE;-7U-Eme3F9Lr8>iYnQJu
z=5P+Bm>{%v3<2G801{O>Zx$@@n%J%YHZ-Y(Zzi&%aT65-daW>tdGK$44(zQZHAP@P
z%cJq%X4=0k_WiR&{wD@$mde^^z9I4@w6rh*K#@la4`!VsOhD|Zi9joPlc@Kz{z^fKMK2c;TreUQ;C=2%XZW(qcg%}lMR_>7end4*1oeFTU
zR(P~qGE~Rx+}h#{8!}#I>^U;8l~p@1`QykchBQ+)nhcCpowdrTSYF9?Mn$LZKnh}7
zVsa8-7_7Rzz@@*b9Irlo_ooKz|
z6-{*Agj#woSJqog3z2gu91kbb=`A||u-_8DNM264gf
z-2b@^oyktU^!4*5`~J82^-nPOUq_Pvp(j_J(D;K7(n0QOh?$3~4WnASQg3=Oz=>j_yW$?IMPa{AmL(HmQ&japC&Q%9VrbL
z>4SSJ;GH$L)(v!Q=32)@{5~3WOmc&KV%ByDk^Jc93@y<*vX=32_c7>Ai&UGGJ+G;I
zF+Re_S*B@L^uq8PyIMgeMmNH}LCCt`>sE}(jregLw
zY;(qPW8@{W0i2Z<(W8QAI6y?x?f=KxJ1}Y1X6w3DY1_7KXQgf1wr$(CZQHhOvr?7D
z&i=ahK5Lz`*B9LpC*pm7z>N9K@eJJKx;ZN!GAQcr%I6TD<$HGI;}Wa|BL=s(Aiw++BQWs1O04}z$rtm!mdTo?ku7T
zuA%Hike0)E3PSijb4s-|nbfd$5N
zzE1Qqhth#36Xa6B%A;LaIu-bfg#VbFv<_d1H_<69+1cJ42!~I!WFeo*g03%Cp@E6}
z^S&zJRtSpvf_~^@iRqOXY4For!}6~kKWszA!X)Pzu#$jf9|oD*a~ef;5SJU3Vp!fH
zpFRux?fk14{OuwIchsJFhUN&7MoF%rLzv=&twosE!)sW{pj7R30k|9z$hTB=Ovqb3
zK-?)J(1f~2?aL(YoAKaO(w8XJY|hvdeox7}iMQ6S<``h{gM|hOe4dnbxF>#3sSvmw
zX59~-S2UIZ7#c&<6S~0Fb&p3E5|*uTBC@d429ZW1j2i<6f0DNo-><)JpIp&nhvskK
zAndmw?td=Oe*Fh|&VP*#|1FzV)R6feg?hq=V
zhg`EJor-sEIkSfDe&)S_eclHonJ0-K?cg2%M)R1Z`-0Preb;I1CmD=8FUDW*AAc}=
zfwt+W(4566(?Mv>L4&o&IE}?7)|4imEl;C04%4qy&8(OkKD23(T)in>zSEm5Z97+D
zfMGb!S>7{sxfY1@-w}9&wXVdANm)}5MzvK?cinm#(HdnKG&78~+#qHxD44VWrCHX~KGU57c1qqY`fjgn8m0zM2GTQ}GG>*~uCDq6hub`O994^g{>
zr@E&SpP)*@NLdK_r~0bm*G4w3z__I%{E+VG{9-;{GW=*>3C@_r6Nyq>Ey%4BT5FA6(EDuxEa{kno}>*P1uB%T+znZEP@FX<;hE3Z*0FU-
z>`bm}%vO~CdckFrdTG6qDtR=V;$`Qp;?a~+6teL!C*vcFlkb5HDdI9kBqAHJhNsYI
zk4&PQsml1eLP>P~^ztyb$fA+%X`Nz648w5%_3+`L`!H3EjTptNbZg$sI11fZ_z0iDwq$nUtJkjBTTYuFKk2pm
za3AKubPOrB)qcgOk9aYA`?sdE_4#sm`}6UJ$W6+^ZHXnvSt4h+`S_M_M6ov#kKO6BYt1oE6~_$K2~
z*{NP~@nNYC^bchUjqClC@t4b$sM>qE9VSn988KI_F!-1pfG9{}Fn#}Pz6(_4n0x!3
z+-ZRP-RH&k?|xqYm*MXJF&4>^{}*eh(jYyZA5)UvEca;Pdv4Y
zpDWKiSv|Fa1*m7qYUHwDt$_b#th^|x%-qroy;#ErZeYs*8p#AeH!+4Aa05m_=-1HQ
z4K$Olc)brv5^rXx7Or|9ukXk^Xk(zENad5)rJ=9P3XhMRfD)6dUN&7r5vwmYDY>|o
zdof#U>MUL}-5>^*7$u4uMvgZzCn?C|yxtC-W`H)Fff>mL93YTOXF>p8vGqcsY|YyR
zP{cp265S17z0l7grf2OcmXgW_L)A?qI(Se#P=zZ`Kt*&2r6R}J@-;5>#h1}epEfX@
zIqII>_nJJp^D5-w^ORgHwt#<5o*y&ZIph(*?8jr2F{z6=ECgwN1*E*tJQz47qq#GE
zr?h5x$Qz2#%)OJK*qJKrWbeJoFBE?hEz?YLj?g?xa|!8D;>o7UBMz2zh`gaV`HepU
zgBJ!zO+W5o`;5P@mOB)7r9Y_3YrKh1na&)8hDt(LeLV7fEMg|~{-Z7Gfv506^+8!L
z)KD-KFUW_;`{SFE_SY;T^tFnXC5$
z0um1`2mgu;1qLp%Z;+Z8f)M(-!9fHF1)avmC|64@Z_$M6G4}}kCi^xR0qb0aVR^>y
zbwzu+bBbHKWy0_aNEy?R{vtE8;fZJG<}2;
zJZX`UMo9`D%oJ$GGC?E4CAh0|o~3N*gfz=?b#uI`!6iH9YXE~#6r^0Q+?qTeOYyJ_
z8a8z2QsI(h21#y2)+8W6Og-E5JD@3jC?SlhbdUgp#sF_@C57^};a!NRL19kwkWnT@
zPNF;@PA<4w1^>`|eYV}CUH^=kaU!IF0TW~-Ji|6S&@lmt8G5D=eeNLbPEO<%ggaGv
zvm=odnK9JE(sCh#k1a+!;;9!~J=g&~{wGO#_GxaOK!nu{RL>IF|y{0_5lqWM$wE^*&sz
z459er5|aGb=Pw_GP}&h&g_-H0Fq0U?3|IV#d8*4!ZY<5vPONg|Fd)<{c@2D^MaHuJDSvg`b&z})V;^@p%-oJmwNjIFZz_UU${+B6h93(Y<
z5Jq<;J(IOaJQe6J
zx!-4`iLc-0@bnUy$;6hmL7Z@rfBogjP@EpAp3k7!DlDGtG{g}vfN_N;xi^eqd(%vLSfhhk-k`(|)oXF4&o;uCZ=;)_Gf-=<*DEoY
z@^=9jRvYXN?XJ%QSM5e~HJ%1()O9VRY)|0H3iUhEi5aAyMrUlpb2g9PB|x%Ok(Ea<
zT)XMzo{5O}fCQ9Uphln*njf&JUe7O86!`oxgh$pe?{D}f$){}#(hG3TDXsl$gfh;q
z?5a*<@XOh~cGKLyVl(1r{fM%fd%nj;s#3QCR1
z?J~h*bLhk=wze=YdJYw5(on3bT@oz)hbTh9ZUVo;AZDOm5g)&XdSbQ8}apBfDIBwv1nhRFeU(4=rc!y~_f4C68
zAS%5Byhp2fw$qRGDtQ{~v_=5j{s_6i8L-35zqj5ZWOH|`bbr0Z8wH$ee24Mm!jbZV
zy;%a#>?Z&^p%7tRCfgK&XBY9XceOX>8cnJ_dYwwjj0s2)dBbQCHPtj#G#)5>VC~{Z^U#@SVjI
zP%>}eg_Ny~4B1y18mZ7wJ^+nGSgF<=<&1mvL`i#tfqnddzXI)Z3L9}s23pahJ|4C|
z*iN!Naz0<5R#eUB=dn^!S5#Xutw-Cf%xY9ynY&MnnXcTi)(>5L
zcY*E83D5$TRaQ6c$r~E$%rL4$=?2=o>mGdxphDEQIR|d`i$8;^*V+}9Jl~)O_R7yt
zGLtJfL6#V59ABPW8OMfDX=3lPy^~9HH;k29PSTg0w;VU$u?IHotAYvl=>|+`ODx|W
zts2PpiS@mQ?5SLm@hgdJ#@PH*1NornGaKI%!-7TV_1MFz8E8oJ*~I5wmy^#F(G-n*
z_Qt$Kc&;NO*@W3AC!p%IsRcX7;fPB!t6J2dM3Sz#w(*JCqF0Ep2G9oLa0)^bpa_Oi
z9yrRl^Dj&IZcA*{`2lJW6E|*Tj57B^0@xk5qv2$x(yb_Ogt3@o_E0Qe~C4b)`8Fr4GkOn>(A=UN@L_i^sW`A{7Z46qJ&*Zt0
zc-tq@q@f3n;jNE`}x&JI|?pQh&N^{Q&&a}=1)n{((mtS!?6nKqp
zi_(;`nP$#-)zUf4jAT$|e^&1yoC_e^M+AA9C_YMei{bQ=gdqp+(aO=&>MxlEpIlLM
z7cUi3VH4CMvU&Au3H=1^6v;;na8}{wj1~I;C;tP=zk{Ftik&CI89Tv=MrC8*>RK3}
zB9EPUs++mZ;c9?cw&RPZ#v#faM#tUD)@B?&g8NJU!}FXrHQzIjp{sMLFUhL&V>H6p
zbJhP8n1FniBV&D-^K2{hgH0Z4Cc3O+=OB?IIXZHwSbvVw6M4BL_~!7!rn}3HcGBDR
zPR1N`t-d|#eJ1tm)=Zmtlv5lb&@{<)Td{p2M40{tJwGV|PV6J_h1=ZZb4T(3GgSn@
zA@N-MGWTKj97q55YT?BrIZ6=a0VfJK8RZbsTLBxm++)yTR&kT5~#d0|lk
zhGCap>i$6`eY~T6MQ2*{Li*9AAkhM#`9(3r^>!&6YX@>^b<*n~R2pC`=$+X`mrS(FYiwx$$!+G0^YIsPN(e&Ku3RHIPU53`xh{i6ka9NW?mc
z^ooQLh#`$8$O^&lHJ{&+4}=J_86g(zMrO9B?_niHYkKpjGYx4>q%qt4<{gP`P%87<
z8rdz3B7lKCfYn>3+1ta$k0y-8_#%93Xf;OFO@In*Pk^D{?0yMRt^?sram423U+I%+
zfLTEvIF82rFvDzUFvcf@+rUY@&^_@Y7_qJihT-Zr#zCI_eZ=3#7c$tFDMy0vO5a4fIMxbb#u@=f9~aLu2-Q|}TLbNf8=JbnE
zp{~B|`A3LAg4HzjY+-Q9O?|kVX9UA&HdL1^z5SvrH*9Z>#~)ev=csry!r4P2&w5+A
zfeP0sYR{3gRddepk$2Tyaxuo*0`)!5oi(0qso^Ij&4Y@<&o!r(Pgvmf&C9sBw{tyS
z@4|hl_f#6yjJxwli?uWVqI=$P}K^-
zOSI%PaN>BxyxXw4!_hX`;YKnf#)A=RaWx%|lkLrV1#xrgUom~);Q;dvYojVq^!hKH@@@xKcG7TF1GMjSA1K%_jd$1cG{1+_vSkY>Kmwe
zO&z$-M$30FybPZ6S2Pn&09tAh?q`kTQkB6}E
zhJq}NBIVu0rjYsz!=EO*(LSmi3-GN$A9c}>(dDEoq$ouFUn-VEAU3-bW5B;#0zlgd
zeF89ED7hkTM0kQsjIiJ2FHEJX^19et!(|PTb996vx0T^_2I6GQWw~h-BeN$Vak-f#
z^~&i%X`L~jvx#83X+Cn`?zUbrQc=5@BNeKF4ZYM>W
zgLf;2m%wC~RSU+JL+@TXU|~8yzlRdA+)1K}>I0|CekK-|<1F$u0S_izq_dgoL#${D
z1e3&A7~9gpd`NK63L280g0c)Su?hw(Y*IR?p0M0$TC^e!`|HJVodb`I6W7kg&0h0P
z)FgkzKKO!HTf<~!+robN_V{yWYEq=9wXM8fLcEIf^8J+5EN(?F8lkcJjujJ=!S7s2
zqLTSflq;mF1Ve|b!I^DQYo#&$?sIylPtL(Wz(l6r%Gl
z)$JqFZDVKQ@}D-nl++?+`N3-B!e6+#K~4tEpBE9bhs2}u%%0{}sK?L%f94uSCs}=5
zpm#WXqAd~waAkS6C5M)865?ne_D&>BIjCz6sub@zEnJ@v!}o{H)HtrKZkxvjRaG8f
zU3;XgZy(8OPNh_0s`rl_nB|mecZpwlBIJctMm>MvziwR`HdGwXDz_`&<|Rn+emUB=
zfNJK)2(cV$tPU|Rykl0!gf1?K)I%}$)P-)rry=axcEiX}pyc*f_J1UwkNQ!rO354u
zul#mZi1&77Aimg2Ag}Q@WH?&zAW;bSc4RnOiIFOH%<;}t7UJcr(BT!c2=ES9R>I9~
zl9QP&KMQEQo}Za-*TBth67w;?i*el%WB-KwhgM>Uv$+TJ8-nBv^LJ_czpZ%wN7`;<
zV`-%KFKh2C#SP~TL8Pq%2_j1IEsn0(!bWq2U)_!287QV%0Cwli!J2q>fMTuW_2*=x
z^0kM*c!|CIS~?%{5|@qTl*wtiZse$@MG2VmV5K{gxeC%6p4Loe&_Dh>)y({q+_eCi
zvdu`hLNBhe!f>y+R+F;Yvf>=}5_t05Sah5rH)o}cFj{Gn+Jf(W1(u?nLPcF>l^Q^W
zGZD4EaNaP~HA>$}&(JB_qM4wzl^A#dHIV+O#y8NN}^SG_r6|WnS$}qBK5?xq}ktkYX>8s1w=;t>lFvHsw
z4WL@Y{u#qbjDM;+$w+c9I1r&UE8$$7ovRMkHQx*ze0%BO;>k+^oTg>ps@1Ba+VXUx
zSYFW|+T4Bu)lNYe0r1_`+U|VmlA)>nXi5D&;TNh=lD5={?Ztz8)y%>HPvb`wOHJ=$
z2JtjI7E{`h`BG3eCg(~G`5PH972W7g6V*;7(Eh15OzF~Wh)gZno&goTD3-=cbJfP-
z#^KLJ5nKui?akS)sI**9`vM9AV*cDC@&TA`lFdiX&BvLsZaV38%Gm-B)PjW{`wy`*
z54`;~0(8axcCo_d@N}MHHmqdnbE=cydHWNnJ|~<5Eu6;#lmO*StoE5cn?rs;oF=FV
zr)z*QcB$5(59pU&IlmyYIAI9~LwmrYf#&*9uYn}jdIY7g9U@WmM8~hh-;+_?zKUS?
zDBgX{afA;w21b(>y$jvhN1NBSa|34WHn9zjwxG3wUNbm|68ZTYuVccuD=`JLEWfd+oiE)_Zk-!G8c`(qO@mpAv
z|F_!af1CaH*Xwn%GP2imG&20xn^m&<-q%F(wtlTYyCMimo|ljF1~H!Ioa9y`auUhW;<4;WVPc^Wb?Z)s{!>@sK~e4OSY~c
zw(Vj5f|PZ{_8K_u;H{qEJ;*)i5m4!QE~#U@0vIG1ZCGb_S#b-J;^lZbxe^o27_D;;
zI6K|sv|(NdQRD_CB&-0+q%)L33DQB*jj#LwYehi}tH89bgED|Yp!!}h4lL{3c8eXc
z0BwPR6iv8&iq1A3Uraut+cY+)K$%pgRTL4X#keL>5yoiy+ZmS4JKDuDdczRFlv`sc)MV(`W-xc>uG%HVqE0!iBc}0P)IoZC7wQ2Ja)0zkMAR2MN9L7}MMQ&n9J$t6!
zfMi5;A6yHpryF0ti`D)osXc`}V;#b`=c4B6ST7|>1-EW&6hDwBN(SXcBQi1MBI(@3
zWvNPofP%mpGY<`>W>f*rGq0n;tNm2h(BDjgvK@jO?`<;BnMMAO3tvA9BF-gt1RnB~
zi;+{Zt>>$^GsfPbvtJ;?a^fbr1oqE4Xe-8Oy)`cF
z)eQFq1)^u~k#;7}MgNrOC-Z|S*p%}?^>FPi+AyIi=y2Z_8Y5r%>+|u?V~I2!yN;-t
z{7qkCDuqtrtVjpU>1bPM^Sy}Ba>a>Zk2sp->+V}-Ie
z;bhx4G!Ug^c-yZ(EY=LoR^(mx`bc%&Icc7<(+a7hs)2Ma)w38K9@lodGrcB$`+VF{
z`ZA*-sv@!m=YJc%D9rV>nv=}0%Qo(ep5D&2rZ>wolo$V5K5fqC<{qIoJ2xMP#D}8}
ztFW-Kxw!u1LvQIUMM_PXm2}@B1T7^0(~4xep;qn)N|GGgUIcAAZ;7g!d&c-fLjol7
zELn1$4HB`u=&`IUa+74iP64wSs==^O3=zC6J&_I}JsSy*zFwuBX2U#|Zi~Pq#f(;O
z`h3=L%3W4hqSi6WT@|*8m-r2AkZvR64TvIO%FBCl005V(6gf2~5k+jx8be^3+%NA7
zk6>A|+RB@%UmusER#10gYuFD};-j>`axJi-ajrxP8*l
zIJ9%tfr}=DdTO={44i82VK1^Ma@9B72u)m^IiVf{-fyTcD}l^|I$^(Y3p{LzClDTa
zb<2V**(yzcwU`{R(3OAA5!J4V-!rW>iM}YF&QM*)h}?`kL^OV$7TMreop4A|JT3B)
zX;EP=8==b|4DU(<4`to1UsCGo+(Cx7Kn9hgAeM)=t3-4gVN&trwJffvaZAC@$%}g<
zSd&K)c|hidE>NQe)mCOK7Udn~w{Yy)M39zX$?(%b7DR1ZtK+QAQRgCSm)e%7Hwo|l
z_}*Opj~HA~6eK>$sTo7&Mr%TKm+LC^fn{L=b0aB&!ymUjEHuj2@9b(#5dm!~xykxo
z8(C51i{{#s`oTU>F^u14ghD{L8EfDxDKvP$(T2A|NYPSWhY*xIR86Rm-NHf9U&t>_
z4gmowCK@&)O1#(x_4>0f+Zsx$DOVDjS!VX>EDGekIP!~QESVAJW7t+oIEXw=cSAyO
zLt=ADELolJ&W{-aji}106={n&3|V)Boc}CEnp!?3=6_`V63CwAHXox|P!uV-bEiKH
zn8x;qR=~XU$4As;$$)i!qmL}8WZsfoqE~1TohaY!vu2s+4^|Ud#YwoL|0wm#x!42u
zi|U&P^r#GtmC&-Mzlq|0wi^^e#$1hhNB4xh-+{A?toDAc2PP{esN=9
zJZ^jv{G)b;d=%{|&ElS3*@BixxD@#}=iJu3HRT5Rz=s-cH~WM3r23|Hh8?+JtEPr+mC+R@Ax~gn0Mp~j-L`~n3RmAo6%2r@B>PEiv&USgpQj~1
zju-AhU)v+a_W`Ga>{V6Uh>@yi_OiE=HA*>ShVqg#N-;%t9fMMdm|6pa?UzNo-b=e_Ou5;ya$e_R;)~2^mcO?n=svw=uB&WP(D#0>pHj@|?Q`KYeqcb7sGB
zAcXPeh%kr-@(3Zqa&b=I#73YO=R{Pk%juS`FU8WnjA}HzMYsw%p}emkRLdOShaM@%
zJ=+mbE;98(v}t?H!gpHzA{}Uvwfm`*WRQ2mtmrn}&nmZf-bkfS3+Zat=&{0Xb}_Oj
z9I}3D`l_A1ekhxPWu8#*=grOBWYBpA)S!BScTl8S9&6q|!I%9m<%^z&oFC?J>;yuE
zCCQTk_LF=)B9`-hGiT2e-u}ReRokr9cC5*oYZ4-eociuo@<5*69Z#kt2ZzQBaO>xS
zfL}x@jH1?%JW+B>h=i>wwO@c?y*uKZKudFT>={*{gJW_((C^<$|_#7rS$3HEO
z&j$Ap-MYQ`g&uu~*9)ZF>S@jYhy6D@bnub^v3%{}61}F9=X2d;~wEx`N&x
zCp&kh0&&x;7o^pMy4bz-$B;eLS1d&t&!
zwz3b7UiSFe10jJ?zW*F|tlKNHQATYhcRMkE*oF<$4Ug|)z6RW9{YP>JnI<}-^j)O|
z{q5TEf6}1*e<2xm#J`aY!##f?8Pp9bildYYnx}Bb%TY>uTcdG2pt{Ams?9+cMNiJ7V~~x?aW#4C^QeuJE`#
zvK3H}{$Vz=UA-PS1?wWEji}S!e~>RI3e|9lpdB5H7keqVcAJ^YA9{TEMuI>GWhyFe
z)=9037i@w6Xi;{Tv)V5slmb`H5o9mQmL(sYGfk-}ymO3ne
zNH0kQ*GHx2r6|U63|=#0htKp}=f{*i+QY)chR60bwvlVdFQUm_D@qpq<6M;`R;fM1
zz?2(HiYkvmxo-A1bI}_*zV@;8>c#k1;d-K0wbDm$Z~cQn!VD(?VLjg=MU`c|gCxug
z$uF`|CGqJ(XGpJ9-rR0B5_)E^8Ul>q6UYN@?X6ib6A{*9s={Hr+TL|}hN=bKx|MOUHt5O<*`opnvPGccb+x%<~a(Ky;s
z9{w)r|DMS3Z^Ki+;;Y`F|CmL{o~umnD#pGXZik+
z&if;FYa=bm2`4Lvfwb!l;re24IgS-aFaWX$q{^~TJyTOX11G)_5xZu>7^FuIKYBc6
zJ6yLtoyYX}Y=hGMOwb#yT!9*4p&nVKZ)-W)U^Zyjww>}Ic>)|^X#FjX0a=u>LcMa=
z+JNEOtdZ1<7FjKSqMSmi!s0^37#nNIwnM%1Q!acj71!GYO>=WE$8KQHdMWf863R=7
zlB~nKS8GAPHLrO{urp|LpAlJX)#P)Cf-_p_XgX8HYLSYS%u7$b!%xeF_<=ss@jTsT
zv(3N_A)D}ziscH7F?ziDb+iA$=;-Olj{!4I|H);6G_{SX<|KRejA8Kc=_Hb87h+ujGQ)vc6j*r+I0D<(<@NZ+MU_^6HX;;x71+H?#
zjkF0zLKX`c$i9p+0)U@si&F|y
zRovP?0{_`(c{=8b*@<9_fY|PLihE#zu0KluL!F)?q4lWbx&Y>k>EFB0oDPGrB%7zj
zI!}`y-HM=$mN>)BSu38$zushE&dzYky_tARqipugZSK*6g3RTnp(G2F
zliu|LZn4!^RMm?G<~y?v;5>X?{3>PimZ^fw*nik7=^9-|_6&>x-XJx!BNE|p>@O*j
zkfj6<$__k5>^e3|Cru~g*n7AzcZHQS?-5w`7TDJ)Y#I^eS`Uz46Ywbt>g&rR$zDl!
zEeo@IT^_8UHtpem2QT%6V)i5Y06akAXk&86t;g9r`xNWV?jhj
zH9-{>h4sQvhg7+L>nTi*Z!mcM1cW*>c&RJ<$@OxVp`k;(<|6aC_-I>|-$M6Ah|tt>X#{Gvq?DuR!#4N97{
zn7JDn{y$L4B9%86OcnUgYMkUsOG~vn1ci}7@ZvaXcKiKB{N@8V-uP5?=g=)6&R-32
z-;6o)BXbootXydPUlRqhcjW>ZsZ6>!KQrgY^JvV*3xe*7J11~^_iWkTM`aSzwvwoM
z`|TpW?aH5~JsDlTSrrqw&;a4aHpK)Iq?PM
zmBa-B!YoC^8$ioM$OS43&}tD0qEw1R2KbFjPhET=;9e5|>NVvQVrp9{QpfY*#t)fc
zln25T1#YqwwcceWS#5K2#20-Se({fq$qXDonR%~-2+R4Cpx{RU8S*HGR>O{sEJaHw
z*u_oD5fJmqBO}Pv_;BFVyxt%6#1qyTflj4{jC?=8=0ja;`FbUa+ZEMTfR}^9?Iwi)
zToJEt@*tJ~jwD#POW|)~y?Z9j%AlxS0v=fNmP1$#7}FRSmdgWMZt?>;{C34h=m#81
zV0kQ&X9X%Guo8?!rAd+kvu@(PNDo}P@H23jz!K#}D>eME^OiXEI;ipeg>m~=N%{b5
zU}2cRFEzdT2BC*)3C{XpHn6n|kUIGPjBpTN4r=i*6$tfWb1a($y;)hBw){#;gArgi
z5QH65(;_Eu&48szl&~!*Obq0#ymXlWK{djEV<#*Uc8h|!bG|fKloodo=M=h?S|l+o
zQD*HjFm{1_1|uv!ZO>FBx-`*mJowRIN3Q(=@5hPKi78n$q7>xvXi{&MrvC-w7Y^<|
zq#rie7jV{CZG*jbE|df7!WdVMazmvh{YO-|AespePq@>SRLQpV$vF_~VGl02bm=r)
zP8NAp_R>UeZIR8t!16^)v9q8!1i)zmwn=^}au>~_+e2;+MgCQr(LyU(X2h!%wZ3<~
z@F;=Ukl1+iGMTtMpE!!X;p#zLmTsJaNFD(eQ
zUFCruI%sC_
z*ZBT|XDUk1==_?^lmsO&F+i$F3WN`U?$JHBNPF}d(~?B0HrF_Trpo&*r*!1hd70>FO{OA&?=Z$_kL`hhNvFT%
zZ;~%^{_LZR5AH*&XA<*Jr9AF?Bqj`9Xiv%=-56da-*`1U;jjW@O?GKCGEQ$<=LxE$
z)(ll$fj;A>oW_)5qovVQ7g{Q3*K$xHFGRS8$^1c-ZbX?O0&{($I6;%~&!o>jz^NWJ
zYq+XnyeeUs+xE-%es_RTnJ_mQK+uHs79zIg$Y4msSrBkTm{=ROsS|?
zxnbbY^x}k-*K4?sGG|m7K_&WJu;leAXm`#Ku%E#j9X;iUfy%7~;l2=>H)Ef82UeKW
zGrNVee$;gZP20b61Avuq!?NjbU<}i}$1Xb1a03e9R%tV8V1T1>s)1vZC3Na`6Ongr
zRZ7Bk23txvXIlA6;0X^&YY(^qK0}Yy7Ie(zJeBV>yomBHsBiHUODMe%r*>%u#v9ND
zwBY23p`kxi{SXTn#|1<4Y?t*zTrL;_!w$u;2D&XkdNS69;SlQ@2WHTC4mVy#Tc
zQ~$NehiP(edvBCVdJ+(PP|gBSX?98S*TBN62Ag|+EwyHI&eyS(_X+*6_+j3wNOA2F
z4|@$~1j`6HfL|qYFuKQ9hUtmTQenGELC-CNIP2?x!m0+8oK*!zrUFVe4ZAgM76sMq
z_@Mr2d{SP)7vefUc;`+qMZ8g%+NO<7D!ko|Y(3y3+R%W&3Z$Qd7wgR&n$de+boz)K
z#f6Nr{z0!m8{`KdR;g}?RJbp=_P@EI`b(s%`53Z@Bq|qI{yjR56bjOk3FYeEM2rGekY_pO?74{))-t3
zaPOq;O^FTiF{UP~=*4;L6z`(6Y^y{ZpS8pxp%dner-uo>?jUvSlIileoJYBpTl*Do
zg_T=}m9>}A*fqOPAxg{Kay_1E@V5#w&YsBwmlf2uN67Y19G}{#rL~7D
z2!)Jpu$Fra4QPdX)+ib61~-ZOq278iq;smjwGFoPLyjX^=8tcJdSg3Tp>b$Jw5+
z%`50b^+P|ViTi+1)?6VWOcg7~fzBMHkKeO*2j=Jx4zq+ctnJ@kIVWD*15YEoyuSg^
z2EBsuhp31grR4q$1{0tWuzUR=4&lRdj5#Sms3%-
zxAQjD`_5A?f4oDboFA1VFf(MIF${L
z9AU>yb~pa&=l1bUm~&#Ly%^K)R+NS2^wN=IwVGlAFf~5q$XswVvy!3)v5jZQnT49l
z*1wU6+aQp}C&~q`f-+%7Ww7KR4`wFRBs?%@3v~`pW@S|(9Dz%ThKRwUZ|giD;FudS
zYe(k~v4HQrfa1#+KdU#QZlJbCE&Y%as;5%A;6IiGL$pm
z_EWEuPqFz-T}X3x7)8_YluJ5V0Y}U?6ik4xyvE40HTlp}d&;d!+q+3SrW--yhg~oU
zMetk7UcDl3S4wTDgeVwVZ*C|F7=Y(DK1Ke^oV?jw#l>h)B4neq4O-sNNPSSlRil@z
znvO}Fa=|*U#y;QfC$uM;Ku8CCZ{k6webx@VEwmW?PoNAkDj`N6NzfFn6DASwl)Xv6
z0Z*|No78l@ilOu+w-}Hh%wV$+m8Dv~YQ9cdyn&HiwT8!z2V8>&Dt(yyOb0*Z
z=5P~?=1O$s)^?-ucFn{x3L(l+*ewDjxeO~tp^`CuIq%(MDq?-`me%8q#(?s?RCbI%
zbsQq`EzO2D$!vZUsHU}M6PcaNjB#qE5rHn!T
z=DPkYBJl#xYCs-UQi57?!_Xx(+*d#OFu(r>eQ-y||3Itsc
z-|4iEn!}}6SaR6=iaB#%qfMr4$-zyzoud+iu^*$4$J&n<=~lBp{KR%C@QaBfHsWgE
zSXjk^bdqc0B{x`-y20V@%%gmmopm?F)~4aR)1ox++5lXv-E-3HkCmy8rz;-*>Q*rvHU%@odb=t^_OK2
zO|ut(?e}J?2>9RipZ}8vo|v_xk%`g&R?sME{R3aJ#fmS91_BvG0B62X?iim7Sg53t
zD?VS!$75b*+FPS%j~*=jT>t=yaS5`^ZSYO!>B*7VnT3&T@4#TZa(mkYaPH{4;xIj(EDx^67;nr$!
z8d-dgT^pQtFlL#sJwun+Zf+~vfK+PG-jB}cFu4i0NWuo^h8mc$wXj~YpOp0S&{$la
znB_KMPxc7FuOwMUe%J#>hnS|*to0msU6Y`*X1`4)s2(Xm%Qfwi-;<8ht8XIG2^8m0
zb5ZWY3l5xQ5B_u}CF&f7BQC3~S{d!(Yf2i?Ao7=s97E%a+>_iW4!nm#7^*oXzH=A-
zaKS+G`DuqvyGJ0_X5^#PH=!@rM+tQzO)=77!XNy-mF==LjX_epA8no9iN@r9z?9YP
zPC*SW7K~Hh|20lm;7o&4SfPth^WA=S0!GMZ;7`?0J!i`~W>42^oqu6x(7b-_mT2v-
zb$vx#5N4$ucNG{`>O^-Xd^DYIUmP?R?qk+O%{X)u+?ssm&PjK}iMR8Us;nA*jQn3M5aIR11X~ibKPh!td@0xNA(vq21p`WL|^n~0=`_M2-
z8JgP>vibSzCUY`g^+{&D9nKIAl91st8sJ#ph;L_lYU%i
zy<>SVFhZ@YBdMJ(^@5nTf{zxqqVh;ZqdGr^6WfnP92^+r=%W1SE;B__uCG|s6)-0r
zkkj3Y^rA@8MKzlb1*@&*yj{vlidO`=Pt%I7@RPRqTD|$WDUv3WTAaVeUMBuk#zCOi
znvBeUg08ko7r0{o@Dl9%>pi<$NXpn=w2f=-I8_Os6UZuA(S8U;6rprE+u*ti?>alg
zjZNqwd;rWJ+ktbpg=({fDzXjzY%sw@lV+jY?j?R*?5zlq^$B`LR1EW_h@$%dOaU*a
z9=R6Cet02?p_B4F^Iv7_*MOeH-oFCH`B?z(MvBKKvxo1FD~h9!kN)-v_M5r(8BT(i
zHE-glW1=s>`U#)HRqe|U7OY-F+~xnp+FyUwz5LsraDvOi-QC?Cg1fs1XW{NH3)djQ
z-95MmcZWc54esvE-uHf=drm*ydz?K+|G*!>_|&R;*Q`0`D~MztY#gQx4m!!i6n@08
z)+Jn5(fPSH0vEyO2(6Tn$ZaU>Gm%l2sgH0s1P=zvcPPPYNLw$69;zFkSSGMp938Y+
z`H=nI>mAa~%Q)<)2&A3E5BbPkuYC2{?W`U7`EbOrF8Ir-?1AtL1Tf;E4jsprDB(gl
zQm2`Io9d7!$P*b|L`Yb89Jw<}B!3=I5xABM^8eejXR&h~1^uzpO#GuU@qdhD|4@Jx
zTy6fhha*dQOriIqtg^XE32qyFZ;S2h6H#)1%m=vZ2Qdo;im0*Hf)f@+5rwVtWlb~^
zDu-VHky$2YA8wYZxf9#|_;}j$?du)vCU!dj8pNi=Ft?eq%;nO&p9X$Ai1T}JXATw8P&*PVy?zJb@d7^>{!M(*4lAo@6BpeyysOD#@roap=~r5JQ0!3;CJe+}Tn%Qacuy3*
z3d|4T8wr3C?R%P9`;7d1z*!``K#4#YLew3;yjOp4o8#7U&Q`A>@w&TtF7`B9Alt}p
z=e^*)=h@KnilNX6*g>BFXiTRrejG17Td^8gp4=EC;?%0e+W4Gq#pfwdwruY2WPEie
zSC*>_;@sB)rJ?=APUHxUotU_pVyrn#CnFx7*0t_>6}tr>G(AsF^EMW*tA6ub7^e{M
zj?AMe;lr78Q&XM8u^S2V>F6k1nvW1ey?fl(O7k(8Dtlz1lN2mwdrT{?;ggs_pYC@k
zPG9r@nu#|iv0AU_C&0b)LID0{8-pU1Wfq1I?zz$r@5|OtL8sLN1coS6?x={D!pC5(Y6H5gzV*V9c#=hCV$(
ztn?DClN;GQCJ9t}8RKRmjnt%0R=rW6(Ax}~Xc?Y%%*1cz{{aKb0zznQYP$TKq3O&c
zaNO*Dx%*mei&xGDC&kRJBHWP!NZnngc_^f~A*I>oxRJIDp(YKG1q3(NeE)MW`8Ek)
zUFClyRO>0?&RZ1M8^r7Sh>^CIeKV2WK?OM^AwqCzP8f7bOh6_x&RsnTZ0t#(*SJ5gV`2<4Eul1oZ1O87Yh=n*mb~Rg
z%QLT#^BU^16zVAiy_Hl>M2#af#Us4t+DE>MPCC7|4
zOqURCI=N{jkS?Bh1E%J8(~Vbz7Fp%4P~{GgA7=F&9Z-Q{8{iNM7|&+lFZeTzbbUy&
zA-$r!Gu;hx`ZOuw0?}~#6FV$zN~^?=aQ>cM3F!&dIq0`A1^**V&$O3|*qy<|bknaf
z7SADi*KKLe8WiaKV3Y)xZ_zv*FKO7x{sefd#xsFK`ux-x^7je>gRwyepL1xQcG2Wy
z#iDU~PZ}xGOf`SsIHiK)K$X2S&~Xo$RX&htNo1o#KGG
z>$WztkCVvxA7@_n4{!PZh$Z%M68%?#W3sZmBG?C396Bm0JSRN6^Ay#jC!^;(_TCo}
za+JOvT^a;>ZMOusm^V6sG>;4Dhl1#uFZ?D*SvM0de>(4;_pjl<5DbN|B`b*I(-1^O
zBwpu56dT8zM|i2vE@{C76G1JuYwpl!Rh3AjnKiEaZSISf6to1R!j-cTH
z%EUH$64ItMFptD1sapkFL1FSDzl$gRf1|sjhh)7Y%#x!I%|_eL<{2zC^T-RCv2uo3
zO{Wc8&={vh_sb9o@&;yv-D34TIi_WqHCgQIC}bGrC~0d+mRY*%GRaKYBvA^|LfHS7
zJ*=_nK-={&K>Tw~%X|fXVX!wRNY-j~3SQ*iBEBTzDSlpgpm#c^~6y5yW=G}Pj^iKJ4s$l-(sUrBVzk{@?nVk#J9QdD0NRh^?Kbkv%zu~pRh~v*j
zG8^qOS?E}H>5LS+HL1_GZIeYcg3P4@y~X&490Dl@ZM&misdF)_@~I<{l4wi-1&GOq
zDf6yBCc^SwHksZ|#!~%5yS0UK+O0=K#wxx(%bcA(zw&o&oS*MI9e1Cvf0~Ze1Uj2%$J&ffBIg%Ck_L)
zU2%1`%r|Y`9_0WVe^W#ZcJzc;Avy1%!NGdjX>P#9ng#aDl%35CU2Z|j8VsrzgVQZ@
zvbgKHDx+7(i%*X>V}aGGi7qECoj5AH0BAcq?+k+J4v1MOq9_?0Y`NwD>)>+{<#LC0
z2+aVQRSxjNvi^ei5Nj3%IcaRi+lA1!Nr(89QrNpXsjx{v_V>EqZMY02W;Lr0f-n69
zf`KJjNr~}O|CB6itGCJ{-VAgw!?#WVgSe~>2~%SF>bp=J4)vMz5vddn;t6z-WfuQV
z1|$6dflHH|Rx<_%Gg-<^;W2VF{O
zyX+j3!(2`(tWiylsk_pbDg$hd`X|eBV=yLf^ZPOG5ca5KP?A=y2G9kC*IGnk5>O^#
z$$Z;@wA0TR$Mqx8VDh;5F1p(6aLb6QG&>4OA?=%LC60X7!HF$y@k~QYGHxYy3tH5P
z+GF^zGAbQ+vWSXIk(L}236l|OVeRURf74
z4i7u*2QGd1=C;ERiMFmm>5WSp1r~$yX(2YsFJ^bkBL;>=ur)Y`tJLZpzRBQmR1#*l
zdKN3?{1M@Kt5NBB-MuPrZ6P>>4G2-+$>Y*=GzDu2pSepnk{m!AniY5y>I)GMoE3ha
ztEUBT1h5vD`n}83vFRGVtX)G)kvKj%AzGJk2K*sH#FbPFKEegb7^c#4uP{O>7ovLc
zm!v=Fr=!4r#a4vA=^50|qSGr#{}k#`!in$+%n6jwwC@fh*5m&+ClPl&9<)#
zKjSqTx7KQV2qW?+`O^7CLKZ|}@|M{GG3XT(&_7nFdA#--es%xxaO13##Xotz>8im0{w=Fd#*6nl5
z?oP2VgVxTv>;~)03+Ko4%j}%O$MZ|muw*=q34g?e-4Ls=sJFl>Q{3~KoKW=ooq<2o5|_)89wvy2$+ZR1iu&#b
zBsW$+z+o862NdbvBa$wGRPNnEH01neh&2_Wfbbc-)QdRFFE%v;y%C6pJ5VlJ{uo1t
z%T>@mqa$b~3#LCcqg1KP9XU2T0|EzeC^CKLCg+87aH)0YH}t*B^O;8yUm)^bz_7RKftO#{{U=&_p2j3X
zD9pw+)(o;r|Bk-!eS<~M@BCj1S$MRJFMOlFB84__7{2`ylz?GeUzPNbZ1_EFEI
z*f2c&5bI?;R$KWz+M+cN-x}d9cPRd}g;dC_9V?Me2v6a!lLv42c9TwAFA1RDBso?^
z8)9L-P40Cs==H9^Dym)nSk!Zk07JqIt3W{16lAOkd9;o--{>R4k7Aey!0+TyXVq$Z
z=q)a>%k2NUdbmjMd;eqhz_g{v`HuQN>ChCX!u=+nT69{mKBk42muOGRkXpIaKQTdY
zD|2l2aGY#wf01rYrQ0Uy&f&qhGa?19?b4F`E8rRK7xe1r9omHUP1T$@6n3Z!h6Ny!@_}v^iOgk&%Zg+OA#b6FN}bM=HI<11@5!2
zA8+42Zz6j`Nb+O1X7Bbohh@q?<>9w>em%OTniScCO%3&%=(PF}{ZPvbC})Y3kb`!_
zVz9C@mTM;2h418^RI<=aN7n{>vVs9WIO&ywzFoP_`lbsaJyq^Uc+n?tp*Cq?K_Nqw
zj5IE*a%87tK;i*;g0|z=*fgQ+D%N~3u!#Ncpv+Q;UZA9
zVN>)3T6OMc_V6R@Lf#1o7T4$SfIWn1u4uRl+NNtVo;
z@&y3VVXy6KkLLw6e`OJ9hAa%PxYG7ypA)u_s<jyGcb!PE^b4VXVsZkFwZke^V-|eRCd&{I08LF<-
zybfj$nnF-6-HU`_!j9dE_c$Gg81OaQs-2@`;2tYVzxi!^3PG+K>fjPY}MrZh<@7+FQ%oFNuPqF~h1-xzw-z+(^yaW~W;hl!ep?jnEQd)2^KzzT}LM
z5PeebE!2M_>iW*N7fFXHkIq~crGNr3f0mF)D3$IF_kBXN;QP+$fWa2h0B2ki!E>7V
z(?sMgdYOu!sHtzWpmg4h<=10bAbs{FbxJVpB0Fy;*{WF{+E*PPuN%f|dy<|KA}H@a
zkG4s#0yZ%|@Tpg!HN!q2zlXV@7$h5v4=C}l=qYG}Ym924!
z?fy_VapR``H2@LWWWA#1#Gi~7e=R`~w;dQXJccFF6Hhfu;}m%`MK}ij_ZbOA;t}GP
z7pT9aDNGFvHqDRqyZ&*Z`+tvz{f|r7|60TU|KKB4*^lLm{$|I=?HdS5pUVbAYsF`a
zBiw_9Zup%YRT^13yuygLOms9lPnD=22L3HTc3VNdjgy5!P{q}3o5^v1FqH0cb>*{i
zJ27V(PxFSr2G7RpSsIhj#;?zry=EY`;`YK+n>pIUsNy<3>J{0iAYI3C$ztU@nH0OE
zERxsd-Eo(JcFjvW&#{y`@?aKx9riQ4w$r1<(?kn~_f{g);giOzN@e;nOQR(&bH1ij
z6YlSs%Zy#^Cj;|(09FwcDHt{}BKnnV4l^F{bH?DL@sdB-yv-4hha+Ldu2c2;k`i>H
zQNyuDLdGZ%$QI$Srn4+-LF&0@BQIHW9ij~hjse^wP(O(D@ej>mU=eBlWO&Xf7n65w
z1K|`^c~b792>MB4Z&^YhZ_SI;jA1Bw*bX%KLDhdOVz#iMdc_1L9dfln(ce(WJ)1!&
zbMR3q(zmExo)mpFM+i#T?hul#iGaS%>~p@>f=#vb3E+hO#EcH0!PEh)_8
zbl1TwGb^CEt7D`7POE42#LxXr-h6Nkr&?%KbPw@*oSXG&z*ol$EkSd$`x6m|*Yzt7
z#0N&N4b{*$f(58Iayuv*x9^MxQv?L^v&13lBSsm4Q9P@nWYSsd8}9
ze^Oq1DyH#SEA@{ctS*+nIltk%RRO5jETWIjv);;+H^?CfyeC?E_$JD3xA3dR+zUun
z6qj0yRc|*H_dh=*MtR4U7Q=C4c@edxRmI8tb_LRrlwB@RDOxPFbg;hRA(xOi+z$NG
zWXOpBaT}smn%A6m*Vh%@SE#oQ16!JBI0kq5n{t~%@LaGWgS6nIm;R-{hZ2hAE#~=9
zAmp+l5?JF%N+7prEyXdW={71WqNcW6(J4R2QTTd;=K^KmNBW9`QU$WXC^%G{=9*4<
zgUO1YQwJck{s>eMkyzj4zl2=%6JAp_e{DBA!$Q+Z$XhcBW`S`vRAkLd;6z`KU+4eU~&9ex60KAai)F7vu;
z>Y4w1=<#vNzWMXb4riZdQGDESdj8QRhB%|SJOhy-eG*_VmNX-!deCeRJKQk6#jmOq
zC#9pbq8`(C&*v-PvMuvl{Tw)36kWOT+jH@EzS9jpnrf$oU@`E!+}$-x5tuu=~t?rgMD@^^R=A>LtK1AX-v
zdQrJ$CZUe=;fM_6nNSn{aYxV>TL~YJ#2&>wl{TAn0D%fetgqCkH5fSVKtfOfN2=fr
z>%*|W&ZO!jU(qZ3@H;RQ9l4hceUz5FgjC_OPb2fgry&)a^_M+@IhbZalY8CR*@>~l
zd@ac0O>tm~fVLQk1!OK0QE$dgx1iWt#IOz62Fn)h4mXDZ!mLJF2iv`zd-O35)^an8u#}+@NqU8Q
z54!{+dM6Qv=w)K}4i#bk^J#)(bdAFO;(&n4G1$0_#N3@coO$1>O
zo)WMwsFPVRL=E#n0C=}=rFHmU51EVnF`6Ib6AG6LN^f{6h8#UlNEmJ!>Hy{ot#vF&diPQ!d2{qf15)3TjxhtB9`z9+1K!
z+mv1}W|^iXi@{abj**QK4Ng#?V5is=iI|dDRC)%Wo49tax4fvrrNCd~BxyZZ+Ftc{
zlH4n)nqGN$O$27LdpJ*gE=FS74Vvn%bxq-Su0PxpT|Ij>_W|TsrNL4jEz45#x;+a+
zP?~zdrDOG}l5p#y7B?uxi;f|5cHM(T;`!>s^N`ghc(41dR?+Iop^NA{S;$_02#^0U9
zpCVpF)UELO!;W&u*oTh*CHN8)1~c6Aj2s+ze_j9tM*^3&$f#>JgnG(4t?hhef50&E
z6{8b7CavOd_n+3O&}n>b^uH84(p6C|ry$klU?un9*&P%hLOko%=o;kCQuo&$qW=U!W=gIDKW7DL@BV
zK4zEZlQaz5sj}t4x;*c$0gko$`eiF4>x}LyrLQevQ007T03md5ELqY1e
z8sJ*2-w>h;K$&{^8H^tV*EY>ifF{tevEMb^@ZE+?6VmqpOANeFVa=ATlei8WOBa=E
z#jA&_;>~Db<4(U?6D)BZ{57jOEmmWd9v|mrnu|cUS0A)hOyYlXZML`&_uemqox(!e
zCa|Dj344!&dZfcPX!xU_T_Bz%G7P|~-X@5i9YB8kz1&_$r>9z@r2>9LZEgq~4edH4
z@4cH5H4%_y?_$5^=-IQ4VFxdBbYcw&jCLmug#{sI5IrKWi5jxy7Ogz%=tB?8#-p5R
zJNcid3)bLK|9GltmfFWD7UP}5$p`Iu==H!m>PxVQ0=k^ljnla}S~E1``!Y+<`GZj*
zV0fp-=3N?FGO&`Ov``_KV1J;>1^O%q#Z8L3U=1+AQC3rSUN;;UCr8Z9i&fB%m$@K}Hcm}|6yc1#0#LTl46sRS*3oVXXGJ+yDf@?z`8r=5W7_9_#&9?U
z%dZZ=w!v`x?tiH?34nl-4*h9^LMm}w;T(OExwZbpBjG+cbzw=S9-JOUPHK3Ow1xIG
zut+Y-$eR%Ui`m!f(KjFT`w|z^X~soU0-tg5QS*R^L|*jg-^9sy#|+K5k4c;FA5Z*$
z6IK1slK-z)#jO9J0VnAcf>l5c-KL&)F%4Q%?$w~O%zD7Q^M+S=z>{I)uwTJIU*10Pq@
zOo-7G$EAjiCPA0^5^xOOqfY!mtI}W?c;83uoxZL@cssxtfL+6|dn5h_cJ@~Hc%vYt=kyp%g7n^bLS4K^HpJB+Y`
zQyEPwNL-6^YJJ~|5YA>3Mc5myb)1~CreDj12e&1`6LWTOCr5opJ7^Ovqg&&l<7Y+f
zV2kO3f9?yyVQvHT17%FvMXX0wb5{X>??NAaeuAUp`=#mrP@Ot@{n8amxwq%b5w`o3
z$QcWHYVBmaT5mo_Z}10Ci}UV?Y<|e&g|A?ic?gE^e-U%WU1J&UKjeu2kH~-@S2{?jK8>BBtdYR`6GfPiZ?1RN@hE%g&k=`_3O`FAN
zP622Ur;G@*dj{Y84Gv6nXv_smwdT1lB4Wu<04noJ8>aPxE@qe+Y}!J8Az4_cY&
zkA78a)C6~Ao9O*CM1Bc2Y3s-)-tXVAbj*}C?RPB34w9H*bjD#b9svn!vTZM?G87j{
zlQ-A18W<_uaE%drL#;zyfFTGZY)rz9K<)DuQ~XMgY?rSY+!`7Vz>Q4
z*|(1?lA2Y^P}=|YS~xJNkW`oKfbMqda9hmzK
zHkR8HY=TH!Jc?FDK{uy2)w2AO$>5e2gmvmVu?bN^drpNr_qds&(o5PW$VJ6fqB=6C
zuEFj&XtmhQ8WbTh$4m6!3=Vz+!GR0&awxOV3q{sI%T4$}?AU3#H+g2$AhMaS7;{wn
z8P|G54B8~gdkuj9Y(y#IHa
zp^BZO%};rXkX&^N2+uDvH2Ksjp2B$E7=Ph2Ggb^SU{NDvE+!>O2Hh}7pSE3!k~{0!
zEGE;^USIcz6hB#8qAe?M|L~nk=n`-d+Z|jVJ_{oP+m9mK?oVwB4{mzxxc1VdtPw*W
zlY&IC61`Mj>Vko~Q}CzG5))6WHGnxeJR7?MEQ1OAHs=t)#I+5OBuYgp$NmuJZv5b}
z{t)*t&O|O)AWMqTP?Ur$;h>&&E!C>b4XKBS5m?is+sd1vO$mWtgw34B@HJ!|@zUUA
zYA`%;5#)0cy8M7>dP4D|m|-9gaAeLoe3lJ4`a-#;)Z#Si?2DM~3Ha9V2OAbcGgfA9
zXEUC!MVsA>)?6op-%E4|uDaN&8l~ya!OlCk{WatIbZxYH&}3*D?YtvwDu>;XZSPL+
zUo69(uf^8x+T1&KW89eF(w4Os{xv}>{b%&UUt~oID0|prH>R}KJK}m3e`oIQo&znn
z1%*8^+W2OU;7}i(ft~-u
z&cNKw#QgCN7dI#g38??)!a(1AIVZp!TL{j;=-}|r{-3=+hkp)!g8EyZ;2Wn1v;TN!
zNc;Hvf7b>7&Cf-RljXnuPyavSK`hx{VRK$!-uLvxAo>hiyIGNAPULpVmR<04bcf!>
zs7mh9VW(QtTs)1J&r3ZZiVVh4KqFrWY^_m`y-^QS?kW|{z>W(x*WGa9M(2H|_gUE6
z%lt^
z5at9l$7_2T2Znf`31vpwX1LlhH5{FS4n6jm0M1kO>9HZopt85j$kS8XdWtQY(UJqEd7*)Zy+UtOJ^3NW#Qewg?8A9%rz7R9G&0H0_QE~n
z#SjxTATfUia{dWqs`A7M{nV|(<)|GZ)So!~bUQeO*a|lv?~P{h)PA8{rOVQ{mbmEe
z{F5V6JCONT={;pZ*V_&NCRRB?g;>MCg605GQG!Y{K-!^k?0(4_;i@Cs{Z9dfvSxZZ%)M26K*afGc2
zp$&~OHH6BEJl~1YNRJ}}n|{`RYnZU5Jvc$5
z2Jp4zZOYdvqS%D1gns!JXD!(37k~tLF4+*rx4K62=vt(yBHlx_+1nt_12uG2Akx|}
zgknX3G7ULH^^^>xwNyGRlz6Xxb|bEN{jB{=kYJCp=qI|nE|_#AI9RSPCr8f5UFCYA
z2R(N)-y^I45jppPP~!|4C6+NH7O#HXV}nTY4$uaRR6E>SK&*DXTow?Dj!=g0gG=f`
zUURLATC9ie?oTPWE?e!nm-?gfd;Wx*(C=~Lv?l)~EX*JHOs(OppLA|=IVAbT3WiV9{FC3KdOa_%+cm((x|PgJvv{EW+{$Z
z#IUN=!#UAtKU#?iI-13fwng+)<|#tjT5A@4&HVQfN7f}dqO%eAGAC6uyF}@|QmMJ>
z=keNHFD}=Zy>SDWNpZ}H7JZP&E`I(UdH6mf$lCa!T+;rd5&7S|82nc-{y9YJ8#lg4+s#BcSBIu@r{o&Il6ZctxwnXvx=+KbiYgEbo?^N5mg&E@Hq<;S>L
zZ$PSh>Fc$q%UUS{t=5o+wd7Nypacy2EJUWj0oKe59-uloQttHS#Z
zeZ;hnMx5Z581E!F+vm#wqaz8_X
zwgG;AS|wz1l09ne-*J?+s*S%b$F-?UsF&CX;XPF(rfPqt~5Q~!ld5guhqA2
z?OAiVvtFeOpFzq!dFn(}!03a==q{0qSxBiFhZpoK$)AvO;Vz#v!x0DTJ%1)p=bySKp@muy=j&(#uPrcUNGq%#DA`tHFJe
zS{ZpG@4+ee4LRu?WGGsJbvH$S-mnrO0hED}NfoG}v}KSgg-9=8u4+iAzA>4E8BIwB
za>dj%;8A%{?(;}o(bG_u1?w;vOu^B5>>ZMf$3|yivENVG*3eSVBvE!LBPaDbWimwTQisLVhostm8f07~A4{z(
z;GwNE6`wYSH}R6luJynO9ThYk!IglIp5rVRB(x>aZBa3~OMfD#d%s2i>^`~eyv~0S
zFJxFyo7=G&Z2U$@zb3N(r6T1fL-o<^h2jVyK88Kl82oZRFuXK<6J4QmD
zr%5?Gw!ocR(4_sWaI-zv(_)$^w)d?Ro
zjMoAWg4f^=B-dmfIgczaA-{u=zRO;y{;{}l{v-Mj{s`$a{(|Z^@Pe!P^tYXW+VUU>
z`eT`K{Nq#XzsZuRtBL-f?v5-C;0N6h+s_V+93Tq&IaH>sR815$<5P8jPIzgVSY-gF
zjdhqQOz;Q<8ye)w^2Aw%+rqNUsWFz&CXej_jleIz!?3p$zXPUH-}7-(qeC7`ZX@%v
zztgdMUEjLjUT-l2i0zmm^2C3oFE8eD-
z%FN
zNa3QYsR^q~)6H6ulCi$wS6C`kCp{ULlAW}|%A-zIWlt4Nm2&VsKm``v(MWX62oRbU
zd$bK*ea4+_Nq|98Ty0zMGif>YFIq}7)luZ7!cuv0VHb8DWqC`WlZu83z;9}{RyTz{
z&5uufJ~yRZdtg&16BhaiJ9C#dDV{whZ%}pIgdVl$Rf{Z_5CNbb#Ytdk>VW(f-#?~&
ztW6tyVLd~>DO^dW={2f{Q5VP*X=$$2sK+hg#R-R88?jYrVFtM)&q_V8<1|itGu)}>
zbu94c^m9x}p^TXbXPKYQ-EIV9YsmbwAU}QY=aNr&K>%G1zc2Z1l^HlLxf6+fi=_<|
z*(o~$q)lHd0^Dp&sBiJlS>`%|`IbkN?3093OKyG|(Nv9y$E?xhLa39iT-Z&83;lt^a17;}C9-=Nr
zLg&2$J`9pLztHCqs7FRZ#@+9VW~C#X-l=c@+_;dVMiFqw%UOMZFXR<&V7Z4^O1gfU
zlX~V!s?bj4_(5@Q_nWxb32ePv_kI2x#v&Cg{_Pe&DX&_~%xsU{7
z(Xrb{F``?%l++bszX&phE!*(f#^gN>cG+5|$8WM&eH9Z4#bZWPUrjoo`xuN+fR=g!
zMMd-^6^_2E*x?P1xE2qC=&sc%I2^hIrE(s>ZL$W~R$sKs<(ON9SP$T#_=1F~CQ-T$
zE+L`ty1T@H%qN-Lie~2y+v-j>{M`yF`8z6Yx?JKQv5tsl?#C4fJF<&*7u&VN{^wme
z#n2X8UIzJ${m5~qZE(9c5|j}uc8mhCQ@ySE?R}vFMe~P|_=YeoK@~2PJWcm%5;D`%mfcavm72#e
zQvr~MjjQeMV*Q#A=~TyfUL?`7%O2tV;VpKU?|d@A;o+S4IK4hzxQ-A%bLOX6K>quE
zUgngP&SPM<+YIA|_3ayM&oi`5>gLTl$kvUp_kzEFi>GDvj9$aL-h(*m)+Kd7)cN8C
z@oh_u0aG2>?Fl@6gdG{!0_d^7dh{2jyZjA$ZJx;KBUZ
z>vOwL-~pJioZLSD@JL);3wg||v)kg6MxD|R*zs-lql;N`=X$c&7q9A`SzI!R;oE0K
z%xbPbc7MB@-083NM=bCp9i-x+$U&>3z~OBBg-vQqoYBq}-N#y5e=2;YtXz
zrF_M2nhYp|vI%rkaI(@y#rnMQ}rdgeRm`+dWL<+S{}@V8{M
zE>m|{ZGK6hn~?n+dseCajSD#r#1%8NfA=wek=iw=y8Q4yKVBx5EzZ1
z_?-A47i%u8+95QHZeP+b^$yEfbE4E9;S<-Hqx&-xAj_T9vA$@8sF;?%IwE7O0QxThf?u5z4g*E?xs^8tuF{WK#)U_@Nea0$t%GIJtL}1eQ
z*vwVw0aVcn*J-;lIcMMV&8c6CpOR`cQyyiY4}Jd|xm!q_^M~@IRI~mcX@~!&KVDr;
zg8RQ;{{MHb`3u!*ERE6^$i})R*DE9Fr#xGrx`-+sM1H8o=WfPt8O+>iJ>!KbImYh+
zOum+j<$-34R<{Gt{z+rb7L=&qvZ}1stZW|zb9aLKC(iFL$BX-)iZ?%U!yRphODQhn
z46^LBUHV*H9mUqCTD?g4K)8)8PJ7JrRsB|1Gakz&J9%&uX78&EeS>sHdmCxG>FFVd
zF3nob=}&zuLOvGQ+DoYSp&w2_bBSj*z>qa7b*mq-o-FGsC$A0ZYT9`3n1xiJ;yE-e
zPi!TuMU%4iuOd8jA}uGrS^>>IN6@96N~n1wEgr4`$I^UmD?&>d+MG@>a)?>?DxPm7wc^l@@a}Z$H#ZbS%>?oH5v!9u6>7734aMOcb0dA*
z5s*8?hS>kBU9M<7Yz)qHIy*%ca4ne=Q0>4LIsJ^EdMTV)v`jX0gO_$26kE|!%vt6I
zKIlbawTUp0b7Obn{N0wlUty$b7<$iKsTvceY1=(|dIi|8z
z?s>^5OMmW?LIXp`vRs8EUDFV(49A8`yO)0DR
zz2{=P;fJ^(SFi6^-e+i!J9lzF5!Pos)VLgBLtoJR5u=2Jgsum}O0ObR^R7_`^MZ#%-EjoE_?heKYrr$
zqfq|)J5HInxT&cyi6F_GUukQ4OjgX2XXcgM^f$@L-A8gLV%tH^z8kePMAIDOt{DHj
z?q=!M%R9@CtioME`>iuFv2O1N(k5<6fEpMY&*&2g)Dz)eX>8P}AkkB0vu{`LqG^Q>
z<*?|b!XC&av>mzvl5hJ>V6B{M1MGk0zy8j7u3E3xBttFK%p}_SG
zk7vSw4kvWis?KJw$w_B~<+f1cheYC{1!jGUqhYgbdg}+ED>?Ne)rx>qlJZ9qQ-kX!
zlPvGUaaRz|k&7%kJfk6>MN-Q;F|FqWxlJ=MoxYeAt?tB5Ckf{~^Bdu`D}|kdF6ZV;
z36zB)%McBSt$m%fxNM(;&1`=Ra?Qz{@XtqbnOX-mmf7X}$g}D2>Lal#Ygyn?gPpRa
zXJQ$NxUS*=IA!JL#a6(}9+R3uU^muEXfvfGGjd62{AgLwwFX2y&A)ttM#A@OQH6`$
z2?;nf+I+@Im>xo=ECs64C1dmE-}}e8o2P
z#{_4c+;k0cid-)Xa^8+78=ZF5;$;+I!I4CT_l|_U7CXLL`6Ejd!e2TIAgcT2U>J$u4qGQD*
z&^u>Z(AhAh*UKBc?ZmqSCE~8^%)Zk&rH{>ewe&SU^mM%Qhq+37%v+e$Ya;!5YpIp3
zO~j3FNti}r%UZtxj`)(x%<6)Sdx?JaLG=W+gA!)`GkIGg+p9JA0dSa4oiQ)x0XC@C
z@*HCzf6?R%0Q{8ols%SwEx)9qnvfawnZW6U3!+Py`wlhGVuichF1SM7rO91$8n1#_
zr3de(Ca8xNm5ErecOm}V3S0gL5=zR|rTUy@H)Nmbl5KFr@QZv$zZj&dx}NtR9X6Kg
zE>|u{Y~-zhat}7lci6IXAA%!%!+mSGrnI|!n95fP4ErfNGEtH)zUCNh4&{N~7vwx9
z0pS%>2R!Y@S2qlzE-AHIRveo)>?62ah#dc@yodXiIkXeF7#YK>rkX+8hnu@e<gp=*?&3Jg%RvT)EDCp9u=|Yq3bD7jzU{Xb6zs!;`3>oU{tWLLaziC{*lX
zuD|Vmso7*>+Mhb48YSJ7L-(-<7Zj!17CSZxNzaCx=f;R?f|F77^|3utU_R4=u#Qv*+
z$d%PlH
zqs-gl)`3J3wZ|~cJwL4g<(u+XiN%Y)T;+#=>C>;o`!$vEJ|7
ztlTYDeikl9pMmP7(@0HH7f%cINCNxI`_((J_BQRu&6f6Fcpm~!Q1W};ykkbs61>2c
zhOr~U?^vsD0(VEIU_NT8!}GQd0v5UNcy$4s_Ze=p@9LiSvz`m>z1AyJeevg#y!0S;
zq_s%$WXNMPS}iu_ut$K57O_W|B%ifovkC-O1ypAl1uUbg5E`-basW&{J4_5=woHn-
zcs3~&hHg6AZ+7g7x!iNOtRLuAqunXI0`5U{hQz7S*oTt4&(Ye)5Smqoggk5layr)n
zatQgVE$eZFWMjj{l{LeJ_gnbIQvp=a7XZ7=&x*bhKkT+KrQ;m}L#R!iDMtLlZ!F)?
z*wvjzLhM^|V7#Ps$?~4@SRC1Y(p3a!WZ~{9PJrOvM?j{2@3Y{-faZZ)zzt
zfX=}Gn*%vZZR&46jKM7Pp-UkU2%aArpicE|xS=7J0;T~NF9l3akpQm@IChnQ7}Vw
zR!kobJYI%2%FkVp_v0wIMm0kxedXSSItK(hXS`TfudJ3GZTSV})mV9%4c)ewdH{`D=aVI);}4?X06VI4v3_h`L-mdLFVL?v
zY46>+6f9S!#cDqNVs7TIIFrIQl5%%5FZO(H`W^3(Nm32s$c|6wkp}H(e5X-Gif2pt
z20Y$sl|wBkMA=wo&2j~Gv~?f<_AN$^jr4#%hr>=LS>S;|We1T9W7wXl7$TOPdV-Nr
z4DSfw@MIbvoG&FY4-zZC@Yl?gB9uLUbX)-ChOvjpg*|Vl%Qq{T%`XJ|F2+V-cheFb
z0sGizrE87V&M~gk`>yCX()HD$Up~|=utSqAuQu#*+g#kF{UI3$DphGfKLa32WYQj
zF6oE--$Lh7aZbQ7PLYO}&%gJs@mT5l>0Ri#7~e%3CQ%{tS+gWxAq9E+f=&
ztqMhQZtte79$<>zb@v}s@+0SBWeM2d_`hg-3)sq*WKFlqWoBmPGBYzXGjB69Gc%T%
znVG4~%v@$JGc%R#+2`DDU1{dsR*&ZOmX?+!+bQj}^2^AK_#@)oegBQ)?cjyk1_Fcn
z1>F=M@Yok6qO4fJ@)e3wlXTwEhL6bWr!*E-v+3Y`n?|HB4e9_>1!>Wd41qdYg*Jl&Ou|Kfy_)>%dt?t8zbqXKAQ%LIO
z%Cbl}Ef?h_2Co!nr*NC2&EMeohY*P2Wde*L~tJr3~uTLo}pqruk>+~VK<%d*lU
z|8_p2iK&IHg|mr_iLIHlxumVV%U`L9CIFlNGIGf(x=ssXsJvDaqey}NK@0Jih_gyV
zL0;!_g93uC$;i8F2_FB%AiqR*^&
zRRblA?N1v^olmt}UpS(+F-t6cCmge}-Kv{2@D|tQCbS;7^=t}FTSF#jJ1?>uP2C4>
zaQmn?tRmk`?7B$MMSCw&fMtqK`~WIh=tPVBoLR;z+8Np!6*Z`p(#4{ogN_OLenSXZ
zCHt$kgCo7;uxnDi+H7Oj8L(dD#W~+Y2TV<-d=0c??H&l_lfqnPiyP1?N~am>bPv4ajDs4~aN~?G*1+&6?3JXRTQKsL{gt_5cgsSr08F^A?8Pkn
z>%u?GFgG-v>KDwf1%^%(Of^2S;Ed`&PjB%C6Dx
z6a@bX01VRjF<$+cd`svsc&@Zs)D{M1@nMtAtnUycreiJ&A;2qSnwsf@G(}b?olFV^
z0moEvYS*BXhIsUo$!Q$&L1QTxOF8!(Pr~9dRhYNOYivkgXh>%-hwG=eh2+BneGI+#
zbZ##r3E`cOg${bqcPk;mRrf^VTvBt$%$J|;w;pkUa&Uj@)2EXXgn1Sn;JH-TOk`#6
zrW$wYnLfd{(OwS~G(`18BW0v%R!mB`leQ9)qp!Zj+9YB4BQ+;FE;Da=2-7ZmKEd1H
zO?$7-48iVjY{T~i5_D@u`Gk1#b6)h4KqQxh1Dgc5D0wbpoPT6?-#&2+iBzcl9b!y!
zwu7{lfH>J*rq4|`S}vBSe+3v!|c3!{O
z_bNmrqA6O$+U=wg@#rSrjq4EZIGv`se#%QkjNZXWCjlC|od%FJqP)7ed^TFbhx9}C
zLIq@_f2RJ2=SILb3E8RgByYm*nKKzE%+k+6L&%pWb&G`GAr#zg3mX0DD_H@v*aEWM
za{L22=UWheiSBJdW_WafG}8lpd;hbhN8sP3S<+V4#Kz9iL&?P6(ZmT@GvvRUoW{g3
zLiY=xiX2(7WQg@in>SmQSAPd3+ks=tl$TgJ4?U+kv_!}66^>BsTeApdXJC#yx_~!`
z2(MFYLGDnf5-m4QY%f3tM#q<^PJWsaWot%saXOl0J`TDJ#KxqSA0mpRrQ8DhPLg9t
zYBk&vy#`B8e;AkyudZ&nPh$QF*
z)nP~KX;GsU4uI(^4S2g(`2&U
zeK+MWtNV&`M*a0}dHL!KIV1J;C`{#J?9~{a*SeEca)*91dw*B2*H!z2x%iqbFXft?
zLPDnRj<};FxLpA)#mZ)so(SuSnld6t<7Y_2Z*{2r+hs=~!ul3PR7ANAS*ZKkG5foA
z=Pp{!{JRDL`dk`_#6%EYCz}2IUJYN1^-VV${wD4(1RNo%0r`(pjwjg^ZY2D$N|>{A
z2)aR$cU+!x%Mf4~F6O113P)O{{Z0N-c#@L8VPa#EqAlBk8Sy0VuT90oPn#y7VRHdV
zDHz;swS()GRXY`-4l?nww?|#NuvW$P%-ytSZLv7myBnypr%Y7Y>1uZ-Evyn|GaDJO
z&xhsFMHnXxiaTi1gvoyIgAQ_JTYyYAPDOr1iBD##>~4SJi5x?ImMXenG|5GqO&6sK
zM8spo6*?E_%ou7>Om*5CNl!{W&)kwrM&x^l64?p!y})#i;kR!$Y57aWF9VB9fwDC!XwOogg0V}wv`OG{^q*sG)
zC@P@{3HgRB<`I-Qmzq*I+zSh3TaL5R5&+?
z*X=3^%i3kkl04~BRcHUv
zsp>bQWBwhx_7nSdvzjYhNb1FSW6ao}53{b5%uu?plHKH3=u{ZU*UtMx=NVN?12MB0
z8)Ul~s9{8mjK);ii>TfAD=Dte!THpmrp0xV&M*BX0W6*_MfT}{4?lO-du5A?woR&(
zIYxiMZ`d7P@x2T|a&?x{U;_%>_IjBC)R;?9yry{&9pjk>$LmLZPBR!L;%!2qf~4-5
zMAd82*|0&1tn19nzb3*`%9=ydjnYU;U|2;;S4#Fv=KZ1oH~jD*j-x6zhxp++@ryqc2E#1cZstyqaFVHaMc%$g7SIn|^5
zJ=2DDha7527%y*fBbcciQu4X)wd$w8MXkbZjQs59Gobts)y+J5=)UUO=Z@8|y%-V3
zQ+6MW*LtV`;p93+EmLoRYG%GiAzy@#R|U49^Q4=J);L!C3ee>f5ma>Rv~)vL)cEs7CsFoSyhPwv
zJ(^9Z6ld-8Fpy8seQtU_17bv0M!q*;;Oq@|TNCmx9g@uO;_iCdU^bKUdw+lYCV;d6
zTNt`9O9QNk*x``KmrP3mQk_&h0)ry>?oZ{~v0X2N_)WXDZ&AWDvOXzioyq_L1wH=CBE$9k$*PX_sLBu_&NNOaEX_>B
z`!YI&A9`|+{2nhEX{H;MNvle`px3$C$)+=1UiK8LZEBuh_PvDh=J8y7j8m7Gt;RmccOVS2#
zU}hXO;Q1N#rGuYP6gTp;m+$g&u-KWz;RJHZ2-QpU1bwZ{+4^YZye!CCab1e=TARg3s0rVYM~xcCs01ckG@v<*qExh>|F6x-
z89a1%3UKx#|4Z@Nza3?fv9JLiz>NQovsX;K;NQL4KMN}lTP!RsOTvzeTs62|D2dD9
zVT2TS@}p!r3uDfwL%G3ylDdUc31PTIbl()_wC{-B%?;c?(?2t}z3jUEw)np|&l;?_
z4fH-1Q+s>;zOBa?>+Oc3827RFDDnZ^NnEVzVoA{Qh;Pc?C*#B58~0*Lk@(KoV6DN3
z{UBORjm+QB-6LQqdh?w$GJwZ}FaGfwp8rcH2E-&a1{U)&&e#}$hIY2_^LVTjmD*&zh?aM53e
z2A)WT_@?8+h0dnPrYIU?nH8MF&{EDC)XfzT({_|z5c{3n!VD0YFIOS=bR*mS9@_kP
znIvKq+0Xo;hE(if7(iT@X4#W>&B6?4n0oXG?|_U-ZG6Fu^t%hQVL21CyFluBL3QK;0W~eNt&Sm3ZKr21xvYPuP5UjJ%
zZeNwMpR3XAsoa(T9+C&D7sSwX_vS!v>Gd&&O?2`C=O9U#Ioo>qqSqvdN&6{I4WU!2
z!#SJKFMv(u4BY({$M@#J!@WDCkQmEl*I_q>+@p;%hXp6m(~*2f5*ts}lXLWAg#!yD
ze_x7SwODPTZi#h}DPjaRU4Y|$P$;N3=@eJROH7MAu@EBS+r~+cNkA6dgvACS!xuUD
zjNchT8IL~NFZ0hNp1Shb!us*0;gFi?aF3Z{ocT5`oS@ql)~%1&XwYHSTZqr$n`~E5
z#fDouQnYKku5F(EM#={5kNaLtwpQFLeS<0-8g#=G?X>a?DBHICYZ5H_w91T7Pf}G)
z0{y=TCC1fM4*qo-()gAkQ5pKa{n&*1v{=Yp2w_dKv>u{(H%5rVRAx>VFJq!U4Vq=*
zkdg|Fd|0vN2Iz?3h@m~*^|&C*)d`fWx&17adQ9>W^-^6+-ERZqQ+=11DY-W*D=}P_
zu%UK$qET2_y@QYZb5;Cn=E@`E6?V|#wA=u=pj@mB?hG9H$@Uu^!yL|*!?sDA$~#9^
zjzkUsu^W$v;5$#2B>HU@|OPG!111{n0BjMM@{1{KrLtp*
zQg59jUv$X^9@lrnC>V~)mLh&0&pZ5zL)2WAaVqf24I^K6h?nNsmICsE%AGpvE5;KF
zmkLj>;p~uba10ebz+rT#FgPjlXOIh)Zy+%sF$368(LJC}bE*K-mJWq$NyM=26&4Vc
zQGt00%;c)zqzIkJCA3z)E5fw(%a|=b)MV4N^^2|3oq{oJdnfCMXH6Znf1?i0w$wuz
zxUfTXE%%UyZS4_WsXpXo-1ztkh|7or{sBd>Eo&~)BbATfO6ffrpl5zL_?y%=GCY;f
zm4Q!<5)JEZS6$9$R;LHqp9@Bpu~vim=2h#)p+oRYG(Xef!{MpjT`h)b6!?
zZ=mv6-U`=%Ag929zCeSqou3Bg*NlB+L1=v=aKnLSaC9&^?9WL%%;5Bpe0JBOeNo{0
z=-x{^XMuLu-rCo?L02%o=GR7j@^HR%)W5)V_4-UY_i901hPEM3p|+t;BmJJS4xj$+
z0NO8L0Fw@M-jMxEwZ*@^%Gg^OIsIo=nZHL?kQP?{pH`Vv5AQ5dtdU&Fbz|ic^&j|>
z+T*K1BxAO*f4(|aN_M(Z-~H;f`WoU5b9SXG_X=IG8R$>E
z!%xpU{!346Iex@ukaSAa$M4d~)3G9JF!`V;479|xM>EI4jBVn89)x`$3a!3AX5i9lanwECN5_d4-X`6ioS=BZpm_e?yR@^FVAZp{bl7NplaAh{nX&ell%4}E;z>8zWuuPJO
zRcn{atTheAurX@u?`C8*eGX)~5R1dC`$uj-G!fGzRu$$&_~17+(4JA(jl``jg>~Fs
zO3vJ3tikdUMfGX$*&l;K>1GaKS>bJ|m~IsPPwSDve{^v=*5C1L@HApkVmD{fr**$5BU@ezy?_vH5I#hE^nrmW5k|~>pSJXcCgWx%chq{$D_Ihqjf-hq#IYU>GI(D
zEFqSP^&T>WVB?(j!f-P2Ft>U?*t){V#}xT3(VtJ(;SUjes>gI0-V8ssoM>Z+q1;w{
z+C|k+oPclqi0fQx#uP~Ue)(4?4~uWBvNu#ZQA}=Ob|NKC&Yfuk#(J=^yrgGN>Y^WY
zdelr3+bXL0Na@pAU+UeBostL$W|CP4_sSVI`;dJHcHbQyH1koH
zbM|N-uc@em*^@joy}!wMBUajlX-HGTg+|uvVNuE&?$)nz&{{mK>+y{j)ypJ^cD$ZH
z=9O2hvVZ%yZReG(>@T;q^Vu>2;XbuuegyM)0L~oG>I#jFxx=g9S@i@WJGE;9D@D(gOWcY*N${lWb
z0Ium&oh9kIf_=9FAH!QUC=QW?c~
zdW{TSJ-@+$b4t@&Rv5e2hEtX4Szt&#dBQ$qd>0(>F5$OaNj#CqMrY`Xn+as3HnjHp
zRfqBPDLSwv0?@zw>iw0N57mJ0eN(CIZ9
z?rgBNRvkG$(DrX;Et;&%jkF;=0GG=a8dE89aAC}N^@CVfuw~Y&M4M8UV>cIyM_)
zcJ;1#i4!aCfb)lKYVU=9*{+6br^bMTOsXYE&WR(OZwWPPR&Vgowqb{uFagT1&w|%t
zI+w1{FWPk)5b3t_2F!r2OS6t-IyhTI7}s#x)=CH116r
zjqHskA_M5;H0wwu+1Ld#8tq0h2y?}KGf2{IS+pu0yzVyj&J-&`#p^+gfRn9pbgE7K
zXejB{ffNc>()2p_(zKj8hSA^yuW+adw*%W81!sr4$lTFb`acljJlUx%S%a~)JDC=L
zYS}srZ1~f4^-ABgrSFVv_(NpfgqF_PPEIcJ5B}y%P8a11YOWQftyx2VXSZB_o;7;@jRhO_M^?0k`E&P(YBlq~D
z07euef(~7m*wgAqxk>t7V$N1E
z*F5f6v7oB}M}$4n7MWM;9&^q}G!BJVZ;{?Ju#9Yt0vi!7a;@OKfN1XPT-~wh9Bl#8
zT$#BH3ta}{Ce>*;`CUWKxE0)CbLg$sx})tXLyLUUiyShq<~`~hUO{PO4!LK?F;;rG3w`QVAL*hbQ7wrC(~;y*2YUXTmmS0q2TcfJK9V0))sBL&4Ff6VR}
z1@kjLbL^sk=MsCb?KB3@V0mweyjY9Za#&tGSxZ4>@x*e3nGvrP=V
zlmDjNA_87yzl*m?e*5z=Sb3ZOT1gJoZRm=F|0XLP>l|3xos$f(#7RJODcyaV$N1j0p&r`988`)E
zi75C`VaajOvAO>m5UP%4%ldQe8hbz-Q_sr1YqzH9^haJN6z4Ji{+yM&k(Lc=Tw%-ukAXxnSYZOlcxhbUdb?o7WLM6Jw?+coxmV
z1)MSQ6g)xkiQec$Gd}P{6fZnNa<^bSo1&&2((|Xt>6c7G`0ijt2tOm^?dFz(y`yT#
zSeCVP!!&Aa8N5l-U;fyV|K4vOa=*UWFij)r8eph(PX*}R;t$}S`-Hx5T(M7%y!Zq7
z`XS()w(!{|U%VF?Mn2L2@E;BXxbMmqF6-f*T-BGDiZdlkx+JIVO&xZ?sF);Eh)~yP
zOsed@s_joxY`dZ*oP$$Y<|S>5hm@jQ8zH`QH%O13E96^O;EUVz6&THYM>I>saxGq>
z>x+Z*XpsNwg7RpX0p4eTcY2vDQ2_^ZGzX&s3)F2ZU)!DSznnmvUym2(f%!6>`2WfY
z^!?v;)i{|L{a>BV{_P^ue+{fGDl7-EF)sO7y?1`MUS=mUfLgV
z{Jp#I(Y=0s>)|3cO~-59UyziD5&4gj7d1YoXAv!^Uzndr4`jk1(C@=UH#CS);NEm1
z!=1gF?s2&K{;_|?{slD()OK-u&T}*Tsp*1JhRecD+-rS1st`dj&6Kw$#G=aTdt8&t
zVQnb)&;2X1H=gV{GQ_~4PiTJo=4HCO<$e*G_#0B)(tX@OQE_RrQvEcZIW%o0OIu
zvQ76&OxFsQO*XjHUp51-mI0*`Y2>prRvz?ck1Y7&K7H{j
z+ItYlm*M#?&k-R8r&VI?UC5Wa-GQC%*W$`8CL9-e2igUs+ewVV3?AqV$oMD{ZveZv
z9&d34#oSLc0W?)Gc?Rj;#YP|S`kV%PJwYUxK*uJz%?=|R)@7HelrfQSITqkGcA$$c
zTCr!$jcAZz9rD^@F^XbAy)Cj*Cgz|=GmQt`7ERsb+Y=D1n7=%ZBHq@mR0H`^;4MA6bbCRD2J^mQl+GSALbP91@o7fXvJu9f>gZ{NATPC8If7k1{x`<$ol9=
zFUr;l{=YNUUi(AQ+JK(Ysec(H5%|BM?|+Ac;h&V8$^9k72A683QOzgTvJC3MZwywc3nrF53LDN!xdHExJe`M0)epn{vM{?HMBQz}nUHX)>MDY}&2+
z?(8Wp_X}kX5=)@3{HZI*uVhyce#@ckocnHm$RPOu0t#L77Y9mdMwlYmWxYGEDieeP
zUi4IBDt|E@Voo?Chl>}9A
za>^hdV+4x{1PI&*`42fnC`mD>>uugVd6%Ds*;p_~Z~;0sITec~8@Mi#fjcC0*1NP}
zRwQ*sVFeuGfp-SEKMcFmc8JDX?X|z4Os5?kP+Er-2QL`2AjO?tS(Lvvg7)WZF&B2nK@eZ&4CIJt}Lq{u%pMn4u+
zjT1MNA&RIlnuw}aYsotBSYpPi7v|_zXEvCoMV54iRvxRU%LaLNRF*F`vq-a}E&bBf
zV&_?&$Fnxp(QZB5c{~pRsU+VCLh_Ea{qU=8D
z62qAA$<`n~YCAPUyDArkRp9fl9S{9AiJterZU3RZhhh!Vk1NK3wY07hhCEFTvAPl@Sx0nYI1&
z)zzc))t=9nJNhrE>!ACNzB^MTCaiZksiKX`atJ>Oj>24Cq&1s1t8OD(O!c&rw+dzW
zY2Yh(eO7Q)FTjn^A^RRbZ~d^mG_|_}2VK5;7m>|JNUYgC2#-9w$
z%m6xZ4A)J-b~
zS>QdEXNF+9&m`zBXGsGKl~q7f*|Nzn2idZbeKe%FI~D1B%h_a%eMa2WVd=R00
zuYQLwm1!oq?uId-az5UHsGmcw7~Uz{k|;U)F1V6IQ4ycCK0GOfjgQP=B9H65gt@k2
zqP@K1SEqVc({=mz;I7l=(495SFTBd%yaVX*bVg#x4C)APm@OL$c#L>t-!&x4iyu*P
z)>a7HJkeLsZILv@htBI>KPUnd-Zr%*9qLbZtgMlYFIU+r&E+dUVuScDfx_~fcvF>1
z76qv?p2_wZcNtY0W1H_I)&2RjeMMlfTafM+rY?8AJ8f_LJ7||ej1Sk>HL!NLYghJ;
zQO`}z-fP1z27B6qF^u}5>CMS_P|q|X+O2m{04vqg*S
zO*$;gYeIIPFn?_dpM`3ro`ICP{^uxT`lnd}b_fBQrIM!229=OV^DeMv%l7uv%VyDi
zy>F2Mq>2fpE?D(N)?=4K*GoM+1d0T~5_3LF0P#h5RG^ZiP*89otTUSMuE!;f7*`8LcFOrzZW}fe-jT(i?!PJz
z<_q;g03;HN$RmmSoP8{~R}g~b5N)8WEH+|Ww3I2TXf#~CtQe(E&||bsqW7WWCejGa
z?~zVylZphBnD&<;Z|%BLsXPux!UWFDOKZ
z9%yyYS*Z;uvZ%Vy4w+#WP)HU4u)3*FTKa#^!>X#1E;yrZqQPyqlFg}F7Y1X2l&h;f
z&AW={DXy4gXF$T-`w!q+<;cFK4m5bGG1{z{Kq7kZ1d1>?5_hiIh<^{z+OG3rU$CGx
zv7{-6qvVlNfNJXFN(hp>Zr=(!sS42YF}f(F)Szi-VDP{+Z_smSC`-X83?G)GkU-8b
zK;~pi|ER(BTFnE=Y&*A#R_r$iydq+Bn}T@g3>N#1)b;_==8lrCc~
z)=Kmcl}
zrpNCcjBx7yQfm!tRv
zJ^Z+53=>4K!Cmp6+@g=Ca<%oB{+!vQsMl%l7G*kI9b(8CZUDWV@1qTfR&)OHq!C0V
z=*JIVc-%m=yR^Jc&gzn>RM6DWv+akS-N-O_Pf+zJ(RB8MI~H2LfrsiST?d)#WDoMb
zh}j)jMzip!O3=MPRL)}*cMruRmoC#FL~Gbq`~!$~{)tN6Pv6Egwa)zq6jhj%tjn$H
z498ZTXs@-`<3rkyNgT>qLy4pl8YxV)qzg)Ndm7g)l5HwHC5iqM0_ACA
zz4qkErjaKKGD7$w^F!;P!f3@P!{5&GMG=dm&9Zf
z(I$Ish3FtT6r7>3pdbn$m2vc@#&b#$RWuMH0wE`df}_x4N&zDury)onKhA)Z{>kOtQ4zOfb86dyGBsA+Y*5&UJnFur)WqXHw&CI2}Bfs#UNfRj@*
zkU$(!#2i_?Trbwy3?+uEkS}s;j&F`{rs5J_onDre3dE{HDhJ<24j^l?oDQ4{Zn>XH
zu0upr_P!CkD2B%ft3nk+!yC%8ce1m00;9j@cO$tyAK+gw*^po-PV|_tQkO_QRL~o<
zO@F3(b8ps85R4b3%U2YcTmE2CP2YHW)T>v&Sb1L+T&hZ70Ra-If8ke-t|zS@ZXZ>k@t6;i2&CHW2;^Gkz9-KoY+p#<
zYpQPet`aQmF>#yDbcLZFF9P!pv&J@;ek2L#_U})dXET^TaW^vC0TYnFIi)cL5d?LT
zOqN)zb`?Nzf~v)b1QTQ;J=xp&b7Rgn=UyW$znZdbbt%tOZd$UP_N%(nhN|zbedd;2
z^y2hM4`b%HC*&|)70Wj(;X5UGq)-E$s*xNvAv0aX--%F}e;5`!#zHCoz@ct4(Bd>H
zLpY4Z9;&{bX0$86`8vst1Pg1VqYQv0SyQkGAJDJ>1Sd@vQJGgUt2My?jPcI`d;jp}
zk*w&*3bnQSvA&cDxdjK;ri^EWsKX6+9j1w~6?Vq>6M`V?n+`RYbT+ZaIH?QWQ6%O$
zQ$__W&i9zstsn96%_+)0S)Mi`~%Q86o-X*pz1B)L~n
z%9jHoon)NGbyM!*8|x;olip_0RG_Vy#y}IMOT}QQ%FsC7)~u2bGAvJNmfFXa_n5?!
z*+`RrSz){e)kPn1D5D#Z*oRY!5DDK|P{@w=uUVeMJ@PcE1@6pCF142Kd&c@B;G3E$
zPdLGATf<18CFzApJ=3(yZ0I@I$;HU3CT0Tcq;TNt*K1U
zMwL}&-Bqdr&EdnR-i2#|3&x;>3h2LEOEXH|qX#4>=sk=iR4DwyP
zx>tX@@I6Dkmxqyu6ccX+2=MJj^J#;5AA`qeTwEzMApy|(-@
z0&tKOBOrG25vRe+*#(J^klk4xpC>s-Mz&wP|GW|W6Xno_E<+ydU;BGwbr}~dgrQJI_tuqel7T$|{Y2_)yi(
zjd!)!2unwlXXdd|dAN=C-G2u|x^}n}tBR0v+9Fjj)Zjax=*K8n;YS2$dg$|1Hp$pCp8GE+xG(m1Ct8S-8P(Y(gc3FSc`*tk|f7LhTM)h^IDfOKv5SM~q@pO#`D+bqAep6}R4GzqAEYlC
zCDcYGz|}R;ACpw`nAA4vkCSB=Vr-KajR?S~K|%$G&&V
z&rEc)SbV?one#)ul%+nbbtUUnwt7PzmJUflvMFuL5;ZGn(UqE65ZQe~{bk?Vjw88B
zfr|p)zf_d{KP?Ju|J-4p$pNz~KEPdDi>o53^{C3qL}2u|x>`FW8rHMLq6LvrNQgel
zOa@syH&@ULW_F{1eN%osf8k4VXh}mvfel=6o}Ns1I`lruWWL)!YQ6eGnF5(HW}o-u
z1$A|H^@C%5((Bv%gFUw_AGw3xeLMb9dHxa4TyCR1EB^JAJ@@+V%gUzeQq4q(4IdH@7?N!r#sjGwKB}o4Ur3&&M91DytIPA(QXrC5$
z8EVQjhhVr+rl}|hW*bnAx$9gD=LHhk?4F$butw4;T`cIf<6^PyoP_BLZ+Asx+P;y+
z_FyW3{Hcr|5DXrGOaV1>=OOjIui)`s_b1BPJICgHE`}!krX?+InG_vYS9NmJjy8|g
z5@SphG~JF8)Q=au;q#gynT6sU8=P(h1@zz?i?KGLJglS$hfbpvU3UBQv-a+zwos#R
zKEv$Mxc*qYrf*p4P|^EJYjmDI*`;F&DuOlqhXkaPkw&Y(N#Od53z1ik7aj1}QFR73
zAe#g~%{K{QHIG}X{h>sdY*ig*hapSi_5}LzKrARO?e5I%AXP5L^xNm_@^=ci?HI)rqj9My{osfK~L{M4Jh*^?mTyB@yUYG4|ha)q!+g}xEkeq+aDG=PF
z@XcF=bcs-p7AKC4f&Ab`Hl0T)-rYHF_0nvnes8_J2I!w
zk>7)Dwig^|_Od@`5M+itjo1{+4Zy^(bNNbmFTH%H=tP+>m6toK5GZ0Vrh&4U@@mne
zfi7*c>wyP7O;wgB$B>zoA(yO)%47E3^>{VqofLVET4g7r$C%
zqdi#%yAExvL&gvbV^MjG;G9EFq6pUhk#;4KhGwz4^M)LFQV8O4vh)vV_{@VoR$Y7}y=P{z*;je^JAYZ+-KBP}8+Fr}atCOF8rgZRsvhCnIawmU6+g{FpK6R?X0m
zkwD;X6O`U!q1t5qr>{V-?PG3~Gh|sf+ip5ZF7f=Q*-`yIcKz
zO5`3q1KPL=a^-|B5HxD1&=q9aB*aZV`hnCMhEA&61`O6FFj7B7uPe2L=MKUl=ML8i
z69qw7Q*;mI3Un}t@Pm9vW>5#HHfonl$(s{FgJ6iHjG&<_Ynm)?k4G@3Q&Qy3(T~tw(
z>5gsqW({teFmuKtOps{W%qx5&T6xjGnF)ChlGuB%QlVaKsKTEvHPWViUv)Cn8Rmu1^;znTSEXF}Q-xMl
zcTJFS61E+I3QLiQ!+yhm*(lCAnq!dF%m}SNgOEc#)gXhU(*%d(1tFPm(p1fi-AA<6
z_L^xZoXjyD3V3g$qZsNlI8#}=Mv{ehjncv&b(|gIs=;|iWJed!#U6~EDMty_8`LB<
z#D}QK2VH-^~X@3(YyOJ6LX46hI>?_fbGR^|Zns
zj4daKb1QAj&ckloL$xb-jM`@rH#n%%OBFHP?3a6OtZDqcrhCFB$|izq4cs@PyzPqi
z^>9j!A`ISX=vchP^6*R+gkO%$Ko(vf`8gZwOm>{CQT~`;R5-M3zgfxS+)01K^A?S#
zn}@YvkpYtxFNeg6;-x@ig!_JnX-0(757nPWA;@G5IOkx2)A(5@RzWFAg?!4*WgVET
z?D=$*SU`SVT{`!I_i;(X3W$V&UiOC<>!o+&VR;7i)4*8iIC<#{sn-j384?}vGVmuM
zH6M~CadnFlO1WXFq|yX@lRoV*f0gVyee~}jU);|4Au{&(2rQOnj;qxcim;X8r&^;+
zHe&VcQ~EA@)K@XB-PMfZy=eC|8FGAYo3pdf{j0Ml?c{8Qrw`-(K>e7f-Q(=>A!U_~
zyTq1`VE?QefXyrJ(G$F^?*aBP$TFE6GPf8@^kMBvfmvoJ-*;Z7L|bWAK6hsKcNA}P
zxb);0NY%IhoQH<KGB3*z(K;gevlPC8Usluu8x)5Ge_a
zzmdBC3#ncLWVCXG*)X9=E{QUw3YHU%$D1rpvqSD}PNxrGlNS9iGSI=udnZkV4S3F04^vv?_6!3#{$Bb{>5fn0)SB=Gaye0Eao<5S9@y@7h
z0YN+M-DD%XuAll|3Tgb6$2%B-DxoI|=;HM2&CC
zllwJT3gyurhRoO$JWw{vNh+A2(h&E288J~A{--njh17r6buBkY5zwvCbU8rJjhBVL
zlDU@>>>rmLhK&q+;{GDTfV;|p2G7kyV+~nZr-D`#ORTC839-_MzbGiDcp1O^x=Q|g
zJ2FXR{Bamx&d(fHizBE}KUH6PAt$L2?dPWT=URK?hDr6uIA8bwqU{{NE8mxH-?44m
zww;x9Y&+@LNyqBA<8*A>wr$(!pkup}yLzAfoac`F;@lT!>_1_RvF5MpTXWW@@ETs%
zbickNKREj2+}Tf=Z>m+C?-%#(QGLzQZ}UFzma(=bs4Qo=*nJRQTc)0?5yp9k`h33
zT^_RWp!ct1nC4WK|K|CYQrju>;|*Pv1^^HReEvLy)0Y>8wJHzZo$puhdrlm1f^-~H
z=DAuqkepM4V|}r*%;r2T@CYnYmj-@dJ1xV=N%aKQyfljoo_d(~>TIjE`V+3@H+ov^
z=c-x&l~wh8=~KrfetOph^*Wu)QnSg~9_$O>rJLs5d+QX6nD8`C3$@LSY`JFD%3bh4
z=LJMQ!0TAvlNM`CM^g9fjA>1hZn21o=IA!_-GzLaluT7@w>2Y9DgpN78}^ndH69#iI+#68L|
z>fi9zJHuFNC~2x3wiPIC0&d_fXMA_B`<-L8*i<&`Q?VD|f7|jIx$qoWf@zo3E%3Xf
zQi9BnEBYh(ynWP3WY@FGPd{we^=ZXYr3@gu
zVw-AwNOX1P4sl{s6oyS9UrQ3))<+kV)p*E)*_V9o)%(?G*OFd#j9T0^^QQL%tM)_u
zt)D`O+gT@R68RDKi0=W%R6izz`&BMbF0J+GwL^{WnM2r9;Meq7Hr0f>zhI{c`NoYR
zY_QfuufwN$JY|@6!14In=Rid?3=1$t>k^_|iX0E4qVLE)a;1Gncdlb
zgb=23pJm4L$D^|ax70pUpfl8ylQT2<>->&&9TJoV;?;QxTZmBXkyGW3J#CqF4Wv;86Fp3Co+Xt8k8|YD)ZF#l-Iyzd!SZ
z-wV!zn?NP4{9|t=*1tnpg{tTB^NQHMh`=4BqG%Wk2>6o)M4^|)YCDTM7uz0W3K9}j
z-`F(*^V-w6CNg&d{Q#~UKcE2);jT1PKNUn|?BJf3HQ#mQGyR(J=rQ$teY@`V3APLz
z!EGklXS%S*nPqy_eZRs6`(ARn;|5IFamRY(43D?$>-34?L2k>H<1pkl}gu
zUJU$mqfx4k{D}H@OYBOdH%0^xS+rxU${DvkH&!siRH>7^%6pFjn4d6U9#`P=^l9I8
zZb6xRr+f?N|*dw{;r
zT!-E*>VPVFDy{KPSEq`BEJI8fM;ofq(D`x7DJ6Q!)T7U<@`e~K>tKve8T#kAN*Q}>
zkR#(S7b>ZK!O=9cjGS@{$m$>n)t|9`$GBpkhefVU7;2G2Ig`Pw$RxV@SYq*`1LfWz
zSus+ZvyoYpE6iJ7vsF>kF)J@z;N=jz)HE$$E7io9r`AbQ(`abRT|jTIROR*DY@&0~
zQ?ZSbt1&z*S(dAxxB5ju7U%_j0>B^`%3_-DAz-$Yyx|qtbIi7^l##>?2);dOS)SS@
zAqPQHBpr$NX@=BCMpG^5d>CBgQ}I9@;&u-j24!^@RqV`g@E8FnDuhv{TCy=akB}L^rD0)k
zGM32T8QKgXh7I0>QSaWfB=dqb)j%IOvrzsSlj|ps%4V!(U4o@sa=C8_)bn9cZ6)e?-928xpHSoYqOAg!1
z(#po)U!cLPAw98CE0P=OwV#KSFi5Oldk=)=pL>T*+N1O@W`Q>@0
zJH8bW?&~Lb@GiluP|W8Vi5sGu(xjV>JK~$JdS2CW)1GN55v;_ldukKNHYsT7>F)jN
z)n6O~(^3do8Q=iZaO`wmxi38}luDy?+!0rz2gNP^K^6D8h3A$m*k96v_N%wBp@+zX
z@v=Eg%m#5`fLVgll;}xFmG+@QUwTAPouFwd|cA)n%Q!qB({F#=#{HPN92u_7H&l-DZh
z%`*U2bKgV!_rZNr3LSS!jVDYL9Dan@WgSQzQf;7Q9Ql`*#lHfdK#lV?LfW$BNyH6V
z!$)p?=~<@>s=B)FkYAs`@0@H4NXVa7+rIs(qN2olxF^+8tUbQzfmd`0(4WINcBn4<
zk~tAx^aH`p1Ry}C=Tlm$k5h6a{@a#X8vXnde?N1Z*Pn1}(CdTnqeMJ3d<@~Oj_=9S
z$H87NzjJm7W{c=i@-Plw0!Zo})x`5@+xV5f!rObazqpLe-|l$3)R?u(1yy8MMYvyH
zYlKTCDfJO;*ztgSmui_}Juarg7xL7|rogOp`uUkhu~l1bTY7l;U)L%SkH~~yfkLDI
z#~wkfe|Kzug!b1XXjRWX!&a(kcMp`I0VG5CH1*mio^-Xo>2olwGCBAjlvAgeX2U7K
znkwLr()=G3(EfS`0VfN9J*ZOAIg{04XGZ5P=hWxdY@rWO;aRfdgZNqw+(V}?ofGxH
za`2-o4X9oL@08PHR^*ix^eJj%8*6d{OskrR1MhdjNv9ds#Ng}M2Oqo*grQ;XDRPU5
zi5W?cl==P{R+{8B3Ts9gYE1MH#3(Mu_X#l^>@XE7yjC;Nn2B5>)?S+MrJmSX#bnX
z{=1{A4#C&!#Avk&6dPrEvY5Kq7e`{zWlR)j(4>LLw#Z`N9X|Ol&L>5`IT?|k%xx+{
zWWYU>j_T-_X$ooUcqF;T!Ue3G(-0#%D?h;BI2ccv9fEt{H-g$7(^^QcxF5xZ%raP+
z?)8@C`vv7XW};iL8mKgJVU5J+oiz@OfA7
z^DdcVd_6865X++M%6?L1Cgj<04YF-^tPkU1K;~z2Lnp|-{z#sJa!`?kYlb1DiFK8Z
z=Qbup>iGVsClqFZ&3XvoLj_MT{Se>ddN%MtecnzV6-?!gsf5dGIRNOsoS_G2ge$2h)eUgamssaz!QPkYfPwqJ=%{5-Z*A}oV0AA;
zB6x>66D?FHSV~^^(r(!{`)XTm>dkh9_y*l}nmz8JR6S^K+Q&HL7rWR`s-JVDupP{K
zHDu{_Io*5rTi`O}+tL&4$t!T(UBryNAYEUDJ7}#85Gx`GlZ|JJ}Ms>
ziC0hcI7(;}X-T99106FQ7Bdxi4f1Yyo=C4mNoh&0$3jJI@C&*MU}4&CqJd;&^FuDS
z*X8Z*50G!hp@ync=38Ht)m1J%wCEqwMkij4d^MAW5&`uY>iV+_6V_#OUU@(Bjn&Ub
z`v;X4ZC?B#L~Cxd?+lQ@!8E~ixw*Mb
zC%=4b)U&=%h#)<}JXn5CMMO&){j5@nhGv#>SUcfT;au1+I~*CY5(9d16js2h3`r@Z
z?2o*L#lACIy2n3{KT@Xu%&it@leQ-N%(;l&$WmgO2
z(`1QJ(6K#avqzc8H+f$|pa^koj=3JHt`vr{-y7;4euZQlp1EAQKAKvKVuC!SazC0i
zv{+IycQ^$nifRk=DsJC`N+^nj>`(KHxIT8(iWS}D}`OlTIzY|ygn|b8pyAX*d
zLzjg^$L*z1>^M!{TyOvOrFz*)aZ$Z2h#G?^azCj2!aL3(`@xX;@vCJCu&#dp+Vz|$sz#HZ5EbC=d$e47E(li*;DCA`a#9r
zO_8y_3g#ACCE?+%lLEn#q-p)HP+%;7>Z8t&q|?4oJ?3^TqlW(U@ZGpcV+peg1sn^w
zh@ULvN%^T#dpSK-sQHijEdNqp1yFtSR&8%%Z-~uZzxsP!pa||@mcrX6k`Ky-5k&hd
zp)_QiM0Zq%0_nf+eTNWzmWJXz~8tc^3CvaCtx^Li3vB?b6_Ky42Yu8ARH0C)s47ufcg=v=sDW52d
zS}Hk*WtnoL2q9`AB>$!~uupBY@iUHsbe|ppY{FHfI{c-@KI
zv>}h50|Aa1DOae{`LPhvg}F=0ML(iq+PU%Q!10cZOn1>hPpPvBl42fUHg=ak!hRv^
zAPNq0_CEG+Zr(QP8+fV@W%C{H67~ur(8!tg0mcfdEqf4N7SQt+=rKKimZt=>a8-!2
zM{}4Xvh`~&
z8`GY=DWbvK=nZf6UbAAWZjCTxB)Dy~Q#W3^cwpIjYE(Pkk=uB3^V;q?NV#u!d26kA
z-5>9Lf!Xrlc9`V9fVa!s$#-;fc)Y7__Mb%a=4{f>d%RmZ_p%#4Z(U;P!d|Zu$dS0^
z3ff;x-cit7*Av+M+CCiH-5>}~)2v^=aGHDprPNqBBP`_Cp
z5prm;<@STX<9%crql_}eYI>hYQa-3Y1Y~@To-eFYuAp&b=7Qy|<0(KPVH)a58~V>O
zC*ZC&?M{9P+ro{Yjrj1wB11#Aa)}sq;c(R#zt!{Kc7UVwlR5!6EyZEr*j#m~B}@40
zzjjfc{^nQ?o2QSgSM7loxhVXw2{tsgi#yLN<~iDd3-cI@(;AAYtm
z%#Q%{t8Y7j%1R}rR%Ip{E|Z)-D*3L$YIKT=#3eJ~g?MRtxk=@?@;P*_gN^+Ck6`O;
zC05i6&R-|*yqBw$$63HsV7}@#Bg|Kp6zRDLjKf$gJ`jx0A{aQ*sC^}?@#$X*PXT7i
zjJo1EbXX(u5wn|B^$op132#7FzDVNA*TlzeIY_7Uo1nxHqrpGgXz)#Plg*6dO|61C
z%AQu?eaN7feJ5oH-S?g+7p8jBydZN)*1PYrJ`aV*k6R#24Y~{or3K&rc~o?+1XrBFR5jt^S=Kn*HPH3dCPj5xC`!
zqQc6+F|aFADe^z85PG4-@;6D!sWk$7#k?{k;Iv%5UElItJa~IYa_6sv@DrLZD9b6}
zM246=(lq91YNPci%gfC7<92!blVT*a#DUF;>`-AEH`AE0uVPH`6jyzI*;^O=iCJDo
zUX^aKdf_d*0uhFaODy4Jj9TZfU`XJQ!w@lud-N`T8zeK}1DWo5Sm3&Lj~
zYB}qDWbw&kEo3WUYe6`-$kZ?`M;NEDrEEw?x-16&U
zJQ{@lnIn&+P#P2cG1G*(6%$eLA4jac*l2{4`|OXMBZ;l2ka6ZeA}!-mTjYC~w5-4`
zQ8fWtWo=sp38*&fG9B@GykE08ZyjA)ZewUVLh&#|TBHn}h2V^7Xp(cU^pa-z9esMe
z4ZsvSWEF)lLF7`ykf1kicL+K5!}80ViV{`%9v5Z6nq4fB7WzaTe$&TJixUy;Mh7F+
zw(cwxe$4464R1`hQst9J3dFE--HMJWr_M*FKNUon>X5kGU7lx7_IxxmQncCThAP1L
z<_H$DO6|)QkxG#jSu-_!GX4eI8z_9p3NJoptRWE)%o?Y}$h}`R5kQO@k~RlNC65HA=dIuTYp?Y?vXSHp%Tfm8DuE_V5=)e-!(!0G!jgPkaKgWheT
zwEo4xpEX{f?<#n4#7o=$Lre1@8u#^cYm@&XAwQi#A%FvG6z4yuxPPaQ{$6ulvujs{
z5dR8sDXxS5xYXHbQO9Qk7V-(jMBI3~#$94#dtYkT?P@f8nEid{5HpE=
z$Zo;C*Wd(HmU%(zz;C`qgMtSbUC70z+XE`^NIn=6voT4G#l;~30kh0zB4g302hfRQ
zm^2rhM*io3JV?8c}^eIwww_sfZx)PVI7y&fabuH=x+*4T0Aus`9`}E+l
zsL*^OUg?!xl(Et=V}5JDP{~oS98gS`QfBVd0jtVF+pfqQ2lwoDfXOwY7zY9_aozq&`WG^>tGtGWuN}`H
z)~^Yz45Xoa;Fk&Ehb`geZB4eV(Uq^!g>=!j?M1ehN!DI#0cEKT%DJlf3peb`?C@eP
zUjba0C8j53#&n5oWzQ0W*O>f(gAv*`W4^9Jys|xIh5AU|MYYKT#3FM?zs@Q}t{7H-
zPt?P8%W{T#>a&}0nV*0rx*bL)e@H&yEm4BdyCRJN{ELVds8quO`}QSU0FA%W+MPUO
z7@6_o#uG#7jQG!7w3OmP2i@qsCZ8&|L`ji+U7V4XTUBb@R+amF%tym-8k`BSIjS>95J`a_|z9gP4R
z!>Sx&Wvkb8uPthma)yVBWcb9*EF1zoxqk7c{*!dD@WN{W&TGu0bOqOu7-MN0^zlp_B{k{o}wQQt5K?H`*H_T^d
zre9
z*=9VyE#(GiGIW9nGJMWH+xB>IX1XGhEWL}3VAnZ!;RKW!CiL)5iE)i>pRj)Gxg_dD
zPSb+`fcktEgMjTVX`rMABA8seNRt-_%`r-_HI#&d4N2tz2@yj6WAJKNL>Xss_q&YC
zGIjjYH?qCpBD;XApD4YpQ0udH>@!wP%}a5*Hen6=z35ZXMyT`P^OBa-+>$wG5}5?o
z#|ZxFo!w7d3RpR%+%Xa0<&X$5g+12bW;3k1!!B}%4Sh2R0_(08hRnE%X3vpHERs7}
z$Xc+BC?!hx5%fCD@PUS&!_
zrXy@O5ZHN9Hm8XAbT8JlpeS#{(U0k5p?F5i`s}Pw!hu~tHtpkq6mOUjCd0*~V%CF=
z7bPey+cwJ1Uyo^$=M1ZvP}#eE{V^c0nw;82yG7GNfoH0MFHMddQ`Rd{AHdgAzQ_4B
z;M)IUU!QLjCgVin_G#!D?4v8Sf+)B&4?f~sX2mHwH#kwb82;w4p3kvnC`i}@fQYgR
z7Lsv&{nEU#E{UA4GBJ$;*AuO8%%|vC$O}>C<}WTQ-QwlEj8O
z&ZbZ+xy6OjLLY1cqvau_o+S=7JfV$+1OfN#mm}1L12<_%%{TyV{Pbsozk{%n(U%l|
zViKzVoTmOAJuF%lF17d-!tb}{c2nOVU-ya7b
ztghV=YA@8;X&7b)4T33=kOvEW9H1Y07(>rzP|L`Qzew+z%uL|qKp*3xfd~QXq4bbYfju_zGZCbN#Psj;w>m2C#z6b7#sO$0jGk+e7xjuzJiDmV-e4XI5XsI{R3pY{wb%FK@8YGxd4x6Tjt0vDS97Q*{rf*CF=p@pe(
zFzA~Dz*UlBt5hyh9TFwWVOEyHEe@bHW9}1XEuE8f_{Cy{{`2;G1oKQdg#J$9oG|({
z=%|H6D!gcnHG$G$sH$mdLBKUN>$pc3r(=L3?XHI`l&!Z&O%r{8K5&l+C8)FbW)JQD
z<&1G7(p6Ux&(PaDde14RvDVL;L=_fxF2~m5%#$(3zff_oMA!L
zEoZs|@0ayS-1kl;DQm4k6C4nhK|wa)+---O3q-@0n?5Bf!@wx@MmQ$N(YnyC
zSB|+|kzI+>#R6A4U~9QQ`_RDt(#&c!H+MCgnwXk4*!KODqe*!cx7);dOy!+p`&T%<
zxzVkEll?hmz=LH+JEOQQ=~mner*6?b-M(hiCgzAi1(Zbdo$1y`!RtKOhGA*|1Y-Jz
zs=pUc;(Lq`S
z!X;ppeBZG*rjPu%gXdqA+aslesY=EZ3@t7aZb?v{1InzFN=HJB`Mcje3}%A
z*&Dns9OsZNycPk~{x;|pQ1o(^ZCI9~arFrfJlC^hihNE^0klyY_743pL0D(zy7!8WYC=#6bTg@-6
zh~FfTd)k9B%}RPAOo*LApM{h7Fz|_&N}Y7+qz^>ij|PJlnE3N+-WKhP)Lh0rLUi;f
zoJ9w^j%hpPQFx&(>!s`$VcGI(JOjqX4+M?(gN30`?h8NClmlU-sx91pUe+w9E34S4
zr#G4%eA+siLle=s3V|-A9AhQRDph9ufc)ceQBOf=HUmr7!9V74vHd%jwD~_-bo&j6
zIAqu&h6L1JN=1G`uebVipkr*pp|+?l4k{fS>$p*~Sf!!Or{sZHGV3B;y&vw|~gIYklz}u)JqZpF?nAsl1StfErxrp@4ks
zz#G!~9ViEB!J*Na7+&j78Q58n0}{B4D#g~|8hTLkp5fcRZs2OTR~H7!3vd10FmkdN
zoQs}&@z5E;vuZHaDy6lkrKJJ6gpIp>%tXkn+xp1PH-%a9#l1yiY0!w}+^xo+OQSYg
zE@ZME8M2BQdwBJ@#QiF$_hf6+cUA7PhxM9s%hVmUKqfxP@|e$p|=HNMFhxZ4|52gl8(c=LrT^fNZWdg@tNVZtl
z-`{1jz{lpZzN?|~foZE;gi$LqiUcSY{6ITdLGypmBOx$2`8@n3i0}KT!~qNe4Nb7v
z8YxCR3+tVpv?F(pP56w$+KQRO)cApt0RAc4=4B)E{Nkm1k
z(PvI67(D6V;qSwZlf)5tCMZ8;KZaGwft7#8hfKNVfb$mN(f~4grQ!y&cw2VPWP8dA
zkf=>b)-vpq{G2Z~nZLG5H*Q=ep{0g_f$)NDbgrv=%6Cie_2j|c{j|#?yu1_gl!L1(d#_*L8cl~S`WnAdQloma4p)7g
zRet8YvGQSPistF^%CmfWSEz1n>Evw2DvS8Vv??-J;S^G9kyNc5m<)VA|JOe91r7K)
z2Cz&O{>L))->e?8{W~1BX@>_u7mVlCH@7Bc$u-o@nfWB2bM`hJjTU=o4jddNN+*6R
z*)w)bT1edgtWQNd-HTxl!UaToAoWln1!41j?u3CwtY6E_yan=c%)5B}-tN~gKYh!M
z$r0k_osj4k;TX$87#sB!;GgK?<0VA$#ZI{Ys%mN~K&hpNP&XXxrAes%dg1P*yoeV`
z{tfx;jq2lw_f-PxLWw7gPqtjj=hC9VKn}Gf*CQ8^?w97x5X6qGKHLg2_iz>p3GS1dyqVmZKF9JX
z)Ct=0#0FaTQ5ptNm#wZ%L^dDRZT9_>=xq*gA~7bFmCU*&
z$SN};meMK1X~PYfM_DRTG`&p_m!!nWy#iT?l3E;u_<*Iw)y@+S&}K4(hw@bL-lzy+
z!CKp=PZtGOf;JN;3Rio9=nE0#hQ-~pWX>G3yzFt7=ZvXpe@cI*WjPvn4oDYH
zAiajCrzAlq#l;k*o9M{@q0~BoK*ED5{&_;ysA51`63wo1P8&D4mOQBinWNs5*~*rg
z);s|#YsZ2(wP6h=zk-VQ5k*6giZ-Ujfl!kXh%i{8-wH-0SFYfvtXH<+A80
zzgiPIp-rNTy4}Kku{6Iwot|fN-#0p%WOFaxKJIXXBzj2ZBbrv9bU6m-33-4_cBVI9
zxZ-V^aq$EzyjI$k-)c3yVOaPbKwNd&mAA91xF#zA@1!7w2@l&-8Cws1qr28h8`tss
ztMv?YuthWjYWnb>)AZjttV$p*1fK($u-L6Rc@jkGGn|Z$zBG99Ro%l{d()*T#rmn5
zikdBeLcA1Nn^UIcq>gISF7JjZ_KBWLA3x`=(DP;2Qqi*OshjU3)jJ(}+J
z{Q&#Kd`5ze9-r^PPdn!L)G$&Eb$?9#=IW%2A%yO+89B~eO^3QSCAdSJCgXj9{^|y(xId;KnR0&Q7O4}fi`Lui)gSswLHW;r#u>M
zDY1Iof)!@^gcD<3kds(OI^%{g&^pK^?1<`_j>xMxwZ%dY*nB62+V9|nC*qh_a^d#2
z)ZPky^md1`YcwKZ0N=iQ%*;S~x?BU0`0j{735p+MnsG~497+!;OR&#Nh>MQ|#mOSe
zvW+MFkO0KBivuh(>cAys4c*Xszbi#5MVr#66!7-d%3&*D4AL)7XhsFk@=|Ckjgs&4
zk2au-vdMGHM4|RM;7MUh2GGhz#`5nQ(L`_g1
z(wb?Rp&GLVI>y0b;H0vS7WR(S;LPkcE^3cQ-hN(PI41AIMH_6~qa{m|NKvxccn?FT
zm(j(hVGB}9N9o5n??VK2QgXrP%6HUM9~`)rBiN$J_PF{%_ASt<$PvL+UygrP;0avt
ze%AyVrGmkRNM1rMkoZDq77MK}qA9CiR{-U^_c16SRySIX|2xXtf`Rcb4RU5oLF`nC1yGAFAc;FGe^x)5WyicQNghD^ty;-rgnE>7OIqeYZY?CL>$NXKs
z`-h9_Gl;w*T$%#G?>$IwlbdWk-5_`s0---0cc856M|=1no^QRiz{MW7zFxa*;8eC*
zn^s-EBm8NW{eNivv;eA_?jIwEu>Jj_tOTYjRn^e-+Z!@>8>~vdMSmkzC%AHY_{|E4
z^FhGQBPW;WLvqd_JdORuo|=m44TokR{s9CKLtW)YS{G5i^%~B0I!|>~HFh^HH7^nQ
zy+81MQp85ahDSm=xwcq|K85NxYvaNrSlA{clnW7pPha)kSemryJJI5+xIBCUIL}-R
z=KtzGvPy-L5=amPI8-Tk_^yNW)&|4PeF4-?1#YEe^Mrp^1kN=J|q&
zz8Xde`-t`;eud5uwFEs~mW-c$gJgWw=w1tg<)qaNmIKx4w_KlCHy552`(55_Fg2nF
zYEHzClx{+7)Zk~$YX693W{+~rZ!;u$p1h56d@t1P`ReiL%4LM7U%dmLL2*TP0GP93
zJ<7niP#xRA8IolNkWWU01LN`1@SKOrnzFp^8Pb>h^@3Vj;YcK_x*blUSFuqFYt-kB
z5_)sV0~I$zdCZUcj%lW25-mIV#VBg|+V$?*ICkDxQ)tXgQrUOLCyFVD3<8)S9q&EiwC`EM0N{Y_vF0((WoLI{~wd
z9dh3~p)Y2=*{jw^uaH-H%I%wCcpY$l)h#o+LTC69j=UP7RrPpbbinaNaEIM=H&k#$
zq#Cg&I4wb2l{)!r*|ye%A6O_m&9W6~jmeV_M#^GK(a}#cg6r2MYNauH*FX;22KR9N
z)>+BAT>j|t%8*^A)eMb+ZWX1#SfP;-g)C=x<7FkVjAIW=iBwu3b4tR@pxsjbLJ-#>
zo*n?R5sI#?-bbTNF6|g93d3_547--lQ{XIUEgiflYn=0AAlDt`OG7y2u$cn1|_;((9copFHQ0+jNSzBhp{q45(GciOXdcVXWFOcj1!Tg>uoxll%0MQLJKOM
zCW^$TFg1OioY~)k%mq(VDQTc(g~u{eH?m^+9>mGU#BjnyuSt{&tM?StGsMz)fgerj
z3|i(V)X}oXUv4YIG7*Mr0ikCIem9<2jtC7ZbgyuA$C~`tUU#IZ0X40*bK$?yLNm3fYYReqs$%!H^Q6nyW6#i-BQyry$n
z`PkMuAG5nJvRK|EG`QXkN@T+i;Zdz|&xsk@Ic35u#6(23bJZP1z09IqTw6{5*#58H
zUWY-6bpZIqi2ILUjQ?f?^>>Ete@0L`aVssmbBeIL+Bw9{x*c8XFvOHfKN5X}zNOTm#T>
zi#Qf$$hlK7NGk`n*w@r`;dWb){6IPgP}LVLB}{v
zS!oV1fL2{zvW2I+LGJ_TFK4B^n7;L+k$L;7i%}Lz=fptyl=j7YUZxA-MQPeFY=<
z3oVH7x{J@TDxR3J7Tbu>3VMd51VEO@L3G$kohPE5l$UUp7Kb%Nlp0svAw^;;8yk
z=+lV1grR$9)xx#F+7DNLE*pTahUfAr)RyFQ)E;8u2DM_rch9*Z+sZb*wYryG!YEh_
z#2~}#?!HHaUr|Onr*N{h?2Q_%Eu#bL-MjQ6QmEz6Ev%**zJ02M8RG@vI>K+s%#8p?DG!Dq|
z6d~vS3FE$eYk`jOMT;^8L&J4LK;xuEL}x8hOvqw60!(ENecql4ip6%mCaWL4>bfP|
z64d2;^g{r(YhVgRw@9p~wS5JOYI~(&mS{$r;cuJX^Vb%u`E^>>()5gd>Ln6?Y4GM-ehDs572&(H;
zKNv!Cexpdr{DjY*v{ig?G*tfarci&;_skYrs}UhuEu*)
zK`qNJta(ces2z{@#hN@VxtA@RqCYG-c!1E5p0wf#@p|PBk2}hf7+tLUCqmd-mmg0e
zO6gSxI9|YAgopI~qiTDhPbn!>&^OoNEVzfpUpj!mkW$<#?CRliz&i^N7(yOdK}(;H
z+Ir2t8&ii-JD@Snp)|=1wC;U14v9ebJz}p0D-xg<@+vN(BxUkcYhrq~eg!2~_*#Gd
zfU)PFF1W-1+8k(WG>XtgbC2NX&qgd2m#Am+=GiVeyWc`EdBK6#tiLoq;ZcehWb3W0
zV?cp>w)Nkk^nr%JKXXX+#&JpNXg~g42=wg?n-e^Cla+-FDUsW3crc(D_5d6nGX|Y*}s;C
zv!$<5y0~Ywa5itGK+qcz-U^J-TX`%v<}FD146iN-N*bPn4_XP}1{=iO6dcLevPJXpC^fE%_6-@C>O$a>%DWbO3V(59{g#x*L^korSqk>);Bq%LrhYN{6pf(gMQ|dPBOH
zPawCg`;tnAJp9tF_UrN^HrdL<#=bkAEC|L^VB?&6>$yq$9wfzDn?vs05-&8N6*9?o!0kQj&{>pE04IpEoMFuGh(EGgVeQmn+a7EU{shF37!9i<&p
zzw?kOh)mTeXtnHAoa$_hoh`hWZLargxmUp_vh_)z-QL?2fBmxA15;ZO(pp|EtaYJ
zH{UJEmZ7{a{MfTQ2NRrc{?s)&rD2oP3OS5iBEZiI$8mIy!j|L(zw7%uN?sW74mFN>
zM3|qVW>F^FIgkpH@jP|#mu?j4QConQC{JC`w&t6FaJP~6^|kePyEJdvy^do?hAEYz
z1O8d{enXzEL%d$Qrr}#0NuU?VKl^}G^{|Ezn8=L=h0Z^oedmS8AI~hEL*&-ys@t&~
z^qZNQVOpFIbqKnFcrs@oot8
z86=SdklO}oxLLi6X-C%*#s^9^c8t0HS#PEdriF|`9_F->}
z(eFAsCs**5YJ%1bgTDt~q=c}N4gQhY{s=?0R`@C|EolqJ+bX4vF2hWIgp@5D`xXJ0
zXTpUKl5LW>fluie0kkwUq?c6hn*sr*M*~``oeEOW!mpGN~bEM
zcYFLtt)H7wX0;$q#ARnKhi2wQ)<{QK57#9W90j}>xCTZ|f9yeAWih)*jcsS{3joE%wi;=I^lBAJzQ7%>MDg&adssm~w5+
z-$;?ARDUkl{mEETwCe-_p@=0yKxP5hlj4w(^&Sy)!s=PZCfm`(GZ2e7aVaF^2ZDSZ
z&~x=Fkh^|usj+h3S%cx?*(dLZ{FLp(6yC0Sl_!i!dIFao-FSF!F^(Jb%1-+W2<@K>
z-avxi?cCMG(;wmd(|$d+|7pL-VyD-0j|Q{BF}G{uMkw53#6pCzXJf!5W1SwM>tr%>
z(CX`B66x%3cUXGKqWF6Yh?JR%K8#Qo#uFFE32H@%+pzHDS$WhLLZv{@<02iXk*~5Y
z=c#GK@;?8$By;~Dkb4SYYs7}gC(^EjQx^9#CG$ZVd7cvi&qH<}GUhaeqy*S5_#zML
zBiHXVL(dUqaGip)nFj;2{rl8=c98wOE7^jR3H|gS&6h4vUw@N{)V|%wE+Ach9|lX9
zl5Zj_uR7C?qiie7EwNHju^Dc3;R~e#mw&#?l$=G3D48IOfbESgSt;6Ui#ygdmUE7z
z6f+D@V;F0*u&Pp4BX8HLr%-W9i!RYlvrSl)
zexqh|0?nn-y}xy8xgpfI&!MbCw857x*!=(t_acdGe;C&w0hwnB6Gn_QOK
zy?CmYnxAQA{UpTw|xb#|%x@jY8W<|MjKMUk*
z4FPBU3sd}CvE#mnNY@?_$j_0l6xv0dJ+
zinT2mxi|B0u$;D{yzU+Q?3rZw}sqN_4LiVuFe)jHUS
zl~j)O!lAd2Xy6CA6WKD(Ec(%0VqDA@)HP-840j}YBgsB8+fim{pHM|QxwjG5{UCIw
z0_Xq~5q}4<2ySK^`Lp^CP68~BKy&^mM5at8ji>}T4nUG_%fIMM+xE0=+nBc9)0}GC=Co~l
z+O~~q+qP{@^Yz*1+axtr4{Ro%3PV>FR?P!R7-P7Gx9u4tH!6L7g3Jh
zbE;TanQ;!2ov(nK<9--&J99p>lfSn)BP}{u+MdiB7K`46E>Z3gJ-W_z27b@KBzi;K
zKGR#nuMkXm+n+vU;=S@uJ!?kKhWTtEa1(3^99z7}`E+hxG&vJ)uw`Kd%{@})vk%*6
zWVJwC{<|Wg=E}jt+NU6i{;eSKefjdmz{ZNf(#*iflEK^nU~lMPX2qay<792%W&m(-
zv@~J>I9M|={NEjz{!_Ru8QN7v9XqH?gwVkOYe7&$ifT%*E^$}}0|ko8@GA(>*ItZX
z_S7}fcp2lPF)#_2a;*xd&8Aixr<_C0kdCm51+{7O2F(h!viX0#G^&+Zy-mi+P%1J#
zZo55oK8}54dmOA?X0>p=>|~mJNvKt4EDs}v0I4zUivoWp-ZoUH=0-Y_fg2zZiM6H1
zs{`Fu;l+|zjuq50@RD}zz9=P-!EaFJXADa9+Rob+q{Y32u6KS|j;%-h0XL7D!7OkD
zL_<6$BJjjt8TA~xp3=Plsvw@D^UK^$=^g{&5YNjzQ}%N@MuN2w&*%Baj5PSRmlB>C
zC#41Ut$mZdVKzi{pQ+q1J&ucxbao1|Yn$ez1p+UX7~T>(_dkE}PIfykdPR3XLR5SY
z>$p>Xr+=K0{{!p#`6c+jK90114%Gh|)c!S5^>dxqitEoQTBkW(5jQS@$=)NI?w_l5
z{WXXM;XWTpFk(q5VOXRynAYyj`*zGn-mmsbrqNqbD5s;;(DSqyj~V756O_iGMn6wq
zkIcOP9H1C{o=!VaC@kb=)kK9!e2l(My$&0BXYzJzFQ-;kMuv%ca%9wSjzWxls%2u^
z6Cb1*efG!B#yu6cC>@MYHyIEyO4Yp?j;NZ5P*04!&tuy!NX5Cy+eI()doyUqos@HY
zU~?+KI$$qz>FaT1#aKdlmwwlTb&+$_4A%vC6Dx!{U9C=;s1<{fF!*oP7MXg?OaRC=9`>xR-~
z_R2o!8M?~mootZPhlkTOStFsJK0shko7Akl8_ks@u~u+hggZ)lvGC*&25%Hz#mp{FH35d0md!o~tR3)3qMS1SdGQ62u;jIgLoyWEeF
zM(OVE8X7o`#tWaUxg=aOTiq+n5-2B<6Ig-91y6>dNok7%f}u%ejU$ZFsJO(cqOl~W
zIICa;fCQHX;=o#=vA{QAI4cdYmN!+06Bp+6fV{I#}heZdK(cUS!vT92YN_V(3jF^23
zEAlvZWbNIu2^%~usKYG}}CmwqJ_UEgqlQdnnepeOs>;uiKakY}WA_vt|_4Hyo@>S)r0~
zUl4VEG2=wIum!~O?EhQ>r+5^Ftb`S4Vc_E2)#q-h;%r{+m$BD#vW*U3-s`;B;>UCt
z@&fk!z;xT|+~4xXydCx$>;a|6h(
zB(k66cAXIAYU$!}-4G>f@!@vu5k+so#Dl;rTa{-ysHVka+au?pT@|I{$_CnNmy-f@Krk{tLZ?ZsWxdf!n=1z
znqV4rwxIW2pc<98B==pQ#U@vjM=sGVv%6nmtKVzCWJuhYvv4EpvQa@qpKMk+>@mE?yoN&GzD)g5x4B!5)
zU9-qPL|^jy=0*mNl7>dsj%LPYM)nT>!C(o;9;m8l!9F52nMul&fgnajmKCP)sb(_~
zbku4p^-2w4TUm0!%vNawq!qtjIxjz;G?9LOx!(8DH`f^+HryqM1g@-l-ZmSD6MTmo
zEe;>gFMDQRBwx({CX8&UL!v?{(h-o$JEl}=G7&PehyEl&jVcp?p_Wvaq*8zwtPMU!
zR%U#NeZD+ECoWz@uYSqbq`;)>Ga2^S(St!0cR|n-TGrqeZ52xKo^D4w^7<(bSG7cE
z_)DjEox(|B5*G#MnT-HchnkVf!@-Tvj_R_OEl%rsnylMn!?W4p6JBtR#4PpEiiMFr
zKE}ZYUK4!vK_2gMtS)2xDr5Y~a1UFS+vdheu7~wz`KF?z!>oH|rlPgxrYysD^)Uzj
z`BRxW+ckfJ%Ws#V)$0U%xt=PWQ^GnXi~O+fKHhckoXLmItsT~b4sG%56LkukHsm&^
zxDoOTwk=rugU_uG$gQ!ay$Gbxhrc_KVY^@Sx!B#GmSgqV32Z!uE$r7Py>Qj+{4G5@e<_;=wi><-cQt2;!wiS?2
z=PSIVLCN<}fCl#H&}}C^A&tCoWlLV&MV5eu6<&%Uy*t@+c)em)8>m1&AHk*kadG|TLwP8?6;JXYk9WW7AL&(}Q#X+sO>Z+lr$Y9s
zSsDMy;wckxUXnk1oV3k+H_a(g`1F3fUl`-|+NC~HWDr`;qI;JhY(*D*2Ctpm_wy@6}z9;8MSu?edA4Z5zm$hbUncw>iA*$Y>2gy0wz4!P;
zVGEg3tzwFAb2NS)M_NlaY5qwkSsd1|fW)t&OVSCUooBCDzN;*&v*1PP=qsIV-
zrtYc5FTU=n!f!KL=XJn7Ozf~;EfM`c1N#*m+@nO7lIAXU&-Sb=%BD!}fr
zw&O!cmO%>tGzG5SoDGGaHqsw`hOp>6c*;=b(0|cHm%#VE9!gQ&kD{-n@wQzBuC3O?vsbt>yF+AnuomxRAw)_4~cxg
z!t-kDJmUIp$v)o
zQ^+mkV=Ft?u^DkF@3zhkZ^|?lYK$zPNvEdyrLQBVT8_&!Vy4Q-P7hzC!Yyhzc%uyf
z+{J!d=-ZrIOjezSB8aCJp}Q-dqd{2cVGnTib(9yu;r9$}8~)RVPCfQzPlUdzhw0+#6`nWLxU5%=Myn!R&;IfFDu;Agj|HHbgnj^
zGMJn76kDhJIk$cik<-h8{S78P!iLI{sS&+%+*M@TBZ7ePHRKvKFq_Fc=Za>)25rOe
zRd+kOOYrUAuGLuOpkw<_ZIbo3iBr`7t+>0gF>?JQMe<*xoxfHVvNW-=H*++#`af{z
z-)N^n?Oger5z+^ry_`8d>x+H1Js`j41LF0M
z48rM5M=T`~W6sBAMO$eYDKD$;#aWp$wHV6vI~P)z=-ZK)pgVc6WUH{vF4VQEp><+WNYH7foEY95e0qz9+l(B{#+0>gqZv7#uoi3K-ozN
zcxJHa#Q=?&+SU?eipGhl%-OU2AGJox(^$?V8{KZjW%l$%B?zl6_jWcxA4$ggocqfT
znjYE1~7SVDLh-4HqJOL1SY93ht4@*LFo>BVPiN
zw3m}e;Pta$2W`dsRJD1WaI3
z&&n0LRfeBMM8;muQAg(eJ`0Clyg@nO=@!YC#Ki9TsO{oMzjU&k;x^i)Z;s>-TJwpq
zg+NL;h?T*W)XD#H4&5E^8i2h57l~$`5V>@ZvO%VOP8Xw`f`sO@F0{GdH*!vNMtb~jH%P_BUwpcIPTEz?Ok+2Rd%?qtl)iQ6$*1`%L^(IQ=U*$AKU_&tkp-ugM(sk`HEsi
z5+)pezq^?4*d^=JdcNG@u87#c
zcfxf9m%93g2c_q3Q*Z3$W)&6}g-yTVR2rLOjjAwh5L6J7t1{~J;PR>3HibR-E>y
zMYCW0F_VW0KNog*{O`r^U+*;)xCxB&^{Q2Rnp8cTE~!VB2+g%?qBolLA=T~q1)LJm
zis?1WW^Ry!g34dG6uU&bW#H4%!aGr%cn^*>mVk^+?!Nf+I^@R=A=BB4xkWf5yt_OI
zr2mFvDFqG4&R}1@Sit?AQOEs{6zF#|6C(#lNo!-9|E1k5lvh8yHdqk$3d587vO=4k
z=0^`Pmk`FV_T_{|t}m2;%1W5QdqJC3gbblH>?ge@yuxzNF6Cz(?^^h%6uB6E#b3-s
zHZu2F(%Eb~-0-+CcstbVdWHFkF^PpC(^c3OHLT;c%6g&(EIHQlo@L2S7bCH4v1V=O
z@_IZt%hk2D+<=nOolpK$Xnn1zT3V?z?u9nkTJ*_`eYPVoc33FsZb6?WhBOAS!`@Te
zzVduAbIYv4(2l{j6rsuld%#j|f(-=7!Uc@NK~#8p?5no2uCTUpU>UN`kKP_eCfn=Q
zw)D4neIcjdAd6s{d$*DIpfg4%y-tGzFT%zz-nZI?6mfx{Tp*eH!0Pyw857%$Ep??c
z=-`KlZH-4#D*`!t3Nryv`YFq#&1YY|*Sf~OroC>xKzZJ;6MqR7bt&nZx&0cup{d})
z%d=Uo=BCpt8bs6(&PBJ2LeC<@(P5JHk(Yb}j8TqCF2yn4TFl;*jNFlh>0Vmi#z)_m
zVGz>MCN{06$|Ve>>FrYu3iZ|{YX>q)p|_slL_z?$8ZaqdW4~+w*|0B#jj%3JrKYe*
zTf6keOiScO>A|~yB_-P{1bd5@)&Vh8e)L3rJ^lWKX}-HBqR}&&9N)#L;@UJ&M5RPo*%U;3
zy-r-CFCj#e!|jg_NvTc1-DsnUf{4Rp8EU2uRTCpikjKO9})EH8Xo(Hx@H3%{wc}Zmw)DaO;;@oqIEyHHVo@}yW1wDRB~Et(Vn#6igC
zCWep1*WCEl~S7ji@MAyuKxdxE)QibqE;lH~6
zGTELKd?VXGLDs~l^G87%6b$VP6cp4KZVhFHPqpyBAEKY{{;ROtUr%af!G-(
zEN@@m6f--U+9G4e9JytUZ+KsLFFV^_I@|u-R&9QKQRuFMYw9T82J55%HJL=UwMu-<1P&UmNv;psCWn)g|`opsyuv|gjnqA0&Ww}JyBQzgo9Em5T9`+;&_vPZTW}d$t
zt_g3xZxtDH#^n>i1V2&AI
zr%WiT7)XjRd(=c!RfvL^e?d>qVR%TdRdkUC4;p6oIVoz3E=z37!6ab4_w!;E4b#kk
z;_LXc<|DK}oH9pQ93%o`k)!IuqDduQf01G0^J)*AY&Bzog>QR}P@Nb#y6$$Zu&v
z`6K0kvurN9P>I_HF$S16#n!Nf9o!VL4A*y^5MTsK{B=6rZ8HICVAhj}pM0iO}BkuS{#
zla6-}YyJY~o=?j<3oh+}Z7_ws)VKo$+u^PNhj$xm@j$sXi^9UAsG%eC-hid-YTug|
z*fa+>Z8;L7>77@H-5R=oT={;4YZP^PEs~TYhRCs+#2LGlZT+qV!XO=^)5to54?I$N
zgbQ0Aki%#jwbLcAiM}Y{lRk&%q&KA+a~4jtu$M6gQm7
z$C+f;+inxF#N8cyU0~W{@-z~-Z2X4je3yi0^dOJtJY(fTZiAQW6p)P=i@UwWQ9Suq
zZAwKS?PAAIG2i>!=sM+pE$08sl4AP@>uPX`IN3WJ{l`s2D^al%
zDgo2};!&iLyRD_4_0Z%!)w2=)_!Pc^~{iPHTOlzVq%~%G0A)=WNMRbgh`Oo1oQ^_Xq4|F9&g}L^
z9SlT`d|@LC>5jcHU5VRz&PrjgH5Yxr3!u-H72j^PUxLGk%RLInH?&0oH(SajzrQRy
zsE({2n#5?|aCsC1z>Py51niiFqe-N>XYG(|7i&GU*2?u#8l@7#xQOHFQc^uCYM!?5
z0kNWnB?u+&FS01o@_3ZxhO6yS@Qpa}S2%^~7^|%9H0q-hB9M9II>tmFPU(I#HP3^|
z+Oo*EN=yx~lj52vWC*WQfm66G$Zw&E+;qKK3sJZ8(E+22LM&HknX>&9nJovWCb%$R
zbED9C>8P*afWKCG7ysC+i3J_Ho{C|S@=8Z=l&cOXL&{Te1|J&nLM95?he6M?TY{%`
z3+n9KQi^tc#Bbg5vT(JE1{NfV7!MtF<95MBO1FZ<17!&>8?z{Rp$#JYz!h&o$;6AI
zcH!@hQDEqQljcF8oK-fJCzzdZ&EwMTA8-l9g{SE{M);8dvH+LIKY$l@Nn!5t+n)00
zVkbngsL<8cw-+9)vteKCx4O4#L5&?wj`rE)NR+wQ?Gt7GYf
z^=3-6Nb0)rcG&A^q_updTkyL2%p3XPg^6vgB?^IyHV(q=A_~J-nl$QH_?LSmuGy|7
z#&wlqe(5i`0^1^fO(5D3Q6lwd4AP{z7v#uGqy4D>$bVAH8JjbOkzHwWY
z#}t53Q;p6@8x)$awnplxi0V!?Kq2x?|NPG4@{J(8lqOQ9euh)lxN-VJ)qPduhF!A_
zhz|HXm*YwUT)wYEc&9?za~u6>HkL4yd^82-xlgl))%VB1
zX0Kzb`7;B6n+2OFelmn*Bqh|1WaH#TaP2U(!9zce;sEivQmD$@D*P#}(^_vpLN*~3
z($Cje>%8YzlO!QH==ihug-CK!S%>t=&0=PHBxD+U`#pTB=b6STG=zEONLgj4VC6$H
zpus14!nUibRD%|nBNIYff1TQt)RdRNCU%M>YCL#(r6($$qA&kLV}PFM6sguxb)m*D
z(D6_ooZ-DOZ6^83etZc-vxSL3{k5j?4Mysl<)!wzH+s#=1LAijxmFsQ=8Vd%`%p1_
zxVvjx+cu+i)t)vZPlW*r_}h*Zmx5b*|4L&&h?XEBxYaBgXaRU>O-`6K$11B+8`W?l#?@PI6EQy}
zb*{JVfc%r`P6~D)1NSb$zU##X{FDq9`vhlN>e({irNaf+VV1zh^S=6*)hl?Q939U$
zcIGte025ZW)r2rE8H3f!
zHX>IJ=Ktq5xkG|N?i7-AYJt=F!0U07xm__MYsFvl7
zpF>1AWUm9KX?V&@`WS{oGO55Ko+o2G1tXc|SYUi>_|!eDmX)b{YATtDWr4qxx~q-T
z)hgnc;=oCHmc$o~Y=l69vKckq(A5^xO|1?G`W&uorj<;pXme+y5A@;{I|8pmtrQtt
z%QiYA}bH?|iR(jg8y-r{MOlacB}hM!Phb14zH%TGFin_!EPz}Wy4
z1V&32ys={A<0MWVXdoO*(}YgJ;RTC}KNE!;2{VGe3hAVC*TP<(l)b6}%mRQ<
zej^V?^ZOyMSYE?P8W}di7?7ms_<;e$?n1DfM7B;c;YR@51U`c%QY=$+=s;&
ze}tBRu+Wdq^gx`S0u5IwW_NxH45wOG823z#k%18wp-{Xhw>!g;u>(d9cC1dt=biH{
zAoj2&7Bk@F4I~0e@U2qgN1Ni=uq;hvxGv=;(?q?=lIjac65%kd4q4SGCy+rSdeiPf
z)*HG*R5qtj>4M=39g|%B4q;xgybt7$xT*MV~k?@rqJo
zOXS`&%rzBo14k_-?2KEEc9=67mi79X6}TLp58jCoA$NVlYdagc1*^TM{*>&-eRBCAr-
z-CI;|Gq%#*57S?C4X>18YoqK)Lpc1+9UKolz*|uLYX|0(N^g|mEvV?(pNfD^L+F<{
zqUiC4mXKiKjT?(Qh3dLrZ=)fQ(wr%9?*XpGJ>>Y*JGNh=X-SabBp2@(3^HJOJ0o^;
zK*-fOw1piQ_u723p7CD?-xlz?w1#aEg~+f@&WI6zAkQwgFe9kL+PS%nWt5HA#hHx&
zYAI7udd#x?euliP59^%mL^Ze#c~*~)W_|`aQ8fLXx6}m@a6}E0?RK;RLKo`61ai_J
zSeJ0E&}#b$Ca(sm-d!t0Fhe`ezE*%lL0UjD`{`ztjUxOZ!>tgOOBiM#Q3&MKCGWD2
zY@a5oBDX(5lt?HaeQg+%Y%)X_9UR?LzfKd;%~x4KW|iWMr`?I%R)EHnlt;F~yz&k)
zl(QX@_7CoHLc7ipTvm;t+%dRb?hzOae+uAlq3OzNiI9c1gg%VVA?8QbeY)ae=h7{2
z@FL83WuboyskCSBDl}o4_KYd%`({Qu+6*80?-Dd*kcwYTKQ;RG-)eN>|IZp-!p73j
z$o}6@JySte8k7kwp{aOR*}9ywT7tO9+>a4If~_3&
z9s;t?kSPy_RBYpobka?MY??3POC&N*IwQohg)uE^>{hi(6Q{va0v7Yly%O^(gEwZx
zm*kjr-;7kvGHS++bn*v+2zv?DqopuPHHS{!tm|Qskyal0SCQl@*)2GC@n*|M*0_kU
zB5e!;mZAu!i0&{3D&hlXr(I{0u;}V}mV~4Aaw`-k%Ga@YLP*#l!I;XFNf3TOz4Per
z2^oKN=)}%$D-Vk3Taw~OqVw%C#k}tF>NeQekk_655ay8FVDc2%9K|HS=v8-r_^YG)
zBW!B#>n9}(zW&|aljEP#+Q!V<@jnDs){*}_9>do}N2`NTP52w5`aXPJiW%)Hhl;7D
zzy>UWG%~2@+|h5fzAYaw;+;k|pETtO^i^?S^*HEip>p|b>}+4zW
zcgoRXidJ70o#|NbEq@QO|PLlgm89IgF5M4)pW&Wyu!g
zk>c~F))C<}!Q}S+Yf}5k#q7X1;*A=q6h63K!7eh~=Fnx`_!#GoLQvQr->{buj2Y8K
zVGwfSzgK(Df8>^;Lc0uSOI6&ZUO;XKat-u+Fw)T?*J4Vg`+y1$+)r2_*lRRif1v@3
zWdwyS3;5HxGeWtGydCMGdyArV`V%kOvV5Bf5G9Wle%>}*02LJ_b5Ic#M_bDg7*cau
zd<_@_M81_^KfZaT4fQ@@ph2@2Sw3qu;PDb9?qcgA8H?$rIeQr8{j#dm$Yi3lA2fQ}
zLGD`n#cS+p1&9)l?pol?+F7Pw|Jix>i~}q1#lNW<%YZ%h0CFgjiARJNcW0Q-6#p9&
z>tNk-=^ZNU=I#}F`z|s0&=5z`wB6jcb8Ce>NS{hk>rc?dLJXW>%Jh6_(2WurV`|HLVO#zIR&NQD;NmD^nGt!@#1i>I!
zo=8VJg%z;UJ=Aq0X>t}J(ESOW;_G{Zi8Is2&eqQ^T0Ab6>&~k-1-wCABh=x_T6NT9
zL=Fq>%PkW1=P7A|A4&?cPc`S6T5?q@$o37C+_J~Mt9s!Z_%ZUM
zRc8)Cmi~7-ksE4dIhQ!hVxsoLNtVMO)UQ44lubdfNLZ~m6mX}R7ul4sNZ73VBjJtJ4T|TwQ>~X3D`0n#$-lneH(AbOLn(J1ub8P+~aqCiGnShrOkqumFT8
z7$a#8rWe2w5CBl$;98hqCCFfsf=4KMFl~can#a31<3a~gyLrGjj8Oc{02IV$faKb&kx%d(bM<)Eude|8l;jMGzln3)`e)
zL)&1NTG>?j%P2^M4>HUcT3#=#x&%vY5W7}=U
z_*En-8pQ^=NE+?k>o~?1&3gWx(4lOEcFcw$JFG&)fk%6Dw%z`bkm=3+
zG|j=TbKUpKhG_oRHdt?SDQZX2L)mH}!J~!`uqYQ{u;m3G&a>07ygoYOg@P>({LPSV
zaO~ZAx;cXRQHjFv44uT&q`#GT1ZRmr0*)gU5|G~is*FZ#kkVK8dDH{)Zv*@POjZ6R
z9FpJvqbgNom1h;u_^R|`kyKOyG)r@f&1eFMiKjk0<|!BDMU64m>I>ieVzg39-x}Ps
zJ?^d0G76X&ir8KG6b`+3;dy$cx}$L~hQoFT>q{>IpU#Oq^6`678*Ld8-brVRcET=H;(-b5@b#NUGt*ZO!tGNLxfwo0qH*W@l
zJ#Kf8gnqCvq#4LI$yoK(>>#ly^ssJW5khcON4~Tnm5dVRq4)s6&{BagwhG1QJ*~m4
z$L`ZJdcGI9I<|4^rN7h7Zp^P!X0h*P`sTw`^Rh(73FbxVDtTsXcX|%OI!ND}?8F(%
z_WH}{PAd1Qho1c$>eVbNBL7(I&Vd0CHFv8XTC5ak$l}`PjZ1BS#8*%;BQmr!uz$HV&9%vJh{=Ixk0$aoi
zC(70yjNsz;+hfC-PR3bQoHXn(Lyq?TKF+}2ybo&qi=%}?M2K%eI0x}Tq`u#R8N{(m
zV6Eaay|5kSYIn3oe(0AtP2jA@c)p%cx7-U6nl2p^5VYQYl
zp~^SG3opJ4aJjNB$At^pcTj-@DVP`zH3u(w>`Ml;VAbAX5&FC@=%CsD=c2SuOL7g3
z$?}bZej?%^Hv1XBiE4-o)3R=J+m-pz{vD8sT0vAp#8ZZOo|4B-f+%#h*W?9tc0bA%Z!tlg0tIlqe}G
zd@@vuLd2i+ni
zF8lM^3<>fiRj^{w$0|2U6coqNmn?hEw$N0jrYZ^?|8d|$lhA&yhE)9`QjFp_0m4g5
zP**8GkLqXbWB4!OOG3^9d$!d+lqC3+W@^UfG3xz{ju_%F)t2e_kJ*!E<1KeU7j8!O
zqpH#x1?th=z`m9AHse*81wj-E@xhV9t!A
zXrkQKu-bMot?BIs!)iva>cyZQa-;OQ>)kq_F4e{P4L@Ss#yo8hTZ2
zD{Q<(cO4{us$-$I57dHJjtA>anIGF|MPAJk%#7g9oQTfAua!%@SZW?}8!EYUS?m)`
z9lx8NnI|PSHLO`!u+eYYR#jv&JtLnUQo6L*>}RR^F8tv7_V1n2TJQa}{S#x*fBNlRG<`X2&a;EsWcUr`2*wW6dj(7D2Uzf|lkL
z;L~DABvXw$Pgw`oiBS4Imeiq+Zu{G}Rz20I3dHEL12*u}Q4@#GLqI^V_j2>*bNDgA
z^O*5cX>ETg;<5?)#jdWW`?nr$^uCC|&|uV)E|(VcpaDsLsGq>ON1{1@h+Co`DoG7d^UK
zgC`i13mkt4#xY~4+hx$%f^I?a65J@r9W0IW!}i)kb$@$}k|6IwZq;%Db3B@}J8D2+
zv1X}qiJUguRWOjLWCi_cIV?F9rmSV`Y6>CvAU9y956a2Qjgd|=^C9!i$zel_^`w?7
zDm~-!zTm(u)c22@7s9+2%HAy?lzf#L%+?(Io6
zetiCb*ZOrVZqCbuodU9vk%=EA;rI%7A2LnGgkQK!jgMRAPGsnSo+?(Bf;xRw9qM5(
zTsbMYP<#ZiV5VQXrg|uLAbc{4p0hTjCh%!Bov?$#x^ob)#=K|yTvgaov0Z#$KN4id
zciOo&)B~f>L#$TC)R=B_c^JU1OfqwT;2`+kjQh|CMB>E-Ak$j=V=S3;b0WKfb?_)X
zz<5t|cPe+h_-M;P0d0S&d!Y%Jl|P#XgiHZ6HzT_ZkXQO#+kHi?S&<70nW4`0-OZH>
zqo;_Be;X5n7(h`POWemHH=_VTvF@(bCh$xS`;I7W^kX>;<#`gesM9uS68%7QLbcKk
zlg&)ul^1_+Q!DJlph9RiAD3`}<9vG}fRS~;!Prmr-S4>F{JmDxt<3dk29?RY
z!GhEpP${HA?TB~&)oO$VIVsc*RJdtM7K%@}iI5i49ibN{=a8rz&7D6nM0^Vzs;tiy
zxz{`glcXHkovK$eCz+%iwbfrYzwSvY;9kEyEkXrMH@sRXVljT2z?XwKgM1);7%QY(
z3t0|x_uMd_1`n2!7c1hcXGj
z1vno$dZKOP+VM{y+`mW$$nLC-BCx$;2RQWq!R48|#zb=O|3l0(cax0F9)7FpTzptX
zl0h-SF>F_IXhV|0FyVsK2<3&i4U%(7@;%Ty1PS$-Nm%=+2r6o75?MP(kC-&TTlNEs
zUGM9)X&mB~4RT!E)r&Iel=mxgjy%e{GM4%3ZlmJ1B7abp|k>5km*r`1FVEIp;iNvh_z|wBCADA
zxq9Vt5~11x)JV=SG^H2MD)relWL6Pik3Xzdj}vC_#Os4>@XCO0p{5gHFWeSyU&L__XeE=VeO|
zOCL(D)%fJ^J?H64F^k1i4NC1)#phLJi^)}ARFq5KNhk0d5rTTGlP{vu(~
z0MCqm3P%3v9Vml^9ZG|V&kolyO&VLh6u%vxI1?-sQhbLm@>s6+uw7eqPR%D0N*5Ql
zG<8nhN6x&H`oCG&=CyLLNL|!nlWn&|)GkzL%dD-M+iE?+(rxJauQv2bV-@s{Vv#+f
zM<{K}4XFR{gx@`-?ex8t#n|k9Vh_Lk**?0%G~lAeJMp9&PJy*)a}63nQ2T^D5dGs7
zY`2KkJMFp-LtxT1yPtu{yMJd9s|#?g74fL`N*_&C$EV;AiRRNyY49GRIPeOc7x9Nh
z4Eq){g885d%V=zKY4?ifCG`F0ANiyY{XaHI1m!*cts?^1Mu|R5D?$<5d-!#~>c(@^
ze#{wYp8K=wOLE|`%@XOPlSMRU9qT6q7)3N%%mPi@*lDn=7LC#K&R5C-^#p_EZLnwA
z|Mq?9RzICreMY;B{?_+J@n75>4eZ@)9c}(m>hOQ#Qv1)cLJn?LpYaiUGXr5u8v_dw
zGh5UD1<)d+gyevXNTMH8Qwd7HZNm(W9=dadXo*#+QP5#q?RCmHIh_r8RDshPwqFne
zC6ojDD(l=>ZpCju79R&GepzTESqIXkekQi7L0zcnCR&CUMz@4v3+x<(0?82H5`$TeECdEAvWeSqlpO
zjFT%Y^kE?f`Q%-qMj-*z6~A+eby-0%LEy=IbM;X{9k!JvnRNfvcQ*YV?%?{9E8c(W
zNBjQY^X>l-_}{dZHgZz{nEeL>7buQOeR?hVnr59Xc^;|?%@JZ&!mV-4TV&IFOF*W
zTgFKuy`JMk30VybgVm#1r
zKRF@#X_5TT7*qEDH#fwMtc~mejyC^cOJsBn!dD@rppR`%YJ7k5dulZG7=`1*g@BH=
z^O3cuhhK*u$9c1wcz$6A1&jraBuq$|!Hl{W>loeGUN_cg4=P2>
zAK?1`n3GkNR54M%@I=v(t}`e~bybWKQbq!3UnR;8zneC?5wRB@p`aY-t3{J|I0kSqM~^WkN>MCF#a%90a4%K6OI)4$T~_#_P^RDE(c
zZuKW282)zS^8ELt5(YS!83>u!8~wjMeo-Btgh30OG_$jwz
zdLNP5Xrn@8v4xSZqPTm9tZCseuf|bNDDY7!nl>82EB|rmJ^EzF}JC?*iaY-
zRnoB4)e7BI?s1f0KTDH)8t-!M88^_V=+=MMgR2f@JZA7=ojkw(Z8sjZtOgW|88dkP3*T-(@9uk4ol}3zp8UTM